# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-c-35, donot, stealjob

# Reference: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/
# Reference: https://community.riskiq.com/article/6f60db72

qwe.drivethrough.top
qwe.sessions4life.pw
aoc.sessions4life.pw
mon.sesions4life.pw
tes.sessions4life.pw
drivethrough.top
trendzs.club
sessions4life.club
sesions4life.pw
sessions4life.pw

# Reference: https://ti.360.net/blog/articles/analysis-of-donot-andriod-sample/

godspeed.geekgalaxy.com
jasper.drivethrough.top
drivethrough.top
geekgalaxy.com

# Reference: https://asert.arbornetworks.com/donot-team-leverages-new-modular-malware-framework-south-asia/

conf.serviceupdateres.com
upload.cloudsekurity.online
abodeupdater.com
qmails.org
serviceupdateres.com
serviceupports.com
thebangladeshtoday.net
sundayobserver.net

# Reference: https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/

databig.akamaihub.stream
bigdata.akamaihub.stream
unique.fontsupdate.com
akamaihub.stream
fontsupdate.com

# Reference: https://twitter.com/blackorbird/status/1111159128775249920
# Reference: https://www.netscout.com/blog/asert/lucky-elephant-campaign-masquerading

account-sign-in-security.ga
account-update-com.tk
account-updates-team.ga
afd-gov-bd.gq
baf-mil-bd.tk
checkbox.gq
cyber-net-pk.cf
fwo-com.tk
g00gle-com.cf
googlemail-com.gq
live-com-owa.gq
live-com.gq
live-com.ml
live-service.cf
login-live-com.cf
login-yah00-com.tk
login-yahoo-com.ga
mail-account-security-com.cf
mail-accounts-verify-com.cf
mail-intl-ja-mail-about.gq
mail-nepalarmymil-np.gq
mail-ntc-net-pk.tk
mail-outlook-support-team.tk
mail-paf-gov.cf
mail-sign-alert-notification.cf
mail-update-task.ga
mail-update-team.ga
mail-updates-systems.ga
mail-yahoo-com.tk
mail-yahoo-task.tk
micorsoft-outlook-update.ml
mofa-gov-bh.ml
mofa-gov-eg.co
mofa-gov-gh.com
mofa-gov-kw.info
mofa-gov-mm.ml
mofa-gov-np.cf
mofa-gov-pk.online
mofa-gov-pk.org
mofa-gov-pk.tk
mofagov-np.cf
molaw-gov-pk.cf
outlook-com.cf
outlook-live-com.cf
outlook-live-com.ga
outlook-live-com.tk
outlook-livecom.cf
outlooklive-com.ml
outlookmail-com.tk
paec-gov-pk-taskmail.tk
paec-gov-pk.ga
paecgov-pk.cf
paecweb-gov.gq
paecwebmail.gq
paf-gov-pk.cf
paf-gov-pk.ga
paf-gov-pk.tk
paknavy-pk.gq
pmo-gov-pk.tk
pnra-org.gq
pof-gov-pk.tk
rab-gov-bd.gq
sco-gov-pk.tk
sharepoint-google.ml
slaf-gov-lk.ml
super-net-pk.cf
super-net-pk.tk
test-updates.ga
yahoo-com.ga
yahoo-mail-com.ml
yahoomail-com.cf
yahoomail.cf

# Reference: https://twitter.com/blackorbird/status/1116263262524362753

unique.fontsupdate.com

# Reference: https://otx.alienvault.com/pulse/5cb620d626b619048ca7b344
# Reference: https://ti.360.net/blog/articles/stealjob-new-android-malware-used-by-donot-apt-group-en/

139.180.135.59:4233
bike.drivethrough.top
car.drivethrough.top
guide.domainoutlet.site
param.drivethrough.top
justin.drinkeatgood.space
genwar.drivethrough.top
alter.drivethrough.top
qwe.drivethrough.top
digest.drinkeatgood.space
jasper.drivethrough.top
ground.domainoutlet.site
help.domainoutlet.site
guild.domainoutlet.site
domainoutlet.site
drinkeatgood.space
drivethrough.top

# Reference: https://twitter.com/blackorbird/status/1122493860859432960

data-backup.online

# Reference: https://twitter.com/sudosev/status/1123303891062460419

mystrylust.pw
new.listenmusic.pw

# Reference: https://twitter.com/Timele9527/status/1130673924193128448

servicejobs.life

# Reference: https://twitter.com/blackorbird/status/1132951652896350208

rightapps.net/sms//images/files/nbp_request.php

# Reference: https://twitter.com/h2jazi/status/1414062099756634113
# Reference: https://twitter.com/h2jazi/status/1414062101384007683
# Reference: https://www.virustotal.com/gui/file/c1923226d58186c7e0735e058be80022a57e7e819e1e41b4c6e03065252be11f/detection

rightapps.net/web/images/adobe.pdf

# Reference: https://twitter.com/sudosev/status/1143562610492760064
# Reference: https://github.com/faisalusuf/ThreatIntelligence/blob/main/APT%20DONOT%20TEAM/Tracking-DONOT-IOCs.csv

new.transportfun.pw
strings.guitarshop.space
guitarshop.space
transportfun.pw

# Reference: https://twitter.com/RedDrip7/status/1145539943323717632

151.236.11.222:50240

# Reference: https://twitter.com/RedDrip7/status/1170896437229445120

mangasiso.top

# Reference: https://mp.weixin.qq.com/s/pJ-rnzB7VMZ0feM2X0ZrHA

ezeescan.com

# Reference: https://m.threatbook.cn/detail/1924
# Reference: https://otx.alienvault.com/pulse/5d7f7deb8cdf93013777cbad
# Reference: https://www.secrss.com/articles/13726
# Reference: https://otx.alienvault.com/pulse/5d93295e8526be516a05f369
# Reference: https://twitter.com/ArielJT/status/1183064542869381121

bsodsupport.icu
en-content.com
mscheck.icu
msplugin.icu
windowserver.site
worldupdate.live

# Reference: https://twitter.com/RedDrip7/status/1188662662734893056

officeupdater.org

# Reference: https://twitter.com/ccxsaber/status/1195175943087616000

stylesheet.xyz

# Reference: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/issleduem-aktivnost-kibergruppirovki-donot-team/ (Russian)

burningforests.com
cloud-storage-service.com
skillsnew.top

# Reference: https://twitter.com/Rmy_Reserve/status/1206596674920972288

full.newcontest.xyz

# Reference: https://twitter.com/ccxsaber/status/1213050724403167238

mimestyle.xyz

# Reference: https://twitter.com/Arkbird_SOLG/status/1214146144177197058

comodo.world

# Reference: https://twitter.com/Arkbird_SOLG/status/1214146146563698689
# Reference: https://app.any.run/tasks/2907c2bd-a00d-4742-9467-01b8058e734a/

testypoha.top

# Reference: https://twitter.com/Timele9527/status/1253165991351119872

supportsession.live

# Reference: https://twitter.com/Youngs0xff/status/1254959731338178560

rythemsjoy.club

# Reference: https://twitter.com/ShadowChasing1/status/1260881015133753345

spectronet.pw

# Reference: https://twitter.com/AnonySecAgency/status/1263046236652728324

mailsession.online

# Reference: https://twitter.com/ShadowChasing1/status/1267834418942492672

advancesearch.xyz

# Reference: https://twitter.com/Timele9527/status/1271098267590221824

covidpk.uno
datasecure.icu
filepage.icu
meflying.xyz
remindme.top
yourcontents.xyz

# Reference: https://twitter.com/ccxsaber/status/1274978583463649281

dnsresolve.live

# Reference: https://twitter.com/ccxsaber/status/1275611268192145408

tampotrust.top

# Reference: https://twitter.com/ccxsaber/status/1279958779388297216

securecon.top

# Reference: https://twitter.com/ShadowChasing1/status/1287039040038952960

coronotest.xyz
filedata.top

# Reference: https://twitter.com/ShadowChasing1/status/1289083580514107394
# Reference: https://twitter.com/500mk500/status/1289100860254027776
# Reference: https://www.virustotal.com/gui/file/f5432e3a4184baf3957035ded89916310f3a7f791b3bcf3e2e92c3dba4682d26/detection
# Reference: https://www.virustotal.com/gui/file/124f2f71d658fdbeacaf648ec6811589ef01b4154471378839724a79de0edd48/detection

sparc.org.in/wp-content/uploads/2020/06/now/rt.rtf
http://164.68.108.22
164.68.108.22:4140
164.68.108.22:6102
/cruisers/beacon.php

# Reference: https://twitter.com/ShadowChasing1/status/1289198158669443078

apifile.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1286504871416360961

filecopying.xyz

# Reference: https://threatconnect.com/blog/research-roundup-recent-probable-charming-kitten-infrastructure/
# Reference: https://otx.alienvault.com/pulse/5f2c73733fc6956731644a7d
# Reference: https://twitter.com/kyleehmke/status/1290613021992255488

accounts.googel.email
app-view-support.club
cmailco.xyz
cnnnews-app.xyz
control-user-activity.club
control-view-sharing.club
cover-home-page.site
email-checker.xyz
fatservice.site
g-shorturl.com
gmail-com.xyz
googel.email
hinbox-drive.info
inbox-drive.info
login-gov.info
mail-instgram.com
mailco.xyz
mailerdaemon.me
name-file-support.best
on-dr.com
page-support-view.club
preview-control-support.club
reload-cover-page.live
reload-page-cover.site
support-following-page.club
support-myservice.com
support-viewing-page.club
verify-identity-service.best
verifychecking.com
view-control-page.club
view-control-support.club
view-external-page.best
view-panel-control.club

# Reference: https://twitter.com/ShadowChasing1/status/1292286043874455552
# Reference: https://www.virustotal.com/gui/file/addf78fe59b2b0f45c3c448caee35c206ecae5a51a5c0e0f71ef361ea5fae6e0/detection

142.93.12.211:4233

# Reference: https://twitter.com/ShadowChasing1/status/1302882266910253056

checkinternet.icu

# Reference: https://twitter.com/ShadowChasing1/status/1304968566114975745

msfonts.live
word-dnld.com

# Reference: https://s.tencent.com/research/report/951.html
# Reference: https://community.riskiq.com/article/6f60db72
# Reference: https://twitter.com/voodoodahl1/status/1267571622732578816
# Reference: https://otx.alienvault.com/pulse/5f74ce39f8419e27addbd726

advancesearch.xyz
apkfreeware.xyz
appie.host
bitiy.info
brightnew.xyz
bulk.fun
carefile.icu
covidapp.icu
dnsrevanche.xyz
domainoutlet.site
drivethrough.top
fiddaz.club
inapfirst.top
inapscnd.top
inapturst.top
lowlilght.xyz
mangasiso.top
mimestyle.xyz
mimeversion.top
myappshare.xyz
mypersonaldrive.icu
n9cl.xyz
newbulb.xyz
phovonel.icu
ppadaolnwod.xyz
qwertykeypad.host
rythemsjoy.club
seahome.top
spectronet.pw
trakfind.buzz
verisign.monster
whynotworkonit.top

# Reference: https://twitter.com/malwrhunterteam/status/1314236986018988035
# Reference: https://twitter.com/bl4ckh0l3z/status/1314252380867899393
# Reference: https://www.virustotal.com/gui/file/70df22a25cbb8715f1d3dd693123ac92203b3a27dfc6c7fa0e48239cf15cbf02/detection

45.147.229.93:4233
joy-trends.xyz
qwertykeypad.host
trendsjoy.biz
webchat.life

# Reference: https://twitter.com/_re_fox/status/1315388450414227467
# Reference: https://twitter.com/RedDrip7/status/1320568526730477571
# Reference: https://www.virustotal.com/gui/file/19321da02763a73eda1cdff7d073f7da18b5f32121fbddcee8eab60ac13d418a/detection
# Reference: https://www.virustotal.com/gui/file/c9c2f68074bafb0885c8f3ace3e3188f38471e0710caefa50192ecd05edecac2/detection

soundvista.club

# Reference: https://blog.talosintelligence.com/2020/10/donot-firestarter.html
# Reference: https://otx.alienvault.com/pulse/5f9ad41f97b945d0a6797baa

apkv6.endurecif.top
bulk.fun
fif0.top
inapturst.top
seahome.top

# Reference: https://twitter.com/ShadowChasing1/status/1324694029620006913
# Reference: https://www.virustotal.com/gui/file/ab6c34abe0d42dc0b93213661e24257b504b8d8973f4f5993d64e6631bd1358d/detection

createlist.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1325782688062693376
# Reference: https://www.virustotal.com/gui/file/449979f1b1a9db98dad92de3f3af7045f0dc470085b9640b77f27675feaeefd8/detection

167.99.190.44:8090
latertime.icu

# Reference: https://twitter.com/ShadowChasing1/status/1328980811102654465
# Reference: https://twitter.com/midnight_comms/status/1329043473635307522
# Reference: https://www.virustotal.com/gui/file/8885752384e54f65c7bd94982fadfa016f906960e9a53492a908eda12335f5aa/detection

45.138.172.7:4233
pvtchat.live

# Reference: https://twitter.com/cyberwar_15/status/1331490166473519106

hometaxcenter.web.app

# Reference: https://twitter.com/malwrhunterteam/status/1336980863272308742

namearch.xyz
yourlsd.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1336997657865175040

sportfunk.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1337256313831604225

instantinfo.buzz

# Reference: https://twitter.com/malwrhunterteam/status/1348575001109286913
# Reference: https://twitter.com/bl4ckh0l3z/status/1348575976196866048
# Reference: https://www.virustotal.com/gui/file/f1772de5062571ab63518595a36daf12203bcbc13f530a10ebc382e89220c840/detection

167.99.130.191:8090
transp.link

# Reference: https://twitter.com/_re_fox/status/1315467764656726017
# Reference: https://twitter.com/ShadowChasing1/status/1359479141146365952
# Reference: https://www.virustotal.com/gui/ip-address/5.135.199.23/detection
# Reference: https://www.virustotal.com/gui/file/18cfe54cf4a92d1757ee471cd09c20b5aea8578b9db660239de5ba8208cc8be8/detection
# Reference: https://www.virustotal.com/gui/file/9d216202b7718a9a8b99ead16685790283992c1f41981c1b862762abda17b4cd/detection
# Reference: https://www.virustotal.com/gui/file/36b8af9e7eade60304cce874c383c6c68f37ea4fa69fcf36095f993b69c8786f/detection

networkspeed.live
resolverequest.live

# Reference: https://twitter.com/malwrhunterteam/status/1359512197911699457
# Reference: https://twitter.com/bl4ckh0l3z/status/1360157297734004739
# Reference: https://www.virustotal.com/gui/file/c5c50a2a600c6372e8757f9371fe475a7041d448a96f7361c0eda1b9951301d2/detection

135.181.198.146:8099
fatchinfo.xyz
mobilelink.buzz

# Reference: https://twitter.com/ShadowChasing1/status/1364448144323342338
# Reference: https://twitter.com/ShadowChasing1/status/1368945187230257154
# Reference: https://twitter.com/ShadowChasing1/status/1369944378584690688
# Reference: https://www.virustotal.com/gui/file/dc1bd94c1941dcfa69c5561959cec64c3f5b1c3c0738f66a33c320c0c4217030/detection
# Reference: https://www.virustotal.com/gui/file/03730cdc23a3d10c8752ad1464ff2e68a64c69f8310b0ceea4d52b1db0215dfc/detection
# Reference: https://www.virustotal.com/gui/file/e82a17c9c0936de0c50267a296b801d1d7073293ad93b444eb63f336ebb46330/detection

tplinkupdates.space
firm.tplinkupdates.space
/8ujdfuyer8d8f7d98jreerje
/8ujdfuyer8d8f7d98jreerje.doc
/8ujdfuyer8d8f7d98jreerje.dot
/bikuyteftgyheujdike11ygeyg
/bikuyteftgyheujdike11ygeyg.doc
/bikuyteftgyheujdike11ygeyg.dot
/ujhsygdhgtsygbuehdthd
/ujhsygdhgtsygbuehdthd.doc
/ujhsygdhgtsygbuehdthd.dot

# Reference: https://twitter.com/ShadowChasing1/status/1364536619353575429
# Reference: https://www.virustotal.com/gui/file/79b6fd53fc676089d691ddbbf54da0855abd23d91c2325555d258eaca2c1dfb6/detection

flickry.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1365304023775989761
# Reference: https://www.virustotal.com/gui/file/c1aa62da6cbb8656741d88a4c30c9620188b7045d0b0d271065464fdfbcab76f/detection

printerupdates.online
info.printerupdates.online

# Reference: https://twitter.com/ShadowChasing1/status/1366672088241606658
# Reference: https://twitter.com/ShadowChasing1/status/1366688956088131584

requireplugin.xyz
worxbox.xyz
/AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo
/AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo.dat
/AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo.doc
/AaTCm1uhEJlKxjeAvwltK5pkzRasnhXo.dot

# Reference: https://twitter.com/malwrhunterteam/status/1366839536890900482
# Reference: https://twitter.com/bl4ckh0l3z/status/1366866811455684612
# Reference: https://www.virustotal.com/gui/file/80151e5971821b1f0abb13b049efb0eeb9b1626b2f5501fc9ac21918935a6c3e/detection

shortler.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1370400639155589132
# Reference: https://www.virustotal.com/gui/file/680681423d5007030bd3fe577b88f4c5df6dc423cdaa6aa415ecae01bd83b0d7/detection

178.63.172.2:4233
bismi.club

# Reference: https://twitter.com/ShadowChasing1/status/1379048935969316871

paperflies.buzz
worldfronts.xyz
/h9i341lDMiztxAqrWsaOwHfUkSrAFWuI
/h9i341lDMiztxAqrWsaOwHfUkSrAFWuI.dat
/h9i341lDMiztxAqrWsaOwHfUkSrAFWuI.doc
/h9i341lDMiztxAqrWsaOwHfUkSrAFWuI.dot

# Reference: https://twitter.com/ShadowChasing1/status/1380555450433728513
# Reference: https://www.virustotal.com/gui/file/f18aba837e86025dfb9bd3fd2c4bf161f679ff1f3d10e7a480d682178051a9b9/detection

instadownload.buzz

# Reference: https://twitter.com/ShadowChasing1/status/1384825247061331980
# Reference: https://www.virustotal.com/gui/file/81b4a8f6ff2489e01f6b09126583673d3df922a0bbf7ff2cbcef2bcf6102b951/detection

loadingmessage.info

# Reference: https://twitter.com/ShadowChasing1/status/1387026581453893635
# Reference: https://www.virustotal.com/gui/file/e82d1f4f2960aef4142c32d7920b97700f2b5957bb4807bfcd59e586e71a33c0/detection

nextra.buzz

# Reference: https://twitter.com/ShadowChasing1/status/1387309759217365000
# Reference: https://twitter.com/ShadowChasing1/status/1387309762132336647
# Reference: https://www.virustotal.com/gui/file/694d433a729b65993dae758e862077c2d82c92018e8e310e121e1fa051567dba/detection

idmquick.xyz
wserves.xyz
/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C
/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dat
/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.doc
/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C.dot

# Reference: https://twitter.com/fuuuing_/status/1387958339569479683
# Reference: https://www.virustotal.com/gui/file/edd590c343570f7576aca83da58967e058585c6ba861682dca2fc987c713ee3a/detection

edgevista.live
files.edgevista.live
/abjhdueuhkuclli78jfkdfj
/abjhdueuhkuclli78jfkdfj.dat
/abjhdueuhkuclli78jfkdfj.doc
/abjhdueuhkuclli78jfkdfj.dot

# Reference: https://twitter.com/r3dbU7z/status/1388510523579305988
# Reference: https://twitter.com/r3dbU7z/status/1388937495677743104
# Reference: https://www.virustotal.com/gui/file/08d7ec323925fa1de26d49c0dc414acb8ef3f876fd4b173673895465a27eda46/detection

66.23.225.108:8001

# Reference: https://twitter.com/Circuitous__/status/1390290226090754058
# Reference: https://www.virustotal.com/gui/file/3d63156060c7568b2c3065820f698fdadb6e48910ec82593a61c306c13f5692c/detection

venturelabo.co
cloud.venturelabo.co

# Reference: https://twitter.com/ShadowChasing1/status/1391383866347331590
# Reference: https://www.virustotal.com/gui/file/89d357d9731a046d4ba671e67bf0b4b300302a137a76e1e7ab3675fcd5b922ac/detection

icuttly.buzz

# Reference: https://twitter.com/ShadowChasing1/status/1393718569507069953
# Reference: https://www.virustotal.com/gui/file/7e8a0f71d52ce23e2ac0bb23795df7bc56d9166eb39f042d75226f01b4203749/detection

imageview.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1397892294599081988
# Reference: https://www.virustotal.com/gui/file/ea5cff131dda16855a4a6f89e25728ac970ee342df9f496ab616c646f8e7b433/detection

webservice.buzz

# Reference: https://twitter.com/malwrhunterteam/status/1398672382626304006
# Reference: https://twitter.com/ShadowChasing1/status/1398800211988803586
# Reference: https://www.virustotal.com/gui/file/41322bfef851e2ff973be411fa8cb5360a95b1dbc9004d96c19b62419810d138/detection

yoururl.icu

# Reference: https://twitter.com/360CoreSec/status/1400726492389146625
# Reference: https://twitter.com/ShadowChasing1/status/1402417052426522626

credmg.xyz
frontcheck.buzz
getsr.xyz
nelog.buzz
plugindownload.buzz
solutionsroof.xyz
/YsiNqNecL9cNFZv144OWCjioAQukPtyy
/YsiNqNecL9cNFZv144OWCjioAQukPtyy.dat
/YsiNqNecL9cNFZv144OWCjioAQukPtyy.doc
/YsiNqNecL9cNFZv144OWCjioAQukPtyy.dot

# Reference: https://twitter.com/ShadowChasing1/status/1404610201194360832
# Reference: https://www.virustotal.com/gui/file/a3c020bf50d39a58f5345b671c43d790cba0e2a3f631c5182437976adf970633/detection

microsoft-updates.servehttp.com

# Reference: http://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html
# Reference: https://www.virustotal.com/gui/ip-address/46.30.188.222/relations

linux-stable.sytes.net
microsoft-docs.myftp.org
nucleusvision.sytes.net
webmail-org.servehttp.com

# Reference: https://twitter.com/ShadowChasing1/status/1407636259367899138
# Reference: https://www.virustotal.com/gui/file/0a456bd773d6eb0a479f3bb43fe88e7b781dae310e56dbe001eaa68273e326ee/detection

winxpo.live

# Reference: https://twitter.com/fuuuing_/status/1409327487985745920
# Reference: https://www.virustotal.com/gui/ip-address/51.195.211.91/relations
# Reference: https://www.virustotal.com/gui/file/a59195a5a87b6d6e4275e01a2360003bf55bcc72772e92b07f22e59aaa7b3cad/detection

biteupdates.site
dataupdates.live
/BcX21DKixeXs44skdqqD
/BcX21DKixeXs44skdqqD.dat
/BcX21DKixeXs44skdqqD.doc
/BcX21DKixeXs44skdqqD.dot

# Reference: https://twitter.com/ShadowChasing1/status/1410030175362850818
# Reference: https://www.virustotal.com/gui/file/aadaf88e315592aae5c2255ad9acbc175a6b5eec5c69ab0c81099b84e66e04f8/detection

nextgent.top

# Reference: https://twitter.com/ShadowChasing1/status/1410930643446353924
# Reference: https://www.virustotal.com/gui/file/b7b3a3a9274541246e8a3f330b8a2e594fadf5281652c4490b68f4e5f77e8858/detection

domhub.live

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1413500787502706691
# Reference: https://twitter.com/h2jazi/status/1412819829925593089
# Reference: https://www.virustotal.com/gui/file/4678c0e3a563119790dc1f77dee974af8151c833bfbaf1ae86ebc74569fa1f47/detection

akamaifast.club
submitonline.club
request.submitonline.club
update.akamaifast.club

# Reference: https://twitter.com/blackorbird/status/1416963499658338304
# Reference: https://mp.weixin.qq.com/s/v62AeG6vNcQTm1-zc4nXBQ (Chinese)

designerzebra.com
realworld.sytes.net

# Reference: https://twitter.com/ShadowChasing1/status/1417296126852567049

tinyshort.icu

# Reference: https://twitter.com/ShadowChasing1/status/1419299952069464065
# Reference: https://www.virustotal.com/gui/file/a38cce6ee4ab232f259d98818fa1cd06d7784dac21d42fc41eac4ad26f5bd63e/detection
# Reference: https://www.virustotal.com/gui/file/3a7e30efd0a283ef764dfa5762fcb1aacca031b18084b49b993ae7b20ec31dd0/detection

picarts.xyz

# Reference: https://twitter.com/h2jazi/status/1420414156155596804
# Reference: https://www.virustotal.com/gui/file/8cb4ed2d3f3f466f2417b95856ac0eb268a578e6bfd26c615b2a4adc0094ecd2/detection
# Reference: https://www.virustotal.com/gui/file/3bbae53fc00449166fd9255b3f3192deba0b81b41b6e173d454c398a857b5094/detection

microsoft-patches.servehttp.com

# Reference: https://twitter.com/ShadowChasing1/status/1420768191505002501
# Reference: https://www.virustotal.com/gui/file/5948c9539e1f843a350fda27bd97bb9dd1c6427a3f9b45ac95032319f844bb32/detection

bitdo.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1421481147389812736
# Reference: https://www.virustotal.com/gui/file/75fcff78f5c71315fb54cf244f681e27b3480510042b3dd406b88ca65d6ccce4/detection

88.150.227.96:4233
omegas.site

# Reference: https://www.virustotal.com/gui/file/07ebe38795cfe0388975fd1a07c179a5f8abe8539de2ee575c55fb2d38c03e87/detection

pvttchat.live

# Reference: https://twitter.com/malwrhunterteam/status/1446115320087801862
# Reference: https://www.virustotal.com/gui/file/b184aaf786ed7e9e1fa2fc9fc77a574c8b6d8e3ea431bb5bd76fab5e949731e2

jarshare.live

# Reference: https://twitter.com/s1ckb017/status/1461610955587178500
# Reference: https://www.virustotal.com/gui/ip-address/81.17.30.41/relations
# Reference: https://www.virustotal.com/gui/file/091cde4c9a8e7dd2bfcb6d1854f724f5ec4e47159ec04b8311f44d30a996e5a3

digitalresolve.live
printersolutions.live
/ekcvilsrkjiasfjkikiakik

# Reference: https://twitter.com/GGGGh0st/status/1461632762721542146
# Reference: https://www.virustotal.com/gui/file/268fa6131f57de67d554cedf7f1abbd7cba1660a30fddfb07ebf3e1b5d650205/detection
# Reference: https://www.virustotal.com/gui/file/b0af54f01f4c3157d4ef5ff72a628574ed4f4aa9ada89eff319715765e175765/detection

svhservice.xyz
wordfile.live

# Reference: https://twitter.com/GGGGh0st/status/1439120967612002309
# Reference: https://www.virustotal.com/gui/ip-address/54.38.212.184/relations
# Reference: https://www.virustotal.com/gui/file/32dbb7c9afde7e9acd3a13ac97a09ae8cacde69c4a51c38e6ea4a61d301c54eb/detection

edgevista.live
soundedge.live
files.edgevista.live
request.edgevista.live
request.soundedge.live
/access/vicosijoxsdf

# Reference: https://twitter.com/HONKONE_K/status/1462653781485576194
# Reference: https://twitter.com/GGGGh0st/status/1463033122665213953
# Reference: https://www.virustotal.com/gui/file/cf0bc5361919e166253c35e4efb3c6288fd5bec4211b4bb31a0a7b4d1fd54de5

getzarvis.xyz
/9zxd7eXLBiMT6m4w/U7h25bSTybOFjNe1.php
/9zxd7eXLBiMT6m4w/
/U7h25bSTybOFjNe1.php

# Reference: https://twitter.com/ShadowChasing1/status/1463498326481932289

/BXRi3EE06i5IES2k/rns63jefark0bRQf.php
/BXRi3EE06i5IES2k/
/rns63jefark0bRQfxxc6qM8l5tmR16vi2pTahsP7MWVZAOl8
/rns63jefark0bRQfxxc6qM8l5tmR16vi2pTahsP7MWVZAOl8.rtf
/rns63jefark0bRQf.php

# Reference: https://www.virustotal.com/gui/file/2db9c7a14de6c58b46f41b9519f56b813baa05d825b09a1c7096101c44670076/detection

/goHULMS9jXVytbJi/LUPQwf50wsIPdiei.php
/goHULMS9jXVytbJi/
/LUPQwf50wsIPdieiJjMb9nV4g5WlDRTzL00cZ3y7PXsdRdQN
/LUPQwf50wsIPdieiJjMb9nV4g5WlDRTzL00cZ3y7PXsdRdQN.rtf
/LUPQwf50wsIPdiei.php

# Reference: https://twitter.com/h2jazi/status/1463937730036051975
# Reference: https://www.virustotal.com/gui/file/5cff3f8205d5d6991185a1650b9fb1ff31dea5e750be2e62e59e1c96701c47c8

/AuC8S7jmqLYSYHyb/8MSN6hJJJ4tyVbDz.php
/AuC8S7jmqLYSYHyb/
/8MSN6hJJJ4tyVbDz.php

# Reference: https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread
# Reference: https://www.virustotal.com/gui/file/df203b04288af9e0081cd18c7c2daec2bc4686e2e21dcaf415bb70bbd12169a0/detection

traveltriangle.cc

# Reference: https://twitter.com/HONKONE_K/status/1469175567228760067
# Reference: https://www.virustotal.com/gui/ip-address/146.70.80.105/relations
# Reference: https://www.virustotal.com/gui/file/2d55cf612a33672948fdd7ea027fcd5ab065123dda7baefb01fbb1ec80a45aeb/detection

stickme.live

# Reference: https://twitter.com/BaoshengbinCumt/status/1470661161129766914
# Reference: https://www.virustotal.com/gui/file/bbb8f961bf36d702f7ed494576481c70fd09bda7f6daf9085130482a17e00f45/detection

appview.buzz

# Reference: https://www.virustotal.com/gui/file/a6b5dac9b67da3c2b96c13f3513ca1463f3d05096bf3a8083efea4eee0e11266/detection

app-palace.live

# Reference: https://twitter.com/malwrhunterteam/status/1478069767810527235
# Reference: https://twitter.com/bl4ckh0l3z/status/1478365182653042693
# Reference: https://www.virustotal.com/gui/file/e1c24030653d15ee673627bf28f165d1a30be5027b8cd4186ac6bfd9809e8cb8/detection

appstringfy.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1483433924986650626
# Reference: https://twitter.com/midnight_comms/status/1483511201543995397
# Reference: https://www.virustotal.com/gui/file/e180e607ece9b29674ded20b9948fb512c1f953f58c1124bb0251c35d6771e59/detection

trialdocs.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1485599591873810434
# Reference: https://www.virustotal.com/gui/file/715ea2906434f021110515606a941d72315b8997384c1fa3e93e176f1e90886c/detection
# Reference: https://www.virustotal.com/gui/file/773a4aa92659e30f1ffd89f74968876dc258783f55d4bf5128bd620fa4993f94/detection

worldfile.xyz
/269LPtq84u4pLqye/jnj3GFBTIGohYrCQ.php
/269LPtq84u4pLqye/
/jnj3GFBTIGohYrCQ.php

# Reference: https://twitter.com/ShadowChasing1/status/1485599594306469903

easycldshare.xyz
files.easycldshare.xyz
/jnj3GFBTIGohYrCQHMzQ9gJ3sHXFBrlgU5sHI6scYl86Xm4W
/jnj3GFBTIGohYrCQHMzQ9gJ3sHXFBrlgU5sHI6scYl86Xm4W.rtf

# Reference: https://twitter.com/malwrhunterteam/status/1489591376840957952
# Reference: https://www.virustotal.com/gui/file/5588f6fab387133c21b06f6248259c64260435898edd61866fad50312c2d3b25/detection

pam-beesly.site
/J2FWAHfmgH573SUB/CbvktaN6f8qTMJ26/CbvktaN6f8qTMJ26
/J2FWAHfmgH573SUB/tJhhBk8Cb5DLmBBq
/CbvktaN6f8qTMJ26
/tJhhBk8Cb5DLmBBq

# Reference: https://twitter.com/ShadowChasing1/status/1489732370093654016
# Reference: https://www.virustotal.com/gui/file/49ede2937a565ffe13f1212c8c67a8a7828b4ce7ede51b7753d597ec21855d6e/detection

131.153.22.218:4233
zaqxswcdevfrbgtnhymjukilop.online
chat.zaqxswcdevfrbgtnhymjukilop.online

# Reference: https://twitter.com/__0XYC__/status/1494639713361268740
# Reference: https://twitter.com/ShadowChasing1/status/1494670929116295176
# Reference: https://twitter.com/GGGGh0st/status/1497057272354451456
# Reference: https://www.virustotal.com/gui/ip-address/158.69.30.207/relations
# Reference: https://www.virustotal.com/gui/file/e18609f62b9f420474ac4543d326455a5dfb0e95da7c3e88b388c9244490f150/detection
# Reference: https://www.virustotal.com/gui/file/2f9174eff646bc08557b2f05cdc149e87c9b5c83f23c3a7a34db061a81280a2a/detection

latestsyn.xyz
backup.latestsyn.xyz
/smtpmail/mnijuakurjhjajbcakjd
/dcneikirki1290534lo
/mnijuakurjhjajbcakjd

# Reference: https://twitter.com/malwrhunterteam/status/1494602480948236288
# Reference: https://twitter.com/bl4ckh0l3z/status/1494771703209201674
# Reference: https://www.virustotal.com/gui/file/ae3342fca635f2e8ad3e4222b319e742eafb0b74df2a531424350a60806b7232/detection

energyr.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1496054996177240068
# Reference: https://twitter.com/ShadowChasing1/status/1496055001159983108
# Reference: https://twitter.com/ShadowChasing1/status/1497125739568660481
# Reference: https://twitter.com/ShadowChasing1/status/1497125743125413892
# Reference: https://www.virustotal.com/gui/file/e010ca233178440ae92c7e3bd045fd1d5724ee865748322c3125cd7dc6f96871/detection
# Reference: https://www.virustotal.com/gui/file/1deea32da9923887482d6950ffffbb490d92e3dcbe4a39152b92da74285d1277/detection

beetelson.xyz
tobaccosafe.xyz
/NreAZyhcftItfyH6/tDM1PLu22kdd47p9.php
/NxbFhYGLXQ1DhZYY/Bt0CmBR6dVoWhbYd.php
/NreAZyhcftItfyH6/
/NxbFhYGLXQ1DhZYY/
/Bt0CmBR6dVoWhbYd.php
/tDM1PLu22kdd47p9.php
/Bt0CmBR6dVoWhbYd0MysWuV5LKOmpypn8E01oi16ES4qOo3d
/Bt0CmBR6dVoWhbYd0MysWuV5LKOmpypn8E01oi16ES4qOo3d.rtf
/tDM1PLu22kdd47p9KkHr26X5ZHWA0svGK6lctkM1SzxHZk90
/tDM1PLu22kdd47p9KkHr26X5ZHWA0svGK6lctkM1SzxHZk90.rtf

# Reference: https://twitter.com/malwrhunterteam/status/1496129802239201289
# Reference: https://www.virustotal.com/gui/file/38f4b6dd84e5e31fc5b84fe8098ee180a64725af8c716a015c8b7a99c7994005/detection
# Reference: https://www.virustotal.com/gui/file/a49bb6f6be5b597cd7ac592faa01f857060f3694c1bed69f8c8c0cc029b70069/detection
# Reference: https://www.virustotal.com/gui/file/541575054a7c0b48bc364444ed5402426dd934f777f05e8e22fabe302a190e15/detection

backuplogs.xyz
srvrfontsdrive.xyz
font.backuplogs.xyz
/jiuTeOjl3XBvhWzc/sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.ico
/jiuTeOjl3XBvhWzc/sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.mp3
/jiuTeOjl3XBvhWzc/
/sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.ico
/sERtJRTb9aBbiGe3KmbZpxYParKXhzKqxc1KzKGU6aTAoGcC.mp3

# Reference: https://twitter.com/s1ckb017/status/1499688182794829827
# Reference: https://www.virustotal.com/gui/file/16f7cf28fdb412147a818ba21f70200c7230432a8b929d208e06b93590ee961a/detection
# Reference: https://www.virustotal.com/gui/file/69d3b199547198bbbc397a0980274df00c1eda6b631a19552324ec37ccb36718/detection

computerupdates.digital

# Reference: https://twitter.com/ShadowChasing1/status/1504412533989396481
# Reference: https://www.virustotal.com/gui/file/2d6ced810b45358b89ee180f69697569723f54d28872e4d4451766407295d59b/detection

deathstroke.xyz
/WRLm4mYD0p6iWCta/CoETln2BYtPHtY9W.php
/WRLm4mYD0p6iWCta/
/CoETln2BYtPHtY9W.php

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-January/030557.html

oceansurvey.club
printerjobs.xyz
seasonsbackup.xyz

# Reference: https://twitter.com/GGGGh0st/status/1514516619699306501
# Reference: https://www.virustotal.com/gui/file/a9c7c187202e8b08c00a73f95c15735b2571a962e3c76d1f43e07ef07e994c36/detection

request.resolverequest.live

# Reference: https://twitter.com/_re_fox/status/1517173649568149504
# Reference: https://www.virustotal.com/gui/file/5b6c10c35cab002750ba16aa8eba4f46d8e7267ae7c40c9e610add6da01ba3fd/detection

hibiscus.live
records.hibiscus.live
/NDnD7RdekyhSrhPE/KOighzucGWiCq6hR.php
/NDnD7RdekyhSrhPE/
/KOighzucGWiCq6hR.php

# Reference: https://twitter.com/ShadowChasing1/status/1517445025788956673
# Reference: https://twitter.com/ShadowChasing1/status/1517445027923824640
# Reference: https://twitter.com/ShadowChasing1/status/1588151726338494464
# Reference: https://www.virustotal.com/gui/file/8eb9e93adb4e5e6bf5fac0d0b9de5897aa7274ef451b84854a0da38db61a502a/detection
# Reference: https://www.virustotal.com/gui/file/75f028ddcc894b2105365d17b228292c9fbfea1e14fcf87f3cc0d940ba628001/detection

worldbook65.xyz
wrldfronts.xyz
/SLsLNcQ54gVvWOAV/9Qmq09QX0CYns496.php
/SLsLNcQ54gVvWOAV/
/9Qmq09QX0CYns496.php
/SLsLNcQ54gVvWOAV/9Qmq09QX0CYns496Y8xnO41X7QOnMxNTj0Ng2KahqH9ua6Cc
/9Qmq09QX0CYns496Y8xnO41X7QOnMxNTj0Ng2KahqH9ua6Cc
/9Qmq09QX0CYns496Y8xnO41X7QOnMxNTj0Ng2KahqH9ua6Cc.rtf
/WuipHdzLYzJsn2y5/M19bb5xJs6rAFBij.php
/WuipHdzLYzJsn2y5/
/M19bb5xJs6rAFBij.php

# Reference: https://twitter.com/ShadowChasing1/status/1522217116937596929
# Reference: https://www.virustotal.com/gui/file/635ad590116dc390141f58b4dded72d9d6d51d83c10cb60ca6e0d7e00b1ef4d4/detection

23.83.133.141:4233
uniqueupdatesfrtetheupdateing.live

# Reference: https://twitter.com/__0XYC__/status/1522183055703687171
# Reference: https://twitter.com/h2jazi/status/1522233728306712576
# Reference: https://twitter.com/_re_fox/status/1526997863611486210
# Reference: https://www.virustotal.com/gui/file/e793f991f7efc2dc49a1e43165bd64a01e0ce35f0f529171f7fefff3cf994f54/detection
# Reference: https://www.virustotal.com/gui/file/15e2a10772575e77d1041394191a4db7a665da96889346da0d2e7b6a3aa455b3/detection
# Reference: https://www.virustotal.com/gui/file/e793f991f7efc2dc49a1e43165bd64a01e0ce35f0f529171f7fefff3cf994f54/detection

bookservices.xyz
hplservices.xyz
log.bookservices.xyz
pre.hplservices.xyz
/Ods9Z6420zj7Y9H3/OsVoOaari3CP2x4i.php
/Ods9Z6420zj7Y9H3/
/OsVoOaari3CP2x4i.php

# Reference: https://twitter.com/ShadowChasing1/status/1522454663735382016
# Reference: https://www.virustotal.com/gui/file/7952c02ea6c90e29370ee0e80b754156a2e5b1f473b2a469fdde3426a20e9356/detection

kokoo.live
/D7yrtjdcjjd3jjw2jdj7vvNsso0oR/5trT0o0oOO0retnRKKLmM
/D7yrtjdcjjd3jjw2jdj7vvNsso0oR/
/5trT0o0oOO0retnRKKLmM

# Reference: https://twitter.com/ShadowChasing1/status/1526783834410598400
# Reference: https://twitter.com/ShadowChasing1/status/1526783836507754496
# Reference: https://www.virustotal.com/gui/file/3342d74ec2b0c7324d6cc94a6e9989f002ec02b43927fe6b0951e160829843be/detection

intector.xyz
suppservices.xyz
esr.suppservices.xyz
wrd.intector.xyz
/39Hq4vSPhlIwdUP9/naLhrcrCK8cV8Imf.php
/39Hq4vSPhlIwdUP9/
/naLhrcrCK8cV8Imf.php

# Reference: https://twitter.com/ShadowChasing1/status/1532619301437734912
# Reference: https://twitter.com/__0XYC__/status/1532618235647885312
# Reference: https://www.virustotal.com/gui/ip-address/64.190.113.91/relations
# Reference: https://www.virustotal.com/gui/file/e55fd48dcfc37f5f810b4d16c1b6498ba5501c9beb80fe0a475badad9834e525/detection

househomess.xyz

# Reference: https://twitter.com/Jirehlov/status/1535110745649983488
# Reference: https://www.virustotal.com/gui/file/28a0f79c1c18a9cf6beb8d93ac9cb523ee83c92aeb2bc83e69e87a1d6e3df748/detection

http://42.192.53.5
42.192.53.5:443

# Reference: https://twitter.com/RedDrip7/status/1539556990183100416
# Reference: https://www.virustotal.com/gui/file/ba60ae1347a7e4f385177fc92aaa21eef0682ed52b6359c4be58036e5d74c291/detection
# Reference: https://www.virustotal.com/gui/file/486f772d81a3b90ba76617fd5f49d9ca99dac1051a9918222cfa25117888a1d5/detection

feedpolicy.xyz
logupdates.xyz
mak.logupdates.xyz
rus.feedpolicy.xyz
/DWqYVVzQLc0xrqvt/HG5HlDPqsnr3HBwO.php
/gDAr2QJr4cw1BSZe/GigPXrnLQs173vv9.php
/DWqYVVzQLc0xrqvt/
/gDAr2QJr4cw1BSZe/
/GigPXrnLQs173vv9.php
/HG5HlDPqsnr3HBwO.php

# Reference: https://twitter.com/malwrhunterteam/status/1540335442922446848
# Reference: https://twitter.com/midnight_comms/status/1540339283751346176
# Reference: https://www.virustotal.com/gui/file/80b4141c007a5b9ea87388bb29744d7473572784819423e5d77b9dce8370fe88/detection

flashnotederby.xyz
gamz.flashnotederby.xyz
/xoboleyncs

# Reference: https://twitter.com/h2jazi/status/1540402245866377216
# Reference: https://www.virustotal.com/gui/file/58856004b837e45898e3621439ce69dc6f562c4f4c72867a66faad030a4c237a/detection

rebutuoy.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1541354249246089216
# Reference: https://www.virustotal.com/gui/file/41c221c4f14a5f93039de577d0a76e918c915862986a8b9870df1c679469895c/detection

worksolution.buzz
who.worksolution.buzz
/pq7uzPUMBBQpn8ub/HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI.rtf
/pq7uzPUMBBQpn8ub/HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI
/pq7uzPUMBBQpn8ub/HZNnKZmaMsQMFGX3.php
/pq7uzPUMBBQpn8ub/
/HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI
/HZNnKZmaMsQMFGX3YtjSkvyumPAsnckh5SZGE7nlj7WSghAI.rtf
/HZNnKZmaMsQMFGX3.php

# Reference: https://twitter.com/GGGGh0st/status/1541972277260320768
# Reference: https://www.virustotal.com/gui/file/afb19eb6db9bb2f6a3485621436651698b5f163aefc01ca0591758a1c27e17cd/detection
# Reference: https://www.virustotal.com/gui/file/35caef919f8b86cab5aa4793154866096bdd724030292ba7cfcf652d03e2feaa/detection

fitnesscheck.xyz
/KmOHnVfM2ezSTrwA/cHm4se5gLU8sN0Bx.php
/llbtvrDnl44nc6in/EZ8nVMIXNjBPh9Tx.php
/KmOHnVfM2ezSTrwA/
/llbtvrDnl44nc6in/
/cHm4se5gLU8sN0Bx.php
/EZ8nVMIXNjBPh9Tx.php

# Reference: https://twitter.com/__0XYC__/status/1544210021780684801
# Reference: https://www.virustotal.com/gui/file/0c3babbf3794ba2410ab24ac799e487be210b8b0269efb542c01c9cc0538c08f/detection
# Reference: https://www.virustotal.com/gui/file/d63a030ff50d7d5fce5ef504721c39384b7714badf1129c16667ce789a23c3ca/detection

captainamericass.top
eatsleepgymrepeat.top
/evE2zElho4y7AzAF/NxqYCGYBF580YjQX.php
/evE2zElho4y7AzAF/
/NxqYCGYBF580YjQX.php

# Reference: https://twitter.com/Des00464472/status/1552853622907895813
# Reference: https://twitter.com/ShadowChasing1/status/1552940431541170176
# Reference: https://twitter.com/ShadowChasing1/status/1552940433734762497
# Reference: https://www.virustotal.com/gui/file/44c9470ff220f615ccada6d872fbd6709b223659a6865de393731ccfe006a9ab/detection

doctorstrange.buzz
germsandwaterbro.buzz
/eEDHEY0NniPFL5sV/xocCILTXZGptLQvk.php
/eEDHEY0NniPFL5sV/
/xocCILTXZGptLQvk.php

# Reference: https://twitter.com/Des00464472/status/1551405914640359425

calvya.xyz

# Reference: https://twitter.com/Des00464472/status/1547091840960430080
# Reference: https://www.virustotal.com/gui/file/564998443151c9bed9500d9cced9b97d6d9c22fe3b73bb23ee22d7e4cb857276/detection

http://168.100.8.124

# Reference: https://twitter.com/Des00464472/status/1528614842365779968

dermlogged.xyz
searchindexservices.xyz
inf.searchindexservices.xyz
ser.dermlogged.xyz

# Reference: https://twitter.com/StopMalvertisin/status/1554010985610227712
# Reference: https://www.virustotal.com/gui/file/28c71461ac5cf56d4dd63ed4a6bc185a54f28b2ea677eee5251a5cdad07077b8/detection

worldpro.buzz
/TJlykfjzaxWYwUZB/TX2lAKnMf4BvVgeY.php
/TJlykfjzaxWYwUZB/
/TX2lAKnMf4BvVgeY.php

# Reference: https://twitter.com/malwrhunterteam/status/1554562169861193728
# Reference: https://twitter.com/ni_fi_70/status/1554778318611808256
# Reference: https://www.virustotal.com/gui/file/6119d2bfb7549fa7d2c1e90ffc5236c60e15e0d8372f1f497a84f64cd0680d44/detection

sap2010-b6458.firebaseio.com

# Reference: https://blog.morphisec.com/apt-c-35-new-windows-framework-revealed
# Reference: https://otx.alienvault.com/pulse/62f648b31fe2879c2b77729a

clipboardgames.xyz
globalseasurfer.xyz
kotlinn.xyz

# Reference: https://twitter.com/StopMalvertisin/status/1558480933397082116
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.45/relations
# Reference: https://www.virustotal.com/gui/file/394c97cc9d567e556a357f129aea03f737cbd2a1761df32146ef69d93afc73dc/detection
# Reference: https://www.virustotal.com/gui/file/87b03fe7a29a2619d59c32aaa01a8901202476c414cdd9455bab0ad69090ba6f/detection

worldoptions.buzz
worldoptions.top
/agE7nqQLgssuVeUY/OGHAYZZFhfCtspqo.php
/agE7nqQLgssuVeUY/
/OGHAYZZFhfCtspqo.php

# Reference: https://twitter.com/Des00464472/status/1557209806603436034

rauflaker.xyz

# Reference: https://twitter.com/Des00464472/status/1564862170117967872

rrak.buzz

# Reference: https://twitter.com/Des00464472/status/1565281948099940352

knocktock.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1565927395185799170
# Reference: https://www.virustotal.com/gui/file/1d60f3000a74ce2fb8f43058e08d3b28a6305b10b0e5e6b7e0e92e0ce58b46e7/detection

wordclips.buzz
/uE2rDaf9CdHcauDS/4oXCFBqnnxeb7vIM.php
/uE2rDaf9CdHcauDS/
/4oXCFBqnnxeb7vIM.php

# Reference: https://twitter.com/StopMalvertisin/status/1570385341282131969
# Reference: https://www.virustotal.com/gui/file/d954ea1d832d4ac5e14c284b4ca6370905d9bb262d71945acef44d2b41a65903/detection

worldexplore.buzz
worldexplore.top
/uzyTXv2dwjvQxr2L/Ycc5LdyVlzE4fGyf.php
/uzyTXv2dwjvQxr2L/
/Ycc5LdyVlzE4fGyf.php

# Reference: https://twitter.com/Des00464472/status/1570393972572561409
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.199/relations

ydizz.buzz

# Reference: https://twitter.com/ShadowChasing1/status/1572533006237331456
# Reference: https://www.virustotal.com/gui/file/06870463d9a00b05839e7e8de379702aefccc47cf48b0b511c76da2cb8c13e50/detection
# Reference: https://www.virustotal.com/gui/file/d0cfc50cb1c85baec1f9bb66f0b0134606b160df99b523e9618489c99bc10ddd/detection

spacequery.live
furnish.spacequery.live

# Reference: https://twitter.com/Des00464472/status/1572870417362329600
# Reference: https://www.virustotal.com/gui/ip-address/99.83.154.118/relations

printerjobs.xyz
share.printerjobs.xyz

# Reference: https://twitter.com/h2jazi/status/1576760151276605441
# Reference: https://twitter.com/h2jazi/status/1576760154120683520
# Reference: https://www.virustotal.com/gui/file/99ce3db108f0b980f34f3ca870261bebd0b5e8c8a7c6c79ee620f3cfb2fc1f93/detection
# Reference: https://www.virustotal.com/gui/file/c465328dad8f8b306dec10b51498b3ba3add7d1e9c824982079d0b2420f3b67d/detection
# Reference: https://www.virustotal.com/gui/file/ae8744592d681132bf1046f95b2279aa14f3deaf6fe9d7a6d2a2d7dfc40ac441/detection

185.224.83.16:443

# Reference: https://twitter.com/ShadowChasing1/status/1576970209327738880
# Reference: https://www.virustotal.com/gui/file/ea530601309c29a8667682c553888e0511512b88791d53611c75c61bfaf8f515/detection

ovonel.buzz
/oPe/moa.php

# Reference: https://www.virustotal.com/gui/ip-address/188.34.181.5/relations
# Reference: https://www.virustotal.com/gui/file/d4d86fc91e4fec9b1d9de30aa22a70cdc3509726bffeee61d526fdfc243081b5/detection
# Reference: https://www.virustotal.com/gui/file/f117e1de177a48dd71de29e9e4b26dda992d07d7d1e575476fd4f36b3cca19f2/detection

srtreg.xyz

# Reference: https://twitter.com/Des00464472/status/1577983311418376192
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.88/relations

breatleytaker.buzz
playst0re.buzz

# Reference: https://www.virustotal.com/gui/ip-address/162.33.179.239/relations
# Reference: https://www.virustotal.com/gui/file/db40d8d531d7ed88c85a9aab488ef86123a80aa0e0ca9779db9ab8867481c141/detection
# Reference: https://www.virustotal.com/gui/file/d8286133d3d21b7e2b83a6c071147b8ef993e963ad6bdb0f95d665869557a444/detection

stokpro.buzz
cim.stokpro.buzz
dim.stokpro.buzz
rim.stokpro.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1580107310583554048
# Reference: https://www.virustotal.com/gui/file/cfe8644653bbe7f359cc99594073c93c01417a60fb9774f59998ebc1be344399/detection

zxaveirprox.buzz
/5z2HIQ6wFLTjw7cd/PwsrXs6OCDDelyq8.php
/5z2HIQ6wFLTjw7cd/
/PwsrXs6OCDDelyq8.php

# Reference: https://twitter.com/Des00464472/status/1580439923932680192

petsale.shop
favourite.petsale.shop

# Reference: https://twitter.com/Des00464472/status/1584471980300197888
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.107/relations

homeparty.buzz

# Reference: https://twitter.com/t3ft3lb/status/1589559824240369664
# Reference: https://www.virustotal.com/gui/ip-address/193.149.129.192/relations
# Reference: https://www.virustotal.com/gui/file/26cdb167e972ffd83173f5937bf66cf4685220fd87f0de642d3418fb0e550c1e/detection

getupdates.buzz
/C9K7T9KFqQlKcrOz/dN2x6b0jOq51N61l.php
/C9K7T9KFqQlKcrOz/
/dN2x6b0jOq51N61l.php

# Reference: https://twitter.com/t3ft3lb/status/1591770561558052864
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.68/relations
# Reference: https://www.virustotal.com/gui/file/47d85be42bfbcaa9f04381788ecd6c3ac25cd8036fed185887b2629b90384101/detection

encureyou.buzz
/QuINNYN6nvc9ZFW6/A04ih06yN8255rXL.php
/QuINNYN6nvc9ZFW6/
/A04ih06yN8255rXL.php

# Reference: https://twitter.com/Des00464472/status/1593132541472837638

firelive.pics
blogs.firelive.pics

# Reference: https://twitter.com/Timele9527/status/1597955256423309312
# Reference: https://www.virustotal.com/gui/file/ab5cc990a6f4a196daa73bf655286900e7c669b2a37c32f92cbb54631bc3a565/detection
# Reference: https://www.virustotal.com/gui/file/56e60b355d08abe961ea28977472ae50aca3628e96b5f9f558737b884484f070/detection

grapehister.buzz
localsurfer.buzz
one.localsurfer.buzz

# Reference: https://twitter.com/Des00464472/status/1598189851605864448
# Reference: https://www.virustotal.com/gui/ip-address/193.149.180.71/relations

mygtaeper.buzz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2022-11-30-v10185/185

orangeholister.buzz

# Reference: https://twitter.com/Des00464472/status/1600685448002928642
# Reference: https://www.virustotal.com/gui/ip-address/64.190.113.97/relations
# Reference: https://www.virustotal.com/gui/file/8d4bd6c0c79aaa392f80e58b2b5448abf3d890f23cdeea024ee30fd0d840fa1e/detection

bloggerboy.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1600717489507225600

/DoPstRgh512nexcvv.php
/kolexretriya78ertdcxmega895200.php

# Reference: https://twitter.com/malwrhunterteam/status/1601699458739503104
# Reference: https://twitter.com/midnight_comms/status/1601988066813435904
# Reference: https://www.virustotal.com/gui/ip-address/193.149.176.48/relations
# Reference: https://www.virustotal.com/gui/ip-address/95.217.22.3/relations
# Reference: https://www.virustotal.com/gui/file/44f4662c4a5c5660c00e410f30eecb3a4d49e41d1ce30c13df2a487d82f679ab/detection

brilient.buzz
playstoree.xyz
presencee.buzz
/mokwerdcti

# Reference: https://twitter.com/t3ft3lb/status/1605950531171717121
# Reference: https://www.virustotal.com/gui/file/d17f86c4d6fdfda38d50ecfac53cda41457488a34b5909b5e08aa76ca0901321/detection

orangevisitorss.buzz
ydnmovers.buzz
sky.ydnmovers.buzz
/QcM8y7FsH12BUbxY/
/XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.ico
/XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.png
/XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.mp3
/XNJxFhZdMSJzq1tRyF47ZXLIdqNGRqiHQQHL6DJIjl2IoxUA.mp4

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1606118049626693634
# Reference: https://www.virustotal.com/gui/file/f27531bf7c2848414d40191283616d1f24048288791f517d5ef229a50e64b349/detection
# Reference: https://www.virustotal.com/gui/file/7e48e5fcb92f834ce338fb4a78387559341ca380f1c84b671481ac07b723af19/detection

windowslive.pics
products.windowslive.pics

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-01-05-v10212/248

biteupdates.live
lovingallupdates.life
packetbite.live

# Reference: https://twitter.com/malwrhunterteam/status/1614251113204563969
# Reference: https://www.virustotal.com/gui/file/dd3dd724a250b6b4837138527ccc436d00d9a53d698b714d976a26ebb59b3816/detection
# Reference: https://www.virustotal.com/gui/file/d819abb9d317868f977bc17a36ee60fcb361d98616ce4df2a2d62d7490869920/detection
# Reference: https://www.virustotal.com/gui/file/7d6bfb34b4ad591ab38ee72884edc284812a99c4d184fea150b5835644fde2c4/detection
# Reference: https://www.virustotal.com/gui/file/2829d134d8ab58e48faa6ccf9ffbb630919a1784cb07ffd569a621cc8668ecbd/detection

updatemyweb.pics

# Reference: https://twitter.com/ThreatBookLabs/status/1615238584050814976

revivespecialist.buzz
screenreader.buzz

# Reference: https://twitter.com/t3ft3lb/status/1617807142635077633
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.22/detection
# Reference: https://www.virustotal.com/gui/file/83fe4fb0c944aa210ab2af579155ccee4612c6ca09117babbf1f50fadaed2467/detection

morphylogz.buzz

# Reference: https://twitter.com/jaydinbas/status/1617853748063383552
# Reference: https://www.virustotal.com/gui/file/18e4a499e11b3fe1691b627aebb330fcafc656d9b9505178f832697cda5f1eae/detection

flashmoblive.live

# Reference: https://twitter.com/t3ft3lb/status/1618208417285562370
# Reference: https://www.virustotal.com/gui/file/468df06adb851ed1e59363ca163d279089928b4d200bf7bd333eeb45b07a83b1/detection
# Reference: https://www.virustotal.com/gui/file/5fa15fb15a66487b8365386701c9a6ff76685f012edf5d00de75837847555800/detection

itygreyhound.buzz

# Reference: https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/
# Reference: https://otx.alienvault.com/pulse/63d2fbc0d659d53d46c07fee

manage.biteupdates.site

# Reference: https://twitter.com/ThreatBookLabs/status/1621386410698870784
# Reference: https://www.virustotal.com/gui/ip-address/193.149.189.223/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.63/relations

lifewear.buzz
magazinesizzler.buzz
orpit.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1624033048940642310
# Reference: https://www.virustotal.com/gui/file/84ff3cc715c4e408ddd71f15319a3034d70b7dd7c317e516ab2561618a42f609/detection

libutires.info
records.libutires.info
/loproiaoroaspdrjro/reoriaweoprdpoi
/loproiaoroaspdrjro/
/reoriaweoprdpoi

# Reference: https://twitter.com/jaydinbas/status/1625133287361355776
# Reference: https://www.virustotal.com/gui/ip-address/193.149.185.134/relations
# Reference: https://www.virustotal.com/gui/file/a7083fe0bb8ae9a951b49443dba55184a91e4a9b4333dd860c805ed6807997af/detection

crezdlack.buzz

# Reference: https://twitter.com/osipov_ar/status/1625535551045615627
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.52/relations
# Reference: https://www.virustotal.com/gui/file/e3cb6720510d0b4df4104fbe36ca7e01cab6915cc546f630d715c847f0fdfea2/detection

mayosasa.buzz
servicemakerss.xyz
surfacecleaninst.buzz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-14-v10243/313

libraryutilitis.live
tasterschoice.shop
tourseasons.xyz
best.tasterschoice.shop
blogs.libraryutilitis.live
blogs.tourseasons.xyz

# Reference: https://twitter.com/ThreatBookLabs/status/1627669622337204225
# Reference: https://twitter.com/DmitriyMelikov/status/1708771323340603431
# Reference: https://twitter.com/t3ft3lb/status/1718982477140951312
# Reference: https://www.virustotal.com/gui/ip-address/37.120.222.145/relations
# Reference: https://www.virustotal.com/gui/file/9b808789a88144a32f8fd036138403a7235c834f3b3bf5ebbcd22ac4610d32cf/detection
# Reference: https://www.virustotal.com/gui/file/40e43aac9888c433d796e106c03846f48a1422d0950f27e0a2b793261e9f9e08/detection

idealxyz.live
mindef.live
records.mindef.live
/bjhruhukuru/rkuahruhueike
/bjhruhukuru
/oiporoioqk/lporurkiqjffqe
/oiporoioqk
/lporurkiqjffqe
/rjllk43kkl/k3kjl3kddlj8j
/rjllk43kkl
/rkuahruhueike
/k3kjl3kddlj8j
/sk72d61kk0daj6gkfd32/bioproaporoidorer
/bioproaporoidorer
/sk72d61kk0daj6gkfd32

# Reference: https://twitter.com/t3ft3lb/status/1628076214308032514
# Reference: https://www.virustotal.com/gui/file/3849a295e808290bf709b6531c8585211ad926c88c088c6db0184bc425b88dd5/detection

winterhero.buzz

# Reference: https://twitter.com/ThreatBookLabs/status/1628398506682748930

sparklingbreath.buzz
toxiclock.buzz
visited.buzz

# Reference: https://twitter.com/SethKingHi/status/1629106884069425154
# Reference: https://twitter.com/t3ft3lb/status/1651951113732771873
# Reference: https://www.virustotal.com/gui/file/73ce6803c13786e02d3bdbaad610a67a0092f6e24186b681a081ffb52faba712/detection
# Reference: https://www.virustotal.com/gui/file/6a9711aa1dfc99046ff0008f8fcfb0794a457b8ec744d77f62525ca0f73cc136/detection

winidowtech.info
forum.winidowtech.info
/iouoiuqwoeryuru/bnmrerqwrasdre
/jilmvldfhqohcqhog/ntbahoghbhcghqo
/jkdegqgegcqegog/hfogrcgegdhpgdgeq
/poporioiepro/wsauyriyurerier
/iouoiuqwoeryuru/
/jilmvldfhqohcqhog/
/jkdegqgegcqegog/
/poporioiepro/
/bnmrerqwrasdre
/hfogrcgegdhpgdgeq
/ntbahoghbhcghqo
/wsauyriyurerier

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336

briefdeal.buzz

# Reference: https://twitter.com/ThreatBookLabs/status/1630933168328167428
# Reference: https://www.virustotal.com/gui/file/b5d8736bec449e3463ad6f0460782453ed69bb81a1b4a78847815b4fb64bfe94/detection

crushter.info
madefrindly.info
/m4k1doWVqrvvbjsc/
/AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.ico
/AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.mp3
/AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.mp4
/AOg9AQ2SVeHsiL61tkS53q02NnMToZuOb8s5yUe8jEcBxAs0.png
/Testoresisty/kolimekatares

# Reference: https://twitter.com/StopMalvertisin/status/1631222638541692928
# Reference: https://www.virustotal.com/gui/file/9f7324518de5725a6b162954d355291fc3775c17c8d96d8f570b7ebdffabf5d3/detection

goldliney.buzz
monitoriing.buzz
/3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.ico
/3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.mp3
/3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.mp4
/3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.png
/Lomiapekaso/texadikkomanapel

# Reference: https://twitter.com/t3ft3lb/status/1631626934810562561
# Reference: https://www.virustotal.com/gui/file/6863edff3663f155dd208b967e18666d87b21708fd7d947fd142ffa969283157/detection
# Reference: https://www.virustotal.com/gui/file/a0db0e478d82a418d352234ded604c1ba8f1472cc3832c830012a8829766ebcc/detection

seasurfer.buzz
m.seasurfer.buzz
/33lhGEeiVe57s8gY/
/GMOdLGq3cD2dyrjb/
/kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.ico
/kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.mp3
/kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.mp4
/kW4WcheFTdyHEmRBaSsEiGNHdZebaBJUZlvzfk0EMf6JCRQV.png
/nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.ico
/nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.mp3
/nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.mp4
/nmEVLghL0B5dMtBiZMAgeIVniuP4bVFETWfsZqQ2jZ1bMJYd.png

# Reference: https://twitter.com/ThreatBookLabs/status/1633749503856758785
# Reference: https://www.virustotal.com/gui/ip-address/45.61.137.233/relations

mfglogged.buzz

# Reference: https://twitter.com/ThreatBookLabs/status/1636305553189396482
# Reference: https://www.virustotal.com/gui/ip-address/64.190.113.227/relations

spotingcheck.buzz

# Reference: https://twitter.com/RedDrip7/status/1636693076650647554
# Reference: https://www.virustotal.com/gui/file/e26cd08114a3e47a35f60dde2e236997c23d8017b68f0d315e9e490c8cd69164/detection

roosterguy.online
/bioproaporoidorer
/rajkrjkekjdlrkjlrfa

# Reference: https://twitter.com/ThreatBookLabs/status/1638372054776041472
# Reference: https://www.virustotal.com/gui/ip-address/193.149.176.5/relations

taskcheap.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1638804488638332928
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.49/detection
# Reference: https://www.virustotal.com/gui/file/9b2327e87c2c4c60943c7ee61ee97ef12a0383ea42a4cb740f21bd88718a4dac/detection

feedlack.buzz
/Romexicarto/terokanama

# Reference: https://ti.qianxin.com/blog/articles/Heavy-Shadows:-Summary-of-Recent-Attack-Techniques-Used-by-Donot-Group-EN/
# Reference: https://otx.alienvault.com/pulse/642319f5f57d7b39508d3ff4

balancelogs.buzz
repidyard.buzz
salcomp.buzz

# Reference: https://twitter.com/ThreatBookLabs/status/1643083621753053184
# Reference: https://www.virustotal.com/gui/file/a37f37a467a691fbcb9b77170d4815a0daa868b90c4dba0f6ca38ff894ce9935/detection
# Reference: https://www.virustotal.com/gui/file/fc18f6cfdd40ecff669a0f620188d59c9d8d3c69bcdbc795975bd0f491ff7ac1/detection

retroservices.buzz
blue.retroservices.buzz
/Kolpt523ytcserstrew/torel
/Kolpt523ytcserstrew/

# Reference: https://twitter.com/ThreatBookLabs/status/1643623912654209027
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.164/relations

elegenthook.buzz

# Reference: https://twitter.com/josh_penny/status/1644251163028516865

cheaper.buzz
cheaplate.info
denimbluesshirto.com
disgney.buzz
energyhost.buzz
gymchecktaker.buzz
lvoverseas.buzz
mencoyouth.buzz
recorded.buzz
ruoyenilion.buzz
lemon.lvoverseas.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1645734562264399872

/xF0JN21nfgngXLAg/
/xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.ico
/xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.mp3
/xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.mp4
/xF0JN21nfgngXLAg/cFnUhRx46tKkU2K3t2mqTz1FmyAUvyjPrhdaB61gwomXBtRd.png

# Reference: https://twitter.com/ThreatBookLabs/status/1646176620401795072
# Reference: https://www.virustotal.com/gui/ip-address/193.149.187.131/relations

dripgift.live
mistergift.live
truesuprise.live

# Reference: https://threatbook.io/domain/informe.live
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.98/relations

informe.live
informu.live

# Reference: https://twitter.com/ThreatBookLabs/status/1648934486216957953
# Reference: https://app.validin.com/axon?type=ip&limit=100&find=168.100.11.152
# Reference: https://app.validin.com/axon?type=ip&find=5.199.168.207
# Reference: https://www.virustotal.com/gui/ip-address/168.100.11.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.199.168.207/relations

donovinto.live
financeto.live
financeof.live
regalovinto.live
vintociao.live

# Reference: https://twitter.com/ThreatBookLabs/status/1649066217146290178
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.22/relations

driverunning.buzz

# Reference: https://twitter.com/t3ft3lb/status/1649427493739216896
# Reference: https://www.virustotal.com/gui/ip-address/162.33.179.233/relations
# Reference: https://www.virustotal.com/gui/ip-address/168.100.10.179/relations
# Reference: https://www.virustotal.com/gui/file/61eeb6f444bfc11b718646ba4283fbaf3e0b6123c07f082cc59e884cb8934d30/detection

epiczplus.buzz
hovaupdates.buzz
/9MBOzdRlUhSvqLmN/
/9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.ico
/9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.mp3
/9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.mp4
/9MBOzdRlUhSvqLmN/b4MjHpJj3H2wBmWaJg5XGHC9FRQbU4lMQ3i55kDNyYU1NhQr.png

# Reference: https://www.virustotal.com/gui/ip-address/157.230.238.219/relations

seacloud.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1650923515955249154
# Reference: https://www.virustotal.com/gui/file/8be504d853c2f85e9db232cd804aab21125e18f316e159bcd87631f98205c6a7/detection

tourexplore.shop
liberty.tourexplore.shop
/rkljriasuriopakrkvfdf/czneygyru76jyfahj
/czneygyru76jyfahj
/rkljriasuriopakrkvfdf/

# Reference: https://twitter.com/StopMalvertisin/status/1651859711598403584

userlease.info
mid.userlease.info
/5boIzNxftM5WJvgO/CUWMZd0PwJX5elY7.php
/5boIzNxftM5WJvgO/
/CUWMZd0PwJX5elY7.php

# Reference: https://twitter.com/StopMalvertisin/status/1651859776610136065
# Reference: https://twitter.com/t3ft3lb/status/1651887661454614528
# Reference: https://www.virustotal.com/gui/file/f4bf2af544cce89a13bb73187e960bf30da0cfde9b067de25d696779c91a80af/detection

driverunning.buzz
lib.driverunning.buzz
/Lomiapekaso/ertopikana
/Lomiapekaso/texadikkomanapel
/Lomiapekaso/
/ertopikana
/texadikkomanapel

# Reference: https://www.virustotal.com/gui/ip-address/45.61.138.186/relations
# Reference: https://www.virustotal.com/gui/file/d966114f1f2d32af390ad4413647561c3182a7a8c1e3a55b75b1b860594623ac/detection

onesolution.buzz
pic.onesolution.buzz
/Nptyerbcstedkyrdpste/lempp
/Nptyerbcstedkyrdpste/

# Reference: https://www.virustotal.com/gui/ip-address/45.61.138.186/relations
# Reference: https://www.virustotal.com/gui/file/aea1ebd23f693bffaab8bfbf509ba73aab6fa5b6f2218413ba48357161a72149/detection

fontsloaders.xyz
donotppi.fontsloaders.xyz
ppi.fontsloaders.xyz
www42.fontsloaders.xyz
www70.fontsloaders.xyz
/Pcb95ntr4umnb438ear5ky24/lkd874ters
/Pcb95ntr4umnb438ear5ky24/olstv210rt/O/ku
/Pcb95ntr4umnb438ear5ky24/

# Reference: https://twitter.com/suyog41/status/1654024491893248000
# Reference: https://www.virustotal.com/gui/file/551b15fbf9dbab46bf5a0529ad1abbcc89c58b2d936e75b120c17a81d4a9bff5/detection

leasly.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1654031495860989954
# Reference: https://www.virustotal.com/gui/file/2ffd8e9fc1f91c6ce5570131ae5dc0607bfc283012e33db4f489db0ff1ccbaf5/detection

shortdeserve.buzz
/nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.ico
/nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp3
/nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp4
/nc3bO91THkNG8ZJV/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.png
/nc3bO91THkNG8ZJV/
/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.ico
/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp3
/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.mp4
/qOd7OFHNVbYvHf1TwqFjGYJSlndGJMFmXp5Fbo9AYupM9stS.png

# Reference: https://twitter.com/StopMalvertisin/status/1656583924880146433
# Reference: https://www.virustotal.com/gui/file/ffe60f49d81ac0ade1c1fe1f571a150b9c0b4d5803db773ffbd6af8fe50a9f60/detection

lovebirdsshop.club

# Reference: https://twitter.com/StopMalvertisin/status/1659156583715311617
# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.214/relations
# Reference: https://www.virustotal.com/gui/file/ef9919086110b0b3a85c9bd648c7308743f4342c10dd42cf35c7f87f6a0bcdca/detection

preferbrowse.buzz
/UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.ico
/UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp3
/UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp4
/UykPk27JN5tMgfU1/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.png
/UykPk27JN5tMgfU1/
/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.ico
/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp3
/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.mp4
/xyaVHGO7apOzwMZzioiJU0TSlaUkQQfQ8WenNwla2S1bmz1r.png

# Reference: https://twitter.com/RedDrip7/status/1659383591686766592
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.99/relations
# Reference: https://www.virustotal.com/gui/file/0c3a4ea3a32ba45fef28af39f5529bd22d3b9b924ae8269103ea7d375bee0d4a/detection

liketaker.xyz
/9nk8DQS9dFhOAkjE/bwyPS94u0QGIgITe.php
/9nk8DQS9dFhOAkjE/
/bwyPS94u0QGIgITe.php

# Reference: https://twitter.com/t3ft3lb/status/1668525860222058497
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.59/detection
# Reference: https://www.virustotal.com/gui/file/5d1dd3429cd64eb31bd98fd59dbef2954c7b3ecec51bcc693cbbcd754f901df8/detection

superchess.buzz
/HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.ico
/HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp3
/HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp4
/HuOvbGawR8DSTWjC/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.png
/HuOvbGawR8DSTWjC/
/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.ico
/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp3
/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.mp4
/LJZW8jVnAPaBkov1sEIhBi3EPjBnin9DdtZQcKTaagdw1yfH.png

# Reference: https://twitter.com/malwrhunterteam/status/1676233125767020545
# Reference: https://www.virustotal.com/gui/ip-address/188.191.106.200/relations
# Reference: https://www.virustotal.com/gui/file/951340643285e3102e2eed57f6850ff4ec0259f289bc5a673916b3c2689930bd/detection

pluginauth.live

# Reference: https://twitter.com/StopMalvertisin/status/1678693049344618496
# Reference: https://www.virustotal.com/gui/ip-address/37.220.31.59/relations
# Reference: https://www.virustotal.com/gui/file/208f49194964faecf700e283e68d1d833542a88580f6739d3be2a173fed733c6/detection
# Reference: https://www.virustotal.com/gui/file/6ca8be221bbec7da46ec7609baf4e5c1b1d65e6b3e41d0c305f21a7089db98d6/detection
# Reference: https://www.virustotal.com/gui/file/d24d3b972bef8b9d6a1e5ddc345620ac1915937730728cc55271f1f487c56e3c/detection

37.220.31.59:443
kababonline.shop

# Reference: https://twitter.com/Timele9527/status/1679324498162749440

servings.info

# Reference: https://twitter.com/StopMalvertisin/status/1682071703558684673
# Reference: https://www.virustotal.com/gui/file/497c3c0024fe57822b86da7410b7c46bb35147535e9d4a43b4ee328bce22930c/detection

aioupdates.buzz

# Reference: https://twitter.com/StopMalvertisin/status/1682382945301016577
# Reference: https://www.virustotal.com/gui/file/f5770bba45da919565fa04c99bbd57480a1cb154473fe8be8f56658aaee872c2/detection

yummycakes.online
sales.yummycakes.online

# Reference: https://twitter.com/ThreatBookLabs/status/1683826432848588800

beachupdates.live

# Reference: https://twitter.com/peterkruse/status/1684134146560466952

firstbyte.club

# Reference: https://twitter.com/ThreatBookLabs/status/1684373034529083392

dawnon.live

# Reference: https://twitter.com/ThreatBookLabs/status/1686202265244155904

templevisit.live

# Reference: https://twitter.com/ThreatBookLabs/status/1687097930535354368

toysgift.store
shop.toysgift.store

# Reference: https://twitter.com/ThreatBookLabs/status/1687295657458204672

updatepc.shop
blogs.updatepc.shop

# Reference: https://twitter.com/blackorbird/status/1692366590631948716
# Reference: https://mp.weixin.qq.com/s/WJji5Dr9OHSgwIaySetCfg
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.141/relations

sharelives.xyz
storagedrive.buzz
easy.sharelives.xyz
lite.storagedrive.buzz
lite.sharelives.xyz

# Reference: https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/
# Reference: https://otx.alienvault.com/pulse/6491a5fd967508bd2c6e951e
# Reference: https://www.virustotal.com/gui/file/8f56747b118f48e4a38a70be0e0c653fd4e452e2ce22c1ff35124ef1dc0f7c61/detection
# Reference: https://www.virustotal.com/gui/file/86c415e5462d21196906a025b37e86413842771e39f73c75ddb50a80881a90e3/detection
# Reference: https://www.virustotal.com/gui/file/3463083d0f22ee6c35cef6a603f985b6ba03fd6a85b0e8a40c6d3d22ac73294c/detection

193.149.176.226:4000
193.149.176.226:9090
appnsure.com
ikhfaavpn.com

# Reference: https://twitter.com/t3ft3lb/status/1693909660678701448
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.107/detection
# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.3/relations
# Reference: https://www.virustotal.com/gui/file/12334a40680a030287e4cea05814bd6ab05e3b2f2a62aec82fc6361cc829c702/detection

cardlogical.info
instantcap.info
/bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.ico
/bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp3
/bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp4
/bo1fdeNGuIiitis3/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.png
/bo1fdeNGuIiitis3/
/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.ico
/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp3
/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.mp4
/4JH0qYxTk53tul7xUZ4bmbj9nzb19Y9vMgBxfG0N4NhUJvYb.png

# Reference: https://twitter.com/t3ft3lb/status/1694321508703928728
# Reference: https://www.virustotal.com/gui/file/6b7b1f151464bdce98c53f82a29541a6d90622892d94fecd0740be6642e6dd91/detection

gizgashineson.buzz
mentsele.info
/XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.ico
/XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp3
/XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp4
/XA3JOnMP01TenAuE/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.png
/XA3JOnMP01TenAuE/
/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.ico
/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp3
/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.mp4
/442WpoKwPlGlPBMPFMI1q5TzgOKfNQXZhkIKRv9rfAgEQfC6.png

# Reference: https://twitter.com/t3ft3lb/status/1699692448728154465
# Reference: https://www.virustotal.com/gui/ip-address/193.149.190.198/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.219/relations
# Reference: https://www.virustotal.com/gui/file/683516912ba44027a1d5121d53f176e0ac12f24d6e7c135d5138fbcd9e4c71e4/detection
# Reference: https://www.virustotal.com/gui/file/4bd7b3fa7e974323e1ccc8da9196bf7b7dc1cf62590f19decbbe246c931d7634/detection
# Reference: https://www.virustotal.com/gui/file/4099830655dbc477365fca2886698ac9d2581b3e4b332aab7da277de0b16f090/detection

adjusteble.info
thanrole.buzz
/Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.ico
/Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp3
/Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp4
/Ur7AdyiXFB1VNNl8/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.png
/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.ico
/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp3
/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.mp4
/rHhiHSQwiAkySF9iqJEoCk7SOHz8DHf8zosMprQQOEERSk10.png
/Ur7AdyiXFB1VNNl8/
/LHgausZEKtauASHjSvfUU/rokoprexcobatrs
/LHgausZEKtauASHjSvfUU/
/rokoprexcobatrs

# Reference: https://twitter.com/ThreatBookLabs/status/1684190834097262592
# Reference: https://www.virustotal.com/gui/ip-address/167.71.195.202/relations

box4box.online
blogs.box4box.online

# Reference: https://twitter.com/ThreatBookLabs/status/1659560539045994497
# Reference: https://www.virustotal.com/gui/ip-address/162.33.179.213/relations

updateszeldya.buzz

# Reference: https://twitter.com/t3ft3lb/status/1719316874079699383
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.148/relations
# Reference: https://www.virustotal.com/gui/ip-address/38.180.44.254/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.24/relations
# Reference: https://www.virustotal.com/gui/file/7328b1606c6158aba7ab33871941078b70a52202bbe0b919c2ca109bcf0742a2/detection

bulkquantity.info
harddive.info
/hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.ico
/hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp3
/hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp4
/hM2acgcg15KzzO9d/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.png
/hM2acgcg15KzzO9d
/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.ico
/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp3
/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.mp4
/yErKU1yd97xzKdqmojnG9fMtjhAnu9dBrvXvBJJwbGqvxnxV.png

# Reference: https://app.validin.com/axon?find=58.158.177.102&type=ip

forestertop.online
updatemtnlin.online

# Reference: https://twitter.com/t3ft3lb/status/1727269773984354534
# Reference: https://www.virustotal.com/gui/ip-address/206.188.196.139/relations
# Reference: https://www.virustotal.com/gui/file/e1329bf6e0daa6a2b4a68d14299515556ead58cac2d19e4f1c5e23a80d6978b1/detection

speedrugg.info
trigershop.info
/WxporesjaTexopManor/ptomekasresdkolertys
/ptomekasresdkolertys
/WxporesjaTexopManor/
/ZKlVWfynYHjd1nm7/
/ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.ico
/ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp3
/ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp4
/ZKlVWfynYHjd1nm7/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.png
/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.ico
/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp3
/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.mp4
/aXFwQpdVsYmKbkoWi9y9ZBzIkFE6GHxv0ePSSilV3Ai6F2Ir.png

# Reference: https://twitter.com/t3ft3lb/status/1737839842057408918
# Reference: https://www.virustotal.com/gui/ip-address/179.43.141.70/relations
# Reference: https://www.virustotal.com/gui/file/4061254c893de6b78810afeec5e231948820e1be6e9579f32d07ef9c51ae42f7/detection
# Reference: https://www.virustotal.com/gui/file/26a3d4584a8fb5c12182ddb5fc97d9c00527e1de11700fe25e9c2035fedd831a/detection

natureplants.online
life.natureplants.online

# Reference: https://twitter.com/ginkgo_g/status/1739539260557172798
# Reference: https://www.virustotal.com/gui/ip-address/5.135.199.21/relations
# Reference: https://www.virustotal.com/gui/file/04dd305a825ae57a1045cedcf61a7f7a0775434ad7706a56053ac2a42d71528c/detection
# Reference: https://www.virustotal.com/gui/file/6448febcda625da9067b3ccbeeb348d33f88137f131e833ffeda3a5bc6f19168/detection

bakedcakes.online
stores.bakedcakes.online
/bnkfuiehj/hrkauhr1jhre
/hkruhruuhra/oiroeiariae
/bnkfuiehj
/hkruhruuhra
/hrkauhr1jhre
/oiroeiariae

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.4/relations

chatinsec.live
private-chat.site
privatechat.life
pvtchat.online
pvtchatway.online
apps.privatechat.life

# Reference: https://twitter.com/Cuser07/status/1746832513555931597
# Reference: https://www.virustotal.com/gui/file/6f5dd00b5003c0aad7733492efe6468e402fa6c8a1dc352d5be166410a192d57/detection

safeena.onrender.com

# Reference: https://twitter.com/malwrhunterteam/status/1753536383249985693
# Reference: https://twitter.com/malwrhunterteam/status/1755673303941861661
# Reference: https://twitter.com/malwrhunterteam/status/1788890869665255646
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.135/relations
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.183/relations
# Reference: https://www.virustotal.com/gui/ip-address/195.85.115.143/relations
# Reference: https://www.virustotal.com/gui/file/818c9caa65a80706e8d1620fefcb163293327ed96026afe14699b723091f785e/detection
# Reference: https://www.virustotal.com/gui/file/ecb9af8f1bbcea19e3930037042eefb1bceea0b439cd517e32ade121a80915f5/detection
# Reference: https://www.virustotal.com/gui/file/8b1f34ba876ef2da838417004a2a9da088cab650e1650a7e33d092d1677921fb/detection

pattems.buzz
roofcap.info
sitemails.info
toolgpt.buzz
updash.info

# Reference: https://twitter.com/mal_analysis136/status/1789148352732352877

abletalk.info
amazon-books-gifts.com
blakesleepa.business
derb.buzz
easyleak.info
elevaprodtechdpt.club
exchannal.buzz
flowchatter.com
greatly.buzz
greydeimsirty.com
linedate.info
linenote.info
logicfind.buzz
onelogs.info
qywirerope.com
rainmen.info
rb-fcumb.com
showlack.buzz
skeal.info
skybottle.buzz
spaldingfasteners.com
sprielnote.buzz
tikmicro.info
undertop.info
waterlack.info
ywirerope.com
zoom-info.com
qubee.tikmicro.info

# Reference: https://www.virustotal.com/gui/file/5761c2cd3985d74bf82d9c16e54a7ed69ffb5896c1325d9932d24265a6ffe3d0/detection

blinkedeye.top
chandhor.top
vauxserv.top
/~347g83yfighslfkjg3/~394ghbhjdksfhg.bin
/~g385ygbrogbyrug/fhg34879gbhfdsv.php
/~347g83yfighslfkjg3/
/~394ghbhjdksfhg.bin
/~g385ygbrogbyrug/
/fhg34879gbhfdsv.php

# Reference: https://twitter.com/RedDrip7/status/1768584497212297692
# Reference: https://www.virustotal.com/gui/ip-address/193.149.176.154/relations
# Reference: https://www.virustotal.com/gui/file/6cf1e3c90a8f6e4a9d66a099af0bf33e8828e21481519f97619d5eb13f51c7dd/detection

vectorindex.info

# Reference: https://twitter.com/doc_guard/status/1777328001073471710
# Reference: https://twitter.com/ginkgo_g/status/1777256849030709560
# Reference: https://www.virustotal.com/gui/ip-address/38.180.140.199/relations
# Reference: https://www.virustotal.com/gui/ip-address/38.180.2.75/relations
# Reference: https://www.virustotal.com/gui/file/697e5c66b37dca99fc17ba919792e7429efbff1df26cea3c26866eff269b0055/detection
# Reference: https://www.virustotal.com/gui/file/697e5c66b37dca99fc17ba919792e7429efbff1df26cea3c26866eff269b0055/detection
# Reference: https://www.virustotal.com/gui/file/1c17d91086dfc536b655c29a654cf6f8daf22e74c6a0c6d55f5a0000b0ea081d/detection

geographiclocation.info
letentinfo.info
/EKtauASHjLHgausZSvfUU/rokoprexcobatrs
/MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.ico
/MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp3
/MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp4
/MXGONOfJYVvQhrYT/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.png
/EKtauASHjLHgausZSvfUU/
/MXGONOfJYVvQhrYT/
/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.ico
/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp3
/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.mp4
/lM7I0GJGfXak8mJgihDGOdg1qJP6rnO5XPiiU9S3D3glz89X.png

# Reference: https://twitter.com/malwrhunterteam/status/1784211470579908912
# Reference: https://x.com/malwrhunterteam/status/1861517209014555017
# Reference: https://www.virustotal.com/gui/file/e9c9755af160a8da0cbd26e0523bf57cd937f61745f141dcd7a0e286a49827c8/detection
# Reference: https://www.virustotal.com/gui/file/93521e96e852d21508bee52a3dcf3dd3ab17e5935ee753cb59c32448c9919e7d/detection

178.63.172.6:4233
uploadwebpicts.store

# Reference: https://twitter.com/ShadowChasing1/status/1785700483480633606
# Reference: https://www.virustotal.com/gui/ip-address/195.85.114.122/relations
# Reference: https://www.virustotal.com/gui/ip-address/38.180.139.6/relations

brokensences.info
cookeddetails.info

# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=%28services%3A%28port%3A+4982+and+service_name%3A+SSH%29%29+and+autonomous_system.name%3D+%60BLNWX%60 (# Thanks to https://twitter.com/GennadiyKvita for hint)

162.33.177.183:4982
162.33.178.242:4982
162.33.178.3:4982
162.33.178.85:4982
162.33.179.171:4982
162.33.179.198:4982
162.33.179.238:4982
162.33.179.32:4982
193.149.176.237:4982
193.149.176.65:4982
193.149.176.65:9983
195.85.115.143:4982
206.188.197.34:27017
206.188.197.34:4982
206.188.197.53:4982
206.188.197.82:4982
45.61.136.15:4982
45.61.136.203:4982
45.61.136.231:4982
45.61.136.80:4982
45.61.137.213:4982
birdperson.xyz

# Reference: https://x.com/ginkgo_g/status/1805156177845841951
# Reference: https://www.virustotal.com/gui/ip-address/185.12.45.3/relations
# Reference: https://www.virustotal.com/gui/file/a70af59cce280f3b58f4c3cd24b1a2c75a4ea857e0a52c6576a6fc9ab6b3a5c0/detection
# Reference: https://www.virustotal.com/gui/file/fdd80b54840b928a6823e4cefb96542740b8bb47cf786ca2eb728999be37910e/detection
# Reference: https://www.virustotal.com/gui/file/ff485354658226e073ee0f28e6976812465c43d251760f0be256bbf349d2a322/detection

datesonline.store
sweet.datesonline.store
/dfertegdfkjg56A

# Reference: https://x.com/malwrhunterteam/status/1826586478434234474
# Reference: https://www.virustotal.com/gui/file/353ff4598f1a2fbfcadd0e0ee9ee3fe27725e351fd3825d896a6fef7325f2eaa/detection

crewcleaner.info

# Reference: https://x.com/malwrhunterteam/status/1826568815389376739
# Reference: https://www.virustotal.com/gui/file/e2936f6ffc1d7bc490d0148a1d6a4e632eb5c2607e7e8d8c06262a01fc00fbf5/detection

enchantebelle.buzz

# Reference: https://x.com/mal_analysis136/status/1846063286732968407

aplusgroup.online
elixirr.xyz
layr3.xyz

# Reference: https://x.com/suyog41/status/1814230027560501248
# Reference: https://x.com/suyog41/status/1815976875534975196
# Reference: https://x.com/blackorbird/status/1846209289322443074
# Reference: https://x.com/StrikeReadyLabs/status/1852532673283268899
# Reference: https://mp.weixin.qq.com/s/qCcuU0E6d84tdQ1r2dCsjA
# Reference: https://www.virustotal.com/gui/ip-address/94.141.120.137/relations
# Reference: https://www.virustotal.com/gui/file/a93a8e4bbd2b5af5b21b960f74a02b83d8b5e8c4ab8f5d3a8d5d676ccbc37c7b/detection
# Reference: https://www.virustotal.com/gui/file/cffe7eb01000de809b79a711702eaf3773f2e6167ce440f33f30bcd6fabcace3/detection
# Reference: https://www.virustotal.com/gui/file/dc747e9846ecb4c232b2e36007abdadc6d608272a8ea4305c89931ed0979944b/detection

internalfileserver.online
office-updatecentral.com
openfilesafely.online
phatkockbrewery.info
regionserverbackup.info
sloganstory.com
/eigenvalue/Odyssey/froth/imminently/creep
/eigenvalue/Odyssey/froth/imminently/empower
/eigenvalue/Odyssey/froth/imminently/intervene
/eigenvalue/Odyssey/froth/imminently/relaxations
/eigenvalue/Odyssey/froth/imminently/
/eigenvalue/Odyssey/froth/

# Reference: https://x.com/RakeshKrish12/status/1847516780299743254
# Reference: https://search.censys.io/hosts/45.90.217.219

45.90.217.219:3389

# Reference: https://x.com/Cyberteam008/status/1881886663590527151

ecliptera.info
leckfeel.info
wiebo.org

# Reference: https://x.com/mal_analysis136/status/1883446768345718789
# Reference: https://www.virustotal.com/gui/ip-address/38.180.106.242/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.61.48.183/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.176.178.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/72.5.43.148/relations

38.180.106.242:443
72.5.43.148:443
bunzpowe.info
hongmei.world
cleanarpoint.com
clearnimbly.buzz
registeronline.store

# Reference: https://threatfox.abuse.ch/browse/malware/win.donot/ (# 2025-01-26)

fiffyservices.info
servericescap.info
wanderwave.buzz
mssttt.ailicte.com

# Reference: https://app.validin.com/detail?type=hash&find=caa62d2795e1d665608e9cf51ef7d088#tab=host_pairs (# 2025-01-26)
# Reference: https://www.virustotal.com/gui/ip-address/206.188.197.82/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.139.141/relations
# Reference: https://www.virustotal.com/gui/file/41fae8ffc58fab5e1405aa95baec295c3d64512b2fc59cd8abe3fbb0a03667f6/detection
# Reference: https://www.virustotal.com/gui/file/e8dcdbbfaea83f0aa48fc74b7fb960de2935fcd4621ef7f4e5bb46ad2792418a/detection

162-33-178-135.cprapid.com
caplinks.buzz
clklra.com
craftscapes.info
downlogz.info
giffyserve.info
jukeservice.info
letupdatez.info
mglassservice.com
necklab.info
severgreys.info
statspush.com
azure.mglassservice.com

# Reference: https://x.com/RedDrip7/status/1889615859447988295
# Reference: https://x.com/malwrhunterteam/status/1910017328286224861
# Reference: https://x.com/malwrhunterteam/status/1910019446326059254
# Reference: https://www.virustotal.com/gui/file/4d036e0a517774ba8bd31df522a8d9e327202548a5753e5de068190582758680/detection
# Reference: https://www.virustotal.com/gui/file/b4e3200beb7da880299270c487bcb75e72705cb1c10a65a251f8ccd4579326fe/detection

couldmailauth.com
totalservices.info
/gxL5EumWANH46T3tjskyFB/pencil.php
/gxL5EumWANH46T3tjskyFB/

# Reference: https://x.com/ValidinLLC/status/1889999994335441246
# Reference: https://app.validin.com/detail?type=hash&find=9a4bd1e34a5eea89cf84ac96c446232757f895da#tab=host_pairs (# 2025-02-13)

chaterbox.org
infovisitas.info
starchater.org

# Reference: https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247514233&idx=1&sn=2e063a4d1143fd6d6bd6bc3de546ff9e&chksm=ea664f0edd11c618b26d39c18cfd8dc829d09528cbf18acff05712d7725061026f88f8e4b691&scene=178&cur_album_id=1539799351089283075

bijoyshare.buzz
diffgrinder.info
sharetobijoy.buzz
theoyservices.info
/2024/filez/uploadz/invite25.php
/filez/uploadz/invite25.php
/4us2rZQSxKVHgbyW/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.ico
/4us2rZQSxKVHgbyW/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.mp3
/4us2rZQSxKVHgbyW/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.mp4
/4us2rZQSxKVHgbyW/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.png
/PNubW5l8DVqKlNbo/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.ico
/PNubW5l8DVqKlNbo/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.mp3
/PNubW5l8DVqKlNbo/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.mp4
/PNubW5l8DVqKlNbo/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.png
/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.ico
/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.mp3
/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.mp4
/iAILc6MjCh4QEXTJWmKyY8r4DaoKRwkQ3yjlf0evOOO9vIdh.png
/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.ico
/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.mp3
/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.mp4
/zFsDitREUBbsbeB815VkWnKpuXN4bhXUg3MFC7txkrV5beqf.png
/4us2rZQSxKVHgbyW/
/PNubW5l8DVqKlNbo/
/WxporesjaTexopManor/vrptpvabkokamekastra/
/WxporesjaTexopManor/
/vrptpvabkokamekastra/

# Reference: https://x.com/mal_analysis136/status/1911832357176254848

sahafat.news
serosionpros.info
servicescraft.buzz

# Reference: https://x.com/volrant136/status/1943417990097309939
# Reference: https://en.fofa.info/result?qbase64=amFybT0iMjhkMjhkMjhkMDAwMjhkMDAwNDJkNDJkMDAwMDAwNTFhZjdkODA3MGExOGUwMDJlYWFlZGY2MjBmYTExOGMiICYmIGhlYWRlcj0iSFRUUC8xLjEgMjAwIE9LIiAmJiBoZWFkZXI9IkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04IiAmJiBoZWFkZXI9IlNlcnZlcjogQXBhY2hlIiAmJiBoZWFkZXI9IkNvbnRlbnQtTGVuZ3RoOiAwIiAmJiBhc249IjM5OTYyOSI%3D (# 2025-07-11)

polservice.info
theoyservices.info

# Reference: https://x.com/ThreatBookLabs/status/1952567310088339897
# Reference: https://app.validin.com/detail?find=38.180.71.241&type=ip4&ref_id=cb24e9c98a0#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5a4880a243d191f37c88340940d20287fa97390ad8fcf61274623fe572bf8b78/detection

http://149.248.78.7
altzserberin.info
aplcompin.site
aplinvest.site
appservices.info
appshare.buzz
appshares.buzz
appsharing.buzz
appsharinggo.buzz
appshazing.buzz
appsservicess.buzz
appsservicess.info
appsshares.buzz
appsupports.info
appzserv.info
chartsbezorgd.info
companive.online
companive.site
companivee.site
fininwesde.com
globexlogic.info
inveonapl.site
linkageread.info
makerolleds.info
newivesino.site
newpolinwess.online
newpolinwess.site
newpoolinwes.site
oneinvcomp.online
oneinvcomp.site
playserzapp.info
playsupport.info
programseeget.info
rollededpack.info
rooflaze.info
savingnames.info
servicseskep.info
shareingsevices.info
sharereliable.buzz
tiffyservics.info
trendhardoensun.buzz
visionglobale.site
/chopseybikametcolkders/makopetrabispokoletrastyzika
/chopseybikametcolkders/
/makopetrabispokoletrastyzika

# Reference: https://strikeready.com/blog/apt-android-phishing-microsoft/
# Reference: https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/
# Reference: http://malasada.tech/open-directory-search-leads-to-aged-apt-c-35-findings/
# Reference: https://app.validin.com/detail?type=hash&find=9d38a97bccfc3cffbb72786a0c02ce140e6ef25b#tab=host_pairs (# 2025-08-19)

advancedmapsone.com
mailservicess.com
omagle-chat-secure.com
play-googyle.com
support-microsofthelp.com

# Reference: https://x.com/ThreatBookLabs/status/1974988141854609418
# HEADER_HASH-HOST=f901766844508a249479

cosmicupto.info
gilbertfix.info
golledsack.info
keeznoted.info
scriptlydev.com
servzkeeps.info
synaptupiq.com
uptofixbi.info
uptonox.info
yumgetz.info

# APK

/Bride-Fun.apk
/Conion_Pro_V2q.apk
/Embassy_Info_v23m1221ppmm.apk
/Fire_chat_07.apk
/Fly_Talk_1qq.apk
/Go_chat_notf.apk
/Zak_m.apk
