# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-c-08, apt-q-37, apt-q-41, apt-k-47, artradownloader, asyncshell, manlinghua, splinter, turtlepower, MiyaRAT, ta397, ORPCBackdoor, KugelBlitz, AlmondRAT, BDarkRAT, MuuyDownloader, WSCSPL, Hazy Tiger, Orange Yali, ung0002, kiwistealer, chmghost, mysterious elephant

# Reference: https://github.com/pan-unit42/iocs/blob/master/bitter/iocs.csv

a.churchill91.com
aday.primeservices.mobi
aroundtheworld123.net
chinatel90.com
churchill91.com
confirm97.com
destiny91.com
font.jiangsuhost.com
frameworksupport.net
healthnewsone.com
hewle.kielsoservice.net
johnywalter.webatu.com
mappservworldvide.16mb.com
marvel89.com
marvellighter.com
medzone71.com
mob.wirelesssolutions.mobi
muzicwonder.com
nethosttalk.com
newmysticvision.com
nsiagenthoster.net
red5big.com
sound.muzicwonder.com
spring.tulipnetworks.net
sterling66.com
stingray91.com
styl.crrerc.com
styl.hairparker.com
thematrix.esy.es
thepandaservices.nsiagenthoster.net
tulipnetworks.net
victory1983.ddns.net
wills.hairparker.com
wingames2015.com
wirelesssolutions.mobi
woodwind71.com
xiovo416.net
zmwardrobe.com

# Reference: https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups/ (Chinese)

khurram.com.pk
traxbin.com
wcnchost.ddns.net

# Reference: https://twitter.com/h4ckak/status/1147710998817542145

healthdevicetracker.co

# Reference: https://www.anomali.com/blog/suspected-bitter-apt-continues-targeting-government-of-china-and-chinese-organizations
# Reference: https://cert.360.cn/report/detail?id=137867e159331b7a968aa45050502d13
# Reference: https://otx.alienvault.com/pulse/5d4d82f21a9bb34d2b0e65f7

btappclientsvc.net
cdaxpropsvc.net
v3solutions4all.com
v3solutions4all.org
wangluojiumingjingli.org
winmanagerservice.net
winmanagerservice.org

# Generic trails from https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/
# Reference: https://www.virustotal.com/gui/file/aecfa3879cd68b3a2ab0771638c0d649b007cbb6f28dddb56af4fb740b8e25a5/detection

/ergdfbd/
/healthne/
/ourtyaz/
/RguhsT/
/ergdfbd/wscspl
/healthne/accept.php
/healthne/regdl
/ourtyaz/dwnack.php
/ourtyaz/qwe.php
/ourtyaz/qwf.php

# Reference: https://twitter.com/Timele9527/status/1169430987832344576

gongzuosousuo.net

# Reference: https://twitter.com/blackorbird/status/1169925232255090689

aroundtheworld123.net

# Reference: https://twitter.com/James_inthe_box/status/1166128688175300608
# Reference: https://twitter.com/MeltX0R/status/1170183286712340482
# Reference: https://meltx0r.github.io/tech/2019/09/06/bitter-apt-not-so-sweet.html
# Reference: https://twitter.com/Timele9527/status/1169785910881218560

biocons.pk
gandharaart.org
maq.com.pk
netnsiservice.net
onlinejohnline99.org
sartetextile.com
zhongwenchuantongqiye.com
/kvs06v.php
/lax05u.php
/Mcx2svc.php
/ms2u1p.php

# Reference: https://twitter.com/RedDrip7/status/1170988245561294850
# Reference: https://twitter.com/MeltX0R/status/1171245112082481153

blth32serv.net
w32infinitisupports.net

# Reference: https://twitter.com/blackorbird/status/1182479754965876737

wangluojiumingjingli.org

# Reference: https://twitter.com/James_inthe_box/status/1183927764778274816

lmhostsvc.net

# Reference: https://twitter.com/blackorbird/status/1187662590224191489

nethostsupport.ddns.net
sysintservice.ddns.net

# Reference: https://twitter.com/ccxsaber/status/1192326844529422337

tvnservereventlog.net

# Reference: https://twitter.com/Timele9527/status/1201477767352553472
# Reference: https://twitter.com/Timele9527/status/1201477848852090881
# Reference: https://twitter.com/Timele9527/status/1201477876236701696

cloud-storage-service.com
kerbosim.com
noitfication-office-client.890m.com
office360-pub.16mb.com
quartzu.hol.es

# Reference: https://twitter.com/Rmy_Reserve/status/1224289465872502789

wbclientservice.ddns.net

# Reference: https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/mobile-malware-report.pdf

activemobistore.ddns.net
cbyxhuxo663.ddns.net
flashnewsservice.org
wdibitmapservice.net

# Reference: https://twitter.com/ShadowChasing1/status/1256036038331387904
# Reference: https://twitter.com/ShadowChasing1/status/1305879886473474048
# Reference: https://twitter.com/_re_fox/status/1305925337004601345

http://162.0.229.203
camncryptsvc.net
/RguhsT/
/RguhsT/accept.php

# Reference: https://twitter.com/MeltX0R/status/1258870289066319872
# Reference: https://www.virustotal.com/gui/ip-address/63.250.38.240/relations

http://63.250.38.240

# Reference: https://twitter.com/ccxsaber/status/1273442309816770560

usmservice.net

# Reference: https://twitter.com/Timele9527/status/1280315854094123008

liveways.pk

# Reference: https://twitter.com/Timele9527/status/1277843761318354944

mia.alkhaleejpk.info
tusdec.org.pk/ee
uniengrisb.com/img/rt.msi

# Reference: https://twitter.com/blackorbird/status/1295265067173163010
# Reference: https://twitter.com/ShadowChasing1/status/1303628547366350848
# Reference: https://twitter.com/ShadowChasing1/status/1306422911972958210
# Reference: https://twitter.com/Des00464472/status/1348964050076540928
# Reference: https://www.virustotal.com/gui/file/f45590dbb07e6a506c19f62b3f23b17a1aefbb6d8287f94a74c3ea707e6f4736/detection
# Reference: https://www.virustotal.com/gui/file/2ba30469c3cbe13aa02073ae6c48114d2902450c3745857946b30d811eff6e6d/detection

livevideosonlinepk.com
box.livevideosonlinepk.com
/RsdvgiMincSnyYu/
/tstRsdvgiMincSnyYutsphp/
/tstRsdvgiMincSnyYutspph/
/PerHyPfilbmiw1.php
/PerHyPfilbmiw2.php
/tstPerHyPfilbmiw1.php
/tstPerHyPfilbmiwts2t.php
/RsdvgiMincSnyYu/PerHyPfilbmiw1.php
/RsdvgiMincSnyYu/PerHyPfilbmiw2.php
/tstRsdvgiMincSnyYutsphp/tstPerHyPfilbmiw1.php
/tstRsdvgiMincSnyYutsphp/tstPerHyPfilbmiwts2t.php
/tstRsdvgiMincSnyYutspph/tstPerHyPfilbmiw1.php
/tstRsdvgiMincSnyYutspph/tstPerHyPfilbmiwts2t.php

# Reference: https://twitter.com/HONKONE_K/status/1297829657568407554
# Reference: https://www.virustotal.com/gui/file/0ce047bb77073990a8810f8d6f178dc0d4fc5257603790f80d3d84b0b2405a6c/detection
# Reference: https://www.virustotal.com/gui/file/ced29451faed4f5dfa9ce80e35469e3573a89f848d5a7f5b087ee62a62f5f89a/detection

oppak.com/one/opa
oppak.com/one/eths

# Reference: https://twitter.com/_re_fox/status/1301887287765225477
# Reference: https://twitter.com/ShadowChasing1/status/1304017919655858177
# Reference: https://app.any.run/tasks/383a15aa-63b0-48ee-9a90-2cb64da9134f/

jgcest.com/css/

# Reference: https://twitter.com/ShadowChasing1/status/1306858164277526528

alkhaleejpk.info
/PsehestyvuPw/F1l3estPhPInf1.php
/PsehestyvuPw/
/F1l3estPhPInf1.php
/F1l3estPhPInf2.php

# Reference: https://ti.qianxin.com/blog/articles/Blocking-APT:-Qianxin's-QOWL-Engine-Defeats-Bitter's-Targeted-Attack-on-Domestic-Government-and-Enterprises/
# Reference: https://otx.alienvault.com/pulse/5fd7a716e178ff014c630ecb
# Reference: https://www.virustotal.com/gui/file/6cb0c0a2f89d1e82653d2b0dd1389007543616d11f0709ff194a4db2d36865f7/detection
# Reference: https://www.virustotal.com/gui/file/820ab2458839688369906cee2a4c08b4694e2bddcb187358ce575e5d2063515e/behavior
# Reference: https://www.virustotal.com/gui/file/efeaadaa53ec033d224b58be109c0f5fde12c8775fc5603f51efa8e23bcd6fb2/detection

http://162.0.229.203
http://72.11.134.216
http://82.221.136.27
107.173.63.218:58370
pichostfrm.net

# Reference: https://twitter.com/ShadowChasing1/status/1356412596430233603
# Reference: https://twitter.com/_re_fox/status/1301887287765225477
# Reference: https://app.any.run/tasks/383a15aa-63b0-48ee-9a90-2cb64da9134f/
# Reference: https://www.virustotal.com/gui/file/c2131a3906d97b5d7d697d16de15a8f704db1e6e4a8d3d7316c784d45716cffc/detection

vdsappauthservice.net
/taskshandlers/DBhandle/primary_main.php
/taskshandlers/DBhandle/secondary.php

# Reference: https://twitter.com/ShadowChasing1/status/1375227175226368006
# Reference: https://www.virustotal.com/gui/file/e07e8cbeeddc60697cc6fdb5314bd3abb748e3ac5347ff108fef9eab2f5c89b8/detection

snsrsvchost.com

# Reference: https://twitter.com/ShadowChasing1/status/1408579870230126592
# Reference: https://twitter.com/malwrhunterteam/status/1408491293207154696

mail-mfa-gov-cn-login.netlify.app

# Reference: https://twitter.com/ShadowChasing1/status/1408579947417927687

yuruhjforonjoigrvnbnrgoigoigoisannvmvnfnmkfd7.000webhostapp.com

# Reference: https://cloud.tencent.com/developer/article/1826900
# Reference: https://twitter.com/AnonySecAgency/status/1423510463212523521
# Reference: https://www.virustotal.com/gui/file/1ac7f4cee8b614359cb0997c1934e8b2e4cab0bbfddfa84bedb6d1b2f55e26f3/detection

gxwxtvonline.com
otx.gxwxtvonline.com
/OtPefhePbvw/datarcvoninfile.php
/OtPefhePbvw/nnodata3inf.php
/OtPefhePbvw/onlinedata1inf.php
/OtPefhePbvw/
/datarcvoninfile.php
/nnodata3inf.php
/onlinedata1inf.php

# Reference: https://ti.qianxin.com/blog/articles/%22operation-magichm%22:CHM-file-release-and-subsequent-operation-of-BITTER-organization/ (Chenese)

http://193.142.58.186
45.11.19.170:34318
bheragreens.com
msisspsvc.net
myprivatehostsvc.com
sartetextile.com
svc2mcxwave.net
w32timeslicesvc.net
wdisvcnotifyhost.com
webmailcgwip.com
windiagnosticsvc.net
youxiangxiezhu.com
/n9brCs21/
/n9brCs21/apprun
/UihbywscTZ/45Ugty845nv7rt.php
/UihbywscTZ/
/45Ugty845nv7rt.php

# Reference: https://twitter.com/ShadowChasing1/status/1438706652522303489
# Reference: https://www.virustotal.com/gui/file/a169156b0d307ca978d722cafbd3bc1d04c94e55f71bc9d16ba6fabb8140be83/detection

olmajhnservice.com

# Reference: https://twitter.com/HONKONE_K/status/1464090084349669382
# Reference: https://www.virustotal.com/gui/file/528c6bf7c0c32be26bc1e32df73fed73ca7312e1b6fdb2ca20d5f0c157b02256/detection
# Reference: https://www.virustotal.com/gui/file/499bf98bef84eeff781828932b16747a5aa03d3f70e15aabf4718cccd20a51a5/detection

snsrsvchost.net

# Reference: https://twitter.com/RedDrip7/status/1468420250245136390
# Reference: https://twitter.com/kyleehmke/status/1510958302800318467
# Reference: https://www.virustotal.com/gui/ip-address/172.93.201.143/relations
# Reference: https://www.virustotal.com/gui/file/25aeec4c58f740c62664c757987902981c9676d0f58f9337f852fa9dd8a874d9

msofficeupdates.ddns.net
windowtemplates.info

# Reference: https://twitter.com/ShadowChasing1/status/1474005551818313729
# Reference: https://www.virustotal.com/gui/file/6b475078aca28ef7c8b162065b562e61670aceea1602715f53d64d81e7023a2a/detection

epapbuizhost.net

# Reference: https://twitter.com/ShadowChasing1/status/1478259210110775297
# Reference: https://www.virustotal.com/gui/file/9a8b201eb2bebe309d15c7b0ab5a6dcde460b84b035bb3575d4a0ec6af51a37e/detection

tomcruefrshsvc.com
sbss.com.pk
cpcalendars.tomcruefrshsvc.com
cpcontacts.tomcruefrshsvc.com
mail.tomcruefrshsvc.com
subscribe.tomcruefrshsvc.com
viewz.tomcruefrshsvc.com
webdisk.tomcruefrshsvc.com
webmail.tomcruefrshsvc.com
/VcvNbtgRrPopqSD/SzWvcxuer/userlog.php
/VcvNbtgRrPopqSD/SzWvcxuer/
/VcvNbtgRrPopqSD/
/SzWvcxuer/

# Reference: https://twitter.com/ShadowChasing1/status/1479641732169932801
# Reference: https://www.virustotal.com/gui/file/f7ed5eec6d1869498f2fca8f989125326b2d8cee8dcacf3bc9315ae7566963db/detection

slrpnlcontrlintrface.com

# Reference: https://twitter.com/ShadowChasing1/status/1480193191299084288

autodefragapp.com
care.autodefragapp.com
evert.autodefragapp.com
helpdesk.autodefragapp.com
mail.autodefragapp.com
newdesk.autodefragapp.com
support.autodefragapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1480853604609126403
# Reference: https://www.virustotal.com/gui/file/4e0824b6c9c4e53a7caeda78c8b60bf1dc20670e58955ad1e2e9f89fdf22029c/detection

gpcpsvclog.net

# Reference: https://www.virustotal.com/gui/file/1b60ef6900dc790f2565e4fd27b14742ed6bec53252e3b142f0af6a246d94837/detection

comnmsgwrapsvc.net
/jsprc.php?h=

# Reference: https://twitter.com/k3yp0d/status/1490994886338027527
# Reference: https://www.virustotal.com/gui/file/15a58d7223761f8386c902ae2d55a1313b4744e543f8f228851d0376dce721fe/detection

/dFFrt3856ByutTs/xnb/data1.php
/dFFrt3856ByutTs/

# Reference: https://twitter.com/RedDrip7/status/1493905786354892801
# Reference: https://www.virustotal.com/gui/file/a4afaa41383f447d96d0ebb1e2e50721af080e951d40754a836215fb2c3f0660/detection

45.86.163.212:49920
snapsvcvirtual.net

# Reference: https://twitter.com/h2jazi/status/1499501002743062539
# Reference: https://www.virustotal.com/gui/file/eaa013b863bda3bd76c6f6073cc304002d1a9f317c8fba9c362534aff7dd1b0b/detection

diyefosterfeeds.com

# Reference: https://www.virustotal.com/gui/file/34182232200718be91a1b683112f8e44c1ee75bf3b11e2c055de68d990e0dd92/detection

http://45.11.19.170

# Reference: https://twitter.com/h2jazi/status/1509636768504717313
# Reference: https://www.virustotal.com/gui/file/9fca7eeb6a7c3591492ddb7693b9d7b2349acc3240cc46710f91fb79d8a8deb6/detection

coerciondigital.com

# Reference: https://twitter.com/GGGGh0st/status/1512002541370097664
# Reference: https://www.virustotal.com/gui/file/195682cc8a6318d3eb2af83faaff76dc925e3e382b13729b9e03cf6d8f5435b0/detection

lltdifslogsvc.net

# Reference: https://twitter.com/blackorbird/status/1520688352286052352

zhaodaolajiankang.com

# Reference: https://twitter.com/ShadowChasing1/status/1521401317360513025
# Reference: https://www.virustotal.com/gui/file/a979c76afd0e9d2e135ca64a215e1af270222d059d806e7028022060e8cbe72c/detection

193.142.58.38:34905

# Reference: https://twitter.com/SethKingHi/status/1522867750481408001
# Reference: https://www.virustotal.com/gui/file/14986da600df26fdb4e435cf01b6be4e5fffcc001059609070a2de701496bdde/detection

wmbwowxsvc.com

# Reference: https://twitter.com/SethKingHi/status/1523592393249136640
# Reference: https://www.virustotal.com/gui/file/471b384ca81a9d804992d4e4693ab3d42d419a2e2690ebb146671407fe0809d8/detection

levarisnetqlsvc.net

# Reference: https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html

185.141.25.244:33324
urocakpmpanel.com
/updateReqServ10893x.php

# Reference: https://twitter.com/k3yp0d/status/1525508775980957698
# Reference: https://www.virustotal.com/gui/file/dbd72490ce2642721ba8919b27a5f4854d2a8199132e9c4bb08f54b48282febc/detection

nymedsvcsystems.com

# Reference: https://twitter.com/k3yp0d/status/1527656133837594624
# Reference: https://www.virustotal.com/gui/file/91ddbe011f1129c186849cd4c84cf7848f20f74bf512362b3283d1ad93be3e42/detection

emshedulersvc.com
huandocimama.com
han.huandocimama.com
log.huandocimama.com
m.huandocimama.com

# Reference: https://twitter.com/__0XYC__/status/1501847173864083458
# Reference: https://twitter.com/__0XYC__/status/1501852899491852288
# Reference: https://twitter.com/blackorbird/status/1534373342446202881
# Reference: https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg (Chinese)

botanoolifeapp.net
deliverymailserver.com
ekoconect.com
epapbuizhost.net
maildataserver.com
pnptrafcroutsvc.net
rurushophoogtypnl.com
svc2mcxwave.net

# Reference: https://twitter.com/RedDrip7/status/1536987661939773440
# Reference: https://twitter.com/RedDrip7/status/1536989979229835265
# Reference: https://www.virustotal.com/gui/file/6f5ce57dce03d9456657ad872766ee8f78b1b6c258a8b99c7658bc0590813d4d/detection
# Reference: https://www.virustotal.com/gui/file/55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396/detection

64.44.131.109:33638
wizbizkidshow.biz

# Reference: https://twitter.com/binlmmhc/status/1539094292064784384
# Reference: https://www.virustotal.com/gui/file/cfd883237a56a1a59c2882b9c7e11272ab32b76b35bbf69358c1168e82aae278/detection

mynewellowstore.com
login.mynewellowstore.com
star.mynewellowstore.com
/OibytDsERt.php

# Reference: https://twitter.com/binlmmhc/status/1529782539199868928
# Reference: https://www.virustotal.com/gui/file/3037f41f422033a11ed86871ea7f6dbba8b910dbee3212eb33165e488eecde14/detection

51.255.3.62:48152

# Reference: https://twitter.com/binlmmhc/status/1485545135882784768
# Reference: https://www.virustotal.com/gui/file/9ca64c2672258e72d297dbf0d2d7a57d92d6011e75ac08ba4feb01e8a975cf09/detection

185.117.73.195:59600
plprasvchost.net

# Reference: https://twitter.com/binlmmhc/status/1437704326789488642
# Reference: https://www.virustotal.com/gui/file/73f3a0d2d93c36276e1ecc7ebe64bede9c5adcfd01c5bebc89be75dc5b70111e/detection

fdcx32hostlaunchsvc.com

# Reference: https://twitter.com/binlmmhc/status/1377080167881924608
# Reference: https://www.virustotal.com/gui/file/fdc7cff892b890cb46c3c6d9fd3e8a62bb3059caaf034d63ba7d615342f17f70/detection

vercplsupport.net
/taskshandlers/DBhandle/primary_main.php

# Reference: https://twitter.com/h2jazi/status/1551980359990104064
# Reference: https://www.virustotal.com/gui/file/fec00455734451b722f3037e0a668c280c5ddbec1d905c647bf1a7f153856860/detection

novaoutletclub.com

# Reference: https://twitter.com/Richard_S81/status/1557419346078666752
# Reference: https://blog.cyble.com/2022/08/09/bitter-apt-group-using-dracarys-android-spyware/
# Reference: https://www.bleepingcomputer.com/news/security/hackers-install-dracarys-android-malware-using-modified-signal-app/
# Reference: https://www.virustotal.com/gui/file/220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548/detection (# Dracarys)

94.140.114.22:41322
signal-premium-app.org
signalpremium.com
youtubepremiumapp.com

# Reference: https://github.com/blackorbird/APT_REPORT/tree/master/bitter/2022

appbriar.com
appprotonvpn.com
briarapppro.org
converse-app.org
gosignal.org
islam-360-plus.com
linphone-app.com
play-protect.com
signal-premium.org
signalpro.org
sikhsiyasatapp.net
telegram-app.tech
telegram-pro.org
telegramapppro.org
app2.appvlc.com
gallery.play-protect.com
pflix.camdvr.org
weather.play-protect.com

# Reference: https://about.fb.com/wp-content/uploads/2022/08/Quarterly-Adversarial-Threat-Report-Q2-2022.pdf
# Reference: https://otx.alienvault.com/pulse/62f2344533e6cfe5e975f573

1drivestorage.com
appsupdate.net
archiverst.com
createasocialcard.top
hatvax.com
playapps.ga
shareflx.com
social-card-share.top
socialpreviews.top
storeupdates.net
theambix.org
yoursdrive.com
whatsapp.playapps.ga
play.google.com.whatsapp.playapps.ga
shareflx.createasocialcard.top
shareflx.social-card-share.top
shareflx.socialpreviews.top

# Reference: https://twitter.com/malwrhunterteam/status/1577401341768568854
# Reference: https://twitter.com/LukasStefanko/status/1577553669700083714
# Reference: https://www.virustotal.com/gui/ip-address/74.119.239.234/relations
# Reference: https://www.virustotal.com/gui/file/cbfa2aa73ea8bdc126c6767efd61a822786f4b48479859a6d14246a25d8ebd1a/detection

currweather.com
weather-latest.com

# Reference: https://www.virustotal.com/gui/file/510b3de50c8dfc20a3085166f373a5f12475c7915984de0afa3cc0bff0c2580d/detection

dnldsalecraze.com

# Reference: https://twitter.com/SethKingHi/status/1583039595524259841
# Reference: https://www.virustotal.com/gui/file/07504fcef717e6b74ed381e94eab5a9140171572b5572cda87b275e3873c8a88/detection

qwavemediaservice.net

# Reference: https://twitter.com/HONKONE_K/status/1533694370805063680
# Reference: https://www.virustotal.com/gui/file/d07b4487348de35df5e4cfa7c26c8cc6432230c1df220d2379fc702e25850909/detection

110.42.64.137:9527

# Reference: https://twitter.com/h2jazi/status/1594688392314474502
# Reference: https://www.virustotal.com/gui/file/4baf42e448120bd26fd0198c1b3382296fa3cb47f6c882fd5a9f4693d88847e5/detection

vividworld.net

# Reference: https://twitter.com/ginkgo_g/status/1598138502017085440
# Reference: https://www.virustotal.com/gui/file/8cfc803459682619e97f172e9cca33458fdf38b0b9ca09f8ccbc7df16f09240f/detection
# Reference: https://www.virustotal.com/gui/file/b514635f569791316e1c55057f63f596847e23c0fa1ca0f751c5a2135f72b8ff/detection

mobisharestock.com
updnangelgroup.com

# Reference: https://twitter.com/ThreatBookLabs/status/1602611437326991360

rusjamystarapp.com

# Reference: https://twitter.com/ThreatBookLabs/status/1603675610504499200

supunitysharehost.net

# Reference: https://twitter.com/Des00464472/status/1607962294222454784
# Reference: https://www.virustotal.com/gui/file/caf871247b7256945598816e9c5461d64b6bdb68a15ff9f8742ca31dc00865f8/detection

devqrytoprar.net

# Reference: https://twitter.com/Des00464472/status/1608357353589735425

mabizstockholm.com

# Reference: https://twitter.com/binlmmhc/status/1610969202722242561
# Reference: https://x.com/ShanHolo/status/1971249000985788673

deriksystemspartens.com
guppu.pk
herbsbrunabuiz.net
mirzadihatti.com
/cmpn/xing.php

# Reference: https://twitter.com/binlmmhc/status/1555002494593679361
# Reference: https://www.virustotal.com/gui/file/5374d2b9c9802d3b04735134960be84033c390b9279aea5b8ff7cbca8eaf9a4c/detection

147.124.223.140:41320

# Reference: https://twitter.com/ThreatBookLabs/status/1611260753151164417
# Reference: https://www.virustotal.com/gui/file/b7a9407b47baf7442e0baf94a3b4cc8b7420cb01364fc8e6a3c622b7ae39301f/detection

23.106.122.149:31174
kryoblockbind.net

# Reference: https://www.virustotal.com/gui/file/06dd9a7aebe0995b23526f04eabc85db3d2d98def9be58c1012a1280f5aa63f1/detection

ellearningstore.com

# Reference: https://twitter.com/RedDrip7/status/1613474917038837764
# Reference: https://www.virustotal.com/gui/file/5b90d4c397e575965ed49082981fd34272b5e1da010057f6ebcdd4f53a409ad0/detection

wcnsappword.com
/wmis/wave.php?xas=

# Reference: https://twitter.com/StopMalvertisin/status/1613833615984721922
# Reference: https://www.virustotal.com/gui/file/2fe49d93b5dcf19a2b60e91756246b051adc89303151c9e0b875c3f21c698be9/detection

onlinehealthmatters.info

# Reference: https://twitter.com/StopMalvertisin/status/1614460800680472579
# Reference: https://www.virustotal.com/gui/file/95990cac90d19e6fe48bff85a72148c35facbb2e61b1f326d85e82603240a741/detection

bensnewfashionstyles.com

# Reference: https://twitter.com/StopMalvertisin/status/1618434887220105216
# Reference: https://www.virustotal.com/gui/file/561ace43f77de135d5b3286bd2ef270b185d0abdba15d442551211068f8bbf11/detection

wbfashionshow.com

# Reference: https://twitter.com/StopMalvertisin/status/1622200643787309056
# Reference: https://www.virustotal.com/gui/file/f598f3bd60a39ad5861f145e82b33acde146b6ed5c2ffd9c6862ca1ea635afbf/detection

dracjohnsupport.com

# Reference: https://twitter.com/ThreatBookLabs/status/1622884433945829376
# Reference: https://www.virustotal.com/gui/file/a447a890c7738c259ae0fc03958fbd6a96abd350a5acb9cc39fd8b3e7d450147/detection

zingstockpicks.com

# Reference: https://twitter.com/StopMalvertisin/status/1623199772810301447
# Reference: https://www.virustotal.com/gui/file/636c2a16f94b5e30e725527a1bd2215399f98f17cc08580bc7358751b9eb2944/detection

jlmusiklearn.com

# Reference: https://twitter.com/StopMalvertisin/status/1623199776476131328
# Reference: https://www.virustotal.com/gui/file/35952afc1c9f5597348373cee4611bc37287076606ca1b912d6a73aeee26602a/detection

rxnovelapps.info

# Reference: https://twitter.com/StopMalvertisin/status/1628694986140311552
# Reference: https://www.virustotal.com/gui/file/ded0635c5ef9c3d63543abc36a69b1176875dba84ca005999986bd655da3a446/detection

coauthcn.com

# Reference: https://twitter.com/StopMalvertisin/status/1633398160843485185
# Reference: https://www.virustotal.com/gui/file/9da7bb7065b91ec4634c080955d7ab086f7bc6f5391d1db10751812c38bcff19/detection

lbhandlesystem.com

# Reference: https://twitter.com/fmc_nan/status/1639175633019478017
# Reference: https://twitter.com/StopMalvertisin/status/1639339836225253377
# Reference: https://twitter.com/StopMalvertisin/status/1639340323200733184
# Reference: https://www.virustotal.com/gui/file/43c8ada7cb7c046893dd96aef195856ec94f62823ca1a2987adf31899788c92d/detection
# Reference: https://www.virustotal.com/gui/file/cd3effd25629ab9c440ed8bedb9bfb312c73a022cad5078684784ea07eff2c68/detection
# Reference: https://www.virustotal.com/gui/file/8aeb7dd31c764b0cf08b38030a73ac1d22b29522fbcf512e0d24544b3d01d8b3/detection

mail-gdrive.com
bluelotus.mail-gdrive.com
msdata.ddns.net

# Reference: https://twitter.com/fmc_nan/status/1638874363335409667
# Reference: https://www.virustotal.com/gui/file/117ae7b2d08c8f11be7e4c4f27e54fa1d3a816073502241f1bb6277c89c67d85/detection
# Reference: https://www.virustotal.com/gui/file/f5e066da37fc9da2ca68678aa1e001c4428e9476dde8a927cb76fa9389038b06/detection
# Reference: https://www.virustotal.com/gui/file/2eca2f7a1fb4654dd73bf4a999ce155b2303e47340b26a49623f5b32948060c3/detection

46.30.188.43:51683

# Reference: https://twitter.com/suyog41/status/1640346154205343747
# Reference: https://www.virustotal.com/gui/file/6ac16df25b0faead1d019f73edd9b12bac9f356d8250b5637f3f6a0b94e73c75/detection

erswuniconsharing.com

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1654318267002163202
# Reference: https://www.virustotal.com/gui/file/4e3e4d476810c95c34b6f2aa9c735f8e57e85e3b7a97c709adc5d6ee4a5f6ccc/detection

46.30.190.160:60099
uxmesysconsole.com

# Reference: https://twitter.com/suyog41/status/1663857230616186881
# Reference: https://www.virustotal.com/gui/file/4f94e7bd1515e0025293fb5a041bc41c20a7dd15a6dd0bc7076145a69d5238c0/detection

folkmusicstreams.com

# Reference: https://twitter.com/StopMalvertisin/status/1666834231983767558
# Reference: https://www.virustotal.com/gui/file/490eccbb2712e7752a0ba193f783de9d333f67ba1fde5bb130280c5abf77555a/detection

novasapothecary.com

# Reference: https://twitter.com/ThreatBookLabs/status/1662266116247552001

greenspowerpanel.com

# Reference: https://twitter.com/suyog41/status/1671452383879081984
# Reference: https://www.virustotal.com/gui/file/a2e3f464e1c39909f47f0b837b04e1256061f4a9698678e097b4dd09aa4de9c1/detection

daveonenewtestpanel.com

# Reference: https://twitter.com/ThreatBookLabs/status/1676953190913433607

netmansrvdns.com

# Reference: https://twitter.com/ThreatBookLabs/status/1681656384071376897
# Reference: https://www.virustotal.com/gui/file/e8149ba0e8ce1a48142df2009688d5aa657286d56638b36da1c5ea2376ba6f9f/detection

webcarewellclinic.com

# Reference: https://twitter.com/suyog41/status/1684892151316955136
# Reference: https://www.virustotal.com/gui/file/1ea9e9ecd0e5b0ac4aedc1b5515484a372dd8aefb1dbeb00f243a0a3ce40fab9/detection

farleysmxpph.com

# Reference: https://twitter.com/suyog41/status/1686298387455283200
# Reference: https://www.virustotal.com/gui/file/c3fc4d145ce3cee06782753be269cad6632751fb9b824e1917b0de6e597ee2ee/detection

mercifulnearyou.com

# Reference: https://twitter.com/binlmmhc/status/1686659755622924288
# Reference: https://twitter.com/binlmmhc/status/1686661719261958144

kaatsonlinesupport.com
thenewmusictunes.com
/WVKA/qbv.php

# Reference: https://twitter.com/ThreatBookLabs/status/1688902207566196736

emmacloudsystem.com

# Reference: https://twitter.com/ginkgo_g/status/1696470343979012600
# Reference: https://www.virustotal.com/gui/file/cc1c7e53ea567509a4bcfda2df95cb8f6ed7eed7cb2ae8786b736cd4d858173a/detection

shzjwxsns.qqcloud.coauthcn.com

# Reference: https://twitter.com/suyog41/status/1698568505535414578
# Reference: https://www.virustotal.com/gui/ip-address/82.221.129.39/relations
# Reference: https://www.virustotal.com/gui/file/413d0aacddad41105f9f04de12cae9420919083796ed856df47ee2c7b3767fda/detection

dashonlineclub.com
/CVBN/mzx.php

# Reference: https://twitter.com/ThreatBookLabs/status/1677666593982271488

xiuxonlinehost.com

# Reference: https://twitter.com/lightC07379408/status/1706965936098390431
# Reference: https://www.virustotal.com/gui/file/e61e41d73682c166e7cf8c8a1db169f0f689fa2b70e19cfb0033e4c9211d9de6/detection

mxsiclienteventlog.com
neozelappconsole.com
/ROAM/gret.php
/WORK/info.php?cve=

# Reference: https://twitter.com/suyog41/status/1717061493068640648
# Reference: https://www.virustotal.com/gui/file/8bb36cb759cada50695ae3b5156b6f603c92081147400db544ac75ece8ce7129/detection

webandersondesign.com
/dozq/jkl.php
/dozq/jkl.php?pi=

# Reference: https://twitter.com/StopMalvertisin/status/1722944218015179147
# Reference: https://www.virustotal.com/gui/file/445c801e857329e1740745b4949349a02971530c4f5d28a8e9e5489c3516933a/detection

farlookclinic.com
/DMMA/hfo.php
/DMMA/hfo.php?pi=

# Reference: https://twitter.com/RexorVc0/status/1727230322855833657
# Reference: https://mp.weixin.qq.com/s/HVhXyIB4sKuG6dDwwe4Pcw
# Reference: https://www.virustotal.com/gui/ip-address/91.236.230.44/relations
# Reference: https://www.virustotal.com/gui/file/2b25469b0e23fc024f5ca147948292cd4175a18625cb8a5b67ab04300082866f/detection

91.236.230.44:59310
olivershikerhelp.com
sportsaccessstore.com
cjcjegb9k5vg46vkns5g.sportsaccessstore.com
gspcfdqtloe.sportsaccessstore.com

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1729760374960927051
# Reference: https://twitter.com/doc_guard/status/1729861690613989781
# Reference: https://app.docguard.io/fc72bd3e21cddcb3c181d7bdf1cacd2886701cdf9cc12be63061c2eeeda47ce9/results/dashboard
# Reference: https://www.virustotal.com/gui/file/fc72bd3e21cddcb3c181d7bdf1cacd2886701cdf9cc12be63061c2eeeda47ce9/detection

newsaxfluteclub.com

# Reference: https://twitter.com/suyog41/status/1730172467094983083
# Reference: https://www.virustotal.com/gui/file/83ca53918af3ea659d767e489a1e42ea97879e3e534f68c4edc7d0eb77f44204/detection

newlbfashions.com
/kna.php?ka=

# Reference: https://twitter.com/ginkgo_g/status/1729698368987787591
# Reference: https://www.virustotal.com/gui/file/132098213b5923463611e6fc77bfce0cfad3d727566ce0e87e9723456c698ae6/detection

89.40.206.85:52529
maxdimservice.com

# Reference: https://twitter.com/suyog41/status/1731632299618525471
# Reference: https://www.virustotal.com/gui/file/62e42d3e778fd79b7989966b057c24c141531f871a7c73703b35858ab3d13f47/detection

paulalesiastyles.com

# Reference: https://twitter.com/suyog41/status/1732637340299104556
# Reference: https://www.virustotal.com/gui/file/22dd82c94cadf5cf31b3e9519e8149d4a68fe13bac13eaef91bf283a4beb8101/detection

lroliviapanel.com
/frst.php?ys=

# Reference: https://twitter.com/liqingjia1989/status/1734459198245867732
# Reference: https://www.virustotal.com/gui/file/ab26ffe31e0c6b247781b20eba4f405ade35ebe6d87d49e7780a65ea7bd870dc/detection
# Reference: https://www.virustotal.com/gui/file/be6be16175f523214ce49f765245ea38b4c5ecb24b15d08180232df0eb728e23/detection

46.249.38.18:41426
loganwcshost.com

# Reference: https://twitter.com/liqingjia1989/status/1724011550825136526
# Reference: https://www.virustotal.com/gui/file/fc9f84bad598c057b595efbca7ae0ae9a1678de7f2185275953424b3ec47a00e/detection
# Reference: https://www.virustotal.com/gui/file/813c67414723ea162e789b1fc4b269839351863050f27a2f906426dac3a86f39/detection
# Reference: https://www.virustotal.com/gui/file/14e43110cc3c40bf56d95df0079cc744055b1568dbceac05b50a2c0159bef872/detection

45.66.248.66:59142
dtzappaccount.com

# Reference: https://twitter.com/liqingjia1989/status/1706835231536525805
# Reference: https://www.virustotal.com/gui/file/20bf58300532c55c46c19ff9c634bd8f3d48c577b1d8414cb6d4d2fbb1716087/detection

95.174.71.139:39006
umsmssvc.com

# Reference: https://twitter.com/liqingjia1989/status/1694531703505813618
# Reference: https://www.virustotal.com/gui/file/4664dc63b2faaa69ee7440980da0b9894a5267f06cfe3948b0f762196c0b50b7/detection

91.236.230.54:46056

# Reference: https://twitter.com/liqingjia1989/status/1672787159424835585
# Reference: https://twitter.com/liqingjia1989/status/1672792060007714816

alfiehealthcareservice.com

# Reference: https://twitter.com/liqingjia1989/status/1656105672365477888
# Reference: https://www.virustotal.com/gui/file/c24efc7c4dafd4f0b39e7ae7e84627fbd0fb766019b820cb11edbb8dda54de66/detection
# Reference: https://www.virustotal.com/gui/file/66a73b1b3b51a1c6a56db2d20cff9af3d1362b989989b5d9543d2e9b92ac9a3d/detection

23.254.128.22:22812
51.178.206.76:22812
jjwappconsole.com

# Reference: https://twitter.com/suyog41/status/1737375533250511276
# Reference: https://www.virustotal.com/gui/file/c77ae7c9533eddbb5f2b80889590436aac7df6166abefc51d5a65f775e6258dc/detection

mikeyourevents.com
/CP/tre.php?pi=

# Reference: https://twitter.com/liqingjia1989/status/1742010387481121156
# Reference: https://www.virustotal.com/gui/file/f6afa3080c4f69eaaeb4d43c723672031b4a5b7130b1db8361786180e6bba380/detection

46.249.38.18:52993
lcpcstudiover.com

# Reference: https://twitter.com/malwrhunterteam/status/1742941632922624097
# Reference: https://www.virustotal.com/gui/file/15161231be575991c70252cc33cdd2c41b5c3b255d6510790bef32be9b6ff5a2/detection
# Reference: https://www.virustotal.com/gui/file/408292710999abc4d37f23a6672ef407d70ffb4dc2e3e030a5ec705735c1f8bd/detection

adamsresearchshare.com
/textcmd/cmd1.php
/textcmd/text.php?id1=

# Reference: https://twitter.com/liqingjia1989/status/1743080624196661436
# Reference: https://www.virustotal.com/gui/file/89e609cc48e0926b8121ed943bf9561d0ed0ac682d811618d56d0602ccca847c/detection

185.117.73.209:49725
gotiktikweb.com

# Reference: https://twitter.com/RexorVc0/status/1744276666782716098
# Reference: https://mp.weixin.qq.com/s/0iiCwpxNnd8akoT8RjU84A?ref=www.ctfiot.com

alfiehealtcareservice.com
nesiallservice.net

# Reference: https://twitter.com/liqingjia1989/status/1745729324349825131
# Reference: https://www.virustotal.com/gui/ip-address/135.125.242.211/relations
# Reference: https://www.virustotal.com/gui/file/c492bdf749b0a229cb256e1ee04e1c48b7472a351f04605415c11d40063cd14a/detection

135.125.242.211:52112
hallanskylarks.com

# Reference: https://twitter.com/ginkgo_g/status/1746827915306909954

upulllogistics.com
/wipe/ret.php?eer=

# Reference: https://twitter.com/ginkgo_g/status/1753259443675156855
# Reference: https://www.virustotal.com/gui/file/876122fcc9e0d5ebd42df9e93d37ad23d9f521e6077e9cb8b05862ae157757e3/detection

northgenstudios.com
/ML/vbn.php?pi=

# Reference: https://twitter.com/liqingjia1989/status/1760112384071606393
# Reference: https://www.virustotal.com/gui/file/c0d926b33ae2351a9a528ba4d7ca13be7d55ba3455d52c5a69c8b381ade28ed0/detection
# Reference: https://www.virustotal.com/gui/file/f2f783a72e955ecbcddc448764921a753bd1ac4dd14128200bb4866021287ae7/detection

91.192.81.102:22981
kaatmusiclab.com

# Reference: https://twitter.com/alex_lanstein/status/1765088371108639175
# Reference: https://www.virustotal.com/gui/file/414d6ed63baaaa69a555068e91e1ee89dbcf38cac7ac4918f6e50fb82d039485/detection

demolaservices.com

# Reference: https://twitter.com/h2jazi/status/1765117935469658451
# Reference: https://www.virustotal.com/gui/file/c0120c1f458497602ae3068e7e755d5056f7a0b2c28c9e6ba9a3bfe12b27ad56/detection

clairsvanieclub.com

# Reference: https://twitter.com/suyog41/status/1765296640028774450
# Reference: https://www.virustotal.com/gui/file/8b79f6b2061e3231da4ef75799ad9754d64c336ce34fbc9a4538b0b3020fff8a/detection

whitelilyshop.com

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1765651279093612644

bartelemarks.com

# Reference: https://twitter.com/__0XYC__/status/1770689612031164671
# Reference: https://www.virustotal.com/gui/file/7525cecb3d45097db48ee08410ba2b2ae1f9db84f887098557b09e7f8fa79a81/detection

libraofficeweb.com

# Reference: https://twitter.com/liqingjia1989/status/1776779248524755435
# Reference: https://www.virustotal.com/gui/file/4dfe81aeb881c9e7cf0a469542d3908df9d7c5bc87c8fe1061254d77a53cb1d3/detection

bsdqcaptureman.com

# Reference: https://twitter.com/liqingjia1989/status/1777622247936491681
# Reference: https://www.virustotal.com/gui/file/9fcae6572e9d474e131e64b639becf0bbaea7297edd451459f069fb20742b1f2/detection

evtessentials.com

# Reference: https://twitter.com/ginkgo_g/status/1783386949765718155
# Reference: https://www.virustotal.com/gui/file/dcdae583da8a1b01a8ad0caef6a7f6f3b6f1eb6dd3298ac7d904200f52712446/detection

oraclewebonline.com

# Reference: https://twitter.com/ginkgo_g/status/1784505204391739493
# Reference: https://www.virustotal.com/gui/file/ba2e21641a1238a5b30e535bd0940fcd316a6e5242bfdd48a97aaa203d11642b/detection
# Reference: https://www.virustotal.com/gui/file/6cdc79edba95c6a9ec1d50457dc16f40f02c46a7d0b9665f099abe8155d1a25c/detection

libraofficeonline.com
officeweb.live
outlook-web.ddns.net
outlook.officeweb.live

# Reference: https://www.virustotal.com/gui/file/85a6ac13510983b3a29ccb2527679d91c86c1f91fdfee68913bc5d3d01eeda2b/detection

141.94.68.169:443
microsoft.officeweb.live

# Reference: https://twitter.com/liqingjia1989/status/1784846105416708314
# Reference: https://www.virustotal.com/gui/file/53e9d201163cd5fc1adf3974afb41c6a31496737bdbbefec3be7205d63a3780e/detection

johnfashionaccess.com

# Reference: https://twitter.com/alex_lanstein/status/1785026144246325630
# Reference: https://www.virustotal.com/gui/ip-address/93.123.73.160/relations

colorsofnether.com

# Reference: https://twitter.com/suyog41/status/1785925227337375766
# Reference: https://www.virustotal.com/gui/file/30f9676fb31a2ee5c4d5ec9e3809422cad8efcc7f409d4e5ba96d3229e42ae61/detection

47.94.19.69:8080

# Reference: https://twitter.com/liqingjia1989/status/1787752297461846466
# Reference: https://www.virustotal.com/gui/file/667e411ec65acc61eea0be0dbae8a4ffde8529e905c780cd35f71ef9ebc0a0bf/detection

167.88.15.93:61920
smartclouddirect.com

# Reference: https://twitter.com/liqingjia1989/status/1788123283931717847
# Reference: https://www.virustotal.com/gui/file/f95167754f162097b83495baa070d3a0036b335a22c6d584300dd94b45988780/detection

yalinasculetips.com

# Reference: https://x.com/alex_lanstein/status/1792638726931161109
# Reference: https://www.virustotal.com/gui/file/482e4f64e1aa9096bed00dbe0cc6451441c0f0d0bf5a9d33e3011057f4bed9c5/detection

goalvaidclub.com

# Reference: https://x.com/mal_analysis136/status/1793123437680210067
# Reference: https://app.validin.com/detail?type=dom&find=aduhoki88.com#tab=host_pairs_v2

55five.lol
888toto.com
8toto.co
918slot.top
99togel.org
99toto.shop
aduhoki88.com
bulltrader.vip
efgchartered.co.uk
kertasiusaus.com
maxcavelli.com
plugins-support.com
test.bulltrader.vip

# Reference: https://x.com/RedDrip7/status/1794979757559599555
# Reference: https://www.virustotal.com/gui/file/0b230b83c0b4af6e13ad837c35121d0827f5a243855a5d8a80e299b9c91ad5ae/detection

mariasunistyle.com

# Reference: https://x.com/liqingjia1989/status/1795058403540173275
# Reference: https://www.virustotal.com/gui/file/bc764b4af4edeaf94920c75c7956b8bb6f7315071c3781d61c029f235cb62d96/detection

46.183.25.24:52546
manderikgamezilla.com

# Reference: https://x.com/liqingjia1989/status/1795276257627877723
# Reference: https://www.virustotal.com/gui/file/c8b93075675b6b90cc5a2f58bdd1c52088a511485efd2f9bb6de54c9736e98e5/detection

giov.officeweb.live

# Reference: https://x.com/liqingjia1989/status/1798160822134546655
# Reference: https://www.virustotal.com/gui/file/7ca837a4e410b57e0c54bb6fb3a7ef756b0913a77339e5d11c5e9371c3ee64b2/detection

viyoappmapper.com

# Reference: https://x.com/suyog41/status/1808379399953146053
# Reference: https://www.virustotal.com/gui/file/8c4416b735826bd35707b9caad356292c82a574e5d85a5ce6e013754352d9098/detection

shioyuilubiz.com

# Reference: https://x.com/StrikeReadyLabs/status/1808457407632224733
# Reference: https://www.virustotal.com/gui/file/86c4e9a4615836c6fc7c44f458a3fa784fe347f23b062b08ec22999cda15b2a9/detection

bakuackermannfashions.com

# Reference: https://www.virustotal.com/gui/file/309740ee31eff70c8510340293cc45b135c4791a8a7c70e8a12ea6b4f1217ff5/detection

fusionjunction.link

# Reference: https://x.com/StrikeReadyLabs/status/1811034367856161254
# Reference: https://www.virustotal.com/gui/file/1dd50966db005e30f7a69b6d16dfe8b9810dba3cdbe43bebb136f8786d027ed1/detection

mxmediasolutions.com

# Reference: https://x.com/liqingjia1989/status/1811658282366271537
# Reference: https://www.virustotal.com/gui/file/c2e492da957ef5c76b3cc8890007c4f419ec510b5f9f259c2a0161c032ebc987/detection

46.30.190.137:51620
gorgxwebset.com

# Reference: https://x.com/suyog41/status/1813453691019571279
# Reference: https://www.virustotal.com/gui/file/8f03eb3fe7363bb7ab291c86680a71ad2820527ffbf067103f0c8909956c059e/detection

littlehipsononline.com

# Reference: https://x.com/wa1Ile/status/1814284608269353136
# Reference: https://www.virustotal.com/gui/file/96f74896774ad4877740378d216afde6cdc962729b2ff8b9a56393ad14ea7f58/detection

193.29.58.210:15192
mindgamecenter.com

# Reference: https://x.com/wa1Ile/status/1795747139601195042
# Reference: https://www.virustotal.com/gui/file/ffee624870767c528c9d7578833483a496279508e665c5d24f6b9445490cda27/detection

lezziezgrillcorner.com

# Reference: https://x.com/suyog41/status/1820766059814953246
# Reference: https://x.com/StrikeReadyLabs/status/1820787452174368831
# Reference: https://www.virustotal.com/gui/file/a1bb8ce0cf7290524326442be9b8ecce883d860f6437dcc4bc64b99f72004fdd/detection

bickrickneoservice.com
pdcunaco.com

# Reference: https://x.com/StrikeReadyLabs/status/1822458511940264187
# Reference: https://www.virustotal.com/gui/file/e1aff2618bad2418023730bab3e2e119fb9682dafac5078456800cc98f2178e0/detection

gocartwillium.com

# Reference: https://x.com/wa1Ile/status/1823643124562022487
# Reference: https://www.virustotal.com/gui/file/4c556d9e902c8cc0096bb56447075834f19ea456f5871e08a948da4bb3192db8/detection

vizylstatpro.com

# Reference: https://x.com/k3yp0d/status/1823652687029698699
# Reference: https://www.virustotal.com/gui/file/42ab740ff15988b4f919b31a6203fb40f9470d281791f0d7c96eb80586d6b2eb/detection

http://94.156.175.95

# Reference: https://strikeready.com/blog/open-sesame/
# Reference: https://www.virustotal.com/gui/file/15337ad45a65f8f9eae57f76d6cff314968417665750f336c6154a2c05991582/detection
# Reference: https://www.virustotal.com/gui/file/ba352569428df4618cd57f91bd3479b73a798399a6b861ed996d715bc51e916c/detection
# Reference: https://www.virustotal.com/gui/file/ee088e6d8ac0f3dbfbd17f556a58d06cc882016fd8a4a8ba2ddcd0cab5322d23/detection
# Reference: https://www.virustotal.com/gui/file/52a4020392de0d527fe0aaf551fa557628c68419415b86afa36854d0bc987d9d/detection

kimfilippovision.com
windowphotoviewer.com

# Reference: https://x.com/ShadowChasing1/status/1824630406823678214
# Reference: https://www.virustotal.com/gui/file/11dff82741190cdb7934fd996796ad8b9e564ebc7e903036824acba99fb7d6af/detection

mxuconlinegame.com

# Reference: https://x.com/StrikeReadyLabs/status/1824790667765190793
# Reference: https://www.virustotal.com/gui/file/2c5a14edacc03a57458d82607067207911b0b92003641e0b973d90630483d4ce/detection

mcdavezonepanel.com
/mloknj.php
/mloknj.php?cv=

# Reference: https://x.com/mal_analysis136/status/1826491897910886675

devflowservice.com

# Reference: https://x.com/suyog41/status/1831196846615633926
# Reference: https://www.virustotal.com/gui/file/83e64fc374eff67e66b476d32bfd3455840da66c618a0381822d23ef872fe5f2/detection

onlinewebdebugsvc.com

# Reference: https://x.com/StrikeReadyLabs/status/1831506911839080873
# Reference: https://www.virustotal.com/gui/file/8f5f92e4d901eccf63e76223cacce47a29cdd533fb513d08abc7f659a8869382/detection

glamorcliniques.com

# Reference: https://x.com/mal_analysis136/status/1831562638104703371

mnemautoregsvc.com

# Reference: https://x.com/liqingjia1989/status/1831906877841797172
# Reference: https://www.virustotal.com/gui/file/dea912dce66c32598ec2d0a24b9e0b5f690b3ed714b978578048bc8b28b2ed02/detection

aadresourcing.com

# Reference: https://x.com/liqingjia1989/status/1833410135005483214
# Reference: https://www.virustotal.com/gui/file/0db680ad035e30a4d17716538ab56af73492c722480da1ff683b550dbacf45bd/detection

andbouncersclub.com

# Reference: https://x.com/liqingjia1989/status/1834427464837464131
# Reference: https://www.virustotal.com/gui/file/575b783b3bd38271450a2c2cc8fb3ad0dc5ba69e044ad9aa0684851a3426cc06/detection

benclickstudio.com
/shrd.php?vo=

# Reference: https://x.com/StrikeReadyLabs/status/1834609928285110285
# Reference: https://www.virustotal.com/gui/ip-address/69.61.36.170/relations

affinitycapitalgp.com
affinitycapitalgr.com
gdatesystems.com
idbcxnetmac.com
jmsatozplanning.com
mcxntoolsservice.com
sporcketngearforu.com
surininfiniumclub.com

# Reference: https://x.com/StrikeReadyLabs/status/1834599289391108556
# Reference: https://www.virustotal.com/gui/file/67c0ad5ab6be8efec70a53cc56a03b581c7712eee7310ec5a8afba583c2b75bb/detection
# Reference: https://www.virustotal.com/gui/file/5de9131252e6bc5a336516b9de4d7e0e0e2e3cde38ace85dbda39a3a166eb1a5/detection

95.156.206.105:443

# Reference: https://x.com/karol_paciorek/status/1818204812564938798
# Reference: https://www.virustotal.com/gui/file/28cb51c171d591b2bb35bc9a4379010fd37f66cfcd317a67cb73b24262dc17c6/detection
# Reference: https://www.virustotal.com/gui/file/833501101c1af641e9910389596e79f672dc721f57936e0f23898fa748f3b71b/detection

http://45.61.139.69
65.20.103.184:8080
cloudaff.net
turkeyapi.bio

# Reference: https://x.com/StrikeReadyLabs/status/1835445587149562137
# Reference: https://www.virustotal.com/gui/file/81afc6d8e369ba8f08753541c78db4c424703e59a23d5d3bfbc46bc359c7336a/detection

65.20.105.88:8082
jetmains.com
sharesmydrive.com

# Reference: https://x.com/k3yp0d/status/1836001049976422810
# Reference: https://www.virustotal.com/gui/ip-address/104.200.73.57/relations

healthtipsart.com

# Reference: https://x.com/suyog41/status/1837073539121434966
# Reference: https://x.com/StrikeReadyLabs/status/1837317218943525321
# Reference: https://www.virustotal.com/gui/file/507aa944d77806b3f24a3337729b52168808e8d469e5253cbf889cdaabb5254e/detection
# Reference: https://www.virustotal.com/gui/file/c1f27bed733c5bcf76d2e37e1f905d6c4e7abaeb0ea8975fca2d300c19c5e84f/detection

elevateecom.com
vanessalove.com

# Reference: https://x.com/StrikeReadyLabs/status/1839037780644471181
# Reference: https://x.com/silentpush_labs/status/1839077173141094605
# Reference: https://www.virustotal.com/gui/file/294323c2611edeb7bae0ff3993ac48eed50c16abe04ff6afbf735b16cf8bcd10/detection
# Reference: https://www.virustotal.com/gui/file/303bc4bce9555b02d9b1c0b96eb5736561d70fca3b994b353db2cc1b2eca66ca/detection

http://151.236.9.75
151.236.9.75:5080
91.132.92.231:6060
apifilestore.net
easyiplookup.com
winfreecloud.net
gewistaplaner.gewista.at

# Reference: https://x.com/blackorbird/status/1845000997665755151
# Reference: https://mp.weixin.qq.com/s/eseliIVHqiWI-Q1CoCA81g
# Reference: https://www.virustotal.com/gui/file/8b7f36b3af85639ea0fcdd35eda43e64ac59d034ebd43a884601ef6ae29bb71e/detection
# Reference: https://www.virustotal.com/gui/file/df5c0d787de9cc7dceeec3e34575220d831b5c8aeef2209bcd81f58c8b3c08ed/detection

185.106.123.198:40269
96.9.215.155:56172
locklearhealthapp.com
maxnursesolutions.com
nurekleindesign.com
samsnewlooker.com
wmiapcservice.com
mail.wmiapcservice.com

# Reference: https://www.virustotal.com/gui/file/ba2853547fe79f52461323295f9bc528f3689cfa1882ddc549dfac76fa9e2498/detection
# Reference: https://www.virustotal.com/gui/file/afaaa7d065ad7267dfbd2b69cd0d0eee7af5e4416bdc27d5de3f7640695bc809/detection

5.135.43.181:35598
lsamapkitlaunch.com
nashmediawave.com
ns1.nashmediawave.com

# Reference: https://www.virustotal.com/gui/file/c44d142a4cf541afcc4b5fc6612c7db8d49a147332e027c45c7b15aa32489421/detection
# Reference: https://www.virustotal.com/gui/file/3d529596440dfc64a7db106ddb77ec65fb88d48d6e30e7760e67b50905165ae7/detection

microworldus.com

# Reference: https://x.com/StrikeReadyLabs/status/1846000315566375184
# Reference: https://x.com/ginkgo_g/status/1933364194998694198
# Reference: https://www.virustotal.com/gui/file/ae8d252986c616884c10ab5082088cc9e413ddf5f9a0e292a1f2c5c0764c74e7/detection
# Reference: https://www.virustotal.com/gui/file/939f509a8edc6b9da103fbcebe85630671ed591dd9e40243da37559e10dcfd80/detection
# Reference: https://www.virustotal.com/gui/file/8af2d392181c359ce04e38ab113e22e526eae4c6f715d26462e439a3db1eb948/detection

inhostnetservice.com
/cndrll.php
/cndrll.php?er=
/mscu/lokc.php
/mscu/lokc.php?wl=

# Reference: https://x.com/mal_analysis136/status/1846049340328198352

miyamassagenklinik.com
narinesonlinelibrary.com

# Reference: https://x.com/blackorbird/status/1846487125249970293
# Reference: https://mp.weixin.qq.com/s/tkOMIHY36TujPKjWKVa6kA
# Reference: https://www.virustotal.com/gui/ip-address/192.71.249.194/relations

151.236.9.75:6396
162.252.172.67:443
162.252.175.131:8246
46.183.186.208:6060
46.183.187.42:443
91.132.92.231:5959
ns2.easyiplookup.com

# Reference: https://x.com/blackorbird/status/1850060334079610936
# Reference: https://mp.weixin.qq.com/s/kkl0jh14M9DtDGtSGQ4gag

http://47.245.111.83
fizzillacottages.com
ottawadesignlab.com

# Reference: https://x.com/ginkgo_g/status/1850821079260094731
# Reference: https://www.virustotal.com/gui/file/d28df7a8a275f628660e2f2744bfa36bc5b5c7ae1a8d3a63fbfefa79f04b805e/detection

192.71.249.194:443

# Reference: https://x.com/StrikeReadyLabs/status/1851227466259443931
# Reference: https://www.virustotal.com/gui/file/2b0f8c6261b4e9e97732efadad14fcb66872474f092f8c7fd69b941cd4796912/detection

iboxencentrum.com
/lux.php?cv=

# Reference: https://x.com/RedDrip7/status/1852178923695804654
# Reference: https://www.virustotal.com/gui/file/2544d79e47c01c9714264550b9e31151f66a9384d6aca33ee83cdfa8649dbb46/detection

45.56.165.121:46346
wusvcpsvc.com

# Reference: https://x.com/blackorbird/status/1854529596156182765
# Reference: https://www.virustotal.com/gui/file/fd2f4f23bb4d42a0d758d56ccb04a133301b21320a7cc346367db04965aea0c7/detection

http://95.169.180.122
95.169.180.122:443

# Reference: https://x.com/StrikeReadyLabs/status/1856371787145130399/history
# Reference: https://medium.com/@knownsec404team/unveiling-the-past-and-present-of-apt-k-47-weapon-asyncshell-5a98f75c2d68
# Reference: https://www.virustotal.com/gui/file/52362a3bf05d0f65c49d527bfecec76472502ec0fbd9ebac96c832c8af362385/detection
# Reference: https://www.virustotal.com/gui/file/4e32e86f1feeaecc03f7f9d4734a41dffe98893fccd1ff2004029c708c160e20/detection
# Reference: https://www.virustotal.com/gui/file/cb7e6640ab5c1dad5083e5790d6009c317894406b970d42a34758e99a9ff7f94/detection

162.252.175.131:6969
46.183.186.208:6060
91.132.92.231:9314
federalrevenueboard.com

# Reference: https://x.com/blackorbird/status/1856340219328639441
# Reference: https://www.virustotal.com/gui/file/08d12b65525d05e6c4e2d308a1e1edc1329ac29d39cf71b1ce883b03ace7d406/detection

laboratoreventsvc.com
procarcaresvc.com

# Reference: https://x.com/wa1Ile/status/1858421539286168058
# Reference: https://www.virustotal.com/gui/file/c00570eb0b47614b7286cf945b212774dde69572aa4d9bf273438921fb1cb557/detection

abelewebconnect.com

# Reference: https://x.com/blackorbird/status/1858873110625243398

dappscryp.com
ghayoorfilmstudio.com
haileemecacademy.com
zensparkagent.com

# Reference: https://x.com/blackorbird/status/1859161598469836806
# Reference: https://blogs.blackberry.com/en/2024/11/suspected-nation-state-adversary-targets-pakistan-navy-in-cyber-espionage-campaign
# Reference: https://www.virustotal.com/gui/collection/f6f862c588961ae94c5c23d92331b85e5023ed7064c00d1299f73d47aadf699d/iocs
# Reference: https://www.virustotal.com/gui/file/fc39ec35d767a2c0a178ca9874be8aaf87033f8b834ee8dcb57d3904516e4335/detection
# Reference: https://www.virustotal.com/gui/file/a0a18e76d8af39b9b198d9ea7c67dc372fa3cdb2286ac405fa8e76154af34fff/detection

updateschedulers.com

# Reference: https://x.com/blackorbird/status/1862131045883408582
# Reference: https://www.virustotal.com/gui/file/e44d034ceb135990452fce74d358bdf7841316fdcb6db1172e6e5e3e07ffa4bd/detection

http://159.100.30.103
http://173.254.204.72

# Reference: https://x.com/StrikeReadyLabs/status/1861383328521207980
# Reference: https://x.com/mal_analysis136/status/1863537157119299620
# Reference: https://www.virustotal.com/gui/file/b3b2d915f47aa631cc4900ec56f9b833e84d20e850d78f42f78ad80eb362b8fc/detection

siasat.top
/xyzxyzhanoiwhb3237gb2wahabjiki/

# Reference: https://x.com/suyog41/status/1864199979369447473
# Reference: https://x.com/mal_analysis136/status/1864285903058809266
# Reference: https://www.virustotal.com/gui/ip-address/185.244.151.84/relations
# Reference: https://www.virustotal.com/gui/file/cb4a280f54c56d250c98124a88e80c46ccd82cb77ff0951f150f01e02791ca30/detection

jacknwoods.com
premierinvestmentfund.com

# Reference: https://x.com/StrikeReadyLabs/status/1864408026658041888
# Reference: https://www.virustotal.com/gui/file/65419a704f252f8c3574d90cf016b6bfdd70b63f65dbc5b57d44a3a6ef457f80/detection

grounpackcluepik.com

# Reference: https://x.com/StrikeReadyLabs/status/1865140931953070382
# Reference: https://x.com/mal_analysis136/status/1865323680344969262
# Reference: https://www.virustotal.com/gui/file/14ce282ffeaa5cc3d214acae33785795ae63021158305a7d6d305296539936d9/detection

http://37.1.214.196
/zserr.php?li=
/zserr.php

# Reference: https://x.com/banthisguy9349/status/1867179104899854616
# Reference: https://x.com/banthisguy9349/status/1867458625532506452
# Reference: https://www.virustotal.com/gui/file/acfb3223d5bcbcf96ee1265fdd510c124bfa3f1ae8670a7f7b48f46fc9895ee0/detection
# Reference: https://www.virustotal.com/gui/file/a152fa2e7368ed357a91214fdd91e1742541955f76c0d2bd936ec2d856bde38e/detection

http://72.18.215.1

# Reference: https://x.com/SethKingHi/status/1876845124488941942
# Reference: https://www.virustotal.com/gui/file/d94ff0edb28f7b90b9e4ab9ee94e8dcc33389538f15f536fa154b9506830c31f/detection
# Reference: https://www.virustotal.com/gui/file/b1efa4e3abadfab14aba6e36ed9f4105dc859f86968126de2e0ec792745c87d5/detection
# Reference: https://www.virustotal.com/gui/file/1126916c98b7801175375827fb5e8b8cee23e4bd920691ff7acd9a648ec13b67/detection

158.255.215.45:8899
185.193.48.135:8676
194.71.227.222:8855
91.103.66.202:46882
/nina/anotherLife?credPart=
/anotherLife?credPart=

# Reference: https://x.com/ginkgo_g/status/1897192606196703668
# Reference: https://www.virustotal.com/gui/file/8958b215f30f9d48010fb93363125dcaf265c18d3d8df04d299df8313fa6be5f/detection
# Reference: https://www.virustotal.com/gui/file/7847a287472f7e2b688bd5d000f43584007337e11359cc14d4c42d1f8d84efdb/detection

http://149.154.153.184
/loccs.php?cn=

# Reference: https://x.com/WhichbufferArda/status/1921506670343061548
# Reference: https://tria.ge/250511-kptycahm6s/behavioral1
# Reference: https://www.virustotal.com/gui/file/15db9daa175d506c3e1eaee339eecde8771599ed81adfac48fa99aa5c2322436/detection
# Reference: https://www.virustotal.com/gui/file/edb68223db3e583f9a4dd52fd91867fa3c1ce93a98b3c93df3832318fd0a3a56/detection

fogomyart.com
greenadelhouse.com
maximasigns.greenadelhouse.com
tradesmarkets.greenadelhouse.com
/crvtyfgvwicidnex.php
/excerorderslistoncbook.php

# Reference: https://x.com/suyog41/status/1922608403454583215
# Reference: https://www.virustotal.com/gui/file/31214e97722f99666dde6b09f386e71843895b0f3b4ebe373d7858f5dbec8ce2/detection

princecleanit.com

# Reference: https://x.com/malwrhunterteam/status/1923660512920744438
# Reference: https://www.virustotal.com/gui/file/243e4d1e53a805f61d2c4e8cabdd02e99a51fba37101b3e0535f219383871091/detection

ntplugnplay.com

# Reference: https://x.com/volrant136/status/1923686317252075887

alvesbarcelona.com
app.chabaka.com
balkanclan.com
chabaka.com
com-ae.net
drogbachelsea.com
mail.alvesbarcelona.com
mail.com-ae.net
mail.drogbachelsea.com
mail.youtubepremiumapp.com
opfor.balkanclan.com

# Reference: https://x.com/volrant136/status/1924126261514833963

parcaredrive.com

# Reference: https://x.com/suyog41/status/1924329354504634767
# Reference: https://www.virustotal.com/gui/file/d02fd3472adb0d7a502b08656c5001093a7a052905f406979873b464e9ca2378/detection

jgmfducservice.net
/jmv/jmd.php?st=

# Reference: https://x.com/malwrhunterteam/status/1925086462120165852
# Reference: https://www.virustotal.com/gui/file/ea73818d5c96294381ea56af0bdda98a987704ee478d8ab374e53e2bafec892b/detection

http://196.251.84.150
/v10.066/egrf.php

# Reference: https://x.com/wa1Ile/status/1925447893743542391
# Reference: https://www.virustotal.com/gui/file/64fd1e641731e48ea8c3df7b9caa5f8074dea15e99093b137af2acfe66754f73/detection

inizdesignstudio.com

# Reference: https://x.com/suyog41/status/1929855753206083762
# Reference: https://www.virustotal.com/gui/file/6763fadbfbcf125a73cc6388aba075f51caa2883a071178e438c7046dd92a1a5/detection

plymouthvibes.com

# Reference: https://x.com/frdfzi/status/1930495401456533564
# Reference: https://www.proofpoint.com/us/blog/threat-insight/bitter-end-unraveling-eight-years-espionage-antics-part-one (# ta397)
# Reference: https://www.threatray.com/blog/the-bitter-end-unraveling-eight-years-of-espionage-antics-part-two (# ta397)

http://46.229.55.63
blucollinsoutien.com
headntale.com
trkswqsservice.com
utizviewstation.com
warsanservices.com
woodstocktutors.com

# Reference: https://x.com/__0XYC__/status/1930552371530129610
# Reference: https://x.com/__0XYC__/status/1930552424353202399
# Reference: https://www.virustotal.com/gui/file/5bdbec839592af17a725c5705201d331848b12912a0889d2edad07fcc85f76b8/detection
# Reference: https://www.virustotal.com/gui/file/fbab7758765265a6988e78779cae2e12d093813217d09230136185d72f726c3c/detection

151.236.21.48:8080
diginurworld.com

# Reference: https://x.com/liqingjia1989/status/1930584300224676024
# Reference: https://www.virustotal.com/gui/file/a76f00ea65cf7fb9327e9b6d2d4acac61196feb30bd8fa164179ca81b9349c7e/detection

89.46.234.221:443
89.46.234.221:9672
inspurcloudservice.com

# Reference: https://x.com/volrant136/status/1930659807440039970
# Reference: https://www.virustotal.com/gui/ip-address/69.61.36.186/relations

goldenaturalinc.com

# Reference: https://x.com/volrant136/status/1941557096933359638

oakcreekbakers.com

# Reference: https://x.com/malwrhunterteam/status/1929906003258048816
# Reference: https://x.com/BaoshengbinCumt/status/1946009959831126054
# Reference: https://www.seqrite.com/blog/ung0002-espionage-campaigns-south-asia/
# Reference: https://www.virustotal.com/gui/file/4ca4f673e4389a352854f5feb0793dac43519ade8049b5dd9356d0cbe0f06148/detection

162.0.216.229:21443
162.0.216.229:8888
209.74.80.194:7699
ecoglide.site
marine-research.space
pentree.online
skyfare.site

# Reference: https://x.com/suyog41/status/1952709606297227414
# Reference: https://www.virustotal.com/gui/file/891ffe498debc7accfbdf9146adb6de6f2cfd8c083bb374fe8db073a4b106581/detection

ccltdcn.org

# Reference: https://x.com/RedDrip7/status/1952922656220823798
# Reference: https://www.virustotal.com/gui/file/389883cfa666855750974c540299de82f1ee8b51670b337e6cd86617f44817cc/detection
# Reference: https://www.virustotal.com/gui/file/886c36f4625f98537e8f2df5975aab643ad355e13e35023842a10129c0c46865/detection

glamormusicwave.com

# Reference: https://x.com/suyog41/status/1952990924210094369
# Reference: https://www.virustotal.com/gui/file/121c3917e7b2e00d7c6e15f09370d21e2531e3dff27b177e69a10aa234a1bf37/detection

koliwooclients.com

# Reference: https://x.com/AndreGironda/status/1955692280825962846
# Reference: https://blog.pulsedive.com/unpacking-kiwistealer-diving-into-bitter-apts-malware-for-file-exfiltration/
# Reference: https://app.any.run/tasks/a755b624-d146-4a49-acd5-c25e6b07aa3f

ebeninstallsvc.com
/uplh4ppy.php

# Reference: https://x.com/volrant136/status/1956393083949502767
# Reference: https://www.virustotal.com/gui/file/6f0bc10f8326b462e02cf97f4aac1ef87b8eee99ca364fada3948a21e585f359/detection

nsipsvc.com
/imacnags/edgevrisinze.php
/edgevrisinze.php

# Reference: https://x.com/blackorbird/status/1958836180587307479
# Reference: https://mp.weixin.qq.com/s/ItcbKuoH0KjJjzSTG7YSrA
# Reference: https://www.virustotal.com/gui/file/a850a903b74c1d3d21c41e03761e8e64b43962269e7649940b10368a005bce20/detection

185.237.166.24:56218
pololiberty.com

# Reference: https://x.com/RedDrip7/status/1962415190051573781
# Reference: https://www.virustotal.com/gui/file/1e7ce7c530a1cf4d74a356592f99bde2ca359ed4b4144f32cc69ab705f52e4e2/detection
# Reference: https://www.virustotal.com/gui/file/66eff3058760b478aa70b44b929ca59fec9c5b401e7a7d8f7af5b06f4c8aa398/detection
# Reference: https://www.virustotal.com/gui/file/b6bd48fa94fa15cdcbd6b24198472faeb0d79e7c41efb26da507be7c311b7bec/detection
# Reference: https://www.virustotal.com/gui/file/7b801221a024507ff948261bf5b635d93d1dc816d02f8255c495c6529a26cc4c/detection
# Reference: https://www.virustotal.com/gui/file/08674b806c13a1dab09645483021708e9eef6dd6d5fa7ece2955a096d68e9477/detection

carlminiclub.com
keeferbeautytrends.com
sangellobrighthouse.com

# Reference: https://x.com/suyog41/status/1963171056044109898
# Reference: https://www.virustotal.com/gui/file/624decbc0445e51873436e42699323bf48093e0c4ba5ea1d348e9e5a1822579b/detection

seragoonupdates.com

# Reference: https://x.com/RedDrip7/status/1964874030869332252

151.236.14.173:443
185.76.79.30:443

# Reference: https://x.com/RedDrip7/status/1976924908736405560
# Reference: https://x.com/RedDrip7/status/1976923481377063382
# Reference: https://www.virustotal.com/gui/ip-address/78.110.166.82/relations
# Reference: https://www.virustotal.com/gui/file/bb67a4de756336d45ebaa7657a7586b4ebff26c74aba458d62de85c2070f3d90/detection
# Reference: https://www.virustotal.com/gui/file/f7e25e5601fdf038aa0840be508cf1d5915cd5317a5513cd7e7c3ae76055839f/detection

esanojinjasvc.com
365cloudz.esanojinjasvc.com
eliteteam.esanojinjasvc.com
supportteaminterface.esanojinjasvc.com
teamlogin.esanojinjasvc.com
msoffice.365cloudz.esanojinjasvc.com
/teamesano/drivers/teamzid.php

# Reference: https://x.com/RedDrip7/status/1978366720432562372
# Reference: https://www.virustotal.com/gui/file/9b21e4b32e3e125bad638df76f25ca364a53cd50e324ab961a571a06b755a658/detection
# Reference: https://www.virustotal.com/gui/file/d6a533102f801066ddd6069e20f3a51e802852b72c6e105b6e1b8a2c035d0722/detection

194.110.246.254:443
83.172.134.186:443
bootcampquest.com
mail.bootcampquest.com
tools.bootcampquest.com
