# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: APT-C-55, Black Banshee, Velvet Chollima, ta427, RftRAT, moonpeak, UAT-5394, archipelago, emerald sleet, sparkling pisces, springtail, kospy, Larva-25004, kimjongrat, pebbledash

# Reference: https://otx.alienvault.com/pulse/5c93c4e48312d159728a9d78
# Reference: https://blog.alyac.co.kr/2209 (Korean)

maii-daum-net.atwebpages.com
nate-on.bug3.com
hanmail.membercp.net
korea.getenjoyment.net
mail.membercp.net
/itsme.daum

# Reference: https://twitter.com/blackorbird/status/1086970613552447489

safe-naver-mail.pe.hu

# Reference: https://twitter.com/blackorbird/status/1113318554563076096
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/aptnote0403
# Reference: https://blog.alyac.co.kr/2234 (Korean)

tcjst.com

# Reference: https://twitter.com/blackorbird/status/1118334122592591872
# Reference: https://raw.githubusercontent.com/blackorbird/APT_REPORT/master/kimsuky/Smoke%20Screen.pdf
# Reference: https://www.virustotal.com/gui/ip-address/192.186.142.74/relations
# Reference: https://otx.alienvault.com/pulse/5cb6e14b2fefc160d9e18b24

http://192.186.142.74
192.186.142.74:81
seoulhobi.biz

# Reference: https://twitter.com/RedDrip7/status/1133268937808859136

lovemoney.mypressonline.com

# Reference: https://blog.alyac.co.kr/2336 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d13373f428cfccd0fa506a6

hellojames.sportsontheweb.net

# Generic trails (also can be met in https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/)

/expres.php

# Reference: https://blog.alyac.co.kr/2347 (Korean)
# Reference: https://otx.alienvault.com/pulse/5cffce34469a83ecb23c93db

http://202.168.155.156
carolie-svr-v1.16mb.com
my-homework.890m.com
naver-security-mail.96.lt
oeks39402.890m.com
filer1.1apps.com
filer2.1apps.com
kuku675.site11.com
kuku79.herobo.com

# Reference: https://blog.alyac.co.kr/2389 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d14b11389f0f0ece394fab8

atene.myartsonline.com
hellojames.sportsontheweb.net
nid2-naver-com.medianewsonline.com
smalldeal.mypressonline.com

# Reference: https://www.anomali.com/blog/suspected-north-korean-cyber-espionage-campaign-targets-multiple-foreign-ministries-and-think-tanks
# Reference: https://otx.alienvault.com/pulse/5d5d6f5c5f0e4d2b7f5f3208
# Reference: https://twitter.com/blackorbird/status/1164370375490228224

alone-service.work
app-support.work
check-up.work
com-main.work
doc-view.work
login-confirm.work
member-service.work
minner.work
short-line.work
sub-state.work
web-line.work

# Reference: https://twitter.com/cyberwar_15/status/1166592637371060226

rnailr.com

# Reference: https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-009.pdf
# Reference: https://otx.alienvault.com/pulse/5d6d754babe6ca295f94cb1b

accounted.top
acounts.work
ahooc.com
alive-user.work
alone-service.work
app-house.online
app-main.site
app-support.site
app-support.work
check-line.site
check-operation.site
check-up.work
client-mobile.work
confirm-main.work
dounn.net
dovvn-mail.com
drog-service.com
eposcard.co
first-state.work
gstaticstorage.com
heehorse.com
hotrnall.co
imap-login.com
inbox-mail.work
inbox-yahoo.com
lh-login.com
lh-logs.com
lh-yahoo.com
local-link.work
log-yahoo.com
login-confirm.site
login-confirm.work
login-history.pw
login-sec.com
login-use.com
login-yahoo.info
logins-yahoo.com
mail-down.com
mail-inc.work
mail-service.win
mailseco.com
main-line.work
main-service.site
main-support.work
matmiho.com
member-service.work
message-inbox.work
minner.work
mobile-device.site
mobile-phone.work
myprivacy.work
net-policies.work
old-version.work
online-support.work
open-auth.work
options.work
page-view.work
phlogin.com
profile-setting.work
protect-com.work
protect-mail.work
protect-main.site
retry-confirm.com
script-main.site
sec-line.work
sec-live.com
set-login.com
setting-main.work
share-check.site
short-line.work
sign-in.work
srnbc-card.com
user-account.link
user-accounts.net
user-service.link
user-service.work
viewetherwallet.com
wallet-vahoo.com
weak-online.work
web-info.work
web-mind.work
web-online.work
web-rain.work
web-state.work
web-store.work
yah00.work
yrnall.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1177115401400016901
# Reference: https://blog.alyac.co.kr/2538 (Korean)
# Reference: https://otx.alienvault.com/pulse/5d8dd05bac456c1dade338df

joelwisian.com
reunionhomesok.com

# Reference: https://twitter.com/blackorbird/status/1178497550938034177

eoplus.co.kr/board/pressed/
eoplus.co.kr/board/presset/

# Reference: https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf
# Reference: https://otx.alienvault.com/pulse/5d9f541a43c2babf60994786

c-naver.com
daum-center.net
rrnaver.com
udaum.net
account-google.member-authorize.com
user-manage-center.hol.es
user-daum-center.pe.hu
user-protect-center.pe.hu
naiei-aldiel.16mb.com
nid-protect-team.pe.hu
nid-management-team.890m.com
oeks39402.890m.com
vkcxvkweo.96.lt

# Reference: https://otx.alienvault.com/pulse/5dac36de0d5134df36b16666

clouds.scienceontheweb.net

# Reference: https://twitter.com/spider_girl22/status/1191306963369353216

online---shop.atwebpages.com

# Reference: https://blog.alyac.co.kr/2645 (Korean)
# Reference: https://otx.alienvault.com/pulse/5de68f93fc4d8a6303a7598b

member-view-center.esy.es
primary-help.esy.es
ago2.co.kr/bbs/data/dir/F.php
antichrist.or.kr/data/cheditor/dir1/F.php
gyjmc.com/board/data/cheditor/dir1/F.php

# Reference: https://otx.alienvault.com/pulse/5e257c8c189e48e8e053e75b

antichrist.or.kr/data/cheditor/dir1/lyric64
batgalim.org.il/facebook/Facebook/Entities/ppp/encoding.png
jonashartley.com/hilaryolsen/wp-includes/images/crystal/1122/upload.php
jonashartley.com/hilaryolsen/wp-admin/network/run.php
jonashartley.com/hilaryolsen/wp-includes/random_compat/1122/res.php
jonashartley.com/hilaryolsen/wp-includes/random_compat/1122/expres.php
jonashartley.com/hilaryolsen/wp-includes/customize/1111/res.php
jonashartley.com/hilaryolsen/wp-includes/customize/1111/expres.php
happy-new-year.esy.es
safe-naver-mail.pe.hu

# Reference: https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf
# Reference: https://otx.alienvault.com/pulse/5e42fd9c9fa37be52610c5c5

accounting-microsofft.epizy.com
csdaum-help.esy.es
daum-account-login.esy.es
daum-account-login.esy.esoeks39402.890m.com
daum-account-signin.pe.hu
daum-login-protect.hol.es
daum-setting.hol.es
daum-stting.hol.es
daumlogin.esy.es
gyjmc.com
mail-customer-safety-center.hol.es
mail-kinu.hol.es
mail-naver-protect.hol.es
mail.naver.comuf.com
member-authorize.com
member-daum-regist.hol.es
member-view-center.esy.es
memver-view-center.esy.es
nager-relogin-security.96.lt
naiei-ldel.16mb.com
naver-password.esy.es
naver-security-mail.96.lt
naverhelp.esy.es
naverkorea.esy.es
naverlogin.esy.es
nid-mail.pe.hu
nid-management-team.890m.com
nid-protect-team.pe.hu
primary-help.esy.es
protect-yahoo-teeam.000webhostapp.com
security-mail-daum.000webhostapp.com
snu-mail-ac-kr.esy.es
suppcrt-seourity.esy.es
uefa2018.000webhostapp.com
user-daum-center.pe.hu
user-management-center.hol.es
user-protect-center.pe.hu
vkcxvkweo.96.lt
webrnail-kinu.hol.es

# Reference: https://twitter.com/anyrun_app/status/1115513990711521280
# Reference: https://www.virustotal.com/gui/file/540336c5e61d589776e267eed14eac835720b4484312434ce4f27adfec8bf817/detection

185.224.137.164:21

# Reference: https://twitter.com/cyberwar_15/status/1227709181605613569

happy-boy.pe.hu

# Reference: https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-1.html
# Reference: https://otx.alienvault.com/pulse/5e4c19894aad216887c8cb3d

ago2.co.kr/bbs/data/tmp
aiyac-updaite.hol.es
daum-center.net
embed-helper.esy.es
er-manage-center.hol.es
finale-jack.esy.es
kakao-check.esy.es
my-homework.890m.com
naver-mail-com.hol.es
nid-protect-team.pe.hu
nid-yyanagemeniteam.890m.com
nortice-centre.esy.es
oeks39402.890m.com
rrnaver.com
simple-hick.esy.es
suppcrt-seourity.esy.es
udaum.net
upgradesrv.890m.com
user-daum-center.pe.hu
user-manage-cenier.nol.es
user-protect-center.pe.hu

# Reference: https://twitter.com/blackorbird/status/1107214927402418176
# Reference: https://twitter.com/blackorbird/status/1107479347013672960

ddlove.kr/bbs/dta/1

# Reference: https://twitter.com/blackorbird/status/1082553543280680962

ago2.co.kr/bbs/data/dir

# Reference: https://twitter.com/cyberwar_15/status/1230093739554557953

pingball.mygamesonline.org

# Reference: https://twitter.com/spider_girl22/status/1233198285747154944
# Reference: https://twitter.com/cyberwar_15/status/1241591674255446016
# Reference: https://app.any.run/tasks/f4172853-90e6-49ad-be7b-bf6efa771448/

nagoya.datastore.pe.hu
suzuki.datastore.pe.hu
toyota.datastore.pe.hu

# Reference: https://blog.alyac.co.kr/2737 (Korean)

mernberinfo.tech

# Reference: https://twitter.com/cyberwar_15/status/1232989735011794945
# Reference: https://www.virustotal.com/gui/file/2cd5f1852ac6d3ed481394ea0abc49f16789c12fb81bcdf9988762730fb0aa8f/detection
# Reference: https://twitter.com/spider_girl22/status/1234761655214493697
# Reference: https://twitter.com/cyberwar_15/status/1240677656451899394
# Reference: https://twitter.com/Timele9527/status/1240620534468997125

all200.mireene.com
crphone.mireene.com
jmable.mireene.com
jmdesign.mireene.com
nhpurumy.mireene.com
orblog.mireene.com
sgmedia.mireene.com
vnext.mireene.com

# Reference: https://twitter.com/Timele9527/status/1240123132419223554

mybobo.mygamesonline.org

# Reference: https://twitter.com/DeadlyLynn/status/1245264426321600513

saemaeul.mireene.com

# Reference: https://twitter.com/AnonySecAgency/status/1250605504520318977

rolls-royce-love.890m.com

# Reference: https://twitter.com/VK_Intel/status/1257243399742251010

upload.bigfile.hol.es

# Reference: https://twitter.com/AnonySecAgency/status/1263047043150299136

gotoclean.com.co
ricefarm.kr/bbs/st/expres.php

# Reference: https://twitter.com/cyberwar_15/status/1266553918454067201
# Reference: https://www.rfa.org/korean/in_focus/nkhacking-05292020160533.html (Korean)

com-download.work

# Reference: https://twitter.com/cyberwar_15/status/1268073043365990401

part.bigfile.pe.hu

# Reference: https://blog.alyac.co.kr/3033 (Korean)
# Reference: https://otx.alienvault.com/pulse/5ed7c80f673c40df00c52fa6

boaz.kr/skin/member/basic/css/cross.php
boaz.kr/skin/member/basic/css/report.php
boaz.kr/skin/member/log/cross.php
boaz.kr/skin/member/log/pre.hta
boaz.kr/skin/member/log/report.php
boaz.kr/skin/member/log/suf.hta

# Reference: https://twitter.com/XOR_Hex/status/1273023258535886848

dept-dp.lab.hol.es

# Reference: https://twitter.com/cyberwar_15/status/1273435333430935552

gbxhd.org-help.com

# Reference: https://twitter.com/ccxsaber/status/1273804166612135940

security-confirm.bmail-org.com

# Reference: https://twitter.com/ShadowChasing1/status/1274724519803043852

finalist.org-help.com

# Reference: https://twitter.com/cyberwar_15/status/1275368364819410950

foxhunter.getenjoyment.net
korea.getenjoyment.net
pootball.getenjoyment.net

# Reference: https://twitter.com/DeadlyLynn/status/1275998401524424704

attachchosun.atwebpages.com

# Reference: https://twitter.com/ccxsaber/status/1278941222166380545

lovelovelove.atwebpages.com

# Reference: https://twitter.com/DeadlyLynn/status/1281840956170317824

bascetball.atwebpages.com

# Reference: https://twitter.com/cyberoverdrive/status/1285955528770891776
# Reference: https://www.virustotal.com/gui/file/4fae9a942aafddc8ee21a753302cec3c5273d3f71e132f176cb799dd922e30ac/detection

pingguo5.atwebpages.com

# Reference: https://app.any.run/tasks/74d55d02-7bbd-444c-a01b-30ac52a7e576/

foxonline123.atwebpages.com

# Reference: https://twitter.com/cyberwar_15/status/1296301860312084482

jongjin.000webhostapp.com

# Reference: https://twitter.com/DeadlyLynn/status/1299970605043707905
# Reference: https://www.virustotal.com/gui/file/4ff2a67b094bcc56df1aec016191465be4e7de348360fd307d1929dc9cbab39f/detection

portable.epizy.com

# Reference: https://otx.alienvault.com/pulse/5f737caa710907613c4d2773

account-protect.work
account-viewer.work
com-active.work
com-download.work
com-option.work
com-ssl.work
com-sslnet.work
com-vps.work
default.tokyo
desk-top.work
doc-view.pw
dorey.work
dutaley.work
exiweng.work
idiolos.work
intemet.work
jp-sec.pw
jp-ssl.work
kinac.work
net-sec.pw
org-view.pw
org-view.work
org-vip.work
org-vps.work
poulsen.work
robezo.work
rtyuio.work
sslport.work
sslserver.work
ssltop.work
taplist.work
tlsmain.work
unrepong.work
verdall.xyz
vpstop.work
webmain.work

# Reference: https://twitter.com/cyberwar_15/status/1313175039307476993

daumcleaner.mywebcommunity.org
naver.mywebcommunity.org
workcrafter.mywebcommunity.org

# Reference: https://twitter.com/DeadlyLynn/status/1314181830162083841
# Reference: https://www.virustotal.com/gui/file/363386c4caa5a995d3ca9345520c90942d5d3e1aaf8056831348f92eb73c15db/detection

goldbin.myartsonline.com

# Reference: https://twitter.com/vigilantbeluga/status/1315720089316941824
# Reference: https://twitter.com/vigilantbeluga/status/1315722308703543297

hdac-wallet.com
kasse-v1.hdac-wallet.com
update.hdac-tech.com
wallet.hdac-tech.com

# Reference: https://twitter.com/vigilantbeluga/status/1255002262256025600
# Reference: https://www.virustotal.com/gui/file/3110f00c1c48bbba24931042657a21c55e9a07d2ef315c2eae0a422234623194/detection

general-second.org-help.com

# Reference: https://us-cert.cisa.gov/ncas/alerts/aa20-301a
# Reference: https://otx.alienvault.com/pulse/5f9856f8655cfd07338c8e83

account.daum.unikftc.kr
account.daum.unikortv.com
account.daurn.pe.hu
amberalexander.ghtdev.com
beyondparallel.sslport.work
bigfile.pe.hu
cdaum.pe.hu
cloudmail.cloud
cloudnaver.com
coinone.co.in
com-download.work
com-option.work
com-ssl.work
com-sslnet.work
com-vps.work
comment.poulsen.work
cooper.center
csnaver.com
daum.net.pl
daum.unikortv.com
daurn.org
daurn.pe.hu
demand.poulsen.work
dept-dr.lab.hol.es
downloadman06.com
dubai-1.com
eastsea.or.kr
gloole.net
help-navers.com
help.unikoreas.kr
helpnaver.com
hogy.desk-top.work
impression.poulsen.work
intemet.work
intranet.ohchr.account-protect.work
jonga.ml
jp-ssl.work
kooo.gq
loadmanager07.com
login.bignaver.com
login.daum.kcrct.ml
login.daum.net-accounts.info
login.daum.unikortv.com
login.outlook.kcrct.ml
mail.unifsc.com
mailsnaver.com
member-authorize.com
member.daum.uniex.kr
member.daum.unikortv.com
member.navier.pe.hu
msdatl3.inc
msolui80.inc
myaccount.nkaac.net
myaccounts.gmail.kr-infos.com
myetherwallet.co.in
myetherwallet.com.mx
naver.co.in
naver.com.cm
naver.com.de
naver.com.ec
naver.com.mx
naver.com.pl
naver.com.se
naver.cx
naver.hol.es
naver.koreagov.com
naver.onegov.com
naver.pw
naver.unibok.kr
naverdns.co
net.tm.ro
nid.naver.com.se
nid.naver.corper.be
nid.naver.onektx.com
nid.naver.unibok.kr
nid.naver.unicrefia.com
nidlogin.naver.corper.be
nidnaver.email
nidnaver.net
ns.onekorea.me
nytimes.onekma.com
org-vip.work
preview.manage.org-view.work
pro-navor.com
read-hanmail.net
read-naver.com
read.tongilmoney.com
resetprofile.com
resultview.com
riaver.site
sankei.sslport.work
securetymail.com
servicenidnaver.com
smtper.cz
smtper.org
sslserver.work
ssltop.work
statement.poulsen.work
sts.desk-top.work
taplist.work
tiosuaking.com
top.naver.onekda.com
usernaver.com
view-hanmail.net
view-naver.com
vilene.desk-top.work
vpstop.work
webmain.work
webuserinfo.com
ww-naver.com

# Reference: https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite
# Reference: https://www.cyberscoop.com/north-korea-espionage-kimsuky-cybereason/
# Reference: https://otx.alienvault.com/pulse/5fa029ed2e8d9de384c74f26

csv.posadadesantiago.com/home/up.php?id=
csv.posadadesantiago.com/home?act=news&id=
csv.posadadesantiago.com/home?id=
myaccounts.posadadesantiago.com/test/Update.php?wShell=
wave.posadadesantiago.com/home/dwn.php?van=

# Reference: https://blog.alyac.co.kr/3352
# Reference: https://otx.alienvault.com/pulse/5fa1bb282c5efd7327b229a6

xeoskin.co.kr/wp/wp-includes/SimplePie/Net/

# Reference: https://twitter.com/cyberwar_15/status/1327040440189607936
# Reference: https://twitter.com/cyberwar_15/status/1327045373781635072
# Reference: https://twitter.com/cyberwar_15/status/1327403605825970176
# Reference: https://twitter.com/cyberwar_15/status/1327403626118094848

accountcheck.net
app.veryton.ml
appmedicine.whoint.cf
astrozeneca.ml
bidmc.accountcheck.net
daumi.club
daurn.ga
dup.photo.oiiio.ga
email-hanwha.pe.hu
genexine.member-info.net
jnj.accountcheck.net
kaist.r-naver.com
kari.gq
kimm.r-naver.com
krnvc.ga
logins.daumi.club
logins.daurn.ga
love.krnvc.ga
mail.astrozeneca.ml
member-info.net
oiiio.ga
on.color.oiiio.ga
r-naver.com
shinpoong.accountcheck.net
shinpoong.r-naver.com
shkj.hol.es
veryton.ml
webmail.kari.gq
whoint.cf

# Reference: https://twitter.com/RedDrip7/status/1329628989699235840
# Reference: https://otx.alienvault.com/pulse/5fb804ac581df7fe4f35bfd6
# Reference: https://www.virustotal.com/gui/file/9365ce79a51768a398cc22ec701d5f256de827fbefed283c933dea4052d66027/detection

pelebra.atwebpages.com

# Reference: https://twitter.com/jfslowik/status/1330611004456067073

asia-studies.net
itamaraty.net
midsecurity.org
netsecurityservice.com
securitycounci1report.org

# Reference: https://twitter.com/cyberwar_15/status/1332300116179312640

bidmc.accountcheck.net
genexine.member-info.net
jnj.accountcheck.net
shinpoong.accountcheck.net
shinpoong.r-naver.com

# Reference: https://twitter.com/cyberwar_15/status/1333181928606814211

daumusercenter.web.app

# Reference: https://twitter.com/cyberwar_15/status/1333767468473487363

autoway.huyndai.ml
huyndai.ml

# Reference: https://twitter.com/Timele9527/status/1333971180290592769

documentserver.site

# Reference: https://twitter.com/h2jazi/status/1339226171272286209
# Reference: https://blog.alyac.co.kr/3458 (Korean)
# Reference: https://otx.alienvault.com/pulse/5fdbc57a744937101f4f9adc

hahae.co.kr/new3/ISAF/Libs/php/cross.php

# Reference: https://twitter.com/RedDrip7/status/1336258913323216896
# Reference: https://www.virustotal.com/gui/file/1909010c264328edaf24cc2804d4f046aabd3c59de45e1d295d4155eb466d753/detection

price365.co.kr/abbi/json/ps/aa.php

# Reference: https://twitter.com/cyberwar_15/status/1343610577894088704
# Reference: https://www.virustotal.com/gui/ip-address/27.255.79.204/relations

bkl-co.ml
conm.ga
covision.tk
dongguk.ml
edongwon.ml
edongyang.ml
ejnuac.ml
ekecc.ml
ekoreapetroleum.ml
eland.ml
enepa.cf
esmec.ml
gwdeuac.ml
gwpancon.ml
imperial.fit
kangwon.ml
kccworld.ml
kyungnam.ml
kyungnam.tk
kyungshin.ml
leeko.ml
maeil.ml
miraeasset.ml
naver.srl
nexaemc.ml
nh-amundi.ml
onestorecorp.ml
s-food.ml
samyang.ml
sejonggroup.ml
slworld.cf
sogang.ml
tlbu.ml
webnaver.srl
wonik.ml
yncc.ml
zdnet.ga
email.dongwon.ml
email.dongyang.ml
email.jnuac.ml
email.kecc.ml
email.koreapetroleum.ml
email.nepa.cf
ext.imperial.fit
gwmail.deuac.ml
gwmail.pancon.ml
mail.bkl-co.ml
mail.conm.ga
mail.covision.tk
mail.dongguk.ml
mail.eland.ml
mail.esmec.ml
mail.kangwon.ml
mail.kccworld.ml
mail.kyungnam.ml
mail.kyungnam.tk
mail.kyungshin.ml
mail.leeko.ml
mail.maeil.ml
mail.miraeasset.ml
mail.naver.srl
mail.nh-amundi.ml
mail.onestorecorp.ml
mail.s-food.ml
mail.samyang.ml
mail.sejonggroup.ml
mail.slworld.cf
mail.sogang.ml
mail.tlbu.ml
mail.wonik.ml
mail.yncc.ml
mail.zdnet.ga
nidlogin.naver.srl
nmail.exaemc.ml
webmail.naver.srl

# Reference: https://twitter.com/cyberwar_15/status/1345704290069876736

karist.cf
kaist-ac.xyz
krfa.ml
veryton.ml
kaist.krfa.ml
kaist-ac.xyz
mail.kaist-ac.xyz
vpn.karist.cf
app.veryton.ml

# Reference: https://twitter.com/h2jazi/status/1347225069890789376
# Reference: https://www.virustotal.com/gui/file/18ee06625f7bddadafa8c256d63a123f4e69d5488f88828052fd7803b3aa8b3b/detection

cwda.co.kr/theme/basic/skin/new/basic/update/

# Reference: https://twitter.com/AnonySecAgency/status/1350988738973884418
# Reference: https://www.virustotal.com/gui/file/fd740b70649f06269bf8fe2d0d4fdd87d99606a7a666c4f6a2fc89bee70b6649/detection

connectter.atwebpages.com

# Reference: https://twitter.com/cyberwar_15/status/1352117474943135745
# Reference: https://twitter.com/cyberwar_15/status/1352117964527423490
# Reference: https://www.virustotal.com/gui/ip-address/121.78.88.85/relations

attach.ddns.net
bigfile-naver.servepics.com
cafe-daum.ddns.net
naver.serveblog.net
naver.servehttp.com

# Reference: https://twitter.com/ShadowChasing1/status/1358713278390673408
# Reference: https://www.virustotal.com/gui/file/39bd6b689b02d6dee329131a51aa09301889faf5698eeac0d02aef0ba47cf024/detection
# Reference: https://www.virustotal.com/gui/file/a8820cc75cd580c8eda747931eb36f5943cece48ba720af9771cf16490a78aa6/detection

reform-ouen.com/wp-includes/css/dist/nux/dotm/dwn.php

# Reference: https://twitter.com/ShadowChasing1/status/1362575412539183115
# Reference: https://www.virustotal.com/gui/file/115b9bf1c6f6040248dfa1a77044143dc318e3712ad613a022b4cced6007906f/detection

anpcb.co.kr/plugin/sns/facebook/src/update/normal.dotm

# Reference: https://twitter.com/AnonySecAgency/status/1366948179762024449
# Reference: https://www.virustotal.com/gui/file/73476d8ed35d6bbdaab3e7a17de7668af3860e994ac59107ecbe1aba7e40ace1/detection
# Reference: https://www.virustotal.com/gui/file/412baf955c1e256c4e8bf7e07ce0f1fbf14c03d11ed98932be45a58a14d55690/detection

monkey.funnystory.tech
seoul.lastpark.life

# Reference: https://twitter.com/ShadowChasing1/status/1368827485253627907
# Reference: https://www.virustotal.com/gui/file/e46887db62f3ee5583587531358e1b70cc8a171067fa4e1ae3e6693f7f9fc938/detection

koreacit.co.kr/skin/

# Reference: https://twitter.com/ShadowChasing1/status/1372464570183208961
# Reference: https://www.virustotal.com/gui/file/50d826640cc9ba66b789f0823f04308178b435f7eb39021bf7861061849f7efd/detection

inonix.co.kr/kor/board/widgets/mcontent/skins/tmp

# Reference: https://twitter.com/ShadowChasing1/status/1372537353311449091

waels.onlinewebshop.net/st/

# Reference: https://twitter.com/Xxx_8885/status/1373888922179170305
# Reference: https://twitter.com/Xxx_8885/status/1373889297414123521
# Reference: https://www.virustotal.com/gui/file/a030873cf5a9b8c76740a1ba9a4d28fc7acf4ce71ebebbe33a46be372f551004/detection
# Reference: https://www.virustotal.com/gui/file/a56163d758cd4a0a00e0991b7a4aecab35fdecb59df6d1821488826f8b37d7b9/detection
# Reference: https://www.virustotal.com/gui/file/e532685d362475dd3dec1aacedff87c7b32ec3573714a9f56ac87905fa13d66c/detection
# Reference: https://www.virustotal.com/gui/file/00bbab408dbc5c1a95143f75c282a74dddd5a87df533d7d198c1fc7eb2138269/detection
# Reference: https://www.virustotal.com/gui/file/a2465f753ff409cbd036cc0235704e3f49d9a52b8e4e2bc812428d7c8ea6f32b/detection

http://200.200.200.200/test/v.php
eucie091.myartsonline.com
eucie09111.myartsonline.com
ftcpark59.getenjoyment.net

# Reference: https://twitter.com/blackorbird/status/1377218251344633856
# Reference: https://twitter.com/RedDrip7/status/1377217232573321220

policy.webofknowledg.com
usamilitarysavings.webofknowledg.com
webofknowledg.com

# Reference: https://twitter.com/ShadowChasing1/status/1377841916948082689
# Reference: https://www.virustotal.com/gui/file/873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd/detection
# Reference: https://www.virustotal.com/gui/file/4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211/detection

pcsecucheck.scienceontheweb.net

# Reference: https://twitter.com/ShadowChasing1/status/1377900770629099530
# Reference: https://www.virustotal.com/gui/file/3dd9628b3f92a1f8c340e546343c1c1448de94212a9c19e83cae661eba2d1b37/detection

beilksa.scienceontheweb.net

# Reference: https://twitter.com/mg2_tracy1/status/1379269472926638081
# Reference: https://www.virustotal.com/gui/file/b89e79ee9c4834177cbabba9b265910a6a55c7defd2863cc1699753dbfa342b8/detection

baboivan.scienceontheweb.net

# Reference: https://twitter.com/h2jazi/status/1380510153397637127
# Reference: https://www.virustotal.com/gui/file/e6f0d7e114c04017b07f321ba4df440ff55718ef451b1a3cb0f1c0856bd1c86e/detection

pc.ac-kr.esy.es

# Reference: https://twitter.com/ShadowChasing1/status/1382509560179531782
# Reference: https://www.virustotal.com/gui/file/e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018/detection

wbg0909.scienceontheweb.net

# Reference: https://twitter.com/AnonySecAgency/status/1383241650319683590
# Reference: https://www.virustotal.com/gui/file/92b9933f3477241ffd92d0f76ef0dcf46730209a1ecab7eceb399d540530799f/detection

cuinm.huikm.kro.kr

# Reference: https://twitter.com/HONKONE_K/status/1386152816545128450
# Reference: https://www.virustotal.com/gui/file/4252c0b130be39bf2258c84c436c17babfd650b6d665ac6c4e050f87fe34e46e/detection

pootball.medianewsonline.com

# Reference: https://twitter.com/ShadowChasing1/status/1388522768111656963
# Reference: https://www.virustotal.com/gui/file/f8e972a26117bd14f5ec4dca9de0244d0bfd29bbbfd9104b2ccdc49fa93416d8/detection

ikpoo.cf
onedrive-upload.ikpoo.cf

# Reference: https://twitter.com/ShadowChasing1/status/1388529890614341635
# Reference: https://www.virustotal.com/gui/file/2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2/detection

riseknite.life
download.riseknite.life

# Reference: https://mp.weixin.qq.com/s/8RgFvA_rOR2nIGxjWbEq-w

travelmountain.ml
alps.travelmountain.ml

# Reference: https://twitter.com/h2jazi/status/1390734706103234561
# Reference: https://twitter.com/ShadowChasing1/status/1391620287024668679
# Reference: https://www.virustotal.com/gui/file/622cb6a772b0034f741aa58a50f1155a2a4240021c929d90fbed4182877fa579/detection
# Reference: https://www.virustotal.com/gui/file/2ed6b0e116a50ee9be7ac74b7be0e73ac4aeb15ddb9b42a1db5bcfba4dccdead/detection

mechapia.com/_admin/nicerlnm/web/style/list.php
mechapia.com/_admin/nicerlnm/web/style/css/

# Reference: https://twitter.com/ShadowChasing1/status/1391618560753999872
# Reference: https://twitter.com/ShadowChasing1/status/1391622743146188800
# Reference: https://www.virustotal.com/gui/file/2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2/detection
# Reference: https://www.virustotal.com/gui/file/fa4d05e42778581d931f07bb213389f8e885f3c779b9b465ce177dd8750065e2/detection
# Reference: https://www.virustotal.com/gui/file/2c796053053a571e9f913fd5bae3bb45e27a9f510eace944af4b331e802a4ba0/detection

chollian.ml
daom.ml
daum-accounts.cf
gmail-account.gq
gmrail.ml
grnail-login.ml
kisa-security.cf
letterpaper.press
live-sign.ml
natesec-page.ml
naver-security.cf
navor.ml
pcjindustries.com
riseknite.life
secure-dm.tk
seoul-kor.ml
seoul-kor.tk
travelmountain.ml
alps.travelmountain.ml
check.kisa-security.cf
download.riseknite.life
login.daum-accounts.cf
login.gmail-account.gq
login.live-sign.ml
login.natesec-page.ml
login.secure-dm.tk
logins.daom.ml
logins.daum-accounts.cf
new.seoul-kor.ml
nid-nav.navor.ml
nids.naver-security.cf
nids.navor.ml
outlook.seoul-kor.tk
signin.chollian.ml
signin.gmrail.ml
signin.grnail-login.ml
texts.letterpaper.press
webmail.pcjindustries.com

# Reference: https://twitter.com/sS55752750/status/1391765099992453125

flagguarder.site
glow.flagguarder.site

# Reference: https://twitter.com/h2jazi/status/1392128092840284164
# Reference: https://www.virustotal.com/gui/file/85847cad7f57db4534634d51f7e2c74a23719fcf74c891872d98e7c921f0fd56/detection

rukagu.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1392376928624013312

daum-attach.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1392284742163206146

yes24-mart.pe.hu

# Reference: https://twitter.com/ShadowChasing1/status/1394911946118295553
# Reference: https://twitter.com/ShadowChasing1/status/1394911948353859585
# Reference: https://www.virustotal.com/gui/file/9ba5266d806df037acb1144836c21b70c5fc0aa6820d2ce07ee28accdff6c9bf/detection

follcdn.myartsonline.com
sima.atspace.tv

# Reference: https://twitter.com/ShadowChasing1/status/1395684553507840003

yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php

# Reference: https://twitter.com/h2jazi/status/1395782753765974023

samsoding.homm7.gethompy.com/plugins/dropzone/min/css/list.php

# Reference: https://twitter.com/m0br3v/status/1399637361697378306
# Reference: https://twitter.com/ShadowChasing1/status/1399753970839547910
# Reference: https://www.virustotal.com/gui/file/fe1a734019f0dc714bd3360e2369853ea97c02f108afe963769318934470967b/detection

at-me.ml
kt1kreate.cf
ahn-lab.cf
snubh.r-e.kr
shore.ml
snu-h.ml
kumb.cf
naver-login.cf
naver-check.ml
snuh.r-e.kr
app.at-me.ml
sms.kt1kreate.cf
v3.ahn-lab.cf
mail.snubh.r-e.kr
anto.shore.ml
smtp.snu-h.ml
mail.kumb.cf
help.naver-login.cf
mail.naver-check.ml
mail.snuh.r-e.kr

# Reference: https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/
# Reference: https://otx.alienvault.com/pulse/60b66cda1f2d210aa677cfbe

gmail-account.gq
gmrail.ml
goggle.hol.es
googgle.kro.kr
google-manager.ga
google-signin.ga
grnail-login.ml
grnail-signin.ga
grnail-signing.work
ikpoo.cf
kr-infos.com
letterpaper.press
microsoft-office.us
mygoogle-signin.ga
mygrnail-security.work
mygrnail-signin.ga
mygrnail-signing.work
riseknite.life
travelmountain.ml
account.googgle.kro.kr
account.grnail-signin.ga
accounts.goggle.hol.es
accounts.google-manager.ga
accounts.google-signin.ga
accounts.grnail-signin.ga
accounts.grnail-signing.work
alps.travelmountain.ml
download.riseknite.life
login.gmail-account.gq
login.gmeil.kro.kr
myaccount.google-signin.ga
myaccount.google.newkda.com
myaccount.google.nkaac.net
myaccount.grnail-security.work
myaccount.grnail-signin.ga
myaccount.grnail-signing.work
myaccounts-gmail.autho.co
myaccounts-gmail.kr-infos.com
myaccounts.grnail-signin.ga
ns1.microsoft-office.us
ns2.microsoft-office.us
onedrive-upload.ikpoo.cf
protect.grnail-signin.ga
signin.gmrail.ml
signin.grnail-login.ml
texts.letterpaper.press
wscript.shell.run

# Reference: https://twitter.com/360CoreSec/status/1401863232835383302
# Reference: https://www.virustotal.com/gui/file/811b42bb169f02d1b0b3527e2ca6c00630bebd676b235cd4e391e9e595f9dfa8/detection

alyssalove.getenjoyment.net
smyun0272.blogspot.com

# Reference: https://twitter.com/ShadowChasing1/status/1402239834819743746
# Reference: https://www.virustotal.com/gui/file/934731692b12fd182acbc698dd3f8ef59984aa4e7ef56e124f9851852878817e/detection

manct.atwebpages.com

# Reference: https://twitter.com/h2jazi/status/1402267704610988033
# Reference: https://www.virustotal.com/gui/file/c362b4cb60edfa5bf17123845e59311335b03139d77ec27b9a9ffb7b31e60154/detection

quarez.atwebpages.com

# Reference: https://twitter.com/arphanetx/status/1403765541739941889
# Reference: https://www.virustotal.com/gui/file/9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9/detection

pollor.p-e.kr

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/Kimsuky%20APT%20Group%20targeted%20on%20South%20Korean%20defense%20and%20security%20departments.pdf

amikbvx.cf
at-me.ml
atooi.ga
bnmvg.cf
daum-or.ml
daum-vpn.ml
daums.cf
dmaccount.ml
gommi.ml
kakaoo.ml
kititi.ga
kumb.cf
may3.cf
nate-on.ml
nate-or.ga
naver-check.ml
onehappy.ml
outlookin.ml
pamik.cf
shore.ml
uhuioo.cf
wowow.ga
xdtgh.ga
yes24-mart.pe.hu
admin.daum-or.ml
anto.shore.ml
ao.nate-on.ml
app.at-me.ml
app.gommi.ml
apple.may3.cf
auth.daum-or.ml
dnhji.bnmvg.cf
exchange.amikbvx.cf
gate.uhuioo.cf
gom.kititi.ga
helper.onehappy.ml
imap.pamik.cf
mail.daums.cf
mail.dmaccount.ml
mail.kakaoo.ml
mail.kumb.cf
mail.naver-check.ml
mail.outlookin.ml
mail3.nate-or.ga
member.dmaccount.ml
members.daum-vpn.ml
owo.owo.wowow.ga
qygbn.xdtgh.ga
vpn.atooi.ga

# Reference: https://twitter.com/fuuuing_/status/1393102998532886531

fabre.myartsonline.com

# Reference: https://twitter.com/TeamT5_Official/status/1410206100033400838
# Reference: https://biz.chosun.com/policy/politics/2021/06/18/V4DTFCEXPRA4DFCBVVJO3DPR5I/ (Korean)
# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.48/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.107.63/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.112.49/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.114.89/relations

boryung.tk
cdaum.kro.kr
celltrion.ml
cimoon.ml
claum.ml
cloudmall.club
cnaver.kro.kr
csdaum.ga
dongguk.kro.kr
home-info.ml
jbnu.info
jbnu.ml
lottebp.ga
minia.ml
naver-in.ml
nhnems.nsec.kro.kr
nidcorp.n-e.kr
novavax.ml
nsec.nhnems.kro.kr
nsuites.ga
pagelock.host
uni-korea.ga
uni-tuebingen.buzz
uni-tuebingen.cf
xonate.kro.kr
admin.claum.ml
admin.naver-in.ml
alarm.naver-in.ml
aol.pagelock.host
app.seoul.minia.ml
celltrion.cloudmall.club
daum.home-info.ml
exchange.uni-tuebingen.buzz
exchange.uni-tuebingen.cf
helper.uni-korea.ga
home.xonate.kro.kr
its.jbnu.ml
mail.celltrion.ml
mail.naver-in.ml
mail.novavax.ml
manager.naver-in.ml
member.cdaum.kro.kr
member.csdaum.ga
member.daum.home-info.ml
member.dongguk.kro.kr
myinfo.cnaver.kro.kr
nhn.nsuites.ga
nhnems.nsec.kro.kr
nid.naver.home-info.ml
nidcorp.nsuites.ga
nidlogin.nidcorp.n-e.kr
nsec.nhnems.kro.kr
onedrive-upload.ikpoo.cf
onedrive.ikpoo.cf
user.lottebp.ga
user.naver-in.ml

# Reference: https://twitter.com/ShadowChasing1/status/1410887216956547076

atooi.ga
gommi.ml
kumb.cf
onono.ml
uhuioo.cf
app.gommi.ml
gate.uhuioo.cf
mail.kumb.cf
vpn.atooi.ga
go.onono.ml

# Reference: https://twitter.com/h2jazi/status/1411826239455760387
# Reference: https://www.virustotal.com/gui/file/79848ca15ec49057261b6ba52275692d131b8dd034ae9a4cca1e1b81d9e18b77/detection

chels.mypressonline.com

# Reference: https://twitter.com/k3yp0d/status/1415652277914939393

tbear.mypressonline.com

# Reference: https://twitter.com/higefox/status/1411884786323361792
# Reference: https://asec.ahnlab.com/ko/24834/
# Reference: https://asec.ahnlab.com/ko/25351/
# Reference: https://otx.alienvault.com/pulse/60f125c78978e02a40e00c85

benze.atwebpages.com
btige.myartsonline.com
ccav.myartsonline.com
chels.mypressonline.com
giruz.atwebpages.com
jupit.getenjoyment.net
lieon.mypressonline.com
lovel.myartsonline.com
lovels.myartsonline.com
mantc.getenjoyment.net
modri.myartsonline.com
obser.mygamesonline.org
ranso.myartsonline.com
rster.atwebpages.com
stair.atwebpages.com
stair.myartsonline.com
vbqwer.mypressonline.com
visul.myartsonline.com
warcr.onlinewebshop.net

# Reference: https://twitter.com/h2jazi/status/1417093562278240256
# Reference: https://www.virustotal.com/gui/file/d3138e7b0dcf5e916834b045c1b006a1cd223dca75626bd1354b47dbd0c63ae2/detection

1213rt.atwebpages.com

# Reference: https://twitter.com/fuuuing_/status/1417426427528417283

kimshan600000.blogspot.com

# Reference: https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ
# Reference: https://otx.alienvault.com/pulse/60ffcd56a7dc0038376fe52e

worldinfocontact.club
alyssalove.getenjoyment.net
hanlight.mygamesonline.org
kr2959.atwebpages.com
majar.medianewsonline.com
samsoding.homm7.gethompy.com
anpcb.co.kr/plugin/sns/facebook/src/update/normal.dotm
beilksa.scienceontheweb.net/cookie/select/log/tmp
beilksa.scienceontheweb.net/cookie/select/log/list.php
cwda.co.kr/theme/basic/skin/new/basic/update/Normal.dotm
cwda.co.kr/theme/basic/skin/new/basic/update/list.php
heritage2020.cafe24.com/plugin/kcpcert/bin/list.php
inonix.co.kr/kor/board/widgets/mcontent/skins/tmp
inonix.co.kr/kor/page/product/_notes/list.php
inonix.co.kr/kor/page/product/_notes/tmp/
koreacit.co.kr/skin/new/basic/update/temp
mechapia.com/_admin/nicerlnm/web/style/list.php
miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php
nuclearpolicy101.org/wp-admin/includes/0421/d.php
reform-ouen.com/wp-includes/css/dist/nux/dotm/dwn.php
yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php

# Reference: https://twitter.com/360CoreSec/status/1423561133873537024
# Reference: https://www.virustotal.com/gui/file/cd9421c332a2b90b26152f0e85a7db621306cd1daa70f30af3210895d2aeb577/detection

rhwkdlaktm.atwebpages.com

# Reference: https://twitter.com/ShadowChasing1/status/1446270087506194432
# Reference: https://www.virustotal.com/gui/file/82067ef8b907888f9fc27dd0630c37c95b0a55a7c225fb2d693115c41c7dd5be/detection

greatname.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1446278566564433939
# Reference: https://www.virustotal.com/gui/file/32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c

youtoboo.kro.kr
movie.youtoboo.kro.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446272122058280963

navercheck.kro.kr
nidlogin.navercheck.kro.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446271028481593365
# Reference: https://www.virustotal.com/gui/file/db88dc539bccce8c30e3ba6897171989c9a340f23075c614f3c5a73ae0160db1

tigerwood.tech
ppahjcz.tigerwood.tech

# Reference: https://twitter.com/ShadowChasing1/status/1446270634690895872
# Reference: https://www.virustotal.com/gui/file/324b2e2c0471e49c7cc07725a7d748041479714d265ec6dbf386edd3f619f03c

requests.p-e.kr
ping.requests.p-e.kr

# Reference: https://twitter.com/ShadowChasing1/status/1446269684072914946
# Reference: https://www.virustotal.com/gui/file/8e263345cfeda4eb6720c47d4eaaee236be294fda693d840199f221d6e1412c6

beast.16mb.com

# Reference: https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html

44179d6df22c56f339bf.blogspot.com
4b758c2e938d65bee050.blogspot.com
akf4tvrbmg.blogspot.com
amfuz2h5b2s.blogspot.com
byun70kh.mygamesonline.org
gyzang0826.blogspot.com
gyzang1.blogspot.com
gyzang58.blogspot.com
gyzang681.blogspot.com
gyzang682.blogspot.com
kimshan600000.blogspot.com
o61666ch.getenjoyment.net
pjeu1urxdnvef6twpveg.blogspot.com
rrmu1qrxdoekv6twc9pq.blogspot.com
smyun0272.blogspot.com
t22a44es.atwebpages.com
tvrbmkxqstbouzq0twk0ee9uaz0.blogspot.com
tvrfekxqrtvpqzr5tvrfdu5evt0.blogspot.com
tvrfeuxqrtfnqzr4t0m0ee5utt0.blogspot.com
twpbekxqsxpoqzr4txpvdu1uyzu.blogspot.com
vev4tkrrpq.blogspot.com
vgn5tvrrpq.blogspot.com
vgt5tvrnpq.blogspot.com

# Reference: https://twitter.com/h2jazi/status/1465402736996933640

3a8f846675194d779198.blogspot.com
0knw2300.mypressonline.com
faust22.mypressonline.com

# Reference: https://www.virustotal.com/gui/file/cb88d365011dce926afb1c04e6973f3d3db7135dd67d738e281f3690b8d9e6ef/detection

kr3753.atwebpages.com

# Reference: https://twitter.com/souiten/status/1473862308132651011

jinu1353.scienceontheweb.net

# Reference: https://twitter.com/souiten/status/1457946934623150090
# Reference: https://www.virustotal.com/gui/file/0cfa89348dc6007c89852907e464f3e91060e83665d6d62243be225c0e2e44a9/detection

gosiweb.gosiclass.com/m/gnu/convert/default/8ef014a/list.php

# Reference: https://twitter.com/Timele9527/status/1425640885811777542

helpnid.com

# Reference: https://twitter.com/cyberwar_15/status/1478572625291276291

com-trace.space
confirm-pw.link
navers.online
navers.store
navers.website
net-pass.store

# Reference: https://twitter.com/souiten/status/1472757875839619079
# Reference: https://www.virustotal.com/gui/file/2ef30a004e68213faa8cfef567af2292ff03f8ea9f273ae1c9c2b7845ba6ea87/detection

zippe.myartsonline.com

# Reference: https://blog.alyac.co.kr/3228?category=957259 (Korean)

pingguo2.atwebpages.com
ramble.myartsonline.com

# Reference: https://asec.ahnlab.com/ko/26183/
# Reference: https://otx.alienvault.com/pulse/6110fe0ab195f83ceb72fcff

dkekftks.atwebpages.com
dktkglrkshqhfn.atwebpages.com
tktlal2.atwebpages.com
tktlal3.atwebpages.com
tksRpdl.atwebpages.com

# Reference: https://twitter.com/ShadowChasing1/status/1482976392958865413

gooeglle.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1485607323154644999

bigfilemail.net
cmaildown.lovestoblog.com
msgbugreporting.lovestoblog.com
/wwwppp/index2.php

# Reference: https://twitter.com/ShadowChasing1/status/1489054323946319876
# Reference: https://www.virustotal.com/gui/file/5d25e53b59bd2dcf234c6819f8cd294efe6d943d04625b9d575002362794e74a/detection

com-info.store
ms-work.com-info.store

# Reference: https://twitter.com/jaydinbas/status/1493522324011851776
# Reference: https://www.virustotal.com/gui/file/3ca7067d60ee47be7448da74be7dab23699cda64cac7ed0cd7a2d219875cb902/detection

asenal.medianewsonline.com

# Reference: https://twitter.com/s1ckb017/status/1493907536117964802
# Reference: https://www.virustotal.com/gui/file/1fa38bd7a3d6a7b73ac4893bb7edc04fb3f56dcfad3b3e6b3fa6d4729add22e2/detection

byusunity.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1500778382966939653
# Reference: https://www.virustotal.com/gui/ip-address/161.97.100.171/relations

com-checking.link
com-pass.online
com-password.link
com-silver.site
jp-check.online
naver-active.online
certificate.medis.navers.store
com.com-pass.online
daum.confirm-pw.link
downfile.mybox.com-password.link
downfile.naver.com-pass.online
medis.navers.store
moue.naver-active.online
ms-work.com-pass.online
ms-work.com.com-pass.online
mybox.com-password.link
myetherwallet.com-checking.link
naver.com-pass.online
naver.com-silver.site
navers.com-checking.link
navers.com-silver.site
naverwebs.com-password.link
navrenewal.confirm-pw.link
neaply.naver-active.online
nib.com-checking.link
nic.navers.com-checking.link
nid.moue.naver-active.online
nid.naver-active.online
nid.navers.com-checking.link
nid.navers.confirm-pw.link
nid.navrenewal.confirm-pw.link
nid.neaply.naver-active.online
nld.naverwebs.com-password.link
nld.neaply.naver-active.online
nld.thus.navers.com-checking.link
nood.navers.jp-check.online
thus.navers.com-checking.link
uid.navers.com-silver.site

# Reference: https://www.virustotal.com/gui/file/0b2db410c50d9e4eb7e88177c463be3da5fff5527d9dc2ae10fa26ebe2721ef1/detection

healerboy.000webhostapp.com

# Reference: https://twitter.com/cyberwar_15/status/1507270188882067460

mailnotification.xyz
naveruser.com
nid.naver.com.pe
pay.naver.com.pe
report.mailnotification.xyz
star.mailnotification.xyz

# Reference: https://twitter.com/s1ckb017/status/1507316584079142915
# Reference: https://www.virustotal.com/gui/file/af6b98cabdaf0e3f12fd32509c6b99c141ce59bd73019730d85f66f41ca399da/detection

hannarng.kro.kr
update.hannarng.kro.kr

# Reference: https://twitter.com/souiten/status/1514440361887690753
# Reference: https://www.virustotal.com/gui/file/f28d087adb5f959c62e318d0a3c4639df5513781587aa46bb8df2521f7970ac5/detection

manage-box.com

# Reference: https://twitter.com/souiten/status/1519167359918911488
# Reference: https://www.virustotal.com/gui/file/2f7f3a86a868f6c5a85fb12fe028fd254cd9622075b179923187461c72d6aea0/detection

dusieme.com

# Reference: https://twitter.com/ShadowChasing1/status/1519514517465485312

uekaf.myartsonline.com

# Reference: https://twitter.com/InQuest/status/1521136176530436098
# Reference: https://www.virustotal.com/gui/file/5ed36771ac803408325326322f6909e8f768ed9a4c9e98217a82a66f71e7627d/detection

leehr36.mypressonline.com

# Reference: https://twitter.com/jaydinbas/status/1521408843774844929

weworld59.myartsonline.com

# Reference: https://twitter.com/h2jazi/status/1521906180553068546
# Reference: https://www.virustotal.com/gui/file/0e9689ea8056e3016ccc7fbfed31d8566403f394b68aceb69fb1a3dfec6b6f09/detection
# Reference: https://www.virustotal.com/gui/file/4b0202a8452fe202d25fc5c75aabef3ae52083d2edb7f57cbde02a1bca02a028/detection

attach.mail.daum.net/bigfile/v1/urls/d/exeuQzisacbcTtb5my1snadAn5Q/8nrA37fWtx1JOg3Vo6Jufg
attach.mail.daum.net/bigfile/v1/urls/d/6akA_Jg1Chbl_TcCTytJJQk4mfE/-z8Vw6BjxQC7ds4lmMKxpA

# Reference: https://twitter.com/BlackLotusLabs/status/1524012722622386176
# Reference: https://twitter.com/BlackLotusLabs/status/1524012726133178374
# Reference: https://www.virustotal.com/gui/file/99e58217d03645fe15ae19476554965e93e3d5f50deb85b515eb5543573f9007/detection

trueliebe.com

# Reference: https://asec.ahnlab.com/en/34694/
# Reference: https://twitter.com/malwrhunterteam/status/1525046722120097798
# Reference: https://twitter.com/ShadowChasing1/status/1525070825480949761
# Reference: https://www.virustotal.com/gui/file/2c20ac485fd55bd1a5c4b75c5ba521e5b19912325737617178dfcb5a4e408aef/detection

mc.pzs.kr/themes/mobile/images/about/temp/attach
mc.pzs.kr/themes/mobile/images/about/temp/upload
mc.pzs.kr/themes/mobile/images/about/temp/upload/lib.php
mc.pzs.kr/themes/mobile/images/about/temp/upload/list.php
mc.pzs.kr/themes/mobile/images/about/temp/attach/attach.docx

# Reference: https://asec.ahnlab.com/ko/34883/
# Reference: https://otx.alienvault.com/pulse/629714934cca82a7351d5254

fedra.p-e.kr
leomin.dothome.co.kr
printware2.000webhostapp.com

# Reference: https://twitter.com/blackorbird/status/1534127714336055296

ielsems.com
worldinfocontact.club

# Reference: https://twitter.com/cyberwar_15/status/1536865901899022336

cloudfiles.epizy.com
clouds.great-site.net
fils.clouds.great-site.net
joongang.epizy.com
daum.cloudfiles.epizy.com
kakao.cloudfiles.epizy.com
khu.cloudfiles.epizy.com
konkuk.cloudfiles.epizy.com
naver.cloudfiles.epizy.com
snu.cloudfiles.epizy.com

# Reference: https://twitter.com/cyberwar_15/status/1550740560033779713
# Reference: https://twitter.com/cyberwar_15/status/1547107301949308928

cdndaum.online
marsus.online
navecom.website
naveos.online
naveos.tokyo
naver-sec.site
navow.website
nonghyup.website
oneearthfuture.online 
private-banking-group.com
sslnaver.online
unifiedworldwideexpress.com
cood.nonghyup.website
nid.nonghyp.com-checking.link
nld.naveos.tokyo
noid.naveos.online
nong.navow.website

# Reference: https://twitter.com/h2jazi/status/1551566274664300544
# Reference: https://www.virustotal.com/gui/file/e59f0aa13e2da2a0cd5c07e882014d9b37927b9bd9a493f83c2bcb103e5a739c/detection

asssambly.mywebcommunity.org

# Reference: https://twitter.com/blackorbird/status/1552846355613097984
# Reference: https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
# Reference: https://github.com/volexity/threat-intel/blob/main/2022/2022-07-28%20SharpTongue%20SharpTongue%20Deploys%20Clever%20Mail-Stealing%20Browser%20Extension%20SHARPEXT/indicators.csv

gonamod.com
siekis.com
worldinfocontact.club

# Reference: https://twitter.com/Des00464472/status/1550410336364527616

aire.us.to

# Reference: https://twitter.com/Des00464472/status/1529321196231487488

naverauthority.com

# Reference: https://twitter.com/Des00464472/status/1408013493358391296

preledd.club

# Reference: https://twitter.com/Des00464472/status/1554308879139618817

protect-team.n-e.kr
mail.protect-team.n-e.kr

# Reference: https://twitter.com/cyberwar_15/status/1559744857023062017

net-all.website
daum.net-all.website
kakao.net-all.website
onedrive.net-all.website
yahodrive.net-all.website
yandex.net-all.website

# Reference: https://twitter.com/PhantomXSec/status/1561490582513496064

bybitesupport.com
drivergooogles.com
kakaosupport.com

# Reference: https://twitter.com/PhantomXSec/status/1561738109884059649
# Reference: https://www.virustotal.com/gui/ip-address/51.195.155.36/relations

navericorp.com
nid.navericorp.com
avlinkt.online
avlinkx.online
avlinky.online
avlinkz.online
cutalink.store
cutblink.store
cutclink.shop
cutdlink.shop
linkurla.online
linkurlb.online
linkurlc.online
linkurld.online
midalink.live
midamain.shop
midaurl.site
midaurl.tech
midblink.xyz
midbmain.shop
midburl.site
midburl.tech
midclink.xyz
midcmain.click
middmain.click
movelinka.online
movelinkb.online
movelinkc.online
movelinkd.online
navurla.tech
netalink.space
netblink.space
netclink.store
netdlink.store
nilinks.online
nilinkt.online
nilinku.online
nlinka.link
nlinka.online
nlinkb.link
nlinkb.online
nlinkc.link
nlinkc.online
nlinkd.link
nlinkd.online
nlinke.link
nredia.tech
nredib.link
nredic.link
nredid.link
nredie.link
nredif.link
nredif.live
nredig.link
nredirea.live
nredireb.live
nredirec.live
nredirecti.tech
nredirectj.tech
nredirectk.tech
nredired.live
nserva.link
nserva.live
nservb.link
nservb.live
nservc.link
nservc.live
nservd.link
nservd.live
nserve.live
nshortlinka.live
nshortlinkb.live
nshortlinkc.live
nshortlinkd.live
nshortlinke.live
nurla.link
nvurli.online
nvurlu.online
nvurly.online
reashow.live
rebshow.live
recshow.live
redalink.xyz
redclink.xyz
redelink.tech
redflink.tech
redireact.online
redirebct.online
redirecct.online
rediurla.live
rediurlb.live
rediurlc.live
rediurld.live
redomain.info
redombin.info
redserva.online
redservb.online
redservc.online
redservd.online
redshow.live
shortacut.tech
shortanet.click
shortaurl.site
shortbcut.tech
shortbnet.click
shortburl.site
shortccut.info
shortcurl.site
shortcuta.online
shortcuta.xyz
shortcutb.online
shortcutb.xyz
shortcutc.online
shortcutc.xyz
shortcutd.online
shortcutd.xyz
shortdcut.info
shortdurl.site
shortlinka.xyz
shortlinkb.xyz
urlalink.info
urlblink.info
urlclink.info
urldlink.info
help.nredid.link
port.movelinkb.online
port.nredig.link
port.nservc.link
port.nservc.live
port.nshortlinke.live
port.redserva.online
postgres.nlinkd.online

# Reference: https://twitter.com/RedDrip7/status/1562282889693126659
# Reference: https://www.virustotal.com/gui/file/6a435e2aab6dce39d626eacb39fc964967e35e94abf513da0f6511ab7b1f826e/detection

uppgrede.scienceontheweb.net

# Reference: https://securelist.com/kimsukys-golddragon-cluster-and-its-c2-operations/107258/

225b4d3c305f43e1a590.blogspot.com
3a8f846675194d779198.blogspot.com
c52ac2f8ac0693d8790c.blogspot.com
leejong-sejong.blogspot.com
21nari.getenjoyment.net
21nari.mypressonline.com
21nari.scienceontheweb.net
attach.42web.io
attachment.a0001.net
bigfile.totalh.net
chmguide.atwebpages.com
chunyg21.sportsontheweb.net
clouds.rf.gd
glib-warnings.000webhostapp.com
global.onedriver.epizy.com
global.web1337.net
hochdlincheon.mypressonline.com
hochuliasdfasfdncheon.mypressonline.com
hochulidncheon.mypressonline.com
hochulincddheon.mypressonline.com
hochulincheon.mypressonline.com
hochulindcheon.mypressonline.com
hochulindddcheon.mypressonline.com
hochulinsfdgasdfcheon.mypressonline.com
koreajjjjj.atwebpages.com
koreajjjjj.sportsontheweb.net
kpsa20201.getenjoyment.net
leehr24.mywebcommunity.org
weworld78.atwebpages.com
weworld79.mygamesonline.org
yulsohnyonsei.atwebpages.com
yulsohnyonsei.atwewbpages.com
yulsohnyonsei.medianewsonline.com

# Reference: https://twitter.com/RedDrip7/status/1563074487452848128
# Reference: https://www.virustotal.com/gui/ip-address/216.189.154.6/relations
# Reference: https://www.virustotal.com/gui/file/7903bdf0976d5c6f3c28abf40c41414380f4494a8bf72af9e27ff810599faaf2/detection
# Reference: https://www.virustotal.com/gui/file/f63ff642e7025db96d6ebbd6da26aa9cece4f132891ce2a8385d7c034a7ead25/detection
# Reference: https://www.virustotal.com/gui/file/db18e23bebb8581ba5670201cea98ccf71ecea70d64856b96c56c63c61b91bbe/detection

accountverify.hmail.us
office.pushitlive.net
qwert.mine.bz

# Reference: https://twitter.com/Jup1a/status/1562720823869583360
# Reference: https://www.virustotal.com/gui/file/a0fddbb638fc4f3ba4cefc0707226e8c01eefd98f78d6a9b4fbca1ba74b21adf/detection

sectionss.scienceontheweb.net

# Reference: https://twitter.com/Des00464472/status/1564151538553352193
# Reference: https://www.virustotal.com/gui/ip-address/210.16.120.163/relations

xxdzts.com
autoconfig.xxdzts.com
autodiscover.xxdzts.com
mail.xxdzts.com

# Reference: https://twitter.com/ShadowChasing1/status/1568061411011760129

aasssambly.mywebcommunity.org

# Reference: https://twitter.com/PhantomXSec/status/1567738114638237697
# Reference: https://twitter.com/PhantomXSec/status/1567733296083398656
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.84/relations
# Reference: https://virustotal.com/gui/ip-address/61.97.251.247/relations

daum-master.com
daum-security.com
daurn.net
help-naver.com
kk01aodia.cfd
kk03aidoa.cfd
kk06aiaoa.cfd
logincommandserver.store
logincookieserver.store
naccountguardcom.store
naccountserver.store
naccountstorecomservice.store
naver-edoc.com
naver-edocu.com
naveradmin.center
naverc0rp.com
navercorp.date
navernail.eu
naverscenter.com
naverssl.com
ncontrolhome.store
ncookiedefenderlog.info
ncorpguardteamlog.info
ncorpmailserver.store
ncorpmailservice.store
ncorpvisitlogin.store
ndefendercenter.store
ndefenderserver.store
nenterservice.store
ngeniuscom.store
ngeniusserver.store
nguardiancomserver.store
nguardianserver.store
nguardteamlog.info
nhelpserver.store
nhelpservice.online
nhomedefender.store
nhomedefendercom.store
nhomemailserver.store
nhomeserver.store
nhomeservercom.store
nhomeserveron.store
nhomeservervisit.store
nhomeservice.store
nmailcorponline.store
nmailservicelogcom.store
nonhomeservice.store
nonlinehomeserver.store
nonlinemailserver.store
nonlinemailservice.store
nonlineservicecom.store
nonlinevisitserver.store
nprotectercom.store
nprotecthome.store
nprotectorhelp.store
nsafecenter.store
nsafeguardteam.store
nsafehelper.store
nsafeserver.store
nsafeservicemode.store
nservercommander.info
nserveronline.store
nserversafemode.store
nservicecentercom.store
nservicecenterlog.info
nservicecommanager.store
nserviceguardian.store
nservicehome.site
nservicehomelog.store
nservicemanage.store
nservicemanagercom.store
nservicemodehome.store
nserviceteamcom.info
nvisitservercom.store
nvisitservercominfo.info
onlinenservercom.store
onlinenservicesite.store
onlinensitecom.store
peacer.store
policeserveronline.cfd
policeservicecom.cfd
qq02aiai.cfd
qq07pizd.cfd
qq10aiai.cfd
sec-naver.com
ss10aidiaua.cfd
ss11siaidoao.cfd
ss14aidoaisis.cfd
ss15aidiaoa.cfd
ss1aiaoaidde.cfd
ss3aidiaodiaa.cfd
ss4aidiaodifia.cfd
ss5aidoaidiaoa.cfd
ss7iaiaoaoa.cfd
visitnservercom.store
visitserviceguardcom.store
zz01aqwes.cfd
zz03amcnc.cfd
zz05iolnc.cfd
zz06ioncc.cfd
zz08vnbvi.cfd
zz15ijnvc.cfd
zz19eridn.cfd
zz24nzcij.cfd
6xv2abhu1nc0.help-naver.com
6xv2abhu1nc0.sec-naver.com
7nv42j9qxt140.help-naver.com
7nv42j9qxt140.sec-naver.com
ad.daurn.net
cafe.daurn.net
gud2abhu1nc0.help-naver.com
gud2abhu1nc0.sec-naver.com
m.cafe.daurn.net
nid.naverssl.com
nidiogin.naverc0rp.com
nidlogin.naverc0rp.com
nidlogin.navercorp.date
nids.naverscenter.com
ns.naverssl.com
rcaptcha.help-naver.com
rcaptcha.sec-naver.com
sks1.smartvpn.pe.kr
smartvpn.pe.kr
static.help-naver.com
static.sec-naver.com
uns.naverssl.com
wat.ad.daurn.net

# Reference: https://twitter.com/cyberwar_15/status/1567828108790890498

certuser.info
koreailmin.com

# Reference: https://twitter.com/PhantomXSec/status/1566863825999400960
# Reference: https://www.virustotal.com/gui/ip-address/38.132.122.162/relations

accounts-kakao.date
cds.naver2.info
com2.space
com3.top
hello.naver2.info
help2.top
help2.xyz
member2.download
naver-corp.top
naver-corp.xyz
naver.com3.top
naver.help2.xyz
naver.member2.download
naver2.eu
naver2.info
naver2.space
naver2.top
naver2.xyz
naver3.space
naver3.xyz
naver4.info
navercorp.top
navercorp.world
navercorp1.xyz
navercorp2.space
navercorp2.top
navercorp2.xyz
navercorp3.xyz
naverpwd.space
naverpwd.top
naverpwd.world
naverpwd.xyz
nid-naver.top
ro.naver2.info
sync-t1.naver2.info
tm.naver2.info
us7lb-cdn.naver2.info

# Reference: https://twitter.com/Des00464472/status/1568885820031135744
# Reference: https://www.virustotal.com/gui/ip-address/104.128.239.16/relations

hiworks.ga
insopack.mcsoft.org
myclouds.r-e.kr
office.hiworks.ga
softmail.kro.kr
app.softmail.kro.kr
office.myclouds.r-e.kr

# Reference: https://twitter.com/ShadowChasing1/status/1570601703598338049
# Reference: https://www.virustotal.com/gui/file/d3930b2494f45bb2c169124d4a39308303b9e8e87043afc54327c1e2a378e4e0/detection

cuts.dothome.co.kr
napoyo.mypressonline.com

# Reference: https://twitter.com/Des00464472/status/1570558688267739138

navers.tech
confluence.navers.tech
myboxs.navers.tech
myboxes.navers.tech
nied.navers.tech
techmyboxes.navers.tech

# Reference: https://twitter.com/ShadowChasing1/status/1576944331050471425
# Reference: https://www.virustotal.com/gui/file/f03a7a96e3ce5e35dd52ce026266b68aa35301828f1d909d858658051371473d/detection

krinnsnail.sportsontheweb.net/file/upload/list.php

# Reference: https://twitter.com/ShadowChasing1/status/1580001848211410944
# Reference: https://www.virustotal.com/gui/file/e1c09e045af8b7301390cd9619e3cca7a96d9d2bba2b5fc3385a093f3d69b6b4/detection

wayna.myartsonline.com

# Reference: https://twitter.com/cyberwar_15/status/1585965668054073345

docxpcgle.epizy.com
imhyoj8.myartsonline.com

# Reference: https://twitter.com/souiten/status/1592758204198719488
# Reference: https://www.virustotal.com/gui/file/2e1aca8c86562cc52b8bee6ecc45dabb1c11ebba94c81b059d8859a1b263f1e7/detection

yundy.mypressonline.com

# Reference: https://twitter.com/cyberwar_15/status/1575476579639078913

attachnents.epizy.com
cloud.kcrea.rf.gd
ewha-cloud.epizy.com
clouds.kvongnum.rf.gd
files.khu.rf.gd

# Reference: https://asec.ahnlab.com/ko/42163/ (Korean)
# Reference: https://otx.alienvault.com/pulse/63766a570640a9c4b0bd052d

jojoa.mypressonline.com
okihs.mypressonline.com

# Reference: https://twitter.com/ThreatBookLabs/status/1593523949664493568

quickedit.o-r.kr
www1.quickedit.o-r.kr

# Reference: https://twitter.com/souiten/status/1603398380687790080
# Reference: https://www.virustotal.com/gui/file/b9dcf7fe7e8ba30d363a19c2c43fc3eea93d281b10f6ee89cffe2a3e533af442/detection

infotechkorea.com

# Reference: https://twitter.com/ThreatBookLabs/status/1607989665487032320

m6.p-e.kr

# Reference: https://asec.ahnlab.com/en/44680/
# Reference: https://otx.alienvault.com/pulse/63a5a4e0a2d0a650343cda1c

3.supports.o-r.kr
conf.simpleedit.n-e.kr
configment.p-e.kr
dashboard.quikveoriy.o-r.kr
digital.pepperbank.kro.kr
foward.viewpropile.p-e.kr
heungkukfire.p-e.kr
inglife.kro.kr
k-bank.o-r.kr
k-bank1.kro.kr
kakaosaving.kro.kr
kamco.kbloan.kro.kr
kamco.kbloan.r-e.kr
kamco.webs.kro.kr
kbank.o-r.kr
kbloan.r-e.kr
naver.o-r.kr
naver65.n-e.kr
nhlife.kro.kr
pepperbank.kro.kr
quikveoriy.o-r.kr
secure-edit.n-e.kr
simpleedit.n-e.kr
smartshinhan.kro.kr
supports.o-r.kr
tos.p-e.kr
user2list.kro.kr
viewpropile.p-e.kr
w1.user2list.kro.kr
w3.secure-edit.n-e.kr
webs.kro.kr
wvw1.user2list.kro.kr
wvw3.secure-edit.n-e.kr
wwv3.supports.o-r.kr
www2.configment.p-e.kr

# Reference: https://twitter.com/souiten/status/1614811574119849989
# Reference: https://www.virustotal.com/gui/file/4e5ef5933078edeb09fd7d44f90843f4a221c1754d9d15a39aded79416b40779/detection

ielsd.myartsonline.com

# Reference: https://asec.ahnlab.com/en/45658/
# Reference: https://otx.alienvault.com/pulse/63c81a99d295f5fc0e67b465

lifehelper.kr

# Reference: https://twitter.com/StopMalvertisin/status/1622820104236077056

hydrotec.co.kr/bbs/img/cmg/upload2/
hydrotec.co.kr/bbs/img/cmg/upload3/

# Reference: https://twitter.com/StopMalvertisin/status/1621390517249654785
# Reference: https://www.virustotal.com/gui/file/a2e6e833947a1d5c526c0c2d6943e35bad9cbe22b52a6f7013ab8c1de0aa2d31/detection

jooshineng.com
/gnuboard4/adm/img/ghp/up/

# Reference: https://twitter.com/StopMalvertisin/status/1620651498014404608
# Reference: https://www.virustotal.com/gui/file/38640d508c137d0e05c6d34d6bf5618095baed364482baef908fe1d7b2310e15/detection

hkisc.co.kr/gnuboard4/bbs/img/upload/list.php
/gnuboard4/bbs/img/upload/

# Reference: https://twitter.com/StopMalvertisin/status/1626528455289610241
# Reference: https://www.virustotal.com/gui/file/97516e5250e44461a479de391daa0538b9714346263577bcb61961c1991efb27/detection

globalinbest.com
/src/bbs/sec/img3/

# Reference: https://twitter.com/fmc_nan/status/1635537014891372545
# Reference: https://www.virustotal.com/gui/file/8ac8eedfc8a155066915aed214dbf78c1f200124e5663b35f1935f31576fb71e/detection
# Reference: https://www.virustotal.com/gui/file/cd127b2f17e686c77898d0ed8b5325503fcbc9dbc4c9b63c7ae8722089db7564/detection

nideso.mywebcommunity.org

# Reference: https://twitter.com/StopMalvertisin/status/1635933718618734593
# Reference: https://www.virustotal.com/gui/file/451f50db8bc6719f3d34abc3ee3b907ac999c4139b58cab91066248d3b04c80f/detection

eum-it.co.kr/gnuboard4/bbs/img/upload/
/gnuboard4/bbs/img/upload/

# Reference: https://asec.ahnlab.com/en/49295/
# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-14-v10267/358
# Reference: https://otx.alienvault.com/pulse/64120cb4ea4bae2a4dbdf8d8

ria.monster
mp_eval_r.ria.monster
mpevalr.ria.monster
mpevlar.ria.monster
viewfile.ria.monster
/SmtInfo/show.php

# Reference: https://twitter.com/asdasd13asbz/status/1636173992695582720
# Reference: https://www.virustotal.com/gui/file/d0ec6d91cf9e7c64cf11accadf18f8b5a18a10efbecb28f797b3dbbf74ae846d/detection

http://172.93.193.158

# Reference: https://twitter.com/ShadowChasing1/status/1636391606592094208
# Reference: https://www.virustotal.com/gui/file/4e9d8f2d6bd17f71ed2a6c356deebc87801e413aad931b7ae1a70a8aa431d007/detection

breezyhost.net

# Reference: https://twitter.com/fmc_nan/status/1636667175913287680

delps.scienceontheweb.net/ital/info/list.php
delps.scienceontheweb.net/ital/info/sample.hwp

# Reference: https://asec.ahnlab.com/ko/50394/ (Korean)
# Reference: https://www.virustotal.com/gui/file/7a45a529b275cfaa6ebde88bf00413a11c0f701bf9e1e7e93ef27423fd17e3f5/detection

zetaros.000webhostapp.com

# Reference: https://twitter.com/BridewellCTI/status/1640376166858063874
# Reference: https://twitter.com/MichalKoczwara/status/1640393007382904851
# Reference: https://www.bridewell.com/insights/news/detail/bridewell-intelligence-report-kimsuky-apt-group---key-insights-for-uk-energy-cisos

aontechu.com
bsconvid.info
cdn-smtp.com
cereoni.org
cgui.eu
cmember.info
daumblog.eu
dmrxcloud.com
dreamhosregister.eu
edronium.com
gmember.eu
gmember.info
innovace.info
kakao-privacy.com
kakao-security.com
msn-imap.com
ncop.info
onkrdot.info
ontechvip.eu
publishhostmap.shop
umember.info
wordpress1s.xyz
accountc.gmember.eu
fqdn.nid.sslnaver.online
kr4.wordpress1s.xyz
logins.cdndaum.online
mail.cdndaum.online
nid.sslnaver.online
tls.publishhostmap.shop
web.publishhostmap.shop
web.sslnaver.online
webmail.dreamhosregister.eu

# Reference: https://twitter.com/ni_fi_70/status/1566770766389149696
# Reference: https://www.verfassungsschutz.de/SharedDocs/publikationen/EN/prevention/2023-03-20-joint-cyber-security-advisory.pdf
# Reference: https://otx.alienvault.com/pulse/641dd2ad4310d178a4c6766e

navernnail.com

# Reference: https://twitter.com/souiten/status/1645307251903840257
# Reference: https://www.virustotal.com/gui/file/0d663b9907a34604f120963b64a763c472e7e896857728199d3df912c93208a0/detection

messydoan.000webhostapp.com
mvix.xn--oi2b61z32a.xn--3e0b707e

# Reference: https://twitter.com/suyog41/status/1647956514005450752
# Reference: https://www.virustotal.com/gui/file/b92cb632535fd8b5c3863635b980611deae61420d76158fc6e7b307518302490/detection
# Reference: https://www.virustotal.com/gui/file/9fcd77ff9ec8a0b701316c3d45d4e6f7a0f012f5c2254a77628d233045839a7d/detection
# Reference: https://www.virustotal.com/gui/file/4f1081d688ba2477e097ebbbf0cce4048dbe9134da526949ae6e729f7b0494de/detection
# Reference: https://www.virustotal.com/gui/file/35cb65a70e8296aafd09b7550b13da2255bed9c30d6f284cce395e8e4532804c/detection

ibsq.co.kr/config/demo.txt
ibsq.co.kr/m.layouts/demo.txt
ibsq.co.kr/config
ibsq.co.kr/m.layouts

# Reference: https://twitter.com/malwrhunterteam/status/1648601223245725696
# Reference: https://www.virustotal.com/gui/file/6bab11d9561482777757f16c069ebef3f1cd6885dbef55306ffde30037a41d48/detection

xn--vn4b27hka971hbue.kr

# Reference: https://www.virustotal.com/gui/file/1ec4d60738a671f00089a86eeba6cb13750bce589e84fd177707718a4cc7d8f1/detection

partybbq.co.kr

# Reference: https://twitter.com/malwrhunterteam/status/1653682472163368960
# Reference: https://www.virustotal.com/gui/file/8cc66e4069a30885202b0328407ff167671133a1a539808c48f12928348744e0/detection

inspa.studioguy.com/bbs/data/bbs15/context.php
inspa.studioguy.com/bbs/data/bbs15/inquire.php
/bbs/data/bbs15/context.php
/bbs/data/bbs15/inquire.php

# Reference: https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/

mitmail.tech
newshare.online
rfa.ink
yonsei.lol
/bio234567890rtyui/
/bio433ertgd12/

# Reference: https://twitter.com/h2jazi/status/1658133904618934272
# Reference: https://www.virustotal.com/gui/file/76b2f8df4578d65d5b6d57af8784584c1bcf86402d964b567db58e63723b636c/detection
# Reference: https://www.virustotal.com/gui/file/bbcfcc719190f0a2c687778d5d2fd5c6e345d64f44a01b26d33b7df20e099d6f/detection

com-port.space
file.com-port.space

# Reference: https://www.virustotal.com/gui/ip-address/61.195.126.150/relations

blog.de-file.online
cf-health.click
com-def.asia
com-otp.click
com-people.click
com-port.space
com-price.space
com-www.click
de-file.online
kr-angry.click
kr-me.click
mid.navers.blog.de-file.online
navers.blog.de-file.online
navers.com-otp.click
navers.com-price.space
navers.de-file.online
nld.navers.de-file.online
uid.navers.com-price.space
uld.navers.com-otp.click

# Reference: https://www.virustotal.com/gui/ip-address/157.7.184.26/relations

bid.cyberestate.de-bat.click
bld.cyberestate.de-bat.click
blog.mpevalr.com-def.asia
com-coffee.click
com-def.asia
com-port.space
cyberestate.de-bat.click
de-bat.click
de-two.website
k-ac.net
logins.nlfty.com-coffee.click
mpevalr.com-def.asia
navers.blog.mpevalr.com-def.asia
nld.navers.blog.mpevalr.com-def.asia
nlfty.com-coffee.click
point.com-def.asia
smart.com-coffee.click
smart.de-bat.click
sniperman.click
view.sniperman.click

# Reference: https://www.virustotal.com/gui/file/fd63e26bd09fd13d86d4505d9aa53c4bf599f9de954e7bccfa01179fd644d218/detection

trusteer.ink

# Reference: https://twitter.com/malwrhunterteam/status/1656946771053150208
# Reference: https://www.virustotal.com/gui/file/42f76f37742103bd599a68ef508b515efeb9e9ffddbfdcc43eb552b70b2440e9/detection
# Reference: https://www.virustotal.com/gui/file/cca4e9fc00647b644d334b2bab03d1a9acb23f7492c7c5aa2d283be78b87d67d/detection

jeannecampos.com/wp-includes/certificates/ca-bundle.php

# Reference: https://twitter.com/StopMalvertisin/status/1669259390237708291
# Reference: https://www.virustotal.com/gui/file/de2fd62fafe61f46ad967c84dd7fbca80d31ad4729fed051d527d9ba45857fd6/detection

sendlucky.scienceontheweb.net

# Reference: https://twitter.com/StopMalvertisin/status/1669379338691837953
# Reference: https://twitter.com/StopMalvertisin/status/1669379341820792832
# Reference: https://www.virustotal.com/gui/file/2763ddf592130cd80198fb60546dfb28de5f647df34522e4ab58a8bf5e63b769/detection
# Reference: https://www.virustotal.com/gui/file/0d19cf462bd2b5f84a7525575031de032db6df30925ef86ac1a9f4441ecce9f3/detection

greenspace1.com
html.gethompy.com
well-story.co.kr
/gnuboard4/bbs/pnger/
/gnuboard4/bbs/pnger/main.php
/gnuboard4/bbs/pnger/stdio.php

# Reference: https://asec.ahnlab.com/en/55145/

getara1.mygamesonline.org
pikaros2.r-e.kr

# Reference: https://twitter.com/0x0v1/status/1683434522413547521

bandi.tokyo
one.bandi.tokyo

# Reference: https://www.virustotal.com/gui/file/928e61590b2c4acf3991bd4327c5107c1cfd2604d992647c4e63bd1d620ff636/detection

partner24.kr/mokozy/hope/kk.php
/mokozy/hope/kk.php

# Reference: https://twitter.com/tiresearch1/status/1686258180819730432

3group-view.click
3group-view.space
appfile.click
com-file.space
db-wine.click
direct-million.online
file-hide.click
file-vip.space
go-wt.space
mi-eve.click
mufg.wiki
nr-token.space
otp-kr.space
toss-tree.click
wide-org.click

# Reference: https://twitter.com/ThreatBookLabs/status/1686363399679029249

com-in.asia
file-mango.space
ne-point.space
value-domain-com.site

# Reference: https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/
# Reference: https://otx.alienvault.com/pulse/64805aad021906141c79aec0

nknews.pro
staradvertiser.store

# Reference: https://twitter.com/tiresearch1/status/1688552033245409280

mz-ftp.online
net-doc.click

# Reference: https://twitter.com/tiresearch1/status/1691131020517707776

do-can.click
mz-follia.space

# Reference: https://twitter.com/ginkgo_g/status/1692029899094274388
# Reference: https://www.virustotal.com/gui/file/470027cf8dd33b201b465b109a9876d0a75667be907af770eb76ff5798496ae4/detection

grekop.online

# Reference: https://twitter.com/ginkgo_g/status/1692068693113737630
# Reference: https://www.virustotal.com/gui/file/c676e9b009913bf55372fc756c6d7a19b51528e2f20ff598be2f953e5f78c754/detection

steeringsvr.online

# Reference: https://asec.ahnlab.com/en/54678/
# Reference: https://otx.alienvault.com/pulse/649304a4045008836f16efac

vndjgheruewy1.com

# Reference: https://twitter.com/tiresearch1/status/1694250245486748033

no-one.click

# Reference: https://twitter.com/souiten/status/1697515866148270249
# Reference: https://www.virustotal.com/gui/file/821b43f3151e568ebf436a05928909968ace706049e09feeec448a3efe9af67c/detection

http://43.201.69.58
43.201.69.58:8080

# Reference: https://twitter.com/ginkgo_g/status/1702242436632945025
# Reference: https://www.virustotal.com/gui/file/1426269940ef6036941ccfbf68b0b65259bc72918f30481465a11d8b97250f07/detection

isujeil.co.kr/pg/adm/img/upload1/list.php

# Reference: https://www.virustotal.com/gui/ip-address/104.168.219.12/relations
# Reference: https://www.virustotal.com/gui/ip-address/142.11.205.109/relations

navemorp.cloud
naver-centre.com
naver-email.report
navercorp.tech
navercorpv2.email
naverhelp.cloud
naverquery.host

# Reference: https://twitter.com/ginkgo_g/status/1703583960461402223
# Reference: https://www.virustotal.com/gui/file/59a0b32c22c79e7e48614add0e5cdf846f50d38d46201077309534a093a723ac/detection

00701111.000webhostapp.com

# Reference: https://twitter.com/tiresearch1/status/1703715668368240708
# Reference: https://twitter.com/tiresearch1/status/1703811837719142890

com-atw.click
com-bss.click
com-cbw.fun
com-condor.click
com-condor.website
com-cyb-seed.click
com-data.click
com-final.click
com-first.click
com-gpt.click
com-mns.click
com-mns.fun
com-nfi.click
com-nft.click
com-nfw.space
com-ntw.site
com-renewal.click
com-second.click
com-seoul.website
com-share.click
com-smt.click
com-will.click
com-will.online
com-will.pw
medicert.click
navers.site
navserves.com
net-off.online

# Reference: https://twitter.com/tiresearch1/status/1708511711878340625

ad-naver.com
navercorps24.com

# Reference: https://twitter.com/tiresearch1/status/1708528528344670643

naver-clouds.com
naver-drives.com
naver-notices.com

# Reference: https://x.com/asdasd13asbz/status/1818519143026762046
# Reference: https://asec.ahnlab.com/en/57873/

5.61.59.53:14276
5.61.59.53:2086
onessearth.online
powsecme.co
/up/upload_dotm.php

# Reference: https://twitter.com/tiresearch1/status/1717799289198674086

co-eu.info
com-log.in.net
com-mode.in.net
invoice.navers.com-mode.in.net
mn-tr.click
navers.com-log.in.net
navers.com-mode.in.net
nid.navers.com-log.in.net

# Reference: https://twitter.com/MichalKoczwara/status/1718637997002809395
# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.154/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.108/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.120/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.82/relations

aaarior.online
aioeo.site
arakyaly.eu
bbbrior.website
bnire.store
boardmgr.info
ccciro.store
cloudown.store
cnnail.info
cornass.info
dddero.site
eeeiro.xyz
fffiro.store
gggiro.online
hummedaroundput.com
iiiior.website
jiorer.website
jjjior.shop
kakaocorp.info
kakaodownload.eu
kakaomail.site
kakaomailer.eu
kakaon.store
kakaopaey.info
mailcorp.eu
namcho.homes
navemail.space
naver.com.bz
navercoxp.com
navercrop.com
navercrp.com
navercrup.com
naveredoc.com
navermail.click
navermail.live
naveroriae.eu
naverpwd.com
naverscorp.info
nmior.shop
opiretyu.website
orsiu.online
uansilne.site
usage.store
usance.online
voanews.store
webfatory.eu
weekbootseey.com
werbineor.online
weudsfhue.shop
xchireo.website
zrrorer.online
0vym.mailcorp.eu
8fkn.mailcorp.eu
accountsbinance.navermail.click
accountseoke.cookiemanager.online
accountserok.usance.online
accountseuoe.naveroriae.eu
accountseuok.kakaopaey.info
activedirectory.msoffic.homes
airwatch.msoffic.homes
aw.msoffic.homes
book.mailcorp.eu
campaign.mailcorp.eu
client.msoffic.homes
cloud.msoffic.homes
com.mailcorp.eu
community.msoffic.homes
configmgrenroll.msoffic.homes
console.msoffic.homes
cookiemanager.online
cs.mailcorp.eu
delivery.msoffic.homes
dnerok.usance.online
emv1.cookiemanager.online
enrollment.msoffic.homes
find.msoffic.homes
fsvoa.voanews.store
hadoop.msoffic.homes
help.navercrop.com
helpids.ncookieclear.homes
helpnaver.msoffic.homes
helpsec.ncookieclear.homes
jenkins.msoffic.homes
jira.msoffic.homes
link.msoffic.homes
logingns.arakyaly.eu
maillo.arakyaly.eu
mailpo.arakyaly.eu
mdmds.msoffic.homes
media.weekbootseey.com
mi.msoffic.homes
mobility.msoffic.homes
mon.msoffic.homes
msoffic.homes
mta2.msoffic.homes
ncookieclear.homes
nid.navercrop.com
nid.naverpwd.com
nidcl.kakaopaey.info
nidlgn.namcho.homes
nidnaver.msoffic.homes
nidpos.namcho.homes
nidroue.naveroriae.eu
nids.ncookieclear.homes
nidsess.ncookieclear.homes
nlgin.ncookieclear.homes
ns4.msoffic.homes
nsec.ncookieclear.homes
nsight.navercrop.com
nuid.navermail.click
oct.msoffic.homes
onedrive.msoffic.homes
origin-www.msoffic.homes
outlook.msoffic.homes
owa.msoffic.homes
p.msoffic.homes
pdu.msoffic.homes
public.hummedaroundput.com
resource.msoffic.homes
sslids.ncookieclear.homes
sslnaver.msoffic.homes
sslsec.ncookieclear.homes
stat_tiaraerok.usance.online
stg-www.msoffic.homes
stream.msoffic.homes
t1_daumcdnerok.usance.online
transfer.msoffic.homes
www1.msoffic.homes
wwwcorpids.ncookieclear.homes
wwwcorpnaver.msoffic.homes
wwwcorpsec.ncookieclear.homes
wwwlgin.ncookieclear.homes
wwwsec.ncookieclear.homes
wwwsess.ncookieclear.homes
zenworks.msoffic.homes

# Reference: https://asec.ahnlab.com/en/57873/
# Reference: https://otx.alienvault.com/pulse/65312ede507158b7c49f8e87

superpcparts.com

# Reference: https://twitter.com/tiresearch1/status/1719617997168660766

xn--3e0b39ycvbh9d.p-e.kr
xn--939a1gynmpm0ukuoxtbq59g.r-e.kr
eid.xn--939a1gynmpm0ukuoxtbq59g.r-e.kr
mood.xn--3e0b39ycvbh9d.p-e.kr

# Reference: https://twitter.com/tiresearch1/status/1719985431687917799

kakaoaccouts.store

# Reference: https://asec.ahnlab.com/wp-content/uploads/2023/10/20231101_Kimsuky_OP.-Covert-Stalker.pdf

1-z.never.com.ru
a1ive.info
aa.goooglesecurity.com
aadcdnmsauthdose.certuser.info
aadcdnmsauthmicrosoftharvard.certuser.info
aadcdnmsftauthdose.certuser.info
aadcdnmsftauthmicrosoftharvard.certuser.info
accdaum.login.mail.pl
account.googlernails.com
account.goooglesecurity.com
accountdose.certuser.info
accountmicrosoftharvard.certuser.info
accounto.afgvillage.eu
accounts.daums.pro
accounts.googlernails.com
accounts.goooglesecurity.com
accounts.guser.eu
accounts.navernnail.com
accountseuok.kakaocore.eu
accountskakao.login.mail.pl
accountskakao.navernnail.com
accountsleu.kakaoreug.info
accountsmil.kakaoreug.info
accountsmt.certuser.info
ads-twitterbybit.navernnail.com
afgvillage.eu
aire.p-e.kr
analyticsbybit.navernnail.com
apisbybit.navernnail.com
app.cjphoto.ga
app.firmware.o-r.kr
app.iptimes.o-r.kr
app.saferzone.ml
app.tookit.r-e.kr
assambly.atwebpages.com
assambly.mypressonline.com
assambly.mywebcommunity.org
auth.worksmobile.kro.kr
blog.nidcorp.site
bluemotion.co.kr/cheditor4/insert_link.php
bstill.kr/gnuboard4/bbs/view_coma.php
cadorg.p-e.kr
cc.navernnail.com
cc.never.com.ru
cc.nidcorp.site
cc.weataxs.site
cclg.never.com.ru
cclogin.navernnail.com
cdnbybit.goooglesecurity.com
cdnbybit.navernnail.com
cengroup.kro.kr
cimoon.ga
cjphoto.ga
client.coreavpn.kro.kr
cmonunt.online
connectfacebookbybit.goooglesecurity.com
connectfacebookbybit.navernnail.com
coreavpn.kro.kr
csma.certuser.info
da.infocheck.cf
dadrollbybit.navernnail.com
daum.otp-system.p-e.kr
daum.otpsystem.p-e.kr
daum.protect-mail.p-e.kr
daum.protectmail.p-e.kr
daums.pro
dmail.p-e.kr
dnleu.kakaoreug.info
dstent04.co.kr/wp-includes/SimplePie/Items.php
extparts.info
firmware.o-r.kr
g00gledrive.atwebpages.com
g00gledrive.mywebcommunity.org
g00gledrive.sportsontheweb.net
generalparts.info
github.ne.kr
goaffecbybit.navernnail.com
googlernails.com
goooglesecurity.com
guser.eu
gw.yottatech.r-e.kr
hao.lantian.p-e.kr
hellosnbybit.navernnail.com
hi.ncgncg.p-e.kr
hiwi.o-r.kr
hiwi.p-e.kr
hotlook.jonga.ml
huitadfsharvard.certuser.info
hyper.cadorg.p-e.kr
iishtt.p-e.kr
infoauth.shop
infocheck.cf
infrabybit.goooglesecurity.com
infrabybit.navernnail.com
iptimes.o-r.kr
it-ace.r-e.kr
joongang.site
jsadsrvrbybit.navernnail.com
june.lovelyclient.ml
kakaocore.eu
kakaoreug.info
keyharvard.certuser.info
koreaglobal.atwebpages.com
koreaglobal.mypressonline.com
koreaglobal.mywebcommunity.org
koreailmin.atwebpages.com
koreailmin.mypressonline.com
koreailmin.mywebcommunity.org
krhome.ga
lantian.p-e.kr
lcs.navernnail.com
lcs.never.com.ru
lcs.nidcorp.site
lcs.weataxs.site
lcslogin.navernnail.com
listmember.info
live.com.cm
logcheck.ga
login.microsftonline.tk
login.org.ro
logindose.certuser.info
loginmicrosoftharvard.certuser.info
logins.daums.pro
loginsdose.certuser.info
loginsma.certuser.info
loginsmicrosoftharvard.certuser.info
lovelyclient.ml
m1ma.certuser.info
m2_daumcdnmt.certuser.info
mail.it-ace.r-e.kr
mail.masters-login.r-e.kr
mail.masterslogin.r-e.kr
mail.never.com.ru
mail.nidcorp.site
mail.yoonseul.kro.kr
maildose.certuser.info
mailis.extparts.info
mailis.walock.info
mailma.certuser.info
mailmicrosoftharvard.certuser.info
mailnts.goooglesecurity.com
mailsr.walock.info
mailweb.afgvillage.eu
managerbybit.navernnail.com
masterslogin.r-e.kr
matchbybit.goooglesecurity.com
matchbybit.navernnail.com
mcyandexbybit.navernnail.com
memberma.certuser.info
mi.never.com.ru
microsftonline.tk
mlcrst.p-e.kr
msoharvard.certuser.info
mxndu.r-e.kr
myinfo.nsupport.ml
naver-logs.r-e.kr
naver.nidcorp.site
naver.weataxs.site
navercopr.co
navercopr.ml
navercopr.tk
naverlogs.r-e.kr
ncgncg.p-e.kr
never.com.ru
ngrok.p-e.kr
nid.logcheck.ga
nid.navercopr.co
nid.navercopr.ml
nid.navercopr.tk
nid.navernnail.com
nid.never.com.ru
nidcorp.site
nidlog.never.com.ru
nidlogin.navernnail.com
nidm.navernnail.com
nihaiji.p-e.kr
nmail.p-e.kr
objects.n-e.kr
omtom.r-e.kr
osupdate.r-e.kr
otp-system.p-e.kr
otp.r-e.kr
otpsystem.p-e.kr
outlookdose.certuser.info
outlookmicrosoftharvard.certuser.info
peer.o-r.kr
playnto.afgvillage.eu
playnts.googlernails.com
playnts.goooglesecurity.com
policyma.certuser.info
preview.p-e.kr
protect-mail.p-e.kr
protectmail.p-e.kr
proxy.ngrok.p-e.kr
qingli.o-r.kr
regular.winupdate.kro.kr
rok.my.to
sadrollbybit.navernnail.com
sadxiobybit.navernnail.com
saferzone.ml
sdfwerwer.sbs
servicebybit.navernnail.com
sftp.r-e.kr
signaler.goooglesecurity.com
sire.r-e.kr
sjkdfuiowe.p-e.kr
smart-alyac.r-e.kr
snaplicdnbybit.navernnail.com
spi_mapsmt.certuser.info
ss_mt.certuser.info
sslnts.goooglesecurity.com
stat_tiaraleu.kakaoreug.info
stat_tiaramt.certuser.info
stat_tiaraosi.kakaoreug.info
static-sg.goooglesecurity.com
staticbybit.navernnail.com
staticnid.navernnail.com
staticnid.never.com.ru
support.github.n-e.kr
support.github.ne.kr
syncoutbrainbybit.goooglesecurity.com
synctaboolabybit.goooglesecurity.com
t1_daumcdneuok.kakaocore.eu
t1_daumcdnkakao.navernnail.com
t1_daumcdnleu.kakaoreug.info
t1_daumcdnmt.certuser.info
t1ma.certuser.info
test.mydomainisok.kro.kr
tookit.r-e.kr
topfwz1mailbybit.navernnail.com
track_tiara_daummt.certuser.info
track_tiara_kakaomt.certuser.info
ucmdjwer.lol
uieosdj.r-e.kr
update-online.p-e.kr
update.naver-logs.r-e.kr
update.naverlogs.r-e.kr
update.p-e.kr
usesignal.info
vitual.p-e.kr
vlnk.ga
voanews.one
waesme.shop
walock.info
weataxs.site
webmail.cellivery.ml
webmail.cengroup.kro.kr
wetaxces.online
wgbybit.goooglesecurity.com
wgbybit.navernnail.com
wgsnto.afgvillage.eu
winupdate.kro.kr
worksmobile.kro.kr
wwkakao.goooglesecurity.com
wwmt.certuser.info
wwwbybit.goooglesecurity.com
wwwbybit.navernnail.com
wwwdose.certuser.info
wwwma.certuser.info
wwwmicrosoftharvard.certuser.info
wwwnto.afgvillage.eu
wwwnts.googlernails.com
wwwnts.goooglesecurity.com
xinzhong.r-e.kr
xx.navernnail.com
y-cloud.never.com.ru
yoonseul.kro.kr
yottatech.r-e.kr
youtubnts.goooglesecurity.com
/ewf43fewfwf4tfw4/
/ewf43fewfwf4tfw4/wf7weyr892hfwogewgsfg3.php
/tygygvftsfx8g68Gu8x7s78gsvseidj6.php
/tygygvftsfx8g68Gu8x7s78gsx6.php
/tygygvftsfx8g68Gu8x7s78gsx6519.php
/tygygvftsfx8g68Gu8x7s78gsxueidj6.php
/wf7weyr892hfwogewgsfg3.php

# Reference: https://app.validin.com/axon?find=27.102.106.48&type=ip

governments.pro
nidnaver.space
nidscorp.site
nps-home.store
nps-news.store
nps-service.store
nps-services.store
weataxc.site

# Reference: https://app.validin.com/axon?find=27.10.16.4&type=ip

wetax-io.store

# Reference: https://www.virustotal.com/gui/ip-address/141.164.50.204/relations
# Reference: https://app.validin.com/axon?find=141.164.50.204&type=ip

applc.site
bilfstakecooke.site
chainsflix.net
check-youtube.info
check-youtube.online
confirmes-youtebu.com
documentviews.com
drivesgooglce.site
emv1.documentviews.com
emv1.securiteams.info
emv1.sharedboxview.online
exchange-birances.com
ftc-home.space
gocgle.site
googlc.site
googlces.site
googlcs.site
homestex.info
kftc-cert.site
linekdin.online
linkdlin.ink
little-stars.site
myidentifitesrv.site
nlvdcp9p2d.sharedboxview.online
nps-alert.site
nps-services.info
post-binarianse.info
rememberapp.site
rememberapps.info
s1.documentviews.com
s1.securiteams.info
s1.sharedboxview.online
sarnsung-mail.info
sarnsung.store
securecenters.site
securiteams.info
service.documentviews.com
service.securiteams.info
service.sharedboxview.online
services-dosi.world
sharedboxview.online
wetac.store
weatacs.site
wetacx.store
wetaxs.lol
wetacx.xyz
wetaczx.lol
wetaczx.site
wetaczx.xyz
wetaex.site
wetax-io.xyz
wetaxce.online
wetaxcs.site
wetaxs.xyz
wetaxz.xyz
wetazx.space
weteax.site
xn--policy-linkedn-dmb.com
youtube-ex.site
youtube-in.site

# Reference: https://app.validin.com/axon?find=141.164.52.102&type=ip

bilfstakecooke.site
check-lnkedin.site
check-youtuibe.site
confirms-linkeclein.info
confirrns-linkeclin.site
extend-gooqlie.site
goooleclouds.site
goooleclrive.online
goooleclrive.site
goooleclrives.site
goooledrivs.com
goooledrivs.info
gooqle.site
govenment24.site
hornestax.site
linkeclein.site
linkecleins.site
myacountsinfo.com
niclvaldates.site
rememberapp.fun
rememberapp.online
sarnsung.store
seumtax.website
vve-tax.site
vvetax.store
we-tax.site
xn--check-linkedn-7ib.com

# Reference: https://app.validin.com/axon?find=158.247.227.83&type=ip

belluster.com
homestax.info
exchange-dosi.world
kakaologins.com
rimbacell.store

# Reference: https://twitter.com/asdasd13asbz/status/1725337231949459834
# Reference: https://www.virustotal.com/gui/file/97df5304f53fec6a5d2d2bd75b9310a3747b681520fe45d2961bc4df86e556d7/detection

rscnode.dothome.co.kr

# Reference: https://twitter.com/asdasd13asbz/status/1727856931635872121
# Reference: https://www.virustotal.com/gui/ip-address/84.32.131.87/relations
# Reference: https://www.virustotal.com/gui/file/b6e1351f1767a2cacb3fc7515f0a67691bbd8b9274a26c2953ba898ba879ebea/detection

offlinedocument.site
nav.offlinedocument.site

# Reference: https://asec.ahnlab.com/ko/59460/ (# RftRAT)

152.89.247.57:52390
172.93.201.248:52390
172.93.201.248:8083
192.236.154.125:50108
209.127.37.40:52390
23.236.181.108:52390
91.202.5.80:52030
brhosting.net
splitbusiness.com
techgolfs.com
theservicellc.com
topspace.org

# Reference: https://twitter.com/tiresearch1/status/1734110501008024064
# Reference: https://app.validin.com/axon?source=DNS&limit=100&type=ip&find=141.164.60.65

blockmedia.site
dewhales-capital.website
gocgles.com
linkcline.info
linkdeln.site
linkdien.site
linkdien.store
linkdien.website
moiss.site
notify-linkcldines.com
nps-center.space
nps-ebook.site
nps-ebook.space
nps-ebook.store
nps-emails.site
nps-main.store
nps-notice.site
nps-notice.space
nps-notice.store
nps-notify.site
nps-notify.space
nps-notify.store
nps-post.space
nps-posts.site
nps-posts.space
nps-posts.store
nps-report.site
nps-views.site
nps-views.space
nps-views.store
npsmsg.space
nts-go.site
nts-go.store
nts-home.space
nts-home.store
nts-inform.site
nts-msg.site
nts-post.site
nts-post.store
ntsemail.site
ntshome.site
ntshome.space
ntsmails.site
ntsnews.site
private-center.site
qoooqle.site
qoooqledrive.site
naver.moiss.site
naver.nps-posts.store
naver.nps-views.space
naver.nps-views.store
naver.nts-email.store
naver.ntshome.site
naver.private-center.site

# Reference: https://twitter.com/tiresearch1/status/1734887415633060265
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=185.160.27.92

binarice.info
dosi-info.world
fanaticsretailgroup.site
identitychecks.info
ir-service.online
ir-service.site
irspost.site
naverhelps.info
naverscorp.com
naversystem.autos
nft-dosi.world
nidmembnscorp.site
nidnaver.club
nidusrnacorp.site
nidusrshcorp.site
nidusrsncorp.site
nidusrsvcorp.site
nidusrszcorp.online
nidvenify.site
notice-dosi.world
nps-inform.site
nts-email.space
naver.nidusrsncorp.site

# Reference: https://twitter.com/tiresearch1/status/1735211111123923345

aceenign.click
arakte.click
auridab.click
clindoc.link
inklmo.click
iaxevar.click
kakaologin.info
kkruelo.link
leurnteke.link
natelogin.homes
natelogin.info
natelogin.site
nates.lat
nates.store
natesign.site
ntsinfo.space
pelmpusse.link
rpriseber.click
scenaeco.click
scourt-kr.site
strutute.click
wetax.site

# Reference: https://www.virustotal.com/gui/ip-address/208.73.209.42/relations

1stsufi.click
5bioresearch.click
aboladmi.click
abortionnc.click
abourned.click
absadvi.click
accesssof.click
accianc.click
accounem.click
ackexpertsope.click
ackiloverrd.click
activequic.click
additioeak.click
adeciil.click
admissiph.click
adopouch.click
adsparc.click
aemoyoi.click
aerobook.click
aeropetsc.click
aevofim.click
affsimi.click
afterioi.click
ageegigi.click
ahldjwa.click
aiantarprisasa.click
airpetrom.click
airstate.click
aldirectorygem.click
alestechnic.click
algebraagei.click
algebraheroi.click
algebraquizi.click
alpalob.click
alphastateibi.click
althmoexch.click
amafixlog.click
amawturk.click
amayok.click
amplappe.click
anbint7.click
angeadventurec.click
anglpoc.click
anywireul.click
aokpag.click
appeypak.click
aratedc.click
aresahiai.click
argmenidi.click
arppacktheexce.click
arrangpateh.click
arrayexi.click
arroganth.click
arrowrfe.click
arsgeostra.click
artauctiondi.click
artknowledgef.click
asokesf.click
aspectvec.click
asylumba.click
ataptwatuhi.click
attiavi.click
autocoachi.click
autoopenmore.click
avenuevi.click
avexehe.click
awareta.click
awortak.click
azkidorsal.click
azphatigeri.click
backghea.click
bairlif.click
balcarve.click
bariak.click
barkkom.click
bdusted.click
belongad.click
benmetl.click
bestelipite.click
betttiveagei.click
biigband.click
biizinc.click
biopiilyred.click
birmerricdi.click
bisgasc.click
bisysofta.click
bitdepotma.click
bizardall.click
bizconsulting.click
bizfirmmobil.click
bizkingdom.click
blastave.click
bliogfull.click
bloegiresearch.click
bloodipl.click
bollehe.click
bonusistream.click
booekifreak.click
bookcatssim.click
bookexpertbl.click
bookurde.click
bouskaji.click
bouzeik.click
bramovieexperience.click
brazome.click
breakfpti.click
breeermi.click
brellaish.click
brendmeg.click
bringji.click
bronzcke.click
buitroa.click
bunzscape.click
burstna.click
businessball.click
busiyspace.click
butwzl.click
calculateenergyi.click
calculatelofti.click
camerical.click
canceba.click
candire.click
carvfan.click
casrbel.click
casthec.click
censubi.click
chaneel.click
changinc.click
chaoticpci.click
cheaplookturrearle.click
cheessil.click
chemisacc.click
chiefhad.click
choimark.click
choioesiefund.click
choocomi.click
choosegram.click
choosehea.click
choosqua.click
chorcem.click
cinewif.click
circlewarehouse.click
circzeshowsi.click
cleavoice.click
clinoffi.click
cloudityhall.click
cloudrack.click
clpueze.click
clubing.click
clubpurei.click
comepe.click
comforfiguh.click
commandpackage.click
commibri.click
communund.click
compaief.click
compchal.click
compleioki.click
complexpartyi.click
comuterul.click
conditmem.click
confineuna.click
confusedpublishingi.click
confusedtubei.click
confusionactivei.click
conteete.click
cooeliguide.click
cooktri.click
coolkick.click
coozjengzei.click
cottahine.click
cottgoa.click
coununda.click
couragsi.click
coutescea.click
covoxidel.click
creamsna.click
creativepalace.click
creditvid.click
credworm.click
creepsa.click
creradi.click
critcire.click
criteic.click
criticcom.click
criticorb.click
crosswrea.click
cryptoomiidebugi.click
culaesc.click
cumclube.click
cunnincha.click
curvebra.click
cutebybeh.click
dangersib.click
darkblind.click
dataedusoul.click
delayfil.click
deletea.click
denarye.click
depaipre.click
depraveline.click
descenoffsc.click
detairepl.click
detaoffi.click
detecsel.click
detewell.click
develtfie.click
deviatdib.click
dgteltdeete.click
dialecte.click
dichagh.click
didefronti.click
difficra.click
digiibyte.click
digiimed.click
directepe.click
directspeak.click
direigamei.click
dirtegai.click
discefe.click
discovedia.click
dishush.click
dismcia.click
disminic.click
distinctall.click
diveduf.click
dividefe.click
doiriectfield.click
domesund.click
doorsym.click
dramnte.click
drawerf.click
dreammartope.click
drienced.click
drwatche.click
dugatte.click
duperlifedrylei.click
ealmatuppa.click
ealunitedi.click
earchhireanyti.click
earthmaj.click
eartnci.click
easiysafe.click
eastode.click
easyrech.click
ebearmobil.click
ebtaicb.click
eceskid.click
ecrueza.click
editlash.click
eenetierprise.click
eenhide.click
eginspi.click
eisable.click
ejedavi.click
elbmrbj.click
electroni.click
elemdeca.click
elemenhemd.click
elimnaed.click
emasjab.click
embomri.click
emgradee.click
emotscra.click
enagcal.click
encpttonei.click
encrypttonei.click
enestintale.click
enigmaminei.click
enlaara.click
enlsuse.click
ensenzavala.click
ependhirri.click
epictrecki.click
eprodra.click
equaedi.click
erbavaa.click
erfectbearmag.click
errellzimme.click
ervaaie.click
etamole.click
ethscra.click
etifcem.click
euthemi.click
euthymul.click
evereduca.click
excesfi.click
excharec.click
execam.click
exileped.click
exishave.click
expanntc.click
expartrank.click
experala.click
experibel.click
experipdata.click
expertbea.click
expertsthereal.click
explenfi.click
explodte.click
exquisitelittle.click
extreti.click
factnsi.click
fallmeile.click
fastse.click
feeliite.click
feelinine.click
feetelevisionfractiong.click
fenceoje.click
feverom.click
fieblind.click
figureove.click
fillpolla.click
financte.click
findpictarese.click
finidengine.click
finistrike.click
firsttaxi.click
flekene.click
fleuota.click
flexipre.click
flooddiag.click
flourcumi.click
flowerfie.click
flyftra.click
flyimobile.click
flywayfoodca.click
foirwarmerce.click
foodoldcloud.click
foodprotecti.click
footbanic.click
fopassyoudock.click
forbidna.click
formaga.click
formalyci.click
formulpri.click
forrice.click
freezismil.click
frequeian.click
freshcare.click
fullhousefeature.click
fulllifte.click
furspeede.click
gaffeicl.click
gaffesodi.click
gamingcool.click
gapetog.click
gaworem.click
geimrich.click
geograpick.click
geokeeiwantunited.click
geowayini.click
getaidventure.click
getyoarplaunch.click
getyoningneatme.click
getyoualthwinra.click
giababk.click
glessel.click
globetra.click
goaletck.click
gocapital.click
goiodsmith.click
goldchicg.click
golidwork.click
goodcloud.click
goterriek.click
gotowesk.click
gotriek.click
gownpuh.click
gratefjul.click
gravelem.click
greeaitjournal.click
greeisd.click
grieatdeck.click
grieatspeak.click
grimacpeanh.click
gtilrla.click
guejova.click
guestfem.click
gulomaze.click
hallhal.click
hallmode.click
hapepiyom.click
harassmi.click
harbcalm.click
hardratingsi.click
harnessmag.click
headlanch.click
heallfci.click
helliowealth.click
hellipee.click
higginstessawe.click
hirllolock.click
hirllorircord.click
histessicietese.click
histstudiosa.click
horoscnab.click
horsackl.click
horseresi.click
hotdognec.click
hoveora.click
hseiref.click
humorface.click
ibusine.click
ickbymoregram.click
icrotracksanytim.click
ideapacbetterlook.click
ideaspring.click
ideavilla.click
ightresource.click
iglanedatati.click
ikebuddiesmrme.click
ilightite.click
ilikeinfoini.click
imagera.click
imagetpack.click
imaguff.click
importood.click
impossibleservei.click
impulssha.click
incapacom.click
incssure.click
indiibl.click
indrecodc.click
infoboxi.click
infodowersmile.click
injefasc.click
inkimpalace.click
inkstandmappa.click
insisteca.click
insitsd.click
inspunch.click
insuraeka.click
insureesc.click
intecti.click
internetcollectiveibi.click
internetoff.click
investream.click
ionfioscape.click
irenmta.click
isolaticre.click
isquaid.click
issystem.click
itjungnwheel.click
itmeeid.click
iwaenittable.click
iwanittrade.click
izapi.click
izetnb.click
jelldra.click
jeweihb.click
jezvila.click
jobifue.click
jobreytalre.click
joystslab.click
jumbleclocki.click
jumblehandi.click
jumblemenui.click
justzene.click
karmafzighti.click
kentara.click
keyireai.click
killwha.click
kitstopone.click
klfask.click
kloedil.click
kmestick.click
knehole.click
knifatte.click
knotmastersi.click
kolinic.click
kreitivepine.click
labbanki.click
labirol.click
labislandi.click
labotic.click
lackrobotsnapg.click
ladatoi.click
lageing.click
langible.click
lariga.click
lawyeagra.click
layyoung.click
ldenintpopdem.click
leadeach.click
leadicafe.click
leadunive.click
leaireniunited.click
lealarmexpe.click
leascng.click
lefebank.click
lentcol.click
lesabul.click
liabiland.click
licatia.click
lifefan.click
lifeigarage.click
lifetrgem.click
lifiboerd.click
limitock.click
linarti.click
linenorre.click
linkferulle.click
linkfood.click
livefriend.click
lngonib.click
lobburi.click
locaaac.click
locatfire.click
locatnsid.click
logicchampi.click
lossachusettle.click
loudkickwhatsc.click
loverpri.click
lozavrb.click
lsajaba.click
lutisul.click
machoodcodeg.click
macwiracepulse.click
magicdata.click
magichcomactive.click
magssing.click
mairketid.click
maiurizai.click
maixsuite.click
mallwife.click
mantheme.click
marcrice.click
markeei.click
marketramail.click
marksfacecapitali.click
markspre.click
markstele.click
mastertane.click
maxiilaunch.click
mbersei.click
mebiebaucte.click
meexperti.click
megaipark.click
megatruth.click
megefectirye.click
menalwh.click
messvague.click
metnrfishi.click
micbuag.click
midostaff.click
migcorc.click
milofastik.click
minodra.click
minuterme.click
mirsinak.click
miserabnea.click
mislata.click
mispa.click
missucage.click
miwabwaya.click
mixturre.click
mocruernch.click
momenlend.click
moothbrothersa.click
moregsri.click
morganold.click
morscirc.click
morselbasic.click
motorrea.click
movieraceibi.click
mrlighting.click
mubifurlifae.click
muboom.click
mudsea.click
muipboti.click
mybistsuli.click
nanioclub.click
nanoconsultini.click
nblride.click
ncekeytui.click
ndgoldhotswitc.click
neatcatsi.click
needletra.click
neopanelh.click
netgood.click
nextsafetye.click
nfoforceprojec.click
ngesera.click
niathawka.click
niceconceptse.click
nicenatione.click
nicererhse.click
niiceb.click
nityadace.click
nivloyli.click
normnowh.click
notebooil.click
nowicei.click
nshineack.click
nuancma.click
numbsif.click
nypagesrepad.click
obesepai.click
obistandmcacc.click
objectiiti.click
occupoff.click
octemal.click
odeesupb.click
oeponam.click
oextrae.click
officreal.click
ogamparee.click
olidconsultadm.click
olidinsura.click
oliwrsm.click
ollchollenwe.click
olrunshare.click
omgaimagi.click
omrufozi.click
oncngial.click
onestopsee.click
onetoeprice.click
ongndoc.click
onilylaunch.click
onlineboxa.click
onlinesell.click
onliytravel.click
onlyikid.click
onlyvienture.click
onovaheywheel.click
ontinihotdingsi.click
onwardbounce.click
oodpollwintwee.click
opdigitallif.click
openwde.click
operaele.click
opposnih.click
orditing.click
orkmojoknowle.click
osumcek.click
ouracge.click
ourneatboutique.click
ourradiosi.click
outeventuitui.click
outhmrepic.click
outimag.click
outsidential.click
overcha.click
overeahe.click
overeai.click
overwhacc.click
ovesna.click
oviehutmediach.click
owconsulti.click
owerfullsearch.click
passwheal.click
passwordhunteri.click
passwordinteractivei.click
patiefool.click
pauseoh.click
pcmobforum.click
peakpage.click
peaktouch.click
pecomnce.click
percencl.click
perfectqeazityi.click
perigri.click
permansta.click
personalizedtoalied.click
pesonde.click
pettyfra.click
photomispla.click
pickcrunch.click
pickkidsibi.click
picklehati.click
picnarrol.click
pillartwe.click
pissgrid.click
pitraki.click
pittgromi.click
pitydel.click
planaic.click
planeinc.click
planirtzoom.click
planstimetraffici.click
playwordsim.click
pleerate.click
plugreg.click
plumicoak.click
pluscompl.click
plusrantil.click
pneuerf.click
poetryab.click
poianituniverse.click
politetpa.click
polleag.click
pollmoanywhere.click
pollutkta.click
polprog.click
popitag.click
posique.click
posittone.click
postgodele.click
poweand.click
poweraste.click
powertera.click
powlarida.click
ppguystopm.click
ppodeliask.click
pptisfa.click
presscypresslea.click
privateexamsurrive.click
procraftth.click
prodpa.click
profanwebking.click
profitgeb.click
projectiqi.click
promori.click
prosewallated.click
protrigh.click
provuai.click
psitesmarketb.click
purpnteruniversityi.click
puzzlelocatori.click
qeuivul.click
quemsol.click
queueti.click
quieghf.click
quotaia.click
rachaad.click
raciserda.click
radoimi.click
ragaece.click
rancaugh.click
randrepea.click
rassoficiel.click
raveleyesi.click
ravelised.click
ravocloudsinwa.click
readerti.click
rearach.click
reatnote.click
rebeffai.click
receeti.click
receptipai.click
recommape.click
recommcul.click
recopack.click
recruirea.click
recyclebea.click
redeeski.click
redsptspace.click
refertc.click
refuseaca.click
refuste.click
regitce.click
reheasm.click
rekongse.click
relatehe.click
remesla.click
reminpi.click
replacka.click
repponse.click
reprtic.click
reptitle.click
requesdiffb.click
resciorg.click
resortda.click
revedyb.click
revengwi.click
reviseal.click
revoude.click
rezrak.click
rhackerunilog.click
riceadd.click
richaracteria.click
ridtutori.click
rigahf.click
rightstora.click
rilokid.click
ritualma.click
rmfirearmdefenc.click
rokcvze.click
romeetnetable.click
roprofessi.click
routita.click
rpoieha.click
rrshesf.click
ruerentaltrue.click
runeventc.click
sabinte.click
safarhie.click
saftmind.click
saiami.click
salvatira.click
sboetome.click
schoolth.click
scobadi.click
seasonta.click
sefeheree.click
sellecha.click
sellorge.click
sensitgre.click
senspab.click
sepacati.click
serconsulting.click
seriteci.click
sessabb.click
severframe.click
shamenc.click
shapeick.click
sharmki.click
shattish.click
shiftove.click
sicetite.click
signbtai.click
siliverpie.click
silverya.click
simplyhqa.click
sisterdig.click
sitadvi.click
skredel.click
sloganngd.click
smartmemill.click
smilemark.click
smilepi.click
snaipguide.click
snowrealha.click
sociaiosredpanel.click
solidware.click
sotapa.click
sourpean.click
spacefue.click
spacemueateauean.click
sparkbag.click
speechri.click
spitzag.click
sporool.click
spricra.click
spyseload.click
squabare.click
ssivcla.click
staffnicema.click
standtrea.click
stanuba.click
starlfirstled.click
starseasoc.click
starstpad.click
startsitei.click
startstaff.click
steakrec.click
steseva.click
stnereti.click
stormcod.click
storodi.click
stortui.click
straian.click
straifad.click
strencom.click
studiorock.click
sufferra.click
summertef.click
sunfcksm.click
sunmayond.click
suntalil.click
supircontocti.click
survunre.click
suspdomi.click
sycaresunnybla.click
symbolbazaari.click
symbolck.click
symbolutc.click
syndrtre.click
tablemacfood.click
tamarob.click
tapecook.click
tdiiamb.click
teamsomelead.click
technologiesab.click
techsavera.click
teemaid.click
teenici.click
telerdi.click
teletowna.click
telllead.click
tendalue.click
testcha.click
tfulzendb.click
theririrm.click
thevill.click
thienikmine.click
thinkace.click
thinkjiob.click
thinkssi.click
thratelec.click
thrutfe.click
tiablaa.click
timeatch.click
timeeaoptionsi.click
timerental.click
tiomuntimitidi.click
tipsmobiwell.click
tjasme.click
tkarmaedudi.click
tlinetirte.click
tmekede.click
tongdiff.click
tooacc.click
topchtoname.click
topisteam.click
topresearc.click
traceasa.click
tradedquote.click
trapslime.click
trearefe.click
trendded.click
tripgha.click
trobeli.click
trodrome.click
truieresource.click
tryweeklye.click
ttrendimball.click
tuscome.click
tvtheoybestactive.click
twistskillsi.click
twitgca.click
txticec.click
uaafixi.click
udesaeye.click
ueregeedi.click
ukenata.click
ulltrustle.click
ultancyitbee.click
umbresta.click
unfairlel.click
uniforpe.click
uniirank.click
unilird.click
uningclubb.click
unonlinecloudh.click
unpopulating.click
uoneati.click
uoptxe.click
urbanfilesibi.click
ureraiam.click
urgencynoe.click
usaseaid.click
ushoppang.click
usmoprice.click
ustonteage.click
ustweetbonuspa.click
uthondemandsa.click
utoavesideawi.click
vguaceli.click
videomate.click
vingcre.click
vruvesui.click
vusimbi.click
wandereh.click
wanthsaveya.click
waterele.click
wayssafesec.click
weareckl.click
webabc.click
weforeveril.click
weiglre.click
welcweig.click
wellgraph.click
wesomestatepea.click
whiphei.click
whohicsolidcase.click
whynerd.click
winnpref.click
withtiff.click
wkritie.click
worilde.click
wowcaveskillsi.click
wowprice.click
wowrojecti.click
wreswide.click
writegra.click
writoma.click
wupemstrenc.click
xjoufeg.click
xpibeh.click
yandafe.click
ycreatoristyl.click
yinmine.click
ypidnve.click
yvistaquickfl.click
zariagonf.click
zerkine.click
zmezate.click
zonezid.click

# Reference: https://twitter.com/asdasd13asbz/status/1735180272000475366

namsouth.com/access-darrell/Access%20Denied.php
namsouth.com/access-timothy/Access%20Denied.php
namsouth.com/access-weidner/Access%20Denied.php

# Reference: https://asec.ahnlab.com/en/59590/
# Reference: https://otx.alienvault.com/pulse/6579b3e780b08a7717b8e895

ciso2ciso.com
prohomepage.net

# Reference: https://twitter.com/tiresearch1/status/1736447996139798978
# Reference: https://www.virustotal.com/gui/ip-address/27.102.134.69/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.102.134.69
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=85.239.53.121

ctp-forms.site
dewhales-capital.online
nps-ctrl.site
nps-email.store
nps-form.site
nps-host.site
nps-inform.store
nps-main.site
nps-messages.info
nps-post.site
nps-report.online
nts-email.site
nts-emails.site
nts-home.site
nts-info.site
nts-info.store
nts-mail.info
nts-mail.site
nts-mail.store
nts-message.info
nts-news.site
nts-news.space
nts-news.store
nts-notice.info
ntsmail.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.246.192/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.246.192

kepco.site
npscom.site
npsnews.space
nts-mails.site
nts-mails.space
nts-msg.space
ntsemail.space
ntsinf.space
ntsmails.space
ntsmsg.site
ntsnews.space

# Reference: https://www.virustotal.com/gui/ip-address/75.2.0.44/detection

1636.site
1661-0241-call.site
1666-7797.site
1800-7804-call.site
1800-7804-callcenter.site
1person-corperation.site
79artproject-part79.site
85tech-yoon.site
85yoons-channel.site
absofficial.site
aiactuary.site
all-pass.site
annainfo.site
antichilgok.site
antiseongju.site
aportal.site
artproject-part79.site
artproject79-part79.site
batterymonster.site
bisiness.site
bongbongmall.site
bookmaker-korea.site
brightedu.site
busineess.site
businness.site
buybit-cafe33.site
cafe-cahrtlab.site
cafe-chartcoin70.site
cafe-chartcoin82.site
cafe-coinchart80.site
cafe-coinchart90.site
cafe-ffree.site
cafe-ffreedom.site
cafe-investminjok.site
cafe-minjok8003.site
cafe-moneylab.site
cafe-naver-jyp.site
cafe-success.site
cafe-teamkim.site
cafe-tech25financial.site
cafe-winners-cu.site
cafe-winners.site
cafenaver-public.site
cafenaver-richbangbang.site
cashad.site
ch-kakao-jsi.site
chart-yoojinportfoli.site
chart119-portfolio.site
chart58-number58.site
chart72-portfolio73.site
cheongung.site
co-ex.site
coinwolrd100.site
comodono.site
coway1004.site
csj-kakao.site
csj-katalk.site
csj24-kakao.site
dcinside.site
decentraland.site
dogcatkalma24.site
drumdays.site
dukk.site
eamest-project.site
ehvvv.site
endlesspools.site
enrui.site
ethnic-invest.site
everyday-chekpoint.site
fianlss.site
fiestaholdings.site
finalasset.site
finance-yooneyportfolio.site
financial-factory.site
financial-navercafe.site
firegin.site
first-coin100.site
flower-portfolio77.site
fr-kakao.site
gkausehos.site
goldclass-sj.site
goldclassss.site
goldclassss79.site
goseoul.site
hallyu.site
hanjinboryeong.site
healstory.site
health-letter.site
healthguardiangel.site
healthinfor.site
healthinform.site
healthinformation.site
healthletter.site
healtytech-2011.site
heathletter.site
hletter.site
hodorl1988-tech.site
holroog.site
holybible.site
iberico.site
investing-life.site
investor-onepick.site
investor-people.site
jelq.site
jennieheo.site
jlcoupasmall.site
johnyoon.site
juanbandoubora.site
jypf.site
kakao-channel85yoon.site
kakao-coin2021.site
kakao-coinchart.site
kakao-cyj.site
kakao-goldgold.site
kakao-justit.site
kakao-mb365.site
kakao-mtk.site
kakao-sj.site
kakaotalk-br.site
kakaotalk-ch2020317.site
kimsoyeon.site
klip.site
kosdaq-portfolio.site
kospi-yusuhn.site
kospi3000-magazine.site
ksy-kakao.site
ksy-kakaotalk.site
ksy-katalk.site
l2loyal.site
leaserent.site
leehana-investment.site
leesj-kospicheck.site
limseong.site
littlekorea.site
liveing.site
lofni.site
lolproteam.site
lovvy.site
lqeiu.site
masksale.site
matched.site
maybeyo.site
metaplatform.site
miso-smartinvest.site
misojtec-magazine.site
misostock.site
mom-kakaotalk.site
moneychart33.site
moneyproject.site
naiver.site
naver-cafe2ace.site
navercafe-no1.site
navercafe-public.site
neever.site
neiver.site
newmisojt-rich.site
nolround.site
para10.site
paragon05.site
paragon10.site
pds79.site
pf-kakaotalk-cu.site
pf-kakaotalk-ku.site
pf-kakaotalk.site
pf1-kakaotalk.site
phallosan.site
pnguf.site
pokerace.site
powergin.site
prugio.site
rntpsxl.site
scrooge-coin.site
scrooge-finacial.site
sentmusic.site
sercont.site
shop-portfolio.site
sj-kakao.site
sj12-kakao.site
sj123-kakao.site
sj24-kakao.site
sj321-kakao.site
sj365-kakao.site
sjsj-kakao.site
snore.site
source-in25.site
success-tech.site
tam24.site
teamwork-upandup.site
tech-chartlist2000.site
tech-coinlist3000.site
tech-yhc85school.site
tech119sj-2017.site
techking.site
tfgse.site
totalrental.site
trandnjob.site
up-kakaotalk.site
volume-chartyoon.site
webcctv.site
winners-naver.site
wisdomwood.site
wonnetwork-asset.site
worldbit365.site
yeahaea.site
yoari.site
yooilhan.site
yooneymoney-coin.site
yooneymoney-investment.site
yoosuhyeonproject.site
zigum.site

# Reference: https://twitter.com/tiresearch1/status/1737044959780647342
# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.60/relations

nhis-news.store
nps-alert.space
nps-alert.store
nps-center.site
nps-center.store
nps-co.site
nps-co.store
nps-ctrl.space
nps-email.site
nps-home.site
nps-host.store
nps-inf.store
nps-io.space
nps-lib.site
nps-lib.store
nps-msg.site
nps-msg.store
nps-notices.site
nps-or.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.96/relations

nps-inf.site
nps-src.site
npsmsg.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.107.122/relations

naverzcope.com
nhis-news.site
upbits.site
naver.nhis-news.site
naver.nps-center.store
naver.upbits.site

# Reference: https://www.virustotal.com/gui/ip-address/141.164.58.132/relations

disquiet.site
gocgler.com
nts-alert.space
nts-emails.space
nts-homes.site
nts-homes.space
nts-homes.store
nts-mails.store
nts-tax.site
nts-tax.store
nts-views.space
ntsinf.site
ntsinfo.site
ntsmsg.space

# Reference: https://www.virustotal.com/gui/ip-address/141.164.43.213/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.43.213

npshome.site
npsmsgs.site
npsnews.site
npstax.site
ntsgov.site
wetax-mail.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.242.154/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.242.154

npsalert.site
npshomes.site
npsnew.site
npsnew.space
nts-inf.website
nts-mail.website
ntsboard.space
ntsbook.store
ntsbox.site
ntscustom.site
ntscycle.site
ntsemail.homes
ntsgo.site
ntshomes.space
ntsinf.website
ntsinfo.store
ntsmailer.homes
ntsmailer.website
ntsmailing.store
ntspayment.site
ntspays.site
ntspolicy.site
ntsports.site
ntspost.homes
ntspost.space
ntspost.website
ntsposting.homes
ntsreport.homes
ntsreport.store
ntsreviews.site
ntstaxes.site
ntsview.website
emv1.hometax.space
emv1.npsalert.site
emv1.ntsmailer.homes
emv1.ntsmailer.website
emv1.ntsmailing.store
emvl.ntsmailer.website
lcs.ntspost.website
mta-sts.npsalert.site
mta-sts.ntsemail.homes
mta-sts.ntsmailer.website
mta-sts.ntsmailing.store
naver.ntspayment.site
naver.ntspost.website
nidss.ntstaxes.site
shop.ntsemail.homes
shop.ntsposting.homes
smtpauth.ntsmailing.store
smtpmail.ntsmailing.store
vqqniarm.hometax.space
websitmta-sts.ntsgo.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.224.52/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.224.52

nts-alert.website
nts-home.website
nts-new.website
nts-poster.store
ntsinforms.website

# Reference: https://www.virustotal.com/gui/ip-address/141.164.60.65/relations
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.60.65

nts-alert.site
nts-email.store
nts-go.space
nts-inf.site
nts-info.space
nts-inform.space
nts-inform.store
nts-mail.space
nts-youtueb.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.140/relations

nts-inf.space
naver.nts-inf.space
naver.nts-inform.space
naver.nts-mail.space

# Reference: https://www.virustotal.com/gui/ip-address/158.247.222.75/relations

nts-notice.site
mid.nidscorp.site
naver.nts-tax.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.255.171/relations

nts-alert.store
nts-inf.store
nts-notice.store
naver.nts-inf.store
naver.nts-tax.store

# Reference: https://www.virustotal.com/gui/ip-address/27.102.129.79/relations

flyasianer.info
nps-view.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.130.51/relations

haishang.site
nps-news.site
nps-server.site
nps-service.site
nps-services.site
nps-view.store
weataxs.store

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.40/relations

navercorpe.com
nps-news.info
nps-post.store
uniteogram.live
webuniteogram.live

# Reference: https://www.virustotal.com/gui/ip-address/27.102.115.86/relations

nps-info.space

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.244/relations

fss-info.site
nhis-info.site
nps-info.site
nps-news.space
nps-service.xyz
weataxes.site
weataxs.space
youtubein.store
naver.nps-services.info
naver.weataxs.space

# Reference: https://www.virustotal.com/gui/ip-address/27.102.114.69/relations

crosscert.site
epeople.space
govenments24.site
haeshang.store
niduserunzcorp.site
weatax.site
weatecs.store
wetacs.site
wetacxs.online
wetacxs.site
wetaxc.store
wetaxces.site
wetazx.online

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.230/relations

ftcs.store
haeshang.site
linkedlri.site
wetacx.lol
wetacxs.club
wetax-home.lol
wetaxc.homes
wetaxce.store
wetazx.xyz
youtubein.online
youtubs.site
naver.check-youtube.info
naver.wetacxs.club
naver.wetaczx.lol
naver.youtubein.online
naver.youtubs.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.128.231/relations

wetax-home.space
wetax-io.space
wetaxc.beauty
wetaxcs.store
wetaxe.site
wetaxs.store
wetazx.website

# Reference: https://www.virustotal.com/gui/ip-address/27.102.132.182/relations

naverscope.com
nps-docs.space
nps-look.space
nps-report.space
naver.nps-docs.space
naver.nps-posts.store

# Reference: https://www.virustotal.com/gui/ip-address/95.164.44.60/relations

acountcorp.info
rememberapp.website

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.245/relations

nidconfirmes.site
nidnavescorp.online
nidvenify.online
userchecks.info
cc.nidvenify.online
lcs.nidvenify.online
myinfo.nidvenify.online

# Reference: https://www.virustotal.com/gui/ip-address/27.102.127.156/relations

drivesview.site
homtax.info
minwons24.info
nidnavecenter.info
nidnaver.homtax.info
niduserae.site
niduseran.site
niduseren.site
nidusernd.site
nidusernv.site
nidusracorp.site
nidusrnvcorp.site
nidusrsurcorp.site
xn--googls-7ua.com
lcs.niduseran.site
naver.niduseran.site
naver.niduseren.site
naver.nidusrsurcorp.site

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.67/relations

kakaoviwer.com
navearsuser.info
naveasuser.help
naverascorp.help
navrascorp.info
nidnaveainfo.help
nidnaverscorp.com
nidusernavers.help
accountkkcdn.kakaoviwer.com
accounts.kakaoviwer.com
ccountkkcdn.kakaoviwer.com
ibasrugpiah.kakaoviwer.com
lcs.naverascorp.help
nid.naverascorp.help
nid.nidnaveainfo.help
nid.nidnaverscorp.com
stat_tiarakakao.kakaoviwer.com
t1_daumcdnkakao.kakaoviwer.com

# Reference: https://www.virustotal.com/gui/ip-address/210.92.18.184/relations

gatensign.com
kakaosecure.com
natelogin.com
homemail.natelogin.com

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.243/relations

nate.com.ro
naver-settings.com
simcard-korea.com
mail.naver-settings.com
mgrkrpreview.naver-settings.com
mvideo.naver-settings.com
nklqnremote.naver-settings.com
preview.naver-settings.com
remote.naver-settings.com
srv.simcard-korea.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.67.154/relations

naveare.com
nid.naveare.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.102.237/relations

naevear.com
noticenate.com

# Reference: https://www.virustotal.com/gui/ip-address/165.154.230.146/relations

check-click.com
cookeechck.com
naver-url.com
noticeurl.com
redir-dns.com
sessionchck.com
sireonwar9.info

# Reference: https://www.virustotal.com/gui/ip-address/165.154.230.211/relations

driversgoogle.com
haenmaii.net

# Reference: https://www.virustotal.com/gui/ip-address/27.102.127.115/relations

chinakoreanews.com
driverqooqle.com
mybox-navers.com
naversinfo.help

# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.109/relations

drivergoogles.com
exchange-bybit.com
kakaologin.com
kakaotearn.com
naveraecorp.online
nidnaverauser.help
nidnavescorp.help
account.kakaologin.com
cc.naveasuser.help
cc.nidnaverauser.help
lcs.naveasuser.help
lcs.nidnaverauser.help
lcs.nidnavescorp.help
nid.naveasuser.help
nid.naveraecorp.online
nid.nidnaverauser.help
nid.nidnavescorp.help
rcaptchanid.nidnaverauser.help

# Reference: https://www.virustotal.com/gui/ip-address/27.102.130.113/relations

infonavera.com
naeverscorp.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.66.162/relations

global-bybit.com
gooogledocsview.com

# Reference: https://www.virustotal.com/gui/ip-address/108.177.235.15/detection
# Reference: https://www.virustotal.com/gui/ip-address/172.93.201.25/relations

acc-center.site
corpnavcenter.site
corprsecurity.tech
corpseccenter.site
havcorp.site
havecorp.link
havecorp.tech
haveecorp.site
haveorcorp.tech
havercorp.tech
havercorpteam.site
haverocorp.link
havoocorp.online
havoocorp.tech
havorcorp.link
havorcorp.online
havorcorp.site
havorcorp.tech
mailcorpcenter.online
mailcorpcenter.site
mailportalcenter.online
mailscropcenter.site
mailservicecenter.site
mailservicecenters.site
nauercorp.website
nauercorpteam.website
navaccountcenter.online
navcenter.xyz
navcorp.host
navcorp.link
navcorp.space
navcorp.website
navcorpctr.site
navcorpmanage.site
navcorpmanager.website
navcorpportal.xyz
navcorps.site
navcorpservice.site
navcorpservice.website
navcorpteam.website
navcrtr.online
navctrv.site
navcvcorp.online
naveacorp.tech
naveccorp.link
navecorp.online
navecorp.website
naveeccorp.tech
naveecorp.link
naveecorp.online
naveecorp.site
naveecorp.xyz
naveeecorp.site
naveeoocorp.link
naveeorcorp.tech
naveeoteam.site
naveercorp.online
naveloga.online
navelosa.host
naveoccorp.link
naveoccorp.online
naveocenter.link
naveocop.link
naveocorp.link
naveocorp.online
naveocorp.site
naveocorp.tech
naveoecorp.tech
naveogains.tech
naveologs.online
naveooccorp.online
naveoocorp.link
naveoocorp.online
naveoocorp.site
naveoocorp.xyz
naveorcorp.link
naveorcorp.online
naveorcorp.site
naveorcorp.tech
naveorteam.site
naveoscorp.link
naveoteam.online
naveoteam.site
naverocorp.online
naverocorp.tech
naveroocorp.link
naveroocorp.site
naverooteam.site
naverooteam.tech
naverorteam.online
naveroscope.tech
naveroteam.online
naveroteam.tech
navevcorp.link
navevcorp.online
navevcorp.site
navmailcenter.site
navocorp.link
navocorp.site
navocorp.tech
navoercorp.site
navoocorp.link
navoocorp.online
navoocorp.site
navoorcorp.link
navoorcorp.online
navoorcorp.site
navorcorp.link
navorcorp.xyz
navovcorp.online
navovcorp.site
navovcorp.tech
navpcenter.online
navpcenter.site
navportalcorp.site
navportalsec.site
navportalservice.site
navrcenter.site
navrcorp.tech
navrcorp.xyz
navrpcenter.site
navrrcorp.tech
navseccorp.link
navsecncenter.site
navsecnet.online
navsecorg.tech
navsecportal.tech
navsecportals.tech
navsecsite.tech
navsecteam.tech
navsecuritycenter.site
navsecuritycenter.tech
navsecuritycorp.link
navsecuritycorp.site
navsecurityportal.online
navsecvcorp.online
navservicecenter.xyz
navservicescenter.online
navserviceteam.site
navserviceucenter.site
navservicevcenter.site
navsvcorp.tech
navvccenter.online
navvcorp.host
navvcorp.link
navvcorp.online
navvcorp.site
navvctr.link
navveoocorp.online
navvocorp.online
navvrcorp.site
navvsecurity.site
navvtrs.site
nevercorp.site
nidnavcenter.site
nidseccenter.host
seccenter.online
secnavportal.digital
secportal.digital
secportal.link
securitycenter.link
securitycenter.space
setcenter.store

# Reference: https://www.virustotal.com/gui/ip-address/108.177.235.82/relations

aswxvn.site
cnnav.site
docnav.site
documentmanager.site
docvcenter.site
docvmanager.site
docvnac.site
gnasxa.site
mwnoer.tech
nanw.tech
nasverteam.tech
nasvwx.site
naswner.tech
nasws.site
nasxn.site
nasxws.site
navccteam.site
navcctr.online
navcerteam.site
navcestr.site
navcnx.site
navcorps.link
navcreteam.site
navcrtvr.site
navcrvrteam.site
navcrvsteam.site
navcstr.online
navcsvrr.site
navcsvteam.site
navcsvteam.tech
navcteam.online
navcteam.site
navctr.tech
navcvtr.site
navdoc.site
navectr.site
naveeteam.tech
naveocorps.link
naveocorpteam.tech
naveorrcorp.site
naveosteam.site
naverocorp.link
naverocorp.site
naverocteam.site
naverosteam.site
navevvteam.site
navewteam.tech
navmgr.site
navnrteam.site
navnteam.site
navnvrteam.tech
navoercorp.link
navoewcorp.online
navorcop.site
navrcorpteam.site
navrctrv.site
navreteam.tech
navsctr.site
navsdoc.site
navsecportal.site
navser.tech
navseteam.online
navsrteam.site
navssecurity.store
navstvr.site
navvnteam.site
navvocorp.site
navvrteam.site
navvsctr.site
navvsecurity.tech
navvteam.online
navvteam.tech
navxna.online
navxteam.tech
nawerteam.tech
nawsnx.site
nawxr.site
naxver.tech
ncwer.tech
neaver.tech
nevercorp.online
nevercorp.tech
neverrcorp.tech
newner.tech
nexwna.online
ngsxna.site
nidnavocorp.site
nresxn.xyz
nrexas.tech
nrexva.site
nrsxaw.site
nsverteam.tech
nsvn.tech
nswner.site
nswxn.site
nsxangs.online
nsxawsx.tech
nsxes.site
ntwsx.site
nvctr.tech
nvnana.site
nvnanmx.site
nvnans.site
nvnateam.site
nvnaxv.site
nvnnans.site
nvns.tech
nvnxa.tech
nvnxr.tech
nvswa.site
nvwna.online
nvwnna.site
nvwns.site
nvwxvr.site
nvwxwa.site
nwaener.tech
nwaxana.site
nwener.tech
nwner.tech
nwnsn.site
nwnsn.tech
nwnsna.site
nwnwer.tech
nwnx.site
nwnxn.tech
nwnxr.tech
nwnxs.site
nwrnr.tech
nwsax.site
nwscn.tech
nwsvxn.site
nwsvxn.tech
nwsxa.site
nwsxasdv.site
nwsxca.tech
nwsxn.site
nwsxns.site
nwxcvsa.online
nwxns.tech
nwxnvs.tech
nwxnw.site
nwxve.site
nwxxna.site
nxana.site
nxmnv.site
nxwener.tech
nxwesx.site
nxwn.tech
snwasdc.online
tksnxa.online
vmwna.site
vnwxna.site
vsxna.site
vvwsaman.site
vwxns.site
wasxxv.site
wnawx.site
wnvnxs.site
wredxas.site
wsaxns.site
wsnvx.site
wsxena.site
wsxna.site
wsxnxa.site
wsxvx.site
wxnsav.site
nid.navcctr.online
nid.navcter.site
nid.navcvtr.site
nid.navvrctr.site
ns.navscr.site

# Reference: https://www.virustotal.com/gui/ip-address/108.62.12.95/relations

anxines.tech
boxmcorp.tech
boxnavteam.tech
cloudalarm.space
cloudalarm.tech
cloudalarm.xyz
corpcenternav.site
corpsecnav.site
docnco.online
docnscorp.site
mailportalcenter.site
mvsenwas.tech
nacersa.tech
nacmnr.tech
nacner.xyz
naconavcenter.tech
nacsmr.site
nacsner.online
nacsnvr.online
nacsxr.online
nacxma.online
namcner.tech
namnr.online
namnvcr.xyz
namsnr.site
nanscr.tech
naoneos.site
naosnr.site
naosoner.online
naovser.online
nascver.online
nascxnr.online
nasmnar.site
nasmnr.online
nasmnsar.online
nasncar.site
nasvnr.site
naswnas.xyz
naswxnas.online
nasxmna.online
nasxnar.online
nasxnas.site
nasxne.online
nasxners.site
nasxnos.online
nasxnw.tech
nasxnwsa.online
nasxvnw.site
navcenterportal.site
navcmr.site
navcnsr.tech
navconr.site
navcorpcenter.site
navcorpctr.online
navcorpscenter.site
navcorpsecurity.site
navcorpserver.site
navcorpsite.online
navcorpssec.tech
navcorpsuppot.site
navcos.online
navcter.site
navcveteam.site
navcvteam.site
navcxna.site
naveccorp.site
navecorp.host
navecter.site
naveecorp.tech
navemr.online
navensv.tech
naveolink.online
naveoorcorp.link
naveoorteam.site
naveorrcorp.online
naveorrcorp.tech
naverorcorp.tech
naverovocorp.site
naverteam.tech
naverves.online
naverves.site
navfteam.site
navlinkcorp.online
navmailserver.site
navmser.xyz
navnxnr.xyz
navocsop.online
navoercorp.host
navorcorp.online
navportalcenter.site
navportalvcenter.link
navscvvr.site
navseccenter.site
navseccorp.online
navseccorp.site
navserveportal.site
navservicecenter.site
navsnnda.xyz
navsop.xyz
navswnsd.tech
navswnteam.online
navsxnw.online
navsxnws.xyz
navteamcorp.site
navvctr.tech
navvtr.site
navvtrr.site
navvtrw.site
navwsxn.online
nawmr.xyz
naxsmr.online
ncxmas.xyz
neasomr.xyz
necmas.tech
necomos.xyz
necxna.tech
nemrner.site
nemxna.site
nensoner.xyz
neocsr.tech
neodocteam.site
neomsa.tech
neoner.site
neonons.online
neonosa.tech
neonso.site
neoscope.site
neosmar.xyz
neosmn.site
neosmr.tech
neosn.online
neosn.xyz
neosnamr.tech
neosncr.online
neosner.site
neosnow.site
neosnr.online
neosnr.site
neosvn.site
nermner.online
neromr.site
neronr.site
nerosma.online
nerosma.tech
nerosmar.xyz
nerosmwr.tech
nerosn.site
nerosno.online
nerosno.xyz
neroso.site
nerosv.tech
nersmn.site
nersmw.site
nersnor.xyz
nersxna.online
nersxnas.online
nervesa.online
nesam.site
nesamar.site
nesamr.xyz
nesamw.site
nesamws.tech
nesans.site
nesansa.tech
nesanw.site
nesanx.tech
nesawos.site
nescoop.online
nesmar.site
nesmnaw.online
nesmnr.site
nesmnsr.xyz
nesmvr.online
nesmwsn.tech
nesnoas.site
nesnonr.tech
nesnop.site
nesnor.online
nesnor.xyz
nesnxma.tech
nesomar.xyz
nesomer.site
nesomnr.online
nesomnr.site
nesomwn.online
nesonor.xyz
nesvnx.site
neswmar.site
nesxamw.site
nesxga.site
nesxmos.site
nesxnar.online
nesxnas.online
nesxnw.online
nevesvr.tech
nevonr.online
nevosn.site
nevoxs.site
nevsoma.online
newnmr.site
newoner.online
nexams.online
nexmso.tech
nexner.tech
nexomo.online
nexoms.online
nexvnr.tech
ngnsxm.online
ngoner.tech
ngsxna.tech
nidcenter.online
nidnaverco.com
nidnavercorp.com
nidnavportal.site
nioner.online
nocmer.site
nocomer.tech
noesnas.xyz
noewrsxa.tech
nomaser.tech
nomasner.tech
nomoer.site
nomsna.tech
nomsner.xyz
nomvnr.tech
nomxn.tech
nomxna.online
nonosnas.online
nooconer.site
noosavo.xyz
noosxna.online
normer.xyz
norner.tech
nornvs.site
norosor.site
norosr.xyz
nosamer.tech
nosano.site
nosaomr.xyz
nosawner.online
nosdocvcorp.online
nosmaner.tech
nosmaner.xyz
nosmanr.tech
nosmer.site
nosmner.online
nosmnr.online
nosmoa.online
nosmoner.site
nosodmer.online
nosomr.xyz
nosvmer.site
noswms.site
nosxmo.site
nosxmoa.online
nouers.site
noumer.site
noumsr.online
nouonos.tech
nousmer.site
nownas.tech
noxmer.tech
nresxnas.site
nrexnas.online
nrnaror.online
nrosmw.online
nrosunr.xyz
nrsoma.tech
nrsxna.site
nrsxona.site
nsamnvar.site
nsaoner.tech
nsaonx.site
nscvcoop.online
nsmner.online
nsmwas.tech
nsnaso.tech
nsnmer.online
nsoma.online
nsomer.online
nsomer.tech
nsomor.site
nsvcorp.site
nswnexa.site
nsxndaas.site
nsxnso.online
nsxomar.online
nsxoner.online
nvacse.site
nvcxnz.tech
nvmsnw.online
nvnxer.tech
nvswsna.site
nvxner.xyz
nvxnos.xyz
nwnams.xyz
nwnerans.online
nwsnar.online
nwsxnas.site
nwxma.site
nxcnas.tech
nxmsiner.site
nxnnosna.online
scientisttest.digital
secmanageteam.site
secportaslnav.site
sndaxnds.tech
wsxnasv.online

# Reference: https://www.virustotal.com/gui/ip-address/23.82.128.163/relations

narrctr.site
nauermanager.website
navcen.site
navcorpvtr.site
navcrsteam.site
navcrteam.site
navcrvteam.site
navcsteam.tech
navcsvr.site
navcvr.site
navcvtr.online
naveteam.tech
navncenter.site
navrcteam.site
navrrteam.site
navrsteam.site
navscteam.site
navsecvrteam.site
navsecvteam.site
navsteam.site
navvctr.online
navvctr.site
navvctvr.site
navvrsctr.site
navvsctr.online
navvteam.site
navxteam.site
naxteam.site

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.4/relations

dmnscorp.xyz
nacnmcsa.tech
nacnvscorp.online
namcgmt.xyz
namcgst.link
namnscop.site
namvncgst.xyz
namvncs.site
namvncs.store
namvncst.xyz
nancsvcorp.tech
nanmsncorp.tech
nansamsncoasrp.site
nansamsncoassrp.site
napcorteam.site
navmncsas.online
navmncsas.site
navmncsavorp.online
navmncsavorps.online
navrnsvrp.online
nismnvcopa.shop
nismnvcorp.tech
nismnvscorp.tech
nismnvscorps.site
nismvnco.site
nmasncorp.online
nmnvcorp.site
nsmansps.xyz
nsmansva.xyz
nsmansvcorp.online
nsmansvcorp.site
nsmansvcorpav.online
nsmansvcorpavs.xyz
nsmncoteam.online
nsmnvsco.online
nsnvcorp.site

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.25/relations

namnvncorp.tech
nanmsncorp.site
navmncvorp.tech
navmnvcorp.online
navmonscorp.site
navmscorp.online
nismnvcop.shop
nismnvcop.tech
nisnavmco.tech
nsmanvcorp.site
nsmanvcorps.online
nsvmavcorp.online
nvnacorp.site
nvnacorp.tech
secportalnav.tech

# Reference: https://www.virustotal.com/gui/ip-address/23.106.124.26/relations

navnaver.com
nidnavern.com
nidnavero.com

# Reference: https://asec.ahnlab.com/ko/59933/
# Reference: https://otx.alienvault.com/pulse/658c565578c6361b0ed9617a

104.168.145.83:993
107.148.71.88:993
159.100.6.137:993
38.110.1.69:993
45.114.129.138:33890
45.114.129.138:5500
bitburny.kro.kr
bitthum.kro.kr
doma2.o-r.kr
dongdongdong.r-e.kr
my.dongdongdong.r-e.kr
my.topton.r-e.kr
nobtwoseb1.n-e.kr
octseven1.p-e.kr
tehyeran1.r-e.kr
topton.r-e.kr
update.ahnlaib.kro.kr
update.doumi.kro.kr
update.onedrive.p-e.kr
yes24.r-e.kr

# Reference: https://twitter.com/asdasd13asbz/status/1742105472466117032

http://122.155.191.33

# Reference: https://twitter.com/asdasd13asbz/status/1744279858778456325
# Reference: https://www.virustotal.com/gui/ip-address/216.189.159.197/relations
# Reference: https://app.validin.com/axon?source=DNS&limit=100&type=ip&find=216.189.159.197
# Reference: https://www.virustotal.com/gui/file/2e0ffaab995f22b7684052e53b8c64b9283b5e81503b88664785fe6d6569a55e/detection
# Reference: https://www.virustotal.com/gui/file/f8ab78e1db3a3cc3793f7680a90dc1d8ce087226ef59950b7acd6bb1beffd6e3/detection

aerosp.p-e.kr
bananat.p-e.kr
daysol.p-e.kr
ilnas.n-e.kr
kimyy.p-e.kr
kostin.p-e.kr
limsjo.p-e.kr
mexico.p-e.kr
namutech.p-e.kr
negapa.p-e.kr
netup.p-e.kr
olixa.p-e.kr
rotsis.r-e.kr
ssungmin.p-e.kr
winters.r-e.kr
zosua.o-r.kr
sefud.csproject.org
shocloud.awiki.org
aa.olixa.p-e.kr
ai.kostin.p-e.kr
ai.limsjo.p-e.kr
ai.namutech.p-e.kr
ai.negapa.p-e.kr
ar.kostin.p-e.kr
ca.bananat.p-e.kr
ce.aerosp.p-e.kr
er.mexico.p-e.kr
li.ssungmin.p-e.kr
main.winters.r-e.kr
ol.negapa.p-e.kr
pe.daysol.p-e.kr
qi.limsjo.p-e.kr
sa.netup.p-e.kr
uo.zosua.o-r.kr
ve.kimyy.p-e.kr
vm.rotsis.r-e.kr
vn.ilnas.n-e.kr

# Reference: https://twitter.com/malwrhunterteam/status/1745227981281231108
# Reference: https://twitter.com/asdasd13asbz/status/1746783476702158941
# Reference: https://www.virustotal.com/gui/file/84f4f2e77b6e59c1fe54360842821fbfc6cdab039f197147b30876ed7da3647c/detection

nmailapp.n-e.kr
sign.nmailapp.n-e.kr

# Reference: https://twitter.com/malwrhunterteam/status/1749549318766219485
# Reference: https://www.virustotal.com/gui/ip-address/173.214.164.75/relations
# Reference: https://www.virustotal.com/gui/ip-address/205.209.99.26/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.133.51.174/relations
# Reference: https://www.virustotal.com/gui/file/35ddb63c0729a7e3019c026865ea195607a51943d8867607a26c006f0df6e594/detection

acopfvy.store
acrob.shop
binavers.site
bindeo.tech
bnlopdlc.shop
cmytfvga.shop
corenavered.site
docloakc.online
docpoc.online
fomhl.fun
kololphcnv.shop
lfpa.website
locslf.website
lopaswec.shop
lopdgv.fun
mailcorp.tech
malilsopx.fun
mclvhoc.shop
mlodkf.online
moldoep.website
molgono.tech
mollcocmd.tech
mollsovop.fun
molsycl.shop
motivenaver.site
navei.online
naverpro.online
necxo.tech
nicorps.website
nidcorp.fun
obmonspc.online
octos.store
olcocmsl.tech
ploslacv.website
poskoca.shop
proteco.fun
riavercorped.site
sedlco.online
socrpa.store
soduci.online
solep.online
supwlmall.online
wedwec.online
wobsodm.tech
xclosldp.shop
/pkg/qsuw.php
/pkg/qsuw.php?cgimo=
/pkg/xyce.php
/pkg/xyce.php?mtahp=

# Reference: https://www.virustotal.com/gui/ip-address/216.219.80.170/relations

btcstack.site
naver-config.site
naver-delivers.site
naverservice.site
nidcorp.online
nidnaver.info
nidnavercorp.site
mail.naverservice.site

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.153/relations

aderto.store
afixer.store
ahesus.store
aiaitu.store
akites.site
aluces.site
baconer.site
berysu.site
bolun.site
cafung.online
cedoras.store
civilarys.store
cutagor.store
dacrorns.store
decasy.store
ghosfun.site
ghosteak3bordnhlp.shop
gproctecn3amckop.website
kionetaorg39hoaker.icu
kransfer349omeha.online
mksilencoa03coon.online
navecorps.com
naveralarm.com
naveralert.com
navercafe.info
nhopess.com
nidnaver.help
nidnaver.info
psetuplgmog0lan.online
zobkoreanck320fernst.website
api-talks.cedoras.store
emv1.akites.site
lcscorn.cedoras.store
mailcorn.cedoras.store
nid.cafung.online
nid.civilarys.store
nidcorn.cedoras.store
nidpilk.cedoras.store
nidpon.cedoras.store
sslcorn.cedoras.store
staticnidcorn.cedoras.store

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.75.158

asdzxcvbn.tech
bnxzsfgh.website
cananet.pe.kr
cvnnhbgvf.fun
emailservice.email
erdfcvwsx.fun
ertrfvcvb.tech
ertyuio.tech
fdgjksfiewr.tech
frgthyjuki.tech
gfhyfhg.shop
ghosfun.site
heros.sbs
hujikolp.fun
irony.cyou
kakaoservice.info
ktsp3.cananet.pe.kr
lmkjnhbgv.fun
logingmail.shop
lpokijmnuhb.tech
media-zabbix.xyz
mexcc.website
mnbvcxzasd.tech
navacallteam.shop
naverecenter.store
navernail.com
naverscorp.shop
navincteam.shop
nbmjhkgtb.tech
phealth.shop
ptighfeng.shop
pweicsd.shop
qbaby.shop
qecgfuteproas.shop
qweoifnc.shop
ranvocenart.store
registration-account.xyz
reinosdpool.site
reoncoao.store
revfdsvoino.store
rfvsdfghj.website
riocnsodea.store
rovnsaudcbiae.store
rtfgvbtyghbn.tech
sacnasopmn.store
sgoicaoe.store
sheocnsap.shop
sivnsdufe.shop
spoiencioser.shop
swenfdovin.shop
trueserver.art
trueserver.today
trygfhgf.website
ujmikolp.fun
vbnmtyu.website
wrcnsodfan.shop
xvcbgfrd.fun
yeivnsdke.shop
yhnujmikl.online

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.248

activemq.usage.store
akcunta22cooles.online
apache.activemq.usage.store
cocalex.store
dauo3mgoepcio.store
dianers.store
docsuris.store
ecoresar0minsites.icu
goedp4radnm.website
gproctecn3amckop.website
hdoaunem39dster.site
kakaoteam.site
kdouatr7hocnop.site
kl2dac0anploert.icu
makeverify.store
makinstac9aants.store
mc0nfaimstarknete.site
mdikcoad0m.store
mida23netkolcam.site
mitusbish3chinm.website
mksilencoa03coon.online
mofamail.homes
mofamail.shop
nastre0eakmavop.site
naverteam.center
nehoinv0icekom.site
nerdrtkpoamnder.site
nodkcl32doalkna.icu
org.apache.activemq.usage.store
sapraned90cnzla.store
uhda0pmaverpos.online

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.73

cawer.store
chosunmail.com
civilary.online
cogay.store
daurm.net
kakaoteam.site
navrcops.com
mail.daurm.net

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.77

acnura.store
aehuji.store
asrto.store
fogray.cfd
navers.co

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.246

ajoyable.store
busment.site
ducksale.store
naver.com.ro

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.113

ajoyable.store
akaysun.store
alohery.store
bisus.site
eaches.online
havercorp.com
ladacy.site
lucase.site
lusbow.site
cert.p-e.kr
countrysvc.p-e.kr
delcoo.o-r.kr
mail.havercorp.com
mail.navercom.org
mail.navercorp.ca
navercom.org
navercorp.ca
navers.cc
nid.cert.p-e.kr
filter.nsync.r-e.kr
login.countrysvc.p-e.kr
name.nprofi1e.kro.kr
ncore.o-r.kr
nprofi1e.kro.kr
nsync.r-e.kr
steps.ncore.o-r.kr
ttk.delcoo.o-r.kr

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=165.154.240.117

check-vhost.com
host-cookie.com
host-session.com
mail-urls.com
mailurlck.com
naver-cert.com
naver-click.com
naver-proxy.com
sites-domain.com
taryxo8a9b.info

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=210.92.18.165

naverdoc.com
navernotice.center
naverscan.com
oncloudvip.com

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=210.92.18.188

daum.net.ru
navernotice.center
naverscan.in.net
naverteam.net
onnostore.eu

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.251.235

kakaocop.eu
kr101483.in.net
kr410126.in.net
kr681730.in.net
navercop.eu
office8349.in.net
oksite.eu

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.243.42

kakaoccrp.com
naver-defend.com
naver-filter.com
naver-pages.com
naver-publish.com
naver-security.center
naver-teams.com
naver-vhost.com
navercorp.com.co

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.97.243.40

nate-files.com
naver-master.center
naver-profile.com
naver-protect.center
naverccrp.co
naverprivacy.center

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=61.14.211.149

haenmail.net
naver-links.com
naver-pdf.com
navercenter.com
navercorq.com
nid-check.ml

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.81.114

downloademaeil.com

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.255.79.204

dlive.ga
mail.dlive.ga
member.nidlogin.kro.kr
naveradmin.com.co
navernotice.com
naverpolicy.pw
naversupport.com.co
navor.co.com
nidlogin.kro.kr

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=211.104.160.81

cc.navermails.com
edaum.online
hostmaster.navermails.com
lcs.navermails.com
mail.naverccrp.org
mail.navermails.com
mail.naverteam.org
navar.co.cm
navar.com.co
naverccrp.org
navermails.com
naverpolicy.info
naverprotect.com
naversupport.net
naverteam.org
nid-otp.navermails.com
nid.navermails.com
nids.navermails.com
sslpstaticnet.navermails.com
staticnid-otp.navermails.com

# Reference: https://twitter.com/ArbaaWahidhamsa/status/1752346762759610558
# Reference: https://www.virustotal.com/gui/ip-address/45.58.52.104/relations

cert-auth.p-e.kr
cert-login.n-e.kr
file-cloud.r-e.kr
file-sec.n-e.kr
firterswer.r-e.kr
goldmelon.n-e.kr
gomplay.n-e.kr
jeonpriter2.r-e.kr
macdonald.n-e.kr
nanymanda.n-e.kr
nestros1.n-e.kr
operasik2.r-e.kr
ostras1.p-e.kr
peras1.n-e.kr
portgirl.r-e.kr
safeguard.r-e.kr
servicesheduler.p-e.kr
whalenvapp.n-e.kr
check.servicesheduler.p-e.kr
neer.firterswer.r-e.kr
sign.whalenvapp.n-e.kr
update.jeonpriter2.r-e.kr

# Reference: https://twitter.com/tiresearch1/status/1752713847033729176
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.49.199

koreanair.website
nts-inform.website
npsnews.website
ntsalert.website
ntshomes.website
ntsinform.store
ntsinform.website
ntsmailing.homes
ntsnews.store
ntsnews.website
ntsview.homes
ntsviewer.homes
ntsviewer.store
ntsviews.homes

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.197.219

nts-email.website
nts-homes.website
nts-msg.website
nts-viewer.website
ntsalert.space
ntsapps.space
ntscope.space
ntsctrls.space
ntscustomer.site
ntshelp.space
ntsinform.space
ntsmailer.site
ntsmailing.space
ntsoffer.shop
ntsoffer.site
ntsoffer.store
ntspayer.space
ntspays.space
ntspolicy.store
ntsports.space
ntsposter.space
ntsposting.website
ntsposts.store
ntsviewer.space
secure-center.site
wetax-home.site

# Reference: https://twitter.com/tiresearch1/status/1752968430880469031
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=141.164.62.12
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.204.87
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.208.76
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.214.14
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.239.225
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.242.154
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.247.162
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.102.128.79

authuser.online
checkpermission.cloud
com-flight.space
gcogle.site
hometax-post.site
hometax.space
hometaxcs.site
hometaxctrl.site
hometaxes.space
hometaxes.store
hometaxs.site
inetpost.site
les-girls.top
navarcope.space
npsauth.site
npscare.site
npscmd.site
npsnote.site
npsnotice.site
npsrule.site
npssign.site
nts-kr.site
nts-mail.homes
nts-post.homes
ntsadmin.site
ntsalert.site
ntsapp.site
ntsapp.store
ntsapps.site
ntsapps.store
ntsbox.space
ntscard.site
ntscart.site
ntscenter.site
ntscenter.space
ntscentre.site
ntscentre.space
ntscontact.site
ntscope.online
ntscope.site
ntscorp.site
ntscorp.space
ntscustom.space
ntsdocs.site
ntsdocs.space
ntsdocs.store
ntsgo.space
ntshelps.space
ntshelps.store
ntshomes.shop
ntshomes.site
ntsinform.site
ntsinforms.site
ntsjob.site
ntslogin.site
ntslogin.store
ntsmail.space
ntsmailing.site
ntsmain.site
ntsmain.space
ntsmid.site
ntsnew.homes
ntsnew.site
ntsnew.space
ntsnew.store
ntsnews.homes
ntsnotice.site
ntsoffer.space
ntsorder.site
ntsorg.site
ntsorg.space
ntsorg.store
ntspayable.site
ntspayer.site
ntspc.site
ntspolicy.space
ntsports.store
ntspost.shop
ntsposter.homes
ntsposter.site
ntsposting.store
ntsreport.shop
ntsreviews.space
ntsroom.site
ntssign.site
ntssign.space
ntstaxes.space
ntstel.space
ntsto.site
ntsto.space
ntsusers.site
ntsusers.store
ntsviewer.site
ntsviews.shop
ntsviews.space
ntsward.site
ntsxhome.site
profuso.life
safecenter.site
sinsa.online
tnt-home.site
tossbenk.online
lcs.ntsposter.site
naver.ntsmailing.site
naver.ntsposter.site

# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=27.102.129.48

myconferms.info
securitygooqles.com
service-googlces.info

# Reference: https://www.virustotal.com/gui/ip-address/27.102.106.66/relations

memconfirm.info
nidconfirms.info
nidcorp.info
nidcorpmember.info
nidmember.info
nidmemcorp.info
niduserna.site
nidusersncorp.site
nidusertn.site
nidusrecorp.site
nidusrnscorp.site
nidusrstecorp.site
shares-view.com
transfer-dosi.world
userconfs.info
cc.userchecks.info
lcs.userchecks.info
lcs.userconfs.info
naver.nidcorp.info
naver.nidusrecorp.site
naver.userchecks.info
naver.userconfs.info
wa11ets.transfer-dosi.world

# Reference: https://twitter.com/tiresearch1/status/1754407046873784592
# Reference: https://www.virustotal.com/gui/ip-address/27.102.101.26/relations

naaverascorp.com
navearcorps.help
nidnaavers.com
nidnaveasrv.help
nidnavesecorp.help
ninavaracorp.site
nts-info.website
nts-mailer.website
nts-news.website
nts-poster.website
nts-viewer.store
ntsmailing.website
ntsmails.store
ntsviews.store
api.infonavera.com
cc.naversinfo.help
cc.nidnavescorp.help
cc.nidnavesecorp.help
ccid.infonavera.com
cs.kakaocop.eu
dev.infonavera.com
idv.kakaocop.eu
lcs.navearcorps.help
lcs.naversinfo.help
lcs.nidnavesecorp.help
lcsid.infonavera.com
login.infonavera.com
m.infonavera.com
mailid.infonavera.com
mailid.nidnaavers.com
nid.infonavera.com
nid.navearcorps.help
nid.naversinfo.help
nid.nidnaavers.com
nid.nidnavesecorp.help
nid.ninavaracorp.site
sslid.infonavera.com
stage.infonavera.com
staticnidid.nidnaavers.com

# Reference: https://twitter.com/RexorVc0/status/1753322889716084823
# Reference: https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247522061&idx=1&sn=22e56ee213d9e5229371ad3e082ebfab&chksm=ce461c1df931950b245134a250b6bf4bea489d75b556cb450548569c0c6d50d3bacc00a8efe0&scene=178&cur_album_id=2867627575890837505#rd

ek.com/js/sub/aos/dull/down1/r_enc.bin
ek.com/js/sub/aos/dull/down1/show.php
kyungdaek.com/js/sub/aos/dull/down1/123.hwp
kyungdaek.com/js/sub/aos/dull/down1/lib.php
kyungdaek.com/js/sub/aos/dull/down1/list.php
kyungdaek.com/js/sub/aos/dull/down1/r_enc.bin
meatalk.com/pg/adm/tdr/upi/down0/lib.php
meatalk.com/pg/adm/tdr/upi/down0/list.php
meatalk.com/pg/adm/tdr/upi/down0/r_enc.bin
meatalk.com/pg/adm/tdr/upi/down0/show.php
siloamclinic.com/js/slick/up/down0/lib.php
siloamclinic.com/js/slick/up/down0/list.php
siloamclinic.com/js/slick/up/down0/show.php
siloamclinic.com/js/slick/up/down1/r_enc.bin
vwellpain.com/js/sub/up/down1/r_enc.bin

# Reference: https://twitter.com/tiresearch1/status/1755116984235114701
# Reference: https://app.validin.com/axon?source=DNS&type=ip&find=158.247.194.199
# Reference: https://www.virustotal.com/gui/ip-address/141.164.35.7/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.50.24/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.41.218/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.59.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/141.164.61.162/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.194.199/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.200.209/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.248.158/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.254.237/relations

acckr.online
acckr.store
ackr.link
ackr.online
belieview.com
cenv.space
cenv.store
cnkr.online
cnkr.store
ecnv.site
edcloud.store
edkcloud.cloud
edkcloud.online
edoc-kr.online
edocs-kr.cloud
edocs-nv.online
edocs-nv.space
edocs-nv.store
escnv.online
estnv.online
estnv.space
estnv.store
fscns.xyz
gemnv.online
gemnv.space
hlnv.store
hnsc.space
krcp.online
krcp.store
maillive.click
mailsvc.fun
mngkr.cloud
mngkr.fun
mngkr.host
mnksc.cloud
mnksc.host
mnsvc.icu
mnsvc.tech
mnvsc.online
mnvsc.store
nbkr.online
nbkr.space
nckr.space
ncloud.click
ncloud.host
ncloud.uno
ncplus.click
ncplus.site
ncvsr.tech
ncvts.online
ncvts.store
ndoc-kr.host
ndoc-kr.info
ndoc-kr.site
ndoc-kr.space
ndoc-kr.store
ndoc.digital
nhis-cloud.online
nhis-cloud.site
nhis-doc.store
nhis-edoc.cloud
nhiskr.cloud
nhiskr.fun
nhiskr.online
nhiskr.site
nhiskr.space
nhiskr.tech
nhissvc.cloud
nhissvc.space
nhskr.online
nhskr.space
nhskr.store
nldoc-kr.cloud
nmsvc.icu
nmsvc.online
nqcloud-edoc.site
nscentre.online
nskr.online
nskr.space
nskr.store
nsrv.link
nsrv.store
ntskr.cloud
ntskr.online
nvclup.link
nvclup.online
nvclup.space
nvclup.store
nvdocs.store
nvkr.link
nvkr.space
nvkr.store
nvpr.info
nvpro.art
nvpro.host
nvpro.info
nvsc.cloud
nvsc.press
prodocs.cloud
prodocs.tech
psnv.store
pvnr.online
pvnr.store
scenv.cloud
scnr.store
sdoc-kr.cloud
sdoc-kr.host
sdoc.cloud
shnvr.store
sknet.space
sknet.store
srcnv.icu
ssnv.cloud
stnv.online
stnv.site
xvideos-kr.com
bakingschool.belieview.com
bobae.belieview.com
cpanel.ncloud.host
daum.belieview.com
dev.ndoc-kr.space
dmarc.edoc-kr.online
edocs.acckr.online
edocs.acckr.store
edocs.cenv.store
edocs.cnkr.online
edocs.cnkr.store
edocs.ecnv.site
edocs.krcp.online
edocs.krcp.store
edocs.nbkr.space
edocs.nckr.space
edocs.nscentre.online
edocs.nskr.space
edocs.nvclup.store
edocs.nvkr.store
edocs.nvpr.info
edocs.nvpro.art
edocs.nvpro.info
edocs.nvsc.cloud
edocs.nvsc.press
edocs.sdoc.cloud
edocs.shnvr.store
edocs.stnv.online
emv1.prodocs.tech
mta-sts.prodocs.tech
naver.belieview.com
ncentral.ncloud.host
noc.ncloud.host
ns1.ncloud.host
ns2.ncloud.host
owa.mngkr.fun
postgresql.edkcloud.cloud
postmaster.edkcloud.cloud
quasarzone.belieview.com
shop.sdoc-kr.host
superset.mnksc.host
tsc.estnv.online
tsc.estnv.store
tsc.gemnv.online
tsc.hnsc.space
tsc.mnvsc.online
tsc.ncloud.host
tsc.ncloud.uno
tsc.ncvts.online
tsc.ncvts.store
view.edkcloud.cloud
view.edocs-nv.space
view.mngkr.cloud
view.mngkr.fun
view.mngkr.host
view.mnsvc.icu
view.mnsvc.tech
view.nhis-cloud.online
view.nhis-cloud.site
view.nhis-doc.store
view.nhis-edoc.cloud
view.nhiskr.cloud
view.nhiskr.online
view.nhiskr.site
view.nhiskr.tech
view.nhissvc.space
view.nhskr.online
view.nldoc-kr.cloud
view.nmsvc.online
view.nqcloud-edoc.site
view.nsrv.link
view.nsrv.store
view.ntskr.online
view.nvclup.online
view.nvclup.space
view.nvclup.store
view.nvdocs.store
viewer.edkcloud.cloud
webdisk.ncloud.host

# Reference: https://twitter.com/hypen1117/status/1755502188078755857
# Reference: https://medium.com/s2wblog/kimsuky-disguised-as-a-korean-company-signed-with-a-valid-certificate-to-distribute-troll-stealer-cfa5d54314e2

coolsystem.co.kr

# Reference: https://www.virustotal.com/gui/ip-address/158.247.200.183/relations

fsceit.cloud
fscsies.info
navnsrc.cloud
navserv.cloud
nhitalk.online
nhseco.store
nqcloud-edoc.site
ntihosp.site
mail.navserv.cloud
motu.nhseco.store
nhos.nhseco.store
view.fsceit.cloud
view.navnsrc.cloud
view.navserv.cloud
view.nhitalk.online

# Reference: https://www.virustotal.com/gui/ip-address/158.247.232.100/relations

dlndocs.site
heisof.mom
htxpost.site
moecsxet.fun
moschck.store
mossrv.site
moxcei.online
niddocs.site
nidedoc.cloud
ntcloud-edoc.site
ntcloude.site
ntidocs.site
ntihosp.site
oiwoske.store
secdoc.site
settingdirect.org
uugirl.vip
emv1.dlndocs.site
emv1.htxpost.site
emv1.ntcloud-edoc.site
emv1.secdoc.site
gvidfaas.htxpost.site
hostmaster.secdoc.site
ldrssbkg.htxpost.site
mail.htxpost.site
motu.moecsxet.fun
motu.moschck.store
mta-sts.dlndocs.site
mta-sts.htxpost.site
mta-sts.ntcloud-edoc.site
view.dlndocs.site
view.htxpost.site
view.moecsxet.fun
view.moschck.store
view.mossrv.site
view.niddocs.site
view.nidedoc.cloud
view.ntcloud-edoc.site
view.ntcloude.site
view.secdoc.site

# Reference: https://www.virustotal.com/gui/ip-address/31.220.76.170/relations

htxpost.site
navedocs.site
navnsrc.cloud
navsvcs.cloud
niddocs.site
nidedoc.cloud
ntcloudn.site
ntcloudo.site
ntclouds.cloud
ntclouds.site
ntsvc-edoc.cloud
ntsview.store

# Reference: https://www.virustotal.com/gui/ip-address/158.247.210.44/relations

bstsba.store
cotnek.store
eabtaa.store
edocs-mid.site
edocs-moseid.site
gov24-kr.site
gyufy.site
hlomein.store
hokimc.store
hrnksel.store
kemtkao.store
mois-daot.site
mois-view.site
monews.store
mosgov.site
mpas-kr.site
mtpeck.store
nhosrv.site
ntaview.site
sadbta.site
sceasnse.store
seltsnb.click
ssbee.store
stisent.fun
tsaehne.cfd
tsnua.site
emv1.mosgov.site
mosi.ntsvc-edoc.cloud
mosi.ntsview.store
mta-sts.mosgov.site
si.ntsvc-edoc.cloud
view.ntcloudo.site
view.ntsvc-edoc.cloud

# Reference: https://www.virustotal.com/gui/ip-address/141.164.62.17/relations

abyocs.store
ayjaent.bond
btinah.lol
edocs-center.site
etockmid.site
hmktsc.store
hodcts.store
hsects.store
htsseh.store
konctw.lol
moedocs.store
mois-kite.site
moishlwkt.site
moscheck.site
moscloud.online
mosiview.online
mosplay.fun
mpas-kr.site
navedocs.site
nmsvc-edoc.cloud
ntcloudn.site
ntclouds.site
shymh.lol
sydsh.store
ujdyph.lol
vrteocs.store
mosi.mosiview.online
mosi.ntclouds.site
post.navedocs.site
read.hsects.store
read.moedocs.store
view.mosplay.fun
view.navedocs.site
view.nmsvc-edoc.cloud
view.ntcloudn.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.254.159/relations

nts-post.website
ntshome.website
ntsinfo.website
ntsmail.website
ntsmailer.store
ntsmsg.website
ntsposter.website
emv1.ntshome.website
emv1.ntsmail.website
emv1.ntsposter.website
lcgwihug.ntsposter.website
mta-sts.ntshome.website
mta-sts.ntsinfo.website
mta-sts.ntsmailer.store

# Reference: https://www.virustotal.com/gui/ip-address/158.247.239.225/relations

authuser.website
checkhuman.site
checkpermission.site
checkpermission.website
documentsvievv.com
fssorg.site
gocgledrive.store
goglesign.site
goocgles.com
googlces.com
hankyung.site
koreariair.space
kvoting-home.online
kvoting-send.online
nhis-org.site
nhismailing.site
nts-doc.online
ntsctrls.store
ntshelp.site
ntsmailer.space
ntsmailing.site
ntsposter.site
ntsposting.space
ntsviewer.site
phonemanagers.info
rememberapp.cloud
so-team.cloud
so-unlock.online
so-unlock.website
team11.website
user-manage.site
lcs.ntsnews.space
mta-sts.ntsmails.space
shop.ntsboard.space
shop.ntspost.space
store.ntspost.space
websitmta-sts.ntsgov.site
ntsmail.websitmta-sts.ntsgov.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.226.241/relations

npsposter.site
npsposter.space
npsviewer.site
npsviewer.space
ntsinforms.space
emv1.npsviewer.site
mta-sts.npsviewer.site

# Reference: https://twitter.com/asdasd13asbz/status/1758007194963071067
# Reference: https://www.virustotal.com/gui/ip-address/45.195.69.28/relations

45.195.69.28:14275
binace.homes
binaces.homes
masnail.shop
aas.com/inc/basl/up1/show.php

# Reference: https://twitter.com/tiresearch1/status/1758443520405184764
# Reference: https://www.virustotal.com/gui/ip-address/64.176.225.245/relations

navarcope.site
news-nps1.site
nps-sends.site
npsnote.site
npsreview.site
npssign.space
ntsadv.site
ntscorp.store
ntsgrp.site
ntsmid.space
ntspage.space
ntsroom.store
rskey.buzz
wetax-notice.site
wetax-notice.space
wetax-pay.online
wetax-pay.site
wetax-pay.space
wetax-pay.store
emv1.npsnote.site
emvl.npsnote.site
naver.wetax-pay.online

# Reference: https://twitter.com/tiresearch1/status/1762039064528908737

edocs-all.site
edocs-high.site
edocs-hope.site
edocview.online
edsafety.online
nhiskr.store
nhkr-docs.online

# Reference: https://www.virustotal.com/gui/ip-address/158.247.210.247/relations

fscns.online
nhis-doc.space
nscentre.cloud
nsrv.space
nvdocs.online
dev.nvdocs.online
emv1.nhis-doc.space
emv1.nscentre.cloud
emv1.nvdocs.online
mta-sts.nvdocs.online
view.nhis-doc.space
view.nhiskr.store
view.nsrv.space
view.nvdocs.online

# Reference: https://twitter.com/JangPr0/status/1761961131319681453
# Reference: https://twitter.com/asdasd13asbz/status/1762014640274637280
# Reference: https://www.virustotal.com/gui/file/f262588c48d2902992ffd275d2be6362fe7f02e2f00a44ab8c75ac1a2827c6e9/detection

dgartway.kr

# Reference: https://twitter.com/asdasd13asbz/status/1762382877638160789

ncallserveiqnxme.store
/teamnavcorphost/enzmenaiexz/ajemzneij/team.php
/teamnavcorphost/enzmenaiexz/
/ajemzneij/team.php?suseeid=

# Reference: https://twitter.com/tiresearch1/status/1762743004601921709

apcorp.homes
kapacloud.homes
memavers.pics

# Reference: https://www.virustotal.com/gui/ip-address/141.164.39.174/relations

abyiase.store
cmseny.store
criaoeh.store
heinsk.online
hoscke.store
koetle.store
ktstore.store
menoks.online
mois-kr.site
reaotnd.store
sdcey.store
tockeam.store
tsceeh.store
viewer.mois-kr.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.215.195/relations

agsbte.store
cdktne.store
csebte.store
ekdotns.site
htchoc.store
mois-com.site
mois-env.site
moisnews.site
moissctic.site
sctseit.store

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-02-22-v10538/1399

civilizations.store
countrysvc.pe.kr
navigation.cc
navermail.online.korea
newnotification.server.korea
ned.newnotification.server.korea
nmail.navermail.online.korea
nsvc.mail.server.korea
taxservice.pe.kr
upbit-service.pe.kr
upbit2024.re.kr

# Reference: https://www.virustotal.com/gui/ip-address/45.66.249.5/relations

dosi-team.world
indeede-checks.site
indeede-confirm.online
indeede-homes.site
membersecure.online
notice-irshome.site
notify-bestbuy.site
pay-dosi.world
services-ledqer.info
usercheckonlines.site
usersinfocheck.site
shop.ntsemail.space

# Reference: https://twitter.com/Cyberteam008/status/1765624539273183623

accoints-google.com-guide.site
accounts-google.com-guide.site
accounts-gooqle.com-guide.site
accounts.o-r.kr
accountsdon.kakaoaccouts.store
accountseses.mofamail.shop
accountsnot.kakaoaccouts.store
accountsuey.kakaoaccouts.store
add-contact.p-e.kr
afoinoin.shop
aieiqyeizniqopao.store
allowlogin.shop
allrecieve.online
api-talks.memavers.pics
bd.n-blog.o-r.kr
billions168.com
ccalo.memavers.pics
cnbvhuiop.fun
com-guide.site
dev.kakaoteam.site
dndon.kakaoaccouts.store
dneses.mofamail.shop
domainkey.cloudown.store
dsaewqcxz.website
eaziaieoqyzmdiaotea.store
emv1.docsuris.store
emv1.mofamail.homes
emv1.mofamail.shop
emv1.usage.store
eoquqowizateua.store
httpswwwalo.memavers.pics
jr168jr.com
lcsalo.memavers.pics
lcspene.mofamail.shop
link.new-doc.p-e.kr
mailalo.memavers.pics
mta-sts.docsuris.store
mta-sts.makeverify.store
mta-sts.usage.store
naizieoqiaeyua.store
naizjeiqmzoeha.store
naizmehzosaxolawiq.store
naizmeoqnaizeoaosier.store
naizoqiayzoaijae.store
ncyberteamcall.store
new-doc.p-e.kr
nguardteam.store
nid-naver.memavers.pics
nid.add-contact.p-e.kr
nidalo.memavers.pics
nidpele.mofamail.shop
nidper.navecorps.com
nidporn.cloudown.store
nidporn.kakaoaccouts.store
nids.memavers.pics
nie.nts-news.p-e.kr
ntinfo.o-r.kr
nts-news.p-e.kr
nziqoaiqozniws.store
oiequziqiwery.store
pcvnbduie.tech
poeiqyaizoeiaywoaise.store
poilkjmnb.fun
qwaszxedc.tech
qwaszxqaz.online
qwerfdsa.online
qwertyu.fun
rzdzociaoeaieoqnzid.store
server.add-contact.p-e.kr
smaths.lat
sslalo.memavers.pics
stat_tiaraeses.mofamail.shop
staticnidalo.memavers.pics
t1_daumcdneses.mofamail.shop
talktalk.emailservice.email
unc.ntinfo.o-r.kr
vbfgrtyhn.website
vghfjrui.site
wazioajieitoquazoeis.store
werqasdf.website
wwwalo.memavers.pics
youtube.accounts.o-r.kr
zieiqyueoaizneoqiwer.store
zneiqmzieniaie.store

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.138/relations
# Reference: CERT_FINGERPRINT-HOST: 2a0612870a6fc14d4a9579f96bf8a0f1b2b762e2

accoouts.online
alal.online
api-talks.naverscorp.shop
apps.navecorps.com
ccid.navincteam.shop
ccpon.naverscorp.shop
compnservice.store
confirmin.shop
emv1.naverscorp.shop
gcogle.online
gfp.veta.naverscorp.shop
itgnorsg.wrcnsodfan.shop
lcspon.naverscorp.shop
makeauth.biz
minggamevies.com
nahostpresssec.store
nasecteamcall.store
navacallsim.shop
navacallteam.store
navasyssecteam.shop
navcallservteam.shop
navctrcentrecall.shop
naveraccomngr.shop
naveraccount.store
navercompany.shop
navercompany.store
naverconfirm.store
naverconsol.store
navercorpcom.store
navercorps.store
navercyberteam.store
naverereact.store
naveresecurity.shop
navereservice.store
naverguard.store
naverinc.shop
naverinc.store
naverscorp.store
naverscropsecurity.store
naversecurity.store
naverservice.store
naverservicehuck.store
naversscorp.shop
naverteam.store
navmakesecteam.shop
navsecservicesee.shop
navteamsol.shop
ncallservaeiwoq.store
ncompcyberdef.store
ncompcyberteam.store
ncompcyble.store
ncompgover.store
ncompservice.store
ncompservteam.store
ncorpservaieaiw.store
ncropsecteam.shop
ncussoc.shop
ncussol.shop
ncustcol.shop
ncustomseccenter.store
ncustomsecteam.store
ncyberdefender.store
ncyberguard.store
ncyberteam.store
ncybfeaceteam.store
ncyblecenter.shop
ncybleteamhelp.store
ndefenseteamsol.shop
ndomainservsec.store
nedrsecteamservice.store
ngoverteam.store
nhelpaccountcenter.store
nhelpcenter.store
nhostmailtan.store
nhostservicecmo.store
nhostservmarktet.store
nid.navercompany.shop
nid.naverecenter.store
nid.naverscorp.shop
nid.naverservice.store
nid.navincteam.shop
nid.ncustomsecteam.store
nid.nsechelpteam.store
nidhelpcenter.shop
nidnaverservice.shop
nidnaverteam.shop
nidnavteamtanu.shop
nidnservice.shop
nidnteamcall.shop
nidpon.nsechelpteam.store
nincsecteamcall.store
nmservicecompany.store
npresscorp.store
nsabteamseccall.store
nsafehelpcenter.online
nseccenterpress.store
nsechelpteam.store
nsecservice.store
nsecteamcall.shop
nsecteamservice.shop
nsecteamservice.store
nsecuteamservice.store
nseicmzneizmeiqnx.store
nservcompaie.store
nservhostmark.store
nservhostwordsec.store
nservicecalleianze.shop
nservicecenter.store
nservicecompany.store
nservicehelp.store
nservicehelpcenter.store
nservicemanager.store
nserviceprice.store
nserviceseccenter.store
nservicesecteam.store
nservicetallship.store
nserviceteamhost.store
nserviceteamsec.store
nservicetoolsec.store
nservsectran.store
nservteamsellaie.store
nsolsimhelpserv.store
nteamservpress.store
nteamservtool.store
nthdefteam.shop
ntreanservicesec.store
orignauth.lol
peace.gcogle.online
policy.navincteam.shop
retry.today
rnvosdinrgf.sacnasopmn.store
secteamofnava.store
soundcaptchanidid.navincteam.shop
sslpon.naverscorp.shop
tivan.naverscorp.shop
uaefnoi.shop
ubasncos.shop
ucaeoinmo.shop
udoirfno.shop
unikorea.go.ci
veta.naverscorp.shop
wwwcorpid.navincteam.shop
wwwid.navincteam.shop

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.247/relations

dapacloud.store
kdiacloud.store
ncorpserver.online
ncushelpserver.top
ndefenderhome.store
nfeaceteamhelp.store
nfrayteam.top
nhelpcentercall.store
nhelpcenterserver.store
nhelpservercom.store
nsafehomeservice.store
nsheriffcom.store
nid.ncorpserver.online

# Reference: https://www.virustotal.com/gui/ip-address/210.92.18.172/relations

naveracc.com
naveraccount.info
naverhelp.org
navermail.net
sunrnail.com
tiktikcdn.site
auth.navermail.net
imap.navermail.net
mail.navermail.net
mail1.navermail.net
mx.navermail.net
nid.naveraccount.info
nid.naverhelp.org
nid.navermail.net
pop.navermail.net
pop3.navermail.net

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.236/relations

naverccrp.com
naverpw.com
nca.naverccrp.com
nid.naverccrp.com
nid.naverpw.com
nidpron.cloudown.store
verifyseprise.store
xn--nid-mo0a.naverccrp.com

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.244/relations

check2.download
com2.download
nid2-naver.date
accounts.kakao.com-user.pw
accountsetse.mofamail.shop
daum.net-confirm.com-user.pw
kakao.com-user.pw
live.bwimg.net
logins.daum.net-confirm.com-user.pw
named.kim53.com
naver.com-user.pw
net-confirm.com-user.pw
nid.naver.com-user.pw

# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.76/relations

accountseros.usage.store
accountskakao.mailcorp.eu
accountsoka.kakaocops.info
accountsosi.kakaocops.info
accountsotik.kakaorg.info
accountsute.kakaoaccouts.store
accoutskakao.mailcorp.eu
ahost.galleryleebae.com
btym.mailcorp.eu
cafe.mailcorp.eu
cclogin.navermail.click
comic.mailcorp.eu
google.notifi.o-r.kr
helpnaver.mailcorp.eu
horang.info
kakaocops.info
kakaorg.info
kin.mailcorp.eu
land.mailcorp.eu
lcslogin.navermail.click
mail.mailcorp.eu
maillogin.navermail.click
mailnaver.mailcorp.eu
map.mailcorp.eu
morase.info
ms.knn24.com
mybox.mailcorp.eu
netmg.info
news.mailcorp.eu
nidlogin.navermail.click
nidnaver.mailcorp.eu
noti.mailcorp.eu
notifi.o-r.kr
section.cafe.mailcorp.eu
sh.kakaocops.info
sports.news.mailcorp.eu
ssllogin.navermail.click
sslnaver.mailcorp.eu
stat_tiarakakao.mailcorp.eu
staticlogin.navermail.click
staticnidnaver.mailcorp.eu
stock.mailcorp.eu
t1_daumcdnkakao.mailcorp.eu
toran.info
uuzd.mailcorp.eu
vbqs.mailcorp.eu
weather.mailcorp.eu
webmail.navermail.click
wwwnaver.mailcorp.eu

# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.75/relations

navercrrp.com
nid.naverc0rp.com
nids.navercrrp.com

# Reference: https://www.virustotal.com/gui/ip-address/165.154.240.149/relations

mofamail.eu
officmail.homes

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.220/relations

accounthome.store
accountsign.store
accountsinfo.shop
accountsuser.store
asigninfo.store
authenpotal.click
connectserver.store
yescerse.store
emv1.wrcnsodfan.shop

# Reference: https://www.virustotal.com/gui/ip-address/159.100.29.38/relations

documentstoreservice.store
rtyyhnfghvb.shop

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.156/relations

foundaterity.quest
logingmail.homes
login.gcogle.online
login.logingmail.homes

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.163/relations

corpskoredunet.online
niduser2cops.tech

# Reference: https://www.virustotal.com/gui/ip-address/8.218.16.183/relations

antivmailnets.website
bnmbn.fun
bnmbnm.fun
cibersecploices.tech
ciberuser2cops.online
corpskoredunet.online
ebooksgumkrn.online
ekorbookhomes.tech
elibalertkorn.website
erer.online
erer.shop
ertedcrfv.fun
forkmaniolibs.shop
grpciberuserns.online
gukmindown.online
gukminyeongum.website
har5libsntola.website
invocedown.tech
invoicee.online
jonghui.online
kukmindown.website
logginnldsignup.tech
maverbooksio.tech
mcorp.website
mewvict0korps.tech
mingukdown.tech
minkukdown.online
mkinkibrarys0n.store
navorrnailcorps.tech
navur2userkinfs.site
nhisloggonin.tech
nidcops.tech
nidenvoicekr.online
nidsignin.online
niduser2cops.tech
nkoruserinfo.website
nkrop.online
nkropsnet.tech
nldelibscenter.shop
nldgggnnn.fun
nldlogggon.online
nldlogginon.website
nldloggonin.fun
nldloggonin.tech
nldlogin.online
nldsingin.shop
npkrbooknets.website
npkrlibs.online
npsebooklibs.online
nuser2guardman.website
nuser2secinfos.tech
nuserguards.website
onlinbookshome.online
onlynsis.website
pkrodmorps.tech
popogh.online
qwewsxzxc.tech
qwqw.website
reconlong.site
rfvedcdfg.fun
ri0tgmhostpn.cloud
thermclvergard1c.site
tyty.tech
tyuyhnghj.tech
uiui.shop
vcvcmn.website
vnvnlioe.fun
yeongumkornet.online
yhnujmtyu.tech
znznloey.online

# Reference: https://www.virustotal.com/gui/ip-address/45.192.162.121/relations

ekorguidecom.website
invoicenid.tech
kraccntsbooks.shop
miduserinfo.website
ncorpsinfos.online
nidusecorps.online
ninfokrops.online
nkidsecorps.tech
npkoruserconf.tech

# Reference: https://twitter.com/wwp96/status/1338460606983237638
# Reference: https://www.virustotal.com/gui/ip-address/23.106.122.194/relations

account-live.p-e.kr
edoc.linkpc.net
edoc.p-e.kr
gdiver.store
gdiver.website
invo1ce.p-e.kr
m-nidlogin.n-e.kr
m-nidlogin.o-r.kr
m-nidlogin.r-e.kr
m-nidlogin.work.gd
mlogin.p-e.kr
mybox.p-e.kr
n1dlogin.p-e.kr
narerlogin.p-e.kr
naver-edoc.kro.kr
nband.p-e.kr
nid1ogin.p-e.kr
nidiogin.kro.kr
nidiogin.p-e.kr
nidnarver.p-e.kr
nldconfirm.p-e.kr
nldiogin.p-e.kr
nldlogin.o-r.kr
nldlogin.p-e.kr
notify-mybox.p-e.kr
nps.p-e.kr
onedrive.linkpc.net
onedrive.n-e.kr
onedrive.p-e.kr
postgresql.gdiver.store
postman.gdiver.store
postmaster.gdiver.store
uidlogin.p-e.kr
upbitmain.online
update-mybox.r-e.kr
wetax.p-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/185.177.59.180/relations

inv0ice.p-e.kr
mybox.p-e.kr
naver-verify.n-e.kr
naver1ogin.p-e.kr
nidnarver.n-e.kr
nmybox.p-e.kr
npay.r-e.kr
rnybox.n-e.kr
rnybox.p-e.kr
uidlogin.kro.kr
uidlogin.n-e.kr
uidlogin.r-e.kr

# Reference: https://twitter.com/asdasd13asbz/status/1768465386931200203
# Reference: https://pastebin.com/GBPMY2qH

a-dam79.com/adm/mail/img/poll/auto_n.php
aftkor.com/gnuboard4/adm/img/ttttt/auto_n.php
aismedu.com/gnuboard4/adm/img/pill/auto_n.php
bestallblue.com/gnuboard4/adm/img/pill/auto_n.php
blackboxas.net/gnuboard4/adm/img/poll/auto_n.php
blueheart8.com/gnuboard4/adm/img/ttttt/auto_n.php
bookthemiracle.com/gnuboard4/adm/img/ttt/auto_n.php
bstill.kr/gnuboard4/adm/img/poll/auto_n.php
bumyoungkorea.co.kr/gnuboard4/adm/img/poll/auto_n.php
canaanwood.com/adm//mail/img/pill/auto_n.php
cgm-korea.com/gnuboard4/adm/img/ttttt/auto_n.php
cheilcorp.com/gnuboard4/adm/img/pill/auto_n.php
cicctv.co.kr/gnuboard4/adm/img/poll/auto_n.php
cnsspirits.com/adm/mail/img/poll/auto_n.php
daeilefc.co.kr/gnuboard4/adm/img/poll/auto_n.php
daero8488.com/gnuboard4/adm/img/poll/auto_n.php
dbcsc.net/gnuboard4/adm/img/poll/auto_n.php
dils.co.kr/gnuboard4/adm/img/poll/auto_n.php
dmcpvd.co.kr/gnuboard4/adm/img/poll/auto_n.php
donkatsu.co.kr/gnuboard4/lib/pill/auto_n.php
dooroolove.com/gnuboard4/adm/mail/img/pill/auto_n.php
dynamic-auto.co.kr/gnuboard4/adm/img/pill/auto_n.php
eatondesignlap.com/gnuboard4/adm/img/poll/auto_n.php
ejufamily.com/gnuboard4/adm/img/pill/auto_n.php
gaonled.com/gnuboard4/adm/img/pill/auto_n.php
gluckesearch.com/adm/mail/img/poll/auto_n.php
hanaimfood.com/gnuboard4/adm/img/ttt/auto_n.php
hanatps.com/gnuboard4/adm/img/ttttt/auto_n.php
hangangindustry.com/gnuboard4/adm/img/ttttt/auto_n.php
harangpro.com/gnuboard4/adm/img/pill/auto_n.php
hbe-food.com/gnuboard4/adm/img/ttt/auto_n.php
hgcns.com/gnuboard4/adm/img/pill/auto_n.php
hnkai.com/gnuboard4/adm/img/pill/auto_n.php
hwajinsystem.com/gnuboard4/adm/img/pill/auto_n.php
hyokwang.com/gnuboard4/adm/img/ttttt/auto_n.php
i-jadeview.com/gnuboard4/adm/img/poll/auto_n.php
ifixle.com/gnuboard4/adm/img/ttttt/auto_n.php
ilec.co.kr/gnuboard4/adm/img/pill/auto_n.php
jungdamfs.com/gnuboard4/adm/img/ttttt/auto_n.php
khomestory.com/gnuboard4/adm/img/poll/auto_n.php
koharich.com/gnuboard4/adm/img/pill/auto_n.php
kolabs.kr/gnuboard4/adm/img/poll/auto_n.php
kotfa.org/gnuboard4/adm/img/poll/auto_n.php
kunyoungtsc.com/gnuboard4/adm/img/pill/auto_n.php
kyungin119.com/gnuboard4/adm/img/ttt/auto_n.php
lgensolsamunozo.com/adm/mail/img/poll/auto_n.php
madephotostudio.com/adm//mail/img/pill/auto_n.php
minervaauctionedu.com/adm/mail/img/poll/auto_n.php
misugum.com/gnuboard4/adm/img/pill/auto_n.php
munjungday.net/gnuboard4/adm/img/poll/auto_n.php
nainenc.com/gnuboard4/adm/img/ttt/auto_n.php
nanovalley.co.kr/gnuboard4/adm/img/poll/auto_n.php
ouscompany.com/gnuboard4/adm/img/ttt/auto_n.php
pjk.co.kr/gnuboard4/adm/img/poll/auto_n.php
reujin.com/gnuboard4/adm/img/pill/auto_n.php
revolutionenm.com/adm/mail/img/poll/auto_n.php
segangenc.com/gnuboard4/adm/img/pill/auto_n.php
shin-ji.com/gnuboard4/adm/img/ttttt/auto_n.php
simsansc.com/gnuboard4/bbs/adm/img/pill/auto_n.php
sisileae.com/gnuboard4/adm/img/pill/auto_n.php
smartonecnd.co.kr/gnuboard4/adm/img/poll/auto_n.php
soltechkorea.co.kr/adm/img/poll/auto_n.php
soridesignart.com/gnuboard4/adm/img/pill/auto_n.php
ssglnd.com/gnuboard4/adm/img/pill/auto_n.php
stayattwenty.com/gnuboard4/adm/img/pill/auto_n.php
studionewgimmick.com/gnuboard4/adm/mail/img/auto_n.php
sungsimmh.com/gnuboard4/adm/img/pill/auto_n.php
tes30.com/gnuboard4/adm/img/pill/auto_n.php
thevanart.com/gnuboard4/adm/img/pill/auto_n.php
uriveservicecenter.com/gnuboard4/adm/img/ttt/auto_n.php
vkoreaent.com/adm/mail/img/poll/auto_n.php
yunwoo-tech.com/gnuboard4/adm/img/ttt/auto_n.php
zurifilm.com/gnuboard4/adm/img/ttt/auto_n.php
/adm//mail/img/pill/auto_n.php
/adm/img/poll/auto_n.php
/adm/mail/img/poll/auto_n.php
/gnuboard4/adm/img/pill/auto_n.php
/gnuboard4/adm/img/poll/auto_n.php
/gnuboard4/adm/img/ttt/auto_n.php
/gnuboard4/adm/img/ttttt/auto_n.php
/gnuboard4/adm/mail/img/auto_n.php
/gnuboard4/bbs/adm/img/pill/auto_n.php
/gnuboard4/lib/pill/auto_n.php

# Reference: https://twitter.com/lazarusholic/status/1768842172332409052
# Reference: https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247495843&idx=1&sn=7965885f6dc8503c7fc49b7002816d13&chksm=f9c1c3aaceb64abcf4ee0b127600eed9c4013a3aaa1a7af7fb3d222b9264b365eed9fb475028&scene=178&cur_album_id=1915287066892959748#rd
# Reference: https://www.virustotal.com/gui/file/ec2289a3a53f7979c88d17eb20fed48ba79a9ff7ee448a0dc7c7d2e5a21a2338/detection

http://165.154.230.24
ba-reum.co.kr/adm/status/down/
ba-reum.co.kr/adm/status/down/lib.php
ba-reum.co.kr/adm/status/down/show.php

# Reference: https://www.virustotal.com/gui/ip-address/64.176.228.101/relations

nhwmcis.cloud
account.nhwmcis.cloud
view.nhwmcis.cloud

# Reference: https://www.virustotal.com/gui/ip-address/158.247.201.192/relations

hometaxctrl.online
hometaxsc.site
nidsign.info
nidsigns.info
ntsapp.space
ntscarts.site
ntsctrls.site
ntscustoms.store
ntsgroups.site
ntshelps.site
ntslogin.shop

# Reference: https://www.virustotal.com/gui/ip-address/156.67.74.68/relations

nts-notics.site

# Reference: https://www.virustotal.com/gui/ip-address/145.14.153.49/relations

nts-notice.online
ntshomes.online

# Reference: https://twitter.com/blackorbird/status/1770708478908141762
# Reference: https://asec-ahnlab-com.translate.goog/ko/62117/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp

http://210.16.120.210
fitting-discrete-lemur.ngrok-free.app
real-joey-nicely.ngrok-free.app
minish.wiki.gd

# Reference: https://www.genians.co.kr/blog/threat_intelligence/dropbox

aymdtt.co.kr
dddon.kr
gbionet.com
iso3488.co.kr
regard.co.kr
strehab.com

# Reference: https://www.virustotal.com/gui/ip-address/27.102.118.175/relations

airsbnb.site
custom-center.online
goocgle.site
ntsauth.info
ntsauth.shop
ntsauth.site
ntscheck.info
ntscheck.site
ntslog.cloud
ntsxhome.site
ntsxhome.space
polarisoffice.site
safe-guard.world
saramin.cloud
accountkkcdn.ntsxhome.space
accounts.ntscheck.info
accounts.ntsxhome.space
daumcdnkakao.ntscheck.info
daumcdnkakao.ntsxhome.space
stat_tiarakakao.ntscheck.info
stat_tiarakakao.ntsxhome.space
t1_daumcdnkakao.ntscheck.info
t1_daumcdnkakao.ntsxhome.space
tiarakakao.ntscheck.info
tiarakakao.ntsxhome.space

# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.62/relations

hometaxnews.site
ntsadv.shop
ntsapp.shop
ntshome.shop
ntspage.shop
ntsreview.shop
ntsreview.site
naver.hometaxnews.site
smtp.ntspage.shop

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.180/relations

hometaxpost.site
ntsactive.store
ntsmail.shop
securemails.site

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.85/relations

ntsposts.shop
wetax-app.store
wetax-news.store
wetax-post.shop
wetaxnews.store
wetaxpost.site

# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.144/relations

custom-centre.site
hometaxalert.site
nts-mail.shop
ntsactive.shop
ntsemail.shop
ntsmails.shop
ntsposting.shop
ntstax.shop

# Reference: https://twitter.com/Cyberteam008/status/1782322894649045403

centes.info
documentview.site
memberslogin.info
paintboard.icu
rememberesapp.info
taxsevices.online
tradingvievv.website
usermanagers-confirmation.site
userscheck.info
zebracalculator.cloud
cc.ntsoffer.shop
emv1.memberslogin.info
emv1.npscmd.site
emv1.ntsxhome.site
gov.taxsevices.online
lcs.ntsapps.space
lcs.ntsoffer.shop
naver.hometaxctrl.online
naver.ntsapps.space
naver.ntsoffer.shop
naver.ntsoffer.site
oatviemv1.npsnews.website
outlook.memberslogin.info
outlook.usermanagers-confirmation.site
qkbimemv1.npsnews.website

# Reference: https://twitter.com/asdasd13asbz/status/1783715045576421574
# Reference: https://www.virustotal.com/gui/ip-address/152.32.243.152/relations

nabsouer.store
nasaer.online
nasaer.pro
accountsmil.nasaer.pro

# Reference: https://twitter.com/tiresearch1/status/1783772091827048670
# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.167/relations

nts-views.shop
wetax-app.shop
wetax-app.site
wetax-app.space
wetax-news.shop
wetax-news.space
wetaxapp.site
wetaxnews.shop
wetaxnews.space
wetaxpost.shop
wetaxpost.space

# Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations

wetax-app.cloud

# Reference: https://twitter.com/peterkruse/status/1783780154407354370
# Reference: https://www.virustotal.com/gui/ip-address/101.36.114.180/relations

cblmq.space
dretubvcn.cc
gkjoiup.store
gmasalk.store
gnodona.store
gplokio.site
jaasdvc.cc
jsgqkjz.cn
kadaomal.site
npmhxx.top
oknghbvn.cc
zzddwzm.cn

# Reference: https://twitter.com/ValidinLLC/status/1783799879422050349
# Reference: https://twitter.com/ValidinLLC/status/1783802467987144777
# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.216/relations
# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.152/relations

credtmail.site
flyasiana.online
koreaair.site
koreaair.store
koreanairs.site
koreansair.shop
koreansky.site
nts-mail.xyz
ntsapps.shop
ntscheck.org
ntsmail.xyz
ntsmailers.site
ntsmailers.space
ntsmailings.shop
ntsmailings.store
rememberapp.info
rememberapp.shop
rememberapp.space
wetaxmailer.shop
wetaxmailer.site
wetaxnote.site
cc.ntsmailings.shop
lcs.ntsmailings.shop
mail.ntsmailings.shop
naver.ntsmailings.shop

# Reference: https://twitter.com/ValidinLLC/status/1785403121323090320
# Reference: https://www.virustotal.com/gui/ip-address/154.205.138.75/relations

koreaair.shop
linkedlri.cloud
nexons.shop
saramin.site
wetax.online
wetax-check.site
wetax-check.space
emv1.koreaair.shop
emv1.linkedlri.cloud
emv1.nexons.shop
lcs.koreaair.shop
naver.koreaair.shop
ww1.wetax.online
ww12.wetax.online
ww7.wetax.online

# Reference: https://twitter.com/ValidinLLC/status/1785405519684923887
# Reference: https://app.validin.com/detail?type=ip&find=91.236.230.63#tab=resolutions
# Reference: https://www.virustotal.com/gui/ip-address/91.236.230.63/relations

home-id.me
indeed-main.info
linkedlri.cloud
linkedlri.info
moneysupersmarket.info
octopurs.energy
revoults.online
tradingsveiw.com
trandingveiws.com

# Reference: https://twitter.com/ValidinLLC/status/1785409099397583043
# Reference: https://www.virustotal.com/gui/ip-address/147.45.116.49/relations
# Reference: https://app.validin.com/detail?type=ip&find=27.255.81.112
# Reference: https://app.validin.com/detail?find=38.181.23.5&type=ip4&ref_id=80fcc8fd69b#tab=resolutions
# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.112/relations

ac.dll.r-e.kr
accountsmil.mysnu.info
alert.wiki
corn.city
daurn.in.net
dll.r-e.kr
dnmil.mysnu.info
dongfan.r-e.kr
erro.live
fbtws.xyz
fc1aax.top
fc1aqw.top
fc1cvc.top
fc1dgc.top
fc1eee.top
fc1hgre.top
fc1hhg.top
fc1wef.top
fc1zs.top
fc1zxl.top
ffx1aax.top
ffx1aqw.top
ffx1cvc.top
ffx1dgc.top
ffx1eee.top
ffx1hgre.top
ffx1hhg.top
ffx1wef.top
ffx1zs.top
ffx1zxl.top
ffx2aax.top
ffx2aqw.top
ffx2cvc.top
ffx2dgc.top
ffx2eee.top
ffx2hgre.top
ffx2hhg.top
ffx2wef.top
ffx2zs.top
ffx2zxl.top
ffx3aax.top
ffx3aqw.top
ffx3cvc.top
ffx3dgc.top
ffx3eee.top
ffx3hgre.top
ffx3hhg.top
ffx3wef.top
ffx3zs.top
ffx3zxl.top
ffx4aax.top
ffx4aqw.top
ffx4cvc.top
ffx4dgc.top
ffx4eee.top
ffx4hgre.top
ffx4hhg.top
ffx4wef.top
ffx4zs.top
ffx4zxl.top
ffx5aax.top
ffx5aqw.top
ffx5cvc.top
ffx5hgre.top
ffx5wef.top
ffx5zs.top
ffxxaax.top
ffxxaqw.top
ffxxcvc.top
ffxxdgc.top
ffxxeee.top
ffxxhgre.top
ffxxhhg.top
ffxxwef.top
ffxxzs.top
ffxxzxl.top
fxxcaax.top
fxxcaqw.top
fxxccvc.top
fxxcdgc.top
fxxceee.top
fxxchgre.top
fxxchhg.top
fxxcwef.top
fxxczs.top
fxxczxl.top
jx3kked.top
jx3mndf.top
rwy5asw.top
rwy5cww.top
rwy5dff.top
rwy5qwf.top
rwy5zxs.top
kgrnail.cloud
kmr.o-r.kr
mail.alert.wiki
mb.newspaper.o-r.kr
md.kmr.o-r.kr
md.notebook.n-e.kr
messge.info
mybox.website
mysnu.info
nabercorp.download
navkatok.eu
nehelp.es
newspaper.o-r.kr
hani.nabercorp.download
nid.navkatok.eu
nislo.life
notebook.n-e.kr
ns1.rwy5dff.top
olpop.store
ps.newspaper.o-r.kr
relogin.pro
sd.kmr.o-r.kr
up-api1-kage.mysnu.info

# Reference: https://twitter.com/cyberwar_15/status/1788723681981776203
# Reference: https://www.genians.co.kr/blog/threat_intelligence/facebook
# Reference: https://www.virustotal.com/gui/file/0edde253fb0ade6700fdeb278b33eeecfd470e4fc72503158854f3a18ee5665a/detection

rapportdown.lol
brandwizer.co.in
makeoversalon.net.in

# Reference: https://twitter.com/blackorbird/status/1790589046663889113
# Reference: https://mp.weixin.qq.com/s/5dYkd9ZpjllHoUK31DywJg

nid.oksite.eu

# Reference: https://x.com/asdasd13asbz/status/1791390914038149339
# Reference: https://www.virustotal.com/gui/ip-address/94.131.120.80/relations
# Reference: https://www.virustotal.com/gui/file/ce97a3e7a8c964a3300ebc940fdbed335c55f008afafc5cfc3f6661b5a5a4446/detection
# Reference: https://www.virustotal.com/gui/file/3314b6ea393e180c20db52448ab6980343bc3ed623f7af91df60189fec637744/detection
# Reference: https://www.virustotal.com/gui/file/24a42a912c6ad98ab3910cb1e031edbdf9ed6f452371d5696006c9cf24319147/detection

uberlingen.com
download.uberlingen.com
dihl-defence.o-r.kr
uberlingen.n-e.kr
viewers.r-e.kr
ecloud.uberlingen.n-e.kr
online.viewers.r-e.kr
share.dihl-defence.o-r.kr

# Reference: https://x.com/MichalKoczwara/status/1792925748568756258

216.189.159.34:443

# Reference: https://www.virustotal.com/gui/ip-address/216.189.159.34/relations

ac0unt.p-e.kr
altool.p-e.kr
app.awiki.org
banditool.kro.kr
etherap.kro.kr
etherlab.kro.kr
lincom.co.kr
melony.n-e.kr
nidnhnlogin.kro.kr
nidnhnv.kro.kr
nvcert.kro.kr
onedriver.n-e.kr
serviceinfo.p-e.kr
slmgr.r-e.kr
telegramer.n-e.kr
yes24service.n-e.kr
app.lincom.co.kr
login.etherap.kro.kr
login.etherlab.kro.kr
m.nidnhnlogin.kro.kr
m.nidnhnv.kro.kr
nid.nhncert.p-e.kr
sign.ac0unt.p-e.kr
sign.nvcert.kro.kr

# Reference: https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html
# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage
# Reference: https://www.virustotal.com/gui/file/30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213/detection

http://216.189.159.34

# Reference: https://x.com/1ZRR4H/status/1793873968471970214
# Reference: https://www.virustotal.com/gui/ip-address/67.217.62.219/relations
# Reference: https://www.virustotal.com/gui/file/cca1705d7a85fe45dce9faec5790d498427b3fa8e546d7d7b57f18a925fdfa5d/detection
# Reference: https://www.virustotal.com/gui/file/5b3cc9cced1ef0cb0bba5549cc2ac09c49ae10554d2409ea16bc5e118d278c15/detection

imagedownload.ignorelist.com
share-defence.uberlingen.com

# Reference: https://asec.ahnlab.com/ko/65918/

http://104.36.229.179
http://38.110.1.69
http://91.228.218.7
103.20.235.113:1433
104.36.229.179:1521
104.36.229.179:53
109.248.151.179:53
45.95.18.100:1433
45.95.18.14:3306
45.95.18.14:53
91.228.218.7:53
aslark.kro.kr
aslark1.kro.kr
devf.n-e.kr
gokr.hopto.org
kelton.myftp.org
kepir.p-e.kr
kevinblog.ddns.net
lazor.kro.kr
lfgu.n-e.kr
luvb.n-b.kr
my.shoping.kro.kr
navver.o-r.kr
shoping.kro.kr
w3.navver.o-r.kr
yah00.o-r.kr

# Reference: https://x.com/Syndikalist/status/1795580218524209537
# Reference: https://app.validin.com/detail?find=%3A%3A%3A%22author%22%3A%22MXMMCCCXLV%22&type=raw&ref_id=61b5fc3677e#tab=host_pairs_v2

alphadex.io
blockworks.one
plutonians.tech
tokenworks.io
wanblibang.com.cn
i.wanblibang.com.cn
labs.plutonians.tech

# Reference: https://x.com/MichalKoczwara/status/1795741150675976207

atlanticacouncil.org.youramys.com
atlanticcouncil.youramys.com
drive.wilsoncenter.0rg.us
drive.wilsoncenter.port0.org
drives.youramys.com
mnlp.quest
naververify.p-e.kr
note.iiiii.info
oso-usps.com
signin-ym.quest
uidlogin.o-r.kr
wilsoncenter.0rg.us
wilsoncenter.port0.org

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/2024-05-28-kimsuky-webshell.pdf
# Reference: https://www.virustotal.com/gui/ip-address/220.73.161.81/relations

dgms.or.kr
lkh.co.kr/eng/data/ncdos
lkh.co.kr/eng/data/myid.php

# Reference: https://x.com/ginkgo_g/status/1796111368346636743
# Reference: https://www.virustotal.com/gui/file/0538e16bef5fc9f4ab0ed0b370601ae3bc5d184e75d3be678c98e6a60bf533b9/detection
# Reference: https://www.virustotal.com/gui/file/0538e16bef5fc9f4ab0ed0b370601ae3bc5d184e75d3be678c98e6a60bf533b9/detection

orientedworld.com/wp-content/plugins/health-check/pages/gorgon1/

# Reference: https://x.com/k3yp0d/status/1796124876975071247
# Reference: https://www.virustotal.com/gui/file/c1f1ce81115bed45c594aeeb92adb687bb04478cb40bb9dab538277d0c8cc13e/detection

orbotech.info
customer.orbotech.info
ns1.orbotech.info

# Reference: https://x.com/k3yp0d/status/1796125023570141321
# Reference: https://www.virustotal.com/gui/file/cfdc7747b716be5817ce1bc76decfb3e1b27113545a01558ed97ab5fd024c53e/detection

comisioffline.com
visioffline.comisioffline.com

# Reference: https://x.com/k3yp0d/status/1796125289623244963
# Reference: https://www.virustotal.com/gui/file/e5fbaab1270deb86b419abb348f19c2b9afd6e5c2e151c4d0869f6c5d889e029/detection

visioffline.com

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.7/relations

flyasiane.online
koreanaire.online
nts-check.site
nts-doc.cloud
nts-home.cloud
nts-home.online
nts-korea.cloud
nts-note.cloud
nts-note.site
nts-post.online
ntskorea.cloud
ntskr.site
ntspost.cloud
cc.nts-check.site
cc.nts-home.cloud
cc.ntscheck.org
cc.rememberapp.info
lcs.nts-check.site
lcs.nts-home.cloud
lcs.ntscheck.org
lcs.rememberapp.info
lcs.wetax.online
mail.ntscheck.org
mait.nts-check.site
mait.nts-home.cloud
mait.ntscheck.org
mait.rememberapp.info
mid.ntscheck.org
naver.nts-check.site
naver.nts-home.cloud
naver.ntskorea.cloud
naver.rememberapp.info

# Reference: https://x.com/Cyberteam008/status/1797456640305922243
# Reference: https://x.com/asdasd13asbz/status/1797564135468859613
# Reference: https://www.virustotal.com/gui/file/000e2926f6e094d01c64ff972e958cd38590299e9128a766868088aa273599c7/detection
# Reference: https://www.virustotal.com/gui/file/cca1705d7a85fe45dce9faec5790d498427b3fa8e546d7d7b57f18a925fdfa5d/detection

accounts.login.idm.uberlingen.com
apphelloworld.crabdance.com
download-attachments.mooo.com
en.uberlingen.com
ns1.uberlingen.com
ns3.uberlingen.com
paypal.uberlingen.com
playboys.chickenkiller.com

# Reference: https://x.com/JangPr0/status/1798144205128392774

http://152.32.139.83

# Reference: https://www.virustotal.com/gui/ip-address/141.164.37.141/relations

apideb.site
gmsta.store
lifegoeson.pics
ntskorea.online
ntsmsg.online
uboam.com
apis.lifegoeson.pics
myaccount.lifegoeson.pics

# Reference: https://www.virustotal.com/gui/ip-address/108.181.51.101/relations

fsc-notify.info
kdca.site
kisa-home.site
emv1.kisa-home.site

# Reference: https://www.virustotal.com/gui/ip-address/38.54.88.5/relations
# Reference: https://app.validin.com/detail?find=38.54.88.5&type=ip4&ref_id=37a81bfc5ea#tab=resolutions

custom-team.com
nts-help.cloud
nts-view.cloud
ntsalert.cloud
ntsalerts.cloud
ntsctrl.cloud
ntsctrl.icu
ntsctrls.icu
ntsdoc.icu
ntsdocs.cloud
ntsdocs.online
ntshelp.cloud
ntshelp.icu
ntshelp.online
ntshelps.cloud
ntshome.icu
ntshome.online
ntshomes.icu
ntspost.icu
ntsposts.icu
ntstax.cloud
ntsview.cloud
ntsview.icu
ntsview.online
ntsviews.cloud
cc.ntsalert.cloud
cc.ntsdocs.cloud
emv1.custom-team.com
emv1.nts-view.cloud
emv1.ntsalert.cloud
emv1.ntsdoc.icu
emv1.ntsdocs.cloud
emv1.ntsdocs.online
emv1.ntshelp.icu
emv1.ntsview.icu
lcs.ntsalert.cloud
lcs.ntsdocs.cloud
naver.ntsalert.cloud
naver.ntsdoc.icu
naver.ntsdocs.cloud
naver.ntshome.icu

# Reference: https://www.virustotal.com/gui/ip-address/108.181.51.101/relations

koreansair.cloud
noution.co
ntshome.cloud
ntsmail.cloud
wetaxc.cloud

# Reference: https://x.com/Huntio/status/1827010159597728157
# Reference: https://www.virustotal.com/gui/ip-address/38.60.212.156/relations
# Reference: https://app.validin.com/detail?type=ip&find=38.60.212.156#tab=resolutions

idchecks.online
jma-earthquake.info
kuronekoyamarto.shop
nortions.info
odhistory-shopping.info
paypay-corp.info
rakutean.info
traningviews.com
userschecker.com
usersvalidaition.com

# Reference: https://www.virustotal.com/gui/ip-address/91.236.230.63/relations

linkdlri.site

# Reference: https://x.com/asdasd13asbz/status/1803944724308595090
# Reference: https://www.virustotal.com/gui/file/2c3066d84a1942c8a7d0873d6863e47b73dca05a07283e52e567533447a7afc9/detection
# Reference: https://www.virustotal.com/gui/file/4dfc09bfab1e813c8122d6f8c3d83966346fe676464497ce100e8c385fe5e5f9/detection

image.ionexusa.com

# Reference: https://twitter.com/suyog41/status/1725500179829436655
# Reference: https://twitter.com/suyog41/status/1765277622777307566
# Reference: https://x.com/malwrhunterteam/status/1805282813819699452
# Reference: https://www.virustotal.com/gui/ip-address/47.244.44.175/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.221.191.170/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.133.51.91/relations
# Reference: https://www.virustotal.com/gui/file/4ceb53129adc4783ff5510c7279c655d6451d52353d41b8cedc7873902a0caf6/detection
# Reference: https://www.virustotal.com/gui/file/dd2b2215977ca4822769a16487e4c22b331ac1fb09791cbde6ee98ae72408137/detection
# Reference: https://www.virustotal.com/gui/file/57b7c01f1ce238d2aa37c62d5c09bb35894798bdb3412e7588204838f2705ddb/detection

accounts.hgfdsa.cloudns.cl
accounts.qocqle.cloudns.cl
asgasfe.online
attachnent.online
bnbn.online
bnbnmdownl.tech
cbcbupdownload.tech
cvcv.online
cvcv.tech
datadown1.shop
dcfvgb.space
derftg.space
dfdf.website
dfgrwe.shop
docunemt.online
donwfileupton.fun
downloadfum.shop
downloadmar.online
edcrfv.tech
ertrfvcvb.fun
filenal.cloudns.cl
gdfeud.online
ghjklf.space
goqgoqle.space
hgfdsa.cloudns.cl
hyrfbg.shop
jmujyh.shop
kgisdsjd.online
kijuyh.online
lendborrow.online
loadfiledown.shop
logendownlaod.shop
logginnld.tech
lokiju.space
mangole.space
markumin.shop
mauernid.space
mauri.website
mjhngb.online
mnbmnb.fun
myclean.fun
myhappy.online
naaaver.online
naaverr.space
nadaral.shop
naders.online
naevuer.website
naeyver.shop
namavr.online
nauver.space
navam.online
navav.online
navev.cloudns.cl
navor-cloud.tech
naxxer.space
nbmndonwload.tech
nbnb.online
nbvcxz.online
neuver.online
neyvaer.online
nghjuy.online
nhjmbg.online
nhygvb.space
nhytgb.space
nid.navev.cloudns.cl
njikmh.space
nldlogdowload.tech
nldloggin.online
nldloggin.tech
nldnldlog.shop
nmnm.online
nmnmdown.tech
nnnnaver.online
nocver.online
nsupersend.online
nvavar.shop
nvhfgt.shop
nwenwe.online
oknjiuj.shop
olkimj.online
poiujk.online
qazwsxedc.tech
qocqle.cloudns.cl
qoooglle.space
qwaszx.space
rfvdfgcvb.online
rtgfhy.online
rtrtdown.online
samsungcoard.tech
seural.online
signonsuccess.website
sporiyt.space
tgbhuj.shop
tgbhuy.online
tsetes.online
ujgtyh.online
upblt.tech
utut.online
vbfhgy.online
vbnfhg.space
vbvbdownload.tech
vfhby.online
vjfhan.online
vnbhfg.space
vnvnupload.website
vvfbgnh.online
wsedfr.shop
wsx.filenal.cloudns.cl
wsxedcrfv.fun
xbxbonwer.fun
yghjhy.online
yhnujm.tech
ytytdown.shop
yuyudownload.tech
yuyuinfu.website
yyttiidown.online
zsedcx.shop
zxcasd.fun
zxzx.website
/tlee43/bad/info.php
/tlee43/bad/shake.php
/tlee43/bad/welcome.php
/tlee43/good/common.php
/tlee43/good/redirect.php
/tlee43/bad/
/tlee43/good/

# Reference: https://www.virustotal.com/gui/ip-address/61.97.251.231/relations
# Reference: https://app.validin.com/detail?find=61.97.251.231&type=ip4&ref_id=e9b6d4dff01#tab=resolutions

cloudkr2net.website
etrcompug0nar.online
gccqle.online
gukminhealthkr.fun
klepler0ncoprs.tech
korbklineducat9.tech
korbookgrpsio.website
kordom2userna.website
koredunegukminc.website
maboosk5kstores.site
nalrmkorbooks.online
ncloud2usernet.tech
nedfiuser2enfos.shop
nkedunemunso.tech
nkrcloudguardteam.online
nohauwebse2c.online
normkpbost7nets.website
pnidlibnor2in.tech

# Reference: https://www.virustotal.com/gui/ip-address/31.172.83.193/relations
# Reference: https://app.validin.com/detail?find=31.172.83.193&type=ip4&ref_id=e9b6d4dff01#tab=resolutions

qccggle.online
qcocgle.online

# Reference: https://www.virustotal.com/gui/ip-address/27.255.75.142/relations
# Reference: https://app.validin.com/detail?find=27.255.75.142&type=ip4&ref_id=140fa1f1335#tab=resolutions

gccqqle.shop
qscesz.online
qwoasd.online

# Reference: https://www.virustotal.com/gui/ip-address/27.255.81.118/relations
# Reference: https://app.validin.com/detail?find=27.255.81.118&type=ip4&ref_id=4b8862d4e94#tab=resolutions

aa10pdpaoaiajidjaoaisdf.cfd
aa12aodoiaaa.cfd
aa13diaoaoaa.cfd
aa14daiaoao.cfd
aa17aiaiaia.cfd
aa18aiaoaoa.cfd
aa19doaoaooa.cfd
aa1aiadozieaizoao.cfd
aa20aoaoaoal.cfd
aa2aiaoaoeia.cfd
aa3aiaozooaisodfa.cfd
aa4aoiaopaasdf.cfd
aa5aiaoaozidoasfasdf.cfd
aa6daodaoaioasdf.cfd
aa7aoaopaoaoai.cfd
aa8paoaoaoa.cfd
aa9aiaoaaiasdf.cfd
ariws01zvxjdrsvzedffqi.cfd
ariws02giqfxumjxuoyojs.cfd
ariws03dlercwhswciprbz.cfd
ariws04ciupnrvtmmpleug.cfd
ariws05qvlpfvkicwswhir.cfd
ariws06uvkhbudwtmiskxm.cfd
ariws07tskaxqbldgfboau.cfd
ariws08ulkzkfldvyktpdb.cfd
ariws09eihlbfbkfscjhnd.cfd
ariws10pgbblhmtrdnujlg.cfd
ariws11wujsjiawatdxzfo.cfd
ariws12kfmyhpbtgtndsaw.cfd
ariws13pzfsmcluqludcrq.cfd
ariws14hjbkrurxibvvxqg.cfd
ariws15buvwpdvmziqjzpi.cfd
ariws16uabsjyajcmxklpe.cfd
ariws17kuoodsqmymkufok.cfd
ariws18sadzgpynckifkak.cfd
ariws19zamcgwecynzhyfg.cfd
ariws20kjdcyvhvharvwrh.cfd
ariws21abnhykvrpirubon.cfd
ariws22hyxsqdmdgwjuvnt.cfd
ariws23rgxmjoqjakerxqn.cfd
ariws24wwamnanmzclaenj.cfd
ariws25xmwzpcgsguzsvou.cfd
ariws26fkvxifinsviibjp.cfd
ariws27kiyehrgblkruivh.cfd
ariws28zjrsajxttjebnmo.cfd
ariws29wqaudmoizxvunob.cfd
ariws30edzwovygrcspyvq.cfd
ariws31jmdntppbxxhcrfv.cfd
ariws32ceiiulbglmaahot.cfd
ariws33yowjpcjsfjxrazp.cfd
ariws34biyttxflolzcfcz.cfd
ariws35vyywatidjxzjcdl.cfd
ariws36mclblzorliuypaa.cfd
ariws37fapktteeivlxgtg.cfd
ariws38sdgiwdtcosubwut.cfd
ariws39dohaxbtelmiwnsh.cfd
ariws40uwcurwqmpgidbco.cfd
ariws41zmtumvmcnciafel.cfd
ariws42rejrodigsiwhxqg.cfd
ariws43dlfjrcnnkbiqozi.cfd
ariws44cvdzyjdzaeyciet.cfd
ariws45jowzuxkwkhgebra.cfd
ariws46vymtjprzzwviyio.cfd
ariws47gghitommsmoybwv.cfd
ariws48buydzllhzsiwzcw.cfd
ariws49tkfeualaxabvsoh.cfd
ariws50ccjzkhscsrcfotf.cfd
cdadifjaisdfzczc.cfd
comsysmails.store
gocoqie.online
ko01qityghlwig.cfd
ko02jybsjqlpyn.cfd
ko04trojuznwsm.cfd
ko06eeptqbmfnr.cfd
ko07vacfsdpcoq.cfd
ko08jzwnaoedpm.cfd
ko10qlcxozjrwj.cfd
ko11gkcgqbqoqw.cfd
ko12yexuzzkeso.cfd
ko13xgppzphhim.cfd
ko14bvbgmnfvzd.cfd
ko15cllpujiupe.cfd
ko18vqhzlwhshg.cfd
ko19owzlqmxgus.cfd
ko23qxjacebvfk.cfd
ko24etamedjlqr.cfd
ko25rkpvhuauis.cfd
ko26nalkkgujnt.cfd
ko29xntwgnrcok.cfd
ko30ijxrbfjggj.cfd
ko31frapiemowm.cfd
ko32wvpmnfgroe.cfd
ko33dracnweqdl.cfd
ko35nsirpnrdab.cfd
ko40szhgeshfdo.cfd
ko41njtsjvbkom.cfd
ko42iuktuybape.cfd
ko43giztrpcktk.cfd
ko44hmfsnselmh.cfd
ko46eipmxwonxj.cfd
ko48nkrwzmfmol.cfd
ko49aghyojnkya.cfd
ko51nwjdwelibh.cfd
ko53xcfoyckbis.cfd
ko54hnafuwhfzf.cfd
ko55rexazhdrma.cfd
ko56pkqussapan.cfd
ko58lgfntbrvas.cfd
ko59iaogyiuaaw.cfd
kor01egxkz.cfd
kor02dunte.cfd
kor03jataw.cfd
kor04yzdvd.cfd
kor05yjzeu.cfd
kor06jsqpw.cfd
kor07wrwne.cfd
kor08gwusi.cfd
kor09tcrah.cfd
kor10dxzky.cfd
kor11sszif.cfd
kor12gqpdh.cfd
kor13ungli.cfd
kor14kyvbc.cfd
kor15risls.cfd
kor16wmomj.cfd
kor17zumlp.cfd
kor18dknuw.cfd
kor19diqpv.cfd
kor20qwsef.cfd
kor21fqchu.cfd
kor22qdzky.cfd
kor23xtrky.cfd
kor24snetf.cfd
kor25hggvo.cfd
kor26varwt.cfd
kor27degfw.cfd
kor28dtbhm.cfd
kor29fomjp.cfd
kor30iiqyl.cfd
kor31pkyxq.cfd
kor32ktdqh.cfd
kor33ribih.cfd
kor34ejnkt.cfd
kor35thlgq.cfd
kor36lrypb.cfd
kor37tssyz.cfd
kor38dxfja.cfd
kor39gsoxl.cfd
kor40vgpfg.cfd
kor41cfoyq.cfd
kor42qotfi.cfd
kor43hqrct.cfd
kor44vxglk.cfd
kor45aynqg.cfd
kor46lyilv.cfd
kor47ebgqm.cfd
kor48thfrn.cfd
kor49kkymr.cfd
kor50jeftg.cfd
kor51fochj.cfd
kor52jqczw.cfd
kor53fmvtf.cfd
kor54fmhga.cfd
kor55loxvl.cfd
kor56kekqa.cfd
kor57ejelv.cfd
kor58mkltc.cfd
kor59xsjqw.cfd
kor60pqyck.cfd
kor61owapf.cfd
kor62fgliw.cfd
kor63kdsij.cfd
kor64jymgj.cfd
kor65wrfhw.cfd
kor66ghlvn.cfd
kor67dngai.cfd
kor68motks.cfd
kor69dbcrm.cfd
mz02laebnrqdil.cfd
mz03vjsehtrzae.cfd
mz04cgaqwfwtlx.cfd
mz05asbcdbjpka.cfd
mz06kelmrrmpyd.cfd
mz07szmojwevos.cfd
mz08frapjgnqma.cfd
mz09lgxmbracnq.cfd
mz10zjhrdpnyun.cfd
mz11jffyqffmxq.cfd
mz12zmpdmfjqem.cfd
mz13axibvekakc.cfd
mz14qeddpsisjs.cfd
mz16epnaegduwj.cfd
mz18cvnogwwvok.cfd
mz19krypimesfs.cfd
mz22ptetqijnzt.cfd
mz23rayhevpjwk.cfd
mz24vaaxlyoayq.cfd
mz25yjhthlhoml.cfd
mz26yxcifcrmyy.cfd
mz27vaimurucxb.cfd
mz28mhnrfymryd.cfd
mz31xcmdpujwbj.cfd
mz35nzjuqhwukk.cfd
mz36eiovaujpdk.cfd
mz38lsgkadzole.cfd
mz40vdypwfjcec.cfd
mz41khhehgnqxt.cfd
mz43tltxpmvhmg.cfd
mz45xjtnpixlwe.cfd
mz46rsfxsbifvr.cfd
mz47mkgwpygzzg.cfd
mz49cywkcvpngo.cfd
mz50hxzzkoxsre.cfd
naccountsservice.store
nasdjf.shop
nbjfhg.online
nbvcxz.shop
ncmails.store
ncnetman.store
ncomails.store
ncomonline.store
ncomorgan.store
ncomsec.store
ncomsecury.store
ncomsmal.store
ncomstay.store
ncomsystem.store
ncoremail.store
ncosec.store
ncteams.store
ncustomerservice.store
neeuoer.shop
netcoms.store
netdaily.store
netfray.store
netmails.store
netonlines.store
netsay.store
netsecuremails.store
netsecures.store
netshoot.store
netsmail.store
netsonline.store
nk10aoidoaooze.cfd
nk11aidozud.cfd
nk12aidoaieuq.cfd
nk13aidoaiei.cfd
nk14aoeiqoeia.cfd
nk15aoaieiqoadfa.cfd
nk1aidoqiwoa.cfd
nk2aidoaoeaiz.cfd
nk3aidoqiea.cfd
nk4iaodiqueia.cfd
nk5aieoaieoqiea.cfd
nk6auduaieuq.cfd
nk7aoeiqoqia.cfd
nk8eiqoaidjia.cfd
nk9aoaicyuaoize.cfd
nm01smgjhdstbc.cfd
nm02oaldlkaltw.cfd
nm03otlhirkjyk.cfd
nm04fdqkqfoisx.cfd
nm05lxekvcezyd.cfd
nm06htbqwvjzbe.cfd
nm07upuqvjbzui.cfd
nm08xyfuxejgpi.cfd
nm09eqbpddgdkm.cfd
nm10tsmdqnusnt.cfd
nm11jnvczetugz.cfd
nm12lgrobcqjtv.cfd
nm13csgopffsqy.cfd
nm15izojzirfra.cfd
nm16ngrefwqqnk.cfd
nm17flcsifqlpv.cfd
nm18wpdyadmihy.cfd
nm19cveemhthlg.cfd
nm20lcjfqfsior.cfd
nm21hswykgacuf.cfd
nm22jznrsfpzqn.cfd
nm24hcdllclerk.cfd
nm25tzowdnkooq.cfd
nm26qvvtkarnpx.cfd
nm28sgrwrfowpi.cfd
nm29kyahmrdeyd.cfd
nm30eyeklqiiut.cfd
nm31rizlkwqlyi.cfd
nm32kvowhgnhln.cfd
nm33tvccqxhcdx.cfd
nm34mxsakppgsm.cfd
nm35mcbmsaelkb.cfd
nm36yjhxwvedon.cfd
nm37pefkonwehe.cfd
nm38hrpdgnjbwl.cfd
nm39zwjakqatvw.cfd
nm40zzbyragwhi.cfd
nm41ordbvdfgzo.cfd
nm42jumxllebxu.cfd
nm43vyihguzlbg.cfd
nm44dtrmdoqmkz.cfd
nm45xdyizhdgsp.cfd
nm46vbulyzvdmx.cfd
nm47puvgnjfnby.cfd
nm48zilqjymzyt.cfd
nm49ybrhrlwfbu.cfd
nm50ehfkarwclr.cfd
nm51micvyomaas.cfd
nm52zwgwyfzeyc.cfd
nm54bnfsusgxky.cfd
nm55qippqtwybl.cfd
nm56ofqsrkhfnd.cfd
nm57dhyolfqtbg.cfd
nm58cbhdvpytjs.cfd
nm59vpttusqvtp.cfd
nm60ofssyzxvam.cfd
nm61dssbibjiwe.cfd
nm62nintyiqxmy.cfd
nm63bfmwlsbcyp.cfd
nm65zwbnoctxwk.cfd
nm66zctslerrex.cfd
nm67iwsqkzwmpp.cfd
nm68rjilxbcfgw.cfd
nm69hqkzgkgmtl.cfd
nm70ujgorztewl.cfd
nmailday.store
nmailers.store
nmailhostsecurity.store
nmailhostserver.store
nmailhostservice.store
nmailonlinecomhost.store
nmailonlineserverhost.store
nmailorg.store
nmailsecure.store
nmailserveronlinehost.store
nmailserveronlinehostcom.store
nmailserveronlinehosting.store
nmailseureteam.store
nmailsorig.store
nmailsupport.store
nmailteam.store
nmailweb.store
nmanagers.store
nnoticemail.store
nonlinesupport.store
ns10daiaodasfjie.cfd
ns11aieoakz.cfd
ns12idozoialz.cfd
ns13zidozldiaoer.cfd
ns14aidozalzia.cfd
ns15aoaozidioa.cfd
ns16aizodoiao.cfd
ns17aidoaozid.cfd
ns18aiodzodia.cfd
ns19aoapzoa.cfd
ns1aieoqoweiruioqwueasdoif.cfd
ns20aidozlia.cfd
ns2aiaoeiqoeiasodfjzclao.cfd
ns3aidoemkazoeoa.cfd
ns4dioaieapzpodoaer.cfd
ns5dizozodifuiaoisdfa.cfd
ns6aoepqoerpoaskosdf.cfd
ns7ajiaisodier.cfd
ns8doapeopqkopkeaer.cfd
ns9diaoeia.cfd
nsecmail.store
nsecman.store
nseconlines.store
nsecurely.store
nsecuremail.store
nsecureman.store
nsecures.store
nsecuresupport.store
nsecwebman.store
nsemail.store
nsmailer.store
nsonlines.store
nsteam.store
nsteamanger.store
nvcenter.store
nvcom.store
nvcomanager.store
nvcomaner.store
nvmail.store
nvmails.store
nvmanager.store
nvsays.store
nvschain.store
nvscom.store
nvsecmail.store
nvsecteam.store
nvsecure.store
nvsigned.store
nvsigner.store
nvsmailnet.store
nvsmails.store
nvsmailsnet.store
nvsmailteam.store
nvsmanage.store
nvsonlines.store
nvsonlinesec.store
nvteam.store
nvteamager.store
nvteamer.store
nvvxxer.online
op02pidpaqahru.cfd
op03aqldxpgpyw.cfd
op04kelwnhpjzn.cfd
op05vysgiinztz.cfd
op06akfgqadvwk.cfd
op08ofovsbxrgx.cfd
ourcalendarupdate.cfd
qcxqocle.online
qoocqlle.online
qsdifgle.online
quugule.online
securityonsupport.store
wons01hezzpccnislznqz.cfd
wons02ffbrgaxulkoqzvm.cfd
wons03lyjogycxouwmuec.cfd
wons04ciyslfofhklxfor.cfd
wons05xfqatsjvhwchxdk.cfd
wons06zsxfguzxztxcreb.cfd
wons07kkpzgtabwwsjeru.cfd
wons08glvivipryhvmcrg.cfd
wons09sfcsrbdmshsuzus.cfd
wons10tedhbwdjuxmkojm.cfd
wons11mobxbsfxndfxcba.cfd
wons12aodenvcftaltrad.cfd
wons13mmkovrtfuchxkas.cfd
wons14jgbjgyvhqbifgaq.cfd
wons15cdnhdirntfegghq.cfd
wons16fsfpjbkirpncuwq.cfd
wons17rofbierzqfnqmal.cfd
wons18rlggdgeqnineihb.cfd
wons19riisybjyliadrzc.cfd
wons20adqzvgjyttorksp.cfd
wons21yiwipewhbokivhs.cfd
wons22kyrtnalquvnocwp.cfd
wons23gkytchpvyvhorjg.cfd
wons24cvdvycuiaokmhcs.cfd
wons25oybyhqajnbhnutg.cfd
wons26giyraqhqibenkoq.cfd
wons27hnaamwsdzhbvavc.cfd
wons28wgpbtnwfnysjczu.cfd
wons29bautopribwdsqkg.cfd
wons30rugavoilbfpgaiu.cfd
wons31avwadxfwfuodqmi.cfd
wons32cssfyrzmbnvxzai.cfd
wons33vdynupwabkqhiso.cfd
wons34jkgdhotltsjhury.cfd
wons35vcentaelvnemjdg.cfd
wons36ahnufsoprdmiocc.cfd
wons37plyotjchbszxjdn.cfd
wons38weuhgopwrohobaz.cfd
wons39lcvcjgyolzkjlqr.cfd
wons40shhjgashawiwmra.cfd
wons41pmisibdadylijft.cfd
wons42bsptbzpwreegfyp.cfd
wons43tikhdojbjzsgjqp.cfd
wons44gzgypxyumdbtbcl.cfd
wons45xtzpxsfsiixmwio.cfd
wons46riitffqnentdren.cfd
wons47xriaacgjfphixiv.cfd
wons48twhqqplegzqsabo.cfd
wons49qoqimyyjtcfvlra.cfd
wons50ijquqwnlvjkdhql.cfd
ccsol.nmailonlineserverhost.store
lcssol.nmailonlineserverhost.store
nidsim.nmailserveronlinehosting.store
nidsol.nmailonlineserverhost.store
sslsol.nmailonlineserverhost.store
staticnidsol.nmailonlineserverhost.store
wwwsim.nmailserveronlinehosting.store

# Reference: https://x.com/Cyberteam008/status/1805796115196883025

ahxsrbbs.ondepedalar.com
askuser.o-r.kr
askuser.p-e.kr
attach.cbu.net
authsecond.diskedge.o-r.kr
auththird.diskedge.n-e.kr
bigfile.pkzz.org
contactus.kstar.us
daumalert.r-e.kr
discus.p-e.kr
diskedge.o-r.kr
fontstore.ix.tc
gmx.networkguru.com
id.ionexusa.com
imageproxy.p-e.kr
informat.mylogin.p-e.kr
interception.computersforpeace.net
joien.iiiii.info
linkdein.linkin.tw
linkedin.hs.vc
linkedin.ix.tc
linkedin.r-e.kr
logins.microacces.ro
logo.imageproxy.p-e.kr
mast.csproject.org
microacces.ro
mylogin.p-e.kr
n-drive.o-r.kr
nasa.home.kg
natemall.farted.net
naver.company.09614082-c6ef-4ddd-9ebd-f25cf423492f.suporte.n-e.kr
neimat.r-e.kr
nid.naver.company.09614082-c6ef-4ddd-9ebd-f25cf423492f.suporte.n-e.kr
nkfkbwebdisk.corisco.ind.br
nosparn.askuser.o-r.kr
nosparn.askuser.p-e.kr
pkzz.org
ssoverify.discus.p-e.kr
steam.soon.it
suporte.n-e.kr
veradom.p-e.kr

# Reference: https://x.com/asdasd13asbz/status/1806561339604877609
# Reference: https://www.virustotal.com/gui/file/4f9ef9f4b90d8e0928a36369e90d912b1f4a3b5afc173cddecb1790aa06cdc74/detection

komico.or.kr
market.gumi.go.kr
airgreensystem.com/DB_command/gallery/bbs_list.php
/DB_command/gallery/bbs_list.php
/eng/sub3/index8.asp
/m/sub1/sub5.asp

# Reference: https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia
# Reference: https://www.virustotal.com/gui/file/d78e83f97f400660ec157fbcfb5a98e2514ff6ca6a5a20edd651dcaada469b02/detection

jinakoa.000webhostapp.com
ney.r-e.kr
onewithshare.blogspot.com
sdfa.liveblog365.com
webman.w3school.cloudns.nz

# Reference: https://x.com/asdasd13asbz/status/1808047304714473623

evangelia.edu/img/503/outlook/1outlook
evangelia.edu/img/503/outlook/2outlook

# Reference: https://www.virustotal.com/gui/ip-address/104.194.152.22/relations
# Reference: https://www.virustotal.com/gui/file/557a99a746bb1d89189f6c12fe5fb756f17e2778523dd2e6521781bcc159ff6e/detection

104.194.152.22:7744
cctestname.cfd
freeserver.buzz
goverteamsol.shop
kyzservice.cfd
luzin.site
mstallsys.shop
nservercom.store
pannaservice.cfd
pbakaservice.cfd
pgfox.online
pkakaservice.cfd
pkikatona.cfd
pkikiservice.cfd
pkingtiger.cfd
pkokakoku.cfd
pkolaservice.cfd
psonaservice.cfd
ptitanoa.cfd
repairservice.store
sajadzebel.online
sycnoiewe.shop
syncallinfo.site
teamgover.shop
wasday.online
weoinsdsoia.shop
wiausbe.shop
wolfcalender.cfd

# Reference: https://x.com/JangPr0/status/1810167039627346003
# Reference: https://www.virustotal.com/gui/file/78eeed270b399bc426ca67b22bf89e5e41d3abb7403a0a1dfa966fac627ca8b0/detection

asdofji.ev
cnb39.com
32984.cnb39.com
asdlfkj.asdofji.ev

# Reference: https://x.com/ValidinLLC/status/1810255376991879575
# Reference: https://www.virustotal.com/gui/ip-address/154.90.62.237/relations
# Reference: https://app.validin.com/detail?type=ip&find=154.90.62.237#tab=resolutions

koreagov24.site
myboxapp.site
ntsapp.cloud
ntsflag.site
ntsform.site
ntslook.site
ntsnotice.online
ntstool.site
ntswide.site
polarisoffice.store
wetaxapp.cloud
wetaxapp.online
wetaxapp.website
lcs.ntsflag.site
naver.ntsflag.site

# Reference: https://www.virustotal.com/gui/ip-address/77.37.34.164/relations
# Reference: https://app.validin.com/detail?find=77.37.34.164&type=ip4&ref_id=e34c346a9be#tab=resolutions

benhammourugs.shop
bestpils.shop
egleoho.online
elitewagers.site
engavomusic.online
flyasiane.cloud
fourterealty.site
gpt-wizard.site
kitchensecrets.online
koreaairs.cloud
miniplantestudio.shop
miniplantestudio.site
moviemoxie.online
ntsalert.online
ntsapp.online
ntsbill.site
ntscom.site
ntsdoc.cloud
ntsdoc.online
ntshosts.site
ntsmsg.cloud
ntsobj.site
ntsoffice.site
ntspay.site
ntsposts.site
ntspro.cloud
ntsref.site
ntsreport.cloud
ntsreport.site
ntsshare.cloud
ntssign.cloud
ntssys.site
ntsteam.cloud
ntstxt.site
ntsuser.cloud
ntsview.shop
ntsweb.cloud
pirie.site
rememberapp.tech
rememberapps.cloud
rememberapps.website
repossessedrides.online
romaninorocosi.online
toptierwager.site
traveliland.site
zipfiledwload.cloud

# Reference: https://x.com/ValidinLLC/status/1810257217091727697
# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.162/relations
# Reference: https://app.validin.com/detail?type=ip&find=154.90.63.162#tab=resolutions

assembly-kr.site
basescan.website
dmcut.xyz
dongwon-mil.site
eeuzt.xyz
epeople-kr.site
goocgles.site
kmbxt.icu
kr-gov24.site
main-alarm.space
mois-gov.site
nice-creclit.website
nicecreclit.site
nonqt.icu
nts-alarms.icu
nts-alarms.online
nts-alarms.space
nts-alarms.store
nts-alerts.space
nts-alerts.store
nts-center.icu
nts-center.space
nts-doc.cfd
nts-doc.cyou
nts-doc.fun
nts-doc.sbs
nts-doc.site
nts-doc.space
nts-doc.store
nts-doc.uno
nts-doc.website
nts-docs.cfd
nts-docs.icu
nts-docs.site
nts-docs.space
nts-docs.store
nts-docs.website
nts-guide.icu
nts-guide.space
nts-guide.website
nts-guides.icu
nts-guides.space
nts-guides.store
nts-guides.website
nts-letter.cfd
nts-letter.cyou
nts-letter.fun
nts-letter.sbs
nts-letter.site
nts-letter.space
nts-letter.uno
nts-letter.website
nts-msgs.icu
nts-msgs.site
nts-msgs.space
nts-msgs.store
nts-msgs.website
nts-news.cfd
nts-news.cyou
nts-news.fun
nts-news.sbs
nts-news.uno
nts-notifier.icu
nts-notifier.online
nts-notifier.site
nts-notifier.store
nts-notifying.icu
nts-notifying.site
nts-notifying.space
nts-notifying.store
ntsdoc.site
ntsdoc.space
ntsdoc.store
ntsdoc.website
ntsguide.online
ntsguide.site
ntsguide.store
ntsguide.website
ntsmsgs.icu
ntsmsgs.online
ntsmsgs.site
ntsmsgs.website
ntsnews.icu
ntsnews.online
open-ai.website
ppjht.icu
qooqlesec.site
userscheck.site
wetaxalimi.icu
wetaxalimi.space
wndtt.icu
zxfyx.top
autodiscover.ntsnews.online
cdn-0.ntsnews.online
cpanel.ntsnews.online
cpcalendars.ntsnews.online
cpcontacts.ntsnews.online
ecpufitl.open-ai.website
emv1.nicecreclit.site
emv1.ntsapps.site
emv1.ntsapps.store
emv1.open-ai.website
ezmail.ntsnews.online
mail.ntsnews.online
uqslmwpq.open-ai.website
webdisk.ntsnews.online
webmail.ntsnews.online

# Reference: https://x.com/malwrhunterteam/status/1808148631972618263
# Reference: https://www.virustotal.com/gui/file/9c9df2d90602c915005811aabf444653f55024080c61845029f75da758b27320/detection
# Reference: https://www.virustotal.com/gui/file/ee439dbabe7301bdf9d9dfdf01d2c790ab8d8758f05732bb798eb24b2d5054f6/detection
# Reference: https://www.virustotal.com/gui/file/f3a3ee7f757f819ae1ae7fcca8a9d1ad41f2de61328c887c8214651e14ac7777/detection

79.133.56.173:6527

# Reference: https://x.com/byrne_emmy12099/status/1810587547237531827
# Reference: https://www.virustotal.com/gui/file/a100d0e1e83078249a91cca57eaa3f61726a33b3389c3b3b44b2607ec5dfef4b/detection
# Reference: https://www.virustotal.com/gui/file/3f059dae6c24232c16f2ca1af51a1f36413e1a9e8db52976e9f59960417a0564/detection
# Reference: https://www.virustotal.com/gui/file/d2aadc2c69cea62fa451744b5d7d718dcb277b70832424e0c14642c3d5900451/detection

79.133.56.173:6626
79.133.56.173:7003

# Reference: https://www.virustotal.com/gui/file/d8a926f81a900fa9ebf6e1ac0a6e18ba86786ce3dbf812b857bc7dac5667149e/detection

79.133.56.173:5667

# Reference: https://app.validin.com/detail?type=ip&find=79.133.56.173#tab=resolutions

moncieutheeracg.site
nodesferghiwuchpaq.icu
ostruvqopkmlvmxnk.website
projevduwykamc.website
quoticnstyeycvbs.icu
rostranfeiucyghdaf.store

# Reference: https://x.com/Cyberteam008/status/1833694571257278836
# Reference: https://app.validin.com/detail?find=74.50.94.47&type=ip4&ref_id=0a8ef7e1a8d#tab=resolutions

billingserver.online
bindmailsvr.website
cnu-ac.website
coliov.shop
hestianw.online
ierosc.shop
iosua.online
jipyong.site
nidcrop.online
nsso-snu.icu
oiuvolc.online
olsiop.shop
omlinel.shop
onlinenavecosp.site
opentickcorp.icu
oyesc.store
siteofnidcosp.online
smartmailbox.online
softmailneed.site
zukaivaris.click
/asdqe1312sadgasdasbasdsaxsa.rar

# Reference: https://x.com/JangPr0/status/1790925168250118180
# Reference: https://www.virustotal.com/gui/file/21900e37d1184093e2333fe7931a8a5c217aa5fd24cfd7650bc6fadbb31f7d8a/detection

glonalcnielmxc.mywebcommunity.org

# Reference: https://x.com/OpenSecCopilot/status/1811599790427505107
# Reference: https://secai.ai/share?threadId=3f2eb0a3650d4b96878980dd1e9a719b

mail-service.r-e.kr
http-cdoc.mail-service.r-e.kr
http-ndoc.mail-service.r-e.kr
https-cdoc.mail-service.r-e.kr
https-ndoc.mail-service.r-e.kr

# Reference: https://x.com/byrne_emmy12099/status/1811752604046864477
# Reference: https://www.virustotal.com/gui/file/4dcf742b02386c7ed4a2b4582de9bf3f073ef3b92ce6b668e66c504af78a202d/detection

com-coffee.click
smart.com-coffee.click

# Reference: https://x.com/suyog41/status/1813473634519810525
# Reference: https://www.virustotal.com/gui/file/ee088f55e7cbc5d797c5b030f880b96708d86103e60d2e89fbc6b8bf2cdf6130/detection
# Reference: https://www.virustotal.com/gui/file/d79f4ac802c50c40ecdba1aa505ed08e489524d23f7e30cce8599dbf9fcbf520/detection
# Reference: https://www.virustotal.com/gui/file/57ebd0e955497c34ade52f5313305a287a101330f2dbc5808afbf73a829fba64/detection
# Reference: https://www.virustotal.com/gui/file/5214b558c6596c9e9df91c6c0b018bf61970138acb4f9b837e5d25879195cd49/detection

koreaillmin.mypressonline.com

# Reference: https://www.virustotal.com/gui/ip-address/158.247.215.12/relations
# Reference: https://app.validin.com/detail?find=158.247.215.12&type=ip4&ref_id=7e3725cc29c#tab=resolutions

accounts.google-policy.com
accounts.goolqe.com
apis.google-policy.com
apis.goolqe.com
ccnspv.live
content.google-policy.com
content.goolqe.com
drive.goolqe.com
eceenc.cloud
edocs.fnsc-kr.online
edocs.ncc-fs.online
eicslkea.click
eisdfe.space
emsta.xyz
enternhisserver.store
eomnsvc.online
eucids.online
file.goolqe.com
fnsc-kr.online
fnsc-law.art
fnsc-online.site
fssc-edocs.site
fssc-kr.online
fssc-kr.site
fsscloud.store
google-policy.com
goolqe.com
hostingnhisserver.store
hostnhiserver.store
jnhl.online
jnhl.work
myaccount.google-policy.com
myaccount.goolqe.com
ncc-fs.online
ndocs.lat
ndocs.xyz
netnv.site
new.goolqe.com
nvcees.xyz
play.google-policy.com
play.goolqe.com
s1.goolqe.com
sadoces.site
scnvv.store
secns.info
security.google-policy.com
ssl.google-policy.com
ssl.goolqe.com
staticfonts.goolqe.com
staticgoolqe.com
ueicxws.site
verify.security.google-policy.com
view.fscsies.info
viewer.secns.info
visit01aaacwerh2.cfd
visit02aaak3en3r.cfd
visit03aaagh1x8l.cfd
visit04aaaymgzrh.cfd
visit05aaahjwydg.cfd
visit06aaao0bctc.cfd
visit07aaaplouuo.cfd
visit08aaaryy0la.cfd
visit09aaaphotmr.cfd
visit100aaacaoem9.cfd
visit10aaatffptl.cfd
visit11aaaag4dlf.cfd
visit12aaaxej4to.cfd
visit13aaaypgr3v.cfd
visit14aaatmlbkp.cfd
visit15aaaktl6gj.cfd
visit16aaawnicfw.cfd
visit17aaasuiztb.cfd
visit18aaafvqi7t.cfd
visit19aaagxvyhu.cfd
visit20aaaqvbahz.cfd
visit21aaaldpslh.cfd
visit22aaalq0vfo.cfd
visit23aaabat1nt.cfd
visit24aaayfl10e.cfd
visit25aaarg8uqn.cfd
visit26aaaaufw7j.cfd
visit27aaagg9hvv.cfd
visit28aaaohetoz.cfd
visit29aaapv9osa.cfd
visit30aaanosub3.cfd
visit31aaavqkdtm.cfd
visit32aaasf1nsg.cfd
visit33aaagxtyiw.cfd
visit34aaaethwsq.cfd
visit35aaaavwfbn.cfd
visit36aaalryakp.cfd
visit37aaaiivng3.cfd
visit38aaaw3wkqs.cfd
visit39aaarazebr.cfd
visit40aaakn1z54.cfd
visit41aaadknfmd.cfd
visit42aaa0payiz.cfd
visit43aaas1sj7t.cfd
visit44aaa4rcrp8.cfd
visit45aaaacjkbm.cfd
visit46aaaizsdup.cfd
visit47aaakflcwp.cfd
visit48aaajf0c1u.cfd
visit49aaacd2hqr.cfd
visit50aaangfq85.cfd
visit51aaazskcyr.cfd
visit52aaajakcyd.cfd
visit53aaaulq8ii.cfd
visit54aaavass9k.cfd
visit55aaao8wuin.cfd
visit56aaa2hpzi1.cfd
visit57aaadvqh07.cfd
visit58aaa7waklt.cfd
visit59aaa8alp7y.cfd
visit60aaarh3qpe.cfd
visit61aaa6gzoc5.cfd
visit62aaa1ubcet.cfd
visit63aaa12crag.cfd
visit64aaazgbqd5.cfd
visit65aaabuccur.cfd
visit66aaahynvbu.cfd
visit67aaa3wfp8j.cfd
visit68aaamy8ycn.cfd
visit69aaahwmdbc.cfd
visit70aaaqbs5rm.cfd
visit71aaab2rz1r.cfd
visit72aaaoim7m4.cfd
visit73aaa7ozeqc.cfd
visit74aaajrs6tn.cfd
visit75aaarwxnqb.cfd
visit76aaal9bu0p.cfd
visit77aaa64mejo.cfd
visit78aaakmoqma.cfd
visit79aaankyzbh.cfd
visit80aaaiknssm.cfd
visit81aaa83zsre.cfd
visit82aaajpxmz3.cfd
visit83aaappvyxa.cfd
visit84aaakgkgnk.cfd
visit85aaah3qwuz.cfd
visit86aaak6agzx.cfd
visit87aaajcq0m7.cfd
visit88aaaclf7it.cfd
visit89aaagy9qqc.cfd
visit90aaarhd6tg.cfd
visit91aaaet2wny.cfd
visit92aaabhgff7.cfd
visit93aaa17yfff.cfd
visit94aaa3hmglv.cfd
visit95aaawdsrmx.cfd
visit96aaaviflem.cfd
visit97aaazzgesl.cfd
visit98aaa27zlor.cfd
visit99aaapv9pqq.cfd
wesdeas.hair
youtube.google-policy.com
youtube.goolqe.com

# Reference: https://x.com/lazarusholic/status/1815363714075500879
# Reference: https://wezard4u.tistory.com/429236
# Reference: https://www.virustotal.com/gui/ip-address/152.32.243.136/relations

audko.store
avist.store
nlsie.store
nusiu.live
osihi.store
simos.online
sorsi.online
wodods.online
wodods.xyz

# Reference: https://x.com/r3dbU7z/status/1816075984283566588
# Reference: https://x.com/byrne_emmy12099/status/1816096332718956698
# Reference: https://www.virustotal.com/gui/ip-address/193.149.185.36/relations
# Reference: https://www.virustotal.com/gui/file/950e19f9e804db0b246a36fa01ef7cbc30c72168392ecac9a391756ca634d807/detection

downloadha.online
smartcert.store
templatehub.shop
veridrvs.host
wuyouhe.shop
ms.veridrvs.host

# Reference: https://www.virustotal.com/gui/ip-address/141.164.48.124/relations

accountlive.store
crack-download.store
kakacentre.com
misakass.top
narercorp.space
naveclip.com
navemid.host
navemlive.store
naverbox.com
navesdrv.site
navmails.com
ncvcrlive.store
nibcent.com
nidcenter.com
nilcrap.com
onclouds.host
themesdrv.site
docs.naverbox.com
naverclouds.cckr.store
nid.accountlive.store
nid.narercorp.space
nid.navemid.host
nid.navemlive.store
nid.navesdrv.site
nid.ncrop.org
nid.ncvcrlive.store
nid.nidcenter.com
nid.onclouds.host
nid.themesdrv.site
nid.veridrvs.host
store.navemid.host

# Reference: https://x.com/StrikeReadyLabs/status/1816091548838138125
# Reference: https://www.virustotal.com/gui/ip-address/77.73.69.166/relations
# Reference: https://www.virustotal.com/gui/file/36db29fbdf98b123fcbdcbd93c0bfc7f5b1cd80cf8357ddc1c92fafb26f55560/detection

1oqinservice.serviinform.kro.kr
717studio.n-e.kr
acccoount.qooqle.kro.kr
afcafe.kro.kr
attacch.bigfiile-down.r-e.kr
autoeupdate.p-e.kr
bigfiie-downserver.kro.kr
bigfiile-down.r-e.kr
bigfile-serverdown.kro.kr
bing.seamon.kro.kr
bnbnnkh.n-e.kr
boxapp-downfilesss.n-e.kr
cafent-signatere.kro.kr
certificateapp.n-e.kr
certify.n-e.kr
certify.pay-goole.p-e.kr
certifynvapp.n-e.kr
cetify-information.n-e.kr
check.autoeupdate.p-e.kr
check.certify.n-e.kr
cloud-boxserver.kro.kr
cloud-serverfile.n-e.kr
cloudbox-file.kro.kr
cnauafild.p-e.kr
device.home.kg
down-boxfile.n-e.kr
down-myboxappfile.kro.kr
down-myboxappfile.n-e.kr
down-myboxappfile.p-e.kr
drive-certifycafe.n-e.kr
eo-m-health.kro.kr
file-cloudbox.kro.kr
file-drive.kro.kr
file-saver.n-e.kr
filecloud-saver.n-e.kr
filecloud.n-e.kr
gigimode.fin-tech.com
hongguk.n-e.kr
inform.certificateapp.n-e.kr
informalservice.kro.kr
informsecurrity.n-e.kr
inservicesinform.kro.kr
kftcpg.n-e.kr
loggin-grnaiil.n-e.kr
loqin.nhgigi.crabdance.com
loqinfoservicce.n-e.kr
loqinseviceeinfo.kro.kr
loqinseviceeinform.kro.kr
loqonservice.kro.kr
m.nhnsignaturer.kro.kr
m.nidnhnsign.serverpit.com
mackocacola.n-e.kr
mobil-signn.kro.kr
nhgigi.crabdance.com
nhnlogin.minecraftnoob.com
nhnsignaturer.kro.kr
nid.nhnlogin.minecraftnoob.com
nidln.loqonservice.kro.kr
nidnhnsign.serverpit.com
nld.loqinfoservicce.n-e.kr
nld.loqinseviceeinfo.kro.kr
nld.loqinseviceeinform.kro.kr
nllid1n.siggigiloqinserve.kro.kr
nmodelogging.69.mu
nrnail.cnauafild.p-e.kr
nsign.gigimode.fin-tech.com
pay-goole.p-e.kr
pmlroma.kro.kr
qooqle.kro.kr
saver-cloud.n-e.kr
seamon.kro.kr
server-filedown.n-e.kr
servicesdownnfile.p-e.kr
serviinform.kro.kr
siggigiloqinserve.kro.kr
siggn-sys.n-e.kr
sign-cetifyinform.n-e.kr
sign-secuicentry.n-e.kr
sign.nmodelogging.69.mu
signcaffe.n-e.kr
signin.certifynvapp.n-e.kr
signin.informsecurrity.n-e.kr
siqnin.inservicesinform.kro.kr
siqnln.informalservice.kro.kr
sktving.kro.kr
sktybmupdate.kro.kr
sleman.ultimit.kro.kr
tripcom.n-e.kr
ultimit.kro.kr
update.farted.net
update.mine.bz
update.punked.us
update.sktving.kro.kr
veraport.n-e.kr
verynat-cetify.n-e.kr
wslideae.kro.kr
yourphoneapp.kro.kr

# Reference: https://x.com/byrne_emmy12099/status/1816477711877202366
# Reference: https://app.validin.com/detail?type=ip&find=103.172.79.128#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=152.32.139.79#tab=resolutions
# Reference: https://app.validin.com/detail?find=152.32.243.208&type=ip4&ref_id=770ddaf193d#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/7c52f371547f58c42eb322c2f77cad4cf5c3de2f2365daa88939f37748c5cb02/detection

ltmlc.fun
mopuiasxzc.top
nahsopyer.site
napana.online
napana.store
nersde.store
nmsdoper.store
noliper.store

# Reference: https://x.com/malwrhunterteam/status/1816524339514343446
# Reference: https://www.virustotal.com/gui/file/96e32ff5d24ed023c55e00556cedaada45db32f94229cf9d33f55a2886ac0c69/detection

apollo-blue7.kro.kr
nid.apollo-blue7.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/152.32.138.167/relations
# Reference: https://www.virustotal.com/gui/file/a173a425d17b6f2362eca3c8ea4de9860b52faba414bbb22162895641dda0dc2/detection

apollo-page.kro.kr
apollo-page.n-e.kr
apollo-page.r-e.kr
apollo-star7.kro.kr
mois-viewer.o-r.kr
viewer-server.p-e.kr
090.apollo-page.kro.kr
123.apollo-page.n-e.kr
mail.apollo-page.r-e.kr
ndilogin.apollo-page.r-e.kr
nidlogin.apollo-page.r-e.kr
vic.apollo-star7.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/118.193.69.97/relations

hogmasil.lol
nadaser.store
namecope.online
nsmoll.store
skq.asia

# Reference: https://www.virustotal.com/gui/ip-address/152.32.139.48/relations

doithe.top
kortiosdfp.lol
nakosd.store
sdoprio.lol
siu.homes
toplopsdfj.lol
api.doithe.top

# Reference: https://www.virustotal.com/gui/ip-address/118.194.248.172/relations

nahsuio.store
accountsmil.nahsuio.store

# Reference: https://www.virustotal.com/gui/ip-address/152.32.243.49/relations

kinfguve.cc
nadfoi.store
sfjhgikjei.cc
zxcdsav.cc

# Reference: https://x.com/byrne_emmy12099/status/1817798187236950221
# Reference: https://www.virustotal.com/gui/ip-address/104.194.154.71/relations

gobro.space
download.gobro.space

# Reference: https://x.com/byrne_emmy12099/status/1818113597677223969
# Reference: https://www.virustotal.com/gui/file/6ff5ae0860290f57862f8918e0509c27649ac381ee70a5cb20d6416ec07b4ad5/detection
# Reference: https://www.virustotal.com/gui/file/15c7f27b140bf1c4841f68eeee76edc9234090ead8c832c9259d7b71e90a2dd7/detection
# Reference: https://www.virustotal.com/gui/file/dd0bb4c7b41a775ec4426fb74a80d995fde39c87197b8c19b8391139e17491fd/detection

79.133.56.173:7016

# Reference: https://www.virustotal.com/gui/ip-address/118.194.249.75/relations

loggin.lol
opresi.info
osyst.life

# Reference: https://www.virustotal.com/gui/ip-address/210.92.18.162/relations

beeneas.xyz
kerasin.store
koraser.store
naver.com.ng
navercafe.eu
osyst.cloud
poluh.shop
qmodiscord.xyz
rabyse.store
rainsbow.store
refery.store
sig.quest
ssounited.store
ujiora.store
yoiroyse.store
accoshmal.nislo.life
accosnksj.opresi.info
accountsmil.nislo.life
dnhmal.nislo.life
dnnksj.opresi.info
manhattan-c1othing.naver.com.ng
nid.naver.com.ng
nidples.osyst.life
nids.naverdoc.com
outlookmember.rabyse.store
up-api1-kage.nislo.life
yoonnets.naver.com.ng

# Reference: https://www.virustotal.com/gui/ip-address/172.86.97.243/relations

arhayo.store
blairy.store
fpolicy.store
harviwo.store
jebario.store
katoryse.store
kimepekz.store
laurapose.store
ncafptary.store
nessacine.store
satony.store
vaeouri.store
yonoma.store
ness.nessacine.store

# Reference: https://x.com/byrne_emmy12099/status/1818639909806391347
# Reference: https://x.com/byrne_emmy12099/status/1831243259185672523
# Reference: https://www.virustotal.com/gui/ip-address/202.141.233.4/relations
# Referennce: https://www.virustotal.com/gui/file/fd2c6aa42264f7d555e4f1c8194f8c293ab02bc416e43b448cbd09912833d5cf/detection

http://202.141.233.4
dest.kro.kr
mcgnu.kro.kr
nawer.p-e.kr
publish.kro.kr
zmting.kro.kr
hwp.publish.kro.kr
main.zmting.kro.kr
nid.nawer.p-e.kr
mem.mcgnu.kro.kr
mxd.dest.kro.kr

# Reference: https://x.com/alex_lanstein/status/1793677450683269329
# Reference: https://x.com/StrikeReadyLabs/status/1793675350037148033
# Reference: https://x.com/StrikeReadyLabs/status/1818827583410389431
# Reference: https://ti.qianxin.com/blog/articles/UTG-Q-010-Targeted-Attack-Campaign-Against-the-AI-and-Gaming-Industry-EN/
# Reference: https://www.virustotal.com/gui/file/a69693dc1a62e49853ba5eb40999f24e340faf1a087e56f9a21c4622d297c861/detection
# Reference: https://www.virustotal.com/gui/file/732a6bf2345e9cc40b9a6a1164dc2e823955cbc56a5d3750e675d1c4db7f7415/detection
# Reference: https://www.virustotal.com/gui/file/4a371c04b3a52139ccfc82062f228284467a7d3c06d3b9313b62f6f2a6e68b75/detection
# Reference: https://www.virustotal.com/gui/file/6a3f3521f812b3186ff9e2347631fe9865d643321a301058f894cf6ca6953dd3/detection
# Reference: https://www.virustotal.com/gui/file/bb491aa8acd52ebe41e593804477991676e8a816c64bfe3a16443dd4feb44fda/detection

http://94.138.192.147
156.224.22.247:443
gangtao.live
ioskaishi.live
malaithai.co
phmdbad.live
chemdl.gangtao.live
chemdl.ioskaishi.live
conn.phmdbad.live
/lasjdflakdsjf.pdf
/public/jsp/lasjdflakdsjf.pdf

# Reference: https://x.com/Cyberteam008/status/1820652443514073188

aeomeio.n-e.kr
apps.imagelogger.o-r.kr
boomerat.r-e.kr
chorteo.r-e.kr
deta2.n-e.kr
download.paradon.n-e.kr
download.pdfconvert.n-e.kr
file-drive.n-e.kr
g-cloud.r-e.kr
imagelogger.o-r.kr
imgconverter.p-e.kr
montera.o-r.kr
nero1.r-e.kr
ns.zavic.kro.kr
ns.zavid.kro.kr
paradon.n-e.kr
pdfconvert.n-e.kr
viewer.imgconverter.p-e.kr
werasocs.r-e.kr
yerahom.p-e.kr
zavic.kro.kr
zavid.kro.kr
zeratos.o-r.kr

# Reference: https://x.com/Thisism23567356/status/1820786152686661857
# Reference: https://www.virustotal.com/gui/file/f7e29ad2b0d3da5c2a9fa8f54629cdd7b5b890a04b7408c7bdbd02e5772c5103/detection

handhygieneforhealth.org/.well-known/acme-challenge/0802/
/.well-known/acme-challenge/0802/d.php
/.well-known/acme-challenge/0802/upload_dotm.php

# Reference: https://x.com/ValidinLLC/status/1820823041925841365
# Reference: https://app.validin.com/detail?type=ip&find=195.85.250.22#tab=resolutions

xn--220b95u7jdkyicjm.xn--yq5b.xn--3e0b707e
xn--910b050bu5a.xn--oi2b61z32a.xn--3e0b707e
xn--950bt9stjai8zqxc.xn--2i0b10rqve.xn--3e0b707e
xn--h49a2p279auzk.xn--2i0b10rqve.xn--3e0b707e
xn--le5b23b8lz6c.xn--oi2b61z32a.xn--3e0b707e
xn--on3bi6mq2ao9n.xn--9i1b01onwqqzd.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=192.64.81.23&type=ip4&ref_id=ee670af8204#tab=resolutions

xn--220bn6pm6ip9b.xn--2i0b10rqve.xn--3e0b707e
xn--h32b29iq8f57j.xn--2i0b10rqve.xn--3e0b707e
xn--hg3b1r23r0we99j.xn--hk3b17f.xn--3e0b707e
xn--on3b21ee3emyo.xn--2i0b10rqve.xn--3e0b707e
xn--zb0b93v7zf0yr.xn--9i1b01onwqqzd.xn--3e0b707e
xn--zb0b93vmoa643b.xn--yq5b.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=166.88.194.226&type=ip4&ref_id=ee670af8204#tab=resolutions

xn--zb0b93v7zf0yr.xn--9i1b01onwqqzd.xn--3e0b707e
file-center.p-e.kr

# Reference: https://app.validin.com/detail?find=95.164.62.157&type=ip4&ref_id=ee670af8204#tab=resolutions

clearcheck.r-e.kr
cloud-file.o-r.kr
file-clear.o-r.kr
iptime-upgrade.r-e.kr
xn--h32b11c06kbkc.xn--oi2b61z32a.xn--3e0b707e
xn--h32b21ccvorra.xn--oi2b61z32a.xn--3e0b707e
xn--h32b93rxub7a38cq45d.xn--oi2b61z32a.xn--3e0b707e
xn--on3b11fg6drvc910a.xn--2i0b10rqve.xn--3e0b707e
xn--zb0b93v7pcl4f61fvwu.xn--oi2b61z32a.xn--3e0b707e
xn--zb0b93v7zf0yr.xn--9i1b01onwqqzd.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=89.221.224.145&type=ip4&ref_id=ee670af8204#tab=resolutions

accountqoogle.r-e.kr
authqooqle.n-e.kr
download-file.o-r.kr
mitsdj.p-e.kr
n-checker.n-e.kr
nate-accounts.o-r.kr
safe-down.o-r.kr
safefile-store.n-e.kr
secu-center.n-e.kr
security-file.o-r.kr
xn--2e0bw9ye9s.xn--yq5b.xn--3e0b707e
xn--2i0b10r3wdxxk7xc.xn--hu5b25b77nvwc.xn--3e0b707e
xn--3e0bk66b.xn--oi2b61z32a.xn--3e0b707e
xn--910bs4k2b903c.xn--oi2b61z32a.xn--3e0b707e
xn--989amm089aqzk.xn--9i1b01onwqqzd.xn--3e0b707e
xn--c79ak52c.xn--hk3b17f.xn--3e0b707e
xn--h32b21c06kokc.xn--h32bi4v.xn--3e0b707e
xn--h32b23ax6ukic99m.xn--oi2b61z32a.xn--3e0b707e
xn--h32b93vna29s.xn--2i0b10rqve.xn--3e0b707e
xn--i49alo503a1hj91qiwd.xn--oi2b61z32a.xn--3e0b707e
xn--i49aloj21bx7h.xn--hu5b25b77nvwc.xn--3e0b707e
xn--ly5b17v.xn--2i0b10rqve.xn--3e0b707e
xn--oi2b43d22m.xn--oi2b61z32a.xn--3e0b707e
xn--ok0by38c.xn--yq5b.xn--3e0b707e
xn--on3bi6m.xn--hu5b25b77nvwc.xn--3e0b707e
xn--oy2b23yvwh.xn--hk3b17f.xn--3e0b707e
xn--sn3b25qa01t.xn--yq5b.xn--3e0b707e
xn--vf4b150a.xn--hu5b25b77nvwc.xn--3e0b707e
xn--zb0b93v.xn--hu5b25b77nvwc.xn--3e0b707e
xn--zb0b93v7pcuvq.xn--2i0b10rqve.xn--3e0b707e
xn--zb0bjsl3wqkbsx1b.xn--oi2b61z32a.xn--3e0b707e
xn--zj4b17e9vcn8n.xn--hu5b25b77nvwc.xn--3e0b707e

# Reference: https://app.validin.com/detail?find=45.58.52.104&type=ip4&ref_id=ee670af8204#tab=resolutions

xn--289aqc003dx7h.xn--oi2b61z32a.xn--3e0b707e
xn--c79ao69ad3e0kc.xn--9i1b01onwqqzd.xn--3e0b707e
xn--hg3b15whlf.xn--2i0b10rqve.xn--3e0b707e
xn--le5b84c.xn--hk3b17f.xn--3e0b707e
xn--on3b95m.xn--h32bi4v.xn--3e0b707e

# Reference: https://x.com/eastside_nci/status/1821021927357751361

navel.r-e.kr
lcs.navel.r-e.kr
tivan.navel.r-e.kr
veta.navel.r-e.kr
nam.veta.navel.r-e.kr

# Reference: https://www.cyberresilience.com/threatintel/apt-group-kimsuky-targets-university-researchers/
# Reference: https://github.com/arceo-labs/iocs/blob/main/APT/Kimsuky/domains.txt

dorray.site
gkjoiup.site
penlu.or.kr

# Reference: https://x.com/StrikeReadyLabs/status/1822942402258080183
# Reference: https://x.com/Thisism23567356/status/1822970394007019675
# Reference: https://www.virustotal.com/gui/ip-address/152.32.138.182/relations
# Reference: https://www.virustotal.com/gui/ip-address/165.154.171.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.128.147.226/relations
# Reference: https://www.virustotal.com/gui/file/3e0f4eaf3db754160f8c012a94772bf05b20823806962836fd0d32e0f160b916/detection
# Reference: https://www.virustotal.com/gui/file/86ef578ca5923119e65049f3d26bff7ea41cea12f8c425f06786b406c8dfaf9a/detection

easygooglecloud.com
googlesharepoint.com
htc-llc.net
microsoft-host.com
twittertips.com
xbox-app.com
checker.jetos.com
gemini.ns01.info

# Reference: https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/
# Reference: https://www.virustotal.com/gui/ip-address/104.194.152.251/relations

104.194.152.251:443
104.194.152.251:8936
pumaria.store
go.pumaria.store

# Reference: https://www.virustotal.com/gui/ip-address/27.255.80.162/relations

barerby.store
brayoier.store
fandorin.store
ratoriu.store
santora.store
slardar.store

# Reference: https://www.virustotal.com/gui/ip-address/27.255.80.163/relations

megadown.store

# Reference: https://x.com/asdasd13asbz/status/1823625652626710578
# Reference: https://x.com/JangPr0/status/1858654555158065593
# Reference: https://www.virustotal.com/gui/file/d11b41aee220b451393598677d7e62b4ff8fb1989bcdea4a9a25a6d207c5aa39/detection

bit-albania.com/config.php
bit-albania.com/inc.php
bit-albania.com/templates/hacker/css.php

# Reference: https://x.com/JangPr0/status/1824232312915333325
# Reference: https://www.virustotal.com/gui/file/b13201957eec1248b3d91f2fd5a0b5d999c0c77644810f4aa28c9ecd0faf8828/detection

0x0.st/XO5m.txt

# Reference: https://x.com/StrikeReadyLabs/status/1825868401337565226
# Reference: https://www.virustotal.com/gui/file/6b660666f031843a36225e791f6564983c2c8cabf85d2216f0617702a978c838/detection

dr0pb0xapi.com
api.dr0pb0xapi.com
content.dr0pb0xapi.com

# Reference: https://app.validin.com/detail?type=ip&find=210.92.18.158

ko27hovkuqymlx.cfd
ko61prrdlueqct.cfd
ko64teljoibilm.cfd
ko70xxapysvemq.cfd
nm53nvgpzydpxi.cfd

# Reference: https://x.com/eastside_nci/status/1826907909768278163
# Reference: https://app.validin.com/detail?type=ip&find=210.92.18.142#tab=resolutions

account-naver.com
alska37navorcom.website
anewloipopkstar.cloud
dauo3mgoepcio.store
eodanatiodnd09dan.store
haier30chainmgov.website
holadnneioa9mar.online
keyodga90studian.site
krnavedunpsgrps.site
ldadomstka3727noghyp.xyz
login-naver.com
mail-naver.com
miaot32kdnetso.online
msikocanatgioan3c.store
mufaktisi23nbacoam.site
ngenecdoemai3dn.site
nodkcl32doalkna.icu
nuttopsseafe30gud.icu
parenkocl23netkor.online
pidnca3ohackabom.website
qurotdua3ncane.cloud
sapedlcybernav.online
security-naver.com
signin-naver.com
thirda0partysnm.website
wordorg30dnckson.website

# Reference: https://x.com/eastside_nci/status/1826907912565821728
# Reference: https://app.validin.com/detail?type=ip&find=210.92.18.183#tab=resolutions

arrice.store
avackacmzei3cm.store
edaue3dkstring.icu
enorpen.space
krmouse3hacaka.icu
laoschnavgat0in.store
mcafegroupc3sk.store
meardkcsa0ndbox.online
messhoek2sdkn.site
navercorp.center
navor.online
nevor.store
nid-naver.info
podlaenca0dla.online
sakuran320netisxm.xyz
taranagmccoprs.website
transnave0ccoaprs.website
webnavit0incom.online
whitehorse.website
zabrdca3gopex.site
zootoepaic0cat.online

# Reference: https://x.com/eastside_nci/status/1826907914918912293

2022laicai.com
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.osyst.life
3yik.caidao188.com
aperfection3cos.site
arsakray.store
bgptools-wildcard-confirmed.inserverncorpservice.store
bgptools-wildcard-confirmed.nmailcorponlinehost.store
bgptools-wildcard-confirmed.nmailteam.store
bzfafa888.com
caidao188.com
eager-goldwasser.210-92-18-176.plesk.page
gemevog.com
ghfjqle.icu
guytr.store
hanhwa.site
images.kkuac.org
inserverncorpservice.store
inservicenmail.store
js.caiyuandao888.com
laoschnavgat0in.store
mailsecurityncorp.store
nasdfg.website
nbgfvr.icu
nbvfghr.online
nbvhftr.store
ndfghj.store
ndfsdk.website
nervous-hawking.210-92-18-188.plesk.page
nghtyr.online
nghytr.space
ngjhry.icu
ngjhur.website
ngjrur.online
ngjuer.store
nhgujfr.shop
nhgybf.xyz
nhgyt.shop
nhjklr.icu
nhygbh.xyz
nirroaed5nesicm.store
njfghr.store
njgher.site
njghfr.site
njghuer.online
njguht.shop
njguyh.space
njhgd.cloud
njhgu.website
njhuy.website
njhuyr.online
njikmh.site
nkgier.website
nmailcorphost.store
nmailcorponlinehost.store
nmailhostingonline.store
nmailhostingonlinecom.store
nmailhostsecurityonline.store
nmailonlineserverhosting.store
nmailsecurityhost.store
serverncorpmail.store
serverncorpmailonline.store
servernmailcenter.store
servernmailcorp.store
servernmailservice.store
vcljs.com
whe0tmcopsra.site
zootoepaic0cat.online

# Reference: https://x.com/Huntio/status/1827010159597728157
# Reference: https://app.validin.com/detail?type=ip&find=27.102.130.181#tab=resolutions

goocgle.cloud

# Reference: https://www.rapid7.com/globalassets/_pdfs/whitepaperguide/rapid7-Kimsukys-Phishing-and-Payload-Tactics_wp.pdf
# Reference: https://github.com/rapid7/Rapid7-Labs/blob/main/IOCs/Kimsuky_Phishing_Payload_Tactics_IOCs.txt

accounts.ukr.net.userscheck.info
app.userscheck.info
blog.userscheck.info
chat.userscheck.info
dev.userscheck.info
forums.app.userscheck.info
fr.userscheck.info
i.ua.userscheck.info
meta.ua.userscheck.info
micbns.documentview.site
net.userscheck.info
passport.meta.ua.userscheck.info
passports.i.ua.userscheck.info
phpmyadmin.userscheck.info
support.userscheck.info
ua.userscheck.info
ukr.net.userscheck.info

# Reference: https://x.com/ValidinLLC/status/1827015254821253281
# Reference: https://app.validin.com/detail?type=ip&find=154.205.138.23#tab=resolutions

ntskorea.site
ntsletter.site
ntsmail.online
ntsmail.store
ntspost.online
ntsposting.site
ntsshare.site
ntsteam.store
ntsweb.store
cc.ntsmail.online
cc.ntsposting.site
lcs.ntsmail.online
lcs.ntsmail.store
lcs.ntsposting.site
naver.ntskorea.site
naver.ntsletter.site
naver.ntsmail.store
naver.ntsposting.site
naver.ntsweb.store

# Reference: https://app.validin.com/detail?find=173.211.70.97&type=ip4&ref_id=d5d8772dd63#tab=resolutions
# Reference: https://app.validin.com/detail?find=185.126.148.8&type=ip4&ref_id=d5d8772dd63#tab=resolutions

chaosknight.site
cute-fox.online
fuckv3.site
futurismlabs.site
linesmanagement.fun
lovely4u.nl
mediumtechview.info
mediumtechview.site
memberscheck.info
naverline.cloud
needrelax.site
noticements.website
scm-portal.site
scv250227.website
secure-cps.nl
sessioncheck.site
simplegame.store
supernovagroup.site

# Reference: https://app.validin.com/detail?find=210.92.18.187&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naverlogin.com
nproxr.store
nsfder.store

# Reference: https://app.validin.com/detail?find=210.92.18.185&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

boarmanc90genmc.xyz
cokrmstehomeb09ks.xyz
com-change.info
comerpl0starli.site
cordns77navgations.icu
coumcyberlib3n.online
daurnmail.com
ehcoasnet8home.store
golpit0matery.online
gonwet1boedy.site
hotmail.com-change.info
hotrnail.com-change.info
krdaumcokm0a.cloud
mc0rpsadmenp.cloud
mcafe090korpxs.online
microsoft.com-change.info
msky05bookscom.shop
n09ccafestopcm.website
naver.com-change.info
navers.com-change.info
navor.com-change.info
newdoma7navgtes.store
nidauti0korpsm.online
packnavorkps12attn.store
qour8dakservers.website
saramine5estchn.website
t0ngbirsmirn.cloud
ytube23comk.website

# Reference: https://app.validin.com/detail?find=210.92.18.181&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

aget0mkcoilp.store
albokkstr0nets.store
ckrnpoekai12sg.online
csilentabooksites.website
diom2bolbooks.cloud
gksisfle.website
gqwert.space
guekgle.shop
gythu.site
hamtopredio3n.website
jobckr23contp.site
jobkrnetsiom3nva.cloud
naverhelp.center
navesgn.info
nm14hwjsddxdab.cfd
npiramid00grps.xyz
outlook-kr.com
pla0iistocktbls.cloud
refidn09netapols.icu
urhost30bomlibs.site
vitual7murps.online
vituo5plomontuers.store
weoidius98netstv.store

# Reference: https://app.validin.com/detail?find=210.92.18.169&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

aa11iaiaoaodiasdf.cfd
aa15daoaoaa.cfd
aa16auaiaia.cfd
gg01aa8d.cfd
gg02diad.cfd
gg03dddd.cfd
gg04jaid.cfd
gg05odpz.cfd
gg06vjzn.cfd
gg08vnzm.cfd
gg09icuy.cfd
gg10vncc.cfd
gg117hvu.cfd
gg12vvzc.cfd
gg13vvcz.cfd
gg14dvcz.cfd
gg15mmnc.cfd
gg16ijnc.cfd
gg17nbcj.cfd
gg18yctz.cfd
gg19vnzn.cfd
gg20qqzn.cfd
gg21abcd.cfd
gg22kieu.cfd
gg23uydc.cfd
gg24erud.cfd
gg25vmzn.cfd
gg26ppdd.cfd
gg27ytdc.cfd
gg28erud.cfd
gg29wdic.cfd
gg30qncj.cfd
gg31vmcc.cfd
gg32ddid.cfd
gg33ecbc.cfd
gg34bcjd.cfd
gg35tdfd.cfd
ghusfe.online
guhdfe.store
gythu.site
insecurityncorp.store
inservernmail.store
inservernmailcorp.store
inservicenmailcorp.store
inservicenmailsecurity.store
joinupvts.org
kk02diaoa.cfd
kk04ooiiz.cfd
kk05jjizo.cfd
ko03bumpunpkkj.cfd
ko05oiwgznlfez.cfd
ko09iihldlmpue.cfd
ko16krddlgrnqc.cfd
ko17zouzamjbna.cfd
ko20klrhisaghe.cfd
ko21hkerjkbwdk.cfd
ko22hkqwqzhfor.cfd
ko28dhdlhpwdoq.cfd
ko34ertusbpxwo.cfd
ko36jvrpmmdinr.cfd
ko37dosnkzvkgk.cfd
ko38muxaclxtyi.cfd
ko39sksjjgqoxc.cfd
ko45bvsvhykbec.cfd
ko47lbeoonhzch.cfd
ko50abihxzlzpx.cfd
ko52duaqxyjgcy.cfd
ko57jlttjllkri.cfd
ko60ydekzyztby.cfd
ko62naixkvajsb.cfd
ko63mzeususgdb.cfd
ko65mktttgloce.cfd
ko66epaeekyygx.cfd
ko67fowwqjblxu.cfd
ko68mlsiftaimg.cfd
ko69rykrwqqvtb.cfd
mailncorpsecurity.store
mz01gnzcsqyxvh.cfd
mz15wiqsuekibc.cfd
mz17zthmologal.cfd
mz20nvegiecnlg.cfd
mz21ecesmpinht.cfd
mz29qdyvhgkjmw.cfd
mz32evjttfqehe.cfd
mz33samchzvpbf.cfd
mz34kmoqtbsccp.cfd
mz37qfwnzdboqn.cfd
mz39msrxqvgwds.cfd
mz42vdwrbyzpuy.cfd
mz44hhmwmdsebg.cfd
mz48ccndurjvpt.cfd
nm14hwjsddxdab.cfd
nm23yrmupctcjh.cfd
nm27zcijazfmnm.cfd
nm64cmdaulibqc.cfd
nm71wibkcuxqir.cfd
nmailcorpsecurityhost.store
nmailhostingcom.store
nmailhostingserver.store
nmailhostingservice.store
nmailhostonline.store
nmailhostonlineserver.store
nmailhostserveronline.store
nmailonlinehost.store
nmailonlinehosting.store
nmailonlinehostingserver.store
nmailsecurityhosting.store
nmailsecurityonlinehosting.store
nmailserverhosing.store
onlinenmailcorpservicecom.store
onlinenmailcorpserviceenter.store
onsecuritynmail.store
onsecuritynmailcorp.store
op01ytuackbjgp.cfd
op07kzvwwbuysj.cfd
qq01aiao.cfd
qq03aiai.cfd
qq04aiai.cfd
qq08zzdi.cfd
qq09mzkc.cfd
servernmail.store
servernmailcenteronline.store
servernmailonline.store
servernmailonlinecom.store
ss2siaoeiqoao.cfd
ss8diaoaidia.cfd
ss9diaudiaa.cfd
wr01dzt.cfd
wr02lqw.cfd
wr04yst.cfd
wr15ffe.cfd
wr16kah.cfd
wr24dwr.cfd
wr26zky.cfd
wr27hjm.cfd
wr31unj.cfd
wr32qcy.cfd
wr33kmx.cfd
ww01aaa.cfd
ww02bbb.cfd
ww03ccc.cfd
ww04ddd.cfd
ww05eee.cfd
ww06fff.cfd
ww07ggg.cfd
ww08iii.cfd
ww09qqq.cfd
ww10fid.cfd
ww11dia.cfd
ww12vmn.cfd
ww13nmv.cfd
ww14cnm.cfd
ww15nvd.cfd
ww16fjf.cfd
ww17oio.cfd
ww18vnc.cfd
ww19jjd.cfd
ww20vnc.cfd
ww21ccc.cfd
ww22jjc.cfd
ww23mvn.cfd
ww24ncc.cfd
ww25nnc.cfd
ww26nnk.cfd
ww27iol.cfd
ww28nnb.cfd
ww29nnc.cfd
ww30kjc.cfd
ww31ncc.cfd
ww32nnc.cfd
zz09iinic.cfd
zz13iijnc.cfd
zz14ppiuc.cfd
zz16ajndd.cfd
zz20hjcic.cfd
zz21ticic.cfd
zz23aeeec.cfd

# Reference: https://app.validin.com/detail?find=210.92.18.161&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

accounts.serviceprotect.eu
enternmailaccounts.store
enternmailaccountscom.store
enternmailaccountsserver.store
enternmailcorpsecurity.store
enternmailsecurity.store
enternmailserver.store
gg04jaid.cfd
gg05odpz.cfd
gg07pcoi.cfd
gg08vnzm.cfd
gg09icuy.cfd
gg10vncc.cfd
gg117hvu.cfd
gg13vvcz.cfd
gg14dvcz.cfd
gg15mmnc.cfd
gg16ijnc.cfd
gg18yctz.cfd
gg19vnzn.cfd
gg20qqzn.cfd
gg21abcd.cfd
gg22kieu.cfd
gg23uydc.cfd
gg25vmzn.cfd
gg26ppdd.cfd
gg27ytdc.cfd
gg28erud.cfd
gg29wdic.cfd
gg30qncj.cfd
gg31vmcc.cfd
gg32ddid.cfd
gg33ecbc.cfd
gg34bcjd.cfd
gg35tdfd.cfd
innmailserver.store
innserversite.online
innservicecomserver.store
inservicecom.store
kk02diaoa.cfd
kk04ooiiz.cfd
kk05jjizo.cfd
ko03bumpunpkkj.cfd
ko05oiwgznlfez.cfd
ko09iihldlmpue.cfd
ko16krddlgrnqc.cfd
ko17zouzamjbna.cfd
ko20klrhisaghe.cfd
ko21hkerjkbwdk.cfd
ko22hkqwqzhfor.cfd
ko28dhdlhpwdoq.cfd
ko34ertusbpxwo.cfd
ko36jvrpmmdinr.cfd
ko37dosnkzvkgk.cfd
ko38muxaclxtyi.cfd
ko39sksjjgqoxc.cfd
ko45bvsvhykbec.cfd
ko47lbeoonhzch.cfd
ko50abihxzlzpx.cfd
ko52duaqxyjgcy.cfd
ko57jlttjllkri.cfd
ko60ydekzyztby.cfd
ko62naixkvajsb.cfd
ko63mzeususgdb.cfd
ko65mktttgloce.cfd
ko66epaeekyygx.cfd
ko67fowwqjblxu.cfd
ko68mlsiftaimg.cfd
ko69rykrwqqvtb.cfd
loginnmailcorpserver.store
mailncorpsecurity.store
mz01gnzcsqyxvh.cfd
mz15wiqsuekibc.cfd
mz17zthmologal.cfd
mz20nvegiecnlg.cfd
mz21ecesmpinht.cfd
mz29qdyvhgkjmw.cfd
mz30nnqnbxgboi.cfd
mz32evjttfqehe.cfd
mz33samchzvpbf.cfd
mz34kmoqtbsccp.cfd
mz37qfwnzdboqn.cfd
mz39msrxqvgwds.cfd
mz42vdwrbyzpuy.cfd
mz44hhmwmdsebg.cfd
mz48ccndurjvpt.cfd
navcomserver.store
navservicecenter.store
ncompanylogin.store
ncompanymailserver.store
ncompanyserver.store
ncompanyservice.store
ncorpmailingserver.store
ncorpmailsecurity.store
ncorpmailsecuritycom.store
ncorpmailsecurityonline.store
ncorpmailservercom.store
ncorpmailservicecom.store
ncorpmailsystem.store
ncorponline.store
ncorponlineserver.store
ncorporationmail.store
ncorporationsecurity.store
ncorporationserver.store
ncorporationservice.store
ncorpsecuritycom.store
ncorpsecuritycomsite.store
ncorpsecurityservice.store
ncorpserveronline.store
ngroupmailserver.store
ngroupmailservice.store
nhtgfr.online
nhuygr.shop
njhbgd.online
njhug.online
nm14hwjsddxdab.cfd
nm23yrmupctcjh.cfd
nm27zcijazfmnm.cfd
nm64cmdaulibqc.cfd
nm71wibkcuxqir.cfd
nmailcentercom.store
nmailinconline.store
nmailincserver.store
nmailingserver.store
nmailingservice.store
nmailservercomsystem.store
nmailserversystem.store
nmailservicecom.store
nmailsystemsecurity.store
nmailsystemserver.store
nonlinecenter.store
nonlinemailservercom.store
nonlineservce.store
nonlineserver.store
nonlineserversite.store
nonlineservicesite.store
nsecuritygroupmail.store
nsecuritygroupservice.store
nsecuritymailing.store
nsecurityservicesystem.store
nserviceonline.store
nserviceonlineserver.store
onlinenavservice.store
onlinencompany.store
onlinencorpaccounts.store
onlinencorpmailsecurity.store
onlinencorpsecurity.store
onlinencorpsecuritycom.store
onlinencorpserver.store
onlinenmailaccounts.store
onlinenmailaccountsservice.store
onlinenmailcorpcom.store
onlinenmailcorpserver.store
onlinenmailcorpservice.store
onlinenmailserver.store
onlinenmailservice.store
onlinenservicecenter.store
onlinenservicecom.store
onnmailcorpsecurity.store
onnmailservercom.store
onnmailservice.store
onsecuritynmail.store
onsecuritynmailcorp.store
op01ytuackbjgp.cfd
op07kzvwwbuysj.cfd
qq01aiao.cfd
qq03aiai.cfd
qq04aiai.cfd
qq05wiwo.cfd
qq06jzoz.cfd
qq08zzdi.cfd
qq09mzkc.cfd
servicemember.info
serviceprotect.eu
ss12aidiaodia.cfd
ss13aidoaias.cfd
ss2siaoeiqoao.cfd
ss6qiaosidiao.cfd
ss8diaoaidia.cfd
ss9diaudiaa.cfd
wr01dzt.cfd
wr02lqw.cfd
wr03skl.cfd
wr04yst.cfd
wr05mmy.cfd
wr06guh.cfd
wr07pxi.cfd
wr08dxk.cfd
wr09vjo.cfd
wr10jdh.cfd
wr11idy.cfd
wr12xej.cfd
wr13fsd.cfd
wr14xpn.cfd
wr15ffe.cfd
wr16kah.cfd
wr17uvl.cfd
wr18pfu.cfd
wr19xpc.cfd
wr20jyu.cfd
wr21udy.cfd
wr22pch.cfd
wr23vul.cfd
wr24dwr.cfd
wr25rkg.cfd
wr26zky.cfd
wr27hjm.cfd
wr28gmv.cfd
wr29dnt.cfd
wr30tey.cfd
wr31unj.cfd
wr32qcy.cfd
wr33kmx.cfd
ww01aaa.cfd
ww02bbb.cfd
ww03ccc.cfd
ww04ddd.cfd
ww05eee.cfd
ww06fff.cfd
ww07ggg.cfd
ww08iii.cfd
ww09qqq.cfd
ww10fid.cfd
ww11dia.cfd
ww12vmn.cfd
ww13nmv.cfd
ww14cnm.cfd
ww15nvd.cfd
ww16fjf.cfd
ww17oio.cfd
ww18vnc.cfd
ww19jjd.cfd
ww20vnc.cfd
ww21ccc.cfd
ww22jjc.cfd
ww23mvn.cfd
ww24ncc.cfd
ww25nnc.cfd
ww26nnk.cfd
ww27iol.cfd
ww28nnb.cfd
ww29nnc.cfd
ww30kjc.cfd
ww31ncc.cfd
ww32nnc.cfd
zz02wqiam.cfd
zz04diaod.cfd
zz07zivnc.cfd
zz09iinic.cfd
zz10ojvnd.cfd
zz11ijvnc.cfd
zz12jmnjd.cfd
zz13iijnc.cfd
zz14ppiuc.cfd
zz16ajndd.cfd
zz17iiinv.cfd
zz18ppivn.cfd
zz20hjcic.cfd
zz21ticic.cfd
zz22bcjcd.cfd
zz23aeeec.cfd
zz25ioonc.cfd
zz26fiiid.cfd

# Reference: https://app.validin.com/detail?find=210.92.18.140&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

nbjghy.space
nbjhf.space
ngjud.online
ngtyr.online
nmbjgh.store

# Reference: https://app.validin.com/detail?find=210.92.18.38&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

beplay787.com
gouwan.asia
izhido.com
manbet.vip
manbetx.pw
manbetx123.net
manbetx1688.com
manbetx888.net
opebet7788.com
wanbo.asia
wanbotiyu.com
wanboyazhou.com

# Reference: https://app.validin.com/detail?find=210.92.18.180&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

activateall.store
air000sorricesnets.shop
boarac32kcahane.online
bon3homeskopn.site
domaepd0casemp.shop
echoakop0can.website
euroq0utcoja.store
halmcopl2coms.icu
humiolcaplia.website
ikornv7bomska.site
jobkrb0netsner.online
krinstan3acheom.icu
laun093nettvm.cloud
lomaberkcops.icu
meaech0libryarys.website
mewcafenidkporn.website
moistu30uesrnetna.online
naithech3studin.website
navcorphelpserver.store
navcorpteam.store
naverhelp.info
naverhelp.net
navermail.info
navhelpteam.store
navig0tion23s.online
navinc.store
navsercuricom.store
nbookafat0rys.cloud
nidao23matnerb.icu
nrefe0ncenotdap.icu
nvbmb.shop
plocafenav0tinar.online
recoverpotal.online
recoveryrequest.store
requestall.store
skornhomeokls0o.online
synchronizeall.store
threm0shortvo.site
todarayon20ncv.xyz
transfckinea0mons.store
verificationmail.store
wero908shinhan.icu

# Reference: https://app.validin.com/detail?find=210.92.18.164&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

auser.eu
cmember.eu
kakaocop.com
kakaocorps.com
mailuser.info
natescorp.com
psuser.eu
quser.info
thnuhbyhn.tech
mail.auser.eu

# Reference: https://app.validin.com/detail?find=210.92.18.168&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

callsvcauction.online
discoveriner.sbs
dovmansec.cfd
helpagencyall.site
mailnaverio.store
mainoutband.store
mallkrservice.site
nativeauction.sbs
navmontin.store
navnamemode.cfd
navsold.site
nbvhgc.online
necolasec.shop
netserviceml.sbs
nghuy.store
nidnewsmain.site
njguhr.website
njjkgr.shop
nkijfr.icu
nsjhfu.space
nsscontens.store
popularmap.cfd
scorenidmain.bond
sendletters.site
a.discoveriner.sbs
captchanidin.helpagencyall.site
captchanidin.scorenidmain.bond
captchanidinbox.popularmap.cfd
captchanidlink.navnamemode.cfd
captchanidmail.scorenidmain.bond
captchanidmail.sendletters.site
captchanidmain.netserviceml.sbs
captchanidmall.navsold.site
captchanidporn.discoveriner.sbs
captchanidporn.dovmansec.cfd
captchanidporn.nativeauction.sbs
captchanidpostm.nativeauction.sbs
captchanidsvc.navmontin.store
ccin.helpagencyall.site
ccin.scorenidmain.bond
ccinbox.popularmap.cfd
cclink.navnamemode.cfd
ccmail.scorenidmain.bond
ccmail.sendletters.site
ccmain.netserviceml.sbs
ccmall.navsold.site
ccporn.discoveriner.sbs
ccporn.dovmansec.cfd
ccporn.nativeauction.sbs
ccpostm.nativeauction.sbs
ccsvc.navmontin.store
cloudin.helpagencyall.site
cloudin.scorenidmain.bond
cloudinbox.popularmap.cfd
cloudlink.navnamemode.cfd
cloudmail.scorenidmain.bond
cloudmail.sendletters.site
cloudmain.netserviceml.sbs
cloudmall.navsold.site
cloudporn.discoveriner.sbs
cloudporn.dovmansec.cfd
cloudporn.nativeauction.sbs
cloudpostm.nativeauction.sbs
cloudsvc.navmontin.store
contactin.helpagencyall.site
contactin.scorenidmain.bond
contactinbox.popularmap.cfd
contactlink.navnamemode.cfd
contactmail.scorenidmain.bond
contactmail.sendletters.site
contactmain.netserviceml.sbs
contactmall.navsold.site
contactporn.discoveriner.sbs
contactporn.dovmansec.cfd
contactporn.nativeauction.sbs
contactpostm.nativeauction.sbs
contactsvc.navmontin.store
helpin.helpagencyall.site
helpin.scorenidmain.bond
helpinbox.popularmap.cfd
helplink.navnamemode.cfd
helpmail.scorenidmain.bond
helpmail.sendletters.site
helpmain.netserviceml.sbs
helpmall.navsold.site
helpporn.discoveriner.sbs
helpporn.dovmansec.cfd
helpporn.nativeauction.sbs
helppostm.nativeauction.sbs
helpsvc.navmontin.store
lcsin.helpagencyall.site
lcsin.scorenidmain.bond
lcsinbox.popularmap.cfd
lcslink.navnamemode.cfd
lcsmail.scorenidmain.bond
lcsmail.sendletters.site
lcsmain.netserviceml.sbs
lcsmall.navsold.site
lcsporn.discoveriner.sbs
lcsporn.dovmansec.cfd
lcsporn.nativeauction.sbs
lcspostm.nativeauction.sbs
lcssvc.navmontin.store
mail.callsvcauction.online
mail.navsold.site
mailin.helpagencyall.site
mailin.scorenidmain.bond
mailinbox.popularmap.cfd
maillink.navnamemode.cfd
mailmail.scorenidmain.bond
mailmail.sendletters.site
mailmain.netserviceml.sbs
mailmall.navsold.site
mailporn.discoveriner.sbs
mailporn.dovmansec.cfd
mailporn.nativeauction.sbs
mailpostm.nativeauction.sbs
mailsvc.navmontin.store
naver.callsvcauction.online
naver.mailnaverio.store
naver.mainoutband.store
naver.mallkrservice.site
navermail.callsvcauction.online
navermail.mainoutband.store
navermail.mallkrservice.site
nid.mailnaverio.store
nidin.helpagencyall.site
nidin.scorenidmain.bond
nidinbox.popularmap.cfd
nidlink.navnamemode.cfd
nidlogin.mallkrservice.site
nidmail.scorenidmain.bond
nidmail.sendletters.site
nidmain.netserviceml.sbs
nidmall.navsold.site
nidporn.discoveriner.sbs
nidporn.dovmansec.cfd
nidporn.nativeauction.sbs
nidpostm.nativeauction.sbs
nids.discoveriner.sbs
nids.dovmansec.cfd
nids.helpagencyall.site
nids.nativeauction.sbs
nids.navmontin.store
nids.navnamemode.cfd
nids.navsold.site
nids.netserviceml.sbs
nids.popularmap.cfd
nids.scorenidmain.bond
nids.sendletters.site
nidsvc.navmontin.store
publish.sendletters.site
rcaptchanidin.helpagencyall.site
rcaptchanidin.scorenidmain.bond
rcaptchanidinbox.popularmap.cfd
rcaptchanidlink.navnamemode.cfd
rcaptchanidmail.scorenidmain.bond
rcaptchanidmail.sendletters.site
rcaptchanidmain.netserviceml.sbs
rcaptchanidmall.navsold.site
rcaptchanidporn.discoveriner.sbs
rcaptchanidporn.dovmansec.cfd
rcaptchanidporn.nativeauction.sbs
rcaptchanidpostm.nativeauction.sbs
rcaptchanidsvc.navmontin.store
soundcaptchanidin.helpagencyall.site
soundcaptchanidin.scorenidmain.bond
soundcaptchanidinbox.popularmap.cfd
soundcaptchanidlink.navnamemode.cfd
soundcaptchanidmail.scorenidmain.bond
soundcaptchanidmail.sendletters.site
soundcaptchanidmain.netserviceml.sbs
soundcaptchanidmall.navsold.site
soundcaptchanidporn.discoveriner.sbs
soundcaptchanidporn.dovmansec.cfd
soundcaptchanidporn.nativeauction.sbs
soundcaptchanidpostm.nativeauction.sbs
soundcaptchanidsvc.navmontin.store
sslin.helpagencyall.site
sslin.scorenidmain.bond
sslinbox.popularmap.cfd
ssllink.navnamemode.cfd
sslmail.scorenidmain.bond
sslmail.sendletters.site
sslmain.netserviceml.sbs
sslmall.navsold.site
sslporn.discoveriner.sbs
sslporn.dovmansec.cfd
sslporn.nativeauction.sbs
sslpostm.nativeauction.sbs
sslsvc.navmontin.store
staticnidin.helpagencyall.site
staticnidin.scorenidmain.bond
staticnidinbox.popularmap.cfd
staticnidlink.navnamemode.cfd
staticnidmail.scorenidmain.bond
staticnidmail.sendletters.site
staticnidmain.netserviceml.sbs
staticnidmall.navsold.site
staticnidporn.discoveriner.sbs
staticnidporn.dovmansec.cfd
staticnidporn.nativeauction.sbs
staticnidpostm.nativeauction.sbs
staticnidsvc.navmontin.store
publish.sendletters.site
wwwcorpin.helpagencyall.site
wwwcorpin.scorenidmain.bond
wwwcorpinbox.popularmap.cfd
wwwcorplink.navnamemode.cfd
wwwcorpmail.scorenidmain.bond
wwwcorpmail.sendletters.site
wwwcorpmain.netserviceml.sbs
wwwcorpmall.navsold.site
wwwcorpporn.discoveriner.sbs
wwwcorpporn.dovmansec.cfd
wwwcorpporn.nativeauction.sbs
wwwcorppostm.nativeauction.sbs
wwwcorpsvc.navmontin.store
wwwin.helpagencyall.site
wwwin.scorenidmain.bond
wwwinbox.popularmap.cfd
wwwlink.navnamemode.cfd
wwwmail.scorenidmain.bond
wwwmail.sendletters.site
wwwmain.netserviceml.sbs
wwwmall.navsold.site
wwwporn.discoveriner.sbs
wwwporn.dovmansec.cfd
wwwporn.nativeauction.sbs
wwwpostm.nativeauction.sbs
wwwsvc.navmontin.store

# Reference: https://app.validin.com/detail?find=210.92.18.159&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

chasina.store
grendeu.store
katerage.store
naver.com.ru
nid.naver.com.ru

# Reference: https://app.validin.com/detail?find=210.92.18.171&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

checkapis.com
naveradmin.com
orwou.store
ai.checkapis.com
bot.checkapis.com
api.checkapis.com
naverhelp.in.net
naverhelp.co.in
secure.checkapis.com

# Reference: https://app.validin.com/detail?find=210.92.18.176&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

daun.o-r.kr
accountskakao.daun.o-r.kr

# Reference: https://app.validin.com/detail?find=210.92.18.166&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naverocrp.com

# Reference: https://app.validin.com/detail?find=210.92.18.178&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

daum.net.in
happy-carver.210-92-18-178.plesk.page
kakao.com.co
kts1.stgame.pe.kr
navercorp.city
navercrcp.com
stgame.pe.kr

# Reference: https://app.validin.com/detail?find=210.92.18.145&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

ipcheckapi.com
naverrer.com
naverrnail.com
updateplug.net

# Reference: https://app.validin.com/detail?find=210.92.18.190&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

account-google.info
nate.com.in
naverhost.in.net
naverscan.org
naverteam.info
siren24.info
mail.account-google.info

# Reference: https://app.validin.com/detail?find=210.92.18.167&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

mid-naver.com
natesupport.com
signin.mid-naver.com

# Reference: https://app.validin.com/detail?find=210.92.18.170&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naver.host
naver.in.net
naveraccount.com

# Reference: https://app.validin.com/detail?find=210.92.18.146&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

ictcvip.com

# Reference: https://app.validin.com/detail?find=210.92.18.163&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

naxer-mobile.com
never-clouding.com
mail.naxer-mobile.com
mail.never-clouding.com

# Reference: https://app.validin.com/detail?find=210.92.18.189&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

microsoft-profile.info

# Reference: https://app.validin.com/detail?find=210.92.18.157&type=ip4&ref_id=fed3f04f9c8#tab=resolutions

tolig.pe.kr
kttest1.tolig.pe.kr

# Reference: https://app.validin.com/detail?find=27.255.79.225&type=ip4&ref_id=1e1733dd7f7#tab=resolutions

maeilbox.com
st0746.net
upbit-kr.com

# Reference: https://x.com/byrne_emmy12099/status/1829013167940481140

handhygieneforhealth.org/wp-includes/css/song/dist.php

# Reference: https://x.com/VirITeXplorer/status/1829109307322904629
# Reference: https://www.virustotal.com/gui/ip-address/202.141.233.4/relations
# Reference: https://app.validin.com/detail?type=ip&find=202.141.233.4#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4/detection

zoorn.site
login.zoorn.site
ussc.zoorn.site
desbros.kro.kr
meetings.kro.kr
secbesm.kro.kr
zoom-meeting.kro.kr
zoom.meetings.kro.kr
bklis.desbros.kro.kr
client.publish.kro.kr
drequsm.secbesm.kro.kr
rem.zoom-meeting.kro.kr
/0829_pprb/d.php

# Reference: https://app.validin.com/detail?find=145.14.151.87&type=ip4&ref_id=1a3f4c9180c#tab=resolutions

afyoncekici.site
altinmaske.site
antalyacekici.site
antalyacekicim.site
antalyapeyzaj.site
koubasvuru.site

# Reference: https://x.com/eastside_nci/status/1829413692372586570
# Reference: https://app.validin.com/detail?type=ip&find=183.111.125.44#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=185.203.119.14#tab=resolutions

accounts.kakkao.com
driver.crabdance.com
kakkao.com
mailer.neomail.kr
mydrive.home.kg
naveor.3utilities.com
nid-naver.ddnsking.com
store.notici.as
ymail.notici.as

# Reference: https://app.validin.com/detail?find=8d5de7ecb18c720b5723d23de8b56da4&type=hash&ref_id=877f65306be#tab=host_pairs_v2

acount.notici.as
mailsystem.sumibi.org
manage-myinfo.smelly.cc
myaccount-verify.nard.ca
users.allisons.org
users.annaffiare.org

# Reference: https://app.validin.com/detail?find=5.182.210.210&type=ip4&ref_id=8ca70ccef65#tab=resolutions

mail-daum.ddns.net
nid1-naver.servehttp.com
nid-naver.serveirc.com
xo-nate-com.ml

# Reference: https://x.com/byrne_emmy12099/status/1901525189374185624
# Reference: https://app.validin.com/lookalikes?mode=full&timeout=30&lookback=7&find=nid-naver
# Reference: https://app.validin.com/detail?find=104.200.67.212&type=ip4&ref_id=28344b7ed2b#tab=resolutions
# Reference: https://app.validin.com/detail?find=131.153.13.235&type=ip4&ref_id=fe7a551c5d5#tab=resolutions
# Reference: https://app.validin.com/detail?find=38.180.193.61&type=ip4&ref_id=4c8401c777e#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/9e4e45e8f12db94997767bd3899968b9bc147bf08c062d3caea7f0864a67ea2c/detection
# Reference: https://www.virustotal.com/gui/file/8b0b62a31b348c5a2337ee69cfd3f68a427466539484f55f1cd2910237b59700/detection
# Reference: https://www.virustotal.com/gui/file/4b87b775cdb265ecd872a71be810d7816d0d8b54663b3c536862db098874f288/detection
# Reference: https://www.virustotal.com/gui/file/3cc47aea39c48aa22fbf246f11cd4aaa8179efa48bb1c3e30fbf70541fe2cf87/detection

http://131.153.13.235
nid-naver.icu
nid-naver.xyz
nid-naver.site
nid-naver.download
nid-naver.blogg.host
nidnaver.cf
nidnaver.co
nidnaver.ml
secdownserv.com
nid-naver.secdownserv.com
acccounnts-gooqle.serveftp.com
acccounnts-qooqle.myvnc.com
acccounts-gocgle.serveftp.com
acccounts-google.onthewifi.com
acccounts-gooogle.servebeer.com
acccounts-gooogle.servemp3.com
acccounts-gooogle.servequake.com
acccounts-qooqle.serveftp.com
accoouunt-gooqle.servehttp.com
accounnts-google.3utilities.com
accounnts-google.onthewifi.com
accounnts-google.servequake.com
accounnts-gooogle.serveftp.com
accounnts-gooogle.servehttp.com
accounnts-gooogle.servepics.com
accounnts-qooqle.myvnc.com
accounnts-qooqle.serveftp.com
accounnts-qooqle.servequake.com
accounts-google.servemp3.com
accounts-google.servepics.com
accounts-gooogle.onthewifi.com
accounts2-gooogle.servebeer.com
accounts2-gooogle.servehttp.com
accouunnts-gooogle.servequake.com
accouunnts-goooqle.myvnc.com
accouunts-google.servegame.com
accouunts-google.servehttp.com
accouunts-google.servemp3.com
accouunts-googlsec.onthewifi.com
accouunts-gooogle.serveftp.com
accouunts-gooqle.servebeer.com
accouut-gooqle.serveftp.com
accouuts-googlsec.myvnc.com
accouuts-gooqle.servequake.com
accouuts-qooqle.myvnc.com
accouuts-qooqle.servepics.com
dwn.zapto.org
google-secs.ddnsking.com
gooogle-sec.ddnsking.com
gooqle.servequake.com
gsecurity.ddnsking.com
hvmeyq.viewdns.net
lntzz.hopto.org
myaccouunt-google.3utilities.com
pkkfbv.webhop.me
qokfqb.freedynamicdns.org
qooqle.ddnsking.com
rbmmkv.gotdns.ch
secservice.ddns.net
srvdown.ddns.net
uanoak.sytes.net
ugpfoe.freedynamicdns.org
wrdsj.bounceme.net

# Reference: https://app.validin.com/detail?find=79.133.57.36&type=ip4&ref_id=0989d8ab1a4#tab=resolutions

bitservercom.cfd
calendarserver.cfd
newsservercom.cfd
noteupdateserver.cfd
s10diaoioerqoiwueriooiqizer.buzz
s5zdoqueyaoizmdiqowoaiwse.buzz
serverooocom.cfd
ssiqoqyaizmdoaieots.buzz
tianserver.cfd

# Reference: https://app.validin.com/detail?find=173.211.46.158&type=ip4&ref_id=0989d8ab1a4#tab=resolutions

dataserveronline.cfd
matswolfserver.cfd
mydataserveronline.cfd
nonlineservicein.cfd
onlinekoniserver.cfd
onlineswolfserver.cfd
onlineswolfservice.cfd
policeservicecom.cfd
pswolfservice.cfd
ptotoservice.cfd
serveronlineinstall.site
serviceupdatemon.cfd
swolfserveroncony.cfd
swolfserveronkonycom.cfd
uawing977.cfd
updateservercom.cfd

# Reference: https://app.validin.com/detail?find=95.164.86.148&type=ip4&ref_id=0989d8ab1a4#tab=resolutions

aminnetworkstar.online
nitrogin.xyz
kh.aminnetworkstar.online
kharej.aminnetworkstar.online
server.aminnetworkstar.online

# Reference: https://app.validin.com/detail?find=79.110.52.198&type=ip4&ref_id=9984cef0f75#tab=resolutions

accounts2.download
help2.info
nid-naver.date
nid2-naver.online

# Reference: https://x.com/JangPr0/status/1831211999168196617
# Reference: https://www.virustotal.com/gui/file/fd2c6aa42264f7d555e4f1c8194f8c293ab02bc416e43b448cbd09912833d5cf/detection

/0821_pprbss/d.php

# Reference: https://x.com/byrne_emmy12099/status/1831236265599001062

communiquer.be/modules/mod_users_latest/src/Helper/0902_pprb/d.php
/0902_pprb/d.php

# Reference: https://x.com/byrne_emmy12099/status/1831591937310331065
# Reference: https://x.com/JangPr0/status/1834078674850906599
# Reference: https://www.virustotal.com/gui/file/57e9b7d1c18684a4e8b3688c454e832833e063019ed808fd69186c4e20df930a/detection

petssecondchance.larcity.dev
/modules/mod_custom/tmpl/andy/css.php
/modules/mod_custom/tmpl/kndu/dist.php

# Reference: https://x.com/byrne_emmy12099/status/1831827701814251742

mofa.bio

# Reference: https://wezard4u.tistory.com/429269
# Reference: https://www.virustotal.com/gui/file/b0963f531da46ce600c26de41c229edbf1cdf7389e0f998cfc8d9056f200a76d/detection
# Reference: https://www.virustotal.com/gui/file/bd017c642fcd0b46fb1201f22d395edbf16221ebbcb660f7329fb76067164d07/detection

hondes.getenjoyment.net

# Reference: https://www.virustotal.com/gui/ip-address/158.247.202.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/50.114.5.159/relations

appclouds.store
appstart.store
appview.site
appviewer.store
mail.appstart.store
wwwappa.appclouds.store
wwwicda.appclouds.store

# Reference: https://app.validin.com/detail?find=9497a1195f9ae6cc249b25131eab4b37&type=hash&ref_id=fe7abc05664#tab=host_pairs_v2
# Reference: https://app.validin.com/detail?find=9497a1195f9ae6cc249b25131eab4b37&type=hash&ref_id=de46da0d79e#tab=host_pairs (# 2025-07-24)

asanpolicy.lol
asdop.live
barpashop.ir
faorg.site
faraorg.store
hosek.club
jaylose.store
kishe.click
lkjhg.site
luckym.store
nmaveseo.lol
okiyho.store
qweop.site
resolveissue.org
rnofa.store
scorpmansday.site
securitycloud.store
sejongcloude.store
siekn.online
sogangteam.click
zxcop.store
kru2gs6007-r7l702-origin.zlongame.co.kr
mail.resolveissue.org
manage.barpashop.ir

# Reference: https://app.validin.com/detail?find=118.193.68.80&type=ip4&ref_id=6840f27ea05#tab=resolutions

bnxzcwdasde.top
drlopachildcare.com
fcklewc.top
muvkoec.cc
paj541.com
slh8.cn
wmvbh.space
xxdakuopra.top
xxdasjwqpe.top
xxdaskljpwq.top
xxdhsaowo.top

# Reference: https://app.validin.com/detail?find=27.255.81.107&type=ip4&ref_id=ca4b70e8eda#tab=resolutions

gooqle.com.co
namail.eu
accounts.gooqle.com.co
apis.gooqle.com.co
content.gooqle.com.co
myaccount.gooqle.com.co
play.gooqle.com.co
ssl.gooqle.com.co
youtube.gooqle.com.co

# Reference: https://app.validin.com/detail?find=27.255.81.109&type=ip4&ref_id=d08fd4e6a3e#tab=resolutions

naveer.r-e.kr
naven.n-e.kr
nhnlogin.kro.kr
nhnuser.r-e.kr
account.nhnlogin.kro.kr
mail.naveer.r-e.kr
mail.nhnuser.r-e.kr
nidlogin.naven.n-e.kr

# Reference: https://app.validin.com/detail?find=27.255.81.110&type=ip4&ref_id=d08fd4e6a3e#tab=resolutions

accoutatify.store
blogaccout.n-e.kr
ipapercloud.com
kakaoverify.lol
lorinsdbvnre.shop
navcaer.com
naveircorps.shop
nawercorp.store
nidclouds.com
nservicemail.online
severifyticate.store
ucloudpay.net
wonderstacks.com
mail.wonderstacks.com
ng.blogaccout.n-e.kr

# Reference: https://app.validin.com/detail?find=27.255.81.111&type=ip4&ref_id=d08fd4e6a3e#tab=resolutions

mycelp.store
myhelpp.store
mysecp.store
wemeng.store
cwtol.pe.kr
ktsp2.cwtol.pe.kr

# Reference: https://app.validin.com/detail?find=211.253.25.181&type=ip4&ref_id=7b4c4611581#tab=resolutions

vipchina.pe.kr
kts12.vipchina.pe.kr

# Reference: https://app.validin.com/detail?find=45.249.90.101&type=ip4&ref_id=7b4c4611581#tab=resolutions

cdn-naver.com
whocast.pe.kr
ktsp5.whocast.pe.kr
ssl2.cdn-naver.com

# Reference: https://app.validin.com/detail?find=45.249.90.107&type=ip4&ref_id=7b4c4611581#tab=resolutions

whocast2.pe.kr
ktsp7.whocast2.pe.kr

# Reference: https://app.validin.com/detail?find=158.247.200.44&type=ip4&ref_id=7b4c4611581#tab=resolutions

meconnect.info

# Reference: https://app.validin.com/detail?find=27.255.81.80&type=ip4&ref_id=fdbbb3cd229#tab=resolutions

fw388517.info
gudjqlo.shop
gvsdils.shop
gx191978.info
hr755982.info
iw943147.info
kz431311.info
navercorup.site
nbhfjg.online
nhbgvf.shop
nhgjb.online
njghhn.online
njgudd.shop
njhkmb.shop
njhuger.space
njkgvr.online
njkmb.online
njkuer.shop
nkgjhu.space
nmbvcr.shop
nmjhgt.space
nmjhkn.online
nodfvar.online
nvhfbg.shop
nvjsjer.online
nyvjer.online
service-info.co
webmanagger.info

# Reference: https://x.com/asdasd13asbz/status/1833383376658543001

drive-yonsei-ac-kr.bit-albania.com

# Reference: https://x.com/malwrhunterteam/status/1833248658831335691
# Reference: https://www.virustotal.com/gui/file/209f3ae75c872f204f7230f787662979edac2f26654e211778e349ec7e012311/detection

/0904_hck/d.php

# Reference: https://app.validin.com/detail?find=2555eeb04dcd940bcb6db530a0504da7&type=hash&ref_id=6840f27ea05#tab=host_pairs_v2

karaagego.com
packland7.asuscomm.com
packman.mydns.jp
payment.unsika.ac.id
wwwwwwwwxx.packman.mydns.jp

# Reference: https://x.com/malwrhunterteam/status/1805943410106225105
# Reference: https://app.validin.com/detail?find=216.107.137.73&type=ip4&ref_id=9bf3e886966#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/a65e1416735cefb370a04c01364a8816d284eb6b59e31150ddc235c4c059d275/detection

216.107.137.73:6516
adyw.shop
apolsx.online
asowesmc.store
eocdsol.xyz
hyunlaw.site
nialdosx.xyz
o3slc.shop
oawslx.xyz
olopsma.cloud
oolpasc.shop
ozaiku.shop
q7u8o0.online
qeoqwo.shop
qeowsc.site
qowlsga.online
sodlspa.shop
tolpa.shop
zioap.shop

# Reference: https://app.validin.com/detail?find=mx.naver.com&type=dom&ref_id=f49320ac47f#tab=dns

am0erpld.website
aopliofrdms.store
aqolsmcps.website
awelopsc.online
back-face.com
bocvg.website
brabnuio.online
golchalst.store
kiuk.shop
kopldc.website
l0psmx9cls.online
loapssmcix.site
loasom890.shop
loomnb.shop
lophjc.store
m90kpl.site
maps03lx.shop
masterbank.org
monolpscwoe.online
mp-sloa.store
niclc0rp.icu
nodndvnpcmqx.cloud
nodplsa.icu
nolibo.icu
olidmslciwo.icu
oloolo4.site
olpa-msok.store
omzplai2bo.store
opldialc.site
opm9dm.cloud
opqlaodb.site
opsscos.site
osaedop.site
poeratoe.site
polnmcufs.online
qiloq.store
qolpamcb.shop
rodop.store
sadpor.shop
so-pola.cloud
solp-mcn.online
soomk90.website
uslodma.cloud
vocmo.shop
vuiol.cloud
wleos.shop
x0lspcoo.website
x0plsm.site
yolpfjc.site

# Reference: https://app.validin.com/detail?find=79.133.51.174&type=ip4&ref_id=fce6632dac6#tab=resolutions

aloicps.online
aplosm.store
cafemolsop.store
capneno.shop
holui.shop
llopsmi.cloud
mailnicorp.shop
maisevr.tech
mallnalvec.fun
mebvop.online
melomp.shop
memcocp.site
meoslpx.online
milomac.cloud
mlopmooox.store
mopkxsb.shop
mxopl.site
nacc.store
nailcorp.autos
nicmalloc.store
nidcorpev.online
nidnavrcop.tech
nidscorp.website
nobol.store
nodlpamm.site
nolglok.store
olpls.cloud
oprls.shop
opsld.site
pelom.cloud
qmloas.website
safelcg.tech
secpldo.store
soplr.online
speolacn.site
splaos.site

# Reference: https://x.com/StrikeReadyLabs/status/1834412449291706503
# Reference: https://www.virustotal.com/gui/file/e0b4e3f7d35c182ca48c49c635138ab343c4415dae32a086ba19c0ecaf41936e/detection
# Reference: https://www.virustotal.com/gui/file/01c3e4114427cce7ab6bf90cfa72164a8cfd37dcadddb69817c31679e12fd263/detection

serverprotect.online
captcha.serverprotect.online

# Reference: https://x.com/JangPr0/status/1835682416738054190
# Reference: https://www.virustotal.com/gui/file/c4aba442d881cfa112fe3a6b1d2381b089cbe163828cfdb2d57abba95737a07d/detection
# Reference: https://www.virustotal.com/gui/file/963af57641c094df6b5656552daaafd5ced0a1435261e612a4640604d023ebca/detection
# Reference: https://www.virustotal.com/gui/file/41cf6298a41c27357ee5f70d8cd1c0bd48698fc30c4255fad6a91798286e5229/detection

64.49.14.181:7031
64.49.14.181:7032
64.49.14.181:8014

# Reference: https://x.com/0xmh1/status/1835900052679872688

member-apples.info

# Reference: https://x.com/eastside_nci/status/1836494626489774188
# Reference: https://app.validin.com/detail?find=1.214.206.78&type=ip4&ref_id=0d6a8e1c204#tab=resolutions

lnvoice.r-e.kr
nidiogln.o-r.kr
nidiogln.p-e.kr
nldiogin.o-r.kr

# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.101/relations
# Reference: https://app.validin.com/detail?type=ip&find=154.90.63.101#tab=resolutions

fsc-notify.site
lnkedein.site
notion-notify.site
crfjpocslgdjmf6ddui0.ntscustoms.store
emv1.kdca.site
htp-out.wetax-pay.online
http-naver.hometaxctrl.online
http-naver.wetax-pay.online
http-out.wetax-notice.site
http-out.wetax-pay.online
http-out.wetax-pay.site
http-relay.wetax-notice.space
https-naver.hometaxctrl.online
https-naver.wetax-pay.online
https-out.wetax-notice.site
https-out.wetax-pay.online
https-out.wetax-pay.site
https-relay.wetax-notice.space
hxxp-naver.wetax-pay.online
hxxp-out.wetax-notice.site
hxxp-out.wetax-pay.online
hxxp-out.wetax-pay.site
hxxp-relay.wetax-notice.space
hxxps-naver.wetax-pay.online
hxxps-out.wetax-notice.site
hxxps-out.wetax-pay.online
hxxps-out.wetax-pay.site
hxxps-relay.wetax-notice.space
naver.wetax-pay.store
out.wetax-pay.site
smtp.wetax-pay.site

# Reference: https://x.com/byrne_emmy12099/status/1838137788870570058
# Reference: https://app.validin.com/detail?find=66.57.33.100&type=ip4&ref_id=c170e72b192#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/6aa86e6c5ca97af149bf22c4deb7b0456727a4c5e67b508c9518e8c8e1b79795/detection

ermisco.online
mngrdp.site
admin.mngrdp.site

# Reference: https://www.virustotal.com/gui/ip-address/45.14.246.53/relations

mxportal.p-e.kr
login.mxportal.p-e.kr

# Reference: https://x.com/0xmh1/status/1838474248182206942
# Reference: https://x.com/byrne_emmy12099/status/1838481636889116709

sqiesbob.com
evangelia.edu/img/503/doc/d.php

# Reference: https://x.com/eastside_nci/status/1838687293214757165
# Reference: https://www.virustotal.com/gui/ip-address/91.194.160.13/relations

apple-stores.shop
iclouad.store

# Reference: https://x.com/byrne_emmy12099/status/1838719300288512213
# Reference: https://www.virustotal.com/gui/file/fd65c7a42458d05219cd6dad15b8ba28712a2d52e2f10a2060341aa03aedbab8/detection

http://121.66.72.110
121.66.72.110:8000
69.10.133.141:8000
ads.kseme.kro.kr
dkwis.kro.kr
gagos.genmobon.kro.kr
genmobon.kro.kr
kiskmain.kro.kr
kseme.kro.kr
main.dkwis.kro.kr
newrdp.kro.kr
rdp.newrdp.kro.kr
remotemng.site
sertme.kiskmain.kro.kr
/0918_uri_skle/dksleks?na=
/0918_uri_skle/dksleks
/0918_uri_skle/dksdlf?na=
/0918_uri_skle/dksdlf
/0918_uri_skle/
/dksleks
/dksdlf

# Reference: https://x.com/0xmh1/status/1839173077818814740
# Reference: https://x.com/0xmh1/status/1839463862057439266
# Reference: https://www.virustotal.com/gui/ip-address/101.36.114.91/relations

cagebye.store
kinhos.online
narasima.store
pollario.store
radiofreeasia.blog
rfa.lol
rfatotal.one
seoulforum.store
unorg.store
ww12.rfa.lol

# Reference: https://x.com/Syndikalist/status/1839580890961252849
# Reference: https://search.censys.io/hosts/167.88.170.199

drive-viewer.online
documents.drive-viewer.online
ns1.drive-viewer.online
ns2.drive-viewer.online

# Reference: https://x.com/byrne_emmy12099/status/1839419824595952066
# Reference: https://www.virustotal.com/gui/file/342c285efb8798fcba80d695cafc9ae1e097cecc72e01f25df85e4210e9fd638/detection

atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/denyhg.php
atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/dfef.php
atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/dvbhe.php
atlanwelt.de/modules/mod_articles_category/tmpl/0910_simba/dvfh.php
/0910_simba/
/0910_simba/denyhg.php
/0910_simba/dfef.php
/0910_simba/dvbhe.php
/0910_simba/dvfh.php

# Reference: https://x.com/byrne_emmy12099/status/1839697468625494142
# Reference: https://x.com/byrne_emmy12099/status/1899789292026962067
# Reference: https://www.virustotal.com/gui/ip-address/103.76.228.204/relations

http://103.76.228.204
103.76.228.204:443
absera.p-e.kr
eislef.r-e.kr
ioes.kro.kr
watsme.kro.kr
aos.watsme.kro.kr
erts.absera.p-e.kr
opes.eislef.r-e.kr
soe.ioes.kro.kr
/0304_pprb/d.php
/0905_pprb/d.php
/0304_pprb/
/0905_pprb/

# Reference: https://x.com/blackorbird/status/1839610696113459551
# Reference: https://x.com/Syndikalist/status/1839922986591101192
# Reference: https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/

bitjoker2024.000webhostapp.com

# Reference: https://app.validin.com/detail?find=158.247.215.96&type=ip4&ref_id=4bd84937ada#tab=resolutions
# Reference: https://app.validin.com/detail?find=84.246.85.175&type=ip4&ref_id=40e6ef58f0c#tab=resolutions

kfshop.lol
ncorpmail.site
ncorpservice.site
ncservice.site
nmailteam.site
npalarm.store
npmails.site
npmanage.site
npnote.site
npsec.site
npsecure.store
npview.site
nviews.site
nviewsec.site
nwebmailcheck.site
nwebmails.site
nwebmans.store
nwebstay.store
nwebview.store
susi-susi.site
vpn.kfshop.lol

# Reference: https://app.validin.com/detail?find=89.187.28.147&type=ip4&ref_id=3503e360c03#tab=resolutions

applesec.site

# Reference: https://app.validin.com/detail?find=154.90.63.209&type=ip4&ref_id=9894aec55a6#tab=resolutions

bdasugiofahf.top

# Reference: https://app.validin.com/detail?find=156.244.19.95&type=ip4&ref_id=4a136f9cbb0#tab=resolutions

applcs.cloud

# Reference: https://app.validin.com/detail?find=192.121.162.82&type=ip4&ref_id=cd9d3bec7bc#tab=resolutions
# Reference: https://app.validin.com/detail?find=194.68.27.24&type=ip4&ref_id=cd9d3bec7bc#tab=resolutions

applesec.info
members-apple.com
s-clouds.top

# Reference: https://x.com/unpacker/status/1840575374939549769
# Reference: https://www.virustotal.com/gui/ip-address/67.217.60.68/relations
# Reference: https://app.validin.com/detail?type=ip&find=67.217.60.68#tab=resolutions

pkzz.org
bigfile.pkzz.org
cloud.adoubleu.de
linkdin.o-r.kr
downloadimage.mooo.com
accouts.linkdin.o-r.kr
share-defence.ohbah.com
share-defence.verymad.net

# Reference: https://app.validin.com/detail?find=74.48.150.189&type=ip4&ref_id=36d8005fa39#tab=resolutions

kerasin.store
telecomtm.life

# Reference: https://app.validin.com/detail?find=202.131.233.167&type=ip4&ref_id=a37a70f2294#tab=resolutions

ipinst.store
janskinmn.lol
japanmofa.co
pdfstore.store
somal.shop
somelmark.store
view-hwp.kro.kr
my.view-hwp.kro.kr

# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=services.banner_hashes%3D+%60sha256%3Afc773ddd38bdea1da844a4da0966438408d738b7600a42dfb8afd598ebfcb2e7%60

nmailsrv.site
nsecsupport.site

# Reference: https://x.com/Huntio/status/1840711527927849053
# Reference: https://app.validin.com/detail?type=ip&find=158.247.206.36#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=158.247.254.187#tab=resolutions

01onlinen.cfd
02onlinen.cfd
03onlinen.cfd
04onlinen.cfd
05onlinen.cfd
06onlinen.cfd
07onlinen.cfd
08onlinen.cfd
09onlinen.cfd
10onlinen.cfd
11onlinen.cfd
12onlinen.cfd
13onlinen.cfd
14onlinen.cfd
15onlinen.cfd
16onlinen.cfd
17onlinen.cfd
18onlinen.cfd
19onlinen.cfd
20onlinen.cfd
21onlinen.cfd
22onlinen.cfd
23onlinen.cfd
24onlinen.cfd
25onlinen.cfd
26onlinen.cfd
27onlinen.cfd
28onlinen.cfd
29onlinen.cfd
30onlinen.cfd
activegserver.store
activeonlineserver.store
activeserviceonline.store
aliveonlinerecover.store
aliveonlineserver.store
alivesiteserver.store
cancelrecoveronline.store
cancelrecoverservice.store
comrecoverserver.store
enter01aaa6n4xxz.cfd
enter02aaa69seoh.cfd
enter03aaahrm3hy.cfd
enter04aaa1t3nqv.cfd
enter05aaapsicia.cfd
enter06aaal9x4d5.cfd
enter07aaat95u3r.cfd
enter08aaa6q7vqq.cfd
enter09aaal1s3p6.cfd
enter10aaadopee9.cfd
enter11aaanjwhp8.cfd
enter12aaamf92xb.cfd
enter13aaaznk4ed.cfd
enter14aaa9a1i4g.cfd
enter15aaaq4958f.cfd
enter16aaajlqvtk.cfd
enter17aaa77ujds.cfd
enter18aaaphyjfc.cfd
enter19aaa4cfx1c.cfd
enter20aaab1b7zd.cfd
enter21aaa0ub39z.cfd
enter22aaaklr7pf.cfd
enter23aaaqijf8o.cfd
enter24aaakt709e.cfd
enter25aaa9tdhus.cfd
enter26aaajw0tvl.cfd
enter27aaavr3494.cfd
enter28aaaradcbl.cfd
enter29aaaowevvu.cfd
enter30aaainq4u3.cfd
enter31aaartpxk6.cfd
enter32aaa4wncrs.cfd
enter33aaagwfnqd.cfd
enter34aaabuj3zn.cfd
enter35aaadobseq.cfd
entergonlinerecover.store
enteronlinerecover.store
enterrecoveronline.store
enterrecoverservice.store
grecoveronlineservice.store
onactivereqonlinecom.store
onlineactiverequest.store
onlinelivecom.store
onrequestserver.store
recmaservice.store
recserviceonline.store
req01avziemzc.cfd
req02ajajznvzc.cfd
req03jjmnzccv.cfd
req04zovbnzc.cfd
req05iiizncccla.cfd
req06jaivnzccc.cfd
reqons01hyush2.cfd
reqons02eg7dr9.cfd
reqons037610nq.cfd
reqons045e5yxs.cfd
reqons05bj9vy5.cfd
reqons0623oplv.cfd
reqons07n7qmfd.cfd
reqons08274jg0.cfd
reqons09maqun7.cfd
reqons10hapwp4.cfd
reqons11y48b0e.cfd
reqons121gdvu5.cfd
reqons1385xxp9.cfd
reqons140x6gym.cfd
reqons15u54pc6.cfd
reqons165ecpq9.cfd
reqons17wmxeqf.cfd
reqons18lblnyp.cfd
reqons19xtcqwf.cfd
reqons202gokmp.cfd
requsetliveserver.store
sendactiverequest.store
sendreqestonline.store
serverrecoveronline.store
servicegaccount.store
servicegonline.store
sirecoverserver.store
siteaccountlive.store
sitealivecomservice.store
sitealiveserver.store
siteonlinerecover.store
siteonlinerecovercom.store
siterecoveronline.store
siterecoverservice.store
soactivecomserver.store
stawb01gn0wis.cfd
stawb02np9xva.cfd
stawb03jsf615.cfd
stawb04sgrzfj.cfd
stawb05zfelp0.cfd
stawb06w44vp6.cfd
stawb0793wkzx.cfd
stawb086n5nqp.cfd
stawb091onxxc.cfd
stawb10thx69e.cfd
stawb11zibyxr.cfd
stawb12rxy4od.cfd
stawb13hhjij2.cfd
stawb144fh5z4.cfd
stawb15q9x8mb.cfd
stawb16d9jor9.cfd
stawb177t52b8.cfd
stawb18nkj77h.cfd
stawb192yt6zm.cfd
stawb207dusgy.cfd
stawb21bl4qrm.cfd
stawb22kneus3.cfd
stawb23hliaul.cfd
stawb24u70y20.cfd
stawb25nl3bq9.cfd
stawb26bs0nww.cfd
stawb277jl796.cfd
stawb28ie0uhc.cfd
stawb29dwc8kw.cfd
stawb30vrdi53.cfd
stawb31ps6gs1.cfd
stawb320csitg.cfd
stawb33m9tcia.cfd
stawb34ryer9k.cfd
stawb35vlu7za.cfd
stawb368logok.cfd
stawb37ur1b3o.cfd
stawb38bn6i55.cfd
stawb39p3o67w.cfd
stawb403v9zdu.cfd
stawb416tr4on.cfd
stawb42dz14p5.cfd
stawb43dnnytx.cfd
stawb4472ekh2.cfd
stawb45ytmrej.cfd
stawb466scgiy.cfd
stawb474p5wpx.cfd
stawb48han4hk.cfd
stawb4908udlz.cfd
stawb50e92u4m.cfd
useactiveonline.store
visitghostingonline.store
visitghostingserver.store
visitghostserver.store
visitrecoverserver.store

# Reference: https://www.virustotal.com/gui/ip-address/114.55.89.54/relations

http-nid.naverc0rp.com
http-nidiogin.naverc0rp.com
http-nidlogin.naverc0rp.com
http-www.naverc0rp.com
https-nid.naverc0rp.com
https-nidiogin.naverc0rp.com
https-nidlogin.naverc0rp.com
https-www.naverc0rp.com

# Reference: https://x.com/byrne_emmy12099/status/1841807065330893123
# Reference: https://x.com/StrikeReadyLabs/status/1842160937358278796
# Reference: https://www.virustotal.com/gui/file/aaecb10ca453bec3bb95bedac6d773a593ea984509845eb7b15d8894d4b385ad/detection
# Reference: https://www.virustotal.com/gui/file/e4062c414dde41e9d50ea6fcdda096d79afdf9d99ef8b5c27a0fd8e75e05edd1/detection

206.206.127.152:7031
206.206.127.152:7032
206.206.127.152:9002
206.206.127.152:9027

# Reference: https://x.com/MichalKoczwara/status/1841893397461877222
# Reference: https://www.virustotal.com/gui/ip-address/154.90.63.72/relations

flyasian.online
korean-air.cloud
nts-app.cloud
nts-mail.cloud
ntshomes.info
ntshomes.store
ntsinf.cloud
ntsxapp.site
wetaxio.site
wetaxio.store
cc.nts-mail.cloud
korea11.2x1.top
korea22.2x1.top
lcs.nts-mail.cloud
lcs.ntsxapp.site
naver.korean-air.cloud
naver.nts-mail.cloud
naver.ntsxapp.site
naver.wetaxio.site

# Reference: https://x.com/lazarusholic/status/1842014336791019890
# Reference: https://www.genians.co.kr/blog/threat_intelligence/blueshark

cafe24.pro
dh00386.com
jinsungm.com
lopin.space
mailplug.shop
nzzstore.site
plutg.shop
poiuyt.store
temuco.xyz
mail.poiuyt.store

# Reference: https://www.virustotal.com/gui/ip-address/52.177.14.24/relations

http-accounts.fixcool.net
http-all.com-password.link
http-nid.moue.naver-active.online
http-nid.naver-active.online
http-nid.neaply.naver-active.online
http-pood.navers.com-password.link
http-www.fixcool.net
http-www.nid-login.com
http-www.o365.fixcool.net
http-www.smtper.org
https-accounts.fixcool.net
https-all.com-password.link
https-moue.naver-active.online
https-mybox.com-password.link
https-navors.com-password.link
https-neaply.naver-active.online
https-nid.moue.naver-active.online
https-nid.naver-active.online
https-nid.neaply.naver-active.online
https-pood.navers.com-password.link
https-www.fixcool.net
https-www.nid-login.com
https-www.o365.fixcool.net
https-www.smtper.org

# Reference: https://x.com/eastside_nci/status/1843741402775404590
# Reference: https://search.censys.io/hosts/5.253.41.86

iclodues.store
iclodus.info
userscheck.com
apple.iclodus.info

# Reference: https://x.com/0xmh1/status/1843884882055049690

delivrto.me
files.delivrto.me
/wp-content/plugins/health-check/pages/gorgon1/d.php

# Reference: https://x.com/eastside_nci/status/1829413694323020040
# Reference: https://app.validin.com/detail?find=23.27.202.204&type=ip4&ref_id=5b9e1c020c1#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=63.250.44.85#tab=resolutions
# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=services.banner_hashes%3D%22sha256%3A14309ae76fa5485d6498b8cda9c17e4f9e0e0a58a4fe98c47656b80bc5e6bc09%22

arabia.reviews
cj7778.top
docstore.n-e.kr
docstore.p-e.kr
workcenter.p-e.kr
my.docstore.n-e.kr
my.docstore.p-e.kr
nid.workcenter.p-e.kr
kemop.cj7778.top
ccc.mdr-dns.ddns.net
cs.moi.gov.sa.waps.bio
crt.wtf
cvc.services
dnss.world
prttcol.world
waps.bio
gov.sa.crt.wtf
gov.sa.dnss.world
gov.sa.prttcol.world
gov.sa.waps.bio
mdr-dns.ddns.net
mo.moi.gov.sa.crt.wtf
mofa.gov.sa.crt.wtf
mofa.gov.sa.dnss.world
mofa.gov.sa.waps.bio
moi.gov.sa.crt.wtf
moi.gov.sa.dnss.world
moi.gov.sa.prttcol.world
moi.gov.sa.waps.bio
mw.moi.gov.sa.crt.wtf
pro.visa.mofa.gov.sa.dnss.world
prote.moi.gov.sa.dnss.world
protection.moi.gov.sa.dnss.world
sa.crt.wtf
sa.dnss.world
sa.prttcol.world
sa.waps.bio
saudi.arabia.reviews
scs.visa.mofa.gov.sa.dnss.world
visa.mofa.gov.sa.crt.wtf
visa.mofa.gov.sa.dnss.world
visa.mofa.gov.sa.waps.bio

# Reference: https://www.virustotal.com/gui/ip-address/64.20.49.246/relations
# Reference: https://www.virustotal.com/gui/file/190306e4f45b68c981af01b203ef67a58b1c503a82d66c98d57af8b7841cc124/detection

hell0world.r-e.kr
download.hell0world.r-e.kr

# Reference: https://x.com/TLP_R3D/status/1844803543267471606
# Reference: https://urlscan.io/search/#hash%3A9b43f670273b6a12b2b6894a9e29157c1859717594e98ccc5fb3eea05e71f4ed

accountskk.certuser.info
dneros.usage.store
emv1.kakaoaccouts.store
fneros.usage.store
googlmeil.com
kakao.com.cm
komale.eu
kr-sw.serverinfo.site
live-kr.com
mailcorp.center
main.in.net
natemail.info
oncloudvip.eu
poseides.store
serverinfo.site
toauthman.biz
yahoo-jp.center

# Reference: https://x.com/0xmh1/status/1844650735746810362
# Reference: https://app.validin.com/detail?type=ip&find=158.247.217.236#tab=resolutions

apporigin.store
appstoragesdkorg.store
kedocfollow.store
kedoctome.store
kerelateall.store
kerelativemoon.store
kesdos.xyz
keucis.beauty
kobookall.store
koedocmens.store
koedocserve.store
koservdocs.store
sellura.store
siedsocs.lat

# Reference: https://x.com/TLP_R3D/status/1844759980676694030
# Reference: https://app.validin.com/detail?find=45.125.64.221&type=ip4&ref_id=b92a81ed464#tab=resolutions
# Reference: https://app.validin.com/detail?find=156.244.19.95&type=ip4&ref_id=b92a81ed464#tab=resolutions

appallus.store
applcs.site
applecenter.cloud
goocglc.cloud
goolgc.cloud
goolgce.cloud
goolgcs.cloud
goolges.cloud
lotteonbellygom.top
ntsxapp.cloud

# Reference: https://app.validin.com/detail?find=141.164.51.224&type=ip4&ref_id=16907679d5c#tab=resolutions

brookingauth.store
interbate.store
utilitauth.store

# Reference: https://app.validin.com/detail?type=ip&find=45.125.67.250#tab=resolutions

bananabuffet.store
hwmailchn.p-e.kr

# Reference: https://app.validin.com/detail?find=156.244.19.175&type=ip4&ref_id=35117e21469#tab=resolutions

myboxapp.online
nts-app.online
nts-app.shop
nts-mails.cloud
nts-main.cloud
nts-news.cloud
nts-notify.cloud
ntsapp.icu
ntsapplication.cloud
ntsapps.cloud
ntsapps.icu
ntsemail.icu
ntsgov-kr.cloud
ntsgov.cloud
ntshelp.shop
ntshome-kr.cloud
ntshometax.cloud
ntsinfrom.cloud
ntskor.cloud
ntslawfirm.cloud
ntsmail.icu
ntsmails.icu
ntsnews.shop
ntsposting.icu
ntstaxes.icu
ntsxmail.shop
ftp.myboxapp.online

# Reference: https://x.com/eastside_nci/status/1847785065935192113
# Reference: https://search.censys.io/hosts/107.189.15.105
# Reference: https://search.censys.io/hosts/107.189.16.65
# Reference: https://www.virustotal.com/gui/ip-address/107.189.15.105/relations

107.189.16.65:3389
airportcloseindoor.site
appleplus.shop
ecolekeonig.top
file-explorer-aerocenter.org
flip3doc-33.org
gyvan3-ppfhg.link
h3-yzk3we.top
mintaliked.link
present-info.org
schulen-horw.com
securitymid.com
shelby-cp-ecole.org
topseven.top
vinetro.info
wrightechltd.link
invoice.securitymid.com
itamaraty.securitymid.com
maver.securitymid.com
nidlogin.securitymid.com
outlook.securitymid.com

# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=services.banner_hashes%3D%22sha256%3A813ca5c780472f08bc50280e8e646e0b8b454bc33bd82e7188e921b673e5970d%22&cursor=eyJhbGciOiJFZERTQSJ9.eyJub25jZSI6ImEvaXlqSFhHc205NHhTelJoOStpK1c1V0RVS0lKYUhIQ3RYZXMxRXE5Y0kiLCJwYWdlIjo2LCJyZXZlcnNlZCI6ZmFsc2UsInNlYXJjaF9hZnRlciI6WzE0LjMzMDk0NCwxNzI5MjAzMjA4MzgyLCIxNTguMjQ3LjIzOC4xNTUiLCI4OW5zZXJ2ZXJjYy5jZmQiXSwic29ydCI6W3siX3Njb3JlIjp7Im9yZGVyIjoiZGVzYyJ9fSx7Imxhc3RfdXBkYXRlZF9hdCI6eyJtaXNzaW5nIjoiX2xhc3QiLCJtb2RlIjoibWluIiwib3JkZXIiOiJkZXNjIn19LHsiaXAiOnsibWlzc2luZyI6Il9sYXN0IiwibW9kZSI6Im1pbiIsIm9yZGVyIjoiYXNjIn19LHsibmFtZS5fX3JhdyI6eyJtaXNzaW5nIjoiX2xhc3QiLCJtb2RlIjoibWluIiwib3JkZXIiOiJhc2MifX1dLCJ2ZXJzaW9uIjoxfQ.NUQJAealZkovLjlkSJAbTi3vLwoK7UZjGaYrIynbBemft5VWMu9mh6qWxq_h80G6MuEVPSFJSLMnkWJ5Go9wCQ

059879e5-b2e8-4f58-aa46-95f69d92aa34.random.onlinenhiscomservice.store
2c8b3f19-0325-4acc-a3dd-31a918e4dbf5.random.enternhisserver.store
33nservercc.cfd
51nservercc.cfd
55nservercc.cfd
57nservercc.cfd
58nservercc.cfd
61nservercc.cfd
62nservercc.cfd
63nservercc.cfd
64nservercc.cfd
65nservercc.cfd
67nservercc.cfd
68nservercc.cfd
70nservercc.cfd
71nservercc.cfd
72nservercc.cfd
75nservercc.cfd
76nservercc.cfd
77nservercc.cfd
78nservercc.cfd
79nservercc.cfd
80nservercc.cfd
81nservercc.cfd
82nservercc.cfd
83nservercc.cfd
84nservercc.cfd
85nservercc.cfd
86nservercc.cfd
87nservercc.cfd
88nservercc.cfd
89nservercc.cfd
90nservercc.cfd
94nservercc.cfd
952cd7f5-55c2-472f-bc9d-08487ef75661.random.fornmailcorphost.store
952cd7f5-55c2-472f-bc9d-08487ef75661.random.nvcees.xyz
95nservercc.cfd
96nservercc.cfd
97nservercc.cfd
98nservercc.cfd
99nservercc.cfd
activemail.store
bgptools-wildcard-confirmed.enternhisserver.store
bgptools-wildcard-confirmed.onlinenhiscomservice.store
censslwasonline.site
ep02dhldzmeijbjyx.sbs
ep03faobgtnvptsdx.sbs
ep07wnxpbesobcpzz.sbs
ep08yurnxpioiwjvg.sbs
ep09njaxmhnlypaql.sbs
ep13gktcdodbtdxhx.sbs
ep19zwxltasmhvkgn.sbs
ep23skcdmsriziyuj.sbs
ep24vvrehjgldphit.sbs
ep25nsmmbqzvbcrhm.sbs
ep26woknuxksemquw.sbs
ep30pgtlsycprnroh.sbs
everyconnect.store
fnsc-law.info
fornmailcorphost.store
fornmailcorphosting.store
fornmailcorponline.store
fornmailcorpserver.store
fornmailcorpservice.store
fornmailserver.store
hostnmailcorpserver.store
hostnmailcorpservice.store
hostnmailserver.store
invesslonlinesite.store
neallisewell.site
neallowseal.site
nehappyday.site
nepopup.site
netimeline.site
neweblove.site
nextonlinecom.store
nhaihis.site
nhbook.site
nhhaowell.site
nhhopesee.site
nhwelldone.site
niadinweb.site
nicheck.site
niprogress.site
nitiemesend.site
nkfaraway.site
nkfindme.site
nkforever.site
nksnow.site
nktakeme.site
nuaccounts.site
nunu2.tv
nunu3.tv
nurepair.site
nuserviser.site
nuwebmin.site
onlinehostnmail.store
onlinehostnmailcorp.store
onlinehostnmailserver.store
onlinehostnmailservice.store
onlinenextserver.store
onlinenhiscomservice.store
onlinenhisserver.store
random.enternhisserver.store
random.fornmailcorphost.store
random.nvcees.xyz
random.onlinenhiscomservice.store
rnoeuvivzsonvmrunvzteakvziiou.site
safeallowsite.store
sigcallonline.site
signnextserver.site
tnzcallsig.site
visitnhisonline.store
vvianxomvnzvfnrowdenfa.site

# Reference: https://hunt.io/blog/dprk-phishing-targets-naver-apple-domain-spoofing
# Reference: https://app.validin.com/detail?find=158.247.238.155&type=ip4&ref_id=620b77cfe73#tab=resolutions

http://158.247.238.155
158.247.238.155:443
01nservercc.cfd
02nservercc.cfd
03nservercc.cfd
04nservercc.cfd
05nservercc.cfd
06nservercc.cfd
07nservercc.cfd
08nservercc.cfd
09nservercc.cfd
100nservercc.cfd
10nservercc.cfd
11nservercc.cfd
12nservercc.cfd
13nservercc.cfd
14nservercc.cfd
15nservercc.cfd
16nservercc.cfd
17nservercc.cfd
18nservercc.cfd
19nservercc.cfd
20nservercc.cfd
21nservercc.cfd
22nservercc.cfd
23nservercc.cfd
24nservercc.cfd
25nservercc.cfd
26nservercc.cfd
27nservercc.cfd
28nservercc.cfd
29nservercc.cfd
30nservercc.cfd
31nservercc.cfd
32nservercc.cfd
34nservercc.cfd
35nservercc.cfd
36nservercc.cfd
37nservercc.cfd
38nservercc.cfd
39nservercc.cfd
40nservercc.cfd
41nservercc.cfd
42nservercc.cfd
43nservercc.cfd
44nservercc.cfd
45nservercc.cfd
46nservercc.cfd
47nservercc.cfd
48nservercc.cfd
49nservercc.cfd
50nservercc.cfd
52nservercc.cfd
53nservercc.cfd
54nservercc.cfd
56nservercc.cfd
59nservercc.cfd
60nservercc.cfd
66nservercc.cfd
69nservercc.cfd
73nservercc.cfd
74nservercc.cfd
91nservercc.cfd
92nservercc.cfd
93nservercc.cfd
akeboancall.site
allowsafesigcall.store
bista.rest
coolfun.xyz
daibn.pics
fomdtw5.preview.coolfun.xyz
fpas.rest
fwqqgfkomdtw5.getx.cafe
getx.cafe
hostingnhislogin.store
hostnmailservice.store
img.getx.cafe
mail.pomabrush.vip
mntia-docu.pics
nextjson0190a4qk.cfd
nextjson02c4ey1s.cfd
nextjson0389pgss.cfd
nextjson04d5587j.cfd
nextjson053mn2sl.cfd
nextjson06sdusda.cfd
nextjson076dk23t.cfd
nextjson085vn0zu.cfd
nextjson098qomdl.cfd
nextjson107herr0.cfd
nextjson114qh7h7.cfd
nextjson12xie0xi.cfd
nextjson13wtacjr.cfd
nextjson14znq3ph.cfd
nextjson15ioqi5r.cfd
nextjson165r2k1r.cfd
nextjson17ulip99.cfd
nextjson18a53hel.cfd
nextjson19rrlk2a.cfd
nextjson20u2cpz2.cfd
pomabrush.vip
preview.coolfun.xyz
rokis.bond
stia-view.hair
tz9jhsx2xfeur.getx.cafe
vcc019vy500jd0c.cfd
vcc02clan23u2zm.cfd
vcc03e58xzbnkrr.cfd
vcc04rnyphdascj.cfd
vcc05uku9x2ypld.cfd
vcc0644609bkquu.cfd
vcc07vo082wd0tl.cfd
vcc08q4ecdof91x.cfd
vcc098sl1p81yyi.cfd
vcc104ddykbn0m2.cfd
vcc111yllwppsts.cfd
vcc12gmfwxpfrwy.cfd
vcc13c299bj3c3p.cfd
vcc14fpfw7nahxq.cfd
vcc152mmjqaxhj8.cfd
vcc1600dkfakand.cfd
vcc1725u00fueij.cfd
vcc18cqsaybx5vh.cfd
vcc1954wdr9niim.cfd
vcc200pprldzu80.cfd
vcc21hi1i2enpyq.cfd
vcc22ezxibhxb4n.cfd
vcc23hp99prk7sf.cfd
vcc249sv865tkxu.cfd
vcc25cz3pmmtzof.cfd
vcc269ajbinfaf9.cfd
vcc27y7lg7yk2gf.cfd
vcc28wwnj7c14vs.cfd
vcc29rhlk0m9sra.cfd
vcc3049dpo7my7g.cfd
vcc31h61wr7rdfq.cfd
vcc325ps8o1bvq4.cfd
vcc339t6l0yy9il.cfd
vcc348ot34o89y7.cfd
vcc35ai58zrybff.cfd
vcc36hhg6o68fkr.cfd
vcc37lt8xq1xyes.cfd
vcc38n1f4rj83aa.cfd
vcc392yy9upmexh.cfd
vcc40eq4rq81zxc.cfd
vcc41v6j5pzpcfl.cfd
vcc4211b70cemu1.cfd
vcc43os8ky66ucd.cfd
vcc44vwdwidobf1.cfd
vcc45fuy4quyfxg.cfd
vcc46awgib96xxx.cfd
vcc47lsnp1v7ebv.cfd
vcc48485tfvvdfn.cfd
vcc49bh2q15j9lq.cfd
vcc50w96lvad9xk.cfd
vcc51y95co7modt.cfd
vcc52b5kgisskco.cfd
vcc53m0xrjoitqx.cfd
vcc54y015dmgwsd.cfd
vcc550ogs9ho3im.cfd
visitnhisserver.store

# Reference: https://hunt.io/blog/dprk-phishing-targets-naver-apple-domain-spoofing
# Reference: https://app.validin.com/detail?find=154.221.29.102&type=ip4&ref_id=10fae19e805#tab=resolutions
# Reference: https://app.validin.com/detail?find=185.239.0.40&type=ip4&ref_id=aad29970d48#tab=resolutions
# Reference: https://app.validin.com/detail?find=185.239.0.42&type=ip4&ref_id=759c41538ff#tab=resolutions
# Reference: https://app.validin.com/detail?find=185.239.0.43&type=ip4&ref_id=759c41538ff#tab=resolutions
# Reference: https://app.validin.com/detail?find=5.63.23.83&type=ip4&ref_id=4578c0d4fbe#tab=resolutions
# Reference: https://app.validin.com/detail?find=84.47.233.82&type=ip4&ref_id=759c41538ff#tab=resolutions
# Reference: https://app.validin.com/detail?find=84.47.233.83&type=ip4&ref_id=06b0cd20ba8#tab=resolutions
# Reference: https://app.validin.com/detail?find=84.47.233.84&type=ip4&ref_id=759c41538ff#tab=resolutions

appleplus.info
appleplus.online
appleplus.pro
appleplus.sbs
appleplus.site
appleplus.space
appleplus.store
appleplus2.site
dnbaletmigardam.top
ecolekoenig.top
hydadhybidad2.xyz
janejahan.shop
janeman.one
madarjan.site
memberadd.xyz
mobiletapp.sbs
niatell.shop
pasargad.fun
pasargad.homes
pasargad.pw
profilepictures.shop
speedvps.fun
tarifaconcursodeacreedores.top
westwindmotorinn.xyz
yadeayam.online
yarzzk.link
applelplus1.hydadhybidad2.xyz
appleplus.dnbaletmigardam.top
sub.appleplus.store
ulta.appleplus.store

# Reference: https://x.com/MichalKoczwara/status/1848632253129048261
# Reference: https://www.virustotal.com/gui/ip-address/158.247.201.165/relations
# Reference: https://app.validin.com/detail?type=ip&find=158.247.201.165#tab=resolutions

marriotth.com
nhebooksend.site
nhnote.site
nisentmail.site
treeofgod.site
about.marriotth.com
cchealth.nepopup.site
dallas.treeofgod.site
lcshealth.nepopup.site
lcshealth.netimeline.site
lcshealth.nhebooksend.site
lcshealth.nitiemesend.site
nidhealth.nepopup.site
nidhealth.netimeline.site
nidhealth.nhebooksend.site
nidhealth.nhhaowell.site
nidhealth.nitiemesend.site
sslhealth.nepopup.site
sslhealth.netimeline.site
sslhealth.nhebooksend.site
sslhealth.nitiemesend.site
staticnidhealth.nepopup.site
staticnidhealth.netimeline.site
staticnidhealth.nhebooksend.site
staticnidhealth.nitiemesend.site

# Reference: https://x.com/ValidinLLC/status/1848754999246950562
# Reference: https://app.validin.com/detail?type=ip&find=158.247.225.78#tab=resolutions

ntclockwork.site
ntgotiming.site
nthereweare.site
ntspotview.site
nunu4.tv
nunu5.tv
nunu6.tv
nunutv1.me
nv01awyclthvk.sbs
nv02kqrxuojcp.sbs
nv03tceoclgrr.sbs
nv04bpcrsfcre.sbs
nv05ymtvktylc.sbs
nv06yhqmidiak.sbs
nv07mmobtqlzi.sbs
nv08orelntknp.sbs
nv09tpzhcyrfe.sbs
nv10meqykmvsj.sbs
nv11neivcerdj.sbs
nv12hnslmrdha.sbs
nv13ouwphifwy.sbs
nv14biapevwfj.sbs
nv15otookjrul.sbs
nv16ysekthzyc.sbs
nv17fedzraywl.sbs
nv18njhyxgido.sbs
nv19whkblnuam.sbs
nv20usqaacgte.sbs
nv21fzrdgptrh.sbs
nv22uccrqouhg.sbs
nv23ffdelksai.sbs
nv24iabatyfee.sbs
nv25unbuasdoy.sbs
nv26mfqrhpvvp.sbs
nv27iphharjey.sbs
nv28vqkgzdivw.sbs
nv29qjbtcqftr.sbs
nv30cldwdnxby.sbs
nv31dzagkeyze.sbs
nv32lpagbvbxa.sbs
nv33xqvtzpfol.sbs
nv34ktpfbdlpg.sbs
nv35dfxedfphk.sbs
nv36vgzytvvmf.sbs
nv37cvlenbsuk.sbs
nv38wpjssnevp.sbs
nv39uvmvtkmss.sbs
nv40pjexbsxwr.sbs
xvideos-k1.com
info.nunu4.tv
info.nunu6.tv
up.nunu6.tv

# Reference: https://app.validin.com/detail?find=158.247.199.185&type=ip4&ref_id=e3f9316944d#tab=resolutions

ep01xmsisorelgqee.sbs
ep04eqooecrgtiwfq.sbs
ep05uggicuxklehpj.sbs
ep06bhlwolbivyrzj.sbs
ep10gqmfkhtthnwcu.sbs
ep11nebvbydvotdoy.sbs
ep12imrjiejxtronp.sbs
ep14fsxnzjudaztvz.sbs
ep15qryzulkfcmxgl.sbs
ep16gmxwjpoosaiaz.sbs
ep17qkdsrmviapqij.sbs
ep18rlqelgwebslzk.sbs
ep20ouxyknswarnfe.sbs
ep21gavhdpgnpcdjb.sbs
ep22wgqsixgwlpknr.sbs
ep27thcxhhjzugurm.sbs
ep28mlfqwjoqndrre.sbs
ep29vxwhmgbdjcoml.sbs
nehomeday.site
nehostme.site
nhmiss.site
nkheart.site
nkmountain.site
nksongto.site

# Reference: https://app.validin.com/detail?find=158.247.237.186&type=ip4&ref_id=b5eea0cb2c6#tab=resolutions

ccmsnv.site
ccnspv.online
csencv.xyz
csnveo.info
encsv.cloud
eomnsvc.biz
fnsc-law.online
fnsc.pro
ncc-fs.xyz
necsv.site
niloinmast.site
nisecueall.site
niweballow.site
scnvff.art
skccnv.store

# Reference: https://x.com/ValidinLLC/status/1849023544212013550
# Reference: https://www.virustotal.com/gui/ip-address/154.90.62.152/relations

cc.homestaxs.info
cc.ntsflag.site
cc.ntstool.site
emv1.ntsapp.cloud
emv1.ntstool.site
eposting.site
fasopfegnb.top
gduasgdkabad.top
homestaxs.info
lcs.homestaxs.info
lcs.ntshomes.info
lcs.ntskeep.site
lcs.ntstool.site
naver.homestaxs.info
naver.nts-notice.shop
naver.ntsapps.online
naver.ntscheck.online
naver.ntshomes.info
naver.ntsinbox.site
naver.ntskeep.site
naver.ntsreport.cloud
naver.ntstool.site
nts-notice.cloud
nts-notice.shop
ntsapps.online
ntscheck.online
ntsdraft.site
ntsinbox.site
ntskeep.site
saramin.online

# Reference: https://x.com/ValidinLLC/status/1849037034943328642
# Reference: https://app.validin.com/detail?find=2a02%3A4780%3A2b%3A1633%3A0%3A1d47%3Ab9f8%3A0%2F124&type=ip&ref_id=d84560c58e8#tab=resolutions

bigsharksea.site
bitstampout.site
fmailyalbumview.site
generaltransport.site
gloriouszoo.store
ntsread.site
srcfiledownload.site
strategyhome.shop

# Reference: https://app.validin.com/detail?find=154.90.63.121&type=ip4&ref_id=e2c7b06673f#tab=resolutions

ntscontact.cloud
ntsgate.site
ntshome.xyz
ntsinfo.xyz
ntslog.site
ntspost.xyz
ntspro.site
ntsshare.online
ntstask.site
ntswall.site
saredloemail.shop

# Reference: https://app.validin.com/detail?find=101.36.114.88&type=ip4&ref_id=c0a63c4d30b#tab=resolutions

tranquiltrade.tech

# Reference: https://app.validin.com/detail?find=101.36.114.94&type=ip4&ref_id=c0a63c4d30b#tab=resolutions

empaiothongkong.tech

# Reference: https://www.virustotal.com/gui/ip-address/27.255.80.170/relations

acause.info
agellar.info
anause.info
goodsjobs.eu
googlemoons.info
naverite.info
necsgn.info
netsgn.info
nid-security.com
omsuk.info
wabsaic.info
wabsaik.info

# Reference: https://app.validin.com/detail?find=141.164.63.142&type=ip4&ref_id=0ace6b4321b#tab=resolutions

checkuser.website

# Reference: https://app.validin.com/detail?find=118.193.69.53&type=ip4&ref_id=71ea494f09d#tab=resolutions

antiranue.site
bureopen.store
fundora.site
githuse.store
muslime.store
nirso.ink
xwczxupas.top
xwxcpoiaz.top
yzadapapwt.top

# Reference: https://app.validin.com/detail?find=118.36.192.211&type=ip4&ref_id=06afbd1c956#tab=resolutions (# 2024-11-23)

goodemail.info
goqqle.eu
live.co.cm
mail.never.com.de
mycloud.never.com.de
never.com.de
news.info.ro
unescos.news.info.ro

# Reference: https://x.com/0xmh1/status/1860945321272180931
# Reference: https://app.validin.com/detail?type=ip&find=158.247.201.113#tab=resolutions

emabssyload.store
embassycheck.store
gotera.site
realiycheck.store
ssoutilye.store

# Reference: https://www.genians.co.kr/blog/threat_intelligence/kimsuky-cases

cookiemanager.n-e.kr
nidiogln.n-e.kr
naverbox.p-e.kr
covd.2kool4u.net
ned.kesug.com
wud.wuaze.com
owna.loveslife.biz

# Reference: https://app.validin.com/detail?find=61.97.243.32%2F28&type=ip&ref_id=5b3593f547a#tab=resolutions

awaiians.info
havattle.com
kakao-notice.com
korea-sign.kro.kr
naeveor.com
nate.com.mx
navarcorp.com
naveear.com
naver-deploy.com
naver-domain.com
naver-domains.com
naver-eml.com
naver-firewall.com
naver-host.com
naver-hosts.com
naver-ipcheck.com
naver-master.com
naver-mxcheck.com
naver-noreply.com
naver-notice.center
naver-notice.com
naver-notify.com
naver-privacy.center
naver-private.com
naver-project.com
naver-protect.com
naver-protocol.com
naver-provider.com
naver-query.com
naver-rule.com
naver-sites.com
naver-team.center
naver-trust.com
naver-vaccine.com
naver-virtual.com
naver-virutal.com
naver-whale.com
naverccorp.com
navercheck.com
naverclouds.com
navercorp.click
navercorp.co.com
naverdefend.com
naverlinks.com
navermail.center
navermybox.com
naverprotect.center
naverprovider.com
naverquery.com
naverwhale.com
sogou-info.com
mail.korea-sign.kro.kr

# Reference: https://x.com/asdasd13asbz/status/1864483777701138629
# Reference: https://www.virustotal.com/gui/file/7689f8c2bfff6262a5885f3e5afc5442dc8a60bfa463da821e348b095d45e362/detection

http://72.14.155.62
memconfirms.online
odhistory-shoppings.info

# Reference: https://x.com/byrne_emmy12099/status/1866361211291660359
# Reference: https://www.virustotal.com/gui/file/e6bcdb402999f6f35351c0b9a1be84345aea88c3f662ba27341d7857aeb8cc39/detection

nasweir.com

# Reference: https://app.validin.com/detail?find=156.244.19.38&type=ip4&ref_id=d113af9aeee#tab=resolutions

ntsdash.cloud
ntsguest.cloud
ntsmanager.cloud
ntsplus.cloud
ntsservice.cloud
ntsxteam.cloud
uppbit.cloud

# Reference: https://x.com/cyberwar_15/status/1873869713773924825
# Reference: https://x.com/cyberwar_15/status/1873880914222317626
# Reference: https://www.virustotal.com/gui/file/c43507b6f2c2cb033d3f55229b20adfde9cda4dfb93dc3db45556847638ec7f8/detection

accountprotection.info
googlauth.com
kakao-auth.com
kakauth.com
navauth.com
naver-auth.com
review.accountprotection.info

# Reference: https://www.virustotal.com/gui/ip-address/203.96.177.116/relations

googlkids.shop
husband.n-e.kr

# Reference: https://x.com/byrne_emmy12099/status/1876505616124162071
# Reference: https://www.virustotal.com/gui/ip-address/23.137.249.245/relations

sublayers.org
subnodes.info
subscheme.info

# Reference: https://x.com/byrne_emmy12099/status/1876515884044546164
# Reference: https://www.virustotal.com/gui/file/4cd7e92ac6a3d068683d41beabd82d82267d97aa89603c708c0dd4af637d6d67/detection

accessrxhealth.com

# Reference: https://x.com/StrikeReadyLabs/status/1878602113397502290
# Reference: https://www.virustotal.com/gui/file/2f63594b4cd9cea2d1f6fa555e05c65a2f4565468d4de03320055fe9ff006f9d/detection

http://213.248.132.108

# Reference: https://x.com/StrikeReadyLabs/status/1878783929114591321
# Reference: https://www.virustotal.com/gui/file/d7367d9cc84d794ff73e90dd3cc936b18158bac8935ea4c5f1b7fddd821af430/detection

elmer.com.tr/modules/mod_finder/src/Helper/1212_pprb_all/dksleks
/modules/mod_finder/src/Helper/1212_pprb_all/dksleks
/1212_pprb_all/dksleks

# Reference: https://x.com/byrne_emmy12099/status/1879112142718431525
# Reference: https://x.com/StrikeReadyLabs/status/1879141990731768019
# Reference: https://www.virustotal.com/gui/file/a1b67cfb080f4d1e4cbb0019a30259cb291f56c0ada02e2ca1028f675b187727/detection

fantasiasognorealta.com/wp-includes/js/src/list.php
raleighice.com/wp-includes/js/inc/get.php

# Reference: https://x.com/StrikeReadyLabs/status/1879866055423898064
# Reference: https://www.virustotal.com/gui/file/97bc3dd9fc2cb82d31377a716eea60b64635fff1e65bf6f30832a2a2d65729f8/detection

evangelina.edu/img/503/expres.php

# Reference: https://x.com/byrne_emmy12099/status/1881628810451501169
# Reference: https://www.virustotal.com/gui/file/060f2208be86e098bc6da0b46a4eb437142b26915e1cc756e36c379ba8edd33e/detection

marymount.pixelflyte.com/wp-admin/js/src/list.php
marymount.pixelflyte.com/wp-admin/js/src/upload.php
teamfuels.com/index.php/en/modules/inc/get.php

# Reference: https://x.com/ShadowChasing1/status/1882299213687734726
# Reference: https://www.virustotal.com/gui/ip-address/118.194.249.171/relations

auth-check.o-r.kr
authurize.niduser.info.dns.cloud.check-info.o-r.kr
blog-master.o-r.kr
bloger.niduser.info.check-user.o-r.kr
check-sign.o-r.kr
check-user.o-r.kr
check.niduser.info.check-sign.o-r.kr
checker.dns-blog.n-e.kr
checking.blog-master.o-r.kr
checking.cloud.niduser.auth-check.o-r.kr
cloud.check-info.o-r.kr
cloud.niduser.auth-check.o-r.kr
dns-blog.n-e.kr
dns.cloud.check-info.o-r.kr
dns.niduser.user-check.o-r.kr
info.check-sign.o-r.kr
info.check-user.o-r.kr
info.checker.dns-blog.n-e.kr
info.dns.cloud.check-info.o-r.kr
info.verify-user.r-e.kr
infochecker.dns.niduser.user-check.o-r.kr
niduser.auth-check.o-r.kr
niduser.checking.blog-master.o-r.kr
niduser.info.check-sign.o-r.kr
niduser.info.check-user.o-r.kr
niduser.info.checker.dns-blog.n-e.kr
niduser.info.dns.cloud.check-info.o-r.kr
niduser.info.verify-user.r-e.kr
niduser.user-check.o-r.kr
signinfo.bloger.niduser.info.check-user.o-r.kr
signinfo.niduser.info.check-user.o-r.kr
signinfo.niduser.info.verify-user.r-e.kr
user-check.o-r.kr
verify-user.r-e.kr

# Reference: https://x.com/0xmh1/status/1885541720907035080
# Reference: https://x.com/skocherhan/status/1885559794800423415
# Reference: https://www.virustotal.com/gui/ip-address/125.136.67.99/relations
# Reference: https://www.virustotal.com/gui/ip-address/183.105.107.132/relations
# Reference: https://www.virustotal.com/gui/file/a1bd69ddf6bc05df5e4513c2e580391995cc634eb288ebe4d0c157d75c81253e/detection
# Reference: https://www.virustotal.com/gui/file/d590572eea5208aa577d2cbe586b23ac2b818b8742b072f30c0b97a585be95c4/detection

http://158.247.238.12
http://183.105.107.132
125.136.67.99:9999
183.105.66.48:9999
andigh995.pro
ikikik11.org
moyaho995.pro
yootube.kr
abaa1.kro.kr
abaa2.kro.kr
abaastart1.kro.kr
delete1.kro.kr
installerfofo.kro.kr
nt89.kro.kr
nt89s.kro.kr
nt96.kro.kr
nt99.kro.kr
qudtls01.kro.kr
/installerabaa/

# Reference: https://x.com/JangPr0/status/1879054546661728605
# Reference: https://x.com/byrne_emmy12099/status/1886798799550726409
# Reference: https://www.virustotal.com/gui/file/f4c4f68f8b27279b00b718b02392d5dfe1766c342a189a51e0e2a6f6412e1ce0/detection
# Reference: https://www.virustotal.com/gui/file/084b0e774019ad450974dc48c5d25e23c8c0517e30013d55b9bba3787ce768f1/detection
# Reference: https://www.virustotal.com/gui/file/11afe5cc28666c39d3dc3e9d51f780e55ce57e29424861b94002fb3370474f7e/detection

74.50.94.175:7032
74.50.94.175:9992

# Reference: https://x.com/0xmh1/status/1887472860450459879
# Reference: https://www.virustotal.com/gui/file/b5d2815102ac04f15824c7e2faf29e57df0e8f5ad7d5dfa5eea390cd08729721/detection

bergaeroworks.co.za/wp-includes/js/inc/get.php

# Reference: https://asec.ahnlab.com/en/86098/

216.219.87.41:3389
74.50.94.175:3389

# Reference: https://x.com/MsftSecIntel/status/1889407814604296490
# Reference: https://x.com/unpacker/status/1890001871257096399
# Reference: https://threadreaderapp.com/thread/1889407814604296490.html
# Reference: https://app.validin.com/detail?find=210.179.30.213&type=ip4&ref_id=efecfad08cf#tab=resolutions (# 2025-02-12)

account-profile.servepics.com
accounts-porfile.serveirc.com
securedrive.fin-tech.com

# Reference: https://x.com/JangPr0/status/1891736047223963835
# Reference: https://www.virustotal.com/gui/file/4a6c23e76524364fe9b9f5ecd46dc73e7714cac93849a380f0d1b746fae3650d/detection

kerkenraad.com/src/list.php
kerkenraad.com/src/upload.php
vetilministry.com/bg/wp-includes/js/inc/get.php

# Reference: https://x.com/SecAI_AI/status/1891851916549742805
# Reference: https://i.secai.ai/research/1%EC%9B%94%EC%8B%A0%EA%B3%A0%EB%82%A9%EB%B6%80%EB%B3%80%EB%8F%99%EC%A0%84%EC%9E%90%EB%AC%B8%EC%84%9C.%EC%BB%A4%EB%AE%A4%EB%8B%88%ED%8B%B0.%ED%95%9C%EA%B5%AD

xn--1-wb6eh4hj4durmfjcnubk5pb9dezmj4b0xb.xn--9i1b01onwqqzd.xn--3e0b707e

# Reference: https://app.validin.com/detail?type=ip&find=158.247.250.251#tab=resolutions

ednatihome.store
ednativeservice.store
ednotiall.store
edouserv.store
koreakrx.online
kyeonblog.com
medocumnetshome.store
megovhepserv.store
mehintdoc.store
menavcorp.store

# Reference: https://x.com/SecAI_AI/status/1894388129500397860
# Reference: https://www.virustotal.com/gui/ip-address/118.193.69.87/relations

auth-info.p-e.kr
calling.p-e.kr
collect-info.p-e.kr
remember-info.p-e.kr
safety-call.p-e.kr
super-info.p-e.kr
blog-info.auth-info.p-e.kr
info.remember-info.p-e.kr
info.safety-call.p-e.kr
n-doc.super-info.p-e.kr
n-info.collect-info.p-e.kr
o8gwosoxiy.calling.p-e.kr

# Reference: https://app.validin.com/detail?type=ip&find=118.193.69.87#tab=host_pairs (# 2025-02-25)

chain-info.p-e.kr

# Reference: https://x.com/SecAI_AI/status/1897104553847226787

xn--2-wb6eh4h69noxcpshjpdk5kqvbe7a.xn--9i1b01onwqqzd.xn--3e0b707e

# Reference: https://x.com/SecAI_AI/status/1897302960260178369
# Reference: https://app.validin.com/detail?type=ip&find=118.193.68.90#tab=resolutions

admin-center.n-e.kr
auth-check.n-e.kr
auth-user.o-r.kr
check-user.n-e.kr
checkstep.n-e.kr
dns-blog.r-e.kr
n-sign.n-e.kr
nts-auth.n-e.kr
safeinfo.o-r.kr
sign-again.n-e.kr
sign-dns.r-e.kr
signcheck.o-r.kr
user-check.n-e.kr
user-sign.n-e.kr
info.www.sign-dns.r-e.kr
niduser.info.www.sign-dns.r-e.kr

# Reference: https://www.genians.co.kr/blog/threat_intelligence/apt-attacks-martial-law

100000recipe.com
auth-require.com
campaign2-nid.com
glaed-hotel.com
jongnno.com
kakao-check.com
kcar-service.com
knovvhow.com
kyf-dream.com
lotto-rich.com
merryear.com
naver-check.com
naverify.com
panmuntour.com
puac.net
samsunghospitol.com
sarkcc.com
seouul.com
unniedu.com
yecchong.com
yes24.vip
accounts.intorpark.com
accounts.kakao-check.com
accounts.kakao-login.com
accounts.kakao-verify.com
accounts.login-require.com
nid.auth-require.com
nid.naver-check.com
nid.naverify.com

# Reference: https://app.validin.com/detail?find=34be99c7e4dfe06ce03b91cddb103a2d&type=hash&ref_id=dcbb8e17b43#tab=host_pairs (# 2025-03-18)

alimi-nrnail.n-e.kr
auth.worksmobile.r-e.kr
authoritycorp.kro.kr
cailtteve.live-on.net
check.authoritycorp.kro.kr
dedicate.p-e.kr
dn.ntlink.server-on.net
doc.dedicate.p-e.kr
docmenus.server-on.net
dodicate.p-e.kr
edoc.docmenus.server-on.net
kdda.serveirc.com
my.dodicate.p-e.kr
mydocument.run.place
navdomain.n-e.kr
ndoc.realinfo.p-e.kr
nid.ntpinvoice.kro.kr
nid.viewmybox.kro.kr
nidnavmail.myvnc.com
nidsecure.o-r.kr
ntlink.server-on.net
ntpinvoice.kro.kr
online-doc.linkpc.net
pwdcheck.rightsreserve.kro.kr
realinfo.p-e.kr
rightsreserve.kro.kr
secure.navdomain.n-e.kr
update.nidsecure.o-r.kr
viewmybox.kro.kr
worksmobile.r-e.kr
xn--o80bu1t2kkuve89c.xyz

# Reference: https://app.validin.com/detail?find=210.114.11.156&type=ip4&ref_id=9a1e8c85fb6#tab=resolutions (# 2025-03-08)

google-com.kro.kr
drive.google-com.kro.kr

# Reference: https://x.com/SecAI_AI/status/1899463068108656667
# Reference: https://www.virustotal.com/gui/ip-address/123.58.200.71/relations

rightcorp.kro.kr
rightreserve.kro.kr
user.viewblog.kro.kr
viewblog.kro.kr
viewtaxdoc.kro.kr
info.rightcorp.kro.kr
manageblog.viewtaxdoc.kro.kr
post.viewtaxdoc.kro.kr
pwd.rightscorp.kro.kr
pwdcheck.rightreserve.kro.kr

# Reference: https://x.com/byrne_emmy12099/status/1900008095168028735
# Reference: https://www.virustotal.com/gui/file/6ffb5106d912e582bde2c095365fa37a441741e4b9ea7f856b2ecad9516b74c2/detection

http://101.36.114.190
/accounts.kakao.comwebloginfind_account/showHeader/nate.php

# Reference: https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37
# Reference: https://app.validin.com/detail?find=27.255.81.116&type=ip4&ref_id=b701fbedc41#tab=resolutions

crowdon.info
mailcorp.cc

# Reference: https://x.com/byrne_emmy12099/status/1901250906802569421
# Reference: https://app.validin.com/detail?type=ip&find=45.14.246.94#tab=resolutions
# Reference: https://www.virustotal.com/gui/ip-address/192.109.119.104/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.14.246.94/relations
# Reference: https://www.virustotal.com/gui/file/5f23b1ca43f6a18e3c9f21d390f5d1e187b1339b07a1dce70f8338f3be320878/detection

chol-kor.p-e.kr
comon-excepted.o-r.kr
condition-waite.p-e.kr
deromopa.r-e.kr
excepted-comon.r-e.kr
file-manager.o-r.kr
home-naite.o-r.kr
jeonpriter.n-e.kr
lib-section.kro.kr
login-live.o-r.kr
moparams.n-e.kr
morames.r-e.kr
mrasis.n-e.kr
mybox-file.o-r.kr
n-cloud.o-r.kr
nelocket.o-r.kr
neratras2.kro.kr
nihao-ninhao.p-e.kr
nocamoto.o-r.kr
nolomoro.p-e.kr
nooraeso.r-e.kr
noporado.p-e.kr
noramdis.o-r.kr
opedromos1.r-e.kr
prinitro.r-e.kr
pritersert.r-e.kr
proposalo.p-e.kr
qoporos.o-r.kr
qudoros1.o-r.kr
safety-files.o-r.kr
secfile-store.o-r.kr
secodners.kro.kr
section-libs.kro.kr
sectra-file.o-r.kr
type-verificasion.n-e.kr
vefication-type.o-r.kr
verginia2.r-e.kr
verify-files.o-r.kr
vionera1.o-r.kr
waite-conditions.r-e.kr
yesterdom1.r-e.kr
account.pritersert.r-e.kr
main.prinitro.r-e.kr
rogo.secodners.kro.kr
update.jeonpriter.n-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/204.12.253.10/relations

pi-usdt.o-r.kr
change.pi-usdt.o-r.kr
hange.pi-usdt.o-r.kr

# Reference: https://x.com/freedomhack101/status/1900882765316595965
# Reference: https://www.virustotal.com/gui/ip-address/123.58.200.71/relations

blogdetect.kro.kr
rightscorp.kro.kr
profile.blogdetect.kro.kr

# Reference: https://x.com/byrne_emmy12099/status/1901910626345406487

visibird.com/wp-admin/js/widgets/hurryup/

# Reference: https://x.com/SecAI_AI/status/1902364687640953017
# Reference: https://virustotal.com/gui/ip-address/118.194.249.237/relations
# Reference: https://www.virustotal.com/gui/file/198391e9d41c08b1863bc8da3c4f51543757f2ee80933a01159261cc9c2a0cad/detection
# Reference: https://www.virustotal.com/gui/file/96b9a198b7de3f6c43f2d2e7c51d26a3b32eeb6a1c7ec85c216a62994b965211/detection

dns.ips-doc.r-e.kr
dns.user.ndoc-mail.n-e.kr
download.nts-app.n-e.kr
download.nts-app.o-r.kr
ips-doc.r-e.kr
n-check.dns.user.ndoc-mail.n-e.kr
n-info.user.dns.ips-doc.r-e.kr
ndoc-mail.n-e.kr
nidhelp.o-r.kr
nts-app.n-e.kr
nts-app.o-r.kr
user.dns.ips-doc.r-e.kr
user.ndoc-mail.n-e.kr

# Reference: https://x.com/freedomhack101/status/1903427050029146416
# Reference: https://app.validin.com/detail?find=101.36.114.58&type=ip4#tab=resolutions

ndser.servicemail.r-e.kr
onvasdx.cc
ruoknvcxsd.cc
servicemail.r-e.kr
uioafafliuao.top

# Reference: https://x.com/freedomhack101/status/1903427050029146416
# Reference: https://app.validin.com/detail?find=101.36.114.99&type=ip4#tab=resolutions

h3ytm.cloud
blog-report.p-e.kr
doc-service.o-r.kr
edoc-send.o-r.kr
email-check.o-r.kr
general-sign.o-r.kr
info-cert.o-r.kr
info.info-cert.o-r.kr
join-login.o-r.kr
mybox-check.o-r.kr
mybox-safe.o-r.kr
bloginfo.blog-report.p-e.kr
bloginfo.join-login.o-r.kr
callinfo.mybox-safe.o-r.kr
n-info.blog-report.p-e.kr
n-info.info-cert.o-r.kr
n-info.join-link.o-r.kr
nblog-info.join-link.o-r.kr
newinfo.email-check.o-r.kr
ninfo.blog-report.p-e.kr
tdoc.doc-service.o-r.kr
user-info.mybox-check.o-r.kr
userdoc.edoc-send.o-r.kr

# Reference: https://app.validin.com/detail?type=hash&find=6025ceaa4ac3a72c5946bd0c454245a9#tab=host_pairs (# 2025-03-23)

ghffde.site
gjdufde.icu
gjhuhr.store
gujfye.online
nbhgfr.icu
nhbgvf.site
njbghr.site
njgith.store
qmall.site
qwall.space

# Reference: https://app.validin.com/detail?find=27.255.79.240&type=ip4&ref_id=727d3cacdef#tab=resolutions

naverscan.info
naverteam.com.co
naverteam.in.net
nbjghy.xyz

# Reference: https://app.validin.com/detail?find=141.164.58.230&type=ip4&ref_id=952bd5ec0ab#tab=resolutions

ghjkle.online
ghytke.icu
krdocserv.store
krdoments.store
kredousrv.store
krservdoc.store
nasdfg.space
nbhgfv.site
nbhtre.space
nbmvr.shop
nbvcdfr.shop
nbvcxz.website
nbyhn.site
njbhgy.space
njfughr.space
njithm.website
nmjbg.website
npsds.space

# Reference: https://x.com/asdasd13asbz/status/1903809343554031853

ipinst.shop

# Reference: https://x.com/SecAI_AI/status/1904909455873237014
# Reference: https://www.virustotal.com/gui/ip-address/158.247.211.14/relations

blog-auth.kro.kr
userauthor.kro.kr
login.blog-auth.kro.kr
post.userauthor.kro.kr

# Reference: https://x.com/SecAI_AI/status/1905268320963621134
# Reference: https://www.virustotal.com/gui/ip-address/141.164.49.250/relations

nbox-sign.n-e.kr
nts-edoc.o-r.kr
tax-ndoc.o-r.kr
cloud.nbox-sign.n-e.kr
cloud.tax-ndoc.o-r.kr
userinfo.nts-edoc.o-r.kr
check.cloud.nbox-sign.n-e.kr
dns.userinfo.nts-edoc.o-r.kr
n-check.dns.userinfo.nts-edoc.o-r.kr
n-check.user.cloud.tax-ndoc.o-r.kr
n-info.check.cloud.nbox-sign.n-e.kr
user.cloud.tax-ndoc.o-r.kr

# Reference: https://x.com/SecAI_AI/status/1907090182362611810

blogalarm.kro.kr
checkmyblog.kro.kr
nid-info.checkmyblog.kro.kr
post.blogalarm.kro.kr

# Reference: https://x.com/JangPr0/status/1907297153120346219
# Reference: https://www.virustotal.com/gui/file/a87c663dea792121b6a17b8e605159116e30434f2c67b8be0b198ba8229d2a3d/detection
# Reference: https://www.virustotal.com/gui/file/0eda9fee2d452fe359fb66d5102d3b78398fd23e6f6068f36e1d29af994e30a8/detection

yellowstone-marketing.com/wp-includes/js/src/get.php
yellowstone-marketing.com/wp-includes/js/src/list.php
yellowstone-marketing.com/wp-includes/js/src/upload.php
yellowstone-marketing.com/wp-includes/js/inc/get.php
yellowstone-marketing.com/wp-includes/js/inc/list.php
yellowstone-marketing.com/wp-includes/js/inc/upload.php

# Reference: https://x.com/JangPr0/status/1909509108438282551

voicevosi.com/plugins/content/loadmodule/src/js/get.php
voicevosi.com/plugins/content/loadmodule/src/js/list.php
voicevosi.com/plugins/content/loadmodule/src/js/upload.php

# Reference: https://x.com/SecAI_AI/status/1907803274020876485
# Reference: https://wezard4u.tistory.com/429512
# Reference: https://www.virustotal.com/gui/ip-address/158.247.242.169/relations

foiunsonin.site
fosmansin.site
fuiusonans.store
iauonise.site
iesionis.site
nhonesmaon.homes
vidsuaiue.site
bloggroup.64bit.kr
docsdeliver.ggm.kr
groupsinvoice.64bit.kr
invoicegroup.64bit.kr
blog.docsdeliver.ggm.kr
helplink.bloggroup.64bit.kr
myblog.invoicegroup.64bit.kr
tax.groupsinvoice.64bit.kr

# Reference: https://app.validin.com/detail?find=34be99c7e4dfe06ce03b91cddb103a2d&type=hash&ref_id=d3368e33e7b#tab=host_pairs (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=8d5de7ecb18c720b5723d23de8b56da4&type=hash&ref_id=76fa229b91f#tab=host_pairs (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=d338d43b8946574e6733fef85376a428&type=hash&ref_id=841d30201cf#tab=host_pairs (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=110.235.68.220&type=ip4&ref_id=d5c79dae5ba#tab=resolutions (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=112.118.33.72&type=ip4&ref_id=dc10dd40318#tab=resolutions (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=116.49.73.233&type=ip4&ref_id=d5c79dae5ba#tab=resolutions (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=220.246.143.134&type=ip4&ref_id=d5c79dae5ba#tab=resolutions (# 2025-04-08)
# Reference: https://app.validin.com/detail?find=61.93.6.63&type=ip4&ref_id=d5c79dae5ba#tab=resolutions (# 2025-04-08)
# Reference: https://www.virustotal.com/gui/ip-address/158.247.247.157/relations

ablweope.site
alldoc.work.gd
blog-info.yourinfo.kro.kr
bossyira.store
brownsix.com
demoserver001.no-ip.org
docedge.p-e.kr
docedger.p-e.kr
docservice.p-e.kr
garywong17.asuscomm.com
good-moment.dscloud.me
iamsam.asuscomm.com
kdda56.kro.kr
leeraymond.ddns.net
login.mexc-account.kro.kr
login.mexc-signin.kro.kr
mailplug.mysaol.com
mc2010hk01.ddns.net
mexc-account.kro.kr
mexc-signin.kro.kr
naverdomain.r-e.kr
onview.p-e.kr
onview.work.gd
ourdoc.linkpc.net
paegovhome.store
paloaltonetworks.r-e.kr
referluty.store
wildcat-hongkong.asuscomm.com
document.onview.p-e.kr
m97.mailplug.mysaol.com
mai.docservice.p-e.kr
my.docedge.p-e.kr
my.docedger.p-e.kr
secure.naverdomain.r-e.kr
updates.paloaltonetworks.r-e.kr
yourinfo.kro.kr

# Reference: https://app.validin.com/detail?find=42.98.129.150&type=ip4&ref_id=dc10dd40318#tab=resolutions (# 2025-04-08)

celinechow.duckdns.org
cyli-rita.asuscomm.com
cylirita.ddns.net
harrierrouter.vpnplus.to
jimpang.asuscomm.com
kt307.asuscomm.com
petercck88u.asuscomm.com
shanking.ddns.net
station.ddns.net
tp1966.duckdns.org

# Reference: https://app.validin.com/detail?type=ip&find=218.102.137.85#tab=resolutions (# 2025-04-08)

kenysc.myds.me
kuankuan.asuscomm.com

# Reference: https://x.com/SecAI_AI/status/1909980369086292352
# Reference: https://www.virustotal.com/gui/ip-address/158.247.192.105/relations

ips-check.o-r.kr
dns.ips-check.o-r.kr
blog.dns.ips-check.o-r.kr

# Reference: https://x.com/byrne_emmy12099/status/1910164039633891407
# Reference: https://x.com/byrne_emmy12099/status/1910194391974916546

absongkhla.com/administrator/help/hurryup/
beldy.ma/wp-admin/js/widgets/hurryup/
go2kgstan.com/layouts/plugins/user/hurryup/
holosformations.fr/wp-admin/js/widgets/hurryup/
michaelagee.com/img/common/hurryup/

# Reference: https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247514665&idx=1&sn=37751d5f4cdb6b4d9786010ddd25e751&chksm=ea664d5edd11c4489b2f2744b6fae637ebf692c2cb95c73929fd9c0d80bfa62ae3913d795dd6&scene=178&cur_album_id=1539799351089283075

gtfydu.surfnet.ca
hiwork.o-r.kr
sudifo.ftp.sh
login.hiwork.o-r.kr

# Reference: https://www.virustotal.com/gui/ip-address/64.176.225.161/relations

ceilainghamilisim.store
cidsoeuas.site
ecoxisueyoie.icu
eicoseeoicue.icu
eiwzoius.site
hobbyramihuasamee.store
iucvusieooisu.icu
narayadebuanabirk.store
santokandaremadan.store
sieuizxue.site
sovxueiee.site
vfiseowiu.site
xcsiueiou.site
zhendywoxianziadn.store
account-login.kro.kr
account-sign.kro.kr
accounts.kakao-login.kro.kr
b-info.detailinfo.n-e.kr
b-info.sortinfo.n-e.kr
detailinfo.n-e.kr
einfo.openinfo.n-e.kr
google.account-login.kro.kr
google.account-sign.kro.kr
google.sign-account.o-r.kr
kakao-account.kro.kr
kakao-accounts.kro.kr
kakao-login.kro.kr
login.kakao-account.kro.kr
login.kakao-accounts.kro.kr
n-info.saveinfo.n-e.kr
ninfo.p-e.kr
openinfo.n-e.kr
saveinfo.n-e.kr
sign-account.o-r.kr
sortinfo.n-e.kr
yvgvwndoc.realinfo.p-e.kr

# Reference: https://app.validin.com/detail?find=e14fd596a9c4dbb1026bd2c4d1b73021&type=hash#tab=host_pairs (# 2025-04-12)

ntsactive.site
ntsagent.site
ntshome.cc
ntsmail.cc
ntsmsg.cc
ntspost.top
ntsservice.site
taxagent.site
taxhome.world
taxservice.site

# Reference: https://www.virustotal.com/gui/ip-address/156.244.19.218/relations

gcogle.store
mid-proxy.site
middleware.space
ncpt.ntsauth.us
ntsauth.online
ntsauth.us
ntshome.live
ntshome.top
ntshome.us
ntsmain.live
ntsmap.cloud
ntspost.live
ntstax.live
taxagent.site
taxhome.world
taxservice.site
a.taxagent.site
naver.ntsauth.online
naver.ntsauth.us
naver.ntshome.live
naver.ntshome.us
naver.ntsmain.live
naver.ntstax.live
naver.taxagent.site
naver.taxhome.world
ncpt.ntsauth.online

# Reference: https://x.com/byrne_emmy12099/status/1912268814873686354
# Reference: https://www.virustotal.com/gui/file/42f306b905ece8875bdf16d276b8e4c1f70265918625da475e0f0ff0aa90f31c/detection

http://103.149.98.247

# Reference: https://www.virustotal.com/gui/ip-address/141.164.61.89/relations

blogview.kro.kr
completeinfo.kro.kr
mexc-login.kro.kr
accounts.mexc-login.kro.kr
blog-info.blogview.kro.kr
e-info.completeinfo.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/141.164.36.253/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.204.137/relations
# Reference: https://app.validin.com/detail?find=c002186216f972bb72f8193cdab9717452aad212&type=hash&ref_id=95be784a744#tab=host_pairs (# 2025-04-22)

alaram.shop
cloudarm.site
cloudservertotal.store
creps.vip
eorors.shop
financisae.site
fmansmcon.site
fnisdinxe.site
fnnews.site
fsmangemin.site
fwinasens.site
fwinesie.site
gdadex.top
jostinsounp.site
koreatotal.sbs
kparty.store
kpcon.site
kpsa.site
luckye.website
naverworks.site
navirostorelaw.site
nawstairrule.site
nids.pro
nidsm.pro
nipro.site
nirosoft.space
nives.space
noreplyer.ink
npwonsignskpic.site
oivso.shop
qazwsxt.xyz
relogines.online
sejongcloude.store
soicloudnin.site
stder.store
wnsistins.site
zawerty.ink
koein.r-e.kr
nassec.n-e.kr
srv93772862.ultasrv.net

# Reference: https://www.virustotal.com/gui/ip-address/141.164.53.3/relations

department-docuser.n-e.kr
getdocservice.r-e.kr
mexc-enkr.kro.kr
userdoc-sign.kro.kr
account.mexc-enkr.kro.kr
lnkdoc.department-docuser.n-e.kr
pwd.getdocservice.r-e.kr
user.userdoc-sign.kro.kr

# Reference: https://app.validin.com/detail?find=34be99c7e4dfe06ce03b91cddb103a2d&type=hash#tab=host_pairs (# 2025-04-25)

dshdia.top
gpadisd.top
inklwdc.top
jaistockp.top
jpstgm.top
jpstgmdw.top
jpstgmhse.top
mksybyd.top
pdsyhzx.top
qfrdvg.top
qrtsvgs.top
stockqq.top
tkksjsvc.top
toqpxyc.top

# Reference: https://x.com/JangPr0/status/1915547543804743808

deliberatecollaboration.com/wp-includes/js/inc/get.php
deliberatecollaboration.com/wp-includes/js/inc/list.php
deliberatecollaboration.com/wp-includes/js/inc/upload.php

# Reference: https://x.com/malwrhunterteam/status/1915653547657437381
# Reference: https://x.com/Thisism23567356/status/1916474398829068307
# Reference: https://www.virustotal.com/gui/file/8f6bd4aad71d11efa46687b9968dae8d735af6f966cdc3e955f859a3fd707fdd/detection

http://92.119.114.128
92.119.114.128:3389
92.119.114.128:7000
92.119.114.128:8080

# Reference: https://x.com/byrne_emmy12099/status/1915303778913513905
# Reference: https://www.virustotal.com/gui/file/7c1dee4e44685ecbd12723761b908708353193f2ff3b5b5b3133960c80827e2d/detection

gofinancially.com/images/upload/0422.png

# Reference: https://x.com/Cyberteam008/status/1916995226532462805

1e18ceed-893c-491b-a086-9e27907f02f6.nidcorp.store
6b74b212-3415-47ef-bc47-8f4ceaf5b4ef.nidcorp.store
6fc8755e-e3d7-46dc-9e2d-356b53b62e83.nidcorp.store
7acc2ab0-ec37-403c-bc2c-7aaba34ce0bf.nidcorp.store
8918e372-8548-4cba-8723-318bd9af6fac.check-user.o-r.kr
a.checkmail.n-e.kr
a.dns-down.o-r.kr
a.nidcorp.store
a.safeinfo.o-r.kr
accourt.p-e.kr
againcheck.site
b.calling.p-e.kr
b.checkmail.n-e.kr
b.nidcorp.store
b.safeinfo.o-r.kr
b7a06388-d667-4b7a-b73a-0420e1c60e61.nidcorp.store
blog-info.resign.n-e.kr
box.newdocs.p-e.kr
check.dns.nts-sign.o-r.kr
checkmail.n-e.kr
checkstep.o-r.kr
cloud.dns.checkstep.o-r.kr
d16edef3-4aee-400c-ace2-5d07ca6af96b.xn--on3bo3ef2fhpaw5a3et70ca466c7qp.p-e.kr
d76a2b35-4d67-41c4-bc6a-8cd06507f52d.nidcorp.store
dns-down.o-r.kr
dns.checkstep.o-r.kr
dns.nts-sign.o-r.kr
doc.preview.p-e.kr
info.cloud.dns.checkstep.o-r.kr
info.user.onlive-auth.r-e.kr
invoice.kaka2024.com-ever.eu
kaka2024.com-ever.eu
krlzgwy2021-kr.sugarfungame.com
krlzgwy2021-ws2bdg.sugarfungame.com
my.accourt.p-e.kr
newdocs.p-e.kr
news.theory.in.net
nid.excount.info
nidcorp.store
niduser.check.dns.nts-sign.o-r.kr
niduser.info.cloud.dns.checkstep.o-r.kr
nmail.info.user.onlive-auth.r-e.kr
nood.xn--on3bo3ef2fhpaw5a3et70ca466c7qp.p-e.kr
nts-sign.o-r.kr
onlive-auth.r-e.kr
ozszg.top
resign.n-e.kr
user.onlive-auth.r-e.kr
xn--on3bo3ef2fhpaw5a3et70ca466c7qp.p-e.kr
yvgvwndoc.realinfo.p-e.kr

# Reference: https://x.com/RedDrip7/status/1919683586057232648
# Reference: https://www.virustotal.com/gui/ip-address/162.220.11.186/relations
# Reference: https://www.virustotal.com/gui/file/7047efbd15b20086933a3e41f23252d3f8b049b913b2c05af520a3233368f700/detection
# Reference: https://www.virustotal.com/gui/file/123aefe0734da130b475bfdad6c3ebe49688569ab8310e71ec5252ec46cb67eb/detection

basiclogin.hardsoft.nu
dasfesfgsegsefsede.o-r.kr
linkedin.r-e.kr
naverdomain.r-e.kr
naverinc.r-e.kr
unisontg.n-e.kr
woribanker.r-e.kr
auth.linkedin.r-e.kr
auth.naverinc.r-e.kr
basiclogin.hardsoft.nu
gsegse.dasfesfgsegsefsede.o-r.kr
mail.unisontg.n-e.kr
secmail.woribanker.r-e.kr
secure.naverdomain.r-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/141.164.48.222/relations

mail-alive.pro
accounts.mail-alive.pro
n-doc.mail-alive.pro
login-google.kro.kr
accounts.login-google.kro.kr

# Reference: https://app.validin.com/detail?type=hash&find=34be99c7e4dfe06ce03b91cddb103a2d#tab=host_pairs (# 2025-04-29)

afwdwjp.top
bgjpstock.com
bgjpstockai.com
binjpstock.com
binjpstockai.com
gxjdghs.top
instoaidm.top
jiasdhu.top
jiegpjp.com
jienbjp.top
jiestjp.com
jpgetsmnb.xyz
jpstmnb.xyz
leigpjp.com
leistjp.com
nabygts.top
nayswrs.top
qehuwh.top
qohfud.top
qpoqhcgs.top
qqstock.sbs
qqstock.top
rbhdys.top
shdfuahfu.top
soajhkl.top
stock66.sbs
stockqq.sbs
tasvgvc.top
ystfgasb.top

# Reference: https://x.com/byrne_emmy12099/status/1918199159817159092
# Reference: https://www.virustotal.com/gui/file/09b0aba40f1da5f3455a6f4097f5a9c88d80a51f2b5f9505370d323b6a78b6f0/detection

sitisrlweb.com/wp-includes/js/inc/get.php
sitisrlweb.com/wp-includes/js/src/list.php
sitisrlweb.com/wp-includes/js/src/upload.php

# Reference: https://x.com/byrne_emmy12099/status/1918643886869684526
# Reference: https://www.virustotal.com/gui/file/d5447bbdf4529a91373d4c6fb78640f9287b21b5bdd20f655d0a2deb262bec15/detection
# Reference: https://www.virustotal.com/gui/file/bf13fb57e2a0d8e59f9f10dbfc9edf651c70b31f4bea45abf1f085391b162e61/detection

http://109.107.157.107

# Reference: https://x.com/skocherhan/status/1919925736959344951
# Reference: https://www.virustotal.com/gui/ip-address/141.164.53.3/relations

againcheck.cloud.dns.niduser.www.dns.admin-center.n-e.kr
check-blog.r-e.kr
check.reportdocs.n-e.kr
checkme.user.safeblog.o-r.kr
checkublog.kro.kr
cloud-nts.o-r.kr
cloud.info.www.user-sign.n-e.kr
deleblog.64bit.kr
edoc.nts-service.o-r.kr
edoc.view.blog
edocs.portiondoc.o-r.kr
encodedoc.p-e.kr
files.cloud-nts.o-r.kr
grammity.com
log.deleblog.64bit.kr
mail.user-check.n-e.kr
nid.edoc.view.blog
nidinfo.checkublog.kro.kr
niduser.check.dns.www.nts-sign.o-r.kr
niduser.edoc.nts-service.o-r.kr
niduser.info.sign-dns.r-e.kr
niduser.infoes.www.cloude.check-blog.r-e.kr
nidverify.userdocget.p-e.kr
ninfo.sortinfo.r-e.kr
nts-service.o-r.kr
online.encodedoc.p-e.kr
portiondoc.o-r.kr
reportdocs.n-e.kr
safeblog.o-r.kr
signinfo.dns.niduser.info.www.verify-user.o-r.kr
signinfo.niduser.info.www.verify-user.r-e.kr
sortinfo.r-e.kr
user.safeblog.o-r.kr
userdocget.p-e.kr
verify-user.o-r.kr

# Reference: https://x.com/SecAI_AI/status/1920129746244981095
# Reference: https://www.virustotal.com/gui/ip-address/221.162.112.235/relations

090.gov5nikisa.kro.kr
alla.powresh.targetuplo.kro.kr
chr.mydataauthic.kro.kr
first.pokerstarus.kro.kr
gov5nikisa.kro.kr
in.mogovernts.kro.kr
loveme.chr.mydataauthic.kro.kr
mogovernts.kro.kr
motify.uspublicproum.kro.kr
mydataauthic.kro.kr
myus93nsesq.kro.kr
nid.account.myus93nsesq.kro.kr
pokerstarus.kro.kr
powresh.targetuplo.kro.kr
remote.set.setcokiep3.kro.kr
remote.set.superpages.kro.kr
set.setcokiep3.kro.kr
set.superpages.kro.kr
setcokiep3.kro.kr
sign.in.mogovernts.kro.kr
succ.alla.powresh.targetuplo.kro.kr
superpages.kro.kr
targetuplo.kro.kr
uspublicproum.kro.kr
web.remote.set.setcokiep3.kro.kr
web.remote.set.superpages.kro.kr

# Reference: https://x.com/malwrhunterteam/status/1920443077707088039
# Reference: https://x.com/JAMESWT_WT/status/1920472685806522846
# Reference: https://www.virustotal.com/gui/file/57bf816033afa8efad045a5dfc21129b3f83f14d35d9b7fccfce610f521a24c9/detection

mulsue23.com
us02web-zoom-us.mulsue23.com

# Reference: https://x.com/malwrhunterteam/status/1920780474743435356
# Reference: https://x.com/JAMESWT_WT/status/1920822561937490282
# Reference: https://app.any.run/tasks/166bb71d-0998-46cf-844b-3cd263bef4bd
# Reference: https://www.virustotal.com/gui/file/e9b9e6269037eeba8b99d416e952ffab3b0c514c0e5faf2043a8496f39ec3c86/detection

http://185.235.128.114
185.235.128.114:7000
alphasphere.digital
blazerise.digital
blinksurge.today
buzzangle.digital
buzzpeek.today
dailybitz.digital
dailyhush.today
echomedia.today
factbump.today
fastflow.digital
fastwire.today
flashdrop.digital
flashfeed.digital
flashvortex.today
freshscoop.digital
hotbriefs.digital
hotpulse.today
infoburst.today
infozap.digital
insightpress.today
keenpulse.today
neuracore.digital
neuratech.today
nowradar.digital
nowzoom.today
peakpulse.digital
pinnaclerore.today
pulsewhip.today
quicktap.today
rapidtone.digital
rushtidenow.today
snapbrief.today
sparkpulse.today
speedbriefs.digital
speedscope.digital
storydash.digital
stratoscore.digital
swiftinfolive.today
trendbeam.digital
twistblaze.today
ukquickpulse.today
updatix.digital
veritaslabs.digital
vertaflow.digital
zoomflare.digital

# Reference: https://x.com/JangPr0/status/1922144076402483610
# Reference: https://www.virustotal.com/gui/file/024f33b3051bc97c404020a61d22daf6567498b42cb4b7a5fc9d69466929be2b/detection

rayanlynch.com/wp-includes/js/common/src/list.php
rayanlynch.com/wp-includes/js/common/src/get.php
rayanlynch.com/wp-includes/js/common/src/upload.php

# Reference: https://www.virustotal.com/gui/ip-address/45.124.65.180/relations

abbess.leftfeedback.site
account.ckakao.kro.kr
account.k-center.kro.kr
account.protomail.tk
account.yafoo.ga
accounts.kakoa.ml
accounts.kakoa.o-r.kr
accouts.kakeo.ga
accuonts.kdesign.o-r.kr
acounts.angalentoni.cf
acounts.k-main.kro.kr
angalentoni.cf
angelantoni.tk
angelatoni.ml
angelntoni.ga
aol.socketplug.store
authen.ml
boards.n-e.kr
cdaun.r-e.kr
center.r-e.kr
checkup.ga
cholian.r-e.kr
ckakao.kro.kr
control.o-r.kr
csdaun.kro.kr
daun.authen.ml
daun.checkup.ga
daun.kro.kr
daun.supports.tk
daunhome.o-r.kr
daurn.privacies.r-e.kr
dcentre.kro.kr
detail.ga
dmain.kro.kr
edit.n-e.kr
favorites.gq
guider.r-e.kr
hamnail.o-r.kr
header.ncheck.kro.kr
helpdesk.xnate.kro.kr
helpnate.r-e.kr
home.dmain.kro.kr
home.nidmarket.p-e.kr
home.nservice.kro.kr
homemail.xonate.o-r.kr
insides.r-e.kr
k-center.kro.kr
k-main.kro.kr
kakeo.ga
kakoa.ml
kakoa.o-r.kr
kall.status.n-e.kr
kaoka.protect.n-e.kr
kaokaship.r-e.kr
kcorps.kro.kr
kdesign.o-r.kr
khome.security.p-e.kr
kmember.option.r-e.kr
ksites.o-r.kr
ksolution.n-e.kr
kteam.preview.o-r.kr
leftfeedback.site
live.angelantoni.tk
live.leftfeedback.site
login.hamnail.o-r.kr
login.mysnu.ga
login.mysnu.o-r.kr
logins.angelntoni.ga
logins.daun.kro.kr
look.npower.o-r.kr
main.kaokaship.r-e.kr
main.kcorps.kro.kr
mainboard.p-e.kr
member.protommail.ml
membership.nsetting.o-r.kr
menber.cdaun.r-e.kr
menber.dcentre.kro.kr
menber.navcen.kro.kr
mernber.daunhome.o-r.kr
modify.kro.kr
modify.nstore.r-e.kr
more.nworks.kro.kr
my.csdaun.kro.kr
my.snu.o-r.kr
myinfo.yarhoo.cf
mysnu.ga
mysnu.o-r.kr
n-main.r-e.kr
navcen.kro.kr
ncheck.kro.kr
ncorps.edit.n-e.kr
nedit.mainboard.p-e.kr
newsea.cholian.r-e.kr
nhn.center.r-e.kr
nhn.guider.r-e.kr
nhn.insides.r-e.kr
nhncorp.boards.n-e.kr
nhnview.kro.kr
nhorne.kro.kr
nid.control.o-r.kr
nid.detail.ga
nid.favorites.gq
nid.worksheets.tk
nidcontrol.o-r.kr
nidcorp.modify.kro.kr
nide.n-main.r-e.kr
nidmarket.p-e.kr
npower.o-r.kr
nservice.kro.kr
nsetting.o-r.kr
nsites.kro.kr
nstore.r-e.kr
nsuite.updates.o-r.kr
nuser.view.p-e.kr
nworks.kro.kr
option.nsites.kro.kr
option.r-e.kr
owa.angelantoni.tk
owa.leftfeedback.site
preview.o-r.kr
privacies.r-e.kr
protect.n-e.kr
protomail.tk
protommail.ml
sdaum.o-r.kr
secure.nhorne.kro.kr
security.p-e.kr
service.ksolution.n-e.kr
snu.o-r.kr
socketplug.store
status.n-e.kr
supports.tk
update.nhnview.kro.kr
updates.o-r.kr
user.ksites.o-r.kr
user.sdaum.o-r.kr
user2.nidcontrol.o-r.kr
userinfo.helpnate.r-e.kr
users.angelatoni.ml
view.p-e.kr
worksheets.tk
xnate.kro.kr
xonate.o-r.kr
yafoo.ga
yahoo.socketplug.store
yarhoo.cf

# Reference: https://www.virustotal.com/gui/ip-address/158.247.213.140/relations

atomic-mail.kro.kr
nts-ml.r-e.kr
loginsecurity.atomic-mail.kro.kr
n-info.nts-ml.r-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/141.164.51.224/relations

brookingauth.store
doccontact.kro.kr
interbate.store
online-mexc.kro.kr
pagovservice.store
paservhill.store
reportdocs.n-e.kr
userauthdetect.n-e.kr
userdocget.p-e.kr
utilitauth.store
vaeouri.store
login.online-mexc.kro.kr

# Reference: https://x.com/malwrhunterteam/status/1922544903466217785
# Reference: https://www.virustotal.com/gui/file/6f5309b75420650aaa773ddab7e4652eae5850b741b42b425372994e427482cb/detection

inventscience.st

# Reference: https://x.com/byrne_emmy12099/status/1922689469972455808
# Reference: https://www.virustotal.com/gui/file/7210ba8af9d40f85dc611a2b31b81e1addc257dba51eaf56402e82f193887650/detection

/ttei35/test/main/trading.jpg

# Reference: https://x.com/SecAI_AI/status/1925193613899694141

# Reference: https://x.com/byrne_emmy12099/status/1925500080834191409
# Reference: https://www.virustotal.com/gui/ip-address/141.164.56.44/relations

http://141.164.56.44
invoiceercm.kro.kr
taxdeliveryservice.kro.kr
userauthority.p-e.kr
userauthoritydoc.p-e.kr
linkdoc.taxdeliveryservice.kro.kr
nid.invoiceercm.kro.kr
one.userauthoritydoc.p-e.kr
ssproxy.userauthority.p-e.kr
v2.taxdeliveryservice.kro.kr

# Reference: https://x.com/byrne_emmy12099/status/1925502961566065064

m2view.com.py/wp-admin/js/widgets/hurryup/

# Reference: https://x.com/byrne_emmy12099/status/1926578072054100177

krgroup.com/wp-admin/js/widgets/hurryup/

# Reference: https://x.com/byrne_emmy12099/status/1926976688551866756
# Reference: https://www.virustotal.com/gui/file/d5b59f06c2505cb28d1e7e52138b40ee5af7c1fc22a1b882e026fb187dd91be5/detection

24hrkpop.com/wp-includes/js/src/inc/get.php
24hrkpop.com/wp-includes/js/src/inc/list.php
24hrkpop.com/wp-includes/js/src/lib/upload.php

# Reference: https://x.com/byrne_emmy12099/status/1926984636346810768
# Reference: https://www.virustotal.com/gui/file/545a059e5bc1ac9cc679c90d92454b53f2f0468c2aa09ad01358230e6c80d883/detection

customelisa.com/js/hurryup/

# Reference: https://x.com/byrne_emmy12099/status/1927191183744254052
# Reference: https://www.virustotal.com/gui/ip-address/67.217.62.222/relations
# Reference: https://www.virustotal.com/gui/file/d75eae7a38df433a4ac5faca0c70a1634729d884e45d14d306b2078fe0a8e5af/detection

http://67.217.62.222
aconn.p-e.kr
appw.p-e.kr
appz.p-e.kr
chromup.p-e.kr
securelinks.o-r.kr
d.appz.p-e.kr
p.aconn.p-e.kr
quick.securelinks.o-r.kr
u.appw.p-e.kr
u.chromup.p-e.kr

# Reference: https://x.com/ThreatBookLabs/status/1927376622748832051
# Reference: https://x.com/ThreatBookLabs/status/1930271824975433966
# Reference: https://www.virustotal.com/gui/ip-address/158.247.199.0/relations

binduserdoc.p-e.kr
blog-authority.o-r.kr
canceldeleting.site
checkpwd.ntsdocsvc.r-e.kr
comfortableuse.site
connectservice.store
dfnogvnsirose.store
gkvnfsdognawiefoiawejofgiahng.xyz
dcloud.binduserdoc.p-e.kr
dinfo.invoicesendsvc.n-e.kr
edoc.groupinfodoc.n-e.kr
groupinfodoc.n-e.kr
hometax.ntsdocsvc.r-e.kr
hometxuser.n-e.kr
invoicesendsvc.n-e.kr
mountainhigher.site
binduserdoc.p-e.kry.o-r.kr
nhs.blog-authority.o-r.kr
nid.taxdepartments.kro.kr
ntsdocsvc.r-e.kr
rorichblog.co.kr
online.binduserdoc.p-e.kr
plesk.rorichblog.co.kr
police.binduserdoc.p-e.kr
profileid.binduserdoc.p-e.kr
requestrecover.store
rnailservice.store
rorichblog.co.kr
serveicecheck.store
supperrabit.site
taxdepartments.kro.kr
user-info.binduserdoc.p-e.kr
v2.hometxuser.n-e.kr
v2.zircon.one
zircon.one
zuioecis.site

# Reference: https://x.com/blackorbird/status/1927419846566019458
# Reference: https://www.virustotal.com/gui/ip-address/158.247.202.109/relations

ajerbairjan.store
handora.site
hasery.store
uropeanva.store
variylelocation.site
verifiruewtyu.store
yokirae.store
yunkuogn.store
deponline.p-e.kr
edoc.deponline.p-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.113.107/relations
# Reference: https://app.validin.com/detail?find=158.247.207.197&type=ip4&ref_id=7a345f05936#tab=resolutions
# Reference: https://app.validin.com/detail?find=34be99c7e4dfe06ce03b91cddb103a2d&type=hash&ref_id=9779f544db0#tab=host_pairs (# 2025-05-26)

aomitor.site
baubal.store
cdseyzd.site
ciowisdzoi.site
ciueisoi.site
clouclservice.store
com-blog.store
com-auth.server-on.net
com-login.live-on.net
cswiusoni.site
eiasioei.site
encziuoi.site
emiodseiou.site
ewsadina.site
fdeocsafe.site
findmeanywhere.store
fwsnmasin.site
generateqiji.store
guiseofiose.xyz
icxzuesu.site
kakao.com-login.live-on.net
kyc.mexc-service.store
m-service.space
makrung.store
mexc-service.store
mexc.m-service.space
mexc.navers.fun
motivisual.store
navercorp.com-auth.server-on.net
navers.fun
neimongh.store
nwinsinas.site
nxaaines.site
one.usrinvoice.mydns.bz
onkeepsec.store
safeservcall.store
sfievdoseu.site
usrinvoice.mydns.bz
vogue90blog.com
voiwucio.site
weovisie.site
whinsnaiun.store
wolsdsdre.site
woridocumun.site
wsginanse.site
wsinwnsi.site
wsoviua.site
xiunianse.site
xnfueisew.site
xsuwinina.site
xziuwouiw.site
xzuiwnia.site
account-login.r-e.kr
accountgooglecroup.p-e.kr
com-account.kro.kr
com-info.kro.kr
com-info.server-on.net
daumepb.servehttp.com
daumflt.onthewifi.com
hviewp.hs.vc
liulie.home.kg
nate.serverpit.com
natexuf.myvnc.com
naver.spottt.com
xiao.bad.mn
xiexie.bot.nu
mail.com-blog.store
nid-naverawf.serveftp.com
nid-naverbqe.ddnsking.com
nid-naverctl.ddnsking.com
nid-naverdqw.servequake.com
nid-naverdsf.servecounterstrike.com
nid-navereyc.onthewifi.com
nid-naverfaq.onthewifi.com
nid-naveriro.onthewifi.com
nid-naverixo.servemp3.com
nid-naverjlm.ddnsking.com
nid-naverkga.servemp3.com
nid-naverlnm.ddnsking.com
nid-naverlqd.servecounterstrike.com
nid-navermfn.servepics.com
nid-navermid.serveftp.com
nid-navernrr.servequake.com
nid-navernvj.servequake.com
nid-navernxe.servegame.com
nid-naveroar.servemp3.com
nid-naveroic.servequake.com
nid-naverosa.servecounterstrike.com
nid-naveroyq.servemp3.com
nid-naverqcr.servepics.com
nid-naverslf.servegame.com
nid-naversne.servecounterstrike.com
nid-naversno.servecounterstrike.com
nid-navertgo.ddnsking.com
nid-navertht.ddnsking.com
nid-navertyh.servepics.com
nid-naveruhr.myvnc.com
nid-naveruyy.serveftp.com
nid-navervjb.myvnc.com
nid-navervtw.serveftp.com
nid-naverway.ddnsking.com
nid-naverwza.servecounterstrike.com
nid-naverxeu.serveftp.com
nid-naverzch.servegame.com
nid-naverzcr.myvnc.com
nid-naverzis.servequake.com
yagorf.myvnc.com
asset.kyc.mexc-service.store
kakao.com-info.kro.kr
kakao.com-info.server-on.net
mail3.nate.serverpit.com
mexc.account-login.r-e.kr
mexc.com-account.kro.kr
nid.naver.spottt.com
sign.accountgooglecroup.p-e.kr

# Reference: https://x.com/byrne_emmy12099/status/1927367956901564832

retailparkderventa.com/assets/js/hurryup/

# Reference: https://x.com/byrne_emmy12099/status/1927388034896466290

spartel.com/wp-admin/js/widgets/hurryup/

# Reference: https://x.com/byrne_emmy12099/status/1927677082303144311

phasechangesolutions.com/wp-admin/css/colors/coffee/hurryup/

# Reference: https://x.com/byrne_emmy12099/status/1928097347155759464
# Reference: https://www.virustotal.com/gui/file/ec74362f90a482f03fc455358be86b80342487c868cb9e250634781186f0ec88/detection

ogw-srl.com/site/wp-includes/js/src/get.php
ogw-srl.com/site/wp-includes/js/src/list.php
ogw-srl.com/site/wp-includes/js/src/upload.php
slamarama.org/wp-includes/js/read/get.php
slamarama.org/wp-includes/js/read/list.php
slamarama.org/wp-includes/js/read/upload.php

# Reference: https://x.com/cyber_ra1/status/1928015732371247311
# Reference: https://x.com/byrne_emmy12099/status/1928044290229362857
# Reference: https://x.com/blackorbird/status/1930267218681680151
# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.10/relations

http://27.102.138.10
http://27.102.138.216
http://27.102.138.226
http://141.164.51.224
http://158.247.199.0
http://158.247.242.166
http://158.247.247.157
http://158.247.252.100
account.mexc-en.kro.kr
account.usersupport-mexc.n-e.kr
accountsignv3.64bit.kr
accountverifcation.64bit.kr
accountverifcations.64bit.kr
allowservice.store
auth-supportgoogle.kro.kr
auth-usraccount.64bit.kr
block.setinfo.kro.kr
bn.seververif.server-on.net
bn.tiang.server-on.net
callnotice.server-on.net
check-gooqle.site
check-info.store
checkpwd.networkoutpost.com
checkyouinfo.kro.kr
checkyouinfo.live-on.net
cn.seververif.server-on.net
cn.unlink.server-on.net
corn-info.space
dn.twoon.co.kr
ejioasd.top
google.accountsignv3.64bit.kr
google.accountverifcation.64bit.kr
google.accountverifcations.64bit.kr
google.auth-usraccount.64bit.kr
google.login-oauthuser.kro.kr
google.login-verifyaccount.o-r.kr
google.oauth-verification.p-e.kr
google.securevalidation.live-on.net
google.sign-useraccount.p-e.kr
google.sign-usraccount.64bit.kr
google.sign-verifyuser.64bit.kr
google.signin-authv3.n-e.kr
google.useraccountsverify.mydns.jp
google.userauthenticate-v3.kro.kr
google.usernotifications.server-on.net
google.userverification.o-r.kr
google.usrverification.64bit.kr
google.v3-accountsign.kro.kr
log.checkyouinfo.kro.kr
login-oauthuser.kro.kr
login-verifyaccount.o-r.kr
login.mexc-ko.kro.kr
lognotice.server-on.net
mail.check-info.store
mexc-en.kro.kr
mexc-ko.kro.kr
mexc.corn-info.space
mexc.sign-useraccount.kro.kr
myaccount.check-gooqle.site
na.lognotice.server-on.net
nc.callnotice.server-on.net
ne.checkyouinfo.live-on.net
nhsdoc.networkoutpost.com
nid.nidauthsvc.p-e.kr
nidauthsvc.p-e.kr
nidlnk.networkoutpost.com
ns2.check-info.store
oauth-verification.p-e.kr
pasevperson.store
peopellifesuccess.site
securevalidation.live-on.net
setinfo.kro.kr
seververif.server-on.net
sign-useraccount.kro.kr
sign-useraccount.p-e.kr
sign-usraccount.64bit.kr
sign-verifyuser.64bit.kr
sign.auth-supportgoogle.kro.kr
signin-authv3.n-e.kr
tiang.server-on.net
unlink.server-on.net
useraccountsverify.mydns.jp
userauthenticate-v3.kro.kr
usernotifications.server-on.net
usersupport-mexc.n-e.kr
userverification.o-r.kr
usrverification.64bit.kr
v3-accountsign.kro.kr
veri.yoursinfo.kro.kr
yoursinfo.kro.kr

# Reference: https://wezard4u.tistory.com/429498

seacura.com/wp-includes/js/get.php
seacura.com/wp-includes/js/list.php
seacura.com/wp-includes/js/upload.php

# Reference: https://app.validin.com/detail?find=c002186216f972bb72f8193cdab9717452aad212&type=hash#tab=host_pairs (# 2025-06-01)

asaninst.site
bizkoffice.com
downloads.autos
large.makeup
sejongcloud.site
totalsever.site

# Reference: https://x.com/byrne_emmy12099/status/1930104823577465006
# Reference: https://www.virustotal.com/gui/file/2d516c97e510bbdfb89eae329b88e0bf5557105b8e1f1de91f88f0e944835f15/detection

thegreatratings.com/wp-admin/js/widgets/hurryup/

# Reference: https://x.com/byrne_emmy12099/status/1931887447878885474

accwebcloud.com

# Reference: https://x.com/cyberwar_15/status/1931871427587916076
# Reference: https://www.genians.co.kr/en/blog/threat_intelligence/triple-combo

dirwear.000webhostapp.com
jieun.dothome.co.kr
nauji.n-e.kr
nomera.n-e.kr
onsungtong.n-e.kr
update.screawear.ga
vamboo.n-e.kr

# Reference: https://x.com/byrne_emmy12099/status/1933299821303251386

supportive.website

# Reference: https://app.validin.com/detail?find=27.102.138.9&type=ip4&ref_id=c51603cdcf7#tab=resolutions

checkinfo.pro
info-check.store
nid-account.store
cjlogistics.kro.kr
app.cjlogistics.kro.kr
dns.cjlogistics.kro.kr
google-account.checkinfo.pro

# Reference: https://x.com/JangPr0/status/1934848610312802607
# Reference: https://www.virustotal.com/gui/file/f0dae5dc37da56496166971da30d615c0fdfd54790e3fd0d58d3511627e2251b/detection

stock-investing-basics.com/jessica/wp-includes/js/common/inc/get.php
stock-investing-basics.com/jessica/wp-includes/js/common/src/list.php
stock-investing-basics.com/jessica/wp-includes/js/common/src/upload.php

# Reference: https://x.com/lazarusholic/status/1934966841321066866
# Reference: https://asec.ahnlab.com/en/88465/
# Reference: https://app.validin.com/detail?find=f1ee451b98a1cf62ab615e44d0468b7b&type=hash&ref_id=40a44b381e4#tab=host_pairs (# 2025-06-17)
# Reference: https://app.validin.com/detail?find=211.170.73.245&type=ip4&ref_id=3354f9de4a4#tab=resolutions (# 2025-06-17)
# Reference: https://app.validin.com/detail?find=211.32.57.117&type=ip4&ref_id=3354f9de4a4#tab=resolutions (# 2025-06-17)

http://103.130.212.116
http://103.149.98.230
assembly.mtomtech.co.kr
assembly.twoon.co.kr
bgsys.co.kr
e-securedrive.assembly.mtomtech.co.kr
e-securedrive.assembly.twoon.co.kr
invoice.bgsys.co.kr
m.qwe33.org
nava.unids.com
naver.bnene.com
naver.npmpt.com
naver.okzk.com
naver.paumard.com
naver.rkfd.com
naver.unibutton.com
neve.coreytech.com
nid.naver.rkfd.com
nid.naver.unibutton.com
niva.serverpit.com
nld.naver.bnene.com
nld.naver.npmpt.com
nld.naver.okzk.com
nld.naver.paumard.com
qwe33.org
securedrivecert.crabdance.com
securedrivelog.register.im
superziba.com
/0220_pprb_man_1/
/pprb/0220_pprb_man_1/
/pprb/0220_pprb_man_1/an/d.php
/anlab/d.php?newpa=

# Reference: https://unit42.paloaltonetworks.com/kimjongrat-stealer-variant-powershell/

cdn.glitch.global/17443dac-272c-421c-80ac-53a3695ede0e/
cdn.glitch.global/2eefa6a0-44ff-4979-9a9c-689be652996d/
cdn.glitch.global/4ab4f138-6f66-4b39-a7dc-9d4843dcf34f/
cdn.glitch.global/59e3786e-8284-4f16-8844-134b12e58b6f/
cdn.glitch.global/c97fe797-45c1-473b-a2f8-3c0c8bb431af/

# Reference: https://x.com/RexorVc0/status/1935208698391265600
# Reference: https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247515137&idx=1&sn=98a66e3565c09db9b5a0d0fc4674177b&chksm=ea664b76dd11c2609464609b7f47077c0e50324fba496447f7d262a25fc0e94f1973c3030ee6&scene=178&cur_album_id=1539799351089283075&search_click_id
# Reference: https://www.virustotal.com/gui/file/252ce6c7e91f14f9046a5f79d43cada21734e7123f6e29676daa6d5138873383/detection
# Reference: https://www.virustotal.com/gui/file/011c56403fd2171b667f4b200c2d26ebec69f19a9b8e9ecf115e718bc0318d2a/detection

162.216.114.133:53
cooldate.p-e.kr
drydate.p-e.kr
oxford.p-e.kr
june.drydate.p-e.kr
summer.cooldate.p-e.kr
uni.oxford.p-e.kr

# Reference: https://x.com/byrne_emmy12099/status/1935053386422034929
# Reference: https://www.virustotal.com/gui/file/0e75a7d2077c13eb5c8b1329ea3b254d56b1b9210bacf5998ead7c17e62d1247/detection

nidnaver.cloud
knees.nidnaver.cloud
toes.nidnaver.cloud

# Reference: https://x.com/byrne_emmy12099/status/1935055166665015743
# Reference: https://www.virustotal.com/gui/file/892297367c318b2e66cf0ee2fc592f86cc07dbdd424898030d695f246dd696a1/detection

w7fsbv.onlinewebshop.net

# Reference: https://www.enki.co.kr/en/media-center/tech-blog/dissecting-kimsuky-s-attacks-on-south-korea-in-depth-analysis-of-github-based-malicious-infrastructure

141.164.41.17:443
bosinnaun.site
dfagovph.store
egoruopove.store
fowsaionis.site
ko.myfiend.shop
ouioasan.site
voisomig.site
wasionuin.site
wisminsim.site
wmanisdin.site
wscnains.site
zoicopinum.store

# Reference: https://app.validin.com/detail?find=158.247.202.109&type=ip4#tab=resolutions

fniuomens.site
runauiso.site
wruniesio.site

# Reference: https://app.validin.com/detail?find=158.247.230.196&type=ip4#tab=resolutions

kfqload.site
mfaceneriury.store
mfatehranservewemtonyweroperioneiranemb.store
totalcloud.site

# Reference: https://app.validin.com/detail?find=158.247.253.215&type=ip4#tab=resolutions

gplayall.store
homecloudservice.store
requestmail.online
totalcloudservice.store

# Reference: https://app.validin.com/detail?find=121.173.12.113&type=ip4&ref_id=16324e9a9fd#tab=resolutions

confirm.nidslogin.n-e.kr
etax.redirectme.net
homtax-edoc.redirectme.net
homtax.serveirc.com
homtaxadmin.redirectme.net
nidlogin.redirectme.net
notice.servebeer.com
reconfirm.redirectme.net
security.servepics.com

# Reference: https://app.validin.com/detail?find=141.164.55.2&type=ip4&ref_id=18237052911#tab=resolutions

log.strangled.net

# Reference: https://app.validin.com/detail?find=8493f7f619daa37a8bd3d4b0fe2452de2f977657dc72fa132e7940d1a3370533&type=hash&ref_id=36302954df8#tab=host_pairs (# 2025-06-21)

fewopwehu.store
hunegary.store
tjtlnwm.xyz

# Reference: https://x.com/byrne_emmy12099/status/1937330494624137690
# Reference: https://www.virustotal.com/gui/file/1f22feddc82ea3638c4d9d7ea646b0d3212626cec3adb7eca08fe6c273dc9083/detection

aseauav.co.kr/pcount/count/index.php

# Reference: https://www.virustotal.com/gui/ip-address/158.247.236.169/relations
# Reference: https://app.validin.com/detail?find=158.247.236.169&type=ip4&ref_id=ec9a3bedcdd#tab=resolutions

cfgosterp.store
fccrestoretp.site
nmails.site
nsecallow.site
tensouderp.store
tomprestp.store
docsdeliver.mydns.jp
hometxdoc.mydns.bz
userinfoblg.o-r.kr
userlogin-verify.n-e.kr
binfo.userinfoblg.o-r.kr
docinfo.docsdeliver.mydns.jp
mexc.userlogin-verify.n-e.kr
usr.hometxdoc.mydns.bz
a-info.userinfoblg.o-r.kr
b-info.userinfoblg.o-r.kr
c-info.userinfoblg.o-r.kr
d-info.userinfoblg.o-r.kr
e-info.userinfoblg.o-r.kr
f-info.userinfoblg.o-r.kr
g-info.userinfoblg.o-r.kr
h-info.userinfoblg.o-r.kr
i-info.userinfoblg.o-r.kr
j-info.userinfoblg.o-r.kr
k-info.userinfoblg.o-r.kr
l-info.userinfoblg.o-r.kr
m-info.userinfoblg.o-r.kr
n-info.userinfoblg.o-r.kr
o-info.userinfoblg.o-r.kr
p-info.userinfoblg.o-r.kr
q-info.userinfoblg.o-r.kr
r-info.userinfoblg.o-r.kr
s-info.userinfoblg.o-r.kr
t-info.userinfoblg.o-r.kr
u-info.userinfoblg.o-r.kr
v-info.userinfoblg.o-r.kr
w-info.userinfoblg.o-r.kr
x-info.userinfoblg.o-r.kr
y-info.userinfoblg.o-r.kr
z-info.userinfoblg.o-r.kr

# Reference: https://medium.com/@LCSC-IE/identifying-north-korean-kimsuky-apt43-infrastructure-b6817a58a65b
# Reference: https://app.validin.com/detail?type=ip&find=158.247.215.121#tab=resolutions
# Reference: https://www.virustotal.com/gui/ip-address/141.164.51.224/relations

amaisens.site
babaleside.cyou
foisains.site
fsxcmin.site
masoidide.cyou
narmadide.icu
nxczins.site
saoiuaou.site
smanains.site
umasomon.site
voosinm.site
wnsoidos.site
clouddocservice.o-r.kr
dcloud.docderive.n-e.kr
departmentedoc.r-e.kr
docavailable.kro.kr
docderive.n-e.kr
drivedoc.o-r.kr
endoc.kaznets.com
nhsdoc.crabdance.com
ntspaysvc.o-r.kr
policegoalsvc.p-e.kr
checkpwd.clouddocservice.o-r.kr
doc-user.docderive.n-e.kr
eldoc.docderive.n-e.kr
hometx.taxdepartmentsvc.kro.kr
idverify.docavailable.kro.kr
nid.policegoalsvc.p-e.kr
niduser.drivedoc.o-r.kr
nts.departmentedoc.r-e.kr
nts.user-hometx.r-e.kr
online.receivdocs.n-e.kr
providedoc.docavailable.kro.kr
pwdcheck.receivdocs.n-e.kr
user.ntspaysvc.o-r.kr
userauthority.receivdocs.n-e.kr
userlog.docderive.n-e.kr
receivdocs.n-e.kr
taxdepartmentsvc.kro.kr
user-hometx.r-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.214/relations
# Reference: https://app.validin.com/detail?find=27.102.138.214&type=ip4&ref_id=2fd6d8a92a1#tab=resolutions

docnscorp.space
account-mexc.kro.kr
nv-dns.o-r.kr
e-doc.nv-dns.o-r.kr
sign.account-mexc.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.241/relations
# Reference: https://app.validin.com/detail?find=27.102.138.241&type=ip4&ref_id=0ea7e6d1e74#tab=resolutions

app.tworld-store.kro.kr
appstore.skt-mobile.kro.kr
appstore.skt-service.kro.kr
appstore.sktelecom-security.kro.kr
checkinfo.nbox-nd.r-e.kr
download.sktelecom.o-r.kr
info-check.space
ninfo.duckdns.org
skt-mobile.kro.kr
skt-service.kro.kr
sktelecom-security.kro.kr
tworld-store.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.155/relations

mexc.site
com-mg.mydns.tw
com-view.mydns.tw
kyc-verify.o-r.kr
mexc-view.n-e.kr
mexc.mexc.site
cto.com-mg.mydns.tw
confirm.kyc-verify.o-r.kr
file.cto.com-mg.mydns.tw
login.mexc-view.n-e.kr

# Reference: https://app.validin.com/detail?find=3a8da3b6980574b5b43377ab3dde3ca1&type=hash&ref_id=0d4bc70bd9c#tab=host_pairs (# 2025-06-24)

account-contact.kro.kr
accountcorp.online
corpverifcation.store
login-secure.kro.kr
notice-security.kro.kr
notice-user.kro.kr
security-sign.kro.kr
sign-account.kro.kr
sign-user.kro.kr
sign-v3.kro.kr
signin-account.kro.kr
v3-sign-account.kro.kr
v3-sign.kro.kr
account-google.notice-security.kro.kr
account-google.security-sign.kro.kr
dns-google.notice-user.kro.kr
dns-google.signin-account.kro.kr
google.account-contact.kro.kr
google.corpverifcation.store
google.login-secure.kro.kr
google.sign-user.kro.kr
google.sign-v3.kro.kr
google.signin-account.kro.kr
google.v3-sign-account.kro.kr
google.v3-sign.kro.kr
login.accountcorp.online
router-google.sign-account.kro.kr

# Reference: https://app.validin.com/detail?find=27.102.138.171&type=ip4&ref_id=ec97853d078#tab=resolutions

g-service.online
view.g-service.online

# Reference: https://www.virustotal.com/gui/ip-address/141.164.48.222/relations
# Reference: https://app.validin.com/detail?find=141.164.48.222&type=ip4&ref_id=523254a332b#tab=resolutions

email-service.pro
account-service.kro.kr
account-verify.kro.kr
check-account.kro.kr
email-link.kro.kr
verification-account.kro.kr
google-submit.kro.kr
google.account-service.kro.kr
google.account-verify.kro.kr
google.check-account.kro.kr
google.email-link.kro.kr
google.email-service.pro
google.verification-account.kro.kr
login.google-submit.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.172/relations
# Reference: https://app.validin.com/detail?find=27.102.138.172&type=ip4&ref_id=523254a332b#tab=resolutions

accountcorp.site
g-service.shop
login.accountcorp.site
mail.g-service.shop
view.g-service.shop

# Reference: https://www.virustotal.com/gui/ip-address/185.18.222.117/relations
# Reference: https://app.validin.com/detail?find=185.18.222.117&type=ip4&ref_id=523254a332b#tab=resolutions

http://185.18.222.117
account-signin.kro.kr
accounts-sign.kro.kr
login-accounts.kro.kr
notice-account.kro.kr
notice-service.kro.kr
security-notice.kro.kr
security-user.kro.kr
sign-accounts.kro.kr
sign-security.kro.kr
account-google.notice-service.kro.kr
account-google.security-notice.kro.kr
account-google.security-user.kro.kr
account-google.sign-security.kro.kr
dns-google.account-signin.kro.kr
dns-google.login-accounts.kro.kr
dns-google.sign-accounts.kro.kr
google.accounts-sign.kro.kr
google.sign-security.kro.kr
support-google.notice-account.kro.kr

# Reference: https://app.validin.com/detail?find=185.18.222.54&type=ip4&ref_id=b6d4775534f#tab=resolutions

home.p-e.kr
login.home.p-e.kr

# Reference: https://app.validin.com/detail?find=27.102.113.20&type=ip4&ref_id=e6997b847f3#tab=resolutions

daumcxl.ddnsking.com
daumcyd.ddns.net
daumfrb.ddns.net
daumoiw.chickenkiller.com
daumrmu.bounceme.net
kakao.chickenkiller.com
kakao.gurdit.com
kakao.ignorelist.com
kakao.jumpingcrab.com
kakao.twilightparadox.com
nate.chickenkiller.com
nate.crabdance.com
nate.ignorelist.com
nate.opior.com
natezlx.myvnc.com
naver.hackquest.com
naver.midjava.com
naver.norushcharge.com
naver.pakasak.com
naver.photo-frame.com
naver.raspberryip.com
naver.serverpit.com
naver.twilightparadox.com
nid-naverbpk.onthewifi.com
nid-naverduq.servegame.com
nid-naverkhc.serveftp.com
nid-naverkhd.onthewifi.com
nid-navernlj.servegame.com
nid-naverpns.onthewifi.com
nid-naverwhf.3utilities.com
nid-naverxft.onthewifi.com
nid-naveryhy.ddnsking.com
nid-naverzsq.ddnsking.com
nid-naverzwr.serveftp.com
accounts.kakao.chickenkiller.com
accounts.kakao.gurdit.com
accounts.kakao.ignorelist.com
accounts.kakao.jumpingcrab.com
accounts.kakao.twilightparadox.com
mail3.nate.chickenkiller.com
mail3.nate.crabdance.com
mail3.nate.ignorelist.com
mail3.nate.opior.com
nid-naverahs.servequake.com
nid-naverkae.servecounterstrike.com
nid-naverpvp.servequake.com
nid-navertdm.servequake.com
nid.naver.hackquest.com
nid.naver.midjava.com
nid.naver.norushcharge.com
nid.naver.pakasak.com
nid.naver.photo-frame.com
nid.naver.raspberryip.com
nid.naver.serverpit.com
nid.naver.twilightparadox.com

# Reference: https://app.validin.com/detail?find=158.247.242.126&type=ip4&ref_id=62f820067fe#tab=resolutions

ramasin.store
smartwallpaper.store
webhistoryanalyze.store

# Reference: https://x.com/ThreatBookLabs/status/1939504169435767127

check-info.site
com-claim.mydns.bz
geneinfo.n-e.kr
manageinfo.n-e.kr

# Reference: https://x.com/blackorbird/status/1939957956621066721
# Reference: https://www.genians.co.kr/en/blog/threat_intelligence/suky-castle

androcl.csproject.org
androclesproject.o-r.kr
bikaro.store
check-computer.kro.kr
cukumam.shop
drive.polices.site
kida.plusdocs.kro.kr
konamo.xyz
lecture-site.kro.kr
login.androclesproject.o-r.kr
menews.o-r.kr
mspro.kro.kr
msprovider.menews.o-r.kr
naunsae.store
online.check-computer.kro.kr
online.lecture-site.kro.kr
plusdocs.kro.kr
polices.site
raedom.store
secure.drive.polices.site
securedrive.privatedns.org
securedrive.servehttp.com
tenelbox.store

# Reference: https://x.com/suyog41/status/1940398834187898973
# Reference: https://www.virustotal.com/gui/file/81a284353e770872988e483b351223b722004893adc257d671c084b474371ca9/detection

mobballetc2ec.com/wp-admin/js/widgets/hurryup/

# Reference: https://app.validin.com/detail?find=34be99c7e4dfe06ce03b91cddb103a2d&type=hash#tab=host_pairs (# 2025-07-02)

ahope.site
airdrop.p2pb2b.kro.kr
beta-bill.fin-ncloud.com
bn.imortinfo.live-on.net
chataquaesg.com
com-ace.live-on.net
com-ces.keyword-on.net
com-ox.mydns.jp
daebakit.site
dn.imortinfo.live-on.net
edoc.ntdocument.r-e.kr
edoc.ntpservice.kro.kr
edoc.view.com-ace.live-on.net
edoc.view.com-ces.keyword-on.net
edoc.view.file.com-ox.mydns.jp
enclisept.space
encredor.space
fecarounetp.store
file.com-ox.mydns.jp
gcctomp.site
gofecav.site
imortinfo.live-on.net
invoice.myonlinedoc.kro.kr
keomskd.site
kfowkd.site
kiroffo.site
linkdeposits.o-r.kr
marketpricef.buzz
marry.verymad.net
mid.edoc.view.file.com-ox.mydns.jp
myonlinedoc.kro.kr
naver.chickenkiller.com
naver.crabdance.com
naver.ignorelist.com
naver.jumpingcrab.com
naver.minecraftnoob.com
nid-naverbmn.servecounterstrike.com
nid-naveruah.serveftp.com
nid.edoc.view.com-ace.live-on.net
nid.linkdeposits.o-r.kr
nid.naver.chickenkiller.com
nid.naver.crabdance.com
nid.naver.ignorelist.com
nid.naver.jumpingcrab.com
nid.naver.minecraftnoob.com
nid.ntdocument.r-e.kr
nld.edoc.view.com-ces.keyword-on.net
nood.edoc.view.file.com-ox.mydns.jp
ntdocument.r-e.kr
ntpservice.kro.kr
oscretar.site
p2pb2b.kro.kr
plefkre.site
quiomansi.sbs
thikkre.site
view.com-ace.live-on.net
view.com-ces.keyword-on.net
view.file.com-ox.mydns.jp
xiao.zanity.net

# Reference: https://app.validin.com/detail?find=118.194.228.184&type=ip4&ref_id=efd5a5f2a6b#tab=resolutions

one-service.life
accounts-profile.servepics.com
accounts.one-service.life
drive-confirm.servehttp.com
kdda56.serveftp.com
kdda56.servehttp.com
myaccounts-setting.servehttp.com

# Reference: https://app.validin.com/detail?find=172.86.111.75&type=ip4&ref_id=efd5a5f2a6b#tab=resolutions

accounts-myservice.servepics.com
freedrive.servehttp.com
login-accounts.servehttp.com
myaccounts-profile.servehttp.com
mydocs.onthewifi.com
securedrive-mofa.servehttp.com
translate.onthewifi.com
undocs.ddns.net
undocs.myvnc.com
undocs.servehttp.com

# Reference: https://x.com/ThreatBookLabs/status/1942780953849651418
# Reference: https://www.virustotal.com/gui/ip-address/27.102.137.242/relations
# Reference: https://app.validin.com/detail?find=27.102.137.242&type=ip4&ref_id=66af4d6ff8a#tab=resolutions (# 2025-07-06)

http://27.102.137.242
an.ntlink.live-on.net
an.verifyserve.live-on.net
com-login.kro.kr
dn.infclog.live-on.net
dn.nodeyou.live-on.net
infclog.live-on.net
kakao.com-login.kro.kr
nodeyou.live-on.net
ntlink.live-on.net
verifyserve.live-on.net

# Reference: https://app.validin.com/detail?find=158.247.249.46&type=ip4&ref_id=ad26f63a45f#tab=resolutions
# Reference: https://app.validin.com/detail?find=c002186216f972bb72f8193cdab9717452aad212&type=hash#tab=host_pairs (# 2025-07-09)

cdieused.site
edusecudie.site
eiisaoin.site
eioduisoue.site
irucuseiw.site
oicuszcis.site
oxseieo.site
sioenise.site
uoeicxo.site
chosunlibs.r-e.kr
chosunweb.n-e.kr
kimchee.p-e.kr
nidnosr.n-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.91/relations

http://27.102.138.91
cyber.server-on.net
nts-edoc.live-on.net
p2b-team.kro.kr
signin.server-on.net
checksign.nts-edoc.live-on.net
n-info.signin.server-on.net
sales.p2b-team.kro.kr

# Reference: https://app.validin.com/detail?find=27.102.138.154&type=ip4&ref_id=3ece2c29b85#tab=resolutions

mexcs.shop
com-cool.mydns.bz
com-life.keyword-on.net
view.mexcs.shop
mybox.com-cool.mydns.bz
file.com-life.keyword-on.net

# Reference: https://www.virustotal.com/gui/ip-address/216.219.95.242/relations
# Reference: https://www.virustotal.com/gui/file/9f73e39ca5afd64bb1bd3ed2da84c1fec67143af23ab59fe9d66387fc61b1395/detection

aomeioras2.r-e.kr
broowo.n-e.kr
chonkris.n-e.kr
churchlovenet.n-e.kr
daniele.n-e.kr
donghowon.n-e.kr
hongra.n-e.kr
joyseo.n-e.kr
kocill.n-e.kr
kopycill.n-e.kr
metong.n-e.kr
nelro.n-e.kr
seoim.n-e.kr
skytpoo.n-e.kr
spaoverce.p-e.kr
titicaca.n-e.kr
tongsoju.n-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/213.142.157.4/relations

drover.crabdance.com
goole.n-e.kr
gooqle.n-e.kr
kns.p-e.kr
kwac.p-e.kr
nover.n-e.kr
store.farted.net
accounts.gooqle.n-e.kr
aconts.goole.n-e.kr
land.gooqle.n-e.kr
mail.kns.p-e.kr
nid.kwac.p-e.kr
nid.nover.n-e.kr
privateaccounts.gooqle.n-e.kr
storeer.chickenkiller.com

# Reference: https://x.com/byrne_emmy12099/status/1946721611878711302

temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/interview/d.php

# Reference: https://app.validin.com/detail?find=158.247.197.181&type=ip4&ref_id=841428900b1#tab=resolutions

dongavpn.sbs
eosicxodienie.icu
fewaine.site
fowiosi.site
iasoiexci.site
ieucobnduie.icu
vouge90blog.com
wiusoins.site
zixcueovieon.icu
wave12.co.kr

# Reference: https://x.com/byrne_emmy12099/status/1948029281181016485
# Reference: https://www.virustotal.com/gui/file/372c8dc7df9e584f117c9543f1fbe1cc3674e8e47a848feaefa049e8e71870dc/detection

/God0808RAMA/group_0721/
/God0808RAMA/

# Reference: https://www.virustotal.com/gui/ip-address/27.102.137.214/relations

account-v3sign.server-on.net
accountssignin.kro.kr
oauthusrlogin.kro.kr
onlinegdrive.kro.kr
secureverification.kro.kr
google.account-v3sign.server-on.net
google.accountssignin.kro.kr
google.oauthusrlogin.kro.kr
google.onlinegdrive.kro.kr
google.secureverification.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/158.247.192.187/relations

accountsitelogin.kro.kr
doc-portal.o-r.kr
hcaredocs.o-r.kr
secureactivity.kro.kr
userauthority.server-on.net
docinfo.doc-portal.o-r.kr
google.accountsitelogin.kro.kr
google.secureactivity.kro.kr
google.userauthority.server-on.net
httpnewdoc.hcaredocs.o-r.kr
hxxpnewdoc.hcaredocs.o-r.kr
invoice.npsuserdoc.cloudns.pro
linkdoc.hcaredocs.o-r.kr
newdoc.hcaredocs.o-r.kr
npsuserdoc.cloudns.pro
verify.hcaredocs.o-r.kr
xn--hpnewdoc-lf5aa.hcaredocs.o-r.kr

# Reference: https://app.validin.com/detail?find=141.164.42.147&type=ip4&ref_id=7cf677b56b4#tab=resolutions

assernbly-portai.online
assebly.o-r.kr
assernbly.n-e.kr
namail.n-e.kr
narnail.o-r.kr
potarl.p-e.kr
nawstairlaw.site
npwthfighsklay.store
npwtwkicklain.store
nwp25lawpointin.store
riavelerscorp.store
totopiicckk7.shop
totopppplayy3.shop
totopppplayy5.shop
totopppppick3.shop

# Reference: https://x.com/ThreatBookLabs/status/1952157612658807143
# Reference: https://www.virustotal.com/gui/ip-address/203.245.0.121/community

http://203.245.0.121
203.245.0.121:443

# Reference: https://x.com/byrne_emmy12099/status/1953234862099579213
# Reference: https://x.com/ThreatBookLabs/status/1958002067186065811
# Reference: https://www.virustotal.com/gui/file/0375a1e1f558d436de7e93570aa15f9554210d52f724d1189d65c809d31c04cf/detection

lizventure.com/wp-includes/js/common/src/get.php
lizventure.com/wp-includes/js/common/src/list.php
lizventure.com/wp-includes/js/common/src/upload.php
offworldempires.com/wp-includes/js/common/src/get.php
offworldempires.com/wp-includes/js/common/src/list.php
offworldempires.com/wp-includes/js/common/src/upload.php

# Reference: https://wezard4u.tistory.com/429571
# Reference: https://app.validin.com/detail?find=80.240.25.169&type=ip4&ref_id=63dda09d394#tab=resolutions

nextforum-online.com
officecheckingpo.com
officemailcenter.com
officemainrest.com
telidhe.com
websecuritynotice.com
websiteservice-noreply.com
onnara9.saas.gcloud.go.kr

# Reference: https://x.com/asdasd13asbz/status/1957488385611952557
# Reference: https://www.virustotal.com/gui/ip-address/103.80.49.97/relations
# Reference: https://app.validin.com/detail?find=a93338c41c541aecef9257584993765e&type=hash&ref_id=8a75dacb841#tab=host_pairs (# 2025-08-18)

accountgoog.space
accounts.sundby.com
appsettings.space
bit.wiki.gd
help.sundby.com
myaccount.apps.dj
mydoc.wiki.gd
mydrive.minecraft.pe
mydrive.raspberryip.com
myview.pakasak.com
register.info.gf
services.inet2.org
services.soon.it
setting.serverpit.com
setting.youpc.ro
yahoolor.ddnsking.com
ysetting.info.gf

# Reference: https://app.validin.com/detail?find=158.247.215.61&type=ip4&ref_id=e5e71b1e2fc#tab=resolutions (# 2025-08-19)

cuiseoviu.site
eioxcudiyine.icu
ixcudieowie.icu
owiucxdiwo.site
page-engine.site
rexcisuiewinuo.icu
saunuionm.site
ssercsesite.store
sxainoius.site
vodiuwsofew.xyz
weoivinse.site
wmiuoins.site
wzioeniun.site

# Reference: https://app.validin.com/detail?find=34be99c7e4dfe06ce03b91cddb103a2d&type=hash&ref_id=2bf554ef1ec#tab=host_pairs (# 2025-08-21)

an.infiyou.mydns.bz
an.infiyou.server-on.net
alcidrm.site
altowod.site
apolok.site
auth.blogauthor.r-e.kr
auth.checkserviceblog.kro.kr
auth.eboardsvc.r-e.kr
auth.myonlineblog.r-e.kr
auth.netblogs.kro.kr
authenticate.ntaxhomedoc.live-on.net
binfo.blogercommunity.o-r.kr
binfo.blogscorp.kro.kr
binfo.eblogapp.kro.kr
binfo.muserblog.server-on.net
blogauthor.r-e.kr
blogclaimcenter.kro.kr
blogerapp.o-r.kr
blogercommunity.o-r.kr
bloginfo.blogclaimcenter.kro.kr
bloginfo.blogerapp.o-r.kr
bloginfo.blogercommunity.o-r.kr
blogscorp.kro.kr
bn.infiyou.server-on.net
bn.noticingyou.server-on.net
checkserviceblog.kro.kr
chkblog.blogauthor.r-e.kr
chkblog.checkserviceblog.kro.kr
chkblog.eboardserver.n-e.kr
chkblog.eboardsvc.r-e.kr
chkblog.myonlineblog.r-e.kr
chkblog.netblogs.kro.kr
cloudonline.server-on.net
cn.infiyou.mydns.bz
cn.noticingyou.mydns.bz
com-auth.live-on.net
com-login.server-on.net
com-swod.mydns.tw
cot.man.com-swod.mydns.tw
dn.noticingyou.server-on.net
doc-info.ultimamilla.cl
docinfo.myschdoc.o-r.kr
eblogapp.kro.kr
eboardserver.n-e.kr
eboardsvc.r-e.kr
edoc.view.file.cot.man.com-swod.mydns.tw
edocusers.n-e.kr
file.cot.man.com-swod.mydns.tw
govdoc.p-e.kr
htax-kr.server-on.net
htax-mail.server-on.net
infiyou.mydns.bz
infiyou.server-on.net
invoice.dapit.net
ksufer.info
man.com-swod.mydns.tw
muserblog.server-on.net
myonlineblog.r-e.kr
myschdoc.o-r.kr
navercorp.com-auth.live-on.net
navercorp.com-login.server-on.net
netblogs.kro.kr
nid.edoc.view.file.cot.man.com-swod.mydns.tw
nmail.server-on.net
nnks.duckdns.org
noticingyou.mydns.bz
noticingyou.server-on.net
ntaxhomedoc.live-on.net
nts-go.server-on.net
nts-kr.server-on.net
online.govdoc.p-e.kr
pdoc.edocusers.n-e.kr
surfboard-kr.aisu.cyou
ublog.blogauthor.r-e.kr
ublog.checkserviceblog.kro.kr
ublog.eboardserver.n-e.kr
ublog.myonlineblog.r-e.kr
ublog.netblogs.kro.kr
vfirst.store
view.file.cot.man.com-swod.mydns.tw
vpn730486675.softether.net

# Reference: https://www.virustotal.com/gui/ip-address/216.244.74.97/relations

drive.gurdit.com
drive.isageek.net
forms.evils.in
forms.govt.hu
mydrive.joe.dj
setting.showmyhomes.com
view.allisons.org

# Reference: https://www.virustotal.com/gui/ip-address/121.183.134.113/relations

http://121.183.134.113
121.183.134.113:443
121.183.134.113:7000
121.183.134.113:8080

# Reference: https://www.virustotal.com/gui/ip-address/158.247.240.40/relations

auth.blogsnet.r-e.kr
auth.eboard-blog.kro.kr
auth.eboardserver.n-e.kr
binfo.blogauthservice.o-r.kr
binfo.blogerapp.o-r.kr
binfo.bloghomecenter.r-e.kr
binfo.communityweb.n-e.kr
blogauthservice.o-r.kr
blogerapp.o-r.kr
bloghomecenter.r-e.kr
bloginfo.bloghomecenter.r-e.kr
bloginfo.blogscorp.kro.kr
bloginfo.communityweb.n-e.kr
bloginfo.eblogapp.kro.kr
bloginfo.homeblogs.kro.kr
bloginfo.onlineblogid.o-r.kr
blogscorp.kro.kr
blogsnet.r-e.kr
chk.hometxusers.kro.kr
chkblog.normalblog.o-r.kr
communityweb.n-e.kr
confirmusrdoc.mydns.bz
eblogapp.kro.kr
eboard-blog.kro.kr
eboardserver.n-e.kr
eboardsvc.r-e.kr
hmm.rwbcode.com
homeblogs.kro.kr
hometxusers.kro.kr
neorg.privatedns.org
nid.eboard-blog.kro.kr
normalblog.o-r.kr
onlineblogid.o-r.kr
taxdoc.dapit.net
ublog.eboardsvc.r-e.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.137.179/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.137.181/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.94/relations

blog-sec.keyword-on.net
blog-sec.server-on.net
check-info.nmail.server-on.net
check-info.nts-go.server-on.net
check.htax-mail.server-on.net
cyber.keyword-on.net
delivery.cjlogistics.kro.kr
dns-check.blog-sec.server-on.net
dns-check.nps.server-on.net
dns-check.npskr.server-on.net
dns-check.ntax.keyword-on.net
dns-info.nps-kr.server-on.net
dns-info.ntax.keyword-on.net
dns-info.ntsbiling.server-on.net
dns.doc-nps.server-on.net
dns.hometax.server-on.net
dns.htax.server-on.net
dns.nps-go.server-on.net
dns.nps-kr.server-on.net
dns.npskr.server-on.net
doc-nps.server-on.net
go-tax.live-on.net
hometax.server-on.net
htax-go.server-on.net
htax.live-on.net
htax.server-on.net
n-dns.signin.keyword-on.net
n-info.blog-sec.keyword-on.net
n-info.doc-nps.server-on.net
n-info.go-tax.live-on.net
n-info.htax.live-on.net
n-info.htax.server-on.net
n-info.npskr.server-on.net
n-info.nts-go.server-on.net
n-tax.server-on.net
nid-check.doc-nps.server-on.net
nid-check.htax-go.server-on.net
nid-check.nps-kr.server-on.net
nid-check.npskr.server-on.net
nid-check.ntax-doc.server-on.net
nid-check.ntcn-kr.server-on.net
nid-check.nts-kr.live-on.net
nid-check.ntskr.server-on.net
nps-go.server-on.net
nps-kr.server-on.net
nps.server-on.net
npskr.server-on.net
ntax-doc.server-on.net
ntax.keyword-on.net
ntcn-kr.server-on.net
nts-kr.live-on.net
ntsbiling.server-on.net
ntskr.server-on.net
signin.keyword-on.net

# Reference: https://x.com/byrne_emmy12099/status/1960515703141970332
# Reference: https://www.virustotal.com/gui/file/89a6d3392668ba1b765a5ebcc8ac5045fffe8b6ef431004cba352868424a5cc3/detection

koreadiplomacyplaza.kro.kr
/pprb/pm/d.php

# Reference: https://www.virustotal.com/gui/ip-address/158.247.223.235/relations

cxiesoine.site
eaciunis.site
ecisouasi.site
eruionis.site
esiuxouin.site
isueszis.site
nzoinao.site
uoinesx.site
wiocduie.site
woivuaiwn.site
xioesiaud.site
xionisnai.site

# Reference: https://app.validin.com/detail?find=34be99c7e4dfe06ce03b91cddb103a2d&type=hash#tab=host_pairs (# 2025-08-29)

15dhyfituhivoivjjgijrtjtgg.cfd
15fuerouhrgiurtituigjtug.cfd
15hjdgvfdjbvunghghod.cfd
15jhguerhguyogjopgoff.cfd
15ygfyerfgyufhsdgfyegf.cfd
15yufibeuiohuireiogjrgji.cfd
20iuhfuighufiheufg.cfd
20keydhtdygeydsds.cfd
20ssdjtcurgyivtoheiwff.cfd
20syudfgweyuyrfuvv.cfd
21jkhvgyurgegiuhdfdfe.cfd
21khferuhuihlruygreuygfushdyfug.cfd
21ljijirvhrugjfiojiofef.cfd
21qwporfeoighyrtyuiijfzp.cfd
21uiygifuhuerotnbperopuhrgu.cfd
21vicbguyfgufgihjda.cfd
21wdsufhuifoeriogheuirhuieh.cfd
21yeyyuegygfuwehijkksas.cfd
22adfvnujghpjfkosd.cfd
22bakgjiotjohdjkjhklf.cfd
22cakegdghiuhgiuhiujsdf.cfd
22effortmgklfjgihtg.cfd
22framerytgdjfhifgg.cfd
22gapsdihgjimighfe.cfd
27anihvihitjiourigjriogjoe.cfd
27budhfirehigptroogore.cfd
27ciuyvihrtoijhfiphjgipjs.cfd
27cuihrihguhgijsiojhko.cfd
27djuciyheojfigfuygji.cfd
27efguhgihrtgorjeopiewofjre.cfd
27fjdhvunhuigjoko.cfd
29foxcherrywoo.cfd
29groovetaxas.cfd
29homedockshark.cfd
29icebergframepool.cfd
29joysticktunepipe.cfd
29keypointcircle.cfd
acigwubpbyjebdin.cfd
adfwe3rvwerga.cfd
adxudvfcvyvlctkh.cfd
aedxeexprcmjdhde.cfd
afvwegthgbwegwda.cfd
aieidkjehuvniewe.cfd
aqozaasdfjvazcv.site
b4356hjrtrtybner.cfd
bnpo239ufqoweioq.cfd
bnwoierhgo3bngoe.cfd
bsdhrherherherte.cfd
btrdpsiwoqivskvp.cfd
bvjhsdfhiows23fs.cfd
bvo234hbfoqweihr.cfd
bvsowe43no54sdif.cfd
csdangernotel.cfd
csdlofihwseforwp.cfd
cwlafjvrcbwyurdk.cfd
delojmmfirkcnnsi.cfd
dfrmhtyjbigmtbls.cfd
dfwserwr234fwere.cfd
dgljkedrstretret.cfd
diuvwquxiefimckg.cfd
dkbmvpweiouhbrn3.cfd
dl2sdffjtptdwjsa.cfd
dsf1000qwfkehaks.cfd
dsfgvno238ygvbiv.cfd
dsfkiuweh4r234fe.cfd
dsfno234vnopwe4i.cfd
dudaoddsdwlslsrk.cfd
ebyaznzrhfeuobgq.cfd
efwrewrewrewrewr.cfd
ekfmfldnds3raeoi.cfd
ekrlrakbmivpzuod.cfd
elkvwiefpawhfvsd.cfd
embtqmkquztvwklj.cfd
enqrylxlbxyzhhbi.cfd
ertr45dftyrtjrds.cfd
etraedtrr434grfd.cfd
eyeziguxgcufdnok.cfd
fdghrtymxzaree4g.cfd
fdsvwerw98uh32bf.cfd
fghr5tfhdhtryrty.cfd
fienalsecsecurity.store
fnw2i4o3ffuboowe.cfd
forwardcorpsecurity.store
friu23vfi823gvwi.cfd
fsczxcweoi.site
fstsxtoqhtmlrxdu.cfd
fthsrfdtyhryrtyr.cfd
ftyvtgyyuioyui.cfd
gbsoqrybemudlxxn.cfd
gjalvznzdexzefp.site
gjdfhowerhuohdsf.cfd
gyutfretytugyi.cfd
gzdkwqouefnwhwoi.cfd
halkdjhfeoihvwgw.cfd
haniedaleseebalda.store
hdkrkswndmlswee1.cfd
helsingkeysecuritycom.store
herisnenalseocstore.store
hnhyutytoqsdprtg.cfd
hvpqweirhnwpetof.cfd
hvq2l3i87vyqadfe.cfd
ibjblaxfnwpkkhrb.cfd
idonskenecoolsurry.store
iu09werbnoiuszhs.cfd
iwerjhfuedfoxsdf.cfd
jcucvipqvaewpfzd.cfd
jefewrewrewhrbdr.cfd
jfjdetwzwdespfoy.cfd
jhguygyghjkujj.cfd
jhwvfhdrpdpgkrxb.cfd
ket8er5kiupsherf.cfd
ksvh2398ycvweafw.cfd
larmalmelsmeralda.store
lgqzxdqqpimulunt.cfd
lihgpiojdfbenjmf.cfd
lrgewrt7643wsqj9.cfd
lsfo34bno34bio43.cfd
ludoji.pro
lvwiouwheivq09fa.cfd
mangoiewrhbepq23.cfd
mcjxxkymgczdbhhj.cfd
mhoupoktwhtzztch.cfd
midlesecurity.cfd
mlxqummnvnvykynf.cfd
mokyezlbzbqzvbwd.cfd
mqzbrihvxqdvivpu.cfd
mspdoirehwpg03pe.cfd
mvexmamsdjuboghz.cfd
ncjdij23ndsa3.cfd
nhwcwrtucfiisoyj.cfd
nidowermgrdce.cfd
noiu98h923b9bfwe.cfd
noteci.pro
nsdzwhmudotwlvsb.cfd
nvbdsoftiirenwe2.cfd
ohbtwjxavetrzuub.cfd
oierblkjsxofdgbo.cfd
oijoijewjrhiijgs.cfd
oipcanftkkdaktrf.cfd
oipewo834nlksiu3.cfd
operhkimpalyd.cfd
ortwhyzeecwgfxiu.cfd
ortyiihixetuatha.cfd
ovunyghvwxpombvo.cfd
oxjmvxpossvbxybh.cfd
p3w09jnlwi3j4h2o.cfd
pgoynjpxmmuncdwo.cfd
pmkom09fdusdsfsn.cfd
pnggvzktmjopzlph.cfd
psakqwejbfoih234.cfd
psdfn4oiqweersfe.cfd
psofhwernlvwiehd.cfd
pwsbisvwmruzhxhc.cfd
qfiuhslkeewjpdfg.cfd
qftwhtyuyterttrr.cfd
qhqofhdnfenthsmf.cfd
qikfuqgw3eooq2nb.cfd
qlkvqwneproj23vs.cfd
rsdkywqczoapeynt.cfd
rtyrfvyjrtitg6tu.cfd
rycqvkbwcrtzaesg.cfd
sdf083hnouf0fewr.cfd
sdfiuoher9snlkdf.cfd
se23rftresesrrer.cfd
sedku2398fqwebor.cfd
serminalskehvnio.cfd
shgurufhirjhkedegf.cfd
sodftqxschgzccmb.cfd
sodifhj0we9nowse.cfd
soeihfrwo0303now.cfd
sospfkdmq35rfdgf.cfd
sredgtrsg4et3bhf.cfd
ssedrfe45ytyyert.cfd
sytenskenecoolsurry.store
tbvwenher03nvvwe.cfd
tdfu4fjgsdfgsere.cfd
thchfchuvvjiobjiji.cfd
thinkallmessagee.buzz
thsdhearder.store
tkfadmfhrrnsms0w.cfd
tkfkdawehpigreww.cfd
tnuhrfhruhjkklkldd.cfd
trialskneujiqw3f.cfd
tyrfyuyyihiuiiyi.cfd
tzybwufdwzdkbxkb.cfd
udhfgebfhoklerjdll.cfd
ufuitgpwjitjiykiko.cfd
uskycuidbuitoigs.cfd
uweoihbgqpinsdve.cfd
uyxkqkpxijbvwjpx.cfd
vbnxcosernhoihoe.cfd
vksfewkiurybsdkf.cfd
vl9238fyqwoejrbn.cfd
vnowejb532obwfer.cfd
vnuhtijgiptjoykpl.cfd
wajdzszlrdyeoacv.cfd
wbmpsa2309ugw12f.cfd
wclsvcuiusgkdlao.cfd
wdoutgkdnmeurwvj.cfd
wesiouec.site
weyiewuryieuyrie.cfd
wiujbiujbipjbklfs.cfd
wmxzsfgjhkjfhqsr.cfd
woifruahfe.site
wrf23oiuhbfqjb2g.cfd
wuibwwbyomeltoba.cfd
xbewrh453jedjrte.cfd
xvbrcoaujkxgbrnr.cfd
ygfcuwfzjkldqfxn.cfd
yinianshenmiszelda.store
ypoqxmzltqmolhsv.cfd
ytrytyierdtrtyi.cfd
zcafqawgdsrhfdrh.cfd
zqkwsqzteimmwwzm.cfd
zsewbuknrorrghhj.cfd
zxchgbiureruhvid.cfd
zzfg2poh8fwbnlej.cfd

# Reference: https://x.com/ElementalX2/status/1963305327442739474
# Reference: https://www.virustotal.com/gui/file/028289fac74184ab05c8e57e61e60f97e1345f20a5d523b995b29eb7bfc23c92/detection

iuh234.medianewsonline.com

# Reference: https://x.com/ThreatBookLabs/status/1963439273610547336

callteve.live-on.net
noteyou.live-on.net

# Reference: https://dti.domaintools.com/inside-the-kimsuky-leak-how-the-kim-dump-exposed-north-koreas-credential-theft-playbook/

webcloud-notice.com

# Reference: https://www.virustotal.com/gui/ip-address/142.11.248.98/relations

kakaocorp.nmailhub.com
nate.nmailhub.com
navercorpae.nmailhub.com
navercorpej.nmailhub.com
navercorphb.nmailhub.com
navercorpnq.nmailhub.com

# Reference: https://www.genians.co.kr/en/blog/threat_intelligence/deepfake

astaibs.co.kr
contamine-sarzin.fr
dangol.pro
guideline.or.kr
healthindustry.sookmyung.ac.kr
hyounwoolab.com
jiwooeng.co.kr
liveml.cafe24.com
seytroux.fr
snuopel.cafe24.com
versonnex74.fr
zabel-partners.com

# Reference: https://www.virustotal.com/gui/ip-address/158.247.254.170/relations

akvozngpvjiaitnm.site
dciaopztuqfkoadfh.site
ficpafopanvzmcxads.site
giaethzvmaetistr.site
kvzperhapthzjbwi.site
mlkboapiejqlznxvs.site
opojgaoirnajdz.site
pzjaohvzllajitaf.site
vzoaewnoaidnbtz.site

# Reference: https://www.virustotal.com/gui/ip-address/158.247.207.7/relations
# Reference: https://www.virustotal.com/gui/ip-address/158.247.224.102/relations

bristope.space
donfrastic.space
emeranetop.store
focrust.space
gestimo.space
necrougovtp.site
nustranetp.store
seprone.site
tgcendept.store
tomcendetp.store
cebm.seprone.site
nid-login.live-on.net
navercorp.nid-login.live-on.net
vest.donfrastic.space

# Reference: https://x.com/byrne_emmy12099/status/1969187321175011415
# Reference: https://www.virustotal.com/gui/file/80b3cce8300cf54cb5622e47d524d7ba82be0b4379a7251becfc1557b2524471/detection

parkland.incrediblevisibility.com/js/src/get.php
parkland.incrediblevisibility.com/js/src/list.php
parkland.incrediblevisibility.com/js/src/upload.php

# Reference: https://www.virustotal.com/gui/ip-address/158.247.219.27/relations

aspiresnedmebednet.store
cancel.repairservice.store
cancel.rnailservice.store
cancel.serveicecheck.store
candle.connectservice.store
candle.peopellifesuccess.site
candle.repairservice.store
cclip.sebaliarcomsecurity.store
com-signin.live-on.net
confirm.canceldeleting.site
declareskcakesitem.store
ektogthermoddoosec.store
lcslip.sebaliarcomsecurity.store
lcsmet.aspiresnedmebednet.store
lcsmet.serminialsystemsec.store
navercorp.com-signin.live-on.net
nidlip.sebaliarcomsecurity.store
nidmet.nsecuritygroupservice.store
nidmet.serminialsystemsec.store
oieiwksg.gkvnfsdognawiefoiawejofgiahng.xyz
phikaism.gkvnfsdognawiefoiawejofgiahng.xyz
posts.ewsadina.site
rvrhvray.nsecuritygroupservice.store
sebaliarcomsecurity.store
selirisnelsecurity.store
seriomsnejkeysenet.store
serminialsystemsec.store
skelidi.aspiresnedmebednet.store
sndkwejnetmansecurity.store
ssllip.sebaliarcomsecurity.store
sslmet.aspiresnedmebednet.store
sslmet.serminialsystemsec.store
staticnidlip.sebaliarcomsecurity.store
staticskelidi.aspiresnedmebednet.store
thisacountryemsec.store
ytqvinlt.nsecuritygroupservice.store

# Reference: https://www.virustotal.com/gui/ip-address/158.247.196.118/relations

apptxdoc.kro.kr
authblogcenter.dynv6.net
bloginfo.ublogcenter.kro.kr
nid.authblogcenter.dynv6.net
nid.usernblogs.mydns.vc
ublog.ublogcenter.kro.kr
ublogcenter.kro.kr
usernblogs.mydns.vc
usr.apptxdoc.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/27.102.137.93/relations

binfo.fennis.tk
bloginfo.fennis.tk
invoice.mydns.jp
nid.ignorelist.com
niper.mooo.com
nvc.invoice.mydns.jp

# Reference: https://x.com/ThreatBookLabs/status/1970986744112894273
# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.163/relations
# Reference: https://www.virustotal.com/gui/ip-address/27.102.138.181/relations

ailone.mydns.bz
alone.server-on.net
calinck.mydns.bz
calinck.server-on.net
calltteve.mydns.bz
calltteve.server-on.net
infalog.mydns.bz
infclog.mydns.bz
infelog.mydns.bz
infelog.server-on.net
infoconfim.mydns.bz
infwlog.mydns.bz
infwlog.server-on.net
intyounfo.server-on.net
inyounfo.mydns.bz
isyounfo.mydns.bz
isyounfo.server-on.net
lognisyou.mydns.bz
nlink.mydns.bz
nodeyou.mydns.bz
nodeyou.server-on.net
noteyou.mydns.bz
ntdlink.mydns.bz
ntdlink.mydns.vc
seveverif.mydns.bz
sevrverif.mydns.bz
sevrverif.server-on.net
vericy.mydns.bz
vericy.server-on.net
verity.mydns.bz
verity.server-on.net
an.ailone.mydns.bz
an.calinck.mydns.bz
an.calinck.server-on.net
an.calltteve.server-on.net
an.infclog.mydns.bz
an.infelog.mydns.bz
an.infoconfim.mydns.bz
an.intyounfo.server-on.net
an.inyounfo.mydns.bz
an.isyounfo.mydns.bz
an.isyounfo.server-on.net
an.nodeyou.server-on.net
an.noticingyou.server-on.net
an.ntdlink.mydns.bz
an.ntlink.server-on.net
an.sevrverif.server-on.net
an.vericy.server-on.net
an.verity.mydns.bz
bn.ailone.mydns.bz
bn.alone.server-on.net
bn.calinck.server-on.net
bn.calltteve.server-on.net
bn.infelog.server-on.net
bn.nlink.server-on.net
bn.nodeyou.server-on.net
bn.noteyou.mydns.bz
bn.ntdlink.mydns.bz
bn.ntdlink.mydns.vc
bn.sevrverif.mydns.bz
bn.sevrverif.server-on.net
bn.vericy.mydns.bz
bn.verity.server-on.net
check.ailone.mydns.bz
cn.ailone.mydns.bz
cn.calinck.mydns.bz
cn.calltteve.mydns.bz
cn.infclog.mydns.bz
cn.infwlog.mydns.bz
cn.intyounfo.server-on.net
cn.inyounfo.mydns.bz
cn.isyounfo.mydns.bz
cn.isyounfo.server-on.net
cn.nlink.mydns.bz
cn.nlink.server-on.net
cn.nodeyou.mydns.bz
cn.nodeyou.server-on.net
cn.ntdlink.mydns.bz
cn.sevrverif.server-on.net
cn.vericy.mydns.bz
dn.ailone.mydns.bz
dn.calinck.server-on.net
dn.calltteve.server-on.net
dn.infalog.mydns.bz
dn.infwlog.mydns.bz
dn.infwlog.server-on.net
dn.isyounfo.mydns.bz
dn.isyounfo.server-on.net
dn.nodeyou.mydns.bz
dn.nodeyou.server-on.net
dn.ntdlink.mydns.bz
dn.ntdlink.mydns.vc
dn.sevrverif.mydns.bz
dn.sevrverif.server-on.net
kakako.com-login.live-on.net
nad.lognisyou.mydns.bz
nbd.lognisyou.mydns.bz
ncd.lognisyou.mydns.bz
publiccn.nlink.mydns.bz

# Reference: https://x.com/seunghoonhan/status/1972904905993306517
# Reference: https://www.virustotal.com/gui/ip-address/208.73.204.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/216.219.95.242/relations

aomeioras2.r-e.kr
artisgo.n-e.kr
bermates.n-e.kr
brimo.n-e.kr
broowo.n-e.kr
chonkris.n-e.kr
churchlovenet.n-e.kr
daniele.n-e.kr
deta2.n-e.kr
donghowon.n-e.kr
goji2.n-e.kr
hayoungju.n-e.kr
hongra.n-e.kr
jeilmid.n-e.kr
joyseo.n-e.kr
jujeong.n-e.kr
jungop.n-e.kr
kapayok.p-e.kr
kisis2.n-e.kr
kocill.n-e.kr
konacord.n-e.kr
kopycill.n-e.kr
mboooun.n-e.kr
metong.n-e.kr
morotomot.r-e.kr
musicsta.n-e.kr
nauji.n-e.kr
nelro.n-e.kr
nosxxx.r-e.kr
onsungtong.n-e.kr
queosera2.n-e.kr
seoim.n-e.kr
skytpoo.n-e.kr
spaoverce.p-e.kr
strela.n-e.kr
titicaca.n-e.kr
tongsoju.n-e.kr
tradoam.n-e.kr
xn----302f2n80xlsd.xn--oi2b61z32a.xn--3e0b707e
xn----qb2fk2dxzf58k.xn--9i1b01onwqqzd.xn--3e0b707e
xn----qb2fk2dxzf58k.xn--hu5b25b77nvwc.xn--3e0b707e
xn----zo1f59igrdbqcpug.xn--h32bi4v.xn--3e0b707e
xn--4y2b50aj3ks0e.xn--oi2b61z32a.xn--3e0b707e
xn--v69a29tqre.xn--oi2b61z32a.xn--3e0b707e

# Reference: https://www.virustotal.com/gui/ip-address/209.159.155.109/relations
# Reference: https://www.virustotal.com/gui/ip-address/69.10.50.85/relations

aomeio.r-e.kr
beratosv.n-e.kr
box-fields.o-r.kr
bseng.myds.me
certloma.n-e.kr
cloudprofile.n-e.kr
data-cloud.n-e.kr
dellotic.r-e.kr
drm-manager.p-e.kr
dropbox-file.o-r.kr
fasoo-manage.n-e.kr
limpero2.r-e.kr
meritos1.r-e.kr
mesovera.n-e.kr
nocheck2.n-e.kr
pqros2.r-e.kr
secbox.o-r.kr
service-cloud.o-r.kr
usvera.r-e.kr
xomotoe.n-e.kr
zetm.kozow.com
zoporote.n-e.kr
web.zetm.kozow.com
xn--299a1vv85bdrg.xn--oi2b61z32a.xn--3e0b707e
xn--910b562a8pe.xn--oi2b61z32a.xn--3e0b707e
xn--950bl1sumh.xn--9i1b01onwqqzd.xn--3e0b707e
xn--950bt9sumh.xn--hk3b17f.xn--3e0b707e
xn--950bt9sumh.xn--oi2b61z32a.xn--3e0b707e
xn--h49al33az1h7ra.xn--yq5b.xn--3e0b707e
xn--hy1bv3cmxf83l.xn--9i1b01onwqqzd.xn--3e0b707e
xn--o80b37ia946w.xn--hk3b17f.xn--3e0b707e
xn--oi2b94x3uih9a.xn--h32bi4v.xn--3e0b707e
xn--on3b21fd6d9xs.xn--9i1b01onwqqzd.xn--3e0b707e
xn--zb0b93vywk06b.xn--h32bi4v.xn--3e0b707e

# Reference: https://www.virustotal.com/gui/ip-address/162.220.11.227/relations

metratics.o-r.kr
metrotas1.o-r.kr
xn--ij2bj3bu52b75a.xn--oi2b61z32a.xn--3e0b707e
xn--o80bp9muva858d.xn--9i1b01onwqqzd.xn--3e0b707e
xn--vf0bp3hv1sl8m.xn--hk3b17f.xn--3e0b707e

# Reference: https://www.virustotal.com/gui/ip-address/50.98.242.161/relations
# BANNER_0_HASH-HOST=8c5c13160070661cd5ab6a1a016b1f25

arm.publicvm.com
cpi.publicvm.com
dpi.publicvm.com
gpt.publicvm.com

# Reference: https://www.virustotal.com/gui/ip-address/195.85.250.22/relations

acount.centralpto.com
auth.n-works.o-r.kr
cerabox.o-r.kr
docotot.o-r.kr
drineover.o-r.kr
eoralic.r-e.kr
file-storidge.o-r.kr
fileworks.o-r.kr
kako-alert.p-e.kr
lenocovo.p-e.kr
meratics1.r-e.kr
moemeoras2.p-e.kr
morasis2.o-r.kr
n-filedrive.o-r.kr
nate-login.o-r.kr
nhn-file.r-e.kr
nhn-filecenter.o-r.kr
qoraer1.o-r.kr
security-centers.o-r.kr
septwelve.r-e.kr
seramixv.r-e.kr
teracodev.p-e.kr
uoseung.o-r.kr
worriesv.r-e.kr
xn----985ehgq49b6qr.xn--9i1b01onwqqzd.xn--3e0b707e
xn--220b630b8rb38z.xn--9i1b01onwqqzd.xn--3e0b707e
xn--2i0b050bujcb6q.xn--oi2b61z32a.xn--3e0b707e
xn--2i0b10r1wd66ao9t.xn--hk3b17f.xn--3e0b707e
xn--2i0bm4p0kj9le.xn--9i1b01onwqqzd.xn--3e0b707e
xn--910bj06aw1bm2f.xn--h32bi4v.xn--3e0b707e
xn--9i1b52g1q7a.xn--2i0b10rqve.xn--3e0b707e
xn--le5b23cqb60y.xn--9i1b01onwqqzd.xn--3e0b707e
xn--on3b52i03bca.xn--hk3b17f.xn--3e0b707e
xn--oy2b13dv1g3wcqxuiwd.xn--h32bi4v.xn--3e0b707e
xn--oy2b17nw6bstt.xn--hu5b25b77nvwc.xn--3e0b707e
xn--sp5b2lg28aiga.xn--oi2b61z32a.xn--3e0b707e
xn--v52b2zfto2xwyc.xn--h32bi4v.xn--3e0b707e
xn--z92bt5aizg97e.xn--hk3b17f.xn--3e0b707e
xn--zb0b93v7zf0yr.xn--yq5b.xn--3e0b707e
xn--zb0b93vkiklkp.xn--2i0b10rqve.xn--3e0b707e
xn--zb0b93vtnf44e91dp0q.xn--h32bi4v.xn--3e0b707e
xn--zb0b93vtnfsqae03deya.xn--2i0b10rqve.xn--3e0b707e
xn--zb0bt79a34ew5j.xn--h32bi4v.xn--3e0b707e

# Reference: https://www.virustotal.com/gui/ip-address/125.135.176.13/relations

aenco.kro.kr
1.aenco.kro.kr
draw.aenco.kro.kr
file.aenco.kro.kr
note.aenco.kro.kr
submit.aenco.kro.kr
xn--o39aq1b2fz70e41bw5kczc.xn--hk3b17f.xn--3e0b707e

# Reference: https://www.virustotal.com/gui/ip-address/154.90.62.240/relations

com-privacy.kro.kr
docprivacy.mydns.vc
msvc.linkpc.net
nblog.gleeze.com
invoice.docprivacy.mydns.vc
mexc.com-privacy.kro.kr

# Reference: https://www.virustotal.com/gui/ip-address/210.219.229.61/relations

cmails.ddns.net

# APK

/Kisa%20Vaccine.apk
/KisaAndroidSecurity.apk
