# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: aggha, dtloader, haggah, negasteal, pretoria

# Reference: https://twitter.com/James_inthe_box/status/1040718336173137920

host2.azaronline.com

# Reference: https://twitter.com/avman1995/status/1039929322612641792

mail.efx.net.nz

# Reference: https://twitter.com/James_inthe_box/status/1039878859007569920
# Reference: https://www.virustotal.com/#/ip-address/37.59.117.243

http://37.59.117.243

# Reference: https://twitter.com/avman1995/status/1040493935234371584

ftp://ftp.fasttradeco.com

# Reference: https://twitter.com/MalwareHunterBR/status/1016486687059402752

herosoup.org

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0
# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, AgentTesla)

http://190.97.166.194
190.97.166.194:8080
aaatechh.com
agent.rooderoofing.com.au
arbistars.com
bobby.ziraat-helpdesk.com
brther-group.com
callvaxglobal.com
captainbugattiautos.com
ceoinboxs.com
chibu.ziraat-helpdesk.com
chisom.ziraat-helpdesk.com
dashi-dashi.ziraat-helpdesk.com
data-startssllink.com
eizzy.haoldd.com
elb.haoldd.com
emaaiil-163.com
emy.agrillcs.com
etvidanueva.com
excelaires.com
ezeoma.agrillcs.com
figure.agrillcs.com
files.ziraat-helpdesk.com
flopdlsofrd.com
forteol.com
free.agrillcs.com
grindtreu.online
haoldd.com
ike.agrillcs.com
isa.haoldd.com
jboy.agrillcs.com
jizzy.ziraat-helpdesk.com
joe.ziraat-helpdesk.com
kc.ziraat-helpdesk.com
kelvin.agrillcs.com
kodarkalaris.com
magnaki.com
marchforward.usa.cc
mi.haoldd.com
milonestlevevy.com
oceantrading-jp.co
okey.haoldd.com
pounds.ngrok.io
prominienttec.com
shileniniliv.com
siamzime.com
sindevil.com
sm.rooderoofing.com.au
small-kelly.agrillcs.com
tonishl.ga
tonishl.ml
uccftl.org
valedein.com
workupdates.net
yg.haoldd.com
zomcnxbilo.com

# Reference: https://twitter.com/James_inthe_box/status/1046070749138735110

shahrproject.ir/wp--admin/

# Reference: https://twitter.com/James_inthe_box/status/1044198938847244289

moranhq.duckdns.org

# Reference: https://twitter.com/Jan0fficial/status/1047023512383311873

venividivici.host

# Reference: https://twitter.com/Jan0fficial/status/1047051546851254272

etvidanueva.com/photos/images/WebPanel/login.php
etvidanueva.com/photos/images/fulls/WebPanel/login.php

# Reference: https://twitter.com/Jan0fficial/status/1047053960689987584

allpeople.cc/WebPanel/

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

hp-compoundlng.com/zuniga/zuniga.php

# Reference: https://twitter.com/avman1995/status/1046620646137102336

repoyochar2u.ddns.net
repoyochar2u.hopto.org

# Generic callback path

/zuniga.php

# Reference: https://twitter.com/Racco42/status/1055370151984537602

ftp.dolphins-gb.com

# Reference: https://twitter.com/casual_malware/status/1107441450415992832

rat8882018.bounceme.net

# Reference: https://twitter.com/ItsReallyNick/status/925754844706689024

regiusersme63.com
twendekazi.co.ke

# Reference: https://twitter.com/JAMESWT_MHT/status/1111231704847581185

server15.thcservers.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1117787548787597313
# Reference: https://app.any.run/tasks/a7f299b3-0b84-4403-a75f-7fb45700e14e

severeweatheralerts02.severeweatheralerts.net

# Reference: https://otx.alienvault.com/pulse/5cb636d8706621055e694e0a
# Reference: https://twitter.com/_cpresearch_/status/1118201474809462784

checkoutspace.com

# Reference: https://twitter.com/dvk01uk/status/1137669359273435138
# Reference: https://app.any.run/tasks/318a9aa9-8c2e-4d21-9a4c-aa023de19d74/

mail.trezaexim.com

# Reference: https://twitter.com/Lvanoel/status/1140500849904537600
# Reference: https://app.any.run/tasks/b4361590-d24e-4a4d-a273-5776ee377b08/

mail.jyotistrips.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

mail.crypy.top

# Reference: https://twitter.com/killamjr/status/1143288308300013568

vr9519.club

# Reference: https://twitter.com/B1naryG/status/1143818690040860673
# Reference: https://app.any.run/tasks/3b4e7470-3144-47e3-8caf-ad069c4a5419/

algadeed-com.ga
mail.sweeddehacklord.us

# Reference: https://github.com/pan-unit42/iocs/edit/master/agenttesla/agenttesla_panels.txt

123.makologg.website
13020.vhost.myvirtualserver.de
13140.vhost.myvirtualserver.de
a-work.info
addmehosts.com
admin.downloadtip.club
agenttesla.com
agentteslapanel.site
airnicoltd.biz
appleconnect.online
blasternoon.ru
blockchian.us
bossbadoo123.000webhostapp.com
brunam90.me
cellularwizard.biz
china-smi.biz
classicfllters.com
cloud9files.net
coleweinman1.000webhostapp.com
combinaparts.com
comebackto.info
compassiwater.com
cp.gonerallying.com
csgoshuffle.trade
cyberfreakz.cf
daalkha.com
darkmat3r-v3nom.lawcost.com
davcandle.life
defaomfg.com
diplomaticcourier.net
dongabito.com
douglascellings.com
dovemessengers.com
dropped.cf
e-paymentonline.online
egoigwe.date
elihanss.ru
emailaccountsupdate.com
emybeks.diplomaticsecurityservicelondon.com
essentialsupdate.com
exam2quiz.com.ng
eyeover.it
fash2v.com
fbillion.essentialtechsolutions.com
frank.diplomaticsecurityservicelondon.com
franklinpanel.xyz
frankpanel.xyz
friendfinances.com
fundz1st.fav.al
futurarice.com
graficafolha.com.br
halifacxz.com
helofitsol.com
hiflowwing.com
hopewordnlos.info
hoplikes.com
hp.gonerallying.com
hugoslyltd.com
hummerenergyinc.com
hustle.paneltesla.net
ibouz.co.business
icoud.online
iiltd.xyz
januoey.com
jerelpacks.com
jpoffice2017.xyz
karmakintra.com
kf3nqetgl3p3qlvnl4ze.ru
kidertalerz.com
killatenderz.com
kolapharma.com
koloongroupinc.ru
lakhakaidea.com
libazo.com
magosnegt.net
maxibrainz.net
mctagents.ml
mgelectroncs.com
miloill.com
mitch.sudimex.ml
mnbvcxzus.com
mogosan.com
mqbearing.club
mrabengo.com
nckportugal.com
nellsonn.com
newseuro2015.org
nexuscoltd.com
notifuls.com
onlinesypoi.com
optifinecapes.us
panel.profitstakers.com
panelci.xyz
panelone.xyz
panelp.xyz
paneltesla.net
pansha.regworldmail.com
pegeng-ch.com
petush32.beget.tech
picasuminion.com
plasdic.com
pron.wonkarima.ru
robphish.xyz
rootjoy20.net
roperspump.com
saintahotel.com
secpolicy.info
senator1st.fav.al
sender.agenttesla.com
shalla.eyeofbangladesh.com
shingrela.com
signaturehealthcarltd.com
smartmanber.com
someshitejob.ru
sosignshome.com
steamstatus.pw
stlmre.xyz
suabepga.net
suchsuggestions.com
sweed-office.comie.ru
syncav.ms-sync.com
t1st.fav.al
t2st.fav.al
t3st.fav.al
t4st.fav.al
t5st.fav.al
tecomou1d.com
tesla.dailyawamitime.com
tesla.lawcost.com
teslalogs.club
toke.paneltesla.net
tokimecltd.ru
tomfill.xyz
trade-accounts.com
transfoffer.com
transstates.us
u-nyx.ru
ugo.diplomaticsecurityservicelondon.com
upgr-serv.com
vacanzaimmobiliare.it
vimeostream.com
viprecycleresourcesltd.com
vivaasindustry.com
weviio.com
wlttraco.com
womensmuseumca.org
wonkarima.ru
xbool.ru
xboolean.com
xz2dtd11bm97h36.host
yeubiope.com
you.paneltesla.net
yyyxyyxxyxxx.xyz
zjxhqd.com

# Reference: https://twitter.com/killamjr/status/1145131854984556545

spellsove.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html

Oralbdentaltreatment.tk
aelna.com
aiaininsurance.com
aidanube.com
anernostat.com
blssleel.com
bwayachtng.com
cablsol.com
candqre.com
catalanoshpping.com
cawus-coskunsu.com
crosspoiimeri.com
dougiasbarwick.com
erieil.com
etqworld.com
evegreen-shipping.com
gufageneys.com
hybru.com
intermodaishipping.net
jltqroup.com
jyexports.com
kayneslnterconnection.com
kn-habour.com
leocouriercompany.com
lnnovalues.com
mglt-mea.com
mti-transt.com
profbuiiders.com
quycarp.com
regionaitradeinspections.com
repotc.com
rsaqencies.com
samhwansleel.com
serec.us
snapqata.com
spedaqinterfreight.com
sukrltiv.com
supe-lab.com
sweed-office.comie.ru
sweed-viki.ru
sweeddehacklord.us
sweedoffice-bosskobi.duckdns.org
sweedoffice-chuks.duckdns.org
sweedoffice-goodman.duckdns.org
sweedoffice-kc.duckdns.org
sweedoffice-olamide.duckdns.org
sweedoffice.duckdns.org
usarmy-mill.com
virdtech.com
willistoweswatson.com
wlttraco.com
worldjaquar.com
xlnya-cn.com
zarpac.us
zurieh.com

# Reference: https://twitter.com/stoerchl/status/1157237675302240257

serverstresstestgood.duckdns.org

# Reference: https://twitter.com/dvk01uk/status/1159391837553090560

server1.monovm.com

# Reference: https://any.run/report/3c240ee0a740b57daea65b81faa99b951731f23c694bb5b6964b553152ee8d6c/1561dcbd-2a96-469a-8822-7cf9d495441e

helsanaa.com

# Reference: https://app.any.run/tasks/ab36a3dc-063e-41ee-8077-dc501f4d1403/
# Reference: https://brica.de/alerts/alert/public/1263301/agenttesla-keylogger-and-binary-options-scam/

mail.tendertradeforex.co.uk

# Reference: https://app.any.run/tasks/c1c8ad7a-f1d0-4ddf-b1d7-648d8f097ef8/

smtp.odogwugroup.icu

# Reference: https://app.any.run/tasks/d4aff5ad-9b44-42f0-8165-74731e1114c4/

smtp.rexsativa.com

# Reference: https://app.any.run/tasks/df208288-e4f1-4efd-99ee-12c2e37905c4/

mail.interflow.com.pk
tfvn.com.vn

# Reference: https://app.any.run/tasks/8b18fd2b-2610-49b0-9dea-55b45742adc5/

smtp.iconic-qrp.com

# Reference: https://app.any.run/tasks/8b668f18-5854-43ef-a2af-f4e8ee9b9b55/

server1.monovm.com

# Reference: https://twitter.com/dvk01uk/status/1171723427138420738
# Reference: https://app.any.run/tasks/fef429fb-bec4-4368-9b3e-9e37866221c7/

mail.appliedfuturevison.com

# Reference: https://twitter.com/wwp96/status/1173611784743378944
# Reference: https://app.any.run/tasks/948a6bd8-0cfb-4a82-a3f9-1e631965900b/

workbigfinetonychuckgoodallarefinezynovaexploitgood.warzonedns.com

# Reference: https://app.any.run/tasks/43064ac6-b617-44c8-8942-bacf12288dfc/

smtp.uml-db.com

# Reference: https://app.any.run/tasks/7545bb05-60f9-4995-b6ee-e5b32a8783ec/

smtp.nifl.icu

# Reference: https://twitter.com/Lvanoel/status/1173838721201922048
# Reference: https://app.any.run/tasks/1b86cdd7-f235-4159-ab74-127bd0d0912a/

5.9.3.218:26
mail.siicegypt.com

# Reference: https://twitter.com/reecdeep/status/1174270764461244417
# Reference: https://app.any.run/tasks/f3372717-35fb-43fc-aa1e-073bc762c39e/

198.187.29.188:26
mail.cjcurrent.com

# Reference: https://twitter.com/wwp96/status/1176581010554793984
# Reference: https://twitter.com/JAMESWT_MHT/status/1461271475000946688
# Reference: https://app.any.run/tasks/ed1bc8c6-d83b-4dfd-9b6e-2b3ad128c83a/

server240.web-hosting.com
server263.web-hosting.com

# Reference: https://twitter.com/wwp96/status/1178661072993173504

smtp.kobitek-tr.com

# Reference: https://www.virustotal.com/gui/url/752918f8cfbeff0e6bbb5f0c62edc1bedca657b5eb659ab07d610260e3b7a48d/details
# Reference: https://urlhaus.abuse.ch/url/235725/
# Reference: https://any.run/report/2ff7a5b19dbf914d2607623b255fc392b20e86a61109cac6de96cf214e88f963/2a188e52-c397-4805-b62a-faefe02c9d8f

wirelord.us

# Reference: https://precisionsec.com/threat-intelligence-feeds/agenttesla/

khotawa.com
xdzzs.com
demo.shopping.co.mz

# Reference: https://urlhaus.abuse.ch/url/236622/

decodes.in

# Reference: https://urlhaus.abuse.ch/url/236510/

cafe-milito.com

# Reference: https://urlhaus.abuse.ch/url/235644/

mpsoren.cc

# Reference: https://urlhaus.abuse.ch/url/235546/

alhaji.top

# Reference: https://twitter.com/0xFrost/status/1179459193662853120

smtp.alliadintl.com

# Reference: https://app.any.run/tasks/5434da4e-e090-4642-be8d-a0117eaeb143/

smtp.alfe-eng.net

# Reference: https://twitter.com/MrGlaive/status/987780707551469569
# Reference: https://www.virustotal.com/gui/file/281053cbe38ffb8634e33d8a42ab772fb334de9e0a94af370a2426e00a502d6b/detection

mail.crosspolimeri-com.ga

# Reference: https://twitter.com/wwp96/status/1188897624776216576
# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations

olodofries.ddns.net
victoryinkings.ddns.net

# Reference: https://twitter.com/ViriBack/status/1189329887074619395
# Reference: https://app.any.run/tasks/4fb9044e-3ab4-4475-94d0-0070bef4acdc/

52.15.102.232:16654

# Reference: https://twitter.com/wwp96/status/1189564875040788480

smtp.krisorigin.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1192365857810341888

ftp.kassetiabi.ee

# Reference: https://app.any.run/tasks/ab049db9-c6b6-4fc5-9052-1e27dd897f18

crilod.com

# Reference: https://twitter.com/P3pperP0tts/status/1193202523974389760

eastbrightness.com

# Reference: https://twitter.com/James_inthe_box/status/1193965109552406528

webtoall.in/men/inc/c7afb5603b20fe.php

# Reference: https://twitter.com/w3ndige/status/1194263536572207104

ftp.hotnails.ee

# Reference: https://www.virustotal.com/gui/file/88195f6db022c6008fb958dffcb3ab7bfcb2cab063ea4af0e228fc33abab7e7b/detection

192.3.24.147:5200

# Reference: https://www.virustotal.com/gui/file/94ec08ac699040cca3bd81024e2ae842dec93146e066ea8332a4c990b9db5726/detection

192.69.169.25:54901
dboy.duckdns.org

# Reference: https://twitter.com/wwp96/status/1203003462746804225

smtp.tkbill.biz

# Reference: https://twitter.com/wwp96/status/1203003008822452225

mail.garlascontrol.com

# Reference: https://twitter.com/wwp96/status/1203006028998205442

smtp.juili-tw.com

# Reference: https://www.virustotal.com/gui/file/d80bd95f435fc2b41a60a4412ec3c38cc2024c57048047c1e679e4df2d93a88c/detection

91.193.75.181:90
lexdemall.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5229dd43528a6fedaa89771dfcac9789fc0ac6f3297b83f9a5d15e4f55ebe9bd/detection

46.85.239.38:1994
79.134.225.42:1994
sandra.hopto.org

# Reference: https://www.virustotal.com/gui/file/bfc6098802823eaf83b3f49cba4b515076ce4889c192f7961bd0d55bcde4c83e/detection

79.134.225.121:5288

# Reference: https://www.virustotal.com/gui/file/40ebfd1d5b2e140d8d147f8cd304f6f3f5795591b4883cf21012a350f1b941c5/detection

79.134.225.7:8152

# Reference: https://www.virustotal.com/gui/file/9f750443a7f48cbdb29cf846bba9fe467233e6f11a9f7c70215c7eaeea38b6fb/detection

151.106.56.110:3606
moneytrade.trade

# Reference: https://twitter.com/JayTHL/status/1214332738167287810
# Reference: https://pastebin.com/raw/c2JsbUeh

adoptfashions.tk
agatamodels.ml
ahphaeg.ml
ahphaeg.tk
aldohawater.tk
allinkenya.ml
allinkenya.tk
alojobs.ml
andreyhosting.com
archiself.tk
artateknik.tk
avjrggs.ml
bargainsnyc.ml
baristageek.ml
bedrocktire.tk
blazonjewelry.ml
blazonjewelry.tk
bodyfitny.ml
boisegmc.ml
boisegmc.tk
bokkhao.ml
bokkhao.tk
bounuspornos.ml
brazosvalleypts.ml
bunnyby.ml
buyshares.ga
buyshares.ml
carriven.tk
casualfiber.tk
chefport.tk
chenfqi.tk
citjunta.ml
clanliqr.ml
coffeeod.tk
conanandjasmine.ml
cpajwood.ml
cpajwood.tk
cpanel.sunlitcars.tk
demonm.tk
destaquefitness.tk
dlskoda.ml
dombasticknas.tk
drysupplies.tk
dwgdhfy.tk
ecuacentauro.ml
ecuacentauro.tk
eleganteclub.ml
eleganteclub.tk
endzoneswagger.ml
endzoneswagger.tk
ezmoneymyteam.ml
fanbcanton.ml
finddrives.ml
finddrives.tk
fllwme.ml
fourwheller.tk
gbbpestcontrol.tk
greatpurity.ml
greatpurity.tk
hemorroidehq.ml
hemorroidehq.tk
henriquepneus.tk
hostarctic.ml
ilovesweetie.ml
ilovesweetie.tk
imagoindia.ml
instantqual.ml
interoutesme.tk
itechcity.ga
itechcity.ml
jademodern.tk
kedaisuki.ml
kedaisuki.tk
kinofkenefret.ml
laluney.ml
layingday.tk
lebanonoil.ml
lebanonoil.tk
litse.ml
lscucusc.tk
lvmotorsports.ml
lvmotorsports.tk

# Reference: https://twitter.com/wwp96/status/1214939236195086337
# Reference: https://app.any.run/tasks/fa148110-1474-4c52-b9f7-264bca3a41a1/

limmergarden.com/pa/webpanel/inc/5d54ff24322827.php

# Reference: https://app.any.run/tasks/3403cffd-adef-40bd-ac59-53edab63a0e1/

ftp.myloginoffice3.com

# Reference: https://www.virustotal.com/gui/file/7d8909c7fcb490c98941f17d30179cf932231f0a82ce25c8343fd8904fea802a/detection

185.38.151.11:50472

# Reference: https://www.virustotal.com/gui/file/31644ce7e514cdf426d1ab3e36d2ebd37068d66eb164f0d6d6ab87ab0471f897/detection

185.38.151.11:56769
185.38.151.11:61321

# Reference: https://www.virustotal.com/gui/file/da09ac88b81d53207f01371dacc653437e95b9da05ea982d397fce8c033c2ce6/detection

185.38.151.11:61628
185.38.151.11:63603

# Reference: https://www.virustotal.com/gui/file/d7eb28958866d10626c0a7f5974e32da9a7e1ad988fe09dc48ac01d103da6ace/detection

185.38.151.11:50041

# Reference: https://www.virustotal.com/gui/file/682fbcd0f7299831baca107e58095772cb425437c7d4f1cd08d81ba4d4d353a4/detection

185.27.134.11:36951

# Reference: https://www.virustotal.com/gui/file/d02569687c55976dc1fea3fbfb031a821d4072cac3971b3bf97cb6877b72e32a/detection

185.27.134.11:32281

# Reference: https://www.virustotal.com/gui/file/cffed6d9add784bf2951db23c55fb44c201535cf0417b46ced760cbf05cccbda/detection

185.27.134.11:14908
185.27.134.11:24257

# Reference: https://www.virustotal.com/gui/file/5657b7923550dc5e89b5048c7a74f665cb29aaa923ba8fe114f98bc449e81d1b/detection

185.27.134.11:21389
185.27.134.11:29037
185.27.134.11:49162

# Reference: https://twitter.com/malwrhunterteam/status/1486088221968715776
# Reference: https://www.virustotal.com/gui/file/d0bf3e6e894721d27d7bc6c25e214505c597213c68832a09019fd49306318b8f/detection

185.27.134.11:41201

# Reference: https://twitter.com/wwp96/status/1219614957416873984
# Reference: https://app.any.run/tasks/c510f521-e3c2-45d9-98a9-b6c329189db1/

kironofer.com/webpanel/inc/d380803e561db4.php
kironofer.com/webpanel/login.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1219902709882662912
# Reference: https://app.any.run/tasks/cb6f47d6-61b4-4298-a0cf-117eea65dca0/

91.82.85.66:21
91.82.85.66:33132
ftp.metris3d.hu

# Reference: https://www.virustotal.com/gui/file/434ee3a7d5f1d23b7d2a2ca22bbf197b1275ff1bd11b03c11cfc45a6cae5fd11/detection

45.74.1.8:1122

# Reference: https://twitter.com/_lockhum/status/1220774737435074561

limmergarden.com/pa/webpanel/login.php

# Reference: https://www.virustotal.com/gui/file/4202c3c6970a870ce7fb6826dc69422c83de9da2462e28e2162a237579ff5192/detection
# Reference: https://www.virustotal.com/gui/file/8e9a4181cfd63b6d2a32352882d7022670236a5bdd0b824b547e69fde5b20c13/detection

nortonlilly.info

# Reference: https://www.virustotal.com/gui/file/67e30c288e1025728c58ad7093e34ea97d7f1e5f3c4450859e9de775e49f4dca/detection

185.244.30.53:4782

# Reference: https://twitter.com/cocaman/status/1222227693099462656
# Reference: https://app.any.run/tasks/193b764b-c408-4226-9a66-8400d1b1f4f9/
# Reference: https://www.virustotal.com/gui/ip-address/1.217.125.148/relations

1.217.125.148:8080
web.riderit.com

# Reference: https://twitter.com/wwp96/status/1222261603028152326
# Reference: https://app.any.run/tasks/227edd93-0480-404d-a7b8-0da81c2b3ce7/

78.142.19.101:587

# Reference: https://twitter.com/wwp96/status/1222262561296519168

smtp.xyzdomain.us

# Reference: https://app.any.run/tasks/3d1f67f1-6384-4980-a2e7-20ea0c0c8523/

smtp.dynamics-id.com

# Reference: https://twitter.com/wwp96/status/1222569538094534656
# Reference: https://app.any.run/tasks/6782cb3d-bd47-4351-977e-7b0bb14ae649/

effetka.com

# Reference: https://twitter.com/wwp96/status/1222575075028807681
# Reference: https://app.any.run/tasks/b71139f8-e198-4ebc-8b72-7e6399442199/

67.215.224.83:21

# Reference: https://twitter.com/wwp96/status/1223258955989815301

dkjpipnigproducts.com

# Reference: https://www.virustotal.com/gui/file/e9ae77ff1f9146e6c5296dfafb93c43ce062348136a4091d74087d603e2a18b8/detection

185.148.241.50:4782
23.105.131.230:4782

# Reference: https://www.virustotal.com/gui/file/f92ffc14ebc9ea2be74f7a6f73fa2055e345a42428171cee6491e6903816dce3/detection

varancha.com

# Reference: https://twitter.com/wwp96/status/1228359538505658371

dembal.com

# Reference: https://www.virustotal.com/gui/file/6fe5eed4b01642b919c7670f09548bce679233d8d522b20c36c29ed6fad0614d/detection

176.57.209.21:31177

# Reference: https://www.virustotal.com/gui/file/cb3534e092ee89bb8c1c4adb12a7a42a46629f0f939c13ad12be001ac1f7bb94/detection

176.57.209.21:46975

# Reference: https://app.any.run/tasks/24809127-df0b-4e16-9c94-35450bd9f283/

cydelink.com
officearchives.duckdns.org

# Reference: http://tracker.viriback.com/dump.php (# snapshot 2020-02-23)

190.97.166.194:80
190.97.166.194:8080
79.134.225.77:44
aaatechh.com
agent.rooderoofing.com.au
arbistars.com
bauremediaus.com
bawsymoney.ga
brther-group.com
callvaxglobal.com
captainbugattiautos.com
ceoinboxs.com
credoaz.com
data-startssllink.com
deveinsun.com
emaaiil-163.com
emtelakproperties.com
eqtweb.com
etvidanueva.com
excelaires.com
flopdlsofrd.com
forteol.com
goldenfuturepower5.com
grindtreu.online
groupbizconsulting.com
impulsefittness.info
ipblasta.com
kironofer.com
kodarkalaris.com
limmergarden.com
magnaki.com
milonestlevevy.com
milux-my.com
mshhmasvx.com
nortonlilly.info
oceantrading-jp.co
pounds.ngrok.io
prominienttec.com
shileniniliv.com
siamzime.com
sindevil.com
sm.rooderoofing.com.au
softtouchcollars.com
speedfolks.com.ng
svmarketingindia.com
telewire.online
uccftl.org
usarmyvacations.info
valedein.com
varancha.com
wieda-mc.com
workupdates.net
zomcnxbilo.com

# Reference: https://www.virustotal.com/gui/file/ae5d91ffad3a752a7568bc1197770f0ba06f33ba567740c4a18ca7bf0be6dc85/detection

168.235.111.253:1078

# Reference: https://twitter.com/wwp96/status/1232323995933929474

hitek-pk.com

# Reference: https://app.any.run/tasks/4630ac10-0749-4c13-ab1b-90f2c27c9c14/

prodiggy.xyz

# Reference: https://app.any.run/tasks/510f53d6-553e-4dae-a629-ae24c10e19ca/

office-cleaner-commander.com

# Reference: https://www.virustotal.com/gui/file/0a25a76d3b998edf56357790356abac4dd2d275c144e8d640f0c4bb4249d03a7/detection

79.134.225.75:1717
indigo22.publicvm.com

# Reference: https://www.virustotal.com/gui/file/25623344c636700823f0927a1c784b06a016b73dfa5083dc2d92baf1b40c2b71/detection

79.134.225.74:7688

# Reference: https://app.any.run/tasks/2e8a87dc-28e5-466d-8b48-772962c5515e/
# Reference: https://www.cert.hr/PhishCoviD
# Reference: https://www.virustotal.com/gui/ip-address/77.83.117.234/relations

77.83.117.234:587
aodeindustry.icu
deepsaeemirates.com
emmannar.com
bisol.icu
bkfglobal.icu
allcare-in.icu

# Reference: https://www.virustotal.com/gui/file/daf5e6207242777ec4cf6defdb9783ee4a109784de6e4be0dab7795eb8e3fd3b/detection

178.124.140.148:9955

# Reference: https://www.virustotal.com/gui/file/809f119816b9937ddc40b8821a8256373b1acfb029c9d1a226a0a402bb901e3c/detection

178.124.140.144:9955

# Reference: https://www.virustotal.com/gui/file/53f46d8f5cb827c8fd27acdb2ae47babc71a7bc9189dca78f759bb222972a06f/detection

185.19.85.172:9955

# Reference: https://www.virustotal.com/gui/file/c21528cb1bc34467b51f355d2a5ab00e5c93dc85daa288f758cb32b62c70d247/detection

129.56.115.44:9955

# Reference: https://www.virustotal.com/gui/file/c56ed81b368a4569017dc1fa62d66aa09bae779079db07e6d37057979553fb88/detection

185.19.85.158:9955

# Reference: https://www.virustotal.com/gui/file/6fc77a77ea8a0f5b9159cb397fbce10ad9db993bec824da3607d887763a4d84d/detection

129.56.24.87:9955

# Reference: https://www.virustotal.com/gui/file/22f01bda2127d3ae0a430f926e03f2fb91077f1df236de440e896cfb808e6571/detection

91.189.180.211:9955

# Reference: https://app.any.run/tasks/b46ab76d-67c1-4446-8e46-cb06ba4b56b9/

ehbsd.ueuo.com

# Reference: https://app.any.run/tasks/e7c0011c-965c-4f60-882d-c1635524d592/

mujhedilsena.com

# Reference: https://twitter.com/gorimpthon/status/1242842075202109440

http://216.170.114.99

# Reference: https://www.virustotal.com/gui/domain/goldenlion.sg/relations

goldenlion.sg/file01/
goldenlion.sg/blacky2/
goldenlion.sg/white/

# Reference: https://www.virustotal.com/gui/domain/getegroup.com/relations

getegroup.com

# Reference: https://app.any.run/tasks/50fefae3-86a8-463f-b73f-30b4578255fb/

easydatatransfercleansystemprofessional.duckdns.org

# Reference: https://app.any.run/tasks/fff397ba-c5b8-4db0-91ea-49a10e5ac00d/

sterilizationvalidation.com

# Reference: https://twitter.com/James_inthe_box/status/1245706675266306049

proyectomontvento.com/img/files/class/webp/

# Reference: https://twitter.com/James_inthe_box/status/1247162504293179392
# Reference: https://twitter.com/JayTHL/status/1247163058071523328

pussyclub88.com

# Reference: https://csirt.bank.gov.ua/news-ioc/78 (Ukrainian)
# Reference: https://www.virustotal.com/gui/domain/unlimitedimportandexport.com/detection
# Reference: https://app.any.run/tasks/21ca8f99-92aa-47a5-8787-846ab59f5841/

unlimitedimportandexport.com

# Reference: https://twitter.com/James_inthe_box/status/1252657380807938049

nabionov.net

# Reference: https://www.virustotal.com/gui/domain/rabok.io/relations

rabok.io

# Reference: https://www.virustotal.com/gui/file/0cc36114a155515acdf192cbde8cc6f2eb5bfc833920075ee5deb156944371eb/detection

185.140.53.129:8323
xacnsnva.bounceme.net

# Reference: https://unit42.paloaltonetworks.com/silverterrier-covid-19-themed-business-email-compromise/

coffiices.com

# Reference: https://www.virustotal.com/gui/file/fdd40bcfba668b785d404214fd35db117b186e21944b24f16540cce86f7bec78/detection

103.133.109.74:3050

# Reference: https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/
# Reference: https://otx.alienvault.com/pulse/5ecebea5f3c7fdfd2f5f9cd9

atn-com.pw

# Reference: https://www.virustotal.com/gui/domain/mechnicsde.dp.ua/relations

mechnicsde.dp.ua

# Reference: https://www.virustotal.com/gui/file/29d2c857add67db5ea4fa1265d6799f72436443ef37ebe6b552884f7f08c99ba/detection

209.58.144.239:1738
dimitriv.duckdns.org

# Reference: https://twitter.com/benkow_/status/1270278177336803331

bpoxnet.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1270997007180730368
# Reference: https://app.any.run/tasks/4dede486-355d-4e84-874c-d9318532db23/

http://193.42.96.111

# Reference: https://twitter.com/Bl4ng3l/status/1272531788678729732

spdodoma.com/jss/1156000032.jpg

# Reference: https://app.any.run/tasks/de803f92-9a35-43b2-a84b-53b596893de4/

mail.marpx.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1273562883578880000

strahovka-osago.com/coer/2031777055.jpg

# Reference: https://twitter.com/James_inthe_box/status/1273983069435789316

http://180.214.236.98

# Reference: https://www.virustotal.com/gui/file/183112cc344d1629e2d63bde89fee8fd7040a70b53c695e843e6892dfb4c4c63/detection

185.244.30.14:20391
papauwa.ddns.net

# Reference: https://app.any.run/tasks/7d8686b5-5caa-481b-ba4a-d4c6822db49c/
# Reference: https://app.any.run/tasks/a2eb93fc-69f0-4188-b679-5031e0e7c7ed/

mangero.xyz
arnoldz.xyz
admaris.ir

# Reference: https://pastebin.com/Hc73BzJT

alconalu.com
cotextrucking.com

# Reference: https://app.any.run/tasks/b11c3add-4e16-4213-a6ab-ccbecf96b09b/
# Reference: https://app.any.run/tasks/581eaa08-bc27-486f-a9d4-602c7ae9eec9/
# Reference: https://twitter.com/James_inthe_box/status/1283032875311366144

terminal6.veeblehosting.com

# Reference: https://twitter.com/jorgemieres/status/1286664575094489088

capurgol20.duckdns.org

# Reference: https://twitter.com/Circuitous__/status/1276560882538098690
# Reference: https://urlhaus.abuse.ch/url/408906/

biz9holdings.com

# Reference: https://app.any.run/tasks/cfc6df5f-b76c-4605-9778-f96726605e99/

nilemixitupd.biz.pl
ftp.skibokshotell.no

# Reference: https://twitter.com/FewAtoms/status/1290349522519035912
# Reference: https://www.virustotal.com/gui/file/d4f8eae80bb2920ec10ea6e90d791fc0f76f314aac007bc38b83135953dbc103/detection

mcmegypt.com

# Reference: https://www.virustotal.com/gui/file/f8399ec31dccdddd06367504c0c6d331dacff38ec3d1f1645568f1bff9d4a0c1/detection

197.210.227.183:9090
79.134.225.72:9090
xinpincompany.hopto.org

# Reference: https://twitter.com/malware_traffic/status/1298294672037687298

proofbookonline.com

# Reference: https://www.virustotal.com/gui/file/449bdfca4b826617cead9ace5d890474da8b93ea6f0db80748ed22e58dc7fc3e/detection

185.244.30.18:2130
storyofpadi.ddns.net

# Reference: https://www.virustotal.com/gui/file/b1764510611e4e9c5be024338e1bb63b817069026ff7b996a3dff043e6d8d211/detection

paypalonlineservicesupport.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1303621011754176514

hnyuosun.com

# Reference: https://twitter.com/Racco42/status/1314272782210011136
# Reference: https://app.any.run/tasks/53148132-2406-43d9-a26c-fa1617632caa/

smtp.redan-co.xyz

# Reference: https://www.virustotal.com/gui/file/c857aa386c8aded608ace202e5600221a141a24e88475fa328a686e6e0f75a40/detection
# Reference: https://www.virustotal.com/gui/file/f6eab127647b1a3d51f9599db90ab31b53f7b9fdb5d30d18dada555019d16abc/detection

185.165.153.140:1942
atu042.hopto.org

# Reference: https://twitter.com/Racco42/status/1317228045581910017
# Reference: https://app.any.run/tasks/b13e5a82-35ce-4213-bf4f-1079436eabb5/

smtp.pharco--corp.com

# Reference: https://twitter.com/Racco42/status/1317232384006291457
# Reference: https://app.any.run/tasks/df756035-0ec2-428e-87fd-fa2f4f36f438/

smtp.millacfood.com

# Reference: https://www.virustotal.com/gui/file/a68f82eeab67310e50631899bb57fdac1e81c6b2d04db87c8aa564ff2cc18748/detection

ebop.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1319932531039404032
# Reference: https://www.virustotal.com/gui/file/cb684c1c98ba73f221a21ae1641011a67ae0d70022278b9136a9bb43b33ea593/detection

http://75.127.1.211

# Reference: https://twitter.com/James_inthe_box/status/1321088232512106502
# Reference: https://twitter.com/Racco42/status/1321232006424989699
# Reference: https://www.virustotal.com/gui/file/4fbea091009ae3c79eae3794ef4477055b3e8902e08a8565ef25f90489a2f08c/detection
# Reference: https://www.virustotal.com/gui/file/eb706251924a534e026bfbe209d235c134402c6d12512dca0e0ae14212e715fa/detection
# Reference: https://app.any.run/tasks/33299243-9f66-4a81-a222-9d0dc5e130d4/

ahgwqrq.xyz
/getrandombase64.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1322176161326182401
# Reference: https://www.virustotal.com/gui/domain/efiigbo9.duckdns.org/relations
# Reference: https://www.virustotal.com/gui/file/7406e77d7cbbc5344697900906c5a5930330dcdfba382b22181b41494ace670e/detection

efiigbo9.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4d956c02c96695cf1535084515e37263c5391ea36802b1100d9809aa3759e4e7/detection

105.112.25.62:1970
francovibes.hopto.org

# Reference: https://www.virustotal.com/gui/file/f6dae5ff37232524f545d43bc3de780c98b0ad6ccdc2058b5e7b35c046a1bd8a/detection

185.140.53.187:4284

# Reference: https://www.virustotal.com/gui/file/f9dfd82d610e342a0d0a21dad1df689c979f863ee1b9f978c56dee49c5bfbb69/detection

79.134.225.109:1985

# Reference: https://twitter.com/wwp96/status/1328340118579654656
# Reference: https://app.any.run/tasks/97a9483e-5c62-46e2-9b78-fefd1dff32de/

aarque.co
/inc/4b1cea4932c6b7.php

# Reference: https://twitter.com/ViriBack/status/1330309562990211073

http://103.207.39.131

# Reference: https://twitter.com/ffforward/status/1334115405825236997
# Reference: https://pastebin.com/raw/ZgDtALAD
# Reference: https://bazaar.abuse.ch/sample/ac84fce48dc5fc0ece582c6cd8f5486d044f48f2923e949d27c5ea44cb0a80a0/

abualrejall.com
adempolsoya.com
adikoss.com
ahrran.com
al-babtainsa.com
andms-kr.com
aprco-eg.com
arisstoncavi.com
bellaphavma-kamph.com
cbm-lb.com
ccppmde.com
cerafluxx.com
chinetychemical.com
chplubb.com
contactmail-office.com
de-oculus.com
decescoter.com
ebankinghbl.com
eccolabb.com
eexxonmobil.com
energy-tubor.com
eversaillogisttics.com
fehemco.com
fermson.com
flamengo-importexport.com
forrebright.com
fuhennei.com
gj-de.com
glud-marsstrand.com
hschain-cn.com
hzdjjm.com
inter-chamie.com
jvlphar.net
ka-mann.com
kimiarra.com
kulinichi-ua.com
lesanor.com
luboccc.com
mecckey.com
milllefood.com
oceanstars-my.com
praaj.net
praticompeny.com
rsships.net
specsccorp.com
ssecop.com
td-tubor.com
technology-visions.com
tsakerr.com
tyimble.com
ullusoyun-tr.com
unishipss.net
vs-vossloh-schwabe.com
wiillow.com
ximyiopal.com
y1ss-tw.com
yuballes.com

# Reference: https://twitter.com/wwp96/status/1337109603151122432
# Reference: https://www.virustotal.com/gui/file/cd508affafb2152aa3511774518e1a4a150eb68f62d65208b0d477e83d0306a2/detection
# Reference: https://www.virustotal.com/gui/file/21c51bed18906fb1c167adb68146e2765d7a901f19f59029f3e58218b3ac1c37/detection

http://69.174.99.26

# Reference: https://twitter.com/wwp96/status/1339011510480351232

http://103.145.254.114

# Reference: https://twitter.com/ffforward/status/1339129811810324483

http://103.207.39.131

# Reference: https://www.virustotal.com/gui/file/838d8a1b9095168c1c0c24449b62ab0c9eece8211381e59c5f1b8889d1c618af/detection

193.109.78.38:53285
viceka.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8d1fd0a9544e74bfec387ed16ade3f9ec6b334476f0ef0e984420b4923c8f624/detection

megad.cc

# Reference: https://www.virustotal.com/gui/file/111ef2f9f0ede9903cc9382a92a3c4273c306900e8cb576de0b7730db52a7e85/detection

adobelink.me

# Reference: https://www.virustotal.com/gui/file/73a6e350cb3935c52e604e48831e708851373419f08ac128d1a8c7c5b17ed872/detection

95.72.66.155:1313
port15e.zapto.org

# Reference: https://www.virustotal.com/gui/file/40699c32fb147942f1d06f3520793f8a7f516f1d5bb03ab8e3c5c78f821cf425/detection

megaplast.co.rs/zin/WebPanel/api.php

# Reference: https://twitter.com/James_inthe_box/status/1349360887186874371

http://64.188.18.218

# Reference: https://twitter.com/James_inthe_box/status/1352326755348955137
# Reference: https://www.virustotal.com/gui/ip-address/193.239.147.103/relations

http://193.239.147.103

# Reference: https://www.virustotal.com/gui/file/6d02531e14e00f91302c4c7ff8141a1576c1da976e97d2367f828ef3248ac3c3/detection

0ffice365-seccure-email.bid

# Reference: https://app.any.run/tasks/a6789a42-f9eb-45be-a2e6-a0d939ba28fd/

http://193.56.28.231

# Reference: https://twitter.com/James_inthe_box/status/1313832984303157250
# Reference: https://app.any.run/tasks/5ddfb57a-bc6b-42bb-a042-f906e5a2cabb/
# Reference: https://www.virustotal.com/gui/file/bc7900c1440c578c0dc0de73889755bbbf9e43026d8beafe83dbdc5d76dd6a62/detection

http://193.56.28.228

# Reference: https://www.virustotal.com/gui/file/8175783100320f5dba70e2af0005134d2b85d7c5c26e97f438248112fd7a4d93/detection

194.5.98.98:3850
nanopc.linkpc.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1357260178635243520
# Reference: https://app.any.run/tasks/a2fe9cdb-7af6-44e5-99ca-d924c96d2b72/

http://103.133.105.179
mylundisfarbigthenyouthink.blogspot.com
tumlundlynikyho.blogspot.com

# Reference: https://app.any.run/tasks/247c3559-47e7-4734-9c5d-aa6bda2b1cc0/

papagunnakjllidmc.blogspot.com
titupatiyannala-myrynaal.blogspot.com

# Reference: https://twitter.com/reecdeep/status/1357641303404785668

hera.lt/Alpha8.jpg

# Reference: https://twitter.com/reecdeep/status/1359048494716223488
# Reference: https://app.any.run/tasks/fee7ff1c-30a0-4105-a1fe-e1a51b854e5b/

131.153.50.170:21
131.153.50.170:53008
hera.lt/Delta2.jpg
takumacakrajaya.com

# Reference: https://www.joesandbox.com/analysis/271782/0/html
# Reference: https://www.virustotal.com/gui/file/800b9a74773f65fcc72d5247cae562f48a58f89b2ff4b4dcddd909f5a241512b/detection

191.101.158.161:19900
obereagujnr.hosters.xyz

# Reference: https://www.virustotal.com/gui/file/84f10aaf283d608045856ac47832e5fe0daf99c14c0a9d0b06c8a55eba871489/detection

stermacos.com
smtp.stermacos.com

# Reference: https://app.any.run/tasks/f0463337-7b01-4b6a-b29c-5cb10c90fb7d/
# Reference: https://www.virustotal.com/gui/file/26c1c6119602bc2ceac63642f79552150b4d017c76608759ede90c2d169f7aee/relations

f0514607.xsph.ru

# Reference: https://twitter.com/reecdeep/status/1361260530766393344
# Reference: https://www.virustotal.com/gui/domain/elit-tehnica-md.com/detection

elit-tehnica-md.com
smtp.elit-tehnica-md.com

# Reference: https://twitter.com/reecdeep/status/1361590430513721344

electro-plomb.cf
mail.electro-plomb.cf

# Reference: https://app.any.run/tasks/ddf138f6-fc15-423e-af69-a752d4331bd8/

uhbddr.hr/J12.jpg
192.254.234.35:21
192.254.234.35:33912

# Reference: https://www.virustotal.com/gui/file/d6ab2482f2cc150b157f0cb92cc5a7a335ca739bb54236260bc7149b04731986/detection

http://192.236.147.189

# Reference: https://www.virustotal.com/gui/file/794122575d9d6cbd27ac687debab80f93f018f4b6aeb86a3fcaa397196e8f91b/detection

http://86.105.252.11
86.105.252.11:30003

# Reference: https://www.virustotal.com/gui/file/442d4d7d0a01819d30b20234bc6ae1d0d1978408055424c298b7902be978c7c5/detection

f0512634.xsph.ru
deffind.xyz
investment-properties.xyz
yrhealth.xyz

# Reference: https://twitter.com/whitehoodie4/status/1362731135411830786
# Reference: https://tria.ge/210219-q5bg7eq2ge/behavioral1

grupocolors.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1363844361419698176

2yhLxjzcOr.com

# Reference: https://app.any.run/tasks/5a2a50a5-87ea-4ff1-a50a-decd569257ec/

coroloboxorozor.com

# Reference: https://twitter.com/wato_dn/status/1366259334955499524
# Reference: https://tria.ge/210301-7z5cpr6z82/behavioral1

tumharimaakachodamarunmaine.blogspot.com

# Reference: https://twitter.com/James_inthe_box/status/1366397526761345026
# Reference: https://app.any.run/tasks/5758e658-cf48-46dd-9863-e97a64e9e484/
# Reference: https://www.virustotal.com/gui/file/01b0b39d33017efb3ff557717b7fa2890f255eef89fcbcc5e824f5df9adc9300/detection

osndjdjjjdjshgaggdkf.com

# Reference: https://www.virustotal.com/gui/file/1458e55e8b7800f8a2dc372e725451619f74f0fb90a3331ca48477e0439b4ef9/detection

casadointercabio.com

# Reference: https://twitter.com/reecdeep/status/1367775820199174149

greatdeck.co
liverpoolofcfanclub.com

# Reference: https://www.virustotal.com/gui/file/bc18b4ebadebcd99e132e8a5cc420450c9ba077ba94c8c9a014e614707b5b6de/detection

31.220.4.216:7009
async.3utilities.com

# Reference: https://www.virustotal.com/gui/file/0d9826e88c7debfc212d3023500e1bf09f456cc29ffe1bfaba7dbdddc1afa20c/detection
# Reference: https://www.virustotal.com/gui/file/0d9826e88c7debfc212d3023500e1bf09f456cc29ffe1bfaba7dbdddc1afa20c/detection

31.220.4.216:18253
1.18253.date
1.18253.loan

# Reference: https://twitter.com/reecdeep/status/1370289498093989890
# Reference: https://app.any.run/tasks/e0781546-757c-4178-bc9a-5b8efa795645/

irtec-irrigetion.com

# Reference: https://twitter.com/pmmkowalczyk/status/1370814727912308740

stdyrmtcntlenverpfbi.dns.army

# Reference: https://twitter.com/reecdeep/status/1371423263126065152
# Reference: https://app.any.run/tasks/ce3b9d6e-048f-43dd-b854-a30e7ceab70a/

classicsteelengineering.com
liverpooldabestteamoftheworld.com

# Reference: https://twitter.com/fr0s7_/status/1371383578488098818
# Reference: https://app.any.run/tasks/1228a454-1a45-47fa-bd8a-200eb2398fec/

tumharimaakachodamarunmain.blogspot.com

# Reference: https://twitter.com/pmmkowalczyk/status/1371918255242280965

miratechs.gq

# Reference: https://twitter.com/reecdeep/status/1372111826662608896

snow-whyperlimited.com

# Reference: https://www.virustotal.com/gui/file/45ba43813271c0c4d377338c381992cd5b0220b80c00cffc0b284f84cc0aee66/detection

79.134.225.13:7771

# Reference: https://www.virustotal.com/gui/file/130c76c60f44867be9e8986dbff2d2f035837a15f00d00d2976bc230e0070128/detection

79.134.225.13:8763

# Reference: https://www.virustotal.com/gui/file/0cd598c06841affaf7389f5a3cec84e4da0d7515f3da40b450f2dc7c7ae12938/detection

79.134.225.43:58103
strongodss.ddns.net

# Reference: https://www.virustotal.com/gui/file/990df8e02a4bb9340ab3303a87f2939847653652d9b78819a253c8dde0ed056c/detection

0k10dk21kkeok2e.online

# Reference: https://twitter.com/reecdeep/status/1373906756628283393
# Reference: https://app.any.run/tasks/ab09b467-a977-4536-ac5e-455e904513fb/

107.180.26.185:21
107.180.26.185:50329
107.180.26.185:50538

# Reference: https://twitter.com/pmmkowalczyk/status/1374000718194077698
# Reference: https://www.virustotal.com/gui/file/9664740123170b912430759af6cfad9ff784ccd266fe93909022093beff051c7/detection

jiratane.com
specfloors.net/dev/

# Reference: https://twitter.com/JAMESWT_MHT/status/1373998230455848968

curidesigner.com

# Reference: https://twitter.com/jorgemieres/status/1375161202716868613

surestdysbonescagexc.dns.army

# Reference: https://otx.alienvault.com/pulse/605c7c7cba2960e10fea8007

seno.ddns.net

# Reference: https://www.virustotal.com/gui/file/f083c3c1f115a2674dff82d859f3d67faca6e9c8e971f7164caf99954376a0cc/detection

194.5.97.7:6060
bohemianbenz.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1377261276674490368
# Reference: https://app.any.run/tasks/f41044b0-c0b7-40f7-ab07-38c274036efc/

humtotmharyhain.blogspot.com

# Reference: https://twitter.com/reecdeep/status/1377624305400438787
# Reference: https://www.virustotal.com/gui/domain/lfsqatar.com/detection

lfsqatar.com

# Reference: https://www.virustotal.com/gui/file/e7f4a5644698b66fd28ca7f0e4fcdc06fb1d09b0e29977d887854a5fec6cfc8b/detection

209.127.18.121:3918
uhie.hopto.org

# Reference: https://www.virustotal.com/gui/file/352c3aac62d88e75e1655d9d67facd8ac7823b619f6c7e527437821b8ec42bfd/detection

giftbizz.com
patlod.com
wwwjinsha937.com

# Reference: https://www.virustotal.com/gui/file/8e15f76149baa634caba6bcb021a5793f9b86c6290247d62a3f9628e5e147c7f/detection

x11fdf4few8f41f.com

# Reference: https://twitter.com/dms1899/status/1244596518402785280
# Reference: https://twitter.com/FewAtoms/status/1245700149952872448
# Reference: https://twitter.com/James_inthe_box/status/1245706266464288775
# Reference: https://twitter.com/p5yb34m/status/1252660135408750597
# Reference: https://www.group-ib.com/blog/rats_nigeria
# Reference: https://www.virustotal.com/gui/file/281896c20c9ae01b1a4ddc590c5cec454865cd95aaa7e53aac436a3b89889486/detection
# Reference: https://www.virustotal.com/gui/file/2b43e9f848b8f0db1cce7da920fb3d970a47d61d3250f87419d1bdbb980d9d18/detection

office-archive-index.com
office-archive-reserve.com
office-cleaner-commander.com
office-cleaner-indexes.com
office-cloud-reserve.com
office-updates-index.com

# Reference: https://twitter.com/ps66uk/status/1379408490960130048
# Reference: https://app.any.run/tasks/6abf3b2c-9e92-4f76-81d5-06898cfb3f3e/

http://193.56.29.192

# Reference: https://twitter.com/ps66uk/status/1379467933932519436
# Reference: https://www.virustotal.com/gui/file/53dcc6b98d2356c9a5f68b314edb8b819b99cec4ef2f6db0cfba72fb86a55d25/detection

newblogheresee.blogspot.com

# Reference: https://www.virustotal.com/gui/file/7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa/detection

myliverpoolnews.cf

# Reference: https://www.virustotal.com/gui/file/9c4baba8ae680070c8ef4afaa7fd5fd41b5828f94581f4e228dd6439b9a5aaa7/detection

23.105.131.188:1605
frlumi.ddns.net

# Reference: https://twitter.com/reecdeep/status/1382247034091155456
# Reference: https://www.virustotal.com/gui/domain/cometshippings.com/detection

cometshippings.com

# Reference: https://twitter.com/58_158_177_102/status/1382254845659291650
# Reference: https://tria.ge/210414-aqahkvar82/behavioral2

http://193.56.29.110
ajmeinthakahowahun.blogspot.com

# Reference: https://twitter.com/fr0s7_/status/1382582635239723011
# Reference: https://www.virustotal.com/gui/domain/murjatumanhus.fun/relations

murjatumanhus.fun

# Reference: https://twitter.com/avman1995/status/1384742543133339653
# Reference: https://app.any.run/tasks/68d2c9b5-3ffb-40e0-8f1c-269353da0bfd/
# Reference: https://www.virustotal.com/gui/domain/mesco-midhco.com/detection

mesco-midhco.com

# Reference: https://twitter.com/reecdeep/status/1384844628478898181
# Reference: https://app.any.run/tasks/d5ae94e7-f656-455c-a039-9ebf7f8ac9e5/

alramzpakistan.com

# Reference: https://twitter.com/TeamDreier/status/1384236371787669507
# Reference: https://bazaar.abuse.ch/sample/87bb35a04c91b5005806b4893ad4dc594c8b73d228150597cde89b39f79af9b0/
# Reference: https://app.any.run/tasks/9024ab96-72f5-492b-83b3-b28adf4f949f/

mmwrlridbhmibnr.ml

# Reference: https://www.virustotal.com/gui/file/037ec548399a3c68670044bf3a0154940e0d6597b1576a68f7172bb14a3c28c2/detection

annyms2stdygeneratga.dns.army

# Reference: https://twitter.com/James_inthe_box/status/1386676931354058753
# Reference: https://app.any.run/tasks/f219d3f9-546d-429f-9110-9805ef69357e/
# Reference: https://www.virustotal.com/gui/domain/s-handels-gmhb.com/detection

s-handels-gmhb.com

# Reference: https://www.virustotal.com/gui/file/dff471fd645f164bf8759605546dfef1f74b95929c028ef1e14e2786ac7a3ef2/detection

91.109.176.9:3762

# Reference: https://app.any.run/tasks/5758e658-cf48-46dd-9863-e97a64e9e484/

chelseafc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
liverpoolfc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
mancity.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
manutd.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
realmadrid.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html

# Reference: https://www.virustotal.com/gui/file/0b0ae0604da1b3d48393ae594610c5a93d7e45e3d6e6c302e04c2bcc878ff485/detection
# Reference: https://otx.alienvault.com/pulse/5db6734a077f7acc6698e6bc

osasmail.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1387795001388711944

kgift.kozow.com

# Reference: https://twitter.com/58_158_177_102/status/1387779300749938695

yahameinhunbusorkoinai.blogspot.com

# Reference: https://www.virustotal.com/gui/file/b4fe1a5d89c5f0e19c6db5b460ad93df2006fc3b62f5ae748e416750c6a890eb/detection
# Reference: https://www.virustotal.com/gui/file/44e857aa5103c72bb638310b4c20fc9be367b55d7f8e6dd324170183a727b5bd/detection

197.210.85.24:54888
79.134.225.48:54888
celebrity.hopto.org

# Reference: https://gist.github.com/silence-is-best/852a1c7c7dcf29fdc8d5df73433e7676

p8hj.blogspot.com

# Reference: https://www.virustotal.com/gui/file/ed5cd113b4ddbcad39f3537fc84910227304e41599b89bd9dd0115b499bdb207/detection

tr1.hostgator.com.tr

# Reference: https://www.virustotal.com/gui/file/9861e34bd20a94000ac5c06ef9fce446a4e5decb41f27d579e2e35620dc8dde3/detection

clicklenderz.com
/mynewapi.php

# Reference: https://www.virustotal.com/gui/file/50da4e2f7fd094921570faaa6834e1d5fcc61f5e1eadce59d151885c150e84e1/detection
# Reference: https://www.virustotal.com/gui/file/a2edbc3290d45107090ad4e2a5dfea2de5d1286ae04c5c5c995a7bcf02d57bed/detection

141.255.152.11:21212
crowminer.duckdns.org
huginodinmunin.ddns.net

# Reference: https://www.virustotal.com/gui/file/0bb31a305b6b16a94fe83f388d8fa7a1a72c648ff5441768d33508365a2930b2/detection
# Reference: https://www.virustotal.com/gui/file/b00589191bd96a88aa489c1222d1f42dfe1647adb1f529a12ed93725f98aa78f/detection

185.140.53.138:7077
185.140.53.175:7077
79.134.225.74:7077
7077life.myq-see.com

# Reference: https://www.virustotal.com/gui/file/f26a629ef6ef3753876a8b72e4863d67a550afe8579a6bffcd864c6c572d6f0a/detection

hbnboz.com

# Reference: https://www.virustotal.com/gui/file/534407733556dc9a993d73261613e4713d0a1b3c9b7f61ec5983e39a0641815e/detection

ldvamlwhdpetnyn.ml

# Reference: https://www.virustotal.com/gui/file/7c18130345c95d1cd852af2bbf0fad2d72d4097725dbd334f1d0ab66720c43c6/detection

jejendjcjfhh.com

# Reference: https://www.virustotal.com/gui/file/fc08332ad4efc478a9d79a342e433935d10e72b6f7868ec7e8708a365bd2d607/detection

179.43.140.164:53855
179.43.140.185:53855
88.214.207.96:53855
greencodeteam.top

# Reference: https://www.virustotal.com/gui/file/2e81ce0a08b7e6ad6210b1068d6583628d8ebb11d93ce4f1b424fede249a39df/detection

xwjhdjylqeypyltby.ml

# Reference: https://www.virustotal.com/gui/file/c841bc4893813d54a5b6d044bafa4d50bc508a8d0ff0eafa1f395cd1db98ee6e/detection

mmwrlridbhmibnr.ml

# Reference: https://twitter.com/gorimpthon/status/1394600529469210624
# Reference: https://tria.ge/210518-hpxbx989hs

http://103.151.125.220
/mastermana/black/login.php
/mastermana/black/inc/

# Reference: http://tracker.viriback.com/dump.php (# Agenttesla)

http://216.170.123.125
http://216.170.123.13
http://217.138.205.178
http://34.223.60.188
http://46.183.221.44
http://63.250.45.177
2020bill.com

# Reference: https://www.virustotal.com/gui/file/52ddff83875d402cf2affb82aff8ca1d3a7e96cbd689e638578f6d0d44ecbdca/detection

197.210.226.215:1880
wiz121.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1399689971401900036

http://103.114.107.28
/me/web10/inc/

# Reference: https://twitter.com/pmmkowalczyk/status/1397516983994826756
# Reference: https://www.virustotal.com/gui/file/fe4d94656809accd8f12c53c3c2a572c22beefd0c10914bcbe2b0f4566a88b31/detection

rdnsanom.xyz

# Reference: https://www.virustotal.com/gui/file/21a80acf73e3f20e162bcd9e70aafa28681be230056a51bd92677a554e6d3ad9/detection

51.222.195.7:33750
rainboyant.ddns.net

# Reference: https://www.fortinet.com/blog/threat-research/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant
# Reference: https://otx.alienvault.com/pulse/60be05932c2ce1ef655b0bb5

p8hj.blogspot.com

# Reference: https://otx.alienvault.com/pulse/60c1fff1d997ae68cafccd5b

ergerge.top

# Reference: https://twitter.com/tosscoinwitcher/status/1403434626224300039

mail-wagruhyoja.xyz

# Reference: https://www.virustotal.com/gui/file/62a342d89280c6964e64997fa0bc97a5812181f0f22d93740d7196a96c81f769/detection

aquilarysalas.com

# Reference: https://app.any.run/tasks/f371191d-7049-49c8-96b8-fa4c7ee5de68/

apdocroto.gq

# Reference: https://tria.ge/210428-jdbysa1gks/behavioral1

extendonetwork.com/puZyLuatL0W/04.html
jarettwalen.com/vspeL07tgk5F/04.html

# Reference: https://tria.ge/210505-rcetwslzqn

justverify.online/ZKrubZZn5V/04.html
thersnyc.com/fxcS6exSJr0/04.html

# Reference: https://twitter.com/pollo290987/status/1415214033767182336
# Reference: https://www.virustotal.com/gui/file/fd7e560247eb18e1a27cfd3c46f10c06bcae05562df4b2862ec53caa76e80422/detection

ahrend-cz.com

# Reference: https://www.virustotal.com/gui/file/16b8f5725e675be307e5a806d5b5aadacb77c0c293c87da09b61d5e18816907d/detection

cepedaa.linkpc.net

# Reference: https://www.virustotal.com/gui/file/8e4c30a1d9a3f0f9163ca6e7d0b0d4d3c97a5dd2cc9c02b2b84505314d34c0ce/detection

176.15.131.47:6666

# Reference: https://twitter.com/ps66uk/status/1417047970848116736
# Reference: https://www.virustotal.com/gui/domain/arcaz-azcuba.com/detection
# Reference: https://www.virustotal.com/gui/file/48589adb930165c4dfbc611fbefb8d1dfbd7a49d3b07c1fdae6c0b9b7a253e82/detection

arcaz-azcuba.com

# Reference: https://twitter.com/James_inthe_box/status/1417475970571718660
# Reference: https://app.any.run/tasks/89cbc676-ffc6-4fdb-bc81-509206e8a0ba/

kinkolulu.blogspot.com

# Reference: https://www.virustotal.com/gui/file/aff192a434386997a7fca5519af294e9601da33cce30ba8feecce12418e900d1/detection

5.226.138.94:6621

# Reference: https://www.virustotal.com/gui/file/1677e0afc52a9166c9a433e5db3864f71fe5816a98784f6ee3e86540827da084/detection

greenco2020.top
greenco2021.top
greenco2022.top
greencodeteam.ddns.net

# Reference: https://www.virustotal.com/gui/file/23668413a1cff07de7c539ce9dee7468ef08ca0b25454d7407112793ff9bc86f/detection

milax.ml

# Reference: https://www.virustotal.com/gui/file/08ccfac8e650b690f0905577c60a4fb3afa62d51efb4275bd5e4359499e22beb/detection

dizv.at

# Reference: https://twitter.com/lazyactivist192/status/1421108546998095882
# Reference: https://app.any.run/tasks/370d4248-2d56-42e0-9fbc-4de209f30021/

meriqismathiteknaihai.blogspot.com
/kingnewhdjksadhkasbdasvj.html

# Reference: https://www.virustotal.com/gui/file/7a4bdfc933073cdd60f64006052c09b78ecc24cb82c440486a611f0f0fd0ac3f/detection

141.255.158.36:4444

# Reference: https://twitter.com/killamjr/status/1421328093113982977
# Reference: https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/
# Reference: https://app.any.run/tasks/3685ac5a-3dcd-463a-b71c-16072f7f3ec0/

94.187.0.247:4444

# Reference: https://otx.alienvault.com/pulse/61068df1c0077c916899b4fa
# Reference: https://www.virustotal.com/gui/file/80ff3b2e975fb6233ee814f26dd5daa731c699bf7dbb6bb6bdb752c5a430f772/detection

90.73.117.144:8888
googleupdate.hopto.org
xzitnoip.duckdns.org

# Reference: https://www.virustotal.com/gui/file/518ce0b301ad35ba12b1ef840f349debd48721b0f173ea7f0bb7ceef19dc1332/detection

kakosidobrosam.gq

# Reference: https://www.virustotal.com/gui/file/839b47514911a2a692dc4d1f3b7edcfa16e4331b6318470ff4e53eb9da899ce8/detection

185.140.53.142:8999
night90.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1423632214172991488
# Reference: https://app.any.run/tasks/43cb89b5-8bba-4623-ac27-4e31f9ddb36b/

sukmaduck.blogspot.com
kukukajadoolunnd.blogspot.com
machearkalonikahdi.blogspot.com

# Reference: https://twitter.com/tosscoinwitcher/status/1423697561475436544

kinkolulukakkaasd.blogspot.com

# Reference: https://www.virustotal.com/gui/file/cb4a93864a19fc14c1e5221912f8e7f409b5b8d835f1b3acc3712b80e4a909f1/detection

45.146.164.37:8080

# Reference: https://www.virustotal.com/gui/file/0871f15e262ec3621c10c25a4486d35f14ee642ae6ff0d473995565006329615/detection

quas101.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e824c67c7012e7db46cf00e9e4b3d91e77cc725fcaff99a0828e6a91e0ad3301/detection

194.5.97.62:3390
egobuike.wikaba.com

# Reference: https://twitter.com/reecdeep/status/1438424467601084420
# Reference: https://app.any.run/tasks/cbe1ed0c-5168-4172-bec0-ee638f3578f4/

budgetn.xyz

# Reference: https://twitter.com/James_inthe_box/status/1445508345117380618
# Reference: https://app.any.run/tasks/056603f9-a869-476c-8581-554abc31a464/

bot.statusupdate.one
kyahogysammajhnailagrahiat1.blogspot.com

# Reference: https://www.virustotal.com/gui/file/007528e712993f7ce266fd65b244f7c527614135ad0fc90845367fc0ca8c490d/detection

netjul.club

# Reference: https://twitter.com/reecdeep/status/1446043373350043649
# Reference: https://www.virustotal.com/gui/domain/rettberrg.com/relations

rettberrg.com

# Reference: https://www.virustotal.com/gui/file/505821500697793ddef2fbf8c37d56846459d63bf3de87e5232b2740e3019239/detection

cleveropame.ydns.eu

# Reference: https://twitter.com/JAMESWT_MHT/status/1446327506538225664

muccaconsult.eu

# Reference: https://twitter.com/58_158_177_102/status/1447855243778162692
# Reference: https://www.virustotal.com/gui/file/1d2b1f7a4cae7784f01aadc1d8ff8b26d05e5e4b916cb3d2ca088502aba08cdf

hogyartohonathajhnailagrahiat1.blogspot.com

# Reference: https://twitter.com/pr0xylife/status/1450047080089759745

http://103.125.190.248

# Reference: https://twitter.com/reecdeep/status/1450453705296318464

ajsidjasidwxoxwkwjddududjf.blogspot.com

# Reference: https://twitter.com/James_inthe_box/status/1457709661801496581
# Reference: https://app.any.run/tasks/0032c1f8-af31-43ba-bb4f-caf15023d05a/

http://69.174.99.181
johogahokraesdasdaoga.blogspot.com

# Reference: https://twitter.com/ankit_anubhav/status/1450725653465088000

kumakahchachi.blogspot.com

# Reference: https://www.virustotal.com/gui/file/35b3d524a28e9cec4bdfe144ef2710a3d13121a8e006f4c68a41998e893849c5/detection

141.255.158.20:4785
shadhk.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f36d8a41a02e62f440bb279927ee75b8cf680345d59cff1692b20e7b97d7c952/detection

103.133.109.121:1664
kkk4rem.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1463125357951860741

f7secure.000webhostapp.com
hdhdshdhdhgds.000webhostapp.com

# Reference: https://app.any.run/tasks/6a4bdba0-6f75-4a06-9891-35a7f1950027/

thethingsidontheoneday.blogspot.com

# Reference: https://www.virustotal.com/gui/file/40bbf80145952cb3e9f51980a95eabca0d174b72ca383232ff9c239b6084f690/detection

205.185.118.52:5740
googleservers.org

# Reference: https://twitter.com/1ZRR4H/status/1464289306399420419

tecnomedica.com.py

# Reference: https://tria.ge/211127-kw6kqacgg8/behavioral1

sqlserviceazure.blogspot.com

# Reference: https://www.virustotal.com/gui/file/ac92c3624d18d93ce431e08fca64cc1a223acc2e9223e3069babe26e049351df/detection

135.125.21.72:60976
51.222.98.71:60976

# Reference: https://www.virustotal.com/gui/file/0718c62465bbeacc7e35f2dff28f0361104037ed3bc4a05b63a61f42f98f2694/detection

51.161.104.181:60976

# Reference: https://www.virustotal.com/gui/file/85fd6ce192054a81246927f2337c687187b518225239f80c462fbb998a52f81c/detection

135.125.21.74:60976

# Reference: https://www.virustotal.com/gui/file/cde9a8b81d70c72d73d6d79c32e662618b5d65f720c5b86ac0955a1dd9660f38/detection

152.89.160.131:60976

# Reference: https://www.virustotal.com/gui/file/3f905af3a6dfe8fccae9a665a8755a18a8f4db48de83bcb9d516f70d73261303/detection

213.152.162.84:60976

# Reference: https://www.virustotal.com/gui/file/a76bb4f4d209af5479630a2ba37be0f8d09e2ffaf332fd885d02bf6590b66ee1/detection

213.152.186.163:60976

# Reference: https://www.virustotal.com/gui/file/1c7a23332b0140f0eab4995fe837520cae7126d09e2aa2d24d31245427036314/detection

213.152.186.168:60976

# Reference: https://www.virustotal.com/gui/file/8ac32b7faa79aabd51156f6503e624a53ee5d355d602784273376ad45e7dbdbf/detection

katchobinnas.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1467721110326231040
# Reference: https://www.virustotal.com/gui/ip-address/103.147.185.68/relations
# Reference: https://app.any.run/tasks/0ae22943-4364-4fa3-b4db-8cadf104de20/

bakuzamokxxxala.duckdns.org
ccnewcdt.duckdns.org
microsoftazyresql.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3500a7fae58fab0fd34eb0e3fcd4c3a011ccdcf04f50f25ea28876b2a255cbd8/detection

http://185.239.242.107
/base/AF491AED10360862D4D7C85877D8E92E.html

# Reference: https://www.virustotal.com/gui/file/4545f3fd9dff0e6fe7978dcf4ee01d68385a8124673f8db81dd369fc16e30f1e/detection

/base/16FBAADD78329B384AC1CCA7EFBCAFE3.html
/base/66057BDE3BE35BDCE9735F8BF8DCEA19.html

# Reference: https://www.virustotal.com/gui/file/7420427135cfdeb9f84ab13b03960ac09ce662901a809eafbf1a2df548891731/detection

/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-

# Reference: https://otx.alienvault.com/pulse/61c708fac04867d280290abd

cedsxoisslv2nim.club
kimyen.info
kimyen.net
pmfiryhhkin98px.xyz
usd7o88wemlutx5.xyz

# Reference: https://www.virustotal.com/gui/file/1b01ba4823940dc5b45f6719e479de102058ab4ab2b422b319b1857abff4e51d/detection

185.153.198.216:8010

# Reference: https://twitter.com/ViriBack/status/1475566467810840580
# Reference: https://www.virustotal.com/gui/file/d09b04c79e6e8fbffc7075871c7b03f2ef102cd0d0b294d31ea595ff06830bb6/detection

proc-dotgov.us

# Reference: https://www.virustotal.com/gui/file/effc3924c84a1a63cbe0e1b96415abc8bdc48a6f4785cf98c5a5487e345aeef8/detection

archbal.sbs

# Reference: https://www.virustotal.com/gui/file/23f9c173d48cec3b0eeed12b633816565df405021b46941deb407c2c85638372/detection

93.115.28.195:1122

# Reference: https://www.virustotal.com/gui/file/aea1d441f7ad2e9323416ada7629e6bf0ace11c0e983a0b6aaf08917294bf180/detection

108.61.210.74:1122

# Reference: https://www.virustotal.com/gui/file/5d1674729fe6eeddaa488bc0f79a1cc942e635efd4c22480bae65fd4b0ef66f8/detection

185.141.62.35:1122

# Reference: https://www.joesandbox.com/analysis/534672?idtype=analysisid

carbinz.ml

# Reference: https://www.virustotal.com/gui/file/db0d62482f5e1d8a2e1732604d43a74d9641d4f56e7d14492560bb2ce76c7d33/detection

91.243.59.18:17890
95.143.179.186:32095
95.143.179.186:4633
elew3le3lanle.freeddns.org
f0616071.xsph.ru
f0616073.xsph.ru
kent0mushinec0n3t.casacam.net

# Reference: https://twitter.com/James_inthe_box/status/1478746497948663808
# Reference: https://app.any.run/tasks/eaa7e1d3-4df8-4536-bbb2-0168e99d6682/

http://103.151.122.110

# Reference: https://www.virustotal.com/gui/file/c60e4ea99ca2ebf51e8f0a2e4d839f93842eade69fe8615b37e172f973588da7/detection

rdcrd.ddns.net

# Reference: https://www.virustotal.com/gui/file/cbdf8d2be76d288a514989e1f28d3337bb534fb2646f097a7c079b5077a7062f/detection

cdinow.com.br

# Reference: https://www.virustotal.com/gui/file/d914d5cdd15e0506a7c0ba73d91f7d3413d77f615c04f6edcf326652755f9271/detection

79.134.225.79:6553
asddskfjjer.duckdns.org
berryttttiere.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b04d28283ec49de3e279ebe143d7e70f1cc50751c070c703e2d46d4f542963c2/detection

185.140.53.129:7575
futurist2.ddns.net

# Reference: https://www.virustotal.com/gui/file/6d6572ebea765cec047ca16e8789071f1f4f65af04e66b154c63cc6d5eb66b38/detection

citotest.co
mail.citotest.co

# Reference: https://twitter.com/James_inthe_box/status/1481993249615056899
# Reference: https://twitter.com/Arkbird_SOLG/status/1481998550565208067
# Reference: https://app.any.run/tasks/bd261b33-c8aa-462a-8024-7a6d68f3eef5/

72.11.157.208:8080
hogyajohonathaabkuchnaihosakta.blogspot.com
thankforeverythingeheheh.blogspot.com

# Reference: https://www.virustotal.com/gui/file/248ce8f51907aa4a7ce3ae5f9c947a30a7844340bae4a3621d4e0234ba18dc22/detection

mgbless.in

# Reference: https://twitter.com/tosscoinwitcher/status/1483496083535785992

dhuidwyqhdbvjasdhogyatohonathawarnameinmargya.blogspot.com

# Reference: https://threatfox.abuse.ch/ioc/298466/

207.32.217.137:8081

# Reference: https://tria.ge/220119-t2pzlabeh4

http://185.215.113.45

# Reference: https://app.any.run/tasks/255ab451-e195-401f-91e2-0190d785bc09/

p30oopp.blogspot.com

# Reference: https://www.virustotal.com/gui/file/210df80a70b520b2be5f410ed4db5591fbc2f9a1617b358bde7ed270d5246d29/detection

moregrace.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2044315e18cafe186d26d64d90caf0f4eb2cebe8b6e282d3b53a6f8604678c81/detection

udskhhkdsjdjskjdds.000webhostapp.com

# Reference: https://twitter.com/KyleKrejci/status/1488556020863578117

69.174.99.181:8080
72.11.157.208:8080
newbotv4.monster
update.newbotv4.monster

# Reference: https://github.com/executemalware/Malware-IOCs/commit/50f99cd6f12f7ea7234eb68984d783750d814091

http://192.154.226.47

# Reference: https://www.virustotal.com/gui/file/dd9ca7b43413a889f21414425fa2b9fc72dd1a2d19a4693d8b071b2611e5fe84/detection

181.141.42.35:2299
192.169.69.26:2299
asycoctubre20212021.duckdns.org
segundaversionasyc20212021.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cc7d7321cd0e93fb312ea39c0124256fa60b3335cd6632ec0e83ffb4bf2b3dc9/detection

3.91.91.127:3071

# Reference: https://www.virustotal.com/gui/file/285a61210326ff7f555c101bd70e19297a0eae42d1cb60a054c9b3827476920a/detection

agusanplantation.com

# Reference: https://twitter.com/pr0xylife/status/1494027121672572934

p21oiuun.blogspot.com
p41wwew.blogspot.com

# Reference: https://twitter.com/InQuest/status/1494020539282857999
# Reference: https://twitter.com/Finch39487976/status/1494025631377633280

/awsafddfhdgfhklskalskasr

# Reference: https://twitter.com/TeamDreier/status/1498267807536099328

glassqot.xyz

# Reference: https://www.virustotal.com/gui/file/ee612a035e325de9d6d515bd4eebf8f7ba759ce34f2b0741e2da1e8e0bbb8f2d/detection

13.79.186.107:12724
13.79.186.107:1338
13.79.186.107:1604
sikis.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/d65a5ac78a2cbb2fdb9f12f751400e5c5fda1ae22de67c6c6dc2df8cafca4684/detection

194.5.98.12:1984
vncnew1984.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7e16922c0da011c35c92ff5b1619d44add3df00232664cb7a22a19fd47a64f3e/detection

23.105.131.161:1337

# Reference: https://www.virustotal.com/gui/file/3b31d99396f9a664c739d1b666b57b19d47fd02e47619dffc313725408f1ed69/detection

185.247.69.130:3060

# Reference: https://www.virustotal.com/gui/file/16170cdb184356d800771aafaa7eb965464c2429bb66566c4762709bd3da494c/detection

2.56.57.129:7600
papakamzy.ddns.net

# Reference: https://twitter.com/pr0xylife/status/1501538557302906881

tromdx.quest

# Reference: https://twitter.com/0xrb/status/1501811448481468418
# Reference: https://www.virustotal.com/gui/file/e420d90738208a061aaca7b310bedf7efb56e89451c19d5049649621283ec583/detection

fhelandsb.xyz

# Reference: https://twitter.com/0xrb/status/1504363330651451395
# Reference: https://www.virustotal.com/gui/file/96c94753d9c4e21e9b27234517b36a2e3dd20492e2b112df8424de6e4f3971ce/detection

luc4e.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1504852684049981441
# Reference: https://www.virustotal.com/gui/file/50f4e6cf993b3cff47a2d0beaf2dfc897d00b5a220673cc47512f6795820ee13/detection

basicsoveradoandsqls.blogspot.com

# Reference: https://www.virustotal.com/gui/file/1aa74e2dbe9ad559a1f647046473767a890af31fa2490ee60adbe5103ed249bb/detection

103.147.185.68:777
kdaoskdokaodkwldld.blogspot.com
starinxxxgkular.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1506652188654850050

http://2.58.149.41

# Reference: https://twitter.com/0xrb/status/1508384289574252544

http://18.179.111.240
http://31.210.20.150

# Reference: https://www.virustotal.com/gui/file/7a9cd326adf37a9b48788b4106f94ef9e624a85c7e6c9e68db5aefd0f07fa31c/detection

inestone.info

# Reference: https://www.virustotal.com/gui/file/188043fd28084b04cafd0f5a2103e26f3b95bb0ae4911b1ec4c7dae9cca51f5e/detection
# Reference: https://www.virustotal.com/gui/file/454014b8d0a97800035504e0dd36e7717c21b8022a7c06a8d133c1afabf107cf/detection

lookupworm.mbplc.xyz

# Reference: https://www.virustotal.com/gui/file/b67205df267d03b58c2371687df9e3353d2d6408daf97cc8c45d980ea7a528dc/detection

194.5.98.208:4422
lookupnjblack.mbplc.xyz
lookuprdcra.mbplc.xyz
njblookup.mbplc.xyz

# Reference: https://www.virustotal.com/gui/file/3a0dcd4a3bf18d9665ba283db37a2bb3b77616822fb95da920ab894f88fa1fb5/detection

79.134.225.89:2233
lookupnanor.mbplc.xyz

# Reference: https://www.virustotal.com/gui/file/ff594d970ac8400ceba8d2e396b6183f9e7c09d002aa4a6d1361c72634e3ea2e/detection

116.62.200.72:47722
tonghua2021.ticp.vip

# Reference: https://www.virustotal.com/gui/file/ab476ce105370135bc45ee9b3d946f99647203d61396f8c626139de16cfbcf84/detection

http://18.156.82.84

# Reference: https://www.virustotal.com/gui/file/e0c14c8a1ace5e434b25250b28580b6f9e657f59c69ed1af1ccff135593ce9e7/detection

http://18.193.102.232
212.192.241.50:1010

# Reference: https://www.virustotal.com/gui/file/c2145acbab68ac8a0c33194cbab2f3a48dcff7d7804842f80620191fee0c2fb6/detection

http://52.59.234.180

# Reference: https://www.virustotal.com/gui/file/8744857085a019e8dd048176fa47a5f34aa80a7a1a26d00528c047316612522d/detection

52.59.234.180:33127

# Reference: https://www.virustotal.com/gui/file/af880994009ae32acf2ac7f09f2c7ce28abe8aa20580ef6d5248690698601077/detection

tromdx.sbs

# Reference: https://www.virustotal.com/gui/file/c2c910a12958213c5942d23bd6c2b70aef94b3c9971216af866c36a0ca328024/detection

http://185.222.57.209

# Reference: https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
# Reference: https://otx.alienvault.com/pulse/61b75c2915050cf6e811fef9

onedayiwillloveyouforever.blogspot.com
madarbloghogya.blogspot.com

# Reference: https://app.any.run/tasks/c1872210-cc81-434c-beae-21f74c8ea83a/

http://3.110.216.64

# Reference: https://asec.ahnlab.com/ko/29133/
# Reference: https://otx.alienvault.com/pulse/61a8dfe2a333faf90e50f7b3

minpowpoin.duckdns.org

# Reference: https://www.anomali.com/blog/aggah-using-compromised-websites-to-target-businesses-across-asia-including-taiwan-manufacturing-industry
# Reference: https://otx.alienvault.com/pulse/611612574ba8f1bd5de5e8d6

dlsc.af/jango/1.html
dlsc.af/jango/2.html
dlsc.af/jango/3.html
dlsc.af/jango/4.html
dlsc.af/jango/7.html
dlsc.af/wp-admin/buy/5.html
dlsc.af/wp-admin/buy/8.html
elmerfloyd.com/ru/
elmerfloyd.com/ru/Server.txt
elmerfloyd.com/ru/Server2.txt
elmerfloyd.com/ru/doc
elmerfloyd.com/ru/doc/Server.txt
elmerfloyd.com/ru/doc/ex/ALL.txt
elmerfloyd.com/ru/doc/ex/Encoding.txt
elmerfloyd.com/ru/doc/server.txt
elmerfloyd.com/ru/st/ALL.txt
elmerfloyd.com/ru/st/Server.txt
elmerfloyd.com/wp/4.txt
mail.hoteloscar.in/images/5.html

# Reference: https://www.virustotal.com/gui/file/fe07fc5d6f56e9126ba4035f7465eb4c9ec5ec6427568c507f2cfc5f5023aabf/detection

eb-bonker.com
smtp.eb-bonker.com

# Reference: https://www.virustotal.com/gui/file/ec974ca6242aa652bd3072ee8bac2d1e20d538835fe98ecf67b45289c4a5c168/detection

zoll-bund.com
smtp.zoll-bund.com

# Reference: https://www.virustotal.com/gui/file/fa916026f2fcab4826e44ffc4a1601f8ffefc15f4788125ec22c0301a388c60a/detection

79.134.225.115:84

# Reference: https://www.virustotal.com/gui/file/4c6ee3e7b8435f5710ec2f97861e81d6bed5e618209b9af55f45022cbda51c93/detection

37.46.150.105:1109
37.46.150.105:1235
service.mozillaupdater.com

# Reference: https://www.virustotal.com/gui/file/e73d5449c96c2b696fba508fc10aed6fb5c816cad4c6052dc8d3a972add1eeb1/detection

http://185.222.57.155

# Reference: https://www.virustotal.com/gui/file/ed374e0b094ff23907497ed79a603e0b20bdfc268ea5fc1fabbf559cf0fab235/detection

http://136.144.41.76
http://3.68.158.237

# Reference: https://www.virustotal.com/gui/file/2123f1c10dac02ac6c2fe68531d4ac9f03b9dedf68bbf7988667c7938a1788f1/detection

http://20.222.50.134

# Reference: https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware
# Reference: https://otx.alienvault.com/pulse/627e55b58b63d7af57b8362f

taxmogalupupitpamobitola.blogspot.com

# Reference: https://www.virustotal.com/gui/file/12827476a9a580f9954c0d5f62bcbd570a3ebc688125ee7034075b4c4650fbf9/detection

94.198.40.11:4780
tyujfg55.ddns.net

# Reference: https://www.virustotal.com/gui/file/098a60a2b91e1875ff1a3392f0952d0bf15ca6ea538bcf977d4779e979389ec7/detection

194.5.98.16:5743
tes4004.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1528989649133240321

sartco-ir.com
smtp.sartco-ir.com

# Reference: https://twitter.com/Computeus7/status/1531657197507297280

http://45.133.1.41
http://52.59.30.24

# Reference: https://www.virustotal.com/gui/file/4820df9a7a0f1eab0f8d67c6f66a770823fed3e00af12426982d24e96be6cce0/detection

officedocuments.duckdns.org

# Reference: https://www.virustotal.com/gui/file/028019f1c7740146ca887bbc2fd9249d16088adc376543e7c7464ad3e516e729/detection

http://2.58.149.2

# Reference: https://twitter.com/KyleKrejci/status/1536440534335627264
# Reference: https://app.any.run/tasks/5ebb3c01-c250-4811-9241-5ce65e3a5550/

http://78.138.105.142
78.138.105.142:21
78.138.105.142:56152
78.138.105.142:56153
workflowstatus.live

# Reference: https://www.virustotal.com/gui/file/47b2d4a36b13e444baf1cc93e53dc43f694bb2ddd8dc27cccb83358bdbec397d/detection

78.138.105.142:62174
78.138.105.142:62188
78.138.105.142:62335
78.138.105.142:62524
78.138.105.142:62728
78.138.105.142:62932
78.138.105.142:63133

# Reference: https://www.virustotal.com/gui/file/f48560ece84a9ce7712de673e824da2255c38c4aaac14f022fff31471d3fa2aa/detection

78.138.105.142:52901

# Reference: https://www.virustotal.com/gui/file/8aae21852d1307637f69490d55c5f3b62be9d4f0d1860236d8bce98edb3032a4/detection

78.138.105.142:55660
78.138.105.142:55665

# Reference: https://www.virustotal.com/gui/file/8a0609f4c968db4ce17d3db40186c95d5e83508903c7be4e7d9b66e6b1949a6a/detection

78.138.105.142:63035
78.138.105.142:63047
78.138.105.142:63143
78.138.105.142:63273
78.138.105.142:63420
78.138.105.142:63597
78.138.105.142:63802
78.138.105.142:63908

# Reference: https://www.virustotal.com/gui/file/614810c90a5351a452d452338c292d3eb637fae0b180c2695a652790757eb3d1/detection

78.138.105.142:52582
78.138.105.142:52583

# Reference: https://twitter.com/tosscoinwitcher/status/1537499839168032769

http://193.233.191.138

# Reference: https://twitter.com/malwrhunterteam/status/1538843577047973890
# Reference: https://www.virustotal.com/gui/file/d6eadfa5ca3a0a9910e9ff9d8c89cabf9417f74da30b31ac89e98c65716b6901/detection

http://51.255.4.253
51.255.4.253:21
51.255.4.253:49722
51.255.4.253:49723

# Reference: https://www.virustotal.com/gui/file/7520049a8b7f13afb144b8cfb8061f7bc9dd6e5ef99f58869b1eacee7359b028/detection

51.255.4.253:49732
51.255.4.253:49734
51.255.4.253:49735
51.255.4.253:49736
51.255.4.253:49737
51.255.4.253:49738

# Reference: https://www.virustotal.com/gui/file/964ba4b1716c4c10e41efe3ab2e44dab4e6dfcc415282f2fe47f0c17549828ee/detection

http://62.197.136.167

# Reference: https://www.virustotal.com/gui/file/0b1c3985cfe6fd26489cc745f60cf63e6bea52b410c099e3434befa2c6568b19/detection

http://74.201.28.111

# Reference: https://www.virustotal.com/gui/file/03c9710a47d065da81d4321c06b9ccd9b48d9a9dc692a9df92c564b04eca7929/detection

102.89.2.247:1009
greataggy2.linkpc.net

# Reference: https://twitter.com/reecdeep/status/1547582759543091202

51.210.113.204:21
51.210.113.204:587
parlakraj.com
ftp.parlakraj.com
mail.parlakraj.com

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Agent%20Tesla/AgentTesla-%2017072022
# Reference: https://tria.ge/220717-f3fweshahl
# Reference: https://www.virustotal.com/gui/domain/obynnehhhan.com/relations

obynnehhhan.com
smtp.obynnehhhan.com

# Reference: https://www.virustotal.com/gui/file/bc92a5b1c4205ea1fbfec9144b8aab485e095142c7105c9d616b089ec668f198/detection

onyangdol.site

# Reference: https://www.virustotal.com/gui/file/bbf259ce41309be3f93aa4100d6a8bf2fd84b11d884143b01046ede50b49296c/detection

45.137.22.123:65
filli.fastestmaking.com

# Reference: https://www.virustotal.com/gui/file/ce06d859d485847cca5b67656d6dd7d5450f68f8c92e4fdff6010f0cce3982be/detection

bits.fastestmaking.com

# Reference: https://www.virustotal.com/gui/file/09cd25675dfbb2f5f765acfaf5755b0b27b60d0e1bfd15921499799ff96c9583/detection

172.93.187.249:76
vst.fastestmaking.com

# Reference: https://www.virustotal.com/gui/file/1c90c6941bb88cace359cccc81a15bbb966df702c09a53a460a178115e52d220/detection

172.93.166.240:82
signal.fastestmaking.com

# Reference: https://twitter.com/1ZRR4H/status/1551271193579331584

testeee-d23ed.appspot.com
/hfjghgjhgjhgjh.txt

# Reference: https://twitter.com/ov3rflow1/status/1551994170801356800

greeeeeeeeeee-6cc16.appspot.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1552979829540126721

namaztrading.xyz

# Reference: https://www.virustotal.com/gui/file/bf82e63a329df322601a0e89ee6bb266eef45e7c8ad21d18ec112a7b47ab4b21/detection

91.193.75.132:1660
phili01924.ddns.net

# Reference: https://tria.ge/220815-f7pzwsheg4

smtp.valtronics-ae.com

# Reference: https://twitter.com/reecdeep/status/1560189373865402368

alptamaracapital.org

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Agent%20Tesla/AgentTesla-%2023082022

botswlogistics.com
imap.botswlogistics.com
smtp.botswlogistics.com

# Reference: https://twitter.com/malwaremustd1e/status/1562419200676601856

dadabhoy.pk

# Reference: https://twitter.com/0xhido/status/1564190784135593984

klarotecnologia.com.co/xx.txt

# Reference: https://twitter.com/pollo290987/status/1565241508185399297
# Reference: https://www.virustotal.com/gui/ip-address/107.182.129.168/relations

107.182.129.168:21

# Reference: https://twitter.com/reecdeep/status/1567505037743607808
# Reference: https://www.virustotal.com/gui/file/b957fdda6bfbdb542996764b9e727533dd86194f6c34969cbbabd970ecee6ee8/detection

botswlogistics.com
imap.botswlogistics.com
smtp.botswlogistics.com

# Reference: https://www.virustotal.com/gui/file/c5fef5b2aa9ed0317a992428b220bd439e3ffe0263d27e2c30a088539c15a177/detection

idtetangede.cf

# Reference: https://twitter.com/James_inthe_box/status/1570073763525595141
# Reference: https://app.any.run/tasks/3af3d4dc-cd23-42ef-ac60-bc672ae03350/

107.182.129.168:59769
107.182.129.168:59770

# Reference: https://twitter.com/0xToxin/status/1570084621907361792

pushkinfear.xyz

# Reference: https://twitter.com/reecdeep/status/1572964195821359106

jubana.cam
smtp.jubana.cam

# Reference: https://www.virustotal.com/gui/file/6fc8c73f925cec7ad7e0b0123ee9a92a1b11166466f37a11ebc492e1eb3cfc44/detection

http://194.145.227.242
/new_Iaaykfiq.png

# Reference: https://unit42.paloaltonetworks.com/originlogger/
# Reference: https://otx.alienvault.com/pulse/6321cdc9ae733812be9b9331

0xfd3.com
origindproducts.pw
originlogger.com
originpro.me
originproducts.xyz

# Reference: https://twitter.com/0xToxin/status/1574677346421862401
# Reference: https://www.virustotal.com/gui/file/b93acad3589d244513504bb4bedb0e1efff008a35347f7d5062cd44a6a70bb09/detection

185.216.71.84:21

# Reference: https://www.virustotal.com/gui/file/208456d77b3702b1b5ae05273327feca114be373ab54c8e26937e54a605ee2f5/detection

193.161.193.99:34463
retrixclix69-34463.portmap.host

# Reference: https://www.virustotal.com/gui/file/989794eafbea5d4a419155e6ff0b7ab30eb8e45a4d220c64b40e65191e8419dc/detection

37.0.14.202:5050

# Reference: https://twitter.com/0xToxin/status/1583157689898573824

http://195.178.120.72

# Reference: https://www.virustotal.com/gui/file/626b980cc5556566f2d86f27e221529097057c14c5694f7b2f81e1575c0ebcaa/detection
# Reference: https://www.virustotal.com/gui/file/2ab6d433562cd06c8abfd5063ebfcfb5c9b44cde063f53643379a97b64bdf1d1/detection

86.104.15.60:21
86.104.15.60:50573
86.104.15.60:50712
86.104.15.60:55808
86.104.15.60:57642
86.104.15.60:57885
86.104.15.60:58665
86.104.15.60:59037
86.104.15.60:59250
86.104.15.60:60743
86.104.15.60:62347
86.104.15.60:64263
86.104.15.60:65063
chinazhonghang.com
ftp.chinazhonghang.com

# Reference: https://www.virustotal.com/gui/file/68180cebba2d550b1dd946b86c48ebb3eaddf8589a4b0da769994667f2c20a81/detection

79.134.225.12:13432
waleweb.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1587028507888173058

http://194.180.48.246

# Reference: https://twitter.com/0xToxin/status/1587576617949446148

http://62.108.40.71

# Reference: https://www.virustotal.com/gui/file/04300ce07c309487107a7338ca86ad5ff7bd4364227767c643f77a692b901152/detection

23.105.131.236:2048
inforosi3m.hopto.org
johnie3m.hopto.org
micheal3m.hopto.org
sheilabeltagy4m.hopto.org

# Reference: https://twitter.com/th3_protoCOL/status/1590008450716962825
# Reference: https://www.virustotal.com/gui/file/46742d39d6b545f772a5e59fbb3473da920724bff3d44ddae1f31eab115ccaa8/detection

microsoft-assistant.com

# Reference: https://twitter.com/cr4shtest/status/1590073717736222720

http://62.204.41.235

# Reference: https://www.virustotal.com/gui/file/03bc0dd9fdc46ce607f1158fd4ed8d4e5c9b9f5dc67b49c67bf626ec4f2ef001/detection

dorkedmail.shop

# Reference: https://twitter.com/0xToxin/status/1591008859992502273

http://107.189.4.253

# Reference: https://urlhaus.abuse.ch/host/193.106.191.16/
# Reference: https://www.virustotal.com/gui/file/000f15928063325a1951917b34264a1b74a2a1a637808d38d708a2a9ef6bfabe/detection

http://193.106.191.16
193.106.191.16:7766
/obf_AaAaaaBBBAAa.exe
/obf_AAaaAaAaBAaAaBA.exe

# Reference: https://www.virustotal.com/gui/file/d4079295508b31050776a08493fc0ad82f4dff60ed5757ccb1fb878a837f9331/detection

136.144.41.243:1111
95.214.24.140:1111
elektraal.duckdns.org

# Reference: https://marcoramilli.com/2022/11/21/is-hagga-threat-actor-abusing-fsociety-framework/

http://4.204.233.44
/Dll/Dll.ppam
/Rump/Rump.xls

# Reference: https://www.virustotal.com/gui/file/4168b19c680ca6915af6fd3cff3e2a59f61a9e85d781aa903fff9d30f1a95dea/detection

79.134.225.31:3477
marionpreet.ddnsfree.com

# Reference: https://twitter.com/souiten/status/1598551767985573890

http://20.238.8.87

# Reference: https://www.virustotal.com/gui/file/2feaed19066bd61d7d6995b69373271a65caa1aa55d040fa4234fe98268d0e72/detection

http://185.246.220.249

# Reference: https://twitter.com/JAMESWT_MHT/status/1600778404164694017
# Reference: https://tria.ge/221208-kr54dscd6t

tegzw-com.cf
mail.tegzw-com.cf

# Reference: https://twitter.com/HaoZhixiang/status/1602934666704474113
# Reference: https://www.virustotal.com/gui/file/130282c194b24451677eafe97cc7734217826a50469060f5120d82c0f3f89887/detection

divmainbot.pages.dev

# Reference: https://www.virustotal.com/gui/file/1710f5dc460e74baa34df04eaf632df8055b6497d8c18fc24572d3e53ed06e48/detection

otogi-zensen.com

# Reference: https://www.virustotal.com/gui/file/0420aee150550e0f46b0b5e918c6e17f2a48c32b31eb271eeea537e5e91ed544/detection

185.27.133.14:21
185.27.133.14:38501

# Reference: https://gist.github.com/kirk-sayre-work/32b6d6b788ad39008e5ec06f918d3ef1

http://185.136.170.209
http://195.178.120.24
http://5.42.199.41
/22todaoctob.txt
/24thtodayjajdjdhdfhhf.txt
/agdsjdfgfahjsdhgfsdgfjkagsdjh.txt
/ajkgjshkgsgfskgasddsfsd.txt
/ajsgashfgafajsgasjdqwdsvdsja.txt
/emabiggggg.txt
/fgfzfgdgdghjfhjfjh.txt
/gdjsagjsgsadavdhjwes.txt
/ghsjgjgjsjgdsgjgsgdj.txt
/hajsfdsahjfgafgsfgdjsah.txt
/hdsagsjskgsahjgsgasjgjsgdhf.txt
/jsajgsjssgfskgfkgfssa.txt
/ksbkjsakjdsbndkjakjbdsa.txt
/nasdvbnnbdjsbbdhvshadhajsdsbdjnvd.txt
/sjfhsdfjhdkfgjsdfkjkssgthurs.txt
/yesyesbnononoyes.txt

# Reference: https://twitter.com/reecdeep/status/1604833395057491968

http://103.171.1.58
/SssgRpjWU57.u32

# Reference: https://www.virustotal.com/gui/file/1a63ebf5ad49cfec1cbb99dc2e8fb863a7f7bb309373d1396b44114f161351b6/detection

185.140.53.9:1110
1110.hopto.org

# Reference: https://www.virustotal.com/gui/file/444d9818dff6801ccf8ded476f2b76bbe9c9a6166656e22c58777751e57e8e75/detection

194.147.140.4:2202
2202hotfield.hopto.org

# Reference: https://twitter.com/Unit42_Intel/status/1611379660029366273
# Reference: https://github.com/pan-unit42/tweets/blob/master/2023-01-05-IOCs-from-Agent-Tesla-variant-infection.txt
# Reference: https://www.virustotal.com/gui/file/19a256a2a9bc0d7222511f9dff8941fc38f6bd9721265d554adec0c035dc8651/detection

savory.com.bd/sav/

# Reference: https://twitter.com/James_inthe_box/status/1618647794050535424
# Reference: https://app.any.run/tasks/5907d10c-7691-4d53-ace6-c3b58ed08db8/

http://198.98.55.114

# Reference: https://www.virustotal.com/gui/file/01879e8322b8cc4a89bfa063e1072a689b09aafbca13657bac9462c253accafb/detection

dropbuyinc.ga

# Reference: https://www.virustotal.com/gui/file/6917d78000e1b9fc8a4b0bc49ad7a4458d5e61c29ca9ca2660479f65a3ce3d72/detection

alpatrik.com

# Reference: https://twitter.com/InQuest/status/1626758679843205120

billielishhui.blogspot.com
urlpropogationintimitacy.blogspot.com

# Reference: https://www.virustotal.com/gui/file/e2301b4f7c0ee56d2b75f25eaf25554ee12fa326f5a7abd5a93c7597b157cc5c/detection

142.202.191.242:2020
142.202.191.242:3040
142.202.191.242:4040
0pmboy.duckdns.org
mxvssb.duckdns.org

# Reference: https://twitter.com/wwp96/status/1627922823917486080
# Reference: https://app.any.run/tasks/ee706ee5-26a2-4cf9-b0dc-b18a9951ac94/

catknock.com

# Reference: https://www.virustotal.com/gui/file/7ce6c3f269eefc0ab0e638a64f9d77d8e003aa7acb9f819310b614f7b09c155c/detection

sekereoka.ddns.net

# Reference: https://www.virustotal.com/gui/file/5b7354cfa06b92e03b0da28136787e7cb445923534f5ed225d7ab21a0d4a0752/detection

194.5.98.111:55720
sekereoka1.ddns.net

# Reference: https://twitter.com/InQuest/status/1628304944381018113

doccallingupdate.blogspot.com

# Reference: https://www.virustotal.com/gui/file/1202b3945fc4180dde14d70d30c462fceb63a997a39948890682860cb654bba0/detection

http://107.175.202.151

# Reference: https://www.virustotal.com/gui/file/b0f43b5dfa96cdff8e48fccb2c5955822afc954f821bb51123dcc6bb03644317/detection

plax.duckdns.org

# Reference: https://mp.weixin.qq.com/s/rF4p-PHQrV33svltk44vOg
# Reference: https://otx.alienvault.com/pulse/63fce762ed5bacb1a8ae2532

emilie.businessup.be
portal-test.xperiorlist.com

# Reference: https://twitter.com/wwp96/status/1633183691701899269
# Reference: https://app.any.run/tasks/b0d365ec-4c7a-43e2-a39c-0f11bd57c7b0/

emsgpo.info
ori.ydns.eu

# Reference: https://twitter.com/wwp96/status/1634293116995002369

http://107.172.4.169

# Reference: https://www.virustotal.com/gui/file/7711662adb3022ca0f778deb6ee91f9368e1066e046512ea11283767275c953b/detection

46.246.14.20:5670
paomarca.duckdns.org

# Reference: https://tracker.viriback.com/dump.php (2023-03-12)

http://103.141.138.110
http://103.147.185.68
http://103.153.76.164
http://104.144.198.78
http://107.182.129.59
http://142.132.185.172
http://149.28.210.77
http://163.123.142.161
http://180.214.239.67
http://185.117.90.36
http://185.225.74.69
http://185.246.220.133
http://192.210.214.146
http://193.233.187.19
http://208.67.106.111
http://37.0.8.144
http://37.0.8.76
http://45.141.84.146
http://69.174.100.168
http://79.134.225.77:44
http://80.85.156.9
http://85.202.169.159
http://85.31.46.78
http://95.181.164.213
ac4d2t1.xyz
accountingdept.co
adventuretoddler.com
afunshy.duckdns.org
akhskneya.org
amidas-sec.com
ankaragucluler.com
apcontech.in
arki.trusecudosdeslyinvoicsed.top
bagavathimachines.com
bakuzamokala.duckdns.org
bayt-properties.com
berryglobals21.xyz
billaccountant.com
bnpparis.co
bohler-edelstahl-at.com
bpi-business.live
bqmbams.com
calicheimpresores.com.co
callatelogs.com.ng
cherryblossom.fashion
chestermachinetools.me
clillozikoexx.pw
cococlaw.com
cookdupagetransportation.com
coolhead.xyz
coopalerj.com.br
drfahimeshahrokhi.com
duramesh.com
ekmillerproductions.com
ekonomski.ba
expolinks.co.in
fentibruks.xyz
flood-protection.org
fmg1.xyz
fmg2.xyz
forepointmachinery.com
freespending.info
freetheme.co
gecfornmosa.com
gharsyhndur.com
gonbringlog.pw
goodboxx.in
greukrainy.duckdns.org
gsi.net.vn
gulfgrating.com
hdfbank.in
hfddsz3232d.top
hosseinsoltani.ir
hwapoa.com
infocheckdetails.com
investorzillion.com
jacvim.com
jober.pp.ua
karatu.xyz
khwahishpunjabi.com
lab2e1.xyz
lagrangegps.com
lametopvxry.ydns.eu
leylakaiser.com
limo.trusecudosdeslyinvoicsed.top
lku7.tk
luc4g1.xyz
marktinbet.pw
maryduke.co.uk
mediaboat.in
microsoftiswear.duckdns.org
mobibagugu.duckdns.org
mobinomomuam.duckdns.org
myservepanel.com
newsandbooks.xyz
nofearworld.xyz
obclndolnogs.pw
oko1e2.xyz
onwaoct.xyz
onyembu.pm
ophtalmiccenter.com
opt-outgoingemail.pw
originweb.ga
parkkavalayam.com
people.servegame.com
perfa.pk
protoolschile.cl
prt.obclndolnogs.pw
pushkin231.mooo.com
pushkinorigin.ydns.eu
radiokerigma.com.br
rajasthankiran.com
rawpanels.com
re-pos.in
referralwx.com
regattaxiamen.info
regencyship.info
salkic.co.ba
samberii.com
sandjsolutions.co.za
seaviewbatroun.com
securefileshared.com
sharepointcrmtemplate.com
shivsons.info
sr.dammadixon.com
successlink.co.vu
supreme.servegame.com
t1koma.com
theremedycenter.com
threahingweath.com
tienthinhgroup.com
trusecudosdeslyinvoicsed.top
wellnesslifezone.com
willyprocessequipments.com
workpaymechuby.com
wttxt.info
yungchunsteel.com
zacwon.com

# Reference: https://twitter.com/kienbigmummy/status/1635195179933245441
# Reference: https://www.virustotal.com/gui/file/40ab3a8829f6a3b392c147c78a9780c5116dca9c49b381d5557cb7ea3b99b67b/detection

http://167.114.163.232

# Reference: https://www.virustotal.com/gui/file/145a6111995b10d04ccf1d3689fc82d75f1d7526ade1e138788bec6a1f07ca9b/detection

cs50.publicvm.com

# Reference: https://www.virustotal.com/gui/file/0d138f074481ae773f460a2960fa260f1084acc4f0e30fdccbc1cdbe041141ac/detection

downloadserver.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e8340421f6bfccc9590f760bb5d4a2a614c8bb1f30f6d6671395f2792d8bf6d6/detection

justnormalsite.ddns.net

# Reference: https://twitter.com/Gi7w0rm/status/1640051185632591872

http://91.228.197.168
/j/p10j/login.php

# Reference: https://twitter.com/jstrosch/status/1641402601265668096

chasamloriger.su

# Reference: https://www.virustotal.com/gui/file/c0da45f5778bea3893cd37ac93c2951e1b529c1fb9a21205dea021c28fc5ad53/detection

46.246.6.12:1028
blast012.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0ffb820a4545c18c38d7b7c22c456c53fb7e1135af380b32cc221e0d65a188e3/detection

http://192.227.183.170

# Reference: https://twitter.com/Yeti_Sec/status/1648670765116522496
# Reference: https://www.virustotal.com/gui/file/25538b555cd4f041e589015b0a44f148c28d6e2ff13b6e04f48b2ca5b8e723c5/detection

http://185.225.74.24

# Reference: https://twitter.com/0xperator/status/1655630579927248896

http://62.204.41.23

# Reference: https://twitter.com/James_inthe_box/status/1663586640101793793

http://185.252.179.22

# Reference: https://www.virustotal.com/gui/file/3fe32b6585d1b08c476c9d32be35debd2128d76780fb48558565a8d53ad71c34/detection

http://23.95.122.102

# Reference: https://www.virustotal.com/gui/file/c7cbc6a6984555cf9c4d50922a8e234eb2b50c94e0d216ea1d840618bfc2d00a/detection

simplmizer.duckdns.org

# Reference: https://threatfox.abuse.ch/ioc/1140185/
# Reference: https://threatfox.abuse.ch/ioc/1140177/

jimbo.ydns.eu
/jimboori/inc/

# Reference: https://threatfox.abuse.ch/ioc/1140405/

chibb.ydns.eu
/chibbori/inc/

# Reference: https://twitter.com/James_inthe_box/status/1683938338246647808
# Reference: https://app.any.run/tasks/ef1a941b-9495-40ff-ad46-914e22f30236/

adoblupdate.blogspot.com
///////////////////////////////////////////////////////////////////atom.xml

# Reference: https://twitter.com/James_inthe_box/status/1689005366250754048
# Reference: https://app.any.run/tasks/5ab5802c-a63a-4709-a213-115260f30b1b/

abodiopdate.blogspot.com
/////////////////////////////////////////////////////////////atom.xml

# Reference: https://www.virustotal.com/gui/file/5c4025099862f0c9269324f17c072bf287e1957631b25569a7e3b2e018a113df/detection

evensayers.com.au

# Reference: https://www.virustotal.com/gui/file/ad4d0ab6b7be1e9d1cf47790dc0644617987a156bc5e308ce7cbc359eef46ef1/detection
# Reference: https://www.virustotal.com/gui/file/0454600278f00ed9f7324c314164f8399df71053c9f38c77841cd0a0329e8b43/detection

db-private.ga
db-usa.ga
/wp/wp/api.php

# Reference: https://threatfox.abuse.ch/ioc/1143987/

macarty.ydns.eu
/macarty/inc/

# Reference: https://threatfox.abuse.ch/ioc/1143989/

caeser.ydns.eu
/caeser/inc/

# Reference: https://www.virustotal.com/gui/file/f3e6621928875a322ee7230ccf186bdaa5609118c4a6d1c2f4026adfb8e88744/detection

huskidkifklaoksikfkfijsju.blogspot.com

# Reference: https://twitter.com/James_inthe_box/status/1687140503295565824

abhgzr.ma

# Reference: https://twitter.com/petrovic082/status/1687338911452782593

/castrnewbaze64.txt

# Reference: https://threatfox.abuse.ch/ioc/1148926/

upadte-reviewer-online.live

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/08/agenttesla_07-08-2023.json

worlorderbillions.top
mail.worlorderbillions.top
/nbvzfip.txt
/nigazxbb.vbs

# Reference: https://www.virustotal.com/gui/file/0b319d44ffd75de8bba5cc00409b2d9873f37956ce5a4f352e26b445f2e336a7/detection

91.193.75.133:54984
berlinb765.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c5cffd536a9cad1fc652d4916fd9b66b94cbf3a5ae1f0478a4f16c690b6bc188/detection

91.193.75.133:4335
nwokesienna.duckdns.org

# Reference: https://www.virustotal.com/gui/file/03f98ca060ef7459937402940c3bf191a2bbff322e122c3561016fcc44a59ef1/detection

197.210.226.199:1119
1119.hopto.org

# Reference: https://www.virustotal.com/gui/file/11352d20b19fc8333bc6f13a6056755198db7f369acff0f963561b217ab09276/detection

185.140.53.9:1121
1121.hopto.org

# Reference: https://www.virustotal.com/gui/file/c806c71111c07686b4664fc0d31b4a6479fb606edc789e4c7bb022fc5da41575/detection

91.193.75.133:5754
knockoffs.camdvr.org

# Reference: https://www.virustotal.com/gui/file/b561fbb12e457b373d4bb8e79dd2c7438e7e04142caa0a33ca4b65a5744446cc/detection

194.5.97.23:9997
nanduck.duckdns.org

# Reference: https://www.virustotal.com/gui/file/72219e131476a429db3323631405429880f29bb3bbe655d31f1b3e37edd18303/detection

cawp1.blogspot.com

# Reference: https://twitter.com/smica83/status/1690414969169248257
# Reference: https://tria.ge/230812-vtn8rsch97/behavioral2

px13.blogspot.com

# Reference: https://www.virustotal.com/gui/file/49526c1508b1cff277f839a1ba27b4b59d308e744c7f9ef4bdd107fe22de380a/detection

194.169.175.43:5050
amm.mine.nu

# Reference: https://www.virustotal.com/gui/file/4b33a49ae0540f43c8357709841be70541d2cf162755e7649604b13740c5bad9/detection

swissprint-online.ch

# Reference: https://twitter.com/James_inthe_box/status/1691449399174664192
# Reference: https://app.any.run/tasks/1ac1126d-3c92-4d90-a640-cd9a302c3631/

http://94.156.161.167

# Reference: https://twitter.com/tosscoinwitcher/status/1691500186898407424
# Reference: https://tria.ge/230815-vmwn9scc67/behavioral1

http://88.209.206.90

# Reference: https://twitter.com/guelfoweb/status/1693556263513116989
# Reference: https://www.virustotal.com/gui/file/077063918d541317f3a7e19a812bf81acddd93eaa17a91179024e5067c8df3ce/detection

185.198.59.26:587
awelleh3.top
mail.awelleh3.top

# Reference: https://twitter.com/AvastThreatLabs/status/1694730035305783765
# Reference: https://www.virustotal.com/gui/file/1e512af2d4bc9aec5ead05d077c523a2eb88d29f58f96eab17f207c01e6dab54/detection

aboudeupdater.blogspot.com

# Reference: https://www.virustotal.com/gui/file/1cc4c731035f4c25866270e64dc1c8ae036bd373f924e080af7b0a588a019fd5/detection

23.105.131.228:1234
skysky.duckdns.org

# Reference: https://twitter.com/jstrosch/status/1696896004597887088
# Reference: https://www.virustotal.com/gui/file/dfc4a0222fb2f69e65438196a7935f86c6e42e3005c136930506a37542f6a0f9/detection

http://154.202.59.13
154.202.59.13:38834
154.202.59.157:38834
ddjm.top
lvmay.top
ttjm.xyz

# Reference: https://www.virustotal.com/gui/file/1a6c79b3bcdc90f6b1515f76a0b25cd2a642cc27b15d640cc27d3d944d1b59b7/detection
# Reference: https://www.virustotal.com/gui/file/2a852589c52954a54a1e658a114fb19e936443aaa85b4fed48b3c64ff1162b81/detection

193.42.24.214:38836
twoseconds.xyz
t.twoseconds.xyz
x.twoseconds.xyz

# Reference: https://www.virustotal.com/gui/file/2293710fbf66e120d90e03f95a38b966da05d33ee0a1df2f14500e4811085494/detection

sljm.top

# Reference: https://www.virustotal.com/gui/file/1ad2936e4d510633259697d0e7d692131c88de79716228963b39eb128a0dd301/detection

http://154.202.59.86
154.202.59.86:38834

# Reference: https://twitter.com/Jane_0sint/status/1697249874251813038
# Reference: https://app.any.run/tasks/76ef05d8-e143-4126-9bd1-e637aa06a764/

http://192.3.179.161

# Reference: https://twitter.com/JAMESWT_MHT/status/1697913019429192133
# Reference: https://app.any.run/tasks/72a87633-a275-4c79-b51f-5bf0a42faad7/
# Reference: https://app.any.run/tasks/779940b6-a41f-4a1b-84ab-4ff6d1d3fc35/

booking-com-details.blogspot.com
pwhotelnew.blogspot.com
hotelbackuppowaug.blogspot.com

# Reference: https://www.virustotal.com/gui/file/25432e8e8f9af1add96454347275d3f7f0167b23212f8c33ee6db99f7eeedc1b/detection

79.110.49.161:4441
moonandbebe.ddns.net

# Reference: https://www.virustotal.com/gui/file/3444d090e15e7c6614de5b5796e1fd6a0dc2b77eec63f732b2ea535664dc9a34/detection

2.59.254.111:54357
slucasanderson.ddns.net

# Reference: https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document
# Reference: https://www.virustotal.com/gui/file/1f562669f05e0880a319399f6b750b1f6fdc10a8f9c54dcfcf5cb9f2224d718e/detection

http://23.95.128.195
5.206.227.152:587
daymon.cc
mail.daymon.cc

# Reference: https://www.virustotal.com/gui/file/b1143ed4cbf60d189c02a47cc9370b587aa62ee3af51b5336a4bb4e6f8b224a9/detection

194.5.98.41:5498
alonso.ydns.eu

# Reference: https://www.virustotal.com/gui/file/7ffed39d75c89f4a79d0437d18076ec1906cf0d928886b67c91d2300e16938b9/detection

ansrt.duckdns.org

# Reference: https://www.virustotal.com/gui/file/08ccb639d18f192ab8120a9c5e2b9eb1499ab6e948aa25d8f108ed49228366ce/detection

186.64.118.235:21
186.64.118.235:46692
ftp.aktivos.cl

# Reference: https://www.virustotal.com/gui/file/171c707afb64b5ad621864968ce888af80401c2247b5b21a05f45985063d5b88/detection

suchitanandanmahavidyalaya.org

# Reference: https://www.virustotal.com/gui/file/b48656a73f039dfc48e237f13a15133739b2f26af136b9540f038e922f98b2c0/detection

wjjiutia.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1703741629058732262
# Reference: https://twitter.com/JAMESWT_MHT/status/1725508031222333807
# Reference: https://app.any.run/tasks/4923f3d3-446f-44cd-b8b1-5c6266b4b8d1/
# Reference: https://app.any.run/tasks/82c1e27b-e661-41de-8870-60356eeda3d8/
# Reference: https://app.any.run/tasks/c80d9e95-cd8d-4b3c-ae9c-c0daac630a74/
# Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-09-18)

bookingcomdetails.blogspot.com
busizinusa.blogspot.com
buzalotr.blogspot.com
cbasep23.blogspot.com
hotelofficeewn.blogspot.com
htlbookingnew.blogspot.com
idropbux.blogspot.com
otherbizzunus.blogspot.com
otherbusinesssep23.blogspot.com
resutanur.blogspot.com
/////////////////////////////atom.xml
/////////////////////atom.xml

# Reference: https://www.virustotal.com/gui/file/d975dba50f62eabd79d58afaab3bd2b258f723b9944df5ba1050195ea7279f03/detection

http://80.76.51.237/

# Reference: https://twitter.com/James_inthe_box/status/1703870219687690660

http://198.46.178.152

# Reference: https://twitter.com/phage_nz/status/1706249304233672910
# Reference: https://www.virustotal.com/gui/file/8ecd6a4c049c61b21aab0e99341ce31b772a96c682402e3c031b9c5a6161d0d4/detection
# Reference: https://www.virustotal.com/gui/file/53ed443459ccbd7a66690add22566691a9ce66ebfc51abaff42512ec041a3a68/detection
# Reference: https://www.virustotal.com/gui/file/3689ddd7d45ea04f13e073f993afb1b52d576d455d9317f446a31cc282324213/detection

http://193.42.33.91

# Reference: https://www.virustotal.com/gui/file/a338fe1eba5338f36bd95896bd18cef545549360f460a6e271367bebee1014b1/detection

servidorarquivos.duckdns.org
/cousin_GEF_BAS64dgfhjgfxzjgfzgfjzz.txt

# Reference: https://twitter.com/THProfiler/status/1708277306073170357

http://107.175.113.216

# Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-10-03)

http://5.253.38.46
poituox.fr
rakishev.org/ok.php
rakishev.org/wp-load.php
rakishev.org/wp-admin/admin-ajax.php

# Reference: https://gist.github.com/silence-is-best/23738d87475d67d843bd79231b008e5a

evantelamin.top

# Reference: https://www.virustotal.com/gui/file/a350bcb4b9de71a8e59178ef490b0c52bf3f7c16525862c04d319f87196dee1c/detection

http://94.156.253.128
179.43.183.46:587
royalcheckout.store
mail.royalcheckout.store

# Reference: https://twitter.com/josh_penny/status/1711820215728693316

http://192.3.176.153

# Reference: https://threatfox.abuse.ch/ioc/1186091/

http://141.98.6.154

# Reference: https://twitter.com/James_inthe_box/status/1712153226676752406

http://107.175.3.22

# Reference: https://threatfox.abuse.ch/ioc/1188877/

http://89.47.1.10

# Reference: https://www.virustotal.com/gui/file/1d4316b5e0e69055fa643f3d47b5ff1004623f20794db703736b45e69412d429/detection

http://95.214.27.15
162.0.215.27:587
162.0.232.33:587
euenarji.com
mail.euenarji.com

# Reference: https://twitter.com/r3dbU7z/status/1716092936377581593
# Reference: https://www.virustotal.com/gui/file/40183148f52840484b1f6c2530b244957bef6b2c493109b52ff1b9e9e41eccde/detection

http://141.98.6.91

# Reference: https://www.virustotal.com/gui/file/93896aa8bdee9e17a4c47e132bb0552f6ea7d3610d0791ef080f43148d8ceb85/detection

http://192.3.64.154

# Reference: https://twitter.com/reecdeep/status/1717515712757932080
# Reference: https://app.any.run/tasks/53e43e09-0c75-41e8-9eb7-7004a283a3f9/

http://141.98.6.124

# Reference: https://twitter.com/DmitriyMelikov/status/1719271747487211850

http://146.70.78.28

# Reference: https://threatfox.abuse.ch/ioc/1199442/

http://91.92.255.16

# Reference: https://twitter.com/doc_guard/status/1722155230983274716
# Reference: https://www.virustotal.com/gui/file/bb6ee7c5a144c685cfc53ad94995ba0aac1058c850e6c87e24d656296c07d5ab/detection
# Reference: https://www.virustotal.com/gui/file/f526ffc788eb36ca310e962831cfc94c5d833ce1be17f4bbccf273a7f874f085/detection

http://91.92.241.54
67.212.175.162:21
67.212.175.162:61661
67.212.175.162:63026

# Reference: https://twitter.com/doc_guard/status/1723679910089159051
# Reference: https://app.docguard.io/757a22e465f5958edacf1c9115c3c401fd4cf4ce76108d961268b5c196f95650/results/dashboard
# Reference: https://www.virustotal.com/gui/file/757a22e465f5958edacf1c9115c3c401fd4cf4ce76108d961268b5c196f95650/detection

trackmoney.dynuddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-11-12)

43.230.131.138:21
43.230.131.138:57745

# Reference: https://www.virustotal.com/gui/file/dd869a09d23e367cbcfaeeb3795b54d043b561b299d5e9d367317f1dce7445f7/detection
# Reference: https://www.virustotal.com/gui/file/8231ae50074ea3175aec0f30ab396d5971ae5185a4d9e9265eb596737a444fe5/detection

194.5.98.32:4545
197.210.226.89:4545
greenrem.ddns.net

# Reference: https://twitter.com/doc_guard/status/1727291737922478235
# Reference: https://twitter.com/doc_guard/status/1730250707188527505
# Reference: https://www.virustotal.com/gui/file/91f7d692760bbadb48882e8a8d8abe9e6890bd4d5b735fad22b3247693da834e/detection
# Reference: https://www.virustotal.com/gui/file/632f7e212cc149d81b322def328534953b979d1f1885140e2645e4ac41d0f56c/detection
# Reference: https://www.virustotal.com/gui/file/3c756278503cd67e4ca18fa2acbba31c308153b5801f24b222a42b4b3331c780/detection

http://192.3.179.133
http://192.3.179.162
188.241.222.22:21
188.241.222.22:38809
188.241.222.22:40665
tyny.to
ftp.experthvac.ro

# Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2023-11-22)

162.144.23.32:21
185.80.2.120:21
192.185.152.133:21
87.121.87.143:6696
7070bc8.sytes.net

# Reference: https://gist.github.com/silence-is-best/67adb7549211b3046f554044bcc5c151

sqsendy.shop
server1.sqsendy.shop

# Reference: https://www.virustotal.com/gui/file/8dcc02ff63771813eb9aaf20bb767f775e960c142a53442ff08442b6615ea9bd/detection

http://88.209.206.215
192.185.16.97:21
192.185.16.97:39930

# Reference: https://www.virustotal.com/gui/file/1200b5470aa1f4185c483d8e0e7b51bfa90bad92e83bd9d8b4d5381985815849/detection

191.88.251.67:1014
torrecincodnremdn.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c3dae392cec9bd10ad4f2029a4f30642146b66584d6c0716ee6c8781164a145c/detection
# Reference: https://www.virustotal.com/gui/file/90f29e5759915cdf22122f9ae8fe99da5e68b8c36b3db9a3ef295ebe7f81e9d8/detection

181.131.217.46:1013
mazdaallegoredn.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ec1a914884709e72303399d8078d3e92590d67cb5a43e9b60e5a22671c4a9534/detection

191.91.181.184:1014
dnparqueaderodnre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/064436bae6b72769b71f9fc0c5237c473caadc0edea0fc94e8413189fbcf250d/detection

http://178.128.238.137

# Reference: https://www.virustotal.com/gui/file/ec17225fdc8beb40a5b9668d5f769ce01bb1164cc310951a7cbcdef676a7b90f/detection

213.152.161.234:9693
dico.is-saved.org

# Reference: https://twitter.com/bofheaded/status/1732788654635126788
# Reference: https://www.virustotal.com/gui/file/78b939e31c2226b2795868115cea7603df1b2e3281864740dbee846778b81b6a/detection

http://15.204.49.148
http://91.92.250.227
http://91.92.254.7
abedwpdata.000webhostapp.com

# Reference: https://threatfox.abuse.ch/ioc/1211511/

http://107.175.221.154

# Reference: https://www.virustotal.com/gui/file/96e0e29bc08e5408ea75ee7aabee3c1192f0a8adfabdb8b9123f8fc8781db5d4/detection

46.246.84.18:1000

# Reference: https://www.virustotal.com/gui/file/2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2/detection

http://217.196.98.10
http://91.92.253.29
164.155.231.101:16

# Reference: https://www.virustotal.com/gui/file/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce/detection

cream.hitsturbo.com
needs.hitsturbo.com

# Reference: https://twitter.com/James_inthe_box/status/1738233717083316634
# Reference: https://app.any.run/tasks/87f35396-902b-4073-b86b-2bbb72bfc215/
# Reference: https://app.any.run/tasks/3a6e270c-50fd-49d6-b028-65ca1947e06e/

blo0king.blogspot.com

# Reference: https://threatfox.abuse.ch/ioc/1222975/

http://212.162.149.96
/jTUdENoc176.bin

# Reference: https://twitter.com/JAMESWT_MHT/status/1743618987303317935
# Reference: https://app.any.run/tasks/54b1fc09-1482-4b1b-b79d-d65e5a0a5d35/

htloctmain25.blogspot.com

# Reference: https://www.virustotal.com/gui/file/22b34ea4b059e690696323d441fa4fb797fdae1adb3b5ef32ea8cf256acbcea2/detection

104.254.90.195:42892
portcheck.airdns.org

# Reference: https://www.virustotal.com/gui/file/cc8746614372f04897f441f269ec11796e78a3a60680ff8c7dd98ff4d69c31ae/detection

spencerstuartllc.top
fly.spencerstuartllc.top

# Reference: https://twitter.com/tosscoinwitcher/status/1754339751275221483
# Reference: https://tria.ge/240205-c9qsesafdr/behavioral2

vitalikcreatedethereumtobethenewworldorderscurrency.shop

# Reference: https://twitter.com/JAMESWT_MHT/status/1754411145870410108
# Reference: https://app.any.run/tasks/716315dc-bf30-4549-acd3-b456721ba60a/

htlbackfeb-03-24.com
booking-c.blogspot.com
booking-coms.blogspot.com
htlfeb24.blogspot.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.agent_tesla/ (# 2024-02-11)

http://91.92.250.136
merckllc.top
ndbplus.rs

# Reference: https://www.virustotal.com/gui/file/a430a60d9da2d2b9c0dd2bc28e71dd7c8f6944daacec6f4bc67800659e4c5b5b/detection

yegfhdbcnxvzaheiopfhjd.ydns.eu

# Reference: https://www.virustotal.com/gui/file/2221ac54239887df62a5f2fff01046ad81a159d842e2a4a26d4b0eee17791dd0/detection

http://5.181.80.193

# Reference: https://www.virustotal.com/gui/file/a06366b0fa7d5744a507ef1afdafa02d81a4315bdba697993b7ee4fce76f1d7e/detection

194.36.191.196:587
odogwubig.info
mail.odogwubig.info

# Reference: https://www.virustotal.com/gui/file/c940e8a531e26ffdaed0a134574f5f9ff2e039c723fd79edfd58f44dbc251f4d/detection

mnfhsgfhaioeuywgdbcva.ydns.eu

# Reference: https://twitter.com/Gi7w0rm/status/1765155934899257552

aermecc.com
aipusolibcontrol.com
barrbi.com
bbva-compass.biz
betoplogixx.com
buhlergrroup.com
chrr-hansen.com
cittroen-egypt.com
crfreights.com
euroslottpars.com
falconoilgesequipment.com
forrwel.net
gatesway-group.com
greemwell-eg.com
happytours-al.com
hiaexportss.com
infoikittco.com
itaka-pl.com
jacquatbrossard.com
koolorr.com
lamiipak.biz
leinweber-de.com
maxwidalog.com
mpdxb-ae.com
nep-az.com
petromeshaal.com
philika.com
pooonghanbd.com
shinestarrsky.com
tirlan-ie.com
xiengming.com

# Reference: https://twitter.com/Gi7w0rm/status/1765158167002915149

alwnapur.com
angeis-face.com
atv-cn.com
cn-asn.com
cordnepharma.com
dragonfolis.com
fastautodrive.com
fufemg-group.com
inabota.com
inteligencia-adauneira.com
jhgolfcrats.com
jsandogroup.com
koliber24.com
ltervate.com
makiswa.com
maplelenalogistics.com
merryynag.com
nanosotfpolymers.com
newyaselectronics.com
rushenterprlses.com
saitool.cam
trentnoph.com
unlmacts.com
urrae.com
vornoda.com
vurayol.com
yipln.com
youwelchina.com
yuxinmechanlcal.com
zeondurgs.com
zhnogli-lock.com

# Reference: https://twitter.com/James_inthe_box/status/1772979442257629298
# Reference: https://app.any.run/tasks/d7fe276d-82e2-421c-92c5-8b0e4a9a65e5/

hotelmain26march.blogspot.com
/////////////////////////////////hoho

# Reference: https://twitter.com/James_inthe_box/status/1775513290426511642
# Reference: https://app.any.run/tasks/6e0e4947-fd2e-4d97-855a-a3b4cc9d819b/

htlmain2aprl.blogspot.com
/////////////////////////////////////hoho

# Reference: https://www.virustotal.com/gui/file/5eecdaf0426291c6db36cc79cba590e61248a5364197d82228da2074a7fa3bba/detection

46.175.148.58:25
iaa-airferight.com
mail.iaa-airferight.com

# Reference: https://www.virustotal.com/gui/file/00e2add99425b2e52024e114383f63cc634bfae061b6d3687a067acc02490f3b/detection

181.141.0.188:2008

# Reference: https://x.com/ShanHolo/status/1797931602011734478
# Reference: https://www.virustotal.com/gui/file/26d16066af888fdb668dae6ff8340ae97db445ed6c1fb1c16e6bc734587ca293/detection

http://107.173.143.28

# Reference: https://x.com/karol_paciorek/status/1798616512435310858
# Reference: https://www.virustotal.com/gui/file/08d4999973d3e6d353f4a9cff68e3290bc63d4fce684544b8e96423dcb678fd3/detection

http://185.101.104.92

# Reference: https://x.com/doc_guard/status/1800305325007921602
# Reference: https://www.virustotal.com/gui/file/30a973e75f85a9ee9063fc4b17e5c6704f2e58ebfef7abe3e1d55c16f51b2e89/detection
# Reference: https://www.virustotal.com/gui/file/1eb870fd7894b602a9c88ac792330b22c9257ec7058462d4d802254c42dc5199/detection

http://192.210.150.27

# Reference: https://www.virustotal.com/gui/file/3e90bab5c79be10c283f3752091122910f7c5b9f35428a37eb0250d244d01f94/detection

91.92.250.115:4053

# Reference: https://www.virustotal.com/gui/file/187dafaf5b3f74c0caccfd46c202f6448bced4707b9bafcb43cae3cc5dc16f65/detection

163.123.142.171:39001
163.123.142.171:8080
163.123.142.171:8383
91.92.244.36:58001

# Reference: https://x.com/banthisguy9349/status/1805971359408722426

http://185.172.128.113
http://185.172.128.40

# Reference: https://x.com/banthisguy9349/status/1806663917118107840

http://41.216.183.208

# Reference: https://x.com/jcarndt/status/1808138081976873085

http://192.210.215.11

# Reference: https://x.com/ShanHolo/status/1808919985827262598

yarasports.com/inquiry/

# Reference: https://www.virustotal.com/gui/ip-address/194.85.248.87/relations
# Reference: https://www.virustotal.com/gui/file/b518f8c2542b31ed031b0ae42413ad0f792f407f5529420df24f8aa9cd4708a6/detection

194.85.248.87:9001
12345h.duckdns.org
iminent2.duckdns.org
mikeleejs.duckdns.org

# Reference: https://www.virustotal.com/gui/file/555a20d3756ad65f74f4ea768098c703a14bdb667772223abb8ea6e1c084ee7c/detection

185.235.219.204:1894

# Reference: https://x.com/P4nd3m1cb0y/status/1820749640116924871

coldairperu.com.pe/dsxtersimo/

# Reference: https://www.virustotal.com/gui/file/a4cbd44053b27e4e0e92caf3fc92ea0a21e42c3219261d6560e2c02f89e54ffc/detection

46.246.14.76:2054

# Reference: https://www.virustotal.com/gui/file/3d309b866b18d4c35ef39b4619464bce9f20f52ed97c8b3bf9afe328c15e9725/detection

109.206.242.6:7709
79.110.49.179:58001

# Reference: https://x.com/JAMESWT_MHT/status/1826301714422546885
# Reference: https://app.any.run/tasks/96eb12db-dbca-4add-8522-4394d568faa3/

educt.shop

# Reference: https://www.virustotal.com/gui/file/0fadb33a5d2590d6432da660788fe3ce9122ae0652f19fd68e4f1eaa51dc4b7d/detection

185.216.70.37:587
nsoftonline.com
mail.nsoftonline.com

# Reference: https://www.virustotal.com/gui/file/6a1b7cb8802d43156b65bd45e0cb26e1f513be2cd1ceeaf1adba92088c31030b/detection

xrfcxiquqcpqha.ddns.net

# Reference: https://x.com/skocherhan/status/1897197087630237837

67.18.65.183:21
rvoccte.com
ftp.rvoccte.com

# Reference: https://x.com/skocherhan/status/1902687366415839512
# Reference: https://www.virustotal.com/gui/file/0168bf4f3abf4fedb8f5a2c30a6c10bd2cc2d41f83e835f296fff879d27d12c5/detection
# Reference: https://www.virustotal.com/gui/file/00ee828590fbcaafc92503e2732f9fe179c772d72bf8cab156f1aa455dd2fedd/detection

188.241.39.200:587
surewaz.com
welingz.com

# Reference: https://x.com/ShanHolo/status/1902659366051835914

http://192.3.101.146
192.3.101.146:443

# Reference: https://x.com/ShanHolo/status/1902639209153769953
# Reference: https://www.virustotal.com/gui/file/483b97a047188b7140cf3075506576df8b3300ffa13049405be934d5084fddda/detection

http://107.174.231.211
http://198.12.89.24
107.174.231.211:443
kryx.ru

# Reference: https://x.com/skocherhan/status/1903986008468734061
# Reference: https://www.virustotal.com/gui/file/027089eaaa3b9a3270b6e5070a5c68d0162009829cc1948c080712bff7425489/detection

78.110.166.82:587
zqamcx.com
mail.zqamcx.com

# Reference: https://x.com/skocherhan/status/1911461678874493259
# Reference: https://x.com/JAMESWT_WT/status/1951273905089339735
# Reference: https://www.virustotal.com/gui/file/59a94017c933292ea2db178c24740b326f292bd4652016e091e590c6200c11c3/detection
# Reference: https://www.virustotal.com/gui/file/00794d4800365ee10a8cc3a81af456603ea1e6985914811a1b0fd41901e694fc/detection

http://144.172.122.69
162.254.34.31:587
baxeeon.shop
eraqron.shop
jertcot.shop
vetrys.shop
xisison.shop
ypcog.shop
mail.baxeeon.shop
mail.educt.shop
mail.eraqron.shop
mail.vetrys.shop
mail.xisison.shop
server1.educt.shop
server1.vetrys.shop
server1.ypcog.shop
fnvimoyvwkbxbmczlqus.supabase.co

# Reference: https://www.virustotal.com/gui/file/eebed33306b97dbfdd066fba682d58bcf93143f2b85fcaedf9956ea815e545bf/detection

146.70.118.226:587
monovm.host
mh1.monovm.host

# Reference: https://www.virustotal.com/gui/file/8b7fe7cd6a8eff6fb148cfc23c2d2936ef45f419af48d56f14716b53cf68043f/detection

185.222.58.228:1872

# Reference: https://www.virustotal.com/gui/file/0284a7f0250c589199ed11e4dad498ff9549809f0023b2fedd1b4be41a52d8de/detection

185.222.58.228:4821

# Reference: https://www.virustotal.com/gui/file/52008591811e364bb7f3796872bfd23dddb1a51639eea2237ead559a8a8917d9/detection

144.172.91.41:7708

# Reference: https://www.virustotal.com/gui/file/4b0b81952d07396b9b719f0b0fd12ed7bf652c0cb4640e05c849c342b0d7bfc6/detection

http://45.137.22.125

# Reference: https://www.virustotal.com/gui/file/0786481c938d2c09baf5aa1ed33c7a05a64a9e02be6182f58faffa130e9d400a/detection

http://45.137.22.122

# Reference: https://www.virustotal.com/gui/ip-address/45.137.22.120/relations
# Reference: https://www.virustotal.com/gui/file/b3ee1f52f5a3d451830252e20305dd8cd7e22c40d555be52431e61f420c81963/detection

http://45.137.22.120

# Reference: https://www.virustotal.com/gui/ip-address/45.137.22.235/relations
# Reference: https://www.virustotal.com/gui/file/0112be1d173907bd7b708e40a17b10440ae07f18c64c7a58e2ad606683ccc95b/detection

http://45.137.22.235

# Reference: https://www.virustotal.com/gui/ip-address/45.137.22.231/relations
# Reference: https://www.virustotal.com/gui/file/d564b5c7c60c94294ec4c66b330eab4078c4c067b4de51eadb4bc8ee7a4ee291/detection

http://45.137.22.231

# Reference: https://x.com/JAMESWT_WT/status/1950222180408557734
# Reference: https://www.virustotal.com/gui/ip-address/193.142.59.177/relations
# Reference: https://www.virustotal.com/gui/file/9c052a1d27bb53d3c3db8b1dab00e24c1bab7740b1767eb100047a6788c6ed79/detection
# Reference: https://www.virustotal.com/gui/file/00f8b3b872f9959090bb3b6e0dcbcf5771d3467cf59239bae4e0507fb69fb62e/detection

193.142.59.177:587
uwadiutonow.xyz
wenawulus.xyz
mail.uwadiutonow.xyz
mail.wenawulus.xyz

# Reference: https://www.virustotal.com/gui/file/b772cddedd48ccfc395e7ef2f0fac557455be89193972fe44c43dead942ac223/detection

185.244.151.84:587
falconcables.info
mail.falconcables.info

# Reference: https://x.com/smica83/status/1965005272692441316
# Reference: https://www.virustotal.com/gui/file/1bb1d0813df330a8972cedf06f1caf4615375b76fcd97fff69ecf396137d918d/detection
# Reference: https://www.virustotal.com/gui/file/95d88edfaba688952704d04a1b818db7276298647eb444bda9efe33d7251c3e7/detection

cloud-niche.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1af7c920929c3b71bdba26c751768f43106104ed7cdb48197ac2f8a15cc5d774/detection

cloud-fiber.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f31b38debf900c49d2ac77315a2d32b0c439198ac697f0147585fde4a5024147/detection

freexfree2025.ydns.eu

# Reference: https://x.com/skocherhan/status/1967331845059891453

http://107.175.148.79

# Reference: https://www.virustotal.com/gui/file/149694fd20adf6386f8546ab8d521cb2254d6c78fa5c2ca0d86f5567d46c79e1/detection

196.251.117.34:21
196.251.117.34:51160

# Generic

/apama2aktivossssbas364444.txt
/AVA/gate.php
/AVA/libs/eve/r.png
/AVA/libs/eve/x.png
/custom/alien/html/base/
/jv/loader/uploads/
/k/p23ec/
/k/p22fz/
/k/p21sz/
/k/p20pa/
/k/p19lp/
/k/p18ui/
/k/p17yu/
/k/p16gw/
/k/p15hy/
/k/p14po/
/k/p13fr/
/k/p12sw/
/k/p11za/
/k/p10gt/
/k/p9fe/
/k/p6ty/
/k/p5fd/
/k/p4fd/
/k/p3fg/
/k/p2by/
/k/p1az/
/k/oo0/
/k/p40sl/
/k/p39pr/
/k/p38ur/
/k/p37tv/
/k/p36yc/
/k/p35ib/
/k/p34oi/
/k/p33rr/
/k/p32wo/
/k/p31en/
/k/p30pe/
/k/p29qm/
/k/p28od/
/k/p27ub/
/k/p26yn/
/k/p25ta/
/k/p24rz/
/b0ss/inc/
/maca/inc/
/maca/maca/
/n/p1za/
/n/p2yu/
/n/p3bc/
/n/p4we/
/n/p5jh/
/n/p6df/
/n/p7ka/
/n/p8is/
/n/p9oz/
/n/p10he/
/n/p11wv/
/n/p12fe/
/n/p13rg/
/n/p14pw/
/n/p15ty/
/n/p16yh/
/n/p17ih/
/n/p18uq/
/n/p19ig/
/n/p20ov/
/n/p21js/
/n/p22ws/
/n/p23rt/
/n/p24re/
/n/p25wl/
/n/p26yy/
/n/p27ed/
/n/p28ia/
/n/p29if/
/n/p30rn/
/n/p31uc/
/n/p32ja/
/n/p33as/
/n/p34xs/
/n/p35ta/
/n/p36gb/
/n/p37up/
/n/p38op/
/n/p39dp/
/n/p40dc/
/p1za/asshole/
/p2yu/asshole/
/p3bc/asshole/
/p4we/asshole/
/p5jh/asshole/
/p6df/asshole/
/p7ka/asshole/
/p8is/asshole/
/p9oz/asshole/
/p10he/asshole/
/p11wv/asshole/
/p12fe/asshole/
/p13rg/asshole/
/p14pw/asshole/
/p15ty/asshole/
/p16yh/asshole/
/p17ih/asshole/
/p18uq/asshole/
/p19ig/asshole/
/p20ov/asshole/
/p21js/asshole/
/p22ws/asshole/
/p23rt/asshole/
/p24re/asshole/
/p25wl/asshole/
/p26yy/asshole/
/p27ed/asshole/
/p28ia/asshole/
/p29if/asshole/
/p30rn/asshole/
/p31uc/asshole/
/p32ja/asshole/
/p33as/asshole/
/p34xs/asshole/
/p35ta/asshole/
/p36gb/asshole/
/p37up/asshole/
/p38op/asshole/
/p39dp/asshole/
/p40dc/asshole/
/p23ec/mawa/
/p22fz/mawa/
/p21sz/mawa/
/p20pa/mawa/
/p19lp/mawa/
/p18ui/mawa/
/p17yu/mawa/
/p16gw/mawa/
/p15hy/mawa/
/p14po/mawa/
/p13fr/mawa/
/p12sw/mawa/
/p11za/mawa/
/p10gt/mawa/
/p9fe/mawa/
/p6ty/mawa/
/p5fd/mawa/
/p4fd/mawa/
/p3fg/mawa/
/p2by/mawa/
/p1az/mawa/
/oo0/mawa/
/p40sl/mawa/
/p39pr/mawa/
/p38ur/mawa/
/p37tv/mawa/
/p36yc/mawa/
/p35ib/mawa/
/p34oi/mawa/
/p33rr/mawa/
/p32wo/mawa/
/p31en/mawa/
/p30pe/mawa/
/p29qm/mawa/
/p28od/mawa/
/p27ub/mawa/
/p26yn/mawa/
/p25ta/mawa/
/p24rz/mawa/
/p1a/mawa/
/p2b/mawa/
/p3c/mawa/
/p4d/mawa/
/p5e/mawa/
/p6f/mawa/
/p7g/mawa/
/p8as/mawa/
/p8h/mawa/
/p9j/mawa/
/p10k/mawa/
/p11l/mawa/
/p12m/mawa/
/p13n/mawa/
/p14o/mawa/
/p15p/mawa/
/p16q/mawa/
/p17r/mawa/
/p18s/mawa/
/p19t/mawa/
/p20u/mawa/
/p13nv/mawa/
/p20gj/mawa/
/p6tyasjdoaksdoaksd/
/flip/inc/
/jboy/inc/
/jimbo/inc/
/ma2on/inc/
/surgj/inc/
/poikmkjoiiou/
/poikmkjoiiou/inc/
/wikema/inc/
/webpanel-baddy
/webpanel-blessed
/webpanel-cent
/webpanel-charles
/webpanel-dawn
/webpanel-divine
/webpanel-donald
/webpanel-ele
/webpanel-essen
/webpanel-ghul
/webpanel-ice
/webpanel-ice3
/webpanel-master
/webpanel-muti
/webpanel-nana
/webpanel-oba
/webpanel-og
/webpanel-qwerty
/webpanel-qwerty2
/webpanel-reza
/webpanel-roth
/webpanel-st
/webpanel-street
/webpanel-trade
/0/loader/uploads/
/ting/0/loader/uploads/
/xiang/0/loader/uploads/
/yp/Ksycfxnfut.bmp
/Ksycfxnfut.bmp
