# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://misterch0c.blogspot.com/2019/04/threat-fox-stealer.html

a0287829.xsph.ru
androsha.ga
anticap.ml
ark-steal-free.tk
battlecash.ru
blackspace.site
bigbosslike.tk
bloodborn.xyz
bugtrackerjorkey.tk
coderxz.site
dexire.tk
djimbosfan.tk
docheat.site
exchangepe.cf
f0289264.xsph.ru
foxpanel734923vbb2.tk
gilork.ga
govoting.site
hjon1k21.tk
hooksixteenth.tk
jon1k2002.tk
kuzya001.tk
lexonlex31q.tk
lobsterkiller.tk
lucasik.tk
mrgrom.gq
oldfuck.tk
orangemail.tk
paketa.gq
panelys.tk
phust-adminpanel.ga
poolground.tk
reaper.tk
rondylog1337.ga
sashajeweler.tk
schoolmosreg.tk
squarez.icu
squarez16.site
stiller.tk
test1331.tk
webenginer.tk
wnukz.site
wsq22.ml
yadaynksta.ga
younglybae.tk
z1xrk.cf

# Reference: https://twitter.com/P3pperP0tts/status/1125726986159185920
# Reference: https://app.any.run/tasks/3068b154-d6f2-4483-ae72-60fbd5f3467f
# Reference: https://app.any.run/tasks/efda3189-9b24-46e1-8687-6c4e36c191f2
# Reference: https://app.any.run/tasks/aedd6873-d6dc-433a-9eaa-e99fb04e61a5

fristaylooo.ml
joskiyet.beget.tech

# Reference: https://www.virustotal.com/gui/file/0cbf6190e0a381a0ec20a2b54156f06615453bb80ae2e1256242cb8af96b065d/detection

moringb6.beget.tech

# Reference: http://tracker.viriback.com/dump.php (# 2019-11-04, FoxStealer)

f0293780.xsph.ru
tomanddd.tk

# Reference: https://twitter.com/malwrhunterteam/status/1117770064114126849

ark-steal-free.tk
duperu.ru
foxpanel734923vbb2.tk

# Reference: https://www.virustotal.com/gui/file/e1b1bc31a0ad91af3e1e77caaa41e32b9d818163035f93e3e2a269b45ebe6d2c/detection

cp57152.tmweb.ru
vh224.timeweb.ru

# Reference: https://twitter.com/FalconFeedsio/status/1741333409606341115
# Reference: https://x.com/ViriBack/status/1814769275049021830
# Reference: https://www.virustotal.com/gui/file/e527e84490dd2600f68a0f18e7525e283488967c76c91c120c4f1db0941257c2/detection

146.19.143.222:1337
5.42.66.4:3000

# Reference: https://twitter.com/banthisguy9349/status/1778029253583425833
# Reference: https://urlscan.io/search/#filename:%22logo-e7746211.png%22

http://5.42.66.4
0p2q9.com.ru
2pgkbxhcalac.0p2q4.ru
c9fsjknsjb.volgae.ru
claims-dept.com
ebhpnpesmvv.9g1h2.ru
mailhost.freemsk.org
office.freemsk.org
themailonlinepersonel.com

# Reference: https://app.validin.com/detail?find=def7380083b33e7ab8e2f65e4817c1ac0ba70cb6&type=hash&ref_id=523dfff8ee6#tab=host_pairs_v2

18v9ue3mvo1nal9dus9d.n6lhfmjd.ru
2o4p6.com.ru
30gqmjjargnjfcrg.1a3b4.ru
3a5b7.ru.net
3cr6yjje7rketpnz.0p2q4.ru
3empzjuim7zpki.softclojud.ru
3oeuqoh.ntbfx.ru
45.n6lhfmjd.ru
4u8rdrvqhwwk.fstrateg.ru
7g9fh1.com.ru
7g9h1.com.ru
7g9nh1.ru.net
8hfhgkkxjfkizh.foodieblog.za.com
8lib6xhqw22hwrw.x5y2z.ru
8xgpkgywj.ntbfx.ru
9k8l7.ru.net
9k8lu7.com.ru
9slcv7neiuu.orafngepear.ru
a5hli1xswek4d8q.avarga.ru
apz2tjo2fsz.7k8l9.ru
aqpcl.net
aqspsiua.boltdsky.ru
astupjjkdf.d3e5f.ru
b6c7d8e9f0g1h2.n6lhfmjd.ru
brzm2ywnfzbe.fstrateg.ru
c2jfkre7.grfeenleaf.ru
cnvlvbtdhyookg.volgae.ru
d8e5f.ru.net
d8te5f.com.ru
datadrive.sa.com
datadriven.sa.com
datascience.ru.com
ddhkavhjag2qley.silfverfish.ru
equityinvestportal.us
fashionguru.sa.com
fashionicon.sa.com
fel9da7fmxvwxpi.alpsf.ru
fitnessfan.sa.com
fitnessfreak.sa.com
fitnessguru.sa.com
fitnesspros.sa.com
foodcritic.ru.com
foodcritique.ru.com
foodfrenzy.sa.com
foodieblog.sa.com
foodieheaven.ru.com
foodlover.ru.com
foodlover.sa.com
fthcjyykkwo.alpsf.ru
gti7iqr9.m2n4o.ru
gwpcdooys.texint.ru
h8shhchx.blu3ecat.ru
hjutuo9raxliwn.zdislav.ru
hostmaster.avarga.ru
hvcsw3rzxe.quieckbird.ru
i3j4k5l6m7n8o9.n6lhfmjd.ru
i6j8k.com.ru
ii8sc9c.i4j6k.ru
info.texint.ru
jnss3sqp4x.quieckbird.ru
k4ehxxdr6.blu3ecat.ru
kuh3gwdqj8yy.redkmoon.ru
m4dn6o.com.ru
m4n6o.ru.net
mnwyrggsmvhnj.avarga.ru
mymec9xixrrpdzxr.silfverfish.ru
n5pks7j.softsb.ru
n6lhfmjd.ru
nroqt4ritk9prw.m2n4o.ru
nwhlzmn.grfeenleaf.ru
o3qw298oa.irinter.ru
oajlel5.1a3b4.ru
ol2vlons.softclojud.ru
q2ar4s.ru.net
q2r4s.ru.net
q5o0at33uao9ow.x5y2z.ru
qasd9croxhk.q6r8s.ru
qbsnt0myfalk3eu.boltdsky.ru
qghzhglpvvx0w.softsb.ru
qk5bx288cxj20uaru1yw.n6lhfmjd.ru
qy2fhgnfxebcknnu.driverb.ru
r7t9u.com.ru
rwccv3g.9g1h2.ru
ryou2uidxi3.i4j6k.ru
securedlinkmicrosoft.com
sgss1.com
t9c7um1r.driverb.ru
transasiapss.co
u3v5w.com.ru
u9dbj5yu.orafngepear.ru
ucqjnsqbeu.foodieblog.za.com
uizfqbw.irinter.ru
v4ehvqik.q6r8s.ru
vruiggsci5n4cq.redkmoon.ru
webdisk.n6lhfmjd.ru
webmail.n6lhfmjd.ru
wf9upcxab6.golhdenowl.ru
wpqw3e7u3tzfqb2.whigteheart.ru
x1dy3z.ru.net
x1y3z.ru.net
x1yg3z.com.ru
xfn32ve.golhdenowl.ru
xfztgumc.d3e5f.ru
xkeuuijvx.texint.ru
zcqwglz.whigteheart.ru
zlw5jrrqaywt.zdislav.ru
zu4e9x9mg6hf.7k8l9.ru
