# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: poseidon stealer, rod stealer, rodmacer stealer

# Reference: https://twitter.com/phd_phuc/status/1651001139750420480
# Reference: https://twitter.com/phd_phuc/status/1651002681798926337
# Reference: https://www.virustotal.com/gui/file/2175cc3bc1e3bf4cc27a9524b34d47c14b9aa094061600c0c4bfee9447bd54b4/detection

37.220.87.16:5000
amos-malware.ru

# Reference: https://twitter.com/malwrhunterteam/status/1651496976486154240
# Reference: https://www.virustotal.com/gui/file/2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097/detection

3fa-all.life
any-viewer.com
app-torrent.org
app-trade.net
apps-torrent.com
apps-torrent.net
apps-torrent.org
apps-trade.org
atom-apps.net
auth-apps.club
auth-apps.org
auth-secure.org
axx-play.com
brav-down.com
brav-down.org
bravs-down.com
ens-apps.com
files-box.org
forexx-meta.com
gram-apps.com
gramm-download.net
gua-wallet.com
gua-wallet.org
itrezor.net
itrezor.org
memo-apps.net
memo-apps.org
meta-forexx.com
meta-forexx.net
meta-forexx.org
notion-apps.net
otp-apps.net
otp-apps.org
pass-save.com
ph-wallet.org
phan-apps.com
phantom-wallet.net
play-axi.net
q-torrent.com
q-torrent.net
q-torrent.org
remote-apps.net
remote-apps.org
saver-pass.life
secure-apps.org
security-apps.net
security-apps.org
skii-weaver.com
skii-weaver.net
team-apps.club
torent-u.com
tortent-u.com
tortent-u.org
twill-down.com
twillo2.club
u-torrent.org
uploads-test.org
uth-app.life
vl-play.club
w3fa-all.life
wallet-atom.com
wauth-secure.org
web-wallet.org
wu-torrent.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
# Reference: https://otx.alienvault.com/pulse/64fa053f6f16dd0914077358

app-downloads.org
trabingviews.com
u0131ews.com
xn--gsvews-r9a.com
xn--tradgsvews-0ubd3y.com

# Reference: https://twitter.com/1ZRR4H/status/1700206318718509292

cleanmac-app.top

# Reference: https://threatfox.abuse.ch/ioc/1164482/

http://185.106.93.154
maybe.host
api.maybe.host

# Reference: https://twitter.com/MalGamy12/status/1705151026976760309
# Reference: https://www.virustotal.com/gui/file/19023cd72c8de1423e8082232099c6e38db3e78ceca179af104a3b1ad579d8a5/detection

http://45.144.29.39

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://185.215.113.116

# Reference: https://twitter.com/g0njxa/status/1710678871799152913

dafu-xiaoniangao.monster
/askdaskdIB/22987ggg
/22987ggg
/askdaskdIB

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://104.21.17.179
http://171.22.28.248
http://172.67.177.191
http://185.172.128.163
http://185.172.128.31
http://185.215.113.71
http://194.169.175.117
http://194.49.94.93
http://5.182.86.8
http://5.42.65.107
http://5.42.65.55
http://79.137.198.170
http://89.208.105.191

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
# Reference: https://otx.alienvault.com/pulse/655deaade608a53b8d4ada31

chalomannoakhali.com
jaminzaidad.com
royaltrustrbc.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.98/relations
# Reference: https://www.virustotal.com/gui/file/0956ab422b6bcc44fed1504b524c8bb8c4491da42552c3b179d6bbcb3dc24c85/detection

http://5.42.65.108
trialap.com
slack.trialap.com

# Reference: https://twitter.com/r3dbU7z/status/1748103869375128024
# Reference: https://www.virustotal.com/gui/ip-address/23.227.199.33/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.92.244.104/relations
# Reference: https://www.virustotal.com/gui/file/0316b4d2186dbfbaef8929cb18fed6d6a5ba7a923fd005c94b458b7dd3ada6a8/detection

daddyvjxsa.online
daddyvjxsa.site
parailels.online
parallells.online

# Reference: https://twitter.com/r3dbU7z/status/1755063296145736023
# Reference: https://twitter.com/r3dbU7z/status/1771867585673392149

aianubhav.com
accoun10.com
guruveera.com

# Reference: https://twitter.com/moonlock_lab/status/1772323469947978002
# Reference: https://www.virustotal.com/gui/file/511a01dcb0fe86c9f2f432400a28487d53e83cdb03af7701f28511f260eb1a83/detection
# Reference: https://www.virustotal.com/gui/file/07a4618b5d9e057de25977ec2bd698e3070280be162aaed16b45cdef3ccad862/detection

79.137.192.4:443

# Reference: https://twitter.com/r3dbU7z/status/1786009485846204504
# Reference: https://www.virustotal.com/gui/file/26576c710b3025a4e1b46f78a0e1a9a276e2107291771ae1a9792ebffa2ef930/detection

notion.ph

# Reference: https://twitter.com/birchb0y/status/1790746238758817821
# Reference: https://alden.io/posts/infostealers-a-brewin/
# Reference: https://app.any.run/tasks/834cae35-e7c8-4e63-a66b-814f676e6af2/
# Reference: https://www.virustotal.com/gui/file/513bb09807c9c343fccf7df30f687ea490125745e5ae02177c92efeb514e4b30/detection

http://109.120.178.3
http://158.255.213.85
http://162.252.175.220
http://5.255.107.149
http://5.42.100.86
http://77.221.151.41
http://79.137.192.4
http://85.217.222.185
79.137.192.4:443
aroqui.com
axcrid.com
brews.icu
coinpepe.xyz
homebrew.cx
homebrew.page
homebrewl.pro
hornebrew.mom
mpsime.com
nnvious.com
rectanglemac.pro
trello.bio
willowsushi.com
brew.pages.dev
docs.homebrew.cx

# Reference: https://x.com/Threat_Down/status/1791912008746430748

http://5.182.86.95

# Reference: https://x.com/moonlock_lab/status/1793702034782433441
# Reference: https://www.virustotal.com/gui/file/60ad28afc1b3bd1cfd671c8f5fad7398e1cb7bd811498ef8a371007c4c32e75e/detection
# Reference: https://www.virustotal.com/gui/file/30b89622c779dd06faa909e7e0b8e88f3b75ca78fad00c4cf0ef7db320e3b218/detection
# Reference: https://www.virustotal.com/gui/file/2e3dcbccd9c774a43ec8565378c4ae9f4f6048b5f4c984d99e4f000858b688e3/detection

forked-project.com

# Reference: https://x.com/birchb0y/status/1793735550744375338
# Reference: https://app.validin.com/detail?find=185.172.128.72&type=ip4&ref_id=9fd035b569f#tab=resolutions

altllayer.com
earlymodenetwork.com
leaderwallets.org
lfgjupiter.com
mantanetwork.dev
newparadigm.dev
pixelcommunity.xyz
rodrigos.io

# Reference: https://x.com/Threat_Down/status/1794033775980032497
# Reference: https://www.virustotal.com/gui/file/27ed8f5684e32217a073200ac80d822825f4e9954797f6682c7a6c8d0951fb88/detection

http://65.108.232.23
calenserty.com

# Reference: https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/
# Reference: https://otx.alienvault.com/pulse/65b915078b79508127f170a9

arcbrowser.pro
cleanmymac.pro
parallelsdesktop.pro
pixelmator.pics

# Reference: https://x.com/arch1ehic0x/status/1803095125779791980
# Reference: https://x.com/karol_paciorek/status/1803357816746360903
# Reference: https://x.com/karol_paciorek/status/1803362692566028490
# Reference: https://app.validin.com/detail?find=ROD%20STEALER&type=raw&ref_id=2874a9d4ee7#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/b68fbd104d13e025928f29bb90a25ab5b552ba1275ccd11869cf626fca85fb46/detection

http://185.172.128.110
onipars.pw
truck-ord.site

# Reference: https://x.com/arch1ehic0x/status/1806678546607227054
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.60/relations
# Reference: https://www.virustotal.com/gui/file/474ee78c6636ee478ea7f4521559679fbc468bb326357737bfc465e63ed153fa/detection

agov-access.com
agov-access.net
agov-ch.com
agov-ch.net
register-agov.com
register-agov.net

# Reference: https://x.com/NDA0E/status/1806818805961912577

lascolinasresortdalas.com
login-auth-office.com
osheafarm.com
poseidon.cool
robsheraldry.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/ (# 2024-07-01)

http://186.2.171.60
http://37.27.82.196
http://68.66.226.80
186.2.171.60:443
37.27.82.196:443
agovaccess-ch.com
b2cidp-mobilier.com
bitp.alamri-ip.com
bitp.alan.my
bitp.alkareemimport.com
bitp.avansisgroup.com
bitp.blueroselb.com
bitp.clementinasketchbook.com
bitp.dicoar.com
bitp.ebibote.com
bitp.fromagetambourin.fr
bitp.grantindonesia.com
bitp.hapa5387.odns.fr
bitp.heavenconstruction.pk
bitp.heavenmarketing.pk
bitp.htechs.com
bitp.idealindustryltd.com
bitp.kkenterprises.pk
bitp.navihost.in
bitp.nwg.com.pk
bitp.olivrodapatria.online
bitp.ontech.co.zm
bitp.phrapitta.com
bitp.pisuka.com
bitp.pouradhwani.com
bitp.quasar.sa
bitp.quick-eg.com
bitp.raagifts.com
bitp.siupk.net
bitp.smslogin.xyz
bitp.sviat21.com
bitp.tami8849.odns.fr
bitp.tiedyeromania.ro
bitp.tilakhighfiji.com
bitp.weltpropiedades.cl
bitpa.ananyajain.com
bitpa.artemilenario.fr
bitpa.athleticshub.co.uk
bitpa.babajani.com
bitpa.bariel.co.id
bitpa.beautifulbooze.com
bitpa.bghbd.com
bitpa.bicoman.net
bitpa.casamagdalenapublicidad.com.co
bitpa.combienemetmonargent.info
bitpa.dctcbd.com
bitpa.desipolska.pl
bitpa.dogfestival.gr
bitpa.drcaraccessories.com
bitpa.eamarseba.com
bitpa.elshamel.online
bitpa.guptavedika.com
bitpa.hostpinas.com
bitpa.innovatalks.com
bitpa.jcaisse-dev.org
bitpa.mathinmaps.net
bitpa.mejoresconsejosvida.online
bitpa.miogatto.gr
bitpa.miogatto.greffectual
bitpa.moralesalducin.com
bitpa.mydreamsltd.com
bitpa.nationaltemps.co.uk
bitpa.neebs.edu.np
bitpa.newestrealty.com
bitpa.owanbefood.com.ng
bitpa.palms77hotel.com
bitpa.planethair.gr
bitpa.professoranagida.online
bitpa.pta-greece.gr
bitpa.remoteprints.com
bitpa.sarshipping.net
bitpa.smsfi.com
bitpa.socialobserver.in
bitpa.soltita.com
bitpa.tatlibuketi.com
bitpa.tigercampcorbett.com
bitpa.toel4298.odns.fr
bitpa.vendotuttonline.com
bitpa.vissnatech.ir
bp.4dpayme.com
bp.absolutairarcondicionado.com.br
bp.afrokulchagroup.com
bp.americansports.com
bp.aminadabelago.com.br
bp.appoemn.org
bp.bernard-bourcy.net
bp.blogcanadiense.com
bp.brankenattorneys.co.tz
bp.cairnhillwatches.com
bp.car.co.tz
bp.celebratebloomfield.org
bp.celloxwatches.com
bp.ctvidamelhor.com.br
bp.davidliving.com
bp.dieterforjudge.com
bp.dumbeg.com
bp.easthartfordinterfaith.org
bp.edgenetworks.rs
bp.emporioecuador.com
bp.fatp.co.tz
bp.flyingdonvstg.franciaim.net
bp.fortclean.net
bp.fursforus.net
bp.hotelultimafrontiera.com
bp.innovatalks.com
bp.isap-union.gr
bp.jpxhelmet.com
bp.kgcdiary.com
bp.kidsightusa.org
bp.killerworkdev.com
bp.linenessentials.com
bp.littleleafstudio.co.uk
bp.lyctechnologies.com
bp.marthareingold.com
bp.mgcsw.gov.ss
bp.mibenditoadolescente.com
bp.moimoveis.com.br
bp.movie.co.tz
bp.myindiamall.in
bp.natenrjs.com
bp.nationalbeatpoetryfoundation.org
bp.news.co.tz
bp.niceguyrebrands.xyz
bp.paltouchsystems.net
bp.petersparre.com
bp.rafikidodomahotel.com
bp.richardobenton.com
bp.riscasvicosas.pt
bp.saleseconomic.com
bp.sc1jtfu9765.universe.wf
bp.segurobligatorio.pro
bp.seo7sry.com
bp.shivaagorealty.com
bp.stasy-union.gr
bp.sygenpharma.com
bp.tdsorsta.ro
bp.trueearthchanges.com
bp.video.co.tz
bp.watertownctlions.org
bp.wegolions.org
bp.wheelsofwilliamsport.com
bp.wheelsofwilliamsport.net
bp.wocrimestoppers.org
bp.worldcup.co.tz
dibbadu.absoluteitbd.com
dibbadu.arkaconstructores.com
dibbadu.caelectrons.com.br
dibbadu.carboneralabanda.com.co
dibbadu.ciptransfer.com
dibbadu.dolphinmanagement.ro
dibbadu.evergraphics.com
dibbadu.geofieldp.com
dibbadu.institutointei.com
dibbadu.millennialstourandtravel.co.ke
dibbadu.myportfolio.com.co
dibbadu.nextsol.com.br
dibbadu.planamoveis.com.br
dibbadu.proexcon.com
dibbadu.promoveazaonline.com
dibbadu.smartfuture.co.za
dibbadu.sscmcc.cl
dibbadu.sulmov.com.br
dibbadu.trujilloserrano.com
eportal-be.com
eportal-bs.com
extraiptv.giize.com
finanzportal-vermogenzsentrum.com
finanzportal-vermogenzsentrum.net
getgrammerly.com
hd.hdweb2.pw
ip.tvguzel.com
loginzug.com
newcp.abagenciamarketingdigital.com
newcp.adrenalinanet.com.br
newcp.afrikwebacademy.com
newcp.americansports.com
newcp.amtech.sd
newcp.andersonconstantino.com.br
newcp.ankaracilingirci.com
newcp.ankaradatemizliksirketi.com
newcp.ankarasevkattesisat.com
newcp.arteimparables.online
newcp.atlasfizyoterapi.com.tr
newcp.aurcleaning.com
newcp.aurejewelry.ca
newcp.avalanche-store.com
newcp.balcovacicekciler.com
newcp.bayraklicicekciler.com
newcp.bazis-t.uz
newcp.beyondxgroup.online
newcp.bitezeventwedding.com
newcp.bizaccord.com.pk
newcp.bnkilaclama.com
newcp.bonggayon.com
newcp.bornovacicekciler.com
newcp.boscosoft.ae
newcp.botchats.in
newcp.brntemizlik.com
newcp.clay.net.in
newcp.colegioburiti.com.br
newcp.coliturcusco.com.pe
newcp.departamentosenpueblolibre.com
newcp.dihucar.com
newcp.dominantlegaltrans.com
newcp.essasattire.com
newcp.essentemizlik.com
newcp.fahadengineerings.com
newcp.franciaim.net
newcp.frederic-monereau.com
newcp.freud.radi0.im
newcp.fxtransportation.com
newcp.gaziemircicekciler.com
newcp.generation-green.ma
newcp.geofieldp.com
newcp.ghdemo.com.tr
newcp.grid-edge.com.au
newcp.gridedgenews.com
newcp.gssgroup.co.ke
newcp.h-bsofwares.com
newcp.harasselection.com.br
newcp.hiraotomatikkapi.com
newcp.hypercctv.org
newcp.icredes.com
newcp.iluminate.com.mx
newcp.induslab.net
newcp.inkopau-rentcar.com
newcp.ithalatcimiz.com
newcp.japeto.ro
newcp.jcgama.com
newcp.johnballis.com
newcp.karyacorp.com
newcp.libuinsi.my.id
newcp.liderford.com
newcp.lindaballis.com
newcp.lojaflordocerrado.com.br
newcp.lourencoviajante.pt
newcp.maeslanden.nl
newcp.maskinsoftware.com
newcp.maxxcontrol.com.tr
newcp.medyapm.com
newcp.meiya.co.ke
newcp.metse.co.bw
newcp.mexicodemaria.mx
newcp.multipolarsolution.com
newcp.naseemtravels.com
newcp.neutown.com
newcp.ngopicoding.com
newcp.niceguyrebrands.xyz
newcp.nirmalexpertsolutions.com
newcp.oiltanker.com.ng
newcp.olivrodapatria.online
newcp.perapeyzaj.com
newcp.piolinspa.cl
newcp.plastikiniai-langai.eu
newcp.pnmls.cd
newcp.posdata-si.com
newcp.qadricaterers.com
newcp.ram-service.cl
newcp.recubplast.com.co
newcp.royalcontingencia.com
newcp.rsquad.co.ke
newcp.safipompe.ma
newcp.sagarsprings.com
newcp.sbaqala.pk
newcp.sc3bhgr7781.universe.wf
newcp.seo7sry.com
newcp.skinorra.com
newcp.smartlabor.it
newcp.solarib.com
newcp.sosgestion.com.co
newcp.spiegelenergy.com
newcp.spiegelenergy.com.au
newcp.stargazemining.co.za
newcp.superanimalpet.com
newcp.tamilankadai.com
newcp.tamminguyen.co.uk
newcp.tammisnaps.com
newcp.techcube.in
newcp.termomecconsultoria.com.br
newcp.thebestbodrumtemizlik.com
newcp.thebestbodrumtemizlik.comlounge
newcp.thisisafricas.com
newcp.tuintiadmin.com
newcp.ultisol.co.za
newcp.universal-kikaku.com
newcp.uns-kikaku.com
newcp.urunstand.com
newcp.visualmakers.com.pk
newcp.vozminera.mx
newcp.wine-ar.com
newcp.youknowpeople.com
newcpp.1ihost.com.br
newcpp.3dsurf.ir
newcpp.4182-0006ac95072f.wptiger.fr
newcpp.abarclinic.com
newcpp.abrakadabra.com.pe
newcpp.aceleraventas.com
newcpp.activelifemd.com
newcpp.addisbasketball.com
newcpp.adrenalinanet.com.br
newcpp.afrokulcha.co.za
newcpp.afrokulchagroup.com
newcpp.afrokulchatravel.co.za
newcpp.almoajel.sa
newcpp.altaymediaalbania.org
newcpp.aminadabelago.com.br
newcpp.apa.ba
newcpp.aurejewelry.ca
newcpp.aurespa.ca
newcpp.averynigeria.com
newcpp.balebuku.my.id
newcpp.bandamuveegroov.com.br
newcpp.banjarkode.com
newcpp.better-gpt.org
newcpp.billionairesestate.com
newcpp.bocadosdeamor.com
newcpp.build-2-suit.com
newcpp.casadefriossaobenedito.com.br
newcpp.casamagdalenapublicidad.com.co
newcpp.cncmorelos.org
newcpp.confidable.com
newcpp.conquermark.com
newcpp.constructoraharr.clapostolic
newcpp.credencewatches.com
newcpp.damaskin.ro
newcpp.danmartin.ro
newcpp.dilagosburguer.com.br
newcpp.ditsaambiental.com
newcpp.dktravel.com.ec
newcpp.doncellafem.com
newcpp.dsts-immigration.com
newcpp.dungnguyenarchi.com
newcpp.durumdelight.com
newcpp.easthartfordinterfaith.org
newcpp.education21kulimpku.com
newcpp.embassydevelopments.com
newcpp.espace-food.com
newcpp.espinhoserosas.com.br
newcpp.exactcolor.co.ke
newcpp.faforlife.com.ng
newcpp.faforon.com
newcpp.faforon.com.ng
newcpp.falahatishop.com
newcpp.fatp.co.tz
newcpp.faybd.com
newcpp.fitnessupbeat.com
newcpp.fridaybd.com
newcpp.fundacionequiterra.org
newcpp.gemsinnovation.com
newcpp.gridedge.com.au
newcpp.gridedgenews.com
newcpp.h-bsofwares.com
newcpp.harmonyvillage.gr
newcpp.hotel.co.tz
newcpp.huncanlit.com
newcpp.husamekhrawesh.com
newcpp.ibis-inspection.com
newcpp.ilutex.com.br
newcpp.imcbgten4.org
newcpp.institutoiba.org.br
newcpp.inversionesllort.com
newcpp.isabelaayrosa.adv.br
newcpp.johnballis.com
newcpp.kgcdiary.com
newcpp.khabarworld.com
newcpp.killerworkdev.com
newcpp.kotok.net
newcpp.ktktech.my.id
newcpp.kystibbi.com.tr
newcpp.lacitavilla.com
newcpp.lakcards.lk
newcpp.lenterdit.com.ar
newcpp.levinesolutions.net
newcpp.lindaballis.com
newcpp.logdist.ma
newcpp.ludotenis.com
newcpp.luicreativestudio.com
newcpp.magyarkoltok.com
newcpp.mahtokitchencare.com
newcpp.meadvilleorthodontics.com
newcpp.medicalmedia.com.mx
newcpp.meiya.co.ke
newcpp.moimoveis.com.br
newcpp.moralesalducin.com
newcpp.movie.co.tz
newcpp.musamwaky.co.tz
newcpp.nationaltemps.co.uk
newcpp.natroglobal.com
newcpp.news.co.tz
newcpp.nonisec.com
newcpp.nonisec.com.ar
newcpp.ontrace.id
newcpp.park-systems.net
newcpp.payall.com.ng
newcpp.pkmkaranganyar.com
newcpp.pmkt.ao
newcpp.polomilano.com
newcpp.polyvin.com.br
newcpp.powerunits.com.ng
newcpp.powerunits.com.ngwittily
newcpp.powerunits.ng
newcpp.princekushwaha.com.np
newcpp.protrans.com.ph
newcpp.quantum-ev.co
newcpp.quasar.sa
newcpp.quasarful.com
newcpp.recettecuisinegastronomie.fr
newcpp.revenueacademy.it
newcpp.saamtrek.co.za
newcpp.sagarsprings.com
newcpp.sandrasperling.com
newcpp.sbtabriz.com
newcpp.sc1jtfu9765.universe.wf
newcpp.scotiaperu.pe
newcpp.seguroautoagora.com.br
newcpp.seis.co.ke
newcpp.sketchersdesign.co.ke
newcpp.smartzone.sa
newcpp.spiegelenergy.com
newcpp.sscmcc.cl
newcpp.stayeasyplus.com
newcpp.stratwood-gs.ro
newcpp.streakk.com.ng
newcpp.tabledemassagepliante.fr
newcpp.tdsorsta.ro
newcpp.techtrust.pt
newcpp.tecsoluciones.com.pe
newcpp.testabeko.mamaquette.fr
newcpp.thehumanitarianfund.org
newcpp.themavvel.co.ke
newcpp.tracymasonmedia.com
newcpp.uns-kikaku.com
newcpp.uptourismguide.com
newcpp.upvs.com.ng
newcpp.urushomestay.com
newcpp.vanguardaamazonense.com.br
newcpp.wecarefamilydentistry.com
newcpp.wpsuperlink.online
newcpp.wychelmconnect.com.ng
newcpp.xyfinity.co.za
newscp.aaptiroots.in
newscp.academicindia.in
newscp.aeni-script.my.id
newscp.agenciazurc.com.br
newscp.ainirentcar.com
newscp.akia.com.mx
newscp.alauddinsweetmeat.com.bd
newscp.allkemie.com
newscp.almastudio.pe
newscp.antaema.com
newscp.arabic.du.ac.bd
newscp.area14st.com
newscp.aromatherapyacademy.com
newscp.atiliomarola.com.ar
newscp.aunurrafiqofficial.com
newscp.bangfirmanofficial.com
newscp.bariel.co.id
newscp.blueheadfilms.com
newscp.botchats.in
newscp.carboneralabanda.com.co
newscp.carvalhocruz.com.br
newscp.cgsbim.cl
newscp.chaucatotoursperu.com
newscp.clay.net.in
newscp.cncmorelos.org
newscp.colbachabierto.com
newscp.colbiomor.org
newscp.computertechsperts.com
newscp.contechprojects.com
newscp.danmartin.ro
newscp.darfurfm.sd
newscp.debambu.es
newscp.debellis.com.br
newscp.digitalmaster.ro
newscp.dolphinmanagement.ro
newscp.dominioarquitectura.com
newscp.ebitan.com.bd
newscp.entreprisesdavenir.fr
newscp.exideinverterbattery.in
newscp.fatp.co.tz
newscp.gclenterprises.in
newscp.geber.com.mx
newscp.geliankft.hu
newscp.grupoempresarialvasram.com
newscp.grupomv.com.py
newscp.hchemical.sd
newscp.heefhotel.com
newscp.hospitaldesanluis.com.co
newscp.hotelultimafrontiera.com
newscp.hydrosolutions.pe
newscp.ibis-inspection.com
newscp.inncomex.com.mx
newscp.internetareal.net.br
newscp.janeladedramaturgia.com
newscp.junoindia.com
newscp.kashier365.com
newscp.khulumameals.co.za
newscp.laboratoriomacruzfarma.com
newscp.lf21.my.id
newscp.machaquila.com
newscp.mappingcanvasser.com
newscp.maridadymotors.co.ke
newscp.mexicodemaria.mx
newscp.mgglobalinvest.com
newscp.myindiamall.in
newscp.myportodigital.site
newscp.ndwc.com.py
newscp.nextsol.com.br
newscp.nppp.pk
newscp.nsaservices.com.br
newscp.oanachivu.ro
newscp.officialrtv.com
newscp.oiltanker.com.ng
newscp.ontrace.id
newscp.posdata-si.com
newscp.psiqo.com.pe
newscp.rafaelhsouza.com.br
newscp.ranasariagroup.com
newscp.roborave.mx
newscp.romalogistics.com.pe
newscp.sacs.ec
newscp.sagarsprings.com
newscp.savannah.sd
newscp.sc1dsnb7288.universe.wf
newscp.sc1tmtd4794.universe.wf
newscp.sc3bhgr7781.universe.wf
newscp.seotoronto.company
newscp.siarabd.com
newscp.slagveld.co.za
newscp.soltani-shopping.com
newscp.srprof.com
newscp.superanimalpet.com
newscp.swammovers.com
newscp.thirtyline.com.my
newscp.top2stay.com
newscp.tora-ks.com
newscp.tracymasonmedia.com
newscp.trimitrateknikmandiri.com
newscp.universalauto2000.it
newscp.usgonline.mx
newscp.valledelinka.com.pe
newscp.webhostingneo.co.id
newscp.xmartechpro.com
newscp.xpresscard.info
newscp.youthtuko.org
panda.arcaem.com
panda.ckinam.com
panda.creativeeventsbd.com
panda.dilagosburguer.com.br
panda.ffde.com.br
panda.fxtransportation.com
panda.grupoqueiroz.pt
panda.japanbangladeshhospital.com
panda.laofix.com.tr
panda.levinesolutions.net
panda.lojaniq.com
panda.sixfibras.com.br
panda.superdreadi.com
panda.tafca.cl
panda.vifurni.com
panda.viralhab.com
panda.vuacanvas.com
pipp.agauto.co.ke
pipp.debellis.com.br
pipp.diasecampos.com.br
pipp.dilagosburguer.com.br
pipp.dipankardey.com
pipp.eshaqlaw.com
pipp.japanbangladeshhospital.com
pipp.laofix.com.tr
pipp.nsaservices.com.br
pipp.pantallita.com
pipp.retromad1.ro
pipp.seo7sry.com
pipp.showroomilgiornodopo.it
pipp.sixfibras.com.br
portals-swisslife.com
sso-geneveid.com
tv.surebettr.com
tv.yayins.com
zestyahhdog.com
zug-login.com

# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.59/relations

bitp.funhaus.com.br
bitp.lesamisduvelo.fr
bitpa.adm-informatique.fr
bitpa.alkoukhonline.com
bitpa.amberconsult.com.ng
bitpa.ananyaholidays.com
bitpa.ananyaresorts.com
bitpa.ananyaventures.com
bitpa.arthamari.com
bitpa.beautygirlmag.com
bitpa.bocadosdeamor.com
bitpa.dealiatrade.pl
bitpa.dsborneo.com
bitpa.ektajain.com
bitpa.hippocampusinfotech.com
bitpa.lousamel.pt
bitpa.ludotenis.com
bitpa.matrixintertrade.co.th
bitpa.metodologiavirtual.com
bitpa.onpo.com.tr
bitpa.papoetoys.com
bitpa.racq2120.odns.fr
bitpa.registrocolegiados.cl
bitpa.ronafortuna.com
bitpa.ronakglobal.com
bitpa.sarkerrentacar.com
bitpa.telecos.com.pe
bitpa.tradingchilespa.cl
bp.3kmystore.com
bp.4dceria.com
bp.adlibmanagement.com
bp.affixsolution.com.br
bp.afrokulcha.co.za
bp.ainirentcar.com
bp.apotekavesta.rs
bp.appservice.com.mx
bp.aromatherapyacademy.com
bp.artemilenario.fr
bp.artnathacha.com
bp.be-tronics.com
bp.bizaccord.com.pk
bp.bloomfieldcthistory.org
bp.blueheadfilms.com
bp.branditmediahouse.co.za
bp.campovalepet.com.br
bp.checkedgar.com
bp.chuckoakes.net
bp.computertechsperts.com
bp.credencewatches.com
bp.ctgerizim.com.br
bp.diasecampos.com.br
bp.digitalforall.com.ng
bp.dilagosburguer.com.br
bp.dreamakerbd.com
bp.dremilio.com.br
bp.dungnguyenarchi.com
bp.e-drimer.pe
bp.ecce-groups.com
bp.ecomingrupo.com
bp.edu365pro.com
bp.emohoytsega.com
bp.erkutbarel.com.tr
bp.espace-food.com
bp.ets-kadydier.com
bp.excellentagro.biz
bp.faybd.com
bp.feedingspeedy.com
bp.gavasilva.adv.br
bp.gmseafood.cl
bp.grupoempresarialvasram.com
bp.haseed.com
bp.hex29.io
bp.holaquetal.tur.br
bp.homecityseremban.com.my
bp.hotel.co.tz
bp.hypercctv.org
bp.ibis-inspection.com
bp.induplastico.com.br
bp.instalarmacros.info
bp.itiss-cloud.com
bp.jerrylabriola.com
bp.jerrytalks.com
bp.josuesantana.com.br
bp.jprhelmet.com
bp.julianafabrizzi.com.br
bp.katariorganics.com
bp.kwickboxconsultant.com
bp.legitinteriordesign.com
bp.lexis.ma
bp.liazo.com
bp.lilianmeneghel-imoveis.com.br
bp.lionsdistrict23c.org
bp.lionslowvisionctr.org
bp.livingstonedameh.com
bp.lmmotors.com.pe
bp.mail.co.tz
bp.metodologiavirtual.com
bp.metse.co.bw
bp.mibusbolivia.com
bp.mirantedosgolfinhos.com.br
bp.montrexwatches.com
bp.moodle3.cfjulioresende.org
bp.mrsocial.io
bp.niemandsland.net.bo
bp.nynews.live
bp.payall.com.ng
bp.petercianciolo.com
bp.pilaresdealejandria.com.ar
bp.pncoaching.com
bp.pnmls.cd
bp.pousadavilladosgolfinhos.com.br
bp.powerunits.com.ng
bp.powerunits.ng
bp.quantum-ev.co
bp.radiopionerosfm.com
bp.ragdespace.com
bp.rarespeak.com
bp.ravinegloryhospital.co.ke
bp.realpromotora.com.br
bp.regig.org
bp.rowsolution.com
bp.sandrasperling.com
bp.sanymakmur-tc.com
bp.schulmanlaw.net
bp.sistem.eng.br
bp.sixfibras.com.br
bp.spotlesscrystal.com
bp.stwatertechnic.com
bp.t201.eliti.com.br
bp.taalisip.com
bp.techcube.in
bp.techdataminds.in
bp.tezas.in
bp.tracymasonmedia.com
bp.upvs.com.ng
bp.urushomestay.com
bp.venturarodrigues.pt
bp.westernhealthcareservices.com
bp.wissenfamily.org
bp.xyfinity.co.za
ddbyav.xiangjige.com
dibbadu.2kconstructores.com
dibbadu.4vipdjs.com
dibbadu.andresdeveloper.com
dibbadu.autobase.gr
dibbadu.byestrategica.com
dibbadu.centi.co.ke
dibbadu.fabconline.net
dibbadu.gaal0548.odns.fr
dibbadu.graphichub.in
dibbadu.hotelangasmayo.com
dibbadu.iiocouncil.com
dibbadu.inelco.com.mx
dibbadu.junoindia.com
dibbadu.kntgroup.co
dibbadu.logopidea.com
dibbadu.makeopportunity.org
dibbadu.onchange-group.com
dibbadu.pacegallary.com
dibbadu.rumahtua.net
dibbadu.saleseconomic.com
dibbadu.samaelcasanova.com
dibbadu.sc1ozko2782.universe.wf
dibbadu.sc4jtfu9765.universe.wf
dibbadu.showrender.com
dibbadu.techmarketim.com
dibbadu.tezas.in
dibbadu.trackingcookie.info
dibbadu.tuintiadmin.com
dibbadu.viproc.cl
flipdna.com
horoscopo-2022.org
horoszkop2022.com
newcp.agenciadss.com.py
newcp.amaya.cl
newcp.amshesp.com
newcp.appservice.com.mx
newcp.azharconstruction.com
newcp.carvalhocruz.com.br
newcp.celis-massage.fr
newcp.ciaosa.com
newcp.continentlpe.info
newcp.credillants.pe
newcp.diasecampos.com.br
newcp.drajna.ro
newcp.gridedge.com.au
newcp.ibis-inspection.com
newcp.izmircicekciler.com
newcp.marembal-group.com
newcp.simaltrading.nl
newcp.supraseg.com.br
newcp.thirtyline.com.my
newcp.uje.com.co
newcpp.75d7-4bcef4b19275.wptiger.fr
newcpp.adlibmanagement.com
newcpp.affixsolution.com.br
newcpp.agauto.co.ke
newcpp.akilimingi.com
newcpp.antaema.com
newcpp.arcaem.com
newcpp.asainformaticarj.com.br
newcpp.bbwayplastic.com
newcpp.blogcanadiense.com
newcpp.borchtechnology.com
newcpp.car.co.tz
newcpp.cbrsanpedrodelapaz.cl
newcpp.celloxwatches.com
newcpp.collecteau.fr
newcpp.cuentasstreaming.com
newcpp.desiexpats.com
newcpp.ecomingrupo.com
newcpp.educar.com.vc
newcpp.educarinformatica.com.br
newcpp.erkutbarel.com.tr
newcpp.exwebian.com
newcpp.fabconline.net
newcpp.farlujotna.sn
newcpp.fortclean.net
newcpp.foundingfarmerssnacks.com
newcpp.iiocouncil.com
newcpp.impulsedesenvolvimento.com.br
newcpp.informatikaunwaha.com
newcpp.iradio.co.in
newcpp.itiss-cloud.com
newcpp.jcgama.com
newcpp.kanderia.com
newcpp.kento.ec
newcpp.lycominggop.org
newcpp.manaliindiancuisine.es
newcpp.marthareingold.com
newcpp.math.shorbanggo.com
newcpp.mensmadness.com
newcpp.montrexwatches.com
newcpp.mopedic.gm.so
newcpp.moralesiluminacion.com.mx
newcpp.mysterebeauteproducts.com
newcpp.natural-ubiquinol.com
newcpp.nazathai.net
newcpp.nevestech.com.br
newcpp.nyaligalumni.com
newcpp.olivrodapatria.online
newcpp.pakrevolutions.com
newcpp.pantallita.com
newcpp.rayonclothings.com
newcpp.razhmana.com
newcpp.rplogistic.com
newcpp.sara-baby.dz
newcpp.sarmayenegar.ir
newcpp.sc2jtfu9765.universe.wf
newcpp.scandent3d.cl
newcpp.seo7sry.com
newcpp.skiener.ch
newcpp.socialstrategy.pk
newcpp.soteriabiblecollege.com
newcpp.spotred.co.ke
newcpp.supraseg.com.br
newcpp.tagudinmarket.net
newcpp.timezoneservice.com
newcpp.view-mind.com
newcpp.viralhab.com
newcpp.vows-plus.com
newcpp.wheelsofwilliamsport.com
newcpp.ximaluster.com
newcpp.youknowpeople.com
newscp.afrodigitaltd.com
newscp.balebuku.my.id
newscp.capitalrobotia.com.mx
newscp.clinicamaranatha.com.br
newscp.clinicdental.in
newscp.drmahadihasan.com
newscp.erdilmen.com
newscp.eschaton2012.ca
newscp.feedingspeedy.com
newscp.flashcenter.com.br
newscp.gssgroup.co.ke
newscp.hex29.io
newscp.induslab.net
newscp.irisspamysore.in
newscp.jarkonrel.com
newscp.kalnemi.org.mx
newscp.maeslanden.nl
newscp.marembal-group.com
newscp.mariomatic.com.br
newscp.marketeate.com
newscp.masterbusiness.adm.br
newscp.moodle3.cfjulioresende.org
newscp.musaston.com
newscp.nasseradv.com
newscp.nextnovatech.com
newscp.omicc.ca
newscp.printshopper.in
newscp.promoveazaonline.com
newscp.rplogistic.com
newscp.seo7sry.com
newscp.skainetwork.com
newscp.sosgestion.com.co
newscp.sunrialimited.com
newscp.sunrialimited.com.ng
newscp.superbicideermita.com.mx
newscp.titikakamining.pe
newscp.verdelima.com.br
newscp.victorgonzalez.ca
panda.ainaofficial.com
panda.aminadabelago.com.br
panda.appservice.com.mx
panda.beesboertm.co.za
panda.businessgroup.pk
panda.corazza.co.za
panda.iga.co.rw
panda.mopedic.gm.so
panda.mrf-uganda.org
panda.nsaservices.com.br
panda.nyaligalumni.com
panda.ordonezsrl.com.ar
panda.prvapomoc.org
panda.virtualeventscenter.net
panda.wookapp5.com
pipp.espace-food.com
pipp.phrapitta.com
pipp.rggrandhotel.com
pipp.skmuhibbahraya.net
pipp.tredamschools.com.ng
pipp.zero4communication.net
sharehippo.com
wilkersontech.com
yinghuaxia.com
yiyuanzhou.com
yuruifu.com
zhaoriyue.com
zhaosf.nl
zhenhuanyu.com

# Reference: https://www.validin.com/blog/pivoting-to-expand-threat-intelligence/

tl-group.org
tlgroupe.com

# Reference: https://x.com/4n6Bexaminer/status/1820718431257428297

http://193.124.185.23

# Reference: https://x.com/Huntio/status/1820797152085582112
# Reference: https://moonlock.com/loom-macos-stealer

http://147.45.199.1
http://85.28.0.47
dinoverse.app
dinoverse.co
landofdreams.io
smokecoffeeshop.com
tnelloproject.com

# Reference: https://x.com/4n6Bexaminer/status/1822281363946381501
# Reference: https://tria.ge/240810-q2exvawdjb/behavioral1
# Reference: https://www.virustotal.com/gui/file/5ddc1391142c64074354adc87c62f0a048704a490ee785412a64896b0271da39/detection
# Reference: https://www.virustotal.com/gui/file/90f20a29ecc7dfe78341f418105f96604ef412722b0e59e4f1b59a552b02da29/detection
# Reference: https://www.virustotal.com/gui/file/a30ddee89d8fdbb64e84643833ddd8e8fade1e9d98e695956a76a79e8fd7e1ee/detection
# Reference: https://www.virustotal.com/gui/file/e16130704c03cbff99d5990da4e40933347e26b711bfdc579eb99d82725d71f7/detection

http://109.120.176.156
megantic.online

# Reference: https://x.com/4n6Bexaminer/status/1822284540527640735
# Reference: https://www.virustotal.com/gui/file/8becf02ba162c3885ade87fb4634c5d119f411f11c2524284107c5555cbd9b87/detection
# Reference: https://www.virustotal.com/gui/file/305868a8be14bd82f86e6aaa4afd639ad10923741faffe921340dcfa2cdaf9e4/detection

http://185.7.214.148
cleanmylaptopmac.com
eurosocceradventure.com

# Reference: https://twitter.com/malwrhunterteam/status/1704395617399652572
# Reference: https://www.virustotal.com/gui/ip-address/159.203.89.132/relations
# Reference: https://www.virustotal.com/gui/file/ab00aaf35d2db919c71b65c7d8bcb5d3879dbf00b9ff136104caded2a70fc856/detection
# Reference: https://www.virustotal.com/gui/file/34ff1240fcaaae2a37665325f587affcf786cf2c875ea09b7b602a62599bca78/detection
# Reference: https://www.virustotal.com/gui/file/6d47c0554abb8187d4dfc36ad9a242da453f7942b5e60bb0ee170b54caac0cac/detection

cellasllc.com
apps.cellasllc.com

# Reference: https://x.com/malwrhunterteam/status/1794256341508468761
# Reference: https://www.virustotal.com/gui/file/89f991ea9ce2c5b59cc07b703d4052231603601aae1b35cc34b258089b5253d2/detection
# Reference: https://www.virustotal.com/gui/file/5879bcbc293a6278d57fcb61b40bc7f3b351be4307cf888769d726d603033a1b/detection

account.worldhealthresearch.org

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/
# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/

http://185.172.128.110
http://185.172.128.123

# Reference: https://x.com/MalGamy12/status/1826621858319663565
# Reference: https://www.virustotal.com/gui/file/6f429ae81ef2b99cd357ae51da315723ab10f3ee54780b82374000cbee430687/detection

http://45.93.20.174
activecitrux.com
aimodel.itez-kz.com
akool.cleartrip.voyage
akool.travel-watch.org
akordiyonegitimi.com
albert.flora-kz.store
andrewsheppard.com
apkportion.com
b.nenkinseido.com
basgitaregitimi.com
clear-trip-ae.com
cleartrip.voyage
flora-kz.store
flow-kz.store
haiper.cleartrip.voyage
haiper.itez-kz.com
haiper.travel-watch.org
havoc.travel-watch.org
highschools2009.com
imageunic.com
itez-kz.com
load.activecitrux.com
load.managerthreads.com
locktgold.travel-watch.org
managerthreads.com
millikanrams.com
newcastlelimos.com
ns1.millikanrams.com
ns2.millikanrams.com
openaai.clear-trip-ae.com
panel.x00x.online
sorablack.cleartrip.voyage
sunumofisi.com
sweethome.travel-watch.org
synthesia.cleartrip.voyage
synthesia.flow-kz.store
synthesia.travel-watch.org
travel-watch.org
uizard.cleartrip.voyage
uizard.flow-kz.store
uizard.travel-watch.org
weface.cleartrip.voyage
weface.travel-watch.org

# Reference: https://x.com/NDA0E/status/1826640848949575938

apple-kz.store
bendiregitimi.com
l.apple-kz.store

# Reference: https://x.com/maulikl/status/1826727004458422674

agattiairport.com
alcokz.net
basgitardersi.com
bignoxplay.com
freecad-build.com
journeyart.org
ldeogramm.com
leboncoin-fr.eu
leonardo-ai.me
softimageai.org
waltkz.com
sweetbonanzadeserts.com
adwq.leonardo-ai.me
asd.leboncoin-fr.eu
load.freecad-build.com
load.journeyart.org
load.ldeogramm.com
load.softimageai.org
loader.waltkz.com
ns.basgitardersi.com
test.alcokz.net
testtwo.alcokz.net
up.bignoxplay.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash&ref_id=f3f25cf2cce#tab=host_pairs_v2

akordiyondersi.com
albanianvibes.com
ambisecperu.com

# Reference: https://x.com/NDA0E/status/1827318701063860299

techdom.click
aimodel.techdom.click
face.techdom.click
facetwo.techdom.click
haiper.techdom.click
luminarblack.techdom.click
synthesia.techdom.click

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/ (# 2024-08-25)

http://147.45.43.136
http://193.233.132.40
http://45.134.26.7
http://5.42.96.124
http://5.42.96.184
http://77.221.151.45
http://77.221.151.54
http://77.91.77.178
http://77.91.77.38
http://77.91.77.40
http://77.91.77.87
http://77.91.77.88
http://85.209.11.155
http://94.232.249.65
http://95.216.96.104

# Reference: https://app.validin.com/detail?find=413e3a6ee9a4cfe0763c01425a5c9ed0&type=hash#tab=host_pairs_v2

damobile.net
woltde.com
mulkrsvtolooy8s.woltde.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/ (# 2024-09-02)

http://147.45.47.170
http://185.235.128.217
http://185.28.119.85
http://194.59.183.241
185-235-128-217.netherlands-2.vps.ac
amika.pro

# Reference: https://www.virustotal.com/gui/domain/onlyfor.pro/detection

onlyfor.pro

# Reference: https://www.virustotal.com/gui/ip-address/193.233.132.137/relations
# Reference: https://www.virustotal.com/gui/file/0e520908d451c0366b600b08990e9f1958414fcdf67c9401c1319303e95847d9/detection

http://193.233.132.137

# Reference: https://x.com/privacyis1st/status/1840786883959251429

http://209.126.1.139

# Reference: https://x.com/osint_barbie/status/1840865672449995261
# Reference: https://tria.ge/240930-a1fjzsycmr/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/94.232.249.131/relations

alienmanfc6.com
apunanwu.com
cphoops.com
iloanshop.com
kansaskollection.com
ledger-cloud.com
makenleane.com
mdalies.com
modoodeul.com
pakoyayinlari.com
patrickcateman.com
phperl.com
stonance.com
utv4fun.com
/458f4bda41bc00314/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php
/kusaka.php?call=
/kusaka.php

# Generic

/Arc12645413.dmg
/AGOV-Access.dmg
