# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: APT-C-55, Black Banshee, Velvet Chollima, ta427, RftRAT, moonpeak, UAT-5394, archipelago, emerald sleet, sparkling pisces, springtail

# Reference: https://otx.alienvault.com/pulse/5c93c4e48312d159728a9d78
# Reference: https://blog.alyac.co.kr/2209 (Korean)

maii-daum-net.atwebpages.com
nate-on.bug3.com
hanmail.membercp.net
korea.getenjoyment.net
mail.membercp.net
/itsme.daum

# Reference: https://twitter.com/blackorbird/status/1086970613552447489

safe-naver-mail.pe.hu

# Reference: https://twitter.com/blackorbird/status/1113318554563076096
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/aptnote0403
# Reference: https://blog.alyac.co.kr/2234 (Korean)

tcjst.com

# Reference: https://twitter.com/blackorbird/status/1118334122592591872
# Reference: https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/kimsuky/Smoke%20Screen.pdf
# Reference: https://www.virustotal.com/gui/ip-address/192.186.142.74/relations
# Reference: https://otx.alienvault.com/pulse/5cb6e14b2fefc160d9e18b24

http://192.186.142.74
192.186.142.74:81
seoulhobi.biz

# Reference: https://twitter.com/RedDrip7/status/1133268937808859136

lovemoney.mypressonline.com

# Reference: https://blog.alyac.co.kr/2336 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d13373f428cfccd0fa506a6

hellojames.sportsontheweb.net

# Generic trails (also can be met in https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/)

/expres.php

# Reference: https://blog.alyac.co.kr/2347 (Korean)
# Reference: https://otx.alienvault.com/pulse/5cffce34469a83ecb23c93db

http://202.168.155.156
carolie-svr-v1.16mb.com
my-homework.890m.com
naver-security-mail.96.lt
oeks39402.890m.com
filer1.1apps.com
filer2.1apps.com
kuku675.site11.com
kuku79.herobo.com

# Reference: https://blog.alyac.co.kr/2389 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d14b11389f0f0ece394fab8

atene.myartsonline.com
hellojames.sportsontheweb.net
nid2-naver-com.medianewsonline.com
smalldeal.mypressonline.com

# Reference: https://www.anomali.com/blog/suspected-north-korean-cyber-espionage-campaign-targets-multiple-foreign-ministries-and-think-tanks
# Reference: https://otx.alienvault.com/pulse/5d5d6f5c5f0e4d2b7f5f3208
# Reference: https://twitter.com/blackorbird/status/1164370375490228224

alone-service.work
app-support.work
check-up.work
com-main.work
doc-view.work
login-confirm.work
member-service.work
minner.work
short-line.work
sub-state.work
web-line.work

# Reference: https://twitter.com/cyberwar_15/status/1166592637371060226

rnailr.com

# Reference: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-009.pdf
# Reference: https://otx.alienvault.com/pulse/5d6d754babe6ca295f94cb1b

accounted.top
acounts.work
ahooc.com
alive-user.work
alone-service.work
app-house.online
app-main.site
app-support.site
app-support.work
check-line.site
check-operation.site
check-up.work
client-mobile.work
confirm-main.work
dounn.net
dovvn-mail.com
drog-service.com
eposcard.co
first-state.work
gstaticstorage.com
heehorse.com
hotrnall.co
imap-login.com
inbox-mail.work
inbox-yahoo.com
lh-login.com
lh-logs.com
lh-yahoo.com
local-link.work
log-yahoo.com
login-confirm.site
login-confirm.work
login-history.pw
login-sec.com
login-use.com
login-yahoo.info
logins-yahoo.com
mail-down.com
mail-inc.work
mail-service.win
mailseco.com
main-line.work
main-service.site
main-support.work
matmiho.com
member-service.work
message-inbox.work
minner.work
mobile-device.site
mobile-phone.work
myprivacy.work
net-policies.work
old-version.work
online-support.work
open-auth.work
options.work
page-view.work
phlogin.com
profile-setting.work
protect-com.work
protect-mail.work
protect-main.site
retry-confirm.com
script-main.site
sec-line.work
sec-live.com
set-login.com
setting-main.work
share-check.site
short-line.work
sign-in.work
srnbc-card.com
user-account.link
user-accounts.net
user-service.link
user-service.work
viewetherwallet.com
wallet-vahoo.com
weak-online.work
web-info.work
web-mind.work
web-online.work
web-rain.work
web-state.work
web-store.work
yah00.work
yrnall.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1177115401400016901
# Reference: https://blog.alyac.co.kr/2538 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d8dd05bac456c1dade338df

joelwisian.com
reunionhomesok.com

# Reference: https://twitter.com/blackorbird/status/1178497550938034177

eoplus.co.kr/board/pressed/
eoplus.co.kr/board/presset/

# Reference: https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf
# Reference: https://otx.alienvault.com/pulse/5d9f541a43c2babf60994786

c-naver.com
daum-center.net
rrnaver.com
udaum.net
account-google.member-authorize.com
user-manage-center.hol.es
user-daum-center.pe.hu
user-protect-center.pe.hu
naiei-aldiel.16mb.com
nid-protect-team.pe.hu
nid-management-team.890m.com
oeks39402.890m.com
vkcxvkweo.96.lt

# Reference: https://otx.alienvault.com/pulse/5dac36de0d5134df36b16666

clouds.scienceontheweb.net

# Reference: https://twitter.com/spider_girl22/status/1191306963369353216

online---shop.atwebpages.com

# Reference: https://blog.alyac.co.kr/2645 (Korean)
# Reference: https://otx.alienvault.com/pulse/5de68f93fc4d8a6303a7598b

member-view-center.esy.es
primary-help.esy.es
ago2.co.kr/bbs/data/dir/F.php
antichrist.or.kr/data/cheditor/dir1/F.php
gyjmc.com/board/data/cheditor/dir1/F.php

# Reference: https://otx.alienvault.com/pulse/5e257c8c189e48e8e053e75b

antichrist.or.kr/data/cheditor/dir1/lyric64
batgalim.org.il/facebook/Facebook/Entities/ppp/encoding.png
jonashartley.com/hilaryolsen/wp-includes/images/crystal/1122/upload.php
jonashartley.com/hilaryolsen/wp-admin/network/run.php
jonashartley.com/hilaryolsen/wp-includes/random_compat/1122/res.php
jonashartley.com/hilaryolsen/wp-includes/random_compat/1122/expres.php
jonashartley.com/hilaryolsen/wp-includes/customize/1111/res.php
jonashartley.com/hilaryolsen/wp-includes/customize/1111/expres.php
happy-new-year.esy.es
safe-naver-mail.pe.hu

# Reference: https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf
# Reference: https://otx.alienvault.com/pulse/5e42fd9c9fa37be52610c5c5

accounting-microsofft.epizy.com
csdaum-help.esy.es
daum-account-login.esy.es
daum-account-login.esy.esoeks39402.890m.com
daum-account-signin.pe.hu
daum-login-protect.hol.es
daum-setting.hol.es
daum-stting.hol.es
daumlogin.esy.es
gyjmc.com
mail-customer-safety-center.hol.es
mail-kinu.hol.es
mail-naver-protect.hol.es
mail.naver.comuf.com
member-authorize.com
member-daum-regist.hol.es
member-view-center.esy.es
memver-view-center.esy.es
nager-relogin-security.96.lt
naiei-ldel.16mb.com
naver-password.esy.es
naver-security-mail.96.lt
naverhelp.esy.es
naverkorea.esy.es
naverlogin.esy.es
nid-mail.pe.hu
nid-management-team.890m.com
nid-protect-team.pe.hu
primary-help.esy.es
protect-yahoo-teeam.000webhostapp.com
security-mail-daum.000webhostapp.com
snu-mail-ac-kr.esy.es
suppcrt-seourity.esy.es
uefa2018.000webhostapp.com
user-daum-center.pe.hu
user-management-center.hol.es
user-protect-center.pe.hu
vkcxvkweo.96.lt
webrnail-kinu.hol.es

# Reference: https://twitter.com/anyrun_app/status/1115513990711521280
# Reference: https://www.virustotal.com/gui/file/540336c5e61d589776e267eed14eac835720b4484312434ce4f27adfec8bf817/detection

185.224.137.164:21

# Reference: https://twitter.com/cyberwar_15/status/1227709181605613569

happy-boy.pe.hu

# Reference: https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-1.html
# Reference: https://otx.alienvault.com/pulse/5e4c19894aad216887c8cb3d

ago2.co.kr/bbs/data/tmp
aiyac-updaite.hol.es
daum-center.net
embed-helper.esy.es
er-manage-center.hol.es
finale-jack.esy.es
kakao-check.esy.es
my-homework.890m.com
naver-mail-com.hol.es
nid-protect-team.pe.hu
nid-yyanagemeniteam.890m.com
nortice-centre.esy.es
oeks39402.890m.com
rrnaver.com
simple-hick.esy.es
suppcrt-seourity.esy.es
udaum.net
upgradesrv.890m.com
user-daum-center.pe.hu
user-manage-cenier.nol.es
user-protect-center.pe.hu

# Reference: https://twitter.com/blackorbird/status/1107214927402418176
# Reference: https://twitter.com/blackorbird/status/1107479347013672960

ddlove.kr/bbs/dta/1

# Reference: https://twitter.com/blackorbird/status/1082553543280680962

ago2.co.kr/bbs/data/dir

# Reference: https://twitter.com/cyberwar_15/status/1230093739554557953

pingball.mygamesonline.org

# Reference: https://twitter.com/spider_girl22/status/1233198285747154944
# Reference: https://twitter.com/cyberwar_15/status/1241591674255446016
# Reference: https://app.any.run/tasks/f4172853-90e6-49ad-be7b-bf6efa771448/

nagoya.datastore.pe.hu
suzuki.datastore.pe.hu
toyota.datastore.pe.hu

# Reference: https://blog.alyac.co.kr/2737 (Korean)

mernberinfo.tech

# Reference: https://twitter.com/cyberwar_15/status/1232989735011794945
# Reference: https://www.virustotal.com/gui/file/2cd5f1852ac6d3ed481394ea0abc49f16789c12fb81bcdf9988762730fb0aa8f/detection
# Reference: https://twitter.com/spider_girl22/status/1234761655214493697
# Reference: https://twitter.com/cyberwar_15/status/1240677656451899394
# Reference: https://twitter.com/Timele9527/status/1240620534468997125

all200.mireene.com
crphone.mireene.com
jmable.mireene.com
jmdesign.mireene.com
nhpurumy.mireene.com
orblog.mireene.com
sgmedia.mireene.com
vnext.mireene.com

# Reference: https://twitter.com/Timele9527/status/1240123132419223554

mybobo.mygamesonline.org

# Reference: https://twitter.com/DeadlyLynn/status/1245264426321600513

saemaeul.mireene.com

# Reference: https://twitter.com/AnonySecAgency/status/1250605504520318977

rolls-royce-love.890m.com

# Reference: https://twitter.com/VK_Intel/status/1257243399742251010

upload.bigfile.hol.es

# Reference: https://twitter.com/AnonySecAgency/status/1263047043150299136

gotoclean.com.co
ricefarm.kr/bbs/st/expres.php

# Reference: https://twitter.com/cyberwar_15/status/1266553918454067201
# Reference: https://www.rfa.org/korean/in_focus/nkhacking-05292020160533.html (Korean)

com-download.work

# Reference: https://twitter.com/cyberwar_15/status/1268073043365990401

part.bigfile.pe.hu

# Reference: https://blog.alyac.co.kr/3033 (Korean)
# Reference: https://otx.alienvault.com/pulse/5ed7c80f673c40df00c52fa6

boaz.kr/skin/member/basic/css/cross.php
boaz.kr/skin/member/basic/css/report.php
boaz.kr/skin/member/log/cross.php
boaz.kr/skin/member/log/pre.hta
boaz.kr/skin/member/log/report.php
boaz.kr/skin/member/log/suf.hta

# Reference: https://twitter.com/XOR_Hex/status/1273023258535886848

dept-dp.lab.hol.es

# Reference: https://twitter.com/cyberwar_15/status/1273435333430935552

gbxhd.org-help.com

# Reference: https://twitter.com/ccxsaber/status/1273804166612135940

security-confirm.bmail-org.com

# Reference: https://twitter.com/ShadowChasing1/status/1274724519803043852

finalist.org-help.com

# Reference: https://twitter.com/cyberwar_15/status/1275368364819410950

foxhunter.getenjoyment.net
korea.getenjoyment.net
pootball.getenjoyment.net

# Reference: https://twitter.com/DeadlyLynn/status/1275998401524424704

attachchosun.atwebpages.com

# Reference: https://twitter.com/ccxsaber/status/1278941222166380545

lovelovelove.atwebpages.com

# Reference: https://twitter.com/DeadlyLynn/status/1281840956170317824

bascetball.atwebpages.com

# Reference: https://twitter.com/cyberoverdrive/status/1285955528770891776
# Reference: https://www.virustotal.com/gui/file/4fae9a942aafddc8ee21a753302cec3c5273d3f71e132f176cb799dd922e30ac/detection

pingguo5.atwebpages.com

# Reference: https://app.any.run/tasks/74d55d02-7bbd-444c-a01b-30ac52a7e576/

foxonline123.atwebpages.com

# Reference: https://twitter.com/cyberwar_15/status/1296301860312084482

jongjin.000webhostapp.com

# Reference: https://twitter.com/DeadlyLynn/status/1299970605043707905
# Reference: https://www.virustotal.com/gui/file/4ff2a67b094bcc56df1aec016191465be4e7de348360fd307d1929dc9cbab39f/detection

portable.epizy.com

# Reference: https://otx.alienvault.com/pulse/5f737caa710907613c4d2773

account-protect.work
account-viewer.work
com-active.work
com-download.work
com-option.work
com-ssl.work
com-sslnet.work
com-vps.work
default.tokyo
desk-top.work
doc-view.pw
dorey.work
dutaley.work
exiweng.work
idiolos.work
intemet.work
jp-sec.pw
jp-ssl.work
kinac.work
net-sec.pw
org-view.pw
org-view.work
org-vip.work
org-vps.work
poulsen.work
robezo.work
rtyuio.work
sslport.work
sslserver.work
ssltop.work
taplist.work
tlsmain.work
unrepong.work
verdall.xyz
vpstop.work
webmain.work

# Reference: https://twitter.com/cyberwar_15/status/1313175039307476993

daumcleaner.mywebcommunity.org
naver.mywebcommunity.org
workcrafter.mywebcommunity.org

# Reference: https://twitter.com/DeadlyLynn/status/1314181830162083841
# Reference: https://www.virustotal.com/gui/file/363386c4caa5a995d3ca9345520c90942d5d3e1aaf8056831348f92eb73c15db/detection

goldbin.myartsonline.com

# Reference: https://twitter.com/vigilantbeluga/status/1315720089316941824
# Reference: https://twitter.com/vigilantbeluga/status/1315722308703543297

hdac-wallet.com
kasse-v1.hdac-wallet.com
update.hdac-tech.com
wallet.hdac-tech.com

# Reference: https://twitter.com/vigilantbeluga/status/1255002262256025600
# Reference: https://www.virustotal.com/gui/file/3110f00c1c48bbba24931042657a21c55e9a07d2ef315c2eae0a422234623194/detection

general-second.org-help.com

# Reference: https://us-cert.cisa.gov/ncas/alerts/aa20-301a
# Reference: https://otx.alienvault.com/pulse/5f9856f8655cfd07338c8e83

account.daum.unikftc.kr
account.daum.unikortv.com
account.daurn.pe.hu
amberalexander.ghtdev.com
beyondparallel.sslport.work
bigfile.pe.hu
cdaum.pe.hu
cloudmail.cloud
cloudnaver.com
coinone.co.in
com-download.work
com-option.work
com-ssl.work
com-sslnet.work
com-vps.work
comment.poulsen.work
cooper.center
csnaver.com
daum.net.pl
daum.unikortv.com
daurn.org
daurn.pe.hu
demand.poulsen.work
dept-dr.lab.hol.es
downloadman06.com
dubai-1.com
eastsea.or.kr
gloole.net
help-navers.com
help.unikoreas.kr
helpnaver.com
hogy.desk-top.work
impression.poulsen.work
intemet.work
intranet.ohchr.account-protect.work
jonga.ml
jp-ssl.work
kooo.gq
loadmanager07.com
login.bignaver.com
login.daum.kcrct.ml
login.daum.net-accounts.info
login.daum.unikortv.com
login.outlook.kcrct.ml
mail.unifsc.com
mailsnaver.com
member-authorize.com
member.daum.uniex.kr
member.daum.unikortv.com
member.navier.pe.hu
msdatl3.inc
msolui80.inc
myaccount.nkaac.net
myaccounts.gmail.kr-infos.com
myetherwallet.co.in
myetherwallet.com.mx
naver.co.in
naver.com.cm
naver.com.de
naver.com.ec
naver.com.mx
naver.com.pl
naver.com.se
naver.cx
naver.hol.es
naver.koreagov.com
naver.onegov.com
naver.pw
naver.unibok.kr
naverdns.co
net.tm.ro
nid.naver.com.se
nid.naver.corper.be
nid.naver.onektx.com
nid.naver.unibok.kr
nid.naver.unicrefia.com
nidlogin.naver.corper.be
nidnaver.email
nidnaver.net
ns.onekorea.me
nytimes.onekma.com
org-vip.work
preview.manage.org-view.work
pro-navor.com
read-hanmail.net
read-naver.com
read.tongilmoney.com
resetprofile.com
resultview.com
riaver.site
sankei.sslport.work
securetymail.com
servicenidnaver.com
smtper.cz
smtper.org
sslserver.work
ssltop.work
statement.poulsen.work
sts.desk-top.work
taplist.work
tiosuaking.com
top.naver.onekda.com
usernaver.com
view-hanmail.net
view-naver.com
vilene.desk-top.work
vpstop.work
webmain.work
webuserinfo.com
ww-naver.com

# Reference: https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite
# Reference: https://www.cyberscoop.com/north-korea-espionage-kimsuky-cybereason/
# Reference: https://otx.alienvault.com/pulse/5fa029ed2e8d9de384c74f26

csv.posadadesantiago.com/home/up.php?id=
csv.posadadesantiago.com/home?act=news&id=
csv.posadadesantiago.com/home?id=
myaccounts.posadadesantiago.com/test/Update.php?wShell=
wave.posadadesantiago.com/home/dwn.php?van=

# Reference: https://blog.alyac.co.kr/3352
# Reference: https://otx.alienvault.com/pulse/5fa1bb282c5efd7327b229a6

xeoskin.co.kr/wp/wp-includes/SimplePie/Net/

# Reference: https://twitter.com/cyberwar_15/status/1327040440189607936
# Reference: https://twitter.com/cyberwar_15/status/1327045373781635072
# Reference: https://twitter.com/cyberwar_15/status/1327403605825970176
# Reference: https://twitter.com/cyberwar_15/status/1327403626118094848

accountcheck.net
app.veryton.ml
appmedicine.whoint.cf
astrozeneca.ml
bidmc.accountcheck.net
daumi.club
daurn.ga
dup.photo.oiiio.ga
email-hanwha.pe.hu
genexine.member-info.net
jnj.accountcheck.net
kaist.r-naver.com
kari.gq
kimm.r-naver.com
krnvc.ga
logins.daumi.club
logins.daurn.ga
love.krnvc.ga
mail.astrozeneca.ml
member-info.net
oiiio.ga
on.color.oiiio.ga
r-naver.com
shinpoong.accountcheck.net
shinpoong.r-naver.com
shkj.hol.es
veryton.ml
webmail.kari.gq
whoint.cf

# Reference: https://twitter.com/RedDrip7/status/1329628989699235840
# Reference: https://otx.alienvault.com/pulse/5fb804ac581df7fe4f35bfd6
# Reference: https://www.virustotal.com/gui/file/9365ce79a51768a398cc22ec701d5f256de827fbefed283c933dea4052d66027/detection

pelebra.atwebpages.com

# Reference: https://twitter.com/jfslowik/status/1330611004456067073

asia-studies.net
itamaraty.net
midsecurity.org
netsecurityservice.com
securitycounci1report.org

# Reference: https://twitter.com/cyberwar_15/status/1332300116179312640

bidmc.accountcheck.net
genexine.member-info.net
jnj.accountcheck.net
shinpoong.accountcheck.net
shinpoong.r-naver.com

# Reference: https://twitter.com/cyberwar_15/status/1333181928606814211

daumusercenter.web.app

# Reference: https://twitter.com/cyberwar_15/status/1333767468473487363

autoway.huyndai.ml
huyndai.ml

# Reference: https://twitter.com/Timele9527/status/1333971180290592769

documentserver.site

# Reference: https://twitter.com/h2jazi/status/1339226171272286209
# Reference: https://blog.alyac.co.kr/3458 (Korean)
# Reference: https://otx.alienvault.com/pulse/5fdbc57a744937101f4f9adc

hahae.co.kr/new3/ISAF/Libs/php/cross.php

# Reference: https://twitter.com/RedDrip7/status/1336258913323216896
# Reference: https://www.virustotal.com/gui/file/1909010c264328edaf24cc2804d4f046aabd3c59de45e1d295d4155eb466d753/detection

price365.co.kr/abbi/json/ps/aa.php

# Reference: https://twitter.com/cyberwar_15/status/1343610577894088704
# Reference: https://www.virustotal.com/gui/ip-address/27.255.79.204/relations

bkl-co.ml
conm.ga
covision.tk
dongguk.ml
edongwon.ml
edongyang.ml
ejnuac.ml
ekecc.ml
ekoreapetroleum.ml
eland.ml
enepa.cf
esmec.ml
gwdeuac.ml
gwpancon.ml
imperial.fit
kangwon.ml
kccworld.ml
kyungnam.ml
kyungnam.tk
kyungshin.ml
leeko.ml
maeil.ml
miraeasset.ml
naver.srl
nexaemc.ml
nh-amundi.ml
onestorecorp.ml
s-food.ml
samyang.ml
sejonggroup.ml
slworld.cf
sogang.ml
tlbu.ml
webnaver.srl
wonik.ml
yncc.ml
zdnet.ga
email.dongwon.ml
email.dongyang.ml
email.jnuac.ml
email.kecc.ml
email.koreapetroleum.ml
email.nepa.cf
ext.imperial.fit
gwmail.deuac.ml
gwmail.pancon.ml
mail.bkl-co.ml
mail.conm.ga
mail.covision.tk
mail.dongguk.ml
mail.eland.ml
mail.esmec.ml
mail.kangwon.ml
mail.kccworld.ml
mail.kyungnam.ml
mail.kyungnam.tk
mail.kyungshin.ml
mail.leeko.ml
mail.maeil.ml
mail.miraeasset.ml
mail.naver.srl
mail.nh-amundi.ml
mail.onestorecorp.ml
mail.s-food.ml
mail.samyang.ml
mail.sejonggroup.ml
mail.slworld.cf
mail.sogang.ml
mail.tlbu.ml
mail.wonik.ml
mail.yncc.ml
mail.zdnet.ga
nidlogin.naver.srl
nmail.exaemc.ml
webmail.naver.srl

# Reference: https://twitter.com/cyberwar_15/status/1345704290069876736

karist.cf
kaist-ac.xyz
krfa.ml
veryton.ml
kaist.krfa.ml
kaist-ac.xyz
mail.kaist-ac.xyz
vpn.karist.cf
app.veryton.ml

# Reference: https://twitter.com/h2jazi/status/1347225069890789376
# Reference: https://www.virustotal.com/gui/file/18ee06625f7bddadafa8c256d63a123f4e69d5488f88828052fd7803b3aa8b3b/detection

cwda.co.kr/theme/basic/skin/new/basic/update/

# Reference: https://twitter.com/AnonySecAgency/status/1350988738973884418
# Reference: https://www.virustotal.com/gui/file/fd740b70649f06269bf8fe2d0d4fdd87d99606a7a666c4f6a2fc89bee70b6649/detection

connectter.atwebpages.com

# Reference: https://twitter.com/cyberwar_15/status/1352117474943135745
# Reference: https://twitter.com/cyberwar_15/status/1352117964527423490
# Reference: https://www.virustotal.com/gui/ip-address/121.78.88.85/relations

attach.ddns.net
bigfile-naver.servepics.com
cafe-daum.ddns.net
naver.serveblog.net
naver.servehttp.com

# Reference: https://twitter.com/ShadowChasing1/status/1358713278390673408
# Reference: https://www.virustotal.com/gui/file/39bd6b689b02d6dee329131a51aa09301889faf5698eeac0d02aef0ba47cf024/detection
# Reference: https://www.virustotal.com/gui/file/a8820cc75cd580c8eda747931eb36f5943cece48ba720af9771cf16490a78aa6/detection

reform-ouen.com/wp-includes/css/dist/nux/dotm/dwn.php

# Reference: https://twitter.com/ShadowChasing1/status/1362575412539183115
# Reference: https://www.virustotal.com/gui/file/115b9bf1c6f6040248dfa1a77044143dc318e3712ad613a022b4cced6007906f/detection

anpcb.co.kr/plugin/sns/facebook/src/update/normal.dotm

# Reference: https://twitter.com/AnonySecAgency/status/1366948179762024449
# Reference: https://www.virustotal.com/gui/file/73476d8ed35d6bbdaab3e7a17de7668af3860e994ac59107ecbe1aba7e40ace1/detection
# Reference: https://www.virustotal.com/gui/file/412baf955c1e256c4e8bf7e07ce0f1fbf14c03d11ed98932be45a58a14d55690/detection

monkey.funnystory.tech
seoul.lastpark.life

# Reference: https://twitter.com/ShadowChasing1/status/1368827485253627907
# Reference: https://www.virustotal.com/gui/file/e46887db62f3ee5583587531358e1b70cc8a171067fa4e1ae3e6693f7f9fc938/detection

koreacit.co.kr/skin/

# Reference: https://twitter.com/ShadowChasing1/status/1372464570183208961
# Reference: https://www.virustotal.com/gui/file/50d826640cc9ba66b789f0823f04308178b435f7eb39021bf7861061849f7efd/detection

inonix.co.kr/kor/board/widgets/mcontent/skins/tmp

# Reference: https://twitter.com/ShadowChasing1/status/1372537353311449091

waels.onlinewebshop.net/st/

# Reference: https://twitter.com/Xxx_8885/status/1373888922179170305
# Reference: https://twitter.com/Xxx_8885/status/1373889297414123521
# Reference: https://www.virustotal.com/gui/file/a030873cf5a9b8c76740a1ba9a4d28fc7acf4ce71ebebbe33a46be372f551004/detection
# Reference: https://www.virustotal.com/gui/file/a56163d758cd4a0a00e0991b7a4aecab35fdecb59df6d1821488826f8b37d7b9/detection
# Reference: https://www.virustotal.com/gui/file/e532685d362475dd3dec1aacedff87c7b32ec3573714a9f56ac87905fa13d66c/detection
# Reference: https://www.virustotal.com/gui/file/00bbab408dbc5c1a95143f75c282a74dddd5a87df533d7d198c1fc7eb2138269/detection
# Reference: https://www.virustotal.com/gui/file/a2465f753ff409cbd036cc0235704e3f49d9a52b8e4e2bc812428d7c8ea6f32b/detection

http://200.200.200.200/test/v.php
eucie091.myartsonline.com
eucie09111.myartsonline.com
ftcpark59.getenjoyment.net

# Reference: https://twitter.com/blackorbird/status/1377218251344633856
# Reference: https://twitter.com/RedDrip7/status/1377217232573321220

policy.webofknowledg.com
usamilitarysavings.webofknowledg.com
webofknowledg.com

# Reference: https://twitter.com/ShadowChasing1/status/1377841916948082689
# Reference: https://www.virustotal.com/gui/file/873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd/detection
# Reference: https://www.virustotal.com/gui/file/4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211/detection

pcsecucheck.scienceontheweb.net

# Reference: https://twitter.com/ShadowChasing1/status/1377900770629099530
# Reference: https://www.virustotal.com/gui/file/3dd9628b3f92a1f8c340e546343c1c1448de94212a9c19e83cae661eba2d1b37/detection

beilksa.scienceontheweb.net

# Reference: https://twitter.com/mg2_tracy1/status/1379269472926638081
# Reference: https://www.virustotal.com/gui/file/b89e79ee9c4834177cbabba9b265910a6a55c7defd2863cc1699753dbfa342b8/detection

baboivan.scienceontheweb.net

# Reference: https://twitter.com/h2jazi/status/1380510153397637127
# Reference: https://www.virustotal.com/gui/file/e6f0d7e114c04017b07f321ba4df440ff55718ef451b1a3cb0f1c0856bd1c86e/detection

pc.ac-kr.esy.es

# Reference: https://twitter.com/ShadowChasing1/status/1382509560179531782
# Reference: https://www.virustotal.com/gui/file/e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018/detection

wbg0909.scienceontheweb.net

# Reference: https://twitter.com/AnonySecAgency/status/1383241650319683590
# Reference: https://www.virustotal.com/gui/file/92b9933f3477241ffd92d0f76ef0dcf46730209a1ecab7eceb399d540530799f/detection

cuinm.huikm.kro.kr

# Reference: https://twitter.com/HONKONE_K/status/1386152816545128450
# Reference: https://www.virustotal.com/gui/file/4252c0b130be39bf2258c84c436c17babfd650b6d665ac6c4e050f87fe34e46e/detection

pootball.medianewsonline.com

# Reference: https://twitter.com/ShadowChasing1/status/1388522768111656963
# Reference: https://www.virustotal.com/gui/file/f8e972a26117bd14f5ec4dca9de0244d0bfd29bbbfd9104b2ccdc49fa93416d8/detection

ikpoo.cf
onedrive-upload.ikpoo.cf

# Reference: https://twitter.com/ShadowChasing1/status/1388529890614341635
# Reference: https://www.virustotal.com/gui/file/2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2/detection

riseknite.life
download.riseknite.life

# Reference: https://mp.weixin.qq.com/s/8RgFvA_rOR2nIGxjWbEq-w

travelmountain.ml
alps.travelmountain.ml

# Reference: https://twitter.com/h2jazi/status/1390734706103234561
# Reference: https://twitter.com/ShadowChasing1/status/1391620287024668679
# Reference: https://www.virustotal.com/gui/file/622cb6a772b0034f741aa58a50f1155a2a4240021c929d90fbed4182877fa579/detection
# Reference: https://www.virustotal.com/gui/file/2ed6b0e116a50ee9be7ac74b7be0e73ac4aeb15ddb9b42a1db5bcfba4dccdead/detection

mechapia.com/_admin/nicerlnm/web/style/list.php
mechapia.com/_admin/nicerlnm/web/style/css/

# Reference: https://twitter.com/ShadowChasing1/status/1391618560753999872
# Reference: https://twitter.com/ShadowChasing1/status/1391622743146188800
# Reference: https://www.virustotal.com/gui/file/2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2/detection
# Reference: https://www.virustotal.com/gui/file/fa4d05e42778581d931f07bb213389f8e885f3c779b9b465ce177dd8750065e2/detection
# Reference: https://www.virustotal.com/gui/file/2c796053053a571e9f913fd5bae3bb45e27a9f510eace944af4b331e802a4ba0/detection

chollian.ml
daom.ml
daum-accounts.cf
gmail-account.gq
gmrail.ml
grnail-login.ml
kisa-security.cf
letterpaper.press
live-sign.ml
natesec-page.ml
naver-security.cf
navor.ml
pcjindustries.com
riseknite.life
secure-dm.tk
seoul-kor.ml
seoul-kor.tk
travelmountain.ml
alps.travelmountain.ml
check.kisa-security.cf
download.riseknite.life
login.daum-accounts.cf
login.gmail-account.gq
login.live-sign.ml
login.natesec-page.ml
login.secure-dm.tk
logins.daom.ml
logins.daum-accounts.cf
new.seoul-kor.ml
nid-nav.navor.ml
nids.naver-security.cf
nids.navor.ml
outlook.seoul-kor.tk
signin.chollian.ml
signin.gmrail.ml
signin.grnail-login.ml
texts.letterpaper.press
webmail.pcjindustries.com

# Reference: https://twitter.com/sS55752750/status/1391765099992453125

flagguarder.site
glow.flagguarder.site

# Reference: https://twitter.com/h2jazi/status/1392128092840284164
# Reference: https://www.virustotal.com/gui/file/85847cad7f57db4534634d51f7e2c74a23719fcf74c891872d98e7c921f0fd56/detection

rukagu.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1392376928624013312

daum-attach.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1392284742163206146

yes24-mart.pe.hu

# Reference: https://twitter.com/ShadowChasing1/status/1394911946118295553
# Reference: https://twitter.com/ShadowChasing1/status/1394911948353859585
# Reference: https://www.virustotal.com/gui/file/9ba5266d806df037acb1144836c21b70c5fc0aa6820d2ce07ee28accdff6c9bf/detection

follcdn.myartsonline.com
sima.atspace.tv

# Reference: https://twitter.com/ShadowChasing1/status/1395684553507840003

yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php

# Reference: https://twitter.com/h2jazi/status/1395782753765974023

samsoding.homm7.gethompy.com/plugins/dropzone/min/css/list.php

# Reference: https://twitter.com/m0br3v/status/1399637361697378306
# Reference: https://twitter.com/ShadowChasing1/status/1399753970839547910
# Reference: https://www.virustotal.com/gui/file/fe1a734019f0dc714bd3360e2369853ea97c02f108afe963769318934470967b/detection

at-me.ml
kt1kreate.cf
ahn-lab.cf
snubh.r-e.kr
shore.ml
snu-h.ml
kumb.cf
naver-login.cf
naver-check.ml
snuh.r-e.kr
app.at-me.ml
sms.kt1kreate.cf
v3.ahn-lab.cf
mail.snubh.r-e.kr
anto.shore.ml
smtp.snu-h.ml
mail.kumb.cf
help.naver-login.cf
mail.naver-check.ml
mail.snuh.r-e.kr

# Reference: https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/
# Reference: https://otx.alienvault.com/pulse/60b66cda1f2d210aa677cfbe

gmail-account.gq
gmrail.ml
goggle.hol.es
googgle.kro.kr
google-manager.ga
google-signin.ga
grnail-login.ml
grnail-signin.ga
grnail-signing.work
ikpoo.cf
kr-infos.com
letterpaper.press
microsoft-office.us
mygoogle-signin.ga
mygrnail-security.work
mygrnail-signin.ga
mygrnail-signing.work
riseknite.life
travelmountain.ml
account.googgle.kro.kr
account.grnail-signin.ga
accounts.goggle.hol.es
accounts.google-manager.ga
accounts.google-signin.ga
accounts.grnail-signin.ga
accounts.grnail-signing.work
alps.travelmountain.ml
download.riseknite.life
login.gmail-account.gq
login.gmeil.kro.kr
myaccount.google-signin.ga
myaccount.google.newkda.com
myaccount.google.nkaac.net
myaccount.grnail-security.work
myaccount.grnail-signin.ga
myaccount.grnail-signing.work
myaccounts-gmail.autho.co
myaccounts-gmail.kr-infos.com
myaccounts.grnail-signin.ga
ns1.microsoft-office.us
ns2.microsoft-office.us
onedrive-upload.ikpoo.cf
protect.grnail-signin.ga
signin.gmrail.ml
signin.grnail-login.ml
texts.letterpaper.press
wscript.shell.run

# Reference: https://twitter.com/360CoreSec/status/1401863232835383302
# Reference: https://www.virustotal.com/gui/file/811b42bb169f02d1b0b3527e2ca6c00630bebd676b235cd4e391e9e595f9dfa8/detection

alyssalove.getenjoyment.net
smyun0272.blogspot.com

# Reference: https://twitter.com/ShadowChasing1/status/1402239834819743746
# Reference: https://www.virustotal.com/gui/file/934731692b12fd182acbc698dd3f8ef59984aa4e7ef56e124f9851852878817e/detection

manct.atwebpages.com

# Reference: https://twitter.com/h2jazi/status/1402267704610988033
# Reference: https://www.virustotal.com/gui/file/c362b4cb60edfa5bf17123845e59311335b03139d77ec27b9a9ffb7b31e60154/detection

quarez.atwebpages.com

# Reference: https://twitter.com/arphanetx/status/1403765541739941889
# Reference: https://www.virustotal.com/gui/file/9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9/detection

pollor.p-e.kr

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/Kimsuky%20APT%20Group%20targeted%20on%20South%20Korean%20defense%20and%20security%20departments.pdf

amikbvx.cf
at-me.ml
atooi.ga
bnmvg.cf
daum-or.ml
daum-vpn.ml
daums.cf
dmaccount.ml
gommi.ml
kakaoo.ml
kititi.ga
kumb.cf
may3.cf
nate-on.ml
nate-or.ga
naver-check.ml
onehappy.ml
outlookin.ml
pamik.cf
shore.ml
uhuioo.cf
wowow.ga
xdtgh.ga
yes24-mart.pe.hu
admin.daum-or.ml
anto.shore.ml
ao.nate-on.ml
app.at-me.ml
app.gommi.ml
apple.may3.cf
auth.daum-or.ml
dnhji.bnmvg.cf
exchange.amikbvx.cf
gate.uhuioo.cf
gom.kititi.ga
helper.onehappy.ml
imap.pamik.cf
mail.daums.cf
mail.dmaccount.ml
mail.kakaoo.ml
mail.kumb.cf
mail.naver-check.ml
mail.outlookin.ml
mail3.nate-or.ga
member.dmaccount.ml
members.daum-vpn.ml
owo.owo.wowow.ga
qygbn.xdtgh.ga
vpn.atooi.ga

# Reference: https://twitter.com/fuuuing_/status/1393102998532886531

fabre.myartsonline.com

# Reference: https://twitter.com/TeamT5_Official/status/1410206100033400838
# Reference: https://biz.chosun.com/policy/politics/2021/06/18/V4DTFCEXPRA4DFCBVVJO3DPR5I/ (Korean)
# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.48/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.107.63/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.112.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.114.89/relations

boryung.tk
cdaum.kro.kr
celltrion.ml
cimoon.ml
claum.ml
cloudmall.club
cnaver.kro.kr
csdaum.ga
dongguk.kro.kr
home-info.ml
jbnu.info
jbnu.ml
lottebp.ga
minia.ml
naver-in.ml
nhnems.nsec.kro.kr
nidcorp.n-e.kr
novavax.ml
nsec.nhnems.kro.kr
nsuites.ga
pagelock.host
uni-korea.ga
uni-tuebingen.buzz
uni-tuebingen.cf
xonate.kro.kr
admin.claum.ml
admin.naver-in.ml
alarm.naver-in.ml
aol.pagelock.host
app.seoul.minia.ml
celltrion.cloudmall.club
daum.home-info.ml
exchange.uni-tuebingen.buzz
exchange.uni-tuebingen.cf
helper.uni-korea.ga
home.xonate.kro.kr
its.jbnu.ml
mail.celltrion.ml
mail.naver-in.ml
mail.novavax.ml
manager.naver-in.ml
member.cdaum.kro.kr
member.csdaum.ga
member.daum.home-info.ml
member.dongguk.kro.kr
myinfo.cnaver.kro.kr
nhn.nsuites.ga
nhnems.nsec.kro.kr
nid.naver.home-info.ml
nidcorp.nsuites.ga
nidlogin.nidcorp.n-e.kr
nsec.nhnems.kro.kr
onedrive-upload.ikpoo.cf
onedrive.ikpoo.cf
user.lottebp.ga
user.naver-in.ml

# Reference: https://twitter.com/ShadowChasing1/status/1410887216956547076

atooi.ga
gommi.ml
kumb.cf
onono.ml
uhuioo.cf
app.gommi.ml
gate.uhuioo.cf
mail.kumb.cf
vpn.atooi.ga
go.onono.ml

# Reference: https://twitter.com/h2jazi/status/1411826239455760387
# Reference: https://www.virustotal.com/gui/file/79848ca15ec49057261b6ba52275692d131b8dd034ae9a4cca1e1b81d9e18b77/detection

chels.mypressonline.com

# Reference: https://twitter.com/k3yp0d/status/1415652277914939393

tbear.mypressonline.com

# Reference: https://twitter.com/higefox/status/1411884786323361792
# Reference: https://asec.ahnlab.com/ko/24834/
# Reference: https://asec.ahnlab.com/ko/25351/
# Reference: https://otx.alienvault.com/pulse/60f125c78978e02a40e00c85

benze.atwebpages.com
btige.myartsonline.com
ccav.myartsonline.com
chels.mypressonline.com
giruz.atwebpages.com
jupit.getenjoyment.net
lieon.mypressonline.com
lovel.myartsonline.com
lovels.myartsonline.com
mantc.getenjoyment.net
modri.myartsonline.com
obser.mygamesonline.org
ranso.myartsonline.com
rster.atwebpages.com
stair.atwebpages.com
stair.myartsonline.com
vbqwer.mypressonline.com
visul.myartsonline.com
warcr.onlinewebshop.net

# Reference: https://twitter.com/h2jazi/status/1417093562278240256
# Reference: https://www.virustotal.com/gui/file/d3138e7b0dcf5e916834b045c1b006a1cd223dca75626bd1354b47dbd0c63ae2/detection

1213rt.atwebpages.com

# Reference: https://twitter.com/fuuuing_/status/1417426427528417283

kimshan600000.blogspot.com

# Reference: https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ
# Reference: https://otx.alienvault.com/pulse/60ffcd56a7dc0038376fe52e

worldinfocontact.club
alyssalove.getenjoyment.net
hanlight.mygamesonline.org
kr2959.atwebpages.com
majar.medianewsonline.com
samsoding.homm7.gethompy.com
anpcb.co.kr/plugin/sns/facebook/src/update/normal.dotm
beilksa.scienceontheweb.net/cookie/select/log/tmp
beilksa.scienceontheweb.net/cookie/select/log/list.php
cwda.co.kr/theme/basic/skin/new/basic/update/Normal.dotm
cwda.co.kr/theme/basic/skin/new/basic/update/list.php
heritage2020.cafe24.com/plugin/kcpcert/bin/list.php
inonix.co.kr/kor/board/widgets/mcontent/skins/tmp
inonix.co.kr/kor/page/product/_notes/list.php
inonix.co.kr/kor/page/product/_notes/tmp/
koreacit.co.kr/skin/new/basic/update/temp
mechapia.com/_admin/nicerlnm/web/style/list.php
miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php
nuclearpolicy101.org/wp-admin/includes/0421/d.php
reform-ouen.com/wp-includes/css/dist/nux/dotm/dwn.php
yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php

# Reference: https://twitter.com/360CoreSec/status/1423561133873537024
# Reference: https://www.virustotal.com/gui/file/cd9421c332a2b90b26152f0e85a7db621306cd1daa70f30af3210895d2aeb577/detection

rhwkdlaktm.atwebpages.com

# Reference: https://twitter.com/ShadowChasing1/status/1446270087506194432
# Reference: https://www.virustotal.com/gui/file/82067ef8b907888f9fc27dd0630c37c95b0a55a7c225fb2d693115c41c7dd5be/detection

greatname.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1446278566564433939
# Reference: https://www.virustotal.com/gui/file/32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c

youtoboo.kro.kr
movie.youtoboo.kro.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446272122058280963

navercheck.kro.kr
nidlogin.navercheck.kro.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446271028481593365
# Reference: https://www.virustotal.com/gui/file/db88dc539bccce8c30e3ba6897171989c9a340f23075c614f3c5a73ae0160db1

tigerwood.tech
ppahjcz.tigerwood.tech

# Reference: https://twitter.com/ShadowChasing1/status/1446270634690895872
# Reference: https://www.virustotal.com/gui/file/324b2e2c0471e49c7cc07725a7d748041479714d265ec6dbf386edd3f619f03c

requests.p-e.kr
ping.requests.p-e.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446269684072914946
# Reference: https://www.virustotal.com/gui/file/8e263345cfeda4eb6720c47d4eaaee236be294fda693d840199f221d6e1412c6

beast.16mb.com

# Reference: https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html

44179d6df22c56f339bf.blogspot.com
4b758c2e938d65bee050.blogspot.com
akf4tvrbmg.blogspot.com
amfuz2h5b2s.blogspot.com
byun70kh.mygamesonline.org
gyzang0826.blogspot.com
gyzang1.blogspot.com
gyzang58.blogspot.com
gyzang681.blogspot.com
gyzang682.blogspot.com
kimshan600000.blogspot.com
o61666ch.getenjoyment.net
pjeu1urxdnvef6twpveg.blogspot.com
rrmu1qrxdoekv6twc9pq.blogspot.com
smyun0272.blogspot.com
t22a44es.atwebpages.com
tvrbmkxqstbouzq0twk0ee9uaz0.blogspot.com
tvrfekxqrtvpqzr5tvrfdu5evt0.blogspot.com
tvrfeuxqrtfnqzr4t0m0ee5utt0.blogspot.com
twpbekxqsxpoqzr4txpvdu1uyzu.blogspot.com
vev4tkrrpq.blogspot.com
vgn5tvrrpq.blogspot.com
vgt5tvrnpq.blogspot.com

# Reference: https://twitter.com/h2jazi/status/1465402736996933640

3a8f846675194d779198.blogspot.com
0knw2300.mypressonline.com
faust22.mypressonline.com

# Reference: https://www.virustotal.com/gui/file/cb88d365011dce926afb1c04e6973f3d3db7135dd67d738e281f3690b8d9e6ef/detection

kr3753.atwebpages.com

# Reference: https://twitter.com/souiten/status/1473862308132651011

jinu1353.scienceontheweb.net

# Reference: https://twitter.com/souiten/status/1457946934623150090
# Reference: https://www.virustotal.com/gui/file/0cfa89348dc6007c89852907e464f3e91060e83665d6d62243be225c0e2e44a9/detection

gosiweb.gosiclass.com/m/gnu/convert/default/8ef014a/list.php

# Reference: https://twitter.com/Timele9527/status/1425640885811777542

helpnid.com

# Reference: https://twitter.com/cyberwar_15/status/1478572625291276291

com-trace.space
confirm-pw.link
navers.online
navers.store
navers.website
net-pass.store

# Reference: https://twitter.com/souiten/status/1472757875839619079
# Reference: https://www.virustotal.com/gui/file/2ef30a004e68213faa8cfef567af2292ff03f8ea9f273ae1c9c2b7845ba6ea87/detection

zippe.myartsonline.com

# Reference: https://blog.alyac.co.kr/3228?category=957259 (Korean)

pingguo2.atwebpages.com
ramble.myartsonline.com

# Reference: https://asec.ahnlab.com/ko/26183/
# Reference: https://otx.alienvault.com/pulse/6110fe0ab195f83ceb72fcff

dkekftks.atwebpages.com
dktkglrkshqhfn.atwebpages.com
tktlal2.atwebpages.com
tktlal3.atwebpages.com
tksRpdl.atwebpages.com

# Reference: https://twitter.com/ShadowChasing1/status/1482976392958865413

gooeglle.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1485607323154644999

bigfilemail.net
cmaildown.lovestoblog.com
msgbugreporting.lovestoblog.com
/wwwppp/index2.php

# Reference: https://twitter.com/ShadowChasing1/status/1489054323946319876
# Reference: https://www.virustotal.com/gui/file/5d25e53b59bd2dcf234c6819f8cd294efe6d943d04625b9d575002362794e74a/detection

com-info.store
ms-work.com-info.store

# Reference: https://twitter.com/jaydinbas/status/1493522324011851776
# Reference: https://www.virustotal.com/gui/file/3ca7067d60ee47be7448da74be7dab23699cda64cac7ed0cd7a2d219875cb902/detection

asenal.medianewsonline.com

# Reference: https://twitter.com/s1ckb017/status/1493907536117964802
# Reference: https://www.virustotal.com/gui/file/1fa38bd7a3d6a7b73ac4893bb7edc04fb3f56dcfad3b3e6b3fa6d4729add22e2/detection

byusunity.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1500778382966939653
# Reference: https://www.virustotal.com/gui/ip-address/161.97.100.171/relations

com-checking.link
com-pass.online
com-password.link
com-silver.site
jp-check.online
naver-active.online
certificate.medis.navers.store
com.com-pass.online
daum.confirm-pw.link
downfile.mybox.com-password.link
downfile.naver.com-pass.online
medis.navers.store
moue.naver-active.online
ms-work.com-pass.online
ms-work.com.com-pass.online
mybox.com-password.link
myetherwallet.com-checking.link
naver.com-pass.online
naver.com-silver.site
navers.com-checking.link
navers.com-silver.site
naverwebs.com-password.link
navrenewal.confirm-pw.link
neaply.naver-active.online
nib.com-checking.link
nic.navers.com-checking.link
nid.moue.naver-active.online
nid.naver-active.online
nid.navers.com-checking.link
nid.navers.confirm-pw.link
nid.navrenewal.confirm-pw.link
nid.neaply.naver-active.online
nld.naverwebs.com-password.link
nld.neaply.naver-active.online
nld.thus.navers.com-checking.link
nood.navers.jp-check.online
thus.navers.com-checking.link
uid.navers.com-silver.site

# Reference: https://www.virustotal.com/gui/file/0b2db410c50d9e4eb7e88177c463be3da5fff5527d9dc2ae10fa26ebe2721ef1/detection

healerboy.000webhostapp.com

# Reference: https://twitter.com/cyberwar_15/status/1507270188882067460

mailnotification.xyz
naveruser.com
nid.naver.com.pe
pay.naver.com.pe
report.mailnotification.xyz
star.mailnotification.xyz

# Reference: https://twitter.com/s1ckb017/status/1507316584079142915
# Reference: https://www.virustotal.com/gui/file/af6b98cabdaf0e3f12fd32509c6b99c141ce59bd73019730d85f66f41ca399da/detection

hannarng.kro.kr
update.hannarng.kro.kr

# Reference: https://twitter.com/souiten/status/1514440361887690753
# Reference: https://www.virustotal.com/gui/file/f28d087adb5f959c62e318d0a3c4639df5513781587aa46bb8df2521f7970ac5/detection

manage-box.com

# Reference: https://twitter.com/souiten/status/1519167359918911488
# Reference: https://www.virustotal.com/gui/file/2f7f3a86a868f6c5a85fb12fe028fd254cd9622075b179923187461c72d6aea0/detection

dusieme.com

# Reference: https://twitter.com/ShadowChasing1/status/1519514517465485312

uekaf.myartsonline.com

# Reference: https://twitter.com/InQuest/status/1521136176530436098
# Reference: https://www.virustotal.com/gui/file/5ed36771ac803408325326322f6909e8f768ed9a4c9e98217a82a66f71e7627d/detection

leehr36.mypressonline.com

# Reference: https://twitter.com/jaydinbas/status/1521408843774844929

weworld59.myartsonline.com

# Reference: https://twitter.com/h2jazi/status/1521906180553068546
# Reference: https://www.virustotal.com/gui/file/0e9689ea8056e3016ccc7fbfed31d8566403f394b68aceb69fb1a3dfec6b6f09/detection
# Reference: https://www.virustotal.com/gui/file/4b0202a8452fe202d25fc5c75aabef3ae52083d2edb7f57cbde02a1bca02a028/detection

attach.mail.daum.net/bigfile/v1/urls/d/exeuQzisacbcTtb5my1snadAn5Q/8nrA37fWtx1JOg3Vo6Jufg
attach.mail.daum.net/bigfile/v1/urls/d/6akA_Jg1Chbl_TcCTytJJQk4mfE/-z8Vw6BjxQC7ds4lmMKxpA

# Reference: https://twitter.com/BlackLotusLabs/status/1524012722622386176
# Reference: https://twitter.com/BlackLotusLabs/status/1524012726133178374
# Reference: https://www.virustotal.com/gui/file/99e58217d03645fe15ae19476554965e93e3d5f50deb85b515eb5543573f9007/detection

trueliebe.com

# Reference: https://asec.ahnlab.com/en/34694/
# Reference: https://twitter.com/malwrhunterteam/status/1525046722120097798
# Reference: https://twitter.com/ShadowChasing1/status/1525070825480949761
# Reference: https://www.virustotal.com/gui/file/2c20ac485fd55bd1a5c4b75c5ba521e5b19912325737617178dfcb5a4e408aef/detection

mc.pzs.kr/themes/mobile/images/about/temp/attach
mc.pzs.kr/themes/mobile/images/about/temp/upload
mc.pzs.kr/themes/mobile/images/about/temp/upload/lib.php
mc.pzs.kr/themes/mobile/images/about/temp/upload/list.php
mc.pzs.kr/themes/mobile/images/about/temp/attach/attach.docx

# Reference: https://asec.ahnlab.com/ko/34883/
# Reference: https://otx.alienvault.com/pulse/629714934cca82a7351d5254

fedra.p-e.kr
leomin.dothome.co.kr
printware2.000webhostapp.com

# Reference: https://twitter.com/blackorbird/status/1534127714336055296

ielsems.com
worldinfocontact.club

# Reference: https://twitter.com/cyberwar_15/status/1536865901899022336

cloudfiles.epizy.com
clouds.great-site.net
fils.clouds.great-site.net
joongang.epizy.com
daum.cloudfiles.epizy.com
kakao.cloudfiles.epizy.com
khu.cloudfiles.epizy.com
konkuk.cloudfiles.epizy.com
naver.cloudfiles.epizy.com
snu.cloudfiles.epizy.com

# Reference: https://twitter.com/cyberwar_15/status/1550740560033779713
# Reference: https://twitter.com/cyberwar_15/status/1547107301949308928

cdndaum.online
marsus.online
navecom.website
naveos.online
naveos.tokyo
naver-sec.site
navow.website
nonghyup.website
oneearthfuture.online 
private-banking-group.com
sslnaver.online
unifiedworldwideexpress.com
cood.nonghyup.website
nid.nonghyp.com-checking.link
nld.naveos.tokyo
noid.naveos.online
nong.navow.website

# Reference: https://twitter.com/h2jazi/status/1551566274664300544
# Reference: https://www.virustotal.com/gui/file/e59f0aa13e2da2a0cd5c07e882014d9b37927b9bd9a493f83c2bcb103e5a739c/detection

asssambly.mywebcommunity.org

# Reference: https://twitter.com/blackorbird/status/1552846355613097984
# Reference: https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
# Reference: https://github.com/volexity/threat-intel/blob/main/2022/2022-07-28%20SharpTongue%20SharpTongue%20Deploys%20Clever%20Mail-Stealing%20Browser%20Extension%20SHARPEXT/indicators.csv

gonamod.com
siekis.com
worldinfocontact.club

# Reference: https://twitter.com/Des00464472/status/1550410336364527616

aire.us.to

# Reference: https://twitter.com/Des00464472/status/1529321196231487488

naverauthority.com

# Reference: https://twitter.com/Des00464472/status/1408013493358391296

preledd.club

# Reference: https://twitter.com/Des00464472/status/1554308879139618817

protect-team.n-e.kr
mail.protect-team.n-e.kr

# Reference: https://twitter.com/cyberwar_15/status/1559744857023062017

net-all.website
daum.net-all.website
kakao.net-all.website
onedrive.net-all.website
yahodrive.net-all.website
yandex.net-all.website

# Reference: https://twitter.com/PhantomXSec/status/1561490582513496064

bybitesupport.com
drivergooogles.com
kakaosupport.com

# Reference: https://twitter.com/PhantomXSec/status/1561738109884059649
# Reference: https://www.virustotal.com/gui/ip-address/51.195.155.36/relations

navericorp.com
nid.navericorp.com
avlinkt.online
avlinkx.online
avlinky.online
avlinkz.online
cutalink.store
cutblink.store
cutclink.shop
cutdlink.shop
linkurla.online
linkurlb.online
linkurlc.online
linkurld.online
midalink.live
midamain.shop
midaurl.site
midaurl.tech
midblink.xyz
midbmain.shop
midburl.site
midburl.tech
midclink.xyz
midcmain.click
middmain.click
movelinka.online
movelinkb.online
movelinkc.online
movelinkd.online
navurla.tech
netalink.space
netblink.space
netclink.store
netdlink.store
nilinks.online
nilinkt.online
nilinku.online
nlinka.link
nlinka.online
nlinkb.link
nlinkb.online
nlinkc.link
nlinkc.online
nlinkd.link
nlinkd.online
nlinke.link
nredia.tech
nredib.link
nredic.link
nredid.link
nredie.link
nredif.link
nredif.live
nredig.link
nredirea.live
nredireb.live
nredirec.live
nredirecti.tech
nredirectj.tech
nredirectk.tech
nredired.live
nserva.link
nserva.live
nservb.link
nservb.live
nservc.link
nservc.live
nservd.link
nservd.live
nserve.live
nshortlinka.live
nshortlinkb.live
nshortlinkc.live
nshortlinkd.live
nshortlinke.live
nurla.link
nvurli.online
nvurlu.online
nvurly.online
reashow.live
rebshow.live
recshow.live
redalink.xyz
redclink.xyz
redelink.tech
redflink.tech
redireact.online
redirebct.online
redirecct.online
rediurla.live
rediurlb.live
rediurlc.live
rediurld.live
redomain.info
redombin.info
redserva.online
redservb.online
redservc.online
redservd.online
redshow.live
shortacut.tech
shortanet.click
shortaurl.site
shortbcut.tech
shortbnet.click
shortburl.site
shortccut.info
shortcurl.site
shortcuta.online
shortcuta.xyz
shortcutb.online
shortcutb.xyz
shortcutc.online
shortcutc.xyz
shortcutd.online
shortcutd.xyz
shortdcut.info
shortdurl.site
shortlinka.xyz
shortlinkb.xyz
urlalink.info
urlblink.info
urlclink.info
urldlink.info
help.nredid.link
port.movelinkb.online
port.nredig.link
port.nservc.link
port.nservc.live
port.nshortlinke.live
port.redserva.online
postgres.nlinkd.online

# Reference: https://twitter.com/RedDrip7/status/1562282889693126659
# Reference: https://www.virustotal.com/gui/file/6a435e2aab6dce39d626eacb39fc964967e35e94abf513da0f6511ab7b1f826e/detection

uppgrede.scienceontheweb.net

# Reference: https://securelist.com/kimsukys-golddragon-cluster-and-its-c2-operations/107258/

225b4d3c305f43e1a590.blogspot.com
3a8f846675194d779198.blogspot.com
c52ac2f8ac0693d8790c.blogspot.com
leejong-sejong.blogspot.com
21nari.getenjoyment.net
21nari.mypressonline.com
21nari.scienceontheweb.net
attach.42web.io
attachment.a0001.net
bigfile.totalh.net
chmguide.atwebpages.com
chunyg21.sportsontheweb.net
clouds.rf.gd
glib-warnings.000webhostapp.com
global.onedriver.epizy.com
global.web1337.net
hochdlincheon.mypressonline.com
hochuliasdfasfdncheon.mypressonline.com
hochulidncheon.mypressonline.com
hochulincddheon.mypressonline.com
hochulincheon.mypressonline.com
hochulindcheon.mypressonline.com
hochulindddcheon.mypressonline.com
hochulinsfdgasdfcheon.mypressonline.com
koreajjjjj.atwebpages.com
koreajjjjj.sportsontheweb.net
kpsa20201.getenjoyment.net
leehr24.mywebcommunity.org
weworld78.atwebpages.com
weworld79.mygamesonline.org
yulsohnyonsei.atwebpages.com
yulsohnyonsei.atwewbpages.com
yulsohnyonsei.medianewsonline.com

# Reference: https://twitter.com/RedDrip7/status/1563074487452848128
# Reference: https://www.virustotal.com/gui/ip-address/216.189.154.6/relations
# Reference: https://www.virustotal.com/gui/file/7903bdf0976d5c6f3c28abf40c41414380f4494a8bf72af9e27ff810599faaf2/detection
# Reference: https://www.virustotal.com/gui/file/f63ff642e7025db96d6ebbd6da26aa9cece4f132891ce2a8385d7c034a7ead25/detection
# Reference: https://www.virustotal.com/gui/file/db18e23bebb8581ba5670201cea98ccf71ecea70d64856b96c56c63c61b91bbe/detection

accountverify.hmail.us
office.pushitlive.net
qwert.mine.bz

# Reference: https://twitter.com/Jup1a/status/1562720823869583360
# Reference: https://www.virustotal.com/gui/file/a0fddbb638fc4f3ba4cefc0707226e8c01eefd98f78d6a9b4fbca1ba74b21adf/detection

sectionss.scienceontheweb.net

# Reference: https://twitter.com/Des00464472/status/1564151538553352193
# Reference: https://www.virustotal.com/gui/ip-address/210.16.120.163/relations

xxdzts.com
autoconfig.xxdzts.com
autodiscover.xxdzts.com
mail.xxdzts.com

# Reference: https://twitter.com/ShadowChasing1/status/1568061411011760129

aasssambly.mywebcommunity.org

# Reference: https://twitter.com/PhantomXSec/status/1567738114638237697
# Reference: https://twitter.com/PhantomXSec/status/1567733296083398656
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.84/relations
# Reference: https://virustotal.com/gui/ip-address/61.97.251.247/relations

daum-master.com
daum-security.com
daurn.net
help-naver.com
kk01aodia.cfd
kk03aidoa.cfd
kk06aiaoa.cfd
logincommandserver.store
logincookieserver.store
naccountguardcom.store
naccountserver.store
naccountstorecomservice.store
naver-edoc.com
naver-edocu.com
naveradmin.center
naverc0rp.com
navercorp.date
navernail.eu
naverscenter.com
naverssl.com
ncontrolhome.store
ncookiedefenderlog.info
ncorpguardteamlog.info
ncorpmailserver.store
ncorpmailservice.store
ncorpvisitlogin.store
ndefendercenter.store
ndefenderserver.store
nenterservice.store
ngeniuscom.store
ngeniusserver.store
nguardiancomserver.store
nguardianserver.store
nguardteamlog.info
nhelpserver.store
nhelpservice.online
nhomedefender.store
nhomedefendercom.store
nhomemailserver.store
nhomeserver.store
nhomeservercom.store
nhomeserveron.store
nhomeservervisit.store
nhomeservice.store
nmailcorponline.store
nmailservicelogcom.store
nonhomeservice.store
nonlinehomeserver.store
nonlinemailserver.store
nonlinemailservice.store
nonlineservicecom.store
nonlinevisitserver.store
nprotectercom.store
nprotecthome.store
nprotectorhelp.store
nsafecenter.store
nsafeguardteam.store
nsafehelper.store
nsafeserver.store
nsafeservicemode.store
nservercommander.info
nserveronline.store
nserversafemode.store
nservicecentercom.store
nservicecenterlog.info
nservicecommanager.store
nserviceguardian.store
nservicehome.site
nservicehomelog.store
nservicemanage.store
nservicemanagercom.store
nservicemodehome.store
nserviceteamcom.info
nvisitservercom.store
nvisitservercominfo.info
onlinenservercom.store
onlinenservicesite.store
onlinensitecom.store
peacer.store
policeserveronline.cfd
policeservicecom.cfd
qq02aiai.cfd
qq07pizd.cfd
qq10aiai.cfd
sec-naver.com
ss10aidiaua.cfd
ss11siaidoao.cfd
ss14aidoaisis.cfd
ss15aidiaoa.cfd
ss1aiaoaidde.cfd
ss3aidiaodiaa.cfd
ss4aidiaodifia.cfd
ss5aidoaidiaoa.cfd
ss7iaiaoaoa.cfd
visitnservercom.store
visitserviceguardcom.store
zz01aqwes.cfd
zz03amcnc.cfd
zz05iolnc.cfd
zz06ioncc.cfd
zz08vnbvi.cfd
zz15ijnvc.cfd
zz19eridn.cfd
zz24nzcij.cfd
6xv2abhu1nc0.help-naver.com
6xv2abhu1nc0.sec-naver.com
7nv42j9qxt140.help-naver.com
7nv42j9qxt140.sec-naver.com
ad.daurn.net
cafe.daurn.net
gud2abhu1nc0.help-naver.com
gud2abhu1nc0.sec-naver.com
m.cafe.daurn.net
nid.naverssl.com
nidiogin.naverc0rp.com
nidlogin.naverc0rp.com
nidlogin.navercorp.date
nids.naverscenter.com
ns.naverssl.com
rcaptcha.help-naver.com
rcaptcha.sec-naver.com
sks1.smartvpn.pe.kr
smartvpn.pe.kr
static.help-naver.com
static.sec-naver.com
uns.naverssl.com
wat.ad.daurn.net

# Reference: https://twitter.com/cyberwar_15/status/1567828108790890498

certuser.info
koreailmin.com

# Reference: https://twitter.com/PhantomXSec/status/1566863825999400960
# Reference: https://www.virustotal.com/gui/ip-address/38.132.122.162/relations

accounts-kakao.date
cds.naver2.info
com2.space
com3.top
hello.naver2.info
help2.top
help2.xyz
member2.download
naver-corp.top
naver-corp.xyz
naver.com3.top
naver.help2.xyz
naver.member2.download
naver2.eu
naver2.info
naver2.space
naver2.top
naver2.xyz
naver3.space
naver3.xyz
naver4.info
navercorp.top
navercorp.world
navercorp1.xyz
navercorp2.space
navercorp2.top
navercorp2.xyz
navercorp3.xyz
naverpwd.space
naverpwd.top
naverpwd.world
naverpwd.xyz
nid-naver.top
ro.naver2.info
sync-t1.naver2.info
tm.naver2.info
us7lb-cdn.naver2.info

# Reference: https://twitter.com/Des00464472/status/1568885820031135744
# Reference: https://www.virustotal.com/gui/ip-address/104.128.239.16/relations

hiworks.ga
insopack.mcsoft.org
myclouds.r-e.kr
office.hiworks.ga
softmail.kro.kr
app.softmail.kro.kr
office.myclouds.r-e.kr

# Reference: https://twitter.com/ShadowChasing1/status/1570601703598338049
# Reference: https://www.virustotal.com/gui/file/d3930b2494f45bb2c169124d4a39308303b9e8e87043afc54327c1e2a378e4e0/detection

cuts.dothome.co.kr
napoyo.mypressonline.com

# Reference: https://twitter.com/Des00464472/status/1570558688267739138

navers.tech
confluence.navers.tech
myboxs.navers.tech
myboxes.navers.tech
nied.navers.tech
techmyboxes.navers.tech

# Reference: https://twitter.com/ShadowChasing1/status/1576944331050471425
# Reference: https://www.virustotal.com/gui/file/f03a7a96e3ce5e35dd52ce026266b68aa35301828f1d909d858658051371473d/detection

krinnsnail.sportsontheweb.net/file/upload/list.php

# Reference: https://twitter.com/ShadowChasing1/status/1580001848211410944
# Reference: https://www.virustotal.com/gui/file/e1c09e045af8b7301390cd9619e3cca7a96d9d2bba2b5fc3385a093f3d69b6b4/detection

wayna.myartsonline.com

# Reference: https://twitter.com/cyberwar_15/status/1585965668054073345

docxpcgle.epizy.com
imhyoj8.myartsonline.com

# Reference: https://twitter.com/souiten/status/1592758204198719488
# Reference: https://www.virustotal.com/gui/file/2e1aca8c86562cc52b8bee6ecc45dabb1c11ebba94c81b059d8859a1b263f1e7/detection

yundy.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1575476579639078913

attachnents.epizy.com
cloud.kcrea.rf.gd
ewha-cloud.epizy.com
clouds.kvongnum.rf.gd
files.khu.rf.gd

# Reference: https://asec.ahnlab.com/ko/42163/ (Korean)
# Reference: https://otx.alienvault.com/pulse/63766a570640a9c4b0bd052d

jojoa.mypressonline.com
okihs.mypressonline.com

# Reference: https://twitter.com/ThreatBookLabs/status/1593523949664493568

quickedit.o-r.kr
www1.quickedit.o-r.kr

# Reference: https://twitter.com/souiten/status/1603398380687790080
# Reference: https://www.virustotal.com/gui/file/b9dcf7fe7e8ba30d363a19c2c43fc3eea93d281b10f6ee89cffe2a3e533af442/detection

infotechkorea.com

# Reference: https://twitter.com/ThreatBookLabs/status/1607989665487032320

m6.p-e.kr

# Reference: https://asec.ahnlab.com/en/44680/
# Reference: https://otx.alienvault.com/pulse/63a5a4e0a2d0a650343cda1c

3.supports.o-r.kr
conf.simpleedit.n-e.kr
configment.p-e.kr
dashboard.quikveoriy.o-r.kr
digital.pepperbank.kro.kr
foward.viewpropile.p-e.kr
heungkukfire.p-e.kr
inglife.kro.kr
k-bank.o-r.kr
k-bank1.kro.kr
kakaosaving.kro.kr
kamco.kbloan.kro.kr
kamco.kbloan.r-e.kr
kamco.webs.kro.kr
kbank.o-r.kr
kbloan.r-e.kr
naver.o-r.kr
naver65.n-e.kr
nhlife.kro.kr
pepperbank.kro.kr
quikveoriy.o-r.kr
secure-edit.n-e.kr
simpleedit.n-e.kr
smartshinhan.kro.kr
supports.o-r.kr
tos.p-e.kr
user2list.kro.kr
viewpropile.p-e.kr
w1.user2list.kro.kr
w3.secure-edit.n-e.kr
webs.kro.kr
wvw1.user2list.kro.kr
wvw3.secure-edit.n-e.kr
wwv3.supports.o-r.kr
www2.configment.p-e.kr

# Reference: https://twitter.com/souiten/status/1614811574119849989
# Reference: https://www.virustotal.com/gui/file/4e5ef5933078edeb09fd7d44f90843f4a221c1754d9d15a39aded79416b40779/detection

ielsd.myartsonline.com

# Reference: https://asec.ahnlab.com/en/45658/
# Reference: https://otx.alienvault.com/pulse/63c81a99d295f5fc0e67b465

lifehelper.kr

# Reference: https://twitter.com/StopMalvertisin/status/1622820104236077056

hydrotec.co.kr/bbs/img/cmg/upload2/
hydrotec.co.kr/bbs/img/cmg/upload3/

# Reference: https://twitter.com/StopMalvertisin/status/1621390517249654785
# Reference: https://www.virustotal.com/gui/file/a2e6e833947a1d5c526c0c2d6943e35bad9cbe22b52a6f7013ab8c1de0aa2d31/detection

jooshineng.com
/gnuboard4/adm/img/ghp/up/

# Reference: https://twitter.com/StopMalvertisin/status/1620651498014404608
# Reference: https://www.virustotal.com/gui/file/38640d508c137d0e05c6d34d6bf5618095baed364482baef908fe1d7b2310e15/detection

hkisc.co.kr/gnuboard4/bbs/img/upload/list.php
/gnuboard4/bbs/img/upload/

# Reference: https://twitter.com/StopMalvertisin/status/1626528455289610241
# Reference: https://www.virustotal.com/gui/file/97516e5250e44461a479de391daa0538b9714346263577bcb61961c1991efb27/detection

globalinbest.com
/src/bbs/sec/img3/

# Reference: https://twitter.com/fmc_nan/status/1635537014891372545
# Reference: https://www.virustotal.com/gui/file/8ac8eedfc8a155066915aed214dbf78c1f200124e5663b35f1935f31576fb71e/detection
# Reference: https://www.virustotal.com/gui/file/cd127b2f17e686c77898d0ed8b5325503fcbc9dbc4c9b63c7ae8722089db7564/detection

nideso.mywebcommunity.org

# Reference: https://twitter.com/StopMalvertisin/status/1635933718618734593
# Reference: https://www.virustotal.com/gui/file/451f50db8bc6719f3d34abc3ee3b907ac999c4139b58cab91066248d3b04c80f/detection

eum-it.co.kr/gnuboard4/bbs/img/upload/
/gnuboard4/bbs/img/upload/

# Reference: https://asec.ahnlab.com/en/49295/
# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-14-v10267/358
# Reference: https://otx.alienvault.com/pulse/64120cb4ea4bae2a4dbdf8d8

ria.monster
mp_eval_r.ria.monster
mpevalr.ria.monster
mpevlar.ria.monster
viewfile.ria.monster
/SmtInfo/show.php

# Reference: https://twitter.com/asdasd13asbz/status/1636173992695582720
# Reference: https://www.virustotal.com/gui/file/d0ec6d91cf9e7c64cf11accadf18f8b5a18a10efbecb28f797b3dbbf74ae846d/detection

http://172.93.193.158

# Reference: https://twitter.com/ShadowChasing1/status/1636391606592094208
# Reference: https://www.virustotal.com/gui/file/4e9d8f2d6bd17f71ed2a6c356deebc87801e413aad931b7ae1a70a8aa431d007/detection

breezyhost.net

# Reference: https://twitter.com/fmc_nan/status/1636667175913287680

delps.scienceontheweb.net/ital/info/list.php
delps.scienceontheweb.net/ital/info/sample.hwp

# Reference: https://asec.ahnlab.com/ko/50394/ (Korean)
# Reference: https://www.virustotal.com/gui/file/7a45a529b275cfaa6ebde88bf00413a11c0f701bf9e1e7e93ef27423fd17e3f5/detection

zetaros.000webhostapp.com

# Reference: https://twitter.com/BridewellCTI/status/1640376166858063874
# Reference: https://twitter.com/MichalKoczwara/status/1640393007382904851
# Reference: https://www.bridewell.com/insights/news/detail/bridewell-intelligence-report-kimsuky-apt-group---key-insights-for-uk-energy-cisos

aontechu.com
bsconvid.info
cdn-smtp.com
cereoni.org
cgui.eu
cmember.info
daumblog.eu
dmrxcloud.com
dreamhosregister.eu
edronium.com
gmember.eu
gmember.info
innovace.info
kakao-privacy.com
kakao-security.com
msn-imap.com
ncop.info
onkrdot.info
ontechvip.eu
publishhostmap.shop
umember.info
wordpress1s.xyz
accountc.gmember.eu
fqdn.nid.sslnaver.online
kr4.wordpress1s.xyz
logins.cdndaum.online
mail.cdndaum.online
nid.sslnaver.online
tls.publishhostmap.shop
web.publishhostmap.shop
web.sslnaver.online
webmail.dreamhosregister.eu

# Reference: https://twitter.com/ni_fi_70/status/1566770766389149696
# Reference: https://www.verfassungsschutz.de/SharedDocs/publikationen/EN/prevention/2023-03-20-joint-cyber-security-advisory.pdf
# Reference: https://otx.alienvault.com/pulse/641dd2ad4310d178a4c6766e

navernnail.com

# Reference: https://twitter.com/souiten/status/1645307251903840257
# Reference: https://www.virustotal.com/gui/file/0d663b9907a34604f120963b64a763c472e7e896857728199d3df912c93208a0/detection

messydoan.000webhostapp.com
mvix.xn--oi2b61z32a.xn--3e0b707e

# Reference: https://twitter.com/suyog41/status/1647956514005450752
# Reference: https://www.virustotal.com/gui/file/b92cb632535fd8b5c3863635b980611deae61420d76158fc6e7b307518302490/detection
# Reference: https://www.virustotal.com/gui/file/9fcd77ff9ec8a0b701316c3d45d4e6f7a0f012f5c2254a77628d233045839a7d/detection
# Reference: https://www.virustotal.com/gui/file/4f1081d688ba2477e097ebbbf0cce4048dbe9134da526949ae6e729f7b0494de/detection
# Reference: https://www.virustotal.com/gui/file/35cb65a70e8296aafd09b7550b13da2255bed9c30d6f284cce395e8e4532804c/detection

ibsq.co.kr/config/demo.txt
ibsq.co.kr/m.layouts/demo.txt
ibsq.co.kr/config
ibsq.co.kr/m.layouts

# Reference: https://twitter.com/malwrhunterteam/status/1648601223245725696
# Reference: https://www.virustotal.com/gui/file/6bab11d9561482777757f16c069ebef3f1cd6885dbef55306ffde30037a41d48/detection

xn--vn4b27hka971hbue.kr

# Reference: https://www.virustotal.com/gui/file/1ec4d60738a671f00089a86eeba6cb13750bce589e84fd177707718a4cc7d8f1/detection

partybbq.co.kr

# Reference: https://twitter.com/malwrhunterteam/status/1653682472163368960
# Reference: https://www.virustotal.com/gui/file/8cc66e4069a30885202b0328407ff167671133a1a539808c48f12928348744e0/detection

inspa.studioguy.com/bbs/data/bbs15/context.php
inspa.studioguy.com/bbs/data/bbs15/inquire.php
/bbs/data/bbs15/context.php
/bbs/data/bbs15/inquire.php

# Reference: https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/

mitmail.tech
newshare.online
rfa.ink
yonsei.lol
/bio234567890rtyui/
/bio433ertgd12/

# Reference: https://twitter.com/h2jazi/status/1658133904618934272
# Reference: https://www.virustotal.com/gui/file/76b2f8df4578d65d5b6d57af8784584c1bcf86402d964b567db58e63723b636c/detection
# Reference: https://www.virustotal.com/gui/file/bbcfcc719190f0a2c687778d5d2fd5c6e345d64f44a01b26d33b7df20e099d6f/detection

com-port.space
file.com-port.space

# Reference: https://www.virustotal.com/gui/ip-address/61.195.126.150/relations

blog.de-file.online
cf-health.click
com-def.asia
com-otp.click
com-people.click
com-port.space
com-price.space
com-www.click
de-file.online
kr-angry.click
kr-me.click
mid.navers.blog.de-file.online
navers.blog.de-file.online
navers.com-otp.click
navers.com-price.space
navers.de-file.online
nld.navers.de-file.online
uid.navers.com-price.space
uld.navers.com-otp.click

# Reference: https://www.virustotal.com/gui/ip-address/157.7.184.26/relations

bid.cyberestate.de-bat.click
bld.cyberestate.de-bat.click
blog.mpevalr.com-def.asia
com-coffee.click
com-def.asia
com-port.space
cyberestate.de-bat.click
de-bat.click
de-two.website
k-ac.net
logins.nlfty.com-coffee.click
mpevalr.com-def.asia
navers.blog.mpevalr.com-def.asia
nld.navers.blog.mpevalr.com-def.asia
nlfty.com-coffee.click
point.com-def.asia
smart.com-coffee.click
smart.de-bat.click
sniperman.click
view.sniperman.click

# Reference: https://www.virustotal.com/gui/file/fd63e26bd09fd13d86d4505d9aa53c4bf599f9de954e7bccfa01179fd644d218/detection

trusteer.ink

# Reference: https://twitter.com/malwrhunterteam/status/1656946771053150208
# Reference: https://www.virustotal.com/gui/file/42f76f37742103bd599a68ef508b515efeb9e9ffddbfdcc43eb552b70b2440e9/detection
# Reference: https://www.virustotal.com/gui/file/cca4e9fc00647b644d334b2bab03d1a9acb23f7492c7c5aa2d283be78b87d67d/detection

jeannecampos.com/wp-includes/certificates/ca-bundle.php

# Reference: https://twitter.com/StopMalvertisin/status/1669259390237708291
# Reference: https://www.virustotal.com/gui/file/de2fd62fafe61f46ad967c84dd7fbca80d31ad4729fed051d527d9ba45857fd6/detection

sendlucky.scienceontheweb.net

# Reference: https://twitter.com/StopMalvertisin/status/1669379338691837953
# Reference: https://twitter.com/StopMalvertisin/status/1669379341820792832
# Reference: https://www.virustotal.com/gui/file/2763ddf592130cd80198fb60546dfb28de5f647df34522e4ab58a8bf5e63b769/detection
# Reference: https://www.virustotal.com/gui/file/0d19cf462bd2b5f84a7525575031de032db6df30925ef86ac1a9f4441ecce9f3/detection

greenspace1.com
html.gethompy.com
well-story.co.kr
/gnuboard4/bbs/pnger/
/gnuboard4/bbs/pnger/main.php
/gnuboard4/bbs/pnger/stdio.php

# Reference: https://asec.ahnlab.com/en/55145/

getara1.mygamesonline.org
pikaros2.r-e.kr

# Reference: https://twitter.com/0x0v1/status/1683434522413547521

bandi.tokyo
one.bandi.tokyo

# Reference: https://www.virustotal.com/gui/file/928e61590b2c4acf3991bd4327c5107c1cfd2604d992647c4e63bd1d620ff636/detection

partner24.kr/mokozy/hope/kk.php
/mokozy/hope/kk.php

# Reference: https://twitter.com/tiresearch1/status/1686258180819730432

3group-view.click
3group-view.space
appfile.click
com-file.space
db-wine.click
direct-million.online
file-hide.click
file-vip.space
go-wt.space
mi-eve.click
mufg.wiki
nr-token.space
otp-kr.space
toss-tree.click
wide-org.click

# Reference: https://twitter.com/ThreatBookLabs/status/1686363399679029249

com-in.asia
file-mango.space
ne-point.space
value-domain-com.site

# Reference: https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/
# Reference: https://otx.alienvault.com/pulse/64805aad021906141c79aec0

nknews.pro
staradvertiser.store

# Reference: https://twitter.com/tiresearch1/status/1688552033245409280

mz-ftp.online
net-doc.click

# Reference: https://twitter.com/tiresearch1/status/1691131020517707776

do-can.click
mz-follia.space

# Reference: https://twitter.com/ginkgo_g/status/1692029899094274388
# Reference: https://www.virustotal.com/gui/file/470027cf8dd33b201b465b109a9876d0a75667be907af770eb76ff5798496ae4/detection

grekop.online

# Reference: https://twitter.com/ginkgo_g/status/1692068693113737630
# Reference: https://www.virustotal.com/gui/file/c676e9b009913bf55372fc756c6d7a19b51528e2f20ff598be2f953e5f78c754/detection

steeringsvr.online

# Reference: https://asec.ahnlab.com/en/54678/
# Reference: https://otx.alienvault.com/pulse/649304a4045008836f16efac

vndjgheruewy1.com

# Reference: https://twitter.com/tiresearch1/status/1694250245486748033

no-one.click

# Reference: https://twitter.com/souiten/status/1697515866148270249
# Reference: https://www.virustotal.com/gui/file/821b43f3151e568ebf436a05928909968ace706049e09feeec448a3efe9af67c/detection

http://43.201.69.58
43.201.69.58:8080

# Reference: https://twitter.com/ginkgo_g/status/1702242436632945025
# Reference: https://www.virustotal.com/gui/file/1426269940ef6036941ccfbf68b0b65259bc72918f30481465a11d8b97250f07/detection

isujeil.co.kr/pg/adm/img/upload1/list.php

# Reference: https://www.virustotal.com/gui/ip-address/104.168.219.12/relations
# Reference: https://www.virustotal.com/gui/ip-address/142.11.205.109/relations

navemorp.cloud
naver-centre.com
naver-email.report
navercorp.tech
navercorpv2.email
naverhelp.cloud
naverquery.host

# Reference: https://twitter.com/ginkgo_g/status/1703583960461402223
# Reference: https://www.virustotal.com/gui/file/59a0b32c22c79e7e48614add0e5cdf846f50d38d46201077309534a093a723ac/detection

00701111.000webhostapp.com

# Reference: https://twitter.com/tiresearch1/status/1703715668368240708
# Reference: https://twitter.com/tiresearch1/status/1703811837719142890

com-atw.click
com-bss.click
com-cbw.fun
com-condor.click
com-condor.website
com-cyb-seed.click
com-data.click
com-final.click
com-first.click
com-gpt.click
com-mns.click
com-mns.fun
com-nfi.click
com-nft.click
com-nfw.space
com-ntw.site
com-renewal.click
com-second.click
com-seoul.website
com-share.click
com-smt.click
com-will.click
com-will.online
com-will.pw
medicert.click
navers.site
navserves.com
net-off.online

# Reference: https://twitter.com/tiresearch1/status/1708511711878340625

ad-naver.com
navercorps24.com

# Reference: https://twitter.com/tiresearch1/status/1708528528344670643

naver-clouds.com
naver-drives.com
naver-notices.com

# Reference: https://x.com/asdasd13asbz/status/1818519143026762046
# Reference: https://asec.ahnlab.com/en/57873/

5.61.59.53:14276
5.61.59.53:2086
onessearth.online
powsecme.co
/up/upload_dotm.php

# Reference: https://twitter.com/tiresearch1/status/1717799289198674086

co-eu.info
com-log.in.net
com-mode.in.net
invoice.navers.com-mode.in.net
mn-tr.click
navers.com-log.in.net
navers.com-mode.in.net
nid.navers.com-log.in.net

# Reference: https://twitter.com/MichalKoczwara/status/1718637997002809395
# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.154/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.108/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.120/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.82/relations

aaarior.online
aioeo.site
arakyaly.eu
bbbrior.website
bnire.store
boardmgr.info
ccciro.store
cloudown.store
cnnail.info
cornass.info
dddero.site
eeeiro.xyz
fffiro.store
gggiro.online
hummedaroundput.com
iiiior.website
jiorer.website
jjjior.shop
kakaocorp.info
kakaodownload.eu
kakaomail.site
kakaomailer.eu
kakaon.store
kakaopaey.info
mailcorp.eu
namcho.homes
navemail.space
naver.com.bz
navercoxp.com
navercrop.com
navercrp.com
navercrup.com
naveredoc.com
navermail.click
navermail.live
naveroriae.eu
naverpwd.com
naverscorp.info
nmior.shop
opiretyu.website
orsiu.online
uansilne.site
usage.store
usance.online
voanews.store
webfatory.eu
weekbootseey.com
werbineor.online
weudsfhue.shop
xchireo.website
zrrorer.online
0vym.mailcorp.eu
8fkn.mailcorp.eu
accountsbinance.navermail.click
accountseoke.cookiemanager.online
accountserok.usance.online
accountseuoe.naveroriae.eu
accountseuok.kakaopaey.info
activedirectory.msoffic.homes
airwatch.msoffic.homes
aw.msoffic.homes
book.mailcorp.eu
campaign.mailcorp.eu
client.msoffic.homes
cloud.msoffic.homes
com.mailcorp.eu
community.msoffic.homes
configmgrenroll.msoffic.homes
console.msoffic.homes
cookiemanager.online
cs.mailcorp.eu
delivery.msoffic.homes
dnerok.usance.online
emv1.cookiemanager.online
enrollment.msoffic.homes
find.msoffic.homes
fsvoa.voanews.store
hadoop.msoffic.homes
help.navercrop.com
helpids.ncookieclear.homes
helpnaver.msoffic.homes
helpsec.ncookieclear.homes
jenkins.msoffic.homes
jira.msoffic.homes
link.msoffic.homes
logingns.arakyaly.eu
maillo.arakyaly.eu
mailpo.arakyaly.eu
mdmds.msoffic.homes
media.weekbootseey.com
mi.msoffic.homes
mobility.msoffic.homes
mon.msoffic.homes
msoffic.homes
mta2.msoffic.homes
ncookieclear.homes
nid.navercrop.com
nid.naverpwd.com
nidcl.kakaopaey.info
nidlgn.namcho.homes
nidnaver.msoffic.homes
nidpos.namcho.homes
nidroue.naveroriae.eu
nids.ncookieclear.homes
nidsess.ncookieclear.homes
nlgin.ncookieclear.homes
ns4.msoffic.homes
nsec.ncookieclear.homes
nsight.navercrop.com
nuid.navermail.click
oct.msoffic.homes
onedrive.msoffic.homes
origin-www.msoffic.homes
outlook.msoffic.homes
owa.msoffic.homes
p.msoffic.homes
pdu.msoffic.homes
public.hummedaroundput.com
resource.msoffic.homes
sslids.ncookieclear.homes
sslnaver.msoffic.homes
sslsec.ncookieclear.homes
stat_tiaraerok.usance.online
stg-www.msoffic.homes
stream.msoffic.homes
t1_daumcdnerok.usance.online
transfer.msoffic.homes
www1.msoffic.homes
wwwcorpids.ncookieclear.homes
wwwcorpnaver.msoffic.homes
wwwcorpsec.ncookieclear.homes
wwwlgin.ncookieclear.homes
wwwsec.ncookieclear.homes
wwwsess.ncookieclear.homes
zenworks.msoffic.homes

# Reference: https://asec.ahnlab.com/en/57873/
# Reference: https://otx.alienvault.com/pulse/65312ede507158b7c49f8e87

superpcparts.com

# Reference: https://twitter.com/tiresearch1/status/1719617997168660766

xn--3e0b39ycvbh9d.p-e.kr
xn--939a1gynmpm0ukuoxtbq59g.r-e.kr
eid.xn--939a1gynmpm0ukuoxtbq59g.r-e.kr
mood.xn--3e0b39ycvbh9d.p-e.kr

# Reference: https://twitter.com/tiresearch1/status/1719985431687917799

kakaoaccouts.store

# Reference: https://asec.ahnlab.com/wp-content/uploads/2023/10/20231101_Kimsuky_OP.-Covert-Stalker.pdf

1-z.never.com.ru
a1ive.info
aa.goooglesecurity.com
aadcdnmsauthdose.certuser.info
aadcdnmsauthmicrosoftharvard.certuser.info
aadcdnmsftauthdose.certuser.info
aadcdnmsftauthmicrosoftharvard.certuser.info
accdaum.login.mail.pl
account.googlernails.com
account.goooglesecurity.com
accountdose.certuser.info
accountmicrosoftharvard.certuser.info
accounto.afgvillage.eu
accounts.daums.pro
accounts.googlernails.com
accounts.goooglesecurity.com
accounts.guser.eu
accounts.navernnail.com
accountseuok.kakaocore.eu
accountskakao.login.mail.pl
accountskakao.navernnail.com
accountsleu.kakaoreug.info
accountsmil.kakaoreug.info
accountsmt.certuser.info
ads-twitterbybit.navernnail.com
afgvillage.eu
aire.p-e.kr
analyticsbybit.navernnail.com
apisbybit.navernnail.com
app.cjphoto.ga
app.firmware.o-r.kr
app.iptimes.o-r.kr
app.saferzone.ml
app.tookit.r-e.kr
assambly.atwebpages.com
assambly.mypressonline.com
assambly.mywebcommunity.org
auth.worksmobile.kro.kr
blog.nidcorp.site
bluemotion.co.kr/cheditor4/insert_link.php
bstill.kr/gnuboard4/bbs/view_coma.php
cadorg.p-e.kr
cc.navernnail.com
cc.never.com.ru
cc.nidcorp.site
cc.weataxs.site
cclg.never.com.ru
cclogin.navernnail.com
cdnbybit.goooglesecurity.com
cdnbybit.navernnail.com
cengroup.kro.kr
cimoon.ga
cjphoto.ga
client.coreavpn.kro.kr
cmonunt.online
connectfacebookbybit.goooglesecurity.com
connectfacebookbybit.navernnail.com
coreavpn.kro.kr
csma.certuser.info
da.infocheck.cf
dadrollbybit.navernnail.com
daum.otp-system.p-e.kr
daum.otpsystem.p-e.kr
daum.protect-mail.p-e.kr
daum.protectmail.p-e.kr
daums.pro
dmail.p-e.kr
dnleu.kakaoreug.info
dstent04.co.kr/wp-includes/SimplePie/Items.php
extparts.info
firmware.o-r.kr
g00gledrive.atwebpages.com
g00gledrive.mywebcommunity.org
g00gledrive.sportsontheweb.net
generalparts.info
github.ne.kr
goaffecbybit.navernnail.com
googlernails.com
goooglesecurity.com
guser.eu
gw.yottatech.r-e.kr
hao.lantian.p-e.kr
hellosnbybit.navernnail.com
hi.ncgncg.p-e.kr
hiwi.o-r.kr
hiwi.p-e.kr
hotlook.jonga.ml
huitadfsharvard.certuser.info
hyper.cadorg.p-e.kr
iishtt.p-e.kr
infoauth.shop
infocheck.cf
infrabybit.goooglesecurity.com
infrabybit.navernnail.com
iptimes.o-r.kr
it-ace.r-e.kr
joongang.site
jsadsrvrbybit.navernnail.com
june.lovelyclient.ml
kakaocore.eu
kakaoreug.info
keyharvard.certuser.info
koreaglobal.atwebpages.com
koreaglobal.mypressonline.com
koreaglobal.mywebcommunity.org
koreailmin.atwebpages.com
koreailmin.mypressonline.com
koreailmin.mywebcommunity.org
krhome.ga
lantian.p-e.kr
lcs.navernnail.com
lcs.never.com.ru
lcs.nidcorp.site
lcs.weataxs.site
lcslogin.navernnail.com
listmember.info
live.com.cm
logcheck.ga
login.microsftonline.tk
login.org.ro
logindose.certuser.info
loginmicrosoftharvard.certuser.info
logins.daums.pro
loginsdose.certuser.info
loginsma.certuser.info
loginsmicrosoftharvard.certuser.info
lovelyclient.ml
m1ma.certuser.info
m2_daumcdnmt.certuser.info
mail.it-ace.r-e.kr
mail.masters-login.r-e.kr
mail.masterslogin.r-e.kr
mail.never.com.ru
mail.nidcorp.site
mail.yoonseul.kro.kr
maildose.certuser.info
mailis.extparts.info
mailis.walock.info
mailma.certuser.info
mailmicrosoftharvard.certuser.info
mailnts.goooglesecurity.com
mailsr.walock.info
mailweb.afgvillage.eu
managerbybit.navernnail.com
masterslogin.r-e.kr
matchbybit.goooglesecurity.com
matchbybit.navernnail.com
mcyandexbybit.navernnail.com
memberma.certuser.info
mi.never.com.ru
microsftonline.tk
mlcrst.p-e.kr
msoharvard.certuser.info
mxndu.r-e.kr
myinfo.nsupport.ml
naver-logs.r-e.kr
naver.nidcorp.site
naver.weataxs.site
navercopr.co
navercopr.ml
navercopr.tk
naverlogs.r-e.kr
ncgncg.p-e.kr
never.com.ru
ngrok.p-e.kr
nid.logcheck.ga
nid.navercopr.co
nid.navercopr.ml
nid.navercopr.tk
nid.navernnail.com
nid.never.com.ru
nidcorp.site
nidlog.never.com.ru
nidlogin.navernnail.com
nidm.navernnail.com
nihaiji.p-e.kr
nmail.p-e.kr
objects.n-e.kr
omtom.r-e.kr
osupdate.r-e.kr
otp-system.p-e.kr
otp.r-e.kr
otpsystem.p-e.kr
outlookdose.certuser.info
outlookmicrosoftharvard.certuser.info
peer.o-r.kr
playnto.afgvillage.eu
playnts.googlernails.com
playnts.goooglesecurity.com
policyma.certuser.info
preview.p-e.kr
protect-mail.p-e.kr
protectmail.p-e.kr
proxy.ngrok.p-e.kr
qingli.o-r.kr
regular.winupdate.kro.kr
rok.my.to
sadrollbybit.navernnail.com
sadxiobybit.navernnail.com
saferzone.ml
sdfwerwer.sbs
servicebybit.navernnail.com
sftp.r-e.kr
signaler.goooglesecurity.com
sire.r-e.kr
sjkdfuiowe.p-e.kr
smart-alyac.r-e.kr
snaplicdnbybit.navernnail.com
spi_mapsmt.certuser.info
ss_mt.certuser.info
sslnts.goooglesecurity.com
stat_tiaraleu.kakaoreug.info
stat_tiaramt.certuser.info
stat_tiaraosi.kakaoreug.info
static-sg.goooglesecurity.com
staticbybit.navernnail.com
staticnid.navernnail.com
staticnid.never.com.ru
support.github.n-e.kr
support.github.ne.kr
syncoutbrainbybit.goooglesecurity.com
synctaboolabybit.goooglesecurity.com
t1_daumcdneuok.kakaocore.eu
t1_daumcdnkakao.navernnail.com
t1_daumcdnleu.kakaoreug.info
t1_daumcdnmt.certuser.info
t1ma.certuser.info
test.mydomainisok.kro.kr
tookit.r-e.kr
topfwz1mailbybit.navernnail.com
track_tiara_daummt.certuser.info
track_tiara_kakaomt.certuser.info
ucmdjwer.lol
uieosdj.r-e.kr
update-online.p-e.kr
update.naver-logs.r-e.kr
update.naverlogs.r-e.kr
update.p-e.kr
usesignal.info
vitual.p-e.kr
vlnk.ga
voanews.one
waesme.shop
walock.info
weataxs.site
webmail.cellivery.ml
webmail.cengroup.kro.kr
wetaxces.online
wgbybit.goooglesecurity.com
wgbybit.navernnail.com
wgsnto.afgvillage.eu
winupdate.kro.kr
worksmobile.kro.kr
wwkakao.goooglesecurity.com
wwmt.certuser.info
wwwbybit.goooglesecurity.com
wwwbybit.navernnail.com
wwwdose.certuser.info
wwwma.certuser.info
wwwmicrosoftharvard.certuser.info
wwwnto.afgvillage.eu
wwwnts.googlernails.com
wwwnts.goooglesecurity.com
xinzhong.r-e.kr
xx.navernnail.com
y-cloud.never.com.ru
yoonseul.kro.kr
yottatech.r-e.kr
youtubnts.goooglesecurity.com
/ewf43fewfwf4tfw4/
/ewf43fewfwf4tfw4/wf7weyr892hfwogewgsfg3.php
/tygygvftsfx8g68Gu8x7s78gsvseidj6.php
/tygygvftsfx8g68Gu8x7s78gsx6.php
/tygygvftsfx8g68Gu8x7s78gsx6519.php
/tygygvftsfx8g68Gu8x7s78gsxueidj6.php
/wf7weyr892hfwogewgsfg3.php

# Reference: https://app.validin.com/axon?find=27.102.106.48&type=ip

governments.pro
nidnaver.space
nidscorp.site
nps-home.store
nps-news.store
nps-service.store
nps-services.store
weataxc.site

# Reference: https://app.validin.com/axon?find=27.10.16.4&type=ip

wetax-io.store

# Reference: https://www.virustotal.com/gui/ip-address/141.164.50.204/relations
# Reference: https://app.validin.com/axon?find=141.164.50.204&type=ip

applc.site
bilfstakecooke.site
chainsflix.net
check-youtube.info
check-youtube.online
confirmes-youtebu.com
documentviews.com
drivesgooglce.site
emv1.documentviews.com
emv1.securiteams.info
emv1.sharedboxview.online
exchange-birances.com
ftc-home.space
gocgle.site
googlc.site
googlces.site
googlcs.site
homestex.info
kftc-cert.site
linekdin.online
linkdlin.ink
little-stars.site
myidentifitesrv.site
nlvdcp9p2d.sharedboxview.online
nps-alert.site
nps-services.info
post-binarianse.info
rememberapp.site
rememberapps.info
s1.documentviews.com
s1.securiteams.info
s1.sharedboxview.online
sarnsung-mail.info
sarnsung.store
securecenters.site
securiteams.info
service.documentviews.com
service.securiteams.info
service.sharedboxview.online
services-dosi.world
sharedboxview.online
wetac.store
weatacs.site
wetacx.store
wetaxs.lol
wetacx.xyz
wetaczx.lol
wetaczx.site
wetaczx.xyz
wetaex.site
wetax-io.xyz
wetaxce.online
wetaxcs.site
wetaxs.xyz
wetaxz.xyz
wetazx.space
weteax.site
xn--policy-linkedn-dmb.com
youtube-ex.site
youtube-in.site

# Reference: https://app.validin.com/axon?find=141.164.52.102&type=ip

bilfstakecooke.site
check-lnkedin.site
check-youtuibe.site
confirms-linkeclein.info
confirrns-linkeclin.site
extend-gooqlie.site
goooleclouds.site
goooleclrive.online
goooleclrive.site
goooleclrives.site
goooledrivs.com
goooledrivs.info
gooqle.site
govenment24.site
hornestax.site
linkeclein.site
linkecleins.site
myacountsinfo.com
niclvaldates.site
rememberapp.fun
rememberapp.online
sarnsung.store
seumtax.website
vve-tax.site
vvetax.store
we-tax.site
xn--check-linkedn-7ib.com

# Reference: https://app.validin.com/axon?find=158.247.227.83&type=ip

belluster.com
homestax.info
exchange-dosi.world
kakaologins.com
rimbacell.store

# Reference: https://twitter.com/asdasd13asbz/status/1725337231949459834
# Reference: https://www.virustotal.com/gui/file/97df5304f53fec6a5d2d2bd75b9310a3747b681520fe45d2961bc4df86e556d7/detection

rscnode.dothome.co.kr

# Reference: https://twitter.com/asdasd13asbz/status/1727856931635872121
# Reference: https://www.virustotal.com/gui/ip-address/84.32.131.87/relations
# Reference: https://www.virustotal.com/gui/file/b6e1351f1767a2cacb3fc7515f0a67691bbd8b9274a26c2953ba898ba879ebea/detection

offlinedocument.site
nav.offlinedocument.site

# Reference: https://asec.ahnlab.com/ko/59460/ (# RftRAT)

152.89.247.57:52390
172.93.201.248:52390
172.93.201.248:8083
192.236.154.125:50108
209.127.37.40:52390
23.236.181.108:52390
91.202.5.80:52030
brhosting.net
splitbusiness.com
techgolfs.com
theservicellc.com
topspace.org

# Reference: https://twitter.com/tiresearch1/status/1734110501008024064
# Reference: https://app.validin.com/axon?source=DNS&limit=100&type=ip&find=141.164.60.65

blockmedia.site
dewhales-capital.website
gocgles.com
linkcline.info
linkdeln.site
linkdien.site
linkdien.store
linkdien.website
moiss.site
notify-linkcldines.com
nps-center.space
nps-ebook.site
nps-ebook.space
nps-ebook.store
nps-emails.site
nps-main.store
nps-notice.site
nps-notice.space
nps-notice.store
nps-notify.site
nps-notify.space
nps-notify.store
nps-post.space
nps-posts.site
nps-posts.space
nps-posts.store
nps-report.site
nps-views.site
nps-views.space
nps-views.store
npsmsg.space
nts-go.site
nts-go.store
nts-home.space
nts-home.store
nts-inform.site
nts-msg.site
nts-post.site
nts-post.store
ntsemail.site
ntshome.site
ntshome.space
ntsmails.site
ntsnews.site
private-center.site
qoooqle.site
qoooqledrive.site
naver.moiss.site
naver.nps-posts.store
naver.nps-views.space
naver.nps-views.store
naver.nts-email.store
naver.ntshome.site
naver.private-center.site

# Reference: https://twitter.com/tiresearch1/status/1734887415633060265
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.160.27.92

binarice.info
dosi-info.world
fanaticsretailgroup.site
identitychecks.info
ir-service.online
ir-service.site
irspost.site
naverhelps.info
naverscorp.com
naversystem.autos
nft-dosi.world
nidmembnscorp.site
nidnaver.club
nidusrnacorp.site
nidusrshcorp.site
nidusrsncorp.site
nidusrsvcorp.site
nidusrszcorp.online
nidvenify.site
notice-dosi.world
nps-inform.site
nts-email.space
naver.nidusrsncorp.site

# Reference: https://twitter.com/tiresearch1/status/1735211111123923345

aceenign.click
arakte.click
auridab.click
clindoc.link
inklmo.click
iaxevar.click
kakaologin.info
kkruelo.link
leurnteke.link
natelogin.homes
natelogin.info
natelogin.site
nates.lat
nates.store
natesign.site
ntsinfo.space
pelmpusse.link
rpriseber.click
scenaeco.click
scourt-kr.site
strutute.click
wetax.site

# Reference: https://www.virustotal.com/gui/ip-address/208.73.209.42/relations

1stsufi.click
5bioresearch.click
aboladmi.click
abortionnc.click
abourned.click
absadvi.click
accesssof.click
accianc.click
accounem.click
ackexpertsope.click
ackiloverrd.click
activequic.click
additioeak.click
adeciil.click
admissiph.click
adopouch.click
adsparc.click
aemoyoi.click
aerobook.click
aeropetsc.click
aevofim.click
affsimi.click
afterioi.click
ageegigi.click
ahldjwa.click
aiantarprisasa.click
airpetrom.click
airstate.click
aldirectorygem.click
alestechnic.click
algebraagei.click
algebraheroi.click
algebraquizi.click
alpalob.click
alphastateibi.click
althmoexch.click
amafixlog.click
amawturk.click
amayok.click
amplappe.click
anbint7.click
angeadventurec.click
anglpoc.click
anywireul.click
aokpag.click
appeypak.click
aratedc.click
aresahiai.click
argmenidi.click
arppacktheexce.click
arrangpateh.click
arrayexi.click
arroganth.click
arrowrfe.click
arsgeostra.click
artauctiondi.click
artknowledgef.click
asokesf.click
aspectvec.click
asylumba.click
ataptwatuhi.click
attiavi.click
autocoachi.click
autoopenmore.click
avenuevi.click
avexehe.click
awareta.click
awortak.click
azkidorsal.click
azphatigeri.click
backghea.click
bairlif.click
balcarve.click
bariak.click
barkkom.click
bdusted.click
belongad.click
benmetl.click
bestelipite.click
betttiveagei.click
biigband.click
biizinc.click
biopiilyred.click
birmerricdi.click
bisgasc.click
bisysofta.click
bitdepotma.click
bizardall.click
bizconsulting.click
bizfirmmobil.click
bizkingdom.click
blastave.click
bliogfull.click
bloegiresearch.click
bloodipl.click
bollehe.click
bonusistream.click
booekifreak.click
bookcatssim.click
bookexpertbl.click
bookurde.click
bouskaji.click
bouzeik.click
bramovieexperience.click
brazome.click
breakfpti.click
breeermi.click
brellaish.click
brendmeg.click
bringji.click
bronzcke.click
buitroa.click
bunzscape.click
burstna.click
businessball.click
busiyspace.click
butwzl.click
calculateenergyi.click
calculatelofti.click
camerical.click
canceba.click
candire.click
carvfan.click
casrbel.click
casthec.click
censubi.click
chaneel.click
changinc.click
chaoticpci.click
cheaplookturrearle.click
cheessil.click
chemisacc.click
chiefhad.click
choimark.click
choioesiefund.click
choocomi.click
choosegram.click
choosehea.click
choosqua.click
chorcem.click
cinewif.click
circlewarehouse.click
circzeshowsi.click
cleavoice.click
clinoffi.click
cloudityhall.click
cloudrack.click
clpueze.click
clubing.click
clubpurei.click
comepe.click
comforfiguh.click
commandpackage.click
commibri.click
communund.click
compaief.click
compchal.click
compleioki.click
complexpartyi.click
comuterul.click
conditmem.click
confineuna.click
confusedpublishingi.click
confusedtubei.click
confusionactivei.click
conteete.click
cooeliguide.click
cooktri.click
coolkick.click
coozjengzei.click
cottahine.click
cottgoa.click
coununda.click
couragsi.click
coutescea.click
covoxidel.click
creamsna.click
creativepalace.click
creditvid.click
credworm.click
creepsa.click
creradi.click
critcire.click
criteic.click
criticcom.click
criticorb.click
crosswrea.click
cryptoomiidebugi.click
culaesc.click
cumclube.click
cunnincha.click
curvebra.click
cutebybeh.click
dangersib.click
darkblind.click
dataedusoul.click
delayfil.click
deletea.click
denarye.click
depaipre.click
depraveline.click
descenoffsc.click
detairepl.click
detaoffi.click
detecsel.click
detewell.click
develtfie.click
deviatdib.click
dgteltdeete.click
dialecte.click
dichagh.click
didefronti.click
difficra.click
digiibyte.click
digiimed.click
directepe.click
directspeak.click
direigamei.click
dirtegai.click
discefe.click
discovedia.click
dishush.click
dismcia.click
disminic.click
distinctall.click
diveduf.click
dividefe.click
doiriectfield.click
domesund.click
doorsym.click
dramnte.click
drawerf.click
dreammartope.click
drienced.click
drwatche.click
dugatte.click
duperlifedrylei.click
ealmatuppa.click
ealunitedi.click
earchhireanyti.click
earthmaj.click
eartnci.click
easiysafe.click
eastode.click
easyrech.click
ebearmobil.click
ebtaicb.click
eceskid.click
ecrueza.click
editlash.click
eenetierprise.click
eenhide.click
eginspi.click
eisable.click
ejedavi.click
elbmrbj.click
electroni.click
elemdeca.click
elemenhemd.click
elimnaed.click
emasjab.click
embomri.click
emgradee.click
emotscra.click
enagcal.click
encpttonei.click
encrypttonei.click
enestintale.click
enigmaminei.click
enlaara.click
enlsuse.click
ensenzavala.click
ependhirri.click
epictrecki.click
eprodra.click
equaedi.click
erbavaa.click
erfectbearmag.click
errellzimme.click
ervaaie.click
etamole.click
ethscra.click
etifcem.click
euthemi.click
euthymul.click
evereduca.click
excesfi.click
excharec.click
execam.click
exileped.click
exishave.click
expanntc.click
expartrank.click
experala.click
experibel.click
experipdata.click
expertbea.click
expertsthereal.click
explenfi.click
explodte.click
exquisitelittle.click
extreti.click
factnsi.click
fallmeile.click
fastse.click
feeliite.click
feelinine.click
feetelevisionfractiong.click
fenceoje.click
feverom.click
fieblind.click
figureove.click
fillpolla.click
financte.click
findpictarese.click
finidengine.click
finistrike.click
firsttaxi.click
flekene.click
fleuota.click
flexipre.click
flooddiag.click
flourcumi.click
flowerfie.click
flyftra.click
flyimobile.click
flywayfoodca.click
foirwarmerce.click
foodoldcloud.click
foodprotecti.click
footbanic.click
fopassyoudock.click
forbidna.click
formaga.click
formalyci.click
formulpri.click
forrice.click
freezismil.click
frequeian.click
freshcare.click
fullhousefeature.click
fulllifte.click
furspeede.click
gaffeicl.click
gaffesodi.click
gamingcool.click
gapetog.click
gaworem.click
geimrich.click
geograpick.click
geokeeiwantunited.click
geowayini.click
getaidventure.click
getyoarplaunch.click
getyoningneatme.click
getyoualthwinra.click
giababk.click
glessel.click
globetra.click
goaletck.click
gocapital.click
goiodsmith.click
goldchicg.click
golidwork.click
goodcloud.click
goterriek.click
gotowesk.click
gotriek.click
gownpuh.click
gratefjul.click
gravelem.click
greeaitjournal.click
greeisd.click
grieatdeck.click
grieatspeak.click
grimacpeanh.click
gtilrla.click
guejova.click
guestfem.click
gulomaze.click
hallhal.click
hallmode.click
hapepiyom.click
harassmi.click
harbcalm.click
hardratingsi.click
harnessmag.click
headlanch.click
heallfci.click
helliowealth.click
hellipee.click
higginstessawe.click
hirllolock.click
hirllorircord.click
histessicietese.click
histstudiosa.click
horoscnab.click
horsackl.click
horseresi.click
hotdognec.click
hoveora.click
hseiref.click
humorface.click
ibusine.click
ickbymoregram.click
icrotracksanytim.click
ideapacbetterlook.click
ideaspring.click
ideavilla.click
ightresource.click
iglanedatati.click
ikebuddiesmrme.click
ilightite.click
ilikeinfoini.click
imagera.click
imagetpack.click
imaguff.click
importood.click
impossibleservei.click
impulssha.click
incapacom.click
incssure.click
indiibl.click
indrecodc.click
infoboxi.click
infodowersmile.click
injefasc.click
inkimpalace.click
inkstandmappa.click
insisteca.click
insitsd.click
inspunch.click
insuraeka.click
insureesc.click
intecti.click
internetcollectiveibi.click
internetoff.click
investream.click
ionfioscape.click
irenmta.click
isolaticre.click
isquaid.click
issystem.click
itjungnwheel.click
itmeeid.click
iwaenittable.click
iwanittrade.click
izapi.click
izetnb.click
jelldra.click
jeweihb.click
jezvila.click
jobifue.click
jobreytalre.click
joystslab.click
jumbleclocki.click
jumblehandi.click
jumblemenui.click
justzene.click
karmafzighti.click
kentara.click
keyireai.click
killwha.click
kitstopone.click
klfask.click
kloedil.click
kmestick.click
knehole.click
knifatte.click
knotmastersi.click
kolinic.click
kreitivepine.click
labbanki.click
labirol.click
labislandi.click
labotic.click
lackrobotsnapg.click
ladatoi.click
lageing.click
langible.click
lariga.click
lawyeagra.click
layyoung.click
ldenintpopdem.click
leadeach.click
leadicafe.click
leadunive.click
leaireniunited.click
lealarmexpe.click
leascng.click
lefebank.click
lentcol.click
lesabul.click
liabiland.click
licatia.click
lifefan.click
lifeigarage.click
lifetrgem.click
lifiboerd.click
limitock.click
linarti.click
linenorre.click
linkferulle.click
linkfood.click
livefriend.click
lngonib.click
lobburi.click
locaaac.click
locatfire.click
locatnsid.click
logicchampi.click
lossachusettle.click
loudkickwhatsc.click
loverpri.click
lozavrb.click
lsajaba.click
lutisul.click
machoodcodeg.click
macwiracepulse.click
magicdata.click
magichcomactive.click
magssing.click
mairketid.click
maiurizai.click
maixsuite.click
mallwife.click
mantheme.click
marcrice.click
markeei.click
marketramail.click
marksfacecapitali.click
markspre.click
markstele.click
mastertane.click
maxiilaunch.click
mbersei.click
mebiebaucte.click
meexperti.click
megaipark.click
megatruth.click
megefectirye.click
menalwh.click
messvague.click
metnrfishi.click
micbuag.click
midostaff.click
migcorc.click
milofastik.click
minodra.click
minuterme.click
mirsinak.click
miserabnea.click
mislata.click
mispa.click
missucage.click
miwabwaya.click
mixturre.click
mocruernch.click
momenlend.click
moothbrothersa.click
moregsri.click
morganold.click
morscirc.click
morselbasic.click
motorrea.click
movieraceibi.click
mrlighting.click
mubifurlifae.click
muboom.click
mudsea.click
muipboti.click
mybistsuli.click
nanioclub.click
nanoconsultini.click
nblride.click
ncekeytui.click
ndgoldhotswitc.click
neatcatsi.click
needletra.click
neopanelh.click
netgood.click
nextsafetye.click
nfoforceprojec.click
ngesera.click
niathawka.click
niceconceptse.click
nicenatione.click
nicererhse.click
niiceb.click
nityadace.click
nivloyli.click
normnowh.click
notebooil.click
nowicei.click
nshineack.click
nuancma.click
numbsif.click
nypagesrepad.click
obesepai.click
obistandmcacc.click
objectiiti.click
occupoff.click
octemal.click
odeesupb.click
oeponam.click
oextrae.click
officreal.click
ogamparee.click
olidconsultadm.click
olidinsura.click
oliwrsm.click
ollchollenwe.click
olrunshare.click
omgaimagi.click
omrufozi.click
oncngial.click
onestopsee.click
onetoeprice.click
ongndoc.click
onilylaunch.click
onlineboxa.click
onlinesell.click
onliytravel.click
onlyikid.click
onlyvienture.click
onovaheywheel.click
ontinihotdingsi.click
onwardbounce.click
oodpollwintwee.click
opdigitallif.click
openwde.click
operaele.click
opposnih.click
orditing.click
orkmojoknowle.click
osumcek.click
ouracge.click
ourneatboutique.click
ourradiosi.click
outeventuitui.click
outhmrepic.click
outimag.click
outsidential.click
overcha.click
overeahe.click
overeai.click
overwhacc.click
ovesna.click
oviehutmediach.click
owconsulti.click
owerfullsearch.click
passwheal.click
passwordhunteri.click
passwordinteractivei.click
patiefool.click
pauseoh.click
pcmobforum.click
peakpage.click
peaktouch.click
pecomnce.click
percencl.click
perfectqeazityi.click
perigri.click
permansta.click
personalizedtoalied.click
pesonde.click
pettyfra.click
photomispla.click
pickcrunch.click
pickkidsibi.click
picklehati.click
picnarrol.click
pillartwe.click
pissgrid.click
pitraki.click
pittgromi.click
pitydel.click
planaic.click
planeinc.click
planirtzoom.click
planstimetraffici.click
playwordsim.click
pleerate.click
plugreg.click
plumicoak.click
pluscompl.click
plusrantil.click
pneuerf.click
poetryab.click
poianituniverse.click
politetpa.click
polleag.click
pollmoanywhere.click
pollutkta.click
polprog.click
popitag.click
posique.click
posittone.click
postgodele.click
poweand.click
poweraste.click
powertera.click
powlarida.click
ppguystopm.click
ppodeliask.click
pptisfa.click
presscypresslea.click
privateexamsurrive.click
procraftth.click
prodpa.click
profanwebking.click
profitgeb.click
projectiqi.click
promori.click
prosewallated.click
protrigh.click
provuai.click
psitesmarketb.click
purpnteruniversityi.click
puzzlelocatori.click
qeuivul.click
quemsol.click
queueti.click
quieghf.click
quotaia.click
rachaad.click
raciserda.click
radoimi.click
ragaece.click
rancaugh.click
randrepea.click
rassoficiel.click
raveleyesi.click
ravelised.click
ravocloudsinwa.click
readerti.click
rearach.click
reatnote.click
rebeffai.click
receeti.click
receptipai.click
recommape.click
recommcul.click
recopack.click
recruirea.click
recyclebea.click
redeeski.click
redsptspace.click
refertc.click
refuseaca.click
refuste.click
regitce.click
reheasm.click
rekongse.click
relatehe.click
remesla.click
reminpi.click
replacka.click
repponse.click
reprtic.click
reptitle.click
requesdiffb.click
resciorg.click
resortda.click
revedyb.click
revengwi.click
reviseal.click
revoude.click
rezrak.click
rhackerunilog.click
riceadd.click
richaracteria.click
ridtutori.click
rigahf.click
rightstora.click
rilokid.click
ritualma.click
rmfirearmdefenc.click
rokcvze.click
romeetnetable.click
roprofessi.click
routita.click
rpoieha.click
rrshesf.click
ruerentaltrue.click
runeventc.click
sabinte.click
safarhie.click
saftmind.click
saiami.click
salvatira.click
sboetome.click
schoolth.click
scobadi.click
seasonta.click
sefeheree.click
sellecha.click
sellorge.click
sensitgre.click
senspab.click
sepacati.click
serconsulting.click
seriteci.click
sessabb.click
severframe.click
shamenc.click
shapeick.click
sharmki.click
shattish.click
shiftove.click
sicetite.click
signbtai.click
siliverpie.click
silverya.click
simplyhqa.click
sisterdig.click
sitadvi.click
skredel.click
sloganngd.click
smartmemill.click
smilemark.click
smilepi.click
snaipguide.click
snowrealha.click
sociaiosredpanel.click
solidware.click
sotapa.click
sourpean.click
spacefue.click
spacemueateauean.click
sparkbag.click
speechri.click
spitzag.click
sporool.click
spricra.click
spyseload.click
squabare.click
ssivcla.click
staffnicema.click
standtrea.click
stanuba.click
starlfirstled.click
starseasoc.click
starstpad.click
startsitei.click
startstaff.click
steakrec.click
steseva.click
stnereti.click
stormcod.click
storodi.click
stortui.click
straian.click
straifad.click
strencom.click
studiorock.click
sufferra.click
summertef.click
sunfcksm.click
sunmayond.click
suntalil.click
supircontocti.click
survunre.click
suspdomi.click
sycaresunnybla.click
symbolbazaari.click
symbolck.click
symbolutc.click
syndrtre.click
tablemacfood.click
tamarob.click
tapecook.click
tdiiamb.click
teamsomelead.click
technologiesab.click
techsavera.click
teemaid.click
teenici.click
telerdi.click
teletowna.click
telllead.click
tendalue.click
testcha.click
tfulzendb.click
theririrm.click
thevill.click
thienikmine.click
thinkace.click
thinkjiob.click
thinkssi.click
thratelec.click
thrutfe.click
tiablaa.click
timeatch.click
timeeaoptionsi.click
timerental.click
tiomuntimitidi.click
tipsmobiwell.click
tjasme.click
tkarmaedudi.click
tlinetirte.click
tmekede.click
tongdiff.click
tooacc.click
topchtoname.click
topisteam.click
topresearc.click
traceasa.click
tradedquote.click
trapslime.click
trearefe.click
trendded.click
tripgha.click
trobeli.click
trodrome.click
truieresource.click
tryweeklye.click
ttrendimball.click
tuscome.click
tvtheoybestactive.click
twistskillsi.click
twitgca.click
txticec.click
uaafixi.click
udesaeye.click
ueregeedi.click
ukenata.click
ulltrustle.click
ultancyitbee.click
umbresta.click
unfairlel.click
uniforpe.click
uniirank.click
unilird.click
uningclubb.click
unonlinecloudh.click
unpopulating.click
uoneati.click
uoptxe.click
urbanfilesibi.click
ureraiam.click
urgencynoe.click
usaseaid.click
ushoppang.click
usmoprice.click
ustonteage.click
ustweetbonuspa.click
uthondemandsa.click
utoavesideawi.click
vguaceli.click
videomate.click
vingcre.click
vruvesui.click
vusimbi.click
wandereh.click
wanthsaveya.click
waterele.click
wayssafesec.click
weareckl.click
webabc.click
weforeveril.click
weiglre.click
welcweig.click
wellgraph.click
wesomestatepea.click
whiphei.click
whohicsolidcase.click
whynerd.click
winnpref.click
withtiff.click
wkritie.click
worilde.click
wowcaveskillsi.click
wowprice.click
wowrojecti.click
wreswide.click
writegra.click
writoma.click
wupemstrenc.click
xjoufeg.click
xpibeh.click
yandafe.click
ycreatoristyl.click
yinmine.click
ypidnve.click
yvistaquickfl.click
zariagonf.click
zerkine.click
zmezate.click
zonezid.click

# Reference: https://twitter.com/asdasd13asbz/status/1735180272000475366

namsouth.com/access-darrell/Access%20Denied.php
namsouth.com/access-timothy/Access%20Denied.php
namsouth.com/access-weidner/Access%20Denied.php

# Reference: https://asec.ahnlab.com/en/59590/
# Reference: https://otx.alienvault.com/pulse/6579b3e780b08a7717b8e895

ciso2ciso.com
prohomepage.net

# Reference: https://twitter.com/tiresearch1/status/1736447996139798978
# Reference: https://www.virustotal.com/gui/ip-address/27.102.134.69/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.102.134.69
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=85.239.53.121

ctp-forms.site
dewhales-capital.online
nps-ctrl.site
nps-email.store
nps-form.site
nps-host.site
nps-inform.store
nps-main.site
nps-messages.info
nps-post.site
nps-report.online
nts-email.site
nts-emails.site
nts-home.site
nts-info.site
nts-info.store
nts-mail.info
nts-mail.site
nts-mail.store
nts-message.info
nts-news.site
nts-news.space
nts-news.store
nts-notice.info
ntsmail.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.246.192/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.246.192

kepco.site
npscom.site
npsnews.space
nts-mails.site
nts-mails.space
nts-msg.space
ntsemail.space
ntsinf.space
ntsmails.space
ntsmsg.site
ntsnews.space

# Reference: https://www.virustotal.com/gui/ip-address/75.2.0.44/detection

1636.site
1661-0241-call.site
1666-7797.site
1800-7804-call.site
1800-7804-callcenter.site
1person-corperation.site
79artproject-part79.site
85tech-yoon.site
85yoons-channel.site
absofficial.site
aiactuary.site
all-pass.site
annainfo.site
antichilgok.site
antiseongju.site
aportal.site
artproject-part79.site
artproject79-part79.site
batterymonster.site
bisiness.site
bongbongmall.site
bookmaker-korea.site
brightedu.site
busineess.site
businness.site
buybit-cafe33.site
cafe-cahrtlab.site
cafe-chartcoin70.site
cafe-chartcoin82.site
cafe-coinchart80.site
cafe-coinchart90.site
cafe-ffree.site
cafe-ffreedom.site
cafe-investminjok.site
cafe-minjok8003.site
cafe-moneylab.site
cafe-naver-jyp.site
cafe-success.site
cafe-teamkim.site
cafe-tech25financial.site
cafe-winners-cu.site
cafe-winners.site
cafenaver-public.site
cafenaver-richbangbang.site
cashad.site
ch-kakao-jsi.site
chart-yoojinportfoli.site
chart119-portfolio.site
chart58-number58.site
chart72-portfolio73.site
cheongung.site
co-ex.site
coinwolrd100.site
comodono.site
coway1004.site
csj-kakao.site
csj-katalk.site
csj24-kakao.site
dcinside.site
decentraland.site
dogcatkalma24.site
drumdays.site
dukk.site
eamest-project.site
ehvvv.site
endlesspools.site
enrui.site
ethnic-invest.site
everyday-chekpoint.site
fianlss.site
fiestaholdings.site
finalasset.site
finance-yooneyportfolio.site
financial-factory.site
financial-navercafe.site
firegin.site
first-coin100.site
flower-portfolio77.site
fr-kakao.site
gkausehos.site
goldclass-sj.site
goldclassss.site
goldclassss79.site
goseoul.site
hallyu.site
hanjinboryeong.site
healstory.site
health-letter.site
healthguardiangel.site
healthinfor.site
healthinform.site
healthinformation.site
healthletter.site
healtytech-2011.site
heathletter.site
hletter.site
hodorl1988-tech.site
holroog.site
holybible.site
iberico.site
investing-life.site
investor-onepick.site
investor-people.site
jelq.site
jennieheo.site
jlcoupasmall.site
johnyoon.site
juanbandoubora.site
jypf.site
kakao-channel85yoon.site
kakao-coin2021.site
kakao-coinchart.site
kakao-cyj.site
kakao-goldgold.site
kakao-justit.site
kakao-mb365.site
kakao-mtk.site
kakao-sj.site
kakaotalk-br.site
kakaotalk-ch2020317.site
kimsoyeon.site
klip.site
kosdaq-portfolio.site
kospi-yusuhn.site
kospi3000-magazine.site
ksy-kakao.site
ksy-kakaotalk.site
ksy-katalk.site
l2loyal.site
leaserent.site
leehana-investment.site
leesj-kospicheck.site
limseong.site
littlekorea.site
liveing.site
lofni.site
lolproteam.site
lovvy.site
lqeiu.site
masksale.site
matched.site
maybeyo.site
metaplatform.site
miso-smartinvest.site
misojtec-magazine.site
misostock.site
mom-kakaotalk.site
moneychart33.site
moneyproject.site
naiver.site
naver-cafe2ace.site
navercafe-no1.site
navercafe-public.site
neever.site
neiver.site
newmisojt-rich.site
nolround.site
para10.site
paragon05.site
paragon10.site
pds79.site
pf-kakaotalk-cu.site
pf-kakaotalk-ku.site
pf-kakaotalk.site
pf1-kakaotalk.site
phallosan.site
pnguf.site
pokerace.site
powergin.site
prugio.site
rntpsxl.site
scrooge-coin.site
scrooge-finacial.site
sentmusic.site
sercont.site
shop-portfolio.site
sj-kakao.site
sj12-kakao.site
sj123-kakao.site
sj24-kakao.site
sj321-kakao.site
sj365-kakao.site
sjsj-kakao.site
snore.site
source-in25.site
success-tech.site
tam24.site
teamwork-upandup.site
tech-chartlist2000.site
tech-coinlist3000.site
tech-yhc85school.site
tech119sj-2017.site
techking.site
tfgse.site
totalrental.site
trandnjob.site
up-kakaotalk.site
volume-chartyoon.site
webcctv.site
winners-naver.site
wisdomwood.site
wonnetwork-asset.site
worldbit365.site
yeahaea.site
yoari.site
yooilhan.site
yooneymoney-coin.site
yooneymoney-investment.site
yoosuhyeonproject.site
zigum.site

# Reference: https://twitter.com/tiresearch1/status/1737044959780647342
# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.60/relations

nhis-news.store
nps-alert.space
nps-alert.store
nps-center.site
nps-center.store
nps-co.site
nps-co.store
nps-ctrl.space
nps-email.site
nps-home.site
nps-host.store
nps-inf.store
nps-io.space
nps-lib.site
nps-lib.store
nps-msg.site
nps-msg.store
nps-notices.site
nps-or.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.96/relations

nps-inf.site
nps-src.site
npsmsg.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.107.122/relations

naverzcope.com
nhis-news.site
upbits.site
naver.nhis-news.site
naver.nps-center.store
naver.upbits.site

# Reference: https://www.virustotal.com/gui/ip-address/141.164.58.132/relations

disquiet.site
gocgler.com
nts-alert.space
nts-emails.space
nts-homes.site
nts-homes.space
nts-homes.store
nts-mails.store
nts-tax.site
nts-tax.store
nts-views.space
ntsinf.site
ntsinfo.site
ntsmsg.space

# Reference: https://www.virustotal.com/gui/ip-address/141.164.43.213/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.43.213

npshome.site
npsmsgs.site
npsnews.site
npstax.site
ntsgov.site
wetax-mail.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.242.154/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.242.154

npsalert.site
npshomes.site
npsnew.site
npsnew.space
nts-inf.website
nts-mail.website
ntsboard.space
ntsbook.store
ntsbox.site
ntscustom.site
ntscycle.site
ntsemail.homes
ntsgo.site
ntshomes.space
ntsinf.website
ntsinfo.store
ntsmailer.homes
ntsmailer.website
ntsmailing.store
ntspayment.site
ntspays.site
ntspolicy.site
ntsports.site
ntspost.homes
ntspost.space
ntspost.website
ntsposting.homes
ntsreport.homes
ntsreport.store
ntsreviews.site
ntstaxes.site
ntsview.website
emv1.hometax.space
emv1.npsalert.site
emv1.ntsmailer.homes
emv1.ntsmailer.website
emv1.ntsmailing.store
emvl.ntsmailer.website
lcs.ntspost.website
mta-sts.npsalert.site
mta-sts.ntsemail.homes
mta-sts.ntsmailer.website
mta-sts.ntsmailing.store
naver.ntspayment.site
naver.ntspost.website
nidss.ntstaxes.site
shop.ntsemail.homes
shop.ntsposting.homes
smtpauth.ntsmailing.store
smtpmail.ntsmailing.store
vqqniarm.hometax.space
websitmta-sts.ntsgo.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.224.52/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.224.52

nts-alert.website
nts-home.website
nts-new.website
nts-poster.store
ntsinforms.website

# Reference: https://www.virustotal.com/gui/ip-address/141.164.60.65/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.60.65

nts-alert.site
nts-email.store
nts-go.space
nts-inf.site
nts-info.space
nts-inform.space
nts-inform.store
nts-mail.space
nts-youtueb.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.140/relations

nts-inf.space
naver.nts-inf.space
naver.nts-inform.space
naver.nts-mail.space

# Reference: https://www.virustotal.com/gui/ip-address/158.247.222.75/relations

nts-notice.site
mid.nidscorp.site
naver.nts-tax.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.255.171/relations

nts-alert.store
nts-inf.store
nts-notice.store
naver.nts-inf.store
naver.nts-tax.store

# Reference: https://www.virustotal.com/gui/ip-address/27.102.129.79/relations

flyasianer.info
nps-view.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.130.51/relations

haishang.site
nps-news.site
nps-server.site
nps-service.site
nps-services.site
nps-view.store
weataxs.store

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.40/relations

navercorpe.com
nps-news.info
nps-post.store
uniteogram.live
webuniteogram.live

# Reference: https://www.virustotal.com/gui/ip-address/27.102.115.86/relations

nps-info.space

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.244/relations

fss-info.site
nhis-info.site
nps-info.site
nps-news.space
nps-service.xyz
weataxes.site
weataxs.space
youtubein.store
naver.nps-services.info
naver.weataxs.space

# Reference: https://www.virustotal.com/gui/ip-address/27.102.114.69/relations

crosscert.site
epeople.space
govenments24.site
haeshang.store
niduserunzcorp.site
weatax.site
weatecs.store
wetacs.site
wetacxs.online
wetacxs.site
wetaxc.store
wetaxces.site
wetazx.online

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.230/relations

ftcs.store
haeshang.site
linkedlri.site
wetacx.lol
wetacxs.club
wetax-home.lol
wetaxc.homes
wetaxce.store
wetazx.xyz
youtubein.online
youtubs.site
naver.check-youtube.info
naver.wetacxs.club
naver.wetaczx.lol
naver.youtubein.online
naver.youtubs.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.231/relations

wetax-home.space
wetax-io.space
wetaxc.beauty
wetaxcs.store
wetaxe.site
wetaxs.store
wetazx.website

# Reference: https://www.virustotal.com/gui/ip-address/27.102.132.182/relations

naverscope.com
nps-docs.space
nps-look.space
nps-report.space
naver.nps-docs.space
naver.nps-posts.store

# Reference: https://www.virustotal.com/gui/ip-address/95.164.44.60/relations

acountcorp.info
rememberapp.website

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.245/relations

nidconfirmes.site
nidnavescorp.online
nidvenify.online
userchecks.info
cc.nidvenify.online
lcs.nidvenify.online
myinfo.nidvenify.online

# Reference: https://www.virustotal.com/gui/ip-address/27.102.127.156/relations

drivesview.site
homtax.info
minwons24.info
nidnavecenter.info
nidnaver.homtax.info
niduserae.site
niduseran.site
niduseren.site
nidusernd.site
nidusernv.site
nidusracorp.site
nidusrnvcorp.site
nidusrsurcorp.site
xn--googls-7ua.com
lcs.niduseran.site
naver.niduseran.site
naver.niduseren.site
naver.nidusrsurcorp.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.67/relations

kakaoviwer.com
navearsuser.info
naveasuser.help
naverascorp.help
navrascorp.info
nidnaveainfo.help
nidnaverscorp.com
nidusernavers.help
accountkkcdn.kakaoviwer.com
accounts.kakaoviwer.com
ccountkkcdn.kakaoviwer.com
ibasrugpiah.kakaoviwer.com
lcs.naverascorp.help
nid.naverascorp.help
nid.nidnaveainfo.help
nid.nidnaverscorp.com
stat_tiarakakao.kakaoviwer.com
t1_daumcdnkakao.kakaoviwer.com

# Reference: https://www.virustotal.com/gui/ip-address/210.92.18.184/relations

gatensign.com
kakaosecure.com
natelogin.com
homemail.natelogin.com

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.243/relations

nate.com.ro
naver-settings.com
simcard-korea.com
mail.naver-settings.com
mgrkrpreview.naver-settings.com
mvideo.naver-settings.com
nklqnremote.naver-settings.com
preview.naver-settings.com
remote.naver-settings.com
srv.simcard-korea.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.67.154/relations

naveare.com
nid.naveare.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.237/relations

naevear.com
noticenate.com

# Reference: https://www.virustotal.com/gui/ip-address/165.154.230.146/relations

check-click.com
cookeechck.com
naver-url.com
noticeurl.com
redir-dns.com
sessionchck.com
sireonwar9.info

# Reference: https://www.virustotal.com/gui/ip-address/165.154.230.211/relations

driversgoogle.com
haenmaii.net

# Reference: https://www.virustotal.com/gui/ip-address/27.102.127.115/relations

chinakoreanews.com
driverqooqle.com
mybox-navers.com
naversinfo.help

# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.109/relations

drivergoogles.com
exchange-bybit.com
kakaologin.com
kakaotearn.com
naveraecorp.online
nidnaverauser.help
nidnavescorp.help
account.kakaologin.com
cc.naveasuser.help
cc.nidnaverauser.help
lcs.naveasuser.help
lcs.nidnaverauser.help
lcs.nidnavescorp.help
nid.naveasuser.help
nid.naveraecorp.online
nid.nidnaverauser.help
nid.nidnavescorp.help
rcaptchanid.nidnaverauser.help

# Reference: https://www.virustotal.com/gui/ip-address/27.102.130.113/relations

infonavera.com
naeverscorp.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.66.162/relations

global-bybit.com
gooogledocsview.com

# Reference: https://www.virustotal.com/gui/ip-address/108.177.235.15/detection
# Reference: https://www.virustotal.com/gui/ip-address/172.93.201.25/relations

acc-center.site
corpnavcenter.site
corprsecurity.tech
corpseccenter.site
havcorp.site
havecorp.link
havecorp.tech
haveecorp.site
haveorcorp.tech
havercorp.tech
havercorpteam.site
haverocorp.link
havoocorp.online
havoocorp.tech
havorcorp.link
havorcorp.online
havorcorp.site
havorcorp.tech
mailcorpcenter.online
mailcorpcenter.site
mailportalcenter.online
mailscropcenter.site
mailservicecenter.site
mailservicecenters.site
nauercorp.website
nauercorpteam.website
navaccountcenter.online
navcenter.xyz
navcorp.host
navcorp.link
navcorp.space
navcorp.website
navcorpctr.site
navcorpmanage.site
navcorpmanager.website
navcorpportal.xyz
navcorps.site
navcorpservice.site
navcorpservice.website
navcorpteam.website
navcrtr.online
navctrv.site
navcvcorp.online
naveacorp.tech
naveccorp.link
navecorp.online
navecorp.website
naveeccorp.tech
naveecorp.link
naveecorp.online
naveecorp.site
naveecorp.xyz
naveeecorp.site
naveeoocorp.link
naveeorcorp.tech
naveeoteam.site
naveercorp.online
naveloga.online
navelosa.host
naveoccorp.link
naveoccorp.online
naveocenter.link
naveocop.link
naveocorp.link
naveocorp.online
naveocorp.site
naveocorp.tech
naveoecorp.tech
naveogains.tech
naveologs.online
naveooccorp.online
naveoocorp.link
naveoocorp.online
naveoocorp.site
naveoocorp.xyz
naveorcorp.link
naveorcorp.online
naveorcorp.site
naveorcorp.tech
naveorteam.site
naveoscorp.link
naveoteam.online
naveoteam.site
naverocorp.online
naverocorp.tech
naveroocorp.link
naveroocorp.site
naverooteam.site
naverooteam.tech
naverorteam.online
naveroscope.tech
naveroteam.online
naveroteam.tech
navevcorp.link
navevcorp.online
navevcorp.site
navmailcenter.site
navocorp.link
navocorp.site
navocorp.tech
navoercorp.site
navoocorp.link
navoocorp.online
navoocorp.site
navoorcorp.link
navoorcorp.online
navoorcorp.site
navorcorp.link
navorcorp.xyz
navovcorp.online
navovcorp.site
navovcorp.tech
navpcenter.online
navpcenter.site
navportalcorp.site
navportalsec.site
navportalservice.site
navrcenter.site
navrcorp.tech
navrcorp.xyz
navrpcenter.site
navrrcorp.tech
navseccorp.link
navsecncenter.site
navsecnet.online
navsecorg.tech
navsecportal.tech
navsecportals.tech
navsecsite.tech
navsecteam.tech
navsecuritycenter.site
navsecuritycenter.tech
navsecuritycorp.link
navsecuritycorp.site
navsecurityportal.online
navsecvcorp.online
navservicecenter.xyz
navservicescenter.online
navserviceteam.site
navserviceucenter.site
navservicevcenter.site
navsvcorp.tech
navvccenter.online
navvcorp.host
navvcorp.link
navvcorp.online
navvcorp.site
navvctr.link
navveoocorp.online
navvocorp.online
navvrcorp.site
navvsecurity.site
navvtrs.site
nevercorp.site
nidnavcenter.site
nidseccenter.host
seccenter.online
secnavportal.digital
secportal.digital
secportal.link
securitycenter.link
securitycenter.space
setcenter.store

# Reference: https://www.virustotal.com/gui/ip-address/108.177.235.82/relations

aswxvn.site
cnnav.site
docnav.site
documentmanager.site
docvcenter.site
docvmanager.site
docvnac.site
gnasxa.site
mwnoer.tech
nanw.tech
nasverteam.tech
nasvwx.site
naswner.tech
nasws.site
nasxn.site
nasxws.site
navccteam.site
navcctr.online
navcerteam.site
navcestr.site
navcnx.site
navcorps.link
navcreteam.site
navcrtvr.site
navcrvrteam.site
navcrvsteam.site
navcstr.online
navcsvrr.site
navcsvteam.site
navcsvteam.tech
navcteam.online
navcteam.site
navctr.tech
navcvtr.site
navdoc.site
navectr.site
naveeteam.tech
naveocorps.link
naveocorpteam.tech
naveorrcorp.site
naveosteam.site
naverocorp.link
naverocorp.site
naverocteam.site
naverosteam.site
navevvteam.site
navewteam.tech
navmgr.site
navnrteam.site
navnteam.site
navnvrteam.tech
navoercorp.link
navoewcorp.online
navorcop.site
navrcorpteam.site
navrctrv.site
navreteam.tech
navsctr.site
navsdoc.site
navsecportal.site
navser.tech
navseteam.online
navsrteam.site
navssecurity.store
navstvr.site
navvnteam.site
navvocorp.site
navvrteam.site
navvsctr.site
navvsecurity.tech
navvteam.online
navvteam.tech
navxna.online
navxteam.tech
nawerteam.tech
nawsnx.site
nawxr.site
naxver.tech
ncwer.tech
neaver.tech
nevercorp.online
nevercorp.tech
neverrcorp.tech
newner.tech
nexwna.online
ngsxna.site
nidnavocorp.site
nresxn.xyz
nrexas.tech
nrexva.site
nrsxaw.site
nsverteam.tech
nsvn.tech
nswner.site
nswxn.site
nsxangs.online
nsxawsx.tech
nsxes.site
ntwsx.site
nvctr.tech
nvnana.site
nvnanmx.site
nvnans.site
nvnateam.site
nvnaxv.site
nvnnans.site
nvns.tech
nvnxa.tech
nvnxr.tech
nvswa.site
nvwna.online
nvwnna.site
nvwns.site
nvwxvr.site
nvwxwa.site
nwaener.tech
nwaxana.site
nwener.tech
nwner.tech
nwnsn.site
nwnsn.tech
nwnsna.site
nwnwer.tech
nwnx.site
nwnxn.tech
nwnxr.tech
nwnxs.site
nwrnr.tech
nwsax.site
nwscn.tech
nwsvxn.site
nwsvxn.tech
nwsxa.site
nwsxasdv.site
nwsxca.tech
nwsxn.site
nwsxns.site
nwxcvsa.online
nwxns.tech
nwxnvs.tech
nwxnw.site
nwxve.site
nwxxna.site
nxana.site
nxmnv.site
nxwener.tech
nxwesx.site
nxwn.tech
snwasdc.online
tksnxa.online
vmwna.site
vnwxna.site
vsxna.site
vvwsaman.site
vwxns.site
wasxxv.site
wnawx.site
wnvnxs.site
wredxas.site
wsaxns.site
wsnvx.site
wsxena.site
wsxna.site
wsxnxa.site
wsxvx.site
wxnsav.site
nid.navcctr.online
nid.navcter.site
nid.navcvtr.site
nid.navvrctr.site
ns.navscr.site

# Reference: https://www.virustotal.com/gui/ip-address/108.62.12.95/relations

anxines.tech
boxmcorp.tech
boxnavteam.tech
cloudalarm.space
cloudalarm.tech
cloudalarm.xyz
corpcenternav.site
corpsecnav.site
docnco.online
docnscorp.site
mailportalcenter.site
mvsenwas.tech
nacersa.tech
nacmnr.tech
nacner.xyz
naconavcenter.tech
nacsmr.site
nacsner.online
nacsnvr.online
nacsxr.online
nacxma.online
namcner.tech
namnr.online
namnvcr.xyz
namsnr.site
nanscr.tech
naoneos.site
naosnr.site
naosoner.online
naovser.online
nascver.online
nascxnr.online
nasmnar.site
nasmnr.online
nasmnsar.online
nasncar.site
nasvnr.site
naswnas.xyz
naswxnas.online
nasxmna.online
nasxnar.online
nasxnas.site
nasxne.online
nasxners.site
nasxnos.online
nasxnw.tech
nasxnwsa.online
nasxvnw.site
navcenterportal.site
navcmr.site
navcnsr.tech
navconr.site
navcorpcenter.site
navcorpctr.online
navcorpscenter.site
navcorpsecurity.site
navcorpserver.site
navcorpsite.online
navcorpssec.tech
navcorpsuppot.site
navcos.online
navcter.site
navcveteam.site
navcvteam.site
navcxna.site
naveccorp.site
navecorp.host
navecter.site
naveecorp.tech
navemr.online
navensv.tech
naveolink.online
naveoorcorp.link
naveoorteam.site
naveorrcorp.online
naveorrcorp.tech
naverorcorp.tech
naverovocorp.site
naverteam.tech
naverves.online
naverves.site
navfteam.site
navlinkcorp.online
navmailserver.site
navmser.xyz
navnxnr.xyz
navocsop.online
navoercorp.host
navorcorp.online
navportalcenter.site
navportalvcenter.link
navscvvr.site
navseccenter.site
navseccorp.online
navseccorp.site
navserveportal.site
navservicecenter.site
navsnnda.xyz
navsop.xyz
navswnsd.tech
navswnteam.online
navsxnw.online
navsxnws.xyz
navteamcorp.site
navvctr.tech
navvtr.site
navvtrr.site
navvtrw.site
navwsxn.online
nawmr.xyz
naxsmr.online
ncxmas.xyz
neasomr.xyz
necmas.tech
necomos.xyz
necxna.tech
nemrner.site
nemxna.site
nensoner.xyz
neocsr.tech
neodocteam.site
neomsa.tech
neoner.site
neonons.online
neonosa.tech
neonso.site
neoscope.site
neosmar.xyz
neosmn.site
neosmr.tech
neosn.online
neosn.xyz
neosnamr.tech
neosncr.online
neosner.site
neosnow.site
neosnr.online
neosnr.site
neosvn.site
nermner.online
neromr.site
neronr.site
nerosma.online
nerosma.tech
nerosmar.xyz
nerosmwr.tech
nerosn.site
nerosno.online
nerosno.xyz
neroso.site
nerosv.tech
nersmn.site
nersmw.site
nersnor.xyz
nersxna.online
nersxnas.online
nervesa.online
nesam.site
nesamar.site
nesamr.xyz
nesamw.site
nesamws.tech
nesans.site
nesansa.tech
nesanw.site
nesanx.tech
nesawos.site
nescoop.online
nesmar.site
nesmnaw.online
nesmnr.site
nesmnsr.xyz
nesmvr.online
nesmwsn.tech
nesnoas.site
nesnonr.tech
nesnop.site
nesnor.online
nesnor.xyz
nesnxma.tech
nesomar.xyz
nesomer.site
nesomnr.online
nesomnr.site
nesomwn.online
nesonor.xyz
nesvnx.site
neswmar.site
nesxamw.site
nesxga.site
nesxmos.site
nesxnar.online
nesxnas.online
nesxnw.online
nevesvr.tech
nevonr.online
nevosn.site
nevoxs.site
nevsoma.online
newnmr.site
newoner.online
nexams.online
nexmso.tech
nexner.tech
nexomo.online
nexoms.online
nexvnr.tech
ngnsxm.online
ngoner.tech
ngsxna.tech
nidcenter.online
nidnaverco.com
nidnavercorp.com
nidnavportal.site
nioner.online
nocmer.site
nocomer.tech
noesnas.xyz
noewrsxa.tech
nomaser.tech
nomasner.tech
nomoer.site
nomsna.tech
nomsner.xyz
nomvnr.tech
nomxn.tech
nomxna.online
nonosnas.online
nooconer.site
noosavo.xyz
noosxna.online
normer.xyz
norner.tech
nornvs.site
norosor.site
norosr.xyz
nosamer.tech
nosano.site
nosaomr.xyz
nosawner.online
nosdocvcorp.online
nosmaner.tech
nosmaner.xyz
nosmanr.tech
nosmer.site
nosmner.online
nosmnr.online
nosmoa.online
nosmoner.site
nosodmer.online
nosomr.xyz
nosvmer.site
noswms.site
nosxmo.site
nosxmoa.online
nouers.site
noumer.site
noumsr.online
nouonos.tech
nousmer.site
nownas.tech
noxmer.tech
nresxnas.site
nrexnas.online
nrnaror.online
nrosmw.online
nrosunr.xyz
nrsoma.tech
nrsxna.site
nrsxona.site
nsamnvar.site
nsaoner.tech
nsaonx.site
nscvcoop.online
nsmner.online
nsmwas.tech
nsnaso.tech
nsnmer.online
nsoma.online
nsomer.online
nsomer.tech
nsomor.site
nsvcorp.site
nswnexa.site
nsxndaas.site
nsxnso.online
nsxomar.online
nsxoner.online
nvacse.site
nvcxnz.tech
nvmsnw.online
nvnxer.tech
nvswsna.site
nvxner.xyz
nvxnos.xyz
nwnams.xyz
nwnerans.online
nwsnar.online
nwsxnas.site
nwxma.site
nxcnas.tech
nxmsiner.site
nxnnosna.online
scientisttest.digital
secmanageteam.site
secportaslnav.site
sndaxnds.tech
wsxnasv.online

# Reference: https://www.virustotal.com/gui/ip-address/23.82.128.163/relations

narrctr.site
nauermanager.website
navcen.site
navcorpvtr.site
navcrsteam.site
navcrteam.site
navcrvteam.site
navcsteam.tech
navcsvr.site
navcvr.site
navcvtr.online
naveteam.tech
navncenter.site
navrcteam.site
navrrteam.site
navrsteam.site
navscteam.site
navsecvrteam.site
navsecvteam.site
navsteam.site
navvctr.online
navvctr.site
navvctvr.site
navvrsctr.site
navvsctr.online
navvteam.site
navxteam.site
naxteam.site

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.4/relations

dmnscorp.xyz
nacnmcsa.tech
nacnvscorp.online
namcgmt.xyz
namcgst.link
namnscop.site
namvncgst.xyz
namvncs.site
namvncs.store
namvncst.xyz
nancsvcorp.tech
nanmsncorp.tech
nansamsncoasrp.site
nansamsncoassrp.site
napcorteam.site
navmncsas.online
navmncsas.site
navmncsavorp.online
navmncsavorps.online
navrnsvrp.online
nismnvcopa.shop
nismnvcorp.tech
nismnvscorp.tech
nismnvscorps.site
nismvnco.site
nmasncorp.online
nmnvcorp.site
nsmansps.xyz
nsmansva.xyz
nsmansvcorp.online
nsmansvcorp.site
nsmansvcorpav.online
nsmansvcorpavs.xyz
nsmncoteam.online
nsmnvsco.online
nsnvcorp.site

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.25/relations

namnvncorp.tech
nanmsncorp.site
navmncvorp.tech
navmnvcorp.online
navmonscorp.site
navmscorp.online
nismnvcop.shop
nismnvcop.tech
nisnavmco.tech
nsmanvcorp.site
nsmanvcorps.online
nsvmavcorp.online
nvnacorp.site
nvnacorp.tech
secportalnav.tech

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.26/relations

navnaver.com
nidnavern.com
nidnavero.com

# Reference: https://asec.ahnlab.com/ko/59933/
# Reference: https://otx.alienvault.com/pulse/658c565578c6361b0ed9617a

104.168.145.83:993
107.148.71.88:993
159.100.6.137:993
38.110.1.69:993
45.114.129.138:33890
45.114.129.138:5500
bitburny.kro.kr
bitthum.kro.kr
doma2.o-r.kr
dongdongdong.r-e.kr
my.dongdongdong.r-e.kr
my.topton.r-e.kr
nobtwoseb1.n-e.kr
octseven1.p-e.kr
tehyeran1.r-e.kr
topton.r-e.kr
update.ahnlaib.kro.kr
update.doumi.kro.kr
update.onedrive.p-e.kr
yes24.r-e.kr

# Reference: https://twitter.com/asdasd13asbz/status/1742105472466117032

http://122.155.191.33

# Reference: https://twitter.com/asdasd13asbz/status/1744279858778456325
# Reference: https://www.virustotal.com/gui/ip-address/216.189.159.197/relations
# Reference: https://app.validin.com/axon?source=DNS&limit=100&type=ip&find=216.189.159.197
# Reference: https://www.virustotal.com/gui/file/2e0ffaab995f22b7684052e53b8c64b9283b5e81503b88664785fe6d6569a55e/detection
# Reference: https://www.virustotal.com/gui/file/f8ab78e1db3a3cc3793f7680a90dc1d8ce087226ef59950b7acd6bb1beffd6e3/detection

aerosp.p-e.kr
bananat.p-e.kr
daysol.p-e.kr
ilnas.n-e.kr
kimyy.p-e.kr
kostin.p-e.kr
limsjo.p-e.kr
mexico.p-e.kr
namutech.p-e.kr
negapa.p-e.kr
netup.p-e.kr
olixa.p-e.kr
rotsis.r-e.kr
ssungmin.p-e.kr
winters.r-e.kr
zosua.o-r.kr
sefud.csproject.org
shocloud.awiki.org
aa.olixa.p-e.kr
ai.kostin.p-e.kr
ai.limsjo.p-e.kr
ai.namutech.p-e.kr
ai.negapa.p-e.kr
ar.kostin.p-e.kr
ca.bananat.p-e.kr
ce.aerosp.p-e.kr
er.mexico.p-e.kr
li.ssungmin.p-e.kr
main.winters.r-e.kr
ol.negapa.p-e.kr
pe.daysol.p-e.kr
qi.limsjo.p-e.kr
sa.netup.p-e.kr
uo.zosua.o-r.kr
ve.kimyy.p-e.kr
vm.rotsis.r-e.kr
vn.ilnas.n-e.kr

# Reference: https://twitter.com/malwrhunterteam/status/1745227981281231108
# Reference: https://twitter.com/asdasd13asbz/status/1746783476702158941
# Reference: https://www.virustotal.com/gui/file/84f4f2e77b6e59c1fe54360842821fbfc6cdab039f197147b30876ed7da3647c/detection

nmailapp.n-e.kr
sign.nmailapp.n-e.kr

# Reference: https://twitter.com/malwrhunterteam/status/1749549318766219485
# Reference: https://www.virustotal.com/gui/ip-address/173.214.164.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/205.209.99.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.133.51.174/relations
# Reference: https://www.virustotal.com/gui/file/35ddb63c0729a7e3019c026865ea195607a51943d8867607a26c006f0df6e594/detection

acopfvy.store
acrob.shop
binavers.site
bindeo.tech
bnlopdlc.shop
cmytfvga.shop
corenavered.site
docloakc.online
docpoc.online
fomhl.fun
kololphcnv.shop
lfpa.website
locslf.website
lopaswec.shop
lopdgv.fun
mailcorp.tech
malilsopx.fun
mclvhoc.shop
mlodkf.online
moldoep.website
molgono.tech
mollcocmd.tech
mollsovop.fun
molsycl.shop
motivenaver.site
navei.online
naverpro.online
necxo.tech
nicorps.website
nidcorp.fun
obmonspc.online
octos.store
olcocmsl.tech
ploslacv.website
poskoca.shop
proteco.fun
riavercorped.site
sedlco.online
socrpa.store
soduci.online
solep.online
supwlmall.online
wedwec.online
wobsodm.tech
xclosldp.shop
/pkg/qsuw.php
/pkg/qsuw.php?cgimo=
/pkg/xyce.php
/pkg/xyce.php?mtahp=

# Reference: https://www.virustotal.com/gui/ip-address/216.219.80.170/relations

btcstack.site
naver-config.site
naver-delivers.site
naverservice.site
nidcorp.online
nidnaver.info
nidnavercorp.site
mail.naverservice.site

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.153/relations

aderto.store
afixer.store
ahesus.store
aiaitu.store
akites.site
aluces.site
baconer.site
berysu.site
bolun.site
cafung.online
cedoras.store
civilarys.store
cutagor.store
dacrorns.store
decasy.store
ghosfun.site
ghosteak3bordnhlp.shop
gproctecn3amckop.website
kionetaorg39hoaker.icu
kransfer349omeha.online
mksilencoa03coon.online
navecorps.com
naveralarm.com
naveralert.com
navercafe.info
nhopess.com
nidnaver.help
nidnaver.info
psetuplgmog0lan.online
zobkoreanck320fernst.website
api-talks.cedoras.store
emv1.akites.site
lcscorn.cedoras.store
mailcorn.cedoras.store
nid.cafung.online
nid.civilarys.store
nidcorn.cedoras.store
nidpilk.cedoras.store
nidpon.cedoras.store
sslcorn.cedoras.store
staticnidcorn.cedoras.store

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.75.158

asdzxcvbn.tech
bnxzsfgh.website
cananet.pe.kr
cvnnhbgvf.fun
erdfcvwsx.fun
ertrfvcvb.tech
ertyuio.tech
fdgjksfiewr.tech
frgthyjuki.tech
gfhyfhg.shop
ghosfun.site
heros.sbs
hujikolp.fun
irony.cyou
ktsp3.cananet.pe.kr
lmkjnhbgv.fun
logingmail.shop
lpokijmnuhb.tech
media-zabbix.xyz
mexcc.website
mnbvcxzasd.tech
navacallteam.shop
naverecenter.store
navernail.com
naverscorp.shop
navincteam.shop
nbmjhkgtb.tech
phealth.shop
ptighfeng.shop
pweicsd.shop
qbaby.shop
qecgfuteproas.shop
qweoifnc.shop
ranvocenart.store
reinosdpool.site
reoncoao.store
revfdsvoino.store
rfvsdfghj.website
riocnsodea.store
rovnsaudcbiae.store
rtfgvbtyghbn.tech
sacnasopmn.store
sgoicaoe.store
sheocnsap.shop
sivnsdufe.shop
spoiencioser.shop
swenfdovin.shop
trygfhgf.website
ujmikolp.fun
vbnmtyu.website
wrcnsodfan.shop
xvcbgfrd.fun
yeivnsdke.shop
yhnujmikl.online

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.248

activemq.usage.store
apache.activemq.usage.store
cocalex.store
dauo3mgoepcio.store
dianers.store
docsuris.store
ecoresar0minsites.icu
gproctecn3amckop.website
kakaoteam.site
kdouatr7hocnop.site
makeverify.store
makinstac9aants.store
mida23netkolcam.site
mitusbish3chinm.website
mksilencoa03coon.online
mofamail.homes
mofamail.shop
nastre0eakmavop.site
naverteam.center
nerdrtkpoamnder.site
nodkcl32doalkna.icu
org.apache.activemq.usage.store

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.73

cawer.store
chosunmail.com
civilary.online
cogay.store
daurm.net
kakaoteam.site
navrcops.com
mail.daurm.net

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.77

acnura.store
aehuji.store
asrto.store
fogray.cfd
navers.co

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.246

ajoyable.store
busment.site
ducksale.store
naver.com.ro

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.113

ajoyable.store
akaysun.store
alohery.store
bisus.site
eaches.online
havercorp.com
ladacy.site
lucase.site
lusbow.site
countrysvc.p-e.kr
mail.havercorp.com
mail.navercom.org
mail.navercorp.ca
navercom.org
navercorp.ca
navers.cc
filter.nsync.r-e.kr
login.countrysvc.p-e.kr
name.nprofi1e.kro.kr
ncore.o-r.kr
nprofi1e.kro.kr
nsync.r-e.kr
steps.ncore.o-r.kr

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=165.154.240.117

check-vhost.com
host-cookie.com
host-session.com
mail-urls.com
mailurlck.com
naver-cert.com
naver-click.com
naver-proxy.com
sites-domain.com
taryxo8a9b.info

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=210.92.18.165

naverdoc.com
navernotice.center
naverscan.com
oncloudvip.com

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=210.92.18.188

daum.net.ru
navernotice.center
naverscan.in.net
naverteam.net
onnostore.eu

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.235

kakaocop.eu
kr101483.in.net
kr410126.in.net
kr681730.in.net
navercop.eu
office8349.in.net
oksite.eu

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.243.42

kakaoccrp.com
naver-defend.com
naver-filter.com
naver-pages.com
naver-publish.com
naver-security.center
naver-teams.com
naver-vhost.com
navercorp.com.co

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.243.40

nate-files.com
naver-master.center
naver-profile.com
naver-protect.center
naverccrp.co
naverprivacy.center

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.14.211.149

haenmail.net
naver-links.com
naver-pdf.com
navercenter.com
navercorq.com
nid-check.ml

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.114

downloademaeil.com

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.79.204

dlive.ga
mail.dlive.ga
member.nidlogin.kro.kr
naveradmin.com.co
navernotice.com
naverpolicy.pw
naversupport.com.co
navor.co.com
nidlogin.kro.kr

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=211.104.160.81

cc.navermails.com
edaum.online
hostmaster.navermails.com
lcs.navermails.com
mail.naverccrp.org
mail.navermails.com
mail.naverteam.org
navar.co.cm
navar.com.co
naverccrp.org
navermails.com
naverpolicy.info
naverprotect.com
naversupport.net
naverteam.org
nid-otp.navermails.com
nid.navermails.com
nids.navermails.com
sslpstaticnet.navermails.com
staticnid-otp.navermails.com

# Reference: https://twitter.com/ArbaaWahidhamsa/status/1752346762759610558
# Reference: https://www.virustotal.com/gui/ip-address/45.58.52.104/relations

cert-auth.p-e.kr
cert-login.n-e.kr
file-cloud.r-e.kr
file-sec.n-e.kr
firterswer.r-e.kr
goldmelon.n-e.kr
gomplay.n-e.kr
jeonpriter2.r-e.kr
macdonald.n-e.kr
nanymanda.n-e.kr
nestros1.n-e.kr
operasik2.r-e.kr
ostras1.p-e.kr
peras1.n-e.kr
portgirl.r-e.kr
safeguard.r-e.kr
servicesheduler.p-e.kr
whalenvapp.n-e.kr
check.servicesheduler.p-e.kr
neer.firterswer.r-e.kr
sign.whalenvapp.n-e.kr
update.jeonpriter2.r-e.kr

# Reference: https://twitter.com/tiresearch1/status/1752713847033729176
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.49.199

koreanair.website
nts-inform.website
npsnews.website
ntsalert.website
ntshomes.website
ntsinform.store
ntsinform.website
ntsmailing.homes
ntsnews.store
ntsnews.website
ntsview.homes
ntsviewer.homes
ntsviewer.store
ntsviews.homes

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.197.219

nts-email.website
nts-homes.website
nts-msg.website
nts-viewer.website
ntsalert.space
ntsapps.space
ntscope.space
ntsctrls.space
ntscustomer.site
ntshelp.space
ntsinform.space
ntsmailer.site
ntsmailing.space
ntsoffer.shop
ntsoffer.site
ntsoffer.store
ntspayer.space
ntspays.space
ntspolicy.store
ntsports.space
ntsposter.space
ntsposting.website
ntsposts.store
ntsviewer.space
secure-center.site
wetax-home.site

# Reference: https://twitter.com/tiresearch1/status/1752968430880469031
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.62.12
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.204.87
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.208.76
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.214.14
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.239.225
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.242.154
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.247.162
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.102.128.79

authuser.online
checkpermission.cloud
com-flight.space
gcogle.site
hometax-post.site
hometax.space
hometaxcs.site
hometaxctrl.site
hometaxes.space
hometaxes.store
hometaxs.site
inetpost.site
les-girls.top
navarcope.space
npsauth.site
npscare.site
npscmd.site
npsnote.site
npsnotice.site
npsrule.site
npssign.site
nts-kr.site
nts-mail.homes
nts-post.homes
ntsadmin.site
ntsalert.site
ntsapp.site
ntsapp.store
ntsapps.site
ntsapps.store
ntsbox.space
ntscard.site
ntscart.site
ntscenter.site
ntscenter.space
ntscentre.site
ntscentre.space
ntscontact.site
ntscope.online
ntscope.site
ntscorp.site
ntscorp.space
ntscustom.space
ntsdocs.site
ntsdocs.space
ntsdocs.store
ntsgo.space
ntshelps.space
ntshelps.store
ntshomes.shop
ntshomes.site
ntsinform.site
ntsinforms.site
ntsjob.site
ntslogin.site
ntslogin.store
ntsmail.space
ntsmailing.site
ntsmain.site
ntsmain.space
ntsmid.site
ntsnew.homes
ntsnew.site
ntsnew.space
ntsnew.store
ntsnews.homes
ntsnotice.site
ntsoffer.space
ntsorder.site
ntsorg.site
ntsorg.space
ntsorg.store
ntspayable.site
ntspayer.site
ntspc.site
ntspolicy.space
ntsports.store
ntspost.shop
ntsposter.homes
ntsposter.site
ntsposting.store
ntsreport.shop
ntsreviews.space
ntsroom.site
ntssign.site
ntssign.space
ntstaxes.space
ntstel.space
ntsto.site
ntsto.space
ntsusers.site
ntsusers.store
ntsviewer.site
ntsviews.shop
ntsviews.space
ntsward.site
ntsxhome.site
profuso.life
safecenter.site
sinsa.online
tnt-home.site
tossbenk.online
lcs.ntsposter.site
naver.ntsmailing.site
naver.ntsposter.site

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.102.129.48

myconferms.info
securitygooqles.com
service-googlces.info

# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.66/relations

memconfirm.info
nidconfirms.info
nidcorp.info
nidcorpmember.info
nidmember.info
nidmemcorp.info
niduserna.site
nidusersncorp.site
nidusertn.site
nidusrecorp.site
nidusrnscorp.site
nidusrstecorp.site
shares-view.com
transfer-dosi.world
userconfs.info
cc.userchecks.info
lcs.userchecks.info
lcs.userconfs.info
naver.nidcorp.info
naver.nidusrecorp.site
naver.userchecks.info
naver.userconfs.info
wa11ets.transfer-dosi.world

# Reference: https://twitter.com/tiresearch1/status/1754407046873784592
# Reference: https://www.virustotal.com/gui/ip-address/27.102.101.26/relations

naaverascorp.com
navearcorps.help
nidnaavers.com
nidnaveasrv.help
nidnavesecorp.help
ninavaracorp.site
nts-info.website
nts-mailer.website
nts-news.website
nts-poster.website
nts-viewer.store
ntsmailing.website
ntsmails.store
ntsviews.store
api.infonavera.com
cc.naversinfo.help
cc.nidnavescorp.help
cc.nidnavesecorp.help
ccid.infonavera.com
cs.kakaocop.eu
dev.infonavera.com
idv.kakaocop.eu
lcs.navearcorps.help
lcs.naversinfo.help
lcs.nidnavesecorp.help
lcsid.infonavera.com
login.infonavera.com
m.infonavera.com
mailid.infonavera.com
mailid.nidnaavers.com
nid.infonavera.com
nid.navearcorps.help
nid.naversinfo.help
nid.nidnaavers.com
nid.nidnavesecorp.help
nid.ninavaracorp.site
sslid.infonavera.com
stage.infonavera.com
staticnidid.nidnaavers.com

# Reference: https://twitter.com/RexorVc0/status/1753322889716084823
# Reference: https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247522061&idx=1&sn=22e56ee213d9e5229371ad3e082ebfab&chksm=ce461c1df931950b245134a250b6bf4bea489d75b556cb450548569c0c6d50d3bacc00a8efe0&scene=178&cur_album_id=2867627575890837505#rd

ek.com/js/sub/aos/dull/down1/r_enc.bin
ek.com/js/sub/aos/dull/down1/show.php
kyungdaek.com/js/sub/aos/dull/down1/123.hwp
kyungdaek.com/js/sub/aos/dull/down1/lib.php
kyungdaek.com/js/sub/aos/dull/down1/list.php
kyungdaek.com/js/sub/aos/dull/down1/r_enc.bin
meatalk.com/pg/adm/tdr/upi/down0/lib.php
meatalk.com/pg/adm/tdr/upi/down0/list.php
meatalk.com/pg/adm/tdr/upi/down0/r_enc.bin
meatalk.com/pg/adm/tdr/upi/down0/show.php
siloamclinic.com/js/slick/up/down0/lib.php
siloamclinic.com/js/slick/up/down0/list.php
siloamclinic.com/js/slick/up/down0/show.php
siloamclinic.com/js/slick/up/down1/r_enc.bin
vwellpain.com/js/sub/up/down1/r_enc.bin

# Reference: https://twitter.com/tiresearch1/status/1755116984235114701
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.194.199
# Reference: https://www.virustotal.com/gui/ip-address/141.164.35.7/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.50.24/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.41.218/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.59.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.61.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.194.199/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.200.209/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.248.158/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.254.237/relations

acckr.online
acckr.store
ackr.link
ackr.online
belieview.com
cenv.space
cenv.store
cnkr.online
cnkr.store
ecnv.site
edcloud.store
edkcloud.cloud
edkcloud.online
edoc-kr.online
edocs-kr.cloud
edocs-nv.online
edocs-nv.space
edocs-nv.store
escnv.online
estnv.online
estnv.space
estnv.store
fscns.xyz
gemnv.online
gemnv.space
hlnv.store
hnsc.space
krcp.online
krcp.store
maillive.click
mailsvc.fun
mngkr.cloud
mngkr.fun
mngkr.host
mnksc.cloud
mnksc.host
mnsvc.icu
mnsvc.tech
mnvsc.online
mnvsc.store
nbkr.online
nbkr.space
nckr.space
ncloud.click
ncloud.host
ncloud.uno
ncplus.click
ncplus.site
ncvsr.tech
ncvts.online
ncvts.store
ndoc-kr.host
ndoc-kr.info
ndoc-kr.site
ndoc-kr.space
ndoc-kr.store
ndoc.digital
nhis-cloud.online
nhis-cloud.site
nhis-doc.store
nhis-edoc.cloud
nhiskr.cloud
nhiskr.fun
nhiskr.online
nhiskr.site
nhiskr.space
nhiskr.tech
nhissvc.cloud
nhissvc.space
nhskr.online
nhskr.space
nhskr.store
nldoc-kr.cloud
nmsvc.icu
nmsvc.online
nqcloud-edoc.site
nscentre.online
nskr.online
nskr.space
nskr.store
nsrv.link
nsrv.store
ntskr.cloud
ntskr.online
nvclup.link
nvclup.online
nvclup.space
nvclup.store
nvdocs.store
nvkr.link
nvkr.space
nvkr.store
nvpr.info
nvpro.art
nvpro.host
nvpro.info
nvsc.cloud
nvsc.press
prodocs.cloud
prodocs.tech
psnv.store
pvnr.online
pvnr.store
scenv.cloud
scnr.store
sdoc-kr.cloud
sdoc-kr.host
sdoc.cloud
shnvr.store
sknet.space
sknet.store
srcnv.icu
ssnv.cloud
stnv.online
stnv.site
xvideos-kr.com
bakingschool.belieview.com
bobae.belieview.com
cpanel.ncloud.host
daum.belieview.com
dev.ndoc-kr.space
dmarc.edoc-kr.online
edocs.acckr.online
edocs.acckr.store
edocs.cenv.store
edocs.cnkr.online
edocs.cnkr.store
edocs.ecnv.site
edocs.krcp.online
edocs.krcp.store
edocs.nbkr.space
edocs.nckr.space
edocs.nscentre.online
edocs.nskr.space
edocs.nvclup.store
edocs.nvkr.store
edocs.nvpr.info
edocs.nvpro.art
edocs.nvpro.info
edocs.nvsc.cloud
edocs.nvsc.press
edocs.sdoc.cloud
edocs.shnvr.store
edocs.stnv.online
emv1.prodocs.tech
mta-sts.prodocs.tech
naver.belieview.com
ncentral.ncloud.host
noc.ncloud.host
ns1.ncloud.host
ns2.ncloud.host
owa.mngkr.fun
postgresql.edkcloud.cloud
postmaster.edkcloud.cloud
quasarzone.belieview.com
shop.sdoc-kr.host
superset.mnksc.host
tsc.estnv.online
tsc.estnv.store
tsc.gemnv.online
tsc.hnsc.space
tsc.mnvsc.online
tsc.ncloud.host
tsc.ncloud.uno
tsc.ncvts.online
tsc.ncvts.store
view.edkcloud.cloud
view.edocs-nv.space
view.mngkr.cloud
view.mngkr.fun
view.mngkr.host
view.mnsvc.icu
view.mnsvc.tech
view.nhis-cloud.online
view.nhis-cloud.site
view.nhis-doc.store
view.nhis-edoc.cloud
view.nhiskr.cloud
view.nhiskr.online
view.nhiskr.site
view.nhiskr.tech
view.nhissvc.space
view.nhskr.online
view.nldoc-kr.cloud
view.nmsvc.online
view.nqcloud-edoc.site
view.nsrv.link
view.nsrv.store
view.ntskr.online
view.nvclup.online
view.nvclup.space
view.nvclup.store
view.nvdocs.store
viewer.edkcloud.cloud
webdisk.ncloud.host

# Reference: https://twitter.com/hypen1117/status/1755502188078755857
# Reference: https://medium.com/s2wblog/kimsuky-disguised-as-a-korean-company-signed-with-a-valid-certificate-to-distribute-troll-stealer-cfa5d54314e2

coolsystem.co.kr

# Reference: https://www.virustotal.com/gui/ip-address/158.247.200.183/relations

fsceit.cloud
fscsies.info
navnsrc.cloud
navserv.cloud
nhitalk.online
nhseco.store
nqcloud-edoc.site
ntihosp.site
mail.navserv.cloud
motu.nhseco.store
nhos.nhseco.store
view.fsceit.cloud
view.navnsrc.cloud
view.navserv.cloud
view.nhitalk.online

# Reference: https://www.virustotal.com/gui/ip-address/158.247.232.100/relations

dlndocs.site
heisof.mom
htxpost.site
moecsxet.fun
moschck.store
mossrv.site
moxcei.online
niddocs.site
nidedoc.cloud
ntcloud-edoc.site
ntcloude.site
ntidocs.site
ntihosp.site
oiwoske.store
secdoc.site
settingdirect.org
uugirl.vip
emv1.dlndocs.site
emv1.htxpost.site
emv1.ntcloud-edoc.site
emv1.secdoc.site
gvidfaas.htxpost.site
hostmaster.secdoc.site
ldrssbkg.htxpost.site
mail.htxpost.site
motu.moecsxet.fun
motu.moschck.store
mta-sts.dlndocs.site
mta-sts.htxpost.site
mta-sts.ntcloud-edoc.site
view.dlndocs.site
view.htxpost.site
view.moecsxet.fun
view.moschck.store
view.mossrv.site
view.niddocs.site
view.nidedoc.cloud
view.ntcloud-edoc.site
view.ntcloude.site
view.secdoc.site

# Reference: https://www.virustotal.com/gui/ip-address/31.220.76.170/relations

htxpost.site
navedocs.site
navnsrc.cloud
navsvcs.cloud
niddocs.site
nidedoc.cloud
ntcloudn.site
ntcloudo.site
ntclouds.cloud
ntclouds.site
ntsvc-edoc.cloud
ntsview.store

# Reference: https://www.virustotal.com/gui/ip-address/158.247.210.44/relations

bstsba.store
cotnek.store
eabtaa.store
edocs-mid.site
edocs-moseid.site
gov24-kr.site
gyufy.site
hlomein.store
hokimc.store
hrnksel.store
kemtkao.store
mois-daot.site
mois-view.site
monews.store
mosgov.site
mpas-kr.site
mtpeck.store
nhosrv.site
ntaview.site
sadbta.site
sceasnse.store
seltsnb.click
ssbee.store
stisent.fun
tsaehne.cfd
tsnua.site
emv1.mosgov.site
mosi.ntsvc-edoc.cloud
mosi.ntsview.store
mta-sts.mosgov.site
si.ntsvc-edoc.cloud
view.ntcloudo.site
view.ntsvc-edoc.cloud

# Reference: https://www.virustotal.com/gui/ip-address/141.164.62.17/relations

abyocs.store
ayjaent.bond
btinah.lol
edocs-center.site
etockmid.site
hmktsc.store
hodcts.store
hsects.store
htsseh.store
konctw.lol
moedocs.store
mois-kite.site
moishlwkt.site
moscheck.site
moscloud.online
mosiview.online
mosplay.fun
mpas-kr.site
navedocs.site
nmsvc-edoc.cloud
ntcloudn.site
ntclouds.site
shymh.lol
sydsh.store
ujdyph.lol
vrteocs.store
mosi.mosiview.online
mosi.ntclouds.site
post.navedocs.site
read.hsects.store
read.moedocs.store
view.mosplay.fun
view.navedocs.site
view.nmsvc-edoc.cloud
view.ntcloudn.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.254.159/relations

nts-post.website
ntshome.website
ntsinfo.website
ntsmail.website
ntsmailer.store
ntsmsg.website
ntsposter.website
emv1.ntshome.website
emv1.ntsmail.website
emv1.ntsposter.website
lcgwihug.ntsposter.website
mta-sts.ntshome.website
mta-sts.ntsinfo.website
mta-sts.ntsmailer.store

# Reference: https://www.virustotal.com/gui/ip-address/158.247.239.225/relations

authuser.website
checkhuman.site
checkpermission.site
checkpermission.website
documentsvievv.com
fssorg.site
gocgledrive.store
goglesign.site
goocgles.com
googlces.com
hankyung.site
koreariair.space
kvoting-home.online
kvoting-send.online
nhis-org.site
nhismailing.site
nts-doc.online
ntsctrls.store
ntshelp.site
ntsmailer.space
ntsmailing.site
ntsposter.site
ntsposting.space
ntsviewer.site
phonemanagers.info
rememberapp.cloud
so-team.cloud
so-unlock.online
so-unlock.website
team11.website
user-manage.site
lcs.ntsnews.space
mta-sts.ntsmails.space
shop.ntsboard.space
shop.ntspost.space
store.ntspost.space
websitmta-sts.ntsgov.site
ntsmail.websitmta-sts.ntsgov.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.226.241/relations

npsposter.site
npsposter.space
npsviewer.site
npsviewer.space
ntsinforms.space
emv1.npsviewer.site
mta-sts.npsviewer.site

# Reference: https://twitter.com/asdasd13asbz/status/1758007194963071067
# Reference: https://www.virustotal.com/gui/ip-address/45.195.69.28/relations

45.195.69.28:14275
binace.homes
binaces.homes
masnail.shop
aas.com/inc/basl/up1/show.php

# Reference: https://twitter.com/tiresearch1/status/1758443520405184764
# Reference: https://www.virustotal.com/gui/ip-address/64.176.225.245/relations

navarcope.site
news-nps1.site
nps-sends.site
npsnote.site
npsreview.site
npssign.space
ntsadv.site
ntscorp.store
ntsgrp.site
ntsmid.space
ntspage.space
ntsroom.store
rskey.buzz
wetax-notice.site
wetax-notice.space
wetax-pay.online
wetax-pay.site
wetax-pay.space
wetax-pay.store
emv1.npsnote.site
emvl.npsnote.site
naver.wetax-pay.online

# Reference: https://twitter.com/tiresearch1/status/1762039064528908737

edocs-all.site
edocs-high.site
edocs-hope.site
edocview.online
edsafety.online
nhiskr.store
nhkr-docs.online

# Reference: https://www.virustotal.com/gui/ip-address/158.247.210.247/relations

fscns.online
nhis-doc.space
nscentre.cloud
nsrv.space
nvdocs.online
dev.nvdocs.online
emv1.nhis-doc.space
emv1.nscentre.cloud
emv1.nvdocs.online
mta-sts.nvdocs.online
view.nhis-doc.space
view.nhiskr.store
view.nsrv.space
view.nvdocs.online

# Reference: https://twitter.com/JangPr0/status/1761961131319681453
# Reference: https://twitter.com/asdasd13asbz/status/1762014640274637280
# Reference: https://www.virustotal.com/gui/file/f262588c48d2902992ffd275d2be6362fe7f02e2f00a44ab8c75ac1a2827c6e9/detection

dgartway.kr

# Reference: https://twitter.com/asdasd13asbz/status/1762382877638160789

ncallserveiqnxme.store
/teamnavcorphost/enzmenaiexz/ajemzneij/team.php
/teamnavcorphost/enzmenaiexz/
/ajemzneij/team.php?suseeid=

# Reference: https://twitter.com/tiresearch1/status/1762743004601921709

apcorp.homes
kapacloud.homes
memavers.pics

# Reference: https://www.virustotal.com/gui/ip-address/141.164.39.174/relations

abyiase.store
cmseny.store
criaoeh.store
heinsk.online
hoscke.store
koetle.store
ktstore.store
menoks.online
mois-kr.site
reaotnd.store
sdcey.store
tockeam.store
tsceeh.store
viewer.mois-kr.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.215.195/relations

agsbte.store
cdktne.store
csebte.store
ekdotns.site
htchoc.store
mois-com.site
mois-env.site
moisnews.site
moissctic.site
sctseit.store

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-02-22-v10538/1399

civilizations.store
countrysvc.pe.kr
navigation.cc
navermail.online.korea
newnotification.server.korea
ned.newnotification.server.korea
nmail.navermail.online.korea
nsvc.mail.server.korea
taxservice.pe.kr
upbit-service.pe.kr
upbit2024.re.kr

# Reference: https://www.virustotal.com/gui/ip-address/45.66.249.5/relations

dosi-team.world
indeede-checks.site
indeede-confirm.online
indeede-homes.site
membersecure.online
notice-irshome.site
notify-bestbuy.site
pay-dosi.world
services-ledqer.info
usercheckonlines.site
usersinfocheck.site
shop.ntsemail.space

# Reference: https://twitter.com/Cyberteam008/status/1765624539273183623

accoints-google.com-guide.site
accounts-google.com-guide.site
accounts-gooqle.com-guide.site
accounts.o-r.kr
accountsdon.kakaoaccouts.store
accountseses.mofamail.shop
accountsnot.kakaoaccouts.store
accountsuey.kakaoaccouts.store
add-contact.p-e.kr
afoinoin.shop
aieiqyeizniqopao.store
allowlogin.shop
allrecieve.online
api-talks.memavers.pics
bd.n-blog.o-r.kr
billions168.com
ccalo.memavers.pics
cnbvhuiop.fun
com-guide.site
dev.kakaoteam.site
dndon.kakaoaccouts.store
dneses.mofamail.shop
domainkey.cloudown.store
dsaewqcxz.website
eaziaieoqyzmdiaotea.store
emv1.docsuris.store
emv1.mofamail.homes
emv1.mofamail.shop
emv1.usage.store
eoquqowizateua.store
httpswwwalo.memavers.pics
jr168jr.com
lcsalo.memavers.pics
lcspene.mofamail.shop
link.new-doc.p-e.kr
mailalo.memavers.pics
mta-sts.docsuris.store
mta-sts.makeverify.store
mta-sts.usage.store
naizieoqiaeyua.store
naizjeiqmzoeha.store
naizmehzosaxolawiq.store
naizmeoqnaizeoaosier.store
naizoqiayzoaijae.store
ncyberteamcall.store
new-doc.p-e.kr
nguardteam.store
nid-naver.memavers.pics
nid.add-contact.p-e.kr
nidalo.memavers.pics
nidpele.mofamail.shop
nidper.navecorps.com
nidporn.cloudown.store
nidporn.kakaoaccouts.store
nids.memavers.pics
nie.nts-news.p-e.kr
ntinfo.o-r.kr
nts-news.p-e.kr
nziqoaiqozniws.store
oiequziqiwery.store
pcvnbduie.tech
poeiqyaizoeiaywoaise.store
poilkjmnb.fun
qwaszxedc.tech
qwaszxqaz.online
qwerfdsa.online
qwertyu.fun
rzdzociaoeaieoqnzid.store
server.add-contact.p-e.kr
smaths.lat
sslalo.memavers.pics
stat_tiaraeses.mofamail.shop
staticnidalo.memavers.pics
t1_daumcdneses.mofamail.shop
talktalk.emailservice.email
unc.ntinfo.o-r.kr
vbfgrtyhn.website
vghfjrui.site
wazioajieitoquazoeis.store
werqasdf.website
wwwalo.memavers.pics
youtube.accounts.o-r.kr
zieiqyueoaizneoqiwer.store
zneiqmzieniaie.store

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.138/relations
# Reference: CERT_FINGERPRINT-HOST: 2a0612870a6fc14d4a9579f96bf8a0f1b2b762e2

accoouts.online
alal.online
api-talks.naverscorp.shop
apps.navecorps.com
ccid.navincteam.shop
ccpon.naverscorp.shop
compnservice.store
confirmin.shop
emv1.naverscorp.shop
gcogle.online
gfp.veta.naverscorp.shop
itgnorsg.wrcnsodfan.shop
lcspon.naverscorp.shop
makeauth.biz
minggamevies.com
nahostpresssec.store
nasecteamcall.store
navacallsim.shop
navacallteam.store
navasyssecteam.shop
navcallservteam.shop
navctrcentrecall.shop
naveraccomngr.shop
naveraccount.store
navercompany.shop
navercompany.store
naverconfirm.store
naverconsol.store
navercorpcom.store
navercorps.store
navercyberteam.store
naverereact.store
naveresecurity.shop
navereservice.store
naverguard.store
naverinc.shop
naverinc.store
naverscorp.store
naverscropsecurity.store
naversecurity.store
naverservice.store
naverservicehuck.store
naversscorp.shop
naverteam.store
navmakesecteam.shop
navsecservicesee.shop
navteamsol.shop
ncallservaeiwoq.store
ncompcyberdef.store
ncompcyberteam.store
ncompcyble.store
ncompgover.store
ncompservice.store
ncompservteam.store
ncorpservaieaiw.store
ncropsecteam.shop
ncussoc.shop
ncussol.shop
ncustcol.shop
ncustomseccenter.store
ncustomsecteam.store
ncyberdefender.store
ncyberguard.store
ncyberteam.store
ncybfeaceteam.store
ncyblecenter.shop
ncybleteamhelp.store
ndefenseteamsol.shop
ndomainservsec.store
nedrsecteamservice.store
ngoverteam.store
nhelpaccountcenter.store
nhelpcenter.store
nhostmailtan.store
nhostservicecmo.store
nhostservmarktet.store
nid.navercompany.shop
nid.naverecenter.store
nid.naverscorp.shop
nid.naverservice.store
nid.navincteam.shop
nid.ncustomsecteam.store
nid.nsechelpteam.store
nidhelpcenter.shop
nidnaverservice.shop
nidnaverteam.shop
nidnavteamtanu.shop
nidnservice.shop
nidnteamcall.shop
nidpon.nsechelpteam.store
nincsecteamcall.store
nmservicecompany.store
npresscorp.store
nsabteamseccall.store
nsafehelpcenter.online
nseccenterpress.store
nsechelpteam.store
nsecservice.store
nsecteamcall.shop
nsecteamservice.shop
nsecteamservice.store
nsecuteamservice.store
nseicmzneizmeiqnx.store
nservcompaie.store
nservhostmark.store
nservhostwordsec.store
nservicecalleianze.shop
nservicecenter.store
nservicecompany.store
nservicehelp.store
nservicehelpcenter.store
nservicemanager.store
nserviceprice.store
nserviceseccenter.store
nservicesecteam.store
nservicetallship.store
nserviceteamhost.store
nserviceteamsec.store
nservicetoolsec.store
nservsectran.store
nservteamsellaie.store
nsolsimhelpserv.store
nteamservpress.store
nteamservtool.store
nthdefteam.shop
ntreanservicesec.store
orignauth.lol
peace.gcogle.online
policy.navincteam.shop
retry.today
rnvosdinrgf.sacnasopmn.store
secteamofnava.store
soundcaptchanidid.navincteam.shop
sslpon.naverscorp.shop
tivan.naverscorp.shop
uaefnoi.shop
ubasncos.shop
ucaeoinmo.shop
udoirfno.shop
unikorea.go.ci
veta.naverscorp.shop
wwwcorpid.navincteam.shop
wwwid.navincteam.shop

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.247/relations

dapacloud.store
kdiacloud.store
ncorpserver.online
ncushelpserver.top
ndefenderhome.store
nfeaceteamhelp.store
nfrayteam.top
nhelpcentercall.store
nhelpcenterserver.store
nhelpservercom.store
nsafehomeservice.store
nsheriffcom.store
nid.ncorpserver.online

# Reference: https://www.virustotal.com/gui/ip-address/210.92.18.172/relations

naveracc.com
naveraccount.info
naverhelp.org
navermail.net
sunrnail.com
tiktikcdn.site
auth.navermail.net
imap.navermail.net
mail.navermail.net
mail1.navermail.net
mx.navermail.net
nid.naveraccount.info
nid.naverhelp.org
nid.navermail.net
pop.navermail.net
pop3.navermail.net

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.236/relations

naverccrp.com
naverpw.com
nca.naverccrp.com
nid.naverccrp.com
nid.naverpw.com
nidpron.cloudown.store
verifyseprise.store
xn--nid-mo0a.naverccrp.com

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.244/relations

check2.download
com2.download
nid2-naver.date
accounts.kakao.com-user.pw
accountsetse.mofamail.shop
daum.net-confirm.com-user.pw
kakao.com-user.pw
live.bwimg.net
logins.daum.net-confirm.com-user.pw
named.kim53.com
naver.com-user.pw
net-confirm.com-user.pw
nid.naver.com-user.pw

# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.76/relations

accountseros.usage.store
accountskakao.mailcorp.eu
accountsoka.kakaocops.info
accountsosi.kakaocops.info
accountsotik.kakaorg.info
accountsute.kakaoaccouts.store
accoutskakao.mailcorp.eu
ahost.galleryleebae.com
btym.mailcorp.eu
cafe.mailcorp.eu
cclogin.navermail.click
comic.mailcorp.eu
google.notifi.o-r.kr
helpnaver.mailcorp.eu
horang.info
kakaocops.info
kakaorg.info
kin.mailcorp.eu
land.mailcorp.eu
lcslogin.navermail.click
mail.mailcorp.eu
maillogin.navermail.click
mailnaver.mailcorp.eu
map.mailcorp.eu
morase.info
ms.knn24.com
mybox.mailcorp.eu
netmg.info
news.mailcorp.eu
nidlogin.navermail.click
nidnaver.mailcorp.eu
noti.mailcorp.eu
notifi.o-r.kr
section.cafe.mailcorp.eu
sh.kakaocops.info
sports.news.mailcorp.eu
ssllogin.navermail.click
sslnaver.mailcorp.eu
stat_tiarakakao.mailcorp.eu
staticlogin.navermail.click
staticnidnaver.mailcorp.eu
stock.mailcorp.eu
t1_daumcdnkakao.mailcorp.eu
toran.info
uuzd.mailcorp.eu
vbqs.mailcorp.eu
weather.mailcorp.eu
webmail.navermail.click
wwwnaver.mailcorp.eu

# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.75/relations

navercrrp.com
nid.naverc0rp.com
nids.navercrrp.com

# Reference: https://www.virustotal.com/gui/ip-address/165.154.240.149/relations

mofamail.eu
officmail.homes

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.220/relations

accounthome.store
accountsign.store
accountsinfo.shop
accountsuser.store
asigninfo.store
authenpotal.click
connectserver.store
yescerse.store
emv1.wrcnsodfan.shop

# Reference: https://www.virustotal.com/gui/ip-address/159.100.29.38/relations

documentstoreservice.store
rtyyhnfghvb.shop

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.156/relations

foundaterity.quest
logingmail.homes
login.gcogle.online
login.logingmail.homes

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.163/relations

corpskoredunet.online
niduser2cops.tech

# Reference: https://www.virustotal.com/gui/ip-address/8.218.16.183/relations

antivmailnets.website
bnmbn.fun
bnmbnm.fun
cibersecploices.tech
ciberuser2cops.online
corpskoredunet.online
ebooksgumkrn.online
ekorbookhomes.tech
elibalertkorn.website
erer.online
erer.shop
ertedcrfv.fun
forkmaniolibs.shop
grpciberuserns.online
gukmindown.online
gukminyeongum.website
har5libsntola.website
invocedown.tech
invoicee.online
jonghui.online
kukmindown.website
logginnldsignup.tech
maverbooksio.tech
mcorp.website
mewvict0korps.tech
mingukdown.tech
minkukdown.online
mkinkibrarys0n.store
navorrnailcorps.tech
navur2userkinfs.site
nhisloggonin.tech
nidcops.tech
nidenvoicekr.online
nidsignin.online
niduser2cops.tech
nkoruserinfo.website
nkrop.online
nkropsnet.tech
nldelibscenter.shop
nldgggnnn.fun
nldlogggon.online
nldlogginon.website
nldloggonin.fun
nldloggonin.tech
nldlogin.online
nldsingin.shop
npkrbooknets.website
npkrlibs.online
npsebooklibs.online
nuser2guardman.website
nuser2secinfos.tech
nuserguards.website
onlinbookshome.online
onlynsis.website
pkrodmorps.tech
popogh.online
qwewsxzxc.tech
qwqw.website
reconlong.site
rfvedcdfg.fun
ri0tgmhostpn.cloud
thermclvergard1c.site
tyty.tech
tyuyhnghj.tech
uiui.shop
vcvcmn.website
vnvnlioe.fun
yeongumkornet.online
yhnujmtyu.tech
znznloey.online

# Reference: https://www.virustotal.com/gui/ip-address/45.192.162.121/relations

ekorguidecom.website
invoicenid.tech
kraccntsbooks.shop
miduserinfo.website
ncorpsinfos.online
nidusecorps.online
ninfokrops.online
nkidsecorps.tech
npkoruserconf.tech

# Reference: https://twitter.com/wwp96/status/1338460606983237638
# Reference: https://www.virustotal.com/gui/ip-address/23.106.122.194/relations

account-live.p-e.kr
edoc.linkpc.net
edoc.p-e.kr
gdiver.store
gdiver.website
invo1ce.p-e.kr
m-nidlogin.n-e.kr
m-nidlogin.o-r.kr
m-nidlogin.r-e.kr
m-nidlogin.work.gd
mlogin.p-e.kr
mybox.p-e.kr
n1dlogin.p-e.kr
narerlogin.p-e.kr
naver-edoc.kro.kr
nband.p-e.kr
nid1ogin.p-e.kr
nidiogin.kro.kr
nidiogin.p-e.kr
nidnarver.p-e.kr
nldconfirm.p-e.kr
nldiogin.p-e.kr
nldlogin.o-r.kr
nldlogin.p-e.kr
notify-mybox.p-e.kr
nps.p-e.kr
onedrive.linkpc.net
onedrive.n-e.kr
onedrive.p-e.kr
postgresql.gdiver.store
postman.gdiver.store
postmaster.gdiver.store
uidlogin.p-e.kr
upbitmain.online
update-mybox.r-e.kr
wetax.p-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/185.177.59.180/relations

inv0ice.p-e.kr
mybox.p-e.kr
naver-verify.n-e.kr
naver1ogin.p-e.kr
nidnarver.n-e.kr
nmybox.p-e.kr
npay.r-e.kr
rnybox.n-e.kr
rnybox.p-e.kr
uidlogin.kro.kr
uidlogin.n-e.kr
uidlogin.r-e.kr

# Reference: https://twitter.com/asdasd13asbz/status/1768465386931200203
# Reference: https://pastebin.com/GBPMY2qH

a-dam79.com/adm/mail/img/poll/auto_n.php
aftkor.com/gnuboard4/adm/img/ttttt/auto_n.php
aismedu.com/gnuboard4/adm/img/pill/auto_n.php
bestallblue.com/gnuboard4/adm/img/pill/auto_n.php
blackboxas.net/gnuboard4/adm/img/poll/auto_n.php
blueheart8.com/gnuboard4/adm/img/ttttt/auto_n.php
bookthemiracle.com/gnuboard4/adm/img/ttt/auto_n.php
bstill.kr/gnuboard4/adm/img/poll/auto_n.php
bumyoungkorea.co.kr/gnuboard4/adm/img/poll/auto_n.php
canaanwood.com/adm//mail/img/pill/auto_n.php
cgm-korea.com/gnuboard4/adm/img/ttttt/auto_n.php
cheilcorp.com/gnuboard4/adm/img/pill/auto_n.php
cicctv.co.kr/gnuboard4/adm/img/poll/auto_n.php
cnsspirits.com/adm/mail/img/poll/auto_n.php
daeilefc.co.kr/gnuboard4/adm/img/poll/auto_n.php
daero8488.com/gnuboard4/adm/img/poll/auto_n.php
dbcsc.net/gnuboard4/adm/img/poll/auto_n.php
dils.co.kr/gnuboard4/adm/img/poll/auto_n.php
dmcpvd.co.kr/gnuboard4/adm/img/poll/auto_n.php
donkatsu.co.kr/gnuboard4/lib/pill/auto_n.php
dooroolove.com/gnuboard4/adm/mail/img/pill/auto_n.php
dynamic-auto.co.kr/gnuboard4/adm/img/pill/auto_n.php
eatondesignlap.com/gnuboard4/adm/img/poll/auto_n.php
ejufamily.com/gnuboard4/adm/img/pill/auto_n.php
gaonled.com/gnuboard4/adm/img/pill/auto_n.php
gluckesearch.com/adm/mail/img/poll/auto_n.php
hanaimfood.com/gnuboard4/adm/img/ttt/auto_n.php
hanatps.com/gnuboard4/adm/img/ttttt/auto_n.php
hangangindustry.com/gnuboard4/adm/img/ttttt/auto_n.php
harangpro.com/gnuboard4/adm/img/pill/auto_n.php
hbe-food.com/gnuboard4/adm/img/ttt/auto_n.php
hgcns.com/gnuboard4/adm/img/pill/auto_n.php
hnkai.com/gnuboard4/adm/img/pill/auto_n.php
hwajinsystem.com/gnuboard4/adm/img/pill/auto_n.php
hyokwang.com/gnuboard4/adm/img/ttttt/auto_n.php
i-jadeview.com/gnuboard4/adm/img/poll/auto_n.php
ifixle.com/gnuboard4/adm/img/ttttt/auto_n.php
ilec.co.kr/gnuboard4/adm/img/pill/auto_n.php
jungdamfs.com/gnuboard4/adm/img/ttttt/auto_n.php
khomestory.com/gnuboard4/adm/img/poll/auto_n.php
koharich.com/gnuboard4/adm/img/pill/auto_n.php
kolabs.kr/gnuboard4/adm/img/poll/auto_n.php
kotfa.org/gnuboard4/adm/img/poll/auto_n.php
kunyoungtsc.com/gnuboard4/adm/img/pill/auto_n.php
kyungin119.com/gnuboard4/adm/img/ttt/auto_n.php
lgensolsamunozo.com/adm/mail/img/poll/auto_n.php
madephotostudio.com/adm//mail/img/pill/auto_n.php
minervaauctionedu.com/adm/mail/img/poll/auto_n.php
misugum.com/gnuboard4/adm/img/pill/auto_n.php
munjungday.net/gnuboard4/adm/img/poll/auto_n.php
nainenc.com/gnuboard4/adm/img/ttt/auto_n.php
nanovalley.co.kr/gnuboard4/adm/img/poll/auto_n.php
ouscompany.com/gnuboard4/adm/img/ttt/auto_n.php
pjk.co.kr/gnuboard4/adm/img/poll/auto_n.php
reujin.com/gnuboard4/adm/img/pill/auto_n.php
revolutionenm.com/adm/mail/img/poll/auto_n.php
segangenc.com/gnuboard4/adm/img/pill/auto_n.php
shin-ji.com/gnuboard4/adm/img/ttttt/auto_n.php
simsansc.com/gnuboard4/bbs/adm/img/pill/auto_n.php
sisileae.com/gnuboard4/adm/img/pill/auto_n.php
smartonecnd.co.kr/gnuboard4/adm/img/poll/auto_n.php
soltechkorea.co.kr/adm/img/poll/auto_n.php
soridesignart.com/gnuboard4/adm/img/pill/auto_n.php
ssglnd.com/gnuboard4/adm/img/pill/auto_n.php
stayattwenty.com/gnuboard4/adm/img/pill/auto_n.php
studionewgimmick.com/gnuboard4/adm/mail/img/auto_n.php
sungsimmh.com/gnuboard4/adm/img/pill/auto_n.php
tes30.com/gnuboard4/adm/img/pill/auto_n.php
thevanart.com/gnuboard4/adm/img/pill/auto_n.php
uriveservicecenter.com/gnuboard4/adm/img/ttt/auto_n.php
vkoreaent.com/adm/mail/img/poll/auto_n.php
yunwoo-tech.com/gnuboard4/adm/img/ttt/auto_n.php
zurifilm.com/gnuboard4/adm/img/ttt/auto_n.php
/adm//mail/img/pill/auto_n.php
/adm/img/poll/auto_n.php
/adm/mail/img/poll/auto_n.php
/gnuboard4/adm/img/pill/auto_n.php
/gnuboard4/adm/img/poll/auto_n.php
/gnuboard4/adm/img/ttt/auto_n.php
/gnuboard4/adm/img/ttttt/auto_n.php
/gnuboard4/adm/mail/img/auto_n.php
/gnuboard4/bbs/adm/img/pill/auto_n.php
/gnuboard4/lib/pill/auto_n.php

# Reference: https://twitter.com/lazarusholic/status/1768842172332409052
# Reference: https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247495843&idx=1&sn=7965885f6dc8503c7fc49b7002816d13&chksm=f9c1c3aaceb64abcf4ee0b127600eed9c4013a3aaa1a7af7fb3d222b9264b365eed9fb475028&scene=178&cur_album_id=1915287066892959748#rd
# Reference: https://www.virustotal.com/gui/file/ec2289a3a53f7979c88d17eb20fed48ba79a9ff7ee448a0dc7c7d2e5a21a2338/detection

http://165.154.230.24
ba-reum.co.kr/adm/status/down/
ba-reum.co.kr/adm/status/down/lib.php
ba-reum.co.kr/adm/status/down/show.php

# Reference: https://www.virustotal.com/gui/ip-address/64.176.228.101/relations

nhwmcis.cloud
account.nhwmcis.cloud
view.nhwmcis.cloud

# Reference: https://www.virustotal.com/gui/ip-address/158.247.201.192/relations

hometaxctrl.online
hometaxsc.site
nidsign.info
nidsigns.info
ntsapp.space
ntscarts.site
ntsctrls.site
ntscustoms.store
ntsgroups.site
ntshelps.site
ntslogin.shop

# Reference: https://www.virustotal.com/gui/ip-address/156.67.74.68/relations

nts-notics.site

# Reference: https://www.virustotal.com/gui/ip-address/145.14.153.49/relations

nts-notice.online
ntshomes.online

# Reference: https://twitter.com/blackorbird/status/1770708478908141762
# Reference: https://asec-ahnlab-com.translate.goog/ko/62117/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

http://210.16.120.210
fitting-discrete-lemur.ngrok-free.app
real-joey-nicely.ngrok-free.app
minish.wiki.gd

# Reference: https://www.genians.co.kr/blog/threat_intelligence/dropbox

aymdtt.co.kr
dddon.kr
gbionet.com
iso3488.co.kr
regard.co.kr
strehab.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.175/relations

custom-center.online
ntsauth.info
ntsauth.site
ntsauth.shop
ntscheck.info
ntscheck.site
ntsxhome.site
ntsxhome.space
safe-guard.world
accountkkcdn.ntsxhome.space
accounts.ntscheck.info
accounts.ntsxhome.space
daumcdnkakao.ntscheck.info
daumcdnkakao.ntsxhome.space
stat_tiarakakao.ntscheck.info
stat_tiarakakao.ntsxhome.space
t1_daumcdnkakao.ntscheck.info
t1_daumcdnkakao.ntsxhome.space
tiarakakao.ntscheck.info
tiarakakao.ntsxhome.space

# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.62/relations

hometaxnews.site
ntsadv.shop
ntsapp.shop
ntshome.shop
ntspage.shop
ntsreview.shop
ntsreview.site
naver.hometaxnews.site
smtp.ntspage.shop

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.180/relations

hometaxpost.site
ntsactive.store
ntsmail.shop
securemails.site

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.85/relations

ntsposts.shop
wetax-app.store
wetax-news.store
wetax-post.shop
wetaxnews.store
wetaxpost.site

# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.144/relations

custom-centre.site
hometaxalert.site
nts-mail.shop
ntsactive.shop
ntsemail.shop
ntsmails.shop
ntsposting.shop
ntstax.shop

# Reference: https://twitter.com/Cyberteam008/status/1782322894649045403

centes.info
documentview.site
memberslogin.info
paintboard.icu
rememberesapp.info
taxsevices.online
tradingvievv.website
usermanagers-confirmation.site
userscheck.info
zebracalculator.cloud
cc.ntsoffer.shop
emv1.memberslogin.info
emv1.npscmd.site
emv1.ntsxhome.site
gov.taxsevices.online
lcs.ntsapps.space
lcs.ntsoffer.shop
naver.hometaxctrl.online
naver.ntsapps.space
naver.ntsoffer.shop
naver.ntsoffer.site
oatviemv1.npsnews.website
outlook.memberslogin.info
outlook.usermanagers-confirmation.site
qkbimemv1.npsnews.website

# Reference: https://twitter.com/asdasd13asbz/status/1783715045576421574
# Reference: https://www.virustotal.com/gui/ip-address/152.32.243.152/relations

nabsouer.store
nasaer.online
nasaer.pro
accountsmil.nasaer.pro

# Reference: https://twitter.com/tiresearch1/status/1783772091827048670
# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.167/relations

nts-views.shop
wetax-app.shop
wetax-app.site
wetax-app.space
wetax-news.shop
wetax-news.space
wetaxapp.site
wetaxnews.shop
wetaxnews.space
wetaxpost.shop
wetaxpost.space

# Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations

wetax-app.cloud

# Reference: https://twitter.com/peterkruse/status/1783780154407354370
# Reference: https://www.virustotal.com/gui/ip-address/101.36.114.180/relations

cblmq.space
dretubvcn.cc
gkjoiup.store
gmasalk.store
gnodona.store
gplokio.site
jaasdvc.cc
jsgqkjz.cn
kadaomal.site
npmhxx.top
oknghbvn.cc
zzddwzm.cn

# Reference: https://twitter.com/ValidinLLC/status/1783799879422050349
# Reference: https://twitter.com/ValidinLLC/status/1783802467987144777
# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.216/relations
# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.152/relations

credtmail.site
flyasiana.online
koreaair.site
koreaair.store
koreanairs.site
koreansair.shop
koreansky.site
nts-mail.xyz
ntsapps.shop
ntscheck.org
ntsmail.xyz
ntsmailers.site
ntsmailers.space
ntsmailings.shop
ntsmailings.store
rememberapp.info
rememberapp.shop
rememberapp.space
wetaxmailer.shop
wetaxmailer.site
wetaxnote.site
cc.ntsmailings.shop
lcs.ntsmailings.shop
mail.ntsmailings.shop
naver.ntsmailings.shop

# Reference: https://twitter.com/ValidinLLC/status/1785403121323090320
# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.75/relations

koreaair.shop
linkedlri.cloud
nexons.shop
saramin.site
wetax.online
wetax-check.site
wetax-check.space
emv1.koreaair.shop
emv1.linkedlri.cloud
emv1.nexons.shop
lcs.koreaair.shop
naver.koreaair.shop
ww1.wetax.online
ww12.wetax.online
ww7.wetax.online

# Reference: https://twitter.com/ValidinLLC/status/1785405519684923887
# Reference: https://app.validin.com/detail?type=ip&find=91.236.230.63#tab=resolutions
# Reference: https://www.virustotal.com/gui/ip-address/91.236.230.63/relations

home-id.me
indeed-main.info
linkedlri.cloud
linkedlri.info
moneysupersmarket.info
octopurs.energy
revoults.online
tradingsveiw.com
trandingveiws.com

# Reference: https://twitter.com/ValidinLLC/status/1785409099397583043
# Reference: https://app.validin.com/detail?type=ip&find=27.255.81.112
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.112/relations

ac.dll.r-e.kr
accountsmil.mysnu.info
alert.wiki
corn.city
daurn.in.net
dll.r-e.kr
dnmil.mysnu.info
dongfan.r-e.kr
erro.live
kgrnail.cloud
kmr.o-r.kr
mail.alert.wiki
mb.newspaper.o-r.kr
md.kmr.o-r.kr
md.notebook.n-e.kr
messge.info
mybox.website
mysnu.info
nabercorp.download
navkatok.eu
nehelp.es
newspaper.o-r.kr
hani.nabercorp.download
nid.navkatok.eu
nislo.life
notebook.n-e.kr
olpop.store
ps.newspaper.o-r.kr
relogin.pro
sd.kmr.o-r.kr
up-api1-kage.mysnu.info

# Reference: https://twitter.com/cyberwar_15/status/1788723681981776203
# Reference: https://www.genians.co.kr/blog/threat_intelligence/facebook
# Reference: https://www.virustotal.com/gui/file/0edde253fb0ade6700fdeb278b33eeecfd470e4fc72503158854f3a18ee5665a/detection

rapportdown.lol
brandwizer.co.in
makeoversalon.net.in

# Reference: https://twitter.com/blackorbird/status/1790589046663889113
# Reference: https://mp.weixin.qq.com/s/5dYkd9ZpjllHoUK31DywJg

nid.oksite.eu

# Reference: https://x.com/asdasd13asbz/status/1791390914038149339
# Reference: https://www.virustotal.com/gui/ip-address/94.131.120.80/relations
# Reference: https://www.virustotal.com/gui/file/ce97a3e7a8c964a3300ebc940fdbed335c55f008afafc5cfc3f6661b5a5a4446/detection
# Reference: https://www.virustotal.com/gui/file/3314b6ea393e180c20db52448ab6980343bc3ed623f7af91df60189fec637744/detection
# Reference: https://www.virustotal.com/gui/file/24a42a912c6ad98ab3910cb1e031edbdf9ed6f452371d5696006c9cf24319147/detection

uberlingen.com
download.uberlingen.com
dihl-defence.o-r.kr
uberlingen.n-e.kr
viewers.r-e.kr
ecloud.uberlingen.n-e.kr
online.viewers.r-e.kr
share.dihl-defence.o-r.kr

# Reference: https://x.com/MichalKoczwara/status/1792925748568756258

216.189.159.34:443

# Reference: https://www.virustotal.com/gui/ip-address/216.189.159.34/relations

ac0unt.p-e.kr
altool.p-e.kr
app.awiki.org
banditool.kro.kr
etherap.kro.kr
etherlab.kro.kr
lincom.co.kr
melony.n-e.kr
nidnhnlogin.kro.kr
nidnhnv.kro.kr
nvcert.kro.kr
onedriver.n-e.kr
serviceinfo.p-e.kr
slmgr.r-e.kr
telegramer.n-e.kr
yes24service.n-e.kr
app.lincom.co.kr
login.etherap.kro.kr
login.etherlab.kro.kr
m.nidnhnlogin.kro.kr
m.nidnhnv.kro.kr
nid.nhncert.p-e.kr
sign.ac0unt.p-e.kr
sign.nvcert.kro.kr

# Reference: https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html
# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage
# Reference: https://www.virustotal.com/gui/file/30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213/detection

http://216.189.159.34

# Reference: https://x.com/1ZRR4H/status/1793873968471970214
# Reference: https://www.virustotal.com/gui/ip-address/67.217.62.219/relations
# Reference: https://www.virustotal.com/gui/file/cca1705d7a85fe45dce9faec5790d498427b3fa8e546d7d7b57f18a925fdfa5d/detection
# Reference: https://www.virustotal.com/gui/file/5b3cc9cced1ef0cb0bba5549cc2ac09c49ae10554d2409ea16bc5e118d278c15/detection

imagedownload.ignorelist.com
share-defence.uberlingen.com

# Reference: https://asec.ahnlab.com/ko/65918/

http://104.36.229.179
http://38.110.1.69
http://91.228.218.7
103.20.235.113:1433
104.36.229.179:1521
104.36.229.179:53
109.248.151.179:53
45.95.18.100:1433
45.95.18.14:3306
45.95.18.14:53
91.228.218.7:53
aslark.kro.kr
aslark1.kro.kr
devf.n-e.kr
kelton.myftp.org
kepir.p-e.kr
kevinblog.ddns.net
lazor.kro.kr
lfgu.n-e.kr
luvb.n-b.kr
my.shoping.kro.kr
navver.o-r.kr
shoping.kro.kr
w3.navver.o-r.kr
yah00.o-r.kr

# Reference: https://x.com/Syndikalist/status/1795580218524209537
# Reference: https://app.validin.com/detail?find=%3A%3A%3A%22author%22%3A%22MXMMCCCXLV%22&type=raw&ref_id=61b5fc3677e#tab=host_pairs_v2

alphadex.io
blockworks.one
plutonians.tech
tokenworks.io
wanblibang.com.cn
i.wanblibang.com.cn
labs.plutonians.tech

# Reference: https://x.com/MichalKoczwara/status/1795741150675976207

atlanticacouncil.org.youramys.com
atlanticcouncil.youramys.com
drive.wilsoncenter.0rg.us
drive.wilsoncenter.port0.org
drives.youramys.com
mnlp.quest
naververify.p-e.kr
note.iiiii.info
oso-usps.com
signin-ym.quest
uidlogin.o-r.kr
wilsoncenter.0rg.us
wilsoncenter.port0.org

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/2024-05-28-kimsuky-webshell.pdf
# Reference: https://www.virustotal.com/gui/ip-address/220.73.161.81/relations

dgms.or.kr
lkh.co.kr/eng/data/ncdos
lkh.co.kr/eng/data/myid.php

# Reference: https://x.com/ginkgo_g/status/1796111368346636743
# Reference: https://www.virustotal.com/gui/file/0538e16bef5fc9f4ab0ed0b370601ae3bc5d184e75d3be678c98e6a60bf533b9/detection
# Reference: https://www.virustotal.com/gui/file/0538e16bef5fc9f4ab0ed0b370601ae3bc5d184e75d3be678c98e6a60bf533b9/detection

orientedworld.com/wp-content/plugins/health-check/pages/gorgon1/

# Reference: https://x.com/k3yp0d/status/1796124876975071247
# Reference: https://www.virustotal.com/gui/file/c1f1ce81115bed45c594aeeb92adb687bb04478cb40bb9dab538277d0c8cc13e/detection

orbotech.info
customer.orbotech.info
ns1.orbotech.info

# Reference: https://x.com/k3yp0d/status/1796125023570141321
# Reference: https://www.virustotal.com/gui/file/cfdc7747b716be5817ce1bc76decfb3e1b27113545a01558ed97ab5fd024c53e/detection

comisioffline.com
visioffline.comisioffline.com

# Reference: https://x.com/k3yp0d/status/1796125289623244963
# Reference: https://www.virustotal.com/gui/file/e5fbaab1270deb86b419abb348f19c2b9afd6e5c2e151c4d0869f6c5d889e029/detection

visioffline.com

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.7/relations

flyasiane.online
koreanaire.online
nts-check.site
nts-doc.cloud
nts-home.cloud
nts-home.online
nts-korea.cloud
nts-note.cloud
nts-note.site
nts-post.online
ntskorea.cloud
ntskr.site
ntspost.cloud
cc.nts-check.site
cc.nts-home.cloud
cc.ntscheck.org
cc.rememberapp.info
lcs.nts-check.site
lcs.nts-home.cloud
lcs.ntscheck.org
lcs.rememberapp.info
lcs.wetax.online
mail.ntscheck.org
mait.nts-check.site
mait.nts-home.cloud
mait.ntscheck.org
mait.rememberapp.info
mid.ntscheck.org
naver.nts-check.site
naver.nts-home.cloud
naver.ntskorea.cloud
naver.rememberapp.info

# Reference: https://x.com/Cyberteam008/status/1797456640305922243
# Reference: https://x.com/asdasd13asbz/status/1797564135468859613
# Reference: https://www.virustotal.com/gui/file/000e2926f6e094d01c64ff972e958cd38590299e9128a766868088aa273599c7/detection
# Reference: https://www.virustotal.com/gui/file/cca1705d7a85fe45dce9faec5790d498427b3fa8e546d7d7b57f18a925fdfa5d/detection

accounts.login.idm.uberlingen.com
apphelloworld.crabdance.com
download-attachments.mooo.com
en.uberlingen.com
ns1.uberlingen.com
ns3.uberlingen.com
paypal.uberlingen.com
playboys.chickenkiller.com

# Reference: https://x.com/JangPr0/status/1798144205128392774

http://152.32.139.83

# Reference: https://www.virustotal.com/gui/ip-address/141.164.37.141/relations

apideb.site
gmsta.store
lifegoeson.pics
ntskorea.online
ntsmsg.online
uboam.com
apis.lifegoeson.pics
myaccount.lifegoeson.pics

# Reference: https://www.virustotal.com/gui/ip-address/108.181.51.101/relations

fsc-notify.info
kdca.site
kisa-home.site
emv1.kisa-home.site

# Reference: https://www.virustotal.com/gui/ip-address/38.54.88.5/relations
# Reference: https://app.validin.com/detail?find=38.54.88.5&type=ip4&ref_id=37a81bfc5ea#tab=resolutions

custom-team.com
nts-help.cloud
nts-view.cloud
ntsalert.cloud
ntsalerts.cloud
ntsctrl.cloud
ntsctrl.icu
ntsctrls.icu
ntsdoc.icu
ntsdocs.cloud
ntsdocs.online
ntshelp.cloud
ntshelp.icu
ntshelp.online
ntshelps.cloud
ntshome.icu
ntshome.online
ntshomes.icu
ntspost.icu
ntsposts.icu
ntstax.cloud
ntsview.cloud
ntsview.icu
ntsview.online
ntsviews.cloud
cc.ntsalert.cloud
cc.ntsdocs.cloud
emv1.custom-team.com
emv1.nts-view.cloud
emv1.ntsalert.cloud
emv1.ntsdoc.icu
emv1.ntsdocs.cloud
emv1.ntsdocs.online
emv1.ntshelp.icu
emv1.ntsview.icu
lcs.ntsalert.cloud
lcs.ntsdocs.cloud
naver.ntsalert.cloud
naver.ntsdoc.icu
naver.ntsdocs.cloud
naver.ntshome.icu

# Reference: https://www.virustotal.com/gui/ip-address/108.181.51.101/relations

koreansair.cloud
noution.co
ntshome.cloud
ntsmail.cloud
wetaxc.cloud

# Reference: https://x.com/Huntio/status/1827010159597728157
# Reference: https://www.virustotal.com/gui/ip-address/38.60.212.156/relations
# Reference: https://app.validin.com/detail?type=ip&find=38.60.212.156#tab=resolutions

idchecks.online
jma-earthquake.info
kuronekoyamarto.shop
nortions.info
odhistory-shopping.info
paypay-corp.info
rakutean.info
traningviews.com
userschecker.com
usersvalidaition.com

# Reference: https://www.virustotal.com/gui/ip-address/91.236.230.63/relations

linkdlri.site

# Reference: https://x.com/asdasd13asbz/status/1803944724308595090
# Reference: https://www.virustotal.com/gui/file/2c3066d84a1942c8a7d0873d6863e47b73dca05a07283e52e567533447a7afc9/detection
# Reference: https://www.virustotal.com/gui/file/4dfc09bfab1e813c8122d6f8c3d83966346fe676464497ce100e8c385fe5e5f9/detection

image.ionexusa.com

# Reference: https://twitter.com/suyog41/status/1725500179829436655
# Reference: https://twitter.com/suyog41/status/1765277622777307566
# Reference: https://x.com/malwrhunterteam/status/1805282813819699452
# Reference: https://www.virustotal.com/gui/ip-address/47.244.44.175/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.221.191.170/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.133.51.91/relations
# Reference: https://www.virustotal.com/gui/file/4ceb53129adc4783ff5510c7279c655d6451d52353d41b8cedc7873902a0caf6/detection
# Reference: https://www.virustotal.com/gui/file/dd2b2215977ca4822769a16487e4c22b331ac1fb09791cbde6ee98ae72408137/detection
# Reference: https://www.virustotal.com/gui/file/57b7c01f1ce238d2aa37c62d5c09bb35894798bdb3412e7588204838f2705ddb/detection

accounts.hgfdsa.cloudns.cl
accounts.qocqle.cloudns.cl
asgasfe.online
attachnent.online
bnbn.online
bnbnmdownl.tech
cbcbupdownload.tech
cvcv.online
cvcv.tech
datadown1.shop
dcfvgb.space
derftg.space
dfdf.website
dfgrwe.shop
docunemt.online
donwfileupton.fun
downloadfum.shop
downloadmar.online
edcrfv.tech
ertrfvcvb.fun
filenal.cloudns.cl
gdfeud.online
ghjklf.space
goqgoqle.space
hgfdsa.cloudns.cl
hyrfbg.shop
jmujyh.shop
kgisdsjd.online
kijuyh.online
lendborrow.online
loadfiledown.shop
logendownlaod.shop
logginnld.tech
lokiju.space
mangole.space
markumin.shop
mauernid.space
mauri.website
mjhngb.online
mnbmnb.fun
myclean.fun
myhappy.online
naaaver.online
naaverr.space
nadaral.shop
naders.online
naevuer.website
naeyver.shop
namavr.online
nauver.space
navam.online
navav.online
navev.cloudns.cl
navor-cloud.tech
naxxer.space
nbmndonwload.tech
nbnb.online
nbvcxz.online
neuver.online
neyvaer.online
nghjuy.online
nhjmbg.online
nhygvb.space
nhytgb.space
nid.navev.cloudns.cl
njikmh.space
nldlogdowload.tech
nldloggin.online
nldloggin.tech
nldnldlog.shop
nmnm.online
nmnmdown.tech
nnnnaver.online
nocver.online
nsupersend.online
nvavar.shop
nvhfgt.shop
nwenwe.online
oknjiuj.shop
olkimj.online
poiujk.online
qazwsxedc.tech
qocqle.cloudns.cl
qoooglle.space
qwaszx.space
rfvdfgcvb.online
rtgfhy.online
rtrtdown.online
samsungcoard.tech
seural.online
signonsuccess.website
sporiyt.space
tgbhuj.shop
tgbhuy.online
tsetes.online
ujgtyh.online
upblt.tech
utut.online
vbfhgy.online
vbnfhg.space
vbvbdownload.tech
vfhby.online
vjfhan.online
vnbhfg.space
vnvnupload.website
vvfbgnh.online
wsedfr.shop
wsx.filenal.cloudns.cl
wsxedcrfv.fun
xbxbonwer.fun
yghjhy.online
yhnujm.tech
ytytdown.shop
yuyudownload.tech
yuyuinfu.website
yyttiidown.online
zsedcx.shop
zxcasd.fun
zxzx.website
/tlee43/bad/info.php
/tlee43/bad/shake.php
/tlee43/bad/welcome.php
/tlee43/good/common.php
/tlee43/good/redirect.php
/tlee43/bad/
/tlee43/good/

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.231/relations
# Reference: https://app.validin.com/detail?find=61.97.251.231&type=ip4&ref_id=e9b6d4dff01#tab=resolutions

cloudkr2net.website
etrcompug0nar.online
gccqle.online
gukminhealthkr.fun
klepler0ncoprs.tech
korbklineducat9.tech
korbookgrpsio.website
kordom2userna.website
koredunegukminc.website
maboosk5kstores.site
nalrmkorbooks.online
ncloud2usernet.tech
nedfiuser2enfos.shop
nkedunemunso.tech
nkrcloudguardteam.online
nohauwebse2c.online
normkpbost7nets.website
pnidlibnor2in.tech

# Reference: https://www.virustotal.com/gui/ip-address/31.172.83.193/relations
# Reference: https://app.validin.com/detail?find=31.172.83.193&type=ip4&ref_id=e9b6d4dff01#tab=resolutions

qccggle.online
qcocgle.online

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.142/relations
# Reference: https://app.validin.com/detail?find=27.255.75.142&type=ip4&ref_id=140fa1f1335#tab=resolutions

gccqqle.shop
qscesz.online
qwoasd.online

# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.118/relations
# Reference: https://app.validin.com/detail?find=27.255.81.118&type=ip4&ref_id=4b8862d4e94#tab=resolutions

aa10pdpaoaiajidjaoaisdf.cfd
aa12aodoiaaa.cfd
aa13diaoaoaa.cfd
aa14daiaoao.cfd
aa17aiaiaia.cfd
aa18aiaoaoa.cfd
aa19doaoaooa.cfd
aa1aiadozieaizoao.cfd
aa20aoaoaoal.cfd
aa2aiaoaoeia.cfd
aa3aiaozooaisodfa.cfd
aa4aoiaopaasdf.cfd
aa5aiaoaozidoasfasdf.cfd
aa6daodaoaioasdf.cfd
aa7aoaopaoaoai.cfd
aa8paoaoaoa.cfd
aa9aiaoaaiasdf.cfd
ariws01zvxjdrsvzedffqi.cfd
ariws02giqfxumjxuoyojs.cfd
ariws03dlercwhswciprbz.cfd
ariws04ciupnrvtmmpleug.cfd
ariws05qvlpfvkicwswhir.cfd
ariws06uvkhbudwtmiskxm.cfd
ariws07tskaxqbldgfboau.cfd
ariws08ulkzkfldvyktpdb.cfd
ariws09eihlbfbkfscjhnd.cfd
ariws10pgbblhmtrdnujlg.cfd
ariws11wujsjiawatdxzfo.cfd
ariws12kfmyhpbtgtndsaw.cfd
ariws13pzfsmcluqludcrq.cfd
ariws14hjbkrurxibvvxqg.cfd
ariws15buvwpdvmziqjzpi.cfd
ariws16uabsjyajcmxklpe.cfd
ariws17kuoodsqmymkufok.cfd
ariws18sadzgpynckifkak.cfd
ariws19zamcgwecynzhyfg.cfd
ariws20kjdcyvhvharvwrh.cfd
ariws21abnhykvrpirubon.cfd
ariws22hyxsqdmdgwjuvnt.cfd
ariws23rgxmjoqjakerxqn.cfd
ariws24wwamnanmzclaenj.cfd
ariws25xmwzpcgsguzsvou.cfd
ariws26fkvxifinsviibjp.cfd
ariws27kiyehrgblkruivh.cfd
ariws28zjrsajxttjebnmo.cfd
ariws29wqaudmoizxvunob.cfd
ariws30edzwovygrcspyvq.cfd
ariws31jmdntppbxxhcrfv.cfd
ariws32ceiiulbglmaahot.cfd
ariws33yowjpcjsfjxrazp.cfd
ariws34biyttxflolzcfcz.cfd
ariws35vyywatidjxzjcdl.cfd
ariws36mclblzorliuypaa.cfd
ariws37fapktteeivlxgtg.cfd
ariws38sdgiwdtcosubwut.cfd
ariws39dohaxbtelmiwnsh.cfd
ariws40uwcurwqmpgidbco.cfd
ariws41zmtumvmcnciafel.cfd
ariws42rejrodigsiwhxqg.cfd
ariws43dlfjrcnnkbiqozi.cfd
ariws44cvdzyjdzaeyciet.cfd
ariws45jowzuxkwkhgebra.cfd
ariws46vymtjprzzwviyio.cfd
ariws47gghitommsmoybwv.cfd
ariws48buydzllhzsiwzcw.cfd
ariws49tkfeualaxabvsoh.cfd
ariws50ccjzkhscsrcfotf.cfd
cdadifjaisdfzczc.cfd
comsysmails.store
gocoqie.online
ko01qityghlwig.cfd
ko02jybsjqlpyn.cfd
ko04trojuznwsm.cfd
ko06eeptqbmfnr.cfd
ko07vacfsdpcoq.cfd
ko08jzwnaoedpm.cfd
ko10qlcxozjrwj.cfd
ko11gkcgqbqoqw.cfd
ko12yexuzzkeso.cfd
ko13xgppzphhim.cfd
ko14bvbgmnfvzd.cfd
ko15cllpujiupe.cfd
ko18vqhzlwhshg.cfd
ko19owzlqmxgus.cfd
ko23qxjacebvfk.cfd
ko24etamedjlqr.cfd
ko25rkpvhuauis.cfd
ko26nalkkgujnt.cfd
ko29xntwgnrcok.cfd
ko30ijxrbfjggj.cfd
ko31frapiemowm.cfd
ko32wvpmnfgroe.cfd
ko33dracnweqdl.cfd
ko35nsirpnrdab.cfd
ko40szhgeshfdo.cfd
ko41njtsjvbkom.cfd
ko42iuktuybape.cfd
ko43giztrpcktk.cfd
ko44hmfsnselmh.cfd
ko46eipmxwonxj.cfd
ko48nkrwzmfmol.cfd
ko49aghyojnkya.cfd
ko51nwjdwelibh.cfd
ko53xcfoyckbis.cfd
ko54hnafuwhfzf.cfd
ko55rexazhdrma.cfd
ko56pkqussapan.cfd
ko58lgfntbrvas.cfd
ko59iaogyiuaaw.cfd
kor01egxkz.cfd
kor02dunte.cfd
kor03jataw.cfd
kor04yzdvd.cfd
kor05yjzeu.cfd
kor06jsqpw.cfd
kor07wrwne.cfd
kor08gwusi.cfd
kor09tcrah.cfd
kor10dxzky.cfd
kor11sszif.cfd
kor12gqpdh.cfd
kor13ungli.cfd
kor14kyvbc.cfd
kor15risls.cfd
kor16wmomj.cfd
kor17zumlp.cfd
kor18dknuw.cfd
kor19diqpv.cfd
kor20qwsef.cfd
kor21fqchu.cfd
kor22qdzky.cfd
kor23xtrky.cfd
kor24snetf.cfd
kor25hggvo.cfd
kor26varwt.cfd
kor27degfw.cfd
kor28dtbhm.cfd
kor29fomjp.cfd
kor30iiqyl.cfd
kor31pkyxq.cfd
kor32ktdqh.cfd
kor33ribih.cfd
kor34ejnkt.cfd
kor35thlgq.cfd
kor36lrypb.cfd
kor37tssyz.cfd
kor38dxfja.cfd
kor39gsoxl.cfd
kor40vgpfg.cfd
kor41cfoyq.cfd
kor42qotfi.cfd
kor43hqrct.cfd
kor44vxglk.cfd
kor45aynqg.cfd
kor46lyilv.cfd
kor47ebgqm.cfd
kor48thfrn.cfd
kor49kkymr.cfd
kor50jeftg.cfd
kor51fochj.cfd
kor52jqczw.cfd
kor53fmvtf.cfd
kor54fmhga.cfd
kor55loxvl.cfd
kor56kekqa.cfd
kor57ejelv.cfd
kor58mkltc.cfd
kor59xsjqw.cfd
kor60pqyck.cfd
kor61owapf.cfd
kor62fgliw.cfd
kor63kdsij.cfd
kor64jymgj.cfd
kor65wrfhw.cfd
kor66ghlvn.cfd
kor67dngai.cfd
kor68motks.cfd
kor69dbcrm.cfd
mz02laebnrqdil.cfd
mz03vjsehtrzae.cfd
mz04cgaqwfwtlx.cfd
mz05asbcdbjpka.cfd
mz06kelmrrmpyd.cfd
mz07szmojwevos.cfd
mz08frapjgnqma.cfd
mz09lgxmbracnq.cfd
mz10zjhrdpnyun.cfd
mz11jffyqffmxq.cfd
mz12zmpdmfjqem.cfd
mz13axibvekakc.cfd
mz14qeddpsisjs.cfd
mz16epnaegduwj.cfd
mz18cvnogwwvok.cfd
mz19krypimesfs.cfd
mz22ptetqijnzt.cfd
mz23rayhevpjwk.cfd
mz24vaaxlyoayq.cfd
mz25yjhthlhoml.cfd
mz26yxcifcrmyy.cfd
mz27vaimurucxb.cfd
mz28mhnrfymryd.cfd
mz31xcmdpujwbj.cfd
mz35nzjuqhwukk.cfd
mz36eiovaujpdk.cfd
mz38lsgkadzole.cfd
mz40vdypwfjcec.cfd
mz41khhehgnqxt.cfd
mz43tltxpmvhmg.cfd
mz45xjtnpixlwe.cfd
mz46rsfxsbifvr.cfd
mz47mkgwpygzzg.cfd
mz49cywkcvpngo.cfd
mz50hxzzkoxsre.cfd
naccountsservice.store
nasdjf.shop
nbjfhg.online
nbvcxz.shop
ncmails.store
ncnetman.store
ncomails.store
ncomonline.store
ncomorgan.store
ncomsec.store
ncomsecury.store
ncomsmal.store
ncomstay.store
ncomsystem.store
ncoremail.store
ncosec.store
ncteams.store
ncustomerservice.store
neeuoer.shop
netcoms.store
netdaily.store
netfray.store
netmails.store
netonlines.store
netsay.store
netsecuremails.store
netsecures.store
netshoot.store
netsmail.store
netsonline.store
nk10aoidoaooze.cfd
nk11aidozud.cfd
nk12aidoaieuq.cfd
nk13aidoaiei.cfd
nk14aoeiqoeia.cfd
nk15aoaieiqoadfa.cfd
nk1aidoqiwoa.cfd
nk2aidoaoeaiz.cfd
nk3aidoqiea.cfd
nk4iaodiqueia.cfd
nk5aieoaieoqiea.cfd
nk6auduaieuq.cfd
nk7aoeiqoqia.cfd
nk8eiqoaidjia.cfd
nk9aoaicyuaoize.cfd
nm01smgjhdstbc.cfd
nm02oaldlkaltw.cfd
nm03otlhirkjyk.cfd
nm04fdqkqfoisx.cfd
nm05lxekvcezyd.cfd
nm06htbqwvjzbe.cfd
nm07upuqvjbzui.cfd
nm08xyfuxejgpi.cfd
nm09eqbpddgdkm.cfd
nm10tsmdqnusnt.cfd
nm11jnvczetugz.cfd
nm12lgrobcqjtv.cfd
nm13csgopffsqy.cfd
nm15izojzirfra.cfd
nm16ngrefwqqnk.cfd
nm17flcsifqlpv.cfd
nm18wpdyadmihy.cfd
nm19cveemhthlg.cfd
nm20lcjfqfsior.cfd
nm21hswykgacuf.cfd
nm22jznrsfpzqn.cfd
nm24hcdllclerk.cfd
nm25tzowdnkooq.cfd
nm26qvvtkarnpx.cfd
nm28sgrwrfowpi.cfd
nm29kyahmrdeyd.cfd
nm30eyeklqiiut.cfd
nm31rizlkwqlyi.cfd
nm32kvowhgnhln.cfd
nm33tvccqxhcdx.cfd
nm34mxsakppgsm.cfd
nm35mcbmsaelkb.cfd
nm36yjhxwvedon.cfd
nm37pefkonwehe.cfd
nm38hrpdgnjbwl.cfd
nm39zwjakqatvw.cfd
nm40zzbyragwhi.cfd
nm41ordbvdfgzo.cfd
nm42jumxllebxu.cfd
nm43vyihguzlbg.cfd
nm44dtrmdoqmkz.cfd
nm45xdyizhdgsp.cfd
nm46vbulyzvdmx.cfd
nm47puvgnjfnby.cfd
nm48zilqjymzyt.cfd
nm49ybrhrlwfbu.cfd
nm50ehfkarwclr.cfd
nm51micvyomaas.cfd
nm52zwgwyfzeyc.cfd
nm54bnfsusgxky.cfd
nm55qippqtwybl.cfd
nm56ofqsrkhfnd.cfd
nm57dhyolfqtbg.cfd
nm58cbhdvpytjs.cfd
nm59vpttusqvtp.cfd
nm60ofssyzxvam.cfd
nm61dssbibjiwe.cfd
nm62nintyiqxmy.cfd
nm63bfmwlsbcyp.cfd
nm65zwbnoctxwk.cfd
nm66zctslerrex.cfd
nm67iwsqkzwmpp.cfd
nm68rjilxbcfgw.cfd
nm69hqkzgkgmtl.cfd
nm70ujgorztewl.cfd
nmailday.store
nmailers.store
nmailhostsecurity.store
nmailhostserver.store
nmailhostservice.store
nmailonlinecomhost.store
nmailonlineserverhost.store
nmailorg.store
nmailsecure.store
nmailserveronlinehost.store
nmailserveronlinehostcom.store
nmailserveronlinehosting.store
nmailseureteam.store
nmailsorig.store
nmailsupport.store
nmailteam.store
nmailweb.store
nmanagers.store
nnoticemail.store
nonlinesupport.store
ns10daiaodasfjie.cfd
ns11aieoakz.cfd
ns12idozoialz.cfd
ns13zidozldiaoer.cfd
ns14aidozalzia.cfd
ns15aoaozidioa.cfd
ns16aizodoiao.cfd
ns17aidoaozid.cfd
ns18aiodzodia.cfd
ns19aoapzoa.cfd
ns1aieoqoweiruioqwueasdoif.cfd
ns20aidozlia.cfd
ns2aiaoeiqoeiasodfjzclao.cfd
ns3aidoemkazoeoa.cfd
ns4dioaieapzpodoaer.cfd
ns5dizozodifuiaoisdfa.cfd
ns6aoepqoerpoaskosdf.cfd
ns7ajiaisodier.cfd
ns8doapeopqkopkeaer.cfd
ns9diaoeia.cfd
nsecmail.store
nsecman.store
nseconlines.store
nsecurely.store
nsecuremail.store
nsecureman.store
nsecures.store
nsecuresupport.store
nsecwebman.store
nsemail.store
nsmailer.store
nsonlines.store
nsteam.store
nsteamanger.store
nvcenter.store
nvcom.store
nvcomanager.store
nvcomaner.store
nvmail.store
nvmails.store
nvmanager.store
nvsays.store
nvschain.store
nvscom.store
nvsecmail.store
nvsecteam.store
nvsecure.store
nvsigned.store
nvsigner.store
nvsmailnet.store
nvsmails.store
nvsmailsnet.store
nvsmailteam.store
nvsmanage.store
nvsonlines.store
nvsonlinesec.store
nvteam.store
nvteamager.store
nvteamer.store
nvvxxer.online
op02pidpaqahru.cfd
op03aqldxpgpyw.cfd
op04kelwnhpjzn.cfd
op05vysgiinztz.cfd
op06akfgqadvwk.cfd
op08ofovsbxrgx.cfd
ourcalendarupdate.cfd
qcxqocle.online
qoocqlle.online
qsdifgle.online
quugule.online
securityonsupport.store
wons01hezzpccnislznqz.cfd
wons02ffbrgaxulkoqzvm.cfd
wons03lyjogycxouwmuec.cfd
wons04ciyslfofhklxfor.cfd
wons05xfqatsjvhwchxdk.cfd
wons06zsxfguzxztxcreb.cfd
wons07kkpzgtabwwsjeru.cfd
wons08glvivipryhvmcrg.cfd
wons09sfcsrbdmshsuzus.cfd
wons10tedhbwdjuxmkojm.cfd
wons11mobxbsfxndfxcba.cfd
wons12aodenvcftaltrad.cfd
wons13mmkovrtfuchxkas.cfd
wons14jgbjgyvhqbifgaq.cfd
wons15cdnhdirntfegghq.cfd
wons16fsfpjbkirpncuwq.cfd
wons17rofbierzqfnqmal.cfd
wons18rlggdgeqnineihb.cfd
wons19riisybjyliadrzc.cfd
wons20adqzvgjyttorksp.cfd
wons21yiwipewhbokivhs.cfd
wons22kyrtnalquvnocwp.cfd
wons23gkytchpvyvhorjg.cfd
wons24cvdvycuiaokmhcs.cfd
wons25oybyhqajnbhnutg.cfd
wons26giyraqhqibenkoq.cfd
wons27hnaamwsdzhbvavc.cfd
wons28wgpbtnwfnysjczu.cfd
wons29bautopribwdsqkg.cfd
wons30rugavoilbfpgaiu.cfd
wons31avwadxfwfuodqmi.cfd
wons32cssfyrzmbnvxzai.cfd
wons33vdynupwabkqhiso.cfd
wons34jkgdhotltsjhury.cfd
wons35vcentaelvnemjdg.cfd
wons36ahnufsoprdmiocc.cfd
wons37plyotjchbszxjdn.cfd
wons38weuhgopwrohobaz.cfd
wons39lcvcjgyolzkjlqr.cfd
wons40shhjgashawiwmra.cfd
wons41pmisibdadylijft.cfd
wons42bsptbzpwreegfyp.cfd
wons43tikhdojbjzsgjqp.cfd
wons44gzgypxyumdbtbcl.cfd
wons45xtzpxsfsiixmwio.cfd
wons46riitffqnentdren.cfd
wons47xriaacgjfphixiv.cfd
wons48twhqqplegzqsabo.cfd
wons49qoqimyyjtcfvlra.cfd
wons50ijquqwnlvjkdhql.cfd
ccsol.nmailonlineserverhost.store
lcssol.nmailonlineserverhost.store
nidsim.nmailserveronlinehosting.store
nidsol.nmailonlineserverhost.store
sslsol.nmailonlineserverhost.store
staticnidsol.nmailonlineserverhost.store
wwwsim.nmailserveronlinehosting.store

# Reference: https://x.com/Cyberteam008/status/1805796115196883025

ahxsrbbs.ondepedalar.com
askuser.o-r.kr
askuser.p-e.kr
attach.cbu.net
authsecond.diskedge.o-r.kr
auththird.diskedge.n-e.kr
bigfile.pkzz.org
contactus.kstar.us
daumalert.r-e.kr
discus.p-e.kr
diskedge.o-r.kr
fontstore.ix.tc
gmx.networkguru.com
id.ionexusa.com
imageproxy.p-e.kr
informat.mylogin.p-e.kr
interception.computersforpeace.net
joien.iiiii.info
linkdein.linkin.tw
linkedin.hs.vc
linkedin.ix.tc
linkedin.r-e.kr
logins.microacces.ro
logo.imageproxy.p-e.kr
mast.csproject.org
microacces.ro
mylogin.p-e.kr
n-drive.o-r.kr
nasa.home.kg
natemall.farted.net
naver.company.09614082-c6ef-4ddd-9ebd-f25cf423492f.suporte.n-e.kr
neimat.r-e.kr
nid.naver.company.09614082-c6ef-4ddd-9ebd-f25cf423492f.suporte.n-e.kr
nkfkbwebdisk.corisco.ind.br
nosparn.askuser.o-r.kr
nosparn.askuser.p-e.kr
pkzz.org
ssoverify.discus.p-e.kr
steam.soon.it
suporte.n-e.kr
veradom.p-e.kr

# Reference: https://x.com/asdasd13asbz/status/1806561339604877609
# Reference: https://www.virustotal.com/gui/file/4f9ef9f4b90d8e0928a36369e90d912b1f4a3b5afc173cddecb1790aa06cdc74/detection

komico.or.kr
market.gumi.go.kr
airgreensystem.com/DB_command/gallery/bbs_list.php
/DB_command/gallery/bbs_list.php
/eng/sub3/index8.asp
/m/sub1/sub5.asp

# Reference: https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia
# Reference: https://www.virustotal.com/gui/file/d78e83f97f400660ec157fbcfb5a98e2514ff6ca6a5a20edd651dcaada469b02/detection

jinakoa.000webhostapp.com
ney.r-e.kr
onewithshare.blogspot.com
sdfa.liveblog365.com
webman.w3school.cloudns.nz

# Reference: https://x.com/asdasd13asbz/status/1808047304714473623

evangelia.edu/img/503/outlook/1outlook
evangelia.edu/img/503/outlook/2outlook

# Reference: https://www.virustotal.com/gui/ip-address/104.194.152.22/relations
# Reference: https://www.virustotal.com/gui/file/557a99a746bb1d89189f6c12fe5fb756f17e2778523dd2e6521781bcc159ff6e/detection

104.194.152.22:7744
cctestname.cfd
freeserver.buzz
goverteamsol.shop
kyzservice.cfd
luzin.site
mstallsys.shop
nservercom.store
pannaservice.cfd
pbakaservice.cfd
pgfox.online
pkakaservice.cfd
pkikatona.cfd
pkikiservice.cfd
pkingtiger.cfd
pkokakoku.cfd
pkolaservice.cfd
psonaservice.cfd
ptitanoa.cfd
repairservice.store
sajadzebel.online
sycnoiewe.shop
syncallinfo.site
teamgover.shop
wasday.online
weoinsdsoia.shop
wiausbe.shop
wolfcalender.cfd

# Reference: https://x.com/JangPr0/status/1810167039627346003
# Reference: https://www.virustotal.com/gui/file/78eeed270b399bc426ca67b22bf89e5e41d3abb7403a0a1dfa966fac627ca8b0/detection

asdofji.ev
cnb39.com
32984.cnb39.com
asdlfkj.asdofji.ev

# Reference: https://x.com/ValidinLLC/status/1810255376991879575
# Reference: https://www.virustotal.com/gui/ip-address/154.90.62.237/relations
# Reference: https://app.validin.com/detail?type=ip&find=154.90.62.237#tab=resolutions

koreagov24.site
myboxapp.site
ntsapp.cloud
ntsflag.site
ntsform.site
ntslook.site
ntsnotice.online
ntstool.site
ntswide.site
polarisoffice.store
wetaxapp.cloud
wetaxapp.online
wetaxapp.website
lcs.ntsflag.site
naver.ntsflag.site

# Reference: https://www.virustotal.com/gui/ip-address/77.37.34.164/relations
# Reference: https://app.validin.com/detail?find=77.37.34.164&type=ip4&ref_id=e34c346a9be#tab=resolutions

benhammourugs.shop
bestpils.shop
egleoho.online
elitewagers.site
engavomusic.online
flyasiane.cloud
fourterealty.site
gpt-wizard.site
kitchensecrets.online
koreaairs.cloud
miniplantestudio.shop
miniplantestudio.site
moviemoxie.online
ntsalert.online
ntsapp.online
ntsbill.site
ntscom.site
ntsdoc.cloud
ntsdoc.online
ntshosts.site
ntsmsg.cloud
ntsobj.site
ntsoffice.site
ntspay.site
ntsposts.site
ntspro.cloud
ntsref.site
ntsreport.cloud
ntsreport.site
ntsshare.cloud
ntssign.cloud
ntssys.site
ntsteam.cloud
ntstxt.site
ntsuser.cloud
ntsview.shop
ntsweb.cloud
pirie.site
rememberapp.tech
rememberapps.cloud
rememberapps.website
repossessedrides.online
romaninorocosi.online
toptierwager.site
traveliland.site
zipfiledwload.cloud

# Reference: https://x.com/ValidinLLC/status/1810257217091727697
# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.162/relations
# Reference: https://app.validin.com/detail?type=ip&find=154.90.63.162#tab=resolutions

assembly-kr.site
basescan.website
dongwon-mil.site
epeople-kr.site
goocgles.site
kr-gov24.site
main-alarm.space
mois-gov.site
nice-creclit.website
nicecreclit.site
nts-alerts.space
nts-alerts.store
nts-doc.site
ntsnews.online
open-ai.website
qooqlesec.site
wetaxalimi.icu
wetaxalimi.space
autodiscover.ntsnews.online
cdn-0.ntsnews.online
cpanel.ntsnews.online
cpcalendars.ntsnews.online
cpcontacts.ntsnews.online
ecpufitl.open-ai.website
emv1.nicecreclit.site
emv1.ntsapps.site
emv1.ntsapps.store
emv1.open-ai.website
ezmail.ntsnews.online
mail.ntsnews.online
uqslmwpq.open-ai.website
webdisk.ntsnews.online
webmail.ntsnews.online

# Reference: https://x.com/malwrhunterteam/status/1808148631972618263
# Reference: https://www.virustotal.com/gui/file/9c9df2d90602c915005811aabf444653f55024080c61845029f75da758b27320/detection
# Reference: https://www.virustotal.com/gui/file/ee439dbabe7301bdf9d9dfdf01d2c790ab8d8758f05732bb798eb24b2d5054f6/detection
# Reference: https://www.virustotal.com/gui/file/f3a3ee7f757f819ae1ae7fcca8a9d1ad41f2de61328c887c8214651e14ac7777/detection

79.133.56.173:6527

# Reference: https://x.com/byrne_emmy12099/status/1810587547237531827
# Reference: https://www.virustotal.com/gui/file/a100d0e1e83078249a91cca57eaa3f61726a33b3389c3b3b44b2607ec5dfef4b/detection
# Reference: https://www.virustotal.com/gui/file/3f059dae6c24232c16f2ca1af51a1f36413e1a9e8db52976e9f59960417a0564/detection
# Reference: https://www.virustotal.com/gui/file/d2aadc2c69cea62fa451744b5d7d718dcb277b70832424e0c14642c3d5900451/detection

79.133.56.173:6626
79.133.56.173:7003

# Reference: https://www.virustotal.com/gui/file/d8a926f81a900fa9ebf6e1ac0a6e18ba86786ce3dbf812b857bc7dac5667149e/detection

79.133.56.173:5667

# Reference: https://app.validin.com/detail?type=ip&find=79.133.56.173#tab=resolutions

moncieutheeracg.site
nodesferghiwuchpaq.icu
ostruvqopkmlvmxnk.website
projevduwykamc.website
quoticnstyeycvbs.icu
rostranfeiucyghdaf.store

# Reference: https://x.com/Cyberteam008/status/1833694571257278836
# Reference: https://app.validin.com/detail?find=74.50.94.47&type=ip4&ref_id=0a8ef7e1a8d#tab=resolutions

bindmailsvr.website
cnu-ac.website
coliov.shop
ierosc.shop
iosua.online
jipyong.site
nidcrop.online
nsso-snu.icu
oiuvolc.online
olsiop.shop
omlinel.shop
onlinenavecosp.site
opentickcorp.icu
oyesc.store
siteofnidcosp.online
smartmailbox.online
softmailneed.site

# Reference: https://x.com/JangPr0/status/1790925168250118180
# Reference: https://www.virustotal.com/gui/file/21900e37d1184093e2333fe7931a8a5c217aa5fd24cfd7650bc6fadbb31f7d8a/detection

glonalcnielmxc.mywebcommunity.org

# Reference: https://x.com/OpenSecCopilot/status/1811599790427505107
# Reference: https://secai.ai/share?threadId=3f2eb0a3650d4b96878980dd1e9a719b

mail-service.r-e.kr
http-cdoc.mail-service.r-e.kr
http-ndoc.mail-service.r-e.kr
https-cdoc.mail-service.r-e.kr
https-ndoc.mail-service.r-e.kr

# Reference: https://x.com/byrne_emmy12099/status/1811752604046864477
# Reference: https://www.virustotal.com/gui/file/4dcf742b02386c7ed4a2b4582de9bf3f073ef3b92ce6b668e66c504af78a202d/detection

com-coffee.click
smart.com-coffee.click

# Reference: https://x.com/suyog41/status/1813473634519810525
# Reference: https://www.virustotal.com/gui/file/ee088f55e7cbc5d797c5b030f880b96708d86103e60d2e89fbc6b8bf2cdf6130/detection
# Reference: https://www.virustotal.com/gui/file/d79f4ac802c50c40ecdba1aa505ed08e489524d23f7e30cce8599dbf9fcbf520/detection
# Reference: https://www.virustotal.com/gui/file/57ebd0e955497c34ade52f5313305a287a101330f2dbc5808afbf73a829fba64/detection
# Reference: https://www.virustotal.com/gui/file/5214b558c6596c9e9df91c6c0b018bf61970138acb4f9b837e5d25879195cd49/detection

koreaillmin.mypressonline.com

# Reference: https://www.virustotal.com/gui/ip-address/158.247.215.12/relations
# Reference: https://app.validin.com/detail?find=158.247.215.12&type=ip4&ref_id=7e3725cc29c#tab=resolutions

accounts.google-policy.com
accounts.goolqe.com
apis.google-policy.com
apis.goolqe.com
ccnspv.live
content.google-policy.com
content.goolqe.com
drive.goolqe.com
eceenc.cloud
edocs.fnsc-kr.online
edocs.ncc-fs.online
eicslkea.click
eisdfe.space
emsta.xyz
enternhisserver.store
eomnsvc.online
eucids.online
file.goolqe.com
fnsc-kr.online
fnsc-law.art
fnsc-online.site
fssc-edocs.site
fssc-kr.online
fssc-kr.site
fsscloud.store
google-policy.com
goolqe.com
hostingnhisserver.store
hostnhiserver.store
jnhl.online
jnhl.work
myaccount.google-policy.com
myaccount.goolqe.com
ncc-fs.online
ndocs.lat
ndocs.xyz
netnv.site
new.goolqe.com
nvcees.xyz
play.google-policy.com
play.goolqe.com
s1.goolqe.com
sadoces.site
scnvv.store
secns.info
security.google-policy.com
ssl.google-policy.com
ssl.goolqe.com
staticfonts.goolqe.com
staticgoolqe.com
ueicxws.site
verify.security.google-policy.com
view.fscsies.info
viewer.secns.info
visit01aaacwerh2.cfd
visit02aaak3en3r.cfd
visit03aaagh1x8l.cfd
visit04aaaymgzrh.cfd
visit05aaahjwydg.cfd
visit06aaao0bctc.cfd
visit07aaaplouuo.cfd
visit08aaaryy0la.cfd
visit09aaaphotmr.cfd
visit100aaacaoem9.cfd
visit10aaatffptl.cfd
visit11aaaag4dlf.cfd
visit12aaaxej4to.cfd
visit13aaaypgr3v.cfd
visit14aaatmlbkp.cfd
visit15aaaktl6gj.cfd
visit16aaawnicfw.cfd
visit17aaasuiztb.cfd
visit18aaafvqi7t.cfd
visit19aaagxvyhu.cfd
visit20aaaqvbahz.cfd
visit21aaaldpslh.cfd
visit22aaalq0vfo.cfd
visit23aaabat1nt.cfd
visit24aaayfl10e.cfd
visit25aaarg8uqn.cfd
visit26aaaaufw7j.cfd
visit27aaagg9hvv.cfd
visit28aaaohetoz.cfd
visit29aaapv9osa.cfd
visit30aaanosub3.cfd
visit31aaavqkdtm.cfd
visit32aaasf1nsg.cfd
visit33aaagxtyiw.cfd
visit34aaaethwsq.cfd
visit35aaaavwfbn.cfd
visit36aaalryakp.cfd
visit37aaaiivng3.cfd
visit38aaaw3wkqs.cfd
visit39aaarazebr.cfd
visit40aaakn1z54.cfd
visit41aaadknfmd.cfd
visit42aaa0payiz.cfd
visit43aaas1sj7t.cfd
visit44aaa4rcrp8.cfd
visit45aaaacjkbm.cfd
visit46aaaizsdup.cfd
visit47aaakflcwp.cfd
visit48aaajf0c1u.cfd
visit49aaacd2hqr.cfd
visit50aaangfq85.cfd
visit51aaazskcyr.cfd
visit52aaajakcyd.cfd
visit53aaaulq8ii.cfd
visit54aaavass9k.cfd
visit55aaao8wuin.cfd
visit56aaa2hpzi1.cfd
visit57aaadvqh07.cfd
visit58aaa7waklt.cfd
visit59aaa8alp7y.cfd
visit60aaarh3qpe.cfd
visit61aaa6gzoc5.cfd
visit62aaa1ubcet.cfd
visit63aaa12crag.cfd
visit64aaazgbqd5.cfd
visit65aaabuccur.cfd
visit66aaahynvbu.cfd
visit67aaa3wfp8j.cfd
visit68aaamy8ycn.cfd
visit69aaahwmdbc.cfd
visit70aaaqbs5rm.cfd
visit71aaab2rz1r.cfd
visit72aaaoim7m4.cfd
visit73aaa7ozeqc.cfd
visit74aaajrs6tn.cfd
visit75aaarwxnqb.cfd
visit76aaal9bu0p.cfd
visit77aaa64mejo.cfd
visit78aaakmoqma.cfd
visit79aaankyzbh.cfd
visit80aaaiknssm.cfd
visit81aaa83zsre.cfd
visit82aaajpxmz3.cfd
visit83aaappvyxa.cfd
visit84aaakgkgnk.cfd
visit85aaah3qwuz.cfd
visit86aaak6agzx.cfd
visit87aaajcq0m7.cfd
visit88aaaclf7it.cfd
visit89aaagy9qqc.cfd
visit90aaarhd6tg.cfd
visit91aaaet2wny.cfd
visit92aaabhgff7.cfd
visit93aaa17yfff.cfd
visit94aaa3hmglv.cfd
visit95aaawdsrmx.cfd
visit96aaaviflem.cfd
visit97aaazzgesl.cfd
visit98aaa27zlor.cfd
visit99aaapv9pqq.cfd
wesdeas.hair
youtube.google-policy.com
youtube.goolqe.com

# Reference: https://x.com/lazarusholic/status/1815363714075500879
# Reference: https://wezard4u.tistory.com/429236
# Reference: https://www.virustotal.com/gui/ip-address/152.32.243.136/relations

audko.store
avist.store
nlsie.store
nusiu.live
osihi.store
simos.online
sorsi.online
wodods.online
wodods.xyz

# Reference: https://x.com/r3dbU7z/status/1816075984283566588
# Reference: https://x.com/byrne_emmy12099/status/1816096332718956698
# Reference: https://www.virustotal.com/gui/ip-address/193.149.185.36/relations
# Reference: https://www.virustotal.com/gui/file/950e19f9e804db0b246a36fa01ef7cbc30c72168392ecac9a391756ca634d807/detection

downloadha.online
smartcert.store
templatehub.shop
veridrvs.host
wuyouhe.shop
ms.veridrvs.host

# Reference: https://www.virustotal.com/gui/ip-address/141.164.48.124/relations

accountlive.store
crack-download.store
kakacentre.com
misakass.top
narercorp.space
naveclip.com
navemid.host
navemlive.store
naverbox.com
navesdrv.site
navmails.com
ncvcrlive.store
nibcent.com
nidcenter.com
nilcrap.com
onclouds.host
themesdrv.site
docs.naverbox.com
naverclouds.cckr.store
nid.accountlive.store
nid.narercorp.space
nid.navemid.host
nid.navemlive.store
nid.navesdrv.site
nid.ncrop.org
nid.ncvcrlive.store
nid.nidcenter.com
nid.onclouds.host
nid.themesdrv.site
nid.veridrvs.host
store.navemid.host

# Reference: https://x.com/StrikeReadyLabs/status/1816091548838138125
# Reference: https://www.virustotal.com/gui/ip-address/77.73.69.166/relations
# Reference: https://www.virustotal.com/gui/file/36db29fbdf98b123fcbdcbd93c0bfc7f5b1cd80cf8357ddc1c92fafb26f55560/detection

1oqinservice.serviinform.kro.kr
717studio.n-e.kr
acccoount.qooqle.kro.kr
afcafe.kro.kr
autoeupdate.p-e.kr
bigfiie-downserver.kro.kr
bigfile-serverdown.kro.kr
bing.seamon.kro.kr
bnbnnkh.n-e.kr
boxapp-downfilesss.n-e.kr
cafent-signatere.kro.kr
certificateapp.n-e.kr
certify.n-e.kr
certify.pay-goole.p-e.kr
certifynvapp.n-e.kr
cetify-information.n-e.kr
check.autoeupdate.p-e.kr
check.certify.n-e.kr
cloud-boxserver.kro.kr
cloud-serverfile.n-e.kr
cloudbox-file.kro.kr
device.home.kg
down-boxfile.n-e.kr
down-myboxappfile.kro.kr
drive-certifycafe.n-e.kr
file-cloudbox.kro.kr
file-saver.n-e.kr
filecloud-saver.n-e.kr
filecloud.n-e.kr
gigimode.fin-tech.com
hongguk.n-e.kr
inform.certificateapp.n-e.kr
informalservice.kro.kr
informsecurrity.n-e.kr
inservicesinform.kro.kr
kftcpg.n-e.kr
loggin-grnaiil.n-e.kr
loqin.nhgigi.crabdance.com
loqinseviceeinform.kro.kr
m.nhnsignaturer.kro.kr
m.nidnhnsign.serverpit.com
mackocacola.n-e.kr
mobil-signn.kro.kr
nhgigi.crabdance.com
nhnlogin.minecraftnoob.com
nhnsignaturer.kro.kr
nid.nhnlogin.minecraftnoob.com
nidnhnsign.serverpit.com
nld.loqinseviceeinform.kro.kr
nmodelogging.69.mu
nsign.gigimode.fin-tech.com
pay-goole.p-e.kr
pmlroma.kro.kr
qooqle.kro.kr
saver-cloud.n-e.kr
seamon.kro.kr
server-filedown.n-e.kr
serviinform.kro.kr
siggn-sys.n-e.kr
sign-cetifyinform.n-e.kr
sign-secuicentry.n-e.kr
sign.nmodelogging.69.mu
signcaffe.n-e.kr
signin.certifynvapp.n-e.kr
signin.informsecurrity.n-e.kr
siqnin.inservicesinform.kro.kr
siqnln.informalservice.kro.kr
sktving.kro.kr
sktybmupdate.kro.kr
sleman.ultimit.kro.kr
tripcom.n-e.kr
ultimit.kro.kr
update.farted.net
update.mine.bz
update.punked.us
update.sktving.kro.kr
veraport.n-e.kr
verynat-cetify.n-e.kr
wslideae.kro.kr
yourphoneapp.kro.kr

# Reference: https://x.com/byrne_emmy12099/status/1816477711877202366
# Reference: https://app.validin.com/detail?type=ip&find=103.172.79.128#tab=resolutions
# Reference: https://app.validin.com/detail?find=152.32.243.208&type=ip4&ref_id=770ddaf193d#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/7c52f371547f58c42eb322c2f77cad4cf5c3de2f2365daa88939f37748c5cb02/detection

ltmlc.fun
nahsopyer.site
napana.online
napana.store
nersde.store
nmsdoper.store
noliper.store

# Reference: https://x.com/malwrhunterteam/status/1816524339514343446
# Reference: https://www.virustotal.com/gui/file/96e32ff5d24ed023c55e00556cedaada45db32f94229cf9d33f55a2886ac0c69/detection

apollo-blue7.kro.kr
nid.apollo-blue7.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/152.32.138.167/relations
# Reference: https://www.virustotal.com/gui/file/a173a425d17b6f2362eca3c8ea4de9860b52faba414bbb22162895641dda0dc2/detection

apollo-page.kro.kr
apollo-page.n-e.kr
apollo-page.r-e.kr
apollo-star7.kro.kr
mois-viewer.o-r.kr
viewer-server.p-e.kr
090.apollo-page.kro.kr
123.apollo-page.n-e.kr
mail.apollo-page.r-e.kr
ndilogin.apollo-page.r-e.kr
nidlogin.apollo-page.r-e.kr
vic.apollo-star7.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/118.193.69.97/relations

hogmasil.lol
nadaser.store
namecope.online
nsmoll.store
skq.asia

# Reference: https://www.virustotal.com/gui/ip-address/152.32.139.48/relations

doithe.top
kortiosdfp.lol
nakosd.store
sdoprio.lol
siu.homes
toplopsdfj.lol
api.doithe.top

# Reference: https://www.virustotal.com/gui/ip-address/118.194.248.172/relations

nahsuio.store
accountsmil.nahsuio.store

# Reference: https://www.virustotal.com/gui/ip-address/152.32.243.49/relations

kinfguve.cc
nadfoi.store
sfjhgikjei.cc
zxcdsav.cc

# Reference: https://x.com/byrne_emmy12099/status/1817798187236950221
# Reference: https://www.virustotal.com/gui/ip-address/104.194.154.71/relations

gobro.space
download.gobro.space

# Reference: https://x.com/byrne_emmy12099/status/1818113597677223969
# Reference: https://www.virustotal.com/gui/file/6ff5ae0860290f57862f8918e0509c27649ac381ee70a5cb20d6416ec07b4ad5/detection
# Reference: https://www.virustotal.com/gui/file/15c7f27b140bf1c4841f68eeee76edc9234090ead8c832c9259d7b71e90a2dd7/detection
# Reference: https://www.virustotal.com/gui/file/dd0bb4c7b41a775ec4426fb74a80d995fde39c87197b8c19b8391139e17491fd/detection

79.133.56.173:7016

# Reference: https://www.virustotal.com/gui/ip-address/118.194.249.75/relations

loggin.lol
opresi.info
osyst.life

# Reference: https://www.virustotal.com/gui/ip-address/210.92.18.162/relations

beeneas.xyz
kerasin.store
koraser.store
naver.com.ng
navercafe.eu
osyst.cloud
poluh.shop
qmodiscord.xyz
rabyse.store
rainsbow.store
refery.store
sig.quest
ssounited.store
ujiora.store
yoiroyse.store
accoshmal.nislo.life
accosnksj.opresi.info
accountsmil.nislo.life
dnhmal.nislo.life
dnnksj.opresi.info
manhattan-c1othing.naver.com.ng
nid.naver.com.ng
nidples.osyst.life
nids.naverdoc.com
outlookmember.rabyse.store
up-api1-kage.nislo.life
yoonnets.naver.com.ng

# Reference: https://www.virustotal.com/gui/ip-address/172.86.97.243/relations

arhayo.store
blairy.store
fpolicy.store
harviwo.store
jebario.store
katoryse.store
kimepekz.store
laurapose.store
ncafptary.store
nessacine.store
satony.store
vaeouri.store
yonoma.store
ness.nessacine.store

# Reference: https://x.com/byrne_emmy12099/status/1818639909806391347
# Reference: https://x.com/byrne_emmy12099/status/1831243259185672523
# Reference: https://www.virustotal.com/gui/ip-address/202.141.233.4/relations
# Referennce: https://www.virustotal.com/gui/file/fd2c6aa42264f7d555e4f1c8194f8c293ab02bc416e43b448cbd09912833d5cf/detection

http://202.141.233.4
dest.kro.kr
mcgnu.kro.kr
nawer.p-e.kr
publish.kro.kr
zmting.kro.kr
hwp.publish.kro.kr
main.zmting.kro.kr
nid.nawer.p-e.kr
mem.mcgnu.kro.kr
mxd.dest.kro.kr

# Reference: https://x.com/alex_lanstein/status/1793677450683269329
# Reference: https://x.com/StrikeReadyLabs/status/1793675350037148033
# Reference: https://x.com/StrikeReadyLabs/status/1818827583410389431
# Reference: https://ti.qianxin.com/blog/articles/UTG-Q-010-Targeted-Attack-Campaign-Against-the-AI-and-Gaming-Industry-EN/
# Reference: https://www.virustotal.com/gui/file/a69693dc1a62e49853ba5eb40999f24e340faf1a087e56f9a21c4622d297c861/detection
# Reference: https://www.virustotal.com/gui/file/732a6bf2345e9cc40b9a6a1164dc2e823955cbc56a5d3750e675d1c4db7f7415/detection
# Reference: https://www.virustotal.com/gui/file/4a371c04b3a52139ccfc82062f228284467a7d3c06d3b9313b62f6f2a6e68b75/detection
# Reference: https://www.virustotal.com/gui/file/6a3f3521f812b3186ff9e2347631fe9865d643321a301058f894cf6ca6953dd3/detection
# Reference: https://www.virustotal.com/gui/file/bb491aa8acd52ebe41e593804477991676e8a816c64bfe3a16443dd4feb44fda/detection

http://94.138.192.147
156.224.22.247:443
gangtao.live
ioskaishi.live
malaithai.co
phmdbad.live
chemdl.gangtao.live
chemdl.ioskaishi.live
conn.phmdbad.live
/lasjdflakdsjf.pdf
/public/jsp/lasjdflakdsjf.pdf

# Reference: https://x.com/Cyberteam008/status/1820652443514073188

aeomeio.n-e.kr
apps.imagelogger.o-r.kr
boomerat.r-e.kr
chorteo.r-e.kr
deta2.n-e.kr
download.paradon.n-e.kr
download.pdfconvert.n-e.kr
file-drive.n-e.kr
g-cloud.r-e.kr
imagelogger.o-r.kr
imgconverter.p-e.kr
montera.o-r.kr
nero1.r-e.kr
ns.zavic.kro.kr
ns.zavid.kro.kr
paradon.n-e.kr
pdfconvert.n-e.kr
viewer.imgconverter.p-e.kr
werasocs.r-e.kr
yerahom.p-e.kr
zavic.kro.kr
zavid.kro.kr
zeratos.o-r.kr

# Reference: https://x.com/Thisism23567356/status/1820786152686661857
# Reference: https://www.virustotal.com/gui/file/f7e29ad2b0d3da5c2a9fa8f54629cdd7b5b890a04b7408c7bdbd02e5772c5103/detection

handhygieneforhealth.org/.well-known/acme-challenge/0802/
/.well-known/acme-challenge/0802/d.php
/.well-known/acme-challenge/0802/upload_dotm.php

# Reference: https://x.com/ValidinLLC/status/1820823041925841365
# Reference: https://app.validin.com/detail?type=ip&find=195.85.250.22#tab=resolutions

xn--220b95u7jdkyicjm.xn--yq5b.xn--3e0b707e
xn--910b050bu5a.xn--oi2b61z32a.xn--3e0b707e
xn--950bt9stjai8zqxc.xn--2i0b10rqve.xn--3e0b707e
xn--h49a2p279auzk.xn--2i0b10rqve.xn--3e0b707e
xn--le5b23b8lz6c.xn--oi2b61z32a.xn--3e0b707e
xn--on3bi6mq2ao9n.xn--9i1b01onwqqzd.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=192.64.81.23&type=ip4&ref_id=ee670af8204#tab=resolutions

xn--220bn6pm6ip9b.xn--2i0b10rqve.xn--3e0b707e
xn--h32b29iq8f57j.xn--2i0b10rqve.xn--3e0b707e
xn--hg3b1r23r0we99j.xn--hk3b17f.xn--3e0b707e
xn--on3b21ee3emyo.xn--2i0b10rqve.xn--3e0b707e
xn--zb0b93v7zf0yr.xn--9i1b01onwqqzd.xn--3e0b707e
xn--zb0b93vmoa643b.xn--yq5b.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=166.88.194.226&type=ip4&ref_id=ee670af8204#tab=resolutions

xn--zb0b93v7zf0yr.xn--9i1b01onwqqzd.xn--3e0b707e
file-center.p-e.kr

# Reference: https://app.validin.com/detail?find=95.164.62.157&type=ip4&ref_id=ee670af8204#tab=resolutions

clearcheck.r-e.kr
cloud-file.o-r.kr
file-clear.o-r.kr
iptime-upgrade.r-e.kr
xn--h32b11c06kbkc.xn--oi2b61z32a.xn--3e0b707e
xn--h32b21ccvorra.xn--oi2b61z32a.xn--3e0b707e
xn--h32b93rxub7a38cq45d.xn--oi2b61z32a.xn--3e0b707e
xn--on3b11fg6drvc910a.xn--2i0b10rqve.xn--3e0b707e
xn--zb0b93v7pcl4f61fvwu.xn--oi2b61z32a.xn--3e0b707e
xn--zb0b93v7zf0yr.xn--9i1b01onwqqzd.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=89.221.224.145&type=ip4&ref_id=ee670af8204#tab=resolutions

accountqoogle.r-e.kr
authqooqle.n-e.kr
download-file.o-r.kr
mitsdj.p-e.kr
n-checker.n-e.kr
nate-accounts.o-r.kr
safe-down.o-r.kr
safefile-store.n-e.kr
secu-center.n-e.kr
security-file.o-r.kr
xn--2e0bw9ye9s.xn--yq5b.xn--3e0b707e
xn--2i0b10r3wdxxk7xc.xn--hu5b25b77nvwc.xn--3e0b707e
xn--3e0bk66b.xn--oi2b61z32a.xn--3e0b707e
xn--910bs4k2b903c.xn--oi2b61z32a.xn--3e0b707e
xn--989amm089aqzk.xn--9i1b01onwqqzd.xn--3e0b707e
xn--c79ak52c.xn--hk3b17f.xn--3e0b707e
xn--h32b21c06kokc.xn--h32bi4v.xn--3e0b707e
xn--h32b23ax6ukic99m.xn--oi2b61z32a.xn--3e0b707e
xn--h32b93vna29s.xn--2i0b10rqve.xn--3e0b707e
xn--i49alo503a1hj91qiwd.xn--oi2b61z32a.xn--3e0b707e
xn--i49aloj21bx7h.xn--hu5b25b77nvwc.xn--3e0b707e
xn--ly5b17v.xn--2i0b10rqve.xn--3e0b707e
xn--oi2b43d22m.xn--oi2b61z32a.xn--3e0b707e
xn--ok0by38c.xn--yq5b.xn--3e0b707e
xn--on3bi6m.xn--hu5b25b77nvwc.xn--3e0b707e
xn--oy2b23yvwh.xn--hk3b17f.xn--3e0b707e
xn--sn3b25qa01t.xn--yq5b.xn--3e0b707e
xn--vf4b150a.xn--hu5b25b77nvwc.xn--3e0b707e
xn--zb0b93v.xn--hu5b25b77nvwc.xn--3e0b707e
xn--zb0b93v7pcuvq.xn--2i0b10rqve.xn--3e0b707e
xn--zb0bjsl3wqkbsx1b.xn--oi2b61z32a.xn--3e0b707e
xn--zj4b17e9vcn8n.xn--hu5b25b77nvwc.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=45.58.52.104&type=ip4&ref_id=ee670af8204#tab=resolutions

xn--289aqc003dx7h.xn--oi2b61z32a.xn--3e0b707e
xn--c79ao69ad3e0kc.xn--9i1b01onwqqzd.xn--3e0b707e
xn--hg3b15whlf.xn--2i0b10rqve.xn--3e0b707e
xn--le5b84c.xn--hk3b17f.xn--3e0b707e
xn--on3b95m.xn--h32bi4v.xn--3e0b707e

# Reference: https://x.com/eastside_nci/status/1821021927357751361

navel.r-e.kr
lcs.navel.r-e.kr
tivan.navel.r-e.kr
veta.navel.r-e.kr
nam.veta.navel.r-e.kr

# Reference: https://www.cyberresilience.com/threatintel/apt-group-kimsuky-targets-university-researchers/
# Reference: https://github.com/arceo-labs/iocs/blob/main/APT/Kimsuky/domains.txt

dorray.site
gkjoiup.site
penlu.or.kr

# Reference: https://x.com/StrikeReadyLabs/status/1822942402258080183
# Reference: https://x.com/Thisism23567356/status/1822970394007019675
# Reference: https://www.virustotal.com/gui/ip-address/152.32.138.182/relations
# Reference: https://www.virustotal.com/gui/ip-address/165.154.171.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.128.147.226/relations
# Reference: https://www.virustotal.com/gui/file/3e0f4eaf3db754160f8c012a94772bf05b20823806962836fd0d32e0f160b916/detection
# Reference: https://www.virustotal.com/gui/file/86ef578ca5923119e65049f3d26bff7ea41cea12f8c425f06786b406c8dfaf9a/detection

easygooglecloud.com
googlesharepoint.com
htc-llc.net
microsoft-host.com
twittertips.com
xbox-app.com
checker.jetos.com
gemini.ns01.info

# Reference: https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/
# Reference: https://www.virustotal.com/gui/ip-address/104.194.152.251/relations

104.194.152.251:443
104.194.152.251:8936
pumaria.store
go.pumaria.store

# Reference: https://www.virustotal.com/gui/ip-address/27.255.80.162/relations

barerby.store
brayoier.store
fandorin.store
ratoriu.store
santora.store
slardar.store

# Reference: https://www.virustotal.com/gui/ip-address/27.255.80.163/relations

megadown.store

# Reference: https://x.com/asdasd13asbz/status/1823625652626710578

bit-albania.com/config.php
bit-albania.com/inc.php

# Reference: https://x.com/JangPr0/status/1824232312915333325
# Reference: https://www.virustotal.com/gui/file/b13201957eec1248b3d91f2fd5a0b5d999c0c77644810f4aa28c9ecd0faf8828/detection

0x0.st/XO5m.txt

# Reference: https://x.com/StrikeReadyLabs/status/1825868401337565226
# Reference: https://www.virustotal.com/gui/file/6b660666f031843a36225e791f6564983c2c8cabf85d2216f0617702a978c838/detection

dr0pb0xapi.com
api.dr0pb0xapi.com
content.dr0pb0xapi.com

# Reference: https://app.validin.com/detail?type=ip&find=210.92.18.158

ko27hovkuqymlx.cfd
ko61prrdlueqct.cfd
ko64teljoibilm.cfd
ko70xxapysvemq.cfd
nm53nvgpzydpxi.cfd

# Reference: https://x.com/eastside_nci/status/1826907909768278163
# Reference: https://app.validin.com/detail?type=ip&find=210.92.18.142#tab=resolutions

account-naver.com
alska37navorcom.website
anewloipopkstar.cloud
dauo3mgoepcio.store
eodanatiodnd09dan.store
haier30chainmgov.website
holadnneioa9mar.online
keyodga90studian.site
krnavedunpsgrps.site
ldadomstka3727noghyp.xyz
login-naver.com
mail-naver.com
miaot32kdnetso.online
msikocanatgioan3c.store
mufaktisi23nbacoam.site
ngenecdoemai3dn.site
nodkcl32doalkna.icu
nuttopsseafe30gud.icu
parenkocl23netkor.online
pidnca3ohackabom.website
qurotdua3ncane.cloud
sapedlcybernav.online
security-naver.com
signin-naver.com
thirda0partysnm.website
wordorg30dnckson.website

# Reference: https://x.com/eastside_nci/status/1826907912565821728
# Reference: https://app.validin.com/detail?type=ip&find=210.92.18.183#tab=resolutions

avackacmzei3cm.store
edaue3dkstring.icu
krmouse3hacaka.icu
laoschnavgat0in.store
mcafegroupc3sk.store
meardkcsa0ndbox.online
messhoek2sdkn.site
navercorp.center
navor.online
nid-naver.info
podlaenca0dla.online
sakuran320netisxm.xyz
taranagmccoprs.website
transnave0ccoaprs.website
webnavit0incom.online
zabrdca3gopex.site
zootoepaic0cat.online

# Reference: https://x.com/eastside_nci/status/1826907914918912293

2022laicai.com
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.osyst.life
3yik.caidao188.com
aperfection3cos.site
arsakray.store
bgptools-wildcard-confirmed.inserverncorpservice.store
bgptools-wildcard-confirmed.nmailcorponlinehost.store
bgptools-wildcard-confirmed.nmailteam.store
bzfafa888.com
caidao188.com
eager-goldwasser.210-92-18-176.plesk.page
gemevog.com
ghfjqle.icu
guytr.store
hanhwa.site
images.kkuac.org
inserverncorpservice.store
inservicenmail.store
js.caiyuandao888.com
laoschnavgat0in.store
mailsecurityncorp.store
nasdfg.website
nbgfvr.icu
nbvfghr.online
nbvhftr.store
ndfghj.store
ndfsdk.website
nervous-hawking.210-92-18-188.plesk.page
nghtyr.online
nghytr.space
ngjhry.icu
ngjhur.website
ngjrur.online
ngjuer.store
nhgujfr.shop
nhgybf.xyz
nhgyt.shop
nhjklr.icu
nhygbh.xyz
nirroaed5nesicm.store
njfghr.store
njgher.site
njghfr.site
njghuer.online
njguht.shop
njguyh.space
njhgd.cloud
njhgu.website
njhuy.website
njhuyr.online
njikmh.site
nkgier.website
nmailcorphost.store
nmailcorponlinehost.store
nmailhostingonline.store
nmailhostingonlinecom.store
nmailhostsecurityonline.store
nmailonlineserverhosting.store
nmailsecurityhost.store
serverncorpmail.store
serverncorpmailonline.store
servernmailcenter.store
servernmailcorp.store
servernmailservice.store
vcljs.com
whe0tmcopsra.site
zootoepaic0cat.online

# Reference: https://x.com/Huntio/status/1827010159597728157
# Reference: https://app.validin.com/detail?type=ip&find=27.102.130.181#tab=resolutions

goocgle.cloud

# Reference: https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-Kimsukys-Phishing-and-Payload-Tactics_wp.pdf
# Reference: https://github.com/rapid7/Rapid7-Labs/blob/main/IOCs/Kimsuky_Phishing_Payload_Tactics_IOCs.txt

accounts.ukr.net.userscheck.info
app.userscheck.info
blog.userscheck.info
chat.userscheck.info
dev.userscheck.info
forums.app.userscheck.info
fr.userscheck.info
i.ua.userscheck.info
meta.ua.userscheck.info
micbns.documentview.site
net.userscheck.info
passport.meta.ua.userscheck.info
passports.i.ua.userscheck.info
phpmyadmin.userscheck.info
support.userscheck.info
ua.userscheck.info
ukr.net.userscheck.info

# Reference: https://x.com/ValidinLLC/status/1827015254821253281
# Reference: https://app.validin.com/detail?type=ip&find=154.205.138.23#tab=resolutions

ntskorea.site
ntsletter.site
ntsmail.online
ntsmail.store
ntspost.online
ntsposting.site
ntsshare.site
ntsteam.store
ntsweb.store
cc.ntsmail.online
cc.ntsposting.site
lcs.ntsmail.online
lcs.ntsmail.store
lcs.ntsposting.site
naver.ntskorea.site
naver.ntsletter.site
naver.ntsmail.store
naver.ntsposting.site
naver.ntsweb.store

# Reference: https://app.validin.com/detail?find=173.211.70.97&type=ip4&ref_id=d5d8772dd63#tab=resolutions
# Reference: https://app.validin.com/detail?find=185.126.148.8&type=ip4&ref_id=d5d8772dd63#tab=resolutions

cute-fox.online
futurismlabs.site
linesmanagement.fun
mediumtechview.info
mediumtechview.site
simplegame.store
supernovagroup.site

# Reference: https://app.validin.com/detail?find=210.92.18.187&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naverlogin.com
nproxr.store
nsfder.store

# Reference: https://app.validin.com/detail?find=210.92.18.185&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

boarmanc90genmc.xyz
cokrmstehomeb09ks.xyz
com-change.info
comerpl0starli.site
cordns77navgations.icu
coumcyberlib3n.online
daurnmail.com
ehcoasnet8home.store
golpit0matery.online
gonwet1boedy.site
hotmail.com-change.info
hotrnail.com-change.info
krdaumcokm0a.cloud
mc0rpsadmenp.cloud
mcafe090korpxs.online
microsoft.com-change.info
msky05bookscom.shop
n09ccafestopcm.website
naver.com-change.info
navers.com-change.info
navor.com-change.info
newdoma7navgtes.store
nidauti0korpsm.online
packnavorkps12attn.store
qour8dakservers.website
saramine5estchn.website
t0ngbirsmirn.cloud
ytube23comk.website

# Reference: https://app.validin.com/detail?find=210.92.18.181&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

aget0mkcoilp.store
albokkstr0nets.store
ckrnpoekai12sg.online
csilentabooksites.website
diom2bolbooks.cloud
gksisfle.website
gqwert.space
guekgle.shop
gythu.site
hamtopredio3n.website
jobckr23contp.site
jobkrnetsiom3nva.cloud
naverhelp.center
navesgn.info
nm14hwjsddxdab.cfd
npiramid00grps.xyz
outlook-kr.com
pla0iistocktbls.cloud
refidn09netapols.icu
urhost30bomlibs.site
vitual7murps.online
vituo5plomontuers.store
weoidius98netstv.store

# Reference: https://app.validin.com/detail?find=210.92.18.169&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

aa11iaiaoaodiasdf.cfd
aa15daoaoaa.cfd
aa16auaiaia.cfd
gg01aa8d.cfd
gg02diad.cfd
gg03dddd.cfd
gg04jaid.cfd
gg05odpz.cfd
gg06vjzn.cfd
gg08vnzm.cfd
gg09icuy.cfd
gg10vncc.cfd
gg117hvu.cfd
gg12vvzc.cfd
gg13vvcz.cfd
gg14dvcz.cfd
gg15mmnc.cfd
gg16ijnc.cfd
gg17nbcj.cfd
gg18yctz.cfd
gg19vnzn.cfd
gg20qqzn.cfd
gg21abcd.cfd
gg22kieu.cfd
gg23uydc.cfd
gg24erud.cfd
gg25vmzn.cfd
gg26ppdd.cfd
gg27ytdc.cfd
gg28erud.cfd
gg29wdic.cfd
gg30qncj.cfd
gg31vmcc.cfd
gg32ddid.cfd
gg33ecbc.cfd
gg34bcjd.cfd
gg35tdfd.cfd
ghusfe.online
guhdfe.store
gythu.site
insecurityncorp.store
inservernmail.store
inservernmailcorp.store
inservicenmailcorp.store
inservicenmailsecurity.store
joinupvts.org
kk02diaoa.cfd
kk04ooiiz.cfd
kk05jjizo.cfd
ko03bumpunpkkj.cfd
ko05oiwgznlfez.cfd
ko09iihldlmpue.cfd
ko16krddlgrnqc.cfd
ko17zouzamjbna.cfd
ko20klrhisaghe.cfd
ko21hkerjkbwdk.cfd
ko22hkqwqzhfor.cfd
ko28dhdlhpwdoq.cfd
ko34ertusbpxwo.cfd
ko36jvrpmmdinr.cfd
ko37dosnkzvkgk.cfd
ko38muxaclxtyi.cfd
ko39sksjjgqoxc.cfd
ko45bvsvhykbec.cfd
ko47lbeoonhzch.cfd
ko50abihxzlzpx.cfd
ko52duaqxyjgcy.cfd
ko57jlttjllkri.cfd
ko60ydekzyztby.cfd
ko62naixkvajsb.cfd
ko63mzeususgdb.cfd
ko65mktttgloce.cfd
ko66epaeekyygx.cfd
ko67fowwqjblxu.cfd
ko68mlsiftaimg.cfd
ko69rykrwqqvtb.cfd
mailncorpsecurity.store
mz01gnzcsqyxvh.cfd
mz15wiqsuekibc.cfd
mz17zthmologal.cfd
mz20nvegiecnlg.cfd
mz21ecesmpinht.cfd
mz29qdyvhgkjmw.cfd
mz32evjttfqehe.cfd
mz33samchzvpbf.cfd
mz34kmoqtbsccp.cfd
mz37qfwnzdboqn.cfd
mz39msrxqvgwds.cfd
mz42vdwrbyzpuy.cfd
mz44hhmwmdsebg.cfd
mz48ccndurjvpt.cfd
nm14hwjsddxdab.cfd
nm23yrmupctcjh.cfd
nm27zcijazfmnm.cfd
nm64cmdaulibqc.cfd
nm71wibkcuxqir.cfd
nmailcorpsecurityhost.store
nmailhostingcom.store
nmailhostingserver.store
nmailhostingservice.store
nmailhostonline.store
nmailhostonlineserver.store
nmailhostserveronline.store
nmailonlinehost.store
nmailonlinehosting.store
nmailonlinehostingserver.store
nmailsecurityhosting.store
nmailsecurityonlinehosting.store
nmailserverhosing.store
onlinenmailcorpservicecom.store
onlinenmailcorpserviceenter.store
onsecuritynmail.store
onsecuritynmailcorp.store
op01ytuackbjgp.cfd
op07kzvwwbuysj.cfd
qq01aiao.cfd
qq03aiai.cfd
qq04aiai.cfd
qq08zzdi.cfd
qq09mzkc.cfd
servernmail.store
servernmailcenteronline.store
servernmailonline.store
servernmailonlinecom.store
ss2siaoeiqoao.cfd
ss8diaoaidia.cfd
ss9diaudiaa.cfd
wr01dzt.cfd
wr02lqw.cfd
wr04yst.cfd
wr15ffe.cfd
wr16kah.cfd
wr24dwr.cfd
wr26zky.cfd
wr27hjm.cfd
wr31unj.cfd
wr32qcy.cfd
wr33kmx.cfd
ww01aaa.cfd
ww02bbb.cfd
ww03ccc.cfd
ww04ddd.cfd
ww05eee.cfd
ww06fff.cfd
ww07ggg.cfd
ww08iii.cfd
ww09qqq.cfd
ww10fid.cfd
ww11dia.cfd
ww12vmn.cfd
ww13nmv.cfd
ww14cnm.cfd
ww15nvd.cfd
ww16fjf.cfd
ww17oio.cfd
ww18vnc.cfd
ww19jjd.cfd
ww20vnc.cfd
ww21ccc.cfd
ww22jjc.cfd
ww23mvn.cfd
ww24ncc.cfd
ww25nnc.cfd
ww26nnk.cfd
ww27iol.cfd
ww28nnb.cfd
ww29nnc.cfd
ww30kjc.cfd
ww31ncc.cfd
ww32nnc.cfd
zz09iinic.cfd
zz13iijnc.cfd
zz14ppiuc.cfd
zz16ajndd.cfd
zz20hjcic.cfd
zz21ticic.cfd
zz23aeeec.cfd

# Reference: https://app.validin.com/detail?find=210.92.18.161&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

accounts.serviceprotect.eu
enternmailaccounts.store
enternmailaccountscom.store
enternmailaccountsserver.store
enternmailcorpsecurity.store
enternmailsecurity.store
enternmailserver.store
gg04jaid.cfd
gg05odpz.cfd
gg07pcoi.cfd
gg08vnzm.cfd
gg09icuy.cfd
gg10vncc.cfd
gg117hvu.cfd
gg13vvcz.cfd
gg14dvcz.cfd
gg15mmnc.cfd
gg16ijnc.cfd
gg18yctz.cfd
gg19vnzn.cfd
gg20qqzn.cfd
gg21abcd.cfd
gg22kieu.cfd
gg23uydc.cfd
gg25vmzn.cfd
gg26ppdd.cfd
gg27ytdc.cfd
gg28erud.cfd
gg29wdic.cfd
gg30qncj.cfd
gg31vmcc.cfd
gg32ddid.cfd
gg33ecbc.cfd
gg34bcjd.cfd
gg35tdfd.cfd
innmailserver.store
innserversite.online
innservicecomserver.store
inservicecom.store
kk02diaoa.cfd
kk04ooiiz.cfd
kk05jjizo.cfd
ko03bumpunpkkj.cfd
ko05oiwgznlfez.cfd
ko09iihldlmpue.cfd
ko16krddlgrnqc.cfd
ko17zouzamjbna.cfd
ko20klrhisaghe.cfd
ko21hkerjkbwdk.cfd
ko22hkqwqzhfor.cfd
ko28dhdlhpwdoq.cfd
ko34ertusbpxwo.cfd
ko36jvrpmmdinr.cfd
ko37dosnkzvkgk.cfd
ko38muxaclxtyi.cfd
ko39sksjjgqoxc.cfd
ko45bvsvhykbec.cfd
ko47lbeoonhzch.cfd
ko50abihxzlzpx.cfd
ko52duaqxyjgcy.cfd
ko57jlttjllkri.cfd
ko60ydekzyztby.cfd
ko62naixkvajsb.cfd
ko63mzeususgdb.cfd
ko65mktttgloce.cfd
ko66epaeekyygx.cfd
ko67fowwqjblxu.cfd
ko68mlsiftaimg.cfd
ko69rykrwqqvtb.cfd
loginnmailcorpserver.store
mailncorpsecurity.store
mz01gnzcsqyxvh.cfd
mz15wiqsuekibc.cfd
mz17zthmologal.cfd
mz20nvegiecnlg.cfd
mz21ecesmpinht.cfd
mz29qdyvhgkjmw.cfd
mz30nnqnbxgboi.cfd
mz32evjttfqehe.cfd
mz33samchzvpbf.cfd
mz34kmoqtbsccp.cfd
mz37qfwnzdboqn.cfd
mz39msrxqvgwds.cfd
mz42vdwrbyzpuy.cfd
mz44hhmwmdsebg.cfd
mz48ccndurjvpt.cfd
navcomserver.store
navservicecenter.store
ncompanylogin.store
ncompanymailserver.store
ncompanyserver.store
ncompanyservice.store
ncorpmailingserver.store
ncorpmailsecurity.store
ncorpmailsecuritycom.store
ncorpmailsecurityonline.store
ncorpmailservercom.store
ncorpmailservicecom.store
ncorpmailsystem.store
ncorponline.store
ncorponlineserver.store
ncorporationmail.store
ncorporationsecurity.store
ncorporationserver.store
ncorporationservice.store
ncorpsecuritycom.store
ncorpsecuritycomsite.store
ncorpsecurityservice.store
ncorpserveronline.store
ngroupmailserver.store
ngroupmailservice.store
nhtgfr.online
nhuygr.shop
njhbgd.online
njhug.online
nm14hwjsddxdab.cfd
nm23yrmupctcjh.cfd
nm27zcijazfmnm.cfd
nm64cmdaulibqc.cfd
nm71wibkcuxqir.cfd
nmailcentercom.store
nmailinconline.store
nmailincserver.store
nmailingserver.store
nmailingservice.store
nmailservercomsystem.store
nmailserversystem.store
nmailservicecom.store
nmailsystemsecurity.store
nmailsystemserver.store
nonlinecenter.store
nonlinemailservercom.store
nonlineservce.store
nonlineserver.store
nonlineserversite.store
nonlineservicesite.store
nsecuritygroupmail.store
nsecuritygroupservice.store
nsecuritymailing.store
nsecurityservicesystem.store
nserviceonline.store
nserviceonlineserver.store
onlinenavservice.store
onlinencompany.store
onlinencorpaccounts.store
onlinencorpmailsecurity.store
onlinencorpsecurity.store
onlinencorpsecuritycom.store
onlinencorpserver.store
onlinenmailaccounts.store
onlinenmailaccountsservice.store
onlinenmailcorpcom.store
onlinenmailcorpserver.store
onlinenmailcorpservice.store
onlinenmailserver.store
onlinenmailservice.store
onlinenservicecenter.store
onlinenservicecom.store
onnmailcorpsecurity.store
onnmailservercom.store
onnmailservice.store
onsecuritynmail.store
onsecuritynmailcorp.store
op01ytuackbjgp.cfd
op07kzvwwbuysj.cfd
qq01aiao.cfd
qq03aiai.cfd
qq04aiai.cfd
qq05wiwo.cfd
qq06jzoz.cfd
qq08zzdi.cfd
qq09mzkc.cfd
servicemember.info
serviceprotect.eu
ss12aidiaodia.cfd
ss13aidoaias.cfd
ss2siaoeiqoao.cfd
ss6qiaosidiao.cfd
ss8diaoaidia.cfd
ss9diaudiaa.cfd
wr01dzt.cfd
wr02lqw.cfd
wr03skl.cfd
wr04yst.cfd
wr05mmy.cfd
wr06guh.cfd
wr07pxi.cfd
wr08dxk.cfd
wr09vjo.cfd
wr10jdh.cfd
wr11idy.cfd
wr12xej.cfd
wr13fsd.cfd
wr14xpn.cfd
wr15ffe.cfd
wr16kah.cfd
wr17uvl.cfd
wr18pfu.cfd
wr19xpc.cfd
wr20jyu.cfd
wr21udy.cfd
wr22pch.cfd
wr23vul.cfd
wr24dwr.cfd
wr25rkg.cfd
wr26zky.cfd
wr27hjm.cfd
wr28gmv.cfd
wr29dnt.cfd
wr30tey.cfd
wr31unj.cfd
wr32qcy.cfd
wr33kmx.cfd
ww01aaa.cfd
ww02bbb.cfd
ww03ccc.cfd
ww04ddd.cfd
ww05eee.cfd
ww06fff.cfd
ww07ggg.cfd
ww08iii.cfd
ww09qqq.cfd
ww10fid.cfd
ww11dia.cfd
ww12vmn.cfd
ww13nmv.cfd
ww14cnm.cfd
ww15nvd.cfd
ww16fjf.cfd
ww17oio.cfd
ww18vnc.cfd
ww19jjd.cfd
ww20vnc.cfd
ww21ccc.cfd
ww22jjc.cfd
ww23mvn.cfd
ww24ncc.cfd
ww25nnc.cfd
ww26nnk.cfd
ww27iol.cfd
ww28nnb.cfd
ww29nnc.cfd
ww30kjc.cfd
ww31ncc.cfd
ww32nnc.cfd
zz02wqiam.cfd
zz04diaod.cfd
zz07zivnc.cfd
zz09iinic.cfd
zz10ojvnd.cfd
zz11ijvnc.cfd
zz12jmnjd.cfd
zz13iijnc.cfd
zz14ppiuc.cfd
zz16ajndd.cfd
zz17iiinv.cfd
zz18ppivn.cfd
zz20hjcic.cfd
zz21ticic.cfd
zz22bcjcd.cfd
zz23aeeec.cfd
zz25ioonc.cfd
zz26fiiid.cfd

# Reference: https://app.validin.com/detail?find=210.92.18.140&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

nbjghy.space
nbjhf.space
ngjud.online
ngtyr.online
nmbjgh.store

# Reference: https://app.validin.com/detail?find=210.92.18.38&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

beplay787.com
gouwan.asia
izhido.com
manbet.vip
manbetx.pw
manbetx123.net
manbetx1688.com
manbetx888.net
opebet7788.com
wanbo.asia
wanbotiyu.com
wanboyazhou.com

# Reference: https://app.validin.com/detail?find=210.92.18.180&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

activateall.store
air000sorricesnets.shop
boarac32kcahane.online
bon3homeskopn.site
domaepd0casemp.shop
echoakop0can.website
euroq0utcoja.store
halmcopl2coms.icu
humiolcaplia.website
ikornv7bomska.site
jobkrb0netsner.online
krinstan3acheom.icu
laun093nettvm.cloud
lomaberkcops.icu
meaech0libryarys.website
mewcafenidkporn.website
moistu30uesrnetna.online
naithech3studin.website
navcorphelpserver.store
navcorpteam.store
naverhelp.info
naverhelp.net
navermail.info
navhelpteam.store
navig0tion23s.online
navinc.store
navsercuricom.store
nbookafat0rys.cloud
nidao23matnerb.icu
nrefe0ncenotdap.icu
nvbmb.shop
plocafenav0tinar.online
recoverpotal.online
recoveryrequest.store
requestall.store
skornhomeokls0o.online
synchronizeall.store
threm0shortvo.site
todarayon20ncv.xyz
transfckinea0mons.store
verificationmail.store
wero908shinhan.icu

# Reference: https://app.validin.com/detail?find=210.92.18.164&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

auser.eu
cmember.eu
kakaocop.com
kakaocorps.com
mailuser.info
natescorp.com
psuser.eu
quser.info
thnuhbyhn.tech
mail.auser.eu

# Reference: https://app.validin.com/detail?find=210.92.18.168&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

callsvcauction.online
discoveriner.sbs
dovmansec.cfd
helpagencyall.site
mailnaverio.store
mainoutband.store
mallkrservice.site
nativeauction.sbs
navmontin.store
navnamemode.cfd
navsold.site
necolasec.shop
netserviceml.sbs
nidnewsmain.site
nsscontens.store
popularmap.cfd
scorenidmain.bond
sendletters.site
a.discoveriner.sbs
captchanidin.helpagencyall.site
captchanidin.scorenidmain.bond
captchanidinbox.popularmap.cfd
captchanidlink.navnamemode.cfd
captchanidmail.scorenidmain.bond
captchanidmail.sendletters.site
captchanidmain.netserviceml.sbs
captchanidmall.navsold.site
captchanidporn.discoveriner.sbs
captchanidporn.dovmansec.cfd
captchanidporn.nativeauction.sbs
captchanidpostm.nativeauction.sbs
captchanidsvc.navmontin.store
ccin.helpagencyall.site
ccin.scorenidmain.bond
ccinbox.popularmap.cfd
cclink.navnamemode.cfd
ccmail.scorenidmain.bond
ccmail.sendletters.site
ccmain.netserviceml.sbs
ccmall.navsold.site
ccporn.discoveriner.sbs
ccporn.dovmansec.cfd
ccporn.nativeauction.sbs
ccpostm.nativeauction.sbs
ccsvc.navmontin.store
cloudin.helpagencyall.site
cloudin.scorenidmain.bond
cloudinbox.popularmap.cfd
cloudlink.navnamemode.cfd
cloudmail.scorenidmain.bond
cloudmail.sendletters.site
cloudmain.netserviceml.sbs
cloudmall.navsold.site
cloudporn.discoveriner.sbs
cloudporn.dovmansec.cfd
cloudporn.nativeauction.sbs
cloudpostm.nativeauction.sbs
cloudsvc.navmontin.store
contactin.helpagencyall.site
contactin.scorenidmain.bond
contactinbox.popularmap.cfd
contactlink.navnamemode.cfd
contactmail.scorenidmain.bond
contactmail.sendletters.site
contactmain.netserviceml.sbs
contactmall.navsold.site
contactporn.discoveriner.sbs
contactporn.dovmansec.cfd
contactporn.nativeauction.sbs
contactpostm.nativeauction.sbs
contactsvc.navmontin.store
helpin.helpagencyall.site
helpin.scorenidmain.bond
helpinbox.popularmap.cfd
helplink.navnamemode.cfd
helpmail.scorenidmain.bond
helpmail.sendletters.site
helpmain.netserviceml.sbs
helpmall.navsold.site
helpporn.discoveriner.sbs
helpporn.dovmansec.cfd
helpporn.nativeauction.sbs
helppostm.nativeauction.sbs
helpsvc.navmontin.store
lcsin.helpagencyall.site
lcsin.scorenidmain.bond
lcsinbox.popularmap.cfd
lcslink.navnamemode.cfd
lcsmail.scorenidmain.bond
lcsmail.sendletters.site
lcsmain.netserviceml.sbs
lcsmall.navsold.site
lcsporn.discoveriner.sbs
lcsporn.dovmansec.cfd
lcsporn.nativeauction.sbs
lcspostm.nativeauction.sbs
lcssvc.navmontin.store
mail.callsvcauction.online
mail.navsold.site
mailin.helpagencyall.site
mailin.scorenidmain.bond
mailinbox.popularmap.cfd
maillink.navnamemode.cfd
mailmail.scorenidmain.bond
mailmail.sendletters.site
mailmain.netserviceml.sbs
mailmall.navsold.site
mailporn.discoveriner.sbs
mailporn.dovmansec.cfd
mailporn.nativeauction.sbs
mailpostm.nativeauction.sbs
mailsvc.navmontin.store
naver.callsvcauction.online
naver.mailnaverio.store
naver.mainoutband.store
naver.mallkrservice.site
navermail.callsvcauction.online
navermail.mainoutband.store
navermail.mallkrservice.site
nid.mailnaverio.store
nidin.helpagencyall.site
nidin.scorenidmain.bond
nidinbox.popularmap.cfd
nidlink.navnamemode.cfd
nidlogin.mallkrservice.site
nidmail.scorenidmain.bond
nidmail.sendletters.site
nidmain.netserviceml.sbs
nidmall.navsold.site
nidporn.discoveriner.sbs
nidporn.dovmansec.cfd
nidporn.nativeauction.sbs
nidpostm.nativeauction.sbs
nids.discoveriner.sbs
nids.dovmansec.cfd
nids.helpagencyall.site
nids.nativeauction.sbs
nids.navmontin.store
nids.navnamemode.cfd
nids.navsold.site
nids.netserviceml.sbs
nids.popularmap.cfd
nids.scorenidmain.bond
nids.sendletters.site
nidsvc.navmontin.store
publish.sendletters.site
rcaptchanidin.helpagencyall.site
rcaptchanidin.scorenidmain.bond
rcaptchanidinbox.popularmap.cfd
rcaptchanidlink.navnamemode.cfd
rcaptchanidmail.scorenidmain.bond
rcaptchanidmail.sendletters.site
rcaptchanidmain.netserviceml.sbs
rcaptchanidmall.navsold.site
rcaptchanidporn.discoveriner.sbs
rcaptchanidporn.dovmansec.cfd
rcaptchanidporn.nativeauction.sbs
rcaptchanidpostm.nativeauction.sbs
rcaptchanidsvc.navmontin.store
soundcaptchanidin.helpagencyall.site
soundcaptchanidin.scorenidmain.bond
soundcaptchanidinbox.popularmap.cfd
soundcaptchanidlink.navnamemode.cfd
soundcaptchanidmail.scorenidmain.bond
soundcaptchanidmail.sendletters.site
soundcaptchanidmain.netserviceml.sbs
soundcaptchanidmall.navsold.site
soundcaptchanidporn.discoveriner.sbs
soundcaptchanidporn.dovmansec.cfd
soundcaptchanidporn.nativeauction.sbs
soundcaptchanidpostm.nativeauction.sbs
soundcaptchanidsvc.navmontin.store
sslin.helpagencyall.site
sslin.scorenidmain.bond
sslinbox.popularmap.cfd
ssllink.navnamemode.cfd
sslmail.scorenidmain.bond
sslmail.sendletters.site
sslmain.netserviceml.sbs
sslmall.navsold.site
sslporn.discoveriner.sbs
sslporn.dovmansec.cfd
sslporn.nativeauction.sbs
sslpostm.nativeauction.sbs
sslsvc.navmontin.store
staticnidin.helpagencyall.site
staticnidin.scorenidmain.bond
staticnidinbox.popularmap.cfd
staticnidlink.navnamemode.cfd
staticnidmail.scorenidmain.bond
staticnidmail.sendletters.site
staticnidmain.netserviceml.sbs
staticnidmall.navsold.site
staticnidporn.discoveriner.sbs
staticnidporn.dovmansec.cfd
staticnidporn.nativeauction.sbs
staticnidpostm.nativeauction.sbs
staticnidsvc.navmontin.store
publish.sendletters.site
wwwcorpin.helpagencyall.site
wwwcorpin.scorenidmain.bond
wwwcorpinbox.popularmap.cfd
wwwcorplink.navnamemode.cfd
wwwcorpmail.scorenidmain.bond
wwwcorpmail.sendletters.site
wwwcorpmain.netserviceml.sbs
wwwcorpmall.navsold.site
wwwcorpporn.discoveriner.sbs
wwwcorpporn.dovmansec.cfd
wwwcorpporn.nativeauction.sbs
wwwcorppostm.nativeauction.sbs
wwwcorpsvc.navmontin.store
wwwin.helpagencyall.site
wwwin.scorenidmain.bond
wwwinbox.popularmap.cfd
wwwlink.navnamemode.cfd
wwwmail.scorenidmain.bond
wwwmail.sendletters.site
wwwmain.netserviceml.sbs
wwwmall.navsold.site
wwwporn.discoveriner.sbs
wwwporn.dovmansec.cfd
wwwporn.nativeauction.sbs
wwwpostm.nativeauction.sbs
wwwsvc.navmontin.store

# Reference: https://app.validin.com/detail?find=210.92.18.159&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

chasina.store
grendeu.store
katerage.store
naver.com.ru
nid.naver.com.ru

# Reference: https://app.validin.com/detail?find=210.92.18.171&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

checkapis.com
naveradmin.com
orwou.store
ai.checkapis.com
bot.checkapis.com
api.checkapis.com
naverhelp.in.net
naverhelp.co.in
secure.checkapis.com

# Reference: https://app.validin.com/detail?find=210.92.18.176&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

daun.o-r.kr
accountskakao.daun.o-r.kr

# Reference: https://app.validin.com/detail?find=210.92.18.166&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naverocrp.com

# Reference: https://app.validin.com/detail?find=210.92.18.178&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

daum.net.in
happy-carver.210-92-18-178.plesk.page
kakao.com.co
kts1.stgame.pe.kr
navercorp.city
navercrcp.com
stgame.pe.kr

# Reference: https://app.validin.com/detail?find=210.92.18.145&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

ipcheckapi.com
naverrer.com
naverrnail.com
updateplug.net

# Reference: https://app.validin.com/detail?find=210.92.18.190&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

account-google.info
nate.com.in
naverhost.in.net
naverscan.org
naverteam.info
siren24.info
mail.account-google.info

# Reference: https://app.validin.com/detail?find=210.92.18.167&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

mid-naver.com
natesupport.com
signin.mid-naver.com

# Reference: https://app.validin.com/detail?find=210.92.18.170&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naver.host
naver.in.net
naveraccount.com

# Reference: https://app.validin.com/detail?find=210.92.18.146&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

ictcvip.com

# Reference: https://app.validin.com/detail?find=210.92.18.163&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naxer-mobile.com
never-clouding.com
mail.naxer-mobile.com
mail.never-clouding.com

# Reference: https://app.validin.com/detail?find=210.92.18.189&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

microsoft-profile.info

# Reference: https://app.validin.com/detail?find=210.92.18.157&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

tolig.pe.kr
kttest1.tolig.pe.kr

# Reference: https://app.validin.com/detail?find=27.255.79.225&type=ip4&ref_id=1e1733dd7f7#tab=resolutions

maeilbox.com
st0746.net
upbit-kr.com

# Reference: https://x.com/byrne_emmy12099/status/1829013167940481140

handhygieneforhealth.org/wp-includes/css/song/dist.php

# Reference: https://x.com/VirITeXplorer/status/1829109307322904629
# Reference: https://www.virustotal.com/gui/ip-address/202.141.233.4/relations
# Reference: https://app.validin.com/detail?type=ip&find=202.141.233.4#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4/detection

zoorn.site
login.zoorn.site
ussc.zoorn.site
desbros.kro.kr
meetings.kro.kr
secbesm.kro.kr
zoom-meeting.kro.kr
zoom.meetings.kro.kr
bklis.desbros.kro.kr
client.publish.kro.kr
drequsm.secbesm.kro.kr
rem.zoom-meeting.kro.kr
/0829_pprb/d.php

# Reference: https://app.validin.com/detail?find=145.14.151.87&type=ip4&ref_id=1a3f4c9180c#tab=resolutions

afyoncekici.site
altinmaske.site
antalyacekici.site
antalyacekicim.site
antalyapeyzaj.site
koubasvuru.site

# Reference: https://x.com/eastside_nci/status/1829413692372586570
# Reference: https://app.validin.com/detail?type=ip&find=183.111.125.44#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=185.203.119.14#tab=resolutions

accounts.kakkao.com
driver.crabdance.com
kakkao.com
mailer.neomail.kr
mydrive.home.kg
naveor.3utilities.com
nid-naver.ddnsking.com
store.notici.as
ymail.notici.as

# Reference: https://app.validin.com/detail?find=8d5de7ecb18c720b5723d23de8b56da4&type=hash&ref_id=877f65306be#tab=host_pairs_v2

acount.notici.as
mailsystem.sumibi.org
manage-myinfo.smelly.cc
myaccount-verify.nard.ca
users.allisons.org
users.annaffiare.org

# Reference: https://app.validin.com/detail?find=5.182.210.210&type=ip4&ref_id=8ca70ccef65#tab=resolutions

mail-daum.ddns.net
nid1-naver.servehttp.com
nid-naver.serveirc.com
xo-nate-com.ml

# Reference: https://app.validin.com/lookalikes?mode=full&timeout=30&lookback=7&find=nid-naver
# Reference: https://app.validin.com/detail?find=131.153.13.235&type=ip4&ref_id=fe7a551c5d5#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/9e4e45e8f12db94997767bd3899968b9bc147bf08c062d3caea7f0864a67ea2c/detection
# Reference: https://www.virustotal.com/gui/file/8b0b62a31b348c5a2337ee69cfd3f68a427466539484f55f1cd2910237b59700/detection
# Reference: https://www.virustotal.com/gui/file/4b87b775cdb265ecd872a71be810d7816d0d8b54663b3c536862db098874f288/detection

http://131.153.13.235
nid-naver.icu
nid-naver.xyz
nid-naver.site
nid-naver.download
nid-naver.blogg.host
nidnaver.cf
nidnaver.co
nidnaver.ml
secdownserv.com
nid-naver.secdownserv.com

# Reference: https://app.validin.com/detail?find=79.133.57.36&type=ip4&ref_id=0989d8ab1a4#tab=resolutions

bitservercom.cfd
calendarserver.cfd
newsservercom.cfd
noteupdateserver.cfd
s10diaoioerqoiwueriooiqizer.buzz
s5zdoqueyaoizmdiqowoaiwse.buzz
serverooocom.cfd
ssiqoqyaizmdoaieots.buzz
tianserver.cfd

# Reference: https://app.validin.com/detail?find=173.211.46.158&type=ip4&ref_id=0989d8ab1a4#tab=resolutions

dataserveronline.cfd
matswolfserver.cfd
mydataserveronline.cfd
nonlineservicein.cfd
onlinekoniserver.cfd
onlineswolfserver.cfd
onlineswolfservice.cfd
policeservicecom.cfd
pswolfservice.cfd
ptotoservice.cfd
serveronlineinstall.site
serviceupdatemon.cfd
swolfserveroncony.cfd
swolfserveronkonycom.cfd
uawing977.cfd
updateservercom.cfd

# Reference: https://app.validin.com/detail?find=95.164.86.148&type=ip4&ref_id=0989d8ab1a4#tab=resolutions

aminnetworkstar.online
nitrogin.xyz
kh.aminnetworkstar.online
kharej.aminnetworkstar.online
server.aminnetworkstar.online

# Reference: https://app.validin.com/detail?find=79.110.52.198&type=ip4&ref_id=9984cef0f75#tab=resolutions

accounts2.download
help2.info
nid-naver.date
nid2-naver.online

# Reference: https://x.com/JangPr0/status/1831211999168196617
# Reference: https://www.virustotal.com/gui/file/fd2c6aa42264f7d555e4f1c8194f8c293ab02bc416e43b448cbd09912833d5cf/detection

/0821_pprbss/d.php

# Reference: https://x.com/byrne_emmy12099/status/1831236265599001062

communiquer.be/modules/mod_users_latest/src/Helper/0902_pprb/d.php
/0902_pprb/d.php

# Reference: https://x.com/byrne_emmy12099/status/1831591937310331065
# Reference: https://x.com/JangPr0/status/1834078674850906599
# Reference: https://www.virustotal.com/gui/file/57e9b7d1c18684a4e8b3688c454e832833e063019ed808fd69186c4e20df930a/detection

petssecondchance.larcity.dev
/modules/mod_custom/tmpl/andy/css.php
/modules/mod_custom/tmpl/kndu/dist.php

# Reference: https://x.com/byrne_emmy12099/status/1831827701814251742

mofa.bio

# Reference: https://wezard4u.tistory.com/429269
# Reference: https://www.virustotal.com/gui/file/b0963f531da46ce600c26de41c229edbf1cdf7389e0f998cfc8d9056f200a76d/detection
# Reference: https://www.virustotal.com/gui/file/bd017c642fcd0b46fb1201f22d395edbf16221ebbcb660f7329fb76067164d07/detection

hondes.getenjoyment.net

# Reference: https://www.virustotal.com/gui/ip-address/158.247.202.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/50.114.5.159/relations

appclouds.store
appstart.store
appview.site
appviewer.store
mail.appstart.store
wwwappa.appclouds.store
wwwicda.appclouds.store

# Reference: https://app.validin.com/detail?find=9497a1195f9ae6cc249b25131eab4b37&type=hash&ref_id=fe7abc05664#tab=host_pairs_v2

asanpolicy.lol
barpashop.ir
nmaveseo.lol
resolveissue.org
rnofa.store
kru2gs6007-r7l702-origin.zlongame.co.kr
mail.resolveissue.org
manage.barpashop.ir

# Reference: https://app.validin.com/detail?find=118.193.68.80&type=ip4&ref_id=6840f27ea05#tab=resolutions

bnxzcwdasde.top
drlopachildcare.com
fcklewc.top
muvkoec.cc
paj541.com
slh8.cn
wmvbh.space
xxdakuopra.top
xxdasjwqpe.top
xxdaskljpwq.top
xxdhsaowo.top

# Reference: https://app.validin.com/detail?find=27.255.81.107&type=ip4&ref_id=ca4b70e8eda#tab=resolutions

gooqle.com.co
namail.eu
accounts.gooqle.com.co
apis.gooqle.com.co
content.gooqle.com.co
myaccount.gooqle.com.co
play.gooqle.com.co
ssl.gooqle.com.co
youtube.gooqle.com.co

# Reference: https://app.validin.com/detail?find=27.255.81.109&type=ip4&ref_id=d08fd4e6a3e#tab=resolutions

naveer.r-e.kr
naven.n-e.kr
nhnlogin.kro.kr
nhnuser.r-e.kr
account.nhnlogin.kro.kr
mail.naveer.r-e.kr
mail.nhnuser.r-e.kr
nidlogin.naven.n-e.kr

# Reference: https://app.validin.com/detail?find=27.255.81.110&type=ip4&ref_id=d08fd4e6a3e#tab=resolutions

accoutatify.store
blogaccout.n-e.kr
ipapercloud.com
kakaoverify.lol
lorinsdbvnre.shop
navcaer.com
naveircorps.shop
nawercorp.store
nidclouds.com
nservicemail.online
severifyticate.store
ucloudpay.net
wonderstacks.com
mail.wonderstacks.com
ng.blogaccout.n-e.kr

# Reference: https://app.validin.com/detail?find=27.255.81.111&type=ip4&ref_id=d08fd4e6a3e#tab=resolutions

mycelp.store
myhelpp.store
mysecp.store
wemeng.store
cwtol.pe.kr
ktsp2.cwtol.pe.kr

# Reference: https://app.validin.com/detail?find=211.253.25.181&type=ip4&ref_id=7b4c4611581#tab=resolutions

vipchina.pe.kr
kts12.vipchina.pe.kr

# Reference: https://app.validin.com/detail?find=45.249.90.101&type=ip4&ref_id=7b4c4611581#tab=resolutions

cdn-naver.com
whocast.pe.kr
ktsp5.whocast.pe.kr
ssl2.cdn-naver.com

# Reference: https://app.validin.com/detail?find=45.249.90.107&type=ip4&ref_id=7b4c4611581#tab=resolutions

whocast2.pe.kr
ktsp7.whocast2.pe.kr

# Reference: https://app.validin.com/detail?find=158.247.200.44&type=ip4&ref_id=7b4c4611581#tab=resolutions

meconnect.info

# Reference: https://app.validin.com/detail?find=27.255.81.80&type=ip4&ref_id=fdbbb3cd229#tab=resolutions

fw388517.info
gudjqlo.shop
gvsdils.shop
gx191978.info
hr755982.info
iw943147.info
kz431311.info
navercorup.site
nbhfjg.online
nhbgvf.shop
nhgjb.online
njghhn.online
njgudd.shop
njhkmb.shop
njhuger.space
njkgvr.online
njkmb.online
njkuer.shop
nkgjhu.space
nmbvcr.shop
nmjhgt.space
nmjhkn.online
nodfvar.online
nvhfbg.shop
nvjsjer.online
nyvjer.online
service-info.co
webmanagger.info

# Reference: https://x.com/asdasd13asbz/status/1833383376658543001

drive-yonsei-ac-kr.bit-albania.com

# Reference: https://x.com/malwrhunterteam/status/1833248658831335691
# Reference: https://www.virustotal.com/gui/file/209f3ae75c872f204f7230f787662979edac2f26654e211778e349ec7e012311/detection

/0904_hck/d.php

# Reference: https://app.validin.com/detail?find=2555eeb04dcd940bcb6db530a0504da7&type=hash&ref_id=6840f27ea05#tab=host_pairs_v2

karaagego.com
packland7.asuscomm.com
packman.mydns.jp
payment.unsika.ac.id
wwwwwwwwxx.packman.mydns.jp

# Reference: https://x.com/malwrhunterteam/status/1805943410106225105
# Reference: https://app.validin.com/detail?find=216.107.137.73&type=ip4&ref_id=9bf3e886966#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/a65e1416735cefb370a04c01364a8816d284eb6b59e31150ddc235c4c059d275/detection

216.107.137.73:6516
adyw.shop
apolsx.online
asowesmc.store
eocdsol.xyz
hyunlaw.site
nialdosx.xyz
o3slc.shop
oawslx.xyz
olopsma.cloud
oolpasc.shop
ozaiku.shop
q7u8o0.online
qeoqwo.shop
qeowsc.site
qowlsga.online
sodlspa.shop
tolpa.shop
zioap.shop

# Reference: https://app.validin.com/detail?find=mx.naver.com&type=dom&ref_id=f49320ac47f#tab=dns

am0erpld.website
aopliofrdms.store
aqolsmcps.website
awelopsc.online
bocvg.website
brabnuio.online
golchalst.store
kiuk.shop
kopldc.website
l0psmx9cls.online
loapssmcix.site
loasom890.shop
loomnb.shop
lophjc.store
m90kpl.site
maps03lx.shop
masterbank.org
monolpscwoe.online
mp-sloa.store
niclc0rp.icu
nodndvnpcmqx.cloud
nodplsa.icu
nolibo.icu
olidmslciwo.icu
oloolo4.site
olpa-msok.store
omzplai2bo.store
opldialc.site
opm9dm.cloud
opqlaodb.site
opsscos.site
osaedop.site
poeratoe.site
polnmcufs.online
qiloq.store
qolpamcb.shop
rodop.store
sadpor.shop
so-pola.cloud
solp-mcn.online
soomk90.website
uslodma.cloud
vocmo.shop
vuiol.cloud
wleos.shop
x0lspcoo.website
x0plsm.site
yolpfjc.site

# Reference: https://app.validin.com/detail?find=79.133.51.174&type=ip4&ref_id=fce6632dac6#tab=resolutions

aloicps.online
aplosm.store
cafemolsop.store
capneno.shop
holui.shop
llopsmi.cloud
mailnicorp.shop
maisevr.tech
mallnalvec.fun
mebvop.online
melomp.shop
memcocp.site
meoslpx.online
milomac.cloud
mlopmooox.store
mopkxsb.shop
mxopl.site
nacc.store
nailcorp.autos
nicmalloc.store
nidcorpev.online
nidnavrcop.tech
nidscorp.website
nobol.store
nodlpamm.site
nolglok.store
olpls.cloud
oprls.shop
opsld.site
pelom.cloud
qmloas.website
safelcg.tech
secpldo.store
soplr.online
speolacn.site
splaos.site

# Reference: https://x.com/StrikeReadyLabs/status/1834412449291706503
# Reference: https://www.virustotal.com/gui/file/e0b4e3f7d35c182ca48c49c635138ab343c4415dae32a086ba19c0ecaf41936e/detection
# Reference: https://www.virustotal.com/gui/file/01c3e4114427cce7ab6bf90cfa72164a8cfd37dcadddb69817c31679e12fd263/detection

serverprotect.online
captcha.serverprotect.online

# Reference: https://x.com/JangPr0/status/1835682416738054190
# Reference: https://www.virustotal.com/gui/file/c4aba442d881cfa112fe3a6b1d2381b089cbe163828cfdb2d57abba95737a07d/detection
# Reference: https://www.virustotal.com/gui/file/963af57641c094df6b5656552daaafd5ced0a1435261e612a4640604d023ebca/detection
# Reference: https://www.virustotal.com/gui/file/41cf6298a41c27357ee5f70d8cd1c0bd48698fc30c4255fad6a91798286e5229/detection

64.49.14.181:7031
64.49.14.181:7032
64.49.14.181:8014

# Reference: https://x.com/0xmh1/status/1835900052679872688

member-apples.info

# Reference: https://x.com/eastside_nci/status/1836494626489774188
# Reference: https://app.validin.com/detail?find=1.214.206.78&type=ip4&ref_id=0d6a8e1c204#tab=resolutions

lnvoice.r-e.kr
nidiogln.o-r.kr
nidiogln.p-e.kr
nldiogin.o-r.kr

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.101/relations
# Reference: https://app.validin.com/detail?type=ip&find=154.90.63.101#tab=resolutions

fsc-notify.site
lnkedein.site
notion-notify.site
crfjpocslgdjmf6ddui0.ntscustoms.store
emv1.kdca.site
htp-out.wetax-pay.online
http-naver.hometaxctrl.online
http-naver.wetax-pay.online
http-out.wetax-notice.site
http-out.wetax-pay.online
http-out.wetax-pay.site
http-relay.wetax-notice.space
https-naver.hometaxctrl.online
https-naver.wetax-pay.online
https-out.wetax-notice.site
https-out.wetax-pay.online
https-out.wetax-pay.site
https-relay.wetax-notice.space
hxxp-naver.wetax-pay.online
hxxp-out.wetax-notice.site
hxxp-out.wetax-pay.online
hxxp-out.wetax-pay.site
hxxp-relay.wetax-notice.space
hxxps-naver.wetax-pay.online
hxxps-out.wetax-notice.site
hxxps-out.wetax-pay.online
hxxps-out.wetax-pay.site
hxxps-relay.wetax-notice.space
naver.wetax-pay.store
out.wetax-pay.site
smtp.wetax-pay.site

# Reference: https://x.com/byrne_emmy12099/status/1838137788870570058
# Reference: https://app.validin.com/detail?find=66.57.33.100&type=ip4&ref_id=c170e72b192#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/6aa86e6c5ca97af149bf22c4deb7b0456727a4c5e67b508c9518e8c8e1b79795/detection

ermisco.online
mngrdp.site
admin.mngrdp.site

# Reference: https://www.virustotal.com/gui/ip-address/45.14.246.53/relations

mxportal.p-e.kr
login.mxportal.p-e.kr

# Reference: https://x.com/0xmh1/status/1838474248182206942
# Reference: https://x.com/byrne_emmy12099/status/1838481636889116709

sqiesbob.com
evangelia.edu/img/503/doc/d.php

# Reference: https://x.com/eastside_nci/status/1838687293214757165
# Reference: https://www.virustotal.com/gui/ip-address/91.194.160.13/relations

apple-stores.shop

# Reference: https://x.com/byrne_emmy12099/status/1838719300288512213
# Reference: https://www.virustotal.com/gui/file/fd65c7a42458d05219cd6dad15b8ba28712a2d52e2f10a2060341aa03aedbab8/detection

http://121.66.72.110
121.66.72.110:8000
69.10.133.141:8000
ads.kseme.kro.kr
dkwis.kro.kr
gagos.genmobon.kro.kr
genmobon.kro.kr
kiskmain.kro.kr
kseme.kro.kr
main.dkwis.kro.kr
newrdp.kro.kr
rdp.newrdp.kro.kr
remotemng.site
sertme.kiskmain.kro.kr
/0918_uri_skle/dksleks?na=
/0918_uri_skle/dksleks
/0918_uri_skle/dksdlf?na=
/0918_uri_skle/dksdlf
/0918_uri_skle/
/dksleks
/dksdlf

# Reference: https://x.com/0xmh1/status/1839173077818814740
# Reference: https://x.com/0xmh1/status/1839463862057439266
# Reference: https://www.virustotal.com/gui/ip-address/101.36.114.91/relations

radiofreeasia.blog
rfa.lol
rfatotal.one
ww12.rfa.lol

# Reference: https://x.com/Syndikalist/status/1839580890961252849
# Reference: https://search.censys.io/hosts/167.88.170.199

drive-viewer.online
documents.drive-viewer.online
ns1.drive-viewer.online
ns2.drive-viewer.online

# Reference: https://x.com/byrne_emmy12099/status/1839419824595952066
# Reference: https://www.virustotal.com/gui/file/342c285efb8798fcba80d695cafc9ae1e097cecc72e01f25df85e4210e9fd638/detection

atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/denyhg.php
atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/dfef.php
atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/dvbhe.php
atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/dvfh.php
/0910_simba/
/0910_simba/denyhg.php
/0910_simba/dfef.php
/0910_simba/dvbhe.php
/0910_simba/dvfh.php

# Reference: https://x.com/byrne_emmy12099/status/1839697468625494142
# Reference: https://www.virustotal.com/gui/ip-address/103.76.228.204/relations

http://103.76.228.204
absera.p-e.kr
eislef.r-e.kr
ioes.kro.kr
watsme.kro.kr
aos.watsme.kro.kr
erts.absera.p-e.kr
opes.eislef.r-e.kr
soe.ioes.kro.kr
/0905_pprb/d.php
/0905_pprb/

# Reference: https://x.com/blackorbird/status/1839610696113459551
# Reference: https://x.com/Syndikalist/status/1839922986591101192
# Reference: https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/

bitjoker2024.000webhostapp.com

# Reference: https://app.validin.com/detail?find=158.247.215.96&type=ip4&ref_id=4bd84937ada#tab=resolutions
# Reference: https://app.validin.com/detail?find=84.246.85.175&type=ip4&ref_id=40e6ef58f0c#tab=resolutions

ncorpservice.site
ncservice.site
nmailteam.site
npalarm.store
npmails.site
npmanage.site
npnote.site
npsec.site
npsecure.store
npview.site
nviews.site
nviewsec.site
nwebmailcheck.site
nwebmails.site
nwebmans.store
nwebstay.store
nwebview.store
susi-susi.site

# Reference: https://app.validin.com/detail?find=89.187.28.147&type=ip4&ref_id=3503e360c03#tab=resolutions

applesec.site

# Reference: https://app.validin.com/detail?find=154.90.63.209&type=ip4&ref_id=9894aec55a6#tab=resolutions

bdasugiofahf.top

# Reference: https://app.validin.com/detail?find=156.244.19.95&type=ip4&ref_id=4a136f9cbb0#tab=resolutions

applcs.cloud

# Reference: https://app.validin.com/detail?find=192.121.162.82&type=ip4&ref_id=cd9d3bec7bc#tab=resolutions
# Reference: https://app.validin.com/detail?find=194.68.27.24&type=ip4&ref_id=cd9d3bec7bc#tab=resolutions

applesec.info
members-apple.com

# Reference: https://x.com/unpacker/status/1840575374939549769
# Reference: https://www.virustotal.com/gui/ip-address/67.217.60.68/relations
# Reference: https://app.validin.com/detail?type=ip&find=67.217.60.68#tab=resolutions

pkzz.org
bigfile.pkzz.org
cloud.adoubleu.de
linkdin.o-r.kr
downloadimage.mooo.com
accouts.linkdin.o-r.kr
share-defence.ohbah.com
share-defence.verymad.net

# Reference: https://app.validin.com/detail?find=74.48.150.189&type=ip4&ref_id=36d8005fa39#tab=resolutions

kerasin.store
telecomtm.life

# Reference: https://app.validin.com/detail?find=202.131.233.167&type=ip4&ref_id=a37a70f2294#tab=resolutions

ipinst.store
janskinmn.lol
japanmofa.co
pdfstore.store
somal.shop
somelmark.store
view-hwp.kro.kr
my.view-hwp.kro.kr

# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=services.banner_hashes%3D+%60sha256%3Afc773ddd38bdea1da844a4da0966438408d738b7600a42dfb8afd598ebfcb2e7%60

nmailsrv.site
nsecsupport.site

# Reference: https://x.com/Huntio/status/1840711527927849053
# Reference: https://app.validin.com/detail?type=ip&find=158.247.206.36#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=158.247.254.187#tab=resolutions

01onlinen.cfd
02onlinen.cfd
03onlinen.cfd
04onlinen.cfd
05onlinen.cfd
06onlinen.cfd
07onlinen.cfd
08onlinen.cfd
09onlinen.cfd
10onlinen.cfd
11onlinen.cfd
12onlinen.cfd
13onlinen.cfd
14onlinen.cfd
15onlinen.cfd
16onlinen.cfd
17onlinen.cfd
18onlinen.cfd
19onlinen.cfd
20onlinen.cfd
21onlinen.cfd
22onlinen.cfd
23onlinen.cfd
24onlinen.cfd
25onlinen.cfd
26onlinen.cfd
27onlinen.cfd
28onlinen.cfd
29onlinen.cfd
30onlinen.cfd
activegserver.store
activeonlineserver.store
activeserviceonline.store
aliveonlinerecover.store
aliveonlineserver.store
alivesiteserver.store
cancelrecoveronline.store
cancelrecoverservice.store
comrecoverserver.store
enter01aaa6n4xxz.cfd
enter02aaa69seoh.cfd
enter03aaahrm3hy.cfd
enter04aaa1t3nqv.cfd
enter05aaapsicia.cfd
enter06aaal9x4d5.cfd
enter07aaat95u3r.cfd
enter08aaa6q7vqq.cfd
enter09aaal1s3p6.cfd
enter10aaadopee9.cfd
enter11aaanjwhp8.cfd
enter12aaamf92xb.cfd
enter13aaaznk4ed.cfd
enter14aaa9a1i4g.cfd
enter15aaaq4958f.cfd
enter16aaajlqvtk.cfd
enter17aaa77ujds.cfd
enter18aaaphyjfc.cfd
enter19aaa4cfx1c.cfd
enter20aaab1b7zd.cfd
enter21aaa0ub39z.cfd
enter22aaaklr7pf.cfd
enter23aaaqijf8o.cfd
enter24aaakt709e.cfd
enter25aaa9tdhus.cfd
enter26aaajw0tvl.cfd
enter27aaavr3494.cfd
enter28aaaradcbl.cfd
enter29aaaowevvu.cfd
enter30aaainq4u3.cfd
enter31aaartpxk6.cfd
enter32aaa4wncrs.cfd
enter33aaagwfnqd.cfd
enter34aaabuj3zn.cfd
enter35aaadobseq.cfd
entergonlinerecover.store
enteronlinerecover.store
enterrecoveronline.store
enterrecoverservice.store
grecoveronlineservice.store
onactivereqonlinecom.store
onlineactiverequest.store
onlinelivecom.store
onrequestserver.store
recmaservice.store
recserviceonline.store
req01avziemzc.cfd
req02ajajznvzc.cfd
req03jjmnzccv.cfd
req04zovbnzc.cfd
req05iiizncccla.cfd
req06jaivnzccc.cfd
reqons01hyush2.cfd
reqons02eg7dr9.cfd
reqons037610nq.cfd
reqons045e5yxs.cfd
reqons05bj9vy5.cfd
reqons0623oplv.cfd
reqons07n7qmfd.cfd
reqons08274jg0.cfd
reqons09maqun7.cfd
reqons10hapwp4.cfd
reqons11y48b0e.cfd
reqons121gdvu5.cfd
reqons1385xxp9.cfd
reqons140x6gym.cfd
reqons15u54pc6.cfd
reqons165ecpq9.cfd
reqons17wmxeqf.cfd
reqons18lblnyp.cfd
reqons19xtcqwf.cfd
reqons202gokmp.cfd
requsetliveserver.store
sendactiverequest.store
sendreqestonline.store
serverrecoveronline.store
servicegaccount.store
servicegonline.store
sirecoverserver.store
siteaccountlive.store
sitealivecomservice.store
sitealiveserver.store
siteonlinerecover.store
siteonlinerecovercom.store
siterecoveronline.store
siterecoverservice.store
soactivecomserver.store
stawb01gn0wis.cfd
stawb02np9xva.cfd
stawb03jsf615.cfd
stawb04sgrzfj.cfd
stawb05zfelp0.cfd
stawb06w44vp6.cfd
stawb0793wkzx.cfd
stawb086n5nqp.cfd
stawb091onxxc.cfd
stawb10thx69e.cfd
stawb11zibyxr.cfd
stawb12rxy4od.cfd
stawb13hhjij2.cfd
stawb144fh5z4.cfd
stawb15q9x8mb.cfd
stawb16d9jor9.cfd
stawb177t52b8.cfd
stawb18nkj77h.cfd
stawb192yt6zm.cfd
stawb207dusgy.cfd
stawb21bl4qrm.cfd
stawb22kneus3.cfd
stawb23hliaul.cfd
stawb24u70y20.cfd
stawb25nl3bq9.cfd
stawb26bs0nww.cfd
stawb277jl796.cfd
stawb28ie0uhc.cfd
stawb29dwc8kw.cfd
stawb30vrdi53.cfd
stawb31ps6gs1.cfd
stawb320csitg.cfd
stawb33m9tcia.cfd
stawb34ryer9k.cfd
stawb35vlu7za.cfd
stawb368logok.cfd
stawb37ur1b3o.cfd
stawb38bn6i55.cfd
stawb39p3o67w.cfd
stawb403v9zdu.cfd
stawb416tr4on.cfd
stawb42dz14p5.cfd
stawb43dnnytx.cfd
stawb4472ekh2.cfd
stawb45ytmrej.cfd
stawb466scgiy.cfd
stawb474p5wpx.cfd
stawb48han4hk.cfd
stawb4908udlz.cfd
stawb50e92u4m.cfd
useactiveonline.store
visitghostingonline.store
visitghostingserver.store
visitghostserver.store
visitrecoverserver.store

# APK

/Kisa%20Vaccine.apk
/KisaAndroidSecurity.apk
