# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.I

w.qq-uc.cn
baoge.9966.org
mmd178.cn
oiuyt.net

# Reference: https://www.virustotal.com/gui/file/4a9c646136c527e9669fcada5319678c77bd98218f77d8cce79c04ff475d3194/behavior/Tencent%20HABO

cccd02.codns.com

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.AV&threatId=-2147286376

hackxiaoben.3322.org

# Reference: https://www.virustotal.com/gui/file/5418c6786bc04eb939a9febc8cfa0411f463fbf2a957189b2dc46ba3d5885652/behavior/VirusTotal%20Cuckoofork

4263604.meibu.net

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Farfli.DA&threatId=-2147261103

binbinkam.cn

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.K!bit&threatId=-2147249070

cdn_server_word9500.xxus.us

# Reference: https://www.virustotal.com/gui/file/24ecf8d68c313a9cff7c801eb8108b61f9bd5a6bfcb17434f71ab74d3d6b444a/behavior/VirusTotal%20Cuckoofork

a2.qwsazx.com

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.C&threatId=-2147258877

b1a23.meibu.net

# Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:Win32/Farfli.E&threatId=-2147258594

m1.yea.im

# Reference: https://twitter.com/K_N1kolenko/status/1281163539223363584
# Reference: https://www.virustotal.com/gui/file/ec65dff6c8c64535d441d9d3c1a2a7c6c2a0a42ca304041bde9cdd8f7d5b1628/detection

qch1jjlb7.bkt.clouddn.com

# Reference: https://www.virustotal.com/gui/file/b9c5b00ecbfe17abc48ee5df3f4a4725f90218c5ef596d16ffd7a1e59864fa98/detection

linenews.mypicture.info

# Reference: https://www.virustotal.com/gui/file/893859a6cee37a556d2368c1ca39b7c9e100983a0822c14b59f59224c5e41639/detection

nutqauytva[0-9]{1,3}azxd\.com

# Reference: https://twitter.com/Jirehlov/status/1385068574889234439
# Reference: https://www.virustotal.com/gui/ip-address/43.128.26.244/relations
# Reference: https://www.virustotal.com/gui/file/7b1bd6931e3e0d9592205a4945661f053d7f696dbf57ced2d6467e4775135290/detection
# Reference: https://www.virustotal.com/gui/file/bea0dfb403684642d6612a653bf18dbbff35574ff7166b6ea5e433258df3a7b2/detection
# Reference: https://www.virustotal.com/gui/file/52589fbf2352bb762bd1b2a18bf20d60ceaeb0b829034edf77ea4e73d4711e8a/detection

http://43.128.26.244
43.128.26.244:99
/2021/0???????????.db
/2021/03usdt????????.db
/2021/04??????.db
/2021/042021????.db
/2021/062021Excel.db
/2021/20218036/kb.jpg
/2021/20218036/TY.png

# Reference: https://www.virustotal.com/gui/file/3ee01bd64bb58a4d892fa0994fec5c32faa089346e0bc3d4fe00a08b6890be18/detection

rat.microsoftups.com

# Reference: https://www.virustotal.com/gui/file/bae1270981c0a2d595677a7a1fefe8087b07ffea061571d97b5cd4c0e3edb6e0/detection

193.164.223.77:7456

# Reference: https://www.virustotal.com/gui/file/385c92e3d2b1dc253eac89889157258df64586cad653dccfd3f3d6b240b9efba/detection

144.48.243.79:1002
202.8.123.81:6547

# Reference: https://www.virustotal.com/gui/file/9a5cae26a14962475b1d9e3011aa16cf7fbd421f2f3f9caa4299c98e3cf018f7/detection

193.164.222.131:4567

# Reference: https://www.virustotal.com/gui/file/e3c418133e17bd7ddd99ef252fb220852a0ab1d827e28c57fcb2645d89899c43/detection

107.151.94.66:4397

# Reference: https://www.virustotal.com/gui/file/2122180333641dee3a0ef7b9966ef035dc010e9857867c247517fe4ec8f566cc/detection

107.151.64.99:4398

# Reference: https://www.virustotal.com/gui/file/00f89613a5add3497b0da5c69bf7e39d88f312f2251f1f7cd3eb678584795931/detection

58.56.66.45:1111
kk321.f3322.net

# Reference: https://www.virustotal.com/gui/file/d7a35dac1206d1b11cc5d7f27cd5c41831a71b9384de993bd22997686782d8c9/detection

updatedns.serveuser.com

# Reference: https://www.virustotal.com/gui/file/669c73d43ee10805a49260331dc5c2f278a84191b96c32ffe0ffc46365722b70/detection

27.124.3.138:5002

# Reference: https://www.virustotal.com/gui/file/1665b6af7f0f2be925ffccde88aa85d442c22dd95617ef79195cfb3ceca73b97/detection

113.90.168.19:8000

# Reference: https://www.virustotal.com/gui/file/9c8275d340bd29999a4d8f21e846225fdbb3fd67e82df6da810ec6913786cdc1/detection

180.215.203.34:36060

# Reference: https://www.virustotal.com/gui/file/880ee211e61938ce2b52c191b52a670be2cd83385fe573ef1ab5ac3fcb6d3eea/detection

180.215.203.34:24690
180.215.203.34:443

# Reference: https://www.virustotal.com/gui/file/7dbb6b9b81c564c8843000cfa156512057f783abb7b1b036362b36a3a23c1ef8/detection

43.139.138.38:2002

# Reference: https://www.virustotal.com/gui/file/f810b7e70b092c28f444de6782676e2d6c2d754340359be3278ce8957d2a3486/detection

124.220.35.63:7777

# Reference: https://www.virustotal.com/gui/file/a261d2dd247ae794de54eeb729b5336d945e7d5406d96cc8b41d6546e912705b/detection

124.220.35.63:8000

# Reference: https://www.virustotal.com/gui/file/9a2112fa4bb5f16b6e7a61b50fe0abb25aade5d0b50930699db1f195891d50bd/detection

124.220.35.63:4088

# Reference: https://www.virustotal.com/gui/file/83534b5f34717ef561cb855f2611710bad259e0ca42cae2252d00d986b73d7be/detection

154.91.230.44:8225

# Reference: https://www.virustotal.com/gui/file/614c1ce944cd52468289e806685ab58ce6bccb33b87d991bf376eb144dd03c1e/detection

104.233.151.40:8225

# Reference: https://www.virustotal.com/gui/file/e759df6f0df75856657945fc8bfcc0abc3def918e847956ad7c361fc72d0e19c/detection

40.83.115.43:8001
81.69.6.161:992
bot.nodefunction.vip

# Reference: https://app.any.run/tasks/51ac8482-d809-4a2b-a601-89be388f3f13/

27.124.43.55:8000

# Reference: https://twitter.com/obfusor/status/1685588560760709120
# Reference: https://www.virustotal.com/gui/file/1e3c8d40ac25f58439cd1eeb3e69066bfb7f7554d79b125b4c2213152496eeb8/detection
# Reference: https://www.virustotal.com/gui/file/363f2bc3f3f5da3147689f5d66f7fcad1199e1c654326e40767df6fd9fbd6233/detection
# Reference: https://www.virustotal.com/gui/file/da387187f3ae143bc874f27acb5bb04a5e208ca0f4d0200917eee0c6ccd33781/detection
# Reference: https://www.virustotal.com/gui/file/5f4c86793dc182bbdbca017a15a26213cf07bcc7d5a3038db3b728fcd421c581/detection
# Reference: https://www.virustotal.com/gui/file/d4cfd0cf4f253c6cb6d6b1aa8475d6a2a58de7b87e51cbb5affd9e65eb47224b/detection

103.229.126.5:7700
122.10.24.216:7700
154.38.114.192:7700
164.155.255.38:7700
43.129.71.79:7700
8.218.190.138:7700

# Reference: https://www.virustotal.com/gui/file/4027995b0a77793ccb5b415d66ba3b6ea1dfdbdc70249ab2f7f66a35f97a80d3/detection
# Reference: https://www.virustotal.com/gui/file/43ecc26f16080ee7c67b9ed6fd75b45b3aae99862733a0824b03d8e53904778c/detection

106.55.160.12:2012
192.252.182.100:2012
216.83.40.189:2012
8.134.97.32:2012

# Reference: https://twitter.com/ThreatBookLabs/status/1691451361014272000
# Reference: https://www.virustotal.com/gui/file/27ae3c21f27cf73b34ef7f2fecf9ed1bf319a7acb155d9b36341ac821ec35216/detection

59.42.71.178:876
wanyaqing.3322.org

# Reference: https://blog.cyble.com/2023/06/16/new-malware-campaign-targets-letsvpn-users/
# Reference: https://otx.alienvault.com/pulse/64906a888558bdb91b9f4495

latavpn.world
lestvpn.com
letevpn.world
letsvpn.club
letsvpn.cyou
letsvpnaa.com

# Reference: https://www.virustotal.com/gui/file/0b4eb7fdae7e90c0bd0dbfc7552865ba6d7dcd03e77efd91b5e246c71f9f2f7c/detection
# Reference: https://www.virustotal.com/gui/file/7ec0d3e3dc4222f34c482926ce1f971b51929e95b9d097140bc1f4b1c84dafd9/detection

182.42.105.12:2022
182.42.105.12:9000
lqwljs.cn
lqwljs.top

# Reference: https://www.virustotal.com/gui/file/075f5138060a476a449b2134c53abfa13ddd233d2151fa6576c5c7c6c5badcf2/detection

222.186.160.169:40869
sjlwql.cn

# Reference: https://www.virustotal.com/gui/file/0383b4607310f8e98a2d2ee93cbea1a9e5d66dfaf8755e6b3e1e4398ae42ca71/detection

43.248.191.125:7999
sjlwql.top

# Reference: https://www.virustotal.com/gui/file/b6bc28566acdd68792cf2393993f01e992e23be2ba275d74bf697300cb1b250e/detection

103.142.146.92:8000
103.143.29.28:3325

# Reference: https://www.virustotal.com/gui/file/490e63ba4abec4b9935c8edf0df01e34c9f9d00e326f084bc52b3ca9853a5623/detection

222.211.72.102:8018
hackerinvasion.f3322.net

# Reference: https://www.virustotal.com/gui/file/4cf0f2fd200e4c941e940044c23784061390936caf5b15d666766e0ae6086d92/detection

222.211.72.102:8068

# Reference: https://twitter.com/naumovax/status/1706663843571904622
# Reference: https://tria.ge/230925-dhhheadb52/behavioral2
# Reference: https://tria.ge/230925-dhd5zsdb49/behavioral2

222.211.72.102:7029
222.211.72.102:7088

# Reference: https://www.virustotal.com/gui/file/3084e166be386ff331ebb3321d9fc55239b909264b5b7f0ddeb1cf3690ad8656/detection

20.187.77.247:53762
one188.one
gd.one188.one

# Reference: https://www.virustotal.com/gui/file/06ca956b3574a6514803b2682f8dd6cda6e81111ae6e7ebc8d71de68964dbe03/detection

141.255.146.160:7077

# Reference: https://www.virustotal.com/gui/file/44773329fdd390d4321f01dd301736de74606062a8e6b8ce79f302a316d9e598/detection

42.51.37.132:8000

# Reference: https://www.virustotal.com/gui/file/6e6c6c7dd4b27ec3ba17135aa99d5166405a3e0512c9ca092c4b14718fa39045/detection

43.248.117.189:37558
s4.v100.vip

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
# Reference: https://www.virustotal.com/gui/file/a366710645856803e6d4cd0babd1b11d6eaef7ce0bca7254d499164d4b26abfb/detection
# Reference: https://www.virustotal.com/gui/file/acf6c75533ef9ed95f76bf10a48d56c75ce5bbb4d4d9262be9631c51f949c084/detection
# Reference: https://www.virustotal.com/gui/file/e3edfb7d2c5b95a0eba0070f0f735a78ea3dffc73a7d5f97bf9b886931bcf047/detection
# Reference: https://www.virustotal.com/gui/file/fb7b9f25adc2a0f6fb6a80666072783e34cb2fa2cb7412b14f4ff12ab36961a3/detection

216.83.56.247:36061
45.195.148.73:15628
47.75.116.234:19858
5443654.site
5443654.world
telagsmn.com
teleglarm.com
teleglren.com

# Reference: https://www.virustotal.com/gui/file/287a4430ea2c76838bf97bae597209017f62a7bbacdfd472508afcea2f184524/detection

91.204.226.63:8000

# Reference: https://x.com/K_N1kolenko/status/1796542852681596972
# Reference: https://www.virustotal.com/gui/file/4403fcd4791990c2a228398f6282c5cc419f23970f67ede03d7004e07c953076/detection

110.6.28.25:88
123.129.229.68:5656
154.222.224.99:7000
4.233.222.144:8848
0qsf.com
dnf60.online
a.0qsf.com
dnf.dnf60.online

# Reference: https://x.com/DonPasci/status/1792981948631007391
# Reference: https://www.virustotal.com/gui/ip-address/103.192.209.60/relations
# Reference: https://www.virustotal.com/gui/file/0150b8a808a9ba4dc2e5093839a75ceba632e3668fe3f2977e604257f02757fc/detection
# Reference: https://www.virustotal.com/gui/file/2bdd6c549e4314db5c888ef891cf869d018af003a614bb9f43d26e23a758bfe3/detection
# Reference: https://www.virustotal.com/gui/file/65594cd00b59b33c7d31f57048e329a24b3e1c2c29b2fda682ea01e157d447d3/detection
# Reference: https://www.virustotal.com/gui/file/857ebb67b4be23b01e2feacaee45d0650b39c3f6306416ac19b319d14cd68e69/detection
# Reference: https://www.virustotal.com/gui/file/db969801fdf2511b44c442e0b7a762f35a2dab99abfe089672535362654d8198/detection

http://103.84.110.94
103.192.209.60:7474
103.192.209.60:7575
103.192.209.60:7778
154.39.251.77:13799
996cq.com
aadij.top
aaojg.top
aclhl.top
acole.top
adbck.top
ahdpb.top
aheoe.top
ajhei.top
banol.top
beapn.top
bfjdn.top
blhlc.top
bmhhk.top
bobmg.top
bohon.top
cacnj.top
caehc.top
caied.top
cbnco.top
cfbkb.top
cjpka.top
ckkib.top
cniac.top
cofim.top
dbacn.top
dboka.top
ddchg.top
dghbb.top
dgknd.top
dhiin.top
dhjcp.top
digjf.top
djhna.top
dljol.top
ebnih.top
edgip.top
edmap.top
eeilh.top
efogb.top
ehoca.top
ekgie.top
emhob.top
emomg.top
enhjb.top
facbc.top
fbfnc.top
fjojf.top
flaio.top
fmjfc.top
fpiff.top
gchfp.top
gcnij.top
gdaog.top
geohh.top
gkeco.top
gpnjf.top
hcfpo.top
hdmnh.top
hejhp.top
hfidd.top
hhjdn.top
hiccf.top
hknki.top
hlifk.top
hlilm.top
hlmlh.top
hmamb.top
hmoan.top
hpfpn.top
ienjd.top
ihomi.top
iicmk.top
ikgbl.top
iomca.top
ipebj.top
jaaja.top
jbbpe.top
jbffm.top
jdllm.top
jfbnb.top
jffop.top
jiigm.top
jjmjj.top
jkfkh.top
jmimn.top
jnael.top
kelka.top
kgtejsaf.com
khhbo.top
kidbe.top
kjaga.top
knhgk.top
kpgia.top
lajca.top
lbnfl.top
ldbom.top
lffkl.top
liapp.top
ligkl.top
lmfga.top
lnbgj.top
lnlgh.top
loicg.top
macfh.top
mdkol.top
meion.top
mpifi.top
najom.top
nakbm.top
nbjme.top
ncnih.top
nfjge.top
ngfca.top
nhmln.top
ninid.top
nkkan.top
nlinn.top
nnepl.top
nocda.top
oagij.top
oaibo.top
obafe.top
odjkl.top
ogagp.top
ohnag.top
ohppf.top
oikpk.top
oipoi.top
ojlob.top
okcdg.top
okmib.top
olekf.top
oljee.top
ommpg.top
omopp.top
onhid.top
onldm.top
oople.top
oplda.top
paegj.top
pcjmk.top
pejof.top
pgoac.top
pijon.top
pkdhe.top
pldnc.top
plgbd.top
pmeca.top
pojlg.top
ppifh.top
bba.odjkl.top
cdc.ogagp.top
lip.cjpka.top
lip.jkfkh.top
ning.meion.top
ning.oople.top
sss.cjpka.top
sss.onldm.top
tieb.kjaga.top
xxhh.acole.top
xxhh.gcnij.top
xxhh.hiccf.top
xxhh.liapp.top
xxhh.pejof.top
zscm.996cq.com
zzz.emomg.top
zzz.hiccf.top
zzz.liapp.top
zzz.pejof.top
https.bba.odjkl.top
https.lip.cjpka.top

# Reference: https://www.virustotal.com/gui/file/07edde3f52e5adfc2f689ebe8ff5701ada4be0daac06a98bc865aa369aa98e14/detection

110.8.29.195:2014
q7481.codns.com

# Reference: https://www.virustotal.com/gui/file/1793cdd631cd51f5e6551e1db4032b50df4c7708a67ea3a0f01e70f02d6ddbcd/detection

34.124.242.160:8898
34.126.127.177:7333
34.87.157.1:7333

# Reference: https://x.com/malwrhunterteam/status/1859321495358464251
# Reference: https://app.validin.com/detail?type=dom&find=down.app.tw.cn (# 2024-11-20)

10dhwp.potvpn.com
5670.potvpn.com
5vn5op.potvpn.com
6241.potvpn.com
6qd5fe.potvpn.com
7htrnj.potvpn.com
879.potvpn.com
93kjzt.potvpn.com
admin.ehatsapp.com
admin.evevpn.com
admin.shadowsock.net
admin.totvpn.com
adminuser.telegrame.cn
ams.maovpn.com
api.ehatsapp.com
api.kakavpn.com
api.whactsapp.com
ar.potvpn.com
assets.shadowsock.net
bot.kakavpn.com
cld.telegratm.org
clients.evevpn.com
com.evevpn.com
core.tilegram.org
core.tulegram.org
cpanel.totvpn.com
cpcalendars.totvpn.com
cpcontacts.totvpn.com
cryptomus.kakavpn.com
da.jxvpn.com
de.jxvpn.com
de.potvpn.com
desktop.tilegram.org
ec2jxv.potvpn.com
ehatsapp.com
en.potvpn.com
es.potvpn.com
evevpn.com
execvpn.net
execvpn.org
expvpn.com
fa.jxvpn.com
fi.jxvpn.com
finalshell.cn
gdn.maovpn.com
grs2rl.potvpn.com
h5.letsvpns.com
hi.jxvpn.com
hi.potvpn.com
hostmaster.chat.whntsapp.com
hostmaster.webvpn.org
hr.jxvpn.com
hy.jxvpn.com
i.potvpn.com
id.potvpn.com
io.telegratm.org
is.jxvpn.com
it.jxvpn.com
it.potvpn.com
j.potvpn.com
jiami.telegramf.org
jixqvk.potvpn.com
jk.whstsasap.com
jk.whstssaap.com
jxvpn.com
kakavpn.com
kc24yd.potvpn.com
kha.maovpn.com
ko.jxvpn.com
kuailian.tv
kuailianvpn.org
lax.maovpn.com
lersvpn.com
letesvpn.com
letssvpn.com
letsvnp.com
letsvpn.cn
letsvpn.icu
letsvpns.com
letsvspn.com
letsvvpn.com
leysvpn.com
libyavpn.net
litsvpn.com
lohzqm.potvpn.com
lv.jxvpn.com
lvm6en.potvpn.com
m.potvpn.com
mail.totvpn.com
maovpn.com
mk.jxvpn.com
moguvpn.com
mtelegram.org
muhurte.evevpn.com
my-test.evevpn.com
my.evevpn.com
my.jxvpn.com
my.mtelegram.org
my.potvpn.com
ne.jxvpn.com
nl.jxvpn.com
nl.potvpn.com
no.jxvpn.com
noodlevpn.com
ns1.telegg.com
ns2.telegg.com
p.potvpn.com
panel.kakavpn.com
pipevpn.com
pl.jxvpn.com
potvpn.com
prg.maovpn.com
pt.potvpn.com
r092xd.potvpn.com
random.libyavpn.net
rix.maovpn.com
ro.jxvpn.com
rq8hod.potvpn.com
ru.jxvpn.com
ru.potvpn.com
shadowsock.net
sitemaps.libyavpn.net
sk.jxvpn.com
sl.jxvpn.com
sof.maovpn.com
sr.jxvpn.com
ssrsvpn.com
sv.jxvpn.com
szkexin.potvpn.com
teiegram.cc
telegfam.com
telegfram.org
telegg.com
telegm.org
telegnam.com
telegqram.org
telegram5.cn
telegrame.cn
telegramf.org
telegrammn.org
telegramt.com
telegratm.org
telegrgm.com
telegzam.org
th.jxvpn.com
tilegram.org
totvpn.com
tr.jxvpn.com
tr.potvpn.com
tulegram.org
u.potvpn.com
ubsjto.potvpn.com
ucgpqo.potvpn.com
uh8mue.potvpn.com
uox9ue.potvpn.com
ur.jxvpn.com
uz.jxvpn.com
vc1aek.potvpn.com
vi.potvpn.com
web.tilegram.org
web.tulegram.org
web.whactsapp.com
webdisk.totvpn.com
webmail.totvpn.com
webvpn.org
whactsapp.com
whatsasp.com
whntsapp.com
whstsaap.com
whstsasap.com
whstssaap.com
world.potvpn.com
wshtapp.com
wshtsapp.org
ww01.ehatsapp.com
ww1.shadowsock.net
ww1.webvpn.org
ww12.kakavpn.com
ww16.whntsapp.com
ww25.0jj9ez.potvpn.com
ww25.10dhwp.potvpn.com
ww25.5670.potvpn.com
ww25.5vn5op.potvpn.com
ww25.6241.potvpn.com
ww25.63elxw.potvpn.com
ww25.6lvfoj.potvpn.com
ww25.7htrnj.potvpn.com
ww25.879.potvpn.com
ww25.9h6pjy.potvpn.com
ww25.ar.potvpn.com
ww25.ckupmu.potvpn.com
ww25.de.potvpn.com
ww25.e.potvpn.com
ww25.en.potvpn.com
ww25.es.potvpn.com
ww25.fr.potvpn.com
ww25.hi.potvpn.com
ww25.i.potvpn.com
ww25.it.potvpn.com
ww25.jixqvk.potvpn.com
ww25.lohzqm.potvpn.com
ww25.lvm6en.potvpn.com
ww25.m.potvpn.com
ww25.mtelegram.org
ww25.my.mtelegram.org
ww25.my.potvpn.com
ww25.nl.potvpn.com
ww25.p.potvpn.com
ww25.p0r8dm.potvpn.com
ww25.potvpn.com
ww25.r092xd.potvpn.com
ww25.ru.potvpn.com
ww25.ss.potvpn.com
ww25.szkexin.potvpn.com
ww25.ubsjto.potvpn.com
ww25.ucgpqo.potvpn.com
ww25.uh8mue.potvpn.com
ww25.uox9ue.potvpn.com
ww25.vc1aek.potvpn.com
ww25.vi.potvpn.com
ww25.webvpn.org
ww25.world.potvpn.com
ww25.y0mdik.potvpn.com
ww25.ykneri.potvpn.com
ww25.z9m3hw.potvpn.com
ww3.webvpn.org
ww38.hi.potvpn.com
ww38.mtelegram.org
ww38.my.potvpn.com
ww38.potvpn.com
ww38.telegm.org
ww38.whntsapp.com
ww6.ehatsapp.com
www-origin.evevpn.com
y0mdik.potvpn.com
ykneri.potvpn.com
zh-tw.jxvpn.com

# Reference: https://x.com/malwrhunterteam/status/1903092941637226892
# Reference: https://www.virustotal.com/gui/file/a01b64857d8716556f33093f8cc4e65200d9706d480991c09225e2e7dbd2193a/detection
# Reference: https://www.virustotal.com/gui/file/3a4fcfc2d47067d7acf25e2a0808d9282a4c574a530b7154aba38ea8dd981789/detection

18.162.59.168:8081
18.163.117.227:8083
27.124.38.6:3306
27.124.38.6:443
27.124.38.6:8081
global.apple-cdn.com
halo.apple-cdn.com
hello.apple-cdn.com
jp.aws-oss.com

# Reference: https://www.virustotal.com/gui/file/462b343d3df890ef30c498721ff083a19fde871c03c4f55e579b6feaeb69bf9f/detection
# Reference: https://www.virustotal.com/gui/file/9bec6fd3b4fca14c515a855db7c5badd222c6c60fb5406098e4cbdf1af733967/detection
# Reference: https://www.virustotal.com/gui/file/1e1b0d9ea5d263d3e425f9896f0d2cf78189be31ac983721922e824a1e8140ed/detection

38.45.126.218:8787
cao.asselst.com

# Reference: https://x.com/malwrhunterteam/status/1928940652353450382
# Reference: https://www.virustotal.com/gui/file/01ee97b0eaeda9aed6c5dd9e861e0dd55e8ea5e4a2ce5ed5c2a82ee9c1790f0d/detection

38.45.126.218:7845

# Reference: https://x.com/BlinkzSec/status/1941486999946526791
# Reference: https://app.validin.com/detail?find=bf7e8eee8a97af5ae4d7ccebad091e74&type=hash&ref_id=8af4f8207c7#tab=host_pairs (# 2025-07-05)
# Reference: https://www.virustotal.com/gui/file/09829d5968836b5dbbcafb563aa84d0644dbbd3da3d5b10dd3fe1e1f3914bd7e/detection
# Reference: https://www.virustotal.com/gui/file/ece24a9619cbf4209093f3e6219b1ba9ca165ed176f171fd05b46fa0a6d91c69/detection

144.202.74.176:87
46.8.120.153:42534
46.8.120.153:5123
46.8.120.153::8080
823.s.3322.net
882.8866.org
alimcma.3322.org
bbdu.3322.org
fengzi000.3322.org
fugu.2288.org
linuxzh.3322.org
nanshen.f3322.org
pingan3.3322.org
pt930.9966.org
rrr80.3322.org
sswlzyy.f3322.org
vfegt342.3322.org
weini501.f3322.org
yldaj.2288.org

# Generic

/newfiz7/tasks.php
