# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/chvancooten/status/1629911090774589442

http://178.187.193.213
http://207.148.117.112

# Reference: https://twitter.com/MichalKoczwara/status/1630998218807865344

http://3.0.147.54

# Reference: https://twitter.com/MichalKoczwara/status/1637564597719777280

http://192.3.128.185

# Reference: https://twitter.com/MichalKoczwara/status/1639289816381628418

http://91.234.199.4
89.44.194.102:443
naqsh-ejahan.com
list.naqsh-ejahan.com

# Reference: https://twitter.com/jaydinbas/status/1682317473691910145
# Reference: https://www.virustotal.com/gui/file/e08dad3ba8f06e07fc4b18bac1f27360befb6fd1fd18a5b467ef8ee4f29735af/detection
# Reference: https://www.virustotal.com/gui/file/4f1d801303e414b824ec750f58bb3c5065f3ab1af5e70f45fcbd43a8ea8fa2e0/detection

runtimebroker-telemetry.com

# Reference: https://www.virustotal.com/gui/ip-address/195.140.214.108/relations
# Reference: https://www.virustotal.com/gui/file/3bd8d3d9fd594a37cc8cb9838e528ca6d9acd2f6bbe4e95ff51d9f35fdde2e13/detection

195.140.214.108:443
officemobsync.com

# Reference: https://www.virustotal.com/gui/ip-address/54.91.21.246/community

54.91.21.246:28015
54.91.21.246:44818
54.91.21.246:6080
54.91.21.246:789
54.91.21.246:82
54.91.21.246:8200
54.91.21.246:8500

# Reference: https://www.virustotal.com/gui/ip-address/54.202.196.60/community

54.202.196.60:1024
54.202.196.60:12000
54.202.196.60:1521
54.202.196.60:44158
54.202.196.60:4433
54.202.196.60:4444
54.202.196.60:5009
54.202.196.60:52869
54.202.196.60:5984
54.202.196.60:636
54.202.196.60:8140
54.202.196.60:9999

# Reference: https://www.virustotal.com/gui/ip-address/34.219.129.191/community

34.219.129.191:10001
34.219.129.191:50070

# Reference: https://www.virustotal.com/gui/ip-address/184.72.207.127/community
# Reference: https://www.virustotal.com/gui/ip-address/3.80.105.116/community
# Reference: https://www.virustotal.com/gui/ip-address/34.217.14.198/community
# Reference: https://www.virustotal.com/gui/ip-address/54.175.208.7/community

http://57.129.0.118
184.72.207.127:1311
3.80.105.116:3503
34.217.14.198:12000
34.217.14.198:1471
34.217.14.198:2082
34.217.14.198:221
34.217.14.198:2404
34.217.14.198:3050
34.217.14.198:52869
34.217.14.198:5435
34.217.14.198:7001
34.217.14.198:7547
54.175.208.7:11000
54.175.208.7:3001
54.175.208.7:33060
54.175.208.7:3542
54.175.208.7:37215
54.175.208.7:3749
54.175.208.7:389
54.175.208.7:4840
54.175.208.7:50050
54.175.208.7:51235
54.175.208.7:548
54.175.208.7:6666
54.175.208.7:79
54.175.208.7:82
54.175.208.7:84
54.175.208.7:8575
54.175.208.7:9160
54.175.208.7:9200
54.175.208.7:9800
54.175.208.7:9943

# Reference: https://www.virustotal.com/gui/ip-address/43.201.72.4/detection

http://167.88.160.211
http://23.106.215.199
http://52.55.23.101
13.114.225.133:7657
13.124.124.20:4500
13.124.2.18:8888
13.125.158.139:5984
13.208.166.143:79
13.208.169.76:49
13.208.183.36:32764
13.208.206.29:5800
13.208.243.174:444
13.208.248.63:16992
13.208.251.14:7634
13.208.43.11:2067
13.209.18.228:3551
13.212.146.161:50000
13.212.162.252:5006
13.214.123.167:31337
13.214.141.123:9943
13.214.143.158:2376
13.214.196.97:16993
13.214.25.212:1063
13.215.227.125:2087
13.229.137.246:503
13.229.154.174:8090
13.239.176.124:7003
13.239.31.66:3000
13.244.119.130:8085
13.244.151.217:23424
13.244.98.42:7171
13.245.8.234:6601
13.245.82.228:13579
13.246.7.210:16010
13.37.233.51:9002
13.38.108.15:7170
13.38.112.190:1604
13.38.131.98:9090
13.38.65.73:8000
13.40.103.116:2556
13.40.15.178:3780
13.56.138.186:4500
13.57.240.151:3067
13.57.240.151:8016
13.57.43.52:85
13.58.93.101:2569
13.59.157.177:32764
142.93.226.220:443
15.152.36.1:8081
15.165.237.137:8010
15.188.232.101:50050
15.188.238.63:20256
15.228.189.170:3084
15.236.64.186:8009
15.237.125.156:503
16.16.201.59:8200
16.170.158.171:10001
16.170.220.214:20547
16.170.220.250:18081
16.170.227.202:4321
16.170.230.126:2181
16.170.230.240:9999
16.171.58.11:2154
16.171.60.89:8784
161.189.68.0:70
18.117.128.17:37
18.118.247.72:3053
18.132.73.227:3090
18.138.227.239:789
18.138.230.128:1521
18.141.213.40:9981
18.144.48.70:9212
18.157.161.235:8182
18.157.84.126:9295
18.159.132.28:8139
18.159.252.214:6633
18.181.247.219:8880
18.183.160.49:6668
18.195.230.135:5901
18.208.184.85:5672
18.228.12.128:9009
18.228.197.228:902
18.230.117.108:9191
18.231.123.10:8800
18.231.168.247:593
23.106.215.199:443
3.101.135.69:8239
3.106.219.128:9104
3.109.58.120:8060
3.109.58.248:20547
3.110.166.81:44158
3.110.183.27:9107
3.110.218.143:8069
3.110.41.177:3689
3.111.37.47:2375
3.121.232.244:2379
3.121.232.244:9999
3.123.228.218:6443
3.142.209.41:25001
3.143.9.75:70
3.15.166.229:593
3.16.168.128:5269
3.21.240.106:593
3.226.6.113:443
3.249.157.100:5672
3.249.159.159:8803
3.25.139.237:10000
3.250.55.45:8800
3.252.87.19:5555
3.254.71.189:2052
3.26.11.237:4242
3.26.225.36:9943
3.27.82.204:54138
3.34.127.13:37777
3.66.211.243:8432
3.66.211.243:8788
3.66.211.243:8856
3.70.178.232:443
3.73.59.84:9080
3.8.10.154:4664
3.8.95.145:9025
3.8.99.15:8334
3.88.173.11:16030
3.96.192.30:548
3.96.194.146:4433
3.97.11.104:4002
3.99.157.17:9595
34.208.150.190:20256
34.217.44.79:593
34.220.182.33:8500
34.230.39.161:13
34.239.101.81:9981
34.242.19.33:2549
34.243.245.0:8291
34.243.245.0:9080
34.244.6.49:548
34.250.92.183:593
34.253.208.104:2002
34.254.227.86:444
35.154.105.171:25001
35.173.232.191:44158
35.179.16.52:3128
35.180.173.123:10000
35.180.173.123:28015
35.180.188.8:9600
35.76.115.42:7657
35.78.206.154:7474
35.87.110.32:2351
35.87.8.121:19000
35.91.7.145:443
35.91.7.145:9295
43.192.128.39:55442
43.201.72.4:7779
43.202.5.214:84
43.202.5.214:9095
44.202.49.140:52869
45.76.88.103:8888
51.16.244.180:5595
51.16.40.46:8765
51.16.54.96:8086
51.17.115.22:8085
51.17.118.229:102
51.17.118.229:9876
51.17.120.164:503
51.17.5.111:2455
51.17.62.111:7777
51.17.64.191:9997
51.17.92.40:2561
51.20.127.91:9191
52.195.162.214:6002
52.207.248.234:5672
52.23.228.50:6080
52.39.211.111:8291
52.47.140.52:7171
52.62.1.121:8334
52.64.212.87:9981
52.66.243.226:6561
52.67.148.62:50100
52.79.101.118:9021
52.81.254.108:17000
52.81.27.235:37
52.81.38.136:6633
52.81.68.87:4369
52.81.79.179:154
52.81.79.179:2376
52.81.87.79:8087
52.82.60.203:2379
52.83.103.177:10554
52.83.7.28:6080
52.90.46.47:8143
52.91.86.238:11
54.147.127.254:8429
54.163.87.211:51106
54.168.170.158:2806
54.168.170.158:8554
54.188.213.152:2100
54.202.46.22:4444
54.207.72.190:6633
54.212.94.201:8406
54.217.171.158:5858
54.219.185.152:44818
54.221.125.236:8089
54.222.156.136:5800
54.222.172.160:9111
54.222.226.47:7071
54.235.229.96:443
54.241.206.249:12000
54.242.120.2:3260
54.249.185.10:9997
54.75.196.175:8112
54.95.158.45:50000
63.35.193.20:6666
65.0.6.138:11300
68.79.11.199:4282
68.79.11.199:50000
69.230.245.37:2083
8.140.198.4:88
microsoftoutlook.sytes.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.nimplant/

http://172.67.183.94
14.225.206.107:8080
167.88.170.172:443
185.196.8.89:4443
45.60.75.128:9443
54.234.19.243:443
57.129.0.118:8080
57.129.0.118:8081
57.129.0.118:8082
57.129.0.118:8085
57.129.0.118:8086
kamssa.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.nimplant/ (# 2024-09-24)

http://103.152.254.175
http://149.248.79.215
http://168.100.11.194
http://185.158.132.135
http://207.154.192.30
http://207.180.253.60
http://35.87.2.201
http://51.68.222.10
13.70.157.121:443
168.100.10.40:443
185.14.30.15:443
185.153.197.160:83
185.196.10.245:4443
193.233.75.241:8080
3.17.181.161:443
3.239.44.147:443
34.251.151.38:443
89-73-53-34.dynamic.chello.pl
89.73.53.34:443
ec2-52-55-23-101.compute-1.amazonaws.com
onceuponatimeiwent.online
vps-243c526b.vps.ovh.net
