# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: shadowladder

# Reference: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?linkId=10719875

http://62.133.61.56
forikabrof.click
matodown.b-cdn.net
nextomax.b-cdn.net
potexo.b-cdn.net

# Reference: https://x.com/GenThreatLabs/status/1827007175627010077
# Reference: https://github.com/avast/ioc/blob/master/Lumma/Lumma_08_2024.txt

anti-bot1.b-cdn.net
asdkjjkasdn-aptv1.b-cdn.net
bidvert.b-cdn.net
bot-check2.b-cdn.net
bot-check3.b-cdn.net
bot-checking.b-cdn.net
bot-detection.b-cdn.net
bot-test.b-cdn.net
continuedownloader.com
downloadsbeta.com
downloadstep.com
galaksion.b-cdn.net
hypochloridtilz.click
kjbnfdkbf74.b-cdn.net
kjhsdfh-capv1.b-cdn.net
manistream1.b-cdn.net
mato-camp-v2.b-cdn.net
mato-camp-v4.b-cdn.net
papad.b-cdn.net
popcsh.b-cdn.net
popunder.b-cdn.net
popup.b-cdn.net
proto.b-cdn.net
provenotrobot.b-cdn.net
security-check.b-cdn.net
spam.b-cdn.net
streamingsplays.com
verification.b-cdn.net

# Reference: https://x.com/ge0lev/status/1827393504793804891

bidvertiser.b-cdn.net
lengo-20cb4.kxcdn.com
mato-camp-v1.b-cdn.net
microsoftcamp-c1.b-cdn.net
microsoftcamp-v1.b-cdn.net
popad.b-cdn.net
vercapth63.b-cdn.net
verify-captcha-987.b-cdn.net
verifyhuman476.b-cdn.net

# Reference: https://x.com/RakeshKrish12/status/1827961172970119274
# Reference: https://www.virustotal.com/gui/file/9887456e52e81549c7eb274da0462a075b4a234f185115a5dba9bbb11c11b208/detection

cdn-serveri18n-googleapis.com
dev.cdn-serveri18n-googleapis.com

# Reference: https://app.validin.com/detail?type=dom&find=pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev#tab=reputation

opsopanels.click

# Reference: https://app.validin.com/detail?type=dom&find=opsopanels.click#tab=host_pairs_v2

apzzz-20c7e.kxcdn.com
greenenorgusd.b-cdn.net
jhsnshueyt.click
uploadz908.b-cdn.net

# Reference: https://x.com/r3dbU7z/status/1827008313579417909
# Reference: https://www.virustotal.com/gui/file/76b3d685142919820401d377843658c7a92a60d168f6be16d04461ab176e63de/detection

loginsmoobu.com

# Reference: https://x.com/ge0lev/status/1828551713428775043
# Reference: https://urlscan.io/search/#page.url%3A%2F.*%5C..*(%5C%2F%7C%5C-)verify%5C-%5B%5E%5C%2F%5D*%5C.html%2F%20AND%20page.url%3A(human%20OR%20captcha%20OR%20system)

human-check2.b-cdn.net
human-check3.b-cdn.net
human-verificati0n.b-cdn.net

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-28-IOCs-for-Lumman-Stealer-from-fake-human-captcha-copy-paste-script.txt

get-verified.b-cdn.net
get-verified2.b-cdn.net
human-check.b-cdn.net
human-verify02.b-cdn.net
myapt67.s3.amazonaws.com

# Reference: https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/

campzips1.b-cdn.net

# Reference: https://app.validin.com/detail?find=BunnyCDN%20Node%20LA1-1002&type=raw&ref_id=d15a589b9a2#tab=host_pairs_v2

aidat-onliine-iadelerii-porttalie138.b-cdn.net
aidat1-e-devlet-onlinec934.b-cdn.net
aidt-onlineii-iadelerii-portalie250.b-cdn.net
aiidatat3-e-devlett-onlineeebtb210.b-cdn.net
anindamerkez.b-cdn.net
app-bnkr.b-cdn.net
bali7kuvani.b-cdn.net
bneawaytmm.b-cdn.net
bokadari7.b-cdn.net
bonusdeli.b-cdn.net
burulasdolummnoktasi.b-cdn.net
daffdfdfsd.b-cdn.net
dfzafgrgfsvrsr.b-cdn.net
dvlaidtt-online-iadeleeri-portalie107.b-cdn.net
e-devlet-online-eportali333.b-cdn.net
edevlet-online-aiidatt-basvurunuzz41.b-cdn.net
faktypolska21.b-cdn.net
faktypolska6.b-cdn.net
fibabaqnk2-intt-ssvbessi-webhiztfnbt833.b-cdn.net
gortstdmdcvoale.b-cdn.net
hmnrndvu.b-cdn.net
icilecekcorba.b-cdn.net
incest-hentai.b-cdn.net
livediscodating.b-cdn.net
monsterprelaunchcom.b-cdn.net
nvimerkezirrr.b-cdn.net
nviradnsadhas.b-cdn.net
nzat.b-cdn.net
obiletrezervasyonal.b-cdn.net
ogretmenbonus.b-cdn.net
olay.b-cdn.net
opertuy.b-cdn.net
pooprip.b-cdn.net
randvudesin.b-cdn.net
rndvus-ual.b-cdn.net
scagrsthsrhrshsrg.b-cdn.net
shortcuts.b-cdn.net
tkyugv.b-cdn.net
tr-tccbm-155tr.b-cdn.net
track-dark-bz.b-cdn.net

# Reference: https://x.com/RacWatchin8872/status/1829524427366977600

get-verified3.b-cdn.net
glksion.b-cdn.net

# Reference: https://x.com/ge0lev/status/1829649128336605264

adstrra.b-cdn.net
one-step.b-cdn.net
second-step.b-cdn.net

# Reference: https://x.com/0Dayhta/status/1832054562280108317
# Reference: https://www.virustotal.com/gui/file/55b96b221a8aed3376ea4abf3f3ca89d07fa23bce039563a7e0f6c6e887ee2a9/detection
# Reference: https://www.virustotal.com/gui/file/3fff6f2ff5690a77d5ec7ed5cd1c85c95710e92bf06ea2ec7ecd3f64789f207e/detection
# Reference: https://www.virustotal.com/gui/file/2edae4af5d8f8f0b24cae435c08651f29b8d02e87e66acaf7e9eee1f740f93fa/detection
# Reference: https://www.virustotal.com/gui/file/2e0c0e72e3f94756ddb50ed7d52e4eeb18646625ba1035ec97a9b0e42c956b1b/detection

clicktogo.click
human-verification5.b-cdn.net

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

poko.b-cdn.net
propller.b-cdn.net
zone02.b-cdn.net

# Reference: https://x.com/kddx0178318/status/1834199075689730320

876z.b-cdn.net
verifyfull8434.b-cdn.net

# Reference: https://x.com/g0njxa/status/1834326261545529391
# Reference: https://app.any.run/tasks/d9e94e88-73b0-46ac-9318-eb09484c14e3

newvideozones.click

# Reference: https://x.com/kddx0178318/status/1834200990565773334
# Reference: https://urlscan.io/sha256/235db27b55a506bc36fd3ff9caa2174003aaed5be39a35461e81b605ab98eaef/

report1.b-cdn.net

# Reference: https://x.com/0Dayhta/status/1834393770307006624

brazilwoiuxd.click

# Reference: https://twitter.com/k3yp0d/status/1787748197361725863
# Reference: https://www.virustotal.com/gui/file/51a72e692be5bea6846e1fe7344e4a158714580921281ec5b08d6403f0a3049f/detection

fatodex.b-cdn.net
