# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/#/ip-address/185.10.68.163
# Reference: https://twitter.com/luc4m/status/1044148790008205312

/miner.sh
/scanner.sh
/worlswest.sh
/bruteforce_ssh
/bruteforce_ssh_386
/bruteforce_ssh_arm
/tcpconnect_zmap_386
/tcpconnect_zmap_arm

# Reference: https://twitter.com/bad_packets/status/1127110083429654528

r00ts.online

# Reference: https://twitter.com/bad_packets/status/1127450801834680320

104.128.230.16:8000

# Reference: https://www.fortinet.com/blog/threat-research/closer-look-satan-ransomwares-propagation-technics.html

/conn32
/conn64

# Reference: https://twitter.com/ankit_anubhav/status/1132974251194011648
# Reference: https://twitter.com/0xrb/status/1133055807572959232

nadns.info
222.186.15.231:5555

# Reference: https://twitter.com/bad_packets/status/1133534604030169088

185.239.226.167:8480

# Reference: https://twitter.com/ankit_anubhav/status/1133682276045164544

cyberium.xyz

# Reference: https://twitter.com/smii_mondher/status/1134068251951083521

http://54.37.70.249

# Reference: https://twitter.com/bad_packets/status/1134920520644714496
# Reference: https://twitter.com/bad_packets/status/1140065934926684162

45.79.9.153:8000
110.40.14.13:8000

# Reference: https://twitter.com/bad_packets/status/1135623419670646784

216.176.179.106:9090

# Misc.

http://173.212.214.137
http://46.22.220.21
45.32.200.190:443
85.25.84.99:443

# Reference: https://otx.alienvault.com/pulse/5d020fb5a91466d30ad51fa2

146.185.171.227:443
5.255.86.129:3333
/.satan
/.x15cache

# Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737

qqxh888.785sou.xyz

# Reference: https://twitter.com/P3pperP0tts/status/1140528607766466560

hjghj.cn

# Reference: https://twitter.com/P3pperP0tts/status/1140927899824005125

154.218.1.63:9

# Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-10149
# Reference: https://github.com/bananaphones/exim-rce-quickfix
# Reference: https://habr.com/ru/company/first/blog/455636/ (Russian)
# Reference: https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
# Reference: https://twitter.com/bad_packets/status/1140719767961001984

# Aliases: CVE-2019-10149, CVE-2019-1003029

an7kmd2wp4xo7hpr.tor2web.io
an7kmd2wp4xo7hpr.tor2web.su
an7kmd2wp4xo7hpr.onion.sh
http://185.10.68.193
http://185.162.235.211

# Reference: https://twitter.com/P3pperP0tts/status/1145813992297914368

58.218.66.92:520

# Reference: https://twitter.com/ankit_anubhav/status/1147172115516293121
# Reference: https://twitter.com/Jouliok/status/1143947867910004742

222.186.52.155:21541

# Reference: https://twitter.com/0xrb/status/1147447320595685376

/s1g3.sh

# Reference: https://twitter.com/bad_packets/status/1148673303533387776

http://103.76.87.94
/ARM4LinuxTF
/ARM6LinuxTF
/MipsLinuxTF
/Serverdd

# Reference: https://blog.reversinglabs.com/blog/suppy-chain-malware-detecting-malware-in-package-manager-repositories (# libpeshnx, libpesh, libari)

http://145.249.104.71

# Reference: https://otx.alienvault.com/pulse/5d44445d2995170f8886c141
# Reference: https://blog.netlab.360.com/some-fiberhome-routers-are-being-utilized-as-ssh-tunneling-proxy-nodes-2/

gggwmndy.org

# Reference: https://twitter.com/smii_mondher/status/1161534124596875266

http://91.92.66.192

# Reference: https://www.virustotal.com/gui/file/d5926800003d87349fdd8d2844c799bf294037e541ec84e9079b7cdd75ea04db/detection

83.212.110.123:2222

# Reference: https://www.virustotal.com/gui/file/91995b62129f53ac97485c736ff7e06289bdbf5cbd4ee9f837d956fd6a230dfc/detection

103.237.99.228:1337

# Reference: https://www.virustotal.com/gui/file/381a555090858ad3aeb3484eebb596c0b2b61511d43e36339abd114efc58dae3/detection

103.41.16.39:80

# Reference: https://www.virustotal.com/gui/file/7b21b057d5d3c7f2316845e6c2e32244ab4df8f3e379d15143e52f991d2046f1/detection

129.21.254.89:2222

# Reference: https://twitter.com/_odisseus/status/1112653908185415681

80.211.90.168:53773

# Reference: https://twitter.com/VessOnSecurity/status/1177884186461507584

cnc.dontcatch.us

# Reference: https://twitter.com/bad_packets/status/1186876280446185477
# Reference: https://www.virustotal.com/gui/ip-address/188.92.77.12/relations

188.92.77.12:80
188.92.77.12:801

# Reference: https://twitter.com/Sektor7Net/status/1187292703102570496
# Reference: https://2019.hack.lu/archive/2019/Fileless-Malware-Infection-and-Linux-Process-Injection-in-Linux-OS.pdf (Slide 106)

82.194.229.214:8738

# Reference: https://twitter.com/zom3y3/status/1109044920755482624

172.104.182.244:30003

# Reference: https://twitter.com/binitamshah/status/1210110141464317958
# Reference: https://anee.me/reversing-a-real-world-249-bytes-backdoor-aadd876c0a32
# Reference: https://www.virustotal.com/gui/file/5141d29d0278c8da4eac177126cbf4d15623502d4763abd6d3a4dca2a3ea616e/detection

104.248.237.194:1337

# Reference: https://www.virustotal.com/gui/file/0e9ec521e0f862be55b967944516362aa4f4f975397086adad33bf37f69ec474/detection

119.3.22.174:8082

# Reference: https://www.virustotal.com/gui/file/325192ff91f5ec9502aedc8fad61a5a81813d0f856d2d2063d26140647d01ce7/detection

119.3.22.174:4445

# Reference: https://www.virustotal.com/gui/file/d3cb5474eaa64748b066fc78a02227fad012292d5c9f7b77e898d3b7f1eb327e/detection

119.3.22.174:9090

# Reference: https://www.virustotal.com/gui/ip-address/119.3.22.174/relations

http://119.3.22.174

# Reference: https://www.virustotal.com/gui/file/d7ee59c5d7406b95f5c8bc1bf55cca00e106df1014914b5ddd68e9d58ecc04ca/detection

109.234.37.219:7393

# Reference: https://tolisec.com/yarn-botnet/

http://104.244.74.248
/hehe.sh

# Reference: https://isc.sans.edu/forums/diary/Interesting+HTTP+User+Agent+chrootapach0day/18453

proxypipe.com/apach0day
/apch0day.sh

# Reference: https://twitter.com/IntezerLabs/status/1297868508135481346
# Reference: https://analyze.intezer.com/analyses/0d0171fd-c2a1-47eb-8d5c-2aa4a814f87a/sub/75207f3e-c8c1-435a-97ee-9c765f274d80/
# Reference: https://www.virustotal.com/gui/file/4ed5bfcdfe78bfad88494a883c0c8e392f8ccf9746ec5a8449746cc5e8b0edca/detection
# Reference: https://www.virustotal.com/gui/file/8471b945edaa37d2cfeda1a7c367cf3f273e8dee7353e6cb309a74d33b6a87b7/detection

bcfc.xyz

# Reference: https://twitter.com/IntezerLabs/status/1298615434267197440
# Reference: https://analyze.intezer.com/analyses/4149b963-66bc-4bbb-877a-f2a79e884e71
# Reference: https://www.virustotal.com/gui/file/a272169216d1020b615c453e1565857f129a5d4f4fa9f0ac054a3c8a8d98cc06/detection
# Reference: https://www.virustotal.com/gui/file/7ae87ed4c4b57b96959f46b24357b15bc68b7cc9a1af2d92a2bcd632f692af5d/detection
# Reference: https://www.virustotal.com/gui/file/7e4031816f446e3788303fb0d34b67c3eedb080118bbe9efb9ad567503ac3e0f/detection

95.142.46.69:8015
95.142.46.69:8016
95.142.46.69:8022
fttt.developerstatss.ga

# Reference: https://www.virustotal.com/gui/file/96ead4fa8bf37eb8933285466b0f3985ab55438702000f678fac150ab3ea9703/detection

129.204.227.27:11445

# Reference: https://www.virustotal.com/gui/file/d3466a191b5185a4007faf8949117df5c77907eea9121c7e8308f2a5a736b3fc/detection
# Reference: https://github.com/stamparm/maltrail/pull/12104/commits/4be05bd2e501d1f7558e8f3e0c2f8182775b6bcb

103.125.218.107:1433
103.125.218.107:6379
103.125.218.107:6380
103.125.218.107:7001
103.125.218.107:7002
103.125.218.107:8080
103.125.218.107:8088
103.125.218.107:9200

# Reference: https://www.virustotal.com/gui/file/9a5596bfd850ced638cefeb7eb389448780076e42a6749006409ccef4036cc71/detection

185.191.32.157:8888

# Reference: https://twitter.com/rootprivilege/status/1331348542028275712

http://161.35.110.135/a.tar.gz

# Reference: https://twitter.com/jorgemieres/status/1333417189005799424

/shell.elf

# Reference: https://twitter.com/alphasoc/status/1056792558284619776

flyings0ul.do.am
redu.clan.su

# Reference: https://twitter.com/0xrb/status/1344166270736822272

http://51.178.215.251

# Reference: https://twitter.com/SolutionsXnotes/status/1173228101850894342

/auto_priv_exploit.sh
/auto_searchsploit.py

# Reference: https://www.virustotal.com/gui/file/9dbb7c3cb76ac4620a46400525bfab4fd7935a191b774c0d483b73c6370b5515/detection

149.248.6.193:2006

# Reference: https://www.virustotal.com/gui/file/f0d8ea0e716c239df7829b37ca77c4c55d652e7b64dc0f47291939c173a829ee/detection

149.248.6.193:2007

# Reference: https://twitter.com/r3dbU7z/status/1346381456063528962
# Reference: https://s.tencent.com/research/report/1213.html

103.45.183.12:808

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

antiq.scifi.ro
funny.evils.in

# Reference: https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/
# Reference: https://otx.alienvault.com/pulse/6011e0e8fe4caceec3d71f63/

/Linuxaacc

# Reference: https://twitter.com/r3dbU7z/status/1363822329885847552

http://195.2.78.71
/flash_erase-arm-lsb
/flash_erase-arm-msb
/flash_erase-mips
/flashcp-arm-lsb
/flashcp-arm-lsb_2
/flashcp-arm-msb
/flashcp-arm-msb_2
/flashcp-mips
/flashcp-mips_2
/ssev78

# Reference: https://www.virustotal.com/gui/file/c7c26bf1e2074cf76b67f29489eb71e3a143c2b3bf867d06c3a30905e12aef8f/detection

45.9.148.48:8351

# Reference: https://www.virustotal.com/gui/file/c2c91c021a048eea97147add486b7618304803d63989d2c2fdab87741ca8803b/detection

45.9.148.48:8341

# Reference: https://www.virustotal.com/gui/file/ac636d56a2d4deddcba32c860dbf047575880edc149d1d12065ac881126cb8dc/detection

45.9.148.48:8541

# Reference: https://www.virustotal.com/gui/file/f618a9e30c9b78c3e9c63abacbc795182382237134ca5eca8f270180a1ccca4c/detection

45.9.148.48:8531

# Reference: https://www.virustotal.com/gui/file/0082bf60be89624ca9b9bcffbb4ac000a71bd218650b0db159932d603b2bea20/detection

45.9.148.48:8564

# Reference: https://www.virustotal.com/gui/file/fd3a902c16d01cd926ae97afaa26d520c45eec95c5097edf82f2a98d8f8c310f/detection

45.9.148.48:8524

# Reference: https://www.virustotal.com/gui/file/c2dd9f998ca023047ce598a4d818b3df7c638ba179bb2f81d4ac0c8c0bd8d291/detection

45.9.148.48:8529

# Reference: https://www.virustotal.com/gui/file/ab26a6c846c2cf9b14028bd46229d5ab0e87b30317d9b984f791ca8b07a3e73d/detection

45.9.148.48:8538

# Reference: https://www.virustotal.com/gui/file/434d52b058a290e6a1c7ad710e9cf862d0dc7a1e042030dc1e87e23d8fdc41b9/detection

45.9.148.48:8251

# Reference: https://www.virustotal.com/gui/file/396d35154d706ab8919421ac534884e87731dc0d1291ac74ee5ef71ceec51e69/detection

45.9.148.48:8534

# Reference: https://www.virustotal.com/gui/file/dfe6a1525d7855e0263ea6be94c5df7e6ec30202b648774384886a0d49780dfc/detection

45.9.148.48:8539

# Reference: https://www.virustotal.com/gui/file/c665b2ab1f99897be561b6ef03d9cb95be45b4eb0cef37c6d64aa764a06466a9/detection

45.9.148.48:8143

# Reference: https://www.virustotal.com/gui/file/3adab440aa13c9408773d520db329a2ba2085d2af910fd6f7d524f92e0ec82f7/detection

45.9.148.48:8144

# Reference: https://www.virustotal.com/gui/file/9cff626a8c38625a50a50f9498889f1c840f4cb13d564089a1834c04d639db36/detection

45.9.148.48:8569

# Reference: https://www.virustotal.com/gui/file/2bbdb554932381b2683921398aa359ad495bbe8975756e14cec2a9a0fdc3a40a/detection

45.9.148.48:8549

# Reference: https://www.virustotal.com/gui/file/ee9aba246552f22b89a08c7a576a9985f83a6db534f1be513a976317c90c712a/detection

45.9.148.48:8565

# Reference: https://www.virustotal.com/gui/file/8190aefa69c26c5b4c238773e007329ceb88de346fc319123e37b1f87d6c08c0/detection

45.9.148.48:8553

# Reference: https://www.virustotal.com/gui/file/b4f796628f19d9d27ac1903b7c63c27a243b2aa78733ddf09cedab7d2921cc16/detection

45.9.148.48:8349

# Reference: https://www.virustotal.com/gui/file/aee33e18a36e79f3041c2cd2702a49d06e558b57126beb6690237458efbcc843/detection

45.9.148.48:8535

# Reference: https://www.virustotal.com/gui/file/def65bcae9351a26ee887741beed19779171b144d41746e0720090c4e375856a/detection

45.9.148.48:8543

# Reference: https://www.virustotal.com/gui/file/34b1adb4fb3276b8e80fcd1f339494de2cc09df82dede5d3106a53d9a2f331ce/detection

45.9.148.48:8561

# Reference: https://www.virustotal.com/gui/file/948dd8cfb13ba06a67e379c7ddc5a1a4cc590576fac2b1b8781cfa1955a150e3/detection

45.9.148.48:8548

# Reference: https://www.virustotal.com/gui/file/d19fe4ef771b259146a9d2b2ff60ac8eab1ecc080565c3a76e2dbebb909cea13/detection

45.9.148.48:8544

# Reference: https://www.virustotal.com/gui/file/99b8809f8b5ed31cd69095712fa00642e792649fc87cec7a5b3a01d6cf51056c/detection

45.9.148.48:8525

# Reference: https://www.virustotal.com/gui/file/ec2b53a184f0313d73708075af812519d87aa395c6a2afffb70b4a9485f54c32/detection

45.9.148.48:8528

# Reference: https://www.virustotal.com/gui/file/5550200c4087390971167379104bd56c60aeda620b6ba4314c4e551ec8ff914b/detection

45.9.148.48:8554

# Reference: https://www.virustotal.com/gui/file/1e22b24e5b80926ede6c28d4f1eeb6252ce9f26f99e320d06ae012e489ebe40f/detection

45.9.148.48:8413

# Reference: https://twitter.com/fr0s7_/status/1367895399365816327

goaqaba.com/wp-content/uploads/2021/03/

# Reference: https://twitter.com/xuy1202/status/1370664531190419458

51.195.26.217:6667

# Reference: https://unit42.paloaltonetworks.com/attackers-conducting-cryptojacking-u-s-education-organizations/

/shit/sshd

# Reference: https://twitter.com/cyb3rops/status/1383065580379516928
# Reference: https://www.virustotal.com/gui/file/9b0b78716c0c1c5d01231017ef2733115b0a31c1d9b751525d04da89ef17b7d1/relations

http://104.248.94.23

# Reference: https://www.virustotal.com/gui/domain/epelcdn.com/relations
# Reference: https://www.virustotal.com/gui/file/571bf19ebdc3bc14925b2a41dcd8b1c94cca94b0b59182813267ace0d7f56217/detection

epelcdn.com
h.epelcdn.com
/bd210131/pm.sh
/bd210131/scan.sh
/dd210131/pm.sh
/dd210131/scan.sh

# Reference: https://www.trendmicro.com/en_us/research/21/d/tor-based-botnet-malware-targets-linux-systems-abuses-cloud-management-tools.html

7jmrbtrvkgcqkldzyob4kotpyvsgz546yvik2xv4rpnfmrhe4imxthqd.onion
bggts547gukhvmf4cgandlgxxphengxovoyo6ewhns5qmmb2b5oi43yd.onion
dreambusweduybcp.onion
i62hmnztfpzwrhjg34m6ruxem5oe36nulzmxcgbdbkiaceubprkta7ad.onion
ji55jjplpknk7eayxxtb5o3ulxuevntutsdanov5dp3wya7l7btjv4qd.onion
mhevkk4odgzqpt2hbj3hhw2uz4vhunoo55evewrgmouyiehcaltmbrqd.onion
ojk5zra7b3yq32timb27n4qj5udk4w2l5kqn5ulhnugdscelttfhtoyd.onion
plgs6otqdiu7snxdfwjnidhw4ncmp5qvvxi5gepiszg75kxebwci2wad.onion
ryukdssuskovhnwb.onion
sg722jwocbvedckhd4dptpqfek5fsbmx3v57qg6lzhuo56np73mb3zyd.onion
trumpzbffbewy3gn.onion
trumpzwlvlyrvlss.onion
unixdbnuadxmwtob.onion
va6xh4hqgb754klsffjamjgotlq7mne3lyyrhu5vhypakbumzeo4c4ad.onion
y4mcrfeigcaa2robjk3azb2qwcd5hk45xpoaddupmdwv24qoggnmdbid.onion
yrxxxqia45xxcdqfwyx4pk6ufyanazdwjbv3de7r4mrtyztt5mpw35yd.onion

# Reference: https://www.virustotal.com/gui/file/aea8280ffdb6b08e6d8dc60682d77731b97873f99d249594f993ea65960f6cb3/detection

hulo.r00ts.online
/.configs/r00t

# Reference: https://twitter.com/r3dbU7z/status/1406688370496057352
# Reference: https://www.virustotal.com/gui/file/4c808923ee3ee4acb59907655f8f87f4f3fa5ab398b254951bf722656dbe43f4/detection

http://1.177.164.167
http://1.177.165.230
104.236.13.229:1338
/raffie_lib.so
/raffie_r00t.sh
/raffie.tar.gz

# Reference: https://twitter.com/ESETresearch/status/1415542456360263682
# Reference: https://otx.alienvault.com/pulse/60f12a9bc1e8763fef70a512
# Reference: https://www.virustotal.com/gui/file/ce272b58c186f690c18c50c3ac97c49fc425ca2798e376a9c7dc98d4b5019e38/detection

cloudflare.5156game.com

# Reference: https://www.virustotal.com/gui/file/a58765e3ed00f4f22129d62289524986ae61ed4f87762264a28d3b01f6f486a3/detection

42.193.186.7:9997

# Reference: https://twitter.com/bad_packets/status/1423736850716389378

http://209.141.42.191

# Reference: https://twitter.com/r3dbU7z/status/1423942288665886721

5.189.165.151:8080

# Reference: https://twitter.com/bad_packets/status/1424081490518810625

http://176.31.159.27

# Reference: https://www.virustotal.com/gui/file/a58765e3ed00f4f22129d62289524986ae61ed4f87762264a28d3b01f6f486a3/detection

42.193.186.7:9997

# Reference: https://twitter.com/IntezerLabs/status/1455160560258097153
# Reference: https://www.virustotal.com/gui/file/feb13b5003225b91e76eeaff65996d1c484702941a9559afe5d3c0eb6d61c504/detection
# Reference: https://www.virustotal.com/gui/file/cd54a34dbd7d345a7fd7fd8744feb5c956825317e9225edb002c3258683947f1/detection

172.96.190.95:903
172.96.190.95:904

# Reference: https://www.virustotal.com/gui/file/df87afed0b9bef37d4ff79b0065e95b65cb3ffd320dc258548a229720e4bf99f/detection

http://144.91.81.180

# Reference: https://twitter.com/IntezerLabs/status/1460959908904398852
# Reference: https://www.virustotal.com/gui/file/4d90e505d8b7d724752a5e0ec1df38e8cace9ab56e74c5a130b8286c274b02ab/detection
# Reference: https://www.virustotal.com/gui/file/b2753614554a5d36d0f928045cebaa2008fb510f0f006ed98cb87a29eb481e8a/detection

185.22.153.165:9999

# Reference: https://twitter.com/dimitribest/status/1473701800301797380
# Reference: https://www.virustotal.com/gui/file/41e7cee6b5534a0e8633be51f8a3bb37d439f0ccd8893ed67dcbe6be7dda2e48/detection

23.94.7.237:2333

# Reference: https://twitter.com/r3dbU7z/status/1481533464646418439

upgradetime.zyns.com
/kewr98235.sh

# Reference: https://twitter.com/r3dbU7z/status/1483739428447260673

2.58.149.174:999
razuland.xyz

# Reference: https://www.virustotal.com/gui/file/db4272abc9dd6c8fe1a8ef82bd088d5629c0373ff0be8e44d9a5c4078937615e/detection

195.2.93.34:3332

# Reference: https://www.virustotal.com/gui/file/ba962209a6a173baaae1337f1e53fc4d0e23a45d7cc830c7e6db73dc135ad295/detection

195.2.93.34:16047

# Reference: https://www.virustotal.com/gui/file/9aa6fd2531d551e45802415857fcaeadacc294d92a3bc6ad5150a9c25a39643e/detection

195.2.93.34:33305

# Reference: https://www.virustotal.com/gui/file/6b63770c095eda3958a83464346b747ccb1217d774ba3248252f6c6f3dee8822/detection

195.2.93.34:17529

# Reference: https://www.virustotal.com/gui/file/4999a7089fc0d1340a5b8809aebcea81d9de4349d1016b337e9a02dd9acc21b7/detection

195.2.93.34:16012

# Reference: https://www.virustotal.com/gui/file/40680a7bcff1a1356891f7467367450c3d655b344e3f20960769b640ad681f48/detection

195.2.93.34:12301

# Reference: https://www.virustotal.com/gui/file/155491ed30a842db5abae0a813dc1e2d995379a5edaa91e3991c2eb951c9e996/detection

195.2.93.34:33303

# Reference: https://www.virustotal.com/gui/file/14153de8fdd28b7c4d296b97bf3d1d5bfb7dffccd76f7834ce47d5f58beee073/detection

195.2.93.34:33304

# Reference: https://www.virustotal.com/gui/file/1bd7af2951b192afa5e94f23ae23a5a482e00dc41aee7a798fd57696cb9f2c54/detection

3.141.142.211:18774

# Reference: https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/

http://106.246.224.219
http://107.148.13.247
http://107.191.43.86
101.42.89.186:1234
103.43.18.15:8089
107.148.12.162:12345
107.148.13.247:7777
138.68.61.82:444
45.144.179.204:9999
enlib2w9g8mze.x.pipedream.net
/388e6567d5.sh
/4102909932.sh
/d1bea27b13.sh
/payllll.sh
/.d/bot.redis
/.d/bot.v
/.d/botVNC

# Reference: https://www.virustotal.com/gui/file/4993806d2f77096ab28d589f8ee91869fc6045725ec9bc83b9e57f78cf86a5b8/detection

179.60.150.29:4444

# Reference: https://www.virustotal.com/gui/file/79b299ff0c0bf5d5986457c1b163a8755a10692b12f54ab8b7b395c68c1e6f86/detection

http://179.60.150.34

# Reference: https://www.virustotal.com/gui/file/4ac059ad0f43b786b26a132fa1bd0393f59f86492aadd7fd53b73eaa8330ffe9/detection

45.76.31.3:4444

# Reference: https://www.virustotal.com/gui/file/f8fc70e4c693020f7253640b0e7462bc6989a4db111370d950d6f8c814e7ed56/detection

124.221.235.63:4443

# Reference: https://twitter.com/r3dbU7z/status/1561466299389251590

http://150.158.181.243

# Reference: https://sansec.io/research/magento-2-template-attacks
# Reference: https://elfdigest.com/brief/d3fbae7eb3d38159913c7e9f4c627149df1882b57998c8acaac5904710be2236
# Reference: https://www.virustotal.com/gui/file/d3fbae7eb3d38159913c7e9f4c627149df1882b57998c8acaac5904710be2236/detection

86.104.15.60:443
allsecurehosting.com
dev-clientservice.com
mailchimp-addons.com

# Reference: https://twitter.com/r3dbU7z/status/1576920251853582336

http://142.132.230.75
http://168.119.247.111
188.34.154.180:3000

# Reference: https://twitter.com/r3dbU7z/status/1588337205595951106
# Reference: https://www.virustotal.com/gui/ip-address/185.29.10.38/relations
# Reference: https://www.virustotal.com/gui/file/f1856188732f05612c7c05347463109e8fc0e11a3d2604196551d90b4f846513/detection
# Reference: https://www.virustotal.com/gui/file/7e9b7ebf36cfbd4b59b77fba3bba1bac0b8d2ac657530d945fd41c15937f0bb3/detection
# Reference: https://www.virustotal.com/gui/file/799d44f51e6ea84998d96570e8b597af82601260fada14bd7f08391e403bc02a/detection
# Reference: https://www.virustotal.com/gui/file/4e5e42b1acb0c683963caf321167f6985e553af2c70f5b87ec07cc4a8c09b4d8/detection
# Reference: https://www.virustotal.com/gui/file/3dffb684333ea8f036e0d2142d1f49ebeccb28806cf6407308a88e846f8f30ec/detection

http://185.29.10.38
185.29.10.38:3306
185.29.10.38:53
/lmetax86
/lmetax863306
/lmetax64
/lmetax643306
/lmetax6480

# Reference: https://twitter.com/r3dbU7z/status/1597228559608651776
# Reference: https://www.virustotal.com/gui/file/fe1884cda10cd6759aa1a9f1b8d3a0fc91136146fdd55c8c31005654e8f86b14/detection

magento-updates.com

# Reference: https://twitter.com/SecureSh3ll/status/1601609581201096705
# Reference: https://twitter.com/SecureSh3ll/status/1601652623828209667

http://146.56.41.193
kkk.jiyunidc.com
/qcjk.sh

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-01-05-v10212/248

pateu.freevar.com

# Reference: https://twitter.com/imp0rtp3/status/1613270251709276190
# Reference: https://www.virustotal.com/gui/file/0184e3d3dd8f4778d192d07e2caf44211141a570d45bb47a87894c68ebebeabb/detection
# Reference: https://www.virustotal.com/gui/file/23f2536aec6a4977a504312ff5863468ba2900fece735acd775d0ae455b4cd4d/detection

107.148.27.117:443
155.138.224.122:443

# Reference: https://ti.qianxin.com/blog/articles/watch-out-for-new-variants-of-rapper-botnet-and-related-mining-activities/

/ssh/scan_amd64
/ssh/scan_arc
/ssh/scan_arcle-hs38
/ssh/scan_arm
/ssh/scan_arm4
/ssh/scan_arm4l
/ssh/scan_arm4t
/ssh/scan_arm4tl
/ssh/scan_arm4tll
/ssh/scan_arm5
/ssh/scan_arm5l
/ssh/scan_arm5n
/ssh/scan_arm6
/ssh/scan_arm64
/ssh/scan_arm6l
/ssh/scan_arm7
/ssh/scan_arm7l
/ssh/scan_arm8
/ssh/scan_armv4
/ssh/scan_armv4l
/ssh/scan_armv5l
/ssh/scan_armv6
/ssh/scan_armv61
/ssh/scan_armv6l
/ssh/scan_armv7l
/ssh/scan_dbg
/ssh/scan_exploit
/ssh/scan_i4
/ssh/scan_i486
/ssh/scan_i586
/ssh/scan_i6
/ssh/scan_i686
/ssh/scan_kill
/ssh/scan_m68
/ssh/scan_m68k
/ssh/scan_mips
/ssh/scan_mips64
/ssh/scan_mipseb
/ssh/scan_mipsel
/ssh/scan_mpsl
/ssh/scan_pcc
/ssh/scan_powerpc
/ssh/scan_powerpc-440fp
/ssh/scan_powerppc
/ssh/scan_ppc
/ssh/scan_pp-c
/ssh/scan_ppc2
/ssh/scan_ppc440
/ssh/scan_ppc440fp
/ssh/scan_riscv64
/ssh/scan_root
/ssh/scan_root32
/ssh/scan_s390x
/ssh/scan_sh
/ssh/scan_sh4
/ssh/scan_sparc
/ssh/scan_spc
/ssh/scan_ssh4
/ssh/scan_x32
/ssh/scan_x32_64
/ssh/scan_x64
/ssh/scan_x86
/ssh/scan_x86_32
/ssh/scan_x86_64

# Reference: https://twitter.com/r3dbU7z/status/1623667053390442496

http://193.149.176.147

# Reference: https://twitter.com/r3dbU7z/status/1621703277573275649

http://121.40.117.114

# Reference: https://elfdigest.com/brief/daeeb4fa4edb56ecce7b430308bfc9b231e58e50013d10930b3ad03b7dc20cc2
# Reference: https://www.virustotal.com/gui/file/daeeb4fa4edb56ecce7b430308bfc9b231e58e50013d10930b3ad03b7dc20cc2/detection

192.3.111.150:35348

# Reference: https://twitter.com/SecureSh3ll/status/1620868169593421825

http://134.209.96.222

# Reference: https://twitter.com/r3dbU7z/status/1627563576364769280
# Reference: https://www.virustotal.com/gui/ip-address/34.228.222.39/relations

volitech.cloud

# Reference: https://www.virustotal.com/gui/file/3b112b75a4b0e785da991574bd06417a21cc8dcd5dedbdf265205f0b1154b84b/detection

80.85.156.184:443

# Reference: https://twitter.com/r3dbU7z/status/1632748778284359684

http://43.139.138.38

# Reference: https://www.virustotal.com/gui/file/0137d310281b06eec4f403bc44d6c34f0dedf5fff90781587d076719ae09d517/detection

5.253.84.159:8080

# Reference: https://twitter.com/MichalKoczwara/status/1636870828292808706

http://34.125.33.213

# Reference: https://www.virustotal.com/gui/file/16a83fa397a0efa9422146e8575d7c4d51c8ed8dcc95c7aacd282d2ee33889aa/detection

185.10.68.163:7878

# Reference: https://twitter.com/SecureSh3ll/status/1641886474810294274

http://45.159.49.246

# Reference: https://twitter.com/sicehice/status/1643729489933811712
# Reference: https://elfdigest.com/brief/26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7
# Reference: https://www.virustotal.com/gui/file/26ccf2824534d812c14a59783db85916a03da86ec65e86fc4b356657405080c7/detection

108.166.206.237:15650
108.166.206.237:8002

# Reference: https://twitter.com/sicehice/status/1645476975769681946
# Reference: https://www.virustotal.com/gui/file/c04137124c97208db7da2e3a0cd97d50db6350e5f15e94918b653e35ddc1d40f/detection
# Reference: https://www.virustotal.com/gui/file/1b1a319910758a9ac7c6e8f2993cf92512d5a3a53e25ab5348cc3224aa5de7a3/detection

http://109.205.180.99
109.205.180.99:4242
173.212.248.30:4242

# Reference: https://twitter.com/SecureSh3ll/status/1646579732220182543

http://129.146.17.134

# Reference: https://twitter.com/SecureSh3ll/status/1665429507447070724

http://192.254.204.95

# Reference: https://twitter.com/JustWantToQ1/status/1693454560201683287
# Reference: https://www.virustotal.com/gui/file/e7d0c568b14225b67056265b19e0d0b2fb111815809df46fa6f857636955a200/detection

101.200.145.141:8002
101.200.145.141:8080

# Reference: https://www.cisa.gov/news-events/analysis-reports/ar23-209c
# Reference: https://otx.alienvault.com/pulse/64c80719b55c4fd963785a4a

http://107.148.219.54
http://107.148.223.196

# Reference: https://twitter.com/TLP_R3D/status/1716479835411714198
# Reference: https://www.virustotal.com/gui/file/c389e7c2b5f206b1e39535cd755e6995d100cdde8cbd06b0fed8e6691a81511b/detection
# Reference: https://www.virustotal.com/gui/file/79dcef6db64861a43a665faff57df662da4cbe04e16da696131772c985322deb/detection
# Reference: https://www.virustotal.com/gui/file/0c97ecf729edfa3e9288463a0989a32c1da2ac5dd81d0650d081006d44c98496/detection

http://192.3.101.111

# Reference: https://www.virustotal.com/gui/file/05d127335a2cbc84ffeeb521ee7f16524afc413760f33188039c37ad5889b73e/detection

141.255.145.242:21

# Reference: https://twitter.com/JustWantToQ1/status/1735870555373355048

/skls7.elf
/skopee.elf
/skopee81.elf
/xasjs1334.sh

# Reference: https://www.virustotal.com/gui/file/55b95b91f19e251a3930ffb443537feefb8e468bf508a3767abe7cbdcfd9d513/detection
# Reference: https://www.virustotal.com/gui/file/ee6eb51ee6cff3c2bd264a6a05022acc620893681845d04648a3dbca3e92f807/detection

43.156.140.241:3232

# Reference: https://www.virustotal.com/gui/file/cf831d33e7ccbbdc4ec5efca43e28c6a6a274348bb7bac5adcfee6e448a512d9/detection

185.158.155.175:4202

# Reference: https://www.virustotal.com/gui/file/195183fce95b0d309d8d555d4c91cc35dd6a96ab16825a19f6ecac4a50b4fe9b/detection

38.242.151.1:4092

# Reference: https://twitter.com/cyber_ra1/status/1752602839254528468

194.213.18.14:8000

# Reference: https://twitter.com/banthisguy9349/status/1756379713780469831

http://84.54.51.113

# Reference: https://twitter.com/banthisguy9349/status/1756606597667709276

47.93.172.190:8000

# Reference: https://www.virustotal.com/gui/file/4b7e0aff7d65d88448e69a1a6be5e982e529ecddf0d105893e344bfee3c97f0b/detection

111.229.33.213:30001

# Reference: https://www.virustotal.com/gui/ip-address/93.123.85.163/relations

http://93.123.85.163

# Reference: https://twitter.com/AzakaSekai_/status/1758255538339758558
# Reference: https://www.virustotal.com/gui/file/7afb66a02358cf72a50019b9de7b72eaa4af1e6236342a98f626d0245fcbed7c/detection

43.163.218.168:18560
43.156.249.190:18560

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/3b1f0dd83f8e52518ebc89e00db2d541aca193264fd1aa86d2a1c9fbb76a63b4/detection
# Reference: https://www.virustotal.com/gui/file/5e99ea4aead0c7ab75c769f18d82251130979c3846f87408644f9016e793ee89/detection
# Reference: https://www.virustotal.com/gui/file/f892bfa3311249c22a84f393bc67029c2d89a67854e020785fd72218fe63777a/detection

http://106.75.156.251

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/f2f2aa9f1f736bc4a1c9d656f11aacfb3f65523e6a752186ddec96147ed0ab48/detection

120.26.86.217:443

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/edf44013cefc774fd8536382f7d869eb10fddbbb48307d0205a98255f325c931/detection

123.249.9.234:443

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/aa0de6e9db6ae871e7aa2c22df23e8e048822621327583ea598101366505af83/detection

103.234.54.52:8084

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/7206665a025da0793825d2bea79895ed81cdb3044621113ab1c3e4b3b39236af/detection

43.138.114.59:8084

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/ccb9106b84cbbc276268b87f81c495e23341f51435e9a5ba03b812039c80913e/detection

137.175.17.221:48084

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/e20be442700425853749522939aa9919c97b3dc875f9eba6a35e037d6a8debd5/detection

137.175.17.172:41334

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/fe0b76601775168fdf495e32cb79c4edc58336cc8044a93601d70886a7742233/detection
# Reference: https://www.virustotal.com/gui/file/9e1aeedf3a87ca8d5ec7362705687ce61fe80279ffb8955d1e1bb0a7a26239b9/detection
# Reference: https://www.virustotal.com/gui/file/3ed3b1fbebf54f175a3c7a804f11f2d86def22e11e26c6677d6d9b4af5fa2677/detection

http://112.121.164.202
112.121.164.202:58080

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/e858ba9fc7455faf8302869992668b55d2a4b086660301d8dc6260d1b7b4d960/detection
# Reference: https://www.virustotal.com/gui/file/6078955c613b4aa6f2b52631038613d0d81c6ccb2ceb370d7968d260257a8294/detection
# Reference: https://www.virustotal.com/gui/file/3cd3dbc36b8fa10ca25b395d91063496c1f03363d07b240aea7db2125fee4bb7/detection

172.245.68.110:443

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/6078955c613b4aa6f2b52631038613d0d81c6ccb2ceb370d7968d260257a8294/detection

13.215.35.169:58084

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/e1ea86ab00c3cb4a9ddc5207fdd4810d1d8043cacbc24f50df68a4ea395822f8/detection

116.204.122.201:8084

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/a15cd1bb21340068cb6ba2adfb3c79c02fa9c39094a3bcc3ae41b9c0d6930e6d/detection

43.128.85.89:8084

# Reference: https://twitter.com/cyb3rops/status/1758443684285071727
# Reference: https://www.virustotal.com/gui/file/31bd11d5b3c71d2c42646eb38060a62288726dd759cd26ba9d498d532c9073cf/detection

182.16.17.130:443

# Reference: https://twitter.com/banthisguy9349/status/1764248177912238192

http://211.215.19.94

# Reference: https://twitter.com/banthisguy9349/status/1765355350285287462

8.219.54.162:8000

# Reference: https://twitter.com/banthisguy9349/status/1765348861776744943

http://49.235.144.122

# Reference: https://twitter.com/banthisguy9349/status/1766032714069573982
# Reference: https://twitter.com/banthisguy9349/status/1766060422497505738

http://123.231.253.230
http://194.9.172.135
123.231.253.230:19999
194.9.172.135:8080
23.88.73.182:7777

# Reference: https://twitter.com/banthisguy9349/status/1769653638459220391

http://209.141.55.107

# Reference: https://twitter.com/banthisguy9349/status/1772924477841531297
# Reference: https://urlhaus.abuse.ch/host/91.92.254.172

http://91.92.254.172

# Reference: https://twitter.com/banthisguy9349/status/1777691993847521746
# Reference: https://twitter.com/banthisguy9349/status/1777704101532332321

http://172.96.161.103
http://185.150.189.121

# Reference: https://twitter.com/banthisguy9349/status/1778041505212441081

http://167.114.127.93
http://51.81.17.166

# Reference: https://twitter.com/banthisguy9349/status/1777729336138670430

http://23.81.41.166

# Reference: https://twitter.com/banthisguy9349/status/1780130173557317804

http://159.69.35.215
http://65.108.249.57
http://65.109.1.161
http://65.109.195.250
http://91.107.182.144
http://91.107.254.27
65.109.1.161:8390
bott.selector9991.com
vless.selector9991.com

# Reference: https://twitter.com/banthisguy9349/status/1780492072207663454

91.204.226.22:222
91.204.226.24:222
91.204.226.55:222

# Reference: https://twitter.com/banthisguy9349/status/1780925439030051190

/Linux-Privilege-Escalation-Exploits/

# Reference: https://twitter.com/banthisguy9349/status/1782681257639383548
# Reference: https://twitter.com/banthisguy9349/status/1783012442659836145

http://107.189.5.238
http://181.215.6.133

# Reference: https://twitter.com/banthisguy9349/status/1787161047410802748

160.181.160.162:8888
160.181.160.163:8888
160.181.160.164:8888
160.181.160.165:8888
160.181.160.166:8888
160.181.160.167:8888
160.181.160.168:8888
160.181.160.169:8888
160.181.160.170:8888
160.181.160.171:8888
160.181.160.172:8888
160.181.160.173:8888
160.181.160.174:8888
160.181.160.175:8888
160.181.160.176:8888
160.181.160.177:8888
160.181.160.178:8888
160.181.160.179:8888
160.181.160.180:8888
160.181.160.181:8888
160.181.160.182:8888
160.181.160.183:8888
160.181.160.184:8888
160.181.160.185:8888
160.181.160.186:8888
160.181.160.187:8888
160.181.160.188:8888
160.181.160.189:8888
160.181.160.190:8888
160.181.161.162:8888
160.181.161.163:8888
160.181.161.164:8888
160.181.161.165:8888
160.181.161.166:8888
160.181.161.167:8888
160.181.161.168:8888
160.181.161.169:8888
160.181.161.170:8888
160.181.161.171:8888
160.181.161.172:8888
160.181.161.173:8888
160.181.161.174:8888
160.181.161.175:8888
160.181.161.176:8888
160.181.161.177:8888
160.181.161.178:8888
160.181.161.179:8888
160.181.161.180:8888
160.181.161.181:8888
160.181.161.182:8888
160.181.161.183:8888
160.181.161.184:8888
160.181.161.185:8888
160.181.161.186:8888
160.181.161.187:8888
160.181.161.188:8888
160.181.161.189:8888
160.181.161.190:8888
160.181.162.162:8888
160.181.162.163:8888
160.181.162.164:8888
160.181.162.165:8888
160.181.162.166:8888
160.181.162.167:8888
160.181.162.168:8888
160.181.162.169:8888
160.181.162.170:8888
160.181.162.171:8888
160.181.162.172:8888
160.181.162.173:8888
160.181.162.174:8888
160.181.162.175:8888
160.181.162.176:8888
160.181.162.177:8888
160.181.162.178:8888
160.181.162.179:8888
160.181.162.180:8888
160.181.162.181:8888
160.181.162.182:8888
160.181.162.183:8888
160.181.162.184:8888
160.181.162.185:8888
160.181.162.186:8888
160.181.162.187:8888
160.181.162.188:8888
160.181.162.189:8888
160.181.162.190:8888
160.181.163.162:8888
160.181.163.163:8888
160.181.163.164:8888
160.181.163.165:8888
160.181.163.166:8888
160.181.163.167:8888
160.181.163.168:8888
160.181.163.169:8888
160.181.163.170:8888
160.181.163.171:8888
160.181.163.172:8888
160.181.163.173:8888
160.181.163.174:8888
160.181.163.175:8888
160.181.163.176:8888
160.181.163.177:8888
160.181.163.178:8888
160.181.163.179:8888
160.181.163.180:8888
160.181.163.181:8888
160.181.163.182:8888
160.181.163.183:8888
160.181.163.184:8888
160.181.163.185:8888
160.181.163.186:8888
160.181.163.187:8888
160.181.163.188:8888
160.181.163.189:8888
160.181.163.190:8888
160.181.164.162:8888
160.181.164.163:8888
160.181.164.164:8888
160.181.164.165:8888
160.181.164.166:8888
160.181.164.167:8888
160.181.164.168:8888
160.181.164.169:8888
160.181.164.170:8888
160.181.164.171:8888
160.181.164.172:8888
160.181.164.173:8888
160.181.164.174:8888
160.181.164.175:8888
160.181.164.176:8888
160.181.164.177:8888
160.181.164.178:8888
160.181.164.179:8888
160.181.164.180:8888
160.181.164.181:8888
160.181.164.182:8888
160.181.164.183:8888
160.181.164.184:8888
160.181.164.185:8888
160.181.164.186:8888
160.181.164.187:8888
160.181.164.188:8888
160.181.164.189:8888
160.181.164.190:8888
160.181.165.162:8888
160.181.165.163:8888
160.181.165.164:8888
160.181.165.165:8888
160.181.165.166:8888
160.181.165.167:8888
160.181.165.168:8888
160.181.165.169:8888
160.181.165.170:8888
160.181.165.171:8888
160.181.165.172:8888
160.181.165.173:8888
160.181.165.174:8888
160.181.165.175:8888
160.181.165.176:8888
160.181.165.177:8888
160.181.165.178:8888
160.181.165.179:8888
160.181.165.180:8888
160.181.165.181:8888
160.181.165.182:8888
160.181.165.183:8888
160.181.165.184:8888
160.181.165.185:8888
160.181.165.186:8888
160.181.165.187:8888
160.181.165.188:8888
160.181.165.189:8888
160.181.165.190:8888
160.181.166.162:8888
160.181.166.163:8888
160.181.166.164:8888
160.181.166.165:8888
160.181.166.166:8888
160.181.166.167:8888
160.181.166.168:8888
160.181.166.169:8888
160.181.166.170:8888
160.181.166.171:8888
160.181.166.172:8888
160.181.166.173:8888
160.181.166.174:8888
160.181.166.175:8888
160.181.166.176:8888
160.181.166.177:8888
160.181.166.178:8888
160.181.166.179:8888
160.181.166.180:8888
160.181.166.181:8888
160.181.166.182:8888
160.181.166.183:8888
160.181.166.184:8888
160.181.166.185:8888
160.181.166.186:8888
160.181.166.187:8888
160.181.166.188:8888
160.181.166.189:8888
160.181.166.190:8888
160.181.167.162:8888
160.181.167.163:8888
160.181.167.164:8888
160.181.167.165:8888
160.181.167.166:8888
160.181.167.167:8888
160.181.167.168:8888
160.181.167.169:8888
160.181.167.170:8888
160.181.167.171:8888
160.181.167.172:8888
160.181.167.173:8888
160.181.167.174:8888
160.181.167.175:8888
160.181.167.176:8888
160.181.167.177:8888
160.181.167.178:8888
160.181.167.179:8888
160.181.167.180:8888
160.181.167.181:8888
160.181.167.182:8888
160.181.167.183:8888
160.181.167.184:8888
160.181.167.185:8888
160.181.167.186:8888
160.181.167.187:8888
160.181.167.188:8888
160.181.167.189:8888
160.181.167.190:8888

# Reference: https://twitter.com/banthisguy9349/status/1788164385489178679
# Reference: https://www.virustotal.com/gui/file/51305c6bff62cffbe48226163dde0c348ac6eed3f5a36a1d28464d3925d05fd1/detection

78.26.81.99:58230

# Reference: https://twitter.com/1ZRR4H/status/1790960222044889247
# Reference: https://www.virustotal.com/gui/file/ae19378b68baba9404906cef8ba146fa0b2bf7eab37ccccd8ca09e00567bcd4e/detection

windowstimes.online
admins.windowstimes.online
image.windowstimes.online
images.windowstimes.online
times.windowstimes.online
update.windowstimes.online

# Reference: https://www.virustotal.com/gui/ip-address/94.156.64.82/relations

http://94.156.64.82

# Reference: https://www.virustotal.com/gui/ip-address/94.156.67.175/detection

http://94.156.67.175

# Reference: https://www.virustotal.com/gui/ip-address/94.156.68.143/detection

http://94.156.68.143

# Referen: https://www.virustotal.com/gui/ip-address/94.156.66.239/relations

http://94.156.66.239

# Reference: https://www.virustotal.com/gui/file/3aa51ddaa904fa69d24e26984e1a91f44b6a49628aabdfd48a853328460da1cf/detection

http://176.97.210.243

# Reference: https://x.com/banthisguy9349/status/1806692005000409533
# Reference: https://www.virustotal.com/gui/file/99a5b3a0ed2bdc9f044ba618e230dec1c0caae55257996e728c507bf2cd33b75/detection
# Reference: https://www.virustotal.com/gui/file/e6d82b89a5d706da32841008b118edf79740ade2df564ff41bb1d9e95aea695c/detection

http://107.189.2.172
http://45.33.46.146

# Reference: https://x.com/banthisguy9349/status/1809968571360936269
# Reference: https://www.virustotal.com/gui/file/de9c0cd682badacc98b1eff50aab4f3d56df976208c1f64cef062c3ec5556bc4/detection
# Reference: https://www.virustotal.com/gui/file/eead93221da3bfd72794a947d69bcc21d8224cbc241fde1e673cd00d669cb21c/detection

173.212.248.30:4444
/shell64.elf

# Reference: https://x.com/malwrhunterteam/status/1813297688760185014
# Reference: https://www.virustotal.com/gui/file/69c47d4fc3171e229a22f645ebb613cd0172fe58ba447db4ada7c584bb2283fa/detection

http://194.59.30.116

# Reference: https://x.com/banthisguy9349/status/1818724463971910010

http://15.206.116.117
http://176.32.35.254
176.32.35.254:8000

# Reference: https://x.com/malwrhunterteam/status/1819480922619891976
# Reference: https://www.virustotal.com/gui/file/ce198abee41a19f23a62ede0b94605bf63d4080dc60955dcbbe14455eaea23be/detection
# Reference: https://www.virustotal.com/gui/file/6dd81cf33a5ee6095e0d6605ce342f94051bfb48d3e8836d3a4e545d9c2a9a8c/detection

117.50.205.27:8080

# Reference: https://x.com/banthisguy9349/status/1820180632687051007
# Reference: https://www.virustotal.com/gui/file/e7f734f660c789fd103301ffc58265c5a2cf981ca6cfa4a2c63219174152fa30/detection

http://45.95.146.75

# Reference: https://x.com/malwrhunterteam/status/1820455344813875619
# Reference: https://www.virustotal.com/gui/file/1260fa5dac73cbed946498166ed2a854fe1d08d27ab865c89789fd658b0ee42d/detection

152.32.223.176:443

# Reference: https://x.com/1ZRR4H/status/1821231897449545816

74.50.67.187:44441

# Reference: https://x.com/r3dbU7z/status/1821218600398811304
# Reference: https://www.virustotal.com/gui/file/9651ef7f768b03e0b72c22079da422dc3bb1f244b9066d06bd542f89fcd5830e/detection

45.136.49.87:443
45.136.49.87:4444

# Reference: https://x.com/malwrhunterteam/status/1823226541511155913
# Reference: https://www.virustotal.com/gui/file/f7b627fc33b18906f46882aa5a927262f6478767f38adca08a1de7e3b03318de/detection
# Reference: https://www.virustotal.com/gui/file/8114b4d873811663a47fef7f0063587102699df19cac92adddadd30bcdc7f453/detection

121.199.47.40:8887

# Reference: https://x.com/Huntio/status/1823280152845107543
# Reference: https://www.virustotal.com/gui/file/4c0ace878616b963dd6ed320ace24309eaeacfc143255d1639d83130a244719c/detection
# Reference: https://www.virustotal.com/gui/file/facafec4183ca19a003b941f3c668917a3b5ab891e7c939d1e6fc37692416942/detection

106.14.176.208:7744
106.14.176.208:8082

# Reference: https://x.com/malwrhunterteam/status/1824003380802359748
# Reference: https://search.censys.io/hosts/175.178.185.149
# Reference: https://www.virustotal.com/gui/file/e8354aaf7df8c73e6ca1bf138be81fa1272fc241d7d1c2c4e1fb2af5cb9f4477/detection
# Reference: https://www.virustotal.com/gui/file/81ba3d4a8c15a087c6664cffd5ad458a1eba9859701ea61aecc2278f4e8c35a3/detection

175.178.185.149:8082
175.178.185.149:8084

# Reference: https://x.com/malwrhunterteam/status/1824327892798410793
# Reference: https://www.virustotal.com/gui/file/fdc9fff3ff8e9d004f01222b6c42b35f7de98c409dbab476d5deb63acc4c1a10/detection
# Reference: https://www.virustotal.com/gui/file/864113c5278c141e817ce2ea429a40b626578d459929197be481d25401dd6ae8/detection

47.97.176.108:8887

# Reference: https://x.com/malwrhunterteam/status/1826360397756031119
# Reference: https://www.virustotal.com/gui/file/ed9f28e62c6b5395a481f7975ac57927327f272204543833d5e436e1b498284b/detection
# Reference: https://www.virustotal.com/gui/file/9cab26331781dd1137ac07f8bdeb6bbd2d3628ade7ff173118a6f3251bfcce11/detection

103.75.117.211:8080
telc0m.com
spring.prod.v1.telc0m.com

# Reference: https://x.com/malwrhunterteam/status/1826360786962579702
# Reference: https://www.virustotal.com/gui/file/74985c1d669e6614ad1660cb5c4a58eeeaf442fa8fdc3d5c3d62eb3464728b87/detection
# Reference: https://www.virustotal.com/gui/file/1a6c29fa614e28be6928c01f3a56413b43c61219c79ab2603eea18a7884cd534/detection

159.75.152.208:8084

# Reference: https://x.com/malwrhunterteam/status/1826557100064932008
# Reference: https://www.virustotal.com/gui/file/abfef8b20368846e152450f3ed019fe9c32b92a85fd9a33470bb1f546403b486/detection

http://173.212.220.247
http://193.168.143.199

# Reference: https://x.com/ShanHolo/status/1827292314982572216

http://74.235.106.69

# Reference: https://x.com/malwrhunterteam/status/1827953318523543999
# Reference: https://www.virustotal.com/gui/file/e44d5162ad09ee82025f65677faef5cab5b791e8eb9ecb9dade0eebe81ba88b5/detection

124.222.123.163:8084

# Reference: https://www.virustotal.com/gui/file/afe568cbdd3363574dbeb04aff8e820cea395fefa68ffd4641689b5466d88115/detection
# Reference: https://www.virustotal.com/gui/file/f92be792f125d91cd89c516d867a5421802d4619a78f42f2f0e4271a05d8b50f/detection

centuries-thailand-washer-attack.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1828391254016639092
# Reference: https://www.virustotal.com/gui/file/bc6aaa66d2a2bfc33f72b7d9aee24a5a1a31f546628d8cadf45cecaf3917dcb5/detection
# Reference: https://www.virustotal.com/gui/file/a91e3e3eb766fa550d3b75e6470c908c363b1cf5377d336ff522fabfe026be6c/detection

175.178.255.21:18084

# Reference: https://www.virustotal.com/gui/file/cb39c9c9340cecc5c174d015426e7da0a77c73a94b6a873e1905d078103b6e06/detection

23.163.0.72:21

# Reference: https://x.com/malwrhunterteam/status/1832530942029688840
# Reference: https://www.virustotal.com/gui/file/b63675dded40d988e151a602775d803c3ba916ce2ab8eafe6e9174f8b3b6a7ff/detection

94.156.71.135:443
chicken-teriyaki.ru

# Reference: https://x.com/malwrhunterteam/status/1832470945216315713
# Reference: https://www.virustotal.com/gui/file/ba0c7a47497bc4fc1643856601e4627f40078564628e04b29a00abee253f03d5/detection
# Reference: https://www.virustotal.com/gui/file/b9634751270196171f7a2a2e491bb5e29e5394708e6044f77c7452d535379723/detection

123.56.46.190:443

# Reference: https://x.com/malwrhunterteam/status/1834525302732603772
# Reference: https://www.virustotal.com/gui/file/9ac65dde2f91fdd40dd6e8609edf1c213ee5f1418196bbff447b88d6baf1ed95/detection

117.50.205.72:9876

# Reference: https://x.com/malwrhunterteam/status/1834527656202629230
# Reference: https://www.virustotal.com/gui/file/f247c18955a19d147be2190a909ad3d3f3719ce442d9d82aff5725ce25b473da/detection
# Reference: https://www.virustotal.com/gui/file/e7f7973ac63eb60944a7100dc301d8b85988ebca7bed8603dc2a8a551318d330/detection
# Reference: https://www.virustotal.com/gui/file/6ffcce7628ac2f42e6382dcbbe0df0fe6fabfeea99f8220c85bc64b225551219/detection
# Reference: https://www.virustotal.com/gui/file/6c0bd95177b998e36cc51d99c5a94cb828e86b338a014bc51973351100a69d57/detection

125.124.156.16:88

# Reference: https://www.virustotal.com/gui/file/a75c8e08a5b666c297fc9d43da4106a79d10fbd37ed908d2b9f494265c8d20ac/detection

http://18.130.193.222
repositorylinux.com

# Reference: https://x.com/banthisguy9349/status/1837163361483546693
# Reference: https://urlhaus.abuse.ch/host/45.61.185.79/

http://45.61.185.79

# Reference: https://x.com/banthisguy9349/status/1838864906638029036
# Reference: https://www.virustotal.com/gui/file/984bd2f73fb78eca0d359a4c0f27db7d7aa7ba2fe3314c5cb86402d38828b3cc/detection

http://45.13.199.209

# Reference: https://x.com/9823f_/status/1848354520645984494

80.76.51.32:1909

# Reference: https://x.com/malwrhunterteam/status/1849725444720877734
# Reference: https://www.virustotal.com/gui/file/3e9c94b74b322f3004ec61064bd4aee9061006eefd0cb4101359f725d3c158dd/detection

62.234.69.114:58084

# Reference: https://x.com/malwrhunterteam/status/1853379474273804536
# Reference: https://www.virustotal.com/gui/file/253f4c07fcd0fa5f2ca28e1e23152c0c0d29d364abd41fa751d7a704c9736fdd/detection

45.207.40.68:9094

# Reference: https://x.com/malwrhunterteam/status/1854894459999166780
# Reference: https://www.virustotal.com/gui/file/c28c950196501ac90325dda6da817f270a4c8c4ecbcbc57b5be369338e1e52b4/detection

192.3.55.84:8844
svchouse.net
service.svchouse.net

# Reference: https://x.com/malwrhunterteam/status/1857850127852982766
# Reference: https://www.virustotal.com/gui/file/ed76563375341e5fdb574f678a25306206c8d79e35cd2ae576f4d57c849607ea/detection
# Reference: https://www.virustotal.com/gui/file/5adf234d34431eeb9e28fc618a685365da72afcd48f224d8e26da47fa00110ef/detection

38.45.124.194:8414

# Reference: https://x.com/smica83/status/1866486789222871327
# Reference: https://www.virustotal.com/gui/file/4431cf3b02ca9404e7637ac0aaa128d37e65ed3147d6dda28d92c96808130383/detection
# Reference: https://www.virustotal.com/gui/file/ec94c866700a36458958c241b11ad5a504d032722b9951edfe23ee502a9b6b06/detection

103.27.110.145:8084

# Reference: https://x.com/redrabytes/status/1883853514855928064

http://82.67.64.203

# Reference: https://www.virustotal.com/gui/file/2d3522cca35031bb99e65c8e66085643c616fab0ec49b5bc6bd5c910ab669be2/detection

147.45.47.46:4298

# Reference: https://x.com/malwrhunterteam/status/1892199634728103973
# Reference: https://www.virustotal.com/gui/file/e889e7e99b71dbdaa9b939f4c0e4730e62761759f4d932ea2fc92f1498905928/detection

http://80.94.95.141

# Reference: https://x.com/malwrhunterteam/status/1892982505898160172
# Reference: https://www.virustotal.com/gui/file/0aa6f668e4a231d2b450f27edc0037513e9f1cbb308e923f79c393e9890d8a73/detection

molecular-mazda-forests-shop.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1905323028965376037
# Reference: https://www.virustotal.com/gui/file/5420cc7e24fdd898baa3f679cf8c4b7cdffb6ac060233bfe7af0cffd032a7609/detection

69.165.65.66:23277

# Reference: https://x.com/nextronresearch/status/1912760759798427733
# Reference: https://www.virustotal.com/gui/file/848be643f2cf6777dea88d8f81dc5c910f018716db98750f5bb97389c1774d56/detection
# Reference: https://www.virustotal.com/gui/file/99302898554b0a1c7c57e7598b994a2a8ce59b75eb123996cb1d24648589a4c4/detection

42.233.98.126:33333

# Reference: https://www.elastic.co/security-labs/betting-on-bots

91.92.241.103:8002

# Reference: https://x.com/smica83/status/1929968741439209743
# Reference: https://www.virustotal.com/gui/file/4122f92bf2b4b8717af5aef4295056529653659d74b1bced36cdf2b143ae4921/detection
# Reference: https://www.virustotal.com/gui/file/3d41cec2014b159f7b1657b372de130b79ee7e958ef22db1a3ad28bb3480a699/detection

abokav.info

# Reference: https://x.com/malwrhunterteam/status/1930564651059741004
# Reference: https://www.virustotal.com/gui/file/1e307f8641934ed69f774a07a56d22acb06ac9c080951ce1b880a02bea851c7c/detection

206.238.196.237:22085

# Reference: https://x.com/malwrhunterteam/status/1964087356232753489
# Reference: https://www.virustotal.com/gui/file/309dc09714e8e7cb32536433e2a501c995bc3eb34577051a5f4c6d0ed2342e06/detection
# Reference: https://www.virustotal.com/gui/file/eea5cf834c340bc8f6f897dbf899de2bc5815bfcce6d8f326faa30fab74d790c/detection

http://104.168.152.151
http://142.4.124.229
http://192.74.226.11
http://192.74.226.9
143.92.38.169:3232
143.92.38.171:25445
143.92.38.174:3232

# Reference: https://x.com/smica83/status/1971136017022283866
# Reference: https://www.virustotal.com/gui/file/a0813312a7a20d12ff68b63c4c5d342c422a3f1572f93e044cdb9f4ea8c5a13a/detection

http://200.4.115.1

# Reference: https://www.virustotal.com/gui/file/25404fdfe8ad7b5584c3fbf3d70094682023d2ba06918acfac1ea35472e5e21e/detection

http://195.160.220.198

# Generic

/attack.elf
/reverse.elf
