# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/VK_Intel/status/1268610373004845059
# Reference: https://twitter.com/malwrhunterteam/status/1268966003582566401
# Reference: https://www.virustotal.com/gui/file/91e18e5e048b39dfc8d250ae54471249d59c637e7a85981ab0c81cf5a4b8482d/detection
# Reference: https://twitter.com/abuse_ch/status/1269852916074110976
# Reference: https://twitter.com/ScumBots/status/1270904922909872128
# Reference: https://twitter.com/bryceabdo/status/1271498581271330821
# Reference: https://twitter.com/ScumBots/status/1266120897020248065
# Reference: https://twitter.com/VK_Intel/status/1273346999740481536
# Reference: https://twitter.com/cyber__sloth/status/1273990449796198407
# Reference: https://twitter.com/MBThreatIntel/status/1275106542795329536
# Reference: https://twitter.com/bryceabdo/status/1275153235620347904
# Reference: https://twitter.com/cyber__sloth/status/1278997323960352768
# Reference: https://twitter.com/VK_Intel/status/1279856863178379265
# Reference: https://twitter.com/bryceabdo/status/1280941877408215040
# Reference: https://twitter.com/Dan__Mayer/status/1281026825926275072
# Reference: https://twitter.com/bryceabdo/status/1281683188826476544
# Reference: https://twitter.com/sisoma2/status/1282347857752793088
# Reference: https://twitter.com/ScumBots/status/1284620297312899072
# Reference: https://twitter.com/VK_Intel/status/1285251276335394817
# Reference: https://twitter.com/malwrhunterteam/status/1288438777623588866
# Reference: https://twitter.com/bryceabdo/status/1288558940557660162
# Reference: https://twitter.com/VK_Intel/status/1290318472434593792
# Reference: https://twitter.com/abuse_ch/status/1290630827152482307
# Reference: https://twitter.com/bryceabdo/status/1290638836347867136
# Reference: https://twitter.com/d4rksystem/status/1292836072985186305
# Reference: https://twitter.com/d4rksystem/status/1293595428869623809
# Reference: https://twitter.com/d4rksystem/status/1294316886579204096
# Reference: https://twitter.com/d4rksystem/status/1295378909949829122
# Reference: https://twitter.com/bryceabdo/status/1295400365035323392
# Reference: https://twitter.com/bryceabdo/status/1295348221401849859
# Reference: https://twitter.com/malwrhunterteam/status/1296006838341730304
# Reference: https://twitter.com/malwrhunterteam/status/1296385118039408640
# Reference: https://twitter.com/SiberTurkce/status/1297314456779849732
# Reference: https://app.any.run/tasks/a7c92987-a473-4ff1-b372-1a77e9b9decf/
# Reference: https://app.any.run/tasks/27fbdbfb-e057-4a9e-9d4e-693b909aec0f/
# Reference: https://app.any.run/tasks/db7c3b9e-6358-494a-9cb4-245804c70472/
# Reference: https://bazaar.abuse.ch/sample/3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443/
# Reference: https://www.virustotal.com/gui/ip-address/47.98.172.161/relations
# Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations
# Reference: https://www.virustotal.com/gui/file/9127040d80ffbebb9955bcc555420a120ecf48414c6844dd4855f7af7cbf24c0/detection
# Reference: https://www.virustotal.com/gui/file/c786e4de11e64be8d4118cf8ba6b210e3396e3bb579f3afd4bf528c35bab4a6b/detection
# Reference: https://www.virustotal.com/gui/file/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada/detection
# Reference: https://www.virustotal.com/gui/file/a0b8c7df99d8c8ee6488f091e3a85adc3cc9e9694600c5b44ff9a77f18440eb1/detection
# Reference: https://www.virustotal.com/gui/file/cfce56dad68d7f1c394ed90701eaf2ac0234eaa58666a95ab69f09b9d68e3166/detection
# Reference: https://www.virustotal.com/gui/file/bc7c981300bcc3e4d2a5bf466f0082abfb1cefea323398f611ca3bd3b2cd8847/detection
# Reference: https://www.virustotal.com/gui/file/201dceb5c7e8e54a72d9eb9247bcc9c6c1ce4bdc3c55409fb9a52d47b01799d2/detection
# Reference: https://www.virustotal.com/gui/file/1d08196ad8f4a2c207c229cb0305a1d1d7cd2e0c62672288e1a0339d50f7a12b/detection
# Reference: https://www.virustotal.com/gui/file/bb9b158dd736f0d79af54347b22d601488ee21fc5c4d1a5e4134ffd37210d9c4/detection
# Reference: https://www.virustotal.com/gui/file/b889c77d3c4d2d6b18e40d8464361aa4e9624fd81d7c7f96058c7a2a892a7f7c/detection
# Reference: https://www.virustotal.com/gui/file/2576b210dedb085df2fa992f7c1b5d4f1dce5dfb6ba0a27142a6d184d02f96c5/detection
# Reference: https://www.virustotal.com/gui/file/a5c6c0b4a5397d0796d79d215ebb3bcbe6421787ee27d088d9afdd2a41f85e28/detection
# Reference: https://www.virustotal.com/gui/file/c6276381af7a009277c8f4e19867fdbe65c7bbe25b5560961c72ece22075de6b/detection
# Reference: https://www.virustotal.com/gui/file/06086f2e9c847e2a677a4e02bfd61ee54bb24a1f6ccf06e70e391dca5cf3347e/detection
# Reference: https://www.virustotal.com/gui/file/b83cada9c2dcf4381ddad40b4e61fdb5b77d7b776712f623cae92a8e5e40dd9c/detection
# Reference: https://www.virustotal.com/gui/file/df8c266e39c85b35d7d7ba3165d9f224b6dce9fb9bb14657ff2872fc4e236efc/detection
# Reference: https://www.virustotal.com/gui/file/79222d38743b7d3e2f208fd3dd01bc8e4c8428a5c5df3608c2db94a2d82a4b74/detection
# Reference: https://www.virustotal.com/gui/file/9b820101221c735fdab1decf617d4a8c6bedba759d0821972f71eb2abd8fe1e7/detection
# Reference: https://www.virustotal.com/gui/file/1fddb3dd1c9691b5790370e92524a456634ea127af40a64e2a2656ed2f238077/detection
# Reference: https://www.virustotal.com/gui/file/de9fb5ae3fafcfdf1c471baae83928ab000801c5b4878717f54dabac35ba7528/detection
# Reference: https://www.virustotal.com/gui/file/75cc406dac68a06b89b86ea746fe0d947544b4e5b5b194f7aa754327a45127b9/detection
# Reference: https://www.virustotal.com/gui/file/2690860626a3b170c1ed972d3d0abb66908caf031d3a52e99334ac1ce559933b/detection
# Reference: https://www.virustotal.com/gui/file/c51c6261ec425453f9b1d2229266b6a6470faee26ba646438c4f2db3a3e40f81/detection
# Reference: https://www.virustotal.com/gui/file/ed19505af22c3c6457c6eaa7797442bfc4b2e7b033a0492ebbd0a31cdf295c6f/detection
# Reference: https://www.virustotal.com/gui/file/63a1a4b5ee7f06eac89b39ff826733d706b97635e45ed5a724f3d1e1857d4153/detection
# Reference: https://www.virustotal.com/gui/file/ba684857aec6b421eb7b5780e5b78df48efadfdbd913f3142bb70825e056ddcd/detection
# Reference: https://www.virustotal.com/gui/file/0aa01cb516c022547ce7034f1ca21e1134a5cf11c85a83c89e411edbf39f7188/detection
# Reference: https://www.virustotal.com/gui/file/217bb3510d12a0893c7d279f7729bed532682da2a6945e0d0531a2f4d296a5a8/detection
# Reference: https://www.virustotal.com/gui/file/b081d2983f3e2b4a12a5bb63c14c868098ac076114b2033ec57f75e61f0cbe0a/detection
# Reference: https://www.virustotal.com/gui/file/b97f7d0972ce0247068b3e26b7d5b72aab4b13515f7cce271b760d8f96c0b837/detection
# Reference: https://www.virustotal.com/gui/file/0790e138f23c1335d30fae4b1cd42937f6c43b1300b40bc02c15f48f48aac6d7/detection
# Reference: https://www.virustotal.com/gui/file/acc0b0822c145305a93e9d3647e689d21901e0e4f00cd1bbba243454f8dc7445/detection
# Reference: https://www.virustotal.com/gui/file/40f192e247c94a1628803d7f97f07be0c5518f377f2e57fb07246dfa2c1bfa8c/detection
# Reference: https://www.virustotal.com/gui/file/8ab748f1371df23572b12d26bf32d88e579be77bb730528396f0a4d53f2ea8db/detection
# Reference: https://www.virustotal.com/gui/file/3c598f856412b72ff1d50d39293b357e422699fe329e03bf3b1859f3e3bee3c8/detection
# Reference: https://www.virustotal.com/gui/file/81a62d5e8827a65466bbbea46d2c3a3597dae8458aa11eba0ca0e7102c06a2d3/detection
# Reference: https://www.virustotal.com/gui/file/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada/detection
# Reference: https://www.virustotal.com/gui/file/74ba43e07c57b6aac5581e77f585c10d8707dc16a58a65fe27dc48ddcd05b149/detection
# Reference: https://www.virustotal.com/gui/file/d0e08274a178568977ec783eb99e82d80287e721bb67c9348af592067bb5ca04/detection
# Reference: https://www.virustotal.com/gui/file/7b1144668c6fd523ab7f421eb9f724cb8a1effc85fd2a0ca6386a3de7b8745fd/detection
# Reference: https://www.virustotal.com/gui/file/45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269/detection
# Reference: https://www.virustotal.com/gui/file/663a1620146702c3210eb0ce4389dc20b1ae1d952c9566b5778e20f360fe090b/detection
# Reference: https://www.virustotal.com/gui/file/a90bee1d485bcbf91f771a1b43f783d56048506c4fb2e93560ad1e84ab0f2a2e/detection
# Reference: https://www.virustotal.com/gui/file/59415cd23bfc12d279394e6b236334c176dc2b83444c7c16a387d40c026c3e58/detection
# Reference: https://www.virustotal.com/gui/file/1293f0c34a1c3c1cc381a748d577d0246a0e5347b4e4a585420702dcec2ea9ff/detection
# Reference: https://www.virustotal.com/gui/file/41128cccd33e0034c4cd7d780da576e8c1037da21348571b17d77aa2f77270f1/detection
# Reference: https://www.virustotal.com/gui/file/883c1f116448550be96f42cb3ff650d02770798ab382a1801e84028d986a41c2/detection
# Reference: https://www.virustotal.com/gui/file/af3c45f941a7c7fe4aa3fa19a0e73ccc021b997d3ec72a72ee30f892fdc28435/detection
# Reference: https://www.virustotal.com/gui/file/65748b58b0580782b6e8aac5ebb2f9842dc8ab1cacf4fb6a7c93e546dc806124/detection
# Reference: https://www.virustotal.com/gui/file/e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b/detection
# Reference: https://www.virustotal.com/gui/file/1a9bbebde954b27cbf6006128e1a22bdfa81d4ea853ba99bab4ec3333ea0bb89/detection
# Reference: https://www.virustotal.com/gui/file/df3a63acc7b50b4f76d1c4a1f6b014512d64b9803a1c8c1e047e59142777c5a7/detection
# Reference: https://www.virustotal.com/gui/file/866b0d38c7e14bf17f049fb1543f518c891424c9b5aa6a67dd195230a1d6c063/detection
# Reference: https://www.virustotal.com/gui/file/7cba6b6c6be23da94ded1ce4bf3e4d8b246be0f2b680b7b376dc0c4e2fb1fdbc/detection
# Reference: https://www.virustotal.com/gui/file/241a1134ff620ebe2640a33a8aafd411c000b0a79774312a1697e47cb8d41bc4/detection
# Reference: https://www.virustotal.com/gui/file/ac4264160b365dbf7ae7d8fd794437408f7bee4ab5b43562a1ed4a777c721d60/detection
# Reference: https://www.virustotal.com/gui/file/e4ca37b939f9ca60aab3b68d49169ee93e46548b76dfb31eeb43d4161fd3dc1a/detection
# Reference: https://www.virustotal.com/gui/file/9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398/detection
# Reference: https://www.virustotal.com/gui/file/6b07347f1041d1415d27d2b8e488861738ae492d91b3c20d3c63bf9aac24c618/detection
# Reference: https://www.virustotal.com/gui/file/6a7cc1605bd960679139025251b4d75178fa30caeb1968f744929c27f8030903/detection
# Reference: https://www.virustotal.com/gui/file/aaf496757bc935e63ee7b77a1b99ac62032a30255b38426915371620eb09c494/detection
# Reference: https://www.virustotal.com/gui/file/ec80dafae2b435962d141d4137ba9e9b84d36c5933828c490d113a88b9c4d2a5/detection
# Reference: https://www.virustotal.com/gui/file/3f6a83e5c484e9d495e3f29ffcedc2881690d54a7058e5c677e3feda66ed96fe/detection
# Reference: https://www.virustotal.com/gui/file/eb1d75f02e09b08c65e1541bddcd6888c334977bb1fb603fa45dcd1a836bb406/detection
# Reference: https://www.virustotal.com/gui/file/2610754a99eb906bc26243eff669ca156c0b0cfb56875fc93ec17a607c95cfb4/detection
# Reference: https://www.virustotal.com/gui/file/966c1e28256b05643504b99716bbeb200ec19a577018f81fa87afa25adf91349/detection
# Reference: https://www.virustotal.com/gui/file/8818926ece9a710a855fa177e1b99860da65b93ec9035d99f93a794885bbd569/detection
# Reference: https://www.virustotal.com/gui/file/ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8/detection
# Reference: https://www.virustotal.com/gui/file/06f5157afd7a7595fbe784a6e098a8286bf5f3cded51f4969b431066baa5c386/detection
# Reference: https://www.virustotal.com/gui/file/fa1621a1171424dfc1671013d1027817d6d8792c1709416754a37abc5ab057fc/detection
# Reference: https://www.virustotal.com/gui/file/5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544/detection
# Reference: https://www.virustotal.com/gui/file/b8c45daf9ab25efa15938474bfea3dc7265d6183a12c7dc15e0c4ba4c8fb5d32/detection
# Reference: https://www.virustotal.com/gui/file/8f881c41b67a4170458e00fb809aa70b654c2fa56492c0b307ae8f0f0e19c119/detection
# Reference: https://www.virustotal.com/gui/file/c626145b58a19a639b3250472fe72d8efdb6117b43618591292eb6a8216c2fea/detection
# Reference: https://www.virustotal.com/gui/file/037b31af7dd458885e26a667a51305ef1d927ee2f4edc30b88e40df07d688a35/detection
# Reference: https://www.virustotal.com/gui/file/ac01f66470b49d74801c7954fcef0f644e9560295c66f0ae10106d6b874e7344/detection
# Reference: https://www.virustotal.com/gui/file/32b8ffac3250444904e6af3fca1f6408e684f11ad59e6c46887cf44f5de19e6b/detection
# Reference: https://www.virustotal.com/gui/file/bd50fceeb89d220f6710030d3aacbc2427c5796d9b7f3dee8a362f4e7d4113ef/detection
# Reference: https://www.virustotal.com/gui/file/8c195ec63793d4d4927cb5e06cd2c5771cedab32baecd2097454e3709e2748cc/detection
# Reference: https://www.virustotal.com/gui/file/203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22/detection
# Reference: https://www.virustotal.com/gui/file/af2bc53c341eaa7f66aeb3e4ebf060b686ea155c53dabde46b5be66cbd43d803/detection
# Reference: https://www.virustotal.com/gui/file/888750cee6858ec2c6131628caa562be26b1c65ecaeff4addcbf73a456c99517/detection
# Reference: https://www.virustotal.com/gui/file/46b3109edcdd1cde67200eb9e4ae5c2120837a07e891266a04dd033d49bea774/detection
# Reference: https://www.virustotal.com/gui/file/5cf1056b581d44583325bc9e76291201b265f8b9b4f429e75948e72fd3678e4f/detection
# Reference: https://www.virustotal.com/gui/file/a95bc01a29ac616addd8de1175cc7d9829d0df06057b88964be2962f5c93d887/detection
# Reference: https://www.virustotal.com/gui/file/b96adf2b963739440e30c50e52a07b37711356238a586f6f0267db7d722b44cf/detection
# Reference: https://www.virustotal.com/gui/file/d7ccd0d5372559401b658a95bff01ee87c971dd156ef214c69f664304228fae2/detection
# Reference: https://www.virustotal.com/gui/file/fd3131ed00a549e74a748e85b586ef78d07330fd4e1d365aacdc0b4b5f6f67cc/detection
# Reference: https://www.virustotal.com/gui/file/2f408250c933dcb7eda32d753f17dc431b46b449d6c7d7ca3025fbe380cfc2d1/detection
# Reference: https://www.virustotal.com/gui/file/a4d2e612e77dcc342b1f5d82d46171e2fcd30f4e4cc4d14c1333930fce062de5/detection
# Reference: https://www.virustotal.com/gui/file/17b47507c571fd0991f2470a90c89c381a40a13e6fcdb7fee9171ac854a60efc/detection
# Reference: https://www.virustotal.com/gui/file/342d1aa4c4802c86a8abd3e01954e08b07253b374bd63206ac0783fd3ac9d8e6/detection
# Reference: https://www.virustotal.com/gui/file/e0ee55e0cb93b6ee7c05d621203b02d80efa20b9f6e81f358b60fe46f3025814/detection
# Reference: https://www.virustotal.com/gui/file/25252261401920a07bf257a208446c78875bfffe2bd2f753235b11332f429e80/detection
# Reference: https://www.virustotal.com/gui/file/b2fed38cf0b3cc2b92b2b1dc193ea309c7ef9c90f0941171cdb61cbb7c4bd124/detection
# Reference: https://www.virustotal.com/gui/file/14e0f1b88468c759b17a973728c8c8da394d2624b4f9aa1e4ecbf80366a7a487/detection
# Reference: https://www.virustotal.com/gui/file/dba7ce026c226da8b54c9edf36d34fdf630e13c0319cca0f43661a686e702f07/detection
# Reference: https://www.virustotal.com/gui/file/cc8f59afac88e3d8b8805d3cccdf93711b371518cb20889b2f5d412845089030/detection
# Reference: https://www.virustotal.com/gui/file/b7ab50cc2d5573a205666be0b8a83523d614347673e58daf00ac9072beb9dca4/detection
# Reference: https://www.virustotal.com/gui/file/6d2af4341f956c200257535080a37b252dc910e0d52bc295e1a4803ee80c34af/detection
# Reference: https://www.virustotal.com/gui/file/6d2af4341f956c200257535080a37b252dc910e0d52bc295e1a4803ee80c34af/detection
# Reference: https://www.virustotal.com/gui/file/0562e5a3adee03b840bf767c48603aa807536181d8db2ec7681155038013d4bd/detection
# Reference: https://www.virustotal.com/gui/file/e99509ba8514cdbca496011cda5d7f32c9ec3452a4778ff0ec85ed11ebd73b1d/detection
# Reference: https://www.virustotal.com/gui/file/4d8232c8973ec2c528be5f380b9f027a7221023e2b2e774403a8839385b2e197/detection
# Reference: https://www.virustotal.com/gui/file/5130e07eda1bde32fcf52cbeeccfdfb376a452be17540ec66f05da7d9b808fcf/detection
# Reference: https://www.virustotal.com/gui/file/9485ba313d5141997bd094d278139303e1d59392a7c0b611efc5947eedb4abc6/detection
# Reference: https://www.virustotal.com/gui/file/0ceaf7d3a3b4e5d449ab2f60503b3ad2033ed7c136fa8f860548167abe8c9879/detection
# Reference: https://www.virustotal.com/gui/file/19f9ce568f425779bded9b58d132c8e2dac84f1337e278fc73aaed837fcf3be0/detection
# Reference: https://www.virustotal.com/gui/file/86ecb5b31182eb2fd094398cbc5a7f3d20aa6a661a733294009d14cd7ba19224/detection
# Reference: https://www.virustotal.com/gui/file/18e1faee8a479ff511cfe0ce6a49a1863f9123828aafc7a8f9bcc2b818f0c606/detection
# Reference: https://www.virustotal.com/gui/file/ae3ebebf3ff7d84f1371c5b3a81911c7e50acb4700ae41ab42b63a2de18f08b4/detection
# Reference: https://www.virustotal.com/gui/file/8f08b27ce2952751b62c818323535ed72fc2a0a5706ecccc1afc6e0024d5d59c/detection
# Reference: https://www.virustotal.com/gui/file/12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9/detection
# Reference: https://www.virustotal.com/gui/file/65b353273d5aa143b6ad5fc5ee4af51930ccef9ea96d07345a619f8950d1132d/detection
# Reference: https://www.virustotal.com/gui/file/178bba892544670c9b347112461fc5443e02bd5a7685c9c29a4218dcf64eb25c/detection
# Reference: https://www.virustotal.com/gui/file/723a84df66c3ee2f788acd1426e1a14176f1f27dba10cc842ba05acfb659615e/detection
# Reference: https://www.virustotal.com/gui/file/e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8/detection
# Reference: https://www.virustotal.com/gui/file/8f7b9a377a14260d8bdcc6e18e749013a0c2c09a60d46fa026d77f6d92b7b801/detection
# Reference: https://www.virustotal.com/gui/file/23b970bbb13046fc091e0f97417fbf6047279e05935ab29b2e0d6eaa16c4fbd3/detection
# Reference: https://www.virustotal.com/gui/file/e99cc027c77bed5c1414225e39093bde66c654a9adfcca9cb3ddafa266410aea/detection
# Reference: https://www.virustotal.com/gui/file/ce83f302a60301e222c23e67a7525106d610c6231c23d747ad4263669c1c88c7/detection
# Reference: https://www.virustotal.com/gui/file/925f678c8adafa7aeae7d0894ea871001ffabe237d6e6b5764eabb0c59c6f8d1/detection
# Reference: https://www.virustotal.com/gui/file/8255cac50835b7957f99c316b18db603429583e2c9f2fe605e5a4a9f19c6e9cb/detection
# Reference: https://www.virustotal.com/gui/file/e6454c8bb951808c4a233ab5f3d3e2967a5090f64b1797b6514f22dc4abf283a/detection
# Reference: https://www.virustotal.com/gui/file/e4f8ba6b534fe074a465bed485952ad9077ae9ec2559aa704da65a6848b926ef/detection
# Reference: https://www.virustotal.com/gui/file/26760ca79ec85b46777cda948a746134b8513692075fbc17db7a553b24fd3482/detection
# Reference: https://www.virustotal.com/gui/file/2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c/detection
# Reference: https://www.virustotal.com/gui/file/59aca50cb75bc0a04800fdaa9e55c259f08b07f5705783def02789c1cfe439d1/detection
# Reference: https://www.virustotal.com/gui/file/0bcb3e0d5496e7211313a35799aa38d4b571d316014ebd2242ca8d556f9d32a3/detection
# Reference: https://www.virustotal.com/gui/file/4c830a4247fc3203fbc7fde4ec81d002fd4899cac3e364a7cb30d15bf09c147e/detection
# Reference: https://www.virustotal.com/gui/file/0e7ca7211cdac296ed0b50ca565b91b320db3152d32e23f88c6c46e2ea003e48/detection
# Reference: https://www.virustotal.com/gui/file/a0bf02f7dd4044543ecaf4df5b150e945ac719f0a9899ffafd11f641de1acf2b/detection
# Reference: https://www.virustotal.com/gui/file/b97b606aef81420a441aba88b42c44aa8e102390434be5714d33bb07645912d2/detection
# Reference: https://www.virustotal.com/gui/file/8d1baf0c8b986b24d03c608c4edaa1053d3dc90065bfcd2a827651a6effb0bdb/detection
# Reference: https://www.virustotal.com/gui/file/4e002bce081442b7bc369d0a52eca3dba64d38649da8416863bd40b8bc3a49c7/detection
# Reference: https://www.virustotal.com/gui/file/14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f/detection
# Reference: https://www.virustotal.com/gui/file/32142bfd3bdea4149b55c42462a82bcf349cadb64d08c6a86d4aaf2b76697ba6/detection
# Reference: https://www.virustotal.com/gui/file/041e2abbe05bf376269b41e88f3eac89ae1cb5ac6f0455bd5bd70cd4fd47ac10/detection
# Reference: https://www.virustotal.com/gui/file/89817e1b41550510423b0228002a17b9920432d0d20f42d700aa3ba64f559fc3/detection
# Reference: https://www.virustotal.com/gui/file/5c263861953572824bdecc358c48a73d1c29f3351ed494fd1074230e9e7f2b32/detection
# Reference: https://www.virustotal.com/gui/file/adae349f4b35b704d8b07ef08021f7c01943ff5b4e77dd775551978c68f80b54/detection
# Reference: https://www.virustotal.com/gui/file/dc5c65a9d3dd46e29143c7fea02a070ae6b29395687462e21c7830c12510f05c/detection
# Reference: https://www.virustotal.com/gui/file/d587d29bd55768099f37c62c2fb94cae86c741aea8598ba81c78b9dc9d326719/detection
# Reference: https://www.virustotal.com/gui/file/0a0b584f7f6b0ebb48a9b77bf4aff49d87fe6415ddd61a658334d759269e4e92/detection
# Reference: https://www.virustotal.com/gui/file/7fbb2b279ca7e0c3805a516e66ad495f3525c99140459bde810dab0f370c656e/detection
# Reference: https://www.virustotal.com/gui/file/a0822940a97be891b6d669ab1501fe9fd20e544aedc0514b34057f6c41b4c4f7/detection
# Reference: https://www.virustotal.com/gui/file/c893ea2cde94539b29ea04f5ae4f6a078f22bf8512612127c6ae5aab11e83be4/detection
# Reference: https://www.virustotal.com/gui/file/0321ab9427231744eac118feca875d2e4cdefab7fd4b2438fdd6bc148a29f894/detection
# Reference: https://www.virustotal.com/gui/file/0701bbc25b7ebefd61eaeec13bf1f8502b80a266cd4ce6ddfb650832b4d18b86/detection
# Reference: https://www.virustotal.com/gui/file/421c81b27bf6f7932b5ee00d1898195ffb516cbe84fe410c4eba5f3c17c4e9c5/detection
# Reference: https://twitter.com/malwrhunterteam/status/1299375482643927045
# Reference: https://twitter.com/bryceabdo/status/1299369692709236738
# Reference: https://twitter.com/bryceabdo/status/1294044087121858560
# Reference: https://twitter.com/bryceabdo/status/1293198360615231488
# Reference: https://twitter.com/bryceabdo/status/1290330524834201604
# Reference: https://twitter.com/bryceabdo/status/1303324710688628738
# Reference: https://twitter.com/bryceabdo/status/1306226330166464512
# Reference: https://app.any.run/tasks/e2d1a0d7-875b-4ea0-bb60-fc05bb9ea742/
# Reference: https://app.any.run/tasks/7c554c3b-4bb8-47e4-9eb8-9a6827998ebf/
# Reference: https://app.any.run/tasks/ffc1ecff-e461-4474-8352-551db7e7b06f/
# Reference: https://app.any.run/tasks/31076788-db3b-4caa-89de-105c3e389aef/
# Reference: https://app.any.run/tasks/b21034a4-e7b5-4b7b-b914-0f3cbe8296a0/
# Reference: https://app.any.run/tasks/886477ef-ef81-4661-8bc9-43dbe7af8d7c/
# Reference: https://app.any.run/tasks/bb4550be-e808-42ee-b774-6a70b6d20b60/
# Reference: https://app.any.run/tasks/3095963a-5c11-4fe5-ad78-8722bda375e8/
# Reference: https://app.any.run/tasks/ffd4ef2f-756b-41d6-913a-9bf0314d0041/
# Reference: https://app.any.run/tasks/c034a9dc-85e2-40ce-b7bf-ea37f35c0c56/
# Reference: https://app.any.run/tasks/cd200345-e7e3-4efe-b72e-84535c477b66/
# Reference: https://app.any.run/tasks/0d8bd7ea-5b29-4772-be98-01727944dd8e/
# Reference: https://app.any.run/tasks/2b091597-7999-4927-a0d5-8f2fefb2f828/
# Reference: https://app.any.run/tasks/5059012f-55e1-4407-9ef7-ccc962d1fc5e/
# Reference: https://app.any.run/tasks/73532d2a-c4c9-415a-8f2c-6f1bed1c5821/
# Reference: https://app.any.run/tasks/aa5d7890-1ab8-4fea-ac36-49f1a8e1611f/

# Note: CobaltStrike, CrowdStrike

http://101.132.33.79
http://103.140.228.201
http://104.243.34.50
http://106.13.84.99
http://112.74.33.227
http://114.67.98.102
http://116.85.25.159
http://120.79.218.54
http://120.79.51.94
http://121.43.238.160
http://129.204.227.27
http://130.204.52.112
http://142.93.5.32
http://149.129.72.37
http://154.92.16.126
http://155.94.133.110
http://172.245.153.150
http://18.195.207.204
http://218.253.251.90
http://218.253.251.100
http://31.14.40.55
http://45.66.250.14
http://45.78.67.211
http://45.80.191.125
http://45.119.117.102
http://45.145.185.188
http://46.166.128.234
http://46.8.198.25
http://47.105.143.181
http://49.12.104.241
http://51.77.103.125
http://62.60.135.22
http://69.64.49.110
http://78.142.18.157
101.132.33.79:443
101.132.33.79:4527
103.117.137.34:3322
103.214.168.176:443
104.233.224.237:4389
104.27.158.158:8080
104.27.158.158:8443
104.27.159.158:8443
106.13.84.99:23333
106.13.84.99:8989
106.14.82.209:8443
106.15.106.246:8888
106.52.228.232:8888
106.75.8.237:8899
107.174.144.153:9002
109.235.70.99:443
114.67.98.102:30900
114.67.98.102:7799
116.85.25.159:12358
116.85.25.159:39999
117.50.63.248:40080
118.24.108.239:8000
118.89.59.179:8123
120.79.218.54:9999
120.79.51.94:8080
120.79.51.94:8443
121.199.46.249:3333
121.199.46.249:4444
121.199.46.249:9000
121.199.46.249:9090
121.36.102.227:443
121.36.102.227:7777
121.36.102.227:8888
121.36.149.225:4444
121.36.149.225:6677
121.36.149.225:6699
121.36.149.225:7788
121.36.149.225:7799
121.36.149.225:84
121.36.149.225:85
121.36.149.225:88
122.114.162.219:4568
122.51.34.238:4445
123.206.41.254:8888
129.204.227.27:44521
124.70.151.66:8888
135.181.49.38:443
139.196.171.222:12080
139.196.171.222:9999
139.196.86.63:11111
139.196.86.63:11112
139.196.86.63:12331
139.196.86.63:12345
139.199.158.84:14333
139.199.158.84:14433
139.199.158.84:2333
139.199.158.84:55533
139.199.158.84:8091
139.224.239.145:2333
139.224.239.145:6666
139.224.31.47:6578
149.129.54.16:8082
152.136.147.116:8848
154.206.40.42:5555
154.92.16.126:7779
155.94.133.110:4000
155.94.133.110:443
162.244.80.177:443
167.114.205.47:443
172.245.153.150:443
172.245.153.150:81
172.67.186.150:8080
193.112.99.77:8888
194.135.81.96:443
194.156.133.23:8008
218.253.251.90:8001
3.6.98.232:443
39.101.207.158:12358
39.101.207.158:39999
39.101.174.221:12358
39.101.174.221:39999
39.97.243.151:8080
39.98.140.30:443
42.159.7.101:7255
42.159.7.101:8633
45.76.158.91:443
45.76.158.91:6666
45.76.209.19:80
45.78.67.211:777
45.80.191.125:888
47.104.129.249:14444
47.104.84.3:8000
47.105.143.181:8885
47.115.37.55:8111
47.93.16.255:12344
47.93.231.121:11111
47.93.231.121:18080
47.93.231.121:50443
47.93.231.121:55555
47.93.231.121:8080
47.93.254.49:666
47.95.32.44:5566
47.97.160.248:4443
47.97.160.248:44444
47.97.160.248:44445
47.97.160.248:8000
47.98.172.161:8081
49.233.73.185:1234
49.233.78.35:8888
49.235.199.136:20480
49.235.166.224:12406
59.110.213.182:12345
59.110.213.182:443
59.110.213.182:8888
60.205.215.23:8001
66.42.39.79:443
78.142.18.157:443
8.210.181.149:16678
8.211.19.217:443
81.68.136.238:8891
91.241.19.10:443
97.64.22.226:1080
97.64.22.226:443
116.85.25.159:39999
116.85.25.159:12358
202.182.110.58:443
8.210.181.149:16678
121.36.149.225:82
211.159.158.117:1233
173.82.26.59:9090
198.13.51.69:88
206.189.42.30:9002
101.201.65.35:8080
49.233.13.210:8443
amlakist.com
pwspaic.com
paic.website
haha.autohome.com.cn
androidtopapp.com
bankshopstars.site
cashihash.com
cashtil.com
cdn-cloudflare.org
checkbacktill.com
cob.wolt.services
cofeedback.com
computerupdate2020.microsoft.com
consultane.com
dr0pbox.myftp.biz
dukeid.com
ec2.amazzed.top
ec4.wddiosp.net
jahjaho.net
microsoftdoc.live
moffice365.live
robotvice.com
websitelistbuilder.com
typiconsult.com
image91.360doc.com
welcome.toutiao.com
payroll.blogtodaynews.com
zalofilescdn.com
mcafee-endpoint.com
microsoft-bj.ml
microsoft-shop.com
microsoft365.ga
microsofts.download
mrnxvdm.tk
nortonupdate.com
office365-update.servehttp.com
omnomnom.group
reportsbank.com
sharepoint-update.com
signup-now.com
hosting-64.xyz
netf30813.monster
pipelevel64.xyz
2-server.xyz
media64.xyz
netw32.xyz
pipe-64.xyz
robertstratton.xyz
rogerwlaker.xyz
onlinestephanie.xyz
jarredlike.xyz
vhvh.pw
xyxyxt.net
unwomen.org/jquery-3.3.1.min.js
prodibi.com/jquery-3.3.1.min.js
oriental-residence.com/jquery-3.3.1.min.js
atakai-technologies.online
amatai-technologies.site
akamai-technologies.website
amamai-tecnologies.digital
amamai-tecnologies.space
amatai-technologies.digital
faisal-cv.com
vzproxy.verizon.com
winsecurityupdate7x32.org
updatesecurity64win.org
winupdate7x32.org
winupdate7x32.net
securityupdatewin32.org
dealeva.com
dombug.com
goodroy.com
keyisa.com
paraget.com
peernew.com
stephq.com
toproy.com
freesectest.ml
winservsec.com
studentedu.hk.appledaily.live

# Reference: https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html
# Reference: https://otx.alienvault.com/pulse/5ef1091a9653016c3a10d2c8

http://134.209.196.51
http://134.209.200.91
http://139.59.1.154
http://139.59.79.105
http://139.59.81.167
http://157.245.78.153
http://165.22.201.190
http://188.166.14.73
http://188.166.25.156
http://202.59.79.131
139.59.1.154:8201
202.59.79.131:8080
tecbeck.com

# Reference: https://app.any.run/tasks/073d7bd4-4118-4a60-b0c6-7fcb99261fe2/
# Reference: https://app.any.run/tasks/0c2a5bd1-3a04-4bf2-90db-370040821288/

193.203.14.162:7898
45.138.72.132:80

# Reference: https://app.any.run/tasks/148aea5f-232c-4696-9c31-e37ddba65513/

192.119.110.130:443

# Reference: https://app.any.run/tasks/6409d356-c7dc-4a74-83cb-14e03436f243/

42.159.86.214:8080

# Reference: https://twitter.com/bryceabdo/status/1250501636201512965

microsoft-ns1.com
office365upgrade.com

# Reference: https://twitter.com/bryceabdo/status/1306593639217283073

msdn64x7.net

# Reference: https://twitter.com/bryceabdo/status/1308743381099646976

conwaytools.me

# Reference: https://twitter.com/bryceabdo/status/1308778721797640195

dockerresearchlabs.com

# Reference: https://www.virustotal.com/gui/file/545274ea63b297206e53adfda656e3df67dcb035a847becfa63f8b0d31ad2974/detection
# Reference: https://www.virustotal.com/gui/file/1e8a375aca4a4e10e6c002eea55737b98651c59a5e075db9cd3fc66b6c826c20/detection

http://116.63.179.203
116.63.179.203:8080

# Reference: https://www.virustotal.com/gui/file/3ea3a1629e806031a53acca9937f0a61f6bc6768a8cd1a22edb4ad0ac4bd158a/detection

118.31.63.29:4444

# Reference: https://www.virustotal.com/gui/file/fae0bb1e37cda8c9d0ebf08512f3fda50fe09a0852e86fed52c741c72e4e2006/detection

microsoftupdates.ml

# Reference: https://twitter.com/malwrhunterteam/status/1307004506090205184
# Reference: https://www.virustotal.com/gui/file/6cd20654fc250ac87991352b57036c4cd65845615d3e76ca708059036725ce84/detection

58.215.157.240:80
58.215.157.241:80

# Reference: https://twitter.com/d4rksystem/status/1306963562129227777

101.32.46.240:443
windows-update.nz

# Reference: https://www.virustotal.com/gui/file/5c0efb94f94503bf22dca20783f649935dc2bce25b1e60f4f717d99f36f7bd8f/detection

47.56.126.243:8443

# Reference: https://www.virustotal.com/gui/file/3c411a8e15a5f9da25398aa9f9a6ce5850d253b6e5b677e316641afbe1ef48ce/detection

http://39.103.129.174
39.103.129.174:8090

# Reference: https://twitter.com/d4rksystem/status/1310600150847455234

checkavail.space

# Reference: https://twitter.com/reegun21/status/1309500548224184322
# Reference: https://www.virustotal.com/gui/file/09f345ed03515edb3e0098c1f7b79a8e93b1ff8189f56eecb8bea47136a152c2/detection

http://188.119.149.108
188.119.149.108:443
18.192.188.29:8001
http://37.1.210.141
molinahealthcare.gq
x.necential.de

# Reference: https://twitter.com/d4rksystem/status/1310962538335662084

154.194.255.61:1112

# Reference: https://www.virustotal.com/gui/file/608f082e569b2e089e1c89a789e1963c108f972d20ea4e0b5114c0661c50fe6a/detection
# Reference: https://www.virustotal.com/gui/file/fffd5fb4107407ecc42df03dec6cc20d164b651879ac0a77455e07d9fc001a6d/detection

185.200.34.175:12345

# Reference: https://www.virustotal.com/gui/file/cd76d1d4806e451e88c98e804bccc696e0d78775c9a4a696e9de1fe732c98846/detection

http://121.37.212.243
35.194.127.200:9090

# Reference: https://twitter.com/d4rksystem/status/1311346316908339200

35.201.229.47:6666

# Reference: https://www.virustotal.com/gui/file/bbcf017b03cd244398f6a69f4543d8c91c13b92fb24988915b8c6528b57d9e30/detection

155.94.135.156:14357

# Reference: https://www.virustotal.com/gui/file/ffb4cb0c66f58bb549fcdaa8a3479add80d7b1f69b71fefe4ea7dc029ec45871/detection

155.94.135.156:4445

# Reference: https://www.virustotal.com/gui/file/3a562c03a7158a1bb8c5afb0ce70bacdc4b7f5f03ea92363403197e58e6e99c9/detection

117.174.113.71:1213

# Reference: https://www.virustotal.com/gui/file/5da35edd8ddc0c4300a7e885ccaf417daf393150d35aad3f1d24a4839dea2e4b/detection

117.174.113.71:65500

# Reference: https://www.virustotal.com/gui/file/e6d37db815eb5f61f76f3dece07af0fbed2542beaf496cd5c4a800cafa70cea3/detection

117.174.113.71:8888

# Reference: https://www.virustotal.com/gui/file/cca380d18764adc6589cb94018c7a3cec6daa125c2909dd26a531c448501c8dc/detection

githubsec.tk

# Reference: https://www.virustotal.com/gui/file/87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388/detection

molinahealthcare.gq

# Reference: https://www.virustotal.com/gui/file/606c40821c82c44ce2990de952de16065d2289e1ffb91e003682675d9b1ec2fe/detection

120.25.123.158:8443

# Reference: https://www.virustotal.com/gui/file/248e6a90db1260061df8dac193d70f237210302479455b7110935066ddc99ee4/detection

154.209.69.6:1234

# Reference: https://www.virustotal.com/gui/file/53dbb408672eef0fb71f27a9fda1e9ec35588c7cd390893e2627dd3acb516459/detection

154.209.69.6:7899

# Reference: https://www.virustotal.com/gui/file/d5191559a3016231a9f1a1d29dae98496d431f31884db7c2572e8e071c014486/detection

http://154.209.69.6

# Reference: https://twitter.com/d4rksystem/status/1312029574331600896

119.45.191.253:8080

# Reference: https://twitter.com/malwrhunterteam/status/1312098094260117504

live-dvb-c.youku.com

# Reference: https://www.virustotal.com/gui/file/7d4657bc4224540eac6992d4b87b2570aefd4a7dfcc3ee7f246f2ff4a291ec71/detection

104.243.19.135:8088

# Reference: https://www.virustotal.com/gui/file/5549083af6734261be7cade3bbadbffdde00b12d8f4f884ec71c9e2ef5306118/detection

104.243.19.135:5678

# Reference: https://www.virustotal.com/gui/file/aa0be24ac6b5aaf757424cf2bc9f4f72321f445ef0ccd28d1e279cebd3ec754b/detection

http://114.80.110.39

# Reference: https://www.virustotal.com/gui/file/81a69e85fc1bf4c6549035ea7d0e8ff5351da4aa015e7fb53f43738b7f8b05e2/detection

http://113.96.179.221
http://36.99.196.220
http://58.49.193.212

# Reference: https://www.virustotal.com/gui/file/a2b3f282a809d01e197ec7c04c96c1971110e8e0d4dc22c7d5c7f16b86150808/detection

123.207.20.180:10015

# Reference: https://www.virustotal.com/gui/file/48b73e0d34194b834c713ad773e4a261c27b4a7b771b54e89e98909e82fdd2f7/detection

123.207.20.180:10070

# Reference: https://www.virustotal.com/gui/file/fcd72dbd60e6b2665d10e5a5d4d480ecd2b3e5fd736d4a526bd22704e4df8269/detection

123.207.20.180:10025

# Reference: https://www.virustotal.com/gui/file/02570bc3de4a4bbe76c33cba3f610820cbc979aec89a683c5b2cc8e044ed158d/detection

123.207.20.180:10035

# Reference: https://www.virustotal.com/gui/file/9f49451812417ec0c359aaf2791ed62d9a9019741134c20d2e3eb222d3a703ca/detection

123.207.20.180:10014

# Reference: https://www.virustotal.com/gui/file/9c2f7b86462774b99bdbc96e24a11723a1edc34a3d98a6a414a78ae5370d06c0/detection

123.207.20.180:10062

# Reference: https://www.virustotal.com/gui/file/84437b68342e0b1fa131b1fcf1dbde90a24462eeb2b86143b52d56957b829dc2/detection

123.207.20.180:10072

# Reference: https://www.virustotal.com/gui/file/bae843b3dcac33a4e812d7cc498358932cca6fdf7e07a742f2d92bd265a1e84f/detection

123.207.20.180:10058

# Reference: https://www.virustotal.com/gui/file/ed59e4cc578bbb125166e58942544cf1bf68393a5ca59b31a2bf2e62a77175d9/detection

139.219.7.217:4430

# Reference: https://www.virustotal.com/gui/file/fab3890bb36681ba07af2ceffdea9fd7bd42626daa4719e69b10cff4f36dfef0/detection

119.28.93.67:8000

# Reference: https://twitter.com/levigundert/status/1312065474927235072

172.241.29.12:3790

# Reference: https://www.virustotal.com/gui/file/ebbd2f4eef7ebb924a6f8b0eb9a7a5e0762992bfaca34bf6ab200b905b087bd4/detection

116.85.69.130:443

# Reference: https://www.virustotal.com/gui/file/09cc55acdc1f3241261386a9ba57eb17f2d1ea8570d60f6f91d2ce15a6e80681/detection

42.51.67.111:8611

# Reference: https://www.virustotal.com/gui/file/e4dd5fc22ff3e9b0fa1f5b7b65fb5dfeac24aab741eee8a7af93f397b5720f4a/detection

103.205.7.201:8600
42.51.67.111:8612

# Reference: https://www.virustotal.com/gui/file/4c9a82765eeedefaead451e778eb0a0d3b9a5d6f149e6f005adb637e6be39bf6/detection
# Reference: https://twitter.com/pmelson/status/1312796980473729024

185.174.103.157:443
185.174.103.157:80

# Reference: https://www.virustotal.com/gui/file/a9ca1d6a981ccc8d8b144f337c259891a67eb6b85ee41b03699baacf4aae9a78/detection

178.79.179.200:443

# Reference: https://www.virustotal.com/gui/file/418e111b53bc96cadb2aebd57fe8c9315834c647ccc7aa4ee5a7cd9e0715fb2f/detection

116.62.174.32:6666
http://116.62.174.32

# Reference: https://twitter.com/ScumBots/status/1313140725383651329
# Reference: https://www.virustotal.com/gui/ip-address/87.121.52.229/relations

87.121.52.229:443
supercombinating.com

# Reference: https://www.virustotal.com/gui/file/452e2b1c870841ea7d8fe7a9b3046206d634a9e4180abea218c06736e129e419/detection

212.64.65.50:53

# Reference: https://www.virustotal.com/gui/file/69dab575d08d749dbaac76f7ae5ca87a83a7f7beb56ccecdf551df54c7a13255/detection

116.63.155.102:443

# Reference: https://www.virustotal.com/gui/file/bbe04907b22f077c3b52985b738168cdc970ee5c8f7f25899a45e4d1cdf94b14/detection

39.108.195.174:8001

# Reference: https://www.virustotal.com/gui/file/6b40a7ce3a67ebdcb825f59709576dcc97c7dc2d52d6e4677c790dd326c9f5df/detection

60.190.119.117:8008

# Reference: https://www.virustotal.com/gui/file/466c909ef1e4ee4293acd3999565a5fdbdd226d46d716698bc41581c35f713fa/detection

60.190.119.117:9009

# Reference: https://twitter.com/d4rksystem/status/1313494222872420352

http://144.34.165.136
http://18.159.252.67

# Reference: https://www.virustotal.com/gui/file/4c3d2a07b5ddb595f37cce72ef7cab2b6df27cee6f6d1c83cca15ba6d8798615/detection
# Reference: https://www.virustotal.com/gui/file/e107115c6a844fb98475caaa449474e95e4f562b47f3e45fbf14b643dd13c613/detection

pepesec.azureedge.net

# Reference: https://www.virustotal.com/gui/file/b9bcaaefb5dd8f522945d12a4f6d57a42a6e2db6998a7386144144592b1c0952/detection

103.205.7.201:3320
103.205.7.201:37412
aaabbbccc-liebiao.9pyw.com

# Reference: https://www.virustotal.com/gui/file/b1a82bb2c571f69d88aa28b70e231b8a249aeea810179e3762304d66695c4d2b/detection

103.205.7.201:8001

# Reference: https://www.virustotal.com/gui/file/9f8deedba4e28c66d5f597d7031b0160425b3a90fa5c2297bcad097f9e7096eb/detection
# Reference: https://www.virustotal.com/gui/file/10433791ae6fecb3d1f8801e168a8d8230056d59390ab6405cf0dbdf424ebb2b/detection

45.32.62.213:8880

# Reference: https://www.virustotal.com/gui/file/36a2e64665dbea84776253e15bd8bc9cebfb647e085fcfee50f24e3b0b4c7582/detection

207.148.118.99:443
jsc.aliyunsdn.com

# Reference: https://twitter.com/malwrhunterteam/status/1314558847588143105
# Reference: https://www.virustotal.com/gui/file/236f333149df4e6a888330f98453f2ed2b5175a9dc5f7c9b3375ab89d916627c/detection
# Reference: https://www.virustotal.com/gui/file/bc4e902a2fb6d9224587212fa4ca49133f2f6b5e4dcdfee2f71dd5ff85a68a66/detection

139.155.91.159:21001
45.32.207.129:21001
host.360-update.com

# Reference: https://www.virustotal.com/gui/file/cca109052df824b750402bf3302102be844e8c0a1ae70ce322035f4c17a12f21/detection

http://45.86.163.86

# Reference: https://www.virustotal.com/gui/file/759501730757f599f2e3934f452f127c765300fdca9fce57cd9590647d6d1684/detection
# Reference: https://www.virustotal.com/gui/file/959244b071e6762f42dc5c22f237a20f56c9df60218fb0673d37450ad74282fb/detection

104.24.110.22:2095
104.24.111.22:2095
172.67.219.38:2095
usahack.xyz

# Reference: https://www.virustotal.com/gui/file/7d95da7bd7f521b988809acd34e37b4fa956e3612398447ed12c67d8c6508d5c/detection
# Reference: https://www.virustotal.com/gui/file/d0d31768cde303eb954ae5209a415c7f551f3f701a1cb43a68c97f86386cb057/detection

http://103.152.132.23
103.152.132.23:443

# Reference: https://www.virustotal.com/gui/file/fbd2233ff798f26fb3998f5149af251f07fe4fa06b255dd6b991a569ae8097d5/detection
# Reference: https://www.virustotal.com/gui/file/1b0318224a1d139510139e1765c5e7b1295fc29c0ee861ea33a1ff4f68a93023/detection

13.67.239.91:443
api.pcocot.com

# Reference: https://www.virustotal.com/gui/file/0fffc765338044eccefa1984d3c52e1a37d21f780d9cf3cba56b80fef84518bd/detection

120.79.244.41:7878

# Reference: https://twitter.com/d4rksystem/status/1315672322762825729

http://194.99.21.202

# Reference: https://app.any.run/tasks/03ec2e4c-e5be-4f8b-a1d9-ca4fd51db517/

http://45.32.32.95

# Reference: https://www.virustotal.com/gui/file/9ca0885bc44fc50015d2db4775a8b16272805ee4f5fd2bab5b6371c8ae576348/detection

45.32.1.7:2233

# Reference: https://twitter.com/d4rksystem/status/1316035968340766726
# Reference: https://www.virustotal.com/gui/file/a0578b73f58e8cf479f9c69d1e8ad29977359dd6121a0be234e58df476a26dd6/detection

54.179.204.35:443
msregistrar.com

# Reference: https://www.virustotal.com/gui/file/ae6ca525ecf445ed86bd0d8a9b917afacfc45b54243dcae1e5578cfd3369b5e5/detection
# Reference: https://www.virustotal.com/gui/file/e031505f9fc872531f9d8718d342ca7fdd90585efdac2198a69374f79776f310/detection
# Reference: https://www.virustotal.com/gui/file/68eb410bd9e172538dcd99bd3c0c1bbf2754117c4de6772cf1bdf537ad990c76/detection
# Reference: https://www.virustotal.com/gui/file/af94d92e216aa5d2ad6f11de234e9d23b313f08fb5cc8d376212a43128caa595/detection

104.31.89.151:2083
104.31.89.151:8880
172.67.148.251:2083
z652.com

# Reference: https://www.virustotal.com/gui/file/0d66c2fbe562a48e10c2f3d728f26dec2b8de81a78552928a35e57ee7501e495/detection
# Reference: https://www.virustotal.com/gui/file/7e2204fcc0bf11d3dd9273178ed3e7ac1acd812a6053b77904a0771e3d5ae7fb/detection
# Reference: https://www.virustotal.com/gui/file/7bef980f2d19a5f122432902b760af9ca36e7eb0fea31c5e276a92d2c7727733/detection

http://145.249.106.231

# Reference: https://twitter.com/d4rksystem/status/1316423524882345984

http://194.87.95.167

# Reference: https://twitter.com/malwrhunterteam/status/1316668613747597312
# Reference: https://www.virustotal.com/gui/ip-address/109.201.142.110/relations
# Reference: https://www.virustotal.com/gui/file/f90129b0d41a4602f9a9ab2377fbab2fb59b0c3044fd86b1944671216b62aa4f/detection
# Reference: https://www.virustotal.com/gui/file/b6e8845304e6e747baffabb5f041201231eed8c2b27eeb0b2b22128e69f0038b/detection

109.201.142.110:443
forteupdate.com

# Reference: https://twitter.com/kyleehmke/status/1316727958661476353
# Reference: https://twitter.com/kyleehmke/status/1316727959735205897
# Reference: https://twitter.com/kyleehmke/status/1316727960666284033
# Reference: https://www.virustotal.com/gui/ip-address/45.147.229.52/relations
# Reference: https://www.virustotal.com/gui/file/4544b478b2029ec38eb4bda111741a10f0684e38f1b29ce092b93df882d11f9e/detection
# Reference: https://www.virustotal.com/gui/file/2376a8da650c124b3d916765f82929b4109f20bc4f211a39a4d1cd4391780d1f/detection

45.147.229.52:443
45.147.230.131:443
ate-cic.com
backup-helper.com
backup-leader.com
backup-simple.com
bakcup-checker.com
bakcup-monster.com
boost-servicess.com
itsme-belgie.com
nas-leader.com
nas-simple-helper.com
online-activering.com
service-checker.com
service-leader.com

# Reference: https://app.any.run/tasks/cc2dbd61-ce6a-43e3-b078-c5a4fca5d84e/
# Reference: https://www.virustotal.com/gui/ip-address/185.153.198.124/relations

185.153.198.124:443

# Reference: https://www.virustotal.com/gui/file/7a6c30e910938a30bbd5928e2e1d80020148c3e7862d6059b83cde816a139e4c/detection
# Reference: https://www.virustotal.com/gui/file/868f5c21ea3610220291376f0f0840e1bf48e42e117c8cffe25c8f728f3ea53d/detection
# Reference: https://www.virustotal.com/gui/file/f2dd98c4956ba7ddf88cf6038d7c0fa2619e33e7c1ac37d36f6583b596bf6e75/detection

http://42.194.215.224
42.194.215.224:443
42.194.215.224:50001

# Reference: https://www.virustotal.com/gui/file/20b8d8491a64104cad453e037a8cc68c489679e8e070d74f3186c21f918bcdcb/detection

104.27.159.224:2086
charismatic-guy.me

# Reference: https://twitter.com/d4rksystem/status/1317118108696334341

155.94.151.222:443
http://156.239.157.66
http://207.148.102.51

# Reference: https://www.virustotal.com/gui/file/db38d9b23211526933e20a725cc0a21106e4b960565ecbbd8bb8ecaa45acfb4c/detection
# Reference: https://www.virustotal.com/gui/file/c74ad1f1d812516367adedc579e9cace3fbb38400bd372ff2baa476eb076eb73/detection
# Reference: https://www.virustotal.com/gui/file/2546cf19855a5772834dcbd41fbc9206946c6c9953243edc96831e9d667677e8/detection

pepesec3.azureedge.net
pepesec3.ec.azureedge.net

# Reference: https://www.virustotal.com/gui/file/f092ffd1167579c7d0314f654ed25432da3e4cbc8b48b58fd6ed3a16d6f186ed/detection

101.37.85.106:7555

# Reference: https://www.virustotal.com/gui/file/f30cc30aaf88b4470250880cb2da47807d1d4985f843b18c00d2e51ac78131b6/detection

101.37.85.106:8080

# Reference: https://www.virustotal.com/gui/file/5e91ff40d85e197751696bb1f6ab66055b6408ef99bfc12e54f27fc4f7674268/detection

101.37.85.106:9988

# Reference: https://app.any.run/tasks/fbd0a347-e914-470c-97b1-e3275d619357/
# Reference: https://www.virustotal.com/gui/file/c9d9e4e25c1b8672d126d8269fa64643b17314515c6ed0fc33c12fed0f69ce63/detection

huawei-promotion.com
home.huawei-promotion.com

# Reference: https://twitter.com/malwrhunterteam/status/1318109081882841088
# Reference: https://www.virustotal.com/gui/file/d2eee2fa771e54c1a44cfc4d40eef50be4776a25987b72633f7b91faf2302092/detection

217.12.218.199:443

# Reference: https://twitter.com/kyleehmke/status/1318154835183677440

best-backup.com
best-nas.com
bestservicehelper.com
simple-backupbooster.com
simpleservice-checker.com
top-backuphelper.com
top-backupservice.com
top3-services.com
topbackup-helper.com
topbackupintheworld.com
topservice-masters.com
topservicebooster.com

# Reference: https://twitter.com/kyleehmke/status/1319575445600428035

backups1helper.com
driver-boosters.com
driver1downloads.com
service-hel.com
service1update.com
service1view.com
servicehel.com
servicereader.com
top3servicebooster.com
view-backup.com

# Reference: https://www.virustotal.com/gui/file/8cc100635c5b90972a8001ad8a7160ed6be058e077eef9cdf437cd1805eaf104/detection

52.14.54.251:443

# Reference: https://www.virustotal.com/gui/file/f205dd34ad12009018bd7318b552ceb7c3413a3d3ed54dc5af76247fd1290d5a/detection

bullheadcitybee.us
westharrison.org

# Reference: https://app.any.run/tasks/d11dc06d-229b-48ed-ad75-cf39571b10ee/

46.8.180.147:443

# Reference: https://app.any.run/tasks/95038ae0-03ab-4fa9-a14c-cc3abd7c849a/

http://103.228.130.104/updates.rss

# Reference: https://app.any.run/tasks/45879790-4707-46b7-a12b-f4043e360feb/

http://173.234.155.231/ga.js

# Reference: https://app.any.run/tasks/4106d3df-1efc-479f-9539-b00ed7cc1dbb/

172.247.123.118:9080

# Reference: https://app.any.run/tasks/5fc7e87e-c219-4a94-8dd9-f7d95c4d68e5/

160.124.49.133:7777

# Reference: https://app.any.run/tasks/6344a790-6098-4f2f-8940-c47fc3d10a7b/

http://37.221.113.120/push

# Reference: https://app.any.run/tasks/6d22ffda-7494-4139-8752-a73c70c4f984/

144.168.63.190:8082

# Reference: https://app.any.run/tasks/6725e2c2-9de5-4f6e-8929-519b4a6a99e6/
# Reference: https://app.any.run/tasks/8d7f1fb5-6beb-47b5-ad78-c441e3133ceb/

http://45.146.165.142/IE9CompatViewList.xml
http://45.146.165.142/cm

# Reference: https://app.any.run/tasks/27cf987c-943c-48e7-ab21-9aeec430b242/

198.13.32.247:8000

# Reference: https://app.any.run/tasks/faca4fb3-89e9-4e22-af0e-f0abfe347172/

139.180.188.22:888

# Reference: https://app.any.run/tasks/419868a6-3152-48be-8cc9-379d636ce9a9/

http://109.234.34.116/push

# Reference: https://app.any.run/tasks/15e8bd10-0b7a-4486-89bb-f8204514397f/

http://172.81.212.89/push

# Reference: https://app.any.run/tasks/fdb56336-1231-4fbc-a460-998246103eaf/

http://202.182.117.241/load

# Reference: https://app.any.run/tasks/abd0ee54-f91d-485f-bd0c-f827368da494/

http://81.68.140.178/g.pixel

# Reference: https://app.any.run/tasks/793f930a-e893-40c6-8444-763d708190b3/

http://139.224.116.161/push

# Reference: https://app.any.run/tasks/e6240347-3e5a-4ee1-9cdf-616666b19475/

http://207.154.250.85/g.pixel

# Reference: https://app.any.run/tasks/d1861257-be9c-4cfd-999d-8ea0288b4d77/

http://45.141.84.212/push

# Reference: https://app.any.run/tasks/e448fa2a-b57f-4aa2-af20-dd7ca2a85f50/

http://45.146.165.227/updates.rss

# Reference: https://twitter.com/malware_traffic/status/1318713989371756544

http://104.238.134.63/submit.php
http://104.238.134.63/updates.rss

# Reference: https://app.any.run/tasks/1a9e61d4-813d-48f8-94c0-1fea1e7e1118/

http://45.141.84.218/visit.js

# Reference: https://app.any.run/tasks/afbf9daf-f83e-413b-b8f6-27028d8e9622/

47.75.251.9:8888

# Reference: https://app.any.run/tasks/4dab1cc1-6627-468e-9c74-b6caa512f91d/

http://83.220.172.27/g.pixel

# Reference: https://app.any.run/tasks/a9bc0914-a647-4a2a-8ee5-1bf72011354e/

http://117.78.1.204/pixel.gif

# Reference: https://app.any.run/tasks/3fd032a3-3c13-41a2-8fc6-63e25fbf4b14/

flash-load.ml

# Reference: https://app.any.run/tasks/9b1ced11-696c-48e6-ad44-b47253d1fe0d/

47.94.196.194:8888

# Reference: https://app.any.run/tasks/8ae79b03-edda-4e8c-8515-0115727b2c45/

conf.azureedge.net

# Reference: https://app.any.run/tasks/b5a83b7c-50fe-46de-a36d-efdbdbc46a11/

kalicobalt.ddns.net

# Reference: https://app.any.run/tasks/e4f1997e-d40d-43f4-8efc-8a09ce3502ed/

47.97.164.40:8080

# Reference: https://app.any.run/tasks/be7683e4-c5ea-4aa7-a83b-ba0782a83d2e/

93.115.21.43:8080

# Reference: https://app.any.run/tasks/ac5be7de-e06b-4038-9765-7a9a89e76cbc/

158.247.211.216:8080

# Reference: https://www.virustotal.com/gui/file/2a2ee5c57f94511369b7f3d3a1d0c0547599f8578892c3e717af700dcde1ddf6/detection

node.podzone.org

# Reference: https://www.virustotal.com/gui/file/fddcc86a7c20b70f58f7f0d9d9c61a6eff5342b0d8510889616fe26e99c04035/detection
# Reference: https://www.virustotal.com/gui/file/9675f832a7dfda9e5cbbc6ae409b8d630392e56c29fe4e110d27134100e31d52/detection

http://5.79.119.191/ga.js
5.79.119.191:8080

# Reference: https://www.virustotal.com/gui/file/8b8ffeec1b276b158b8c2334dbcac254135c4dbbbe66637bfcf2bcef39a2f5cd/detection

45.134.168.146:6868

# Reference: https://www.virustotal.com/gui/file/452e2b1c870841ea7d8fe7a9b3046206d634a9e4180abea218c06736e129e419/detection

212.64.65.50:53

# Reference: https://www.virustotal.com/gui/file/bbe04907b22f077c3b52985b738168cdc970ee5c8f7f25899a45e4d1cdf94b14/detection

39.108.195.174:8001

# Reference: https://app.any.run/tasks/b20786f0-36d7-4377-87ac-8fb2747d6c95/

iqio.net

# Reference: https://app.any.run/tasks/5323d269-3367-4bdb-b189-5847f35646c1/

43.226.155.154:443

# Reference: https://www.virustotal.com/gui/file/857a50958036298fb9869190575990b36ec13885f0588c7f31da01a8f63fdefd/detection
# Reference: https://app.any.run/tasks/d83bf908-159e-42de-a656-b2924b2c1761/

http://104.238.134.63

# Reference: https://www.virustotal.com/gui/file/2a2ee5c57f94511369b7f3d3a1d0c0547599f8578892c3e717af700dcde1ddf6/detection

185.161.210.189:443

# Reference: https://twitter.com/malwrhunterteam/status/1318904041590718469
# Reference: https://www.virustotal.com/gui/file/836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599/detection

topbackupintheworld.com

# Reference: https://twitter.com/kyleehmke/status/1318896410687885312
# Reference: https://twitter.com/kyleehmke/status/1318896411757498375

backup1helper.com
backup1master.com
boost-yourservice.com
checktodrivers.com
driver1master.com
driver1updater.com
driverdwl.com
godofservice.com
service1updater.com
viewdrivers.com

# Reference: https://www.virustotal.com/gui/file/a32e37ae08d6a723dff7313d96bc7e23fe9b7db18295e2916f3c935530329919/detection

frontend.physicsandcs.me

# Reference: https://twitter.com/d4rksystem/status/1318960239513804801

213.164.204.7:443

# Reference: https://twitter.com/pancak3lullz/status/1318990219824287744

http://195.123.246.33
103.143.81.177:443
106.52.152.85:443
123.56.228.208:8484
47.100.12.121:7890
47.244.3.176:39002
49.233.155.141:7001

# Reference: https://app.any.run/tasks/d400a6c0-38ce-4242-aadb-e08c96913608/

http://209.126.119.186/YeQM
http://209.126.119.186/cm

# Reference: https://www.virustotal.com/gui/file/315a3095062001ec75a2e4e9bf2b068ce840860c218d4c4b408eb39706578951/detection

test.praetorian-threat-hunt.com

# Reference: https://www.virustotal.com/gui/file/d3a62b4a0b738173562b0323780bf1f0f56f4a8c2258a669447f75e6e2c341aa/detection

47.103.205.254:8081

# Reference: https://www.virustotal.com/gui/file/9300ae74258f6f1d8e2186636fbf9f3f689983b53d3d56245766496552edd257/detection
# Reference: https://www.virustotal.com/gui/file/0732084ec0399e14fddab091557d7d3ef6b0ccf613f6910803c33727954e7c33/detection

120.78.196.37:8888

# Reference: https://www.virustotal.com/gui/file/da725957d24a193350af135631ab7b286983caeaa1619b61c2535aa1794575c2/detection
# Reference: https://www.virustotal.com/gui/file/2a644f9a1caee7aebd48c9bb630fe6908f05c9bf16cdf5c892fe5d46f669433c/detection

47.98.105.114:8888

# Reference: https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/

havemosts.com
quwasd.com

# Reference: https://twitter.com/malwrhunterteam/status/1319353040785330176
# Reference: https://www.virustotal.com/gui/file/22231ae860d3e69476c2b697403e42e941bea53e244bfd2e7ebf47e527da2f1a/detection
# Reference: https://www.virustotal.com/gui/file/7714576e5255b891f909e82ef775d38a595ea4188c61af82b640194c53cd6a16/detection
# Reference: https://www.virustotal.com/gui/file/4f7dd00a005caf046dd7e494fea25be2264974264d567edfc89122242b7c41bc/detection
# Reference: https://www.virustotal.com/gui/file/6a539aaded06c2fb9dc8466e8d98f5413d53c5e0e75db61989332e9998b7a76c/detection

173.232.146.37:443

# Reference: https://app.any.run/tasks/3d9decdf-154d-4225-9ccb-dd246ac80875/

139.162.161.211:13541

# Reference: https://www.virustotal.com/gui/file/5c2d669c29bf38e23703703a396d53917f0822d5f599ff3df212319cb755ebee/detection

http://47.98.118.25/j.ad

# Reference: https://www.virustotal.com/gui/file/0e06fd34e65536711149762f673f5d884f6b2bb469198f09f4917dc29957a7e6/detection

47.98.118.25:8000

# Reference: https://www.virustotal.com/gui/file/4ee861177122b8cd8bb560eb3ea1897895be00aab79071b3b4792ef80689dde4/detection

132.232.80.78:8520

# Reference: https://www.virustotal.com/gui/file/93378648feffe8e9f40d3c72d98ea7ee5537a7019c9b49bfa7a2f3c1bcf5e6a2/detection

132.232.80.78:8052

# Reference: https://www.virustotal.com/gui/file/7e41151b49920e8fbe014814bd28afbb306d98fd9e45030326fb943c9ff91015/detection

132.232.80.78:5438

# Reference: https://www.virustotal.com/gui/file/af1114bfdff6f3fef37685976e500f20d4db1e94173957ed9f539ebb48ae0ad6/detection

144.34.218.157:23333

# Reference: https://www.virustotal.com/gui/file/7f4b50d2a55c50ac53bc04cd5b6733f659aff46597c65bdda38ce6f1a1deb843/detection
# Reference: https://www.virustotal.com/gui/file/deb398aa4b335f7c0c6f3a7a63ce46f60c21ada112a2ab76995f277ff1f97d3f/detection
# Reference: https://www.virustotal.com/gui/file/49d2bfac6f67d27805524c41ea6f29f965ebf4aba0ce6995b0639a09ce852962/detection
# Reference: https://www.virustotal.com/gui/file/f57dc2131a87e7cad9b18c82b8efb215d1c985c43764751431cce2a9374b93eb/detection

news.gfstaxadvisory.com

# Reference: https://www.virustotal.com/gui/file/ebbec6471d6aefea65e705cbced4ccc934bd09e81046c476d70e8b9ef0f1e9db/detection

104.239.178.204:8080
reward-firstenergy.azureedge.net

# Reference: https://www.virustotal.com/gui/file/df6b79b9b98b3832d6fde2b99906e1a93cf1a5e2a848ee5c42fc7ed48216c1aa/detection

173.82.110.209:443

# Reference: https://www.virustotal.com/gui/file/5daf37825cdc2b41a078b9a4b73c62700c2a6e41ae7d696b3fa644310109c253/detection

binbong.net

# Reference: https://twitter.com/James_inthe_box/status/1319742462693314561

office-cdn6.azureedge.net

# Reference: https://www.virustotal.com/gui/file/623332bed79f64a1eb61b00ef5b6578c1a61cec774ec9471aff8931a80e7e5e4/detection
# Reference: https://www.virustotal.com/gui/file/6979ec25a08584254fa65eeb6c1afafce160e41d90020feb7a200c0820fa79a8/detection

tothesky.merseine.com

# Reference: https://www.virustotal.com/gui/file/d8b888596f39303218f057514f02ab7203c8a48728b2eacce84c7fd0896d670f/detection

121.36.252.20:881

# Reference: https://www.virustotal.com/gui/file/84afb641bdcfca87b509c1b97783705557e9be5bf6dcb7932806540f7afe35dc/detection

121.36.252.20:882

# Reference: https://www.virustotal.com/gui/file/10c60f8438d275a4d778a8017e963eb78d2b1ba9bb7df601018a49ac6afbf3aa/detection

121.36.252.20:999

# Reference: https://www.virustotal.com/gui/file/867a132629eb3616f1d466d05fd0ebda770ef5edad04002d542af1f2911c6adf/detection

121.36.252.20:1111

# Reference: https://www.virustotal.com/gui/file/6e78a9c4b51c808bf9ecb4bd2b93ccffb4eab0a831386e32561c371f5e629f18/detection

49.235.252.199:12305

# Reference: https://www.virustotal.com/gui/file/6fb246e17e3b442a24cae411f061e986b9c847233129808d4319bb538869a701/detection

81.69.14.19:13355

# Reference: https://www.virustotal.com/gui/file/3b18371984244b90ee23c8fd5b2b75d278749f81027930152fa1b0730762b4ea/detection

81.69.14.19:33899

# Reference: https://www.virustotal.com/gui/file/f46c27806c51b9ca44d349fea8f6041445c1c3580a3658511dd8db94fbbb18c9/detection

ssl.cccccsssss.com

# Reference: https://twitter.com/kyleehmke/status/1321370267025727488

idriveboost.com
idrivecheck.com
idrivedownload.com
idrivedwn.com
idrivefinder.com
idrivehepler.com
idriverrs.com
idriveupdate.com
idriveview.com
service1boost.com
service1upd.com

# Reference: https://www.virustotal.com/gui/file/cb896a1dfc536a1dae13bf96c44d4296ec12ce5f423347872ec18f2e5d27e286/detection

http://81.71.34.172/IE9CompatViewList.xml
http://81.71.34.172/L5rj

# Reference: https://www.virustotal.com/gui/file/d6b93583d2c8d20f8875011a119f12ac9f75c5c40710dbf8a6a78a1621fd9758/detection

139.9.55.197:446

# Reference: https://www.virustotal.com/gui/file/d5d18dc766092ff6930e01f8245f61239e3546292cbba98eee4ff2a0f7a64048/detection

148.70.139.64:1221

# Reference: https://twitter.com/malwrhunterteam/status/1321421801440858112
# Reference: https://www.virustotal.com/gui/file/fe75f7b188da991162296d782d906b30b5be301e2234aac1b0b3714b742205f4/detection

123.57.241.254:81
182.92.3.93:5678

# Reference: https://www.virustotal.com/gui/file/3e5712bbacb8a667457d554e86a66b8d0a0c6f4c580062b18bfba6d33124c50a/detection

95.179.141.5:9999

# Reference: https://www.virustotal.com/gui/file/25ed94591db7227a89568c088d7acc6cc06d339d4af3b300cba306c89aa67642/detection

148.72.211.222:7777

# Reference: https://www.virustotal.com/gui/file/940256445907dff1f5151a7aca61841d7aa29ee9ff47f99b9b4bc57cbbebb50f/detection

http://160.119.79.88

# Reference: https://www.virustotal.com/gui/file/0e723e0b0ec849c9d9b2b6b6410ba03cd184f03301470c57da662ec84eed0bf7/detection

high.vphelp.net

# Reference: https://www.virustotal.com/gui/file/f345e5048ec968417d288cb9e01d50bd262be45c18db1552af30380a3902626f/detection

360bug.net

# Reference: https://twitter.com/malware_traffic/status/1321482374044069888
# Reference: https://twitter.com/malware_traffic/status/1321182175916679168
# Reference: https://www.malware-traffic-analysis.net/2020/11/04/index.html
# Reference: https://twitter.com/sS55752750/status/1332491880861487104
# Reference: https://www.virustotal.com/gui/file/e765b7584834e1438df2865e24651067c59d50dc165ace09e293d295b6e90843/detection

http://185.153.199.166/match
http://185.153.199.166/pixel
http://69.30.232.138/activity
http://69.30.232.138/GJRy
http://69.30.232.138/submit.php

# Reference: https://twitter.com/d4rksystem/status/1321496952358555655

http://103.80.27.87
http://104.238.134.63
http://209.126.119.186

# Reference: https://twitter.com/d4rksystem/status/1319292434136895488

158.247.212.131:1080
http://194.99.21.202

# Reference: https://gist.github.com/aaronst/6aa7f61246f53a8dd4befea86e832456 (# UNC1878)
# Reference: https://otx.alienvault.com/pulse/5f99dd6b17da45dfb9dc296e

aaatus.com
actionshunter.com
avrenew.com
ayechecker.com
ayiyas.com
backup-helper.com
backup-leader.com
backup-simple.com
backup1helper.com
backup1master.com
backup1service.com
backup1services.com
backupmaster-service.com
backupmasterservice.com
backupmastter.com
backupnas1.com
backups1helper.com
bakcup-checker.com
bakcup-monster.com
best-backup.com
best-nas.com
bestservicehelper.com
besttus.com
bigtus.com
biliyilish.com
bithunterr.com
blackhoall.com
boost-servicess.com
boost-yourservice.com
boostsecuritys.com
boostyourservice.com
bouths.com
brainschampions.com
bugsbunnyy.com
cantliee.com
caonimas.com
chainnss.com
chalengges.com
cheapshhot.com
check1domains.com
check4list.com
checkhunterr.com
checktodrivers.com
checkwinupdate.com
chekingking.com
ciscocheckapi.com
cleardefencewin.com
cmdupdatewin.com
comssite.com
conhostservice.com
cylenceprotect.com
daggerclip.com
debug-service.com
defenswin.com
developmasters.com
dotmaingame.com
driver-boosters.com
driver1downloads.com
driver1master.com
driver1updater.com
driverdwl.com
driverjumper.com
easytus.com
eighteenthservicehelper.com
eighthservicehelper.com
eighthserviceupdater.com
eithtservice-developer.com
elephantdrrive.com
eleventhservicehelper.com
eleventhserviceupdater.com
errvghu.com
fastbloodhunter.com
fifteenthservicehelper.com
fifthservice-developer.com
fifthservicehelper.com
fifthserviceupdater.com
findtus.com
firstservice-developer.com
firstserviceupdater.com
firstservisehelper.com
firsttus.com
fourservicehelper.com
fourteenthservicehelper.com
fourthservice-developer.com
fourthserviceupdater.com
freeallsafe.com
freeoldsafe.com
gameleaderr.com
getinformationss.com
giveasees.com
greattus.com
gtrsqer.com
gungameon.com
gunsdrag.com
hakunaman.com
hakunamatatata.com
harddagger.com
havemosts.com
havesetup.net
helpforyourservice.com
hungrrybaby.com
huntersservice.com
hurrypotter.com
hybriqdjs.com
idrivecheck.com
idrivedownload.com
idrivedwn.com
idrivefinder.com
idrivehepler.com
idriveupdate.com
idriveview.com
iexploreservice.com
imagodd.com
info-develop.com
jomamba.best
jonsonsbabyy.com
kungfupandasa.com
lindasak.com
livecheckpointsrs.com
livetus.com
loockfinderrs.com
loxliver.com
lsassupdate.com
lsasswininfo.com
luckyhunterrs.com
martahzz.com
maybebaybe.com
microsoftupdateswin.com
mixunderax.com
moonshardd.com
mountasd.com
myservicebooster.com
myservicebooster.net
myserviceconnect.net
myserviceupdater.com
myyserviceupdater.com
nas-leader.com
nas-simple-helper.com
nasmastrservice.com
newservicehelper.com
nineteenthservicehelper.com
ninethservice-developer.com
ninethserviceupdater.com
ninthservicehelper.com
nomadfunclub.com
puckhunterrr.com
pudgeee.com
qascker.com
quwasd.com
raaidboss.com
raidbossa.com
rapirasa.com
razorses.com
realgamess.com
regbed.com
reginds.com
remotessa.com
renovatesystem.com
rulemonster.com
saynoforbubble.com
scrservallinst.info
secondlivve.com
secondservice-developer.com
secondservicehelper.com
secondserviceupdater.com
service-booster.com
service-boosterr.com
service-checker.com
service-hel.com
service-hellper.com
service-helpes.com
service-hunter.com
service-leader.com
service-updateer.com
service-updater.com
service1boost.com
service1update.com
service1updater.com
service1view.com
serviceboosterr.com
serviceboostnumberone.com
servicecheckerr.com
servicedbooster.com
servicedhunter.com
servicedpower.com
servicedupdater.com
servicegungster.com
servicehel.com
servicehunterr.com
servicemonsterr.com
servicemount.com
servicereader.com
servicesbooster.com
servicesbooster.org
servicesecurity.org
serviceshelpers.com
serviceshelps.com
servicesupdater.com
serviceswork.net
serviceupdates.net
serviceupdatter.com
serviceuphelper.com
servicewikii.com
seventeenthservicehelper.com
seventhservice-developer.com
seventhservicehelper.com
seventhserviceupdater.com
sexycservice.com
sexyservicee.com
shabihere.com
sibalsakie.com
simple-backupbooster.com
sixteenthservicehelper.com
sixthservice-developer.com
sixthservicehelper.com
sixthserviceupdater.com
sobcase.com
sophosdefence.com
sunofgodd.com
sweetmonsterr.com
target-support.online
tarhungangster.com
taskshedulewin.com
tenthservice-developer.com
tenthservicehelper.com
tenthserviceupdater.com
thirdservice-developer.com
thirdservicehelper.com
thirdserviceupdater.com
thirteenthservicehelper.com
tiancaii.com
timesshifts.com
top-backuphelper.com
top-backupservice.com
top-servicebooster.com
top-serviceupdater.com
top3-services.com
top3servicebooster.com
topbackup-helper.com
topbackupintheworld.com
topsecurityservice.net
topservice-masters.com
topservicebooster.com
topservicehelper.com
topservicesbooster.com
topservicesecurity.com
topservicesecurity.net
topservicesecurity.org
topservicesupdate.com
topservicesupdates.com
topserviceupdater.com
twelfthservicehelper.com
twelvethserviceupdater.com
twentiethservicehelper.com
unlockwsa.com
update-wind.com
update-wins.com
updatemanagir.us
updatewinlsass.com
updatewinsoftr.com
view-backup.com
viewdrivers.com
vnuret.com
voiddas.com
web-analysis.live
windefenceinfo.com
windefens.com
winsysteminfo.com
winsystemupdate.com
wodemayaa.com
wondergodst.com
worldtus.com
yourserviceupdater.com
yoursuperservice.com
zapored.com
zetrexx.com
zhameharden.com

# Reference: https://twitter.com/kyleehmke/status/1321728850095722496

backupslive.com

# Reference: https://twitter.com/kyleehmke/status/1321737401530753026

boost-helper.com
supservupdate.com

# Reference: https://www.virustotal.com/gui/file/fb40acf24c2ea5e6736f2c1c0f7d98f37b746a4d84f164071f95550f4e49458f/detection

47.75.49.6:6050

# Reference: https://www.virustotal.com/gui/file/264357a7374d079801cca76340e58b2461105d432a89f9e09f903d0da8d24d39/detection

143.229.2.88:80

# Reference: https://www.virustotal.com/gui/file/9eb47a6c5f215414a4013a6ab4327049416fe6d65abccf7444e96cff892dc8b7/detection

47.105.163.137:23233

# Reference: https://www.virustotal.com/gui/file/79c305001ff2aea1d206c6d04968cbc29ae444ce0344a822cac69e2faadbb164/detection

47.105.163.137:12345

# Reference: https://www.virustotal.com/gui/file/6d4664aacc2836ac8c3bf5a7a42e811611b4ea517df3b27139a70f51d8cddf9a/detection

47.105.163.137:8099

# Reference: https://www.virustotal.com/gui/file/59231471c76ab9907d3c6fea4d8b0f43b3ef45f6e5a6f6d553e7d906b6bcc1d8/detection

134.175.132.40:23456

# Reference: https://twitter.com/kyleehmke/status/1321865650474749957

it1booster.com
itopupdater.com
iupdaters.com
iupdatemaster.com
imasterupdate.com

# Reference: https://twitter.com/kyleehmke/status/1322106062011617280

checksservice.com
ibackupboost.com
ibackupupdate.com
ibackupview.com
iservicec.com
nasbooster.com
nashelper.com
nasupdater.com
uncheckhel.com

# Reference: https://twitter.com/kyleehmke/status/1321966648614658048

thecheckupdater.com

# Reference: https://twitter.com/pancak3lullz/status/1321885918660300802

140.143.197.39:10086
149.28.16.36:1521
211.149.143.218:8000

# Reference: https://www.virustotal.com/gui/file/5d418feab981866f23a0688ebc85cb0cf4f98eb92048004458a813a1b9d52176/detection

139.186.141.206:65501

# Reference: https://www.virustotal.com/gui/file/f61eb6bf364a4cc23290c185d56f90c2565a9162a036e5cf8f5fc8af67a1a8f1/detection
# Reference: https://www.virustotal.com/gui/file/efbcf5c9ec20679078ef00c42f380e1a04f9625547e5a15b8741678fa05b028e/detection

http://139.186.141.206

# Reference: https://www.virustotal.com/gui/file/7f178d07678a8970ade0e14578d0162efbba6c2bfa7098aa1778c7d1eea6513b/detection

52.44.106.115:8080
cs.bulletproofsi.net

# Reference: https://www.virustotal.com/gui/file/b5fd03a00a354ba67b665266763b8551b36962c9ff6f49c54da91d48b207d91a/detection

3.14.182.203:18090

# Reference: https://www.virustotal.com/gui/file/1b4ce21ff998637410f184771b1bc01f089d8c73e736f3b3c2f612f5a402d3c4/detection

103.56.53.100:443

# Reference: https://twitter.com/VK_Intel/status/1212432682162016257
# Reference: https://www.virustotal.com/gui/file/bcc76bed332a3ae1cce1a71250c9d7161d1d7276fc8483fa9b223447a24e6450/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/cc672f0e694636dbc141427657a1587b919ae28c85af9d8538cd3c1092ecc392/behavior/VirusTotal%20Cuckoofork
# Reference: https://www.virustotal.com/gui/file/3e7a8bca3b4875a6f63579a71d0f2b2a6293263e76edcebe6cf6984af432dc25/behavior/VirusTotal%20Cuckoofork

103.56.53.100:10810

# Reference: https://www.virustotal.com/gui/file/8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081/detection

http://31.44.184.131

# Reference: https://www.virustotal.com/gui/file/16a3803656f70e65fe4818432cf2bfd6d293d23c7f41959bee31aa2c183ac8da/detection
# Reference: https://www.virustotal.com/gui/file/ff9d82009094ed094b1d18dc9cd13d5b263f145210bf944be68d061d1e1c4003/detection

143.110.153.235:443

# Reference: https://www.virustotal.com/gui/file/fd60a365711b77d5c65ba30eb8881f6c4394b46a479a4c979a5989b89cf1a0d2/detection

23.227.193.100:443

# Reference: https://www.virustotal.com/gui/file/ddc569b4b371e8739996ff33215a923b844b5b03749790cf75f9ab6603c3a136/detection

104.27.186.163:8080
104.27.187.163:8080
172.67.183.108:8080
ctfd.top

# Reference: https://www.virustotal.com/gui/file/fcb544510d1744406077429d367605c73ddd03a1b31b32b468652c5e60122041/detection

192.255.235.221:8080

# Reference: https://www.virustotal.com/gui/file/e841f48e2f8b53b18bba468aa0e0750c29538084260580f65f42a768b6599678/detection

47.52.205.194:8080

# Reference: https://www.virustotal.com/gui/file/28adb97f94cb528043cda387095ca6d0d284340b16ddc0c36984b5d59c4f36e1/detection

45.141.136.26:8080

# Reference: https://www.virustotal.com/gui/file/618f1afd938330360c6c7e697a276c85c10db536c55206956b46bf23fb7c2804/detection

207.148.104.252:8080

# Reference: https://www.virustotal.com/gui/file/08890674762bd62c7c63a7ec91b8b26cd4ac530ca7eb7bf1f18f321b6567be5c/detection

23.19.227.11:443
secure.voidlink.me

# Reference: https://www.virustotal.com/gui/file/764b6060d93f31baa39ee7cffba028c237cce33aea7c43f8a2cf19702d1d7c2a/detection

103.117.72.60:443

# Reference: https://www.virustotal.com/gui/file/4c29431b6decc3f966b5786a55a8e9ceb04ad0c6fb59295bc78997deccc019ee/detection

179.43.176.224:443

# Reference: https://www.virustotal.com/gui/file/c9de1ff05ed8a74947a8ac68a5ad54ad74d3f5701b819b4bfb8192b35438c5b5/detection

176.31.255.202:443

# Reference: https://www.virustotal.com/gui/file/e8abb8bbfa60013665f5947e831ad0a262bc85980efb27d580ab1fea5a3879cf/detection
# Reference: https://www.virustotal.com/gui/file/91e6b17800d0039a1ae521723a823af163726b374b0000eba1ebeb12bae7cf46/detection

154.204.32.173:8080

# Reference: https://www.virustotal.com/gui/file/17cbc30be2a0a1350766f14277f8969abe238ffe7b976cba95acaf5a184db1cb/detection
# Reference: https://www.virustotal.com/gui/file/b9cea76014590101a13077d40e91b3855de146d5c5ad65fc1e6f779313c5a207/detection

http://104.238.176.21/load

# Reference: https://www.virustotal.com/gui/file/dbc71de2d933f5f79d4f5cd01b6abbfd341b70d813af24f3092e5bc15519ff00/detection
# Reference: https://www.virustotal.com/gui/file/0dd6e196a02ba389b39c6bb8cd5668fdcd0719091866be3190955be33aade418/detection

bhenergy.centralus.cloudapp.azure.com

# Reference: https://app.any.run/tasks/45eb07a2-2781-4e13-94d5-aa9d48e67e61/

keefu.10086.cn

# Reference: https://www.virustotal.com/gui/file/fe94ffe8485662d7556499e4c3fd8d0a2384cebe45958ccf57d49d2730f238b9/detection

idv0h0h.qiniudns.com
login.10010.com

# Reference: https://www.virustotal.com/gui/file/62205a6b33fa758e0b9780b69bb4f8cac18b12525f83daee912832a97d1eb58d/detection
# Reference: https://www.virustotal.com/gui/file/8dd15f9bbba4431f084a8fe22213c22f403171aa0053d89342ae8623e21e8639/detection

stuats.sogou.com

# Reference: https://www.virustotal.com/gui/file/ab4601ac99c5e561246f5de7846dd94bc3fa74111a0e03ab38a960e9890d8d2f/detection
# Reference: https://www.virustotal.com/gui/file/4cbec25c7a773ae8ddbbe65ab97209638d7006c1cf29b97bb76798eac5394ffe/detection

oary.10086.cn

# Reference: https://twitter.com/malwrhunterteam/status/1323263013516943360
# Reference: https://www.virustotal.com/gui/file/851e07db545c79f64376b878285ad1e87952e5fd3f9eb387ef4002f700ea4ea8/detection
# Reference: https://www.virustotal.com/gui/file/ae7ddde22416d8ad817b8818228133cda683b670128b3a8255301885ca27d2fb/detection

http://129.211.181.170
129.211.181.170:1874

# Reference: https://www.virustotal.com/gui/file/143528bb022be3b398e985416277ae6ede1a6f43c01399e9045663a75c848d46/detection
# Reference: https://www.virustotal.com/gui/file/0932ccf3503410b8c15e02397716eeb871ce0319a665bb5b759b0c18ca984c6c/detection

mobilecdnprod.azureedge.net

# Reference: https://www.virustotal.com/gui/file/d4e20df9f1c79159a4f02205f56abfdcce87e58f7b7aa1befc581c83819e5bce/detection
# Reference: https://www.virustotal.com/gui/file/bd5c17c75eed391966980a17884876c6c39da687b6740959a813a83f3ff80e83/detection

47.99.123.186:8888

# Reference: https://www.virustotal.com/gui/file/b053817484417fb0c36322010a5cc789719008f486f46237aacac7ee6697cb86/detection

158.247.207.120:443

# Reference: https://twitter.com/d4rksystem/status/1323293797153939457
# Reference: https://www.virustotal.com/gui/file/f923c157ea93bc5a0956b6c9e3f5d9e3dcb22165c4196008680dea3305a5cde2/detection
# Reference: https://www.virustotal.com/gui/file/f54198f8fdd30825fde851ab705824de8362cd7a00c6f5b2d4515517f12f0999/detection
# Reference: https://www.virustotal.com/gui/ip-address/139.162.97.239/relations

139.162.97.239:4455
139.162.97.239:4456
cs40a.microsoftupa.com
test.systemdata.club
up.systemdata.club

# Reference: https://www.virustotal.com/gui/file/fbe20c327ebb8ed7bf9dd0e466d676c6e4dadb844b675642b6ca74fa14fc750c/detection

31.220.42.147:8443

# Reference: https://www.virustotal.com/gui/file/ca70952f853bb8fb9099faffc0602c173403825e09e461f06a1bdb44b9f6bdce/detection

w30.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/5e61af3b108b23908ceb33e6392d6912b52ae32363b683398ea1cd41d5aea956/detection

abo.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/73d168bfe4d6b6f057066506e280c4bcad81dc3163fcf98fca2d7462baca0280/detection

eidkfu23sjfsfjbsdf.microsoft-shop.com
idudjwujjdj2kkdk.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/49f5dcd2852264cca876856351a9094ad06a5a2c94d0a9ea4f169bb5e8d0b415/detection

tiehsijisne.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/e17db305ac45e86f1265e88a183cab8e5d1eb6517e9a6bb6f80f9ec9e00ac26e/detection

182.92.169.148:8080

# Reference: https://www.virustotal.com/gui/file/54c3ca28084b5e49b163ab0ee905f8f72fa6f65724c1b04ef432a22c3c105f3d/detection

182.92.169.148:8888

# Reference: https://www.virustotal.com/gui/file/2d649a5a2ac07b53053c66c8007b939818629b757ff25a5d2bfa0b0f0c063857/detection

down.flash-plays.com

# Reference: https://www.virustotal.com/gui/file/ec50240df30bcbc5ece80e6a6702b7230b81e68b712083f01a5780761693c5ae/detection

43.251.227.203:443
ugliquarie.com

# Reference: https://twitter.com/malwrhunterteam/status/1323965345737093121
# Reference: https://www.virustotal.com/gui/file/06fb7b0e660f2b551d4b803190a5d8d88ba8165aab9361a0a2dd8f31d2692886/detection

34.92.61.61:1434
flashdowns.com

# Reference: https://www.virustotal.com/gui/file/ed3262a230711f164aa079bd20e676d749e5a607069046130800cd97e25cd5b3/detection

103.87.11.175:88
m0z.api.qq.com.w.cdngslb.com

# Reference: https://www.virustotal.com/gui/file/1ec7430ed88d3174432e996d07dfccbf2bdacdc2ba2e7abd73240e998c5efb90/detection

148.70.157.133:4413

# Reference: https://www.virustotal.com/gui/file/448248247c3fa95507dfbfed45a16280612821166508793bf92a026db1d7daef/detection

148.70.157.133:4433

# Reference: https://www.virustotal.com/gui/file/d16c11caf47ab3eec7f928c25717346379a6f05e34a35f49d48de07d7abf82c9/detection

120.92.109.248:443

# Reference: https://www.virustotal.com/gui/file/a57ef61972d08cf47873248bb5d06f3723f0cdd4f3a10c82ae73b873d72af3a1/detection

120.92.109.248:85
dowload.flsah.com.cm

# Reference: https://www.virustotal.com/gui/file/060500558c754696c0056ec073344071c058d198ea0dba06632f93edb1276624/detection

217.12.208.31:443

# Reference: https://www.virustotal.com/gui/file/dc8fd92155a01e30d5796edbbbbdbd7d4ecfb3f8dd15b0866d4e2de1e30e5224/detection
# Reference: https://www.virustotal.com/gui/file/264ae534b9fb647504765f8aa6dfc402ff568ba886908960f54eee143f2a32b4/detection

45.83.237.34:7777

# Reference: https://www.virustotal.com/gui/file/ab99e91e1b0951feabd09d049e0ac9d9412c67603415c10cbeadde5842ca02d2/detection

5.2.64.135:443
bugsbunnyy.com

# Reference: https://www.virustotal.com/gui/file/8e48823f951db827171b5150050d210eda8409a59533000e3682d0d9d70ceac7/detection
# Reference: https://www.virustotal.com/gui/file/6aa0dc29e72f3c8378b107b88faef7cac1e3c5c9b290af049849cdbe091414bc/detection
# Reference: https://www.virustotal.com/gui/file/7182033c16ec4880570eba76fdbc25c041132c27b5c90a98deccf35eec8cc7d5/detection

45.76.145.235:60020

# Reference: https://www.virustotal.com/gui/file/1f5b40ade04d66e6d93c116ff86949adad3e878404be25f609cb38efcd98eb4e/detection

101.132.194.59:8008
waf.micorsoft.cc

# Reference: https://www.virustotal.com/gui/file/5499a4de788a5ece6f3ceb8415462b6292eee04c4c6a68d8597482add6aac553/detection

101.132.194.59:443

# Reference: https://www.virustotal.com/gui/file/a07802bf6ac8c5a64d101d33f99010c5f3e73e3609f84b331fcfc336b72aa9d2/detection

101.132.194.59:9000

# Reference: https://www.virustotal.com/gui/file/0ab53a41d19bf4fb2d3ecb4af5a0629374ec080af7c48fe3d95194cf656d24a0/detection

111.229.90.89:8080

# Reference: https://www.virustotal.com/gui/file/a653e64278421ffa3a3d84d7c0ec881b48f220b21157fea425ee893c430662eb/detection

111.229.90.89:10005

# Reference: https://www.virustotal.com/gui/file/09253fae2e7279e392bd09f8217359194dc13472d15cc506d84ff486c1ee2420/detection

95.179.236.54:5555

# Reference: https://www.virustotal.com/gui/file/cd4d3fee9c5d24f47ff4d0d35a50b1105a92e75c7181c6fd6a6dbb3f4c86513a/detection
# Reference: https://www.virustotal.com/gui/file/f413e4919000ff95e9ffe4b212bc09ef3a9ddf1e1ca4de19e59ac6c32b2a149a/detection

95.179.236.54:1306
pagga.net

# Reference: https://www.virustotal.com/gui/file/e9dc7735e0a4dd1f8b4aa5772296c1534130ec5f56e82024c4368ae4a4eada96/detection

121.36.132.39:443

# Reference: https://www.virustotal.com/gui/file/1aa555818c68fd54759f68af5482389637090b4f77ea5ad2a1fc9f669ae632e3/detection

121.36.132.39:80

# Reference: https://www.virustotal.com/gui/file/0eb0c5e18b832fa336d7cb7f3113de381f104d415cb1031e978228302a961bc3/detection

178.79.134.144:443
tcpsessionsconnect.com

# Reference: https://www.virustotal.com/gui/file/22a6696f66eecd4200c2e70a81072f63504f5981ce568d918ca1ea67e7744118/detection

http://178.79.134.144

# Reference: https://www.virustotal.com/gui/file/b5d95d5b099d97bb34b67c04edd6e58626d49eb0c234b71c58f06d6169741f39/detection

103.14.33.199:443
103.14.33.199:2161
43.228.91.117:443
fllash.org
update.offices-cloud.com

# Reference: https://www.virustotal.com/gui/file/0292971aa7dbe526f8b2cc5fdde8dddc9956576b5d61b7f5e82714293afcd3c6/detection

90.125.116.103:4444

# Reference: https://www.virustotal.com/gui/ip-address/3.120.98.217/relations
# Reference: https://www.virustotal.com/gui/file/d9914d636fe6e6e674e1d85594decf89a87c35bfa2e44f5bf73dfe88f023d320/detection

3.120.98.217:8080

# Reference: https://www.virustotal.com/gui/file/d4d438925fb775a4a599abd3054b036a95f12b4dc9f29d4d1506a985b2c23934/detection

http://49.235.206.130

# Reference: https://www.virustotal.com/gui/domain/f1ash-cn.space/relations

f1ash-cn.space

# Reference: https://www.virustotal.com/gui/file/330354c0ec0e2b1526e109d1e3018781e02c1ef336c6e2947c49ff6eae7df3cb/detection

81.68.220.79:19988

# Reference: https://www.virustotal.com/gui/file/18b8a776a146a8f70cb1759e2209e1306910e572177eae7519f9c5525c83bc15/detection

47.108.69.61:22234

# Reference: https://www.virustotal.com/gui/file/d389987f841e86f26d9b9a63edb5f07e6ed452326663446a4cb75d0d49ebed17/detection

49.235.204.16:2222

# Reference: https://www.virustotal.com/gui/file/4749a3889e6f28618dd509df2d1ff0cd20b5278a516ec07ba414fdcacbd8f32d/detection

http://49.235.204.16

# Reference: https://www.virustotal.com/gui/file/2023a9456cfc41d86cedca003b2d6d8d444b951e01e555d82a16ecc6362ed906/detection

49.235.204.16:8080

# Reference: https://www.virustotal.com/gui/file/15a672607a662e0b8c8d35d86ac8e056be6d582f9aba24392f19f55923047c63/detection

usglobefw04.azureedge.net

# Reference: https://www.virustotal.com/gui/file/2c4b6a96485df3e2f71d5d702b8dceaa24e59bd95688146b7c8acef67b4f35a3/detection

d2c2jjoukxxvug.cloudfront.net
d2pm03h7avw356.cloudfront.net
d3nlhg2r60muhw.cloudfront.net
d3ser9acyt7cdp.cloudfront.net

# Reference: https://twitter.com/_re_fox/status/1325809653100539904

182.254.229.239:8080

# Reference: https://www.virustotal.com/gui/file/6f9381cc332e43a6694e27fb3fa4332926e1d9a8fc0841f921428c35e24f3ffe/detection
# Reference: https://www.virustotal.com/gui/file/c306377eee1ddd473a6a33674dc19831e288f55253bffbf1c49b1afca2f3d666/detection

72.19.12.115:443

# Reference: https://www.virustotal.com/gui/file/bd4b15585ca610eb5ec1834a989841a7a954021f30b5a3c190b46438ee84fb74/detection
# Reference: https://www.virustotal.com/gui/file/7bc243a9bcb1e00808d4f476f88a23aec4df59b9f8931627c7bea62c8985fc16/detection

http://72.19.12.115/k2Fy

# Reference: https://www.virustotal.com/gui/file/ce17f6dea74a71a7907fa4ee7b5dbc57ae2ec16969505ecefea0033ca08e1f46/detection

39.105.160.62:8098

# Reference: https://www.virustotal.com/gui/file/80ebcfdf18af249ae5d1008419a3c2d6f6107cbfa626dd549656806e9f2a8015/detection
# Reference: https://www.virustotal.com/gui/file/bab13f448eb39f975539d8282983b5898e67e1fd9804a309b75ca93a64a73aaf/detection

39.105.160.62:443

# Reference: https://twitter.com/VK_Intel/status/1294320579311435776
# Reference: https://www.virustotal.com/gui/file/590583431e954fffd2e8cc450dbc13d75280687042e1331caa42252e39e686cb/detection
# Reference: https://www.virustotal.com/gui/file/bb4a1bfc461963bfaa2661a8ddb8d961b7d5fdf92af40d2db4581498fc44044c/detection

46.166.129.169:443
mswinupdate.net

# Reference: https://www.virustotal.com/gui/file/6314840653e33838a69da0501fbf061a8da1f5b300fdf7f7a6095c362f0a69f0/detection

192.169.7.160:80

# Reference: https://www.virustotal.com/gui/file/1027f2cf0b1318d8f0fa521198a57046dbe0dbe96c12fbb6ed54e1e6bbbda42a/detection

51.79.42.156:443

# Reference: https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/5/
# Reference: https://www.virustotal.com/gui/ip-address/192.169.6.180/relations

cloud.falconoasisdubai.com
syvansoft.com
gue.life
m33.bar
easyco.club
j3qq4.club

# Reference: https://app.any.run/tasks/21966bbb-91ec-44a3-bad7-2040f568395b/

111.229.163.55:443
hoo.wiki

# Reference: https://app.any.run/tasks/3968c6f0-ad4a-4b87-af15-1914f9801afa/
# Reference: https://twitter.com/Myrtus0x0/status/1334173921533325312

173.234.25.74:443
http://173.234.25.74/9Jdu
http://173.234.25.74/iZET

# Reference: https://app.any.run/tasks/2c4986bb-b857-4fe0-8970-2ad93719f22d/

http://23.227.193.167/ca

# Reference: https://app.any.run/tasks/002c03a7-ff4a-4c5e-8b2c-9588ea7ee329/

http://47.95.32.44/dot.gif

# Reference: https://www.virustotal.com/gui/file/19301c139fe82e40fa99c98626bb01440d9bc90ea96ad245cd453d9a453256ee/detection
# Reference: https://www.virustotal.com/gui/file/50456281509d8a6d0f2a38068300c52bba3f5b4d7e0e659856bcea312cf48787/detection

156.234.168.104:8888

# Reference: https://www.virustotal.com/gui/file/f3549866e58f771a8d587eb9111c3284522422e8b720d6bf4084a2f9d0db8fa9/detection

47.102.217.201:8886

# Reference: https://www.virustotal.com/gui/file/89d3159596848405fb64d403f2839d6d28c0522ecd13eb1bff6041604f559c44/detection

47.102.217.201:8888

# Reference: https://www.virustotal.com/gui/file/6e0e07fda4c862ceb3b7920daf251a226dc757b3a024de22096f1a7a485a4630/detection

176.122.147.196:443

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/7ecf71aacd3df89913fe308dcb84b3c4fa057fbb62fd7d01f54d19088f6e71de/detection
# Reference: https://www.virustotal.com/gui/file/7e8904b605f0fbb2cc752b205647abc63328dc248fa43edd368b872a2da362ac/detection

http://212.48.66.92
http://212.48.66.92/en_US/all.js
http://212.48.66.92/uEwT
http://212.48.66.92/xdcd

# Reference: https://www.virustotal.com/gui/file/269bafb60e5f7a6bc8db0dd33d08841be54f1a17c385fe4632339e43d95abdb1/detection

http://122.51.143.60/loJ7
122.51.143.60:803

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md

91xx.cc
adecco-report.com
adoption-aid.org
d3qa8hx8i84f47.cloudfront.net
epic.pwnage.loc
home.huawei-promotion.com
kalicobalt.ddns.net
mrhacker97.ddns.net
mutual888.best
r1.xn--habibban-kmb.com
survey-monkey.org
ti.capitalviewfinance.com
usahack.xyz

# Reference: https://www.virustotal.com/gui/file/1c3bc54ecdcbce9f2f86db803e36a1500234b38c82d2c0fdd50583da417df183/detection

http://13.58.5.244/paIB

# Reference: https://www.virustotal.com/gui/file/11ba9f4a4275b0c7c8ac0d8019d9f3a81bfc63d45faa889a1e7ee0d16efc411e/detection

http://1.202.156.1/djU9
http://1.202.156.1/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/59346a058455e17f91763a24f5ca2928b8ed761e550df636d3aae7f94cf6de94/detection

104.207.140.218:443

# Reference: https://www.virustotal.com/gui/file/a2556639c5fbf29c6b765147822f9bda7d5f48a683d4c3cc056ef7d0e3729e47/detection

http://39.101.199.31/jquery-3.3.1.min.js
http://39.101.199.31/jquery-3.3.1.slim.min.js

# Reference: https://www.virustotal.com/gui/file/b500e9bcea1e062851b056df947b5415b8f0e74318a4e04644b5dd54b6517f21/detection

http://106.12.215.252

# Reference: https://www.virustotal.com/gui/file/a491e3efefb8ee4f93bf28e791b351fcc3be88ee38116540b76f6bbf1a7b2003/detection

106.12.215.252:8081

# Reference: https://www.virustotal.com/gui/file/2d9c0f7590d97c3be6a52a9cedf26dabecf8972dfe654d2bd4c6cf5ee1b018c7/detection

106.54.241.235:12345
106.54.241.235:33333

# Reference: https://www.virustotal.com/gui/file/d6a9bfa1d0ec3d6fb5ec9b2ce671342473d61bcea0048287b341ec484ad8309f/detection
# Reference: https://www.virustotal.com/gui/file/968011126141a98ef390b0ef6c8be66403e68cfe810ba21f041e3adeb737560b/detection

http://106.54.241.235
106.54.241.235:34567

# Reference: https://www.virustotal.com/gui/file/ccbe10f1dfcfe584e54f993bc0e9eb35c5c145e95dbd2cada3cad1c6aaec2c70/detection

http://106.55.236.131/Et9j

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/556165d841071545a8edf1162080590c50533054e5fbbe8fcafd569590221817/detection
# Reference: https://www.virustotal.com/gui/file/f9e9270991c4d6767cece2dd76a03513d11189f998c5d9cdc94cc48192e20a0b/detection
# Reference: https://www.virustotal.com/gui/file/fff570decdac74231f37526c27ef443c19a0055003ae71c999a37c77922a27e8/detection

http://106.75.78.217/m6uD

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/b61db30cb3c060f843a12dfe0f5bb9fef86c348d5e28977d9ec4c61d821fd110/detection

http://108.61.162.56/MHXo

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/5ecec0f3f1e29ead7673b8d40bf809331ab28af3097f68bd069751961519ffd4/detection
# Reference: https://www.virustotal.com/gui/file/e2b79cc06f2f9e505ca06b97a6751669e7d896f215cb11ffcd7b6b789df33512/detection

http://116.85.41.79/4pfR

# Reference: https://www.virustotal.com/gui/file/f2b7fc575b4cf964b7b3ae6f9623fd01f9820f4da9b3e64dc43bf947359770aa/detection

117.88.56.206:1066

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/3c7a80764b49350026ce689dbb8bc8f3e37a5b4614d1a4a13d927c5b23a1b2ee/detection

http://117.88.56.206/y3iG

# Reference: https://www.virustotal.com/gui/file/341b44a725f69867db7a0dd8e57f0bea7d582bcff86c2579a5d132b9223ded85/detection

http://118.31.1.116/ZTFh
118.31.1.116:50052

# Reference: https://www.virustotal.com/gui/file/c446722ffd564a3287bfd616ea85bdd1e1ecf4a03d77f817a63073dab37a97b8/detection

121.37.23.161:443

# Reference: https://www.virustotal.com/gui/file/745ae375da2ee6be0b641047708532b792f6c634b23eb0402e9136717cd1214c/detection

http://121.37.23.161/d9sL
http://121.37.23.161/ptj

# Reference: https://www.virustotal.com/gui/file/294136ed7aa9d23a4386481e610d066f7e5bf3f37ec1e34d9a15a968ad5862f0/detection

122.112.138.192:53

# Reference: https://www.virustotal.com/gui/file/52d21e5d1289416df9819b00e9f0aaa1105f6050123fb097ed030a963fcd90cd/detection

http://122.112.138.192/8lHp

# Reference: https://www.virustotal.com/gui/file/269bafb60e5f7a6bc8db0dd33d08841be54f1a17c385fe4632339e43d95abdb1/detection

http://122.51.143.60/loJ7
122.51.143.60:803

# Reference: https://www.virustotal.com/gui/file/9d345432c872ec1b5359d2cb5018a4a52c168009754bb0ea4f3aa9bf26e74bb8/detection

http://141.164.56.116/ApHc
http://141.164.56.116/__utm.gif

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/a857c66f44fef41539c2909ac0d69eebf9db1898d0d336fcb0ca626f258eea3e/detection

http://146.185.133.122/vKAZ

# Reference: https://www.virustotal.com/gui/file/2c897aa21d0597badebfb6d8d6326d532d97fe4d30ac65d63ab3b0f58b6dd83c/detection

149.28.108.116:443

# Reference: https://www.virustotal.com/gui/file/cd5b5114360b83f9ce4197346e3c78d7acf9be801dfc7603236feba73f454037/detection

http://149.28.108.116/KdAl

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/bd1db88e8c8c6792c505368c0e35d11f2c02cadfc9c6574eef41f9bc3b733dda/detection

http://151.80.255.19/qSiR

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/c17b3077ace950f0607fa5feb3cdc04bbed3918c7098d5e36ea54490228193a6/detection

http://152.136.223.136/NOZe

# Reference: https://www.virustotal.com/gui/file/3d7db56df63ea0788472bfabd83a5b9d21fc4783a92b918e6d192adee3789f6f/detection

http://161.35.76.1/jquery-3.3.1.min.js
http://161.35.76.1/jquery-3.3.1.slim.min.js

# Reference: https://www.virustotal.com/gui/file/f2d4fa4ed5c6ec715095a4d7f5913035de4f97c96616944df985afe32ac67035/detection

161.35.76.1:443

# Reference: https://www.virustotal.com/gui/file/ef79ce215078a49444e9d78888c84fdf9a50cb4f35c55009f5388fb694c4c7d6/detection

http://182.254.229.239/3hhY
182.254.229.239:8080

# Reference: https://www.virustotal.com/gui/file/80460c85abdfbf40334afb9f1720c38fd8b87f1fc8aa92935cbf53feaf2a4271/detection

http://192.236.195.182/jquery-3.3.1.slim.min.js
http://192.236.195.182/jquery-3.3.1.min.js
192.236.195.182:38080

# Reference: https://www.virustotal.com/gui/file/45c270c69642a44628bbc8fdb49bd0d3530837498d0c976264ff887b4c190cb0/detection

http://198.13.61.95/Whi4

# Reference: https://www.virustotal.com/gui/file/c0347cc14406650c25755451b675d8f69b3dec9ed02fb7b4e23d51c3bc41f433/detection

35.200.81.207:22222

# Reference: https://www.virustotal.com/gui/file/74a386d38daba24e1c9e45228778ef964d10bbf28b0ebf6c9b83dd164806557e/detection

35.200.81.207:10222

# Reference: https://www.virustotal.com/gui/file/fe73fcde87fa0923a0a041abea42cc4ce867cea2e63991af508424dfb4919e65/detection

http://35.200.81.207/pixel
http://35.200.81.207/en_US/all.js
http://35.200.81.207/j.ad

# Reference: https://www.virustotal.com/gui/file/5411ce0ea0ec043578ae544448a6cff9271b06a9662733ec522abeeceaba6855/detection

35.221.158.178:443

# Reference: https://www.virustotal.com/gui/file/5d728f14b30875938342bc545ce6f5f679c33721ea88acc7c48a012569e84d31/detection

http://39.97.187.94/3qGq
http://39.97.187.94/pixel

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/e58bd92cf1b0ea353be74d88cdd107b834560aad1e8051585e7cc9c82dcefbd6/detection

http://43.254.217.140/jquery-3.3.1.slim.min.js
http://43.254.217.140/jquery-3.3.1.min.js
43.254.217.140:8181

# Reference: https://www.virustotal.com/gui/file/fc24ee87ffb99f850567b52466c4f066bd1fd687e25a7ff61676f5efea986917/detection

http://45.14.227.19/9zFc
http://45.14.227.19/j.ad

# Reference: https://www.virustotal.com/gui/file/bc499b4e8ef7f90ad1c2acbd4c37240a45dfd6b589e510d09ae20a2cf384bcf5/detection

45.32.16.101:8080

# Reference: https://www.virustotal.com/gui/file/955af56719c97d47e200fc35dc78f00551d8dc590bd030d1a03b332259b6dd88/detection

45.76.220.75:1234

# Reference: https://www.virustotal.com/gui/file/30a37b19d27a24773f61360a81efacfd71bc543db2ebb5d27b68feded2d621b3/detection

http://45.77.179.157/SoJP
45.77.179.157:8088

# Reference: https://www.virustotal.com/gui/file/43b7199ba9ced50fcda9805a555164c1e4de6998defcc443b4a2cb9103cc2ede/detection

47.101.57.72:2333

# Reference: https://www.virustotal.com/gui/file/f7b2382521ca34a2c85b69df42ffa46d8acddfa532a00b3b3d114a41fe0ba769/detection

47.110.49.237:5555

# Reference: https://www.virustotal.com/gui/file/9c20d2dd36ae54686bcca963174882622ec046704d7725325447f6d3bac42978/detection

47.110.49.237:443

# Reference: https://www.virustotal.com/gui/file/cd6a4fdca0c789141f1969b0e076a47676330da99c7018d63d9b4d7b619e6ad5/detection

47.241.38.143:8081

# Reference: https://www.virustotal.com/gui/file/76d71a6f93f0e3b2eff54fd26eb47ac811f31a954182e96f573f9d780fab841a/detection

47.52.113.152:8180

# Reference: https://www.virustotal.com/gui/file/ca1b9824f2bbac0d5df3fe084c06ca2dfcab5f89b3906e95385658bbe852908a/detection

http://47.52.113.152/activity

# Reference: https://www.virustotal.com/gui/file/2c0701ffcbca2fa3d1db55864e016bf3a0ac3cfeb6721d8d78edc1067748b03e/detection

http://47.52.113.152/fVRN
http://47.52.113.152/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/0ceaf7d3a3b4e5d449ab2f60503b3ad2033ed7c136fa8f860548167abe8c9879/detection

47.93.16.255:12344

# Reference: https://www.virustotal.com/gui/file/a020ef2407ac9fdde89fc5bc25d7928c727970851a7640cec5c9c98cf5a2418b/detection
# Reference: https://www.virustotal.com/gui/file/c2b7de1d5fb6b68b2511eaae6e8e9ada28c68ca3af0afff1461f16664017839d/detection

http://47.98.103.103/EXhW
47.98.103.103:8080

# Reference: https://www.virustotal.com/gui/file/9d0608d655369f6560108f00950937f2cd9cd71b4db086f906281be8bdb76623/detection

http://49.233.78.35/SZ9v

# Reference: https://www.virustotal.com/gui/file/e99afaac02cf8ea99cc6ccaac40a4bb2fb183966cabba96b8862313c7c20ccfc/detection

http://49.233.78.35/a5rT

# Reference: https://www.virustotal.com/gui/file/952e2e21c3349c7892a6cb1951cae0c523a32f66867042f887574d7c3163fa88/detection
# Reference: https://www.virustotal.com/gui/file/d1c711612bd8ba0d00ec0283208570a28a3e1425353c7b32700d86a87b0c027e/detection

http://52.255.154.38/De9z
http://52.255.154.38/pixel.gif
http://52.255.154.38/g.pixel

# Reference: https://www.virustotal.com/gui/file/e52b3b550113df657254843dc3ff1c2c38c0402f59a88313ace9b91656c95fe8/detection

http://54.196.84.189
videoramjet.com
/messages/DALBNSf25
/messages/C0527B0NM

# Reference: https://www.virustotal.com/gui/file/6bddcb99c930698afef5134df4fecc1c4b48872d36a39614858b56f7327a5139/detection

http://59.110.158.22/wK8b
59.110.158.22:8000

# Reference: https://www.virustotal.com/gui/file/805cc20ae7a6b67fc3ebf0ea1075cc5c252ad55dd0c4fe7ad3ed430d08a103d3/detection

http://60.205.220.98/pA2y

# Reference: https://www.virustotal.com/gui/file/04d8b4613286225000f5271e9868e307790a975ff456d767afe82bd919456106/detection

http://60.205.220.98/YOSa

# Reference: https://www.virustotal.com/gui/file/af30a0c199021767e0984baf57669f530f31c380c7a4f11043240d470c30060b/detection

http://60.205.220.98
http://60.205.220.98/Mcx4

# Reference: https://www.virustotal.com/gui/file/9992aec878d603fe2a1458751b77e4ec552f6cf8c6c09e48c5f807133dc1ba13/detection

64.69.57.84:443
gov-hr-no-reply.org

# Reference: https://www.virustotal.com/gui/file/adf27955e0fda73c5d1b99e814bee601bcc8909b55920f837abf51c1ff788dfc/detection

http://64.69.57.84/cwM5

# Reference: https://www.virustotal.com/gui/file/043ea2bae5f7cff876da42f32f3240274a649fd49a85389fd490801ab6f623be/detection

hr-resources.org

# Reference: https://www.virustotal.com/gui/file/e3efd291e531278a04e309302c35f8933d6bbcb732039f81bf2500fbef66aa34/detection

71.10.16.250:8443

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/47738baf983269d039fc55067746dccbac57f30ad2ffa910d4f7497f96f9229e/detection

http://74.120.172.183/SBfa

# Reference: https://www.virustotal.com/gui/file/464484289d028509c89d5e8056dfcc5cee243ebff12701297fe4856fcfaa4932/detection

http://81.70.56.208/CPde
http://81.70.56.208/push
81.70.56.208:4433

# Reference: https://www.virustotal.com/gui/file/2d1b87e82b7fea8f7c711debd2fe92ddb01ad18784159a714a8e4dc894f95727/detection

95.169.14.147:8081

# Reference: https://www.virustotal.com/gui/file/6400f9fe827967816f16f2af43b53754f5975c64db570a7de7fba69206fb7b13/detection

96.45.183.244:8080

# Reference: https://www.virustotal.com/gui/file/882c3f41c3f8ff6e299db8a6a6785122bbe7c00eb3ffa86ca77653a5729772e4/detection

96.45.183.244:6666

# Reference: https://www.virustotal.com/gui/file/1a0f48e56b2f58ee11e88ac911d5598f92ec8734feb8c66fc95e7de18dd39b21/detection

http://96.45.183.244/tM2i

# Reference: https://www.virustotal.com/gui/file/ca4963745454cc8584cec4e53d27d78c86a4766a4f69b0b37617efcd915621c8/detection
# Reference: https://www.virustotal.com/gui/file/7d7f4996fa545e1f908c24755b0e497351e1efe1ef4d046ea2ed92be132411bd/detection

45.147.230.132:443
boost-servicess.com

# Reference: https://www.virustotal.com/gui/file/656381c997f4757689bc31d9b9f365eabf1bdc088c7dc8b75ce7640addb30aa2/detection

119.45.4.42:8888

# Reference: https://www.virustotal.com/gui/file/f4777116f503931aaf7953401a7e88c7bf602cbfc118152cff38c0bf96ddbcf2/detection

119.45.4.42:5555

# Reference: https://www.virustotal.com/gui/file/7f12220502b6baed9cdd0fc89c88dc7c47edc785335bdc475de882defe9f4dcb/detection
# Reference: https://www.virustotal.com/gui/file/d1406b32581483ffc9797a6c0bd398414d7be34c490f9a648a011be3832ca43e/detection
# Reference: https://www.virustotal.com/gui/file/d2258ff4a177be2bcf20d92b9d2d1a62bb0e79f61761537a2ebb12ab8aeedf62/detection

45.134.83.4:5001

# Reference: https://www.virustotal.com/gui/file/6344073807b66a646ef744921a8f8de485611fd4dfa4a4011eefe81290c04578/detection

175.24.47.183:443

# Reference: https://www.virustotal.com/gui/file/8f05930f9f26275c4101517d475ee318c7fe62f302d5490ac05bb9f0003986a2/detection

http://175.24.47.183/visit.js

# Reference: https://www.virustotal.com/gui/file/cc0b38eec38df97ef265821434574567f0ad1e72bb3fbc133bd2ae7e723a95f4/detection

123.56.26.234:8888

# Reference: https://www.virustotal.com/gui/file/1d0107571430b4a54fb17bfffa3218541f382d570f06052577e6ca6b8885c640/detection

http://153.92.0.100/c/c13.php

# Reference: https://www.virustotal.com/gui/file/67284ed3e60109a2beaf8a7ba470b30ee49fcc6403f3cf060f0ba393cfcffb10/detection

123.56.127.36:443

# Reference: https://www.virustotal.com/gui/file/f1c19f195a0830ba7e4a15b32b50a606d198b4c5bbac09ecd4316f14bf4ddf0c/detection

123.56.127.36:8972

# Reference: https://www.virustotal.com/gui/file/6e7859a64cff67dcf12c5e092a7d8f3717cb8e072b4e9552bd7a25bc2b4b1302/detection

http://185.205.210.46
http://95.179.177.157
apps.vvvnews.com

# Reference: https://www.virustotal.com/gui/file/ec063c3d4d9dc6e65f0b8147c24d96e651e54919927af2e5bf05cc1357ef82c4/detection
# Reference: https://www.virustotal.com/gui/file/f7cf3384c7393105be4937d0db3f2f4fd449e907d3706b4ebd00021ce97cd1b4/detection

95.179.177.157:1444

# Reference: https://www.virustotal.com/gui/file/1d8da51c622b387d932f2efe082cc501ca1ea26ea5dc708e513cb45f403b00f0/detection

eiphaem9aifur1udaizu.badedsho.space
ooliey0phuoghei2cei7.cleans.online
oow8phokeing6kai5hah.glowtrow.online

# Reference: https://www.virustotal.com/gui/file/074cdc735747bd83b86127b057eefe8db934f96dbdc635c548541a1735dec3e0/detection

http://185.191.32.161/push

# Reference: https://www.virustotal.com/gui/file/9b7bfe03e7f4bb404da8f449efb8a207cb1bafdff29a2e865129263314a93e01/detection

185.191.32.161:6016

# Reference: https://www.virustotal.com/gui/file/b5dca5c9475c19b26e3b3910ad032535c85f5730ffd3b265381554da2c3d9f84/detection

175.24.68.66:11111

# Reference: https://www.virustotal.com/gui/file/a2dedf260283a55f3c0905fa31202787aac1357e400c9fa14f89380d9045d1d5/detection

81.71.123.105:8901

# Reference: https://www.virustotal.com/gui/file/3fb5cdd21ac199b127d0c4eec01f223c360324004d52a103604b185c6890220e/detection
# Reference: https://www.virustotal.com/gui/file/afbc49023b9dda2f072fcd85903e4e11f8a04098d8c278b1c93d3b9c4b08d1c5/detection

106.12.45.140:8081

# Reference: https://www.virustotal.com/gui/file/ae2f7ab26f1ed5b3116b62be5b818b57acd79ef0a0a1ee95fbdd6ffa422426c9/detection

39.100.128.14:8080

# Reference: https://www.virustotal.com/gui/file/100d532378e5d7fedb60171f3293e9a4a7d8a6f5f826d7b3706b524b6dca3f66/detection

romansoft2016.asuscomm.com
rs-labs.com/jquery-3.3.1.min.js
rs-labs.com/jquery-3.3.1.slim.min.js

# Reference: https://twitter.com/malwrhunterteam/status/1328324828365991936
# Reference: https://www.virustotal.com/gui/file/a3955af0613cd3dc48bf96bfc65f30bfc13b64fca43b5ffcf2a8a0c6bc47361e/detection
# Reference: https://www.virustotal.com/gui/file/3851e5786386acc5f6eecfe385a3811102f984cc1dd974981b376acd4e6013bc/detection

45.134.21.8:114
45.134.21.8:61
45.134.21.8:62

# Reference: https://www.virustotal.com/gui/file/3570978d39cf1b1d55a6255ddb76394867fcbff8b5590d3fe934b57cbd674208/detection

http://45.63.58.134

# Reference: https://www.virustotal.com/gui/file/7a287dcc61773269eb2966ce964c033f2fb703ba15549739baf68aa8b2a5e07a/detection

http://178.79.174.78/cx

# Reference: https://twitter.com/Unit42_Intel/status/1328425382140387328
# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-11-16-Cobalt-Strike-IOCs.txt

http://185.99.133.180/IE9CompatViewList.xml
http://185.99.133.180/submit.php

# Reference: https://www.virustotal.com/gui/file/74d3bba6147343c9ef2ead56e1b234136d23b493f458c8833c8689127e70c908/detection

118.24.85.85:3306

# Reference: https://www.virustotal.com/gui/file/37a1d16fb8e503d3f9f595835e57e70a053d30c60e1b14900c44275b6fda951c/detection

118.24.85.85:45000

# Reference: https://www.virustotal.com/gui/file/dc7df8d601d61b38fe25dbe42bf9f771a1ec6e38fdc5a3898eeb5b05f5602f91/detection

94.191.105.132:8888

# Reference: https://www.virustotal.com/gui/file/2d5faced5204d48393de832009681a7fc93cb4bc9258afc4ef1bcf9b96995cc1/detection

94.191.105.132:1155

# Reference: https://www.virustotal.com/gui/file/0dd1b79d72cd349abed49d263bec1e93efd265064b2028d06f0d793f36486e70/detection

94.191.105.132:5353

# Reference: https://www.virustotal.com/gui/file/096211fce668ba1868d28aa1381643c7a69dc18eeda09e428921b8f1fa247de2/detection

http://94.191.105.132/64.txt

# Reference: https://www.virustotal.com/gui/file/9afc0365f71f68ed6ad038d21e9b33abd780d1cb48a2544daf64ead6789b59e5/detection

158.247.195.228:8080

# Reference: https://www.virustotal.com/gui/file/f6271a4328267413eb1c413068942b23289a616c74b24a5fa9955eb495c0cf28/detection

68.183.64.4:443

# Reference: https://www.virustotal.com/gui/file/bea6ba2864dee681775d60bec57c9dbc72910de304200e3e9f7c1446728df432/detection

120.79.37.40:6969

# Reference: https://www.virustotal.com/gui/file/ef26ca830514fa2ed1ea2b3dc297da428bc3f844a11abf7efce0031847ecbfd5/detection

42.192.85.158:61111

# Reference: https://www.virustotal.com/gui/file/de35644b2da01077bcfe3c3ea851c4570622b92e977f18d6c7e6d90f0c12a64d/detection

42.192.85.158:65511

# Reference: https://www.virustotal.com/gui/file/bccf9ce59ec40d342c0f8ab027475ae67d42199fa0e97acab82a67d3b0758565/detection

183.230.14.175:4445

# Reference: https://www.virustotal.com/gui/file/51f788d06153a8edfa2f926b025dd682f03f68db7fb06eebb1d4913ee95428e0/detection

http://124.156.146.4/jquery-3.3.1.min.js
http://124.156.146.4/jquery-3.3.1.slim.min.js

# Reference: https://www.virustotal.com/gui/file/94ec64a350a488382be5c66bfed44bbf9d34381935cc943d6f169e932ecf8447/detection

78.128.113.14:443

# Reference: https://www.virustotal.com/gui/file/617804572bba6037d7384e8604611689150759d1309a759749f96098c9f1e66a/detection

175.24.3.61:8089

# Reference: https://www.virustotal.com/gui/file/4742666a73b53ca2ec59175ccc68836e1ad13658e780583fdd329df4a0e7b353/detection

175.24.3.61:8443

# Reference: https://www.virustotal.com/gui/file/ad3805ba7b05e346554ab7bec139d2546c95c6cad5ccd38565d22ca8a7e3cf4f/detection

49.234.112.148:42906

# Reference: https://www.virustotal.com/gui/file/3cbb49bad573702295e234888496502ad92df09b28bd25012ae9dd5ac7b0b712/detection

http://49.234.112.148/dot.gif

# Reference: https://www.virustotal.com/gui/file/9cec131ed54b1ea836a6b2c009bdc158327621a0d724bdf9be78692a444395bf/detection

49.234.112.148:10021
49.234.112.148:10063

# Reference: https://www.virustotal.com/gui/file/803e605d046bc38f142dfa72159d940c4ea39fe1a4d547a6423d4cea1cf79460/detection
# Reference: https://www.virustotal.com/gui/file/2cae51376a229da171e6a772a9088c60f28929b54f005f3f0202588cf7d8118f/detection

188.119.112.174:443
188.119.112.174:8081
girls4dating.asia

# Reference: https://tria.ge/201120-artt41g8gj

85.143.220.196:8180

# Reference: https://tria.ge/201119-rv4fmbb6h2

d25bm6hkar6nys.cloudfront.net

# Reference: https://tria.ge/201117-cshe9df3ts

glowtrow.online
badedsho.space
cleans.online

# Reference: https://tria.ge/201117-865grrwyln

glowtrow.fun
cleans.space
glowtrow.site

# Reference: https://tria.ge/201117-a93dl7a8c2

universalec.com.zclngty.club

# Reference: https://tria.ge/201117-4mjw4vbxjs

paic-agent.com

# Reference: https://www.virustotal.com/gui/file/3052d4b0bdc509213ec359c66e114afede130eedd1e6baf548721f8761ea8ab8/detection

31.214.157.38:3982
mahalaka.hopto.org

# Reference: https://www.virustotal.com/gui/file/7a71e2a36327b12faa710b2cf281cb175803a4cec83dc26434298020be6b9e3d/detection
# Reference: https://www.virustotal.com/gui/file/d32a1f3532d271c198cd256af4401b20802a83dfe36867d9517f7a91e657b49e/detection
# Reference: https://www.virustotal.com/gui/file/b8cfdc616fa79f73d12d5dd8ee14ecae82c2bb55232d56cb98f92fd7ca2674f0/detection

http://54.234.214.221

# Reference: https://twitter.com/malwrhunterteam/status/1329800283405299712
# Reference: https://www.virustotal.com/gui/file/381ed40735167b76b29f53a84f4c524c7059b50367576f7d295d58d3d45d837d/detection

45.147.230.0:8080

# Reference: https://www.virustotal.com/gui/file/242d147695e36440905fbfee8e5a2ce1ca4ece6f77053fc87042b93351ae3fdd/detection

144.34.178.133:1234

# Reference: https://www.virustotal.com/gui/file/fa7b8e7b2f3357a300d16393d2d4bd79f9f484551ffce610356c83d6a5bb464f/detection

144.34.178.133:4444

# Reference: https://www.virustotal.com/gui/file/d46cbe962eb9ad1eb622590a8af8831eced724d80ffdea3c62416f74a9dfdee8/detection

81.17.28.82:443
driversupd.com

# Reference: https://www.virustotal.com/gui/file/63385e4cd4d6055d928d8636b341af27dce32b09df9c6bc47258ac5d42f030f7/detection

43.226.152.6:3665

# Reference: https://www.virustotal.com/gui/file/b5d6f03dff65732c2726be7d6a85304a6681aa61ad4983c66520bf7c1ede87d0/detection

139.180.203.104:443
microsoft.systemservices.network

# Reference: https://www.virustotal.com/gui/file/fe68261d34bc36d24aec8f42eb7a71f37e7137a439f093fcf6ff20254278b849/detection

http://139.180.203.104/pixel.gif

# Reference: https://www.virustotal.com/gui/file/95a7bd7bbaf0f82a13e18c9b6c5094e734f65fc560524b15e220b7b98da0f5bc/detection

http://139.180.203.104/Vaq5

# Reference: https://www.virustotal.com/gui/file/bb3bf87670b617cce0302726d13a2d80392f85a361bdbc6e43ffdb4aa441a2d5/detection

47.98.53.81:12345

# Reference: https://www.virustotal.com/gui/file/fe58643d8cd2e2215824658f9847f3998d040c0906ae575199dd96032db047c8/detection

47.98.53.81:5678

# Reference: https://www.virustotal.com/gui/file/8e004fb428b3da9f015ffffee201dc751f48c3d8a8048b404a17156f48e1eecf/detection

hotel.azureedge.net

# Reference: https://www.virustotal.com/gui/file/fbb7294818e5822b623b812b1f6cc6dfdb37958ec86c59845a05a9d0bd29c429/detection

103.56.19.57:8011

# Reference: https://www.virustotal.com/gui/file/02e3bd7380af6941e070cb1d5081ee8c553eca574ccb4116e5fa6dd53e8ac90f/detection

103.56.19.57:8080

# Reference: https://www.virustotal.com/gui/file/c585269efa9af762d44a31334e250d4d2225f7ea2c3c7168f653b852fcd67383/detection

74.82.205.102:4433

# Reference: https://www.virustotal.com/gui/file/2672c889f74d8a7482735c4e5e69125fcd361e2b726f0efef85147c217030a24/detection
# Reference: https://www.virustotal.com/gui/file/869786e71751e7a96b5d463dd84155b0ef7b1bca688f3316a56fe4aa47250ed7/detection
# Reference: https://www.virustotal.com/gui/file/b62db92062c358a7c27543b6d33ad0a6492dcfe0ac1e73d133e58eb95610d455/detection

49.235.230.115:9090

# Reference: https://www.virustotal.com/gui/file/3b48d22d508ac31820d79b6392da0513c07cfee9ccfb6aa18200c04f279c0f92/detection

http://43.226.39.8/pixel.gif
http://43.226.39.8/ZWjB

# Reference: https://www.virustotal.com/gui/file/80b9e5b0af31e1848156a01f5228736a7961205c706051501e7d4a6bd5369641/detection
# Reference: https://www.virustotal.com/gui/file/9220e87e2f9cdf87f62d6f35e42c25695037e2bb7115a16b638b1e2a3e52175f/detection

154.221.28.190:8888

# Reference: https://www.virustotal.com/gui/file/d46cbe962eb9ad1eb622590a8af8831eced724d80ffdea3c62416f74a9dfdee8/detection

81.17.28.82:443
driversupd.com

# Reference: https://twitter.com/wwp96/status/1331067128150102016
# Reference: https://app.any.run/tasks/1c8330e1-f622-428f-9d99-7644562ce29d/
# Reference: https://www.virustotal.com/gui/file/8dafde4809fae1db6c2de051de9a005c43c4b0218af4e3c1f30fa6a0f65316fc/detection

http://176.123.2.216
176.123.2.216:443

# Reference: https://www.virustotal.com/gui/file/03f1106b8dd0358866fa44bba022b7c556f8d7a006d2a8336711e9aaa01934f7/detection

165.227.199.214:443

# Reference: https://www.virustotal.com/gui/file/1f760a55c7704267c5757d86a4959fb9278e1699efac8ae153298b46a9f9bab0/detection

144.91.119.150:443
powershell.services

# Reference: https://www.virustotal.com/gui/file/844f919caec3c6d941ad22a49ecb7e289cadec865e45dd7812a064fb694b98c3/detection

96.45.188.69:12554

# Reference: https://www.virustotal.com/gui/file/b4f2a04a299cbed3500294972428948ce767e3ef98c06c724d7a2662438b3c1d/detection

96.45.188.69:8888

# Reference: https://www.virustotal.com/gui/file/d68f75ec6e2c9a35f1992ff66cadf000db1941a05c331e93bda8ddeea3ff7e89/detection
# Reference: https://www.virustotal.com/gui/file/187ae89a0b4bf3b2e25c3f8f8fc6737d41cb33304d6bd4998b07efbac3318ac1/detection

39.101.199.31:80
39.102.120.235:80

# Reference: https://www.virustotal.com/gui/file/7f8b378a273ca7926f17e5542acf2057ad8acd144ce04ef610ea7d76646156b7/detection

47.97.75.227:9999

# Reference: https://www.virustotal.com/gui/file/2f06e1ebb58084266d0dbe4942c904ab2b75f747433328b4810ea8f628859ece/detection

47.93.42.183:3432

# Reference: https://www.virustotal.com/gui/file/bd56b8a4bf5072417ed9e31818b0fdde1645ba2c25c2aaf20d8ad1902eaddbcb/detection

47.93.42.183:4312

# Reference: https://www.virustotal.com/gui/file/b7c75cdfc47b81b0a156f8ccc8fd65f42b2bbf473a4d9b359e3fbc0395de69e2/detection

http://103.39.217.134/hYLP

# Reference: https://www.virustotal.com/gui/file/e2002eecffec3c3075629dd38a447c4b7c54bf4d5c695e454001eb49563900d1/detection

http://103.39.217.134/vaP5
http://103.39.217.134/updates.rss

# Reference: https://www.virustotal.com/gui/file/df1b0c4a0da231faaeca990ed959419919fd43bf53b41469427ecbe797793612/detection

http://103.39.217.134/b7Ky

# Reference: https://www.virustotal.com/gui/file/02aa893ce29d4b94a00a6784ffaebafa8578fe6b73f7f162eb66a41f572debb9/detection
# Reference: https://www.virustotal.com/gui/file/18848c50d4479a4f595f51081ae7feaca509c6fd9516f0120db443d56519896d/detection

103.39.217.134:9527

# Reference: https://www.virustotal.com/gui/file/844f919caec3c6d941ad22a49ecb7e289cadec865e45dd7812a064fb694b98c3/detection

96.45.188.69:12554

# Reference: https://www.virustotal.com/gui/file/470184351398597c6b608a8420a1733c4f12dd53ca763d383327c5b826be58ee/detection

96.45.188.69:8888

# Reference: https://www.virustotal.com/gui/file/ddf9264c245a187b876376ea8f4d87d8065c5f955b7f51f01b09dd474e534102/detection

47.93.116.160:6606

# Reference: https://www.virustotal.com/gui/file/1c4ab8c457ae7d1a22abbd93ea41f1500fa8b94c8bb555ce68f50049bd1f5869/detection

47.93.116.160:8808

# Reference: https://www.virustotal.com/gui/file/0060448db81e7d89207253bd49b780d2a4d6f066214511bcff8c7fe66175a110/detection

47.93.116.160:8080

# Reference: https://www.virustotal.com/gui/file/b18d2f4e34ab368e270e809016b0ce5ce689bedf46c9eccd9b4966780ea5b5e4/detection

47.93.116.160:8088

# Reference: https://www.virustotal.com/gui/file/bcbf609c4e41b03edcc055cf0db87ebcc8c555fa8d78284ffbf2d2636b4d5961/detection

47.93.116.160:9909

# Reference: https://www.virustotal.com/gui/file/92b180bcdc8a906b86f90ea181fc09c4764dfc47201c8dd05fede2fb86e7bbea/detection

43.240.156.5:443

# Reference: https://www.virustotal.com/gui/file/56b489cb23a47dcc4e8dba401d7521675cccbee72f9b73e38670eda8304856a8/detection

43.240.156.5:6060

# Reference: https://www.virustotal.com/gui/file/4e05f08cd26671a8fec3c8687d5c18fe6e8aa2f3b0d773ea930b3a1776799bb9/detection

43.240.156.5:8080

# Reference: https://www.virustotal.com/gui/file/4d4c79a03d00fbdd34f3a511100b7fe8b56e7a31eb2b3b4eeddaf56e1afa7a7b/detection

80.209.241.7:444

# Reference: https://twitter.com/malware_traffic/status/1331634103591063552

199.217.117.184:443
199.217.117.184:444

# Reference: https://www.virustotal.com/gui/file/3ee84da35a45fbea2921fd6998803dff1f7ffa42692f38bdb18ab27ceff8821c/detection
# Reference: https://www.virustotal.com/gui/file/6c0f6a7bbca83f4486d8f7e4b44967e9a729ba2f7896475bd593b955b5d58aa2/detection

http://8.131.96.175/9njL
http://8.131.96.175/__utm.gif
http://8.131.96.175/submit.php

# Reference: https://www.virustotal.com/gui/file/09ca93b8d8a96574de2df02296e8786cfe2a90b02a0da21a776bcee7d5eeb58d/detection
# Reference: https://www.virustotal.com/gui/file/c599ec2159d8d97ab77a183107d8b22b05b7375a660e35d1a06502edac05d600/detection

http://124.71.155.107/oMQO
http://124.71.155.107/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/a5c9be733aa3bef8f3de2b6a60b64570b7752af1c42ecd47902659f4bc6b39c7/detection

123.57.190.31:8080

# Reference: https://www.virustotal.com/gui/file/a4cc50c504d79641dcb4aced2f6d5a780ec8f90e73d09bed17bc8219e4b138a0/detection

47.92.33.59:18310

# Reference: https://www.virustotal.com/gui/file/d11acc5802d57717c79e2fa95c6f83b8a3a2fe20108cdd4c8161d573ca309f14/detection
# Reference: https://www.virustotal.com/gui/file/f7db001e4eaf47ed9c02e94ff43da273ae8a2a6d86169391a943af4aa1963978/detection

47.92.33.59:18377
img.ganker.rocks
static.ganker.rocks

# Reference: https://www.virustotal.com/gui/file/e83f5dd498184f81fb20fd13ebca29b9975805edc8be92d446f76a6a466f3831/detection

http://47.114.39.239/g.pixel

# Reference: https://www.virustotal.com/gui/file/ba0666b5b5f4a1ea37862624256ae6ae12c1e666a7530e8625cdea43a99a3814/detection

47.114.39.239:12345

# Reference: https://www.virustotal.com/gui/file/6e54203caece33561d723d0b3eb5c728eeb32712553f2228ed3d725028992c4b/detection

47.114.39.239:4321

# Reference: https://www.virustotal.com/gui/file/55bab42b7f2df407d3476ec14f505ebd18e37881952f0cc684864ff0d3715950/detection

172.81.250.135:443

# Reference: https://www.virustotal.com/gui/file/4524ed179abbabe030ac86d6749f1e4cd89e1967b7273187b1a7f7dd327480a2/detection

172.81.250.135:9998

# Reference: https://www.virustotal.com/gui/file/e4c3fe5e5784a2339414853e2b4e957819621a28742c50c085da5dd9c5de6124/detection

116.63.181.150:443

# Reference: https://www.virustotal.com/gui/file/2a089d2ae1a727ad3aa88588b6a8a705c5e7c4245f867556cedae9a7fbeb61d8/detection

139.196.21.224:33060

# Reference: https://www.virustotal.com/gui/file/0fae1cbc98e8cd5d6cb63ac0df293ab51aaf27385e58e5edb6bf146aac487ca9/detection

139.196.21.224:8080

# Reference: https://www.virustotal.com/gui/file/57cbe5e9a60549646c81e3301fe3e91f1e589561cf6b5ed9c42f7866611be764/detection

139.196.21.224:8091

# Reference: https://www.virustotal.com/gui/file/1db461e68c1eba2254ce9777c637b23fa9cd1bcf9f07721a5c7bbe0429b824d6/detection

47.108.92.73:60080

# Reference: https://www.virustotal.com/gui/file/d55a4da3be9ed2a5ba9c18367f8f2d08931e31d65f607341f9b620696478a35e/detection

47.108.92.73:7001

# Reference: https://www.virustotal.com/gui/file/28982143a30c84917fa6f6528299eab9d731537a730c78a57fb69c565c9123d2/detection

104.27.172.56:8880
cs.tomassky.cc

# Reference: https://twitter.com/d4rksystem/status/1332021306095759368

43.255.30.192:8848

# Reference: https://www.virustotal.com/gui/file/02902cd3128b70961053ae8978958085f17da4dbf5b5cdecfdc5a794b30c7184/detection

47.103.213.82:4564

# Reference: https://www.virustotal.com/gui/file/0f3fb784daf189ef6d715a22935f167adffeefb011ebac2851766be344a74bdc/detection

47.103.213.82:44415

# Reference: https://www.virustotal.com/gui/file/a1a682a11c6cb6efff714f444c05ab8b9c38f03a4f880f5766a84e09e5f87cdc/detection

104.248.148.158:4444
167.172.5.160:4444

# Reference: https://www.virustotal.com/gui/file/b4433d8598e1cd33f76ca0d90489c39f31ba719dcebcabb9eb4f1038c2b7ddbe/detection

104.248.148.158:443

# Reference: https://twitter.com/d4rksystem/status/1332359186215276550
# Reference: https://www.virustotal.com/gui/file/8fb330ad33623311934e11c6baf785c8d47adf8f0bcc3dec251314faa4f22973/detection
# Reference: https://www.virustotal.com/gui/file/dada30ae6d4d5dfc6752c653eaa5555ff54547416d2f29845921bbb5c28ec7ed/detection
# Reference: https://www.virustotal.com/gui/file/a4d7c3783abb6d4ccbb9b64633fbefe3522a688e5abaccb305549624282d504b/detection

http://94.103.84.81/cm
http://94.103.84.81/g.pixel
http://94.103.84.81/SKuI
http://94.103.84.81/submit.php

# Reference: https://www.virustotal.com/gui/file/8f6c6c6857eb174213ee171e700f4a9f938c6ee09f7ed25fa0d058543c000a11/detection

49.232.203.19:1234

# Reference: https://www.virustotal.com/gui/file/86fce281b97357cd2e70ad8be424825925e8bbfa6cd4ac815277e69b3289a89d/detection

49.232.203.19:3333

# Reference: https://www.virustotal.com/gui/file/b72c2c98b4679c05706a07e069d75fb2a07a95c5c9009bb953a4ee414fa56e15/detection

http://176.123.3.108/9ioK
http://176.123.3.108/cx

# Reference: https://www.virustotal.com/gui/file/aae9ae1e90db9ecffa9eb7daabeb0c9b0b5ddd734986a29ece24edae6a33fa81/detection

http://176.123.3.108/BhfL

# Reference: https://www.virustotal.com/gui/file/7d12f0760d38b502718d23e10207824115a16cfbfab72752c494792413fb5c50/detection

176.123.3.108:443

# Reference: https://www.virustotal.com/gui/file/98c0c3b8a81d32d8c09ddf8bdf86667361dbef18fdd58f08945f7ac39a5cc4b5/detection

45.77.19.7:12345

# Reference: https://www.virustotal.com/gui/file/c98b06b3cd2c8a324b913e8246eb2c56848f1ed0cd1964891df41aa0f4128972/detection

47.98.151.153:6666

# Reference: https://www.virustotal.com/gui/file/7c8bf39daa154d4f7e456285569687a41d0bf120962f17216f686bbe1c26223c/detection

47.98.151.153:8888

# Reference: https://www.virustotal.com/gui/file/10ab80b1134f8d96d67924fde4096185e4b21ff2a795aa3fc317eb7cd2491483/detection
# Reference: https://www.virustotal.com/gui/file/5b59bc38d6c13b08859b793ec8b4ab6932d9f2fc4e9330ac9ed08af50bed26cc/detection

39.102.64.207:443

# Reference: https://www.virustotal.com/gui/file/7ddfc90224ea8a4247e4179ac0bdc36355cebe7876c669a4f09111cb4c1dd8c8/detection

118.126.66.150:2233

# Reference: https://www.virustotal.com/gui/file/8865e9bc5221c321a9ae17eb92d3e5bfc7ef61debcc0840f515a3ebbcf3cf3be/detection

118.126.66.150:22211

# Reference: https://www.virustotal.com/gui/file/a8ff149ec3592c55322c6c28f4ef9b4e217fab646ff0891ca16d7fa9664fd539/detection

http://118.126.66.150/Encrypted1.mp3

# Reference: https://www.virustotal.com/gui/file/ea4c60fcb0eb8b0545caa1a04c1f1d83d949e2f9e88e8f4c34234ba10e6ddb82/detection

http://218.253.251.74/aY8k
http://218.253.251.74/g.pixel

# Reference: https://www.virustotal.com/gui/file/6ace78dcc968c6dac6d62a19c95144c587c59635caa414c772f183b8bdc8d40d/detection

http://218.253.251.74/nvB6
http://218.253.251.74/ga.js

# Reference: https://www.virustotal.com/gui/file/607b31170981013fd2a0b2d4b57c4b3ee1f580745e1dfda8c7bea926cbffc702/detection

http://218.253.251.74/SaGa
http://218.253.251.74/updates

# Reference: https://www.virustotal.com/gui/file/b48d95dbfa90aa9982d9a7a6ecb304eaad0ccd380f891aa7ec10074d71f9e086/detection

218.253.251.74:443

# Reference: https://www.virustotal.com/gui/file/3373a1b27de2f91e4b3ee2fc0a399a9f9417fc5ff899ea0910f29681ba6963cb/detection

218.253.251.74:8098

# Reference: https://twitter.com/_re_fox/status/1333621485064368129
# Reference: https://www.virustotal.com/gui/file/b32281d7f00b086d41d7f19d7723ecbc4cc897ef75865c8da177351588cf9fa4/detection

39.106.226.204:8083
http://39.106.226.204/6ljP

# Reference: https://www.virustotal.com/gui/file/b63c9360d731038eeef5da2dfee933378c5910ca82724173207089a3c58bad82/detection

103.133.214.253:3309

# Reference: https://twitter.com/d4rksystem/status/1333848341239582721

193.187.118.232:443

# Reference: https://twitter.com/malware_traffic/status/1333565587163815937

206.54.190.220:8080

# Reference: https://www.virustotal.com/gui/file/ee11d26a1ac7b60bfd92a62cbd191eaedc83c8c0116e8ae8f6610a8e47c59de8/detection

microsoft-updata-info.monster

# Reference: https://www.virustotal.com/gui/file/5ce0be92070b2600b04ec18d9ee6a02f2e7dce330a49d6e865a430a8a92fe68c/detection

104.24.126.54:8880
104.24.127.54:8880
172.67.212.101:8880

# Reference: https://www.virustotal.com/gui/file/09750fd4962b8e5ab205f36b5316346a9ad4e60afc9fb29167abef0c8daef6f0/detection

139.180.194.87:2233

# Reference: https://www.virustotal.com/gui/file/0a3fec45848cac6231aeccad4cf934c7d003a26e8400a13207e3e976aefa6f76/detection

139.180.194.87:35578

# Reference: https://www.virustotal.com/gui/file/e0cb2b65e10e21dfec69d699b48db046908a1d2318c706cebef94a155de3bbda/detection

116.85.69.58:443

# Reference: https://www.virustotal.com/gui/file/9f84d0d8cb6da41461fac8bb84fab901fbb044f409d1bb245d24c201c0ecc8a9/detection

118.31.47.97:5555

# Reference: https://www.virustotal.com/gui/file/4a143c58cc13a2c6a7fd09100126096c79fef2277bc36cb64a6a3dae536dffaa/detection

115.159.92.12:8888

# Reference: https://www.virustotal.com/gui/file/1bc4712fee32b45dffa71c8335cfbc0e444a46c47eaaaf074f7eda60c3058429/detection

39.98.250.32:22345

# Reference: https://www.virustotal.com/gui/file/d6d0c76aa4758e952be2a8f2b4916232bfde5324f09466d03c1956a0783c9db3/detection

39.98.250.32:4001

# Reference: https://www.virustotal.com/gui/file/44bebe666a6afc38d707052451ee34b8c3c20b16dcd4dd77bfe27c22d6a22113/detection

39.98.250.32:443

# Reference: https://github.com/whickey-r7/grab_beacon_config/blob/main/README.md
# Reference: https://www.virustotal.com/gui/ip-address/82.194.164.37/relations

kasperskys.net

# Reference: https://www.virustotal.com/gui/file/d5c99e101b000316d3b2197f958d487597f7ae7ac273c2a229e8fb0bd0e2aee8/detection

104.27.128.88:8080
robbot2unions.robster2osunion.tk

# Reference: https://mp.weixin.qq.com/s/BLM8tM88x9oT4CjSiupE2A (Chinese)
# Reference: https://www.intrinsec.com/wp-content/uploads/2024/01/TLP-CLEAR-2024-01-09-ThreeAM-EN-Information-report.pdf

http://159.69.156.245
http://176.121.14.249
http://185.202.0.79
http://185.202.0.111
http://192.144.234.207
http://23.224.41.132
http://47.105.180.183
http://47.242.148.4
http://47.244.13.36
http://47.98.166.253
http://49.232.217.171
http://81.70.9.64
http://83.242.96.163
http://88.99.89.152
http://89.46.86.160
100.26.209.220:443
103.39.18.167:443
103.73.97.119:443
106.55.153.204:443
114.116.33.191:8888
114.118.5.108:443
118.24.85.85:3306
119.23.184.235:7777
142.54.188.26:443
144.217.207.21:443
152.32.252.47:8080
153.92.127.204:443
176.123.8.228:8000
185.150.117.50:443
185.212.47.171:443
185.225.19.125:443
185.244.149.152:443
185.52.3.205:443
218.253.251.118:8443
39.100.224.129:8888
39.102.52.75:81
45.147.229.199:8080
45.153.243.215:443
http://45.76.247.184
46.148.26.246:443
47.95.119.10:8080
47.95.231.140:8080
49.232.42.92:443
49.233.155.141:7001
49.234.94.85:8081
5.34.181.12:5985
51.195.35.0:8888
78.128.113.14:443
89.45.4.135:8080
95.179.228.227:443
agturnfa.com
amscloud.xyz
ysan.ml
io.amscloud.xyz
kinging.ysan.ml
nguyenlieu.gratekey.com
skyler.shacknet.biz
yambanetsdev.net

# Reference: https://www.virustotal.com/gui/file/4b0cede42a189e7f730a6035cb16ee97b659290c6d8f7862eb0099b498f297a8/detection

http://104.31.83.68
update-flash.info

# Reference: https://www.virustotal.com/gui/file/a9a187949d6706593841c418058a20313f2c15aa752ac9e88df7340caac60952/detection

cattom.buzz

# Reference: https://www.virustotal.com/gui/file/8a1d7b30b8bd096b2756e452fe30c682212f75f72c7511dcaa875a59a02966c5/detection

115.159.119.89:8898

# Reference: https://www.virustotal.com/gui/file/5b5bfc06075466e337dfdccbf32259634a1eef833e4e5dd2c37e25c006c1d1f7/detection

116.253.29.201:80
console.mail.163.com/js/jquery-3.3.2.min.js
console.mail.163.com/js/jquery-3.3.2.slim.min.js

# Reference: https://www.virustotal.com/gui/file/95bef2506cc1ecee96d622e2bdfb7ed13a49d615bbd7a84e7566e9e68e041292/detection

139.155.2.101:8000
3as0n.cn

# Reference: https://www.virustotal.com/gui/file/2e7b8ab76e41e1dbe7556225095a3aefdc4a5d7dd5a3cbc430edb4794507cae6/detection

114.116.187.243:8080

# Reference: https://www.virustotal.com/gui/file/70c9cb89a84121341e5d8cebd11aaacabd1d77471979d0d3cbfe5ca6450a865b/detection
# Reference: https://www.virustotal.com/gui/file/2506e8af5d8934565ef2ba28837c64e204025a9e4635c1d49c75ddf248d2cf3a/detection

47.56.224.63:8888

# Reference: https://www.virustotal.com/gui/file/5ea81f3f8630d60734f5e6d0721c5774bb82598398efa48c8c1b5d3bffd808ab/detection
# Reference: https://www.virustotal.com/gui/file/b0ab20a25f60ee72fc70b5ee8d2f815eee26b7b2f4e6decf32fd2ed9e0688778/detection

138.197.154.110:80

# Reference: https://www.virustotal.com/gui/file/f420cd419f00fccd03e2132f4e6f13db7867c55996174dd44541bee95347abe4/detection

119.23.218.37:8254

# Reference: https://www.virustotal.com/gui/file/87dc163ed495c4f37b5a9c487e993e9dfccdc2277511f29a9c0e7253933c98eb/detection

119.23.218.37:8250

# Reference: https://www.virustotal.com/gui/file/b2aceda8bc806d197344ca9a7e54608780bbba9c1bc21dda029a34235ff02644/detection

119.23.218.37:9999

# Reference: https://www.virustotal.com/gui/file/9b9b459fc8be56e4579a432b2e2453755212dd70c1198deeda9d7d6b4dab444d/detection

182.92.202.24:443

# Reference: https://www.virustotal.com/gui/file/0631458030028ebe655b638b8942515244d764386c1d84020d54920a4dfa4d26/detection

47.116.0.48:8080

# Reference: https://www.virustotal.com/gui/file/fc6a7fa755e864683cb45f40c4568633a79cd2ab24f732a62f4c211fc0c68f1a/detection

http://47.116.0.48/HXTi
http://47.116.0.48/match
http://47.116.0.48/submit.php

# Reference: https://www.virustotal.com/gui/file/99e555c6478ff8627525ac8aee26b08f405d447b9d9e97315b6381a02cde818c/detection

31.44.184.73:50008

# Reference: https://www.virustotal.com/gui/file/85b23e5e52505b2ef3aa587c35f311d4ec2c7d28de85e4cdc0f003f3a819d199/detection

31.44.184.73:50014

# Reference: https://www.virustotal.com/gui/file/dfcddb1023d6f0ead818c4a5d7813486eab19afe2409a64e3af0c2a7be4aed7c/detection

31.44.184.73:50016

# Reference: https://www.virustotal.com/gui/file/a3035a49ca2c77f9aba9c570a3cdc70104ffa1d9743b72bd7400731ff0e11740/detection

31.44.184.73:50026

# Reference: https://www.virustotal.com/gui/file/5f3bca97e34342e5742e52a5367ce0d6b3beab2afed26e7c1c104c8df67bf21b/detection

60.205.254.76:8000

# Reference: https://www.virustotal.com/gui/file/ad5fd27c128182aa7ee81df510f717b9269a83d07d851eaf6ce1cb2c1acd592a/detection

60.205.254.76:82

# Reference: https://www.virustotal.com/gui/file/6766240a7cf8e7ab4b60ef2aa003710ac536c183f1b67f29d9b803368d37e49d/detection

101.227.0.145:443
111.13.103.248:443
119.188.130.222:443
119.249.48.101:443
124.132.135.236:443
153.3.231.239:443
153.99.248.235:443

# Reference: https://www.virustotal.com/gui/file/6e559f35ff9b88cbc14c74a65db46b1f16525fcfeebe97125b9c6c3a6e8f564c/detection
# Reference: https://www.virustotal.com/gui/file/ff9edb4259f2d7baa26293b96e5bad20ebd571de88541307d01d4405790072d2/detection

http://47.103.53.54/fPZL
http://47.103.53.54/oTFS
http://47.103.53.54/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/d005a02061a031978138988943d418c018a70075376897e46c308c35ec9ef969/detection

47.103.53.54:443

# Reference: https://www.virustotal.com/gui/file/4c1b8495e5cbfea84cb9eaac1d19a8aa8cf5ea6b3753440d379af30f3814c673/detection

8.210.69.47:8888

# Reference: https://twitter.com/malware_traffic/status/1334531678602207243

173.234.25.74:8080
45.170.251.101:8080

# Reference: https://www.virustotal.com/gui/file/299d29050b3bd30b574276824d6479896e726cffdf9c12818b68b7be281960be/detection

60.205.152.98:8080

# Reference: https://www.virustotal.com/gui/file/8aa87e40e47d40864c4881a4198c686da44ef4ea9c78d74ce258b40a29309c97/detection
# Reference: https://www.virustotal.com/gui/domain/hihihitesttesttest.xyz/relations

104.24.124.240:2086
hihihitesttesttest.xyz
picture.hihihitesttesttest.xyz

# Reference: https://www.virustotal.com/gui/file/4b09100594f9d94796247959777cfa6f942d2e31ad65c757b3ec19d7a28f5533/detection

104.27.177.89:8080
outlook.best

# Reference: https://www.virustotal.com/gui/file/8bab882d75173569e62b13743b73ac34189978f96d60df2543a2e4aed7219395/detection

94.242.55.115:8080

# Reference: https://www.virustotal.com/gui/file/7b873f44a9ceedbb3aca652b0376f7457f79703b654da5e994c734cc64b3cc68/detection

104.28.24.131:8080
172.67.193.181:8080
testqweasdzxc.biz
cs.testqweasdzxc.biz

# Reference: https://www.virustotal.com/gui/file/e177e8036aa18e5db66f97472d3d024bade66ef0719b3679c8d471b56d98b2c8/detection

42.192.139.103:1000

# Reference: https://www.virustotal.com/gui/file/c1a97ef9f45c08c908c3bbbcfda663424d32b2eab4aa41f95cd7f0082289798b/detection
# Reference: https://www.virustotal.com/gui/file/f92473be720e5624a475c1e669605a1e591a57dfd42673d0e57e156edc63d331/detection

47.100.32.234:1234

# Reference: https://www.virustotal.com/gui/file/c2a1ac2b8b500ddeaddf3df77e431990c4a0b974e5648bacfa805f8d5018c2d1/detection

http://39.106.226.204/updates.rss
http://39.106.226.204/submit.php

# Reference: https://www.virustotal.com/gui/file/f64bb2192d538f58509094e009817fdc6f46e793b1fbc98db31f5e356db854ff/detection

120.78.165.96:443

# Reference: https://www.virustotal.com/gui/file/f0f50cb371a1972c5624f3313e0abc56477838b7829bdb1d0be51a70dc0324c0/detection

120.78.165.96:3128

# Reference: https://www.virustotal.com/gui/file/5b56dc66275656946a4337fcc7f5cfe9651554f0876288e3e07b15e643895b64/detection

120.78.165.96:8000

# Reference: https://www.virustotal.com/gui/file/3ba8a68e2c8594ba6401dd504031364d8ef794e67cb032afabea5cd385983769/detection

http://120.78.165.96/j.ad

# Reference: https://www.virustotal.com/gui/file/b23027cfbb2a6eed56c6a02bcbaa738193b4976e128d6d61aa9d28688e240887/detection

104.27.138.58:443
vip.vhvh.pw

# Reference: https://www.virustotal.com/gui/file/706078a02aa37a4270913c9a487c3d6eb5768b847ef6ea8e18b7914726a3540d/detection

xxx.vhvh.pw

# Reference: https://twitter.com/jorgemieres/status/1329085096574345218

108.62.49.249:777
my1empire.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1330923636585328642

http://69.30.232.138/dpixel
http://69.30.232.138/submit.php
http://69.30.232.138/updates.rss

# Reference: https://www.virustotal.com/gui/domain/lousingloo.com/relations
# Reference: https://www.virustotal.com/gui/file/25b461a82145700217d3c61aebd56bf1eab101e5b8b4274913964dfb6bcc18d7/detection

http://173.234.25.74/fwlink
lousingloo.com

# Reference: https://twitter.com/d4rksystem/status/1334180532679307266

103.231.222.39:8089

# Reference: https://twitter.com/_re_fox/status/1334948772787482632
# Reference: https://www.virustotal.com/gui/file/7a949bb815d301faa0fae209b88ba499c062bbb620b9f90ecf2451a63f544f1b/detection
# Reference: https://www.virustotal.com/gui/file/85a9bd760655b6c92042a16235b6be127d9ca7fb4e151690e0d7b60b5190a31d/detection

sbi-cloud.net

# Reference: https://www.virustotal.com/gui/file/44f2a2dfaac2bc84cd0ca99346d9c6872dedc06d71ff9b2a10fdf1d9fbe40047/detection

13.72.111.119:443

# Reference: https://twitter.com/pmelson/status/1330575151725993987

websecurenetworks.xyz

# Reference: https://twitter.com/d4rksystem/status/1313131838114729984

103.117.136.70:3322
http://103.117.136.70
pc1024.net

# Reference: https://twitter.com/Dan__Mayer/status/1289720249051279362

diz0zog9i207j.cloudfront.net

# Reference: https://twitter.com/Dan__Mayer/status/1277406943691194368

brookingsinstitute.org/jquery-3.3.1.min.js
brookingsinstitute.org/jquery-3.3.1.slim.min.js

# Reference: https://twitter.com/BlackLotusLabs/status/1270746166796464129

bezatraud.me
checkoffice.me
lekoservidns.net
rednote.pro

# Reference: https://www.virustotal.com/gui/file/de6b411106ea88d89a59cc83625efb9b8483d8ded8f08e297e2b328f45da660e/detection

http://123.57.90.172/i6Xf

# Reference: https://www.virustotal.com/gui/file/4e24d53de90495076b1bdb48bad6d28c88215544c817d3bcad7734349a67e76d/detection

http://123.57.90.172/dot.gif
http://123.57.90.172/WVXX

# Reference: https://www.virustotal.com/gui/file/3c3c26069da0210aef34e4d982e0312716bc722033b7342cb1e2e0045d979f53/detection

81.69.248.69:88

# Reference: https://www.virustotal.com/gui/file/2cb1ce45e1ab86f2228fad11c815863baa14fac5983d756d82b3d743f85ab810/detection
# Reference: https://www.virustotal.com/gui/file/57b1b2443310e017eac5d2fa5619efb2a9a2a24d14e4beb191f3171110a4dc7c/detection

45.62.111.85:5566

# Reference: https://www.virustotal.com/gui/file/59bb2260dd9adb0f1d277f98a3f8de8eb8850c1224703c81a376d962bdddbf3e/detection

47.113.95.40:188

# Reference: https://www.virustotal.com/gui/file/5aef7ac2deb4a7dd1d850f604053e9746903f12dcad414af7561e7f5018bab70/detection

http://47.113.95.40/PJQq
http://47.113.95.40/zOMGAPT

# Reference: https://www.virustotal.com/gui/file/b1ee0bccd9dbc0faee67454ccf03e700e06bb620e66a3974b79c9611f3a52f1f/detection

47.113.95.40:5656

# Reference: https://www.virustotal.com/gui/file/7b5969215bcab3e1aab682e450af4c75fdac0b29fb665db22fcf8a5c8a170020/detection

47.113.95.40:443

# Reference: https://www.virustotal.com/gui/file/51792418822119416f5e47d2d47ea4b8714bb929888f1d15116d2ea43b0c0895/detection

47.113.95.40:88

# Reference: https://www.virustotal.com/gui/file/2fadcb70f2720cf8c0aae85400e8528c91d988a5ab2dbf2c32bb2e9738c7fd4c/detection

185.21.66.206:999
srv.cybesys.com

# Reference: https://www.virustotal.com/gui/file/06656338e96a8960b208a6b451d39937f2186d708e7841c2e33c00faa28c8d25/detection

185.21.66.206:6666

# Reference: https://www.virustotal.com/gui/file/24b38774f74fb8e8ceadee81d597ac74a747ca1af455cb559f72b3f985f26697/detection

212.95.150.10:8088

# Reference: https://twitter.com/malware_traffic/status/1336136217004478465

23.106.160.138:8888

# Reference: https://www.virustotal.com/gui/file/426ff11eebe31f9ad9b69e2ca424dc7e1b4088483daecc517390e940fcb0957f/detection
# Reference: https://www.virustotal.com/gui/file/9cba130f241d6e88df27b8aab3f74e0286ecc1ea93772fea233136c4fe777b4c/detection

165.25.252.25:22223

# Reference: https://www.virustotal.com/gui/file/b7203d70ad337a379c815a988a760a864eeaae5e68760b39307486b228257add/detection
# Reference: https://www.virustotal.com/gui/file/3aeebf11210d1cc89801ab3ef7a6fe9ff989d8f1a4689c94745fcda8f155f979/detection

139.199.185.41:443
139.199.185.41:445

# Reference: https://www.virustotal.com/gui/file/5033e3094ab38c5750aec7fa46e72f1349cbe7ba0c90691acef7269811575bbc/detection
# Reference: https://www.virustotal.com/gui/file/f3415fef85686e33b85d6858c9c299830f4d6ea3a52f5f1a749e65d0b82adca1/detection

aliiyunn.cn

# Reference: https://www.virustotal.com/gui/file/f951c06a1ce366aec9d62b2a4bedc63e272f717bf98db47eb4573eeb05cd0e31/detection

88.119.171.55:443

# Reference: https://www.virustotal.com/gui/file/b6e802f769d9b086b44514dcbea9694b5e7d4f3ff1cafdbae307df57aba8767c/detection

http://88.119.171.55/lv.html

# Reference: https://twitter.com/bryceabdo/status/1336309563721658370
# Reference: https://www.virustotal.com/gui/file/be4cde410e83980e46edbfa08cfcd7d8b2f1f343614d7c035938cd620f6df6f8/behavior/C2AE

cwsedge.net

# Reference: https://www.virustotal.com/gui/file/06e23bc577e0b29bbd936dd437c180fe69f1b827964d6e2e7620c46b494fb7f7/detection

20.36.203.162:443

# Reference: https://www.virustotal.com/gui/file/6ff4fb61e4619fedf7b45e33b95e523a7698b6e80873dba2353bdcecdc1716e0/detection

121.4.51.73:8012

# Reference: https://www.virustotal.com/gui/file/00bef429522a738023996c83babab3c50a55e8a9e3ef7e1836ac850b7a0d953d/detection

http://121.4.51.73/Z4ie

# Reference: https://www.virustotal.com/gui/file/6f8afdab6c2064cd50ced3c70c1fcd915ff686b8a001939dd592ee4790efd774/detection

49.235.233.13:8787

# Reference: https://www.virustotal.com/gui/file/db124f49603ba12db47fa8b2b336037daab92e15f41b73a3e21d730f87a37806/detection

49.235.233.13:8090

# Reference: https://www.virustotal.com/gui/file/f2e2ef3573ba3c9a5f40cbe8083cb502adfaafb1c4de127439f24e3c1e6003da/detection

219.153.250.6:7110
vuln.vip

# Reference: https://www.virustotal.com/gui/file/dd45c7841af5f0962b674edfc66beb2d8e7d2508b721aa75b3fed82ff934f489/detection

47.93.116.52:20006

# Reference: https://www.virustotal.com/gui/file/a1645b7f17688b3d63074bd4c71c0817827e3ab06e7b19f8141b86ed7d98fea2/detection

47.93.116.52:25678

# Reference: https://www.virustotal.com/gui/file/3c94adea202a39b6b371a5738882e28dede9ae3ab3433c9d7ed713d45b73140c/detection

173.248.240.41:443

# Reference: https://www.virustotal.com/gui/file/ec1e4c170353d4188e842a2fe521f858180e5a16ff985350ef2f0dde45c8775c/detection

173.248.240.41:2222

# Reference: https://www.virustotal.com/gui/file/2f343c85455b645451b65949bdc78daece061b29becbc45af9852cc6b8f608d1/detection

139.9.135.25:9999

# Reference: https://www.virustotal.com/gui/file/8fc2297f136bbbd4411921453f56ba2e4fb87b96107e487f6cee64d0c5cfe3d5/detection

http://185.191.32.180/g.pixel

# Reference: https://www.virustotal.com/gui/file/bd68bc387e70e1d66f9b180dbcbb0b52846b38d735023368bc45d7845d752739/detection

185.191.32.180:443

# Reference: https://www.virustotal.com/gui/file/cb81b4e9b113f4f838ba35628ffde22141a328f623563fbddb1225d7a4b5e176/detection

http://49.232.217.171/visit.js

# Reference: https://www.virustotal.com/gui/file/366c4b928ed347aad9f840a3f5c1a1a25e1cf18c21ad414e70d8d93c9593ec5e/detection

http://49.232.217.171/XXXU

# Reference: https://www.virustotal.com/gui/file/5e91c3e6719baf5714c5f62e687641c2c9f1f474ec1275d291ac2fc326698002/detection

45.61.136.200:443
flashupdates.ml

# Reference: https://www.virustotal.com/gui/file/3b5ae781ec34b697b7e27d03c02a7853b2da6373cd6615bee8da877e959c19b8/detection

45.61.136.200:8081

# Reference: https://www.virustotal.com/gui/file/49438f7882905706c9bed8b5ff1efcbdff2f5c40d99181e5c468304684eadde5/detection

160.124.103.247:8080

# Reference: https://www.virustotal.com/gui/file/4dc1ce69956d55a1b8507e847db2f61b5ac25ae7f568fab6a24475d53553722c/detection

167.179.76.185:8090

# Reference: https://www.virustotal.com/gui/file/e8dbc7557aab525e1e9b005bc140d2f6233b4c2ff259f5683a63cf48117ec2be/detection

167.179.76.185:8092

# Reference: https://www.virustotal.com/gui/file/9c56e076eb3017e9abd90159474e0386b57437278714531052e5ab505ca5c7bf/detection

45.76.17.69:7777

# Reference: https://www.virustotal.com/gui/file/6f37da9a1581e4f05c60f2254da2752ca56bbb59a433c383e8d030347d69a6c9/detection

110.34.180.32:8443
get-flash.net

# Reference: https://www.virustotal.com/gui/file/7df551e7e44c8451bd8883a76067acbb6ee9f4bb7246241f87e602ca070fc28c/detection

http://110.34.180.32

# Reference: https://www.virustotal.com/gui/file/d288975f5e09590bbe740df7a4a563f55430f3e04cb570d1ba673ca516faf63e/detection
# Reference: https://www.virustotal.com/gui/file/525ed9138027f0c87ac1d0b9f125e500b27f3674745b8291658d92303db5f537/detection
# Reference: https://www.virustotal.com/gui/file/0c3fcc6d9ada66b51fae4890b3c9c5b886bf275a61c78ff3771a02989494ca3e/detection

182.254.229.239:12369
82.254.229.239:8080
http://182.254.229.239/3hhY
http://182.254.229.239/DjJd
http://182.254.229.239/jUSJ
http://182.254.229.239/updates.rss

# Reference: https://www.virustotal.com/gui/file/0c51db2b41b62387444bceb7402612766d48c45a0a37716abb90f42ab23cb349/detection
# Reference: https://www.virustotal.com/gui/file/ff8202df26cc68229e87c99c63c41f075baba15b02554232ee37fff00d9711b4/detection

34.96.157.246:8081
cs.l10.pw
cs2.l10.pw
cs3.l10.pw

# Reference: https://twitter.com/malware_traffic/status/1337069757217058817

173.234.25.74:1080
23.160.192.180:1080

# Reference: https://twitter.com/d4rksystem/status/1337094732724510722

siliconpower2020.best

# Reference: https://www.virustotal.com/gui/file/b9e13e0348be4998a5c96f13290db6ed60abcd19c69a253c39c1b3e9b928a9fb/detection

46.173.214.102:8080

# Reference: https://www.virustotal.com/gui/file/fe5585dfda44ca136bb2fb383052d03452f34c371a2349be0d0cbb6b07437865/detection

http://46.173.214.102/cm

# Reference: https://www.virustotal.com/gui/file/5337a7e43f8a4f07d7fac18d35f91554a4109e634e68016d57232c6511763203/detection

8.210.125.201:443

# Reference: https://www.virustotal.com/gui/file/f654aba8646b662966e122fab0d579f5564177e6c3ccc509013daca9be68d6c1/detection

8.210.125.201:42294

# Reference: https://www.virustotal.com/gui/file/05f68a44d888e74a53d5e1c4a2ec7299291aa5445ad37e6b7a61455ef2241e26/detection

8.210.125.201:44445

# Reference: https://www.virustotal.com/gui/file/8cd6863be41cd2977802f1dd4dcb9f712dbbef3a8fa2a38d013d0181c7873d08/detection

8.210.125.201:6666

# Reference: https://www.virustotal.com/gui/file/eb3c6a6ac57d4281c91c6c65738a08ce67bdb35228a500e30ea8e4e32d1634a2/detection

http://8.210.125.201/Exi6
http://8.210.125.201/visit.js

# Reference: https://www.virustotal.com/gui/file/6f63454f16a7743b4f8b3e1e41cf10cc2c3ad5a394ace79f75a0d269e42d3d8e/detection

40.73.37.51:12358
40.73.37.51:39999

# Reference: https://www.virustotal.com/gui/file/ccef51bcfe6df30ab6e76ef74f9cd3b573cc06018cc34db3805821e06692df22/detection

http://101.32.186.196/__utm.gif

# Reference: https://www.virustotal.com/gui/file/a0bf32fe5f024e9ce0283f279c53432cabff90bebc626def0d93aaf60671e8a8/detection

http://101.32.186.196/qAfE
http://101.32.186.196/visit.js

# Reference: https://www.virustotal.com/gui/file/572e6bf2c8c14eff6aa7a86bd28c57df7cb020ba55760a66d4127f61d50b81f1/detection

182.254.189.223:23456

# Reference: https://www.virustotal.com/gui/file/1699bb142f99431bc75312561fe69272b50b0659f32546573363fc39ed3d90f0/detection

97.64.120.240:8088

# Reference: https://www.virustotal.com/gui/file/26dc51caa2e4e103284499d47478d6d60af9c06366d2ef26872a93ab31be0eee/detection

97.64.120.240:443

# Reference: https://www.virustotal.com/gui/file/e7d98734d84673477e3cd6ce5f315190b56fab9024d02a52c3128991517df685/detection

192.210.207.169:7835

# Reference: https://www.virustotal.com/gui/file/af48a271a7868e9e51d85551c399dfcbb367e8865182b84d848d1f1e1c39080a/detection

192.210.207.169:7839

# Reference: https://www.virustotal.com/gui/file/c3454dc79cec7e8c0beeb6bc60a1c465a3870677342be200dedd0369dbdcd8f8/detection

106.54.241.235:8998

# Reference: https://www.virustotal.com/gui/file/026e4068eb7b071351b345c94313a005c6bdc921a34a91a2bfdc3f003bdda4a0/detection

http://47.110.83.12/pixel.gif

# Reference: https://www.virustotal.com/gui/file/d988dd179ffe96f4d5c83a1376219fa3b3092d9261a9a0e464ad3f53e4a9cd2f/detection

47.110.83.12:443

# Reference: https://twitter.com/d4rksystem/status/1337419370935451655

http://101.32.186.196
103.231.222.39:8089
34.96.157.246:8081
85.239.35.92:8080

# Reference: https://www.virustotal.com/gui/file/254a1b0a5117ce4571607a988019dbf6dea6888df3748f45f8fc29fcd9704365/detection

78.172.137.227:3132
88.252.227.228:3132
hackercoc.duckdns.org

# Reference: https://twitter.com/_re_fox/status/1338161174689554432
# Reference: https://app.any.run/tasks/5fe5195a-55dc-4101-aeff-a1e454f7e14e/

47.97.211.147:8094
http://47.97.211.147

# Reference: https://www.virustotal.com/gui/file/dee21ebd78b700fcae37e689049231363d2f3a0f89a59c683abd7b86679e7737/detection

http://120.26.162.133/cx

# Reference: https://www.virustotal.com/gui/file/3f7e7808234d84b713c2fe94f3be0401c8fe3d7829bc701add763b53accb10ac/detection

120.26.162.133:81

# Reference: https://twitter.com/malwrhunterteam/status/1338501103701331968

182.61.16.221:8443
45.133.239.206:8443

# Reference: https://twitter.com/malware_traffic/status/1338530303736889350

173.234.25.74:8080
92.119.157.10:8080

# Reference: https://www.virustotal.com/gui/file/2084af9e72d1a86410b644a374d51a4ec97baedd7200c1d9810b5c9f126f1799/detection
# Reference: https://www.virustotal.com/gui/file/1498bf9c6d691704bd826f3b902be7e32996bfd08eb427b2d6e7b123d2f9d8e8/detection
# Reference: https://www.virustotal.com/gui/file/fa941638776877d560aade096dc920f08beeb4810168beefe5f9b904d6ca48af/detection
# Reference: https://www.virustotal.com/gui/file/5b2143bdd4d815d7326eee1bbada90d959b8a6db942e3e9913425838ce585b57/detection
# Reference: https://www.virustotal.com/gui/file/27c453bfd2d429667ff5ad47dc9287e8a40170a2bd41aaaa117d5341d06f2190/detection

http://107.173.156.100/2hTn
http://107.173.156.100/cx
http://107.173.156.100/fwlink
http://107.173.156.100/QlGX
http://107.173.156.100/submit.php
http://107.173.156.100/xAl7
107.173.156.100:8081

# Reference: https://www.virustotal.com/gui/file/7bc03b9489be1f17e0d5dd989a3b4761ac2730b2fa9d794b40b0d6ffcb06be33/detection

167.88.177.156:7777

# Reference: https://www.virustotal.com/gui/file/8033ecaadeec4207be3a4f33a809b011e3aeeeeea939276d868efd7bf49c5b84/detection

http://104.27.190.148/s/ref=nb_sb_noss_1/
http://104.27.191.148/s/ref=nb_sb_noss_1/
http://172.67.148.155/s/ref=nb_sb_noss_1/
a305.cloud

# Reference: https://www.virustotal.com/gui/file/119062449169c134bd521857a19f6d900294fb1fddfe467101e4428be5dcfdf4/detection
# Reference: https://www.virustotal.com/gui/file/a59327592df7181ca2d1557484601c6b5cd44bf4ec11b1972460a36236029b32/detection

http://14.192.48.172

# Reference: https://www.virustotal.com/gui/file/4a4344111a74aa0d3d60eb1bc8708b84414e0f4b5f9093827f6de57ba74c0826/detection

103.140.45.100:443

# Reference: https://www.virustotal.com/gui/file/f22e0d896be2abf530f53abc5b55d3bdc591782644922249a7e2aade1c7bd915/detection

103.140.45.100:8080

# Reference: https://www.virustotal.com/gui/file/992f1aa86c81fe3d09bbf26cdfae31c7353cb9e94ceb40fd7ba7a26a1c730914/detection

39.97.216.52:12358
39.97.216.52:39999

# Reference: https://twitter.com/JAMESWT_MHT/status/1339130150752018433
# Reference: https://app.any.run/tasks/29cfb8d8-8ea7-4e4c-8129-da93357b249f/
# Reference: https://www.virustotal.com/gui/file/b1a3bfc40a3c56e8e1d98a44a60cfb4bfdb6001b71d12b219f1f12495dd96e9e/detection

139.60.161.99:443
http://139.60.161.99/ptj
http://139.60.161.99/SQDu

# Reference: https://app.any.run/tasks/7cb4a242-b9a5-497e-8678-45dee6f8c646/
# Reference: https://app.any.run/tasks/b94d84ca-a112-490f-b1b2-00c8cd9b263d/

http://45.82.79.89/__utm.gif
http://45.82.79.89/update
http://45.82.79.89/fwlink

# Reference: https://app.any.run/tasks/29cfb8d8-8ea7-4e4c-8129-da93357b249f/

http://139.60.161.99/SQDu
http://139.60.161.99/ptj

# Reference: https://www.virustotal.com/gui/file/3a83df00faf261734ddb1e2793514a20e13c8d06cd7d01c5a6cbed9d1d93f02b/detection

121.40.167.210:3306

# Reference: https://www.virustotal.com/gui/file/dec04d237b6d30b28f4c3d023b2f336c75e07a0b234b9746187f4bf8ada3f577/detection

5.253.16.192:801

# Reference: https://twitter.com/d4rksystem/status/1339284159798288386

185.191.32.180:3389

# Reference: https://app.any.run/tasks/ef8cbde8-2bd9-42e0-954e-4dc2600e6bee/

152.136.176.65:1234
152.136.176.65:8888

# Reference: https://app.any.run/tasks/abc99234-6bfc-41cb-af8e-d4de5ac9ad35/
# Reference: https://app.any.run/tasks/c9d6891b-7c01-46f5-a7a3-d586d5f3f5b5/

straitsnetline.com

# Reference: https://www.virustotal.com/gui/file/8a3d19f41c539c66707bacbcdec760e92e8d41af5e245c199976df17f2e6d482/detection

155.94.149.156:8008

# Reference: https://www.virustotal.com/gui/file/2e55617db3cc088420d78898548be6e92b88e6f1e56b732284fcbef2131dd6d8/detection

47.95.205.52:10086

# Reference: https://www.virustotal.com/gui/file/a6c256fa6a1cc48decc1716d2aee531a5a79ab196a1687fbcbebb35dddd11081/detection

118.186.196.170:13212

# Reference: https://www.virustotal.com/gui/file/5b2aafbbb40eb5bf7da36037adf9d2f432d5301a3c530295a7d2088846de2482/detection

http://104.168.218.221/cx

# Reference: https://www.virustotal.com/gui/file/bd9a4b7f574541829eaa5a7742ebd5ebcf922f0ff65ebaeac1f234e7a813ae02/detection

http://104.168.218.221/load
http://104.168.218.221/submit.php

# Reference: https://www.virustotal.com/gui/file/624091aca2c49d96fc7e119e80334bb462f4542e6b9672f38e3cd649870a3eb2/detection

http://104.168.218.221/mI1v
http://104.168.218.221/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/488c136c074eaa1f0a9889e58ed2a632859bc0acb10b3a227e9b823b061f3c0d/detection

http://104.168.218.221/QCah

# Reference: https://www.virustotal.com/gui/file/d90555da2f33b4ccf86d5918619b1778db84bde1e412dac70db4b7b02cabd83b/detection

http://104.168.218.221/activity

# Reference: https://twitter.com/malware_traffic/status/1339647762934194178
# Reference: https://twitter.com/malware_traffic/status/1340028093667418112
# Reference: https://www.malware-traffic-analysis.net/2020/12/15/index.html
# Reference: https://www.malware-traffic-analysis.net/2020/12/15/index.html

matesmapizza.com
matespizza.com
travmeetlett.com
172.241.27.244:443
172.241.27.244:8888
185.125.206.173:443
185.125.206.173:8080
http://172.241.27.244/ga.js
http://172.241.27.244/updates.rss
http://172.241.27.244/submit.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1339886413530222593
# Reference: https://www.virustotal.com/gui/file/6c0b542727a8ab1eb0c465f034548c8784396b40343af584b3f81586067eb247/detection

217.12.218.250:443
http://217.12.218.250
zbfgns.xyz

# Reference: https://app.any.run/tasks/cf972799-05e2-4b2c-9e90-dc8c30acd9ca/

http://158.247.199.238/ptj

# Reference: https://www.virustotal.com/gui/file/659f7d1e419ec3a4bcc3d7d229552fd10c2ad90fc7486159617377e86b5255be/detection

43.242.203.43:8001

# Reference: https://www.virustotal.com/gui/file/07b1ce3076ad93f54bfb3b94818f7ae17fcc2c258940e4a1f73acd5ebff0e3e1/detection

118.31.48.220:4444

# Reference: https://www.virustotal.com/gui/file/08872db3de65ce9388a987d949b1c1f8698d5ceaa7546476685c616dc395f728/detection

118.31.48.220:4448
alibabaclouds.de

# Reference: https://www.virustotal.com/gui/file/995d68e363ee3a2e238e059f70edc1cc3e05bfb0dd5ada46d4b6ba4e5e7fcc56/detection

107.173.159.179:8080

# Reference: https://www.virustotal.com/gui/file/c15e71c0d33ccea3eefd285706a98c57f56eb29063830fbf9bd11df934f9e11e/detection

http://23.227.194.185/ptj

# Reference: https://www.virustotal.com/gui/file/8f44ea4bc8d8bae81abf7103a57734d7644befac1cf9ba2089444bd80d512452/detection

http://23.227.194.185/8rQa

# Reference: https://www.virustotal.com/gui/file/7676184f1bcf1e5199831ae74b112fee7ea91bb447797a1818dd616d0a8f1592/detection

103.45.180.150:6789

# Reference: https://www.virustotal.com/gui/file/df61d11ea575f6e2dad25f74302209dfc6ecccf285407914f4e29fca80617902/detection

120.25.26.254:40002

# Reference: https://www.virustotal.com/gui/file/f9bfe423adda20fb5342a4cdb285b2f46411238c53e97f8cf6cc9cca212db0a9/detection
# Reference: https://www.virustotal.com/gui/file/c0850ac999435399818128e5b18dda5f20efe55796d9c690e2b51cd419d59118/detection

149.6.167.60:443
elisea-mutuelle.fr

# Reference: https://www.virustotal.com/gui/file/ac355158b35182d2b564f19f574a6a5cdbeb890bddce280285bfccc81187d48d/detection

47.104.76.193:50050

# Reference: https://www.virustotal.com/gui/file/3d0c70dcadb8314ee3ca612ae8694381944a1eedf5b510471648daad15b9af30/detection

49.232.139.79:8080

# Reference: https://www.virustotal.com/gui/file/996926aed33bcc5c335072106f945d9b4d813b96f52b2c9ffacfe3eeed09d2ce/detection

103.210.237.121:666

# Reference: https://twitter.com/d4rksystem/status/1340326024643563522

96.30.194.63:8856

# Reference: https://www.virustotal.com/gui/file/b760a1867894578c66f3f2fde55f7718488af41c252798488fc20773e7a1d9e0/detection

flash.google-api-tools.com
m107.google-api-tools.com

# Reference: https://www.virustotal.com/gui/file/0c770e55f39ed42f126fbe2a27d42835034d8d498dbfaf5aa64209c3d7dde72c/detection

42.192.250.156:30102

# Reference: https://www.virustotal.com/gui/file/0aceb631a29ae7fd0d39093ad817e9e058e2b8cfe2f4ba5ad46f9702e302cd54/detection

42.192.250.156:51234

# Reference: https://www.virustotal.com/gui/file/a234904e83702cd7fbd4b7ddb3e2ae74f76df99501fe88b918cd951d39d80e31/detection

47.96.124.100:4000

# Reference: https://www.virustotal.com/gui/file/7fb1e3a4cc208649346744be46213b4282a5e5a29d94dda88ca478bf00f24868/detection

106.15.234.137:1234

# Reference: https://www.virustotal.com/gui/file/4c6913beee2577008061ef415849d84aa84f6590689da04f78c521f3f5f98542/detection

106.15.234.137:4445

# Reference: https://www.virustotal.com/gui/file/2acaa972daa704d743ff968bf50ee766fda9d3b53c0863b27046cf0acc203f33/detection
# Reference: https://www.virustotal.com/gui/file/a76343e216a39368819b7cfed8ee32e46c8eac940247500455100767f5719aab/detection

globalcrisiscentre.com

# Reference: https://www.virustotal.com/gui/file/97e26a9b9aa83c87a6a0ddf01fc1a2ae37e25fdd62801d95fb9b9e3d1e59b166/detection

118.24.230.196:10024

# Reference: https://www.virustotal.com/gui/file/db3b5f50469ac9f88cf9b9d7f87636defca523ad6ebf6486745c88c8ca66d5fa/detection

118.24.230.196:1080

# Reference: https://www.virustotal.com/gui/file/5a2e478f5a1fdb271f27595506b3cf93cf297b4ef588697c4f627690a778bfdb/behavior/C2AE
# Reference: https://www.virustotal.com/gui/file/e0fc2cf31a0fd7f4bfa1ba453fd8f272784330de2ecba80104455252a931789b/behavior

http://95.217.1.81/maps/overlaybfpr

# Reference: https://www.virustotal.com/gui/file/80b8188a776c1812d62a68e0af06ac9da712ccee3faa40921ee484018cb45ebc/detection

185.239.227.29:443

# Reference: https://www.virustotal.com/gui/file/1cfe3954337e9a489a7e13d5a521eee4140e9b4793d21e557813b93ef0e82169/detection

47.92.198.4:50000

# Reference: https://www.virustotal.com/gui/file/7820645aa32c6bc86ef37468ce21340484cc907cbdc97235fe9a0d94a170a8b4/detection

47.92.198.4:53

# Reference: https://www.virustotal.com/gui/file/822efb1c4fd6bb6c9fd0eef6cfd5870662004bffd714ddcfebe2ce5c5df849aa/detection

47.106.222.106:9999

# Reference: https://www.virustotal.com/gui/file/ba5b3b1d467632bb1d9382a074bf1fec570fe8eb958718418cf1d9b0a9fccb30/detection

34.92.24.12:4444

# Reference: https://www.virustotal.com/gui/file/32d7045bc771fb8a948ef85db2a6aa8be0c4d9824ee0193c3e697b88e5d4f740/detection

47.108.63.51:8091

# Reference: https://www.virustotal.com/gui/file/406c0ed78e2e979287ec565b922fa1906523866cf84e1f83df0176c878986e6e/detection

47.108.63.51:8092

# Reference: https://www.virustotal.com/gui/file/e689ca51931fec482f16fc32f620e1eb2a678789d77dff0bc43df43acf64fb79/detection

47.108.63.51:8099

# Reference: https://www.virustotal.com/gui/file/0aba6dcf7b7fcfee93f46b0170d6ed34fb1ee7ca821b86432a9be0077444250c/detection

http://81.70.205.125/push
http://81.70.205.125/XVYU

# Reference: https://www.virustotal.com/gui/file/0d653249a6d62912bb63d68c7973ed6bdd350cdf503e83ad670fd4094d14facb/detection

http://81.70.205.125/g.pixel

# Reference: https://www.virustotal.com/gui/file/9ff843b2c207b54118f18c50050e285d57a8104803901747c03ab5e0cca987eb/detection

http://81.70.205.125/9uDj

# Reference: https://www.virustotal.com/gui/file/b03e97cdc9f9ba9f3309b22346ae26863b234181bfc400c06d35de19cdb220e0/detection

93.115.22.196:7173

# Reference: https://www.virustotal.com/gui/file/506640c9db9b685fbc5cca25abd08a25857867f6f92cdde577256c0a092d556a/detection

206.166.251.75:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1341649635488780288
# Reference: https://www.virustotal.com/gui/ip-address/198.44.97.180/relations
# Reference: https://www.virustotal.com/gui/file/8d5443306c8e566cfe3918642ad8f50139cf620f5be6c3e6e8d91a7fb0a551a1/detection

198.44.97.180:443

# Reference: https://twitter.com/MichalKoczwara/status/1341659356866240517
# Reference: https://docs.google.com/spreadsheets/d/1bYvBh6NkNYGstfQWnT5n7cSxdhjSn1mduX8cziWSGrw/edit#gid=1882940247
# Reference: https://www.virustotal.com/gui/file/7bea79443352a5849b25271a167520174307ca41df04e7b1beb041ec42cdea68/detection

101.132.116.202:12111
101.132.116.202:12000
101.132.116.202:3389
101.32.29.242:8443
103.149.27.116:50050
103.45.120.215:8443
104.194.10.58:50050
104.243.33.7:50050
106.12.39.243:8443
106.13.22.69:8443
106.15.248.163:445
108.160.136.100:8080
115.71.237.123:3000
118.24.85.85:6379
119.23.42.235:8889
119.28.194.152:8089
119.28.194.152:8090
119.29.89.253:8443
119.45.236.153:8443
120.131.5.115:8443
120.53.239.167:9443
121.41.82.60:8443
129.28.196.47:50050
139.180.133.153:50050
139.196.37.219:4443
140.82.19.26:8080
140.82.50.221:7443
144.202.113.237:4443
144.217.207.21:4443
144.34.186.152:8443
146.185.132.43:8443
150.109.4.202:8181
150.136.163.159:444
154.209.86.57:10443
154.83.122.51:50050
156.251.174.109:4443
158.247.195.228:3780
160.16.208.58:8443
162.14.14.10:8443
162.254.204.222:8443
165.22.37.148:50050
167.179.66.246:8081
167.179.78.159:8443
168.206.184.193:50050
168.206.184.194:50050
168.206.184.195:50050
168.206.184.196:50050
168.206.184.197:50050
168.206.184.199:50050
168.206.184.200:50050
168.206.184.201:50050
168.206.184.204:50050
168.206.184.205:50050
168.206.184.210:50050
168.206.184.211:50050
168.206.184.212:50050
168.206.184.214:50050
168.206.184.215:50050
168.206.184.216:50050
168.206.184.217:50050
168.206.184.218:50050
168.206.184.220:50050
168.206.185.194:50050
168.206.185.197:50050
168.206.185.198:50050
168.206.185.199:50050
168.206.185.201:50050
168.206.185.203:50050
168.206.185.207:50050
168.206.185.210:50050
168.206.185.212:50050
168.206.185.214:50050
168.206.185.216:50050
168.206.185.218:50050
168.206.185.219:50050
168.206.185.220:50050
168.206.185.221:50050
168.206.186.193:50050
168.206.186.194:50050
168.206.186.195:50050
168.206.186.196:50050
168.206.186.197:50050
168.206.186.198:50050
168.206.186.200:50050
168.206.186.201:50050
168.206.186.202:50050
168.206.186.203:50050
168.206.186.205:50050
168.206.186.206:50050
168.206.186.207:50050
168.206.186.208:50050
168.206.186.213:50050
168.206.186.214:50050
168.206.186.219:50050
168.206.187.194:50050
168.206.187.200:50050
168.206.187.203:50050
168.206.187.204:50050
168.206.187.205:50050
168.206.187.206:50050
168.206.187.209:50050
168.206.187.210:50050
168.206.187.211:50050
168.206.187.212:50050
168.206.187.214:50050
168.206.187.215:50050
168.206.187.218:50050
168.206.187.219:50050
168.206.187.220:50050
168.206.187.222:50050
168.206.188.193:50050
168.206.188.198:50050
168.206.188.199:50050
168.206.188.204:50050
168.206.188.206:50050
168.206.188.207:50050
168.206.188.208:50050
168.206.188.211:50050
168.206.188.214:50050
168.206.188.215:50050
168.206.188.216:50050
168.206.188.217:50050
168.206.188.220:50050
168.206.188.222:50050
168.206.189.193:50050
168.206.189.194:50050
168.206.189.196:50050
168.206.189.198:50050
168.206.189.199:50050
168.206.189.200:50050
168.206.189.201:50050
168.206.189.203:50050
168.206.189.204:50050
168.206.189.205:50050
168.206.189.206:50050
168.206.189.211:50050
168.206.189.212:50050
168.206.189.215:50050
168.206.189.217:50050
168.206.189.218:50050
168.206.189.219:50050
168.206.189.222:50050
168.206.190.193:50050
168.206.190.194:50050
168.206.190.195:50050
168.206.190.197:50050
168.206.190.203:50050
168.206.190.204:50050
168.206.190.206:50050
168.206.190.208:50050
168.206.190.209:50050
168.206.190.211:50050
168.206.190.212:50050
168.206.190.217:50050
168.206.190.218:50050
168.206.190.221:50050
168.206.191.193:50050
168.206.191.195:50050
168.206.191.198:50050
168.206.191.200:50050
168.206.191.201:50050
168.206.191.205:50050
168.206.191.208:50050
168.206.191.209:50050
168.206.191.212:50050
168.206.191.215:50050
168.206.191.219:50050
168.206.191.221:50050
172.241.27.72:8080
172.82.179.170:8443
172.86.75.37:4443
178.79.134.144:4443
18.166.120.171:8443
182.163.74.90:8081
182.92.103.213:4443
185.243.41.224:8443
185.251.45.187:8089
192.51.188.134:8443
192.51.188.134:9443
193.218.39.208:8081
193.29.15.177:8443
194.156.228.12:8443
195.54.167.89:2000
195.54.167.89:3000
195.54.167.89:4000
199.195.251.56:8443
199.217.117.184:444
203.107.46.131:8443
204.44.83.214:50050
204.44.83.89:4443
205.185.120.101:444
212.129.150.253:1521
212.64.44.176:8087
216.24.188.130:9443
217.12.218.250:444
217.174.240.46:8443
217.174.241.129:8443
217.174.241.57:8443
218.253.251.118:8443
23.106.223.53:444
31.14.40.230:4443
31.14.40.230:8080
31.14.40.230:8090
34.80.154.214:8443
34.80.203.249:8443
35.220.144.193:8443
35.241.66.244:8443
39.106.10.161:8443
39.109.116.2:444
39.96.18.240:8443
39.97.213.91:8443
43.242.201.222:8443
43.255.30.192:8443
45.114.10.17:50050
45.136.244.149:8443
45.147.231.51:8080
45.254.64.7:2087
45.32.107.171:8089
45.76.208.172:50050
45.77.23.209:5555
47.102.86.216:8081
47.103.150.221:10443
47.104.108.112:8080
47.106.239.62:4443
47.110.90.89:4443
47.116.0.48:3306
47.245.31.124:1521
47.75.249.112:10443
47.75.55.181:8443
47.92.242.153:8443
47.97.100.135:8088
47.97.116.203:2000
47.98.239.204:4443
49.12.104.241:8080
49.12.104.241:8081
49.12.104.241:8083
49.12.104.241:8314
49.234.94.85:50050
49.234.94.85:8081
49.235.110.247:8443
52.170.92.187:50050
60.12.215.101:8443
80.209.241.7:8443
80.211.200.179:2443
80.211.200.179:9443
81.68.136.171:10443
81.68.85.109:9443
81.70.154.226:7443
99.81.122.12:50050
360.anonymou5.com
360hao.xyz
360updata.ml
800best.ml
8868e034138a484e.myvnc.com
a93.xyz
about.inno-finance.com
adhesivesbursts.com
admin.hack0ne.tk
agreementices121.roman-indigo.com
agturnfa.com
aliyunoss-beijing.subns.xyz
amazon.aliyuncs.cc
amazoning.sytes.net
api.vinavass.net
apiservice.webhop.net
arsecops.smugmug.com
autotoll.net
awayfar.top
b1.ineedrevs.com
b2.crazyshoppings.com
badc2.ml
banweb.cityu.dev
bdiaccs.global.ssl.fastly.net
bird.allsafelink.com
blog.chat5l88.com
bookstorexs.tk
brusses.com
burtonschlorofluorocarbon.com
c2.thestronghold.xyz
cdn.baiduanalyst.xyz
cdns.blogsite.org
cgbackup.napaioki.com
check.fiashupdate.xyz
checkavail.space
cla.fronthot.com
cloud-fer.com
cloud.symantecupdates.info
cloudata.cf
cob.vesselsregister.com
cob.wolt.services
coco.cechire.com
code.jquerys.xyz
coivo2xo.livehost.live
coivotek.livehost.live
confederational.com
contmetric.com
control.commanderinthe.cloud
cordby.com
creditnetfinance.com
cs.cross-fire.cf
cs.gfjhgfjkj.tk
cs.italycannon.cf
cs.l10.pw
cs201020.vi-05.com
csmu.website
csxeiaweuao781cs.cf
cuphq.com
d1hp3kzjl3pr7y.cloudfront.net
d1iz6lkxr9mblm.cloudfront.net
d1yxgunqlbb2ab.cloudfront.net
d2mq9y2bddy4j9.cloudfront.net
d2xdjeule1g229.cloudfront.net
d37vvfpyclbf9b.cloudfront.net
dangky.dinefilly.com
daohang.lusongsong.com
dealeva.com
delicalo.dnsalias.net
deloitte-services.azureedge.net
deltawrite.com
digitallightphotography.net
dns.spc-networks.com
dockerlabsserver.com
ebs.awsedge.net
en.flsah.cc
englishhelpernet.com
fc.cyber1ink.com
ffxrqyzbypyxrlfzhx.jnuer.me
fin.manvifinance.com
fly.forkbty.xyz
fonts.stata.buzz
forteupdate.com
fswyer.com
fuck.dogshitio.com
fuckbc.ctlers.club
game.soultravel.online
githongkong.com
goodroy.com
h22.club
hello.fitcomn.com
help.office-books.com
hjdytrgfoljgdyoxfa.com
hk.fcalebook.com
hoo.wiki
hotshoppingdeal.website
hr.vietnamworks.org
http.ifirstmeet.cn
httpc2.xo0.pw
hw8.info
hypnolab.site
icandraft.com
image.bj.alicdn.network
image91.360doc.com
img.e37998.com
img.intactlinks.com
ims.trust-update.com
inteldrivers.com
io.amscloud.xyz
joycomm.com
keyisa.com
kinging.ysan.ml
klapp.cpuclean.com
leno.initiativeus.com
lily.webpowernow.com
links.mhkbtwlkj.com
live.eyva93us.online
login.fastlinein.com
m24.yourintrinsichealth.com
marcusswooster.com
mesteratosr.me
microlog.azureedge.net
microsoft-us.ga
microsoft.sfkd.cf
microsoft.systemservices.network
microsoft0com.cf
microsoftcenter.info
microsofts.network
microstamplet.me
msft-cdn.net
msg.sheblueshadow.com
mycloudup.com
myredirector1.live
nelnetbanks.com
news.baotuoitre.co
news.itamarty.com
news.khmedianyc.com
nfdkjbfwjakd.ml
nguyenlieu.gratekey.com
ntservicespack.com
ntwindowsupdate.com
oa.srsec.me
oomdatacollect.global.ssl.fastly.net
outlook.best
peernew.com
pepsicoamerica.com
pnt.data-akamai.com
pnwcontent-delivery.com
porr.company
pro.pro-pay.xyz
qfaet.com
qq.cattom.buzz
raymondjames.hostedconnectedrisk.com
reboderia.online
rijkzijn.nl
roofstock-cdn5.azureedge.net
rto.redteam.cafe
s03mdn.net
sb.flashfack.ren
sbgprodib.oberto.za.net
scripts.arshmedicalfoundation.com
scripts.completelyinnocuousdomain.com
secure.mllnm.com
securityreserch86.net
seetoo.fayservicing.org
server2.f2pool.vip
service.microsoft-us.ga
service.office247.tech
servupdates.com
shl.netsuite-labs.com
shopwqd.cf
siliconpower2020.best
sit.watchdog3.com
skyler.shacknet.biz
slatebank.com
slit.conseques.com
soft.lityun.com
soso-gogo.com
ssl.securelogonweb.com
static.alicdn.network
static.azureimgages.com
stephq.com
studentedu.hk.appledaily.live
supercombinating.com
sync.googlesyncdication.com
syscx.com
system.administrator.party
systemservices.network
tcpsessionsconnect.com
test.equinix.dev
testginwebsite.tk
thuongthuc.gtagrobem.com
timesyncad.com
top.jimwilkens.com
try.fillytable.com
ttpre.eastus.cloudapp.azure.com
updata.flash-tool.ml
update-online.zevenet.art
update.checkavail.space
update.dockerlabsserver.com
update.iguyi.co
update.microsoftcenter.info
update.msupdateserver6.com
update.pinyin.pw
update03.microsoft-essentials.com
update1.jscachecdn.com
updatesecurity64win.org
updatesourcehealth.com
us-system89.com
valvestrailer696.roman-indigo.com
web.kidork.net
welcome.toutiao.com
who.selfip.org
whoisdm.gotdns.com
winupdate10pack2048.net
wmjdvuif.limyonly.me
wustatwindows.com
x.ziper.xyz
xx1.utopis.best
xxx.vhvh.pw
yambanetsdev.net
yambanetsdev.org
yd.sougoucm.top

# Reference: https://www.virustotal.com/gui/ip-address/5.189.184.60/community

5.189.184.60:443

# Reference: https://www.virustotal.com/gui/file/afeeb22372b20402ba0c53911c9f041cbb226b6c23f8810ec1e8260bd7cd4b37/behavior

31.14.40.230:8092

# Reference: https://www.virustotal.com/gui/file/008767bbd69c1bd0d18314df6293798e8ed3ecd908866634a63fd83420daea2c/detection

http://63.33.199.16/s/ref=nb_sb_noss_1/

# Reference: https://www.virustotal.com/gui/file/fdbfcc2a911c6254940e85e7585e59080a223fd4b9ef79f4dac90c00af7dbc4a/detection

103.45.190.251:1234

# Reference: https://www.virustotal.com/gui/file/b4b5eb22599b3f9943ee8657909a01452037d3730e7297273c957715d63e3972/detection

207.148.92.158:8080

# Reference: https://www.virustotal.com/gui/file/975710e70381e722d9ed571a22a3222a68914c1e91b403788afd5b0e021787d6/detection

207.148.92.158:8081

# Reference: https://www.virustotal.com/gui/file/f1ea21e59884cb7bdc3420f1c6ce8c97d763ef1c0ed2247e5696f5a966711491/detection

47.244.164.226:10000

# Reference: https://www.virustotal.com/gui/file/f06a20618d4599fc557736d036bce5ccbb784388ee11a3d7fde4017bcccfb8d6/detection

121.196.37.91:8010

# Reference: https://www.virustotal.com/gui/file/f502884e8a6ef2cc811830293676c29fce4be340889da67a9f5d413bc92f7e52/detection

121.196.37.91:8888

# Reference: https://www.virustotal.com/gui/file/57ebdb3b16b672a28b609b4476cc1e1fa0f96e2e4e8d8f2dfc3a48874fcf350b/detection

129.211.16.123:60000

# Reference: https://www.virustotal.com/gui/file/93a20257f14097f4b3bf8267c5ac8a5ef0cfececcfcac337b9c5c49fa49f44ab/detection

129.211.16.123:4333

# Reference: https://www.virustotal.com/gui/file/bf61345462e0d820d88e8fb93a2f63031ebc29e353367ec437cbd3bbfff31a13/detection

129.211.16.123:10000

# Reference: https://www.virustotal.com/gui/file/6bd4a9e1da9b2a9e52fac310f1ff50bd9a7fe8f3d8be792c710365c99ec6d55b/detection

152.136.176.65:8888

# Reference: https://twitter.com/_pr4gma/status/1341843586728517633
# Reference: https://www.virustotal.com/gui/file/8a0a8a72069184d31abae3adc6a867a930611f5df82271358e0a9fed8a5f3a2d/detection

red.therclegalgroup.com

# Reference: https://twitter.com/cyb3rops/status/1342019965428367361
# Reference: https://tria.ge/201213-599sgkpmpa

85.143.222.15:8082

# Reference: https://www.virustotal.com/gui/file/6ce83b51d5c9c9fa299b3fcde0814ce6e8a374c62e445868ea8c5f7ce4985d5c/detection

47.108.170.28:8088

# Reference: https://www.virustotal.com/gui/file/4fde5a70ff36bfc1c732079fd36958a4466e379275ee02efd0ef9728534e9601/detection

3.22.15.135:17638
faisal3030.ddns.net

# Reference: https://www.virustotal.com/gui/file/5aaf8da807cf61bca67a66c8b538a9b97fba24ec0f757e0360ff560db19d7116/detection
# Reference: https://www.virustotal.com/gui/file/9573d746beede64ee2286aa614dc316883cfa9b5eba12429ab6239cb35b9b359/detection

192.119.106.91:23456

# Reference: https://www.virustotal.com/gui/file/fddf10a3e1dcc9d7c9d95e6159baf3b100c19c1d342873b27e5a2e63ec555324/detection

47.104.91.8:8888

# Reference: https://www.virustotal.com/gui/file/77b9b9f9949830980e6680fca41ce4af818fc1a38eb936da77c0c4adfffd6556/detection

47.104.91.8:443

# Reference: https://www.virustotal.com/gui/file/7f86ea562cf21d19b8e3a59ecb62bd1aeacc02546315684b8f2de5608bd115da/detection

47.104.91.8:8080

# Reference: https://www.virustotal.com/gui/file/8ea5693f2ac8ad4a28a7c25502b1f422e4e04a26596524db917b4186447b953b/detection

121.4.94.130:8034

# Reference: https://www.virustotal.com/gui/file/533386b0855d53bf66e81a938737cd121504311a88f24cdf9d1ee898e7171cc0/detection
# Reference: https://www.virustotal.com/gui/file/ad4d13f6984a35d48ffeb7d606b1ab144a873104f2c3e93f799e4985196a8575/detection

101.133.217.207:20222

# Reference: https://www.virustotal.com/gui/file/da1f6a50693771fcf5f5b3544d10aada0dc2821893ca3c6172bff15668ebd151/detection

154.222.29.211:8080

# Reference: https://www.virustotal.com/gui/file/4e6492eae15faa4024c52d4b1886f6fc8ad6b4b68eb942cb693deda082d8b8c3/detection

http://154.222.29.211/IE9CompatViewList.xml
http://154.222.29.211/LNaa

# Reference: https://www.virustotal.com/gui/file/7658e400e9c5d1e5560738eea9d032ea79f5c272c76b588d8f825fe3336d45a9/detection

88.119.175.125:3174

# Reference: https://www.virustotal.com/gui/file/87491c1e3daba5db3c7a56a8b483a5e04bd66c9f4542db19b4414430dcaf72e7/detection
# Reference: https://www.virustotal.com/gui/file/85479db32cbad5ac4943f3b4f76b3d1d72f07c0389d23c4eb60ef9b784b57a04/detection

195.54.160.99:6657

# Reference: https://www.virustotal.com/gui/file/8f00569e0eb53dedcac5e0d8aeb74dfa482bec126276d4c27e70ceac9f5ea9ca/detection

103.234.72.215:8080

# Reference: https://www.virustotal.com/gui/file/eec1c916f1e931d79feb7981f48b1eecc4603e8c2e4e553d8a9dc210aad1e432/detection

http://5.39.222.25/__utm.gif

# Reference: https://www.virustotal.com/gui/file/da86625cd482a9ba0700de17961179f4ce1bc360a88346a91568c2cd54e13d91/detection

5.39.222.25:8080

# Reference: https://www.virustotal.com/gui/file/61083e9fc8362f65e18ea6a5d512b346d084fe764ad69e03f7d7e12d33245ffd/detection

http://47.93.226.198/YSVZ
http://47.93.226.198/fwlink

# Reference: https://www.virustotal.com/gui/file/049344631b9858bcdeea2bd0d5b679687278f40a793486a65224336c2dc242ba/detection

47.93.226.198:10000
http://47.93.226.198/EfCn

# Reference: https://www.virustotal.com/gui/file/45205d6aab000767cb5ee3a19fff4a145c9b4996218bf66f63f5558f3bb2be91/detection

http://47.93.226.198/i9uE

# Reference: https://www.virustotal.com/gui/file/79d9f2a6c7fe8ccfaa35322597948bb9a7bb947bbc99c1622c7ba60dd9f85859/detection

http://47.93.226.198/vGk4

# Reference: https://www.virustotal.com/gui/file/1303e3200b5031db4c6cdd7f51e43b1a366c20c6acbc9132b807b5865ea59c1c/detection

http://47.93.226.198/YYWS

# Reference: https://www.virustotal.com/gui/file/2672aa7e5cd1fa2bc0c81b218226fa2832880cdd52b1d379af92d0bbe81a6753/detection

47.93.226.198:8080

# Reference: https://www.virustotal.com/gui/file/0450285a3ac8523f7e959541ddc74e08bb7b551e7e78687f00805f2fc238c7c1/detection

222.212.168.108:52443
askme911.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b68c8765cc47e5c4ce4b030c94a6f0f5f7376083946c5ba2ac2d3a104ddbccb6/detection

http://81.69.250.97/pixel.gif

# Reference: https://www.virustotal.com/gui/file/06ce332c8812f5e869c74cced97f8a8e6c42c08b1c303f93ba1f18cfc6a91458/detection

81.69.250.97:5656

# Reference: https://www.virustotal.com/gui/file/7ee4bb53f3678c5c8d712dda11cf2684fedf7fb03873663980fc41ff0721d195/detection

81.69.250.97:1234

# Reference: https://www.virustotal.com/gui/file/ee952dffe3f3a5742b552c593b94798fc4be1dd940d3718b8035b8a28714cf03/detection

118.193.35.15:8888

# Reference: https://www.virustotal.com/gui/file/6e8dec6420254b4343497fbc31f50e863a102c2b06e859453af36a6b99a81080/detection

3.134.39.220:19136

# Reference: https://www.virustotal.com/gui/file/6a22c9139edb7a90d91d76550c52c986ded74ea8a8df405ef2afbb2bf5a89494/detection

39.107.99.0:23456

# Reference: https://www.virustotal.com/gui/file/3afc9ed705caf53993d191bf00db031b921fad21bba56febeee478ce304d5666/detection

39.107.99.0:52864

# Reference: https://www.virustotal.com/gui/file/12b9dc3e2897f4bfc65708b51390fdb2dada0404516f5be095c6a6da596e5257/detection

47.245.2.100:4523

# Reference: https://www.virustotal.com/gui/file/e2a155c51150609d3c0cce905c8830310ba6bfd6c5fbf7aa906c0ac6d1f7e075/detection

47.245.2.100:81

# Reference: https://www.virustotal.com/gui/file/ea1c5a2b013ab2e1e4f76e96fce2ab581a1ee11f9fb1628e6703c45f97dcb4a9/detection

http://47.245.2.100/zv39
http://47.245.2.100/pixel.gif

# Reference: https://www.virustotal.com/gui/file/5b499094c887469dc56ea906a076394834c82e13f0b93ba7e5dfb6d43505bb7b/detection

http://47.245.2.100/QtLK
http://47.245.2.100/ca

# Reference: https://www.virustotal.com/gui/file/8c11abfe49cc1397541ed3b4f03560d8f96f8292f39f7c4277cdfed3ff5be377/detection

http://47.245.2.100/updates.rss

# Reference: https://www.virustotal.com/gui/file/acd6f1fb482ff2e0274c6bf097f48012aedca4951d455221235ac85edadec285/detection

47.245.2.100:13123

# Reference: https://www.virustotal.com/gui/file/4bc836fa83965d2fc603d139c0e6553c0f539cb9ff980a07de69747e04feb391/detection
# Reference: https://www.virustotal.com/gui/file/e9e6ae938921fbd854cb38e52f64da474e6adb217965a008f4ed4a3b2065368e/detection

34.92.81.162:12456
34.92.81.162:9898
47.245.2.100:9999

# Reference: https://www.virustotal.com/gui/file/f29c69e9822aa6633c358eb3a6e55e171f54e933efc325225bbc30e5238e1ff8/detection

47.245.2.100:8899

# Reference: https://www.virustotal.com/gui/file/320fe6d415747b6f1ba3899ff4cbc910136dd9887f99f62fb803ee6630a3264d/detection

http://34.92.81.162

# Reference: https://www.virustotal.com/gui/file/528ae32b0b52b7a9bb803a4d006c7b8bd6871225e9a14b00fad69264dfd7284a/detection

81.68.192.125:8080
81.68.192.125:8558

# Reference: https://www.virustotal.com/gui/file/2ce3888e486fc98b4b7d5da677a111ce96cfe2c0f47f11db1aa50f4ac6172d02/detection

47.93.12.104:8888

# Reference: https://www.virustotal.com/gui/file/923791962d5a174a2a636075bdbb6f0abb6d9f728eb21be211fe6718402f7e33/detection

47.98.99.151:7777

# Reference: https://www.virustotal.com/gui/file/cb36f7abbc2660c4f8c26e165268a4ab5c5b89588ff1aab2f52b52704d05431b/detection

47.98.99.151:9898

# Reference: https://www.virustotal.com/gui/file/bfb09ebae3494ac0ed08fdb77261e71310f881d912130bb7dd6b24130d6ad97a/detection

http://45.135.135.132/pixel

# Reference: https://www.virustotal.com/gui/file/e0ba514263a753790d707767ec5d7ef491e7721d7d2f1c0691f935cb8b5d3f79/detection

http://45.135.135.132/w9SZ
http://45.135.135.132/cm

# Reference: https://twitter.com/_re_fox/status/1343034361793425415

47.101.57.72:8001
47.101.57.72:8848

# Reference: https://www.virustotal.com/gui/file/800058511f439027d7fba4348135402474d7ddf8b51a5076329d85d9e68eb0c6/behavior/Lastline

123.59.120.251:443
123.59.120.251:4433
mhkbtwlkj.com

# Reference: https://www.virustotal.com/gui/file/dfc824d5451b966d2242d14c39d268e28e0fad2b572400be2682721b5c370e99/detection

microsoftupa.com
svchost.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/file/3a1731cae48d8f3447fddaceea4737cfc8a86b53d6f0dd4b5d7e84d68a79864b/detection
# Reference: https://www.virustotal.com/gui/file/226fabab71701d92daf735ed4220fd42341eda0aaf65f4d03f8338925418a459/detection

54.205.218.4:443
gov-hr-no-reply.org

# Reference: https://www.virustotal.com/gui/file/6218b70d242dc20aa4f6ba0d61d94999ceb50bfb2b7826e503a01c52c5ae5ccc/detection

172.93.165.241:443

# Reference: https://www.virustotal.com/gui/file/f6807250de51122bca88a4ac18b44690fe31dedc5246849821aeba08a9e2a46c/detection

47.97.110.173:8888

# Reference: https://www.virustotal.com/gui/file/af860c5e192c400117afcd2f8fde3cc90603de3b108efadf4e86462965c604eb/detection

http://47.97.110.173/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/3ddfa9efb71cf9a05095f6c059951c286787f3b0af5de3098d2e4ec61268325a/detection

49.232.160.175:38999

# Reference: https://twitter.com/d4rksystem/status/1343965001032282118

103.45.120.54:54445
http://146.56.193.250/j.ad

# Reference: https://www.virustotal.com/gui/file/8502203c89498a3938c6fdb1593bc2ca04b0a2c31367ea0990939169cc626020/detection
# Reference: https://www.virustotal.com/gui/file/171fb3d8a390492fa8e7dcef11d62be3d0ea2b0799856880e9120da183a11f05/detection
# Reference: https://www.virustotal.com/gui/file/f91d7f0570ee3eadcf36763c6cf4ed4746f0c96e823a92aefd58fe99d7d60a63/detection
# Reference: https://www.virustotal.com/gui/file/de0c41531ff9391cbd08745461bf276385a47932051c0cb7d498f61546664ef6/detection
# Reference: https://www.virustotal.com/gui/file/4627a4781576ed5ab26744b8ff836a4fb9b7c83a852962e6e0519c0d65e051f8/detection

104.31.88.151:2086
104.31.88.151:2087
104.31.89.151:2087
172.67.148.251:2086
172.67.148.251:2087
microsoft.z652.com

# Reference: https://www.virustotal.com/gui/file/c642aaaf7f31b0ef49a026428ae8e7b36420283f713a6dca9a6d899ed9e04ec9/detection

8.210.75.7:1111

# Reference: https://www.virustotal.com/gui/file/53cf50030f3fe00d1e1170bb38f78d6e07b094402ab0f7b3f7b3a5875b24f1a0/detection

8.210.75.7:1113

# Reference: https://www.virustotal.com/gui/file/1dd4c93d5450c141d69037c1ec740e13112dfbdf96130d42b6b3e7380b5b2a40/detection

121.196.150.68:5555

# Reference: https://www.virustotal.com/gui/file/1af7207041d8e257cf207ec8c244c2cdb871fa21864388fbdf68a9cf9159d8ea/detection

121.196.150.68:5557

# Reference: https://www.virustotal.com/gui/file/6c7867aee3de6f58306af1762a9185ce4bf5bfec74aa7889414a192fa0bbca45/detection

120.131.10.194:8081

# Reference: https://www.virustotal.com/gui/file/ae73101edc3a19b7f85ead97f2b126ca3d7297b1b186fe4fa6558b50767e4968/detection
# Reference: https://www.virustotal.com/gui/file/6a2ea640f36f36d630a22ba4e70240abbe91f2aa7fb103853817c7d019dd59dd/detection

103.232.214.177:8087

# Reference: https://www.virustotal.com/gui/file/408a3ebea3b9b3cd1eeb99eb4fabf3f2fb6d0d0b40df6cf4b1c20286df23df5f/detection

93.180.156.77:443

# Reference: https://www.virustotal.com/gui/file/248d6b5e74d21a2bc3963faf085f80c9bcfa32c0719f3e5e5371d365e8892468/detection

93.180.156.77:8082

# Reference: https://www.virustotal.com/gui/file/d7ede69b96bd482cfaeffe0ee582b23f507a46237070c75c3b711d0be716538b/detection

micsoftin.us

# Reference: https://www.virustotal.com/gui/file/7391b25302b2488aa0bc6d4d52f4f4811d8d8f784f5262c53d5933a7c7580600/detection

104.24.106.22:8443
104.24.106.22:8880
mingpao.us

# Reference: https://www.virustotal.com/gui/file/d546daa385c1b05514c1a3a85bf536259660e650e20c09af41a2966a42e8a127/detection
# Reference: https://www.virustotal.com/gui/file/abd81e97006124b547bbb387de853b1990ff38a87dce3377a1e5e535d1b203d6/detection

nfdkjbfwjakd.ml

# Reference: https://www.virustotal.com/gui/file/ca02c24dbe1f0909cd13645a9919de5b2e59a40255b436e2caa4b3a27d4d9980/detection

173.234.25.74:53

# Reference: https://twitter.com/d4rksystem/status/1344327395487191040
# Reference: https://www.virustotal.com/gui/file/429004136495fcfc85a29e276f0b6ec4faf0c5018d246466a4b7e2e056443c83/detection
# Reference: https://www.virustotal.com/gui/file/e6600772ee983ecd6584ee472d76ed7c864b648a37d3bcab802cca8d64d44aa3/detection

http://115.159.35.235/AwPU
http://115.159.35.235/BuXN
http://115.159.35.235/load
http://115.159.35.235/sQBW

# Reference: https://www.virustotal.com/gui/file/8db1b325eb640e3e556abb4846a447e7f9378df093cf3fb1bf3dca22057d5aea/detection

149.248.6.193:2000

# Reference: https://www.virustotal.com/gui/file/1a0aa4e9b12b8902a93e15c2aac03b951dce662fe4234a5bdc11018703810059/detection

149.248.6.193:2008

# Reference: https://www.virustotal.com/gui/file/44da6b2802bf497c49233a61c0538282ec0f79dcb4f234a0ba7471fadfdbfa0d/detection

149.248.6.193:2009

# Reference: https://www.virustotal.com/gui/file/d2940094f2b7ce5c90a22c009a616f36db53abd6861b04daa076c02aa646298f/detection

149.248.6.193:2010

# Reference: https://www.virustotal.com/gui/file/9bf4965b4daccbf2252291b215630adc8eb345038e48b63ef3e92e9af35cf1ee/detection

149.248.6.193:4000

# Reference: https://www.virustotal.com/gui/file/3736d9081a4027b04eab5e25f1d9de85a0042591e527bc0800bbdbba07d15c6d/detection
# Reference: https://www.virustotal.com/gui/file/decebaee0cb23bd96b42f0fa0edf7063716307c592ccaef3f1864b4adf1c2a0a/detection

104.28.8.10:443
172.67.128.152:8443
cs.lg22l.com

# Reference: https://www.virustotal.com/gui/file/fa9c5f4f7b8493e19de81cb68dbbec49010d942becb83d68b33957773b259a9a/detection

http://123.57.90.172/visit.js

# Reference: https://www.virustotal.com/gui/file/0e5cd82a48e9c1689afabf762e21f9fe1045960423fc96554106c5cbcf1e7d84/detection

http://123.57.90.172/ca

# Reference: https://www.virustotal.com/gui/file/54fba91073fd85b50b3ef9d9669f05a975aff874cf6f563e530a296c1a9becf2/detection

http://123.57.90.172/XEZf

# Reference: https://www.virustotal.com/gui/file/225486cabe91026d38a3ea2667d8d1171dffab67e9bcc1cbfb1547f76964a08c/detection

121.37.175.161:443

# Reference: https://www.virustotal.com/gui/file/00c261ffc687fcdf6238eccc8ada61af0b9fc48dda1a57461c020d9ca5a56e1a/detection

121.37.175.161:80

# Reference: https://www.virustotal.com/gui/file/dbcb8bcc66b19491809bb8cb02fd58620e3283014062888283e65a2f56ab793a/detection

185.184.221.47:8088

# Reference: https://www.virustotal.com/gui/file/f00852aed2eb4ed1833ee9ce7e40be2eadc53a48733057ae6c9e7f82694d9d66/detection

39.97.118.130:5555

# Reference: https://www.virustotal.com/gui/file/d0e31b715328196023906e3a256f49e1e6c1bd0d0f355dae2920f3190a2a7e26/detection

39.97.118.130:6661

# Reference: https://www.virustotal.com/gui/file/895a7adac57cf5c5294e0614f721d849ba6aaca53ac949d03d1aa6475c6e480c/detection

39.97.118.130:6666

# Reference: https://www.virustotal.com/gui/file/f8886438e9fd88b7e5259f983c16657a507885fdc234f717a6942cd77baf9201/detection

39.97.118.130:8099
cdn.sict.icu

# Reference: https://www.virustotal.com/gui/file/d46680832bfae457469f9c170f3938196f9cb654ef2f993d7b8ea1eff87a476b/detection

120.78.194.220:8081

# Reference: https://www.virustotal.com/gui/file/90e64615008b50518d4dac7c402ec50aea2dfcf45e9ea541d2667826b4649cde/detection

120.78.194.220:8082

# Reference: https://www.virustotal.com/gui/file/e16576c792a4b1c6484b7fb5f731c6200b85ef0568df4b8e18c6512efe505d19/detection

120.78.194.220:9997

# Reference: https://www.virustotal.com/gui/file/bb89e5682c32d57285dcff33d64c18e9c60e2bd6feea18c516671c56b40ca69e/detection
# Reference: https://www.virustotal.com/gui/file/fcb2c154b6d6a4a3a519997cd8be484f5e11dcf115211fad4cc4ab9ee5b2c457/detection

http://120.78.194.220/activity
http://120.78.194.220/push
http://120.78.194.220/uGm3

# Reference: https://www.virustotal.com/gui/file/b5db43bcb95ffc4ff00d569452461a919f95d7531ac14215ef4c06d18d1b653f/detection

120.78.194.220:8443

# Reference: https://www.virustotal.com/gui/file/f0f28fd2edd3a021a2c35865e68f5cfa1d15b73d091aec930e97769fcd5b1511/detection
# Reference: https://www.virustotal.com/gui/file/b7f5a031efa4f365be7ae527ada8671d89f708b49b5e1b2b5418b7d7f50f864d/detection

51.81.140.156:443
security-blockchain.com

# Reference: https://www.virustotal.com/gui/file/4b40d6bdc123dce2737bdcc3cc1a2698ce20b1aadfd17ce026ccba8dc52fed09/detection

http://103.45.180.154/ga.js

# Reference: https://www.virustotal.com/gui/file/0efa68eef61100a6b0c7ef7ac69dc89ceb2d2887a59f69a4b72581446beaaee7/detection

http://103.45.180.154/oFEc
http://103.45.180.154/dot.gif

# Reference: https://www.virustotal.com/gui/file/5f6f7c2fb72e13d3e0b1b51fdd4dddcf0a48ac57c14e43fcfe9ff4a0c5976b6f/detection

http://103.45.180.154/NKrQ

# Reference: https://www.virustotal.com/gui/file/534a450ded71dffebab5321d300a62a71d277b7f7a148329a6d0034e3701182f/detection

http://103.45.180.154/xoD1

# Reference: https://www.virustotal.com/gui/file/b4f74eb1dafd75f88b7f65b88d68b50e7c39033c02e98d4af5f8cc537ece6dec/detection

http://103.45.180.154/ca

# Reference: https://www.virustotal.com/gui/file/d0c75a78b1dd71c606360292baf35fc39f267882ff2bde483ee0da2a8734fffd/detection

45.254.64.7:11256

# Reference: https://www.virustotal.com/gui/file/ff607f4d57515059d136c9b19937f8ec8a9354a7067548a619f23f613e1deeed/detection

45.254.64.7:443

# Reference: https://www.virustotal.com/gui/file/529f4db01de77be25ad8e16548070c3f7ec3a73d26a92248c544ee90b18ea7ad/detection

http://45.254.64.7/l6Za
http://45.254.64.7/s/ref=nb_sb_noss_1/
http://45.254.64.7/N4215/adj/
45.254.64.7:8087

# Reference: https://www.virustotal.com/gui/file/12bc315285543c76e77c094e0f3be5f6a83c8a9450b5175d21b5115a9feaa93c/detection

101.37.24.50:22222

# Reference: https://www.virustotal.com/gui/file/44977a31cf4bd2bd4c8408fedd5eeb9b83eda2655246e502c23749c279fde735/detection

101.37.24.50:7777

# Reference: https://www.virustotal.com/gui/file/0f1b91233d6b9316ead84277c7e93d128a6b4b7af777055521be965e8c0727d3/detection

101.37.24.50:8888

# Reference: https://labs.sentinelone.com/the-anatomy-of-an-apt-attack-and-cobaltstrike-beacons-encoded-configuration/
# Reference: https://www.virustotal.com/gui/file/c4f764a814dad9866c3571cfde5030ee8ebf904006552cea744636e32b127d7b/detection

asiasyncdb.com
eustylejssync.appspot.com
officeasiaupdate.appspot.com

# Reference: https://www.virustotal.com/gui/file/9625f45de099fd08bed80f3fce73dac69c95fe6c1374d09c331c70b68acae1a6/detection
# Reference: https://www.virustotal.com/gui/file/b14b3a4fa5a4d7855ddf56dd4859392c8c03b62c2e9fb607e3d55b0bc314614b/detection
# Reference: https://www.virustotal.com/gui/file/3c17afa9fb56c717c779ba3842a680dbbb6f802ca8f8770186d3f5fb2f722906/detection

http://124.70.214.3/5eMu
http://124.70.214.3/dpixel
http://124.70.214.3/WMOi
http://124.70.214.3/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/070fba56f2a82d981b05a91cc68b24cac47f69007984a870697df7e32fb5af41/detection

167.179.72.91:443

# Reference: https://www.virustotal.com/gui/file/c09ef202640dfed63f1e6448cdfb3d6e3b10b20ee8d5c33d920663bc88734f9d/detection

167.179.72.91:4444

# Reference: https://www.virustotal.com/gui/file/2a6e6fca401ce0678d9fa4da36a3cc69991b906043b52d92884856a7d3613069/detection

167.179.72.91:5555

# Reference: https://www.virustotal.com/gui/file/53d2e8fa47d3426195cc68b707dac57c82a045a74c8ee453413d17d4ca104b77/detection

167.179.72.91:7744

# Reference: https://www.virustotal.com/gui/file/e6c38b70fb3add26ac06637363809153cabdb90d85015f418f8a91934aa4d1ea/detection

8.134.63.19:62233

# Reference: https://app.any.run/tasks/59f741b8-2309-4afe-adfa-1064f69f1b77/

95.179.152.155:443

# Reference: https://app.any.run/tasks/680230c9-9e94-4830-aa09-15b4e38fe659/

http://202.79.170.173/ptj

# Reference: https://app.any.run/tasks/33254798-744b-44b2-8d68-0e71c151f745/

45.142.212.161:443

# Reference: https://www.virustotal.com/gui/file/99c7899fc9ecaac5c721f5b429343b4c73ee1590466491354782f015234aa90c/detection

85.143.220.125:8081

# Reference: https://www.virustotal.com/gui/file/f408d79dcfcd22dffa9556281051117f871b4c3935a1600e12634a7f078cfc0d/detection

85.143.220.125:8180

# Reference: https://www.virustotal.com/gui/file/963dac2c51421b0a9aa710cf399e280cb36e84cb1a0f9842b3f5c96e5f8c574a/detection
# Reference: https://www.virustotal.com/gui/file/a0b27bf9e6b9d48be4e338d42a794bf75cd75a5766e1f1dbcd0cb70d0cdb061b/detection

23.224.16.133:1234
th1nk.xyz

# Reference: https://www.virustotal.com/gui/file/948628a6100b16c7728bedf0f3baa083f8192293fb7d1c88c5f2f4c220b2a43f/detection

101.37.152.150:8888

# Reference: https://www.virustotal.com/gui/file/388e808f00e4e826bbd52d03ce5a334a732dd62b3be17568b8a327ec9258228c/detection

139.9.33.17:8886

# Reference: https://twitter.com/d4rksystem/status/1346486615254786048

141.164.60.214:3389

# Reference: https://app.any.run/tasks/17c21704-f83c-48a5-9534-c265a2015d42/

106.75.162.166:443

# Reference: https://www.virustotal.com/gui/file/0090230bcb8bbdb0f183acdc96a1b250fd3612f849e00aea6569af6f0c8901dd/detection
# Reference: https://www.virustotal.com/gui/file/8f052203f4a69524d741d330a9c3c90f7082f52af2f1dd2b1fc6503ee2ed5f02/detection

http://43.239.158.224

# Reference: https://www.virustotal.com/gui/file/ddb6e57816efa0bb0fccab2925280075085b2e719d30a50b1c6f5d61f0789a57/detection

49.235.88.186:5555

# Reference: https://www.virustotal.com/gui/file/1fb1c7bed4b7caec53238e791bf1d1b4fc2169c2b9ce93cded37fa99af0f963d/detection

http://49.235.88.186/hYUG

# Reference: https://www.virustotal.com/gui/file/17b3144ee195844a17dcbd9325247bdb87b6f53f0ea74cb4b1043142eb265120/detection

49.235.88.186:8001

# Reference: https://www.virustotal.com/gui/file/0333e8f1c734a2f9c9c20b52f477967f9a925e5e1a4a0024ad38ceab1ff09f2b/detection

49.235.88.186:888

# Reference: https://www.virustotal.com/gui/file/e99c99ac7f67785fba7803954ec1e9e281a7d24ffe6bf958da66c308f9b5a69f/detection

http://47.105.131.133/y8Hc

# Reference: https://app.any.run/tasks/0325f88c-b3df-40b0-afaa-e8376cd14be0/
# Reference: https://app.any.run/tasks/6699879a-41cf-438c-90be-9c52f6fbdac7/

161.200.107.99:443

# Reference: https://www.virustotal.com/gui/file/1ce260d35c9696f3fe1f38b2a819dbca536f312bae993069dc8bb06971eb7e8d/detection
# Reference: https://www.virustotal.com/gui/file/1018482763833b1c83245d15949e635559ef292fd0310281a7c87c304e23233f/detection
# Reference: https://www.virustotal.com/gui/file/2c8b071111d2e3a66b23b19b5e854be12dfea4b02487788cacf4a6577e09aca8/detection

45.32.8.46:8080

# Reference: https://www.virustotal.com/gui/file/4f69c4313e741bc168a6313fc9bf03a2230ff3a17a808a113d3bd92a9b7b5c80/detection

106.75.81.232:4444

# Reference: https://www.virustotal.com/gui/file/d2830c494cbcc609d0a43beaeceb6140dfd5c49f9b6b4059ad2e6c1d1d48545c/detection

193.37.215.110:801

# Reference: https://www.virustotal.com/gui/file/aa6870a916933a433a81394fb115f5deebdc3a42552d1137ede944e6ec90db02/detection

95.214.179.58:5555

# Reference: https://www.virustotal.com/gui/file/62c423376a87984910a07b63080b4c82b44f8c8f33aa79537f4dba0e4d9f398c/detection

95.214.179.58:8009

# Reference: https://www.virustotal.com/gui/file/8aefc5029a46e58eaf55b584f899a78fb47a7c286c6ef95dbeb112035bacf155/detection
# Reference: https://www.virustotal.com/gui/file/5c77f6a4d10f8f89d66e3021d4889fe35ae40b0274bef3f561f40d0bbfb65acb/detection

kwwwing.com

# Reference: https://twitter.com/d4rksystem/status/1348676041808650245

103.234.72.132:6666
129.226.137.132:800

# Reference: https://www.virustotal.com/gui/file/9bc9d8a0df2c368e76b78287aee4f5e003aed4ed908e3f19fd810f7504c368ce/detection
# Reference: https://www.virustotal.com/gui/file/26e64feda708468034a9f4cfdc08926645f8b919ce8de6c27a071359e2336fb0/detection

122.112.182.65:446

# Reference: https://www.virustotal.com/gui/file/a0023ac98286e211f807161dacc0f09c1fea5d28e8d1507c5d3f7921b978eede/detection

http://111.229.30.135/ga.js
http://111.229.30.135/WkQJ
111.229.30.135:1479

# Reference: https://www.virustotal.com/gui/file/4980a62bd25eb2cdb26984eaab5f7a8a9e486e83cf42139e1acf089b82746b33/detection

47.92.38.114:58000

# Reference: https://www.virustotal.com/gui/file/c37cdc9e2828a4c5074347f6dceca6faf644eb7d11bd87bcb52f29b458a9bba0/detection

47.92.38.114:443

# Reference: https://www.virustotal.com/gui/file/2a1a3f6f1f138cf46a4aca66b22a2d4298a12e2115511127919a63b9150f4aa3/detection

213.135.78.244:443

# Reference: https://www.virustotal.com/gui/file/c32c1f7987a192e2e9c3141ff5f55aa65b67b036a990421a17df7ace05a243b7/detection

47.112.127.168:8889

# Reference: https://www.virustotal.com/gui/file/55eeae96335304d1b50be976ab8396dd76d6aa82fcc5a36346ee52f6e42e432f/detection

103.234.72.220:8883

# Reference: https://www.virustotal.com/gui/file/9157c5ff95474b758ad4e92cc2b342a6e38c3d06a28be23113cc9a937baa36a2/detection

103.234.72.220:8886

# Reference: https://www.virustotal.com/gui/file/6dbbabdbfa9a09e1a193f77103fbb2ba8ee0e8c73911d50b7f884f2ba66d0602/detection

http://45.32.16.170/j.ad

# Reference: https://www.virustotal.com/gui/file/1623a420fec3513e45f96469ba8b28ed287b421cfe415ab287c2371946b0a221/detection

45.32.16.170:4444

# Reference: https://www.virustotal.com/gui/file/8322e9c5c5deada391cc840fe3f8d665ea59546b53d914aa3b2b081fd41c60f4/detection

45.32.16.170:53

# Reference: https://www.virustotal.com/gui/file/a5164850fa52d4a2df03b7af85aadca84f19d16c330be93b655eb01e76c80adf/detection

45.32.16.170:553

# Reference: https://www.virustotal.com/gui/file/a73a86b3c12d812ef838a7bd7a4b9a0fdcee5ebd77db6f2ab16cd84dd85cf57b/detection

http://45.32.16.170/RCZm

# Reference: https://www.virustotal.com/gui/file/fa074a48e60234a91133c853a2495e00b534128306d15cc20f216dbb3514e7c3/detection

http://45.32.16.170/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/c8812a4a2b7608578dbe76214fc1cd29b641eb3051fa3b4e61d4c23af7e88c63/detection

http://45.32.16.170/a

# Reference: https://www.virustotal.com/gui/file/fd18bea214ae854e69e6775f6cdebb6bd6d378dee7854924cf3ae3bfb5173b94/detection

103.39.108.20:31621
cctvtb.com

# Reference: https://www.virustotal.com/gui/file/52f9630f5c0db719ab4c2bca3bae568c7a338c50b2adf84cc035b98cef5e71e4/detection

http://103.39.108.20/match
103.39.108.20:2008

# Reference: https://www.virustotal.com/gui/file/e9ae7da18412736f0c422bc2a7d07af9f10250f2a512b73b755807b213ce204b/detection

119.23.46.252:1234

# Reference: https://www.virustotal.com/gui/file/bb4bce5433b88da79f7ef35cfa9bb6b631bfcfe4c2f3f3e9988e336c81d18ec8/detection

149.28.79.190:4443

# Reference: https://www.virustotal.com/gui/file/8001239a0113038b6b2862364826bd7dbaba62f6e5ad80055e9e6adac10f09bb/detection

149.28.79.190:4444

# Reference: https://www.virustotal.com/gui/file/7b9b21d7e6cd54570cba031da3509f582be2d00b95ddae844a6670a048fd3af3/detection

106.13.9.34:8080

# Reference: https://www.virustotal.com/gui/file/b89416f96828c0ac256109189f818d863a34aaa8393fc378c70e02854fd9220d/detection

68.183.124.109:8008

# Reference: https://www.virustotal.com/gui/file/03564a2cf96c7bc63b52e031dca9af4087570ca6b6192785fe58bc04912b5ec3/detection

198.13.51.45:5555

# Reference: https://www.virustotal.com/gui/file/ec9dbc70c904f057b4062d388b8ffef806cd70d8f4d39b1eef423cdabf653cb9/detection

198.13.51.45:8989

# Reference: https://www.virustotal.com/gui/file/6c9ea5878aee62f8232878d72a24535b0f3ee73e1f9bed71f2f3a8385044131d/detection

176.123.3.104:443

# Reference: https://www.virustotal.com/gui/file/1342924ce7d5368e4e93a6fea4ef5c08e8baa94e511e83af91a4fb21dd76f9a8/detection

http://176.123.3.104/updates.rss
http://176.123.3.104/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/f4a603ebad33de4e8321019d495d444c388be1b342767326009a42adc24da79c/detection

http://176.123.3.104/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/41d22847780ca4a5a099ad8b25cec9fb32151be7232813979bbb2ab789be2cb8/detection

47.115.171.255:8989

# Reference: https://www.virustotal.com/gui/file/9a9b8e5a43559cd21e719b946c558429e0db0c85c520396bab29750bd3e9a752/detection

49.4.91.4:7005

# Reference: https://www.virustotal.com/gui/file/3870a3dcae9ef431c7181de6f70ed3a9833c2731f32b653fc66b292c80105f61/detection

49.4.91.4:24560

# Reference: https://www.virustotal.com/gui/file/54a9e5f6067da481a512f136fb8581f661e15293c19a225fc1900ba5599e031f/detection

49.4.91.4:25555

# Reference: https://twitter.com/_re_fox/status/1349056334625468417
# Reference: https://twitter.com/James_inthe_box/status/1349060773222383616
# Reference: https://www.virustotal.com/gui/file/5914d2b73a12434f181aecde03e27c755c5b3d9d87827381a5ac6cc6d1eeb72b/detection

194.36.190.41:8000

# Reference: https://www.virustotal.com/gui/file/dddfa9b94b49e644013a587687ff3c74af0c8a094e8a15d5a566ce6216ea8948/detection

http://207.148.97.132/n5qI

# Reference: https://www.virustotal.com/gui/file/2940d53402f2da43f23f8a2c9eae4cc1a39eb983c01994fcc328fbc425f158f3/detection

http://46.17.98.51/9Kdt
http://46.17.98.51/load

# Reference: https://twitter.com/bryceabdo/status/1349131942529290243
# Reference: https://www.virustotal.com/gui/file/d7e3342f316d783e4ae6447837173bfe060aaaef37553b9d67719653213bc868/detection
# Reference: https://www.virustotal.com/gui/file/ec2e5d88f31322b3b24860f08b2c5fb6bb48f01ef4402c720861274ab20cdaa2/detection

cutyoutube.com

# Reference: https://app.any.run/tasks/24a42304-740a-404c-99ae-d44859fe04ae/

http://185.158.250.134/j.ad

# Reference: https://app.any.run/tasks/a20d6b28-3137-46be-821b-4bd4f8d40baa/

http://15.200.29.19/updates.rss

# Reference: https://twitter.com/d4rksystem/status/1349400821125926912

218.253.251.93:443
81.68.188.152:8888

# Reference: https://www.virustotal.com/gui/file/24138d4a573095233f368e590f418c18959f7d8221d8e66605b5db99d68ee9c3/detection

45.158.34.4:3333

# Reference: https://www.virustotal.com/gui/file/26e2d1a9ee1535e4b480d70f0b87b480b570c793a8f90ecabcdd5fc3cfcd84e3/detection

47.115.190.86:2222

# Reference: https://www.virustotal.com/gui/ip-address/3.96.133.250/relations

http://3.96.133.250

# Reference: https://www.virustotal.com/gui/file/bd505d82e1784f5bccd263f1089ca8f2708fd6772b8ec181c89a3c8af0308541/detection
# Reference: https://www.virustotal.com/gui/file/bd505d82e1784f5bccd263f1089ca8f2708fd6772b8ec181c89a3c8af0308541/detection

202.79.170.124:4438

# Reference: https://www.virustotal.com/gui/file/e415094ccfc033761a8beba66743ac98f5488658e154275472c5edffbb04bc5b/detection

http://194.36.170.18/api/v1/Updates

# Reference: https://www.virustotal.com/gui/file/fc39d3f5558e89588d26f48ef5767bf076f3b417477dba1fdb231053de55b1a2/detection

156.255.2.247:5000

# Reference: https://www.virustotal.com/gui/file/bfa14084d1daaa0f661fad223467c57df13a7f92de412b459aab89ae83a42bd8/detection

156.255.2.247:7001

# Reference: https://www.virustotal.com/gui/file/90570a965bf9ac3f2b426b8fefea813aa640f1106d3bfbb24b504fb2aba0ffc8/detection

156.255.2.247:7002

# Reference: https://www.virustotal.com/gui/file/0934b39e0246515ecd6480d32a9f75dc0351762be8d7b57d9b57e8499b9685a5/detection

112.124.18.106:8000

# Reference: https://www.virustotal.com/gui/file/376bf4bcb19fabf0e1d2a83b57ff5ceab389da6034cd5c1641a6d24243fe9000/detection

112.124.18.106:8001

# Reference: https://www.virustotal.com/gui/file/436e0ed81a04b742d9a16261735f41b4826723c3565812de6c7224a2b37fe8ce/detection

112.124.18.106:8081

# Reference: https://www.virustotal.com/gui/file/4d00c8e2adebf7025dea6bfdf547c62cf1126901ff0c2a648ff522a9b91afe52/detection

182.92.235.109:465

# Reference: https://www.virustotal.com/gui/file/e2f1db98bb848c2e476a515140ab3b16e44a74b245cf9fa53f0cbe9026d7c3ab/detection

182.92.235.109:5055

# Reference: https://twitter.com/1ZRR4H/status/1350802354107514886
# Reference: https://twitter.com/MichalKoczwara/status/1362715080123645960
# Reference: https://pastebin.com/7QnLN5u0
# Reference: https://pastebin.com/Ka5wvMZz
# Reference: https://www.virustotal.com/gui/file/6e316af2d4d905aff1b52f14860363c6c06a194820beed35fd9f3aa6aa3e7718/detection
# Reference: https://www.virustotal.com/gui/file/2cbe531f2e039ed524963cda7b71527bcd044b01ed63eb360588c271ce7abed3/detection
# Reference: https://www.virustotal.com/gui/file/69dfbf782bce93f1c9705f014f8582b86511b4838312d70b64e49947bbc1d064/detection
# Reference: https://www.virustotal.com/gui/file/a68ff8f84bda7471855e0877605446b64981efaf45c53f3a38e1658e1d942b24/detection
# Reference: https://www.virustotal.com/gui/file/029666ae5026488144724bb67e0eff5b8850cae5c4c6b2bb5e3228f822c334ae/detection
# Reference: https://www.virustotal.com/gui/file/7ae1a3339a5f60422a8d0f5b5fbe2d92faf57c08f9684f08b0a6d23c9860e8de/detection

http://172.82.148.202
http://209.222.97.8
172.82.148.202:443
185.150.190.153:8080
185.150.190.153:8443
avetool.com
ballom.com
clubuz.com
domways.com
exrap.com 
geotry.com
lenview.com 
mixdir.com
pinglis.com
raills.com
repshd.com
rtrill.com
simvp.com
stargut.com
topevi.com 
uncole.com
zipflag.com
/us/ky/louisville/312-s-fourth-st.html

# Reference: https://twitter.com/d4rksystem/status/1351197665623564288

121.4.104.232:8001
211.159.158.117:1122

# Reference: https://www.virustotal.com/gui/file/e044e4f1711249920ca32add2d26856486053f9f0bd6b34e3e3601b9314f1bfc/detection

42.193.101.234:8080

# Reference: https://www.virustotal.com/gui/file/4ac24543dc6a174608b6c29617643a39d295bea5e4e70c0f23ee980a1df1da64/detection
# Reference: https://www.virustotal.com/gui/file/81e86d60cc9dd4221da98e3a34dd568cc95a199f4290d9285498570f31f02871/detection

http://42.193.101.234/fwlink
http://42.193.101.234/nAy4
http://42.193.101.234/en_US/all.js

# Reference: https://twitter.com/malware_traffic/status/1351588946858315776

162.252.172.167:1080
162.252.172.167:4443

# Reference: https://www.virustotal.com/gui/file/0322c81f09300f0d12e0995cd565f097c7a4670e6da2c6fd1d314132d07d2bf7/detection

45.149.16.187:8080

# Reference: https://www.virustotal.com/gui/file/566aa77fe83a1964a7f44ca69b1477a50b1f93ab42df4b137c7177cb38531368/detection

207.148.123.136:12443

# Reference: https://www.virustotal.com/gui/file/31a7643b2a95eddc72f80300d258819b7b19c58ca19a4045372191a38dc5082a/detection

124.248.219.142:55551
ffffaaaaa111.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/d8921d13ea74b7783db15037de3425d3bcd77cd2cace83a0f9354e7842e093a8/detection
# Reference: https://www.virustotal.com/gui/file/98691e6f26a892c6656b3797e6e4dafbf01102b498663cc57345af5a71e7624f/detection

115.159.120.250:80

# Reference: https://www.virustotal.com/gui/file/2e243725712d3a870f5053915eb1a4fe377354b215b6bde9945194b1ee21e49c/detection

145.249.106.34:443

# Reference: https://www.virustotal.com/gui/file/d7bca739cadeb987c173825ae08f08d9ba45ee1402ef6096275f32db25cb1190/detection

145.249.106.34:2404

# Reference: https://www.virustotal.com/gui/file/b822dd1c325c88229e57e95a393cedc60c7d9448c677e1c09307165899eb8f5f/detection
# Reference: https://www.virustotal.com/gui/file/8035a064592068c4f36dea555f2d893ba7196374ad98ad8a9ab47493d52092be/detection

168.206.191.222:9998
168.206.191.222:9999

# Reference: https://www.virustotal.com/gui/file/969d8f38f92829cfb67735972791cad7593ff9cbab8aa23079304d915f322250/detection

39.107.225.220:6505

# Reference: https://www.virustotal.com/gui/file/21cfaa71811aa32da5afea7bd1d0ea3b93201064be4ecd7bb48302828b6aecad/detection

39.107.225.220:8555

# Reference: https://www.virustotal.com/gui/file/3381dd8ce5c574a91e0299c0092b0a0dc55a31a1f0cc917d739fb69ea7934052/detection

103.153.100.248:443

# Reference: https://twitter.com/d4rksystem/status/1352292371615019008

121.4.104.232:8001
211.159.158.117:1122
91.121.82.157:10086

# Reference: https://www.virustotal.com/gui/file/03d741b98e2ecb25b8aa2952045d4ebe36f4689b8fd266ae04a6b39873a44acc/detection

inteldrivers.com

# Reference: https://twitter.com/kyleehmke/status/1352589495762350080
# Reference: https://www.virustotal.com/gui/ip-address/88.119.175.52/relations
# Reference: https://www.virustotal.com/gui/file/03b0aa2af486e68e719517adacf083f3d3e4e538743f66720ff01b54b8c84fc7/detection
# Reference: https://www.virustotal.com/gui/file/a7aeff0bb1b9cd0cb2df3bd7e3a4b54c7fa3d68736c72098b1e2f9b77b7a9f07/detection

http://88.119.175.52/ba.css
http://88.119.175.52/ky
88.119.175.52:443
lightroomsrv.com

# Reference: https://www.virustotal.com/gui/file/8cb28b1153c9bc684aacaaba9471f2cb8901b3824ff2bcd122bfb7e08f4df635/detection

103.39.213.252:443

# Reference: https://www.virustotal.com/gui/file/909674602d6cf5298a05ef6c5d212a607b1d9321ac12feefdd5009d5aa869c28/detection

45.61.136.11:443

# Reference: https://www.virustotal.com/gui/file/ce63155c841f720aeb297867526f38fedd360667db985d22fa63dd77c053956b/detection

160.116.52.133:443

# Reference: https://www.virustotal.com/gui/file/acf8940fff401f05244dfc2817ab15f183d00f7922f3710343104fe088505b6f/detection

165.227.31.192:22804

# Reference: https://www.virustotal.com/gui/file/9d73e526070e3dba36069ba1d7da733dec91061e6e6c3e794ef9fcbd97804452/detection

http://45.43.2.118/Gt8j
http://45.43.2.118/dot.gif

# Reference: https://www.virustotal.com/gui/file/5d5b2162960419f7ce08380b9277a90a1e7842f7bdaf8910c573a2f2caaeb0d5/detection

45.43.2.118:443

# Reference: https://twitter.com/TheDFIRReport/status/1352811175961112576
# Reference: https://www.virustotal.com/gui/file/f6812451fd51f0a3429821f8220ab7503feaa8558b79c8658a9898d6ff7b38f0/detection
# Reference: https://www.virustotal.com/gui/file/062a328ca3aae79749dd98f73af416af9912202cab0bd8b37ea5990a6696e8f4/detection
# Reference: https://www.virustotal.com/gui/file/5146ca32a748388ea5e4679c5dfbde00263f281df78b08cdf8d0d06ea0d26906/detection
# Reference: https://www.virustotal.com/gui/file/5ed9e7866e1ccafd48e38d4acbce37e5d1e7275fb44ce6c5af6bf05d843bce32/detection

185.162.235.111:443
185.162.235.35:443
185.162.235.61:443

# Reference: https://www.virustotal.com/gui/file/1c80d809abe057882b02d85e8800a34f0ac59dd48edb78ac56d4fb84b94b7569/detection

35.220.190.145:8443
javaupdate-cdn.com
flash.javaupdate-cdn.com

# Reference: https://www.virustotal.com/gui/file/c92d4c519ca29e620ecbb9d94ec97844676db49ce2bd4af107882e1e6d3959a4/detection

35.220.190.145:80
pulls.napaioki.com
napaioki.com

# Reference: https://www.virustotal.com/gui/file/508aacb15b650529222ceb1c2c1640bfc2a45922f42beaabdbb0d47f64c22321/detection

82.156.42.222:8000

# Reference: https://www.virustotal.com/gui/file/d55d150fae0407fb3308cb7cf215692a2dbe82758ad82996d91898101652fe55/detection

91.193.75.251:443

# Reference: https://www.virustotal.com/gui/file/d67e9206ad5c2424c5d2bc5b66879f8395202926954fe0f3dbdc07dc87f4433e/detection

http://106.14.76.55

# Reference: https://www.virustotal.com/gui/file/0d3c2340651fd81ddd057199d176802b5740bf391f497673dafde8eb6366c994/detection
# Reference: https://www.virustotal.com/gui/file/9a3788718d74874720f51c9427b6752cf63d7450600a4158c3460b0cb4bd754c/detection

106.14.76.55:20050

# Reference: https://www.virustotal.com/gui/file/582c37ce3e47cfab26f5c79dbd80a151e342031f2bef19144aa4985359a22488/detection

104.21.59.222:2086
cs.diao-che.tk

# Reference: https://twitter.com/Wanna_VanTa/status/1353811115541745667
# Reference: https://twitter.com/kyleehmke/status/1353829022778744832
# Reference: https://twitter.com/kyleehmke/status/1353829026104799233
# Reference: https://twitter.com/kyleehmke/status/1353829027048529920

backup-boost.com
backup-helps.com
backup-monster.com
backup-updater.com
backup-updates.com
backup1-online.com
backup1patch.com
backupsec.com
backupupd.com
backupupdonline.com
best-serviceupd.com
bestbookstore.org
bluemoongyis.com
drive-dwn.com
drive-upd.com
drive1upd.com
drive1update.com
everydaystaff.net
rangerover-service.org
redbullenergyshop.org
service-boosts.com
service1go.com
service1helps.com
service1updates.com
servicepatcher.com
slutsstore.com
spitondickyouropinionltd.com
top-gun3.com
top-serviceupd.com
top-serviceupdate.com
topbackupupd.com
topserviceboost.com
topserviceupdate.com

# Reference: https://www.virustotal.com/gui/file/da5242d0a0aa898170b5146baa8e275f99f27aa1d6d65b58f7aa1df844b63745/detection

5d23bdfe.ns1.godie.work
5d23bdfe.ns2.godie.work
dbd87b6.ns1.godie.work
dbd87b6.ns2.godie.work

# Reference: https://www.virustotal.com/gui/file/9eaf6f8ba797648313cb9ca8591c9bd4823dc37b4b2e76f5846e52086edaef9c/detection

154.8.172.105:2333
godie.work

# Reference: https://www.virustotal.com/gui/file/0af616473251f52587a142185c0e8654165fb324e2128a8fbe05f22fe13d33c5/detection
# Reference: https://www.virustotal.com/gui/file/37481edec2f31b2931d4eab0ac3c3dac793f30e3f3e1caf0d0112caf3dcc4a5a/detection
# Reference: https://www.virustotal.com/gui/file/3aa6e9200b9daa363f9c43a7ba2f4311441d6ed7e5a7911466592bf2e6a30a1b/detection

3.96.207.96:443
codejquery.uk.to
syncjquery.us.to

# Reference: https://www.virustotal.com/gui/file/3887e8dc24580749359a5049caf8ce7901b2349dd48530d38939a3db631180ae/detection

172.67.209.182:2086
jetbarins.com

# Reference: https://app.any.run/tasks/ab978f28-cd47-44f8-8e09-a5a5ee4b1d5c/

http://213.227.155.173/__utm.gif

# Reference: https://www.virustotal.com/gui/file/795fae02c5d7ef7aaaabfab4707fbeec1dbe8f8181ce895d739b3f5237887e84/detection

34.85.13.9:8080

# Reference: https://www.virustotal.com/gui/file/0563c5a4a3f7d4b8360c622a6163e7d457d42212dd46cb2fbfcc7807a6a8dd7d/detection

115.159.204.162:443

# Reference: https://www.virustotal.com/gui/file/a2cb6bda3df149fc0f77432c223af5882c2cfdde100757e952f8cdeae6dc252b/detection

47.103.206.120:8050

# Reference: https://www.virustotal.com/gui/file/6c098a687200d6abd109a0090127714793111e52782e3b26b8c8350f9b799e16/detection

47.103.206.120:9443

# Reference: https://www.virustotal.com/gui/file/97e1d8bf9041bd22eba3b4f5898af4d273131c8f353963e48656509c5abdf6fb/detection

23.225.183.2:8088

# Reference: https://www.virustotal.com/gui/file/9fc0c07c6f99b12f74335cfc6fd66a1a4997d9134e137b7ab35952306026c631/detection
# Reference: https://www.virustotal.com/gui/file/18ffb1d9089e1dcbfdc672c3309f5d46185c45a5174fd7fdb3d241688b9d4da6/detection

23.225.183.2:9090

# Reference: https://www.virustotal.com/gui/file/defce486b5c09a8d88fa527c100bf59a7d1ac93d076fb90b3928590f072b92ee/detection

globalsoftwareoptimization.com
updatevpn.com

# Reference: https://app.any.run/tasks/8451fa4a-1640-4170-b31a-c85c874791aa/

http://101.200.187.28/dot.gif

# Reference: https://app.any.run/tasks/cd5934b2-975a-4fe3-b55f-ba8af5a5fdcd/

103.253.43.98:443

# Reference: https://www.virustotal.com/gui/file/51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561/detection

81.68.232.220:12345

# Reference: https://www.virustotal.com/gui/file/efc8bd338786404ca4dede0c7c1051927dff563e408eaa007d0c320b264b86e8/detection

47.105.186.146:8080

# Reference: https://www.virustotal.com/gui/file/b7fd001cc5d96be03e5f7be18a303806cea1d80fcbac831831abef4a2939dbb1/detection

47.105.186.146:8888

# Reference: https://www.virustotal.com/gui/file/709129297b987bae9bb5c2dec64951dc0e412be18d75f4da936a484491b14dcc/detection
# Reference: https://www.virustotal.com/gui/file/97808d2b487f705c273c5f989e8c75dde8c473d7d5be9992f21b8d10080be0ea/detection

googleanalysis.cf
microsoftanalysis.cf

# Reference: https://www.virustotal.com/gui/file/51abcecacd2fdd25bb8ef3a64b02aaa940b6d08ea2f7f48d5d6dc13d6912a561/detection

81.68.232.220:12345

# Reference: https://www.virustotal.com/gui/file/5351984d7eaf9464f27c202f94b6475ffb73904191c973d7c737a0f3cdfbde0e/detection
# Reference: https://app.any.run/tasks/fd0f653a-e637-4859-aed3-21e42ebd3a47/

217.12.202.115:8037

# Reference: https://twitter.com/kyleehmke/status/1354787820225912834

historictradessp.com

# Reference: https://twitter.com/kyleehmke/status/1354772391558340613

backup-supp.com
bestserviceupdate.com
bestservicehelp.com
bestserviceboost.com
bestbackuphel.com
newservicemonster.com
newserviceboost.com
service1elevate.com
topservicebin.com
topserviceupd.com

# Reference: https://www.virustotal.com/gui/file/d680f30cf3f851fcff0661ee35d6024a48525897859522f41b65b436dd6087c5/detection

185.25.50.205:443

# Reference: https://www.virustotal.com/gui/file/d756ccfa9f0f1496238032c09d9b01e7c2f0e0b43d531fa799ca4576fea69cfa/detection

http://88.119.171.105/search.html

# Reference: https://app.any.run/tasks/e5e8f0b5-f750-403f-aff7-f7c3e7a68949/

106.55.2.166:8080

# Reference: https://app.any.run/tasks/ed5c6617-79d8-4e22-9962-8b8ee5c6467b/

154.89.10.55:8888

# Reference: https://app.any.run/tasks/cafdba85-ce49-4e41-b1fd-35d3ed0f879a/

http://101.200.49.219/ga.js

# Reference: https://www.virustotal.com/gui/file/25891109f3a3b484ba2e7f5a445e44fcd7a1374027791c5690307d44c5311948/detection

172.67.216.16:8080
aodi-sports-rs4.tk

# Reference: https://www.virustotal.com/gui/file/3579655f9dfb50cd16f497b66c1f05340968ac584d313210472ab1e42e1265c7/detection
# Reference: https://www.virustotal.com/gui/file/db26c6c86c6fcf12d1b717d27ddaba981aa3f2e14b6b7f3dce51ce488df6e035/detection

217.12.218.109:8080
baron8.com

# Reference: https://www.virustotal.com/gui/file/74c6aaa7b70dffa08f940f1a6252875989b77268990dd408999bf81c6b6f669c/detection

http://45.141.84.34/j.ad

# Reference: https://www.virustotal.com/gui/file/b851fea2c40da58f74c604049f3c95370866d18a640048765e03d6146a85cf3d/detection

http://45.141.84.34/ga.js

# Reference: https://www.virustotal.com/gui/file/dae1bf82f035aa6dfecdd85a0faec8ae72c38c3e6e7c86fcf22823f1c157f4f0/detection

http://45.141.84.34/extension.css

# Reference: https://twitter.com/kyleehmke/status/1356305007772106756

guerillaservice.com
jeangame.com
serviceboulder.com

# Reference: https://twitter.com/kyleehmke/status/1354867748866830338

cometausa-netstar.com

# Reference: https://www.virustotal.com/gui/file/3610cb9833ba7a940cdf6e9b2f13caa9772abba3a4da82456a0936c4adb8e2dd/detection
# Reference: https://www.virustotal.com/gui/file/42af48e768fbfa7afa8dc02d11d642bc8e42590576fda6ed102a6de4da367347/detection

111.229.244.197:53

# Reference: https://www.virustotal.com/gui/file/219cf1b886ca68ef5cd497c249149781e892b8bc6d53a462a2439ae5adc5c4e5/detection

47.240.74.236:1234

# Reference: https://www.virustotal.com/gui/file/af9dd818c06e4be52a6dc00a5a2825fed2aa4497bae2dd9e7c0f42cb3946b46e/detection

47.240.74.236:12027

# Reference: https://www.virustotal.com/gui/file/a48e1e8997e6d9905a05273365597795f71bdfb65e321efa1ec25dfecc32180b/detection

47.240.74.236:12036

# Reference: https://www.virustotal.com/gui/file/d4c040d72c60447844e1cd8ab16d567aafe48e9c837c35728082938d76b7bf81/detection

47.240.74.236:45678

# Reference: https://www.virustotal.com/gui/file/98a17e25197506ef58cbb9cb619bdc09ee74b3ef2aa313d279f03b8238634a38/detection

34.84.39.173:11223

# Reference: https://www.virustotal.com/gui/file/ca0f09906e4f8088ee7616bfe0180303ae32c267ea814f829def7f34c15890ba/detection

34.84.39.173:4444

# Reference: https://www.virustotal.com/gui/file/cc88ac074bed2df0192d8d3d29e3df8fe6c3483823f7f19c3620cafc2456a2b6/detection

http://34.84.39.173

# Reference: https://twitter.com/d4rksystem/status/1356648584058466308
# Reference: https://www.virustotal.com/gui/file/4e76923c12d87557155e81e7396f29e1c8331ebb636d0c262d17ff44190f43f8/detection
# Reference: https://www.virustotal.com/gui/file/73244e327bb9516abad9dcf3ec77af74d1909e37ac9bb25d8359f1a8bea2f18e/detection

172.67.133.171:8443
administrator.party

# Reference: https://www.virustotal.com/gui/file/43f8edeade7fb59da8c78aec4950d78b1aa76c1b59441d0224c1cd31b7f7bf27/detection
# Reference: https://www.virustotal.com/gui/file/7a45ec4cd60919aaa83668be255e0c13205264faa0454ad6f71fb7770871c94d/detection

35.220.139.164:9090
35.220.139.164:9092

# Reference: https://www.virustotal.com/gui/file/536c051a0887374576149babca8b1ce93955b29eb75e11365d68d41f49e25fde/detection

62.234.62.154:50001

# Reference: https://www.virustotal.com/gui/file/e1837f6f544996d006f1eb7ecf4432649b0c0a537ed7c2a8825727c1e6497715/detection
# Reference: https://www.virustotal.com/gui/file/1b6dab47120453d3f3fef1952321995d692854861e16f01791daac4a3a956f4a/detection

http://42.51.46.109/j.ad
http://42.51.46.109/TbMY
42.51.46.109:2888

# Reference: https://www.virustotal.com/gui/file/dee0d6872be597cc18712858cf18f7521fc6ab0df1cdba0f2d429a115cc29b00/detection

42.51.46.109:2345

# Reference: https://twitter.com/TheDFIRReport/status/1356729371931860992
# Reference: https://www.virustotal.com/gui/file/83eb78493839c7785d1f29d8eb311d66b472ec78d2c41e0be098b193dd867d5d/detection
# Reference: https://www.virustotal.com/gui/file/dbd8ef7e31b8b4041da8d2152084c25f44f25a517e75500df2016c7230d55a36/detection

http://5.2.64.194/dot.gif
http://5.2.64.194/g.pixel
5.2.64.194:443

# Reference: https://www.virustotal.com/gui/file/0373b2b5b785fc4f04977ccf6e4ed80a6339a77f91c07ea1a073d3f3dab43b19/detection

85005.careers.96html.com
85005.trendmicro.96html.com
85005.careers.trendmicro.96html.com

# Reference: https://www.virustotal.com/gui/file/51d295fa54785a8c5e206e0abc26b97af8dcd6e1e1ce109c28fd8b072bdb63e5/detection

http://149.248.58.116/push

# Reference: https://www.virustotal.com/gui/file/d09974d45da9067a0c65e3bab3acdf64d1e51a2b463c7827b0098a2fc93250f4/detection

http://149.248.58.116/jquery-3.3.1.min.js

# Reference: https://www.virustotal.com/gui/file/5bfc3cd1b03ccfd0505254be2950348115821d9c190fbda700922dc4585752f1/detection

34.92.231.69:443
http://35.241.81.15/OSzA
http://35.241.81.15/activity

# Reference: https://www.virustotal.com/gui/file/5b4ab982b5876fcacf42df13e23fcf68c75fcc9c2812633d45f39eec0e746e9b/detection

35.241.81.15:443

# Reference: https://www.virustotal.com/gui/file/d7cdf7bca8c90d21e64b0c790ce5aa9124623dd2788088c81160703e00ff2052/detection

http://35.241.81.15/AdhP
http://35.241.81.15/dpixel
http://35.241.81.15/submit.php

# Reference: https://www.virustotal.com/gui/file/4d7df556e30ac8aff18e2c82be48c5041f461ecbf87f10510eae3dc5b92e48d1/detection

http://35.241.81.15/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/1d6100f57f1b66a43d6a140db43f029cc90e3e651feb728a2e0f4df6c63899c0/detection

http://46.29.163.28/fwlink

# Reference: https://www.virustotal.com/gui/file/38e2f042e5ab5d5219282d6a35e8a29e5f236e3d578ced7bbc003a0746e16eda/detection

46.29.163.28:44444

# Reference: https://www.virustotal.com/gui/file/998aed883c1fe65486881adb64495df92ae0a33909eec10e60f7ed98e01ca5e3/detection

46.29.163.28:55555

# Reference: https://www.virustotal.com/gui/file/d05bd8cf1534fa4f78714efa39ed16b3cd1cfb9b5adbf91c5416e2299b278ace/detection

46.29.163.28:9999

# Reference: https://www.virustotal.com/gui/file/0a2964531ca9151e2f21604f53d4bf69dde74aab35a3183cda47239158d68af7/detection

http://158.247.211.105/ch8Y

# Reference: https://www.virustotal.com/gui/file/e05e3cefe4d3345c244e66e34aceefabf8757de8e24d67a8d935d7b9a82dce63/detection

http://158.247.211.105/IE9CompatViewList.xml

# Reference: https://twitter.com/kyleehmke/status/1357294268562472963
# Reference: https://twitter.com/sS55752750/status/1357309535623536640
# Reference: https://www.virustotal.com/gui/file/0e8d19b72a2cff14b36e59aabc30ac4c3c94dd64ca4f6d752196bd04dccde22d/detection

http://45.141.84.206/RELEASES
http://45.141.84.206/ro
boostetits.com
boostracea.com
firstient.com
ghafirst.com
jobjean.com
jobrian.com
jobsmarc.com

# Reference: https://www.virustotal.com/gui/file/7c2809342f689d0799b35ab7d04502f199bc41d80f1996b30c3acf181d6894ea/detection

45.76.205.3:14445

# Reference: https://www.virustotal.com/gui/file/41658f2c093f81b55bd2b7eedda82df5c5cffbce3a069ee6de7c2a783cda6ee8/detection

45.76.205.3:14448

# Reference: https://www.virustotal.com/gui/file/9f84d0d8cb6da41461fac8bb84fab901fbb044f409d1bb245d24c201c0ecc8a9/detection
# Reference: https://www.virustotal.com/gui/file/e2141bca1ff9b8defc6264d7c8009c6f8b9caf578518b4c6b394a5383dd53352/detection

118.31.47.97:5555

# Reference: https://twitter.com/kyleehmke/status/1357356997054758916

clearyourtextupdaterslover.xyz

# Reference: https://twitter.com/kyleehmke/status/1357337792053936129

examplebrowserclearlysafe.xyz

# Reference: https://www.virustotal.com/gui/file/f58c734c6b5bc10c2eae9cf5e22b53cb6a69dde6d3d6ab414325c84e517f7feb/detection

124.71.153.145:443

# Reference: https://www.virustotal.com/gui/file/56410d06f527d704aa159013645efdb672cb2749fc1cfa7f57249acb65ce1f6c/detection

124.71.153.145:4433

# Reference: https://www.virustotal.com/gui/file/00ecceca281ff61a9a2574bf844680493753a1beb878f4a0ed4e3253bc47f819/detection

124.71.153.145:8099

# Reference: https://www.virustotal.com/gui/file/7eb310eb30942505ea2058e90d18e0318fc68e53b60fadd977f1cd63de787ad0/detection

42.51.12.61:8007

# Reference: https://www.virustotal.com/gui/ip-address/39.106.61.177/relations
# Reference: https://www.virustotal.com/gui/file/8284328bb04e23c11011c10b7f7471cd65468d4513eb9b9243bb704110f669a7/detection

39.106.61.177:80

# Reference: https://www.virustotal.com/gui/file/0e4189ea5aed52d9dbec284e8f0a5506bfc9be9bde6db507d74f9f284de62b17/detection

45.32.41.71:8080

# Reference: https://www.virustotal.com/gui/file/3c4b9d945574c7d174e4f6de6236b2e1b438331e8f022b5107a03334c0f76466/detection

152.32.192.29:443

# Reference: https://www.virustotal.com/gui/file/9b9c6b294cae940c308fe0ff6466f5f115d277d4efad24e40c9acccfa19204c1/detection

152.32.192.29:9999

# Reference: https://twitter.com/VK_Intel/status/1357795388057677827

http://152.32.192.29/ca
http://152.32.192.29/IE9CompatViewList.xml
http://152.32.192.29/submit.php

# Reference: https://www.virustotal.com/gui/file/0f1b59c9a63dfd0e158055ca3b8c211aec1bfbffa8a1d095b472af30f73cddbf/detection

state-support.net

# Reference: https://www.virustotal.com/gui/file/4f40ce4b496790811e822db91c6b17fced7bcb313799f10071dd58af6747e343/detection

state-mgmt.us

# Reference: https://www.virustotal.com/gui/file/a2f85769cb8b805c657b0cea0210bf29b9fb58a2cbe104c6d18bce7812890d0d/detection

phishing-training.com

# Reference: https://www.virustotal.com/gui/file/9cbe8d852229e2ea53fa1bcba3a96749a17d51c2a619652d15c89048299d7bd1/detection

47.103.204.146:8123

# Reference: https://www.virustotal.com/gui/file/cb17fc1b91f03119d9a3a4aceb5a11f4dce03e71ea9d05d512e48c41cba1875e/detection

http://47.103.204.146/PXKi

# Reference: https://www.virustotal.com/gui/file/fa8af7dcb55090484fdb394e3933acdc0f5d51993ed1353a0337dcb679c76442/detection

47.103.204.146:8082

# Reference: https://twitter.com/kyleehmke/status/1357706153073983488
# Reference: https://twitter.com/kyleehmke/status/1357706157767409674
# Reference: https://www.virustotal.com/gui/file/09a64e9f4b89d7618ca5dc13a29056e0c4738cb38b43817d0549b48965e27a47/detection
# Reference: https://www.virustotal.com/gui/file/de154ff10e75d6626eefcd288fa6c3458c58d7a9db74eb8b31432dd5d87ed564/detection

cheeservice.com
firstaholic.com
servicext.com

# Reference: https://www.virustotal.com/gui/file/60b3e039fdb1669777d84730a410ac987a449f0177b83625fb34c756ecbe0e68/detection

107.190.130.190:82

# Reference: https://www.virustotal.com/gui/file/4843d8c419eb9c5b58a3655e1998076efdc48fd1c3617839301c7641d71fd8d3/detection

178.72.136.128:81

# Reference: https://www.virustotal.com/gui/file/4b4bd38de1307b78ee78d60ea45234035f32c71efddd7b64830dd539adf274b1/detection

8.210.18.93:7778

# Reference: https://www.virustotal.com/gui/file/9a443e180cb1ea7eed7bbd5ccaffc5381d98fcf1dde6de12a828ec4577f12e0c/detection

8.210.18.93:8888

# Reference: https://www.virustotal.com/gui/file/d1f4b9040c2b3979f4bc9044e891a43430e65094d595efc39fdf90a20d8acfe7/detection

http://8.210.18.93
8.210.18.93:49154
8.210.18.93:49999

# Reference: https://twitter.com/sS55752750/status/1358760024630304768

198.13.51.45:10612

# Reference: https://www.virustotal.com/gui/file/921895168d4974c821f86704d76c60d384630afddb7f59edac2e2b3a6af73af6/detection

198.13.51.45:10613

# Reference: https://www.virustotal.com/gui/file/4ad6418af82212c7719ed7a12a23597dfaf6f5606c3bd3bc4e513820aa13ea63/detection

198.13.51.45:1234

# Reference: https://www.virustotal.com/gui/file/e0952b7eaa3751f66791696d7d41568e174288e9469508bf725e7bbbc5907f0e/detection

198.13.51.45:1532

# Reference: https://www.virustotal.com/gui/file/2061919064ec7660a3854be52d79339da7e7a42f9afdafa14205eec454664f91/detection

47.100.121.134:33333

# Reference: https://www.virustotal.com/gui/file/d6c564ce33d08195da5ff0d6d7fc117ebf11a45ac938a94c313ccc6666cd708f/detection

http://47.100.121.134/1.jpg

# Reference: https://www.virustotal.com/gui/file/8000f8438e33d8d96e4dae67c7a60e42666db91a295a38555aa7173471002fc4/detection

47.100.121.134:8281

# Reference: https://www.virustotal.com/gui/file/5098447deede1295f3305136383ff7ed6dd28fb793b22bbaa1655f0731ff01f3/detection
# Reference: https://www.virustotal.com/gui/file/19b63b2152c3db2a234d2ffec83f8f05fce9986829352779a0a60d1c1f3bf2ae/detection

119.45.183.69:8880

# Reference: https://www.virustotal.com/gui/file/ffd4623b9ca235e2994ba06657790035cf5041299a026e94e0fc0fc1562cc611/detection

http://119.45.183.69/dot.gif

# Reference: https://www.virustotal.com/gui/file/01f5215f845fe6b9e7c479437f95431c82cadb8b832c681b57ac1be6b66fcf43/detection

http://119.45.183.69/1.txt
http://119.45.183.69/2.txt
http://119.45.183.69/3.txt

# Reference: https://www.virustotal.com/gui/file/f4455ede7b38234cb5072c608990fada9a63fb3806df9638e03506e470c06902/detection

212.102.52.87:37501

# Reference: https://twitter.com/VK_Intel/status/1358910356320616449

http://104.21.0.234/pixel
http://104.21.0.234/visit.js
http://172.67.128.98/dot.gif
http://172.67.128.98/pixel

# Reference: https://twitter.com/kyleehmke/status/1359137415290576897

bestalo.com
bestampage.com
bestheria.com
bestriche.com
momenticide.com
momentopic.com
momentrap.com

# Reference: https://twitter.com/bryceabdo/status/1359154003569967115

bidendistry.com
dentistrious.com
oldentistry.com

# Reference: https://twitter.com/kyleehmke/status/1359227321442566145
# Reference: https://www.virustotal.com/gui/file/0a68337b2f61b2b02c5e8bbbd986e6452cd152661fd29c547752d660cb5fa951/detection
# Reference: https://www.virustotal.com/gui/file/db157e964c460a5415ae79f3c5ffdd4019fa2d48cd5e2f60747f1504b0dada14/detection

boosterant.com
boosterion.com

# Reference: https://www.virustotal.com/gui/file/9dce9d665f863704a669a7eda627b55d1559b105fef23d00e68dbcd14da78a2f/detection

3.22.15.135:19293

# Reference: https://www.virustotal.com/gui/file/7f995e9bbd194ce444ffbee767b938e6768f9d6eef530297157a97fd25b429f6/detection
# Reference: https://www.virustotal.com/gui/file/b631039bc30cc4dbb031cac90ff89ef0c9322a6208f7b3d29c77b4d5ebd7ce23/detection

202.182.96.56:4439

# Reference: https://twitter.com/malware_traffic/status/1359208135576199179

104.160.190.114:1080
104.160.190.114:4443
http://69.30.232.138/iBNc
http://69.30.232.138/cx

# Reference: https://twitter.com/sS55752750/status/1359217432984969217
# Reference: https://www.virustotal.com/gui/file/a2904c20c8125ca05828dccb0c011e768ff1b8b972dec86f69f17504748c5e22/detection

http://173.234.25.78/ca
http://173.234.25.78/submit.php
http://173.234.25.78/updates.rss

# Reference: https://twitter.com/_brettfitz/status/1359243210632134659

http://198.211.10.238/ga.js
http://198.211.10.238/submit.php

# Reference: https://www.virustotal.com/gui/file/525d9629b8a79612e7122008b9935d4df1ae6acab25a429472cdc673459ad6bb/detection

http://101.132.236.129/x6Je

# Reference: https://www.virustotal.com/gui/file/d4ad8d3e5cc6fcfa4a71bfeb3311732ddedd5b373b737e72990cd6e61bf5fe88/detection

http://101.132.236.129/dot.gif

# Reference: https://www.virustotal.com/gui/file/c633edfdaff568bcc373c82ad9e598dd4fb4ac69ff335418260dcc6226c6c4e2/detection

http://101.132.236.129/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/4e9a7d9205ca2363e02cc45cbaa160e4b72e40ce1355c4e5d84c95dd2b2ada49/detection

http://101.132.236.129/push

# Reference: https://www.virustotal.com/gui/file/593d6e32c1f2b9c6945d8eaa7e9c678c44741ccf81dbbf47e66a6c76cf1853f6/detection

18.188.163.174:15891

# Reference: https://www.virustotal.com/gui/file/97ed702081749e69153fee919e9e8f658111784f9db574c5dca06ea50f8f5866/detection

18.188.163.174:3333

# Reference: https://www.virustotal.com/gui/file/ef7b20f36e6a559cc3676f9b7b216718713f6f9306368260d85914412159b21b/detection

18.188.163.174:3306

# Reference: https://www.virustotal.com/gui/file/92bdf2e1bd1839603789ed88afb5bd1b355f73b75b2e2a6bac2fb236048ef6d3/detection

18.188.163.174:45165

# Reference: https://twitter.com/0x3c7/status/1359488378610348034

akamacloud.pro
asurecloud.tech
akamacloud.tech
akamalupdate.site
asurecloud.pro

# Reference: https://twitter.com/malwrhunterteam/status/1359816980887461888
# Reference: https://twitter.com/malwrhunterteam/status/1359821702750953472
# Reference: https://www.virustotal.com/gui/file/ce86d647df2da33c5992c790ddc0d302b56af8a0d7b1433639c235ff03bf09ad/detection

http://103.91.64.134

# Reference: https://twitter.com/sS55752750/status/1359577214682095619

http://54.221.242.107

# Reference: https://www.virustotal.com/gui/file/470971ed10c5c5d2b0fdee36f7e27c1bf4cbd7f413b3888551fc35b89cd0933c/detection

46.17.45.72:8443

# Reference: https://www.virustotal.com/gui/file/c5dece477a102fa99740bea271afb58601480ff5c26cd6d489c912ece901f620/detection

49.234.105.212:4433

# Reference: https://www.virustotal.com/gui/file/92cfbdd07946c107d0c8a1d141c8e1ac9e38e14d5dac1053c6150e414fbdacc7/detection

49.234.105.212:44333

# Reference: https://www.virustotal.com/gui/file/bafefbc8b7090bc76710e72d0395ed3aa85d9d1e4f306d9525a3279c9347e11e/detection
# Reference: https://www.virustotal.com/gui/file/2a924a002f577447874aaa5c74308557c44d6f9a2ec67bdb81d53be17282a6c8/detection
# Reference: https://www.virustotal.com/gui/file/1d5ec298081adccfe25a12a387e6856bccf0aa071e39787dba1b48ee2eb79941/detection

http://119.45.153.4

# Reference: https://www.virustotal.com/gui/file/1e975b143737eebb13597e7d1be4a51105154c622ca65af6fd6d53710e5b51fd/detection

119.45.153.4:8080

# Reference: https://twitter.com/bryceabdo/status/1359895628139134977
# Reference: https://www.virustotal.com/gui/file/75c23f2f9f39a60273e6bd87dca238dfb988220d76302bc1509560ce61619b43/detection
# Reference: https://www.virustotal.com/gui/file/bbcc22046848fea38031b0771bc74eae94e14c643a697628822d17500ba0bb0c/detection
# Reference: https://www.virustotal.com/gui/file/1d01bb5d5b75fb5892407b924b664a72907bad91aa673aa2e05f8958f3d6926d/detection
# Reference: https://www.virustotal.com/gui/file/743ab9bdbe37f1f48b18b309fae947468e828c7b986fb04bc3caebec813b259b/detection

libhd.com
nullpin.com

# Reference: https://www.virustotal.com/gui/file/abcc3138b0e32e70003592d627d0945f05749bac944b73a308626e8871decdec/detection

178.34.25.134:8291
cod.system-ns.net

# Reference: https://www.virustotal.com/gui/file/3ed3c718139153932bc47e5b89a762453d893431b6e83285df7ff8e5935d6617/detection

62.234.56.138:9997

# Reference: https://www.virustotal.com/gui/file/ea4aa385578f9df64b1e139dce816acea622f77e581d4f8545601ce3c16b5165/detection

104.21.84.3:8080
172.67.184.7:8080
test.blilbill.top

# Reference: https://www.virustotal.com/gui/file/1bcbe32e0b460516845bb8d4ce053ea1e0c99a52948592056703ad8fa75a4445/detection

http://188.131.166.59/match
http://188.131.166.59/submit.php

# Reference: https://www.virustotal.com/gui/file/268ea50295631b72619933e065b4591c78f9e92b28681e5b090f1877527ec038/detection

101.36.108.222:10011

# Reference: https://www.virustotal.com/gui/file/43ca5d7df1e1ecdbd6713d17052810c3051cde509000ec6af5133fcb537ec789/detection

101.36.108.222:10012

# Reference: https://www.virustotal.com/gui/file/38f36362ed196580108121b874878576d4d758963ae8f9a0df7c960f697f2351/detection

171.221.221.25:2049

# Reference: https://www.virustotal.com/gui/file/b30b7a31ce17c0cdeb67ed11265edc9e9816e01a941c6bcac12b1383ceb734e8/detection

8.131.61.99:443

# Reference: https://www.virustotal.com/gui/file/efc6414db7577e111b075f15de63d4e76256ad2334ec8135d4b6f9001ca9ff83/detection

155.94.154.188:5656

# Reference: https://www.virustotal.com/gui/file/e6cfb5471086f1c1bf1623ffd90de91c3e7aeae66d564cab6c4918cdfc34c1de/detection
# Reference: https://www.virustotal.com/gui/file/3332bd12465a2a1cf5fad76312e4cfadc340a57edddaaed20e1ba9b735d80ccd/detection
# Reference: https://www.virustotal.com/gui/file/23f8c02608d5670f3da68e01ee15f37656025271a949fcb9cb59cb0c1787af79/detection
# Reference: https://www.virustotal.com/gui/file/8bd86c2ceff12b7218e3fe8e81435b32265ce06f82e28c308ad11f897f8e312b/detection

104.21.87.142:8443
172.67.169.226:8443
co.avavav.cf

# Reference: https://www.virustotal.com/gui/file/da6950012fdd3cf3ab8a02c4e867c4e3fcf1da1dbea919e69cc5f855ee593060/detection

cloudflare.trust-ssl.net

# Reference: https://www.virustotal.com/gui/file/2029bb2a4dca54279a4853d297c8296e605afcab59f28c50328912acaf8671bf/detection

cloud.trust-ssl.org

# Reference: https://www.virustotal.com/gui/file/09007c9ea255ba99336e7089d12769d089584c72e68d68e794154df481593b1b/detection

http://39.99.248.209/__utm.gif

# Reference: https://www.virustotal.com/gui/file/f6b9a453e4f71f1aacd4dccc43ed507ef3d45657c9a2f98913bdf8fec4e765cc/detection

http://39.99.248.209/PByR
http://39.99.248.209/push

# Reference: https://www.virustotal.com/gui/file/35764ca0e9afc3de72981f2b35992c6dcae778454842d2e27e85b81c77a79f8f/detection
# Reference: https://www.virustotal.com/gui/file/b5428b4384f32d60b420ea1a65ca7265734e4ac3a82fa1d1a7fb4b32fb7c9c86/detection
# Reference: https://www.virustotal.com/gui/file/e792c35663f23725a78b8788fdfec02cd665100a4b283b1de8708b5c4569bef2/detection
# Reference: https://www.virustotal.com/gui/file/a16b77fec7e19289fc86427865964a3d0a01f6fc5ce854f2ec621bb2e73827ee/detection

209.99.40.220:1013
209.99.40.222:1013
209.99.40.220:1014
209.99.40.222:1014
209.99.40.220:8291
209.99.40.222:8291
microsoft.system-ns.net

# Reference: https://app.any.run/tasks/0b53e8b9-e910-4bb5-b545-4c6f8aff0849/

47.107.236.124:8080

# Reference: https://twitter.com/kyleehmke/status/1361275723047141382
# Reference: https://twitter.com/kyleehmke/status/1361388486918602757
# Reference: https://twitter.com/kyleehmke/status/1361726058702249986
# Reference: https://twitter.com/kyleehmke/status/1362738506796326915
# Reference: https://twitter.com/jfslowik/status/1361707130416291844
# Reference: https://www.virustotal.com/gui/file/7fa4ef5925f7374a93494b97a6ab43b0951c2d504972bbf43f9d29398e55481f/detection

194.26.29.32:443
dresservice.com
fast1arrival.com
finderist.com
finderout.com
kolsunday.com
musictheir.com
newmsoffice.com
otherfind.com
servicenary.com
serviceroy.com
servicetheir.com
sundize.com
topother.com
viewcreations.com
viewhuntish.com
viewhuntly.com
wearegoshts.best

# Reference: https://www.virustotal.com/gui/file/4b1cb27303190ebbc4e63b49e1ace837ad9111bbb906b668b95ea75f4468a993/detection

47.116.72.212:8080

# Reference: https://www.virustotal.com/gui/file/c140d0861dbdd9df7c62c8155c63282483b84e7e5c02c7c2eea5ee6260810d14/detection
# Reference: https://www.virustotal.com/gui/file/accc60bfb2e77f8f0386a8e6211051092508e94ae25f1a25914e2e4b1cddd62b/detection
# Reference: https://www.virustotal.com/gui/file/e04296154c17925cdbf3d556dcdf804807ccbe4aac25d608c6e1c8aeca35819d/detection

47.116.72.212:443
http://47.116.72.212

# Reference: https://www.virustotal.com/gui/file/13b9b801bcced867efdaf77ef85479b0dd5754b1461c46310a82e88aad6f18b9/detection

47.102.101.87:3333

# Reference: https://www.virustotal.com/gui/file/e20fa624ae786cd71c6cf62492eb63a5feb172054fd08876ed2e04285ef4a598/detection

47.102.101.87:5437

# Reference: https://www.virustotal.com/gui/file/ab27a5e2430f87e7b280c8783ea485945c0916be89f4f3b451aad44448405cc9/detection

47.102.101.87:8080

# Reference: https://twitter.com/bryceabdo/status/1361359754820530178
# Reference: https://twitter.com/NickCerny/status/1361438883087585286

addvol.com
billingcarrier.com
crosshd.com
demosave.com
digised.com
docrule.com
etcle.com
evatip.com
focuslex.com
fordll.com
hitark.com
innohigh.com
interacetranfer.com
newiro.com
plushawk.com
prepcar.com
prorean.com
riolist.com
scalewa.com
secost.com
simonty.com
somerd.com
touchroof.com
tryddr.com
trywd.com
wingsst.com

# Reference: https://www.virustotal.com/gui/ip-address/64.69.57.217/relations
# Reference: https://www.virustotal.com/gui/file/fd61a2881f65dbd72437b2bb33c06b9188e93e86e3c83cf092a03da6ab732a53/detection

city-announcements.us

# Reference: https://www.virustotal.com/gui/file/ff4635c2cf9fe67447ec545d4d95668fb8fb63d6f1f5791fc6d10520d8a65fca/detection

http://64.69.57.217

# Reference: https://www.virustotal.com/gui/file/78922df64c93167a57c33fe8f0d109849a0e51514b4f2c6d1f53630e76657027/detection

64.69.57.217:443

# Reference: https://www.virustotal.com/gui/file/ccbbf8665de842302efae0d4c651af526a4805fac7c04a1725994eebf9de4556/detection

124.71.199.146:8899

# Reference: https://app.any.run/tasks/c6ad2334-8627-4340-a3bf-30f62f2cdafe/
# Reference: https://app.any.run/tasks/25bdf405-da06-4b88-b902-454044eddb0e/

185.203.117.79:443

# Reference: https://www.virustotal.com/gui/file/90f1ceadb6f7e8d12523693b4bfe2d170dd3d926890ac2264b815f47ccffda90/detection

http://82.146.41.72/match

# Reference: https://www.virustotal.com/gui/file/a17dedc46426e4bcb552c3bab579b84da6df7a75361a79b5978ba10c92068556/detection

http://82.146.41.72/pixel

# Reference: https://www.virustotal.com/gui/file/1c07c7b9ecab3faef9f96aaeb604bdcec99b615f6bbd5bd38276bd7c0d55a374/detection

http://82.146.41.72/fwlink

# Reference: https://www.virustotal.com/gui/file/3c5e144fed4e373bd74008d226e71e39adae855444e7a9815eeebf2e2300947e/detection

82.146.41.72:443

# Reference: https://www.virustotal.com/gui/file/503b0496dedb29b52efd9c8bad85221e3b401ce3ca5327c07f8c14987c3ed0f1/detection

http://182.92.65.134/activity

# Reference: https://www.virustotal.com/gui/file/344b5f38a761f2985e50e38abb59f14cf3b7f4641c7c85c7e713399b2204092f/detection

182.92.65.134:3389

# Reference: https://twitter.com/d4rksystem/status/1362084396656812032
# Reference: https://www.virustotal.com/gui/file/d05174d0489bb779cae53f59503f913fea723d32040851ed68cf2291a3ce64da/detection
# Reference: https://www.virustotal.com/gui/file/835433f9ffbfed2423b7078c50e0fc0f676af640f185a8d7dba8ef6d75e47338/detection

45.77.132.11:4433

# Reference: https://twitter.com/kyleehmke/status/1362134832189440001
# Reference: https://www.virustotal.com/gui/file/b880d3ca7ef3d23cf52b0775f9cc4b45ccb343cc31519ccf30513dbb5b35a375/detection

laboratorer.com
viewcoaching.com

# Reference: https://www.virustotal.com/gui/file/935451808b7bd93e2429966b527cdb66b30c90411703efe2d5ac3118e12a6871/detection

http://194.26.29.6/logo.html

# Reference: https://www.virustotal.com/gui/file/87dea75a62e10bb938875e75bec6e0a0f3590d652e7c34bf96f6daed9191d801/detection

117.51.149.186:443

# Reference: https://www.virustotal.com/gui/file/af7075b4a63093bba16b1a0abb92c02e2b77f4c6d1fcb16e90ef3fbf735e94bd/detection

117.51.149.186:8979

# Reference: https://www.virustotal.com/gui/file/10f3fc57ac7fa42e45ca5f32bdec8da47da9e6453b52e906a70bfdf6f4d5e43a/detection

http://117.51.149.186

# Reference: https://www.virustotal.com/gui/file/3045ae30bb27e1d099340b76ccb841005eaa523ae85a993207fb5f3e519c9d76/detection
# Reference: https://www.virustotal.com/gui/file/b7fe89c79302c0cae9ede80ec7ab5a1d8f5d0dfc2b91d927ee9ddbe06255fc56/detection

http://47.96.144.32

# Reference: https://www.virustotal.com/gui/file/2c991748b0adfc8be1f20921d29f8bdfb71468fd30915d3545435eebde769e3a/detection

175.24.232.55:8001

# Reference: https://www.virustotal.com/gui/file/13d714b972e16964641807058f2528a35134f7e8e1f7c04e28236a1e70ab7938/detection

202.182.115.85:8888

# Reference: https://www.virustotal.com/gui/file/4634ac5d97509de2a00f0a5397f9facafbc4e90b9a6361277d7f6c137a82535c/detection

202.182.115.85:11585

# Reference: https://www.virustotal.com/gui/file/0220bf077e378a35ebe42d2065482c43a15c510064eae8e67eaa095fd7c8a8d2/detection

34.80.90.1:6666

# Reference: https://twitter.com/kyleehmke/status/1362416825288556548

few-moments.com

# Reference: https://www.virustotal.com/gui/file/febcef0a9f620ea137735a1d6f1b23065ea42915a04e9780904af4e467f66a6c/detection
# Reference: https://www.virustotal.com/gui/file/2949aec1094a9ecaaef168ef50885e49226bb9b46e8c015b74bc98772ac340e6/detection

213.236.64.41:443

# Reference: https://www.virustotal.com/gui/ip-address/195.123.217.45/relations
# Reference: https://www.virustotal.com/gui/file/5159dd6d6e14d0ee7b80721a6ab7b7842cb62fef76bcaa4bd10deb2580c5a9b2/detection
# Reference: https://www.virustotal.com/gui/file/65d5e3d6f233a393e6c4d11fa947f733f3109e005cc1f957abe2ab8d78dc6002/detection

195.123.217.45:443
gloomix.com

# Reference: https://otx.alienvault.com/pulse/602d94a51d5a1e11cc85feef/

bestbookstore.org
laboratorer.com
viewcoaching.com
bestampage.com
bestserviceupdate.com
boosterion.com
cheeservice.com
dresservice.com
fast1arrival.com
finderist.com
finderout.com
firstaholic.com
firstient.com
jobjean.com
jobsmarc.com
kolsunday.com
lightingfastnetsolutions.com
oldentistry.com
otherfind.com
owaoffice365.com
servicenary.com
sundize.com
topother.com
viewhuntly.com

# Reference: https://twitter.com/kyleehmke/status/1362767251896696835
# Reference: https://twitter.com/kyleehmke/status/1363135238977814530
# Reference: https://twitter.com/kyleehmke/status/1363837537748455424

anbackup.com
backupwatch.com
fussion1.com
gig1bits.com
gsmulticolour.com
kolibraryman.com
libraryst.com
nrestings.com
nxenapps.com
servicebeats.com
servicesond.com
servicewhite.com
showyoursysteminfosphe.xyz
top1serviceboost.com
viewwiki.com

# Reference: https://twitter.com/ffforward/status/1362755904727371776
# Reference: https://tria.ge/210219-jaha71vx56

hdhuge.com

# Reference: https://www.virustotal.com/gui/file/cc01a27ddbffc797ccba8bd19535e52d53fbd88ebaab7f678b786dffcd49c1ca/detection

54.169.224.86:8011

# Reference: https://www.virustotal.com/gui/file/6c771d424122ebadbc500443295309e559dd69e270b44a88dfc09f5fc9d643d3/detection

54.169.224.86:8899

# Reference: https://www.virustotal.com/gui/file/a05c05c0802c14593c11951cc59bd0fda878a4f67a0f64c25135c33d7464f2b6/detection

49.234.127.102:81

# Reference: https://www.virustotal.com/gui/file/5486145b5c96436450606c5e3f7604cbdfecf0d1110b62809d26596dd7cea7a4/detection

49.234.127.102:5007

# Reference: https://twitter.com/sysopfb/status/1363903382201622529
# Reference: https://www.virustotal.com/gui/file/a3af3d7e825daeffc05e34a784d686bb9f346d48a92c060e1e901c644398d5d7/detection

121.37.139.238:443

# Reference: https://twitter.com/kyleehmke/status/1364208289073033217

englishpar916xml.com

# Reference: https://twitter.com/bryceabdo/status/1364255039645233156

newtill.com
tonbits.com
wordten.com

# Reference: https://www.virustotal.com/gui/file/49ee31b3c52899dd205b93ccc7c1e139c7cb7c61d3130c01214b99c2af8a85fe/detection

gogililutopikup.com
pinteslazluerdsz.com

# Reference: https://www.virustotal.com/gui/file/8de562163d4718c272d00fa6dfb8518fcba2693c888e2314f432fc4622935497/detection

nameshow.site

# Reference: https://www.virustotal.com/gui/file/0e992e74662b1322bca56e53ccdf363723d3f484e7ba0b94434330de1d6ee2d9/detection

192.99.250.2:8080

# Reference: https://www.virustotal.com/gui/file/f63e2042f4f36dd5ebb7c2c61aa3ba03c79eea868aafe58528fcddb8f1f17a6b/detection

192.99.250.2:443

# Reference: https://www.virustotal.com/gui/file/8e83cda4d42833195fe25a37232c56ed92c909b476703fd7e2a20fa30d694dfb/detection

http://95.179.153.26

# Reference: https://www.virustotal.com/gui/file/efd829832a5774040b7d8a9ddc915a2de726203b6ace8a9e322131496f601415/detection

http://8.210.38.183/pixel

# Reference: https://www.virustotal.com/gui/file/63ba968598ca7aac57a2902148f7853fb5c68f22cd5bcda10c66f6af2d113e94/detection

http://8.210.38.183/j.ad

# Reference: https://twitter.com/kyleehmke/status/1364530652876599297

culunk.com
juanat.com
quaido.com

# Reference: https://twitter.com/James_inthe_box/status/1364587761529978880
# Reference: https://twitter.com/James_inthe_box/status/1364589624383823875
# Reference: https://twitter.com/sS55752750/status/1364589159692828672

biollet.com

# Reference: https://www.virustotal.com/gui/file/7afa9c9e83955e20bae5f147cc9b37a2f9ea35cf7c502ad9e672d2622fe67e1e/detection

39.105.34.131:45667

# Reference: https://www.virustotal.com/gui/file/3a1f05b41aec9ffc367466301d7c930c6a5f82e10182c6081614dc6f0c0845b1/detection

39.105.34.131:56677

# Reference: https://www.virustotal.com/gui/file/299531e73f4841906e1814f2b0b9b382e95d225cd5ce382512c6d8e5dba38c0d/detection

49.234.227.228:7877

# Reference: https://www.virustotal.com/gui/file/78407206ebee1afcad175ebe5e42172663689772d76011762a82214f3374f71b/detection

49.234.227.228:16767

# Reference: https://www.virustotal.com/gui/file/1f184f14d623a2b955a57d2a28d1c4b7b6cc2d83899b04a12340dbf783f77c77/detection

http://49.234.227.228
49.234.227.228:13689

# Reference: https://app.any.run/tasks/cdcaa43d-7616-4122-8a5f-9cbbe31b3658/

http://185.117.90.29/__utm.gif

# Reference: https://twitter.com/ffforward/status/1364893143536181249
# Reference: https://tria.ge/210225-5gtb4n2xja
# Reference: https://www.virustotal.com/gui/domain/redwelt.com/relations

redwelt.com

# Reference: https://www.virustotal.com/gui/file/baa6fd49485dd3abe2c7f4fb2962c5a6f52bd6f03afa1579fd22db3f573c0e7d/detection

47.106.184.213:6996

# Reference: https://twitter.com/kyleehmke/status/1364909647589748736

lodidy.com
pilizz.com
radioabout.com
sarohn.com
shewop.com

# Reference: https://www.virustotal.com/gui/file/5907453f323f4f339049dec5222fe8f26a443985551ecfbd463f907315ae210c/detection
# Reference: https://www.virustotal.com/gui/file/4f59f661407bd5e9db481b2b9554a3251d4190353bdc495110dce5a663476600/detection

106.12.197.69:8080

# Reference: https://www.virustotal.com/gui/file/d1c6c698128c4bb725f2548f2cf2a52477a6ef763008a692e03f2bf457592346/detection
# Reference: https://www.virustotal.com/gui/file/f438c65a4f701107b52dc9c3d0f44f0488aec90f261890ec3724a9728d4fbdc5/detection

23.234.254.94:8888

# Reference: https://twitter.com/malware_traffic/status/1364984475944427521

64.52.168.229:8080

# Reference: https://www.virustotal.com/gui/domain/theqaz.com/detection
# Reference: https://www.virustotal.com/gui/file/d92e063481fb1a508b42f0373678bdbaecc8c377ad072490d494b4e8ac1646a1/detection

47.91.237.42:8898
http://47.52.113.152/BokA
http://47.52.113.152/submit.php
http://47.91.237.42/fwlink
http://47.91.237.42/submit.php
theqaz.com

# Reference: https://www.virustotal.com/gui/file/c426835ae931a0a21d1d900a5ef27b0ed0f8c20c3de4fbbeb218783deeab6d34/detection

djiqowenlsakdj.com

# Reference: https://www.virustotal.com/gui/file/5216768712d011aa099a6ce77242b0c63da663beb59343d6e3c1d471d9deb9c8/detection

45.32.47.23:443

# Reference: https://www.virustotal.com/gui/file/a32f9123d324bc2f4c0412f41c5972949f212daf3e5582cd9a36f294e5129f95/detection

http://45.32.47.23/pal.jpg

# Reference: https://www.virustotal.com/gui/file/3703576778f8eb431b460f1dc105ffa2fafc4eb6552efb44e4e2d10a56f1988f/detection

210.16.120.220:443

# Reference: https://www.virustotal.com/gui/file/a36fbae6e4c3e98560fc0f90ce075fb0d65ca926fdcfebea11a1b90445374c82/detection

remote.claycityhealthcare.com

# Reference: https://www.virustotal.com/gui/file/710665d0f86403adc96e8cef98ba3f1e628bd1a0b9aea1d2946c62b7fad06b31/detection

78.142.29.122:443

# Reference: https://www.virustotal.com/gui/file/d5374cceae9a2475169ecab55a7d510cd0c378831a99ca9dc4c7aa69539725b2/detection

93.179.127.70:443

# Reference: https://www.virustotal.com/gui/file/8355155cf48b11cefda6cc4b2451707d4d53e48b9e106c47d7e4f611ee7b1989/detection
# Reference: https://www.virustotal.com/gui/file/25a07a3283258c3f762bebd7b90e27a5b893be3330745015c73a97c567bb4e76/detection

104.168.219.74:8080

# Reference: https://twitter.com/hatching_io/status/1365266011201617920

jumpbill.com

# Reference: https://www.virustotal.com/gui/file/6627aa26081d2a70185dae2cdab306b5058ddf6f035d5f62edc3867c0da1592b/detection

217.12.208.251:443

# Reference: https://www.virustotal.com/gui/file/80a8127fc580ce0de095bca7c17de3c45cd95eb89ab6ac66f8f269d2b168a0c0/detection

http://217.12.208.251

# Reference: https://www.virustotal.com/gui/file/004207a0a1c509ac3806d98d4e85eb3d6bb7573a290f606faee270dbc5fb2a5c/detection

47.115.9.13:8888

# Reference: https://www.virustotal.com/gui/file/9cbe0e89b8088cbaedcae55e8d679466fa727834506e841de2c2776c633a359f/detection

47.115.9.13:8000
47.115.9.13:8088

# Reference: https://www.virustotal.com/gui/file/17156f4b65437bd63d08355dc63d8b69ce89c67b28ffb5e2bcdb38089b839f56/detection
# Reference: https://www.virustotal.com/gui/file/21126e00e24e05a365cb3fc78ae9066915668368c93b767b638a1044b3fa8ef8/detection

47.57.104.66:9760

# Reference: https://twitter.com/sS55752750/status/1365323177589620736

http://47.57.104.66/updates.rss
http://47.57.104.66/submit.php

# Reference: https://www.virustotal.com/gui/file/d57a38c704d781f695c83a5146d4b31a7c3a8e92a9b476ff784b0fd63e136900/detection

52.220.162.114:443

# Reference: https://www.virustotal.com/gui/file/4e0a94c5281dcad015d52199579bfec7223fe0d2e32900e06b42849650618572/detection

106.13.227.208:443

# Reference: https://www.virustotal.com/gui/file/ce9109ac28ef9f30186802ee95381c70fbc8f777cacdc9ab03437e9ad5921feb/detection

106.13.227.208:8443

# Reference: https://www.virustotal.com/gui/file/35685782b7b63c9d0ae531e5614d1942562faebddae4cf30d2de8ccb2ef982af/detection

123.57.176.239:39999

# Reference: https://www.virustotal.com/gui/file/424695c4152681fb755d4612c930cf273e3ec9f5905ab2b68f9bec252899eaf1/detection

123.57.176.239:12358

# Reference: https://www.virustotal.com/gui/file/aa776185636a07b9303c8efa4bd5c169e207df52fe0bcc67d5de5a309092702e/detection

116.62.110.116:59050

# Reference: https://www.virustotal.com/gui/file/ec4745a4bed622d2060a6a4897646242cc0417fa8b7444f6ba432f3dc617ea43/detection

116.62.110.116:4444

# Reference: https://www.virustotal.com/gui/file/487538492fa7c7774def112f181a63d29f2a8925ac3e03a53e3e7adc87422da7/detection

139.198.180.147:5978

# Reference: https://www.virustotal.com/gui/file/3cd99056a05a624382eadc1555633f47d5ff91253b0dc396d53e3f63b478258d/detection

168.119.176.54:8080

# Reference: https://www.virustotal.com/gui/file/b47d6cd571780e1afc6df546855c1799d6b8f746c96432fe3f96b7960ab9378b/detection

194.76.226.158:804

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1365438427735457799
# Reference: https://www.virustotal.com/gui/file/9f84130cc5240f4df5afc674fde40012dd9ff141a28dfd171fbd0db9747dbc39/detection

117.50.62.88:9901
117.50.62.88:9903

# Reference: https://www.virustotal.com/gui/file/9b7e0a21e13f1607ef431f54a44902d9250a0d21420cc1618481bea5b1dee86a/detection

163.172.6.164:443

# Reference: https://www.virustotal.com/gui/file/84931035f09fb83eeb53dba5be502d98fc473755bced2973e62c65f9a703dd3e/detection

182.92.103.213:8080

# Reference: https://www.virustotal.com/gui/file/fc0fccaa2a4aa6581364611f67386dcc72d4d0a5073386cb2b84821304f0f4d0/detection

http://182.92.103.213/push

# Reference: https://www.virustotal.com/gui/file/3370fec8735f326a916dd25d15f45fb4dc9b6d98239584cdf790ecea11e44344/detection

http://182.92.103.213/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/565fde1466f9e81eca36187032625f6a3d6c2dffebf4b56f339f3e66cf8654b0/detection

182.92.103.213:443

# Reference: https://www.virustotal.com/gui/file/6f5078f7ac89c789e24368ff092a73921066e25fe55a6db6ebeef20f3d88114b/detection

5.154.191.141:443

# Reference: https://www.virustotal.com/gui/file/1d1a88c22b958823a524b5f6390ab48639afe427589f8801109c59e0b65550fc/detection

45.61.139.89:443

# Reference: https://www.virustotal.com/gui/file/ff607f4d57515059d136c9b19937f8ec8a9354a7067548a619f23f613e1deeed/detection

45.254.64.7:443

# Reference: https://www.virustotal.com/gui/file/d0c75a78b1dd71c606360292baf35fc39f267882ff2bde483ee0da2a8734fffd/detection

45.254.64.7:11256

# Reference: https://www.virustotal.com/gui/file/529f4db01de77be25ad8e16548070c3f7ec3a73d26a92248c544ee90b18ea7ad/detection

ntes.ntes.cf

# Reference: https://www.virustotal.com/gui/file/fd92f9bd8e86c767b7be641e0a74ae14f70e8b18b75a749f3910138b5d8a55b6/detection

156.255.3.224:443

# Reference: https://www.virustotal.com/gui/file/3aee0f4f28a690a82ff175569c0b2055fb19569bfb8897d38856efece252c568/detection

103.224.82.194:443
fuckbc.ctlers.club
cobalt.ctlers.club

# Reference: https://twitter.com/kyleehmke/status/1365842735874400256
# Reference: https://www.virustotal.com/gui/file/1416ac312852e76a57e02317d7e7074721fe77abeb43b2705a039be208def668/detection

slhmsappf.com
smadst.com

# Reference: https://twitter.com/_re_fox/status/1366099495038185475
# Reference: https://www.virustotal.com/gui/file/5e3a9aa2949ec4048199db6be075954e905d655ed6c6b4d8b35b07a2e2a36c2d/detection
# Reference: https://www.virustotal.com/gui/file/e9f71a5afec5dd86b7865fc1ad9e3fa6655dd0c6ca54b2e7d4c8d8d5492fb726/detection

http://144.34.243.45

# Reference: https://twitter.com/_re_fox/status/1366092723430825985
# Reference: https://twitter.com/_re_fox/status/1368964510032289794
# Reference: https://www.virustotal.com/gui/file/bbc2b64ca0524a511204ed0b1e74d8a0628eea24d3860bfc6c954339dc1917f2/detection
# Reference: https://www.virustotal.com/gui/file/e0997867f99efac49d4327058129d2107c72503471baefa5b47cdf3e19617732/detection
# Reference: https://www.virustotal.com/gui/file/569ff94865e7761ec46d96d8740f36860b6be37c84b79c26698ecaddff79bdab/detection
# Reference: https://www.virustotal.com/gui/file/dcad6bee084337b2a064c1d05f7e32a0afbb86028dd5efcff9bbc8bbc27e2cc8/relations
# Reference: https://www.virustotal.com/gui/file/8f9bb47a7ac8ed8b47830e87e6a11a511ad61446bef2fb9e61f2a22322355984/detection

http://81.70.203.138/onJ5
adsclickboost.com
fort-communications.com
rainy-autumn.top

# Reference: https://twitter.com/bryceabdo/status/1366389007555440642
# Reference: https://www.virustotal.com/gui/file/f8dbd5c92afacca83500c52cf5cf1160a5328ddc1e76094d83fd28d6f071acfb/detection

mscomajax.azureedge.net

# Reference: https://www.virustotal.com/gui/file/37363cc76e570f34ea24b244ff530e2e82044a63f7045172fcd8048916fa486d/detection

121.40.103.231:8000

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-03-01-IcedID-IOCs.txt

94.158.244.89:8888

# Reference: https://twitter.com/kyleehmke/status/1366691568900583424
# Reference: https://www.virustotal.com/gui/ip-address/45.141.84.195/relations

theradio-blog.com

# Reference: https://www.virustotal.com/gui/file/769574ec8efddd08020bb72ae0cf30500254f6cadd77aaf2201b7969e293ae3b/detection

129.211.83.51:8080

# Reference: https://www.virustotal.com/gui/file/c2805a9f8e9867813898189938db261c9a79eda93a0a6a5958cc9055804b27d7/detection

http://129.211.83.51/5tKi

# Reference: https://www.virustotal.com/gui/file/bcee1d0ed7d6e803fdb32b5a8d88586f515a0865f901c67e85bb215030cb41f7/detection

129.211.83.51:8000

# Reference: https://www.virustotal.com/gui/file/6e43c5b1352e25944656a5b811ed70addd3a9446e2e9bb29017de6fc67396a1f/detection

http://23.105.219.15/push

# Reference: https://www.virustotal.com/gui/file/5380f3f2a0ee7fc03c7efaf98edf0bf59d0874a850b78a27f93bf5a1eb943996/detection

http://23.105.219.15/cx
http://23.105.219.15/G9ti

# Reference: https://www.virustotal.com/gui/file/a65bd3cd858ae613aef8775a232a4c8d528931127be610438e3d388f74e56e3b/detection

23.105.219.15:85

# Reference: https://www.virustotal.com/gui/file/abf0b96f1dd2d90c3764dc7e96726ed9bb5ba87f1dde784cb52e567a6acec83d/detection

cloud-microsft.xyz
update.cloud-microsft.xyz

# Reference: https://www.virustotal.com/gui/file/e3c72e87734d629420fca45da386b95ad98d701c8503ea683601c85d9c14342f/detection

42.192.209.56:12358
42.192.209.56:39999

# Reference: https://www.virustotal.com/gui/file/461b7ed5df90dacdd78dc4981ae5af073274cb7d05fde7708df43ce3e008a416/detection

sekel.accore-store.com

# Reference: https://www.virustotal.com/gui/file/3314ab248ffb2989f3d525cd058821659e9a1a903d62f5ebea56465b1ac51311/detection

106.54.211.200:23380

# Reference: https://www.virustotal.com/gui/file/b40a92ce34e96e2ff9e2617a28ac4e33bde476e4cf90d261953af4af642fbc94/detection

39.107.225.220:8002

# Reference: https://www.virustotal.com/gui/file/cff6e888792de7a89188f32827d858a21e289ffb5d47040d4f0f09a01557f1e2/detection

d3iwn27a701no7.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/d30d43a30989b9db5aa453575d120a75221fc679b2ec7deca74c3ad95253aa8b/detection

http://103.237.103.211/load
http://103.237.103.211/Pmh8

# Reference: https://www.virustotal.com/gui/file/46df94a7290cda6c78aaa395edb34cb427817d612805f9da1b8c600c106af2ea/detection

http://103.237.103.211/pixel.gif
http://103.237.103.211/submit.php

# Reference: https://www.virustotal.com/gui/file/27c9416dcfa2386b9e505e6b22654d9e7106d70a41f952f8db3567c688819764/detection

47.119.118.210:6253
http://47.119.118.210/qvE1
http://47.119.118.210/tz.png

# Reference: https://twitter.com/malware_traffic/status/1367152943158468610
# Reference: https://pastebin.com/raw/TvLvgpLm
# Reference: https://www.virustotal.com/gui/file/f69bf0a2ed9eea49f89f6f2f5a46059514b4644e407ea5c5d525ec3c27f4af4c/detection

http://51.81.142.72/uNPI
http://51.81.142.72/push
http://51.81.142.72/submit.php

# Reference: https://www.virustotal.com/gui/file/098caeccd3ac77fb7591c1f938161dcc2d8c9f437235c53504381ed219732505/detection

45.144.29.185:443
logon.securewindows.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1367418063390392322
# Reference: https://www.virustotal.com/gui/file/a2c942c0d7c00360a5a943649f2dd44d8643af91e8c04da8e9bab584582dfb0e/detection

cobaltstrikedomain.io
6d30f5fa.hivheriu.cobaltstrikedomain.io

# Reference: https://twitter.com/kyleehmke/status/1367424267827228673
# Reference: https://www.virustotal.com/gui/file/0c5b230479b1613d24b1cd62879cb13b8adaeac3f05d1f41dd44cc57323583f9/detection
# Reference: https://www.virustotal.com/gui/file/bd23e18463f1c0c7e5f8962574b6174bacf377f8582f398c6dcf7bd46b6c6f63/detection

apoula.com
bacynx.com
rertai.com

# Reference: https://twitter.com/kyleehmke/status/1367187234563186688

mrelephant-ight.com

# Reference: https://www.virustotal.com/gui/file/4c2e3292215b1ba303139c62f88592d6fe3622fa475fbc6368344cbe7d8772fc/detection

chrome-update-static.tk

# Reference: https://www.virustotal.com/gui/file/efde94f07286283ee30f2d1705ea00e17764753c199e0db9e93d9e0822f537f1/detection

182.92.175.96:443

# Reference: https://www.virustotal.com/gui/file/16509dfe2a5000f31ccf2670f13de49bdb69aebc5ebe299c7c959fe78d944970/detection

182.92.175.96:5555

# Reference: https://www.virustotal.com/gui/file/a4dd3457315084f6dda5e0f30492aae8a322909604dc2d5b1b28498f0a681c14/detection

36.110.239.38:10001

# Reference: https://www.virustotal.com/gui/file/baf09c46feced5f2820e1db94e97c9c0c49cd8a3fa591c6bc8d3f3b554367a0a/detection

http://36.110.239.38/j.ad

# Reference: https://www.virustotal.com/gui/file/7109e29a4d35e0dee65377256f87d29f96b9b9d8b5f8d272b1d3cbb18e4f806d/detection

47.100.139.80:444

# Reference: https://www.virustotal.com/gui/file/f8e9e5bec4db85f2c4ca49755bca7703ec4067f75d05a6acde301cd0a8cccafc/detection

47.100.139.80:8088

# Reference: https://www.virustotal.com/gui/file/3d9c7ff5981b8f59c1248a14e514f7e90a5dd9f0b37de4571b5c40dc28ddfd2b/detection

45.32.146.181:443

# Reference: https://www.virustotal.com/gui/file/ed0fc0c29ecb444133d4deb09b957aa8e976455cb49ce620e659a1b918b2d152/detection

45.32.146.181:8080

# Reference: https://www.virustotal.com/gui/file/6d1ea30d771433febd79855c32de997aeb146dbbb529bdc7734509689855267c/detection

http://45.32.146.181
flash-up.info

# Reference: https://www.virustotal.com/gui/file/373bdbeadadbd8300fbecf5a149b53ebcc546eb6fcf15811d48148981f536c30/detection

39.106.223.146:10007

# Reference: https://www.virustotal.com/gui/file/b1061d6fb3ea3dbd93567f304cc12424dd5f789a924f84416513195c882e4398/detection

39.106.223.146:1001

# Reference: https://twitter.com/malware_traffic/status/1367526827221204996

108.178.50.74:443
http://108.178.50.74/__utm.gif

# Reference: https://twitter.com/d4rksystem/status/1367157832580128768
# Reference: https://www.virustotal.com/gui/file/ba1e40a772acdd71dc1e47b4f9ab2767868fd959f072a55c00da383a590c160f/detection
# Reference: https://www.virustotal.com/gui/file/61cc9992d6b716c4cc6cca259cb2f576cf3434d73d580d6d025214e79485bf42/detection

88.119.175.102:443
88.119.175.102:8888
update.webguardsecurity.xyz

# Reference: https://www.virustotal.com/gui/file/81b0869d2cda1aa3f9be128933ba0a2b40e0cc95d2d7a954d4d73ab033864fed/detection

80.92.204.13:8080
update.securessl.xyz

# Reference: https://twitter.com/kyleehmke/status/1367786747019530240
# Reference: https://www.virustotal.com/gui/file/9ebebd5a8f1ace9664c7df8de0ae8771143827e090b7ea8875f8106017e4eb74/detection

eochea.com
inctot.com
ptambi.com

# Reference: https://twitter.com/h2jazi/status/1367849892677357575
# Reference: https://twitter.com/h2jazi/status/1367860250431356931

8.140.111.107:3756

# Reference: https://app.any.run/tasks/0a488e93-d0fa-493d-8056-c62cfc476c8d/

8.140.111.107:443

# Reference: https://www.virustotal.com/gui/file/cf288c3091bc6d75d5fa1543f8f65ad5e46c8e50c770263b75d1d520c879754b/detection

119.45.204.110:5555

# Reference: https://www.virustotal.com/gui/file/1d8aa43fda40ff99bd20473b2198e41655b69f687a5445a773532cc5cffb496e/detection

http://77.123.155.74

# Reference: https://www.virustotal.com/gui/file/ee81caca3ed79e362c797b881b0d690987405895c510768ffd09431ee19b8502/detection

http://49.235.92.191/lAw9
http://49.235.92.191/match

# Reference: https://www.virustotal.com/gui/file/a3db33213f9d504c6d1402d08db90045bb866bb3efd56b03fde71d6a742079b1/detection

117.78.1.204:65534
117.78.1.204:8080

# Reference: https://www.virustotal.com/gui/file/38be9295820eb2475d9f78fcc86a1bd8ee259b4ba0ae5ca06148c07cf359b019/detection
# Reference: https://www.virustotal.com/gui/file/a809387c665f61f35d397b36740f8880e7ba805c50f3b85a6b3562e956d59ea2/detection
# Reference: https://www.virustotal.com/gui/file/4c11d97d43093b8d4459c2f9b7ee2859fd747801fb4dbc50cf6585d983640897/detection

104.21.21.59:8880
172.67.196.195:8880
systemupdata.monster

# Reference: https://www.virustotal.com/gui/file/73f56f3c85b78a252cb26dae4c493c5d2aad9893d99bb2833cdcc30c38e21e95/detection

123.185.222.188:50051
xtgo.xyz

# Reference: https://twitter.com/kyleehmke/status/1368159717537832960

addiggen.com
dorkedit.com
retumele.com
uradorek.com

# Reference: https://www.virustotal.com/gui/file/b6e5152533f4b53ee38457f3106ba6f5701038b66bb6236504c5aeebc9cde5ef/detection

104.168.166.124:8080
fuckyourserver.xyz

# Reference: https://twitter.com/rcwht_/status/1368543343513374720

fowatior.com

# Reference: https://www.virustotal.com/gui/file/3b2439b79e0e8ab9055168d973f1f95896327383f3557c3b2cd556577e615fbd/detection

209.195.84.244:443

# Reference: https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/

http://195.123.217.45/jquery-3.3.1.min.js

# Reference: https://www.virustotal.com/gui/file/86913f902c21515679a19af4af86148e40be3f94bed6987f6a4b6bd71e5b5fb5/detection

42.193.104.247:7890

# Reference: https://www.virustotal.com/gui/file/eeeb10adc313e9cd971aca29d26ff68e6674744f4a86ce58369a72f919e61e8e/detection

http://42.193.104.247/DmKa
42.193.104.247:3546

# Reference: https://www.virustotal.com/gui/file/bc4ff468e1478989bbaedee28e90df280e81caf65fdef3b6187d5d31c43fc571/relations

42.193.104.247:6666

# Reference: https://www.virustotal.com/gui/file/dde1f0a0d33eb8f091808c348bdf0da987a46e9918e00eddf4fd514960deb74f/detection

http://2.57.185.33/dpixel

# Reference: https://www.virustotal.com/gui/file/0a22f89e8d22d1617a9335dd8cba51d85e43452fb99ba1e0c2c96a3befe971a4/detection

http://2.57.185.33/dot.gif
http://2.57.185.33/ERZk

# Reference: https://www.virustotal.com/gui/file/85b750a8f9a40334b856936001eb8a397571da5653bd7e28e524a7ed3136bbb7/detection

121.204.159.10:8765

# Reference: https://www.virustotal.com/gui/file/382d96ce2f8c872c66a866cf7d705febdeb5cf3cc999aa9f10162eb2f001cefe/detection
# Reference: https://www.virustotal.com/gui/file/1d8aa43fda40ff99bd20473b2198e41655b69f687a5445a773532cc5cffb496e/detection

http://77.123.155.74/owa/?wa=

# Reference: https://www.virustotal.com/gui/file/1d85ccc8254dfd89e23bfc5dfae6391d23e572bb02e84139de14e6b8795db07c/detection

salofu.com

# Reference: https://twitter.com/wwp96/status/1369448556877254667

http://195.133.52.172

# Reference: https://twitter.com/rcwht_/status/1369613610977230849
# Reference: https://www.virustotal.com/gui/file/8a7595470139f0f30996aa019b3435eb68ab0419755bd0b9032f178b0b0b4381/detection

insamn.com

# Reference: https://twitter.com/malwrhunterteam/status/1369639826392289280
# Reference: https://www.virustotal.com/gui/file/7d668d5d4b4d2ea5c84c8a8d15dbf414b90cfcf78ec8a07ecaf8ba1127700a90/detection
# Reference: https://www.virustotal.com/gui/file/914eb740bc13bca5c97e57b9b114c1d1c979196ccb1478048e1096ec9aa7f118/detection
# Reference: https://www.virustotal.com/gui/file/979f4ce3d0b93b6642d56633c1a1c85f6cbf82a1495a2ec09ca96b95633f56ba/detection
# Reference: https://www.virustotal.com/gui/file/7d668d5d4b4d2ea5c84c8a8d15dbf414b90cfcf78ec8a07ecaf8ba1127700a90/detection

47b0d721.ngrok.io

# Reference: https://www.virustotal.com/gui/file/a8979ed3ebb02513d366e126a8f5e2830f7590207dc30bb936fb0ddfe4bd543b/detection

65.49.201.116:65511

# Reference: https://www.virustotal.com/gui/file/fe6dcf38ecfeb4612ff8c59aa72afad19222bc181464e4b4690f19045bb2f9b5/detection

s91-update.mala7at.com

# Reference: https://www.virustotal.com/gui/file/287aae0d0192654d709742977dfb6219856096d8b05cf7592b2adfd96bb2d976/detection

http://78.129.165.207/__utm.gif

# Reference: https://www.virustotal.com/gui/file/6402b54799c36e1e6cfc5975355fcb587b961e0d3821347a294074e76efeaa87/detection

http://78.129.165.207/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/bf2e8f662f7cff27920ca7c9b27277d1bdf67b58d727d6274e5c32e95d53a715/detection

118.31.60.46:82

# Reference: https://www.virustotal.com/gui/file/02b4362cbaceac185d1a954b5ccec7b5c0de6867635a1d65e87808574816349c/detection

185.213.26.160:443

# Reference: https://www.virustotal.com/gui/file/cae2e35037dcf6316772881fef5ebe60946619f393d3998c61eea5dfbc3d636d/detection

app.lanjinger.com
fuckapi.microsoft.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369776001392271361
# Reference: https://www.virustotal.com/gui/file/018ef51a2af287a3d665e5057e6367eb0a5d5ef5a807af6c255eba26d20b4ccf/detection

85.143.217.4:55509

# Reference: https://www.virustotal.com/gui/file/c8b8a69f69e5c86b56b88c00ac9ebf187c752d2569ad64f649190cd33c8f7741/detection

85.143.217.4:55510

# Reference: https://www.virustotal.com/gui/file/82b1cdd8869c550689bd5d5f6c387b21e84cd137730ed810cc2a3977560649cf/detection

47.111.27.184:33500

# Reference: https://www.virustotal.com/gui/file/fe3b61c3418f28bbdabc03c50ef6b31ccd5d9eaa0a7090a361f869690f7d95d9/detection

http://47.111.27.184/a9Lw
47.111.27.184:33336

# Reference: https://www.virustotal.com/gui/file/a923baee9a9f6f38342d15716045c1e7a4ee7c5e02c4c0fa47ebd916eafd7831/detection

8.140.117.160:888

# Reference: https://twitter.com/malwrhunterteam/status/1369975295931977735
# Reference: https://www.virustotal.com/gui/file/50df23b98ed08a6b7e6a0e50a4333fa00f957121a3c7d63768de60031924fe4b/detection

217.81.56.234:25566

# Reference: https://twitter.com/malwrhunterteam/status/1369976082443685889
# Reference: https://www.virustotal.com/gui/file/831a0a30a21ccef8452e105d834fc6876750d37ad51e56506c318d096f424191/detection
# Reference: https://www.virustotal.com/gui/file/1f8ee549062d932e4d3108cd5c64aa53169897ff1a0b19224d0b16078c962c80/detection

47.105.44.59:8888
http://47.105.44.59/cx
http://47.105.44.59/GjaK

# Reference: https://www.virustotal.com/gui/file/68977d8899bc1b1394746d4bed7e5259f65657f3a3518168f09aa533a2bb54fd/detection

47.92.121.151:48686

# Reference: https://www.virustotal.com/gui/file/b084eb0a11a9c22c78bdd8893b746bafc129370459037383bef2aaa16fcf3995/detection

47.92.121.151:443

# Reference: https://twitter.com/malwrhunterteam/status/1369982845331136515
# Reference: https://www.virustotal.com/gui/file/6645b1a7ee5e8fcbfd5cf7eefca3e815fab9d59082353cc49fde55bd05d25aa0/detection
# Reference: https://www.virustotal.com/gui/file/f4c2165208df6cdb08da464a59174a4d660dfbca67f163956eec9a9242847426/detection

206.166.251.100:443

# Reference: https://twitter.com/malwrhunterteam/status/1369983617565417472
# Reference: https://www.virustotal.com/gui/file/45534eb82b0374a5f95722ac75aae7bbac2f2ba3329f7bdeb7d3ff4245c58d6f/detection
# Reference: https://www.virustotal.com/gui/file/eb5ba1269daabf0df524b3d1842968dfbfb48c46e0df4a6382b7d82dceac46df/detection

101.132.236.220:4100
http://101.132.236.220/7lHr

# Reference: https://www.virustotal.com/gui/file/e419c2659b0fa54c3e4347546f4b2a157f64eb1cb660a2bf72f68beb5ec60374/detection

3.1.85.72:9988

# Reference: https://www.virustotal.com/gui/file/95224566a693f5b826c907cc71faad1a6cbc9d760ce72eae9da53e72c97c9677/detection

47.108.186.75:81

# Reference: https://www.virustotal.com/gui/file/f2c08fe4d94be12bbda1a2901582d7e57a31ab630acf71f8607bf299e2c7fbd6/detection

47.108.186.75:5003

# Reference: https://twitter.com/malwrhunterteam/status/1370027782126723082
# Reference: https://www.virustotal.com/gui/file/0f820f8dfa7e5963261691589380c5581d35142a24e3e1e7fb12540edbec6662/detection
# Reference: https://www.virustotal.com/gui/file/d20a0a466a68b1243590086c393c23c3705c073f6021e0b71c03eee1a78732bb/detection

172.67.169.54:8443
balabala.tangotango.tk

# Reference: https://twitter.com/malwrhunterteam/status/1370029176338587657
# Reference: https://www.virustotal.com/gui/file/055672abeb2d5018279ea2ad039bfa752c1f8333c065e3830ba61b17a65f3731/detection

yellow-mountain-cb5f.pza3-bdcb3s.workers.dev

# Reference: https://www.virustotal.com/gui/file/9e59a2cee1988d52223872eaa44651592c529e6cc70fb005c7bf43eb2b816919/detection
# Reference: https://www.virustotal.com/gui/file/64ee2df3dc579cc5ca2d47769299ff2ba648677e4ecc271fffa4933760d78c1e/detection

http://91.241.19.170

# Reference: https://twitter.com/malwrhunterteam/status/1370039809255817223
# Reference: https://www.virustotal.com/gui/file/0654ee45699f747bd5f802b12c43b4190479c88c7fa8c8f83dbbec7bda5f1a33/detection

124.70.68.71:1314
http://124.70.68.71

# Reference: https://www.virustotal.com/gui/file/598b567a803da542fad8752abf8f46a55c620bf6f7f69f5049374685a758aa15/detection

http://119.23.104.209/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/2feae915a1c71a55087f6f5668bd2e44a1e948eeb69a01f8e7bb2ee3cc5748b8/detection

119.23.104.209:7000
http://119.23.104.209/yeL3

# Reference: https://www.virustotal.com/gui/file/340d2bd9b94ac1ebf5ee973075338df58dacf6c79a2845da95e18496757311e6/detection

ifcloudir.ga
ifpricloud.cf

# Reference: https://twitter.com/malwrhunterteam/status/1370047562334535680

gold-rain.xyz

# Reference: https://www.virustotal.com/gui/file/03e8643650ab91d778de1d19a827e9c0e19de5f9155901d97dd44e6be3f4480c/detection

180.215.199.103:60050
http://180.215.199.103/H9mn

# Reference: https://www.virustotal.com/gui/file/a33fb5acbc72c437f24f3db3d0d218eccdba0be9c27c7d9568558c2b0c04fd4d/detection

180.215.199.103:6396
http://180.215.199.103/r8Bp

# Reference: https://www.virustotal.com/gui/file/7dcc867f2adf542642bd2ddcdca32095cc4cc2def71b90c717dd7bfef4d47fb1/detection

http://39.99.149.163/push

# Reference: https://www.virustotal.com/gui/file/e5a72ad001bc62f1949a5fa172caf20eb74d11d46de6fd2b0d1c2c1d7abdfe8e/detection

39.99.149.163:8081

# Reference: https://www.virustotal.com/gui/ip-address/74.118.138.180/relations
# Reference: https://www.virustotal.com/gui/file/a4e48839f043af32f34b19c9f3d317dac4475e416300772944942bad1f53ed35/detection
# Reference: https://www.virustotal.com/gui/file/fc7bc70a9cd7e104aba4201e0af8b093957514c33783f2eb6546d5d842a021fb/detection

placeio.com

# Reference: https://www.virustotal.com/gui/ip-address/74.118.138.211/relations
# Reference: https://www.virustotal.com/gui/file/ae1eb61db65921acd1723cdf47be5b168be1fdde14d6c2635c4e7986c9737d66/detection

prosmix.com

# Reference: https://twitter.com/3XS0/status/1370196290412425220
# Reference: https://www.virustotal.com/gui/file/9127f4731cb668c005941f22e29406e5973f97a54faa0ea3d8b91b163e37b19a/detection

msedgesvc.azureedge.net

# Reference: https://twitter.com/kyleehmke/status/1370336066654384141

geamac.com

# Reference: https://www.virustotal.com/gui/file/95f025cc6e96ad682393ea3f61c19bf492a8deef7d03b6b7e724b1f67bed6e28/detection

111.231.94.96:23333
http://111.231.94.96

# Reference: https://www.virustotal.com/gui/file/a77e7d82872399cfb00401843ba027fe05998317a13a8e0dd492d382df52ad44/detection

111.231.94.96:8888

# Reference: https://www.virustotal.com/gui/file/bfe526aa2912f7cc41affbc30a44d2cadba7ea81bb9d3c82275c9748ff10a266/detection

111.231.94.96:9990

# Reference: https://www.virustotal.com/gui/file/0a73c3943c9b7d87f5c03bab8f6ef37be8719463ae955926621650651b8111cd/detection

49.235.124.33:9999

# Reference: https://www.virustotal.com/gui/file/bbe44344cc71bb5518ac5878204027f49250d78fbef53791f744922fcca68553/detection

http://49.235.124.33/pixel.gif

# Reference: https://www.virustotal.com/gui/file/c6db4620f068551fd95260eb6b731616897a82580a8f5a1a7029a6c9d914bb6c/detection

onealabamasport.com

# Reference: https://www.virustotal.com/gui/file/b3e2339a781e071e0e7c90ed4116ee451a216151b7c4f450055f46200257d2bb/detection

101.133.147.105:63203

# Reference: https://www.virustotal.com/gui/file/6f48c074db2624635c274c6d59083b233be6355eede45f19edc9ffb009892faf/detection
# Reference: https://www.virustotal.com/gui/file/a83eb3d8a0abaebef8b74e6f4b5d8cf68a8ae5c7c7c8eb6c73e30c1455d59f57/detection
# Reference: https://www.virustotal.com/gui/file/04839d74cb6245c01ec96c120e42962603e0a54d937ecec3563bc2e89dba31f3/detection
# Reference: https://www.virustotal.com/gui/file/96465e0e3eca57a70c7ad29049744e13f85aadf19567b39152f153a89ec035b0/detection
# Reference: https://www.virustotal.com/gui/file/756591f4eff278aa5e668813585af77a96483a3e085387b5fde2d51a3a8ddfeb/detection
# Reference: https://www.virustotal.com/gui/file/579281db780e8a3147ffce21a5ee9e6f6bd89cc5ba20ef054d0f8636de5ef1ec/detection

101.133.147.105:8070
101.133.147.105:8086
101.133.147.105:8087
http://101.133.147.105

# Reference: https://www.virustotal.com/gui/file/ed78e70f04fa7c9e83ec8cd70c6136ce8383963f22066985ed4e09da4e3ddb39/detection

http://49.232.6.124

# Reference: https://www.virustotal.com/gui/file/6a692acbc70503f8091d7dd93dc218900a4d6d2fa9073fb66ee82d62285adff9/detection

http://8.210.117.134

# Reference: https://www.virustotal.com/gui/file/7ed84e540283bc7f51d69de4f75c1365819d4e80ffb971d2822a9a991127de8f/detection

159.203.169.168:8081

# Reference: https://www.virustotal.com/gui/file/485f000e6f257fcf204f067dbfa82d883025481b7d5ff6ce30837edad9348f61/detection
# Reference: https://www.virustotal.com/gui/file/50677316d4b328b0314c3acf568aed9ecd2b4a16179bf3a943888750739dbcc5/detection

8.131.52.5:65001

# Reference: https://www.virustotal.com/gui/file/86814d997ff467508c8b95d413f23e6ba852f6c4874a3221f18951ad1d7ad4a0/detection
# Reference: https://www.virustotal.com/gui/file/c41ea725d3af1394b3745f62db0e5317376f460d4d77a841d7466da1026146bb/detection

182.92.243.128:7073
msf0.f3322.net

# Reference: https://www.virustotal.com/gui/file/b921a4cc8e21dfb72d5fe900fb6dca3e5d661321bec2e273b5377037ac093f58/detection

31.14.41.212:27593

# Reference: https://www.virustotal.com/gui/file/1e70ecd78ec15144ad7aba30675829b71d749469983a0568326257d0642f47e5/detection

31.14.41.214:443

# Reference: https://twitter.com/bryceabdo/status/1371450733304877058

1nevadasports.com
njerseysports.com
onealabamasport.com
onealaskasport.com
onecoloradosport.com
onenevadasport.com

# Reference: https://twitter.com/z0ul_/status/1371320655170404353
# Reference: https://www.virustotal.com/gui/file/cda7edc9414814ef57c31e473ce87e489bcd6f1ed8d81a504e960e184fce1609/detection

http://107.181.187.96

# Reference: https://www.virustotal.com/gui/file/d50149466bf7359de99027294184b961f6cec016d02a3b087ac31086c8fe5053/detection

140.143.38.81:8088

# Reference: https://www.virustotal.com/gui/file/7febc22f3282edc1dd3965750bb76ad42125f8661a422d68acf524ee6ccd3ece/detection

http://140.143.38.81/f4qR

# Reference: https://www.virustotal.com/gui/file/f7b2382521ca34a2c85b69df42ffa46d8acddfa532a00b3b3d114a41fe0ba769/detection

47.110.49.237:5555

# Reference: https://www.virustotal.com/gui/file/fe8d515753e337eb2cf63b678111fd22e781de8c7f3a6971a9917a5b5c0a14eb/detection

47.110.49.237:443

# Reference: https://www.virustotal.com/gui/file/790c54b585cc1351b9c154b92c089dd3fd18820bc55f93688b6ad3dae841d3b4/detection

http://47.110.49.237/IE9CompatViewList.xml
47.110.49.237:8080

# Reference: https://www.virustotal.com/gui/file/6486abcba4d99af7e066b5b622b95b9d2e3573fb86b250fec48ce4755c61eb98/detection

81.68.139.186:39000

# Reference: https://www.virustotal.com/gui/file/f8d0bd6d0add5f6b51c540221c8b11a9dc0b400eff8db6f29b04f37772e16304/detection

81.68.139.186:39001

# Reference: https://twitter.com/Unit42_Intel/status/1371475289910444037

80.92.204.13:8888

# Reference: https://www.virustotal.com/gui/file/a9585cacb0e9317da9939ec6623cfd7c0a69ed68f111af4518cae42db017d09a/detection

212.64.84.55:443
http://212.64.84.55

# Reference: https://www.virustotal.com/gui/file/24ed275cadeeb8069ba65e96f062970d811bd3b970a122c1777c16195c0fc856/detection

107.173.159.228:9001
47.112.160.149:8099
http://107.173.159.228
http://47.112.160.149

# Reference: https://www.virustotal.com/gui/file/2f2ffa45cda809772eae8049f731628ccf33f828b41c3c3d9560744c8c3dca99/detection

39.98.37.102:45678

# Reference: https://www.virustotal.com/gui/file/0f08705d31694ec36d049a7b33a00f3b93eac674ad2856c7d11864299f69f048/detection

39.98.37.102:50050

# Reference: https://www.virustotal.com/gui/file/2a8edfe659bc299377e4086decb177add343383f163010137fc98e680fee3f7f/detection

39.98.37.102:6666

# Reference: https://www.virustotal.com/gui/file/5a8fe1d74be76ec7c4aec051067dbf1b85757cc069c1493f6f6d60085e3b6717/detection

39.98.37.102:45679
http://39.98.37.102

# Reference: https://twitter.com/malwrhunterteam/status/1371839846919106566
# Reference: https://www.virustotal.com/gui/file/2aaeee71a79da8a2d861c6695aa82ab00e5b081e6b5d11df308290e5d2863132/detection

101.32.176.12:8765

# Reference: https://www.virustotal.com/gui/file/6dc8bc71e68990b1618a6112b05c2d8dd5d9711163597685669edcc08163e8de/detection

49.232.196.13:443

# Reference: https://www.virustotal.com/gui/file/7704bd10793c92b81a211133dad864d0982fe2cdbd3e0d62fbf3a72ccc80e1c8/detection

49.232.196.13:8080

# Reference: https://www.virustotal.com/gui/file/22479a4fdee93c6c6f5af653a8db7ba76219f83f2852cac841abb6af8a66685e/detection

http://49.232.196.13
49.232.196.13:1122

# Reference: https://www.virustotal.com/gui/file/4184cdbcb1c87068e05fed1245253cb1d429a6f3795166503a3c52f0bd3e0a41/detection

47.98.103.103:8181

# Reference: https://www.virustotal.com/gui/file/03019392c784b402fb54169134072e21f7ef29cc109bca3005043de1177454e9/detection
# Reference: https://www.virustotal.com/gui/file/90e5a917ef15e8f3c3557b82c11ea0c4e131e98941c9d33485b9761c78193280/detection

123.56.137.110:81
http://123.56.137.110

# Reference: https://www.virustotal.com/gui/file/36aa835b8e4e4820d5336b0894f55e4484968dd58367cd3e96fb03790b6b2675/detection

172.67.176.73:8443
co.lvhaosou360.co

# Reference: https://www.virustotal.com/gui/file/786cc26c3870f0bd8e8824957f8f98746b8a376bc822e80a398e54335332ebc5/detection

104.21.96.95:2053

# Reference: https://www.virustotal.com/gui/file/a89b55c3d187e190f8840fcdf322845ab8b6c1a95cf6f34493ef6c6f3e08cfb2/detection

172.67.176.73:2053

# Reference: https://www.virustotal.com/gui/file/a25ce397f938951d5a4a6cd1b10e60d22b54195246160901d61d5b8c230e6a5a/detection

104.21.96.95:8443

# Reference: https://www.virustotal.com/gui/file/e8c971072d80efeb7b1afa25ce5990b094a377f94d1c0142491a1c56852c8dfd/detection

172.67.176.73:8080

# Reference: https://www.virustotal.com/gui/file/0dd91f43c87622fa965c343d3a57d94dab55c0f08b43df630b5b942302b60995/detection

139.196.37.219:443

# Reference: https://www.virustotal.com/gui/file/0f1fb6ff690d1b40e8aa3302cb638b73b65920616ccb9ec2c32069d41875ab77/detection

45.43.55.10:14333
tranews1.com

# Reference: https://www.virustotal.com/gui/file/5cdaf37e977ccca4eefbcf51c3960ffa28402f30894b60880892573855900031/detection

94.191.119.17:8081

# Reference: https://www.virustotal.com/gui/file/0174b458466650440f34f99451383fbce5f1dc48bba5a6b74539970a7d11e4c1/detection

120.27.240.20:9797

# Reference: https://www.virustotal.com/gui/file/4e607b8f064b79bd90fac6964fdf0ba44f0a6f2ecf7fb17ebf3254faa48c170e/detection

http://120.27.240.20

# Reference: https://www.virustotal.com/gui/file/466d392e47bd0fdae46d3ec61a7074249d67651549e29a10a47ac8d54d3105c4/detection

101.37.15.184:2345

# Reference: https://twitter.com/z0ul_/status/1372193876367265794

healthcarecdn.com
healthmade.org
itshealthpro.com
unitedfamilyhealth.net

# Reference: https://www.virustotal.com/gui/file/37aeb4bcf027aa8c93181e3c4c6e9d5d0024ad284e53ec043cb7c9adb37e48d4/detection

20.55.28.73:443
doorkeys.us

# Reference: https://www.virustotal.com/gui/file/cbe6b1ea7d9b12fb096dda9de682d25f2b4f3202a7031b5e35a7f473a99b19d8/detection
# Reference: https://www.virustotal.com/gui/file/08100b3bdd0f5f12acc22f2ddd64afb2d265ea919512aaa53542fb2cb326bbe3/detection

http://155.138.156.145

# Reference: https://twitter.com/GaborSzappanos/status/1372203843128295427
# Reference: https://www.virustotal.com/gui/file/eca2a0970c5dccf3a912a8d77ab33082b001ee50fe241bd0c786e8b907ace777/detection

http://185.162.235.197
185.162.235.197:443

# Reference: https://www.virustotal.com/gui/file/9fe7746048ee4444aaed7b3adb9592dc260750f97446a77d99ded7e6e93f414f/detection

http://123.56.236.57
123.56.236.57:63002
123.56.236.57:8088

# Reference: https://www.virustotal.com/gui/file/4886b66873da35726dd966bc2b7d894947939ec13af1a655437d58b201fb3383/detection

123.56.236.57:65010

# Reference: https://www.virustotal.com/gui/file/4d0680e08f9322a901ecdb4df2cbd3392c2e74695b1aaa0198c6bd7b6d82fe68/detection

93.115.21.242:5669

# Reference: https://www.virustotal.com/gui/file/5df769f8b5697d01a485874bdf3a28c983e6163da046e96d9bb334cd2bbe390c/detection

93.115.21.242:5831

# Reference: https://www.virustotal.com/gui/file/ae08ed11f7d794ef58367d1e9e0d97ff337ba6d2d1f54b727b64dc1514d7497f/detection

95.179.228.164:9564

# Reference: https://www.virustotal.com/gui/file/c3393b12616f7a56a27baf0be701608a5b357f6019aa724f2b715e30bab2c1c6/detection

http://111.229.93.139

# Reference: https://www.virustotal.com/gui/file/40cb6cf9ede0ad0d28d51cf19b8e1e4df23193cbca8126164b93013c579525fc/detection

114.118.4.220:8778

# Reference: https://www.virustotal.com/gui/file/c1d4943a462cf05f419bb3d4b835c1975b91a9b8a6803990e7cbef7f7b1a0557/detection

http://114.118.4.220

# Reference: https://www.virustotal.com/gui/file/4416743fb4d9a7db5d2ac0cf764e2285b13585e03003247486accd210e4f62d3/detection

47.101.184.239:31012

# Reference: https://www.virustotal.com/gui/file/3d151a5dca76e2a64eb9abd063bfe9f87ddd4d7f7a342c5eec7506cfd8bfd6f8/detection

47.101.184.239:7657

# Reference: https://www.virustotal.com/gui/file/a2613e3518ce230d2ba8e919f8c55e7fcaa24b90ac6dab58272ce5db4832fc97/detection

http://47.101.184.239

# Reference: https://www.virustotal.com/gui/file/61190b1791ea2a9d996d939272f97177f57c64b0e89a3ad406a27a8b61a83913/detection

47.101.184.239:8089

# Reference: https://www.virustotal.com/gui/file/71fd0af5613a51aedbfc6aa3408fd1c75140db7976df6496e82b33156c8e93cd/detection

140.143.169.72:7777

# Reference: https://www.virustotal.com/gui/file/a455aea2f4961eaaf0d53a383a8e5e73964482ff2d8ab72062173906ab9eca5b/detection

140.143.169.72:8080

# Reference: https://twitter.com/malwrhunterteam/status/1372894842024562688
# Reference: https://www.virustotal.com/gui/file/6220127ada00d84b58d718152748cd2c62007b1de92201701dc2968d2b00e31f/detection

185.14.28.232:443

# Reference: https://twitter.com/bryceabdo/status/1372895643102969861
# Reference: https://www.virustotal.com/gui/file/40d51eb3c053e2284a10a82361c4ad4d42f413f7b5741929bf6a61ab8d79ce26/detection

kasaa.net

# Reference: https://twitter.com/malware_traffic/status/1372705905880530950
# Reference: https://www.malware-traffic-analysis.net/2021/03/18/index.html
# Reference: https://www.virustotal.com/gui/file/39bb150fbc4f8f96bd3464b05a257ef377e7245b3d7f0ba0320cb3e34353d751/detection

http://45.176.188.137
45.176.188.137:443
pirijinko.ru

# Reference: https://www.virustotal.com/gui/file/b104681b50f293459c9d0e6256346fc202a1242999906965a680f5e9380c7cc0/detection

http://180.76.158.221
180.76.158.221:8082

# Reference: https://www.virustotal.com/gui/file/718f7704c6cc64c57cd32c6605c350228df7c97abd7c15789873241b0c9a3094/detection

shadowwolf.ml

# Reference: https://twitter.com/malwrhunterteam/status/1372924874449113096
# Reference: https://www.virustotal.com/gui/file/5a1c7c82279c5fd7ab9366cb3af29df82d373aced910f720ab9db36bcf2e4322/detection

139.196.6.154:6621
cs.shadowwolf.ml

# Reference: https://www.virustotal.com/gui/file/0da391f66b67e18995fe6fd3ed7b6a9fc31f226a2468f85f220b46180a609af3/detection

121.4.31.43:8888

# Reference: https://www.virustotal.com/gui/file/9e3fb63d2e85cb776bf88000069d82aeb5c86827bcbcefda38425410465b09c6/detection
# Reference: https://www.virustotal.com/gui/file/dc997efdb95d2937004c92e803199f2b14bb2e8db6e6564fa066404a60de2913/detection

http://111.230.196.5
111.230.196.5:6666

# Reference: https://twitter.com/z0ul_/status/1372943324944986116
# Reference: https://www.virustotal.com/gui/file/aca0a3e30d83e10197ebf1bf0fc2e7557e4e07f45066d6d1b3e997ca78d683f6/detection

pacifinik.com

# Reference: https://twitter.com/malwrhunterteam/status/1372946667981377536
# Reference: https://www.virustotal.com/gui/file/d4abe818f2a45592a9f06007bb59c59757596c9eb653ee6311c170fb8549b104/detection
# Reference: https://www.virustotal.com/gui/file/57979f5a114be28ae98861cdc77f45b26e49c5cae80eb742acfc587abbc446c0/detection

101.200.150.149:8080
serv1ce.microsoft.com

# Reference: https://www.virustotal.com/gui/file/11e7415d9b74d4116e57fbddfacd8816c80ae183caf83302813a435bbcd0d2cf/detection

http://125.94.49.220
http://125.94.49.221
http://125.94.49.222
http://125.94.49.225

# Reference: https://www.virustotal.com/gui/file/bf476d0296be27e3b75b2cad6330839d0f294b094a6d0d50b4cf62010fb17244/detection
# Reference: https://www.virustotal.com/gui/file/c934c9fdac9ededbe1f1c186205ffa35f07d1e74ea910731c2551a6e95aecd17/detection
# Reference: https://app.any.run/tasks/d040f6ca-7414-4816-ad67-59885e44bc8e/

as.hashsystem.xyz
qw.hashsystem.xyz
xz.hashsystem.xyz

# Reference: https://www.virustotal.com/gui/file/7fa62d6019d7ed8655b8f769936d01f9c2f644dca1fdf568c88592d3bdc8a674/detection

news1010.net

# Reference: https://www.virustotal.com/gui/file/3932b1222e6be4db5c8cc765073a443dc9116c469f7d4238b45cf3bc7ff81b2c/detection

5.180.96.223:82

# Reference: https://www.virustotal.com/gui/file/a44c0edccf570cd0a88b4776fa85f2ef26b05fd12c7c32824d676803fb5c796e/detection
# Reference: https://www.virustotal.com/gui/file/21479615822ebe99de55777325706715327ac2b851fe509ba107c8f1e2f8203b/detection

http://194.26.29.202

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SunBurst/SilverFish_Solarwinds.pdf

http://149.154.157.248
104.128.228.76:9999
149.154.157.248:21
149.154.157.248:443
149.154.157.248:445
149.154.157.248:8080
tanzaniafisheries.com

# Reference: https://twitter.com/fr0s7_/status/1373604275243388935
# Reference: https://app.any.run/tasks/c17f7cf7-8f58-4889-94e2-aa02e9e4fe71/
# Reference: https://www.virustotal.com/gui/file/4b5eb30135298e6da9f3499617d3494f619864e51a788baa79193a897750fd9c/detection

147.237.76.106:443

# Reference: https://www.virustotal.com/gui/file/42a4ba68f4389782661f9593a7854088c83039ca0ebbd841d8bb6dcca121d23c/detection

35486.test.googlecnd.com
47790.test.googlecnd.com

# Reference: https://twitter.com/TheDFIRReport/status/1373793112473137154

http://178.128.150.193/s/ref=nb_sb_noss_1/
sonicwall-vpn.com

# Reference: https://twitter.com/K_N1kolenko/status/1373872135370850304

42.51.29.104:7777

# Reference: https://www.virustotal.com/gui/file/627a14984f64f3774b0dda21f2f2d8e2b412beb8c42897d0a0e3e4f65c3e73bd/detection

http://167.179.69.136
167.179.69.136:8888

# Reference: https://twitter.com/th3_protoCOL/status/1374017614666731534

139.60.161.68:61

# Reference: https://www.virustotal.com/gui/file/624afa6b6609c5ae47acbb7d15bafdd957f0cc12fe735d4796470109debf3838/detection

167.160.188.28:9090

# Reference: https://twitter.com/James_inthe_box/status/1374035009246392320

167.160.188.28:443

# Reference: https://www.virustotal.com/gui/file/b4ea2df01b27f409efd3c041092a9c2b49618d503d6ee047bad457a137946188/detection

http://101.37.22.121
101.37.22.121:8080

# Reference: https://www.virustotal.com/gui/file/f3b217076c33fba9a5d05dbb947b9877fada3312cd8f273b9c921d257232d759/detection

http://47.103.217.50
47.103.217.50:88

# Reference: https://www.virustotal.com/gui/file/6e6f2ff8e39fb322fb5bdc546a338826c2d186e6e9e3858fe671a52da9c1528f/detection

http://39.99.245.192
39.99.245.192:50001

# Reference: https://twitter.com/BushidoToken/status/1374062786276421633
# Reference: https://www.virustotal.com/gui/file/0f9a95d218a4302030a514d9ec4524746825f14c50e94ba9d95ac7820a7f53f7/detection
# Reference: https://www.virustotal.com/gui/file/9f7b0ef469c0c4eabfd400dcf8be95361d85f03414992b8d740015d49f01a050/detection
# Reference: https://www.virustotal.com/gui/file/5176e76b1ed1b055e85fc572e401e8c648401b1d2d7dc8f10fa3466c549a4eeb/detection

ydzf.10086.cn

# Reference: https://twitter.com/TheDFIRReport/status/1374069616624869380

onclouds.azuredges.com

# Reference: https://www.virustotal.com/gui/file/12caaf81cd702ae9b66984f8c2745c951f1fc124f8d61457fdcc7936731cc092/detection

http://119.29.147.141

# Reference: https://www.virustotal.com/gui/file/938d4568459c2c214b7853de29f18f635ffd68a78c189f401ac3b609819b2dea/detection

119.29.147.141:443

# Reference: https://www.virustotal.com/gui/file/44d46aff856d22e94329f9a9cbc21c3e6beaf67bc2a51fe451074fd731d34289/detection

http://149.248.51.20
149.248.51.20:8088

# Reference: https://twitter.com/MichalKoczwara/status/1373931555819782146
# Reference: https://beta.shodan.io/host/111.229.107.34

http://111.229.107.34
111.229.107.34:1234
111.229.107.34:3790
111.229.107.34:443
111.229.107.34:5003
111.229.107.34:8000
111.229.107.34:8888

# Reference: https://www.virustotal.com/gui/file/249670f58dd931d3507b239f2bf37d90f0407621290118ec3696c32458ca3668/detection
# Reference: https://www.virustotal.com/gui/file/74a7e04a4fa76d0f0b883aea848df69ffdfc8cf3612420d8dbb4a6766c9cd074/detection

42.193.169.115:2222

# Reference: https://www.virustotal.com/gui/file/8c3f9c67cd09f9bbfed515c2b5b9102f54db5018f4c8d2986e9ce3aacb334c1e/detection

http://47.108.173.73
47.108.173.73:8080

# Reference: https://www.virustotal.com/gui/file/b9291d7b7b20d649bfce7014df36f58932177be54994c3f6e6a1a2206bbd0eb4/detection

139.9.129.36:8080

# Reference: https://twitter.com/z0ul_/status/1374724622508245008
# Reference: https://www.virustotal.com/gui/file/7d26ef4fe673d7b1cd98444f69687fa017568f8f5ad65e8c49caa7d5cd9dcc8e/detection
# Reference: https://www.virustotal.com/gui/file/d3abbd5d25df1d2fec0e7b528bf749b6b58a57adbb3048d25443cfc4b0c8d0a2/detection

medicalenv.com
someio.com

# Reference: https://www.virustotal.com/gui/file/7930dff18ddfdbf2037bd74a2a3500d5d7b1cb906e54d43829246b81207333fa/detection

182.254.246.128:1234

# Reference: https://www.virustotal.com/gui/file/bf7932d7009cddb89c70aefd44274ac71d2e535522ee0c4de281ce934185baef/detection

cmbc.com.cn.w.kunluncan.com

# Reference: https://www.virustotal.com/gui/file/5af0920fe7e468368563aed81c3f8bf00124a8480f2cd42cb9f3ab90229cd485/detection

utils.oss-cn-beijing.aliyuncs.com

# Reference: https://www.virustotal.com/gui/file/96e785d6be54ff01ddb96a145bb122e43a069315c999e5e0b3de4b4d48a8a605/detection
# Reference: https://www.virustotal.com/gui/file/728b76f52a2afda8e889cb5687208af2980f5dd924fcc80933c335391478f250/detection

http://119.23.68.217
http://119.3.225.200
119.23.68.217:88
119.3.225.200:9090

# Reference: https://www.virustotal.com/gui/file/b59ce8bd0c4f67c4ad7efc1964aa92f08dbe524a0c5771da624d83592e8d7971/detection

5.181.158.4:34643

# Reference: https://www.virustotal.com/gui/file/b43241937ac17afe8e9aeea4b8e3c6873cdc909532703f006ce4170ea5891768/detection

http://5.181.158.187
http://5.181.158.4

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/185.162.235.197

http://185.162.235.197
185.162.235.197:443
185.162.235.197:3389
185.162.235.197:50050
185.162.235.197:5985

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/120.79.29.153

http://120.79.29.153
120.79.29.153:443
120.79.29.153:50050
120.79.29.153:8000
120.79.29.153:8090

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/47.98.123.167

47.98.123.167:443
47.98.123.167:50050
47.98.123.167:8009
47.98.123.167:9999

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/120.77.0.33

120.77.0.33:443
120.77.0.33:50050
120.77.0.33:81

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/129.28.201.96

http://129.28.201.96
129.28.201.96:443
129.28.201.96:8080

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/45.153.184.167

http://45.153.184.167
45.153.184.167:443
45.153.184.167:50050

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/1.14.16.138

http://1.14.16.138
1.14.16.138:443

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/154.220.3.196

154.220.3.196:22
154.220.3.196:443

# Reference: https://twitter.com/MichalKoczwara/status/1373938672693874690
# Reference: https://beta.shodan.io/host/20.56.147.8

20.56.147.8:22
20.56.147.8:443
20.56.147.8:50050
20.56.147.8:8080

# Reference: https://twitter.com/MichalKoczwara/status/1374656835676954626
# Reference: https://beta.shodan.io/host/78.94.208.254

http://78.94.208.254
78.94.208.254:443
78.94.208.254:50050

# Reference: https://twitter.com/MichalKoczwara/status/1374656835676954626
# Reference: https://beta.shodan.io/host/91.134.124.63

http://91.134.124.63
91.134.124.63:3389
91.134.124.63:443
91.134.124.63:445
91.134.124.63:50050
91.134.124.63:5985

# Reference: https://twitter.com/MichalKoczwara/status/1374656835676954626
# Reference: https://beta.shodan.io/host/185.82.202.123

185.82.202.123:22
185.82.202.123:443
185.82.202.123:81
185.82.202.123:8443

# Reference: https://twitter.com/MichalKoczwara/status/1374656835676954626
# Reference: https://beta.shodan.io/host/106.75.251.229

http://106.75.251.229
106.75.251.229:111
106.75.251.229:22
106.75.251.229:443
106.75.251.229:50050

# Reference: https://twitter.com/MichalKoczwara/status/1374656835676954626
# Reference: https://beta.shodan.io/host/204.44.83.89

http://204.44.83.89
204.44.83.89:8888

# Reference: https://twitter.com/MichalKoczwara/status/1374656835676954626
# Reference: https://beta.shodan.io/host/142.93.152.156

http://142.93.152.156
142.93.152.156:22
142.93.152.156:443
142.93.152.156:50050

# Reference: https://www.virustotal.com/gui/file/15eb537ab7cf495d61f6599a51379ed91d16b15b44fc6bd5eb6e69954459eaf1/detection

onrnicrosoft.com

# Reference: https://www.virustotal.com/gui/file/bf8d49776de0911b1abac53365744645c83f96d6393ff949f1f3aa670b078d0c/detection

ff.advtekgroup.com.tw

# Reference: https://www.virustotal.com/gui/file/673164622a089de764a8155b9fdb47d6970d2d8c6bb4f3e5a183e6d1cc0f4e54/detection

138.124.183.95:443

# Reference: https://twitter.com/TheDFIRReport/status/1375447448945065989
# Reference: https://beta.shodan.io/host/135.181.123.161

135.181.123.161:3389
135.181.123.161:443

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.227

http://180.215.104.227
180.215.104.227:3790
180.215.104.227:50050
180.215.104.227:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.229

http://180.215.104.229
180.215.104.229:3790
180.215.104.229:50050
180.215.104.229:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.231

http://180.215.104.231
180.215.104.231:3790
180.215.104.231:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.236

http://180.215.104.236
180.215.104.236:21
180.215.104.236:3790
180.215.104.236:50050
180.215.104.236:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.245

http://180.215.104.245
180.215.104.245:21
180.215.104.245:3790
180.215.104.245:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.246

http://180.215.104.246
180.215.104.246:3790
180.215.104.246:50050
180.215.104.246:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.247

http://180.215.104.247
180.215.104.247:3790
180.215.104.247:50050
180.215.104.247:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.104.249

http://180.215.104.249
180.215.104.249:3790
180.215.104.249:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.105.229

http://180.215.105.229
180.215.105.229:21
180.215.105.229:3790
180.215.105.229:50050
180.215.105.229:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.105.234

http://180.215.105.234
180.215.105.234:3790
180.215.105.234:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.105.238

http://180.215.105.238
180.215.105.238:21
180.215.105.238:3790
180.215.105.238:50050
180.215.105.238:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.105.242

http://180.215.105.242
180.215.105.242:3790
180.215.105.242:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.105.246

http://180.215.105.246
180.215.105.246:3790
180.215.105.246:50050
180.215.105.246:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.105.247

http://180.215.105.247
180.215.105.247:21
180.215.105.247:3790
180.215.105.247:50050
180.215.105.247:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.105.252

http://180.215.105.252
180.215.105.252:21
180.215.105.252:3790
180.215.105.252:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.106.231

http://180.215.106.231
180.215.106.231:21
180.215.106.231:3790
180.215.106.231:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.106.233

http://180.215.106.233
180.215.106.233:21
180.215.106.233:3790
180.215.106.233:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.106.241

http://180.215.106.241
180.215.106.241:3790
180.215.106.241:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.233

http://180.215.107.233
180.215.107.233:21
180.215.107.233:3790
180.215.107.233:50050
180.215.107.233:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.238

http://180.215.107.238
180.215.107.238:3790
180.215.107.238:50050
180.215.107.238:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.241

http://180.215.107.241
180.215.107.241:3790
180.215.107.241:50050
180.215.107.241:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.245

http://180.215.107.245
180.215.107.245:21
180.215.107.245:3790
180.215.107.245:50050
180.215.107.245:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.248

http://180.215.107.248
180.215.107.248:3790
180.215.107.248:50050
180.215.107.248:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.249

http://180.215.107.249
180.215.107.249:3790
180.215.107.249:50050
180.215.107.249:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.251

http://180.215.107.251
180.215.107.251:3790
180.215.107.251:50050
180.215.107.251:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.107.254

http://180.215.107.254
180.215.107.254:3790
180.215.107.254:50050
180.215.107.254:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.22.252

http://180.215.22.252
180.215.22.252:22
180.215.22.252:50050
180.215.22.252:8080

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.108.232

http://180.215.108.232
180.215.108.232:3790
180.215.108.232:50050
180.215.108.232:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.108.239

http://180.215.108.239
180.215.108.239:3790
180.215.108.239:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.108.240

http://180.215.108.240
180.215.108.240:3790
180.215.108.240:50050
180.215.108.240:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.232

http://180.215.109.232
180.215.109.232:21
180.215.109.232:3790
180.215.109.232:50050
180.215.109.232:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.234

http://180.215.109.234
180.215.109.234:3790
180.215.109.234:50050
180.215.109.234:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.235

http://180.215.109.235
180.215.109.235:3790
180.215.109.235:50050
180.215.109.235:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.237

http://180.215.109.237
180.215.109.237:3790
180.215.109.237:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.239

http://180.215.109.239
180.215.109.239:3790
180.215.109.239:50050
180.215.109.239:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.244

http://180.215.109.244
180.215.109.244:21
180.215.109.244:3790
180.215.109.244:50050
180.215.109.244:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.246

http://180.215.109.246
180.215.109.246:3790
180.215.109.246:50050
180.215.109.246:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.247

http://180.215.109.247
180.215.109.247:21
180.215.109.247:3790
180.215.109.247:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.249

http://180.215.109.249
180.215.109.249:21
180.215.109.249:3790
180.215.109.249:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.252

http://180.215.109.252
180.215.109.252:3790
180.215.109.252:50050
180.215.109.252:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.109.254

http://180.215.109.254
180.215.109.254:21
180.215.109.254:3790
180.215.109.254:50050
180.215.109.254:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.110.233

http://180.215.110.233
180.215.110.233:21
180.215.110.233:3790
180.215.110.233:50050
180.215.110.233:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.110.240

http://180.215.110.240
180.215.110.240:21
180.215.110.240:3790
180.215.110.240:50050
180.215.110.240:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.110.249

http://180.215.110.249
180.215.110.249:3790
180.215.110.249:50050
180.215.110.249:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.111.228

http://180.215.111.228
180.215.111.228:3790
180.215.111.228:50050

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.111.232

http://180.215.111.232
180.215.111.232:3790
180.215.111.232:50050
180.215.111.232:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.111.236

http://180.215.111.236
180.215.111.236:21
180.215.111.236:3790
180.215.111.236:50050
180.215.111.236:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.111.239

http://180.215.111.239
180.215.111.239:3306
180.215.111.239:3790
180.215.111.239:50050
180.215.111.239:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.111.248

http://180.215.111.248
180.215.111.248:3790
180.215.111.248:50050
180.215.111.248:8888

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.195.156

http://180.215.195.156
180.215.195.156:21
180.215.195.156:3389
180.215.195.156:444
180.215.195.156:50050
180.215.195.156:5965

# Reference: https://twitter.com/MichalKoczwara/status/1375458909067091975
# Reference: https://beta.shodan.io/host/180.215.199.245

http://180.215.199.245
180.215.199.245:22
180.215.199.245:50050

# Reference: https://twitter.com/malwrhunterteam/status/1376456259868708866
# Reference: https://www.virustotal.com/gui/file/05db274afc317fb188161cf370eb1369baf32f4d760b40f1d2097cdcfb35f56c/detection
# Reference: https://www.virustotal.com/gui/file/6559b17057cce9a8b6923ec6ae3e230b628256cc6623b0e5ca2164d48303c202/detection
# Reference: https://www.virustotal.com/gui/file/d1961b9269e05cdc1e31a7912705ce6a4d2e893c698e4fb97fb40f5e7cd451bb/detection

108.61.162.235:14521
45.76.178.230:13434
micorsoftupdate.com

# Reference: https://www.virustotal.com/gui/file/a4867c9e5b7eb8db8271fc1c222d7e95136c575c158cb4dae09a6250800adaa6/detection

119.45.63.179:8088

# Reference: https://www.virustotal.com/gui/file/fb21874bcb562bfe94b9c7ff48f996c62296370600bf4bc1aa32f6811a871d90/detection

47.94.136.2:4444

# Reference: https://twitter.com/TheDFIRReport/status/1376496307888611333

195.189.99.74:8080
45.86.163.78:443
45.86.163.78:8080
cloudmetric.online
smalleststores.com

# Reference: https://www.virustotal.com/gui/file/a689ad4c048f4394683901407dd97d9720af9c909fda49bc1beb6868fc41809c/detection

http://106.52.13.83
106.52.13.83:8306

# Reference: https://www.virustotal.com/gui/file/59eb1fd314519cc75c8d2ce4db6d1510422bdaf9b506883d8b692bdd633d3e1f/detection

http://118.25.22.185
118.25.22.185:7788

# Reference: https://www.virustotal.com/gui/file/4af00c9706992b579ba1de254e3935cdbf80fd506c08a8c69020a45e6cbdaf4a/detection
# Reference: https://www.virustotal.com/gui/file/3d2aecb047a7916ccb500f82aa2d51c36e69e0a641f0b014c9ff6d8d4c22aa20/detection

portal.ozonsale.org

# Reference: https://www.virustotal.com/gui/file/02ba8078a7295c075f9188efba52947b0b3b512e10edc46bbd618ccf56048e98/detection

103.206.122.150:8080

# Reference: https://www.virustotal.com/gui/file/f46c593152b0ca1147d6cae90e786864ba86466128e595f0396f3480c21f7abb/detection

103.206.122.150:8889

# Reference: https://www.virustotal.com/gui/file/1f4ba2951a00cd423e5c0f06a35cdee45269bea3318e1aa430e718664adf1503/detection

http://47.103.133.146

# Reference: https://www.virustotal.com/gui/file/a6cad264a6bbd539652b708eb40d863092614ccefab354fb0720249e3f8643cc/detection

47.103.133.146:8080

# Reference: https://www.virustotal.com/gui/file/a7e3fc69d1407e85fc6bc1a3bb88482707335bf62fe7460b151d8e7670231fc2/detection

mrkn0w1t4ll.ngrok.io

# Reference: https://www.virustotal.com/gui/file/0f1a48890fbd5607a771f89b4c662dc2e1a8c2c06d8e819c7b86de5a4d661e08/detection

flashupdateapp.com

# Reference: https://www.virustotal.com/gui/file/1a8c04a43b2746ddf241a637b98a66c7617833fa4fda607044b62cacf2996932/detection

http://107.172.29.162
107.172.29.162:9090

# Reference: https://www.virustotal.com/gui/file/21e1619301ccd8a5a00fd9bb13582cf703978cbd647334d8cb56c5e57b2786bf/detection
# Reference: https://www.virustotal.com/gui/file/506268f12f05033eb89015386450907424628065aea256b9db0f4e607bc1791e/detection
# Reference: https://www.virustotal.com/gui/file/d67486c94049f516bdaf95d69f2a032b1b1fb03af52f024c5747e9eec926598c/detection
# Reference: https://www.virustotal.com/gui/file/e4380e9253277545374fced948d120fe03d6f7324b7fecdaff22cb1597df146a/detection

http://152.136.112.64
152.136.112.64:81
152.136.112.64:82
152.136.112.64:83
152.136.112.64:8090
152.136.112.64:8888

# Reference: https://www.virustotal.com/gui/file/7c24f72582ee8f0a78834187ef52ae2cb99c892f36682a7cd07061a0b3a31585/detection

124.70.214.78:443

# Reference: https://www.virustotal.com/gui/file/e0706f38965f40bbb4ca8270a27de4ef6acc98247cd9662b1966fef1c284249a/detection

http://124.70.214.78

# Reference: https://www.virustotal.com/gui/file/c4152e576f41dfad0f1529323bba18f583ed090f7bb7c5e7d7043e0cd817e3bd/detection
# Reference: https://www.virustotal.com/gui/file/9d0ddaa87054a1e616fc70f6f83973778abf5eca16b501015728164d880762aa/detection

http://154.8.137.82
154.8.137.82:4444

# Reference: https://www.virustotal.com/gui/file/b4b546ae8f01221bed54975d681d5439a35da4fa304c02602655220e2eff571e/detection

2f6dd7ba.ns7.1-sec.tk
2f6dd7ba.ns8.1-sec.tk
2f6dd7ba.ns9.1-sec.tk
37734f2.ns7.1-sec.tk
37734f2.ns8.1-sec.tk
37734f2.ns9.1-sec.tk
5c4c67b2.ns7.1-sec.tk
5c4c67b2.ns8.1-sec.tk
5c4c67b2.ns9.1-sec.tk

# Reference: https://www.virustotal.com/gui/file/0c737b5b5dbeb93a8316b263f82978adb982d013aac794b5f675a280fab0ed5b/detection

8.140.160.74:8080

# Reference: https://www.virustotal.com/gui/file/27c9416dcfa2386b9e505e6b22654d9e7106d70a41f952f8db3567c688819764/detection
# Reference: https://www.virustotal.com/gui/file/d1aeedd8e9d2d973ce7e15c9349cbb38a11caa43cf7c91f9566fd30bd5ace0ea/detection

http://47.115.54.254
http://47.119.118.210
47.115.54.254:2335
47.119.118.210:6253

# Reference: https://www.virustotal.com/gui/file/15e0e180e82347fafbca2c87a64ae3425a5575c1181abaedae691ce0f866519b/detection

http://111.229.107.34

# Reference: https://twitter.com/z0ul_/status/1376643166175174664
# Reference: https://www.virustotal.com/gui/file/7e8a4bbdc12c7caefb486b28be1eebf0e35a8ad5f745aae17abbe7f40aff661f/detection

23.160.194.5:443
shopazer.com

# Reference: https://www.virustotal.com/gui/file/ea91b5f8a75096ec5a3e9a9c9d8911b9c370cb5d82f44c14aefa999b566699f7/detection

124.70.77.255:8889

# Reference: https://www.virustotal.com/gui/file/8fa3530e0ab0f94ef50daa8035d4961fdf45c0e85637271f6bcaa6603a37be08/detection

124.70.77.255:9999

# Reference: https://www.virustotal.com/gui/file/8720f28302eef7aaafd78de0757cc855d6ad0b25d7d9bdb6ab51d8683ece219e/detection

http://47.243.38.94
47.243.38.94:27080

# Reference: https://www.virustotal.com/gui/file/a256278d4e1f615fbe1e82cfc16ab91675409dfcfe425303e0a4dc5a4ce5c556/detection

47.101.149.183:7001

# Reference: https://www.virustotal.com/gui/file/a0add4379f1c76916d4503d04ce035eef98f04a0673a96b1e772661766d2c22c/detection

47.101.149.183:7878

# Reference: https://www.virustotal.com/gui/file/e1e362a2f2d85d3cae8c6e0a6db6ff6dc3522930fe528c5a5e9599f58fdc412b/detection

47.101.149.183:8889

# Reference: https://www.virustotal.com/gui/file/7e1b74d1cda01b2c9a562b721151efea6fb941c539d65ca34917663c845f057e/detection

47.101.149.183:9888

# Reference: https://www.virustotal.com/gui/file/5c668f88682926812bd7431929387083a8715911171b0886608f5aef03fcc9ca/detection
# Reference: https://www.virustotal.com/gui/file/9f0a4077acc846637a6bfc12fa2c1ee63a699abc4e60c3db84627ea9cfdfbd28/detection

http://47.101.149.183
47.101.149.183:10001

# Reference: https://twitter.com/sS55752750/status/1377235232651411462
# Reference: https://www.virustotal.com/gui/file/be96bc38c87f74d973cf9375370f42e5f9dc854d52e413dac6bc6bacc2a16a63/detection

http://45.129.137.247
finishhimm.com

# Reference: https://twitter.com/TheDFIRReport/status/1376878123061551104

akamaclouds.app
dns-microsoft.com
googlecnd.com
microsoft-help-us.com
update.microsoft-help-us.com

# Reference: https://www.virustotal.com/gui/file/33ad43dac88d5f12c853ed29c98d3d3005d7e7cc57eca486407b837cc1979fba/detection

106.15.191.88:60006

# Reference: https://www.virustotal.com/gui/file/8c0e40b91e0de09ef79538196e8d0f8893036ae94231fe8fee2d6fa9aa924e26/detection

http://154.85.34.19
154.85.34.19:37651

# Reference: https://www.virustotal.com/gui/file/ed3dc1c727e5de77e3700cd2da699d46e3590dc98f8cabca7a70fd9e6e73977a/detection
# Reference: https://www.virustotal.com/gui/file/2fb5766af3d68c210e62518263b2f29ca4c50100c99b6979c3d0e19f05af6a39/detection

http://185.225.19.240
185.225.19.240:443

# Reference: https://twitter.com/MichalKoczwara/status/1377367614280765441
# Reference: https://www.virustotal.com/gui/file/bb53b7cd642b8ba48d8037e096bb30202b6ac43844e1f862eaf220dedde7e429/detection

londonenglishh.com
londonteea.com

# Reference: https://www.virustotal.com/gui/file/b6d491126614bdf6e0caaa8cccbadcbe4627ea94cc494ce23f9ac6d1f4d775fc/detection

mgfee.com

# Reference: https://twitter.com/MichalKoczwara/status/1377542373434085376

http://185.144.100.9
englishbreakfasst.com

# Reference: https://twitter.com/TheDFIRReport/status/1377650713694638084

azureimgages.com
static.azureimgages.com

# Reference: https://www.virustotal.com/gui/file/6afab1df3de00b1200198e692eae6dc36373c310cf4102ecacc5c6e8ff89a7e8/detection

medical-journey.com

# Reference: https://www.virustotal.com/gui/file/bfa687470cd16cec83f641bff1f069d099ff8230187f9c3541e853ac3815ca07/detection

121.196.184.210:8888

# Reference: https://www.virustotal.com/gui/file/a4072e0fac5e2dcc1920901ada6594fb6e158ec7b6f6810c0216474b64583aea/detection

121.196.184.210:7777

# Reference: https://twitter.com/_re_fox/status/1377659985069498369
# Reference: https://www.virustotal.com/gui/file/1f5892e24981c4c5cb5ac3481d5cbc161c7944a3ad643669541aeda297fba8d2/detection

121.196.184.210:8000

# Reference: https://twitter.com/kyleehmke/status/1377701690137321475

fastpic-domain.com
fastpighostmerch.com
shopdsld-invoce.com

# Reference: https://twitter.com/vikas891/status/1378221359885512705
# Reference: https://www.guidepointsecurity.com/yet-another-cobalt-strike-loader-guid-edition/

astara20.com
bestsecure2020.com
creephealth.com

# Reference: https://twitter.com/MichalKoczwara/status/1378595674959269889

jquery234.com

# Reference: https://twitter.com/MichalKoczwara/status/1378332648792285186
# Reference: https://beta.shodan.io/host/104.168.172.48

104.168.134.6:443
104.168.134.6:8080
104.168.172.48:8834
104.168.172.48:50050
fasgs.tk

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.160

http://103.55.128.118
http://192.151.234.160
192.151.234.160:21
192.151.234.160:3306
192.151.234.160:443
192.151.234.160:50050
192.151.234.160:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.161

http://192.151.234.161
192.151.234.161:21
192.151.234.161:3306
192.151.234.161:443
192.151.234.161:50050
192.151.234.161:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.162

http://192.151.234.162
192.151.234.162:21
192.151.234.162:3306
192.151.234.162:443
192.151.234.162:50050
192.151.234.162:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.163

http://192.151.234.163
192.151.234.163:21
192.151.234.163:3306
192.151.234.163:443
192.151.234.163:50050
192.151.234.163:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.164

http://192.151.234.164
192.151.234.164:21
192.151.234.164:3306
192.151.234.164:443
192.151.234.164:50050
192.151.234.164:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.165

http://192.151.234.165
192.151.234.165:21
192.151.234.165:3306
192.151.234.165:443
192.151.234.165:50050
192.151.234.165:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.166

http://192.151.234.166
192.151.234.166:21
192.151.234.166:3306
192.151.234.166:443
192.151.234.166:50050
192.151.234.166:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.167

http://192.151.234.167
192.151.234.167:21
192.151.234.167:3306
192.151.234.167:443
192.151.234.167:50050
192.151.234.167:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.168

http://192.151.234.168
192.151.234.168:21
192.151.234.168:3306
192.151.234.168:443
192.151.234.168:50050
192.151.234.168:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.169

http://192.151.234.169
192.151.234.169:21
192.151.234.169:3306
192.151.234.169:443
192.151.234.169:50050
192.151.234.169:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.170

http://192.151.234.170
192.151.234.170:21
192.151.234.170:3306
192.151.234.170:443
192.151.234.170:50050
192.151.234.170:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.171

http://192.151.234.171
192.151.234.171:21
192.151.234.171:3306
192.151.234.171:443
192.151.234.171:50050
192.151.234.171:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.172

http://192.151.234.172
192.151.234.172:21
192.151.234.172:3306
192.151.234.172:443
192.151.234.172:50050
192.151.234.172:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.173

http://192.151.234.173
192.151.234.173:21
192.151.234.173:3306
192.151.234.173:443
192.151.234.173:50050
192.151.234.173:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.174

http://192.151.234.174
192.151.234.174:21
192.151.234.174:3306
192.151.234.174:443
192.151.234.174:50050
192.151.234.174:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.175

http://192.151.234.175
192.151.234.175:21
192.151.234.175:3306
192.151.234.175:443
192.151.234.175:50050
192.151.234.175:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.176

http://192.151.234.176
192.151.234.176:21
192.151.234.176:3306
192.151.234.176:443
192.151.234.176:50050
192.151.234.176:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.177

http://192.151.234.177
192.151.234.177:21
192.151.234.177:3306
192.151.234.177:443
192.151.234.177:50050
192.151.234.177:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.178

http://192.151.234.178
192.151.234.178:21
192.151.234.178:3306
192.151.234.178:443
192.151.234.178:50050
192.151.234.178:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.179

http://192.151.234.179
192.151.234.179:21
192.151.234.179:3306
192.151.234.179:443
192.151.234.179:50050
192.151.234.179:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.180

http://192.151.234.180
192.151.234.180:21
192.151.234.180:3306
192.151.234.180:443
192.151.234.180:50050
192.151.234.180:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.181

http://192.151.234.181
192.151.234.181:21
192.151.234.181:3306
192.151.234.181:443
192.151.234.181:50050
192.151.234.181:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.182

http://192.151.234.182
192.151.234.182:21
192.151.234.182:3306
192.151.234.182:443
192.151.234.182:50050
192.151.234.182:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.183

http://192.151.234.183
192.151.234.183:21
192.151.234.183:3306
192.151.234.183:443
192.151.234.183:50050
192.151.234.183:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.184

http://192.151.234.184
192.151.234.184:21
192.151.234.184:3306
192.151.234.184:443
192.151.234.184:50050
192.151.234.184:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.185

http://192.151.234.185
192.151.234.185:21
192.151.234.185:3306
192.151.234.185:443
192.151.234.185:50050
192.151.234.185:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.186

http://192.151.234.186
192.151.234.186:21
192.151.234.186:3306
192.151.234.186:443
192.151.234.186:50050
192.151.234.186:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.187

http://192.151.234.187
192.151.234.187:21
192.151.234.187:3306
192.151.234.187:443
192.151.234.187:50050
192.151.234.187:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.188

http://192.151.234.188
192.151.234.188:21
192.151.234.188:3306
192.151.234.188:443
192.151.234.188:50050
192.151.234.188:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.189

http://192.151.234.189
192.151.234.189:21
192.151.234.189:3306
192.151.234.189:443
192.151.234.189:50050
192.151.234.189:5985

# Reference: https://gist.githubusercontent.com/MichaelKoczwara/0919598da74a844f923033ea5d97379c/raw/071aa741ba68b86d083f0ff7702098e42710504d/gistfile1.txt
# Reference: https://beta.shodan.io/host/192.151.234.190

http://192.151.234.190
192.151.234.190:21
192.151.234.190:3306
192.151.234.190:443
192.151.234.190:50050
192.151.234.190:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378353297883553793
# Reference: https://www.virustotal.com/gui/file/0d0fd5b300dc1d04320104c11afed1a8992ec0a7bda24212d52330127a2785e7/detection

99.79.101.225:443
cs.ifred.team

# Reference: https://www.virustotal.com/gui/file/7c7f5864bc1547abd4d367d2468e69005ae852c7fefc9a2729281e0c7f2f46c1/detection

180.215.5.149:443

# Reference: https://www.virustotal.com/gui/file/95ac02c21a8c6e660f8a1039d6eca9f243b15b1ec35820788a2c69bbb6c1591d/detection

180.215.5.149:6677

# Reference: https://www.virustotal.com/gui/file/43a0f5a5f5ea385cd1be2c4d586c3dbda6bd185241990cc4ed5745b8a8eb67b1/detection

http://46.29.164.235
46.29.164.235:4443
46.29.164.235:5555

# Reference: https://www.virustotal.com/gui/file/94dd6288ba94d8da633315b67d1e9d9c8b1ac049ea25b19eeaa72592cf48c0f4/detection

58.87.90.151:800

# Reference: https://www.virustotal.com/gui/file/f9f98553328980740765804ec7ed49e521a2e771efea893ff0950150e1181976/detection

58.87.90.151:8090

# Reference: https://twitter.com/TheDFIRReport/status/1378052109279580167

sitehealthcheck.org

# Reference: https://www.virustotal.com/gui/file/ccd422377dd2d711ea920c1612c2b4cf93be8c8f7590e1c82f28c85b62dbcd90/detection
# Reference: https://www.virustotal.com/gui/file/dfc2b6246b50b62adb6b773e9b9bf822147885c7b5ed95cdb048e9a4eff14cdf/detection

93.188.164.183:443
exlorerwork.com

# Reference: https://www.virustotal.com/gui/file/c3b54cf791c13949572c8d4448065d6bd0ac30b654f7b5f65b61b8812577cc03/detection

http://106.14.167.48

# Reference: https://www.virustotal.com/gui/file/1af944b3c578162eea022e2901083298b15833dcdd8ffd73c7465d60abfc6c2c/detection

106.14.167.48:6666

# Reference: https://www.virustotal.com/gui/file/9233e1e7030ca53292fb3419e9ed0a451c04c5728d91374510611eb91653139a/detection

47.106.108.207:10005

# Reference: https://www.virustotal.com/gui/file/76aa3dc5c1511dd5d1ab197724101f76aa70ff500d51e211dfced687c132c996/detection

http://139.186.195.96
139.186.195.96:8888

# Reference: https://www.virustotal.com/gui/file/1853ee4e5a734e82b2da20aaa809269a645fdd5430c2dda0b0f66d8d787796ec/detection

124.70.179.147:8881

# Reference: https://www.virustotal.com/gui/file/b15d496b8eda0a19c8a015a0938ba9c62bf4bd3842d299166e25f051ac4d4e95/detection

http://47.111.127.70

# Reference: https://twitter.com/MichalKoczwara/status/1378711105376239616
# Reference: https://beta.shodan.io/host/138.68.131.250

http://138.68.131.250
138.68.131.250:22
138.68.131.250:50050
edinburgh-map.co.uk/__utm.gif

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.32

http://154.216.68.32
154.216.68.32:21
154.216.68.32:3306
154.216.68.32:443
154.216.68.32:50050
154.216.68.32:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.33

http://154.216.68.33
154.216.68.33:21
154.216.68.33:3306
154.216.68.33:443
154.216.68.33:50050
154.216.68.33:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.34

http://154.216.68.34
154.216.68.34:21
154.216.68.34:3306
154.216.68.34:443
154.216.68.34:50050
154.216.68.34:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.35

http://154.216.68.35
154.216.68.35:21
154.216.68.35:3306
154.216.68.35:443
154.216.68.35:50050
154.216.68.35:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.36

http://154.216.68.36
154.216.68.36:21
154.216.68.36:3306
154.216.68.36:443
154.216.68.36:50050
154.216.68.36:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.37

http://154.216.68.37
154.216.68.37:21
154.216.68.37:3306
154.216.68.37:443
154.216.68.37:50050
154.216.68.37:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.38

http://154.216.68.38
154.216.68.38:21
154.216.68.38:3306
154.216.68.38:443
154.216.68.38:50050
154.216.68.38:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.39

http://154.216.68.39
154.216.68.39:21
154.216.68.39:3306
154.216.68.39:443
154.216.68.39:50050
154.216.68.39:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.40

http://154.216.68.40
154.216.68.40:21
154.216.68.40:3306
154.216.68.40:443
154.216.68.40:50050
154.216.68.40:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.41

http://154.216.68.41
154.216.68.41:21
154.216.68.41:3306
154.216.68.41:443
154.216.68.41:50050
154.216.68.41:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.42

http://154.216.68.42
154.216.68.42:21
154.216.68.42:3306
154.216.68.42:443
154.216.68.42:50050
154.216.68.42:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.43

http://154.216.68.43
154.216.68.43:21
154.216.68.43:3306
154.216.68.43:443
154.216.68.43:50050
154.216.68.43:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.44

http://154.216.68.44
154.216.68.44:21
154.216.68.44:3306
154.216.68.44:443
154.216.68.44:50050
154.216.68.44:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.45

http://154.216.68.45
154.216.68.45:21
154.216.68.45:3306
154.216.68.45:443
154.216.68.45:50050
154.216.68.45:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.46

http://154.216.68.46
154.216.68.46:21
154.216.68.46:3306
154.216.68.46:443
154.216.68.46:50050
154.216.68.46:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.47

http://154.216.68.47
154.216.68.47:21
154.216.68.47:3306
154.216.68.47:443
154.216.68.47:50050
154.216.68.47:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.48

http://154.216.68.48
154.216.68.48:21
154.216.68.48:3306
154.216.68.48:443
154.216.68.48:50050
154.216.68.48:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.49

http://154.216.68.49
154.216.68.49:21
154.216.68.49:3306
154.216.68.49:443
154.216.68.49:50050
154.216.68.49:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.50

http://154.216.68.50
154.216.68.50:21
154.216.68.50:3306
154.216.68.50:443
154.216.68.50:50050
154.216.68.50:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.51

http://154.216.68.51
154.216.68.51:21
154.216.68.51:3306
154.216.68.51:443
154.216.68.51:50050
154.216.68.51:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.52

http://154.216.68.52
154.216.68.52:21
154.216.68.52:3306
154.216.68.52:443
154.216.68.52:50050
154.216.68.52:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.53

http://154.216.68.53
154.216.68.53:21
154.216.68.53:3306
154.216.68.53:443
154.216.68.53:50050
154.216.68.53:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.54

http://154.216.68.54
154.216.68.54:21
154.216.68.54:3306
154.216.68.54:443
154.216.68.54:50050
154.216.68.54:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.55

http://154.216.68.55
154.216.68.55:21
154.216.68.55:3306
154.216.68.55:443
154.216.68.55:50050
154.216.68.55:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.56

http://154.216.68.56
154.216.68.56:21
154.216.68.56:3306
154.216.68.56:443
154.216.68.56:50050
154.216.68.56:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.57

http://154.216.68.57
154.216.68.57:21
154.216.68.57:3306
154.216.68.57:443
154.216.68.57:50050
154.216.68.57:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.58

http://154.216.68.58
154.216.68.58:21
154.216.68.58:3306
154.216.68.58:443
154.216.68.58:50050
154.216.68.58:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.59

http://154.216.68.59
154.216.68.59:21
154.216.68.59:3306
154.216.68.59:443
154.216.68.59:50050
154.216.68.59:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.60

http://154.216.68.60
154.216.68.60:21
154.216.68.60:3306
154.216.68.60:443
154.216.68.60:50050
154.216.68.60:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.61

http://154.216.68.61
154.216.68.61:21
154.216.68.61:3306
154.216.68.61:443
154.216.68.61:50050
154.216.68.61:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/154.216.68.62

http://154.216.68.62
154.216.68.62:21
154.216.68.62:3306
154.216.68.62:443
154.216.68.62:50050
154.216.68.62:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.128

http://160.124.162.128
160.124.162.128:21
160.124.162.128:3306
160.124.162.128:443
160.124.162.128:50050
160.124.162.128:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.129

http://160.124.162.129
160.124.162.129:21
160.124.162.129:3306
160.124.162.129:443
160.124.162.129:50050
160.124.162.129:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.130

http://160.124.162.130
160.124.162.130:21
160.124.162.130:3306
160.124.162.130:443
160.124.162.130:50050
160.124.162.130:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.131

http://160.124.162.131
160.124.162.131:21
160.124.162.131:3306
160.124.162.131:443
160.124.162.131:50050
160.124.162.131:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.132

http://160.124.162.132
160.124.162.132:21
160.124.162.132:3306
160.124.162.132:443
160.124.162.132:50050
160.124.162.132:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.133

http://160.124.162.133
160.124.162.133:21
160.124.162.133:3306
160.124.162.133:443
160.124.162.133:50050
160.124.162.133:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.134

http://160.124.162.134
160.124.162.134:21
160.124.162.134:3306
160.124.162.134:443
160.124.162.134:50050
160.124.162.134:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.135

http://160.124.162.135
160.124.162.135:21
160.124.162.135:3306
160.124.162.135:443
160.124.162.135:50050
160.124.162.135:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.136

http://160.124.162.136
160.124.162.136:21
160.124.162.136:3306
160.124.162.136:443
160.124.162.136:50050
160.124.162.136:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.137

http://160.124.162.137
160.124.162.137:21
160.124.162.137:3306
160.124.162.137:443
160.124.162.137:50050
160.124.162.137:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.138

http://160.124.162.138
160.124.162.138:21
160.124.162.138:3306
160.124.162.138:443
160.124.162.138:50050
160.124.162.138:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.139

http://160.124.162.139
160.124.162.139:21
160.124.162.139:3306
160.124.162.139:443
160.124.162.139:50050
160.124.162.139:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.140

http://160.124.162.140
160.124.162.140:21
160.124.162.140:3306
160.124.162.140:443
160.124.162.140:50050
160.124.162.140:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.141

http://160.124.162.141
160.124.162.141:21
160.124.162.141:3306
160.124.162.141:443
160.124.162.141:50050
160.124.162.141:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.142

http://160.124.162.142
160.124.162.142:21
160.124.162.142:3306
160.124.162.142:443
160.124.162.142:50050
160.124.162.142:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.143

http://160.124.162.143
160.124.162.143:21
160.124.162.143:3306
160.124.162.143:443
160.124.162.143:50050
160.124.162.143:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.144

http://160.124.162.144
160.124.162.144:21
160.124.162.144:3306
160.124.162.144:443
160.124.162.144:50050
160.124.162.144:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.145

http://160.124.162.145
160.124.162.145:21
160.124.162.145:3306
160.124.162.145:443
160.124.162.145:50050
160.124.162.145:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.146

http://160.124.162.146
160.124.162.146:21
160.124.162.146:3306
160.124.162.146:443
160.124.162.146:50050
160.124.162.146:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.147

http://160.124.162.147
160.124.162.147:21
160.124.162.147:3306
160.124.162.147:443
160.124.162.147:50050
160.124.162.147:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.148

http://160.124.162.148
160.124.162.148:21
160.124.162.148:3306
160.124.162.148:443
160.124.162.148:50050
160.124.162.148:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.149

http://160.124.162.149
160.124.162.149:21
160.124.162.149:3306
160.124.162.149:443
160.124.162.149:50050
160.124.162.149:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.150

http://160.124.162.150
160.124.162.150:21
160.124.162.150:3306
160.124.162.150:443
160.124.162.150:50050
160.124.162.150:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.151

http://160.124.162.151
160.124.162.151:21
160.124.162.151:3306
160.124.162.151:443
160.124.162.151:50050
160.124.162.151:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.152

http://160.124.162.152
160.124.162.152:21
160.124.162.152:3306
160.124.162.152:443
160.124.162.152:50050
160.124.162.152:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.153

http://160.124.162.153
160.124.162.153:21
160.124.162.153:3306
160.124.162.153:443
160.124.162.153:50050
160.124.162.153:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.154

http://160.124.162.154
160.124.162.154:21
160.124.162.154:3306
160.124.162.154:443
160.124.162.154:50050
160.124.162.154:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.155

http://160.124.162.155
160.124.162.155:21
160.124.162.155:3306
160.124.162.155:443
160.124.162.155:50050
160.124.162.155:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.156

http://160.124.162.156
160.124.162.156:21
160.124.162.156:3306
160.124.162.156:443
160.124.162.156:50050
160.124.162.156:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.157

http://160.124.162.157
160.124.162.157:21
160.124.162.157:3306
160.124.162.157:443
160.124.162.157:50050
160.124.162.157:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378024989996290049d
# Reference: https://beta.shodan.io/host/160.124.162.158

http://160.124.162.158
160.124.162.158:21
160.124.162.158:3306
160.124.162.158:443
160.124.162.158:50050
160.124.162.158:5985

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.97

23.226.51.97:22
23.226.51.97:3306
23.226.51.97:443
23.226.51.97:50050
23.226.51.97:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.98

23.226.51.98:22
23.226.51.98:3306
23.226.51.98:443
23.226.51.98:50050
23.226.51.98:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.99

23.226.51.99:22
23.226.51.99:3306
23.226.51.99:443
23.226.51.99:50050
23.226.51.99:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.100

23.226.51.100:22
23.226.51.100:3306
23.226.51.100:443
23.226.51.100:50050
23.226.51.100:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.101

23.226.51.101:22
23.226.51.101:3306
23.226.51.101:443
23.226.51.101:50050
23.226.51.101:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.102

23.226.51.102:22
23.226.51.102:3306
23.226.51.102:443
23.226.51.102:50050
23.226.51.102:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.102

23.226.51.102:22
23.226.51.102:3306
23.226.51.102:443
23.226.51.102:50050
23.226.51.102:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.104

23.226.51.104:22
23.226.51.104:3306
23.226.51.104:443
23.226.51.104:50050
23.226.51.104:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.105

23.226.51.105:22
23.226.51.105:3306
23.226.51.105:443
23.226.51.105:50050
23.226.51.105:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.106

23.226.51.106:22
23.226.51.106:3306
23.226.51.106:443
23.226.51.106:50050
23.226.51.106:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.107

23.226.51.107:22
23.226.51.107:3306
23.226.51.107:443
23.226.51.107:50050
23.226.51.107:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.108

23.226.51.108:22
23.226.51.108:3306
23.226.51.108:443
23.226.51.108:50050
23.226.51.108:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.109

23.226.51.109:22
23.226.51.109:3306
23.226.51.109:443
23.226.51.109:50050
23.226.51.109:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.110

23.226.51.110:22
23.226.51.110:3306
23.226.51.110:443
23.226.51.110:50050
23.226.51.110:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.111

23.226.51.111:22
23.226.51.111:3306
23.226.51.111:443
23.226.51.111:50050
23.226.51.111:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.112

23.226.51.112:22
23.226.51.112:3306
23.226.51.112:443
23.226.51.112:50050
23.226.51.112:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.113

23.226.51.113:22
23.226.51.113:3306
23.226.51.113:443
23.226.51.113:50050
23.226.51.113:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.114

23.226.51.114:22
23.226.51.114:3306
23.226.51.114:443
23.226.51.114:50050
23.226.51.114:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.115

23.226.51.115:22
23.226.51.115:3306
23.226.51.115:443
23.226.51.115:50050
23.226.51.115:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.116

23.226.51.116:22
23.226.51.116:3306
23.226.51.116:443
23.226.51.116:50050
23.226.51.116:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.117

23.226.51.117:22
23.226.51.117:3306
23.226.51.117:443
23.226.51.117:50050
23.226.51.117:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.118

23.226.51.118:22
23.226.51.118:3306
23.226.51.118:443
23.226.51.118:50050
23.226.51.118:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.119

23.226.51.119:22
23.226.51.119:3306
23.226.51.119:443
23.226.51.119:50050
23.226.51.119:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.120

23.226.51.120:22
23.226.51.120:3306
23.226.51.120:443
23.226.51.120:50050
23.226.51.120:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.121

23.226.51.121:22
23.226.51.121:3306
23.226.51.121:443
23.226.51.121:50050
23.226.51.121:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.122

23.226.51.122:22
23.226.51.122:3306
23.226.51.122:443
23.226.51.122:50050
23.226.51.122:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.123

23.226.51.123:22
23.226.51.123:3306
23.226.51.123:443
23.226.51.123:50050
23.226.51.123:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.124

23.226.51.124:22
23.226.51.124:3306
23.226.51.124:443
23.226.51.124:50050
23.226.51.124:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.125

23.226.51.125:22
23.226.51.125:3306
23.226.51.125:443
23.226.51.125:50050
23.226.51.125:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.226.51.126

23.226.51.126:22
23.226.51.126:3306
23.226.51.126:443
23.226.51.126:50050
23.226.51.126:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.248.248.2

http://23.248.248.2
23.248.248.2:22
23.248.248.2:3306
23.248.248.2:443
23.248.248.2:50050
23.248.248.2:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.248.248.3

http://23.248.248.3
23.248.248.3:22
23.248.248.3:3306
23.248.248.3:443
23.248.248.3:50050
23.248.248.3:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.248.248.4

http://23.248.248.4
23.248.248.4:22
23.248.248.4:3306
23.248.248.4:443
23.248.248.4:50050
23.248.248.4:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.248.248.5

http://23.248.248.5
23.248.248.5:22
23.248.248.5:3306
23.248.248.5:443
23.248.248.5:50050
23.248.248.5:8080

# Reference: https://twitter.com/MichalKoczwara/status/1378815350649802756
# Reference: https://gist.github.com/MichaelKoczwara/4feeb72a7dcf3d458612ee10c54660d5
# Reference: https://beta.shodan.io/host/23.248.248.6

http://23.248.248.6
23.248.248.6:22
23.248.248.6:3306
23.248.248.6:443
23.248.248.6:50050
23.248.248.6:8080

# Reference: https://twitter.com/MichalKoczwara/status/1379059500657827844
# Reference: https://beta.shodan.io/host/178.236.44.37

http://178.236.44.37
178.236.44.37:443
178.236.44.37:50050
178.236.44.37:8080

# Reference: https://twitter.com/MichalKoczwara/status/1379059500657827844
# Reference: https://beta.shodan.io/host/178.236.44.203

178.236.44.203:443
178.236.44.203:50050

# Reference: https://twitter.com/MichalKoczwara/status/1379059500657827844
# Reference: https://beta.shodan.io/host/178.236.46.72

http://178.236.46.72
178.236.46.72:3790

# Reference: https://www.virustotal.com/gui/file/621490623e48e2f0d4b8328aa75f767e52f2959c07c1e670d4284c32a93a010a/detection

120.79.173.180:60004

# Reference: https://www.virustotal.com/gui/file/444985ce526670ee670e32d4cae84499a7c8c438af5581be57cab07ffc1f41ab/detection

http://120.79.173.180
120.79.173.180:60040
120.79.173.180:60060

# Reference: https://twitter.com/h2jazi/status/1379816750120861697

103.117.141.192:40431

# Reference: https://twitter.com/z0ul_/status/1379812939327279105
# Reference: https://www.virustotal.com/gui/file/c9e4fbaa3af6892dd05e6a290962d077e36d91142d630bc658534d4518257a38/detection

52.163.51.150:443

# Reference: https://twitter.com/swisscom_csirt/status/1354052879158571008

microupdate.https443.net

# Reference: https://www.virustotal.com/gui/file/97f5cb962dd214fe4f06c1cf1b4cb6cc1981ce9440c401ea83b82fcaf5dfd0b1/detection
# Reference: https://www.virustotal.com/gui/file/aa39214e90d3e8db66499217362bf185338724c07df3ceb92f16631cb65dbdc1/detection
# Reference: https://www.virustotal.com/gui/file/e9006c3a9c058829378b21bb53e6697bd7e1a28fed9f02a7817da64055a632a7/detection

cdn.usbankcreditcards.com

# Reference: https://twitter.com/MichalKoczwara/status/1379876368108896259
# Reference: https://gist.github.com/MichaelKoczwara/accdf8159b943042177eb39aabd54205

elefanteru.com
furnewslether.com
streeanloanerich.com
supnewsportal.com

# Reference: https://twitter.com/Unit42_Intel/status/1379875382699167752

smollpush.com

# Reference: https://www.virustotal.com/gui/domain/dclogictrust.com/relations
# Reference: https://www.virustotal.com/gui/file/dfa140e3fb54ee8529cd5e4468fb7b67416cf139fd28ffe96cd1aab9acb915a8/detection

dclogictrust.com

# Reference: https://www.virustotal.com/gui/file/37a6651e2b833bcc0065eb14aae0f696a2471fa5350fc57149bf2ab5e1dc3480/detection

http://111.229.251.179

# Reference: https://www.virustotal.com/gui/file/ebd4ef1efc863e440f034ee37a05c6487d2a3d779eeea1b83ada264a18a011b0/detection

111.229.251.179:443

# Reference: https://www.virustotal.com/gui/file/f7bbf4a3761dccef20d794660118352e50a091ace35895e069cd0679874e02da/detection
# Reference: https://www.virustotal.com/gui/file/3d9e1f7655e2553b7c45c2cebbcb6e56cbcf1e85c8a326193e6538d65048a707/detection

167.160.189.217:12745

# Reference: https://www.virustotal.com/gui/file/5fef7ba876f331160930a1c513047cd15e5ea951b7e52868c4536dfac0c9421d/detection
# Reference: https://www.virustotal.com/gui/file/f2a9a3fdefdf1589650867b0533a3cf2823fb76415f77b0765356c7a1cf20556/detection

108.61.162.13:8011

# Reference: https://twitter.com/VK_Intel/status/1380220315729547268

http://139.180.19.152

# Reference: https://www.virustotal.com/gui/file/4053247215f656b7c8e108b847e84d16429404e6e5cd320d303020550abb58c4/detection
# Reference: https://www.virustotal.com/gui/file/97968526ee2db91bba9d1a25d2ae22097d71aa8c0bef7a478ad88237c81b43bc/detection

http://106.55.62.131
106.55.62.131:443

# Reference: https://www.virustotal.com/gui/file/2d73c4913a2a295a4b8bb347af47460e32326e726776849ae2751147be80b0dc/detection

27.124.4.36:83

# Reference: https://www.virustotal.com/gui/file/8bf7bf71962b2869d27e3aaa3934186d41ce786a07b8f82e0921eeaff14743b7/detection

27.124.4.36:84

# Reference: https://www.virustotal.com/gui/file/8e4b0045dcb124bd1293b88b1659f97d703552cb151b1dde188efb7c54d5f31c/detection

http://27.124.4.36
27.124.4.36:8080

# Reference: https://www.virustotal.com/gui/file/8a971f927ad10c9959538d4b32ccaefb9f32a98c841235f6adbca37b930c882e/detection

104.21.28.145:2052
epp.ctgcp.com

# Reference: https://www.virustotal.com/gui/file/b19b0a75a0a50102f091207c51b86a6bd78a3e40de887ec8215a2a2943f4babe/detection

92.63.107.78:443

# Reference: https://www.virustotal.com/gui/file/09b3508c59b2ea9068c57812f200bb1c168447d9ece9ae460d8e6e5314254f81/detection

92.63.107.78:445

# Reference: https://www.virustotal.com/gui/file/2fac1dc0eb23e6c67a252facac24e17bbc5606d16ccc08d07614b1efa5eebaa8/detection

92.63.107.78:81

# Reference: https://www.virustotal.com/gui/file/8b7c1091b969a765af99229d2cab11844b4fd275e65b28ecea9df1ad6a0b6db7/detection

92.63.107.78:657

# Reference: https://www.virustotal.com/gui/file/bfdd0dc5cd038ff84e5051263102705a16a46eb3a5ed2e681a5016c3fcc30afa/detection
# Reference: https://www.virustotal.com/gui/file/b6c8d1691ac864f2841ecf2db579bac344a15f05076d4dbfe4479f9f5611f6cf/detection

1.14.12.45:4444

# Reference: https://www.virustotal.com/gui/file/160f1b10c3b684ff8226ea5658afbe14364c3d17976ffe264a88e1650f389228/detection

45.132.12.130:8866

# Reference: https://www.virustotal.com/gui/file/aa39e93019d82ad5db2c8d4c9478b454dcef25e61500c91e7c0c13bfe3009879/detection

http://45.132.12.130
45.132.12.130:8088

# Reference: https://www.virustotal.com/gui/file/bb4bdd955310be371f024036e92f5d6635d2b4d46f795bccbe6c62ab7eec1d99/detection
# Reference: https://www.virustotal.com/gui/file/fe603b0ed105a0294a830defdb646a5f5bda8719e352fb2aeb5ec9c890a2780e/detection
# Reference: https://www.virustotal.com/gui/file/287c6c1d3433722f7e91c0b0d2194168b38dacdb42a92c070419646759d76cbb/detection

121.4.48.72:12345

# Reference: https://www.virustotal.com/gui/file/d742b127b6bad83ed7614beb995667c71cd52ef887207777252d2d00ad7c0d18/detection

http://185.82.219.249

# Reference: https://www.virustotal.com/gui/file/d7b0efc2d0c249d9082d7dd65b55ea072b61e2905fabddf38e0aeaa2168b3f54/detection

185.82.219.249:53

# Reference: https://www.virustotal.com/gui/file/5da004b4a6cff0010645633fa24295b093162314f91ab8948ababf6a2891cde5/detection

185.82.219.249:443

# Reference: https://www.virustotal.com/gui/file/789e8fc08f1bfeb40a66cc36cbff8ed9ff89ac0fa094831c3aa551b072e69e14/detection

globalpressinfo.com

# Reference: https://www.virustotal.com/gui/file/309ab5d2a4c0242c2f7a7d21ae6f77f2acbf50da64ae737a2e944a35feec828b/detection

124.115.21.11:8080
133.64.81.236:8080

# Reference: https://www.virustotal.com/gui/file/d509c428aa5682ff60a2bfe196a92a3e6ecbc79de8e7586f431be5647cd0c7cc/detection

124.115.21.11:53

# Reference: https://www.virustotal.com/gui/file/172a2b5ef0a4131fa994e488e83fa2a3915d74c4e061a7af8f1948544c109864/detection

20.1.1.19:443

# Reference: https://www.virustotal.com/gui/file/e364dccdedf0afd57ed5b96cd716c9bedb0fcc75980e2e34c045548e9f3422b3/detection

20.1.1.19:4444

# Reference: https://www.virustotal.com/gui/file/1c28be29802586db605424e0804965865c2e45584c7da5531c6f50d061f08544/detection

81.69.41.231:6578

# Reference: https://twitter.com/MichalKoczwara/status/1380436443756179457

ssrolt.global.ssl.fastly.net

# Reference: https://www.virustotal.com/gui/file/092fed4da898c2cd0398f75620a430dd4188823384bf8409bef947b2c6aeaf27/detection

redteam.laststanding4me.xyz

# Reference: https://twitter.com/fr0s7_/status/1380830813701427200
# Reference: https://www.virustotal.com/gui/file/4b980e2e1f654cfd0050df8579670eb693070a7e35eb1255f6bf93f13fb5d530/detection

106.52.236.88:88
sls-cloudfunction-ap-guangzhou-code-1252222501.cos.ap-guangzhou.myqcloud.com

# Reference: https://www.virustotal.com/gui/file/bd4a4053912b544a4be4e65a5d03459f81b76722066f0c902205364cdf21f111/detection

http://95.169.0.244
95.169.0.244:8071

# Reference: https://www.virustotal.com/gui/file/8c3b31de4b3268a4159ce8d70923509b27219b79aa9ee934ddb8d690ea703e05/detection

95.169.0.244:5555

# Reference: https://www.virustotal.com/gui/file/21de40c77bf78ccea763227b0619d25e318727cdfdf316b948450c3994c84a7f/detection

http://34.96.215.180
34.96.215.180:8075

# Reference: https://www.virustotal.com/gui/file/f0342703c83c60a4d00a6b2158d29e21f0a1c21a8b263b26a1852ef08580a9dc/detection

services.rogerscorp.cloud

# Reference: https://www.virustotal.com/gui/file/6d07f36cfa6f30a326425c368daff2f8153a0aedea499a23edc3d8e468e34f9b/detection

118.195.132.200:443

# Reference: https://twitter.com/z0ul_/status/1380541499880976390
# Reference: https://www.virustotal.com/gui/file/0846ae4be9ec3e444d94cb2c14ad032b0ce912e78a083a7d5e7c1abdf7a788ba/detection

vianodata.com

# Reference: https://www.virustotal.com/gui/file/7bc0fdc6b2caf2175c49bfbf735c70e462424aa45cf5d193bd8788eddac08c8c/detection

http://104.236.24.153

# Reference: https://www.virustotal.com/gui/file/7debe0216e6879df181ed35ea4d1d82b3005a8858c474ca2d88b06b4c00f2542/detection

trustsecnet.com

# Reference: https://www.virustotal.com/gui/file/8e76bc3a21cbfca01d991602dbbdff8cfb18872eb80d444bc37dc6cf1a49ebc0/detection
# Reference: https://www.virustotal.com/gui/file/b5bc6d1993ae3b85cdd9f10568ef9899c145445b33d4a6edafb49644b9fd7543/detection

http://47.242.218.175
47.242.218.175:8081

# Reference: https://www.virustotal.com/gui/file/6d134540fd2a43b3b95839fecce41c5076b3391a18d9c79e401dc39fa17e0b78/detection

http://82.157.55.243

# Reference: https://www.virustotal.com/gui/file/0b07054e442304fbd77f33150f18c413617e996b9d024ea19dc8f0ae88f9189f/detection

w3.microsoftupdate-softwarecenter.ml

# Reference: https://www.virustotal.com/gui/file/e9c757a96fddf04dc3a1f649ea64edf080b8978d3a84d15997ebc319954e44e9/detection

47.95.207.72:6371

# Reference: https://www.virustotal.com/gui/file/91fc8abaced2d4060378155c91df7322bb34d0f4b73bb89b88cbfb7347e4eff4/detection

172.67.158.160:8880
update.ubuntuupdata.ga

# Reference: https://twitter.com/MichalKoczwara/status/1381170082445987842

teamsinsight.myanalytics.cdn.office.net

# Reference: https://twitter.com/MichalKoczwara/status/1381540861754945545

berrn.net
lesti.net
dsnetslekito.xyz

# Reference: https://twitter.com/TheDFIRReport/status/1381570292540133376

office.symanteccdn.com

# Reference: https://gist.github.com/MichaelKoczwara/9b74fe4f27d4f762e8a263044e99c354
# Reference: https://www.virustotal.com/gui/file/270d8cc8372f3126c157bfd27f6e6e28521ac1921e730343a640c4a55c8e2c61/detection

amzservicedesk.com
cov19-alerts.com

# Reference: https://twitter.com/TheDFIRReport/status/1381672212445335552

regionsbankk.com

# Reference: https://www.virustotal.com/gui/file/08fa0881e78f47cea6f039af716c902beb017d22b43ee2487643d31b9ff6dc2c/detection

http://165.227.102.250

# Reference: https://twitter.com/h2jazi/status/1381731010077949953
# Reference: https://app.any.run/tasks/31f3b896-4493-48e9-a6d0-ed9baa109478/
# Reference: https://www.virustotal.com/gui/file/ec2dc64367775c73ec74474443d71007305feedd6c63adc604d76e7a2a771bf6/detection
# Reference: https://www.virustotal.com/gui/file/88d2907abded3c9bc2f7198c882e58d031e997af9910b6b5cc295bdc2c614502/detection

213.252.244.50:443
213.252.244.50:53
serevalutinoffice.com

# Reference: https://www.virustotal.com/gui/file/70917aad216c48af027a87395dff4c831a34923cb94448d3c86b5dcfc79568c5/detection

149.248.18.93:8008

# Reference: https://www.virustotal.com/gui/file/bbe51f41582d9ac0b8a2c90bafdd08af25e603a6651c79a2a3355fce8f38f194/detection

http://35.187.148.192
35.187.148.192:444

# Reference: https://www.virustotal.com/gui/file/47d501de9eb3856b6cb96c279afa68d115f2490c7a76463835ead897efefea2a/detection

35.187.148.192:443

# Reference: https://twitter.com/TheDFIRReport/status/1381932678199570436

choice.microsoft.com.ansatc.net
watson.telemetry.microsoft.com.ansatc.net

# Reference: https://www.virustotal.com/gui/file/cbdc2d0c56d67d73c4b98162355212e0d17047ca7e6d2a5e0ce761e08bf9733d/detection

106.15.251.221:8443

# Reference: https://www.virustotal.com/gui/file/2261232aba29350a742b13d1800ac97c8397efa5342e94c9595a7ef1ecd43427/detection

microsotfonline.org

# Reference: https://www.virustotal.com/gui/file/0157562c68d366f475f1ce9a488af1de0f0853e75f9552f19c716e971f569ce5/detection

http://1.15.48.111
1.15.48.111:8080

# Reference: https://www.virustotal.com/gui/file/88cd2786354cd89677ffc684fb6df0dc06c50ba719ff470aa984be12aaff9be1/detection

106.212.126.185:8080

# Reference: https://www.virustotal.com/gui/file/b474e7dc7f86726897a116218308f04b045219af3eae2558cf9219da20aa383e/detection

112.74.48.255:8888

# Reference: https://www.virustotal.com/gui/file/43cba6ce5a7a5b677718b72802e4c536cba048845f4ae4825722567ab72fd5ce/detection

112.74.48.255:54321

# Reference: https://www.virustotal.com/gui/file/f6db254fcfaf9aa3f5210f5ccb9c255d56a21e79f29dba26efd778134adb02c6/detection

112.74.48.255:23456

# Reference: https://www.virustotal.com/gui/file/04c66a652a74fbad4e4910c90ee7e610096ddbc633a62d47ee9ca330c6d4d292/detection

112.74.48.255:9999

# Reference: https://beta.shodan.io/host/112.74.48.255

112.74.48.255:10000
112.74.48.255:10001
112.74.48.255:443
112.74.48.255:50050

# Reference: https://www.virustotal.com/gui/file/5f56b24293b29eee9afbb98dee0bf6742993393ca2e75856608116660d23a7bc/detection

http://47.100.244.87
47.100.244.87:1234

# Reference: https://www.virustotal.com/gui/file/a64063405053727f6e93d3a63c9b3edeef43d702f2024a1e0029fadf4cbf34de/detection

47.100.244.87:1111
sndbox.com

# Reference: https://www.virustotal.com/gui/file/84604abdeffd49e6f27513bc9a6023ba456fc694f6952dad0fe071246145dea5/detection

http://39.106.192.198
39.106.192.198:62201

# Reference: https://www.virustotal.com/gui/file/e994bd9b914e7a79cc49d9bd81cc1a1a9fd6cb7fc6739e6b5ea74e7491e08b9a/detection

47.92.93.180:443

# Reference: https://www.virustotal.com/gui/file/cbcb2ce8d9025052f684fa16ddb7d12efe9d9a81ec9150a75c83ee98f506a122/detection

47.92.93.180:8443

# Reference: https://www.virustotal.com/gui/file/ba95bc9dafdf0ce4474811f37b5a290eba25b420ccd069920eb0de44de7f534b/detection

http://47.92.93.180

# Reference: https://beta.shodan.io/host/139.155.16.53
# Reference: https://www.virustotal.com/gui/file/df0724182796f48ba79446196495cf06d51fba6aeb4c020f12b8275450c21546/detection

http://139.155.16.53
139.155.16.53:22
139.155.16.53:8223

# Reference: https://twitter.com/MichalKoczwara/status/1382099199542632454
# Reference: 

http://18.217.142.56
18.217.142.56:22
18.217.142.56:8000

# Reference: https://twitter.com/TheDFIRReport/status/1382404537831419906

93.115.21.242:8080

# Reference: https://www.virustotal.com/gui/file/5df769f8b5697d01a485874bdf3a28c983e6163da046e96d9bb334cd2bbe390c/detection

93.115.21.242:5831

# Reference: https://www.virustotal.com/gui/file/4d0680e08f9322a901ecdb4df2cbd3392c2e74695b1aaa0198c6bd7b6d82fe68/detection

93.115.21.242:5669

# Reference: https://www.virustotal.com/gui/file/26fd2e46ec018d9276aa5a89b2fc265dc85e805ac6c534948ca31291511ff0d1/detection

93.115.21.242:7235

# Reference: https://beta.shodan.io/host/93.115.21.242

http://93.115.21.242
93.115.21.242:1194
93.115.21.242:22
93.115.21.242:443
93.115.21.242:5555
93.115.21.242:8080
93.115.21.242:8098

# Reference: https://beta.shodan.io/host/39.108.169.88
# Reference: https://www.virustotal.com/gui/file/d9a72924c0dc69d96112d650aa43c6e674d3ff357d195ebce03032c3552cdcda/detection
# Reference: https://www.virustotal.com/gui/file/7d77ea5fa917c496f1d1bab6d89c7e82e576b3f6661c35a7155f8fc2c8e1405f/detection

http://39.108.169.88
39.108.169.88:50050
39.108.169.88:6000
39.108.169.88:8080

# Reference: https://www.virustotal.com/gui/file/6670d248ed0a456188a1eb6781cd4ed7909e895115a9b1176a33efb2ecf86476/detection

139.224.53.189:5000

# Reference: https://beta.shodan.io/host/139.224.53.189

http://139.224.53.189
139.224.53.189:111
139.224.53.189:21
139.224.53.189:22
139.224.53.189:3306

# Reference: https://www.virustotal.com/gui/file/1a26c2d2abae92af65ac8406288c3902f02882eb3f121c2ad7c8f7dd7cec30a8/detection

http://82.156.202.179

# Reference: https://www.virustotal.com/gui/file/deef0e373e6b9ca6dfa9bf38b1297f129344ddaf7135c92f685f252a3e1fabfe/detection

82.156.202.179:443

# Reference: https://beta.shodan.io/host/82.156.202.179

82.156.202.179:22

# Reference: https://www.virustotal.com/gui/file/9375c1244944ac2941cc66d3d481ada4eb0cc10fbbc69553522703e4dd989180/detection

http://43.129.67.37

# Reference: https://www.virustotal.com/gui/file/7232e656dfd0666afb5dac099a49bc492ca8a831b4bdc6bd2876fba56fb5796c/detection

43.129.67.37:443

# Reference: https://beta.shodan.io/host/43.129.67.37

43.129.67.37:22
43.129.67.37:50050

# Reference: https://www.virustotal.com/gui/file/5ca8028f12ca22d59eecfa85a573a2237b053a08ebbf0a7ffdbdd30c736c6b4f/detection

http://124.70.89.118

# Reference: https://www.virustotal.com/gui/file/54b071af48aaf9d18e4ba16e9aac043ed8d81fb37e43e7df20b15750207a6b39/detection

124.70.89.118:443

# Reference: https://beta.shodan.io/host/124.70.89.118

124.70.89.118:50050
124.70.89.118:8009

# Reference: https://isc.sans.edu/diary/27308
# Reference: https://www.virustotal.com/gui/ip-address/217.12.218.46/relations
# Reference: https://www.virustotal.com/gui/file/c8e5dc8cf704b2c8f339ac43610d8c20d3d00fd8f1a3296cb288f644236d9583/detection

http://217.12.218.46
217.12.218.46:443

# Reference: https://www.virustotal.com/gui/file/a40ee51eccdb165865aeaec110a49640461d813d5c6ae587cbee242383abad58/detection

96.45.180.73:28371

# Reference: https://beta.shodan.io/host/96.45.180.73
# Reference: https://www.virustotal.com/gui/file/70d6af63da8abdaddbb2e1633e59445a6504313d4fc0c445a119c6a26b50ab69/detection

http://96.45.180.73
96.45.180.73:28371
96.45.180.73:443

# Reference: https://twitter.com/MichalKoczwara/status/1382651395321556993
# Reference: https://www.virustotal.com/gui/ip-address/51.81.153.127/relations

cruel.coreforce.net
madness.coreforce.net

# Reference: https://twitter.com/kyleehmke/status/1382678471797784578

greattxmsng-imgx.com

# Reference: https://twitter.com/bryceabdo/status/1382774592993947653

capuxix.com
derotin.com
gowale.com
gucunug.com
pavateg.com
rinutov.com
yazorac.com

# Reference: https://twitter.com/TheDFIRReport/status/1382757614094852103

service-3ehlvob0-1301977346.gz.apigw.tencentcs.com
service-7swl0aox-1257100087.cd.apigw.tencentcs.com
service-fooemyjn-1304230653.sh.apigw.tencentcs.com
service-hzt1fyzo-1305236517.gz.apigw.tencentcs.com
service-ijuzpjsx-1255997775.bj.apigw.tencentcs.com
service-iwos0gcv-1257776894.sh.apigw.tencentcs.com
service-pvgy9r42-1257357125.gz.apigw.tencentcs.com
service-0dibtqsv-1255352921.cd.apigw.tencentcs.com
service-4ng7k4aw-1256691685.gz.apigw.tencentcs.com
service-dlijjgbw-1304664184.hk.apigw.tencentcs.com
service-ln18385c-1253152225.hk.apigw.tencentcs.com

# Reference: https://twitter.com/rufusmbrown/status/1383122888690171910

estouki.com
serviapd.com

# Reference: https://tria.ge/210417-5glw799k72/static1

sage-salesforce.com

# Reference: https://twitter.com/MichalKoczwara/status/1383453298972258307
# Reference: https://tria.ge/210417-9gb3pkc77j/static1
# Reference: https://www.virustotal.com/gui/file/62e625ff93a5f5c6954439c504ceeed7a4e107e27085bbb931238c167cb8e137/detection

http://193.29.13.209
193.29.13.209:443

# Reference: https://twitter.com/TheDFIRReport/status/1383033903993262081

http://80.209.228.62
80.209.228.62:8080
azuresecure.tech

# Reference: https://www.virustotal.com/gui/file/40f3ccdbf712676d288ce2abc5673ffd7976d557fda9f6f9a1402ece02a2e67e/detection

http://45.134.0.24
45.134.0.24:81

# Reference: https://www.virustotal.com/gui/file/6226cfc77a3b4836c2118618c6aee9c7f0690e89380e514e172a31456b34635c/detection

172.67.190.47:8080
micrsoft.org

# Reference: https://www.virustotal.com/gui/file/74e453065780b199cfd0a04a74a9eefc6aeb11fb863efc37c2556852ec164c6b/detection

http://47.110.44.78

# Reference: https://www.virustotal.com/gui/file/243216c700283f5cd518ab50cc70c881015845b81bee5c48925b62f72954737c/detection

47.110.44.78:6789

# Reference: https://www.virustotal.com/gui/file/996d2d2109da0b974319de53b5986dbd41b7acf8d60c800ce88bf84b9dcdc2c5/detection

173.82.154.104:8443

# Reference: https://www.virustotal.com/gui/file/e91041e4bf140bb57ab8c4375fdb6ace83f3735f35c612995f0365267b4a291e/detection

http://173.82.154.104

# Reference: https://www.virustotal.com/gui/file/25336bed38a22efd663d1a2e1edfaaca584186fefea224d2d14fa5c96f1ad56c/detection

http://8.210.28.24
8.210.28.24:8080

# Reference: https://www.virustotal.com/gui/file/064924bf49bd1809d90df0169eb6e354ce8f5b88100bb39b89460c480121fbeb/detection

182.254.240.188:60000

# Reference: https://twitter.com/MichalKoczwara/status/1382958325965467648

d17e6gprvxm55x.cloudfront.net
d2y0zf746pooa8.cloudfront.net
scangroup.azurewebsites.net

# Reference: https://twitter.com/MichalKoczwara/status/1384193759248752645

scripts.general-aerospace.de

# Reference: https://www.virustotal.com/gui/file/f6769d25b1bdc89135e44829b2d1d2e3ae8d93bfb10e9e3142a736c3156d7ea1/detection

updaternetworkmanagerr.com

# Reference: https://www.virustotal.com/gui/file/51964db1d8eb8f069c617d306bf1581cb8e31d5d650fe743840c2b3af3ab7323/detection

http://185.183.84.197

# Reference: https://www.virustotal.com/gui/file/002ec1b1be62d832953a834ba024593a81f4066d63a67edb8e9dad2bda48e915/detection

47.92.137.130:8082

# Reference: https://www.virustotal.com/gui/file/d1ff0f2c6d49c1b0e97065a485c47195b6febb5f103f1c5fbebdc37fd6d2351c/detection

47.92.137.130:13356

# Reference: https://www.virustotal.com/gui/file/dfb9d9eb8dcc6fc62748189d0f0e60f618b5043200d513da265d0e2ad83992ae/detection

http://42.81.125.27

# Reference: https://www.virustotal.com/gui/file/c58db36407808b5d999c60fb7aa590aa32eed70596559715de5a4d95f94fa2a3/detection

lyru96px.slt.cdntip.com
monitorsz.910app.com
monitorsz.910app.com.dsa.dnsv1.com

# Reference: https://www.virustotal.com/gui/file/9e4db204ceb0cc2395ea653a15ed76ef8d6d301325b437c4b3e98a046e762653/detection

http://45.32.39.205
45.32.39.205:8443
cdn-116.anonfiles.com

# Reference: https://twitter.com/_re_fox/status/1384526198672445442
# Reference: https://www.virustotal.com/gui/file/e7321f88fb5e5dc4f90a039a04d49797f933878b64ffad30f331d1a09ea330ff/detection

167.179.70.183:8080

# Reference: https://www.virustotal.com/gui/file/3938467f9676ae5d8907f3b10d5f7a34257f2981165feb61fefae8b6574451bc/detection

103.234.72.37:23987
103.234.72.37:42312

# Reference: https://www.virustotal.com/gui/file/0ab6d930183b9f7aeb3c1c2ae891eca257aa73feb6b5409b000f97bc456a6690/detection

148.70.94.130:8888

# Reference: https://www.virustotal.com/gui/file/2f3e1da07ff20cd208e657767d3b8454176c4237e14c4f40d9cfaf4fac37db22/detection

http://47.95.251.226
47.95.251.226:8888

# Reference: https://www.virustotal.com/gui/file/b370382c2025f72e99caa91fb0a649aafa38cf23205fab62f913bb493c96e6fa/detection

http://77.83.159.52

# Reference: https://twitter.com/malwrhunterteam/status/1384842208440901632
# Reference: https://www.virustotal.com/gui/ip-address/8.208.86.98/relations
# Reference: https://www.virustotal.com/gui/file/9137036a1314dbf4f8b57efad62ba8aa960da6dba6c19b8321456ebb3e2ecd48/detection

trashgopshop.net

# Reference: https://twitter.com/malwrhunterteam/status/1384859846823055366
# Reference: https://www.virustotal.com/gui/file/eb660626e76357d076c51860575ac324bc74c4cc42c1c142d3191bf85417e8f7/detection

43.129.69.14:5166

# Reference: https://www.virustotal.com/gui/file/cfa6e4b9083697fef852a5c125ae4aac65abb9a805c6c08586c399e6d871b9a4/detection

http://34.96.250.204
34.96.250.204:443

# Reference: https://www.virustotal.com/gui/file/7d418a3be8863a0b586001e4470ead40fb1a514f9d58833ecdb0ddd9881e8805/detection

103.147.12.11:9527

# Reference: https://www.virustotal.com/gui/file/50df2d13ca6a15078c30fd8b7a14bf24305adb68a10e19b506cb6a88aee97de4/detection

47.115.129.109:6880

# Reference: https://www.virustotal.com/gui/file/06a2cde15cd3466b00dcdd313b1d654e2735faceafa214fa03a691f247dad658/detection

101.133.233.235:8084

# Reference: https://www.virustotal.com/gui/file/195a2fcf635946dd9b115a8564796f912946e96b1761b5b0b906ca0f8cd02c1c/detection

101.133.233.235:443

# Reference: https://www.virustotal.com/gui/file/e957f9fc97aa4938dbafccc0c3d828f8c4fea677705ce8ad96bfdea9f2d920a2/detection

http://124.71.199.146
124.71.199.146:8888

# Reference: https://www.virustotal.com/gui/file/c0873be6ac83cfde388ee51e259d0a7f09d550800278ec7e61743f8d80e4e2d6/detection

8.140.171.56:2551

# Reference: https://twitter.com/malwrhunterteam/status/1384865722493546499
# Reference: https://www.virustotal.com/gui/file/868bd79dcc9bcf321efaf27e6fbf8a7c428a5ef3b9965b5a95804c7c063b4368/detection

duck-json.ml
info.duck-json.ml

# Reference: https://www.virustotal.com/gui/file/48b71311d1be362a591c0d3267e7bc938e4b4e28f0354e8ce1869b50e881226f/detection

47.105.115.125:443
21tb-file3.21tb.com
21tb-file3.21tb.com.w.kunlunca.com

# Reference: https://www.virustotal.com/gui/file/2bd0d8559ff90086d1f7d3caa0a5b522bbbbbaca37bd32a2a7ae281e75bbe4db/detection

47.105.115.125:60020

# Reference: https://www.virustotal.com/gui/file/de32e2a67d29f786cc29bfd91539f500db09a28cb4d4fdd75f97171b3de319cc/detection

47.105.76.103:443

# Reference: https://www.virustotal.com/gui/file/0223141d67ee797c32ab6b0155c833ad9dd3fb5697ea8da8b6f710875602a152/detection

47.105.76.103:8023
47.105.76.103:8081

# Reference: https://www.virustotal.com/gui/file/e95b1b287a1816a5026bd251402856bde5d6700b73802217dad0886443544c0e/detection

47.105.76.103:6443
47.105.76.103:8088

# Reference: https://www.virustotal.com/gui/file/e521e16b80801f687eac744d1d17dffc0c1b23eacfaa898e47ec6144ffc8a640/detection
# Reference: https://www.virustotal.com/gui/file/8b31592c7420f3116067fafcda3291abca542cf10214ad85a169cb7c7a12a3a8/detection

misty-wind-488d.360xcn.workers.dev

# Reference: https://twitter.com/malwrhunterteam/status/1384873239650897921
# Reference: https://twitter.com/malwrhunterteam/status/1384878436066410499
# Reference: https://www.virustotal.com/gui/file/b6589916e8ac48bba1959300d7ef25a62c8e36ab52740bcc3b85556fbebb5da8/detection
# Reference: https://www.virustotal.com/gui/file/849538691a922c17ced6caa7aca90413faca49b303c5dbf1eded7ab564a8574f/detection

bare.3dfb47b2.postnord.berylia.org
justice.gov.berylia.org
mfa.gov.berylia.org
gov.berylia.org

# Reference: https://twitter.com/malwrhunterteam/status/1384876512533491715
# Reference: https://www.virustotal.com/gui/file/86630feec7f5396bb860d474a18e523b4cdfeb0c8a5fe5f0c0800cb3de2bb493/detection

kill.763efebe.ns1.virustotal.co.uk
kill.763efebe.ns2.virustotal.co.uk
kill.763efebe.ns3.virustotal.co.uk

# Reference: https://www.virustotal.com/gui/file/d92be011b61a6b090c820122c2c1281cff299e13881161d926a8157357ac8854/detection

http://121.5.222.56
121.5.222.56:8088

# Reference: https://www.virustotal.com/gui/file/cdcdcca153bf79a457cae88feb171cf2de793b927ab225d08e71d99f519efa63/detection

39.108.82.228:8443

# Reference: https://www.virustotal.com/gui/file/fd3031b7c513c500b45483996dad40b257f18f8b640869879c9f54b0718f0590/detection

http://175.24.121.254
175.24.121.254:8080

# Reference: https://www.virustotal.com/gui/file/0efe5b2877ef12bbf5e423ec2676a682fa5bcff4b1369f9463c8d8954bc5a95d/detection

47.102.204.195:8083

# Reference: https://www.virustotal.com/gui/file/4a12c40e598f9517cc15dea129611359bb7d6ed67c0fb21196592b86b433309b/detection

47.102.204.195:6666

# Reference: https://www.virustotal.com/gui/file/278c8fb6fed54cbcd05868a7cc59f89df8403a8319d7393654c50cdcd4801102/detection

47.102.204.195:443

# Reference: https://www.virustotal.com/gui/file/c85d5fcaa5c333fa56b40fc87baff50c8203e423b40bb8c2d5549bb8dd578c55/detection

http://39.99.159.175
39.99.159.175:81

# Reference: https://www.virustotal.com/gui/file/f55b8421c2779c6008934d09ade1d219d85f54cd70899fe9243070e578a608e1/detection

http://107.173.246.60
107.173.246.60:63955
google-dev.tk

# Reference: https://twitter.com/TheDFIRReport/status/1385190394317529090
# Reference: https://beta.shodan.io/host/140.143.227.19

http://140.143.227.19
140.143.227.19:50050

# Reference: https://twitter.com/TheDFIRReport/status/1385190394317529090
# Reference: https://beta.shodan.io/host/173.255.245.160

http://173.255.245.160
173.255.245.160:21
173.255.245.160:22
173.255.245.160:3389
173.255.245.160:443

# Reference: https://twitter.com/TheDFIRReport/status/1385190394317529090
# Reference: https://beta.shodan.io/host/176.121.14.113

http://176.121.14.113
176.121.14.113:111
176.121.14.113:22
176.121.14.113:443
176.121.14.113:50050

# Reference: https://twitter.com/TheDFIRReport/status/1385190394317529090
# Reference: https://beta.shodan.io/host/185.106.123.3

http://185.106.123.3
185.106.123.3:22
185.106.123.3:443

# Reference: https://twitter.com/TheDFIRReport/status/1385190394317529090
# Reference: https://beta.shodan.io/host/185.106.123.5

http://185.106.123.5
185.106.123.5:22
185.106.123.5:443
185.106.123.5:8181

# Reference: https://twitter.com/TheDFIRReport/status/1385190394317529090
# Reference: https://beta.shodan.io/host/185.70.187.157

http://185.70.187.157
185.70.187.157:22
185.70.187.157:50050

# Reference: https://twitter.com/TheDFIRReport/status/1385190394317529090
# Reference: https://beta.shodan.io/host/39.105.9.3

http://39.105.9.3
39.105.9.3:4444
39.105.9.3:50000
39.105.9.3:8087
39.105.9.3:9082
39.105.9.3:9443

# Reference: https://www.virustotal.com/gui/file/5e1d054fcb3cf643722cd9f86c7f58ee34067bd5367688914f1770514879b12a/detection

braunballon.com

# Reference: https://twitter.com/vikas891/status/1385306823662587905

185.106.123.2:8531
185.106.123.3:1222
185.106.123.3:443
185.106.123.3:65322
185.106.123.3:8531
185.106.123.49:8531
185.106.123.4:8531
185.106.123.5:8531
185.106.123.6:8531

# Reference: https://twitter.com/kyleehmke/status/1385308821799804928

udpdeliveryddp.com

# Reference: https://www.virustotal.com/gui/file/735bcb3ceb3291e261163382863320acb91c090492e2e122c734d2fe68845db5/detection

http://49.232.217.235
49.232.217.235:10088

# Reference: https://www.virustotal.com/gui/file/4ee4611bf4eb707c6d83ca15cc813b1e5fd642b5893c71ba1ba0390c60c7d1e0/detection

http://81.70.221.214
81.70.221.214:4444

# Reference: https://www.virustotal.com/gui/file/f68676bb722e4aacc3e057fa0bf7040c0e93d8e0d979dd0e5823675e54135204/detection

144.202.52.61:8443

# Reference: https://www.virustotal.com/gui/file/af54f2fe0f5ddf27bb859b9bf75977cfc670b73dbbcd4b0cb1e64d1f8243f103/detection

144.202.52.61:9443

# Reference: https://www.virustotal.com/gui/file/994cee86b18fc870a4fb36cc09edcf41c637d5ae78e88cdddffb91ca3c6dbca0/detection

update-doc.info

# Reference: https://twitter.com/MichalKoczwara/status/1385679642791665668

financebanck.com
micrasoftdefender.com

# Reference: https://www.virustotal.com/gui/file/adf64f866bcc4d0ff3fecced17c5a1a1d344cecf1ad1514eb710d6fd0c15eb51/detection

34.96.156.66:443

# Reference: https://www.virustotal.com/gui/file/97f885114744ab904340df854f381d9686ceb2c07819a005c3ee0f0085cdc815/detection

http://34.96.156.66
34.96.156.66:8899

# Reference: https://twitter.com/sS55752750/status/1385358955728232448

http://213.252.244.213

# Reference: https://www.virustotal.com/gui/file/f9c01ee6f62a7644ee21d6ab15b87ae6613bb34976c4a4a13e0325186f03cc24/detection

43.128.19.219:443

# Reference: https://www.virustotal.com/gui/file/d2adc673985ecf704fc0f7f9e34dc8754a46aba14f01df87db1f6d974e0f4fea/detection

43.128.19.219:8099

# Reference: https://www.virustotal.com/gui/file/871b9168b373f9f4dfd23e6252b08ba1db4b55e1a534d355a9b8ef1e0e985518/detection

23.225.44.75:443

# Reference: https://twitter.com/TheDFIRReport/status/1383956373352763397
# Reference: https://twitter.com/TheDFIRReport/status/1383956371905732617
# Reference: https://www.virustotal.com/gui/ip-address/116.206.92.26/relations

116.206.92.26:443
116.206.92.26:8443
ondriev.tk
twittre.tk

# Reference: https://www.virustotal.com/gui/file/5fa70c345cc3c22e5d162eb69fe94bf08564d7995fd28b6d2105a32d9480554e/detection

http://111.229.91.72
111.229.91.72:339

# Reference: https://beta.shodan.io/host/47.104.18.136
# Reference: https://www.virustotal.com/gui/file/a2108a1785655d9a45939c956fdd750d336fae68f33935a3f0c08621d83f20ff/detection
# Reference: https://www.virustotal.com/gui/file/7247c0263a1db8833d8f58b485f92a53995c68e0a50c9b18e36b856bd4321337/detection

http://47.104.18.136

# Reference: https://www.virustotal.com/gui/file/fff6e7ad0a2a7b13b86da890d50afcf406034148dadbdc23a34f51b23097bfa3/detection

http://8.140.75.18
8.140.75.18:8443

# Reference: https://www.virustotal.com/gui/file/79f1ffc17dee5643dcab9d659fbd911aa3388937a45c2bfda190f802b7d25461/detection

http://121.4.213.91

# Reference: https://www.virustotal.com/gui/file/1d1a7e73a5f19bbbe39413c78194d88d0e1cf797d6acee0d9ca4fb8a3611aefc/detection

121.4.88.169:8888

# Reference: https://www.virustotal.com/gui/file/1eca003f1bb52bf002edd3ad5dbfbea006ba02722a585210c699762b8a0f85c0/detection

http://121.4.88.169
121.4.88.169:8889

# Reference: https://www.virustotal.com/gui/file/5fcd50ff4a2127f48fd48c4a4704d3b2431e4b5901ae9d7d9558270d97ff8920/detection

http://41.216.177.109
41.216.177.109:5656

# Reference: https://www.virustotal.com/gui/file/716bea199ab05335b622d83c841d3d3ab3529d0f6286ab783d67b4b515cb83bf/detection

http://120.79.128.109
120.79.128.109:1234

# Reference: https://twitter.com/h2jazi/status/1386102133397803011

45.121.147.22:3433

# Reference: https://twitter.com/MichalKoczwara/status/1386269207415951361

http://194.15.216.20
194.15.216.20:3389
194.15.216.20:443
194.15.216.20:445
194.15.216.20:5985

# Reference: https://beta.shodan.io/host/93.119.178.213
# Reference: https://www.virustotal.com/gui/file/17d73ff8d0b2a9b83a0a08ad20ccdf0ad795dfbef2546a407be7605fa762c95c/detection
# Reference: https://www.virustotal.com/gui/file/a46543bab412db276db45832503c76592a0b1473215f7c4dc835961fd3c0956c/detection

http://93.119.178.213
93.119.178.213:8081
93.119.178.213:8443

# Reference: https://twitter.com/_brettfitz/status/1386090788438876162
# Reference: https://beta.shodan.io/host/45.141.84.30
# Reference: https://www.virustotal.com/gui/file/d97a3367fb41e64f39836b3388218719c87a413e0fbe04e5b9573b17c48bc0fb/detection
# Reference: https://www.virustotal.com/gui/file/cc24dbc36aba675280d8c9a91d3c63297beeca833c98149a9e57bcfcf5eae953/detection

http://45.141.84.30
45.141.84.30:111
45.141.84.30:22
45.141.84.30:443

# Reference: https://twitter.com/MichalKoczwara/status/1386431966136791043
# Reference: https://beta.shodan.io/host/195.206.181.210
# Reference: https://www.virustotal.com/gui/file/386bdf80a150898f66c9119dc7167585129232e94d6a8ebe29a8c5ff29289228/detection

http://195.206.181.210
195.206.181.210:22
195.206.181.210:443
citrixsecurityy.com

# Reference: https://twitter.com/MichalKoczwara/status/1386440030214922242
# Reference: https://beta.shodan.io/host/195.206.181.208
# Reference: https://www.virustotal.com/gui/file/681cf79a42faa55f0afb3c2b7ee707f6457923489b5dbb465b9278e287e5a727/detection

http://195.206.181.208
195.206.181.208:22
195.206.181.208:443
195.206.181.208:50050
itsuppport.com

# Reference: https://twitter.com/MichalKoczwara/status/1386444786677305350
# Reference: https://beta.shodan.io/host/195.206.181.213

http://195.206.181.213
195.206.181.213:22
195.206.181.213:443
195.206.181.213:50050
antivirusmallware.com

# Reference: https://www.virustotal.com/gui/file/e365ed16da8b9690fe6f657d8cd54040163f66487d48a92deaf1fa22ff0821fd/detection
# Reference: https://www.virustotal.com/gui/file/f3990a51a65f3977a556129fab8ccb01605c916f293c0519ae11c8720074f88e/detection

72.142.102.133:443
tr1.accountsync.net

# Reference: https://www.virustotal.com/gui/file/4221a58582224362249f41a07918015a730a2ef93050dc25f585cc9498095667/detection

24d60ffa.doc.mscode.ml
24d60ffa.docs.mscode.ml

# Reference: https://twitter.com/TheDFIRReport/status/1387002333528199172

87.120.8.67:443

# Reference: https://twitter.com/z0ul_/status/1387125626788851717
# Reference: https://www.virustotal.com/gui/file/f0755bcf5ee6e947846f35596962519e8f71cab86de1d04e12964df0915165b7/detection

zulomuw.com

# Reference: https://twitter.com/mojoesec/status/1387121872039469060

hireja.com

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/185.158.249.38

http://185.158.249.38
185.158.249.38:111
185.158.249.38:22

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/185.25.51.10

http://185.25.51.10
185.25.51.10:22
185.25.51.10:443
185.25.51.10:8090

# Reference: https://twitter.com/TheDFIRReport/status/1387070281987108865
# Reference: https://beta.shodan.io/host/45.32.17.125

http://45.32.17.125
45.32.17.125:22
45.32.17.125:8080

# Reference: https://www.virustotal.com/gui/file/feb122e10fc38f4b10293ad3967d3f202b004deca7c3d1397162f317e873ebeb/detection
# Reference: https://www.virustotal.com/gui/file/47fb6b98ffa79352d3f805cccee8560f98144a17b835721f40d62836ea23a728/detection

http://180.215.192.142
180.215.192.142:5566

# Reference: https://www.virustotal.com/gui/file/e1917f85beb76feed62551129f607b499fada088c1c0bd49fa321ddc9bbd8b9e/detection

http://52.255.141.165
52.255.141.165:58481

# Reference: https://www.virustotal.com/gui/file/cb49ac35f8639fd32a88e99e7d23ec91b961e45aff9f78c76f8d5627fc71e9a0/detection

118.178.89.110:6066

# Reference: https://www.virustotal.com/gui/file/f3977d974b65b8124a14c231c6d29eec92613e08d648730640bf797c623a94c6/detection

118.178.89.110:6456

# Reference: https://www.virustotal.com/gui/file/3f2cae5179e417d770e09f4377ea91883da9de2ed355e8810e2837f44fdc4ef6/detection

http://118.178.89.110

# Reference: https://www.virustotal.com/gui/file/b22dee155072bd66ad8fcb5f6b656244b0eaa075abdda35ca99f7a851281dd31/detection

101.132.143.19:443

# Reference: https://www.virustotal.com/gui/file/93d4498726e2845f7af1b2774b0d0215a73e7ff4354be6d540827f7ccb93bcc6/detection

http://118.25.250.59
118.25.250.59:4399

# Reference: https://www.virustotal.com/gui/file/54cce53daef32a8a7a490dba9d233235002f090723cae9d1314275eb4330cafc/detection

118.25.250.59:5000

# Reference: https://www.virustotal.com/gui/file/ea78cd2f7943babbc394002b3657b703c4f424bdce244ca31c507f877d9b82e3/detection

118.25.250.59:5546

# Reference: https://www.virustotal.com/gui/file/96712d02af7666700a999c0328c78c9211de058d2374f06024df37edfed354b5/detection

118.25.250.59:5757

# Reference: https://twitter.com/TheDFIRReport/status/1387455318569988105
# Reference: https://beta.shodan.io/host/45.32.17.125

http://45.32.17.125
45.32.17.125:22
45.32.17.125:8080

# Reference: https://twitter.com/TheDFIRReport/status/1387455318569988105
# Reference: https://beta.shodan.io/host/45.76.221.240

45.76.221.240:22
45.76.221.240:8000

# Reference: https://twitter.com/TheDFIRReport/status/1387455318569988105
# Reference: https://beta.shodan.io/host/18.218.140.159

http://18.218.140.159
18.218.140.159:443

# Reference: https://twitter.com/malwrhunterteam/status/1387402798409691137
# Reference: https://www.virustotal.com/gui/file/0a202201f0eb7cf0566684261e8cdaabb4e498ee54bef137e4f0673b1e7b14ee/detection

45.142.214.139:4001
45.142.214.139:4005

# Reference: https://www.virustotal.com/gui/file/c86ae533818a1c207d8531e7e1e4a4f21b2debfdd51a4103a1afc5512575309c/detection

http://45.77.253.123
45.77.253.123:8080

# Reference: https://www.virustotal.com/gui/file/050b124706fd293cf9fe281f4a0cf2f17e96a6de53fb00139407ee9f9655a2d1/detection

http://155.94.149.236
155.94.149.236:8088

# Reference: https://www.virustotal.com/gui/file/9a2b6732beee3a79ddc01640ea2d4c5b9a8be53a177b8cb7b3ae852676c32dca/detection

http://23.94.4.62
23.94.4.62:89
cs.608000.xyz

# Reference: https://www.virustotal.com/gui/file/399c816f3eeff8b5c4c45b7c01f79176815aed5848b621db03658425e8e89907/detection
# Reference: https://www.virustotal.com/gui/file/90fbb91506247d267f0419e131678d45cb8c036b7c5bb24563000c34f40222e1/detection

cs.910001.xyz
eluosijiaofu.com

# Reference: https://www.virustotal.com/gui/file/1e7455a185b3bfcc30c20f96899adeb109aa4b80f6ad632a32c129901abf24f1/detection

http://155.94.133.104
155.94.133.104:5656

# Reference: https://twitter.com/Artilllerie/status/1387783551836434433

http://159.65.36.16
159.65.36.16:443

# Reference: https://twitter.com/z0ul_/status/1387861714037846021
# Reference: https://twitter.com/bryceabdo/status/1387871941982400512
# Reference: https://www.virustotal.com/gui/file/ecb843e273a1466cc30236163514fc5ec75031651448b30ba2f163578c62bb5b/detection

aphapt.com
holerd.com
locoore.com

# Reference: https://medium.com/walmartglobaltech/cobaltstrike-stager-utilizing-floating-point-math-9bc13f9b9718
# Reference: https://otx.alienvault.com/pulse/608b0f90ccb0b8cbb17fe4d4

adsec.pro
aloogi.com
manageupdaternetwork.com

# Reference: https://www.virustotal.com/gui/file/ad4ae4f143bf25cb3058772392ceff6b06f6713aeedfa17abda90128d0d2267b/detection

http://106.75.76.94
106.75.76.94:5555

# Reference: https://www.virustotal.com/gui/file/f6d1f4959a26952b146555956505c679dbaa5df1ab1a5ac945bd1ca6d06d2e10/detection
# Reference: https://www.virustotal.com/gui/file/b4ba18111bb808b96ea52b053a009689bbd82eef7d6cf7f82a7cfd7fd3c76c25/detection

http://144.34.183.18
144.34.183.18:4567

# Reference: https://www.virustotal.com/gui/file/822e73ed2f92e3a061fa830244cd838617d6533ee47143a98c9cb1f119026adc/detection

64.227.24.12:443

# Reference: https://www.virustotal.com/gui/file/fe6f356105b488f407ad09819547e138007d6a6c5c1e731c7da52f5a985006ef/detection

157.230.184.142:443

# Reference: https://twitter.com/KorbenD_Intel/status/1388206452574236674

4fzjyvs545osjxsr.onion

# Reference: https://twitter.com/bryceabdo/status/1388241517106630662
# Reference: https://www.virustotal.com/gui/file/7077c089133107a412cc08cc6bbb3457e5d4fda29786292db93ea562bef40f99/detection

drellio.com

# Reference: https://www.virustotal.com/gui/file/a78f3f866702b08ca05d18f17ad5393a1427ccc32efdf7a4e0796fb52c70f39e/detection

http://47.95.146.159
47.95.146.159:55556

# Reference: https://twitter.com/TheDFIRReport/status/1389181495898693633
# Reference: https://beta.shodan.io/host/147.135.78.200
# Reference: https://beta.shodan.io/host/23.108.57.39

http://147.135.78.200
http://23.108.57.39
147.135.78.200:22
147.135.78.200:50050
23.108.57.39:443

# Reference: https://twitter.com/rufusmbrown/status/1389255757284130818

getlivemusicshop.com
silenceel.com
mompat.com
fursco.com

# Reference: https://www.virustotal.com/gui/file/0a4cb4f0ef237c839fbbc9e32db2cc6afced6b812d1d11f1413cdfd61435667b/detection

http://111.173.89.67
111.173.89.67:7799

# Reference: https://www.virustotal.com/gui/file/e5fb0c197573049efc5e7930ba06b3a1039c35f68644bd6b138b1ddd59ec2c9b/detection

213.164.205.138:443

# Reference: https://twitter.com/shabarkin/status/1389209226732572672
# Reference: https://www.virustotal.com/gui/file/ddcc339454e5cc42f307a2e690d411fbcd1fe439d69a5252473d400c45881293/detection

http://139.177.196.191
http://195.206.181.208
http://195.206.181.210
http://8.140.190.80
121.40.52.153:8080
139.177.196.191:443
172.81.205.217:443
195.206.181.210:443
195.206.181.210:443
47.110.83.12:443
51.81.153.37:443
52.229.22.93:443
8.140.190.80:443
office3949in.com
dev.burdine-health.com

# Reference: https://gist.github.com/MichaelKoczwara/7a6a1d366db0e43d024524cff7b31759

http://101.201.145.63
http://106.14.38.189
http://106.52.181.247
http://118.195.162.4
http://118.24.9.34
http://120.26.44.254
http://120.92.139.155
http://121.196.63.110
http://121.4.249.122
http://121.40.52.156
http://123.57.209.41
http://139.129.243.114
http://139.199.118.78
http://175.27.236.117
http://212.64.69.215
http://218.244.154.94
http://39.102.55.191
http://42.192.1.130
http://42.193.220.212
http://49.235.198.76
http://62.234.99.204
101.201.145.63:22
101.201.145.63:50050
101.201.145.63:8090
106.14.247.149:1234
106.14.247.149:22
106.14.247.149:50050
106.14.38.189:22
106.14.38.189:50050
106.14.38.189:8888
106.52.181.247:22
106.52.181.247:443
106.52.181.247:50050
106.52.181.247:8080
114.117.213.24:1234
114.117.213.24:3000
114.117.213.24:8089
114.215.182.44:22
114.215.182.44:50050
114.215.182.44:8080
118.195.162.4:50050
118.195.162.4:8080
118.195.162.4:8888
118.24.9.34:50050
119.23.8.187:22
119.23.8.187:50050
120.26.44.254:22
120.26.44.254:50050
120.26.44.254:8888
120.77.0.33:22
120.77.0.33:4443
120.77.0.33:50050
120.92.139.155:22
120.92.139.155:443
120.92.139.155:50050
121.196.63.110:22
121.196.63.110:443
121.196.63.110:50050
121.4.249.122:22
121.4.249.122:50050
121.4.249.122:8888
121.40.124.244:22
121.40.124.244:50050
121.40.52.156:50050
121.40.52.156:8080
121.5.10.238:22
121.5.10.238:50050
121.5.117.32:22
121.5.117.32:50050
121.5.152.196:22
121.5.152.196:50050
121.5.152.196:8099
123.57.209.41:22
123.57.209.41:443
123.57.209.41:50050
123.57.209.41:8080
139.129.243.114:50050
139.199.118.78:22
139.199.118.78:50050
140.143.168.220:22
140.143.168.220:50050
140.143.168.220:8888
175.27.236.117:22
212.64.69.215:22
212.64.69.215:50050
212.64.69.215:8888
218.244.154.94:22
218.244.154.94:50050
39.102.38.121:22
39.102.38.121:4443
39.102.38.121:50050
39.102.55.191:22
39.102.55.191:443
39.102.55.191:50050
42.192.1.130:22
42.192.1.130:50050
42.193.220.212:22
42.193.220.212:50050
42.193.225.116:22
42.193.225.116:8888
47.100.95.224:22
47.107.78.225:22
47.107.78.225:50050
47.118.40.231:22
47.118.40.231:50050
49.235.198.76:22
49.235.198.76:50050
49.235.198.76:8099
49.235.198.76:8443
62.234.99.204:22
62.234.99.204:443
62.234.99.204:50050
62.234.99.204:8080
62.234.99.204:8888
81.68.107.151:22
81.68.107.151:50050
81.71.25.190:22
81.71.25.190:50050
81.71.25.190:8080
81.71.25.190:8081
81.71.25.190:8082
81.71.25.190:8443
81.71.25.190:9443

# Reference: https://www.virustotal.com/gui/file/a278c36a24c7315a0d8d7f8c1adf2a4ac927b25f72aca330fdb7ea77be86ac48/detection

http://115.159.97.35
115.159.97.35:801

# Reference: https://www.virustotal.com/gui/file/3ba754aa48dbf37d0f61abe9e3a8c7491b89ab61d99a8fcac5ab64780a279a63/detection

http://149.28.209.239
149.28.209.239:9875

# Reference: https://www.virustotal.com/gui/file/c90209651c24c6433123ce89a025b5ba3869f32fc048825ccfa287dd6f518143/detection

http://31.44.184.125

# Reference: https://twitter.com/AdamTheAnalyst/status/1389531245328089091

asl-ofc-msoffice.com
dsl0-msoffice.com

# Reference: https://www.virustotal.com/gui/file/c0086701f75222217fb851855a969964adb87bb692d46668278b9b15d5ea99a3/detection

http://81.68.73.237
81.68.73.237:6666

# Reference: https://www.virustotal.com/gui/file/e3dc5f5329202b338b29037996905579f27c85545b58bc2b1e5c0a0c8c592765/detection
# Reference: https://www.virustotal.com/gui/file/6663749f7b99576d05b4cda09485b451c671b1afcea0a31b77e50b26fa5220a9/detection

http://180.215.195.245
180.215.195.245:345

# Reference: https://www.virustotal.com/gui/file/71d580014557077b64e30368e92d2a4d66a1614e48089309a820113c5e17be86/detection

http://114.117.203.187
114.117.203.187:65529
fuck.crycat.cn

# Reference: https://www.virustotal.com/gui/file/9fdd518792033d7e3afadf380d4a9cdd8509412f83fe0f41a7564aac594e6368/detection
# Reference: https://www.virustotal.com/gui/file/b6d0e4b235529f16d4da13dfefd8152d887701ceadf7db1ff4cda3cf808d74e5/detection

http://116.62.211.79
116.62.211.79:8080

# Reference: https://www.virustotal.com/gui/file/f50edae1f68c367509dc452807177560269254550c75f86e0bff6afc335828aa/detection

http://47.92.198.186
47.92.198.186:8000

# Reference: https://www.inde.nz/blog/different-kind-of-zoombomb

95.179.138.181:443

# Reference: https://www.virustotal.com/gui/file/4833151d3f8e368c0d906c5b8445eb64bec4bcfd6ace9b6298df1102031deb83/detection

108.177.235.180:443
feedback.safeyoke.com
mail.safeyoke.com

# Reference: https://www.virustotal.com/gui/file/02e690d89d168cb9debb92e327e7cc112173a0fc35ee5c397af2bb02a3d07009/detection

108.177.235.180:8080
onlineceoshelp.com

# Reference: https://www.virustotal.com/gui/file/902b4ccecc8950d55ec7eaa5d6c5ac340839ae0b7daccbe3c4462d0b900ef057/detection

waystamp.com

# Reference: https://twitter.com/ESETresearch/status/1388226330274185218

graveftp.com
testsubnet.com

# Reference: https://beta.shodan.io/host/45.227.253.66
# Reference: https://www.virustotal.com/gui/file/232a5fe454c9537ddea265d805d1daa8e016b1ed30cd2ebde7feb12f866f5608/detection

http://45.227.253.66
45.227.253.66:3389
45.227.253.66:443

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/45.32.237.223

45.32.237.223:22
45.32.237.223:443
45.32.237.223:50050

# Reference: https://twitter.com/TheDFIRReport/status/1389595672635183109
# Reference: https://beta.shodan.io/host/45.76.49.68

http://45.76.49.68
45.76.49.68:22
45.76.49.68:50050
45.76.49.68:8888

# Reference: https://twitter.com/TheDFIRReport/status/1389927870093434882

data-akamai.com
gccgle-update.com
mailvivre.eu
microsoftchina.org
chrome.gccgle-update.com
pnt.data-akamai.com

# Reference: https://www.virustotal.com/gui/file/0911906cb29dd5ce6c118e86ee63b466dfe851d5f210b4e885c70d25a1429515/detection

http://158.247.209.125
158.247.209.125:5445

# Reference: https://www.virustotal.com/gui/file/2636690045d4ce3055ddc35859da3c282184c559dab9b8954d93e35dbc5d97f4/detection

http://39.105.143.130
39.105.143.130:8033

# Reference: https://www.virustotal.com/gui/file/2cd54701feffb8f9206c7479ae00ae448c1d1138234e6b09f3426d83e4312932/detection
# Reference: https://www.virustotal.com/gui/file/d0e7f6fbb9cdbc931622c34871da88a8026e04c7d23c7bdc8adb5aa33101ba70/detection

http://139.60.161.89
http://185.70.187.185

# Reference: https://www.virustotal.com/gui/file/92a2f90d24f96b761bbdeeb4961eca84a6d7cf74f5fe97cccdae3bd280f8f5eb/detection

139.60.161.89:223

# Reference: https://www.virustotal.com/gui/file/af0f97000b9e7c440b9dd031c689513a946b04942133a35b6bdccce5c23ca7ac/detection

updatesecurity64win.org

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/161.35.189.140

161.35.189.140:22
161.35.189.140:443
161.35.189.140:50050

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/185.141.24.100

http://185.141.24.100
185.141.24.100:22
185.141.24.100:25
185.141.24.100:443
185.141.24.100:50050

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/185.70.184.85

http://185.70.184.85
185.70.184.85:22

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/193.149.161.252

http://193.149.161.252
193.149.161.252:22
193.149.161.252:443

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/202.182.107.227

http://202.182.107.227
202.182.107.227:22
202.182.107.227:53

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/23.83.237.106

http://23.83.237.106

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/38.135.104.133

38.135.104.133:22
38.135.104.133:443

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/38.135.104.134

38.135.104.134:443

# Reference: https://twitter.com/TheDFIRReport/status/1390278924442103808
# Reference: https://beta.shodan.io/host/95.179.153.30

http://95.179.153.30
95.179.153.30:443

# Reference: https://twitter.com/BushidoToken/status/1390429756500361216
# Reference: https://www.virustotal.com/gui/file/042800c588d19e1fb4ed300ed27813c3a6b40b90194542b2b19d1f2c279cf906/detection

http://193.161.193.99
193.161.193.99:49038

# Reference: https://www.virustotal.com/gui/file/6d374f35b2d04caa136a8ca2e0dcbdf1030e145ad144cbf2c01f583a95e494ea/detection

0fflce.xyz

# Reference: https://twitter.com/z0ul_/status/1390378519163805700

support.ozonsale.org

# Reference: https://www.virustotal.com/gui/file/339c7ac759b7ef0ab8e2a9434f53fcd212786575b08b4b41687ab10fdcf2c502/detection

http://95.181.157.170

# Reference: https://www.virustotal.com/gui/file/5412e3dbf70d4ddc643ed2cff35793a8b0365fa2e5cd110f36c15d8e94e2f036/detection

195.161.62.228:443

# Reference: https://twitter.com/TheDFIRReport/status/1390652638513926144
# Reference: https://beta.shodan.io/host/23.108.57.148

23.108.57.148:443
23.108.57.148:8080
23.108.57.148:8888

# Reference: https://twitter.com/TheDFIRReport/status/1390652638513926144
# Reference: https://beta.shodan.io/host/23.108.57.209

http://23.108.57.209
23.108.57.209:443
23.108.57.209:8080
23.108.57.209:8888

# Reference: https://twitter.com/TheDFIRReport/status/1390652638513926144
# Reference: https://beta.shodan.io/host/23.108.57.31

http://23.108.57.31
23.108.57.31:443
23.108.57.31:8080
23.108.57.31:8888

# Reference: https://twitter.com/TheDFIRReport/status/1391754907405983749
# Reference: https://www.virustotal.com/gui/file/2263c94bab6f581d6d5e622b6d6676d4b0e2f9b216172cf9af7a2fc3717ca6fa/detection

asaicell.com
micosoftupdate.cf
synergiedental.com
dns.micosoftupdate.cf
test.asaicell.com
update.asaicell.com

# Reference: https://twitter.com/TheDFIRReport/status/1391803972789415938
# Reference: https://beta.shodan.io/host/149.28.233.75
# Reference: https://www.virustotal.com/gui/file/72d5a56422eee03895507db42ffae2216127c2f07be842690fdde5772e272e6e/detection

http://149.28.233.75
149.28.233.75:443

# Reference: https://twitter.com/TheDFIRReport/status/1391803972789415938
# Reference: https://beta.shodan.io/host/178.32.123.156

http://178.32.123.156
178.32.123.156:22
178.32.123.156:3790
178.32.123.156:443
178.32.123.156:50050
178.32.123.156:8099

# Reference: https://twitter.com/TheDFIRReport/status/1391803972789415938
# Reference: https://beta.shodan.io/host/199.166.209.139

199.166.209.139:443

# Reference: https://twitter.com/TheDFIRReport/status/1391803972789415938
# Reference: https://beta.shodan.io/host/45.135.135.96

http://45.135.135.96
45.135.135.96:22
45.135.135.96:50000

# Reference: https://twitter.com/TheDFIRReport/status/1391803972789415938
# Reference: https://beta.shodan.io/host/45.77.117.252

http://45.77.117.252
45.77.117.252:22
45.77.117.252:443
45.77.117.252:444
45.77.117.252:8443

# Reference: https://twitter.com/TheDFIRReport/status/1391803972789415938
# Reference: https://beta.shodan.io/host/79.141.165.44

http://79.141.165.44

# Reference: https://twitter.com/bryceabdo/status/1391815365462831107
# Reference: https://www.virustotal.com/gui/file/4f26b122ed6f329fbdc926c99d321fccb65d0eab7146e9ad8a42edafbf7c5bfa/detection

wanelandorc.com

# Reference: https://www.virustotal.com/gui/file/c09a99d9cbaaba7fbbf57c9348f1eb6d1776a86621fc0fb8106c2147b112b011/detection

3.142.167.4:19088

# Reference: https://twitter.com/h2jazi/status/1391904001847857153
# Reference: https://www.virustotal.com/gui/file/c7f3d2d584d63445742e5e627e36945014b77e67624e069fc8d13114ea0822e2/detection

http://176.10.125.23
176.10.125.23:8000

# Reference: https://www.virustotal.com/gui/file/0d1f958f776fe22f8f991adec81981a80728584bf4694c65f155464a5e7503ab/detection

aaa.stage.820759.politica.foiha.com.br

# Reference: https://www.virustotal.com/gui/file/75a46605f32a3df77b66c99b4ef44510bbff5a0fb6ec42b540b53dc606cddb50/detection
# Reference: https://www.virustotal.com/gui/file/d926fbdb1ceb6fecffb9160197271777bd086907bdffd12990a364823ff123bb/detection

74.121.148.47:443

# Reference: https://twitter.com/mojoesec/status/1392180045616144387

digitadvance.com
googleupdt.com
security-desk.com
waf-update.xyz
updt.googleupdt.com

# Reference: https://twitter.com/mojoesec/status/1390378348732428289

fast885.xyz
tafobi.com
vinayik.com

# Reference: https://twitter.com/mojoesec/status/1389289398513061892

dimuyum.com
displaychecks.com
killsecuritybusiness.com
knotsecuritybusiness.com
madesecuritybusiness.com
risetomoon.com
ropesecuritybusiness.com
securitybusinessmean.com
ticksecuritybusiness.com

# Reference: https://www.virustotal.com/gui/file/f15ececb712356718eb020408ca7003d019dd6a87b3e3110122b2ab4eff04de4/detection

194.26.25.131:443

# Reference: https://www.virustotal.com/gui/file/e5ea984f8a3e17e229abc959aeefb53114ff6ec703300b36dc66dc28f6adf1d9/detection

http://42.193.229.33
42.193.229.33:12342

# Reference: https://www.virustotal.com/gui/file/f69e938e3f630789f840266c7a6c8da391a4a01db7de9a7b2f6ab9edc2c18edb/detection

42.193.229.33:12343

# Reference: https://www.virustotal.com/gui/file/0c2c2e2d3124e8966c8e1c7ec1555e0f1a362d487e5f3871ddf1db174a0e2345/detection

http://46.29.167.138
46.29.167.138:1234

# Reference: https://www.virustotal.com/gui/file/d624c353b8e42e6358aedefd83face1a9793823734f06e5844851d311c28becb/detection

http://103.117.156.102
http://203.131.208.34
203.131.208.34:36963

# Reference: https://www.virustotal.com/gui/file/9214d4c1c0aec47306adcdaca567a1c32d90575e32f9d381b9d440656f09e953/detection

dimentos.com

# Reference: https://www.virustotal.com/gui/file/e54f38d06a4f11e1b92bb7454e70c949d3e1a4db83894db1ab76e9d64146ee06/detection

http://192.99.178.145

# Reference: https://www.virustotal.com/gui/file/838db95190b3bf78d039b8b657d3aa710fb1de9102a58dbc32e41f6065a13745/detection

http://192.99.250.3
powelin.com

# Reference: https://www.virustotal.com/gui/ip-address/192.95.16.237/relations
# Reference: https://www.virustotal.com/gui/file/fe400f558111e22e8923b2938f0bcc085fc8050b029191491d138cc45c3f1bbf/detection

http://192.95.16.237
awesents.com
mostwales.com
retromesh.com

# Reference: https://twitter.com/TheDFIRReport/status/1392443475283562496

ilimennt.com
jocinet.com

# Reference: https://twitter.com/kyleehmke/status/1392503629156868099
# Reference: https://twitter.com/kyleehmke/status/1395691173382180865
# Reference: https://www.virustotal.com/gui/file/6a0652db47f8eac8b2d26e99d6b9aded6a770056864963d1607c04990bc7bc7c/detection
# Reference: https://www.virustotal.com/gui/file/cea83b7ce9f1e1b2f68895f4f62dc3ccf9df676392c176dfa120f1999b3f41b1/detection

dalfana.com
donaids.com
dristare.com
fedmer.com
forenam.com
gorilen.com
jopinga.com
kiromas.com
liojikd.com
lioneci.com
pijoms.com
tristare.com
uliconp.com

# Reference: https://twitter.com/mojoesec/status/1392568977025552391

yisimen.com
zokotej.com

# Reference: https://twitter.com/bryceabdo/status/1392463185278611458
# Reference: https://www.virustotal.com/gui/file/dfebb9ccc540535f429986b6c9fa8403a666919241a7d69d1f44abab6f855b54/detection

aphapt.com
broape.com
cinondo.com
eishyl.com
emptre.com
fesked.com
holerd.com
horvace.com
irapae.com
irehor.com
locoore.com
marrefy.com
mlliew.com
pecroe.com
pelensa.com
piecks.com

# Reference: https://www.virustotal.com/gui/file/85e44c1ee3f362ab35834768cb3b56537f1918d4d5e1b8653d8df3d6d4d9de03/detection

http://81.254.244.123
81.254.244.123:8443

# Reference: https://www.virustotal.com/gui/file/4c391b51683458cf3a5d16c35f3e65d112ea221607cfe86df25426d2356e665b/detection

42.193.220.214:443

# Reference: https://www.virustotal.com/gui/file/49d1d54ad8ef7363b4f33f34ec3023a95bcb44e3ef98187f598097fae651bb30/detection

34.92.237.17:443

# Reference: https://www.virustotal.com/gui/file/e5863807d7150a1a51410b7309ad8ae6982b17821ba2fe91107ccb8fb3ee8c84/detection

http://34.92.237.17
34.92.237.17:6666

# Reference: https://twitter.com/mojoesec/status/1392557815873552384

healthcareclubdb.com

# Reference: https://www.virustotal.com/gui/file/0f63c1dc172742fa1abc4304ee6b146476a9cf08eb4e7ab627c27b279872c302/detection

158.247.227.190:443

# Reference: https://twitter.com/Unit42_Intel/status/1392174941181812737
# Reference: https://www.virustotal.com/gui/ip-address/62.128.111.176/relations

62.128.111.176:443
akastat.app

# Reference: https://www.virustotal.com/gui/file/de71b828a8f41ae3b79f6b7b7445749b8dbbc5b696401357fe2df09a71afcad2/detection

39.98.121.215:8088

# Reference: https://www.virustotal.com/gui/file/16a6e311f092f6809e31ddd00f3684c1ea07558fde9cb20350fa5f8105309e67/detection

http://118.195.173.192
118.195.173.192:7897

# Reference: https://twitter.com/mojoesec/status/1393284558750093316

fedmer.com
www-360-update-com.tk

# Reference: https://www.virustotal.com/gui/file/45bdccfb6524b3377cc30a2e6f035f17e6dcfb9b3b38dff3c49d1f1d03edec1e/detection

104.21.70.98:8880
bad.yoxxx.tk

# Reference: https://www.virustotal.com/gui/file/de222afcc17dd320be828472e5d9fb220768bb0a56de4601f8a1339fd0dd69f7/detection

81.69.185.249:82

# Reference: https://www.virustotal.com/gui/file/8293dcede6163207b7015ac34c7a2be2b736605dfeaac43e3b814331b1d0d6a4/detection

81.69.185.249:990

# Reference: https://www.virustotal.com/gui/file/a2afd31e6916684696b0274d66d56b5f13eec84aaf6cc7e6ac7a791d02410e9c/detection

http://81.69.185.249
81.69.185.249:5555

# Reference: https://www.virustotal.com/gui/file/7e494bcebd54b22385776c3728ff1ee56aed5832507ab93dcab84255ad0dfb32/detection

8.134.59.91:19443

# Reference: https://www.virustotal.com/gui/file/0f87270aa69bb8fff1c4831c9ba6ed409142f3bf30576c1ee65f696767cee661/detection

103.234.72.15:8222

# Reference: https://www.virustotal.com/gui/file/c461cd6dc8fea8c2770544721cac87f80dad9e52cab214e3e0c14c8c4b0c25f9/detection

teste.renatoborbolla.work

# Reference: https://www.virustotal.com/gui/file/53fc45a0cd1ce21a36fec4139560197337905ea06c03af7c8e411fefe04de7cd/detection

bob.renatoborbolla.work

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/142.93.145.246

http://142.93.145.246
142.93.145.246:22
142.93.145.246:443
142.93.145.246:5985

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/185.90.137.153
# Reference: https://www.virustotal.com/gui/file/0132972299bf53c635842bea1176e365c00f1c306ea40197b0a858f0efd57f73/detection

http://185.90.137.153
185.90.137.153:22
185.90.137.153:443
185.90.137.153:50050

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/194.147.115.109

http://194.147.115.109
194.147.115.109:22
194.147.115.109:50050

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/3.236.6.33
# Reference: https://www.virustotal.com/gui/file/aab46b3f7e382b41a80fed38c01592844ab0783ed13f63cd67496c04212c9e98/detection

http://3.236.6.33
3.236.6.33:22
3.236.6.33:50050

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/3.250.92.212

http://3.250.92.212
3.250.92.212:22
3.250.92.212:443

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/3.65.21.83

http://3.65.21.83

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/35.164.169.182

http://35.164.169.182

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/35.200.22.83

http://35.200.22.83
35.200.22.83:50050
35.200.22.83:8001
35.200.22.83:9200

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/40.89.185.49
# Reference: https://www.virustotal.com/gui/file/f2b68edf011311b15bef4263dbdbd88cd9952ac29c3e8135c745c9814ed955b5/detection

http://40.89.185.49
40.89.185.49:22
athena.francecentral.cloudapp.azure.com

# Reference: https://twitter.com/TheDFIRReport/status/1392826968530378760
# Reference: https://beta.shodan.io/host/46.166.161.68

46.166.161.68:22
46.166.161.68:443

# Reference: https://twitter.com/malware_traffic/status/1393314766928728072
# Reference: https://www.malware-traffic-analysis.net/2021/05/13/index.html

http://103.207.42.11

# Reference: https://www.virustotal.com/gui/file/fac09efd72064db12a2d44de997f1f5179c7363e1c1a5162ffa437544df3c03c/detection

124.71.1.61:443

# Reference: https://www.virustotal.com/gui/file/bc4c0e50a9067f6a7a3712b10db69f22e9f95e3f9c28dcfe41589ec431c958b6/detection

213.252.244.114:443

# Reference: https://www.virustotal.com/gui/file/c33e56466fa40f32470ef5443d3965658efb8da452014200d5e7561ebf768212/detection

213.252.244.114:53

# Reference: https://www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust

http://213.252.244.114

# Reference: https://www.virustotal.com/gui/file/af45326317a44f4d5a224b1b0dd6f56fb804aeb67606b654a7fff338a97fb8f5/detection

kh2.sentrysource.com

# Reference: https://www.virustotal.com/gui/file/89aafd2448ea64e2897849668311d6995850a06a3665f70767fd8409e493b273/detection

aj.sentrysource.com

# Reference: https://www.virustotal.com/gui/file/e365ed16da8b9690fe6f657d8cd54040163f66487d48a92deaf1fa22ff0821fd/detection
# Reference: https://www.virustotal.com/gui/file/f3990a51a65f3977a556129fab8ccb01605c916f293c0519ae11c8720074f88e/detection

tr1.accountsync.net

# Reference: https://twitter.com/TheDFIRReport/status/1394257640851640323
# Reference: https://beta.shodan.io/host/185.206.146.132

185.206.146.132:8443

# Reference: https://twitter.com/TheDFIRReport/status/1394257640851640323
# Reference: https://beta.shodan.io/host/18.133.129.215

18.133.129.215:443

# Reference: https://twitter.com/TheDFIRReport/status/1394257640851640323
# Reference: https://beta.shodan.io/host/192.81.215.215

http://192.81.215.215
192.81.215.215:443

# Reference: https://twitter.com/milkr3am/status/1394277180197146638
# Reference: https://beta.shodan.io/host/23.108.57.245

23.108.57.245:443
23.108.57.245:8080
23.108.57.245:8888

# Reference: https://twitter.com/milkr3am/status/1394277180197146638
# Reference: https://beta.shodan.io/host/23.108.57.31

http://23.108.57.31
23.108.57.31:1433
23.108.57.31:443
23.108.57.31:8080
23.108.57.31:8888

# Reference: https://twitter.com/milkr3am/status/1394277180197146638
# Reference: https://beta.shodan.io/host/45.138.172.91

http://45.138.172.91
45.138.172.91:443
45.138.172.91:8080
45.138.172.91:81
45.138.172.91:8888
classworldint.com

# Reference: https://twitter.com/milkr3am/status/1394277180197146638
# Reference: https://beta.shodan.io/host/204.16.247.224

204.16.247.224:8888

# Reference: https://twitter.com/milkr3am/status/1394277180197146638
# Reference: https://www.virustotal.com/gui/ip-address/204.16.247.35/detection

http://204.16.247.35
204.16.247.35:22
204.16.247.35:443
204.16.247.35:8080
204.16.247.35:8888

# Reference: https://www.virustotal.com/gui/file/25d2b59ef9604deab4780db1ce997f966f81f79af96e10926c939322d6607ce7/detection

http://95.85.67.149
95.85.67.149:8808

# Reference: https://www.virustotal.com/gui/file/e69ae9ddb63d539af4badb45ebc2f2d9a4304b8decb00a168ead82d17f201e53/detection

101.32.44.22:4444
yaunfang.a.qianxin.com

# Reference: https://www.virustotal.com/gui/file/7a5477ef0479337f48a8e30808be1d481491c3e79db1aeb22deff1bddc2dcf4c/detection

101.32.44.22:6666

# Reference: https://twitter.com/malwrhunterteam/status/1394737188324233226
# Reference: https://www.virustotal.com/gui/file/b48195755156cdc60048fb90662895b6bd66f17f6d38fe3500f31c065ab83662/detection

ichunqiuqax.tk

# Reference: https://twitter.com/mojoesec/status/1394743529109401600

akabox.tech
kizuho.com
mountanewaterflow.com
eduhk.studiteroom.email

# Reference: https://www.virustotal.com/gui/file/d67baca49193bd23451cca76ff7a08f79262bf17fb1d8eb7adaf7296dca77ad6/detection

olhnmn.com

# Reference: https://www.virustotal.com/gui/file/a79118a97ac4532ac3ea76b6151d5b87eb644429c0665350ae368a9db70cebc2/detection

http://74.50.60.96

# Reference: https://www.virustotal.com/gui/file/b504e6877706650aadf34ce91f1ace066fb01594395ab33b2c201735fa1850b0/detection

74.50.60.96:443

# Reference: https://www.virustotal.com/gui/file/f2154b3b892cad3089cfbd9bc1e729a512f18053cd72617a586ea14c47f20c03/detection

173.199.115.116:443

# Reference: https://www.virustotal.com/gui/file/9a340765cf91e1f38bda6650255341a71ce6c89fffb9ba49eb6e02b374b488a6/detection

173.199.115.116:8080

# Reference: https://www.virustotal.com/gui/file/4617e345efd96f44e997334efd3ffbdf0ed5a0aca8ec2328173d0f23a0b3d7fd/detection

lsass.cloud

# Reference: http://www.intel471.com/blog/cobalt-strike-cybercriminals-trickbot-qbot-hancitor

http://164.90.173.158
http://172.105.253.97
http://185.172.129.132
http://192.95.16.245
http://37.1.211.126
http://45.136.113.10
http://45.138.27.44
http://45.170.245.190
http://45.176.188.137
http://66.165.240.211
http://74.121.191.2
http://74.50.60.96
http://80.92.205.9
http://82.117.252.78
45.136.113.10:443
80.92.205.9:443
activedirectorysearch.com
lionpick.com
persoonlijknab.com
saferem.com

# Reference: https://beta.shodan.io/host/139.9.234.13
# Reference: https://www.virustotal.com/gui/file/6a55e6ff596c3324ab22512ceb1bb40a53d45a01a04ef18b3ef50e2a00438082/detection

http://139.9.234.13
139.9.234.13:33:1099
139.9.234.13:22
139.9.234.13:3377
139.9.234.13:50050
139.9.234.13:81

# Reference: https://www.virustotal.com/gui/file/c7ad337016c1ca6dbdb49b1c74037da78771f15486ae2dd82ef9a8bbfc4c5f68/detection

http://149.129.36.153

# Reference: https://www.virustotal.com/gui/file/05564ccee07f94b2933232abdacf3513acf1f4eeed7381fcaf7df0f99a75fe33/detection

149.129.36.153:443

# Reference: https://beta.shodan.io/host/135.125.173.112
# Reference: https://www.virustotal.com/gui/file/acf2cc33b21fa05a67de08644b7c3e88ff27b370c85d94520661ca6133393020/detection
# Reference: https://www.virustotal.com/gui/file/032ab1b5e87b1fcd54db0c396278387db10889a8249c253802221e66c6032fdc/detection

http://135.125.173.112
135.125.173.112:135
135.125.173.112:22
135.125.173.112:443
135.125.173.112:445
135.125.173.112:50050

# Reference: https://www.virustotal.com/gui/file/b4d80de02112857048240f17bfcf5d0d56800ffdaf6551f4d42b7fe3e1a90581/detection

http://121.196.62.22
121.196.62.22:3333

# Reference: https://www.virustotal.com/gui/file/844f891f338bcde305546fb85d97ac01bfd2c4db663ce779e6048307af5085f5/detection
# Reference: https://www.virustotal.com/gui/file/f769be4a0f21e494186c380bb67a266964b4276bb008d1050608c69a6ee20e89/detection

http://47.96.251.184
47.96.251.184:8083

# Reference: https://www.virustotal.com/gui/file/127f483b5915362a1f762f5c4b0ebd3b407c6834aeff1cdb8484b5d7bb8374f5/detection

http://101.132.222.58
101.132.222.58:9890

# Reference: https://www.virustotal.com/gui/file/2b99c11cea6e79bbc9ebc5005c4329cbe5f73a0b7ad40e332199863ca21582df/detection
# Reference: https://www.virustotal.com/gui/file/b829d6d0c308683efa3573401c59e3484c46e9f25633062c32cb7abc99e4f288/detection

http://182.254.131.196
182.254.131.196:20051
182.254.131.196:20052

# Reference: https://www.virustotal.com/gui/file/60779a05515e2463e58c3618061329714423814054e759c6f9fee14746d2bbe2/detection

http://121.40.98.16
121.40.98.16:33152

# Reference: https://www.virustotal.com/gui/file/42629ba3472ef429378d111dd77306a2b70c36d33457c80bbfa7553b4c3917eb/detection

http://8.141.54.214

# Reference: https://www.virustotal.com/gui/file/46d086c20e6dce72d7f17a1ccb78b2651cb3ffabaca659fcd56ae4a5ccab2ddc/detection
# Reference: https://www.virustotal.com/gui/file/493fcec1cd82ee3b8cc69b1444546a853e84e61f4b030903636814e3386c278f/detection

172.67.160.78:2086
service.microsoft-us.ml

# Reference: https://www.virustotal.com/gui/file/edff78aec5cfb6b84bb528529e4192f4ba7689ca2b416781e32ec603d78b5a5c/detection

http://1.14.150.132
1.14.150.132:61234

# Reference: https://twitter.com/malware_traffic/status/1395522304575221765
# Reference: https://www.malware-traffic-analysis.net/2021/05/20/index.html

http://80.209.242.9

# Reference: https://www.virustotal.com/gui/file/d198c4d82eba42cc3ae512e4a1d4ce85ed92f3e5fdff5c248acd7b32bd46dc75/detection

http://45.121.146.88

# Reference: https://twitter.com/malware_traffic/status/1395118996278685696

http://191.101.17.13

# Reference: https://www.virustotal.com/gui/file/35f992c0e7f600200bfc1ee240a82031f9a033cdf405623be5b267716cf9b388/detection

http://119.45.171.202

# Reference: https://www.virustotal.com/gui/file/a5351fe7f79a88869b314f0ca77516632a2d66b601e1d1e6bbe3dddea3c18c32/detection

119.45.171.202:443

# Reference: https://www.virustotal.com/gui/file/56c5d425110353f16b72f0027051856a0497d51e53d29f201ae6c0b3bcb4eb6d/detection

119.45.171.202:8443

# Reference: https://www.virustotal.com/gui/file/0e10ccffe3e75c999e842baa3c7ff4229832702f288bd238f4190bb930c66150/detection

dragonisthebest.tk

# Reference: https://twitter.com/AepEap/status/1395271021696110598
# Reference: https://beta.shodan.io/host/141.164.62.81
# Reference: https://beta.shodan.io/host/160.16.208.58
# Reference: https://beta.shodan.io/host/198.98.62.191
# Reference: https://beta.shodan.io/host/83.169.3.55
# Reference: https://www.virustotal.com/gui/file/408a3ebea3b9b3cd1eeb99eb4fabf3f2fb6d0d0b40df6cf4b1c20286df23df5f/detection
# Reference: https://www.virustotal.com/gui/file/248d6b5e74d21a2bc3963faf085f80c9bcfa32c0719f3e5e5371d365e8892468/detection
# Reference: https://www.virustotal.com/gui/file/d7ede69b96bd482cfaeffe0ee582b23f507a46237070c75c3b711d0be716538b/detection
# Reference: https://www.virustotal.com/gui/file/23df4aba9536b2ea8de3bc5035f87dfe7698e7cae6400068b15d305c1e147d18/detection

http://160.16.208.58
http://168.138.137.235
http://37.61.205.212
http://83.169.3.55
141.164.62.81:443
160.16.208.58:443
160.16.208.58:4848
198.98.62.191:443
37.61.205.212:22
37.61.205.212:443
37.61.205.212:4848
37.61.205.212:5222
37.61.205.212:5269
37.61.205.212:8080
37.61.205.212:8443
37.61.205.212:8880
83.169.3.55:2087
83.169.3.55:21
83.169.3.55:22
83.169.3.55:25
83.169.3.55:3306
83.169.3.55:443
83.169.3.55:465
83.169.3.55:4848
83.169.3.55:53
83.169.3.55:587
83.169.3.55:7443
83.169.3.55:8080
83.169.3.55:8081
93.180.156.77:443
93.180.156.77:8082
google-images.ml
jquery-code.ml
lmgur.me
micsoftin.us
nfdkjbfwjakd.ml
symantecupd.com

# Reference: https://twitter.com/shabarkin/status/1396528370335236096
# Reference: https://beta.shodan.io/host/54.246.146.207

54.246.146.207:22
54.246.146.207:443
54.246.146.207:22:50050

# Reference: https://www.virustotal.com/gui/file/49c4d7eacd8d3cae5ac36eb50d1aef86dd396764b7c50963796b3e26d3a92300/detection

http://1.116.163.166
1.116.163.166:8443

# Reference: https://www.virustotal.com/gui/file/3ab8f34893365d47d286a11910790fb53968c6eacf528c31bbe9528251c81e47/detection

47.95.38.254:8099

# Reference: https://www.virustotal.com/gui/file/47b383df183f67995e97af66a5238a00578495d353599b4d5584875a772406a1/detection

18.181.251.75:50001
xiaokv.com

# Reference: https://www.virustotal.com/gui/file/f3add2b11294324a71c8c60ee1231d59f46b0bd1e3bb44bbf59d9f04cfd872fe/detection

http://216.250.248.88

# Reference: https://www.virustotal.com/gui/file/21468711cdf3c6fd106de9c27e736f175665aa2ff02a72b91526600d2b0f8193/detection

47.115.144.7:60000

# Reference: https://www.virustotal.com/gui/file/e722e0f367498fb06cdc6c81640dcc3d8ea2d50bc914fe5de2ff05bd94f33b2a/detection
# Reference: https://www.virustotal.com/gui/file/dbd79be835ce01368eed883482e3ab344647c7ad8e279a31fc05396bcb2777ae/detection

http://47.115.144.7
47.115.144.7:55555

# Reference: https://www.virustotal.com/gui/file/05c9e792d0286737238b3fbc40fe7d1ff0eb7de8002779ee137db0340c7c1089/detection
# Reference: https://www.virustotal.com/gui/file/dbd79be835ce01368eed883482e3ab344647c7ad8e279a31fc05396bcb2777ae/detection

http://159.75.1.146
47.115.144.7:55555
159.75.1.146:8888

# Reference: https://twitter.com/malwrhunterteam/status/1397519504180121608
# Reference: https://www.virustotal.com/gui/file/30135d616ca2776ba9d810dd58ad2611dba971b10aa974b74b934c6067114302/detection

virscan.xyz

# Reference: https://twitter.com/cyber__sloth/status/1397816848209567744
# Reference: https://app.any.run/tasks/de77f340-c1fa-46e6-be76-42fd0a49be21/
# Reference: https://otx.alienvault.com/pulse/60afece345be6dfd2a66ea3c
# Reference: https://www.virustotal.com/gui/file/ee44c0692fd2ab2f01d17ca4b58ca6c7f79388cbc681f885bb17ec946514088c/detection
# Reference: https://www.virustotal.com/gui/file/ee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330/detection

theyardservice.com
worldhomeoutlet.com
cdn.theyardservice.com
static.theyardservice.com

# Reference: https://twitter.com/sS55752750/status/1396802414267846658

vmware.center

# Reference: https://twitter.com/Unit42_Intel/status/1397566458775973889

antivirusupdaty.com

# Reference: https://www.virustotal.com/gui/file/c7df774cbda1b89288f48aa5c13d77f4993517befdd3447a274d731f23f4b6b5/detection

http://1.15.143.83
1.15.143.83:10080

# Reference: https://www.virustotal.com/gui/file/581c5d524bfb221682e736309d99774efb124a222285e65e8597a87a1e68d23f/detection

mstscr.com

# Reference: https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/
# Reference: https://otx.alienvault.com/pulse/60afabc561644068d15f3a54

wideri.com

# Reference: https://www.virustotal.com/gui/file/7c8da547a67012bac77b5dbde1569a2cf605fa8253a82822e018f4300cd08eed/detection

http://49.232.157.153

# Reference: https://www.virustotal.com/gui/file/8956b594287cd949f99046b4f37414ee30368e504f4e734a2904215e21c47718/detection

http://144.34.178.251
144.34.178.251:81

# Reference: https://www.virustotal.com/gui/file/d6484460a6f34e41e9dee34d8c85f9fddf540e7d6d9bc18807a38e70dafcdf81/detection

http://1.15.97.17
1.15.97.17:233

# Reference: https://www.virustotal.com/gui/file/9b7574cc8da7086e75691f594ef156d8cc094c07a6ff255cea805c8252bddb51/detection

http://39.98.109.178
39.98.109.178:6663

# Reference: https://www.virustotal.com/gui/file/bf14e33ff99d1f299e37c07c05903876cfa4eeb0fa2140ceed38176980e8d316/detection
# Reference: https://www.virustotal.com/gui/file/df1c641c64a06bd91b16c0af8152ee67695ea6f23437a786cf6c040b43f413b1/detection

http://47.114.124.175
47.114.124.175:8081

# Reference: https://www.virustotal.com/gui/file/f938c5336f27e52693c19428ee3dc08e573816e9b555c934910228f53d2c6aff/detection

http://144.34.171.198
144.34.171.198:88
47.93.244.8:443

# Reference: https://www.virustotal.com/gui/file/182a16f3b685cf2ee8844ce365c2b5006a846a1e96cf6a6c6400dab8dfd53d36/detection

http://116.62.162.107
116.62.162.107:34567

# Reference: https://www.virustotal.com/gui/file/01a6ff27f38756ae179d413010e6952a463afebd442c118ae6ac54faf977b611/detection

http://3.18.108.61
3.18.108.61:4444

# Reference: https://twitter.com/malwrhunterteam/status/1398199160843636736
# Reference: https://www.virustotal.com/gui/file/58f359e94a3cb33ab12be00411ac3ee7305cd3bea2c90f9fd8c29c1e77f5cf8c/detection

http://52.80.127.131
52.80.127.131:28080
mirrors.shuiditech.cn

# Reference: https://www.virustotal.com/gui/file/03bf348be8767d3c894cf02871c53958dc55fb7c73d0ab3bdb0d71691b39b627/detection
# Reference: https://www.virustotal.com/gui/file/4bb2976126daba0aecb401c94dc3e00ad7c8e935f4bdb57b48938f0299c9e1b8/detection

http://1.116.130.98
1.116.130.98:443
1.116.130.98:91

# Reference: https://twitter.com/malwrhunterteam/status/1398401609156202506
# Reference: https://www.virustotal.com/gui/file/159c9ba198b92a830fb6c0392af060d07eed5ac67ff457ccb4b15814c3cf6e2c/detection

file1sarutest1.s3-ap-southeast-2.amazonaws.com
k-t-gift.com

# Reference: https://www.virustotal.com/gui/file/4bcb34d1241c68d21e8b9f387abe10b46f046f31232ca6780e13ea45dc0d27dc/detection

http://5.199.162.3

# Reference: https://twitter.com/pmelson/status/1399111287070679040
# Reference: https://www.virustotal.com/gui/ip-address/41.225.102.189/relations
# Reference: https://www.virustotal.com/gui/file/a05debf4fc5b3d8e001499f116f6b367fe784f43c3d740054088499199adecb1/detection
# Reference: https://www.virustotal.com/gui/file/2e6f00c042252195a56764c343a9780836e9121c56563c8c168526584f0f7023/detection

41.225.102.189:6969
41.225.102.189:6996
catchmeifyoucan.mywire.org

# Reference: https://twitter.com/z0ul_/status/1399412855171080200
# Reference: https://twitter.com/z0ul_/status/1399413008120569856
# Reference: https://www.virustotal.com/gui/file/747ccac32630ea20a5ddf708a35ce32b6ac20a79c505f6431e6c287a273c96b1/detection
# Reference: https://www.virustotal.com/gui/file/83ecd5c6a17726d74985ccc5c09abba83bdf4b7547e806458775e49f83038458/detection

cybersecyrity.com

# Reference: https://www.virustotal.com/gui/file/081c370c6f2768faea3d4e4d8ed5e8e148110749a1925b7f4f6e87bbd66fda8b/detection
# Reference: https://www.virustotal.com/gui/file/b7675850b984bb8af6af8fdbba70a9b100d4d3c3fb4f09b02f143fff1008ac73/detection

http://106.75.240.154
106.75.240.154:6667
106.75.240.154:6668

# Reference: https://www.virustotal.com/gui/file/c0472af0f6e8563a56c29fc2c5ec3466f37f3c37b4a1ed2d009f10f967d20072/detection

http://101.200.178.253

# Reference: https://www.virustotal.com/gui/file/112108ee453cd9f96d3eb7b7f26338e819b34a05411ff8a826b5ccff675e8d18/detection

101.200.178.253:443

# Reference: https://www.virustotal.com/gui/file/00e42b44a60aaf08811e5ce636215b00bbb53ffeda1ba10c71674099b9c44a09/detection

http://118.25.61.35
118.25.61.35:12345

# Reference: https://www.virustotal.com/gui/file/ca653d7836c394623425edbb31979a927763340568410c8cded80a9e2db06ed6/detection
# Reference: https://www.virustotal.com/gui/file/bf318059b12ade8d0a02b0bdf561e6d270ac9cf0524b2683eac2a74eab42a92d/detection
# Reference: https://www.virustotal.com/gui/file/cacf4128f1d670b20144e2cb234bd9a5486f1518b8c07e419927aedddcbfca26/detection

http://81.70.56.208
81.70.56.208:56001
81.70.56.208:8990

# Reference: https://www.virustotal.com/gui/file/80df5cd6d8a567dd860aac6fd7ca5e62e428f670b123e47452be5f73cb39b66e/detection

64.69.57.211:443
aws-portal.org
bounce-back.us
fed-survey.org
federalresiliencyproject.com
gov-services.org
gov-survey.org
hr-resources.org
no-reply-info.com

# Reference: https://www.virustotal.com/gui/file/f2b04128060b491b89c6ee310251a38f62172064eb6535b6afd444cad0ef502d/detection

research-cohort.com

# Reference: https://www.virustotal.com/gui/file/a4f1f09a2b9bc87de90891da6c0fca28e2f88fd67034648060cef9862af9a3bf/detection

139.99.167.177:443

# Reference: https://www.virustotal.com/gui/file/750d393c904b3775a987665f9ffaf64582db214f192185e4e454e62c3d81cb40/detection

straxotechnology.com

# Reference: https://twitter.com/shabarkin/status/1399810290712186889

113.31.118.7:443
113.31.118.7:8888

# Reference: https://www.virustotal.com/gui/file/33448bcfcdd6f1e3dc5932197951feb74fa23002b751b1269063c2246b62bcf3/detection

113.31.118.7:8082

# Reference: https://www.virustotal.com/gui/file/a1eddd3e0b6223bdacc83d252103ec99cee691ec6b9740fc9eb4aafbb2d6227a/detection

http://113.31.118.7

# Reference: https://www.virustotal.com/gui/file/5e376156a863747a40f1669fdba0cc3deb03615ccccb7c6c00bd16d3443fe465/detection

http://43.255.38.142
43.255.38.142:50001

# Reference: https://www.virustotal.com/gui/file/a701008181a911fb7697b01e5ca4075c6612321aa8197e1ca85ad69e42722a94/detection

http://1.116.180.87
1.116.180.87:8005

# Reference: https://www.virustotal.com/gui/file/b9656ee807cd788186c03e2b6843c485bb8aed71c83c3f140f6e9005307d3c71/detection

http://104.160.40.127

# Reference: https://www.virustotal.com/gui/file/56c579d3877255ff78cc68814d0947487f2b1d6119b398424e83a42a92e71330/detection

104.160.40.127:81

# Reference: https://www.virustotal.com/gui/file/cda7c394278ba73cbb15eb088ff72f72d76df3a27bf7a3fc2359546806a01dda/detection

http://120.27.209.239

# Reference: https://www.virustotal.com/gui/file/4c8b46fb57ad40835db9cf8f0949956524b0218bc4140b804ce04e1bbd29ff8c/detection

39.107.46.219:8080

# Reference: https://www.virustotal.com/gui/file/5c6cb844285f2fc3da079c7818b46ad8f1d7f69566ec3d12dcf78942e676b55c/detection

81.69.255.153:1212

# Reference: https://www.virustotal.com/gui/file/b2514f9e00f01d842b221ae1487d3b907cf6f704dfcee7cec9f15131d1021c9b/detection

http://81.69.255.153
81.69.255.153:1570
immm.xyz

# Reference: https://www.virustotal.com/gui/file/08508c9c94e60b4f1f8a096ebec617ef652fdfb452bfe97d5b6cfaefa0c61f49/detection
# Reference: https://www.virustotal.com/gui/file/7047d5ae6bdc42e96eb2e431d88f4650c69c759292767a759c2b805bee4353fd/detection

http://1.15.152.71
1.15.152.71:9999

# Reference: https://twitter.com/malwrhunterteam/status/1400203496855687169
# Reference: https://www.virustotal.com/gui/file/5df8459173e72491a3376a91069574451660ad1c6acfb25eeea62cf01e48b01b/detection

mx.777888yuy.xyz

# Reference: https://www.virustotal.com/gui/file/3e9399357c09f9f6cfd2182fca9044273179d7f41c02a8aa0dfe5faef371d5ac/detection
# Reference: https://www.virustotal.com/gui/file/c9b3f32fd42e2ae15a0a83fa30fa4e0ce3e4b52aa41f82275a164d0d0ed75396/detection

certsbl.ddns.net

# Reference: https://www.virustotal.com/gui/file/8d3ca238e41997e21e39a358e8e057f9c4c2e8c6343178675ba1d095fc962dc2/detection

http://108.62.141.234

# Reference: https://www.virustotal.com/gui/file/3e5b2905b050e109a7879a360a7424510ef9b5b2937ed971829d6d1d37e60658/detection

149.28.28.87:8080

# Reference: https://www.virustotal.com/gui/file/4e4ea1ff5b669af7a0e1f24e3a1593640aa65d50b90db4f05d1c1bc43a8e05fc/detection

39.103.3.9:8080

# Reference: https://www.virustotal.com/gui/file/71b638c0876c8ea2571521080d2a819cab7bae2d6f816baf25c6e7a47480db74/detection

http://107.173.165.247
107.173.165.247:11111

# Reference: https://www.virustotal.com/gui/file/9f3220dea30e3570e1fca0dcfd688fed640340c745471ddc1fdc6dc5c28b6358/detection

47.99.168.203:7777

# Reference: https://www.virustotal.com/gui/file/2dc27a42edff5aa553875ea9f1a412ef7917ac2779fc295a22f5d0b4a1b09652/detection

47.99.168.203:9999

# Reference: https://twitter.com/VK_Intel/status/1400675190045093894
# Reference: https://twitter.com/malwrhunterteam/status/1399821918212038659
# Reference: https://otx.alienvault.com/pulse/60ba4f741e3b2b85285b0bb5

azurlink.net
bynatechnologies.org
citygov.net
dhsalert.com
gov-security.org
clinitechnical.com
credit-services.us
facilities-update.com
hrtiisolutions.com
sevecotechnology.com
statetesting.org

# Reference: https://twitter.com/malware_traffic/status/1400876426497253379

hesitatesecuritybusiness.com

# Reference: https://www.virustotal.com/gui/file/9fe421c2c07cc394664b0d440731191637a0ddbf00c7dc3ad9dfb544630cdc09/detection

82.156.30.233:28888

# Reference: https://twitter.com/z0ul_/status/1400893293240651776
# Reference: https://www.virustotal.com/gui/file/d8120a97d893e4e43f94f21bd89626141384ea5213bbb0738ef34b210b75eb0a/detection

firsino.com

# Reference: https://www.virustotal.com/gui/file/77b4ed06154f923320e5d2d659ec04d5daceb44561910120768cfb14e350482f/detection
# Reference: https://www.virustotal.com/gui/file/35dd2b81b7f0dbbe3321124dfea497e5a6a3168afea297a030026c78288aa4d5/detection

http://152.32.216.78
152.32.216.78:7777

# Reference: https://www.virustotal.com/gui/file/ed9fdbf3d34ef43662f289e2717c08ea12ee769bb45dec73c6c88164453e3faa/detection

123.207.20.180:10038

# Reference: https://www.virustotal.com/gui/file/501a32863b9941691e1b14ed59aa3cf1ac34d7c26c6bd329dc0979ef245892be/detection

123.207.20.180:10019

# Reference: https://www.virustotal.com/gui/file/144f737eedfefbd114a679c9ce3b7ce688289db1112cf23c3491a8fa9ff5ecc7/detection

123.207.20.180:2233

# Reference: https://www.virustotal.com/gui/file/04eacc43bccdefe6179b4791f987e7524a508b89a5d2fb68266669ed7a97186f/detection

123.207.20.180:10026

# Reference: https://www.virustotal.com/gui/file/af5485c6b7cbed6b0b1c215702dc439c0b5ba7591768d8811353e9c6fc9da212/detection

123.207.20.180:8888

# Reference: https://www.virustotal.com/gui/file/d2622b1253b99ebec9ea9939631f5d7dbab56b5c838cf52c2d95eed7b73838f5/detection

http://123.207.20.180

# Reference: https://www.virustotal.com/gui/file/59e39979b743f20c3fa2f2754cac5ac7abb9c019793893d4efcb23db9b69dbc3/detection

47.110.251.39:2333

# Reference: https://www.virustotal.com/gui/file/e174690b1b9ff4cc340a66d9c2388e0114b6bde2ee64ecc8cecd1a6048610633/detection

http://47.110.251.39
47.110.251.39:16000

# Reference: https://www.virustotal.com/gui/file/7a7580bb93bee95120f13afbcfd583892e65c9e449e482f4f3d7782cc0302f96/detection

47.110.251.39:7788

# Reference: https://www.virustotal.com/gui/file/a0f7b7de0fe239af1c4616196dfa224e4ce7d1b2e3b5af3cb52767df78d1d43d/detection

47.110.251.39:2222

# Reference: https://www.virustotal.com/gui/file/e61627d4179e36ec097c97cc14b83dbb8de8f5a206d72044fbee5ab8323a133f/detection

http://179.43.151.220
179.43.151.220:444

# Reference: https://www.virustotal.com/gui/file/80ab05d33549760640df5f529462af59de60f8f5bb7840c1da98d08e15c6dc7d/detection

http://49.234.22.59
49.234.22.59:51111
49.234.22.59:52052
detroylq.xyz

# Reference: https://www.virustotal.com/gui/file/eaf4689dc3b9e3c691e5e25f25a97a11d0a4cc1d696d523b8408fada773fc1bc/detection
# Reference: https://www.virustotal.com/gui/file/7dc4361db5ab9cd97d89c95bb7ab47f55963411097e7c900a0e21bd51098582b/detection

http://193.57.40.222
193.57.40.222:443

# Reference: https://www.virustotal.com/gui/file/56e251d6503a6323ca074abb2474adf933ce3b930b33ad0e73a5a6e2901a94ad/detection

http://152.89.247.139

# Reference: https://www.virustotal.com/gui/file/fa30e9bf33778402230b46211d573bb52256181b7c0f5a88558a0a1f276a534d/detection

oliverodevs.com

# Reference: https://www.virustotal.com/gui/file/21529eb162a91e1087be2ca006d6ad6f44ff17179980012f9aaf57a14d261838/detection

http://104.42.216.84

# Reference: https://twitter.com/mojoesec/status/1402707407072071682

wtegragaeg.tech

# Reference: https://twitter.com/RedDrip7/status/1402640362972147717
# Reference: https://www.virustotal.com/gui/file/3a34600201faac1dd440ac084c1fa238312a6f51c6500b814fd50197f600c3d5/detection

213.164.205.138:8989

# Reference: https://www.virustotal.com/gui/file/52957970addeeb82d86e181ae0e70cca23144a94ca78b6713c0081af850af93b/detection

ceburel.com

# Reference: https://www.virustotal.com/gui/file/662c194c2b30ed0736104e2e19baaf53a3c423aff48f4ba572cf256ee60bf520/detection

http://218.244.146.181
218.244.146.181:801

# Reference: https://www.virustotal.com/gui/file/2cffcd50062f187c1684fd47fb34218f6670f84ad0ed8046a9d40e1e32bcbe6a/detection
# Reference: https://www.virustotal.com/gui/file/52998b02ddd3f19fe7fb154deaeb3263ceb2341cd680f4f969cddcbf262e1381/detection

rtr02.archrodon.net

# Reference: https://www.virustotal.com/gui/file/3ed3815d4a8d426cf51738b833d33ef0a1c37364192a1074f2e79f8303709a1c/detection

http://101.37.13.22
101.37.13.22:65532

# Reference: https://www.virustotal.com/gui/file/81adcbae8b0a4be9b3046d7b472d157ecc4e05b3ad4acb08dad6222bc92ec118/detection

http://103.234.72.120
1.116.180.87:8888
103.234.72.120:7000

# Reference: https://www.virustotal.com/gui/file/d1be78b9b3ac6a1044814e9f4fd58a3042e5f56cc6a25fa1111579bc9dcfcc9b/detection

59.63.224.101:443

# Reference: https://www.virustotal.com/gui/file/92ad4b40cbf7d798c07891478acd949e17487bff99aedf6a2e7a9b3a8c650ba5/detection

http://59.63.224.101
59.63.224.101:11111

# Reference: https://twitter.com/mojoesec/status/1401989689381429253

explorerconfigurate.com
fogsshow.com
fredojf.com
gmbfrom.com
lanstier.com
sidfrom.com
winsecuritybusiness.com

# Reference: https://www.virustotal.com/gui/file/1039d881fbccec6733004d6d15612b0eb98491efe2b61894df410fb39778194e/detection

http://198.23.196.7
198.23.196.7:45678

# Reference: https://www.virustotal.com/gui/file/29e74d30320bf2132c7d8e8a5720f4666e70c820ad92eef5fbdb94e55180312f/detection

http://111.229.178.86
111.229.178.86:8099

# Reference: https://www.virustotal.com/gui/file/23087bf5ab7476181333f5a499ea7fd82a6d53f4e68bd818f4f1fb0ad7008991/detection

wechat-cdn.com

# Reference: https://twitter.com/cyb3rops/status/1403253268051107840

operaa.net

# Reference: https://www.virustotal.com/gui/file/4279d4bf1a30a633c7c7ce3d25fbae896fa2808988eb03915a312e6e906a5bb9/detection

8.136.4.15:443

# Reference: https://www.virustotal.com/gui/file/ff4ed0c2fcc475fb11bd40672d6c51a681869b9fb51459a65466029db5ee89bd/detection

8.136.4.15:9529

# Reference: https://twitter.com/mojoesec/status/1403072399860506638

cannstattraction.com
do1t.cn
microsoftupdatecdn.ml
securitybusinessgrey.com
waceko.com
check.microsoftupdatecdn.ml

# Reference: https://twitter.com/kyleehmke/status/1402948235497558019
# Reference: https://twitter.com/jaimeblascob/status/1402998738554032142

defenderupdateav.com

# Reference: https://www.virustotal.com/gui/file/85803af8f9024f3a07101c9f12b8300f92dce906395812f60fe38b22acebad26/detection

http://101.132.174.81
101.132.174.81:18887

# Reference: https://www.virustotal.com/gui/file/059bdc5b93b418a150e1cbf1f856abeeacdc6bacfc9ddce47c9192bb75509493/detection

http://81.71.75.78
81.71.75.78:50027

# Reference: https://www.virustotal.com/gui/file/2068c3f77ae5925e00d4a11afcb8fdd917678fa035ed1be87d52a7c81fc6334d/detection

47.100.244.87:10010

# Reference: https://www.virustotal.com/gui/file/24197e271f0a1ae404e7e136a4d79d4e90537c18b4c598bef0801e32ca63b8c0/detection

http://121.40.19.56
121.40.19.56:5443

# Reference: https://www.virustotal.com/gui/file/fcbf15a8c932aa749809057c1f96d82e94eeb180436aec89db035b7a0ec3b147/detection

http://114.96.104.177
114.96.104.177:7002

# Reference: https://www.virustotal.com/gui/file/28df2c830e88888705c6b630c5e68610f4bffc7f4dbd97de025f298816451c24/detection
# Reference: https://www.virustotal.com/gui/file/402bb772292139196b507b9c0efd219856338e3d7759f2fe80911d266e55f82c/detection

http://103.27.186.249
103.27.186.249:3219

# Reference: https://www.virustotal.com/gui/file/7d69c1cd5a1cffebd7995c03c654fa9a2acd16d3eadff5d592000c5df564511d/detection

http://118.195.180.134
118.195.180.134:55555

# Reference: https://www.virustotal.com/gui/file/67d9bc0f73359ac83f530800ce1f142a0340fc5c475b7eb5664fb5bd8387f5fa/detection

104.21.2.70:8443
zh.sb-gov.cf

# Reference: https://www.virustotal.com/gui/file/4e0c85aba627fc6b5fc92f365251c9bba6fce42eeceb6acf6158589e0fe535c0/detection

http://129.226.144.212
129.226.144.212:11118

# Reference: https://twitter.com/malwrhunterteam/status/1403356371966435335
# Reference: https://www.virustotal.com/gui/file/973dea6f20f60b15174bca6c95d19258a5e438063bef6a25d14b20df8bb6e980/detection

http://122.10.48.212
122.10.48.212:9090

# Reference: https://twitter.com/bryceabdo/status/1403362134487097355

alfanalytic.com
asdstatistic.com
cosmstat.com
statislog.com

# Reference: https://twitter.com/mojoesec/status/1403417437190725634

bideluw.com
fluentauto.com

# Reference: https://twitter.com/mojoesec/status/1403417258181988352

antivirusbitdefender.com
healthsystemofcs.com
hubojo.com
krinsop.com
securityupdateav.com

# Reference: https://twitter.com/TheDFIRReport/status/1403031768211636224
# Reference: https://twitter.com/TheDFIRReport/status/1402958733869682691
# Reference: https://beta.shodan.io/host/100.25.133.192
# Reference: https://www.virustotal.com/gui/file/61ef83253938daa8529363150ea7edb3f73b701c6322f5b5cf4ae5e5e0e460a9/detection

http://100.25.133.192
100.25.133.192:443

# Reference: https://beta.shodan.io/host/104.131.13.57

http://104.131.13.57
104.131.13.57:22
104.131.13.57:443
104.131.13.57:5000
104.131.13.57:50050
104.131.13.57:8080

# Reference: https://beta.shodan.io/host/146.185.214.82

http://146.185.214.82
146.185.214.82:22
146.185.214.82:444

# Reference: https://beta.shodan.io/host/149.154.152.4

149.154.152.4:22
149.154.152.4:443
149.154.152.4:445

# Reference: https://beta.shodan.io/host/170.130.55.116

http://170.130.55.116

# Reference: https://beta.shodan.io/host/172.105.98.55

http://172.105.98.55
172.105.98.55:22

# Reference: https://beta.shodan.io/host/179.60.150.31

http://179.60.150.31
179.60.150.31:443

# Reference: https://beta.shodan.io/host/185.120.14.26

http://185.120.14.26
185.120.14.26:22
185.120.14.26:443
185.120.14.26:8080

# Reference: https://beta.shodan.io/host/185.145.148.144
# Reference: https://www.virustotal.com/gui/file/53fd2cb853d5bfd048898844905c036f82ed7547a31d7f7b5877c83cc6b2dbb8/detection

http://185.145.148.144
185.145.148.144:22
185.145.148.144:443
185.145.148.144:50050

# Reference: https://beta.shodan.io/host/185.158.250.117
# Reference: https://www.virustotal.com/gui/file/20dbc22c11dac62952742bee36e81d75c2b9e86c4f98f561d98a68579410bf83/detection

http://185.158.250.117
185.158.250.117:22

# Reference: https://beta.shodan.io/host/185.162.235.196
# Reference: https://www.virustotal.com/gui/file/f1666d95fae49640f547b31ef58a17fb6778c57cfe41de030abe3f45b7a38cef/detection

http://185.162.235.196
185.162.235.196:3389
185.162.235.196:443

# Reference: https://beta.shodan.io/host/192.210.198.13

http://192.210.198.13
192.210.198.13:22
192.210.198.13:443
192.210.198.13:8080

# Reference: https://beta.shodan.io/host/193.200.134.67

http://193.200.134.67
193.200.134.67:1723
193.200.134.67:22

# Reference: https://beta.shodan.io/host/198.252.99.111

http://198.252.99.111
198.252.99.111:22
198.252.99.111:443

# Reference: https://beta.shodan.io/host/206.166.251.174
# Reference: https://www.virustotal.com/gui/file/1fc4c5ee4a2d6c61c098e438c8907829ec09615dedebd5da65a8a2c1cfc54837/detection
# Reference: https://www.virustotal.com/gui/file/cdb1572e1618e3b6143c5b8708a4b17a296c2a7d2108edf5e2ed2600622b2caa/detection

http://206.166.251.174
206.166.251.174:22
206.166.251.174:50050
206.166.251.174:81

# Reference: https://beta.shodan.io/host/35.182.172.36
# Reference: https://www.virustotal.com/gui/file/b0326b197614c6818b57f340d40b6c895c0abe3839021a50ee97c18c9327f337/detection

http://35.182.172.36
35.182.172.36:443
ms-sp365.com

# Reference: https://beta.shodan.io/host/37.120.237.200

37.120.237.200:3389
37.120.237.200:443

# Reference: https://beta.shodan.io/host/45.227.255.187

http://45.227.255.187
45.227.255.187:111
45.227.255.187:22
45.227.255.187:50050

# Reference: https://beta.shodan.io/host/52.48.206.73

http://52.48.206.73
52.48.206.73:443

# Reference: https://beta.shodan.io/host/54.167.194.159

http://54.167.194.159
54.167.194.159:22

# Reference: https://beta.shodan.io/host/54.93.51.88

54.93.51.88:443

# Reference: https://beta.shodan.io/host/66.150.66.12

http://66.150.66.12
66.150.66.12:22
66.150.66.12:8080

# Reference: https://otx.alienvault.com/pulse/60c15597ea37d932a32ad8c5
# Reference: https://www.virustotal.com/gui/file/f818f101b69e3234a7b57d9406336ff6a8883b4b232508e8ef030b05ebea3fab/detection

http://112.25.18.135
http://119.100.50.35
http://119.100.50.35
http://119.96.205.214
http://120.27.194.43
http://120.27.194.43
http://13.88.218.152
http://140.143.51.244
http://141.164.40.173
http://141.164.40.173
http://144.168.61.137
http://144.168.61.137
http://156.247.13.254
http://156.247.13.254
http://165.22.121.138
http://175.83.153.133
http://175.83.153.133
http://182.161.69.158
http://182.161.69.158
http://185.239.226.133
http://185.64.104.9
http://192.210.198.13
http://192.210.198.13
http://195.123.220.84
http://202.79.175.85
http://202.79.175.85
http://30.52.232.157
http://31.44.184.51
http://37.61.205.212
http://45.112.206.13
http://45.112.206.13
http://46.19.37.133
http://47.206.118.45
http://58.222.56.36
http://87.120.8.67
1.15.116.99:443
1.15.116.99:443
101.28.128.29:443
104.243.46.74:443
104.243.46.74:443
104.36.231.42:443
104.36.231.42:443
111.6.160.16:443
116.207.118.57:443
117.25.133.179:443
124.156.148.167:443
124.156.148.167:443
14.29.57.219:443
153.3.231.207:443
153.3.231.207:443
156.247.13.254:443
156.247.13.254:443
167.179.66.246:443
167.179.66.246:443
172.81.205.217:443
172.81.205.217:443
18.185.164.1:443
18.185.164.1:443
192.243.102.171:443
2.2.2.17:443
2.2.2.17:443
207.148.107.212:443
207.148.107.212:443
27.159.95.75:443
36.102.212.74:443
39.103.168.75:443
39.103.168.75:443
42.81.144.96:443
43.226.155.124:443
43.226.155.124:443
43.243.246.230:443
45.112.206.13:443
45.112.206.13:443
47.246.16.226:443
47.246.16.226:443
47.56.219.26:443
47.56.219.26:443
47.94.212.39:443
47.94.212.39:443
51.158.169.165:443
51.158.169.165:443
59.37.142.223:443
61.168.100.179:443
61.184.215.182:443
61.184.215.182:443
64.187.239.74:443
1.cs123456.xyz
1hao.xyz
ads.gellpac.com
beast.cyberstonesecurity.com
c.virscan.xyz
cannstattraction.com
cdn.sogou-update.com
ciscodev.org
cobaltstrike.mywire.org
control.commanderinthe.cloud
cs.flash-up.info
cs.haopinwei.shop
csmu.website
d17e6gprvxm55x.cloudfront.net
d1yxgunqlbb2ab.cloudfront.net
d2g37k1rs1nihw.cloudfront.net
d37vvfpyclbf9b.cloudfront.net
data-protection-testing.com
dev.burdine-health.com
device.azureedge.net
digitallightphotography.net
dlinknetwork.com
dns12.org
do1t.cn
ec2-52-48-206-73.eu-west-1.compute.amazonaws.com
eduhk.studiteroom.email
equitasbank.azureedge.net
fishhub.ca
forteupdate.com
fuck.crycat.cn
fucking.ml
hackercomein.tk
imqc.tk
info.poscobusiness.com
install.falsh.cn.com
jnahetverylongduck.us
js.news1010.net
lesti.net
lightingfastnetsolutions.com
login.office247.tech
microsoftupdateapp.com
msn.com.getdsoft.com
portal.phizerbiontech.com
qfaet.com.d.cdnvip1.com
regionsbankk.com
remote.claycityhealthcare.com
rewza.net
safeconnections.xyz
service-0wh8xp28-1259179598.gz.apigw.tencentcs.com
service-66n1zpgp-1253379620.sh.apigw.tencentcs.com
service-71a5mprd-1302056084.sh.apigw.tencentcs.com
service-84nhclt7-1256646536.sh.apigw.tencentcs.com
service-abwy2j29-1302108328.bj.apigw.tencentcs.com
service-agql1s0a-1256203339.gz.apigw.tencentcs.com
service-ajgvk27b-1256190886.bj.apigw.tencentcs.com
service-aoha8k6l-1252931985.sh.apigw.tencentcs.com
service-cbfodv0t-1301877960.sh.apigw.tencentcs.com
service-f5ikc4ax-1305094099.sh.apigw.tencentcs.com
service-fl9p4b9j-1259312707.bj.apigw.tencentcs.com
service-jfm40pz6-1305872363.gz.apigw.tencentcs.com
service-ln18385c-1253152225.hk.apigw.tencentcs.com
service-nwp9p8dh-1252572991.cd.apigw.tencentcs.com
service-oh6mfypt-1259329988.bj.apigw.tencentcs.com
service-opaf5nk0-1305049999.gz.apigw.tencentcs.com
service-opk21fj5-1251344091.sh.apigw.tencentcs.com
service-p44yb571-1300400844.cd.apigw.tencentcs.com
service-pgxzsrsf-1304480121.sh.apigw.tencentcs.com
siagevewilin.com
sso.africell.ml
test.justsec.xyz
testsubnet.com
veeamdata.com
w2doger.xyz
windowsshop.cc
yaunfang.a.qianxin.com.cdn.dnsv1.com

# Reference: https://otx.alienvault.com/pulse/60c15596f1b38d6ef2564a9a

365office.tk
a93.xyz
banweb.cityu.dev
download.google-images.ml
royal-union-d714.officeupdate.workers.dev

# Reference: https://www.virustotal.com/gui/file/3cdf2d23ca07876d5329bec41db75a434e9ca580c9abf98bbd3a7bdbd6b5a2e6/detection

http://124.71.61.128
124.71.61.128:81

# Reference: https://www.virustotal.com/gui/file/23a43b5487395b419bcbbe0b8c6e2bfef0cf0b900665a00def9906ca965ebafe/detection
# Reference: https://www.virustotal.com/gui/file/91f59d28164d3af1f2b5769d63ebe1f353b9f654bf7b699eec2388bb9b93a263/detection

http://42.193.176.195
42.193.176.195:8081

# Reference: https://www.virustotal.com/gui/file/edd9b4fe2872c9d638e185516da437370c10afd3ea37948cdfe19941a5ab6233/detection

microsftportal.com

# Reference: https://www.virustotal.com/gui/file/904a7ba4cc4217772e5299669ab3872321d34e5fbc5d4f2c4d472bc8fde61673/detection

103.56.19.130:2095
104.21.27.40:2095
ddddoooossss.tk
cs.ddddoooossss.tk
test.ddddoooossss.tk

# Reference: https://www.virustotal.com/gui/file/b7a4c671c05ced8c3163c15699a60358c69aad5165af51327cc55447cfc1e0e8/detection
# Reference: https://www.virustotal.com/gui/file/aad19814750f6db40b769f20cb24ff43176dc530fe98bd851e1108222d152d32/detection

218.89.171.135:28955
cn-cd-dx-1.natfrp.cloud

# Reference: https://twitter.com/_brettfitz/status/1403713293949325314

dashsecuritybusiness.com
entirelysecuritybusiness.com
infosecuritybusiness.com
janesecuritybusiness.com
killsecuritybusiness.com
knotsecuritybusiness.com
letsecuritybusiness.com
livedsecuritybusiness.com
madesecuritybusiness.com
raresecuritybusiness.com
ropsesecuritybusiness.com
securitybusinessgrey.com
securitybusinessmean.com
securitybusinessmeta.com
securitybusinessrank.com
ticksecuritybusiness.com
winsecuritybusiness.com

# Reference: https://twitter.com/_brettfitz/status/1397096521842233345
# Reference: https://www.virustotal.com/gui/file/6668cc85cae05f08cd1876c3c1738c96e572f78ea32c8c79836c45fe87dec5a9/detection

strawvapi.herokuapp.com

# Reference: https://twitter.com/_brettfitz/status/1386132445469229061

service-0d28r0i3-1255997775.bj.apigw.tencentcs.com

# Reference: https://twitter.com/_brettfitz/status/1386129506096799748

microsovft.com
support.microsovft.com

# Reference: https://twitter.com/_brettfitz/status/1404094711653179398
# Reference: https://www.virustotal.com/gui/file/f522ed2b89cd3c28d7a52e93e9f6a16a0dbd2b36634e505002d542a133192808/detection
# Reference: https://www.virustotal.com/gui/file/b57e9ab9c27e83dd9df5ebca451aff642cfc54d208bcebda9803bce6dee0b501/detection
# Reference: https://www.virustotal.com/gui/file/e8fee24fb4d73f36aad67e07c85ac054b8cbf72ba4273d41c45a9250140ed8ef/detection
# Reference: https://www.virustotal.com/gui/file/9274a873b169f733a4578dac9e51d45459472cfa5f32b23885a12f57f613f7cd/detection
# Reference: https://www.virustotal.com/gui/file/5d05b560c2e18ec34386959561fbbf09879c693b35241a82e014d04576221514/detection

185.25.51.67:443
moneybankoncityasd.com
fhfghhjiiutrec.com
gogililutopikup.com
downlight-ofcity.com
openoffice-city.com
powerstationtck.com
ultradeliveryshop.com
worldwidecharityinc.com

# Reference: https://www.virustotal.com/gui/file/a2112ad3b188db3225cf79dc9d39134e887cee51ff141c5a6ba73e65858a3474/detection
# Reference: https://www.virustotal.com/gui/file/cb34019839b36c8fe7cc9156f4ca060ecd65b3cf9a9d2d866266f1714c4cf8e5/detection

http://74.211.103.201
74.211.103.201:443

# Reference: https://twitter.com/_brettfitz/status/1404438059962208256

pofafu.com
rirabe.com
zeheza.com
zojuya.com

# Reference: https://twitter.com/mojoesec/status/1404479000051847176

office247.tech
opashif.com
login.office247.tech

# Reference: https://twitter.com/mojoesec/status/1404478448232550401

survey.unitedfcu.co

# Reference: https://www.virustotal.com/gui/file/191aa341ff74dc622e731530bd90d03d7b3ff06e5b315f9efac0a1c80ee83097/detection
# Reference: https://www.virustotal.com/gui/file/90cdf4002a686ca07524285fffb1aacf530f82fa0865e92ea3aafee31c56928d/detection

23.106.122.245:443

# Reference: https://www.virustotal.com/gui/file/a6a97595b023833dd3afc1190f1f3664ed0ad68bae6d6699550ae0714067abbf/detection

172.67.210.116:2086
sharefree.cf

# Reference: https://www.virustotal.com/gui/file/e8c249cdd05e1d7366f263a0de0ff5f376eaaa13d29614f835b10f3cabacfcb3/detection

http://198.13.63.107
198.13.63.107:4445

# Reference: https://www.virustotal.com/gui/file/d5eb97a976f21c390d17f818f03e5ae95d52c2db00bcb714a9fe6ae2e3ae5581/detection

198.13.63.107:8888

# Reference: https://www.virustotal.com/gui/file/e6204197dddc4022ec52d9f11c15639a348e3f8d70b4077b9c305b8de0f228ed/detection

http://47.93.225.185
47.93.225.185:7901

# Reference: https://www.virustotal.com/gui/ip-address/18.118.29.65/relations
# Reference: https://www.virustotal.com/gui/file/76a001efb7c984632df4f41b947e9914dcb78a666d9283e865333fb1fbc336f4/detection

http://18.118.29.65
18.118.29.65:10420
dev-malware.xyz

# Reference: https://www.virustotal.com/gui/file/bc5b2a012cce07ee6537362b73757b687e1f4a73064fa5385d7bf71b16304a41/detection

http://109.166.36.56
109.166.36.56:41860

# Reference: https://www.virustotal.com/gui/file/fea2878685aab2f690099277a333895c2eec7970cc0e85e14187b9372bbbbdcd/detection
# Reference: https://www.virustotal.com/gui/file/8630650dc53d775e35e40332331e577fbae05499483a6ab2d29749ba62eb1d25/detection

81.69.98.197:443
81.69.98.197:6789

# Reference: https://www.virustotal.com/gui/file/064924bf49bd1809d90df0169eb6e354ce8f5b88100bb39b89460c480121fbeb/detection

182.254.240.188:60000

# Reference: https://www.virustotal.com/gui/file/9be7631dbd77a9f80453ff63216caf57f6048800c87519121de79a3183dd8315/detection

39.103.157.206:8822

# Reference: https://twitter.com/mojoesec/status/1405590821924052992
# Reference: https://www.virustotal.com/gui/file/540cc3176fab991653c68507421e59d211c94bff59d4d62425cc433b154d7ff5/detection
# Reference: https://www.virustotal.com/gui/file/fe950c668448ff71ce36ccdf24ed5849a95c00e9c34783932e3eaeafa35989c4/detection
# Reference: https://www.virustotal.com/gui/file/76b6c96d477e79fe38abc7a1feedb3e8dd8193b77c6d730a8ba82083e246f4ee/detection

akamaistats.com
vdomain.serveblog.net

# Reference: https://twitter.com/mojoesec/status/1405212656211054593

cs123456.xyz
juletta.in
xjhiaoiauo.xyz

# Reference: https://www.virustotal.com/gui/file/7fb6e93a6831ac4e4ab15e670080d4a48df8a48c3164964a733155f693cc090d/detection

148.70.32.190:443

# Reference: https://www.virustotal.com/gui/file/7faa5639b75f55eaa69a42fa2e7d0e46b6f6b77bb6e6ef5f231fee3aaff92a80/detection

148.70.32.190:6646

# Reference: https://www.virustotal.com/gui/file/c7db9e76d08a3dff5f681cb29ec274f76ec50da73ba08a70ee75f43a1a443e82/detection

http://148.70.32.190

# Reference: https://www.virustotal.com/gui/file/887eb027f729d713f23fc44553f419bc15b60ba603804fa37ba39d31ec44ebd2/detection

161.97.164.95:88

# Reference: https://www.virustotal.com/gui/file/42e931f2775be6d26a3f17ff12ee722dd689d456f088e5f32c93521f73be5154/detection

47.108.184.159:8443

# Reference: https://www.virustotal.com/gui/file/9241ab407bb7fd29191996308cd0296e191fb709f413f47ddcf4e0064460720a/detection

47.108.184.159:8088

# Reference: https://www.virustotal.com/gui/file/79d5865a91e5e96efd7042b2396e681ae4117c87d1ebf0cba1e701079bb15a80/detection

118.178.194.22:443

# Reference: https://www.virustotal.com/gui/file/56031a86657f63dd8bdcd53d409549a0314bc8434149a614cb00c0e89e865755/detection

http://118.178.194.22
118.178.194.22:50051

# Reference: https://www.virustotal.com/gui/file/7c3319f2ac05af774276b2c1b61cdc9481a36a8f434cd28a5a687323da9393ff/detection

47.243.171.82:1234
yuetchn.top
ssh.yuetchn.top

# Reference: https://twitter.com/James_inthe_box/status/1405123571332960263

microsoftdocs.workers.dev
cdn.microsoftdocs.workers.dev
ccdn.microsoftdocs.workers.dev

# Reference: https://www.virustotal.com/gui/file/0ac12c4709abf9e3e855fa1dda01e4541ce00576104284d59cbe2b676dada295/detection

http://43.249.81.50

# Reference: https://www.virustotal.com/gui/file/5a2e478f5a1fdb271f27595506b3cf93cf297b4ef588697c4f627690a778bfdb/detection

http://95.217.1.81

# Reference: https://twitter.com/_brettfitz/status/1404995578132676610

cookieconsentpub.com
gui.cookieconsentpub.com
nab.cookieconsentpub.com
open.cookieconsentpub.com

# Reference: https://www.virustotal.com/gui/file/b7283a6bdb44512922a7d4e7435649aebecd402cbcc7dd71c57199e66f124c19/detection

122.152.248.105:1234
81.69.249.244:7088
cf1549064127.f3322.net

# Reference: https://www.virustotal.com/gui/file/89307736a5755c57549ba4b15179c8c62692259d6630044cb8c1ef6d43dc63e8/detection

152.136.135.86:8680
212951jh19.iok.la

# Reference: https://www.virustotal.com/gui/file/793737be7724fc08be14112d3302cc91f2aba8a56038b23042347676cc3c6fe9/detection

122.152.248.105:5555

# Reference: https://www.virustotal.com/gui/file/c31465a655d4fc401036e80b1c353ac89ed24797702511fe921f5eebb77dd276/detection

122.152.248.105:5556

# Reference: https://www.virustotal.com/gui/file/b11d9d9fa501ba54301ce1de07da32c3504a783259abbba23ba4fa65cb780a48/detection

103.242.132.184:2095
103.242.132.184:8080

# Reference: https://www.virustotal.com/gui/file/96684c120608b98838acf58b29fac1c2b20cc95c2fafb2cfb6faafdd6c485ce0/detection

raws1.net

# Reference: https://www.virustotal.com/gui/file/31535e2adfe34229c1b0878ce0933adcddf0938a09c1b1065fc448334728eaad/detection

rellest.com

# Reference: https://www.malware-traffic-analysis.net/2021/06/17/index.html

http://139.60.161.74
http://162.244.83.95
139.60.161.74:443
162.244.83.95:443

# Reference: https://twitter.com/InQuest/status/1404871139466285059
# Reference: https://www.virustotal.com/gui/file/8706d795cd8bb75b11e3b3e5606decee08596cb613059b10c6ec1df70099b761/detection

http://72.194.234.12
72.194.234.12:8181
/mod/1.Control/4.SysManage/about.php

# Reference: https://www.malware-traffic-analysis.net/2021/06/15/index.html

http://5.252.177.17
5.252.177.17:443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/45.156.24.235

http://45.156.24.235
45.156.24.235:443
45.156.24.235:8443

# Reference: https://twitter.com/TheDFIRReport/status/1405151926640168964
# Reference: https://beta.shodan.io/host/61.240.234.45

http://61.240.234.45
61.240.234.45:88

# Reference: https://twitter.com/peterkruse/status/1406496241970733056
# Reference: https://www.virustotal.com/gui/file/d253b346f4f185e04ca0f00ad0d35f1cf8aeed52907371fbc24ef5078dab0629/detection

ns7.softline.top
ns8.softline.top
ns9.softline.top

# Reference: https://www.virustotal.com/gui/file/b4ef4f254086e612347a8fc2571cace2cfbfdbdb0a60bfcfe94a2d97f3908572/detection

http://45.142.124.46

# Reference: https://www.virustotal.com/gui/file/cfdcb8ba8fa596994aafaecebb9f6fb8891071bd84dba0691c72bd8b9786c817/detection

http://45.77.177.84

# Reference: https://www.virustotal.com/gui/file/3a382d86a9e55920d5d006a6af79dc4919d26f63c2d8a66d19f49d2d85237887/detection

http://89.35.178.10

# Reference: https://www.virustotal.com/gui/file/e96f290e8e31ad0b9bf2cff56ccca77cd48a2df5f1c20d106130b56cb7882f42/detection

106.53.127.176:443

# Reference: https://www.virustotal.com/gui/file/0ac12c4709abf9e3e855fa1dda01e4541ce00576104284d59cbe2b676dada295/detection

http://43.249.81.50

# Reference: https://www.virustotal.com/gui/file/2a2570f72bbc481ac6d964ba209d2fc608a48623c8cff74fca0a15b86b8455a6/detection

45.147.228.199:8080

# Reference: https://beta.shodan.io/host/47.102.112.20

http://47.102.112.20

# Reference: https://www.virustotal.com/gui/file/ce1976a2ded1e665049200ab0315a5ab4f9752ff06b5374e51a4b5bd5a5961ca/detection

103.75.189.252:443

# Reference: https://www.virustotal.com/gui/file/aec41c4f461cd08efe1390c8de513e54f766a5903c3c1f67ac4a9c93a3213c6b/detection
# Reference: https://www.virustotal.com/gui/file/033786a482641aa901a28a3e3c314dbe86723906cea15147629167d8364907f7/detection

103.75.190.50:443

# Reference: https://www.virustotal.com/gui/file/9b3d8d41eb6ddf13dc902f10ef00a6cd3badecb7fcbf0b6fc31e42b6877f358e/detection

119.45.5.195:443

# Reference: https://www.virustotal.com/gui/file/9aae4506d003c013d0ea65b9425c4323701d5ae598ecf11491bd038456a3bbc4/detection

http://139.162.82.220

# Reference: https://www.virustotal.com/gui/file/39865519650d86569020437ac7560dcfa7ab2d900478ab93539202e9394b662e/detection

139.162.82.220:443

# Reference: https://www.virustotal.com/gui/file/0e5efc52a33d17b719b03b898edbf96e63141f25416b36574537fb113501c04e/detection

146.0.72.84:8080

# Reference: https://www.virustotal.com/gui/file/20abc6986407230b21b01c1db419c92e21d4311839ed25173e9a3f252f171aaa/detection

154.86.30.241:443

# Reference: https://www.virustotal.com/gui/file/ae9526f87423c2687fbba1496d9a017e231c099e603bbff793bcc7e97ef80e2b/detection

159.89.206.190:443

# Reference: https://www.virustotal.com/gui/file/ec5e9a7168f16c77f7eebb6266b9ded2e70d7d00e91227252304fa7ac9d51919/detection

159.89.206.190:8080

# Reference: https://www.virustotal.com/gui/file/d3829eb541eb411ab751779c9c93a5e58575fc8bd177388e488983b54484adf5/detection

http://185.12.45.140

# Reference: https://www.virustotal.com/gui/file/27587ca7d6c8851c569646623e897f8b54366fc5bbbe6da96a8121d8b1a47fe0/detection
# Reference: https://www.virustotal.com/gui/file/341f490b360ea31506a90c063f6d51a5e59ff6d00dd8eb844aaabd218bc20f17/detection

193.34.166.213:8080

# Reference: https://www.virustotal.com/gui/file/95982a3bdd223fdabbc41d8d25eb2a8f5540ee5118d3fff2cd3d0e17805627a5/detection

193.34.166.213:8888
cdn3wire.net

# Reference: https://www.virustotal.com/gui/file/08c7959e9c8b7ef3bdc7a24ce78187dddb18e84cddf2abe622f4d2eb077a4aba/detection

42.192.183.250:443

# Reference: https://www.virustotal.com/gui/file/7e8bddcb91455697256cb8b971e1fb63e4c6d4a609d18596c47cafbb2324a5b3/detection

42.51.42.172:443

# Reference: https://www.virustotal.com/gui/file/d98ffdc1e663a10617e48d8410af56c671bf5f806c4360cd54a9006de32c3608/detection

http://146.0.72.88

# Reference: https://twitter.com/mojoesec/status/1407030448052740098

cdnmetrics.net
micrlosoft.pw
rusoti.com
statislog.com
cs.micrlosoft.pw

# Reference: https://www.virustotal.com/gui/file/c7c15fdc7b06824df33fb57fd324dd960ccfe9c03b0c65aae18011841bba28ff/detection

http://119.45.63.179

# Reference: https://www.virustotal.com/gui/file/821bb35b87325b3cca499b9d0c57c33211fe68f630b27f8f53b75ab79529d958/detection

http://47.106.135.101
47.106.135.101:89

# Reference: https://www.virustotal.com/gui/file/9797182742e481a652f7778790e23d9556100820618ae6b0cc5fded2eb7441d3/detection

207.148.114.77:8088

# Reference: https://www.virustotal.com/gui/file/788107d9c8cffcf3b02a1deee9f60c96ce4361cd155c7306707c4cd8837be586/detection

192.144.213.80:8080

# Reference: https://www.virustotal.com/gui/file/fcc593c2439def1b1be19538c34f4ad2e447e6fde52744886a93355fa67190bb/detection

49.233.39.239:14443

# Reference: https://www.virustotal.com/gui/file/c042b5b248c0e4c3d6ef294875d272a4e6f8c74b8b4d32b9534501230b51492b/detection

49.233.39.239:8443

# Reference: https://www.virustotal.com/gui/file/b7b76d041a225430fe7f653424328b194aa615ca2fff7d71a9edb8c6e0f4f674/detection

49.233.39.239:9696

# Reference: https://www.virustotal.com/gui/file/294e1fd5184e3621cc8a108db9b626a61853f61d49f489b062c31a6a43361215/detection

182.157.35.21:7443

# Reference: https://twitter.com/TheDFIRReport/status/1407382877227134982

http://81.71.122.129
152.32.174.250:8080
81.71.122.129:8443
microsoftcenter.live
windowservices.cn
update.windowservices.cn

# Reference: https://twitter.com/mojoesec/status/1407425186052378624

dunncenter.org
insideappple.com
likonas.com
qfaet.com.d.cdnvip1.com
snowhydro.com.au
tristare.com
veeamdata.com

# Reference: https://www.virustotal.com/gui/file/e904e9257ccbca48d3104f3e48212cb8365c6b1b0cdef724d489c52e62898983/detection

104.21.2.252:8888
172.67.129.243:8888
trafficrouter.xyz

# Reference: https://tria.ge/210622-5946tjsyc6

http://23.227.202.174

# Reference: https://www.virustotal.com/gui/file/34ad1a8f76871f82f7beba1228475617874a0b1238f296d987e2eeffebc60280/detection

45.76.205.191:443

# Reference: https://twitter.com/TheDFIRReport/status/1407024263828234242
# Reference: https://beta.shodan.io/host/172.104.67.144

172.104.67.144:443

# Reference: https://twitter.com/TheDFIRReport/status/1407024263828234242
# Reference: https://beta.shodan.io/host/46.161.40.85

http://46.161.40.85
46.161.40.85:22
46.161.40.85:443

# Reference: https://beta.shodan.io/host/167.179.112.190
# Reference: https://www.virustotal.com/gui/file/6078f1e6797a1b5dcc11a4e1c23a018ea5c516bf6b72363423d35020fc726c2a/detection

167.179.112.190:22
167.179.112.190:443
167.179.112.190:50050
167.179.112.190:8443

# Reference: https://twitter.com/TheDFIRReport/status/1407024263828234242
# Reference: https://beta.shodan.io/host/45.77.212.175

http://45.77.212.175
45.77.212.175:22
45.77.212.175:50050
45.77.212.175:5353

# Reference: https://twitter.com/TheDFIRReport/status/1407024263828234242
# Reference: https://beta.shodan.io/host/65.49.211.19

http://65.49.211.19
65.49.211.19:443
65.49.211.19:50000
65.49.211.19:8080

# Reference: https://twitter.com/TheDFIRReport/status/1407024263828234242
# Reference: https://beta.shodan.io/host/159.65.49.105

159.65.49.105:22
159.65.49.105:443
159.65.49.105:50050

# Reference: https://twitter.com/TheDFIRReport/status/1407024263828234242
# Reference: https://beta.shodan.io/host/18.134.14.248

http://18.134.14.248

# Reference: https://twitter.com/TheDFIRReport/status/1407024263828234242
# Reference: https://beta.shodan.io/host/141.164.42.60

141.164.42.60:22
141.164.42.60:443
141.164.42.60:5555
141.164.42.60:5985
141.164.42.60:8443

# Reference: https://beta.shodan.io/host/104.140.100.36
# Reference: https://www.virustotal.com/gui/file/7f7fa8f35e276796a79ffea9488933eaf7b9102e5afc82fde594969d4ac7a0d1/detection

http://104.140.100.36
104.140.100.36:22
104.140.100.36:50050

# Reference: https://www.virustotal.com/gui/file/3c4d439e9aad16dde90f7e6a1ab6635c7be0c368f82cf3eb2fb026e3f4f22075/detection

202.169.39.5:443

# Reference: https://www.virustotal.com/gui/file/e5044e2846331129e1954dae25f527b832f77fbc8c7c2339885cc07a57f1e2cb/detection

19.136.14.2:4455

# Reference: https://www.virustotal.com/gui/file/73cff15d9a187693a62837ee18a3c459ed9ffe5558133355316f46db9526e804/detection

103.126.241.58:8001

# Reference: https://twitter.com/mojoesec/status/1407790363113316356

gestapobartenders.com
pigaji.com
ulrichjok.com
vizosi.com
windowsupdatesc.com
worldextentions.com

# Reference: https://twitter.com/_brettfitz/status/1407792169704988681

pesrvrs.com
sservers.org
pe1.pesrvrs.com
pe2.pesrvrs.com
pe3.pesrvrs.com

# Reference: https://www.virustotal.com/gui/file/743f356d718cc8e34defa039b1760b59b4a159d9e2d6997897bbf4b0cf512155/detection

35.241.106.16:7788

# Reference: https://www.virustotal.com/gui/file/1585da69000d98629933d002b1ac1390508786f957829a36b4f9852a721c2d27/detection

35.241.106.16:10101

# Reference: https://www.virustotal.com/gui/file/eb28047b136c08731dd64a9bb2d316d49f3140e43ea033e5fb3153dc08aaa65b/detection

120.79.1.178:8888

# Reference: https://www.virustotal.com/gui/file/c17b9f27cb89d12de4fbfcb645ba33ab3c60777d8bb40f35ec0262a0c8b3f878/detection

120.79.1.178:8080

# Reference: https://www.virustotal.com/gui/file/c0e9806be01184694f45ed2161cd2accd7344f83f1fb5992d3b4a7d553867f26/detection

http://121.5.192.176

# Reference: https://www.virustotal.com/gui/file/2f276e8aeb8541d11b2966464ca05a12d61155498961369e2e9d883189b06511/detection

121.5.192.176:4567

# Reference: https://www.virustotal.com/gui/file/c40488f469a06d798f3c159963bcc1c096a00ef19ee2d21a8314484c6a1b95cb/detection

121.5.192.176:443

# Reference: https://www.virustotal.com/gui/file/2cb8d03f9379dde3b48bcc4e7cc2d69731c8effadf1c009ec4d880b7b1ed3ee5/detection

121.5.192.176:8099

# Reference: https://www.virustotal.com/gui/file/b2e49261a493058739a9c853a463e69b252782d74a5d9d3ee0df2f6b90a7b51f/detection

121.5.232.5:443

# Reference: https://www.virustotal.com/gui/file/5231dc99076a5d2ea7e1b1162c411e84a42564934adf325915549aaf24ad0d53/detection

121.5.232.5:8880

# Reference: https://www.virustotal.com/gui/file/0d700506e073f6a06f807fe44d6a9da31f277c5730d7b880062e820612897bb6/detection

http://121.5.232.5
baidu.com.yiers.tk

# Reference: https://www.virustotal.com/gui/file/fad4aa474affa78e820e731061ed7614feba095422465f0ca4c05a1f3506beb8/detection
# Reference: https://www.virustotal.com/gui/file/673d8268fd21825ca5f21d8b395cdcede7009b60e540cb36c46f5794626faefb/detection

34.238.192.43:443

# Reference: https://twitter.com/mojoesec/status/1408122566682808329

akametrics.com
33e6dda.xyz
7861f5b56aa4.xyz

# Reference: https://www.virustotal.com/gui/file/f20f1a80a7f533e1f61d92f321af399738cb7100f561b7b3ca589a44f24c82cc/detection

1.15.79.166:443

# Reference: https://www.virustotal.com/gui/file/b54982535bd1af3e63273c0c59893c5f142cce0158042bc804bbe0ff3b310917/detection

1.15.79.166:55555

# Reference: https://www.virustotal.com/gui/file/0ff2c567e36b74bf140daa921b594dab3200f7fb9d57e3d1fdd6f1b7379db31f/detection

101.34.36.115:8035

# Reference: https://www.virustotal.com/gui/file/ad0fba01c349adb819e9ee1f413d730feb5d79c43d045e76792a4d29d46efc58/detection

http://101.34.36.115

# Reference: https://www.virustotal.com/gui/file/ecfcaf94490b714c6a128234e823923fef96750b41e5ba7b2dfb336a10229ff2/detection

81.68.254.48:8081

# Reference: https://www.virustotal.com/gui/file/5b7c9a890cd5feacd294ba5ceebb67592907d52f16c2cb8b6d7ace11d3e11f30/detection

47.102.215.49:1234

# Reference: https://www.virustotal.com/gui/file/00ef2437fafd0e04dc599b4cbdcb2d9e9a686ac05e93327b7b6db880ae53d805/detection

47.102.215.49:12345

# Reference: https://twitter.com/malware_traffic/status/1408095271985295360

http://80.209.242.126
80.209.242.126:443

# Reference: https://twitter.com/malwrhunterteam/status/1408421451645034497
# Reference: https://www.virustotal.com/gui/file/17411cb561a94028f12e6d8591db196f674c1c2b0d12cf695de226500c46cdec/detection
# Reference: https://www.virustotal.com/gui/file/d8496b3ad1e81e69cff7a87d9cc1108e87e6dd7f54495581cd0b572d69225c38/detection
# Reference: https://www.virustotal.com/gui/file/90f7bc5d759feabce8cbbd8cace697d25e4d5149da41f1104409153748528bb5/detection

http://81.70.247.69

# Reference: https://www.virustotal.com/gui/file/0c0254103f11d2d72662287a8e15cb0f8138bbf10248e54b5ca00cd6cbbee11d/detection

idbb-bank.website

# Reference: https://www.virustotal.com/gui/file/949a765ee09b83fcd33ba120ca7269666c2074b45d6fb7d1bbe5553fdb8505d7/detection

104.168.219.79:8080

# Reference: https://www.virustotal.com/gui/file/4a06067858dd96b7b77efe48f2bd1d828f68dfea48057e127b9c32d7c359522a/detection

danielandjanna.xyz
regnumviajes.xyz

# Reference: https://www.virustotal.com/gui/file/184f6cb9cfa024d894bdce2bc4805785fa01d7374c0d4f1b6de65c814b822efd/detection

81.70.255.64:50019

# Reference: https://www.virustotal.com/gui/file/0300fb899504daa3be16bb88aaa72088ae54cb82bce778ec4ba4743fb2e0a49e/detection

104.21.68.200:8880
172.67.198.44:8880
aliyunn.cc
amazon.aliyunn.cc

# Reference: https://twitter.com/malwrhunterteam/status/1408720716187508738
# Reference: https://www.virustotal.com/gui/file/87023460be7a3354b70cfbea1d9524f34123586022e9955c49e9ef7d78240798/detection

http://146.0.72.139

# Reference: https://twitter.com/malwrhunterteam/status/1408727162354651137
# Reference: https://www.virustotal.com/gui/file/de6a4c7621dfd6a633cc2131c13915b3b88463cb397aadd40f9d524df7a096de/detection

45.76.247.184:4477

# Reference: https://www.virustotal.com/gui/file/55407428377aff4183f6df2c10d63a415c9221fe5df15816197f59c5e9bf3ca6/detection
# Reference: https://www.virustotal.com/gui/file/19cfbafc6d766ef3f5b40ac5abf059b8a2d4e38f68cf50e05dde7ddf6bd0b790/detection

8.140.184.97:81

# Reference: https://www.virustotal.com/gui/file/71a43efe74549ac79d291b1649c07c8ee4c9bb91d8bfb38eb49881b030babd56/detection

58.209.223.75:5566

# Reference: https://twitter.com/TheDFIRReport/status/1407658441938653188
# Reference: https://beta.shodan.io/host/5.199.162.78

5.199.162.78:443
5.199.162.78:50050

# Reference: https://twitter.com/TheDFIRReport/status/1407658441938653188
# Reference: https://beta.shodan.io/host/3.16.91.164
# Reference: https://www.virustotal.com/gui/file/bdd5b81e80bbc10b23e95557cb1e8b7f955b3f2951106bd415487f2739fab9fc/detection

3.16.91.164:443

# Reference: https://www.virustotal.com/gui/ip-address/160.72.78.10/relations

cyberstonesecurity.com
fortress.cyberstonesecurity.com

# Reference: https://www.virustotal.com/gui/file/d46553b783c07b1dd86fbe6a16cbc59814e5e13751e84cfd2734bdd76dd5c507/detection

http://155.94.133.15

# Reference: https://www.virustotal.com/gui/file/359f82ff229f099499ff17adfaab0bfb636611d3cc105856efddfbb061a9a454/detection

161.35.218.255:443

# Reference: https://www.virustotal.com/gui/file/3bfcef5087606ae27bdcbad376c203ae691d97b44ee850a0a0d74c51a633fbc1/detection

173.82.155.172:443
windowsdoors.me

# Reference: https://www.virustotal.com/gui/file/e6303d1cbbc729554003c238acbd664a2a48bedf70f93695c3d0230d808099f0/detection

37.120.239.185:443

# Reference: https://www.virustotal.com/gui/file/5d7b8704020f4ca4f992ae89c1e53f22f8c5487e48a214319d8cbad38891bbf6/detection

http://37.120.239.185

# Reference: https://twitter.com/TheDFIRReport/status/1407658441938653188
# Reference: https://beta.shodan.io/host/45.32.255.205

http://45.32.255.205

# Reference: https://www.virustotal.com/gui/file/891e692a0e0ac00036b5e91bf2ab62f4e83ac39f5ca5cf280581b0b13c1199c3/detection

45.77.31.210:84

# Reference: https://www.virustotal.com/gui/file/1f6b8855444e1f6c7661ae1796f15de81f739d6860a5132adb081111ce649424/detection

39.101.174.115:81

# Reference: https://www.virustotal.com/gui/file/325b659a1a2ff765a8295612d77cbca2cfaa4f2c076e727e6fbefa6624b7f9c3/detection

http://49.234.105.98
49.234.105.98:70

# Reference: https://www.virustotal.com/gui/file/d45a968da33a92a6c497bc3f927e0a646dabf778eff14e17346ce1ee1f9da8d1/detection
# Reference: https://www.virustotal.com/gui/file/c2d80d2b0e6a4a1bed5ff4a36d4626a07457cd10de8db3a0a73d726b15bd724a/detection

202.182.119.246:8077

# Reference: https://twitter.com/_brettfitz/status/1409214310463717383

canada-gov.ca
api.canada-gov.ca

# Reference: https://www.virustotal.com/gui/file/d916afaef4a50d97464524dc6135d83a12e329c142ecc21c787e6c5b08f5dc7a/detection

http://162.244.83.95
162.244.83.95:8080

# Reference: https://twitter.com/felixaime/status/1409498072787398660
# Reference: https://twitter.com/felixaime/status/1409498385023918081

santeassurance.fr
css.santeassurance.fr
client.santeassurance.fr
static.santeassurance.fr

# Reference: https://twitter.com/mojoesec/status/1409539083446194177

chromeupdategooglle.com
microsotfonline.us
worldpublicpress.com
topazmer.com
login.microsotfonline.us

# Reference: https://www.virustotal.com/gui/file/854aeb9b591a105e8c440d7b81a75ba395ea0a6e06728dba9d6b50402180aaec/detection

58.87.92.35:8088

# Reference: https://www.virustotal.com/gui/file/79ff8dcfd77feaa3acd97e2f84d00a562452c103a58f32c1b2af1b5460b622db/detection
# Reference: https://www.virustotal.com/gui/file/0f60ef2cbb72a2c0e96eba2278660731e1c110c06560da7e1eb55467c32b7d12/detection

47.106.73.14:8080

# Reference: https://www.virustotal.com/gui/file/aa0065aa74136dad10ba142c4cc131c3c38c3e8686af2eeebf0133f0beea722f/detection

39.101.174.254:2233

# Reference: https://www.virustotal.com/gui/file/cbd97acb946f629a465b66d83391b0e3edc801da0745475a55cca35c7012b8ee/detection

156.232.2.71:8090

# Reference: https://www.virustotal.com/gui/file/bcfd684833f85dd69dea3ac48bb64007df64b41e83739acd048aecb20d667fc6/detection

156.232.2.71:8443

# Reference: https://twitter.com/mojoesec/status/1410302139809861633

flashplayer-update.com
cs.flashplayer-update.com

# Reference: https://twitter.com/malware_traffic/status/1410347443053604864

http://176.10.125.8
groupbzs.com

# Reference: https://twitter.com/James_inthe_box/status/1410352295670255619
# Reference: https://www.virustotal.com/gui/file/fee6b3937d208b95c17dc253ba951f3c7c5a332af98f4e0117ee5bbd47e38843/detection

http://37.120.222.56

# Reference: https://twitter.com/0xrb/status/1410464703420137478
# Reference: https://www.virustotal.com/gui/file/89a69c9504f50aa43e5a3f6c5077f5dc16fd28f787d88d22fce9a6594eb1fec2/detection

139.224.238.115:4455

# Reference: https://twitter.com/0xrb/status/1410466436468772865

1.117.117.202:7001

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-06-28-TA551-IOCs-for-Trickbot.txt
# Reference: https://www.virustotal.com/gui/ip-address/107.181.161.197/relations
# Reference: https://www.virustotal.com/gui/file/cf0a85f491146002a26b01c8aff864a39a18a70c7b5c579e96deda212bfeec58/detection
# Reference: https://www.virustotal.com/gui/file/26579fc7c48dcdc31c407222ebfb431976d75ce0f5a7a3bcfd336c7ea41668e4/detection

http://109.230.199.73
fodgbl.com
pikgrp.com
zizodream.com

# Reference: https://www.virustotal.com/gui/file/05bf277a3cdd1fb95475b9ade1d8c4fff63dd9158c0635cc1eb5b016ea54fb77/detection
# Reference: https://www.virustotal.com/gui/file/aad62ef583c658b034f977e13ea197c34c5918402cdf8b67302be42817fd4869/detection
# Reference: https://www.virustotal.com/gui/file/a5a4d88e2fe16d319aef6f7550ca2379d253a943d467dedc21e7ea3deb19410e/detection

104.21.68.200:2083
104.21.68.200:2086
172.67.198.44:2083
wuyoo.vip

# Reference: https://www.virustotal.com/gui/file/20270bd0c428a8c51c2c017232bf29d3b4d2ba229c00cb3de43f5704eda71b36/detection

45.112.206.13:50050

# Reference: https://www.virustotal.com/gui/file/ec071546304bd762ba02f579b191912feb407cacbbcd02caaa7b235df0f46e11/detection

45.112.206.13:1443

# Reference: https://www.virustotal.com/gui/file/8df0e685dcc295b466b5df4ce4e3e23a49f21980c647b96ef2badbaf9e5a8f3a/detection

http://45.112.206.13

# Reference: https://twitter.com/malwrhunterteam/status/1410654063037927426
# Reference: https://www.virustotal.com/gui/file/3e266bee74f77f7f49a4f6baf64c377c92dfeeb1af7d529f8dbfb5c4b1e1e638/detection
# Reference: https://www.virustotal.com/gui/file/f92d67d7ff79d62c51f6ebbb7dcdf6f04f8e3afcee489662f55e3f8f33cf0872/detection

106.52.8.230:6789

# Reference: https://twitter.com/mojoesec/status/1410642655881707523

soltya.com

# Reference: https://twitter.com/malware_traffic/status/1410634474812018697

http://206.250.248.91

# Reference: https://twitter.com/0xrb/status/1410847857364541440

http://159.138.158.126
http://160.20.147.250
http://37.120.222.56
http://92.222.234.227
1.117.117.202:7001
134.175.4.207:5757
139.224.238.115:4455
175.27.228.9:6666
47.102.44.211:14018

# Reference: https://twitter.com/malware_traffic/status/1410712988135342090

http://23.19.227.147

# Reference: https://www.virustotal.com/gui/file/6ed64711bac9e8642be714eedfe872a4ddaafe6a7f9b25b8ac656500bd2d42df/detection

http://194.56.77.163

# Reference: https://www.virustotal.com/gui/file/602fa8d5decabf63c25323d1bc4f6ceb147227041cbdebd5b4f452b7735c2bca/detection

194.56.77.163:8888

# Reference: https://www.virustotal.com/gui/file/d9e4b1083d47a57879d520df80a3054245229b6304037ea27673164d81c2f7a2/detection

121.5.164.118:443

# Reference: https://www.virustotal.com/gui/file/f5d41803389b38b237bd28500916cb52b3d5cf6b946bcbd796195594ace05608/detection

121.5.164.118:8087

# Reference: https://twitter.com/malwrhunterteam/status/1410917633059348484
# Reference: https://www.virustotal.com/gui/file/e59cc3a94f6a5119f36c4e0b3fbe6f04cc474d0b0b9d101163dac75722c809da/detection

us-traffic-azure.azureedge.net

# Reference: https://www.virustotal.com/gui/file/ebf59f57fb9bcc2e0a19b587df721e2960e20d89e161380ecf9bdcd0d6192cd9/detection

39.108.60.64:4443

# Reference: https://www.virustotal.com/gui/file/d9be3f230472a9cb8cd34e2712bc171387093b86586ba1210dbcb4d8e7460688/detection

http://39.108.60.64

# Reference: https://www.virustotal.com/gui/file/080ee6c068e95db7a776793e167fb4bb9ad0efcb424a400ed3efe697400fc73a/detection

http://106.12.99.85

# Reference: https://www.virustotal.com/gui/file/9834945a07cf20a0be1d70a8f7c2aa8a90e625fa86e744e539b5fe3676ef14a9/detection

download.google-images.ml

# Reference: https://www.virustotal.com/gui/file/ebc944f7fdb6b778b816769445651d5f75c53e37c682f9fe5029ce436375ac86/detection

update.pcocot.com

# Reference: https://www.virustotal.com/gui/file/5c1f908cc81ee41cbde63fe4c105da3fcb8468c663b5cbb7a4835a3c1ffe0a72/detection
# Reference: https://www.virustotal.com/gui/file/c80d5f2947406220a7e9fa43a03d6ada23124a918656ac095bf9eee11b752898/detection
# Reference: https://www.virustotal.com/gui/file/95c612d6cd0ff62836638a8a603b5c14bcf88f0b58b15e9dc7821115e1a957fc/detection

107.148.133.168:443

# Reference: https://beta.shodan.io/host/106.12.91.176

106.12.91.176:22
106.12.91.176:443
106.12.91.176:50050

# Reference: https://beta.shodan.io/host/137.220.53.51

http://137.220.53.51
137.220.53.51:135
137.220.53.51:22
137.220.53.51:3389
137.220.53.51:443
137.220.53.51:445
137.220.53.51:50050
137.220.53.51:5985

# Reference: https://beta.shodan.io/host/149.28.153.30
# Reference: https://www.virustotal.com/gui/file/4d558fb305dec238146e339ee6554d183fe827c4d7eeac756f8b5e381e14be38/detection

149.28.153.30:3389
149.28.153.30:5985
149.28.153.30:8899

# Reference: https://www.virustotal.com/gui/file/0c66e6f4fee70cac7e0f6868f740cd9c388dcf784f01e7175ae8c9333178d979/detection

150.158.185.97:4443

# Reference: https://www.virustotal.com/gui/file/552216028f8f58079dd610ea9d39c69397417a514d40fd0c889428b012ac1ea0/detection

150.158.185.97:7002

# Reference: https://www.virustotal.com/gui/file/8da5428e21bb37a8c4aad7dae5b62c2c5c1cc0bbd5af37157c7e6b956fce4dd2/detection

150.158.185.97:8080

# Reference: https://beta.shodan.io/host/150.158.185.97

http://150.158.185.97
150.158.185.97:22
150.158.185.97:443
150.158.185.97:50050
150.158.185.97:7001
150.158.185.97:82

# Reference: https://www.virustotal.com/gui/file/ee30bb2d17ceb704f45f10abbb20dd044c71edc65db17eeba346d45cf99ed783/detection

156.233.252.229:9699

# Reference: https://twitter.com/0xrb/status/1410099721356468232
# Reference: https://beta.shodan.io/host/18.166.154.145

http://18.166.154.145
18.166.154.145:22
18.166.154.145:443

# Reference: https://beta.shodan.io/host/207.246.86.81
# Reference: https://www.virustotal.com/gui/file/2310697b68f1dbff6e56acbb1ed8e2a40942c9605cbd33459a3491dc62962da9/detection

http://207.246.86.81
207.246.86.81:22
207.246.86.81:50050
207.246.86.81:7001
207.246.86.81:8080
207.246.86.81:8888

# Reference: https://beta.shodan.io/host/39.105.55.155

http://39.105.55.155

# Reference: https://beta.shodan.io/host/45.154.197.124

45.154.197.124:22
45.154.197.124:8080

# Reference: https://www.virustotal.com/gui/file/e6c0067e15cea5953a15e9a0d936228620008aa86172533ac245b533e010d598/detection

45.62.123.226:9090

# Reference: https://www.virustotal.com/gui/file/662f27b6408ca7836ddcd456fd6f556a36df20204794adfae2c99ca4e074fc17/detection

45.62.123.226:8091

# Reference: https://www.virustotal.com/gui/file/d60196b39127fca04efbc7cd545c98582321dfe82834c8aca7cd3ca2d6bc0c64/detection

45.62.123.226:8092

# Reference: https://beta.shodan.io/host/45.62.123.226

45.62.123.226:22
45.62.123.226:3306
45.62.123.226:8000
45.62.123.226:8080
45.62.123.226:9999

# Reference: https://beta.shodan.io/host/45.86.163.188
# Reference: https://www.virustotal.com/gui/file/8545e60514c0b80a0375e8dba8da9515efc1621d9d6df05ee8196e635b801267/detection

http://45.86.163.188
45.86.163.188:22
45.86.163.188:443
45.86.163.188:443:444

# Reference: https://beta.shodan.io/host/47.106.93.115

http://47.106.93.115

# Reference: https://twitter.com/0xrb/status/1410099721356468232

cf.clampuncture.com
clampuncture.com
spa4e.ga

# Reference: https://twitter.com/TheDFIRReport/status/1409866745335017474
# Reference: https://beta.shodan.io/host/45.32.87.87

http://45.32.87.87
45.32.87.87:22

# Reference: https://twitter.com/TheDFIRReport/status/1409866745335017474
# Reference: https://beta.shodan.io/host/45.77.195.105

http://45.77.195.105
45.77.195.105:22
45.77.195.105:3389
45.77.195.105:443
45.77.195.105:83

# Reference: https://twitter.com/TheDFIRReport/status/1409866745335017474
# Reference: https://beta.shodan.io/host/45.77.37.68

http://45.77.37.68
45.77.37.68:22
45.77.37.68:8080

# Reference: https://www.virustotal.com/gui/file/b81d495fde6d81719fc65673638de02109269aac4e4c2ff26dce984d34471f7c/detection

hoeidia.com

# Reference: https://twitter.com/TheDFIRReport/status/1409866745335017474
# Reference: https://beta.shodan.io/host/107.181.187.19

http://107.181.187.19
107.181.187.19:22
107.181.187.19:443
107.181.187.19:50050

# Reference: https://twitter.com/TheDFIRReport/status/1409866745335017474
# Reference: https://beta.shodan.io/host/194.36.191.27

http://194.36.191.27
194.36.191.27:22
194.36.191.27:443

# Reference: https://www.virustotal.com/gui/file/03a8efce7fcd5b459adf3426166b8bda56f8d8439c070b620bccb85a283295f4/detection

120.26.177.10:55221

# Reference: https://www.virustotal.com/gui/file/dc2cf1a53fd2f94937a699e429cce94af0d395350d7e094fd169c070c1bc4e24/detection

120.26.177.10:8000

# Reference: https://www.virustotal.com/gui/file/c66d392732690421dce4ff83effb82659eb8af037e3d2a2a4fed06e7fcce9613/detection

120.26.177.10:6666

# Reference: https://www.virustotal.com/gui/file/b269149e948c3ace712345b5bc897653f5ac0adbda80edac113e500e117c5427/detection

http://120.26.177.10
120.26.177.10:7890

# Reference: https://www.virustotal.com/gui/file/41678716b2b5d9d1775804da0761420b629e68ed6019b64f9c5a398aa42f4263/detection

120.26.177.10:443

# Reference: https://www.virustotal.com/gui/file/e0bfe383d68d8c7cc18552dba2fa68e1ee117d8458036d860a3031158184ce52/detection

amaz0n.cc
cs.amaz0n.cc

# Reference: https://www.virustotal.com/gui/file/5110fb3a45334650db8859b9b3d4b733840e31a88f24b39f306085f6d3b8e6f6/detection

120.26.177.10:4501

# Reference: https://www.virustotal.com/gui/file/d29d2ab72e246444a6182d866500fc91fee1e05cc7735747f7d8a7ff296b895a/detection

120.26.177.10:7878

# Reference: https://beta.shodan.io/host/120.26.177.10

120.26.177.10:22
120.26.177.10:3306
120.26.177.10:3790
120.26.177.10:8080
120.26.177.10:8081
120.26.177.10:8888

# Reference: https://beta.shodan.io/host/195.123.234.233
# Reference: https://www.virustotal.com/gui/file/ad8b67a5147893cacb0ce97a30441f3661a0303169c0c6e088bcd2085e48766c/detection

http://195.123.234.233
195.123.234.233:22
195.123.234.233:443

# Reference: https://twitter.com/TheDFIRReport/status/1409866745335017474
# Reference: https://beta.shodan.io/host/198.199.68.174

198.199.68.174:443

# Reference: https://beta.shodan.io/host/23.82.19.171
# Reference: https://www.virustotal.com/gui/file/d73a889943d5f39da70414f899e7dd413302831f92d3bc09090e70e8401b1003/detection

http://23.82.19.171
23.82.19.171:22
23.82.19.171:443
23.82.19.171:50050

# Reference: https://www.virustotal.com/gui/file/11c9191d6a0ccbf62413a6f70b39834dbd5fbd697a47a5b22ffa850c0680e7ff/detection

http://144.34.179.150

# Reference: https://www.virustotal.com/gui/file/72ef64670fc263d62bea5a6a4c0d9ab063f96989cef57702326bef1e4c88f665/detection

144.34.179.150:8881

# Reference: https://beta.shodan.io/host/144.34.179.150

144.34.179.150:443

# Reference: https://www.virustotal.com/gui/file/94e87df8e68bf9ae96cacf7c371b227fb46bf6dd46e64337be5e24603b3310b1/detection

8.129.237.254:3333

# Reference: https://www.virustotal.com/gui/file/3bfaac5d6d6643eb1e571ef1585578bb3091558145da877143d56d4656aca0fa/detection

120.132.81.172:7788

# Reference: https://www.virustotal.com/gui/file/e1905cbbb916043e11e1387826a433b684b55f31392719ca191733fff0742b9c/detection

http://42.193.97.228

# Reference: https://www.virustotal.com/gui/file/9a07c3f23227033d2fcdf42e71dbd4036c46367a1dd73e77c32f7de0fdeffbb3/detection

afoot.life

# Reference: https://twitter.com/malwrhunterteam/status/1412126673965924353
# Reference: https://www.virustotal.com/gui/file/bf90718674133664aefc760dc0f2f0875f9a58c56b777e33bffb4927325f9e14/detection

http://222.139.151.114
103.46.128.49:44066
121.5.177.219:3323

# Reference: https://www.virustotal.com/gui/file/cf5bede8a329b26efd8895769cc17f5a0b7257f1dadf15ac180a477ed37621f0/detection
# Reference: https://www.virustotal.com/gui/file/bf871030dc2a78ce5820f8ca53638c5666fb7fdc193bb19cf1bb749a8c4ad79e/detection
# Reference: https://www.virustotal.com/gui/file/23af33a4eda01b525eb502f9188909fd94563a36a82b0af77d651ae0cd603747/detection

cybermatrix.ml

# Reference: https://twitter.com/James_inthe_box/status/1412438469494804482

http://23.227.203.229
http://94.198.40.11

# Reference: https://twitter.com/mojoesec/status/1412457393682792452

amusient.com
arctiusa.com
blindingdomains.com
cdnsurf.com
dynanalytics.biz
endpointapis.com
hoeidia.com
jomihd.com
onembr.com
payufe.com
sammitng.com
traffsyndication.com

# Reference: https://www.virustotal.com/gui/file/32fc03caa22bc3bbf778b04da675e528dd7125a61da6f9fc5e532230745bcd8c/detection

http://31.42.177.52

# Reference: https://www.virustotal.com/gui/file/7a431d59dbc20a75091290b5ba5f15004ee7e96c547dbe7b9212df856cdc3208/detection

http://45.153.241.113

# Reference: https://www.virustotal.com/gui/file/05b98f1a24d398db0035cd7b6cdf972707a8366d40e0fa6f324086b1811b01c2/detection

134.175.4.207:5757

# Reference: https://www.virustotal.com/gui/file/7a431d59dbc20a75091290b5ba5f15004ee7e96c547dbe7b9212df856cdc3208/detection

http://45.153.241.113

# Reference: https://www.virustotal.com/gui/file/4c111903f1fae79fcfc0e0b2ecccc60a49e98dcfe07701a46e5ba203795d532a/detection

154.94.5.103:6789

# Reference: https://www.virustotal.com/gui/file/0fe9424c4edb256ea756d875dee1ee4126177ac4e7d93479fb111062a375be9b/detection

8.129.227.26:8099

# Reference: https://www.virustotal.com/gui/file/ccb19d5812daac623611b2710f0b550c67bd1fce34b97ca4eb3122cc128dfef2/detection

1.15.227.181:1111

# Reference: https://www.virustotal.com/gui/file/6531f5e303901db52c0ace11c0337a3bd2c87401e10d5dc0352e97821915e2ea/detection

1.15.227.181:8887

# Reference: https://www.virustotal.com/gui/file/f3c85e15b6ae616e68fc997c27a77054a58c4994f224e0e8f29dc6d58e858a92/detection

1.15.227.181:9998

# Reference: https://www.virustotal.com/gui/file/fe7772a92c6b86b7e25bfb1b13e6d9bd81d6077628b18229dcff189cbb15949b/detection

140.143.38.81:11111
152.136.197.84:8000

# Reference: https://www.virustotal.com/gui/file/7febc22f3282edc1dd3965750bb76ad42125f8661a422d68acf524ee6ccd3ece/detection

140.143.38.81:8088

# Reference: https://twitter.com/mojoesec/status/1412862325757972485

macrodown.com
securesoftme.com
macrodown.azureedge.net
securesoftme.azureedge.net

# Reference: https://www.virustotal.com/gui/file/b45e6f90cd4b880a9c98eef9affdd03d20e0f31dc69e96aadc0185e94294c3e5/detection

http://202.182.122.25
payl0ad.ga
js.payl0ad.ga
ss.payl0ad.ga

# Reference: https://www.virustotal.com/gui/file/895c3e47bf41c07189e079b9f6136dd49e44eac681e646ab40bca216418420e8/detection

119.23.241.16:4433

# Reference: https://www.virustotal.com/gui/file/6c0aa61917e48d79f14e730e647a58c3bdfe1df5f9f96b3cee044944d247cb47/detection

119.23.241.16:4444

# Reference: https://www.virustotal.com/gui/file/37a57da718e9ebb85cef760269c0e2341b3e1ebe5c7ae441f9f21089f4f461e7/detection

http://119.23.241.16
119.23.241.16:4446

# Reference: https://www.virustotal.com/gui/file/693b90093335d76bdd5c8b43cdb33057f38ab5f8fc6bec6ac5e92f75f5621162/detection

119.23.241.16:1234

# Reference: https://www.virustotal.com/gui/file/4c2e913a1e6e519e3658dc4eef646514555479becb8b5c4782f3d5d620f2cdf6/detection

119.23.241.16:8088

# Reference: https://www.virustotal.com/gui/file/5d265b7ff4463bd2aea58b143a336870eb64cf979f4917d8cb80533a99e48533/detection

121.5.42.134:88

# Reference: https://www.virustotal.com/gui/file/5e22ad50f307eed575d92759980b88538b9a7f3d25a816d4b312ce020f18c7bd/detection

http://160.20.147.36

# Reference: https://twitter.com/malware_traffic/status/1412543313337536513
# Reference: https://www.virustotal.com/gui/file/25e3873adf19d7e8ba42b472322dbafdfc21d55a2119b81ad9728d6e8e2b0e7b/detection
# Reference: https://www.virustotal.com/gui/file/b4b02db600f9d7efc81af1b980b908cbfdd73c7b138e1b39990a8e5a847f1f6f/detection

13.107.253.57:443
ford.azureedge.net

# Reference: https://www.virustotal.com/gui/file/b837a8e7920d9a61af198b5cd146967aeda57942f1b2cfd604620620052e5bcf/detection

p5z2c7j9.hostrycdn.com

# Reference: https://twitter.com/0xrb/status/1412305044540624897

nollipap.tk

# Reference: https://twitter.com/mojoesec/status/1414642918338478082

fivefkl.com
franktomaz.com
minicombosoft.com
syncgoogle.site

# Reference: https://twitter.com/mojoesec/status/1415028215895281670

monthypyton.com

# Reference: https://www.virustotal.com/gui/file/1c89460be0f153e9cf9b2210075f29686d15d1bd168353aed6d0755097e54022/detection

stockstrading-fx.com

# Reference: https://twitter.com/_brettfitz/status/1415295800473800707

googleapi.space
googlet.cf
microgoogle.ml
syncgoogle.site
test.googleapi.space

# Reference: https://twitter.com/mojoesec/status/1415377510553030659

dihata.com
ftp-download.com
hesovaw.com
refebi.com
softzbh.com
standartrocks.com
arkdaily.ftp-download.com

# Reference: https://www.virustotal.com/gui/file/a7f7b13ef8c15d0d24d3a96d9532993f8c1b4aee885af5777997707dac32d926/detection
# Reference: https://www.virustotal.com/gui/file/3aad7996316a52497e45c1bd3b89d0acb58b31859fdecbf97c55a8eadb750ded/detection
# Reference: https://www.virustotal.com/gui/file/c5a8500fff267fabaea50de656720324d8c018f013c2698137741b646489b6dd/detection

cdn.checkavail.space

# Reference: https://www.virustotal.com/gui/file/9699fe3f2ac23366c3201ad98d60f9578c93a86adc8e6a7e9fe0cf5d750eab31/detection

216.250.96.106:801

# Reference: https://www.virustotal.com/gui/file/d28f5d2d36eb7fbf30b94eb57c534976eae7118e1bc665d8832cc7db6d4bb5f4/detection

216.250.96.106:803

# Reference: https://twitter.com/mojoesec/status/1415750953425309698

mantosombra.com
softnewspaper.com

# Reference: https://www.virustotal.com/gui/file/119b8dd7ad42f2b6f98543e44d45dbe351cee50d8bbfa8484e43e6cd0125f534/detection

106.12.126.198:443

# Reference: https://twitter.com/mojoesec/status/1416082679217467394

microgbm.com
softsecur.com
usanewsalabama.com
microsoft.softsecur.com

# Reference: https://twitter.com/malwrhunterteam/status/1416289730556305409

red-glitter-6e59.sdsadsadasdfg.workers.dev

# Reference: https://twitter.com/malware_traffic/status/1416141733356883980

http://108.177.235.117
winrarupdatescr.com

# Reference: https://twitter.com/malware_traffic/status/1415740795622248452
# Reference: https://www.virustotal.com/gui/file/b32eb85e201ed5cb4bdef0f43882da7c32807d9be2dc9412aae0db3162d46fb2/detection

http://82.118.21.221

# Reference: https://www.virustotal.com/gui/file/70ddb939265d3b4a98fb3043b2ca46c9fdd922fe38156438266c18115900023c/detection

47.110.147.243:443

# Reference: https://www.virustotal.com/gui/file/0f71291b1203182613ece093ce48856c4e56adf26b5b3098a666152f838b89a1/detection

3.93.60.143:8081

# Reference: https://www.virustotal.com/gui/file/32908a40317bc953aa838f16771d045f2bc58e283bef37120e91f43407f8df81/detection

172.67.167.30:8080
yiyebf3.xyz
ag.yiyebf3.xyz

# Reference: https://twitter.com/MichalKoczwara/status/1414721305279180800

api.healthychallenges.org
app.healthychallenges.org
rest.healthychallenges.org

# Reference: https://twitter.com/MichalKoczwara/status/1414830037686173699

resources.nyphysicians.org
secure.nyphysicians.org

# Reference: https://www.virustotal.com/gui/file/70f95e1563d9f63dff40122242245c21bb9264ba4b0d8c690c0a979ce7cbc0b7/detection

http://106.14.192.38
106.14.192.38:1111

# Reference: https://twitter.com/TheDFIRReport/status/1415717799876603904

http://156.233.247.113
http://167.71.81.123
http://207.148.64.13
http://39.105.201.9
156.233.247.113:22
156.233.247.113:443
167.71.81.123:443
167.71.81.123:50050
207.148.64.13:22

# Reference: https://www.virustotal.com/gui/file/0f2dd75abc6c2843572394ee8ea5a5ceb76b2f5a453823ef4c5e803444dafb4f/detection

116.62.134.72:10086

# Reference: https://www.virustotal.com/gui/file/447efeea50e94d4a553ebde53f55b312cabe43f9a2733a08e61a58cd1d8b5706/detection

116.62.134.72:10087

# Reference: https://www.virustotal.com/gui/file/a2710f7fefa2aaf7e5c044eb95b697b0df58706eb58e10d58a5489de24726368/detection

116.62.134.72:55555

# Reference: https://www.virustotal.com/gui/file/31d24416acd631ec5ed6368e3716c192356c238b6937782ecd55436b321ddf47/detection

116.62.134.72:60360

# Reference: https://www.virustotal.com/gui/file/26ae6d5090434acfc5d4a6970484a914cd9b4e1980cfa70ba5924e9d115677ca/detection

116.62.134.72:63600

# Reference: https://www.virustotal.com/gui/file/36f5a56474c462896e2681d68cf0b37fa94fe3ec6d318b5829d0ded77e6cd453/detection

207.148.121.188:9736

# Reference: https://www.virustotal.com/gui/file/329dabba84451bffddff03518f9bda0888b0d182340322ca4f72a0df54af2848/detection

http://20.204.144.164

# Reference: https://www.virustotal.com/gui/file/56000c20b11798d4d414fd75443a6379366e0dcf8e9cdaa7c955db1f3d59f5f4/detection

3.129.27.198:809

# Reference: https://www.virustotal.com/gui/file/77e4776f6db16b38b2bd6cd494017379be4cb291caab5300764c9d2857c49108/detection

softres.oss-accelerate.aliyuncs.com
lualibs.oss-cn-hongkong.aliyuncs.com

# Reference: https://twitter.com/0xrb/status/1415988474222501888

http://1.15.88.164
http://106.55.39.22
http://121.40.19.66
http://207.148.121.188
http://3.129.27.198
http://49.232.213.234
http://65.21.108.181
http://81.70.118.105
1.15.88.164:22
1.15.88.164:27017
1.15.88.164:443
1.15.88.164:6379
103.145.61.14:22
103.145.61.14:443
103.145.61.14:50050
106.55.39.22:22
106.55.39.22:443
106.55.39.22:8888
112.74.41.150:111
112.74.41.150:22
112.74.41.150:3790
121.40.19.66:7777
207.148.121.188:22
207.148.121.188:50050
3.129.27.198:111
3.129.27.198:443
3.26.42.27:443
3.26.42.27:8086
3.26.42.27:8090
3.26.42.27:8500
3.26.42.27:8545
3.26.42.27:9102
49.232.213.234:135
49.232.213.234:3306
49.232.213.234:3389
65.21.108.181:22
65.21.108.181:443
65.21.108.181:50050

# Reference: https://www.virustotal.com/gui/file/930c5b1ead01c2c8817583c156930245a03e2f966c4ac3619afe71d4cbc7693a/detection

192.144.225.94:4444

# Reference: https://www.virustotal.com/gui/file/bd8abba00c10111249d3ae94ac3a01b662e1f2e1e1f70411169dfad392e3d6e2/detection

192.144.225.94:4445

# Reference: https://twitter.com/0xrb/status/1411942291271426052

http://1.116.30.69
http://110.42.97.22
http://14.1.98.5
http://146.56.250.76
http://170.130.55.49
http://47.102.216.38
1.116.30.69:22
1.116.30.69:4443
1.116.30.69:50050
1.116.30.69:789
110.42.97.22:32400
110.42.97.22:4567
110.42.97.22:8080
110.42.97.22:8087
110.42.97.22:9295
120.78.197.8:22
120.78.197.8:8443
139.159.155.211:22
139.159.155.211:443
14.1.98.5:1194
14.1.98.5:22
14.1.98.5:5555
14.1.98.5:6666
14.1.98.5:8080
14.1.98.5:8081
146.56.250.76:135
146.56.250.76:3389
146.56.250.76:50050
146.56.250.76:5985
170.130.55.49:22
170.130.55.49:443
170.130.55.49:50050
192.144.225.94:22
192.144.225.94:8099
45.63.53.3:22
45.63.53.3:3389
45.63.53.3:443
47.102.216.38:81
8.129.227.26:10000
8.129.227.26:135
8.129.227.26:139
8.129.227.26:8888
81.71.65.171:8080
82.156.208.207:22
82.156.208.207:50050
82.156.208.207:8080
95.179.176.48:1433
95.179.176.48:21
95.179.176.48:443

# Reference: https://www.virustotal.com/gui/file/dfa07ae33b13b721897ae824ebd6f5aaea9c2d93bfa591deefcd88b98c8cf6b6/detection

101.37.14.144:12345

# Reference: https://www.virustotal.com/gui/file/349255e12a02b55272cdc6159dc2fd22111869023adaaa7f7e059f079dd24960/detection

101.37.14.144:8765

# Reference: https://www.virustotal.com/gui/file/78fe98f9124d5bcf534e4ad2a41134c496e4db28e7a36837d6cf40d5dc89cc21/detection

http://103.86.44.196

# Reference: https://www.virustotal.com/gui/file/2150a6cacc6a3af0a71dfb13ff141ced0462294f6d5b9a5ef8afcdae8a8d3244/detection

sblog.cc

# Reference: https://www.virustotal.com/gui/file/119272403af54cbbb36ecea13d96d0f006fd987fa443935806dcd4f199e0a758/detection

121.196.106.136:44444

# Reference: https://www.virustotal.com/gui/file/33ff9e825c53be48ac5f329952725e9e37f1e8196524e492f79b33b91564726a/detection

http://121.196.106.136

# Reference: https://www.virustotal.com/gui/file/3648144b59636c86e8af075c5383e14cd38c394939cbdc59ce167691ead2b2d1/detection

121.196.106.136:55555
172.245.158.107:55555

# Reference: https://www.virustotal.com/gui/file/babcbdee7449fa3313e46351b181818fd828f19717595c7b27b53aea380f0e32/detection

http://121.199.0.233

# Reference: https://www.virustotal.com/gui/file/3e554fd51f70637a28876e06c7fb23f76f7cd30ee01a3666eab8d86a76b38712/detection

149.28.248.129:8443

# Reference: https://www.virustotal.com/gui/file/5b3aa3d5b3f348f5902eb667c759b0323828725eacdff9b4ffc979fba4bf3286/detection

18.183.54.253:4445

# Reference: https://www.virustotal.com/gui/file/cb6314a15f21d2de2155f9d1563970b7de43373d5fd362de66a56430f56f9f45/detection

43.226.74.228:8021

# Reference: https://twitter.com/0xrb/status/1412305044540624897

http://121.196.106.136
http://172.245.158.107
http://42.193.186.7
http://43.228.126.114
101.37.14.144:8088
101.37.14.144:8090
101.37.14.144:8888
103.86.44.196:50050
121.196.106.136:60001
149.28.248.129:22
149.28.248.129:443
149.28.248.129:53
172.245.158.107:3000
172.245.158.107:8080
18.183.54.253:22
42.193.186.7:22
42.193.186.7:8001
42.193.186.7:8099
42.193.186.7:8888
43.226.74.228:3389
43.226.74.228:5985
43.226.74.228:9000

# Reference: https://www.virustotal.com/gui/file/b07d4de04680da73dee74bead1b4bc443064ec65595c6654da95d1f70e938563/detection

1.15.74.43:8888

# Reference: https://www.virustotal.com/gui/file/3d0f7153745c4fd3ebfdd64df455541d6b4d9bc9e0652a3cee946167e1e45cac/detection

http://101.132.106.20

# Reference: https://www.virustotal.com/gui/file/a45286c3b342d8add28bf5ca8176e8314e69e541dad3f8729d82eb1af6191ec1/detection

http://167.179.92.252

# Reference: https://www.virustotal.com/gui/file/32fc03caa22bc3bbf778b04da675e528dd7125a61da6f9fc5e532230745bcd8c/detection

http://31.42.177.52

# Reference: https://www.virustotal.com/gui/file/e94fba18ccf5d09fcc416cae333413384f0c42bd18cd852cd239d0a0b31f71d9/detection

http://39.106.73.11
39.106.73.11:443

# Reference: https://www.virustotal.com/gui/file/2131112faad4146679c3dae6a54ab249d3669477f237862db8325ad880bb8fd5/detection

42.225.190.37:6666

# Reference: https://www.virustotal.com/gui/file/d56824b6c3fe6ee0281640167712fe4fabba0c23d5965da6df15b040cb870ebc/detection

http://64.64.236.97

# Reference: https://www.virustotal.com/gui/file/d86bd1e87d956b91e64d3db1223f25cb630e46bab4790a17483e414fd203b535/detection

http://86.145.54.56

# Reference: https://www.virustotal.com/gui/file/b012145b80d5176d73ed67924be9b1290d7920f05bf436f37deca4799b6d88b6/detection

http://94.198.40.11

# Reference: https://twitter.com/0xrb/status/1413001545935777792

http://1.15.74.43
1.15.74.43:22
101.133.234.20:8001
103.234.72.40:22
103.234.72.40:8001
167.179.92.252:22
167.179.92.252:50050
39.106.73.11:111
39.106.73.11:88
42.193.171.113:22
42.193.171.113:4369
86.145.54.56:8085
94.198.40.11:50050

# Reference: https://www.virustotal.com/gui/file/b0722783f26aec39d8a299204ffc17b68ce67a8f5ee0e81ad1543fca010d843e/detection

117.80.227.208:8888

# Reference: https://www.virustotal.com/gui/file/acc48f582cd95153a511589f146ee3474725f5417d9f5553bcd40ed86d142956/detection

117.80.227.208:9993

# Reference: https://www.virustotal.com/gui/file/c1ee2d7d7ff60cea7e649fca6d030636806bb7c2d2cf9e0639c3ebbf7c44d2fe/detection

124.71.183.45:5858

# Reference: https://www.virustotal.com/gui/file/7914cda83154f3182af8aaf1bdc4299043f6771fd0bb6f7e254dcaefc2744667/detection

144.34.192.154:5050

# Reference: https://www.virustotal.com/gui/file/b619392c7772499bd83fa233a53c4e906ae0341d3438a3835d6b738defd1e2eb/detection

http://159.138.5.194

# Reference: https://www.virustotal.com/gui/file/b2a64d1e8433dfdbd937c9b71862beb3160ffd482456cf4576e3f3ad0f930a7f/detection

http://193.239.84.213

# Reference: https://www.virustotal.com/gui/file/478f25cb93e0aaaadddae1c39452805f09b8bd9a25ba236624b5914f68050973/detection

42.63.69.156:9001

# Reference: https://twitter.com/0xrb/status/1413412809644208134

http://149.28.145.8
http://91.192.102.203
117.80.227.208:111
117.80.227.208:22
117.80.227.208:8888
146.56.231.31:135
149.28.145.8:135
149.28.145.8:3389
149.28.145.8:5985
159.138.5.194:22
159.138.5.194:3306
159.138.5.194:443
159.138.5.194:8000
42.63.69.156:3389
82.156.89.107:22
82.156.89.107:3790
82.156.89.107:8000
91.192.102.203:22
91.192.102.203:443

# Reference: https://www.virustotal.com/gui/file/b99b9ac836961b856168e21ea8344391ccd2c472d764ae1b46367023263ecee7/detection

http://1.14.146.79

# Reference: https://www.virustotal.com/gui/file/75e03f40a088903579a436c0d8e8bc3d0d71cf2942ad793cc948f36866a2e1ad/detection

103.158.190.58:443

# Reference: https://www.virustotal.com/gui/file/e7d6f382c2121e20328e46fa764c1c39d1c506e08e04bc0ee0a5c9ec687e8375/detection

103.45.140.2:8001

# Reference: https://www.virustotal.com/gui/file/ee0179cc13dd9d682a572d2ac14a1d95b16ab727168aeffac7b133450f91411b/detection

http://124.70.101.248
124.70.101.248:1008

# Reference: https://www.virustotal.com/gui/file/10b0c4ac7750e5aa9331a1e947f1190d950b1629a69634edf5df227efa01b583/detection

http://140.83.59.242

# Reference: https://www.virustotal.com/gui/file/33e386024f76615749e8cfe12f7a042cb91632c03a4b05579c6857d61032e4c7/detection

54.249.104.154:443
inn0iux.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc45bf46a8ab03ebc09024024757d0848a7e0eee70e17a0ddec8ad0f0c732222/detection

http://185.156.172.76

# Reference: https://www.virustotal.com/gui/file/e9e75997b6c9e3994e7ae02845eb9573b18bb352b6289db5fdaffba49e50ce0b/detection

45.125.59.125:9898

# Reference: https://twitter.com/0xrb/status/1414896044672880648

http://106.52.196.175
http://121.37.21.254
http://124.70.101.248
1.14.146.79:111
1.14.146.79:22
103.158.190.58:22
103.158.190.58:9000
103.45.140.2:22
106.52.196.175:6667
106.52.196.175:6668
106.52.196.175:8888
121.37.21.254:22
121.37.21.254:888
121.37.21.254:8888
185.156.172.76:22
185.156.172.76:50050
45.125.59.125:22

# Reference: https://www.virustotal.com/gui/file/45e3a202af2d163029b181d500d9a50474ef14af11d58fefc890757c51e0db0c/detection

114.96.83.208:6666

# Reference: https://www.virustotal.com/gui/file/261cd0f52b9e84db3f296e7adedca5297a019c34880640e10f11049455c801e0/detection

185.153.196.122:31337

# Reference: https://www.virustotal.com/gui/file/53885245c7a52dd7fdb99ddf8534553e6d3d964a3da66c5dac7e7bd6ed3725ef/detection

http://185.70.184.81

# Reference: https://www.virustotal.com/gui/file/57ad5bd28b9c200ef9a5965e894a1017b1c069c5ff2582afb2561ad49e5ed4c9/detection

185.70.184.81:541

# Reference: https://www.virustotal.com/gui/file/c4581a10061edcda9932f4ef49f7a3e430d3dcb2da1a62588ba08089fd27e8c4/detection

204.44.88.205:7777

# Reference: https://www.virustotal.com/gui/file/9e08f034f66bf274bc7bc0e5beca3a22278d0d7e64585e6634e3a895a3e7e340/detection

27.54.253.33:8888

# Reference: https://www.virustotal.com/gui/file/eea1a2ea1ad7fd5e28f9777bae5abd65f35670d9031c93fdbe12855ad7cd5f02/detection

39.108.151.117:17077

# Reference: https://twitter.com/0xrb/status/1415184551962308608

http://115.71.237.123
http://185.153.196.122
http://204.44.88.205
http://39.108.151.117
115.71.237.123:21
115.71.237.123:22
115.71.237.123:3000
115.71.237.123:3306
115.71.237.123:50050
115.71.237.123:9999
160.116.52.139:135
160.116.52.139:3389
160.116.52.139:443
160.116.52.139:5801
185.153.196.122:3389
185.153.196.122:50050
185.64.105.28:22
185.64.105.28:443
185.64.105.28:50050
185.64.105.28:8080
185.70.184.81:135
185.70.184.81:3306
185.70.184.81:3306
185.70.184.81:33060
185.70.184.81:445
204.44.88.205:22
204.44.88.205:50050
204.44.88.205:7777
204.44.88.205:8080
204.44.88.205:81
27.54.253.33:22
27.54.253.33:5985
27.54.253.33:7443
27.54.253.33:7777
39.108.151.117:21
39.108.151.117:22
39.108.151.117:3306
39.108.151.117:50050
39.108.151.117:9000
39.108.151.117:9999

# Reference: https://www.virustotal.com/gui/file/a0fc8cae1605a9f21b56bf3613627787459bfacaa7134509c2e8aba3c18753c7/detection

http://146.0.77.110

# Reference: https://www.virustotal.com/gui/file/6e4b4e528de099d1bcb2b30a1e69cc4a145d8fd98f58d35f560c027943094914/detection

103.234.72.237:10920

# Reference: https://www.virustotal.com/gui/file/1f5ce0fb063c6cdc6e4f266b7aded6bba92a3e79e6bb99e410d13cbbee03695c/detection

103.72.4.166:8443

# Reference: https://www.virustotal.com/gui/file/e7f88937a8daeb4045e607f3a996b93251cfbf8ef52f2464916be15f1a013a95/detection

http://103.72.4.67

# Reference: https://www.virustotal.com/gui/file/984265f2a1df743a585b3ed1aa138080dbc0e27c66d2472d10a66c916739556c/detection

http://61.135.169.121
date-flash.com

# Reference: https://www.virustotal.com/gui/file/84fbc221952208e91648f68dd4003552370ab2dd8d89c0f3b1a95a5442577c47/detection
# Reference: https://www.virustotal.com/gui/file/4726664a1167df53e184eaf298ce91c539a5c0ad60297706caf8eee472d26455/detection

158.247.218.177:443

# Reference: https://www.virustotal.com/gui/file/a2d8a8eb853b484e5cb7a4ce1ae5876ada7acce29ceee86e4d39fcd3d206c081/detection

http://5.39.222.84

# Reference: https://www.virustotal.com/gui/file/f876cb174979bced83e8034feb4569b447d7322f63cbdf9e60a3fdbdfa073ad5/detection

http://5.39.222.87

# Reference: https://beta.shodan.io/host/123.125.46.41

http://123.125.46.41
123.125.46.41:443
123.125.46.41:444
123.125.46.41:8080
123.125.46.41:8443

# Reference: https://beta.shodan.io/host/180.101.217.175

http://180.101.217.175
180.101.217.175:443
180.101.217.175:444
180.101.217.175:8080

# Reference: https://beta.shodan.io/host/27.221.28.182

http://27.221.28.182
27.221.28.182:443
27.221.28.182:444
27.221.28.182:8080
27.221.28.182:8443

# Reference: https://www.virustotal.com/gui/file/0cc7d4ede78c40918f18f2a409fab83fbce74afe666a558c1e18109204df0a0c/detection
# Reference: https://www.virustotal.com/gui/file/0cc7d4ede78c40918f18f2a409fab83fbce74afe666a558c1e18109204df0a0c/detection
# Reference: https://www.virustotal.com/gui/file/38a742f6661cc9da9adee9dd3f5cb2ab0ea850a2775de711daf70a36044c0eef/detection

cdnforest.com

# Reference: https://www.virustotal.com/gui/file/6fc307063c376b8be2d3a9545959e068884d9cf7f819b176adf676fc4addef7d/detection

211.152.148.29:443
211.152.148.43:443
211.152.148.87:443

# Reference: https://www.virustotal.com/gui/file/5cc8abd9f2bca50981b59fedc942198f5ce0b32412f99c760c50b6eccc61ef9d/detection

211.152.136.71:443

# Reference: https://twitter.com/mojoesec/status/1417197703147184130

fondfbr.com
hufamal.com

# Reference: https://www.virustotal.com/gui/file/d831b55602ff45a1fc057f9acb3368456a5c5143d5152d1026a4bc03ce6459b8/detection

47.107.236.124:7999

# Reference: https://www.virustotal.com/gui/file/cbe13ca0df610eee3131fa4d4621d84e808aedf27dc835406f69217b5fdf4324/detection

47.107.236.124:8088

# Reference: https://www.virustotal.com/gui/file/265b1ba0b8aec105846f3fb9a63b0fc7bbd68983d7fdc7c466717ad0d70cc72e/detection

47.107.236.124:9999

# Reference: https://www.virustotal.com/gui/file/985889e7a89e177df688e7d2fec36a851e2137729e2870bb8d0b2fb147dc02a2/detection
# Reference: https://www.virustotal.com/gui/file/c9fb3af92ddba059cb78d6104a5708e64cb13ef688850ad72a1c6eec83b98c37/detection

charity-wallet.com

# Reference: https://twitter.com/0xrb/status/1417436960780525568

firstcloud.top
kiligvps.tk
updatecore.net
vpnbank.net
dev.updatecore.net
cs1.firstcloud.top
cs2.firstcloud.top
cs3.firstcloud.top

# Reference: https://twitter.com/0xrb/status/1417436960780525568
# Reference: https://beta.shodan.io/host/103.85.21.209
# Reference: https://www.virustotal.com/gui/file/413c487fed5af9b607bcb4260a4afd5183b1fe249c99fe81297aa77e6497aece/detection

http://103.85.21.209
103.85.21.209:21
103.85.21.20:22
103.85.21.209:3306
103.85.21.209:443
103.85.21.209:50050
103.85.21.209:81
103.85.21.209:8888

# Reference: https://twitter.com/0xrb/status/1417436960780525568

http://139.162.120.1

# Reference: https://twitter.com/0xrb/status/1417436960780525568
# Reference: https://beta.shodan.io/host/39.106.184.135

39.106.184.135:7777
39.106.184.135:8080

# Reference: https://twitter.com/0xrb/status/1417436960780525568
# Reference: https://beta.shodan.io/host/39.107.202.244

http://39.107.202.244

# Reference: https://twitter.com/0xrb/status/1417436960780525568
# Reference: https://beta.shodan.io/host/47.106.155.220
# Reference: https://www.virustotal.com/gui/file/218da3cf6c15f2dc72905d489ae3f7ecb59ddea8139a0e64e2b2a4edda00b003/detection

http://47.106.155.220
47.106.155.220:22
47.106.155.220:5003
47.106.155.220:50050
47.106.155.220:8888

# Reference: https://twitter.com/0xrb/status/1417436960780525568
# Reference: https://beta.shodan.io/host/47.52.136.23

http://47.52.136.23
47.52.136.23:8888

# Reference: https://twitter.com/TheDFIRReport/status/1417461791144120320

gojihu.com
nemupim.com
rasokuc.com
sexefo.com
sulezo.com
yuxicu.com

# Reference: https://twitter.com/TheDFIRReport/status/1417469349170868226

barovur.com
buloxo.com
keholus.com
lozobo.com
yawero.com

# Reference: https://twitter.com/bryceabdo/status/1418203109071986690
# Reference: https://www.virustotal.com/gui/file/ffd12aa5caf3a93da105c9c274fad68377ab2ef954fa8708637f03ff18b5b992/detection

flachu.com

# Reference: https://twitter.com/malwrhunterteam/status/1418171716778475521
# Reference: https://twitter.com/malwrhunterteam/status/1418209660083965959
# Reference: https://www.virustotal.com/gui/file/87766b03bd60f023941fc02d8dc5c292136bc5e6e0805cac765929f45e61b90d/detection

http://46.161.27.19
46.161.27.19:757
juniper-firmware.com

# Reference: https://twitter.com/h2jazi/status/1418641112714072065
# Reference: https://www.virustotal.com/gui/ip-address/103.15.28.217/relations
# Reference: https://www.virustotal.com/gui/file/dfa76155bccde55b034ea31ba4d58a6890cc28f5dd2818fb09a51494c0d208ac/detection

103.15.28.217:8080
bitupfx.com

# Reference: https://twitter.com/h2jazi/status/1418645159412224004
# Reference: https://www.virustotal.com/gui/file/dfa76155bccde55b034ea31ba4d58a6890cc28f5dd2818fb09a51494c0d208ac/detection

beijing.didiyuncdn.com

# Reference: https://www.virustotal.com/gui/file/f3317f06dbfd9898cfb83377325f7e03dbdb9702ee1020aef3e2f1427a93ce8a/detection

http://137.220.60.57

# Reference: https://www.virustotal.com/gui/file/08d67e0db4a154d76ead862c6781ad3f1d8b3bbeccb33b4f182697a2b2626ee6/detection

137.220.60.57:443

# Reference: https://twitter.com/mojoesec/status/1418625292105654275

boku.network
govtjobsnic.net
jegufe.com
pesrado.com
stg.pesrado.com

# Reference: https://twitter.com/_brettfitz/status/1418577145144692741

gellpac.com
windows-microsoft-en.com
wolfe22.com
ads.gellpac.com
download.windows-microsoft-en.com

# Reference: https://www.virustotal.com/gui/file/6abceca930337b4266362c262d5ed0e7a232cdf5e06ab6618f2086d946d394fd/detection

akamadataconnectionresponsecdns.com

# Reference: https://beta.shodan.io/host/155.94.228.65
# Reference: https://www.virustotal.com/gui/file/503a1ca5dafeebff737dfa982bc7eb0aa6c809720d466a071b1abcd54ace2ef1/detection

155.94.228.65:21
155.94.228.65:22
155.94.228.65:3306
155.94.228.65:8081
155.94.228.65:88

# Reference: https://twitter.com/mojoesec/status/1418265696547508225

kaslose.com
perk-plan.com
sharpfoz.com

# Reference: https://twitter.com/kyleehmke/status/1409061856199819264
# Reference: https://twitter.com/Nzc2ZjZjNjY/status/1417540599868280838

buttonrich.com
clampuncture.com
forgetfulbig.com
keyframesspinner.com
normallibraryart.com
pullscrewyell.com
upsetearthabrupt.com
vegetablered.com
wittymarble.com

# Reference: https://twitter.com/VK_Intel/status/1417628084623319041

hrmagazine.uk
a2.hrmagazine.uk

# Reference: https://twitter.com/mojoesec/status/1417574273988931585

banksgmb.com
postformt.com
securitymozes.com
soft.azureedge.net

# Reference: https://twitter.com/pmelson/status/1290030989679329280

challparty.com

# Reference: https://twitter.com/1LupeLaaw/status/1290038590521581568

ideanotsure.com
trashborting.com

# Reference: https://www.virustotal.com/gui/file/66298bc8615386514af8ffb7ba6096e516b130adf386327f0825f3b1854b80b5/detection

82.156.32.161:10011

# Reference: https://www.virustotal.com/gui/file/fad4aa474affa78e820e731061ed7614feba095422465f0ca4c05a1f3506beb8/detection

sharkfishinguk.com

# Reference: https://ioc.finsin.cl/Output_FINSIN_URL

106.117.252.172:443
110.188.68.242:443
111.170.8.210:443
111.19.244.43:443
111.62.79.149:443
112.19.197.211:443
113.137.62.36:443
116.177.248.23:443
116.177.250.231:443
117.12.41.16:443
121.29.54.59:443
122.246.6.14:443
139.99.167.177:443
163.171.210.190:443
171.8.242.149:443
221.230.142.27:443
27.221.119.231:443
27.221.30.57:443
43.243.235.149:443
60.31.184.208:443
grayballon.com
cdn.giftbox4u.com
dns.giftbox4u.com
store.giftbox4u.com

# Reference: https://www.virustotal.com/gui/file/09d802699908ee59db4725eff8e9612db3e368987a1007d547df23cb4c9f378f/detection

http://188.34.142.201

# Reference: https://www.virustotal.com/gui/file/12b55cbf272b7f5ecbc33e8a97f46b801e4f6da4b76831b1b33e604e5ddf4366/detection

188.34.142.201:443

# Reference: https://beta.shodan.io/host/188.34.142.201

188.34.142.201:111
188.34.142.201:22
188.34.142.201:3389
188.34.142.201:50050

# Reference: https://www.virustotal.com/gui/file/a9243541a8022c3764d01ecbbbb854e25a793e528f89dd776e8c4f7a007786d0/detection

scripts.general-aerospace.de

# Reference: https://www.virustotal.com/gui/file/ea3dcb24ae132149252ad1aba54c92317be45c3791f14007e94c1a7c509b3965/detection

http://81.69.42.250

# Reference: https://www.virustotal.com/gui/file/a5760abf7df5d721a88e931e16efff308302ac9cc325543ff8945ebef245e4a5/detection

81.69.42.250:6000

# Reference: https://www.virustotal.com/gui/file/ea3d8edcc45e4baf2218717f08b0371d53510e2d8df46e054965b0c4a5c2f02c/detection

81.69.42.250:4444

# Reference: https://ioc.finsin.cl/Output_FINSIN_URL

81.69.42.250:4446

# Reference: https://beta.shodan.io/host/81.69.42.250

81.69.42.250:22
81.69.42.250:50050
81.69.42.250:6666
81.69.42.250:6667

# Reference: https://ioc.finsin.cl/Output_FINSIN_URL
# Reference: https://beta.shodan.io/host/178.62.115.135
# Reference: https://beta.shodan.io/host/188.34.142.201
# Reference: https://beta.shodan.io/host/45.61.138.145

http://178.62.115.135
http://188.34.142.201
http://45.61.138.145
178.62.115.135:22
178.62.115.135:50050
188.34.142.201:111
188.34.142.201:22
188.34.142.201:3389
188.34.142.201:443
188.34.142.201:50050
45.61.138.145:22

# Reference: https://www.virustotal.com/gui/file/481e9d59d029095c851ede4f139336a70b5b57f8e7b323a5b7c3609021cd54c2/detection

182.140.143.251:443
219.147.82.254:443
221.229.203.230:443
223.111.255.252:443
/html5shiv-21fc8c2ba8.js
/web/v3/static/js/html5shiv-21fc8c2ba8.js

# Reference: https://www.virustotal.com/gui/file/824b75c1d4051c7d8c8c627e588b91b0e684a303769f59e80278f308ee699c55/detection
# Reference: https://www.virustotal.com/gui/file/9a01c7df724acd0c5d81cace98a844e0348f9a990a4f2b39bcf2e304bf51e2ad/detection
# Reference: https://www.virustotal.com/gui/file/860bf7e12df3e9e246afac4b84b743d09e5bd940ffb71c8b06c6d99487fe2d85/detection

openmsdn.xyz

# Reference: https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/
# Reference: https://beta.shodan.io/host/162.244.81.62

http://162.244.81.62
162.244.81.62:22
162.244.81.62:443

# Reference: https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/
# Reference: https://beta.shodan.io/host/88.80.147.101

http://88.80.147.101
88.80.147.101:22
88.80.147.101:443

# Reference: https://twitter.com/MichalKoczwara/status/1419607960498618368
# Reference: https://www.virustotal.com/gui/file/0b9cc8959501885c42d0d19d57ac3ce3abbfe42745283cfcedb57bc9fc57e932/detection

167.99.117.21:8080
ebcswg.bmogc.net

# Reference: https://www.virustotal.com/gui/file/5dff57c390cb00a579eba8bba0295e1eab295a43c6a279f8a3bf469f794bf16d/detection

167.99.117.21:443

# Reference: https://beta.shodan.io/host/27.124.34.236
# Reference: https://www.virustotal.com/gui/file/1c885a8093d7586c630534d2a5e1ce885a905b87d74d2e2176ebf71c11211b55/detection

http://27.124.34.236
27.124.34.236:3389
27.124.34.236:9080

# Reference: https://twitter.com/TheDFIRReport/status/1419658773338148867
# Reference: https://www.virustotal.com/gui/file/8429bc94c791d63c46f1469697eea413259a68c2afb1b252cb026d8e65d79f05/detection

eyetomsky.com
test-google.host
xiaosima.ml
cs1.xiaosima.ml
cs2.xiaosima.ml
login.eyetomsky.com

# Reference: https://beta.shodan.io/host/117.50.82.150
# Reference: https://www.virustotal.com/gui/file/52e9360b9c54f8baa42c80d6b76638607792061e4056880c8a958f7116c06bf5/detection

http://117.50.82.150
117.50.82.150:8090
117.50.82.150:8443

# Reference: https://twitter.com/0xrb/status/1419560842991861762
# Reference: https://beta.shodan.io/host/120.79.151.148

http://120.79.151.148
120.79.151.148:50050
120.79.151.148:8888

# Reference: https://twitter.com/0xrb/status/1419560842991861762
# Reference: https://beta.shodan.io/host/121.5.159.31

http://121.5.159.31
121.5.159.31:111
121.5.159.31:22
121.5.159.31:5901

# Reference: https://twitter.com/0xrb/status/1419560842991861762
# Reference: https://beta.shodan.io/host/185.14.31.39

185.14.31.39:22

# Reference: https://twitter.com/0xrb/status/1419560842991861762
# Reference: https://beta.shodan.io/host/194.156.98.246

http://194.156.98.246
194.156.98.246:22
194.156.98.246:3306

# Reference: https://beta.shodan.io/host/212.129.244.167
# Reference: https://www.virustotal.com/gui/file/b7671199d5ea93d0fe9e4e7e142c7ec58cddbbfcb10b0ec3ba3ddb6aafd83952/detection

http://212.129.244.167
212.129.244.167:135
212.129.244.167:22
212.129.244.167:3389
212.129.244.167:5000
212.129.244.167:5985
212.129.244.167:8443

# Reference:https://twitter.com/0xrb/status/1419560842991861762
# Reference: https://beta.shodan.io/host/40.78.28.162

40.78.28.162:8080

# Reference:https://twitter.com/0xrb/status/1419560842991861762
# Reference: https://beta.shodan.io/host/45.156.27.35

http://45.156.27.35
45.156.27.35:22

# Reference: https://beta.shodan.io/host/49.235.82.211
# Reference: https://www.virustotal.com/gui/file/9643ba3e6c632e33b37fb73b970eaa54e3e8b7618469745306cf9dfda236575a/detection
# Reference: https://www.virustotal.com/gui/file/04009e78197f4f7fc15cc2e1c2fb42d12c76e34905f650c4e4876c213cd53f51/detection

http://49.235.82.211
49.235.82.211:21
49.235.82.211:22
49.235.82.211:27017
49.235.82.211:5003
49.235.82.211:7777
49.235.82.211:88
49.235.82.211:8888

# Reference: https://beta.shodan.io/host/64.225.25.110
# Reference: https://www.virustotal.com/gui/file/57bb710ab230ff84a197629c782755ddb8d8c315f917f5dc32b7b307d9d9446b/detection

http://64.225.25.110
64.225.25.110:50050

# Reference: https://twitter.com/mojoesec/status/1419746895707185153

anch0r.xyz
jean911nie.com
phreeesia.com
rolemd.com
lala.anch0r.xyz
update.jean911nie.com

# Reference: https://twitter.com/TheDFIRReport/status/1420003537119977478

sentinel.azureedge.net
soft.azureedge.net
tmestoragetest.azureedge.net

# Reference: https://twitter.com/TheDFIRReport/status/1420021160364822528

signalr-azure.net
api.signalr-azure.net
assist.azureedge.net
intune.azureedge.net

# Reference: https://www.virustotal.com/gui/file/c45e91937f36e717646e49e62373b84c39dd19d7f71523022f4dc35be5a105de/detection

8.136.4.131:6666

# Reference: https://beta.shodan.io/host/8.136.4.131

http://8.136.4.131
8.136.4.131:1234
8.136.4.131:443
8.136.4.131:888

# Reference: https://www.virustotal.com/gui/file/284b3dde6049c0d9be0c3cd55b0e5c286796d937e4964347e3d3fb8fda495cfc/detection

101.37.15.184:8888

# Reference: https://beta.shodan.io/host/101.37.15.184

http://101.37.15.184

# Reference: https://twitter.com/ViriBack/status/1420174111859425283
# Reference: https://twitter.com/ViriBack/status/1420192269420924931
# Reference: https://twitter.com/ely_sec/status/1420318490750328841

creephealth.com
findoutcredit.com
flightmongers.com
yeeterracing.com

# Reference: https://twitter.com/mojoesec/status/1420463077565292550

besthealthforme.com
fastly-cdn.xyz
korils.com
shanroban.com
static.fastly-cdn.xyz

# Reference: https://www.virustotal.com/gui/file/70e7dbc4e80d5d817f89c06d5ca7bafdb3226ae3c559d86cc5857421eca27af7/detection

1.116.163.166:30000

# Reference: https://beta.shodan.io/host/1.116.163.166

1.116.163.166:10000
1.116.163.166:20000
1.116.163.166:22
1.116.163.166:443
1.116.163.166:79

# Reference: https://www.virustotal.com/gui/file/6bbabed7b0f11e304b0cb97013c9095d51fa330aee3a966b5626088e92a0dfeb/detection

47.100.48.157:8787

# Reference: https://beta.shodan.io/host/47.100.48.157

47.100.48.157:10000
47.100.48.157:22
47.100.48.157:666

# Reference: https://twitter.com/JAMESWT_MHT/status/1420650747415367685
# Reference: https://www.virustotal.com/gui/file/216c8471db4ab3a785f395c8c059d767798a6ffd5fbbf6e72f745ea506bd1cd9/detection
# Reference: https://www.virustotal.com/gui/file/a3499e847373725d2924a5914b9ac861fda3c53b31ca5cfcaa02b9363f205774/detection

104.131.67.123:8080
185.123.53.33:443
185.123.53.33:445
inmhpproxy.glenmark.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1420652819225489409
# Reference: https://www.virustotal.com/gui/file/954944ef6cdd1474ed35f27b790a7914156672cc7a1afbcc3214ccc1855ff12e/detection
# Reference: https://www.virustotal.com/gui/file/42104ac31fe7ae7328c209007ea71dc3effb183c736a9bddcf86f690fe96df9a/detection

assets.switzer.com.au.global.prod.fastly.net
australianmissilescorporation.com.global.prod.fastly.net

# Reference: https://twitter.com/MichalKoczwara/status/1420358877036650500

sharepointplatform.com
secure.sharepointplatform.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1420689398908260354

mitsubon.com
refebi.com

# Reference: https://twitter.com/TheDFIRReport/status/1420715741104406536

alibaba-cn.ga
alizonvps.cf
freelinuxupdate.tk
hackercomein.tk
imqc.tk
ooops.tk
tencentcloudapi.tk
upwindows.tk
oa.freelinuxupdate.tk
sts.tencentcloudapi.tk
taobao.alibaba-cn.ga

# Reference: https://www.virustotal.com/gui/file/6cef9f6081ace2197aa3c9b037d4e09432a113ef5405c2d6e271030d657d4f48/detection

microsofte.gq
test.microsofte.gq

# Reference: https://www.virustotal.com/gui/file/6717cdf24ae605851e262f0bb04f177ffd8956108cb9060e71c12e6861aa7e5e/detection

106.110.28.138:56341

# Reference: https://twitter.com/mojoesec/status/1420827103554162690
# Reference: https://twitter.com/mojoesec/status/1420829042941612041

bank-banks.com
sg1cloud.com
trialgmail.space
zedoxuf.com
cc.sf.sg1cloud.com
cdn.us-west-4.sfo.prod.global.prod.fastly.net

# Reference: https://twitter.com/TheDFIRReport/status/1420761036911792129

thgilnoisullisid.xyz
wangzha156.xyz
yiyebf3.xyz
go.yiyebf3.xyz
onlinestudy.thgilnoisullisid.xyz

# Reference: https://www.virustotal.com/gui/file/bab8196c3630b25a0dc1c21303881e0dc4d1f560655b7f86e6986c9eb84ae946/detection
# Reference: https://www.virustotal.com/gui/file/087153ed5bb9bb9807e37a8fd745a16a634497a842896f232ab4cfb54197ba00/detection

http://162.244.80.46
loikdo.com

# Reference: https://beta.shodan.io/host/162.244.80.46

162.244.80.46:22
162.244.80.46:443
162.244.80.46:50050

# Reference: https://www.virustotal.com/gui/file/3a3cd913b1916e4a4e1efea0f11ef31a865931137db8c518e1e293efffbb8497/detection

47.106.217.103:30001

# Reference: https://beta.shodan.io/host/47.106.217.103

47.106.217.103:443
47.106.217.103:8081

# Reference: https://www.virustotal.com/gui/file/4d08efe117387b43f8a008d9a0a4c7a78ebdaa08e010251bd089751ed27d26bc/detection
# Reference: https://www.virustotal.com/gui/file/e560368fb054de8fb27d921d212bd4199b729487a1e2d17c95bc5b357331d14b/detection

43.129.214.143:40010

# Reference: https://beta.shodan.io/host/43.129.214.143

http://43.129.214.143
43.129.214.143:22
43.129.214.143:3306
43.129.214.143:8888

# Reference: https://www.virustotal.com/gui/file/23146fc4ed161924dba04b337fa95780ca811df30cd655f5bd17e36660db4942/detection

218.244.154.94:1234
97.64.45.40:1234

# Reference: https://www.virustotal.com/gui/file/fe98c84e397515f84672acdae1147eef8adb1c11ffae1e438deadaff16fd9a2f/detection

1.14.165.19:8080

# Reference: https://beta.shodan.io/host/1.14.165.19

http://1.14.165.19
1.14.165.19:22
1.14.165.19:3389
1.14.165.19:5985

# Reference: https://www.virustotal.com/gui/file/5f74bedba6861d2dce4f9bcb9cee42844433b4fd4c78e7d4234d2868b9e7de57/detection

47.117.141.252:6845

# Reference: https://www.virustotal.com/gui/file/8eae299abd34b9b427938eeebaa78b3ece4aa9e6aeb65aa3028a16dbb4b3a4af/detection

47.117.141.252:8080

# Reference: https://beta.shodan.io/host/47.117.141.252

http://47.117.141.252
47.117.141.252:12345
47.117.141.252:22
47.117.141.252:4433

# Reference: https://www.virustotal.com/gui/file/fc24ed14658b4954b28b1805689abb11c97ff5eed009a3a4f7d193dc4f511dda/detection

106.15.92.47:8876

# Reference: https://beta.shodan.io/host/106.15.92.47

http://106.15.92.47
106.15.92.47:22
106.15.92.47:50050

# Reference: https://www.virustotal.com/gui/file/bab8196c3630b25a0dc1c21303881e0dc4d1f560655b7f86e6986c9eb84ae946/detection

loikdo.com

# Reference: https://www.virustotal.com/gui/file/415632bf75a3ddd476a9eca445870ccd62e660c34c4a11a229f37bce5d0377c2/detection

101.200.171.69:443

# Reference: https://www.virustotal.com/gui/file/64cccccbc45c52be8a7de6551a93d55ebac8d01e2057a29316b650d615163e09/detection

106.13.206.236:33306

# Reference: https://www.virustotal.com/gui/file/843a79b79efaad0fdff63cbaf5d172734f936b37a49ce4653a5faeba38114acc/detection

106.75.90.114:50051

# Reference: https://beta.shodan.io/host/106.75.90.114

http://106.75.90.114
106.75.90.114:22
106.75.90.114:443
106.75.90.114:60001

# Reference: https://twitter.com/0xrb/status/1419966324634120197
# Reference: https://www.virustotal.com/gui/ip-address/119.23.252.91/detection

http://119.23.252.91

# Reference: https://www.virustotal.com/gui/file/a4bda3e1cf4a6c1f88f3859762b96b79cb8b666aa8e6f5f0549cf8692c36d02d/detection

124.70.208.21:12301

# Reference: https://beta.shodan.io/host/124.70.208.21

124.70.208.21:60001

# Reference: https://www.virustotal.com/gui/file/63c108316e7f34cc65e134c074209528f2602049d838620b68c7a51fed478d3b/detection

140.82.43.115:7777

# Reference: https://beta.shodan.io/host/140.82.43.115

140.82.43.115:3389
140.82.43.115:5985

# Reference: https://www.virustotal.com/gui/file/36b4a6328f65cad7d7fc4830f69431653efc7b7c70b47acd05d651d6787dc2b0/detection

155.94.179.163:33306

# Reference: https://beta.shodan.io/host/155.94.179.163

http://155.94.179.163
155.94.179.163:21
155.94.179.163:22
155.94.179.163:443
155.94.179.163:8888

# Reference: https://www.virustotal.com/gui/file/39cf5eace0c44a7bdf338bfb66e537134db723a4638cb11e718b4ab2f8a6ab37/detection
# Reference: https://www.virustotal.com/gui/file/ef7fc8a22116c3533476b52ccb2e21464edd58b06b2a628be9cb12ff9ce021da/detection

http://157.245.247.214

# Reference: https://beta.shodan.io/host/157.245.247.214

157.245.247.214:22

# Reference: https://www.virustotal.com/gui/file/8525991b0aed720c7fa5f7fdb4555ebefcb1e47f9686ad55dc95c202d7093f73/detection

http://192.169.200.75

# Reference: https://www.virustotal.com/gui/file/cb782e81db4cd365e17895f81aa74b7200000f0992781d5acd42a8b01862362f/detection

45.197.94.11:8000

# Reference: https://www.virustotal.com/gui/file/47b926b80c2a2dd165deccd35e65d057e3b58d2f2b391ce9fbd39f67ebe3c162/detection

http://45.32.128.117
45.32.128.117:443
45.32.128.117:53
/b2jhS8IIJW1D5ELmHUkAlQCqwBH1Dc/

# Reference: https://beta.shodan.io/host/45.32.128.117

45.32.128.117:3389

# Reference: https://www.virustotal.com/gui/file/44f2256e9367d2f3c0bbac795521d34b42cd28e5409b2ffd8cc137a8b9cc917c/detection

47.244.118.79:52700

# Reference: https://twitter.com/mojoesec/status/1421198691742986243

dirupun.com
hondame.com
imagalytics.com
mazdafo.com
msfthelpdesk.com
myhappiestminds.com
mazda.azureedge.net

# Reference: https://www.virustotal.com/gui/file/a67b47abcaeac789e1716ddd92b3c4bdf74abd04c5583958a27b16dbe26a35e7/detection

telegramp.cf
update.telegramp.cf

# Reference: https://www.virustotal.com/gui/file/c09f98b2c703f51f50bd4ab39eb495d44293e63d917f34c5f60fc216bd12e9ea/detection

119.45.183.69:8989

# Reference: https://beta.shodan.io/host/119.45.183.69

119.45.183.69:21
119.45.183.69:22
119.45.183.69:8055

# Reference: https://www.virustotal.com/gui/file/447c7b72c9960482380551b0301ad0b0357ed00cba2f60f6ccc26fd766761df2/detection

149.248.52.187:443
onlineworkercz.com

# Reference: https://www.virustotal.com/gui/file/956e66f820c127b655c4e59af455c4cc827d43b111f4cf260b6da1d30ac443b2/detection

http://192.236.146.5

# Reference: https://twitter.com/malwrhunterteam/status/1422260693156483082

104.21.63.131:2052
zylbzxcv.tk
hello.zylbzxcv.tk

# Reference: https://beta.shodan.io/host/104.21.63.131

http://104.21.63.131
104.21.63.131:2082
104.21.63.131:2083
104.21.63.131:2086
104.21.63.131:2087
104.21.63.131:443
104.21.63.131:8080
104.21.63.131:8443
104.21.63.131:8880

# Reference: https://www.virustotal.com/gui/file/1d4a82ff8f1687cf3fd74ca043cf139406f48582633835c7805457df06b60466/detection

121.36.62.132:8080

# Reference: https://www.virustotal.com/gui/file/859d07037461cf6272c4303e784b27def57f18f357daabab5d2dbd7ad0ffb00a/detection

http://121.36.62.132

# Reference: https://twitter.com/mojoesec/status/1422278692760428549
# Reference: https://twitter.com/mojoesec/status/1422278693792227333

acurashu.com
adobeflash.cc
bmwfor.com
croperdate.com
fivezin.com
freshjuk.com
georgiaonsale.com
identalytics.com
karavan.azureedge.net
link.withpulm.com
losmapes.com
marshbol.com
merssed.com
newyorkshel.com
nopostings.com
shuterb.com
smallgop.com
tcmb.azureedge.net
trialyoutube.space
update.adobeflash.cc
withpulm.com

# Reference: https://www.virustotal.com/gui/file/5a89b7ea4113bca99de51c3704ba1cc10c53ce7980abcb01ff174c6220159d7e/detection

172.86.124.157:8082

# Reference: https://beta.shodan.io/host/172.86.124.157

http://172.86.124.157
172.86.124.157:111
172.86.124.157:22
172.86.124.157:25
172.86.124.157:50050
172.86.124.157:5555
172.86.124.157:8080
172.86.124.157:8081
172.86.124.157:8083
172.86.124.157:8181
flashqq.xyz

# Reference: https://www.virustotal.com/gui/file/78b33df9b63797ec2f01467b9e35c801da99a65637e57144967aea12f24fa6c1/detection

http://91.208.184.81

# Reference: https://www.virustotal.com/gui/file/0eddaf715a62e2297165e5a0efb4a98269dc479b20335f7d3e2a09b845caa101/detection

91.208.184.81:443

# Reference: https://beta.shodan.io/host/91.208.184.81

91.208.184.81:22

# Reference: https://www.virustotal.com/gui/file/95535d9441e4de4ffc68c19c4a4cd8eafd0602f0355e0e0ba624bfb46c7ce3db/detection

23.105.215.102:8081

# Reference: https://beta.shodan.io/host/23.105.215.102

http://23.105.215.102
23.105.215.102:3306
23.105.215.102:443
23.105.215.102:8080

# Reference: https://www.virustotal.com/gui/file/6ed2e997d98774ed5e433940500cd9ea8545de9e6d526ccfb4bcb7052e991168/detection
# Reference: https://www.virustotal.com/gui/file/65ba97113b23d17e256790c2ee04418afd00f3cc4b6ddc9054f4ce6eb8bde6ce/detection

120.77.81.50:3000
120.77.81.50:8000

# Reference: https://beta.shodan.io/host/120.77.81.50

http://120.77.81.50

# Reference: https://www.virustotal.com/gui/file/8377182e1b8f4b9c5ad8fcd5f36c88d490447f3614db84e32483468df6848e1c/detection

http://47.100.227.60

# Reference: https://beta.shodan.io/host/47.100.227.60

47.100.227.60:3389
47.100.227.60:50050

# Reference: https://tria.ge/210803-w15fxk72ns

volga.azureedge.net

# Reference: https://www.virustotal.com/gui/file/8fe59d2b073574e046f8954e930131cd5de7e68b64773e670781c65a7873051f/detection

http://115.159.50.67
http://47.95.226.171
115.159.50.67:60001
47.95.226.171:8080

# Reference: https://beta.shodan.io/host/115.159.50.67

115.159.50.67:22

# ReferenceL https://www.virustotal.com/gui/file/ba66958fa8a24e9c49751ae4bc010e81f653838178410c90cfb65c6a92d16677/detection

http://163.197.61.123

# Reference: https://beta.shodan.io/host/163.197.61.123

163.197.61.123:3306
163.197.61.123:3389

# Reference: https://twitter.com/mojoesec/status/1422634206400745478

donuak.com
l1stary.xyz
a.l1stary.xyz
b.l1stary.xyz

# Reference: https://www.virustotal.com/gui/file/02cc21b92a14e45d9a5c9bd22a858b0783ef9158bf04ffe797757a6b0c09ceec/detection

81.70.207.47:9001

# Reference: https://beta.shodan.io/host/81.70.207.47

http://81.70.207.47
81.70.207.47:22
81.70.207.47:8080
81.70.207.47:8888
81.70.207.47:9002

# Reference: https://www.virustotal.com/gui/file/02374ce2c207761faf3c07956e448d7d3cb552fe0dab0fde6643a8fe4f8e2d1a/detection

wmjdvu.limyonly.me

# Reference: https://www.virustotal.com/gui/file/4595b621a23e64aa3a20bd3c825f159156eefdd8b01a4828623b966941a7ea8a/detection

wmjdvuif.limyonly.me

# Reference: https://www.virustotal.com/gui/file/f115809615a5be5c15fc9e427b42f7b27641d90cf82526f8a1f4345da43a86fa/detection

101.132.251.212:443

# Reference: https://twitter.com/sS55752750/status/1422918578592944128
# Reference: https://beta.shodan.io/host/92.38.135.132

http://92.38.135.132
92.38.135.132:22
92.38.135.132:443
92.38.135.132:444

# Reference: https://www.virustotal.com/gui/file/9d29cd4e961c3ddb041f48547ddd1e9f765a84ee940a063aa40f4511269a42c9/detection

http://159.89.25.68

# Reference: https://beta.shodan.io/host/159.89.25.68

159.89.25.68:22
159.89.25.68:25

# Reference: https://www.virustotal.com/gui/file/b2c54557366a339270462c53530947a1f173f572aa659f3c9c0676c899672fff/detection
# Reference: https://www.virustotal.com/gui/file/78e87a58fd66f57f4906a028574e136d47710ba6ff5d1510d5da45fe392f632e/detection

51.254.31.9:82

# Reference: https://beta.shodan.io/host/51.254.31.9

51.254.31.9:111
51.254.31.9:22
51.254.31.9:4443
51.254.31.9:50050
51.254.31.9:83

# Reference: https://www.virustotal.com/gui/file/253bd384fa140631c8dd22fe4510bc296ebfa1495f97089843e7a5e6a3b49133/detection

47.103.192.104:2333

# Reference: https://www.virustotal.com/gui/file/891e1853695c68703285adbc473dfb5b38e26ef5aeba368e723983308db3706a/detection

47.103.192.104:7777

# Reference: https://beta.shodan.io/host/47.103.192.104

http://47.103.192.104
47.103.192.104:9080

# Reference: https://www.virustotal.com/gui/file/bb85731fe8c4ad16504fc52eac9cf4e0d9018a134e6a6c98ee5b34f009039533/detection

116.0.48.14:6002

# Reference: https://beta.shodan.io/host/116.0.48.14

http://116.0.48.14
116.0.48.14:111
116.0.48.14:2222
116.0.48.14:3389
116.0.48.14:6001

# Reference: https://www.virustotal.com/gui/file/fc07f72684056370a073f5824cd0f7134f1e69141665eec84437776be9759069/detection
# Reference: https://www.virustotal.com/gui/file/0448b8cb558f398f84c2aad7f506611046480c45ae30d2d00f3916e03bd0dc5e/detection

104.21.72.177:2086
172.67.153.86:2086
share666.top

# Reference: https://www.virustotal.com/gui/file/ac4ce6f4e383218fb3dc769a5b434f9ecc5d8130757c25ec592213eef5407008/detection

45.79.123.122:8766
ms8629-oscpsec.info

# Reference: https://www.virustotal.com/gui/file/5d5802e969d599d95b63eed690a4b875c0da733e967034bc843b42cb983f72ce/detection

43.128.84.254:8888

# Reference: https://beta.shodan.io/host/43.128.84.254

43.128.84.254:111

# Reference: https://twitter.com/malware_traffic/status/1422974605283713029
# Reference: https://www.virustotal.com/gui/file/cf1043d00d87887f92a59e86296d1b7acaf37ccb33e9d2ce1f3c40d669de8ed5/detection

d3uexwarxkd1ug.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/942432ba3d8a50e8f07c1dfdc4fdaee181191f3599f7395bb0744c5e80a93d4b/detection

104.168.174.193:7777

# Reference: https://www.virustotal.com/gui/file/9888249f49f94f648d9041ccf5912fc10e6b845808846b6581bc3f368817e274/detection

104.168.174.193:8000

# Reference: https://beta.shodan.io/host/104.168.174.193

http://104.168.174.193
104.168.174.193:111
104.168.174.193:22

# Reference: https://www.virustotal.com/gui/file/01a7c06ff0fbb617726e84219bebb4af07b23a501c57fde89bb1a37494fbfda5/detection

114.98.234.212:8999

# Reference: https://www.virustotal.com/gui/file/053b3fd78a2dad05808fffbc060b69f5b57cd914d3305923b334718757ee1705/detection
# Reference: https://www.virustotal.com/gui/file/09f64cc2373cce9a9a2a0785dec8d6c038af136cc8c21e3349203216be2ba972/detection

rabay3a.no-ip.biz

# Reference: https://twitter.com/TheDFIRReport/status/1423256219603587074

altlass.com
commer-soft.com
f4l1k.tk
testdomain0x00.xyz
vhsonlinesecurity.info
blog.f4l1k.tk

# Reference: https://twitter.com/mojoesec/status/1423361237874880517

jikuran.com
nacicaw.com

# Reference: https://www.virustotal.com/gui/file/fc75aff893509ad90c00874eb46d7a01ca7786b9f02f0d336b979044ccb4521c/detection

47.96.129.92:2333

# Reference: https://www.virustotal.com/gui/file/5cde084a75d053469f1a137b478b433f7613ba62fbc35d2348fc9514e0d2b621/detection

yourupdate.org

# Reference: https://www.virustotal.com/gui/file/5c8221ceec2e70e4a6f6ddd9bad7fb6427890deb47f25f83df88e145d393e1ed/detection

60.205.188.203:13694

# Reference: https://www.virustotal.com/gui/file/7f39f3601d733ce213b82fde0017fa50197d27f04219f1a262b691cf70e7554b/detection

212.86.114.131:5252

# Reference: https://beta.shodan.io/host/212.86.114.131

212.86.114.131:3389
212.86.114.131:5985

# Reference: https://www.virustotal.com/gui/file/56b7132c71885a7baaf431b5dec8e78aa0a9b9419fbee696866e631df780c1c7/detection

40.85.80.61:443

# Reference: https://www.virustotal.com/gui/file/a44c5201387a795b60f9f60920fb037c0d3b4731612438bdd4dba3018c7fc7a8/detection

http://207.148.116.128
207.148.116.128:81

# Reference: https://www.virustotal.com/gui/ip-address/207.148.116.128/relations

f1ansh.com

# Reference: https://beta.shodan.io/host/207.148.116.128

207.148.116.128:22

# Reference: https://www.virustotal.com/gui/file/8fc377de3079d41481057588f5318e1c892c13025708ab57c2f0f5d90c843a84/detection

202.182.121.122:6666

# Reference: https://www.virustotal.com/gui/file/4065ee8590004d4801d71d315e046d677fb428f5928f84a2c66ec97143a5bd28/detection

202.182.121.122:8077

# Reference: https://www.virustotal.com/gui/file/e1bbc803d5663feea48a03b08ebbe7c67affe67f95ab88bb9aab9af7c04986a9/detection

202.182.121.122:8099

# Reference: https://www.virustotal.com/gui/file/08baccdf849f98949166b0078a4b678fa8c1234432c8f0f3c333b8f1b0f983ce/detection

202.182.121.122:20021

# Reference: https://beta.shodan.io/host/202.182.121.122

http://202.182.121.122
202.182.121.122:443
202.182.121.122:50050
202.182.121.122:8080
202.182.121.122:8086

# Reference: https://www.virustotal.com/gui/file/e5d35c4bd06114bdf7c8e2654d6716e1bb3844d5ffb6bab243baeefcba980d83/detection

158.247.210.247:84
cdn-aliyuncdn.com
m.cdn-aliyuncdn.com

# Reference: https://twitter.com/mojoesec/status/1423734569539358723
# Reference: https://www.virustotal.com/gui/file/28cbda765e8c82e78a674732e50145368d4fd45f0ad58e082b79728f4c846969/detection
# Reference: https://www.virustotal.com/gui/file/f8b902913ccd1d88eeed2a9c3ed47f5084092d97647add526a7abd321263a08f/detection
# Reference: https://www.virustotal.com/gui/file/cc667f2f39e00c2828d4153ae24821a7b7ca076562720463161161e3e3a1facb/detection

http://23.82.128.104
49.234.184.176:12400
d3udu6347fbra1.cloudfront.net
itforkbey.xyz
liot666.ml
travelnumb.com
zikojut.com

# Reference: https://www.virustotal.com/gui/file/67366a468e7a9e487bda3a63cdb04bf03198b0a778a5938d54f25377844c7af8/detection

45.146.164.37:8461

# Reference: https://twitter.com/Malwar3Ninja/status/1424396059061538820

bmw.azureedge.net

# Reference: https://twitter.com/mojoesec/status/1425170316477743109

fidomarvins.com
hexihan.com
loopcareer.com
madersoft.com
mersvecabrito.com
moduwoj.com
truebigdeal.com
vojefe.com
voyajin.com
wugemei7.com

# Reference: https://twitter.com/MichalKoczwara/status/1425400352623534082

rentdis.com

# Reference: https://twitter.com/_brettfitz/status/1426230152611119105

adobeflash.cc
microsoft.adobeflash.cc

# Reference: https://twitter.com/mojoesec/status/1426245686757138433

gimilof.com
kelowuh.com
musteritis.com
oppits.top
zivizea8.com

# Reference: https://twitter.com/IntezerLabs/status/1425793018557251588
# Reference: https://www.virustotal.com/gui/file/3f043dec79ab2f566cf6701b39cf720a4302a5e8de21aab6d67111feef2325a8/detection
# Reference: https://www.virustotal.com/gui/file/7b2bb3a9b505b92b22502466ec2f3ba21f27a5264e85587ccac913c9260bbba9/detection
# Reference: https://www.virustotal.com/gui/file/b4cfc49d647ebeffb99579dbd4be2a4ca779e3d36b60656aaa9d616ac343e991/detection

122.9.157.122:800

# Reference: https://www.virustotal.com/gui/file/bcce55608c5d9a4ffc29ee8a401629e95dfba4bb6f2a4ea228d36c4a9725a3c2/detection

http://106.55.141.184
106.55.141.184:443

# Reference: https://twitter.com/th3_protoCOL/status/1435369059835518976
# Reference: https://www.virustotal.com/gui/file/59086a51317b82c6e2287588158959a057d1bf4b3da0a260e0e7c27b0959366d/detection

170.130.28.35:757
esxi-update.net

# Reference: https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/
# Reference: https://www.virustotal.com/gui/ip-address/160.202.163.100/relations
# Reference: https://www.virustotal.com/gui/file/3ad119d4f2f1d8ce3851181120a292f41189e4417ad20a6c86b6f45f6a9fbcfc/detection

http://160.202.163.100
hksupd.com
microsofthk.com
microsoftkernel.com
amazon.hksupd.com
update.microsofthk.com
update.microsoftkernel.com

# Reference: https://twitter.com/Max_Mal_/status/1438412454569054209

http://139.60.161.69

# Reference: https://objective-see.com/blog/blog_0x66.html
# Reference: https://www.virustotal.com/gui/file/548c7e456d11d9acf06589be1a13a8c4229a3e41139570ee8e078e421ff0890c/detection

47.75.96.198:443

# Reference: https://www.virustotal.com/gui/file/7722ac99896ee9365c9f49f001d3fbfad7f2e8df436af17cf6c96776295ae046/detection

client-login.ch
post.client-login.ch
postchag.client-login.ch
swisspost.client-login.ch

# Reference: https://www.virustotal.com/gui/file/ea14ba061c0fc23392263c840ddfd570ed834c7209509d6c92a43befb5bd8f57/detection

211.21.92.6:8081

# Reference: https://www.virustotal.com/gui/file/e3a1e9d2d2de5be2e01d8b75a3cf7a0439dcbc18a63ee162423353b8c207463c/detection

47.103.223.142:4444

# Reference: https://www.virustotal.com/gui/file/ac0ed70fe5be30455e807c9844497ad2e26550d183449b92ca41e39acf600536/detection

47.103.223.142:6789

# Reference: https://www.virustotal.com/gui/file/379722e20fe1f24f45a723a46ae8c85abb937c4ec19e116230adde2dbc770d64/detection

47.103.223.142:8888

# Reference: https://twitter.com/h2jazi/status/1442550442861502470

datacdn.digital

# Reference: https://twitter.com/ScumBots/status/1443222172307238913
# Reference: https://www.virustotal.com/gui/file/f9afc132aa170191d1b23e949a88228b0a9dd1d995cbf5fd9cfcddcde9fd09a0/detection

34.102.136.180:2083
fscoode.xyz

# Reference: https://twitter.com/TheDFIRReport/status/1446139566004572163

SophosSecurityService.com

# Reference: https://twitter.com/_brettfitz/status/1447686144758591488

avastsecurityt.com
sophossecurityt.com
symantecsecurityt.com

# Reference: https://twitter.com/drb_ra/status/1446378717455003665

51.178.83.41:443
jobscost.com
m.jobscost.com

# Reference: https://www.virustotal.com/gui/file/3e310d913e324c84ad9fd0294edc99ce26f21e4580fee4da0d3b6d735f4a2ef7/detection

64.235.46.138:5454

# Reference: https://www.virustotal.com/gui/file/79b47780382f54ca039ad248d8241e42a7ed6b1e4b75af836890e4e46c0f8737/detection

aequuira1aedeezais5i.probes.space
aimee0febai5phoht2ti.probes.website
jeithe7eijeefohch3qu.probes.site

# Reference: https://www.virustotal.com/gui/file/75ff5e963316aed81dcb30da6854d83c8d7e0e2de725b31131f06782321bce89/detection

182.42.106.160:33

# Reference: https://www.virustotal.com/gui/file/9e332b53130c4c2bec7aa59dadd53f1c40e41b09a19e39c54be7f2ea66823f83/detection

182.42.106.160:50011

# Reference: https://www.virustotal.com/gui/file/8c7b48445be073a3a2067982dffa462464544b05bc19a1993dcc36d8c340c6be/detection

http://47.94.236.117

# Reference: https://www.virustotal.com/gui/file/4831ebb08265456507c0136d874455bc8dd3e6f82917dad13c1be16cbc94c43a/detection

47.94.236.117:2222

# Reference: https://www.virustotal.com/gui/file/b2c62645565005fc807d46ec74a6ae359275d3ab2d15aee3f5aeb83bea3209c2/detection

47.94.236.117:6688

# Reference: https://www.virustotal.com/gui/file/ccacb4f8475a239201c5e5dda87b1761b93e6f9f6b03f0811a10444452f4cd66/detection

47.94.236.117:7777

# Reference: https://www.virustotal.com/gui/file/5c1ad43f7afa5233750fe85eb42b42fb4f211b8eb9b54f75363f9abb34781a99/detection

47.94.236.117:9999

# Reference: https://www.virustotal.com/gui/file/58bca096efbbebcb1a0db83374bc576d980de6bfb001cec4b90e4c29479be0a0/detection

42.193.186.7:8001

# Reference: https://www.virustotal.com/gui/file/de7eab879e9fd5ae72a2dea73ec5b2e49957617c5f6d7fa4a61819054f52c528/detection

http://101.35.100.211
101.35.100.211:58888

# Reference: https://twitter.com/drb_ra/status/1446741162300223495

23.236.174.190:443

# Reference: https://twitter.com/drb_ra/status/1446741073074794499

185.118.167.23:443
/Mozalla/KFNAKdjaksd/
/KFNAKdjaksd/
/Mozalla/

# Reference: https://twitter.com/drb_ra/status/1446741021803560961

tets.test

# Reference: https://twitter.com/drb_ra/status/1446741046386376706

http://49.232.203.36

# Reference: https://twitter.com/KorbenD_Intel/status/1445515386577829891

api.services.global.prod.fastly.net

# Reference: https://twitter.com/seguridadyredes/status/1446399772022169622

/ijquery-3%20.3.2.slim.min.js

# Reference: https://twitter.com/vikas891/status/1447075537097089032

213.252.246.178:443
cdnidentity.site

# Reference: https://twitter.com/drb_ra/status/1447103403151269892

3.66.143.167:2443

# Reference: https://www.virustotal.com/gui/file/fb68317fae575239b8b869b25e6ee961211a34eb644263597dba3432ec817aed/detection

3.66.143.167:443

# Reference: https://twitter.com/drb_ra/status/1447103368141361157

3.66.143.167:8099

# Reference: https://www.virustotal.com/gui/file/c79d18970e1e2f880ecd61bee7b692089d5480df2cb9a58d2da5c847cdcff64a/detection

3.66.143.167:8921

# Reference: https://twitter.com/drb_ra/status/1447103365905895424

37.0.10.81:85
gainfinance.cc

# Reference: https://twitter.com/drb_ra/status/1446623074967826435

updatervmware.com

# Reference: https://twitter.com/drb_ra/status/1447156383510671362

forticlientupdater.com

# Reference: https://twitter.com/DmitriyMelikov/status/1447188995063128064
# Reference: https://www.virustotal.com/gui/file/5724843c6427901c55203478455e817c7cac07dd56f19649824554dd35b20b3f/detection

amd-jira.s3.us-west-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1447255781305421824

qihu360.me

# Reference: https://twitter.com/InQuest/status/1450488198572957697

106.75.130.160:443
106.75.130.160:49873
106.75.130.160:49879

# Reference: https://twitter.com/drb_ra/status/1450523797300383758

119.91.84.3:8388

# Reference: https://github.com/brad-duncan/IOCs/blob/main/2021-07-06-BazarLoader-with-Cobalt-Strike-IOCs.txt

http://46.17.98.191

# Reference: https://twitter.com/drb_ra/status/1451611823481016325

39.105.147.41:886

# Reference: https://twitter.com/bryceabdo/status/1453067678890045442
# Reference: https://www.virustotal.com/gui/file/dd0b096af19eee7655ba36897db7d5c51355390eb7f6f11b08ff1dc56511970d/detection

gellten-p.com

# Reference: https://twitter.com/Regiteric/status/1456245538043617286

http://65.60.35.141

# Reference: https://twitter.com/drb_ra/status/1456316736471437319

http://82.102.16.45
82.102.16.45:8080

# Reference: https://twitter.com/drb_ra/status/1456316634616975361

http://1.117.149.93
1.117.149.93:50006

# Reference: https://www.virustotal.com/gui/file/4bf435945ad5f07cd380f45b4518ff84e28734d3632cbdd56a6f68ce7c27efca/detection

81.68.118.217:443
81.68.118.217:4444
ghtwf01.cn

# Reference: https://twitter.com/mojoesec/status/1456667664387092488

eachsecuritybuswin.com
emusecuritybusaudit.com
independencesecurity.com

# Reference: https://twitter.com/1ZRR4H/status/1456456459533705220

http://173.234.155.186
http://173.234.155.19
http://173.234.155.219
http://173.234.155.220
http://173.234.155.223
http://173.234.155.42
173.234.155.186:443
173.234.155.190:443
173.234.155.205:88
173.234.155.219:443
173.234.155.220:443
173.234.155.223:443
173.234.155.231:88
173.234.155.42:443
173.234.155.77:443
173.234.155.96:443
173.234.155.9:443
xahebuz.com
xozepux.com
zuhufoy.com

# Reference: https://twitter.com/mojoesec/status/1456349741244162054

gapsecurityauditwin.com
hopesecuritywinbus.com
securitybusinesspink.com
winsecuritybuess.com
winssecuritybusaudit.com

# Reference: https://twitter.com/mojoesec/status/1456349893828784128

dandens.com
jeepves.com
manovolt.com
shemsut.com
zalandfr.com
zedlif.com

# Reference: https://github.com/IronNetCybersecurity/IronNetTR/blob/main/cobalt_strike/team_servers/2021-11-01.txt

1.116.130.98:443
1.116.141.23:443
1.116.157.97:8888
1.116.157.97:8889
1.116.207.171:2095
1.116.207.171:86
1.116.246.188:80
1.116.252.4:7788
1.116.96.210:2086
1.116.96.210:8443
1.116.97.206:88
1.116.97.206:888
1.116.97.206:8880
1.117.106.84:443
1.117.111.31:80
1.117.117.202:8811
1.117.154.185:443
1.117.155.217:25000
1.117.180.42:443
1.117.232.51:443
1.117.245.254:443
1.117.71.50:8080
1.117.86.121:443
1.117.93.65:443
1.12.218.208:443
1.12.223.184:80
1.12.223.61:8080
1.12.225.115:443
1.12.227.118:443
1.12.227.118:80
1.12.230.36:80
1.12.231.174:443
1.12.231.174:80
1.12.241.17:443
1.12.242.51:443
1.12.248.55:443
1.12.248.55:80
1.12.248.55:8080
1.13.0.155:2083
1.14.164.135:80
1.14.164.135:8787
1.14.64.135:12345
1.14.76.65:4443
1.15.113.198:443
1.15.170.122:8443
1.15.170.141:80
1.15.177.188:443
1.15.179.81:443
1.15.20.229:443
1.15.21.153:443
1.15.42.65:443
1.15.67.142:443
1.15.67.48:443
1.15.96.137:2222
100.24.56.227:443
100.26.177.188:443
101.132.195.91:443
101.200.49.219:61000
101.200.49.219:8443
101.200.82.235:443
101.32.200.111:443
101.32.213.202:8880
101.32.223.116:8088
101.32.36.91:2095
101.32.55.38:9500
101.34.115.251:443
101.34.128.238:443
101.34.148.38:443
101.34.169.46:50080
101.34.216.223:80
101.34.217.232:8099
101.34.239.245:80
101.34.243.135:3389
101.34.68.221:443
101.34.74.51:443
101.34.93.112:4443
101.35.106.33:80
101.35.111.90:443
101.35.117.99:60001
101.35.117.99:80
101.35.121.22:443
101.35.14.224:80
101.35.153.30:443
101.35.153.30:80
101.35.153.43:7002
101.35.155.102:8010
101.35.29.181:6666
101.35.29.181:6667
101.35.79.199:8088
101.35.79.199:8089
101.35.95.67:80
101.36.109.28:443
101.37.204.48:8082
101.42.99.243:443
101.99.94.123:443
103.117.100.39:443
103.118.204.207:443
103.118.204.234:443
103.122.247.18:8891
103.122.95.160:443
103.130.218.183:443
103.130.218.183:80
103.133.176.219:7788
103.143.40.242:443
103.145.60.28:444
103.145.60.28:80
103.146.179.37:8088
103.146.231.75:443
103.146.231.75:80
103.150.8.146:443
103.152.132.23:44351
103.153.138.56:8011
103.158.190.132:8443
103.164.63.135:443
103.198.241.50:443
103.198.241.50:7001
103.198.241.50:8443
103.200.28.74:443
103.208.179.159:8080
103.214.18.230:80
103.228.111.60:443
103.228.111.89:443
103.233.253.147:8080
103.234.72.104:443
103.234.72.215:8443
103.234.72.253:789
103.234.72.253:801
103.242.133.19:443
103.27.186.249:8443
103.30.203.48:8099
103.52.154.146:80
103.56.19.76:8082
103.73.97.119:443
103.79.77.195:8443
104.128.190.177:6443
104.128.92.144:443
104.128.92.144:9090
104.131.30.201:443
104.160.40.127:7777
104.168.165.125:90
104.168.19.77:6688
104.168.9.174:443
104.168.9.174:80
104.168.9.174:8080
104.168.9.174:8888
104.194.10.153:443
104.194.10.222:443
104.194.10.3:443
104.194.10.3:80
104.194.10.61:443
104.194.232.244:443
104.194.73.198:888
104.194.78.39:2053
104.194.78.39:2083
104.194.78.39:2087
104.194.78.39:2096
104.194.78.39:443
104.194.78.39:8443
104.194.8.164:443
104.207.150.174:80
104.208.28.78:443
104.223.15.193:443
104.225.234.121:80
104.238.205.44:443
104.243.33.221:443
104.243.34.57:443
104.243.37.153:443
104.243.38.235:443
104.243.41.123:443
104.247.196.170:443
104.248.10.17:443
104.248.10.17:80
104.248.106.47:80
104.251.224.150:11443
104.36.231.45:2082
104.36.68.175:8090
106.13.204.169:1456
106.13.215.125:6666
106.13.235.225:80
106.13.239.34:443
106.14.216.76:8443
106.15.197.67:87
106.15.203.68:999
106.15.50.19:443
106.52.103.19:9001
106.52.128.156:7001
106.52.197.95:443
106.52.27.83:443
106.52.6.242:8443
106.52.65.141:443
106.52.65.141:80
106.53.136.61:8008
106.54.185.183:7007
106.54.69.144:443
106.55.141.184:4443
106.55.153.204:443
106.55.155.117:8847
106.55.253.198:5555
106.55.39.22:80
106.55.39.22:888
106.55.51.55:443
106.55.51.55:80
106.75.67.11:443
106.75.67.11:80
106.75.93.254:443
106.75.93.254:80
107.148.133.169:443
107.150.126.47:8080
107.150.4.217:443
107.155.48.58:443
107.173.255.106:8899
107.173.35.82:8080
107.175.35.100:9999
107.182.185.162:443
107.182.185.162:8012
107.191.48.109:443
107.191.48.109:80
107.191.61.40:443
107.191.61.40:80
107.191.61.40:8080
108.160.137.158:443
108.160.137.158:4443
108.160.138.201:443
108.177.235.57:443
108.61.149.186:800
108.61.162.103:9988
108.61.188.230:443
108.61.203.86:80
108.61.96.134:10001
108.62.12.61:99
108.62.141.231:80
109.234.36.149:80
109.236.81.61:443
109.71.254.250:443
109.71.254.250:4444
109.71.254.250:80
109.71.254.250:8080
109.71.254.250:8888
110.40.129.108:443
110.40.178.104:443
110.40.184.247:443
110.40.189.46:2095
110.40.190.66:8443
110.42.135.208:8088
110.42.137.168:8081
110.42.142.135:7000
110.42.145.199:8099
110.42.233.15:80
110.42.247.139:80
110.42.250.204:12381
110.42.252.244:81
111.229.235.226:443
111.229.51.128:443
111.229.93.8:443
111.230.196.200:443
111.230.198.142:443
111.231.225.65:8080
112.124.1.157:8011
112.126.70.190:8081
113.23.144.117:443
113.31.118.7:443
114.115.138.22:5555
114.115.141.12:443
114.115.160.181:443
114.115.249.149:443
114.118.4.209:80
114.118.4.209:8090
114.118.4.216:443
114.118.5.101:443
114.132.222.109:80
114.132.226.178:7979
114.132.226.245:80
114.132.226.99:80
114.132.229.76:443
114.132.229.76:80
114.215.196.178:8443
114.216.201.12:6666
115.159.0.71:443
115.159.0.71:81
115.159.204.162:8080
116.204.211.101:2053
116.204.211.21:35002
116.204.211.25:46777
116.206.94.164:1234
116.206.94.164:2053
116.62.104.16:6443
116.62.138.140:8081
116.85.19.217:80
117.174.113.71:8787
117.50.37.182:8089
117.68.100.6:6969
117.68.100.6:8001
117.68.100.6:8003
118.195.138.146:443
118.195.138.146:8080
118.195.171.125:443
118.195.171.125:8443
118.195.190.94:7070
119.23.108.41:443
119.28.129.176:80
119.28.194.152:8089
119.29.119.234:8443
119.29.133.210:7001
119.29.187.225:8080
119.29.39.217:5555
119.29.67.188:90
119.3.59.17:9999
119.45.116.254:5050
119.45.14.19:4433
119.45.14.19:6699
119.91.107.57:88
119.91.70.28:81
119.91.84.3:8388
119.91.99.99:7777
120.132.81.151:8123
120.132.81.158:6699
120.132.81.158:8666
120.132.81.166:6666
120.132.81.219:843
120.24.210.164:4449
120.24.210.164:8888
120.26.2.60:10443
120.26.2.60:80
120.55.38.252:5555
120.55.58.254:443
120.78.130.115:8081
120.78.197.8:443
120.79.157.3:80
120.79.67.51:50007
121.127.241.152:888
121.127.241.178:80
121.196.111.48:443
121.196.151.60:443
121.196.151.60:9999
121.196.152.165:2087
121.199.41.206:80
121.199.51.9:80
121.199.53.120:8081
121.36.65.50:443
121.37.0.3:19999
121.37.139.238:443
121.37.255.60:443
121.37.255.60:4433
121.4.116.90:4443
121.4.130.222:8000
121.4.177.210:443
121.4.186.116:80
121.4.20.253:443
121.4.212.196:8443
121.4.22.225:443
121.4.233.179:80
121.4.233.179:8081
121.4.27.177:1234
121.4.41.2:443
121.4.92.66:443
121.40.103.97:8455
121.40.248.82:6666
121.40.253.25:443
121.40.30.88:80
121.40.30.88:8082
121.40.30.88:83
121.41.101.90:443
121.41.216.139:8081
121.41.30.246:443
121.41.55.60:8001
121.41.83.153:777
121.5.101.97:8081
121.5.114.81:443
121.5.114.81:7777
121.5.114.81:80
121.5.154.138:80
121.5.181.174:81
121.5.183.3:7777
121.5.27.41:4444
121.5.27.41:6666
121.5.27.41:80
121.5.3.143:8088
121.5.36.45:443
121.5.66.190:443
121.89.243.150:88
122.10.111.59:3443
122.10.52.70:443
122.10.58.25:81
122.10.91.56:443
122.10.91.56:8081
122.112.241.119:443
123.253.33.211:80
123.31.11.112:443
123.57.73.247:443
123.57.73.69:80
123.60.223.22:4443
123.60.224.248:443
123.60.224.248:58443
124.70.46.123:8123
124.71.11.108:4443
125.73.70.3:8443
128.1.131.167:443
128.1.131.167:80
128.199.0.91:443
128.199.106.244:443
129.226.15.142:443
129.226.193.62:443
13.212.61.37:4444
13.212.61.37:6666
13.212.61.37:6667
13.212.61.37:80
13.213.69.102:4433
13.236.182.206:443
13.56.250.12:443
13.56.250.12:80
13.57.190.33:80
13.59.8.92:443
13.75.68.24:80
132.145.123.227:8443
134.0.112.35:443
134.0.112.35:80
134.122.24.52:443
134.122.25.1:443
134.209.181.241:80
134.209.5.246:443
134.209.90.205:443
134.209.92.85:443
136.144.41.140:443
136.244.68.198:443
136.244.68.198:8080
136.244.82.85:8868
137.184.102.173:443
137.184.118.132:10443
137.184.128.208:443
137.184.140.235:443
137.184.143.170:443
137.184.148.212:443
137.184.56.49:443
137.184.56.49:88
137.184.56.49:9999
137.184.8.123:443
137.220.55.124:80
138.197.180.177:443
138.197.39.59:443
138.68.225.209:8443
139.155.172.203:443
139.155.28.48:1111
139.155.90.223:5913
139.162.76.207:443
139.177.179.26:80
139.180.131.140:10015
139.180.135.23:443
139.180.141.208:443
139.180.175.197:443
139.180.198.152:443
139.180.199.244:80
139.180.199.244:8080
139.180.203.48:443
139.180.206.48:80
139.180.217.181:443
139.186.131.34:443
139.186.131.34:8083
139.196.164.64:8088
139.196.219.53:12345
139.196.52.86:8889
139.196.81.139:10000
139.198.108.26:443
139.198.15.209:9999
139.198.169.45:443
139.198.174.135:443
139.198.174.135:80
139.198.175.232:8113
139.198.180.147:5443
139.198.181.156:443
139.198.28.177:4443
139.199.31.223:4433
139.224.105.96:443
139.224.105.96:6667
139.224.164.192:443
139.224.230.80:66
139.224.67.66:80
139.28.38.85:443
139.60.161.55:443
139.60.161.55:80
139.60.161.69:443
139.60.161.77:443
139.60.161.99:443
139.60.162.27:80
140.82.46.213:8090
141.164.39.54:443
141.164.46.45:80
141.164.50.128:444
141.164.56.168:8088
141.164.58.65:8443
141.94.45.159:8443
142.4.124.94:8008
142.93.15.222:443
142.93.152.156:443
142.93.152.156:80
143.110.217.141:443
143.198.116.95:80
143.198.132.119:443
143.198.132.119:80
143.198.133.41:443
143.244.173.171:443
143.244.173.171:81
144.168.60.102:443
144.168.60.102:8089
144.202.101.37:443
144.202.39.211:80
144.202.42.216:443
144.202.42.216:8080
144.202.53.15:443
144.202.68.61:443
144.202.68.61:80
144.217.207.19:443
144.217.207.29:443
144.217.207.31:443
144.34.179.150:60021
144.48.7.98:2336
144.76.211.83:443
144.91.67.147:443
144.91.67.147:8081
146.185.132.43:8443
146.56.100.64:8899
146.70.24.194:443
146.70.24.194:80
147.135.124.63:443
147.139.4.69:443
147.139.4.69:444
147.182.203.148:10443
147.182.206.25:443
147.182.206.25:80
147.182.238.7:443
147.182.245.221:443
147.182.247.163:443
147.189.173.122:443
147.189.173.122:80
147.189.173.122:8080
147.189.173.122:8888
149.129.61.177:80
149.154.152.4:443
149.248.2.93:443
149.248.52.240:443
149.28.158.189:8443
149.28.203.144:443
149.28.204.170:443
149.28.206.87:443
149.28.22.31:8089
149.28.233.75:443
149.28.31.104:443
149.28.52.177:443
149.28.72.94:443
149.28.81.175:443
149.28.84.31:9991
150.109.123.86:443
150.109.123.86:4439
150.109.123.86:4444
150.109.123.86:4455
150.109.71.192:8443
150.136.163.159:444
150.136.215.105:80
150.158.153.198:448
150.158.153.198:80
152.136.100.121:443
152.136.100.121:8002
152.136.116.68:80
152.136.123.64:443
152.136.140.33:9999
152.136.178.242:80
152.136.18.177:80
152.136.18.177:8080
152.136.22.191:4444
152.32.174.15:10443
152.32.191.36:80
152.32.191.8:8080
152.32.216.13:443
152.32.228.19:80
152.32.252.190:443
152.69.198.162:8443
152.89.247.68:443
152.89.247.68:80
154.202.59.50:80
154.202.59.50:8282
154.204.25.175:8088
154.208.10.77:800
154.209.75.62:443
154.209.77.11:8035
154.215.115.112:443
154.215.115.112:80
154.215.125.242:8085
154.215.125.242:8089
154.220.3.196:443
154.27.65.155:443
154.39.240.24:2083
154.86.157.35:443
154.86.157.35:80
154.91.164.69:443
155.138.156.234:443
155.138.156.234:80
155.138.164.216:443
155.94.128.80:443
155.94.135.13:443
155.94.163.69:89
155.94.178.9:443
155.94.201.136:8443
155.94.201.136:9443
155.94.235.16:443
155.94.235.16:80
156.236.114.72:443
156.248.76.253:4433
156.255.2.197:443
156.255.2.36:443
156.255.3.224:443
158.108.102.12:8443
158.247.201.175:80
158.247.205.77:443
158.247.210.247:8088
158.247.210.247:8443
158.247.212.206:8443
158.247.216.201:443
158.247.216.56:443
158.247.217.83:8443
158.247.220.250:2082
158.247.220.250:8443
158.247.220.72:80
158.247.224.30:443
158.247.225.41:1443
158.247.225.41:2443
159.203.102.73:443
159.203.31.69:443
159.223.101.71:443
159.223.117.217:443
159.246.29.98:80
159.65.35.193:443
159.65.86.39:443
159.75.1.146:2052
159.75.124.176:443
159.75.124.176:4443
159.75.124.176:8443
159.75.229.51:443
159.75.98.80:443
159.75.98.80:80
159.89.144.117:443
159.89.144.117:80
159.89.206.190:443
16.162.34.39:443
160.116.58.207:443
160.20.145.111:4453
160.20.147.97:81
161.35.72.169:443
161.97.138.56:8443
161.97.138.56:88
162.0.220.196:443
162.0.220.196:80
162.0.222.104:443
162.0.222.104:80
162.243.165.249:443
162.243.165.249:8091
162.244.80.111:443
162.244.80.111:80
162.244.80.254:443
162.244.80.254:80
162.244.80.254:8080
162.244.83.95:9999
162.248.225.208:443
162.33.177.185:443
162.33.177.185:80
162.33.177.198:443
162.33.177.198:80
162.33.177.55:80
162.33.178.187:443
162.33.178.187:80
162.33.178.236:443
162.33.178.236:80
162.33.178.241:443
162.33.178.241:80
162.33.179.154:443
162.33.179.154:80
162.33.179.161:443
162.33.179.161:80
162.33.179.228:443
162.33.179.228:80
162.33.179.236:443
162.33.179.236:80
162.33.179.40:443
162.33.179.66:443
163.197.41.251:666
164.155.79.66:8081
165.227.133.17:443
165.227.85.160:443
165.232.133.76:443
165.232.133.76:80
167.160.188.106:8443
167.172.25.14:443
167.172.78.120:444
167.179.102.242:443
167.179.114.195:54321
167.179.64.7:808
167.179.66.246:443
167.179.66.246:8081
167.179.97.3:8080
167.99.126.73:443
167.99.177.250:443
168.100.8.117:80
168.100.8.162:80
168.100.9.204:80
168.235.86.183:8443
168.61.42.238:80
170.130.55.112:8081
170.130.55.249:443
170.130.55.249:80
170.130.55.249:8080
172.104.164.209:443
172.104.171.27:4443
172.105.150.93:443
172.105.150.93:80
172.105.227.76:80
172.105.228.71:8443
172.105.75.173:4434
172.247.76.44:81
172.82.148.202:443
172.86.124.157:5230
172.86.124.212:8012
172.93.44.30:443
172.96.199.223:8443
172.96.237.159:8443
173.232.146.125:443
173.234.155.186:443
173.234.155.186:80
173.234.155.190:80
173.234.155.219:443
173.234.155.219:80
173.234.155.220:443
173.234.155.220:80
173.234.155.223:443
173.234.155.223:80
173.234.155.231:88
173.234.155.42:443
173.234.155.42:80
173.242.115.207:2095
173.254.227.250:443
173.82.11.119:443
173.82.134.106:8080
173.82.134.106:9999
173.82.151.182:50999
173.82.193.110:8090
173.82.219.68:10443
173.82.94.41:8081
175.24.121.191:80
175.24.185.225:8081
175.24.60.104:80
175.24.62.158:4443
175.27.247.106:81
176.113.71.141:2095
176.113.71.141:443
176.121.14.103:2
176.121.14.113:443
176.121.14.117:443
176.121.14.117:8080
176.121.14.117:8081
178.128.126.235:4433
178.128.224.80:443
178.132.4.147:8113
178.132.4.148:14404
178.132.4.148:14406
178.132.4.150:79
178.162.199.36:443
178.236.42.200:443
178.236.44.145:80
178.254.42.220:443
179.60.150.24:443
179.60.150.24:80
179.60.150.24:8000
179.60.150.25:443
179.60.150.27:443
18.133.129.215:443
18.141.72.140:443
18.141.72.140:80
18.159.202.1:443
18.162.119.47:443
18.162.119.47:80
18.162.59.234:2053
18.163.187.78:443
18.180.45.136:443
18.181.197.100:8888
18.188.42.205:443
18.191.143.90:443
18.193.77.75:443
18.195.217.207:443
18.212.26.180:443
18.216.114.221:443
18.218.140.159:443
18.222.64.250:443
18.222.64.250:80
18.252.3.94:443
18.252.55.155:443
180.76.174.79:4444
182.42.112.101:3333
182.92.103.213:443
182.92.233.209:443
182.92.233.209:80
182.92.238.128:8842
185.118.166.205:443
185.118.166.205:80
185.118.167.23:82
185.125.204.58:443
185.125.204.58:80
185.140.250.61:443
185.145.148.109:443
185.145.148.109:80
185.149.23.135:443
185.150.117.169:443
185.150.117.169:80
185.150.117.170:443
185.150.117.170:80
185.150.117.83:443
185.150.117.83:80
185.150.189.235:443
185.150.189.235:80
185.150.191.35:443
185.150.191.35:80
185.153.199.164:443
185.158.249.64:443
185.158.249.64:80
185.162.235.61:443
185.186.246.42:8443
185.189.151.107:443
185.198.57.150:7443
185.198.57.155:443
185.198.57.155:4443
185.198.57.155:8443
185.201.47.157:443
185.207.154.220:8001
185.207.154.220:8089
185.207.154.220:89
185.209.160.57:443
185.209.160.57:80
185.212.129.254:443
185.212.129.254:8080
185.215.113.213:443
185.216.119.91:6666
185.22.172.103:80
185.225.17.82:443
185.225.17.82:8443
185.23.201.136:80
185.23.201.136:8881
185.234.247.48:80
185.239.226.133:443
185.243.114.227:445
185.243.114.227:8001
185.244.129.74:8888
185.244.130.113:443
185.244.150.52:443
185.245.42.177:443
185.245.42.177:80
185.245.42.177:81
185.251.45.66:443
185.32.124.168:443
185.33.87.10:443
185.33.87.10:444
185.33.87.10:8080
185.7.214.187:443
185.7.214.187:80
185.99.133.209:443
185.99.133.209:80
185.99.133.213:80
185.99.133.221:443
185.99.133.233:443
185.99.133.233:80
186.202.57.168:443
188.116.36.212:443
188.165.243.155:443
188.166.213.201:443
188.166.92.216:80
188.34.142.201:443
190.123.45.76:443
192.155.95.252:83
192.161.176.16:443
192.161.176.16:80
192.161.51.191:8443
192.161.55.13:86
192.169.7.101:443
192.169.7.101:80
192.210.207.169:4434
192.210.207.169:9980
192.227.155.201:4443
192.227.155.201:7788
192.227.193.115:443
192.248.186.174:443
192.3.128.243:2052
192.3.128.243:8099
192.3.248.194:82
192.3.248.194:8443
192.3.86.197:443
192.34.109.100:443
192.34.109.104:1080
192.34.109.104:443
192.34.109.12:1443
192.34.109.13:443
192.51.188.133:443
193.109.69.2:443
193.122.96.185:443
193.135.134.104:8443
193.163.71.28:8103
193.200.149.117:443
193.203.215.52:8083
193.239.84.159:443
193.239.84.159:80
193.26.21.46:777
193.38.55.36:80
193.56.146.100:443
193.56.146.101:443
193.56.146.33:443
193.56.146.99:10443
193.56.146.99:443
194.147.142.163:443
194.156.98.128:2052
194.156.98.128:2096
194.156.98.129:2052
194.156.98.129:2096
194.156.98.149:443
194.156.98.173:443
194.156.98.173:80
194.156.98.246:9999
194.163.157.82:8088
194.165.16.60:443
194.165.16.63:1080
194.28.112.142:80
194.33.40.76:443
194.33.40.76:80
194.68.32.17:443
194.87.215.102:8443
194.87.215.107:80
195.123.234.26:443
195.123.242.134:80
195.133.192.110:443
195.133.52.232:443
195.133.52.232:8443
195.181.222.64:8443
195.245.113.172:443
195.245.113.172:80
195.245.113.172:8443
195.248.234.191:443
195.3.146.181:443
198.12.113.216:8080
198.13.46.131:443
198.187.30.198:8080
198.2.253.136:4433
198.2.253.136:8888
198.2.253.142:443
198.2.253.142:81
198.200.48.32:80
198.200.57.58:443
198.211.45.153:443
198.211.45.153:80
198.211.45.153:8080
198.211.45.153:8888
198.211.8.155:10443
198.211.8.155:443
198.211.8.155:4444
198.211.8.155:80
198.23.153.220:8443
198.46.143.219:8080
198.46.143.219:8443
198.52.107.210:443
198.55.102.254:50010
198.58.100.18:80
199.127.60.67:443
199.19.224.92:4443
199.19.224.92:8089
20.102.59.240:443
20.188.30.66:7777
202.182.100.166:443
202.182.101.162:8443
202.182.104.10:801
202.182.105.127:80
202.182.109.1:11443
202.182.115.131:9200
202.182.125.249:443
202.182.98.164:2083
202.58.105.82:443
204.44.99.197:4431
204.44.99.197:8090
204.44.99.197:8099
205.185.123.209:443
205.185.123.209:8443
206.166.251.229:80
206.166.251.54:4443
206.166.251.54:4453
206.166.251.75:443
206.221.176.220:80
207.148.112.179:443
207.148.112.179:53
207.148.90.139:443
207.154.222.18:4444
207.246.112.192:443
207.246.122.112:443
207.246.122.112:80
208.86.32.67:443
208.86.32.67:80
208.92.93.25:443
209.141.41.245:443
209.222.101.221:443
209.222.98.111:80
209.222.98.45:443
209.97.171.153:80
211.72.172.149:8081
211.72.172.149:85
212.115.54.248:443
212.115.54.248:80
212.129.248.171:443
212.202.111.18:8080
212.53.153.104:443
213.139.208.241:443
213.139.208.241:80
213.227.154.122:443
213.227.154.152:443
213.227.154.152:80
213.227.154.152:8080
213.227.154.152:8888
213.227.154.159:443
213.227.154.159:4444
213.227.154.92:8888
213.227.155.241:443
213.227.155.241:8080
213.227.155.246:443
213.227.155.246:8080
213.227.155.48:443
213.227.155.48:8080
213.227.155.75:443
213.227.155.75:8080
213.252.246.178:443
216.238.76.76:443
216.244.71.141:1443
216.244.83.68:443
216.244.83.75:443
216.244.87.180:80
216.244.87.181:1443
216.244.87.181:80
217.6.46.91:443
217.6.46.91:8080
217.69.7.206:443
218.253.251.125:443
218.253.251.68:443
218.253.251.90:80
223.252.173.90:443
223.4.21.72:443
223.4.21.72:4443
223.4.21.72:80
23.106.124.95:443
23.106.160.95:443
23.108.57.27:443
23.133.1.115:8081
23.133.1.115:82
23.160.193.134:443
23.160.193.134:80
23.160.194.14:443
23.160.194.14:80
23.160.194.76:443
23.160.194.76:80
23.19.227.110:443
23.224.152.138:443
23.224.152.141:4433
23.224.59.230:8088
23.224.70.157:3332
23.225.44.120:85
23.227.203.156:443
23.227.203.156:80
23.227.203.217:443
23.227.203.218:80
23.81.246.32:443
23.82.141.105:443
23.82.141.150:443
23.82.141.150:8080
23.82.141.151:4444
23.82.141.151:8080
23.94.100.95:8443
23.94.207.178:441
23.94.91.218:8443
23.94.96.121:443
27.102.130.117:443
27.54.253.248:443
27.54.253.248:80
3.122.41.138:443
3.132.140.19:443
3.136.160.122:443
3.142.180.170:4431
3.142.180.170:4457
3.142.180.170:805
3.142.246.238:4433
3.142.246.238:8443
3.144.182.117:443
3.144.187.165:443
3.18.119.199:443
3.20.235.36:80
3.21.220.91:443
3.235.107.120:443
3.235.228.212:443
3.236.77.121:443
3.236.77.121:80
31.220.44.244:443
31.220.44.244:8443
31.44.184.73:443
31.9.56.36:443
34.122.146.100:443
34.146.32.224:8080
34.146.42.83:443
34.146.42.83:80
34.150.126.235:8443
34.150.126.235:8880
34.199.235.107:80
34.214.10.144:443
34.214.110.188:443
34.215.209.58:443
34.229.70.182:443
34.229.70.182:80
34.254.225.109:80
34.64.139.63:4444
34.64.139.63:8080
34.64.92.153:85
34.68.65.158:443
34.72.172.103:443
34.84.246.191:4444
34.84.246.191:8081
34.85.106.244:80
34.85.106.244:8080
34.92.130.132:8443
34.92.130.132:8880
34.92.135.218:80
34.92.207.123:8088
34.92.215.210:8088
34.92.218.150:7777
34.92.237.138:2053
34.92.237.138:8444
34.92.251.39:80
34.96.141.53:10010
34.96.255.223:80
35.153.29.126:443
35.171.172.40:443
35.174.121.142:443
35.176.207.20:443
35.177.95.190:443
35.183.144.254:443
35.193.208.22:443
35.229.143.172:443
35.85.64.121:443
35.85.64.121:80
37.0.10.81:85
37.1.208.153:443
37.1.209.199:443
37.1.209.199:80
37.120.145.214:80
37.120.222.195:443
37.120.238.13:80
37.221.115.68:443
38.101.41.70:443
39.101.70.93:443
39.102.55.191:443
39.103.232.39:8022
39.103.234.40:8443
39.104.28.100:80
39.105.31.193:50001
39.105.49.50:443
39.105.5.198:6666
39.105.5.198:9988
39.106.107.82:443
39.106.51.35:808
39.107.109.63:80
39.107.41.90:443
39.107.41.90:4433
39.108.129.85:5555
39.108.152.152:888
39.108.190.126:80
39.108.60.64:443
39.108.62.177:443
39.109.116.21:4444
39.96.196.130:443
39.98.157.4:443
39.99.147.117:443
39.99.147.117:8001
39.99.155.90:443
39.99.173.55:443
39.99.181.72:10010
41.216.181.17:2096
41.220.3.37:443
42.192.118.141:8011
42.192.118.141:8012
42.192.129.232:81
42.192.146.25:4444
42.193.119.4:443
42.193.122.226:443
42.193.127.233:8088
42.193.158.251:80
42.193.174.193:8002
42.193.186.7:8001
42.193.186.7:8022
42.193.192.51:443
42.193.214.132:11111
42.193.46.77:12211
42.194.137.216:80
42.194.158.32:10201
42.194.206.51:10086
42.51.33.115:8081
43.128.19.172:81
43.128.21.144:443
43.128.24.200:8443
43.129.212.12:8080
43.129.214.143:10000
43.129.251.5:443
43.129.7.189:443
43.132.201.196:4433
43.225.158.200:6379
43.225.31.149:443
43.252.209.252:443
43.254.218.134:443
43.254.218.17:443
44.195.149.127:443
44.199.52.114:443
45.10.20.166:443
45.10.20.166:8443
45.112.206.13:2443
45.112.206.18:443
45.112.206.18:8443
45.113.1.21:10010
45.117.102.139:443
45.124.66.44:10443
45.124.66.44:443
45.126.211.2:443
45.127.99.18:443
45.128.156.153:80
45.129.136.12:1000
45.129.136.12:2000
45.129.136.12:3000
45.129.136.12:4000
45.129.136.12:5000
45.129.136.12:6000
45.129.136.12:7000
45.129.136.12:9000
45.129.2.244:2095
45.129.2.244:80
45.129.2.244:8080
45.133.194.11:443
45.136.15.11:9078
45.136.230.187:1443
45.138.157.138:443
45.14.227.55:443
45.14.227.55:80
45.14.227.55:8080
45.14.227.55:8888
45.142.166.51:8888
45.144.176.162:443
45.144.176.162:80
45.144.179.182:80
45.145.6.5:443
45.145.6.5:8999
45.146.165.142:443
45.146.165.143:443
45.147.177.119:443
45.147.177.119:80
45.147.179.211:443
45.147.179.211:80
45.147.200.110:443
45.147.229.64:5060
45.147.229.80:443
45.155.205.249:4443
45.156.23.143:443
45.159.48.193:10443
45.159.48.193:5050
45.207.50.220:8443
45.207.55.221:80
45.253.66.104:8585
45.32.100.232:443
45.32.103.199:80
45.32.107.171:8089
45.32.108.235:443
45.32.112.16:80
45.32.114.241:8080
45.32.12.139:443
45.32.123.67:443
45.32.132.107:80
45.32.139.177:443
45.32.139.177:80
45.32.140.155:443
45.32.174.131:443
45.32.174.131:8080
45.32.199.204:443
45.32.242.167:9022
45.32.49.207:443
45.32.57.125:2096
45.32.63.194:443
45.32.64.43:443
45.32.64.43:7443
45.43.55.39:80
45.58.113.178:443
45.58.113.178:80
45.58.127.226:443
45.61.136.76:8080
45.61.139.86:443
45.62.105.231:443
45.63.0.171:8443
45.63.53.102:443
45.63.53.102:7443
45.63.60.34:443
45.63.60.34:80
45.63.89.117:443
45.63.89.117:80
45.63.90.109:443
45.67.228.85:443
45.76.104.125:80
45.76.177.151:443
45.76.184.181:45677
45.76.199.148:443
45.76.199.199:8443
45.76.205.191:8443
45.76.213.236:443
45.76.234.74:443
45.76.234.74:80
45.76.240.190:443
45.76.240.190:80
45.76.97.205:8000
45.77.10.227:443
45.77.123.18:443
45.77.123.18:8080
45.77.14.195:2052
45.77.14.195:80
45.77.14.195:8080
45.77.174.139:6443
45.77.174.139:7443
45.77.174.139:805
45.77.245.105:8000
45.77.247.142:80
45.77.249.181:443
45.77.37.214:443
45.77.37.42:443
45.77.37.42:80
45.77.38.191:443
45.77.43.51:8686
45.77.44.118:443
45.77.63.194:443
45.77.70.135:443
45.77.70.135:8081
45.77.70.135:8083
45.77.70.135:8088
45.77.87.242:443
45.77.87.242:8080
45.77.87.2:443
45.77.87.2:8080
45.77.9.110:2053
45.77.9.110:80
45.77.9.110:8443
45.79.137.164:443
45.79.177.151:443
45.79.177.151:80
45.79.239.199:443
45.79.239.199:80
45.80.149.151:10443
45.88.107.40:443
45.91.81.107:443
45.91.81.107:8443
45.91.81.49:2082
45.91.81.49:443
45.92.156.97:7777
45.95.168.128:4433
46.101.238.148:80
46.161.40.85:28015
46.161.40.85:443
47.100.244.87:1111
47.100.247.194:80
47.102.117.86:443
47.102.118.245:8080
47.102.156.247:8080
47.102.215.49:8081
47.102.37.135:443
47.102.37.135:4443
47.102.37.135:8080
47.102.37.135:81
47.103.34.37:443
47.103.71.63:81
47.103.73.139:443
47.104.156.242:443
47.104.207.11:14443
47.104.207.11:8080
47.104.29.109:443
47.105.123.109:8077
47.105.123.109:8088
47.105.123.109:9999
47.106.135.101:443
47.106.88.225:443
47.107.81.243:443
47.107.81.243:80
47.107.95.5:443
47.107.95.5:80
47.108.160.251:80
47.108.160.251:8080
47.108.68.211:443
47.110.49.237:443
47.110.90.89:443
47.110.90.89:4443
47.110.90.89:800
47.110.90.89:801
47.111.163.10:443
47.111.66.171:443
47.112.227.200:1234
47.112.227.200:443
47.113.192.46:443
47.118.70.209:8443
47.119.132.237:5555
47.119.138.1:8121
47.241.42.138:443
47.242.158.228:443
47.242.248.90:8043
47.242.4.140:8443
47.242.55.170:443
47.242.55.79:80
47.243.12.69:49153
47.243.163.164:22222
47.243.163.164:30001
47.243.163.164:31001
47.243.163.164:6666
47.243.22.29:443
47.243.22.29:4433
47.243.44.143:8089
47.75.249.112:10443
47.90.202.152:443
47.92.198.186:8000
47.92.205.163:80
47.93.116.52:20080
47.93.21.173:8080
47.93.220.152:443
47.93.27.121:443
47.93.27.54:443
47.93.9.242:8081
47.93.9.242:8082
47.94.102.188:443
47.94.153.149:80
47.94.170.143:443
47.94.175.146:443
47.94.38.147:443
47.94.38.147:6666
47.95.207.79:443
47.96.64.138:443
47.96.95.155:8001
47.96.95.155:8089
47.97.120.26:443
47.97.211.147:2052
47.97.38.151:443
47.97.38.151:80
47.98.123.167:443
47.98.164.231:443
47.99.72.130:443
47.99.72.130:80
49.232.137.190:443
49.232.161.221:443
49.232.203.36:443
49.232.203.36:80
49.232.217.235:443
49.232.217.235:80
49.233.115.163:80
49.234.100.201:30002
49.234.105.212:8443
49.234.230.82:80
49.234.67.167:12346
49.234.67.167:45555
49.234.95.166:443
49.235.108.154:8443
49.235.123.49:80
49.235.206.130:10005
49.235.206.130:10006
49.235.206.130:4433
49.235.87.154:80
49.235.87.165:8081
49.235.87.165:81
49.7.217.34:1234
49.7.217.34:8081
49.72.46.23:4567
5.149.250.53:443
5.180.96.188:443
5.180.97.29:100
5.186.197.176:80
5.188.230.162:443
5.188.230.208:443
5.188.33.186:443
5.189.184.60:443
5.2.73.46:443
5.2.73.46:80
5.252.176.115:80
5.252.176.115:89
5.255.97.231:4444
5.8.18.112:80
50.116.42.23:6443
51.143.161.4:443
51.143.161.4:80
51.255.225.253:443
51.4.148.78:443
51.68.203.106:443
51.79.235.227:443
51.81.13.141:443
51.81.13.141:80
52.10.50.161:443
52.175.122.61:443
52.175.218.135:443
52.201.168.117:8082
52.201.40.239:443
52.33.220.96:443
52.33.220.96:80
52.34.132.58:443
52.38.118.16:443
52.59.214.27:443
52.62.49.9:443
52.63.220.44:443
52.63.220.44:80
52.91.7.144:443
54.153.79.79:443
54.153.79.79:80
54.157.82.153:443
54.167.68.102:443
54.169.156.221:443
54.169.224.180:443
54.169.224.180:80
54.174.145.85:443
54.177.188.235:443
54.177.188.235:80
54.183.123.73:443
54.183.123.73:8443
54.188.145.110:443
54.189.204.32:443
54.191.39.190:80
54.200.207.136:443
54.200.207.136:80
54.215.254.128:443
54.215.254.128:80
54.245.200.173:443
54.245.201.249:443
54.252.57.152:80
54.38.123.239:1443
54.94.159.140:80
59.110.140.186:8443
59.175.148.60:8879
59.175.148.60:8989
59.63.224.101:443
59.63.224.101:8443
60.205.179.40:2052
60.205.179.40:2096
60.247.154.186:8080
60.247.154.186:9999
61.160.195.13:8443
61.36.35.122:443
62.171.177.207:80
62.182.85.55:80
62.234.130.153:443
62.234.46.138:7001
62.234.46.138:8099
62.234.46.138:8443
63.209.32.18:443
64.227.1.94:443
64.227.188.64:80
64.44.139.51:10443
64.44.139.51:443
64.44.139.51:80
64.44.139.51:8080
64.44.139.51:8888
64.52.169.174:443
65.21.255.187:443
65.49.212.197:8080
66.165.246.75:443
66.228.47.118:8081
66.29.138.191:443
66.42.105.231:8080
66.42.44.124:443
66.42.56.42:443
66.42.69.83:888
66.98.118.68:443
67.205.153.129:80
68.183.102.224:443
69.46.15.155:443
69.49.229.88:443
70.34.198.195:3333
70.34.200.234:8080
70.34.200.234:8888
74.119.192.230:443
74.120.175.173:22443
74.121.148.47:443
74.121.148.47:4443
74.121.148.47:7443
74.121.151.180:7001
74.201.28.55:80
77.83.199.20:443
77.83.199.20:8080
78.128.113.14:443
78.142.29.109:443
78.142.29.109:80
78.142.29.122:443
78.94.208.254:80
79.110.52.49:443
79.110.52.49:80
79.141.161.22:443
79.141.161.22:8080
79.141.165.48:443
79.141.165.48:80
8.129.181.89:80
8.131.237.224:80
8.131.54.107:443
8.131.61.195:443
8.131.64.184:7000
8.131.81.136:443
8.133.180.78:11111
8.133.180.78:22222
8.133.180.78:30001
8.133.180.78:4443
8.134.124.241:80
8.135.67.207:80
8.135.97.39:55443
8.136.119.24:2021
8.140.150.177:443
8.140.43.245:8443
8.210.125.63:443
8.210.125.63:8443
8.210.155.6:9999
8.210.184.208:11111
8.210.2.157:443
8.210.253.122:443
8.210.68.113:443
8.210.91.106:8443
80.240.17.213:443
80.92.205.165:443
80.92.205.165:80
81.68.136.117:443
81.68.179.138:80
81.68.179.88:443
81.68.232.16:443
81.68.236.247:80
81.68.255.215:80
81.68.255.89:443
81.68.97.226:80
81.69.189.231:8443
81.69.198.123:80
81.69.248.69:11180
81.69.248.69:12111
81.69.248.69:8443
81.69.248.69:88
81.69.249.180:4443
81.69.254.100:45000
81.69.26.175:443
81.69.33.253:8443
81.70.144.120:443
81.70.155.208:443
81.70.167.153:443
81.70.168.11:4445
81.70.168.11:4455
81.70.168.11:7443
81.70.215.208:443
81.70.229.78:443
81.70.247.249:4433
81.71.122.129:443
81.71.149.131:443
81.71.25.251:80
81.71.33.48:2222
81.71.33.48:9999
81.71.7.67:8022
82.156.186.245:8099
82.156.196.148:80
82.156.2.25:443
82.156.2.25:8443
82.156.215.69:443
82.156.218.132:443
82.156.239.219:80
82.156.241.148:443
82.156.34.150:443
82.156.34.150:86
82.157.1.215:80
82.157.115.90:443
82.157.14.5:443
82.157.15.31:443
82.157.178.58:443
82.157.178.58:80
82.157.202.27:8091
82.157.96.204:11
83.167.16.138:2222
83.167.16.138:443
83.167.16.138:8080
83.97.20.104:443
83.97.20.104:80
83.97.20.104:8080
84.32.188.124:80
86.105.195.154:443
87.120.8.67:443
88.119.161.42:443
88.119.161.42:80
88.119.161.42:8080
88.119.161.42:8888
88.119.175.137:443
88.119.175.251:443
88.119.175.251:80
88.119.175.251:8080
88.119.175.251:8888
88.214.26.44:443
89.105.213.251:443
89.105.213.251:8080
89.133.24.43:80
89.163.140.204:443
89.163.140.204:80
89.163.145.54:443
89.163.251.143:443
89.163.251.143:4434
89.233.107.193:443
89.41.182.150:443
89.41.182.150:80
89.41.182.150:8080
89.41.182.150:8888
89.44.9.235:443
89.44.9.235:80
89.44.9.250:443
89.44.9.250:80
91.132.3.210:443
91.132.3.210:80
91.134.14.25:1443
91.134.14.25:443
91.185.190.55:443
91.193.19.174:443
91.213.50.101:3389
91.213.50.101:443
91.213.50.101:80
91.213.50.102:3389
91.213.50.102:443
91.213.50.102:80
91.214.124.100:443
91.214.124.100:80
91.234.254.184:443
91.234.254.184:80
91.234.254.184:8080
91.234.254.184:8888
91.236.120.238:1200
92.118.189.254:443
92.118.189.254:4443
92.118.61.114:443
94.103.80.201:4100
94.103.80.201:4101
94.103.80.201:443
94.130.244.31:443
95.179.143.10:443
95.179.143.10:8080
95.179.212.90:8088
96.30.199.194:443
96.30.199.194:80
96.44.160.141:443
96.45.182.187:8022
98.126.23.204:10080
99.79.101.225:443

# Reference: https://raw.githubusercontent.com/IronNetCybersecurity/IronNetTR/main/cobalt_strike/team_servers/2021-08-30.txt

0ffline.offes.co.uk
0x00e.com
365office.tk
BrownAdv.azureedge.net
a93.xyz
aba.abservers.net
adsense.servehttp.com
arsdodd.xyz
banweb.cityu.dev
beast.cybersecuritytesting.net
beff1.com
bennssi.com
brelle2.com
bug.yi567.xyz
buy9185.com
c1.windowsupdates.me
c2.windowsupdates.me
chmowd.xyz
commerce-deal.com
crycat.cn
csma.cf
cyberevilcorp.tk
cymkpuadkduz.xyz
d18krv932r2kbr.cloudfront.net
dwi22g.com
fideclouds.cf
fitt1.net
flashcf.cf
gbl3bsa.global.ssl.fastly.net
gellten-p.com
googlet.ml
goptgrou.global.ssl.fastly.net
health-safety.care
hk.studiteroom.email
hwsrv-874446.hostwindsdns.com
jean911nie.com
jklas.larsdodd.xyz
juletta.in
ksksadjasidjsaidjasionline.xyz
li1556-207.members.linode.com
li2306-87.members.linode.com
login.microsotfonline.us
loopcareer.com
lowicz.work
madersoft.com
microsotfonline.us
myhome.xin
ncvtnb.crycat.cn
redlist.cyou
royal-union-d714.officeupdate.workers.dev
rtascloud.ml
safeconnections.xyz
service-2jzezmo4-1300574342.gz.apigw.tencentcs.com
service-3b40shrd-1259492848.sh.apigw.tencentcs.com
service-46xiujs1-1305236517.bj.apigw.tencentcs.com
service-4fq7sbjd-1251788435.sh.apigw.tencentcs.com
service-62h5nw04-1304664184.hk.apigw.tencentcs.com
service-70yk5ffv-1302233847.bj.apigw.tencentcs.com
service-7101u8gd-1259312707.bj.apigw.tencentcs.com
service-88lff4yo-1258381285.gz.apigw.tencentcs.com
service-8kz3qa82-1252380555.gz.apigw.tencentcs.com
service-cao57eu9-1300400844.cd.apigw.tencentcs.com
service-cv62i2eg-1258558004.hk.apigw.tencentcs.com
service-f8xnept9-1304578925.bj.apigw.tencentcs.com
service-kv7kpkp9-1251201153.bj.apigw.tencentcs.com
service-lxyhuozm-1301500665.gz.apigw.tencentcs.com
service-p05n3e3x-1255997775.bj.apigw.tencentcs.com
service-qv7neitl-1301977346.bj.apigw.tencentcs.com
shop.redlist.cyou
smart.windowsnet.workers.dev
tccmetals.com
test-google.host
till1.net
treres.com
tscf.3322.org
update.jean911nie.com
upload.dwi22g.com
vcsa0114.lowicz.work
vpn.tccmetals.com
waceko.com
weixim.ga
windowsupdates.me
wolfe22.com
www-flashplayer.ml
ys.myhome.xin

# Reference: https://isc.sans.edu/diary/28006

http://106.14.216.76

# Reference: https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/

192.154.79.71:8080

# Reference: https://twitter.com/drb_ra/status/1457040379933564931
# Reference: https://www.virustotal.com/gui/file/e2aa3bd83227898050008744139c17bdcf873511b4aa8278d2254bc5c46ecf5f/detection

http://45.76.212.129
45.76.212.129:2222
45.76.212.129:443

# Reference: https://www.virustotal.com/gui/ip-address/104.243.19.8/detection

http://104.243.19.8
104.243.19.8:443

# Reference: https://www.virustotal.com/gui/file/bd90c091c2b46eadee7e7b4090d9146d0f7511f5704268b5f0baa7e52ede0cba/detection

106.55.60.20:11451

# Reference: https://www.virustotal.com/gui/file/11a7ff878047dc28c28a71f8be8053dcef36d4d55c5073dd0ac8d79d5e32c9b9/detection

106.55.60.20:4555

# Reference: https://www.virustotal.com/gui/file/a56621c0c5bbb997d87d764558b097678867028cfc33b57dc6ec6cd12f4b208d/detection

35.229.143.172:443

# Reference: https://www.virustotal.com/gui/file/d43c1ac681608ecd75f1f9445fcf9eb584088841f83b9fc73f01aa44f49fd639/detection

35.229.143.172:8088

# Reference: https://twitter.com/drb_ra/status/1457076846525304839

spdevhost.com

# Reference: https://twitter.com/drb_ra/status/1457131518900461571

http://81.68.212.18
81.68.212.18:4444

# Reference: https://twitter.com/drb_ra/status/1457258062545399813

http://101.35.107.254
101.35.107.254:8888

# Reference: https://twitter.com/drb_ra/status/1457620350318096386

newton-analytics.com

# Reference: https://twitter.com/drb_ra/status/1457620324736974848

121.40.103.97:8455
rufeng.xyz
my.rufeng.xyz

# Reference: https://twitter.com/mojoesec/status/1457754921546227717

alabamatotana.com
alaskaramana.com
grandseco.com
greenpocx.com
joraman.com
paramanama.com
rismno.com

# Reference: https://twitter.com/mojoesec/status/1457749970644312070

attentionsecuritysys.com
combinesecuritybusiness.com
decidedsecuritybusiness.com
financialsecuritywin.com
fistauditbusiness.com
groupitllc.com
hearingsecuritybus.com
heavysecurityaudit.com
iffysecuritybusiness.com
investmentnowwin.com
investmentreaudit.com
investsystrealestate.com
jumpsecuritybusiness.com
livesecurityservice.com
minutesecuritybsness.com
observermonitor.com
orbssecuritybusisys.com
protonmonitor.com
ratedupwin.cloud
reasonssecuritybus.com
securitsysaudit.com
securitybusinessbeat.com
securitybusinessflat.com
streamdev.net
winsysecuritybusiness.com
withsecuritybusiness.com

# Reference: https://www.virustotal.com/gui/file/be4cec05be9c5fdfa56e1a985394f4a0a2e8aa369367db67d882ba6532017a5f/behavior/Tencent%20HABO

47.74.151.109:80

# Reference: https://www.virustotal.com/gui/file/1ae45fe29a9b8c4481b55552d833156132e716115276441e26d42e57c2783ec7/behavior/Lastline

pandorasong.com

# Reference: https://www.virustotal.com/gui/file/e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8/behavior/Tencent%20HABO

121.36.102.227:443

# Reference: https://www.virustotal.com/gui/file/d27861b9ac1828ed751c77a19ea7ecf0597ff51350c3ec4e521ab29df737d4fb/behavior/Microsoft%20Sysinternals

23.216.147.64:443

# Reference: https://www.virustotal.com/gui/file/408d2a6b2717802298a37c17cf35551114f93d7500d748f831dd734da04d928b/behavior/Microsoft%20Sysinternals

ddos.dnsnb8.net
63.251.106.25:799
23.216.147.64:443

# Reference: https://twitter.com/drb_ra/status/1457769607918329865

edgeservices.biz

# Reference: https://twitter.com/drb_ra/status/1457769506818822146

bilibili.cc
xiao.bilibili.cc

# Reference: https://twitter.com/fr0s7_/status/1458150977278726147

awsmcafee.com

# Reference: https://twitter.com/kyleehmke/status/1459165913027067908

googleupdateonline.com
microsoftmanager.com
officesupport.info

# Reference: https://www.virustotal.com/gui/file/8bd0c08fee9f0a70a085b9640f54efeef54304d5ab26645cc3d0b64d322db714/detection

kesprogrx.com

# Reference: https://twitter.com/malwrhunterteam/status/1455872181695623169
# Reference: https://www.virustotal.com/gui/file/65aa56e4770eb3dd9a5c9d270f982b7e09f5b1aee1c9de12f7dacdecf65e6115/detection

onedriveup.today

# Reference: https://twitter.com/k3yp0d/status/1459821165300654080
# Reference: https://www.virustotal.com/gui/file/129e53ec8953e43827170fa3d4f7ebffc1a1460fd9dce30a941b4d8b7d5122cf/detection

z.blrlabs.com

# Reference: https://twitter.com/drb_ra/status/1459922319518928896

myjquery.club

# Reference: https://www.virustotal.com/gui/file/a392f53396b31d45a8f8af623090a4e3065750cf725781000436c34b0e5683ea/detection
# Reference: https://www.virustotal.com/gui/file/c8164a339dfc39797997cef3bd05cc5d60ef9d82afde2df7f5b6dc5aedccbcd1/detection

185.82.217.3:1234

# Reference: https://twitter.com/mojoesec/status/1460712583065972738

crtdnl.com
demtp.com
dxabt.com
flftp.com
sncbe.com

# Reference: https://twitter.com/bryceabdo/status/1461322045279465476

sochuk.com

# Reference: https://www.virustotal.com/gui/file/c3d7d71c1b6d333596e68b2ff36a8632d9af47367b4e07a97fb636db4675cff4/detection

121.43.141.75:54322

# Reference: https://www.virustotal.com/gui/file/26c0d5e7d81c4898e0e884b5e8a35b48552a20ac582a96febd6bee9b6a7b038b/detection

121.43.141.75:8000

# Reference: https://www.virustotal.com/gui/file/3913f7dea77b3145cab26490eff9fcbe0c34e36b67e2273a909fa2770c64bd09/detection

121.5.252.214:8008

# Reference: https://www.virustotal.com/gui/file/0770825e69f0d94419df01f089ee3e63c39bc1fbf6c6f30f9e740008a3e9085a/detection

121.5.252.214:8848

# Reference: https://www.virustotal.com/gui/file/2542ab9cb9e05b5b980413867f10a65f322906f2019e6061f112775976124b4d/detection

121.5.39.179:10000

# Reference: https://www.virustotal.com/gui/file/41c531d81f3409242183ce873bb0c9d5c4b56353cefb87a266f272a2568a78af/detection

121.5.39.179:8000

# Reference: https://twitter.com/drb_ra/status/1461617380862345224

123.56.117.227:8088

# Reference: https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html

193.135.134.124:8080
193.135.134.124:8081
193.135.134.124:8443
softlemon.net
test.softlemon.net
dark-forest-002.president.workers.dev

# Reference: https://twitter.com/drb_ra/status/1461708184553500673

http://162.14.65.108
162.14.65.108:1443

# Reference: https://twitter.com/drb_ra/status/1461707835482554375

185.225.17.82:8443

# Reference: https://blogs.blackberry.com/en/2021/11/threat-thursday-squirrelwaffle-loader

213.227.154.92:8080

# Reference: https://www.virustotal.com/gui/file/0671152014743de48daccd33b21ccce930b35d6f0d49934ec66ab7cc6c33689f/detection

176.119.158.166:8089

# Reference: https://www.virustotal.com/gui/file/e6f75cd3db9365f6d21c9e8e1caf3f1da9d68eadcc5e688c526b971bfbcf82d8/detection

176.119.158.166:1022

# Reference: https://twitter.com/drb_ra/status/1461798700288811013

d3788l8s1a9sdt.cloudfront.net

# Reference: https://twitter.com/h2jazi/status/1458794565968748545

tigerdrill.xyz

# Reference: https://twitter.com/mojoesec/status/1458537885351784452

bobyfrank.com
gostnamara.com
grupostefano.com
jobefur.com
kertisbank.com
modasum.com
sujaxa.com
svedroom.com

# Reference: https://twitter.com/mojoesec/status/1457754921546227717

alabamatotana.com
alaskaramana.com
grandseco.com
greenpocx.com
joraman.com
paramanama.com
rismno.com

# Reference: https://twitter.com/mojoesec/status/1455240516946350091

breelja.com
codeguf.com
denjeromic.com
flyurb.com
fofguru.com
fudsport.com
hromdez.com
mounjump.com
zarbgo.com

# Reference: https://twitter.com/mojoesec/status/1450550237622329353

auditsysmonitoring.com
dasfipjefasd.xyz
tebo-tech.com
turbojax.com
winsysmon.nl
winsysmon.us
winsysmonitoring.com

# Reference: https://twitter.com/mojoesec/status/1450173258406498309

atlantafr.com
cirolabs.de
gdtechs.xyz
jersydok.com
virtdoki.com

# Reference: https://www.virustotal.com/gui/file/f85806c2187d46ba23c0fd2e7a0decb7bc27e656aa0881a6bfc05a050a4b83c3/detection

101.34.205.66:443

# Reference: https://twitter.com/drb_ra/status/1462704801142251520

azeast-cdn.azureedge.net

# Reference: https://www.virustotal.com/gui/file/17724db270cbef02a9da5af5e070f177a7921d1c2d9d140d6f63a48e8dc450f7/detection

carmellof.com

# Reference: https://twitter.com/drb_ra/status/1463084907803066372

thomas-jefferson.org

# Reference: https://www.virustotal.com/gui/file/8e99e9c9869080b676e35a0d552fe0a4f081665d90fc5917ad84159ad4b61b0f/detection

172.67.200.154:2052
qxwc.tk

# Reference: https://twitter.com/drb_ra/status/1463157402086391818

unsinorg.cf

# Reference: https://twitter.com/drb_ra/status/1463157356091564034

ls666.space
aliyun-hangzhou.ls666.space

# Reference: https://twitter.com/drb_ra/status/1463157554809352198

javainfo.xyz
info.javainfo.xyz

# Reference: https://twitter.com/InQuest/status/1463172778786537476

http://193.168.1.96

# Reference: https://twitter.com/TheDFIRReport/status/1463175512000368640

pwn-t.tk
a.pwn-t.tk
firewall.azureedge.net
feed61.azurewebsites.net
rnjpidi5ie9jdcaym.azureedge.net

# Reference: https://www.virustotal.com/gui/file/61a6d1fd5dbd809db683fc9b12e3b2cb355476488d57b0919e584c415747e1a2/detection

flash-update.me
ns1.flash-update.me

# Reference: https://twitter.com/drb_ra/status/1463881438789578755

updatenotepadplus.ml

# Reference: https://twitter.com/drb_ra/status/1463881397232414726

/aaaukssssssssssssssssssssssss/sportssssssssss
/aaaukssssssssssssssssssssssss/
/sportssssssssss

# Reference: https://twitter.com/drb_ra/status/1464178846098407426

wangzha156.xyz

# Reference: https://www.virustotal.com/gui/file/74360c1f2c6333e3eca46408fd3a394690bee4a46e65d80f4142e7a936b07e2c/detection

180.215.226.2:8181
193.36.112.189:7456

# Reference: https://twitter.com/drb_ra/status/1464247810988064781

66.42.40.60:8080
tscf.3322.org

# Reference: https://twitter.com/drb_ra/status/1464269008547586050

47.107.76.95:12345

# Reference: https://twitter.com/Unit42_Intel/status/1463178309160906753

zuppohealth.com

# Reference: https://twitter.com/drb_ra/status/1464334294940373000

cybersecureux.com

# Reference: https://twitter.com/drb_ra/status/1464721912643436544
# Reference: https://twitter.com/drb_ra/status/1464721915009015818

139.180.135.129:2096
analyzing.ml
wwww-flashplayer.ml

# Reference: https://twitter.com/drb_ra/status/1464927125287354371

37.221.65.161:8080

# Reference: https://twitter.com/drb_ra/status/1465240369998741510

yowewak.com

# Reference: https://twitter.com/mojoesec/status/1465424616793550850

fobisu.com
juxudiz.com
noboza.com
solehem.com
vecegup.com
zamefi.com

# Reference: https://twitter.com/drb_ra/status/1465783730757324802

arrogancly.cn

# Reference: https://www.virustotal.com/gui/file/00906f1cf709f6591880f952da59f41a3019944d23824e000592fe7de035c446/detection

45.9.148.138:443

# Reference: https://www.virustotal.com/gui/file/7839edec315210ae4a9b205845e527ed24f55b47608a67781284489d96395772/detection

121.5.246.9:1111

# Reference: https://twitter.com/drb_ra/status/1466351281463828482

csssmddx.cf
cs.csssmddx.cf

# Reference: https://twitter.com/drb_ra/status/1466351232507949057

lkea.store
api.lkea.store

# Reference: https://twitter.com/drb_ra/status/1466714320868458498

bilibili.cn
vip.bilibili.cn

# Reference: https://twitter.com/drb_ra/status/1466739011993616391
# Reference: https://twitter.com/drb_ra/status/1466739015609114624

18.193.85.116:8080
18.193.85.116:8081

# Reference: https://twitter.com/drb_ra/status/1466533698875109376

http://101.32.116.227
101.32.116.227:8000

# Reference: https://twitter.com/drb_ra/status/1466895874567593985

http://23.224.70.154
23.224.70.154:3332

# Reference: https://www.virustotal.com/gui/file/71756d6df1ca627c3ca9a04ee5756964f44bcc9cbd3db560867152bee09a22dc/detection

103.164.203.152:443

# Reference: https://twitter.com/drb_ra/status/1467076885112930304

http://120.132.81.238
120.132.81.238:65432

# Reference: https://twitter.com/drb_ra/status/1467076712919932928

96.45.167.31:8080
si1entgr0.xyz
aaa.si1entgr0.xyz

# Reference: https://twitter.com/drb_ra/status/1467077015631187972

45.76.219.39:443
apname.org
itts.apname.org
tech.apname.org

# Reference: https://www.virustotal.com/gui/file/ae210781539e2ec11b5ea2beaa55d6adfa623d0b2635e09ba5499c3c9dbad9f7/detection

http://1.117.145.147

# Reference: https://www.virustotal.com/gui/file/04c8ec85e8febee27976aabd8a6d1cbfdfe4120480cc55100506360b2e82d752/detection

http://121.43.134.91

# Reference: https://www.virustotal.com/gui/file/fce8aee04073dcd2a07a98195871a70c2f87d4fcb60b61f220813d3d811030aa/detection

121.43.134.91:3333

# Reference: https://www.virustotal.com/gui/file/b782838c4e0b3a6ae684cb43042588174c3ea70c775839cdaa536d4d95aebbf6/detection

173.249.63.184:4332

# Reference: https://www.virustotal.com/gui/file/fb0b36aba1b7abe8fe5688766db40aea3d4f61945c20fa287322fe25778834c9/detection

42.193.116.23:8899

# Reference: https://www.virustotal.com/gui/file/22ea7c57540cf410510c7997a6f83c8ce86bab8de002775c3adb041365af1fcf/detection

http://194.163.180.95

# Reference: https://www.virustotal.com/gui/file/5f7afb1e3518bc7b4f7020751f8b4be296cca83d12d4efbebc6f81f83c970779/detection

194.163.180.95:47474

# Reference: https://twitter.com/midnight_comms/status/1458653531674611712

154.86.58.118:6666

# Reference: https://www.virustotal.com/gui/file/a59259a5023b1788628c119e7ac49bfd4ebe587cbf983fb0a98833f9b46ace94/detection
# Reference: https://www.virustotal.com/gui/file/8f3207e6f53fd346e1fdc84618b68dfb2e469d5e873210692ef21057ed5b707b/detection

104.219.214.120:40333

# Reference: https://www.virustotal.com/gui/file/8a1441e85a685230ab7aa5e724392ad4859d41095ed8dee2867cfb861ce09115/detection

81.68.246.235:5555

# Reference: https://twitter.com/drb_ra/status/1467259549455470595

yangming.cf
a.yangming.cf

# Reference: https://twitter.com/drb_ra/status/1467550301280481292

23.106.155.254:25141

# Reference: https://twitter.com/drb_ra/status/1467550281214877705
# Reference: https://twitter.com/TheDFIRReport/status/1467875225924784130

localhost-microsoft.com
msfthelpdesk.com
msnlivemail.com
svchost.azureedge.net
telus.azurewebsites.net
update.msnlivemail.com
download.localhost-microsoft.com

# Reference: https://twitter.com/TheDFIRReport/status/1467860126077911043
# Reference: https://www.shodan.io/host/150.136.163.159

http://150.136.163.159
150.136.163.159:111
150.136.163.159:21
150.136.163.159:22
150.136.163.159:3306
150.136.163.159:443
150.136.163.159:444

# Reference: https://twitter.com/mojoesec/status/1467940624255135756
# Reference: https://twitter.com/mojoesec/status/1467940626717200384
# Reference: https://twitter.com/mojoesec/status/1467940628399108096

baranartana.com
gorilabiras.com
harmanakat.com
hatoramonara.com
jartynara.com
labavamty.com
martabana.com
martabataoa.com
martinatrba.com
naratabavaz.com
ramartabara.com
ubartyma.com
yormanavar.com
zarioalanabar.com

# Reference: https://twitter.com/drb_ra/status/1467957874521513991

104.168.236.152:8880
101amon.buzz

# Reference: https://twitter.com/drb_ra/status/1468229811692843015

45.43.60.220:5555
okfuck.xyz
jj.okfuck.xyz

# Reference: https://twitter.com/drb_ra/status/1468229679769395222

whoismrrobot.xyz
api.whoismrrobot.xyz

# Reference: https://twitter.com/drb_ra/status/1468229858086076428

techdevcorp.com

# Reference: https://twitter.com/drb_ra/status/1468230001338327047

zzzsec.tk
test.zzzsec.tk

# Reference: https://twitter.com/drb_ra/status/1468230049962905612

ubartyma.com

# Reference: https://twitter.com/drb_ra/status/1468229947470893069

wiweboj.com

# Reference: https://twitter.com/1ZRR4H/status/1468316371805220864

fermanin.com
hamazem.com
lartmana.com
martinatrba.com
sucemiz.com
yonepi.com

# Reference: https://twitter.com/Yeeb_/status/1468190986354446345

greensouq-eg.com
skilltechno.com
unifp.com

# Reference: https://twitter.com/1ZRR4H/status/1468359904964583425

ramartabara.com
ubartyma.com

# Reference: https://www.virustotal.com/gui/file/fc96c983c50c1bff472e9892bc51b2fe7f7e5f2b69ba6b4b136106b104b8501e/detection

107.173.255.106:8889

# Reference: https://www.virustotal.com/gui/file/997b9e2dfd10eb0a22d5f2a34c1176d0fabd367922dc395a258b06a4a2636d37/detection

81.68.178.184:6666

# Reference: https://twitter.com/drb_ra/status/1468501772306206726

/Mozalla/dnajsdnaksd/
/Mozalla/
/dnajsdnaksd/

# Reference: https://twitter.com/drb_ra/status/1468501521071579137

65.49.222.180:5555

# Reference: https://twitter.com/drb_ra/status/1468501669805764609

nvoice-mail.com

# Reference: https://twitter.com/drb_ra/status/1468501587358277632

micrcscft-store.com

# Reference: https://twitter.com/drb_ra/status/1468501723941642242

bqtconsulting.com

# Reference: https://twitter.com/drb_ra/status/1468501598666170369

http://8.218.160.170

# Reference: https://twitter.com/drb_ra/status/1468526734446370817

1.116.27.36:8080

# Reference: https://www.virustotal.com/gui/file/c2ace5bf8f6f96053d2365f05f1764ecbef11884487ce6ed825ff4a096c2d456/detection

gov-solutions.tech

# Reference: https://www.virustotal.com/gui/file/894acf38acbd961c9653f9460b9fddea2f31c8df6dfc59205c5e3b342e261421/detection

64.69.57.201:443

# Reference: https://twitter.com/drb_ra/status/1468553155692707840

http://195.30.132.205

# Reference: https://twitter.com/drb_ra/status/1468888928451244033

23.234.216.130:2095
amazonec2cloud.top
time.amazonec2cloud.top

# Reference: https://www.virustotal.com/gui/file/3f13e9bc8011c8bc8f3d7cb9a616ed6da1b6f16d9fcaa65d29d81caf2d5574d3/detection

guvonuk.com

# Reference: https://twitter.com/drb_ra/status/1468953216385753090

1252917766.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1468953157086728192

gfjjblnoihugfjdrhcjgvhb.com
/pkgs/_/ms/update/

# Reference: https://twitter.com/drb_ra/status/1468979971637002243

119.91.252.109:8080

# Reference: https://twitter.com/drb_ra/status/1469045129818353667

45.158.231.141:8889

# Reference: https://twitter.com/drb_ra/status/1469045129818353667

154.9.204.191:91

# Reference: https://twitter.com/drb_ra/status/1469045060406849541

igovservice.net
webmail.igovservice.net

# Reference: https://twitter.com/drb_ra/status/1469068749672230916
# Reference: https://twitter.com/drb_ra/status/1469433728048971776
# Reference: https://twitter.com/drb_ra/status/1469433839110041600

5.255.97.105:1723
5.255.97.105:4444
5.255.97.105:8888
cragdesk.com

# Reference: https://twitter.com/drb_ra/status/1469251775043670017
# Reference: https://twitter.com/drb_ra/status/1469433928700375043
# Reference: https://twitter.com/drb_ra/status/1469434112352174082

209.141.52.93:389
209.141.52.93:4444
209.141.52.93:8080
solvaq.com

# Reference: https://www.virustotal.com/gui/file/991237da053a07ba54dd8bff06aae0ecf756cbfe0f702a1b39188e837bb8af6c/detection

http://5.188.206.214

# Reference: https://www.virustotal.com/gui/ip-address/5.188.206.217/relations
# Reference: https://www.virustotal.com/gui/file/156d77bd6400c22225c2497c43dca208186a01acf7a84dc35c758b1e60be7cb8/detection
# Reference: https://www.virustotal.com/gui/file/58fe396896b3705bb5b732466f530648d2d8e7f46665709f5e6224f4f9633496/detection

5.188.206.217:443
winnerishere.life
yourladiefun.life

# Reference: https://www.virustotal.com/gui/file/913caf22b8bfe221623f56ba432b9881f277068bf5465801ab7da6844817c79b/detection

5.188.206.220:443

# Reference: https://www.virustotal.com/gui/ip-address/5.188.206.222/relations

doyourbestdate.life
maxrevenue.life
revenueunlimited.life

# Reference: https://twitter.com/TheDFIRReport/status/1469305917954932737

binsoxe.com
bunced.net
deriklo.com
ravenzt.com
zincuz.net

# Reference: https://twitter.com/drb_ra/status/1469343525460451340

23.224.181.102:2000
hlingxbm.xyz

# Reference: https://twitter.com/drb_ra/status/1469407578195124229

116.85.42.75:8080

# Reference: https://twitter.com/drb_ra/status/1469407616719855619

tencent-qq-com.cf

# Reference: https://twitter.com/drb_ra/status/1469433954025496581

34.92.42.204:2443

# Reference: https://twitter.com/drb_ra/status/1469434201984413698

18.222.122.32:8443
/messages/jpPjFvPsk5lhr3OydqbUvoMnlhg7i9Mu-k9
/jpPjFvPsk5lhr3OydqbUvoMnlhg7i9Mu-k9

# Reference: https://twitter.com/drb_ra/status/1469434088453029895

8.134.68.11:8010

# Reference: https://twitter.com/drb_ra/status/1469434033616605189

jiubie.tk

# Reference: https://twitter.com/drb_ra/status/1469434064029552648

144.76.110.53:8080

# Reference: https://twitter.com/drb_ra/status/1469433895317917696

43.254.217.171:8081

# Reference: https://threatfox.abuse.ch/ioc/225814/
# Reference: https://twitter.com/drb_ra/status/1476500948281446402

35.220.158.136:44444
/wp06/wp-includes/po.php
/wp08/wp-includes/dtcla.php

# Reference: https://twitter.com/drb_ra/status/1469433865492221960

185.130.214.98:4431

# Reference: https://twitter.com/drb_ra/status/1469433666107551748

59.52.187.224:81

# Reference: https://twitter.com/drb_ra/status/1469434007838416899

164.155.72.39:8881
erikten.cn
cs.erikten.cn

# Reference: https://twitter.com/drb_ra/status/1469433800270749700

dm0joizg99a57.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1469588899743911936

sdilok.com

# Reference: https://twitter.com/drb_ra/status/1469588715097964549

zevucad.com

# Reference: https://twitter.com/drb_ra/status/1469588831234146307

myteamserver.online

# Reference: https://twitter.com/drb_ra/status/1469588789383340033

service-j3401n0u-1253135025.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1469615287637098499

101.42.90.43:50000

# Reference: https://twitter.com/drb_ra/status/1469615250026954752

192.144.218.97:8080

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-12-10-IOCs-for-TA551-IcedID-infection-with-Cobalt-Strike-and-DarkVNC.txt

solobiv.com

# Reference: https://twitter.com/drb_ra/status/1469693644890415105

34.92.88.191:8084

# Reference: https://twitter.com/drb_ra/status/1469434815640481795

109.71.254.248:4444
bbakum.com

# Reference: https://www.virustotal.com/gui/file/02793b0ddf89b769c9192f9546385faf4f07c48a3d5375fbb7993877adb159a1/detection

82.157.143.47:6666

# Reference: https://www.virustotal.com/gui/file/e7d24af5c7352f321b6f0f00f9790e6e33703514f3250babd9848eb11d1b0a2f/detection

http://101.36.112.72

# Reference: https://www.virustotal.com/gui/file/75abd5cbc5b7ab2b827691e9b77eda309f69d0266c3149e3af2100a306fc2d44/detection

carpricelow.com

# Reference: https://twitter.com/drb_ra/status/1469797095850881039

176.121.14.47:441

# Reference: https://twitter.com/drb_ra/status/1469973103262449664

8.141.151.190:8443

# Reference: https://twitter.com/drb_ra/status/1470005428658520066

193.117.208.146:7500

# Reference: https://twitter.com/drb_ra/status/1470119299406868484
# Reference: https://twitter.com/drb_ra/status/1470119173086973960

34.217.123.249:10001
34.217.123.249:10002
svchosts.myvnc.com
svchosts1.ddns.net

# Reference: https://twitter.com/drb_ra/status/1469821978114670601

dok19qm1dai5g.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1470160080360427527

kilimsse.com

# Reference: https://twitter.com/drb_ra/status/1470160290096586755

adhd-disorder.com
hippa.us
watchingfreetv.live

# Reference: https://twitter.com/TheDFIRReport/status/1470373414867197955

gawocag.com
hiduwu.com

# Reference: https://www.virustotal.com/gui/file/60c25dd4a0a2694c9ad7425aa188b93b9f1e2f54d74d52b9c1429632085a3364/detection

http://85.217.171.36

# Reference: https://twitter.com/_brettfitz/status/1430572161136214021

trendmicrocdn.com
twltte.com
check.trendmicrocdn.com
static.twltte.com

# Reference: https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/

http://47.243.78.246
170.178.196.41:1111
170.178.196.41:35244
170.178.196.41:8080

# Reference: https://www.virustotal.com/gui/file/3982fd515abb17f3aa3910e548beadc593dfc9e4b4be1fc9736d14fd79dfd366/detection

141.98.83.139:16821

# Reference: https://www.virustotal.com/gui/file/48cb00144c6c547f8038ce8f19720a42b68312a2ef81e019b4a6a4005c7c2653/detection

141.98.83.139:4943

# Reference: https://www.virustotal.com/gui/file/8ebd58c06b6109c12b2cd1a65e0f490d4588cddf20fbf5658e83bcdad36d415f/detection

141.98.83.139:10330

# Reference: https://www.virustotal.com/gui/file/0c6efb79dbc6914a7d1af5e3b18a47b65fe0c2a2ba4c336d54d53c932fbc31db/detection

141.98.83.139:22670

# Reference: https://www.virustotal.com/gui/file/8b0a6d84fa91531b9ab5e8a86e74ea98c9cd07538a13e601017757f7c788c130/detection

141.98.83.139:21456

# Reference: https://www.virustotal.com/gui/file/7b8af6b05fc6664536a6e03eb254d4fdc7a2ea0b23b535518c3f19fea87b58c3/detection

141.98.83.139:3011

# Reference: https://www.virustotal.com/gui/file/072aef449d399913cd4d416c0388573ef66ba2f5ff6c9d54343200a64535b0c4/detection
# Reference: https://www.virustotal.com/gui/file/0ac4f7898cd6ca9f8c834743642d6d7c79c5289c4603fbe01cb7f39d93775550/detection
# Reference: https://www.virustotal.com/gui/file/8184e1ccaf19f8c1ba987002ee0f97fbda77b06bf50456cb7d89c3bf3c53fea8/detection

141.98.83.139:3031

# Reference: https://www.virustotal.com/gui/file/2f7548bc3fddc5c1869eedc358708db358b81e21a5306af9e91fad6a4582076c/detection

141.98.83.139:8267

# Reference: https://www.virustotal.com/gui/file/ca97aeadb90dcc5b2a5f832ec9d27bfae8233137d584521a2d25da5fb3188738/detection

141.98.83.139:6422

# Reference: https://www.virustotal.com/gui/file/c8d9a69a562aca2eebdc997c9d588a0b18771b5f6fbf0de5e007703ecd5e76f9/detection

141.98.83.139:12198

# Reference: https://www.virustotal.com/gui/file/4d634b3c45e0118f3f370f0e84aa1fab10bc0e33082780272f543293a83ab58c/detection

141.98.83.139:19754

# Reference: https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/
# Reference: https://www.virustotal.com/gui/file/760839a67fbd2b2b00bd4384af69e0f22a90a8da1a5695b6ef4d67dc459684c9/detection

141.98.83.139:18080
141.98.83.139:9883
/nG60k1/RWjxFwxCBE
/nG60k1/
/RWjxFwxCBE

# Reference: https://twitter.com/drb_ra/status/1470495681580347400

visont.net

# Reference: https://twitter.com/drb_ra/status/1470495528920227842

d112hjcuuvzrra.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1470495792033157137

173.82.187.137:8801

# Reference: https://www.virustotal.com/gui/file/2c568da9e5b57d99dd1934aa7dd4a463bc1d761c236ea89b171e58389ed1e2c9/detection

195.123.228.161:25356

# Reference: https://twitter.com/drb_ra/status/1470766378122629123

peaeoneu.cc
cdn.peaeoneu.cc

# Reference: https://twitter.com/Unit42_Intel/status/1470778363254128651

api.musicbee.getlist.destinycraftpe.com

# Reference: https://twitter.com/malware_traffic/status/1470812160427233294

bqtconsutling.com

# Reference: https://twitter.com/drb_ra/status/1470854495873777670
# Reference: https://twitter.com/drb_ra/status/1470854532230000640

194.156.98.129:2095
194.156.98.129:2096
meiqai.xyz
meqia.xyz
globalmeichat.org
meichatgroup.org

# Reference: https://twitter.com/h2jazi/status/1470862834921783305
# Reference: https://www.virustotal.com/gui/file/53f7c0cc585ac706e9680152e3805215719008fed37fc85b0e3042d24d219a43/detection

http://188.49.118.39

# Reference: https://www.virustotal.com/gui/file/51ed3fef61bf2ba50a67cac82a36655a4d78a7a1b3512d91f6bd84c6b135feec/detection

http://150.109.111.208

# Reference: https://www.virustotal.com/gui/file/4b09687e95b4e7efd9407c785bb48686fa56db884fa9ca5ad53fb398e8c33e02/detection

150.109.111.208:40001

# Reference: https://twitter.com/drb_ra/status/1471066785642393601

vishorts.com

# Reference: https://twitter.com/drb_ra/status/1471066955205517313

78.47.88.87:4444
pfunt.com

# Reference: https://twitter.com/drb_ra/status/1471066908774522883

167.179.64.7:8070

# Reference: https://twitter.com/drb_ra/status/1471066688678420481

d37ai0j9ekf6sm.cloudfront.net
d3ak3fbz31m1u7.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1471066689752158208

d1q1gmujdwgeju.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1471066687420215300

d35ixxvnyqldyc.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1471066997966393347

139.180.223.138:8080

# Reference: https://twitter.com/drb_ra/status/1471066637235331077

91.236.120.238:1371
ksdb.ru
mscrl1.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1471066802260221953

xkxk.info

# Reference: https://twitter.com/Max_Mal_/status/1471211346477961217

185.162.235.176:8888
junfs.com

# Reference: https://twitter.com/drb_ra/status/1470404838731272196

siloam.com
publiccdnie.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1471219326233587715
# Reference: https://twitter.com/drb_ra/status/1471219495259754501

18.212.48.22:8443
3.82.252.201:8080
webinars-epom.com

# Reference: https://twitter.com/drb_ra/status/1471234006805102594

liveschool.us

# Reference: https://twitter.com/drb_ra/status/1471234042624458760

23.234.242.236:8088

# Reference: https://twitter.com/drb_ra/status/1471233976991981587

23.94.218.112:1234

# Reference: https://twitter.com/drb_ra/status/1471154937514102791

service-l6j88pzg-1300868263.gz.apigw.tencentcs.com

# Reference: https://twitter.com/1ZRR4H/status/1471267317925437446
# Reference: https://www.virustotal.com/gui/file/02958f16fe350f83b00cb58ccc77f271ebaa4ef933fcd4178dc8d235e0b29a82/detection

http://103.208.86.7
http://103.208.86.19
http://103.208.86.20
http://103.208.86.21
http://103.208.86.22
http://103.208.86.27
http://103.208.86.39
http://103.208.86.44
http://103.208.86.64
http://103.208.86.68
http://103.208.86.70
103.208.86.7:443
103.208.86.19:443
103.208.86.20:443
103.208.86.21:443
103.208.86.22:443
103.208.86.27:443
103.208.86.39:443
103.208.86.44:443
103.208.86.64:443
103.208.86.68:443
103.208.86.70:443
koltary.com

# Reference: https://www.virustotal.com/gui/file/6414050600ac4e1683cfd47f64d8768c2b9cda25fbb722a4d347efb84811cdec/detection

207.148.112.209:8989

# Reference: https://www.virustotal.com/gui/file/16b823fe2407da87f2a71f4a787ffa14940b3d8140e47fab4032b6937d54d520/detection

207.148.112.209:6007

# Reference: https://www.virustotal.com/gui/file/0fc1f2e20d5f6fa6f530742c1c71f908f3116a443ca293b86111c1606a57b7cf/detection

1.13.253.132:443

# Reference: https://www.virustotal.com/gui/file/704c478a6e7adfc8d463370ca1e09e4edcf9be024eecf5561b8eef25b8d2154f/detection

1.13.253.132:1689

# Reference: https://www.virustotal.com/gui/file/91b9daefa609769552141b1f2a8710ddc486bcf3accb21c8e4508aef151d9167/detection

http://1.13.253.132

# Reference: https://www.virustotal.com/gui/file/d63ca1f88d5ae76ad6685bab53594a2b2f396f8d4bfd2adde8cb6563d2fc6d29/detection
# Reference: https://www.virustotal.com/gui/file/0229935d0e5be4cc737d5ce7085efe95d857419b77a3d2405f5ee44334a80ad5/detection
# Reference: https://www.virustotal.com/gui/file/cd9077bf07eb4183aa5d7093cd32c9fddc43e2ecba91a682d666b041c39a4cd2/detection

http://8.142.8.91

# Reference: https://www.virustotal.com/gui/file/de873d0e6962550b84a993767fa89dc8640da7c58f9d4663ef7304e7f9bb30e4/detection

82.157.157.102:8888

# Reference: https://www.virustotal.com/gui/file/28a547a2517c9d9780db5590713fbbb2a65f7c4fe4825b793164d8445fc8cc6a/detection

106.75.65.29:8001

# Reference: https://www.virustotal.com/gui/file/67788efc179395cf84ef791425445681742822abb64a4e62682c6bfe20b5d640/detection

121.4.39.110:8081

# Reference: https://twitter.com/drb_ra/status/1472668862109954055

rijkzijn.nl
systest.nl
uwprivatebank.nl

# Reference: https://twitter.com/drb_ra/status/1472900933596106754

193.117.208.147:7700

# Reference: https://www.virustotal.com/gui/file/67788efc179395cf84ef791425445681742822abb64a4e62682c6bfe20b5d640/detection

121.4.39.110:8081

# Reference: https://twitter.com/Max_Mal_/status/1473030210442477570

shvano.com

# Reference: https://www.virustotal.com/gui/file/cbf4d5007cb5df41c837a571159856da2c9f465a2e32cf515067adb52d13adef/detection

64.227.20.104:10003
cs40test.ddns.net

# Reference: https://twitter.com/Max_Mal_/status/1473359449347792904

185.203.118.99:4444
quues.com

# Reference: https://twitter.com/drb_ra/status/1473813162520727552

godgives.me

# Reference: https://www.virustotal.com/gui/file/5d625334792652f73dcaaca7ad53e94dc36d50d0f5dc0d53cd487fb80ba4abf3/detection

101.35.56.253:8000

# Reference: https://twitter.com/drb_ra/status/1473962849462632454

travelboone.com

# Reference: https://twitter.com/drb_ra/status/1474041164668014601

52.163.85.44:6666

# Reference: https://twitter.com/drb_ra/status/1474299756256153615

flreeyes.com

# Reference: https://www.virustotal.com/gui/file/70fdae937a4b908d33999abe359b87d860dcb4f90f9e70d329609fcb180d4d70/detection

139.155.77.62:50050

# Reference: https://twitter.com/drb_ra/status/1474375445122531361

gfgrouphk.com

# Reference: https://twitter.com/drb_ra/status/1474397300726407215

service-14v4pnqn-1259219677.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1474141271530737664

185.170.214.95:995
bluecfg.com

# Reference: https://twitter.com/drb_ra/status/1474324452087414811

cybertower.xyz

# Reference: https://twitter.com/drb_ra/status/1474141601555533838

92.118.151.22:8080
unbileaveable.com

# Reference: https://twitter.com/drb_ra/status/1474141302291841026

d17vo3ygjck7t2.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1474141237691179013

evalstars.com

# Reference: https://twitter.com/drb_ra/status/1474141196914208770

23.227.190.205:8080
keyedge.digital

# Reference: https://twitter.com/drb_ra/status/1473963175930474504

readteam.club

# Reference: https://twitter.com/drb_ra/status/1473963110570594306

104.156.63.145:8888
cloubfiare.digital

# Reference: https://twitter.com/drb_ra/status/1473962658500161541

limanowa.top

# Reference: https://www.virustotal.com/gui/file/acb47a168a8880242f12c10e66d49e604b5e09f54ed48763a0376539356f107b/detection

121.43.101.210:6001

# Reference: https://www.virustotal.com/gui/file/3090dd93997d1bb18ba61a4a6f1b235629c2c877fea30eb6c302eabf632a910f/detection

118.31.76.225:55555

# Reference: https://www.virustotal.com/gui/file/9d8a0a219140af082c6107a06b458c6ad47af19eeff2f4a5c2b67d9e70a621fe/detection

158.247.222.243:6789

# Reference: https://www.virustotal.com/gui/file/3364b265d55ed9a80fbaccd12bceda631346b89949500867d023e8656265e5f5/detection

158.247.222.243:8848

# Reference: https://www.virustotal.com/gui/file/423470ac0e9c38d5b3abf8c56cdd600e4e79bb158bd0e3b7417efb8a6b0bedba/detection

23.234.242.236:8099

# Reference: https://www.virustotal.com/gui/file/c69e09c28b6f48bc07aec6d5370001024c848e94d6889508dc751d4ee1350dab/detection
# Reference: https://www.virustotal.com/gui/file/9cba4edb6fcc8a91707337c0235c6bb3a17879c8c9dcf6075729e984fc0164d3/detection

114.132.242.102:5353
114.132.242.102:8000

# Reference: https://twitter.com/th3_protoCOL/status/1474490610581004288
# Reference: https://twitter.com/1ZRR4H/status/1474647444520587264
# Reference: https://www.virustotal.com/gui/file/0d3750ac80146d1c1b6abb0fa27eb6ef6071f6f048b1949ecfeffe3136a000c0/detection

codasal.com 
dolulifati.com
fulujam.com
kozoheh.com
minogohacu.com
ragojel.com
sufebul.com
vafici.com

# Reference: https://twitter.com/drb_ra/status/1474662096625442819

47.100.221.5:90

# Reference: https://twitter.com/drb_ra/status/1474685132191711232

adwlabs.top

# Reference: https://twitter.com/drb_ra/status/1474685196171681799

http://206.189.90.106

# Reference: https://twitter.com/drb_ra/status/1474685098838695942

http://185.7.214.222

# Reference: https://twitter.com/drb_ra/status/1474685058736963587

microsoft.radio.fm

# Reference: https://twitter.com/drb_ra/status/1474684998007590916

aimages.nuomi.com

# Reference: https://twitter.com/drb_ra/status/1474684954793713666

blmsupport.us

# Reference: https://twitter.com/drb_ra/status/1474684887819071491

techbotlook.info

# Reference: https://twitter.com/drb_ra/status/1474684836749139970

secrdp.icu

# Reference: https://twitter.com/drb_ra/status/1474684805593849859

81.68.147.136:18080

# Reference: https://twitter.com/drb_ra/status/1474684673930543104

168.100.10.92:8591

# Reference: https://twitter.com/drb_ra/status/1474662057584828421

173.82.104.3:11443

# Reference: https://www.virustotal.com/gui/file/68c05b69e8692c22c0e8c66c28d9a5abdfc93d65e24509052c9b072176a378b1/detection

47.104.10.92:443

# Reference: https://www.virustotal.com/gui/file/fb7f28c8a6ccf86d1e99202f0a51114da4b6d1385dc7eeccb17358e864458052/detection

47.104.10.92:8022

# Reference: https://www.virustotal.com/gui/file/df5d4844f26a9a88fa36d005878d10477fd150b33b48d90ecc2da19d5901f9b3/detection

94.130.78.195:3444

# Reference: https://www.virustotal.com/gui/file/e7b6223dcefef019443a02d01172c0091d34e6dce35b5181689223763483f46b/detection

47.98.242.152:443

# Reference: https://www.virustotal.com/gui/file/5e3b3d80fb2f8837caca876e07ec09d5a831e21660a23fa1be4a0e405ef51359/detection

47.98.242.152:8888

# Reference: https://www.virustotal.com/gui/file/b18adb666c8f54076445633b9b2448de4165def69aa6da547a3fb8df81b3671e/detection

http://120.78.155.42

# Reference: https://twitter.com/drb_ra/status/1474712582963572742

146.59.12.90:8080

# Reference: https://twitter.com/drb_ra/status/1474752795672784901

c044bc8809ed5.cname.frontwize.com

# Reference: https://twitter.com/drb_ra/status/1474752703767138304

http://85.208.184.59

# Reference: https://twitter.com/drb_ra/status/1475075659189870592

210.215.129.122:443

# Reference: https://twitter.com/drb_ra/status/1475140802875727874

149.28.74.245:2087
baidui.tk

# Reference: https://twitter.com/drb_ra/status/1475140764590088194

45.63.127.117:8080
uestcedu.com

# Reference: https://twitter.com/drb_ra/status/1475140923906568195

45.195.155.20:443

# Reference: https://twitter.com/drb_ra/status/1475140858773184516

aspnet0sys.tk

# Reference: https://twitter.com/drb_ra/status/1475140728628170760

service-pg5544wx-1307188804.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1475140962183700488

121.36.97.57:443

# Reference: https://twitter.com/drb_ra/status/1475140996031815681

43.134.188.45:443

# Reference: https://twitter.com/drb_ra/status/1475141038058704896

http://185.245.42.177
103.30.43.205:81
185.245.42.177:433

# Reference: https://twitter.com/drb_ra/status/1475140896182177794

92.255.85.85:88

# Reference: https://twitter.com/drb_ra/status/1475140686747947017

159.75.70.33:2095
microsoftedgeupdate.com
2021.microsoftedgeupdate.com

# Reference: https://twitter.com/drb_ra/status/1475140336850776077

190.123.45.34:8080

# Reference: https://twitter.com/drb_ra/status/1475140585178779650

windowspowerr.com
download.windowspowerr.com

# Reference: https://twitter.com/drb_ra/status/1475140692955615240

service-exmv2txo-1304204648.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1475140272413712397

149.28.74.245:2083

# Reference: https://twitter.com/drb_ra/status/1475140099730034689

service-7589z010-1257374261.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1475140495068352517

167.179.79.180:2096
globalmeichat.org
meichatgroup.org
mymeiqia.org

# Reference: https://twitter.com/drb_ra/status/1475140130918866957

http://121.37.21.123

# Reference: https://twitter.com/drb_ra/status/1475140622419992576

152.70.56.18:443

# Reference: https://twitter.com/drb_ra/status/1475140457487347719

msrcc.tk

# Reference: https://twitter.com/drb_ra/status/1475140199873187846

http://38.100.163.19

# Reference: https://twitter.com/drb_ra/status/1475140163579879434

134.122.43.9:443

# Reference: https://twitter.com/drb_ra/status/1475140229560508417

http://134.122.43.9

# Reference: https://twitter.com/drb_ra/status/1475140396774735887

http://149.28.148.215

# Reference: https://twitter.com/drb_ra/status/1475140428601167878

http://92.255.85.87

# Reference: https://twitter.com/drb_ra/status/1475140360183631887

47.104.10.92:443

# Reference: https://twitter.com/drb_ra/status/1475117404850167814

midealogonserver.com

# Reference: https://twitter.com/drb_ra/status/1475117455664103424

guidingwire.com

# Reference: https://www.virustotal.com/gui/file/ff564554bd35078c2e3d0537a41fad29420ad479626e72f56fcabc5edc4a4b7b/detection

152.136.146.25:10010

# Reference: https://www.virustotal.com/gui/file/d6b6d860de5c8c3e2c386bca84b2a17b59ed23a8b26886891e01b1af8931bd7e/detection

35.243.68.196:10010

# Reference: https://www.virustotal.com/gui/file/0b5111dd62edd2a5371d004b0d6e442538437e6ad85904525d155f25ce52a406/detection
# Reference: https://www.virustotal.com/gui/file/31a6c9dd421d7f24964b547bdaad0f4fb00047984f36b07723f1cde9ba067ce5/detection
# Reference: https://www.virustotal.com/gui/file/3431752e722428105467af57ed3bd04a984773a95e149ad74e03dd4cd9b68c41/detection

1.117.176.102:10035
1.117.176.102:13744

# Reference: https://twitter.com/drb_ra/status/1470404772880605185

47.243.12.69:49153

# Reference: https://twitter.com/drb_ra/status/1470334507416842244

150.158.168.180:7001

# Reference: https://twitter.com/drb_ra/status/1470334624366800896

182.110.22.175:81

# Reference: https://twitter.com/drb_ra/status/1470334560839901191

116.62.4.84:9990

# Reference: https://twitter.com/drb_ra/status/1470334530963845129

118.31.61.105:63320

# Reference: https://twitter.com/drb_ra/status/1470334677173026820

180.76.235.18:4444

# Reference: https://twitter.com/drb_ra/status/1470334768445276164

106.12.187.170:666

# Reference: https://twitter.com/drb_ra/status/1470334642075189250

101.42.90.43:8000

# Reference: https://twitter.com/drb_ra/status/1470333988157935617

81.69.248.39:7777

# Reference: https://twitter.com/drb_ra/status/1470333159984308225

81.70.77.183:81

# Reference: https://twitter.com/drb_ra/status/1470333528994942976

1.15.130.34:8051

# Reference: https://twitter.com/drb_ra/status/1470333703901659145

81.71.33.48:5443

# Reference: https://twitter.com/drb_ra/status/1470333411898368008

47.96.95.155:83

# Reference: https://twitter.com/drb_ra/status/1470314856037470210

e.client.360.cn

# Reference: https://www.virustotal.com/gui/file/d068b8bb0a9af087dd3305c4e69fd5aec59a743030d66730df52f3a1c5b0a579/detection

39.103.157.76:8000

# Reference: https://www.virustotal.com/gui/file/3e4b87ed1e54f3f62193209b556e8fa01b0187fc18529c59f85854bc9de15fcd/detection

117.50.173.122:801

# Reference: https://www.virustotal.com/gui/file/8787d0a71053cc2e046790ca1269312052450a1966a3dbb51b880a0dd85a387d/detection

117.50.173.122:27001

# Reference: https://www.virustotal.com/gui/file/8255b1b3affaaf8bccb7d38332a3decc74a69017ecc518dc35b6cd5ff0ebd606/detection

106.55.247.193:1111

# Reference: https://www.virustotal.com/gui/file/3cb44761dbaa642a9c6b8482a6ddba9f72781a26d5b02b183e6ac042df1c0a80/detection

159.75.127.118:3456

# Reference: https://www.virustotal.com/gui/file/a90febaf70a5fd8a6b753a9b2ca0003a3ffc53ffcc9bb6f6e611f77308e2b155/detection

http://159.75.127.118

# Reference: https://www.virustotal.com/gui/file/3463dee8cc070eb6dd18ac159a8d125dd032956ae211fa0e142342855ca71635/detection
# Reference: https://www.virustotal.com/gui/file/4e9abec5362acb197996f251236e00c5f4138a9729df6a11643655cef918e0f5/detection

159.75.127.118:1234

# Reference: https://www.virustotal.com/gui/file/030e9da60d278e309797bb6de4bd23ff8dbd24cdde8aa296bc3e8366b08b9c36/detection

159.75.127.118:3333

# Reference: https://www.virustotal.com/gui/file/a91ec8d3b13720f0b72fea460f9b0a6787a99c12af9289a5213d5a80e79ceb1b/detection

159.75.127.118:4444

# Reference: https://www.virustotal.com/gui/file/515fb56364efbfd050992d168c1bc19a038baa4fb63713124d3847323d03fb02/detection

159.75.127.118:2345

# Reference: https://www.virustotal.com/gui/file/d515c5d808fdb108d18f6c5b51d0bd38cf849c3c7fdb67343e21f0e6e4ac6682/detection

159.75.127.118:34567

# Reference: https://www.virustotal.com/gui/file/68edadb297fffb23cbf4c87466abe94640e817596cad5cff6c568877f97dd09b/detection

159.75.127.118:8778

# Reference: https://www.virustotal.com/gui/file/8384b7f65b087003197f4c9e82359e42dcaae099b6e97a67c1d97b6a3f1dae8b/detection

159.75.127.118:12345

# Reference: https://www.virustotal.com/gui/file/71005051ef4d3a9f3ca08406ab2c77c020d1bfd2f4c06cb7bc382f3450fb9d1d/detection

178.236.41.176:9544

# Reference: https://www.virustotal.com/gui/file/e86c5b0f144a22f4e3943cf6108780cc7a2a53f652b5fcaadec667ce22cf1a52/detection
# Reference: https://www.virustotal.com/gui/file/1cbc60baecc84bed4ec5f023cf6ddf700881a8ed1a4b993c9f14407f2668ae72/detection

152.32.205.173:1234

# Reference: https://www.virustotal.com/gui/file/0afaffcb54bccf74df2f0529d3fa11eacab678a09e09a16185749da4c5e15cf6/detection

http://103.153.101.51

# Reference: https://www.virustotal.com/gui/file/20a6f87489b98aacacc7937d60598bbd342794f4b39e5464fa1c75f832340b0b/detection

103.153.101.51:82

# Reference: https://www.virustotal.com/gui/file/8ef904e0f0e9057d38f1105a15abd7ae079b2ff15af50a13e1161e6b85ab0bb6/detection
# Reference: https://www.virustotal.com/gui/file/719e2c8c3af9053dd0e9cbb311c89e3fe21b89f9fbbfe09669c5fb0014e7d720/detection

52.251.40.248:19571

# Reference: https://twitter.com/drb_ra/status/1475034669230047234

http://8.142.34.126

# Reference: https://twitter.com/drb_ra/status/1475034588703604738

8.142.34.126:8888

# Reference: https://twitter.com/drb_ra/status/1475034637974085634

82.156.34.150:86

# Reference: https://www.virustotal.com/gui/file/f9975271fa9caf7a326dbf7c4edc7d22ca10115df9545b3f136987aa370302bd/detection

110.40.193.85:805

# Reference: https://www.virustotal.com/gui/file/7670d769f8e2b761a40a0c6270e7382b0c9f4b47c11c51ea82ddbbb631080206/detection
# Reference: https://www.virustotal.com/gui/file/27ce2ea9dd71fc53175a72979b76da01127d8132ddf6653b1bdba5a52f1de886/detection

118.31.77.255:5555

# Reference: https://twitter.com/drb_ra/status/1467957949708615681

45.158.231.141:8001

# Reference: https://twitter.com/drb_ra/status/1467957944620888075

45.158.231.141:7000

# Reference: https://www.virustotal.com/gui/file/532fc90f3afe7b42821be33bb8d1b82beeec1f2cd22b23c27d57a6c4eb87cf85/detection

155.94.201.196:9501

# Reference: https://www.virustotal.com/gui/file/6e1eb01b9f263e2e4b6f0f9e93615c227e5f35ec8bc29cfe2cdbc412b74bfc37/detection

152.136.230.235:8002

# Reference: https://www.virustotal.com/gui/file/5c4dc41bd90a76f32c0ab83987e707d3b0aa0a48ccb7ae7432a050e03a9bcbab/detection

http://120.53.233.231
120.53.233.231:9999

# Reference: https://www.virustotal.com/gui/file/c2a46f6af76ee532474d6281f713b8e9c2466af24f3e4de373e2e502538b0d0a/detection

124.70.103.74:8012

# Reference: https://www.virustotal.com/gui/file/ea98ae253def5f5f16d2e44243b17cc1e8898cb99393bfd563a00b1cca52f296/detection

124.70.103.74:8088

# Reference: https://www.virustotal.com/gui/file/2332453fe6c292b9e376b8ead9786a09ee7970cdae2a79d2696367c721738d37/detection

150.158.86.202:79

# Reference: https://www.virustotal.com/gui/file/e227d95d5253ee242cbeb980d80587adb2a6e7dfb993935ec9d55d4291c28889/detection

49.233.0.155:12306

# Reference: https://www.virustotal.com/gui/file/f23896d4d8c9764c505a32a1e74aafd8d49f8be8c6e01eea90a59ae6b4395882/detection

47.242.198.153:1234

# Reference: https://www.virustotal.com/gui/file/b27f567b26590b53c2ce211787455450abf08ceef7d65bf81ae0ce1a4ee771b1/detection

150.158.130.144:6666

# Reference: https://www.virustotal.com/gui/file/938e54b96bbbfdb39d9aeca396fa89899d6c718bf82023d73d5686e1195db37b/detection

47.100.28.71:8443
/5d38cfbf2bf.php

# Reference: https://www.virustotal.com/gui/file/8a1441e85a685230ab7aa5e724392ad4859d41095ed8dee2867cfb861ce09115/detection

81.68.246.235:5555

# Reference: https://twitter.com/drb_ra/status/1462540854707593221

45.32.11.161:8440
adobe-flash-upgrade.com
upgrade.adobe-flash-upgrade.com

# Reference: https://twitter.com/drb_ra/status/1462541745170829312

egehscw4h42h4.com

# Reference: https://twitter.com/drb_ra/status/1462541832924061703

ag-playgame.com
uptate.ag-playgame.com

# Reference: https://www.virustotal.com/gui/file/c1a6d470e51b4420e38af71852c85aa9abc2e5c64b3307503c1644a3e56c64c1/detection
# Reference: https://www.virustotal.com/gui/file/d296c418404663e78c3a50a6ffbc3ff508fdce1aba029d13045e8fed89dc6138/detection

http://1.15.182.215

# Reference: https://www.virustotal.com/gui/file/b17d5a44afbc45ac929ae3efeaf61cf6523f6428a53eeadef7807eb96e0a8982/detection

172.247.14.206:7788

# Reference: https://www.virustotal.com/gui/file/433d38f7946ddec06449d909ffc03e2e67cb9928827dc9ec90cbc8e984c94fd7/detection
# Reference: https://www.virustotal.com/gui/file/1ab6354cfb4f35ab4c64043c8cf5fff730f0283b010d5a2ac89fd1bdbbdfceb6/detection
# Reference: https://www.virustotal.com/gui/file/066f72d1dd8987254f1dc334273b1f3a976c184f06eff1d2ea8d08e24d457cf5/detection

http://101.37.69.176
gxxdsq.icu

# Reference: https://www.virustotal.com/gui/file/05b00be25a4afd11fd392d7c59b2be1e7fc75d0c826f31588a2a39fd87b85842/detection

120.24.63.15:443

# Reference: https://www.virustotal.com/gui/file/32854a9b0e250f7a0925206d9e78dfcd68120de03f08d66cf4955e425cf56631/detection

120.24.63.15:8443

# Reference: https://www.virustotal.com/gui/file/0ca9033a6aae5127ae85798950d942ffdd4724b2bcd61fdd29f69e7e601881cf/detection

1.116.102.169:8011

# Reference: https://www.virustotal.com/gui/file/b791e82f00e34fb925d1a92fd34023b31c7a836e5f0e321d02f875b41cf57e55/detection

185.159.71.232:1111

# Reference: https://www.virustotal.com/gui/file/2b304eeac5a8c0c673527ef7b166e14f98ced3e411c0df9d98023afd590982f4/detection

http://185.159.71.232

# Reference: https://www.virustotal.com/gui/file/4bb584e7d8cb7f74124d697f200a877a913d560a86e33a1b4f324741715c365e/detection

194.15.115.60:1233

# Reference: https://www.virustotal.com/gui/file/2542ab9cb9e05b5b980413867f10a65f322906f2019e6061f112775976124b4d/detection

121.5.39.179:10000

# Reference: https://www.virustotal.com/gui/file/41c531d81f3409242183ce873bb0c9d5c4b56353cefb87a266f272a2568a78af/detection

121.5.39.179:8000

# Reference: https://www.virustotal.com/gui/file/6047a89c4684d7f0a96fd1231bb812213f6153d4cb643eee76a0bf4a68ed0008/detection

47.107.71.167:3388

# Reference: https://www.virustotal.com/gui/file/8847932557a3527be06dce3a50a73db8bb75a056dce3d844dd4f85005361745f/detection

47.107.71.167:3838

# Reference: https://www.virustotal.com/gui/file/e4669ac3fd4136af9388cda9b4c1f3d8509f1615def2add455e98636d2fba8c6/detection

110.42.194.205:3060

# Reference: https://www.virustotal.com/gui/file/8aab3d03da63cf7f3436a9b7496bbc807e69db2bf6217f606b30b2d0e3b181cc/detection

http://121.5.53.162

# Reference: https://www.virustotal.com/gui/file/27a729b1388e57f0fd3d5bdcb6e0b98eb4156cf8edbcbd1c442095d4c18946c9/detection
# Reference: https://www.virustotal.com/gui/file/38e157e89278a7515c85d0ebd7dd445fb6795510ece666a0ebc970db2e7567de/detection

http://1.117.44.2

# Reference: https://www.virustotal.com/gui/file/c3d7d71c1b6d333596e68b2ff36a8632d9af47367b4e07a97fb636db4675cff4/detection

121.43.141.75:54322

# Reference: https://www.virustotal.com/gui/file/26c0d5e7d81c4898e0e884b5e8a35b48552a20ac582a96febd6bee9b6a7b038b/detection

121.43.141.75:8000

# Reference: https://www.virustotal.com/gui/file/32c6887eed2dfe7870713bd67dfeec52c0b3a07a749367bdcf354ba79d14f30a/detection

81.68.244.86:9780

# Reference: https://www.virustotal.com/gui/file/acc6b855c8dc0777476384a31c80cdae1509b0db990e35296c3d6ec6cbdf118f/detection

103.138.80.140:8000
103.138.80.140:87

# Reference: https://www.virustotal.com/gui/file/7b930572edc5b04481340333311808f28b4bd57979edc2d33d528263164f3f78/detection

103.138.80.140:86
103.138.80.140:888

# Reference: https://www.virustotal.com/gui/file/871fc988c474965675791bc5921b574e0898df2d4b5a5f9f19ca8f891150a4f8/detection

103.138.80.140:88

# Reference: https://www.virustotal.com/gui/file/5bf0857804370b7490f352676d4364b9980aedff6c420d200de8833b425f6dd0/detection

http://103.138.80.140
103.138.80.140:83

# Reference: https://www.virustotal.com/gui/file/bfc70e3b5e991bf41cc506276b985bbc0e5a617e24c9096b79c19850ff49ded9/detection

103.138.80.140:889

# Reference: https://www.virustotal.com/gui/file/d0f8c4014b70ce3ea3710a90e271c681c83d60b8cb5c3eab9a09c24f7b45cf1c/detection

182.42.118.56:6666

# Reference: https://www.virustotal.com/gui/file/4efa48ba3377b58f2fb62627a4e2eda8bda2ee2fddf5333a9e7662a43d5cdd4c/detection

182.42.118.56:1418

# Reference: https://www.virustotal.com/gui/file/42b39917296775f98c6959c09d65ca992259f85c53941ad06c8ab48b21343e1a/detection

http://35.238.166.15
smccab.com

# Reference: https://www.virustotal.com/gui/file/3dc481555614dd7efd107afe82dce985a3fd4ac380b8d21c367ac846fb27b980/detection

http://23.20.226.159

# Reference: https://www.virustotal.com/gui/file/8bbb7ef122ec25679cc5db50a33c45dc082fccacd5be972d5e0bfe21f62a549a/detection

114.115.156.136:55555

# Reference: https://www.virustotal.com/gui/file/2193d425e7d7dbcc9decd4a1659d4ef09ac13c8f9e404648a1745be3bcc397ca/detection

43.129.223.220:5212

# Reference: https://www.virustotal.com/gui/file/441a3e5d5e3f7470b7299bc75dbfd481cad9cc32bd77440589bcd0cd1b199257/detection
# Reference: https://www.virustotal.com/gui/file/22f26f65f0b596e06a9e70dcb52ecfabc93f57b42db20d3278c0c260757fafc9/detection

1.117.149.93:50006

# Reference: https://www.virustotal.com/gui/file/5654be782c102688c79e02359c018fc1d6e9e162ae5939cd0f2692690c8781e8/detection
# Reference: https://www.virustotal.com/gui/file/ae21e670f7394efbdea2eb5468921e43de023becc8b8d3d4069f90dc352ddabe/detection

140.143.45.223:8544

# Reference: https://www.virustotal.com/gui/file/83e67de3fa0cf020e012bfec734126dbe89ade10031e89e0ab541f28ec883272/detection

175.24.35.219:23333

# Reference: https://www.virustotal.com/gui/file/211d68ee973c74d92eb7de90fc40bd3de23c81a45f45b231b35da3343bf9b630/detection

175.24.35.219:28888

# Reference: https://www.virustotal.com/gui/file/24c9438de9fd4ac3d36f1324c564621a87efbd17cea66da8a84aa5ebefa071f1/detection

45.158.220.186:6666

# Reference: https://twitter.com/Max_Mal_/status/1458403142152998916

194.26.29.113:81

# Reference: https://www.virustotal.com/gui/file/c62511b6f104da99b2323bf4c70eaa0be45a22e97eae2077243add2635052c23/detection

188.166.21.93:4443

# Reference: https://www.virustotal.com/gui/file/ab8fdd9a4c4d795e7068b7add047f55de5fe09b45e5fe1c60dbf87d680016b8a/detection

39.107.107.245:4444

# Reference: https://www.virustotal.com/gui/file/834fc9e98cb5576bf91c7970d0b90387420680fbbf51c974d20b4d9d5f13f7d6/detection
# Reference: https://www.virustotal.com/gui/file/c8594ce333ef6439bda23a53f22c959e1308e6203e3d2c3eb32b18d3cdce804b/detection

http://61.135.169.121
39.107.107.245:4445

# Reference: https://twitter.com/drb_ra/status/1456316417213616136

82.102.16.45:8888

# Reference: https://www.virustotal.com/gui/file/3bb70d4962028f1e8baa654cb5ceea2107d0f5b4fcf4288dea7e8ad868a6c00e/detection

159.75.28.91:10011

# Reference: https://www.virustotal.com/gui/file/8629eb70022963ca1ec2153312323b47590b299f15c2853eac8da925e326c3d2/detection

139.196.164.64:8088

# Reference: https://www.virustotal.com/gui/file/83653a93fc7d8cba1b6d9bcc7650a10b1b7f0c10ab2b1c112f9d1b7d37333051/detection

microsoft-api.workers.dev
updata.microsoft-api.workers.dev

# Reference: https://www.virustotal.com/gui/file/26d96cbf528cc406aafb260740ec939cfff82453c15abe5195f15a55923f8504/detection

3.22.224.87:51121

# Reference: https://www.virustotal.com/gui/file/dc1479a941d12f2b79e02cc36f272512672e6cbcd573bf2787c04779875fa791/detection

3.22.224.87:443

# Reference: https://www.virustotal.com/gui/file/f52038232b7feb24fc404aff15c8c7af24c467ce0d58a39138a7fd202537fefa/detection

http://3.22.224.87
/N4215/adj/amzn.us.sr.aps

# Reference: https://www.virustotal.com/gui/file/f5a128a78e9438ace25d5dae8d00fc1e8f2fed83c6b1f7bf1912773afbbbf769/detection

3.22.224.87:51121

# Reference: https://www.virustotal.com/gui/file/8dbe7afc821eb515546b99fb2fcbf09e9584aed1bb423623df129de7a483bc34/detection

http://119.91.99.74

# Reference: https://www.virustotal.com/gui/file/0701dc8e6bc0ec1f2995f87b0b3c8657f87f325458f26bf2243772efa93dea0a/detection

119.91.99.74:33059

# Reference: https://www.virustotal.com/gui/file/2d78e0b3e5aaaad06971bb51008129fe43e51c040671c09fce2d6376798333db/detection

42.193.36.73:801

# Reference: https://www.virustotal.com/gui/file/b5360721092bf809dae97a1c8e047861a97296e68eae975d28e66db047628ccc/detection

81.68.107.251:9000

# Reference: https://www.virustotal.com/gui/file/5173c8326c737ea33eea789cf72550bd59f17a600cb6a89547bf319c0dac62fb/detection

49.213.174.248:8808

# Reference: https://www.virustotal.com/gui/file/d1c4034fa20bde06fd377fc7745e6ea842ea342cbaaad26fc798f3db22157d3a/detection

49.235.110.226:50000

# Reference: https://www.virustotal.com/gui/file/2bf0f60167b27c44336c44715f1ae6c9f3dbd04c899fc518f7d846718a12772d/detection
# Reference: https://www.virustotal.com/gui/file/e1459ed7c2120de98fae97e865aa8340719c9b5b4329cf8d396dce94a7a6663a/detection

47.101.200.29:8081

# Reference: https://twitter.com/drb_ra/status/1450549682279702532

cirolab.de

# Reference: https://www.virustotal.com/gui/file/7b5ba91bf0739531c2861a33ea68e1d0f343d262287891282ebcfcb6391c2eee/detection

philhackenkill.ltd
f35e7f6.ns1.philhackenkill.ltd
f35e7f6.ns2.philhackenkill.ltd

# Reference: https://www.virustotal.com/gui/file/815b8147030651cafc7214a190d062026b6dab98abf6cab5aa726dfadde0b996/detection

209.141.40.204:5543

# Reference: https://www.virustotal.com/gui/file/9748d09ccfc24950622b9623a5bf1ea556a6ebb530da0f217b6c79d07f7e8ed4/detection

209.141.40.204:8888

# Reference: https://www.virustotal.com/gui/file/05ded35ac4c5f0feddad2a20499cd22b86e6023b9cabeeaaed0b8f1b1bf6664b/detection

http://122.51.228.207

# Reference: https://www.virustotal.com/gui/file/01f8686aac784bb26274d0215364e14985bd2c4122c86c95834fc1038e1762d0/detection

122.51.228.207:4000

# Reference: https://www.virustotal.com/gui/file/37e5bcb62a0cb0729bc0011d0847c041921ae2181d6af520f9fc8b0e8a2ccb9f/detection

122.51.228.207:4002

# Reference: https://www.virustotal.com/gui/file/ea8db04b89530f6e97007ccc2101004d67a37f7a4ca789591df3e307688bc1bb/detection
# Reference: https://www.virustotal.com/gui/file/47ed7ba26bc16c96b7fb1029bf8b32cf07c4ddc4c038f1549b378845c60b3d36/detection
# Reference: https://www.virustotal.com/gui/file/0e8711cf951a23cbb09f2de978919342b3f0f253be37769bf9ba0cf83ec7311c/detection

104.21.95.178:2096
172.67.170.245:2053
172.67.170.245:8080
freelinuxupdate.tk
apt.freelinuxupdate.tk
msf.freelinuxupdate.tk

# Reference: https://www.virustotal.com/gui/file/d4756c843ef3b0b270c701480f8a0e52937523e480e45dd1e1e502b33977db78/detection

114.115.184.198:8880

# Reference: https://www.virustotal.com/gui/file/b0082f337dad004f34087fefe861e7cedd356607ca5156f7d36e12033fa849fa/detection

81.68.220.65:4441

# Reference: https://www.virustotal.com/gui/file/df6d05c485aa05b1ac2dd82a5059ce28f017b689fc7766b4fd72ae813cee6bb3/detection

1.117.155.217:3333

# Reference: https://www.virustotal.com/gui/file/9753cbc47d301c7c920f12828ab0d435ee273203388506c702f5c07c844661f6/detection

1.117.155.217:21000

# Reference: https://www.virustotal.com/gui/file/bed49b348b8c52454087c247419941de6b12288af288fe216b744a241e91444c/detection

121.5.46.175:8862

# Reference: https://www.virustotal.com/gui/file/fea28944f9be57f8f894d8745df43834c764648b7332e928fd11857ca340a4cd/detection

39.105.96.246:50051

# Reference: https://www.virustotal.com/gui/file/3312ee2ec44c08dd98d55bfc9284997f9f632a62558d8b708576378ebeca622e/detection

46.41.54.35:110

# Reference: https://www.virustotal.com/gui/file/b573cff0f967384262737fd3ca5490e2229cfc72c1441aafac426a1fce08b727/detection

http://115.159.0.71

# Reference: https://twitter.com/mojoesec/status/1446170977474420737

aclevacz.com
akametric.co
auditsecuritybusworld.com
cdndigi.co
digisurv.co
gariomavaba.com
haylohealthcare.com
mastertunam.com
normostat.com
remote-service-microsoflt.com
tarentamar.com
virtualauditsecurityservices.com
xowerov.com

# Reference: https://www.virustotal.com/gui/file/0b156c119a0fbb9dd3bb0029e72d261013ff7442f6f2963a91bfcf2145dbc021/detection

8.142.120.168:64535

# Reference: https://twitter.com/mojoesec/status/1438954452589944835

bidenalabma.com
bluekuraso.com
curiyi.com
digisurveys.co
fedortu.com
gibimu.com
josefcult.com
komuwoj.com
kuxizi.com
redsoks.com
robinsmoll.com
syncmetric.biz
trumpalabma.com
trumpded.com
vonjobz.com
wuhuxe.com
zewaje.com

# Reference: https://twitter.com/TheDFIRReport/status/1438476510256578565

cyber-updates.com
microsoft-updateservice.tk
out1ook.me
securesupport.org
windflare.cloud
windowsnet.workers.dev
ns1.out1ook.me
ns2.out1ook.me
smart.windowsnet.workers.dev
support.cyber-updates.com
services.microsoft-updateservice.tk

# Reference: https://www.virustotal.com/gui/file/987c2a2981f084a646f779204ef79bc4a542a23291ebf05097844a62c703e1eb/detection
# Reference: https://www.virustotal.com/gui/file/ca305c784740d30a04e98e3306a130a7ce2da4aa97a44e7f2c1f49643dade9ae/detection

119.91.101.11:5222

# Reference: https://www.virustotal.com/gui/file/f494c10adb56747761b0e75de222a599235b444386cda26c2cf3be87bc914e0b/detection

http://47.101.220.137

# Reference: https://www.virustotal.com/gui/file/b90d27521f1b42c1ef1fcc7a757e515b74c1711d3fc2faaa950e9dc0cbd7aa84/detection

47.101.220.137:500

# Reference: https://twitter.com/h2jazi/status/1438137219194183681
# Reference: https://twitter.com/James_inthe_box/status/1438150901739388928

bimafu.com
wiyolo.com

# Reference: https://twitter.com/mojoesec/status/1433158210056228866

bucejay.com
bumoyez.com
cegabox.com
dipadux.com
grovfda.com
kevinjohan.com
kitanfaz.com
namastat.com
pecojap.com
pnp.pnpnp.xyz
pnpnp.xyz
pozotuc.com
shikotas.com
sophosconnectsecurity.com
vipeced.com
wupake.com
xoxalab.com
zosohev.com

# Reference: https://twitter.com/_brettfitz/status/1432942462142660608
# Reference: https://twitter.com/_brettfitz/status/1432942465087152128
# Reference: https://www.virustotal.com/gui/file/ebc492d6c0d24bdd0bcb84f6b3fe8bf5a1e47be052d57c0beb3badb921f7eb86/detection
# Reference: https://www.virustotal.com/gui/file/9af373f93f8f6f9feefb9270d56dea51d8b5e134fe9afa8552d6b8d00c8ee89b/detection

powertap.org

# Reference: https://twitter.com/mojoesec/status/1432793909755797507

mitinob.com
newsobl.com
radezig.com
tubaho.com
wigeco.com
yeruje.com
newsobla.azureedge.net

# Reference: https://twitter.com/mojoesec/status/1432387463352360963

code-signing.org
controllerairlanes.top
exfiltrating.me
howeyoh.com
jcyrsirm8fjrudswk.xyz
nagiwo.com
rurofo.com
salitue8.com
tifiru.com
cs.jcyrsirm8fjrudswk.xyz
dcmm282azzjeb.cloudfront.net

# Reference: https://twitter.com/mojoesec/status/1430935371227992064

firefoxupdatenew.com
healthfirsthospitals.com
healthtechsales.com
howiwo.com
tepiwo.com
waitingdate.com
yipeyic.com
sql.healthtechsales.com

# Reference: https://www.virustotal.com/gui/file/e4059a096d379043c76c03d16cef1c064d71603a50d7e491a1c067d67c645af0/detection

1.15.179.25:4444

# Reference: https://www.virustotal.com/gui/file/ca4632c36974541e4c05642ad0c093566d009b05bffbd6cc9d0fe6e437a2066d/detection

1.15.179.25:801

# Reference: https://www.virustotal.com/gui/file/5644dc2944a500908e026401c6d5fc2ff9334688e76659ea10620e422c230602/detection

knonwsec.com
bg.knonwsec.com

# Reference: https://twitter.com/h2jazi/status/1425818625655574528
# Reference: https://www.virustotal.com/gui/file/25ea1ae3536c8c7310cb134737cae1f765dc32bfc2478888509d73527a0fbc44/detection

193.56.146.99:3389

# Reference: https://twitter.com/MichalKoczwara/status/1425745034822004738

http://179.60.150.25
http://179.60.150.26
http://179.60.150.27
http://179.60.150.29
http://179.60.150.30
http://179.60.150.32

# Reference: https://twitter.com/MichalKoczwara/status/1425400352623534082
# Reference: https://www.virustotal.com/gui/file/cd16cb61dc5eac8e5c00a6ce22a1958fa9ba4da668c3b9578cad45a0ef7ca332/detection

kemptvilleflorist.com
us.kemptvilleflorist.com

# Reference: https://twitter.com/mojoesec/status/1424752750844329985

checkauj.com
do1t.tk
soufgen.com
d1mgemv4ufawu7.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1475205594646781952

103.135.34.69:5443
api-cloudflare.com
cache.pay-api.api-cloudflare.com

# Reference: https://twitter.com/drb_ra/status/1475205657402003457

193.239.84.238:443

# Reference: https://twitter.com/drb_ra/status/1475205513524695042

openlanguage.live

# Reference: https://twitter.com/drb_ra/status/1475227047089905670

98.126.159.175:442
igovservice.com
webmail.igovservice.com

# Reference: https://twitter.com/drb_ra/status/1475226981138677767

http://149.28.224.248

# Reference: https://twitter.com/drb_ra/status/1475227170192728064

149.28.147.61:5201

# Reference: https://twitter.com/drb_ra/status/1475227090085724163

http://45.156.24.200

# Reference: https://twitter.com/drb_ra/status/1475227135371624456

123.56.82.231:8080

# Reference: https://twitter.com/drb_ra/status/1475226954605510659

47.242.242.29:888

# Reference: https://twitter.com/drb_ra/status/1475227232008380416

104.168.135.194:8080
a94.xyz
dnsr.a94.xyz

# Reference: https://twitter.com/drb_ra/status/1475227202845302784

47.240.46.77:9999

# Reference: https://twitter.com/drb_ra/status/1475227267282477061

13.51.184.23:4457

# Reference: https://twitter.com/drb_ra/status/1475227320315269123

http://104.225.146.179

# Reference: https://twitter.com/drb_ra/status/1475227348182183944

111.229.10.230:8443

# Reference: https://twitter.com/drb_ra/status/1475227429283188746

46.161.27.151:8888

# Reference: https://twitter.com/drb_ra/status/1475227290888024066

http://8.214.82.21

# Reference: https://twitter.com/drb_ra/status/1475227371221442567

152.32.253.8:8080

# Reference: https://twitter.com/drb_ra/status/1475227485507887108

hsafe.xyz
user.hsafe.xyz

# Reference: https://twitter.com/drb_ra/status/1475227529371955204

149.28.224.248:443

# Reference: https://twitter.com/drb_ra/status/1475386914639331333

1.116.159.72:55555

# Reference: https://twitter.com/drb_ra/status/1475386869538033666

1.15.139.40:443

# Reference: https://twitter.com/drb_ra/status/1475386788856352774

http://1.15.139.40

# Reference: https://twitter.com/drb_ra/status/1475412241080111105

193.32.16.234:2095
audio-sv5-t1-3.pandora.com

# Reference: https://twitter.com/MichalKoczwara/status/1438505982624104453
# Reference: https://www.virustotal.com/gui/ip-address/64.69.57.212/relations
# Reference: https://www.virustotal.com/gui/file/e8568ac97eb4fc7cf8a24f4496526a0f829646d5b8408ad4640e929e7f41f0a3/detection
# Reference: https://www.virustotal.com/gui/file/e8568ac97eb4fc7cf8a24f4496526a0f829646d5b8408ad4640e929e7f41f0a3/detection
# Reference: https://www.virustotal.com/gui/file/2f0c1b3406b04bc6ffba195768e875bde266fe99af14b027895b22eeb988b0fb/detection

azurlink.net
cdcwarning.com
citygov.net

# Reference: https://twitter.com/ShadowChasing1/status/1435760617936195590
# Reference: https://twitter.com/JAMESWT_MHT/status/1435806230174392325
# Reference: https://www.virustotal.com/gui/file/848de91c16469e9f09e284adbbbf8cf317db916b414240c6bd46364a8f4c2c84/detection

http://178.62.247.185
178.62.247.185:7070
178.62.247.185:9090

# Reference: https://twitter.com/TheDFIRReport/status/1475481736431779841

financialandloan.com
nirvax.net
update-chromium.com
cortana-settings.global.ssl.fastly.net
ms-storage.global.ssl.fastly.net
ns1.financialandloan.com

# Reference: https://twitter.com/James_inthe_box/status/1438515067113263112
# Reference: https://app.any.run/tasks/256b1868-551a-4784-a8fa-a532213000d4/

hurupon.com
porenaj.com

# Reference: https://twitter.com/Max_Mal_/status/1475542694684409862

74.119.194.138:8888
korytn.com

# Reference: https://isc.sans.edu/diary/28180

23.227.178.115:8080
23.227.178.115:8888

# Reference: https://twitter.com/drb_ra/status/1475749409166135297

123.57.191.159:8888

# Reference: https://twitter.com/drb_ra/status/1475749476014989312

service-c40ez6rx-1304284218.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1475774311650705416

47.98.110.121:8008

# Reference: https://twitter.com/TheDFIRReport/status/1475828887364026371

baravazna.com
grinf.net
nirvax.net
ravenzt.com
shytur.com

# Reference: https://twitter.com/drb_ra/status/1475840073035923458

182.92.211.102:8443
hackwith.cc
cs.hackwith.cc

# Reference: https://twitter.com/drb_ra/status/1475840004538650626

lirovetali.com

# Reference: https://twitter.com/drb_ra/status/1475839719980285961
# Reference: https://twitter.com/drb_ra/status/1475839718872997896
# Reference: https://twitter.com/drb_ra/status/1475839717811892232

filteringcache.com
down.filteringcache.com
gpupdate.filteringcache.com
kms.filteringcache.com

# Reference: https://www.virustotal.com/gui/file/bef3ee6e30c4da589556b814c16befb9badf98583f67a17817cf3268a9a8a4c3/detection

eyedm.com

# Reference: https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
# Reference: https://otx.alienvault.com/pulse/6213b41428f6075711b0261d
# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-11-15-IOCs-for-Matanbuchus-Qakbot-CobaltStrike-and-spambot-activity.txt

5.255.98.144:8080
5.255.98.144:8888

# Reference: https://twitter.com/drb_ra/status/1476111565946593284

143.244.178.247:8081

# Reference: https://twitter.com/drb_ra/status/1476111565946593284

143.244.178.247:8081

# Reference: https://twitter.com/drb_ra/status/1476124916592390144

3.67.44.212:55

# Reference: https://www.virustotal.com/gui/file/2c61e6a50261a065fdaa4cea2009db727227807c84ca6fad3d182869c632063f/detection
# Reference: https://www.virustotal.com/gui/file/d07b4f10619aba77924d3d3512ab18082d1fa8dc94b5db37d8a369d35108a665/detection

110.42.142.48:9999

# Reference: https://www.virustotal.com/gui/file/3a51feab4a07398e94fddfba6f29be46c27342701374c4bab9c232712b91377d/detection

123.206.92.61:6657

# Reference: https://www.virustotal.com/gui/file/89e09804af14a398d2882ceaa1e206ae99de67bd7c0b79ae813c3e852aae84f0/detection
# Reference: https://www.virustotal.com/gui/file/d775d7039106381957080bdc86638654ae0fc683fca5ebe01fbf37ce9dc43ac8/detection

119.23.76.18:8801

# Reference: https://twitter.com/drb_ra/status/1476500576812863493

185.7.214.132:10443

# Reference: https://twitter.com/drb_ra/status/1476500412152922117

152.32.216.182:8080

# Reference: https://twitter.com/drb_ra/status/1476501063666749444

70.32.91.85:5030

# Reference: https://twitter.com/drb_ra/status/1476500789757685762

statuscheck.duckdns.org

# Reference: https://twitter.com/drb_ra/status/1476500372244029441

160.124.103.22:81

# Reference: https://twitter.com/drb_ra/status/1476500979616989185

172.104.32.59:4434

# Reference: https://twitter.com/drb_ra/status/1476500953981497346

173.82.85.203:9000

# Reference: https://twitter.com/drb_ra/status/1476500490099871748

securesupport.website

# Reference: https://twitter.com/drb_ra/status/1476590906740547585

149.28.229.203:8888

# Reference: https://twitter.com/drb_ra/status/1476501019534241795

/windows6.1-kb98218-v3-x86_0c754.psf

# Reference: https://www.virustotal.com/gui/file/79d06b17ad46bd8130e680483349d8fc22ea4419b86b658878ca5eaf70ff02fe/detection

http://165.154.65.51

# Reference: https://www.virustotal.com/gui/file/d139e31c7d02bce24c253163f4219d3a865c42e9bc3cd439797a7954a894816a/detection

165.154.65.51:8787

# Reference: https://www.virustotal.com/gui/file/f59571043228ada335ea115f630ff2d9bd36b3cd0ca52273c3acf7b42e05e8c0/detection

183.56.206.194:53389

# Reference: https://www.virustotal.com/gui/file/82158c0ff29e25df3a0351ee79684bbbac38e426e53e4be0472acd71dac89b9f/detection

http://119.45.5.30
47.100.247.194:7001

# Reference: https://www.virustotal.com/gui/file/92b967726cfbdb5f2714025951403c51eadb8951fc13f868f9be4098884ee70b/detection

http://42.193.15.200
42.193.15.200:8888

# Reference: https://www.virustotal.com/gui/file/a8cfe7f8226ee18110ffde0c79e1f54272c915d14ed6115f592022894e64117e/detection

92.222.136.224:55

# Reference: https://twitter.com/drb_ra/status/1476202024303833091

service-fohkqszm-1300972060.gz.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/669fdbecb5cc88232d0910f7847daa9b53255c6dae4fc786bb15bea81955ed1b/detection
# Reference: https://www.virustotal.com/gui/file/6e4f80574b5f208459bc381c4ff28f1598d5d558366b5c59eb85abcfd4e7acee/detection

http://103.152.132.151

# Reference: https://www.virustotal.com/gui/file/3a65e024af85bf04d123d569f30cc130b5b84c51a1b7ed5df325257705757276/detection

1.14.166.160:8201

# Reference: https://www.virustotal.com/gui/file/ad38f6991e088fe1e72e98282c0b1909b4e1064303283619089eee13aee8cf5d/detection

1.123.37.68:15584
mssupdatefast.tk

# Reference: https://www.virustotal.com/gui/file/8db3a8a01b91a4d0fcaef624d9e477a6c42fb4976087721e1debbd7bf167bb80/detection

139.155.92.6:8088

# Reference: https://www.virustotal.com/gui/file/931a179c79654e0b0b8f227e42537f53d5693142e1e6d1647c4513d0233a19cc/detection

172.67.163.100:8080
tencentvip.tk

# Reference: https://www.virustotal.com/gui/file/596e8894f1f38961c36bc3ed6a24059ba26962e5f8c255d29e22c29437ec4508/detection

23.224.70.154:3332

# Reference: https://www.virustotal.com/gui/file/4ed9447cc897eadf4eb463170aa2746516f862a34264382b245698dce5421ec2/detection

23.224.70.154:3377

# Reference: https://www.virustotal.com/gui/file/b015c91dd55d4beaebbe2cd9489dc4d647b98e6af1a96a43ac200131e2f4ed79/detection

119.23.172.17:65534

# Reference: https://www.virustotal.com/gui/file/624724252e48bcae7311133f5d6bd38e17314b17d678486911572f16bb6cc196/detection

103.45.143.168:6969

# Reference: https://www.virustotal.com/gui/file/f8bfbee2025cec0e0895400accbe55e6c798472a85912bdf6e7b930a879ba4fb/detection

103.45.143.168:8088

# Reference: https://www.virustotal.com/gui/file/800afb9f83119fd0d3695606eaa713f7379f45969640a31daf57ace41f44efb7/detection

60.205.179.40:52198

# Reference: https://twitter.com/drb_ra/status/1476681746804584448

23.94.218.112:6789

# Reference: https://twitter.com/drb_ra/status/1476681664604651524

202.79.168.204:8000

# Reference: https://twitter.com/drb_ra/status/1476681520257589249

128.199.96.63:5555

# Reference: https://twitter.com/drb_ra/status/1476681597025927179

202.79.168.204:4444

# Reference: https://twitter.com/drb_ra/status/1476681797303947271

vijazzpenedes.ga

# Reference: https://twitter.com/drb_ra/status/1476682107363774465

139.180.202.68:37790

# Reference: https://twitter.com/drb_ra/status/1476682216843485190

155.138.136.135:8080

# Reference: https://twitter.com/drb_ra/status/1476682156512628744

23.94.218.112:9991

# Reference: https://twitter.com/drb_ra/status/1475930347015708675

120.24.182.185:8443

# Reference: https://www.virustotal.com/gui/file/15dd08c2caac6aa45c52c90af81ae1e8ecec4aeba11b958afd4db3a41ccbbac8/detection
# Reference: https://www.virustotal.com/gui/file/c0976a1fbc3dd938f1d2996a888d0b3a516b432a2c38d788831553d81e2f5858/detection

http://37.1.208.91
37.1.208.91:443

# Reference: https://twitter.com/drb_ra/status/1476836564806389794

prlnceshouse.com

# Reference: https://twitter.com/drb_ra/status/1476836517838426112

flashco.host

# Reference: https://twitter.com/drb_ra/status/1476836436469075982

service-cq6c7204-1308476627.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1476857376066183173

65.1.63.108:444

# Reference: https://twitter.com/drb_ra/status/1476857193492365312

adstexts.co

# Reference: https://twitter.com/drb_ra/status/1476926835921506305

newb02.skypetm.com.tw

# Reference: https://www.virustotal.com/gui/file/d7a94561de1c7cd2e7f649c5215d25876187ecfdb03b52745a101dc5bbbb225c/detection
# Reference: https://www.virustotal.com/gui/file/9f5803c18194a498841c1a622d3bbfce9969f568fce4beb00d2cc6b351e73e3b/detection

101.34.33.174:12345
101.34.33.174:443
sharouretarot.com

# Reference: https://twitter.com/drb_ra/status/1476926780992851983
# Reference: https://www.virustotal.com/gui/ip-address/47.96.89.129/relations
# Reference: https://www.virustotal.com/gui/file/f17cd9979c4ef8b2ae866373e7525f677a2c904e5d1085afd5a255fc1d20acfb/detection

47.96.89.129:8080
sz-max.com
xyfcsc.com
wx.sz-max.com

# Reference: https://twitter.com/drb_ra/status/1476926904066355200

173.82.134.187:4444

# Reference: https://www.virustotal.com/gui/ip-address/159.223.73.101/community

http://159.223.73.101

# Reference: https://www.virustotal.com/gui/file/3ded6cb410895bc29fa9bcfc9843c0888a248f7a5e21985dc4136fd76bd63c0a/detection

203.23.128.68:777

# Reference: https://www.virustotal.com/gui/file/1bc0d64684e16a1e7db06d5507b8869b3f5727625328c1f82d14bcae93449f31/detection

203.23.128.68:7777

# Reference: https://www.virustotal.com/gui/file/12b69167c025ce1f4d60566917b96a74e76276fed56c5811ea5d2bf80766f1f6/detection

203.23.128.68:999
anti.pm

# Reference: https://www.virustotal.com/gui/file/03d863eab84a238f5427d17b3383e2cac414f58d92d55b7d4e482dc4d5eef010/detection

121.4.255.248:8000
121.4.255.248:8080

# Reference: https://twitter.com/drb_ra/status/1477046091686322179

180.178.38.170:4444

# Reference: https://twitter.com/drb_ra/status/1477045056548790279

180.178.38.172:4444

# Reference: https://twitter.com/drb_ra/status/1477044960134369287

180.178.38.174:4444

# Reference: https://twitter.com/drb_ra/status/1477044924965171213

45.195.15.124:443

# Reference: https://twitter.com/drb_ra/status/1477045238745206787

47.108.114.135:8888

# Reference: https://twitter.com/drb_ra/status/1477045348875055109

180.76.180.212:443

# Reference: https://twitter.com/drb_ra/status/1477045324304863235

http://180.178.38.174

# Reference: https://twitter.com/drb_ra/status/1477045297335439367

216.224.120.187:4433
yyrkt.info
s.yyrkt.info

# Reference: https://twitter.com/drb_ra/status/1477045259695800323

youaresafek.ml
nice.youaresafek.ml

# Reference: https://twitter.com/drb_ra/status/1477045152392880133

101.35.171.42:8082

# Reference: https://twitter.com/drb_ra/status/1477045073879650306

81.68.178.184:8080

# Reference: https://twitter.com/drb_ra/status/1477045037477220353

81.69.254.100:8002

# Reference: https://twitter.com/drb_ra/status/1477045095652331528

134.122.14.112:8088

# Reference: https://twitter.com/drb_ra/status/1477045183976030210

143.92.61.231:8184

# Reference: https://twitter.com/drb_ra/status/1477045207904526340

cloudfiare-cdn.com
static.cloudfiare-cdn.com

# Reference: https://twitter.com/drb_ra/status/1477044982544576521

mcghealthcare.org
api.mcghealthcare.org

# Reference: https://twitter.com/drb_ra/status/1477045014647775237

d2g37k1rs1nihw.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1477045122726608896

cdn.msedge.workers.dev

# Reference: https://twitter.com/drb_ra/status/1477046057154580484

tunnel01.unifiedinsurance.workers.dev

# Reference: https://twitter.com/drb_ra/status/1477046128243843074

agoegations.com

# Reference: https://twitter.com/drb_ra/status/1477045971515289601

195.133.192.110:8080

# Reference: https://twitter.com/drb_ra/status/1477045822193872901

146.56.222.123:8000

# Reference: https://www.virustotal.com/gui/file/8247c173cf38239ef614503dfe679c2a9e3271d420fcf3b8ad5f2583dd5deb54/detection

eyetomsky.com
login.eyetomsky.com

# Reference: https://www.virustotal.com/gui/file/a4d1c0292fb574a49c67bc7c0d89083475aca7b57af5893d090b4ab25bef0bd2/detection
# Reference: https://www.virustotal.com/gui/file/f53ca2bfdb74e8be77a8211d366f1e6d67fc14d2718d596bcd9031624763407c/detection

cafebizup.com

# Reference: https://twitter.com/drb_ra/status/1477224375464124420

45.76.166.20:800

# Reference: https://twitter.com/drb_ra/status/1477224290491711488

198.13.40.151:9999

# Reference: https://twitter.com/drb_ra/status/1477224452987535365

104.224.144.10:9899
ethanwiener.top

# Reference: https://twitter.com/drb_ra/status/1477224481798111235

service-pl38alm4-1304204648.gz.apigw.tencentcs.com

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_Cobalt_Strike.json

nlmain20.email

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/ET_Cobalt_Strike_Infrastructure.json

mariamistado.com

# Reference: https://twitter.com/drb_ra/status/1477379887220641796

balalahuangzi.xyz
account.balalahuangzi.xyz

# Reference: https://twitter.com/drb_ra/status/1477380015121649664

114.116.40.60:8443

# Reference: https://twitter.com/drb_ra/status/1477585365657690115

119.29.133.210:6363

# Reference: https://twitter.com/drb_ra/status/1477585421534126080

117.48.146.246:8008

# Reference: https://twitter.com/drb_ra/status/1477678048065601539

45.138.69.53:8099

# Reference: https://twitter.com/TheDFIRReport/status/1477687477821489157

healthy2fit.com
mcghealthcare.org
neckbackpainrelief.org
api.healthy2fit.com
rest.healthy2fit.com
api.mcghealthcare.org
rest.mcghealthcare.org
rest.neckbackpainrelief.org

# Reference: https://twitter.com/drb_ra/status/1477692694201778176

helphealthcareservice.com
api.helphealthcareservice.com
rest.helphealthcareservice.com

# Reference: https://twitter.com/drb_ra/status/1477407235353493505

conservationcouncilnc.org
api.conservationcouncilnc.org
rest.conservationcouncilnc.org

# Reference: https://twitter.com/drb_ra/status/1477766196783194113

103.103.70.77:7799

# Reference: https://twitter.com/drb_ra/status/1477765817236402179

101.34.159.25:443

# Reference: https://twitter.com/drb_ra/status/1477765817236402179

http://175.24.207.248

# Reference: https://twitter.com/drb_ra/status/1477766066063482885

http://101.200.82.63

# Reference: https://twitter.com/drb_ra/status/1477923547251105795

183.101.0.245:60000

# Reference: https://twitter.com/drb_ra/status/1477923535167311872

qianxin.buzz

# Reference: https://twitter.com/drb_ra/status/1478014051942817795

116.206.92.26:8080
storage.ondriev.tk

# Reference: https://twitter.com/drb_ra/status/1477948846827311107
# Reference: https://twitter.com/drb_ra/status/1478014192980574209

116.206.92.26:1
ns1.ondriev.tk
ns2.ondriev.tk
ns3.ondriev.tk
ns4.twittre.tk
ns5.twittre.tk
ns6.twittre.tk

# Reference: https://twitter.com/drb_ra/status/1477948894940172290

47.98.110.121:8082

# Reference: https://twitter.com/drb_ra/status/1477949093779582980

212.86.114.58:6666

# Reference: https://twitter.com/drb_ra/status/1478014160923418626

service-pw83b4d1-1308834646.kr.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/4f8830dd18dd4c4414a876206b03d02b244a9b62caeb9f7642bd78affa438130/detection

47.93.63.179:5812

# Reference: https://www.virustotal.com/gui/file/16780d110e94f349dbebf5b63df5988fc3b7ef3f13ddeb691b56070fd8ff3082/detection

http://47.93.63.179
47.93.63.179:7498

# Reference: https://www.virustotal.com/gui/file/f4aeb5573e73ba0634a1f2a547bdd5c5dc6cbca87dec70baafacd3ac4c73d053/detection

46.29.160.65:443

# Reference: https://www.virustotal.com/gui/file/e583f8608564a269f9acd688d6bfb475e0f57e638ad29e23497f0ed7b221b55a/detection

49.234.235.180:14785

# Reference: https://www.virustotal.com/gui/file/6881531ab756d62bdb0c3279040a5cbe92f9adfeccb201cca85b7d3cff7158d3/detection

47.242.164.33:8083

# Reference: https://www.virustotal.com/gui/file/2bea1292f3765f0357fd9c5216efb53c3d4129842f61e70e3e4e93b1354df43c/detection
# Reference: https://www.virustotal.com/gui/file/747d944786e862699b6201486c95620988e92a81d27f743bcf06e3670b3873ce/detection

42.193.136.16:10008

# Reference: https://www.virustotal.com/gui/file/33a564dd952ecba2a57ccfabac97a25aa6454d974ea493ace6ae212bc25374a6/detection
# Reference: https://www.virustotal.com/gui/file/e4d5b7fd5661bd507a600363b3f0ff8ef657101379372c636a4f9aa73af1a924/detection

110.40.188.20:8899

# Reference: https://www.virustotal.com/gui/file/313b8227f988ea257d19c5aca24c5d76f034647ffb6e20b1eb29ab3fb22ce6bb/detection

121.4.240.248:38080

# Reference: https://www.virustotal.com/gui/file/6da1b35ef3b88a801c9256c45d4eed523a9648b0b63726c8f97d701fb6fa7a22/detection

http://121.4.240.248
121.4.240.248:10080

# Reference: https://www.virustotal.com/gui/file/e62d001f618d7b50a82953b55faacea25fbc2ed0ce8c79a449920ee7de9b9c13/detection

121.4.240.248:8989

# Reference: https://www.virustotal.com/gui/file/221cbe544b658980ee58b78e771dcefddc4bc7aaffcaf7798596aad23423c31b/detection
# Reference: https://www.virustotal.com/gui/file/258df67fd269f05585a07191ae67e4bd8378606d46a9aa10bd3473604bae5d85/detection
# Reference: https://www.virustotal.com/gui/file/910f08368c08b139a951918b47ac7e0a23ca8f461bb319538ad17916819255bf/detection

162.14.110.99:54333

# Reference: https://twitter.com/drb_ra/status/1478130572358782983

semei.vip

# Reference: https://twitter.com/drb_ra/status/1478130432092872713

spacegreyshop.com

# Reference: https://twitter.com/drb_ra/status/1478130390569205765

45.156.24.151:81
/dnasjdndasd/dasiudnasind/
/dnasjdndasd/
/dasiudnasind/

# Reference: https://twitter.com/drb_ra/status/1478130360848367623

159.89.101.228:3389

# Reference: https://twitter.com/drb_ra/status/1478130136662872069

108.61.184.177:4433
g08.pw
cs.g08.pw

# Reference: https://twitter.com/drb_ra/status/1478130229747281920

5.180.97.29:10010

# Reference: https://twitter.com/drb_ra/status/1478130253990178816

149.248.61.97:8000

# Reference: https://twitter.com/drb_ra/status/1478130166618632195

83.220.170.85:8888

# Reference: https://twitter.com/drb_ra/status/1478130275389431817

45.136.245.84:8811

# Reference: https://twitter.com/drb_ra/status/1478130312429596674

198.13.54.77:4433

# Reference: https://www.virustotal.com/gui/file/56dc06ba377527e27b2f046a7003eec220334c5769c688b5f330824de58a7711/detection

anquan.qianxin.com

# Reference: https://twitter.com/drb_ra/status/1478285950308556801

paydayholiday.me

# Reference: https://twitter.com/drb_ra/status/1478403668538015753

45.62.119.71:8443
gstatic.ml
static.gstatic.ml

# Reference: https://twitter.com/drb_ra/status/1478403674560937989

101.42.103.191:8888

# Reference: https://twitter.com/mojoesec/status/1478471434817130505

bartanaba.com
bartyloha.com
cloudfir.net
gruffnil.com
koltary.com
paarisman.com
shalko.net

# Reference: https://twitter.com/drb_ra/status/1478494031638372352

34.69.77.141:1234

# Reference: https://twitter.com/drb_ra/status/1478493517139922945

23.225.191.10:1453

# Reference: https://twitter.com/drb_ra/status/1478494154648866820

141.164.54.73:2080

# Reference: https://twitter.com/drb_ra/status/1478494095869976585

45.116.13.202:2345

# Reference: https://twitter.com/drb_ra/status/1478493438299545606

45.63.60.77:8000

# Reference: https://twitter.com/drb_ra/status/1478494230519681024

131.255.7.117:10080

# Reference: https://twitter.com/drb_ra/status/1478493977435418631

43.134.163.22:5000

# Reference: https://twitter.com/drb_ra/status/1478494198076743682

23.94.94.27:8050

# Reference: https://twitter.com/drb_ra/status/1478494121190957058

170.178.217.121:5555

# Reference: https://twitter.com/drb_ra/status/1478493371345915905

188.166.216.60:44779

# Reference: https://twitter.com/drb_ra/status/1478493934582173706

45.61.136.110:49443

# Reference: https://twitter.com/drb_ra/status/1478493462127386627

154.215.115.119:9089

# Reference: https://twitter.com/drb_ra/status/1478494227436814337

msanalytics.workers.dev
events.msanalytics.workers.dev

# Reference: https://twitter.com/drb_ra/status/1478493768064057344

forred.xyz
name.forred.xyz

# Reference: https://twitter.com/drb_ra/status/1478493847256813569

18.166.74.220:6524
googleupdate-inc.com
game.googleupdate-inc.com

# Reference: https://twitter.com/bryceabdo/status/1478753369242152971
# Reference: https://twitter.com/malwrhunterteam/status/1478767739716186115
# Reference: https://www.virustotal.com/gui/file/e424a0ff956433e468ec8c1220f6b2b760e8624187c011e4dabf227a285af670/detection

cgbchnia.com
vx-cdn.com
ctfwiki.workers.dev
tmp-titan.vx-cdn.com

# Reference: https://twitter.com/drb_ra/status/1478764227003404295

developersgoogle.workers.dev

# Reference: https://www.virustotal.com/gui/file/ae77e0249a5f3da185b009efc121c57df876f7aebfb2f06f5c269f62f695a146/detection

121.36.20.155:1234

# Reference: https://www.virustotal.com/gui/file/6696d07a039d1503f4d162debceeaf0b87e99647c60bc32bad2f46cf480a1502/detection
# Reference: https://www.virustotal.com/gui/file/447a3c82796f1ac1c97ea70a7461f806fb36f4c7d4296b0019c28ea12ce446bb/detection

104.21.50.145:2096
172.67.207.2:8880
lcddd.space

# Reference: https://twitter.com/drb_ra/status/1478856154621128709

92.255.85.84:12458

# Reference: https://twitter.com/drb_ra/status/1478855895438221315

8.134.13.212:8080

# Reference: https://twitter.com/drb_ra/status/1478855922843803649

121.5.76.27:8080

# Reference: https://www.virustotal.com/gui/file/0a2de4ac6d8415c7487623ecc4a822b1856a2f5ec67b98b3a6cdbff5ef50ef2f/detection

119.3.237.204:2095
119.3.237.204:8000
wabgs.cloud

# Reference: https://www.virustotal.com/gui/file/68cd9abc09c6d5c48aab634bbb0784740e7fca07e7f05cdb9937254d3be163e2/detection

http://45.142.212.205

# Reference: https://www.virustotal.com/gui/file/fc9e1a209fe7506f1fb13e2c768b8b2b9b5ad24b1d2a3cd6226296cd778510be/detection

http://45.142.212.230

# Reference: https://twitter.com/drb_ra/status/1479010713544835075

insuranceanalytics.workers.dev
services.insuranceanalytics.workers.dev

# Reference: https://twitter.com/drb_ra/status/1478855670900350977

hr-spot.com
ns1.hr-spot.com
secure.hr-spot.com

# Reference: https://twitter.com/drb_ra/status/1479036937507942400

ag-playgame.com
cdn.ag-playgame.com

# Reference: https://twitter.com/drb_ra/status/1479037024132911111

1.15.151.191:3306

# Reference: https://twitter.com/drb_ra/status/1479037120182464512

128.199.223.60:8080

# Reference: https://twitter.com/drb_ra/status/1479036990331015175

evalstars.com
admin.evalstars.com

# Reference: https://twitter.com/drb_ra/status/1479037084321161217

service-af9b4gdn-1304405887.sh.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/ee4f5e53b2198d921673e6995b05df5b913165730b1456fcd38aadee4b0421f7/detection

pharmgenz.com

# Reference: https://www.virustotal.com/gui/file/8f0d38efbe8bb0d31fa976b894050f04f15d2f610a268f0c68271017091ba79a/detection

45.142.212.161:443

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-05-IOCs-for-TA551-IcedID-with-Cobalt-Strike.txt

216.244.95.165:778
23.227.196.35:787
customsecurityusa.com
juniperengineer.com

# Reference: https://twitter.com/drb_ra/status/1479127356488962053

210.1.226.241:8443
officeupdate.workers.dev
royal-union-d714.officeupdate.workers.dev

# Reference: https://twitter.com/drb_ra/status/1479127214616719363

185.118.165.28:9168

# Reference: https://twitter.com/drb_ra/status/1479127303905062917

cdn.update.microsoft.com.w.kunluncan.com

# Reference: https://twitter.com/drb_ra/status/1479127361757003776

insuranceanalytics.workers.dev
services.insuranceanalytics.workers.dev

# Reference: https://twitter.com/drb_ra/status/1479127375900299266

msanalytics.workers.dev
events.msanalytics.workers.dev

# Reference: https://twitter.com/drb_ra/status/1479127382304899072

104.207.153.176:8001

# Reference: https://twitter.com/drb_ra/status/1479127276113612801

192.74.254.19:8091

# Reference: https://twitter.com/drb_ra/status/1479127405134557185

1.14.109.31:7777

# Reference: https://twitter.com/drb_ra/status/1479127244081700866

47.96.89.129:8080

# Reference: https://www.virustotal.com/gui/file/0cb5c58728b0e378b9c107cbab033c4f3f67d78d9d0974e65b5393ae5f65cf13/detection

31.192.235.120:655

# Reference: https://www.virustotal.com/gui/file/5d7930c78d1f3e73c924fcbdb602506d9d4c7d1c4268325b6788645f72aa450b/detection

204.44.95.237:8888

# Reference: https://www.virustotal.com/gui/file/ca3b311674909126521f894b046180d7ef9db3e075974fe2ff9f98ed682a28ad/detection
# Reference: https://www.virustotal.com/gui/file/74c1136863f1a93c05c3fc091c141daa5bb91369915ea2c0648dae33872def9d/detection

59.110.165.235:40001

# Reference: https://www.virustotal.com/gui/file/bc984aeacfe38fcccde2961838fa95c68dcc6e0e3c02f0437e6aa5b6b01d6b15/detection

47.102.147.243:9999

# Reference: https://www.virustotal.com/gui/file/d1e93dd84ed0420f881215c70ba46c2ed214ebf8f7e2521dc541b0af26e48371/detection

47.113.190.49:6422

# Reference: https://twitter.com/drb_ra/status/1479373095538470912

us-central1-workers-330722.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1479372996334739457

service-2bt5skq1-1302844954.sh.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/ip-address/91.211.91.110/relations

hotbunniesnft.art

# Reference: https://www.virustotal.com/gui/file/f371a1d90bc8b84f03a2e67d0f0c75f90fdc086b55dc376b7e33088c96ec85c8/detection

http://23.106.122.195

# Reference: https://www.virustotal.com/gui/file/a53b4c76e1520508862d83b16db45f0b8ffcadcd9785195faf487a4abb50ee10/detection

1.117.59.141:88

# Reference: https://www.virustotal.com/gui/file/9c966aeda5ec8c9b2697879c867b3e94906637b2d4f468e2c8df2e9fef2fb7ba/detection

1.117.59.141:84

# Reference: https://www.virustotal.com/gui/file/f2169703639448701f99d0bb97cf710a0029ae5e76c4523344763342ed9dcd8a/detection

1.117.59.141:888

# Reference: https://www.virustotal.com/gui/file/7b70bd94b32f83bc75b226995bc139b9c75baf1d5fba7e8161d2c46cc6d5894d/detection

1.117.59.141:91

# Reference: https://twitter.com/drb_ra/status/1479372980497047554

http://1.117.59.141

# Reference: https://www.virustotal.com/gui/file/147991cd55a00ebb2ffe8053e49f40d13d334c54d073b083578bbbedcd6b2389/detection

midcitylanews.com

# Reference: https://twitter.com/drb_ra/status/1479399841939791873

1.15.232.71:9997

# Reference: https://twitter.com/drb_ra/status/1479399880762269698

139.196.87.27:40002

# Reference: https://twitter.com/drb_ra/status/1479399813775081473

194.163.134.129:8443

# Reference: https://twitter.com/drb_ra/status/1479400150514769927

lwindowsupdate.cf
0012eb.lwindowsupdate.cf

# Reference: https://twitter.com/drb_ra/status/1479399908805423106

jquery.norincogroup.com.cn

# Reference: https://www.virustotal.com/gui/file/753b963da067d9e38d5f11e98b957204bf5848f8a34f4a2d3cc66e8eb9239340/detection
# Reference: https://www.virustotal.com/gui/file/4178f38c423778bb19dd26983c6814706ea21ef45588709d4945a79e229bf5fe/detection

http://47.107.40.116

# Reference: https://www.virustotal.com/gui/file/55570b77a509047bb4370360a4952d21ac786caa27ef9d1d0c3f1b8d65e1c8d6/detection

101.34.7.199:443

# Reference: https://twitter.com/TheDFIRReport/status/1479464087964643328

azuregroupusa.com
exchangersdirectory.com
myusapayroll.com
zedtool.com
vorbitech.com

# Reference: https://twitter.com/drb_ra/status/1479462012325449728

itctka4v.club

# Reference: https://twitter.com/drb_ra/status/1479461945233321995

d30bham075f6wf.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1479462068336091142

207.148.112.209:6007

# Reference: https://twitter.com/drb_ra/status/1479462041165484041

service-5uafdphd-1258031921.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1479466651577991175

exchangersdirectory.com

# Reference: https://twitter.com/drb_ra/status/1479461888182390790

47.105.205.216:8080

# Reference: https://twitter.com/drb_ra/status/1479461971577741319

144.202.122.143:1
trendmicro.96html.com
careers.trendmicro.96html.com

# Reference: https://twitter.com/drb_ra/status/1479490595689275396

us-central1-us-east133.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1479490484619948039

lwwwamazon.ga
store.lwwwamazon.ga

# Reference: https://twitter.com/drb_ra/status/1479490410418475015

18.141.185.122:9999

# Reference: https://twitter.com/drb_ra/status/1479490529784217603

104.168.213.31:8443

# Reference: https://www.virustotal.com/gui/file/0bb5014bb1c7c2837426de8fbc06c4b7b840e5b5b0ebe44fdf3c3dc7f55a0133/detection
# Reference: https://www.virustotal.com/gui/file/53eb755d0ca5f97310bf7eebb5c1072007c04ff70e7f6ed5c58469e5784b13c8/detection

143.198.153.75:10004
cs40testa.ddnsfree.com
cstest20220104.ddnsfree.com

# Reference: https://twitter.com/drb_ra/status/1479554264443850757

tracesdk.azurewebsites.net

# Reference: https://twitter.com/drb_ra/status/1479554201437052936

shop.96html.com

# Reference: https://twitter.com/drb_ra/status/1479554088572489736

traffic.96html.com

# Reference: https://twitter.com/drb_ra/status/1479554136324685830

us-central1-our-brand-330616.cloudfunctions.net

# Reference: https://www.virustotal.com/gui/file/508d3151894079e7762e60f790e53358fc6842f4f67b988542d7c3d2eb51ec82/detection
# Reference: https://www.virustotal.com/gui/file/df2fc8d2b6b41519e63256ea06925bcd768bdb836eb36a5bbfddb9b1a83ef83f/detection

1.117.117.202:2380

# Reference: https://www.virustotal.com/gui/file/6c1b1547f82b8816e2c8a10b243ce5eff50e6e1d9f9e93777eb4d6ff1d4feeb2/detection

23.236.67.14:8099

# Reference: https://twitter.com/drb_ra/status/1479581526815870979

107.173.255.106:8789

# Reference: https://twitter.com/drb_ra/status/1479581356690751490

110.42.213.239:8000
updateservices.org

# Reference: https://twitter.com/drb_ra/status/1479581390995873796

cggc.cn

# Reference: https://twitter.com/drb_ra/status/1479582007164350470

35.241.127.243:9988

# Reference: https://twitter.com/drb_ra/status/1479581961555525632

103.223.122.13:5555

# Reference: https://twitter.com/drb_ra/status/1479581858119696384

service-cvd7d5xh-1307608206.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1479582037644304386

103.79.76.171:2087
4xlb.cf
puff.4xlb.cf

# Reference: https://twitter.com/drb_ra/status/1479581892336926721

rafflesmed.com

# Reference: https://twitter.com/drb_ra/status/1479581621288415235

/5eN1bjq8AAUYm2zgoY3K/

# Reference: https://twitter.com/drb_ra/status/1479762779523502083

service-bv4lng5j-1307188804.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1479762817465171969

45.195.149.155:8087

# Reference: https://twitter.com/drb_ra/status/1479762851199954950

service-2740lair-1307188804.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1479762987992985600

150.158.145.221:8787

# Reference: https://twitter.com/drb_ra/status/1479763022323367940

170.130.28.38:1443

# Reference: https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
# Reference: https://otx.alienvault.com/pulse/616d8a397ff2ac1abbc9d7e6

37.120.222.100:8080
cdnchrome.xyz
cdngithub.xyz
cdnsharepoi.xyz
cdnwin.xyz
cdnwindow.xyz

# Reference: https://isc.sans.edu/diary/rss/27738
# Reference: https://otx.alienvault.com/pulse/61138b3527be2b901ed0cb89
# Reference: https://www.virustotal.com/gui/file/46c24d45ab234f19b3f531a2d5fc1591ebd648729253d86408ba5d051ca26372/detection

xagadi.com
wocesa.com

# Reference: https://www.virustotal.com/gui/file/58bc801536512d95e73b6e022878578edd281671144172f651e2f660d4103a1d/detection

115.159.97.35:6666

# Reference: https://www.virustotal.com/gui/file/494c3aa457c3cfedb284692f2453bc7b71f6bd11895dc978781ff8a99e7be750/detection

115.159.97.35:8090

# Reference: https://www.virustotal.com/gui/file/cd7ef5dcbc5aec090c6bc80f1d9c84328427c3d031978d7b1073c9994aca8b28/detection

82.157.186.143:4444

# Reference: https://www.virustotal.com/gui/file/96789fcc3e54e7f1dfda52eef3666ac9d001bb5ada40adc6f5ddc34a0af9fd75/detection

82.157.186.143:6688

# Reference: https://www.virustotal.com/gui/file/21ded6b7ab1bfa37aeec8e7f1414b8e7ac0420a2996b84d56901dff8f56c132e/detection

http://82.157.186.143
82.157.186.143:7788

# Reference: https://twitter.com/drb_ra/status/1479942985567645700

service-n9xzk373-1259394072.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1479942954102018048

116.62.220.178:8008

# Reference: https://twitter.com/drb_ra/status/1480188338015555586

service-kuy0ymso-1258515730.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480188506014199808

service-mil498r1-1304431511.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480188298341629954

tencents-cdn.com

# Reference: https://twitter.com/drb_ra/status/1480188625681801219

updating.tk
win.updating.tk

# Reference: https://twitter.com/drb_ra/status/1480188449714024450

47.243.134.222:8080

# Reference: https://twitter.com/drb_ra/status/1480214886798053376

neeon.online

# Reference: https://twitter.com/drb_ra/status/1480214797971034121

service-7pxil39m-1259245302.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480304261280026624

message-cncc.com

# Reference: https://twitter.com/drb_ra/status/1480304857521311748

45.32.46.137:10088

# Reference: https://twitter.com/drb_ra/status/1480305319876124673

45.77.12.242:8899

# Reference: https://twitter.com/drb_ra/status/1480304611156279296

updateskype.com

# Reference: https://twitter.com/drb_ra/status/1480304207148339200

164.68.115.111:8875

# Reference: https://twitter.com/drb_ra/status/1480305263769010180

66.42.98.139:9433

# Reference: https://twitter.com/drb_ra/status/1480305231858655236

trendmrcio.com
service.trendmrcio.com

# Reference: https://twitter.com/drb_ra/status/1480305078892474371

service-qwpjowgd-1305123912.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480305047007285248

cdn-msdn.com

# Reference: https://twitter.com/drb_ra/status/1480304956502593537

107.172.190.151:8888

# Reference: https://twitter.com/drb_ra/status/1480304879847489538

116.193.152.8:8888

# Reference: https://twitter.com/drb_ra/status/1480304833492045824

123.253.35.231:8090

# Reference: https://twitter.com/drb_ra/status/1480304806912835585

47.242.242.29:8032

# Reference: https://twitter.com/drb_ra/status/1480304706132094978

service-2bt5skq1-1302844954.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480304578725826560

139.180.196.55:6666

# Reference: https://twitter.com/drb_ra/status/1480304476024102912

reasonschoose.xyz
anzhuonixiang.reasonschoose.xyz

# Reference: https://twitter.com/drb_ra/status/1480304450031874051

157.245.137.205:82

# Reference: https://twitter.com/drb_ra/status/1480304418767659017

al0network.com

# Reference: https://twitter.com/drb_ra/status/1480304394272972808

service-7hpu9sh5-1308415298.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480304308138696707

141.164.47.74:8443

# Reference: https://twitter.com/drb_ra/status/1480304229701009408

joannes.tk
cloud.joannes.tk

# Reference: https://twitter.com/drb_ra/status/1480304165951836169

23.227.190.205:7777
keyedge.digital

# Reference: https://twitter.com/drb_ra/status/1480304138370039812

kelry1.com

# Reference: https://twitter.com/drb_ra/status/1480304083395391488

mstelemetry.workers.dev
update.mstelemetry.workers.dev

# Reference: https://twitter.com/drb_ra/status/1480303995910504456

us-central1-our-brand-330616.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1480278956112756739

47.101.210.150:8888

# Reference: https://twitter.com/drb_ra/status/1480278924508676100

212.86.114.58:1337

# Reference: https://twitter.com/drb_ra/status/1480328637220020229

27.72.102.109:1443

# Reference: https://twitter.com/drb_ra/status/1480460166130765827

8.210.224.18:8090
360query.tk

# Reference: https://twitter.com/drb_ra/status/1480460194295558146

8.210.224.18:4433

# Reference: https://twitter.com/drb_ra/status/1480486993402507264

1.13.0.155:8443

# Reference: https://twitter.com/drb_ra/status/1480486968358322177

110.42.252.206:8088

# Reference: https://twitter.com/drb_ra/status/1480487174940381185

110.42.244.165:10010

# Reference: https://twitter.com/drb_ra/status/1480486810249748482

service-iyvz90g6-1308412104.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480487035907588101

oraclecdn.ml

# Reference: https://twitter.com/drb_ra/status/1480576284178751497

peacehealthmedgroup.org

# Reference: https://twitter.com/drb_ra/status/1480576273961426951

estts.net

# Reference: https://twitter.com/drb_ra/status/1480666975688802306

137.175.19.3:8022

# Reference: https://twitter.com/drb_ra/status/1480667033419149313

sophospanels.com

# Reference: https://twitter.com/drb_ra/status/1480667156027424770

23.227.196.35:787

# Reference: https://twitter.com/drb_ra/status/1480667113895260160

service-hgstg4de-1258693037.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1480667001094025218

xamazinho.ddns.net

# Reference: https://twitter.com/drb_ra/status/1480822481669795844

45.135.116.233:8080

# Reference: https://www.virustotal.com/gui/ip-address/103.242.133.23/relations
# Reference: https://www.virustotal.com/gui/file/3c3db044dfd3b6e7332e146b0f22bb7385098928fa7fd84f197e7bf8878810d0/detection

103.242.133.23:10080
googcdn.com
flash.googcdn.com

# Reference: https://www.virustotal.com/gui/file/b55eb2802772e65eeed698130c0fbf1e0ee61116caf0aef9b40394c716523a06/detection

42.240.130.223:62313

# Reference: https://twitter.com/drb_ra/status/1480954258380013572

107.172.250.201:8880

# Reference: https://twitter.com/drb_ra/status/1480954323395915778

179.60.150.31:53

# Reference: https://twitter.com/drb_ra/status/1481003665758511106

chjyarwg3rt2245knfabeuda7kkvku26kuqabdepk3bc44bd4yz5mrqd.onion.ws

# Reference: https://twitter.com/drb_ra/status/1481003666752606215

mf2uls5ota6xijzh5hxktaamunrc4cmjkqkxbhk74bp4uruq6ptph7id.onion.ws

# Reference: https://twitter.com/drb_ra/status/1481003831630745606

winrarsolutions.com

# Reference: https://twitter.com/drb_ra/status/1481184967317204993

47.240.46.77:43317

# Reference: https://twitter.com/drb_ra/status/1481029648532258820

service-62ff6099-1302108328.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1481029698541035526

update41.microsoft-essentials.com

# Reference: https://twitter.com/drb_ra/status/1481029731701121034

103.234.72.104:9999

# Reference: https://twitter.com/drb_ra/status/1481029877209960448

quadriplex.com

# Reference: https://twitter.com/drb_ra/status/1481029911498399748

sqldatabaseupdate.tech
framework.sqldatabaseupdate.tech
online.sqldatabaseupdate.tech
upload.sqldatabaseupdate.tech

# Reference: https://twitter.com/drb_ra/status/1481030110383849474

epam-careers.net

# Reference: https://twitter.com/drb_ra/status/1481030145574060032

xiaolijuan.com
gxncpltw.com.w.kunluncan.com
sub.xiaolijuan.com

# Reference: https://twitter.com/drb_ra/status/1481030177220182022

getforpc.com

# Reference: https://twitter.com/drb_ra/status/1481030281847087112

evilzz.me
z.evilzz.me

# Reference: https://twitter.com/drb_ra/status/1481030648668246019

caipiaosms.com
api.caipiaosms.com

# Reference: https://twitter.com/drb_ra/status/1481030958841311233

134.122.134.64:8888

# Reference: https://twitter.com/drb_ra/status/1481030920538927109

92.255.85.85:82

# Reference: https://twitter.com/drb_ra/status/1481030424663048193

bupdates.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1481030772106702848

104.168.135.187:7455

# Reference: https://twitter.com/drb_ra/status/1481029617217679370

81.68.254.225:8080

# Reference: https://twitter.com/drb_ra/status/1481030802163085314

stcxxx.iqiyi.com

# Reference: https://twitter.com/drb_ra/status/1481211467064127491

49.234.8.248:8090

# Reference: https://twitter.com/drb_ra/status/1481211598048043009

8.141.57.174:18081

# Reference: https://twitter.com/drb_ra/status/1481211680034074629

49.232.191.228:8885

# Reference: https://twitter.com/drb_ra/status/1481211404141174786

61.136.115.140:8000

# Reference: https://twitter.com/drb_ra/status/1481211705619271686

198.13.49.215:55555

# Reference: https://twitter.com/drb_ra/status/1481211429541883905

service-lxyhuozm-1301500665.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1481211730382532614

nevdomain.xyz
wahahapik.nevdomain.xyz

# Reference: https://twitter.com/drb_ra/status/1481211797160054787

123.253.35.231:8088

# Reference: https://twitter.com/drb_ra/status/1481211535468937219

baidul.xyz

# Reference: https://twitter.com/drb_ra/status/1481275629479895040

service-n9xzk373-1259394072.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1481275547829350400

unionpaychina.net

# Reference: https://twitter.com/drb_ra/status/1481275565218967559

epam.azureedge.net

# Reference: https://www.virustotal.com/gui/file/94a88a7ca5c014eb76993caef3dde2147fd994f69d7ace87db0ded4e8b4079aa/detection

http://124.223.35.157

# Reference: https://www.virustotal.com/gui/file/d88a359715e43119c07b14e097902f3298c7fb9b06c75f471ecc71a640822576/detection

124.223.35.157:2476

# Reference: https://twitter.com/drb_ra/status/1481366051363467271

us-ports.com

# Reference: https://www.virustotal.com/gui/file/82be397e385957c7e103bd97f037b1dd8248e12d7966c4c0c3df5085826e2999/detection

39.107.141.48:8089

# Reference: https://www.virustotal.com/gui/file/ce688201051ff0c37f2ad2228153d3fdffcc2ea47bdf2607c203ee386c7e8dc1/detection

180.76.162.68:6688

# Reference: https://twitter.com/drb_ra/status/1481393014429868036

47.104.179.218:999

# Reference: https://twitter.com/drb_ra/status/1481392865305677825

103.98.17.52:500

# Reference: https://twitter.com/drb_ra/status/1481392593930010625

172.245.79.146:8081

# Reference: https://twitter.com/drb_ra/status/1481392959786475521

service-3if20dey-1308639534.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1481392719255818243

43.156.4.73:2052
commonlit.app
neusoft.space
sgg.neusoft.space

# Reference: https://twitter.com/drb_ra/status/1481392892367233028

coterieinsurance.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1481392771919486978

ijuhdnh.workers.dev
fragrant-shadow-13cd.ijuhdnh.workers.dev

# Reference: https://twitter.com/drb_ra/status/1481392678268985345

18.223.233.177:8088
ltxuli.com

# Reference: https://twitter.com/drb_ra/status/1481392360412127235

91.202.204.36:8080

# Reference: https://twitter.com/drb_ra/status/1481392532856713217
# Reference: https://twitter.com/drb_ra/status/1481392079217512456

www3.cloud
api.www3.cloud
news.www3.cloud

# Reference: https://twitter.com/drb_ra/status/1481392488015441929

150.158.13.179:8080
haoanaa.cf

# Reference: https://twitter.com/drb_ra/status/1481392511922933767

116.193.152.8:7979

# Reference: https://twitter.com/drb_ra/status/1481392333685940233

45.77.208.233:8443
ssrserver-update.xyz
test.ssrserver-update.xyz

# Reference: https://twitter.com/drb_ra/status/1481392275242594306

81.17.16.106:8080

# Reference: https://twitter.com/drb_ra/status/1481392163862814722

119.91.251.243:50002

# Reference: https://twitter.com/drb_ra/status/1481392243542007819

193.42.24.125:10000
sockets.softether.net

# Reference: https://twitter.com/drb_ra/status/1481392300274106375

test-and-trace.app
analytics.test-and-trace.app

# Reference: https://twitter.com/drb_ra/status/1481392204484591617

gsss.workers.dev
shrill-bar-dbc1.gsss.workers.dev

# Reference: https://twitter.com/drb_ra/status/1481392004672233473

fiash.ga

# Reference: https://twitter.com/drb_ra/status/1481391973751734273

92.222.136.224:55

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-12-IOCs-for-IcedID-with-Cobalt-Strike-and-DarkVNC.txt

104.168.44.45:443

# Reference: https://twitter.com/drb_ra/status/1481547403660513282

siole.tk
cdn.siole.tk

# Reference: https://twitter.com/drb_ra/status/1481547480810639367

xxxxxxxlm.tk
anzhuo.xxxxxxxlm.tk

# Reference: https://twitter.com/drb_ra/status/1481663869949038596

service-anwlalbi-1302650299.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1481664050199207936

service-d9w2yjgu-1302420290.gz.apigw.tencentcs.com

# Reference: https://twitter.com/bryceabdo/status/1482045351943094273
# Reference: https://www.virustotal.com/gui/file/73baa040cd6879d1d83c5afab29f61c3734136bffe03c72f520e025385f4e9a2/detection

braprest.com

# Reference: https://www.virustotal.com/gui/file/01383cd292942f754d098b5a36acf8f47223a8980a1a91f0afcad5a29bac92e0/detection

http://101.42.233.208

# Reference: https://www.virustotal.com/gui/file/368c778838770ef38a40e8530bcc617dcaf8230a6bb6a70c362bdf26e5f4e02d/detection

newsdoom.com

# Reference: https://twitter.com/TheDFIRReport/status/1482078434327244805

http://185.112.83.116
185.112.83.116:8080

# Reference: https://twitter.com/drb_ra/status/1482090963258519554

123.253.35.234:8443

# Reference: https://www.virustotal.com/gui/file/aa760eb1ac63df21d997b67d7aa815ea714969b2846aca8b47fea5941b441663/detection

39.106.93.152:8001

# Reference: https://www.virustotal.com/gui/file/d2b49058be463ddfd74ffee1824b464ad42b4fc104709f865830ac8dd031694a/detection

http://46.166.161.123
ciscosecuritu.com

# Reference: https://twitter.com/drb_ra/status/1482116550010277892

118.193.62.241:81

# Reference: https://twitter.com/drb_ra/status/1482116989632094209

45.156.24.200:86

# Reference: https://twitter.com/drb_ra/status/1482117293182275587

47.242.29.98:49154

# Reference: https://www.virustotal.com/gui/file/fb88c05be0c30b6632f707c1f3c873c130ceb5273a46d48f2dd5cfdde0ccbeba/detection

39.106.93.160:50020

# Reference: https://twitter.com/drb_ra/status/1482272111074979840

fuzanoj.com

# Reference: https://twitter.com/drb_ra/status/1482116550010277892

118.193.62.241:81

# Reference: https://twitter.com/drb_ra/status/1482116657334169609

210.108.146.194:5353

# Reference: https://twitter.com/drb_ra/status/1482116740368814086

palauhealths.com

# Reference: https://twitter.com/drb_ra/status/1482116867439407104

158.247.204.207:1111

# Reference: https://twitter.com/drb_ra/status/1482116989632094209

45.156.24.200:86

# Reference: https://twitter.com/drb_ra/status/1482117059035209730

1.15.41.163:8089

# Reference: https://twitter.com/drb_ra/status/1482117088764432384

service-ir7mxmrz-1255840758.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482117129986097153

serverworker.com

# Reference: https://twitter.com/drb_ra/status/1482117166573010949

firmwarekey.com

# Reference: https://twitter.com/drb_ra/status/1482117256821841926

znertino.com

# Reference: https://twitter.com/drb_ra/status/1482117293182275587

47.242.29.98:49154

# Reference: https://twitter.com/drb_ra/status/1482117331358826498

b2bdirector.com

# Reference: https://twitter.com/drb_ra/status/1482117360232321024

8.214.23.44:8080

# Reference: https://twitter.com/drb_ra/status/1482117461247991812

hsanzsa.xyz

# Reference: https://twitter.com/drb_ra/status/1482117406122201095

mvnetworking.com

# Reference: https://www.virustotal.com/gui/file/61f6fce2619acbe877a3abd204c4381da3cf0209206c5c2323f9af6261c2f10a/detection

119.29.84.28:9999

# Reference: https://www.virustotal.com/gui/file/aaf9d59c59d3d527ca899394b04e42ca4fe36a3dc1cf36f6cbd8efa43966b422/detection

207.148.23.64:443

# Reference: https://otx.alienvault.com/pulse/618137d47d1e3449918cdd21

http://190.114.254.116

# Reference: https://twitter.com/drb_ra/status/1482453223613022214

gougou.ml

# Reference: https://twitter.com/drb_ra/status/1482453322506567680

dikopago.com

# Reference: https://www.virustotal.com/gui/file/c9e932c18c450d4dab18d12fc2e11f7072fb968e5cbda9158490884cc646124c/detection

139.196.87.27:40001

# Reference: https://www.virustotal.com/gui/file/4ca918daf792da9d23a2df777bd6f152b2d676aff0e35c619c3a00bcc0e4bcf4/detection

http://47.96.166.107

# Reference: https://www.virustotal.com/gui/file/7715ee86ba61daefa5e25ff0a04678cb29ab3b3a5b30d5761b06dfa5fd0fd55d/detection

47.96.166.107:443

# Reference: https://www.virustotal.com/gui/file/f8f5a1b85ede9f282450a2047b0897fa4e037481e0ac380f222a68849210633c/detection

47.96.166.107:8089

# Reference: https://www.virustotal.com/gui/file/af2aae71a8c1e7e785e56e674dfeeec90c0eb8489fb11f13c3ed9b486dd29895/detection

47.96.166.107:6687

# Reference: https://twitter.com/drb_ra/status/1482478913813164034

contentsecure.net
cdn.contentsecure.net

# Reference: https://twitter.com/drb_ra/status/1482478890392211459

43.129.76.68:88

# Reference: https://www.virustotal.com/gui/file/7c57476ebf5eeb74038ce298d64172e4d1bbec17667049d4be938954cdfc829c/detection

104.225.238.85:81

# Reference: https://twitter.com/drb_ra/status/1482479145028308995

104.244.91.197:8080
googleyiqi.tk
tk.googleyiqi.tk

# Reference: https://twitter.com/drb_ra/status/1482479200523198464

192.161.55.13:6666

# Reference: https://twitter.com/drb_ra/status/1482479091110617089

103.149.27.148:6666

# Reference: https://twitter.com/drb_ra/status/1482479299194204168

1.14.98.183:8888

# Reference: https://twitter.com/drb_ra/status/1482479118205829126

106.15.107.204:8443

# Reference: https://twitter.com/drb_ra/status/1482479393935142912

ris.gid.rispacsmx.com

# Reference: https://twitter.com/drb_ra/status/1482479433932062720

173.82.187.137:5457

# Reference: https://twitter.com/drb_ra/status/1482479330047500288

8.210.43.76:65432

# Reference: https://twitter.com/drb_ra/status/1482479628564549632

45.11.47.243:4444

# Reference: https://twitter.com/drb_ra/status/1482479678602592267

wagonovk.com

# Reference: https://twitter.com/drb_ra/status/1482479804259741701

77.83.199.189:8080

# Reference: https://twitter.com/drb_ra/status/1482479766594891783

8.214.127.215:8845
delicate-credit-2ade.fsonve.workers.dev

# Reference: https://www.virustotal.com/gui/file/4ccfd9f7d082e3660e67dcdec68ce5cc22a408af583bae38698ef7c95f3b5f1d/detection

101.34.223.76:60001

# Reference: https://www.virustotal.com/gui/file/ceac24d1b27e770b37c09527abc760e2f336ac620aa42045fe972d8e759d3b85/detection

134.122.14.112:8088

# Reference: https://twitter.com/drb_ra/status/1482660989489369091

service-rs0iggq1-1305836665.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482661042220109828

35.220.143.108:8089

# Reference: https://twitter.com/drb_ra/status/1482661113477087234

vip-source.com

# Reference: https://twitter.com/drb_ra/status/1482661156343140361

45.76.68.78:10443

# Reference: https://twitter.com/drb_ra/status/1482661181881991170

43.134.230.170:5000

# Reference: https://twitter.com/drb_ra/status/1482661087153737728

45.32.62.219:8990

# Reference: https://twitter.com/drb_ra/status/1482725346088738824

kalitre.com

# Reference: https://twitter.com/drb_ra/status/1482725488271450120

qvibova.com

# Reference: https://twitter.com/drb_ra/status/1482725002109722630

jenevabaiden.com

# Reference: https://twitter.com/drb_ra/status/1482725058489507843

81.68.225.136:8888

# Reference: https://twitter.com/drb_ra/status/1482725089602945026

94.74.119.48:8443

# Reference: https://twitter.com/drb_ra/status/1482725599416311810

94.74.119.48:5443

# Reference: https://twitter.com/drb_ra/status/1482725412031639554

berlinwomc.com

# Reference: https://twitter.com/drb_ra/status/1482725444201988102

excellent9.xyz

# Reference: https://twitter.com/drb_ra/status/1482725204459728897

docuprepit.com
/wp-includes/js/script/indigo-migrate

# Reference: https://twitter.com/drb_ra/status/1482725556047298561

claysec.tk
cs.claysec.tk

# Reference: https://twitter.com/drb_ra/status/1482725514636836870

us-central1-oh-37843.cloudfunctions.net

# Reference: https://www.virustotal.com/gui/file/0ab18f6e06247e3e2deafc3295f21a50584be87512e071419be93cb17502453f/detection

95.179.165.239:443

# Reference: https://twitter.com/drb_ra/status/1482751533523603458

139.155.14.124:8080

# Reference: https://twitter.com/drb_ra/status/1482751652448935938
# Reference: https://twitter.com/drb_ra/status/1482751653724012552

http://193.242.145.134
193.242.145.134:443
/Originate/generic/MAUSN2NIOD8

# Reference: https://twitter.com/drb_ra/status/1482751686137495556

service-gwdlq415-1306669097.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482751841653997571

service-lxyhuozm-1301500665.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482751816840499201

1.117.155.217:8090
service-mdgeey3n-1259685312.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482751560887468035

service-0w6u16ob-1305847329.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482751621939486727

120.26.81.185:8888
service-ho8e4qg1-1308990023.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483025526314913792

47.97.36.209:4343

# Reference: https://twitter.com/drb_ra/status/1483025488947949575

1.116.56.86:81

# Reference: https://twitter.com/drb_ra/status/1483025446446972928

osisoft.app

# Reference: https://twitter.com/drb_ra/status/1483025414142541824

1.15.225.143:8456

# Reference: https://twitter.com/drb_ra/status/1483025378427953154

service-fohkqszm-1300972060.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483025271502610432

service-iyvz90g6-1308412104.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483025269858480134

service-f1tdfeby-1258515730.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482996842799538176

service-7ly8pn0p-1308768559.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1482841948817965061

185.135.73.248:3412

# Reference: https://twitter.com/drb_ra/status/1482841921764700167

92.255.57.203:81

# Reference: https://www.virustotal.com/gui/file/a585f7ded308c3f1be25b522eeab88423b6dca2710f0b7e64ae8c683454a69eb/detection

217.182.54.222:3306

# Reference: https://www.virustotal.com/gui/file/10f00665553f2e3ae374581442eff17115af8ada37879a6a041c5b8642b5685a/detection

217.182.54.222:21

# Reference: https://www.virustotal.com/gui/file/3ab3aa2bfade11401041c139dabc02dfebcccf7bd5a7524818782d49e50d0abf/detection

217.182.54.222:22221

# Reference: https://twitter.com/drb_ra/status/1483066099398811652

http://217.182.54.222

# Reference: https://www.virustotal.com/gui/file/633e5e78c6b2c920f19cbd02a64da68fa0c26a38083ecf23fdf42d03fa90ca51/detection

http://47.94.175.146

# Reference: https://twitter.com/MichalKoczwara/status/1483137082465865729

berlinwomc.com
italbara.com
londonbber.com
milanvar.com
paarisman.com
romebor.com

# Reference: https://twitter.com/MichalKoczwara/status/1483141319715397643

citrixseruritys.com
citrixworcspace.com

# Reference: https://twitter.com/drb_ra/status/1483177881400451074

fullwaf.com

# Reference: https://twitter.com/drb_ra/status/1483177881400451074

service-hw6mdvqk-1253883516.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483359175157637122

121.4.88.169:8890

# Reference: https://twitter.com/drb_ra/status/1483204583556014084

service-iyx214zt-1305046769.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483204846031409153

service-brm44217-1305827844.cd.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483204823176654850

143.244.165.123:81

# Reference: https://twitter.com/drb_ra/status/1483204735637278730

134.122.134.62:4430

# Reference: https://twitter.com/drb_ra/status/1483204616728809473

143.198.5.113:8088

# Reference: https://twitter.com/drb_ra/status/1483204480548098054

1.15.232.71:9994

# Reference: https://www.virustotal.com/gui/file/6a67ddca7d49eb70e0449bca16efadeb0d197ccddd948d92ac75964eae256adb/detection

112.124.7.167:6668

# Reference: https://twitter.com/drb_ra/status/1483449731762241537

dnk9t38hcmqp8.cloudfront.net

# Reference: https://twitter.com/h2jazi/status/1483504922003968003

nytimes-content.com.global.prod.fastly.net

# Reference: https://twitter.com/malwrhunterteam/status/1483552405992128514

service-6legtm0z-1301523184.sh.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/c0d121464555f808ff1ecec94832a26fb3ac234111add609478577198186c0d9/detection

101.34.239.71:4436

# Reference: https://www.virustotal.com/gui/file/0e32478ae924e860099afc977a6d62168a3a089172b0b5cac669c56ac6c3497b/detection

101.34.239.71:8099

# Reference: https://threatfox.abuse.ch/ioc/226417/

service-5lwmu7mr-1252795928.sh.apigw.tencentcs.com
/api/getit
/api/postit

# Reference: https://threatfox.abuse.ch/ioc/226417/

159.75.1.146:2052
fuckyoubaby.tk

# Reference: https://twitter.com/drb_ra/status/1483568448756232195

edu-aspire.com

# Reference: https://twitter.com/drb_ra/status/1483568900226826240

slim-well.com

# Reference: https://twitter.com/drb_ra/status/1483568360545828864

microsoftupdateassist.net

# Reference: https://twitter.com/drb_ra/status/1483568389843005441

158.247.192.197:65432

# Reference: https://twitter.com/drb_ra/status/1483568551260733440

103.158.191.20:88

# Reference: https://twitter.com/drb_ra/status/1483568419140255750

162.14.79.254:8080

# Reference: https://twitter.com/drb_ra/status/1483568896674353158

45.32.146.181:8080

# Reference: https://twitter.com/drb_ra/status/1483569186316115969

service-iyx214zt-1305046769.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483569085250260998

47.243.134.222:8443
tencents-cdn.com

# Reference: https://twitter.com/drb_ra/status/1483569018095214594

104.168.151.213:4433
g08.pw
cshh.g08.pw

# Reference: https://twitter.com/drb_ra/status/1483568895185367040

ejv8xluugf.execute-api.ap-east-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1483568710925398022
# Reference: https://www.virustotal.com/gui/file/2493ef27f498e6b8e16d087cf218a34e97249b14d9f1c27c7fffc28b379b2dda/detection
# Reference: https://www.virustotal.com/gui/file/c70d079f2c65272caf0d29d936b5026c61832831036c3cd31d0103447f52a0c4/detection

email.189.cn
yundun.aliyun.com

# Reference: https://twitter.com/drb_ra/status/1483568612510216198

cirite.com

# Reference: https://twitter.com/drb_ra/status/1483568604708843524

176.121.14.117:8083
visualstudioapp.onion

# Reference: https://twitter.com/drb_ra/status/1483568510416654341

47.242.81.50:8099

# Reference: https://twitter.com/drb_ra/status/1483568320318263304

139.159.206.206:8083

# Reference: https://twitter.com/drb_ra/status/1483568244506374145

50.3.132.234:778
routinghardware.com

# Reference: https://twitter.com/drb_ra/status/1483568203024453632

hille1.com

# Reference: https://twitter.com/drb_ra/status/1483568143683489792

167.179.102.21:8888

# Reference: https://twitter.com/drb_ra/status/1483568109407592451

43.228.90.35:8081

# Reference: https://twitter.com/drb_ra/status/1483568070635438081

edgecast-akamaihd.net

# Reference: https://twitter.com/drb_ra/status/1483567997969174550

47.242.81.50:2086
updatemicrsoft.com
support.updatemicrsoft.com
webank.updatemicrsoft.com

# Reference: https://twitter.com/drb_ra/status/1483721857987747849

msedgeupdate.com
js.msedgeupdate.com

# Reference: https://www.virustotal.com/gui/file/a23d30b19a4a4359236076fe53c2995ecca90c82db6fc7d654a825514648dd4a/detection
# Reference: https://www.virustotal.com/gui/file/a23d30b19a4a4359236076fe53c2995ecca90c82db6fc7d654a825514648dd4a/detection

47.242.104.62:8080
cdn.ecbscn.com

# Reference: https://www.virustotal.com/gui/file/d71f3a400f4f86cfa18b182dfaa2c85047d4c30a06acd6bb4ddb51e14cb7965a/detection

49.235.224.81:36545

# Reference: https://www.virustotal.com/gui/file/7ff86bc437a800b3c910a8ca2621cf10cfa4d5c885f24a57ce22c4b1d5c3534e/detection

http://49.235.224.81

# Reference: https://www.virustotal.com/gui/file/b1d3a71958398df1904558546726de57e79f19462aff0bf864f43166c2a2f338/detection

42.194.198.17:10010

# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf
# Reference: https://otx.alienvault.com/pulse/61e59f497022f0fb28114f96

cookiestest.ml
getdns.gd
lzfhome.xyz
qqfinance.ml
win32.fast
win64.fast
win64.sm
coivo2xo.livehost.live
download.lzfhome.xyz
hacktool.python.re
hacktool.win32.fast
hacktool.win64.fast
hacktool.win64.sm
ybk47i6z8q.wikimedia.vip
w01grw7gs.ithome.house

# Reference: https://www.virustotal.com/gui/file/6ffedd98d36f7c16cdab51866093960fe387fe6fd47e4e3848e721fd42e11221/detection

waynecha.com

# Reference: https://twitter.com/drb_ra/status/1483902893891768332

101.34.7.199:8443
tututu.live
proxy.tututu.live

# Reference: https://twitter.com/drb_ra/status/1483749467329339392

service-8wiw5m86-1258984158.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1483749573940101123
# Reference: https://twitter.com/drb_ra/status/1487798394697433094

http://116.204.211.150
116.204.211.150:443

# Reference: https://twitter.com/drb_ra/status/1483749497083768837

116.62.178.6:443

# Reference: https://twitter.com/drb_ra/status/1483749651782197248

http://42.194.217.136

# Reference: https://twitter.com/drb_ra/status/1483749520731213825

http://82.157.63.28

# Reference: https://twitter.com/drb_ra/status/1483749703716069376

http://81.71.101.188

# Reference: https://twitter.com/malwrhunterteam/status/1484082774097244165
# Reference: https://www.virustotal.com/gui/file/cd1c9d25523532f142c9f9b84f26fbb5abb8459c7eee99cf13b3e7f827c9d1a3/detection

multilogin.online
/managed/data/v68.2/tasks/assign
/managed/data/v68.2/tasks/vnd-host

# Reference: https://twitter.com/drb_ra/status/1484084090668204034

170.130.55.207:757

# Reference: https://twitter.com/drb_ra/status/1484084014411624449

142.132.173.125:443

# Reference: https://twitter.com/drb_ra/status/1484083979108106245

103.198.240.151:443

# Reference: https://www.virustotal.com/gui/file/7d2654715b5f3a75dc3a758c18a17c90364f991397e846dbfa2a56f1a2cf8d9d/detection

wget-upd.com

# Reference: https://twitter.com/drb_ra/status/1484110531837542400

http://45.10.52.95

# Reference: https://www.virustotal.com/gui/file/cbeba1a06e96ed7df2e27fc055cb132dc111f6024a9014113501f7e3a2d5e71c/detection

121.134.236.51:8888

# Reference: https://twitter.com/drb_ra/status/1484154664736145408

http://34.213.9.26

# Reference: https://twitter.com/drb_ra/status/1484136674649120773

d36lvvi7x2am0e.cloudfront.net

# Reference: https://twitter.com/malwrhunterteam/status/1484156523869786116
# Reference: https://www.virustotal.com/gui/ip-address/185.161.209.28/relations
# Reference: https://www.virustotal.com/gui/file/531e1e4e076fc0e5a792b60bd138209105f22b2e7b9818aff5efc0ff9f616917/detection

appdllsvc.com
azuredcloud.com
deltacldll.com
mscloudin.com
msdllopt.com
nortonalytics.com
pcamanalytics.com
udporm.com

# Reference: https://twitter.com/malwrhunterteam/status/1484169625935888385
# Reference: https://www.virustotal.com/gui/ip-address/185.233.202.133/relations
# Reference: https://www.virustotal.com/gui/file/bff4d2561e0266acd32afcec74dc33b0b7f0ae2ae8cad5acc99d5e2cd5f22dce/detection
# Reference: https://www.virustotal.com/gui/file/565036e9a3a5e99974f840beeee232ce7ec4fba4847a317956a6ff25964462f3/detection

185.233.202.133:890
185.233.202.133:90

# Reference: https://twitter.com/drb_ra/status/1484202460608708609

1.117.26.187:443

# Reference: https://twitter.com/drb_ra/status/1484265201516040199

racaci.com
zizexa.com

# Reference: https://www.virustotal.com/gui/ip-address/172.241.27.208/relations

lihiluj.com

# Reference: https://twitter.com/drb_ra/status/1484265027272122370
# Reference: https://www.virustotal.com/gui/file/9d43b54d5dc01a1a3c7b50692a9632fbdcbc4cb45fe3dc32a4a19275c84ebcf1/detection
# Reference: https://www.virustotal.com/gui/file/3bf4e13d2edb8e5ac2179bc8a4ad92a255fbbca4642850182d83c2ab84e029b3/detection

frite22.com

# Reference: https://twitter.com/malwrhunterteam/status/1484262283450667018
# Reference: https://www.virustotal.com/gui/file/60d3c01d262319d5b87a9fdf1d05c840429e487def482ca581c6f4bf397efc8f/detection
# Reference: https://www.virustotal.com/gui/file/f764d5514f356016a48f87911dc41ba77706527c90263c9edb925dcab757c156/detection
# Reference: https://www.virustotal.com/gui/file/f3eb5db9372c6911705101b49f9defa0ed61de3d4af922a23164b1ad28cc5f91/detection

http://193.201.9.212
193.201.9.212:58711
193.201.9.212:57119

# Reference: https://twitter.com/drb_ra/status/1484292349526265857

1.14.76.111:8888

# Reference: https://twitter.com/drb_ra/status/1484292489276178435

92.255.85.83:443

# Reference: https://twitter.com/drb_ra/status/1484292647036542986

46.17.98.180:443

# Reference: https://twitter.com/drb_ra/status/1484292554732584968

208.87.206.140:1443

# Reference: https://twitter.com/drb_ra/status/1484292393440583683

154.202.59.41:8081

# Reference: https://twitter.com/drb_ra/status/1484292105304514563

http://193.201.9.197

# Reference: https://twitter.com/drb_ra/status/1484292063642492932

http://45.77.174.87

# Reference: https://twitter.com/drb_ra/status/1484292004079144963

http://45.67.231.163

# Reference: https://twitter.com/drb_ra/status/1484291814395944960

micorsoft.cloud

# Reference: https://twitter.com/drb_ra/status/1484292614430109696

43.129.228.235:1234

# Reference: https://twitter.com/drb_ra/status/1484291903105507332

http://192.3.145.46

# Reference: https://twitter.com/drb_ra/status/1484292583744487425

http://107.172.219.129

# Reference: https://twitter.com/drb_ra/status/1484292035360313346

154.202.59.41:8443

# Reference: https://twitter.com/drb_ra/status/1484292267598921730

198.52.97.132:8088

# Reference: https://twitter.com/drb_ra/status/1484291724985917451

seapp.vip
kk.seapp.vip

# Reference: https://twitter.com/drb_ra/status/1484291935091179522

goodstur.com

# Reference: https://twitter.com/drb_ra/status/1484292462835294214

143.244.165.123:82

# Reference: https://twitter.com/drb_ra/status/1484292433563340802

45.251.243.206:8443

# Reference: https://twitter.com/drb_ra/status/1484292346879651843

micorsoft.co

# Reference: https://twitter.com/drb_ra/status/1484292307721596928

193.200.134.156:7443

# Reference: https://twitter.com/drb_ra/status/1484292183008157699

fedresourcesupport.com

# Reference: https://twitter.com/drb_ra/status/1484292143183245320

nicejuly77.tk

# Reference: https://twitter.com/drb_ra/status/1484291965315342338

http://147.182.240.197

# Reference: https://twitter.com/drb_ra/status/1484291878572937217

108.160.140.120:4567

# Reference: https://twitter.com/drb_ra/status/1484291845177884673

d20unalr05abuz.cloudfront.net
d2ta4wk513xqnh.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1484291688793313281

clinitechnical.com

# Reference: https://twitter.com/drb_ra/status/1484291655318618119

108.160.140.120:2053
csdbj.xyz
api.csdbj.xyz

# Reference: https://twitter.com/drb_ra/status/1484291622598844416

45.89.103.30:6006

# Reference: https://twitter.com/drb_ra/status/1484446648113803268

service-js9uhs84-1307894361.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1484446544740950019

service-anwlalbi-1302650299.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1484446440273420290

oiuetnx.com

# Reference: https://twitter.com/drb_ra/status/1484473143553056769

cctv003.tk

# Reference: https://twitter.com/drb_ra/status/1484473095419219968

101.37.148.119:8080

# Reference: https://twitter.com/drb_ra/status/1484473049491587074

xxmq.pw

# Reference: https://twitter.com/drb_ra/status/1484496866150653959

calytnto.loca.lt

# Reference: https://twitter.com/drb_ra/status/1484523514879217666

192.252.180.68:8009

# Reference: https://twitter.com/drb_ra/status/1484523657888243716

81.69.14.179:443

# Reference: https://www.virustotal.com/gui/file/b3df4b8ef045fea0ad54118c6926d20da2c880a0cb61dce68f6762d1fa1d8c57/detection

81.69.14.179:5555

# Reference: https://twitter.com/drb_ra/status/1484562898508734464

101.43.87.238:8888

# Reference: https://twitter.com/drb_ra/status/1484473179368308741

http://101.33.200.32

# Reference: https://twitter.com/drb_ra/status/1484473242173816833

http://101.42.101.185

# Reference: https://twitter.com/drb_ra/status/1484473282887880705

110.40.184.247:443

# Reference: https://twitter.com/drb_ra/status/1484534718410461185

http://106.55.58.119

# Reference: https://twitter.com/drb_ra/status/1484534652924747782

http://82.157.174.49

# Reference: https://twitter.com/drb_ra/status/1484534528341385218

http://101.201.155.45

# Reference: https://twitter.com/drb_ra/status/1484534605864742913

http://123.56.98.161

# Reference: https://blog.morphisec.com/log4j-exploit-hits-again-vulnerable-vmware-horizon-servers-at-risk
# Reference: https://otx.alienvault.com/pulse/61ea88bbc174f5e9cd25de67
# Reference: https://www.virustotal.com/gui/domain/rogerscorp.org/relations

139.180.217.203:443
rogerscorp.org
api.rogerscorp.org
apicon.rogerscorp.org

# Reference: https://twitter.com/drb_ra/status/1484653578031616001

91.132.59.225:88

# Reference: https://twitter.com/drb_ra/status/1484653645073428483

149.28.142.10:8080
dapig.xyz
test.dapig.xyz

# Reference: https://twitter.com/drb_ra/status/1484653687905656832

http://104.243.22.77

# Reference: https://twitter.com/drb_ra/status/1484653716347269124

107.172.219.129:4444

# Reference: https://twitter.com/drb_ra/status/1484653831032037377

193.111.31.31:443

# Reference: https://twitter.com/drb_ra/status/1484653609384038403

service-j3calq95-1251666391.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1484653738275086339
# Reference: https://twitter.com/drb_ra/status/1484653869326032898

31.7.62.16:8080
klivlendtaxi.com
profile.klivlendtaxi.com

# Reference: https://twitter.com/drb_ra/status/1484653794294210560

lltxfj.tk
kk.lltxfj.tk

# Reference: https://twitter.com/drb_ra/status/1484653762178338822

whoamise.xyz
cs.whoamise.xyz

# Reference: https://twitter.com/drb_ra/status/1484653950481674244

newsweatherspot.com
update.newsweatherspot.com

# Reference: https://twitter.com/drb_ra/status/1484808773013327872

31.7.62.16:8443

# Reference: https://twitter.com/drb_ra/status/1484808870157590528

service-1bz5p6pn-1308954353.kr.apigw.tencentcs.com

# Reference: https://twitter.com/malwrhunterteam/status/1484675862599507974

owensboro08.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1484834102876516352

fiash.co
cdn.fiash.co

# Reference: https://twitter.com/drb_ra/status/1484834189912559620

1.15.179.81:8443

# Reference: https://twitter.com/malwrhunterteam/status/1484887119206170627
# Reference: https://www.virustotal.com/gui/file/684fb8de52b97a92c26b2679773141baf1eae5e2d03879e83be316cc8512c44e/detection

47.100.72.191:55555

# Reference: https://www.virustotal.com/gui/file/41b4939439a355c053397a6feb505e50bf962534891e1042d38d69c54fa1bf74/detection

124.223.35.157:5555

# Reference: https://www.virustotal.com/gui/file/14ef9e56f567a6fc17dcebf87c338a766c0b85293d59dbf17d01ae088fed0bcf/detection

124.223.35.157:6666

# Reference: https://www.virustotal.com/gui/file/8b10082ca316ffcd3c31dad4d1ec37df40c302aecebfa1b6cb353c145a432b76/detection

124.223.35.157:1666

# Reference: https://twitter.com/drb_ra/status/1484925327386230791

121.4.59.117:23345
dqdqd.xyz

# Reference: https://twitter.com/drb_ra/status/1484925402875568131

106.75.231.15:443

# Reference: https://twitter.com/drb_ra/status/1484925353713877006

http://106.75.231.15

# Reference: https://twitter.com/drb_ra/status/1484925278350716935

http://110.42.240.206

# Reference: https://twitter.com/drb_ra/status/1485015750515601411

124.223.93.28:443

# Reference: https://twitter.com/drb_ra/status/1485015658937167875

http://154.202.59.95

# Reference: https://twitter.com/drb_ra/status/1485016138539048961

5.188.230.52:7985

# Reference: https://twitter.com/drb_ra/status/1485015996985450499

193.201.9.197:443

# Reference: https://twitter.com/drb_ra/status/1485015694529994761

34.92.159.145:7878

# Reference: https://twitter.com/drb_ra/status/1485015789476499456

178.128.62.80:19090

# Reference: https://twitter.com/drb_ra/status/1485015552108204032

108.160.132.252:443

# Reference: https://twitter.com/drb_ra/status/1485016177684500489
# Reference: https://twitter.com/drb_ra/status/1485016178904817665

d1lne9z2al5lr6.cloudfront.net
d34mg5xyp5vk0p.cloudfront.net
d3ka3m3tprabce.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1485015894875164672

152.89.247.135:443

# Reference: https://twitter.com/drb_ra/status/1485015620529836032

http://108.128.237.156
http://3.68.42.237

# Reference: https://twitter.com/drb_ra/status/1485015588787429379

20.123.207.206:443

# Reference: https://twitter.com/drb_ra/status/1485016117517197313

5.154.181.48:8043

# Reference: https://www.virustotal.com/gui/file/fc4b842b4f6a87df3292e8634eefc935657edf78021b79f9763548c74a4d62b8/detection

catalantech.com

# Reference: https://twitter.com/drb_ra/status/1485039648946757635

http://20.107.71.89

# Reference: https://twitter.com/drb_ra/status/1485196341689163777

81.70.8.13:443

# Reference: https://twitter.com/drb_ra/status/1485196426745421826

http://45.67.230.197

# Reference: https://twitter.com/drb_ra/status/1485196472102629377

service-cpwcebwk-1253744829.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1485196536036446211

101.201.48.125:2086
ocdscc.tk
google.ocdscc.tk

# Reference: https://twitter.com/drb_ra/status/1485287919627784193

45.124.112.142:8080
cs.zsqiji.com

# Reference: https://twitter.com/drb_ra/status/1485378332330008581

172.245.79.146:8443

# Reference: https://twitter.com/drb_ra/status/1485378328475406342
# Reference: https://www.virustotal.com/gui/domain/lastcat.co.uk/relations

lastcat.co.uk
lion.lastcat.co.uk
tiger.lastcat.co.uk

# Reference: https://twitter.com/drb_ra/status/1485378203225141249

http://13.40.172.95

# Reference: https://twitter.com/drb_ra/status/1485378443395182592

150.109.19.136:2082

# Reference: https://twitter.com/drb_ra/status/1485378415666544640

2.56.57.126:443

# Reference: https://twitter.com/drb_ra/status/1485378261135896581

13.40.172.95:443

# Reference: https://twitter.com/drb_ra/status/1485378368078024704

http://185.250.148.43

# Reference: https://twitter.com/drb_ra/status/1485377951755649027

178.128.62.80:20202

# Reference: https://twitter.com/drb_ra/status/1485378087856529418

sencye.net
sen.sencye.net

# Reference: https://twitter.com/drb_ra/status/1485378290722476034

45.136.245.221:443

# Reference: https://twitter.com/drb_ra/status/1485378161097560073

hostnamefffew.ddns.net

# Reference: https://twitter.com/drb_ra/status/1485377982353055757

94.74.110.209:81

# Reference: https://twitter.com/drb_ra/status/1485378051932409857

16.163.102.217:83

# Reference: https://twitter.com/drb_ra/status/1485377930855333888

80.85.156.167:8088

# Reference: https://twitter.com/drb_ra/status/1485378012405194765

nquy.xyz

# Reference: https://twitter.com/drb_ra/status/1485559437024972802

118.194.233.133:81

# Reference: https://twitter.com/drb_ra/status/1485559536022962177

http://59.110.238.182

# Reference: https://twitter.com/drb_ra/status/1485559648346427394

1.116.123.104:8443
0h1ry.tk
test.0h1ry.tk

# Reference: https://www.virustotal.com/gui/file/146cb85c6dd177002ece2e7e0e3216434cf1417abc37f2d77b1fa9020e632948/detection

47.98.20.20:3344

# Reference: https://www.virustotal.com/gui/file/b979a3cee7544f9f9782ed6162fde6b47f228711d7e55417149e915f9145884b/detection

47.98.20.20:5544

# Reference: https://twitter.com/drb_ra/status/1485559655732555781
# Reference: https://www.virustotal.com/gui/file/af1872393e73b6f15c4e4afa023aef7c2c0be34e84f203ca144bd2c33aa2a571/detection

47.98.20.20:8080

# Reference: https://www.virustotal.com/gui/file/828168a7fc9c223d542756f7cb5ea74ce8374212e311c98144dcc923954dbd3b/detection

ez-simple.fun

# Reference: https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/

cloudfiare.workers.dev
facebookint.workers.dev
cdn.cloudfiare.workers.dev
update.facebookint.workers.dev

# Reference: https://twitter.com/drb_ra/status/1485714665111969793

64.225.71.197:443

# Reference: https://twitter.com/drb_ra/status/1485895887708737537

165.227.237.109:8080

# Reference: https://twitter.com/HeMan44623053/status/1485563221679525888

nartybarma.com

# Reference: https://twitter.com/HeMan44623053/status/1485575369101090824

democratyzi.com

# Reference: https://twitter.com/HeMan44623053/status/1485898095623917570

vartibat.com

# Reference: https://twitter.com/drb_ra/status/1485946001361936388

23.254.227.239:8080

# Reference https://www.virustotal.com/gui/file/f8194947cf2273348cfc1a647707e05e71d9e00e36c91174b58d5c0fb4a46f3c/detection

121.5.243.162:82

# Reference: https://www.virustotal.com/gui/file/ee553a7d57b75b93f3d053e9752dc4a27eb2c2aab07720e66508082b02b91832/detection

121.5.243.162:443

# Reference: https://www.virustotal.com/gui/file/5eb1fccfbdd58a34f03c9f4fa6a66ff06eb173a093d2539b5e1c46a103c031d8/detection

121.5.243.162:4455

# Reference: https://twitter.com/malwrhunterteam/status/1486080340380864516
# Reference: https://www.virustotal.com/gui/file/58a43c7179111304e80b154081ac3f3ea12c54a9bf48c32aaa7883be20fa4c26/detection

http://13.107.4.52

# Reference: https://twitter.com/Max_Mal_/status/1485984545623134213

repigeleli.com

# Reference: https://www.virustotal.com/gui/file/959a3e69fc44681df321b6e662ae565e19aa4021374faae65276a08ea5064cb5/detection

165.227.237.109:8080

# Reference: https://www.virustotal.com/gui/file/83d86f0b8e54e89ec070ecb0c88995bd07566a35fe5dc3d153354c327c33bb81/detection

165.227.237.109:6293

# Reference: https://www.virustotal.com/gui/file/64d35c664145728a7aa0c1789f81856efdfbae6553ec81b8ae5b4205d243b8e1/detection

165.227.237.109:51293

# Reference: https://www.virustotal.com/gui/file/ba7b554fb20dc6625e3372dd026ed084e18b4119be9b9ac81d211501349c793c/detection

119.29.195.21:8888

# Reference: https://www.virustotal.com/gui/file/c4ea5f92255ff5476803564a9ab6b6b58df8cb6a52b9dff208d014ad59c7e362/detection

119.29.195.21:1234

# Reference: https://twitter.com/drb_ra/status/1486103732383371269

192.227.155.185:8081
micrsoft.shop

# Reference: https://twitter.com/drb_ra/status/1486103889468395524

http://143.198.142.216

# Reference: https://twitter.com/drb_ra/status/1486103824196636675

mmicrosoft.top
auth.mmicrosoft.top

# Reference: https://twitter.com/drb_ra/status/1486103791476908041

ap-southeast-1.prod.pr.analytics.amazon.com.amazonaws.la

# Reference: https://twitter.com/drb_ra/status/1486103915435380739

159.223.179.146:443

# Reference: https://twitter.com/drb_ra/status/1486103676875911180

78.141.197.190:8081

# Reference: https://twitter.com/drb_ra/status/1486103703899848712

192.227.223.78:443

# Reference: https://twitter.com/drb_ra/status/1486103866286477312

http://192.227.223.78

# Reference: https://twitter.com/drb_ra/status/1486103848515162114

54.254.83.217:5000

# Reference: https://twitter.com/drb_ra/status/1486103753799475206

47.243.169.195:1000

# Reference: https://twitter.com/drb_ra/status/1486103978362421250

d3hqu4u75i5ga2.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1486103942283116544

35.232.255.231:8082

# Reference: https://twitter.com/drb_ra/status/1486104047799214085

http://51.255.175.96

# Reference: https://twitter.com/drb_ra/status/1486104083723427842

47.243.230.91:8888

# Reference: https://twitter.com/drb_ra/status/1486258254560780288

cloudwebpictures.com
creative.cloudwebpictures.com
feature.cloudwebpictures.com
online.cloudwebpictures.com

# Reference: https://twitter.com/drb_ra/status/1486258349318586373

d2vcmitbj8sjr6.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1486128823586410498

d33ruhlqob65qh.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1486128066430738433

147.182.170.15:9090

# Reference: https://twitter.com/drb_ra/status/1486127968103673861

98.103.103.171:4443

# Reference: https://twitter.com/drb_ra/status/1486348925917446151

http://84.32.188.118
http://84.32.188.124

# Reference: https://twitter.com/drb_ra/status/1486348930782748685

38.64.92.47:8880
baibu.gq
test.baibu.gq

# Reference: https://twitter.com/drb_ra/status/1486103651064156165

baidul.fun

# Reference: https://twitter.com/drb_ra/status/1486439522808303622

jio.vip

# Reference: https://www.virustotal.com/gui/file/98c5f33164812559e8fd741c433e2ad186970a16b43c85a5c9b8aa304142aa96/detection
# Reference: https://www.virustotal.com/gui/file/6d9a7ceb6cc3f0a93d4ad1a4df33b072c91173acd346f1f60b81404a46d99ee6/detection

101.200.39.141:20210

# Reference: https://www.virustotal.com/gui/file/877f218dafe0aba8c12de2c1ddeec2adf34c2e0909224cdb91627cdafc1f71c3/detection

101.200.39.141:9999

# Reference: https://twitter.com/drb_ra/status/1486465371079159811

45.113.1.25:8989

# Reference: https://twitter.com/drb_ra/status/1486465277428654083

62.96.244.82:8000

# Reference: https://twitter.com/drb_ra/status/1486465390821744640

http://120.25.102.250

# Reference: https://twitter.com/drb_ra/status/1486465274232688644

39.103.129.63:8888

# Reference: https://twitter.com/drb_ra/status/1486465147195568131

194.147.84.178:2096
flashd.org

# Reference: https://twitter.com/drb_ra/status/1486465208868560905

http://144.168.61.189

# Reference: https://twitter.com/drb_ra/status/1486465412476907526

http://43.154.155.49

# Reference: https://twitter.com/drb_ra/status/1486465490117705734

101.32.15.46:8005

# Reference: https://twitter.com/drb_ra/status/1486465351332376586

139.155.81.10:8443

# Reference: https://twitter.com/drb_ra/status/1486465331027709959

185.216.119.91:8089

# Reference: https://twitter.com/drb_ra/status/1486465187200872455

47.241.179.89:9000

# Reference: https://twitter.com/drb_ra/status/1486465543053918209

d1xdcn6wgo3x0o.cloudfront.net
d3dq5rvyix59g9.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1486465541900574722

df7zyfuw3i1kq.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1486465540830941186

d320uuykcfc27n.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1486465509335969794

service-4qwii674-1304130778.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1486465468819034113

143.198.175.0:8443

# Reference: https://twitter.com/drb_ra/status/1486465440348086274

hotbunniesnft.art

# Reference: https://twitter.com/drb_ra/status/1486465307942207488

edgemikrosoft.com

# Reference: https://twitter.com/drb_ra/status/1486465712755740672

http://5.199.162.10

# Reference: https://twitter.com/drb_ra/status/1486465763951222786

d39900kle1tsnc.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1486465856536297472

withinsurance.com

# Reference: https://twitter.com/drb_ra/status/1486465735652261889

http://158.247.193.17

# Reference: https://twitter.com/drb_ra/status/1486465799070097411

http://92.255.85.84

# Reference: https://twitter.com/drb_ra/status/1486465887628673024

217.182.69.86:443

# Reference: https://twitter.com/Max_Mal_/status/1486472598011662336

hilaxeten.com
woneyomi.com

# Reference: https://twitter.com/drb_ra/status/1486620677738315780

http://159.89.121.24

# Reference: https://twitter.com/drb_ra/status/1486646493595549699

43.134.180.153:443

# Reference: https://twitter.com/drb_ra/status/1486646358773833729

http://93.100.179.9

# Reference: https://twitter.com/drb_ra/status/1486646373567111170

http://81.71.165.56

# Reference: https://twitter.com/malwrhunterteam/status/1486678911681548291
# Reference: https://www.virustotal.com/gui/file/e5312dca760b6988667b5945bf0dd8cc5bf626ca6a994f2607a41673e32f7caf/detection

http://103.214.146.175
flash-cn.gq

# Reference: https://twitter.com/drb_ra/status/1486801877031395331

iamhealthytoday.com

# Reference: https://twitter.com/drb_ra/status/1486801826381012992

u6x4i3m3.stackpathcdn.com

# Reference: https://www.virustotal.com/gui/file/d2100eaab7cbe08d1c37ba4ec35f606b09e9d6cfe64833c9f5f72f651209bf3f/detection

106.55.199.4:12321

# Reference: https://www.virustotal.com/gui/file/8e1f6d8f99c8760e76e94cea72c2923ff73820752bf5a4bbb8aba854d1f7bc71/detection

82.157.64.237:8866

# Reference: https://twitter.com/drb_ra/status/1487073608539250689

bartiba.com

# Reference: https://www.virustotal.com/gui/file/c04c01f703ab7b4b78c342f68fea200d0d6d531ab6ef8aa9f6310f2df0cabb84/detection

42.193.51.133:8080

# Reference: https://www.virustotal.com/gui/file/b52f6055c0cda21fa44707f7fc4caa82fb61aa4f90bd73db4c0b5a8b2117c0f7/detection

http://42.193.51.133

# Reference: https://www.virustotal.com/gui/file/eb63636c046a7cf847deeea04dca56dc422a17208a4f3a3948774224096bd0fc/detection

192.198.86.130:443
sazoya.com

# Reference: https://twitter.com/drb_ra/status/1487164208844361728

81.17.16.106:17443
trialyoutube.site

# Reference: https://twitter.com/drb_ra/status/1487189941020934144

96.43.83.164:447

# Reference: https://twitter.com/drb_ra/status/1487189971215831040

http://198.12.65.91

# Reference: https://twitter.com/drb_ra/status/1487190066774650880

140.238.39.222:9988

# Reference: https://twitter.com/drb_ra/status/1487190149431709702
# Reference: https://www.virustotal.com/gui/file/9ef31e24347a65f9265d08b4784e7d3efbb40fc5f46d23777030b745f849fe35/detection

apply.car-finance-credit.com

# Reference: https://twitter.com/drb_ra/status/1487190160114688004

43.132.204.230:8443
twlhcgw.com
cs.twlhcgw.com

# Reference: https://twitter.com/drb_ra/status/1487190215710158848

94.102.49.102:8443
killahbeeaz.com

# Reference: https://twitter.com/drb_ra/status/1487190240943034369

54.86.200.191:8081

# Reference: https://twitter.com/drb_ra/status/1487190274770145284

104.244.92.77:81

# Reference: https://twitter.com/drb_ra/status/1487190311642218496

193.178.172.127:18888

# Reference: https://twitter.com/drb_ra/status/1487190350766739463

107.150.127.25:8080

# Reference: https://twitter.com/drb_ra/status/1487190389736067072

arbaniy.com

# Reference: https://twitter.com/drb_ra/status/1487190434828980224

nsfdfdfdf.xyz

# Reference: https://twitter.com/drb_ra/status/1487190511836405768

54.86.200.191:4433

# Reference: https://twitter.com/drb_ra/status/1487190664274132993

139.162.66.19:8889

# Reference: https://twitter.com/drb_ra/status/1487190694322216963
# Reference: https://www.virustotal.com/gui/ip-address/64.227.5.45/relations

cinciservices.com
marconetworking.com
dev.cinciservices.com
vpn.cinciservices.com
vpn.marconetworking.com

# Reference: https://twitter.com/drb_ra/status/1487190722080038918

141.164.56.139:8080

# Reference: https://twitter.com/drb_ra/status/1487190754980204546

service-9w2jqesu-1258891987.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1487345383894360068

lzzswlvqlinshiyou1xiangnet.tk

# Reference: https://www.virustotal.com/gui/file/bd826b73878e6f1f167924ba9d0af2c957521c878bd032088225b498e4d51148/detection
# Reference: https://www.virustotal.com/gui/file/63a3d2e9a08d7b5492792941ac15e8831f6232499cd66d62dbe42dc23df3b738/detection
# Reference: https://www.virustotal.com/gui/file/6220cbc388a124f0c8bea529baaa7674d4aef0feb627c8b571c975e0393e8138/detection

144.76.219.54:1230
144.76.219.54:3000

# Reference: https://twitter.com/drb_ra/status/1487371658776260609

129.226.38.136:8080

# Reference: https://twitter.com/drb_ra/status/1487371683161722880

110.42.226.28:8443

# Reference: https://twitter.com/drb_ra/status/1487371705274318849

45.135.232.120:4223

# Reference: https://twitter.com/drb_ra/status/1487371759234031616

146.70.87.230:443

# Reference: https://twitter.com/drb_ra/status/1487371796752044034

http://164.90.225.77

# Reference: https://twitter.com/drb_ra/status/1487371829362802688

103.223.122.13:8443

# Reference: https://twitter.com/drb_ra/status/1487371851189919749

101.34.148.38:8008

# Reference: https://twitter.com/drb_ra/status/1487371874568916992

http://39.105.156.114

# Reference: https://twitter.com/drb_ra/status/1487371901248978950

101.201.48.125:8443

# Reference: https://twitter.com/drb_ra/status/1487371924107841540

175.24.227.223:443

# Reference: https://twitter.com/drb_ra/status/1487371955779080192

driverpackcdn.com

# Reference: https://twitter.com/drb_ra/status/1487371980911357952

114.132.233.117:8888

# Reference: https://twitter.com/drb_ra/status/1487372005628387329

http://61.160.213.4

# Reference: https://twitter.com/drb_ra/status/1487372056253587458

156.255.3.146:8000

# Reference: https://twitter.com/drb_ra/status/1487391186339999746

germanzup.com

# Reference: https://twitter.com/drb_ra/status/1487391214034989059

zhanzhibox.com

# Reference: https://twitter.com/malwrhunterteam/status/1487544198114992131
# Reference: https://www.virustotal.com/gui/file/6192cb42b22d5ba056a2b9b2c595bd647ac200e8c52a9e235b4d36ff096f0154/detection

http://39.107.31.149

# Reference: https://www.virustotal.com/gui/file/5cd7dfb1976ed11feb5970e48e7e7685dc5e7344960c5b05554ccdfa635e5323/detection

39.107.31.149:82

# Reference: https://www.virustotal.com/gui/file/26c38ca555ff7fa489b2da24efe5aa1eb04c091b3dfe2d8eb5282a46cc733d9f/detection

39.107.31.149:9001

# Reference: https://twitter.com/malwrhunterteam/status/1487548480931442690
# Reference: https://www.virustotal.com/gui/file/ba11b64a3cc0cca6d906b1b73db3fb28ef3453eb46b8941ef394223d3dcacb9c/detection

http://41.87.209.64

# Reference: https://www.virustotal.com/gui/file/cd144ffa68a8a88cf9a535b86381b8b2ee73f48872e7fdbd968fa8ec1760297a/detection

41.87.209.64:8080

# Reference: https://twitter.com/drb_ra/status/1487553956595351560

101.32.15.46:8009

# Reference: https://twitter.com/drb_ra/status/1487553977436839940

phoenix.intrinsec.com

# Reference: https://twitter.com/drb_ra/status/1487554010383015936

http://92.255.85.93

# Reference: https://twitter.com/drb_ra/status/1487554041248981003

149.28.122.36:14423

# Reference: https://twitter.com/drb_ra/status/1487554069493391361

81.68.252.57:443

# Reference: https://twitter.com/drb_ra/status/1487554119132979200

104.168.44.156:443

# Reference: https://twitter.com/drb_ra/status/1487554176993398786

192.252.180.68:8081

# Reference: https://twitter.com/drb_ra/status/1487554203698479109

185.45.193.110:8080
quzoo7p7.xyz

# Reference: https://twitter.com/drb_ra/status/1487554285793595400

16.170.112.74:8017

# Reference: https://twitter.com/drb_ra/status/1487554343586906113

92.255.85.234:7443

# Reference: https://www.virustotal.com/gui/file/6f5b1122fdc3ff048469343c4349f300b022b44f176219ce5354bc66c6bd2138/detection

92.255.85.234:1988

# Reference: https://twitter.com/drb_ra/status/1487554363174404106

197.26.77.130:443
/zOMGAPT

# Reference: https://www.virustotal.com/gui/file/f288ed4655bdc93901e7da455caecf2519e7e1491d5c1787158d5f493faf3a28/detection

106.54.64.46:8080

# Reference: https://www.virustotal.com/gui/file/d94012f97e1897910d0a44b3e9a3ae7e97a5f5a47ca01cd0b8a6c23770818c92/detection

106.54.64.46:8000

# Reference: https://www.virustotal.com/gui/file/234c0395febdca4394e1736320dfa863acc610df800ac9863c1ef4d7a4ad37a4/detection

http://106.54.64.46

# Reference: https://twitter.com/drb_ra/status/1487735672261730312

114.55.208.246:8443

# Reference: https://twitter.com/drb_ra/status/1487735697281019906

45.135.232.120:4343

# Reference: https://twitter.com/TheDFIRReport/status/1487441046627921932

healthandhumanservicesdepartment.com

# Reference: https://twitter.com/drb_ra/status/1487825898191609856

150.158.186.39:443

# Reference: https://twitter.com/drb_ra/status/1487825946048700430
# Reference: https://twitter.com/drb_ra/status/1487825998905319427

http://207.148.112.16
207.148.112.16:443

# Reference: https://twitter.com/drb_ra/status/1487826198076002304

192.144.214.219:8080

# Reference: https://twitter.com/pmelson/status/1487860346819854339

http://198.199.64.247
198.199.64.247:443
newslivegov.com

# Reference: https://twitter.com/drb_ra/status/1488070147285962753

dmvpv86xc2.azurewebsites.net

# Reference: https://twitter.com/drb_ra/status/1488098336599068675

http://117.50.163.248

# Reference: https://twitter.com/drb_ra/status/1488098323273850890

120.79.165.94:443

# Reference: https://twitter.com/malwrhunterteam/status/1488122303716151301
# Reference: https://twitter.com/malwrhunterteam/status/1488122631262027790
# Reference: https://www.virustotal.com/gui/ip-address/5.161.70.106/relations
# Reference: https://www.virustotal.com/gui/file/f778a4258d50a74200df1668b8d2de73523fac4cfb47f8c628c51fcdc5b126f0/detection

adafel.info
baklin.info
cikman.info
cosate.info
coslap.info
chrome.update.adafel.info
critical.chrome.update.adafel.info
critical.edge.update.adafel.info
critical.update.adafel.info
edge.update.adafel.info
microsoft.critical.chrome.update.adafel.info
microsoft.critical.edge.update.adafel.info
microsoft.critical.update.adafel.info
update.adafel.info

# Reference: https://twitter.com/drb_ra/status/1488160811730325511

sbronm.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-27-IOCs-for-Contact-Forms-IcedID-with-Cobalt-Strike.txt

149.255.35.174:787

# Reference: https://twitter.com/drb_ra/status/1488189203938779143

1.15.232.71:40011

# Reference: https://twitter.com/1ZRR4H/status/1488330974530310147

syncdataservices.com

# Reference: https://twitter.com/Max_Mal_/status/1488298572311322628

doxatuten.com

# Reference: https://twitter.com/drb_ra/status/1488475590118289410

http://8.130.24.136

# Reference: https://twitter.com/stoerchl/status/1488518267677335553

bonyasom.com
bornometa.com
gookju.com
grizmit.com
motyol.com
vedingumbr.com

# Reference: https://www.virustotal.com/gui/file/07510bd40b0b57937d9406f8ce021066d07b0c8609435e0c13a3a213524860b5/detection

http://104.194.243.238
microsoftdownloadstore.com

# Reference: https://twitter.com/malwrhunterteam/status/1488595462475206656
# Reference: https://www.virustotal.com/gui/file/042d29aea3c59485bb2dbf8c16aea60c15d6f9be0df667d1b692634cfcf9ceae/detection

http://5.199.162.10
edgemikrosoft.com

# Reference: https://twitter.com/Max_Mal_/status/1488269566312476672

rowomuhona.com

# Reference: https://twitter.com/drb_ra/status/1488251457669414918

42.193.251.241:88

# Reference: https://twitter.com/drb_ra/status/1488251396650582021

47.97.36.209:4444

# Reference: https://twitter.com/h2jazi/status/1488248037705199617
# Reference: https://www.virustotal.com/gui/ip-address/104.210.63.208/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.255.154.155/relations
# Reference: https://www.virustotal.com/gui/file/a210787ffd0a6a918cd8c950ce6b5af178902b2e5a49799e0a17d8b25200ca6f/detection

azuretraining.careers
backtoworksurveys.com
cloud-notification.com
compliance-policies.com
health-checkin.com
hr-notification.net
hrdisclosure.com
lapromotionalservices.com
life-surveys.com
lnlegalservices.com
malwarealerts.net
n1-notification.com
nextgencpe.com
nextuprecruiting.com
spoofpoint.net
survey-notification.com

# Reference: https://www.malware-traffic-analysis.net/2022/02/01/index.html

http://198.74.126.107
198.74.126.107:443
dodro7.ru

# Reference: https://twitter.com/drb_ra/status/1488907399545171972

195.123.240.98:443

# Reference: https://twitter.com/drb_ra/status/1488823606184488961

121.5.3.143:443

# Reference: https://twitter.com/drb_ra/status/1488823527675473922

http://22.51.16.84

# Reference: https://twitter.com/malwrhunterteam/status/1489240491908644876
# Reference: https://www.virustotal.com/gui/file/9a7f1ca573e27066a014e2fbc240b20cab74af4afde64fb0071a4d38838b7872/detection

vers778ve29.com

# Reference: https://twitter.com/drb_ra/status/1489247753150427143

pingcheker.com

# Reference: https://twitter.com/drb_ra/status/1489247692081537027

http://102.130.115.36

# Reference: https://twitter.com/drb_ra/status/1489247712226816003

cookieholder.com

# Reference: https://twitter.com/HeMan44623053/status/1489251916383068172

dorvolt.com

# Reference: https://twitter.com/drb_ra/status/1489294440665698312

155.138.241.129:8080

# Reference: https://twitter.com/drb_ra/status/1489338517171933184

155.138.241.129:1
client.96html.com
cloud.96html.com
support.96html.com

# Reference: https://twitter.com/drb_ra/status/1489338594821083140

http://5.61.37.48
5.61.37.48:443

# Reference: https://twitter.com/malwrhunterteam/status/1489342534216265730
# Reference: https://www.virustotal.com/gui/file/c6323289f4438d34134273d814df05ddd194d5a52f78fc7c136efce797c8820d/detection

chjyarwg3rt2245knfabeuda7kkvku26kuqabdepk3bc44bd4yz5mrqd.onion.ws

# Reference: https://twitter.com/malwrhunterteam/status/1489514039998877700
# Reference: https://www.virustotal.com/gui/file/b4297174e47d9ed2808524165bb5c09d0cb85e342db72b955edd4d5a0c490f9e/detection
# Reference: https://www.virustotal.com/gui/file/869bff03d70693a10e63fc192311edc3740aa87ebe25adbe45518f4819b347ec/detection
# Reference: https://www.virustotal.com/gui/file/50ccb1b00bdd8fc3d8957bdf718c17887ed3cd59dfbeb247193a33041cf6e03b/detection

81.70.133.211:8080

# Reference: https://twitter.com/drb_ra/status/1489519863823572993

139.196.110.126:6666

# Reference: https://twitter.com/drb_ra/status/1489549726093651971

162.14.77.99:8888

# Reference: https://twitter.com/Max_Mal_/status/1489712402291728385

vegumihomo.com
yalileza.com

# Reference: https://twitter.com/drb_ra/status/1489910971082719233

http://42.192.119.170

# Reference: https://twitter.com/drb_ra/status/1489911039051317248

http://47.98.242.152

# Reference: https://www.virustotal.com/gui/file/e49e6d382e3164570622bdc89195e9048e12008147e90c294240156d88a622e8/detection
# Reference: https://www.virustotal.com/gui/file/4e1d9f22d13b30a62a9f2a9c786f2a8294df1075cea8299ad4ed7f757a96919e/detection

http://124.223.118.170

# Reference: https://www.virustotal.com/gui/file/f16ed376f38fe2086ef6256f3e24547c61a1e5aeab1419b3c65033a626a3e695/detection
# Reference: https://www.virustotal.com/gui/file/9eafc5146b3f8b77161b7f9cedabd87d617eb1ef983e4c963e7819d546ef9919/detection
# Reference: https://www.virustotal.com/gui/file/66566d5b7c4ea3d9a36a0ac8073f482a15c3899ca9d7dd98ba3635530f680ca8/detection

1.117.225.19:8088

# Reference: https://www.virustotal.com/gui/file/fcc35a2a552d8e47748d5d74fc99edea2c74c2cff85ce677bb380ee2bcefbde5/detection
# Reference: https://www.virustotal.com/gui/file/4069324cd62236709878cc526c70fa39a3d0a4fd8129f0a9ee83a2d40f7930dd/detection
# Reference: https://www.virustotal.com/gui/file/28b6f0ed1f267072991bfda856ec3531584305d4fe999e025e3d5e5a176c2b5d/detection
# Reference: https://www.virustotal.com/gui/file/1a904eee1bcd5d0d59fe31bcf75fa8dfa60ed4c5b11b330b30684df6dab18813/detection

120.48.15.212:60101

# Reference: https://www.virustotal.com/gui/file/718c3a256d6d869a317c3d8c6d620224748eff495d1cc677553c9c41206014a2/detection
# Reference: https://www.virustotal.com/gui/file/4f5af97a0f5ae815a2ed2cc34ff89b71044d057bf95ef2055bed4a2a4591ce3e/detection

akamai-odsp-cdn.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1490091365820215300

http://122.228.0.169
http://123.184.36.27
http://14.215.166.155
http://150.138.190.106
18.166.66.111:8080
zhyzt.cn
cs1.zhyzt.cn

# Reference: https://twitter.com/drb_ra/status/1490091731894812679

python-upt.org

# Reference: https://twitter.com/drb_ra/status/1490091615435857920

101.43.128.141:8443

# Reference: https://twitter.com/drb_ra/status/1490091769371017216
# Reference: https://www.virustotal.com/gui/file/570c3c298c2d30bfd7d824b0ec8e28b3efa51bf269297348fc5fc30cb81a2d7e/detection

http://143.198.99.57
143.198.99.57:443
microsoftonlineupdates.com

# Reference: https://twitter.com/drb_ra/status/1490091549702635530

service-qouy1ite-1309097015.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1490091664614080521

http://42.192.7.203

# Reference: https://twitter.com/drb_ra/status/1490091704891887620

merck-med.com
cdn.merck-med.com

# Reference: https://twitter.com/drb_ra/status/1490091461748174853

duyv9zmlbkt7c.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1490091514315386885

ipaysites.com

# Reference: https://twitter.com/drb_ra/status/1490273252198989827
# Reference: https://www.virustotal.com/gui/ip-address/114.132.197.186/relations

114.132.197.186:443
xn--sngfor-ita.com

# Reference: https://twitter.com/drb_ra/status/1490273296998350855
# Reference: https://twitter.com/drb_ra/status/1490273322222997504

1.117.225.19:443
http://1.117.225.19

# Reference: https://twitter.com/drb_ra/status/1490697536591613952

d2x9vapu6590s0.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1490697617575235587

service-cqxivkek-1302011223.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1490697656171175943
# Reference: https://www.virustotal.com/gui/file/801829721c28eebade3af83b7ed0adc0df9da194c981ebf86389fd2ac67b197d/detection

hjdk.vip

# Reference: https://twitter.com/drb_ra/status/1490697694230327300
# Reference: https://www.virustotal.com/gui/ip-address/176.97.65.226/relations

176.97.65.226:443

# Reference: https://twitter.com/fr0s7_/status/1490728614689652737
# Reference: https://www.virustotal.com/gui/ip-address/66.42.86.109/detection

66.42.86.109:443
windefender-cloud.com

# Reference: https://www.virustotal.com/gui/file/672ba00578f4cf5660ab5a12786bab58585840b29620f200b711c4e3ba959fca/detection

94.158.244.27:443
/viwwwsogou

# Reference: https://twitter.com/drb_ra/status/1490999133032878080
# Reference: https://www.virustotal.com/gui/ip-address/31.223.18.152/relations
# Reference: https://www.virustotal.com/gui/file/6b9d3c0f8c5c96f2fb6546383d7a020de0b61748bd53172f8f65b3a472d85051/detection

http://31.223.18.152
continum.dynu.net
omnibelts.accesscam.org
sandisksrvs.gleeze.com

# Reference: https://twitter.com/drb_ra/status/1490999151613526018

securepdf.workers.dev
sign.securepdf.workers.dev

# Reference: https://twitter.com/drb_ra/status/1490999230009417728

http://217.79.243.148
bluetechsupply.com

# Reference: https://isc.sans.edu/diary/28318

foxofeli.com

# Reference: https://twitter.com/drb_ra/status/1491150543716294668
# Reference: https://www.virustotal.com/gui/file/98747b2727e8dcdb698dbd5e5a72bc1cf9869ea84cf57881afde11bd51a6d262/detection

23.224.70.230:4433
hellomrsone.com
fish.hellomrsone.com

# Reference: https://twitter.com/drb_ra/status/1491150696481234944

114.55.36.76:443

# Reference: https://twitter.com/drb_ra/status/1491150768564490249

64.227.5.45:8443
cubic-transportation.com
dev.cubic-transportation.com
mail.cubic-transportation.com
vpn.cubic-transportation.com

# Reference: https://twitter.com/drb_ra/status/1491150656551493635

103.161.39.224:5454

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-02-07-IOCs-for-BazarLoader-with-Cobalt-Strike.txt

zoroxeku.com

# Reference: https://www.virustotal.com/gui/file/f1a7f447a5f743a76d9ff2643f16b5161991999d9940ac923a2ed2cc3aac2b10/detection

152.32.167.93:443

# Reference: https://www.virustotal.com/gui/file/abe367b73eab6b670aa3a7740026a9872e7cf5b19d6b39da0106f9a453484961/detection

windows-update.ru
az-01302.windows-update.ru
az-05172.windows-update.ru

# Reference: https://twitter.com/malwrhunterteam/status/1491742434451197958
# Reference: https://www.virustotal.com/gui/file/d8ac1e88d482a678c86267dd7d510334bb58c6ed29e3ceb697e2ac2c65d3c914/detection

165.227.31.192:22894

# Reference: https://www.virustotal.com/gui/file/25b10e128734e2a630021452125187b1edee9564acc3cfaeae411a3d299a492f/detection

142.251.33.206:22894

# Reference: https://twitter.com/malwrhunterteam/status/1491751046867304452
# Reference: https://twitter.com/JAMESWT_MHT/status/1491772888210366470
# Reference: https://tria.ge/220210-q3jbnaghe2
# Reference: https://www.virustotal.com/gui/file/78102fea526965cba6d040994d64370115dbfcb697cff1e19bb34bd94c1e9b5e/detection

d1mdflz12t12gs.cloudfront.net
d1rfequ2jtua4r.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/a00cbc8a08385fa77b5081e2438fd125c5627dabe990c5822dd28152f691e8b3/detection

cdnstaticjs.com
proxy1.cdnstaticjs.com

# Reference: https://twitter.com/drb_ra/status/1491782592072278028

107.150.7.145:443

# Reference: https://www.virustotal.com/gui/file/b73d18ad43f903103cf9e64b414a2df210950cf1a7e68deba168d480a4b8d4ef/detection

47.108.150.225:6523

# Reference: https://www.virustotal.com/gui/file/b7ec13a9ccebb011ea98f9ce301a8e4574854e3f90002829a80e482544bf0f86/detection

109.236.87.241:79

# Reference: https://www.virustotal.com/gui/file/0300e377a9e8f364d40de3bf380853bb2b38eefe448e6dabbd8897ccea12a557/detection

61.151.164.141:443

# Reference: https://www.virustotal.com/gui/file/1911542b5c05e6f5df1f24d779a671eaebe9e2d351843e37e870a761a994c07a/detection

54.170.208.161:443

# Reference: https://www.virustotal.com/gui/file/ea9c3edf7045a861db55a3e6f883180e866ded6124c08b7bf8de6e97224fa2d7/detection

http://54.170.208.161

# Reference: https://twitter.com/drb_ra/status/1491723106691465222

sangfor.workers.dev
proud-queen-f889.sangfor.workers.dev

# Reference: https://www.virustotal.com/gui/file/3b16b98cb4155fe7a0b3b078f5a8703e4c45c0bc3f8244cb33dd958e1d46867b/detection

74.90.65.14:5556

# Reference: https://www.virustotal.com/gui/file/2428282a7480606c4464f30cd897f63a9282a6e9870f0da86e1c3e786ba836e3/detection

http://74.90.65.14

# Reference: https://www.virustotal.com/gui/file/3b074c5013c85f434309d2475246c56ece2b7bfd91d3e7fde65550037d6ca2b4/detection
# Reference: https://www.virustotal.com/gui/file/e3f6335e495de173b3b6f3915b626375977440c1f4bdf3f1e74ae12a08777c25/detection

http://124.71.215.241

# Reference: https://www.virustotal.com/gui/file/7d8e94ed6d538573ad5de20e60b0633c539b7cb1fa1b22296795220ccefaf4e7/detection

103.234.72.104:5521

# Reference: https://www.virustotal.com/gui/file/767f13f264a9b2f35b18231b2474b8b8c42308992c3eec79d6538050d5382562/detection

103.234.72.104:4433

# Reference: https://www.virustotal.com/gui/file/c55d8ef0af1b32b6e0ea15f467bdf022da6b1d8db45c3cdc920de67ac0e8d76e/detection

1.117.149.27:2333

# Reference: https://twitter.com/drb_ra/status/1491875410124046336

nentundo.com

# Reference: https://twitter.com/drb_ra/status/1492086386186358786

wgnbv.nl
cdn.wgnbv.nl

# Reference: https://twitter.com/drb_ra/status/1492086716466929666

146.196.54.3:52148

# Reference: https://twitter.com/drb_ra/status/1492086423939256324

124.222.30.145:443

# Reference: https://twitter.com/drb_ra/status/1492086554776551424

http://103.75.118.152

# Reference: https://twitter.com/drb_ra/status/1492086596841230339

107.173.111.104:7443

# Reference: https://twitter.com/drb_ra/status/1492086671717941249

http://106.55.27.103

# Reference: https://twitter.com/drb_ra/status/1492086314195427328

176.97.67.154:443

# Reference: https://twitter.com/drb_ra/status/1492086626461356048

http://176.97.67.154

# Reference: https://twitter.com/drb_ra/status/1492086172981547009

204.44.109.84:443

# Reference: https://twitter.com/drb_ra/status/1492086076449693699

175.24.66.77:443

# Reference: https://twitter.com/drb_ra/status/1492086142812008448

103.253.24.79:6443

# Reference: https://twitter.com/drb_ra/status/1492086104518017025

http://194.87.216.7

# Reference: https://twitter.com/drb_ra/status/1492085992601358337

107.167.8.70:9999

# Reference: https://twitter.com/drb_ra/status/1492085911856766981

194.116.217.84:443

# Reference: https://twitter.com/drb_ra/status/1492086045063712774

194.87.197.213:30002

# Reference: https://twitter.com/drb_ra/status/1492086014415978496

155.94.201.196:8721

# Reference: https://twitter.com/drb_ra/status/1492085940973617152

http://23.106.215.98

# Reference: https://twitter.com/drb_ra/status/1492085971663392769

18.223.233.177:8000

# Reference: https://twitter.com/drb_ra/status/1492085772790517760

http://34.96.225.17

# Reference: https://twitter.com/drb_ra/status/1492085870438014980

46.29.165.64:8000

# Reference: https://twitter.com/drb_ra/status/1492085838129373189

3.7.84.114:56444

# Reference: https://twitter.com/drb_ra/status/1492085736941760514

154.222.236.46:443

# Reference: https://twitter.com/drb_ra/status/1492085806781054978

http://112.213.124.146

# Reference: https://twitter.com/drb_ra/status/1492086451646779393

193.149.161.175:8888

# Reference: https://twitter.com/drb_ra/status/1492106870227619845

78.47.243.181:8083

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Hancitor%20IOCs

http://45.15.131.96
45.15.131.96:443

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-18%20Hancitor%20IOCs

http://69.49.230.29

# Reference: https://www.virustotal.com/gui/file/b84754b4e2641789c632b3ccabed96bc47260a2525d60dbcfbe15c78dd1a0ab4/detection

165.227.31.192:443

# Reference: https://www.virustotal.com/gui/file/648c8277f2c3b56f55f4d967ba47c26fc1c255f89c19174ebca2c2102a3febcd/detection

lucid-haze-60556.pktriot.net

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-02-10-IOCs-for-Emotet-epoch5-infection-with-Cobalt-Strike.txt

ledikexive.com

# Reference: https://app.any.run/tasks/3ee93ad6-fb00-4e61-82a0-6c19311d8725/

189.51.118.17:8080

# Reference: https://www.virustotal.com/gui/file/0bfcc2b814c74e8796f68d72b9f4caf4a26efb49194cd335596471a904ece142/detection
# Reference: https://www.virustotal.com/gui/file/1eb711345819f4a82908e06157a92ddeb81e13278c15f88e34c428abfc2eee31/detection
# Reference: https://www.virustotal.com/gui/file/5cfb55761ec79726d1a8250567fd3cc5acc78b4fc1f01bdc8dba904ceed600b5/detection

serao.network
h0me.serao.network
nssn.serao.network

# Reference: https://www.virustotal.com/gui/file/fca93f06b700ac1912385bd50337c8f273f3c672c07bc31ea3cb2399ad139529/detection
# Reference: https://www.virustotal.com/gui/file/64c160023f3f759768cb6940e018e71a3f80d9dbde796ad930a5040ce894a5b0/detection

101.34.204.230:4445

# Reference: https://twitter.com/drb_ra/status/1492509394772320262

189.51.118.17:8443

# Reference: https://twitter.com/drb_ra/status/1492509422773489665

service-3iwblltw-1309502842.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1492509555107926017

http://23.227.193.33
abosws.vaiwan.com

# Reference: https://twitter.com/drb_ra/status/1492509383149993988

http://104.21.71.221
http://172.67.149.180
1.117.225.19:443

# Reference: https://www.virustotal.com/gui/file/bb573df8fc7f437a33104c3989942f16f8f18a2e5cccc14c95559fb6d9440fee/detection

wpq.vaiwan.com

# Reference: https://twitter.com/drb_ra/status/1492540510824763395

101.34.253.147:8080

# Reference: https://twitter.com/drb_ra/status/1492540552205766658

http://1.117.225.19
1.117.225.19:443

# Reference: https://twitter.com/drb_ra/status/1492540579951095809

service-3iwblltw-1309502842.hk.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/42b94897f4d0da93cb2304338362e0590025819b3f09cb9ecb66b17bc2a3659d/detection

111.173.115.229:8081

# Reference: https://www.virustotal.com/gui/file/93ed23ae8a20d6cb85800361d1b56d38707032135d3da5d35eee3b6db8560d3b/detection

92.255.85.94:17763

# Reference: https://www.virustotal.com/gui/file/b93605c8b16f50f7d64898dbf8f726fb8713612ec46b1dd56bf60d7bdfe4410a/detection

92.255.85.94:19415

# Reference: https://www.virustotal.com/gui/file/0d032d82dec12b4c35e2724d09ef23f517ee839efd673b26a28cec732ddce343/detection

92.255.85.94:83

# Reference: https://www.virustotal.com/gui/file/9e08740c25b365ade3603e258cce48856f07a2ed9c23f939ef75288ec340ee6a/detection

92.255.85.94:88

# Reference: https://twitter.com/drb_ra/status/1492632070945976325

http://45.76.153.107
45.76.153.107:443

# Reference: https://twitter.com/drb_ra/status/1492631901705809920

http://101.32.116.227
101.32.116.227:8001

# Reference: https://twitter.com/drb_ra/status/1492781340172988422

http://185.106.176.135
185.106.176.135:443

# Reference: https://twitter.com/mojoesec/status/1448015584889872394

aliyunsecurity.online
artysecuritybusinaudit.com
grombon.com
msbackupservice.org
refender.site
securitybusinessthin.com
update.aliyunsecurity.online

# Reference: https://twitter.com/mojoesec/status/1447638490401890310

bloomcad.com
desertfu.com
drustn.com
nzfact.com
seamof.com
transpoti.com

# Reference: https://twitter.com/mojoesec/status/1448372740105383941

doombt.com
dynamogros.com
faithfull.one
identification7.org
microsoft-cdn.org
upfell2.com
apps.identification7.org
d3b9jm8i0eyllh.cloudfront.net

# Reference: https://twitter.com/mojoesec/status/1447638107512266766

ddns.scratchs.xyz
flreeyes.com
gambingz.com 
gastaro.com
hostesstwinkie.com
hostesstwinkie.com.global.prod.fastly.net
novostlnk.net
ondiscoverycheck.com
openlanguage.live
scratchs.xyz
url.services.global.prod.fastly.net

# Reference: https://twitter.com/mojoesec/status/1446526387024769034

digimetric.co
hurtsecurityfinance.com
opposecurityaudit.com
securityhumanresources.com
shysecuritybusiness.com

# Reference: https://twitter.com/drb_ra/status/1492804757655797764

cam.university
fwd1.cam.university
fwd2.cam.university
raven.cam.university

# Reference: https://twitter.com/drb_ra/status/1492804867206922240

18.223.233.177:8443
sangfor.store

# Reference: https://twitter.com/drb_ra/status/1492804898127237122

http://94.103.188.96

# Reference: https://twitter.com/drb_ra/status/1492804727377125378

45.76.242.89:8443

# Reference: https://twitter.com/drb_ra/status/1492872027618881536

kredowatcher.ddns.net

# Reference: https://twitter.com/drb_ra/status/1492902761523937287

206.188.197.43:443

# Reference: https://twitter.com/drb_ra/status/1492902733673910274

94.103.188.96:8043

# Reference: https://twitter.com/drb_ra/status/1492902795657183232

3.70.95.233:8080
acme-email.com

# Reference: https://twitter.com/drb_ra/status/1492902649250865157

115.144.69.36:89

# Reference: https://twitter.com/drb_ra/status/1492902622487097345

3.109.47.180:8666

# Reference: https://twitter.com/drb_ra/status/1492902586789289984

164.155.48.3:6580

# Reference: https://twitter.com/drb_ra/status/1492902555059372034

holocaust.today
c.holocaust.today

# Reference: https://twitter.com/drb_ra/status/1492902528450764802

http://158.247.212.146
158.247.212.146:8086

# Reference: https://twitter.com/drb_ra/status/1492902417444360195

112.213.124.146:2087
ashenone1221.com

# Reference: https://twitter.com/drb_ra/status/1492902488416165889

r74n1rfbqi.execute-api.us-east-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1492902359621681154

http://194.87.216.7
194.87.216.7:8080

# Reference: https://twitter.com/drb_ra/status/1492902495647158277

d19bgb9yswqj7y.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1492902456157773833

bpls-communication.fr

# Reference: https://twitter.com/drb_ra/status/1492902388197437444

http://39.105.92.113
39.105.92.113:443

# Reference: https://twitter.com/drb_ra/status/1492962573465042952

http://144.217.207.31
144.217.207.31:443

# Reference: https://twitter.com/drb_ra/status/1492992334904053760

http://192.3.6.194
192.3.6.194:443

# Reference: https://twitter.com/drb_ra/status/1492992420581101575

d1021gpwtn238p.cloudfront.net
d1qki54fj4ji0b.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1492992423319977987

d2hx7g7ejleo7u.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1492992470522777607

http://195.22.153.143

# Reference: https://twitter.com/drb_ra/status/1492992374930345984
# Reference: https://www.virustotal.com/gui/file/348e3b4d242a19c0d651d3499117cdd308463aee5ff575bda76574abe95e08dc/detection

172.67.187.129:8443
49.234.105.212:81
49.234.105.212:8081
kurokoleung.cn
test.kurokoleung.cn

# Reference: https://www.virustotal.com/gui/file/ceae5b3dba66dd0d1aff4aa5db0877109bed1d558f90d84bdaf16d90e9c67fad/detection
# Reference: https://www.virustotal.com/gui/file/4800884d528853adde2b1ae773574ad60f9f4c70726ca1f51e757ca629ed9547/detection

78.160.39.171:4444
78.161.109.60:4444
onlydns.duckdns.org

# Reference: https://twitter.com/drb_ra/status/1493234317602045953

110.42.159.151:443

# Reference: https://twitter.com/drb_ra/status/1493264482834862083

198.98.51.144:8088

# Reference: https://twitter.com/drb_ra/status/1493264460315828225

198.211.9.97:8001

# Reference: https://twitter.com/drb_ra/status/1493264425582800900

http://39.105.15.102

# Reference: https://twitter.com/drb_ra/status/1493264395081760769

http://161.35.83.66

# Reference: https://twitter.com/drb_ra/status/1493264357697933313

5.181.27.107:5432

# Reference: https://twitter.com/drb_ra/status/1493264292119994373

http://54.242.138.88

# Reference: https://twitter.com/drb_ra/status/1493264258024550402

http://43.154.2.221

# Reference: https://twitter.com/drb_ra/status/1493264252853014530

60z7e5b1ld.execute-api.eu-west-2.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1493264185060474883

92.255.85.94:91

# Reference: https://twitter.com/Max_Mal_/status/1493494642813415426

nagahox.com

# Reference: https://twitter.com/drb_ra/status/1493506082685304835

http://101.43.0.65

# Reference: https://www.virustotal.com/gui/file/dad20d4dd0b4bd4231ea21bbd2d58ebcd13f0b60457bda7bedee3fd2fc9db962/detection

101.43.0.65:8080

# Reference: https://twitter.com/drb_ra/status/1493513735142531073

service-c016brab-1302420290.sh.apigw.tencentcs.com

# Reference: https://twitter.com/TheDFIRReport/status/1493593441841913859

5.2.67.77:446
msauditservice.com

# Reference: https://twitter.com/drb_ra/status/1493596704150638594

137.184.101.238:8443
infonewsweb.com

# Reference: https://twitter.com/drb_ra/status/1493596658466230284

http://34.95.11.106

# Reference: https://twitter.com/1ZRR4H/status/1493704364049018880
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-02-15_CobaltStrikeConfigs

hayutawewe.com
lacamesabo.com
lanujefok.com
ruhezepu.com
yipujufaj.com
/d_config

# Reference: https://twitter.com/drb_ra/status/1493872626095181825

guyonghao.top

# Reference: https://twitter.com/drb_ra/status/1493872611989737472

us-central1-rec-994-ccm-dev.cloudfunctions.net

# Reference: https://www.virustotal.com/gui/file/0dbabbec84013fbefd55a1365a055e0f0d6ad200d504d065e1263f5d7ce1c8d4/detection

176.176.217.203:444

# Reference: https://twitter.com/malwrhunterteam/status/1493937054610341888
# Reference: https://www.virustotal.com/gui/file/7d0e565f004ef6b31b6e213e5b2d1cef49300660854d921927ef9c1046b35345/detection

baiduboomboom.tk
boom.baiduboomboom.tk

# Reference: https://www.virustotal.com/gui/file/1ca0108925d69ce552e492faadfab01a3894417ed617b76ee44651356259f4fb/detection

92.255.85.93:10001

# Reference: https://www.virustotal.com/gui/file/a5c8c0b5f72a16b729f1e73d64524efbbd1c4952b6979c71c4b6072fe88470b7/detection

92.255.85.93:12031

# Reference: https://www.virustotal.com/gui/file/dbd46a9515a1fba42e02eac95c85bba9f699de07d2c5cb04a42d71ac3a86dec9/detection

92.255.85.93:18092

# Reference: https://www.virustotal.com/gui/file/d296e6546d51c343cf3743b52e64e46ef6066f4a20d1e4fde7875e054f83ddeb/detection

92.255.85.93:8848

# Reference: https://www.virustotal.com/gui/file/9eecb04a57f79797e304b2183bedeeb1c00be0ae7f075db8c83e975d51658e1b/detection

119.45.5.30:8090

# Reference: https://twitter.com/drb_ra/status/1493959363211505665

sagebusiness.biz

# Reference: https://twitter.com/drb_ra/status/1493959315773870089

http://45.76.183.78
45.76.183.78:5555

# Reference: https://twitter.com/drb_ra/status/1493959230289756165

migrdeb.com

# Reference: https://twitter.com/drb_ra/status/1493959169803792390

service-qgzetff2-1255401124.gz.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/0a7530d4f7baa8a06c476aadf1b4d578daebcec15169066e40580aec402bcb49/detection

139.60.161.215:443

# Reference: https://www.virustotal.com/gui/file/d89944d936b045d55faccf77fc00456ae6259a908be4567b74e3b68372564d79/detection

119.45.116.254:8089

# Reference: https://www.virustotal.com/gui/file/bbfed36af792c126c093d96ad150ab6929bfc3d9ed0e962607e6bd6f9ef31ec0/detection

119.45.116.254:8181

# Reference: https://www.virustotal.com/gui/file/b62a627f114d4cac69132e08ca9981d130bf3e7bebafe30df81d2cbb67ea8090/detection

http://119.45.116.254
119.45.116.254:4445

# Reference: https://www.virustotal.com/gui/file/abbee8c49c87ffb59979266a2abbc9b2ebbe5d9a5828fc2fe23216d4bf252e9a/detection

119.45.116.254:88

# Reference: https://www.virustotal.com/gui/file/2f0b496b566031063b3ef980c87300fff0960cbda30668897b67bf17d37a583b/detection

119.45.116.254:9871

# Reference: https://www.virustotal.com/gui/file/bea7f9ff34583a5a37cd8d2046868a534ee5246fc080a6d242ec72ce033f9dcd/detection

mylware.ml

# Reference: https://twitter.com/drb_ra/status/1494049798747471877
# Reference: https://www.virustotal.com/gui/ip-address/20.61.86.26/relations

citipromo.com
microsoft-metrics.com
next-support.net
cdn.citipromo.com
lyncdiscover.next-support.net
telemetry.microsoft-metrics.com

# Reference: https://twitter.com/drb_ra/status/1494049743969865732

http://45.154.12.136
45.154.12.136:443

# Reference: https://twitter.com/drb_ra/status/1494231048552648707

139.198.183.44:443

# Reference: https://twitter.com/drb_ra/status/1494260840383619076

service-awiuoya1-1306227723.cd.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1494260937674657792

http://1.117.228.225

# Reference: https://twitter.com/drb_ra/status/1494260766807048198

104.207.152.82:443

# Reference: https://twitter.com/drb_ra/status/1494260805361188864

64.27.30.186:2052

# Reference: https://twitter.com/drb_ra/status/1494260712323043329

http://144.202.107.235

# Reference: https://twitter.com/drb_ra/status/1494321412856705030

http://31.7.62.24
rodinscoldly.com

# Reference: https://twitter.com/drb_ra/status/1494321538526375941

143.198.131.90:443

# Reference: https://www.virustotal.com/gui/file/4d778c8178621c9ff277ab2af1dd0c6617a81850faa4094bbadb51e9d205518e/detection

1.117.94.38:5555

# Reference: https://www.virustotal.com/gui/file/d6160b48bc98bf270733538b70baba304c99b03984281ed38e6a77cf885509a3/detection

1.117.94.38:8443

# Reference: https://www.virustotal.com/gui/file/a62ecd2430521ad46d1db141add2d49abba38bce3334f6f6dbc84d7cd7b08d77/detection
# Reference: https://www.virustotal.com/gui/file/99db6ebe58151258e8741564f1c785c8fb25530d4bc93c669c2c8032cea6dfb3/detection
# Reference: https://www.virustotal.com/gui/file/5ed900ede1396e806c4e0b7173a599b4be21191fc93f3db9734c4c8e58d7b3a8/detection

47.118.56.132:40100

# Reference: https://twitter.com/drb_ra/status/1494593242599411712

http://49.232.202.213
49.232.202.213:83

# Reference: https://twitter.com/drb_ra/status/1494622853798535169

service-hgtx33je-1301706575.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1494622982307725312

http://16.163.42.206
16.163.42.206:443

# Reference: https://twitter.com/drb_ra/status/1494622883804590081

template.n98.workers.dev
template.n99.workers.dev

# Reference: https://twitter.com/drb_ra/status/1494412047240548354

31.7.62.24:22

# Reference: https://twitter.com/drb_ra/status/1494412160578973707

http://35.183.100.53

# Reference: https://twitter.com/drb_ra/status/1494412224886042627

http://161.35.139.84
167.172.247.211:443
/gp/cerberus/gv

# Reference: https://twitter.com/drb_ra/status/1494412019235274756

gida1.net

# Reference: https://twitter.com/drb_ra/status/1494774399878238217

http://188.166.118.212

# Reference: https://twitter.com/drb_ra/status/1494774523190779913

134.209.190.139:4443

# Reference: https://twitter.com/drb_ra/status/1494804259363340288

http://106.54.170.72
106.54.170.72:8080

# Reference: https://twitter.com/drb_ra/status/1494804340141441024

http://110.42.194.205
110.42.194.205:8080

# Reference: https://twitter.com/drb_ra/status/1494985228812701705

39.101.136.68:8008

# Reference: mhttps://twitter.com/fr0s7_/status/1495024406741012485

outlookcdn.com
outlookcdn.net
outlookdownload.com

# Reference: https://twitter.com/drb_ra/status/1495077534844821509

http://23.227.193.79

# Reference: https://twitter.com/drb_ra/status/1495077285896073217

sikescomposites.com

# Reference: https://twitter.com/drb_ra/status/1495077433036398593

d21e535u1l7h1f.cloudfront.net
di2ugpzvmik5z.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1495077097911508996

http://107.167.8.66
107.167.8.69:9999

# Reference: https://twitter.com/drb_ra/status/1495077318007705605

http://62.113.255.30
62.113.255.30:443

# Reference: https://twitter.com/drb_ra/status/1495077363331313667

http://34.125.128.76
34.125.128.76:81

# Reference: https://www.virustotal.com/gui/file/ff2173d21446a34914fa6c5015804c98204f4fbba5caa55c8d2434fa3376c4e8/detection

http://81.68.140.111
81.68.140.111:68

# Reference: https://www.virustotal.com/gui/file/69ebb4ec6c77e42879ae7a826417be05a0ba2cf9f457d1cec304d7b1d30d5949/detection

128.199.166.157:57421

# Reference: https://www.virustotal.com/gui/file/e617c1cde9f2f5fe85c3fc5d3528b38b9e610cac531a1dfebacc923d53d8ea06/detection

telemetryms.com

# Reference: https://www.virustotal.com/gui/file/0f622ffb923bf1318e4255898fce93085684b3c3ada9cbf7f946c4b9eecc59fd/detection

sunnycat.site
aaa.stage.4074444.ns1.sunnycat.site

# Reference: https://www.virustotal.com/gui/file/93b435fc096e3dfe3cba782bcdd45a7c44446c752013535f7124ee369c2ac8e5/detection
# Reference: https://www.virustotal.com/gui/file/6397cab13008f7cdd149f090b9b4146e9d878a54d5c44b0be6733843956b9654/detection

1.15.80.102:443

# Reference: https://www.virustotal.com/gui/file/c0209985aa957fbdbf06833b50aea6f53de249d6505bb97d49b0d1bad268748d/detection

http://42.192.152.182

# Reference: https://www.virustotal.com/gui/file/a69bd8ec184cf36fb4309d855f08e29e281360642fc99510d1f60fe76e8f12e0/detection

42.192.152.182:8989

# Reference: https://www.virustotal.com/gui/file/887091c7f045b9f69b933b34876b428e39ed58dce7a6a60f2516a60e012ff676/detection

42.192.152.182:5566

# Reference: https://www.virustotal.com/gui/file/30afb0c76f0a386f4c589050310dc49b8b81f8f77b003484be7dec958787270d/detection

47.108.112.229:2222

# Reference: https://twitter.com/drb_ra/status/1495347958883233794

1.117.209.90:8080
sentrylab.cn
chinatelecomglobal.sentrylab.cn

# Reference: https://twitter.com/drb_ra/status/1495348008757645313

http://119.91.99.99

# Reference: https://twitter.com/drb_ra/status/1495348071575785476

120.27.195.218:443

# Reference: https://twitter.com/drb_ra/status/1495347894551035908

180.76.96.202:443

# Reference: https://twitter.com/drb_ra/status/1495361450549956617

fajayesi.com

# Reference: https://twitter.com/drb_ra/status/1495361480430166019

xicetigi.com

# Reference: https://twitter.com/drb_ra/status/1495361567075880963

gelmutol.com

# Reference: https://twitter.com/drb_ra/status/1495361598176710661

vipeklub.com

# Reference: https://twitter.com/drb_ra/status/1495408811355553792

hewecas.com

# Reference: https://twitter.com/drb_ra/status/1495408743911206916

yaduvov.com

# Reference: https://twitter.com/drb_ra/status/1495408672452878341

http://204.44.93.136

# Reference: https://twitter.com/drb_ra/status/1495408786068185091

http://74.51.164.194

# Reference: https://twitter.com/drb_ra/status/1495439252162695170

mech2trans.com

# Reference: https://twitter.com/drb_ra/status/1495439287457746945

http://180.76.96.202

# Reference: https://twitter.com/drb_ra/status/1495439138320838657

http://104.21.26.161
http://172.67.137.49
45.32.64.111:8080

# Reference: https://twitter.com/drb_ra/status/1495438273396846595

chikagobi.com

# Reference: https://twitter.com/drb_ra/status/1495438327981486089

http://139.155.91.47

# Reference: https://twitter.com/drb_ra/status/1495438356897054725

http://154.221.19.62
154.221.19.62:2323

# Reference: https://twitter.com/drb_ra/status/1495438411162869768

http://138.68.227.71

# Reference: https://twitter.com/drb_ra/status/1495438413813751810

http://161.35.137.163

# Reference: https://twitter.com/drb_ra/status/1495438416388968452

http://45.55.36.143

# Reference: https://twitter.com/drb_ra/status/1495438419018887173

http://68.183.200.63

# Reference: https://twitter.com/drb_ra/status/1495438421619322880

http://143.198.110.248

# Reference: https://twitter.com/drb_ra/status/1495438424261767169

http://192.241.133.130

# Reference: https://twitter.com/drb_ra/status/1495438426874822663

http://159.65.246.188

# Reference: https://twitter.com/drb_ra/status/1495438429521428480

http://64.227.0.177

# Reference: https://twitter.com/drb_ra/status/1495438432138633218

http://165.227.219.211

# Reference: https://twitter.com/drb_ra/status/1495438434789470210

http://165.227.23.218

# Reference: https://twitter.com/drb_ra/status/1495438437419298819

http://165.232.154.73

# Reference: https://twitter.com/drb_ra/status/1495438440015577094

http://178.128.171.206

# Reference: https://twitter.com/drb_ra/status/1495438674380705803

64.225.21.143:443
64.225.21.63:443

# Reference: https://twitter.com/drb_ra/status/1495438710476881922

http://138.68.227.71

# Reference: https://twitter.com/drb_ra/status/1495438713123483653

http://161.35.137.163

# Reference: https://twitter.com/drb_ra/status/1495438715749031940

http://45.55.36.143

# Reference: https://twitter.com/drb_ra/status/1495438914378678277

onesecondservice.com

# Reference: https://twitter.com/drb_ra/status/1495438948470079489

http://167.71.180.35

# Reference: https://twitter.com/drb_ra/status/1495438975754022915

http://5.39.218.48

# Reference: https://twitter.com/drb_ra/status/1495439039364800517

81.254.220.171:8080
jenaye.fr
cocas.jenaye.fr

# Reference: https://twitter.com/drb_ra/status/1495439063557414912

5.39.218.48:443

# Reference: https://twitter.com/drb_ra/status/1495439090644254722

158.247.211.89:443

# Reference: https://twitter.com/drb_ra/status/1495439114119757825

45.144.3.65:8080

# Reference: https://twitter.com/drb_ra/status/1495439168624738306

http://23.227.193.79:443
23.227.193.79:443

# Reference: https://twitter.com/drb_ra/status/1495439205836591113

lzzswlvqlinshiyou1xiangnet.tk

# Reference: https://twitter.com/drb_ra/status/1495439287457746945

http://180.76.96.202

# Reference: https://twitter.com/drb_ra/status/1495499249068523527

82.157.115.90:443
image.baidu.cn.cdn.dnsv1.com.cn

# Reference: https://twitter.com/drb_ra/status/1495499366114725892

bristolcs.skylabus.workers.dev

# Reference: https://twitter.com/drb_ra/status/1495528426647732225

service-2ga3186f-1257749338.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1495680445866033153

service-2whhgrvl-1309729421.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1495680524693737472

http://193.233.206.181

# Reference: https://twitter.com/drb_ra/status/1495711505265967110

balacif.com
vigiwiwig.com

# Reference: https://twitter.com/drb_ra/status/1495711574820073474

gelmutol.com

# Reference: https://twitter.com/drb_ra/status/1495711619078361095

yopole.com

# Reference: https://twitter.com/drb_ra/status/1495711701592858628

tomezica.com

# Reference: https://twitter.com/drb_ra/status/1495711737215172609

sakapocaj.com

# Reference: https://twitter.com/drb_ra/status/1495803181598715914

206.189.245.147:8888

# Reference: https://twitter.com/drb_ra/status/1495803832797999117

among-sections-vb-blow.trycloudflare.com

# Reference: https://twitter.com/drb_ra/status/1495803862925684739

79.137.38.83:447

# Reference: https://twitter.com/drb_ra/status/1495803891413303304

146.0.72.87:8080

# Reference: https://twitter.com/drb_ra/status/1495804844715782149

62.113.255.12:12123
macpromoworld7917.workers.dev
helloworld.macpromoworld7917.workers.dev

# Reference: https://twitter.com/drb_ra/status/1495892474794889216

154.212.112.253:8168

# Reference: https://twitter.com/drb_ra/status/1495892538334629888

46.29.167.76:443

# Reference: https://twitter.com/drb_ra/status/1495892623705489428

139.60.160.210:443

# Reference: https://twitter.com/drb_ra/status/1495892636057616388

45.32.73.194:4434

# Reference: https://www.virustotal.com/gui/file/3aa583ac7ff20c5138b84ccd993d83c443cf88de6417fa7bb285153d04750579/detection

http://20.203.182.34

# Reference: https://www.virustotal.com/gui/file/f3035c4e67e40acc6a00586900076a42b545f0c37246c05864f3df49c169e16a/detection
# Reference: https://www.virustotal.com/gui/file/e83a0448c3fe6b7bc1a513d5d159a84f00b07a97ca694dae54a4801a32e29b29/detection

101.43.49.58:6666
101.43.49.58:83

# Reference: https://www.virustotal.com/gui/file/be29c08ee7ef56c1311b0509fe41c9e97dedbe9a49643930180e4534befa7e83/detection

http://101.43.49.58

# Reference: https://www.virustotal.com/gui/file/ed774494d5f8741208c41a2f96733afb51fd36d5b910191704f60bbb65685bb9/detection

http://124.223.7.26

# Reference: https://www.virustotal.com/gui/file/9f53c5cdee05227219d9d5d5187feda55dc2f7850a2c25688158f93900e83d4d/detection

124.223.7.26:8666

# Reference: https://www.virustotal.com/gui/file/976e4ffcc3060384560a6a095202741b341b60f4950d8a8b087f5e554a7e6dbe/detection
# Reference: https://www.virustotal.com/gui/file/638b08a2c0de4b3a696118c4cfdc8065b65c18cc62b268af707ffceb77ae798e/detection

110.42.142.145:6666

# Reference: https://www.virustotal.com/gui/file/f1b7d7944753f694d96556ab9a957f63e59400cfea44e0d4fa71f1d611cc6d3d/detection

106.52.16.175:8001

# Reference: https://www.virustotal.com/gui/file/cfaad020c065ddde0d30dcb75805c5caef83287bc30ec3fbf674817248689b50/detection

106.15.105.108:90

# Reference: https://www.virustotal.com/gui/file/1b33f153cd672912365f0937ec67822289265f78aa909cc922354033c2d65f03/detection

106.15.105.108:8000

# Reference: https://twitter.com/drb_ra/status/1495861646635503622

service-ljayc1ty-1305160635.sg.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1495861601613881346

windows-update.online

# Reference: https://twitter.com/drb_ra/status/1495861712645410827

40.117.192.115:443

# Reference: https://twitter.com/drb_ra/status/1496213981882728449

18.117.147.247:443

# Reference: https://twitter.com/drb_ra/status/1496213990615175178

185.117.90.176:82

# Reference: https://asec.ahnlab.com/en/31811/
# Reference: https://twitter.com/drb_ra/status/1494351168549576713
# Reference: https://twitter.com/drb_ra/status/1494350879016771588
# Reference: https://twitter.com/drb_ra/status/1488189264898793476

http://92.255.85.90
92.255.85.90:81
92.255.85.90:82
92.255.85.90:83
92.255.85.93:12031
92.255.85.93:18092
92.255.85.83:7905
92.255.85.92:8898
92.255.85.83:9315

# Reference: https://twitter.com/drb_ra/status/1496224098724331523

http://116.204.211.148
apex1.tk

# Reference: https://twitter.com/drb_ra/status/1496224030759825413

81.69.10.170:443

# Reference: https://twitter.com/drb_ra/status/1496224162687369223

g00gle.ngrok.io

# Reference: https://twitter.com/1ZRR4H/status/1496344965533863936
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-02-23_CobaltStrikeConfigs

cigazux.com
dehotuciti.com
doracecut.com
fapezagi.com
gecolipeco.com
higuni.com
jakelihegi.com
jerurux.com
kezuwof.com
medalonig.com
pobovov.com
sawamini.com
tavugasar.com
viyilonip.com
vizezexog.com
wayeyoy.com
xaluji.com
xaviliw.com
xekezix.com
zeronyk.com

# Reference: https://twitter.com/drb_ra/status/1496435210703065091

51.178.15.11:443

# Reference: https://twitter.com/drb_ra/status/1496435132319899653

172.93.221.97:443

# Reference: https://twitter.com/drb_ra/status/1496435068918718468

freemeyum.com
call.freemeyum.com
hello.freemeyum.com
lives.freemeyum.com
test.freemeyum.com

# Reference: https://twitter.com/drb_ra/status/1496586397834264590

defend-forward.com

# Reference: https://twitter.com/drb_ra/status/1496586415378997255

http://49.232.155.30

# Reference: https://twitter.com/drb_ra/status/1496586491270766593

apiendpoints.azureedge.net

# Reference: https://twitter.com/malware_traffic/status/1496881976401223686

190.123.44.144:4444
dflow.icu

# Reference: https://twitter.com/drb_ra/status/1496858216004792330

45.64.186.178:443

# Reference: https://twitter.com/drb_ra/status/1496858234224885764

dunclikf.com

# Reference: https://www.virustotal.com/gui/file/a72a126f3a637b0102c656a3308121fbcf6d8fb97841ca1a87f04a6e994fa776/detection

162.14.110.99:50001

# Reference: https://twitter.com/drb_ra/status/1496797181264941057

bblq.club
cc1.bblq.club

# Reference: https://twitter.com/drb_ra/status/1496938520379899905

18.167.171.48:443

# Reference: https://www.virustotal.com/gui/file/56123589b542270be0d52c6b709db9e04e4238a2042c3846aeac7b5a5424acdc/detection
# Reference: https://www.virustotal.com/gui/file/3b8f32cbe75e547da149a79d455e35721a97d25c4babe778b9f3fa182eef3b60/detection

45.33.100.246:4423

# Reference: https://twitter.com/drb_ra/status/1497521946875080705

45.76.67.12:8880

# Reference: https://twitter.com/drb_ra/status/1497583010132209670

http://149.28.19.187

# Reference: https://twitter.com/drb_ra/status/1497612301867827211

59.110.172.50:443

# Reference: https://twitter.com/drb_ra/status/1497612360089018373

http://47.108.144.172

# Reference: https://twitter.com/drb_ra/status/1497612435502469122

http://100.1.1.123
101.43.18.87:8888

# Reference: https://twitter.com/drb_ra/status/1497663285218496512

88.217.167.173:443

# Reference: https://twitter.com/drb_ra/status/1497663289349783556

167.179.81.217:8443

# Reference: https://twitter.com/drb_ra/status/1497702944795414531

service-cpwcebwk-1253744829.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1497702998713282570
# Reference: https://twitter.com/drb_ra/status/1497703001645096960

d2w5xnioi4r4gb.cloudfront.net
d3vd0xee57b8hr.cloudfront.net
dwgbg8vy0czhx.cloudfront.net
/safebrowsing/2vqk0F69/IhViE7rohVCrc26A1otIqVPjA3klEb54fTqr
/2vqk0F69/IhViE7rohVCrc26A1otIqVPjA3klEb54fTqr
/2vqk0F69/
/IhViE7rohVCrc26A1otIqVPjA3klEb54fTqr

# Reference: https://twitter.com/drb_ra/status/1497703057492262914

208.76.223.4:2052
4pers.xyz
nosasys.4pers.xyz

# Reference: https://twitter.com/drb_ra/status/1497703090165891075

http://216.250.105.178
216.250.105.178:81

# Reference: https://twitter.com/drb_ra/status/1497703118473207810

http://80.78.23.156
80.78.23.156:8080

# Reference: https://twitter.com/drb_ra/status/1497703145262272514

http://43.128.3.54:443
43.128.3.54:443

# Reference: https://twitter.com/drb_ra/status/1497703172760035336

http://46.161.40.85
46.161.40.85:5063

# Reference: https://twitter.com/drb_ra/status/1497703195036065792

http://107.174.204.125

# Reference: https://twitter.com/drb_ra/status/1497703225142693891

http://103.146.179.89

# Reference: https://twitter.com/drb_ra/status/1497703248052080644

http://1.15.240.53

# Reference: https://twitter.com/drb_ra/status/1497703276862754818

http://31.45.231.174
31.45.231.174:8443

# Reference: https://twitter.com/drb_ra/status/1497703309192351746

http://107.148.13.14
107.148.13.14:443

# Reference: https://twitter.com/drb_ra/status/1497703347117297666

90.110.37.186:8080
jenaye.fr
cocas.jenaye.fr

# Reference: https://twitter.com/drb_ra/status/1497703377135980546

http://160.238.36.159

# Reference: https://twitter.com/drb_ra/status/1497703433431879683

http://103.79.79.75
103.79.79.75:88

# Reference: https://twitter.com/drb_ra/status/1497703466097160199

35.194.232.218:8877

# Reference: https://twitter.com/drb_ra/status/1497703492802203656

45.124.112.142:7165
zsqiji.com
zf.zsqiji.com

# Reference: https://twitter.com/drb_ra/status/1497703520077819908

rczp.jia.com

# Reference: https://twitter.com/drb_ra/status/1497703555733536771

155.94.201.136:443

# Reference: https://www.virustotal.com/gui/file/c4a1a7c31c7b81741c8eca612d0f87175ffefd806ad3633fc372db8b53cd4849/detection

cstest20220220.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/a6d643ad4b6c8fa94f1390cf7f24c6806a079ed0fbf5ef053cb6bf93358f9313/detection

http://5.252.178.188
5.252.178.188:444

# Reference: https://twitter.com/drb_ra/status/1497884617424228354

http://192.74.254.59

# Reference: https://www.virustotal.com/gui/file/10ddaa20fc1aea6198d41f8ee9842aeb0e0b52d8c6ddb1fdb3bf86122a4d9ebd/detection

144.202.106.219:5678

# Reference: https://twitter.com/drb_ra/status/1498217373391859716

ctldl.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1498217166679822337

43.255.31.75:1433

# Reference: https://github.com/pr0xylife/AsyncRAT/blob/main/AsyncRAT_28.02.2022.txt

http://52.15.81.204

# Reference: https://twitter.com/drb_ra/status/1498337503958519811

193.233.206.76:443

# Reference: https://twitter.com/drb_ra/status/1498337453651939333

http://91.241.19.147

# Reference: https://twitter.com/drb_ra/status/1498337409628610560

43.128.4.184:8080

# Reference: https://twitter.com/drb_ra/status/1498427787920785410

service-anwr3loj-1308308838.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1498427766060032000

8.142.131.209:8000

# Reference: https://twitter.com/drb_ra/status/1498427729116643330

103.117.101.119:1234

# Reference: https://twitter.com/drb_ra/status/1498427692231938050

103.234.72.17:8080

# Reference: https://twitter.com/drb_ra/status/1498427662951489544

47.243.79.171:443

# Reference: https://twitter.com/drb_ra/status/1498427587768508423
# Reference: https://twitter.com/drb_ra/status/1498427585096826883
# Reference: https://twitter.com/drb_ra/status/1498427582433402893

d11tkk5xyuecgl.cloudfront.net
d16zt6n9trmm5l.cloudfront.net
d2q25qam303z46.cloudfront.net
d2v3m77iwnc15k.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1498427547947831296

http://159.69.48.84

# Reference: https://twitter.com/drb_ra/status/1498427503215624196
# Reference: https://twitter.com/drb_ra/status/1505827647556931584

http://43.132.192.214
43.132.192.214:443

# Reference: https://twitter.com/drb_ra/status/1498427478121058310

http://144.202.84.14

# Reference: https://twitter.com/drb_ra/status/1498427457980051462

140.82.52.104:8080

# Reference: https://twitter.com/drb_ra/status/1498427429131534339

http://103.234.72.17

# Reference: https://twitter.com/drb_ra/status/1498427409141481483

101.43.116.175:8080

# Reference: https://twitter.com/drb_ra/status/1498427389755465729

89.41.177.13:3306

# Reference: https://twitter.com/drb_ra/status/1498427365709565957

http://191.235.64.231
bolaoaldaodadasd.com

# Reference: https://twitter.com/drb_ra/status/1498427313192677379

104.160.45.211:8889

# Reference: https://twitter.com/drb_ra/status/1498427236453695493

101.43.163.144:443

# Reference: https://twitter.com/drb_ra/status/1498427207739273219

http://202.79.174.114
202.79.174.108:443

# Reference: https://twitter.com/drb_ra/status/1498427340724056069

service-qnkl4z3f-1309697666.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1498427277851377669

http://103.78.243.20

# Reference: https://twitter.com/drb_ra/status/1498579756270374912

defegh.com

# Reference: https://twitter.com/drb_ra/status/1498579665480474625

jhurbad.com

# Reference: https://twitter.com/drb_ra/status/1498579604172419073

hiyevila.com

# Reference: https://twitter.com/drb_ra/status/1498579490292879365

dn86z4ogidkpo.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1498579637382823936

ngrety.com

# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2022-03-01_CobaltStrikeConfigs

bornometa.com
defegh.com
dunclikf.com
gelmutol.com
grizmit.com
jhurbad.com
klycnmik.com
korunder.com
migrdeb.com
nentundo.com
ngrety.com
sbronm.com
vedingumbr.com
vipeklub.com
zeronyk.com

# Reference: https://twitter.com/drb_ra/status/1498790300067770374

http://20.203.162.228

# Reference: https://twitter.com/drb_ra/status/1498790259315904514

http://40.87.4.70

# Reference: https://twitter.com/drb_ra/status/1498790217586774025

http://103.78.243.19
http://103.78.243.20

# Reference: https://twitter.com/drb_ra/status/1498790181050236932

http://202.79.174.110
http://202.79.174.114
202.79.174.110:443
202.79.174.114:443

# Reference: https://twitter.com/drb_ra/status/1498790121784721414

207.148.29.202:2345

# Reference: https://twitter.com/drb_ra/status/1498790057146208264

http://45.129.136.247
45.129.136.247:443

# Reference: https://twitter.com/drb_ra/status/1498790093489942531

microsoft-config.ddns.net

# Reference: https://twitter.com/drb_ra/status/1498789977546702857

45.64.186.80:8080

# Reference: https://twitter.com/drb_ra/status/1498789946865373192
# Reference: https://www.virustotal.com/gui/file/8556d394600b148428fd21529065ccb80a1be7d7b25893d6c083749900b79fa4/detection
# Reference: https://www.virustotal.com/gui/file/871cbb4eaf6a1838b14c0859ef6bee57425fc100b8975856a181274555709bbd/detection

velveticejewels.com
api.velveticejewels.com

# Reference: https://twitter.com/drb_ra/status/1498790147386662921

http://107.172.195.6

# Reference: https://twitter.com/drb_ra/status/1498790034710974464

210.108.146.194:8443

# Reference: https://twitter.com/drb_ra/status/1498790006315438082

http://124.223.92.75

# Reference: https://twitter.com/drb_ra/status/1498789920487481349

http://52.15.81.204

# Reference: https://twitter.com/drb_ra/status/1498789888828846082

grouppolicypreferences.com

# Reference: https://twitter.com/drb_ra/status/1498789858663403520

http://195.201.128.127
http://23.88.49.106

# Reference: https://twitter.com/drb_ra/status/1498789757828186113

http://20.203.162.228
http://51.103.138.171

# Reference: https://twitter.com/drb_ra/status/1498789720918220806

1.14.72.117:8888

# Reference: https://twitter.com/drb_ra/status/1498789684960542723
# Reference: https://www.virustotal.com/gui/file/6f37eda710592934dd135965b5aeb09742c7ba8e9a9529f4cbf55b9ddbdc0d44/detection

http://202.79.174.114
202.79.174.114:443
202.79.174.114:5667

# Reference: https://twitter.com/drb_ra/status/1498789656682545164

91.243.44.53:12781

# Reference: https://twitter.com/drb_ra/status/1498789625992818691

http://82.157.21.177

# Reference: https://twitter.com/drb_ra/status/1498789587799396352

52.175.126.112:2096

# Reference: https://twitter.com/1ZRR4H/status/1497771037718724612

lifegothistory.com

# Reference: https://www.virustotal.com/gui/file/fd65e992dfedf627104a5ca05e77dca129184b4e4a91b03079278f60649b29a9/detection

45.137.83.63:7008

# Reference: https://twitter.com/drb_ra/status/1499063610835877894

qaz668.com

# Reference: https://www.virustotal.com/gui/file/f02bd6b5b552f7688cb9a7d0e720b272be4288aad43388692bd9cff9a49a02b5/detection

http://20.185.223.167

# Reference: https://www.virustotal.com/gui/file/ed2d4709ab4af069a1e18661c702ef1f809fda5ac1b25ac5cddddc6cb230745e/detection

120.26.218.19:9900

# Reference: https://www.virustotal.com/gui/ip-address/35.200.48.195/detection
# Reference: https://www.virustotal.com/gui/file/fd6e443a31c23d08ce8de1cd204dcaa89548f3116fe41c559940fe6b9c719500/detection
# Reference: https://www.virustotal.com/gui/file/40c0dc7117caba871b706dcf09aa54cc557f69ed5febdbf5e2b3844f9e9c7e76/detection

35.200.48.195:443
35.200.48.195:53

# Reference: https://twitter.com/drb_ra/status/1499304439596949509
# Reference: https://www.virustotal.com/gui/ip-address/217.6.46.91/relations

evil.r-tec.net
rpt05.r-tec.net

# Reference: https://www.virustotal.com/gui/file/c26796853768d17452733df756293203d7b0d808e4e55b0fe24ea24b23f9d846/detection

http://217.6.46.91

# Reference: https://twitter.com/drb_ra/status/1499304280393715714

45.129.136.247:445

# Reference: https://twitter.com/drb_ra/status/1499304337985654786

skype-api.co.uk
blog.skype-api.co.uk
download.skype-api.co.uk
ms-012.skype-api.co.uk

# Reference: https://twitter.com/drb_ra/status/1499304315026132995

45.32.29.176:5555

# Reference: https://twitter.com/S0ufi4n3/status/1499299607523831810
# Reference: https://www.virustotal.com/gui/file/0b8a3c35eff55169960dfdb47c9007c1e5695ab030b95c0e4708270b7ec40886/detection

173.232.146.32:443
/aksdjaklsdj
/aksdjaaklsdj

# Reference: https://twitter.com/bryceabdo/status/1499381291472588801

180.76.113.186:29443

# Reference: https://twitter.com/drb_ra/status/1499426149688131593

20.115.115.101:443

# Reference: https://twitter.com/drb_ra/status/1499426163684487171

http://20.115.115.101

# Reference: https://twitter.com/drb_ra/status/1499426216738267138

101.34.15.118:443

# Reference: https://twitter.com/drb_ra/status/1499426190418923529

47.107.81.243:8443

# Reference: https://twitter.com/drb_ra/status/1499485603930464259

64.227.5.45:8443

# Reference: https://twitter.com/drb_ra/status/1497492384535490562

195.133.52.232:8443
baiduyuna.tk
1.baiduyuna.tk
2.baiduyuna.tk
3.baiduyuna.tk

# Reference: https://twitter.com/drb_ra/status/1497492468463456257

195.133.52.232:2053

# Reference: https://twitter.com/drb_ra/status/1497492394740260866

http://42.193.19.224
42.193.19.224:443

# Reference: https://twitter.com/mojoesec/status/1499491602422767618

gfsert.com
jihonz.com
shizij.com
sifgu.com
uktyl.com

# Reference: https://www.virustotal.com/gui/file/e75fce425df2e878c7938cdf86c8e4bde541c68f75d55edb62a670af52521740/detection
# Reference: https://www.virustotal.com/gui/file/985e694a43aad822d762eaf92d9709b5515adb3dc343698d35dec2b2f3d777ed/detection
# Reference: https://www.virustotal.com/gui/file/009bdfda31243cf72b870e026389fe9e4ce79b23ac5d6ea36a52713096883d22/detection

jaxebiridi.com

# Reference: https://twitter.com/drb_ra/status/1500059302727405569

49.232.16.87:8888

# Reference: https://twitter.com/drb_ra/status/1500059360281702409

185.150.119.204:443

# Reference: https://twitter.com/drb_ra/status/1500029105064058880

http://16.163.143.141

# Reference: https://twitter.com/drb_ra/status/1500029031059763203
# Reference: https://www.virustotal.com/gui/domain/districts16.com/relations

districts16.com
akak4747.districts16.com
cdn.districts16.com
dksjqksjj2a.districts16.com
dns.districts16.com
dsjw3je1.districts16.com

# Reference: https://www.virustotal.com/gui/file/f48a4e430c038a68861b26bcc9c07ec4ae912aa30691e0bce5204143845ff1b9/detection

193.34.167.218:7777

# Reference: https://www.telsy.com/legitimate-sites-used-as-cobalt-strike-c2s-against-indian-government/
# Reference: https://www.virustotal.com/gui/file/2bc9557307b1f5f7fba05636830b7670789edadfa137c0f1cc0de5f45ecf659f/detection

covid.comesa.int/wp-content/uploads/covid.iso
covid.comesa.int/wp-api.php
instade.co.in/assets/frontend/av_check.iso
instade.co.in/assets/frontend/zoho.php

# Reference: https://twitter.com/malwrhunterteam/status/1500122724831748101
# Reference: https://www.virustotal.com/gui/file/c3c885c1924de037024dd47786a7be2ebbf62b9485972e32d4ee45ff3d6692dc/detection

jdhebokdncube.ignorelist.com

# Reference: https://twitter.com/malwrhunterteam/status/1500126700465709056
# Reference: https://www.virustotal.com/gui/file/dca0de60d69b9183669912b02cc0dd84b375fb49f39f721d782fad08db2e98b8/detection

66.42.37.112:5566

# Reference: https://twitter.com/malwrhunterteam/status/1500127350863843332
# Reference: https://www.virustotal.com/gui/file/fd5d737659e17aa1c355a6421d28723c9aaa1d15a38b4fbd7f358f85b4359537/detection
# Reference: https://www.virustotal.com/gui/file/c4d89981f249b6631aee45bb663e6653a3e4a88942be9c1036a5d6449686442d/detection
# Reference: https://www.virustotal.com/gui/file/578b75328f8565a47d94c551af1a31f121408b6aaacac21412e7fb3a7765f319/detection

49.234.143.54:443
49.234.143.54:4444

# Reference: https://twitter.com/malwrhunterteam/status/1500127932756418562
# Reference: https://www.virustotal.com/gui/file/7e905a99ad3578a73e01912aad9f2cf1afd0fde699bf6f183f4853d40e866857/detection

139.198.124.132:13745

# Reference: https://twitter.com/malwrhunterteam/status/1500128255671771137
# Reference: https://www.virustotal.com/gui/file/ee30d13188de2cd54f03869eb11666c41da5224065822327967e350c04eb6806/detection
# Reference: https://www.virustotal.com/gui/file/d22e8abfae85d0388fc26c4690e30431936eeb8233f8a5db847ff7b03f501f78/detection
# Reference: https://www.virustotal.com/gui/file/b0985677ce9e904329d33323045fd2010d0c531e39efaa8c8324b1c3076bc2a7/detection
# Reference: https://www.virustotal.com/gui/file/832478aaa72a436c5c2c1741a391efd8566e4d9a9fcf657f05f0bb8b07fd33c8/detection

119.91.196.246:58087

# Reference: https://twitter.com/malwrhunterteam/status/1500128583829835781
# Reference: https://www.virustotal.com/gui/file/b7b888450e96652aec918b0017fcbf664e99b4939166ac0c4f807a72ef11fc99/detection
# Reference: https://www.virustotal.com/gui/file/7fd580660407eeb3fdca5ed98e83d52c4acb8c7e2cc4a90807b9568155c7758c/detection
# Reference: https://www.virustotal.com/gui/file/22b1aeb6bca2b547329382f60c3a87b0e87a2b1020cb273221e7e407a2ded4fe/detection

47.101.59.76:7707

# Reference: https://twitter.com/drb_ra/status/1500149845679554571

107.174.63.211:1433

# Reference: https://twitter.com/drb_ra/status/1500149870673420294

176.32.33.14:9001

# Reference: https://twitter.com/drb_ra/status/1500149896011210754

technicollit.com

# Reference: https://twitter.com/drb_ra/status/1500149935148343308

http://103.117.102.89

# Reference: https://twitter.com/drb_ra/status/1500149963531112448

http://209.209.113.192

# Reference: https://twitter.com/drb_ra/status/1500149993382072330

http://45.12.1.24
45.12.1.24:443

# Reference: https://twitter.com/drb_ra/status/1500150015917969410

http://185.7.214.215
185.7.214.215:443

# Reference: https://twitter.com/drb_ra/status/1500150140476219397

144.34.189.53:81

# Reference: https://twitter.com/drb_ra/status/1500150160831225858

http://35.158.21.122

# Reference: https://twitter.com/drb_ra/status/1500150189247582216

103.142.103.116:8082

# Reference: https://twitter.com/drb_ra/status/1500150225704468485

http://45.76.114.61
45.76.114.61:443

# Reference: https://twitter.com/drb_ra/status/1500150248894836739

http://154.55.138.164

# Reference: https://twitter.com/drb_ra/status/1500150278200438785

119.8.153.198:443

# Reference: https://twitter.com/drb_ra/status/1500150312845385733

http://59.110.172.50

# Reference: https://twitter.com/drb_ra/status/1500150339064012807

167.179.99.101:8072

# Reference: https://twitter.com/drb_ra/status/1500150374795251721

62.113.255.12:44333

# Reference: https://twitter.com/drb_ra/status/1500150430730498051

http://195.201.128.127

# Reference: https://twitter.com/drb_ra/status/1500150460363255815

8.142.134.43:8080

# Reference: https://twitter.com/drb_ra/status/1500150489241030658

http://118.24.142.28
118.24.142.28:443

# Reference: https://twitter.com/drb_ra/status/1500150603649097728

http://45.12.1.24
# http://45.12.1.25
45.12.1.24:443
# 45.12.1.25:443

# Reference: https://twitter.com/drb_ra/status/1500150569931005953

amazonews.org

# Reference: https://twitter.com/drb_ra/status/1500150527342043139

http://35.193.223.73

# Reference: https://twitter.com/drb_ra/status/1500150624314400771

47.242.220.29:8080

# Reference: https://www.virustotal.com/gui/file/cef19178ec7c2fa45f178948bb76417bea4ac75b3efd6ab04deb09ca9879a1b5/detection

124.222.238.34:7856

# Reference: https://www.virustotal.com/gui/file/7fc087387dea44b8cb4c03a3c93abc83802a1dface2ffa250d9ac6cc32218523/detection

124.222.238.34:8000

# Reference: https://www.virustotal.com/gui/file/299a083c2e79a1d1a64a17846ee1546d304fb97538d2b1495b6cbfe4d8d63ac3/detection
# Reference: https://www.virustotal.com/gui/file/d09baa2a397810f4a659ceed81d09c04449942e323e5f5d36ba41deb323d42b6/detection

81.68.226.250:8899

# Reference: https://twitter.com/drb_ra/status/1500391510961012740

http://118.195.163.59

# Reference: https://twitter.com/drb_ra/status/1500421274346168323

121.4.22.225:8080

# Reference: https://twitter.com/drb_ra/status/1500210297927254016

103.117.102.89:443

# Reference: https://twitter.com/drb_ra/status/1500240404310073350

http://172.81.206.175

# Reference: https://twitter.com/drb_ra/status/1500240431598256134

http://120.78.71.209
120.78.71.209:50061

# Reference: https://twitter.com/drb_ra/status/1500240521889042438

114.132.204.191:8099

# Reference: https://twitter.com/drb_ra/status/1500240593448054784

119.91.143.41:6666

# Reference: https://twitter.com/drb_ra/status/1500240621210062851

120.79.165.94:6666

# Reference: https://twitter.com/drb_ra/status/1500391510961012740

http://118.195.163.59

# Reference: https://twitter.com/drb_ra/status/1500421104984379394

101.34.210.241:8080

# Reference: https://twitter.com/drb_ra/status/1500421142858932229

47.92.85.49:443

# Reference: https://twitter.com/drb_ra/status/1500421193094021122

119.91.76.49:8088

# Reference: https://twitter.com/drb_ra/status/1500421268339843078

http://120.24.175.206

# Reference: https://twitter.com/drb_ra/status/1500421274346168323

http://121.4.22.225
121.4.22.225:8080

# Reference: https://twitter.com/drb_ra/status/1500512207712534528

8.210.244.69:443

# Reference: https://twitter.com/drb_ra/status/1500512240562278402

156.226.17.157:8081

# Reference: https://twitter.com/drb_ra/status/1500512269926555661

92.255.85.95:81

# Reference: https://twitter.com/drb_ra/status/1500512292907143171

47.242.220.29:8082

# Reference: https://twitter.com/drb_ra/status/1500512319016779779

service-3bzkgy3y-1251525822.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1500512376092774410

http://198.46.189.13

# Reference: https://twitter.com/drb_ra/status/1500512402768642053

45.12.1.24:443

# Reference: https://twitter.com/drb_ra/status/1500512424771952641

http://159.65.141.159

# Reference: https://twitter.com/drb_ra/status/1500512454299860999

http://74.220.20.50
74.220.20.50:443

# Reference: https://twitter.com/drb_ra/status/1500512477259390985

104.232.108.190:44301

# Reference: https://twitter.com/drb_ra/status/1500512501611515915

gfcbm.xyz

# Reference: https://twitter.com/drb_ra/status/1500512533148545029

http://159.89.194.96

# Reference: https://twitter.com/drb_ra/status/1500512584902000640

service-04d5qlew-1252238657.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1500512612358012933

http://139.59.60.116

# Reference: https://twitter.com/drb_ra/status/1500512639683813382

service-3bzkgy3y-1251525822.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1500512664853913601

mil-info.ru

# Reference: https://twitter.com/drb_ra/status/1500512687561883650

178.236.42.200:443

# Reference: https://twitter.com/drb_ra/status/1500512690846019588

162.55.51.194:3128

# Reference: https://twitter.com/drb_ra/status/1500512716750008328

45.9.20.35:443

# Reference: https://twitter.com/drb_ra/status/1500512743027355650

45.15.19.114:443

# Reference: https://twitter.com/drb_ra/status/1500512796047511555

198.46.189.13:443

# Reference: https://twitter.com/drb_ra/status/1500512827962019845

45.147.229.120:8088

# Reference: https://twitter.com/drb_ra/status/1500512859436064775

toppension.org
ns1.toppension.org
ns2.toppension.org
web.toppension.org

# Reference: https://twitter.com/drb_ra/status/1500512908849131527

43.128.3.54:9999

# Reference: https://twitter.com/drb_ra/status/1500512929568940034

101.43.34.192:443

# Reference: https://twitter.com/drb_ra/status/1500512963467386881

http://185.209.223.93

# Reference: https://twitter.com/drb_ra/status/1500513034250461187

45.76.161.37:443

# Reference: https://twitter.com/drb_ra/status/1500562386184454144

146.70.86.236:8443

# Reference: https://twitter.com/drb_ra/status/1500562391314149377

20.199.187.192:443

# Reference: https://twitter.com/drb_ra/status/1500603352907874305

121.43.157.137:8443

# Reference: https://twitter.com/drb_ra/status/1500603378161827840

http://124.222.226.200

# Reference: https://twitter.com/drb_ra/status/1500603414409093121

service-bih1szk1-1259245302.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1500603430322290695

66.29.156.133:443

# Reference: https://www.virustotal.com/gui/file/3bb98c23e91510e7dda7d0c83e7678c64f4c70b6bcd0b844c6f8086febdffdc8/detection

http://167.179.118.125

# Reference: https://www.virustotal.com/gui/file/f85b90f98356bdc629aadc894f62e71e4de0b6d59c6143374b850a7ab2957f42/detection

http://45.32.36.206

# Reference: https://twitter.com/drb_ra/status/1499666670033461249

healthdiaiog.com
download.healthdiaiog.com
ext.healthdiaiog.com
hostmaster.healthdiaiog.com
my.healthdiaiog.com

# Reference: https://twitter.com/drb_ra/status/1499515521435377669
# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-03-IOCs-for-Emotet-epoch4-with-Cobalt-Strike.txt

45.77.212.132:444
formatordpink.com
zxerm.com
as.formatordpink.com
qw.formatordpink.com
zx.formatordpink.com

# Reference: https://twitter.com/drb_ra/status/1500874611822575618

23.105.220.156:4444

# Reference: https://twitter.com/drb_ra/status/1500874646819901447

64.227.123.60:11443
windows-defender-update.ru

# Reference: https://twitter.com/drb_ra/status/1500874670517768193

101.33.245.37:8080

# Reference: https://twitter.com/drb_ra/status/1500874697063424008

23.105.220.156:2096
qwertqwert.tk

# Reference: https://twitter.com/drb_ra/status/1500874736338886664

sheet-google.workers.dev

# Reference: https://twitter.com/drb_ra/status/1500874771604860928

wnetpro.com

# Reference: https://twitter.com/drb_ra/status/1500874819717550080

upgradeapi-test.cf

# Reference: https://twitter.com/drb_ra/status/1500874851678146566

linkedinet.com

# Reference: https://twitter.com/drb_ra/status/1500874880690147328

15.152.33.87:4444

# Reference: https://twitter.com/drb_ra/status/1500874905222631427

http://185.38.142.75

# Reference: https://twitter.com/drb_ra/status/1500874935174156288

gdk.func.api.chinadd.cn

# Reference: https://twitter.com/drb_ra/status/1500874937929805828

110.42.230.216:443

# Reference: https://twitter.com/drb_ra/status/1500874978023153664

http://135.181.123.23
193.3.19.134:8080

# Reference: https://twitter.com/drb_ra/status/1500875001662214146

http://155.138.141.125

# Reference: https://twitter.com/drb_ra/status/1500875064329318400

91.132.59.205:81
1qaaz.xyz
ssl.1qaaz.xyz

# Reference: https://twitter.com/drb_ra/status/1500875108981870599

80.71.158.108:443

# Reference: https://twitter.com/drb_ra/status/1500875136144220174

8.210.107.130:443

# Reference: https://twitter.com/drb_ra/status/1500875172525617161

15.152.33.87:8080

# Reference: https://twitter.com/drb_ra/status/1500875205434134532

27.102.107.57:82
applebook.ml

# Reference: https://twitter.com/drb_ra/status/1500935051948736518

onlineesegurocom.com
combo.onlineesegurocom.com
estagio.onlineesegurocom.com
mail.onlineesegurocom.com

# Reference: https://twitter.com/drb_ra/status/1500935053047652352
# Reference: https://twitter.com/SBousseaden/status/1221834746084368385
# Reference: https://app.any.run/tasks/4a40a89c-bddd-4df8-993e-5732d8a52133/
# Reference: https://www.virustotal.com/gui/domain/securelogonweb.com/relations
# Reference: https://www.virustotal.com/gui/file/a8abcfde1a8d2eb3008e346c68ab4486c402e8d4dcd8d17e56787fa1c52e616b/detection

securelogonweb.com
altera.securelogonweb.com
cert.securelogonweb.com
ssl.securelogonweb.com

# Reference: https://twitter.com/drb_ra/status/1500935123721666564

http://112.126.60.177
112.126.60.177:443

# Reference: https://twitter.com/drb_ra/status/1501116350164525056

yuuh88t.com

# Reference: https://twitter.com/drb_ra/status/1501237977925787653

185.150.119.204:8080

# Reference: https://twitter.com/drb_ra/status/1501238006199562245

185.233.200.69:443

# Reference: https://twitter.com/drb_ra/status/1501238060255698947

ntcgov.org
dxb.ntcgov.org
geo-raabta.ntcgov.org
geo-tv.ntcgov.org

# Reference: https://twitter.com/drb_ra/status/1501238186806333448

45.12.1.26:8443

# Reference: https://twitter.com/drb_ra/status/1501238223783313411
# Reference: https://twitter.com/drb_ra/status/1501238224953434115

d3m17u1lrew77y.cloudfront.net
d89xmmx6e5grb.cloudfront.net
drco8vxzb7qyc.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1501238569364504587

45.95.11.246:81

# Reference: https://twitter.com/drb_ra/status/1501238297007247360

147.78.47.243:8080

# Reference: https://twitter.com/drb_ra/status/1501238323431579651

213.232.235.85:445

# Reference: https://twitter.com/drb_ra/status/1501238345954910218

5.39.221.26:443

# Reference: https://twitter.com/drb_ra/status/1501238388619415558

139.180.187.8:809

# Reference: https://twitter.com/drb_ra/status/1501238409712521226

service-rjy9pt4x-1251576337.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1501238437436870656

18.162.167.189:2096
twittter.info
bbq.twittter.info

# Reference: https://twitter.com/drb_ra/status/1501238473457651713

openssl.online

# Reference: https://twitter.com/drb_ra/status/1501238513630646275

http://119.13.88.61
8.210.131.173:443

# Reference: https://twitter.com/drb_ra/status/1501238540243513345

http://13.82.49.224

# Reference: https://twitter.com/drb_ra/status/1501238595096662018

82.157.234.149:443

# Reference: https://twitter.com/drb_ra/status/1501238623823441920

http://138.128.222.128

# Reference: https://twitter.com/drb_ra/status/1501238654785703936

69.61.38.230:4443

# Reference: https://twitter.com/drb_ra/status/1501238682476548107

sheollvde.ml

# Reference: https://twitter.com/drb_ra/status/1501238722976792583

110.42.1.151:8888

# Reference: https://twitter.com/drb_ra/status/1501238724469870595

92.255.85.95:83

# Reference: https://twitter.com/drb_ra/status/1501238755746889739

http://82.157.156.106

# Reference: https://twitter.com/drb_ra/status/1501238789573910532

monojohn.webhop.biz

# Reference: https://twitter.com/drb_ra/status/1501238824399261697

192.155.87.78:81

# Reference: https://twitter.com/drb_ra/status/1501238862915452933

23.227.202.95:1080
cpnnetwork.com

# Reference: https://twitter.com/drb_ra/status/1501238928736768008

service-hgmt6age-1302905002.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1501238969941610505

pppookkjjmm.workers.dev
small-breeze-1f36.pppookkjjmm.workers.dev

# Reference: https://twitter.com/drb_ra/status/1501239008566910985

2.56.242.66:9999

# Reference: https://twitter.com/drb_ra/status/1501297542994219010

brikeb.com

# Reference: https://twitter.com/drb_ra/status/1501297573306548224

15.152.33.87:443

# Reference: https://twitter.com/drb_ra/status/1501297790823055363

defenr.com

# Reference: https://twitter.com/drb_ra/status/1501297842408677377

benokij.com

# Reference: https://twitter.com/drb_ra/status/1501297931873243139

109.71.254.202:6433
alsor.icu

# Reference: https://twitter.com/drb_ra/status/1501330114885292035

http://104.219.215.190

# Reference: https://www.virustotal.com/gui/file/93d2201fd1fc8e636e50f98ba9df2393dae9d0ceabc709ba4848b045c722e3ac/detection
# Reference: https://www.virustotal.com/gui/file/42721dbea9486dccb07b1d5e9cd8c71da19794ae5547a38bd5b4f02c10693c33/detection

104.219.215.190:44444

# Reference: https://twitter.com/drb_ra/status/1501330259534356480

d1xkwypuyz9fm1.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1501330286851891209

dp-test1.com

# Reference: https://twitter.com/drb_ra/status/1501354634597834754

pennetestre.duckdns.org

# Reference: https://twitter.com/drb_ra/status/1501510504782737409

http://124.222.204.186

# Reference: https://twitter.com/drb_ra/status/1501510546138537987

service-1bq9q5yk-1304258173.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1501510596210081797

138.128.210.220:443

# Reference: https://twitter.com/drb_ra/status/1501510665017692170

d1ikyt7zls3fiy.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1501530972885590016

15.152.33.87:666

# Reference: https://twitter.com/drb_ra/status/1501531000576385032

cdnskyservice.com
/load-e000000002209d300000i0921071812d

# Reference: https://twitter.com/drb_ra/status/1501531028141260805

http://40.87.14.155

# Reference: https://twitter.com/drb_ra/status/1501531062828212228

http://15.152.33.87

# Reference: https://twitter.com/drb_ra/status/1501531100191068161

54.75.74.143:443

# Reference: https://twitter.com/drb_ra/status/1501531130591428620

http://185.150.119.204

# Reference: https://twitter.com/drb_ra/status/1501531145435025408

47.243.236.33:8088

# Reference: https://twitter.com/drb_ra/status/1501531174954491907

http://152.32.240.7

# Reference: https://twitter.com/drb_ra/status/1501531240599592961

119.91.76.49:8443

# Reference: https://twitter.com/drb_ra/status/1501531264498769932

175.24.20.95:7788

# Reference: https://twitter.com/drb_ra/status/1501531303811944454

http://47.100.187.102

# Reference: https://twitter.com/drb_ra/status/1501531311156211719

http://194.156.99.19

# Reference: https://twitter.com/drb_ra/status/1501531347659153413

46.29.167.76:4443

# Reference: https://twitter.com/drb_ra/status/1501531394333413380

homeworkisonate.com

# Reference: https://twitter.com/drb_ra/status/1501531421357363200

42.193.221.223:8081

# Reference: https://twitter.com/drb_ra/status/1501531429687238664

39.106.83.74:4321

# Reference: https://twitter.com/drb_ra/status/1501531461857460226

42.193.53.74:4443

# Reference: https://twitter.com/drb_ra/status/1501531484942966785

http://124.221.109.66

# Reference: https://twitter.com/drb_ra/status/1501531517679513604

42.192.118.68:8080

# Reference: https://twitter.com/drb_ra/status/1501531539707998214

42.192.118.141:8888

# Reference: https://twitter.com/drb_ra/status/1501531611178930181

http://101.34.142.142

# Reference: https://twitter.com/drb_ra/status/1501531637485608964

http://54.75.74.143

# Reference: https://twitter.com/drb_ra/status/1501531667298766851

103.10.97.202:8080

# Reference: https://twitter.com/drb_ra/status/1501531692338761733

jquery-ajax.xyz
nodejs.jquery-ajax.xyz

# Reference: https://twitter.com/drb_ra/status/1501531723485614085

120.26.240.21:8080

# Reference: https://twitter.com/drb_ra/status/1501531757086232579

106.52.37.188:8080

# Reference: https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html

http://185.150.117.186
/asdfgsdhsdfgsdfg

# Reference: https://twitter.com/malwrhunterteam/status/1501550442668507143

193.56.29.230:8012

# Reference: https://twitter.com/malwrhunterteam/status/1501553222594531330
# Reference: https://www.virustotal.com/gui/file/9160d02294fcba0d8d02c6388646eee47a487e13f1af7310461cc0e2e7f57ed5/detection

service-p4drfmi7-1256639881.sh.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/6359edc33655211a1c5d0237ef95fdd11b6a26a8f74d4ec0750dda957b30ec6c/detection

http://121.37.153.102

# Reference: https://twitter.com/malwrhunterteam/status/1501573007671795716
# Reference: https://www.virustotal.com/gui/file/fa24f7d6680ff9279e444ed1ce836faeb9fe5efaa94c7651fec0051fa579cb33/detection

http://101.35.138.184
101.35.138.184:8001

# Reference: https://twitter.com/malwrhunterteam/status/1501586218613710853
# Reference: https://www.virustotal.com/gui/file/1bb0181ab5bc4d08dbdb49c3b52b44b98edf2429bfb2af6cdf709bbbe3a55cb5/detection
# Reference: https://www.virustotal.com/gui/file/cc483c74fa45348eb9a0d54788eafb81f410c12cf410d232faa5f3dfd3ac54e0/detection
# Reference: https://www.virustotal.com/gui/file/e5936b36c6bd9172fc85ffdd9035c926847c473b085f45cf6f3a0b44cb2d258c/detection

175.178.62.140:18922

# Reference: https://twitter.com/drb_ra/status/1501602294533701640

139.162.52.195:4444

# Reference: https://twitter.com/drb_ra/status/1501569338138152964

service-k43f6rw9-1308954353.kr.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1501601692269305862

45.142.215.59:8085

# Reference: https://twitter.com/drb_ra/status/1501601718076858378

185.23.214.111:443

# Reference: https://twitter.com/drb_ra/status/1501601749366411265

146.56.109.12:6666

# Reference: https://twitter.com/drb_ra/status/1501601804357976064

http://1.13.156.142
http://77.66.55.44
http://88.99.11.22

# Reference: https://twitter.com/drb_ra/status/1501601856182751238

d2efeg4h4.com
ns1.d2efeg4h4.com

# Reference: https://twitter.com/drb_ra/status/1501601861652078593

124.222.95.72:443

# Reference: https://twitter.com/drb_ra/status/1501601894074048516

http://5.39.221.26

# Reference: https://twitter.com/drb_ra/status/1501601926072438785

http://77.88.196.146

# Reference: https://twitter.com/drb_ra/status/1501601954069372931

kapuleti.com

# Reference: https://twitter.com/drb_ra/status/1501601986780803079

45.61.161.173:443

# Reference: https://twitter.com/drb_ra/status/1501602051750514692

104.156.63.229:8080
edgekey.digital

# Reference: https://twitter.com/drb_ra/status/1501602090883424259

021337.shop
c1.021337.shop

# Reference: https://twitter.com/drb_ra/status/1501602125301927945

diegomaster.com

# Reference: https://twitter.com/drb_ra/status/1501602156004192263

http://173.225.111.163

# Reference: https://twitter.com/drb_ra/status/1501602195325833223

107.172.246.58:2096
chinaunionsec.tk
zh.chinaunionsec.tk

# Reference: https://twitter.com/drb_ra/status/1501602223603822592

69.49.235.167:8855

# Reference: https://twitter.com/mojoesec/status/1501607489867063307

fedij.com
kejimn.com

# Reference: https://twitter.com/drb_ra/status/1501659901122297858

benefits-updates.com
new.benefits-updates.com

# Reference: https://twitter.com/drb_ra/status/1501690475098554369

178.208.94.214:8080

# Reference: https://twitter.com/drb_ra/status/1501690518027354113

175.178.115.101:443

# Reference: https://twitter.com/drb_ra/status/1501690600407638017

windows-updata.workers.dev
windows-updata.windows-updata.workers.dev

# Reference: https://twitter.com/drb_ra/status/1501690647513690113

http://34.92.23.156

# Reference: https://twitter.com/drb_ra/status/1501690697379889152

101.43.147.69:83

# Reference: https://twitter.com/drb_ra/status/1501841046162006017

http://179.43.187.70

# Reference: https://twitter.com/drb_ra/status/1501841071608840193

110.42.204.253:8011

# Reference: https://twitter.com/drb_ra/status/1501841142106705921

162.14.79.254:8443

# Reference: https://twitter.com/drb_ra/status/1501841158355492868

106.52.65.141:12345

# Reference: https://twitter.com/drb_ra/status/1501841196032876544

120.79.165.94:12119

# Reference: https://twitter.com/drb_ra/status/1501871991783145474

103.151.229.42:8443

# Reference: https://twitter.com/drb_ra/status/1501872070455697413

101.35.198.197:8000

# Reference: https://twitter.com/drb_ra/status/1501872102890254339

service-7pxil39m-1259245302.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1501872130992091141

# 45.12.1.25:8443

# Reference: https://twitter.com/drb_ra/status/1501872195106181126

45.12.1.24:8443

# Reference: https://twitter.com/drb_ra/status/1501872215880577025

47.106.97.239:8008

# Reference: https://twitter.com/drb_ra/status/1501872251544780808

317317.xyz
cloudflare.317317.xyz

# Reference: https://www.virustotal.com/gui/file/da73ea0a99500699e427ad5402991b815a779939c26bc71cf61cadbad68193b7/detection

110.42.252.206:44444

# Reference: https://www.virustotal.com/gui/file/af89914379957567f91697e8de0a96652cb22ab9ea0ddcbc4a3a844a8feab45f/detection

110.42.252.206:2233

# Reference: https://www.virustotal.com/gui/file/66565f3b72e546d7f4e355202978a27105eb0e12137fce5b7d8142b351fce753/detection
# Reference: https://www.virustotal.com/gui/file/209d0b95d437c14c9c38c855d4ce85299984a27309bb1ca6ae6b6f37ff85cd28/detection

http://46.3.242.35

# Reference: https://twitter.com/malwrhunterteam/status/1502035375304462337
# Reference: https://www.virustotal.com/gui/file/e90886948e333a0d639f7214126858ac7776c5c712386a27a5a2cb0690684fba/detection
# Reference: https://www.virustotal.com/gui/file/a304dd7cbc16f0a738c6914531b52fcf1d2e9f6359197a75396250cfeaee1662/detection

http://101.43.162.178
payload.buzz
payload.press
shellcode.monster

# Reference: https://www.cisa.gov/uscert/ncas/alerts/aa21-265a
# Reference: https://otx.alienvault.com/pulse/622a157368a7fc886f0ea5d1

badiwaw.com
basisem.com
bujoke.com
bupula.com
cajeti.com
cilomum.com
comecal.com
dawasab.com
dohigu.com
dubacaj.com
fecotis.com
fipoleb.com
fofudir.com
ganobaz.com
gerepa.com
guvafe.com
hakakor.com
hejalij.com
hepide.com
hidusi.com
hoguyum.com
jecubat.com
joxinu.com
kidukes.com
kipitep.com
kogasiv.com
kuyeguh.com
lipozi.com
lujecuk.com
masaxoc.com
mebonux.com
mihojip.com
movufa.com
nawusem.com
nerapo.com
paxobuy.com
pazovet.com
pihafi.com
pilagop.com
pipipub.com
pofifa.com
raferif.com
rexagi.com
rimurik.com
sidevot.com
suhuhow.com
tiyuzub.com
vegubu.com
vigave.com
vonavu.com
wezeriw.com
wudepen.com
wuluxo.com
wuvehus.com
wuvici.com
wuvidi.com
xegogiv.com

# Reference: https://twitter.com/drb_ra/status/1501931901119963145

195.133.11.145:5778

# Reference: https://twitter.com/drb_ra/status/1501931972234522624

service-cyaokww2-1305143419.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1501964292614144004

http://18.212.82.159
http://52.90.113.83
http://54.165.209.11
http://54.173.47.116
http://54.197.198.20
http://54.211.136.211
18.212.82.159:443
52.90.113.83:443
54.165.209.11:443
54.173.47.116:443
54.197.198.20:443
54.211.136.211:443

# Reference: https://twitter.com/drb_ra/status/1501964551901822979

http://195.211.98.61

# Reference: https://twitter.com/drb_ra/status/1501964576790827019

198.148.120.78:6666

# Reference: https://twitter.com/drb_ra/status/1501964683938512900

15.160.103.23:443

# Reference: https://twitter.com/drb_ra/status/1501964797524467715

137.184.238.40:2002

# Reference: https://twitter.com/drb_ra/status/1501964822577127424

3.93.190.179:443

# Reference: https://twitter.com/drb_ra/status/1501964860556521483

hazel-view.ca

# Reference: https://twitter.com/drb_ra/status/1501964908396785667

http://198.55.123.148

# Reference: https://twitter.com/drb_ra/status/1501964949614125057

http://45.91.81.8

# Reference: https://twitter.com/drb_ra/status/1501964983063748611

inujipip.xyz

# Reference: https://twitter.com/drb_ra/status/1501965084226211840

http://2.58.149.201

# Reference: https://twitter.com/drb_ra/status/1501965113200365572

http://3.93.190.179

# Reference: https://twitter.com/drb_ra/status/1501965154745004041

45.117.103.235:9999

# Reference: https://twitter.com/drb_ra/status/1501965194007830531

156.236.96.184:8000

# Reference: https://twitter.com/drb_ra/status/1501965222009085966

192.155.95.252:88

# Reference: https://twitter.com/drb_ra/status/1501965246516404230

54.39.83.138:4444

# Reference: https://twitter.com/drb_ra/status/1501965256716861441

2.56.59.237:443

# Reference: https://twitter.com/drb_ra/status/1501965288878886914

40.121.241.79:8888

# Reference: https://twitter.com/drb_ra/status/1501965321288265735

64.227.5.45:8080
benefits-update.com
bigy.benefits-update.com
myollies.benefits-update.com
new.benefits-update.com
vpn.benefits-update.com

# Reference: https://twitter.com/drb_ra/status/1501965348458926080

193.3.19.134:10443

# Reference: https://twitter.com/drb_ra/status/1501965376221061125
# Reference: https://www.virustotal.com/gui/file/10b546695515e4a6e44a8e99c67b647d182ecfaa56c7df1da958f58e44e61c60/detection

138.197.154.208:443
http://139.180.156.26
audio-sv5-t1-3.pandora.com

# Reference: https://twitter.com/drb_ra/status/1501965405224685574

210.3.157.178:443

# Reference: https://twitter.com/drb_ra/status/1502015004656164866

http://54.217.167.205

# Reference: https://twitter.com/drb_ra/status/1502055146871791616

146.0.72.87:8580

# Reference: https://twitter.com/drb_ra/status/1502055203973042182

175.178.158.20:8443
sangfor.info

# Reference: https://twitter.com/drb_ra/status/1502055246658519042

27.124.47.19:18443

# Reference: https://twitter.com/drb_ra/status/1502055320251768832

service-4yzvrkp5-1256842621.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1502055379135565825

aspdotnetpro.com

# Reference: https://twitter.com/drb_ra/status/1502095524102557704

josefgur.com

# Reference: https://twitter.com/drb_ra/status/1502095605421809665

billiokz.com

# Reference: https://twitter.com/drb_ra/status/1502203728551718915

http://110.40.188.20

# Reference: https://twitter.com/drb_ra/status/1502203758306017283

service-fxd8tg9w-1300302924.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1502203801448636417

service-ivgxsjjj-1303081427.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1502203880108658689

service-d3gos2vc-1307608206.gz.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/c8de2c4e831dfd5ac9d6981b3b97f9e9e0f9559e73befe6003d32cbc05b787e1/detection

95.141.41.29:401

# Reference: https://www.virustotal.com/gui/file/00ce5507effe3ff6a613f0829b10c94b7923f6303d33f232939e6b881c0aa6e5/detection

95.141.41.29:402

# Reference: https://www.virustotal.com/gui/file/4daff0a40ef29c44ff9b92ddfe9e440d59bc3ec1607ccb0ce1a58f4d1de2584b/detection
# Reference: https://www.virustotal.com/gui/file/308dbac904248621e1dc50349d23834048c0be924701225a3cd787ebf1431135/detection

95.141.41.29:82

# Reference: https://cert.gov.ua/article/37704

45.84.0.116:443
forkscenter.fr
nirsoft.me
/2MYmbwpSJLZRAtXRgNTAUjJSH6SSoicLPIrQl/

# Reference: https://twitter.com/drb_ra/status/1502282201462976515

173.82.248.100:4567

# Reference: https://twitter.com/drb_ra/status/1502282098228477952

minileets.com
21-433.minileets.com
sccm.minileets.com

# Reference: https://www.virustotal.com/gui/file/b294c4f743a427f2424be98bc0562550422e8fe52e86c5857097653e7b60bf05/detection
# Reference: https://www.virustotal.com/gui/file/82819cc3997f579b55ebbb1658db4afaf89b47f194be31d6e5a9f8fc3f47ba79/detection
# Reference: https://www.virustotal.com/gui/file/65fa9f09fb844ae164508bfd163181777ebf6ee10ac1bf632db1f10c961da102/detection

124.222.164.175:13548

# Reference: https://www.virustotal.com/gui/file/fcb311dc09fc284de5532f188fdd6d24892072cd68316cb1d3e404a143d0e167/detection
# Reference: https://www.virustotal.com/gui/file/4563aea1c0aedc9b09174eab7936fc6a5ce222721144ee4e2791599bdb63a8f0/detection

170.106.194.97:8000

# Reference: https://www.virustotal.com/gui/file/66a8cee427a7ed836e646d04b35e797f58ca0cb9ab5438a6b3d9e76e9836f781/detection

170.106.194.97:9999

# Reference: https://www.virustotal.com/gui/file/d041b22ff30121beebc9ff1f00510b812510e4c5c3d08b467fc2228426d8de5d/detection
# Reference: https://www.virustotal.com/gui/file/4a123d4b1d17368fe3571283119a71bd499037e765cf87e7ff3d3c36182bdf4a/detection

194.87.68.252:4455

# Reference: https://twitter.com/TheDFIRReport/status/1502305851616509952

cloudmedia.cf
system.gq
ns.system.gq

# Reference: https://twitter.com/TheDFIRReport/status/1502324722729512962

124.222.224.83:8081

# Reference: https://www.virustotal.com/gui/file/d5bccdc027efa9279a07cdbfaa6f527b71c85ce7091d63d261c7256717fe5536/detection

47.101.190.20:40009

# Reference: https://www.virustotal.com/gui/file/34eda262f3aeb057405aa24dd70d45ecbe632507cde452024ac1df6496437d83/detection

81.69.33.253:8041

# Reference: https://www.virustotal.com/gui/file/e4f6be7c6ee45239892b67561ad0a01056cbd2e97aeb14737e52d313ad3e32ac/detection

81.69.33.253:7755

# Reference: https://www.virustotal.com/gui/file/aec7270b4c8961e2918f905e24d5397e33da08834ccfcdefec227d902db1266c/detection

81.69.33.253:6677
81.69.33.253:8065

# Reference: https://www.virustotal.com/gui/file/29ee99b56d7b5e2ab25119b56c400b6b741b694e7fb340ff2a4ec7d99d8a13c5/detection

81.69.33.253:8011

# Reference: https://www.virustotal.com/gui/file/969fddafa75e5cff366bc95cc48ad6fe86e7e98966b4deb633adad4f005efcfa/detection

182.61.54.109:9966

# Reference: https://twitter.com/drb_ra/status/1502325183050563584

210.3.157.178:8080

# Reference: https://twitter.com/drb_ra/status/1502325268710580234
# Reference: https://twitter.com/drb_ra/status/1502325632189046784

http://212.193.30.229
212.193.30.229:443
/Recursive/gate/TI2F34YTY

# Reference: https://twitter.com/drb_ra/status/1502325303183654912

http://201.21.208.160

# Reference: https://twitter.com/drb_ra/status/1502325320510316547

46.29.165.64:8002

# Reference: https://twitter.com/drb_ra/status/1502325346624061448

http://194.233.69.70

# Reference: https://twitter.com/drb_ra/status/1502325397257601029
# Reference: https://www.virustotal.com/gui/ip-address/141.193.158.18/relations

http://141.193.158.18
mlcr0s0ft.org

# Reference: https://twitter.com/drb_ra/status/1502325431357386756

msfdomainbuinder.com

# Reference: https://twitter.com/drb_ra/status/1502325468095254532

http://97.74.82.117

# Reference: https://twitter.com/drb_ra/status/1502325507681042433

212.86.108.104:443

# Reference: https://twitter.com/drb_ra/status/1502325537481625606

124.223.78.79:8883

# Reference: https://twitter.com/drb_ra/status/1502325601352491015

http://149.28.16.16

# Reference: https://twitter.com/drb_ra/status/1502325669132447752

helpdesksecurityoff.com

# Reference: https://twitter.com/drb_ra/status/1502325704620445698

103.40.138.52:443

# Reference: https://twitter.com/drb_ra/status/1502325736690044929

http://200.175.93.238

# Reference: https://twitter.com/drb_ra/status/1502325751651127299

service-3iwblltw-1309502842.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1502325781451706372

http://2.56.59.237

# Reference: https://twitter.com/drb_ra/status/1502325809075396617

192.3.145.46:443

# Reference: https://twitter.com/drb_ra/status/1502325842420146179

103.169.90.143:9443

# Reference: https://twitter.com/drb_ra/status/1502325868814815235

http://173.225.111.175

# Reference: https://twitter.com/drb_ra/status/1502325897013219337

23.225.191.79:4444

# Reference: https://twitter.com/drb_ra/status/1502325917821149189

96.45.169.106:2082
bbuguck.tk

# Reference: https://twitter.com/drb_ra/status/1502325941258919938

65.108.223.13:443

# Reference: https://twitter.com/drb_ra/status/1502325977954803713

156.238.26.223:8443
oracle-javaee.tk

# Reference: https://twitter.com/drb_ra/status/1502326004693483527

13.40.225.98:443

# Reference: https://twitter.com/drb_ra/status/1502374331791425540

129.226.164.41:8443

# Reference: https://twitter.com/drb_ra/status/1502384799427801096

cgi-training.com
r1.cgi-training.com
r2.cgi-training.com

# Reference: https://twitter.com/drb_ra/status/1502384872396046341

http://84.32.188.189

# Reference: https://twitter.com/drb_ra/status/1502384908123136003

46.3.242.175:443

# Reference: https://twitter.com/drb_ra/status/1502415907846602752

http://47.107.110.187

# Reference: https://twitter.com/drb_ra/status/1502415972208103430

124.223.7.26:8080
dxszl.tk

# Reference: https://twitter.com/drb_ra/status/1502416004290334725

49.232.1.225:8080

# Reference: https://twitter.com/drb_ra/status/1502416032685768707

47.107.101.212:28080

# Reference: https://twitter.com/drb_ra/status/1502416059193860096

212.86.108.104:443

# Reference: https://twitter.com/drb_ra/status/1502416082807799813

124.222.226.200:8080

# Reference: https://twitter.com/drb_ra/status/1502416192140685316

http://106.75.223.111

# Reference: https://twitter.com/drb_ra/status/1502416212327903252

114.132.243.242:3333

# Reference: https://twitter.com/drb_ra/status/1502416239834144771

101.35.96.214:81

# Reference: https://twitter.com/drb_ra/status/1502596367306444804

81.70.163.169:88

# Reference: https://twitter.com/drb_ra/status/1502596486626000900

101.34.119.62:8080

# Reference: https://www.virustotal.com/gui/file/2fabea1aaff0a067285efcce4542887b23e0539080e64c8e9e77d9ecab34451c/detection
# Reference: https://www.virustotal.com/gui/file/0cd83b32e52581159339d4c20f77c6536a759cea512369acab523ef7290d8139/detection

101.43.79.222:8011

# Reference: https://twitter.com/drb_ra/status/1502686522230853632

http://91.240.87.19

# Reference: https://twitter.com/drb_ra/status/1502686553751097349

mcfsoftc.com

# Reference: https://twitter.com/drb_ra/status/1502686606712520708

http://64.27.27.124

# Reference: https://twitter.com/drb_ra/status/1502686641818906628

http://210.212.93.250
http://210.212.93.251

# Reference: https://twitter.com/drb_ra/status/1502686667584516099

fatumarulodge.net

# Reference: https://twitter.com/drb_ra/status/1502686694973267974

103.242.133.55:5678

# Reference: https://www.virustotal.com/gui/file/c45afbd8c2d87ebd87359280045f283f870b7cfa48759e65765f76c4ea2b911e/detection

103.242.133.55:4443

# Reference: https://twitter.com/drb_ra/status/1502686729224036360

47.242.86.193:2083
updatemlcrosoft.com

# Reference: https://twitter.com/drb_ra/status/1502686817816088578

109.205.56.154:8443

# Reference: https://twitter.com/drb_ra/status/1502686834689810442

72.44.65.82:8443

# Reference: https://twitter.com/drb_ra/status/1502686887252799491

http://47.243.61.79

# Reference: https://twitter.com/drb_ra/status/1502686920199086082

msupdate.tk
online.msupdate.tk

# Reference: https://twitter.com/drb_ra/status/1502686945054498816

121.5.61.8:8012

# Reference: https://twitter.com/drb_ra/status/1502686963140333571

119.91.223.177:8771

# Reference: https://twitter.com/drb_ra/status/1502686986024505360

200.175.93.238:443

# Reference: https://twitter.com/drb_ra/status/1502687066907369472

31.24.229.202:4431
ebrdlab.com

# Reference: https://twitter.com/drb_ra/status/1502687092626935818

23.227.196.58:1443
webdatabasesystem.com

# Reference: https://twitter.com/drb_ra/status/1502687120053481481

forex-service.com
apiv2.forex-service.com

# Reference: https://twitter.com/drb_ra/status/1502687172675178498

api-myip.workers.dev
api.api-myip.workers.dev

# Reference: https://twitter.com/drb_ra/status/1502687262810718208

47.243.236.33:8089

# Reference: https://twitter.com/drb_ra/status/1502687289666936837

68.183.252.57:443

# Reference: https://twitter.com/drb_ra/status/1502687317957488647

45.77.168.164:443

# Reference: https://twitter.com/drb_ra/status/1502687342791991307

172.86.75.27:443

# Reference: https://twitter.com/drb_ra/status/1502687412727787530

103.234.72.78:443

# Reference: https://twitter.com/drb_ra/status/1502687439424528393

nas-update.com

# Reference: https://twitter.com/drb_ra/status/1502687468952424453

121.5.195.89:9000

# Reference: https://twitter.com/drb_ra/status/1502687493577220110

91.213.50.251:81

# Reference: https://twitter.com/drb_ra/status/1502687514120892422

47.250.45.107:8081

# Reference: https://twitter.com/drb_ra/status/1502687540821770240

47.250.45.107:8080

# Reference: https://twitter.com/drb_ra/status/1502687559280902144

134.209.190.139:443

# Reference: https://www.virustotal.com/gui/file/b36a750cde0ad73940cd64959425d96503a2e9116b80fa8d97303b7eaf21eb1b/detection
# Reference: https://www.virustotal.com/gui/file/96d2be3fec02b500e89ace579709a0800816a4b65d0ec7ba6aa9cb1f86420e3e/detection
# Reference: https://www.virustotal.com/gui/file/23b1a586a2191770f8a8ada4f0a71133cb364680e0ab168f1caf05a67cb86ffb/detection

http://193.70.40.254
193.70.40.254:443
/Damage/energy/B0JQOHSE5UA

# Reference: https://www.virustotal.com/gui/file/43fb748d25f56d53ad3987c3b122ecd5376599aef9f00732a746878fc750e433/detection
# Reference: https://www.virustotal.com/gui/file/ffafe9633fa39a8d95585672288e13597fb44671aa5918a0ab01214cc51e88fb/detection

http://144.202.116.34
144.202.116.34:8010

# Reference: https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41
# Reference: https://otx.alienvault.com/pulse/615da9a8e2c277e1749757c3

http://107.182.24.70
http://144.202.98.198

# Reference: https://twitter.com/drb_ra/status/1502777613672189955
# Reference: https://www.virustotal.com/gui/file/348770fd1ac97d4779c48ebf41ad0780a5342a052526839bdc6df06be62ffeb0/detection

119.3.141.162:443

# Reference: https://twitter.com/drb_ra/status/1502777616088117251

service-agugfaq3-1307697132.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1502777680760037381

124.223.63.47:8888

# Reference: https://twitter.com/drb_ra/status/1502777797588226050

http://141.164.51.180

# Reference: https://twitter.com/drb_ra/status/1502960265234632704

101.43.79.222:8443

# Reference: https://twitter.com/drb_ra/status/1502960303142850561

110.42.206.16:443

# Reference: https://twitter.com/drb_ra/status/1502960366426464258

http://120.78.71.19

# Reference: https://twitter.com/drb_ra/status/1502960397787217931

http://81.68.65.153

# Reference: https://twitter.com/Max_Mal_/status/1503043014230519810

http://5.255.100.242
updatedaemon.com

# Reference: https://twitter.com/drb_ra/status/1503051938455343105

72.44.65.82:2095

# Reference: https://twitter.com/drb_ra/status/1503051969442758659

http://118.184.180.30

# Reference: https://twitter.com/drb_ra/status/1503051999079710723

182.161.69.154:8088

# Reference: https://twitter.com/drb_ra/status/1503052021808644096

194.14.208.40:11443
shavar-services.space

# Reference: https://twitter.com/drb_ra/status/1503052055111512069

176.121.14.117:31001
hatrabama.onion

# Reference: https://twitter.com/drb_ra/status/1503052078352117760

49.232.1.225:8090

# Reference: https://twitter.com/drb_ra/status/1503052098497388547

103.234.72.53:8877

# Reference: https://twitter.com/drb_ra/status/1503052136267100161

103.149.90.238:4444

# Reference: https://twitter.com/drb_ra/status/1503052155237896193
# Reference: https://twitter.com/drb_ra/status/1503052156353585168
# Reference: https://twitter.com/drb_ra/status/1503052157339283459

d16znfyk4io85v.cloudfront.net
d1pgvo5o7omnol.cloudfront.net
d1py5zango4p59.cloudfront.net
d9q3jo6padkib.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1503052231146450947

184.168.122.184:443

# Reference: https://twitter.com/drb_ra/status/1503052262058467333

64.27.27.124:6443

# Reference: https://twitter.com/drb_ra/status/1503052316605308933

182.161.69.156:8088

# Reference: https://twitter.com/drb_ra/status/1503052337723629569

201.21.208.160:443

# Reference: https://twitter.com/drb_ra/status/1503052356098875397

catinfo.top
lib.catinfo.top

# Reference: https://twitter.com/drb_ra/status/1503052381898129415

update07.microsoft-essentials.com

# Reference: https://twitter.com/drb_ra/status/1503052417121853448

47.107.76.95:12314

# Reference: https://twitter.com/drb_ra/status/1503052462822989824

72.44.65.82:8880

# Reference: https://twitter.com/drb_ra/status/1503052483341529093

182.161.69.157:4444

# Reference: https://twitter.com/drb_ra/status/1503052514563870736

45.150.236.40:443

# Reference: https://twitter.com/drb_ra/status/1503052539394150400

http://184.168.122.184

# Reference: https://twitter.com/drb_ra/status/1503052601109237764

182.161.69.154:4444

# Reference: https://twitter.com/drb_ra/status/1503053055503355909

182.161.69.155:8088

# Reference: https://twitter.com/drb_ra/status/1503052618775605249

167.179.91.226:2096
gxtv.xyz
ak.gxtv.xyz

# Reference: https://twitter.com/drb_ra/status/1503052651881283586

84.32.188.211:5000

# Reference: https://twitter.com/drb_ra/status/1503052673909673984

metacloud.name

# Reference: https://twitter.com/drb_ra/status/1503052715609530381

91.240.87.19:443

# Reference: https://twitter.com/drb_ra/status/1503052743702982657

182.161.69.157:8088

# Reference: https://twitter.com/drb_ra/status/1503052757477040129

47.107.37.206:199

# Reference: https://twitter.com/drb_ra/status/1503052760530534403

1.116.180.87:8099

# Reference: https://twitter.com/drb_ra/status/1503052792654671873

http://150.158.186.39

# Reference: https://twitter.com/drb_ra/status/1503052834761330688

digicdnkey.tech

# Reference: https://twitter.com/drb_ra/status/1503053005649817603

http://154.222.231.87

# Reference: https://twitter.com/drb_ra/status/1503053034166886404

2.56.59.237:3389

# Reference: https://twitter.com/drb_ra/status/1503099118939512846

81.68.118.217:7000

# Reference: https://twitter.com/drb_ra/status/1503099111020666884

185.146.232.82:443

# Reference: https://twitter.com/drb_ra/status/1503109757997101068

182.161.69.155:4444

# Reference: https://twitter.com/drb_ra/status/1503109523699126279

182.161.69.156:4444

# Reference: https://twitter.com/drb_ra/status/1503109544901292034

123.60.74.61:81

# Reference: https://twitter.com/drb_ra/status/1503109570620755979

119.91.76.49:8445

# Reference: https://twitter.com/drb_ra/status/1503280320979812352

103.234.72.73:443

# Reference: https://twitter.com/drb_ra/status/1503290918803234817

http://118.184.180.30

# Reference: https://twitter.com/drb_ra/status/1503290940433305603

81.68.246.235:5555

# Reference: https://twitter.com/drb_ra/status/1503290948633219077

96.45.169.106:8443

# Reference: https://twitter.com/drb_ra/status/1503290998855806977

124.223.7.26:8666

# Reference: https://twitter.com/drb_ra/status/1503291083790376964
# Reference: https://www.virustotal.com/gui/domain/opensearch.xyz/relations

opensearch.xyz
api.opensearch.xyz
cdn.opensearch.xyz
mail.opensearch.xyz

# Reference: https://twitter.com/drb_ra/status/1503322079520821253

47.107.113.35:30007

# Reference: https://twitter.com/drb_ra/status/1503322113050132484

119.23.76.18:8888

# Reference: https://twitter.com/drb_ra/status/1503381355777998859

digitalzone24.com

# Reference: https://twitter.com/drb_ra/status/1503412226841055232

47.242.21.24:39003
flashupdate.net

# Reference: https://twitter.com/drb_ra/status/1503412259401388037

66.42.117.211:4433

# Reference: https://twitter.com/drb_ra/status/1503412315043082244

185.170.42.91:443

# Reference: https://twitter.com/drb_ra/status/1503412343207776263

47.245.56.140:443

# Reference: https://twitter.com/drb_ra/status/1503412353483816970

svchost.ml

# Reference: https://twitter.com/drb_ra/status/1503412390574055424

103.142.103.116:4431

# Reference: https://twitter.com/drb_ra/status/1503412423532949512

82.156.7.60:443

# Reference: https://twitter.com/drb_ra/status/1503412453849325568

182.161.69.158:4444

# Reference: https://twitter.com/drb_ra/status/1503412482379026438

service-rc10gcrx-1307066631.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1503412524837920781
# Reference: https://www.virustotal.com/gui/file/d1871063ad2ab8bf82238892d73c4844e35b69c96007384b2fc5ece0fb060405/detection
# Reference: https://www.virustotal.com/gui/file/28e7f63b44b84afcd2ce049d16f2c957ff769d438041e012318743946816267a/detection
# Reference: https://www.virustotal.com/gui/file/0ceb31dde8778a306fce396f6f89f8e2261ceb809456800fd09333b08479f6f2/detection

101.32.45.23:3048
104.21.6.134:8080
172.67.154.223:8080
systemdate.com
up1.systemdate.com
update.systemdate.com

# Reference: https://twitter.com/drb_ra/status/1503412550242811904

http://8.142.71.238

# Reference: https://twitter.com/drb_ra/status/1503412593591033861

5.8.16.22:8080

# Reference: https://twitter.com/drb_ra/status/1503412631138406403

43.153.23.145:443

# Reference: https://twitter.com/drb_ra/status/1503412672775266307

167.179.89.198:4477

# Reference: https://twitter.com/drb_ra/status/1503461483224653824

157.245.94.17:8081

# Reference: https://twitter.com/drb_ra/status/1503461489025372161

http://146.70.86.23

# Reference: https://twitter.com/drb_ra/status/1503461492666114049

178.131.88.47:8443

# Reference: https://twitter.com/drb_ra/status/1503461495396761600

45.83.122.99:8443

# Reference: https://twitter.com/drb_ra/status/1503471827674349571

baidencult.com

# Reference: https://twitter.com/drb_ra/status/1503471897648025602

47.119.130.119:8081

# Reference: https://twitter.com/drb_ra/status/1503472026287235079

http://45.77.168.164

# Reference: https://twitter.com/drb_ra/status/1503472053554454534

39.105.15.102:9443
tianya.baidu.com

# Reference: https://twitter.com/drb_ra/status/1503472127500079106

new.healthdiaiog.com

# Reference: https://www.virustotal.com/gui/file/5b3e42a64517b6dfb99ece1cbc2bc2171a7e2a4dbd22ee722774c20064dd3743/detection
# Reference: https://www.virustotal.com/gui/file/272fae6a994c3a82dac9642eb11227f9e9ee8deccc9d3a27149fd4c99cd65eb2/detection

175.24.179.95:4444

# Reference: https://www.virustotal.com/gui/file/e32702a522b1d122e18fd6107325ffe3d3172c59084c63be100d5e3b9740e7c7/detection

119.3.152.152:9999

# Reference: https://www.virustotal.com/gui/file/d5f186f4722ec2a0842331b3d223528aa2805e15e36241d1b0616f3fe1ea61aa/detection

http://119.3.152.152

# Reference: https://twitter.com/malwrhunterteam/status/1503707019789979650
# Reference: https://www.virustotal.com/gui/file/bee477999b629375f40b062ce90431a9eaff9faa657b2f93bdfb531874a737f5/detection

poorguy.xyz
mic.poorguy.xyz

# Reference: https://twitter.com/fr0s7_/status/1503687570189955076
# Reference: https://www.virustotal.com/gui/file/ba4288c435c07f3ceda41161ee1b18af9d78518b88336a52908a199ac15f7aac/detection

balldu.shop
instagam.shop

# Reference: https://www.virustotal.com/gui/file/1e9ae42208d8da1715360c87743e81a47c4d19a1f4ea76db32afc8c0d67a01db/detection

198.52.97.132:8888

# Reference: https://twitter.com/C0ryInTheHous3/status/1503784016260079617

billiopa.com

# Reference: https://twitter.com/drb_ra/status/1503502232997838850

http://8.142.231.52

# Reference: https://twitter.com/drb_ra/status/1503502292296810503

39.100.26.144:8080

# Reference: https://twitter.com/drb_ra/status/1503502315722051585

http://124.223.53.86

# Reference: https://twitter.com/drb_ra/status/1503502359682498562

http://207.148.114.196

# Reference: https://twitter.com/drb_ra/status/1503502389738983430

23.227.198.209:1080
serverupdater.com

# Reference: https://twitter.com/drb_ra/status/1503502428343357440

1.117.89.216:9009

# Reference: https://twitter.com/drb_ra/status/1503502486631776257

8.142.11.136:9090

# Reference: https://twitter.com/drb_ra/status/1503502524745228290

ms-log-upload.tk
web.ms-log-upload.tk

# Reference: https://twitter.com/drb_ra/status/1503502611315666950

1.15.240.53:8088

# Reference: https://twitter.com/drb_ra/status/1503684181775298560

http://5.39.218.208

# Reference: https://twitter.com/drb_ra/status/1503684312293588994

114.132.233.42:9898

# Reference: https://twitter.com/drb_ra/status/1503684373215907842

sashimis.co.uk

# Reference: https://twitter.com/drb_ra/status/1503684440882651138

114.132.243.242:8083

# Reference: https://twitter.com/drb_ra/status/1503684475879936008

114.132.246.102:1433

# Reference: https://twitter.com/drb_ra/status/1503684512152236035

42.193.127.142:41555

# Reference: https://twitter.com/drb_ra/status/1503684552300150784

jugesib.com

# Reference: https://twitter.com/drb_ra/status/1503684611158728709

123.253.35.231:8088

# Reference: https://twitter.com/drb_ra/status/1503743719475924999

yxhpt.ga
static.yxhpt.ga

# Reference: https://twitter.com/drb_ra/status/1503743848358592528

update2021.oppo.cn
api.update2021.oppo.cn
api.update2021.oppo.cn.cdn.dnsv1.com.cn

# Reference: https://twitter.com/drb_ra/status/1503743917602258954

theebrd.co.uk

# Reference: https://twitter.com/drb_ra/status/1503744020798922765

1.116.180.87:443

# Reference: https://twitter.com/drb_ra/status/1503774062048382979

52.175.11.103:443

# Reference: https://twitter.com/drb_ra/status/1503774130461712388

http://3.144.44.117

# Reference: https://twitter.com/drb_ra/status/1503774199189544968

49.232.2.107:4444

# Reference: https://twitter.com/drb_ra/status/1503774224577667077

119.59.126.193:7788

# Reference: https://twitter.com/drb_ra/status/1503774261873369092

miorcsoft.com
c.miorcsoft.com

# Reference: https://twitter.com/drb_ra/status/1503774291044839426

http://198.13.50.143

# Reference: https://twitter.com/drb_ra/status/1503774342412488717

http://107.173.214.112

# Reference: https://twitter.com/drb_ra/status/1503774382681997316

sakilasilla.com

# Reference: https://twitter.com/drb_ra/status/1503774418543296521

api.spotify.us.com

# Reference: https://twitter.com/drb_ra/status/1503774454685569024

windowsserviceupdates.net
up.windowsserviceupdates.net

# Reference: https://twitter.com/drb_ra/status/1503774550177243136

http://143.110.177.163

# Reference: https://twitter.com/drb_ra/status/1503774584859996163

47.242.86.193:2087
updatemlcrosoft.com

# Reference: https://twitter.com/drb_ra/status/1503774618389204999

123.56.228.208:12306

# Reference: https://twitter.com/drb_ra/status/1503774641919254535

107.174.63.211:33060

# Reference: https://twitter.com/drb_ra/status/1503774711616004099

http://23.227.198.207

# Reference: https://twitter.com/drb_ra/status/1503774742951641091

f469-212-193-30-206.ngrok.io

# Reference: https://twitter.com/drb_ra/status/1503774771175170051

146.70.87.200:443

# Reference: https://twitter.com/drb_ra/status/1503774802628296705

103.234.72.10:8050

# Reference: https://www.virustotal.com/gui/file/92f2a258fae7f053205b5e2f1256725f5314bb9374f4bebc5b2c0a86c5bca3fa/detection
# Reference: https://www.virustotal.com/gui/file/18b7186561525d54aaf8638ac5715fbc3b9a6a64a23799165822d6af68363e7f/detection

103.234.72.10:8066

# Reference: https://twitter.com/drb_ra/status/1503774834651803649

rsasecu.com

# Reference: https://twitter.com/drb_ra/status/1503774871196737537

167.71.242.0:443

# Reference: https://twitter.com/drb_ra/status/1503774903484526592

123.57.207.156:18028

# Reference: https://twitter.com/drb_ra/status/1503774927819845636

http://34.92.211.80

# Reference: https://twitter.com/drb_ra/status/1503774934987943952

103.150.30.136:8443

# Reference: https://twitter.com/drb_ra/status/1503774947369488390

147.78.47.246:443

# Reference: https://twitter.com/drb_ra/status/1503774973445423105

123.57.191.159:7777

# Reference: https://twitter.com/drb_ra/status/1503775056299757583

http://20.231.70.25

# Reference: https://twitter.com/drb_ra/status/1503834356032360449

120.24.175.206:666

# Reference: https://www.virustotal.com/gui/file/ec87bd3ebfd19e8fe1f0c8bd97a2af7ea397d83b68cb26e91abcd3ab3d77e095/detection

http://161.35.182.52

# Reference: https://www.virustotal.com/gui/file/8800eaf378729b8fac7194e714ad5b2cbf58a9b8dd1775f92af2ed1eda3c549a/detection

114.55.97.99:8888

# Reference: https://www.virustotal.com/gui/file/2eb6e023c9cdccdf8125eee240815acdd37754d8edcd5bad662e5a5ab68558e8/detection

42.194.184.127:5741

# Reference: https://www.virustotal.com/gui/file/a6c8fdf46982bb8d66bc9c9e6ff53cc41f16e9055c9e1621a219f77e12fa1f15/detection
# Reference: https://www.virustotal.com/gui/file/29321038996e32736b1e6da66130da3f78425e25a8ffb3a115a8a09b2c25227f/detection

http://58.87.64.85

# Reference: https://www.virustotal.com/gui/file/bda57a72ac0171e23a1a3df597c410e1f411ff65f4608823603235a92166551e/detection
# Reference: https://www.virustotal.com/gui/file/8e75e17cfc4f0371873a46251b2d86efca29f0bae5357dbd926ca38138fc74e6/detection
# Reference: https://www.virustotal.com/gui/file/77cbf03656600bea381861e7a6f5c165c9d212eaa5a87fdc9c88e4972d5ae473/detection

47.111.144.178:4880
47.111.144.178:8001

# Reference: https://www.virustotal.com/gui/file/b84344e3f3e359afb621f91be7ca915ea14a734cbf05dda00a38d2c6e5bed737/detection

http://193.3.19.134
193.3.19.134:5555

# Reference: https://www.virustotal.com/gui/file/18dbb1be4301d25c6436264b9d21b1cce9c00123cd62a0f7478029c286102f57/detection
# Reference: https://www.virustotal.com/gui/file/0689f82f9fefe8cc055c941c5526666d6d04e8497818209022b1b727dfe505cf/detection

101.34.142.67:54433

# Reference: https://twitter.com/drb_ra/status/1503864131669143556

81.70.29.244:8080

# Reference: https://twitter.com/drb_ra/status/1503864157766131714

verif-me.info

# Reference: https://twitter.com/drb_ra/status/1503864192994099206

42.193.103.184:1111

# Reference: https://twitter.com/drb_ra/status/1503864258190360579

37.0.8.111:8443

# Reference: https://twitter.com/drb_ra/status/1503864291774107655

47.105.223.18:8888

# Reference: https://twitter.com/drb_ra/status/1503864370836783106

42.192.178.53:9998

# Reference: https://twitter.com/drb_ra/status/1503864397059477509

47.99.163.64:443

# Reference: https://twitter.com/drb_ra/status/1503864430760804357

120.53.226.115:1234

# Reference: https://twitter.com/drb_ra/status/1503868711677087745

193.178.169.74:8888

# Reference: https://twitter.com/drb_ra/status/1503868717486288898

213.156.146.87:443

# Reference: https://twitter.com/drb_ra/status/1504015420709294088

123.56.98.161:8022

# Reference: https://twitter.com/drb_ra/status/1504015590251548672

fortinetdirect.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1504070818208362496
# Reference: https://twitter.com/malwrhunterteam/status/1504082380675497985
# Reference: https://www.virustotal.com/gui/domain/img.cdcspco.com/detection
# Reference: https://www.virustotal.com/gui/file/7c5bbdb634dd6a1ab8d83a1cb6c2d5b13bfd3088861c85aa699fe71e9b7a0ab4/detection

fiash.buzz
img.cdcspco.com

# Reference: https://isc.sans.edu/diary/28448
# Reference: https://otx.alienvault.com/pulse/6231d9edfd3fb95f5b35616c

190.123.44.113:4444
eaglio.org
runfs.icu

# Reference: https://www.virustotal.com/gui/file/ec5906fb87ed835b063c34d2a1630d8e8199fe82ecd586aad29cee28c123b8fa/detection
# Reference: https://www.virustotal.com/gui/file/af62aa88e077be59ba86d51d161953afcfa9c501d919de3a42ff1039aee5eff6/detection
# Reference: https://www.virustotal.com/gui/file/aad07f7a596cd600083284e8b34781c27fc869b61ffddb5675c4f23dba5260cf/detection
# Reference: https://www.virustotal.com/gui/file/82c5bc2f7be548f3730013557c90987ff35e244e5e0ff628bbe7b2da0626c4f4/detection

49.234.28.118:8989

# Reference: https://www.virustotal.com/gui/file/1e42dd3da31db933e2c82d323d8260d4ddb8494c575d19e9cbba7a0253f045d4/detection

81.68.236.247:666

# Reference: https://twitter.com/drb_ra/status/1504045926918373376

42.193.151.69:500

# Reference: https://twitter.com/drb_ra/status/1504045957348012039

service-ag21zuo2-1300496321.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1504045983877025794

42.194.206.51:49851

# Reference: https://twitter.com/drb_ra/status/1504046011228082176

124.222.164.175:4444

# Reference: https://twitter.com/drb_ra/status/1504046030874202114

124.221.85.2:8088

# Reference: https://twitter.com/drb_ra/status/1504046145361915906

service-lu877pc2-1308337151.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1504046231831691266

121.5.195.89:8000
service-3eslu7yd-1253444731.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1504046255311310852

123.253.35.231:8088

# Reference: https://twitter.com/drb_ra/status/1504046259627307011

152.136.146.89:443

# Reference: https://twitter.com/drb_ra/status/1504106054879268866

172.241.29.121:443

# Reference: https://twitter.com/drb_ra/status/1504106159610945540

49.234.14.151:81
yiqianbao2.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1504106304935280644

101.43.108.28:9001

# Reference: https://twitter.com/drb_ra/status/1504136851023613953

goooooogle.co

# Reference: https://twitter.com/drb_ra/status/1504136897878237185

tstmain.forbesjournal.com

# Reference: https://twitter.com/drb_ra/status/1504136931474563072

46.29.167.76:6443

# Reference: https://twitter.com/drb_ra/status/1504136962873208833

49.234.14.151:88

# Reference: https://twitter.com/drb_ra/status/1504136992560500740

92.118.36.151:88

# Reference: https://twitter.com/drb_ra/status/1504137022310653961

asians.group

# Reference: https://twitter.com/drb_ra/status/1504137099905155072

193.53.126.131:443

# Reference: https://twitter.com/drb_ra/status/1504137127814209542

85.206.161.70:443

# Reference: https://twitter.com/drb_ra/status/1504137157086167040

http://45.32.1.87

# Reference: https://twitter.com/drb_ra/status/1504137193413292034

46.101.5.12:443

# Reference: https://twitter.com/drb_ra/status/1504137223020687366

45.76.98.183:443

# Reference: https://twitter.com/drb_ra/status/1504137250317213710

attodesigns.com

# Reference: https://twitter.com/drb_ra/status/1504137274312769539

47.242.130.88:8443

# Reference: https://twitter.com/drb_ra/status/1504137301244448773

101.35.116.133:84

# Reference: https://twitter.com/drb_ra/status/1504137327966363659

149.28.157.22:8888

# Reference: https://twitter.com/drb_ra/status/1504137353488748551

39.100.13.106:4433

# Reference: https://twitter.com/drb_ra/status/1504137390046208002

20.231.71.74:443

# Reference: https://twitter.com/drb_ra/status/1504137418605305856

45.227.255.152:443

# Reference: https://twitter.com/drb_ra/status/1504137449395605519

http://103.225.196.143
154.86.16.40:443

# Reference: https://twitter.com/drb_ra/status/1504137480840351748

http://45.129.137.151
92.118.36.151:83

# Reference: https://twitter.com/drb_ra/status/1504137501761585153

http://45.9.150.87

# Reference: https://twitter.com/drb_ra/status/1504137526935793670

182.161.69.158:8088

# Reference: https://twitter.com/drb_ra/status/1504137546862931974

92.118.36.151:81

# Reference: https://twitter.com/drb_ra/status/1504137597760720896

139.180.138.235:443

# Reference: https://twitter.com/drb_ra/status/1504137624176545800

164.92.71.65:443

# Reference: https://twitter.com/drb_ra/status/1504137663275798528

52.175.55.119:443

# Reference: https://twitter.com/drb_ra/status/1504137689431478275

101.43.183.39:81

# Reference: https://twitter.com/drb_ra/status/1504137716732248072

http://198.13.58.196

# Reference: https://twitter.com/drb_ra/status/1504137755651358721

103.103.128.121:443
twitch.tw

# Reference: https://twitter.com/drb_ra/status/1504137787284627459

8.210.17.192:443

# Reference: https://twitter.com/drb_ra/status/1504137817370382336

210.240.189.214:8443

# Reference: https://twitter.com/drb_ra/status/1504137854095659019

20.222.57.41:443

# Reference: https://twitter.com/drb_ra/status/1504137884915441672

http://91.208.197.114

# Reference: https://twitter.com/mojoesec/status/1504194860588449794

shevronf.com

# Reference: https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/
# Reference: https://www.virustotal.com/gui/domain/symantecav.xyz/relations
# Reference: https://www.virustotal.com/gui/file/9d331d97b9a5bb16f09d2867c850bb3dca128b93a36d76bfe97846667108e5be/detection
# Reference: https://www.virustotal.com/gui/file/84efe5d2ac2e83c5adc1951623d1d1cca300ff1a02d263ac654e9c37c8fa8f7a/detection

http://66.42.72.250
66.42.72.250:443
symantecav.xyz
web.symantecav.xyz

# Reference: https://www.virustotal.com/gui/file/0a899c337465ddc558b83db800299f685a24827b3471ded984b10e64a942da3f/detection

bhpeng.com/an
bhpeng.com/es.js

# Reference: https://twitter.com/drb_ra/status/1504186271022858245

198.136.56.67:443

# Reference: https://twitter.com/drb_ra/status/1504196645801627653

147.78.47.247:443

# Reference: https://twitter.com/drb_ra/status/1504196686540943368

159.223.73.101:88

# Reference: https://twitter.com/drb_ra/status/1504196716526018561

http://159.223.73.101

# Reference: https://twitter.com/drb_ra/status/1504196750352990212

aftss.cn

# Reference: https://twitter.com/drb_ra/status/1504226538572722178

http://47.99.163.64

# Reference: https://twitter.com/drb_ra/status/1504226585980948482

8.134.49.138:443

# Reference: https://twitter.com/drb_ra/status/1504226622563655685

http://152.136.178.142

# Reference: https://twitter.com/drb_ra/status/1504226659343519756

http://1.117.65.131

# Reference: https://twitter.com/drb_ra/status/1504226674250072070

118.190.99.162:10123

# Reference: https://twitter.com/drb_ra/status/1504226702175703045

47.102.138.170:60066

# Reference: https://twitter.com/drb_ra/status/1504226732957700101

101.34.210.241:4444

# Reference: https://twitter.com/drb_ra/status/1504226758882643985

http://185.170.42.91

# Reference: https://twitter.com/drb_ra/status/1504226798778867713

110.40.184.247:8080

# Reference: https://twitter.com/drb_ra/status/1504226823193956354

1.13.185.231:5555

# Reference: https://twitter.com/drb_ra/status/1504226863824125957

ourcookieslover.com
test-cdn.amarbank.co.id
ushealthadvisors.vivialsite.net

# Reference: https://twitter.com/drb_ra/status/1504226867540283400

101.35.102.100:8888

# Reference: https://twitter.com/drb_ra/status/1504226888184737795

39.99.237.243:8080

# Reference: https://twitter.com/drb_ra/status/1504226916651438094

47.101.210.150:8081

# Reference: https://twitter.com/drb_ra/status/1504226971194380291

101.35.147.116:8888

# Reference: https://twitter.com/drb_ra/status/1504226995055570947

47.116.25.84:7443

# Reference: https://twitter.com/drb_ra/status/1504367454600015875

45.83.122.99:443

# Reference: https://twitter.com/drb_ra/status/1504367462686597122

45.117.103.124:443

# Reference: https://www.virustotal.com/gui/file/7aa3cf980e9f22f1341ee1320f6f0a2d0d756bb869792b738b9b5d351f478768/detection

81.70.79.31:666

# Reference: https://twitter.com/drb_ra/status/1504377835582107651

150.158.23.116:5005

# Reference: https://twitter.com/drb_ra/status/1504377868675170308

49.234.105.212:88

# Reference: https://twitter.com/drb_ra/status/1504377981942341637

cdn.smart-monitor.myhealthfeed.com
myburbank.smugmug.com

# Reference: https://twitter.com/drb_ra/status/1504378286650101763

110.42.252.197:8787

# Reference: https://twitter.com/drb_ra/status/1504378313036505088

47.97.120.26:443

# Reference: https://twitter.com/drb_ra/status/1504378390693957632

http://147.182.250.153

# Reference: https://twitter.com/drb_ra/status/1504409111689056264

1.117.157.20:5678

# Reference: https://twitter.com/drb_ra/status/1504409189053046789

23.108.57.109:443

# Reference: https://twitter.com/drb_ra/status/1504409256912691206

safetydatabank.jp
stage.linkhealth.com

# Reference: https://twitter.com/drb_ra/status/1504409276302991360

360totaisecurity.com
cdn.360totaisecurity.com

# Reference: https://twitter.com/drb_ra/status/1504409309249163269

120.25.87.160:888

# Reference: https://twitter.com/drb_ra/status/1504409373380075520

39.101.133.101:81

# Reference: https://twitter.com/drb_ra/status/1504468562416709632

tucehagutu.com

# Reference: https://twitter.com/drb_ra/status/1504468608440750080

46.161.27.151:443

# Reference: https://twitter.com/drb_ra/status/1504468660097888260

d3gbxmocpup7di.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1504468694327562240

1.117.92.143:3333

# Reference: https://twitter.com/TheDFIRReport/status/1504472638906843136

absolutetechservices.com
fatumarulodge.net
adnnin1.herokuapp.com
dwgbg8vy0czhx.cloudfront.net
value-approve.azurewebsites.net

# Reference: https://twitter.com/ian_kenefick/status/1503528402057375746
# Reference: https://twitter.com/Max_Mal_/status/1504493674637447172
# Reference: https://www.virustotal.com/gui/ip-address/23.82.140.234/relations

buyezoda.com
hijelurusa.com

# Reference: https://twitter.com/Max_Mal_/status/1504506190902009863

foxofeli.com
jaxebiridi.com
jikediwiz.com
nejehaxed.com
pukuvel.com
sibagibe.com
sowohas.com
tucehagutu.com
wijazoz.com

# Reference: https://twitter.com/drb_ra/status/1504548657647005710

81.91.179.143:8080

# Reference: https://twitter.com/drb_ra/status/1504499902478434308

42.193.21.121:666

# Reference: https://twitter.com/drb_ra/status/1504499949697912832

91.132.59.205:81

# Reference: https://twitter.com/drb_ra/status/1504499996447674378

http://185.135.74.83

# Reference: https://twitter.com/drb_ra/status/1504500050403205123

42.192.210.204:7777

# Reference: https://twitter.com/drb_ra/status/1504500100760023052

vietsovspeedtest.com

# Reference: https://twitter.com/drb_ra/status/1504500124734603274

139.224.227.232:9999

# Reference: https://twitter.com/drb_ra/status/1504548657647005710

81.91.179.143:8080

# Reference: https://twitter.com/drb_ra/status/1504559020471992323

http://150.109.103.16

# Reference: https://twitter.com/drb_ra/status/1504559067490144262

119.91.136.172:8088

# Reference: https://twitter.com/drb_ra/status/1504559166559510530

124.222.164.175:8080

# Reference: https://twitter.com/drb_ra/status/1504559265192845324

150.109.103.16:443

# Reference: https://twitter.com/drb_ra/status/1504589687029178370

103.234.72.76:8888

# Reference: https://twitter.com/drb_ra/status/1504589715739140099

http://149.28.30.194

# Reference: https://twitter.com/drb_ra/status/1504589750166069252

http://150.158.214.246

# Reference: https://twitter.com/drb_ra/status/1504589785670766597

158.247.197.14:30001

# Reference: https://twitter.com/drb_ra/status/1504589843552165889

204.48.24.99:8082

# Reference: https://twitter.com/drb_ra/status/1504589874116104193

80.78.24.83:1443
firmwareupdater.com

# Reference: https://twitter.com/drb_ra/status/1504589929317376003

81.68.122.221:8080

# Reference: https://twitter.com/drb_ra/status/1504589940117680134

guyonghao.top

# Reference: https://twitter.com/drb_ra/status/1504589944307830787

137.175.50.95:2083
hdram.xyz

# Reference: https://twitter.com/drb_ra/status/1504589975291109383

152.136.97.36:9999

# Reference: https://twitter.com/drb_ra/status/1504590000381382665

http://118.184.184.242

# Reference: https://twitter.com/drb_ra/status/1504590035538038788

service-qgviw7sx-1302014318.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1504590064214593536

106.13.6.93:443

# Reference: https://twitter.com/drb_ra/status/1504590128437678082

173.82.19.130:443

# Reference: https://twitter.com/drb_ra/status/1504590161300135936

152.136.178.142:443

# Reference: https://twitter.com/drb_ra/status/1504590185576767489

45.32.1.87:4433

# Reference: https://twitter.com/drb_ra/status/1504590218703290368

http://147.78.47.239

# Reference: https://twitter.com/drb_ra/status/1504590300567715842

datatechkit.com

# Reference: https://twitter.com/drb_ra/status/1504590336206716935

96.28.64.114:8080

# Reference: https://twitter.com/drb_ra/status/1504590359149658113

81.69.224.130:443
/memember.do

# Reference: https://twitter.com/drb_ra/status/1504590428196196359

107.172.250.201:7847

# Reference: https://twitter.com/drb_ra/status/1504590459431235592

147.78.47.239:443

# Reference: https://twitter.com/drb_ra/status/1504590493409329156

http://3.145.6.191

# Reference: https://twitter.com/drb_ra/status/1504590523524435972

182.255.45.200:8080

# Reference: https://twitter.com/drb_ra/status/1504590580743036930

krbtgt.xyz
update.krbtgt.xyz

# Reference: https://twitter.com/drb_ra/status/1504740201985626112

204.48.24.99:443

# Reference: https://twitter.com/drb_ra/status/1504740355601752066

http://50.7.251.251

# Reference: https://twitter.com/drb_ra/status/1504774896672518150

101.43.32.186:9990

# Reference: https://twitter.com/drb_ra/status/1504774955594100769

8.140.36.157:8001

# Reference: https://twitter.com/drb_ra/status/1504775138180542482

103.85.25.148:443

# Reference: https://www.virustotal.com/gui/file/81b87688e4a129f3f643be7c7248a02f2c1a0d814d720edadc4c3737c4f3d00b/detection

82.157.231.87:4444

# Reference: https://www.virustotal.com/gui/file/97f358d118235ced0cffd2e69c56549574114c3c9d41c2bc4e37c67743f7d3bf/detection

http://39.103.192.85

# Reference: https://www.virustotal.com/gui/file/cd59ea97faff64ccf0f9e8541deb1bb844d014036dcffa3d4e4ac901ea1f635c/detection

101.35.44.224:8088

# Reference: https://twitter.com/kyleehmke/status/1499804941732491270
# Reference: https://twitter.com/th3_protoCOL/status/1504789655513796610

datatechkit.com
fileupdaterequest.com
mtndatatech.com
wirelesswebaccess.com

# Reference: https://twitter.com/drb_ra/status/1498246711181033473

101.35.44.224:443
whoami.ze.lu

# Reference: https://www.virustotal.com/gui/file/e0c3e8dc4d06da6f48e580021efc9fbd96680a4703ad0b24d13e72a3c6d6712e/detection
# Reference: https://www.virustotal.com/gui/file/db3338f9cea50cb79b23174359b87c470b9c02948911b24fdf70205f3603c5a8/detection
# Reference: https://www.virustotal.com/gui/file/cc3e780ba9b03539ca7beee1f39dade0777cafbcba6eb76d9e64eba331b6af77/detection

124.222.188.87:8001

# Reference: https://www.virustotal.com/gui/file/4f9a1581a7292ef2a39429fdbd09299740b04e327a02de22d0b863685362c042/detection

http://124.222.188.87

# Reference: https://www.virustotal.com/gui/file/e324119fb0202a8e9a40737ef9c4ea954021b7b8749c7239d718d1e49ef64024/detection

104.21.77.35:2096
microsoft-zh.tk

# Reference: https://www.virustotal.com/gui/file/48eceb91e2af813da5538a86db1782d25c2294cfb02d6e605ec5a76c18d55c46/detection

1.15.137.118:1234

# Reference: https://www.virustotal.com/gui/file/b2506c7a91987df5da89577bd203b31a3b76b6d5a8c7db0256d06f765fcb8bb8/detection

1.15.137.118:4444

# Reference: https://www.virustotal.com/gui/file/ab35cfc85e7918cc7a77659dbfe110854c258711d355f8af8d39c9c4e22e07f6/detection

1.15.137.118:5555

# Reference: https://www.virustotal.com/gui/file/95899ddc6b47ee7a6722b090e4d1d71c3b4dbda3ca7f824a09a5fc984c330f11/detection

1.15.137.118:7777
1.15.137.118:7788

# Reference: https://www.virustotal.com/gui/file/f9309f1f74960dd7d203c9076bebf6af07de27009e4e665040e317d972bbe94e/detection

81.71.8.175:521

# Reference: https://www.virustotal.com/gui/file/e99ddc7ea21b1c38ced842057a27b993219272ab30eac281e622a887a9fca5dd/detection

81.71.8.175:52012

# Reference: https://www.virustotal.com/gui/file/5df208e612e395b0cb0817aa6b3ff743b9f5dbd7c4d393a4117702ba5845c211/detection

http://114.55.36.76
114.55.36.76:8080

# Reference: https://twitter.com/drb_ra/status/1504830950634668040

18.177.60.68:1337

# Reference: https://twitter.com/drb_ra/status/1504830971551842306

18.176.183.3:1337

# Reference: https://twitter.com/drb_ra/status/1504831010105667585

18.177.76.42:1337

# Reference: https://twitter.com/drb_ra/status/1504831106301976579

18.177.53.48:1337

# Reference: https://twitter.com/drb_ra/status/1504831164888096768

18.177.0.235:1337

# Reference: https://twitter.com/drb_ra/status/1504864250279432207

124.221.168.183:4444

# Reference: https://twitter.com/drb_ra/status/1504831083090690071

chtrt20220311test.r5.lt

# Reference: https://twitter.com/drb_ra/status/1504831153861242884
# Reference: https://twitter.com/drb_ra/status/1504831156117717007
# Reference: https://twitter.com/drb_ra/status/1504831157191458817
# Reference: https://twitter.com/drb_ra/status/1504831158185598978
# Reference: https://twitter.com/drb_ra/status/1504831159418691587

http://122.228.0.143
http://122.228.0.169
http://223.111.97.182
http://27.221.54.169
http://36.103.247.11
1.117.59.141:808

# Reference: https://twitter.com/drb_ra/status/1504864267094441987

service-6wso9e3t-1257357125.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1504864319909072938

124.71.111.23:7001

# Reference: https://twitter.com/drb_ra/status/1504864349021782020

203.195.163.204:8086

# Reference: https://twitter.com/drb_ra/status/1504864376473407490

124.71.111.23:2222

# Reference: https://twitter.com/drb_ra/status/1504864403329585159

124.221.127.219:4444

# Reference: https://twitter.com/drb_ra/status/1504864429527207937

1.117.180.42:447

# Reference: https://twitter.com/drb_ra/status/1504864468664295428
# Reference: https://www.virustotal.com/gui/file/cef19178ec7c2fa45f178948bb76417bea4ac75b3efd6ab04deb09ca9879a1b5/detection
# Reference: https://www.virustotal.com/gui/file/7fc087387dea44b8cb4c03a3c93abc83802a1dface2ffa250d9ac6cc32218523/detection
# Reference: https://www.virustotal.com/gui/file/31a4a6b5433dd7709bbd07b7d480aef76d36fd31406decc0f4cdf9e925aa0ddd/detection

124.222.238.34:7856
124.222.238.34:8000
139.198.124.132:8565

# Reference: https://www.virustotal.com/gui/file/04113d5fa51addc57a858f945cf7dbef6d24841d2a63db4bff475dde40fbe2b5/detection

79.141.168.109:4975
coremailxt5mainjsp.com

# Reference: https://twitter.com/drb_ra/status/1504916070284632066
# Reference: https://twitter.com/drb_ra/status/1509451483619766274

http://116.204.211.191
116.204.211.191:443

# Reference: https://twitter.com/drb_ra/status/1504916185715986444

drimzis.com

# Reference: https://twitter.com/drb_ra/status/1504916283917320192
# Reference: https://www.virustotal.com/gui/ip-address/192.248.158.52/relations

promsn.com
telemn.com
telemsn.com

# Reference: https://www.virustotal.com/gui/file/42569fc832b344e429ded520268dd72567f7a722a30eb354d79d443dde6b2fba/detection

81.70.162.112:6666

# Reference: https://twitter.com/drb_ra/status/1504954183165820932

139.198.32.14:8080

# Reference: https://twitter.com/drb_ra/status/1504954209355055104

158.247.206.61:50001

# Reference: https://twitter.com/drb_ra/status/1504954228535664646

103.30.43.205:8080

# Reference: https://twitter.com/drb_ra/status/1504954250643886081

http://101.43.215.182

# Reference: https://twitter.com/drb_ra/status/1504954277692907520

139.198.32.14:443

# Reference: https://twitter.com/drb_ra/status/1504954313755578372

599998.xyz

# Reference: https://twitter.com/drb_ra/status/1504954346093662213

104.223.15.193:2053
qianixin.ga

# Reference: https://twitter.com/drb_ra/status/1504954373377605633

118.193.40.36:1200

# Reference: https://twitter.com/drb_ra/status/1504954398702772234

1.116.207.171:1111

# Reference: https://twitter.com/drb_ra/status/1504954400133074947

172.105.197.248:443

# Reference: https://twitter.com/drb_ra/status/1504954424644538373

165.154.229.59:443

# Reference: https://twitter.com/drb_ra/status/1504954456500232196

91.132.59.205:82

# Reference: https://twitter.com/drb_ra/status/1504954485801635849

194.163.40.118:2080

# Reference: https://twitter.com/drb_ra/status/1504954507813220353

http://175.41.168.213

# Reference: https://twitter.com/drb_ra/status/1504954569901678593

http://104.168.171.86

# Reference: https://twitter.com/drb_ra/status/1504954626688393219

103.146.179.117:8443

# Reference: https://twitter.com/drb_ra/status/1504954664718159874

http://43.228.90.27

# Reference: https://twitter.com/drb_ra/status/1504954721467047936

185.92.73.161:443

# Reference: https://twitter.com/drb_ra/status/1504954753310154753

91.240.118.63:443

# Reference: https://twitter.com/drb_ra/status/1504954784117411840

1.14.77.216:8443
bywe.xyz
c.bywe.xyz

# Reference: https://twitter.com/drb_ra/status/1504954813842350088

1.116.156.226:8787

# Reference: https://twitter.com/drb_ra/status/1504954818032504835

103.84.85.18:8443

# Reference: https://twitter.com/drb_ra/status/1504954848873226244

103.84.85.19:8443

# Reference: https://twitter.com/drb_ra/status/1504954878891892736

69.72.85.10:8443

# Reference: https://twitter.com/drb_ra/status/1504954906892984322

92.118.61.37:8088

# Reference: https://twitter.com/drb_ra/status/1504954945346359303

http://92.118.36.151

# Reference: https://twitter.com/drb_ra/status/1504955885042511878

141.226.144.6:443

# Reference: https://twitter.com/drb_ra/status/1504955896639770633

91.210.104.82:443

# Reference: https://twitter.com/drb_ra/status/1504972201589719046

onobrlve.com

# Reference: https://twitter.com/drb_ra/status/1505102648424415235

3.226.236.4:443

# Reference: https://twitter.com/drb_ra/status/1505102707064983552

110.40.152.45:9090

# Reference: https://twitter.com/drb_ra/status/1505102736546840579

http://124.223.5.19

# Reference: https://twitter.com/drb_ra/status/1505102774815670276

http://106.12.187.170
150.158.159.89:4444

# Reference: https://twitter.com/drb_ra/status/1505102820252565504

42.192.178.53:7777

# Reference: https://twitter.com/drb_ra/status/1505102883691368450

http://124.222.95.72

# Reference: https://twitter.com/drb_ra/status/1505134194627948548

47.96.171.126:65001

# Reference: https://twitter.com/drb_ra/status/1505134229428097025

118.31.59.38:222

# Reference: https://twitter.com/drb_ra/status/1505134252899418115

123.56.228.208:443

# Reference: https://twitter.com/drb_ra/status/1505134291054997510

http://116.62.198.13
120.26.6.181:4444

# Reference: https://twitter.com/drb_ra/status/1505134327537016840

82.156.188.211:6666

# Reference: https://twitter.com/drb_ra/status/1505134406268301317

121.199.162.198:7777

# Reference: https://twitter.com/drb_ra/status/1505134429185921025

http://116.204.211.21
http://118.184.186.166
116.204.211.21:443
118.184.186.166:443

# Reference: https://twitter.com/drb_ra/status/1505134468402663426

35.220.251.217:9111

# Reference: https://twitter.com/drb_ra/status/1505134496596873222

http://150.158.159.239
150.158.159.239:443

# Reference: https://twitter.com/drb_ra/status/1505134559603662849

47.156.245.221:443

# Reference: https://twitter.com/drb_ra/status/1505134622455250944
# Reference: https://www.virustotal.com/gui/file/26a7241e48bf9ae9ffbd1a757ae415537d69ad182fd62018cee90348e925cb26/detection

116.62.198.13:4430
120.26.6.181:4430

# Reference: https://www.virustotal.com/gui/file/ffb6a0334c8be05253a740717cac36927002b471382db9aaa304636a9daa0048/detection
# Reference: https://www.virustotal.com/gui/file/7ca03ecae5def56ea0e275dbe7bfe57f3b3798fbe9b75fb5ee88f11bcd3079ab/detection
# Reference: https://www.virustotal.com/gui/file/7615ea41b1b19ab2eb7fe0fe120fdadd7e28ae487de3c8d9039e10ef34def26e/detection
# Reference: https://www.virustotal.com/gui/file/616af64e0063675c93dbe97110d438ae16781b64215bf9db3541b80595558d6f/detection

124.70.53.29:443

# Reference: https://www.virustotal.com/gui/file/d321f674ae17be78757aa5c17ca1e0fe6d5eb28fce967deaef29df62b68f0374/detection
# Reference: https://www.virustotal.com/gui/file/2bea4b244ec09d5323dd0c0d4b2edea26dddaf4c5728388a8cf1ef04fc607358/detection

172.67.195.245:8443
qihoo360.workers.dev
sec.qihoo360.workers.dev

# Reference: https://www.virustotal.com/gui/file/a0528c7a870f134e674cc93d21b50c5a8f0ec01e90f438dd3c6ec8c5a56376e2/detection

http://124.223.219.129

# Reference: https://www.virustotal.com/gui/file/e4a2b94d97ec7f7dbea4e17c86919f38f6caa20bc731b562e310d710c7f8d96c/detection

124.223.219.129:2222

# Reference: https://www.virustotal.com/gui/file/17d5b3eeb9ab606fc39cab319db7872c6e94467e0d68afaee5f23ae41e2b49a0/detection

1.117.152.37:7958

# Reference: https://www.virustotal.com/gui/file/066b2e5c3ecb69b50f64039ca68ae9c9c40f385daa91ba3732b5ab2c4c5e32af/detection
# Reference: https://www.virustotal.com/gui/file/c53381270487fbe9991ecc5963d66c9399740027e801fc6bb2b090b6574d712d/detection

42.193.22.7:6666

# Reference: https://www.virustotal.com/gui/file/f916e0857754cb046bb0459b49bb52cfb5b9b5fe6c14da8499061e457dea3006/detection

120.24.210.164:6655

# Reference: https://www.virustotal.com/gui/file/7599aabcaac5eb90b419bec7583576e7443dc7290bd950b896aa5427f40fc526/detection
# Reference: https://www.virustotal.com/gui/file/097b14fc3ed1e87fcb5b84a31f708b87fede26c938d7f61c40f0b49069e1231f/detection

120.24.210.164:6667

# Reference: https://www.virustotal.com/gui/file/0ddce500701c9822bc65320b8851715926606a2dffbfec69bbe7d734d635671a/detection

120.24.210.164:9000

# Reference: https://www.virustotal.com/gui/file/abe51157a8d113dd051ffa953571e6a5fa922968a2a1c7cd29dcb7135671772b/detection

120.24.210.164:9999

# Reference: https://twitter.com/drb_ra/status/1505193509338374153

103.169.90.143:8443
test.sjquery.com

# Reference: https://twitter.com/drb_ra/status/1505193572005519367

100.42.64.106:801

# Reference: https://twitter.com/drb_ra/status/1505193603643105283

http://101.32.15.46

# Reference: https://twitter.com/drb_ra/status/1505193685033660427

123.58.198.114:443
operation.pw
securemanage.xyz
update.operation.pw
update.securemanage.xyz

# Reference: https://twitter.com/drb_ra/status/1505193691392192512

101.32.15.46:443

# Reference: https://twitter.com/drb_ra/status/1505193775194382341

http://101.43.29.159

# Reference: https://twitter.com/drb_ra/status/1505193808459358210

137.184.150.159:53

# Reference: https://twitter.com/drb_ra/status/1505224180844879886

http://210.215.129.105

# Reference: https://twitter.com/drb_ra/status/1505224215783526404

94.103.9.171:443

# Reference: https://twitter.com/drb_ra/status/1505224264093478923

103.30.4.205:8081

# Reference: https://twitter.com/drb_ra/status/1505224297836650497

146.70.44.201:1443
intergroupservices.com

# Reference: https://twitter.com/drb_ra/status/1505224377096450056

5.45.73.58:443

# Reference: https://twitter.com/drb_ra/status/1505224401024913411

http://40.71.21.207

# Reference: https://twitter.com/drb_ra/status/1505224428652998656

69.72.85.11:8443

# Reference: https://twitter.com/drb_ra/status/1505224456867880970

87.251.71.45:443

# Reference: https://twitter.com/drb_ra/status/1505224484718059524

157.245.205.11:9443
vietsovspeedtest.com

# Reference: https://twitter.com/drb_ra/status/1505224526841458689

165.154.229.59:8443

# Reference: https://twitter.com/drb_ra/status/1505224574601994241

173.82.135.18:2053
youtubb.tk
linux-update.youtubb.tk

# Reference: https://twitter.com/drb_ra/status/1505224600917090308
# Reference: https://twitter.com/drb_ra/status/1505224602133356545
# Reference: https://twitter.com/drb_ra/status/1505224603496550409

d15wf5gd1mk9af.cloudfront.net
d28uoplqzil7wt.cloudfront.net
dtysd455x9rpc.cloudfront.net
dxtj4rxkdldfe.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1505224678842978304

http://40.112.55.123
http://40.71.21.207

# Reference: https://twitter.com/drb_ra/status/1505224713303379968

81.70.255.24:800

# Reference: https://twitter.com/drb_ra/status/1505224738737737730

1.117.191.72:8080

# Reference: https://twitter.com/drb_ra/status/1505224768924102659

52.14.191.105:443

# Reference: https://twitter.com/drb_ra/status/1505224815782907916

209.133.223.164:8080

# Reference: https://twitter.com/drb_ra/status/1505224888390496259

155.94.201.196:9001

# Reference: https://twitter.com/drb_ra/status/1505224914554531840

service-ika3c8jq-1257941211.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1505224963422408709

http://45.84.120.94
fortinetfirewall.com

# Reference: https://twitter.com/drb_ra/status/1505224990702157825

http://31.44.184.187

# Reference: https://twitter.com/drb_ra/status/1505225018841698308

103.223.122.13:8082

# Reference: https://twitter.com/drb_ra/status/1505225042841505796

47.100.244.166:2000

# Reference: https://twitter.com/drb_ra/status/1505225066640023557

146.0.72.85:8080

# Reference: https://twitter.com/drb_ra/status/1505225094922186756

45.9.148.102:443

# Reference: https://twitter.com/drb_ra/status/1505225180733493249

92.118.36.151:86

# Reference: https://twitter.com/1ZRR4H/status/1505261975277875200

34.85.58.11:8999

# Reference: https://www.virustotal.com/gui/file/7652fe0875ab805228dabcf4c7819ebbf292a1bdcd91b8ba64909691b1bed498/detection
# Reference: https://www.virustotal.com/gui/file/6a197bd7e4bf77e5b37db8b9548d849808fd2a3dac8cbee5b50ef61b3ec64d87/detection
# Reference: https://www.virustotal.com/gui/file/42ad16ce91facec0f9c43fb49af56b93cd7057d3f53e1f5b8aecc70139aeae98/detection
# Reference: https://www.virustotal.com/gui/file/39c4bb34e41df3c18e44fa0a99f9b77601b757a522d8fd83e9887543c380189b/detection

106.75.25.232:1999

# Reference: https://twitter.com/drb_ra/status/1505283912171507713

49.233.103.93:808

# Reference: https://twitter.com/drb_ra/status/1505283937702141955

ciscovpnrouter.com

# Reference: https://twitter.com/drb_ra/status/1505283975056707587

91.245.255.57:8080
layuijs.com
cdn-sh.layuijs.com

# Reference: https://twitter.com/drb_ra/status/1505284063518773256

173.82.134.187:4444

# Reference: https://twitter.com/drb_ra/status/1505284084028919814

107.175.222.222:81

# Reference: https://twitter.com/drb_ra/status/1505284104929042434

69.49.235.167:8055

# Reference: https://twitter.com/drb_ra/status/1505284192657199114

45.207.47.55:8880
mypd.pw

# Reference: https://twitter.com/drb_ra/status/1505314858266419201

101.201.236.130:443

# Reference: https://twitter.com/drb_ra/status/1505314936980922371

service-dq64etm6-1259066271.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1505314972225708033

1.15.1.116:4434

# Reference: https://twitter.com/drb_ra/status/1505315035383582725

http://116.204.211.185

# Reference: https://twitter.com/drb_ra/status/1505315071404171266

91huaxiansheng.online

# Reference: https://twitter.com/drb_ra/status/1505315105197731848

175.178.154.110:8888

# Reference: https://twitter.com/drb_ra/status/1505465341492740098

116.204.211.185:443

# Reference: https://twitter.com/drb_ra/status/1505495692252520450

sapabeka.com

# Reference: https://twitter.com/drb_ra/status/1505495701798723585

42.192.213.66:453

# Reference: https://twitter.com/drb_ra/status/1505495739086131204

154.91.196.27:53

# Reference: https://twitter.com/drb_ra/status/1505495755137687553

146.0.72.85:4443

# Reference: https://twitter.com/drb_ra/status/1505495775232598019

1.116.207.171:2052
extremewang.tk
kris.extremewang.tk

# Reference: https://twitter.com/drb_ra/status/1505495779108081669

216.83.57.211:3260

# Reference: https://twitter.com/drb_ra/status/1505495804315897860

8bcb-2604-a880-800-10-00-bf8-8001.ngrok.io

# Reference: https://twitter.com/drb_ra/status/1505495824779948040

42.192.228.137:8999

# Reference: https://twitter.com/drb_ra/status/1505495858904719366

142.93.136.148:3001

# Reference: https://twitter.com/drb_ra/status/1505495890626236416

106.225.138.9:10080

# Reference: https://twitter.com/drb_ra/status/1505495912956796931

106.52.128.156:9001

# Reference: https://twitter.com/drb_ra/status/1505496005424336900

42.192.54.106:2082
huorongsec.com
update.huorongsec.com

# Reference: https://twitter.com/drb_ra/status/1505495952659996679

49.234.21.227:7878

# Reference: https://twitter.com/drb_ra/status/1505496031055728641

42.192.206.115:443

# Reference: https://twitter.com/drb_ra/status/1505496054518714369

47.97.38.197:4545

# Reference: https://twitter.com/drb_ra/status/1505496092296851458

96.44.156.213:443

# Reference: https://twitter.com/drb_ra/status/1505496137909903361

103.70.59.137:4445

# Reference: https://twitter.com/drb_ra/status/1505496152552222726

103.223.122.43:8060

# Reference: https://twitter.com/drb_ra/status/1505496164220776450

107.175.184.125:8099

# Reference: https://twitter.com/drb_ra/status/1505496184844169222

http://82.156.232.124

# Reference: https://twitter.com/drb_ra/status/1505496187415183360

121.4.116.90:8809

# Reference: https://twitter.com/drb_ra/status/1505555683525201923

39.101.136.68:8009

# Reference: https://twitter.com/drb_ra/status/1505555732925763587

106.13.95.3:8443
flash-com.tk

# Reference: https://twitter.com/drb_ra/status/1505586190619185152

205.185.126.53:4444

# Reference: https://twitter.com/drb_ra/status/1505586202988412929

194.163.157.82:8080
576747640bbc9e8922cb0c45c7357ccee4ccd36a.online

# Reference: https://twitter.com/drb_ra/status/1505586239407337475

42.192.149.244:9123

# Reference: https://twitter.com/drb_ra/status/1505586326112174080

212.86.108.104:1337

# Reference: https://twitter.com/drb_ra/status/1505586414259474432

82.157.63.216:7788

# Reference: https://twitter.com/drb_ra/status/1505586437990887433

http://205.185.126.53

# Reference: https://twitter.com/drb_ra/status/1505586472707137546

http://149.28.71.199

# Reference: https://twitter.com/drb_ra/status/1505586501022846976

144.202.114.191:1111

# Reference: https://twitter.com/drb_ra/status/1505586541585969152

geotypico.com

# Reference: https://twitter.com/ian_kenefick/status/1505279015476682762

pikopotu.com

# Reference: https://twitter.com/ian_kenefick/status/1505279624107933697

mikuveve.com
povagewipa.com
xebibar.com

# Reference: https://twitter.com/drb_ra/status/1505646236073869315

larksuite.workers.dev
cs44.larksuite.workers.dev

# Reference: https://twitter.com/drb_ra/status/1505646298367766529

180.76.54.93:4444

# Reference: https://twitter.com/drb_ra/status/1505646393305845761

210.240.189.214:8443

# Reference: https://twitter.com/drb_ra/status/1505676961359740933

service-385e9eg3-1300923010.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1505676990833123343

1.116.26.222:8888

# Reference: https://twitter.com/drb_ra/status/1505677020025470980

69.49.235.167:443

# Reference: https://twitter.com/drb_ra/status/1505677094986072073

66.112.210.26:2323

# Reference: https://twitter.com/drb_ra/status/1505677121376722951

107.173.82.245:8443

# Reference: https://twitter.com/drb_ra/status/1505677145384882176

27.124.47.6:18443

# Reference: https://twitter.com/drb_ra/status/1505677174090735616

1.13.186.60:8080

# Reference: https://twitter.com/drb_ra/status/1505677204449120258

46.101.5.12:444

# Reference: https://twitter.com/drb_ra/status/1505677224543985668

47.107.152.193:8080

# Reference: https://twitter.com/drb_ra/status/1505677256768765963

40.121.241.79:50050

# Reference: https://twitter.com/drb_ra/status/1505677278294028288

87.251.71.12:443

# Reference: https://twitter.com/drb_ra/status/1505677325362421762

114.55.101.161:8080

# Reference: https://twitter.com/drb_ra/status/1505677367943045127

8.210.154.177:6667

# Reference: https://twitter.com/drb_ra/status/1505677393972838405
# Reference: https://twitter.com/drb_ra/status/1510389294246117377

http://152.136.14.90
152.136.14.90:443

# Reference: https://twitter.com/drb_ra/status/1505677429804777475

45.227.255.148:443

# Reference: https://twitter.com/drb_ra/status/1505677466106572801

31.44.184.187:443

# Reference: https://twitter.com/drb_ra/status/1505677502697586688

updatamicrosofts.workers.dev
fe2.updatamicrosofts.workers.dev

# Reference: https://twitter.com/drb_ra/status/1505677534582738950

1.117.92.143:82

# Reference: https://twitter.com/drb_ra/status/1505858360272461828

124.223.174.208:82
adnnin.herokuapp.com

# Reference: https://twitter.com/drb_ra/status/1505858428647915523

1.117.191.72:443

# Reference: https://twitter.com/drb_ra/status/1505858461988536322

45.78.5.60:808

# Reference: https://twitter.com/drb_ra/status/1505858492707614723

47.94.3.175:443

# Reference: https://twitter.com/drb_ra/status/1505858566284062726

look-for-you.xyz
update.look-for-you.xyz

# Reference: https://twitter.com/drb_ra/status/1505858644889542659

124.223.185.141:4444

# Reference: https://twitter.com/drb_ra/status/1505858664095272962

http://82.156.241.185

# Reference: https://twitter.com/drb_ra/status/1505858692406812681

47.93.212.101:10011

# Reference: https://twitter.com/drb_ra/status/1505858720378626055

124.221.168.183:88

# Reference: https://twitter.com/drb_ra/status/1505858760815878144

45.249.94.56:443

# Reference: https://twitter.com/drb_ra/status/1505858795301441539

service-5q4otiv9-1309874670.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1505907472246185991

updatevpncitrix.com

# Reference: https://twitter.com/drb_ra/status/1505907528881917954

139.196.191.50:8099

# Reference: https://twitter.com/drb_ra/status/1505907593730002950

http://43.228.90.27
http://43.228.90.9

# Reference: https://twitter.com/drb_ra/status/1505907637724094465

190.123.44.113:8080

# Reference: https://twitter.com/drb_ra/status/1505907719001317376

firewallwithadvancedserurity.com

# Reference: https://twitter.com/drb_ra/status/1505907761040740362

121.5.61.8:4443

# Reference: https://twitter.com/drb_ra/status/1505907826245476355

http://185.8.105.112

# Reference: https://twitter.com/drb_ra/status/1505948774430031876

23.227.198.252:4443
absolutetechservices.com

# Reference: https://twitter.com/drb_ra/status/1505948866650284039

107.148.201.113:4444

# Reference: https://twitter.com/drb_ra/status/1505948890599763986

39.101.133.101:806

# Reference: https://twitter.com/drb_ra/status/1505948926087766019

45.84.120.94:4443

# Reference: https://twitter.com/drb_ra/status/1505948975089823744

http://23.227.198.252

# Reference: https://twitter.com/drb_ra/status/1505949012381380622

1.117.92.143:801

# Reference: https://twitter.com/drb_ra/status/1505949086389780489

49.234.143.54:8081

# Reference: https://twitter.com/drb_ra/status/1505949113656950785

106.14.144.60:9595

# Reference: https://www.virustotal.com/gui/file/d12e590a9616f730aa40cc37f52820b7573136153b49a73de62c3df937ccdd20/detection
# Reference: https://www.virustotal.com/gui/file/4e0513892b6c94cf980dc1483caf06842b59e797ae154f8b203e98525f197086/detection

119.91.100.114:5555
lrinformatica.es

# Reference: https://www.virustotal.com/gui/file/d49da4484ddb62f1b5420ccaaae6bbf8a86e82f34b22bb0c3d8a1eb320d9236c/detection

119.91.100.114:6666

# Reference: https://www.virustotal.com/gui/file/a845e353dc21c8aca6d5f67bfba79fa4fb6634765819d0edea20143349421071/detection

119.91.100.114:7777

# Reference: https://www.virustotal.com/gui/file/3207ec7df1aba7ebd4f0839c359cec6ce274b0a47ac87d59e550dc9350246297/detection

119.91.100.114:8000

# Reference: https://www.virustotal.com/gui/file/05ddd316b98061d381dfecf0566956496f025d88546f530d9e17b384513d15f0/detection
# Reference: https://www.virustotal.com/gui/file/02dfb21e886d49724df57967f62bd054ddf05de3561b17feb0524296e70e96dc/detection

45.136.245.84:8676

# Reference: https://twitter.com/drb_ra/status/1506041460264775687

173.82.135.18:2096

# Reference: https://twitter.com/drb_ra/status/1506041494481870852
# Reference: https://twitter.com/drb_ra/status/1506041839966638093

45.140.147.141:8080
45.140.147.141:8443
thalgov.xyz

# Reference: https://twitter.com/drb_ra/status/1506041527025426439

158.247.193.8:443

# Reference: https://twitter.com/drb_ra/status/1506041566883835905

pacom001.vercel.app

# Reference: https://twitter.com/drb_ra/status/1506041595807866883

134.122.173.24:3006

# Reference: https://twitter.com/drb_ra/status/1506041622655647746

http://49.235.233.189

# Reference: https://twitter.com/drb_ra/status/1506041648299528199

shormanz.com

# Reference: https://twitter.com/drb_ra/status/1506041677101912066

35.220.251.217:8111

# Reference: https://twitter.com/drb_ra/status/1506041762267250689

http://13.229.149.254

# Reference: https://twitter.com/drb_ra/status/1506041788368400387

129.226.175.75:8088

# Reference: https://twitter.com/drb_ra/status/1506041818709909505

45.227.255.152:8095

# Reference: https://twitter.com/drb_ra/status/1506041881137975303

flashpointdatabase.com

# Reference: https://twitter.com/drb_ra/status/1506041904844132358

http://45.146.165.77
193.38.55.36:443
45.146.165.77

# Reference: https://twitter.com/drb_ra/status/1506041929674506246

14.1.98.226:8461

# Reference: https://twitter.com/drb_ra/status/1506185640953606147
# Reference: https://www.virustotal.com/gui/file/caf34c9772cdc394194356602d1ff3edd0b85575a538d3fff91503f8a439b80c/detection

http://185.150.117.189
vpnupdaters.com

# Reference: https://twitter.com/drb_ra/status/1506185691780333571

122.112.211.166:65430

# Reference: https://twitter.com/drb_ra/status/1506185728274968578

216.83.57.209:3260

# Reference: https://twitter.com/drb_ra/status/1506185738320240640

firewallwithadvancedserurity.com

# Reference: https://twitter.com/drb_ra/status/1506185797535473664

edgeupdater.com

# Reference: https://twitter.com/drb_ra/status/1506185837779865601

190.123.44.113:8888

# Reference: https://twitter.com/drb_ra/status/1506185867584544769

service-4fimktpq-1308337151.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1506185870851854337

http://185.8.105.103
edgeupdater.com

# Reference: https://twitter.com/drb_ra/status/1506185974006624261

http://43.132.192.214
http://82.156.168.131

# Reference: https://twitter.com/drb_ra/status/1506185978771296256

216.83.57.210:3260

# Reference: https://twitter.com/drb_ra/status/1506185983578017794

216.83.57.211:3260

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-03-21-IOCs-for-Cobalt-Strike-from-IcedID-infection.txt
# Reference: https://www.virustotal.com/gui/file/09d8fb54a22c3bb753fce7dc5192221122cf5dc26b42504ffca254e2521dbf8e/detection

23.227.198.203:757
bupdater.com

# Reference: https://twitter.com/drb_ra/status/1506188187940577292

101.43.147.69:1111

# Reference: https://twitter.com/drb_ra/status/1506188730268364802

114.132.233.42:9527

# Reference: https://twitter.com/drb_ra/status/1506222854718705672

49.232.137.36:6666

# Reference: https://twitter.com/drb_ra/status/1506222886356496385

43.224.80.8:89

# Reference: https://twitter.com/drb_ra/status/1506280538944024581

telemetrin.com

# Reference: https://twitter.com/drb_ra/status/1506280572985004044

37.0.8.111:8443

# Reference: https://twitter.com/drb_ra/status/1506280728279105549

130.185.238.69:443

# Reference: https://twitter.com/drb_ra/status/1506312606142930947

104.243.24.75:8443
wlndow-sln-it-data.site

# Reference: https://twitter.com/drb_ra/status/1506312636052512776

27.102.107.166:82

# Reference: https://twitter.com/drb_ra/status/1506312660618563586
# Reference: https://twitter.com/drb_ra/status/1506313547541798925

149.28.129.89:8080
cloud-maste.com
fukuoka.cloud-maste.com

# Reference: https://twitter.com/drb_ra/status/1506312697117384709

154.209.228.14:8443

# Reference: https://twitter.com/drb_ra/status/1506312733100228615

d23h3o10ok2cq4.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1506312786829352973

155.94.182.212:41688

# Reference: https://twitter.com/drb_ra/status/1506312813601562627

http://64.74.160.226

# Reference: https://twitter.com/drb_ra/status/1506312867284459525

13.89.226.187:8084

# Reference: https://twitter.com/drb_ra/status/1506312889593958409

173.232.146.85:443

# Reference: https://twitter.com/drb_ra/status/1506312929435598856

http://206.119.79.10
http://27.124.20.53

# Reference: https://twitter.com/drb_ra/status/1506312960179851275

http://155.94.149.88

# Reference: https://twitter.com/drb_ra/status/1506312987556163592

81.69.99.79:443

# Reference: https://twitter.com/drb_ra/status/1506313020326223874

http://45.11.180.48

# Reference: https://twitter.com/drb_ra/status/1506313053649973254

http://149.28.136.50

# Reference: https://twitter.com/drb_ra/status/1506313087074574338

y.threatbook.cn

# Reference: https://twitter.com/drb_ra/status/1506313110478794754

81.71.68.50:8033

# Reference: https://twitter.com/drb_ra/status/1506313137141825547

http://52.74.241.34

# Reference: https://twitter.com/drb_ra/status/1506313168796139520

http://37.1.209.103

# Reference: https://twitter.com/drb_ra/status/1506313194616369167

164.92.155.177:500
/get/four_doors_more_whores
/four_doors_more_whores

# Reference: https://twitter.com/drb_ra/status/1506313224555311115

45.11.180.48:443

# Reference: https://twitter.com/drb_ra/status/1506313252946550795

45.32.70.164:2083
u13.eu

# Reference: https://twitter.com/drb_ra/status/1506313278926073857
# Reference: https://twitter.com/drb_ra/status/1506313332059422736

109.71.254.104:4444
109.71.254.104:8080
frexc.icu

# Reference: https://twitter.com/drb_ra/status/1506313307581566976

http://20.127.8.188

# Reference: https://twitter.com/drb_ra/status/1506313364733140994

165.22.65.121:443

# Reference: https://twitter.com/drb_ra/status/1506313391018807298

http://185.82.127.34

# Reference: https://twitter.com/drb_ra/status/1506313425076596740

135.181.13.54:443

# Reference: https://twitter.com/drb_ra/status/1506313455866892296

service-bmyga2bl-1305338996.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1506313499147919368

47.116.23.73:443

# Reference: https://twitter.com/1ZRR4H/status/1506345663990317062

149.255.35.83:787
23.227.198.210:757
23.227.198.211:757
accessdbpro.com
datasafenetworks.com

# Reference: https://www.virustotal.com/gui/file/04e50539f558631fe27121f712a77f889c55966575be40241ee04539fb9da3da/detection

alivod.med126.com
cdn.static.ettiao.com
information.mkzhan.com

# Reference: https://www.virustotal.com/gui/file/21ef1d1347feb3739401b4b36f5cc26baaebb6c93072b0e6787e48d3d37ccaa1/detection

124.223.187.126:22222

# Reference: https://twitter.com/drb_ra/status/1506371562458464265

http://139.155.27.114

# Reference: https://twitter.com/drb_ra/status/1506401733265797125

124.222.118.170:443

# Reference: https://twitter.com/drb_ra/status/1506401779944243204

8.142.46.134:50053

# Reference: https://twitter.com/drb_ra/status/1506401840463855623

8.142.71.238:8443
fshccloud.live

# Reference: https://twitter.com/drb_ra/status/1506401868053893121

182.61.139.70:443

# Reference: https://twitter.com/drb_ra/status/1506401940971925510

http://180.76.187.190

# Reference: https://twitter.com/drb_ra/status/1506401987755134980

39.108.138.119:8888

# Reference: https://twitter.com/drb_ra/status/1506402063927939073

61.136.208.2:8080

# Reference: https://twitter.com/drb_ra/status/1506552274176430084

http://43.228.90.9

# Reference: https://twitter.com/drb_ra/status/1506552300038406151

yqb.vercel.app

# Reference: https://twitter.com/drb_ra/status/1506552354631524353

http://116.204.211.185

# Reference: https://twitter.com/drb_ra/status/1506552358775500802

154.209.228.14:443

# Reference: https://twitter.com/drb_ra/status/1506552442888101892

107.182.185.224:8880
dnsb2b.com
tb.dnsb2b.com

# Reference: https://twitter.com/drb_ra/status/1506552489994338313

116.204.211.185:443

# Reference: https://twitter.com/drb_ra/status/1506582751591514112

http://1.116.146.121

# Reference: https://twitter.com/drb_ra/status/1506582786479644675

121.40.248.82:8080

# Reference: https://twitter.com/drb_ra/status/1506582824677163008

http://80.71.158.186

# Reference: https://twitter.com/drb_ra/status/1506582904293502979

80.71.158.186:443

# Reference: https://twitter.com/drb_ra/status/1506582991610564614

40.115.196.147:8080

# Reference: https://twitter.com/drb_ra/status/1506583025081098245

update-servicer.com

# Reference: https://twitter.com/drb_ra/status/1506583091690840064

http://154.23.114.8
http://20.24.68.186

# Reference: https://www.virustotal.com/gui/file/6176de49e7c102664011bde53ba817326e4616dd9465f2c3e33d814b22cbc37b/detection

154.22.117.31:10086

# Reference: https://twitter.com/drb_ra/status/1506632675158810633

apeduze.com

# Reference: https://twitter.com/drb_ra/status/1506632748873797647

apokil.com

# Reference: https://twitter.com/drb_ra/status/1506632781803274245

blinkij.com

# Reference: https://twitter.com/drb_ra/status/1506632865169264642

46.21.153.52:787

# Reference: https://twitter.com/drb_ra/status/1506632897578651651

shikjil.com

# Reference: https://twitter.com/drb_ra/status/1506632941316751368

live80000.com

# Reference: https://twitter.com/drb_ra/status/1506632989337395206

23.227.202.142:787
appnewrelease.com

# Reference: https://twitter.com/drb_ra/status/1506633081100378114

23.227.198.203:1080

# Reference: https://www.virustotal.com/gui/file/9170169ae732c3a843c871be73875ea1bc8081876db5f9bcfd5f05d792bcaef0/detection

176.113.69.91:443

# Reference: https://www.virustotal.com/gui/file/60ee19bb558d20c2591569ddb73fc90787dd47a07453e252a3afcaa222dde125/detection
# Reference: https://www.virustotal.com/gui/file/2e67456e65149011e48302946e3ef29b6ec77047ef545c65bdd1506aa963ee7b/detection

154.204.26.120:443
154.204.27.130:443

# Reference: https://twitter.com/drb_ra/status/1506675781925281807

139.180.141.72:443

# Reference: https://twitter.com/drb_ra/status/1506675823419531273

154.198.209.12:443

# Reference: https://twitter.com/drb_ra/status/1506675874308968463

http://155.94.235.204

# Reference: https://twitter.com/drb_ra/status/1506675903912366088

149.248.5.218:7788

# Reference: https://twitter.com/drb_ra/status/1506675942407684116

185.203.118.227:443

# Reference: https://twitter.com/drb_ra/status/1506676012813275146

144.202.53.230:443

# Reference: https://twitter.com/drb_ra/status/1506676053326061571

103.70.59.137:443

# Reference: https://twitter.com/drb_ra/status/1506676127779241985

120.77.148.143:8899

# Reference: https://twitter.com/drb_ra/status/1506676200969809923

http://198.98.51.144

# Reference: https://www.virustotal.com/gui/file/684babd87eaf93c945f7788e0c06b5226b795e6f259492d9fc01d75a182a05ec/detection
# Reference: https://www.virustotal.com/gui/file/44e2057c7466881a61e3b542ce055b3d54aa7d88040ce879a915e20ed996d097/detection

verofes.com

# Reference: https://twitter.com/drb_ra/status/1506723010648158219

86.16.157.0:443

# Reference: https://www.virustotal.com/gui/file/f49ac418e5792a4ad2c868d36769e95b44a85651324f9cab046608e7898e309b/detection
# Reference: https://www.virustotal.com/gui/file/0d71ea1cc9eefea1903eac9cbdcf395edef83204a172f03377cc462f931e02d3/detection

81.71.73.103:5122

# Reference: https://www.virustotal.com/gui/file/f43c649666096e0acf8a99e98d6083bf7a9c5edac3fe94b4d707392a7782608f/detection

81.71.73.103:50007

# Reference: https://www.virustotal.com/gui/file/3afb0a2165bc57ab9c7ab56284e7430bda704f6974d42317c5f5cf05ec2186ed/detection

81.71.73.103:5050

# Reference: https://www.virustotal.com/gui/file/21261d3041ee378a3e07cabda1c7a785bcfa6ac165d6fc251484e0f0c46e2c32/detection

81.71.73.103:4444

# Reference: https://www.virustotal.com/gui/file/e8b1364148736582bbd0434a45f23baf4cbf531c9ce1722cdc43478677bb3ff9/detection
# Reference: https://www.virustotal.com/gui/file/498bca858a3581d2ca3f3069e9a0e248949902cf045972a32efbfd9b90559b50/detection

175.24.180.228:443

# Reference: https://cert.gov.ua/article/38155 (Ukranian)
# Reference: https://www.virustotal.com/gui/file/37e644deee0add76bac9c5121355a03a459b1a97917383765bf3df94e9af7e29/detection

hmgo.pw
ao3.hmgo.pw
/Akihabara@TODEEP/works

# Reference: https://twitter.com/mojoesec/status/1506991537548312584

ascizx.com
britxec.com

# Reference: https://www.virustotal.com/gui/file/e2971febada206ba580bea475f54760d65555aa5ebc635eecec15f5541b611fa/detection
# Reference: https://www.virustotal.com/gui/file/8a5144366c96b0029c8cd770fa79b5df1933edc79598f0f323ec82b0b517c191/detection

43.224.80.8:1111

# Reference: https://www.virustotal.com/gui/file/9ad536ea8f6b3e62acc7641b921582abe001f7e5fb191175d59f939c040f9006/detection
# Reference: https://www.virustotal.com/gui/file/8a9aadda4920b9d01ca759c67d5c10fb1d829cf513448323932e447fc74db729/detection
# Reference: https://www.virustotal.com/gui/file/503c61e882768efac2bb39a17ab1407dcfd246c044e8af4f667201bf0599f8e3/detection

43.224.80.8:89

# Reference: https://www.virustotal.com/gui/file/4fc7b49f14201879f3726128a9d99f6c4bfd0c527b17d7ae8508101ad7ef1118/detection

flash.ski

# Reference: https://twitter.com/malwrhunterteam/status/1507006041526996997
# Reference: https://www.virustotal.com/gui/file/4a2c0014cd39d20100ac56dce337a24f7c310c564e3aa475f7766e02012bfe44/detection

121.40.40.101:95

# Reference: https://twitter.com/drb_ra/status/1506733651962249221

49.232.137.36:8989

# Reference: https://twitter.com/drb_ra/status/1506733725501079553

http://154.23.114.8
http://20.24.65.20
/async/newtab_ogb

# Reference: https://twitter.com/drb_ra/status/1506749566472929287

http://8.210.23.126

# Reference: https://twitter.com/drb_ra/status/1506749639734841348

45.77.45.82:8443
wtf360.cf
live.wtf360.cf

# Reference: https://twitter.com/drb_ra/status/1506749672274210823

45.144.3.235:443

# Reference: https://twitter.com/drb_ra/status/1506749715458707465

http://45.113.2.152

# Reference: https://twitter.com/drb_ra/status/1506749773340160009

45.15.19.114:443
45.15.19.121:443

# Reference: https://twitter.com/drb_ra/status/1506749810887602182

34.85.102.18:8443

# Reference: https://twitter.com/drb_ra/status/1506749832169463808

13.89.226.187:8081

# Reference: https://twitter.com/drb_ra/status/1506749865983889426

http://34.255.136.123

# Reference: https://twitter.com/drb_ra/status/1506749894257778693

http://156.196.106.56

# Reference: https://twitter.com/drb_ra/status/1506947514926309381

1.13.194.73:1234

# Reference: https://twitter.com/drb_ra/status/1506947542914842634

124.223.42.234:8621

# Reference: https://twitter.com/drb_ra/status/1506947590226649088

http://104.168.214.214

# Reference: https://twitter.com/drb_ra/status/1506947627681779716

84.32.188.16:444

# Reference: https://twitter.com/drb_ra/status/1506947658434457613

45.9.150.87:88

# Reference: https://twitter.com/drb_ra/status/1506947698204815367

134.122.173.24:3006
134.122.173.36:3006

# Reference: https://twitter.com/drb_ra/status/1506947758275678214

47.94.38.147:1234

# Reference: https://twitter.com/drb_ra/status/1506947791565864961

http://92.255.85.90

# Reference: https://twitter.com/drb_ra/status/1506947849363365889

104.243.22.77:2096
anduin9527.tk
zh.anduin9527.tk

# Reference: https://twitter.com/drb_ra/status/1506947903520219144

http://39.104.166.144

# Reference: https://twitter.com/drb_ra/status/1506947943416451076

service-la8k0zjh-1307406344.cd.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1506947985644691456

http://135.148.9.77

# Reference: https://twitter.com/drb_ra/status/1506948044151037964

http://159.223.228.230

# Reference: https://twitter.com/drb_ra/status/1506948090774933505

terrygetshell.space

# Reference: https://twitter.com/drb_ra/status/1506948142981427201

service-cvd7d5xh-1307608206.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1506948175910903813

1.117.232.204:8888

# Reference: https://twitter.com/drb_ra/status/1506948200896290820

101.43.147.69:8088

# Reference: https://twitter.com/drb_ra/status/1506948242491195401

92.118.36.151:89

# Reference: https://twitter.com/drb_ra/status/1506948313483993095

34.255.136.123:443
weldbuz.com

# Reference: https://twitter.com/drb_ra/status/1506948357297688579

http://159.65.244.19

# Reference: https://twitter.com/drb_ra/status/1506998707295854602

135.148.9.77:443

# Reference: https://twitter.com/drb_ra/status/1506998806063243265

edge-chrome.com

# Reference: https://twitter.com/drb_ra/status/1506999023013613585

109.71.254.104:8888

# Reference: https://twitter.com/drb_ra/status/1506999092832088064

http://42.192.206.115

# Reference: https://twitter.com/drb_ra/status/1507036387018690561
# Reference: https://www.virustotal.com/gui/file/3431752e722428105467af57ed3bd04a984773a95e149ad74e03dd4cd9b68c41/detection
# Reference: https://www.virustotal.com/gui/file/31a6c9dd421d7f24964b547bdaad0f4fb00047984f36b07723f1cde9ba067ce5/detection

1.117.176.102:10035
1.117.176.102:13744
124.222.164.175:10035
124.222.164.175:13744

# Reference: https://twitter.com/drb_ra/status/1507036419805650946

39.106.190.161:88

# Reference: https://twitter.com/drb_ra/status/1507036504358637571

212.60.5.245:443

# Reference: https://twitter.com/drb_ra/status/1507036543176921091

124.223.219.129:2222

# Reference: https://twitter.com/drb_ra/status/1507036570746077193

http://106.55.227.87

# Reference: https://twitter.com/drb_ra/status/1507036617189568517

124.222.218.215:10001

# Reference: https://twitter.com/drb_ra/status/1507036668984967171

python35.com

# Reference: https://twitter.com/drb_ra/status/1507036725180260355

112.74.48.255:8999

# Reference: https://twitter.com/drb_ra/status/1507036755463225356

175.24.203.159:3061

# Reference: https://twitter.com/drb_ra/status/1507036785834082309
# Reference: https://twitter.com/drb_ra/status/1507036787054624776
# Reference: https://twitter.com/drb_ra/status/1507036788287750156
# Reference: https://twitter.com/drb_ra/status/1507036789453774852
# Reference: https://www.virustotal.com/gui/file/b180733a010ea0fa4a97cd445023c2d769ccd18d97d3c28b8c818bb1491c5cb0/detection

111.123.50.143:443
113.105.165.183:443
119.1.249.181:443
222.218.187.192:443

# Reference: https://twitter.com/drb_ra/status/1507036870202515462

1.14.76.111:11001

# Reference: https://twitter.com/drb_ra/status/1507036934887124993

service-ghkou4tq-1306726071.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1507036985172676610

47.99.136.108:3443

# Reference: https://twitter.com/drb_ra/status/1507037012792160258

47.94.3.175:9100

# Reference: https://www.virustotal.com/gui/file/cfff62aff40dacfd532e78ffd2df545b9fe7f277353dd10176519babdeae58bc/detection

3.135.235.130:8002

# Reference: https://www.virustotal.com/gui/file/c27c16af4d315e2022f2bda8d6f7ed9802ca944c3005d70a08f7ca9763b31b20/detection

178.208.94.214:1234

# Reference: https://www.virustotal.com/gui/file/5667457b3ff5c537bbb975c1e0eeae5291e5fab3b7340becfc319ec9017ddb46/detection

178.208.94.214:443

# Reference: https://www.virustotal.com/gui/file/9210dbba82e5318c5c876ed8c5c1fe6137fad2fc1b7bd9611b8a47d3162cb0e4/detection
# Reference: https://www.virustotal.com/gui/file/2fd4ef935783b0634fb5e344ba6c58a7614f1b6a82f36b423acf6cee7ce4a647/detection

http://205.185.126.53

# Reference: https://www.virustotal.com/gui/file/f558d0a424c0ea34eefc4367e6e1956f60007a67642ab3a018653d57240fa043/detection

175.178.75.220:7788

# Reference: https://www.virustotal.com/gui/file/c6ed92d9022ecb24f6c766ef3609a662d6dbd092b820d811867ad2015c92b688/detection

ystrone.top

# Reference: https://www.virustotal.com/gui/file/87ed9c0261c8c2883f24749fc6d3a14be21468472bfa2895313bf66d01e55998/detection

175.178.75.220:3333
/mycodetestfloor/aes_cbc_run.txt
/mycodetestfloor/aes_cbc_shellcode.txt

# Reference: https://www.virustotal.com/gui/file/140837321ed97b13affe78527e6c945bf49f7bd8eb501ce479fe85ad911ce48a/detection
# Reference: https://www.virustotal.com/gui/file/bd56f1849c705ba1ffc32a9d9b8f980def6510fd59949a3647978f46fe9b35b2/detection

http://47.243.126.126

# Reference: https://pastebin.com/XpWGHjQG

5gzvip.91tunnel.com
60z7e5b1ld.execute-api.eu-west-2.amazonaws.com
agoegations.com
ap-southeast-1.prod.pr.analytics.amazon.com.amazonaws.la
api.manxtelecon.com
manxtelecon.com
ascssdovsovosdvkodsvjdjbodi.cctv789.org
atsecurity.tk
auth.mmicrosoft.top
mmicrosoft.top
cuphq.com
d18krv932r2kbr.cloudfront.net
d2g37k1rs1nihw.cloudfront.net
download.windowspowerr.com
flash-com.tk
windowspowerr.com
forgottentok2.xyz
fcalebook.com
chinatelecom-hr.com
fnmsdtx.aliyundemo.com
aliyundemo.com
hk.fcalebook.com
hur.wolftaam.xyz
wolftaam.xyz
forgottentok2.xyz
k01.forgottentok2.xyz
mail.chinatelecom-hr.com
chinatelecom-hr.com
microsoftchina.org
micsoft.shop
nquy.xyz
pinger.uk
remote.nedsecures.co.za
saffic.xyz
service-e21y06jw-1252281553.gz.apigw.tencentcs.com
service-fht9632i-1305160635.hk.apigw.tencentcs.com
service-i4azzy2z-1253427180.sh.apigw.tencentcs.com
service-la8k0zjh-1307406344.cd.apigw.tencentcs.com
service-m328t91d-1307678690.bj.apigw.tencentcs.com
service-mb04jg90-1308769889.gz.apigw.tencentcs.com
service-mp2sc0gc-1301679103.gz.apigw.tencentcs.com
sinatxbaidu.oneneo.xyz
oneneo.xyz
cdn-windows.com
update.cdn-windows.com
vpn.weteck.site
weteck.site

# Reference: https://threatfox.abuse.ch/browse/tag/PEGTECHINC-AP-01/

http://107.148.13.14
http://107.148.237.30
107.148.129.237:2053
107.148.130.155:8443
107.148.236.180:8443
107.148.237.66:8443
107.148.238.243:8080
107.148.13.14:443
107.148.14.42:8080
mlcro50ft.com
data.mlcro50ft.com
/asdjkqwueiqwydsah1237812jdhgsa3

# Reference: https://twitter.com/drb_ra/status/1507128576428195845

62.113.255.12:4432
macpromoworld7917.workers.dev
helloworld.macpromoworld7917.workers.dev

# Reference: https://twitter.com/drb_ra/status/1507128602327986176

152.70.237.127:4443

# Reference: https://twitter.com/drb_ra/status/1507128618161479682

173.82.153.102:8044

# Reference: https://twitter.com/drb_ra/status/1507128650755420172

45.113.2.152:4444

# Reference: https://twitter.com/drb_ra/status/1507128674574819340

209.141.44.191:88

# Reference: https://twitter.com/drb_ra/status/1507128697102417922

101.43.40.206:8085

# Reference: https://twitter.com/drb_ra/status/1507128730702995462

198.148.120.78:10443

# Reference: https://twitter.com/drb_ra/status/1507128754203725825

http://120.25.201.123

# Reference: https://twitter.com/drb_ra/status/1507128799456116738

161.129.39.160:4444

# Reference: https://twitter.com/drb_ra/status/1507128819601350662

34.85.102.18:8899

# Reference: https://twitter.com/drb_ra/status/1507128846289616902

http://69.61.38.230

# Reference: https://twitter.com/drb_ra/status/1507128880586530824

cloudkey.ink

# Reference: https://twitter.com/drb_ra/status/1507128949553381388

http://154.38.230.182

# Reference: https://twitter.com/drb_ra/status/1507128984236175367

healthcaresupplierinstitute.com
api.healthcaresupplierinstitute.com

# Reference: https://twitter.com/drb_ra/status/1507129024899866624

64.112.41.24:443

# Reference: https://twitter.com/drb_ra/status/1507129060358504456

http://34.195.62.65

# Reference: https://twitter.com/drb_ra/status/1507129095062233093

206.166.251.190:8080

# Reference: https://twitter.com/drb_ra/status/1507129136673964032

209.133.223.69:8080
edgestat.org

# Reference: https://twitter.com/drb_ra/status/1507129173780881419

http://166.1.8.206
http://185.38.142.179

# Reference: https://twitter.com/drb_ra/status/1507129226608193537

http://103.148.58.227
http://103.148.58.228

# Reference: https://twitter.com/drb_ra/status/1507129265321558016

47.100.131.229:8089

# Reference: https://twitter.com/drb_ra/status/1507129289145266177

158.247.197.14:8886

# Reference: https://twitter.com/drb_ra/status/1507129316827611142

45.79.24.52:443

# Reference: https://twitter.com/drb_ra/status/1507129400369815556

http://45.164.21.137

# Reference: https://twitter.com/drb_ra/status/1507129425971888133

203.96.179.142:2082
cs.bc8.in

# Reference: https://twitter.com/drb_ra/status/1507129452588933134

165.22.20.155:4433

# Reference: https://twitter.com/drb_ra/status/1507129493521059846

167.179.75.65:443

# Reference: https://twitter.com/drb_ra/status/1507129521811738627

http://103.148.58.227

# Reference: https://twitter.com/drb_ra/status/1507129546612613120

101.36.122.100:801

# Reference: https://twitter.com/drb_ra/status/1507129570348130307

46.101.5.12:4434

# Reference: https://twitter.com/drb_ra/status/1507129589306380297

http://207.148.17.46

# Reference: https://twitter.com/drb_ra/status/1507129621707436041

http://173.249.45.143

# Reference: https://twitter.com/drb_ra/status/1507129659275849735

103.42.212.6:4443

# Reference: https://twitter.com/drb_ra/status/1507129690384912387

http://103.148.58.227
http://103.148.58.229

# Reference: https://twitter.com/drb_ra/status/1507129716008009735

91.132.59.205:89

# Reference: https://twitter.com/drb_ra/status/1507129736811757579

159.223.225.187:443

# Reference: https://twitter.com/drb_ra/status/1507129821377318928

learnandcode.info

# Reference: https://twitter.com/drb_ra/status/1507129852637425666

116.62.220.178:8010

# Reference: https://twitter.com/drb_ra/status/1507129882278563843

http://45.76.147.99

# Reference: https://twitter.com/drb_ra/status/1507156211438960640

ec2-54-169-30-236.ap-southeast-1.compute.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1507277114969669654
# Reference: https://twitter.com/drb_ra/status/1507277129968500737
# Reference: https://twitter.com/drb_ra/status/1507277152609357824
# Reference: https://twitter.com/drb_ra/status/1507309203622408196
# Reference: https://twitter.com/drb_ra/status/1507309653197217796

http://180.178.38.170
http://180.178.38.171
http://180.178.38.172
http://180.178.38.173
http://180.178.38.174

# Reference: https://twitter.com/drb_ra/status/1507277183575859200

123.56.98.161:7777

# Reference: https://twitter.com/drb_ra/status/1507277205914763293

45.164.21.137:443

# Reference: https://twitter.com/drb_ra/status/1507309179064786945

204.44.82.135:3443

# Reference: https://twitter.com/drb_ra/status/1507309209154641956

101.132.178.27:8888

# Reference: https://twitter.com/drb_ra/status/1507309249587732497

106.52.65.141:8899

# Reference: https://twitter.com/drb_ra/status/1507309295444058118

http://106.54.165.204

# Reference: https://twitter.com/drb_ra/status/1507309333205250049

82.157.140.203:30001

# Reference: https://twitter.com/drb_ra/status/1507309361290436653

158.247.196.234:443
linker.best
cloudflare.linker.best

# Reference: https://twitter.com/drb_ra/status/1507309392634470410

13.89.226.187:8091

# Reference: https://twitter.com/drb_ra/status/1507309428403494953

http://106.53.116.63

# Reference: https://twitter.com/drb_ra/status/1507309468329160707

106.55.24.61:443

# Reference: https://twitter.com/drb_ra/status/1507309500700712989

120.76.217.127:8888

# Reference: https://twitter.com/drb_ra/status/1507309526143361044

104.168.9.201:4444

# Reference: https://twitter.com/drb_ra/status/1507309553305673753

51.195.137.28:443

# Reference: https://twitter.com/drb_ra/status/1507309603440136192

13.89.226.187:7080

# Reference: https://twitter.com/drb_ra/status/1507320532454318080

lgbtqplusfriendlydomain.com

# Reference: https://twitter.com/kyleehmke/status/1420781255617024006
# Reference: https://twitter.com/kyleehmke/status/1420781259526131713
# Reference: https://twitter.com/kyleehmke/status/1507345737734103045
# Reference: https://www.virustotal.com/gui/file/eb06baae416d1cef78e185f0584c0637aadee1314c34d6089f301bed3d6090e5/detection

2x.ms
6s.is
flashplayer.download
flashplayer.app
flashplayer.me
flashplayer.one
flashplayer.wiki
wssservice.net
wssservice.org
down.flashplayer.app

# Reference: https://twitter.com/malwrhunterteam/status/1507391119335825435
# Reference: https://www.virustotal.com/gui/file/213691f3232723fa3b62aa9bdf40f99e5aeb91ce9b17d4a187e5ae4b872954ad/detection

54.151.169.71:443
oxfordpreclinical.co.uk

# Reference: https://www.malware-traffic-analysis.net/2022/03/21/index2.html

23.227.198.207:443

# Reference: https://twitter.com/drb_ra/status/1507458132834152449

82.157.44.158:8443

# Reference: https://twitter.com/drb_ra/status/1507458168699322371
# Reference: https://twitter.com/drb_ra/status/1507458220302172162

http://161.35.139.247
161.35.139.247:443

# Reference: https://twitter.com/drb_ra/status/1507458210080296965

139.196.59.1:7777

# Reference: https://twitter.com/drb_ra/status/1507458282356547584

106.54.165.204:4444

# Reference: https://twitter.com/drb_ra/status/1507458358789357568

srdgdr.icp.cool

# Reference: https://twitter.com/drb_ra/status/1507489596824772617

150.158.13.117:9000

# Reference: https://twitter.com/drb_ra/status/1507489623093694467

47.242.148.147:8443
upadte-googie.com
server.upadte-googie.com

# Reference: https://twitter.com/drb_ra/status/1507489736486699013

107.174.63.211:10443

# Reference: https://twitter.com/drb_ra/status/1507489760834727939

93.188.165.186:2080

# Reference: https://twitter.com/drb_ra/status/1507489781550399491

18.223.22.91:443

# Reference: https://twitter.com/drb_ra/status/1507489813125124098

78.128.112.215:443

# Reference: https://twitter.com/drb_ra/status/1507489843613425667

49.51.35.227:4444

# Reference: https://twitter.com/drb_ra/status/1507489868083081220

8.218.52.179:8443
lqtea.net

# Reference: https://twitter.com/drb_ra/status/1507489904460238855

http://192.252.180.68

# Reference: https://twitter.com/drb_ra/status/1507489929730965504

3.35.206.100:8080

# Reference: https://twitter.com/drb_ra/status/1507489953688834052

121.37.236.180:85

# Reference: https://twitter.com/drb_ra/status/1507490010773307394

digitalpirateradio.com
d2w5xnioi4r4gb.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1507490052917628931

144.202.18.185:8080

# Reference: https://twitter.com/drb_ra/status/1507490087310929927

http://8.218.8.196

# Reference: https://twitter.com/drb_ra/status/1507490122748645379

42.194.184.127:8090

# Reference: https://twitter.com/drb_ra/status/1507490147230789642

78.129.165.229:8080

# Reference: https://twitter.com/drb_ra/status/1507490178159501316

46.101.5.12:4437

# Reference: https://twitter.com/drb_ra/status/1507490200544587783

http://1.15.177.188

# Reference: https://twitter.com/drb_ra/status/1507490390739410944

203.96.179.138:2082

# Reference: https://twitter.com/drb_ra/status/1507490478916259840

203.96.179.139:2082

# Reference: https://twitter.com/drb_ra/status/1507490237412519937

203.96.179.141:2082

# Reference: https://twitter.com/drb_ra/status/1507490260430827523

37.72.172.110:8080

# Reference: https://twitter.com/drb_ra/status/1507490295058948096

134.122.173.41:3006

# Reference: https://twitter.com/drb_ra/status/1507490325228621826

d23as6q6xw8w50.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1507490365795938312

104.129.5.65:8443
flash-china.me
kjdhcfv8qvy3v8374twkrht89209o34u398q3gji38493.flash-china.me

# Reference: https://twitter.com/drb_ra/status/1507490417754914820

185.22.152.149:8888

# Reference: https://twitter.com/drb_ra/status/1507490448872464384

34.85.102.18:8444

# Reference: https://twitter.com/drb_ra/status/1507490504656797697

ec2-3-35-206-100.ap-northeast-2.compute.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1507490539473670148

http://154.221.19.62

# Reference: https://twitter.com/drb_ra/status/1507490571690160132

50.3.132.233:1443
dvrsecure.com

# Reference: https://twitter.com/drb_ra/status/1507490593102045187

39.103.149.159:3454

# Reference: https://twitter.com/drb_ra/status/1507490616057503748

86.105.227.127:443
host56jl5300.hopto.org

# Reference: https://twitter.com/drb_ra/status/1507490702812495875

162.33.177.121:443

# Reference: https://twitter.com/drb_ra/status/1507639520216465415

http://5.199.173.96
clscovpn.com

# Reference: https://twitter.com/drb_ra/status/1507639626600701957
# Reference: https://twitter.com/drb_ra/status/1507639669915328512

http://5.199.173.93
5.199.173.93:443
vpncltrlx.com

# Reference: https://twitter.com/drb_ra/status/1507639730669867008

epizyne.com

# Reference: https://twitter.com/drb_ra/status/1507671213463777283

http://124.222.87.79

# Reference: https://twitter.com/drb_ra/status/1507671291880484866

http://81.69.58.75

# Reference: https://twitter.com/drb_ra/status/1507671332087083013

124.222.95.210:443

# Reference: https://twitter.com/drb_ra/status/1507671387514748928

124.223.174.208:443

# Reference: https://twitter.com/drb_ra/status/1507671427050311682

119.84.112.221:14806

# Reference: https://twitter.com/drb_ra/status/1507671463805046786

119.91.210.105:30000

# Reference: https://twitter.com/drb_ra/status/1507671484369670147

139.155.89.235:443

# Reference: https://twitter.com/drb_ra/status/1507671524593000451

http://1.14.17.38

# Reference: https://twitter.com/drb_ra/status/1507671576010969090

124.223.81.59:8080

# Reference: https://twitter.com/drb_ra/status/1507730264667136011

103.40.138.52:443

# Reference: https://twitter.com/drb_ra/status/1507761108983164929

http://120.132.81.24

# Reference: https://twitter.com/drb_ra/status/1507761167334350848

42.192.78.77:8443
study.kurokoleung.cn

# Reference: https://twitter.com/drb_ra/status/1507761240294232064

http://173.249.45.143

# Reference: https://twitter.com/drb_ra/status/1507761243351830529

http://121.5.28.157

# Reference: https://twitter.com/drb_ra/status/1507761301350723592

1.15.170.122:8443

# Reference: https://twitter.com/drb_ra/status/1507810148022112259
# Reference: https://twitter.com/drb_ra/status/1507810152027770880

http://80.92.205.224
80.92.205.224:443

# Reference: https://twitter.com/drb_ra/status/1507820769690103810

http://101.43.149.199

# Reference: https://twitter.com/drb_ra/status/1507820908806905860

101.43.215.182:8033

# Reference: https://twitter.com/drb_ra/status/1507852167767547908

http://158.247.231.135

# Reference: https://twitter.com/drb_ra/status/1507852251527843848

136.144.41.104:7070

# Reference: https://twitter.com/drb_ra/status/1507852283245121549

34.85.102.18:8889

# Reference: https://twitter.com/drb_ra/status/1507852303340118017
# Reference: https://twitter.com/drb_ra/status/1507852343827734536

104.232.108.186:443
104.232.108.188:443
104.232.108.189:443

# Reference: https://twitter.com/drb_ra/status/1507852376350367754

193.42.24.154:443

# Reference: https://twitter.com/drb_ra/status/1507852428808540164

203.96.179.140:2082

# Reference: https://twitter.com/drb_ra/status/1507852462216122370

47.107.78.225:8800

# Reference: https://twitter.com/drb_ra/status/1507852485251280903

101.43.167.24:8001

# Reference: https://twitter.com/drb_ra/status/1507852507124535307

37.1.208.2:443

# Reference: https://twitter.com/drb_ra/status/1507852547100454915

104.168.214.214:2096
guess-me.tk

# Reference: https://twitter.com/drb_ra/status/1507852570810884103

45.87.155.219:443

# Reference: https://twitter.com/drb_ra/status/1507852609960521731

142.11.213.225:443

# Reference: https://twitter.com/drb_ra/status/1507852643661713415

verybugpromotions.com

# Reference: https://twitter.com/drb_ra/status/1507852690096902148

64.112.41.9:2095
426f7n6348.qicp.vip

# Reference: https://twitter.com/drb_ra/status/1507852711995322374

45.76.103.80:8082
cottonball.xyz

# Reference: https://twitter.com/drb_ra/status/1507852747789508610

http://158.247.200.112

# Reference: https://twitter.com/drb_ra/status/1507852771122372615

143.244.156.213:443

# Reference: https://twitter.com/drb_ra/status/1507852808883687425

185.22.152.149:443

# Reference: https://twitter.com/drb_ra/status/1507852838252253196

46.101.5.12:4436

# Reference: https://twitter.com/drb_ra/status/1507852856380035081

180.101.25.48:9123

# Reference: https://twitter.com/drb_ra/status/1507852877074735107

# Reference: https://twitter.com/drb_ra/status/1507852877074735107

107.174.63.211:8443

# Reference: https://twitter.com/drb_ra/status/1507852944556834822

165.22.20.155:443

# Reference: https://twitter.com/drb_ra/status/1507853004938088464

http://115.77.97.214

# Reference: https://twitter.com/drb_ra/status/1507853017365811204

158.247.224.22:8443

# Reference: https://twitter.com/drb_ra/status/1507871600628150280

onelogin-sso.com

# Reference: https://twitter.com/drb_ra/status/1508001866130599939

121.5.28.157:8080

# Reference: https://twitter.com/drb_ra/status/1508001945268764679

8.210.23.126:443

# Reference: https://twitter.com/drb_ra/status/1508034412314861569

service-425yao4l-1301596290.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1508034449413451780

124.71.215.111:443

# Reference: https://twitter.com/drb_ra/status/1508034469751578629

124.222.238.34:7856

# Reference: https://twitter.com/drb_ra/status/1508034494225432579

42.194.217.136:443

# Reference: https://twitter.com/drb_ra/status/1508034521773527041

124.223.112.213:99

# Reference: https://twitter.com/drb_ra/status/1508034584713256961

45.134.174.161:443

# Reference: https://twitter.com/drb_ra/status/1508034603071725572

101.132.178.27:443

# Reference: https://twitter.com/drb_ra/status/1508034660252766214

124.223.6.31:7777

# Reference: https://twitter.com/drb_ra/status/1508034687410708480

http://101.34.33.35

# Reference: https://twitter.com/drb_ra/status/1508034748765118474

159.75.249.102:2082
syst1m.tk

# Reference: https://twitter.com/drb_ra/status/1508034778725072902

124.70.208.179:4100

# Reference: https://twitter.com/drb_ra/status/1508092470093127684

service-4fimktpq-1308337151.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1508092603409043463

37.221.64.38:8082

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2021-November/030494.html

asureupdate.pro
asureupdate.tech

# Reference: https://twitter.com/drb_ra/status/1508125169549729795

45.117.103.119:443

# Reference: https://twitter.com/drb_ra/status/1508125198175899661

http://2.56.59.42
http://45.147.179.211

# Reference: https://twitter.com/drb_ra/status/1508125221915705350

179.43.175.178:8098

# Reference: https://twitter.com/drb_ra/status/1508125261023301632

msupdater.net

# Reference: https://twitter.com/drb_ra/status/1508125295257260049

http://165.22.20.155

# Reference: https://twitter.com/drb_ra/status/1508125322436390914

109.71.254.104:4443

# Reference: https://twitter.com/drb_ra/status/1508125344938745868

45.76.223.217:443

# Reference: https://twitter.com/drb_ra/status/1508125370041741317

137.175.19.159:808

# Reference: https://twitter.com/drb_ra/status/1508125388987379717

45.150.67.56:8021

# Reference: https://twitter.com/drb_ra/status/1508125412374814723

81.68.182.138:8880

# Reference: https://twitter.com/drb_ra/status/1508125438689882115
# Reference: https://twitter.com/drb_ra/status/1508125439558131714
# Reference: https://twitter.com/drb_ra/status/1508125440640176132

d1dt97cxhesza0.cloudfront.net
d23d9h1kce738z.cloudfront.net
d24vgt50z5t73h.cloudfront.net
drp848k7v81la.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1508125543870484491

194.135.32.100:50001

# Reference: https://twitter.com/drb_ra/status/1508125580851838976

51.210.8.216:28828
79.137.115.145:28828

# Reference: https://twitter.com/drb_ra/status/1508125608164925444

45.128.156.106:443

# Reference: https://twitter.com/drb_ra/status/1508125645083226121

3.24.214.105:443

# Reference: https://twitter.com/drb_ra/status/1508125709369290755

104.232.108.187:443

# Reference: https://twitter.com/drb_ra/status/1508125733687808003

164.92.64.221:443

# Reference: https://twitter.com/drb_ra/status/1508125764876746757

188.166.72.214:4444

# Reference: https://twitter.com/drb_ra/status/1508125798712193044

45.87.155.219:10443

# Reference: https://twitter.com/drb_ra/status/1508125821613056002

51.210.243.38:5277

# Reference: https://twitter.com/drb_ra/status/1508125859236003847

45.134.174.161:443
80.78.26.227:443

# Reference: https://twitter.com/drb_ra/status/1508172540245594112

80.92.205.142:443

# Reference: https://twitter.com/drb_ra/status/1508183148739313666

service-d30f8m92-1307699323.gz.apigw.tencentcs.com

# Reference: https://twitter.com/kyleehmke/status/1508431476651704331
# Reference: https://twitter.com/drb_ra/status/1508817323133706259

ms-upd.com
update.ms-upd.com
update1.ms-upd.com

# Reference: https://twitter.com/TheDFIRReport/status/1508451341844168706
# Reference: https://twitter.com/drb_ra/status/1508575799330459649

23.227.199.10:757
sonicwall365.com

# Reference: https://twitter.com/malware_traffic/status/1507074075180556294

144.202.49.189:444

# Reference: https://twitter.com/drb_ra/status/1508215296036847619

62.234.134.62:8080

# Reference: https://twitter.com/drb_ra/status/1508215344288124932

81.70.201.156:2095

# Reference: https://twitter.com/drb_ra/status/1508215384771604487

175.24.31.149:443

# Reference: https://twitter.com/drb_ra/status/1508215441986134023

101.43.208.122:443

# Reference: https://twitter.com/drb_ra/status/1508215484927385611

101.201.48.125:443

# Reference: https://twitter.com/drb_ra/status/1508215520230846469

82.156.172.30:8011

# Reference: https://twitter.com/drb_ra/status/1508359651494178816

walkingdeadbaby.workers.dev
purple-rice-b6eb.walkingdeadbaby.workers.dev

# Reference: https://twitter.com/drb_ra/status/1508396122217267203

149.28.125.69:5566

# Reference: https://twitter.com/drb_ra/status/1508396197412810754

42.192.57.96:6660

# Reference: https://twitter.com/drb_ra/status/1508396238093357064

124.222.87.79:4477

# Reference: https://twitter.com/drb_ra/status/1508396345442373633

http://207.148.17.46

# Reference: https://twitter.com/drb_ra/status/1508396369857368065

iheartredteams.com

# Reference: https://twitter.com/drb_ra/status/1508396408193302529

114.132.246.102:139

# Reference: https://twitter.com/drb_ra/status/1508455139816112130

206.189.80.34:443

# Reference: https://twitter.com/TheDFIRReport/status/1508489091935002632

fuckscstc.cf
keycloud.ink
kramerden.onion
lqtea.net
macysrave.com
cdn.fuckscstc.cf

# Reference: https://twitter.com/TheDFIRReport/status/1508458894997209089

fortinetsol.com

# Reference: https://twitter.com/drb_ra/status/1508487366981337099
# Reference: https://www.virustotal.com/gui/file/571faac468f43d9b9c99be0f829de5e9e9dee896b3e79750dbe5b42aa70e2a9c/detection
# Reference: https://www.virustotal.com/gui/file/1eb57d559952ea336a0084a38b0790d06f390ebdcc26376744db0a5b990e892d/detection

104.21.25.55:2096
154.23.186.5:2096
securitydefender.ga

# Reference: https://twitter.com/drb_ra/status/1508487700797665282

msupdater.net

# Reference: https://twitter.com/drb_ra/status/1508487815864139781

43.135.166.146:443

# Reference: https://twitter.com/drb_ra/status/1508487738173145093

165.22.20.155:443

# Reference: https://twitter.com/drb_ra/status/1508487815864139781

101.34.97.101:10039

# Reference: https://twitter.com/drb_ra/status/1508487847090794506

2.56.59.42:443
45.147.179.211:443

# Reference: https://twitter.com/drb_ra/status/1508487905303535625

aig.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1508488000363278344

107.148.14.42:6565

# Reference: https://twitter.com/drb_ra/status/1508488026867081226

107.181.187.111:443

# Reference: https://twitter.com/drb_ra/status/1508488157439926291

116.62.140.21:8462

# Reference: https://twitter.com/drb_ra/status/1508488188070961161

194.87.68.252:4455

# Reference: https://twitter.com/drb_ra/status/1508534932225892365

45.83.122.99:4444

# Reference: https://twitter.com/drb_ra/status/1508545491843358724

borizhog.com

# Reference: https://twitter.com/drb_ra/status/1508545625117413392

173.82.134.187:4444

# Reference: https://twitter.com/drb_ra/status/1508545648118927370

47.93.212.101:10012

# Reference: https://twitter.com/drb_ra/status/1508545670357082125

124.223.112.213:666

# Reference: https://twitter.com/drb_ra/status/1508545770743640067

eplzyme.com

# Reference: https://twitter.com/drb_ra/status/1508574379952726019

146.70.81.76:4443

# Reference: https://twitter.com/drb_ra/status/1508577213070852110
# Reference: https://twitter.com/drb_ra/status/1508577214283005955
# Reference: https://twitter.com/drb_ra/status/1508577215604273156

d3m17u1lrew77y.cloudfront.net
d3snzf9pqwtdoo.cloudfront.net
d89xmmx6e5grb.cloudfront.net
drco8vxzb7qyc.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1508577577006505990

172.96.186.51:787
estudiopay.com

# Reference: https://twitter.com/drb_ra/status/1508578496175607810

188.244.189.84:8080

# Reference: https://twitter.com/drb_ra/status/1508578558481997825

39.98.157.4:8080

# Reference: https://twitter.com/drb_ra/status/1508578604300619776

fortlvpn.com

# Reference: https://twitter.com/drb_ra/status/1508578644842762242

180.76.105.82:8443

# Reference: https://twitter.com/drb_ra/status/1508578763151400963

13.89.226.187:8114

# Reference: https://twitter.com/drb_ra/status/1508759972338970633

apabfs.icu

# Reference: https://twitter.com/drb_ra/status/1508760006132383752

credit-approve.azurewebsites.net

# Reference: https://twitter.com/drb_ra/status/1508760036889313285

23.227.178.65:8080

# Reference: https://twitter.com/drb_ra/status/1508760085379616772

121.4.240.92:443

# Reference: https://twitter.com/drb_ra/status/1508760113330409480

ftp-download.com
arkdaily.ftp-download.com

# Reference: https://twitter.com/drb_ra/status/1508760159736246275

bitmuch.net

# Reference: https://twitter.com/drb_ra/status/1508760204174893061

hellomrsone.com

# Reference: https://twitter.com/drb_ra/status/1508760233736388611

20.92.125.177:443
/mobile-ipad-home

# Reference: https://twitter.com/drb_ra/status/1508760269916454916

http://52.166.132.232

# Reference: https://twitter.com/drb_ra/status/1508760283510149124

# Reference: https://twitter.com/drb_ra/status/1508760283510149124

http://118.195.188.99

# Reference: https://twitter.com/drb_ra/status/1508760320545800199

us-central1-il-115.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1508760391807115268

174.86.157.66:4444

# Reference: https://twitter.com/drb_ra/status/1508760419925733376

edgecloud.ink

# Reference: https://twitter.com/drb_ra/status/1508760468692910080

47.243.204.208:8443
up-flash.com
adult.up-flash.com

# Reference: https://twitter.com/drb_ra/status/1508760498250080263

124.221.244.23:4444

# Reference: https://twitter.com/drb_ra/status/1508760511759982597

43.154.21.137:8443

# Reference: https://twitter.com/drb_ra/status/1508760565178580995

209.141.55.88:443

# Reference: https://twitter.com/drb_ra/status/1508760621055098881

us-central1-il-5263.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1508760658086703106

91.210.105.59:31003
klartbe.onion

# Reference: https://twitter.com/drb_ra/status/1508760684884107265

faceupfinder.com

# Reference: https://twitter.com/drb_ra/status/1508760719935905795

http://124.223.171.188

# Reference: https://twitter.com/drb_ra/status/1508760746682896388

http://129.153.129.220

# Reference: https://twitter.com/drb_ra/status/1508760816979521542

lambido.com

# Reference: https://twitter.com/drb_ra/status/1508760845249036288

edgebetaupdater.com

# Reference: https://twitter.com/drb_ra/status/1508760928040505345

42.192.78.77:88

# Reference: https://twitter.com/drb_ra/status/1508760972458086407

http://23.227.203.40

# Reference: https://twitter.com/drb_ra/status/1508761008579436547

vvvth.com
c.vvvth.com
/sdjfklsdjfklsjdkfljsdklfjlkuiower

# Reference: https://twitter.com/drb_ra/status/1508761073717059586

hellomrsone.com

# Reference: https://twitter.com/drb_ra/status/1508761106264866822

81.68.67.216:8088

# Reference: https://twitter.com/drb_ra/status/1508761130193375234

209.141.55.88:8888

# Reference: https://twitter.com/drb_ra/status/1508761174183235585

chfschool.com

# Reference: https://twitter.com/drb_ra/status/1508761212200394763

d2bglmhs9fkewh.cloudfront.net
d380v0rxo2agmm.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1508761250150371329

91.210.105.71:31002
barmnava.onion

# Reference: https://twitter.com/drb_ra/status/1508761278340386818

54.39.83.137:8080
burmesebleaker.com

# Reference: https://twitter.com/drb_ra/status/1508761318454710273

170.178.217.162:8443

# Reference: https://twitter.com/drb_ra/status/1508726698405150723

anidoz.com

# Reference: https://twitter.com/drb_ra/status/1508726844375322627

42.193.151.69:556

# Reference: https://twitter.com/drb_ra/status/1508759123743199239

chesft.com

# Reference: https://twitter.com/drb_ra/status/1508759154910973953
# Reference: https://twitter.com/drb_ra/status/1508759726716301314

http://64.225.55.55
64.225.55.55:443

# Reference: https://twitter.com/drb_ra/status/1508759188469694466

101.35.142.171:9999

# Reference: https://twitter.com/drb_ra/status/1508759219545288704

avupdaterprocces.com

# Reference: https://twitter.com/drb_ra/status/1508759255846998023
# Reference: https://twitter.com/drb_ra/status/1508759597137502214

8.210.226.73:8080
8.210.226.73:8443
aliclound-cdn.com

# Reference: https://twitter.com/drb_ra/status/1508759281646120972

52.166.132.232:443

# Reference: https://twitter.com/drb_ra/status/1508759401015955456

harborfreight.delivery

# Reference: https://twitter.com/drb_ra/status/1508759492359565320

101.34.205.66:55443

# Reference: https://twitter.com/drb_ra/status/1508759512374820865

195.133.53.84:8086

# Reference: https://twitter.com/drb_ra/status/1508759531253293056

healthank.com

# Reference: https://twitter.com/drb_ra/status/1508759567387267075

forxuc.com
ver.forxuc.com

# Reference: https://twitter.com/drb_ra/status/1508759626174631937

http://50.93.205.198

# Reference: https://twitter.com/drb_ra/status/1508759791526719491

d2cvst6yj94t97.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1508759860619456516

54.39.83.137:8443

# Reference: https://www.virustotal.com/gui/file/4d14071d426c3d03fef4faa13ebc3f5136203b40eab01f9cd3e521470f337111/detection

139.9.209.241:4444

# Reference: https://twitter.com/malwrhunterteam/status/1508860209392926723
# Reference: https://www.virustotal.com/gui/file/55600ecd0a51e9b581fe5a0c6b8aaddccdea5656523ca39bd106e6a13082d314/detection

104.21.52.239:2053
ffiash.xyz

# Reference: https://twitter.com/drb_ra/status/1508817398324994068

23.224.70.228:4433

# Reference: https://twitter.com/drb_ra/status/1508817441597579272

fortlvpnconnect.com

# Reference: https://twitter.com/drb_ra/status/1508817515199315985

http://23.227.198.246

# Reference: https://twitter.com/drb_ra/status/1508817553774329866

service-bc25l233-1305245608.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1508817635999428622

49.232.202.213:84

# Reference: https://twitter.com/drb_ra/status/1508849138250698754

64.112.41.69:2096

# Reference: https://twitter.com/drb_ra/status/1508849167296311297

192.3.128.243:9081

# Reference: https://twitter.com/drb_ra/status/1508849196643852295

101.35.10.69:9999

# Reference: https://twitter.com/drb_ra/status/1508849225546805258

157.245.148.231:8081

# Reference: https://twitter.com/drb_ra/status/1508849263832358913

service-8wiw5m86-1258984158.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1508849296325718018

43.132.192.214:8899

# Reference: https://twitter.com/drb_ra/status/1508849323508912141
# Reference: https://twitter.com/drb_ra/status/1508849359252828162

20.214.205.89:8443
find3321.com
always.find3321.com
oneload.find3321.com

# Reference: https://twitter.com/drb_ra/status/1508849395768471567

2.56.59.42:10443

# Reference: https://twitter.com/drb_ra/status/1508849461606375426
# Reference: https://twitter.com/drb_ra/status/1508849462650806280
# Reference: https://twitter.com/drb_ra/status/1508849463703572488

d2mscq42iy7dt6.cloudfront.net
d2w9wmfxw0972p.cloudfront.net
d3dndf6mzn5ve3.cloudfront.net
d3pwhbs0vjbfrp.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1508849561401499651

http://193.149.176.47

# Reference: https://twitter.com/drb_ra/status/1508849610625851392

43.129.88.120:8999

# Reference: https://twitter.com/drb_ra/status/1508849655798448133

108.61.126.234:7788
api10.ddnsfree.com

# Reference: https://twitter.com/drb_ra/status/1508849688119808014

64.112.41.69:2052

# Reference: https://twitter.com/drb_ra/status/1508849719216422922

87.251.71.76:443

# Reference: https://twitter.com/drb_ra/status/1508849755631374356

43.246.208.209:443

# Reference: https://twitter.com/drb_ra/status/1508849785159262220

http://20.123.10.96

# Reference: https://twitter.com/drb_ra/status/1508849819481264141

66.154.107.116:443

# Reference: https://twitter.com/drb_ra/status/1508849850875584518

185.158.114.91:13443

# Reference: https://twitter.com/drb_ra/status/1508849881301065736

http://43.246.208.209

# Reference: https://twitter.com/drb_ra/status/1508849916969422856

http://173.82.219.148

# Reference: https://twitter.com/drb_ra/status/1508849944639291401

http://54.38.29.208

# Reference: https://twitter.com/drb_ra/status/1508849978218881024

114.55.3.82:8080

# Reference: https://twitter.com/drb_ra/status/1508850005528006661

23.224.42.15:6543

# Reference: https://twitter.com/drb_ra/status/1508850075849703433

http://138.3.214.138

# Reference: https://twitter.com/drb_ra/status/1508850110742073350

134.122.29.111:443

# Reference: https://twitter.com/drb_ra/status/1508850141779877896

146.0.72.85:443

# Reference: https://twitter.com/drb_ra/status/1508850178203308032

146.70.78.59:8888
sedrf.icu

# Reference: https://twitter.com/drb_ra/status/1508850202354061324

159.65.84.206:443

# Reference: https://twitter.com/drb_ra/status/1508850231168880659

107.172.190.151:8443
vk.qa
cs44.vk.qa

# Reference: https://twitter.com/drb_ra/status/1508850270943563777

142.93.228.58:8080

# Reference: https://twitter.com/drb_ra/status/1508850304242143233

http://185.135.72.100
imagepaper.tk
image.imagepaper.tk

# Reference: https://twitter.com/drb_ra/status/1508850350903771144

xinchen.space
yuankong.xinchen.space

# Reference: https://twitter.com/drb_ra/status/1508850397644996615

http://107.181.187.111

# Reference: https://twitter.com/drb_ra/status/1508850454637297682

http://107.189.30.131

# Reference: https://twitter.com/drb_ra/status/1508850493132529674

170.106.194.97:6789

# Reference: https://twitter.com/drb_ra/status/1508850552679157768

154.222.231.87:8080

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/

wikipedia-book.vote

# Reference: https://www.virustotal.com/gui/file/635a7ff5554d4a5d07e91163d16e7cc713b40ecd63477a93f73f1b8abcf41e18/detection

45.142.122.255:2313

# Reference: https://www.virustotal.com/gui/file/9cd7964d14e96006bf3f2442fc90b71110369b21e412850551fa682419c5c04b/detection

45.142.122.255:7777

# Reference: https://twitter.com/malwrhunterteam/status/1508883876801875977

d1q3mirlmtaaob.cloudfront.net

# Reference: https://twitter.com/h2jazi/status/1508942910401699844
# Reference: https://twitter.com/h2jazi/status/1508942913979494403
# Reference: https://www.virustotal.com/gui/file/e6ecb28f57fff1548b46869a15d5e684ba21fd724f833292438bdbc11b43666e/detection
# Reference: https://www.virustotal.com/gui/file/4ee626e058e7be9e5d20f314895500c5abf34c61a15a3b9b4f90c04f88c26aad/detection
# Reference: https://www.virustotal.com/gui/file/4ee626e058e7be9e5d20f314895500c5abf34c61a15a3b9b4f90c04f88c26aad/detection
# Reference: https://www.virustotal.com/gui/file/c76a753ed6059f6251a1ae8c6bd36cd931c81fc918574261a7acfb4893e0141c/detection

93.115.25.134:443
roskazna.net

# Reference: https://www.virustotal.com/gui/file/09f6c1c60d6d471a0dcc78523e338df2826df8cd6f6528c396077e88481d06e1/detection

mail.igov-service.net

# Reference: https://twitter.com/drb_ra/status/1508897331835551744

193.178.169.74:8191

# Reference: https://twitter.com/drb_ra/status/1508907960105422849
# Reference: https://twitter.com/drb_ra/status/1509142666965094408

80.78.23.227:88
92.118.36.151:88
alabama.boutique
elegance-business.eu
usa-finance-credit.eu

# Reference: https://twitter.com/drb_ra/status/1508907969257291779

101.43.96.92:700

# Reference: https://twitter.com/drb_ra/status/1508908050022817813

prlvatevpncisco.com

# Reference: https://twitter.com/drb_ra/status/1508908121191854082

146.70.78.59:4444

# Reference: https://twitter.com/drb_ra/status/1508908238003216398

23.224.70.227:4433

# Reference: https://twitter.com/drb_ra/status/1508940129162965002

# Reference: https://twitter.com/drb_ra/status/1508940129162965002

114.116.249.62:10251

# Reference: https://twitter.com/drb_ra/status/1508940160456658948

49.234.108.167:7788

# Reference: https://twitter.com/drb_ra/status/1508940212721889288

119.91.223.177:9999
service-62ff6099-1302108328.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1508940306502279168

150.158.212.148:443

# Reference: https://twitter.com/drb_ra/status/1509142115443478536

42.192.44.224:8080

# Reference: https://twitter.com/drb_ra/status/1509142151036383237

185.7.214.247:443

# Reference: https://twitter.com/drb_ra/status/1509142220884094978

39.102.50.219:6666

# Reference: https://twitter.com/drb_ra/status/1509142250193928196

165.154.229.59:8443

# Reference: https://twitter.com/drb_ra/status/1509142278660575235

124.223.185.141:84

# Reference: https://twitter.com/drb_ra/status/1509142304598241287

http://121.37.10.98

# Reference: https://twitter.com/drb_ra/status/1509142336609177603

101.42.252.23:8099

# Reference: https://twitter.com/drb_ra/status/1509142356540502017

180.215.135.111:9999

# Reference: https://twitter.com/drb_ra/status/1509142386080948229

http://192.3.145.46

# Reference: https://twitter.com/drb_ra/status/1509142427772280834

bittasty.org

# Reference: https://twitter.com/drb_ra/status/1509142433086554119

cdn-web.net
westorck.com

# Reference: https://twitter.com/drb_ra/status/1509142465374212099

http://124.223.206.101

# Reference: https://twitter.com/drb_ra/status/1509142498026926082

124.223.53.86:8011

# Reference: https://twitter.com/drb_ra/status/1509142528901193732

101.42.228.86:5555

# Reference: https://twitter.com/drb_ra/status/1509142580981903360

101.34.182.130:7777

# Reference: https://twitter.com/drb_ra/status/1509142734711439364

20.113.35.78:9443

# Reference: https://twitter.com/drb_ra/status/1509142761445990405

101.201.45.38:4445

# Reference: https://twitter.com/drb_ra/status/1509142805695897600

42.193.21.121:10443

# Reference: https://twitter.com/drb_ra/status/1509142842266034183

170.106.194.97:4443

# Reference: https://twitter.com/drb_ra/status/1509142888499724292

39.99.173.55:8443

# Reference: https://twitter.com/drb_ra/status/1509142926072369161

http://49.232.191.102

# Reference: https://twitter.com/drb_ra/status/1509142965335252999

204.188.203.207:9443

# Reference: https://twitter.com/drb_ra/status/1509179513460215811

121.5.154.138:7777

# Reference: https://twitter.com/drb_ra/status/1509179632981090310

loll.be

# Reference: https://twitter.com/drb_ra/status/1509179758151708672

http://47.103.212.17

# Reference: https://twitter.com/drb_ra/status/1509179838531358727

qianxin.asia
mail.qianxin.asia

# Reference: https://twitter.com/drb_ra/status/1509179900997079046

107.172.140.180:443

# Reference: https://twitter.com/drb_ra/status/1509211960868540419

85.202.169.147:443

# Reference: https://twitter.com/drb_ra/status/1509211988790030339

150.109.103.16:10086

# Reference: https://twitter.com/drb_ra/status/1509212022507986948

156.251.17.237:8443

# Reference: https://twitter.com/drb_ra/status/1509212060193898500

143.198.242.225:443

# Reference: https://twitter.com/drb_ra/status/1509212098898935819

198.74.104.185:2087
ca.securitydefender.ga

# Reference: https://twitter.com/drb_ra/status/1509212151113818126

184.95.51.14:4443

# Reference: https://twitter.com/drb_ra/status/1509212183955226628

204.44.109.84:8443

# Reference: https://twitter.com/drb_ra/status/1509212212027699203

103.146.179.88:4444

# Reference: https://twitter.com/drb_ra/status/1509212248161632257

207.148.124.83:8443
static.trendmicrocdn.com

# Reference: https://twitter.com/drb_ra/status/1509212292856098818

secureworldgroup.org

# Reference: https://twitter.com/drb_ra/status/1509212354868826122

http://179.60.150.79

# Reference: https://twitter.com/drb_ra/status/1509212393313865731

84.32.188.57:444

# Reference: https://twitter.com/drb_ra/status/1509212450507395082

155.138.233.25:443

# Reference: https://twitter.com/drb_ra/status/1509212491045384198

184.95.51.14:81

# Reference: https://twitter.com/drb_ra/status/1509212522494271500

170.178.208.113:999

# Reference: https://twitter.com/drb_ra/status/1509212568262516741

97.64.33.67:4444

# Reference: https://twitter.com/drb_ra/status/1509259955228061698

45.137.118.112:445

# Reference: https://twitter.com/drb_ra/status/1509302429283758085

45.145.6.5:8002

# Reference: https://twitter.com/drb_ra/status/1509302452629258243

34.66.87.244:2222

# Reference: https://twitter.com/drb_ra/status/1509302533679894537

81.71.68.50:6022

# Reference: https://twitter.com/drb_ra/status/1509302558472515591

35.224.17.93:443

# Reference: https://twitter.com/drb_ra/status/1509302611555786753

23.227.193.154:443

# Reference: https://twitter.com/drb_ra/status/1509302654136209418

8.134.12.44:5555

# Reference: https://twitter.com/drb_ra/status/1509302680371482626

azure920.store

# Reference: https://twitter.com/drb_ra/status/1509302709803003909

101.35.121.227:443

# Reference: https://twitter.com/drb_ra/status/1509302743470690304

http://18.168.182.94

# Reference: https://twitter.com/drb_ra/status/1509302897334525954

5.188.33.160:7775
pinyin.life

# Reference: https://twitter.com/drb_ra/status/1509440911469654018

3.86.76.213:8443

# Reference: https://www.virustotal.com/gui/file/15e13cdcdc922508bba7bbfa72bb5c76e452f09a2b6e020445097935852c55d4/detection
# Reference: https://www.virustotal.com/gui/file/f7c83a6fea32f36b5d0270b665cc31439e6f59b4b712847641c29e6820eae0a2/detection

47.106.220.187:20200

# Reference: https://twitter.com/malwrhunterteam/status/1509530108310142994
# Reference: https://www.virustotal.com/gui/file/99c7471abae117bed8a59138d634773302e132973abcfc8545c823d47be7869e/detection

d3kywcwj6soxab.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1509483124819992580

101.43.136.248:8888

# Reference: https://twitter.com/drb_ra/status/1509483170818936838

210.215.129.105:443

# Reference: https://twitter.com/drb_ra/status/1509483246115082240

http://45.9.150.24

# Reference: https://twitter.com/drb_ra/status/1509483299231748101

http://175.178.217.18

# Reference: https://twitter.com/drb_ra/status/1509483366588063764

service-gcnqmcp3-1307217324.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1509483454697721865

service-mxnu1lkw-1257643601.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1509483492266160132

http://101.43.208.122

# Reference: https://twitter.com/drb_ra/status/1509542073149673480

8.142.71.238:8443
fshccloud.live

# Reference: https://twitter.com/drb_ra/status/1509542141181280266

axelkim.com

# Reference: https://twitter.com/drb_ra/status/1509542334635155459

blopik.com

# Reference: https://twitter.com/drb_ra/status/1509574173844250625

greentrenz.co.uk

# Reference: https://twitter.com/drb_ra/status/1509574195776266241

8.142.92.66:18080

# Reference: https://twitter.com/drb_ra/status/1509574252885946371

http://31.12.34.23
http://46.101.93.216

# Reference: https://twitter.com/drb_ra/status/1509574290072551438

agreminj.com

# Reference: https://twitter.com/drb_ra/status/1509574318115667968

121.5.21.76:443

# Reference: https://twitter.com/drb_ra/status/1509574349648449548

xinchen.space
yuankong.xinchen.space

# Reference: https://twitter.com/drb_ra/status/1509622382541033478

35.77.220.247:8080
0ffcie-microsoft.com
help.0ffcie-microsoft.com

# Reference: https://www.virustotal.com/gui/file/e799b81c83620b694008c17920b0164a01ffa098692b4c39ce863b184d1b6a6d/detection

http://121.41.5.88

# Reference: https://www.virustotal.com/gui/file/2def21fa83bfe5712008ec1dcfc7e25663c8b97e18353f814726b9dd4d0ffc36/detection

121.41.5.88:8888

# Reference: https://www.virustotal.com/gui/file/471481a1c3d17c5586f337c77234ddd793697dff895236b96d711405c845620f/detection

http://194.233.67.89

# Reference: https://www.virustotal.com/gui/file/5aeff34a39e37d206fdc62da1e59353abfa0ca91040af7e2e8dc86605e9129ca/detection

194.233.67.89:8882

# Reference: https://www.virustotal.com/gui/file/eab20bfac950c4ed5dca8fd32a41eb4fa4a8dd4c2a2276b1f6cca02b0d1732c7/detection

3.141.142.211:10164

# Reference: https://www.virustotal.com/gui/file/39b295e1520a93ff97dd67051a29a6f83ba04d4f3d7497f66612f287ee015d8a/detection

104.238.221.246:7073

# Reference: https://twitter.com/malwrhunterteam/status/1509836940727705602
# Reference: https://www.virustotal.com/gui/file/526b426f3f1e3511c244df90bd84152f600f35092dd21a4406a30070ff534d0d/detection

utcsystime.com
ns2.utcsystime.com
ns3.utcsystime.com
inc-arp.ns2.utcsystime.com
inc-arp.ns3.utcsystime.com
aaa.inc-arp.ns3.utcsystime.com
aba.inc-arp.ns3.utcsystime.com
aca.inc-arp.ns3.utcsystime.com
ada.inc-arp.ns3.utcsystime.com
aea.inc-arp.ns3.utcsystime.com
afa.inc-arp.ns3.utcsystime.com
aga.inc-arp.ns3.utcsystime.com
aha.inc-arp.ns3.utcsystime.com
aia.inc-arp.ns3.utcsystime.com
aja.inc-arp.ns3.utcsystime.com
aka.inc-arp.ns3.utcsystime.com
ala.inc-arp.ns3.utcsystime.com
baa.inc-arp.ns3.utcsystime.com
bba.inc-arp.ns3.utcsystime.com
bca.inc-arp.ns3.utcsystime.com
bda.inc-arp.ns3.utcsystime.com
bea.inc-arp.ns3.utcsystime.com
bfa.inc-arp.ns3.utcsystime.com
bga.inc-arp.ns3.utcsystime.com
bha.inc-arp.ns3.utcsystime.com
bia.inc-arp.ns3.utcsystime.com
bja.inc-arp.ns3.utcsystime.com
bka.inc-arp.ns3.utcsystime.com
bla.inc-arp.ns3.utcsystime.com
caa.inc-arp.ns3.utcsystime.com
cba.inc-arp.ns3.utcsystime.com
cca.inc-arp.ns3.utcsystime.com
cda.inc-arp.ns3.utcsystime.com
cea.inc-arp.ns3.utcsystime.com
cfa.inc-arp.ns3.utcsystime.com
cga.inc-arp.ns3.utcsystime.com
cha.inc-arp.ns3.utcsystime.com
cia.inc-arp.ns3.utcsystime.com
cja.inc-arp.ns3.utcsystime.com
cka.inc-arp.ns3.utcsystime.com
cla.inc-arp.ns3.utcsystime.com
daa.inc-arp.ns3.utcsystime.com
dba.inc-arp.ns3.utcsystime.com
dca.inc-arp.ns3.utcsystime.com
dda.inc-arp.ns3.utcsystime.com
dea.inc-arp.ns3.utcsystime.com
dfa.inc-arp.ns3.utcsystime.com
dga.inc-arp.ns3.utcsystime.com
dha.inc-arp.ns3.utcsystime.com
dia.inc-arp.ns3.utcsystime.com
dja.inc-arp.ns3.utcsystime.com
dka.inc-arp.ns3.utcsystime.com
dla.inc-arp.ns3.utcsystime.com
eaa.inc-arp.ns3.utcsystime.com
eba.inc-arp.ns3.utcsystime.com
eca.inc-arp.ns3.utcsystime.com
eda.inc-arp.ns3.utcsystime.com
eea.inc-arp.ns3.utcsystime.com
efa.inc-arp.ns3.utcsystime.com
ega.inc-arp.ns3.utcsystime.com
eha.inc-arp.ns3.utcsystime.com
eia.inc-arp.ns3.utcsystime.com
eja.inc-arp.ns3.utcsystime.com
eka.inc-arp.ns3.utcsystime.com
ela.inc-arp.ns3.utcsystime.com
faa.inc-arp.ns3.utcsystime.com
fba.inc-arp.ns3.utcsystime.com
fca.inc-arp.ns3.utcsystime.com
fda.inc-arp.ns3.utcsystime.com
fea.inc-arp.ns3.utcsystime.com
ffa.inc-arp.ns3.utcsystime.com
fga.inc-arp.ns3.utcsystime.com
fha.inc-arp.ns3.utcsystime.com
fia.inc-arp.ns3.utcsystime.com
fja.inc-arp.ns3.utcsystime.com
fka.inc-arp.ns3.utcsystime.com
fla.inc-arp.ns3.utcsystime.com
gaa.inc-arp.ns3.utcsystime.com
gba.inc-arp.ns3.utcsystime.com
gca.inc-arp.ns3.utcsystime.com
gda.inc-arp.ns3.utcsystime.com
gea.inc-arp.ns3.utcsystime.com
gfa.inc-arp.ns3.utcsystime.com
gga.inc-arp.ns3.utcsystime.com
gha.inc-arp.ns3.utcsystime.com
gia.inc-arp.ns3.utcsystime.com
gja.inc-arp.ns3.utcsystime.com
gka.inc-arp.ns3.utcsystime.com
gla.inc-arp.ns3.utcsystime.com
haa.inc-arp.ns3.utcsystime.com
hba.inc-arp.ns3.utcsystime.com
hca.inc-arp.ns3.utcsystime.com
hda.inc-arp.ns3.utcsystime.com
hea.inc-arp.ns3.utcsystime.com
hfa.inc-arp.ns3.utcsystime.com
hga.inc-arp.ns3.utcsystime.com
hha.inc-arp.ns3.utcsystime.com
hia.inc-arp.ns3.utcsystime.com
hja.inc-arp.ns3.utcsystime.com
hka.inc-arp.ns3.utcsystime.com
hla.inc-arp.ns3.utcsystime.com
iaa.inc-arp.ns3.utcsystime.com
iba.inc-arp.ns3.utcsystime.com
ica.inc-arp.ns3.utcsystime.com
ida.inc-arp.ns3.utcsystime.com
iea.inc-arp.ns3.utcsystime.com
ifa.inc-arp.ns3.utcsystime.com
iga.inc-arp.ns3.utcsystime.com
iha.inc-arp.ns3.utcsystime.com
iia.inc-arp.ns3.utcsystime.com
ija.inc-arp.ns3.utcsystime.com
ika.inc-arp.ns3.utcsystime.com
ila.inc-arp.ns3.utcsystime.com
jaa.inc-arp.ns3.utcsystime.com
jba.inc-arp.ns3.utcsystime.com
jca.inc-arp.ns3.utcsystime.com
jda.inc-arp.ns3.utcsystime.com
jea.inc-arp.ns3.utcsystime.com
jfa.inc-arp.ns3.utcsystime.com
jga.inc-arp.ns3.utcsystime.com
jha.inc-arp.ns3.utcsystime.com
jia.inc-arp.ns3.utcsystime.com
jja.inc-arp.ns3.utcsystime.com
jka.inc-arp.ns3.utcsystime.com
jla.inc-arp.ns3.utcsystime.com
kaa.inc-arp.ns3.utcsystime.com
kba.inc-arp.ns3.utcsystime.com
kca.inc-arp.ns3.utcsystime.com
kda.inc-arp.ns3.utcsystime.com
kea.inc-arp.ns3.utcsystime.com
kfa.inc-arp.ns3.utcsystime.com
kga.inc-arp.ns3.utcsystime.com
kha.inc-arp.ns3.utcsystime.com
kia.inc-arp.ns3.utcsystime.com
kja.inc-arp.ns3.utcsystime.com
kka.inc-arp.ns3.utcsystime.com
kla.inc-arp.ns3.utcsystime.com
laa.inc-arp.ns3.utcsystime.com
lba.inc-arp.ns3.utcsystime.com
lca.inc-arp.ns3.utcsystime.com
lda.inc-arp.ns3.utcsystime.com
lea.inc-arp.ns3.utcsystime.com
lfa.inc-arp.ns3.utcsystime.com
lga.inc-arp.ns3.utcsystime.com
lha.inc-arp.ns3.utcsystime.com
lia.inc-arp.ns3.utcsystime.com
lja.inc-arp.ns3.utcsystime.com
lka.inc-arp.ns3.utcsystime.com
lla.inc-arp.ns3.utcsystime.com
maa.inc-arp.ns3.utcsystime.com
mba.inc-arp.ns3.utcsystime.com
mca.inc-arp.ns3.utcsystime.com
mda.inc-arp.ns3.utcsystime.com
mea.inc-arp.ns3.utcsystime.com
mfa.inc-arp.ns3.utcsystime.com
mga.inc-arp.ns3.utcsystime.com
mha.inc-arp.ns3.utcsystime.com
mia.inc-arp.ns3.utcsystime.com
mja.inc-arp.ns3.utcsystime.com
mka.inc-arp.ns3.utcsystime.com
mla.inc-arp.ns3.utcsystime.com
naa.inc-arp.ns3.utcsystime.com
nba.inc-arp.ns3.utcsystime.com
nca.inc-arp.ns3.utcsystime.com
nda.inc-arp.ns3.utcsystime.com
nea.inc-arp.ns3.utcsystime.com
nfa.inc-arp.ns3.utcsystime.com
nga.inc-arp.ns3.utcsystime.com
nha.inc-arp.ns3.utcsystime.com
nia.inc-arp.ns3.utcsystime.com
nja.inc-arp.ns3.utcsystime.com
nka.inc-arp.ns3.utcsystime.com
nla.inc-arp.ns3.utcsystime.com
oaa.inc-arp.ns3.utcsystime.com
oba.inc-arp.ns3.utcsystime.com
oca.inc-arp.ns3.utcsystime.com
oda.inc-arp.ns3.utcsystime.com
oea.inc-arp.ns3.utcsystime.com
ofa.inc-arp.ns3.utcsystime.com
oga.inc-arp.ns3.utcsystime.com
oha.inc-arp.ns3.utcsystime.com
oia.inc-arp.ns3.utcsystime.com
oja.inc-arp.ns3.utcsystime.com
oka.inc-arp.ns3.utcsystime.com
paa.inc-arp.ns3.utcsystime.com
pba.inc-arp.ns3.utcsystime.com
pca.inc-arp.ns3.utcsystime.com
pda.inc-arp.ns3.utcsystime.com
pea.inc-arp.ns3.utcsystime.com
pfa.inc-arp.ns3.utcsystime.com
pga.inc-arp.ns3.utcsystime.com
pha.inc-arp.ns3.utcsystime.com
pia.inc-arp.ns3.utcsystime.com
pja.inc-arp.ns3.utcsystime.com
pka.inc-arp.ns3.utcsystime.com
qaa.inc-arp.ns3.utcsystime.com
qba.inc-arp.ns3.utcsystime.com
qca.inc-arp.ns3.utcsystime.com
qda.inc-arp.ns3.utcsystime.com
qea.inc-arp.ns3.utcsystime.com
qfa.inc-arp.ns3.utcsystime.com
qga.inc-arp.ns3.utcsystime.com
qha.inc-arp.ns3.utcsystime.com
qia.inc-arp.ns3.utcsystime.com
qja.inc-arp.ns3.utcsystime.com
qka.inc-arp.ns3.utcsystime.com
raa.inc-arp.ns3.utcsystime.com
rba.inc-arp.ns3.utcsystime.com
rca.inc-arp.ns3.utcsystime.com
rda.inc-arp.ns3.utcsystime.com
rea.inc-arp.ns3.utcsystime.com
rfa.inc-arp.ns3.utcsystime.com
rga.inc-arp.ns3.utcsystime.com
rha.inc-arp.ns3.utcsystime.com
ria.inc-arp.ns3.utcsystime.com
rja.inc-arp.ns3.utcsystime.com
rka.inc-arp.ns3.utcsystime.com
saa.inc-arp.ns3.utcsystime.com
sba.inc-arp.ns3.utcsystime.com
sca.inc-arp.ns3.utcsystime.com
sda.inc-arp.ns3.utcsystime.com
sea.inc-arp.ns3.utcsystime.com
sfa.inc-arp.ns3.utcsystime.com
sga.inc-arp.ns3.utcsystime.com
sha.inc-arp.ns3.utcsystime.com
sia.inc-arp.ns3.utcsystime.com
sja.inc-arp.ns3.utcsystime.com
ska.inc-arp.ns3.utcsystime.com
taa.inc-arp.ns3.utcsystime.com
tba.inc-arp.ns3.utcsystime.com
tca.inc-arp.ns3.utcsystime.com
tda.inc-arp.ns3.utcsystime.com
tea.inc-arp.ns3.utcsystime.com
tfa.inc-arp.ns3.utcsystime.com
tga.inc-arp.ns3.utcsystime.com
tha.inc-arp.ns3.utcsystime.com
tia.inc-arp.ns3.utcsystime.com
tja.inc-arp.ns3.utcsystime.com
tka.inc-arp.ns3.utcsystime.com
uaa.inc-arp.ns3.utcsystime.com
uba.inc-arp.ns3.utcsystime.com
uca.inc-arp.ns3.utcsystime.com
uda.inc-arp.ns3.utcsystime.com
uea.inc-arp.ns3.utcsystime.com
ufa.inc-arp.ns3.utcsystime.com
uga.inc-arp.ns3.utcsystime.com
uha.inc-arp.ns3.utcsystime.com
uia.inc-arp.ns3.utcsystime.com
uja.inc-arp.ns3.utcsystime.com
uka.inc-arp.ns3.utcsystime.com
vaa.inc-arp.ns3.utcsystime.com
vba.inc-arp.ns3.utcsystime.com
vca.inc-arp.ns3.utcsystime.com
vda.inc-arp.ns3.utcsystime.com
vea.inc-arp.ns3.utcsystime.com
vfa.inc-arp.ns3.utcsystime.com
vga.inc-arp.ns3.utcsystime.com
vha.inc-arp.ns3.utcsystime.com
via.inc-arp.ns3.utcsystime.com
vja.inc-arp.ns3.utcsystime.com
vka.inc-arp.ns3.utcsystime.com
waa.inc-arp.ns3.utcsystime.com
wba.inc-arp.ns3.utcsystime.com
wca.inc-arp.ns3.utcsystime.com
wda.inc-arp.ns3.utcsystime.com
wea.inc-arp.ns3.utcsystime.com
wfa.inc-arp.ns3.utcsystime.com
wga.inc-arp.ns3.utcsystime.com
wha.inc-arp.ns3.utcsystime.com
wia.inc-arp.ns3.utcsystime.com
wja.inc-arp.ns3.utcsystime.com
wka.inc-arp.ns3.utcsystime.com
xaa.inc-arp.ns3.utcsystime.com
xba.inc-arp.ns3.utcsystime.com
xca.inc-arp.ns3.utcsystime.com
xda.inc-arp.ns3.utcsystime.com
xea.inc-arp.ns3.utcsystime.com
xfa.inc-arp.ns3.utcsystime.com
xga.inc-arp.ns3.utcsystime.com
xha.inc-arp.ns3.utcsystime.com
xia.inc-arp.ns3.utcsystime.com
xja.inc-arp.ns3.utcsystime.com
xka.inc-arp.ns3.utcsystime.com
yaa.inc-arp.ns3.utcsystime.com
yba.inc-arp.ns3.utcsystime.com
yca.inc-arp.ns3.utcsystime.com
yda.inc-arp.ns3.utcsystime.com
yea.inc-arp.ns3.utcsystime.com
yfa.inc-arp.ns3.utcsystime.com
yga.inc-arp.ns3.utcsystime.com
yha.inc-arp.ns3.utcsystime.com
yia.inc-arp.ns3.utcsystime.com
yja.inc-arp.ns3.utcsystime.com
yka.inc-arp.ns3.utcsystime.com
zaa.inc-arp.ns3.utcsystime.com
zba.inc-arp.ns3.utcsystime.com
zca.inc-arp.ns3.utcsystime.com
zda.inc-arp.ns3.utcsystime.com
zea.inc-arp.ns3.utcsystime.com
zfa.inc-arp.ns3.utcsystime.com
zga.inc-arp.ns3.utcsystime.com
zha.inc-arp.ns3.utcsystime.com
zia.inc-arp.ns3.utcsystime.com
zja.inc-arp.ns3.utcsystime.com
zka.inc-arp.ns3.utcsystime.com

# Reference: https://twitter.com/malwrhunterteam/status/1509838422785015814
# Reference: https://www.virustotal.com/gui/file/16870103c8edd378affc3fc76db6bc09e710c41f40a972fdd8e68cd42dc8793e/detection

vipbaidu.tk
vip.vipbaidu.tk

# Reference: https://twitter.com/drb_ra/status/1509807074162749444

96.45.169.54:2053
fwfw.xyz
fw.fwfw.xyz

# Reference: https://twitter.com/drb_ra/status/1509835888196521984

146.70.24.166:443

# Reference: https://twitter.com/drb_ra/status/1509835933780172808

azimurs.com

# Reference: https://twitter.com/drb_ra/status/1509835964365086722

http://103.233.9.116

# Reference: https://twitter.com/drb_ra/status/1509836052579631108

http://103.234.72.97

# Reference: https://twitter.com/drb_ra/status/1509836123757064196

14.1.98.226:8461

# Reference: https://twitter.com/drb_ra/status/1509836130409197577

81.68.64.69:443

# Reference: https://twitter.com/KorbenD_Intel/status/1509956154637627393

postofficeltdc.com

# Reference: https://www.virustotal.com/gui/file/1ba428d5058d8282b537d02f6b3cdc8f04c805c583149d32648c6febc3a7998a/detection

1.117.246.51:4445

# Reference: https://www.virustotal.com/gui/file/8befeecae1c7bd6426c5aec336f5baf6d75cf7ba4ec743b7d9ae7480007b6ecc/detection

http://42.192.149.244
42.192.149.244:9123

# Reference: https://www.virustotal.com/gui/file/1ce5172b802a9df0cef0368a11db424dff3ffd7cab8da72424a4adaef0390c38/detection

152.136.123.64:52052

# Reference: https://www.virustotal.com/gui/file/ba721330a77d5f107b10e6229b21082d69e72c54592664c3ccaea26fcd5cd225/detection
# Reference: https://www.virustotal.com/gui/file/1f948d97a0c88f6d799c6321fa5fdc1cb2ba6f5a25c889e2d1bfa872eb6780f8/detection

45.32.125.23:1212

# Reference: https://twitter.com/kyleehmke/status/1509876530062704640

anydesk.systems

# Reference: https://twitter.com/drb_ra/status/1509904628930035722

obsward.com

# Reference: https://twitter.com/drb_ra/status/1509933942212022273

1.13.253.143:443

# Reference: https://twitter.com/drb_ra/status/1509933988412117009

114.132.204.191:8000

# Reference: https://twitter.com/drb_ra/status/1509934060130521090

42.192.205.48:8012

# Reference: https://twitter.com/drb_ra/status/1509934172302942215

52.49.100.236:443

# Reference: https://twitter.com/drb_ra/status/1509934214430531610

81.70.119.196:9999

# Reference: https://twitter.com/drb_ra/status/1509984478155915277

31.220.43.131:8035

# Reference: https://twitter.com/drb_ra/status/1509984481935073290

20.230.206.191:443

# Reference: https://twitter.com/drb_ra/status/1509984484787171329

81.91.179.143:443

# Reference: https://twitter.com/drb_ra/status/1509984489686110215

197.96.206.45:4444

# Reference: https://twitter.com/drb_ra/status/1509995082996453386

akaluij.com

# Reference: https://twitter.com/drb_ra/status/1509995158733000713

adiptionok.com

# Reference: https://www.virustotal.com/gui/file/47b12169eb9933b8481327a9775d1efd4fa077881f023892938056ff06e4f2b4/detection

networkslaoupdate.com
news.networkslaoupdate.com

# Reference: https://www.virustotal.com/gui/file/f3c6477c4ff239006e824a70b4598dec4472cbe2fa604c8a0bcf8ac6daa41c21/detection
# Reference: https://www.virustotal.com/gui/file/12300eb2680f7cd9d16de5ce06f0fe8b02e6d3d3e1e15bab8d34d3872ae525a7/detection

cdn.weekendorg.com

# Reference: https://twitter.com/drb_ra/status/1510026856979914764

http://92.118.63.216

# Reference: https://twitter.com/drb_ra/status/1510026907869458438

185.62.58.40:8443

# Reference: https://twitter.com/drb_ra/status/1510026943504297985

101.43.163.144:8877

# Reference: https://twitter.com/drb_ra/status/1510026979256545280

http://101.43.36.4

# Reference: https://twitter.com/drb_ra/status/1510027022248169482

27.124.47.21:18443

# Reference: https://twitter.com/drb_ra/status/1510027046180818953

jgom.nl

# Reference: https://twitter.com/drb_ra/status/1510027080620298244

20.37.251.43:89

# Reference: https://twitter.com/drb_ra/status/1510027107069579267

23.234.252.34:9000

# Reference: https://twitter.com/drb_ra/status/1510027130679304195

213.135.78.244:443

# Reference: https://twitter.com/drb_ra/status/1510027161398300672

http://103.145.72.219

# Reference: https://twitter.com/drb_ra/status/1510027200543735815

http://42.193.254.209

# Reference: https://twitter.com/drb_ra/status/1510027212904402946

45.15.19.114:443

# Reference: https://twitter.com/drb_ra/status/1510027238867091462

69.172.75.16:5443

# Reference: https://twitter.com/drb_ra/status/1510027269380751370

107.189.30.131:442

# Reference: https://twitter.com/drb_ra/status/1510027300544393229

164.92.164.68:443

# Reference: https://twitter.com/drb_ra/status/1510027331011846144

139.198.160.219:8888

# Reference: https://twitter.com/drb_ra/status/1510027366424317957

104.168.9.193:5556

# Reference: https://twitter.com/drb_ra/status/1510027402780499969

47.250.44.81:7788

# Reference: https://twitter.com/drb_ra/status/1510027478626148356
# Reference: https://twitter.com/drb_ra/status/1510027480727531520
# Reference: https://twitter.com/drb_ra/status/1510027479683145730

d1oilcw9ocw745.cloudfront.net
d2ufpetskdq8dy.cloudfront.net
d8hi10lo12zhz.cloudfront.net
dqlncmscei3ef.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1510027577557192711

42.192.151.207:8046

# Reference: https://twitter.com/drb_ra/status/1510027617700823042

http://35.220.238.181

# Reference: https://twitter.com/drb_ra/status/1510027643583967237

103.146.179.109:4444

# Reference: https://twitter.com/drb_ra/status/1510027662781296642

51.210.243.38:6666

# Reference: https://twitter.com/drb_ra/status/1510027684868460546

144.202.4.19:443
207.246.112.192:443

# Reference: https://twitter.com/drb_ra/status/1510027713670701064

5.188.230.52:2083
fuutid.tk
c.fuutid.tk

# Reference: https://twitter.com/drb_ra/status/1510027773548634112

179.43.175.178:4443

# Reference: https://twitter.com/drb_ra/status/1510027803537948674

34.85.102.18:9999

# Reference: https://twitter.com/drb_ra/status/1510027838107394048

45.77.240.187:9999

# Reference: https://twitter.com/drb_ra/status/1510027864523038724

39.105.187.219:443

# Reference: https://twitter.com/drb_ra/status/1510027895032455170

146.0.72.85:5053

# Reference: https://twitter.com/drb_ra/status/1510027932307099650

1.15.232.154:8888

# Reference: https://twitter.com/drb_ra/status/1510027968042745863

http://1.15.34.171

# Reference: https://twitter.com/drb_ra/status/1510028010094743557

http://172.99.190.241

# Reference: https://twitter.com/drb_ra/status/1510028062297149443

194.87.216.183:443

# Reference: https://twitter.com/drb_ra/status/1510028111584407557

137.175.19.159:809

# Reference: https://twitter.com/drb_ra/status/1510028150180556804

http://178.128.254.6

# Reference: https://twitter.com/drb_ra/status/1510028180484247552

51.210.243.38:12345

# Reference: https://twitter.com/drb_ra/status/1510028203183726596

164.92.216.22:8080

# Reference: https://twitter.com/drb_ra/status/1510176309682614272

service-p4drfmi7-1256639881.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1510176400682139649

http://101.43.29.159

# Reference: https://twitter.com/drb_ra/status/1510208091450662917

47.98.221.192:82

# Reference: https://twitter.com/drb_ra/status/1510208152649752585

updatefordays.com

# Reference: https://twitter.com/drb_ra/status/1510208219276320769

http://64.44.141.32

# Reference: https://twitter.com/drb_ra/status/1510208263928881153

http://106.12.145.221

# Reference: https://twitter.com/drb_ra/status/1510208298531889152

64.112.41.9:2095
xczx.tk
xxx.xczx.tk

# Reference: https://twitter.com/drb_ra/status/1510208310464688135

http://1.14.93.219

# Reference: https://twitter.com/drb_ra/status/1510208336154791936

124.222.224.83:8081

# Reference: https://twitter.com/drb_ra/status/1510208389762236417

qieaa.world

# Reference: https://twitter.com/drb_ra/status/1510208445047312388

1.13.255.74:1234

# Reference: https://twitter.com/drb_ra/status/1510208474646515714

185.236.76.5:8888
89.44.9.194:8888

# Reference: https://www.virustotal.com/gui/file/b9200d3854974b3a4ee02fdd4007043deb4a5f1aee35d2f5a70fbfac5d27c5d8/detection

classgum.com

# Reference: https://twitter.com/ian_kenefick/status/1510207020229611520

darwingolang.com

# Reference: https://unit42.paloaltonetworks.com/bazarloader-network-reconnaissance/
# Reference: https://www.virustotal.com/gui/file/8662d511c7f1bef3a6e4f6d72965760345b57ddf0de5d3e6eae4e610216a39c1/detection
# Reference: https://www.virustotal.com/gui/file/3bddb2e1a85a9e06b9f9021ad301fdcde33e197225ae1676b8c6d0b416193ecf/detection

pawevi.com

# Reference: https://twitter.com/drb_ra/status/1510266861509873671

103.233.9.116:443

# Reference: https://twitter.com/drb_ra/status/1510266921526177793

103.233.9.123:443

# Reference: https://twitter.com/drb_ra/status/1510298963399819272

47.98.176.233:10010

# Reference: https://twitter.com/drb_ra/status/1510299035583799310

114.115.184.198:8081

# Reference: https://twitter.com/drb_ra/status/1510299102659108873

1.15.1.116:4433

# Reference: https://twitter.com/drb_ra/status/1510299131641831432

47.109.24.148:1234

# Reference: https://twitter.com/drb_ra/status/1510299163610828811

121.4.106.108:7777

# Reference: https://twitter.com/drb_ra/status/1510299231315275780

42.192.3.9:8020

# Reference: https://twitter.com/drb_ra/status/1510299270985007116

http://1.117.232.204

# Reference: https://twitter.com/drb_ra/status/1510299326270091268

http://42.192.132.48

# Reference: https://twitter.com/drb_ra/status/1510299355533778950

36e5cb82.yk1.net

# Reference: https://www.virustotal.com/gui/file/cfce01c3007cb843a14e69fe35353571db4fc835af191f554e569d700f251180/detection
# Reference: https://www.virustotal.com/gui/file/6a604e638a3c8680cd4a415bf1644a0f744987309ef42e5b54c7c39eeddbc9e1/detection

106.52.201.45:888

# Reference: https://www.virustotal.com/gui/file/d277d307cb87bd419bbb4a5dfb241dacd96e6ac02f6a7eac87e64ea2a94ec204/detection
# Reference: https://www.virustotal.com/gui/file/b3cd02f4aac56026b0403ef31dc17d2b536aa89cc9af03d6898c5f78d3725cf7/detection

http://82.157.163.219

# Reference: https://twitter.com/malwrhunterteam/status/1510342596685701127
# Reference: https://www.virustotal.com/gui/file/d3faf6ee3af2a9343547b5a505ade587c00c9fcfba59f7a205c882962bdd8d6c/detection

112.74.47.218:26281
47.108.223.114:26282
47.108.81.184:26283
28naicha.com
bilibili.28naicha.com
nmsl.28naicha.com

# Reference: https://twitter.com/drb_ra/status/1510389382896930821

81.68.64.69:8333

# Reference: https://twitter.com/drb_ra/status/1510389408272429056

150.158.181.147:443

# Reference: https://twitter.com/drb_ra/status/1510389528607043589

152.136.222.213:9999

# Reference: https://twitter.com/drb_ra/status/1510569633367179266
# Reference: https://twitter.com/drb_ra/status/1510569766699909121

64.112.41.69:2052
64.112.41.69:2096

# Reference: https://twitter.com/drb_ra/status/1510569673078808580

http://101.43.198.94

# Reference: https://twitter.com/drb_ra/status/1510569733501952000

1.117.86.121:4433

# Reference: https://twitter.com/drb_ra/status/1510569793820237827

http://42.192.131.87

# Reference: https://twitter.com/malwrhunterteam/status/1510368465940623361
# Reference: https://www.virustotal.com/gui/file/5ff47ff67ea10af9c90578aeee7778ebbedad706308a9cb1b5673049f4b01c2a/detection

extrareliability.com
extrareliability.shop
dns.extrareliability.com
dns2.extrareliability.com
dns3.extrareliability.com
1348ef2.dns.extrareliability.com
1348ef2.dns2.extrareliability.com
1348ef2.dns3.extrareliability.com
156a1ebe.dns.extrareliability.com
44450fb2.dns.extrareliability.com
44450fb2.dns2.extrareliability.com
44450fb2.dns3.extrareliability.com
5e50c6b6.dns.extrareliability.com

# Reference: https://twitter.com/malwrhunterteam/status/1510359832288714754
# Reference: https://www.virustotal.com/gui/file/2338ed56d040b5556908318d0921ff870036d112ab3c8020af58bb49de2172ca/detection
# Reference: https://www.virustotal.com/gui/file/d54bd7c9690a7156a7c5dc3bb204121b4e3420854cd23f5d6b2f6d998be1dc91/detection

47.92.85.49:10080
47.92.85.49:30443
47.92.85.49:30080

# Reference: https://www.virustotal.com/gui/file/c6ebbe82a11e7a889fa033aa2b40a9cc9e0770801637b5b5755e26e67819832b/detection

http://192.161.164.168
192.161.164.168:443

# Reference: https://www.virustotal.com/gui/file/f3bcaf8a4e88b57c694f5f8af0ef3c22a3d0affbcf64788c8b46d6d8b12f6e6c/detection
# Reference: https://www.virustotal.com/gui/file/ebb43ac0bec23421d4faaeb35902921f7684ffaf50f47d74f7383b31d425e752/detection
# Reference: https://www.virustotal.com/gui/file/95d57669e834c3e9555e3b521667299dbb09b42bb980b42c2c6d4b4cf66d0c36/detection
# Reference: https://www.virustotal.com/gui/file/82e0bd16aea9938a4c8343bae25ff5e1aa6f553d9ba5113eee7e568609e7cc0d/detection
# Reference: https://www.virustotal.com/gui/file/4911d909d5171a8183296177c0d1982e129b471b87d4d0148e88b4884de9b6ab/detection

124.221.236.158:58742

# Reference: https://www.virustotal.com/gui/file/49226a2fbce77311594fad9e7330ff0986b9492763d8df7c40e84ad5f2daceb7/detection

175.178.151.29:8888

# Reference: https://twitter.com/drb_ra/status/1510629320070422535

http://101.34.162.92
101.34.162.92:443

# Reference: https://twitter.com/ian_kenefick/status/1510603683314155531

http://23.227.190.216
23.227.190.216:8080
edgestat.net

# Reference: https://twitter.com/drb_ra/status/1510661555393908747

http://82.157.109.82

# Reference: https://twitter.com/drb_ra/status/1510661689385050120

182.42.50.166:50080

# Reference: https://twitter.com/drb_ra/status/1510661715775606785

82.157.156.106:7777

# Reference: https://twitter.com/1ZRR4H/status/1510668926107238400

http://45.147.179.211
lapsusareskids.world

# Reference: https://twitter.com/drb_ra/status/1510752943959683082

121.4.71.53:6666

# Reference: https://twitter.com/drb_ra/status/1510753019255832577

service-8c4jih7b-1257045495.ca.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1510900970661855232

146.70.87.25:443

# Reference: https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/
# Reference: https://otx.alienvault.com/pulse/624af93af4f74a77c27d2024

http://103.208.86.7
http://179.43.176.80
http://179.43.176.93
http://216.73.159.33
http://5.181.80.214
103.208.86.7:443
172.241.29.192:443
23.81.246.30:443
5.181.80.113:443

# Reference: https://twitter.com/drb_ra/status/1510933772283359236

http://101.43.158.40

# Reference: https://twitter.com/drb_ra/status/1510933828910653443

47.93.216.2:443

# Reference: https://twitter.com/drb_ra/status/1510933913287413763

http://124.222.244.249

# Reference: https://twitter.com/drb_ra/status/1510934031550099463

1.13.189.237:8087

# Reference: https://twitter.com/drb_ra/status/1510934081525194758

http://121.4.34.137

# Reference: https://twitter.com/drb_ra/status/1510991625572564994

81.71.68.50:8066

# Reference: https://twitter.com/drb_ra/status/1510991717880717317

1.117.149.93:50007

# Reference: https://twitter.com/drb_ra/status/1510991797375451148

http://117.50.177.247

# Reference: https://twitter.com/drb_ra/status/1510991890472124429

http://150.158.181.147

# Reference: https://twitter.com/drb_ra/status/1511024317357826061

47.100.244.166:6666

# Reference: https://twitter.com/drb_ra/status/1511024522425733131

104.219.215.243:888

# Reference: https://twitter.com/malwrhunterteam/status/1511077641092272139
# Reference: https://www.virustotal.com/gui/file/e5bc98cb2cebaccd8ed776c1a15ada6132dd28e4c377cbcafb76b927cbff69b6/detection

59.110.243.48:1234
59.110.243.48:8080

# Reference: https://twitter.com/drb_ra/status/1511082332190609410

103.234.72.47:443
149.127.176.42:443

# Reference: https://twitter.com/drb_ra/status/1511082453112434690

162.14.64.39:4433

# Reference: https://www.virustotal.com/gui/file/c3095cea4f4901ea9a22e63aa45b9aa54969f7ecb210eee9af551d23eafb6f1a/detection
# Reference: https://www.virustotal.com/gui/file/bd7c92fa7fc80755c375df93e0b55f59aa1dd266bc1a972668a57d4a988816ab/detection

43.128.141.86:6985
gengxin.poxiaowy.com
mh.poxiaowy.com

# Reference: https://twitter.com/drb_ra/status/1511252858750087171

170.130.55.153:1446

# Reference: https://twitter.com/drb_ra/status/1511252862629818371

http://161.35.127.99

# Reference: https://twitter.com/drb_ra/status/1511252868292132864

170.130.55.153:1447

# Reference: https://twitter.com/drb_ra/status/1511252878157127680

197.96.206.45:443

# Reference: https://twitter.com/drb_ra/status/1511263408875876352

20.92.125.177:443

# Reference: https://twitter.com/drb_ra/status/1511263452999917572

us-central1-il-5263.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1511263462948806656

121.4.216.18:443

# Reference: https://twitter.com/drb_ra/status/1511295946629472263

http://23.225.180.182

# Reference: https://twitter.com/drb_ra/status/1511295977575096324

192.109.98.38:2052

# Reference: https://twitter.com/drb_ra/status/1511296007795097602

http://188.212.125.180

# Reference: https://twitter.com/drb_ra/status/1511296037469753352

139.180.156.166:5555

# Reference: https://twitter.com/drb_ra/status/1511296067287060480

38.242.200.206:8888

# Reference: https://twitter.com/drb_ra/status/1511296093274923008

http://144.34.164.138

# Reference: https://twitter.com/drb_ra/status/1511296123138412544

47.243.51.155:8442

# Reference: https://twitter.com/drb_ra/status/1511296151496110083

88.208.224.90:8443

# Reference: https://twitter.com/drb_ra/status/1511296179220451332

64.112.43.240:22222

# Reference: https://twitter.com/drb_ra/status/1511296204340088840

137.184.238.40:8901

# Reference: https://twitter.com/drb_ra/status/1511296230592237571

cdn.mikoto.eu.org

# Reference: https://twitter.com/drb_ra/status/1511296266797555712

154.39.240.182:443

# Reference: https://twitter.com/drb_ra/status/1511296296396673024

92.255.85.95:89

# Reference: https://twitter.com/drb_ra/status/1511296329967935488

51.79.168.175:8443

# Reference: https://twitter.com/drb_ra/status/1511296383168524290

test2.bilibili.cc

# Reference: https://twitter.com/drb_ra/status/1511296390676324352

129.226.175.75:8765

# Reference: https://twitter.com/drb_ra/status/1511296423295344645

midea.msunion.eu.org

# Reference: https://twitter.com/drb_ra/status/1511296469227167746

107.148.130.48:888

# Reference: https://twitter.com/drb_ra/status/1511296509740003332

20.37.251.43:86

# Reference: https://twitter.com/drb_ra/status/1511296539876073477
# Reference: https://twitter.com/drb_ra/status/1511296540840808451

d1pv4r4djlz5co.cloudfront.net
d21i49aag6le6s.cloudfront.net
d3eb5ybi0t5ao9.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1511296541872558083

d21i49aag6le6s.cloudfront.net
d2owe3848l5ij8.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1511296612257181697

43.154.21.137:8080

# Reference: https://twitter.com/drb_ra/status/1511296657580863498

162.33.178.57:9112

# Reference: https://twitter.com/drb_ra/status/1511296689554042881

149.127.176.42:443

# Reference: https://twitter.com/drb_ra/status/1511296724853301251

51.210.243.38:5278

# Reference: https://twitter.com/drb_ra/status/1511296750715342848

94.158.247.41:8443

# Reference: https://twitter.com/drb_ra/status/1511296778250948613

http://202.182.124.11

# Reference: https://twitter.com/drb_ra/status/1511296809397850113

http://139.9.211.36

# Reference: https://twitter.com/drb_ra/status/1511296838229495816

45.153.240.249:443

# Reference: https://twitter.com/drb_ra/status/1511296870936625153

http://78.141.208.98

# Reference: https://twitter.com/drb_ra/status/1511296937236090881

103.233.9.123:801

# Reference: https://twitter.com/drb_ra/status/1511296968684879878

47.243.51.155:8443

# Reference: https://twitter.com/drb_ra/status/1511296999148212232

http://54.80.123.111

# Reference: https://twitter.com/drb_ra/status/1511297035143720960

service-8x3ac0it-1253616111.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1511297070493278211

http://149.248.61.8

# Reference: https://twitter.com/drb_ra/status/1511297100788736000

120.53.121.243:11111

# Reference: https://twitter.com/drb_ra/status/1511354041934225418

107.148.130.48:443

# Reference: https://twitter.com/drb_ra/status/1511354152118628355

193.29.104.147:443

# Reference: https://twitter.com/drb_ra/status/1511354198633373696

185.135.72.100:81

# Reference: https://twitter.com/drb_ra/status/1511354288810999810

http://139.180.156.166

# Reference: https://twitter.com/drb_ra/status/1511354370293645313

51.79.168.175:443

# Reference: https://twitter.com/drb_ra/status/1511386289278492672

158.247.222.223:443

# Reference: https://twitter.com/drb_ra/status/1511386348174905352

service-qk3q28w3-1306289257.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1511386383054782470

46.21.159.174:443

# Reference: https://twitter.com/drb_ra/status/1511386416479092745

158.247.219.80:8081

# Reference: https://twitter.com/drb_ra/status/1511386439237488644

http://194.37.97.153
194.37.97.153:443
updateraccount.com

# Reference: https://twitter.com/drb_ra/status/1511386466655604741
# Reference: https://twitter.com/drb_ra/status/1511386546389323776

http://89.40.206.121
89.40.206.121:1080

# Reference: https://twitter.com/drb_ra/status/1511386514206384133

139.9.211.36:8081

# Reference: https://twitter.com/drb_ra/status/1511386556879282182

http://179.60.150.79

# Reference: https://twitter.com/drb_ra/status/1511386567415324683

service-3y6wycis-1301916863.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1511386607374503949

194.163.40.3:2080

# Reference: https://twitter.com/drb_ra/status/1511386680816721931

http://46.21.159.174

# Reference: https://twitter.com/drb_ra/status/1511386730766774273

1.14.93.219:443

# Reference: https://www.virustotal.com/gui/file/b9577087de8daf8cb55f2df48bb995e6fa4d46188127155accd2a3ec35b67761/detection
# Reference: https://www.virustotal.com/gui/file/977ba4391879bd13880b00b01d8c6503be240c31f9c665c747aa5d5a6ff2158e/detection
# Reference: https://www.virustotal.com/gui/file/92346621a27b21b1f9aa38ba9f8f3fd6758427b945df260d4cb0c14ae4352b71/detection
# Reference: https://www.virustotal.com/gui/file/13867734ba9a065e09902fe440e521befe87f4ac463c34748aaba064a9ee9341/detection

101.35.147.122:22222

# Reference: https://twitter.com/ian_kenefick/status/1511383127918325761

dezword.com
everythingchecker.com
securitycheckeronline.com

# Reference: https://twitter.com/drb_ra/status/1511434039252684804

207.148.67.221:9779

# Reference: https://twitter.com/drb_ra/status/1511436503498608647

http://81.68.141.85

# Reference: https://twitter.com/drb_ra/status/1511436542782459909

124.70.2.117:10008

# Reference: https://twitter.com/malwrhunterteam/status/1511444153334480898
# Reference: https://www.virustotal.com/gui/file/06b5a4e0404dcd0288740078a5e862554d0b157945cd0a59071d89e4d021fe63/detection

81.71.25.251:33180
81.71.25.251:4433

# Reference: https://www.virustotal.com/gui/file/0c7786afe1888faa6c9ad8fc8b4a9efa8428bd359c6ba90f1dde6136a5d2ad87/detection

158.247.203.34:53087

# Reference: https://www.virustotal.com/gui/file/eac7caeca410b53d0a836e105020ebd6f37fc5baf76a4b6f5a990a583025e4e0/detection
# Reference: https://www.virustotal.com/gui/file/bc682bf8d53655346badd066e468e79aae9f10444b4c7f530d2d7ece05dfd680/detection
# Reference: https://www.virustotal.com/gui/file/a240fe7ad7c0a289cdde40cedb12bc97f19c14fd4aed6be8bedb7ceacf609b9b/detection
# Reference: https://www.virustotal.com/gui/file/a240fe7ad7c0a289cdde40cedb12bc97f19c14fd4aed6be8bedb7ceacf609b9b/detection

102.221.129.243:443

# Reference: https://www.virustotal.com/gui/file/9cbfe71f04c554ceb95634ebdb67de0c73d9b8a9655e872d52edd0812d3807c5/detection

102.221.129.243:55756

# Reference: https://twitter.com/drb_ra/status/1511476823527501828

119.29.155.11:12580

# Reference: https://twitter.com/drb_ra/status/1511476846956888067

101.35.94.164:3001

# Reference: https://twitter.com/drb_ra/status/1511476869912166400

165.227.104.189:443

# Reference: https://twitter.com/drb_ra/status/1511476905702264832

149.167.94.36:8081

# Reference: https://twitter.com/drb_ra/status/1511476976502120450

77.88.196.146:443

# Reference: https://twitter.com/drb_ra/status/1511477011058991106

49.233.42.178:8089

# Reference: https://twitter.com/drb_ra/status/1511477039035031561

http://94.140.115.139

# Reference: https://twitter.com/drb_ra/status/1511477069473099778

49.232.137.36:7777

# Reference: https://twitter.com/drb_ra/status/1511477097558167563

161.35.218.255:82

# Reference: https://twitter.com/drb_ra/status/1511477107876057101

78.128.112.216:443

# Reference: https://twitter.com/drb_ra/status/1511477132861526021

141.164.43.111:443

# Reference: https://twitter.com/drb_ra/status/1511477157243105282

23.83.237.106:8080

# Reference: https://twitter.com/drb_ra/status/1511477186976493568

45.155.204.102:443

# Reference: https://twitter.com/drb_ra/status/1511477213568319489

1.117.214.184:6666

# Reference: https://twitter.com/drb_ra/status/1511477244975321099

microsoft-security.ml

# Reference: https://twitter.com/drb_ra/status/1511477278546567170

explorerupdaterr.com

# Reference: https://twitter.com/drb_ra/status/1511477320909004801

192.109.98.38:2096

# Reference: https://twitter.com/drb_ra/status/1511477384167497734

http://82.157.157.102

# Reference: https://twitter.com/drb_ra/status/1511477423585603591

mmhcloud.azurewebsites.net

# Reference: https://twitter.com/drb_ra/status/1511477451578347521

138.197.186.150:443

# Reference: https://twitter.com/drb_ra/status/1511477487716478980

124.223.206.101:10101

# Reference: https://twitter.com/drb_ra/status/1511477523170930690

service-lj4uyvc5-1257246623.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1511477596877467651

detectportalsecure.xyz

# Reference: https://twitter.com/drb_ra/status/1511477636689711115

182.151.54.79:889
42.193.253.200:443

# Reference: https://twitter.com/drb_ra/status/1511477673616453638

http://107.148.130.48

# Reference: https://twitter.com/drb_ra/status/1511477740209422338

src.baidu.cn.cdn.dnsv1.com.cn

# Reference: https://twitter.com/drb_ra/status/1511477777488388099

88.208.224.90:81

# Reference: https://twitter.com/drb_ra/status/1511477807678992392

setechnowork.com

# Reference: https://twitter.com/drb_ra/status/1511477839610232838

http://84.32.188.16

# Reference: https://twitter.com/drb_ra/status/1511477869930766345

http://95.179.178.245

# Reference: https://twitter.com/drb_ra/status/1511618098209636364
# Reference: https://www.virustotal.com/gui/file/13d8f5ab3ce06e4dceb2d44db18d2d55c1eb89a8f2c294ae681d07e2ce06617d/detection

service-cxv8s8ve-1310110564.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1511618166371373060

47.250.44.81:443

# Reference: https://twitter.com/drb_ra/status/1511618211577573377

47.107.78.225:1443

# Reference: https://twitter.com/drb_ra/status/1511659224517984257

121.4.233.179:8081
172.81.216.104:8081

# Reference: https://twitter.com/drb_ra/status/1511659313852518404

fluoxi.com

# Reference: https://twitter.com/drb_ra/status/1511659339781586946

129.226.175.75:44300

# Reference: https://twitter.com/drb_ra/status/1511659398363500547

http://159.75.246.13

# Reference: https://twitter.com/drb_ra/status/1511659438427590668

185.228.83.70:443

# Reference: https://twitter.com/drb_ra/status/1511659506698276867

139.9.142.162:443

# Reference: https://twitter.com/drb_ra/status/1511659556908240900

124.223.95.48:443

# Reference: https://twitter.com/drb_ra/status/1511659587061096452

103.223.122.13:8441

# Reference: https://twitter.com/drb_ra/status/1511659655499501573

137.184.50.136:4444
194.147.86.159:4444

# Reference: https://twitter.com/drb_ra/status/1511715499150913537

120.24.64.98:443

# Reference: https://twitter.com/drb_ra/status/1511715694102159366

http://84.32.188.93

# Reference: https://twitter.com/Max_Mal_/status/1511708380838170624

dixavokij.com
vasepinay.com

# Reference: https://www.virustotal.com/gui/file/9e6359137df961b971ea2e52cbed6d8d33b268778503973d06589afc0d41b2bd/detection

182.92.67.97:443

# Reference: https://www.virustotal.com/gui/file/74058af35081f67ffa7fc8ff0da00e5c5498f2ff8e8d34cca5d9da312093412f/detection

1.15.105.133:9999

# Reference: https://www.virustotal.com/gui/file/166baacef8d239b61c1092335bb05b6e1ce6bc7a88c614ed6522d9a5a2418236/detection

http://1.15.105.133

# Reference: https://twitter.com/drb_ra/status/1511750758391287814

121.4.168.177:9099

# Reference: https://twitter.com/drb_ra/status/1511750890495131657

81.70.162.112:8888

# Reference: https://twitter.com/drb_ra/status/1511750935541915654

119.91.127.214:443

# Reference: https://twitter.com/drb_ra/status/1511751010754174981

http://159.75.37.44

# Reference: https://twitter.com/drb_ra/status/1511751051111714818

d39d1x26ycwflz.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1511751052269342736

govfiles.org

# Reference: https://twitter.com/drb_ra/status/1511751116098261005

1.116.88.240:8443
china-flash.ga
cdn.china-flash.ga

# Reference: https://twitter.com/drb_ra/status/1511751192015216640

81.17.30.251:8443
johnsjennifer.com

# Reference: https://www.virustotal.com/gui/file/305b833e3e94f94eff4142f4f125b2a6c0e5bc6f3b8a1e3912c261bbfd592953/detection

49.235.69.23:6666

# Reference: https://www.virustotal.com/gui/file/0be8243718afe20c541f10ce1b56086d7ed077ef9189f4b0aec9c68ed504365d/detection

42.192.37.193:443

# Reference: https://www.virustotal.com/gui/file/f6b87a0237b3c237310e00981d1f7586373b4dc96f34f0de766ad12c16b8ccdf/detection
# Reference: https://www.virustotal.com/gui/file/da3c56d829f1221e5ee23a9b45ac3942d55aced840b41a7086dc8468592b0390/detection
# Reference: https://www.virustotal.com/gui/file/5ae2ca4959d329e3cde72892d4c2de9b18900add9c8bc59e7268174945257b4f/detection
# Reference: https://www.virustotal.com/gui/file/5585da0d0da2a440a119c38c8645f74e2b01aa7ab16fa0dd959e16e1d0f96140/detection
# Reference: https://www.virustotal.com/gui/file/472924fa78337915c137e38a25935228ec37b6bed882477ad19b1a0adea64ab6/detection

121.36.192.30:8445

# Reference: https://twitter.com/kyleehmke/status/1511719309768331264

mscenterupd.com
updatemscenter.com

# Reference: https://www.virustotal.com/gui/file/d0c9170e59a31dedb226fe1e570d9039f6ea92f0d80dfd19dc28432368024f36/detection
# Reference: https://www.virustotal.com/gui/file/5eb8ef67c456cc6b05d8447a3e62befcf46618cff5d97263d7a67cb3c29c48a2/detection

172.67.160.183:2053
172.67.160.183:8080
zonecord.xyz

# Reference: https://www.virustotal.com/gui/file/d406ea9d8899250c2e7616bb1f231236ff841f3c8252bc28549362a3b0385303/detection

216.83.55.23:8089

# Reference: https://www.virustotal.com/gui/file/cf1c8706952c7e8070ca3df8a6cb849729268b247daf038016daadb26756adce/detection
# Reference: https://www.virustotal.com/gui/file/c10815c84d55cf6b3676ade93f14c137229f3fd9edc053471d6c18a59377f5d3/detection
# Reference: https://www.virustotal.com/gui/file/12d0cce00cac4ae99d4c40702ec45da1a9f1b47116bda5f5bd6b9e2da46803f4/detection

82.156.199.190:8008

# Reference: https://twitter.com/drb_ra/status/1511796431564201995

104.254.100.98:443

# Reference: https://twitter.com/drb_ra/status/1511796434458271754

185.62.58.8:443

# Reference: https://twitter.com/drb_ra/status/1511796438648434696

91.219.215.6:443

# Reference: https://twitter.com/drb_ra/status/1511807128469712896

124.222.116.76:88

# Reference: https://twitter.com/drb_ra/status/1511807166134603782

124.223.85.207:4433

# Reference: https://twitter.com/drb_ra/status/1511807277254197251

test.cmbchina.com
cmbsec.test.cmbchina.com

# Reference: https://twitter.com/drb_ra/status/1511841014079799300

criticallizard.com
ns1.criticallizard.com
omnitruck.chef.io

# Reference: https://twitter.com/drb_ra/status/1511841055548788743

ppew.au

# Reference: https://twitter.com/drb_ra/status/1511841111521869833

45.32.73.194:443

# Reference: https://twitter.com/drb_ra/status/1511841169340534784

185.3.45.6:443

# Reference: https://twitter.com/drb_ra/status/1511841241641758724

20.37.251.43:91

# Reference: https://twitter.com/drb_ra/status/1511841294804529153

769372677sharepoint.com

# Reference: https://twitter.com/drb_ra/status/1511841345761067010

comp.freeboxos.fr

# Reference: https://twitter.com/drb_ra/status/1511841385971961866

94.140.115.139:443

# Reference: https://twitter.com/drb_ra/status/1511841427524927492

106.52.95.229:8899

# Reference: https://twitter.com/drb_ra/status/1511841453743476744

http://46.166.162.122

# Reference: https://twitter.com/drb_ra/status/1511841487994204175

http://20.222.195.226

# Reference: https://twitter.com/drb_ra/status/1511841532348936199

http://43.154.126.145

# Reference: https://twitter.com/drb_ra/status/1511841571603423235
# Reference: https://twitter.com/drb_ra/status/1511841572731736068
# Reference: https://twitter.com/drb_ra/status/1511841573826445318

d1xbkhv2md3sgv.cloudfront.net
dkw27ltz8ozgs.cloudfront.net
dlx6f3s5f0rx2.cloudfront.net
dubzaav687snd.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1511841693112414208

149.28.50.239:8443
bre1ce.top
cs.bre1ce.top

# Reference: https://twitter.com/drb_ra/status/1511841747818721280

aspdotnetpro.com

# Reference: https://twitter.com/drb_ra/status/1511841754529640449

service-cxv8s8ve-1310110564.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512020092195946497

apicloud-ms.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1512020192263655429

service-1bl5ajl6-1302026685.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512020273771470858

http://114.115.152.53

# Reference: https://twitter.com/drb_ra/status/1512020307724447745

service-qk3q28w3-1306289257.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512020368357220354

39.108.132.121:8080

# Reference: https://twitter.com/TheDFIRReport/status/1512056347155607558

centrywards.com
kemasu.site
pzs.life
softwareupdater.net
whoamise.art
proxy1-h2a7gdgeawbbcsad.azureedge.net
cs.whoamise.art
p.pzs.life
faka.kemasu.site
wz1.kemasu.site

# Reference: https://twitter.com/drb_ra/status/1512078773826453516

1.14.76.111:4443

# Reference: https://twitter.com/drb_ra/status/1512078821213704208

proxy1-h2a7gdgeawbbcsad.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1512078981163413511

service-azi0skfc-1257842239.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512110726827200514

http://49.235.224.81

# Reference: https://twitter.com/drb_ra/status/1512110785383829513

http://34.94.170.250

# Reference: https://twitter.com/drb_ra/status/1512110824998985730

165.22.247.3:8443

# Reference: https://twitter.com/drb_ra/status/1512110856850526208

91.243.44.9:443

# Reference: https://twitter.com/drb_ra/status/1512110893345218565

http://54.169.32.94

# Reference: https://twitter.com/drb_ra/status/1512110928862535687

216.238.66.153:15555

# Reference: https://twitter.com/drb_ra/status/1512110970507780102

1.199.75.147:2087
laozhangsb.cf
ssh.laozhangsb.cf

# Reference: https://twitter.com/drb_ra/status/1512111000266420229

81.17.22.76:8443

# Reference: https://twitter.com/drb_ra/status/1512111050769973250

92.204.160.240:443

# Reference: https://twitter.com/drb_ra/status/1512111114427019268

20.37.251.43:92

# Reference: https://twitter.com/drb_ra/status/1512111138712039425

20.37.251.43:95

# Reference: https://twitter.com/drb_ra/status/1512111167778562054

205.185.119.188:443

# Reference: https://twitter.com/drb_ra/status/1512111198409535494

194.163.43.118:2080

# Reference: https://twitter.com/drb_ra/status/1512111227656445957

91.240.118.105:443

# Reference: https://twitter.com/drb_ra/status/1512111269951774720

88.208.224.90:8443

# Reference: https://twitter.com/drb_ra/status/1512111272615153666

service-cxv8s8ve-1310110564.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512111308195471363

http://216.127.170.91

# Reference: https://twitter.com/drb_ra/status/1512111339556200453

198.13.59.80:8443

# Reference: https://twitter.com/drb_ra/status/1512111368652173318

24.233.26.131:39001

# Reference: https://twitter.com/drb_ra/status/1512111419214475282

179.60.150.79:443

# Reference: https://twitter.com/drb_ra/status/1512111467172085761

35.178.96.140:443

# Reference: https://twitter.com/drb_ra/status/1512111506254663685

45.148.29.14:443

# Reference: https://twitter.com/drb_ra/status/1512111573866799113

158.247.221.108:8090

# Reference: https://twitter.com/drb_ra/status/1512111605278035969

5.188.33.94:2096
f1ash.ml

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-05-IOCs-for-Bumblebee-and-Cobalt-Strike.txt

cuhitiro.com

# Reference: https://twitter.com/Max_Mal_/status/1512181164043292672
# Reference: https://twitter.com/Max_Mal_/status/1512181178052317191

hojimizeg.com
notixow.com
rewujisaf.com

# Reference: https://twitter.com/drb_ra/status/1512201289152794624

64.44.141.37:443

# Reference: https://twitter.com/drb_ra/status/1512201356282675202

124.221.244.23:443

# Reference: https://twitter.com/drb_ra/status/1512201391137247239

http://49.234.143.151

# Reference: https://twitter.com/drb_ra/status/1512201445994549261

http://110.42.232.158

# Reference: https://twitter.com/drb_ra/status/1512201484968112139

http://60.205.206.146

# Reference: https://twitter.com/drb_ra/status/1512201511840976898

193.29.13.159:443

# Reference: https://twitter.com/drb_ra/status/1512201572796751872

http://44.235.171.131

# Reference: https://twitter.com/drb_ra/status/1512201651083431940

159.223.208.215:443

# Reference: https://twitter.com/drb_ra/status/1512201692833591298

service-hsz3msrq-1310005656.sg.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512201726291591170

http://101.43.66.252

# Reference: https://twitter.com/drb_ra/status/1512350665674219521

http://119.91.127.214

# Reference: https://twitter.com/drb_ra/status/1512350851087613955

1.199.75.147:9090

# Reference: https://twitter.com/drb_ra/status/1512350880766570500

http://23.83.237.106

# Reference: https://twitter.com/drb_ra/status/1512381791029673984

120.77.80.242:20211
microsoft.radio.fm

# Reference: https://twitter.com/drb_ra/status/1512381818624000011

82.157.149.243:10311

# Reference: https://twitter.com/drb_ra/status/1512381898542178310

http://124.233.52.181
http://124.233.52.182

# Reference: https://twitter.com/drb_ra/status/1512381947745611782

service-iwok6rhq-1307615483.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512382004125487109

http://49.233.121.129

# Reference: https://twitter.com/drb_ra/status/1512382063973908483

service-r2tscjhh-1257078281.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512382124938207244

82.156.196.27:8080

# Reference: https://twitter.com/drb_ra/status/1512441312955580422

124.71.215.111:61235

# Reference: https://twitter.com/drb_ra/status/1512473656491921417

124.223.95.48:2333

# Reference: https://twitter.com/drb_ra/status/1512473730735382534

1.15.228.201:5555

# Reference: https://twitter.com/drb_ra/status/1512473732220129288

http://139.196.179.50

# Reference: https://twitter.com/drb_ra/status/1512473770753236994

bing-maps.earth

# Reference: https://twitter.com/drb_ra/status/1512473855536816129

139.180.187.71:8443
norahomespace.online

# Reference: https://twitter.com/drb_ra/status/1512473888202104839

101.201.154.42:8899

# Reference: https://twitter.com/drb_ra/status/1512473937359392770

43.228.126.49:443

# Reference: https://twitter.com/drb_ra/status/1512473977343680520

106.58.182.253:8092

# Reference: https://twitter.com/drb_ra/status/1512474016526831626

http://45.147.231.75

# Reference: https://twitter.com/drb_ra/status/1512474074362138632

http://101.43.29.159

# Reference: https://www.virustotal.com/gui/file/3d130fae0c5f872bee849e15a9ddf20af0c0296bb68402ed7770f6c95e8bf040/detection

167.71.180.71:1291

# Reference: https://twitter.com/drb_ra/status/1512531691432288261

http://81.70.162.112

# Reference: https://twitter.com/drb_ra/status/1512531717625630723

http://152.32.240.7

# Reference: https://twitter.com/drb_ra/status/1512563124087496710

179.43.142.36:8433

# Reference: https://twitter.com/drb_ra/status/1512563152415772678

hmthiooace.cfd
cdn.hmthiooace.cfd

# Reference: https://twitter.com/drb_ra/status/1512563185504727040

http://1.116.217.151

# Reference: https://twitter.com/drb_ra/status/1512563214831296525

95.179.207.142:9090

# Reference: https://twitter.com/drb_ra/status/1512563241305714688

service-6qdpcfup-1300110650.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512563270812581892

72.136.20.181:4444

# Reference: https://twitter.com/drb_ra/status/1512563293306728452

91.243.44.9:8080

# Reference: https://twitter.com/drb_ra/status/1512563314735394816

81.70.247.249:8080

# Reference: https://twitter.com/drb_ra/status/1512563373501820931

165.22.20.155:5080

# Reference: https://twitter.com/drb_ra/status/1512563392619368456

drt7efxx9io3f.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1512563423036555265

http://159.223.208.215

# Reference: https://twitter.com/drb_ra/status/1512563458864201739

13.124.56.181:800

# Reference: https://twitter.com/drb_ra/status/1512563497481162753

http://120.26.50.204
http://81.68.236.247

# Reference: https://twitter.com/drb_ra/status/1512563534177218565

147.78.47.247:2107

# Reference: https://twitter.com/drb_ra/status/1512563559892492290

http://193.29.13.159

# Reference: https://twitter.com/drb_ra/status/1512563588669616128

154.22.124.11:8443

# Reference: https://twitter.com/drb_ra/status/1512563634865590277

8.210.181.149:16678

# Reference: https://twitter.com/drb_ra/status/1512563658949373960

http://35.177.254.238

# Reference: https://twitter.com/drb_ra/status/1512563701806780425

45.227.255.216:443

# Reference: https://twitter.com/drb_ra/status/1512563746622820356

krbtgt.xyz
pages.krbtgt.xyz

# Reference: https://twitter.com/drb_ra/status/1512563792072384515

a5emef8iw0.execute-api.us-east-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1512563793418924032

fqicudrbaf.execute-api.us-east-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1512563794647654409

30dckcweuf.execute-api.us-east-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1512563860456316933

trademot.finance

# Reference: https://twitter.com/drb_ra/status/1512563888486760449

http://1.15.74.43

# Reference: https://twitter.com/drb_ra/status/1512563937337827332

http://42.193.105.60

# Reference: https://twitter.com/drb_ra/status/1512563968400887809

91.132.59.205:85

# Reference: https://twitter.com/drb_ra/status/1512564001896640512

176.113.71.66:8080
kdacc.cc

# Reference: https://twitter.com/drb_ra/status/1512564031411863552

http://139.180.217.200

# Reference: https://twitter.com/drb_ra/status/1512564061413818376

158.247.221.108:8089

# Reference: https://twitter.com/drb_ra/status/1512564089549201413

http://167.179.82.204

# Reference: https://twitter.com/drb_ra/status/1512564117076430855

http://193.169.62.8

# Reference: https://twitter.com/drb_ra/status/1512564145417293834

http://45.147.231.151

# Reference: https://twitter.com/drb_ra/status/1512713080647602180

158.247.222.223:10443

# Reference: https://twitter.com/drb_ra/status/1512713218963255300

http://84.32.188.245

# Reference: https://www.virustotal.com/gui/file/dff15593ea30dd5a3c144ee2445ccb3bce2c030da0f43d3a515a510287c48344/detection
# Reference: https://www.virustotal.com/gui/file/1fa5aa9257e6cf846276d7d8a1ddc49371192c986716393c3b9342401ed4d3eb/detection

91.121.177.204:8080
cloud.onionpeel.fr

# Reference: https://www.virustotal.com/gui/file/ceb69a169701f8ca005041eb03ae8ce2a0a6b095a67928289ec6439541452cc9/detection

91.121.177.204:8081

# Reference: https://www.virustotal.com/gui/file/cda7c23020ba2800ea4108be4b9f31ff9c7fc98568188913f4af7c3697d3837b/detection

91.121.177.204:4443

# Reference: https://www.virustotal.com/gui/file/aec3489b3df2fb987fa80a0e20aa4946ba3d9bab1f344d68429b7f3c01326485/detection

91.121.177.204:4444

# Reference: https://www.virustotal.com/gui/file/96aa50115c3e8716175dda5f64b8b860db0f65bd0b7a73deecdbdd725bf54ab1/detection

91.121.177.204:443

# Reference: https://www.virustotal.com/gui/file/84cc10f1cf4c3b25dd8254dff51d49dd2874c29fa7c7a85d49c53c7943edca06/detection
# Reference: https://www.virustotal.com/gui/file/00d5243ac4a1969a26f8fd49d36ff64183cc4170e49ac45c099f762a895fc554/detection

91.121.177.204:4343
test.onionpeel.fr

# Reference: https://www.virustotal.com/gui/file/fd5638cb57d7e4eb4adb1b960ca8aa83d37fb5717b28d13437eeea16fdbce836/detection

npc.xinchen.space

# Reference: https://www.virustotal.com/gui/file/63c38126dcb7a39125c1c87c9fef73443409f06ba70e6fe4926072aeffd2107c/detection

159.27.233.96:25565

# Reference: https://www.virustotal.com/gui/file/bb1d0c9ab1f1fd27661cbd3c282bd7d8fb0cd841a40310fddd5c6be11542c0b8/detection

42.194.162.22:566

# Reference: https://www.virustotal.com/gui/file/7299fa53783f65fa1178fe5e9f8de1ce91bbc18706ed53d94d7f2dba7d70c35c/detection

42.194.162.22:8000

# Reference: https://twitter.com/drb_ra/status/1512744842270580737

http://43.128.166.29

# Reference: https://twitter.com/drb_ra/status/1512744939377119236

devil-d.vip
cs.devil-d.vip

# Reference: https://twitter.com/drb_ra/status/1512744988639170560

8.142.71.234:645

# Reference: https://twitter.com/drb_ra/status/1512745027520323586

154.22.124.57:8443

# Reference: https://twitter.com/drb_ra/status/1512745086144200705

47.101.181.195:82

# Reference: https://twitter.com/drb_ra/status/1512803761143623680

http://45.147.231.151

# Reference: https://twitter.com/drb_ra/status/1512834739757006852

service-agql1s0a-1256203339.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1512834815191666698

101.34.142.142:443

# Reference: https://twitter.com/drb_ra/status/1512834863824576515

http://150.158.150.27

# Reference: https://twitter.com/drb_ra/status/1512834903007805443

106.13.11.45:8080

# Reference: https://twitter.com/drb_ra/status/1512834941951922181

http://8.134.208.158

# Reference: https://twitter.com/drb_ra/status/1512834990874189831

http://54.186.147.121

# Reference: https://twitter.com/drb_ra/status/1512835040304062468

http://8.129.237.254

# Reference: https://www.virustotal.com/gui/file/939d32297e35e3e699f56551cf7dbe3abdc0ae6e0985d7a648c5f83662a6de8e/detection

110.42.216.149:6666

# Reference: https://www.virustotal.com/gui/file/579858de05d557713793e26263e80fcdca064467734522372c3b540ac94158d5/detection

http://46.166.169.34

# Reference: https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/
# Reference: https://otx.alienvault.com/pulse/61bb31bceb547f7142333d49

http://192.34.109.104

# Reference: https://twitter.com/drb_ra/status/1512925791516086281

107.182.186.120:2082
qianxinfile.cf

# Reference: https://twitter.com/drb_ra/status/1512925821513703438

8.210.254.82:443

# Reference: https://twitter.com/drb_ra/status/1512925855152054276

101.35.142.171:8081

# Reference: https://twitter.com/drb_ra/status/1512925895169822724

d6x80ukgqgjvy.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1512926004733526019

3.237.99.150:443
guggenheimpartners-survey.com

# Reference: https://twitter.com/drb_ra/status/1512926044227051522

mircosfot.online
update.mircosfot.online

# Reference: https://twitter.com/drb_ra/status/1512926128385703943

149.28.128.217:8443

# Reference: https://twitter.com/drb_ra/status/1512926225790124036

149.28.128.217:443

# Reference: https://twitter.com/drb_ra/status/1512926169477398529

120.78.219.3:443

# Reference: https://twitter.com/drb_ra/status/1512926196094631939

cloudsecure.top

# Reference: https://twitter.com/drb_ra/status/1512926268739698691

47.250.44.81:83

# Reference: https://twitter.com/drb_ra/status/1512926293859483657

45.227.255.216:8080

# Reference: https://twitter.com/drb_ra/status/1512926336733560834

http://43.135.22.54

# Reference: https://twitter.com/drb_ra/status/1512926370032193540

43.154.131.126:9090

# Reference: https://twitter.com/drb_ra/status/1512926432506359813

176.113.71.232:6666

# Reference: https://twitter.com/drb_ra/status/1512998102638206977

bbcnews.site

# Reference: https://twitter.com/drb_ra/status/1513075396396335110

45.147.231.151:443

# Reference: https://twitter.com/drb_ra/status/1513075429648838656

http://165.227.104.189

# Reference: https://twitter.com/drb_ra/status/1513075549253554179

110.42.252.197:4444

# Reference: https://twitter.com/drb_ra/status/1513075702903578627

http://107.189.30.131

# Reference: https://twitter.com/drb_ra/status/1513106432182431751

185.51.246.51:1337

# Reference: https://twitter.com/drb_ra/status/1513106572528033795

46.101.183.241:443

# Reference: https://twitter.com/drb_ra/status/1513106626017959938

185.51.246.51:443

# Reference: https://twitter.com/drb_ra/status/1513199795292282885

154.214.143.219:8090

# Reference: https://twitter.com/drb_ra/status/1513199814896406530

154.214.143.213:8090

# Reference: https://twitter.com/drb_ra/status/1513199835998048261

156.239.84.56:8090

# Reference: https://twitter.com/drb_ra/status/1513199854180356100

156.238.98.205:8090

# Reference: https://twitter.com/drb_ra/status/1513199872303898624

154.80.228.220:8090

# Reference: https://twitter.com/drb_ra/status/1513199891945775112

207.148.76.15:4001

# Reference: https://twitter.com/drb_ra/status/1513199913462599686

156.238.126.16:8090

# Reference: https://twitter.com/drb_ra/status/1513199931540004877

156.238.126.11:8090

# Reference: https://twitter.com/drb_ra/status/1513199952931037191

156.238.98.197:8090

# Reference: https://twitter.com/drb_ra/status/1513199972250009606

154.80.228.199:8090

# Reference: https://twitter.com/drb_ra/status/1513199992630091781

154.80.176.46:8090

# Reference: https://twitter.com/drb_ra/status/1513200010313224206

154.214.136.56:8090

# Reference: https://twitter.com/drb_ra/status/1513200028004888578

156.238.126.18:8090

# Reference: https://twitter.com/drb_ra/status/1513200045075619845

154.214.143.198:8090

# Reference: https://twitter.com/drb_ra/status/1513200062935015425

156.238.126.17:8090

# Reference: https://twitter.com/drb_ra/status/1513200082581139459

23.19.227.58:4433
3cmmsa.online

# Reference: https://twitter.com/drb_ra/status/1513200104383164418

154.80.176.50:8090

# Reference: https://twitter.com/drb_ra/status/1513200125967015943

154.80.228.209:8090

# Reference: https://twitter.com/drb_ra/status/1513200150801522694

156.238.98.202:8090

# Reference: https://twitter.com/drb_ra/status/1513200184364253187

156.238.126.6:8090

# Reference: https://twitter.com/drb_ra/status/1513200215335084040

154.214.143.209:8090

# Reference: https://twitter.com/drb_ra/status/1513200236486873090

156.238.126.30:8090

# Reference: https://twitter.com/drb_ra/status/1513200266186739718

45.194.246.136:8090

# Reference: https://twitter.com/drb_ra/status/1513200317206343684

45.194.246.137:8090

# Reference: https://twitter.com/drb_ra/status/1513200356813115396

156.238.126.15:8090

# Reference: https://twitter.com/drb_ra/status/1513200401717379079

154.80.176.47:8090

# Reference: https://twitter.com/drb_ra/status/1513200434487431176

156.238.126.19:8090

# Reference: https://twitter.com/drb_ra/status/1513200480138182668

localhost.gd

# Reference: https://twitter.com/drb_ra/status/1513200510974799883

154.80.176.54:8090

# Reference: https://twitter.com/drb_ra/status/1513200529479983111

156.239.84.57:8090

# Reference: https://twitter.com/drb_ra/status/1513200548752855045

154.214.136.51:8090

# Reference: https://twitter.com/drb_ra/status/1513200566767435777

45.194.246.157:8090

# Reference: https://twitter.com/drb_ra/status/1513200584211550215

45.194.246.150:8090

# Reference: https://twitter.com/drb_ra/status/1513200600770568200

154.214.136.39:8090

# Reference: https://twitter.com/drb_ra/status/1513200618835525636

45.194.246.149:8090

# Reference: https://twitter.com/drb_ra/status/1513200635482624009

154.80.228.203:8090

# Reference: https://twitter.com/drb_ra/status/1513200653274857472

154.214.136.47:8090

# Reference: https://twitter.com/drb_ra/status/1513200672409329665

http://81.68.217.105

# Reference: https://twitter.com/drb_ra/status/1513200699043155977

45.194.246.158:8090

# Reference: https://twitter.com/drb_ra/status/1513201026580496391

156.239.84.61:8090

# Reference: https://twitter.com/drb_ra/status/1513201042925703170

156.239.84.37:8090

# Reference: https://twitter.com/drb_ra/status/1513201059358982144

154.80.176.62:8090

# Reference: https://twitter.com/drb_ra/status/1513201079340707842

156.238.98.207:8090

# Reference: https://twitter.com/drb_ra/status/1513201096818409476

104.149.169.14:50001

# Reference: https://twitter.com/drb_ra/status/1513201119111135234

154.214.143.205:8090

# Reference: https://twitter.com/drb_ra/status/1513201135112364033

156.238.98.217:8090

# Reference: https://twitter.com/drb_ra/status/1513201151864455177

156.238.126.25:8090

# Reference: https://twitter.com/drb_ra/status/1513201171023937543

156.239.84.36:8090

# Reference: https://twitter.com/drb_ra/status/1513201189785149449

156.238.126.14:8090

# Reference: https://twitter.com/drb_ra/status/1513201212635729925

154.80.228.222:8090

# Reference: https://twitter.com/drb_ra/status/1513201232902598669

45.194.246.151:8090

# Reference: https://twitter.com/drb_ra/status/1513201252791955462

154.80.176.43:8090

# Reference: https://twitter.com/drb_ra/status/1513201272119250944

154.214.136.44:8090

# Reference: https://twitter.com/drb_ra/status/1513201293585793030

156.238.126.5:8090

# Reference: https://twitter.com/drb_ra/status/1513201314439864324

156.238.126.4:8090

# Reference: https://twitter.com/drb_ra/status/1513201343930019842

154.214.143.211:8090

# Reference: https://twitter.com/drb_ra/status/1513201363987177480

45.194.246.133:8090

# Reference: https://twitter.com/drb_ra/status/1513201381334831111

154.214.143.218:8090

# Reference: https://twitter.com/drb_ra/status/1513201399101898761

156.238.98.194:8090

# Reference: https://twitter.com/drb_ra/status/1513201424599031815

156.238.98.208:8090

# Reference: https://twitter.com/drb_ra/status/1513201457977335821

154.80.228.218:8090

# Reference: https://twitter.com/drb_ra/status/1513201481201106949

154.80.176.60:8090

# Reference: https://twitter.com/drb_ra/status/1513201528202575880

156.238.126.7:8090

# Reference: https://twitter.com/drb_ra/status/1513201557482975235

156.239.84.35:8090

# Reference: https://twitter.com/drb_ra/status/1513201622834466816

45.194.246.132:8090

# Reference: https://twitter.com/drb_ra/status/1513201674168549384

154.80.228.197:8090

# Reference: https://twitter.com/drb_ra/status/1513201696146661379

156.239.84.43:8090

# Reference: https://twitter.com/drb_ra/status/1513201733618573313

156.238.126.13:8090

# Reference: https://twitter.com/drb_ra/status/1513201752950165507

http://121.5.187.134

# Reference: https://twitter.com/drb_ra/status/1513201781991485455

154.80.176.36:8090

# Reference: https://twitter.com/drb_ra/status/1513201804292599811

154.80.228.208:8090

# Reference: https://twitter.com/drb_ra/status/1513201823888334857

154.80.176.55:8090

# Reference: https://twitter.com/drb_ra/status/1513201840262889474

154.80.228.211:8090

# Reference: https://twitter.com/drb_ra/status/1513201856901693441

212.64.69.4:55555

# Reference: https://twitter.com/drb_ra/status/1513201880159162381

154.80.228.219:8090

# Reference: https://twitter.com/drb_ra/status/1513201898429759489

154.80.228.216:8090

# Reference: https://twitter.com/drb_ra/status/1513201921384980496

107.182.186.120:2083

# Reference: https://twitter.com/drb_ra/status/1513256621966868481

dllhost.accesscam.org

# Reference: https://www.virustotal.com/gui/file/3c2304fb0a6ec44f44ed14eafbcf074d7f775bc437eaf2fbd24e42ab8057e19a/detection
# Reference: https://www.virustotal.com/gui/file/1850aff5d12cf00975dd44553711403fd7ec609e5648e3536bb1166cebc25f46/detection

159.223.161.101:446
67.205.180.18:446
cstest20220319.accesscam.org

# Reference: https://twitter.com/drb_ra/status/1513288221832232965

54.94.121.224:443

# Reference: https://twitter.com/drb_ra/status/1513288282196652043

107.189.30.131:443

# Reference: https://twitter.com/drb_ra/status/1513288343945158663

http://121.5.239.178

# Reference: https://twitter.com/drb_ra/status/1513288422588391435

156.238.98.219:8090

# Reference: https://twitter.com/drb_ra/status/1513288447628349443

106.15.53.153:8443

# Reference: https://twitter.com/drb_ra/status/1513288478779494408

156.238.98.214:8090

# Reference: https://twitter.com/drb_ra/status/1513288507602657280

150.230.251.149:8080

# Reference: https://twitter.com/drb_ra/status/1513288529299873798

47.103.157.82:8000

# Reference: https://twitter.com/drb_ra/status/1513288545728974848

http://121.5.79.233

# Reference: https://twitter.com/drb_ra/status/1513438065116725249

http://206.189.41.190

# Reference: https://twitter.com/drb_ra/status/1513469886479192070

81.69.18.49:9000

# Reference: https://twitter.com/drb_ra/status/1513469943051870216

http://159.75.121.138

# Reference: https://twitter.com/drb_ra/status/1513469976543473669

194.40.243.5:443

# Reference: https://twitter.com/drb_ra/status/1513470007778451458

101.42.99.243:5443

# Reference: https://twitter.com/drb_ra/status/1513470062950289411

101.42.228.86:4444

# Reference: https://twitter.com/drb_ra/status/1513470075533152265

27.124.47.19:443

# Reference: https://twitter.com/kyleehmke/status/1513494817757609993
# Reference: https://twitter.com/sS55752750/status/1513497005896646662

mynetgearrouter.com
dev.mynetgearrouter.com

# Reference: https://twitter.com/malware_traffic/status/1513556366346137605
# Reference:https://www.virustotal.com/gui/ip-address/172.241.27.237/relations

kuxoemoli.com

# Reference: https://twitter.com/ian_kenefick/status/1513471679036542976

amusedkel.com

# Reference: https://www.virustotal.com/gui/file/ff12afc272534be580ed16807fc05f4c9a8f953306c347417f1b0c7128ef89e6/detection

http://101.43.166.241

# Reference: https://www.virustotal.com/gui/file/d210badcdccb6b65a7dcd167bd8169368cea2df5537b81e1aefbd87c3ec8f28f/detection

101.43.166.241:50051

# Reference: https://twitter.com/malwrhunterteam/status/1513611023881846786
# Reference: https://www.virustotal.com/gui/file/ab5558ff95c8c0d4b77c563bafd5c37bd65c8e6b55b166b6dd26b057eb7be4a4/detection

service-o4l94y6c-1305271611.gz.apigw.tencentcs.com

# Reference: https://twitter.com/malwrhunterteam/status/1513612600961122309
# Reference: https://www.virustotal.com/gui/file/c7587739644fe977161af220cf196e747630e24d7dd347dea1d0c9edd6515a5b/detection
# Reference: https://www.virustotal.com/gui/file/ba9c9e61cb64963560d97c442c0306fc570d0b020bf0ad95d9cb7730e76979d3/detection

124.70.20.10:50051

# Reference: https://www.virustotal.com/gui/file/f6909c33b8865518dab19aeb70a9693767a4d9a67b30a1336911698ff3ca4071/detection
# Reference: https://www.virustotal.com/gui/file/14d748e1d628c099bb39f8b9ece80429ad3b840a2fea216c0d3f09e8f893841e/detection

101.35.198.197:8006

# Reference: https://www.virustotal.com/gui/file/c098c7866abfffc4534422e14da0e976fbbb76940e58283fa76622ad0c416a46/detection

101.35.198.197:5555

# Reference: https://www.virustotal.com/gui/file/dac6f8a575eaa82cc36d9ba04b8c8edde8c19b4be88d735592ae20d94ec38e6b/detection

101.34.176.78:6666

# Reference: https://www.virustotal.com/gui/file/97b044bc9b72b6e2631d0b1534dcca6a7eacab480b13940a0bae520553a5b9de/detection
# Reference: https://www.virustotal.com/gui/file/3350ca1a769a29d62aa15ce8483dc2a033b3c4512f18dd1ecd2ae25b0212adbf/detection

101.34.176.78:5555

# Reference: https://twitter.com/drb_ra/status/1513562975889731584

154.80.176.53:8090

# Reference: https://twitter.com/drb_ra/status/1513563003647668231

154.214.136.48:8090

# Reference: https://twitter.com/drb_ra/status/1513563022073208835

154.214.143.197:8090

# Reference: https://twitter.com/drb_ra/status/1513563040226099209

45.194.246.153:8090

# Reference: https://twitter.com/drb_ra/status/1513563061126410241

154.80.228.221:8090

# Reference: https://twitter.com/drb_ra/status/1513563081279827970

154.214.136.57:8090

# Reference: https://twitter.com/drb_ra/status/1513563135139102731

154.214.143.215:8090

# Reference: https://twitter.com/drb_ra/status/1513563155527614465

154.214.136.45:8090

# Reference: https://twitter.com/drb_ra/status/1513563177212067844

45.194.246.138:8090

# Reference: https://twitter.com/drb_ra/status/1513563196472410113

154.80.176.38:8090

# Reference: https://twitter.com/drb_ra/status/1513563220279189514

156.238.98.201:8090

# Reference: https://twitter.com/drb_ra/status/1513563241850486788

154.80.176.41:8090

# Reference: https://twitter.com/drb_ra/status/1513563263568691208

194.163.43.223:443
45.147.179.211:443

# Reference: https://twitter.com/drb_ra/status/1513563297764704260

156.238.126.24:8090

# Reference: https://twitter.com/drb_ra/status/1513563337765830667

107.148.8.243:9090

# Reference: https://twitter.com/drb_ra/status/1513563360889126920

154.80.176.61:8090

# Reference: https://twitter.com/drb_ra/status/1513563391813722113

209.106.138.56:3389
45.133.1.7:3389

# Reference: https://twitter.com/drb_ra/status/1513563413984825345

156.238.98.198:8090

# Reference: https://twitter.com/drb_ra/status/1513563439460929540

45.194.246.131:8090

# Reference: https://twitter.com/drb_ra/status/1513563465398599691

154.22.124.57:443

# Reference: https://twitter.com/drb_ra/status/1513563492372127745

154.80.176.42:8090

# Reference: https://twitter.com/drb_ra/status/1513563517340770314

154.80.228.217:8090

# Reference: https://twitter.com/drb_ra/status/1513563536932417538

101.43.167.26:81

# Reference: https://twitter.com/drb_ra/status/1513563561750142979

http://45.133.1.7

# Reference: https://twitter.com/drb_ra/status/1513563582763618313

154.80.228.206:8090

# Reference: https://twitter.com/drb_ra/status/1513563603684761603

107.182.186.120:54321

# Reference: https://twitter.com/drb_ra/status/1513563624702459917

154.22.124.11:443

# Reference: https://twitter.com/drb_ra/status/1513563647859212292

45.133.1.7:3389

# Reference: https://twitter.com/drb_ra/status/1513563677424861191

154.214.143.201:8090

# Reference: https://twitter.com/drb_ra/status/1513563698463391746

20.110.209.33:84

# Reference: https://twitter.com/drb_ra/status/1513563727240613891

154.214.136.41:8090

# Reference: https://twitter.com/drb_ra/status/1513563747092246528

207.246.111.87:444

# Reference: https://twitter.com/drb_ra/status/1513563770643263495

9-1.pw
img.9-1.pw

# Reference: https://twitter.com/drb_ra/status/1513563797331619847

154.214.136.59:8090

# Reference: https://twitter.com/drb_ra/status/1513563317507350536

154.208.251.18:8090
156.239.84.39:8090

# Reference: https://twitter.com/malwrhunterteam/status/1513621076802158594
# Reference: https://www.virustotal.com/gui/file/44c32ba5c7ab7c09ede5cbd7ed67a050fb969c11f86958db7dc58ade600fd73a/detection

worldisendmail.ml
us.worldisendmail.ml

# Reference: https://twitter.com/drb_ra/status/1513652238576758790

103.234.96.153:443

# Reference: https://twitter.com/drb_ra/status/1513652270315057157

154.214.136.34:8090

# Reference: https://twitter.com/drb_ra/status/1513652353114812427

156.238.126.22:8090

# Reference: https://twitter.com/drb_ra/status/1513652411453292549

81.68.179.88:443

# Reference: https://twitter.com/drb_ra/status/1513652429161648134

124.223.191.166:8090

# Reference: https://twitter.com/drb_ra/status/1513652476737908738

http://1.15.91.107

# Reference: https://twitter.com/drb_ra/status/1513652561072594951

156.239.84.45:8090

# Reference: https://twitter.com/drb_ra/status/1513800478106300418

http://124.239.227.201
http://152.32.129.71

# Reference: https://twitter.com/drb_ra/status/1513800495072219141

torpidor.xyz

# Reference: https://twitter.com/drb_ra/status/1513800540756529154

121.4.71.53:9991

# Reference: https://twitter.com/drb_ra/status/1513831973751558146

http://118.190.217.232

# Reference: https://twitter.com/drb_ra/status/1513832010338517003

49.232.203.36:443

# Reference: https://twitter.com/drb_ra/status/1513832158137405452

120.53.228.41:443

# Reference: https://twitter.com/drb_ra/status/1513832198931206150
# Reference: https://twitter.com/drb_ra/status/1513832199967105026
# Reference: https://twitter.com/drb_ra/status/1513832200881549313

172.105.222.68:1
fraudfigappzone.com
adn.fraudfigappzone.com
aft.fraudfigappzone.com
dnu.fraudfigappzone.com
iun.fraudfigappzone.com
/changing-2929200220000022ii0921071812d
 
 # Reference: https://twitter.com/drb_ra/status/1513832254518272003
 
 42.193.122.132:5269
 
 # Reference: https://twitter.com/drb_ra/status/1513891049244090376
 
 http://46.101.183.241
 
 # Reference: https://twitter.com/drb_ra/status/1513922098485415945
 
 http://164.92.149.138
 http://188.166.22.232
 
 # Reference: https://twitter.com/drb_ra/status/1513922139111448580
 
 195.133.53.146:7007
 
 # Reference: https://twitter.com/drb_ra/status/1513922164159881223
 
 45.63.77.171:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922193683619844
 
 45.77.243.90:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922239405727746
 
 195.208.163.43:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922270569316356
 
 175.41.16.100:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922303037476873
 
 http://194.40.243.5
 
 # Reference: https://twitter.com/drb_ra/status/1513922337145565184
 
 42.192.89.33:10086
 
 # Reference: https://twitter.com/drb_ra/status/1513922362927898625
 
 154.214.143.210:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513922399233794052
 
 154.214.143.195:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513922426995941385
 
 45.32.125.23:3333
 
 # Reference: https://twitter.com/drb_ra/status/1513922472164270081
 
 45.77.44.61:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922505316175876
 
 42.192.3.9:8081
 
 # Reference: https://twitter.com/drb_ra/status/1513922530486145028
 
 185.3.45.6:443
 34.254.221.56:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922548005756932
 
 http://139.59.230.120
 
 # Reference: https://twitter.com/drb_ra/status/1513922587381968904
 
 http://185.22.152.149
 
 # Reference: https://twitter.com/drb_ra/status/1513922619359338515
 
 175.41.16.98:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922644634226694
 
 175.41.16.102:443
 175.41.16.98:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922675047120897
 
 156.238.126.23:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513922708488216577
 
 service-8l917mwx-1301062987.sh.apigw.tencentcs.com
 
 # Reference: https://twitter.com/drb_ra/status/1513922761126723584
 
 101.32.45.23:8443
 
 # Reference: https://twitter.com/drb_ra/status/1513922799752077320
 
 8.210.154.177:8881
 
 # Reference: https://twitter.com/drb_ra/status/1513922831184187398
 
 152.32.240.7:443
 
 # Reference: https://twitter.com/drb_ra/status/1513922866974187523
 
 103.118.41.132:81
 
 # Reference: https://twitter.com/drb_ra/status/1513922891699605508
 
 3.135.61.226:8089
 
 # Reference: https://twitter.com/drb_ra/status/1513922915791687686
 
 158.247.233.97:9872
 
 # Reference: https://twitter.com/drb_ra/status/1513922946766708743
 
 http://42.193.127.142
 
 # Reference: https://twitter.com/drb_ra/status/1513922972171616263
 
 154.214.143.202:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513922993210155028
 
 172.93.222.209:8888
 
 # Reference: https://twitter.com/drb_ra/status/1513923023518195718
 
 195.133.53.146:7443
 
 # Reference: https://twitter.com/drb_ra/status/1513923050621788160
 
 service-cutulobn-1310581445.sh.apigw.tencentcs.com
 
 # Reference: https://twitter.com/drb_ra/status/1513923080191725578
 
 156.239.84.58:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513923106351595522
 
 156.238.98.221:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513923122784780289
 
 42.192.54.106:10086
 
 # Reference: https://twitter.com/drb_ra/status/1513923147699048448
 
 1.117.86.121:801
 service-9jr15zxf-1305699962.sh.apigw.tencentcs.com
 
 # Reference: https://twitter.com/drb_ra/status/1513923187788201989
 
 45.155.204.40:443
 
 # Reference: https://twitter.com/drb_ra/status/1513923216657592321
 
 192.210.201.107:8099
 
 # Reference: https://twitter.com/drb_ra/status/1513923244126089226
 
 154.214.143.196:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513923262786453505
 
 154.214.143.212:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513923286035484676
 
 45.194.246.145:8090
 
 # Reference: https://twitter.com/drb_ra/status/1513923308542115840
 
 216.244.84.81:1080
 
 # Reference: https://twitter.com/drb_ra/status/1513923354952151047
 
 1.12.218.59:54321
 
 # Reference: https://twitter.com/drb_ra/status/1513923375923609602
 
 46.101.183.241:8543
 latestrelease.org

# Generic

/_ax/sycs/mail-indexstatic/_/js/
/_/cdn/e/cloudflare/static/_/js/
/_/scs/mail-static/_/js/
/api/ExeDataSave
/nova_assets/Sys/_Getcode/keywords=
# /s/ref=nb_sb_noss_1/  # Note: appears in regular cases - Amazon
/Simpletest?SimpleFuck=
/maps/overlaybfpr?q=
/IE9CompatViewList.xml
# /g.pixel  # Note: appears in regular cases - Google for "/adscores/g.pixel"
/hello/flash.php?id=
/jquery-3.3.1.min.woff2
/txcloud.min.js
/live-txy/check
/live-key/aes.js
/live-key/rsa.js
/windowsxp/updcheck.php?id=
/btn_bg
/hr.css?company=true
/.cobaltstrike.beacon_keys
/cobaltstrike4_CrackSleeved.zip
/cobaltstrike.auth
/cobaltstrike.bat
/cobaltstrike.jar
/cobaltstrike.jar.original
/cobaltstrike_shellcode.exe
/cobaltstrike.store
/csshell.exe
/cobaltstrike.jar
/cobaltstrike4.0-cracked.tar.gz
/cobaltstrike4.2.jar
/malwarehunterteam_donthuntme.jpg
/segoeui-semibold.ttf?id=
/RC4Payload32.txt
/fanxuliehua.txt
/py_code/Alt_1
/py_code/Alt_2
/py_code/Alt_3
/YR_c_shellcode.c.exe
/YR_payload.c.exe
/csharpshellcodeexec.exe
/aaa9
/asdfgh
/agfgfddfdfg
/ayhtvcgcfcfrgcdxdxdrcrhj
/wKYdpSukeXI
/strap/j-devmin.js
/live/hit-nation-4222/
/mattresses/tempur-pedic/
/news_indexedimages_autrzd/
/OuqC8rXGwlN5saz48clBNekGjhs8Kjmf
/BUYTHEAPTDETECTORNOW
/safebrowsing/b0kKKIjr/LFydd13-7lk3Ve5ot14xGnP8n-18z
/safebrowsing/b0kKKIjr/
