# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: discordbot, discordcmdbot

# Reference: https://www.virustotal.com/gui/ip-address/54.38.108.51/relations
# Reference: https://www.virustotal.com/gui/file/51ea0a6b09181a6b2eae051de3e9ae4da15d7792d7706ef55bde724d1e9db73e/detection

54.38.108.51:4500
00000000.me

# Reference: https://www.virustotal.com/gui/file/033b67c7ba3c53dd576296de7e4d83162db1b8c4471c9ef11f6a4889e52695ec/detection

146.59.132.183:5556

# Reference: https://www.virustotal.com/gui/file/ff79a9e8222e14d0c7d22e9a08eddf7b28c44f0c9c5f74f46a80089bdbe3ff63/detection

146.59.132.183:4500
hocamnsuas.me

# Reference: https://www.virustotal.com/gui/file/511e3ab80a09b1d0f90e6de79db6ffaacc26014392e2ac1b4deb5c209a54240e/detection

176.31.95.228:5353

# Reference: https://www.virustotal.com/gui/file/6f1da854ccf2063a2128a220e9b9c22bace607a4004d80d48d10bb8b866b60e7/detection

176.31.95.228:5354

# Reference: https://www.virustotal.com/gui/file/80f93e9a5c8b08d8041a122ddb066da33a1975a876cd94a6af4b20679ded2ec6/detection

176.31.95.228:4500

# Reference: https://www.virustotal.com/gui/file/7fbfe744aa1138ddbe58c8e9d2683c022c3cceb0fde2b23d6c1ec7db8594d1c9/detection

31.185.113.201:5353

# Reference: https://www.virustotal.com/gui/file/5838620aaa3c1731412716dbaaf1e3998869742e0705ef30f483b68118692eca/detection

31.185.114.246:5353

# Reference: https://www.virustotal.com/gui/file/3af86dccf76dc10541d9d87b81f9b93f9145a95ce2175f49e195111a0d979859/detection

31.185.114.246:5354

# Reference: https://www.virustotal.com/gui/file/a4d4332bfa88880a57d2aabf980ffa67ba399ca922c6d13a59e2577dbd80fc53/detection

31.185.114.246:4500

# Reference: https://www.virustotal.com/gui/file/3d9ab88f39f7c03bb5cc52a09cc30685e526a0bbb47cac7e952ed88945536f55/detection

5.39.56.221:6363
hotwebcams.site

# Reference: https://www.virustotal.com/gui/file/e41627bfe65d138022379059f0e14cb84f695cc3f0a3022f37b2ffadce60253b/detection

5.39.56.221:4500

# Reference: https://www.virustotal.com/gui/file/b8abc1f60c834e45e531c89f934dc9ad69abc45aae53a7e9d93211017f06605c/detection

5.39.56.221:5353

# Reference: https://www.virustotal.com/gui/file/1474f28c035a02bbb1004f996782bdc708ce6595ec5ac32f63fc539fd5859041/detection

205.144.171.252:21
win5252.site4now.net

# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.236/relations
# Reference: https://www.virustotal.com/gui/file/da36c1aa33e720e18122c4e523b4e6a19ea49bd12f438c47e323418fc6519036/detection
# Reference: https://www.virustotal.com/gui/file/ced40a3ea6e86b1dd2144c77e36fec20d8d8ad61c3a0f5f6d724bf21d72390eb/detection

orders8842.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1542228970577477634
# Reference: https://twitter.com/bsforvt727/status/1542387308443250688
# Reference: https://www.virustotal.com/gui/file/5aaddf4adff09987bf17797be2a4fbe3333cfeb5232cd3e060728e5b34b2ab38/detection

wearenotbbystealer.nl

# Reference: https://www.virustotal.com/gui/file/007a1fd7af8a03bcb8fc9bbf62bc4ffe8561d0d00933a9f926d8b56be05b114b/detection

hwidspoof.me
auth.hwidspoof.me

# Reference: https://twitter.com/malwrhunterteam/status/1563647987531665408
# Reference: https://www.virustotal.com/gui/file/170cfb5966de3ba41d6c46ed2ae0c876a11e20273ef223456ef2cf3eea3d9e40/detection

sussyhvroeu3ah5jnozbegxneuorxxgkloxph3lvpcj5fyxz5ebsblyd.onion

# Reference: https://www.virustotal.com/gui/file/04c645dd067386b47e5dc1f175e000251fa3f8c592bb0fea5d52e148f7271397/detection

f0514474.xsph.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1599795248720678913
# Reference: https://www.virustotal.com/gui/file/16c290847ae18d10bb75af77d8ff3b7b3f7829fbdb3bc5956e121a984f241854/detection
# Reference: https://www.virustotal.com/gui/file/012276c935e55468e98d7a07fe1b6cf17bb12ac40ba6561591448f7c14fb0caf/detection

status-refund-taxes.web.app
mdvksublbpczqluqvvbytfprxdwakuke.nl
chemistry.mdvksublbpczqluqvvbytfprxdwakuke.nl
dasdadw.mdvksublbpczqluqvvbytfprxdwakuke.nl
socket.bby.gg

# Reference: https://twitter.com/James_inthe_box/status/1615797529760911360
# Reference: https://app.any.run/tasks/c9e594d6-db48-4a03-83fb-519c7731d6a0/

http://194.226.121.108

# Reference: https://twitter.com/r3dbU7z/status/1652363116108300288
# Reference: https://www.virustotal.com/gui/file/6227340282692b6d2787579afad74ac6cd11dad74d6068469f7c132f85cbc2cc/detection

incometaxesreturn.co.in

# Reference: https://twitter.com/TLP_R3D/status/1652700514511978501
# Reference: https://www.virustotal.com/gui/ip-address/77.68.98.128/relations

free.rich
ransomware.tk

# Reference: https://twitter.com/ULTRAFRAUD/status/1679946336479723520

159.223.135.245:3000
lovver.lat

# Reference: https://www.virustotal.com/gui/file/590b1773e065544318ce605f16c042bb739f15363137952b96da0419a0941b34/detection

141.145.209.142:25447
athena.rip

# Reference: https://twitter.com/obfusor/status/1683160610706702343
# Reference: https://tria.ge/230702-vh9qbsdd2s/behavioral2
# Reference: https://tria.ge/230723-t6k67sff51/behavioral1
# Reference: https://tria.ge/230723-vnkcmafg9y/behavioral1
# Reference: https://www.virustotal.com/gui/file/2c67fedc8dea1d657814f90cb5c394d76be577ad69e3a36c16d248a885d35252/detection

213.255.247.174:3200
ageostealer.wtf
refinedruffles.com
thiefsouls.site
viewer.bby.gg

# Reference: https://www.virustotal.com/gui/file/72d06e4321050a74778616e4b2da0de188482bd13c70243ea288394f00e7d6ad/detection

185.193.125.199:1337

# Reference: https://www.virustotal.com/gui/ip-address/179.13.5.158/relations
# Reference: https://www.virustotal.com/gui/file/2c002981db86c2c61322ea962088fd3388becf39431be631dc6dbe2071c7ea40/detection
# Reference: https://www.virustotal.com/gui/file/fa86e6a9d2e65074e7aaf22a4fc90ade48ee224de0a4f3f5947681bcd46fab41/detection
# Reference: https://www.virustotal.com/gui/file/169f579b4152faab946b83493dd84c44699257a1e4e41109b25dce0726a61ee1/detection

179.13.5.158:2005
2022env.duckdns.org
aldasos.duckdns.org
and2021.duckdns.org
andenv22.duckdns.org
andre2021.duckdns.org
env1o.duckdns.org
env2022.duckdns.org
sostenerip.duckdns.org
yoenvio.duckdns.org

# Reference: https://github.com/eset/malware-ioc/tree/master/king_tut

wins24feb.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1940fbbce94c429c656073c54d65fcf4a29fe036da05e289068afed3b46605a3/detection

46.246.12.198:2001
yursos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/074c72b40cc9a55a2c5c636681fba824ad5270bd4f1857b800749f6f4a4315c3/detection

194.87.84.110:2020
farmjo.mine.nu

# Reference: https://x.com/sarfraz432/status/1800071060844577015
# Reference: https://www.virustotal.com/gui/file/295f6fbcf96347c3c0627ab05b974ea744651f884b0aa1189af6e1aea4b859bc/detection

stealer.wtf

# Reference: https://x.com/sarfraz432/status/1800071060844577015 (# CrunexyStealer)
# Reference: https://x.com/sarfraz432/status/1800080337072267277
# Reference: https://x.com/suyog41/status/1806309661580181728
# Reference: https://www.virustotal.com/gui/file/2bd09329ad4d791ebabbb6e37876ccbfba538231e91487d6fc9c7abe28ddfc64/detection
# Reference: https://www.virustotal.com/gui/file/61f534090cc152280f9e30928caa7e28e120a134fa8cdd344f79872d84c1f0ed/detection
# Reference: https://www.virustotal.com/gui/file/1460850687073e9e0337a7579add261e324936466e3b88aaa68c2e5e695d1f6f/detection

shaderify.xyz
xortoproject.online
xortoproject.xyz
xortoproject.duckdns.org
xortoproject1.duckdns.org
/xortostealer

# Reference: https://x.com/raghav127001/status/1801128965362397325
# Reference: https://www.virustotal.com/gui/file/d7fef2df3f4f1d7222ee156cb6f56410c9b17587f0614940b03ce062e8fcca65/detection

http://91.92.248.15

# Reference: https://x.com/johnk3r/status/1845583720863945041
# Reference: https://www.virustotal.com/gui/file/e487bf5fb6bcc89d975ccc22a1745366eac0ea7790852c01701fc60a046b28f1/detection
# Reference: https://www.virustotal.com/gui/file/d9835048fc7595cec2e6a15c0664a10750bc353bb19ecde67643ab5a2aa47a29/detection
# Reference: https://www.virustotal.com/gui/file/d05d6f12c73d3061bcbffdab03cccc68758f59ac17bd9ba586de4de94cc52b14/detection

fdsolcyeoduvet.online
mythosduel.com
trixsmpp.com

# Reference: https://x.com/RacWatchin8872/status/1848319704986714222
# Reference: https://app.any.run/tasks/99627f7a-4f52-4194-9de5-5ff05bb2c306
# Reference: https://app.validin.com/detail?find=Discord%20Webhook%20Protector&type=raw&ref_id=c92f36d3fdc#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/8e9480169abdb1c7f82252a6e7e77ba84741cc23641abcc9370fd1f9ae553715/detection

http://194.59.31.175
http://45.157.233.162
http://79.110.49.220
24securevault.com
79bet.link
apibongda.fun
dcwh.my
dovip.win
faint.sh
nl03.vpn.ht
pkrhs.tech
rbxpluton.com
skids.dev
stealer.to
tonpilot.net
webhook-protection.com
webhook.my
webhookprotector.com
winbofinex.net
webhook.my.hx818.biz

# Reference: https://x.com/solostalking/status/1857039490298040747
# Reference: https://app.validin.com/detail?find=Discord%20Token%20%26%20Info%20Stealer&type=raw&ref_id=9f84f34356e#tab=host_pairs

discord-stealer.de
minxy-is-a-bad-dev.win

# Reference: https://x.com/malwrhunterteam/status/1857825264585122208
# Reference: https://www.virustotal.com/gui/file/bf683bfd75971934d680bd75e9067c1b005847a83e4a20c402d09a0c20ae67ba/detection

dlhcij5vw7utoxi2nvqtmf7t27vud2l2euqqm6qqaknpjjcma36pfyad.onion

# Reference: https://x.com/solostalking/status/1861621183885488500
# Reference: https://x.com/M4lcode/status/1933207813108511106

http://41.216.183.17
http://41.216.188.41
41.216.183.17:443
41.216.188.41:443
discoqueen.lol

# Reference: https://x.com/malwrhunterteam/status/1912210953212473464
# Reference: https://app.any.run/tasks/dd7e0322-7bf0-4d0e-b8b6-13ee722e7b96
# Reference: https://www.virustotal.com/gui/file/682b1f2c700d0dd031597550bce49d802758501df27e6d6cb0617ff4a94a0be2/detection

132453baba3.fun

# Reference: https://x.com/1ZRR4H/status/1958507125165961530 (# discordbot, discordcmdbot)
# Reference: https://www.virustotal.com/gui/file/0df15580ca576d60ca79ed51f84e9699ac49033e5d4b3f82d6fabb606bf90e4c/detection

vemnedyrieiik93df.pythonanywhere.com
