# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ostap, sload

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

maleass.eu

# Reference: https://twitter.com/VK_Intel/status/1021453551975817217

wjcqsstycdujc.eu

# Reference: https://twitter.com/reecdeep/status/1136581953770205185

casasmocambique.com

# Reference: https://twitter.com/reecdeep/status/1138006570934185987

consciousrevolutionist.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1167351884367237120

/angola/mabutu.php

# Reference: https://twitter.com/reecdeep/status/1172122826251415552

cvrwe.eu
ijve.eu
rdtber.eu
uilomiku.eu

# Reference: https://twitter.com/reecdeep/status/1185090113929388032

bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1186179780468719617

howeconsultingsf.com
nvroe.eu
rtexo.eu

# Reference: https://app.any.run/tasks/b6f6bfe1-c483-46c5-8abc-899c1e08f5d5/
# Reference: https://www.virustotal.com/gui/file/148d74e453e49bc21169b7cca683e5764d0f02941b705aaa147977ffd1501376/detection

dempoloka.com

# Reference: https://twitter.com/reecdeep/status/1192094807470030848

avs.bohuffsite.com
bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1216640918067056640

clubdeajedrezmatamoros.com

# Reference: https://twitter.com/reecdeep/status/1216659090941915137

hnerert2.eu
nweryh2.eu

# Reference: https://twitter.com/reecdeep/status/1221703060256325633
# Reference: https://twitter.com/reecdeep/status/1221708126824562689
# Reference: https://twitter.com/CertPa/status/1221774114446368774
# Reference: https://www.virustotal.com/gui/ip-address/185.197.74.169/relations

cramelcorp.com
delight-plus.com
hnerert.eu
hnerert1.eu
hnerert3.eu
nweryh.eu
oilkjhg.eu
turthgr.eu
tuyukj.eu
uybwer.eu
uyikjtn2.eu

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

cflfuppn.cn
ellapod.eu
xityeksmwi.eu

# Reference: https://twitter.com/reecdeep/status/1252531768462319617

nephemp.com/neplod/02581650393.jpg
joplock.eu
zarwrite.eu

# Reference: https://twitter.com/guelfoweb/status/1252552464651468801
# Reference: https://twitter.com/malwrhunterteam/status/1253347810537353217

zoomovers.com/momo/
woodlandislamiccenter.com/disop/

# Reference: https://twitter.com/VirITeXplorer/status/1259752786599829504

ptankers.com
bilkas.eu
tarfros.eu
illionback.eu
zapforyou.eu

# Reference: https://twitter.com/reecdeep/status/1277921837146652673

hnmrtew.eu
nerfvbg.eu

# Reference: https://twitter.com/reecdeep/status/1282637448699416577
# Reference: https://twitter.com/rootella_/status/1282570904539738112

lwyhef.eu
mzgotech.com
ponmer.eu

# Reference: https://www.virustotal.com/gui/file/3e9720f20d45daddeffbdff3a6543d0e12a75f323b5172c30bb2b7b16c277319/detection
# Note: ```/.well-known/pki-validation/w.php``` belongs to ```lokibot.txt``` trail

/.well-known/pki-validation/2c.jpg

# Reference: https://twitter.com/reecdeep/status/1305399383911997441

cvbyti.eu
uykjhfgn.eu

# Reference: https://twitter.com/JAMESWT_MHT/status/1305480728684232704
# Reference: https://www.virustotal.com/gui/file/147e1d26153de7bd5033968d64104bb9df597d1913f237f4f5b172f06414b775/detection

alkwti.com
designologyng.com
devopotamus.com
idrivehrcenter.com
innerearthartistry.com
sapphireloading.com
unequipoganador.com
weavehairstyle.com

# Reference: https://www.virustotal.com/gui/domain/geundik.com/relations
# Reference: https://www.virustotal.com/gui/file/6cc54a52311cd07394327c4e1b4f6aee3797665200f215abfaf4607b71829757/detection

geundik.com

# Reference: https://twitter.com/VirITeXplorer/status/1348551960941776896
# Reference: https://twitter.com/JAMESWT_MHT/status/1348569630449790978
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.108/relations
# Reference: https://www.virustotal.com/gui/file/cac189a5012b3ca0c2b420d5dcbadd0b20d377514baf4450219e37e19363e2ae/detection
# Reference: https://www.virustotal.com/gui/file/d61754005944686cef24924802bd7c192ee11f3e222f3f2b4a321a2cebc61dc6/detection
# Reference: https://www.virustotal.com/gui/file/f4e443285e418182fe8f11f755957ca096db495c94a1946bca1d69f0e29e8de1/detection
# Reference: https://www.virustotal.com/gui/file/d1e8b81e6f2874db743397c4fe0346a886b8539c4e0bb9a67a1ec4e2866fd678/detection
# Reference: https://www.virustotal.com/gui/file/d5ff868de414488362507dfc8a20f3df47114da6c5518ac0be9bd216bee01e59/detection

antivirucidal.com
belfetproduction.com
cxminute.com
ladiesincode.com
letonguesc.com
univirtek.com
ryunrth1.eu

# Reference: https://twitter.com/VirITeXplorer/status/1412000658698477568

opoietj.eu
sertyty.eu

# Reference: https://www.virustotal.com/gui/file/7f0195a75477d51b4f28d8509cbda22c2611d75e877276859498b074b773c322/detection

chinghsiang.com

# Reference: https://www.virustotal.com/gui/file/9655ea42cd676422eca02ae2c81c9caa7f1d7667d7c6e37d47733be16bda0045/detection

floridaprotiles.com

# Reference: https://www.virustotal.com/gui/ip-address/146.70.35.206/relations

compucema.com
jrsawesomebuilds.com
laserunlimitedindia.com

# Reference: https://www.virustotal.com/gui/ip-address/185.80.53.202/relations

bthfdr.eu
bthfdr1.eu
dgrtj.eu
erthgyrteh.eu
fgjusatik.eu
gjyke.eu
gyoin.eu
hjrdsyj.eu
hjui.eu
kuyikryf.eu
kuyikryf1.eu
rebnow1.eu
reybve.eu
rtyht.eu
ryunrth.eu
tytrgv.eu
tytrgv1.eu

# Reference: https://www.virustotal.com/gui/file/b23d4059edb249e79913e27a7e166017d4a50bb6f1220ef175830826d9b484a4/detection

http://195.123.241.180
/kiytrscuvbuytnkudjvt/

# Reference: https://www.virustotal.com/gui/file/81404cb0efe62dd91dbf7259d34fa1577cd2d74c353a4cc1a9b7eede24720592/detection

tuktuk24.pw

# Reference: https://twitter.com/vinopaljiri/status/1481707473534951428
# Reference: https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
# Reference: https://www.virustotal.com/gui/file/7e1f267168a9c065009aedae592610e35c37eb59a04167bb5d982ca54fab2536/detection
# Reference: https://www.virustotal.com/gui/file/62128124274283114c9e1a4ee695bdbb3ef9892d8588830820dd2049bcb054d7/detection

http://193.56.146.34
193.56.146.34:6666
193.56.146.34:7777

# Reference: https://twitter.com/reecdeep/status/1490667104705650688
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.147/relations

hgjui.eu
hkjt.eu

# Reference: https://www.virustotal.com/gui/file/affe48775d86f29b81657a2d916ea72d9ea313286487df3f455523db1abc4992/detection
# Reference: https://www.virustotal.com/gui/file/d863704583bd135ddb01295ec8df0d7e23b7d036dd29205433f976c447b31ea4/detection

energyreviews.info

# Reference: https://www.virustotal.com/gui/file/84c88c3462ce8586c3123bbf0eb330e7ede6cc334ca29eccfd593ac54a612f89/detection

hostlan.ddns.net

# Reference: https://www.virustotal.com/gui/file/701a3bea607466d8695b0529154db8ad8f612079cc387e170a379df22fd26423/detection

documentfiles.org

# Reference: https://www.virustotal.com/gui/file/862f90934b1e70fcba4d100ec6a2525e72fc9f5564ca578f8b638144995d98f4/detection

culiacanmexapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1505117542284673029
# Reference: https://www.virustotal.com/gui/file/8b78abdcbf1f920e48cd6b2f0f98f054722aeed85dad2156510c7345dc79adb1/detection
# Reference: https://www.virustotal.com/gui/file/eaf65589091d918eed715bfdcdc58693003bde48ebbb251a7bc4e55a52ba83a5/detection

webtenders.top
39eedg.webtenders.top
86eiwv.webtenders.top

# Reference: https://www.virustotal.com/gui/file/fc95c2c59d3abdff84fbf0bae9f65a24e2f3b27096134a425f58ff9bf9eca9ea/detection

md2022.3utilities.com

# Reference: https://twitter.com/reecdeep/status/1506170018437992453
# Reference: https://www.virustotal.com/gui/ip-address/185.117.91.152/relations

nmhholiut2.eu
pluner.eu
trehge1.eu
yjtyhm2.eu

# Reference: https://twitter.com/reecdeep/status/1513468470041661442

tyhretj.pw
tutyjk.eu

# Reference: https://www.virustotal.com/gui/file/45fbcd97f558df487706a5efee45fcd56a53d6d0225c4da2b3f5e07f44d6573c/detection

199.102.48.251:1433
sql8001.site4now.net

# Reference: https://twitter.com/f3d__/status/1526134628993716225
# Reference: https://www.virustotal.com/gui/file/04c5bd98c76723f2dc52ed506de1aadcd9c523655ee290954ded5064557a79b3/detection

jopkerto.tech

# Reference: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/detection

powerdust.digital
restoreuseroffers-api.com

# Reference: https://www.virustotal.com/gui/file/49b6d7bcd5df2820a565cb74d420aa9bebca88a5ef77e5cb512996a064be33ec/detection

http://54.254.255.10

# Reference: https://www.virustotal.com/gui/file/a2bc4705df30cf44e95978b9ae8f48b5a79b2d43e42a87ad3e7bfdad23aad5fe/detection

199.102.48.248:1433
sql8003.site4now.net

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030669.html

truecolor8.xyz

# Reference: https://www.virustotal.com/gui/file/b20f82311894af0f53a50b90959503676f95ccea983a331acc4ef23a300c5383/detection
# Reference: https://www.virustotal.com/gui/file/4e0c08afd422a68d4908cd18f47694e089f916e81d53e05adfb2ddf689be5927/detection

http://170.187.237.76

# Reference: https://www.virustotal.com/gui/file/0926c663a25cbea1ce98b2ec061c31b7493ab6494f5c6c6c765576da139d5896/detection

5.206.224.233:445

# Reference: https://www.virustotal.com/gui/file/d9d32cc03cd04e5b2bd3f1158424451b253880d139c0309e13170f353d1ab51a/detection

sanggap.vn

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_09-06-2022.json_.txt

bertfhop.eu
bertfhop1.eu
bertfhop10.eu
bertfhop11.eu
bertfhop12.eu
bertfhop13.eu
bertfhop14.eu
bertfhop15.eu
bertfhop16.eu
bertfhop17.eu
bertfhop18.eu
bertfhop19.eu
bertfhop2.eu
bertfhop20.eu
bertfhop3.eu
bertfhop4.eu
bertfhop5.eu
bertfhop6.eu
bertfhop7.eu
bertfhop8.eu
bertfhop9.eu

# Reference: https://www.virustotal.com/gui/file/3a4356af5c91c4e46877dacb2b88502763dfc1af0064339fa7f2b9bdad11cf78/detection

supportcheck-dns14.ga
wilkino.ml

# Reference: https://twitter.com/malwrhunterteam/status/1536428969188261890
# Reference: https://www.virustotal.com/gui/file/20d194fe98e33e152bd6a652188bb0da42e243780e718f88999fa1d4029b0f81/detection

coalminners.shop

# Reference: https://www.virustotal.com/gui/file/2e9fe6cb074abe9e4d34ca1ce2ab1e4da5f55d70ceaa349a96df00a6e2502379/detection

liveonedgessprinkle.xyz

# Reference: https://www.virustotal.com/gui/file/ab790bf86be272ed47cd9c13f060a8bf28e4d424d7716780f9e8fb27301212bd/detection

riquepuge.xyz

# Reference: https://www.virustotal.com/gui/file/12eb1cec67cb261d33c202f79ba0fad5468aaa3fcfc76f663b1618f3a7ece58c/detection

heltayokke.temp.swtest.ru

# Reference: https://twitter.com/malwrhunterteam/status/1539331504081453057
# Reference: https://www.virustotal.com/gui/file/d5fc8f42b8ec97ce6ae6007b994c855dd2b07e98697d0c2d2990d9b080d044c1/detection

http://185.66.88.250

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/06/sLoad_30-06-2022.json_.txt

caretui.eu
hgrtjutyik.eu

# Reference: https://tria.ge/201130-hvly2vhsjs/behavioral1

estebankott.com

# Reference: https://tria.ge/201123-tcqt2tttye/behavioral1

fhivelifestyle.online

# Reference: https://tria.ge/201123-m56x24578n/behavioral1

owensii.com

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/08/sLoad_01-08-2022.json_.txt

fdhtyi.eu
fredcoi.eu

# Reference: https://twitter.com/StopMalvertisin/status/1567358749672902659
# Reference: https://twitter.com/ffforward/status/1567405904240181248
# Reference: https://www.virustotal.com/gui/file/c08ba7c0297cd515c5a24918f6e1ec705b72cdeea40078494d8b51de447b6b8c/detection
# Reference: https://www.virustotal.com/gui/file/c43dfda63e6e534776eb24d284d0bdf21115181b49d6e31091de795d957cb5fc/detection

azure-company.net
cloud.azure-company.net
d.azure-company.net
secure.azure-company.net
word.azure-company.net
world.azure-company.net

# Reference: https://www.virustotal.com/gui/file/dc6c402f9d2caa06d694279015602cb4731015b11ac44abeec9c093bed198b7d/detection

88.151.101.56:8889
s2mail.hu
blowjob.silentsignal.hu

# Reference: https://www.virustotal.com/gui/file/d36e6effd2db4d5a34016d492a08142994fafdc24dd65631c240efa3cc7fa56a/detection
# Reference: https://www.virustotal.com/gui/file/77af67e929da5ffb9cbec2effb7aa30d2af75d6bef2a5aff82501d86792605fa/detection
# Reference: https://www.virustotal.com/gui/file/60c152156f1f993f8aa4ab6b7266afe086f843a369f3253b87452f1b4ffbc795/detection
# Reference: https://www.virustotal.com/gui/file/187e9e08f1237fbfe27e7c60efb24aeb110e1d2747a612dff900d5729cfc1c42/detection

raysend.ddns.net
/1100914_cgmh
/1110804_promate
/1110915_tcbbank
/1100914_cgmh/
/1110804_promate/
/1110915_tcbbank/
/1100914_cgmh/att.php
/1110804_promate/att.php
/1110915_tcbbank/att.php

# Reference: https://www.virustotal.com/gui/file/29b3cf17d3b9bbfc858e027f988bd7077c67b1dc2d9fc240892e868b5097f4f2/detection

101.99.90.117:8080

# Reference: https://www.virustotal.com/gui/file/66b9071271d849ed6168a0987d3f1a626926fee7b6031b3868d8da0b344c1f95/detection

http://45.77.248.204

# Reference: https://www.virustotal.com/gui/file/eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c/detection

http://195.133.18.63

# Reference: https://www.virustotal.com/gui/file/9c8d007d755dc44d07bf97acf187252a5a3691fc91e3810b7d1d4710dbbdf886/detection
# Reference: https://www.virustotal.com/gui/file/bccdf089864bc3a209ee2e659952905904a963945e5b52a515f88f9556145228/detection

tahtsaasdasdasdawedw234135asdsadsadsadsadasyeetwebhoost000.com
/yeet/thatsthek3253255435inglu345345435211343243232432432234er.html
/thatsthek3253255435inglu345345435211343243232432432234er.html

# Reference: https://www.virustotal.com/gui/file/eeaa829e42e608e845c8d0a048d8e57ddbf56ed9c86733dc8af47a244a7fd3ec/detection
# Reference: https://www.virustotal.com/gui/file/c9f0a470c33a36cc76ebe89ef9055dca4cebb217735ca1564f9aaa435bb6fb5c/detection
# Reference: https://www.virustotal.com/gui/file/2b6f03e06241154c2ef9f527da05250f7ae280ce8bcc54b4bfad70977cdc48ab/detection

tahtsayeetwebhoost000.com
/thatsthekinglucifer.html

# Reference: https://www.virustotal.com/gui/file/1acc2cd58dc3088174722758ae80c643badaec512af4b847b89d8fd9354af224/detection

konyahaberler.xyz
dicomm-001-site35.ctempurl.com
/anesrq/
/hxjxxwav/
/nlbzyhfs/
/pmslsda/
/tfbgl/

# Reference: https://www.virustotal.com/gui/file/17f597ac79d80d40d89530d14ef9e1128e11ea0f9521c18b2808d74c91c5ee85/detection

w67270es.beget.tech

# Reference: https://www.virustotal.com/gui/file/056b316197c959d0f8af89dcd0940b6aa3dd9679bf6776adf27d2d130303493a/detection

i92951pr.beget.tech

# Reference: https://twitter.com/h2jazi/status/1583462430780182529
# Reference: https://gist.github.com/usualsuspect/2daa864841a06f50e199930e5898611b
# Reference: https://www.virustotal.com/gui/file/e58103f462174deb92790c59d4e412f032818651b703c84c3ee38e70cc49511d/detection
# Reference: https://www.virustotal.com/gui/file/eac98b403ca300e25f9bbcca474f39ca7495c61a4c86b259e4e0df2bfabd565e/detection

http://64.44.135.5
/online_998212.php
/register_219921.php
/upload_887741.php

# Reference: https://www.virustotal.com/gui/file/673883ceb7adf30ad980e5e51b7515414becba3b5f6b96068dc4d35b092799fe/detection

apitucariamod.tk

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html

download.agency

# Reference: https://twitter.com/1ZRR4H/status/1590745721783087104
# Reference: https://www.joesandbox.com/analysis/1110451#iocs
# Reference: https://www.virustotal.com/gui/ip-address/162.0.232.115/relations

ad-sweden.com
easynsecureinvest.com
sunat-mail.xyz
sunat-pe.store
sunat-pe.xyz
gringox1.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/457f1b161cd8b64b34f83155815f4e521c35395d9c1192ae21df5ce8784e6982/detection
# Reference: https://www.virustotal.com/gui/file/d053fc782cf5ebd34469ac390c557eb24394cb9efdf06b542e9da9ce23b99635/detection
# Reference: https://www.virustotal.com/gui/file/132e9fd665e88ab0884befa3c3ca6bd75ec788dbe9499b99c1246ea22a4140b0/detection
# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/ae6189de6a562bdfcb338fdbcce6da8529e997e8f76be6daf865f7fdf895d9c1/detection

trock2.xyz
trock3.xyz
trock4.xyz
zairtaz.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.68/relations
# Reference: https://www.virustotal.com/gui/file/ceb0b6871855e86846c8a8f41d1aac362461bf6f7a35bb62edd5e362e45a85f3/detection
# Reference: https://www.virustotal.com/gui/file/39e9ca4f263b9b58cf62a8dc422184b9737448e7a281d41d6315a596b4ae3e96/detection

45.61.136.68:8443

# Reference: https://www.virustotal.com/gui/file/3730f842e22fb8208fc2b2e7ae2a50e51bd1eada82257172076cb16ddf99fc62/detection

necrobod.top

# Reference: https://twitter.com/malwrhunterteam/status/1597924083899170822
# Reference: https://twitter.com/malwrhunterteam/status/1597935776381423616
# Reference: https://www.virustotal.com/gui/file/8e195903baa4f7d5f30c20f95706a1cd669e49a73a300f270304abe996e511a6/detection

enoclima-001-site1.htempurl.com
systemspro-001-site1.etempurl.com

# Reference: https://twitter.com/malwrhunterteam/status/1620853142077456384
# Reference: https://www.virustotal.com/gui/file/bd743e9e8171a8a0feea98e293ea372cfd5b328e6bec9e534f210bd7f94fbe1c/detection

comfort-001-site1.dtempurl.com
roniltd-001-site1.ftempurl.com

# Reference: https://www.virustotal.com/gui/file/6f21b0d86f14bfc37b67da2377ba5836eff98ed12ccfc65c0a772ed9782e9122/detection

http://54.39.233.130

# Reference: https://twitter.com/k3yp0d/status/1601883693131468800
# Reference: https://www.virustotal.com/gui/file/ae532935a45eb3637d5346d5e6b3a4645863d2d27e557f90457c5fa3c7429ade/detection

http://185.97.118.249

# Reference: https://twitter.com/malwrhunterteam/status/1602395550975918113
# Reference: https://twitter.com/malwrhunterteam/status/1602420210711105536
# Reference: https://www.virustotal.com/gui/file/34f2970bbb70a0f2efa74c4614cfd002a58433b5178b98b194969871ddee050f/detection
# Reference: https://www.virustotal.com/gui/file/94c41f453c2755b682fbcdd807061f753c5cf2ba5a14aafe251e565f938a797e/detection

188.120.235.227:443
62.109.25.230:443

# Reference: https://www.virustotal.com/gui/file/413d45477384c1461ca6f84a771479ee91a12474ccfe35d051f184785c2d9362/detection

nacimbio.com.ru

# Reference: https://twitter.com/malwrhunterteam/status/1603734566660882432
# Reference: https://www.virustotal.com/gui/file/5db4afa2773dc7fe62fbad37f966a292065d39990678a2a481264c91e8674f15/detection

fernandagomes.mom
meaa2v.fernandagomes.mom
p6agz.fernandagomes.mom
w8uenr.fernandagomes.mom

# Reference: https://www.virustotal.com/gui/file/a132d8b608ed740dbc38d8f79a785935fd9d209153b187b85842c0ebbbd779b2/detection
# Reference: https://www.virustotal.com/gui/file/95920d7b8adb29f59731ceb6aa8d69799875a398fa7814983a86be66c85cc087/detection

form-results.net

# Reference: https://www.virustotal.com/gui/file/079bf93dcaacbf1bb3ce5b5318157414f3cb65fc9a72312c700311caf752880c/detection

stronghoodserver.xyz

# Reference: https://www.virustotal.com/gui/file/8a5c880b1bdc4499d827536d67c5905553a138de27e780a4ef1d5c0dafeaf311/detection

http://185.20.186.53

# Reference: https://twitter.com/VirITeXplorer/status/1605208471586086912
# Reference: https://www.virustotal.com/gui/file/0e87250ee492e4380e288ef7f8f7a66d5b764578bbbe74eaff738a81045d5e38/detection

nibpur.com

# Reference: https://twitter.com/SBousseaden/status/1605893068045144066
# Reference: https://twitter.com/SBousseaden/status/1605898074454429702
# Reference: https://isc.sans.edu/diary/29376
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.55/relations
# Reference: https://otx.alienvault.com/pulse/63a5b253fafdcb6eb69c5c7d
# Reference: https://www.virustotal.com/gui/file/029210065e177399d8e84248e30e6edea12a6f8a80ac9f42a97c308d48599294/detection

http://185.163.45.221
http://195.133.196.230
http://195.2.81.70
http://46.151.24.226
acehphonnajaya.com
dogotungtam.com
israelifrenchbulldogs.com
aerjlakerl.online
aerrkaler.online
ajerlakerl.online
aseroqpwrrtl.online
baherlakerl.online
boleriaae.online
cklicverto.space
cklicverto.website
coldcreekranch.com
daerkalero.online
daeroqioalerk.online
daeroqpwrola.online
erqowwela.online
erquipoe.online
gaherlaler.online
getherkae.online
hetriaelr.online
oferialerkal.online
qweiaoer.online
reajksrltr.online
therkaler.online
tyaerahger.online
zaeroalerk.online
bandaiosk.site
bolumbernar.site
casanistent.site
clovenant.site
coronentask.site

# Reference: https://twitter.com/fr0s7_/status/1605908087562436611
# Reference: https://asec.ahnlab.com/en/46865/
# Reference: https://otx.alienvault.com/pulse/63dd0dfabe956f4746fa7816
# Reference: https://app.any.run/tasks/43bd77b6-f553-41f3-b134-ef39e420c39a/

fastfilestore.com
filecompact.com
filetodownload.com
filedowns.net
the-fast-file.com
naver.filetodownload.com
naver.filedowns.net

# Reference: https://www.virustotal.com/gui/file/1af9b6d0955fce9f86d7874dea1f63ddd3dd7abe774430a555703457b5c04ca8/detection

8llc.net

# Reference: https://www.virustotal.com/gui/file/13834a3234d31cb5d15bafaa76fe496756abd2c742c27b317a834b8ba2fd1c31/detection

1otal.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://79.137.202.132

# Reference: https://twitter.com/sakaijjang/status/1609072061691068416
# Reference: https://wezard4u.tistory.com/6314 (Korean)

http://162.202.12.69

# Reference: https://twitter.com/StopMalvertisin/status/1612686998380367872
# Reference: https://www.virustotal.com/gui/file/d93914b0a18ba85eb17b8b9ac2fff89af58671b9291d86d85b799fd9f1c5f37f/detection

donew-order.com
wintop-rus.com

# Reference: https://twitter.com/malwrhunterteam/status/1613974272929562648

2hook2hook.tk

# Reference: https://www.virustotal.com/gui/file/8574472a406c42402e4ccc2d1130a243267421787052e2bf308184860735e4b0/detection

justatmeis.life

# Reference: https://www.virustotal.com/gui/file/ff94d073b6b56b97b73e0e4b41fd391a8a341ef55c699b1cceee2363de817bdc/detection

141.95.84.40:3000

# Reference: https://www.virustotal.com/gui/file/f80699c3fd7eaeeb520e30674bd728d2050e61735c8202bfdafab115529318c2/detection

141.95.84.40:6666

# Reference: https://www.virustotal.com/gui/file/b70e128727f97cf565488c4ec88fbf441e756708c45a9a00d4e0a03a00270a79/detection

141.95.84.40:3080

# Reference: https://www.virustotal.com/gui/file/a4b62b658e2f2bf3c2325549d400e09f17afd8b30482aef6355e93adc71ae534/detection

141.95.84.40:1111

# Reference: https://www.virustotal.com/gui/file/57a4f08b3418d83dea03950e0278dba7e3d43de03d6f34d76ad5dd66ca5dc5c5/detection

141.95.84.40:8880

# Reference: https://www.virustotal.com/gui/file/51827193b9913cf02906d5a816b7a623795d2b2e3c7573398d625365e9264bca/detection

141.95.84.40:4783

# Reference: https://www.virustotal.com/gui/file/28023f9c0eefe5e47193e2980e06f93c3e50d2e64273a54cabe47f3011702036/detection

teams.root.sx

# Reference: https://www.virustotal.com/gui/file/75177399e434689c236cb7341b30de17b7f98e301023eadcad1ebb4df93ec968/detection

5.3.139.29:12000
5.3.139.29:8020
9bit.root.sx

# Reference: https://www.virustotal.com/gui/file/0857a8d13d35ce4155c3bf20d43ca5417642dba1fa9cd62a6826156db83509f4/detection

http://172.174.176.153

# Reference: https://www.virustotal.com/gui/file/01ebbab4f468bbdec6d537ee0cfd16a99f635e71697e5d93772a6da0fa49c351/detection

lesav-m.keenetic.pro

# Reference: https://twitter.com/malwrhunterteam/status/1620544434822877184
# Reference: https://www.virustotal.com/gui/file/fa96d202d7d709fa13f5ee0810d03c85ec66b1a842938582de0286da9302194c/detection

http://3.127.208.155

# Reference: https://www.virustotal.com/gui/file/0ca5123f5eda465db9f90003f8ff8bc77afaa88034a0b64564bcd4d96718e573/detection
# Reference: https://www.virustotal.com/gui/file/dd70cde84fe271d20c2ddd38445f58004f3f07ab49960f7d7d9da6f43c9cf107/detection

20.100.173.74:6102

# Reference: https://twitter.com/JAMESWT_MHT/status/1626246267142651906
# Reference: https://app.any.run/tasks/52c2a12d-980f-42d4-b6b9-01ef797afa88/
# Reference: https://www.virustotal.com/gui/file/02c0287ef7e582ab40149de264782b6e6d8aaa853aaf773b25749fa41e056a2b/detection

lijosa.com
uqeu7tir7m4k1lz0phdr.com

# Reference: https://www.virustotal.com/gui/file/9efd9ba4ed7a9f2f5861bff81547c53d1b70e0c0ecfa1ccc9610a75a761681ce/detection
# Reference: https://www.joesandbox.com/analysis/993278#iocs

kzeaqky6axif3jukzx7jj7ylhfgtytpb3xeojsfigogriyv6bv3cimyd.onion

# Reference: https://www.virustotal.com/gui/file/e390d6e193c5d42632c920a7e57002b6f54b80ccfafd0a75c86738fa47e4a737/detection

sll.li
app.sll.li

# Reference: https://www.virustotal.com/gui/file/9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d/detection

http://62.197.136.3

# Reference: https://www.virustotal.com/gui/file/523918f3bcbecc4b5e87175a83055849780b0e52c7e846a028722b8b35461fe7/detection
# Reference: https://www.virustotal.com/gui/file/8532a585baee116f9dda34ee3cf73c3dd50ba510bcd242a48dd113f23c512280/detection

20.187.104.130:3849
20.187.104.130:3857

# Reference: https://www.virustotal.com/gui/file/91039f60586fb846a6139fd5f1d6ce353c677b3776029494783d52d13c72d4fc/detection

20.164.207.94:1020

# Reference: https://www.virustotal.com/gui/ip-address/79.124.8.24/relations
# Reference: https://www.virustotal.com/gui/file/84868d405a26268627b642c3affc62595f9b45ab31e60df6e50a98bce70e1dc6/detection
# Reference: https://www.virustotal.com/gui/file/697bc999409c87f4ef4c5310764f8a129bbf35757540fc2a696020a34e0fecd8/detection
# Reference: https://www.virustotal.com/gui/file/b87af77c70fa7eeb039a0469ec2ed2a782f193c39459d851428d68377f328d30/detection

newinsurancejob.ru
newinsurancejob1.ru
newmakingmoney2.ru
newmakingmoney3.ru
serverdard.ru
serverdard1.ru
serverdard3.ru
stubuploadbykukuru.ru
stubuploadbykukuru1.ru

# Reference: https://twitter.com/wwp96/status/1628126394487300096
# Reference: https://app.any.run/tasks/bcf7055c-4d1a-4cc6-a7c1-a3656b61627a/
# Reference: https://www.virustotal.com/gui/file/2c814c61891a1b3b9067b82b5357d13505b4ced6fd827fdde4c3116efb3f9cef/detection

http://104.156.149.6
mandalorecnote.com

# Reference: https://twitter.com/malwrhunterteam/status/1628415758156931074
# Reference: https://www.virustotal.com/gui/ip-address/193.42.33.121/detection
# Reference: https://www.virustotal.com/gui/file/19994528fd5ed4e5dde591bbd4c10ea69449596a75d7102c1335fa21a94f3998/detection

http://193.42.33.121

# Reference: https://www.virustotal.com/gui/file/2040a00e8ecb93a33ee59b9b9b2837225f9121280fc74f565de524c61b2c220c/detection

http://103.147.185.18

# Reference: https://www.virustotal.com/gui/file/08f49df7f9f25682078b77213fc10969ee007fe236dcf70263114d0986aa33e3/detection

178.175.142.195:54878
entropy.group
update.entropy.group

# Reference: https://www.virustotal.com/gui/file/0e4f63bdaadc18c2a261aa7524209978986266094539abbbe2f7f0e55c0aa064/detection

171.244.57.196:222

# Reference: https://twitter.com/malwrhunterteam/status/1630559634963480577
# Reference: https://www.virustotal.com/gui/file/644d41773f6bf13819d1e2c6f26f759538bf1e9ec07ae995cd166beb5cfcb907/detection

osjovanmikic.edu.rs

# Reference: https://twitter.com/h2jazi/status/1630983583727747085
# Reference: https://www.virustotal.com/gui/file/8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006/detection

nationalweatherserviceapp.com
sc.nationalweatherserviceapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1630881334582210560
# Reference: https://www.virustotal.com/gui/file/d3bea31897d661a7f0d134e82292de2082e660f34d22f9247480738dce70976c/detection

karena.info

# Reference: https://twitter.com/doc_guard/status/1630909953639579648
# Reference: https://www.virustotal.com/gui/file/c6cf98ecfc06b5f5fe496b81d0cae90b93ce1dbf6e4c10efd03bedb8e67f005a/detection

wealthcapital.digital

# Reference: https://twitter.com/0xToxin/status/1631281875195949056
# Reference: https://tria.ge/230302-qbdbbscf6y/behavioral2
# Reference: https://www.virustotal.com/gui/file/27ecfa00b539c43909201151775ddfdfb7dc6f86556e13a41ea10efb2e8d76f3/detection

http://176.124.217.20
http://212.113.116.147

# Reference: https://www.virustotal.com/gui/file/f706e65275fa8d0bfc5254d0814dad695c0aba0acfee5d54f2f946bef074055d/detection

realizeimeusonho.co
uiuahm.realizeimeusonho.co
xgiaww.realizeimeusonho.co

# Reference: https://twitter.com/malwrhunterteam/status/1632806055133495298
# Reference: https://www.virustotal.com/gui/file/e72dc71684d57785129e128b05212467e528912106c8fe63c25baacbf0340ea5/detection

http://5.8.8.100

# Reference: https://twitter.com/wwp96/status/1635316522355945472
# Reference: https://www.virustotal.com/gui/file/f8726f2d5b6138a617a48118eafa412cc488b0142ed3031c5eda33244765182b/detection

45.80.158.65:222
macmax13.dynalias.org

# Reference: https://twitter.com/embee_research/status/1635613492232486918
# Reference: https://www.virustotal.com/gui/ip-address/47.252.45.173/relations
# Reference: https://www.virustotal.com/gui/file/80aad667f60f6283a3195a937fca2591299bbcecfd3c76ad4215a40961718b01/detection
# Reference: https://www.virustotal.com/gui/file/19efed6c9d1af91c5c11b6fb44a4fd06e9d418c8b294d78734524df7b6c7e71d/detection

gurnard.sbs
mbantilanda.top
mbenza.top
boston.gurnard.sbs
colorado.gurnard.sbs
denver.gurnard.sbs
montana.gurnard.sbs
dick2.mbenza.top
dick4.mbenza.top
dick6.mbenza.top
dick8.mbenza.top
file.goosenecks.sbs
fun.goosenecks.sbs
job.goosenecks.sbs
nensi1.mbantilanda.top
nensi3.mbantilanda.top
nensi5.mbantilanda.top
nensi7.mbantilanda.top
work.goosenecks.sbs

# Reference: https://twitter.com/malwrhunterteam/status/1636480630350331910
# Reference: https://www.virustotal.com/gui/file/c6cbe381d581107b6531067e9108febd3016c9335c1d773e1b1e0ee435525111/detection

csl-invest.com
sony.csl-invest.com

# Reference: https://twitter.com/malwrhunterteam/status/1637072764174585856
# Reference: https://www.virustotal.com/gui/file/388e1f36d35dcbe4675821f4104514f66bcefdee33752acad874e45bdf44499a/detection

meubooking.com.br/2023/reservations.php?file=

# Reference: https://www.virustotal.com/gui/file/20ca052bc52642c405973b7085edbb40b22aa28d7e781dddc43760097ea58722/detection

a0745450.xsph.ru

# Reference: https://www.virustotal.com/gui/domain/skynetx.com.br/detection
# Reference: https://www.virustotal.com/gui/file/32100b2bece73242da58c2bfd1e8e335e3616c6346c54464e9c0d3453bfd1f6a/detection

skynetx.com.br

# Reference: https://twitter.com/jaydinbas/status/1637806949931577354
# Reference: https://www.virustotal.com/gui/file/b54853a58dbd27ba8dfa978cdcd28327b66ba7359d4b14a3a3f105b63595809d/detection

http://149.28.140.122
techvibeo.com

# Reference: https://twitter.com/doc_guard/status/1637932033765769220
# Reference: https://www.virustotal.com/gui/file/58e6856571868d55dbfd636710ac2590c574589c7609402d5f7cdba17ba78653/detection

gripaco.gr

# Reference: https://twitter.com/StopMalvertisin/status/1638202950928703490
# Reference: https://www.virustotal.com/gui/file/1a0dbaef78cc34c9d60972aec1f89e20ea9cbddad07ce897a2552a719919d8db/detection

http://35.177.182.187

# Reference: https://twitter.com/jaydinbas/status/1638532960595898368
# Reference: https://www.virustotal.com/gui/file/56425e7b644e91d929186a11704b92a657f970b1e3ea32c249b0d2ab95f83fd4/detection

ntc-netpk.serveftp.com

# Reference: https://twitter.com/malwrhunterteam/status/1639320109130063872
# Reference: https://www.virustotal.com/gui/file/783d6753583a5d4a01fdd93d242e29f76324625d3b1c701a3fac161aa325bfce/detection

grconstdesign.com

# Reference: https://app.any.run/tasks/39a97065-c83c-472c-9976-78601a55ffde/

185.12.45.26:41043

# Reference: https://twitter.com/r3dbU7z/status/1639938724711616512
# Reference: https://www.virustotal.com/gui/file/4f74acef6d7c54e20e37dc1023dbf0e16af6e942ac6b401be6dc24ae4f1079ee/detection

http://103.123.242.104

# Reference: https://twitter.com/sicehice/status/1640160970994753537

185.225.74.72:8000

# Reference: https://twitter.com/sicehice/status/1640172761594335232
# Reference: https://www.virustotal.com/gui/file/7b67e609cebf71e73de96164e0aab3f119167d5857b51393c22c5f68e0eb147b/detection

http://18.218.30.74
flb.itplushost.com

# Reference: https://twitter.com/sicehice/status/1639251947332194305

http://45.33.88.161

# Reference: https://twitter.com/sicehice/status/1639090824540749824

http://45.137.207.151

# Reference: https://twitter.com/sicehice/status/1639052756093743104

35.162.248.7:8000

# Reference: https://twitter.com/sicehice/status/1640816987113762817

141.147.4.146:10000
141.147.4.146:8081

# Reference: https://www.virustotal.com/gui/file/4cd96a6edbd8b5d526a34d6c4bf4396d2d94fd30e2e4d22a7364bf6f6214dbbc/detection

sleda.eu
sleda.sleda.eu

# Reference: https://www.virustotal.com/gui/file/ec56d42e349c438158f5a7f619da9fbf301a22cca63c9332b7323d7f18ebb868/detection

helpachildinukraine.one

# Reference: https://twitter.com/jstrosch/status/1643626772632678402

naostech.org

# Reference: https://twitter.com/shaybt12/status/1644593596690038784

134.209.113.185:8000
206.189.151.223:8000

# Reference: https://twitter.com/0xToxin/status/1645076370685411333

http://45.88.67.75

# Reference: https://twitter.com/jstrosch/status/1645461105039253505

54.224.107.126:8080

# Reference: https://twitter.com/sicehice/status/1645494638285922322

http://3.129.51.198
3.129.51.198:443

# Reference: https://twitter.com/sicehice/status/1645500578758369307

23.95.222.225:8989

# Reference: https://twitter.com/suyog41/status/1646145074244321282
# Reference: https://twitter.com/suyog41/status/1646145077016666118
# Reference: https://www.virustotal.com/gui/file/e61ad1ca19a69d4c85b91d8b7b69cf08413fd78fd7df1c878a10a4c5b4497b9e/detection
# Reference: https://www.virustotal.com/gui/file/063edf9cb113941eb73b3db4a34ac0c9f82a756ded9b0dc974dc9a85b466c169/detection

http://146.190.207.64
http://167.71.11.62
146.190.207.64:8080
167.71.11.62:8080

# Reference: https://blogs.jpcert.or.jp/ja/2023/04/parallax-rat.html (Japanese)
# Reference: https://www.virustotal.com/gui/file/1973d7b2bf9877208fc751868aadd2810fbd72693f7fe090c926505714284cec/detection

http://171.22.30.220
http://179.43.154.184

# Reference: https://www.fortinet.com/blog/threat-research/malware-disguised-as-document-ukraine-energoatom-delivers-havoc-demon-backdoor
# Reference: https://otx.alienvault.com/pulse/6438008e68e96dc4eb0c9506

ukrtatnafta.org

# Reference: https://twitter.com/malwrhunterteam/status/1646609191568658458
# Reference: https://www.virustotal.com/gui/file/6fdfb56033dd92edfde1461cab42042d38ce43b8f2cb75872e7435e62ed744ca/detection

http://37.220.87.53

# Reference: https://www.virustotal.com/gui/file/26db654aae8f2a5e149ad19d76f6e6762613b211261dd47267c90f3476f3d5c4/detection

fvia.app

# Reference: https://twitter.com/malwrhunterteam/status/1648632414053310469
# Reference: https://www.virustotal.com/gui/file/3bc92870934e54ac014d8e8b4b33db27b4cbc4bd3d6a0f4ce659c36b110a138b/detection

207.246.123.37:8000
207.246.123.37:8880

# Reference: https://www.virustotal.com/gui/file/af9977c76770b364ea633569bee7e8da713028fadfee1b6dd7a96884e110bfe8/detection

hardcore-mountain-97323.pktriot.net

# Reference: https://twitter.com/malwrhunterteam/status/1649049054540886020
# Reference: https://www.virustotal.com/gui/file/b88eb7ca0239f6d67531d33459415b8d1d0fa6db72293b5b6cf722a366ae660c/detection
# Reference: https://www.virustotal.com/gui/file/e67048add2dcbb9758bd5443b546786a9153ad39e5e467743b43fb5035747f60/detection

uk-leninsky.ru

# Reference: https://twitter.com/k3yp0d/status/1649047745813164032
# Reference: https://www.virustotal.com/gui/file/67fec790c36ca34844e6a0ba9c49e1ab1f150905ff412cd9ece72608997a15d3/detection

platform-intranet.com

# Reference: https://twitter.com/sicehice/status/1649226590507638784

173.208.220.134:8080

# Reference: https://twitter.com/sicehice/status/1649228136448507911

31.220.76.24:9000

# Reference: https://twitter.com/0xperator/status/1650252120736579587

179.43.141.100:444

# Reference: https://twitter.com/sicehice/status/1650306036434100227

136.244.84.50:8022

# Reference: https://twitter.com/sicehice/status/1650287853606248448

42.2.155.80:8080

# Reference: https://twitter.com/ULTRAFRAUD/status/1650604698141859853

jiayi-luxury.com

# Reference: https://twitter.com/sicehice/status/1650692593175470080

42.194.164.247:1234
42.194.164.247:8000

# Reference: https://twitter.com/sicehice/status/1650684759314518017

http://152.228.175.85

# Reference: https://twitter.com/sicehice/status/1650682009923072001

http://185.193.125.34

# Reference: https://twitter.com/sicehice/status/1650678836399316994

198.58.102.19:9030

# Reference: https://www.virustotal.com/gui/file/9e9cdb82750b93e9e14fbb09e25cd9ee84d74b8383362cba8f66c3cfed99b9ec

bibutik.com.tr

# Reference: https://www.virustotal.com/gui/file/7f482c7d24e7191746061169e8bb9d329026638be072bf4526a2509b34ccf32c/detection

http://45.82.69.203

# Reference: https://twitter.com/MichalKoczwara/status/1650887693402882050

167.172.44.218:8090

# Reference: https://www.virustotal.com/gui/file/0a8616d62d28ed7d8ef580784dee2fc816f8d5200e339e69f925078b288a6d7b/detection

http://45.82.71.119
45.82.71.119:443

# Reference: https://www.virustotal.com/gui/file/2d9f0179595ba0a74803c5d3446a1d63c0769f2356632ee55ba2095b6fbfcd1b/detection

http://45.67.228.48

# Reference: https://twitter.com/doc_guard/status/1651554422974021632

http://149.102.255.183

# Reference: https://twitter.com/malwrhunterteam/status/1653055096295399425

http://46.175.149.13

# Reference: https://twitter.com/malwrhunterteam/status/1654021997762949120
# Reference: https://www.virustotal.com/gui/file/e6f07bf2d3a44eefe22b64ecb5513a6cad5039df5fe055afff6a5c5098750265/detection

corporacionhardsoft.com/x/file.html

# Reference: https://www.virustotal.com/gui/file/b6ba28cd7e6152eca49b060e78ae19121f9b3d4cb9c87743843a076d73f191a1/detection

http://109.206.240.64

# Reference: https://twitter.com/malwrhunterteam/status/1656221999411101696

http://185.225.69.226
/Zhongguos8/bnghjrtytyyu6666.png
/bnghjrtytyyu6666.png
/Zhongguos8/

# Reference: https://twitter.com/sicehice/status/1656865587874725893

43.226.26.60:8000

# Reference: https://twitter.com/WhichbufferArda/status/1657110430806953999

http://51.79.241.228
51.79.241.228:8008

# Reference: https://twitter.com/ULTRAFRAUD/status/1657404232809496577

http://198.13.56.131

# Reference: https://twitter.com/r3dbU7z/status/1657789649329299460
# Reference: https://www.virustotal.com/gui/ip-address/5.135.199.12/detection

npmrepos.com

# Reference: https://threatfox.abuse.ch/ioc/1087357/

http://138.197.96.208
/BVvzsHfP/Uni.bat
/BVvzsHfP/

# Reference: https://www.virustotal.com/gui/file/63ddb34c0196ad0597464fcc39667e2410bbfcd51ffb5d52e69081bb342531ca/detection

http://107.189.11.87
http://149.102.225.1
pel63.bio
/bShxYysy/

# Reference: https://twitter.com/suyog41/status/1660893657623347200
# Reference: https://www.virustotal.com/gui/file/459d3d75db323b230afc26b1f5bf2ea40591eeb7bb3d4927f87f302b71108e24/detection
# Reference: https://www.virustotal.com/gui/file/42f3651063202a8fd42021a1ffc27bd1b9709779ec10654368ea34d8f047d08b/detection

3.67.12.158:4444

# Reference: https://twitter.com/1ZRR4H/status/1662273718251401217

http://139.99.155.76

# Reference: https://www.virustotal.com/gui/file/05ed683ee4ff09df5c1d3b9a504465630c26a33621feaa546eb12c79bd6d719c/detection

http://159.65.42.223

# Reference: https://twitter.com/malwrhunterteam/status/1662035432748507136
# Reference: https://www.virustotal.com/gui/ip-address/172.93.179.29/relations
# Reference: https://www.virustotal.com/gui/file/1e12506f7967910d6edad3eb0488edbcdc2566067ad6c2697c5d36b2becb62f3/detection

jaic-vc.co.in
crypto.jaic-vc.co.in

# Reference: https://twitter.com/d1savow3d/status/1658184832118059008

http://143.198.179.233
http://157.230.81.104

# Reference: https://twitter.com/d1savow3d/status/1656389039543517186

http://143.198.167.100
http://147.182.215.193
http://198.211.103.229

# Reference: https://twitter.com/d1savow3d/status/1656022810496573455

http://137.184.136.226
http://204.48.20.36

# Reference: https://twitter.com/d1savow3d/status/1598741744304017409

http://45.32.88.76

# Reference: https://twitter.com/d1savow3d/status/1583537021334659072

http://146.190.213.228

# Reference: https://twitter.com/d1savow3d/status/1582840515061436416

http://142.93.113.157

# Reference: https://twitter.com/d1savow3d/status/1582425215602110464

http://165.22.5.227

# Reference: https://twitter.com/d1savow3d/status/1582500814832050176

http://137.184.152.116

# Reference: https://twitter.com/d1savow3d/status/1582102016087953408

http://165.22.180.224

# Reference: https://twitter.com/d1savow3d/status/1579929145689395201

http://137.184.77.141

# Reference: https://twitter.com/d1savow3d/status/1578479921030389766

http://67.205.172.95

# Reference: https://twitter.com/0xToxin/status/1661766093566771201
# Reference: https://gist.github.com/kirk-sayre-work/2fff45b0e07b37a59dcf4cff423440be

http://159.203.143.66
vincentnicotra.com

# Reference: https://twitter.com/malwrhunterteam/status/1669663265171947525
# Reference: https://www.virustotal.com/gui/file/2627c86fd8f42d1d6fee45550e3fc9c6e0d4cd02a2d16d599d333b4cc25b3e3b/detection

rsvydaaqhgw.workers.dev
twilight-silence-6b2f.rsvydaaqhgw.workers.dev

# Reference: https://www.virustotal.com/gui/file/c149b95c4ff79668ca124cb218bf2f2b5fc8bf90372848370450ca94644d876d/detection

http://103.131.56.71

# Reference: https://www.virustotal.com/gui/file/c148a834aae7a530a727075b67a54ecb477224b2caffa6416ae622c2485be063/detection

103.149.46.177:22
htaturnerforlifeboyyy.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1679891135068614671
# Reference: https://www.virustotal.com/gui/file/dfdb1fb94f77d5c84b1f5095dcb23999f5b105ac9c83bff13a02159b8ba77151/detection

185.209.31.133:8889

# Reference: https://www.virustotal.com/gui/file/05d926f3a1c691ee095a7b8fab6487ae1c7d6266a81d8c2ff9b441883055fa20/detection

http://194.147.84.197

# Reference: https://www.virustotal.com/gui/file/24da2c24a97e13c3fd164b441d6a7116bffb56b691b9165ae53583db5bd70c6e/detection

http://217.195.203.216
cpufan.club
d.cpufan.club

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html

http://172.245.244.118
balkancelikdovme.com
bridgefieldapartmentsapp.ie
cargopattern.shop
chemaxes.com
designwebexpress.com
dhqid3b4b9u6ecv6jcxva0f.webdav.drivehq.com
dhqid45r064utd5gygt2jy6.webdav.drivehq.com
dhqid5neul4wc9w74pynlrs.webdav.drivehq.com
dhqid9pjapv63d8xvji8g4s.webdav.drivehq.com
dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com
dhqidee98lja03f52atdmii.webdav.drivehq.com
dhqidfvyxawy0du9akl2ium.webdav.drivehq.com
dhqidgnmst61lc8gboy0qu4.webdav.drivehq.com
dhqidhhva53s2qvmxwxtkrm.webdav.drivehq.com
dhqidhx2c2f2oc8lccg38tx.webdav.drivehq.com
dhqidk9oi3yuhf43sb05xgn.webdav.drivehq.com
dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com
dhqidlu10mna2tuk2qfoaew.webdav.drivehq.com
dhqido7gy8hiehwprjhli16.webdav.drivehq.com
dhqidoakoljbb9jnbssiau2.webdav.drivehq.com
dhqidqot3k8sh7ve2ns9nry.webdav.drivehq.com
dhqidvdosqx8tu0vq1h1d1g.webdav.drivehq.com
dhqidvjn6bfvi00cb0834a3.webdav.drivehq.com
dhqidvooruijtwg0lyucl5s.webdav.drivehq.com
dhqidwhws4rkw80f312lkpm.webdav.drivehq.com
efghij.za.com
fashionstylist.za.com
internetshortcuts.link
landtours.rs
lfomessi.za.com
pdf-readonline.website
reasypay.sa.com
seductivewomen.co.uk

# Reference: https://www.virustotal.com/gui/file/685d08cf7ea497dfc2d06d7ef5e1adecb2e8716c318426941fe7af6af34e9030/detection

ntihk.net

# Reference: https://www.virustotal.com/gui/file/2750db58bd94b97aa33fb563461c528c54eb3f08f3315b0648291842576e6857/detection

http://192.3.243.146

# Reference: https://www.virustotal.com/gui/file/05f3c3043ce59ea4711d0a090e69382370be2a8ad4f2526260c57eafe305e1fc/detection

http://192.3.243.148

# Reference: https://www.virustotal.com/gui/file/7836e87fff64da8f169c2253b9fa7bbc0ce8b52b3fb398a56ee1df7dea262818/detection
# Reference: https://www.virustotal.com/gui/file/2311d9faffb1402345d8998e421e39807ae349677a61008e0452c232951eeca0/detection

http://192.3.243.150
serverftp.online

# Reference: https://www.virustotal.com/gui/file/2a80e7804960d16a1b89bd8e46ba60cc697a396926edba4d3ca0ea0653b90fdd/detection

http://192.3.243.151

# Reference: https://www.virustotal.com/gui/file/8c4bc6ed9991809c5bd70ebd6b31ac467b7a994e023f4442a1330f97d8b7181b/detection

http://192.3.243.152
http://31.42.186.198

# Reference: https://www.virustotal.com/gui/file/17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f/detection

http://107.175.202.15

# Reference: https://twitter.com/sicehice/status/1675999361585786880

20.94.82.221:8000

# Reference: https://twitter.com/sicehice/status/1675282674108317696

45.77.124.153:8081

# Reference: https://twitter.com/sicehice/status/1668834356444446722

http://174.49.101.134

# Reference: https://twitter.com/sicehice/status/1658975084973903873

http://3.112.222.230

# Reference: https://twitter.com/sicehice/status/1658227388117839874

http://95.179.206.132

# Reference: https://twitter.com/sicehice/status/1658223115564982273

http://144.126.159.195

# Reference: https://www.virustotal.com/gui/file/487f11c0edc0c2e9450bc3c9b55394d697465c02a2c27baeddd9809f7e1775b4/detection

facturacionmx.click

# Reference: https://www.virustotal.com/gui/file/152c6aa91bc274a0662811c5671f952e44f4f0c72378f667d91a9b4c93a5e4c8/detection

http://91.212.166.12

# Reference: https://twitter.com/c_APT_ure/status/1687562895914041344
# Reference: https://www.virustotal.com/gui/file/1bf287baf71f2a0872005e73399685df6b3a2b27cb2f27511deb4bdf566fbe67/detection

hiqsolution.com/line.exe
thanhancompany.com/ta/line.hta

# Reference: https://www.virustotal.com/gui/file/5cfffe09ec2b4ba2dc5dd6367ad383f95906be1982b0fe3aee1f4d9263b17485/detection

namesilo.my.id

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/08/agenttesla_07-08-2023.json

http://80.76.51.248

# Reference: https://twitter.com/StopMalvertisin/status/1689649264421691392
# Reference: https://threatfox.abuse.ch/ioc/1149430/
# Reference: https://www.virustotal.com/gui/file/00a7657105d9f67c04078a68eff41d222930564b4e48ce5afd18c5540ea54646/detection
# Reference: https://www.virustotal.com/gui/file/027dd65b1a4a9f4df605cc18d9e5a9fdbbfea4decb81d012a97ee4734cbc67b8/detection

http://38.165.12.236
38.55.185.75:6000
juechen.ddo.jp

# Reference: https://www.virustotal.com/gui/file/2566790bc205591858b7158178dc89f117629b9f3fe382dd1d678a0f2e598c1c/detection

http://23.94.239.89

# Reference: https://twitter.com/sicehice/status/1689849369464279040

68.233.113.39:8000
68.233.113.39:8001

# Reference: https://www.virustotal.com/gui/file/3bdcf101c47a72ac3adee9c56bf0165db266cf23d7699219e64a6a8f22c21451/detection

vuagame.store

# Reference: https://www.virustotal.com/gui/file/75c73628f84e13167d9dda78c47e8a7b49545dd278ec9a721d4b08e2a0253fdb/detection

clear.merseine.com

# Reference: https://www.virustotal.com/gui/file/0031733395abd0d1501148b1ff45fd2c831869a6150aee65ba70f01f08029459/detection

http://195.123.226.82

# Reference: https://twitter.com/fr0s7_/status/1691781672511909893
# Reference: https://www.virustotal.com/gui/file/db16d611b7536210a3198e49da828a2092147bf7dee70a66b52e39cd87322389/detection

microsoftdnsserver.xyz

# Reference: https://www.virustotal.com/gui/file/e8114ee5b7d3ccaa7bd6dfaeeea775c3628ea88b96cd496136f7f11bcc4a400e/detection

abkedjypdnbntud.website
fhuapy.abkedjypdnbntud.website

# Reference: https://twitter.com/doc_guard/status/1692569242153955688
# Reference: https://www.virustotal.com/gui/file/476fc61aa532b9bf4cd2742d187c88c09ab72b46b456a732c358df004c8e0e68/detection

18.231.172.130:14666

# Reference: https://twitter.com/1ZRR4H/status/1692651633854079229
# Reference: https://www.virustotal.com/gui/file/d3a293b206d36b03a3cdd24daf32559717577b2bb1daee36182083ba52f5650b/detection

sdocsus.top

# Reference: https://twitter.com/r3dbU7z/status/1692907294478987559
# Reference: https://www.virustotal.com/gui/file/18ae27a2832341b12e039b37a48cd1d59d1b2529b02c7713e292bf88942ca93a/detection

http://185.106.93.147

# Reference: https://twitter.com/Gi7w0rm/status/1693432581583184029
# Reference: https://tria.ge/230821-bb4qysaa78/behavioral2
# Reference: https://tria.ge/230821-bcdwxsaa79/behavioral1
# Reference: https://www.virustotal.com/gui/file/b1c0cde97930bbfd18ca72f10db85ab335e87a72b685f59ded5f34f3476397ce/detection

45.159.249.119:443

# Reference: https://twitter.com/Gi7w0rm/status/1693604866185117912

139.99.32.95:8000

# Reference: https://blogs.jpcert.or.jp/ja/2023/08/maldocinpdf.html
# Reference: https://otx.alienvault.com/pulse/64ee05533831ae24210ee53d
# Reference: https://www.virustotal.com/gui/ip-address/179.60.147.105/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.60.147.117/relations
# Reference: https://www.virustotal.com/gui/file/ef59d7038cfd565fd65bae12588810d5361df938244ebad33b71882dcf683058/detection
# Reference: https://www.virustotal.com/gui/file/098796e1b82c199ad226bff056b6310262b132f6d06930d3c254c57bdf548187/detection
# Reference: https://www.virustotal.com/gui/file/5b677d297fb862c2d223973697479ee53a91d03073b14556f421b3d74f136b9d/detection

cloudmetricsapp.com
web365metrics.com

# Reference: https://twitter.com/doc_guard/status/1693950989064093968
# Reference: https://app.docguard.io/16c72e6b9b5c0dbe5bc34b97aad5159e642bce43071ce7c81472ff3f8346be40/results/dashboard
# Reference: https://www.virustotal.com/gui/file/16c72e6b9b5c0dbe5bc34b97aad5159e642bce43071ce7c81472ff3f8346be40/detection

paynet.group
support-microsoft.paynet.group
vendor-compliance.paynet.group
work-from-home-survey.paynet.group

# Reference: https://twitter.com/milannshrestga/status/1694571988227117442
# Reference: https://tria.ge/230824-ge513sbh5y/behavioral1

businessai.cfd
businessai.click

# Reference: https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/
# Reference: https://otx.alienvault.com/pulse/64c80a42487c59686ed640a3
# Reference: https://www.virustotal.com/gui/file/293fe23849cffb460e8d28691c640a5292fd4649b0f94a019b45cc586be83fd9/detection

http://216.41.162.172
http://216.51.171.17

# Reference: https://www.virustotal.com/gui/file/e3602d0eb7149004ae6cf4befec8c6d61ac391189122744fff4a1de2cdad4aa3/detection

http://85.208.139.229

# Reference: https://www.virustotal.com/gui/file/37df15fbc780ef089ffffb6be8a98dfd8f3cb189b1e2a21d3bb223b81332d49e/detection
# Reference: https://www.virustotal.com/gui/file/9b67faeed1ff38ac5a56953393a435fcab6361d63c7d8a506f79b9bf73fb8b39/detection

136.144.41.183:7003
dswa.1337.cx
kjjjk.3dxtras.com

# Reference: https://www.virustotal.com/gui/file/003ee41e4d27f0bf81525803dd60574b1f549bb1c3bf0cf5e0562509db9615aa/detection

contador5xm.hopto.org

# Reference: https://twitter.com/ThreatBookLabs/status/1695424354341814283

speeed.zapto.org

# Reference: https://www.virustotal.com/gui/file/c6259991c47586a6faa18f9c6a27da350f21d71f5f302e7225ee1b20592f2c26/detection
# Reference: https://www.virustotal.com/gui/file/5b59f275972284a4055169924527cb8819644a070a7332d9063c03ce9184863d/detection

thisinhthanhlichh.io.vn

# Reference: https://www.virustotal.com/gui/file/59f96d0f56ac5457e684aae0fd3479969e68878f3ad222661e484931a65877ed/detection

http://153.127.35.128

# Reference: https://www.virustotal.com/gui/file/2d5751825043ca6cd2d3faf768a23dba6496e3cf304a6dde3fe380c17911377b/detection

aselectricalpvt.com/wp-content/themes/porto/css/Porto-Font/sserv.jpg
belfort24.com/wp-content/themes/Newspaper/images/demo/sserv.jpg

# Reference: https://twitter.com/fr0s7_/status/1696633267552751992
# Reference: https://www.virustotal.com/gui/file/443f05d26f6c05ad62a45b0fc5fe620e006702cff3b28606fcfc08fffd762a40/detection

185.244.51.134:6600
instructsia.zip

# Reference: https://twitter.com/Dkavalanche/status/1697244028331581684

empersamx01.lifehealthcares.com
refsat100236.lifehealthcares.com

# Reference: https://twitter.com/souiten/status/1697552282613948615
# Reference: https://www.virustotal.com/gui/file/5e914133503e60491b445e5a06f3fa8144463340a3c9dc6d875bbfdcd6ff7f55/detection

http://54.71.250.16

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/e9038b523a2787127643bec36e30377c44d92927

/work/Elpuxpkilck
/Elpuxpkilck

# Reference: https://twitter.com/0x6rss/status/1699023755668828231
# Reference: https://twitter.com/noexceptcpp/status/1699116561120817630

change-infos.com
fr-address.com
post-infos.com
mailgo24.sbs
newall-getrenew.digital
pr24note.info
wholeadress-renew.digital

# Reference: https://twitter.com/malwrhunterteam/status/1699115395989271035
# Reference: https://www.virustotal.com/gui/file/02190852aa191c4ff6d22136cabf24d3b396c6a776187fcde523d38b9a33e13b/detection

52.147.196.140:9000

# Reference: https://twitter.com/malwrhunterteam/status/1699125348510699957
# Reference: https://www.virustotal.com/gui/file/8cdfa4962c2acf5912d41f3f748b066966d273b4c898e1e3a5b78fba3eb20a84/detection

ckvjn0w2vtc0000jnq7ggj73ktyyyyyyb.oast.fun

# Reference: https://twitter.com/malwrhunterteam/status/1699310236534727142
# Reference: https://www.virustotal.com/gui/ip-address/144.91.112.240/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.192.96.184/relations
# Reference: https://www.virustotal.com/gui/file/b08c9c6416ab236fa3ca56b53994cea8fdb8a4123601b75f368e6ed2b67a705a/detection
# Reference: https://www.virustotal.com/gui/file/c4a78c5bab3902724a58731290ed549ae675793084f2f06bcf18fa10e8d38590/detection
# Reference: https://www.virustotal.com/gui/file/e3a8160483749aeab36cc52e221a65cde7aa1e1c58e7085226b962b8a736f3c9/detection
# Reference: https://www.virustotal.com/gui/file/ee6fc963e2c18daede818638bcfdf5f4f09b1ddee17d156f4e9785f1562865a7/detection

avkeyfinder.shop
avkeyfinder.store
downloadalpha.store
invoicedownload.info
payorderreceipt.info
revmail.one
scandocument.online
tautvydastijunaitis.com
zzlsteel.cc
/invoicep/scandavn2281728191
/scandavn2281728191

# Reference: https://www.virustotal.com/gui/file/41a652807b0e7c4b8c726fe70850c57b0897da1c96a105dcdb48a76566f434b9/detection

clk-info.ru

# Reference: https://www.virustotal.com/gui/file/0190e867668e9be091e3d52261b62ef9b65059565ec17168813f82e7693af2fd/detection

prkl-ads.ru

# Reference: https://www.virustotal.com/gui/file/108989044c7cd9e9740131a0644d3dc639ea0503cd5cd24c4cea6f724cc1e2e0/detection

prkl-ads.site

# Reference: https://www.virustotal.com/gui/file/963915492c0b0cfff08133e7ff349ac12f87bac5cb0b2e409c41ac957b531fdd/detection
# Reference: https://www.virustotal.com/gui/file/a4503f116394ceace2824dc1ee93819f3361b310c2576e03bdb2b8250fc377f9/detection

mookmook.online
zoolzool.online
trust-flare.ru

# Reference: https://twitter.com/1ZRR4H/status/1699930507276882240

2478dotfarm.site
mega378-fon.site
super-mega378.site
super56fall.online
top789market.online
top789market.site
trill-gone123.site
true-storm89.online

# Reference: https://twitter.com/doc_guard/status/1700182765717618802
# Reference: https://www.virustotal.com/gui/file/8f6ef41f653c7f01a5105f48277e683727470996d9f53dd245c8aa3a102bb6a3/detection

cn3.site

# Reference: https://www.virustotal.com/gui/file/01280c214895175d13b04a2c0437bf73c859a6a48199b91618d1a0adb886b6c5/detection

185.154.14.5:30000

# Reference: https://urlhaus.abuse.ch/browse/tag/exe/

185.209.230.21:8080
192.236.199.167:4256

# Reference: https://twitter.com/malwrhunterteam/status/1700105820644462736
# Reference: https://www.virustotal.com/gui/file/e11f0b388f00b177ee036de39d352b503408d9b313307848f1cdd4d9b11c6733/detection

http://104.168.204.165

# Reference: https://www.virustotal.com/gui/file/1788f34dfd88047906a12007c9f7870d23656ba85c186bba00821879c4276b2a/detection

cristinaamaro.com
lintingdaun.com

# Reference: https://www.virustotal.com/gui/file/037ea773b9fb5ebd2db940df9141f566bc4651d9d718440ee52b716cf479af17/detection

invertirenmercados.com

# Reference: https://twitter.com/Jane_0sint/status/1701545803741905182
# Reference: https://www.virustotal.com/gui/file/2941a93ff5c576dd0c1a26065eb7f373c6a8a1899aea54c325afee59b22187be/detection

106.14.149.15:88
47.100.240.250:6900

# Reference: https://www.virustotal.com/gui/file/04dc1b7849b83258ee101df7f1ee50900d18c2a598a59e08bcedbaa5629cd763/detection

http://45.144.136.14
/1337/loader

# Reference: https://www.virustotal.com/gui/file/b9bebbc0c45cbc87124ba497cb7b7f15fbac6e39535869ae006a950ac04ea285/detection

issue.homes

# Reference: https://www.virustotal.com/gui/file/08ccb639d18f192ab8120a9c5e2b9eb1499ab6e948aa25d8f108ed49228366ce/detection

http://193.42.33.63

# Reference: https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html
# Reference: https://www.virustotal.com/gui/ip-address/193.106.175.107/relations

12301230.co
40031.co
abccba.co
adaytriana.co
almaliam.co
chloemario.co
danielamanuela.co
helenaasier.co
isabelmartin.co
laiamia.co
martaafrica.co
martinpol.co
ola007.co
samuelelena.co
santiagocarlos.co
terms2023.co
uno230.co
updated-2023.co
updated-terms.co
updatedterms2023.co
violetavera.co

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-15%20AsyncRAT%20IOCs

49dprq8p.r.eu-west-1.awstrack.me
tax-form-docoments.blogspot.com
labradorinblack.com/.do/
labradorinblack.com/.f/

# Reference: https://threatfox.abuse.ch/browse/tag/UNAM/

http://129.151.135.50
http://145.131.31.175
http://15.188.54.35
http://155.248.230.159
http://172.104.103.158
http://178.124.176.209
http://185.225.75.76
http://34.125.225.70
http://45.143.147.184
http://5.181.80.113
http://51.38.81.65
http://78.85.121.201
https://193.105.135.135
https://45.67.230.182
https://47.87.145.154
https://87.254.9.5
https://95.214.24.45
14.225.8.224:8080
212.64.217.73:4000
5.135.50.76:8080
64.225.66.198:18080

# Reference: https://twitter.com/0x6rss/status/1703520178691084410
# Reference: https://www.virustotal.com/gui/file/1c0e4f0434fd44820a9ae3521c2e2d42008b081835300fefb52830b6542950d2/detection

159.69.11.30:7000
159.69.11.30:8080

# Reference: https://twitter.com/r3dbU7z/status/1703747280208298334

primeworldwide.org/PostOnce/

# Reference: https://www.virustotal.com/gui/file/64411e51808db35eb23325b25eb8559a0b9b035c21984276b62dc99e9ea726c2/detection
# Reference: https://www.virustotal.com/gui/file/96577c22329073d0846f6911b0e72d9bf414b8cdce96a93231a15878fe67b117/detection
# Reference: https://www.virustotal.com/gui/file/12783152a098c1af9f23f0c802f5a4f94c67402224c3003dbe26367695ffd1f1/detection

http://173.44.141.131

# Reference: https://twitter.com/malwrhunterteam/status/1704142716941066346
# Reference: https://www.virustotal.com/gui/file/0fb7f966b968c944157309a1a742a5574b481686dc8b9b3e6655dc71bef84fa3/detection
# Reference: https://www.virustotal.com/gui/file/6ce6307f7b5d6c5760c85f36465fffb2b56c66518dfbf2ab37b2a2cf8b3725f2/detection

akteam.team
5bU6zqih3rLtAT.sce1.user.computer.computer.b.akteam.team
5bu6zqih3rltat.sce1.azure.azure-pc.azure-pc.b.akteam.team
5bu6zqih3rltat.sce1.george.desktop-b0t93d6.desktop-b0t93d6.b.akteam.team

# Reference: https://twitter.com/malwrhunterteam/status/1704231060865778097
# Reference: https://www.virustotal.com/gui/file/97240a5b528433677bee9cc89e4f9fd7896bd77a30b0903b20bd6c9e3b23f694/detection

http://45.154.98.209

# Reference: https://www.virustotal.com/gui/file/b406ace674e14a74ec32869f7a143d53e812ff5713eec7513871dc2ed51cf65e/detection

cornbascet.site
wjriehl.com

# Reference: https://twitter.com/malwrhunterteam/status/1704483766461173984
# Reference: https://www.virustotal.com/gui/file/3af0a90d9a3cd77aa0353ec59bd8129fb799ee72daa6e61555c6228219385d43/detection
# Reference: https://www.virustotal.com/gui/file/64e733d51b0e03957003f0b5e424efd1068f331226880e0c212de2c29b2a38d6/detection
# Reference: https://www.virustotal.com/gui/file/1169c5ba2feae0192d2d8d45ce2fc3456bca1d6633d46b0f219bd62fddcca922/detection

http://89.23.100.222

# Reference: https://twitter.com/0xToxin/status/1698972467555889532
# Reference: https://twitter.com/JAMESWT_MHT/status/1699053975490949208
# Reference: https://twitter.com/JAMESWT_MHT/status/1705109356956574079
# Reference: https://twitter.com/JAMESWT_MHT/status/1705205457483350444
# Reference: https://www.virustotal.com/gui/file/717c6d49e4df554a386191492a5b0096dc3d07000de5ed58d2862872ef3b83cc/detection
# Reference: https://www.virustotal.com/gui/file/4babca7c722f8a15f744e27075ddeb2d541940211bf945031e6cced27f60f4bd/detection
# Reference: https://www.virustotal.com/gui/file/5ca151c69317137a321c909fd075091f575b71f170413aa474228ba5a60fe6cd/detection
# Reference: https://www.virustotal.com/gui/file/8684d345cdc78cc9460541d0924440087e6d47814b1485e0736fcc68077bce12/detection

247info.click
hide04.xyz
reshuld247.click
instance-m73xwc-relay.screenconnect.com
instance-sjnih6-relay.screenconnect.com
instance-v6ojw1-relay.screenconnect.com

# Reference: https://twitter.com/malwrhunterteam/status/1704961734149046441
# Reference: https://www.virustotal.com/gui/file/6dfb5bfb256efe7f2952f8c21f08e6a2bbbba7022e6317b80acc12b6841b1264/detection

kads.kr/plugin/sns/facebook/src/update/

# Reference: https://www.virustotal.com/gui/file/fa406c532ea3d7cae05411df0ed5a541630a07f26a247a22d907f424397c72ce/detection

sahmanapah.sns.am

# Reference: https://twitter.com/ULTRAFRAUD/status/1705209115000070206
# Reference: https://www.virustotal.com/gui/file/60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d/detection

46.151.24.25:8000
46.151.24.25:8080

# Reference: https://twitter.com/r3dbU7z/status/1704468416491409784

http://198.74.110.88

# Reference: https://www.fortinet.com/blog/threat-research/new-midgedropper-variant
# Reference: https://otx.alienvault.com/pulse/650815eae6309eba75a1d6a2
# Reference: https://www.virustotal.com/gui/file/4345a92dfbb18d66609ab445df9d4cdd8dfb972d1872c5817c3556371a05301c/detection

http://185.225.68.37

# Reference: https://www.virustotal.com/gui/file/5fe0500266860557912ff1d77ed5e386f4c849bf21891e46dedabad62d78d328/detection

http://2.56.57.147

# Reference: https://www.virustotal.com/gui/file/3b4113baf10a48f03cf288abc2953e183d3990fcaa11e416fedc6815823a139b/detection

hitech.instanthq.com

# Reference: https://www.virustotal.com/gui/file/24826c443e96f3f424198cf9b00bb5649595113307632d69b92e3d8070e6d525/detection

170.178.190.213:25075
maggie-greene.instanthq.com
vmjudf58h.maggie-greene.instanthq.com

# Reference: https://twitter.com/R3dHash/status/1705381311861661828

http://5.252.22.56

# Reference: https://www.virustotal.com/gui/file/22b0640066bf4746059b7e6057520776160a4c0fbb3dbdd5ac39f8ca9b1b860b/detection
# Reference: https://www.virustotal.com/gui/file/372198d2d295710f68d8894514d8c2b9e66655b7ede190a5dd02423bc7d0ab0f/detection

213.152.160.142:5401
23.227.206.142:5401

# Reference: https://www.virustotal.com/gui/file/0e7ac22489f0f0bbaf026cb56b0012ebdf18eb0b176d3655d5a245507e4313aa/detection

http://185.228.72.8

# Reference: https://www.virustotal.com/gui/file/0d3d678e767b06171022cdb1d9997257078f75de7070b7e9fa620eea7629647d/detection

http://79.110.49.55

# Reference: https://www.virustotal.com/gui/file/ce9afd85592a8a55ee6d020b3582644e0e1249571a0443757cc31d7214597a78/detection

http://45.88.66.43
/meemmmeemmee.txt

# Reference: https://twitter.com/0x6rss/status/1706641285329703155
# Reference: https://www.virustotal.com/gui/file/100f8ee11d41f374890b20af724154977405b23983a66b18f9728daf3211c3ae/detection
# Reference: https://www.virustotal.com/gui/file/7829789bb0290ad34295531e1fb55c2bcedf839062fddd1ddaf98852ad5a5419/detection

http://103.38.236.46
103.38.236.46:443
recipemedical.com
cynical-drink.aeza.network

# Reference: https://twitter.com/James_inthe_box/status/1706655766709768273

66.94.97.98:8080

# Reference: https://www.virustotal.com/gui/file/6925b7c34ad3c1bf662370fa0b5e6fdad8e37f28736c27bef74c5835971d2ea7/detection

aflomusic.com
credit-volta.com

# Reference: https://twitter.com/malwrhunterteam/status/1706690313975136529

http://116.203.121.140

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-27%20SocGholish_Lumma%20IOCs

xxxmir.info

# Reference: https://twitter.com/r3dbU7z/status/1707677528100368591

http://45.150.67.7

# Reference: https://tria.ge/210926-r8qtcsfac3/behavioral2

shellloader.top

# Reference: https://twitter.com/malwrhunterteam/status/1707679371270721618

one-clickr.icu

# Reference: https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala

http://4.216.137.19
http://52.253.105.171

# Reference: https://twitter.com/doc_guard/status/1709557264250495203
# Reference: https://www.virustotal.com/gui/file/3e090a3f20ab44f4efec21a7896198035f9076a9badc8764e4a0bd2fe68c45f5/detection

http://172.86.76.208

# Reference: https://twitter.com/1ZRR4H/status/1709989527303979476
# Reference: https://www.virustotal.com/gui/file/0f84c0223414a84ccaae529c25147153a7c12b6427bb9e00d2f2219118657baf/detection

egov-cambodia.com
files.egov-cambodia.com

# Reference: https://twitter.com/Merlax_/status/1710072519795896676
# Reference: https://pastebin.com/ZuX2jtsV

http://104.131.7.178
http://104.131.7.183
http://104.131.7.184
http://104.131.7.92
http://104.248.20.148
http://104.248.6.108
http://137.184.146.225
http://137.184.156.181
http://137.184.156.55
http://137.184.30.149
http://137.184.72.202
http://137.184.74.92
http://138.197.102.160
http://138.197.102.98
http://138.197.108.60
http://138.197.110.113
http://138.197.110.87
http://138.197.28.194
http://138.197.28.197
http://138.197.72.36
http://142.93.233.33
http://146.185.219.57
http://147.182.178.123
http://159.223.15.20
http://159.223.15.35
http://161.35.83.173
http://161.35.93.230
http://164.90.194.79
http://164.90.195.222
http://164.90.197.37
http://164.90.197.7
http://164.90.203.10
http://165.22.214.82
http://167.172.18.102
http://167.71.82.135
http://167.99.78.77
http://178.128.85.57
http://178.62.206.18
http://178.62.209.228
http://178.62.213.189
http://178.62.213.222
http://178.62.213.232
http://180.149.37.12
http://180.149.37.15
http://180.149.37.6
http://180.149.37.62
http://180.149.37.66
http://180.149.37.67
http://185.244.210.144
http://209.97.146.124
http://209.97.146.198
http://209.97.146.210
http://209.97.146.226
http://209.97.146.248
http://45.135.229.117
http://45.80.209.26
http://5.181.27.14
http://5.181.27.211
http://5.181.27.215
http://5.181.27.226
http://5.181.27.23
http://5.181.27.233
http://5.181.27.31
http://5.181.77.145
http://5.181.77.155
http://5.181.77.168
http://5.181.77.197
http://5.181.77.199
http://5.181.77.211
http://5.181.77.213
http://5.181.77.214
http://5.181.77.218
http://5.181.77.226
http://5.181.77.227
http://5.181.77.234
http://5.181.77.242
http://5.181.77.245
http://5.181.77.246
http://5.181.77.77
http://5.188.168.245
http://5.188.228.121
http://5.188.34.92
http://5.8.33.49
http://5.8.33.90
http://5.8.41.242
http://5.8.95.118
http://51.15.8.116
http://51.15.8.34
http://64.225.4.86
http://67.222.10.1
http://89.44.194.141
http://91.236.169.229
http://92.223.30.44
http://92.38.135.141
http://92.38.149.30
http://95.85.72.245
best-national-movers.com
crs.10fw.net
demarcusjtong.icu
dmvcashoffer.org
goldraw188.com
harshsrivastava.online
hktoyexpo.com
kebaikanminyakbidara.com
lifeming.com
min20-finance.com
min20oonline.com
pecahteros.shop
protectiveworlswide.com
pyzikypin.justdied.com
ridesharerevenue.com
southernwealthadvisors.com
sugahicus.com
sugahicuw.com
thehandmadebusinesses.com
thelushdollar.com
thewaystowealthy.com
tigrinhoapp.online
vacantlandreport.com
viablelandreport.com
vividfr.com
weightlossdietcapsule.com

# Reference: https://twitter.com/SecureSh3ll/status/1710788954239193376
# Reference: https://www.virustotal.com/gui/file/fd03ea32f520aa57ee6b4e29eedf1c897857f9368933c2bb3367d2016dc27454/detection
# Reference: https://www.virustotal.com/gui/file/557e3ef6693e6ba4d93908f4fbd5eadee59ffce431f74c57b38718df75efc670/detection

http://154.82.85.42
154.82.85.42:1572
154.82.85.42:8080
fack58.com

# Reference: https://twitter.com/1ZRR4H/status/1711686844490936568 (# CVE-2023-3519, Citrix VPN, Netscaler VPN)
# Reference: https://twitter.com/ValidinLLC/status/1712535238998376611
# Reference: https://www.virustotal.com/gui/ip-address/85.209.11.134/relations
# Reference: https://securityintelligence.com/x-force/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/

cdnjs.live
cloud-js.cloud
cloudjs.live
cloudjs.us
js-cloud.us
jscdn.biz
jscdn.us
jscloud.biz
jscloud.ink
jscloud.live
jscript.live
jscript.us
jscriptcdn.biz
jscriptcdn.live
jscriptcdn.us
jscriptcloud.biz

# Reference: https://twitter.com/whichbuffer/status/1712200899869790319

138.68.162.162:8081

# Reference: https://twitter.com/naumovax/status/1712449056352444730
# Reference: https://www.virustotal.com/gui/file/ec175a771f670fe5c9f7a1756efa74a693254eaaa7a6c5d46fbd9dddbb34e34c/behavior
# Reference: https://www.virustotal.com/gui/file/be46b47e582414db4fe41ca45f4ad180b46ebb101e682a87808b32f2762f7cde/behavior
# Reference: https://www.virustotal.com/gui/file/ce5d3ec4169ff72ee9f164880f8c916ec93c8e409812b464744b91803eceec2c/behavior

http://118.190.154.23
http://121.36.219.126
117.89.178.176:6666
118.190.154.23:8088
120.24.48.197:8009
120.24.48.197:8047
120.27.22.83:5001
120.27.22.83:5002
120.27.22.83:5005
120.78.149.238:12368
121.36.219.126:8088
143.92.35.64:39990
202.124.250.84:8205
202.124.250.84:8219
202.124.250.84:8223
202.124.250.84:8229
202.124.250.84:8241
202.124.250.91:8000
202.124.250.91:8095
203.135.100.66:8024
203.135.100.66:8710
203.135.100.66:8712
43.241.17.49:3031
43.241.17.49:8080
43.248.184.246:8212
8.134.23.213:8500
abc.dahhh.cn
/api/ocrMozilla/5.0
/api/getcontenttitlevariableseparatornumberletterHanzistrco
/api/postcomplete/api/getcontenttitlevariableseparatornumberletterHanzistrco

# Reference: https://threatfox.abuse.ch/browse/malware/vbs.vbrevshell/
# Reference: https://threatfox.abuse.ch/browse/tag/Vshell/

1.12.221.190:4000
1.13.158.52:8082
101.200.161.116:8082
101.200.90.115:8082
101.201.57.139:8082
101.201.79.83:8082
101.35.219.93:8082
101.37.165.37:8082
101.43.129.115:8082
103.12.148.35:8088
103.252.119.151:8082
103.42.179.226:8082
103.42.179.227:8082
103.42.179.228:8082
103.42.179.229:8082
103.42.179.230:8082
103.57.228.100:8082
103.57.228.101:8082
103.57.228.102:8082
103.57.228.98:8082
103.57.228.99:8082
104.208.85.234:8082
106.14.196.216:8082
106.54.209.187:8082
107.148.160.198:8082
107.148.160.198:8087
107.148.160.198:8089
107.151.241.155:8082
107.175.221.48:8082
107.175.28.248:8082
110.40.156.244:8082
110.42.229.51:8082
110.42.64.204:8082
111.231.4.143:8082
112.126.68.27:8080
112.213.108.222:8088
114.115.220.199:8082
114.116.119.253:8082
117.18.7.49:8082
117.50.172.191:58888
117.50.177.128:8080
118.193.40.20:8082
118.195.226.22:8082
118.195.245.162:8082
118.99.32.174:8082
119.45.128.170:8082
119.45.171.202:8082
119.91.219.240:8082
119.91.89.203:8082
120.26.241.209:8082
120.27.223.80:8082
120.46.165.195:8082
120.53.86.130:8082
121.196.202.174:8082
121.229.36.89:8082
122.51.97.82:8082
123.249.100.157:8082
123.249.106.68:8082
123.57.74.206:8082
124.221.145.245:8082
124.222.111.174:8082
124.222.129.148:6001
124.70.202.212:8082
124.71.38.170:8082
128.14.75.45:8082
128.14.75.45:8087
128.14.75.45:8089
134.122.132.51:8082
134.122.132.52:8082
137.175.51.175:8082
139.198.115.86:8082
139.199.181.87:8082
139.224.17.133:8082
139.224.194.38:8082
139.224.216.109:8082
14.22.116.218:8082
142.171.173.188:8082
149.127.236.196:8082
154.201.75.13:8082
154.37.152.26:8082
154.8.204.75:8082
154.91.202.147:8082
155.94.163.251:8082
156.251.172.46:8082
16.171.112.33:18082
162.14.110.131:8082
164.155.206.126:8082
165.22.60.62:8082
171.115.221.205:8082
172.245.92.205:8084
172.247.35.240:8082
172.247.35.240:8087
172.247.35.240:8089
173.82.79.5:8082
175.178.147.242:8082
182.92.127.39:8082
182.92.77.74:8082
193.112.108.217:8082
193.42.32.71:8082
198.44.165.190:8082
198.52.97.143:8082
198.74.117.83:8082
207.148.101.73:8082
216.240.134.17:8082
216.83.44.138:8089
216.83.44.139:8089
216.83.44.140:8089
23.224.121.65:8082
23.224.132.179:8082
23.224.197.71:8082
23.251.32.24:8082
23.251.32.24:8089
27.124.47.147:8088
3.135.65.39:8082
37.44.244.226:8082
38.54.107.228:8082
38.55.144.26:8089
38.6.163.121:8082
38.6.172.245:8082
39.107.239.30:8082
42.193.108.137:8080
43.139.235.58:8082
43.143.225.146:8082
43.156.54.179:8082
43.228.91.222:8082
43.243.73.167:8088
43.254.216.226:8082
45.76.221.240:8082
45.77.176.118:8082
45.77.250.196:8082
45.8.159.17:8082
45.83.151.234:8082
47.103.80.231:8082
47.104.15.215:8082
47.104.241.90:8082
47.104.246.195:8082
47.104.73.41:8090
47.92.199.199:8082
47.93.101.161:8082
47.94.168.41:8082
47.95.156.195:8082
49.232.222.60:8082
61.174.60.155:8082
61.54.27.211:8082
64.176.182.6:8082
8.134.166.14:8082
8.142.104.78:8082
8.217.10.81:8082
8.217.5.132:8082
81.69.191.238:8082
81.71.162.183:8082
82.156.18.214:8082
83.229.67.75:8082
84.32.41.23:8082
96.43.86.12:8082
hfsax.com
hkwzxx.com
sdpwjcj.com
yrsdq.com

# Reference: https://twitter.com/r3dbU7z/status/1713604087520825699
# Reference: https://www.virustotal.com/gui/file/5ba80acd8c4fd67d42aec5c665d3934b7ecffca1b216e910279a1719f40dcdc1/detection

91.207.183.9:8000

# Reference: https://twitter.com/Gi7w0rm/status/1713853872660205585

http://167.99.214.15

# Reference: https://twitter.com/Gi7w0rm/status/1713702882594201975
# Reference: https://twitter.com/sloppy_bear/status/1713903156306870346

http://45.63.7.212
cvpaper.in

# Reference: https://twitter.com/Gi7w0rm/status/1713923723718238600

http://85.214.156.226

# Reference: https://twitter.com/malwrhunterteam/status/1714230086956732842
# Reference: https://www.virustotal.com/gui/file/1dc3418db90285df1aed8b120ad83874a7de713d8def7c30ac3d0c30f635163b/detection

http://89.23.96.63

# Reference: https://www.virustotal.com/gui/file/2827bbea71a2c90a1b3ef41239292c4803b78bd3bc18b7ef810d31bd9952d39c/detection

http://185.254.37.80

# Reference: https://twitter.com/g0njxa/status/1713646692699087328

http://95.181.173.155

# Reference: https://twitter.com/malwrhunterteam/status/1714261624192635237
# Reference: https://www.virustotal.com/gui/file/b9a4327c5d5e4b868ece53e9108cd34adae37992d17a272d56cddc1c343ce401/detection

anyvpns.com
cdn.anyvpns.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
# Reference: https://www.virustotal.com/gui/file/782dbaee36f386468646a765972bbcf2c625d690d922500ba63068fd9ed30934/detection

104.21.55.78:52054
104.234.147.61:52054
172.67.170.192:52054
85.208.107.200:52054
89.23.107.32:52054
jquerywins.com
karelisweb.com
mojenyc.com
mybigeye.icu
notepadxtreme.com
switcodes.com
/?JPBDu=wnAwy
/LXGZlAJgmvCaQfer/
/LXGZlAJgmvCaQfer/rWABCTDEqFVGdHIQ.html
/gYebt/?Buhmz=
/index.php?JPBDu=wnAwy
/rWABCTDEqFVGdHIQ.html

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/10/screenconnect_ultravnc_19-10-2023.json
# Reference: https://twitter.com/JAMESWT_MHT/status/1715187694135922878
# Reference: https://www.virustotal.com/gui/file/2b3006b181e2b12f611638000e355e0fda59c62930c3188739d029892188de34/detection

cryptoapex-invests.com
instance-a3g6br-relay.screenconnect.com
instance-ln8lsc-relay.screenconnect.com
server-nix5f911b27-relay.screenconnect.com

# Reference: https://www.virustotal.com/gui/domain/dr22.biz/relations

dr22.biz

# Reference: https://threatfox.abuse.ch/ioc/1191395/

47.115.230.18:8098

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-10-18-IOCs-from-IcedID-forked-variant-with-VNC-and-Cobalt-Strike.txt

instance-jc1vlj-relay.screenconnect.com

# Reference: https://twitter.com/1ZRR4H/status/1716290332885745949

http://163.123.143.17
http://81.19.140.150
163.123.143.17:445

# Reference: https://twitter.com/karol_paciorek/status/1716395306202358156
# Reference: https://twitter.com/g0njxa/status/1716401754068123784

http://139.59.113.146
b0ru70.github.io
research.plu.ac.th

# Reference: https://twitter.com/malwrhunterteam/status/1716517330602033659
# Reference: https://www.virustotal.com/gui/file/a42303a1baa0b48a95f6eaf6cfba9cef523492d078692cb2a1ab4889337624a6/detection

3pmapps.fun
gnupg.3pmapps.fun

# Reference: https://www.virustotal.com/gui/domain/ctl.sk/relations
# Reference: https://www.virustotal.com/gui/domain/jt-banka.eu/relations
# Reference: https://www.virustotal.com/gui/file/c81f61e669603b59e0b224cf0eb0f86a4d23b9cf050ca484ae87e22b64709a72/detection
# Reference: https://www.virustotal.com/gui/file/b9b0b9284f7db13fa27b7665dcab0482e2a439792e4ead52a4404820c1e5f698/detection

ctl.sk
jt.ctl.sk
mailin1.ctl.sk
mailin2.ctl.sk
jt-banka.eu
365sso.jt-banka.eu
sso365.jt-banka.eu

# Reference: https://twitter.com/Gi7w0rm/status/1716901758348521850

ogenki.com.my
/xsxlzx-shell/

# Reference: https://twitter.com/malwrhunterteam/status/1716907663181902131
# Reference: https://www.virustotal.com/gui/file/77d976b89ab6f65be7fc67673d4016735aafa3abbd33f2f958410d9d4d8d78f5/detection

genbtoomny.click

# Reference: https://twitter.com/r3dbU7z/status/1717062792589586859
# Reference: https://www.virustotal.com/gui/file/b4eb821c7e48bef8495bd3dd4ae9eb71cd2e64ffe098d8773d6efa57a2ebb3bc/detection

http://13.39.110.1

# Reference: https://www.virustotal.com/gui/file/5c34a701dfc8fed23b216a34bdb455e10bc965f29d21f85ece97ca7c74383bd6/detection

mega-z-upload.com
selenundlock.com

# Reference: https://twitter.com/karol_paciorek/status/1717460110627189013

http://47.88.79.56

# Reference: https://twitter.com/doc_guard/status/1717578836777308315
# Reference: https://www.virustotal.com/gui/file/4fabc888fa31352edf90330a5f8d3b75ea510b625c36ff45dee8287beb292c56/detection
# Reference: https://www.virustotal.com/gui/file/4274844d4e8d4337d45f75cf440a97d9c12b15be8ff61ef5cfea7545ce04b69c/detection
# Reference: https://www.virustotal.com/gui/file/40b79fcb5cfc3272ee8a59e223cc310b4d73aac238d3840acd283f801eda3e3a/detection

globaltimedns.top

# Reference: https://twitter.com/r3dbU7z/status/1717681468799844760

bankfcyprus.com

# Reference: https://twitter.com/fr0s7_/status/1717809713205985380

securepdfdocus.biz

# Reference: https://www.virustotal.com/gui/file/ebe0790a4e73314adbf63b910d4435c5a09cd028a606e417cf6f386d7cb7a05b/detection
# Reference: https://www.virustotal.com/gui/file/4cf218aec726274630dba16d9384544c72edc34d4288a1e3b0d786d829524413/detection
# Reference: https://www.virustotal.com/gui/file/ddfdd3542222a4d768bd72424b727474244a6e4b13f81befb9422866c7fdb2f0/detection
# Reference: https://www.virustotal.com/gui/file/c6dc04197194a659ca7906a08ab043307dbaee90ac1d4527529dcc92a2992e59/detection
# Reference: https://www.virustotal.com/gui/file/ad447395730eb6890cc386ba809b77d2a76e33d1b82ebaee1d05f2ee7b441de0/detection
# Reference: https://www.virustotal.com/gui/file/792ac74aff41ec6525b01bdd3a38c0dd7305de1ad94951a79731346fc88c21d1/detection
# Reference: https://www.virustotal.com/gui/file/5178b61c4db461b51537b9de98f59fe18a1b6baf0108e1478ac279a2db708088/detection

103.99.62.15:65422
206.238.199.51:65422
2hao2.oss-cn-hongkong.aliyuncs.com
adll.oss-cn-hongkong.aliyuncs.com
aexe.oss-cn-hongkong.aliyuncs.com
aomeikj.oss-cn-hongkong.aliyuncs.com
conkaikaizjderoujima.oss-cn-hongkong.aliyuncs.com
zhenlong363.oss-cn-hongkong.aliyuncs.com
jbpossa.oss-cn-hongkong.aliyuncs.com
thesonoftheforest.oss-cn-hongkong.aliyuncs.com

# Reference: https://cybersecuritynews.com/confluence-zero-day-vulnerability/ (# CVE-2023-22515, DarkShadow, Oro0lxy)
# Reference: https://otx.alienvault.com/pulse/652832b6f960f3f7421e6da9

http://104.128.89.92
http://192.69.90.31
http://199.193.127.231
http://23.105.208.154
104.128.89.92:443
192.69.90.31:443
199.193.127.231:443
23.105.208.154:443

# Reference: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ (# CVE-2021-1435)
# Reference: https://otx.alienvault.com/pulse/652d723d05fd9cabcde27e54

http://154.53.56.231
http://154.53.63.93
http://5.149.249.74
154.53.56.231:443
154.53.63.93:443
5.149.249.74:443

# Reference: https://twitter.com/leak_ix/status/1719074800314859691
# Reference: https://www.shodan.io/host/38.60.199.10

http://38.60.199.10
38.60.199.10:22
38.60.199.10:443

# Reference: https://threatfox.abuse.ch/ioc/1196777/

116.204.110.99:8082

# Reference: https://threatfox.abuse.ch/browse/malware/win.empire_downloader/

http://164.92.246.33
http://18.221.226.193
http://20.102.61.215
http://218.161.70.146
http://23.96.53.135
http://45.32.81.149
http://45.77.79.14
13.52.36.101:8081
194.9.172.238:1443

# Reference: https://www.virustotal.com/gui/ip-address/188.225.60.5/detection
# Reference: https://www.virustotal.com/gui/file/8888b13dca93c8fb63a8564900ec1c3e03bc10236c5049ec1d703235f50c0349/detection

sarcoma.space
spacatty.fun

# Reference: https://twitter.com/abuse_ch/status/1718890685166755920
# Reference: https://urlhaus.abuse.ch/url/2726600/

botfusion1-8f4913f37609.herokuapp.com

# Reference: https://twitter.com/Merlax_/status/1719112693473292571

http://186.64.113.61

# Reference: https://twitter.com/malwrhunterteam/status/1719104612714574309
# Reference: https://www.virustotal.com/gui/file/c2d3fc535e56c109478a742ec44c635c18845dc2e8fd27f13d1fa155588849f6/detection

taxfile.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/00162181a1c8cedc5f394638ae6d0814abc47608e36b06707b36424fb8f211d7/detection

appsmob.info
coinmaster.pw
coinmaster.gamescheatspot.com
/coinmasterhack

# Reference: https://www.virustotal.com/gui/ip-address/4.201.49.4/relations
# Reference: https://www.virustotal.com/gui/file/294c2571ae4d691c92f5946d47dbf78033947f4c2983a8e51564dcc94d0e649c/detection

assistance-aide.fr
assistance-service-clients.com
ca-assistance-clients.com
ca-assistance-clients.fr
ca-support-assistance.fr
google-assistance.fr
go-file.fr
support-assistance-clients-ca.fr

# Reference: https://twitter.com/doc_guard/status/1720030244516643274
# Reference: https://www.virustotal.com/gui/file/aee00173af3d3e8630696a72bd942522543734c26b37afeffbee6d2057285a9a/detection

http://85.195.105.97

# Reference: https://threatfox.abuse.ch/ioc/1198248/

82.157.154.37:8082

# Reference: https://threatfox.abuse.ch/ioc/1201259/

134.122.132.23:8082

# Reference: https://twitter.com/k3yp0d/status/1720471855432151417
# Reference: https://www.virustotal.com/gui/ip-address/146.70.145.168/relations
# Reference: https://www.virustotal.com/gui/file/24e10e8f98c36aa9fcfa63efa3cc45bfb53586bf82cd3a183c4a4edfeb942087/detection

http://146.70.145.168
fsb-uvedomlenie.ru
animalclub.net/dogs/puppy.png
animalclub.net/dogs/qz1
/000000000_OOOOOOOO_ooooooo_ooOOOOOOO_OOOOO/OOOOOOOOO_OOOOOOO_OOO.doc
/000000000_OOOOOOOO_ooooooo_ooOOOOOOO_OOOOO/
/OOOOOOOOO_OOOOOOO_OOO.doc

# Reference: https://twitter.com/g0njxa/status/1721444417586778207

http://138.68.134.18

# Reference: https://www.virustotal.com/gui/file/00043c767c113a4886f01c5c251ca8eb61653f8f4e8e98bca1a51b42f3f33e03/detection

mydrugdir.com
pimlm.com

# Reference: https://twitter.com/g0njxa/status/1722325422283567388

http://51.38.115.103
http://63.141.252.148
http://77.105.147.44
http://88.99.105.167

# Reference: https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification

http://45.155.37.105
http://45.182.189.100
http://81.19.138.52

# Reference: https://twitter.com/malwrhunterteam/status/1723017726120149327

http://5.206.224.58

# Reference: https://www.virustotal.com/gui/domain/psp2111.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/3b6674fa7a6e0ec4cf1f397ea5daeaa23bbb7e24b51fe0be268aa1fd50568f5c/detection

psp2111.ddns.net

# Reference: https://www.virustotal.com/gui/domain/japanjoe1821.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/ac2ab2f22599a4c27c60001e274da3f29d487890a30a2761985a2f3f8c093246/detection

japanjoe1821.ddns.net

# Reference: https://twitter.com/doc_guard/status/1724397172366451198
# Reference: https://app.docguard.io/32587eb5fc64ea95bedeff63529ae09316832fe43ca9961e877f03b8428db250/results/dashboard
# Reference: https://www.virustotal.com/gui/file/5eee291b4252b66880c0e2dc3bb62bd3e6f1813320b839016f07ab2374a640f2/detection
# Reference: https://www.virustotal.com/gui/file/4202789483158024de2ce0a94a904d61c916923212237263d4d3d478a8d8fb5b/detection

http://172.245.33.131

# Reference: https://twitter.com/1ZRR4H/status/1725196037441110128
# Reference: https://twitter.com/malwrhunterteam/status/1724720871980368311
# Reference: https://www.virustotal.com/gui/file/02c7f90308e5fbe779514ef05ea002fcce91158c98c94cbc179417aa4c955d23/detection
# Reference: https://www.virustotal.com/gui/file/30457374df7ceb536593f72f6d3a31e1d8f81dfb5c76a9dfaaca34e8ce7ba528/detection

transportsd.shop
booshome.transportsd.shop
goosemx.z29.web.core.windows.net

# Reference: https://www.virustotal.com/gui/file/728d3320582daca13297abb67e78b60e4cd6b3eb8c72d1d36f689750699bb681/detection

23.105.235.71:5555

# Reference: https://www.virustotal.com/gui/file/9581c8d4ecafe6c7a734ceb200d6da784b38e93535205501e090c9777f348498/detection
# Reference: https://www.virustotal.com/gui/file/89a0d72a57460815c7164f762d542bc52660d0ca500339c5e90523bd4e602d45/detection
# Reference: https://www.virustotal.com/gui/file/59f0780eff6333ae8b2e148781d94f152c2bd4b902bfde1f4bd9eae4de6e83a1/detection

46.86.250.102:8080
proxy.stephan.nrw

# Reference: https://www.virustotal.com/gui/file/06eb020c0b1dae3ca39f2e49f13a60ab19064eb4896ec759901f02d7ee4036cb/detection

bc1q22hp7n28whk5h94z93vm05hfx2zxs8.com
bc1qrju227jw2hs5zjm7ftn3xshgpdgpa2.com

# Reference: https://www.virustotal.com/gui/file/24d30f7df893a5491229b8526b488b7bdad0ad8494fa9e13bdfa2919cd131f1b/detection

khoadang50.repl.co
macro.khoadang50.repl.co

# Reference: https://www.virustotal.com/gui/file/49ab3c9dfe03ed9f93c19a4b2f48499bcf4304a0ee05864aab014dce04710790/detection

file.khoadang50.repl.co

# Reference: https://twitter.com/doc_guard/status/1727673206482301100
# Reference: https://www.virustotal.com/gui/file/8e55ab6c789595529e4e837536931e09c7d759f9df0e8905b1a67edb000b6981/detection

craftupdate.online
wild.craftupdate.online
/asdf/leiji1920kjfk
/leiji1920kjfk

# Reference: https://www.virustotal.com/gui/file/b29804b761d4eda0a6c7dfc9e4387431c82600cf462041096f7fec3c904151ac/detection

jkghfdt.xyz
mnojdk.xyz
nafsdwas.click

# Reference: https://twitter.com/1ZRR4H/status/1729196411843985530

http://109.107.190.43
http://217.197.107.49
109.107.190.43:445

# Reference: https://twitter.com/v0lundr_/status/1729409817578455234

http://46.246.12.11

# Reference: https://www.virustotal.com/gui/file/c3d2685e8a8925b3383cfea7800e3ae8fe45157e3b08b274575304be54bc8b90/detection
# Reference: https://www.virustotal.com/gui/file/fdb3c7545207d570fe7788b00d444975c7e28f5648b83db0a9908cc6dff65b08/detection

afbnrrxrjg.ru
abqmvo6wyp09h8n.afbnrrxrjg.ru
mxjac2qoiu7fyhd.afbnrrxrjg.ru

# Reference: https://www.virustotal.com/gui/file/1393f8e456d67f08932d134bb37ddd0e5a5011c7b92cec8456570f879d836939/detection

http://185.81.157.149

# Reference: https://twitter.com/nahamike01/status/1729811255282520446

wiireshark.org

# Reference: https://twitter.com/idclickthat/status/1730628513206526007

athelp.cc
cashapphelp3.us
cashapphelp5.us
cbhelp.live
cscare.us
fbhelp.live
gkhelp.info
help360.us
liveform.us
mhdesk.us
qscare.cc
qscare.info
qscare.live
qscare.online
qscare.us
qshelp.cc
qshelp.info
qshelp.live
qshelp.online
qshelp.us
sphelp.info

# Reference: https://twitter.com/doc_guard/status/1731649902818595202
# Reference: https://www.virustotal.com/gui/file/1354ec56e9bead8a7821e30f3b15578ca803359e9d19746bda9a23b62e1f471e/detection

http://172.245.208.126

# Reference: https://twitter.com/1ZRR4H/status/1731709473977160117

94.198.53.143:8000

# Reference: https://twitter.com/banthisguy9349/status/1731752367572263001

139.59.72.48:8000

# Reference: https://twitter.com/alex_lanstein/status/1732485636601319519
# Reference: https://www.virustotal.com/gui/file/88f64c6021b469a40d3d5bf6ab0f563313caafe5e5ba79854cc31f880636c152/detection

http://163.5.64.41

# Reference: https://twitter.com/malware_traffic/status/1732437588059832338

gamonosa.sa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1732037072385630621
# Reference: https://twitter.com/br0pi/status/1732059287210316266
# Reference: https://cert.pl/en/posts/2023/05/powerdash-malspam/
# Reference: https://www.virustotal.com/gui/file/569130785d0fa06a39b269a5640e0e016f6393342a91608b5f0bdf8465a74d9f/detection

http://5.63.152.179
http://89.104.67.191
89.104.67.191:8000
/dash/post_data/
/dash/post_png/
/dash/post_txt/
/dash/post_zip/
/dash/bots/delete/
/dash/bots/update/

# Reference: https://twitter.com/alex_lanstein/status/1732514545011163268
# Reference: https://www.virustotal.com/gui/file/c5e0e26dd2e8b743188343871bc2cab02c966da49d25efddcaa8fdb8b876886b/detection

drecterion.com/wp-content/Miche.png

# Reference: https://twitter.com/JustWantToQ1/status/1732266534192496990
# Reference: https://www.virustotal.com/gui/file/f0b28f23eb9f436990412e43ad71d8216a2af7bbac1239103fb93ab0b67334b0/detection
# Reference: https://www.virustotal.com/gui/file/e60e796cb218a125e34ab82d1c851a4642d4f0a8582bf441522caa90da0cc9af/detection
# Reference: https://www.virustotal.com/gui/file/af2bd7b81008d0d7e0baae36f94a53a18c5e2c55016211784008d18b3f3e939b/detection

185.174.101.131:8081
hipop.info

# Reference: https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
# Reference: https://otx.alienvault.com/pulse/65707ab6e66cbcb43bd4f250
# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.81/relations

s7610rir.pw
somepools555.pw
swhw71un.pw
asd.s7610rir.pw
asq.d6shiiwz.pw
asq.r77vh0.pw
asq.swhw71un.pw
us1.somepools555.pw

# Reference: https://www.virustotal.com/gui/file/0c3affef7b7928a44cf5050ed0d38724bf182993db63f786eb926007bd135323/detection

dyjbb.dnset.com

# Reference: https://twitter.com/banthisguy9349/status/1734301694719050200

128.1.76.179:5566
128.1.76.180:443

# Reference: https://twitter.com/gothburz/status/1734526642251304973 (# CVE-2023-46604)

http://139.180.185.248
http://188.166.177.88

# Reference: https://twitter.com/0x3A44/status/1734640511628017904

http://46.246.80.13
46.246.80.13:443

# Reference: https://app.any.run/tasks/5fb71446-d9ef-4c31-ab32-b93c465a32cc/

dfhduh.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1735249295090106569
# Reference: https://www.virustotal.com/gui/file/3cdcea51cd516b777c10e81f58f05cab9f00b787a35402e11df49c05f692976c/detection

ref-media.net

# Reference: https://twitter.com/suyog41/status/1735584361255469349
# Reference: https://www.virustotal.com/gui/file/fcb97ac234876b962adf6f741aa9e7f25ca82ae0c7b7be2500c73f3b8b7cdbcf/detection

pfizer-careers.net

# Reference: https://twitter.com/JustWantToQ1/status/1735870555373355048

64.150.190.149:64

# Reference: https://www.virustotal.com/gui/file/e5147145099559ce6f573dec81b396061885afda8de998b765eee806d767bfd2/detection

542199235l.com

# Reference: https://www.virustotal.com/gui/file/8d20f09faf9f69e2064a949e9574a68aa6777746734de900d9369f28656fd1f9/detection

http://46.246.12.14

# Reference: https://twitter.com/doc_guard/status/1734938547881193574
# Reference: https://www.virustotal.com/gui/file/0f6832b333e43176dd26b84a4db536d345850162b86e88b8ede8a204836a1dae/detection

theannoyingsite.com
youareanidiot.cc
ve43.aadika.xyz

# Reference: https://twitter.com/doc_guard/status/1737494486295486473
# Reference: https://app.docguard.io/4bfc29dff0955937190a085c6114d5019555558ed4a79b4fcb75a18ed28a3252/results/dashboard
# Reference: https://www.virustotal.com/gui/file/4bfc29dff0955937190a085c6114d5019555558ed4a79b4fcb75a18ed28a3252/detection

micrgen.ru

# Reference: https://www.virustotal.com/gui/ip-address/37.143.129.182/relations
# Reference: https://www.virustotal.com/gui/file/b3b41a17736281bcdfaae96acb657e32811456430ecbf06730706d2c9e96b0e6/detection

idf.pics
idfinfo.pw
idfleaks.info

# Reference: https://twitter.com/banthisguy9349/status/1738120871850483887

http://195.35.25.136

# Reference: https://twitter.com/malwrhunterteam/status/1738178664477438094
# Reference: https://www.virustotal.com/gui/file/d4ccc58d8e30048a387153642dfa2ee78500b0e9dab6130370bf9576d3e6d1c6/detection

pdf-online.top
usaid.pm

# Reference: https://twitter.com/malwrhunterteam/status/1738254214353064420
# Reference: https://twitter.com/malwrhunterteam/status/1740146804073906343
# Reference: https://cert.gov.ua/article/6276988 (# UAC-0184)
# Reference: https://www.virustotal.com/gui/ip-address/46.249.58.40/relations
# Reference: https://www.virustotal.com/gui/file/bd871a2ccd6d7c4f89f9f5087e60cfdcc7ab35b670cfda7ddfd6dbbab8c8560c/detection
# Reference: https://www.virustotal.com/gui/file/ef6edacf6ee1e0dd2e53046a91ba84d10a8adda6918ca7aac6e96ead432efbbc/detection

46.249.49.148:3232
funedunet.com
new-tech-savvy.com

# Reference: https://twitter.com/malwrhunterteam/status/1745175988114247680

http://163.5.169.28

# Reference: https://twitter.com/malwrhunterteam/status/1739358047808454978
# Reference: https://www.virustotal.com/gui/file/487c77fe374d38a45f0c0b16deb3f0f113104e396eed88543a81dd2023720a9f/detection

winrar-lab.github.io

# Reference: https://twitter.com/Cuser07/status/1739476155491832275
# Reference: https://www.virustotal.com/gui/file/5c61ab46e64c8de31e03dd9c8f79f18bd86ecf57d980e36f0e877003d1def063/detection

minehidden.ru
microsoft-word-ru.github.io

# Reference: https://twitter.com/banthisguy9349/status/1738128525331251392

http://104.248.54.93
http://138.197.150.104
http://143.198.172.172
http://146.190.158.3
http://147.182.133.75
http://159.203.3.76
http://159.203.48.121
http://188.166.187.50
http://64.227.79.134
64.227.79.134:443

# Reference: https://www.virustotal.com/gui/file/9a4147fcc9d6561e1548496ef1759ad73d93e1743e93d3c57490333eb9681915/detection

sun876954.space

# Reference: https://twitter.com/banthisguy9349/status/1740356886615167260

http://91.92.253.192
91.92.253.192:443

# Reference: https://twitter.com/noexceptcpp/status/1740347631816122829

212.60.5.131:4433

# Reference: https://twitter.com/Cuser07/status/1741037664768512343
# Reference: https://twitter.com/threatinsight/status/1749494654293405942
# Reference: https://www.virustotal.com/gui/file/f9a6a9f0507c5eb6c8c53a33f8f294d1381ed250cfbce6e8bda45ee295ca260b/detection

http://64.52.80.221
64.52.80.221:445
/fCzQvTAP/ewrtnyu75473
/fCzQvTAP/
/ewrtnyu75473

# Reference: https://twitter.com/ClearskySec/status/1741482152280129889
# Reference: https://www.virustotal.com/gui/file/d84c39579e61c406380f37da7c2a6758ed9a4c9a0e7697c073e2ddbb563360cd/detection
# Reference: https://www.virustotal.com/gui/file/1b598c7c35f00d2c940dfd3745bd9e5d036df781d391b8f3603a2969c666761b/detection
# Reference: https://www.virustotal.com/gui/file/0429bdc6a302b4288aea1b1e2f2a7545731c50d647672fa65b012b2a2caa386e/detection

http://124.168.91.178
http://194.126.178.8
124.168.91.178:445
159.196.128.120:54763
159.196.128.120:55555
194.126.178.8:54763

# Reference: https://twitter.com/banthisguy9349/status/1742123105827344654
# Reference: https://www.virustotal.com/gui/file/23e4e812b985eb7f0dfe4440a281d290681d48292b564e95389472a44067f382/detection
# Reference: https://www.virustotal.com/gui/file/57bb1a9274ec2f2f65508b3eefd222b46f9c600c3352d80488d7f903937a409b/detection
# Reference: https://www.virustotal.com/gui/file/4c58578a87a0f032ac2fb2889565de0d40c9c358d4e48dbdbe8ce74f8ccb62b7/detection

91.92.240.152:1338
91.92.240.152:1339

# Reference: https://twitter.com/malwrhunterteam/status/1742200432217215049
# Reference: https://www.virustotal.com/gui/file/afe3cb9b582273ff47916f1c2cdc111b8bc58bd54e6d28f6a31fef4f663e3abc/detection

officesmicrosoft.com
mc.officesmicrosoft.com

# Reference: https://www.zscaler.com/blogs/security-research/threat-actors-exploit-cve-2017-11882-deliver-agent-tesla
# Reference: https://otx.alienvault.com/pulse/659590aec2e01294d509fc1e

http://193.42.33.51

# Reference: https://www.virustotal.com/gui/file/000044e47ee47ce1f18fea0a33e17da583cb25e174cc24e2fbdbf29c1c82ea92/detection

evacdir.com

# Reference: https://www.virustotal.com/gui/ip-address/164.90.149.198/relations

bkhnmeficinnhii.top
cibgbgfjcmlbmcd.top
cnbhhabgjabmfab.top
dfmnkgnidkadgcd.top
dififcihkccceik.top
edggnhnjdnmfljm.top
fdkidechlddhdbf.top
fnfihgcmjdiimii.top
gfecmamfejggbhm.top
hlbibfkimfelcja.top
iaidkcggfkhkabh.top
ijjbfhkjmicnhcj.top
jamnfbaffgdclbn.top
jjndidahgmibnic.top
leeegfhihnjflcl.top
mcmlkgijhdghcjg.top
mgmmcbdgaflejie.top
nbcmadlhbhmiibn.top
nnjeegbjibkjkjh.top

# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.125/relations

bikhgghnjndnlmj.top
cnngkbijcmaclie.top
lfbmjjcanenfllj.top
mleknedjhckhlhe.top
nchjcmfebbhkldn.top
setorempresarial.online

# Reference: https://twitter.com/malwrhunterteam/status/1745199276056027435
# Reference: https://www.virustotal.com/gui/ip-address/141.8.193.27/relations
# Reference: https://www.virustotal.com/gui/file/4ac32148284e1b9710bca20bc8fae1ba8f831dda7921bf12b73041a715555a6f/detection

api-gate.xyz

# Reference: https://twitter.com/sicehice/status/1747030318924677353

http://85.31.205.231

# Reference: https://www.virustotal.com/gui/file/104db086fa0e7c362f6ea00f9c93852bf2476dedc8ee3bda074cdb237411e658/detection

boggaym1.hopto.org
jhonny1.hopto.org

# Reference: https://www.virustotal.com/gui/file/a1bd8fdc639b7e0f2b1343e0f0e7807d404aab4adcae6972752d189adebdc030/detection
# Reference: https://www.virustotal.com/gui/file/45a40d542def7819241bf68e0b6ba3374834446266393bd5d254a602e95ea681/detection

bbstudent2.com

# Reference: https://twitter.com/doc_guard/status/1747612590950240626
# Reference: https://www.virustotal.com/gui/file/b4492ba093f845b6fb37941af65635c5cf5095d415cca54cfeaa7231fa8d0c82/detection
# Reference: https://www.virustotal.com/gui/file/e570c9cbef39307361396ca601d5726d5cceadfbf9a39133654bf03b6eaf2156/detection

http://192.227.173.43
192.227.173.43:445

# Reference: https://twitter.com/alex_lanstein/status/1748359390736879820
# Reference: https://www.virustotal.com/gui/file/502d1efa5ff5403a5eed1caf375adc0fb4b038a3a0b3571e35270ff7a0cc3538/detection

pandoraleaks.org

# Reference: https://www.virustotal.com/gui/file/7ee503bade7073d8da987399701924596242b1e41e35f55884190a4fc4e00b9d/detection

khelrangfssa.org

# Reference: https://www.virustotal.com/gui/file/9605968addccaa2323334d501b99ab88cd0b879bc8a2b4c5dc1d27c4d27d5e53/detection

http://191.233.27.50

# Reference: https://twitter.com/malwrhunterteam/status/1748790038555451806

halalhotels.net/wp-content/uploads/

# Reference: https://twitter.com/malwrhunterteam/status/1750263043701776696
# Reference: https://twitter.com/doc_guard/status/1750511099328299392
# Reference: https://www.virustotal.com/gui/file/245fa95180f396ac41e757b3292edba9a6d2cd352ef3a9e3b946d32961fe5459/detection

http://37.120.222.148
entertainment-in-tenerife.com/wp-content/uploads/

# Reference: https://twitter.com/suyog41/status/1749692921237078090
# Reference: https://www.virustotal.com/gui/file/0bb98b450b35148c02826bf353afaaea82c8cbdbca5a1e76b8cd3704b8657b0f/detection

http://45.153.241.239

# Reference: https://twitter.com/ShanHolo/status/1750135335952990523
# Reference: https://www.virustotal.com/gui/file/3c00c886b8be39b8711f76cc7225c6941be5fd3336d0ffc939959e8c3b755bbc/detection

101.99.94.234:47001
101.99.94.234:5985
101.99.94.234:7070
101.99.94.234:8000
101.99.94.234:8090
148.163.93.51:47001
148.163.93.51:5985
148.163.93.51:8080
148.163.93.51:9090
172.86.96.111:47001
172.86.96.111:5985
172.86.96.111:7070
172.86.96.111:8080
172.86.96.111:8081

# Reference: https://www.virustotal.com/gui/file/9d88ecdd4dce40bea6c22e721b10b2e9e49650679734ca411f6232ea4097e83d/detection

http://51.79.244.21

# Reference: https://twitter.com/malwrhunterteam/status/1749905406703366614
# Reference: https://www.virustotal.com/gui/file/b79fc5448d47587c2d038f8a06e52d59b053aa5aab03a6aa884c3a113e31caf9/detection

frank-weekly-frog.ngrok-free.app

# Reference: https://twitter.com/1ZRR4H/status/1750261119216710029

http://148.163.93.51
148.163.93.51:445

# Reference: https://www.virustotal.com/gui/file/05df7a0c57ddb53db47daa1e23462221b9dcadf8ed43341a6722b16f4e5b9216/detection

http://181.41.200.209

# Reference: https://twitter.com/banthisguy9349/status/1749331670187040802
# Reference: https://www.virustotal.com/gui/file/4971112623eb9259a641b60f6416c1701ba02f08ed1c590948f5e487744bcf03/detection

http://185.81.157.123
http://185.81.157.150
http://185.81.157.160
http://185.81.157.24
185.81.157.123:999

# Reference: https://twitter.com/1ZRR4H/status/1751310603916882357
# Reference: https://www.virustotal.com/gui/ip-address/91.92.251.163/relations
# Reference: https://www.virustotal.com/gui/file/d576202174867dbed41a0dde9841b8deb1c4c3cb54bc3f3cb1311d97e0f1fd58/detection
# Reference: https://www.virustotal.com/gui/file/2986cab6e805bdeeedf6b815ee439417e2c861c33ef67c77b4c1ad57ad9d6169/detection
# Reference: https://www.virustotal.com/gui/file/ac702ccbd80c7f46d05ed6ecbbac34a930c0c1befe4dfc9e74bdcd7c7b4c09a4/detection
# Reference: https://www.virustotal.com/gui/file/861c39ed6c9c822297b546d05fc0c5ea6011a29fc8ed9afd8c2a34b07aa043b9/detection
# Reference: https://www.virustotal.com/gui/file/504be1f8bf80df47b6cbe74f1837864da5ec119e4ea91eae268e3652a626a4a9/detection

http://91.92.251.163
91.92.251.163:445
galaxe-team.info
protecionbbva.info

# Reference: https://twitter.com/malwrhunterteam/status/1750876407834501411
# Reference: https://www.virustotal.com/gui/file/1ff893e6dccc586fb6b2ef5ea58f0d9137b646e61b17c9aaf1eef4f1703831cc/detection
# Reference: https://www.virustotal.com/gui/file/052c9175ede58455ea20be0df7a0095a3a6645e2c3acf5b67411e7b18df69689/detection

5desconcertais.sa.com

# Reference: https://twitter.com/nahamike01/status/1751481757365629263

http://72.167.151.88
72.167.151.88:443
thebaut-avocats.store

# Reference: https://www.virustotal.com/gui/file/cdd069f6a4cebf0020343e7788b6bb9d6e0a276513c822d8db9edac428812167/detection
# Reference: https://www.virustotal.com/gui/file/84de49fc64eef65cba50df918817cd41328ac07bae39fd041a39d2f6d5d685ac/detection

http://147.50.253.30
/JEERADET/
/JEERADET/updater/getserverinfo.xml
/JEERADET/updater/wzupd.xml
/JEERADET/updater/
/updater/wzupd.xml

# Reference: https://twitter.com/cyber_ra1/status/1752035174408458561
# Reference: https://www.virustotal.com/gui/file/ea17ccf4bf55f23b8a93f8e17e470be440211f463d5b7e01958843c8c160f765/detection
# Reference: https://www.virustotal.com/gui/file/a0ed5dd1fe038a22bf5953c4d12ece80d09d0f58a991503dca3ce659455b8d4d/detection
# Reference: https://www.virustotal.com/gui/file/295aef7c1199c1f1ed7d487694e977ec858c5819140ed09808e175fcc49472f0/detection

http://139.144.212.135

# Reference: https://twitter.com/banthisguy9349/status/1752339128648122859

http://194.48.250.74
http://45.141.202.254
45.141.202.254:443

# Reference: https://twitter.com/doc_guard/status/1752343177896317394
# Reference: https://www.virustotal.com/gui/file/346d471bd9f585ac6a4a6b6e11a12004edffdccf92680d701935a7e653fb2b0d/detection
# Reference: https://www.virustotal.com/gui/file/f8cbeec0ed28a8828e727c4059fe0d3bf3b34abb3978cdaf112bc36eec83983e/detection

http://185.222.163.245

# Reference: https://blog.cluster25.duskrise.com/2024/01/30/russian-apt-opposition
# Reference: https://www.virustotal.com/gui/ip-address/158.160.129.176/relations

nasa.network
news4you.top
zdg.re
mta-sts.news4you.top

# Reference: https://twitter.com/banthisguy9349/status/1752424117511331865
# Reference: https://www.virustotal.com/gui/file/2027eb5ee4bc199f4a3a70331470db268f5d57474e469d4d4ad3986d5e51399e/detection

http://159.253.214.149
http://161.97.132.85
http://162.19.24.166
http://183.90.230.5
http://184.168.106.46
http://185.176.58.32
http://216.69.162.32
http://45.82.120.47
http://51.79.99.120
http://51.91.45.248
http://91.241.48.106
128.199.66.118:4001
128.199.66.118:88
159.253.214.149:8443
161.97.132.85:3000
161.97.132.85:3012
161.97.132.85:3020
161.97.132.85:3036
161.97.132.85:3045
161.97.132.85:4447
161.97.132.85:7080
161.97.132.85:7081
161.97.132.85:8443
161.97.132.85:8880
162.19.24.166:2100
162.19.24.166:3001
162.19.24.166:3002
162.19.24.166:3838
162.19.24.166:4330
162.19.24.166:8080
162.19.24.166:8126
162.19.24.166:8787
162.19.24.166:9090
162.19.24.166:44321
184.168.106.46:2077
184.168.106.46:2078
184.168.106.46:2082
184.168.106.46:2083
184.168.106.46:2095
184.168.106.46:2096
185.176.58.32:14118
185.176.58.32:14119
185.176.58.32:1515
185.176.58.32:3000
185.176.58.32:3333
185.176.58.32:5985
185.176.58.32:8054
185.176.58.32:8080
185.176.58.32:8090
185.176.58.32:8182
185.176.58.32:8183
185.176.58.32:8391
185.176.58.32:8888
185.176.58.32:8889
185.176.58.32:9090
185.176.58.32:9193
185.66.9.215:81
216.69.162.32:2077
216.69.162.32:2078
216.69.162.32:2082
216.69.162.32:2083
216.69.162.32:2095
216.69.162.32:2096
37.61.242.66:8080
37.61.242.66:8902
37.61.242.66:8903
37.61.242.66:8905
37.61.242.66:8907
37.61.242.66:8913
37.61.242.66:8914
37.61.242.66:8915
37.61.242.66:8916
37.61.242.66:8917
37.61.242.66:8918
45.82.120.47:2525
45.82.120.47:443
45.82.120.47:8088
45.82.120.47:9999
51.91.45.248:8083
51.91.45.248:8888
51.91.45.248:8889
67.205.139.23:8000
67.205.139.23:8001
67.205.139.23:8002
67.205.139.23:8003
91.241.48.106:8443
91.241.48.106:8880
91.241.48.106:943

# Reference: https://twitter.com/banthisguy9349/status/1752646985234931730

http://185.66.9.215
http://62.210.137.149
http://77.105.147.252
216.69.162.32:443

# Reference: https://twitter.com/banthisguy9349/status/1754099584190538104

http://94.156.67.99

# Reference: https://twitter.com/banthisguy9349/status/1754134426391359554
# Reference: https://www.virustotal.com/gui/file/3650667be007a3733dc935f0978ae5964e6dac65728b31d44e6b4d92c5220042/detection

http://91.92.246.143

# Reference: https://twitter.com/banthisguy9349/status/1754141078754570563

http://91.92.255.196

# Reference: https://twitter.com/k3yp0d/status/1754380225792577647
# Reference: https://www.virustotal.com/gui/file/499528fb822e6cf086e98d9e27067f939ecbf0a3791f701a0a6f9a44ba8864ea/detection

http://188.119.112.115

# Reference: https://twitter.com/malwrhunterteam/status/1754492533344715254
# Reference: https://www.virustotal.com/gui/file/eae913c5ae1efaa00cb2a9584e26a290cd16a31125616b394ff661611c4dbb24/detection

109.107.182.4:8888

# Reference: https://twitter.com/k3yp0d/status/1754843731830677754
# Reference: https://www.virustotal.com/gui/file/78b3a5b6d4147ba84b6cefd2c0f24c2a25818ab09b264b1b5259184181f3d25f/detection
# Reference: https://www.virustotal.com/gui/file/968f41985f25a99a475b323809d80ebdb25be230302a24cbf9fb55c042593227/detection

intuite.duckdns.org
proseriesintute.blogspot.com

# Reference: https://twitter.com/malwrhunterteam/status/1755664166038184444
# Reference: https://www.virustotal.com/gui/file/b05b80452ef1057e76a6ec313165b2da95a41fcbcd5820daa07bb5f224e3afa6/detection

jourcutedesignonline.com

# Reference: https://twitter.com/doc_guard/status/1756049358640857415
# Reference: https://www.virustotal.com/gui/file/dc01ce59f5d50ba47a587952b9a83c3f1271d4103babc4106b29eb86cb67c441/detection

al-rasikh.com

# Reference: https://twitter.com/banthisguy9349/status/1756687611102453888

http://94.156.64.142
http://94.156.64.145
http://94.156.64.150
http://94.156.64.151
http://94.156.64.152
http://94.156.64.153
http://94.156.64.158
http://94.156.64.160
http://94.156.64.161
http://94.156.64.162

# Reference: https://twitter.com/banthisguy9349/status/1756692625480913370

91.92.250.124:8000
91.92.252.116:8000

# Reference: https://www.virustotal.com/gui/file/61085e8dfb80e7de7fba6b83066253f6479fb81b4bbc0b4c4b18477c035bf92c/detection

mw-solaris.com

# Reference: https://twitter.com/malwrhunterteam/status/1757497300375556172
# Reference: https://www.virustotal.com/gui/file/bc1adc815864c9ecf69a3d8062995562d9b0d86478808ccc0eee2710b358afc5/detection
# Reference: https://www.virustotal.com/gui/file/5183058ce59c83432109e959f6ad5f05ef94b49a95dc306f7212ee9448225d09/detection

jstor.site

# Reference: https://www.virustotal.com/gui/file/02b99f36f3eeef14baa8e1412a988da082cb303a78239ed903dad466da5f59d3/detection

http://45.74.19.84

# Reference: https://www.virustotal.com/gui/file/10b609ce1c79ed4d772fbc8597f1fa9f712fa00d9cf36a7c46b162fa54623843/detection

unlockpdf.co

# Reference: https://www.virustotal.com/gui/file/b8fdf6a5e04908a5fc29572c848c9511e1d1670072e1e8ae01b69c9a11d05294/detection

http://178.73.192.19

# Reference: https://www.virustotal.com/gui/file/1c7593078f69f642b3442dc558cddff4347334ed7c96cd096367afd08dca67bc/detection

seeceafcleaners.co.uk

# Reference: https://www.virustotal.com/gui/file/a06366b0fa7d5744a507ef1afdafa02d81a4315bdba697993b7ee4fce76f1d7e/detection

http://45.81.39.111

# Reference: https://twitter.com/TLP_R3D/status/1760560620485661027

116.0.56.101:9191
64.31.63.240:443

# Reference: https://twitter.com/malwrhunterteam/status/1760648792028709181
# Reference: https://www.virustotal.com/gui/ip-address/179.43.180.49/relations
# Reference: https://www.virustotal.com/gui/file/49036e3800ba67ab63b09d3ac7e8f45230deca4ee0603b3786ca7d77ca347aa2/detection

share-pdf-fast.com

# Reference: https://app.any.run/tasks/d31016d0-867e-4f3b-abc4-50e4f52d4169/
# Reference: https://www.virustotal.com/gui/file/ff498064ff8c719bdf3e968b5a8739be2b8fa7916cb8966e2e5634f04ef9af32/detection

http://107.173.4.5
/CryptersAndToojjjjls.vbs
/jajajjajajava.txt

# Reference: https://twitter.com/banthisguy9349/status/1762883187699556388

http://173.212.248.30
srv-3.hostylite.com

# Reference: https://twitter.com/karol_paciorek/status/1763224968651800648

http://5.78.101.147

# Reference: https://twitter.com/1ZRR4H/status/1763433453876335093

182.23.67.109:8088

# Reference: https://twitter.com/1ZRR4H/status/1762598851737690328

80.94.95.227:45354

# Reference: https://twitter.com/banthisguy9349/status/1764382521276485989

http://91.92.253.92

# Reference: https://twitter.com/banthisguy9349/status/1764381700233035900

http://91.92.241.45

# Reference: https://twitter.com/noexceptcpp/status/1765438678967410998
# Reference: https://app.any.run/tasks/ccb87bc3-8d0c-4909-ad0b-ce48abc36378/

http://185.25.50.24
88.119.171.83:8000

# Reference: https://twitter.com/banthisguy9349/status/1766060945976046007

http://193.93.248.103

# Reference: https://www.virustotal.com/gui/file/e35ba53261955ab3ff50649240eef61f498c3892a1f167a1d6f38f4f130bb754/detection

204.10.194.37:6213
nl2-4.deploy.sbs

# Reference: https://www.virustotal.com/gui/domain/nl3.deploy.sbs/detection

nl3.deploy.sbs

# Reference: https://twitter.com/ULTRAFRAUD/status/1766821901056311525

download-createstudioo.com
kingkh.pythonanywhere.com

# Reference: https://twitter.com/alex_lanstein/status/1767270274993361404
# Reference: https://www.virustotal.com/gui/file/cb07dc2bb5f7e7d478432f54001c811a1279f46ca23bb0a1464319a0d1f16d5e/detection

data.linksbin.co

# Reference: https://twitter.com/banthisguy9349/status/1769770269797646829

http://128.1.76.180
128.1.76.180:443

# Reference: https://twitter.com/banthisguy9349/status/1769774446234005802

146.190.145.137:1338

# Reference: https://twitter.com/banthisguy9349/status/1769755483768803650

http://94.156.71.26

# Reference: https://twitter.com/banthisguy9349/status/1769782362466881883

http://116.203.201.240
http://89.23.99.86

# Reference: https://twitter.com/banthisguy9349/status/1769771599824040038

47.115.221.17:8081

# Reference: https://twitter.com/doc_guard/status/1759572032503578664
# Reference: https://www.virustotal.com/gui/file/051e148125846ad66f285884ae40e72ebc59bf6a15220b4927cc0c5046b7c60e/detection

mayanboats.com/wp-content/uploads/

# Reference: https://twitter.com/doc_guard/status/1769724159997644933
# Reference: https://www.virustotal.com/gui/file/051e148125846ad66f285884ae40e72ebc59bf6a15220b4927cc0c5046b7c60e/detection

ianmckenzieanderson.com/wp-content/uploads/

# Reference: https://twitter.com/banthisguy9349/status/1770831512788705496

194.164.192.12:8080

# Reference: https://www.virustotal.com/gui/file/00254ddf941309f710ca27ad9aea9131ccd8babdbd6b8b4fd939da2e46c9a6f6/detection

http://37.1.220.206
winsprizesnow.site
/bTcpkT?subacc=

# Reference: https://twitter.com/malwrhunterteam/status/1770557731298033940
# Reference: https://www.virustotal.com/gui/ip-address/89.208.104.10/relations
# Reference: https://www.virustotal.com/gui/file/358f0e012b129051cd808c0d901b50418fc09add0e2a5d306ddced82b9bc3ff7/detection

zcr.ink
ztm.ink

# Reference: https://twitter.com/naumovax/status/1770906845953118256
# Reference: https://www.virustotal.com/gui/file/ea0f69db204d3eba39ab341bcfa82cd26650142f84c484adddae1e7a53c3ca78/detection

logimofficeofffmnicr0softonline.com

# Reference: https://www.virustotal.com/gui/file/299ff9d74335f579d43bc1a03ff43728f8ba0fbefcda859654eb0724671477fd/detection

cdnopenweb.co

# Reference: https://twitter.com/alex_lanstein/status/1771905091991195821
# Reference: https://www.virustotal.com/gui/file/024acfac45780795bfd2c35043990440e84a533b38059ef2a79ce89e8a4c0b57/detection

101.99.94.234:8888
mid-selections-prohibited-merely.trycloudflare.com

# Reference: https://twitter.com/r3dbU7z/status/1772579014122565923
# Reference: https://www.virustotal.com/gui/file/88c240ddab06e74a5b6425a9b1d91fa0532e619d1565bf1c79cafd78cc1d2615/detection

islamtito.xyz

# Reference: https://twitter.com/Dkavalanche/status/1773040405820387781

projetymastrexz.westus.cloudapp.azure.com

# Reference: https://twitter.com/banthisguy9349/status/1772955283297366489

91.92.251.119:8080

# Reference: https://twitter.com/banthisguy9349/status/1772957297527943313

91.92.251.195:8888

# Reference: https://www.virustotal.com/gui/file/405ed745200b616e7e31defd66c8207534e15a1d1d4bca144f1ea35d1cb722e1/detection

dn3hksy6kf.com

# Reference: https://www.virustotal.com/gui/file/c9329007524b3da130c8635a226c8cbe3a4e803b813f5b2237ed976feb9d2c8d/detection

http://193.233.133.179

# Reference: https://twitter.com/banthisguy9349/status/1777366942795386957

http://51.210.237.196

# Reference: https://twitter.com/karol_paciorek/status/1777395068883591247

lbc-tt.com

# Reference: https://www.virustotal.com/gui/file/380062843cd4315228debc57bc3f9c89ac79492d241f76f342d157c899e53a40/detection

149.248.79.62:443
yourserenahelpcustom.uk

# Reference: https://twitter.com/RacWatchin8872/status/1778393784809595092

http://1.13.158.52
http://101.34.85.235
http://121.196.200.127
http://154.40.57.241
http://43.138.212.90
http://45.61.136.98
http://47.101.128.7
1.13.158.52:21
1.13.158.52:8000
1.13.158.52:8084
1.13.158.52:888
1.13.158.52:8888
1.13.245.178:22
1.13.245.178:5003
1.13.245.178:8080
101.34.85.235:22
101.34.85.235:8082
101.34.85.235:8084
119.123.218.35:1701
119.123.218.35:1723
119.123.218.35:2010
119.123.218.35:21
119.123.218.35:888
119.123.218.35:889
119.123.218.35:9000
119.123.219.99:2010
119.123.219.99:21
119.123.219.99:81
119.123.219.99:888
119.123.219.99:889
119.45.223.112:22
119.45.223.112:8080
119.45.223.112:8081
119.45.223.112:8085
119.45.223.112:81
121.196.200.127:22
121.196.200.127:5003
121.196.200.127:7890
124.221.70.199:8880
154.40.57.241:22
154.40.57.241:8000
154.40.57.241:9000
158.247.250.133:22
158.247.250.133:443
34.92.128.224:22
34.92.128.224:8000
43.138.212.90:22
43.138.212.90:28888
43.138.212.90:40110
43.138.212.90:7000
43.138.212.90:801
43.138.212.90:8080
43.139.161.196:47001
43.139.161.196:5985
43.139.161.196:9000
45.61.136.98:1354
45.61.136.98:22
45.61.136.98:443
45.61.136.98:8000
45.61.136.98:8080
47.101.128.7:22
47.101.128.7:3334
47.101.128.7:7001
47.101.128.7:7002
47.101.128.7:8080
54.95.206.159:22
54.95.206.159:443
54.95.206.159:8000

# Reference: https://twitter.com/banthisguy9349/status/1778350677204316384

http://202.79.168.65
47.92.29.211:8001

# Reference: https://asec.ahnlab.com/en/64034/

http://35.185.187.24

# Reference: https://twitter.com/banthisguy9349/status/1780196797572378937

45.88.90.68:5000

# Reference: https://www.virustotal.com/gui/file/4d9274cfe7a2bd9a125352271d1634708e1f9b1d70b056d1c1950cb98b8f91ff/detection

globalsolutionunlimitedltd.com

# Reference: https://twitter.com/doc_guard/status/1780586776647668123
# Reference: https://www.virustotal.com/gui/file/d545c5b74a79797a1833d3a2f897b9ed49d2eeffaaf7049db7bfa8551fb4a80e/detection

glucoselow.store
yourgreatbargain.com

# Reference: https://www.virustotal.com/gui/file/5fa488552cbba6b8c0995c8adbd80c88e053f74e2e80c683b969ad900dc08a5a/detection

doggygangers.com

# Reference: https://twitter.com/banthisguy9349/status/1780925439030051190

188.121.114.194:8000

# Reference: https://cert.gov.ua/article/6278620 (# UAC-0149)
# Reference: https://www.virustotal.com/gui/file/8f8abfa6717ad2043a295d16b5aeeac3e7084b7994f6eec8351e18a9a3c59997/detection

netman.servehttp.com
worker-misty-mouse-6ac7.aky15825.workers.dev

# Reference: https://twitter.com/k3yp0d/status/1782068601534517624
# Reference: https://www.virustotal.com/gui/file/bada45186ac6a13e2d5dbe0633ea1584f6fa6463986a5fb304cc6d9eb04ed676/detection
# Reference: https://www.virustotal.com/gui/file/736abfe5541b4175ff013b442a673b8387209e324e3e343a628838f3e428e526/detection

srv480138.hstgr.cloud

# Reference: https://www.virustotal.com/gui/file/896934c20fecc7f76a6db3ddd62750be70acd3a8305325bb1e2c7929ef0cb963/detection

srv484118.hstgr.cloud

# Reference: https://twitter.com/k3yp0d/status/1782082055905690092
# Reference: https://www.virustotal.com/gui/file/823d625481fe8b0299850e9758e43b717b6874d42e0112f1b8281bcefedadd31/detection

infosecteam.info
rabotnik.today

# Reference: https://twitter.com/banthisguy9349/status/1782402749805527142

http://222.230.144.112
114.158.55.198:50001
118.243.43.7:60000
180.2.118.1:5001
213.118.170.113:8000
218.219.255.116:60000
222.150.151.23:2000
61.213.102.62:60000
87.175.73.111:81
94.224.234.108:2080

# Reference: https://twitter.com/banthisguy9349/status/1782401923133354148

http://185.209.161.184

# Reference: https://twitter.com/banthisguy9349/status/1782404196400066837

http://134.255.232.30

# Reference: https://twitter.com/doc_guard/status/1782401510350954620
# Reference: https://app.docguard.io/ed4149d5ac4b15e22b9f240e75638ea3c4da01a021d30ed2d062919159c6a7c9/results/dashboard

clubedasluluzinhasro.com.br/assets/image/

# Reference: https://twitter.com/alex_lanstein/status/1782764409967788278

moment-clubs-re-fans.trycloudflare.com

# Reference: https://twitter.com/doc_guard/status/1782743478251757946
# Reference: https://app.docguard.io/898eb9a8289ef03cd713c868fae4ab6f84361f128f2d3fabde75fc546255cf97/results/dashboard
# Reference: https://www.virustotal.com/gui/file/898eb9a8289ef03cd713c868fae4ab6f84361f128f2d3fabde75fc546255cf97/detection

nsoftonline.com

# Reference: https://twitter.com/banthisguy9349/status/1782687945431957899

http://143.92.36.161
http://154.38.226.29
143.92.36.161:8888
/down/pOkDKV78QUk2
/pOkDKV78QUk2

# Reference: https://twitter.com/RacWatchin8872/status/1782707093088170142

192.253.234.80:8000

# Reference: https://twitter.com/banthisguy9349/status/1783873353469645250

http://39.103.217.92

# Reference: https://twitter.com/banthisguy9349/status/1783864142127882734

http://91.92.254.78

# Reference: https://twitter.com/doc_guard/status/1783841178829656511
# Reference: https://www.virustotal.com/gui/file/cc962c0a4622bab42951b90f77821327a7807907226f5f8972762beb195aa8c7/detection

http://23.95.60.77
bun.is

# Reference: https://twitter.com/banthisguy9349/status/1784891801419014416

91.215.85.18:9380

# Reference: https://twitter.com/doc_guard/status/1784960119102431684
# Reference: https://www.virustotal.com/gui/file/b985a88d7eb12be800f12605685aa016066153d1752ee3a6aded9be0cfc6bff4/detection

h8vtcztgjh.ru
e0fab4dffce023758aa12ddcef.h8vtcztgjh.ru

# Reference: https://twitter.com/banthisguy9349/status/1785240900383248797

148.135.35.177:3389

# Reference: https://twitter.com/banthisguy9349/status/1785242060728995872

http://185.81.29.119

# Reference: https://twitter.com/malwrhunterteam/status/1786350323059069054

89.23.99.47:7777

# Reference: https://twitter.com/r3dbU7z/status/1786430134171373733

http://161.129.66.7
http://89.23.107.244
89.23.107.244:445

# Reference: https://twitter.com/xorJosh/status/1786017157249110459

45.61.137.109:8080

# Reference: https://twitter.com/JustWantToQ1/status/1787075115823337564

http://89.23.97.199
89.23.97.199:443
156.248.74.9:58926
61.132.227.209:3389

# Reference: https://twitter.com/banthisguy9349/status/1787528985825480993

154.40.47.195:9000

# Reference: https://twitter.com/banthisguy9349/status/1787508349791031314

185.234.216.64:8000

# Reference: https://twitter.com/ShanHolo/status/1787551650493747688

http://74.249.96.36

# Reference: https://twitter.com/banthisguy9349/status/1787388546187243704

http://164.68.102.223
http://178.18.243.38

# Reference: https://twitter.com/k3yp0d/status/1787851479421772047
# Reference: https://twitter.com/k3yp0d/status/1787852438591910201
# Reference: https://www.virustotal.com/gui/file/387252ca8e89f7c3daceb48ab1279dfe597a9043095624a485aa5820b3c446b9/detection
# Reference: https://www.virustotal.com/gui/file/608009b402c00bb8ef65cc8d805e1522ddf1632c7479be05244ebd38483e22df/detection

advertnow.org
adverty.info
corptravel.org
feedstream.info
kantiana.info
yandeks.info
kant300.kantiana.info
moscow.corptravel.org
passport.yandeks.info
ulitsa.svobody.org

# Reference: https://twitter.com/r3dbU7z/status/1787994785443189168
# Reference: https://www.virustotal.com/gui/ip-address/147.45.50.23/relations
# Reference: https://www.virustotal.com/gui/file/110453e521d785df5608df30e373c966f30ec135b3bdf085fc939c2c156db0ca/detection

79.133.57.62:6868
kreativeentdeckungsreisenerleben.com
kreativitatsreisenerleben.com
schnellbericht.com
schweizaktuell.org
tagesschlaglicht.org
weltgeschehenonline.org
weltreport24.org

# Reference: https://twitter.com/r3dbU7z/status/1787996206519480715
# Reference: https://www.virustotal.com/gui/ip-address/147.45.50.26/relations

inspirationsquellenerkunden.com
kunstlerischereisenentdecken.com
traumweltenerleben.com

# Reference: https://twitter.com/CyberRaiju/status/1788466982763012155
# Reference: https://www.virustotal.com/gui/file/759d8edcb0fc7b6ed288d647cc6fdf9598d944b922654fae2e999d2f89407b3d/detection

dailynewspagechannel.com

# Reference: https://twitter.com/ShanHolo/status/1788512597660033228

http://192.3.179.142
192.3.179.142:443

# Reference: https://twitter.com/doc_guard/status/1788583646007304673
# Reference: https://www.virustotal.com/gui/file/d2f166b0669a67b663691b4510eaf3bccac5fcca85c36edf46f93967846381b1/detection

bc1q7syczyekazugzppa6kcse4n.com

# Reference: https://twitter.com/r3dbU7z/status/1789336992880218598
# Reference: https://www.virustotal.com/gui/file/af2386431856e1b8e41a0f94210c42919498250506fffde57886b1e3e6b1f0f4/detection
# Reference: https://www.virustotal.com/gui/file/7e20ee4509fdda1fb646b4e05687e77952debbcb47dcaccea185496855e45de6/detection

http://193.124.33.71
193.124.33.71:445

# Reference: https://twitter.com/RussianPanda9xx/status/1789750961122029912
# Reference: https://www.esentire.com/blog/socgholish-sets-sights-on-victim-peers
# Reference: https://github.com/esThreatIntelligence/iocs/blob/main/SocGholish/SocGholish_iocs_4-27-2024.txt

http://170.130.55.72
170.130.55.72:445

# Reference: https://twitter.com/BroadAnalysis/status/1790109770956816514
# Reference: https://www.virustotal.com/gui/file/4e41547b3d61e50c514fcbc614013dd0bce37140453d3384a062a01232af1e84/detection
# Reference: https://www.virustotal.com/gui/file/ad200ec219d604d4d042a8bdd3c1b66f01af76ba178ad39433822de45ba1a4e4/detection

baqebei1.online
cdnforfiles.xyz
rtattack.baqebei1.online

# Reference: https://twitter.com/banthisguy9349/status/1790324149015003632

http://94.156.68.134

# Reference: https://twitter.com/naumovax/status/1790298161178714149
# Reference: https://www.virustotal.com/gui/file/b3c38e68a626f8f1e5893cd157b697a4b871153230f6658f0d34a8eba929cdbf/detection
# Reference: https://www.virustotal.com/gui/file/efb40209e243fc78f072d6328866345c594362713cfcca6cbb7a0935b675d6cf/detection

110.34.30.9:6600

# Reference: https://twitter.com/RacWatchin8872/status/1790408334413058260

61.132.227.203:3389

# Reference: https://twitter.com/jcarndt/status/1790766240924827808
# Reference: https://www.virustotal.com/gui/file/88b0000946443be5eec18d0c508210a06ff6c15216b30191af1531ac52d8465b/detection

http://103.182.18.152

# Reference: https://twitter.com/1ZRR4H/status/1790783159769997451
# Reference: https://www.virustotal.com/gui/file/f21535b4f4fc2d7162199248a839cf2fe68436449df4250fc23beff360cf22d0/detection

maty-homelab.site
casaos.maty-homelab.site
stfu.maty-homelab.site

# Reference: https://twitter.com/karol_paciorek/status/1791056351843500196

185.29.11.28:9999

# Reference: https://twitter.com/malwrhunterteam/status/1791070147391741992

boy-such-icon-positive.trycloudflare.com

# Reference: https://x.com/RacWatchin8872/status/1791118692677238952

45.62.170.4:8080

# Reference: https://x.com/alex_lanstein/status/1791459164205769040
# Reference: https://www.virustotal.com/gui/ip-address/128.199.107.104/relations
# Reference: https://www.virustotal.com/gui/file/5b3b4f424a14b3b9a2325f2728b7f8161097c944991eba778404a4319d1ac649/detection
# Reference: https://www.virustotal.com/gui/file/3620fb27aee5cf0cf83698bf9560ea474531489725df554de00c4843654a3f66/detection
# Reference: https://www.virustotal.com/gui/file/057b1320dac065bd574b0757454c3f54f2caf8c197643583ea397f09b341e7b8/detection

128.199.107.104:1337
128.199.107.104:8080
128.199.107.104:9999
arsenal.30cm.tw
house.30cm.tw
linebot.30cm.tw

# Reference: https://x.com/banthisguy9349/status/1791853395352977877

101.34.243.60:8000

# Reference: https://x.com/banthisguy9349/status/1792871011341254663

http://91.92.253.182
91.92.253.182:443

# Reference: https://x.com/banthisguy9349/status/1793248710786261363

159.203.102.30:8088

# Reference: https://x.com/karol_paciorek/status/1793201203049796069

http://91.92.255.93

# Reference: https://x.com/karol_paciorek/status/1793201205050499327

http://91.92.251.57

# Reference: https://x.com/1ZRR4H/status/1793465492268892316
# Reference: https://www.virustotal.com/gui/file/4f7650a2b698db4c95e4ff0f4b6781c9c8f6d00c810892aebbd5b5c54a34b2da/detection

jlmin.cc

# Reference: https://www.virustotal.com/gui/file/025a5b463a1b258bdc75068063741aa53a947d51c6aa6c63b748d293a9856a96/detection

http://104.168.32.18
lnkz.at
/FVOYj

# Reference: https://x.com/malwrhunterteam/status/1794492875427717611

lolobon123.loophole.site

# Reference: https://www.virustotal.com/gui/file/b491ee8de858d9c79184af505fd966e9cc12dd14773d9edb46a26a8deacb7be1/detection

feedsource.loophole.site

# Reference: https://x.com/malwrhunterteam/status/1794495275110633727
# Reference: https://www.virustotal.com/gui/file/ec9d860c799d61487c2cf9af383144f8afb5db9d96ba30e210ecbd6a38c5fc1e/detection

kstapsara.vn/public/assets/administration/mainstructure/js/wow/wow.min2.js

# Reference: https://x.com/karol_paciorek/status/1795756727285211425

209.126.2.226:8000
alexander-l-jpeg-plate.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/c648f890c494acfcc2765023f059e802006ffb8dc15efe971ed9434f1b133559/detection

http://18.228.48.177
megasena1.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/104.21.64.157/relations
# Reference: https://www.virustotal.com/gui/file/2725d9d222527858dfd082eebe5e373afee0dfa37b0283610d69d1327b90a10b/detection
# Reference: https://www.virustotal.com/gui/file/572e81215e6531c3d9c70f032eb419fc490f970cd9f0a9d3c3ffaf84b5313cf2/detection

stat1c-jquery.com
static-jquery.com
files.stat1c-jquery.com

# Reference: https://x.com/banthisguy9349/status/1795853665967694193

http://51.254.53.24
http://86.68.222.14

# Reference: https://x.com/lontze7/status/1796042071192547484

1.14.247.162:8888

# Reference: https://www.esentire.com/blog/fake-browser-updates-delivering-bitrat-and-lumma-stealer

http://77.221.151.31

# Reference: https://www.virustotal.com/gui/file/09d89fae0d03f938547ad6c5176d2ea3527fcdbee1b39f67c0757fccbc60f9cf/detection
# Reference: https://www.virustotal.com/gui/file/063f36d7af72855132e7825c61a0d280836c1755678e85298390622c7ffe616f/detection

ld-manager.site
sea-manager.site
sealingshop.click

# Reference: https://x.com/banthisguy9349/status/1796431005928341572
# Reference: https://urlhaus.abuse.ch/host/185.73.125.6/

http://185.73.125.6

# Reference: https://x.com/lontze7/status/1796823844335890633

http://124.71.81.174

# Reference: https://x.com/malwrhunterteam/status/1797633812945682533

criticalfuckdedicated.s3.ap-southeast-1.amazonaws.com

# Reference: https://x.com/malwrhunterteam/status/1798270656410526004

fuckbracklabxx.z13.web.core

# Reference: https://x.com/lontze7/status/1798586011724968058

http://34.174.239.174

# Reference: https://x.com/karol_paciorek/status/1799020657663246757
# Reference: https://www.virustotal.com/gui/file/c9c2546efc2ee99e47fe5c29594db9f17125d2b9ea4210755ba857c72692210d/detection

139.180.210.100:81

# Reference: https://x.com/banthisguy9349/status/1798783454265385158

http://194.59.30.95
http://194.59.31.133
http://205.234.144.41
http://45.88.91.59

# Reference: https://x.com/banthisguy9349/status/1799436026403795356

92.127.156.174:8880

# Reference: https://x.com/banthisguy9349/status/1799437817967267888

http://93.127.163.240
91.215.85.18:9380

# Reference: https://x.com/banthisguy9349/status/1799440505899778051

103.234.72.8:888

# Reference: https://x.com/banthisguy9349/status/1799443510455566441

120.48.123.240:88

# Reference: https://x.com/banthisguy9349/status/1799478204605805015

http://47.120.46.210

# Reference: https://x.com/banthisguy9349/status/1799488287574233188

http://217.71.224.90
http://35.154.242.244
http://68.183.149.9
http://79.96.65.212
http://92.204.132.114

# Reference: https://x.com/karol_paciorek/status/1800136361904914569
# Reference: https://www.virustotal.com/gui/file/6b3f2e0c7ca1bdc6fb56035ec57ea39ef1f8b626bc5d99866fe00ba119357c8d/detection

http://45.61.132.126
45.61.132.126:8080

# Reference: https://x.com/karol_paciorek/status/1800789107477750225
# Reference: https://x.com/banthisguy9349/status/1802264644632870978

92.118.57.244:8000
92.118.57.244:8080

# Reference: https://x.com/raghav127001/status/1801072160993141240

134.17.14.54:8888

# Reference: https://x.com/karol_paciorek/status/1801506981653434854
# Reference: https://www.virustotal.com/gui/file/08cd1b8c8e2f1949874bc2017a8afe0709738ed145ce5193775cce9cff22af5a/detection

http://192.236.147.174

# Reference: https://x.com/karol_paciorek/status/1802255896355000653

38.153.61.61:9080

# Reference: https://x.com/banthisguy9349/status/1802266105836114149

142.11.195.90:8000

# Reference: https://x.com/BlinkzSec/status/1802410054978875726

45.207.168.170:7755

# Reference: https://x.com/StrikeReadyLabs/status/1802690503667793936

http://103.54.153.116

# Reference: https://x.com/lontze7/status/1803337566361382946

http://114.35.152.240

# Reference: https://x.com/Merlax_/status/1803607368430743655

http://109.74.197.9
http://135.125.88.172
http://139.177.207.121
http://139.59.45.181
http://139.59.45.47
http://139.59.45.53
http://139.99.216.140
http://139.99.216.203
http://139.99.216.53
http://139.99.217.211
http://139.99.217.247
http://139.99.217.51
http://139.99.218.125
http://139.99.218.147
http://139.99.218.247
http://139.99.219.122
http://139.99.219.138
http://139.99.219.234
http://139.99.220.3
http://139.99.220.30
http://139.99.222.159
http://139.99.222.211
http://139.99.222.231
http://139.99.222.51
http://139.99.222.7
http://141.95.74.126
http://141.95.74.132
http://141.95.74.216
http://141.95.74.48
http://141.95.74.79
http://141.95.75.101
http://141.95.75.137
http://141.95.75.154
http://152.42.156.82
http://170.187.252.123
http://170.187.252.152
http://172.105.97.100
http://174.138.123.31
http://198.74.58.78
http://213.219.39.76
http://45.33.41.86
http://5.181.27.205
http://66.175.210.242
http://66.175.210.252
http://68.183.246.230
http://92.38.149.131

# Reference: https://x.com/9823f_/status/1803788916082037041

http://103.101.202.11
http://103.101.202.44
http://103.90.160.141
http://103.90.161.81
http://104.131.2.24
http://104.236.197.133
http://104.248.13.133
http://104.248.13.137
http://104.248.13.160
http://104.248.254.207
http://104.248.38.53
http://104.248.79.32
http://104.248.90.221
http://128.199.103.56
http://128.199.112.134
http://128.199.112.147
http://128.199.112.148
http://128.199.127.209
http://128.199.150.193
http://128.199.215.177
http://128.199.232.69
http://128.199.86.217
http://128.199.88.222
http://128.199.88.82
http://134.209.101.96
http://134.209.121.43
http://134.209.146.146
http://134.209.177.121
http://134.209.185.206
http://134.209.20.57
http://134.209.254.77
http://135.125.200.171
http://135.125.245.25
http://135.125.246.51
http://135.125.66.221
http://135.125.89.130
http://135.125.89.54
http://135.125.91.207
http://137.184.146.62
http://137.184.161.233
http://137.184.161.236
http://137.184.161.240
http://137.184.179.27
http://137.184.231.169
http://137.184.30.147
http://137.184.70.54
http://137.184.87.212
http://138.197.106.119
http://138.197.120.70
http://138.197.127.176
http://138.197.127.98
http://138.197.132.136
http://138.197.146.101
http://138.197.164.215
http://138.197.167.61
http://138.197.167.68
http://138.68.141.239
http://138.68.98.115
http://139.28.220.89
http://139.28.4.162
http://139.28.4.164
http://139.28.4.165
http://139.28.4.166
http://139.28.4.175
http://139.28.4.176
http://139.28.4.177
http://139.28.4.178
http://139.28.4.179
http://139.28.4.29
http://139.28.4.64
http://139.59.105.12
http://139.59.114.116
http://139.59.118.185
http://139.59.118.189
http://139.59.118.191
http://139.59.121.102
http://139.59.227.185
http://139.59.75.218
http://139.59.77.209
http://139.99.216.120
http://139.99.216.141
http://139.99.216.15
http://139.99.216.168
http://139.99.216.182
http://139.99.216.187
http://139.99.216.220
http://139.99.217.141
http://139.99.217.144
http://139.99.217.166
http://139.99.217.184
http://139.99.217.221
http://139.99.217.234
http://139.99.217.89
http://139.99.218.113
http://139.99.218.160
http://139.99.218.243
http://139.99.219.156
http://139.99.219.241
http://139.99.219.249
http://139.99.219.49
http://139.99.219.92
http://139.99.220.12
http://139.99.220.135
http://139.99.220.167
http://139.99.220.174
http://139.99.220.20
http://139.99.220.209
http://139.99.220.28
http://139.99.220.65
http://139.99.221.127
http://139.99.221.15
http://139.99.221.56
http://139.99.222.17
http://139.99.222.175
http://139.99.222.185
http://139.99.222.187
http://139.99.222.207
http://139.99.222.209
http://139.99.222.253
http://139.99.222.29
http://139.99.222.55
http://139.99.223.101
http://139.99.223.173
http://139.99.223.176
http://139.99.223.205
http://139.99.223.224
http://139.99.223.241
http://139.99.223.93
http://139.99.237.128
http://139.99.238.101
http://139.99.239.9
http://141.94.104.71
http://141.94.173.198
http://141.94.173.253
http://141.94.2.122
http://141.94.2.65
http://141.94.64.204
http://141.94.65.136
http://141.95.74.121
http://141.95.74.40
http://141.95.75.109
http://141.95.75.149
http://141.95.75.158
http://141.95.75.191
http://141.95.75.96
http://142.93.122.204
http://142.93.126.148
http://142.93.126.170
http://142.93.154.241
http://142.93.219.163
http://142.93.97.2
http://143.110.233.174
http://143.110.233.64
http://143.110.235.72
http://143.110.239.80
http://143.110.242.103
http://143.198.145.2
http://143.198.157.92
http://143.198.163.1
http://143.198.173.232
http://143.198.173.233
http://143.198.215.161
http://143.198.221.39
http://143.198.224.6
http://143.198.226.138
http://143.198.33.84
http://143.198.5.191
http://143.198.53.112
http://143.198.59.216
http://143.198.88.143
http://143.198.90.71
http://143.198.99.72
http://144.126.215.46
http://144.126.225.17
http://144.126.226.159
http://144.126.230.141
http://144.126.234.21
http://145.239.135.165
http://145.239.135.186
http://145.239.135.195
http://145.239.135.44
http://145.239.135.48
http://145.239.135.59
http://145.239.28.159
http://145.239.28.221
http://145.239.28.229
http://145.239.29.129
http://145.239.29.27
http://145.239.29.53
http://145.239.30.111
http://145.239.30.147
http://145.239.30.237
http://145.239.31.143
http://145.239.31.15
http://145.239.31.58
http://145.239.31.74
http://146.190.103.133
http://146.190.105.102
http://146.190.106.237
http://146.190.170.182
http://146.190.175.132
http://146.190.250.196
http://146.190.40.173
http://146.190.52.210
http://146.190.82.146
http://146.190.90.86
http://146.190.96.82
http://146.59.116.238
http://146.59.117.138
http://146.59.117.139
http://146.59.117.170
http://146.59.200.132
http://146.59.201.161
http://146.59.201.84
http://146.59.203.164
http://146.59.204.85
http://146.59.205.138
http://146.59.242.39
http://146.59.243.240
http://147.182.154.33
http://147.182.230.81
http://148.113.136.236
http://148.113.137.194
http://148.113.137.225
http://148.113.137.226
http://148.113.137.78
http://148.113.138.118
http://148.113.139.145
http://148.113.139.173
http://148.113.139.189
http://148.113.139.27
http://148.113.139.7
http://148.113.140.187
http://148.113.141.125
http://148.113.142.54
http://148.113.142.7
http://148.113.143.165
http://148.113.143.243
http://148.113.143.29
http://148.113.143.68
http://149.202.53.222
http://15.235.143.236
http://15.235.186.146
http://15.235.203.109
http://15.235.203.51
http://15.235.40.187
http://15.235.40.87
http://15.235.41.170
http://15.235.48.170
http://15.235.48.234
http://15.235.48.73
http://15.235.48.92
http://15.235.49.134
http://15.235.49.170
http://15.235.49.179
http://15.235.49.186
http://15.235.49.229
http://152.228.134.133
http://152.228.134.8
http://152.228.135.129
http://152.228.213.15
http://152.228.228.163
http://152.228.228.221
http://152.228.242.186
http://152.228.242.196
http://152.228.242.20
http://152.228.242.32
http://152.228.242.33
http://152.228.242.68
http://152.228.242.69
http://152.228.243.146
http://152.228.243.47
http://152.228.243.49
http://152.228.243.97
http://152.42.166.111
http://152.42.174.75
http://157.230.12.104
http://157.230.254.240
http://157.245.110.12
http://157.245.145.89
http://157.245.253.108
http://157.245.253.142
http://157.245.253.148
http://157.245.253.149
http://157.245.71.161
http://157.245.71.203
http://157.245.71.64
http://157.245.79.8
http://159.203.1.1
http://159.203.11.74
http://159.203.17.131
http://159.203.47.139
http://159.203.86.207
http://159.223.137.95
http://159.223.160.223
http://159.223.195.114
http://159.223.2.185
http://159.223.214.103
http://159.223.3.71
http://159.223.37.141
http://159.223.51.228
http://159.223.68.56
http://159.223.78.206
http://159.223.87.93
http://159.253.120.94
http://159.65.125.221
http://159.65.139.100
http://159.65.218.254
http://159.65.83.201
http://159.65.83.222
http://159.65.89.237
http://159.89.126.5
http://159.89.152.52
http://159.89.193.96
http://159.89.39.52
http://159.89.43.182
http://159.89.45.107
http://159.89.45.30
http://159.89.99.157
http://161.35.34.136
http://161.35.85.77
http://162.19.117.110
http://162.19.118.103
http://162.19.118.55
http://162.19.119.69
http://162.19.223.110
http://162.19.223.202
http://163.5.143.63
http://164.90.142.254
http://164.90.166.61
http://164.90.180.220
http://164.90.192.162
http://164.90.192.21
http://164.90.192.6
http://164.90.204.182
http://164.90.238.235
http://164.92.132.45
http://164.92.144.27
http://164.92.154.241
http://164.92.177.54
http://164.92.186.242
http://164.92.223.17
http://164.92.253.61
http://164.92.66.98
http://164.92.72.169
http://164.92.95.208
http://165.22.106.208
http://165.22.109.233
http://165.22.109.90
http://165.22.54.84
http://165.22.57.161
http://165.227.124.77
http://165.227.34.103
http://165.227.97.9
http://165.232.135.111
http://165.232.159.27
http://165.232.163.19
http://165.232.169.237
http://165.232.171.201
http://165.232.181.166
http://165.232.188.30
http://165.232.85.212
http://167.172.106.38
http://167.172.41.157
http://167.172.76.102
http://167.71.20.26
http://167.71.30.35
http://167.99.177.151
http://167.99.43.187
http://167.99.66.53
http://170.64.135.107
http://170.64.147.125
http://170.64.149.72
http://170.64.153.118
http://170.64.153.153
http://170.64.153.80
http://170.64.154.142
http://170.64.154.168
http://170.64.158.133
http://170.64.163.243
http://170.64.193.108
http://170.64.210.231
http://170.64.232.99
http://172.104.25.82
http://172.233.1.237
http://172.233.17.149
http://172.233.17.197
http://172.233.17.9
http://172.233.253.191
http://172.233.26.254
http://173.212.202.78
http://174.138.1.239
http://174.138.13.76
http://174.138.14.247
http://174.138.21.114
http://174.138.3.222
http://174.138.35.111
http://174.138.35.120
http://174.138.41.157
http://174.138.46.177
http://178.128.123.104
http://178.128.202.245
http://178.128.229.8
http://178.128.230.236
http://178.128.235.252
http://178.128.239.25
http://180.149.47.74
http://185.154.12.216
http://185.154.12.52
http://185.154.14.133
http://185.154.14.150
http://185.154.14.177
http://185.154.14.184
http://185.154.14.185
http://185.154.14.216
http://185.154.14.60
http://185.154.14.64
http://185.158.248.90
http://185.167.97.82
http://185.200.191.147
http://185.202.223.115
http://185.220.204.192
http://185.233.202.198
http://185.51.246.100
http://185.51.246.140
http://185.51.246.146
http://185.51.246.160
http://185.51.246.221
http://185.51.246.232
http://185.51.246.25
http://185.51.246.38
http://185.51.246.74
http://185.51.246.77
http://188.165.70.225
http://188.166.179.44
http://188.166.190.210
http://188.166.241.12
http://188.166.249.175
http://188.166.27.236
http://193.233.202.51
http://194.195.215.202
http://194.62.96.244
http://195.234.82.166
http://195.234.82.168
http://195.234.82.171
http://195.234.82.208
http://195.234.82.209
http://195.234.82.210
http://195.234.82.211
http://195.234.82.220
http://195.234.82.222
http://198.199.76.233
http://198.244.140.11
http://198.244.140.151
http://198.244.140.192
http://198.244.140.203
http://198.244.142.115
http://198.244.142.145
http://198.244.142.66
http://198.244.142.89
http://198.244.142.96
http://198.244.143.137
http://198.244.143.138
http://198.244.143.50
http://198.244.143.92
http://198.244.148.215
http://202.78.170.63
http://206.189.204.82
http://206.189.30.3
http://206.189.89.156
http://208.113.129.169
http://208.115.225.109
http://209.38.134.224
http://209.38.138.101
http://212.8.244.170
http://212.8.244.175
http://212.8.244.177
http://212.8.244.179
http://212.8.244.180
http://212.8.244.185
http://212.8.244.190
http://212.8.244.191
http://212.8.244.195
http://212.8.244.203
http://212.8.244.216
http://213.156.142.32
http://213.156.142.36
http://213.156.142.47
http://213.255.209.248
http://217.182.210.174
http://217.195.205.101
http://217.195.205.103
http://217.195.205.104
http://217.195.205.108
http://217.195.205.109
http://217.195.205.136
http://217.195.205.137
http://217.195.205.139
http://217.195.205.142
http://223.165.6.161
http://24.144.81.251
http://24.144.82.161
http://24.144.93.222
http://24.199.107.94
http://24.199.113.16
http://24.199.94.114
http://31.184.206.175
http://37.61.229.102
http://37.61.229.142
http://37.61.229.246
http://45.10.58.64
http://45.132.106.23
http://45.141.85.188
http://45.141.85.203
http://45.141.85.215
http://45.141.85.223
http://45.141.85.234
http://45.141.85.247
http://45.141.85.248
http://45.55.198.76
http://45.55.200.174
http://45.65.9.6
http://45.80.208.114
http://45.80.208.177
http://45.80.208.49
http://45.80.208.78
http://45.80.209.125
http://45.80.209.143
http://45.80.209.150
http://45.80.209.158
http://45.80.209.167
http://45.80.209.173
http://45.80.209.175
http://45.80.209.176
http://45.86.86.207
http://45.91.203.127
http://45.91.203.135
http://45.91.203.163
http://45.91.203.168
http://45.91.203.35
http://45.91.203.67
http://45.91.203.94
http://45.91.203.97
http://46.101.126.164
http://46.101.146.83
http://46.101.86.144
http://5.181.27.115
http://5.181.27.118
http://5.181.27.122
http://5.181.27.125
http://5.181.27.129
http://5.181.27.4
http://5.181.27.43
http://5.181.27.46
http://5.181.27.48
http://5.181.27.52
http://5.181.27.54
http://5.181.27.56
http://5.181.27.60
http://5.181.27.63
http://5.181.27.71
http://5.181.27.97
http://5.181.27.98
http://5.181.77.103
http://5.181.77.210
http://5.188.0.146
http://5.8.33.113
http://5.8.33.163
http://51.15.137.74
http://51.15.228.79
http://51.158.75.110
http://51.178.56.163
http://51.178.56.38
http://51.178.56.93
http://51.178.58.111
http://51.178.59.169
http://51.178.59.232
http://51.178.59.52
http://51.178.60.141
http://51.178.60.171
http://51.178.60.230
http://51.178.60.232
http://51.178.60.74
http://51.178.61.197
http://51.178.61.9
http://51.178.62.141
http://51.178.62.86
http://51.178.63.124
http://51.178.63.150
http://51.178.63.191
http://51.178.63.206
http://51.178.63.240
http://51.195.232.120
http://51.195.232.87
http://51.195.233.129
http://51.195.233.17
http://51.210.120.119
http://51.210.120.190
http://51.210.120.206
http://51.210.120.216
http://51.210.121.124
http://51.210.121.220
http://51.210.125.245
http://51.210.145.243
http://51.210.159.141
http://51.210.249.108
http://51.222.141.172
http://51.222.143.176
http://51.68.164.135
http://51.68.164.241
http://51.68.164.86
http://51.68.164.87
http://51.68.164.89
http://51.68.165.175
http://51.68.165.44
http://51.68.166.45
http://51.68.166.49
http://51.68.167.139
http://51.68.48.157
http://51.68.48.200
http://51.68.48.223
http://51.68.48.249
http://51.68.48.69
http://51.68.49.143
http://51.68.49.15
http://51.68.49.193
http://51.68.49.235
http://51.68.49.248
http://51.68.49.4
http://51.68.80.205
http://51.68.81.150
http://51.68.81.88
http://51.68.86.133
http://51.68.86.170
http://51.68.87.126
http://51.68.88.204
http://51.68.88.76
http://51.68.91.60
http://51.68.92.2
http://51.68.92.201
http://51.68.93.181
http://51.68.93.199
http://51.68.94.203
http://51.75.168.104
http://51.75.168.15
http://51.75.168.226
http://51.75.168.23
http://51.75.168.88
http://51.75.168.98
http://51.75.169.137
http://51.75.169.161
http://51.75.169.8
http://51.75.90.39
http://51.75.95.40
http://51.75.95.80
http://51.79.140.104
http://51.79.140.105
http://51.79.140.112
http://51.79.140.113
http://51.79.140.149
http://51.79.140.160
http://51.79.140.198
http://51.79.140.213
http://51.79.140.27
http://51.79.140.57
http://51.79.140.93
http://51.79.141.1
http://51.79.141.100
http://51.79.141.170
http://51.79.141.196
http://51.79.141.215
http://51.79.141.246
http://51.79.141.32
http://51.79.141.47
http://51.79.141.79
http://51.79.141.96
http://51.79.141.97
http://51.79.142.144
http://51.79.142.145
http://51.79.142.146
http://51.79.142.160
http://51.79.142.174
http://51.79.142.36
http://51.79.143.14
http://51.79.143.154
http://51.79.143.155
http://51.79.143.156
http://51.79.143.168
http://51.79.143.236
http://51.79.143.43
http://51.79.143.78
http://51.83.224.96
http://51.83.226.36
http://51.83.227.130
http://51.83.227.144
http://51.83.251.92
http://51.83.252.33
http://51.83.253.129
http://51.83.253.156
http://51.83.254.28
http://51.83.255.214
http://51.83.35.53
http://51.89.225.83
http://51.89.227.223
http://51.89.227.37
http://51.89.227.56
http://51.89.228.53
http://51.89.229.241
http://51.89.4.51
http://51.91.139.158
http://51.91.139.169
http://51.91.140.67
http://51.91.145.159
http://51.91.147.11
http://51.91.150.38
http://54.36.113.2
http://54.36.116.28
http://54.36.118.32
http://54.36.119.50
http://54.38.137.212
http://57.128.105.218
http://57.128.107.232
http://57.128.109.13
http://57.128.112.49
http://57.128.113.85
http://57.128.114.98
http://57.128.160.166
http://57.128.162.217
http://57.128.164.249
http://57.128.166.179
http://57.128.167.15
http://57.128.167.98
http://57.128.19.137
http://57.128.19.25
http://57.128.24.107
http://57.128.24.125
http://57.128.24.148
http://57.128.24.207
http://57.128.25.185
http://57.128.25.251
http://57.128.26.218
http://57.128.27.239
http://57.128.27.40
http://57.128.28.107
http://57.128.28.141
http://57.128.28.182
http://57.128.28.223
http://57.128.29.178
http://57.128.29.233
http://57.128.29.234
http://57.128.29.6
http://57.128.30.110
http://57.128.30.179
http://57.128.30.187
http://57.128.30.19
http://57.128.30.200
http://57.128.37.112
http://57.128.37.91
http://57.128.56.13
http://57.128.56.143
http://57.128.56.181
http://57.128.56.208
http://57.128.56.221
http://57.128.56.60
http://57.128.56.78
http://57.128.57.176
http://57.128.57.18
http://57.128.57.195
http://57.128.57.221
http://57.128.57.23
http://57.128.57.254
http://57.128.57.50
http://57.128.58.109
http://57.128.58.130
http://57.128.58.185
http://57.128.58.245
http://57.128.59.1
http://57.128.59.107
http://57.128.59.135
http://57.128.59.142
http://57.128.59.176
http://57.128.59.184
http://57.128.59.32
http://57.128.61.163
http://57.128.62.137
http://57.128.63.105
http://57.128.68.126
http://57.128.68.145
http://57.128.68.211
http://57.128.68.250
http://57.128.69.13
http://57.128.69.168
http://57.128.69.48
http://57.128.69.52
http://57.128.70.1
http://57.128.70.11
http://57.128.70.121
http://57.128.70.173
http://57.128.70.8
http://57.128.71.111
http://57.128.71.142
http://57.128.80.146
http://57.128.80.32
http://57.128.80.43
http://57.128.84.147
http://57.128.86.140
http://57.128.86.50
http://57.128.86.60
http://57.128.87.169
http://57.129.22.182
http://57.129.30.14
http://57.129.31.49
http://57.129.32.102
http://57.129.35.126
http://64.226.126.245
http://64.227.156.218
http://64.227.169.54
http://64.227.185.247
http://64.23.153.11
http://64.23.155.186
http://64.23.162.132
http://64.23.162.133
http://64.23.162.187
http://64.23.162.45
http://64.23.176.251
http://64.23.184.90
http://64.23.184.91
http://64.23.186.139
http://66.55.64.21
http://67.205.168.230
http://67.205.169.20
http://67.207.81.63
http://67.207.90.38
http://67.207.93.205
http://68.183.114.150
http://68.183.179.236
http://68.183.197.47
http://68.183.20.135
http://68.183.201.94
http://68.183.205.135
http://68.183.225.241
http://68.183.48.106
http://69.10.46.42
http://69.10.48.85
http://69.162.81.70
http://74.63.223.139
http://74.63.223.153
http://74.63.223.220
http://77.220.215.151
http://79.133.110.223
http://80.89.228.243
http://80.89.228.27
http://80.89.229.139
http://80.89.229.42
http://83.229.69.151
http://84.46.236.42
http://89.116.233.214
http://89.117.0.119
http://89.38.145.185
http://89.44.193.167
http://89.44.193.176
http://89.44.193.75
http://91.134.100.50
http://91.134.101.11
http://91.134.101.112
http://91.134.101.124
http://91.134.101.185
http://91.134.101.20
http://91.134.101.210
http://91.134.101.219
http://91.134.101.28
http://91.134.101.8
http://91.134.102.21
http://91.134.102.25
http://91.134.102.34
http://91.134.102.97
http://91.134.19.252
http://91.134.30.97
http://91.134.86.143
http://91.134.86.161
http://91.134.86.36
http://91.134.86.90
http://91.134.87.10
http://91.134.87.158
http://91.134.87.163
http://91.134.87.22
http://91.134.87.7
http://91.134.96.103
http://91.134.96.116
http://91.134.96.168
http://91.134.96.31
http://91.134.96.34
http://91.134.96.53
http://91.134.96.57
http://91.134.96.96
http://91.134.97.199
http://91.134.97.224
http://91.134.97.241
http://91.134.97.39
http://91.134.97.68
http://91.134.98.128
http://91.134.98.14
http://91.134.98.150
http://91.134.98.203
http://91.134.98.216
http://91.134.98.24
http://91.134.98.250
http://91.134.98.8
http://91.134.99.100
http://91.134.99.18
http://91.134.99.63
http://91.134.99.72
http://91.134.99.8
http://91.134.99.93
http://92.38.169.222
http://92.38.169.229
http://93.185.167.163
http://95.85.77.15
23.super-ypshop.shop
6iptv.shop
a.bb.ccc.dddd.super-easysshop.shop
a17.manageremisioncfdi23.online
a8.shellsolucoes.com.br
bb.ccc.dddd.super-easysshop.shop
buy.6iptv.shop
ccc.dddd.super-easysshop.shop
classestrainredrtl.co.uk
dddd.super-easysshop.shop
donnapdoty.icu
entrada9.aberturasvip.com
facturacion6.familiabrasil.online
familiabrasil.online
finame.dynuddns.com
frent6.farpajeans.com.br
friendskazino.site
junta7.desejolanjerie.com.br
lawrencersaldana.xyz
lojas7.fraternocomidas.com
madmail20.diadiadasentregas.com
madmail3.asvesmil.com.br
madmail3.diadiadasentregas.com
madmail5.diadiadasentregas.org
madmail7.diadiadasentregas.net
main1.affliate.net
main2.affliate.net
manageremisioncfdi23.online
markcnelson.icu
mildredjhobbs.icu
mmail9.florearcursos.com.br
monggeum.com
mosr5.desejolanjerie.com.br
nicolasbbrantley.icu
open19.impestinent.com.br
painel4.finame.dynuddns.com
painel5.finame.dynuddns.com
patriciacmosqueda.xyz
patriciaswoods.xyz
rithmony.online
riversedge.gorges.dev
safraatm.cfd
safrainvest.cfd
sandrapmorton.pro
santa4.financiastecnics.com
sd-119515.dedibox.fr
seansscott.icu
seg14.safraatm.cfd
super-easysshop.shop
super-ypshop.shop
testingdemo1.affliate.net
testingdemo2.affliate.net
wbsubdomain.a.bb.ccc.dddd.super-easysshop.shop
web25.vinhedomist.com
website.super-easysshop.shop
what.website.super-easysshop.shop

# Reference: https://app.validin.com/detail?type=dom&find=caminho-ranger-32.php#tab=reputation

http://103.89.12.154
http://103.90.160.217
http://103.90.160.34
http://103.90.161.133
http://103.90.161.232
http://104.131.4.245
http://104.131.9.199
http://104.236.11.22
http://104.236.74.87
http://104.236.74.98
http://104.248.112.130
http://104.248.124.172
http://104.248.13.64
http://104.248.13.65
http://104.248.43.167
http://104.248.79.68
http://104.26.4.95
http://128.199.128.115
http://128.199.13.249
http://128.199.140.210
http://128.199.140.53
http://128.199.141.49
http://128.199.148.109
http://128.199.153.195
http://128.199.168.69
http://128.199.197.199
http://128.199.209.102
http://128.199.77.196
http://128.199.86.36
http://128.199.88.87
http://134.122.118.172
http://134.122.33.99
http://134.122.36.165
http://134.122.41.193
http://134.122.45.59
http://134.122.46.103
http://134.209.102.251
http://134.209.103.163
http://134.209.106.79
http://134.209.109.225
http://134.209.146.194
http://134.209.229.198
http://134.209.241.156
http://134.209.249.241
http://135.125.206.217
http://135.125.244.170
http://135.125.246.157
http://135.125.90.155
http://135.125.90.89
http://137.184.114.162
http://137.184.119.193
http://137.184.12.95
http://137.184.15.249
http://137.184.162.14
http://137.184.162.167
http://137.184.198.216
http://137.184.225.160
http://137.184.225.171
http://137.184.235.187
http://137.184.39.143
http://137.184.4.199
http://137.184.85.71
http://137.184.92.170
http://138.197.120.209
http://138.197.134.124
http://138.197.149.33
http://138.197.66.181
http://138.68.140.92
http://138.68.141.129
http://138.68.154.215
http://138.68.182.134
http://138.68.224.112
http://139.162.156.134
http://139.28.4.94
http://139.59.105.71
http://139.59.180.239
http://139.59.22.225
http://139.99.155.201
http://139.99.216.189
http://139.99.216.196
http://139.99.217.159
http://139.99.217.208
http://139.99.218.13
http://139.99.220.151
http://139.99.220.225
http://139.99.220.231
http://139.99.221.102
http://139.99.221.132
http://139.99.221.143
http://139.99.221.245
http://139.99.221.71
http://139.99.222.107
http://139.99.222.70
http://139.99.223.36
http://141.94.104.214
http://141.94.169.130
http://141.94.175.140
http://141.94.210.5
http://141.95.74.5
http://141.95.75.178
http://141.95.75.49
http://141.95.75.88
http://141.95.86.208
http://142.93.100.50
http://142.93.109.242
http://142.93.154.209
http://142.93.169.133
http://142.93.218.65
http://142.93.31.12
http://142.93.31.6
http://143.110.146.108
http://143.110.149.162
http://143.110.153.240
http://143.110.157.61
http://143.110.158.55
http://143.110.188.157
http://143.110.192.77
http://143.110.209.52
http://143.110.248.252
http://143.198.102.112
http://143.198.103.251
http://143.198.109.85
http://143.198.152.71
http://143.198.153.8
http://143.198.158.123
http://143.198.197.25
http://143.198.209.95
http://143.198.210.137
http://143.198.215.10
http://143.198.217.54
http://143.198.226.187
http://143.198.237.195
http://143.198.33.245
http://143.198.34.250
http://143.198.36.223
http://143.198.41.140
http://143.198.42.47
http://143.198.44.123
http://143.198.51.61
http://143.198.79.245
http://143.198.83.89
http://143.244.177.100
http://145.239.135.187
http://145.239.135.199
http://145.239.135.226
http://145.239.135.232
http://145.239.135.35
http://145.239.28.109
http://145.239.28.180
http://145.239.28.224
http://145.239.29.102
http://145.239.29.105
http://145.239.29.111
http://145.239.29.165
http://145.239.29.48
http://145.239.29.56
http://145.239.31.54
http://145.239.31.57
http://146.185.219.191
http://146.185.219.247
http://146.185.219.61
http://146.190.105.4
http://146.190.115.58
http://146.190.137.14
http://146.190.137.77
http://146.190.147.209
http://146.190.151.140
http://146.190.151.223
http://146.190.153.111
http://146.190.153.157
http://146.190.154.141
http://146.190.159.156
http://146.190.168.156
http://146.190.172.156
http://146.190.175.143
http://146.190.175.173
http://146.190.33.124
http://146.190.44.150
http://146.190.46.70
http://146.190.58.164
http://146.190.60.26
http://146.190.61.58
http://146.59.117.242
http://146.59.240.144
http://147.182.154.60
http://147.182.244.86
http://148.113.136.206
http://148.113.136.3
http://148.113.136.66
http://148.113.136.86
http://148.113.138.150
http://148.113.139.216
http://148.113.139.46
http://148.113.140.103
http://148.113.140.125
http://148.113.140.130
http://148.113.140.36
http://148.113.140.59
http://148.113.140.94
http://148.113.141.246
http://148.113.142.84
http://148.113.143.150
http://15.235.186.190
http://15.235.186.240
http://15.235.202.221
http://15.235.202.42
http://15.235.202.55
http://15.235.202.59
http://15.235.203.111
http://15.235.203.39
http://15.235.203.87
http://15.235.47.210
http://15.235.48.245
http://15.235.48.47
http://15.235.49.100
http://15.235.49.241
http://15.235.49.81
http://150.95.30.48
http://150.95.31.65
http://150.95.82.94
http://151.115.52.107
http://151.115.72.90
http://152.228.134.5
http://152.228.160.76
http://152.228.228.150
http://152.228.228.64
http://152.228.231.37
http://152.228.242.169
http://152.228.242.204
http://152.228.242.46
http://152.228.242.59
http://152.42.170.15
http://154.16.126.17
http://157.230.110.114
http://157.230.18.97
http://157.230.42.201
http://157.230.46.67
http://157.230.49.133
http://157.230.57.37
http://157.230.58.167
http://157.245.149.196
http://157.245.193.30
http://157.245.197.135
http://157.245.201.159
http://157.245.49.58
http://157.245.58.239
http://157.245.62.197
http://159.203.10.110
http://159.203.11.217
http://159.203.11.235
http://159.203.15.10
http://159.203.17.11
http://159.203.24.50
http://159.203.38.86
http://159.203.44.158
http://159.203.81.101
http://159.203.98.21
http://159.223.1.48
http://159.223.1.89
http://159.223.140.248
http://159.223.194.28
http://159.223.197.64
http://159.223.202.115
http://159.223.204.76
http://159.223.220.121
http://159.223.230.241
http://159.223.238.121
http://159.223.57.27
http://159.223.65.9
http://159.223.92.171
http://159.253.120.232
http://159.65.134.201
http://159.65.143.217
http://159.65.240.151
http://159.89.126.151
http://159.89.198.106
http://159.89.202.27
http://159.89.43.204
http://159.89.45.117
http://159.89.99.209
http://161.35.172.37
http://161.35.195.60
http://161.35.214.199
http://161.35.26.89
http://161.35.37.32
http://161.35.68.212
http://162.19.118.186
http://162.19.123.189
http://162.19.223.128
http://162.19.223.18
http://162.19.223.65
http://162.19.246.155
http://162.19.246.225
http://162.19.246.230
http://162.243.187.113
http://163.172.145.172
http://163.172.36.44
http://163.172.45.130
http://164.90.139.207
http://164.90.142.249
http://164.90.155.136
http://164.90.172.30
http://164.90.186.220
http://164.90.197.32
http://164.90.221.15
http://164.90.233.204
http://164.92.128.58
http://164.92.132.57
http://164.92.197.72
http://164.92.74.254
http://164.92.79.56
http://164.92.91.118
http://164.92.99.92
http://165.22.109.10
http://165.22.109.158
http://165.22.175.118
http://165.22.220.60
http://165.22.228.102
http://165.22.235.21
http://165.22.237.186
http://165.22.73.38
http://165.22.74.146
http://165.22.94.242
http://165.227.102.92
http://165.227.110.40
http://165.227.33.181
http://165.227.34.18
http://165.227.38.98
http://165.227.42.227
http://165.232.106.98
http://165.232.137.134
http://165.232.139.108
http://165.232.166.238
http://165.232.169.185
http://165.232.169.248
http://165.232.171.167
http://165.232.175.126
http://165.232.175.58
http://165.232.185.43
http://165.232.186.139
http://167.172.60.175
http://167.172.70.16
http://167.71.130.90
http://167.71.169.145
http://167.71.213.93
http://167.71.88.117
http://167.71.96.202
http://167.99.141.218
http://167.99.150.129
http://170.64.137.88
http://170.64.142.251
http://170.64.146.134
http://170.64.149.84
http://170.64.152.3
http://170.64.154.217
http://170.64.158.100
http://170.64.163.4
http://170.64.164.90
http://170.64.166.114
http://170.64.173.190
http://170.64.181.149
http://170.64.181.79
http://170.64.187.241
http://170.64.202.253
http://170.64.204.224
http://170.64.210.29
http://170.64.210.46
http://170.64.210.73
http://170.64.216.98
http://170.64.226.101
http://170.64.232.44
http://172.105.148.191
http://173.198.236.84
http://174.138.33.113
http://176.123.1.104
http://176.123.1.111
http://176.123.2.134
http://178.128.103.108
http://178.128.109.124
http://178.128.120.18
http://178.128.225.19
http://178.128.233.185
http://178.128.235.247
http://178.128.87.112
http://178.62.211.33
http://185.105.0.85
http://185.154.12.229
http://185.154.13.231
http://185.154.14.101
http://185.154.14.114
http://185.154.14.118
http://185.154.14.141
http://185.154.14.23
http://185.154.14.42
http://185.158.248.237
http://185.167.97.225
http://185.189.13.91
http://185.204.109.106
http://185.220.204.53
http://185.24.233.23
http://185.51.246.196
http://185.51.246.58
http://188.121.109.197
http://188.166.145.97
http://188.166.148.153
http://188.166.169.50
http://188.166.189.71
http://188.166.210.158
http://188.166.218.206
http://188.166.218.43
http://188.166.224.12
http://188.166.229.57
http://188.166.233.192
http://188.166.250.203
http://195.154.113.14
http://195.154.119.172
http://195.211.45.212
http://195.234.82.115
http://195.234.82.116
http://195.234.82.117
http://195.234.82.143
http://195.234.82.161
http://195.234.82.206
http://195.234.82.214
http://195.234.82.219
http://195.234.82.224
http://195.234.82.229
http://195.234.82.233
http://195.234.82.234
http://195.234.82.24
http://195.88.57.204
http://198.244.142.194
http://198.244.142.32
http://198.244.143.118
http://198.244.143.235
http://202.78.170.26
http://206.189.10.114
http://206.189.141.84
http://206.189.236.99
http://206.189.29.147
http://208.115.225.39
http://209.97.162.188
http://209.97.165.127
http://209.97.174.232
http://212.8.244.40
http://213.156.142.31
http://217.182.211.139
http://217.195.205.102
http://217.195.205.134
http://217.195.205.135
http://217.195.205.138
http://217.195.205.140
http://217.195.205.141
http://217.195.205.213
http://217.195.205.98
http://24.144.82.193
http://24.144.90.7
http://24.144.94.104
http://24.144.94.99
http://24.199.100.29
http://24.199.109.200
http://24.199.109.207
http://24.199.113.184
http://24.199.125.215
http://37.59.25.116
http://37.61.229.224
http://37.61.229.226
http://37.61.229.241
http://45.141.85.222
http://45.80.208.168
http://45.80.209.127
http://45.80.209.142
http://45.80.209.145
http://45.80.209.148
http://45.80.209.149
http://45.91.203.211
http://46.101.116.214
http://46.101.200.143
http://5.181.27.113
http://5.181.77.101
http://5.181.77.122
http://5.181.77.34
http://5.181.77.36
http://5.181.77.62
http://5.188.108.148
http://5.188.108.201
http://5.188.133.173
http://5.188.133.196
http://5.188.6.221
http://5.189.221.226
http://5.189.221.232
http://5.8.33.132
http://5.8.33.136
http://5.8.33.199
http://5.8.33.211
http://5.8.33.223
http://5.8.33.59
http://5.8.33.74
http://5.8.33.80
http://5.8.33.82
http://5.8.33.84
http://5.8.41.160
http://5.8.41.208
http://51.15.125.53
http://51.15.177.185
http://51.15.177.194
http://51.15.192.71
http://51.15.252.153
http://51.15.253.32
http://51.15.7.120
http://51.15.8.126
http://51.15.8.174
http://51.15.9.26
http://51.158.112.231
http://51.159.152.79
http://51.159.34.137
http://51.159.35.124
http://51.159.35.34
http://51.161.109.46
http://51.178.57.225
http://51.178.59.102
http://51.178.60.107
http://51.178.60.173
http://51.178.61.37
http://51.178.63.229
http://51.195.233.177
http://51.195.43.24
http://51.210.124.4
http://51.210.126.45
http://51.210.144.158
http://51.210.144.232
http://51.210.147.141
http://51.210.147.226
http://51.38.114.73
http://51.68.166.220
http://51.68.167.3
http://51.68.49.171
http://51.68.49.45
http://51.68.49.88
http://51.68.81.247
http://51.68.82.225
http://51.68.82.241
http://51.68.82.39
http://51.68.88.131
http://51.68.89.97
http://51.68.90.134
http://51.68.90.194
http://51.68.92.46
http://51.75.168.24
http://51.75.169.250
http://51.75.169.74
http://51.75.169.81
http://51.75.63.104
http://51.75.92.229
http://51.75.94.140
http://51.77.109.120
http://51.77.111.109
http://51.77.214.176
http://51.79.100.97
http://51.79.140.156
http://51.79.141.234
http://51.79.142.149
http://51.79.142.237
http://51.79.142.27
http://51.79.142.57
http://51.79.143.215
http://51.79.143.83
http://51.79.27.94
http://51.83.225.106
http://51.83.227.22
http://51.83.249.217
http://51.83.34.146
http://51.91.137.64
http://51.91.138.213
http://51.91.139.17
http://51.91.143.243
http://51.91.150.28
http://51.91.208.23
http://54.38.136.175
http://54.38.138.227
http://54.38.138.34
http://57.128.122.137
http://57.128.122.190
http://57.128.122.26
http://57.128.163.244
http://57.128.164.232
http://57.128.164.72
http://57.128.164.85
http://57.128.165.92
http://57.128.166.150
http://57.128.166.247
http://57.128.166.37
http://57.128.167.121
http://57.128.167.139
http://57.128.167.3
http://57.128.24.233
http://57.128.25.192
http://57.128.25.221
http://57.128.27.203
http://57.128.28.17
http://57.128.28.173
http://57.128.28.82
http://57.128.30.108
http://57.128.30.55
http://57.128.36.108
http://57.128.37.42
http://57.128.56.106
http://57.128.56.113
http://57.128.56.214
http://57.128.56.62
http://57.128.57.77
http://57.128.57.90
http://57.128.58.110
http://57.128.58.14
http://57.128.59.235
http://57.128.59.33
http://57.128.68.108
http://57.128.70.126
http://57.128.70.249
http://57.128.70.5
http://57.128.70.52
http://57.128.81.241
http://57.128.84.226
http://57.129.31.70
http://57.129.32.165
http://57.129.32.28
http://57.129.32.4
http://62.146.227.151
http://64.227.122.194
http://64.227.129.169
http://64.227.96.25
http://64.227.96.62
http://64.227.97.89
http://64.23.155.195
http://64.23.157.5
http://64.23.162.153
http://64.23.165.19
http://64.23.169.202
http://64.23.169.70
http://64.31.22.155
http://68.183.124.7
http://68.183.193.165
http://68.183.194.118
http://68.183.202.33
http://68.183.237.102
http://68.183.34.39
http://79.133.110.217
http://79.133.110.218
http://79.133.110.219
http://79.133.110.222
http://79.133.110.225
http://79.133.110.227
http://79.133.110.228
http://79.133.110.62
http://80.240.112.235
http://80.85.140.123
http://84.46.236.41
http://89.117.0.121
http://89.44.193.177
http://91.134.100.12
http://91.134.100.179
http://91.134.100.213
http://91.134.100.47
http://91.134.102.74
http://91.134.86.111
http://91.134.86.177
http://91.134.86.21
http://91.134.86.92
http://91.134.87.138
http://91.134.87.224
http://91.134.87.247
http://91.134.96.13
http://91.134.96.177
http://91.134.96.243
http://91.134.97.203
http://91.134.98.47
http://91.134.99.95
http://94.103.188.56
109-74-197-9.ip.linodeusercontent.com
145.239.135.35.sslip.io
198.244.143.235.sslip.io
51-79-142-174.cprapid.com
83-229-69-151.cprapid.com
92-38-149-131.cprapid.com
admin.onlinefact.info
adoring-swirles.mics-sandbox.com
advisorone.site
affectionate-kirch.mics-sandbox.com
aliciastrickland.autos
amont-ski.com
amont-skiing.com
angry-tharp.141-94-175-140.plesk.page
api.onlinefact.info
app2.felg.in
athena.dataval.munic.io
avaliacao7.salaobelezahirota.com
awx.changsijay.com
b52nzcnrho5473.duckdns.org
bcd1.za.com
bemr9.za.com
blog.changsijay.com
bmtp.oceania.com.au
bootcamp38-gitlab-coffee-shop-staging.changsijay.com
byteonestextou.com
bz.mn
catalogservice.dev.common.beat.no
catalogservice.test.common.beat.no
cd4.mario09.online
cdef8.sa.com
cdn-vip-1.ohitv.org
cefi.my3cx.fr
chakaralaya.com
changsijay.com
chat.begoochand.com
cliente2.itnbrasillogistica.com
cliente4.itnbrasillogistica.com
cloud.testbed.ovh
colemarie.com
comp.06.cosmobeauty.barueri.br
condescending-lamport.mics-sandbox.com
condescending-mcnulty.mics-sandbox.com
controle1.blsconsultingnova.com
cpanel.92-38-149-131.cprapid.com
cpanel.mtcsupport.com.au
cpcalendars.92-38-149-131.cprapid.com
cpcontacts.92-38-149-131.cprapid.com
cranky-heisenberg.mics-sandbox.com
customer2.ext.qual.2pl.ovh
customer2.qual.2pl.ovh
cwww8.ru.com
dast-22528575-dast-default.changsijay.com
dcmv2.za.com
dkat4.ru.com
dkol4.ru.com
dmwatchfc.com
dn1142.mis.ovh
dvuy3.sa.com
eiip0.ru.com
ejhx1.sa.com
entrega7.newfacecentrodebeleza.com
er5.buzz
ext.customer2.qual.2pl.ovh
ext.lb2.qual.e4p.ovh
ext.syslog2.qual.market.ovh
ext.term1.qual.2pl.ovh
eybe7.sa.com
fiberlike.aurorainiceland.com
files.changsijay.com
files.oltaneo.fr
filmyjunctionstudios.com
fmsp3.za.com
friendly-brattain.mics-sandbox.com
ftpofra25.footballfantasyforum.com
fzcj6.ru.com
git.changsijay.com
gitlab.jitiv.com
gkff0.ru.com
glowconjecture.shop
grafana.changsijay.com
gx6.best
happy-shockley.mics-sandbox.com
highfieldjamesconsulting.3cx.uk
hrqa6.ru.com
icng4.za.com
idod8.ru.com
images.dev.common.beat.no
improverunningform.com
integracao1.distribuidoraruivo.com
inventory.oltaneo.fr
ip200.ip-51-68-48.eu
ip35.ip-145-239-135.eu
ip97.ip-51-79-141.net
ipgk4.za.com
jdom8.ru.com
jenkins-spring-slave.spork.tech
jhwtk4.click
jnuw9.ru.com
kassa.onlinefact.info
koczubn2sg.youltube.biz
kopo-dev.com
krxt0.ru.com
ku0.best
lab.changsijay.com
laughing-morse.mics-sandbox.com
lb2.ext.qual.e4p.ovh
lb2.qual.e4p.ovh
le-22528575.changsijay.com
lg2i.on3cx.fr
liqf2.ru.com
login.onlinefact.info
looool.tiess.services
loving-curie.mics-sandbox.com
ltqtv0.click
mach1.newsxmedia.com
mail.109-74-197-9.cprapid.com
mail.92-38-149-131.cprapid.com
mail.changsijay.com
mail.quartzsticky.com
mail.shaar.ovh
mapa.hop2.pl
medium.jean-claude-init.com
mknl8.ru.com
modest-visvesvaraya.mics-sandbox.com
monster.nextgentechnews.com
moonyzer.fr
musing-ptolemy.135-125-246-51.plesk.page
musing-swirles.mics-sandbox.com
naturalpark-outdoor.com
naturalpark-sport.com
ne9.best
needfull.uz
newharborllink.com
newstodayn.info
nqkr8.ru.com
ns1.eubf.net
ns2.khbntu.click
ns314693.ip-37-59-25.eu
nwpu9.ru.com
ocutech-api.dinacode.com
ocutech.dinacode.com
optimized.coreme.fr
optimized2.coreme.fr
otyt6.ru.com
ov2.best
part-hepsiduraba.net
pop.ptk-mir.ru
pp.upervision.com
ppa.airlines-manager.com
primallegyptt.xyz
prod.en.bv.loco.red
producao10.cataratastransportes.com
pxkr6.ru.com
pzab4.ru.com
qc9.buzz
quartzsticky.com
quirky-feynman.mics-sandbox.com
quizzical-northcutt.mics-sandbox.com
qzkk0.ru.com
rdp.phonemail.net
redflix.biz
rq8.best
sad-shirley.mics-sandbox.com
sbux3.ru.com
sharp-yalow.mics-sandbox.com
shiningsister-sport.com
shiningsisters-sport.com
slackoffs.com
smtp.ptk-mir.ru
spiceshq.com
sqaurecpacevswamabe.sbs
sqaurecpacevswmcd.cfd
sqaurecpacewsbilhs.cfd
sqaurecpacewsmi.sbs
sqaurecpacewsuawb.cfd
squarcpacesmbanu.sbs
squarcpacesmbauedo.sbs
squarcpacesmbawovnih.sbs
squarcpacesmbaws.sbs
squarecpacemsbbl.sbs
squarecpacemszk.sbs
squarencpacesheswnm.sbs
squarencpaceshra.sbs
squarenpacenbindbt.sbs
squarenpacenbirv.sbs
squarenpacenbite.sbs
squarenpavewni.sbs
squarenpavwlnzai.sbs
squarescpacencizwd.sbs
squarescpacencuwh.sbs
squaresnpacesukrblvo.sbs
staging.spiceshq.com
stest.newsxmedia.com
support.mindfalls.com
sw4.best
swapinsights.com
syslog2.ext.qual.market.ovh
syslog2.qual.market.ovh
tachar.online
tender-agnesi.mics-sandbox.com
term1.ext.qual.2pl.ovh
term1.qual.2pl.ovh
thestoddardclan.com
tls12.changsijay.com
tls13.changsijay.com
tqbs2.ru.com
trusting-jones.mics-sandbox.com
tssg8.ru.com
ucrm0.ru.com
uf5.best
uklon.nextgentechnews.com
upbeat-lamport.mics-sandbox.com
updsfdsd.wikaba.com
utility.bitbot.net.au
v2.gpdl.online
vfqb6.ru.com
virtmin.watahazawoz.pl
vm1021416.had.pm
vm1187220.kvm.had.wf
vm1366783.ssd1.had.yt
vtdjl0.click
vwpk1.sa.com
w2.tachar.online
w7.tachar.online
w8.tachar.online
warski.com
wcwelding.live
webmail.92-38-149-131.cprapid.com
whm.5-188-108-148.cprapid.com
whm.92-38-149-131.cprapid.com
wiki.changsijay.com
wloy6.za.com
worker.onlinefact.info
wp-bottleneck.com
wp.changsijay.com
xa3.best
xyoz4.ru.com
yaw-allroad.com
yaw-cycling.com
yaw-offroads.com
yawcycle.com
yawcycling.com
yawoffroad.com
yawriding.com
yb9.best
youtude.biz
zbcs0.ru.com
zeged4.click
zwwn2.ru.com

# Reference: https://x.com/malwrhunterteam/status/1804083030820061278
# Reference: https://www.virustotal.com/gui/file/a3e22819ab5b3e27b4289f137ea336c9dfb1f47391cc44f5d4567c7bdd9d67ef/detection
# Reference: https://www.virustotal.com/gui/file/3fdc2b8db422a5df537b0061f67fcd808fa01b16b3f23e7950b394139e2639ae/detection
# Reference: https://www.virustotal.com/gui/file/0eb26174e722600f19a2f89f4e77d7382e6b24eea30f3c62c70a8324f34a2b77/detection

charcool.online

# Reference: https://x.com/JAMESWT_MHT/status/1804149597477933396

shellstp.info

# Reference: https://x.com/1ZRR4H/status/1804284417638056104
# Reference: https://www.virustotal.com/gui/file/cac8f9e6df8a82795d76abad54b4e6dc5bf6a9d65606be9c1e31b8594fc7b521/detection

viverosmarinos.com

# Reference: https://x.com/banthisguy9349/status/1804806186622951680

http://178.215.236.253

# Reference: https://x.com/banthisguy9349/status/1804804540387979301

http://194.48.251.176
http://194.59.30.176

# Reference: https://x.com/momomopas/status/1805515563596496930

101.99.92.203:9090

# Reference: https://www.virustotal.com/gui/file/04bf13f5e478ad2ad567f8c31a54fd399fb2536f3c89a47f5e9aaeeed416eef6/detection

sped.lol

# Reference: https://x.com/banthisguy9349/status/1806641278244868137

94.156.69.221:8000

# Reference: https://x.com/ShanHolo/status/1806608159491924450

http://35.194.215.14

# Reference: https://x.com/banthisguy9349/status/1806737735761240099

http://23.26.77.186

# Reference: https://x.com/ni_fi_70/status/1807691029950161323

http://176.223.134.190

# Reference: https://x.com/RacWatchin8872/status/1807748355214160172

http://4.203.104.98

# Reference: https://www.virustotal.com/gui/file/1d018679fcb85bee8fba2d7545be348e236076135623e1f2b216923fd602ce2f/detection

ric-finanz.com

# Reference: https://x.com/ShanHolo/status/1808924928827404469

http://34.126.174.34

# Reference: https://x.com/banthisguy9349/status/1809141971190948149

154.26.130.227:8080
3.99.165.254:8000
5.189.141.96:8000

# Reference: https://x.com/karol_paciorek/status/1809161475350552937

http://77.105.135.22

# Reference: https://x.com/karol_paciorek/status/1809164184476692929

http://77.105.160.30

# Reference: https://x.com/banthisguy9349/status/1809191207278461186

http://5.42.67.26
http://66.59.64.108
http://77.105.132.5

# Reference: https://x.com/banthisguy9349/status/1809205202987172059

http://5.206.227.56

# Reference: https://x.com/malwareforme/status/1809257799387361422
# Reference: https://www.virustotal.com/gui/ip-address/117.56.7.26/relations
# Reference: https://www.virustotal.com/gui/file/45d3063b41fc1d6c8387600e49b6da5c8ec9909ef3636d539ca2a10aec7f3c59/detection
# Reference: https://www.virustotal.com/gui/file/9effb51a23106bc461b5d33a6af2d732f04d2d0ce9ac0a59467147098d159c99/detection
# Reference: https://www.virustotal.com/gui/file/5d4dcd98f95bb8281dd856cb1597c2094f047d4693a85a63e1cadfe43b0f04ce/detection

http://128.199.156.238
neptune.twilightparadox.com
solmo.twilightparadox.com
solo.twilightparadox.com

# Reference: https://x.com/1ZRR4H/status/1809285083997630827
# Reference: https://www.virustotal.com/gui/file/bea7affbaaa5a7eb9616b48216450d1bec20fd5f43f4af3507017b4c5cdfd003/detection

verizon-tops-sports-gba.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/032479c9aa261691b45f71f860e29a7d19e47b28f54f2bddfb1077d706c94ebe/detection

a0942143.xsph.ru

# Reference: https://app.validin.com/detail?find=doublez.online&type=dom&ref_id=0ce1192495d#tab=host_pairs_v2

doublez.online

# Reference: https://www.virustotal.com/gui/file/133164eceee2d1e85e944750d1e51be6edb67d78e645df7b7cadfb5aedbdb88d/detection

ssapisite.com

# Reference: https://www.virustotal.com/gui/file/1f7c8efeeba59ea7e342f3575472ce7b593bf254ba3e8855028875c0f2548561/detection
# Reference: https://www.virustotal.com/gui/file/9ac5f50ccd9767f2aaae7879dfae0e7e1f97c0ac1c3faccd5fe9d88b691db464/detection

pdfonlineqrdocs.com
qrbarcodesecureofficeauth.com

# Reference: https://app.validin.com/detail?find=shell.elf&type=dom&ref_id=844ac3457ab#tab=host_pairs_v2

http://139.196.110.126
http://142.118.19.254
http://146.190.15.117
http://173.82.206.125
http://3.18.225.56
http://35.211.63.78
http://64.23.228.47
http://77.170.165.141

# Reference: https://x.com/karol_paciorek/status/1810247343289053474

http://194.156.99.172

# Reference: https://x.com/dez_/status/1810314284746080415
# Reference: https://www.virustotal.com/gui/file/8decdfe5e000475d09f077a3d5b06843f1138e307141e0d0433526ae7037731d/detection
# Reference: https://www.virustotal.com/gui/file/6fa43ef5572470e2a3129a181927a671d816484911d891fabb76e6d29827e6b7/detection

http://154.82.92.201
comc0m.com

# Reference: https://x.com/lontze7/status/1810175784872489463

http://185.255.95.93

# Reference: https://www.virustotal.com/gui/file/410f8b24dca48192b36ed51437e568a4e6781d80f36745a9987fc28b1d98deb2/detection

presvolica.com

# Reference: https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/

cbmelipilla.cl/te/

# Reference: https://x.com/banthisguy9349/status/1795422523863007289

http://80.76.49.162
http://85.209.133.18

# Reference: https://www.virustotal.com/gui/file/0b631de4060b07fac030e2f40b9ed800c0ad0d80db24a4281cf022b5b970c3e6/detection

infectcurve.shop

# Reference: https://x.com/banthisguy9349/status/1812883811988033904

http://94.156.69.146

# Reference: https://x.com/ShanHolo/status/1813149888001011754
# Reference: https://www.virustotal.com/gui/file/dd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a/detection

http://191.232.181.180
191.232.181.180:443

# Reference: https://x.com/malwrhunterteam/status/1813311575723511869
# Reference: https://www.virustotal.com/gui/file/bef99f862b9d7a47bddf9d51121196ab2f25234b38169c49e47a672bf849a7c9/detection

http://37.60.234.203
atrf-help.org
telemetry.atrf-help.org

# Reference: https://x.com/karol_paciorek/status/1813856475670024690

http://45.55.131.63
netdaemon.org

# Reference: https://www.virustotal.com/gui/file/806086b840f22037026ca63793563b55251840d7804e5287fbc60c241853f847/detection

http://47.128.226.30

# Reference: https://x.com/StrikeReadyLabs/status/1811136876457382325
# Reference: https://x.com/ShadowChasing1/status/1814129779735699949
# Reference: https://www.virustotal.com/gui/file/4870bd4dd74adf0634948cd3b44816b358c474f39186da3bf82eddcf886d44a3/detection

158.255.215.115:443
langchao.363c85a36a.ipv6.1433.eu.org

# Reference: https://x.com/RacWatchin8872/status/1813904016281378930

http://89.197.154.116

# Reference: https://x.com/banthisguy9349/status/1814925887906664718

http://91.92.255.65
imgbb.xyz

# Reference: https://x.com/banthisguy9349/status/1814979492286271584

http://103.198.26.104
http://141.95.110.31

# Reference: https://x.com/banthisguy9349/status/1814916027320291407

http://185.99.135.162

# Reference: https://x.com/RacWatchin8872/status/1815338996005777590

http://162.250.98.10

# Reference: https://x.com/malwrhunterteam/status/1815633400327205073
# Reference: https://www.virustotal.com/gui/file/e9b2833ae4d1558919b78ba246935636cf0bccd2e25534acb634c31daef7a712/detection
# Reference: https://www.virustotal.com/gui/file/1d91134ce11e46cf5f17beeffc75dcafa06b58657f21c0f5ed1c9e1318c12be1/detection

http://163.5.112.21
163.5.112.21:3000

# Reference: https://x.com/malwrhunterteam/status/1815361770443493736
# Reference: https://www.virustotal.com/gui/file/25744c328b7a84ae8c5a7aa02275960c4cbd00d887c800a61f96f09128e6adc2/detection

http://45.32.117.177

# Reference: https://x.com/1ZRR4H/status/1815978978508677154

54.87.15.121:8080

# Reference: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

http://62.133.61.26
http://62.133.61.43
21centuryart.com

# Reference: https://www.virustotal.com/gui/ip-address/3.126.250.13/relations

http://3.126.250.13
britishamericanstobacco.com

# Reference: https://www.virustotal.com/gui/ip-address/123.57.237.30/relations

http://123.57.237.30

# Reference: https://www.virustotal.com/gui/ip-address/1.15.44.211/relations

http://1.15.44.211
1.15.44.211:8888

# Reference: https://www.virustotal.com/gui/ip-address/121.37.222.47/relations

http://121.37.222.47

# Reference: https://www.virustotal.com/gui/ip-address/49.232.144.225/relations

http://49.232.144.225

# Reference: https://www.virustotal.com/gui/file/cbe097d3f3b35355fe6d4df22cb3b140c6a676911f90d086792a5916fa2c6681/detection

http://8.222.220.3

# Reference: https://www.virustotal.com/gui/ip-address/124.222.8.250/relations

http://124.222.8.250

# Reference: https://www.virustotal.com/gui/ip-address/172.105.86.36/relations

http://172.105.86.36

# Reference: https://www.virustotal.com/gui/ip-address/38.207.173.58/relations

http://38.207.173.58

# Reference: https://app.validin.com/detail?find=poc.xml&type=dom&ref_id=e30ecd2c1d8#tab=host_pairs_v2

http://142.171.88.194
http://172.86.99.204
http://34.121.46.17
http://34.172.164.244
http://47.92.148.22
http://94.156.189.180

# Reference: https://x.com/Merlax_/status/1816220561514570130

http://31.13.213.46
http://64.23.186.111
31.13.213.46:445
31.13.213.46:8080

# Reference: https://x.com/1ZRR4H/status/1816358558927036816
# Reference: https://www.virustotal.com/gui/file/ef3c36f9c54d7e428a2ebf37d70a711c80d87e1774b60c573615ae4dae4bdf42/detection

vcredist2010x64.pages.dev

# Reference: https://x.com/HackingLZ/status/1816168200817492044

20.83.148.22:50032

# Reference: https://x.com/banthisguy9349/status/1816851258826703207
# Reference: https://www.virustotal.com/gui/ip-address/94.156.64.250/relations
# Reference: https://www.virustotal.com/gui/file/ebca29f57f5633d4a544899f7a97c6f81c9755c7f506ab52fada1302fd0a7eb1/detection

http://94.156.64.250
bggovpost.art
chronopostfr.art
dpdpsots.top
gpostge.bar
justhdwall.com
laposte-fr.bid
laposte-fr.de
mb0xffice.xyz
mzauths.xyz
postacgme.bar
postagovrs.bar
postgovbn.bar
rs-posta.bar
cloth.mzauths.xyz
h0l.mzauths.xyz

# Reference: https://x.com/banthisguy9349/status/1816850575692083473

http://94.156.71.166

# Reference: https://x.com/malwrhunterteam/status/1817159273391997363
# Reference: https://www.virustotal.com/gui/file/76fbbac936ae594503e2795d521777eaf86a5fcd788f50894307c483b6c07430/detection

auvergnerhonealpes-jo.com
downloadimplant.auvergnerhonealpes-jo.com

# Reference: https://www.virustotal.com/gui/file/bc85d43f0cc64c4a3c1dbb2047d458c20b36aa3900fda6d4f89ee99d7af51564/detection
# Reference: https://www.virustotal.com/gui/file/857574b7d5e60f321426138e7818b51aa5b35777ecbbda67a0f037b8dca5c370/detection

e-taxes.info

# Reference: https://x.com/StrikeReadyLabs/status/1817191427832447270
# Reference: https://www.virustotal.com/gui/file/cf2620781f64b31c7914497b9d42e6d846b5d97f66ca42768c438c9c3b6a1778/detection

secure-webmail.azureedge.net

# Reference: https://x.com/r3dbU7z/status/1817607423890231742
# Reference: https://www.virustotal.com/gui/file/dcd0823f72d6a145fb9acfbb6f2e4885b3e6fca6dc76f1476bd0c5431ae15ff4/detection
# Reference: https://www.virustotal.com/gui/file/9ef975e93768f270dfb2923e1848ac26d98789ffdf4fb7f9785e2a4260a32cdb/detection
# Reference: https://www.virustotal.com/gui/file/015a04303ee4a925095311e60593fa100951986713324c118d067684d6dd5787/detection

http://62.133.61.97

# Reference: https://x.com/lontze7/status/1817783150795210932
# Reference: https://x.com/banthisguy9349/status/1817784577886232913

http://120.77.253.240
http://159.65.205.138
http://203.68.22.96
120.77.253.240:443
159.65.205.138:443
159.65.205.138:8080
159.65.205.138:9100
203.68.22.96:1288
203.68.22.96:443

# Reference: https://x.com/suyog41/status/1817829659729350681
# Reference: https://www.virustotal.com/gui/file/eb552b17b3978ef35b096bd2c1a778d04f883a7b1f6510038549651e147e2e73/detection

27.106.123.108:8080

# Reference: https://x.com/raghav127001/status/1817856814618182025
# Reference: https://www.virustotal.com/gui/file/e6e7ebe7e09c2742569efc41b97019e2092320afee4cef3ca35345513606479d/detection
# Reference: https://www.virustotal.com/gui/file/b6ffc23ae03c6f691526d6afb21028a034382871474cbee649e4a25d7632b77a/detection

http://87.242.107.248
87.242.107.224:443

# Reference: https://x.com/fr0s7_/status/1817904875000193350
# Reference: https://www.virustotal.com/gui/file/6cbf52091bbe95b9ed385911892877d2cea5c3b9965d375b3091786fd0f6d4f2/detection

http://149.248.76.31
teamsconnect.net

# Reference: https://www.virustotal.com/gui/file/b9bb4eb13cb09c25862151e98059905804034304d4c65d9efe1f2ad0da38301a/detection

ie-servenet.shop

# Reference: https://www.virustotal.com/gui/file/29a3ed8701d860d246dc11f097632855f94d6ca25764d357690d50579b595884/detection

sunbelitle.pw

# Reference: https://x.com/malwrhunterteam/status/1818224362752761993
# Reference: https://www.virustotal.com/gui/file/79623531989ddcab766d92a5d1d3a7c73fae31303a16d640703182e05d19e013/detection

78.40.116.172:18174
forgen.sbs

# Reference: https://x.com/StrikeReadyLabs/status/1818276081797058653
# Reference: https://www.virustotal.com/gui/file/0507816fbeae794daeb92d26eba3ef6d55016f2d2bd9f644a9d8324be89a9ff3/detection

adobeversao24.000.pe

# Reference: https://x.com/Thisism23567356/status/1818286576629370942
# Reference: https://www.virustotal.com/gui/file/0a9b373b26311223fc4a723465f835d99d849d3713bf38eabeeaebf13f3bbf54/detection

us05web-zoom.com
workspace.us05web-zoom.com

# Reference: https://x.com/d4rksystem/status/1818316623188570443

http://94.156.67.244
94.156.67.244:445

# Reference: https://x.com/ShanHolo/status/1818574318785229282
# Reference: https://www.virustotal.com/gui/file/23f170c701bf4c7ba84dfb071b7f0c3dc017396a571f7b65592e5a7b2bf3e5e5/detection

http://104.219.239.104

# Reference: https://www.virustotal.com/gui/file/19cbff064f6a5854cab74e34f8e56f641afec0f53d509fa2036bcb73b1803172/detection

geradcontsad.pro

# Reference: https://x.com/banthisguy9349/status/1819082273037471896
# Reference: https://app.validin.com/detail?find=usdtAdmin%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E6%98%AF%E5%BC%80%E6%BA%90%E7%9A%84PHP%E4%BC%81%E4%B8%9A%E7%BA%A7%E7%BD%91%E7%AB%99%E6%94%B6%E6%AC%BE%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F&type=raw&ref_id=147a50abcb9#tab=host_pairs_v2

101.32.44.191:443
101.34.65.156:443
103.101.205.128:443
103.140.228.34:443
103.146.141.15:443
103.147.14.211:443
103.148.150.205:443
103.233.9.174:443
103.233.9.188:443
103.42.30.80:443
103.68.61.96:443
103.86.86.188:443
103.97.58.237:443
104.143.47.180:443
104.160.40.254:443
104.233.160.252:443
107.148.174.191:443
107.148.20.125:443
107.148.237.241:443
107.148.50.126:443
107.148.73.200:443
116.205.246.155:443
118.195.248.103:443
119.45.197.252:443
123.249.71.176:443
124.156.188.41:443
124.71.57.60:443
13.231.5.114:443
13.250.140.30:443
134.122.205.50:443
142.171.117.149:443
149.88.76.150:443
15.207.249.39:443
150.158.41.128:443
152.32.151.126:443
154.201.65.145:443
154.201.65.155:443
154.21.85.56:443
154.221.23.55:443
154.23.187.131:443
154.23.188.80:443
154.44.8.133:443
154.56.60.132:443
154.82.85.62:443
156.224.25.5:443
156.232.11.91:443
156.234.137.18:443
156.234.39.137:443
170.106.80.79:443
172.247.44.22:443
173.249.199.61:443
182.16.43.50:443
184.168.124.82:443
198.46.194.107:443
202.146.216.98:443
203.86.233.119:443
205.234.252.135:443
206.119.160.105:443
206.119.172.145:443
206.238.179.17:443
207.148.107.242:443
208.87.207.190:443
216.107.136.130:443
23.95.242.80:443
27.124.21.6:443
34.150.225.170:443
34.253.235.71:443
38.143.11.118:443
38.207.178.151:443
38.6.219.21:443
38.60.163.233:443
42.192.219.108:443
43.128.110.180:443
43.128.78.132:443
43.129.28.202:443
43.133.72.225:443
43.135.124.104:443
43.153.105.82:443
43.153.42.161:443
43.199.34.219:443
43.249.207.213:443
45.116.76.72:443
45.152.67.154:443
45.158.230.83:443
47.236.15.53:443
47.236.159.2:443
47.243.254.103:443
47.245.118.5:443
47.245.134.108:443
49.51.104.142:443
67.21.87.130:443
8.142.18.88:443
8.209.79.11:443
8.210.129.102:443
8.218.100.116:443
81.69.15.125:443
85.8.183.8:443
93.127.185.131:443
94.74.76.47:443
157game.cc
37ti.com
5920.live
7777games.net
a13.ylwtt.com
aazzss.cc
aleokg.com
api.hsken.org
bf.wtoxo.com
btshop123.com
eigolinks.com
faqself.com
gmaill.cn
gmtkm.com
h5.imk09.top
hmucloud.com
hsken.org
im.gmtkm.com
imk09.top
ine-qr.mx
innovationmalls.com
ishopfly.me
join-demo.com
m.aazzss.cc
mh.wtoxo.com
mk.ziyuanfx.tech
pay.157game.cc
pay.btshop123.com
pay.eigolinks.com
pay.usdtsite.com
pay.xuexi02.top
pay6g.work
pp.innovationmalls.com
qiuzhang.one
r.wtoxo.com
ruanwenfuwu.com
shopglobal.beauty
shuzi.ine-qr.mx
sltech.icu
store.wangbapay.com
t.pay6g.work
t1.pay6g.work
test.yilufacai1688.top
ttess.top
topquality24.com
u.ishopfly.me
upay.37ti.com
us.faqself.com
usdpay.gmaill.cn
usdt.7777games.net
usdt.gmaill.cn
usdt.ruanwenfuwu.com
usdt.sltech.icu
usdt.usdtadmin.com
usdtadmin.com
usdtpay.join-demo.com
usdtpay.wtoxo.com
usdtpf.5920.live
usdtsite.com
user.gmtkm.com
uu.gmaill.cn
v7.xiaonongjiang.cn
w.aleokg.com
wangbapay.com
wanhaoguoji208.top
wp.wtoxo.com
wtoxo.com
xiaonongjiang.cn
xuexi02.top
xxyyzz.cyou
yilufacai1688.top
ylwtt.com
yunyiyipay.com
zhifu988.com
ziyuanfx.tech

# Reference: https://www.virustotal.com/gui/file/7d05db7f4cbf2251b2708349b7edfe448af83ee5616116012a044ec810d32e5b/detection

slkdbfkwfd.julienolsson.com

# Reference: https://x.com/banthisguy9349/status/1819275426394517760

http://193.23.55.209

# Reference: https://app.validin.com/detail?type=dom&find=bypass.txt#tab=host_pairs_v2

http://107.170.226.83
omgwtfxss.com
pushespret.com

# Reference: https://x.com/raghav127001/status/1819968071894716903
# Reference: https://x.com/banthisguy9349/status/1820888386183549182

http://91.92.243.78
91.92.243.78:8080

# Reference: https://x.com/k3yp0d/status/1820069329745940736
# Reference: https://www.virustotal.com/gui/file/3989c19861e93c1a6d43145c23bde77a588c384fd05d0d9adbe9cdc5dc915be3/detection

pfizer-careers.net

# Reference: https://x.com/suyog41/status/1820358561639080088
# Reference: https://app.validin.com/detail?find=82.118.26.100&type=ip4&ref_id=2ce02f35281#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/b4c1845f499e6aa90f115b8b87cdb03b790c2af86387d111652cb36341776f85/detection

frew.line.pm
reg.tcp4.me
rne.ooguy.com
timse.v6.navy

# Reference: https://x.com/malwrhunterteam/status/1820342786840735768
# Reference: https://www.virustotal.com/gui/file/d2a74db6b9c900ad29a81432af72eee8ed4e22bf61055e7e8f7a5f1a33778277/detection
# Reference: https://www.virustotal.com/gui/file/66039b04fea3a5c58aec6e25847d163880d1c2f69511237075809fd761a3cc2f/detection

http://142.111.77.196

# Reference: https://x.com/RakeshKrish12/status/1820415749816762870

http://101.42.158.190

# Reference: https://www.virustotal.com/gui/file/db8d4cc2d61f71408623dc1aa242d874c754a6ba51e53b2514888016a0444fe0/detection

http://193.3.19.108

# Reference: https://x.com/raghav127001/status/1820699658634600772

23.95.107.6:8000

# Reference: https://x.com/raghav127001/status/1820693963705065885

172.245.227.230:8000

# Reference: https://x.com/raghav127001/status/1820274650703700102

91.92.255.252:8080

# Reference: https://x.com/RacWatchin8872/status/1820818775505039517

http://104.243.47.92
104.243.47.92:443

# Reference: https://x.com/malwrhunterteam/status/1821182170268090729
# Reference: https://x.com/malwrhunterteam/status/1821186622953501148
# Reference: https://www.virustotal.com/gui/file/0a8baece0e6e1ad3daffe0b14774a8bc1dd2bae37fce61d9b9914865395dde66/detection
# Reference: https://www.virustotal.com/gui/file/fc76f0b0d1c84a939a8d6a3684c7f08b3288f91f18c39fb232c6f2b6c3f8297d/detection

pheexaijeich.global.ssl.fastly.net

# Reference: https://www.virustotal.com/gui/file/2374e435da3de1d3ea930588148ee3b9933c7adf9cedf7e157b8ba3a027e6692/detection
# Reference: https://www.virustotal.com/gui/file/ba8315ba77f818ab1af81a1380c9ecc1ac5cd97c12da9358a2ab77d305c830a7/detection

http://104.168.152.139

# Reference: https://x.com/doc_guard/status/1821513954100646036
# Reference: https://app.docguard.io/871e96fc0a955e25288ca9a3e94468b1855b36c9dc0200898e35c049d9275e2e/results/dashboard
# Reference: https://www.virustotal.com/gui/file/871e96fc0a955e25288ca9a3e94468b1855b36c9dc0200898e35c049d9275e2e/detection

http://192.3.243.147

# Reference: https://www.virustotal.com/gui/file/0714671314754f5830bd40aba2f7f238796f18dc3c8dcd571ca4413e2ec2b124/detection

http://192.3.101.150

# Reference: https://tria.ge/240807-hpsn6stgjk/behavioral2

http://45.90.89.50

# Reference: https://x.com/StrikeReadyLabs/status/1821598760025100736

http://18.117.221.152

# Reference: https://x.com/banthisguy9349/status/1821643531313656193

http://208.109.233.212
http://64.95.11.41
http://91.92.244.191
http://91.92.244.206
http://91.92.245.29
http://91.92.245.68
http://91.92.245.87
212.233.109.208.host.secureserver.net
a.packagedeals.sbs
a.parcel.beauty
a.parceljob.cfd
ab.posty.sbs
correosapp.hair
dhl123.motorcycles
fedexz.top
firegold.ygto.com
packagedeals.sbs
parcel.beauty
parceljob.cfd
postbir.xyz
postcoes.sbs
postngl.cfd
posty.sbs
wtrxaxq.org
xn--en1b51xdyf.com
yoshmormai.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/cea295ccfe6d772a40cdfa8e31e42c3433f7f9b672f9f8ecf5905a4a78fd49ce/detection

http://139.162.180.91

# Reference: https://www.virustotal.com/gui/file/ce9f13606eb8e1db4a08e379d1e67261da3bd5b9de8699ceaa42399dee9877f2/detection

http://107.175.113.209

# Reference: https://www.virustotal.com/gui/file/1a2c48ac17760f2a0193102df05b97a569e34a358ed58685dc752f06a0a8cf07/detection

http://23.94.239.112

# Reference: https://www.virustotal.com/gui/file/28de81812959bd688775647dbcf67911cdc4262d8fe99f53b4eed25897de74de/detection

rev75-athx.cfd

# Reference: https://threatfox.abuse.ch/browse/tag/Vshell/ (# 2024-08-10)

1.94.120.249:8082
116.205.231.3:8082
119.45.14.41:8082
124.221.30.83:8081
149.104.29.1:8082
154.8.204.75:58082
162.14.116.25:8082
193.112.85.116:8082
38.207.178.156:8082
47.116.123.8:8082
47.120.58.214:8082
47.74.4.13:8082
47.96.107.37:8082
59.110.18.123:8082
8.130.24.188:8082
8.134.126.121:8086

# Reference: https://x.com/k3yp0d/status/1822584994230931669
# Reference: https://www.virustotal.com/gui/file/200dd48f27d105a843b0597cd89442d18445917198d8e3522e8e6e7df6b6ef18/detection

http://159.89.205.132

# Reference: https://www.virustotal.com/gui/file/0000b93dbb1d71f0357e4ef2b4e6a40e2b499ff2d31a11c9b0c9315523f66bdd/detection

xt0zgse9orvkxt0zgse9orvkxt0zgse9orvkxt0zg.xyz

# Reference: https://x.com/EncapsulateJ/status/1823063034459549819

http://8.222.186.154

# Reference: https://x.com/r3dbU7z/status/1823074348774699364

http://62.133.61.49

# Reference: https://x.com/HackingLZ/status/1823403147194245408

34.142.217.190:8000

# Reference: https://www.virustotal.com/gui/file/68cf1cdb92872cf7b081f88acc14a789c10c3385df3654e803e801e6b0cf9ebf/detection

http://167.99.22.47
kinovizbx.xyz
sustac.com

# Reference: https://x.com/r3dbU7z/status/1823481652653252852
# Reference: https://www.virustotal.com/gui/ip-address/168.100.8.192/relations
# Reference: https://www.virustotal.com/gui/file/5da6e620feb8de1a649d9640ea86a9e62a9e9b46315e43b1cffe0d02cf751283/detection
# Reference: https://www.virustotal.com/gui/file/c3c792274c284d69c46c76702ce71cd1aab014c4b00f1a522f23bb26775f73a0/detection
# Reference: https://www.virustotal.com/gui/file/c4c0f463dc992738d79b4a3d99d45f6aa21f319ca19f5941a98cc50421d8673c/detection

http://64.94.84.206
168.100.8.192:3000
168.100.8.192:3001
portalmxenlinea.sbs
supportg1547405865.sbs

# Reference: https://www.virustotal.com/gui/file/24875e178c84a4a682474a8d81b4e1c795f56ba93a2916e56957d99ce4aa1745/detection

http://23.95.235.16
http://91.92.254.194
http://91.92.254.29

# Reference: https://x.com/ShadowChasing1/status/1823685051055529989
# Reference: https://www.virustotal.com/gui/file/24a6f2c50c5d6382983d2964718c554e7597f0d027377c489d8ea60852e5ea22/detection

http://46.101.122.204

# Reference: https://x.com/malwrhunterteam/status/1823981809316601937
# Reference: https://www.virustotal.com/gui/file/bf5fa08873648f7be26de7bdbf1e07252f285d6deeb21cc8a395882808788805/detection

http://45.89.52.80

# Reference: https://x.com/banthisguy9349/status/1824143884274065735

http://185.196.11.122

# Reference: https://x.com/banthisguy9349/status/1824325635730239647

ia803104.us.archive.org/27/items/vbs_20240726_20240726/

# Reference: https://www.virustotal.com/gui/file/0000a515e0875515da9159ec17dad82ff36a0d72c0a77fdbd9f3a9a70fc39e9c/detection

savagaj.femato.co.za

# Reference: https://www.virustotal.com/gui/file/0201d176fed67247b814379923a7b0dd86b5c6ea1a7dc73cf0442dd753a922f8/detection

http://185.74.252.151

# Reference: https://x.com/r3dbU7z/status/1825446509082505613
# Reference: https://www.virustotal.com/gui/file/4ca845b77a71cc1b5d8b367f3329a70cd7753c2d5d056b1dac51860a4815b859/detection
# Reference: https://www.virustotal.com/gui/file/4ca845b77a71cc1b5d8b367f3329a70cd7753c2d5d056b1dac51860a4815b859/detection
# Reference: https://www.virustotal.com/gui/file/28cb51c171d591b2bb35bc9a4379010fd37f66cfcd317a67cb73b24262dc17c6/detection
# Reference: https://www.virustotal.com/gui/file/d2809ea33f5d54c9c6d1c6037f1b3e2c5e4d0bba2bf117023a00b0b8603ef31d/detection

65.20.104.150:8080
gdrive.rest
winapi.net

# Reference: https://x.com/r3dbU7z/status/1825446480213135418
# Reference: https://www.virustotal.com/gui/file/58825aed684e4f296bec053e74191390dda066a7f022e0d87c2c9a1f9b67058c/detection

http://2.58.14.10

# Reference: https://x.com/malwrhunterteam/status/1825631744017707274
# Reference: https://www.virustotal.com/gui/file/be080777332ad1186fb8547a6a354b2beba62f2a24537eb7b79e849f084a95be/detection

cdn.glitch.global/59e3786e-8284-4f16-8844-134b12e58b6f/

# Reference: https://x.com/r3dbU7z/status/1826007608614072593
# Reference: https://www.virustotal.com/gui/file/9557bf84b1c63559c3010d5f4ba0f0a56d58cbe0e4e7a50f86ae888206842d19/detection
# Reference: https://www.virustotal.com/gui/file/8e9dd1b754c98b6a878d43a9af2871240a3e8f476fd111153fe4eb1f8fd971f2/detection

http://195.74.86.116

# Reference: https://x.com/JAMESWT_MHT/status/1826301714422546885
# Reference: https://app.any.run/tasks/96eb12db-dbca-4add-8522-4394d568faa3/

http://144.91.79.54

# Reference: https://x.com/malwrhunterteam/status/1826510465649750030
# Reference: https://www.virustotal.com/gui/file/f2b1175a07eb346979a062c57876e2cfaf6b24fc9f5631d04c0257f3dfef897b/detection
# Reference: https://www.virustotal.com/gui/file/7117cde797e0895aad72a7c0a51c1e05aa08fc4166bc3f086f79333573d44428/detection

http://157.245.63.23
157.245.63.23:443

# Reference: https://x.com/r3dbU7z/status/1826595093983170862
# Reference: https://www.virustotal.com/gui/file/e6637ece78b046288009fc83f7366c31759f6299e859a6b923b7072fd6c33fbd/detection

resourcepool.store
ghost.resourcepool.store

# Reference: https://x.com/karol_paciorek/status/1826546190013382887

http://202.151.176.76

# Reference: https://x.com/banthisguy9349/status/1826986945035022557

147.45.79.168:8000
147.45.79.168:8443

# Reference: https://x.com/banthisguy9349/status/1827279090136563892

47.113.230.158:5000

# Reference: https://x.com/banthisguy9349/status/1827639367067709670

27.25.151.236:8080

# Reference: https://x.com/cyberfeeddigest/status/1827699564918550571

c32.19aq.com

# Reference: https://x.com/malwrhunterteam/status/1828028438407479788
# Reference: https://www.virustotal.com/gui/file/0077647aa98f096591f70bbd3f1a0364b56c5e39f68ed85509b28a31b2d4f869/detection

http://118.107.42.233

# Reference: https://x.com/raghav127001/status/1826530842401014251

check-tl-ver-198-c.buzz
wenufod.xyz
mvgde.check-tl-ver-198-c.buzz

# Reference: https://www.virustotal.com/gui/file/00e8b39180fa5f7aad233fe7440aa1ab2b22b203258d61d074a74c3549e99081/detection

facilities-qt-hollow-depot.trycloudflare.com

# Reference: https://x.com/suyog41/status/1828301311168618862
# Reference: https://www.virustotal.com/gui/file/8fc85c02d7522f84cb6378b65a97108ece62d8d0950be64c42c2d7fbc5ffa6ea/detection
# Reference: https://www.virustotal.com/gui/file/649a2b31f41064e7172c457ccd4a7626356e6a083ff7aa30a6df115870c976b2/detection
# Reference: https://www.virustotal.com/gui/file/2bde4177eb3d100e82d78c31263c5e28f0835215346659cdd1ac86e489feb8a5/detection
# Reference: https://www.virustotal.com/gui/file/7bb6a4d51be7d28d5383d11f5d5b19f5aa9589c7de77196e4ecca11e8a63a4d0/detection

125.132.180.68:5000
14.35.253.146:5000
175.214.55.10:5000

# Reference: https://x.com/r3dbU7z/status/1828485079682756805
# Reference: https://www.virustotal.com/gui/file/af57af22780443ae7b4c7079248526ce15bd8e0931d941c151df8284bc3fc863/detection

lcxzioythl.pro

# Reference: https://x.com/banthisguy9349/status/1828491900204024089
# Reference: https://www.virustotal.com/gui/file/86f475ee6220112ea2533831a33cdcbdffb1d30d93abad6c6f4f250cd65b96ac/detection

http://154.216.18.175

# Reference: https://www.virustotal.com/gui/file/8b7cd9b0ed28ba9d6cb08b589525ada4aceeeeeecd60f317a7e3fff60e461999/detection

http://193.117.208.101

# Reference: https://www.virustotal.com/gui/ip-address/185.216.70.142/relations
# Reference: https://www.virustotal.com/gui/file/3995a7e7eb8eeafb0b6da2c3813e61d11993a820d478c87809136de79d8f8280/detection
# Reference: https://www.virustotal.com/gui/file/372eefdc4bf9f4a4382db2762fcf9a9db559c9d4fff2ee5f5cf5362418caaa92/detection

http://185.216.70.142

# Reference: https://www.virustotal.com/gui/file/736575d7277732b652edade1e21e8614755935b24ba6b032c2a831748a006ac4/detection

http://194.42.207.3
http://45.66.231.148
jeuxviddeo.com

# Reference: https://x.com/JangPr0/status/1829030214539907233
# Reference: https://www.virustotal.com/gui/file/bea38970febac64eb77bd9c1484cb48d2fa61fb925bbeb39d0aa6b9149e654cf/detection

43.203.173.81:8080

# Reference: https://x.com/malwrhunterteam/status/1829127614868439316

mydoc.ngrok.pro

# Reference: https://www.virustotal.com/gui/file/d8b11b8b437f83a1ad55c954b4a80081abfaf3c29cbc922d57b76bc20745111a/detection

myfiles.ngrok.pro

# Reference: https://www.virustotal.com/gui/file/36041630856ef1c227fd14d2f9a20d5f42226a02a536ac79cca3552d69a4ba19/detection

http://94.156.67.226

# Reference: https://www.virustotal.com/gui/file/06b0c7b4b8c0ccc4a489ce6906a9e6d5d350c6f43c91358c36802b0849aa3f4f/detection

pad-grant-resources-genuine.trycloudflare.com

# Reference: https://x.com/Joseliyo_Jstnk/status/1826170816909750533
# Reference: https://www.virustotal.com/gui/file/90973055aaab24fd10f28eda5b20a0aff15d5ef22d55344fe23d8ddfd6235fbc/detection
# Reference: https://www.virustotal.com/gui/file/d0a31bac5f6483881dfd2150ba3a20e17db2d54cc47f7f3ce2e29a6b74646040/detection

dol-stepcheck.com
one1-directory.com
openbids-dol.com
rfp-dolgov.com

# Reference: https://www.virustotal.com/gui/file/eb82eb8efc9f6480c08616f47157816801a15da95f3b2b3a674a1c29f6f0026e/detection
# Reference: https://www.virustotal.com/gui/file/dc30cfa6578d26c1ec3a286679ad3fec457587bdacf9f596c5d5e2350564cec7/detection
# Reference: https://www.virustotal.com/gui/file/b604eaa319de22e055c05771fd20378f225da0ede8cb7909c83682a7927c204d/detection
# Reference: https://www.virustotal.com/gui/file/72d36563a8155c1a33ae38c54d9534ac26b89cca70a4ecf735cb853fd257f292/detection
# Reference: https://www.virustotal.com/gui/file/3d5aa944aa08b42d0b6ed2989f8f1c4b41e42e2937d04b1fb0ecce09bc3a183d/detection

react-jquery.com

# Reference: https://x.com/malwrhunterteam/status/1828866492852777205
# Reference: https://www.virustotal.com/gui/file/cc0532b39faa0ba7d37adce82006b075b7d9363b1cb13fe5b5d1bd348ced07a6/detection
# Reference: https://www.virustotal.com/gui/file/6b8be94da26dafffea2d0cafaeaa36dd96faced23d76c8bcd218b1efd1273e60/detection

146.190.98.156:22233

# Reference: https://www.virustotal.com/gui/file/04453ea41476b86993617efaeb1f574a92c1d070b9c7b50170600a4c17a55373/detection

ugtv.online

# Reference: https://x.com/StrikeReadyLabs/status/1830774821795274784

housing-support.me

# Reference: https://www.virustotal.com/gui/file/8d31ed88202e42a456cef92be1da6e91ee89f763b12e9cddca525453a8d86d6c/detection

7situacaoirregularidadeirpf2023.stufftoread.com
churrascariavitallene.com
vingspktorkgameprocexps5.com
suportecontatowebmail2023.brazilsouth.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/34356d9c7ef071b115f41a87965e7abe183b2fb099a2e76272ca469268ee1537/detection

rtplivejpslot388.lol

# Reference: https://www.virustotal.com/gui/file/c5492d613f9c1aca60e521a8bf92b6724a1b839007fdaeaf0dd4cd35a8544eee/detection

jxc-agri.com

# Reference: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

http://91.92.240.113

# Reference: https://x.com/1ZRR4H/status/1832971253239660768

213.109.147.108:4242

# Reference: https://x.com/DaveLikesMalwre/status/1832884049251049909

http://185.241.208.90

# Reference: https://x.com/RacWatchin8872/status/1833450025503821960

http://120.24.161.110

# Reference: https://x.com/StrikeReadyLabs/status/1833499194536919426
# Reference: https://www.virustotal.com/gui/file/4e875fff5c75fe3917207185d4873a0a96adaf9f0ee1483484d1debbf80fbcbe/detection

146.70.145.225:443
srv510786.hstgr.cloud
winupdate-check-news.ignorelist.com

# Reference: https://x.com/karol_paciorek/status/1833434905587396630
# Reference: https://www.virustotal.com/gui/file/c07e92647c58d22541517b52a7c7af5031deacc9261d5eb45ea7f72d778df49a/detection

http://45.154.98.20

# Reference: https://www.virustotal.com/gui/file/f1d6b309708d2f0f449169681f5d10bc57c92fa9afb1e22075f6995b1b0d960e/detection

http://118.24.129.8
118.24.129.8:35757

# Reference: https://x.com/RacWatchin8872/status/1834170994375774618

123.60.104.67:9999

# Reference: https://x.com/StrikeReadyLabs/status/1834414735158022602
# Reference: https://www.virustotal.com/gui/file/18ace3a46a21a4aaee4525a8fae831f05a9d425bb37061a7975ee2ea2d52d8a3/detection

cdn4.filehaus.su

# Reference: https://x.com/cyberfeeddigest/status/1834868587158294850

http://34.228.38.116

# Reference: https://x.com/1ZRR4H/status/1835105228506476769

http://119.28.78.133

# Reference: https://www.virustotal.com/gui/file/96465ce935015f6b1ddcfbcf378a8ec5b314ca9034210c6ec908ea38283fa2f7/detection

http://185.234.247.14
shotsera.com

# Reference: https://x.com/karol_paciorek/status/1836723394919682080

http://162.0.224.92
j6.gg

# Reference: https://x.com/_CPResearch_/status/1836723335532515803

versionupdate.xyz

# Reference: https://x.com/kddx0178318/status/1836740364796895602

hercvlesconcrete.com

# Reference: https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/

http://104.131.7.207
http://141.98.234.166
http://147.45.178.54
http://147.45.50.142
http://147.45.50.144
http://147.45.50.172
http://147.45.50.214
http://147.45.50.23
http://147.45.50.26
http://147.45.50.34
http://147.45.50.57
http://147.45.50.86
http://147.45.79.82
http://151.236.17.180
http://168.100.9.199
http://178.209.51.222
http://185.143.223.188
http://185.196.8.158
http://191.243.196.114
http://193.233.75.13
http://194.190.152.108
http://194.87.252.22
http://200.150.194.109
http://206.188.196.28
http://212.18.104.111
http://45.151.62.238
http://46.29.234.129
http://62.133.61.101
http://62.133.61.104
http://62.133.61.106
http://62.133.61.148
http://62.133.61.155
http://62.133.61.168
http://62.133.61.189
http://62.133.61.207
http://62.133.61.240
http://62.133.61.37
http://62.133.61.69
http://62.133.61.73
http://62.133.61.79
http://62.133.61.90
http://62.133.61.98
http://78.153.139.202
http://79.137.203.158
http://82.115.223.234
http://84.247.187.231
http://89.110.78.58
http://89.23.103.118
http://89.23.103.123
http://89.23.103.188
http://89.23.103.205
http://89.23.103.253
http://89.23.103.56
http://89.23.103.57
http://89.23.103.97
http://89.23.107.123
http://89.23.107.168
http://89.23.107.181
http://89.23.107.240
http://89.23.107.251
http://89.23.107.67
http://89.23.113.140
http://91.202.233.136
http://91.92.240.234
http://91.92.240.247
http://91.92.240.29
http://91.92.243.198
http://91.92.243.74
http://91.92.245.185
http://91.92.245.222
http://91.92.246.102
http://91.92.248.129
http://91.92.248.77
http://91.92.248.90
http://91.92.250.150
http://91.92.250.44
http://91.92.251.35
http://91.92.253.126
http://91.92.254.167
http://92.118.112.223
http://92.118.112.253
http://94.131.112.206
http://94.156.64.74
http://94.156.64.76
http://94.156.65.126
http://94.156.65.130
http://94.156.69.111
http://94.156.69.6
http://94.156.8.31
http://95.164.68.24
http://95.216.196.85

# Reference: https://x.com/banthisguy9349/status/1837796949136752932

http://101.126.87.87

# Reference: https://x.com/karol_paciorek/status/1838226912264479036

http://185.38.142.128

# Reference: https://www.virustotal.com/gui/file/ef05d8c68e1e2b9ea7cfbad9bce3acfbd8b2367a28297d2e4c23d9d9340feca2/detection

http://188.93.233.163

# Reference: https://x.com/Gi7w0rm/status/1838854503694516349

rg.gamepeak.in

# Reference: https://x.com/Gi7w0rm/status/1838882702843396489

http://100.1.226.154

# Reference: https://x.com/malwrhunterteam/status/1838867310729142280
# Reference: https://www.virustotal.com/gui/file/fd7fc93e57fa76a036b73ce21ae615d99aa2a0ca45b96973b7dab63d21e5ffc6/detection

http://91.222.173.140

# Reference: https://x.com/Gi7w0rm/status/1838951321879068990

1.92.89.193:8080

# Reference: https://x.com/DaveLikesMalwre/status/1837677211547017260
# Reference: https://www.virustotal.com/gui/file/582959b7f4789e58fc08d272d3d8364bafc2b3ab117f93fc5f85cde9c0630027/detection

http://209.105.248.135
runds.duckdns.org

# Reference: https://app.validin.com/detail?find=sostener.vbs&type=dom&ref_id=de2831d246d#tab=host_pairs_v2

http://181.131.216.24
http://181.140.64.44
http://181.235.14.198
http://186.169.40.143
http://186.169.72.37
http://186.169.76.39
http://186.169.89.218
http://186.169.94.22
http://191.88.251.24
http://191.88.254.56
http://191.93.112.233
http://191.93.113.151
http://209.105.248.135
http://45.135.232.38
45-135-232-38.cprapid.com
jdosdjos.space
updatee-facebok.com
users-kucoin.com
mail.45-135-232-38.cprapid.com

# Reference: https://x.com/banthisguy9349/status/1839325002732376552

42.192.14.109:9999

# Reference: https://x.com/banthisguy9349/status/1839326280959091079

47.111.135.21:8080

# Reference: https://x.com/banthisguy9349/status/1839329674608214260

203.204.217.190:8080

# Reference: https://x.com/StrikeReadyLabs/status/1839626001317327265
# Reference: https://www.virustotal.com/gui/file/9ffd9422c22195d0bce91577154d380c696bd02e846da4579ca056eeca2d8c66/detection

http://172.232.234.9

# Reference: https://x.com/banthisguy9349/status/1839937406969020433
# Reference: https://x.com/banthisguy9349/status/1839984167913718075

http://34.142.201.103
209.151.152.177:8000
34.142.201.103:8443
34.142.201.103:9993
45.120.107.43:8080
77.81.230.154:8080

# Reference: https://x.com/banthisguy9349/status/1840086305767580094

http://140.83.50.60
140.83.50.60:8001

# Reference: https://urlhaus.abuse.ch/host/58.23.215.23/
# Reference: https://www.virustotal.com/gui/file/055c25c8704a39911cabaf85498b3185fc3f792601836a3b8c83cb89c1235b70/detection

117.28.27.74:8765
117.28.27.75:8765
117.28.27.76:8765
27.152.240.185:8765
36.249.46.154:8765
36.249.46.166:8765
36.249.46.167:8765
36.249.46.168:8765
36.249.46.169:8765
36.249.46.170:8765
36.249.46.171:8765
36.249.46.172:8765
36.249.46.173:8765
36.249.46.174:8765
36.249.46.232:8765
36.249.46.233:8765
36.249.46.234:8765
36.249.46.235:8765
36.249.46.236:8765
36.249.46.237:8765
36.249.46.238:8765
36.249.46.239:8765
36.249.46.240:8765
36.249.46.241:8765
58.23.215.155:8765
58.23.215.156:8765
58.23.215.157:8765
58.23.215.158:8765
58.23.215.159:8765
58.23.215.160:8765
58.23.215.161:8765
58.23.215.162:8765
58.23.215.163:8765
58.23.215.164:8765
58.23.215.170:8765
58.23.215.171:8765
58.23.215.172:8765
58.23.215.173:8765
58.23.215.174:8765
58.23.215.175:8765
58.23.215.176:8765
58.23.215.177:8765
58.23.215.178:8765
58.23.215.179:8765
58.23.215.23:8765
58.23.215.24:8765
58.23.215.25:8765
58.23.215.26:8765
58.23.215.27:8765
58.23.215.28:8765
58.23.215.29:8765
58.23.215.30:8765
58.23.215.31:8765
58.23.215.32:8765
58.23.215.62:8765
58.23.215.63:8765
58.23.215.64:8765
58.23.215.65:8765
58.23.215.66:8765
58.23.215.67:8765
58.23.215.68:8765
58.23.215.69:8765
58.23.215.70:8765
58.23.215.71:8765
wieie.cn

# Reference: https://x.com/DaveLikesMalwre/status/1840170583272595881
# Reference: https://www.virustotal.com/gui/file/4e6824f248330bd4172bd07a109add479745a33386b6c5754597c5ee1b3198cd/detection

http://13.61.8.111

# Reference: https://x.com/k3yp0d/status/1841082596039507978
# Reference: https://www.virustotal.com/gui/file/d4de41642e31a43cdec017816f7990a7d9eb706bff85fea480052d2a1d62c097/detection
# Reference: https://www.virustotal.com/gui/file/14351ae11863745dd326f30556b3e6010db8582b7d3499e1a6bc76a801f24c3f/detection

meta.flokq.com

# Reference: https://x.com/DaveLikesMalwre/status/1841281294396797239

101.99.92.10:8000

# Reference: https://www.virustotal.com/gui/file/48fc64defe12868f480f074cb229440a1a6e034cbafdc3e65a8417107f624c1b/detection

91.92.250.115:8080
