# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: MetaDroid, Hook, Hookbot, Lootbot

# Reference: https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html

178.132.6.150:3000
185.215.113.42:3000
185.215.113.81:3000
185.215.113.94:3000

# Reference: https://twitter.com/malwrhunterteam/status/1447613589456621569
# Reference: https://twitter.com/malwrhunterteam/status/1506698319992655875
# Reference: https://twitter.com/a1exeremin/status/1447679196042604544
# Reference: https://twitter.com/ViriBack/status/1475455704571985921
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.100/relations
# Reference: https://www.virustotal.com/gui/file/1261e271402ea43f0a51294c7037b6d9da627500ea7e6644f5b9f608f7368928/detection
# Reference: https://www.virustotal.com/gui/file/0911af4b050e632cba517adcf27e2550cb5685e8c88cea2ff164ecb0bdc42904/detection
# Reference: https://www.virustotal.com/gui/file/81249654f8bdea0a179afe97e7abf7d455f2ef821ea1c24521cecdcc8b7d3bdf/detection
# Reference: https://www.virustotal.com/gui/file/f42e34e3f19589895467eb15a73605df302cafd0ed0dedc571308e3ce55f8a78/detection
# Reference: https://www.virustotal.com/gui/file/c509ce7942ec45ba33eee473aacc158c5750957a56929bce07f2f31c59b395e0/detection

185.215.113.81:3000
185.215.113.100:3000
185.215.113.100:3434
185.215.113.59:3434
193.106.191.148:3434
ermac.icu
fghjngjkjgy.ga
/2iq5gqb84krcezxjhl.php
/2lsqn0nw5n.php
/3nl3.php
/5kvoe.php
/5yk3j1gowg5c.php
/a357na0rnxbw9illf.php
/cc3t9t7rdfz8.php
/kch7j27y5welfhkzqt.php
/lf7xbkvzloig.php
/p5ndowme.php
/wzv3g0jmiwua.php
/x9v8e.php
/xxovkl45054m1rmu.php

# Reference: https://twitter.com/malwrhunterteam/status/1514928660675014656
# Reference: https://www.virustotal.com/gui/file/fc09f1e1b7fcf70770b0d52c5f203472c10dc98b6717b2f0bc343b5d1947056f/detection
# Reference: https://www.virustotal.com/gui/file/c7e7489531d3fa243cd775cfafacefd473f2ae71a3e9cdd5331db60a11198896/detection

194.26.29.28:3434
/0kkl5nd7i2956678a9l.php
/1qk5jb1m6l2fka.php
/48tznctyvhev920.php
/4g1o0.php
/5eqr7narx7uarp.php
/9b5786npucessoc.php
/drg23mwx9.php
/edwypp9a1.php
/goljim4v58rk782.php
/h4ry5wb03lys5.php
/i9924d17g.php
/kpak1iq09.php
/mi0sr3c1qc1qir.php
/q9sf5kefkvxt94.php
/v6gbc9rsq3q1dt.php
/vfcakqx84rt6gwj.php
/xirbarg7dz.php
/yk1j2r7.php
/zfww.php

# Reference: https://twitter.com/pmmkowalczyk/status/1516779700953174017
# Reference: https://www.virustotal.com/gui/file/4b4712848697ba87a74eadca39afd93fc22b436647c4186879a19b12fc8ecc88/detection
# Reference: https://www.virustotal.com/gui/file/b35a51dd3d07f023f2235772857c8d04ec420e5f8fcf1ef3a416af4400cdb4fb/detection

193.106.191.116:3434
/4ugv0rt87ey1prjrx.php
/7919kocnto1lxhulud8.php
/8cepqi41rstpl4uv.php
/8p2yidc2m8atj8lb.php
/cmgiusaew29n0qyd3i1m.php
/cq05tmqtkaxft5qv769g.php
/f06osvq.php
/g89k5v1v.php
/gh1ieakq3.php
/qfinq.php
/qlwgp1d813.php
/s56680kc36e1ruhyb.php
/tc5gm7omu7en6.php
/u5xujynybl.php
/utv23m.php
/wmzjb4ijh.php

# Reference: https://twitter.com/ESETresearch/status/1526897310231322630
# Reference: https://blog.cyble.com/2022/05/25/ermac-back-in-action/
# Reference: https://otx.alienvault.com/pulse/628e4b375bc6bbd74c7b920e
# Reference: https://www.virustotal.com/gui/file/2cc727c4249235f36bbc5024d5a5cb708c0f6d3659151afc5ae5d42d55212cb5/detection

http://185.215.113.100
http://193.106.191.116
http://193.106.191.118
http://193.106.191.121
http://193.106.191.148
185.215.113.100:3434
193.106.191.116:3434
193.106.191.118:3434
193.106.191.121:3434
193.106.191.148:3434
bolt-food.site
boltfood.site
/wfxgi.php
/gehwonr1ja.php
/5xeer7yia3fb0h.php
/bjcwnlxnqjq.php
/0xdflkzbi.php
/15s9gps5jkj0tuzp.php
/p2ocy7hfx30vz.php

# Reference: https://twitter.com/malwrhunterteam/status/1527732575401304066
# Reference: https://www.virustotal.com/gui/file/59e83ad07fc5944c90d06f8528d32c8cf3bd85da28cd4c4a6161d3413393c60a/detection

a2zgstcenter.com
design.a2zgstcenter.com
files.a2zgstcenter.com
fu.a2zgstcenter.com
kinkyapp.a2zgstcenter.com
onflyfansleaks.a2zgstcenter.com
porno.a2zgstcenter.com
track.a2zgstcenter.com
ys.a2zgstcenter.com
/damxvy2x006.php
/rrg748vxuxk.php

# Reference: https://twitter.com/malwrhunterteam/status/1527985074825732099
# Reference: https://www.virustotal.com/gui/file/f4d18662c927380a2d30eba367fafd3746fa137df499cb50d49e591a420aa95d/detection

http://45.141.85.25
45.141.85.25:3434
apkphoto.co.nz
/4nep90ruob0vphc.php
/78nyseehouzeh05xv98.php
/adbo5is6.php
/cyl392t.php
/f0j0aden00d2n.php
/gc3juqpqdcl.php
/i9hna3hczxbyqx.php
/jlsh5yrqgwxo.php
/njz0de7jwqjmeqx.php
/sy34cndqt.php
/u63suuv3728n8.php
/xnp7uhisi.php
/zw1zlr4oip6zt53rsbr.php

# Reference: https://tria.ge/220713-l3xrtscgdn/behavioral2

45.141.85.29:3434

# Reference: https://www.virustotal.com/gui/file/e75f008435339b5eedf30d49e93a164010c8fce9dc790535cf4fdab23d1bdc79/detection

45.141.85.30:3434
/2cuql1007.php
/3strcfz6fzvvdkk86.php
/69g567pf.php
/gw6zjp39mq9aov42w.php
/p42nthjhtt7tv.php

# Reference: https://www.virustotal.com/gui/file/042fd9bfb520cfd143d17d0b17982fe8fa598f0877a4d4e2d5b93d68d3280f75/detection

62.204.41.182:3434
/1a7g3gvdsp7zgj9ye9.php
/46fjsc5d77c7.php
/6d6rfa.php
/6w1lw42jwg3jcpycz38d.php
/713840vf2wh2p.php
/dkt6fwsob9g0afi116.php
/do9phtic6b1p.php
/fm9kx9zdpybqb7du.php
/jcvq6way.php
/uol23q.php
/uxh4xo.php
/vdfy6u9eqabv8qo50y.php
/xkwdo.php
/zd9je6271tn1jod0spe.php

# Reference: https://www.virustotal.com/gui/file/937fde61a2239182fcf4f2d3429e3d691ccea1bab75a1f01d04e7b849f14446f/detection

45.141.85.31:3434

# Reference: https://www.virustotal.com/gui/file/119847544d8d823c2bf7a541f446eb05eec0ca22cb0222583fdca173ace25074/detection

45.141.84.92:3434
/19m9op5.php
/hbqr3kez6gcd87.php
/j7nr3wg6slk7ed9ab41.php
/k00fejs2rbvxmv.php
/nnfuf72mfwfp4u3hga62.php
/pbzcd4xy09a.php
/su6hftlfphhc.php

# Reference: https://twitter.com/0xrb/status/1564222855830597632
# Reference: https://www.virustotal.com/gui/file/4ee64040dca285932d0533ef2f5715445347783dc941ad93465d632a8e25f00a/detection

http://62.204.41.98
62.204.41.98:3434

# Reference: https://twitter.com/r3dbU7z/status/1564501672340197376

http://108.61.166.245
http://194.26.29.28
http://20.249.63.72
http://213.226.123.8
http://216.238.71.179
http://45.141.84.92
http://45.141.85.29
http://45.141.85.30
http://45.141.85.31
http://62.204.41.182
108.61.166.245:3434
194.26.29.28:3434
20.249.63.72:3434
213.226.123.8:3434
216.238.71.179:3434
45.141.84.92:3434
45.141.85.29:3434
45.141.85.30:3434
45.141.85.31:3434
62.204.41.182:3434

# Reference: https://twitter.com/0xrb/status/1564546929110835200

http://51.15.150.5
51.15.150.5:3434

# Reference: https://twitter.com/AuCyble/status/1580552579452313600
# Reference: https://www.virustotal.com/gui/ip-address/103.109.101.137/relations

apk-combos.com
app-vidmate.com
app-vidmates.com
app-vidmates.link
m-apkpure.com
m-apkpures.com
paltpal-apk.com
snacpchat-apk.com
tlktok-apk.link
vidmate-apps.com
vidmates-app.com
vidmates-apps.com
vidmatesapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1595130983061553152
# Reference: https://www.virustotal.com/gui/file/387c41679ac3de139fd175e22ba4f8019eb82d5125a2c9ac26e3f2b3ee4519e1/detection

wifi-autorisation1.com

# Reference: https://twitter.com/malwrhunterteam/status/1603105701278240769
# Reference: https://www.virustotal.com/gui/file/8c89fa9a0d6656b60ac91018a1feff58945b07e560b549a8f56440a2d00377d7/detection

176.113.115.66:3434

# Reference: https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
# Reference: https://www.virustotal.com/gui/file/768b561d0a9fa3c6078b3199b1ef42272cac6a47ba01999c1f67c9b548a0bc15/detection
# Reference: https://www.virustotal.com/gui/file/8d1aabfb6329bf6c03c97f86c690e95723748be9d03ec2ed117376dd9e13faf0/detection

193.233.196.2:3434
5.42.199.22:3434

# Reference: https://www.virustotal.com/gui/ip-address/63.250.60.42/relations
# Reference: https://www.virustotal.com/gui/file/23536a2a04baf0f2432e38faf71d8480c308429c4c9ba6d03157b35672df7ed5/detection
# Reference: https://www.virustotal.com/gui/file/99397c9a53400130039479da2e8064daf0afcca71ef237d0d2c1f029d445f16f/detection

evjvrrxkgrohvbmogcjl.net
mcoxxpqxysmvsmbiqxjx.net

# Reference: https://twitter.com/malwrhunterteam/status/1631638354088407040
# Reference: https://www.virustotal.com/gui/file/0756fbd9ecb958b7a3615ea9e6b78c0e2a66d33bd13c8af565bc5358f69fa0ee/detection

176.100.42.11:3434
directlink.info

# Reference: https://twitter.com/0x6rsk/status/1634185009798971397
# Reference: https://www.virustotal.com/gui/file/a86e95eb058725eeaa326655208e1fe4e70140303be07fc3bc92f01bca7aa1d6/detection

35.91.53.224:3434

# Reference: https://twitter.com/Gi7w0rm/status/1641570957352488961
# Reference: https://twitter.com/Gi7w0rm/status/1641603152607694848
# Reference: https://twitter.com/Gi7w0rm/status/1641604541677223936

http://176.100.42.11
http://91.215.85.23
canamacan.sc.ug

# Reference: https://twitter.com/0xrb/status/1641700350372478976

http://185.186.246.69
http://5.42.199.22

# Reference: https://twitter.com/jstrosch/status/1645874394684858368
# Reference: https://www.virustotal.com/gui/file/45a3846d33e39937fc3211675bc9a2a3b2634af80edec629b89f3ea27a5c0b93/detection
# Reference: https://www.virustotal.com/gui/file/0399d5868f1c7ace8585daba2b93d794a19dd354f95a2c5ae0bc870237c9eb37/detection

http://91.215.85.37
91.215.85.37:3434

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/

http://45.93.201.92
http://91.215.85.223
45.93.201.92:3434
91.215.85.223:3434
91.215.85.23:3434

# Reference: https://twitter.com/TLP_R3D/status/1646228697156812821

http://141.8.199.8
http://46.173.218.30

# Reference: https://twitter.com/0xrb/status/1679746515969929216

http://91.228.10.228

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/

http://176.113.115.66
http://176.113.115.67
http://5.42.199.3
http://5.42.199.91
http://92.243.88.25

# Reference: https://twitter.com/ReBensk/status/1695321207766127094
# Reference: https://www.virustotal.com/gui/file/5fa1399f06c9670d9b84b9539bfb9fb0d5a6b770c620e080a3676cef94132476/detection

http://185.225.75.134
185.225.75.134:3434

# Reference: https://threatfox.abuse.ch/ioc/1152268/

94.156.253.67:3434

# Reference: https://twitter.com/ReBensk/status/1696561384325107792
# Reference: https://www.virustotal.com/gui/file/75839d42036039ce7f2569ea73a6e3ee32bf2b4a54b5e08c6a467a3412c6592a/detection

http://176.111.174.191
176.111.174.191:3434

# Reference: https://twitter.com/karol_paciorek/status/1696786262831628510

http://195.3.223.232
http://81.161.229.188 

# Reference: https://www.virustotal.com/gui/file/f642d2c6a70828028e0f3f7e9b9a87537c6556870cdf4602ee992091040a1850/detection

http://84.32.214.56
84.32.214.56:3434

# Reference: https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/

http://165.232.78.246
http://176.113.115.150
http://193.56.146.176
http://20.108.0.165
http://20.210.252.118
http://31.41.244.187
http://35.90.154.240
http://35.91.53.224
http://45.159.248.25
http://45.81.39.149
http://62.204.41.94
http://68.178.206.43
http://91.213.50.62
165.232.78.246:3434
176.113.115.150:3434
176.113.115.67:3434
185.186.246.69:3434
193.56.146.176:3434
20.108.0.165:3434
20.210.252.118:3434
31.41.244.187:3434
35.90.154.240:3434
45.159.248.25:3434
45.81.39.149:3434
5.42.199.3:3434
5.42.199.91:3434
62.204.41.94:3434
68.178.206.43:3434
91.213.50.62:3434
91.215.85.22:3434
92.243.88.25:3434

# Reference: https://twitter.com/FalconFeedsio/status/1709547350132207851

http://45.12.253.5
http://45.12.253.58

# Reference: https://twitter.com/ReBensk/status/1712854745545674788
# Reference: https://www.virustotal.com/gui/file/d1050b5efcab3f70e633683313c363dfcb51afc126f448bc1729da8ab533a0b5/detection

http://185.216.71.89
185.216.71.89:3434

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2023-11-01)

http://109.107.189.6
http://82.147.85.136
http://94.131.111.119
82.147.85.136:3434
94.131.111.119:3434
whereisyours-toporder.com
whereisyoursnewtoporder.com

# Reference: https://twitter.com/g0njxa/status/1720397731389124632

http://161.35.235.125
http://176.124.223.83
http://176.57.212.219
http://178.23.190.21
http://185.216.71.23
http://185.216.71.59
http://185.254.37.233
http://185.254.37.235
http://193.46.56.124
http://194.180.48.154
http://195.123.217.94
http://195.201.199.60
http://195.201.85.41
http://199.101.135.49
http://20.39.184.218
http://34.29.18.72
http://45.66.230.72
http://82.147.85.73
http://87.98.185.14
http://91.215.85.153
http://91.222.236.50
http://91.242.229.247
http://91.92.245.80
http://91.92.249.18
http://93.123.118.226
http://94.156.253.67
http://94.156.6.199
http://94.156.64.181
http://94.156.67.47
bravevikingser.xyz
connctect-apge.top
domian-page.top
servace-porduct.top

# Reference: https://www.kruse.industries/l/lad-os-analysere-android-hookbot/
# Reference: https://www.virustotal.com/gui/file/fec316401667b5076a93fd4c1357711390cd79eeb581e644e3b8b9e7a465504a/detection

9ucnuacw9lfmfx39ucnuacw9lfmfx3.cpd.capital
app-unsivap.com.kz
pari-usdt-hediye.xyz
uodkboueawujb8euodkboueawujb8e.canawrx.com

# Reference: https://threatfox.abuse.ch/ioc/1198904/

91.92.240.173:8082

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2023-11-25)

http://193.233.255.253
http://79.137.207.52
http://89.116.227.245
http://91.92.246.222

# Reference: https://twitter.com/noexceptcpp/status/1730216419286008224

http://101.99.93.156:81
http://103.241.66.221
http://104.248.168.233
http://109.107.189.97
http://129.159.153.218
http://13.215.161.69
http://134.255.233.83
http://137.184.166.159
http://137.184.197.138
http://141.98.233.124
http://143.110.185.89
http://143.198.10.18
http://144.76.254.11
http://152.89.198.96
http://154.194.53.21
http://154.204.60.134
http://154.204.60.34
http://154.82.81.80
http://157.7.114.81
http://158.220.105.223
http://158.220.117.52
http://158.220.117.53
http://158.220.117.55
http://159.100.6.50
http://159.69.146.11
http://160.20.108.242
http://163.5.169.19
http://163.5.169.41
http://163.5.64.17
http://163.5.64.19
http://163.5.64.20
http://163.5.64.24
http://163.5.64.31
http://163.5.64.32
http://163.5.64.46
http://163.5.64.47
http://163.5.64.9
http://164.92.103.220
http://164.90.149.96
http://167.235.66.122
http://172.201.108.245
http://178.130.132.106
http://18.141.3.52
http://18.142.44.78
http://185.221.67.10
http://185.229.224.110
http://185.243.181.12
http://188.120.239.67
http://188.120.240.217
http://192.129.227.114
http://192.129.227.115
http://192.129.227.116
http://192.129.227.117
http://192.129.227.118
http://192.236.160.70
http://193.164.4.109
http://193.164.4.15
http://193.164.4.60
http://193.233.254.19
http://193.233.254.49
http://193.233.254.5
http://194.146.38.53
http://194.26.192.208
http://194.33.191.111
http://194.33.191.166
http://194.33.191.229
http://194.33.191.230
http://194.33.191.250
http://194.33.191.251
http://194.33.191.6
http://194.49.94.115
http://2.57.149.227
http://20.121.46.232
http://20.163.83.232
http://20.195.201.245
http://20.84.147.169
http://202.79.172.225
http://202.79.172.236
http://205.234.244.2
http://207.148.29.161
http://207.32.217.248
http://212.118.38.66
http://217.197.107.103
http://23.101.206.34
http://34.105.53.125
http://37.247.108.171
http://37.27.22.85
http://38.242.145.226
http://40.67.240.145
http://43.153.104.62
http://43.207.241.87
http://45.11.181.156
http://45.131.2.163
http://45.138.16.58
http://45.139.199.175
http://45.67.229.93
http://45.77.254.142
http://46.243.182.63
http://5.161.193.194
http://5.178.111.176
http://5.199.162.52
http://5.42.92.177
http://51.161.10.33
http://51.79.235.44
http://64.176.214.26
http://67.205.180.81
http://74.234.241.205
http://74.235.136.117
http://77.91.68.160
http://77.91.97.191
http://8.222.253.218
http://80.66.85.141
http://80.66.87.245
http://82.115.223.175
http://85.209.176.188
http://85.209.176.197
http://85.209.176.200
http://85.209.176.206
http://85.209.176.208
http://85.209.176.210
http://85.209.176.23
http://85.209.176.38
http://85.209.176.40
http://85.209.176.47
http://85.209.176.49
http://85.209.176.54
http://85.209.176.63
http://87.120.8.73
http://87.248.157.219
http://87.98.147.251
http://89.111.140.161
http://91.107.122.180
http://91.215.85.139
http://91.215.85.177
http://91.92.240.22
http://91.92.241.131
http://91.92.241.135
http://91.92.242.104
http://91.92.242.15
http://91.92.242.233
http://91.92.246.144
http://91.92.248.224
http://91.92.250.39
http://91.92.254.28
http://94.131.106.86
http://94.156.68.201
abisasgagsre.com
akjsdhkjashkjahd.online
akjshdkajshdajksh.xyz
akoskdoaksodaksokadk.pro
aksjdcbkjahskjaskj.store
ayrsydtrasytdrayst.shop
bc1q0j2ytw8wx5rqszcfenx58lhhx69rz6.com
bc1q9pzt5xa0pq3tujr7qv4x0pwqs23tev.com
bc1qf2gsq2t2juuwjwyq9j74kk8wcqspx8.com
bc1qm34lsc65zpw79lxes69zkqmk3ewgg2.com
cascscascdcascascdsd.info
crytobullfreesg.com
dasdasafasdcsacas.xyz
fdgdgdfgdfgfg.top
gozneajans.com
jsdnkajsndksan.com
kalkankaplangel.com
karamallekaratta.com
kmaksmdkasmdkams.top
offers25942.xyz
qweqweqweqweqwq.info
rvrfvfvrfvfvrfvrrfv.life
tafstdatfsdtafsdtfa.life
vsdcvsdvdvdsvddvs.xyz
web-rak.online
xsqaeddmckcncjdkmoqncjdl.store
yagysgyagsyagsygas.top

# Reference: https://twitter.com/ValidinLLC/status/1730713363557069166
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.216.71.94
# Reference: https://app.validin.com/axon?&type=ip&find=194.33.191.55
# Reference: https://app.validin.com/axon?&type=ip&find=45.12.253.37
# Reference: https://www.virustotal.com/gui/ip-address/185.216.71.94/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.33.191.46/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.33.191.55/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.12.253.37/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.110.48.33/relations

ahsdahksjdhak.hk
aisdhasjhdakshj.online
aiusaiuasihauszxczx.com
aiusdausidhiasuhdia.com
aksjdhaksjhkdajhksjhdkajdhs.hk
aksjdhaskjdasjkhdsa.online
aksjdhsakdhakjshd.online
alskdjalskjdalsjkd.pw
alskjdlkasjlkjadljs.hk
aosdjaosidjoaisjdisoa.store
asdaasdasjknasknxja.online
asdasdasdasdasacsca.online
asdasdasdasdasad.pw
asdasdsdasdasdsxax.online
asdaxasxascaszc.life
asddassasdasdas.hk
asdhkasjhdkajhs.co.uk
asdkjshdakjshdkajs.hk
asdsadasdasadsa.online
ashiasodjasoidjaso.top
askjdajksdhas.site
askjhksajhkajhskajhsa.hk
askodkasoaskdas.hk
asqasqwsqasqwdqwd.hk
asuydtuyastduayst.space
asydgauysgdausygas.tech
audhsiuhuisahdsu.pics
auystduayuayst.site
aysgduyasgduyas.store
basdbjabsjdbas.pw
cascacascascascascas.hk
cascascascascasca.fun
cascascsacascascasca.shop
cascazxaxasxasxas.top
cascsasacsacascasca.pics
cxzcxcqsczazcazca.hk
daisjdaosjdoasijdaosidja.hk
dcwdcsdcsdcsdcdscsdcs.hk
ecaascsacsacascascas.top
ewfefwefwefwefw.biz
fvfvfvfvfsdvsdvsdvsd.hk
hanabero12873612.hk
hanabero18726g.hk
hanabero901892.hk
hausdhuashdauhs.biz
iausgdiasdugas.pw
iohaihsodihasoihdao.hk
iuhiuhiuhiuhuihiuiuh.hk
jadisjdiasjdias.lol
jahsdhaskdjaskjh.hk
jutebostis.hk
kagsdkjasbaj.online
kmokmoknonounoun.store
kmsadoasdkasodkma.lol
kokmokmokokmokmok.hk
lglglglglgllglglgl.hk
lkansldkaslkndaslkna.site
majsmasmdanasdas.hk
makmkamakmak.hk
maksmkamkmask.top
mjakajjsgasyvbiab.life
mjamjamjijsns.life
mkalsdkasndlaskas.space
mkamakmkamakm.pro
mkaosdmaosmad.shop
mkmakmakamka.online
mksdasdoasdkma.tech
mnbanbsdmnabs.info
mokasmdoskada.hk
nijuanijanai.hk
oiuqwqdasdasdas.life
projuthinjitsu.hk
qwdasdaqwdas.hk
qweqwdqwdqdwdq.store
qweqwdqwdqwdqwdqw.pro
qweqweqwdqwrrqwrqd.tech
qweqweqweqweqweq.tech
qweqweqweqweqwewww.hk
qwsqwsqwswssswww.hk
raarsrsassrasrsarsa.hk
rfrfrfewrwrfrwrfwrwe.pics
ryertyetretretre.shop
swwwwwwwwwwwws.hk
tasjhkasjnsajas.top
tfutfutfuutfuf.pics
theiuaiusiuaiumlmlm.com
toabmauagvakshla.life
tujingudujnji.hk
tujrnysinajsjs.online
tyabahasoba.info
tyastdyaaoskdaosk.hk
tyuytauytsuyatu.shop
uahhuahauhuah.info
uiaydiausydiuasyd.store
utaisuabmnabsask.live
utasuoidasuiadusipa.pro
wdawdawdawdawd.pro
xasxasxasxasxasx.shop
xasxasxasxazxasxaz.pw
xasxxxxxasxas.xyz
xmxmxmxmxmx.hk
xsxasxasxasxasxas.site
yahajhjaskhjhasdas.site
yanasohasdgasdnaosi.com
zcasscasszcasz.site

# Reference: https://twitter.com/ValidinLLC/status/1730713363557069166

account-bendigo.com
alvarezconstructionri.com
connexion-anytime.com
davi-vienda.com
dextools.ws
ewszsw.art
home-bendigo.com
konta-nest.com
pinxin6686.site
precisionrenovationri.com
ramp-web.com
us-brave.com
us-paymetech.com
us-synchrony.com
vp4.xyz
web--sabadell.com
web-1horizon.com
web-allianz.com
web-asb.com
web-bankinter.group
web-block-chain.com
web-blockchain.net
web-desjardins.com
web-fnb.com
web-inetesapaolo.com
web-intesapaolo.com
web-kbcportal.com
web-nbg.net
web-populaire.com
web-postbank.group
web-sabadell.com
web-sofiopen.com
web-targo.de
web-uniswap.org
web-verstapay.online
web-viewer.team
web-wells.com
web-wisse.com

# Reference: https://www.virustotal.com/gui/ip-address/81.161.229.174/relations

aksjdhaksjhdakj.fun
asdasdasaxsasxasxas.com
axjdhaxjhdakj.com
kmaskoasmaicmsocmas.site
mansmansmnasmnas.hk
mkasmockasocaksmoka.in.net
qweqweqweqweqw.site
raeaedadadedae.pw
tftftftftfaffaftatfatf.hk
uaitsdytasydas.pw
vrrvsvsrsrvsrvs.fun

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.252.179.12

adonisnode.com
asceaecacscea.top
asdbkjabsdabkjb.site
asdiugsauidhassda.net
asdygasyudtgasgy.site
asjdhkasjhda.xyz
askjdaskjgdaskjas.org
askjhdasjasl.net
autsgduaysgdasgu.shop
aysvduaysbasjxksnxoasnxoa.cloud
bavtsudaysgiuhdaosij.site
browserve.net
carebuster.net
corpbold.com
deckplaces.com
erqytuwioqewuqw.bond
erqytuwioqewuqw.digital
erqytuwioqewuqw.top
ewmkalomcasc.club
fulneruajnclo.com
iqgqnaaksnlaksa.space
juanjjaknclm.club
juliudinjutyruncj.xyz
kalamankija.pw
klaunsgasjnah.buzz
krasnajadiraska.site
ksmkldaksmaosdmaoskmad.pics
kulijanovatovadownload.net
maksmdkamskdmaskm.life
mkamksmakmsk.top
mkaosdkasdbasidbas.life
mkasdlaskmdaskadlask.life
mnamsndasnka.life
muqthanusjnaiqnq.net
myytasdtfasydtfaysfdast.net
nuvuvtabke.info
oasdoasjoa.top
oiuaoisudoiasassa.top
ojmaakjkjanasjj.fun
pacificabsin.com
placeoneworld.com
qnktnascoadcs.info
rytauyisuoipoasibhdgv.online
silizibidinim.com
souptopic.com
splashaplus.net
stintumikaslas.online
tanjunjusnajja.com
taskbaskdasjbka.top
tuhncjamujanams.com
tuhncjamujanams.info
tujinlos.club
turjinnakjaks.online
turkeymaljorka.tech
turnhyjanjajhsnn.club
turnhyjanjajhsnn.info
turnuajnxkaktaua.top
tuyuijnsijajjjsnm.net
tyasydtauystiauds.info
uasyasiudasjjodaasa.monster
ygasdsyugiasdgiuasiu.org
ynajuananmqyaa.info
yndjtrahnasjjsh.life

# Reference: https://www.virustotal.com/gui/ip-address/193.42.33.132/relations

asdasjhdgasjhdgas.hk
asdhaskhjdksjahdkasjdhaksj.hk
asdsasdascccc.pro
mkamkmakmsmmm.lol
qssxsqxaqxqazxaq.hk
qwodhqowidhoqiwdh.tech
shdiuvhisudvhuishvdiud.hk

# Reference: https://twitter.com/banthisguy9349/status/1730895048621887682

http://178.16.129.88
http://195.35.11.135
http://89.116.227.245

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-07)

http://194.33.191.18
http://207.244.246.192
http://45.81.224.129
http://54.238.196.57
http://78.153.130.36
http://91.206.178.182
http://91.242.229.199
138.201.128.124:81
tableaupubsecday.com
tehavi.com
gallery.tableaupubsecday.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-08)

http://103.12.148.35
http://104.233.210.167
http://107.173.140.104
http://163.5.64.73
http://172.174.214.137
http://173.254.235.53
http://193.149.189.240
http://195.85.207.218
http://212.224.88.253
http://4.236.181.235
http://43.243.73.167
http://45.77.170.174
http://62.197.49.1
http://64.227.149.69
http://66.29.133.55
http://91.92.252.193
http://95.214.177.39
ifisoundyou.gq
shadow.schatten.ir

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-12)

http://163.5.210.89
http://178.236.246.181
http://82.137.209.200
http://85.209.176.150
104.233.210.167:8082
104.247.166.167:8082
154.91.82.107:8082
18.141.3.52:81
194.33.191.18:8082
20.55.110.193:8082
212.224.88.253:8082
217.197.107.103:8082
38.242.145.226:8081
47.245.115.42:8082
5.8.41.35:8082
64.227.149.69:8082
91.242.229.199:8082
91.92.250.212:8082
95.214.177.35:8082

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2023-12-24)

http://143.198.138.49
http://194.163.175.12
http://194.87.31.216
http://213.159.209.194
http://217.28.221.80
http://23.27.120.116
http://51.116.104.192
http://87.121.87.60
http://87.121.87.61
http://91.109.188.11
bahrain-fine.org
film-studio.info
ger01.vpnbite.com
livraison-douane.com
loyaltyben.com
m-sendungsverfolgung.org
mein-kontoauszug.net
rb-n-clk.online
serpost-track.com
track-parcels.org
vf2gkzq1lw9.c.updraftclone.com
vmi1543279.contaboserver.net
webmail.agdetails.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-03)

http://139.162.33.94
http://149.28.73.166
http://165.232.153.139
http://173.249.46.253
http://185.250.210.93
http://46.190.144.131
http://69.197.142.85
http://91.107.127.226
91.92.244.42:9087
conspiracynomad.fvds.ru
movil-bancsabadell.com
rb-an-clk.org
s-paketverfolgung.com
undiny.ru
x-paketverfolgung.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-05)

http://118.107.43.36
http://118.107.43.66
http://118.107.43.86
http://135.148.144.188
http://152.89.198.187
http://158.160.76.97
http://159.65.52.64
http://178.236.246.210
http://181.215.49.104
http://181.215.49.105
http://184.94.212.153
http://193.201.9.62
http://193.233.254.183
http://194.33.191.188
http://194.33.191.202
http://194.33.191.54
http://199.247.21.128
http://34.203.226.105
http://37.230.112.206
http://38.242.209.185
http://43.129.215.239
http://45.76.87.78
http://45.77.68.120
http://64.227.41.169
http://77.91.68.183
http://80.108.50.31
http://80.87.197.162
http://88.99.210.25
http://89.111.137.14
http://91.107.124.12
http://91.107.127.88
http://91.92.245.159
http://91.92.249.240
http://91.92.250.211
http://91.92.251.71
http://91.92.255.30
http://92.63.106.153
4-72-seguimiento.com
avtokuba.ru
ceifador.benzetacil.com
flintton.ru
info-ibercaja.com
invadersec.com
ladyrai.site
my-package-tracking.net
openbank-dispositivo.com
rb-an-clk.online
reksiaeksinov.fvds.ru

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-06)

http://13.213.38.230
http://178.130.132.247
http://198.186.130.12
http://207.148.29.229
http://51.103.216.212
http://91.92.251.140
http://94.250.252.21
13.213.38.230:82
88.99.210.25:8082
app.to-kgb.ru
server289.mukhost.uk

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-09)

http://104.233.210.104
http://119.160.235.239
http://119.160.235.251
http://13.213.38.230:81
http://149.154.70.118
http://173.249.59.190
http://176.123.168.117
http://176.123.168.211
http://185.211.170.96
http://54.211.212.149
http://79.174.13.18
http://91.224.92.176
http://91.92.240.134
http://91.92.249.143
http://91.92.255.80
api-encar.nibiru.pro
bitrix.avtokuba.ru
mebadboy.fvds.ru
o-paketverfolgung.com
reksiaeksinov1.fvds.ru
znwfb3.buzz

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-11)

http://193.233.132.35
http://20.55.233.193
http://79.137.203.29
http://91.107.124.135
http://91.92.241.235
http://92.118.113.12
18.141.3.52:83
79.133.180.197:8082
foxee5.cfd
hilfe-konto.com
jino57.fvds.ru
karasergkaravaev4.fvds.ru
mqrmtohl90.za.com
nanafb3.sbs
nowseacoin.top
vasvasniks5.fvds.ru
yiyidh21.sbs
yiyifb4.cfd

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-16)

http://154.204.60.236
http://176.123.169.240
http://185.146.157.121
http://193.222.96.25
http://23.224.102.158
http://38.207.178.212
http://38.60.205.80
http://45.88.79.168
http://5.182.87.142
http://54.151.255.201
http://81.19.137.68
http://82.115.223.84
http://82.146.35.250
http://91.107.127.141
http://91.108.240.144
http://91.224.92.195
http://91.224.92.201
http://91.224.92.211
http://91.92.255.110
http://95.181.151.119
104.243.248.73:8088
54.151.255.201:81
54.151.255.201:82
91.224.92.211:8082
animegalaxys.com
foxee4.cfd
htmljys.morebit.top
jadu.vip
morebit.top
muoujiejump2.sbs
rb-c-clk.online
sc.zhanshizhan.top
spacestar.su
suivre-mon-colis.com
track-my-parcel.org
vasvasniks6.fvds.ru
vpv.xj6.top
zhanshizhan.top

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-01-23)

http://104.131.162.146
http://143.244.191.193
http://149.154.69.190
http://159.100.22.120
http://185.172.128.82
http://185.186.25.92
http://185.250.243.209
http://2.59.119.102
http://20.75.90.103
http://212.98.224.58
http://45.141.85.181
http://45.141.85.216
http://45.87.80.164
http://46.29.239.26
http://78.111.89.2
http://86.110.194.125
http://91.107.125.148
http://91.224.92.194
http://91.92.244.124
http://91.92.244.195
http://91.92.246.195
http://91.92.255.52
http://93.123.39.107
http://93.123.39.169
http://93.123.39.4
http://93.123.39.77
http://93.123.39.85
http://93.123.39.86
http://94.228.162.140
http://94.250.253.1
http://94.250.254.234
5.189.132.250:3000
54.255.57.58:82
africankido.design
artre3.fvds.ru
beta.to-kgb.ru
emileewang.autos
ff.africankido.design
ipmotinov.fvds.ru
jakobtaylor.autos
karasergkaravaev2.fvds.ru
karasergkaravaev5.fvds.ru
karasergkaravaev6.fvds.ru
kasenmeyer.autos
mail.spacestar.su
matthiasellison.autos
nickbaseev.fvds.ru
nickbaseev5.fvds.ru
polina.to-kgb.ru
reksiaeksinov2.fvds.ru
reksiaeksinov5.fvds.ru

# Reference: https://www.virustotal.com/gui/ip-address/185.225.73.88/relations

ararararararararssarar.hk
asdadassadsdas.xyz
maksmkamkmask.buzz
papakppakpkakpa.hk
uyuyasyaguysauyas.co

# Reference: https://www.virustotal.com/gui/ip-address/94.156.6.213/relations

azmlakpqkmc.life
liutexhutujuva.us
tujinlos.info
tujinlos.xyz
turjnvycewsgth.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-01-24)

http://149.100.138.254
http://185.221.198.98
http://185.224.81.252
http://185.98.61.220
http://193.233.254.64
http://20.199.14.181
http://49.13.130.129
http://5.42.92.98
http://77.105.146.199
http://79.143.182.133
http://87.229.6.192
http://87.98.185.175
http://89.23.100.205
http://89.23.101.149
http://91.92.250.190
http://91.92.251.172
http://91.92.255.136
http://93.123.39.140
http://93.123.39.87
http://93.123.39.88
193.233.255.253:8080

# Reference: https://twitter.com/malwrhunterteam/status/1753507959693266994
# Reference: https://twitter.com/noexceptcpp/status/1753511093543055767
# Reference: https://www.virustotal.com/gui/file/a1bd86e9e73975336fbeb9d1681145ffc6760b9d7756d0f84a07f88e92971e93/detection

http://185.172.128.82
185.172.128.82:3434
1080-prono.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-02-03)

http://114.29.236.137
http://154.53.166.167
http://163.5.210.87
http://164.68.119.38
http://18.139.243.205
http://18.159.210.80
http://185.117.152.159
http://185.237.14.236
http://185.78.76.159
http://193.149.187.48
http://193.233.254.10
http://193.233.254.138
http://194.36.88.211
http://195.85.114.206
http://37.60.235.110
http://38.180.94.161
http://45.128.96.110
http://45.128.96.121
http://45.128.96.170
http://69.87.216.87
http://81.28.6.17
http://82.115.19.151
http://89.23.102.60
http://91.92.244.23
http://93.123.39.170
http://93.123.39.235
http://94.156.144.48
http://94.156.67.102
http://94.156.67.103
http://95.111.238.79
http://95.181.151.118
93.123.39.235:8080

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-02-04)

http://149.154.65.14
http://154.12.30.64
http://154.223.21.23
http://172.205.202.156
http://178.236.247.158
http://185.172.128.131
http://185.172.128.4
http://185.172.128.60
http://185.172.128.85
http://185.172.128.91
http://185.209.29.72
http://185.93.69.149
http://188.119.112.49
http://193.106.175.43
http://193.233.254.106
http://193.233.255.105
http://20.0.100.134
http://20.236.74.148
http://20.77.15.101
http://212.109.195.164
http://3.72.85.14
http://37.46.130.210
http://42.96.11.30
http://45.133.36.153
http://45.134.26.33
http://45.55.70.10
http://45.87.153.107
http://5.42.67.88
http://5.42.67.89
http://62.109.30.102
http://64.23.149.139
http://86.38.204.153
http://88.218.60.150
http://91.92.244.215
http://92.246.136.53
http://94.156.66.187
http://94.156.66.227
http://94.156.67.156
154.198.245.50:8082
172.94.4.158:8088
194.195.245.97:8082
195.10.205.18:8082
195.85.207.219:8082
20.90.160.195:8082
207.180.224.118:8082
3.1.206.216:8001
3.72.85.14:8001
3.76.253.201:81
31.210.50.162:8082
31.42.190.137:8082
45.87.153.107:443
45.87.153.107:81
54.255.57.58:81
91.92.249.240:8082
94.131.113.192:8082
95.164.2.178:50555
356142.fun
asp.keyshape.net
evgenytchurakin.fvds.ru
karasergkaravaev1.fvds.ru
karasergkaravaev3.fvds.ru
nextpg.cfd
nickbaseev1.fvds.ru
nickbaseev4.fvds.ru
nl1.nextpg.cfd
omgs.asia
ramzanlee.fvds.ru
servertgbotvds.fvds.ru
sleepyawn2.fvds.ru
taobao7737.com
tsola256.com

# Reference: https://www.virustotal.com/gui/ip-address/185.216.70.224/relations

http://185.216.70.224

# Reference: https://www.virustotal.com/gui/ip-address/185.216.70.225/relations

http://185.216.70.225

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-02-12)

http://113.30.191.40
http://164.215.103.171
http://176.113.115.243
http://185.172.128.88
http://185.194.216.22
http://185.221.198.84
http://185.250.45.130
http://193.222.96.48
http://194.48.251.184
http://20.151.153.84
http://20.241.69.111
http://4.178.96.222
http://5.42.92.165
http://77.232.130.4
http://83.97.73.229
http://89.23.97.83
http://94.156.68.253
http://94.156.68.254
http://98.66.153.174
108.62.49.215:88
20.241.69.111:8080

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-02-12)

http://104.234.240.231
http://144.76.203.197
http://149.28.148.246
http://150.107.201.68
http://154.91.83.247
http://185.172.128.148
http://185.216.70.117
http://185.216.70.118
http://185.216.70.119
http://185.216.70.224
http://185.216.70.225
http://191.7.32.19
http://194.26.192.66
http://194.48.251.140
http://20.6.81.237
http://206.189.130.11
http://31.44.2.39
http://34.107.114.24
http://34.141.15.123
http://35.246.175.130
http://35.246.183.49
http://45.61.166.149
http://62.109.15.32
http://62.109.6.164
http://62.210.130.233
http://62.72.32.226
http://77.73.129.77
http://85.202.160.192
http://89.23.103.187
http://91.92.254.225
http://92.63.104.174
http://93.123.39.215
http://93.123.39.249
http://94.156.69.93
http://94.177.106.44
http://95.181.173.164
http://95.216.123.85
13.212.79.65:443
185.216.70.224:8082
185.216.70.225:8082
185.78.76.85:443
193.233.254.64:50555
3.79.194.172:443
77.73.131.54:50555
79.137.207.154:50555
93.123.39.152:50555
93.123.39.192:50555
93.123.39.225:50555
056hg568786.f4r5t5y8hh8.click
883217.cc
android.l3harris.pro
d.kfaaa.top
dev.racun.app
dgaf.catboy.me
erp.topixtechnology.com
evgenytchurakin2.fvds.ru
evgenytchurakin4.fvds.ru
f4r5t5y8hh8.click
grinevitchnicolas.fvds.ru
hookqd.tttseo.com
karasergkaravaev.fvds.ru
kfaaa.top
l3harris.pro
nickbaseev6.fvds.ru
ok.chicecon.com
pegasus.chicecon.com
photopoiskvk.pro
reksiaeksinov4.fvds.ru
taojszxz.com
tsaojzhn885.com
tsaojzuv225.com
tsaojzuv455.com
tttseo.com
webmail.jettresponse.com

# Reference: https://twitter.com/banthisguy9349/status/1757464973867917424
# Reference: https://pastebin.com/R6v4TUX1

http://185.216.70.107
http://185.216.70.198

# Reference: app.validin.com/axon?source=DNS&type=raw&find=HOOKBOT+PANEL

883216.cc
avion-web3.com
azurbala.online
beicheng.icu
exostar.online
generaltiles.xyz
joneswhitelaundo.top
nv567.net
nyan.claims
payandhay.com
polerd-aerse.monster
taobao5203.com
taobao9977.com
tsaojzph499.com
tsaojzsx694.com
tsxla541.com
vv8888.club

# Reference: https://www.virustotal.com/gui/file/21d58e0371b5c3b76148075eeb2d8abc0915655be6c515869333e3e6ef789789/detection

http://158.220.98.78
158.220.98.78:3434

# Reference: https://www.virustotal.com/gui/file/86412dc50565e0ff12bbc5e3808e39e6f94c6d35db0ceec44d737290846fea72/detection

http://103.189.88.164
103.189.88.164:3434

# Reference: https://www.virustotal.com/gui/file/72b6abeeae59972ad2cc131c1c14982c67762ac4f5bf9d349714a9745fd8ebb4/detection
# Reference: https://www.virustotal.com/gui/file/278611dbc972b397f7fa0d90dd8a2a5d1e3dee572333c30f7b3821657af88cc0/detection
# Reference: https://www.virustotal.com/gui/file/5a269da5d36534794222ad4d0d55431cc6f1fd9e552844c0f878ff1069823996/detection

http://98.71.9.211
98.71.9.211:3434

# Reference: https://www.virustotal.com/gui/ip-address/142.132.236.35/relations

http://142.132.236.35

# Reference: https://www.virustotal.com/gui/ip-address/185.174.136.186/relations

http://185.174.136.186

# Reference: https://twitter.com/0x6rss/status/1758478353521078504

193.222.96.25:8080
194.33.191.202:8080
91.92.252.193:8080

# Reference: https://www.virustotal.com/gui/ip-address/193.149.129.7/relations

http://193.149.129.7
193.149.129.7:3434

# Reference: https://www.virustotal.com/gui/file/1d8e17c649fba3c585dfd7d64fd647c7084d9c0abb0cd84182827743f6f7dcb5/detection

http://82.147.85.84
82.147.85.84:3434

# Reference: https://twitter.com/karol_paciorek/status/1760966982621405540

http://77.105.132.58
77.105.132.58:8080

# Reference: https://twitter.com/0x6rss/status/1758478353521078504

http://185.216.70.79
http://74.234.3.141
185.216.70.79:8080
74.234.3.141:8080

# Reference: https://twitter.com/ShanHolo/status/1760975043121786985

5.42.67.10:8080
5.42.67.89:8080

# Reference: https://threatfox.abuse.ch/browse/tag/Hookbot%20Pegasus/

http://103.61.225.212
http://104.194.157.55
http://104.233.192.16
http://142.171.226.188
http://142.171.8.138
http://147.45.47.41
http://147.45.68.159
http://157.245.16.54
http://163.197.242.202
http://178.128.122.145
http://178.250.156.165
http://185.246.64.139
http://186.195.175.239
http://188.120.225.37
http://188.120.254.185
http://193.176.79.54
http://193.57.41.76
http://198.44.178.84
http://198.46.226.223
http://20.84.67.57
http://45.84.226.86
http://46.250.238.168
http://5.35.99.203
http://51.250.20.138
http://62.109.15.31
http://62.109.6.72
http://62.217.179.132
http://80.253.246.232
http://80.87.192.43
http://81.19.140.77
http://84.201.143.26
http://84.201.167.175
http://87.120.84.190
http://89.23.103.75
http://91.202.233.190
http://91.240.84.52
104.194.157.55:8082
46.226.164.18:50555
46.226.164.60:50555
92.246.139.121:50555
photopoiskvk.pro
payments.photopoiskvk.pro

# Reference: https://twitter.com/noexceptcpp/status/1766836849945817464
# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.59/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.245/relations

185.216.70.193:3434
aauahbahujaka.top
aauahbahujakaa.top
aauahbahujakab.top
aauahbahujakac.top
aauahbahujakad.top
aauahbahujakb.top
aauahbahujakba.top
aauahbahujakbb.top
aauahbahujakbc.top
aauahbahujakbd.top
aauahbahujakc.top
aauahbahujakca.top
aauahbahujakcb.top
aauahbahujakcc.top
aauahbahujakcd.top
aauahbahujakd.top
aauahbahujakda.top
aauahbahujakdb.top
aauahbahujakdc.top
aauahbahujakdd.top
aauahbahujake.top
aauahbahujakea.top
aauahbahujakeb.top
aauahbahujakec.top
aauahbahujaked.top
aauahbahujakf.top
aauahbahujakfa.top
aauahbahujakfb.top
aauahbahujakfc.top
aauahbahujakfd.top
aauahbahujakg.top
aauahbahujakga.top
aauahbahujakgb.top
aauahbahujakgc.top
aauahbahujakgd.top
aauahbahujakh.top
aauahbahujakha.top
aauahbahujakhb.top
aauahbahujakhc.top
aauahbahujakhd.top
aauahbahujakj.top
aauahbahujakja.top
aauahbahujakjb.top
aauahbahujakjc.top
aauahbahujakjd.top
aauahbahujakk.top
aauahbahujakka.top
aauahbahujakkb.top
aauahbahujakkc.top
aauahbahujakkd.top
aauahbahujakl.top
aauahbahujakla.top
aauahbahujaklb.top
aauahbahujaklc.top
aauahbahujakld.top
aauahbahujakm.top
aauahbahujakma.top
aauahbahujakmb.top
aauahbahujakmc.top
aauahbahujakmd.top
aauahbahujakn.top
aauahbahujakna.top
aauahbahujaknb.top
aauahbahujaknc.top
aauahbahujaknd.top
aauahbahujako.top
aauahbahujakoa.top
aauahbahujakob.top
aauahbahujakoc.top
aauahbahujakod.top
aauahbahujakp.top
aauahbahujakpa.top
aauahbahujakpb.top
aauahbahujakpc.top
aauahbahujakpd.top
aauahbahujakq.top
aauahbahujakqa.top
aauahbahujakqb.top
aauahbahujakqc.top
aauahbahujakqd.top
aauahbahujakr.top
aauahbahujakra.top
aauahbahujakrb.top
aauahbahujakrc.top
aauahbahujakrd.top
aauahbahujaks.top
aauahbahujaksa.top
aauahbahujaksb.top
aauahbahujaksc.top
aauahbahujaksd.top
aauahbahujakt.top
aauahbahujakta.top
aauahbahujaktb.top
aauahbahujaktc.top
aauahbahujaktd.top
aauahbahujakv.top
aauahbahujakva.top
aauahbahujakvb.top
aauahbahujakvc.top
aauahbahujakvd.top
aauwuwauhdaua.top
aauwuwauhdaub.top
aauwuwauhdauc.top
aauwuwauhdaud.top
aauwuwauhdaue.top
aauwuwauhdauf.top
aauwuwauhdaug.top
aauwuwauhdauh.top
aauwuwauhdaui.top
aauwuwauhdauj.top
aauwuwauhdauk.top
aauwuwauhdaul.top
aauwuwauhdaum.top
aauwuwauhdaun.top
aauwuwauhdauo.top
aauwuwauhdaup.top
aauwuwauhdauq.top
aauwuwauhdaur.top
aauwuwauhdaus.top
aauwuwauhdaut.top
aauwuwauhdauv.top
aauwuwauhdauw.top
aauwuwauhdaux.top
aauwuwauhdauy.top
aauwuwauhdauz.top
ahsanavahsana.com
ahuhuwjauwana.top
ahuhuwjauwanb.top
ahuhuwjauwanc.top
ahuhuwjauwand.top
ahuhuwjauwane.top
ahuhuwjauwanf.top
ahuhuwjauwang.top
ahuhuwjauwanh.top
ahuhuwjauwani.top
ahuhuwjauwanj.top
ahuhuwjauwank.top
ahuhuwjauwanl.top
ahuhuwjauwanm.top
ahuhuwjauwann.top
ahuhuwjauwano.top
ahuhuwjauwanp.top
ahuhuwjauwanq.top
ahuhuwjauwanr.top
ahuhuwjauwans.top
ahuhuwjauwant.top
ahuhuwjauwanu.top
ahuhuwjauwanv.top
ahuhuwjauwanw.top
ahuhuwjauwanx.top
ahuhuwjauwany.top
athaudsazwzauizm.top
athaudsazwzauizn.top
athaudsazwzauizo.top
athaudsazwzauizp.top
athaudsazwzauizq.top
athaudsazwzauizr.top
athaudsazwzauizs.top
athaudsazwzauizt.top
athaudsazwzauizv.top
athaudsazwzauizw.top
athaudsazwzauizx.top
athaudsazwzauizy.top
athaudsazwzauizz.top
atrzavazwbauja.top
atrzavazwbaujb.top
atrzavazwbaujc.top
atrzavazwbaujd.top
atrzavazwbauje.top
atrzavazwbaujf.top
atrzavazwbaujg.top
atrzavazwbaujh.top
atrzavazwbauji.top
atrzavazwbaujj.top
atrzavazwbaujk.top
atrzavazwbaujl.top
atrzavazwbaujm.top
atrzavazwbaujn.top
atrzavazwbaujo.top
atrzavazwbaujp.top
atrzavazwbaujq.top
atrzavazwbaujr.top
atrzavazwbaujs.top
atrzavazwbaujt.top
atrzavazwbauju.top
atrzavazwbaujv.top
atrzavazwbaujw.top
atrzavazwbaujx.top
atrzavazwbaujy.top
atrzavazwbaujz.top
bbuwuwauhdaua.top
bbuwuwauhdaub.top
bbuwuwauhdauc.top
bbuwuwauhdaud.top
bbuwuwauhdaue.top
bbuwuwauhdauf.top
bbuwuwauhdaug.top
bbuwuwauhdauh.top
bbuwuwauhdaui.top
bbuwuwauhdauj.top
bbuwuwauhdauk.top
bbuwuwauhdaul.top
bbuwuwauhdaum.top
bbuwuwauhdaun.top
bbuwuwauhdauo.top
bbuwuwauhdaup.top
bbuwuwauhdauq.top
bbuwuwauhdaur.top
bbuwuwauhdaus.top
bbuwuwauhdaut.top
bbuwuwauhdauv.top
bbuwuwauhdauw.top
bbuwuwauhdaux.top
bbuwuwauhdauy.top
bbuwuwauhdauz.top
bhdahsvuwbgsazb.top
bhdahsvuwbgsazz.top
bhuhuwjauwana.top
bhuhuwjauwanb.top
bhuhuwjauwanc.top
bhuhuwjauwand.top
bhuhuwjauwane.top
bhuhuwjauwanf.top
bhuhuwjauwang.top
bhuhuwjauwanh.top
bhuhuwjauwani.top
bhuhuwjauwanj.top
bhuhuwjauwank.top
bhuhuwjauwanl.top
bhuhuwjauwanm.top
bhuhuwjauwann.top
bhuhuwjauwano.top
bhuhuwjauwanp.top
bhuhuwjauwanq.top
bhuhuwjauwanr.top
bhuhuwjauwans.top
bhuhuwjauwant.top
bhuhuwjauwanu.top
bhuhuwjauwanv.top
bhuhuwjauwanw.top
bhuhuwjauwanx.top
bhuhuwjauwany.top
bhuhuwjauwanz.top
bthaudsazwzauiza.top
bthaudsazwzauizb.top
bthaudsazwzauizf.top
bthaudsazwzauizi.top
bthaudsazwzauizj.top
bthaudsazwzauizk.top
bthaudsazwzauizl.top
bthaudsazwzauizm.top
bthaudsazwzauizn.top
bthaudsazwzauizo.top
bthaudsazwzauizp.top
bthaudsazwzauizq.top
bthaudsazwzauizs.top
ccuwuwauhdaua.top
ccuwuwauhdaub.top
ccuwuwauhdauc.top
ccuwuwauhdaud.top
ccuwuwauhdaue.top
ccuwuwauhdauf.top
ccuwuwauhdaug.top
ccuwuwauhdauh.top
ccuwuwauhdaui.top
ccuwuwauhdauj.top
ccuwuwauhdauk.top
ccuwuwauhdaul.top
ccuwuwauhdaum.top
ccuwuwauhdaun.top
ccuwuwauhdauo.top
ccuwuwauhdaup.top
ccuwuwauhdauq.top
ccuwuwauhdaur.top
ccuwuwauhdaus.top
ccuwuwauhdaut.top
ccuwuwauhdauv.top
ccuwuwauhdauw.top
ccuwuwauhdaux.top
ccuwuwauhdauy.top
ccuwuwauhdauz.top
chdahsvuwbgsazv.top
chdahsvuwbgsazz.top
chuhuwjauwana.top
chuhuwjauwanb.top
chuhuwjauwanc.top
chuhuwjauwand.top
chuhuwjauwane.top
chuhuwjauwanf.top
chuhuwjauwang.top
chuhuwjauwanh.top
chuhuwjauwani.top
chuhuwjauwanj.top
chuhuwjauwank.top
chuhuwjauwanl.top
chuhuwjauwanm.top
chuhuwjauwann.top
chuhuwjauwano.top
chuhuwjauwanp.top
chuhuwjauwanq.top
chuhuwjauwanr.top
chuhuwjauwans.top
chuhuwjauwant.top
chuhuwjauwanu.top
chuhuwjauwanv.top
chuhuwjauwanw.top
chuhuwjauwanx.top
chuhuwjauwany.top
chuhuwjauwanz.top
dduwuwauhdaua.top
dduwuwauhdaub.top
dduwuwauhdauc.top
dduwuwauhdaud.top
dduwuwauhdaue.top
dduwuwauhdauf.top
dduwuwauhdaug.top
dduwuwauhdauh.top
dduwuwauhdaui.top
dduwuwauhdauj.top
dduwuwauhdauk.top
dduwuwauhdaul.top
dduwuwauhdaum.top
dduwuwauhdaun.top
dduwuwauhdauo.top
dduwuwauhdaup.top
dduwuwauhdauq.top
dduwuwauhdaur.top
dduwuwauhdaus.top
dduwuwauhdaut.top
dduwuwauhdauv.top
dduwuwauhdauw.top
dduwuwauhdaux.top
dduwuwauhdauy.top
dduwuwauhdauz.top
dhdahsvuwbgsazd.top
dhdahsvuwbgsazz.top
ghdahsvuwbgsazg.top
ghdahsvuwbgsazz.top
hdahsuwbgaza.top
hdahsuwbgazb.top
hdahsuwbgazc.top
hdahsuwbgazd.top
hdahsuwbgaze.top
hdahsuwbgazf.top
hdahsuwbgazg.top
hdahsuwbgazh.top
hdahsuwbgazi.top
hdahsuwbgazj.top
hdahsuwbgazk.top
hdahsuwbgazl.top
hdahsuwbgazm.top
hdahsuwbgazn.top
hdahsuwbgazo.top
hdahsuwbgazp.top
hdahsuwbgazq.top
hdahsuwbgazr.top
hdahsuwbgazs.top
hdahsuwbgazt.top
hdahsuwbgazv.top
hdahsuwbgazw.top
hdahsuwbgazz.top
hhdahsvuwbgsazh.top
ifjhbjfiaza.top
ifjhbjfiazaa.top
ifjhbjfiazab.top
ifjhbjfiazac.top
ifjhbjfiazad.top
ifjhbjfiazae.top
ifjhbjfiazb.top
ifjhbjfiazba.top
ifjhbjfiazbb.top
ifjhbjfiazbc.top
ifjhbjfiazbd.top
ifjhbjfiazbe.top
ifjhbjfiazc.top
ifjhbjfiazd.top
ifjhbjfiaze.top
ifjhbjfiazf.top
ifjhbjfiazg.top
ifjhbjfiazh.top
ifjhbjfiazi.top
ifjhbjfiazj.top
ifjhbjfiazk.top
ifjhbjfiazl.top
ifjhbjfiazm.top
ifjhbjfiazn.top
ifjhbjfiazo.top
ifjhbjfiazp.top
ifjhbjfiazq.top
ifjhbjfiazr.top
ifjhbjfiazs.top
ifjhbjfiazt.top
ifjhbubaza.top
ifjhbubazb.top
ifjhbubazc.online
ifjhbubazc.top
ifjhbubazd.online
ifjhbubazd.top
ifjhbubaze.online
ifjhbubaze.top
ifjhbubazf.online
ifjhbubazf.top
ifjhbubazg.online
ifjhbubazg.top
ifjhbubazh.top
ifjhbubazi.top
ifjhbubazj.top
ifjhbubazk.online
ifjhbubazk.top
ifjhbubazl.online
ifjhbubazl.top
ifjhbubazm.online
ifjhbubazm.top
ifjhbubazn.online
ifjhbubazn.top
ifjhbubazo.top
ihdahsvuwbgsazi.top
jfuwbabuwha.top
jfuwbabuwhb.top
jfuwbabuwhc.top
jfuwbabuwhd.top
jfuwbabuwhe.top
jfuwbabuwhf.top
jfuwbabuwhg.top
jfuwbabuwhh.top
jfuwbabuwhi.top
jfuwbabuwhj.top
jfuwbabuwhk.top
jhdahsvuwbgsazj.top
khdahsvuwbgsazk.top
lhdahsvuwbgsazl.top
thuahbahujaka.top
thuahbahujakaa.top
thuahbahujakab.top
thuahbahujakac.top
thuahbahujakad.top
thuahbahujakb.top
thuahbahujakba.top
thuahbahujakbb.top
thuahbahujakbc.top
thuahbahujakbd.top
thuahbahujakc.top
thuahbahujakca.top
thuahbahujakcb.top
thuahbahujakcc.top
thuahbahujakcd.top
thuahbahujakd.top
thuahbahujakda.top
thuahbahujakdb.top
thuahbahujakdc.top
thuahbahujakdd.top
thuahbahujake.top
thuahbahujakea.top
thuahbahujakeb.top
thuahbahujakec.top
thuahbahujaked.top
thuahbahujakf.top
thuahbahujakfa.top
thuahbahujakfb.top
thuahbahujakfc.top
thuahbahujakfd.top
thuahbahujakg.top
thuahbahujakga.top
thuahbahujakgb.top
thuahbahujakgc.top
thuahbahujakgd.top
thuahbahujakh.top
thuahbahujakha.top
thuahbahujakhb.top
thuahbahujakhc.top
thuahbahujakhd.top
thuahbahujakj.top
thuahbahujakja.top
thuahbahujakjb.top
thuahbahujakjc.top
thuahbahujakjd.top
thuahbahujakk.top
thuahbahujakka.top
thuahbahujakkb.top
thuahbahujakkc.top
thuahbahujakkd.top
thuahbahujakl.top
thuahbahujakla.top
thuahbahujaklb.top
thuahbahujaklc.top
thuahbahujakld.top
thuahbahujakm.top
thuahbahujakma.top
thuahbahujakmb.top
thuahbahujakmc.top
thuahbahujakmd.top
thuahbahujakn.top
thuahbahujakna.top
thuahbahujaknb.top
thuahbahujaknc.top
thuahbahujaknd.top
thuahbahujako.top
thuahbahujakoa.top
thuahbahujakob.top
thuahbahujakoc.top
thuahbahujakod.top
thuahbahujakp.top
thuahbahujakpa.top
thuahbahujakpb.top
thuahbahujakpc.top
thuahbahujakpd.top
thuahbahujakq.top
thuahbahujakqa.top
thuahbahujakqb.top
thuahbahujakqc.top
thuahbahujakqd.top
thuahbahujakr.top
thuahbahujakra.top
thuahbahujakrb.top
thuahbahujakrc.top
thuahbahujakrd.top
thuahbahujaks.top
thuahbahujaksa.top
thuahbahujaksb.top
thuahbahujaksc.top
thuahbahujaksd.top
thuahbahujakt.top
thuahbahujakta.top
thuahbahujaktb.top
thuahbahujaktc.top
thuahbahujaktd.top
thuahbahujakv.top
thuahbahujakva.top
thuahbahujakvb.top
thuahbahujakvc.top
thuahbahujakvd.top
uhuhuwjauwana.top
uhuhuwjauwanb.top
uhuhuwjauwanc.top
uhuhuwjauwand.top
uhuhuwjauwane.top
uhuhuwjauwanf.top
uhuhuwjauwang.top
uhuhuwjauwanh.top
uhuhuwjauwani.top
uhuhuwjauwanj.top
uhuhuwjauwank.top
uhuhuwjauwanl.top
uhuhuwjauwanm.top
uhuhuwjauwany.top
uhuhuwjauwanz.top
uthaudsazwzauiza.top
uthaudsazwzauizb.top
uthaudsazwzauizc.top
uthaudsazwzauizd.top
uthaudsazwzauize.top
uthaudsazwzauizf.top
uthaudsazwzauizg.top
uthaudsazwzauizh.top
uthaudsazwzauizi.top
uthaudsazwzauizj.top
uthaudsazwzauizk.top
uthaudsazwzauizl.top
uthaudsazwzauizm.top
uthaudsazwzauizn.top
uthaudsazwzauizo.top
uthaudsazwzauizp.top
uthaudsazwzauizq.top
uthaudsazwzauizr.top
uthaudsazwzauizs.top
uthaudsazwzauizt.top
uthaudsazwzauizv.top
uthaudsazwzauizw.top
uthaudsazwzauizx.top
uthaudsazwzauizy.top
utrzavazwbauja.top
utrzavazwbaujb.top
utrzavazwbaujc.top
utrzavazwbaujd.top
utrzavazwbauje.top
utrzavazwbaujf.top
utrzavazwbaujg.top
utrzavazwbaujh.top
utrzavazwbauji.top
utrzavazwbaujj.top
utrzavazwbaujk.top
utrzavazwbaujl.top
utrzavazwbaujm.top
utrzavazwbaujn.top
utrzavazwbaujo.top
utrzavazwbaujp.top
utrzavazwbaujq.top
utrzavazwbaujr.top
utrzavazwbaujs.top
utrzavazwbaujt.top
utrzavazwbauju.top
utrzavazwbaujv.top
utrzavazwbaujw.top
utrzavazwbaujx.top
utrzavazwbaujy.top
yjajawuabaub.com
yjajawuabauc.com
yjajawuabaud.com
yjajawuabaue.com
yjajawuabauf.com
yjajawuabaug.com
yjajawuabaug.top
yjajawuabauh.com
yjajawuabauh.top
yjajawuabaui.com
yjajawuabaui.top
yjajawuabauj.com
yjajawuabauj.top
yjajawuabauk.com
yjajawuabauk.top
yjajawuasbaua.top
yjajawuasbaub.top
yjajawuasbauc.top
yjajawuasbaud.top
yjajawuasbaue.top
yjajawuasbauf.top
yjajawuasbaug.top
yjajawuasbauh.top
yjajawuasbaui.top
yjajawuasbauj.top
aws.aauahbahujakaa.top
aws.aauahbahujakac.top
aws.aauahbahujakc.top
aws.aauahbahujakf.top
aws.aauahbahujakg.top
aws.aauahbahujakgb.top
aws.aauahbahujakl.top
aws.aauahbahujakn.top
aws.aauahbahujakna.top
aws.aauahbahujakrb.top
aws.aauahbahujakva.top
aws.aauwuwauhdaua.top
aws.aauwuwauhdaud.top
aws.aauwuwauhdaun.top
aws.aauwuwauhdauq.top
aws.aauwuwauhdaus.top
aws.aauwuwauhdaut.top
aws.aauwuwauhdauv.top
aws.aauwuwauhdauz.top
aws.ahuhuwjauwang.top
aws.ahuhuwjauwanh.top
aws.ahuhuwjauwanm.top
aws.ahuhuwjauwano.top
aws.bbuwuwauhdauc.top
aws.bbuwuwauhdaus.top
aws.bhuhuwjauwanc.top
aws.bhuhuwjauwane.top
aws.ccuwuwauhdauc.top
aws.ccuwuwauhdauh.top
aws.ccuwuwauhdauq.top
aws.chuhuwjauwane.top
aws.chuhuwjauwanx.top
aws.dduwuwauhdaue.top
aws.dduwuwauhdaux.top
aws.hdahsuwbgazc.top
aws.hdahsuwbgazh.top
aws.hdahsuwbgazo.top
aws.hdahsuwbgazs.top
aws.hdahsuwbgazt.top
aws.hdahsuwbgazv.top
aws.hdahsuwbgazz.top
aws.ifjhbjfiaza.top
aws.ifjhbjfiazh.top
aws.ifjhbjfiazn.top
aws.ifjhbjfiazs.top
aws.ifjhbubazi.top
aws.jfuwbabuwhh.top
aws.uhuhuwjauwanh.top
aws.uhuhuwjauwanl.top
aws.uhuhuwjauwanm.top
aws.yjajawuabauh.top
aws.yjajawuasbaue.top
aws.yjajawuasbauf.top
aws.yjajawuasbauh.top

# Reference: https://threatfox.abuse.ch/browse/tag/Hookbot%20Pegasus/ (# 2024-03-17)

http://103.35.189.52
http://114.130.36.120
http://137.184.177.175
http://142.171.8.253
http://143.110.180.125
http://147.78.103.233
http://185.196.11.210
http://185.80.128.10
http://188.120.231.211
http://188.120.250.67
http://194.87.74.14
http://206.238.113.242
http://206.238.42.236
http://62.109.20.47
http://64.23.194.166
http://64.23.228.21
http://66.103.202.31
http://66.103.202.47
http://82.146.59.110
http://82.197.93.210
http://83.220.169.98
http://94.250.255.6
194.33.191.105:50555

# Reference: https://twitter.com/h_krobot/status/1769337884316697025

http://94.156.66.12
12.lan-vg1-1.static.rozabg.com

# Reference: https://urlscan.io/search/#filename:%22login_sd.mp4%22

http://103.114.163.214
http://103.216.51.35
http://107.148.37.67
http://14.239.3.253
http://154.91.83.163
http://159.100.14.197
http://160.20.109.76
http://167.71.182.102
http://172.188.29.138
http://176.123.168.157
http://185.209.30.141
http://188.166.194.125
http://193.233.254.32
http://194.233.79.198
http://20.106.172.90
http://212.70.149.199
http://34.125.32.157
http://4.233.217.146
http://45.138.16.161
http://45.14.247.89
http://45.145.42.229
http://45.83.31.204
http://46.149.77.191
http://64.226.76.253
http://64.23.186.161
http://85.209.11.82
http://89.23.103.208
http://89.23.97.34
http://89.23.98.34
http://91.142.74.218
http://91.92.243.141
http://91.92.249.161
http://91.92.249.213
http://91.92.250.128
http://91.92.250.168
http://94.156.67.40
147.45.40.66:50555
centinelhost.com
es-bancofar-app.com
ethgiftclaim.com
inlliniea.org
rewardlido.com
vvalliet-coin.top

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-03-24)

http://103.215.124.119
http://103.215.124.60
http://104.43.89.110
http://110.173.54.194
http://110.173.54.195
http://110.173.54.196
http://110.173.54.197
http://110.173.54.198
http://111.90.145.26
http://124.156.162.114
http://166.88.61.219
http://172.208.54.18
http://172.208.59.226
http://172.214.139.124
http://185.249.227.27
http://185.78.76.40
http://188.119.112.64
http://193.222.96.238
http://193.222.96.33
http://20.0.153.70
http://20.121.42.245
http://20.166.248.109
http://20.251.169.136
http://20.65.178.69
http://20.77.71.31
http://207.180.202.241
http://213.166.68.24
http://31.129.99.52
http://34.16.134.132
http://37.140.242.93
http://40.119.24.133
http://45.128.96.74
http://45.136.6.149
http://45.15.159.44
http://5.199.162.93
http://5.199.169.206
http://52.160.82.19
http://77.105.132.32
http://87.120.84.22
http://93.123.85.74
http://94.156.10.254
http://94.156.69.44
http://94.156.8.224
20.0.153.70:8080
20.82.182.10:8080
94.156.69.44:8080

# Reference: https://threatfox.abuse.ch/browse/tag/Hookbot%20Pegasus/ (# 2024-03-24)

http://104.131.185.229
http://107.189.24.173
http://108.61.202.34
http://137.184.41.246
http://144.126.198.15
http://147.45.71.249
http://170.64.183.64
http://185.203.117.32
http://193.124.205.6
http://20.234.62.151
http://206.233.132.104
http://206.233.132.162
http://206.233.132.215
http://212.109.194.186
http://212.57.118.90
http://222.186.21.204
http://31.129.98.219
http://43.128.5.46
http://45.128.96.101
http://45.128.96.103
http://45.128.96.167
http://45.128.96.99
http://45.32.62.242
http://51.75.74.92
http://62.109.21.73
http://77.238.251.130
http://84.32.214.66
http://87.120.84.73
http://89.23.101.233
http://91.107.121.52
109.120.184.203:50555
77.105.167.115:50555

# Reference: https://twitter.com/malpulse/status/1773720262933987825

http://104.129.182.25
http://109.107.182.168
http://159.203.158.196
http://161.35.109.123
http://165.22.44.147
http://167.86.117.43
http://185.216.70.67
http://194.146.13.49
http://20.199.42.249
http://209.141.36.46
http://213.142.157.146
http://3.68.135.109
http://37.247.108.194
http://37.49.230.236
http://45.11.181.30
http://80.209.238.116
http://83.222.8.13
http://87.248.157.149
http://91.200.151.233
http://91.92.247.135
http://91.92.249.104
http://93.123.39.254
http://94.156.8.183
104.129.182.25:3434
109.107.182.168:3434
159.203.158.196:3434
161.35.109.123:3434
165.22.44.147:3434
167.86.117.43:3434
185.216.70.11:3434
185.216.70.67:3434
194.146.13.49:3434
209.141.36.46:3434
213.142.157.146:3434
37.247.108.194:3434
37.49.230.236:3434
45.11.181.30:3434
80.209.238.116:3434
83.222.8.13:3434
87.248.157.149:3434
91.200.151.233:3434
91.92.247.135:3434
91.92.249.104:3434
93.123.39.254:3434
94.156.8.183:3434
157.32.125.34.bc.googleusercontent.com
dndnote.com
guodu01.icu
hifym.cz
jinrizhuan003.icu
officialvit.com
revolutions.cz
serialbook.revolutions.cz

# Reference: https://threatfox.abuse.ch/browse/tag/Hookbot%20Pegasus/ (# 2024-03-31)

http://139.180.218.26
http://142.11.236.34
http://143.198.54.223
http://147.182.199.146
http://147.78.103.54
http://176.123.169.32
http://185.216.70.210
http://185.216.70.211
http://188.120.248.175
http://195.133.88.120
http://20.115.56.254
http://200.234.232.196
http://45.138.16.150
http://45.151.44.159
http://45.67.230.75
http://64.176.81.234
http://77.238.249.17
http://79.133.51.234
http://86.38.247.37
http://91.240.85.51
http://92.63.192.108
http://93.123.39.201
http://94.228.169.68
193.233.255.105:50555
77.221.154.236:50555
77.221.156.22:50555
93.123.39.57:50555

# Reference: https://threatfox.abuse.ch/browse/tag/Hookbot%20Pegasus/ (# 2024-04-11)

http://103.145.191.100
http://106.54.222.22
http://137.184.228.202
http://147.78.103.240
http://154.40.47.121
http://154.9.255.11
http://159.203.174.80
http://185.173.38.38
http://185.43.4.238
http://188.120.240.143
http://192.236.146.112
http://193.124.113.33
http://193.143.1.161
http://193.57.41.184
http://193.57.41.185
http://194.32.149.189
http://194.87.236.115
http://206.189.246.137
http://212.109.220.144
http://212.109.221.128
http://212.224.88.151
http://38.180.45.153
http://42.96.5.32
http://45.32.156.218
http://45.63.121.237
http://45.77.40.77
http://45.82.152.138
http://45.88.90.80
http://45.94.4.36
http://46.101.4.16
http://5.42.106.136
http://57.151.90.74
http://62.109.2.162
http://62.109.5.21
http://77.221.154.28
http://77.91.123.52
http://78.24.217.201
http://82.147.85.159
http://83.136.232.33
http://91.202.233.174
http://91.215.85.131
http://91.92.240.202
http://91.92.243.79
http://91.92.247.112
http://91.92.248.125
http://91.92.250.167
http://91.92.253.115
http://92.63.96.171
http://94.154.34.137
http://94.156.8.227
http://94.250.249.104
104.194.157.55:8082
13.214.93.225:443
45.63.121.237:8082
79.137.207.33:50555
89.208.103.64:50555
93.123.39.127:50555
94.156.8.125:50555

# Reference: https://twitter.com/banthisguy9349/status/1780197850707574816
# Reference: https://www.virustotal.com/gui/file/5d794e937ca1530895f464d0a59eebc89e44cef3228064457907fe38fc25f113/detection

http://87.120.84.22
87.120.84.22:3434
94.156.10.33:8080

# Reference: https://twitter.com/banthisguy9349/status/1780970174323085361

http://134.122.109.15
http://154.61.80.57
http://194.48.251.136
147.78.103.174:8082
185.216.70.210:50555
193.233.254.16:8082
77.105.146.185:50555

# Reference: https://www.virustotal.com/gui/file/820e9e9c1f7f6148c94e647a175ede95e41efdd882fd4b0177ad443ce8b95e04/detection

163.5.169.19:3434

# Reference: https://app.validin.com/detail?type=raw&find=HOOKBOT+PANEL#tab=host_pairs (2024-04-29)

http://139.99.64.79
http://2.58.56.99
http://3.34.122.177
http://31.129.98.188
http://54.36.113.159
http://64.227.140.244
http://87.120.84.167
http://91.151.95.157
http://91.92.247.254
http://93.127.202.69
http://94.156.64.149
http://95.70.159.193
149.lan-za1-1.static.rozabg.com
2-58-56-99.hosted-by-worldstream.net
49.183.246.35.bc.googleusercontent.com
foundjhostmk.com
gestione-subito.info
naughty-elion.107-173-140-104.plesk.page
old.standfin.ru
pegasusabs.link
planetclient.xyz
sudodot.asuscomm.com
walletservice.top
y1ge.shop

# Reference: https://pastebin.com/pvfQbnRB

http://14.178.208.233
http://167.71.169.160
http://185.125.50.198
http://185.241.208.213
http://45.91.8.8
http://5.253.40.118
http://77.238.235.75
http://91.92.247.95
http://93.177.102.47
http://94.131.107.85
http://94.156.64.148
http://94.156.79.114
http://94.156.79.186
http://94.156.79.50
http://95.164.117.2
103.216.51.35:50555
181.214.147.25:50555
185.216.70.189:50555
185.216.70.211:50555
91.188.254.6:50555

# Reference: https://twitter.com/banthisguy9349/status/1785736032387793082

http://147.45.47.44
http://147.45.47.46
http://147.78.103.222
http://45.144.29.47
http://46.105.124.55
http://93.123.39.29
http://94.156.8.125
http://94.156.8.245
147.45.47.44:8080
147.45.47.46:8080
147.78.103.222:8080
45.144.29.47:8080
46.105.124.55:8080
93.123.39.29:8080
94.156.8.125:8080
94.156.8.245:8080

# Reference: https://twitter.com/ReBensk/status/1786086630324838721

37.60.238.252:8085

# Reference: https://twitter.com/banthisguy9349/status/1787228895462219952
# Reference: https://app.validin.com/detail?type=raw&find=aXedroid+Console#tab=host_pairs
# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=aXedroid+Console
# Reference: https://www.virustotal.com/gui/file/039c79780123d3a766255749b32800a8082a1fc389455ed9ae9c5d82c0e9f37c/detection
# Reference: https://www.virustotal.com/gui/file/e330fcc07b1bc5616beb0905e26420fd58ed4ca8d1f6cbf9960a7137fe827697/detection
# Reference: https://www.virustotal.com/gui/file/20c8a5e3a600644317a513d28d1eaebb7c8ae16375208335099ca2452c0a0353/detection

http://194.26.135.189
http://85.209.11.108
http://85.209.11.65
194.26.135.189:3306
194.26.135.189:3434
194.26.135.189:8081
31.41.244.187:3306
31.41.244.187:3434
31.41.244.187:8081
85.209.11.108:3306
85.209.11.108:3434
85.209.11.108:8081
85.209.11.65:3306
85.209.11.65:3434
85.209.11.65:8081
clou-flare-n-s.com
proffiduguard.site
ns1.clou-flare-n-s.com
ns2.clou-flare-n-s.com
ns1.proffiduguard.site
ns2.proffiduguard.site

# Reference: https://www.virustotal.com/gui/ip-address/194.26.135.189/relations

balikovna.cell60.online
balikovna.cell73.online
balikovna.cell8.online
balikovna.sell123.online
balikovna.sell167.online
balikovna.sell179.online
balikovna.sell3413.online
balikovna.sell40.online
bazoscz.cell17.online
bazoscz.forum2311.online
bazoscz.sell176.online
cell10.online
cell100.online
cell101.online
cell102.online
cell103.online
cell104.online
cell105.online
cell106.online
cell107.online
cell108.online
cell109.online
cell110.online
cell111.online
cell115.online
cell116.online
cell117.online
cell118.online
cell119.online
cell12.online
cell120.online
cell121.online
cell122.online
cell123.online
cell124.online
cell125.online
cell13.online
cell14.online
cell15.online
cell16.online
cell17.online
cell18.online
cell19.online
cell20.online
cell21.online
cell22.online
cell24.online
cell27.online
cell28.online
cell29.online
cell30.online
cell31.online
cell32.online
cell33.online
cell38.online
cell39.online
cell4.online
cell40.online
cell42.online
cell43.online
cell44.online
cell45.online
cell46.online
cell47.online
cell48.online
cell49.online
cell5.online
cell50.online
cell51.online
cell54.online
cell55.online
cell56.online
cell57.online
cell58.online
cell59.online
cell6.online
cell60.online
cell61.online
cell63.online
cell64.online
cell65.online
cell66.online
cell67.online
cell68.online
cell69.online
cell7.online
cell70.online
cell71.online
cell72.online
cell73.online
cell74.online
cell75.online
cell76.online
cell77.online
cell78.online
cell8.online
cell81.online
cell82.online
cell83.online
cell9.online
cell93.online
cell94.online
cell95.online
cell96.online
cell97.online
cell98.online
cell99.online
cmrland11.com
dpd-cz.orderss93.online
dpd-cz.sell80.online
dpd-etmh.sell98.online
dpd-polska.cell100.online
dpd-polska.cell103.online
dpd-polska.cell77.online
dpd-polska.sell459.online
dpd-skwra.sell202.online
dpdczech.cell102.online
dpdczech.cell103.online
dpdczech.cell124.online
dpdczech.cell13.online
dpdczech.cell18.online
dpdczech.cell38.online
dpdczech.cell42.online
dpdczech.sell170.online
dpdczech.sell173.online
dpdczech.sell183.online
dpdczech.sell321.online
dpdczech.sell945.online
dpdsk.sell105.online
forum2311.online
forum2346.online
forum2349.online
forum342.online
forum493.online
forum921.online
forun2378.online
foxpost-hu.sell100.online
foxpost-hu.sell56.online
foxpost-hu.sell59.online
gls-group.forum2346.online
gls-group.sell135.online
gls-group.sell46.online
gls-group.sell48.online
in-post-polska.cell105.online
in-post-polska.cell15.online
in-post-polska.cell20.online
in-post-polska.cell44.online
in-post-polska.cell47.online
in-post-polska.cell63.online
in-post-polska.cell71.online
in-post-polska.cell73.online
in-post-polska.cell75.online
in-post-polska.cell83.online
inpost-ccgx.sell63.online
inpost-etiwy.orders61.online
inpost-hthd.sell102.online
inpost-uwga.sell88.online
jazyrippo.com
odrers61.online
olxpl-ncln.sell106.online
order2434.online
order2438.online
order8921.online
order8923.online
orders33.online
orders34.online
orders56.online
orders61.online
orders85.online
orderss34.online
orderss64.online
orderss69.online
orderss843.online
orderss93.online
packeta.cell15.online
packeta.sell130.online
plpost-pl.cell67.online
polskapoczta-bsyt.orders61.online
polskapoczta-hfrr.orders61.online
ppl.orderss69.online
ppl.sell40.online
sell0297.online
sell100.online
sell102.online
sell103.online
sell104.online
sell105.online
sell106.online
sell107.online
sell109.online
sell110.online
sell111.online
sell119.online
sell121.online
sell122.online
sell123.online
sell124.online
sell125.online
sell126.online
sell129.online
sell130.online
sell131.online
sell132.online
sell133.online
sell134.online
sell135.online
sell136.online
sell137.online
sell138.online
sell141.online
sell142.online
sell154.online
sell156.online
sell159.online
sell161.online
sell162.online
sell164.online
sell167.online
sell168.online
sell169.online
sell170.online
sell171.online
sell172.online
sell173.online
sell174.online
sell176.online
sell177.online
sell178.online
sell179.online
sell18.online
sell180.online
sell183.online
sell184.online
sell186.online
sell191.online
sell192.online
sell193.online
sell196.online
sell197.online
sell201.online
sell202.online
sell2022.online
sell203.online
sell204.online
sell205.online
sell206.online
sell321.online
sell3413.online
sell37.online
sell38.online
sell39.online
sell40.online
sell42.online
sell423.online
sell4235.online
sell43.online
sell44.online
sell45.online
sell456.online
sell459.online
sell46.online
sell48.online
sell49.online
sell50.online
sell52.online
sell56.online
sell59.online
sell60.online
sell61.online
sell62.online
sell63.online
sell64.online
sell65.online
sell66.online
sell666.online
sell67.online
sell68.online
sell69.online
sell74.online
sell78.online
sell79.online
sell80.online
sell83.online
sell84.online
sell86.online
sell87.online
sell88.online
sell89.online
sell91.online
sell9241.online
sell9262.online
sell93.online
sell944.online
sell945.online
sell95.online
sell98.online
sell99.online
sells1.online
sells21.online
sells4.online
vintedcz.cell120.online
vintedcz.cell75.online
vintedcz.cell83.online
vintedcz.sell104.online
vintedcz.sell122.online
vintedcz.sell135.online
vintedcz.sell459.online
vintedcz.sell87.online
vintedpolska.cell66.online
vintedsk.cell96.online
yoursells595.site
zasilkovna.cell102.online
zasilkovna.cell107.online
zasilkovna.cell32.online
zasilkovna.sell68.online

# Reference: https://app.validin.com/detail?type=raw&find=HOOKBOT+PANEL#tab=host_pairs (# 2024-05-07)

http://141.8.199.126
http://154.88.23.34
http://198.46.143.196
http://23.224.233.76
http://23.254.144.29
http://66.42.49.63
http://79.137.162.53
104-236-199-233.ipv4.staticdns2.io
candaweb.com
cdn.citas.lol
citas.lol
dcg592.vip
goooo.citas.lol
hf9885.com
infben.com
kolecko.ru
long930701.top
nuan0zz.xyz
nuan11a.xyz
nuan1aa.xyz
nuan44f.xyz
nuan4fff.xyz
nuan5gg.xyz
nuan5ggg.xyz
nuan6hh.xyz
nuan7jj.xyz
nuan8kk.xyz
nuan8kkk.xyz
nuan9ll.xyz
nuani88.xyz
nuanq11.xyz
nuanr44.xyz
nuant55.xyz
nuanu77.xyz
pay.citas.lol
redirect-r1.pay.citas.lol
rraaa1.xyz
rraaaa2.xyz
rraaaa4.xyz
rraaaa5.xyz
wisenom.com
yccvvb9.xyz
yeeddd3.xyz
yjjkka7.xyz
yqqaab1.xyz
yssdd10.xyz
ywwssc2.xyz
yybbt2.xyz
yyeea1.xyz
yyffr5.xyz
yygghd6.xyz
yyhhy7.xyz
yyjjq8.xyz
yykkw9.xyz
yyooa1.xyz
yyood4.xyz
yyoot7.xyz
yyoou9.xyz
yyooy8.xyz
yyrre10.xyz
yyy10wee.xyz
yyy1ahh.xyz
yyy2bee.xyz
yyy5fyy.xyz
yyy7uww.xyz
yyy8ioo.xyz
yyy9aee.xyz
yyyffr3.xyz

# Reference: https://twitter.com/banthisguy9349/status/1787224704811463154

http://103.207.68.85
http://138.197.84.169
http://142.171.227.67
http://146.103.45.72
http://146.190.56.109
http://193.222.96.186
http://216.173.119.170
http://23.254.128.104
http://27.124.32.187
http://5.35.91.177
http://80.76.49.6
http://85.209.133.240
http://87.121.105.67
103.207.68.85:47001
103.207.68.85:8089
138.197.84.169:8000
138.197.84.169:8080
138.197.84.169:8089
142.171.227.67:8000
142.171.227.67:8080
142.171.227.67:8089
146.103.45.72:8000
146.103.45.72:8089
146.190.56.109:8000
146.190.56.109:8089
147.45.47.44:8000
147.45.47.44:8089
193.222.96.186:8081
207.180.202.241:8081
216.173.119.170:8000
216.173.119.170:8080
216.173.119.170:8089
23.254.128.104:8000
23.254.128.104:8089
23.254.144.29:3434
23.254.144.29:8000
23.254.144.29:8089
27.124.32.187:8089
5.35.91.177:8000
5.35.91.177:8089
80.76.49.6:8081
85.209.133.240:8081

# Reference: https://twitter.com/banthisguy9349/status/1787221321941758148
# Reference: https://urlscan.io/search/#filename:%22pathseg.js%22

http://13.49.251.65
http://144.126.128.29
http://149.50.96.98
http://172.214.98.73
http://173.212.219.194
http://185.102.172.72
http://185.234.216.104
http://193.233.254.27
http://20.55.63.136
http://211.22.182.201
http://213.199.56.38
http://37.60.245.93
http://45.128.96.169
http://45.128.96.34
http://45.88.90.29
http://5.178.111.179
http://5.199.168.141
http://62.122.184.196
http://79.110.48.224
http://84.32.231.182
http://91.92.246.236
http://91.92.255.150
http://94.156.79.100
http://95.214.24.141
118.107.43.36:8088
118.107.43.66:8088
118.107.43.86:8088

# Reference: https://www.virustotal.com/gui/file/8df476be832a1204480d301c7579597bcdafc690b77d1f5c64dc6fb80c0d90d2/detection

23.224.233.76:3434

# Reference: https://www.virustotal.com/gui/ip-address/23.224.233.76/detection

jmex.live
jmorex.live
jpmex.live
nuane33.xyz
nuano99.xyz
nuanp00.xyz
nuanw22.xyz
nuany66.xyz
rraaaa3.xyz
uu386.xyz
uu479.xyz
uucbeh2.xyz
uucveh4.xyz
uusakf1.xyz
uuvehe5.xyz
uuvev3.xyz
uuvmne3.xyz
uuvvd2.xyz
ynnqqc8.xyz
yrrffv4.xyz
yttbbb5.xyz
yya10h10.xyz
yya1bb2.xyz
yya2qq2.xyz
yya3tt3.xyz
yya4yy4.xyz
yya5uu5.xyz
yya6ii6.xyz
yya7oo7.xyz
yya8aa8.xyz
yyaar2.xyz
yycct3.xyz
yyccu3.xyz
yyccy10.xyz
yydde4.xyz
yyddu6.xyz
yyggt6.xyz
yyoob2.xyz
yyooc3.xyz
yyooe5.xyz
yyooi10.xyz
yyoor6.xyz
yyppq8.xyz
yyqqr1.xyz
yysst5.xyz
yyvvd4.xyz
yyyccu1.xyz
yyydde2.xyz
yyyggt4.xyz
yyyhhd5.xyz
yyzzn7.xyz

# Reference: https://www.virustotal.com/gui/ip-address/143.92.49.173/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.224.233.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.124.12.88/relations

http://91.92.245.22
asmrbb.xyz
asmrkc.xyz
asmryy.xyz
baomm.xyz
bb11efe.xyz
bb11uu.xyz
bb12uu.xyz
bb13uu.xyz
bb14uu.xyz
bb15uu.xyz
bb22fue.xyz
bb33ife.xyz
bb44ogr.xyz
bb55lfk.xyz
bb6666.xyz
bbceue3.xyz
bbdawh1.xyz
bbdwpf5.xyz
bbefhu3.xyz
bbegok33.xyz
bbeokk5.xyz
bbewkm2.xyz
bbfe11.xyz
bbfefju10.xyz
bbfeik2.xyz
bbfeok4.xyz
bbfeuj07.xyz
bbfeuu01.xyz
bbffej05.xyz
bbfiei3.xyz
bbfiwi06.xyz
bbfiwj4.xyz
bbfk14.xyz
bbfoej66.xyz
bbfoku22.xyz
bbfwir7.xyz
bbfwjh6.xyz
bbfwji2.xyz
bbfwoh8.xyz
bbfwoj9.xyz
bbfwok5.xyz
bbfwop1.xyz
bbgrukl09.xyz
bbijkk1.xyz
bbjfeu02.xyz
bbkc15.xyz
bbkei1.xyz
bbkfe2.xyz
bblow4.xyz
bboefj44.xyz
bboejp77.xyz
bbofk3.xyz
bbojwf11.xyz
bbok13.xyz
bbpfek55.xyz
bbpfeo4.xyz
bbqqwe08.xyz
bbuek5.xyz
bbwq12.xyz
ccdgdgy1.xyz
ccertjj66.xyz
ccjeffe22.xyz
ccjfjfj4.xyz
ccjghgh5.xyz
cckfhio11.xyz
ccle33.xyz
cclee3.xyz
ccli88.xyz
cclii8.xyz
cclo99.xyz
ccloo9.xyz
cclp00.xyz
cclpp0.xyz
cclq11.xyz
cclqq1.xyz
cclr44.xyz
cclrr4.xyz
cclt55.xyz
ccltt5.xyz
cclu77.xyz
ccluu7.xyz
cclw22.xyz
cclww2.xyz
ccly66.xyz
cclyy6.xyz
ccorjig33.xyz
ccorktk77.xyz
ccuefje55.xyz
ccweeee2.xyz
ccweyee3.xyz
ccwjfjr44.xyz
fawf2.xyz
fwau1.xyz
h158.xyz
hfhjhj.icu
jfsports.xyz
nuan1aaa.xyz
nuan2ss.xyz
nuan3ddd.xyz
nuan4ff.xyz
oktpol.xyz
ovbn5.xyz
rrbhf5.xyz
rrfhh2.xyz
rrghty1.xyz
rrhfg3.xyz
rrhrfn2.xyz
rrhtyu5.xyz
rrjgd1.xyz
rrmhji4.xyz
rrnbh4.xyz
rrsgeg3.xyz
sadd.xyz
ssdrr4.xyz
ssdsds3.xyz
ssdwd5.xyz
sseeej1.xyz
ssrdee2.xyz
uu1hfwc.xyz
uu2ndbw.xyz
uu386.xyz
uu3fefhf.xyz
uu479.xyz
uu4kefjn.xyz
uu559.xyz
uu5opgtj.xyz
uu775.xyz
uuby102.xyz
uucbeh2.xyz
uucf103.xyz
uucm8.xyz
uucveh4.xyz
uudw105.xyz
uufb106.xyz
uufefejk11.xyz
uufefjht33.xyz
uufefjj55.xyz
uufefyw99.xyz
uufeh66.xyz
uufehfu44.xyz
uufehuk22.xyz
uufey3.xyz
uufh108.xyz
uufjo2.xyz
uufkefk00.xyz
uufne1.xyz
uufoe5.xyz
uufw101.xyz
uugvn4.xyz
uukjk1.xyz
uulk107.xyz
uunv104.xyz
uuoekfj88.xyz
uusakf1.xyz
uuvb109.xyz
uuvehe5.xyz
uuvekk77.xyz
uuvev3.xyz
uuvmne3.xyz
uuvvd2.xyz
veij4.xyz
veue3.xyz
y10eer.xyz
y10sfisk.xyz
y1qquio.xyz
y1wrrqr.xyz
y2aaert.xyz
y2wrwhr.xyz
y3nsdsn.xyz
y3zzsdf.xyz
y4eeuio.xyz
y4fsiff.xyz
y5sdif.xyz
y5ttqwe.xyz
y6ddasd.xyz
y6sifnn.xyz
y7cccom.xyz
y7sfsff.xyz
y8fsfso.xyz
y8vvbnm.xyz
y9iiopg.xyz
y9sfisf.xyz
yasdd3.xyz
ybnmm10.xyz
yfghh6.xyz
yiopp1.xyz
yjknn9.xyz
yqerr2.xyz
yrtyy7.xyz
yuioo8.xyz
yvbnn5.xyz
yy10rrty.xyz
yy1asdt.xyz
yy2erty.xyz
yy3fghj.xyz
yy4bnm.xyz
yy5jkpp.xyz
yy6qwee.xyz
yy7asdf.xyz
yy8zxcv.xyz
yy9qwer.xyz
yya10h10.xyz
yya1bb2.xyz
yya2qq2.xyz
yya3tt3.xyz
yya4yy4.xyz
yya5uu5.xyz
yya6ii6.xyz
yya7oo7.xyz
yya8aa8.xyz
yya9dd9.xyz
yyaar2.xyz
yycct3.xyz
yyccy10.xyz
yyddu6.xyz
yykkp9.xyz
yyppq8.xyz
yyqqr1.xyz
yysst5.xyz
yyvvd4.xyz
yyy10nm.xyz
yyy1uio.xyz
yyy2qwe.xyz
yyy3asd.xyz
yyy4zxc.xyz
yyy5rty.xyz
yyy6fgh.xyz
yyy6gqq.xyz
yyy7vbn.xyz
yyy8iop.xyz
yyy9jkm.xyz
yyzzn7.xyz
yzxcc4.xyz

# Reference: https://twitter.com/banthisguy9349/status/1788816213767754107
# Reference: https://app.validin.com/detail?type=raw&find=Universe+0.5#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/dd979ddb9f1b198f36cf8714208ec7d1c73f8183e5fe26b926810d9ebd8be2bc/detection
# Reference: https://www.virustotal.com/gui/file/04edf1a70653ac19af894c256137784bc73c8a128e81a5ac26de8d039ef23c60/detection

http://178.215.236.29
http://193.222.96.215
http://193.26.115.240
http://91.219.63.21
http://93.123.39.63
178.215.236.29:3434
193.222.96.215:3434
193.26.115.240:3434
93.123.39.63:3434

# Reference: https://app.validin.com/detail?type=raw&find=HOOKBOT+PANEL#tab=host_pairs (# 2024-05-11)

http://193.26.115.113
http://5.253.40.168
http://80.253.246.96
edlmrfdndi.site
iefomeedl.org
ir-dowenerioe.site
irmaeshtyi.shop

# Reference: https://app.validin.com/detail?type=raw&find=HOOKBOT+PANEL#tab=host_pairs (# 2024-05-20)

http://14.247.219.179
http://147.78.103.134
http://172.105.15.137
http://185.208.158.109
http://185.208.158.47
http://185.216.70.82
http://2.58.56.246
http://34.27.202.94
http://35.226.17.12
http://5.180.155.190
http://91.151.89.38
goonclown.com
heusaxa1.net.tr
maishtiye.org
pepsace.com

# Reference: https://www.virustotal.com/gui/ip-address/91.151.89.217/detection

http://91.151.89.217

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s.csv

http://114.130.36.119
http://146.70.113.163
http://154.197.98.103
http://159.100.20.48
http://159.223.31.192
http://159.65.161.159
http://165.22.69.151
http://176.111.174.221
http://176.114.64.50
http://18.130.235.239
http://18.133.238.182
http://185.121.169.124
http://185.216.70.62
http://185.218.0.101
http://185.223.77.217
http://194.15.46.117
http://194.163.144.18
http://194.55.186.200
http://195.114.193.38
http://195.133.201.106
http://195.200.14.160
http://213.219.199.52
http://34.122.213.13
http://34.44.55.114
http://45.154.99.250
http://45.66.231.11
http://45.77.146.136
http://45.94.31.179
http://5.42.92.29
http://51.68.80.51
http://65.38.121.194
http://77.220.213.48
http://81.177.140.77
http://82.97.249.127
http://91.151.89.25
http://91.188.254.182
http://91.188.254.83
http://91.202.233.138
http://91.92.240.72
http://91.92.241.109
http://91.92.242.81
http://91.92.251.201
http://91.92.253.151
http://91.92.255.83
http://93.127.186.6
http://94.156.68.158
http://94.156.68.17
http://94.156.79.148
http://94.156.79.168
http://94.156.79.169
http://94.156.79.26
http://94.156.79.93
http://94.156.8.137
http://94.156.8.158
http://95.142.46.3
109.120.176.25:45051
118.107.244.100:50555
118.107.244.99:50555
176.111.174.221:81
34.92.138.93:50555
77.105.147.118:50555
91.92.240.70:50555
93.123.39.249:50555
94.156.79.166:50555
94.156.8.106:50555
94.156.8.171:50555
94.156.8.81:50555

# Reference: https://app.validin.com/detail?type=raw&find=HOOKBOT+PANEL#tab=host_pairs_v2 (# 2024-07-14)
# Reference: https://www.virustotal.com/gui/file/0968f706d92da8fa371cf88aeb4ba60e44733035e3311c60f9d36addb1c9d5b3/detection

http://103.244.226.171
http://103.67.163.33
http://104.236.199.233
http://114.130.36.119
http://114.130.36.121
http://134.209.106.197
http://141.8.198.131
http://142.171.67.205
http://147.45.44.67
http://147.45.47.40
http://15.228.248.19
http://154.216.17.159
http://154.216.20.235
http://154.216.20.57
http://159.69.86.27
http://167.71.85.87
http://172.214.254.115
http://176.111.174.221
http://18.134.206.231
http://13.40.48.138
http://185.196.10.211
http://185.208.158.112
http://185.216.70.62
http://185.250.207.234
http://185.80.128.162
http://190.123.44.254
http://191.96.79.89
http://193.164.5.111
http://193.233.161.220
http://194.163.144.18
http://194.33.191.252
http://194.55.186.79
http://195.161.114.58
http://20.201.118.111
http://202.79.172.198
http://206.189.140.103
http://3.15.150.119
http://31.220.17.227
http://34.122.213.13
http://34.41.177.91
http://35.184.180.199
http://41.216.188.83
http://41.216.188.84
http://41.216.188.85
http://45.156.25.186
http://45.132.181.5
http://45.200.148.13
http://45.94.31.179
http://5.42.92.29
http://5.83.218.191
http://64.227.156.18
http://74.48.84.151
http://77.90.36.93
http://85.209.153.135
http://86.38.247.6
http://91.202.233.138
http://91.215.85.145
http://91.92.245.16
http://91.92.246.203
http://91.92.246.234
http://91.92.251.201
http://91.92.251.207
http://91.92.252.242
http://91.92.255.83
http://93.123.39.241
http://94.154.34.23
http://94.156.64.184
http://94.156.65.2
http://94.156.65.236
http://94.156.79.168
http://94.156.79.169
http://94.156.79.248
http://94.156.79.68
http://94.156.8.158
103.67.163.33:3434
2343243258234.com
236462572337423.online
736526437472.com
783247237256214.com
82-147-85-159.networktube.net
admin.chainlistr.com
admin.fanspark.club
aerodiomc.com
aerodirome.com
aerodiromr.com
aerodomc.com
aerodomr.com
aerodrome.finance.aerodirome.com
aerodromr.com
altopremio.us
api.botnetcontrol.org
api.fanspark.club
app.chainlirst.com
app.fanspark.club
autotolla.vip
babychildrens.store
babychildrensshop.shop
botnetcontrol.org
bsb-transport.com.au
chaimlistr.com
chaimlstr.com
chainlirst.com
chainlirstr.com
chainlistr.com
chairnlirst.com
chairnlist.com
chloetaylormakeup.co.uk
cingapore.com
co.kr.nightciows.com
com.nightciows.com
comnfired.com
corayhn.buzz
coreopaaragua-py.top
correos.pa-ock.click
coyndfirmeds.com
cra-unclaimedfunds.info
dediust.com
dedlust.com
dedrust.com
dedusit.com
dedusit.io
dedust.io.dedusit.io
dmorenopack.site
ere.yesis-store.com
errotrbok.com
expressvpnservices.online
fanspark.club
finance.aerodirome.com
frpsot.com
gbjcampuspass.xyz
hormetsecurity.com
invoice-traffic.com
io.dedusit.io
jitco.network
jitot.network
jitou.network
jitoz.network
kr.nightciows.com
logjienrd.com
ltdoffs.online
m.chainlirst.com
m.chainlistr.com
m16718.contaboserver.net
modeu.network
modew.network
modne.network
modoe.network
molanfx.com
muviewi.sbs
nether.gbjcampuspass.xyz
network.polyhedrao.com
nightciows.com
nightcirows.com
nightcrows.com.nightciows.com
npl-govnphome.top
ns1.yurtekmek.com
ns2.yurtekmek.com
pa-ock.click
pay.paysants.com
plus-telstra.shop
plus-telstras-au.online
poliyhedira.network
polyhedra.network.polyhedrao.com
polyhedrao.com
polyhedrao.network
polyhiadira.network
psitaliana.shop
psotiit.com
psotite.site
psotnords.shop
raydima.com
raydiue.com
raydiui.com
raydiul.com
raydiur.com
raydiuu.com
raydiuv.com
raydiux.com
raydiuz.com
rrr.yesis-store.com
seeditfyc.com
seeditfyi.com
seeditfym.com
seeditfyn.com
seeditfyr.com
seeditfyu.com
seeditfyv.com
sigfjned.com
singaporebooking.com
singaporedui.com
singaporeentertainment.com
sitemap.chainlistr.com
sitemaps.chainlistr.com
specialdrilling38.ru
stream.pascalsoftware.com
support-conoha.hormetsecurity.com
swiftcrypto.pro
synflntues.com
synfntueis.com
synfntuies.com
taliskerwhiskyatlanticchalleng.com
telstra-au.online
telstra-plus.shop
telstra.fun
telstraplus.shop
telstras.fun
telstras.online
telstras.store
telstras.tech
telstrat.shop
terpsbag.com
test.yesis-store.com
ticket-singapore.com
tommarsh.net
tonflux.com
ttt.yesis-store.com
wahelp.website
webcust001.hostpie.net
ww12.chainlistr.com
yesis-store.com
yurtekmek.com
zeroapk.mobi

# Reference: https://x.com/drb_ra/status/1812741250954543449

http://185.18.222.93

# Reference: https://x.com/ValidinLLC/status/1816891876697337910
# Reference: https://app.validin.com/detail?find=5d17fbecdbd631b16214c7d7d0d71ff9&type=hash&ref_id=6fa7e2533df#tab=host_pairs_v2

customer20portal24.info
direitoeletronico.org
ectraknetife.com
etctraknethost.com
worlds-securitys.com
wtffckbeachpro2.com
palenko.customer20portal24.info

# Reference: https://x.com/pedrinazziM/status/1817112317533790317
# Reference: https://search.censys.io/hosts/194.59.30.147
# Reference: https://app.validin.com/detail?find=GodZilla%20Botnet&type=raw&ref_id=f308c6f718a#tab=host_pairs_v2

http://194.59.30.147
194.59.30.147:3434

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

154.216.20.7:8082
193.222.99.184:50555
http://149.50.108.156
http://154.216.18.26
http://154.216.18.93
http://154.216.20.7
http://159.89.160.102
http://18.170.31.47
http://185.250.207.87
http://194.55.186.122
http://198.187.28.69
http://20.173.98.99
http://213.142.159.55
http://45.138.16.179
http://45.147.249.151
http://64.227.148.134
http://77.90.36.148
http://77.90.36.26
http://77.90.38.2
77.90.38.2:8082

# Reference: https://app.validin.com/detail?find=LOOT%201.0&type=raw&ref_id=a4a037a39a7#tab=host_pairs_v2

http://104.194.154.9
http://154.201.64.67
http://167.88.174.179
http://185.196.9.187
http://20.244.0.31
preety.agency

# Reference: https://x.com/RakeshKrish12/status/1822893567385469001
# Reference: https://app.validin.com/detail?find=LOOT%202.0%20PANEL&type=raw&ref_id=77a4d35e6c8#tab=host_pairs_v2

http://91.92.254.104

# Reference: https://x.com/LeetLeigh/status/1820904761283244107

http://139.59.254.242
http://154.216.20.5
http://82.180.146.27
espacesante2024.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-08-10)

http://154.216.20.166
http://185.196.8.70
http://193.233.254.28
http://194.59.31.104
http://40.89.179.195
http://45.128.96.116
http://45.159.220.54
http://45.88.91.227
http://52.172.40.40
http://77.37.49.46
http://91.151.93.18
http://91.92.240.238
http://91.92.241.46
http://91.92.242.244
http://91.92.243.214
http://91.92.255.181
http://91.92.255.76
103.139.1.202:3434
95.158.16.172:8090

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

http://103.225.9.107
http://103.27.79.47
http://154.216.18.158
http://185.217.125.89
http://185.218.0.64
http://185.93.6.87
http://20.198.249.208
http://207.32.219.49
http://216.238.119.7
http://45.200.149.122
http://45.89.53.55
http://46.226.167.10
http://5.45.67.18
http://51.158.201.148
154.216.17.81:50555
193.222.99.184:3000
91.214.78.42:50555

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-08-18)

http://154.21.201.39
http://170.39.177.165
http://179.43.146.135
http://185.235.128.244
http://194.59.31.101
http://194.59.31.102
http://4.233.219.149
http://40.69.210.236
http://45.91.201.168
http://77.105.147.243

# Reference: https://www.virustotal.com/gui/file/e3933677baa6990c32f4fdc6fd605b0f473c6928444aa1c475b57a925c78395d/detection

91.92.246.222:3434

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

http://185.235.128.139
http://37.230.62.69
http://45.200.149.141
http://45.59.112.9
http://45.91.201.250
http://81.0.249.71

# Reference: https://x.com/banthisguy9349/status/1828499255184552253
# Reference: https://x.com/0x6rss/status/1828502553816141953

http://154.216.19.70
/JR3nx2r3240/
/Zwdfqj12932WFNp/

# Reference: https://app.validin.com/detail?find=5d17fbecdbd631b16214c7d7d0d71ff9&type=hash&ref_id=32a87e7c2c7#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/ip-address/91.92.246.203/relations

aisp-th.top
aisths.sbs
autotolla.bond
autotolla.club
autotolletc.cyou
correospanama.bond
usps-us-track.top
eclonus.xyz
elderlybliss.net
emiratepost.lat
estafeeta.top
guypostparcel-gy.top
happinessaftersixty.com
happinessinlaterlife.net
joyfulelderyears.com
ku-wai.xyz
kuiwai.top
kuwaicn.xyz
oldagehappiness.com
phlposst-gov.top
postaroman-ro.top
seniorserenity.net
seniorseuphoria.com
splonus.top
tha-aisthpoints.top
tha-pointsais.top
thapointsais.top

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-09-02)

http://138.201.130.31
http://139.84.172.12
http://142.202.242.185
http://146.190.227.139
http://147.45.47.83
http://152.42.129.99
http://154.216.18.240
http://178.130.43.178
http://20.173.104.216
http://206.206.127.130
http://209.38.96.156
http://212.80.7.76
http://3.144.2.162
http://45.136.6.100
http://45.143.4.73
http://45.83.31.74
http://45.88.105.148
http://45.91.200.43
http://51.79.182.113
http://64.49.14.51
http://64.49.14.52
http://89.110.119.227
http://91.245.255.17
104.194.157.211:45051
128.199.26.157:8082
142.202.242.185:8082
154.216.20.42:50555
159.65.161.159:8082
167.99.223.164:8082
179.43.146.133:8082
18.134.206.231:8082
185.250.38.124:8082
193.222.99.16:3000
20.198.251.69:8082
206.206.127.130:8082
207.32.219.49:8082
4.231.236.138:8082
45.159.220.54:8082
45.207.194.33:8082
45.59.112.9:8082
5.42.92.156:50555
51.158.201.148:8082
51.79.182.113:8082
77.105.161.147:8082
91.202.233.138:8082
91.214.78.49:8082
91.92.246.203:8082
91.92.255.76:8082
93.177.102.136:8082
94.141.120.94:8082
94.154.34.23:8082
059879e5-b2e8-4f58-aa46-95f69d92aa34.random.raydiux.com
059879e5-b2e8-4f58-aa46-95f69d92aa34.random.seeditfyu.com
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.aerodromr.com
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.dedlust.com
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.polyhedrao.com
a.usps-direct.one
correoparagua-pry.top
mesh.botnetcontrol.org
mex-estafeeta.top
qxwqxhskols.raydiuu.com
smtp.raydiuu.com
splonus.icu
tur-pttpayment.top
usps-direct.one

# Reference: https://app.validin.com/detail?find=5d17fbecdbd631b16214c7d7d0d71ff9&type=hash#tab=host_pairs_v2

botsswanapost.top
correoparagua-py.top
estafetaa-mex.top
maxiis-my.top
pak-postgov.top
za-postofficeco.top

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

http://134.255.180.156
http://154.216.17.235
http://172.96.14.57
http://194.59.30.216
http://37.114.50.155
http://62.217.182.143
http://79.110.49.35
http://91.231.182.183

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-09-08)

http://13.48.26.173
http://13.49.223.83
http://13.60.45.175
http://154.12.31.109
http://164.92.203.16
http://185.250.207.227
http://193.233.254.125
http://20.19.37.34
http://20.217.17.203
http://45.89.247.95
http://91.212.166.61
146.190.227.139:8082
152.42.129.99:8082
154.216.20.5:8082
164.92.203.16:8080
185.196.8.70:8080
193.222.99.19:3000
193.222.99.19:3001
38.242.193.124:8082
64.49.14.52:8082
91.92.241.46:8080
95.70.159.193:8082
balfuorcare.com
cpanel.fulfillirite.com
cpcalendars.fulfillirite.com
cpcontacts.fulfillirite.com
fulfillirite.com
germ-ac.com
jan2401-services.com
mail.fulfillirite.com
post-43.shop
ultrapowermac.com
webdisk.fulfillirite.com

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-09-09)

http://204.12.203.65
http://3.9.169.14
57.159.8.92:8082

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs_v2 (# 2024-09-09)

http://185.149.120.187
ethergases.app
ethergases.org
gryhazardowe.pro
gryhazardowe.tech
mechaapeyachtclub.io
metis-launchpad.net
pythr.net
2024.ethergases.app
analytic.ethergases.app
analytics.ethergases.app
analyze.ethergases.app
app.ethergases.app
apps.pythr.net
backend.ethergases.app
bi.ethergases.app
bigdata.ethergases.app
bot.prady.in
cevgwwwwsowgoowa.ethergases.app
chart.ethergases.app
clayvwwwportalvpn.pythr.net
dashboard.ethergases.app
dashboards.ethergases.app
forum.ethergases.app
hdobussl.ethergases.app
intelligence.ethergases.app
kfrlllogin.ethergases.app
khwnlwwwowa.pythr.net
m.ethergases.app
mail.ethergases.app
metrics.ethergases.app
ns1.pagofaciil.online
ns1.soatenlinea.mom
owa.ethergases.app
pwrhicevgwwwwsowgoowa.ethergases.app
report.ethergases.app
reports.ethergases.app
research.ethergases.app
rmyrsvpnssl.pythr.net
sandbox-superset.ethergases.app
sbqobsowgoowa.ethergases.app
secure.ethergases.app
sitemap.ethergases.app
sitemaps.ethergases.app
skcvycevgwwwwsowgoowa.ethergases.app
sowgoowa.ethergases.app
ssl.ethergases.app
stats.ethergases.org
superset.ethergases.app
suxlswwwapi.ethergases.app
webmail.ethergases.app
wp.ethergases.app
www1.ethergases.app
wwwacceso.pythr.net
wwwadmin.ethergases.app
wwwanalytics.ethergases.app
wwwanalyze.pythr.net
wwwapp.ethergases.app
wwwapp.pythr.net
wwwbackend.ethergases.app
wwwchart.ethergases.app
wwwcnlenwwwofficevpn.pythr.net
wwwdev.ethergases.app
wwwforum.ethergases.app
wwwhdobussl.ethergases.app
wwwkfrlllogin.ethergases.app
wwwlogin.ethergases.app
wwwowa.ethergases.app
wwwreport.ethergases.app
wwwreporting.ethergases.app
wwwsitemap.ethergases.app
wwwsowgoowa.ethergases.app
wwwssl.ethergases.app
wwwstaging.ethergases.app
wwwsupersets.ethergases.app
wwwsuxlswwwapi.ethergases.app
wwwvirtualapps.pythr.net
wwwwebmail.ethergases.app
wwwwp.ethergases.app
wwwwww.ethergases.app
wwwwwwadmin.ethergases.app
wwwwwwapi.ethergases.app
wwwwwwbackend.pythr.net
wwwwwwcnlenwwwofficevpn.pythr.net
wwwwwwqtvzudev.pythr.net
wwwwwwsitemap.ethergases.app
wwwwwwstaging.ethergases.app
wwwwwwvpn.pythr.net
wwwwwwvpnssl.pythr.net
wwwwwwwebmail.ethergases.app
wwwwwwwp.ethergases.app
wwwwwwwww2024.ethergases.org
wwwwwwwwwgatewayvpn.pythr.net
wwwwwwwwwvirtualapps.pythr.net
xn--wypacalnekasy-yhc.com
xwdvawwwwwwwebmail.ethergases.app

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs_v2 (# 2024-09-11)

ant-reclamation.com
cansilleriapasaporte.org
dyimension.org
gryhazardowe.cloud
gryhazardowe.vip
launchpads-metis.net
launchpads-metis.org
launchpads-metis.app
layerzero-crystaldash.co
lootbot.su
metis-launchpad.app
metis-launchpad.org
metis-launchpads.app
metis-launchpads.net
nebulaneo.top
nebulaneo.xyz
omnibus-zksync.io
pagartusoat.org
pagatusoatya.online
pagoexpres.online
points-crystaldash.co
register-blendprotocol.io
soatenlinea.mom
xn--premnt-6va.xyz
analytic.ethergases.org
analytics.ethergases.org
analyze.ethergases.org
api.ethergases.org
bi.ethergases.org
chart.ethergases.org
dashboard.ethergases.org
demo.ethergases.org
forecast.ethergases.org
intel.ethergases.org
intelligence.ethergases.org
login.ethergases.org
metric.ethergases.org
metrics.ethergases.org
ns1.cansilleriapasaporte.org
ns1.pagartusoat.org
ns1.pagatusoatya.online
ns2.pagartusoat.org
ns2.pagatusoatya.online
ns2.pagoexpres.online
ns2.soatenlinea.mom
reporting.ethergases.org
research.ethergases.org
ssl.ethergases.org
superset.ethergases.org
supersets.ethergases.org
visual.ethergases.org
webmail.ethergases.org
wp.ethergases.org
wwwadmin.ethergases.org
wwwforum.ethergases.org
wwwgmoeuwwwadmin.ethergases.org
wwwm.ethergases.org
wwwmail.ethergases.org
wwwmetrics.ethergases.org
wwwsuperset.ethergases.org
wwwwebmail.ethergases.org
wwwwww1.ethergases.org
wwwwwwbackend.ethergases.org
wwwwwwsecure.ethergases.org
wwwwwwsitemap.ethergases.org
wwwwwwwwwwebmail.ethergases.org

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs_v2 (# 2024-09-13)

gryhazardowe.us
guild-zksync.io
mechapeyachtclub.io
tramitapasaporte.online
xn--premit-0eb.xyz
ns2.tramitapasaporte.online
owa.ethergases.org
wwwwwwapp.ethergases.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

http://103.228.127.77
http://154.216.17.26
http://185.65.201.14
http://194.233.94.252
http://3.94.113.223
http://52.172.98.7
http://91.92.242.166
http://94.141.120.227
http://94.156.65.36

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

http://104.168.132.88
http://154.216.20.3
http://3.94.113.223
http://45.202.35.104
http://64.227.148.202
http://91.92.248.34

# Reference: https://threatfox.abuse.ch/browse/malware/apk.ermac/ (# 2024-09-22)

http://115.126.59.126
http://115.126.59.38
http://116.212.120.131
http://116.212.120.79
http://116.212.120.91
http://163.53.216.199
http://163.53.216.214
http://163.53.216.253
http://47.239.15.41
103.61.224.217:8080
185.149.120.187:8082
193.222.99.16:3001
204.12.203.65:8080
45.137.68.29:8082
85.192.49.163:8080
85.202.163.30:8082
91.92.254.240:8080
94.156.67.47:8082
bbbdfsdfsfffdddd.top
cdnhou.bbbdfsdfsfffdddd.top
fffazzfhggs.top
hou.fffazzfhggs.top
idc-131-120-212-116.hkt.cc

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2024-09-22)

http://103.61.224.217
http://147.45.154.229
http://178.130.40.29
http://178.211.130.146
http://185.173.37.56
http://185.244.181.32
http://185.244.183.222
http://193.222.99.16
http://31.177.108.45
http://45.137.68.29
http://62.72.29.99
http://77.232.37.24
http://77.232.42.21
http://80.85.246.107
http://85.198.109.163
http://85.202.163.30
http://93.183.127.56
http://94.156.67.160
103.228.127.77:8082
103.228.127.77:8089
104.168.132.88:8089
118.107.244.100:8089
118.107.244.99:8089
13.71.109.202:8082
134.255.180.156:8089
138.201.130.31:8089
154.216.17.159:8089
154.216.17.235:8089
154.216.17.26:8089
154.216.17.81:8089
154.216.20.3:8089
154.216.20.42:8089
154.216.20.62:8089
154.216.20.7:8089
162.0.224.38:8089
164.92.214.57:8082
172.96.14.57:8082
172.96.14.57:8089
178.130.40.29:2053
178.130.43.178:2053
185.149.120.187:8089
194.233.94.252:8082
194.233.94.252:8089
194.26.135.99:8089
23.251.33.21:8082
23.251.33.77:8082
37.114.50.155:8082
45.136.6.100:8089
45.137.68.29:8089
45.146.166.58:8082
45.202.35.104:8089
45.59.112.9:8089
52.172.98.7:8089
62.204.41.92:8089
77.232.37.24:2053
77.232.42.21:2053
85.202.163.30:8089
89.110.107.228:2053
89.23.113.125:2053
89.23.113.99:2053
91.92.242.15:8089
91.92.242.166:8089
91.92.249.209:8082
91.92.249.62:50555
93.183.127.56:2053
94.141.120.227:8089
94.141.120.41:8082
94.156.65.36:8089
94.156.67.47:8089
94.156.71.2:8082
103-61-224-217.cprapid.com
185-149-120-187.cprapid.com
194-233-94-252.cprapid.com
2024.pythr.net
access.pythr.net
admin.propertiesbecho.com
admin.pythr.net
amazonexpress.shop
analytic.pythr.net
analytics.pythr.net
anyconnect.pythr.net
api.pythr.net
aramex-online.cc
back-dev.hook.app.br
beyondnet.work
billigtankstellen.eu
cfzykwwwwwwwwwwwwvirtualstudent.pythr.net
chart.pythr.net
clientesvpn.pythr.net
cloud.pythr.net
connect.pythr.net
dashboard.pythr.net
dashboards.ethergases.org
dashboards.pythr.net
demo.ethergases.app
desktopstudent.pythr.net
dev.ethergases.org
dtngbwwwwwwdesktopstudent.pythr.net
ebmail.pythr.net
eehymwwwwp.pythr.net
eksters.net
email.delivery.gotravelproducts.eu
email.delivery.licenseadvice.eu
email.delivery.serwistelefonow.eu
email.delivery.shopholistic.eu
emails.chronoccidentalis.eu
fauowwwwwwwwww1.pythr.net
forecast.ethergases.app
forecast.pythr.net
fortunatitartufi.com
forum.pythr.net
fqdrhwwwpublicsecure.pythr.net
fyblbwwwdesktopstudent.pythr.net
gateway.pythr.net
gatewaycitrix.pythr.net
gatewayrdweb.pythr.net
hocdvsitemaps.pythr.net
ibpacces.site
intel.ethergases.app
intel.pythr.net
intelligence.pythr.net
intra.pythr.net
kfhgwwwwebmail.pythr.net
klkizwp.ethergases.app
kqivbwwwanyconnect.pythr.net
labvirtual.pythr.net
lekjblabvirtual.pythr.net
lnatboxtv.org
login.pythr.net
lohhnwwwssl.ethergases.app
m.pythr.net
mail.back-dev.hook.app.br
mail.pythr.net
manishgoyal.in
matcharelaxblog.com
metric.pythr.net
mobileconnect.pythr.net
online.pythr.net
payments.eksters.net
pcmupwwwvirtualapps.pythr.net
peaqe.dev
post-a.homes
postofficehub.top
publicsecure.pythr.net
rds.pythr.net
rds1.pythr.net
remote.pythr.net
remoto.pythr.net
report.ethergases.org
report.pythr.net
reporting.pythr.net
reports.ethergases.org
reports.pythr.net
ripple.com.ki
sitemaps.ethergases.org
sitemaps.pythr.net
sslvpn.pythr.net
staging.ethergases.org
staging.pythr.net
stats.pythr.net
studentsvpn.pythr.net
sub.beyondnet.work
superset.pythr.net
supersets.pythr.net
tartuber.web42.it
tartufifortunati.com
vbjxzaccess.pythr.net
vdi.pythr.net
vickymilk.tech
virtualstudent.pythr.net
visual.ethergases.app
visual.pythr.net
webmail.pythr.net
wkfhgwwwwebmail.pythr.net
workspace.pythr.net
wp.pythr.net
www1.pythr.net
wwwaccess.pythr.net
wwwadmin.pythr.net
wwwanalytic.pythr.net
wwwanyconnect.pythr.net
wwwapi.ethergases.org
wwwapi.pythr.net
wwwapps.pythr.net
wwwclientesvpn.pythr.net
wwwcloud.pythr.net
wwwcloudapp.pythr.net
wwwdashboard.pythr.net
wwwdemo.ethergases.org
wwwdesktopstudent.pythr.net
wwwethergases.org
wwwforum.pythr.net
wwwgateway.pythr.net
wwwgatewaycitrix.pythr.net
wwwgatewayrdweb.pythr.net
wwwintra.pythr.net
wwwlabvirtual.pythr.net
wwwlogin.pythr.net
wwwm.ethergases.app
wwwmail.pythr.net
wwwmobileconnect.pythr.net
wwwonline.pythr.net
wwwowa.ethergases.org
wwwportal.pythr.net
wwwpublicsecure.pythr.net
wwwpythr.net
wwwrds.pythr.net
wwwrds1.pythr.net
wwwremote.pythr.net
wwwsecure.ethergases.app
wwwsecure.pythr.net
wwwsitemap.pythr.net
wwwsitemaps.ethergases.app
wwwssl.pythr.net
wwwsslvpn.pythr.net
wwwstaging.ethergases.org
wwwstudentsvpn.pythr.net
wwwsuperset.ethergases.app
wwwsuperset.pythr.net
wwwsupersets.pythr.net
wwwtthvlgatewaycitrix.pythr.net
wwwvdi.pythr.net
wwwvirtualstudent.pythr.net
wwwwkfhgwwwwebmail.pythr.net
wwwworkspace.pythr.net
wwwwp.ethergases.org
wwwwp.pythr.net
wwwwww1.pythr.net
wwwwwwacceso.pythr.net
wwwwwwaccess.pythr.net
wwwwwwadmin.ethergases.org
wwwwwwadmin.pythr.net
wwwwwwapp.pythr.net
wwwwwwapps.pythr.net
wwwwwwclientesvpn.pythr.net
wwwwwwcloudapp.pythr.net
wwwwwwconnect.pythr.net
wwwwwwdesktopstudent.pythr.net
wwwwwwethergases.org
wwwwwwfqwvcwwwsslvpn.pythr.net
wwwwwwgateway.pythr.net
wwwwwwmobileconnect.pythr.net
wwwwwwofficevpn.pythr.net
wwwwwwonline.pythr.net
wwwwwwpublicsecure.pythr.net
wwwwwwrds.pythr.net
wwwwwwrds1.pythr.net
wwwwwwremote.pythr.net
wwwwwwsslvpn.pythr.net
wwwwwwvdi.pythr.net
wwwwwwvirtualstudent.pythr.net
wwwwwwwebmail.pythr.net
wwwwwwwkfhgwwwwebmail.pythr.net
wwwwwwwww1.pythr.net
wwwwwwwwwapp.pythr.net
wwwwwwwwwrds.pythr.net
wwwwwwwwwvdi.pythr.net
wwwwwwwwwvirtualstudent.pythr.net
wwwwwwwwwvpnssl.pythr.net
wwwwwwwwwwwwvirtualapps.pythr.net
wwwwwwwwwwwwvirtualstudent.pythr.net
wwwxmofxwwwpublicsecure.pythr.net
wwwzuakeportal.pythr.net
xmofxwwwpublicsecure.pythr.net
zuakeportal.pythr.net

# Reference: https://app.validin.com/detail?find=173.255.204.62&type=ip4&ref_id=04a1ac2c8a9#tab=resolutions

aytoplesit.com
kooktaripa.com
nitraderasolo.com
sbrglobal.net

# Reference: https://x.com/cyberfeeddigest/status/1839660569822945759

http://13.71.109.202
http://154.216.17.81
http://170.106.168.85
http://185.14.45.140
http://185.196.8.189
http://185.196.9.61
http://185.250.38.124
http://193.233.254.71
http://4.210.154.233
http://74.48.78.78
http://77.232.37.106
http://8.215.19.219
http://91.92.244.164
http://91.92.245.165
http://91.92.249.62

# Reference: https://x.com/RacWatchin8872/status/1841069867128029199

http://185.246.223.69
193.233.254.71:8082
74.48.78.78:8082

# Reference: https://x.com/9823f_/status/1841851036870271406
# Reference: https://en.fofa.info/result?qbase64=aWNvbl9oYXNoPSI5MTk4NDU0ODAi

http://154.216.19.53
http://193.26.115.221
http://194.48.251.110
http://194.59.30.56
http://194.59.31.228
http://20.74.80.27
http://206.237.11.24
http://217.147.169.58
http://91.92.241.126
http://94.156.65.62
185.14.45.140:8082

# Reference: https://x.com/9823f_/status/1841858048668623009
# Reference: https://en.fofa.info/result?qbase64=aGVhZGVyPSJTZXQtQ29va2llOiBlcm1hY19zZXNzaW9uIg==

103.61.224.217:8089
109.120.187.204:8089
14.175.88.192:8089
14.176.6.164:8089
142.171.135.103:8089
147.45.154.229:8089
147.45.47.40:8089
147.45.47.46:8089
147.78.103.174:8089
147.78.103.222:8089
154.216.19.53:8089
154.39.94.18:8089
154.61.76.242:8089
178.236.246.210:8089
185.186.25.247:8089
185.196.8.70:8089
185.196.9.187:8089
185.196.9.222:8089
185.249.227.249:8089
185.250.45.130:8089
185.39.204.48:8089
193.124.205.73:8089
193.218.190.21:8089
193.218.190.22:8089
193.222.96.25:8089
193.233.254.28:8089
193.233.254.54:8089
193.233.255.253:8089
194.26.192.87:8089
194.33.191.202:8089
194.48.251.136:8089
2.59.135.182:8089
212.80.7.76:8089
4.233.219.149:8089
40.89.179.195:8089
41.216.188.83:8089
45.144.29.47:8089
46.101.125.220:8089
52.172.40.40:8089
52.252.138.133:8089
64.227.41.169:8089
77.91.68.183:8089
91.151.93.18:8089
91.92.240.238:8089
91.92.241.46:8089
91.92.242.244:8089
91.92.243.214:8089
91.92.244.42:8088
91.92.245.217:8089
91.92.246.222:8089
91.92.250.42:8089
91.92.252.193:8089
93.123.39.27:8089
93.123.39.29:8089
94.156.166.105:8089
94.156.66.12:8089
94.156.67.160:8089
94.156.8.11:8089
94.156.8.227:8089
94.156.8.245:8089

# Reference: https://app.validin.com/detail?type=raw&find=ERMAC+3.0+PANEL#tab=host_pairs_v2

http://142.171.135.103
http://147.45.152.159
http://154.61.76.242
http://163.5.215.217
http://185.196.9.222
http://185.196.9.52
http://185.216.70.139
http://185.39.204.48
http://193.218.190.21
http://194.26.192.87
http://198.44.178.127
http://31.172.87.45
http://46.101.125.220
http://64.23.184.116
http://89.223.65.58
http://91.245.255.123
http://91.92.245.217
propertiesbecho.com

# Reference: https://app.validin.com/detail?find=Universe%201.0&type=raw&ref_id=b7e8f740020#tab=host_pairs_v2

http://194.59.30.105
http://194.59.30.174
http://194.59.30.80
http://2.58.56.107
http://20.199.18.204
http://4.240.114.77
http://45.148.244.2
http://91.92.240.59
http://91.92.245.112

# Reference: https://app.validin.com/detail?find=ERMVK%20PVNEL&type=raw&ref_id=196c3716945#tab=host_pairs_v2

http://116.203.243.157
http://135.181.197.225
http://149.13.5.176
http://149.248.77.107
http://158.220.99.196
http://159.100.14.22
http://162.0.226.235
http://162.0.226.236
http://163.123.143.8
http://163.5.169.4
http://163.5.64.8
http://185.103.101.221
http://185.167.99.238
http://185.225.73.155
http://185.238.170.184
http://185.240.104.122
http://193.149.180.148
http://193.164.4.195
http://193.233.255.255
http://193.57.41.236
http://194.105.5.163
http://194.180.48.36
http://194.33.191.101
http://2.59.119.40
http://20.127.189.217
http://20.171.27.13
http://20.54.82.231
http://207.180.210.70
http://27.0.235.26
http://38.147.172.130
http://4.231.233.58
http://45.128.96.107
http://45.140.146.127
http://45.61.133.179
http://45.77.251.218
http://5.161.220.248
http://5.42.92.111
http://51.103.213.218
http://51.81.69.84
http://51.83.229.250
http://62.171.172.103
http://66.29.133.198
http://77.105.147.129
http://77.105.161.131
http://78.135.85.118
http://78.140.183.96
http://82.115.223.154
http://87.98.185.234
http://89.110.77.49
http://89.213.56.192
http://89.23.117.31
http://91.92.242.247
http://91.92.243.73
http://91.92.249.35
http://95.214.24.217
sdfdgggfffff.top
cdn.sdfdgggfffff.top
idc-91-120-212-116.hkt.cc

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs_v2

chronopostl.rest
chronoposto.pics
chronopostp.rest
chronopostx.lat
pools-eth.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

http://104.238.57.79
http://13.71.115.243
http://13.79.34.148
http://147.45.44.159
http://147.45.50.109
http://154.216.18.241
http://154.216.18.31
http://154.216.19.141
http://154.216.19.142
http://158.220.102.122
http://159.100.30.69
http://159.65.147.237
http://172.167.126.75
http://172.96.142.69
http://185.185.70.1
http://185.196.9.99
http://185.36.140.204
http://194.87.31.220
http://4.234.97.238
http://45.141.149.186
http://5.42.92.214
http://52.140.16.178
http://52.236.34.161
http://54.215.126.153
http://85.192.49.163
http://87.120.115.5
http://87.120.117.119
http://89.23.101.69
http://89.23.115.35
http://91.92.251.205
http://94.103.125.14
http://95.164.119.188
147.139.198.60:50555
170.106.168.85:50555
45.88.88.78:50555
45.89.247.153:50555
85.209.11.193:45051
94.156.166.34:8083

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs_v2 (# 2024-10-15)

http://172.104.182.4
http://62.72.30.188
http://91.92.243.5
http://97.107.135.127
97-107-135-127.ipv4.staticdns3.io
chronopostn.rest
chronopostn.top
chronoposts.mom
chronopostz.pics
muckernet.com
us-ps-cp.life
uspscc.help
uspsccs.top
uspsgc.life

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs_v2 (# 2024-10-16)

astrumanalytics.com
bamgup.com
casanpolo.cfd
check-manageinfo6368.cfd
cofirmationbookingreservation.com
promobhai.com
theholidaynft.com
treema.io

# Reference: https://app.validin.com/detail?find=9fff643ff8b9d71459fba15cab2c93f5&type=hash&ref_id=f08f45bfaac#tab=host_pairs (# 2024-11-03)

http://13.60.214.163
http://154.216.19.183
http://154.216.20.57
http://157.66.197.221
http://185.203.67.26
http://217.107.219.171
http://31.220.49.60
http://45.149.241.43
http://45.88.88.58
http://51.120.1.97
http://81.177.140.60
http://87.120.116.49
http://92.113.144.56
http://92.113.27.107
alfuttaimcarsc.com
srv1.prady.in
utku.vps.webdock.cloud
vmtaq043.directiq.com

# Reference: https://x.com/f3d__/status/1853393244324786412
# Reference: https://www.virustotal.com/gui/file/8b58755b347ab770d2be55ed4558c412d6968bbf7ea1665f21a916b3151d27e9/detection

154.216.20.57:3434

# Reference: https://x.com/DarkWebInformer/status/1855058432816001205

http://167.179.115.106
http://195.10.205.144
http://87.120.117.193

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

http://104.156.231.92
http://158.69.41.123
http://159.223.204.189
http://185.239.239.147
http://20.197.227.88
http://20.244.82.63
http://3.80.41.78
http://31.13.224.233
http://37.220.31.58
http://38.180.242.206
http://43.130.252.32
http://87.120.125.100
http://91.214.78.197
154.223.21.234:50555
193.233.113.179:50555
37.60.251.9:3000
45.149.241.15:50555
45.149.241.241:50555
45.149.241.78:50555
87.121.86.108:50555
94.141.122.177:50555
94.141.122.98:50555

# Reference: https://x.com/DaveLikesMalwre/status/1856867578070929693

http://145.223.73.54

# Reference: https://x.com/DaveLikesMalwre/status/1857555894944342385

http://154.216.16.91
http://46.250.233.59
http://78.142.18.150

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2024-11-29)

http://13.91.109.227
http://154.203.197.209
http://154.216.20.73
http://185.196.9.228
http://193.143.1.4
http://20.3.243.37
http://217.114.43.131
http://31.13.224.82
http://39.109.117.207
http://5.42.92.153
http://52.140.39.118
http://64.95.12.254
http://77.37.67.41
http://87.120.114.192
http://87.251.78.130
5pethsop332.com
6pethsop332.com
adnndlga23cm.com
adyesksockcem3421.com
agromojica.com
airdrop-sel.io
alkentbartkert1231.com
biastup.io
carw.io
cloud-xyz.shop
coam.world
cosam.world
coza.world
czshw.com
debrldge.finance
home8.bet
mutesksek3421.com
operture.finance
paveyourpath.tech
saco.world
sacos.world
uninstallerplg.cloud
zaco.world

# Reference: https://app.validin.com/detail?find=ERMVK%20PVNEL&type=raw#tab=host_pairs (# 2024-11-29)

http://193.233.254.6
http://35.220.233.161
http://45.158.14.11
http://80.71.157.141
45-158-14-11.hostlab.net.tr
ax-access.cloud

# Reference: https://app.validin.com/detail?find=Universe%201.0&type=raw#tab=host_pairs (# 2024-11-29)

apredirect.com
freetraiding.com
lushiuop.com

# Reference: https://app.validin.com/detail?find=LOOT%201.0&type=raw#tab=host_pairs (# 2024-11-29)

http://191.96.245.214

# Reference: https://app.validin.com/detail?find=QUANT%C4%B0UM%20PANEL&type=raw&ref_id=cf1a192b137#tab=host_pairs (# 2024-11-29)

http://154.216.17.144
clebervidros.com
infinitymort.com

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2024-12-15)

http://107.175.48.27
http://138.124.91.167
http://154.216.19.217
http://160.30.45.213
http://172.96.161.26
http://174.138.25.54
http://176.126.103.94
http://217.114.43.105
http://89.34.219.183
http://95.215.108.115
172-96-161-26.cprapid.com
admin.woocloud.vip
coinlite.vip
giish.com
inndata.xyz
woocloud.vip
selaras-stage-backend.inndata.xyz
selaras-stage-web.inndata.xyz
sonar.inndata.xyz

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2024-12-16)

http://104.194.132.226
http://104.194.133.46
http://109.207.171.157
http://139.180.157.93
http://161.35.131.228
http://166.0.184.122
http://172.96.142.233
http://172.96.160.147
http://193.233.113.191
http://193.233.202.129
http://195.14.123.133
http://195.191.218.14
http://213.176.93.142
http://41.216.183.215
http://43.255.158.18
http://45.126.125.227
http://45.148.28.83
http://45.154.98.56
http://45.200.149.27
http://5.182.86.34
http://5.199.166.68
http://5.252.153.38
http://87.120.112.16
http://87.120.116.185
http://87.120.126.157
http://87.121.86.138
http://89.169.52.134
http://91.214.78.77
http://98.142.250.19
135.181.53.166:2222
147.45.47.204:50555
194.87.45.67:443
45.151.62.158:443
77.91.66.68:8080
78.153.139.54:443
87.121.86.118:50555
94.141.120.166:45051
94.141.120.170:45051

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2024-12-17)

http://104.194.85.163
http://143.198.72.191
http://154.216.20.108
http://160.187.246.117
http://172.105.53.163
http://18.117.226.96
http://194.233.74.255
http://195.191.218.27
http://91.92.246.45
http://93.127.175.11
awo.vps.webdock.cloud
coltiecotti.com
confetturecoltiecotti.com
correoradio.top
ec2-18-117-226-96.us-east-2.compute.amazonaws.com
fortunatitartufi.it
nexcall.tech
palworlditalia.xyz
pos-may.top
saimonyz.sbs
speedsup.cyou
tartufiefunghi.com
tartufifortunati.it
upsusa.click
webdock.cloud

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2024-12-30)

http://108.181.201.168
http://147.45.48.130
http://154.216.16.81
http://154.216.19.101
http://154.216.20.210
http://154.216.20.225
http://154.64.244.69
http://154.83.16.8
http://165.154.235.103
http://185.11.61.95
http://193.233.202.249
http://194.26.192.101
http://194.26.192.109
http://194.26.192.193
http://194.26.192.200
http://194.26.192.29
http://194.26.192.75
http://2.58.56.150
http://207.32.217.164
http://45.11.181.13
http://45.154.98.11
http://45.154.98.29
http://45.154.98.70
http://45.94.31.48
http://45.94.31.93
http://47.236.2.164
http://78.153.149.187
http://87.121.86.244
194.26.192.29.sslip.io
comancerom123komancero.xyz
comanceromkomancero.xyz
vadapav.mov

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

http://194.26.192.21
http://2.58.56.217
http://202.95.12.234
http://217.28.222.103
http://31.59.114.219
http://45.200.148.209
http://46.249.100.24
http://87.120.127.237
http://91.107.146.68
31.59.114.219:8082

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2025-01-17)

http://147.93.98.67
http://20.169.230.2
http://23.94.153.130
http://3.91.190.163
http://87.120.115.7
http://91.107.126.63
http://91.107.219.231
http://98.70.54.204
2ajeeps.info
annetteborn.info
brabue.info
brabuk.info
nftgamewatch.info
officialfastvpnbot.online
autoconfig.srv695367.hstgr.cloud
corpo-saudavel-academia-br.com
ec2-3-91-190-163.compute-1.amazonaws.com
ipv6.srv695367.hstgr.cloud
marzban.officialfastvpnbot.online
srv695367.hstgr.cloud
webdisk.srv695367.hstgr.cloud
webmail.srv695367.hstgr.cloud

# Reference: https://app.validin.com/detail?find=ERMVK%20PVNEL&type=raw#tab=host_pairs (# 2025-01-17)

http://178.215.224.65
http://18.170.59.177
http://31.56.60.49
http://81.161.238.225
http://94.156.167.70

# Reference: https://app.validin.com/detail?find=9fff643ff8b9d71459fba15cab2c93f5&type=hash#tab=host_pairs

http://103.234.54.44
http://172.93.100.16
http://178.215.224.138
http://213.176.94.228
http://45.132.181.170
http://85.31.47.121
http://94.103.125.49
cool-mclaren.154-216-18-93.plesk.page
h5.httt888999.top
httt888999.top
nice-raman.154-216-18-93.plesk.page
nyc-7900-01.sour.host
panel.sour.host
pixelize.cloud
sour.host
sumup.live
weedbet.online

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2025-01-25)

cheapgamekeys.store
panel.zackaria.net
node1.playpokeninjas.com
194-59-31-25.cprapid.com
apri.194-59-31-25.cprapid.com

# Reference: https://www.virustotal.com/gui/file/e578094837ef57de94414604d6a39a7966929dc04a693f20244db66fecdfdc98/detection

147.45.47.46:3434

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2025-02-06)
# Reference: https://www.virustotal.com/gui/ip-address/80.76.51.200/relations

http://156.253.228.10
http://156.253.228.8
http://167.71.76.68
http://168.119.231.132
http://176.65.134.52
http://176.65.142.35
http://185.150.189.29
http://195.177.95.146
http://37.27.248.226
http://45.81.113.4
http://80.76.51.200
chat.pythondeveloperonline.ir
comitia.online
omatomo.pp.ua
schwabverify.com
schwabvisit.com
static.132.231.119.168.clients.your-server.de
static.226.248.27.37.clients.your-server.de
wallet-fantom.com

# Reference: https://x.com/malwrhunterteam/status/1906123266399388069
# Reference: https://app.validin.com/detail?type=raw&find=HOOKBOT+LOGIN#tab=host_pairs (# 2025-03-31)
# Reference: https://www.virustotal.com/gui/file/d96f2530c7dc4073445b808566b55e07ac825b0f30d53ca7922b43d0bc0ebf6d/detection

http://109.120.137.86
http://185.100.157.253
http://193.164.5.85
http://194.26.192.51
http://195.26.227.219
http://195.35.56.181
http://196.251.71.184
http://196.251.72.110
http://213.209.150.182
http://31.177.109.72
http://45.125.66.45
http://45.149.241.113
http://45.87.120.60
http://77.91.66.79
http://79.132.130.92
http://87.120.112.35
http://89.23.98.206
http://89.34.219.182
185.100.157.253:8082
balancefitnow.com
crafttopcareer.com
eventtryzauber.com
lighteasysys.com
loversprouk.com
reluxe.site
skillupbest.com
studyprosmart.com
yogabestfit.com

# Reference: https://app.validin.com/detail?find=ERMVK%20PVNEL&type=raw#tab=host_pairs (# 2025-04-08)

http://103.245.231.9
http://176.65.137.225
http://176.65.141.66
http://176.65.144.131
http://196.251.112.193
http://20.199.76.181
http://95.215.206.172
103.245.231.9:8000
176.65.137.225:8081
176.65.141.66:8081
176.65.144.131:8081
196.251.112.193:8081
20.199.76.181:8081
95.215.206.172:27017
95.215.206.172:8081

# Reference: https://app.validin.com/detail?find=Universe%201.0&type=raw#tab=host_pairs (# 2025-04-08)

http://154.205.148.129
http://94.156.128.164
154.205.148.129:8000
154.205.148.129:8082
154.205.148.129:8089

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2025-04-08)

http://103.68.195.14
http://109.120.137.254
http://145.223.27.96
http://154.201.71.218
http://156.238.247.236
http://156.244.9.190
http://156.253.228.5
http://160.187.1.114
http://176.65.137.47
http://176.65.141.187
http://176.65.143.191
http://178.128.157.196
http://185.125.50.116
http://188.132.130.71
http://196.251.118.6
http://196.251.71.185
http://196.251.72.231
http://196.251.83.134
http://196.251.83.237
http://203.159.90.115
http://209.145.47.90
http://213.209.150.193
http://213.209.150.236
http://31.59.131.10
http://38.180.132.32
http://4.197.75.190
http://43.224.227.246
http://45.141.233.64
http://45.150.34.163
http://45.33.122.33
http://45.83.143.163
http://45.88.186.129
http://45.88.76.89
http://51.222.110.148
http://65.109.209.214
http://66.42.94.244
http://67.205.129.1
http://77.239.124.129
http://83.147.38.248
http://87.120.166.174
http://91.103.253.107
91.103.253.107.sslip.io
cloudconnect-auth0.top
inspiring-booth.213-209-150-236.plesk.page
jin11.xiaodong88.cn
olicontrollhub.com
quanmingl.com
reciprocalig.com
sandbox.vinixglobal.com
webmail.cloudconnect-auth0.top
worldnewscoin.com

# Reference: https://www.virustotal.com/gui/file/75f42606987885c36a1576c06ec0e012967bd7e4c03f5754d967575da43589b4/detection

176.65.138.18:3434

# Reference: https://app.validin.com/detail?find=ERMVK%20PVNEL&type=raw#tab=host_pairs (# 2025-05-03)

http://146.59.161.204
http://154.216.16.39
http://165.22.17.157
http://176.57.188.16
http://176.65.140.166
http://193.203.160.121
http://20.240.184.170
http://20.54.80.208
http://45.141.233.171
193-203-160-121.cprapid.com
escrowbotpage.com
mail.srv782461.hstgr.cloud

# Reference: https://threatfox.abuse.ch/browse/malware/apk.hook/ (# 2025-05-04)

http://103.245.231.10
http://138.124.90.180
http://139.99.25.131
http://142.202.240.137
http://144.172.89.56
http://144.91.124.44
http://154.201.84.85
http://154.26.208.209
http://154.61.74.64
http://154.61.80.193
http://159.65.150.68
http://161.97.187.28
http://176.117.68.103
http://176.65.134.159
http://176.65.134.208
http://176.65.137.202
http://176.65.137.229
http://176.65.138.18
http://176.65.138.231
http://176.65.144.237
http://185.177.239.211
http://185.196.10.54
http://185.196.8.68
http://185.208.159.36
http://194.26.192.33
http://194.59.31.189
http://194.59.31.82
http://196.251.66.190
http://196.251.87.16
http://196.251.88.44
http://202.131.82.167
http://207.148.127.73
http://213.209.150.234
http://45.204.218.173
http://45.66.228.169
http://45.79.191.168
http://82.147.85.160
http://83.217.209.87
http://85.239.151.121
http://87.120.115.20
http://91.211.248.206
http://91.211.250.233
http://91.92.46.8
http://93.123.109.246
http://93.127.132.185
http://94.131.121.103
http://95.163.153.245
103.234.54.34:8082
103.234.54.44:8082
103.245.231.10:8089
103.249.132.85:8082
103.68.195.14:8082
103.68.195.14:8089
103.74.100.219:8082
104.245.241.28:8089
107.175.48.27:8082
107.175.48.27:8089
107.189.17.103:8082
107.189.27.82:8082
128.85.35.78:8089
13.60.67.41:8082
134.122.169.74:8082
138.124.54.133:8089
138.124.91.167:8089
138.124.91.168:8082
139.99.25.131:8082
139.99.25.131:8089
141.98.115.179:8082
144.172.74.153:8082
144.172.89.56:8082
144.91.124.44:8082
146.190.101.102:8082
147.45.45.231:8082
147.45.45.83:8082
147.45.47.204:8089
147.45.48.130:8089
147.45.51.238:2053
147.93.68.200:8082
150.109.109.4:8089
154.201.71.218:8082
154.201.71.218:8089
154.216.18.93:8089
154.26.208.209:8089
154.61.80.193:8082
154.61.80.193:8089
154.83.16.8:8082
154.83.16.8:8089
156.224.29.253:8082
156.238.247.236:8082
156.238.247.236:8089
156.244.9.190:8089
156.253.228.10:8089
156.253.228.17:8080
156.253.228.17:8081
156.253.228.17:8082
156.253.228.27:8089
156.253.228.55:8089
156.253.228.5:8089
156.253.228.8:8089
159.65.150.68:8082
160.187.1.114:8082
160.187.1.114:8089
161.97.187.47:8082
167.71.76.68:8089
171.22.31.46:8089
172.247.189.117:8089
172.96.142.233:8082
172.96.142.233:8089
172.96.160.147:8082
172.96.160.147:8089
172.96.161.26:8082
172.96.161.26:8089
174.138.25.54:8089
176.126.103.94:8082
176.126.103.94:8089
176.65.134.158:50555
176.65.134.158:8089
176.65.134.159:8089
176.65.134.208:8089
176.65.134.239:8089
176.65.134.52:8089
176.65.134.77:8089
176.65.134.78:8089
176.65.137.229:8082
176.65.137.229:8089
176.65.137.47:8089
176.65.138.18:8082
176.65.138.18:8089
176.65.138.82:8089
176.65.140.68:8089
176.65.141.167:8089
176.65.141.187:8089
176.65.141.72:8089
176.65.142.118:8089
176.65.142.198:8089
176.65.142.35:8089
176.65.143.79:8089
176.65.144.237:8089
176.65.144.250:8082
176.97.67.5:8089
178.20.209.25:8089
178.250.186.50:8082
18.170.59.177:8082
181.41.201.188:2053
185.100.157.188:8082
185.100.157.87:8082
185.121.234.97:2053
185.125.50.116:8089
185.147.124.227:45051
185.147.124.236:45051
185.147.124.36:45051
185.147.125.101:45051
185.161.251.118:2053
185.177.239.131:8082
185.177.239.214:8082
185.196.10.54:8089
185.196.8.68:8089
185.196.9.228:3000
185.196.9.228:8089
185.208.159.36:8082
185.39.206.11:8089
188.132.130.71:8089
191.96.245.214:8089
192.238.133.237:8089
192.238.133.242:8089
193.180.208.141:8089
193.232.179.46:45051
193.233.113.191:8089
193.233.254.121:2053
193.233.254.132:2053
193.233.254.46:8082
193.233.254.9:2053
193.35.17.242:8082
193.35.17.242:8089
194.233.79.11:8082
194.26.192.200:8082
194.26.192.29:8082
194.26.192.29:8089
194.26.192.33:8082
194.59.30.152:8089
194.59.31.59:8089
194.59.31.77:8089
195.10.205.179:8089
195.14.123.133:8089
195.177.94.87:8089
195.177.95.146:8089
195.177.95.98:8089
195.191.218.14:8089
195.191.218.27:8089
196.251.66.190:8082
196.251.70.173:8089
196.251.83.134:8080
196.251.83.134:8089
196.251.83.237:8089
196.251.87.16:8082
196.251.87.16:8089
196.251.88.44:8089
2.59.117.173:8089
20.191.194.222:3000
20.191.194.222:8089
20.197.42.180:8082
20.3.243.37:8089
202.95.12.234:8089
203.159.90.115:8089
209.145.47.90:8089
209.250.231.116:8089
212.34.143.220:2053
212.86.115.210:8089
213.159.68.41:8082
213.176.94.228:8082
213.209.150.181:8089
213.209.150.182:8089
213.209.150.193:8089
213.209.150.234:50555
213.209.150.234:8089
213.209.150.236:8089
217.114.43.105:8089
217.114.43.131:8082
217.78.237.78:8082
23.94.153.130:8082
23.94.153.130:8089
27.124.4.217:50555
27.124.4.217:8089
27.124.4.223:50555
27.124.4.223:8089
27.124.4.224:50555
27.124.4.224:8089
31.177.109.154:2053
31.177.110.65:2053
31.59.114.219:8089
31.59.131.10:8082
31.59.131.10:8089
37.60.238.252:50000
39.109.117.207:8082
39.109.117.207:8089
4.196.180.3:8082
4.197.75.190:3000
4.197.75.190:8089
41.216.183.215:8089
42.51.42.243:8089
43.224.227.246:8082
43.224.227.246:8089
45.125.66.45:8089
45.126.125.227:8082
45.134.39.5:8089
45.141.233.172:50555
45.141.233.172:8089
45.144.52.189:8082
45.148.28.83:8089
45.150.34.163:8082
45.150.34.163:8089
45.150.34.182:50555
45.150.34.182:8089
45.150.34.183:8082
45.200.148.209:8089
45.202.32.96:8089
45.204.218.173:8089
45.207.197.14:8089
45.38.42.190:50555
45.38.42.190:8089
45.45.217.148:8089
45.66.228.169:8089
45.77.140.9:8089
45.83.143.163:8089
45.88.186.129:8082
45.88.186.129:8089
46.250.253.252:8082
47.76.203.143:8089
5.182.86.34:8089
5.199.166.68:8089
5.252.153.32:8082
5.252.155.84:50555
5.252.155.84:8089
5.42.92.85:8082
51.222.110.148:8089
52.140.39.118:8089
52.74.224.241:443
62.133.60.136:2053
62.133.60.161:2053
62.133.63.112:443
62.133.63.114:443
62.60.233.240:443
62.60.238.149:8089
65.109.176.86:50555
65.109.176.86:8089
67.205.129.1:8089
72.5.42.42:8089
77.105.161.131:8089
77.110.106.151:8089
77.220.212.173:8089
77.239.124.129:8080
78.142.18.150:8089
80.76.51.139:8089
81.161.238.225:8082
82.147.84.26:8082
82.147.85.160:8089
83.217.209.186:8082
83.217.209.65:50555
83.217.209.65:8089
83.217.209.91:8082
87.120.115.20:8089
87.120.115.7:8089
87.120.116.185:8089
87.120.166.174:8089
87.251.78.130:8082
91.103.252.97:8089
91.107.126.63:8089
91.107.146.68:8082
91.107.146.68:8089
91.107.219.231:8082
91.107.219.231:8089
91.214.78.18:8082
91.92.46.192:8082
91.92.46.8:8082
91.92.46.8:8089
92.118.112.28:2053
92.255.85.21:45051
93.123.109.246:8089
93.127.132.185:8082
93.183.91.123:2053
94.103.125.49:8089
94.131.121.103:8082
94.26.90.237:8089
95.163.176.80:8082
95.215.108.115:8089
95.217.60.176:45051
95.70.159.193:8089
98.70.54.204:8089
98.70.55.20:8082
103-195-4-94.cloud-xip.com
104.194.85.163.16clouds.com
62.133.63.114.sslip.io
78.153.130.17.sslip.io
82-147-85-160.networktube.net
194-59-30-152.cprapid.com
aa.charming-feistel.194-26-192-29.plesk.page
advath.socalmediazone.com
akkiosk.org
amazon.sacos.world
api.runeverse.tools
auth.echelonai.world
autodiscover.efcommxerce.ru
autodiscover.pe.194-59-30-152.cprapid.com
autodiscover.srv782461.hstgr.cloud
autodiscover.sumup.live
bgptools-wildcard-confirmed.duocphamhoanghuonghh.com
blinkory.shop
bmjpaperpqck.com
bookings.odoc.life
bouldercountymedicarehelp.org
charming-feistel.194-26-192-29.plesk.page
checkthem.cc
cn.mhknex555.com
codetryuk.com
coms-gs.com
cozamosa13.com
cpanel.efcommxerce.ru
cpanel.pf.194-59-30-152.cprapid.com
cpcalendars.efcommxerce.ru
cpcalendars.pd.194-59-30-152.cprapid.com
cpcalendars.sumup.live
cpcontacts.efcommxerce.ru
cpcontacts.sumup.live
documents.aruba.cloudconnect-auth0.top
domzblueman.online
ec2-13-213-182-135.ap-southeast-1.compute.amazonaws.com
ec2-13-250-199-140.ap-southeast-1.compute.amazonaws.com
ec2-13-251-180-166.ap-southeast-1.compute.amazonaws.com
ec2-18-138-195-208.ap-southeast-1.compute.amazonaws.com
ec2-18-142-232-246.ap-southeast-1.compute.amazonaws.com
ec2-18-143-214-68.ap-southeast-1.compute.amazonaws.com
ec2-3-1-228-240.ap-southeast-1.compute.amazonaws.com
ec2-47-128-167-206.ap-southeast-1.compute.amazonaws.com
ec2-52-74-224-241.ap-southeast-1.compute.amazonaws.com
ec2-54-251-124-7.ap-southeast-1.compute.amazonaws.com
echelonai.world
ecoprohaven.com
efcommxerce.ru
elastic-merkle.194-26-192-207.plesk.page
extrawol.top
files.cloudconnect-auth0.top
gifted-ellis.142-202-240-137.plesk.page
gifted-ellis.194-26-192-51.plesk.page
grswjp.com
halvanebrat.shop
hook.dayangpay.com
inform-gain.sbs
ip.count6.group-bau.com
ip122.ip-51-195-231.eu
ip131.ip-139-99-25.net
ipv6.172-96-161-26.cprapid.com
ipv6.194-59-30-152.cprapid.com
jin13.xiaodong88.cn
kardden.io
lai.lioet.art
lisanscheck.online
login.socalmediazone.com
magical-shockley.156-253-228-19.plesk.page
mail.185-196-8-68.cprapid.com
mail.efcommxerce.ru
mail.pf.194-59-30-152.cprapid.com
memedex.finance
miao.qr-share.online
modtuning.world
msfed.socalmediazone.com
nationwidedirectlender.org
nhmhnhnmnh.net
o.socalmediazone.com
objective-mayer.51-195-231-122.plesk.page
office.socalmediazone.com
pd.194-59-30-152.cprapid.com
pf.194-59-30-152.cprapid.com
qr-share.online
quirkypickle.world
react.socalmediazone.com
relyheins.org
runeverse.tools
sharp-driscoll.194-26-192-101.plesk.page
simplepifj.world
smartinnovatte.com
sms.qr-share.online
strange-spence.51-195-231-122.plesk.page
sunsetgrove.world
techniccell.click
thequestforkn.top
tocion.com
topics22.live
touchstonesinvestments.com
trumpboost.com
trumpboost.pro
trumpboost.vip
trumpsbtc.com
v279259.hosted-by-vdsina.com
veltyzo.shop
verifier.carw.io
video.proxbotpy.com
web.mhknex555.com
webdisk.p2.194-59-31-47.cprapid.com
webdisk.sumup.live
webmail.efcommxerce.ru
wp1.woocloud.vip
zzindex.lisanscheck.online

# Reference: https://app.validin.com/detail?find=5d17fbecdbd631b16214c7d7d0d71ff9&type=hash&ref_id=575346a1546#tab=host_pairs (# 2025-05-21)

45-141-233-103.cprapid.com
api.goretep.com
createvents.ddadev.co.uk
dermai.in
dotfoods.socalmediazone.com
lfbproductions.org
mersh.co
moderation-x.com
ns2.danceworldjoy.com
sci.socalmediazone.com
smusxath.socalmediazone.com

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw#tab=host_pairs (# 2025-06-02)

socalmediazone.com
bokepjav86.otzo.com
ulgroup.socalmediazone.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

http://124.222.111.244
http://13.60.202.169
http://14.225.33.238
http://146.70.113.188
http://147.45.78.188
http://15.204.95.228
http://15.223.185.126
http://159.223.73.228
http://159.65.230.103
http://16.171.253.150
http://165.22.248.142
http://167.172.244.201
http://172.111.148.131
http://172.174.239.189
http://172.86.110.217
http://18.132.191.71
http://185.130.213.219
http://185.39.207.117
http://188.166.174.146
http://188.166.205.148
http://192.142.18.32
http://192.236.177.2
http://194.164.93.107
http://20.124.80.116
http://20.124.86.1
http://20.255.61.139
http://20.3.249.45
http://20.55.31.188
http://212.192.12.110
http://212.224.86.165
http://23.95.247.249
http://27.102.128.199
http://3.135.219.5
http://3.148.223.152
http://3.35.26.26
http://3.86.154.189
http://3.91.134.143
http://34.134.221.76
http://34.9.238.133
http://35.159.245.137
http://35.183.37.202
http://35.202.0.75
http://35.87.10.168
http://37.252.19.120
http://37.27.89.195
http://4.236.186.94
http://40.127.74.195
http://40.68.206.54
http://44.211.135.190
http://45.129.3.177
http://5.181.159.73
http://51.81.171.234
http://52.14.71.8
http://52.169.163.36
http://52.224.246.136
http://54.227.80.194
http://54.95.208.190
http://79.72.19.74
http://79.72.70.85
http://85.23.46.61
http://88.218.0.194
http://96.9.125.165
103.116.8.240:50555
154.90.54.98:50555
156.238.245.37:50555
176.65.144.114:50555
185.39.19.36:45051
213.209.150.192:50555
45.130.145.30:45051
45.141.233.43:50555
45.204.193.80:50555
85.192.48.2:50555

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

http://103.195.190.49
http://104.248.194.142
http://107.150.0.27
http://121.127.231.161
http://121.127.231.163
http://121.127.231.198
http://13.60.67.41
http://134.122.200.75
http://134.122.200.96
http://134.122.200.98
http://138.124.123.253
http://141.98.6.13
http://144.91.94.147
http://152.42.138.246
http://154.198.49.116
http://154.61.80.43
http://156.238.243.16
http://156.254.127.171
http://159.65.229.135
http://160.30.45.118
http://160.30.45.131
http://166.88.225.57
http://171.22.31.46
http://172.105.74.13
http://172.86.105.40
http://172.94.96.122
http://173.212.200.244
http://176.65.140.135
http://176.65.140.223
http://176.65.140.224
http://185.39.206.11
http://193.149.190.193
http://196.251.80.35
http://196.251.81.62
http://196.251.86.58
http://198.7.115.133
http://202.158.249.27
http://206.206.126.216
http://209.38.142.255
http://212.86.115.210
http://44.211.217.70
http://45.128.233.99
http://45.134.39.5
http://45.141.233.103
http://45.144.53.255
http://45.207.212.160
http://45.207.212.81
http://45.207.212.9
http://45.45.217.148
http://45.74.10.14
http://45.76.61.214
http://45.79.214.249
http://51.79.190.129
http://52.170.114.106
http://74.235.58.46
http://75.127.89.38
http://77.110.106.151
http://89.34.219.179
http://94.141.122.175
45.150.34.112:50555
45.74.16.202:50555
80.64.19.55:45051
83.217.209.171:50555
85.208.84.20:45051
85.208.84.56:45051

# Reference: https://app.validin.com/detail?find=HOOKBOT%20PANEL&type=raw&ref_id=c2adc236937#tab=host_pairs (# 2025-08-09)

http://103.68.195.150
http://103.74.101.88
http://147.93.110.242
http://147.93.84.61
http://164.92.127.11
http://185.250.148.168
http://192.110.165.89
http://31.97.130.234
http://45.221.64.110
http://46.202.166.197
http://51.195.231.122
http://69.62.70.60
http://69.62.83.178
http://72.5.42.164
http://77.37.68.232
http://93.127.142.157
51.195.231.122:8082
aafastservice.top
ambankgroup.icu
ambankgroup.top
app.coracaoazul.com
autoconfig.srv782461.hstgr.cloud
cpanel.srv782461.hstgr.cloud
cpcalendars.srv782461.hstgr.cloud
cpcontacts.srv782461.hstgr.cloud
duocphamhoanghuonghh.com
etraining-danilo.smartbit.co.jp
freedma.cc
growthe-newse.sbs
imtoken.boats
ipv6.srv782461.hstgr.cloud
jin15.xiaodong88.cn
knabber.top
lspga.top
market-newse.sbs
mbaradio.lbnipradio.com
ns1.admicwneiu.net
ns2.admicwneiu.net
omnivva.shop
pasotslv.click
pasotslv.shop
pastsslv.shop
pasttslv.blog
pasttslv.click
pumpit.money
rootforce.space
satania.tech
srv782461.hstgr.cloud
trumpcoin.zone
trumpcoins.zone
trumps.gives
trumps.zone
votrecellulaire.cam
webdisk.srv782461.hstgr.cloud
webmail.srv782461.hstgr.cloud
whm.srv782461.hstgr.cloud

# Reference: https://hunt.io/blog/ermac-v3-banking-trojan-source-code-leak

http://141.164.62.236
http://206.123.128.81
http://43.160.253.145
http://91.92.46.12
121.127.231.161:8082
121.127.231.163:8082
121.127.231.198:8082
172.191.69.182:8089
20.162.226.228:8089
43.160.253.145:8080
43.160.253.145:8089
5.188.33.192:443
98.71.173.119:8089

# Reference: https://x.com/Fact_Finder03/status/1960991092758696391
# Reference: https://app.validin.com/detail?find=ac8af7e6309bca8612bc24cd62ef2b9d&type=hash&ref_id=3ba83bfe9dc#tab=host_pairs (# 2025-08-26)

http://102.135.95.11
http://103.116.8.240
http://103.149.72.120
http://103.71.22.154
http://103.85.246.194
http://104.194.153.26
http://104.245.241.28
http://107.172.0.160
http://109.122.197.147
http://116.62.193.235
http://116.62.23.176
http://117.88.40.106
http://117.88.43.30
http://118.31.236.216
http://119.42.144.210
http://120.27.138.217
http://121.40.112.52
http://128.85.35.78
http://129.204.153.68
http://13.234.203.37
http://13.236.179.186
http://134.122.169.44
http://138.124.114.89
http://138.124.54.133
http://144.172.102.128
http://146.190.113.159
http://147.45.116.129
http://147.45.51.238
http://150.241.94.3
http://150.241.95.88
http://154.216.16.239
http://154.216.16.87
http://154.216.17.69
http://154.216.19.93
http://154.216.20.190
http://154.222.18.183
http://154.23.175.128
http://154.58.204.239
http://154.58.204.42
http://154.82.81.86
http://154.90.54.98
http://156.238.245.37
http://156.253.228.19
http://156.253.228.27
http://160.191.34.49
http://160.191.51.211
http://166.88.197.47
http://172.191.69.182
http://172.247.189.117
http://172.94.83.235
http://172.94.96.204
http://172.94.96.24
http://176.65.134.155
http://176.65.134.158
http://176.65.134.178
http://176.65.134.77
http://176.65.134.78
http://176.65.134.87
http://176.65.137.123
http://176.65.137.197
http://176.65.138.82
http://176.65.141.167
http://176.65.142.118
http://176.65.142.198
http://176.65.144.114
http://176.65.144.123
http://176.97.67.5
http://178.17.57.11
http://178.20.208.168
http://178.20.209.25
http://179.61.147.163
http://181.41.201.142
http://181.41.201.188
http://182.16.28.10
http://182.16.28.11
http://182.16.28.12
http://182.16.28.13
http://182.16.28.14
http://185.125.50.47
http://185.147.124.227
http://185.147.124.236
http://185.147.124.36
http://185.147.124.41
http://185.147.125.101
http://185.147.125.142
http://185.147.125.77
http://185.147.125.78
http://185.148.242.166
http://185.241.208.161
http://185.39.19.36
http://185.7.214.34
http://185.93.6.238
http://185.95.156.188
http://192.142.54.82
http://192.238.133.237
http://192.238.133.242
http://193.222.98.125
http://193.232.179.46
http://193.233.113.0
http://193.233.232.176
http://193.233.254.121
http://193.233.254.132
http://193.35.17.242
http://193.58.121.7
http://194.238.18.218
http://194.26.192.207
http://194.59.31.77
http://195.133.93.49
http://195.177.94.87
http://195.211.191.33
http://196.251.112.139
http://196.251.69.153
http://196.251.70.173
http://196.251.81.55
http://196.251.83.32
http://196.251.83.99
http://196.251.84.145
http://198.55.98.106
http://2.59.117.173
http://20.185.159.205
http://206.123.145.217
http://206.82.6.118
http://206.82.6.126
http://206.82.6.210
http://208.87.206.146
http://209.250.231.116
http://212.224.107.135
http://212.34.143.220
http://213.108.21.189
http://213.139.72.15
http://213.176.64.170
http://213.176.75.7
http://213.176.94.107
http://213.209.150.181
http://213.209.150.192
http://217.144.186.83
http://23.224.10.50
http://23.224.10.51
http://23.224.10.52
http://23.224.10.53
http://23.224.10.54
http://23.224.6.74
http://23.224.6.75
http://23.224.6.76
http://23.224.6.77
http://23.224.6.78
http://23.225.160.52
http://23.225.165.250
http://23.225.165.251
http://23.225.165.252
http://23.225.165.253
http://23.225.165.254
http://23.92.65.142
http://27.124.4.217
http://27.124.4.223
http://27.124.4.224
http://3.106.170.83
http://31.177.109.154
http://31.177.110.138
http://31.177.110.65
http://31.57.228.145
http://31.59.184.185
http://37.114.37.129
http://42.51.42.243
http://45.130.145.179
http://45.130.145.30
http://45.138.16.249
http://45.141.233.172
http://45.141.233.43
http://45.144.212.123
http://45.150.34.112
http://45.150.34.182
http://45.202.32.55
http://45.204.193.80
http://45.207.197.14
http://45.38.42.190
http://45.74.16.152
http://45.74.16.202
http://45.81.115.141
http://45.88.91.120
http://45.92.1.37
http://45.93.20.3
http://45.94.31.85
http://45.95.42.238
http://46.253.4.118
http://47.106.166.82
http://47.76.203.143
http://47.98.108.91
http://47.99.37.131
http://49.232.25.115
http://49.232.5.167
http://5.180.155.29
http://5.252.155.84
http://5.75.206.212
http://51.79.196.122
http://54.81.134.133
http://62.60.156.65
http://62.60.238.149
http://62.60.239.210
http://62.60.245.206
http://62.60.248.220
http://64.227.174.203
http://65.109.176.86
http://68.69.186.50
http://69.62.80.235
http://72.60.42.212
http://77.110.105.101
http://77.110.116.151
http://77.110.127.173
http://77.239.114.138
http://77.239.124.252
http://77.83.207.20
http://77.83.207.81
http://77.90.153.169
http://78.153.130.114
http://79.133.46.33
http://79.137.194.40
http://8.130.103.141
http://80.64.19.108
http://80.64.19.159
http://80.64.19.55
http://82.147.84.110
http://82.147.84.183
http://82.147.84.22
http://82.147.84.23
http://82.147.84.245
http://82.147.84.69
http://82.147.85.61
http://82.147.88.120
http://82.147.88.144
http://82.147.88.2
http://82.147.88.213
http://82.147.88.82
http://82.147.88.84
http://82.147.88.93
http://82.157.27.3
http://83.217.209.171
http://83.217.209.65
http://84.21.173.243
http://85.192.24.80
http://85.192.48.2
http://85.208.84.133
http://85.208.84.20
http://85.208.84.24
http://85.208.84.56
http://85.239.33.120
http://87.120.126.53
http://89.110.92.23
http://89.208.105.249
http://89.248.168.31
http://91.200.14.203
http://91.208.206.85
http://91.214.78.76
http://92.246.138.194
http://92.255.57.100
http://92.255.85.112
http://92.255.85.21
http://94.156.232.90
http://94.26.90.237
http://94.26.90.78
http://95.217.60.176
http://95.217.61.243
beienta.com.cn
old.guodaiwang.com
rabbitmq.alamanceinc.com

# Reference: https://www.virustotal.com/gui/file/2f6cd2d7f818139afc8a0083364adadd2be59ee1e4885a9fb6be837d864f0d07/detection

193.233.113.0:3434

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

http://103.149.93.102
http://109.122.197.148
http://109.73.194.194
http://137.184.187.37
http://144.172.108.190
http://147.182.242.24
http://150.40.119.238
http://154.36.165.77
http://163.53.219.73
http://172.94.95.238
http://176.65.139.224
http://185.102.115.203
http://188.132.197.209
http://193.222.99.115
http://195.10.205.181
http://196.251.69.202
http://196.251.70.37
http://196.251.71.193
http://196.251.72.73
http://198.50.234.233
http://23.94.255.183
http://45.133.251.1
http://5.101.84.108
http://54.153.88.83
http://62.60.179.44
http://74.48.140.110
http://77.110.114.16
http://77.91.66.252
http://79.137.195.252
http://91.198.77.151
http://91.92.242.76
176.124.199.58:45051
77.83.207.20:45051
77.91.69.107:9000
85.208.84.133:45051

# APK

/inatboxx.apk
