# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/en/domain/madh0use8.no-ip.org/information/
# Reference: https://www.virustotal.com/gui/file/347687813e6c14e190fa3545f088555b241bc63bb1a5796d672747a7303d276b/detection

madh0use8.no-ip.org
madh0use8.no-ip.org.ovh.net

# Reference: https://www.virustotal.com/en/domain/vajityu.club/information/

vajityu.club

# Reference: http://www.bug.hr/forum/topic/sigurnosni-softver/ransomware-napada/223333.aspx

aepahphahv.co.vu
aisohcaehi.co.vu
anothertembr.cf
anothertembr.ga
anothertembr.gq
anothertembr.ml
chughaiquu.co.vu
eewujoopai.co.vu
faeceedaba.co.vu
iewohpotae.co.vu
kladara.ml
meicashala.co.vu
rooniebohl.co.vu
sheibohchu.co.vu
sootateiso.co.vu
xooseishoh.co.vu

# Reference: https://www.virustotal.com/en/ip-address/184.172.251.98/information/

facetwop.ru
rulething.ru
montirose.com

# Reference: https://www.hybrid-analysis.com/sample/f9beaa7e7668b80b5119d9c80d5f590598380b60eaa5f09baeb87503e55d42c7?environmentId=100

server2.bjdnxbgp3.ru
bogerando.ru

# Reference: https://twitter.com/pr0xylife/status/1438440151865298945

qrextechnologies.com

# Misc (incidents)

devomchart.com
getmyhouse.net
ginbig.com
moksaduqqovlof.net
observatorystarsoh.net
runningwayforsun.net
locatedforporternok.net
addressbooklocater.net
alarg53.ddns.net
kiliposturgy22.no-ip.biz
beatyourmeatwhileweeat.com
qibrasob.ru
zibravopl.ru
forgiveme.workisboring.com
75ulqnwb.ru
i7gd9ultgx.ru
v99ay4wuo.ru
gd14hp0u6x.ru
qsqjeuno53.ru

# Reference: https://www.virustotal.com/en/ip-address/93.189.40.244/information/

lightsmokesky.net
segateslondo.ru
devomchart.com
lemotgraph.com
wittersphere.net
monitmock.su
monitnear.ru
zapoio.com
napalmstories.su
jabberstorm.su
photohubchart.com
thoughtdog.net

# Reference: https://otx.alienvault.com/pulse/5689784767db8c057c6fc000/

wanmeishua.com

# Reference: https://www.threatcrowd.org/domain.php?domain=alsblueshelpt.nl

alsblueshelpt.nl

# Reference: https://www.virustotal.com/en/ip-address/46.166.165.114/information/
# Reference: https://cymon.io/46.166.165.114

46.166.165.114
committeedub.com
09h3rhh4zy.kuwxg7esmv.toxq93ljct.aze.link
cekmakasabasa.com
0oers58juxhcm7e.aze.link
yadakbloghesaplar.link
aze.link
fsafakfskane.net
cclamarablog.xyz
cutecatworldhappy.website

# Reference: https://www.virustotal.com/en/ip-address/181.174.164.3/information/
# Reference: https://cymon.io/181.174.164.3

adobeflashplayernew.com
adobeflashplayernew.org
adobeplayerdownload.com
adobeuploadplayer.com
adobeflashplaayer.com
flashplayeerupdate.com
adobeupdateplayer.com
adobeupdateplayeer.com
adobeupdateflash11.com
update-flash-player.org
adobeflashupdate.org
updateflashplayer11.com
alarkamaravaas.pw
lin.kim
cutecatworldhappy.website
abaza.ninja
shoppet.net
aze.link
q0a2wqepvhz8ame.aze.link
samaravablog.pw
weightloss-secrets-revealed.net
gomen.ninja

# Reference: https://www.snort.org/rule_docs/1-30285

palauone.com

# Reference: https://marc.info/?l=emerging-sigs&m=135207116130028

whatandwhyeh.com
manymanyd.com
traindiscover.com

# Reference: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17617

bktwenty.com
adbullion.com
sleeveblouse.com

# Reference: https://www.threatcrowd.org/malware.php?md5=86f8834b945bbb2968260d6fcf26b951

meherdelam.com
fordulak.com
germerand.com

# Reference: https://www.virustotal.com/en/ip-address/185.73.240.74/information/

meherdelam.com
royalbankofcanadahelp.com
dns8.ffv3.ru
dns9.ffv3.ru
royalbankservicescheck.com

# Reference: http://www.urlvoid.com/scan/recenthosts.ru/

recenthosts.ru

# Reference: https://www.siteadvisor.com/sites/intelcorpsg.com

intelcorpsg.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Inject-CHS/detailed-analysis.aspx

cyber7.bit

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-AVRS/detailed-analysis.aspx

fionades.com

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Mdrop-HUO/detailed-analysis.aspx

cgi.dubkill.com

# Reference: https://www.hybrid-analysis.com/sample/20c61a9e16451777aae431cce15960e9b690c7d70b27384d0f4b3305c4cf10db?environmentId=120

fina.online

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

blooping.ovh.net
salako.net

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

himynameisnoah.su
ichockealotkrug.com
idontlikeitwhenyoudoit.ru
iliketopunchnoah.com
justreggitifyouknowit.ru
karnevallizdageil.com
merhabaslm.su
wheniseeyourdedows.com

# Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html

joaosgk03.sytes.net
spectrun2008.no-ip.org

# Reference: https://twitter.com/ps66uk/status/1037866649435729921

widewiderangers.fun

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html (Win.Dropper.Generickdz-6671833-0 section)

http://122.14.210.142
http://198.46.86.224
http://43.230.143.219
americasculturalstudies.net
danhbaviet.com
kegodanang.com
sevbizleadservices.com
siyaghasourccing.com
vhecha.com
www970234.com

# Reference: https://twitter.com/pancak3lullz/status/1040343104564473865

beladoces.online

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Doc.Downloader.Powload-6681541-0)

amniyatgostariranian.ir

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Johnnie-6681665-0)

ducklife.ddns.net
homersides.duckdns.org
wandersongay.ddns.net

# Reference: https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html

2bunny.com

# Reference: https://citizenlab.ca/2012/06/spoofing-the-european-parliament/

vv338.com

# Reference: https://twitter.com/malwrhunterteam/status/1045622528541151232

laserjetpro.com

# Reference: https://twitter.com/malwrhunterteam/status/1044928108359495680

manapowermta.us

# Reference: https://twitter.com/jonaha92/status/1045344161690505217

11m.online

# Reference: https://twitter.com/blu3_team/status/1046054098884349953

images.laofamilymerce.com

# Reference: https://twitter.com/blu3_team/status/1037854618477383681

tub.gotomental.com
/bin/page/hpsrv.tmp

# Reference: https://twitter.com/blu3_team/status/1033356637543825408

nhatbao.chatpacific.com

# Reference: https://twitter.com/blu3_team/status/1030263686001246210

v2.buydiamond.hk

# Reference: https://twitter.com/blu3_team/status/993121509643378688

fb-dn.net/disrt/
ap12.ms-update-server.net

# Reference: https://twitter.com/blu3_team/status/981659638776115200

unnews.freetcp.com

# Reference: https://twitter.com/blu3_team/status/968588888867393536

news.voteandreahorwath.com
/polar-beer/election2018/info.html

# Reference: https://twitter.com/blu3_team/status/964324749106130944

zero-emissioncar.org

# Reference: https://twitter.com/blu3_team/status/958573054052978688

weather.gbaycruise.com

# Reference: https://twitter.com/blu3_team/status/956144807554043906

teredo-update.com

# Reference: https://twitter.com/blu3_team/status/951658055858622464

mktnplace.com

# Reference: https://twitter.com/blu3_team/status/950126294137819136

thestar.live

# Reference: https://twitter.com/blu3_team/status/950124083332689920

newmysticvision.com

# Reference: https://twitter.com/FewAtoms/status/1045358651307962369

lse-my.asia

# Reference: https://twitter.com/sidq_ahmad/status/1045998305312997376

firefox-addons.com

# Reference: https://twitter.com/James_inthe_box/status/1046844087469391872

kgpvkzwksvgvmpopesdtjuwjosbrameegopiyyyg.xyz

# Reference: https://twitter.com/JaromirHorejsi/status/1047084277920411648

docs.herobo.com/in/
docs.herobo.com/mr/

# Reference: https://twitter.com/FewAtoms/status/1047533778665660425

americanxdrive.gq

# Reference: https://twitter.com/FewAtoms/status/1047514168105082881

uchservers.ga

# Reference: https://twitter.com/virqdroid/status/1047419271662505985

bibonado.com

# Reference: https://pastebin.com/AasLyArF

monochromestr.site
motiondev.com.br
studio2321.com

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

alangudiagroindia.com

# Reference: https://twitter.com/dvk01uk/status/1047797297835397121

tokovio.com
/kfjvbdrlq

# Reference: https://twitter.com/ScumBots/status/1035348180903321601

23ace.site

# Reference: https://twitter.com/avman1995/status/1047354322974064640

yoacafpshlcz.de

# Reference: https://twitter.com/Dashowl/status/1047924040026001409

noipppl-online.com

# Reference: https://twitter.com/James_inthe_box/status/1047907038582304768

alsafeeradvt.com/m/

# Reference: https://twitter.com/nullcookies/status/1048030992320143360

h2hphotography.com

# Reference: https://twitter.com/pr3wtd/status/1044651674974015488

faktura24.ml
przelewy24.tk

# Reference: https://twitter.com/Techhelplistcom/status/1048640558309285888
# Reference: https://pastebin.com/raw/fLf15eVp

1drivemail.ml
aghightile.ml
atlasglb.tk
bengusi.ga
britwind.tk
capt.ga
cmfgen.cf
cpseeds.ml
dajjuooltd.ga
foodpro.cf
generationgrowth.ml
illumin8blinds.ml
inmailadmin.cf
inmailadmin.ga
inmailadmin.gq
inmailadmin.ml
inmailadmin.tk
onedrivemail.cf
onedrivemail.ga
onedrivemail.gq
onedrivemail.ml
onedrivemail.tk
onmailadmin.cf
onmailadmin.ga
onmailadmin.gq
onmailadmin.ml
onmailadmin.tk
italamp.tk
itc-co.cf
kooshkan.ml
kwangshin-co.tk
nsewyainc.ml
potoflogz.tk
premiumchemical.ga
pseaways.tk
pvtechuae.cf
rathot.ml
ritter.gq
rivonka.ga
royalgroup.ga
safetexgroup.tk
salturchltd.ga
sebbeninternational.ml
sense-eng.ml
sercer.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
utehaltd.tk
veritasoverseas.ga
vip163.cf
yuan-fa.tk

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html (Doc.Malware.Emooodldr-6699885-0)

q0fpkblizxfe1l.com

# Reference: https://twitter.com/ViriBack/status/950478648150282240

0m0.in

# Reference: https://twitter.com/FewAtoms/status/1048982479783309314

capt.ga
italamp.tk
nsewyainc.ml
sense-eng.ml
sercer.tk

# Reference: https://twitter.com/FewAtoms/status/1048978792931368960

britwind.tk
dajjuooltd.ga
illumin8blinds.ml
kooshkan.ml
potoflogz.tk
siti-bt.ml
torrecid.ml
ultramarinepigments.ml
veritasoverseas.ga
vip163.cf

# Reference: https://twitter.com/James_inthe_box/status/1049445992808890369

viswavsp.com/newworld/

# Reference: https://twitter.com/malware_traffic/status/1049407739619880961

23.249.161.109/extrum/

# Reference: https://twitter.com/JaromirHorejsi/status/1049601706630283264

readyteam.org

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

guarana.pw
marryjane.club
names34.top
safi.co.za

# Reference: https://twitter.com/nullcookies/status/1050907886392623104

dirajrakhbhae.com

# Reference: https://twitter.com/FewAtoms/status/1050457033810558976

akznqw.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050663483346280448

wemusthammer.com

# Reference: https://twitter.com/FewAtoms/status/1051099620020035585

msmapparelsourcing.com/directory/
msmapparelsourcing.com/wp-admin/users/

# Reference: https://twitter.com/nullcookies/status/1051321548634804226 

ghrelokamkaj.com

# Reference: https://twitter.com/JaromirHorejsi/status/1050665509941698560

globamachines.com

# Reference: https://twitter.com/FewAtoms/status/1050802529498525697

plus1interactive.com/bots/

# Reference: https://twitter.com/olihough86/status/1050722705740304384

wheelnet.ca

# Reference: https://twitter.com/ximo2006/status/1050331166597758976

93.174.93.149:21

# Reference: https://www.cyren.com/blog/articles/new-scarab-ransomware-using-necurs-as-a-service

hard-grooves.com
hellonwheelsthemovie.com
miamirecyclecenters.com

# Reference: https://twitter.com/nullcookies/status/1051244629704740865

daduhinnawmaz.com

# Reference: https://www.malware-traffic-analysis.net/2018/10/12/index.html

datingittlive.info

# Reference: https://twitter.com/nullcookies/status/1030243288677277696

mayorel.website

# Reference: https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/

osdsoft.com

# Reference: https://twitter.com/pr3wtd/status/1051874732008767488

faktura24.cf
przelewy24.ml

# Reference: https://twitter.com/MaelSecurity/status/1051900926078922753

adobe-reader.site

# Reference: https://twitter.com/avman1995/status/1052023584187719680

elektroklinika.pl/wp-content/languages/plugins/includes/

# Reference: https://twitter.com/ulexec/status/1051959861964169217

alprazolam.rip

# Reference: https://twitter.com/nullcookies/status/1052339217056129026

grafmx.com

# Reference: https://twitter.com/olihough86/status/1052607058883870720

yootbe.org

# Reference: https://twitter.com/KorbenD_Intel/status/1052652297279459329

holisticxox.com

# Reference: https://twitter.com/james_inthe_box/status/1022866075493355520

cuezo.tk

# Reference: https://twitter.com/avman1995/status/1052879462449274880

ondasolution.ga

# Reference: https://twitter.com/Techhelplistcom/status/1053054566957285382
# Reference: https://pastebin.com/raw/v7XN8dZS

alfredbusinessltd.flu.cc
citytrading.usa.cc

# Reference: https://twitter.com/FewAtoms/status/1053365757197860864

hnmseminar.aamraresources.com/dotcom/

# Reference: https://twitter.com/JaromirHorejsi/status/990936083537039360

loggerz.xyz

# Reference: https://twitter.com/ViriBack/status/971430374919122944

acctspayable.com

# Reference: https://twitter.com/executemalware/status/999034066258284545

theipgenerators.com

# Reference: https://twitter.com/malware_traffic/status/1053494383708844032
# Reference: https://www.malware-traffic-analysis.net/2018/10/19/index.html

2019bracket.com
2069brackets.com
activenavy.com
adomesticworld.com
allpurplehandling.com
anilmoni.com
answermanagementgroup.com
antinomics.com
bluestarpaymentsolutions.com
boobfanclub.com
borderlands3.com
brickell100.com
bubsware.com
cactopelli.com
careercoachingbusiness.com
cclawsuit.com
crosspeenpress.com
crystalhotel.com
dehionsgbes.com
dmknott.com
docswitch.com
expertsjourney.com
farminginthefloodplain.com
geziyurdu.com
gloria-glowfish.com
gnosmij.com
gokceozagar.com
greatwp.com
ieltsonlinetest.com
indiangirlsnude.com
indicasativas.com
inmotionframework.com
internationalboardingandpetservicesassociation.com
intimateimagery.com
iptechnologysolutions.com
iscanhome.com

# Reference: https://twitter.com/ps66uk/status/1053632722667794433

dWUJncxxb.sh-master02.com
qixjd277g3621166.impressoxpz97367.com

# Reference: https://twitter.com/DissectMalware/status/1042276512886599680

exxxwrtw1111111.kloudghtlp.com

# Reference: https://twitter.com/ni_fi_70/status/1053207719291879424

84.38.130.139/pk/office/

# Reference: https://twitter.com/xxdesmus/status/1053440011289280512

123.249.71.250:666
89.34.237.210/ikahedbts/

# Reference: https://twitter.com/nullcookies/status/1054185582467993600

daxiu678.com
lianyebo1.com

# Reference: https://twitter.com/FewAtoms/status/1054419759511547904

guideofgeorgia.org/doc/

# Reference: https://twitter.com/FewAtoms/status/1054762247405424642

nabato.org

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

davidharvill.org
hotkine.com
informanetwork.com
invasivespecies.us
lookper.eu
maleass.eu
schwerdt.org

# Reference: https://twitter.com/KorbenD_Intel/status/1054857588695683072

6cameronr.ga

# Reference: https://twitter.com/FewAtoms/status/1055149939456688133

linetrepanier.com/wp-data/

# Reference: https://twitter.com/avman1995/status/1055360237484552192

ponti-int.com/a/

# Reference: https://twitter.com/yvesago/status/1055362284569145344

84.38.130.139/pk/office/

# Reference: https://twitter.com/FewAtoms/status/1055477161577115648

192.3.162.102/out/

# Reference: https://report.any.run/59855140193f0b0c10a15b7eb7c70bbb2ff94fa49e93d64d14c74cb1fcc589ff/50fa8a2f-1052-476a-8b1f-1d305d867ffb#network
# Reference: https://report.any.run/28b1efe63d1e97d42bc8809ef106c6496344860e6bec90e040a2aae8853deb9d/9e7eab49-a552-4bf2-9cab-8714f757e3c6

officesales2.com

# Reference: https://blog.en.elevenpaths.com/2019/01/chrome-extension-card-cybersecurity.html

fbsgang.info

# Reference: https://ti.360.net/blog/articles/upgrades-in-winrar-exploit-with-social-engineering-and-encryption/

manage-shope.com
local-update.com
conloap.linkin.tw

# Reference: https://twitter.com/blu3_team/status/1053669632438099970
# Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802

pus.inter.cloudns.cc

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

bite-me.wz.cz
jma-go.jp
mountainhigh.at
racemodel.at
thunderbolt-price.com
sungmap.at

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/

chadikaysora.com
lt99.ddns.net
http://35.227.52.26

# Reference: https://twitter.com/ScumBots/status/1094811119154356224

gxbjugb.xyz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Win.Malware.Autoit-6877140-0)
# Reference: https://www.virustotal.com/#/file/028914f9d3455b44d9186d218874047530a367cb1d20cbc7d9b047a42faf1774/detection

kuangdl.com

# Reference: https://www.virustotal.com/#/url/0d8185a9bf6eb842a7e07758882d86a33f090d7572efd61d1b296382c2af4a7a/detection

j0mla.sytes.net

# Reference: https://news.drweb.com/show/?i=12955&c=23&lng=en&p=0
# Reference: https://github.com/DoctorWebLtd/malware-iocs/tree/master/Trojan.Click3.27430
# Reference: https://app.any.run/tasks/0a0be637-4950-4727-bfaa-8eaa05563262

barmash.ru
dnsip.ru
dns-free.com

# Reference: https://twitter.com/ScumBots/status/1105495431864303616

flowerstick.net

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html

mokoaehaeihgiaheih.ru

# Reference: https://twitter.com/James_inthe_box/status/1106551689132138497

llkty.gq

# Reference: https://twitter.com/James_inthe_box/status/1105124840501989378

dsmbil.ml

# Reference: https://www.virustotal.com/#/domain/cloudnetwork.kz
# Reference: https://twitter.com/James_inthe_box/status/1101548458090016768

cloudnetwork.kz

# Reference: https://twitter.com/bad_packets/status/1104313051166068737

methaddict.xyz

# Reference: https://twitter.com/VK_Intel/status/1044631042454249473

mintsbox.website

# Reference: https://twitter.com/JAMESWT_MHT/status/1107662516824535041

xqzuua1594.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1107932063209017344

/gr.mpwq

# Reference: https://twitter.com/James_inthe_box/status/1107977083123204102

brokenway.cf

# Reference: https://twitter.com/James_inthe_box/status/1108085222317289473

goldchainsblue.com
validcc.ch

# Reference: https://twitter.com/ActorExpose/status/1108113213164523521

vocational-age.000webhostapp.com

# Reference: https://twitter.com/dvk01uk/status/1108204451309981697

alta-brasiil.com

# Reference: https://twitter.com/dvk01uk/status/1106429454736388096

fast4elev.gq

# Reference: https://twitter.com/dvk01uk/status/1105718483118108672

remenelectricals.com

# Reference: https://twitter.com/dvk01uk/status/1105736132908720128

morningfresh.ga

# Reference: https://twitter.com/dvk01uk/status/1105819049831862278

chemisoli.com

# Reference: https://twitter.com/dvk01uk/status/1105437702999166976

goodlord.cf

# Reference: https://twitter.com/dvk01uk/status/1103507380892061696

evaglobal.eu

# Reference: https://twitter.com/dvk01uk/status/1103259569013305344

mamaknowyourname.gq

# Reference: https://twitter.com/dvk01uk/status/1103257149508075520

modexcommunications.eu

# Reference: https://twitter.com/dvk01uk/status/1102820682713522176

ruga.africa

# Reference: https://twitter.com/dvk01uk/status/1099697529409671168

maheshshukla.com

# Reference: https://twitter.com/dvk01uk/status/1098244837374070786

findouttheway.gq

# Reference: https://twitter.com/dvk01uk/status/1097767868874264576

etruht.ml

# Reference: https://twitter.com/dvk01uk/status/1093734309947719680

etruht.ga

# Reference: https://twitter.com/dvk01uk/status/1097357708246896640

tanerm.ug

# Reference: https://twitter.com/dvk01uk/status/1096445096306921472

xvirginieyylj.city

# Reference: https://twitter.com/dvk01uk/status/1095633303758127104

joshdghd.cf

# Reference: https://twitter.com/dvk01uk/status/1094924981971107840

geepaulcast.com

# Reference: https://twitter.com/dvk01uk/status/1092780337434947584

lightmusic.cocomet-china.com

# Reference: https://twitter.com/dvk01uk/status/1092685964743503872

imtooltest.com

# Reference: https://twitter.com/dvk01uk/status/1088793739223539713

sulphurrnills.com

# Reference: https://twitter.com/dvk01uk/status/1088391308849434629

pornhouse.mobi

# Reference: https://app.any.run/tasks/fe58bf2c-065f-4505-a644-6baeeb7ee4cf

bhrserviceaps.dk

# Reference: https://twitter.com/fletchsec/status/1108144401530978304

86818.prohoster.biz

# Reference: https://twitter.com/killamjr/status/1108455343816916992

quiltyfabricsorders.xyz

# Reference: https://twitter.com/nao_sec/status/1108388558539087873

dogfunnyviedeos.xyz

# Reference: https://twitter.com/JayTHL/status/1108402913938935808

mansoura.co
root-mrx.tk

# Reference: https://twitter.com/Racco42/status/1107351502878842880

angel-aristizabal.com.co

# Reference: https://twitter.com/Racco42/status/1106547527334154240

thinknik.ca

# Reference: https://twitter.com/Racco42/status/1106225615705948167

ministere-elshaddai.org

# Reference: https://twitter.com/Racco42/status/1106201029127880704

tiemokodoumbia.com

# Reference: https://twitter.com/Racco42/status/1105504898525917184

mincare.vn
sharegroup.info

# Reference: https://twitter.com/Racco42/status/1102896181011795969

wearewhatwesay.com

# Reference: https://twitter.com/Racco42/status/1102869794502705152

fm.radio.googlemenow.org

# Reference: https://twitter.com/Racco42/status/1102590512228388866

handbuiltapps.com
luxdecor.co.il

# Reference: https://twitter.com/Racco42/status/1101142170663354370

loh-tech.com

# Reference: https://twitter.com/Racco42/status/1100855213668421632

oppws.cn
skity.hk

# Reference: https://twitter.com/Racco42/status/1100733716995944448

aviatorssm.bit

# Reference: https://twitter.com/Racco42/status/1098979285443006465

burcutekstil.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1108668614742368261

mkatarina7094maybelle.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1108683102187110400
# Reference: https://app.any.run/tasks/7d5fcd3a-9d57-45f4-8616-f867ee76f765

nuovilod.icu
wwikrrtt.info

# Reference: https://twitter.com/malwrhunterteam/status/1108689191326625794

bigassbabyart.com

# Reference: https://twitter.com/anyrun_app/status/1108695731530055680
# Reference: https://app.any.run/tasks/f9c9b7ed-ac6b-454f-86c6-8bbc7c3b8d1f

n48lxj5097.email
wyideegb.city

# Reference: https://twitter.com/JAMESWT_MHT/status/1103983033307271168

brandin.nu
servicemanager.icu

# Reference: https://twitter.com/luc4m/status/1103952276132192256

splitbiin.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1100698122563567616

mi88karine.company

# Reference: https://twitter.com/avman1995/status/1094181713121558529

fpetraardella.band

# Reference: https://twitter.com/benkow_/status/1088009157733683200

uni-full.com

# Reference: https://twitter.com/James_inthe_box/status/1076673889701224448

tollzwork.ru

# Reference: https://twitter.com/CryptoInsane/status/1074048007912464389

ooxxzzvv.com

# Reference: https://twitter.com/Racco42/status/1067027684906151936

pdf-compare.site
pdf-compare.space

# Reference: https://twitter.com/benkow_/status/1057977911607783425

osxmacservice.com

# Reference: https://twitter.com/Racco42/status/1040144285453180928

emailerservo.science

# Reference: https://twitter.com/James_inthe_box/status/1108727176038236166

fnutdue.ru

# Reference: https://twitter.com/dvk01uk/status/1108706531636326400

lovliygtyu.ml

# Reference: https://twitter.com/dvk01uk/status/1108745052686307328

hytexxi.xyz

# Reference: https://twitter.com/pollo290987/status/1108755025604591622

tarhona-libya.com

# Reference: https://twitter.com/Jan0fficial/status/988318117532176384

mlhxyz.ml

# Reference: https://twitter.com/fumik0_/status/973504037999075329

win-dows.net

# Reference: https://twitter.com/dvk01uk/status/1109045863664533504

zentacher3.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1109085932949590018

u1a2zlzeuya.company

# Reference: https://app.any.run/tasks/7dff8b86-1cff-4d38-9264-aa5a217eca0e

interruption.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1109089319871004673

r414525xw.band

# Reference: https://app.any.run/tasks/b853927b-ff78-4744-81db-789e8592bda2

realdealhouse.eu

# Reference: https://twitter.com/casual_malware/status/1107101098714656768

elec-tb.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1106579701290672129

abhicoupon.com

# Reference: https://twitter.com/JaromirHorejsi/status/1105806463468036096

awdmiami.com

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

freedomate.ga

# Reference: https://twitter.com/ViriBack/status/1093994913249853440

cocomet-china.com
naceco.com
qai-abb.com

# Reference: https://twitter.com/nullcookies/status/1029173962595598336

appgosecurity.com

# Reference: https://twitter.com/FewAtoms/status/1109119034082103298

shannai.us

# Reference: https://twitter.com/James_inthe_box/status/1109120289604931584

zjnewdan.us

# Reference: https://twitter.com/ClearskySec/status/1001833343581900800

stcinet.com
stcnet.ddns.net

# Reference: https://twitter.com/guelfoweb/status/1109103783571795970

mit-gov-it.icu

# Reference: https://twitter.com/Racco42/status/1109591919561187330

alph.staroundi.com

# Reference: https://twitter.com/FewAtoms/status/1109773299985379329

ruih.co.uk

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

oteam.io

# Reference: https://twitter.com/James_inthe_box/status/1079727395161104384

amsi.co.za

# Reference: https://twitter.com/James_inthe_box/status/1109832439700971520
# Reference: https://app.any.run/tasks/f435d89d-30a5-465b-8a8d-b7a042665e0e

a-7763.com
davidich.life
domekan.ru
doshimotai.ru
kifge43.ru
/MatherFuckerAv.dll

# Reference: https://twitter.com/James_inthe_box/status/1108789993923723264

gmltdprocrop.com

# Reference: https://twitter.com/4chr4f2/status/1103316628245164032

mulenrooj.adygeya.su

# Reference: https://twitter.com/avman1995/status/1090972632261029891

monstercartune.club

# Reference: https://twitter.com/dms1899/status/1070382435148447745

ph0en1x.tk

# Reference: https://twitter.com/avman1995/status/1035723902612324352

botsphere.biz

# Reference: https://twitter.com/Racco42/status/1110098645263810561

bzios.info

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-10-22: Ukrainian telcos fake domains on servers with Metasploit and Cobalt Strike)

24tv.agency
2mdns.org
a-msedge.org
ads1-msn.com
ads1-msn.net
akadns-ms.net
api-p001-1drv.com
apostrophe-news.biz
appex-bing.net
appex-bing.org
bigmir.email
blob-weather.com
cdn-onenote.net
censornews.org
client-googledns.com
cnn-metanews.biz
compatexchange-cloudapp.com
corpext-datamart.net
delometaua.biz
diagnostics-support-microsoft.net
diagnostics-support.com
dns-msftncsi.com
eizvestia-news.org
espreso.today
feedback-google.net
feedback-google.org
feedback-windows.com
feedback-windows.org
foxnewsmeta.biz
fwdcdn.org
gateway-telemetry.net
gateway-telemetry.org
gazetaua-news.org
gismeteo.city
img-s-msn-com-akamaized.net
interfax-globalnews.com
ipv4-microsoft.net
ipv4-microsoft.org
ipv6-google.net
ipv6-google.org
ipv6-microsoft.org
kyivstar-ip.com
ls2web-redmond-corp.com
microsoft-com-nsatc.org
microsoft-metaservices.com
microsoft-nsatc.org
ms-akadns.org
news-liga.net
newska-uanews.biz
nod-update.org
ns0-ukrpack.net
ns0-volia.net
ns1-datagroup.com
ns1-datagroup.org
ns1-volia.net
ns2-datagroup.com
ns2-datagroup.org
ns2-ukrtel.com
ns3-datagroup.org
ns4-datagroup.org
obozrevatel-news.com
officeclient-microsoft.com
paypal-com1.com
paypal-com2.com
pppoe-infocom.com
pppoe-kyivstar.com
pppoe-ukrtel.com
preview-msn.org
redir-metaservices.com
redir-metaservices.org
reports-telemetry-microsoft.com
rian-ua.org
sandbox-cloudapp.com
sandbox-cloudapp.org
search-msn.net
search-msn.org
secure-telemetry.net
secure-telemetry.org
securenod32.com
segodnya-news.org
services-glbdns2.com
services-glbdns2.org
services-google.org
serving-sys-windows.net
serving-windows.net
social-msn.net
social-msn.org
ssw-live.org
statototalitario.com
support-cloudapp.net
support-microsoft.biz
telecommand-microsoft.net
telecommand-microsoft.org
telegraf-news.biz
telemetry-akadns.org
uatimes-meta.biz
ubr-news.org
ui-skype.net
ukrfreshnews.com
unian-search.com
urs-microsoft.net
watson-microsoft.org
win-msecnd.com
win-msecnd.org
win10-telemetry.net

# Reference: https://twitter.com/James_inthe_box/status/1056920457218125826

mypanell.online

# Reference: https://twitter.com/Racco42/status/1029986121286074369

atcproje.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1110147918995091457
# Reference: https://app.any.run/tasks/8e80d6b5-507a-40ab-98bd-2dfd73d313ab

klub046.co

# Reference: https://twitter.com/Racco42/status/1110160140962066432

zaczvk.pl

# Reference: https://twitter.com/Racco42/status/1110170198005436417
# Reference: https://app.any.run/tasks/30775d98-c3a7-4de0-b4e1-5ae6db7fece9

space.bajamelide.ch

# Reference: https://twitter.com/malware_traffic/status/1110176575922864128

zabenkot.top

# Reference: https://twitter.com/angel11VR/status/1109075153114279936
# Reference: https://app.any.run/tasks/37b99bb8-a81b-4298-bc78-b19ecc0adb0f

185.25.50.168:4444

# Reference: https://twitter.com/James_inthe_box/status/1104730265442631680

89.105.202.62:1080

# Reference: https://twitter.com/James_inthe_box/status/1110196027338817538

erimbil.ml

# Reference: https://twitter.com/ScumBots/status/1110265736029712384

safetimes.biz

# Reference: https://twitter.com/ScumBots/status/1110265564428226565

wite.biz

# Reference: https://twitter.com/ScumBots/status/1110265483264167939

s3rpfish.biz

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html (Win.Malware.Autoit-6897734-0)

charlesprofile.website

# Reference: https://twitter.com/Racco42/status/1110450502087725057

kozol.info

# Reference: https://twitter.com/JAMESWT_MHT/status/1110470611137114112

fubuy60w.email

# Reference: https://twitter.com/JAMESWT_MHT/status/1110533916279128071

24forejungl.site

# Reference: https://twitter.com/James_inthe_box/status/1110563590950445056

lattempted.pw

# Reference: https://twitter.com/James_inthe_box/status/1110560151977623552

conamylups.com

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/avman1995/status/951077991966064640

itgpll.com

# Reference: https://twitter.com/ViriBack/status/950469147976257536

m3ss4g3rtesla.com

# Reference: https://twitter.com/ViriBack/status/950354442917990400

dominica2.com

# Reference: https://twitter.com/cocaman/status/909339498445705216

iemnnyanmar.com

# Reference: https://twitter.com/58_158_177_102/status/1110814561500708864

onbraker.com
podertan.com

# Reference: https://twitter.com/Racco42/status/1110844776075706368

zolik.info

# Reference: https://twitter.com/ClearskySec/status/1110941180106366976

/D2_de2o@sp0/

# Reference: https://twitter.com/ClearskySec/status/1062026777604820994

disw.top
jobk.info
ktis.club
kotb.top
lupx.info

# Reference: https://twitter.com/Racco42/status/1111189949712420864

armasglass.com

# Reference: https://twitter.com/dvk01uk/status/1111218416227102720

babamaturu.cf

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1111223066137448449

bambamdumer.ml
kodjdsjsdjf.tk
lookatmenaaaa.tk

# Reference: https://twitter.com/ps66uk/status/1111309717664604162

poperjffd.gq
zentacher.cf

# Reference: https://otx.alienvault.com/pulse/5c9d13987ec3ed127b3175a5

crypt24.in
clean.crypt24.in
zani.streghettaincucina.com
midgnighcrypt.com
yinhbygrm.com
4uland.com
favoritfile.in
img.martatovaglieri.com

# Reference: https://twitter.com/James_inthe_box/status/1111371723092299776

edjsqvg.ua

# Reference: https://twitter.com/FewAtoms/status/1110578385011519489

accpais.com

# Reference: https://twitter.com/JayTHL/status/1111497469937045504

brynn.ink

# Reference: https://twitter.com/DissectMalware/status/1111511953061621760

onbraker.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623245965545473

justpony.xyz
warezpony.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1111623824695611392

myloki.icu

# Reference: https://twitter.com/ViriBack/status/1111646690233192449

pamthasion.pw

# Reference: https://twitter.com/Racco42/status/1111651759276072961

zerio.info

# Reference: https://twitter.com/James_inthe_box/status/1111666754604789760

recordsforsmssent.xyz

# Reference: https://twitter.com/ViriBack/status/1067995331810549760

oceanicproducts.eu
jesseworld.eu
modexdeals.xyz
modecloudserver.eu

# Reference: https://twitter.com/ekamioka/status/1111658931624001540

nanowopsite.club

# Reference: https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc (2018-01-16: New Order PO)

/buchi/i/fred.php

# Reference: https://twitter.com/ViriBack/status/971430374919122944

carolp1.xyz

# Reference: https://twitter.com/malware_traffic/status/1111049259305046016

ultimateyahoo.top

# Reference: https://twitter.com/jfslowik/status/1112010565742788609

download-updates-comp.com
get-updates-ms.com

# Reference: https://twitter.com/benkow_/status/1112046921303113729

gcleaner.info

# Reference: https://twitter.com/ps66uk/status/1112172657729044480

00399a4.netsolhost.com

# Reference: https://twitter.com/Racco42/status/1112623595459612673

zesis.info

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

not-my-guilty.com
onlinedattingforlife.info
russkistandart.info

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

datingforllives.info

# Reference: https://twitter.com/malwrhunterteam/status/1112969094322683904

danhuaile.net

# Reference: https://twitter.com/packet_Wire/status/1112802915650027520

ordernow.cf

# Reference: https://twitter.com/James_inthe_box/status/1113102849313988611

sorna.at
rivier.at

# Reference: https://twitter.com/KorbenD_Intel/status/1113151983030943744

vilamax.home.pl
# Reference: https://twitter.com/James_inthe_box/status/1113114356714168321

bluewales.ml
worldatdoor.in

# Reference: https://twitter.com/albertzsigovits/status/1113096573284728839

powellpablooo.myjino.ru
fnsss77.ru
darbl.icu

# Reference: https://twitter.com/illegalFawn/status/1113336529433374721

4fallingstar.info
esurf.info
childrensliving.com

# Reference: https://twitter.com/malware_traffic/status/1113586907655680001

tytalrecoverysolutions.com
zakromanoff.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1113747351405985792

bobbobb1z.com

# Reference: https://twitter.com/dvk01uk/status/1094130931596701696

liqurestore.cf

# Reference: https://twitter.com/benkow_/status/1090564148184924160

dfgdfgghjghfshfgh.ru

# Reference: https://twitter.com/JayTHL/status/1036810959644438528

dvpont.com
itwsaelants.com
kmnnl.com
tekinkgroup.com

# Reference: https://twitter.com/James_inthe_box/status/1113888371204472832

smart.cloudnetwork.kz
nicru.supermicrotransapi.ru
mel.cloudcontentsmak.com
js.securetopdevelopment.kz
secure.jsc0nten1maker.com
secure.jscontentmaker.kz
tel.jsapisettings.kz

# Reference: https://twitter.com/malware_traffic/status/1113975722773831680

med.ufro.cl
top.sineadholly.com

# Reference: https://twitter.com/K_N1kolenko/status/1113818032248430593

waorveled.com
hegutceper.ru
dintroprula.ru

# Reference: https://twitter.com/takerk734/status/1113851637292920832

artdefensive.com

# Reference: https://twitter.com/takerk734/status/1113852021579206658

ceaningthe.com
hosttrade.ru
letsdoitquick.site

# Reference: https://twitter.com/Racco42/status/1114080917402861568

pasios.info

# Reference: https://www.bromium.com/mapping-malware-distribution-network/
# Reference: https://otx.alienvault.com/pulse/5ca7142dd898276082584a58

l-jaxx.com
monkeyinferno.net

# Reference: https://twitter.com/smica83/status/1114099330628096000

echuhnova.digital

# Reference: https://twitter.com/smica83/status/1114101564648689664

daidaowu.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1114103736731951104

vip-163.cc

# Reference: https://twitter.com/Bank_Security/status/1114122727080771585

g53lois51bruce.company

# Reference: https://twitter.com/James_inthe_box/status/1114150925218639872

11totalzaelooop11.club

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Autoit-6919193-0)

jfnutts.com
jamesxx.dynu.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html (Win.Malware.Vobfus-6919817-0)

backdates[0-9]{1,2}\.(com|net)

# Reference: https://imgur.com/a/8mFGk
# Reference: https://otx.alienvault.com/pulse/5a49115f93199b171b90a212

conectionapis.com

# Reference: https://twitter.com/JayTHL/status/1115077956781715456
# Reference: https://pastebin.com/raw/HggkKKVu

awazpeople25.com.pl
awazpeople25.net.pl
awazpeople25.pl
awazpeople25.waw.pl
e-helpingcenterxg.pl
egalleryimagesas.pl
ehelpingcentervh.pl
estoremkg.pl
everificationaccountls.pl
galleryimagesas.com.pl
galleryimagesas.net.pl
galleryimagesas.pl
galleryimagesas.waw.pl
helpingcentervh.com.pl
helpingcentervh.net.pl
helpingcentervh.pl
helpingcentervh.waw.pl
helpingcenterxg.com.pl
helpingcenterxg.net.pl
helpingcenterxg.pl
helpingcenterxg.waw.pl
hypemediahdy.com.pl
hypemediahdy.net.pl
hypemediahdy.pl
hypemediahdy.waw.pl
i-awazpeople25.pl
i-mzenjdfu.pl
ihypemediahdy.pl
make-upvalleyusastoread.pl
mzenjdfu.com.pl
mzenjdfu.pl
mzenjdfu.waw.pl
storemkg.com.pl
storemkg.net.pl
storemkg.pl
storemkg.waw.pl
verificationaccountls.com.pl
verificationaccountls.net.pl
verificationaccountls.pl
verificationaccountls.waw.pl

# Reference: https://twitter.com/smica83/status/1115174343288545280

etechnocrat.us

# Reference: https://twitter.com/Racco42/status/1115216282670989313

hallos.info

# Reference: https://twitter.com/MisterCh0c/status/1115001122673102848

yolodice.icu

# Reference: https://twitter.com/James_inthe_box/status/1115258819473317888

vapeegy.com

# Reference: https://twitter.com/Racco42/status/1115259915877146625

e-mailupgrade.com

# Reference: https://twitter.com/malwrhunterteam/status/1115289020421025792

bestpage1.com

# Reference: https://twitter.com/BroadAnalysis/status/731653488443305985

khamsanphukhoa.com.vn

# Reference: https://twitter.com/angel11VR/status/1115343202167533568
# Reference: https://pastebin.com/0bX17LaY

gingerandcoblog.com

# Reference: https://twitter.com/illegalFawn/status/1115537607256150016

logger-keyz.tk

# Reference: https://twitter.com/Artilllerie/status/1115556048243437568

subby.xyz

# Reference: https://twitter.com/James_inthe_box/status/1115591879586795521

hot-mail.online

# Reference: https://twitter.com/slayersecurity/status/1115599512758697984

bobbobb1z.com

# Reference: https://twitter.com/pollo290987/status/1115613838689341440

nicholaspring.xyz

# Reference: https://twitter.com/slayersecurity/status/1115902366686031878

klis.icu
notz.icu
qgb.us
shortener.icu
shortit.icu
zvb.us

# Reference: https://twitter.com/JAMESWT_MHT/status/1115926996582830081

nemelyu871.info
s1591e46.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1115928599792640000

instant-payments.ru

# Reference: https://twitter.com/makflwana/status/1115953092090941440

vman23.com

# Reference: https://twitter.com/x42x5a/status/1115980225127571456

freelim.cf

# Reference: https://app.any.run/tasks/34e6fb84-9c9f-4839-8c08-a2db34280b72

younglybae.tk

# Reference: https://twitter.com/KorbenD_Intel/status/1115987185206013953

b02aee36.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1116302275335475201

a.uchi.moe

# Reference: https://twitter.com/tkanalyst/status/1116370690444124160

adpop.xyz

# Reference: https://twitter.com/58_158_177_102/status/1116608652985585670

aupa.xyz
azedizayn.com
aussiescanners.com
fumicolcali.com
sundarbonit.com

# Reference: https://twitter.com/Racco42/status/1116787155710500866

yassra.com

# Reference: https://twitter.com/LukasStefanko/status/1116700836032331778
# Reference: https://www.virustotal.com/gui/domain/appboxlive.host/relations

appboxlive.host

# Reference: https://twitter.com/JAMESWT_MHT/status/1095672902232477697

cytotan.xyz
fatando.pw
srv18427.microhost.com.pl

# Reference: https://twitter.com/devnullek/status/1073159905480183808

favbaby.com

# Reference: https://twitter.com/malware_traffic/status/767852827200761856

ahgsuy3829.top
best-remit.com
hybypi.xyz
nerdcommunity.top
reballancefreestyle.win

# Reference: https://twitter.com/BroadAnalysis/status/815211105664565248

chebersto.com
chelkibot.com
jejefolso.com
kalambint.com
karachark.com
kerukiron.com
kurtillon.com
markrelso.com
nintedrer.com
reregaton.com

# Reference: https://twitter.com/BroadAnalysis/status/788400179091214336

arabicdessert.co
prmhohzsl.top

# Reference: https://twitter.com/BroadAnalysis/status/782996903025844224

badbigbearr.com
bearbigger.top
beargrizzler.win
dxzvkr.top

# Reference: https://twitter.com/malware_traffic/status/766412267063607296

lowashemterle.top
yfyke.xyz

# Reference: https://twitter.com/x42x5a/status/1117697750886428672

ahsantiago.pt

# Reference: https://twitter.com/dvk01uk/status/1117752424331190273

licenses-renewal.com

# Reference: https://twitter.com/killamjr/status/1117776513288503296
# Reference: https://www.virustotal.com/gui/domain/netlux.in/relations
# Reference: https://www.virustotal.com/gui/domain/vitalmania.eu/relations

netlux.in
vitalmania.eu

# Reference: https://twitter.com/FewAtoms/status/952884418733072384

gg.usdipc.com

# Reference: https://twitter.com/DynamicAnalysis/status/1117833770332303365

ridihaagroup.com

# Reference: https://twitter.com/FewAtoms/status/1117824449670209536

annaviyar.com

# Reference: https://twitter.com/malware_traffic/status/1117811800395767808

shahkara.com.tr

# Reference: https://twitter.com/HONKONE_K/status/1118035160362913792

new2019.mine.nu

# Reference: https://twitter.com/JAMESWT_MHT/status/1118102912549433345

fineiksus.com

# Reference: https://cofense.com/latest-software-functionality-abuse-url-internet-shortcut-files-abused-deliver-malware/

buyviagraoverthecounterusabb.net

# Reference: https://twitter.com/James_inthe_box/status/1118146373361078272

tshukwasolar.com

# Reference: https://twitter.com/Racco42/status/1118476901876674561

vreau-relatie.eu

# Reference: https://twitter.com/FewAtoms/status/1118588045312368641

http://188.209.52.180

# Reference: https://twitter.com/FewAtoms/status/1118893063219372034

krosnovunderground.se

# Reference: https://twitter.com/ViriBack/status/1119019674006687744

deuor.info/index.php

# Reference: https://twitter.com/ActorExpose/status/1118914631609794561

kulsofttech.net

# Reference: https://blog.talosintelligence.com/2019/04/threat-source-april-18-new-attacks.html

plenoils.com
sharedrive.top
alkzonobel.com
web2prox.com
webxpo.us
office.webxpo.us
sunny-displays.com
modernizingforeignassistance.net

# Reference: https://twitter.com/malware_traffic/status/1119021844416405504

sunmeter.eu

# Reference: https://twitter.com/ViriBack/status/1119592527106072576

http://185.79.156.15

# Reference: https://twitter.com/James_inthe_box/status/1119758368858468352

gbchb.com

# Reference: https://twitter.com/pancak3lullz/status/1117825748583243776

esko7.cf

# Reference: https://twitter.com/pancak3lullz/status/1092804207252525065

benelll.com

# Reference: https://twitter.com/pancak3lullz/status/1085189158866378754

liftocean.us

# Reference: https://twitter.com/The_d0c_T0R/status/1120184484312354816

bbkac.com

# Reference: https://twitter.com/James_inthe_box/status/1120693994428567552

get.extra-files.com

# Reference: https://twitter.com/malwrhunterteam/status/1120969169233690624

187.ip-54-36-162.eu

# Reference: https://twitter.com/devnullek/status/1120708504619290624

news-medias.ru

# Reference: https://reaqta.com/2019/04/ave_maria-malware-part1/

icbegypt.com

# Reference: https://twitter.com/makflwana/status/1121063810289238018

newfield-us.info

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

alspi.cf

# Reference: https://twitter.com/smii_mondher/status/962702751762468866

centropesquisabit.com.br

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

baldorclip.icu

# Reference: https://twitter.com/malwrhunterteam/status/1121095736299597824

geraldgore.com/news/

# Reference: https://twitter.com/malware_traffic/status/1121097028426194944

iblservicosonline.com

# Reference: https://twitter.com/MisterCh0c/status/1121125682032119808

noda-8879.cf

# Reference: https://twitter.com/malware_traffic/status/1061039473448734722

po0o0o0o.com

# Reference: https://twitter.com/coldshell/status/936173677854580736
# Reference: https://pastebin.com/9JfkQ1FX 

accessyouraudience.com
alucmuhendislik.com
awholeblueworld.com
bit-chasers.com
datenhaus.info
hexacam.com
mh-service.ru

# Reference: https://twitter.com/coldshell/status/936588497216995328
# Reference: https://pastebin.com/LRTA7NSn

basedow-bilder.de
centralbaptistchurchnj.org
highlandfamily.org
motifahsap.com
pdj.co.id
pragmaticinquiry.org
schwellenwertdaten.de
shamanic-extracts.biz
team-bobcat.org
troyriser.com

# Reference: https://twitter.com/coldshell/status/894908561855307776
# Reference: https://pastebin.com/dZXyvmvL

adelaidemotorshow.com.au
apositive.be
autoecoleathena.com
autoecoleboisdesroches.com
autoecoledufrene.com
beansviolins.com
cipemiliaromagna.cateterismo.it
firstonetelecom.com
fly2.com.tw
harristeavn.com
heathrowestudios.com
hydronetinfo.com
melting-potes.com
microsom.com
modemagazine.net
new.intranet.wem.fr
patrickreeves.com
potamitis.gr
rosascomendador.com
scoot-mail.net
sixty-six.org
telesolutionsconsultants.com
trombositting.org

# Reference: https://twitter.com/tmmalanalyst/status/891998398462566400

luczki.pl

# Reference: https://twitter.com/x42x5a/status/1121702655464751104

payeer-coin.icu

# Reference: https://twitter.com/FewAtoms/status/1121751424096845831

http://216.170.120.137

# Reference: https://twitter.com/JAMESWT_MHT/status/1121755894511960064
# Reference: https://app.any.run/tasks/c18ca904-42a7-4cda-89ca-8960f38ff406

gcleaner.info
melbettyge.top
refpagdcmr.top
salosvodkoi.ru

# Reference: https://twitter.com/FewAtoms/status/1121780178676527104
# Reference: https://twitter.com/FewAtoms/status/1121096964869959682

http://80.82.66.58

# Reference: https://twitter.com/neonprimetime/status/1121800377727426561

hlggregoriazl.xyz

# Reference: https://twitter.com/QuaestioQuestio/status/1121777747834155012

gatiropimonita.website
updateservice.work

# Reference: https://twitter.com/x42x5a/status/1122096731800375296

fin18.org

# Reference: https://twitter.com/slayersecurity/status/1122137824076148736

basaso.mobi
dpyfo.mobi
enchanted.mobi
ghtc.mobi
hfik.mobi
mobisad.mobi
nefal.mobi
nkdyo.xyz
professional.mobi
rhggy.mobi

# Reference: https://twitter.com/DbgShell/status/1121583280145543168

http://84.200.43.124

# Reference: https://twitter.com/jpcert_ac/status/1121701529847603202

officecrack.gi2.cc

# Reference: https://twitter.com/ViriBack/status/1122527363772887044

90551.prohoster.biz

# Reference: https://twitter.com/hexlax/status/988881472403763200

untorsnot.in

# Reference: https://twitter.com/0x13fdb33f/status/1122544651628576768
# Reference: https://www.kernelmode.info/forum/viewtopic.php?p=32871
# Reference: https://otx.alienvault.com/pulse/5cc6ca1e69cc6cfee80974a7

fusu.icu
keke.icu
letask.me
luru.icu
qoqo.icu
susu.icu
zqfgy.app

# Reference: https://twitter.com/dvk01uk/status/1122803607269773312

findrew.gq

# Reference: https://twitter.com/makflwana/status/1122818381856555010

http://91.243.83.154

# Reference: https://twitter.com/James_inthe_box/status/1122861244023656453

anticcolonial.cf

# Reference: https://twitter.com/x42x5a/status/1122863171222560768

h-drums.cf

# Reference: https://twitter.com/dvk01uk/status/1122702052482846720

ayakkokulari.com

# Reference: https://twitter.com/ScumBots/status/1122874459432599555

s0ft3r.ru

# Reference: https://twitter.com/Racco42/status/1122966809924329472

iceslyt.ru

# Reference: https://twitter.com/Sm0k10/status/1123018192228626443

quo75fbm.club

# Reference: https://twitter.com/dave_daves/status/1123143230852358145

mail-tools.info

# Reference: https://twitter.com/JaromirHorejsi/status/1095328020028628992

nim3.xyz

# Reference: https://twitter.com/FewAtoms/status/1123154922562678784

http://23.249.163.113

# Reference: https://twitter.com/avman1995/status/1035033720489734145

kangnaterayna.com

# Reference: https://twitter.com/x42x5a/status/1123191255679291392

sellingproducts.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1123209767135141889

cliniquevoyage.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1123214806251646977
# Reference: https://www.virustotal.com/gui/domain/digital-studio.org/details
# Reference: https://app.any.run/tasks/27874df0-5ed8-469e-8a53-0741bb8fca58

digital-studio.org

# Reference: https://twitter.com/x42x5a/status/1123250026883497985

lovemepls.com

# Reference: https://twitter.com/malwrhunterteam/status/1123262864029040641

nathanklebe.com

# Reference: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html

http://188.166.74.218
http://45.55.211.79

# Reference: https://twitter.com/makflwana/status/1123465749027225600

http://5.188.231.210

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

auzonet.net

# Reference: https://twitter.com/FewAtoms/status/1123563237084024832

http://155.138.134.133

# Reference: https://twitter.com/ScumBots/status/1122705081953132549

bitwhites.top

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834

frameupds.info

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976

hbr0.icu

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

teleduck.de
zaremedspa.com

# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

individualkipitera.site
individualkipitera24.site
intimorg.xyz
prostitutkivoronezha24.bid
prostitutkiyaroslavlya76.men
prostitutkisoy.com
prostitutki-adlera.xyz
prostitutki-sterlitamaka.xyz
prostitutki-vologdy.xyz
prostitutki-tomska.xyz
prostitutkisochi24.xyz
prostitutki-magnitogorska.xyz
prostitutki-tveri.xyz
prostitutki-kaliningrada.xyz
prostitutki.soy
prostitutkimoskvy.surf
prostitutkiyaroslavlya.xyz
prostitutki-surguta.xyz
prostitutki-izhevska.xyz
prostitutki-permi.xyz
prostitutkikazani.xyz
prostitutkikrasnoyarska.xyz
prostitutkiomska.xyz
prostitutkirostova.xyz
prostitutkiufy.xyz
prostitutkivoronezha.xyz
prostitutki-arhangelska.xyz
prostitutki-biyska.xyz
prostitutki-taganroga.xyz
prostitutki-tambova.xyz
prostitutkipitera.soy
prostitutkivologdy.win

# Reference: https://twitter.com/JayTHL/status/1123591741347704832

92.222.151.63:36437

# Reference: https://twitter.com/JayTHL/status/1123829087913508865

leon-l-atkinson.club

# Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220

vman23.com

# Reference: https://otx.alienvault.com/pulse/5ccab2b0769cdc85663c84b9

747f9d59.ngrok.io

# Reference: https://twitter.com/x42x5a/status/1123914216665174016
# Reference: https://twitter.com/JAMESWT_MHT/status/1126420676427096065

ccleaner.host
ccleaner.top

# Reference: https://twitter.com/Racco42/status/1123953925831446529

41.231.120.138:7700

# Reference: https://twitter.com/Racco42/status/1123974086970019840

fjlryd.com

# Reference: https://twitter.com/drok3r/status/1124018831444385794

http://185.79.156.23

# Reference: https://twitter.com/x42x5a/status/1124062134378409992

a-7763.com

# Reference: https://twitter.com/SickPeaSec/status/1124078107617574912

http://42.51.65.7

# Reference: https://www.virustotal.com/gui/domain/heheda.tk/relations

heheda.tk

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Tovkater-6956309-0)

dicier.ru
triobol.ru
walforder.ru

# Reference: https://twitter.com/TheMan___TheMan/status/1124526444955295744

http://3.14.6.4

# Reference: https://twitter.com/slayersecurity/status/1124605083554078720

ckssplcom.ga

# Reference: https://twitter.com/FewAtoms/status/1124624471548149761

megaklik.top

# Reference: https://twitter.com/James_inthe_box/status/1124634464447950848

hamriadhurai1.com

# Reference: https://twitter.com/James_inthe_box/status/1124648077627838465

http://106.13.96.196

# Reference: https://twitter.com/VK_Intel/status/1124826957764603905

ghostru.biz

# Reference: https://twitter.com/ViriBack/status/1125145578638389248

umc-tech.com

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (#Win.Malware.Shadowbrokers-6958490-0)
# Reference: https://www.virustotal.com/gui/domain/sex.kuai-go.com/relations

teetah.com
thmqyo.com
iadaef.com
yvyqyr.com
yyhhwt.com
yoiupy.com
abvyoh.com
evoyci.com
nzooyn.com
niulzo.com
meadgz.com
yxpwly.com
cberyk.com
xuvvie.com
nfgesv.com
rjodmz.com
ygjuju.com
iauany.com
zopkpn.com
ubnuov.com
kroqzu.com
uxmaie.com

# Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a

romelulukaku.tk

# Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920

liverfook.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1125358634979012613

polaroil.me

# Reference: https://twitter.com/JAMESWT_MHT/status/1125388900862767105

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/pmelson/status/1125070087218659330

anyconnect.stream
bigip.stream
fortiweb.download
kaspersky.science
microtik.stream
owa365.bid
symanteclive.download
windowsdefender.win

# Reference: https://twitter.com/angel11VR/status/1125765188370731009
# Reference: https://app.any.run/tasks/8bee6450-d92c-4a21-8b8e-6dbec1e777e5

joeing2.duckdns.org

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

neperepahano.top

# Reference: https://twitter.com/Jan0fficial/status/1093123191504031746

scanjet.tk

# Reference: https://twitter.com/P3pperP0tts/status/979416398932905985

mdolk.ru

# Reference: https://twitter.com/P3pperP0tts/status/980426489802960897

ponysolution.tk

# Reference: https://twitter.com/x0rz/status/763396946371436544

andmabi.com
redidfe.ru
undwohed.ru

# Reference: https://twitter.com/hexlax/status/740548297723678720

cussocarve.net

# Reference: https://twitter.com/hexlax/status/777967707601895424

tortonrcommt.pw

# Reference: https://twitter.com/hexlax/status/905947662595366913

detrogoldenmayer.com

# Reference: https://twitter.com/teoseller/status/674601023076462596

beamtech-tw.com

# Reference: https://twitter.com/teoseller/status/790919712909697024

zjibingfeng.com

# Reference: https://twitter.com/hexlax/status/803324541858627584

ru-id21387192837.com

# Reference: https://twitter.com/bomccss/status/1125902307030265856

donersonma.com

# Reference: https://twitter.com/executemalware/status/1125818675519459328

58.218.66.168:32221

# Reference: https://twitter.com/VirITeXplorer/status/1126015303312396288

samuelkerns.com

# Reference: https://www.virustotal.com/gui/ip-address/90.103.111.117/relations

iamahackeur.servehttp.com
jesuisunhackeur.servehttp.com

# Reference: https://twitter.com/051R15/status/984704059109093382

jcgloball.org

# Reference: https://twitter.com/dvk01uk/status/1126064949212721152

carlostevez.ga
carlostevez.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1126109441651245057
# Reference: https://app.any.run/tasks/004e0cf9-8b5c-41eb-a7af-d048dcb80608

green.nogel.tech
safa.205dundas.com
ssw.138front.com

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/

link.fivetier.com

# Reference: https://twitter.com/MisterCh0c/status/1126214464334979074

ftp://computernewb.ml

# Reference: https://twitter.com/VirITeXplorer/status/1126382269646741505

zuisarch.top

# Reference: https://twitter.com/x42x5a/status/1126402234676404225

abscete.info
fopstudios.com

# Reference: https://twitter.com/x42x5a/status/1126395015566102528

bluedahab.ga

# Reference: https://blog.yoroi.company/warning/campagna-gootkit-verso-pec-italiane/

effe-erre.es
sigaingegneria.com

# Reference: https://twitter.com/JayTHL/status/1126254567568695301

fuckchriscollingsworth.com

# Reference: https://twitter.com/DissectMalware/status/1126384963497205762

http://51.89.0.134

# Reference: https://otx.alienvault.com/pulse/5cd3f89df12b501c477a6fba

vision2030.cf
vision2030.tk

# Reference: https://twitter.com/malwrhunterteam/status/1126438072047099905
# Reference: https://twitter.com/malwrhunterteam/status/1126443181879459842
# Reference: https://twitter.com/malwrhunterteam/status/1126450000425361408

abidefr.com
ambertut.com
profile.sandoct.com
sagdao.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126435324530503680

binnatto.de
megaklik.top
uzocoms.eu
venzatechi.online

# Reference: https://twitter.com/ActorExpose/status/1126448541637984256

can25.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1126476203253280773

ezeada.site

# Reference: https://twitter.com/James_inthe_box/status/1126487574317490179

aotiahua.com

# Reference: https://twitter.com/James_inthe_box/status/1126590019269840896

farmfit.ru

# Reference: https://twitter.com/dvk01uk/status/1126726101055574016

xzhch.ml

# Reference: https://app.any.run/tasks/b9d22ade-b917-421b-a117-e514d56fefd5
# Reference: https://www.virustotal.com/gui/domain/ndtst.com/details

ndtst.com

# Reference: https://twitter.com/dvk01uk/status/1121281997643636736
# Reference: https://app.any.run/tasks/653e0ec4-396d-4930-b91c-9b110debf1cf

nxgenbiz.us

# Reference: https://twitter.com/dvk01uk/status/1118559250471628800

terryhill.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1126803185753047040

gcleaner.info

# Reference: https://twitter.com/malwrhunterteam/status/1126808002986639361

rapport.lcto.lu

# Reference: https://twitter.com/x42x5a/status/1126832160936214529

soksanhotels.com

# Reference: https://twitter.com/dave_daves/status/1126840642485784576

mecharniser.com

# Reference: https://twitter.com/James_inthe_box/status/1126846840060571648

vasinvestment.tk

# Reference: https://twitter.com/ViriBack/status/1126992620310470656

iujoaqstqiywertgpu.club

# Reference: https://twitter.com/ViriBack/status/1127224259837878273

phumyhunggiatot.com

# Reference: https://twitter.com/daphiel/status/1123927542149328896

blanki-shabloni24.ru
icq.chatovod.info
medialeaks.icu
superjob.icu
women-history.me

# Reference: https://twitter.com/malware_traffic/status/810966197881671680
# Reference: http://malware-traffic-analysis.net/2016/12/19/index.html

talhanterbutres.top
srugbah.com

# Reference: https://twitter.com/pancak3lullz/status/1022845906041929728

asterixenergy.in

# Reference: https://twitter.com/pancak3lullz/status/746337709774430208

camera-test.hi2.ro
summerr554fox.su

# Reference: https://twitter.com/FewAtoms/status/1127531654019334144

222.187.238.16:2020

# Reference: https://twitter.com/ActorExpose/status/1127565211832135681

webarconet.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1127927901725306881

rabbitscafenyc.com
rerplan.tk
ttreface.tk

# Reference: https://twitter.com/malware_traffic/status/1128019457966735360

dhlexpress.club

# Reference: https://twitter.com/ActorExpose/status/1128018026673131521

double-minded-elect.000webhostapp.com

# Reference: https://twitter.com/ActorExpose/status/1128004155673542657

ryselis.xyz

# Reference: https://twitter.com/ActorExpose/status/1128017378518892544

aquilesarocaltda.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1128214459334500353

sonofgraceoffice.website

# Reference: https://twitter.com/dvk01uk/status/1128239904402694144

modipond.gq

# Reference: https://twitter.com/dvk01uk/status/1128286894553489408

terryhill.top

# Reference: https://twitter.com/JayTHL/status/1128405725888307200

maketheswitch.ca

# Reference: https://twitter.com/58_158_177_102/status/1128310206327283713

mondayis.info

# Reference: https://twitter.com/virusbtn/status/1128556881079930881

ezinebachelor.top

# Reference: https://twitter.com/ViriBack/status/1128828811796242433

187.ip-54-36-162.eu

# Reference: https://twitter.com/Racco42/status/1128955163023171584

myscs.ca

# Reference: https://twitter.com/JAMESWT_MHT/status/1128974517144031232

ybtvmt.info

# Reference: https://twitter.com/x42x5a/status/1128995801286492162

tandf.xyz

# Reference: https://twitter.com/pancak3lullz/status/1129392247924035584

brsystem1000k33.com

# Reference: https://twitter.com/James_inthe_box/status/1129452679250321408

officeboss.xyz

# Reference: https://app.any.run/tasks/4a96e0a9-8b6a-46ac-8e31-5d7d6a417720/

asnkar.me

# Reference: https://twitter.com/dave_daves/status/1129401061696036864

http://13.58.74.46

# Reference: https://twitter.com/James_inthe_box/status/1129514888148086784

botonbot.net
ruit.live

# Reference: https://twitter.com/malware_traffic/status/1129758980585283584

alimstores.com

# Reference: https://twitter.com/Jouliok/status/1129662977664274432

microsoft-products.com
228276216.net

# Reference: https://twitter.com/ActorExpose/status/1130119521770102791

thenewsystemsetup.online

# Reference: https://www.virustotal.com/gui/url/a23b74470167c11d15f0ece4f0859c10f411a21f895836a7df383a87ce857930/detection

android-fanatics.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1130401062710648832
# Reference: https://app.any.run/tasks/e4f79fa5-1908-4791-8e49-bd966a4ff139/

maso.at

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclick.live

# Reference: https://twitter.com/dave_daves/status/1130465690740232193

gdres.tk

# Reference: https://twitter.com/FewAtoms/status/1130496077759746050

mnsoorysoemsystems.com

# Reference: https://twitter.com/James_inthe_box/status/1130541505356095488
# Reference: https://pastebin.com/LFHR1XX1

absentselection.icu
chargement-pro.icu
commande.icu
commandeapp.icu
commandehq.icu
commandehub.icu
commandelabs.icu
continentaltourist.icu
document-joint.icu
documentpro.icu
emaillabs.icu
emailly.icu
opencommande.icu
proapp.icu
prohq.icu
standardpopulation.icu

# Reference: https://twitter.com/ActorExpose/status/1130199745287413760

mywegsite.com

# Reference: https://twitter.com/dvk01uk/status/1130735131793207296

handuruz.cf
handuruz.ga

# Reference: https://twitter.com/JAMESWT_MHT/status/1130797257375330304

office365-cloud5.com
office365-cloud5.space

# Reference: https://twitter.com/ViriBack/status/1130814960517427201

carsitxal.tk

# Reference: https://twitter.com/James_inthe_box/status/1130882574853632002

http://82.221.139.139

# Reference: https://twitter.com/ViriBack/status/1131000954613108737

http://54.37.141.202

# Reference: https://twitter.com/FewAtoms/status/1131234678550220805

faqshub.xyz

# Reference: https://twitter.com/ViriBack/status/1131318550759641088

lucid44.xyz

# Reference: https://twitter.com/ViriBack/status/1131542334850699264

modestworld.top

# Reference: https://twitter.com/James_inthe_box/status/1131717489824428032
# Reference: https://www.virustotal.com/gui/domain/baihes.com/relations
# Reference: https://www.virustotal.com/gui/domain/coipip.com/relations

baihes.com
coipip.com

# Reference: https://twitter.com/blackorbird/status/1131790385884278784

asia-kunsthandwea1-online.com
kkrudy.com

# Reference: https://twitter.com/x42x5a/status/1131822281452380160
# Reference: https://twitter.com/James_inthe_box/status/1131855420073496576

airliness.info
donaldcity.club
nevernews.club

# Reference: https://twitter.com/James_inthe_box/status/1131927201496961024

tryfast-v52.cf

# Reference: https://twitter.com/FewAtoms/status/1131961073219899394

http://82.221.139.139
eyeseepotential.com

# Reference: https://twitter.com/Racco42/status/1132056583293329408

eurogov.pw

# Reference: https://twitter.com/BroadAnalysis/status/880488094277009408

batbetorzen.com

# Reference: https://citizenlab.ca/2019/05/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign/

51.255.101.144:4444
twitter.com-users.info

# Reference: https://twitter.com/HONKONE_K/status/1132892192719101952

naiei-aldiel.16mb.com

# Reference: https://twitter.com/x42x5a/status/1130421342782857217

ethclicks.live

# Reference: https://twitter.com/JAMESWT_MHT/status/1133024098542604288

ethchain.live

# Reference: https://twitter.com/x42x5a/status/1133025211606077440

ethmoney.live
ethcrypto.live
ethpromo.live
ethmoney.club
ethmoney.club

# Reference: https://twitter.com/jorgemieres/status/1133052016568274950

vbtz.cf

# Reference: https://twitter.com/FewAtoms/status/1133059049887604737

vaddesobhanadri.com

# Reference: https://twitter.com/cybsecbot/status/1133275353349316610

gettyimages-okta.com
harpercollins-okta.com
login-hulu.com
dropbox-apps.com
webmail-premierpr.com

# Reference: https://twitter.com/dvk01uk/status/1133294737006518272

oliver-khan.tk

# Reference: https://twitter.com/HONKONE_K/status/1133205335877885952

ip1.qqww.eu

# Reference: https://twitter.com/Racco42/status/1133330864216133632

secureserverftp.xyz

# Reference: https://twitter.com/ActorExpose/status/1133339071630204928

ntexplorerlite.com

# Reference: https://twitter.com/MalwarePatrol/status/1133417154009870337

banner.poker.williamhill.com

# Reference: https://twitter.com/MalwarePatrol/status/1133054765573844993

attachments.goapk.com

# Reference: https://twitter.com/MalwarePatrol/status/1132692376848281600

img2.img.9xiu.com

# Reference: https://twitter.com/tkanalyst/status/1133505361145556993

makemoneyeasy.live

# Reference: https://app.any.run/tasks/324f1dc9-5cce-42b4-bec0-f572b37bedfa/

kentona.su

# Reference: https://twitter.com/raby_mr/status/1133347073154097153
# Reference: https://app.any.run/tasks/7e23f973-5f69-4ef0-af26-427e975e308d/
# Reference: https://www.virustotal.com/gui/file/272e25e3aa9d792281a282c2f6cd40d59c5b8fe432ae93bb5015899ceb173dd1/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/ip-address/185.142.97.228/relations
# Reference: https://www.virustotal.com/gui/ip-address/217.182.200.111/relations

185.142.97.228:65233
217.182.200.111:21
217.182.200.111:35046
217.182.200.111:35579
217.182.200.111:35829
217.182.200.111:35348
http://217.182.200.111

# Reference: https://twitter.com/SickPeaSec/status/1133660498023501824

129.204.248.16:65534

# Reference: https://twitter.com/JAMESWT_MHT/status/1133701006238375937

anmcousa.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1133691719348830208

bobbyworld.top

# Reference: https://twitter.com/P3pperP0tts/status/1133897358402564096

http://193.32.161.77

# Reference: https://twitter.com/dvk01uk/status/1133950202233200640

amanihackz.com

# Reference: https://twitter.com/SoulRage6/status/1133994359987277831

http://84.38.135.164

# Reference: https://twitter.com/JAMESWT_MHT/status/1134050405430808577
# Reference: https://app.any.run/tasks/f1a352c4-1174-41bb-809f-ab4ed0b6be7c/

redinqtongvlftadf.xyz

# Reference: https://twitter.com/MalwarePatrol/status/1134141928541446146

tripdownload.com

# Reference: https://twitter.com/FewAtoms/status/1134146787953000449

moonday-v54.tk

# Reference: https://twitter.com/SickPeaSec/status/1134180182544093186

190.37.209.37:3569

# Reference: https://twitter.com/JAMESWT_MHT/status/1134438287358271489

sj81helmer.top

# Reference: https://twitter.com/BleepinComputer/status/1134227276101554176

up-date.to

# Reference: https://twitter.com/VK_Intel/status/1134606562180382720

li888-183.members.linode.com

# Reference: https://www.virustotal.com/gui/domain/swtest.ru/relations

[a-z0-9]{10}\.temp\.swtest\.ru

# Reference: https://twitter.com/ViriBack/status/1134912329597050880

sm.rooderoofing.com.au

# Reference: https://app.any.run/tasks/09c0bd11-864d-41d5-85b2-9344baa1d360/

big-partynew.ru

# Reference: https://twitter.com/MalwarePatrol/status/1135410287992025088

www8.piaodown.com

# Reference: https://twitter.com/securiteoff/status/740562516699447296
# Reference: https://www.virustotal.com/gui/domain/lasersteam178.ru/relations

lasersteam178.ru

# Reference: https://twitter.com/pancak3lullz/status/748146742571372544
# Reference: https://www.virustotal.com/gui/domain/19891108.info/relations

19891108.info

# Reference: https://twitter.com/Jouliok/status/1135293849314693126

http://82.221.139.139

# Reference: https://twitter.com/dms1899/status/1135693930492829696

proapp.icu

# Reference: https://twitter.com/JAMESWT_MHT/status/1135825545038401536

ar-energyservice.com

# Reference: https://www.virustotal.com/gui/domain/yourdocument.biz/relations

yourdocument.biz

# Reference: https://twitter.com/eComscan/status/1136181192796061697

dns-forwarding.com

# Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dnsedc.com

# Reference: https://speakerdeck.com/ashley920/into-the-fog-the-return-of-icefog-apt?slide=35

dellnewsup.net

# Reference: https://twitter.com/0xrb/status/1135869164239769601 (# root domain)

yiffgallery.xyz

# Reference: https://www.virustotal.com/gui/domain/sportsnewsa.net/relations

sportsnewsa.net

# Reference: https://twitter.com/58_158_177_102/status/1136162140283236352

firedron.top

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/

bazar.services
ds38.test-hf.su

# Reference: https://twitter.com/James_inthe_box/status/1136631137571237888

mysecrethope.com

# Reference: https://twitter.com/benkow_/status/1136623836936495104

china-hql.com

# Reference: https://twitter.com/FewAtoms/status/1136672182967439361

yonghonqfurniture.com

# Reference: https://twitter.com/malware_traffic/status/1136682537005305858

flash2019.xyz

# Reference: https://twitter.com/ViriBack/status/1136695799818215424

cvbt.ml

# Reference: https://twitter.com/malware_traffic/status/1136690489757974538

http://209.141.46.175
http://54.36.218.96

# Reference: https://twitter.com/KorbenD_Intel/status/1136765613412671488

ddl7.data.hu

# Reference: https://twitter.com/dave_daves/status/1137001089088315392

http://212.73.150.157

# Reference: https://twitter.com/VK_Intel/status/1137003147887566848

gstestat.com

# Reference: https://twitter.com/MalwarePatrol/status/1137041033609584640

vilamax.home.pl

# Reference: https://twitter.com/James_inthe_box/status/1137067993739943937

http://45.76.37.123
melirossa-shop.xyz
zipmatchpost.net

# Reference: https://www.malware-traffic-analysis.net/2017/12/22/index.html

regwide.club
streetsave.club

# Reference: https://twitter.com/anyrun_app/status/1138078003815206912
# Reference: https://app.any.run/tasks/2aa81217-cd73-41af-901b-d578b5bbf041/

keuhne-negal.com

# Reference: https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
# Reference: https://www.virustotal.com/gui/ip-address/176.103.48.228/relations

http://176.103.48.228
baranevents.com
baranweddings.com
ctifsouteni.icu
etapportert.icu
ffrirbesoin.icu
hrhuae.com
ielassocier.icu
ourmazdcompany.net
samaste.net
sarahelizabethjewelry.com

# Reference: https://twitter.com/P3pperP0tts/status/1138360072168509440
# Reference: https://twitter.com/P3pperP0tts/status/1138373736187518977
# Reference: https://app.any.run/tasks/d9984618-81f4-48e5-883e-ee5591d73483/

qxyl.date
148.70.57.37:878
148.70.57.37:3

# Reference: https://twitter.com/P3pperP0tts/status/1138352249007222784
# Reference: https://twitter.com/P3pperP0tts/status/1140603446921433090

47.112.130.235:258
47.112.130.235:280

# Reference: https://twitter.com/James_inthe_box/status/1138411458830655488

http://176.105.252.168

# Reference: https://otx.alienvault.com/pulse/5cff9b9b7a111ab1f15d7819
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-2725-exploited-and-certificate-files-used-for-obfuscation-to-deliver-monero-miner/

139.180.199.167:1012
45.32.28.187:1012

# Reference: https://twitter.com/FewAtoms/status/1138477829434351624

2be431d7.ngrok.io
niggalife.5gbfree.com
sheddy.5gbfree.com

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

46fordhamavenue-camberwell.com
haveahealthy.life
homepage-iclouds.com

# Reference: https://twitter.com/bomccss/status/1138620211140030464

elievarsen.ru

# Reference: https://twitter.com/HarioMenkel/status/1138725169323790336

bluecornerblog.xyz

# Reference: https://www.virustotal.com/gui/ip-address/121.41.39.145/relations

121.41.39.145:7149
http://121.41.39.145

# Reference: https://twitter.com/James_inthe_box/status/1138930135548157952

http://5.206.226.15

# Reference: https://twitter.com/FewAtoms/status/1139177275977555970

sripipat.com

# Reference: https://twitter.com/James_inthe_box/status/1139206166385348613

138.68.16.227:8080

# Reference: https://twitter.com/yvesago/status/1139209832014274562

fujielectric.cf

# Reference: https://twitter.com/P3pperP0tts/status/1139277669575659529

182.254.220.148:88

# Reference: https://twitter.com/gorimpthon/status/1139351204540977152
# Reference: https://app.any.run/tasks/51d14dec-d0de-4718-b5f1-3ae489013df9/

185.106.122.120:80
185.140.248.17:80

# Reference: https://twitter.com/58_158_177_102/status/1139369225863065602

185.164.72.213:80

# Reference: https://twitter.com/dave_daves/status/1139509798926467073
# Reference: https://twitter.com/FewAtoms/status/1139608798119768065

adl-groups.com
deluxerubber.com
greatmischiefdesign.com

# Reference: https://twitter.com/MalwarePatrol/status/1139758944224731141

a0310625.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1139841634655277056

check511.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1140333563319128064

222.186.172.44:9

# Reference: https://twitter.com/P3pperP0tts/status/1140335879493492737

785sou.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1140525091110998017

mondaydrem.ru

# Reference: https://twitter.com/x42x5a/status/1140530422172045312

storage.alfaeducation.mk

# Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568
# Reference: https://app.any.run/tasks/7555c697-f2af-42e5-8a14-ae19d7657aa9/

sventiskai.lt
45.67.14.157:80

# Reference: https://twitter.com/nullcookies/status/1140780769914302467

belllflight.com

# Reference: https://twitter.com/VirITeXplorer/status/1140875655955079168

btta.xyz

# Reference: https://twitter.com/papa_anniekey/status/1140825590632570880

blogmason.mixh.jp

# Reference: https://twitter.com/luc4m/status/1140928778799124482

http://185.230.161.116

# Reference: https://twitter.com/malware_traffic/status/1141083006574178304

tor2net.com

# Reference: https://twitter.com/58_158_177_102/status/1141226169720815616

bibicity.ru

# Reference: https://twitter.com/James_inthe_box/status/1141326136212766720

http://185.158.248.80

# Reference: https://twitter.com/James_inthe_box/status/1141429831688605697

joeing.duckdns.org

# Reference: https://twitter.com/SecurityGuyPhil/status/1141466335592869888
# Reference: https://twitter.com/ItsReallyNick/status/1141517097991835648
# Reference: https://otx.alienvault.com/pulse/5d0aeb6260c8332e03da9063

89.34.111.113:443
185.49.69.210:80

# Reference: https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html

http://185.162.131.92
http://185.49.71.101

# Reference: https://twitter.com/P3pperP0tts/status/1141611364953337856

94.191.94.149:8080

# Reference: https://twitter.com/P3pperP0tts/status/1141961999796113408
# Reference: https://twitter.com/FewAtoms/status/1144567670555254787

103.45.174.46:81
103.45.174.46:8080

# Reference: https://twitter.com/James_inthe_box/status/1142005711808765952

jplymell.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

crypy.top

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
# Reference: https://www.virustotal.com/gui/ip-address/45.67.14.179/relations

http://45.67.14.179

# Reference: https://twitter.com/peterkruse/status/1141993808105811968

proyectobasevirtual.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142065672387792896

makemoneyeasywith.me

# Reference: https://twitter.com/James_inthe_box/status/1140768910465101824

aeg.tmc.mybluehost.me

# Reference: https://twitter.com/FewAtoms/status/1142143526165073920

http://185.82.200.189

# Reference: https://twitter.com/P3pperP0tts/status/1142248371631140867

http://149.202.29.67

# Reference: https://twitter.com/executemalware/status/1141882448063737857

blogmason.mixh.jp

# Reference: https://twitter.com/DissectMalware/status/1142979828339150850

aesculapius.000webhostapp.com

# Reference: https://twitter.com/P3pperP0tts/status/1143142047987195904

baidu.wookhost.me

# Reference: https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/

mechanicaltools.club

# Reference: https://twitter.com/killamjr/status/1110889738653913089

valdez.pw

# Reference: http://vxcube.com/tools/domain/mailsa-qau.com/relate_iocs

153-66-11-33.com
154-65-22-26.com
154-65-22-29.com
154-66-11-33.com
154-66-21-29.com
154-66-21-30.com
154-66-21-33.com
154-66-22-29.com
anima-sana.cz
askdrthomas.com
beetfeetlife.bit
btoaspa.xyz
canadianposcorp.com
chaibuckz.com
checkmyurls.com
cognitionclassroom.com
dual-it.com
fastandup.co.in
fin-plcukltd.com
gracesandoval.com
id-19190249012904912904190249129490219049129419.pro
intecwi.org
internettenparakazanma.org
istanbulside.net
ivanajankovic.com
jointings.org
kitcross.ca
llkty.gq
masee.info
mcnconstruction.net
mincoindia.com
onlinemail.kz
ox2ybk1nf4muo3.net
pekip-und-mehr.de
pilarrakyat.com
propertiesfirst.com
rencontres-idf.fr
sewardsfollybarandgrill.net
shawneklassen.com
theevanescense.com
tiltangeomatics.tk
trafficartspace.com
unlaca.info
unlaca.net
unlaca.org

# Reference: https://twitter.com/killamjr/status/1143498263892582402

deserv.ie/gunie/

# Reference: https://twitter.com/JAMESWT_MHT/status/1143514933646245889

up-dates.to
svarog-jez.com

# Reference: https://www.lacework.com/cve-2019-3396-poc-deep-dive/
# Reference: https://otx.alienvault.com/pulse/5d12356ce0b0b1db4062231e

http://37.44.212.223
51.15.56.161:201
68.183.164.16:2121
jukesbrxd.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1143539589849767936

selly.duckdns.org

# Reference: https://twitter.com/OttoScav/status/1143567557649154048

birthdayeventdxb.com
cscuniversal.com

# Reference: https://twitter.com/malware_traffic/status/1143624752956940288

kooovaqas.biz
naaleazas.net
rogojaob.info
vaxeiayas.mobi
oltaeazas.mobi
amlivaias.us
ijcaiatas.name
ufayubja.me

# Reference: https://twitter.com/luc4m/status/1143808322430218241

aeg.tmc.mybluehost.me/xx/

# Reference: https://twitter.com/MalwarePatrol/status/1140664914417205249

cloud.xenoris.fr

# Reference: https://twitter.com/neonprimetime/status/1116754139281805317

eventricity.biz

# Reference: https://twitter.com/FewAtoms/status/1144223806195716098

mikejesse.top

# Reference: https://twitter.com/h4ckak/status/1144173749056315392

http://217.163.23.19

# Reference: https://twitter.com/JAMESWT_MHT/status/1144238644460433408

qwerty123456.space

# Reference: https://twitter.com/sniko_/status/1144454852698705924

digidick.xyz

# Reference: https://twitter.com/x42x5a/status/1144554536809435136

42.51.194.10:81

# Reference: https://twitter.com/x42x5a/status/1144559810123370496

http://114.118.80.241
114.118.80.241:8081

# Reference: https://twitter.com/James_inthe_box/status/1144604109103722496

natchotuy.com

# Reference: https://twitter.com/FewAtoms/status/1144636921437655041

http://123.207.143.211

# Reference: https://twitter.com/The_d0c_T0R/status/1144640214293520385

http://47.95.252.24

# Reference: https://twitter.com/Paladin3161/status/1144641457992556546

119.188.250.55:8080

# Reference: https://twitter.com/dineshdina04/status/1008621004896198657
# Reference: https://app.any.run/tasks/a8c1f660-71ae-4ab1-a217-11256fd6a158/

111.73.46.110:2233

# Reference: https://twitter.com/ViriBack/status/970443789234929664

cajo.com.au

# Reference: https://twitter.com/TelecomixSyria/status/301863376395587584
# Reference: https://www.virustotal.com/gui/domain/syrian-martyrs.com/details

syrian-martyrs.com

# Reference: https://twitter.com/ViriBack/status/1145040024297181186

mimiplace.top

# Reference: https://github.com/pan-unit42/iocs/blob/master/rarog/c2_w_timestamps.csv (# root domains)

0100.name
111orion.xyz
1gq.ru
4spirin.pw
5max.xyz
7bog.ru
abibletit.ru
accbmosol.com
admina.xyz
adminbtc.ru
albertsrun.xyz
badboy.pw
banddos.ru
bcjsoinlsidun3.eu
bdwiki.ru
bfvvsdfvjbvcdg.pw
billionaireboys.pw
bitcoin.lisx.ru
bitoklg.ru
bizmailcon.ru
bjkdfhbvvr.pw
bldimablog.xyz
bnknw.pw
bsdfbsadjfb.pw
bsdfksbdfj.pw
bsdfvsh.pw
btc-db.com
btchash777.ru
btcminergate.ru
bvjhsdvbfjsd.pw
centralfargo.com
checkingsite.site
checkmeout.ru
chvpobidno.com
cryptongram.org
cryptopoly.pw
csgotrade.vip
csobik.xyz
dcr048dd.ru
dedpanel.xyz
def397.pw
dfgsfdkj3jk4h5.ru
dfsfgsdfg.pw
digital-game.ru
dismay.pw
doomed.cf
dratuti.info
drujbanu.pw
enable.pw
enigma-top.bid
euirterhgt.pw
f1eriya.pw
fl-god.pw
games-revi.ru
getdownload4812.ru
ghjdthrf.tk
googleanalistics7431.ru
gopanel.ru
gslll.ru
hfyljv.ru
highwrite.ru
hjbkfwejhkfbj2334f.pw
hjdskyewljfdn.pw
hlebb.pw
how-to-how.club
hsnqy2no.host
ibsmoney.ru
igogos.ga
incor.xyz
itemsbet.com
itsmydomain.xyz
jackblack.pw
jisec.xyz
kdjsnbfgkjdf.pw
kefirsports.xyz
kevyank.ru
kiras.kz
kolokolchik.info
kopilka.io
kwam.gdn
land-seo.ru
lkasdjfklhngn.pw
m234.xyz
macadmin.xyz
mainivent.xyz
malmine.ru
maxpinezzz.ru
microtrend.xyz
min2rarllsknfoeihe.ru
minerarog.xyz
minergood.ru
minerhash.pw
minetbot.online
money-exchanger.info
mousehous.gdn
moy-mayner.ru
mrgap.pw
mybblog.xyz
mynebo7.xyz
mysuperprojectnumone.xyz
nbvnfuyjft567uygvhgfc.pw
nebuchadnezzar.xyz
newmine.ru
norfest1x.win
o4kobati.xyz
odmenarmi9z.site
plastileen.pw
poiwebm.ru
rand0msh1tm1n3r.xyz
rar740.xyz
rarog-cobetchik.ru
raznospower.ru
realbarbos.life
realtek.website
recheckmail24.ru
rikimaru7.pw
rrealstats.ru
rublikzarabotok.com
sadating.xyz
sanya330.pro
sdbfhjbsdfjh.pw
sdfbdsfjhkbgdf.pw
sdfvbshgdvf.pw
shilo.ml
soft-portal.kz
spaceman07.ru
spiridus.pw
staglion.pro
stingtek.com
sychost.com
system-analyse.win
tapblackmoney.pw
tiberious.xyz
torprojectonioncheck.com
tyha84.info
ugrym.pw
vergames.ru
webbserfer.ru
wilhost.com
wolframalpha.pw
wwqrwwwreewrqwer.xyz
xgames.su
xyw.space
zerstoren.pro
zloki.pw

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.104/relations

11fhfh.com
11xhxh.com
11xjxj.com
123dmdm.com
123fhfh.com
123hyhy.com
123jjyy.com
123kbkb.com
123xhxh.com
123xjxj.com
123xmxm.com
123xxbb.com
123yybb.com
22ctct.com
22fhfh.com
22hyhy.com
33dmdm.com
33jjyy.com
33xjxj.com
33xxaa.com
44ctct.com
44dmdm.com
44fhfh.com
44jjyy.com
44qxqx.com
44xhxh.com
44xjxj.com
44xmxm.com
44xxaa.com
44xxpp.com
520dmdm.com
520fhfh.com
520qxqx.com
520ssbb.com
520xhxh.com
520xjxj.com
520xmxm.com
55dmdm.com
55fhfh.com
55jjyy.com
55qxqx.com
55sdsd.com
55xhxh.com
55xjxj.com
55xxaa.com
55xxpp.com
628ai.com
6688cdn.com
66bbmm.com
66dmdm.com
66fhfh.com
66hyhy.com
66jjyy.com
66qxqx.com
66xhxh.com
66xjxj.com
66xxaa.com
66xxpp.com
6ctct.com
77dmdm.com
77hyhy.com
77xhxh.com
77xxaa.com
7ctct.com
7ufuf.com
888dmdm.com
888fhfh.com
888hbhb.com
888kbkb.com
888mbmb.com
888xhxh.com
888xjxj.com
888xmxm.com
88cscs.com
88ctct.com
88dmdm.com
88fhfh.com
88jjyy.com
88mkmk.com
88xhxh.com
88xjxj.com
88xxpp.com
890ai.com
898ai.com
999dmdm.com
999fhfh.com
999kbkb.com
999xhxh.com
999xjxj.com
999xmxm.com
99bbmm.com
99dmdm.com
99fhfh.com
99jjyy.com
99ppss.com
99xhxh.com
99xjxj.com
99xxpp.com
avav99.com
bcbc11.com
bcbc22.com
btbt33.com
btbt44.com
btbt77.com
didi22.com
gbgb11.com
gbgb66.com
mbmb55.com
mbmb99.com
nbnb33.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.106/relations

5444666.com
lh590.com
lh65.com
lh660.com
lh993.com

# Reference: https://www.virustotal.com/gui/ip-address/23.234.51.105/relations

1122sb.com
1188sb.com
629k.com
yh558877.com

# Reference: https://twitter.com/FewAtoms/status/1145357973579083778

securefilesdatas23678842nk.cf

# Reference: https://app.any.run/tasks/8df63024-05d4-4d67-bea9-ecdb1b9884a7/

nixtin.us

# Reference: https://twitter.com/ViriBack/status/1145366573898747905

http://190.97.166.189

# Reference: https://twitter.com/JayTHL/status/1145425745315008516

flavorizedjuice.de

# Reference: https://twitter.com/0bfusCat/status/1145269019374698496

http://31.207.34.129

# Reference: https://twitter.com/luc4m/status/1145650430476783617

http://23.249.167.147

# Reference: https://twitter.com/malware_traffic/status/1145793372126416897

http://31.184.252.188
cellfom.com
chungfamily.us

# Reference: https://twitter.com/david_jursa/status/1146014269940609025

beahero4u.com

# Reference: https://twitter.com/ps66uk/status/1146090626498347009

holahospice.org
john1715.com

# Reference: https://twitter.com/CNMF_VirusAlert/status/1146130046127681536 (# CVE-2017-11774)
# Reference: https://twitter.com/obiwanblee/status/1146152208976584704
# Reference: https://otx.alienvault.com/pulse/5d1bb4b9a3f21fdc4d509f47

customermgmt.net

# Reference: https://twitter.com/James_inthe_box/status/1146183202467303424

xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4c10f8881ab7b1b47a4db73fb9052e23efbfcecf4b2b28c569c01faba944d482/community

rainbowtrade.net

# Reference: https://twitter.com/James_inthe_box/status/1146446614367576065

bonus-ssl.com

# Reference: https://twitter.com/malware_traffic/status/1146503887215636480

cohen-nicoleau.com
mkzd.ru

# Reference: https://twitter.com/alex_lanstein/status/1146073296502501376

http://185.222.58.151

# Reference: https://twitter.com/killamjr/status/1146521318503964678

equipmnts.com

# Reference: https://www.virustotal.com/gui/domain/alcatelupd.xyz/relations

alcatelupd.xyz

# Reference: https://www.virustotal.com/gui/domain/symcorp.xyz/relations

symcorp.xyz

# Reference: https://twitter.com/FewAtoms/status/1146804894785056768

http://35.230.88.182

# Reference: https://twitter.com/James_inthe_box/status/1146896227000209408

http://92.119.113.32
xzshadows13.icu

# Reference: https://twitter.com/anyrun_app/status/1147040289300910080

ciber1250.gleeze.com

# Reference: https://twitter.com/VK_Intel/status/1147276748331081728
# Reference: https://www.virustotal.com/gui/domain/jsc0nten1maker.com/details

jsc0nten1maker.com

# Reference: https://twitter.com/benkow_/status/1147443642728103936

trading-secrets1.ru

# Reference: https://twitter.com/FewAtoms/status/1147484142218752002

janavenanciomakeup.com.br

# Reference: https://twitter.com/P3pperP0tts/status/1147540932490719233

58.218.66.92:1990
xdzzt.cn

# Reference: https://twitter.com/pancak3lullz/status/748521146321035264

htver.com

# Reference: https://twitter.com/FewAtoms/status/953966104887676928

gaming4life.org

# Reference: https://twitter.com/p5yb34m/status/1147269466293592064

servicess.online

# Reference: https://twitter.com/FewAtoms/status/1147829136146219009

bizimedebiyatimiz.com

# Reference: https://www.virustotal.com/gui/domain/metoristrontgui.info/relations

metoristrontgui.info

# Reference: https://www.virustotal.com/gui/domain/forstraus.co/relations

forstraus.co

# Reference: https://twitter.com/seguridadyredes/status/1054112048559329282

printnow.club

# Reference: https://twitter.com/P3pperP0tts/status/1148122871883030528

http://118.89.185.104
111.231.142.229:9921

# Reference: https://twitter.com/david_jursa/status/1148199946618732544
# Reference: https://app.any.run/tasks/839a2d29-1bf5-4d54-bd12-e179f9d1154f/

104.203.92.254:8080

# Reference: https://twitter.com/vigilantbeluga/status/1148118035581960193

expressdatings.info
herasimaonline.biz
ohso.site

# Reference: https://twitter.com/jeromesegura/status/1006616151118397440

feelingsdi.xyz

# Reference: https://twitter.com/DynamicAnalysis/status/1148316218199334912

fpayyhh.com

# Reference: https://twitter.com/malware_traffic/status/1148330383634812933

sgbzw12y.club
hlilaf44erick.xyz
kherthax0yua.info

# Reference: https://twitter.com/JayTHL/status/1118595885208866819
# Reference: https://twitter.com/JayTHL/status/1118650213084872705

helplog[0-9]{3,4}\.(ml|ga|gq|tk|cf)

# Reference: https://twitter.com/FewAtoms/status/1148623685412110336

creativecompetitionawards.gq

# Reference: https://twitter.com/x42x5a/status/1148603527444480000

obichereu.website

# Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632

111.30.107.131:228

# Reference: https://twitter.com/James_inthe_box/status/1148598156109799425

http://34.214.24.187

# Reference: https://twitter.com/James_inthe_box/status/1148652274727575558

apertona.com

# Reference: https://twitter.com/benkow_/status/1128639735960875010

abovethecrowd.site

# Reference: https://twitter.com/benkow_/status/1148658101463203841

ubercoupon.site

# Reference: https://twitter.com/nao_sec/status/1148799237049552896
# Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/
# Reference: https://www.virustotal.com/gui/ip-address/195.154.255.174/relations

http://194.109.206.212
http://195.154.255.174
http://46.165.250.224
http://162.247.74.200
http://178.17.171.78
http://188.138.88.42
http://204.85.191.9
http://23.129.64.207
http://91.203.146.126

# Reference: https://twitter.com/Ledtech3/status/1148883757094645760

http://5.56.133.137

# Reference: https://twitter.com/mrmolley/status/1149120144305729536

177.37.79.206:3000
http://35.193.98.140
http://78.201.31.9

# Reference: https://twitter.com/1ZRR4H/status/1149282913751617536
# Reference: https://www.virustotal.com/gui/ip-address/91.209.70.21/relations

accesso-cupo-de-tarjeta-cl.cf
accesso-cupo-de-tarjeta-cl.gq
activacion-aumento-tarjeta-cl.cf
activacion-aumento-tarjeta-cl.gq
active-cupo-de-2-millones-avance-cl.cf
active-cupo-de-2-millones-avance-cl.gq
active-cupo-de-avances-cl.cf
active-cupo-de-avances-cl.gq
aprobacion-cupo-web-cl.cf
aprobacion-cupo-web-cl.gq
aprobado-cupo-de-avance-cl.cf
aprobado-cupo-de-avance-cl.gq
aumento-activo.cf
aumento-activo.gq
aumento-aprobado.cf
aumento-aprobado.gq
aumento-cupo-aprobacion-cl.cf
aumento-cupo-diferido-cl.cf
aumento-cupo-diferido-cl.gq
aumento-para-clientes.cf
aumento-servicios.cf
aumento-servicios.gq
aumento-validacion-cupo-de-avance-en-tarjeta-cl.cf
aumento-validacion-cupo-de-avance-en-tarjeta-cl.gq
aumento-verificado-de-tarjeta-cl.cf
aumento-web-activado.cf
aumento-web-activado.gq
avance-activo-en-cuotas-cl.cf
avance-aprobado-cl.cf
avance-aprobado-cl.gq
avance-cupo-diferido-cl.cf
avance-cupo-diferido-cl.gq
avance-cupo-diferido-personas-cl.cf
avance-cupo-diferido-personas-cl.gq
avance-cupo-informacion-cl.cf
avance-cupo-informacion-cl.gq
avance-cupo-simulador-web.cf
avance-cupo-simulador-web.gq
avance-de-aumento-cl.cf
avance-de-aumento-cl.gq
avance-de-confimacion-web-cl.cf
avance-de-confimacion-web-cl.gq
avance-de-cupo-en-linea-personal-cl.cf
avance-de-cupo-en-linea-personal-cl.gq
avance-en-linea-diferido-web-cl.cf
avance-en-linea-diferido-web-cl.gq
avance-en-linea-verificado-cl.cf
avance-en-linea-verificado-cl.gq
avance-en-linea-web-simulador-cl.cf
avance-en-linea-web-simulador-cl.gq
avance-online-cl.cf
avance-online-cl.gq
avance-personas-cuotas-diferido-cl.cf
avance-personas-cuotas-diferido-cl.gq
avance-solicitud-cupo.cf
avance-solicitud-cupo.gq
avance-web-activo-simulador-cl.cf
avance-web-aprobado-cl.cf
avance-web-aprobado-cl.gq
avance-web-confirmacion-cl.cf
avance-web-confirmacion-cl.gq
avance-web-servicios-cl.cf
avance-web-servicios-cl.gq
avances-cuotas-diferido-promo-cl.cf
avances-cuotas-diferido-promo-cl.gq
avances-online-asignado-cl.cf
avances-online-asignado-cl.gq
consulta-activacion-de-avance-cl.cf
consulta-activacion-de-avance-cl.gq
cupo-avance-credito-en-linea-cl.cf
cupo-avance-credito-en-linea-cl.gq
cupo-avance-online-cl.cf
cupo-avance-online-cl.gq
cupo-de-avance-online-cl.cf
cupo-de-avance-online-cl.gq
cupo-disponible-avance-cl.cf
cupo-disponible-avance-cl.gq
cupo-financiado-cl.cf
cupo-financiado-cl.gq
cupo-prestamo-cl.cf
cupo-prestamo-cl.gq
cupo-tarjeta-activo-cl.cf
cupo-tarjeta-activo-cl.gq
cupo-tarjeta-aumento.cf
cupo-tarjeta-aumento.gq
cupo-tarjeta-cuotas-diferido-cl.cf
cupo-tarjeta-cuotas-diferido-cl.gq
cupo-tarjeta-linea-de-credito-cl.cf
cupo-tarjeta-linea-de-credito-cl.gq
cupo-web-avance-cl.cf
cupo-web-avance-cl.gq
cupo-web-para-avance-cl.cf
cupo-web-para-avance-cl.gq
incremento-avance-en-tarjeta-cl.cf
incremento-avance-en-tarjeta-cl.gq
ingreso-cupo-de-tarjeta-cl.cf
ingreso-para-avance-cl.cf
ingreso-para-avance-cl.gq
ingreso-verificacion-cupo-de-avance-cl.cf
ingreso-verificacion-cupo-de-avance-cl.gq
ingreso-verificacion-de-avance-cl.cf
ingreso-verificacion-de-avance-cl.gq
login-avance-incremento-web-cl.cf
login-avance-incremento-web-cl.gq
login-web-avances-cl.cf
login-web-avances-cl.gq
obten-cupo-enlinea-cl.cf
obten-cupo-enlinea-cl.ga
obten-cupo-enlinea-cl.gq
obten-cupo-enlinea.cf
obten-cupo-enlinea.ga
obten-cupo-enlinea.gq
obten-validacion-cupo-web.cf
obten-validacion-cupo-web.gq
obtener-avance.cf
obtener-avance.ga
obtener-avance.gq
portal-avances-de-cupo-cl.cf
portal-avances-de-cupo-cl.gq
portal-para-avance-activado-cl.cf
portal-para-avance-activado-cl.gq
registro-de-avance-cl.cf
registro-de-avance-cl.gq
revision-cupo-tarjeta.cf
revision-cupo-tarjeta.gq
servicio-de-avance-cl.cf
servicio-de-avance-cl.gq
servicio-web-activacion-avance-cl.cf
servicio-web-activacion-avance-cl.gq
solicitud-avance-cupo-en-linea-cl.cf
solicitud-avance-cupo-en-linea-cl.gq
solicitud-cupo-de-avance-personal-cl.cf
solicitud-cupo-de-avance-personal-cl.gq
validacion-aumento-cupo.cf
validacion-aumento-cupo.gq
validacion-incremento.cf
validacion-incremento.gq
verificacion-de-aumento.cf
verificacion-de-aumento.gq
verificacion-de-avance-cl.cf
verificacion-de-avance-cl.gq
web-avance-de-tarjeta-cl.cf
web-avance-en-linea-cl.cf
web-avance-en-linea-cl.gq
web-avance-para-personas-scotia-cl.cf
web-avance-para-personas-scotia-cl.gq
www-aumento-de-avance-cl.cf
www-aumento-de-avance-cl.gq
www-avances-online-cl.cf
www-avances-online-cl.gq
www-login-retiro-de-avance-web-cl.cf
www-login-retiro-de-avance-web-cl.gq

# Reference: https://twitter.com/coderippers/status/1149312700205416448

vman22.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1149574068435218432

dgkhj.ru
fdghfghdfghjhgjkgfgjh234569.ru
hjkg456hfg.ru

# Reference: https://twitter.com/Paladin3161/status/1149456134622863360
# Reference: https://www.virustotal.com/gui/file/a46358caac50799c82a9cdc45a3718bf519ffe5d32527fdc94843cf7bee487d8/detection

aol.vready.cn
v2api.v6.cn
118.25.165.228:443
134.175.107.117:80

# Reference: https://twitter.com/1ZRR4H/status/1121146391127044096

http://163.172.84.54

# Reference: https://twitter.com/James_inthe_box/status/1149640703082815489
# Reference: https://app.any.run/tasks/9bb12825-d6d8-4c82-9491-c6a460196bad/

43.254.217.67:443

# Reference: https://twitter.com/KorbenD_Intel/status/1146463851526938625

http://34.68.116.148

# Reference: https://twitter.com/stvemillertime/status/1142593479966691333

http://45.32.89.133

# Reference: https://www.virustotal.com/gui/domain/pre23sence.club/relations

pre23sence.club

# Reference: https://twitter.com/RedDrip7/status/1145877272945025029

http://43.254.217.67

# Reference: https://twitter.com/killamjr/status/1150218238573404160

pictureviewerpro.hopto.org

# Reference: https://twitter.com/P3pperP0tts/status/1150378625268666370

218.61.16.142:886

# Reference: https://twitter.com/P3pperP0tts/status/1150389146185342976
# Reference: https://app.any.run/tasks/d9edfd31-3526-4a6e-9657-0037a9c3ec43/
# Reference: https://twitter.com/James_inthe_box/status/1150402589449568257

82.202.221.61:4015
justdoits.pw
russianbase.ru

# Reference: https://twitter.com/P3pperP0tts/status/1150419408197693442
# Reference: https://app.any.run/tasks/bd7ea7cd-d94f-4e21-b809-864653ae59e7/

dircon88.bit
185.126.200.39:4000
185.126.200.39:4158

# Reference: https://twitter.com/JAMESWT_MHT/status/1150688427307929600

balances.duckdns.org

# Reference: https://twitter.com/nao_sec/status/1149273164058222592
# Reference: https://app.any.run/tasks/b2f81922-c7cf-4974-8a02-570ac3f440c1/

http://45.12.215.157

# Reference: https://twitter.com/James_inthe_box/status/1150794193494630401

mis.us

# Reference: https://twitter.com/James_inthe_box/status/1059087094612602881

jobs.samref.com.sa

# Reference: https://twitter.com/malware_traffic/status/856924240158896128

chaggma.com
hurtmehard.net

# Reference: https://twitter.com/Zerophage1337/status/854883694905098241

red.5efinance.net.in

# Reference: https://twitter.com/tmmalanalyst/status/796650651631505408

http://151.248.116.32
o61ulk.top

# Reference: https://twitter.com/BroadAnalysis/status/796379886738874368

di8dzlz.top
whitaker-detail.com

# Reference: https://twitter.com/oppimaniac/status/1151113181751906304

zerodayv3startedexploitpcwithexcelgreat.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1151156619733921792

http://5.56.133.137

# Reference: https://twitter.com/James_inthe_box/status/1151222412890927104

icf-fx.kz

# Reference: https://twitter.com/FewAtoms/status/1151220766337167360

jessecom.top

# Reference: https://twitter.com/jeromesegura/status/1148289957716344832

http://213.227.154.121
azera.club

# Reference: https://twitter.com/dvk01uk/status/1151351846411390976

mrjbiz.top

# Reference: https://twitter.com/sugimu_sec/status/1151463058138525696

woeiuyfgowe.xyz

# Reference: https://twitter.com/fletchsec/status/1151553862110720006

danmaxexpress.com

# Reference: https://twitter.com/James_inthe_box/status/1151583038087655424

4wereareyou.icu

# Reference: https://twitter.com/ViriBack/status/1151644173302456320

http://5.252.192.117

# Reference: https://twitter.com/ViriBack/status/1151642872778776581

http://172.86.120.238

# Reference: https://twitter.com/anyrun_app/status/1151747662011674624

charest-orthophonie.ca

# Reference: https://twitter.com/reecdeep/status/1151756075407945729

onholyland.com

# Reference: https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat
# Reference: https://otx.alienvault.com/pulse/5d30c84b82e46bd810cb4957

http://37.252.15.241
http://89.105.198.28
http://185.202.174.44
http://199.189.108.71

# Reference: https://twitter.com/FewAtoms/status/1152182269454499840

baladefarms-com.ga
baladefarms.ga

# Reference: https://twitter.com/x42x5a/status/1152203190898778112

sxhts-group.com

# Reference: https://twitter.com/HerbieZimmerman/status/1152207191962767360

f72f7994.green.mattingsolutions.co

# Reference: https://twitter.com/Paladin3161/status/1151809951762964480

zhujb.cn

# Reference: https://twitter.com/P3pperP0tts/status/1152231737583271936

103.118.221.190:38888
111.6.76.54:959

# Reference: https://twitter.com/P3pperP0tts/status/1152538885974634496

granportale.com.br

# Reference: https://twitter.com/SBousseaden/status/1152532262589800448

78sh68279.atspace.eu

# Reference: https://twitter.com/DGAFeedAlerts/status/1151931732725293060
# Reference: https://www.virustotal.com/gui/ip-address/63.251.106.22/relations

404mobi.com
51ginkgo.com
adqwozlzb.info
aszzfjwuzngkao.com
brokenpiano.ru
ceuflaxurxy.info
down.heheelibom.com
gatherreceive.net
haprtwfitgylgiivvcaunvealzqcfq.com
heheelibom.com
kibertuz.site
m8374.net
nzizemese.info
oymjiasojevof.com
plsskq.com
ponka.biz
qicswtcvvxnmv.info
sernak.xyz
sr57mj1bcvng4yqf2y41cep8d5.com
storyhave.net
system-internals.com
systembooster.info
thisborn.net
tpyntpcnxwvsjqow.com
windows-pcrepair.com
xrjlmyhds.info

# Reference: https://twitter.com/FewAtoms/status/1152611531890331648

climapro-africa.com

# Reference: https://twitter.com/Xylit0l/status/1152980561943760896

wwkkss.com

# Reference: https://twitter.com/bad_packets/status/1153089384884736000

silynigr.xyz

# Reference: https://twitter.com/reecdeep/status/1153248954911514625

karysmarie.me

# Reference: https://twitter.com/P3pperP0tts/status/1153257218780909568

enc-tech.com

# Reference: https://twitter.com/James_inthe_box/status/1153385401278771201

novocontador.club
thenewsystemsetup.online

# Reference: https://twitter.com/FewAtoms/status/1153714739324829696

adityebirla.com

# Reference: https://twitter.com/JayTHL/status/1153744085737512962

africanmobilenetworks.com
cxgtgdf.com
forteol.com
onwamay.in

# Reference: https://twitter.com/killamjr/status/1153760441056845824

100puntos.com

# Reference: https://twitter.com/gorimpthon/status/1153476585736925184

dellbankyzaj.com

# Reference: https://twitter.com/James_inthe_box/status/1154036514600308737

fomoportugal.com

# Reference: https://twitter.com/FewAtoms/status/1154065536596107264

http://185.62.189.153
comforitgreel.ml
jbssa.one

# Reference: https://twitter.com/luc4m/status/1154390964045254656

rgalldmn.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1155093166841892864

alldayever231.su

# Reference: https://twitter.com/DissectMalware/status/1069507395448184833

cxvbilladsoi-legal.1gb.ru
dttmasterpropriv.ml

# Reference: https://www.virustotal.com/gui/ip-address/173.231.184.61/relations

http://173.231.184.61

# Reference: https://twitter.com/FewAtoms/status/1155496035461947392

u700222964.hostingerapp.com

# Reference: https://twitter.com/MisterCh0c/status/1155725091214372864

tjcyint.ml
razorcrypter.com
systemswift.group
oymmadencilik.com.tr

# Reference: https://twitter.com/Racco42/status/1155790202306211841

http://23.81.246.28

# Reference: https://twitter.com/stvemillertime/status/1155896477195091971

s2lol.com

# Reference: https://twitter.com/James_inthe_box/status/1155845641949442048

serverstresstestgood.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1155945383048011777

robertogowin.com

# Reference: https://twitter.com/Artilllerie/status/1155851644262920199

protest-01262505.ga

# Reference: https://twitter.com/ninoseki/status/1156110479028133889

fatmazpharmc.com

# Reference: https://twitter.com/p5yb34m/status/1155956248681930755

modexcommunications.eu

# Reference: https://twitter.com/FewAtoms/status/1156156572747390977

creativecompetitionawards.ga

# Reference: https://twitter.com/p5yb34m/status/1156420680725831680

anthasoft.mx

# Reference: https://twitter.com/pulsedive/status/1156474611015528448

103.243.26.251:8988

# Reference: https://www.virustotal.com/gui/domain/rigneda.ru/relations
# Reference: https://www.virustotal.com/gui/file/4466e9258c00ecb4783001c678af6da8682fac36e5dd542a59f28a29245e5efa/detection

kuitrafes.ru  # Note: found on infected machine
rigneda.ru

# Reference: https://www.virustotal.com/gui/file/27e68e5e547860a9312d751381127ac85e89eeb40d74fa04aa4ca7fbc5498e51/detection

green5news.org

# Reference: https://twitter.com/malware_traffic/status/1157037634167984128

81.171.31.247:4567

# Reference: https://twitter.com/P3pperP0tts/status/1157196635207847938

kmxxw8.com

# Reference: https://twitter.com/alex_lanstein/status/1157261034521939968

122.114.173.174:3306

# Reference: https://twitter.com/James_inthe_box/status/1157406598769213440

zywuqcxtmqtz.000webhostapp.com

# Reference: https://twitter.com/Paladin3161/status/1157425240948920321
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

legion17.icu
vidardeep4.icu

# Reference: https://twitter.com/bad_packets/status/1157720176487329792

fxxxxxxk.me

# Reference: https://twitter.com/fatihsirinnnn/status/1158440148696293376

http://23.95.212.108

# Reference: https://twitter.com/ps66uk/status/1158456891623792647

http://149.202.110.2

# Reference: https://twitter.com/DynamicAnalysis/status/1158406596533338118

fomoportugal.com

# Reference: https://twitter.com/James_inthe_box/status/1158484189685010432

http://165.22.201.28

# Reference: https://twitter.com/P3pperP0tts/status/1158666213960179712

198.44.228.10:665

# Reference: https://twitter.com/Racco42/status/1158729618389643264

gsm-security-solutions.com

# Reference: https://twitter.com/wwp96/status/1158716438598836224

aspsensewiretransfergoogle.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1158812093786857475

http://23.82.128.23

# Reference: https://twitter.com/425A_/status/1158824075676069889
# Reference: https://twitter.com/JayTHL/status/1158839203884650499
# Reference: https://www.virustotal.com/gui/ip-address/94.237.40.127/relations

1dct.ru
3dface-nn.ru
4pplus.ru
aleksvip.ru
alienss.ru
anson-lkz.ru
ariosgroup.ru
aurora-mind.ru
balakhonov-yuriy.ru
bet-club.ru
business-in.ru
child-time.ru
clean24world.ru
csgo-fun.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
downloadjimm.ru
e-engenering.ru
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
favoritklg.ru
films-smotret-online.ru
flashsgame.ru
foleco.ru
fondafon.ru
fso29.ru
gocpro.ru
grozovoy-pereval.ru
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
hochu-shoping.ru
invest-alliance.ru
irkomp.ru
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
jotdesks.ru
kartofelmoptom.ru
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kopenbar.ru
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
krugosvet-ap.ru
ksmxnerqs.com
lenobl-primorsk.ru
leorex-super.ru
lifeofbeer.ru
limo69.ru
lizoblyudnichat.ru
mix-zarabotok.ru
nazarovdesign.ru
okovci.ru
oleg-boyko.ru
parustaxi.ru
plaksa-bdsm.ru
prazd-pack.ru
protest22.ru
pu97.ru
rabotasuper.ru
retro-cinema.ru
richelle-mead.ru
rock2.ru
rosmedpravo.ru
rostov-shops.ru
rulezzwarez.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
salon-na-domu.ru
sam-go.ru
shooting-portal.ru
soft-arhiv.ru
spstav.ru
srf48.ru
srkbelayareka.ru
storeprint.ru
story-toy.ru
strekozafitness.ru
stroydvor-kanev.ru
sunkom.ru
super-boost.ru
svet-lustra.ru
ta4ila.ru
tancemaster.ru
tatnadzor.ru
trialanet.ru
triumf18.ru
tvoyabezopasnost.ru
tvz2.ru
ukspravedlivost.ru
ulitka-plitka.ru
valchenco.ru
vedyshiy-na-svadby.ru
vip-xost.ru
visiohelp.ru
vorkutasport.ru
vradujnom.ru
vs-clab.ru
vseorake.ru
waple.ru
warabase.ru
web2kochanova.ru
webpartizan.ru
winx-clubs.ru
withmychild.ru
wmspb.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
bikton43.ru
douballkoreshy.com
douballkoreshy.info
douballkoreshy.net
douballkoreshy.org
elneemrrtorithum.com
elneemrrtorithum.info
elneemrrtorithum.net
elneemrrtorithum.org
hbazcfsder.com
hbazcfsder.org
hbazcfsderonline.com
hbazcfsdershop.com
hbazcfsderweb.com
jnazcfert.com
jnazcfert.org
jnazcfertonline.com
jnazcfertshop.com
jnazcfertweb.com
jnazmertsw.com
jnazmertsw.info
jnazmertsw.net
jnazmertsw.org
jnazxertw.com
jnazxertw.info
jnazxertw.net
jnazxertw.org
kmazvertx.com
kmazvertx.info
kmazvertx.net
kmazvertx.org
kmsxnertqa.com
kmsxnertqaonline.com
kmsxnertqashop.com
kmsxnertqaweb.com
kormboellamayy.com
kormboellamayy.info
kormboellamayy.net
kormboellamayy.org
ksmxnerqs.com
lizoblyudnichat.ru
richelle-mead.ru
sabreeelrefaay.com
sabreeelrefaay.info
sabreeelrefaay.net
sabreeelrefaay.org
sam-go.ru
spstav.ru
web2kochanova.ru
wsasxzertw.com
wsasxzertw.info
wsasxzertw.net
wsasxzertw.org
xvehpuabh.icu
yourub.ru
yzbobdl.space
zaimable.ru
zentrstroy.ru

# Reference: https://twitter.com/FewAtoms/status/1159155277695819776

dhlexpressdeliver.com

# Reference: https://www.fortinet.com/blog/threat-research/chinese-targeted-trojan-analysis.html

http://154.222.140.49

# Reference: https://twitter.com/DynamicAnalysis/status/1159564232469417988

karlvilles.com

# Reference: https://twitter.com/FewAtoms/status/1159490383350587392
# Reference: https://twitter.com/KorbenD_Intel/status/1163929665230299137
# Reference: https://www.virustotal.com/gui/file/e7b190ae876b10d0a216b8475eec078990da4ea07020b0e8a1d8b55b3baa1e4e/detection

u700222964.hostingerapp.com

# Reference: https://twitter.com/FewAtoms/status/1159482237513064449

http://13.67.107.73

# Reference: https://twitter.com/FewAtoms/status/1159473273870196736

http://13.75.76.78

# Reference: https://twitter.com/nao_sec/status/1159484498569863169

fasttransfer-trafficads.xyz

# Reference: https://twitter.com/Timele9527/status/1159673642332016640

fateh.aba.ae

# Reference: https://twitter.com/James_inthe_box/status/1159834709209128961

master712.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1159833486817034241

lnkexploit.com

# Reference: https://twitter.com/James_inthe_box/status/1159861664960749569

beastmas.club

# Reference: https://twitter.com/James_inthe_box/status/1159916671055757312

http://40.117.61.41
americanaspromocoes.ga

# Reference: https://twitter.com/James_inthe_box/status/1160150821830418432

3prokladkaeu.com
setseta.com

# Reference: https://twitter.com/FewAtoms/status/1160195673054015488

rubthemoneybear.xyz

# Reference: https://twitter.com/FewAtoms/status/1160543075372032006

sevenj.club

# Reference: https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat
# Reference: https://otx.alienvault.com/pulse/5d517a359da59958f72dc6c8

aeconex.com

# Reference: https://www.virustotal.com/gui/ip-address/89.17.225.163/relations

americanexpresscardconfirmationsystemservice.com
americanexpressesitz.com
americanexpressfeedback.com
associatedbnking.com
badaprutus.pw
biboressurection.info
blaerck.xyz
bozem.co
carolambasola.co
carrefour-moncompte.info
chaseonlinebusinesssolution.com
chaseonlinei.com
chaseonlinenotifier.com
chasesonliines.com
chasessonline.com
cloudresemblao.top
co-operative-bank.com
contributionsthroughy.net
csh0p.ru
dranidepod.org
flowjob.top
formasnetoyvnastrchine.com
garizzlas.top
hudsonenorincludes.com
igjqwnedjgqwnqwemnta.net
instant-payments.ru
jumpinghouse.org
kerbitsallor.us
kunden-contact-5126351253252.icu
kunden-contact-6478585764.top
landoftools.ru
manfam.co
moikopoli.com
mymoneywallets.com
nettubex.top
paysell.org
pooiukjadnqwdjnqasdne.com
portfos.org
postedecretosecure.info
posteitalianedecreto.top
posteitalianesicurezzadecreto.info
potomuchtosrazuskazaleb.com
quickbooks-intuits.com
scottfranch.org
siruksazon.us
thefreshstuffs.org
thefreshstuffs.ru
thefreshstuffs.to
tiamos.co
toperdona.com
topwarenhub.top
trading-secrets.ru
try2swipe.ws
tuyngsdnfwefwef.com
ukmarket.su
usaa-communication.com
usaa-urgentrequest.com
usaacominetentproofproofingeventactioninitevent.com
usaadbfeedback.com
usaamemberservices1.com
usaamembersupports.com
vaslbntr.ru
verificadeidatipostali.com
verify-konto-326351323.icu
wellsfargosz.com
withadvertisingthe.net
zxciuniqhweizsds.com

# Reference: https://twitter.com/malware_traffic/status/1160988600391086081

http://107.173.90.141

# Reference: https://www.virustotal.com/gui/domain/orderbox-dns.com/details
# Reference: https://app.any.run/tasks/68c8f400-eba5-4d6c-b1f1-8b07d4c014a4/
# Reference: https://www.virustotal.com/gui/file/17901948c9c9f2f0d47f66bbac70592a7740d181f5404bf57c075ed6fa165b67/detection
# Reference: https://www.virustotal.com/gui/ip-address/176.119.29.14/relations

http://176.119.29.14
bbouble.xyz
mtcunlocker.info

# Reference: https://twitter.com/stoerchl/status/1161159995217653761

zerosugaraddonexploit.duckdns.org

# Reference: https://twitter.com/p5yb34m/status/1161323938313457665

dk-rc.com/js/

# Reference: https://twitter.com/FewAtoms/status/1161981277815410688

asdklgb.ga
forconfirmation.gq
xingyang-glove.com

# Reference: https://twitter.com/chen_erlich/status/1162009562674843649
# Reference: https://www.virustotal.com/gui/ip-address/185.99.133.219/relations

http://185.99.133.219
earphorialofts.net
urbanholidaylo.net
wrigleychicago.org

# Reference: https://twitter.com/_jsoo_/status/1162039650791198720

a.ycwave.cn

# Reference: https://twitter.com/w3ndige/status/1162331454233370624
# Reference: https://app.any.run/tasks/c374d548-02b0-4419-9551-d8800388af42/

http://23.106.215.95
114.221.16.192:443
154.149.31.37:443
64.77.134.20:443

# Reference: https://twitter.com/killamjr/status/1162360718395658240

http://195.123.243.210

# Reference: https://twitter.com/FewAtoms/status/1162667333573390337

http://156.238.3.105
59.188.255.217:6320

# Reference: https://twitter.com/0xrb/status/1162955576927670272
# Reference: https://www.virustotal.com/gui/ip-address/216.224.181.16/relations

99bcare.com
apacbizpartner.com
apacsfsolutions.com
apactechbiz.com
asiapacsolution.com
b2janitorial.com
bitmailpost.com
bizventuresgroup.com
bizvertical.com
bpsservices.org
bpswired.com
bsnprotocol.com
cbxsystematics.com
cliquedasia.com
comcleanserv.com
connexionweb.net
csbizsolution.com
csbprofile.com
cstechnology.org
directitsolutions.com
enterpriselevelsolutions.com
expressstrategy.net
file-keeps.com
firstclassit.net
fluxserveasia.com
globalitbuilder.com
great-tec.com
idealprospecting.com
infotechsoln.com
innovationtech-asia.com
insidesalesinc.com
intellibiz.net
istglobal.net
it-salesmktg.com
kickstartsalesforce.com
knitgeek.com
lamultispecialty.com
mail-bounce.com
medassistforte.com
medsolutionscare.com
merchadvisors.com
multichannelmktg.com
realtech-international.com
rhipecloud.com
secureditgroup.net
sf-apac.com
softbizsoln.com
softitcare.net
softstreams.com
softtechenterprise.com
technocloudxpert.com
techpacific-international.com
tecnevo.com
tecqna.com
thebusinessdrift.com
thesoftwareenterprise.com
thewisesoln.com
thunderlinkz.com
tradespecialistgroup.com
ultimateintelligence.net
universalitbiz.com
vitrexa.com
wallstreetguru.info
worldsfinestservice.com
xpresstrategy.net
zenbitsolution.com
zenithnetworxs.com

# Reference: https://twitter.com/FewAtoms/status/1163043154628624385
# Reference: https://www.virustotal.com/gui/file/94543f02145c8cbc924fe6a4229b16f3b1d2988c6db4b66df5cd766322982f93/detection
# Reference: https://www.virustotal.com/gui/file/5e505f7876fbde8e323f698982f189b12be25569113a2426d6f6f8dda0e7d8be/detection
# Reference: https://www.virustotal.com/gui/file/300ece5931709d15dfd9a5ddce2f69ec6aa7466277a0a0edba134375bf2c20be/detection
# Reference: https://www.virustotal.com/gui/file/4ed245f6ae78a3a39543d865c0660c5dab39bcee18ee1abb212d8a3893e6584a/detection

http://193.112.160.173
193.112.160.173:33221
193.112.160.173:55421

# Reference: https://twitter.com/tkanalyst/status/1163084043832872961
# Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/

sexshops.site
sreex.info
sygicstyle.xyz

# Reference: https://twitter.com/James_inthe_box/status/1163565834343632897
# Reference: https://app.any.run/tasks/04a0a774-dd16-43bd-a966-2a35ca66fe70/
# Reference: https://pastebin.com/Lv0KAQ0k

dogware.pw
cy91219.tmweb.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1163736730371022848

nainyet.casa

# Reference: https://twitter.com/gorimpthon/status/1163616173860122624

evaglobal.eu

# Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/

http://194.58.38.50
http://194.58.58.70

# Reference: https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/

halanis21yi84alycia.top
hvkbvmichelfd.info

# Reference: https://twitter.com/James_inthe_box/status/1163880851236462592

bulehero2019.club
kingminer.club
oiwcvbnc2e.stream

# Reference: https://twitter.com/WarlordLestat/status/1164118573872271360

malikom.xyz
mrtcom.space
rainit.xyz
sauronn.host
sidom.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1164140106095177731
# Reference: https://app.any.run/tasks/0c5278c0-d505-4873-b612-9318dbbc2733/

101legit.com
legitville.com
moskaumoskau.com
savemax.store

# Reference: https://twitter.com/n0p1shing/status/1164150184517033986

akudobia.com

# Reference: https://twitter.com/VK_Intel/status/1164194019930497025

vregbqeg.com

# Reference: https://twitter.com/dms1899/status/1164699178527842304

dngerpppsa.xyz

# Reference: https://twitter.com/bad_packets/status/1165041748772438016

fuckingmy.life

# Reference: https://twitter.com/JAMESWT_MHT/status/1165942869359759361

xyskyewhitedevilexploitgreat.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166243679058694145

statexadver3552mn12.club

# Reference: https://twitter.com/JAMESWT_MHT/status/1166252297124552704

collinsserver.duckdns.org

# Reference: https://twitter.com/gorimpthon/status/1166278659629408257
# Reference: https://app.any.run/tasks/acaedaa7-fbe2-4139-b190-edaebc601c08/

http://45.76.113.195

# Reference: https://twitter.com/FewAtoms/status/1166319332051128320

http://161.202.40.99

# Reference: https://twitter.com/malware_traffic/status/1166114783676051456

statexadver3552mn12.club

# Reference: https://twitter.com/DynamicAnalysis/status/1166433211548913668

filebase.duckdns.org

# Reference: https://twitter.com/P3pperP0tts/status/1166491923911184385

owak-kmyt.ru
pdofan.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1166721502579974146

curly-bar-8ce5.myloaders.workers.dev
young-bonus-b8e4.myloaders.workers.dev

# Reference: https://twitter.com/James_inthe_box/status/1166683407943794688

chernovik55.ru

# Reference: https://twitter.com/P3pperP0tts/status/1166782653623918592

brizy5.ru

# Reference: https://app.any.run/tasks/b79f8f2f-d8d9-4f39-ad9c-4feae85babdf/

mailadvert19.world

# Reference: https://twitter.com/FewAtoms/status/1167070059010953218

background.pt

# Reference: https://twitter.com/bad_packets/status/1167336978041303040

stresser.cc

# Reference: https://twitter.com/JAMESWT_MHT/status/1167443194033901568

i03kf0g2bd9papdx.com

# Reference: https://twitter.com/JayTHL/status/1167666533260304385

azuremoonentertainment.mobi

# Reference: https://twitter.com/nao_sec/status/1167797188363055105 (CVE-2018-15982)
# Reference: https://app.any.run/tasks/49618924-ee31-4ed7-9669-17e0816f59a4/

http://82.146.59.230
gw.brownsine.com

# Reference: https://twitter.com/P3pperP0tts/status/1167890224644362241
# Reference: https://www.virustotal.com/gui/domain/k1ristri.ru/relations

k1ristri.ru
2nud.k1ristri.ru
551t.k1ristri.ru
c.k1ristri.ru
jl.k1ristri.ru
k2.k1ristri.ru
mq.k1ristri.ru
p6.k1ristri.ru
un0.k1ristri.ru
v2w.k1ristri.ru
w1g.k1ristri.ru
ycl.k1ristri.ru

# Reference: https://twitter.com/FewAtoms/status/1168131803560984577

accoun2-sign1-secur-ace324490748.com

# Reference: https://www.virustotal.com/gui/file/7d48a6706013036266dbcd44aa7528d9e9331de0e9214b564255b96b5767b282/detection

absetup5.icu

# Reference: https://twitter.com/Paladin3161/status/1168863588015935488

sebains.kozow.com

# Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329

farnbrands.com

# Reference: https://twitter.com/JayTHL/status/1169000377120935941

rdmapperels.com

# Reference: https://twitter.com/angel11VR/status/1169155232447762437

ukr1.net

# Reference: https://twitter.com/malware_traffic/status/1169312743956066305

http://45.142.212.25

# Reference: https://twitter.com/FewAtoms/status/1169333693325946880

macvin.5gbfree.com

# Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432

fomoportugal.com

# Reference: https://twitter.com/malware_traffic/status/1169358788748615680

http://179.43.169.43
wyyjacky.club

# Reference: https://twitter.com/P3pperP0tts/status/1169642311942397954

brizy5.ru
ho3fty.ru
j990981.ru
seraph15.ru
valerana44.ru
ww2rai.ru

# Reference: https://twitter.com/JayTHL/status/1169688507700457472

waymahikatudor.com

# Reference: https://twitter.com/blackorbird/status/1169859337709207552

http://220.158.216.134

# Reference: https://www.virustotal.com/gui/domain/tomx.xyz/relations

tomx.xyz

# Reference: https://twitter.com/SecSome/status/1169972222439690241
# Reference: https://app.any.run/tasks/21339218-b4fd-4084-95d5-5c42fed4c71d/

204.152.219.82:9008
jobmalawi.com

# Reference: https://twitter.com/Zerophage1337/status/1007645365133246464

http://199.192.19.133
http://91.210.104.247

# Reference: https://twitter.com/FewAtoms/status/1170323745195663360

aagaeyarintz.com

# Reference: https://twitter.com/James_inthe_box/status/1170641393875742720
# Reference: https://www.virustotal.com/gui/domain/educationaltools.info/relations

educationaltools.info

# Reference: https://twitter.com/tkanalyst/status/1170688633172443139
# Reference: https://app.any.run/tasks/fd9a41e5-4768-4ab0-afd3-83988feb49c8/

digimonex.host
mailadvert917dx.world
umbr.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1170726870519824384

pp-back.info

# Reference: https://twitter.com/ViriBack/status/1170731470039789568

fiscalia.ga

# Reference: https://twitter.com/FewAtoms/status/1171076098244919297

http://23.106.124.142

# Reference: https://app.any.run/tasks/1765b64a-78f0-4360-afaf-6ba886a6d72f/

http://195.123.242.175

# Reference: https://twitter.com/tkanalyst/status/1171572121648033792

starserver715km.world

# Reference: https://twitter.com/reecdeep/status/1171365416180080640

bobbychiz.top

# Reference: https://twitter.com/trungduc751995/status/1171693318117281793
# Reference: https://otx.alienvault.com/pulse/5d78e9388461b273c265778e

http://35.224.233.140

# Reference: https://twitter.com/killamjr/status/1171849775911772165

globalpaymentportal.co

# Reference: https://twitter.com/sugimu_sec/status/1172058813177851904

aliiydr.xyz

# Reference: https://twitter.com/gigafio/status/1172102628546924545

alhaji.top

# Reference: https://twitter.com/Paladin3161/status/1171954425780289542

qeeeeewwswsweerwwerwerwrwerwerwerwere.warzonedns.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1172122495652155392

mewahgroup.pw

# Reference: https://twitter.com/rpsanch/status/1172548993177522176
# Reference: https://app.any.run/tasks/f24e56fa-c8b8-4b7d-99b0-2975e04429fa/
# Reference: https://otx.alienvault.com/pulse/5d921f7a6ff5154cba005284

213.252.246.80:448
213.252.246.80:80
213.252.246.80:8888
8933-16423.bacloud.info
mtcareers.myftp.org
mantechcareers.serveftp.com
ngcareers.myvnc.com
northropgrumman.sytes.net

# Reference: https://www.virustotal.com/gui/domain/lalitmumbai.net/relations
# Reference: https://app.any.run/tasks/086e4aa9-1ece-441a-a5c3-eb8879d26e2e/

lalitmumbai.net

# Reference: https://twitter.com/Racco42/status/1173547031979278336

fomoportugal.com

# Reference: https://twitter.com/struppigel/status/1173883825333706752
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/
# Reference: https://documents.trendmicro.com/assets/Appendix_Spam_Campaign_Targets_Colombian_Entities_with_Custom_made_Proyecto_RAT_Uses_Email_Service_YOPmail_for_C&C.pdf
# Reference: https://www.virustotal.com/gui/file/f8bf2120bdec3da240bf4a56760ee42d045e42ec4ae1d261774ff13fc2cb7cc0/detection

http://95.179.168.23
http://144.202.19.31
diangovcomuiscia.com
eltiempocomco.com
medicosempresa.com

# Reference: https://twitter.com/FewAtoms/status/1173982410951839745

http://185.250.240.84

# Reference: https://twitter.com/reecdeep/status/1174270764461244417

indta.co.id

# Reference: https://twitter.com/wwp96/status/1174311496639221760

this-a22.tk

# Reference: https://twitter.com/James_inthe_box/status/1174336699112906752

hushpan.icu

# Reference: https://twitter.com/FewAtoms/status/1174350146768965636

http://34.87.96.249

# Reference: https://twitter.com/blackorbird/status/1174894127378358272

http://141.98.213.198

# Reference: https://twitter.com/DbgShell/status/1174997242425565185

xozidazatibotiko.ddns.net

# Reference: https://twitter.com/JayTHL/status/1175248668502437888

discribechnl.com
menukndimilo.com
raatphailihai.com

# Reference: https://app.any.run/tasks/ce52b6fb-5444-4d4d-9071-aa4a3d4d0f52/

http://185.206.212.65

# Reference: https://twitter.com/illegalFawn/status/1176077657311764480

sicurezzaonline.info

# Reference: https://twitter.com/luc4m/status/1176045112469725184

http://216.170.126.139

# Reference: https://twitter.com/P3pperP0tts/status/1176831679106826240

systemgooglegooglegooglegooglegooglegoole.warzonedns.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048

redmoscow.info

# Reference: https://twitter.com/h4ckak/status/1112953627478351874
# Reference: https://app.any.run/tasks/72dd9d2e-5d7d-412a-830b-d2bd59f98760/
# Reference: https://www.virustotal.com/gui/file/f99cb5b099030834f84c5053b1610e911727673767dd9a6a938a13f1da9d6a33/detection

88.80.144.9:9987
exchangeser.com

# Reference: https://twitter.com/FewAtoms/status/1177940330655543302

202.168.151.38:3880

# Reference: https://twitter.com/tkanalyst/status/1177952093287530496

whoil.club

# Reference: https://twitter.com/Edgespot_io/status/1069690604198682624

34.227.171.221:8080

# Reference: https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html

cindysonam.org

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

kiskakisska.xyz
xyxyxoooo.com

# Reference: https://twitter.com/0xFrost/status/1179128508817260545
# Reference: https://app.any.run/tasks/c08c12cc-4a9f-44f4-9aa7-ef11900a8bc8/

wirelord.us

# Reference: https://twitter.com/tkanalyst/status/1179174693963587584
# Reference: https://app.any.run/tasks/a2ef7bde-fc71-4f7e-9246-1af8f16b5e6b/

crasyhost.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-08-14-microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253/microsoft-cortana-allows-browser-navigation-without-login-cve-2018-8253.csv

missaruba.aw

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-05-04-drive-by-downloads-attack-adobe-zero-day-flaw/drive-by-downloads-attack-adobe-zero-day-flaw.csv

jeentern.dyndns.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2011/2011-12-14-inside-adobe-reader-zero-day-exploit-cve-2011-2462/inside-adobe-reader-zero-day-exploit-cve-2011-2462.csv
# Reference: https://www.virustotal.com/gui/file/c6072e6446c1641d35e1e471adf4ce533f0615a0365168728bcefe4df2d213ff/detection

prettylikeher.com

# Reference: https://twitter.com/James_inthe_box/status/1180128778229444608
# Reference: https://twitter.com/P3pperP0tts/status/1180141309685837825

corpcougar.com
corpcougar.in

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-04-03-rtf-attack-takes-advantage-of-multiple-exploits/rtf-attack-takes-advantage-of-multiple-exploits.csv

aulbbiwslxpvvphxnjij.biz
invoice-accounts.org

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2015/2015-05-18-malware-spreads-facebook-tag-scam/malware-spreads-facebook-tag-scam.csv

exusers.com

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-19-ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard%0D.csv

62.152.47.251:8000

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2018/2018-03-02-hackers-bypassed-adobe-flash-protection-mechanism/hackers-bypassed-adobe-flash-protection-mechanism.csv

korea-tax.info

# Reference: https://twitter.com/YttriumSec/status/1180101251855343616

http://115.159.87.251

# Reference: https://twitter.com/FewAtoms/status/1180819300476755969

http://34.87.19.73

# Reference: https://twitter.com/jishuzhain/status/1181201933714911232

103.99.2.65:1010

# Reference: https://twitter.com/ecarlesi/status/1181522701195849728

downloadtg4.website

# Reference: https://twitter.com/P3pperP0tts/status/1181547444837986304

http://43.255.241.160

# Reference: https://twitter.com/JAMESWT_MHT/status/1181616566024183809

http://209.141.42.23

# Reference: https://twitter.com/0xFrost/status/1182037064344322053

5571875.info

# Reference: https://twitter.com/P3pperP0tts/status/1182225501387141120

http://31.44.184.123
goji-actives.net

# Reference: https://twitter.com/benkow_/status/1182604054742085632

wisecleaner.cleaning

# Reference: https://twitter.com/JAMESWT_MHT/status/1182613351425368066
# Reference: https://app.any.run/tasks/14b5c38b-0d39-4c99-9934-998491019487/
# Reference: https://www.virustotal.com/gui/domain/taskhostw.com/relations

taskhostw.com

# Reference: https://twitter.com/James_inthe_box/status/1182703889012813824

http://198.23.202.49

# Reference: https://twitter.com/P3pperP0tts/status/1182968741283454977

madnik.beget.tech

# Reference: https://twitter.com/ViriBack/status/1183098116263858176

taxjustice-usa.org

# Reference: https://twitter.com/ViriBack/status/1183157722348433413

gayaju.com

# Reference: https://www.virustotal.com/gui/domain/paletoxyz.com/relations

paletoxyz.com

# Reference: https://twitter.com/ecarlesi/status/1183415444612485120

inationnetwork.xyz

# Reference: https://twitter.com/w3ndige/status/1171159313865465856

http://108.62.118.233

# Reference: https://twitter.com/w3ndige/status/1168437823193669632

posqit.net

# Reference: https://www.virustotal.com/gui/domain/accessheler.com/relations

accessheler.com

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

http://45.114.8.161

# Reference: https://app.any.run/tasks/5ea9c799-eb73-4854-903a-a4a080659af0/

http://167.114.95.127

# Reference: https://twitter.com/ffforward/status/1184379075642773505

show-qo13.tk

# Reference: https://twitter.com/P3pperP0tts/status/1184405805648564226

qisqholden.com

# Reference: https://twitter.com/James_inthe_box/status/1185191156168065024

fbigov.website

# Reference: https://twitter.com/FewAtoms/status/1185249656235843588

afrimarinecharter.com

# Reference: https://twitter.com/JayTHL/status/1185303303892033536

thekukuaproject.com

# Reference: https://twitter.com/FewAtoms/status/1185980535497207808

collierymines.com

# Reference: https://twitter.com/albertzsigovits/status/1186255610163187714

logover.su

# Reference: https://blog.sucuri.net/2019/10/cryptominers-backdoors-found-in-fake-plugins.html
# Reference: https://otx.alienvault.com/pulse/5dadb6fad17367c025d25421

abcxyz.stream

# Reference: https://twitter.com/James_inthe_box/status/1186363546155663360

0b8a67f7.ngrok.io

# Reference: https://twitter.com/wwp96/status/1186365682520338434

granuphos-tn.com

# Reference: https://twitter.com/smica83/status/1186520175467810817
# Reference: https://www.virustotal.com/gui/domain/taamgol.com/relations

taamgol.com

# Reference: https://twitter.com/wwp96/status/1186637571876630529

46.183.220.10:1010

# Reference: https://twitter.com/JAMESWT_MHT/status/1186641478996639745

cloudown.icu

# Reference: https://app.any.run/tasks/83bf663d-6020-4186-970e-3c50b842510c/

newandupdates1234.blogspot.com

# Reference: https://twitter.com/FewAtoms/status/1186676588013899776

http://151.80.8.7

# Reference: https://twitter.com/ANeilan/status/1186847142113173504

diporpef.com

# Reference: https://twitter.com/j_rom_/status/1184880435219849218

amz-syndication.com

# Reference: https://twitter.com/fatihsirinnnn/status/1186938514845380608

acmestoolsmfg.com

# Reference: https://twitter.com/P3pperP0tts/status/1186988588656934913

tourscentralasian.com

# Reference: https://twitter.com/wwp96/status/1187023690636152832

romanceobsessed.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1187296372833357825

http://5.188.9.33

# Reference: https://twitter.com/dms1899/status/1187270160220147712

modexcourier.eu

# Reference: https://www.virustotal.com/gui/ip-address/161.117.41.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/161.117.8.4/relations

abs-glt.com
akinsab.ru
app-comercialex.top
aucklandcustom-nz.com
avgsupport.info
bkam.tech
capeplcinc.com.ua
casmagnat.rocks
clinefr12.com
clotiahs.info
cremeroloe.com
doosamnt.com
dotmpegjdj.com
echaintool.info
efore.info
esetsupport.info
famoosonutt.com
fueda.info
gidnik.com
gihf2.com
gracetime.tech
grindtreue.online
grindtruex.online
gunmak-com.tk
higomanga.info
jajar.ru
jer23.com
jobttast.com
kaburto.info
knt73.com
kord23.com
mikeservers.eu
modcloudserver.eu
modexcommunications.eu
nestp11.com
niiqata-power.com
offsolo-gbb.tech
oker1.com
oldendroff.com
pache22.com
paramountemporium.vip
peaches19.com
posqit.net
priv112.com
qoqip.com
quecik.com
rnuganbank.com
roumines.com
saturatix.top
siiigroup.com
smart-net.rocks
sun-clear.net
sylvaclouds.eu
torresansrl-it.com
tr0nsf01.org
tr30nfs01.com
tsep13.com
tyler14.com
uloego.info
vcmcompanys.com
vinaprio.com
wgeise4.com
xinblasta.us
yuxinproteins.com
zhchlt.com

# Reference: https://twitter.com/petrovic082/status/1187762565969043457
# Reference: https://app.any.run/tasks/03afa5cb-2d8d-4cd0-a7ab-4e1bd7464db6/

neroolive.org

# Reference: https://www.virustotal.com/gui/domain/aklianfa.com/relations

aklianfa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1188005690130026498

http://193.26.217.230

# Reference: https://twitter.com/DissectMalware/status/1006784787854581760

111.73.46.110:7717

# Reference: https://twitter.com/InQuest/status/1188373526622941186

lritck.tk

# Reference: https://twitter.com/JayTHL/status/1188801316417687552

http://37.1.219.172

# Reference: https://app.any.run/tasks/24cc7183-7345-46f6-b26e-1e173d9c98a9/

d1c56b05.ngrok.io

# Reference: https://twitter.com/JAMESWT_MHT/status/1188856141633261570

blockchainblogger.club

# Reference: https://twitter.com/FewAtoms/status/1188858041686466561

enkaypastri.com

# Reference: https://twitter.com/DrStache_/status/1188917585540276224

torishima-qa.com

# Reference: https://twitter.com/david_jursa/status/1189155057834647552

thekokokoupd.online

# Reference: https://app.any.run/tasks/4c6e0f94-e147-47ca-9467-c3864047439f/

lkdff.com

# Reference: https://twitter.com/wwp96/status/1189236233613889538

frenddizoni.org

# Reference: https://twitter.com/OttoScav/status/1189220259842187264

213.152.160.146:1010

# Reference: https://app.any.run/tasks/986f65f5-5208-4133-b9af-c993edcc1e34/

http://199.195.254.187

# Reference: https://twitter.com/James_inthe_box/status/1189287512684019714

oz-dn.org

# Reference: https://twitter.com/w3ndige/status/1189301536691752960

http://74.118.138.167

# Reference: https://twitter.com/ViriBack/status/1189329887074619395

arbistars.com

# Reference: https://twitter.com/wwp96/status/1189536892322304002

uzojesse.top

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://185.193.125.135

# Reference: https://twitter.com/killamjr/status/1189717599040528386

esascom.com

# Reference: https://twitter.com/InvertedLina/status/1189940700311379968

amana-agro.com

# Reference: https://twitter.com/malware_traffic/status/1190026665952497667

http://107.181.175.118
http://149.154.67.19

# Reference: https://twitter.com/unmaskparasites/status/1184973893225865222

dropboxfiles.net
mydropboxfiles.com

# Reference: https://twitter.com/killamjr/status/1190087811803815936

http://51.89.163.174

# Reference: ttps://twitter.com/pmelson/status/1190419506620981248

azuredatabox.azureedge.net

# Reference: https://pastebin.com/29uSdMAk

chinalarnpbase.com

# Reference: https://twitter.com/MalwareTechBlog/status/1190730471321112577
# Reference: https://otx.alienvault.com/pulse/5dbdf437299aea7cd396cd26

5.100.251.106:443
5.100.251.106:80

# Reference: https://app.any.run/tasks/2be23d42-242b-47bc-8d0f-76a5b80e7a4b/

1xv4.com

# Reference: https://app.any.run/tasks/e15b03be-14d2-49c0-b6c1-04249d0783f1/
# Reference: https://www.virustotal.com/gui/domain/stroytrest19.by/details

stroytrest19.by

# Reference: https://twitter.com/tkanalyst/status/1190975614766833664
# Reference: https://otx.alienvault.com/pulse/5dc1a88e1cf7281dc5c4ed5b

http://107.167.244.67
http://138.68.15.227
http://198.199.104.8
blockchainblog.club

# Reference: https://twitter.com/wwp96/status/1191013406175830017

racetech.club

# Reference: https://twitter.com/ViriBack/status/1062544747062050817

web-bancadigitalbod.com

# Reference: https://twitter.com/ViriBack/status/989663475445190656

pf-pv.xyz

# Reference: https://twitter.com/fumik0_/status/968070745766154240

updatecenter.ru

# Reference: https://twitter.com/FewAtoms/status/1191349702920474625

http://35.247.253.206

# Reference: https://www.reddit.com/r/sysadmin/comments/aswr03/anyone_identify_this_miner_or_malware/
# Reference: https://app.any.run/tasks/daddea03-d06c-42ce-a539-516b5173467f

185.112.156.92:8092
http://173.247.239.186

# Reference: https://app.any.run/tasks/02fc860e-cb3b-4ed4-84c5-95ee52d7e96a/

http://45.147.229.149

# Reference: https://twitter.com/w3ndige/status/1191752055012122625

mostfirstandnow.site

# Reference: https://twitter.com/FewAtoms/status/1191751916570763264

mjnalha.ml

# Reference: https://www.virustotal.com/gui/ip-address/185.212.128.189/relations

http://185.212.128.189

# Reference: https://twitter.com/QW5kcmV3/status/1191441479467708417
# Reference: https://otx.alienvault.com/pulse/5dc190575e635818231a16d9

ms-audit-server.club
ms-dll-com.info
ms-dll-service.site

# Reference: https://twitter.com/wwp96/status/1191754793737428993

http://66.154.103.133

# Reference: https://twitter.com/tccontre18/status/1191638837136633856
# Reference: https://app.any.run/tasks/dc833ad4-508a-42eb-9bc2-cef42a558e89/

http://47.240.70.20
47.240.70.20:8080

# Reference: https://twitter.com/P3pperP0tts/status/1191862832360501249

http://192.3.247.119

# Reference: https://twitter.com/killamjr/status/1191923979549921280

admin-578472.serveo.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1192034769011388417

http://78.47.36.215

# Reference: https://twitter.com/wwp96/status/1192102384819933185

megatraffik.com

# Reference: https://twitter.com/pancak3lullz/status/1192132907277733889

http://162.218.210.202

# Reference: https://twitter.com/FewAtoms/status/1192129351871082496

http://185.102.122.2

# Reference: https://twitter.com/KorbenD_Intel/status/1192147546086498311

http://47.102.114.62

# Reference: https://twitter.com/lazyactivist192/status/1192458664407392256

http://185.12.29.38

# Reference: https://twitter.com/dave_daves/status/1192472618261254145
# Reference: https://app.any.run/tasks/74221158-9b70-43ab-9a59-df368ff001ed/

http://18.229.155.115
socios20199.webcindario.com

# Reference: https://twitter.com/ccxsaber/status/1191916749630783489
# Reference: https://otx.alienvault.com/pulse/5dc4b4c2bada09c6a58dd516

http://192.119.111.4

# Reference: https://twitter.com/coderippers/status/1192746152514469888

phltimberwarehouse.co.uk

# Reference: https://twitter.com/killamjr/status/1192788604508131333

http://181.143.146.58

# Reference: https://twitter.com/FewAtoms/status/1192847054130831360

soldi.duckdns.org

# Reference: https://app.any.run/tasks/e89ec46a-0637-4b24-9802-08cc19459bef/

og-funds.net

# Reference: https://twitter.com/rpsanch/status/1181455677920829440

plazatiles.sytes.net

# Reference: https://app.any.run/tasks/90e9809c-d3c5-4e93-b364-6ec4911c2e3e/

exe-3.icu

# Reference: https://twitter.com/mszustak/status/1159824933171544064

hobby-l0bby.com

# Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html (# Win.Dropper.Remcos-7376444-0)
# Reference: https://www.virustotal.com/gui/domain/proyectobasevirtualcol.com/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.33.68.255/relations

proyectobasevirtualcol.com
recuperaciondecartera.website

# Reference: https://zerophagemalware.com/2018/01/23/maldoc-rtf-drop-loda-logger/
# Reference: https://www.virustotal.com/gui/domain/humiconfort.com/relations

humiconfort.com

# Reference: https://twitter.com/malware_traffic/status/988589136163622912

plumberspro.us

# Reference: https://twitter.com/HSAFTeam/status/1189557108498485248

http://111.90.150.133
filabella.ga

# Reference: https://twitter.com/James_inthe_box/status/1193539893000986624

35.247.208.129:4748

# Reference: https://community.rsa.com/community/products/netwitness/blog/2018/01/12/malspam-delivers-njrat-1-11-2018
# Reference: https://www.virustotal.com/gui/ip-address/162.144.63.238/relations

eagleepcisocks.com

# Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php

vjro.biacap.com

# Reference: https://twitter.com/wwp96/status/1193942503864651776

zinkobeauty.com

# Reference: https://twitter.com/jcarndt/status/1194305779634970625

office365.firewall-gateway.net

# Reference: https://twitter.com/James_inthe_box/status/1194358787513077766
# Reference: https://www.virustotal.com/gui/file/fcdf29266f3508bd91d2446f20a73a811f53e27ad1f3e9c1f822458f1f30b5c9/detection
# Reference: https://twitter.com/James_inthe_box/status/1194367229879472129

/anatoliisaharoff/rep/downloads/

# Reference: https://twitter.com/KorbenD_Intel/status/1194361467660836864

http://217.73.62.206

# Reference: https://twitter.com/w3ndige/status/1194889495868592130

dubem.top

# Reference: https://twitter.com/Rmy_Reserve/status/1194944079076835333
# Reference: https://app.any.run/tasks/bca1d42d-ea10-4a7b-b98c-4d645ba1e204/
# Reference: https://www.virustotal.com/gui/domain/n-trip.com/relations

n-trip.com

# Reference: https://twitter.com/pmelson/status/1195009552921616386
# Reference: https://www.virustotal.com/gui/domain/008ex.com/relations

008ex.com
bill.008ex.com
download.008ex.com
jan.008ex.com
slay.008ex.com

# Reference: https://twitter.com/ItsReallyNick/status/1195233697630445569

d1lkxepo6u8zf.cloudfront.net

# Reference: https://twitter.com/FewAtoms/status/1195313326500327424

alg0sec.com

# Reference: https://app.any.run/tasks/b7103ff0-18bb-431e-8175-f1274a17de18

andrewharmon.x10host.com

# Reference: https://www.virustotal.com/gui/file/2b2697a0a26e746b6dd27d3aee7b126f6b72a09d8bf52961203a849b043d8fbd/relations

longvoyages.com

# Reference: https://twitter.com/KorbenD_Intel/status/1195341394132525056

http://35.181.60.96

# Reference: https://app.any.run/tasks/8da10f37-1e46-4c71-88bb-e72c40c99e24/

harmonyfacility.com

# Reference: https://www.virustotal.com/gui/file/5a9deafa8e6837307213369aa2e64287fa1bedd3dd2b4e9c6c2f7f44629f8a35/detection
# Reference: https://www.virustotal.com/gui/ip-address/185.217.1.190/relations

apkauto.xyz
every1sad.club

# Reference: https://twitter.com/FewAtoms/status/1195727132112150529

sktinds.com

# Reference: https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/

nb.ruisgood.ru
pc.5b6b7b.ru

# Reference: https://www.virustotal.com/gui/ip-address/23.249.165.218/relations

http://23.249.165.218

# Reference: https://app.any.run/tasks/10beb62e-cbee-4661-90b1-5a3d4509da3a/
# Reference: https://twitter.com/JayTHL/status/1195824602498437128

ocean-v.com/wp-content/1.txt
ocean-v.com/wp-content/1.exe

# Reference: https://twitter.com/benkow_/status/1196016846841012224
# Reference: https://www.virustotal.com/gui/file/2d6e42c8aed0b6e23d809d8010e9bc72f0eb59aa1249b97c10f8f15097c4a777/detection

donkixota.com
loodd01.xyz
loodd02.xyz
prioritywireless.club

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

kfaxyl.com

# Reference: https://twitter.com/FewAtoms/status/1196079049157808128

realgauthier.com

# Reference: https://twitter.com/_re_fox/status/1196122304138399745

vulpss.net/696969crpty/

# Reference: https://twitter.com/SoulRage6/status/1196392449318494209

mac-mmanuel.com

# Reference: https://twitter.com/FewAtoms/status/1196453357008957440

http://13.54.13.60

# Reference: https://twitter.com/KanbeWorks/status/1196639129812881408

http://54.36.139.1

# Reference: https://twitter.com/ANeilan/status/1196748994728333313

feguhkejwfkgwvfjhkbevcgh.cf

# Reference: https://twitter.com/trotsky57271861/status/1196765541014224896

kitchenraja.in

# Reference: https://twitter.com/FewAtoms/status/1197921095250300928

http://217.73.60.123

# Reference: https://twitter.com/James_inthe_box/status/1197917197324058624

http://23.254.228.211

# Reference: https://twitter.com/FewAtoms/status/1198574338036969474

uloab.com

# Reference: https://twitter.com/H_Miser/status/1198907447534067712

dlfact.club

# Reference: https://twitter.com/FewAtoms/status/1199015111794536455

yakusgewe.xyz

# Reference: https://twitter.com/wwp96/status/1199000890541256704

milliemefford.com

# Reference: https://twitter.com/wwp96/status/1199056486460207106
# Reference: https://app.any.run/tasks/25229a32-2a2b-4bd3-b1ca-046fafb192f5/

http://193.70.124.48

# Reference: https://twitter.com/James_inthe_box/status/1199078758298206208

skjhjl.xyz

# Reference: https://twitter.com/FewAtoms/status/1199331943348867072

new-year-packages.com

# Reference: https://twitter.com/wwp96/status/1199412245857484813

http://45.137.22.59

# Reference: https://twitter.com/Jouliok/status/1199582844751941635

gsa.co.in/work/

# Reference: https://www.virustotal.com/gui/ip-address/54.202.202.94/relations

http://54.202.202.94

# Reference: https://app.any.run/tasks/112fd54b-a113-4484-88db-b59b26dce809/

tfortytimes.com

# Reference: https://twitter.com/FewAtoms/status/1200079922959699968

ihs-usa.com/doocs/

# Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/
# Reference: https://www.virustotal.com/gui/ip-address/182.50.135.88/relations

http://182.50.135.88

# Reference: https://twitter.com/VK_Intel/status/1200706216256843776
# Reference: https://www.virustotal.com/gui/file/dbd1d88ea93e26a4a52dd4180a5f2eb461822e3f5a2dcc0e61a5fc31d8c77f75/detection

141.193.6.84

# Reference: https://www.virustotal.com/gui/file/2de81be5ccb948ebadfbf8f469bb3ea749d23a33a203267ef78b07b496da8052/detection

http://185.61.138.111

# Reference: https://www.virustotal.com/gui/file/377cb36c07f059e3e46752e56a9fcf79aa673d453272edaa30a2fa83ecbf5780/detection

http://185.62.188.169

# Reference: https://www.virustotal.com/gui/file/dbfe4a369975251fd14e5d160f2edde33942723a9bb3b4e6b5f445dd5b9dc549/detection

http://66.154.103.133

# Reference: https://twitter.com/smii_mondher/status/1201820356694163457
# Reference: https://www.virustotal.com/gui/ip-address/83.136.106.208/relations

http://83.136.106.208

# Reference: https://twitter.com/cyber__sloth/status/1202274774342406144

http://89.40.12.19

# Reference: https://twitter.com/killamjr/status/1202386355378098177
# Reference: https://app.any.run/tasks/a5aa519c-9739-4096-8549-6f5af5af3290/
# Reference: https://app.any.run/tasks/b480973a-0b99-46ad-9a74-6fab20fc206e/

http://198.23.202.33
http://64.188.27.121

# Reference: https://twitter.com/ViriBack/status/1202767892518883329

panel222.info

# Reference: https://twitter.com/VK_Intel/status/1202844659908825088
# Reference: https://www.virustotal.com/gui/file/18501a9284b2160d17a9ec5f6fcfdc094e036b7d8c7b84594351129472ac925c/detection

176.122.130.199:8080

# Reference: https://twitter.com/malwrhunterteam/status/1202919436912603137

http://217.8.117.61

# Reference: https://twitter.com/ecarlesi/status/1202360981449531392

audanmon.com

# Reference: https://twitter.com/notajungman/status/1203034991858466817

worldwidetechsecurity.com

# Reference: https://twitter.com/GrujaRS/status/1203413394642161664

http://185.222.202.218

# Reference: https://twitter.com/GrujaRS/status/1197290398810542081

manage-invoices.info

# Reference: https://app.any.run/tasks/927fdec0-3dd3-4da8-8e4e-3fd632c5589f/

iphm.info

# Reference: https://twitter.com/VK_Intel/status/1203941934869438464
# Reference: https://www.virustotal.com/gui/file/10d46ea95b9168c93f05fe617c83763dcd734c69efd454512a46c9f225712119/detection

7.24.136.88

# Reference: https://pastebin.com/63w4JXts

meitao886.com

# Reference: https://twitter.com/James_inthe_box/status/1204063774933581824

http://141.255.164.13
http://146.185.195.20

# Reference: https://twitter.com/wwp96/status/1204112610096009218

globalfbdnsaddressgoogle.duckdns.org

# Reference: https://www.virustotal.com/gui/file/30b3e5e0f5fe6b2209d8bf77f36794faf7aa99989016e2cefea820ef1f507d4f/detection

http://216.170.126.11

# Reference: https://twitter.com/cyber__sloth/status/1204366146389958656

http://5.255.63.12

# Reference: https://www.virustotal.com/gui/ip-address/89.35.178.104/relations

http://89.35.178.104

# Reference: https://twitter.com/JAMESWT_MHT/status/1204410470574125058

http://34.217.107.238

# Reference: https://twitter.com/silascutler/status/1204422133780242434

http://205.185.115.72

# Reference: https://twitter.com/midnight_comms/status/1204429816956620807

205.185.115.72:9801

# Reference: https://app.any.run/tasks/18af3b1c-d5b4-4727-a06e-8c2aa9d2daac/

http://192.236.155.17

# Reference: https://twitter.com/James_inthe_box/status/1205177628623130624

xmr-services.tk

# Reference: https://www.virustotal.com/gui/file/a98b22bb93491a53434640c0f89cac49c12de89fea28c5f84caaccd7961f1b06/detection

white-hita-3339.but.jp

# Reference: https://twitter.com/KorbenD_Intel/status/1205620725526208513

drmarciavila.com.br

# Reference: https://twitter.com/0xFrost/status/1116608057268527105

toothless28.pw

# Reference: https://www.virustotal.com/gui/ip-address/94.73.32.235/relations

http://94.73.32.235

# Reference: https://www.virustotal.com/gui/domain/greatmischiefdesign.com/relations

greatmischiefdesign.com

# Reference: https://twitter.com/malwrhunterteam/status/1205942062610141185

http://45.128.133.37

# Reference: https://www.virustotal.com/gui/domain/urbanvillager.xyz/relations

urbanvillager.xyz

# Reference: https://twitter.com/Rmy_Reserve/status/1206596674920972288

newcontest.xyz

# Reference: https://twitter.com/VK_Intel/status/1206643330488184832
# Reference: https://www.virustotal.com/gui/file/570768d139c2ed7f75c792746a13247dea897baac575b8faf62452d37399aab0/detection

47.107.136.247:8080

# Reference: https://twitter.com/wwp96/status/1206662163869380608

l500c.com

# Reference: https://twitter.com/FewAtoms/status/1206986920036896769

http://133.18.202.74

# Reference: https://twitter.com/mal_share/status/1206691868639141888

http://161.246.67.165

# Reference: https://twitter.com/James_inthe_box/status/1206952335764795392

masabikpanel.top

# Reference: https://www.virustotal.com/gui/file/6929d2d74fa9846394f03ba2639480b920cb614fff4698316507237161c9600e/detection

185.147.15.13:443

# Reference: https://twitter.com/david_jursa/status/1207631642988298240

mainsourceoffreeupdate.best

# Reference: https://twitter.com/SaudiDFIR/status/1207621069227614208
# Reference: https://app.any.run/tasks/bb422434-c9c8-4e89-bf95-7e44b9f0bf98/

lizen-pierre.be

# Reference: https://twitter.com/James_inthe_box/status/1207678562712637441

bhraman.org

# Reference: https://twitter.com/James_inthe_box/status/1207379438179999747 (# mailerbot)

http://185.174.173.152
/rkeurewvfgo4/cmd.php

# Reference: https://app.any.run/tasks/157ab2e2-f469-415d-9288-f7fe304704d7/

http://80.93.182.219

# Reference: https://www.virustotal.com/gui/ip-address/45.142.213.167/relations

http://45.142.213.167
45.142.213.167:443

# Reference: https://twitter.com/Jesse_V_Burke/status/1207878795430109186

185.122.59.78:443

# Reference: https://twitter.com/VK_Intel/status/1208340410331996160
# Reference: https://www.virustotal.com/gui/ip-address/101.132.43.162/relations

http://101.132.43.162

# Reference: https://twitter.com/prsecurity_/status/1208950830918860800
# Reference: https://www.virustotal.com/gui/ip-address/176.99.11.209/relations

176.99.11.209:80
176.99.11.209:443
5025026.ru
avito.cm
avito.vg
deffender.website
drunk-ac.ru
engineer-s.ru
exploits.pro
getsees.website
gryphs.ru
lapaz.ru
legenda.casa
money-match.ru
muhosransk.site
mymoneycontrol.site
photobattle.ru
popyti.com
securepay.cm
strastimardasti.club
telegrambillionaire.top
tinkoff.llc
yourluck.pro
yourluck.xyz

# Reference: https://twitter.com/James_inthe_box/status/1209150941661810690

http://185.216.35.21

# Reference: https://twitter.com/malware_traffic/status/1209638262970748929
# Reference: https://www.virustotal.com/gui/ip-address/45.72.3.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.174.12.130/details

45.72.3.132:80
45.72.3.132:443
79.174.12.130:80
alertactivityonaccwellslockedacconholdwf.host
alertkaccountwellsblockedverifyidacconholdwf.host
alertnoticealertlockedwellsaccessblockedacconholdwf.host
alertnoticealertwellsaccblockedacconholdcheckwf.host
alertonlinebankaccesswellsblockedacconholdwf.host
alertsecuritybrokenaccesswellsblockedacconholdwf.host

# Reference: https://www.virustotal.com/gui/ip-address/5.149.248.134/relations

http://5.149.248.134

# Reference: https://twitter.com/tkanalyst/status/1209829485643612160

earlyace55.com
infocarnames.ru

# Reference: https://twitter.com/James_inthe_box/status/1209833422832558081

imaginemix.ru

# Reference: https://twitter.com/killamjr/status/1210215114407735296

armantraders.net

# Reference: https://www.virustotal.com/gui/ip-address/37.46.135.58/relations

momo33333.fvds.ru

# Reference: https://twitter.com/FewAtoms/status/1210646032780070914

http://94.158.245.73

# Reference: https://www.virustotal.com/gui/file/c04548d4218739cba4b320b75c8cc58f8cc1d18996226344b892e0140e273798/detection

http://52.47.207.162
52.47.207.162:82

# Reference: https://www.virustotal.com/gui/file/946e6abf72126a942cfb63916e6ec2e2b597a6c7beba04d76c4213a0e51ce97d/detection

3.17.202.129:80
35aad9f7.ngrok.io

# Reference: https://www.virustotal.com/gui/file/db58265db4c657a02cc16ae7efc62f288c97af3b6734b3a891f7bcf105eff802/detection

18.223.41.243:443
3.14.212.173:443
f9e7020b.ngrok.io

# Reference: https://www.virustotal.com/gui/file/a3dcc3c8b03f6c5602c95b83864c69d8f0255b44a62f16cc79a22c963dbcf870/detection

3.17.202.129:443
af721e3a.ngrok.io

# Reference: https://www.virustotal.com/gui/file/38f55a06ce1abdbba07acb14aaca0fd7f8f5cfa017f9ae6519455cc35f36efdb/detection

18.188.14.65:443
1d9f0a85.ngrok.io

# Reference: https://www.virustotal.com/gui/file/4d4bd13f171d0a9fd7a71285bd90cacd4b2f00a15cbf374af0937cbafffb7674/detection

3.17.202.129:22

# Reference: https://www.virustotal.com/gui/domain/capeturk.com/relations

capeturk.com

# Reference: https://www.virustotal.com/gui/domain/goldenshoponline.us/relations

goldenshoponline.us

# Reference: https://app.any.run/tasks/76423975-6bd1-48f0-9758-89ceb126bf48/

lifesuporte.site

# Reference: https://twitter.com/FewAtoms/status/1211992847643238400

http://133.18.201.42

# Reference: https://www.virustotal.com/gui/file/80fe44438b4d25301a09e6b14a8e746980d858191319e8970617b7ffb7cb29de/detection

193.161.193.99:443
193.161.193.99:80

# Reference: https://twitter.com/malwrhunterteam/status/1212337904892207106
# Reference: https://www.virustotal.com/gui/ip-address/119.3.232.159/relations

119.3.232.159

# Reference: https://twitter.com/ps66uk/status/1212730450432679936

newyearddnsaddressupdatelink.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1210343558705795074

http://66.85.173.6

# Reference: http://plok1.blogspot.com/2018/02/a-new-spreader-with-mimikatz.html
# Reference: https://www.virustotal.com/gui/domain/kishi73.com.br/relations

kishi73.com.br

# Reference: https://twitter.com/Jouliok/status/1212682749452148736
# Reference: https://www.virustotal.com/gui/ip-address/100.43.136.34/relations

100.43.136.34:1717
100.43.136.34:80

# Reference: https://www.virustotal.com/gui/file/a260de9672842bfc45f9335a7d405b64d53815d7d1b8ec8f3e0768c422e73a30/detection

http://194.36.191.245

# Reference: https://twitter.com/pancak3lullz/status/1212781520483758083

http://133.18.169.9

# Reference: https://www.virustotal.com/gui/file/6291a9f4ac7dbb741f317c61b7f60bb5d9bc064abeb47e66292ededbfcb38966/detection

http://185.234.218.210

# Reference: https://www.virustotal.com/gui/file/14843438836afd53d256e4e71b57365ba2e7fd3a9631c377fe6e5a0aca3e45a1/detection

sweethome11.tk

# Reference: https://www.virustotal.com/gui/file/e0b416bd9da9580632cf8b56021a7f132f3f305a52e1facde9243df1dd7aaaf8/detection

werfcdxv.ru

# Reference: https://www.virustotal.com/gui/file/85f350b9d26c0a7c79558237ececfaa2c3472b2fe5ade88c0147eb3ec38fc991/detection

solex.duckdns.org
systic.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4e94d2474092220738319eece43e0c959a34339ab0871ccbd620f0366b4faf5c/detection

ecstay.website

# Reference: https://www.virustotal.com/gui/domain/sergiormo.duckdns.org/relations

sergiormo.duckdns.org

# Reference: https://app.any.run/tasks/1c4d20f3-d267-4176-9a2b-1a35656aa4c6/

recoverydata.merehosting.com

# Reference: https://twitter.com/JayTHL/status/1213530066065526784

lokigoblinoppd.com
simnlpedezir.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1213831684791123969

http://23.227.207.185

# Reference: https://www.virustotal.com/gui/file/cbf1a3f24d6fb4c163cdc540dc6df98779b16e491017c9534c58a9f23df47941/detection

pinkpanda.pw

# Reference: https://www.virustotal.com/gui/file/c7b6e9095074b013ff9e5f9f1b3a7a15493b8b4f099deda31f2cffc308cdfa61/detection

bc2rymcehnrb.gq
zpu5mahtuq3t.tk

# Reference: https://twitter.com/securitydoggo/status/1214185262160457728

maxtraders.net

# Reference: https://twitter.com/James_inthe_box/status/1214176338040410112

davespack.top

# Reference: https://twitter.com/FewAtoms/status/1214258688980062208

l500c.com

# Reference: https://twitter.com/SecSome/status/1214606873665650688

dyessar.buzz

# Reference: https://www.virustotal.com/gui/file/27b2c05614676616e8e3b62658c6dabd603ab8e4d135a9384871166998753f42/detection

portofino.ug

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1215267911666950145

http://3.84.5.126

# Reference: https://twitter.com/reecdeep/status/1215666445264224256

buzztrends.club

# Reference: https://twitter.com/malwrhunterteam/status/1215689657880662018
# Reference: https://twitter.com/James_inthe_box/status/1215706026302824449

http://178.128.215.46

# Reference: https://twitter.com/killamjr/status/1216571369892139008
# Reference: https://www.virustotal.com/gui/domain/bobbitopedia.com/relations

bobbitopedia.com

# Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/

dsi-info.fr

# Reference: https://twitter.com/FewAtoms/status/1216753032504975362

aaagpsovot.com

# Reference: https://twitter.com/malware_traffic/status/1216882597789360134

cheklre4.xyz

# Reference: https://twitter.com/dave_daves/status/1217021709498363904

uptodateread.ddns.net

# Reference: https://twitter.com/reecdeep/status/1217101781563584513

http://185.159.82.39

# Reference: https://twitter.com/James_inthe_box/status/1217123673502445573

http://45.77.173.124

# Reference: https://twitter.com/3XS0/status/1217144032591257600

alldayever231.su

# Reference: https://app.any.run/tasks/35c35367-58e4-46bc-ac62-4052ce7689ed/

http://191.239.243.112

# Reference: https://twitter.com/James_inthe_box/status/1217481969581219840 

youaernedit.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1217739290270191616

interpremier1998.ru

# Reference: https://twitter.com/James_inthe_box/status/1217781646717419520

mellle.com

# Reference: https://twitter.com/malware_traffic/status/1217791790423650304

turnkeycre.com

# Reference: https://twitter.com/securitydoggo/status/1217802812769349633

fajr.com

# Reference: https://twitter.com/nao_sec/status/1217834630612647946
# Reference: https://app.any.run/tasks/c5f307eb-4389-4713-83a4-67ee331409f9/

easy-web-weight-loss.com

# Reference: https://twitter.com/unmaskparasites/status/1217866836324339713

http://45.83.122.65

# Reference: https://www.virustotal.com/gui/file/e92ba8c91051a2491c7b0c7a6310a3381734c11e54045e687c1591e2d757d8ab/detection

http://144.217.83.43
http://5.206.225.104

# Reference: https://www.virustotal.com/gui/ip-address/5.2.70.145/relations

http://5.2.70.145

# Reference: https://app.any.run/tasks/e9d670ed-e84c-4bf6-8fa2-2b1b7310d827/

down.onefast.cc
mprrpt.hjkl45678.xyz
cltrpt.vbnm34567.xyz
8xxjezfm.slt.cdntip.com
zhaobin.byc.580.bydj2019.com
byd.580.bydj2019.com
yun3.6fenkj.com

# Reference: https://www.virustotal.com/gui/file/e6e69be7d884b4bde7505593a450153a67c51eab8e46a75419e2610edf947076/detection

185.38.151.11:80
fl4shg4m35.com

# Reference: https://intezer.com/blog-linux-rekoobe-operating-with-new-undetected-malware-samples
# Reference: https://otx.alienvault.com/pulse/5e25cfbcd7e22ce9b7d4ea71
# Reference: https://www.virustotal.com/gui/domain/bitscan.win/relations

bitscan.win

# Reference: https://twitter.com/Jouliok/status/1219337071405477890

buildyourownbotnet.com

# Reference: https://twitter.com/wwp96/status/1219363482031861760

achpanel.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1219555398266605568

alphaputin.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1219848952239050754

mobile-lot.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1219906163875221504/photo/1

http://46.183.218.248

# Reference: https://www.virustotal.com/gui/domain/fd6fq54s6df541q23sdxfg.eu/relations

fd6fq54s6df541q23sdxfg.eu

# Reference: https://www.virustotal.com/gui/domain/fflyy.su/relations

fflyy.su

# Reference: https://www.virustotal.com/gui/domain/emedtutor.com/relations

emedtutor.com

# Reference: https://app.any.run/tasks/50c91d01-3e7b-40b3-a6e2-2ada1de3c2b9/

alphaenergyeng.com

# Reference: https://www.exposedbotnets.com/2012/08/bbqcto-irc-botnets-hosted-by-france.html

bb.qc.to

# Reference: https://www.exposedbotnets.com/2013/04/x01bkr2biz-snk-asper-mod-irc-botne.html

x01bkr2.biz
zr0x1b9.biz
xkzykxb.biz
xeyaz.biz

# Reference: https://www.exposedbotnets.com/2013/05/srv5su-snk-asper-mod-irc-botnet-hosted.html

srv5.su
srv50.su

# Reference: https://www.exposedbotnets.com/2013/03/x1x4x0su-snk-asper-mod-irc-botne.html

x1x4x0.su

# Reference: https://www.malekal.com/bossabotv2-another-linux-backdoor-irc/

ircqfrum.com
ka3ek.com
nadnadzzz.info
srv5050.co
saudicool.org
x01bkr2.biz
zerx-virus.biz
lebanonbt.info

# Reference: https://www.exposedbotnets.com/2018/07/bticoinsumonero-miner.html

bticoin.su

# Reference: https://www.exposedbotnets.com/2017/10/bullguard09wm01toinjectordsce-hosted-in.html

bullguard09.wm01.to

# Reference: https://www.virustotal.com/gui/ip-address/5.182.211.76/relations

5.182.211.76:80

# Reference: https://www.virustotal.com/gui/ip-address/185.251.39.251/relations

185.251.39.251:80

# Reference: https://www.virustotal.com/gui/ip-address/46.173.219.17/relations

46.173.219.17:80

# Reference: https://app.any.run/tasks/a3d578ef-0492-4ec2-b640-de38ab8eed74/

askarindo.or.id/js/

# Reference: https://twitter.com/James_inthe_box/status/1220818460235583489

alwasl-syria.com

# Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection

http://216.83.52.40
http://45.139.236.14
silvergeoa.com

# Reference: https://www.virustotal.com/gui/file/1eb6c25406ed155d70cc2e5df02f6327458ac48542e1d633532e444ac6f97065/detection

http://109.169.89.117

# Reference: https://www.virustotal.com/gui/file/706d442630e1505c69f1ccd33e74ae87a5a228cea5dd3de1337f38157e1915c3/detection

http://23.92.211.212

# Reference: https://twitter.com/Rmy_Reserve/status/1221030155088318466

cnamel.com

# Reference: https://www.virustotal.com/gui/domain/lanjayn.ga/relations

lanjayn.ga

# Reference: https://twitter.com/JohnLaTwC/status/1221111943387209730
# Reference: https://www.virustotal.com/gui/domain/insurance-statistics.com/relations

insurance-statistics.com

# Reference: https://www.virustotal.com/gui/domain/morganjeff.com/relations

morganjeff.com

# Reference: https://www.virustotal.com/gui/domain/sasill.com/relations

sasill.com

# Reference: https://www.virustotal.com/gui/file/b4161c6001b0e97db2f134f8bb9095ee809b47c8e1a2ed5021d081838b33d5cb/detection

unitedwebpay.co

# Reference: https://www.virustotal.com/gui/file/918c1f5862dd56d81876b83d2846eaac2c64ac00004e3b4ccae48a2ead77088c/detection

ancrout.info

# Reference: https://twitter.com/SBousseaden/status/1221562146573758472
# Reference: https://app.any.run/tasks/2f64ab4f-b405-4462-830c-03cbdf475216/
# Reference: https://www.virustotal.com/gui/ip-address/87.57.141.215/relations
# Reference: https://www.virustotal.com/gui/file/082eff8046385cb9233ddd792d4e118c9834a8a11cf4d980b4279ec5aeb53968/detection
# Reference: https://www.virustotal.com/gui/file/aaa246dfe7122fcb872ec5298b9fd53aa50486bfb4107db70c1fbfca112218c4/detection
# Reference: https://www.virustotal.com/gui/file/f26ecee1261cb0732b0b84bc4802c3828a57c53906c1c6d283675e28f097b515/detection
# Reference: https://www.virustotal.com/gui/file/994bdaa56ca8652f249cfae35d6726edfcd324fe8524144e06bf3b6e542f00d9/detection

87.57.141.215:443
87.57.141.215:80
mine.fortipower.com

# Reference: https://www.virustotal.com/gui/ip-address/198.46.190.14/relations

198.46.190.14:80

# Reference: https://www.virustotal.com/gui/ip-address/193.26.217.230/relations

193.26.217.230:80

# Reference: https://twitter.com/JayTHL/status/1221880058995970049

5.45.71.32:443
5.45.71.32:80

# Reference: https://twitter.com/wwp96/status/1221889989346320385
# Reference: https://www.virustotal.com/gui/ip-address/142.93.64.230/relations

142.93.64.230:443
belflax.pt
eclipsagr.site
ordernow.site
transferorder.xyz
webbelflax.pt
webeclipsagr.site
webordernow.site
webtransferorder.xyz
webwestfieldindustries.tk
webwetrans.xyz
westfieldindustries.tk
wetrans.xyz

# Reference: https://app.any.run/tasks/23fa0ea9-a950-48d1-9134-7f4ef49eadc6/

0.le4net00.net
0.weathdata.nu

# Reference: https://twitter.com/benkow_/status/1221862063888314368
# Reference: https://www.virustotal.com/gui/domain/exee.space/relations

exee.space

# Reference: https://twitter.com/FewAtoms/status/1222240268944125954

metaseed.duckdns.org

# Reference: https://twitter.com/unmaskparasites/status/1222248365666250755

hypanis.ru

# Reference: https://www.virustotal.com/gui/ip-address/209.141.59.245/relations

209.141.59.245:80

# Reference: https://www.virustotal.com/gui/domain/flkjnoijoljoioli21.top/relations

flkjnoijoljoioli21.top

# Reference: https://www.virustotal.com/gui/domain/dafadeewewwzzzz.website/relations

dafadeewewwzzzz.website

# Reference: https://twitter.com/laskow26/status/1222332258092105729

sophosdefence.com

# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.153/relations

dark-team.pw

# Reference: https://www.virustotal.com/gui/file/2377a5c17179b5284b7abb170fbdb900d98dfd72131dd4e37438c8688074c378/detection

fateh-news.my-firewall.org

# Reference: https://www.virustotal.com/gui/ip-address/3.112.246.37/relations

3.112.246.37:80

# Reference: https://twitter.com/phishunt_io/status/1222960636780597249
# Reference: https://www.virustotal.com/gui/domain/amazongifts.org/relations

amazongifts.org

# Reference: https://twitter.com/benkow_/status/1223234991678787584

greyrockland.com
spineyes.club

# Reference: https://twitter.com/DynamicAnalysis/status/1223303076100169730

seobrooke.com

# Reference: https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9
# Reference: https://otx.alienvault.com/pulse/5e35b7da3cd07e55edf22c8c

cdn-line.kz
crewtyxz.biz
faxtoweb.org
gcdn.kz
gstatic.kz
hotmail.org.kz
maildomain.kz
msf.org.kz
nexfail.com
office.com.kz
oneppdatemicro.com
outlook.kz
regsvr32.kz
webfax.org
yahoo.org.kz

# Reference: https://twitter.com/FewAtoms/status/1224372841786855425

http://13.234.231.211
http://178.218.222.185
http://www.pedrojorge.pt/cypher/

# Reference: https://twitter.com/OttoScav/status/1224359600352301056
# Reference: https://www.virustotal.com/gui/file/42fe3715f6197416ff34c99a0fbcf5a8fe4757c3080a4518f2ac54e94a05251c/detection

194.36.188.132:443

# Reference: https://twitter.com/James_inthe_box/status/1224398473065189376

evalogs.top

# Reference: https://twitter.com/ScumBots/status/1224442375088435200

46.28.205.87:80

# Reference: https://www.virustotal.com/gui/ip-address/199.19.226.33/relations

199.19.226.33:80

# Reference: https://twitter.com/ScumBots/status/1224527205759438850

iexploreservice.com

# Reference: https://twitter.com/ScumBots/status/1224529580444221440

40.114.116.10:80

# Reference: https://twitter.com/wwp96/status/1224382200218603521

impulsefittness.info

# Reference: https://app.any.run/tasks/1f6ecf5b-ce20-430e-b319-e4a695fab823/

merkez.tk

# Reference: https://twitter.com/Rmy_Reserve/status/1224878446565683201
# Reference: https://www.virustotal.com/gui/ip-address/172.86.75.211/relations
# Reference: https://app.any.run/tasks/1362c931-b93e-41c1-8497-4a7132ce7459/

172.86.75.211:80
dentalmatrix.net

# Reference: https://twitter.com/FewAtoms/status/1225072383087841281

palmiericurtains.com

# Reference: https://twitter.com/JayTHL/status/1225117583898218496

aluminum.dyndns.dk
maios12.dyndns.dk

# Reference: https://app.any.run/tasks/36f61504-d0ce-4bfe-be53-3f4a21817677/

185.253.99.100:80
185.51.203.211:80

# Reference: https://twitter.com/FewAtoms/status/1226175723775258624

45.141.86.18:80

# Reference: https://twitter.com/ViriBack/status/1226223550387933184

pentestblog.xyz

# Reference: https://www.virustotal.com/gui/domain/niggacumyafacenet.xyz/relations

niggacumyafacenet.xyz

# Reference: https://twitter.com/K_N1kolenko/status/1226769404274335744

104.211.165.111:1942

# Reference: https://www.virustotal.com/gui/file/a1b4597019f73f54d3981468c9bbe0ca1e144f06bda349d8baa2f607d90f4fb1/detection
# Reference: https://www.virustotal.com/gui/file/8c6cc35529e440cbccb7e33019d7a0ccea0db9f30d2035cad4e66a0d47341b79/detection
# Reference: https://www.virustotal.com/gui/ip-address/77.83.172.136/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.158.113.232/relations

185.158.113.232:7777
77.83.172.136:7777
kiras.hk
manip2.hk
bgpaio75egqvqigekt5bqfppzgth72r22f7vhm6xolzqd6ohroxs7pqd.onion
jr2jjfxgklthlxh63cz3ajdvh7cj6boz3c3fbhriklk7yip4ce4vzsyd.onion
rcjndzwubq5zbay5xoqk4dnc23gr4ifseqqsmbw5soogye6yysc7nkyd.onion
uovyniuak3w4d3yzs4z4hfgx2qa6l2u6cx4wqsje4pmnmygc6vfddwqd.onion

# Reference: https://twitter.com/ANeilan/status/1226957261697843200

dotcfmkc.cf

# Reference: https://twitter.com/ANeilan/status/1226943927430848512

cdfolkme.cf

# Reference: https://twitter.com/ANeilan/status/1226941630722322434

adnmya.tk

# Reference: https://twitter.com/Arkbird_SOLG/status/1226977494215077888

marcuskirol.online

# Reference: https://twitter.com/reecdeep/status/1227158430013677569

185.195.237.17:80

# Reference: https://github.com/stamparm/maltrail/pull/6726#issuecomment-585133462

185.27.134.11:21
ftpupload.net

# Reference: http://cybercrime-tracker.net/index.php?search=Stealer (as seen on 2018-09-01)

alessa-kw.com
alrayyanplastics.com
ambliglobal.nut.cc
annapoliscrabtownphotos.com
bclm-es.info
binousgroup.nut.cc
bitgetglobal.club
briiskgroup.com
cliten.microdoctor.com.br
cyberfreakz.cf
deffanogroup.co.id
emiretas.com
gazeboindonesia.com
gg.net.co
goldenalhaji.com
gpt.sa.com
gruopcor.com
gtneifnsyrf.tk
handsomelaw.id
hectords.us
ieejotex.com
imsa.com.au
iykepc.com
jasonetworks.com
kantanka.com
kiiey.ga
kindomstar.com
kwe-za.com
l2cc9521.justinstalledpanel.com
lacasonadelcartero.cl
lwis.cf
mahgoubsons.ml
owenscorming.com
owerri.usa.cc
richweva.com
ronjustthetrebho.net
sellychukwu.ru
sentrinonline.com
sepprod.com
spearsrnfq.net
stealerpanel.usa.cc
toddstretinc.com
trafficxx.com
u19982p14980.web0119.zxcs.nl
u19982p14983.web0119.zxcs.nl
untorsnot.in
wahuiilopi.club
webapp-mpp2.com
work.chukzenter.tk

# Reference: https://twitter.com/petrovic082/status/1145373440230273024
# Reference: https://pastebin.com/SCsbLU1n

theridgeatdanbury.com/wp-admin/network/server/login.php

# Reference: https://twitter.com/serhack_/status/1147795722215022592

electrumportal.com

# Reference: https://bitcointalk.org/index.php?topic=5133490.0 (Russian)

btc-electrum.com
btcelectrum.org
downloadelectrum.com
downloadelectrum.org
eiectrum.net
electrum.bz
electrumapp.org
electrumapps.com
electrumbase.com
electrumbase.net
electrumbase.org
electrumbitcoin.org
electrumbtc.org
electrumbuild.com
electrumcircle.com
electrumclient.org
electrumcore.com
electrumcore.net
electrumdownload.com
electrumdownload.org
electrume.com
electrume.org
electrumfix.com
electrumget.com
electrumget.com 
electrumhub.com
electrumnet.com
electrumofficial.com
electrumopen.org
electrumpgrade.com
electrumsafe.org
electrumsite.com
electrumsource.org
electrumstart.org
electrumtxn.com
electrumupdate.com
electrumupgrade.com
electrumupgrade.org
electrumware.com
electrumware.org
electrumweb.net
getelectrum.com
getelectrum.live
getelectrum.org
goelectrum.com
myelectrum.org
electro1wallet.info
electrodwallet.info
digi-wallet.info
jotubhsbn.website
zpvuvcf.xyz

# Reference: https://twitter.com/0xFrost/status/1188458586453745664
# Reference: https://pastebin.com/JDecBDpM

btc-electrum.net
btcelectrum.com
electrum-btc.net
electrum.ink
electrum.media
electrum.tools
electrum.zone
electrumapp.info
electrumapps.info
electrumball.com
electrumbase.online
electrumbase.sh
electrumbin.com
electrumbit.net
electrumbitcoin.club
electrumbitcoin.co
electrumbitcoin.info
electrumblocks.com
electrumboard.com
electrumbtc.info
electrumbtc.live
electrumbtc.me
electrumcoin.com
electrumeasy.net
electrumfiles.com
electrumflow.com
electruminstall.info
electruminstall.org
electrumpack.com
electrumpack.net
electrumpack.org
electrumpass.com
electrumpatch.com
electrumpath.com
electrumpath.org
electrumpin.com
electrumportal.net
electrumportal.org
electrumsecure.com
electrumserver.info
electrumset.com
electrumsite.org
electrumstar.com
electrumtech.me

# Reference: https://twitter.com/andsyn1/status/1271513659718668288

xn--elctrum-u8a.com

# Reference: https://twitter.com/Racco42/status/1148877632412487682
# Reference: https://app.any.run/tasks/698e5d3b-7080-4e00-a827-aabb132a8821/

/PostaSatanas.php

# Reference: https://twitter.com/ItsReallyNick/status/1150058573671665665
# Reference: https://www.virustotal.com/gui/file/5fb6d259f04a202d9d73110b568370a0eabbc24ce08d8416a85c2e718b7b8721/detection

52.90.226.47:443

# Reference: https://twitter.com/James_inthe_box/status/1159202555961851904

sd346.zzz.com.ua

# Reference: https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/ (# C2 section)

my.gobiox.com
login3.kimbrelelectric.com

# Reference: https://twitter.com/sniko_/status/1165293103655333888

wwwelectrum.org

# Reference: https://twitter.com/P3pperP0tts/status/1166493391263358976

rtsdyfucgj.temp.swtest.ru

# Reference: https://twitter.com/PRODAFT/status/1154016659868409856

undergrounddynamics.site

# Reference: https://twitter.com/VK_Intel/status/1171782155581689858

66.42.76.46:21

# Reference: https://twitter.com/sS55752750/status/1173668868784644105

s2.abcvg.ovh

# Reference: https://twitter.com/JAMESWT_MHT/status/1177109960309858304
# Reference: https://app.any.run/tasks/947e97aa-fb67-4856-bcc7-297b4d14c9cd/

http://112.175.138.213

# Reference: https://twitter.com/JAMESWT_MHT/status/1182597039105941504

nfe-fazenda.myftp.org

# Reference: https://twitter.com/James_inthe_box/status/1184519173268897792

9f249.f249724.96.lt

# Reference: https://twitter.com/iocsvault/status/1176144857284395009

jaster24h.biz
tviewer.ga

# Reference: https://twitter.com/James_inthe_box/status/1187689326353600512

luckykey.tk

# Reference: https://twitter.com/angel11VR/status/1189135390655078402

212.47.208.135:21

# Reference: https://twitter.com/unmaskparasites/status/1190016192511131655
# Reference: https://www.virustotal.com/gui/domain/saleforyou.org/details

1.saleforyou.org/tong/pa/newpw/pass.php
bingstyle.com/tong/pa/pass.php

# Reference: https://twitter.com/cyber__sloth/status/1182395650752892928
# Reference: https://www.virustotal.com/gui/file/7e3a8eda2a3c53b4e169db8b11d344c0308ede32884b18b2f225baf8bcb30aa5/detection

195.50.7.214:43231

# Reference: https://twitter.com/darienhuss/status/1192736459167588353 (# Cyber Agent)
# Reference: https://www.virustotal.com/gui/file/04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30/detection
# Reference: http://benkow.cc/wp_prezo.pdf

chrome-update-center.com
geolocation-sys.com

# Reference: https://twitter.com/GlaCiuS_/status/1192772160881868801
# Reference: https://www.virustotal.com/gui/file/ebddf88ffdf3cea966a66aa7337e5fdf7e2579db486521a869e7c12c40bb1916/detection

gregoirius2015.000webhostapp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1168894993160974336
# Reference: https://app.any.run/tasks/d2b6177d-e257-49ce-bc82-e1dc31321c64/
# Reference: https://www.virustotal.com/gui/file/a0f75184426976dfe0603507b99f87ce63ad79a5af10de935439576f0c48f47f/detection

gamebooster.pro
lokicode.had.su

# Reference: https://twitter.com/DbgShell/status/1197996130585460737

4aeoewr91oas1.anomalix.ml
lka177m3agc.37xia484cnd499x.ga
wa5to7naa1.a01mt584zk32sw1.ml

# Reference: https://twitter.com/JayTHL/status/1199021248417861632

45.137.151.95:21

# Reference: https://twitter.com/i/status/1199127438435012608

finabisope.xyz
happysitesworld.xyz
timenotbesea.xyz

# Reference: https://twitter.com/James_inthe_box/status/1200431694307684352
# Reference: https://www.virustotal.com/gui/file/00a1237e8faa646219744517b24cb4c8ebdbaa10d62e2b56fc25dffca832583c/detection

18.220.85.117:27000

# Reference: https://twitter.com/pancak3lullz/status/748631479144452096

ctr1p.com

# Reference: https://www.virustotal.com/gui/file/c180f56cf3d571352a7ea36c968000d61e543347d64a063bf2dcac26b1afe5df/detection

gf1433.f3322.net

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1204447068321964032
# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1204503912092446730
# Reference: https://www.virustotal.com/gui/file/1da250bbb5fbbe268ca2b919a8c2621237a1debda5bb42492b640b8e4f178818/detection

5.188.9.24:9171

# Reference: https://twitter.com/James_inthe_box/status/1204606741947666433
# Reference: https://app.any.run/tasks/768e34db-2ef1-41ed-ad8d-30a9ac7f35a4/

browserlootar.xtreme-apis.top

# Reference: https://twitter.com/MBThreatIntel/status/1208135822261637120

193.35.50.253:443
193.35.50.253:80
cardspay.xyz
interpaykabinet.cf
interpaykabinet.ga
interpaykabinet.gq
interpaykabinet.ml
interpaykabinet.tk
interpayoffice.cf
interpayoffice.ga
interpayoffice.gq
interpayoffice.ml
interpayoffice.tk
kibermansuladu.cf
kibermansuladu.ga
kibermansuladu.gq
kibermansuladu.ml
kibermansuladu.tk
luckipasdretop.cf
luckipasdretop.ga
luckipasdretop.gq
luckipasdretop.ml
luckipasdretop.tk
offensepayinter.cf
offensepayinter.ga
offensepayinter.gq
offensepayinter.ml
offensepayinter.tk
paycards.xyz
pireulwiterykam.cf
pireulwiterykam.ga
pireulwiterykam.gq
pireulwiterykam.ml
pireulwiterykam.tk
zaemaropiteds.cf
zaemaropiteds.ga
zaemaropiteds.gq
zaemaropiteds.ml
zaemaropiteds.tk

# Reference: https://twitter.com/MBThreatIntel/status/1213201167838089216
# Reference: https://www.virustotal.com/gui/ip-address/193.35.50.250/relations

193.35.50.250:443
193.35.50.250:80
paygooloffice.cf
paygooloffice.ga
paygooloffice.gq
paygooloffice.ml
paygooloffice.tk
paygoolofficearabi.cf
paygoolofficearabi.ga
paygoolofficearabi.gq
paygoolofficearabi.ml
paygoolofficearabi.tk

# Reference: https://www.virustotal.com/gui/ip-address/193.35.50.252/relations

193.35.50.252:443
193.35.50.252:80
arabianpayclub.cf
arabianpayclub.ga
arabianpayclub.gq
arabianpayclub.ml
arabianpayclub.tk
freepayinterkom.cf
freepayinterkom.ga
freepayinterkom.gq
freepayinterkom.ml
freepayinterkom.tk
interkomarabipay.cf
interkomarabipay.ga
interkomarabipay.gq
interkomarabipay.ml
interkomarabipay.tk
payarabionmany.cf
payarabionmany.ga
payarabionmany.gq
payarabionmany.ml
payarabionmany.tk

# Reference: https://twitter.com/unmaskparasites/status/1214266385003495424

http://200.63.40.60

# Reference: https://www.virustotal.com/gui/file/3c154dc2e1eaab82e28934368e05e125787d748b27f90d4dea2265fbde1f6997/detection

179.180.82.144:80

# Reference: https://www.virustotal.com/gui/file/3eea2a5d7d5b692179500b8c6e6edb40454538fd8593bc6d4be042c744af0b1e/detection

185.140.53.134:443

# Reference: https://www.virustotal.com/gui/file/1a49dc441d93c44de5fe946e14f8f06464680cf9d9e537fb36d3535003a1a1b1/detection

95.182.122.184:80

# Reference: https://twitter.com/reecdeep/status/1220256702722977793
# Reference: https://app.any.run/tasks/45fa3d27-2f55-44de-914c-f93af54234c9/

toratoratora.altervista.org

# Reference: https://www.virustotal.com/gui/file/593828a9c502d47eca5c58b474c3f559a437d7545b8b98d5b4b9084599abb39d/detection

installsilver.com
confirmssystems.com
passwordkernel.online
123321123.fun
myprintscreen.com
budison-oklarly.com
termscenter.com
cleand8yv0m6g.top
newbook-t.info

# Reference: https://www.virustotal.com/gui/domain/pix-fix.net/relations

pix-fix.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.225.32/relations

ddtupdate1.top
ddtupdate4.top
legion17.com
mypandacleaner.info
rrudate1.top
rrudate2.top
slupdate1.top
slupdate2.top
slupdate3.top
ssdupdate1.top
ssdupdate2.top
ssdupdate3.top
statistics-pro.best

# Reference: https://www.virustotal.com/gui/ip-address/52.59.77.115/relations

http://52.59.77.115

# Reference: https://twitter.com/ni_fi_70/status/1227561744702283776

deadrick-812.tk

# Reference: https://twitter.com/JAMESWT_MHT/status/1227982693889183744
# Reference: https://app.any.run/tasks/967c009c-cfaa-411f-b804-69bc23bb5814/

13.72.105.98:443
13.72.105.98:80

# Reference: https://www.virustotal.com/gui/file/267c20b0295420c2638bd6b6087ab7e82f1e10341a8a957a3c28c69fd3bf2890/detection

docxuploads.com

# Reference: https://www.virustotal.com/gui/ip-address/23.224.179.28/relations

o076un.com
sggl1527.top
sggl6527.top
dlytw.com

# Reference: https://www.virustotal.com/gui/file/c64a96098559189d85c0e59c4a45740db8cae250520beeff1ff5556e211850d8/detection

23.224.179.28:8008

# Reference: https://www.virustotal.com/gui/file/7be2ec6b3b8190f56c62d44e98b7a8e8fb9404b381d53ddadd43fde622b08206/detection

23.224.179.28:7788

# Reference: https://www.virustotal.com/gui/file/0a94d90a3b91b117741ca0dd37ab14828a59a10c71b27be803480be7d2542ea2/detection

23.224.179.28:8888

# Reference: https://www.virustotal.com/gui/file/2d694ba25af171e61a2cb9b5a8b9588e0c149e691ded7796542ba97449a0b4cb/detection

23.224.179.28:9666

# Reference: https://www.virustotal.com/gui/file/b8d7a2d94c30947e7983961d490143bce7ae677a126320a14457cd96d47f7cbf/detection

23.224.179.28:4131

# Reference: https://www.virustotal.com/gui/file/4181e87462a5913e73f09cdf61a464718a15d17df519ee25dd05f1bd9c93cf97/detection

23.224.179.28:8552

# Reference: https://www.virustotal.com/gui/file/2daad3f8ac834067c85ea75889b388e381f25fab6c2c5c988dfd84c63956842d/detection

23.224.179.28:8180

# Reference: https://www.virustotal.com/gui/file/94c758666acc50035e0028cfcd26d669e6e8fb11ffbd384802b90b5e07b094f2/detection

23.224.179.28:9888

# Reference: https://twitter.com/ps66uk/status/1228268374649659392
# Reference: https://app.any.run/tasks/9be4f8eb-e828-4ca5-ba76-6f8db7f1627a/

107.189.7.176:80

# Reference: https://www.virustotal.com/gui/domain/breda.vanhiele.nl/relations

breda.vanhiele.nl

# Reference: https://www.virustotal.com/gui/domain/linkomember.info/relations

linkomember.info

# Reference: https://urlhaus.abuse.ch/url/314830/
# Reference: https://www.virustotal.com/gui/ip-address/111.90.149.246/relations

111.90.149.246:80

# Reference: https://twitter.com/ScumBots/status/1229284924450123776
# Reference: https://www.virustotal.com/gui/file/beec8fc6ea45f0862fa13107b05a4d92cc2fc3c6f1c0c23fd2f04c3d3988c8c1/detection

62.108.37.42:1013

# Reference: https://twitter.com/vikas891/status/1229360459830087680

jomamba.best

# Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152

aisioy.xyz

# Reference: https://twitter.com/reecdeep/status/1229390645355261953

joeing.rapiddns.ru

# Reference: https://www.virustotal.com/gui/domain/bhatner.com/detection

bhatner.com

# Reference: https://www.virustotal.com/gui/domain/store.nvprivateoffice.com/relations

store.nvprivateoffice.com

# Reference: https://twitter.com/DynamicAnalysis/status/1229458649694769155

69.87.219.49:80

# Reference: https://twitter.com/Bl4ng3l/status/1229687760279293952

gali.keipta.us

# Reference: https://twitter.com/James_inthe_box/status/1229509229267972097
# Reference: https://app.any.run/tasks/6fc45ad8-8993-4fc6-8e60-c437d66593e3/

ba97b047bd6aa1e4f76f84fd6ec96bd8.gq

# Reference: https://app.any.run/tasks/a12db284-e0a7-4834-bc94-21debc6ea72b/

rifat02.info

# Reference: https://app.any.run/tasks/3440bfb4-736c-4a27-8f63-ea82988bbd67/

rifat01.info

# Reference: https://twitter.com/wwp96/status/1229838934563225600
# Reference: https://app.any.run/tasks/4e12a96e-3a18-45a8-8965-8ee6bd3fbb77/

http://34.253.184.43

# Reference: https://twitter.com/Jouliok/status/1230009062810628097

worldatdoor.in

# Reference: https://twitter.com/DynamicAnalysis/status/1230171498670886924

gm-adv.com

# Reference: https://twitter.com/FewAtoms/status/1230168466142978053

mi.ceceliansanders.us

# Reference: https://app.any.run/tasks/e6427a49-7a93-451a-9342-27948f7a0cef/

http://syncode.com.br/forum.php?xmapnawaykkfc=3748139090763247
http://redfinance.pl/forum.php?xmapnawaykkfc=14678699031243286
http://spaxman.com/forum.php?xmapnawaykkfc=586795938240767

# Reference: https://app.any.run/tasks/f4ebed77-6d4c-40fb-a73c-37cae62ca33e/

78.42.70.24:2214

# Reference: https://twitter.com/KorbenD_Intel/status/1230504991191793664

youalmost.gotdns.com

# Reference: https://twitter.com/wwp96/status/1230504598852526080

111.90.146.27:80

# Reference: https://twitter.com/baberpervez2/status/1230606469101477902
# Reference: https://www.virustotal.com/gui/ip-address/185.158.249.22/relations

185.158.249.22:80

# Reference: https://app.any.run/tasks/8ed48f9c-38b7-4f70-bd1a-3bb44a403122/

0x0.best
yaprostopopitalsyaoboitietosrannoeav.club

# Reference: https://twitter.com/D3LabIT/status/1230756245511917570

zekelliott.com/ams/amsweb.php

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.64/relations
# Reference: https://www.virustotal.com/gui/file/e20b3ae04270e83b45f08235d3f8e9ad1dcc8f6966a2dc03aaeddfc8982090cc/detection

217.8.117.64:80
217.8.117.64:443
185.224.128.41:80

# Reference: https://twitter.com/FewAtoms/status/1231201262944882688

bt-design.org

# Reference: https://twitter.com/FewAtoms/status/1231994766398717954

13.95.31.136:80

# Reference: https://twitter.com/FewAtoms/status/1232274564262105088

1579850.xyz

# Reference: https://twitter.com/wwp96/status/1232326236636090370

185.112.250.168:80

# Reference: https://twitter.com/FewAtoms/status/1232358875472461829

portermedicals.com

# Reference: https://app.any.run/tasks/92f686b8-9cdf-4070-ae98-96cfd34a78ef/

alaziz.in

# Reference: https://twitter.com/DynamicAnalysis/status/1232426353766563840

docxuploads.com
pacieinco.com

# Reference: https://app.any.run/tasks/34e48272-ccf9-4ace-805d-6cedfce263b5/

mitelcelfact-spain.com

# Reference: https://twitter.com/James_inthe_box/status/1232764239321845760

ironbigpanel.com

# Reference: https://twitter.com/MBThreatIntel/status/1232828557040029696

http://92.63.197.190

# Reference: https://twitter.com/ScumBots/status/1233042331072421892

firsttus.com

# Reference: https://twitter.com/0xAmit/status/1224369244797796352
# Reference: https://www.virustotal.com/gui/domain/serralheriacic.com.br/relations

serralheriacic.com.br

# Reference: https://twitter.com/DynamicAnalysis/status/1233209872889602048

http://8.3.29.166

# Reference: https://app.any.run/tasks/ae89227d-182e-46c6-8dea-dc4275eb859c/

jumpingjetz.net

# Reference: https://twitter.com/KorbenD_Intel/status/1233498740914294784

http://13.92.226.218

# Reference: https://www.virustotal.com/gui/domain/cureprm.com/relations

cureprm.com

# Reference: https://twitter.com/dave_daves/status/1119185135646195712

hijaiyh.net

# Reference: https://twitter.com/RickyLafleur1/status/1054730525653508096

mx.neperepahano.top

# Reference: https://twitter.com/stecar792/status/1034858782990512128

wasabbybomba.space

# Reference: https://twitter.com/illegalFawn/status/1177557065742594048

illegalfawn.com

# Reference: https://twitter.com/MisterCh0c/status/1154056708806848515

g.icab.pk

# Reference: https://twitter.com/phishunt_io/status/1234095925246689280

userauth-appleid.ddns.net

# Reference: https://twitter.com/jorgemieres/status/1233964775748636673

a-d.me

# Reference: https://twitter.com/Vishnyak0v/status/1234457104347430915

http://92.119.160.145
/gate4e56d5415700.php

# Reference: https://www.virustotal.com/gui/domain/dynamicrosoft.com/relations

dynamicrosoft.com

# Reference: https://twitter.com/FewAtoms/status/1234893577362210825

http://109.169.89.118

# Reference: https://twitter.com/KorbenD_Intel/status/1234931931168542723

http://78.128.92.24

# Reference: https://twitter.com/malwrhunterteam/status/1235179767604924416

alphastore.store

# Reference: https://twitter.com/KorbenD_Intel/status/1235256882048073728

http://109.201.143.181

# Reference: https://twitter.com/baberpervez2/status/1235253914724962309

bigtrading.ga
edauto.ga

# Reference: https://www.virustotal.com/gui/domain/workshop002.duckdns.org/relations

workshop002.duckdns.org

# Reference: https://pastebin.com/uveiJed9

gm-adv.com

# Reference: https://www.virustotal.com/gui/domain/umeed.app/relations

umeed.app

# Reference: https://twitter.com/GlaCiuS_/status/1234991709223735296

http://217.8.117.76

# Reference: https://www.virustotal.com/gui/domain/quiet-goto-7536.penne.jp/relations

quiet-goto-7536.penne.jp

# Reference: https://twitter.com/KorbenD_Intel/status/1235313936091746305

http://111.90.149.212

# Reference: https://twitter.com/wwp96/status/1235587667393269767

hmmrr.com

# Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/
# Reference: https://www.virustotal.com/gui/domain/alrazi-pharrna.com/relations

alrazi-pharrna.com

# Reference: https://twitter.com/killamjr/status/1235727868040077312

http://216.189.145.11

# Reference: https://twitter.com/Artilllerie/status/1235879088944033792

seekersme.com

# Reference: https://twitter.com/ps66uk/status/1235959155980210178

18655.aqq.ru

# Reference: https://twitter.com/James_inthe_box/status/1236318055203889158
# Reference: https://www.virustotal.com/gui/domain/casaconceitoltda.info/relations

casaconceitoltda.info

# Reference: https://www.virustotal.com/gui/ip-address/117.78.50.197/relations

http://117.78.50.197

# Reference: https://www.virustotal.com/gui/ip-address/112.74.75.143/relations

http://112.74.75.143

# Reference: https://www.virustotal.com/gui/ip-address/210.222.25.223/relations

http://210.222.25.223

# Reference: https://www.virustotal.com/gui/ip-address/113.214.1.34/relations

http://113.214.1.34

# Reference: https://www.virustotal.com/gui/ip-address/37.72.171.98/relations

http://37.72.171.98

# Reference: https://twitter.com/0xCARNAGE/status/1236650024601374720

bigtrading.ga

# Reference: https://twitter.com/Jouliok/status/1236904231568846849

http://155.94.185.68

# Reference: https://twitter.com/JayTHL/status/1237025355212431361

dubriah.com

# Reference: https://twitter.com/VK_Intel/status/1237039891365625856

http://45.11.181.17

# Reference: https://twitter.com/malware_traffic/status/1237070035841175562
# Reference: https://app.any.run/tasks/b799a194-ff60-465f-b781-2914d50d3696/

posqit.net

# Reference: https://twitter.com/malware_traffic/status/1237109406288011264

http://64.110.24.130

# Reference: https://www.virustotal.com/gui/domain/trufco.com/relations

trufco.com

# Reference: https://www.virustotal.com/gui/domain/limos-us.com/relations

limos-us.com

# Reference: https://twitter.com/James_inthe_box/status/1237362183828209666

sercon.com.mx

# Reference: https://twitter.com/JayTHL/status/1237384903181897729

hindold.com

# Reference: https://twitter.com/JayTHL/status/1237398536687362048

sulainul.com

# Reference: https://twitter.com/wwp96/status/1237796218773831680

cutox.info
lolel.best
omalll.com

# Reference: https://twitter.com/HeavyMetalAdmin/status/1237380963564498944

uzoclouds.eu

# Reference: https://twitter.com/AdAstra247/status/1230131129216380928

iopaos.dyndns.dk

# Reference: https://twitter.com/FewAtoms/status/1237432289451298822

http://51.81.29.60

# Reference: https://twitter.com/JayTHL/status/1237422040052875269

abctvlive.ru
adrakwalichae.com
cyanobac.com
frekishalm.com
joekelpanel.com
khitlinphoto.ru
kindleedxded.ru
lahkaycentz.com
lhawarlaw.com
live-en-us.ml
lowcostpower.ru
minmindough.com
muabancaoocwnet.ru
noreplyinfo-office.com
onedrivenoreply.com
pinkeyesaure.com
prairietruckx.ru
rlabinsahab.com
savedbyangelsworg.ru
swanbleck.com
tilsmiangotha.com
tutijae.com
vitaminepowed.ru
wpsitebuilder.ru
yanarascla.com
yepi2eco.ru
yetehoga.com
zalmips.com
zucikni.com

# Reference: https://twitter.com/FewAtoms/status/1237798224221667328

gdrintl.com

# Reference: https://twitter.com/IntezerLabs/status/1238090332639842304

jave.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1238102354320166912

http://93.65.162.134

# Reference: https://twitter.com/malwrhunterteam/status/1238113568442265602

trynda.xyz

# Reference: https://twitter.com/JayTHL/status/1238182874223910915

vonty.best

# Reference: https://www.virustotal.com/gui/domain/pulid.net/relations

pulid.net

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/more-excel-4-0-macro-malspam-campaigns/
# Reference: https://otx.alienvault.com/pulse/5e6a65de61606ee5b177c86f

paypeted.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1238421963347054594
# Reference: https://www.virustotal.com/gui/file/ca1641bb37075d73a357e454753ab038962d04b7465ac32c4b5675eb2cffff92/detection

w1750996.ferozo.com/content/archivos/tarjetas/server.php

# Reference: https://twitter.com/James_inthe_box/status/1238606200154886144

maildrive.icu

# Reference: https://twitter.com/FewAtoms/status/1238821505171107840

arkallsaintsacademy.com

# Reference: https://www.virustotal.com/gui/file/d81122f9d8a55ac1a0b607e321520df3dad2d69959acc99d2ee4e17219cbe4f5/detection

http://185.94.191.35

# Reference: https://twitter.com/FewAtoms/status/1239179323266957314

symriseltd.com

# Reference: https://www.virustotal.com/gui/file/64551b04da5c87e5ecaa8e315cdd186fac570fbf47ad3cf5eb3daf4b1138859d/detection

http://216.170.123.111

# Reference: https://twitter.com/bad_packets/status/1239693959330287616

ero.bckl.ir

# Reference: https://twitter.com/reecdeep/status/1239843956424409089

fibare.com

# Reference: https://www.virustotal.com/gui/domain/brupas.com/relations

brupas.com

# Reference: https://twitter.com/casual_malware/status/1239760321021128706

http://94.242.59.225

# Reference: https://twitter.com/Bl4ng3l/status/1240188476789788672

http://209.141.54.161

# Reference: https://twitter.com/malwrhunterteam/status/1240195163265421312

omecanism2.sslblindado.com

# Reference: https://www.virustotal.com/gui/file/eb88393fc02fdab866b43176c03eb1fc27073c62033a7a51fcdd9f79fcb8882c/detection

transvale.sslblindado.com

# Reference: https://twitter.com/nmatte90/status/1240231606297788416

c0vidupdate.xyz

# Reference: https://twitter.com/ViriBack/status/1240249046280912896
# Reference: https://app.any.run/tasks/473692f1-73e5-4996-a1b3-2a497938cc58/

http://95.181.178.156

# Reference: https://www.virustotal.com/gui/file/602e17d3aada73b0be2bd791237b3bc4340980d9e14b53dbf6d437e69738afb1/detection

http://103.102.44.83

# Reference: https://app.any.run/tasks/dcd48517-ad5f-4f16-a6d0-8d12463ee3a2/

lxj.vvn.mybluehost.me

# Reference: https://app.any.run/tasks/5279381c-b255-482a-ae64-02ed6177bc12/

savannahhoney.co.ke/wp-content/uploads/

# Reference: https://github.com/silence-is-best/c2db#unknowns

103.136.43.131:9998
185.222.202.29:9998
nicholaspring.xyz
smartwaay.xyz

# Reference: https://www.virustotal.com/gui/ip-address/95.101.200.87/relations

http://95.101.200.87

# Reference: https://twitter.com/ScumBots/status/1240677572612104192

thesawmeinrew.net

# Reference: https://otx.alienvault.com/pulse/5e72b54ff5ee7b31653e7192

cdn-01.anonfiles.com
cdn-13.anonfiles.com
darkload.cf

# Reference: https://www.virustotal.com/gui/file/fa5f120243a4f0569df10aa04e6581a38ac28a8d07c059aeb80424cf982b6a0b/detection

braincarney.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1240935138537676800
# Reference: https://twitter.com/pancak3lullz/status/1240983894461231104

corona-virus2019.us
coronavirus2019.us

# Reference: https://twitter.com/malwrhunterteam/status/1240996072425652224

http://185.242.104.197

# Reference: https://twitter.com/malware_traffic/status/1241072162750029825
# Reference: https://www.virustotal.com/gui/ip-address/37.1.212.70/relations

http://37.1.212.70

# Reference: https://twitter.com/malwrhunterteam/status/1241106612737228800

redeturismbrasil.com/marco/

# Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0313-0320.html (# Win.Worm.Barys-7617456-0)

altincopps.com
l33t-milf.info
tuntu.info
tut0r1allsvu.info
x01bkr2.biz
xsaudix.net
yeh7292ahyssozananan.com

# Reference: https://twitter.com/malwrhunterteam/status/1241328902343188481
# Reference: https://twitter.com/malwrhunterteam/status/1241332425491468288
# Reference: https://www.virustotal.com/gui/ip-address/68.183.199.205/relations

aguiws.com
ajisanjoseairport.com
ajisjc.com
arizonastatekwos.com
haduhabankaemasalahteh.com
haduhayawaemasalahteh.com
jalanbebekjos.com
r2techsystems.com
youngllpcnbstrs.com

# Reference: https://twitter.com/FewAtoms/status/1241813291460067329

http://77.73.70.28

# Reference: https://www.virustotal.com/gui/file/e60b0b0e57ca395709aeae6016e39f4114c84272e32cf040f5d972372f212f08/detection

youtube4kprod.xyz

# Reference: https://www.virustotal.com/gui/domain/duleal.com/detection

duleal.com

# Reference: https://www.virustotal.com/gui/ip-address/46.105.155.114/relations

http://46.105.155.114

# Reference: https://clickallthethings.wordpress.com/2020/03/23/avemaria-rat-xls-ads-and-eqnedt32/
# Reference: https://app.any.run/tasks/ce33bea3-9f2d-4507-ae43-2a96bb814bc5/

http://5.199.143.127

# Reference: https://app.any.run/tasks/e89173e6-eabc-44f5-899a-69945b914773/

newmarchess.com

# Reference: https://twitter.com/James_inthe_box/status/1242507257574719488
# Reference: https://www.virustotal.com/gui/file/c7e7638b84b5f2803bfc41cc5833110f90fd32eaf8ba8f3c31288222a67f9574/detection

http://64.44.57.65

# Reference: https://www.virustotal.com/gui/domain/blockchainglobal.cf/relations

blockchainglobal.cf

# Reference: https://twitter.com/KorbenD_Intel/status/1242571675738071040

http://35.192.198.16

# Reference: https://www.virustotal.com/gui/file/683844d7a032bb668c23f85020338451f43f4d9a19885d246459fd5f2e6b64d2/detection

skyxdata.ddns.net

# Reference: https://twitter.com/CyberCapta1n/status/1242865927185674245

la42.website
masry-corona.com

# Reference: https://twitter.com/jorgemieres/status/1242906665395027976

mwrc.ca/a/

# Reference: https://www.virustotal.com/gui/domain/m0bile.net/relations

m0bile.net

# Reference: https://twitter.com/bryceabdo/status/1243168325443690500

amdchecker.com
comwoman.com
developmasters.com
newservicehelper.com
powerlifterr.com
servicemonsterr.com
superservicee.com

# Reference: https://twitter.com/VK_Intel/status/1243230686858878981

wizardside.club

# Reference: https://www.virustotal.com/gui/domain/ikdarkhawast.com/relations

ikdarkhawast.com

# Reference: https://www.virustotal.com/gui/domain/ashkokatroma.com/relations

ashkokatroma.com

# Reference: https://twitter.com/KorbenD_Intel/status/1243231484212736000

vigilanciaepdemiologica.com

# Reference: https://twitter.com/FewAtoms/status/1243579932590161930

http://185.242.104.78

# Reference: https://twitter.com/FewAtoms/status/1243583843942182915

http://45.88.110.171

# Reference: https://www.virustotal.com/gui/domain/deadnig.ga/detection

deadnig.ga

# Reference: https://www.virustotal.com/gui/ip-address/193.135.12.22/relations

awaken1337.xyz
digicert-global-root.site

# Reference: https://www.virustotal.com/gui/domain/panellogs.ml/relations

panellogs.ml

# Reference: https://www.virustotal.com/gui/domain/api-dns1-e.xyz/relations

api-dns1-e.xyz

# Reference: https://www.virustotal.com/gui/domain/api-oberonapps.org/relations

api-oberonapps.org

# Reference: https://twitter.com/Jouliok/status/1244494861362962441

asgardia.cl

# Reference: https://twitter.com/malwrhunterteam/status/1244616242641735681

pay4ever.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1244684201653415940
# Reference: https://www.virustotal.com/gui/domain/ws09ku66vbu31pka.tk/relations

ws09ku66vbu31pka.tk

# Reference: https://twitter.com/JayTHL/status/1245245851661983746

friendsacrossthepasefika.buzz

# Reference: https://blog.cloudmark.com/2020/03/27/covid-19-sms-spam-attacks-shift-from-panic-to-stimulus/
# Reference: https://otx.alienvault.com/pulse/5e821ee9f9dc1acdaaef68b8

aircovid19virus.com
clearcovid19virus.com
coronabreath.com
covidflix19.xyz
covidflix20.xyz

# Reference: https://info.phishlabs.com/blog/covid-19-phishing-update-threat-actors-target-cdc-who
# Reference: https://otx.alienvault.com/pulse/5e8242f59b8b637793daf071

cdchealth.org

# Reference: https://twitter.com/FewAtoms/status/1245337912889262085

jotunireq.com

# Reference: https://twitter.com/FewAtoms/status/1245693287140413440

boken-jjne0.tk

# Reference: https://twitter.com/FewAtoms/status/1245695682385715200

centrehotel.vn/js/

# Reference: https://twitter.com/w3ndige/status/1245783409781362688

ococococ.xyz

# Reference: https://twitter.com/yvesago/status/1245588527380717573

expertswebservices.com

# Reference: https://twitter.com/KorbenD_Intel/status/1245104618213748737

http://185.208.211.67

# Reference: https://twitter.com/FewAtoms/status/1246423618474647552

parasvijay.com/wp-includes/css/dist/list-reusable-blocks/dir/

# Reference: https://www.virustotal.com/gui/domain/dr-cold.com/relations

dr-cold.com/wp-content/uploads/2019/11/1223/
dr-cold.com/wp-content/uploads/2019/11/12261/

# Reference: https://twitter.com/FewAtoms/status/1246789609192816640

birthdaytrend.top

# Reference: https://twitter.com/VK_Intel/status/1239934124212785154
# Reference: https://www.virustotal.com/gui/file/81003dc976fa06b15142d1b0541e0f60adf295a06a188f81e9458b32970a8a87/detection
# Reference: https://www.virustotal.com/gui/ip-address/31.44.184.50/relations

http://31.44.184.50

# Reference: https://twitter.com/James_inthe_box/status/1233128596165685248

munesdon.top

# Reference: https://twitter.com/bryceabdo/status/1247550103205875717

orange-vpn.com
orangeyouglad.xyz

# Reference: https://app.any.run/tasks/d30d1c49-05e8-4767-ade8-66a3204f8821/

microsoft-hohm.space

# Reference: https://app.any.run/tasks/c4aa1b6e-a92c-4a19-a5c0-b644bd415374/

quickmaildrive.com

# Reference: https://twitter.com/JayTHL/status/1247971248291880962

medicacademic.com/aza/

# Reference: https://twitter.com/pancak3lullz/status/1247985242092326920

hallmarkherbals.com

# Reference: https://twitter.com/MBThreatIntel/status/1248412024305897475
# Reference: https://www.virustotal.com/gui/ip-address/198.12.66.107/relations

http://198.12.66.107

# Reference: https://www.virustotal.com/gui/file/b9626de5d7262ab3985c0a064e3855f7a40fb9a6a941a29f55c2cb67df503fcf/detection

http://45.95.168.62

# Reference: https://app.any.run/tasks/eb87c335-fe94-477f-b6e5-01e75b74673e/

gulf-builders.com

# Reference: https://app.any.run/tasks/3ebea34f-7c85-41e5-983e-810ac1f43ab1/

http://193.168.3.93

# Reference: https://www.virustotal.com/gui/ip-address/74.208.13.22/relations

http://74.208.13.22

# Reference: https://twitter.com/JAMESWT_MHT/status/1249641912136617984
# Reference: https://www.virustotal.com/gui/domain/1podcast.best/relations

1podcast.best

# Reference: https://twitter.com/FewAtoms/status/1250412878781431810

bovientix.com

# Reference: https://twitter.com/bryceabdo/status/1250420225008259072

at-2.com
f-db.info

# Reference: https://twitter.com/stecar792/status/1250845389340774400

http://217.8.117.60

# Reference: https://twitter.com/YouMayBeHacked/status/1251161689812131841

igrejayhwh.com/wo/

# Reference: https://twitter.com/ydklijnsma/status/1251166858797101057

fileserveravast.com

# Reference: https://twitter.com/fr0s7_/status/1251445876398194690

mitsui-jyuku.mixh.jp/uploads/

# Reference: https://twitter.com/FewAtoms/status/1251574078965723136

mindrey.co/docu/

# Reference: https://twitter.com/malwrhunterteam/status/1251562811257507841

coronavirusmaps.pro

# Reference: https://twitter.com/JAMESWT_MHT/status/1251824300539219970
# Reference: https://www.virustotal.com/gui/domain/fasttads.com/relations
# Reference: https://www.virustotal.com/gui/domain/updateplayer.to/relations
# Reference: https://twitter.com/Arkbird_SOLG/status/1251827928134045696

fasttads.com
updateplayer.to
/pixel/install/?e=
/pixel/log/?e=
/pixel/update/?e=

# Reference: https://twitter.com/ReBensk/status/1252200857753382912

riversouthhomes.com/wp-includes/SimplePie/Net/

# Reference: https://twitter.com/FewAtoms/status/1252232647339720705

http://162.213.255.176

# Reference: https://twitter.com/James_inthe_box/status/1252249689811857408

http://167.114.85.125

# Reference: https://twitter.com/cyber__sloth/status/1252879669558312960

13pope.com/wrd/

# Reference: https://www.virustotal.com/gui/domain/gbud.webd.pl/relations

gbud.webd.pl

# Reference: https://twitter.com/MBThreatIntel/status/1253088809677320192

martner.com/sym/

# Reference: https://app.any.run/tasks/bd29f951-1fe7-4ce8-b26a-c440121d6fac/

wsdyanaekppyinitalymedicalconsultant3.duckdns.org

# Reference: https://www.virustotal.com/gui/domain/toliku.com/relations

toliku.com

# Reference: https://twitter.com/p5yb34m/status/1253473594631286785

apbfiber.com/openme/

# Reference: https://twitter.com/JayTHL/status/1253891233296060416

alkalabs.cf

# Reference: https://twitter.com/malwrhunterteam/status/1253984108109324288

http://117.50.106.161

# Reference: https://twitter.com/nao_sec/status/1254023052100120582
# Reference: https://app.any.run/tasks/d9f04401-83b4-4a83-8880-e82750d8b030/
# Reference: https://www.virustotal.com/gui/domain/yourfuturewin.online/relations

yourfuturewin.online
/grhcwZ?source=
/T33sBb?source=
/tpQpXh?source=

# Reference: https://www.virustotal.com/gui/ip-address/185.234.218.68/relations

http://185.234.218.68

# Reference: https://www.virustotal.com/gui/file/78ed52fd5cdeeeccaf079c7fd7c90ed7dc99664310c75e8829163546b2ce83cb/detection

http://185.242.104.98

# Reference: https://twitter.com/Jouliok/status/1254707467570774017

anjelo-directhelp.de/fotos/

# Reference: https://twitter.com/jstrosch/status/1254787385587572736

ttkplc.com/office/

# Reference: https://twitter.com/KorbenD_Intel/status/1254920769731063808

http://23.96.112.43

# Reference: https://twitter.com/KorbenD_Intel/status/1254912377130110977
# Reference: https://www.virustotal.com/gui/domain/properrty.co/relations

properrty.co/files/

# Reference: https://twitter.com/benkow_/status/1255423719037702144

http://213.226.100.140

# Reference: https://twitter.com/baberpervez2/status/1255581708189085696
# Reference: https://www.virustotal.com/gui/domain/dongiln.co/relations

dongiln.co

# Reference: https://app.any.run/tasks/7f13ba75-4ae3-4a33-8a0a-ac5a659b9c12/

http://84.38.134.120

# Reference: https://twitter.com/bry_campbell/status/1255786478480822272

http://45.147.228.245

# Reference: https://www.virustotal.com/gui/domain/elievarsen.ru/relations

elievarsen.ru

# Reference: https://www.virustotal.com/gui/domain/gobigonbig.info/relations

gobigonbig.info

# Reference: https://twitter.com/James_inthe_box/status/1255856345175044096

rockersdolphin.co.za

# Reference: https://twitter.com/KorbenD_Intel/status/1255979526925869056
# Reference: https://www.virustotal.com/gui/ip-address/185.22.153.166/relations

ajzconsulting.pw
kokoshi.website

# Reference: https://twitter.com/KorbenD_Intel/status/1255970615372079104

http://185.227.82.72

# Reference: https://twitter.com/bryceabdo/status/1256256516430143488
# Reference: https://www.virustotal.com/gui/ip-address/93.190.138.35/relations

http://93.190.138.35
93.190.138.35:8080
popeyesbox.org

# Reference: https://twitter.com/malwrhunterteam/status/1256263426441125888
# Reference: https://www.virustotal.com/gui/domain/9sg.me/relations

9sg.me

# Reference: https://twitter.com/bit_dam/status/1256311982992633862

maringareservas.com.br

# Reference: https://www.virustotal.com/gui/file/72663c3c01ba82e498550d5b6710f02353adb277903f5b588e49a847f6040e05/detection

hlde1.online

# Reference: https://www.virustotal.com/gui/file/44c3366e1c09d45096ae06709cf7edcc66e088c6f35b465f3fbfb2d81eb9460d/detection

149.248.37.246:10000
fasterpdfdashboard.top
/api/anonymous/cookie/post

# Reference: https://www.virustotal.com/gui/file/ec71cafeba96b9e9b15e9dd917a5d90ad0888dcea7d329d6ab00e66f69c503a9/detection

66.42.100.151:10000
bhtaifvu.com
easyzipperlab.site
luckyoneday01.top
fohgo.bhtaifvu.com

# Reference: https://twitter.com/petrovic082/status/1256537423166791680

http://63.250.42.34/~bulght/

# Reference: https://twitter.com/JayTHL/status/1256668154383785986

http://45.9.148.123

# Reference: https://twitter.com/jorgemieres/status/1255243161099735046

273625612.netxi.in

# Reference: https://www.virustotal.com/gui/domain/prepaidgift.co/relations

prepaidgift.co

# Reference: https://twitter.com/jstrosch/status/1256705024241086464

ozz.su

# Reference: https://twitter.com/petrovic082/status/1256861192481538049

invoice7mukszq9nbpa7online.ru

# Reference: https://twitter.com/James_inthe_box/status/1256929937178517505

invoice9kat5ggmml0c6online.ru

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/google.nov.su/relations

google.nov.su

# Reference: https://twitter.com/3xp0rtblog/status/1257189013699657728
# Reference: https://app.any.run/tasks/ef44292d-3b2e-4571-8b68-fb49c1db1b1a/

geroipanel.site

# Reference: https://twitter.com/malwrhunterteam/status/1257264743775076353
# Reference: https://twitter.com/malwrhunterteam/status/1258281482805796865
# Reference: https://twitter.com/malwrhunterteam/status/1258663175806992384
# Reference: https://twitter.com/malwrhunterteam/status/1259724745907613696
# Reference: https://twitter.com/malwrhunterteam/status/1260812454294061057

kremlin-malwrhunterteam.info
nitro-malwrhunterteams.com
screw-malwrhunterteam.com
skidware-malwrhunterteams.com
putin-malwrhunterteams.com

# Reference: https://twitter.com/500mk500/status/1257300194984509444
# Reference: https://www.virustotal.com/gui/file/a3fb31d5f00d84fe35edb1e43acfa64a6d77fca443d49e67e6728cd33373bd29/detection
# Reference: https://app.any.run/tasks/de4c7c53-60c9-4f0d-9920-ff756532a28d/

http://185.183.76.32/Oq8d

# Reference: https://app.any.run/tasks/6a77f6f2-50fb-4a3e-ad20-e0bdd2ba7031/

http://185.141.27.131

# Reference: https://twitter.com/petrovic082/status/1257373903292432387

mitonegbh.xyz

# Reference: https://app.any.run/tasks/6a448b87-5f8a-493b-927c-09439f8e652a/

http://205.185.122.246

# Reference: https://twitter.com/bryceabdo/status/1257407631368519681

dl-microsoft.com
kaspernsky.com

# Reference: https://twitter.com/pmelson/status/1257474730703101959

56ed6ae9.ngrok.io

# Reference: https://urlhaus.abuse.ch/browse.php?search=web.lavishsupplystore.com

lavishsupplystore.com

# Reference: https://twitter.com/petrovic082/status/1257665271831113728

adamtcarruthers.com/sb/img/

# Reference: https://twitter.com/FewAtoms/status/1257685823711055875

adamtcarruthers.com/bottest/node_modules/files/

# Reference: https://twitter.com/felixaime/status/1257699061488070656
# Reference: https://www.virustotal.com/gui/domain/coramap.site/relations

coramap.sit

# Reference: https://twitter.com/KorbenD_Intel/status/1257792636292698112
# Reference: https://www.virustotal.com/gui/ip-address/183.131.80.72/relations
# Reference: https://www.virustotal.com/gui/ip-address/207.246.106.233/relations
# Reference: https://www.virustotal.com/gui/ip-address/58.49.59.139/relations

http://183.131.80.72
http://207.246.106.233
http://58.49.59.139
183.131.80.72:16950
207.246.106.233:17470
58.49.59.139:13187

# Reference: https://twitter.com/ReBensk/status/1257902089411256321

linktodown.com

# Reference: https://twitter.com/PRODAFT/status/1257957444887744512
# Reference: https://www.virustotal.com/gui/ip-address/193.187.173.112/relations
# Reference: https://www.virustotal.com/gui/file/6d3a2dd3bd042a0484ba076f7ae7de39fb39d3aa7decc1809266c7e9b36dbb5a/detection

http://193.187.173.112

# Reference: https://twitter.com/FewAtoms/status/1258097048257265666

pocketfsa.com/m/

# Reference: https://twitter.com/James_inthe_box/status/1258099799066243072

medlinee.com

# Reference: https://twitter.com/James_inthe_box/status/1258117201610944514
# Reference: https://www.virustotal.com/gui/domain/rititi.com/relations

rititi.com

# Reference: https://twitter.com/ScumBots/status/1258145657514332161

freepics.bezatraud.me

# Reference: https://twitter.com/ScumBots/status/1258148818404679681

cloud.falconoasisdubai.com

# Reference: https://twitter.com/ReBensk/status/1258349048903266304

c9f44961.ngrok.io

# Reference: https://twitter.com/James_inthe_box/status/1258390247341043712

ec2.amazzed.top

# Reference: https://twitter.com/KorbenD_Intel/status/1258508684159619073

colovilla.top

# Reference: https://twitter.com/KorbenD_Intel/status/1258514599436902401

http://5.206.224.216

# Reference: https://twitter.com/Circuitous__/status/1258467178141138944
# Reference: https://twitter.com/tkanalyst/status/1258744515977854977

theclinicabarros.com/a.jpg
theclinicabarros.com/ab.jpg

# Reference: https://www.virustotal.com/gui/file/259596170a1e0fb6e75d30cef5258005f1a2ddf7330baac54bab65e92310a750/detection

websolution.vipwell.org

# Reference: https://twitter.com/petrovic082/status/1259039290505519105

http://77.73.69.137

# Reference: https://twitter.com/FewAtoms/status/1258753855426306049

alphauniforms.ae/collinxx/
alphauniforms.ae/huss/
alphauniforms.ae/wetransfers/

# Reference: https://twitter.com/malwrhunterteam/status/1259208656819798017

outletdemakeup.ro

# Reference: https://twitter.com/petrovic082/status/1259446499353620480

http://40.89.185.52

# Reference: https://www.virustotal.com/gui/file/f1e753cf6e66c7ced7ac61aa4bc6646d8f772cec9ed513ae8bfc056cb4070ba3/detection

ad-repack.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1259916041431343104

http://94.158.245.25

# Reference: https://twitter.com/petrovic082/status/1260202592195543040

gossip-candy.stars.bz

# Reference: https://twitter.com/petrovic082/status/1260204809644277766
# Reference: https://twitter.com/petrovic082/status/1260205055866699776

aarontveit.net/doc/
aarontveit.net/zy/

# Reference: https://twitter.com/James_inthe_box/status/1260356146335899648

temp.news

# Reference: https://twitter.com/FewAtoms/status/1260610055151509504

http://37.59.90.90

# Reference: https://twitter.com/KorbenD_Intel/status/1260714876525256707

159.65.133.180:81

# Reference: https://twitter.com/executemalware/status/1260947413474381824

orlandovoicestudio.com/new/

# Reference: https://twitter.com/FewAtoms/status/1260979618716225536

http://194.26.29.128
id-929734532482.com

# Reference: https://twitter.com/abuse_ch/status/1261191304182206464

polaaadetadf.org

# Reference: https://twitter.com/KorbenD_Intel/status/1261369088229720065

http://79.124.8.122

# Reference: https://twitter.com/JAMESWT_MHT/status/1261484589035458560
# Reference: https://app.any.run/tasks/41685b2e-fa5b-444a-8948-8580e0c49ef4/

lightning.dns-cloud.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1261702858216558592
# Reference: https://app.any.run/tasks/44eac201-23e0-42cc-ae03-189ae1e9c430/

apkelites10.com

# Reference: https://twitter.com/malwrhunterteam/status/1262278709752578050

members.westnet.com.au/~marioncraig/

# Reference: https://app.any.run/tasks/efb52b8d-464c-4378-959f-0a4c12016dc7/

rough-grass-45e9.poecdjusb.workers.dev

# Reference: https://twitter.com/ScumBots/status/1262695833629274114

holy-shit.ubuntu.workers.dev

# Reference: https://twitter.com/FewAtoms/status/1262775320001814529

skdwre-mhteam.best

# Reference: https://twitter.com/KorbenD_Intel/status/1262859931717234689

http://185.62.188.26

# Reference: https://app.any.run/tasks/51a2865e-01f4-4bec-8e9a-a23dddf27f00/

http://35.198.146.176
http://64.225.73.172
http://185.236.231.222
pirscupper.club
regapi.gamigo.com

# Reference: https://twitter.com/Vishnyak0v/status/1263110496347140098

strongapt.ga
strongapt.life

# Reference: https://twitter.com/James_inthe_box/status/1263179511123685376

pagamentos.rensz.com.br/craftbrew/

# Reference: https://twitter.com/petrovic082/status/1263413662569594880

ideaomar.net

# Reference: https://twitter.com/yusaerguven/status/1263470947706773504

vpn-dragon.com

# Reference: https://twitter.com/FewAtoms/status/1263510144819908610

learnteachweb.ru/ikt/filter/algebra/tests/test/

# Reference: https://twitter.com/w3ndige/status/1263515049978626049
# Reference: https://app.any.run/tasks/91b1966a-7d29-44fc-834e-3666fbd0367a/

tani-klucz.pl/2/

# Reference: https://twitter.com/petrovic082/status/1263768808105402369

http://45.141.86.137

# Reference: https://twitter.com/James_inthe_box/status/1263863548418994178

wikiapply.ir

# Reference: https://twitter.com/malwrhunterteam/status/1263772532194205696
# Reference: https://twitter.com/VK_Intel/status/1264191430068711426
# Reference: https://www.virustotal.com/gui/file/f8cbdb2369a642d07a944f6fea135bc6c6755dbcf3e984b3f170b03d586ce053/detection

39.104.67.122:453

# Reference: https://twitter.com/petrovic082/status/1264193721836408833

tayga.mx/wp-content/themes/twentytwenty/assets/fonts/

# Reference: https://www.virustotal.com/gui/file/3d3351726f3b5cd848ad58cabcc33c9dcd1c601cc1664f197f10b8b1adf7038b/detection

tavukkement.tk

# Reference: https://www.virustotal.com/gui/domain/kiss58.org/relations

kiss58.org

# Reference: https://app.any.run/tasks/3a99ae00-8cdc-43fc-b0d0-cfef5c5fc65b/

craghoppers.icu

# Reference: https://twitter.com/FewAtoms/status/1264929672166506497

conveyancing.pro/wp-admin/js/widget/

# Reference: https://twitter.com/JAMESWT_MHT/status/1264828072001495041

fofl.it

# Reference: https://twitter.com/DynamicAnalysis/status/1265346721795715073

http://185.205.209.166

# Reference: https://twitter.com/James_inthe_box/status/1265390063203975168

http://185.177.59.184

# Reference: https://twitter.com/ScumBots/status/1265610032487563264

striker.work

# Reference: https://twitter.com/_re_fox/status/1266917702435835904

goodhk.azurewebsites.net

# Reference: https://www.virustotal.com/gui/file/cbcbf58f7d5df41edaef663f74519ce633d326de0705ab22dee43fe6726e956a/detection

kiglskfws.serveminecraft.net

# Reference: https://twitter.com/reecdeep/status/1267328903846207494

http://45.76.126.209
http://45.77.50.112

# Reference: https://twitter.com/p5yb34m/status/1267971830301601795
# Reference: https://pastebin.com/hbCT919x

westuatrans.com/storage/

# Reference: https://twitter.com/James_inthe_box/status/1268190189794426880

manguifajas.com/admin/

# Reference: https://www.virustotal.com/gui/domain/anyeddos.com/relations

anyeddos.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1268837262516727809
# Reference: https://app.any.run/tasks/fbce704e-e748-4898-b36a-0cab2ecd5105/

freekzvideo.cloud

# Reference: https://twitter.com/jstrosch/status/1268961202778116096

thugesh.cf

# Reference: https://twitter.com/jcarndt/status/1268585900969283585

hizmetotomotiv.com

# Reference: https://app.any.run/tasks/2b9c3175-8d4c-4030-8ba7-0ec2b6591dc6/

mainwhile.com

# Reference: https://twitter.com/nao_sec/status/1269422460362870784

http://192.241.208.221

# Reference: https://www.virustotal.com/gui/file/c38e150306fbbe4ea692c3f4b76dcd39d8ebdd97d58dcdad7d70b8be88d79278/detection (# Aliases: disbuk, socelars)
# Reference: https://twitter.com/MBThreatIntel/status/1280960714773983232
# Reference: https://threatfox.abuse.ch/browse/malware/win.socelars/

allinfo.pw
asdgain.xyz
assassinsx.com
biohazardgraphics.com
channelinfo.pw
chosenncrowned.com
clinkccaddress.com
createinfo.pw
eceinfos.top
ecgbg.com
fidgetiesout.com
frivoloument.com
gaintt.pw
hhgenice.top
influenceted.com
infoanalysiser.com
infokscents.com
irritabletion.com
kvubgc.com
likewisemeticulous.com
mkpmc.com
nicekkk.pw
nvdmzf.com
sblinfo.pw
sokoinfo.pw
tendenctioned.com
tpyyf.com
wgqpw.com
wygexde.xyz
y101ad34452096.xyz
zhxxjs.pw
zzhlike.pw

# Reference: https://www.virustotal.com/gui/ip-address/155.138.226.36/relations

channelinfo.pw
downcleardown.xyz
exeinfo.pw
goodvisit.pw
jsxjbxx.pw
nextinfo.pw
sjjscenter.pw
smartpdfreader.com
wbinstall.pw

# Reference: https://twitter.com/abuse_ch/status/1269863589382369282

bluechippropertyexperts.com/autorenew/

# Reference: https://twitter.com/reecdeep/status/1269911390141190144
# Reference: https://www.virustotal.com/gui/domain/szn.services/relations

szn.services

# Reference: https://twitter.com/James_inthe_box/status/1270007086978486272

transgear.in/ssc/

# Reference: https://twitter.com/FewAtoms/status/1270030123480289281

boasteel.us

# Reference: https://twitter.com/FewAtoms/status/1270038201533632514

eurostudiescy.com/putttty/

# Reference: https://www.virustotal.com/gui/file/29d2c857add67db5ea4fa1265d6799f72436443ef37ebe6b552884f7f08c99ba/detection

majia.pw

# Reference: https://twitter.com/yusaerguven/status/1269373995197042688

irsupd.com

# Reference: https://twitter.com/FewAtoms/status/1270765647182663681

http://5.152.203.117

# Reference: https://twitter.com/FewAtoms/status/1270754951380205569

ivobrandao.com/wp-admin/maint/files/
ivobrandao.com/wp-admin/includes/files/
ivobrandao.com/wp-admin/images/files/

# Reference: https://twitter.com/malwrhunterteam/status/1271160638342127618

social-turnips.xyz

# Reference: https://app.any.run/tasks/bbf298e2-3f58-4702-80ff-eb0b742f5a6a/

http://176.57.208.130

# Reference: https://twitter.com/bad_packets/status/1271568773867204608

http://107.189.11.170

# Reference: https://twitter.com/FewAtoms/status/1272132057901273091

http://43.229.151.135

# Reference: https://www.virustotal.com/gui/file/acb6fe32500a2a116c9a56bc4cc897ecad4d38839cd73d09b5904d7ebe29d047/detection

webewr.com

# Reference: https://twitter.com/1ZRR4H/status/1272311078148550656
# Reference: https://app.any.run/tasks/f95e4b61-946c-45c2-91dd-3bbbcacd56cf/

small-business-solutions.biz

# Reference: https://twitter.com/ScumBots/status/1272445067232530433

microsoft.dtgsiam.pw

# Reference: https://twitter.com/malware_traffic/status/1272973262788734977

pops.works/manahet/

# Reference: https://app.any.run/tasks/fa7cb330-07b2-4366-a9a1-03984fe05c1d/

office-service-secs.com

# Reference: https://twitter.com/James_inthe_box/status/1273271196298080258

asmreekasounds.com/upfiles/up_down/

# Reference: https://twitter.com/benkow_/status/1273205562122153984
# Reference: https://www.virustotal.com/gui/domain/covidbase.info/detection
# Reference: https://www.virustotal.com/gui/file/0d98e0007c97324e37dbaceadd478378b1e803ade4bac2e2642603d2ed709b9e/detection

covidbase.info
faithohp2pohm1einee5.youtubecom.watch

# Reference: https://twitter.com/mz_malhunt/status/1272844728950652928
# Reference: https://twitter.com/p5yb34m/status/1273415760052805632
# Reference: https://twitter.com/FewAtoms/status/1273664376470462464

microtechnology.hk/fidex/
microtechnology.hk/wapdast/

# Reference: https://twitter.com/jstrosch/status/1273077060303454209

gpt.alarmasystems.ru/wp-content/themes/twentysixteen/inc/

# Reference: https://twitter.com/reecdeep/status/1273576796735377408

playthefinancialgame.com/createfoldernow/

# Reference: https://twitter.com/JAMESWT_MHT/status/1273922229865234433
# Reference: https://app.any.run/tasks/21a85887-bcb6-4733-b3fa-17137886052e/

http://137.74.137.211
http://45.125.66.95

# Reference: https://twitter.com/reecdeep/status/1273935123910713346

http://45.139.236.5

# Reference: https://twitter.com/jstrosch/status/1274009131603472385

omeubebexxs.org/storage/app/files/

# Reference: https://www.virustotal.com/gui/domain/admindepartment.ir/detection

admindepartment.ir

# Reference: https://twitter.com/JAMESWT_MHT/status/1275338252531249152

office-services-sec.com

# Reference: https://pastebin.com/5QKdKvZH

http://80.76.42.107
real-chat.website

# Reference: https://twitter.com/cyber__sloth/status/1275339899789553666

89.248.168.197:443

# Reference: https://twitter.com/RobbieWhite98/status/1275781443063623680

aravindweb.in/my_files/others/

# Reference: https://twitter.com/James_inthe_box/status/1275831258216411136

http://37.49.230.204

# Reference: https://twitter.com/_re_fox/status/1275887920910610432

aquacare2.com

# Reference: https://app.any.run/tasks/764bc39b-9b3d-4e12-a7e6-4f1f905e7891/

ahjuric.si/Code.txt
office-service-tech.info

# Reference: https://twitter.com/bryceabdo/status/1275153235620347904
# Reference: https://www.virustotal.com/gui/file/4c9a53b3cc66aef4e9e58e84bc2a873ce2e1ae8a39ac44323aae5c5ac5f443cd/detection

144.202.98.198:8443

# Reference: https://www.virustotal.com/gui/file/65fa0b682baabead9786a6b7d540af673155d32394424e64c77e0ccd509567ae/detection

45.77.249.92:443

# Reference: https://www.virustotal.com/gui/ip-address/81.16.141.208/relations

http://81.16.141.208

# Reference: https://app.any.run/tasks/8473c16b-cbb5-4885-a48b-8952654d5031/

blackl1vesmatter.org

# Reference: https://twitter.com/BlackonIntel/status/1276166654980956161

http://202.146.222.249

# Reference: https://twitter.com/BlackonIntel/status/1276399848586014720

http://47.112.99.43

# Reference: https://twitter.com/BlackonIntel/status/1276398237868408834

http://194.87.18.147

# Reference: https://twitter.com/FewAtoms/status/1276582665366441984

lont.co.in

# Reference: https://www.virustotal.com/gui/domain/akhbarrecords.com/detection

akhbarrecords.com

# Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt

0022a601.pphost.net
children.ru.com

# Reference: https://twitter.com/p5yb34m/status/1277003721893834752

http://88.119.174.241

# Reference: https://www.virustotal.com/gui/domain/valencaagora.com.br/relations

valencaagora.com.br

# Reference: https://www.virustotal.com/gui/file/2430b443aa2f97bf06ce3a60d328c379bf8f0df540dbb68523eff1f23cb254af/detection

184.168.221.59:444
50.63.202.34:444
haoqing.me

# Reference: https://bazaar.abuse.ch/sample/de5648abf555a4574df8ebf2d2b75dde4ea73639662ae62bf62a109a54f14fd4/

http://170.130.55.135

# Reference: https://www.virustotal.com/gui/ip-address/101.99.90.91/detection

http://101.99.90.91

# Reference: https://twitter.com/reecdeep/status/1277510958647250945
# Reference: https://app.any.run/tasks/1077f681-1dce-4232-a044-1d31f7b56a5f/

itsmeyourfriendhi.ga

# Reference: https://twitter.com/malware_traffic/status/1277619624243314688

feedingyourhealth.com/oprawilson/

# Reference: https://app.any.run/tasks/5142bb13-4b23-49fa-9312-175979c96ab4/

lotusabloom.com

# Reference: https://twitter.com/bryceabdo/status/1277762546414620674

microsoft-ml.ml

# Reference: https://twitter.com/JAMESWT_MHT/status/1277866602634059777

http://198.144.176.137

# Reference: https://app.any.run/tasks/031b55bd-61ec-400f-af64-21ac5b79e367/

838495sd.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1280123075946844162

83848has.duckdns.org

# Reference: https://twitter.com/FewAtoms/status/1280174155955154944

members.westnet.com.au/~perthglory81/

# Reference: https://twitter.com/RobbieWhite98/status/1280518052560412675

excelofficeonline.com

# Reference: https://twitter.com/Dr_N0b0dyh/status/1280820643899101185

greattastesmb.ca/wp-content/plugins/duplicator/files/

# Reference: https://www.virustotal.com/gui/domain/seedwellresources.xyz/relations

seedwellresources.xyz

# Reference: https://twitter.com/InQuest/status/1280938328494346241

cattelenitalia.icu

# Reference: https://twitter.com/James_inthe_box/status/1280893749099290624
# Reference: https://app.any.run/tasks/39bc7028-ac54-433f-b776-4a715bdd4906/

162.244.81.87:443

# Reference: https://twitter.com/MaelSecurity/status/1281258899652456448

altechsolutions.sg

# Reference: https://app.any.run/tasks/3b8c15b9-9846-4aec-a414-5014faeebfaf/

http://45.32.111.52

# Reference: https://twitter.com/Dr_N0b0dyh/status/1281563732963885056

comawhimplet.com

# Reference: https://twitter.com/Dr_N0b0dyh/status/1281592784407990273

our20203.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a5d8bd3aea834c9bc0fb8b0a4853e75eeae28f0581cc0c90ca53dfc57128eb43/detection

mschatting.r-e.kr

# Reference: https://twitter.com/James_inthe_box/status/1282690108605427712

z.zz.ht

# Reference: https://www.virusradar.com/en/Win32_TrojanClicker.Clidak.A/description
# Reference: https://www.virustotal.com/gui/file/980ef75a800eba45c7cb64b4c1bcc61a3b0cdf92854c24dbf1ea0f3fe4cad944/detection
# Reference: https://www.virustotal.com/gui/ip-address/65.254.51.42/relations

http://65.254.51.42
dhj.serveftp.com
phk.serveblog.net

# Reference: https://twitter.com/cyber__sloth/status/1282967458727559173

141.98.213.151:443

# Reference: https://twitter.com/James_inthe_box/status/1283030572604874752

anythingbilliest.com

# Reference: https://twitter.com/KorbenD_Intel/status/1282805567661019136

http://5.206.224.211

# Reference: https://twitter.com/James_inthe_box/status/1283032087298072576

bloomcareltd.co.uk/wp-content/uploads/2020/06/files/

# Reference: https://www.virustotal.com/gui/ip-address/81.177.141.11/relations
# Reference: https://www.virustotal.com/gui/domain/frefou.ru/relations
# Reference: https://www.virustotal.com/gui/domain/tokyofunkowildvaley.ru/detection
# Reference: https://www.virustotal.com/gui/file/ba8d3d5d0d4b0d2178ea3ed1ff72e49ac8f6b608aac2718c6cf9904390dbeb80/detection

81.177.141.11:443
chokun.ru
frefou.ru
tokyofunkowildvaley.ru

# Reference: https://twitter.com/luc4m/status/1283438173020803072

offthewall.top

# Reference: https://twitter.com/_re_fox/status/1283486522981974017
# Reference: https://www.virustotal.com/gui/ip-address/185.172.110.210/relations

http://185.172.110.210

# Reference: https://www.virustotal.com/gui/file/14a0b3003b983e26096094b066c6488b21850f7d379244492affa602655b9d94/detection

dueuekekdd833234.publicvm.com

# Reference: https://app.any.run/tasks/09e4db88-e007-45df-b7b7-9d485249d0a3/

185.99.2.49:443
185.99.2.49:80
45.148.120.142:443
45.148.120.142:80
78.108.216.13:443
78.108.216.13:80

# Reference: https://www.virustotal.com/gui/domain/ntro.fr/detection

ntro.fr

# Reference: https://twitter.com/pancak3lullz/status/1283791016588451842

http://198.46.198.118

# Reference: https://twitter.com/Bl4ng3l/status/1283853966795780097

http://51.77.225.87

# Reference: https://twitter.com/jcarndt/status/1283799735065862144

http://185.14.31.56

# Reference: https://twitter.com/Dr_N0b0dyh/status/1284155801813372930

insightout-me.com/backup/

# Reference: https://www.virustotal.com/gui/domain/ramukakaonline.com/relations
# Reference: https://www.virustotal.com/gui/domain/shubhinfoways.com/relations
# Reference: https://www.virustotal.com/gui/file/475d81dda1f6fd4e8fe7038d406b874519986a94832a51fbafafe023dd5c5ad2/detection

ramukakaonline.com
test2.cxyw.net
shubhinfoways.com
sustainableandorganicgarments.com

# Reference: https://pastebin.com/Hc73BzJT

francehayon.fr

# Reference: https://www.virustotal.com/gui/ip-address/185.11.167.190/detection

http://185.11.167.190

# Reference: https://app.any.run/tasks/49ebad37-e6e0-4e82-9a1f-3d88e1c90a4e/

madibarohilala.ddnsgeek.com

# Reference: https://app.any.run/tasks/097bbd0b-74c4-47b4-9f4d-201ee4c38a4a/

salesforce-ibmcloud.kozow.com
speedfinance-cloud.gleeze.com

# Reference: https://twitter.com/James_inthe_box/status/1285294414475087872

thirdchidet.com

# Reference: https://www.virustotal.com/gui/file/5fb20cca77d85fedf3653f24c8109d985c946955ad50ffd18bff9e33d64bc5ef/detection

http://124.160.126.238

# Reference: https://www.virustotal.com/gui/domain/22ssh.com/detection

22ssh.com

# Reference: https://www.virustotal.com/gui/file/5d05b5938fc802c4e22f5b85cbf5b332297cc63800f2eb0fb4e667035587a6af/detection

361com.com

# Reference: https://www.virustotal.com/gui/file/7456e451f3c209fda2c5dd276acbb84e6c6055c48c28773396c87355c027ec4f/detection

4i7i.com

# Reference: https://twitter.com/InQuest/status/1285686606276562946

allmedicalpro.com

# Reference: https://twitter.com/jorgemieres/status/1285681527666483200
# Reference: https://twitter.com/jorgemieres/status/1284213293712838657

stationery.best
stationery.link

# Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection

office-supply.top

# Reference: https://twitter.com/malwrhunterteam/status/1285910669238382592
# Reference: https://twitter.com/bryceabdo/status/1285925420890824706
# Reference: https://otx.alienvault.com/pulse/5f187f5e30e61988f5d51a52

facbeookloggin.com
facebokloggin.com
faecbooklogin.com
fireeyee.com
kasparksy.com
microsotflogin.com

# Reference: https://twitter.com/emirca_/status/1286037814380044294
# Reference: https://www.virustotal.com/gui/file/a4aa745edd8032f8fa45ca76262dcf218322ee4e715addea5bb6545ba2e229a9/detection

http://70.37.67.191
briendmaster.duckdns.org
bustvch.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1286268666431123456

penir.net

# Reference: https://www.virustotal.com/gui/file/d72133df3fee1d91fcab0adb532459b6c0044e7f8b4ca542fa3f6ae470b42be1/detection

http://185.146.157.171

# Reference: https://twitter.com/KorbenD_Intel/status/1286767861348753409

http://88.150.221.122

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/lockscreen-ransomware-phishing-leads-to-google-play-card-scam/
# Reference: https://otx.alienvault.com/pulse/5f1b43526f61f735c9560f23

whoawareness.com

# Reference: https://twitter.com/FewAtoms/status/1287010471283953665

class.britishonline.co/admin/user/
class.britishonline.co/tag/tests/

# Reference: https://twitter.com/malwrhunterteam/status/1287094489149059073

cannoninstrument.co
ecowasloan.com

# Reference: https://www.virustotal.com/gui/domain/payeermine.com/relations

payeermine.com

# Reference: https://www.virustotal.com/gui/file/98917be41e446698aaf1dcb464bfc27ca686c56e2636e2801e6e8c46929e5f71/detection

office-files.pw

# Reference: https://www.virustotal.com/gui/file/65002536a1187a53bc90956d2b73079d4319b3ca6ad3150f02394efcf64e56bd/detection

onlinesnotes.top
usamailnet.top

# Reference: https://www.virustotal.com/gui/ip-address/47.241.145.99/relations

office-supply.top

# Reference: https://twitter.com/FewAtoms/status/1288527091936497666

royerconseil-finances.ch/js/tiny_mce/temp/

# Reference: https://twitter.com/IronNetTR/status/1288506810748538892

8hebrew.website

# Reference: https://www.virustotal.com/gui/file/c63401a07c3e4c8d8658413c437c7c77d7b7543f8f5a6227b524ed06bf4fcc21/detection

auxmalishoes.ga

# Reference: https://www.virustotal.com/gui/file/dd77e1f820bd2a57c943f806f628e803708652142e6b691ae3495a39d9a297d2/detection

ecoshore.ga

# Reference: https://twitter.com/malware_traffic/status/1288968378951106560

marketingstrategiesinc.com/eblast/

# Reference: https://twitter.com/KorbenD_Intel/status/1289274346561708032

http://40.125.65.33

# Reference: https://twitter.com/jaimeblascob/status/1289649571463798784
# Reference: https://github.com/stamparm/maltrail/pull/10155/commits/a7f67c994a26b0191f07af4f29e089fa5c471891
# Reference: https://www.virustotal.com/gui/file/4c6a7aabb3a1d45a0d1cc7d2251178521737f5b34c1c9c477665e81c539addc9/detection

http://63.250.34.191

# Reference: https://twitter.com/0bfusCat/status/1247497286051139584

http://5.231.144.2

# Reference: https://twitter.com/0bfusCat/status/1181529470475362304
# Reference: https://app.any.run/tasks/f6d7cc92-3215-4103-baeb-eb424016f885/

http://3.86.56.191

# Reference: https://www.virustotal.com/gui/file/a38216166e363d752f37bdf0419d2e2694279beab8df66d40f56c679563e7a4f/detection

http://185.173.26.156

# Reference: https://www.virustotal.com/gui/domain/becommodal.com/detection

becommodal.com

# Reference: https://app.any.run/tasks/6bcce7b0-611d-4d44-865d-7ca0765f9bff/

epyorke.edu.bz

# Reference: https://app.any.run/tasks/27f1e600-b8fc-4c18-a6f0-b35799393cdc/
# Reference: https://www.virustotal.com/gui/file/6f8fcaac6fd0664838ccfe07924cf97af5056b3868aaaf8fd12560c3a9e8ac41/detection

fugitdeacasa.ro

# Reference: https://twitter.com/VK_Intel/status/1291649978574741509
# Reference: https://www.virustotal.com/gui/file/d54b73a94d481ee2917e42ba3d4ea3b70f368bb13cebf5b8824257907ac84ff1/detection

103.103.130.120:8888

# Reference: https://www.virustotal.com/gui/file/504f8f447c30f65aa2b327e856c246269eb7586eead1a158b19dfc71d24989ac/detection

http://122.51.171.161
http://198.71.233.197

# Reference: https://www.virustotal.com/gui/file/9b55ac5adb1d3b28f19a6dd755071a0ee815c5bd633d3c8065d038fd9b5142e0/detection

crackpoint.xyz

# Reference: https://www.virustotal.com/gui/file/11871e6ef76854545dde5d56a380f7de9e65dcd59209026649d1430f8a6444f8/detection

http://113.160.165.75

# Reference: https://twitter.com/_re_fox/status/1292831232368271362
# Reference: https://app.any.run/tasks/a8411930-8d61-4e8a-84ef-945ccbbec943/

022802bcfcb3dbcd1a224f29537f6ac0.host

# Reference: https://twitter.com/James_inthe_box/status/1292824016827199489

sandiegoseaworldtickets.com/baba/

# Reference: https://twitter.com/James_inthe_box/status/1291360398294175744

evolutionpublicidad.com/wp-admin/js/bgn/

# Reference: https://twitter.com/KorbenD_Intel/status/1292902929586728960

http://106.53.29.114

# Reference: https://twitter.com/ANeilan/status/1292939552085233664
# Reference: https://www.virustotal.com/gui/ip-address/217.182.54.208/relations

kalihost.ml
kalihost.tk

# Reference: https://twitter.com/reecdeep/status/1293089692418822145

fswaeste.co.uk

# Reference: https://unit42.paloaltonetworks.com/script-based-malware/

crypterfile.com

# Reference: https://www.virustotal.com/gui/file/1e316de8fb7ffb3f0e77c754207aa3b5ea96e82b631b79bbe3be0ab77c077511/detection

http://167.99.221.195

# Reference: https://twitter.com/jorgemieres/status/1293231216301408258

jmmstore.ae

# Reference: https://www.virustotal.com/gui/file/cc4fc1e56d9fc9c525fd6a1880dc806f26b1c5022f60e30de4e974f06d1e85e9/detection
# Reference: https://www.virustotal.com/gui/file/f3ebeeeba13c82daef9731a5f3e8dbe535e963f83e531918ba1a8904b094d3b8/detection

http://176.121.14.231
176.121.14.231:443

# Reference: https://twitter.com/malwrhunterteam/status/1293916383491710979
# Reference: https://www.virustotal.com/gui/ip-address/80.82.67.190/relations

http://80.82.67.190
80.82.67.190:443
quikview-update.com

# Reference: https://twitter.com/abuse_ch/status/1294160873259438083

http://185.172.110.214

# Reference: https://www.virustotal.com/gui/file/b8243f7f5b2200dd1b76005d430b4bcdfdaffffb2115dba344fceb7f0c8fd4b1/detection

bazhar.site

# Reference: https://twitter.com/reecdeep/status/1294282579718406148
# Reference: https://app.any.run/tasks/940319f1-4184-49f8-aa22-9b761e480458/

http://176.96.238.127
176.96.238.128:443

# Reference: https://twitter.com/theDark3d/status/1294668801804468225

fedexmanager.com

# Reference: https://www.virustotal.com/gui/domain/skyht.cf/relations

skyht.cf

# Reference: https://www.virustotal.com/gui/file/ceb511a06d37b33b7891b152a4386c27f06abdea66a6ed6edbfc6af307e9ef34/detection

update-prog.com

# Reference: https://twitter.com/angel11VR/status/1295662209729781760

privatnidoktoricacak.com/Q9.jpg

# Reference: https://www.virustotal.com/gui/file/209cff063a1c0e90c2ae817a39860cf93c804a1e67ebd000eaa11c5431799be6/detection
# Reference: https://www.virustotal.com/gui/file/7d51151b82ffb39df5a11c7cb49703dce78d499452946464e42327dcc4355f19/detection
# Reference: https://www.virustotal.com/gui/file/0687165c7a9b105319ada7d1ea051a4852a5b2f32c81a322e6af98d0db9d9257/detection

iwithu.ru

# Reference: https://www.virustotal.com/gui/file/c07ee098c29a441865ec85b7fe00855a4ad4fed128511f0ab1fa48ee11d42c83/detection

tokugava.top

# Reference: https://twitter.com/James_inthe_box/status/1295889244662059011

a50625ja.beget.tech

# Reference: https://www.virustotal.com/gui/domain/winnpxx.info/relations

winnpxx.info

# Reference: https://www.virustotal.com/gui/domain/winnpxxx.ru/relations

winnpxxx.ru

# Reference: https://www.virustotal.com/gui/file/897e1dc64f7632acdf64f0efa052b2deffda66e500bdb663087a5a5b44ad7291/detection

a0349318.xsph.ru

# Reference: https://www.virustotal.com/gui/file/cc92c164b525956380a944af0c50d89236b92bdfd50bcf9533a4e31793207132/detection

http://195.123.241.51

# Reference: https://www.virustotal.com/gui/file/ba0e3a2b8390285537e5b47a1d45ad3731347c0f95298797e580b82d1f10f9cc/detection

simplex.team

# Reference: https://twitter.com/ItsReallyNick/status/1098415667756351489
# Reference: https://www.virustotal.com/gui/file/7248db253aaf79a6092ac429596bab9928b1b0383b7a33141ca72817adb8f30b/detection

http://5.206.225.246

# Reference: https://www.virustotal.com/gui/file/238c5ccb8b85f196df27bacd94d7f46609ffe108685dff924cc308f97dde8b78/detection

tsunami.hopto.org

# Reference: https://www.virustotal.com/gui/file/b742903e8923a24f0afe84f82a01b1034185fa8c803750cb6d878e4dcac802ef/detection

project98.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ec631602280b59f5818fccc2e3f3a28fed3f9cb69c28703e0d6f20757e65813/detection
# Reference: https://www.virustotal.com/gui/file/80745b342289d766b3534502bc03da11a2df77faf58a4e1c2e11ae6923f3cdea/detection
# Reference: https://www.virustotal.com/gui/file/f339e7112e5a4484387c4d09d59564d6bf418900da14aaee4025b27139e3c5af/detection

198.54.115.141:443
ethereumcashpr0.com

# Reference: https://www.virustotal.com/gui/domain/securedownload2.duckdns.org/relations

securedownload2.duckdns.org

# Reference: https://twitter.com/InQuest/status/1297920171936567297

http://45.32.112.92

# Reference: https://twitter.com/bryceabdo/status/1297930380549464068

http://62.108.35.95
162.244.80.177:8443

# Reference: https://twitter.com/VirITeXplorer/status/1298199149985312769

http://51.255.155.2

# Reference: https://twitter.com/KorbenD_Intel/status/1298414421455147009

laopermanentmission-jakarta.gov.la/pxy/

# Reference: https://twitter.com/Dr_N0b0dyh/status/1299007006737653762

btcxchange.online

# Reference: https://www.virustotal.com/gui/file/a02d30733cb3a332d01c4bf973cf10fd01215df0e6294b6db62c0766ddc8fd38/detection

gufjan855.p-t.hk

# Reference: https://twitter.com/James_inthe_box/status/1299458240812445696

nakkufoodsafetyconsults.org/bkb/

# Reference: https://www.virustotal.com/gui/file/a089d77a6beadc16977f5683238a7f4d327697ad92a9e4b904ea9472e833f121/detection

hfexpres.net

# Reference: https://twitter.com/James_inthe_box/status/1300406357753917440

cama.it

# Reference: https://twitter.com/p5yb34m/status/1300507364911542272

http://62.108.35.164

# Reference: https://twitter.com/p5yb34m/status/1300547270547369984

http://62.108.35.26

# Reference: https://twitter.com/theDark3d/status/1300665267031355392

sunleafvacations.com

# Reference: https://www.virustotal.com/gui/file/1c3d30d7637b1a6fb648b1cf1de6c7a8375337327cd243f87d525c109554db7d/detection

http://193.56.29.251

# Reference: https://twitter.com/reecdeep/status/1301137977331060736

thezencon.com

# Reference: https://www.virustotal.com/gui/file/d359b6152b5e1077ebcb76adccc7acdb517cc94db18b750a526d27468f8cd9d9/detection

ebayapp.tk

# Reference: https://twitter.com/JAMESWT_MHT/status/1301456108058533888

poliziadistato.club

# Reference: https://www.virustotal.com/gui/file/86b6d966cce450b27df34968190ef979f05da76d7ef5eb9af26ced602dc0ab65/detection
# Reference: https://app.any.run/tasks/e27317be-db62-4822-bbcf-4751bf8cc8a2/

elanstudio.hu
googlchrm.online

# Reference: https://app.any.run/tasks/31076788-db3b-4caa-89de-105c3e389aef/

4de6fdfe.ts.ctmay.club
4de6fdfe.win.ctmay.club

# Reference: https://www.virustotal.com/gui/file/863432a075e8d97467ee4c88f7c66f2c687a5c5a4cbd7602315ca30859f001a0/detection

123pcloud.com

# Reference: https://www.virustotal.com/gui/file/6909b629652ab36b09bfd7e3229a6eafe1591c0d6f18b2004a094216ee97ece4/detection

infikuje.freevnn.com

# Reference: https://twitter.com/jstrosch/status/1301718677419700224

oficina24.online

# Reference: https://www.virustotal.com/gui/file/35e01a26ed27259c14fac961c16ab5457d49f93c5e5fb05e9cdbff6a21242e7d/detection

http://193.38.55.92
deliverynice.club

# Reference: https://www.virustotal.com/gui/domain/fedex-tracking.press/detection

fedex-tracking.press

# Reference: https://www.virustotal.com/gui/file/ec8a885e2a0e087a6b7b244bcf8bf9034ebc8c5ac48cd78981f119040d153b2d/detection

shoolman.ca/config.dll

# Reference: https://twitter.com/InQuest/status/1301899838666289155

bestbuywindow.com

# Reference: https://twitter.com/ViriBack/status/1302412584000401414

http://162.255.117.6

# Reference: https://twitter.com/lawwait/status/1301408767351894016

seguridadactive.eastus.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/domain/n77568zi.beget.tech/relations

n77568zi.beget.tech

# Reference: https://twitter.com/ANeilan/status/1302966150108712961

erktay-71.ga

# Reference: https://twitter.com/theDark3d/status/1303091496816697345

reg4718182-com.preview-domain.com

# Reference: https://www.virustotal.com/gui/file/7663660c3b41d3ec9f8b34ee013a9994851b0bff483ea92a702e08dc9bd86770/detection

nvidia.pcriot.com

# Reference: https://www.virustotal.com/gui/file/d697907fc8f52925819becd089578023988c5dd7c7a92512b83c2467b9693477/detection

ciuj.ir
gooddns.ir

# Reference: https://www.virustotal.com/gui/file/de99657582ac0f366bb07b95055b1afd1f4967bba5c44f08ca6d6620f5744941/detection

cryptotabs.ru

# Reference: https://twitter.com/James_inthe_box/status/1304056838200070150

dinosaurdiscovery.co.nz/css/

# Reference: https://www.virustotal.com/gui/file/094ae61b55cd43858e4e2177a16d7154e4c44728a3904681a03b9f30b446312e/detection

http://31.28.24.137

# Reference: https://twitter.com/InQuest/status/1304170972363325445
# Reference: https://www.virustotal.com/gui/file/0cf7372d368892af52c430238573396bfd3e628bf53079f5463b57673f1c785e/detection

koomj.ru
tugunhey.ru

# Reference: https://www.virustotal.com/gui/file/3e986ef03b637b87981831279985a0d85f171b65adbc86cb292a64ac10e42ac9/detection

babsitef.com

# Reference: https://www.virustotal.com/gui/file/932deabfadc89bf8041ed4badf09785cf71ebc1a9959ae156b8c157dbd4b8d1d/detection

nusumu.ga
nusumu.wtf

# Reference: https://twitter.com/JaromirHorejsi/status/1101065746090807297

colompna-youm.ga

# Reference: https://twitter.com/jorgemieres/status/1304138405719298052

notafade.top

# Reference: https://www.virustotal.com/gui/file/558d74af3a97c63780a28a949407c0d7849a2c5fdb766368f4ed7059e413cd00/detection

sttsts.ru

# Reference: https://twitter.com/ReBensk/status/1305531443922247680

42seminare.de

# Reference: https://twitter.com/jorgemieres/status/1305502984336543744

linkedliqht.com

# Reference: https://www.virustotal.com/gui/ip-address/193.37.212.6/relations

http://193.37.212.6

# Reference: https://www.virustotal.com/gui/domain/fantasticvilla.xyz/relations

fantasticvilla.xyz

# Reference: https://twitter.com/Dashowl/status/1307027849719754752

cdn-41111111217-ms-telemetry.net
cdn-4111111217-ms-telemetry.net

# Reference: https://www.virustotal.com/gui/file/c6e6ca2ddc2c1941bf6285f3ba6aefa2e906ce90b23b02e9d6718b36db8ad243/detection

trustedhealthgroup.com

# Reference: https://twitter.com/_re_fox/status/1306964495101722636
# Reference: https://www.virustotal.com/gui/file/dff9e0c81264c85b435e4e10db0ac6ae03c05e58b4ce852406cef81d964ea605/detection

huimeng.live

# Reference: https://twitter.com/malwrhunterteam/status/1310512869394526208
# Reference: https://twitter.com/malwrhunterteam/status/1310515180539908096
# Reference: https://www.virustotal.com/gui/file/375830ba011b666133bd43d01e337aee492db575623263b6a771e68be8955e67/detection

185.224.168.130:3563
185.224.168.130:80
telegram-vip.com

# Reference: https://twitter.com/jorgemieres/status/1310572969861754881
# Reference: https://www.virustotal.com/gui/file/70a6f31fa41581e00a0f1e7f95377f48e3a859a8b80096b913b9035c8c6a4628/detection

http://60.169.77.137
666.myddns.me

# Reference: https://www.virustotal.com/gui/file/f0da35c0d68e20d63d70d48fdab09702709b2809a3c2b3782143235abe956abe/detection

mamaxa.xyz

# Reference: https://twitter.com/KorbenD_Intel/status/1311054656341266432

kh5vf9vv.com

# Reference: https://twitter.com/James_inthe_box/status/1311297127386021888

officestore.co.id

# Reference: https://www.virustotal.com/gui/file/83ed45abd2fefc68d1f5fbabbdf566a90f66f76108a315964a30030a14c243b6/detection

http://94.156.174.7

# Reference: https://twitter.com/jstrosch/status/1311359445021134848

104.161.77.84:444

# Reference: https://twitter.com/jfslowik/status/1311691210088542208

office-pulgin.com

# Reference: https://twitter.com/IronNetTR/status/1311752801844895746

westrasde.com

# Reference: https://twitter.com/jorgemieres/status/1304130606222188544

http://103.141.138.133

# Reference: https://twitter.com/FewAtoms/status/1312073100473884677

http://103.125.191.229
http://103.140.251.164
http://103.141.138.130
http://103.141.138.131
http://13.211.173.236

# Reference: https://www.virustotal.com/gui/file/0d06226fdab0976e9d78cc8dc20888f098037815feaa355de99d28bbb9a5d9d9/detection

http://108.170.55.202

# Reference: https://www.virustotal.com/gui/file/9ecc42201beb37c82c61e6f7cc41914b8b5eaa0fb19b90f3b3c9dfa9f91406a0/detection

teelam9.com

# Reference: https://www.virustotal.com/gui/file/ab63a3d0b9a8ca47c8012ba18b8e47466547b8755761abf6a78d49e9bd093000/detection

tracebizcomplex.com

# Reference: https://www.virustotal.com/gui/file/bc21b8ead78c175ec04e618cb1266d022686e33a8197ff110b32ef283ef187af/detection

espera-de.com

# Reference: https://www.virustotal.com/gui/file/f7402c16ad79a761c3870e7be5cb9970c7f15d1f135d7c5da1b6188509d5afc7/detection

algreno.com

# Reference: https://www.virustotal.com/gui/file/da1cb6e49f53ec9338d99436ab398decf38d301adae3a5c897dd5dc7179a0aaf/detection

108.170.55.202:55704
108.170.55.202:55889
kpatelbyes.com

# Reference: https://www.virustotal.com/gui/file/aa891ab053d1fa4f3df767cc44e4ca6b783151279d6267dd40c5e8ef4ee3dd0f/detection

powerlogs.top

# Reference: https://www.virustotal.com/gui/file/7a77a40eb9667194f4d936933970ca798c191636fb57e988afb3cfeb768b2e19/detection

uwadiuto.com

# Reference: https://www.virustotal.com/gui/file/4bea14f68342a4007d1d1ddc28bb110f7ac2788619eca97742c2ef35b7c9bb08/detection

nws-cn.in

# Reference: https://www.virustotal.com/gui/file/ba08544bdd05340e7579d144a51cd39cea176fefc83a1110f7664becb69ec43f/detection

nwheilcopter.com

# Reference: https://twitter.com/IronNetTR/status/1312119323389960193

gov-live-cases-update.xyz

# Reference: https://www.virustotal.com/gui/file/9c79b09774aba468bd3cd6a73830bfec78011d68565f57bbd73a798dfc26e22d/detection

podsden.com
victoryrespect.com

# Reference: https://www.virustotal.com/gui/file/b7e3c86a346b49b2eadc4bceb1348270e690568a113a0ecc461c99f58ed61a56/detection

only-humans.xyz

# Reference: https://www.virustotal.com/gui/file/eebf62940926ad91f7bbf4e127b8e1d75f404536ef25e8ef12f84ace96b6526d/detection

qualitycontrols.mx

# Reference: https://www.virustotal.com/gui/file/f9a2ff01e3964dd922d47caed20ac0bfa39f5d1f96fd8f3003f68236acd738d9/detection

avpabcefjil.com
krasnojarski.com

# Reference: https://www.virustotal.com/gui/file/f76fca83e19560fbacc25d9e7475c9aec15cc4490bcda636cd0c514b59ea1c1c/detection

81.38.132.197:3502
83.39.116.30:3502
83.47.188.96:3502
543874163.ddns.net

# Reference: https://twitter.com/win32kid/status/1312550937047625729
# Reference: https://app.any.run/tasks/2ec6942e-b688-4590-a9bc-34942d13ff57/
# Reference: https://www.virustotal.com/gui/file/b3455d9d3bf50da0762a0d2aa57f4041af76b86024376af1a07b774bb7166ffc/detection

httpz.tech
lyric-library.000webhostapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1313023627177193472

http://45.79.237.92

# Reference: https://www.virustotal.com/gui/file/62cbbf68eb9555bca069893a3daa6621aaf7b43604fd511cc11c5fe038ed9845/detection
# Reference: https://www.virustotal.com/gui/ip-address/101.99.90.39/detection

donsinout.info
invcloud.info

# Reference: https://twitter.com/James_inthe_box/status/1313173649642332162

nitrixserver.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1313448219964252163
# Reference: https://www.virustotal.com/gui/file/fd68aa2465ae2f9753474773b36d50804cffdf541c851d4ef42b2ae77f701b9a/detection
# Reference: https://www.virustotal.com/gui/file/dd2b8ca97ba5a68e3ea5819e9292a5ff8d43a2a33056eb1f755f5c2c5a63947f/detection
# Reference: https://www.virustotal.com/gui/file/d104b823ce5e390c264f36b9727b58d0a4602dc6ddae305d01dbff24de5560ec/detection
# Reference: https://www.virustotal.com/gui/file/7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f/detection

amvotech.com/wp-admin/images/wpcloud.php

# Reference: https://twitter.com/FewAtoms/status/1313513688972828674

altcbs.com

# Reference: https://twitter.com/malwrhunterteam/status/1314121888772259845
# Reference: https://www.virustotal.com/gui/file/e8002fbc4bd5e57fd317fb99e3bb2bc8965e94761e37757aed51f3f21486c0ad/detection

verifiedad.website

# Reference: https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns
# Reference: https://otx.alienvault.com/pulse/5f7df280cd3c95f0aad5a1fb

http://198.12.66.108
italake.com/assets/css/0022.exe

# Reference: https://twitter.com/KorbenD_Intel/status/1314251628959076353

sorwatheltd.rw

# Reference: https://www.virustotal.com/gui/ip-address/162.0.235.138/relations

punneli.com

# Reference: https://twitter.com/James_inthe_box/status/1314677701538508800
# Reference: https://www.virustotal.com/gui/domain/helmut01.tech017.net.in/relations

helmut01.tech017.net.in

# Reference: https://www.virustotal.com/gui/file/51054b5f32ba02c12a8e141f5b522d1457785f9f17d04ba25aeb6f0627525545/detection

http://193.53.126.217

# Reference: https://www.virustotal.com/gui/file/3fa9dfafba34b885683809041fd908bc7495e09a2b5cd8d1c2059b1204709d00/detection

http://91.198.220.225

# Reference: https://twitter.com/_re_fox/status/1314972578231070720

http://103.133.139.17

# Reference: https://www.virustotal.com/gui/file/d4f2e466297be77e0f8efee83099f3e782877a1cba72c292cfd93d07f760dd5a/detection

asc6.kozow.com
clockdoplannow.hopto.org
egreetcards942.servehttp.com

# Reference: https://www.virustotal.com/gui/domain/conf1g.com/detection

conf1g.com

# Reference: https://twitter.com/k3yp0d/status/1315599772502364161
# Reference: https://www.virustotal.com/gui/file/8e0f6621c094066b2a0e5cf36c156a26366e72cfae3eb8b145d691b6f225e1b5/detection
# Reference: https://www.virustotal.com/gui/file/fa115fb6499783cabc60f6b0b893a5b622ba45e6f85fa02de5e6af1a547dbb4b/detection
# Reference: https://app.any.run/tasks/5843b866-5082-4d2b-aec0-2803017d727d/

ceeskophishingcampaignAPT1337.com

# Reference: https://www.virustotal.com/gui/file/9ea05b312e68099c4adf672f151b4c7a1a97017ddb5762b165c873dd2789a099/detection

69.170.237.82:20
jejakdesa.com

# Reference: https://twitter.com/neonprimetime/status/1315767665244483586
# Reference: https://app.any.run/tasks/68a58306-6eec-4773-9bfc-cde1407a5d43/
# Reference: https://www.virustotal.com/gui/file/45b6fb787435620e362685fbc8d323b07810b6fc8188e8fe22b8d0427b56332e/detection

http://64.188.21.219

# Reference: https://www.virustotal.com/gui/file/838a8c1b12270b248fd13d1f110998a79ee9442d19fb3f3562dfe734d7033367/detection

millsmiltinon.com

# Reference: https://twitter.com/KorbenD_Intel/status/1315764616044048386

groups.us.to

# Reference: https://www.virustotal.com/gui/domain/org-help.com/detection

org-help.com

# Reference: https://www.virustotal.com/gui/domain/gd-sirve.com/detection
# Reference: https://www.virustotal.com/gui/file/572a24faa8570e3669a2b67aa7600865e9b5538ce8294c6e9557fee659592e9b/detection

gd-sirve.com

# Reference: https://twitter.com/jstrosch/status/1315993559359684608

elit.com.mx/xls/

# Reference: https://www.virustotal.com/gui/file/57f0fc9a3aee0bc95dd54a22ce66bdf850b3ba28498e57cfe5f28a95bae3faaf/detection

http://31.42.186.166

# Reference: https://www.virustotal.com/gui/file/e23cdad77fa6de90822e92ae19f17abc833bb38685b415f5813d280fa1a6a590/detection

http://107.173.219.56

# Reference: https://www.virustotal.com/gui/file/8813f733b2fdebca664bd770f002cee35a1c8670a7af78c24bd764185fcf81b7/detection

http://94.156.189.248

# Reference: https://app.any.run/tasks/7e41dd5c-ac10-4032-81f5-034c985f26d6/

http://101.99.91.165

# Reference: https://www.virustotal.com/gui/file/b451b884612f400dca31813c295539306ae32b86b558e64e39b07f881bfbe3a4/detection

http://178.62.19.66

# Reference: https://twitter.com/FewAtoms/status/1316438791280832513

mscni.org

# Reference: https://www.virustotal.com/gui/file/231e243eb10755413f784acf5cfd793bdd4e88f0898a342c0c6c30a527548d8d/detection

http://5.39.221.49

# Reference: https://www.virustotal.com/gui/file/8258ff36cc4bf39ce407adee123e866c8880ee0153cb3497a493c769aac19757/detection

http://185.212.131.241

# Reference: https://www.virustotal.com/gui/file/2eb1dea1a8d085d871ae834fee4864079371c3c7c199336319ed8cf291e2623e/detection

http://109.230.217.13
http://109.230.246.66

# Reference: https://www.virustotal.com/gui/file/6705824b8c2fc43fd8e6c8999b638c39ea11a79e8614e75b8b1f9451a93e005b/detection

littlegreenhands.org

# Reference: https://twitter.com/Marco_Ramilli/status/1317074873064239108
# Reference: https://twitter.com/James_inthe_box/status/1317088059641319424

alternasaludspa.com/1/
melonco.com/1/

# Reference: https://www.virustotal.com/gui/file/c0a7dfca7eda9d3f170e318428984c17b9737d4e53c291a227f97863ea30827e/detection

salesgroup.top

# Reference: https://www.virustotal.com/gui/file/34d1451c8ac71d3eb9582092492d4b50a4202b962d8a7cff5cce9c93823aec5d/detection

http://217.8.117.77

# Reference: https://twitter.com/malwrhunterteam/status/1317504898309697541

cmtdevwp.com

# Reference: https://www.virustotal.com/gui/file/1964db2e767cbecc8aedad70f84974da81e88c9ce47210abd6c115cfbaa80222/detection

vds2018.space

# Reference: https://www.virustotal.com/gui/domain/zi-chem.co/relations

zi-chem.co

# Reference: https://twitter.com/James_inthe_box/status/1318923060762701824

escas-lk.com

# Reference: https://twitter.com/malwrhunterteam/status/1318900812094066693

http://5.34.178.103

# Reference: https://www.virustotal.com/gui/file/f50b95b06989cbfd7009c6e5638f9636d9b19218952e14b874488f036338fe33/detection

yassinebolard.tk

# Reference: https://twitter.com/malwrhunterteam/status/1319218507154939905
# Reference: https://www.virustotal.com/gui/file/67418cd16e3b672ab0759bb72c2e056da27c433b16dc1a29c13b55f68204e1c6/detection

com-net.site
modal-agency.info

# Reference: https://twitter.com/malwrhunterteam/status/1319351207350181888

file-downloads.club

# Reference: https://twitter.com/malwrhunterteam/status/1319640676850671616

fjetsam.com

# Reference: https://www.virustotal.com/gui/file/cf1927ab098bdaace7eabc39ae410f39e47433a993ef602eb59dee5923bef042/detection
# Reference: https://www.virustotal.com/gui/file/e7baae3067f928b48fbfc5ff6101d8ae15e17021b03d2c45a0cc147a181ef79b/detection

09.justcounter.com
bighyip-monitor.com
brazauskas.info

# Reference: https://ideone.com/CYMY4

http://115.68.2.15
http://116.127.121.27
http://117.21.224.2
07tqqwem.ru
0uon.com
0up.ir
0uw.ru
1140.co.kr
1.153.cc
1-box.ru
1.cramssdeleviesor.co.cc
1.duote.net
12.duote.org

# Reference: https://twitter.com/ninoseki/status/1320190516466569217/photo/2

ssddtg.icu
toterh.pw

# Reference: https://twitter.com/FewAtoms/status/1320356668367114241

http://145.239.35.192

# Reference: https://www.virustotal.com/gui/file/5a7c4c3e157d060b2fde02428557b1ba0c3d7c96181ead704ccc7a19bfc51582/detection

updateadober.viewdns.net

# Reference: https://www.virustotal.com/gui/file/58089bdd548b2f5075e5baab7dc7045d62561d811d9cb2f27e0c4defcb34e1ed/detection

http://66.70.188.115

# Reference: https://twitter.com/FewAtoms/status/1320791439610122245

redesuperpops.com.br/kalidoc/
redesuperpops.com.br/spike/
redesuperpops.com.br/trends/

# Reference: https://twitter.com/InQuest/status/1321043053218566146

http://216.170.114.73

# Reference: https://twitter.com/InQuest/status/1321062576063762433

http://192.3.152.134

# Reference: https://twitter.com/InQuest/status/1321114421347913729

http://23.249.162.110

# Reference: https://twitter.com/InQuest/status/1321414392630620160

http://107.173.219.115

# Reference: https://twitter.com/InQuest/status/1321354871749156866
# Reference: https://www.virustotal.com/gui/domain/duracom.ga/relations

duracom.ga

# Reference: https://www.virustotal.com/gui/domain/dimaopdb.beget.tech/relations

dimaopdb.beget.tech

# Reference: https://twitter.com/FewAtoms/status/1321171900438032385

http://45.141.84.184

# Reference: https://twitter.com/FewAtoms/status/1321180474283380741

http://209.141.35.239

# Reference: https://twitter.com/malware_traffic/status/1321182175916679168

http://69.30.232.138

# Reference: https://twitter.com/InQuest/status/1321447024227737601

http://216.170.114.73

# Reference: https://twitter.com/InQuest/status/1321443374273056769

http://216.170.126.109

# Reference: https://twitter.com/InQuest/status/1321529831318761473

http://75.127.1.211

# Reference: https://twitter.com/InQuest/status/1321574093204979714

http://78.128.92.94

# Reference: https://twitter.com/InQuest/status/1321735654318002183

http://192.3.141.134

# Reference: https://twitter.com/InQuest/status/1321887102716596231

http://103.125.191.123

# Reference: https://twitter.com/InQuest/status/1321947723977936897

http://75.127.1.211

# Reference: https://twitter.com/InQuest/status/1333423214807146502

http://104.37.172.209

# Reference: https://twitter.com/InQuest/status/1326887249024331776

http://198.23.213.25

# Reference: https://twitter.com/InQuest/status/1328147418941157379

http://198.12.84.47

# Reference: https://twitter.com/InQuest/status/1333763922747416585

http://216.170.114.70

# Reference: https://twitter.com/InQuest/status/1333075764414177286

http://216.170.126.121

# Reference: https://twitter.com/InQuest/status/1333517270270812161

http://149.3.170.144

# Reference: https://twitter.com/InQuest/status/1330593315855740934

fancy-yoron-0802.boyfriend.jp

# Reference: https://twitter.com/sarebour/status/1315625320976994304
# Reference: https://www.virustotal.com/gui/domain/bunkhouseventure.com/relations

bunkhouseventure.com

# Reference: https://www.virustotal.com/gui/ip-address/72.21.81.240/relations

72.21.81.240:80

# Reference: https://twitter.com/smica83/status/1321716870584672261

http://46.183.222.25

# Reference: https://twitter.com/_re_fox/status/1321922917496737795

judax.live

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Chepvil-A/detailed-analysis.aspx

http://109.94.220.52

# Reference: https://www.virustotal.com/gui/ip-address/23.223.200.195/relations

23.223.200.195:80

# Reference: https://www.virustotal.com/gui/file/d0d031cd3950c39950b082192a532c1ed2415ba01f33495113e611c08c8e9305/detection

kozbot.xyz

# Reference: https://blog.sucuri.net/2020/11/css-js-steganography-in-fake-flash-player-update-malware.html

lopiax.us

# Reference: https://www.virustotal.com/gui/file/91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f/detection

http://91.92.128.201
ptc-latam.com

# Reference: https://www.virustotal.com/gui/file/81940f757b93af4af9c146ed068abe089baaff3181863ba9e6ddae54ec5cb5d9/detection

http://185.172.110.201

# Reference: https://www.virustotal.com/gui/domain/microsoft-shop.com/relations

microsoft-shop.com

# Reference: https://twitter.com/malwrhunterteam/status/1323947874602897408
# Reference: https://www.virustotal.com/gui/file/2d649a5a2ac07b53053c66c8007b939818629b757ff25a5d2bfa0b0f0c063857/detection

flash-plays.com

# Reference: https://www.virustotal.com/gui/domain/flsah.com.cm/detection

flsah.com.cm

# Reference: https://twitter.com/KorbenD_Intel/status/1323654449252872192

tethercloud.net

# Reference: https://twitter.com/MBThreatIntel/status/1323671059090993153

http://103.153.79.195

# Reference: https://www.virustotal.com/gui/file/3c18438a9fc9aec1ce0e6d2be9f6f676424b4f8ffd844ac2d1a90b32a5bf0098/detection

chrandinc.com

# Reference: https://www.virustotal.com/gui/file/cca24cf66321e5b2f63bb52b5183e9cc437bf1b59d5f34043307dbd3ab02ae62/detection

americanspecialtyinsurancegroup.com

# Reference: https://www.virustotal.com/gui/domain/micorsoft.cc/relations

micorsoft.cc

# Reference: https://www.virustotal.com/gui/file/9693bcea91bc27b23f55193e3836711b53f0436ff7b6de48a50825d817e75f29/detection

ultimatenutritiononline.com/good/

# Reference: https://twitter.com/KorbenD_Intel/status/1324491660848365568

http://34.91.240.51

# Reference: https://www.virustotal.com/gui/file/b5d95d5b099d97bb34b67c04edd6e58626d49eb0c234b71c58f06d6169741f39/detection

offices-cloud.com

# Reference: https://www.virustotal.com/gui/domain/microsoftupa.com/relations

microsoftupa.com

# Reference: https://twitter.com/InQuest/status/1324795639885111302
# Reference: https://labs.inquest.net/dfi/sha256/abac16a4ab770d5802686e27c3e13c62f26c1ddea5e8339f1f4e1b4d5d6600f7

kaf-public.s3-eu-west-1.amazonaws.com

# Reference: https://twitter.com/ffforward/status/1324779832333488128

swalgrave.com

# Reference: https://www.virustotal.com/gui/file/ca20e6d6fc14a5a1b07747c95d04fa6fa593fbeda1be5b0eb84495d60fc59e01/detection

cp87128.tmweb.ru

# Reference: https://www.virustotal.com/gui/domain/soloforminlink.org/detection

soloforminlink.org

# Reference: https://twitter.com/bad_packets/status/1325141763514798080
# Reference: https://www.virustotal.com/gui/file/69b7dfad97f3d224b75c511ea64f87cf635139b7db818d7a92ce2015a95b8519/detection

217.8.117.137:80

# Reference: https://www.virustotal.com/gui/file/2b50151658c526e8d5dd1eb2ccc989ead663b4c07792c903f0259a1cc9255959/detection

472924.selcdn.ru

# Reference: https://www.virustotal.com/gui/file/533de57e0c74febc1a0ea781136511f2b4c03d6bf689919c97da0e03704fc2e9/detection

mir.7jp.cn

# Reference: https://www.virustotal.com/gui/file/eb9b9b5796b62c2b3006a221536629ab3cfc525c0261e7555ad5a686c47024e7/detection

stresser.services

# Reference: https://twitter.com/_re_fox/status/1325809653100539904

http://45.77.191.82

# Reference: https://twitter.com/James_inthe_box/status/1325809800068804609

zepham.com/file/

# Reference: https://www.virustotal.com/gui/file/f0135e7183050d119c2fdc82d6b3fe712a169ba0b74b6d689064e480214a33f3/detection

specialtyaltruistic.com

# Reference: https://www.virustotal.com/gui/file/6499b3ecff1d79dbab7cccc698a1062f0f297031d02996a5f1bebf992653a18d/detection
# Reference: https://app.any.run/tasks/c7095708-8135-48a1-8260-39f2de2401fc/

http://151.80.220.125

# Reference: https://app.any.run/tasks/77f8bb6c-f055-4405-9438-c608ba947ebb/

tennysondonehue.com

# Reference: https://twitter.com/FewAtoms/status/1326222282075811840

hechiceriadeamoryprosperidadisrael.com/imagenes/amarres/

# Reference: https://twitter.com/InQuest/status/1326258921833684992

msdn-updates.azureedge.net

# Reference: https://www.virustotal.com/gui/file/aee8a95953aeef3346036ad7c6ef4ed810d7d7b3300c00de31c4d032313519b4/detection
# Reference: https://www.virustotal.com/gui/file/71c9ae337a763e6df591080e34b439b7c927b3ef49315e10a04a91c30b5d98e4/detection

ffdownload.online
fffdownload.xyz
freeprivacytools.ru
privacytoolsfree.site
stat-srv.network
truckscales.com

# Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection

diqp.top
wihumanld.com

# Reference: https://www.virustotal.com/gui/file/eead77418d69043a8a2aff74fff2292890bca6d6cd26140800f1041f87867452/detection

cjrmps.com
fddnice.pw
zxfc.pw

# Reference: https://urlhaus.abuse.ch/host/cape-eye.co.za/

cape-eye.co.za

# Reference: https://twitter.com/wwp96/status/1335680464993079297
# Reference: https://app.any.run/tasks/e72c08a0-1cb1-4691-b30c-5e94ee3d3802/
# Reference: https://www.virustotal.com/gui/file/d5ace9c31d5e44b58f4c73f014caec047fac79f4d5a44a9c3e20153c5e8045be/detection

acetaldehydetoxicity.com/wordpress/chromium.exe
web24host.com/a/a/www//1.jpg
web24host.com/a/a/www//2.jpg
web24host.com/a/a/www//3.jpg
web24host.com/a/a/www//4.jpg
web24host.com/a/a/www//5.jpg
web24host.com/a/a/www//6.jpg
web24host.com/a/a/www//7.jpg
web24host.com/a/a/www//main.php

# Reference: https://www.virustotal.com/gui/file/33a7196538a17da13cc67b31162c14d0f3f473816b98f75f01709eda2b1464a7/detection

playwithme.emailonlinemoney.com

# Reference: https://www.virustotal.com/gui/file/d0056dc81acbc4ea4fa63420e780f58beba75a1d5ad1111e3194689f9d241120/detection

e8.ssigu.ru
tb6fo.jumevty.ru

# Reference: https://www.virustotal.com/gui/file/d0ef59cdc766a5abb2c652273bcd713aaf660c6631154f78c1fc028934ebd083/detection

2menu.mx/a1/

# Reference: https://www.virustotal.com/gui/domain/rsl-t-mobile.com/detection

rsl-t-mobile.com

# Reference: https://twitter.com/malwrhunterteam/status/1326798766293331970

http://45.141.84.182

# Reference: https://www.virustotal.com/gui/domain/sparepartiran.com/relations

sparepartiran.com/js/

# Reference: https://www.virustotal.com/gui/ip-address/111.90.149.233/relations

http://111.90.149.233

# Reference: https://www.virustotal.com/gui/ip-address/216.244.73.139/relations

http://216.244.73.139

# Reference: https://www.virustotal.com/gui/file/f768df4d6a625f578a6ebb65f34ee6cb1279e28111f4dc5ba525827e8d9851cc/detection

http://192.3.31.220

# Reference: https://urlhaus.abuse.ch/browse/tag/AveMariaRAT/

http://5.196.207.55

# Reference: https://twitter.com/FewAtoms/status/1326935534971785216

indiaohc.com/file/

# Reference: https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/
# Reference: https://otx.alienvault.com/pulse/5fad78631749dbff71a31f55
# Reference: https://www.virustotal.com/gui/ip-address/178.128.242.134/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.92.222.223/relations
# Reference: https://www.virustotal.com/gui/file/58bb90f11070a114442c4fa1cbbccefadcdf954510ae2b8d91c9b22b1a8a42d5/detection

http://95.142.39.135

# Reference: https://twitter.com/jstrosch/status/1326934666209873920

elvbs.store

# Reference: https://twitter.com/JAMESWT_MHT/status/1327198617560559618

http://45.138.72.84

# Reference: https://www.virustotal.com/gui/domain/cinemoolper.club/detection

cinemoolper.club

# Reference: https://twitter.com/FewAtoms/status/1327638169500741637

tastelaspices.com/ccss/

# Reference: https://www.virustotal.com/gui/domain/globalvehicleimports.com/relations

globalvehicleimports.com

# Reference: https://twitter.com/wwp96/status/1327892015468732416

dannexgh.com

# Reference: https://www.virustotal.com/gui/file/b072c748e685183ae8265058fde6a93675029cc776130ce6eac047f13850de53/detection
# Reference: https://www.virustotal.com/gui/file/d2f165674c38a737e83d2adeb8db6f200fba190afee7b8db49e37c39b3aa80d6/detection

markalsf.ru
markalsk.ru

# Reference: https://www.virustotal.com/gui/file/b4ebbd4b3e5cb4427726ea3988d317ed086cd0a9a7e3febb24954047c31909fc/detection

qwertzx.ru
qwerkkc.ru
qd34gf23.ru
qd34g34ewdfsf23.ru

# Reference: https://www.virustotal.com/gui/file/b11768cc2dee45a7d27a461de847066a3eea60892cbd53c1bff2e419ef17a347/detection

marcapinyo.ru

# Reference: https://twitter.com/wwp96/status/1327906357484392450
# Reference: https://www.virustotal.com/gui/file/d49fb51090347e5f2138a026b9a995e4d40ffee20ad0773c225c1b0e2043d104/detection

http://45.153.243.122
pool090.telepuzz.net
bestzip.space
ismypanel.host
nvidsame.com
suomenen.com

# Reference: https://twitter.com/wwp96/status/1327924803681079297

alc-ao.com

# Reference: https://twitter.com/wwp96/status/1327921450280488960
# Reference: https://app.any.run/tasks/f31e4792-5a26-47db-a6d0-03c3c8b16cd9/

frgtmexiredirieofjhwdssda.australiaeast.cloudapp.azure.com

# Reference: https://app.any.run/tasks/4240f9e5-1c31-4958-9f74-fc5256e669be/

n9vm.gotdns.ch

# Reference: https://twitter.com/wwp96/status/1328087453392130052

http://45.129.2.137

# Reference: https://twitter.com/wwp96/status/1328090086693629955

liokhgtas.shop

# Reference: https://www.virustotal.com/gui/file/776fd5585c4cae16f60f83e92b0c5b84c3796c3e269975794cb3258b1580163f/detection

kakaxa.xyz

# Reference: https://twitter.com/jstrosch/status/1328176684638539779

http://198.23.212.166

# Reference: https://twitter.com/wwp96/status/1328308638470066177

sparepartiran.com/js/

# Reference: https://twitter.com/wwp96/status/1328321984397185028

http://35.180.137.10
bals.gq

# Reference: https://twitter.com/malwrhunterteam/status/1328322570928746496

http://172.104.63.157

# Reference: https://twitter.com/wwp96/status/1328325861456699394

http://185.239.242.76

# Reference: https://twitter.com/wwp96/status/1328339029021118465
# Reference: https://app.any.run/tasks/27a07edd-459f-47d7-895b-30be0fa69ccb/
# Reference: https://app.any.run/tasks/ecc90db0-667c-4848-a3a7-42763f7de0bd/

setupdnsbase.cc

# Reference: https://twitter.com/_re_fox/status/1328363231870660608
# Reference: https://app.any.run/tasks/dec8ba07-aa92-4525-95cd-d4d62cc164e5/
# Reference: https://www.virustotal.com/gui/file/d5b652683b2859e650181b0c488c2cd84565ff01fd09dc811fc0b0166e32882a/detection
# Reference: https://www.virustotal.com/gui/file/002d97585e2ea7b8c76a60bc576edc0d418b4b0847a011ff2c75615ab359eec6/detection

logins.online
updateld.xyz

# Reference: https://twitter.com/wwp96/status/1328368970932645896

http://88.218.16.144

# Reference: https://twitter.com/jorgemieres/status/1328395087383064576

stoplyingme.com

# Reference: https://twitter.com/Unit42_Intel/status/1328425382140387328
# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-11-16-Cobalt-Strike-IOCs.txt

99promo.com

# Reference: https://www.virustotal.com/gui/file/761ebbde90121cde57d219520adb891f0156862e4105e1fa2c81b6896ee80267/detection

mofsetbay.ga

# Reference: https://twitter.com/InQuest/status/1328606836677808128

sitesimobisis.com.br

# Reference: https://www.virustotal.com/gui/domain/dnsfordomains.ru/detection

dnsfordomains.ru

# Reference: https://twitter.com/InQuest/status/1328767271632822274

piratesmoker.com

# Reference: https://twitter.com/wwp96/status/1328857237452972032

http://185.239.242.117

# Reference: https://app.any.run/tasks/80903179-908a-4199-bc89-d3f1390a0bd3/

http://151.80.8.30

# Reference: https://www.virustotal.com/gui/ip-address/70.37.102.40/relations

http://70.37.102.40

# Reference: https://twitter.com/jstrosch/status/1329484445750013952
# Reference: https://www.virustotal.com/gui/domain/dllth.com/relations

dllth.com

# Reference: https://www.virustotal.com/gui/domain/mangero.ga/relations
# Reference: https://www.virustotal.com/gui/file/8b1fa0eb55cc733422402c4f0c8553b35d12c6223994014c7d1526b3f42d9dbd/detection

mangero.ga

# Reference: https://www.virustotal.com/gui/file/82b2e983181018e2f465f94ccc98f5eba6b1bcc05e995acd73581e0752901816/detection

monetization.business

# Reference: https://www.virustotal.com/gui/file/a3b724cb276a5554831a05c1a6bfe6117dcfc64f2156222a432a73a4433b4758/detection

u4p9wo4kgybo.top

# Reference: https://twitter.com/petrovic082/status/1331555043024236544
# Reference: https://twitter.com/petrovic082/status/1331555667891679235

neverstdywalkachinese2loneinlifekstfnp.ydns.eu
plugstdytransportationalexpertsystpqb.ydns.eu

# Reference: https://twitter.com/malwrhunterteam/status/1329854744429531143

http://52.30.22.138

# Reference: https://twitter.com/wwp96/status/1329958820865576967

http://198.23.212.152

# Reference: https://twitter.com/wwp96/status/1329982578846294022

http://192.236.178.121

# Reference: https://www.virustotal.com/gui/file/9bfa6dab8f626aae79e70d378eb393c96f3e247c7c4f6919b59167390cb8527c/detection

http://188.165.56.102

# Reference: https://twitter.com/wwp96/status/1330326379041320960

http://194.147.115.117

# Reference: https://twitter.com/bad_packets/status/1330346587126632451

http://134.209.114.117
http://134.209.119.215
http://134.209.208.60

# Reference: https://twitter.com/ebotpoloskun/status/1279805930163576832

opera.tools

# Reference: https://twitter.com/fr0s7_/status/1330828461196382215

45.138.172.81:443

# Reference: https://twitter.com/ffforward/status/1330909939607416840

wheresharrison.com

# Reference: https://twitter.com/InQuest/status/1330810385834909701

d3727mhevtk2n4.cloudfront.net

# Reference: https://twitter.com/Circuitous__/status/1330897299011203072

pars-science.ir

# Reference: https://twitter.com/neonprimetime/status/1330905903562940427

madarjaaatresearchers.blogspot.com

# Reference: https://www.virustotal.com/gui/domain/vicend.com/relations

vicend.com

# Reference: https://twitter.com/Racco42/status/1331002300295471111

productmusics.com/ru53332
thebabsite.com

# Reference: https://www.virustotal.com/gui/file/47560bd7409f20782c6948159602e6427cb1a67e93a7f30ca040cce0445325ca/detection

arvidarena.com

# Reference: https://twitter.com/James_inthe_box/status/1331333447684485120

creditcollectionglobal.co

# Reference: https://www.virustotal.com/gui/ip-address/192.3.141.160/relations

http://192.3.141.160

# Reference: https://twitter.com/MBThreatIntel/status/1331324319482318850

http://104.236.3.116

# Reference: https://twitter.com/malware_traffic/status/1331634103591063552

wheredidmarkmakehismoney.com

# Reference: https://twitter.com/malwrhunterteam/status/1331681023730528256

http://195.3.146.180

# Reference: https://www.virustotal.com/gui/file/a037c15659d91a7555fbd0ec17978c26f7974ea66909c8732629c4a1ec961f14/detection
# Reference: https://twitter.com/0xrb/status/1333957965443842049

205.185.116.78:21
http://205.185.116.78

# Reference: https://www.virustotal.com/gui/domain/servjces.com/relations

servjces.com

# Reference: https://twitter.com/_re_fox/status/1332003798156455936
# Reference: https://www.virustotal.com/gui/file/5190a88dbb595012f2266d9d9a9988bd3d6223cb2283c0807eb13c1e8188bb97/detection

hotfixssearch.com

# Reference: https://www.virustotal.com/gui/file/b858e24eac464afd49d6bf782557f946b03e5e97431a1987b09b0203b5636c97/detection

productsdetails.online
prozipper.s3.eu-central-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/8cad0b2ebf1e7cb466414a1110a01cb41292dbbe51cd9eeac8a54934bafef850/detection

pool090.telepuzz.net
salebooks.xyz

# Reference: https://twitter.com/FewAtoms/status/1332710068421324802
# Reference: https://www.virustotal.com/gui/domain/lgcreditdemo.qnotice.com/detection

lgcreditdemo.qnotice.com

# Reference: https://www.virustotal.com/gui/file/4b2870072af939ead1f2d9288b2375d7b4b162added4598336129661a5840494/detection
# Reference: https://hybrid-analysis.com/sample/af52141206b33929b062784f02d56dd188d5d975f49ea17a5cc81824cdfda845

ahlehup.club
chanchandomain.club
office2010.000webhostapp.com
windowservices9999.000webhostapp.com

# Reference: https://twitter.com/jorgemieres/status/1333417189005799424

bananafish.hopto.org

# Reference: https://twitter.com/jorgemieres/status/1333450508066021381

aogmphregion.org.za

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/

http://46.166.129.235
cq08462.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection

semantrus.pw

# Reference: https://twitter.com/malwrhunterteam/status/1333499691674329093

holisticgroup.com.pk

# Reference: https://twitter.com/p5yb34m/status/1333553861617885184

starlitebaby.com

# Reference: https://twitter.com/petrovic082/status/1333753970523779073

hml02.tompingescha.info

# Reference: https://twitter.com/InQuest/status/1333774375452020739

http://149.3.170.235

# Reference: https://www.virustotal.com/gui/ip-address/198.23.212.224/relations

http://198.23.212.224

# Reference: https://www.virustotal.com/gui/file/293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8/detection

canadiantourismroundtable.com

# Reference: https://www.virustotal.com/gui/file/d4b942eb004074adceefa560c30e0a239f5884016ea4fcb981b673099faae31f/detection

wesleydonehue.org

# Reference: https://www.virustotal.com/gui/domain/sertificatkey.com/detection

sertificatkey.com

# Reference: https://www.virustotal.com/gui/domain/update--microsoft.com/detection

update--microsoft.com

# Reference: https://www.virustotal.com/gui/file/87bd17f1e3fd93a6a38896c2a3442b51ccb26715ed411484d77d082cffb1af6e/detection

41ku.cn

# Reference: https://www.virustotal.com/gui/domain/dsa5as.xyz/relations

dsa5as.xyz

# Reference: https://www.virustotal.com/gui/domain/2012yearleft.com/detection

2012yearleft.com

# Reference: https://www.virustotal.com/gui/file/16ce4c75d5a67446000f5859610153e68d0fb2ac248370ee858c693147121ddd/detection

/xccddhttps

# Reference: https://otx.alienvault.com/pulse/5fcb77747ed85445c567eef4

0x21.in

# Reference: https://twitter.com/FewAtoms/status/1335205379416920066

alimar.com.ar/wp-admin/css/files/
alimar.com.ar/wp-admin/js/cat/
alimar.com.ar/wp-admin/js/dev/

# Reference: https://twitter.com/wwp96/status/1335670395157032963
# Reference: https://app.any.run/tasks/5c601d8b-4496-4086-bdcc-f395cc23ada5/

http://142.202.205.28
portuproject.com/distribution/

# Reference: https://twitter.com/wwp96/status/1335674912539897858

http://3.1.221.201

# Reference: https://twitter.com/wwp96/status/1335676464247738375

http://185.172.110.230
http://193.239.147.76

# Reference: https://twitter.com/wwp96/status/1335689190705664001

up.av86.ru

# Reference: https://twitter.com/wwp96/status/1335692396730986500
# Reference: https://app.any.run/tasks/24327b69-4727-4093-8418-3cc8a8080df4/

ddy7itsuemb9i.cloudfront.net

# Reference: https://twitter.com/h2jazi/status/1335723656236904448

http://193.239.147.76
religonclothes.com

# Reference: https://twitter.com/ffforward/status/1335965749681250314

myrilullimolullilomotmoti.blogspot.com

# Reference: https://twitter.com/InQuest/status/1335991456427880450

defencedrod.in

# Reference: https://twitter.com/wwp96/status/1336040234572713984

kalamiksndyonlinedeliverystoreservsnfqm.ydns.eu

# Reference: https://twitter.com/wwp96/status/1336042331385032704

shgshgsndynationalobjindustrialatsngpx.ydns.eu

# Reference: https://twitter.com/wwp96/status/1336046329387212805

tuandat-vn.com

# Reference: https://twitter.com/wwp96/status/1336043695553048578

http://75.127.1.225

# Reference: https://www.virustotal.com/gui/ip-address/107.155.162.25/relations

http://107.155.162.25

# Reference: https://twitter.com/wwp96/status/1336340777681756160

tradestarintl.com

# Reference: https://twitter.com/wwp96/status/1336342382619598853

http://192.3.152.237

# Reference: https://twitter.com/wwp96/status/1336487441214091265

cedeko.ml

# Reference: https://twitter.com/wwp96/status/1336489964343791617

actemviro.com

# Reference: https://twitter.com/wwp96/status/1336833150618652674

http://192.3.146.194

# Reference: https://twitter.com/wwp96/status/1336830110050160640

http://111.90.149.229
http://216.170.126.123

# Reference: https://twitter.com/pancak3lullz/status/1166107213540331523
# Reference: https://app.any.run/tasks/7dff3403-2769-4edc-9452-d7b9745c67ab/

psix.tk
minercoinbox.com

# Reference: https://www.virustotal.com/gui/file/0c3fcc6d9ada66b51fae4890b3c9c5b886bf275a61c78ff3771a02989494ca3e/detection

http://182.254.229.239

# Reference: https://twitter.com/InQuest/status/1336991741237489665

checkinglist.xyz

# Reference: https://www.virustotal.com/gui/ip-address/13.66.50.148/relations

http://13.66.50.148

# Reference: https://www.virustotal.com/gui/ip-address/51.195.53.27/relations

http://51.195.53.27

# Reference: https://twitter.com/FewAtoms/status/1337476320310284288

validserver.com

# Reference: https://tria.ge/201209-rn3xfe8h6x/behavioral1

12.ossmarcial.com

# Reference: https://twitter.com/wwp96/status/1337526249531568129
# Reference: https://www.virustotal.com/gui/domain/m9b4s2.site/relations
# Reference: https://www.virustotal.com/gui/file/51bfce0f95eead416c84e32bef67a407390a1f4147673d7970e9348c6ac4d123/detection

a1711cf.com
m9b4s2.site

# Reference: https://www.virustotal.com/gui/file/992cf8ed168eed107c9cc982aa393c9505f0ff09f47020aa10491953fcfc10a8/detection

lucian0lu1.freeheberg.org

# Reference: https://www.virustotal.com/gui/file/1303a2d7876790af2cc196a816df2261506b157605006e603246b58f09408888/detection

http://148.72.155.40

# Reference: https://twitter.com/wwp96/status/1338464902936207361

http://198.46.132.130

# Reference: https://twitter.com/InQuest/status/1338544013679407107

http://3.133.107.218

# Reference: https://twitter.com/Circuitous__/status/1338593685383024640

captafill.xyz

# Reference: https://www.virustotal.com/gui/file/ca58a15c71c9af1e6df2ab08787e83b0b457366cec67325532cef64613585d9f/detection

citygame.xyz
hostas8.cf
ickyud.pw

# Reference: https://www.virustotal.com/gui/domain/777cd.info/relations

777cd.info

# Reference: https://twitter.com/wwp96/status/1338890758011621381

http://149.3.170.53

# Reference: https://twitter.com/wwp96/status/1338891457634201600

http://88.119.170.242

# Reference: https://twitter.com/wwp96/status/1338890044346601473

http://88.119.171.197

# Reference: https://twitter.com/wwp96/status/1338891948443185154

rogatech.cf

# Reference: https://twitter.com/wwp96/status/1338897626100617219

http://75.127.1.225

# Reference: https://twitter.com/wwp96/status/1338896638534971396

esquinerosaguilarlerma.com

# Reference: https://twitter.com/wwp96/status/1338894502023585796

mkontakt.az

# Reference: https://twitter.com/jstrosch/status/1338535056567115781

http://18.197.62.51/webdav/

# Reference: https://twitter.com/ffforward/status/1339129811810324483

zoomba619.blogspot.com

# Reference: https://app.any.run/tasks/6b24ab8c-1626-41e1-aa32-39e96fd266d5/

lineagehusband.com/vomvom/ 

# Reference: https://twitter.com/wwp96/status/1339310314786058241

storeafh.com/cc/

# Reference: https://twitter.com/wwp96/status/1339309952083644416

http://54.169.136.76

# Reference: https://twitter.com/wwp96/status/1339311917337370625

wwwwwwwwwwwwwwwwwwwwww.000webhostapp.com

# Reference: https://twitter.com/wwp96/status/1339312596621660167

gulshanti.com

# Reference: https://twitter.com/wwp96/status/1339310657087418368

http://149.3.170.55

# Reference: https://app.any.run/tasks/26522454-b349-42db-9cbe-230b37a3c836/

girlisbad.com

# Reference: https://twitter.com/K_N1kolenko/status/1339470245812170753

berlitz.co.rs/jay/

# Reference: https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
# Reference: https://twitter.com/Bank_Security/status/1339532785489481729
# Reference: https://pastebin.com/gRwiJH5U

http://199.192.29.202
http://2.56.215.97
http://5.39.223.162
http://93.115.23.48
http://94.103.94.186

# Reference: https://www.virustotal.com/gui/file/34115f39a2b1db6239b2ff6d982ae78b275f061ddfcb0ff71117f154225021ef/detection

http://103.68.251.31

# Reference: https://www.virustotal.com/gui/file/a28682ec43abaca0920ab4362392170aa3f6881c09026ccec0f8ded0814a8615/detection

103.68.251.31:443

# Reference: https://twitter.com/Jirehlov/status/1337736389199187970
# Reference: https://www.virustotal.com/gui/file/f13e31ec576bb65350a0bc5e357f4f6755bb2169e035774f63db00fa9a293552/detection
# Reference: https://www.virustotal.com/gui/file/98246ce552da2a37b6b54cc34365c566e319799d9efabef3109d0143a6b13155/detection

103.242.135.138:8426
103.242.135.138:85
http://103.242.135.138

# Reference: https://www.virustotal.com/gui/file/c963869cee95668064ebe88b1cdd6fb0a71da04fa1e397320c6ba862e4a035f1/detection

nik1002.myftp.org

# Reference: https://www.virustotal.com/gui/file/40448a4c3c2fb6587b2b68735fab1137fd677d63e3e9806e4b619d0b9f4f38da/detection

http://198.23.207.5

# Reference: https://www.virustotal.com/gui/file/c3d0c76d8f14f098528be4d1bacdafd4ef566fd10599656363bd9e5dea082200/detection

kdfaty-71.cf

# Reference: https://twitter.com/Abjuri5t/status/1296602545511641088
# Reference: https://www.virustotal.com/gui/domain/managed.oss-cn-beijing.aliyuncs.com/detection

managed.oss-cn-beijing.aliyuncs.com

# Reference: https://www.virustotal.com/gui/ip-address/13.231.151.34/relations

http://13.231.151.34

# Reference: https://twitter.com/Abjuri5t/status/1296602546333720577

chinese2onlyywalkaloneinlifevwsdy17nfa.duckdns.org
latox.ro

# Reference: https://twitter.com/FewAtoms/status/1339961860448276482

http://37.46.150.60

# Reference: https://twitter.com/InQuest/status/1340008788607307778

pickleballreducer.com

# Reference: https://twitter.com/dubstard/status/1340573308530683906

cryberpunk.download

# Reference: https://twitter.com/InQuest/status/1340843122679574528

bb.realestateprivateportfolio.com/img/

# Reference: https://twitter.com/mdmck10/status/1340737115815030785

http://91.241.60.117

# Reference: https://twitter.com/reecdeep/status/1340956488416817152

http://192.227.129.4

# Reference: https://www.virustotal.com/gui/file/50c7c0dce8af82cf62d98e6d8ea3de29bc70969e6614f59c785f2d07c9c7b37b/detection

2ogo.com

# Reference: https://twitter.com/malwrhunterteam/status/1341045175196540929
# Reference: https://www.virustotal.com/gui/domain/google-api-tools.com/relations
# Reference: https://github.com/stamparm/maltrail/pull/13189/commits/507c2880cba1b25816f2b1c0a89b0b2cdc5e5d1b (# Note: Generic detection for root domain)

google-api-tools.com

# Reference: https://www.virustotal.com/gui/file/801a53e427a2c4a33c12a11a1fe78b86461d63efdebb66b1296b0579828ae2c4/detection

222.186.58.168:88

# Reference: https://twitter.com/wwp96/status/1341024457016692736
# Reference: https://app.any.run/tasks/a7a5fc2a-3c22-4c0c-ac75-4947e2de67e7/

http://45.15.143.142

# Reference: https://www.virustotal.com/gui/file/62f94ecca43ed5ba6fad04f5224fbfe0d205b7bc157d347d30023d4383d4d920/detection

sexglam.ru

# Reference: https://www.virustotal.com/gui/file/911b4b3f78de7bad2c9950e8a805cf4bfe9ca58fed213961de61ebd8f92f81ba/detection

19216801.usite.pro

# Reference: https://twitter.com/makflwana/status/1267443715515092993

blaackjack.com

# Reference: https://twitter.com/SolutionsXnotes/status/1173228101850894342

/exploit.c

# Reference: https://twitter.com/makflwana/status/1160545539982647296

http://92.63.104.190

# Reference: https://www.virustotal.com/gui/domain/i.assmio.com/relations

i.assmio.com

# Reference: https://www.virustotal.com/gui/file/3d93f6a19c997ea7b797c2780f529966b5024628c90c87c653b86fa2086098dd/detection

http://81.69.250.97

# Reference: https://isc.sans.edu/diary/26922
# Reference: https://www.virustotal.com/gui/file/3f4ce9fcbe40c1f445aa844e4561346e9ff1cb812a6d8937387a31be7fb88592/detection

http://23.98.155.192

# Reference: https://www.virustotal.com/gui/file/785c2845af631f33fda47b5a0fe5ccb338389b15e028e1ae7fa418d991e2c38f/detection

http://185.186.247.114

# Reference: https://www.virustotal.com/gui/ip-address/140.82.59.108/relations

http://140.82.59.108

# Reference: https://www.virustotal.com/gui/domain/dbjustping.com/relations

dbjustping.com

# Reference: https://www.virustotal.com/gui/file/0f2023858e10724e1d81ebbfeffdef833fcebc3d607854b231cedf71c584e054/detection

http://173.212.222.11
http://178.33.109.235
http://195.88.208.196
http://37.1.199.202

# Reference: https://www.virustotal.com/gui/domain/access-accounts1.com/detection

access-accounts1.com

# Reference: https://www.virustotal.com/gui/file/b42b33ffa4b45bc81b71f13d89dc1283b155204913aa8362e99e9aa44366bfb2/detection

http://185.212.130.98

# Reference: https://twitter.com/r3dbU7z/status/1343477277762473989

149.28.70.34:8010

# Reference: https://www.virustotal.com/gui/file/d6d17e18c0f4b031ee76cf75aab7fda9d5b2ca56e1a6c7cf0449832da5846cac/detection

excelcryptocurrency.com

# Reference: https://www.virustotal.com/gui/file/b88f19f533c66e10b6dace4cff1291c048c896ab3a1d2223ace4bb5dcc8b6b60/detection

digitalcurrencyexchane.com

# Reference: https://twitter.com/mdmck10/status/1344031510161207308
# Reference: https://www.virustotal.com/gui/ip-address/91.241.60.119/relations

http://91.241.60.119

# Reference: https://www.virustotal.com/gui/domain/servlce.store/relations
# Reference: https://github.com/stamparm/maltrail/pull/13382/commits/e3caf1c2584a3ec123fdcc3d29915d063bd1a4d4

servlce.store

# Reference: https://www.virustotal.com/gui/domain/facebook8abc.com/relations

facebook8abc.com

# Reference: https://www.virustotal.com/gui/file/cd889a03ea69d14e772e1f0996dedf7fd18cc927de21d40785f5942320e35cd1/detection

http://149.248.6.193

# Reference: https://otx.alienvault.com/pulse/5ff06173bf924de2d1a2d2ca
# Reference: https://www.virustotal.com/gui/domain/95hack.cn/relations

95hack.cn

# Reference: https://twitter.com/reecdeep/status/1345411411829260289

ultimcontents.com

# Reference: https://www.virustotal.com/gui/domain/apobypass.com/detection

apobypass.com

# Reference: https://twitter.com/n0p1shing/status/1345338929931825152
# Reference: https://app.any.run/tasks/85f16e5e-2a34-4519-95e3-ccc3308c1f41/

org-2fa.link
org-2fa.org

# Reference: https://www.virustotal.com/gui/ip-address/103.125.191.69/relations

antoinesauvagesqcomcomantoinesauvagesqcomcom.ydns.eu
bennergdfeeaueewwecomssfwbennergdfeeaueewwecomssfw.ydns.eu
dgfiydfdhfjfjfrdgkjttiigifjfjgdehkgdrjcr.ydns.eu
dhprasetyocontinenteightbizdhprasetyocontinenteightbiz.ydns.eu
ehdjhgesydfgsswertdfehkshkslrnjlwneoedss.ydns.eu
ethaisheksanegeusaheeeuahsnedhausenahsyel.ydns.eu
gbisz44qi75kw2ygbisz44qi75kw2ygbisz44qi75kw2ygbisz44qi75kw2y.ydns.eu
twitterlevelsecuritycheckingforwordfiletransferthroughfirewalls.ydns.eu

# Reference: https://twitter.com/reecdeep/status/1346123602547122176

lancosi928.tech

# Reference: https://www.virustotal.com/gui/file/2074ad2dc62a398d62ab1f91d446ca269a4bc1cb5cbd5a677904afbf2d3685e0/detection

trustpilot-scam.com

# Reference: https://twitter.com/malwrhunterteam/status/1346038126263865345
# Reference: https://www.virustotal.com/gui/file/9d09788543b16ee59c469199cb0ef78891d8c66981169f0a6720fda8d4eeff9a/detection

spyinfo.ir

# Reference: https://www.virustotal.com/gui/file/112121c5d7507c7d4fc60949a878cc5e8be7142ea619b7eb870935e67da8046e/detection

kontrolcum.blogspot.com
kontrolcum.blogspot.fr
myjs.me

# Reference: https://www.virustotal.com/gui/file/071d91e67c42811d96d15a4a6dff740cc5d704ca352d9bc03778a2a6abd552f4/detection

rosgaz.pw

# Reference: https://www.virustotal.com/gui/file/e73603c1b24b0962c8bf90b28fcce0b9966c5047b0464a06f506181b142cad5f/detection

foyd.fulba.com

# Reference: https://www.virustotal.com/gui/domain/mannylawfirm.no-ip.biz/detection

mannylawfirm.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/34jkldfs.no-ip.biz/detection

34jkldfs.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/directxex.com/relations

directxex.com

# Reference: https://www.virustotal.com/gui/domain/directxex.net/relations

directxex.net

# Reference: https://twitter.com/r3dbU7z/status/1346566617614979073

http://45.78.65.155

# Reference: https://twitter.com/InQuest/status/1346741373014323205
# Reference: https://twitter.com/ShadowChasing1/status/1346747278279643137
# Reference: https://www.virustotal.com/gui/file/b9b5a9fa0ad7f802899e82e103a6c2c699c09390b1a79ae2b357cacc68f1ca8e/detection

user-assist.site

# Reference: https://www.virustotal.com/gui/file/68d9579fe9d947b15ed590ef5379ead4a16be340391927c8694f30fee9d3c796/detection

outlookcalendar.accesscam.org

# Reference: https://twitter.com/banxen/status/1347059388477960193

onedrive.serveblog.net

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60
# Reference: https://vulners.com/rst/RST:39486282-EB03-3581-9D54-457C2B361DE6

divinestresser.com
divinestresser.info

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60

advwebs.com
bassfredes.cl
hola.besaba.com

# Reference: https://twitter.com/Dr_N0b0dyh/status/1347144725871079425

firenzelavori.lt

# Reference: https://twitter.com/_re_fox/status/1347195124887990276

lib2.md.chula.ac.th/files/

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Ransomware)

dweferfh.trickip.net
mvdalleghenyriver.info
neverbasrmm.com
obession.co.ua

# Reference: https://www.virustotal.com/gui/file/a31deefacf153cf77b115e15cc2904418c9d2cc7f690fc8033dfc9c64dd63ee4/detection

http://94.156.174.121

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Stealer)

babysitter.gen.tr
cast345.webege.com
concordiaeefde.nl
coolnewhairstyles.com
cousintins.net84.net
felixrankin.comlu.com
konterk.com
lmage1.com
msf-supernova.net78.net
uniteti.net
update-silo.com
wiknlon.comlu.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Unknown)

404.mysyncdns.com
alsancakgaming.com
arya-foundation.de
avssync3357.com
bluefile.biz
bluegrassboardwalk.com
brmasteragoravai.com.br
cache.bsqlserver.com
casamentoatualizado.com
catracasepinos.com
cleopatra-ugra.ru
clientescadastrados.inf.br
clockpunchposition.com
comporationssoulll.com
cuxheaveninvestmentltd.com
czonainsit4e.com
data-fold.org
datascrambler.org
decisiondock.com
dnshkjashkd111.ru
down.enumstate.co.kr
drdigitalmd.com
escolagarbi.com
f1rst.name
fcserbiaunited.com
fredkcdekj.me
healthwealthandlifestyle.net
inessa-sweet.ru
ivehtxenoe.ru
jaycees.co.uk
jeannedarc33.fr
juatubatransparente.org
kuept.biz
lausina.org
leakdetecta.com
lecturehearball.com
lion46.ru
lojinha-deroupas.com.br
lux.lv
maschinen.be
mob6d.com
mydear.name
neease.com
netcomlist.com
npp-mehzavod.ru
odontobras.com.br
posterminalworld.la
pubbers.ru
pwikalsel.org
s17.37to.ru
sailcoalition.org
semimonster.net
ss77.37to.ru
surfband.info
theedgeman.co.za
toto39.zz.mu
twink-img.cf
webplayproduct.com
winhelp.25u.com
wireandwoods.ru
wrstecnologia.16mb.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# vbv grabber)

injected.cc

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# az7/az7v2)

brigadiramoon170.com
combonicer300.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# carbon grabber)

alliedmindstorm.com
azfarsaffron.com
cambraine.eu
chipet01.tk
eurotsl.com
financesmanager.tk
frostite.biz
grabbah.biz
icewire.info
masterminder.in
microsoftntdll.com
rasakltd.biz
rcheli.fh.net.nz
sheried.com
staboiobo.tk
tatuajesudaka.com.ar
turkeyfunds.org
virontonic.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# dendroid)

aaictlogistics.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# exodus)

ursu.hol.es

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# grid)

onetimes27s.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# jolly roger)
# Reference: https://www.virustotal.com/gui/file/6cb4102b551dd0c4be7677afb44d45a470643569f60356d479f30ad89f549528/detection
# Reference: https://www.virustotal.com/gui/file/30c1db5380e3d0eabbbc98743f383efdb81f5fc5e57cd0b33d966183fe02bb09/detection
# Reference: https://www.virustotal.com/gui/file/1561602f741e66c11f6983e2d8bba0ae02f83254c417829e6ec76a209d7940ed/detection

miluashikguer.ru
veisturbharbo.com

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# solar)
# Reference: https://www.virustotal.com/gui/file/8967dcaa77c6fa973e98d90e59ad0537ccf3e707641d4713067c4fb94345eb99/detection
# Reference: https://www.virustotal.com/gui/file/cd7820a08e7c82332ad4af643dd5fd76ddf7477792bea55f371969297655a7a9/detection

beriwiwo.info
dimoninfosys.org.in
glavimar.com
h63302.srv4.test-hf.ru
icewire.info
joker11.funpic.de
kasvatus.org
kvsvalves.com
mylondon.hc0.me
mysoul.olympe.in
solar.olympe.in
travelagentinbangkok.com
viewbot4lyfe.info
warface-aim.7jn.ru
wildnativebulbs.co.uk

# Reference: https://www.virustotal.com/gui/domain/fasunshi.com/relations

fasunshi.com

# Reference: https://www.threatcrowd.org/domain.php?domain=autoimagehosting.info
# Reference: https://www.virustotal.com/gui/domain/autoimagehosting.info/detection

autoimagehosting.info

# Reference: https://twitter.com/jorgemieres/status/1347251993304305665

doggofallingwater.000webhostapp.com
nk125srv.000webhostapp.com

# Reference: https://twitter.com/jstrosch/status/1347225282290319361
# Reference: https://www.virustotal.com/gui/domain/file.discountmonumentcenter.com/detection

file.discountmonumentcenter.com

# Reference: https://twitter.com/r3dbU7z/status/1347527548977242116
# Reference: https://www.virustotal.com/gui/file/22cda3e68d6e09d3ba14b57b336dfc73c39d8dc86986aed3f90761da2cbc1637/detection

185.193.126.229:4430
185.193.126.229:81

# Reference: https://twitter.com/malwrhunterteam/status/1347995679419990017

hosting001.online

# Reference: https://twitter.com/r3dbU7z/status/1348015427541151745
# Reference: https://www.virustotal.com/gui/file/f7a8d3fb89711f208f281c267ed8dd647cda207ecb514d37892b56a0ddafbe9a/relations

180.215.224.150:8800
211.23.167.155:8800

# Reference: https://www.virustotal.com/gui/file/0ef5cfcbaa05ba4beffc96127de3eb89ab2eb98bc5c8ee336dd2290391481e70/detection

crypto-server-download.xyz
crypto-server-download11.xyz
crypto-server-download48.xyz

# Reference: https://github.com/pan-unit42/tweets/blob/master/2021-01-08-IOCs-from-Ave-Maria-RAT.txt
# Reference: https://www.virustotal.com/gui/domain/lankarecipes.com/detection

lankarecipes.com

# Reference: https://twitter.com/Jirehlov/status/1347855866473533442

http://124.132.153.147

# Reference: https://twitter.com/ANeilan/status/1348361310279503879
# Reference: https://www.virustotal.com/gui/file/a41e9786e52fb3009f9c3322bca19e600a7f46689f36893a0564e382555fe4c6/detection

payment.unior.club

# Reference: https://www.virustotal.com/gui/domain/abbtv.xyz/detection

abbtv.xyz

# Reference: https://www.virustotal.com/gui/domain/mmakd.xyz/relations

mmakd.xyz

# Reference: https://www.virustotal.com/gui/file/8bbd83f12f7804f61406c18fe7d6636a339bb165e641297d1f6cf9233adb5060/detection

http://107.150.57.11
http://46.8.196.121
103.39.210.144:808
120.55.57.162:7890
154.8.232.200:4199
219.150.218.154:808
222.186.20.19:7777
222.187.239.147:23113
222.187.253.62:23001
39.98.228.46:2653
47.116.10.26:6663
61.150.60.243:6666
61.150.60.243:7777

# Reference: https://www.virustotal.com/gui/ip-address/47.52.143.174/relations

http://47.52.143.174

# Reference: https://twitter.com/Timele9527/status/1348520495935746051

cdndownload.buzz

# Reference: https://twitter.com/FewAtoms/status/1348676914681155586

http://217.12.208.14

# Reference: https://www.virustotal.com/gui/file/9b415dfdaf6474e998fc50015cad5d6934a3a04d142faa738154c259549617a9/detection
# Reference: https://www.virustotal.com/gui/file/a8b69953479d28ee656a49ce845a537de65a3f0979f3a0ed8f942c98f4904bfe/detection
# Reference: https://www.virustotal.com/gui/file/4f4bbf2e00eff20888ab3894cddd0162a9bc8b6b5f298a38ef2c954902018ca0/detection

http://23.224.244.121
http://23.224.244.5
http://79.143.52.19
steam6.top
steam7.top
steamli.top

# Reference: https://www.virustotal.com/gui/file/eaa14ff5cdf3ec428bd1b0c2689272996741a4c93f3c1289934057c3c5cafc78/behavior/VMRay

xpackmx.com

# Reference: https://www.virustotal.com/gui/file/4db81f8f21f532139ba706ae5fb908432a1e3e15aaecd04341e57fb93f3ef20f/detection

http://46.17.98.51

# Reference: https://www.virustotal.com/gui/file/3be32a006912e45ce426ae829b8bbc6c752e3e07de138aaab40da0744e3b51ad/detection

aitlsbh.com
dreamtrips.cheap
fasterpdfinstall.xyz
fasterpdfreader.xyz
gvkufab.com
test-offer.best

# Reference: https://www.virustotal.com/gui/file/a6264de41b4d2ad578a3ec5e082b621dcbf3b716e9bbe86f66682d785c7fc476/detection

http://45.140.146.29

# Reference: https://www.virustotal.com/gui/file/54be747b380c5749630578aa34579ae6492ee28471facc97d8da0555510d0f46/detection

vu505cluster.com

# Reference: https://www.virustotal.com/gui/file/c4275b08193c896015c7bcda2a4e0d940331b0806c6b32a68e32acbf78988075/detection
# Reference: https://www.virustotal.com/gui/file/55d904b83f04acb4118df9b2bd3ebbd44b9553b0aabcfff7b68d674ddb6052cc/detection
# Reference: https://www.virustotal.com/gui/file/9c699791059e57ac887086c0673d47d1a81c587b2c16585c8e80d1a831857feb/detection

vqvm656stem.com

# Reference: https://www.virustotal.com/gui/ip-address/45.140.146.32/relations
# Reference: https://www.virustotal.com/gui/file/36915aa4b4269e31b0ade1b4cb6df4c4edcd1554ecd5e886a0926e9437d676cd/detection
# Reference: https://www.virustotal.com/gui/file/992dc59ba7124aae9761d280deed3ec381be7c1379538722687a40573a48f470/detection

jih465flash.com
xwfluid5.com

# Reference: https://twitter.com/jstrosch/status/1349014099074691073

http://185.81.157.186

# Reference: https://www.virustotal.com/gui/file/f54ee6761ddbc05ab6245ee2afb2cc725ab60c9d3f32836709c4973b565d60f2/detection

testedpo14.temp.swtest.ru

# Reference: https://twitter.com/Circuitous__/status/1349388642704306182

computer-compare.com

# Reference: https://twitter.com/ffforward/status/1349380856926887939
# Reference: https://www.virustotal.com/gui/file/288fdf9c64da0251107df7f1c3283f328279ad581710a9cf71f67e53b0b1684d/detection

anabolicsteroidsbuy.info

# Reference: https://twitter.com/ffforward/status/1349740103711690755

allanabolicsteam.net

# Reference: https://twitter.com/FewAtoms/status/1349413756938412034

palettas.pe/docs/

# Reference: https://twitter.com/jorgemieres/status/1349410241218293760

http://18.195.87.136

# Reference: https://twitter.com/jorgemieres/status/1349408300006318081

http://198.23.207.63

# Reference: https://twitter.com/IronNetTR/status/1349830343105384451

aaavanca.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1349999369727188992

cronogare.it/backoffice/

# Reference: https://www.virustotal.com/gui/file/647d6ecbbe14fb46a87ae8bab37f55e9983232f484bb2b3ee94ed47834f5c437/detection
# Reference: https://www.virustotal.com/gui/domain/c541f5d439a359.xyz/detection

c541f5d439a359.xyz

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/infolooks.org/relations

infolooks.org

# Reference: https://www.virustotal.com/gui/domain/24131192124.com/relations
# Reference: https://www.virustotal.com/gui/file/408e3af5590c712608c452b01b6eadea1f444dacbf080aac22e96b24a6e1696e/detection

24131192124.com

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz
# Reference: https://www.virustotal.com/gui/domain/cantvenlinea.biz/detection

cantvenlinea.biz

# Reference: https://www.virustotal.com/gui/domain/handjobheats.com/detection

handjobheats.com

# Reference: https://www.virustotal.com/gui/file/02131c8c30c6852ea1094661960d8cd697e014c2327582b9bbfc8440100d08ef/detection

http://198.61.176.52
diamondhostess.hu

# Reference: https://www.virustotal.com/gui/domain/rekurigo.com/detection

rekurigo.com

# Reference: https://www.virustotal.com/gui/domain/ohtheigh.cc/detection

ohtheigh.cc

# Reference: https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz
# Reference: https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/012/156/original/snort3-community-rules.tar.gz

allamericanservices.name
cinnamyn.com
commandcenteral.info
elitemarketingworld.net
enemydont.net
givemefilesnow.info
msnsolution.nicaze.net
myharlemshake.info
rsakillerforever.name
saltsecond.net
scari-elegante.ro
sellsmall.net
silobiancer.com
southblood.net
stylefun.info
twinkcam.net
wheelreply.net

# Reference: https://www.virustotal.com/gui/file/e08fa2a4784d4a0382715aaf43974f39ad70148dc9526d2beef7bb7736c4f413/community

http://67.23.226.179

# Reference: https://www.virustotal.com/gui/file/40e52901b36981803ed70fdb38a78537aa03658ecd8b17c9797f92b7b135d955/detection

http://95.216.86.40

# Reference: https://www.virustotal.com/gui/file/b6a2ce88e1d3934095418787dddd851a4d5cd073cbcba575d5c7d707f612610e/behavior
# Reference: https://mreza.bug.hr/upozorenje-iz-nacionalnog-cert-a/

dalitecnoimagen.cl

# Reference: https://www.virustotal.com/gui/file/94378919a54c15a4600c728d4833ae00888b91cf15460789a475220875d7b804/detection

alaminbank.com
prism-photo.com/private/

# Reference: https://twitter.com/malware_traffic/status/1351631078549811203
# Reference: https://www.virustotal.com/gui/file/18cf2e39efca29316e84dab1be885a77c600c40d6bb65cd016b6de9d3fd0a6da/detection

alumaicelodges.com

# Reference: https://twitter.com/jorgemieres/status/1351522552733118466

stdyunitedkesokostri.dns.navy

# Reference: https://twitter.com/jorgemieres/status/1351525948999524353

chthreemndyrecantict.dns.navy

# Reference: https://twitter.com/r3dbU7z/status/1351651516806033415

http://106.12.103.181

# Reference: https://www.virustotal.com/gui/file/23d44019cd825eb28cafa67427f3588bd758f3cccca4db02e5e7fb151c1c8d2c/detection

biggames.club
dealbigdata.com
souffity.com

# Reference: https://twitter.com/jstrosch/status/1351927504739721217

cornelluniversityblog.com/docxx/

# Reference: https://twitter.com/jstrosch/status/1351925534582845441

k-t.icu

# Reference: https://www.virustotal.com/gui/file/864d4f206e8dc5ece44c26f9b8718c1bfa6d28ea46db724aac90b56c8412da5e/detection

fed58f43246844b18d00fb0177352546.download

# Reference: https://twitter.com/FewAtoms/status/1352324221964320768

tunedinblog.com/wp-includes/

# Reference: https://labs.k7computing.com/?p=21489
# Reference: https://otx.alienvault.com/pulse/6009baded35a4f4b25a2ab13

ultracams12.club

# Reference: https://twitter.com/James_inthe_box/status/1352351718172839939

http://207.148.110.29

# Reference: https://app.any.run/tasks/def4f45c-39c6-469f-9175-c32a858788a6/

toteteca.com/qzkiodlofm/

# Reference: https://twitter.com/James_inthe_box/status/1352628742137339904

ampcserver.fun

# Reference: https://twitter.com/jstrosch/status/1352394044593344515

http://209.250.243.243

# Reference: https://twitter.com/FewAtoms/status/1352663042677469185

http://91.219.61.224

# Reference: https://twitter.com/FewAtoms/status/1352684696963076096

minishop.in

# Reference: https://www.virustotal.com/gui/file/ed7605a922982e18877fd8c0624880b836ebc1ab190634a07a3cd7c397e856d0/detection

23.113.62.37:5050
bopper.myftp.biz

# Reference: https://twitter.com/malwrhunterteam/status/1353614069970956289

testing001.online

# Reference: https://www.virustotal.com/gui/domain/noabuseshere.top/relations

noabuseshere.top

# Reference: https://www.virustotal.com/gui/domain/radrile.xyz/detection

radrile.xyz

# Reference: https://www.virustotal.com/gui/domain/infoforip.ru/relations

infoforip.ru

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

http://185.215.113.77

# Reference: https://www.virustotal.com/gui/domain/oldhorse.info/relations

oldhorse.info

# Reference: https://www.virustotal.com/gui/domain/properrty.co/relations

properrty.co

# Reference: https://www.virustotal.com/gui/domain/anonfriendz.club/relations

anonfriendz.club

# Reference: https://twitter.com/James_inthe_box/status/1354089522192027650

workedgames.com

# Reference: https://www.virustotal.com/gui/domain/br0vvnn.io/detection

br0vvnn.io

# Reference: https://twitter.com/jorgemieres/status/1354149316781338627

racoonestlehomia.myq-see.com

# Reference: https://twitter.com/phage_nz/status/1354282467344011267

http://23.227.207.253

# Reference: https://www.virustotal.com/gui/domain/9dd.fun/detection

9dd.fun

# Reference: https://www.virustotal.com/gui/domain/skiascripts.xyz/relations

skiascripts.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1355168209360605184
# Reference: https://www.virustotal.com/gui/file/5a099571b1ff22edbe4621c60def5d597a644771a02f5c179c73596d33efb8ff/detection

terminist-journal.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a0dd2634f6aa14f23b98f638cd0c20968e958da8e871b2998c729d727cef96a9/detection

f0507215.xsph.ru

# Reference: https://www.virustotal.com/gui/domain/host-serv.xyz/detection

host-serv.xyz

# Reference: https://www.virustotal.com/gui/domain/axofiles.xyz/detection

axofiles.xyz

# Reference: https://www.virustotal.com/gui/file/baec9d73487e85c2bdd78b6ae43abaa6a7fec4b969d92b14427e8aca0510a24b/detection

http://206.189.10.3

# Reference: https://twitter.com/InQuest/status/1355189037800296448

averagetry.com

# Reference: https://twitter.com/ps66uk/status/1355324203935952906

maponlinedata.com

# Reference: https://app.any.run/tasks/9f3895b5-6ae1-4ac1-b829-b50202985e3d/

http://108.61.166.11

# Reference: https://twitter.com/James_inthe_box/status/1354805574009929728

raybals.com

# Reference: https://www.virustotal.com/gui/file/766f508d50681caad9a701739c6bd674f4d9a927fb456fbb31bb51339dc0a299/detection

f0471847.xsph.ru
fooolllmmmink.cf
free-fililink.cf
frhhjjkililink.cf
frmnbcccclilink.cf

# Reference: https://www.virustotal.com/gui/file/6267a0f2ff1e405781beb5dcc13edf5758b442a4ee3f2016c86fecd62d688984/detection

a0147726.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7349a38e86e15451fd5824ad6c7cbb4e3f0c8a64b6c6ff87c37e8aeb44749291/detection

a0015919.xsph.ru

# Reference: https://www.virustotal.com/gui/file/62ce555d314f8a9fdfc98c301956a5e25a131f81683e9d2ef4feef6069c199c6/detection

a0152338.xsph.ru

# Reference: https://www.virustotal.com/gui/file/84ff0210b2a3dd67d3820f82f7097ae76675135f024079f63fb9f3d94cf1d874/detection

a0015919.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0e0c098b2a80d96f20fe4e2c62340c0ed75c2824dcaae29101d6d18deb7b56b3/detection

vanhook.re.xsph.ru

# Reference: https://www.virustotal.com/gui/file/955ac138813f479f8967543a81a061ec6c7f59f03631e8b411b5fa43ff4e6841/detection

f0174408.xsph.ru

# Reference: https://www.virustotal.com/gui/file/65ef93a98ea402a80db39265b41d5b88d673cd11f777bca94c2f1c7efc167c02/detection

a0088485.xsph.ru

# Reference: https://www.virustotal.com/gui/file/e9ad54075ca514fbe5588b0d236bf655c136ba436867b9c2a8bd1938254b6203/detection

f0468736.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1355510402696810496

91.208.245.201:443
oooooooooo.ga

# Reference: https://www.virustotal.com/gui/domain/uufjffff.com/detection

uufjffff.com

# Reference: https://www.virustotal.com/gui/domain/ujkhhss.com/detection

ujkhhss.com

# Reference: https://www.virustotal.com/gui/file/b6fb5968697e26a6830c75ec264b0ed8f5f9adc95539331312b22635ce450342/detection

http://107.191.60.7
http://86.106.181.170
http://192.145.37.92
http://193.38.55.126

# Reference: https://www.virustotal.com/gui/file/48dd0ff9cbcca03ff1457c3077fbba54d7f1d149a486810ae0ab5e8258dd6334/detection

ct-fr.icu
rohingyaedu.com
vipmerchantclub.com

# Reference: https://www.virustotal.com/gui/file/9fad915c3704ffb4cfb5e04759eab8249d12e95614d9aecc51d15f459e42d6ae/detection

almanamatyping.com

# Reference: https://www.virustotal.com/gui/file/49f0000f0f1f3369ae15766abc375a209fdddd10b5393c3cb046095f0673d077/detection

314809.linkpc.net

# Reference: https://www.virustotal.com/gui/domain/lifamyminaylio.linkpc.net/detection

lifamyminaylio.linkpc.net

# Reference: https://www.virustotal.com/gui/file/6be15d873eae741bd6ffcc3ca63b4c63663b6dc56309a3a71fd31f4ba2503d06/detection

f0491970.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1355907013344157701

http://193.239.147.32

# Reference: https://twitter.com/James_inthe_box/status/1356280129433976833

http://213.252.244.176

# Reference: https://twitter.com/malwrhunterteam/status/1356609023903207425

http://185.96.204.96

# Reference: https://www.virustotal.com/gui/file/d23a96b27a385fec7eef04f0b312feda253e24275c160d8cc38c2b1c39e9c5b1/detection

f0507215.xsph.ru

# Reference: https://twitter.com/James_inthe_box/status/1356619450892443648

http://3.34.179.142

# Reference: https://twitter.com/FewAtoms/status/1357021854859481088

globalteamacademy.com/epl/

# Reference: https://twitter.com/malware_traffic/status/1357058816580403202

uzelkapi.com/de/getappsr.php

# Reference: https://twitter.com/felixaime/status/1357266579197747202

telegram-desktop.org

# Reference: https://app.any.run/tasks/ba7cf487-6808-46e0-b158-ef0ad557f564/
# Reference: https://www.virustotal.com/gui/file/c7549861d8f422becc0778bdf16abc1942f86980db9e5400da33e6b571c9d132/detection
# Reference: https://www.virustotal.com/gui/file/a66300ce5da480b81f3eda678599ac02f61745f674e6aa4ecd5ac833414b2b6d/detection

http://149.248.58.116/GruntHTTP.exe
http://149.248.58.116/en-us/docs.html
http://149.248.58.116/en-us/index.html
188.138.125.235:8001
candy.fairuse.org
help.mm.my

# Reference: https://twitter.com/InQuest/status/1357315169228054528

thephotographersworkflow.com

# Reference: https://www.virustotal.com/gui/domain/waiiiu.myftp.biz/detection

waiiiu.myftp.biz

# Reference: https://twitter.com/malwrhunterteam/status/1357336725299687431
# Reference: https://www.virustotal.com/gui/file/3ef56060c529149b8f12a7a6e3f5ac8aa1ae62b75f440e4bb7bce54090995002/detection

zapptelecom.ro/virusi/

# Reference: https://twitter.com/reecdeep/status/1357614966505938946

richelon.in/NewEx/

# Reference: https://twitter.com/petrovic082/status/1357635267209949186

http://185.215.150.204

# Reference: https://twitter.com/r3dbU7z/status/1357647150008717312

http://212.83.46.50

# Reference: https://www.virustotal.com/gui/domain/megaproxy.no-ip.biz/detection

megaproxy.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/iclox.no-ip.biz/detection

iclox.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/ozdmbn.no-ip.biz/detection

ozdmbn.no-ip.biz

# Reference: https://twitter.com/FewAtoms/status/1358124211244388352

http://91.214.124.206

# Reference: https://app.any.run/tasks/0f3512db-f11b-4695-b8c2-1df1132541c9/

f0511508.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1358821174365536257

callonenergy.com

# Reference: https://www.virustotal.com/gui/file/8132e2f1329ecad662612d43f8ad59efb63be955f142846da59b03c937c5d47d/detection
# Reference: https://www.virustotal.com/gui/file/6a6644a4916a1ba1b7853e4a8caad85ce15fe5221d26be6ef64145cbf90554c4/detection

blockfweb.xyz
cryptobstar.xyz
moneyohome.xyz

# Reference: https://www.virustotal.com/gui/file/c0e1d62205f83706500559e74a4f8d151cade697ada9147339e1b558c1256152/behavior/Dr.Web%20vxCube

jdcaip88.com

# Reference: https://twitter.com/FewAtoms/status/1359179536177520642

morrislibraryconsulting.com/favicam/

# Reference: https://twitter.com/FewAtoms/status/1359576193931108353

hosting1.nl.hostsailor.com/~frostdel/miratechs.ml/
hosting1.nl.hostsailor.com/~frostdel/file/
miratechs.ml

# Reference: https://twitter.com/malware_traffic/status/1359585588240875529

backupez.com

# Reference: https://urlhaus.abuse.ch/url/987877/

devharry.cc

# Reference: https://www.virustotal.com/gui/domain/ayehosting.online/detection

ayehosting.online

# Reference: https://www.virustotal.com/gui/ip-address/91.241.60.117/detection

http://91.241.60.117

# Reference: https://www.virustotal.com/gui/ip-address/91.241.60.119/detection

http://91.241.60.119

# Reference: https://twitter.com/James_inthe_box/status/1359606553251205123
# Reference: https://twitter.com/James_inthe_box/status/1359981854351233024

sec-doc-w.com
secure-doc-reader.com

# Reference: https://twitter.com/jstrosch/status/1359745151263010816

catuexpress.com/vendor/psy/psysh/.phan/346789/

# Reference: https://twitter.com/mz_malhunt/status/1359845176496119815

tunedinblog.com/wp-includes/

# Reference: https://twitter.com/jorgemieres/status/1359948105819512837

tienesganas.com

# Reference: https://www.virustotal.com/gui/file/6441fa3baa187ec779d0a82c5ed64c432f0b919587ea9cfd5cf178cfd2525296/detection

exceldoggy.ddns.net

# Reference: https://twitter.com/r3dbU7z/status/1360099550770397186

154.222.26.86:8080

# Reference: https://twitter.com/r3dbU7z/status/1360088958315675650

35.180.24.224:8800

# Reference: https://twitter.com/FewAtoms/status/1360300953031868423

homefindersolutions.com/wp-includes/js/tinymce/themes/inlite/

# Reference: https://www.virustotal.com/gui/file/052bd14bbab4e77bd52086a405b30e8bfa210e6820549cb69217333e32184a28/detection

kaceg.system-ns.org

# Reference: https://www.virustotal.com/gui/file/fc90bce036ffeae2b9903efbd20738b66e62c1893db65f088896821f3bfc536a/detection

dynacom.system-ns.org

# Reference: https://twitter.com/jnzzzzzzzz/status/1360952141838483460

http://49.247.133.43

# Reference: https://www.virustotal.com/gui/domain/gatsoed9.beget.tech/relations

gatsoed9.beget.tech

# Reference: https://www.virustotal.com/gui/file/d0824c901433756206ef5f12dcef99d3f79c72b1fe39752431088ab501eacfb4/detection

a0148155.xsph.ru

# Reference: https://twitter.com/FewAtoms/status/1361362640837181442

http://103.124.106.203

# Reference: https://twitter.com/ffforward/status/1361387603405250570

http://45.153.203.54

# Reference: https://twitter.com/jorgemieres/status/1362047793825742857

bingoroll2.net

# Reference: https://twitter.com/K_N1kolenko/status/1362335530554392577

tuckermolybdenum.com

# Reference: https://twitter.com/r3dbU7z/status/1362325016411598850
# Reference: https://twitter.com/0xrb/status/1362383360614535173

http://209.141.40.190
http://212.114.52.24

# Reference: https://twitter.com/FewAtoms/status/1362460537544712192

http://65.0.55.192

# Reference: https://twitter.com/r3dbU7z/status/1362470073500336136

65.207.115.215:81

# Reference: https://twitter.com/InQuest/status/1362523760264413184

http://5.39.217.221

# Reference: https://www.virustotal.com/gui/file/1b21f8241014259f89da2bf1f1ed762f58ddfb965abd1081ca7a6c3b85a3bb73/detection

http://91.212.150.4

# Reference: https://twitter.com/InQuest/status/1362997336058789891

http://202.182.97.102

# Reference: https://www.virustotal.com/gui/file/ee8242140b95b142635d71a6875f117a037750f944eca2593a2b333d0880c5c6/detection

http://39.100.119.17
http://39.97.238.208

# Reference: https://www.virustotal.com/gui/file/b76e941ca7f16828d6c0b3ecd44cde7b56b9b3a73d590396e8917e773c4e872a/detection

123.129.162.4:92

# Reference: https://twitter.com/FewAtoms/status/1363158398364233736

http://54.238.74.62

# Reference: https://twitter.com/jfslowik/status/1363261947622264832

covidappcolumbia.co

# Reference: https://www.virustotal.com/gui/file/9e081e12740f807d5b60f13ecb8c1a5d8ec6c287caf28438291bd75450eed207/detection

astatech-cn.com

# Reference: https://twitter.com/BushidoToken/status/1363179073514713091

bulletin-covid-19-21.gr8.com

# Reference: https://twitter.com/whitehoodie4/status/1363815950915674114
# Reference: https://www.virustotal.com/gui/ip-address/185.56.81.52/detection

http://185.56.81.52

# Reference: https://twitter.com/ANeilan/status/1364092577759301633
# Reference: https://www.virustotal.com/gui/ip-address/91.234.99.251/relations

http://3.21.80.19/index.php
onedrivedocumentserver.tk
onedrivedocumentserver1.tk
onedrivedocumentserver2.tk
sharedocumentlogino.tk
sharedocumentlogino1.tk
sharedocumentlogino10.tk
sharedocumentlogino11.tk
sharedocumentlogino12.tk
sharedocumentlogino13.tk
sharedocumentlogino14.tk
sharedocumentlogino15.tk
sharedocumentlogino16.tk
sharedocumentlogino2.tk
sharedocumentlogino3.tk
sharedocumentlogino4.tk
sharedocumentlogino5.tk
sharedocumentlogino6.tk
sharedocumentlogino7.tk
sharedocumentlogino8.tk
sharedocumentlogino9.tk
sharepointdocumentloginnnn.tk
wqueiuqiwyeiuqhej.tk

# Reference: https://twitter.com/wwp96/status/1364234421755400195

http://51.103.136.92

# Reference: https://twitter.com/wwp96/status/1364236730853908484

sn0w.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1364270785041477638

http://173.234.25.78

# Reference: https://twitter.com/TeamDreier/status/1364290892681670662
# Reference: https://www.virustotal.com/gui/domain/gcleaner.pro/detection

gcleaner.pro

# Reference: https://twitter.com/FewAtoms/status/1364301935344508929

http://35.158.240.78

# Reference: https://twitter.com/executemalware/status/1364373989049524226

bearcatpumps.com.cn/css/

# Reference: https://twitter.com/jorgemieres/status/1364597773547503619

http://198.46.132.132

# Reference: https://twitter.com/jorgemieres/status/1364605915689811976

http://35.158.240.78

# Reference: https://twitter.com/wwp96/status/1364610565977632774

angeloberger.com.br/foz/

# Reference: https://twitter.com/wwp96/status/1364615685368930312

http://192.227.228.31

# Reference: https://twitter.com/reecdeep/status/1364619740665290754

http://139.162.190.64

# Reference: https://twitter.com/jorgemieres/status/1364595653012250626

igbrusureweb.com

# Reference: https://www.virustotal.com/gui/file/b2d39601b105baa7c00f67c4bf44005efa090acbab06566f2f06be092d9b9934/behavior/Rising%20MOVES
# Reference: https://www.virustotal.com/gui/file/9d0713a2a2b239fa186e0efde12fa7ceb6c87f8bdda62f69de0b1f60c6c07062/behavior/QiAnXin%20RedDrip

free-documents-hosting.com

# Reference: https://twitter.com/mz_malhunt/status/1364903491559247874

lawsoncontractingco.com/feb/

# Reference: https://twitter.com/wwp96/status/1365401963974828033
# Reference: https://app.any.run/tasks/e54e94c6-88cd-48dd-928f-370b5f504725/

http://134.119.186.216

# Reference: https://twitter.com/malwrhunterteam/status/1365409338194620423

domen2domen.xyz

# Reference: https://www.virustotal.com/gui/file/913bcc1d12ea2bc1bcda2e597a309cbf5dc0b5ed120d0522e8b4dc6e6a4bc36f/detection

208.100.26.242:5658
52eva.top

# Reference: https://twitter.com/petrovic082/status/1365595109547507712

http://103.212.180.246

# Reference: https://www.virustotal.com/gui/file/559b4e5c518601cfad167c4097a54c4e19664f591828c316281c929f6933ea3e/detection

http://209.99.64.76

# Reference: https://twitter.com/petrovic082/status/1366304689839628288

graficamos.cl/spurs/

# Reference: https://twitter.com/wwp96/status/1366427647023144963
# Reference: https://app.any.run/tasks/dd0eaf44-a938-483a-9321-562dde3f5e6d/

http://144.202.41.66

# Reference: https://twitter.com/wwp96/status/1366431371904835587

landing.yetiapp.ec/ID3/

# Reference: https://twitter.com/wwp96/status/1366435448751607812

telmed.cl/Img/

# Reference: https://twitter.com/InQuest/status/1366607930263560203

markets.kintengra.com

# Reference: https://twitter.com/wwp96/status/1366840097719652359

hk-chemlab.com/plugin/

# Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection

dream.pics

# Reference: https://twitter.com/petrovic082/status/1367038533421195264

http://5.206.227.81

# Reference: https://www.virustotal.com/gui/domain/ns-plugin.site/relations

ns-plugin.site

# Reference: https://www.virustotal.com/gui/file/a39101be3baa880542bb0df63a7fec181abf8faa1f90070fe81e96ef07d9e205/detection

dvr-zone1.accesscam.org
reverse-zonev1.3utilities.com

# Reference: https://www.virustotal.com/gui/file/0114db489995c0362d5dfde14f62aee3a2610db147e72ac3c77b1bcc270ef5f5/detection

freefud.inf3rn0.com

# Reference: https://twitter.com/InQuest/status/1367241459225747464

docs.healthmade.org

# Reference: https://twitter.com/ViriBack/status/1367289094817128454

yertuit.club

# Reference: https://twitter.com/InQuest/status/1367380952482279425

10feeds.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1367397951237160964

http://195.123.219.72

# Reference: https://twitter.com/reecdeep/status/1367445802096984064

http://91.235.129.235

# Reference: https://twitter.com/pmmkowalczyk/status/1367509082349912064

jsw.co.id/system2/

# Reference: https://twitter.com/pmmkowalczyk/status/1367503173200543747

http://46.21.153.231

# Reference: https://twitter.com/FewAtoms/status/1367540093569945602

covid19vaccine.hopto.org

# Reference: https://www.virustotal.com/gui/file/a29b3da91b4ebfe9d0874b9b18e3f8b41cc33a79baf488b3255770e8fb4778b0/detection

f0439583.xsph.ru

# Reference: https://www.virustotal.com/gui/file/5f9956be22d0e2627be47340fc391d919bed1b319d5a0203a28423eb523bed1b/detection

f0492922.xsph.ru

# Reference: https://www.virustotal.com/gui/file/8484a7a2ead6abc20fae7bb2db2714fa0e9f5544dd1484e2774a472d4bae35e7/detection

f0429164.xsph.ru

# Reference: https://twitter.com/petrovic082/status/1368147317413584900

http://91.200.103.83

# Reference: https://twitter.com/petrovic082/status/1368148843645304835

http://46.21.153.231

# Reference: https://twitter.com/reecdeep/status/1367089557884272649

http://195.54.162.59

# Reference: https://www.virustotal.com/gui/domain/shalala.niex.cc/relations
# Reference: https://www.virustotal.com/gui/file/6668d533afe1260195b5caae022b47e9ae9e0f39646e9be080298f07729ba533/detection

shalala.niex.cc

# Reference: https://www.virustotal.com/gui/file/2fed583d8acb67f3ea8523379d5cd7ba6ec0f627fb373a0e1f41af680437c3b2/detection

bbrecords.niex.cc

# Reference: https://www.virustotal.com/gui/file/b71d86990c45dc4e7d8c62f931d0e247b563145f7498803a05b788ca412ee3de/detection

t0mvps.niex.cc

# Reference: https://www.virustotal.com/gui/file/34a18ae9d2aa24dd390b8f03a21acce66583e090ee91f7351240aa825924039f/detection

waresustems.com

# Reference: https://www.virustotal.com/gui/file/9cac4d7af506a1d90ed922ad72bec2353c51fdb8137c80e8cad13d155d5b5671/detection

exportdocs.biz

# Reference: https://www.virustotal.com/gui/file/e8d16e82fb23285e6c1ae22dc3a40b1a42d897f124b18983c8710cc8c689c7b6/detection

iaieqqo.review

# Reference: https://twitter.com/r3dbU7z/status/1368893677658124290

http://194.5.159.236

# Reference: https://www.virustotal.com/gui/file/45404167e89a4e85efb1b916509bc33e1d28347597051926fd18bbc33a1e350a/detection

http://185.153.199.102

# Reference: https://app.any.run/tasks/7cc67c66-3091-4dce-8487-c0eb4494baea/
# Reference: https://www.virustotal.com/gui/ip-address/188.127.254.61/relations
# Reference: https://www.virustotal.com/gui/domain/apemailer.us/relations

http://188.127.254.61
apemailer.us

# Reference: https://www.virustotal.com/gui/domain/moneygain.work/relations

moneygain.work

# Reference: https://twitter.com/James_inthe_box/status/1368936190523502597

hygroscopicprecious.com/universe/

# Reference: https://www.virustotal.com/gui/domain/gogorv.net/relations

gogorv.net

# Reference: https://twitter.com/Circuitous__/status/1368982200214052866
# Reference: https://www.virustotal.com/gui/file/8540a9063411b6ec84acf96272080eb539ab49df9159b879d98e7321344656c8/detection

gettraff.ru
qadedela.com
bonponon.com

# Reference: https://twitter.com/FewAtoms/status/1368989249832423432

dialectindulge.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369234426765471749

http://91.212.150.195

# Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281

yual.top

# Reference: https://twitter.com/wwp96/status/1369329418297094157

maiseficiencia.pt/who/

# Reference: https://twitter.com/wwp96/status/1369336755405590529

http://188.166.162.201

# Reference: https://twitter.com/wwp96/status/1369331837907140615

http://23.20.114.125

# Reference: https://twitter.com/p5yb34m/status/1369372927024594944

digitizedental.co.uk/apps/

# Reference: https://twitter.com/jstrosch/status/1369460970720989189
# Reference: https://app.any.run/tasks/4c84dfe9-fdc0-4a13-95d9-da2012fb2bbc/

aslambek.eu
edgethefoundation.com
osrsport.com
samsung-drivers.xyz
thehealthandwellbeingclub.com

# Reference: https://twitter.com/wwp96/status/1369450095889022983

http://95.214.235.237

# Reference: https://twitter.com/wwp96/status/1369682619571572741

modellgroups.net/js/

# Reference: https://twitter.com/pmmkowalczyk/status/1369746549593538574

http://192.3.152.166

# Reference: https://twitter.com/pmmkowalczyk/status/1369748045097820162

http://15.165.235.203

# Reference: https://www.virustotal.com/gui/file/481a1337d57ab58484b994d1ce328393d72450115d278680fe72ee55b619f190/detection
# Reference: https://www.virustotal.com/gui/file/5930d23ef2ea7ae8808d3b935e160f067316b690bae27d2b60d9c13078928462/detection
# Reference: https://www.virustotal.com/gui/file/efe60e5c5fe261c1df4aae53d334151445fe27ea2302d78306bc3b4750fee43f/detection

http://160.20.147.241

# Reference: https://www.virustotal.com/gui/file/a009bc840d74f5f7b450689e57aaba942cc8e474a4970f1d01ce38f3148163e5/detection
# Reference: https://www.virustotal.com/gui/ip-address/101.99.90.200/relations

1eaf.pw
1faf.pw
2efs.pw
2qua.pw
3kvm.pw
3uag.pw
4igk.pw
4jaa.pw
5aef.pw
5hhftrw.pw
5ofj.pw
6asg.pw
6nbmytr.pw
6ydj.pw
7dfj.pw
7wjg.pw
8eus.pw
8qyu.pw
8yyngf.pw
9awi.pw
9ytrhgf.pw
hhytew.pw
mouni11.xyz
note866.pw
note8876.pw
pytopm.pw

# Reference: https://www.virustotal.com/gui/file/56265c1e88f67141d18bfa504aa9ae6f236ff20ef2caf832aeb2a2f2d90e6b63/detection

cache.hjjse33.com
static.tweerwy.com
yzxjgr.com

# Reference: https://twitter.com/FewAtoms/status/1370046170005975043

supernova-hostdns.us

# Reference: https://www.virustotal.com/gui/domain/embrodownscience.su/detection
# Reference: https://www.virustotal.com/gui/file/07dc515aadbd1a62cc510b9e2eea6297ba626119648419f9fe8f410a50e2779b/detection

embrodownscience.su

# Reference: https://www.virustotal.com/gui/file/30f90c90c5bbfc6dce289c827a9abb79bc5681de6214b99a0b1713352cde2110/detection

cloud-reserve.info

# Reference: https://www.virustotal.com/gui/file/250d5bc5b5e13353b807c36324de664552d16189ec55b97adde5c73251a883a7/detection
# Reference: https://www.virustotal.com/gui/file/28a6826608ef18619c05ad28161993203c19ec0009a86399ca0b17680de9c6f1/detection

http://74.118.138.254

# Reference: https://twitter.com/wwp96/status/1370612166152323077

216.83.57.228:7979
guduo.ga

# Reference: https://twitter.com/nao_sec/status/1370665043906285570

pornohdmovie.com

# Reference: https://www.virustotal.com/gui/file/518f03c42bd9c51cda4f62f45e31d00e6903a0553fa684a85931d7b304639d99/detection

api.jwhss.com
update.jwhss.com

# Reference: https://twitter.com/r3dbU7z/status/1370839780678848514

http://5.102.153.140

# Reference: https://twitter.com/pmmkowalczyk/status/1370800929558118405

http://80.92.206.135

# Reference: https://www.virustotal.com/gui/ip-address/79.170.44.8/relations

http://79.170.44.8

# Reference: https://twitter.com/FewAtoms/status/1371094459476230151

lms.login2.in

# Reference: https://www.virustotal.com/gui/file/426b1d295991feb03744d5cd55219ad8f0333b5129b3e5d14e6aa74ff44a0a46/detection

psnm4n1.multiservers.com

# Reference: https://twitter.com/Circuitous__/status/1371528262934003716
# Reference: https://www.virustotal.com/gui/file/eacb9ecbd9fdbba1b27c48a03f7196c2d855cd6f46d49a5f667e14fac2699a33/detection

ggtraff.ru

# Reference: https://twitter.com/r3dbU7z/status/1371586139887386634

http://175.45.176.10

# Reference: https://twitter.com/wwp96/status/1371823839278211073

http://23.95.122.47

# Reference: https://twitter.com/pmmkowalczyk/status/1371918253874933760

mamax.tk

# Reference: https://www.virustotal.com/gui/file/84854be4ee8490d0496cb37b2adf670af9ae6ee388a0e7e0e709d54a99127bf0/detection

jenergy.tw

# Reference: https://twitter.com/reecdeep/status/1372177891564347394

http://198.23.174.104

# Reference: https://twitter.com/InQuest/status/1372266749761101830

http://107.175.1.172

# Reference: https://twitter.com/InQuest/status/1372444606231687169

service-7pxel2bo-1304343953.gz.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/f85fbb731863de50e90906c29c3e6497cf049aa0b500f43ea4a22af10d321ef9/detection

http://198.23.207.46

# Reference: https://twitter.com/pmmkowalczyk/status/1372900492918018056

http://198.46.201.76

# Reference: https://app.any.run/tasks/7168f23b-c1f1-40fa-8dea-132020b2bc17/

http://195.181.240.2

# Reference: https://twitter.com/FewAtoms/status/1372604516609224708

eurex.ps

# Reference: https://twitter.com/fr0s7_/status/1373404924105666561

http://139.162.156.129

# Reference: https://twitter.com/InQuest/status/1373513106635231232

http://95.181.164.43

# Reference: https://twitter.com/FewAtoms/status/1373646415847641091

towme.services

# Reference: https://twitter.com/JAMESWT_MHT/status/1373876583065391105

frtyhyyttrtrreee.xyz

# Reference: https://twitter.com/wwp96/status/1374082815902507011

roshan.academy/ImE/

# Reference: https://twitter.com/wwp96/status/1374083446121893891

tridayacipta.com/images/

# Reference: https://blog.netlab.360.com/microsoft-exchange-vulnerability-cve-2021-26855-scan-analysis-3/
# Reference: https://www.virustotal.com/gui/file/5baa2022391d6339bcf49c28b85cc75373c9492d8b4a85796255e854e9dbe1a9/detection

http://178.62.226.184

# Reference: https://twitter.com/xuy1202/status/1374694429911523333
# Reference: https://twitter.com/xuy1202/status/1377880725395939328
# Reference: https://www.virustotal.com/gui/file/764248595c14a9d1559aa5ef5b904f69affb345b702a32a9b76f05811838cd42/detection

http://51.158.24.25

# Reference: https://twitter.com/Finch39487976/status/1375414044706869251
# Reference: https://app.any.run/tasks/48cad164-704d-459b-ae32-6be7365a23bd/

http://54.211.166.69

# Reference: https://twitter.com/Finch39487976/status/1375418869280612353
# Reference: https://app.any.run/tasks/70e46132-fee5-450d-85eb-98c73828c002/

http://13.56.11.148

# Reference: https://twitter.com/FewAtoms/status/1374431632699002884

travelwadi.com

# Reference: https://twitter.com/wwp96/status/1374523517593550862

http://54.253.194.14

# Reference: https://twitter.com/wwp96/status/1376544197847711746

http://193.164.7.118

# Reference: https://twitter.com/InQuest/status/1376921178980376577

http://13.234.19.200

# Reference: https://twitter.com/InQuest/status/1377118039221489671

http://168.138.137.235

# Reference: https://twitter.com/wwp96/status/1377648526306459651

http://141.105.65.94

# Reference: https://twitter.com/FewAtoms/status/1377652225661562881

ioabc.wif.com.br

# Reference: https://twitter.com/Helen03113766/status/1377437061884608518

45.125.56.80:81

# Reference: https://twitter.com/wwp96/status/1377648191198351367

http://198.23.251.121

# Reference: https://twitter.com/ShadowChasing1/status/1377912675867394049

londonkids.in/echoolz/assets/css/front/

# Reference: https://www.virustotal.com/gui/ip-address/85.10.254.98/relations

http://85.10.254.98

# Reference: https://twitter.com/fr0s7_/status/1377994875426193413
# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.225/relations
# Reference: https://www.virustotal.com/gui/file/8fdbf5d103b20082f4cb62d8e9f20149278a8729d69352825b1147156d153a8c/detection
# Reference: https://www.virustotal.com/gui/file/be60617a580845169a1588f46ea44bcb323aea2d0825471a5f531690f1af99dc/detection

dreshiguard.com
pikantojuice.com

# Reference: https://www.virustotal.com/gui/domain/sediliny.info/detection

sediliny.info

# Reference: https://twitter.com/r3dbU7z/status/1379302191148720130

nicelister.net

# Reference: https://www.virustotal.com/gui/ip-address/194.37.97.172/relations

http://194.37.97.172

# Reference: https://twitter.com/FewAtoms/status/1379479833470713870

investigation-bureau.com/cry/

# Reference: https://twitter.com/jstrosch/status/1379797439125725188

solarparkcleaning.co.uk/js/

# Reference: https://twitter.com/jstrosch/status/1379801245741801480

loadbytes.tn

# Reference: https://twitter.com/FewAtoms/status/1379865782847438849

khmerosja.net/wp-check/

# Reference: https://twitter.com/jorgemieres/status/1379811433530150914

work-desk.aysinturpoglucelik.com

# Reference: https://twitter.com/jstrosch/status/1379994923286466565
# Reference: https://www.virustotal.com/gui/domain/greataccesstoserver.com/detection

greataccesstoserver.com

# Reference: https://tria.ge/210408-9h7wsybb7e

http://23.95.122.24

# Reference: https://twitter.com/ps66uk/status/1379822498880106499

http://193.142.146.25

# Reference: https://www.virustotal.com/gui/file/b68f7a0dde3eb7ed27495775c905006ab97deaca14ed50d645695ef6bbb3beef/detection
# Reference: https://www.virustotal.com/gui/file/daaff25db167319205da44fc2fea86f248b364a964e327b7a7b3a51a8c2f2706/detection

el-muchachos14.com
labsclub.com
teter.info

# Reference: https://twitter.com/jorgemieres/status/1380172488148140033

http://65.0.168.152

# Reference: https://www.virustotal.com/gui/file/192f2b24417da60d8d7d44bed6d1b025412e3b60fbce63b6566d4988bd3eb41e/detection

siwirnes.top

# Reference: https://twitter.com/FewAtoms/status/1380228295220953092

pazpus.com

# Reference: https://www.virustotal.com/gui/file/5586f246927b7919970e70167c06dc30bc8bff1aaaf129f1462e5ced0e4fa666/detection

funny-sell.tk

# Reference: https://www.virustotal.com/gui/file/3ca73186b0be18c4514061b5e5b2f8ffb2078d5613a5ee605589556cb092ca44/detection

tboy4real.tk

# Reference: https://www.virustotal.com/gui/domain/officesharefile.online/detection
# Reference: https://app.any.run/tasks/6bf48fb9-cd69-4153-8975-7a945972d59d/

officesharefile.online

# Reference: https://twitter.com/reecdeep/status/1380479709016948740

http://45.134.225.191

# Reference: https://twitter.com/TeamDreier/status/1380504862044082177

sogecoenergy.com/ol/

# Reference: https://www.virustotal.com/gui/file/791cd98386ab2342e846c58e711748bbb345e3dc36bc8ca8f39f6fc0ddae1507/detection
# Reference: https://www.virustotal.com/gui/file/483a1f54011dbe1635f0a6eaf8129c8b77557137ca640c494ddb97b138f03555/detection

msnunion.com
tyl123.cn

# Reference: https://twitter.com/FewAtoms/status/1380929258181263370

http://34.126.93.163

# Reference: https://twitter.com/FewAtoms/status/1381254863946973185

216.83.57.208:7979

# Reference: https://www.virustotal.com/gui/file/05d38ac5460418b0aa813fc8c582ee5be42be192de10d188332901157c54287c/detection

http://23.92.213.108

# Reference: https://www.virustotal.com/gui/domain/up.harajgulf.com/relations

up.harajgulf.com

# Reference: https://twitter.com/r3dbU7z/status/1381517028817825795
# Reference: https://www.virustotal.com/gui/url/026ec2ee22c5b8a04806a13701238e971565cd80d9ca10a0be85c80f4222fa9e/details

http://39.107.141.48

# Reference: https://twitter.com/fr0s7_/status/1381581992236552194
# Reference: https://www.virustotal.com/gui/file/3770e4df4fcc545d5107f43db58e1819a4609e55cc5103ac7973f6987e288431/detection

channel.sulekca.com

# Reference: https://twitter.com/FewAtoms/status/1381662701458456579

http://3.82.54.111

# Reference: https://twitter.com/ANeilan/status/1381973168731082752

joinclubhousepc.com

# Reference: https://twitter.com/FewAtoms/status/1381990355831230468

http://45.77.9.151

# Reference: https://twitter.com/FewAtoms/status/1382040219944419330

http://23.95.122.25

# Reference: https://twitter.com/r3dbU7z/status/1382237585586724867

http://54.212.20.151

# Reference: https://twitter.com/InQuest/status/1382213665181556738

http://107.173.219.80

# Reference: https://twitter.com/jstrosch/status/1382181770548760580

http://172.245.45.28

# Reference: https://www.virustotal.com/gui/file/29230c04b677b8f77e1d6bbb2f91ace810200ef376a9944b0390add92695f0ee/detection

8.142.58.112:777

# Reference: https://twitter.com/ps66uk/status/1382274063658258440

http://178.17.171.144

# Reference: https://www.virustotal.com/gui/file/7c8cf1e3ec35a6f604699f6481f3463e9ae19c93b8efd861b914c8260304d314/detection

4host.publicvm.com/api/cscript

# Reference: https://www.virustotal.com/gui/file/18f64293b812ba5aac625afc9ad734bb8f024831f310db422c68bced7149e3d6/detection

202.107.193.243:8899
202.107.193.245:9528

# Reference: https://twitter.com/jorgemieres/status/1382418405790208000

http://45.15.143.191

# Reference: https://www.virustotal.com/gui/file/4d072fa8e79d41ce3a27c7a8815cef92be52af61e5326f956ad8adaf4b7ebf6f/detection

http://185.20.185.59
http://80.92.204.19

# Reference: https://www.virustotal.com/gui/file/7b167ccd1690fc404cfb513ee00c39f968183d93d08c22f4d7c58fb1f3b4607d/detection

http://45.15.143.191

# Reference: https://www.virustotal.com/gui/file/800371d8be5bcfb345c06c988c8734749549dc1f09d680639067478386c42f29/detection

aretywer.xyz
d0wnl0ads.online
hacking101.net
mytoolsprivacy.site

# Reference: https://www.virustotal.com/gui/domain/ekkggr3.com/relations

ekkggr3.com

# Reference: https://www.virustotal.com/gui/file/5fceec9f222e808dcb49156ddf40fd0f6bdbe5a3c2640ab1e7cda3f83d634e1d/detection

http://188.93.233.59
prooffers2021.website
wertuest.xyz

# Reference: https://twitter.com/sS55752750/status/1382683900355481606
# Reference: https://www.virustotal.com/gui/file/719211e8563cf31595583c892efbfb027e2f54b47ed813fc31963ec51de17191/detection

116.204.171.211:8000
216.118.225.86:7231
58.221.58.222:88
vvage.com

# Reference: https://twitter.com/InQuest/status/1382892951093850112

files-quotecheck.xyz

# Reference: https://twitter.com/r3dbU7z/status/1382937649053372417

frostycitadel.xyz

# Reference: https://twitter.com/InQuest/status/1384149565587148809

user-privacy-center.com

# Reference: https://www.virustotal.com/gui/domain/zytrox.tk/relations

zytrox.tk

# Reference: https://twitter.com/fr0s7_/status/1384822059801395200

http://192.3.26.118

# Reference: https://twitter.com/malwrhunterteam/status/1384859846823055366

http://121.5.160.231

# Reference: https://twitter.com/olihough86/status/1384438320902688768

ehs.co.zw/veron/

# Reference: https://twitter.com/MBThreatIntel/status/1384959606414323722

house118.ir/benito/

# Reference: https://twitter.com/jstrosch/status/1385075429090881537

yarpa.lt

# Reference: https://twitter.com/jstrosch/status/1385079891444387852

quickbooks.thormobilemanagement.com

# Reference: https://twitter.com/InQuest/status/1385288396235550721

armyscheme.sytes.net

# Reference: https://www.virustotal.com/gui/file/8353b59b3461307224e06d006f8c5f5526c5827345bc8771f240c923d661b825/detection

8pines.com

# Reference: https://www.virustotal.com/gui/file/3ed8f6b0602f48e61fff27383480d49a6a4a2646fed9859b4e98b4f0d41176ec/detection
# Reference: https://www.virustotal.com/gui/file/b2a57daff9ec815df6862f028d0f915812f94b7257d23bbba249a9dbb87247a6/detection
# Reference: https://www.virustotal.com/gui/file/babd9e7325f8ef744460df079f3f6046ca2c5c2cd07c38abc57dcab447d05cb8/detection

x4z9arb.cn

# Reference: https://www.virustotal.com/gui/domain/cyberx2013.no-ip.org/detection

cyberx2013.no-ip.org

# Reference: https://twitter.com/InQuest/status/1385579880612515848

lidamtour.com/masivo/

# Reference: https://twitter.com/wwp96/status/1385597373905137666

http://107.172.130.145

# Reference: https://twitter.com/TheDFIRReport/status/1384282544695177221

http://192.210.163.201

# Reference: https://twitter.com/petrovic082/status/1386632406245982210

windowcafe.biz/momo/

# Reference: https://twitter.com/petrovic082/status/1386657143126994949

theportcitynews.com/vc/

# Reference: https://twitter.com/petrovic082/status/1386693270659551235

pressivoire.com/tests/

# Reference: https://twitter.com/dimitribest/status/1386750996597166084

temp.lanka.com.uy

# Reference: https://www.virustotal.com/gui/file/e62d5d03c66c9d4bfef592850e8e0589d3fe4bf81b582627d53fd9666eab4499/detection

dekhan.info

# Reference: https://twitter.com/jorgemieres/status/1387050353191911435

http://192.227.228.85

# Reference: https://twitter.com/FewAtoms/status/1387093531668459521

http://159.69.142.67

# Reference: https://twitter.com/ReBensk/status/1387298655028146183
# Reference: https://twitter.com/ReBensk/status/1387306767202209792
# Reference: https://www.virustotal.com/gui/file/34bec3b2747ed7531993c73f04968c56e79f05f3b26b91cad256c9bbd5cf1beb/detection

bitcoingen.store

# Reference: https://twitter.com/petrovic082/status/1387331622811443205

http://198.23.207.82

# Reference: https://twitter.com/petrovic082/status/1387332418894434304

http://185.63.189.50

# Reference: https://twitter.com/petrovic082/status/1387405545494171649

arcencieldeco.com.tn/admin/

# Reference: https://twitter.com/InQuest/status/1387443172448645120

http://107.173.191.48

# Reference: https://www.virustotal.com/gui/file/f23c26eb4c2ae048c113f2405b1fb91e04dc74b73a572df60b1b95d3ca1ccb57/detection

jajoyeninigerialimited.com

# Reference: https://www.virustotal.com/gui/file/e0bec90953771bef51cee8a33c728adf712a29d827264bdf9d14ca3e8a51329d/detection

sjgue.com

# Reference: https://www.virustotal.com/gui/file/5982816b4d99252efb5efd18b01e890da58a3e0cbd29b911c749315070cfe278/detection

alkhashen.com
depisce.com

# Reference: https://twitter.com/FewAtoms/status/1387445813404741635

firas.alifares.org

# Reference: https://twitter.com/FewAtoms/status/1387476103850250246

http://40.117.139.198

# Reference: https://twitter.com/petrovic082/status/1387492851110514692

monnimonitorcloudfiles.mangospot.net

# Reference: https://www.virustotal.com/gui/file/3afac9ffd706efde8a68fbe78653b97fa5b5f2d815e00e05a4dd26cc3ceb9d64/detection

scaladevelopments.scaladevco.com

# Reference: https://twitter.com/InQuest/status/1387630316345561092

nta.hopto.org

# Reference: https://twitter.com/petrovic082/status/1387737072052711427

exoticafurniture.com.np

# Reference: https://twitter.com/petrovic082/status/1387735021730115593

swissprocesstointernail.mangospot.net

# Reference: https://twitter.com/petrovic082/status/1387761020983136257

fpctool.xyz

# Reference: https://twitter.com/jorgemieres/status/1387766567178493962

http://107.173.191.48

# Reference: https://www.virustotal.com/gui/file/c38063f954b8073f8f432599552612668b1f4657521a2e384e6c9c29a03d3579/detection

http://157.55.173.72

# Reference: https://twitter.com/xuy1202/status/1388153194644074505

lexusbiscuit.com/cgi-bn/

# Reference: https://twitter.com/petrovic082/status/1388181844949078021

http://198.46.132.163

# Reference: https://twitter.com/petrovic082/status/1388181339745263617

arcencieldeco.com.tn/admin/

# Reference: https://twitter.com/petrovic082/status/1388180784448688132

ecomtrader.com/wp-includes/

# Reference: https://www.virustotal.com/gui/file/1057445e544bf78e5995a15bf36c7dca71b4310c05df784c9c0bebc468f094d1/detection
# Reference: https://www.virustotal.com/gui/file/39c647277a5c66496efaa54879a7d83aeeecb96b0dc185a676150c27ddd21a3c/detection

zola.store

# Reference: https://app.any.run/tasks/f2034ead-e587-4eac-a992-9a59409ab127/
# Reference: https://www.virustotal.com/gui/file/4622e0560aaa02a43009773a1c42f8017cae6b63f0f7950b358c22d46c757e1c/detection

nyc002.hawkhost.com

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt
# Reference: https://www.virustotal.com/gui/domain/kimorazcinfolap.com/detection

kimorazcinfolap.com

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

ddoser2.ohost.de

# Reference: https://www.virustotal.com/gui/domain/korrrrrrnnnnqlmdzhnz.edns.biz/relations

korrrrrrnnnnqlmdzhnz.edns.biz

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

crucifixbotnet.servegame.com
grabber.vv.si

# Reference: https://www.virustotal.com/gui/domain/hitlerloco.xtrweb.com/relations

hitlerloco.xtrweb.com

# Reference: https://www.virustotal.com/gui/file/dbc996923312dc1ce38e6c5ed65cd79bc08b82a80b7ee8fa87f54940af27a3da/detection

ddosit.us

# Reference: https://www.virustotal.com/gui/file/a49f23aac652d63d1529338a12b3ba424d0b4eab637af8ffa7d9e557fb441a37/detection

http://5.61.35.129

# Reference: https://twitter.com/TheDFIRReport/status/1389181495898693633

http://172.82.179.170

# Reference: https://twitter.com/InQuest/status/1389204746414796800

will.kasraz.com

# Reference: https://twitter.com/ShadowChasing1/status/1389371024668463105

Servidorprueba.forensict.repl.co

# Reference: https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html
# Reference: https://www.virustotal.com/gui/domain/adobe-air.com/relations

adobe-air.com

# Reference: https://twitter.com/FewAtoms/status/1389222584030437379

cando--china.net

# Reference: https://www.virustotal.com/gui/file/145c59fb52e782845dea2a90ad13d1484f6e9e1f8659fae1cd44ffc46255e4b5/detection

ierinapu.xyz
riftrebirth.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/802111bc7cf96b0c67c6925337aa4ef7f9ce28852f376909c4a56373cb6200ea/detection

hhtool.ddns.net

# Reference: https://twitter.com/Circuitous__/status/1389640638107471880

crophysi.ru
gimoguvi.ru

# Reference: https://twitter.com/InQuest/status/1389685307612729344

evamari.gr/eim/

# Reference: https://twitter.com/jfslowik/status/1387535189165838336
# Reference: https://twitter.com/ESETresearch/status/1388225090744164356

anydesk.s3-us-west-1.amazonaws.com
anydeskstat.com
zoomstatistic.com
clamspit.com
domohop.com
zgnuo.com

# Reference: https://twitter.com/James_inthe_box/status/1389927787495002118

madagascar-green-island-discovery.com/Img/

# Reference: https://twitter.com/malwrhunterteam/status/1390210483676921858
# Reference: https://twitter.com/ffforward/status/1390217998187773954

secure3d-update.com

# Reference: https://twitter.com/petrovic082/status/1390277301196238849

worldhealthday.esiloc.com/doc/

# Reference: https://twitter.com/jorgemieres/status/1390304120104390658

http://45.138.157.144

# Reference: https://twitter.com/executemalware/status/1390331263043739648
# Reference: https://pastebin.com/PLCTxpAT

http://192.119.171.206

# Reference: https://twitter.com/malware_traffic/status/1390373738084982786

http://54.185.172.76

# Reference: https://twitter.com/petrovic082/status/1390586216802889731

farm-finn.com/admin/

# Reference: https://twitter.com/petrovic082/status/1390589091503353857

47.104.153.31:7088

# Reference: https://www.virustotal.com/gui/domain/limesfile.com/relations

limesfile.com

# Reference: https://www.virustotal.com/gui/domain/global-sc-ltd.com/detection

global-sc-ltd.com

# Reference: https://www.virustotal.com/gui/domain/post-back-url.com/relations

post-back-url.com

# Reference: https://www.virustotal.com/gui/file/51929c3ab26fb6ad702929f577ff118dbe2b7f37d054740cc5697a278b01d125/detection

getmyinfodistribute.me
pretendwag.info
integral.hacking101.net

# Reference: https://www.virustotal.com/gui/file/14e7fdec6624ba60bfee6bf686060db46ad0052075664935fe69be63fb3ab467/detection

1eaf.pw

# Reference: https://www.virustotal.com/gui/file/6cae92665b23b4bccccd25fad925b745ad83e700b1775a6cabae079b5741accd/detection

uaalgee33.com

# Reference: https://www.virustotal.com/gui/domain/static.tweerwy.com/detection

tweerwy.com
static.tweerwy.com

# Reference: https://www.virustotal.com/gui/file/a204a5703b2b783d6d70f05704cf0c750d0c3d18c8501fde4de61984a5161f97/detection

zandogia.com

# Reference: https://twitter.com/K_N1kolenko/status/1391273433221279746

194.36.171.43:6969

# Reference: https://www.virustotal.com/gui/file/5f66d7ed7f8a35d92d53e0fc82c3f01c37cfc108d3f5da1a0016430c77e23303/detection

coursebro.pw
downkzvideo1.xyz
imaginepic.xyz

# Reference: https://www.virustotal.com/gui/domain/downkzvideo2.xyz/detection

downkzvideo2.xyz

# Reference: https://www.virustotal.com/gui/file/16bb9009629972f1ae07205be70309c381ef43e7ed7bbe786f9a3cf8ef45d85a/detection

http://112.64.218.40
http://140.206.225.232
http://47.92.39.6

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

sportucc.com
yufjgg.com
kkjgg.yufjgg.com

# Reference: https://www.virustotal.com/gui/file/74f184e51ece45c56e58a55f7c5c97286bac05db2c39842924af0c6d2593e71e/detection

kupijeftino.rs/s/

# Reference: https://www.virustotal.com/gui/domain/rainbirds.ac.ug/detection

rainbirds.ac.ug

# Reference: https://www.virustotal.com/gui/file/1be388f74d98754a616ec3265cf9dc7cf94383759fc0ed88eeff1267ad4efa16/detection

jpnnybacj.ug
myhostiger.ug
ventillos.ug
vjvcnbhscv.ru

# Reference: https://www.threatweb.com/access/Malware-URLs-High_Confidence_BL.txt
# Reference: https://www.virustotal.com/gui/domain/lookdesign.club/relations

lookdesign.club

# Reference: https://www.virustotal.com/gui/file/e4ed9fe31c2b19bafff204e41af9f99afafcfa0aca8c07ecdc840e5c92f4b10d/detection

lookdesign.best

# Reference: https://www.threatweb.com/access/Malware-URLs-High_Confidence_BL.txt

api-246.org

# Reference: https://www.virustotal.com/gui/file/c68fb88bcb80085c910d55c1314d43e60890d0769b9b17589cc21ff93d2b87aa/detection

navltas.me

# Reference: https://twitter.com/MBThreatIntel/status/1391798716399562758

http://31.210.20.6

# Reference: https://www.virustotal.com/gui/file/017d66a7e703fe76a2c02e4df9d88633eab4fcef0f678b8e596720df0099eb20/detection

occurrent-fatigues.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/b296aaa167b19184295abc6bb32378cee4cba81a8c089ea46d6bc8eed7502e4c/detection

cloudstroageofofficedocumenttransfer.mangospot.net

# Reference: https://twitter.com/petrovic082/status/1392041842158575619

http://192.3.22.5

# Reference: https://twitter.com/petrovic082/status/1392041345263538177

http://91.218.113.67

# Reference: https://twitter.com/petrovic082/status/1392486409978662912

nyc008.hawkhost.com

# Reference: https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html
# Reference: https://otx.alienvault.com/pulse/609c0ee81a709f9d805ce108

http://185.117.119.87

# Reference: https://twitter.com/James_inthe_box/status/1392839902593634313

seychelless.ml

# Reference: https://twitter.com/ShadowChasing1/status/1392991935443324928
# Reference: https://twitter.com/ShadowChasing1/status/1392991937502728192

facextrade.com.br/wp-imcludes/
facextrade.com.br/z.mp3
facextrade.com.br/0C.txt
facextrade.com.br/0A.txt
facextrade.com.br/0B.txt

# Reference: https://www.virustotal.com/gui/domain/u11035265mw.ha004.t.justns.ru/relations

u11035265mw.ha004.t.justns.ru

# Reference: https://www.virustotal.com/gui/file/dbfc0f6a14532b867334b38aa4789fe1da4267c72955f89e00811392df0bd42a/detection

http://178.47.141.153

# Reference: https://twitter.com/_jnzer0/status/1393134068091457538

quickbooks.thormobilemanagement.com

# Reference: https://www.virustotal.com/gui/file/7c18130345c95d1cd852af2bbf0fad2d72d4097725dbd334f1d0ab66720c43c6/detection

http://179.43.140.185

# Reference: https://twitter.com/FewAtoms/status/1393241964334698497

http://3.36.53.50

# Reference: https://twitter.com/ShadowChasing1/status/1393478997829324800

ikiranastore.com/images/files/ist/doc/

# Reference: https://www.virustotal.com/gui/ip-address/194.5.249.84/relations
# Reference: https://www.virustotal.com/gui/file/ec78fea23781fa418517d0f7772f8658889f6f6cd8026821c5c835ad82415480/detection

ddm1.ru
ddm2.ru
ddm3.ru
ijb1.ru
ijb2.ru
ijb3.ru
nlemmy.ru
nlenny.ru
nlenny1.ru
ruz2.ru

# Reference: https://twitter.com/MaelSecurity/status/1393868340121280512

datenbank.mobi

# Reference: https://twitter.com/jorgemieres/status/1394377578857877505

http://94.26.248.58

# Reference: https://twitter.com/jorgemieres/status/1394662863940292612

www-visaprepaid-verification.duckdns.org

# Reference: https://twitter.com/FewAtoms/status/1394723737166045187

oauth-gateway.com

# Reference: https://www.virustotal.com/gui/domain/lax007.hawkhost.com/relations

lax007.hawkhost.com

# Reference: https://www.virustotal.com/gui/file/d989f29a71e4537d7e7376c0612ff8bc28aa1db949493512a2f5e50bca4975b8/detection

scrypto.store

# Reference: https://twitter.com/Circuitous__/status/1395759480462249984

http://103.156.91.50

# Reference: https://twitter.com/petrovic082/status/1396798551838109702

http://54.179.110.114

# Reference: https://twitter.com/petrovic082/status/1396798934065025025

http://172.245.79.122

# Reference: https://twitter.com/FewAtoms/status/1396436948940693506

elmerfloyd.com/ru/

# Reference: https://twitter.com/InQuest/status/1396851520843436037

http://192.3.122.177

# Reference: https://www.virustotal.com/gui/file/53b7637945616f51b0ffa4de5c35685b87b2039473ebc4f69a1fb581c6236d19/detection

http://188.244.63.241

# Reference: https://twitter.com/FewAtoms/status/1397258383837835270

http://45.133.1.53

# Reference: https://twitter.com/dark0pcodes/status/1397937746992320521

http://176.57.68.60

# Reference: https://www.virustotal.com/gui/domain/umber-mistrials.000webhostapp.com/detection

umber-mistrials.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/40cf12da9f451816254ab4fcad6b987596b1696b23ae3b50f0d65e5982841947/detection

versuspa.host

# Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection

download-serv-314432.xyz

# Reference: https://www.virustotal.com/gui/ip-address/2.56.154.227/relations

http://2.56.154.227

# Reference: https://www.virustotal.com/gui/file/269191362c407df28b23e56b6a68758cb112f9bb7582e064e7f7e5a41367c710/detection

http://212.192.241.136
bandshoo.info

# Reference: https://www.virustotal.com/gui/domain/bryexhsg.xyz/relations

bryexhsg.xyz

# Reference: https://www.virustotal.com/gui/domain/sandokan66.no-ip.info/detection

sandokan66.no-ip.info

# Reference: https://twitter.com/fr0s7_/status/1399060365460312069
# Reference: https://app.any.run/tasks/45342b20-2471-49e7-953f-09d27e1a3169/

chajoh92.dreamhosters.com

# Reference: https://twitter.com/InQuest/status/1399223226459426816

http://103.133.106.72

# Reference: https://www.virustotal.com/gui/file/a47861eb94370a48bc6b4d99117b88c991fb199e300bd0cc24aa812c0ea2b3cb/detection

http://46.21.153.209

# Reference: https://twitter.com/InQuest/status/1399336733817384961

http://79.110.52.186

# Reference: https://twitter.com/ShadowChasing1/status/1399641815737716744
# Reference: https://www.virustotal.com/gui/file/33bb84af45d19fc1240892df44ee58146ac395674c41d6402fd42219e47a4b67/detection

cs1j.com

# Reference: https://twitter.com/tosscoinwitcher/status/1399800310365704193

http://95.142.39.142

# Reference: https://twitter.com/InQuest/status/1399757603589210115

http://37.120.206.70

# Reference: https://twitter.com/FewAtoms/status/1399780057451843586

http://13.212.176.2

# Reference: https://twitter.com/ActorExpose/status/1399859014197035011

iqbuddys.com

# Reference: https://twitter.com/James_inthe_box/status/1400097345539166211

http://149.28.255.25

# Reference: https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/
# Reference: https://otx.alienvault.com/pulse/60b8a178a6e813e88be3181b

http://191.252.219.71

# Reference: https://www.virustotal.com/gui/file/319dbb7e2f87b527ad4eba361a14fff5488105c39c04895eafc24399c62698fd/detection

83.166.247.185:443

# Reference: https://twitter.com/reecdeep/status/1400481387258552326

http://5.181.80.126

# Reference: https://twitter.com/FewAtoms/status/1400875352034009093

http://23.95.122.53

# Reference: https://twitter.com/FewAtoms/status/1400894965413298185

http://54.199.172.253

# Reference: https://twitter.com/InQuest/status/1401752373362561029

http://103.140.251.225

# Reference: https://twitter.com/InQuest/status/1401811163847999488

http://172.245.119.81

# Reference: https://twitter.com/jorgemieres/status/1401914199337484293

http://3.36.53.56

# Reference: https://twitter.com/InQuest/status/1402491028783915009

kabaka.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1402528954263670784

help-service.support

# Reference: https://www.virustotal.com/gui/file/a6a1b66e1d7d31bfa37a6a591b30469b71c25a431096a9fc60bd072d7e9b1889/detection

http://185.215.113.57

# Reference: https://www.virustotal.com/gui/file/d9f7cafec1b6f3d60c478035d5d24cd93ffe8732c2fc8495dd88c7786014444a/detection

http://146.0.77.92

# Reference: https://twitter.com/malwrhunterteam/status/1403356371966435335

http://154.212.112.90

# Reference: https://twitter.com/r3dbU7z/status/1403399105142009864
# Reference: https://www.virustotal.com/gui/domain/rootkitsys.duckdns.org/relations

rootkitsys.duckdns.org

# Reference: https://twitter.com/bbeyzaasahinn/status/1403065333389406208

http://103.125.191.125

# Reference: https://www.virustotal.com/gui/file/288b416cd72d953a85995bf4abfec1487483362fd06270326e46f53a29cd8357/detection

xxcss.mooo.com

# Reference: https://twitter.com/FewAtoms/status/1404085512663617540

http://136.144.41.133

# Reference: https://twitter.com/reecdeep/status/1404695309599580161
# Reference: https://app.any.run/tasks/9bff6553-ceb7-40fe-abc7-d7da5cc2c895/

http://107.173.219.35

# Reference: https://www.virustotal.com/gui/file/a5101c0cb5d2e776785489f46d08e3c7e0f40004f5bbf872f03a2953360be6ee/detection

http://158.247.226.251

# Reference: https://twitter.com/FewAtoms/status/1404521303684616205

cor-tips.com

# Reference: https://www.virustotal.com/gui/domain/uaalgee33.com/relations

uaalgee33.com

# Reference: https://www.virustotal.com/gui/file/23ddb2789f556f68703104ef775449b74ab121e10f3c491253250f4ea3228e0a/detection

1oivviovidwopopin.info
samegresites.live

# Reference: https://twitter.com/alex_lanstein/status/1404809014370881540

http://1.14.61.188

# Reference: https://twitter.com/alex_lanstein/status/1404888867635933188

http://198.12.107.38

# Reference: https://www.virustotal.com/gui/file/789e58502db7458fefcde8f8f920dfbf9299461146828ddba1b57d191b07e9c9/detection

http://176.111.174.89

# Reference: https://twitter.com/1ZRR4H/status/1405640356478259201

http://188.119.113.80

# Reference: https://twitter.com/FewAtoms/status/1405608473304383497

http://136.144.41.133

# Reference: https://twitter.com/FewAtoms/status/1405605102715654149

http://195.133.40.148

# Reference: https://twitter.com/FewAtoms/status/1405938115878047750

expotuxpan.com/ERqIdpqqhZTTVzgn/

# Reference: https://twitter.com/petrovic082/status/1404722427259719682

http://122.114.198.100

# Reference: https://twitter.com/petrovic082/status/1404723335188070401

http://103.155.82.236

# Reference: https://twitter.com/petrovic082/status/1404722924452524036

http://146.70.20.207

# Reference: https://twitter.com/petrovic082/status/1404724234111365124

http://107.173.219.35

# Reference: https://www.virustotal.com/gui/file/2fceade07a4a28f5da6cfefb7117f7094d872b9f4ef713feb84f82525fcb15bb/detection

http://146.0.72.84

# Reference: https://www.virustotal.com/gui/file/782d45c66a3e812bf2a92337b7f6e3475eeec76f71b77d950ed92aff42fdaf87/detection

practiceartist.com

# Reference: https://www.virustotal.com/gui/file/4d5eefab900c634a2e481693be52b62aa195ffcd30952f010b7f9a1e6f024218/detection

taylorddos.no-ip.info

# Reference: https://twitter.com/ActorExpose/status/1406664112243982336

gdrfa.online

# Reference: https://twitter.com/FewAtoms/status/1406967672110305280

wh890850.ispot.cc

# Reference: https://twitter.com/petrovic082/status/1406971631784824836

http://192.3.141.146

# Reference: https://twitter.com/petrovic082/status/1406975300274114562

http://3.112.233.112

# Reference: https://www.virustotal.com/gui/file/bf9693d652143154404e9038f1648d9322b6e324387a0bc516b644e5c113a857/detection

6kf.me

# Reference: https://twitter.com/petrovic082/status/1407102524478431233

broadtechnomat.in

# Reference: https://www.virustotal.com/gui/file/68aab4d5d6d862bbf77cf836e80ea486a14ae11bc32cec46291a32834dd15045/detection

http://136.144.41.152
http://185.20.227.194
beginnis.info

# Reference: https://twitter.com/InQuest/status/1407817820679847937

updatewin32.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1408064073963429900

http://52.142.42.230

# Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection

http://185.212.129.54

# Reference: https://www.virustotal.com/gui/file/dcf436f1a886d5e07fb6029c2c2a0a87cc43b70626d4a35acadf975e08a9c55b/detection

apiinformationsec.com
cloudcontentsmak.com
cloudnetwork.kz
contentmakersbyakamai.ru
jsapisettings.kz
jsc0nten1maker.com
securetopdevelopment.kz
supermicrotransapi.ru
js.securetopdevelopment.kz
mel.cloudcontentsmak.com
nicru.supermicrotransapi.ru
noone.contentmakersbyakamai.ru
secure.jsc0nten1maker.com
tel.jsapisettings.kz
smart.cloudnetwork.kz
static.apiinformationsec.com

# Reference: https://twitter.com/FewAtoms/status/1408142253722308608

vivazenergia.com.br/img/

# Reference: https://www.virustotal.com/gui/domain/s7flyradar.com/detection

s7flyradar.com

# Reference: https://twitter.com/FewAtoms/status/1408479849195397121

http://198.12.91.160

# Reference: https://twitter.com/petrovic082/status/1408739967493361666

http://198.12.110.183

# Reference: https://twitter.com/FewAtoms/status/1408472851879956490

docuserver1.com

# Reference: https://twitter.com/FewAtoms/status/1408477403001856001

http://172.245.119.78

# Reference: https://twitter.com/petrovic082/status/1408503220389953536

http://89.40.14.62

# Reference: https://www.virustotal.com/gui/file/c91c110be85dea89dc873531eac8df2b0faa4fb6c5041416b873fdab7b15c45a/detection

http://136.144.41.71

# Reference: https://www.virustotal.com/gui/file/926a3380c1a5a6964f08450d09074cb62e4d78c8f2fac51fee65b0f2aafd18c8/detection

wotsapp.net

# Reference: https://www.virustotal.com/gui/file/f5380da161d45e09115bf0eb392b979db161ec710294352e5cf10d78469aa5a9/detection

cromdownload.com

# Reference: https://www.virustotal.com/gui/file/dc8c2d326143ff4334a7bdbafcb821ee9a525eb3248e676e4940baab8d0626a9/detection

hgastation.com

# Reference: https://twitter.com/ffforward/status/1409240342533181442

usergtarca.com

# Reference: https://twitter.com/alex_lanstein/status/1409503787803451395

ach-edi.xyz

# Reference: https://twitter.com/pmmkowalczyk/status/1409830494158704641

http://103.89.90.94

# Reference: https://twitter.com/wwp96/status/1409916270720471040

sottb.com

# Reference: https://twitter.com/wwp96/status/1410328605389905923

http://103.194.104.94

# Reference: https://www.virustotal.com/gui/domain/ccmd.website/relations

ccmd.website

# Reference: https://twitter.com/fr0s7_/status/1410253336390033409
# Reference: https://www.virustotal.com/gui/domain/ourfirm.com/detection

ourfirm.com

# Reference: https://twitter.com/InQuest/status/1410597489636347916

http://172.245.27.25

# Reference: https://twitter.com/malwrhunterteam/status/1410601147761528842

etherbonus.net

# Reference: https://twitter.com/wwp96/status/1410613354037534725

http://103.145.253.94

# Reference: https://twitter.com/wwp96/status/1411210042834051072

grntexpresscourier.com/File/

# Reference: https://www.virustotal.com/gui/file/1f9381182aad4f9917a66438b10d69f62c1027e3e4d27477c48cdec6651bd0d8/detection

http://192.227.158.111

# Reference: https://twitter.com/FewAtoms/status/1413915267294433283

i55fundraising.com

# Reference: https://twitter.com/FewAtoms/status/1413191983938551809

lifestyledrinks.hu/wp-includes/cs2/

# Reference: https://twitter.com/MBThreatIntel/status/1412474445722173440

http://145.249.106.39
http://212.114.52.129
http://37.120.239.185
http://5.39.222.102

# Reference: https://twitter.com/FewAtoms/status/1412472209461940226

nz-prosthodontists.org.nz/ox/

# Reference: https://www.virustotal.com/gui/domain/fdfwefwefsdfwersdfegdfgre.com/relations

fdfwefwefsdfwersdfegdfgre.com

# Reference: https://twitter.com/InQuest/status/1414575240647254022

http://198.12.107.11

# Reference: https://twitter.com/petrovic082/status/1415189867592622080

http://23.95.13.151

# Reference: https://twitter.com/ShadowChasing1/status/1415524921011105797

cvd.koloss.online
/?get_updates&download_updater
/?updates&checksystemver

# Reference: https://twitter.com/InQuest/status/1414967942748463113

http://188.166.41.131

# Reference: https://twitter.com/petrovic082/status/1415615378407968771

http://185.222.57.71

# Reference: https://twitter.com/petrovic082/status/1415614550934708226

http://136.144.41.14

# Reference: https://twitter.com/JAMESWT_MHT/status/1414503371143319553

http://107.167.89.175

# Reference: https://www.virustotal.com/gui/file/fd7221ed30c1e70660968257265500ffd60aea9ae2c85ee887b2608c1eaf2188/detection

http://136.144.41.201

# Reference: https://twitter.com/h2jazi/status/1414638329488945154
# Reference: https://www.virustotal.com/gui/file/5c0c2f162ccbcc9043141bbb8a3ab22058bf7f107beb1a659b13517f0e0b74de/detection

kong.re.kr/this_is_not_malware/

# Reference: https://twitter.com/FewAtoms/status/1416434806544609287

http://3.68.213.164

# Reference: https://twitter.com/360CoreSec/status/1417002780795949059
# Reference: https://www.virustotal.com/gui/file/aaeb6e6f44d20d0613e997c12e9b9fcdfcdcd8a205542adf510abfb906f64872/detection
# Reference: https://www.virustotal.com/gui/file/e67fd8375b32b13cf4f3566d6b44b505683586d8f78430c1c4a0acfdfe2733b8/detection

crabbier-airports.000webhostapp.com

# Reference: https://twitter.com/K_N1kolenko/status/1417418369133858816

http://192.210.173.40

# Reference: https://twitter.com/FewAtoms/status/1417549762086117377

http://78.62.182.29
datarcha.ga

# Reference: https://www.virustotal.com/gui/file/817ef5b799a0a73149989a2fa31cc83f94807887c3394f6e5a233eb9e72e20a2/detection

http://84.252.121.17

# Reference: https://twitter.com/KorbenD_Intel/status/1418673471496892421

http://15.222.66.186

# Reference: https://twitter.com/ActorExpose/status/1417905081979179011

tanxi520.xyz

# Reference: https://twitter.com/InQuest/status/1418168742337519617

http://198.46.201.115
/.........................................................wiz.wiz/
/wiz....wiz.wiz

# Reference: https://www.virustotal.com/gui/file/4da3094705f1a281ceb9b4893c74ca568831706afde2c2444f175ed022335c73/detection

gophish.izoaz.ru

# Reference: https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
# Reference: https://otx.alienvault.com/pulse/60f92ab428e945a165d2f0d9

chrunlee.cn

# Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection

http://188.34.163.98

# Reference: https://www.virustotal.com/gui/domain/old.cybers.com.ua/relations

old.cybers.com.ua

# Reference: https://twitter.com/r3dbU7z/status/1419285702374735877

http://167.114.77.19

# Reference: https://twitter.com/LittleRedBean2/status/1419182703392567296
# Reference: https://twitter.com/mojoesec/status/1419985509993095172
# Reference: https://www.virustotal.com/gui/file/2303b69f630d35d7eae22d30c5efeb76d6d89e80c7be9365b90db44e5ce5e94a/detection

103.60.165.104:2247
162.14.178.70:2247
27.159.65.61:2247
27.159.82.130:2247
43.248.191.71:2247
45.248.11.7:2247
/driverfile/1apEoaC4M5a.sys
/1apEoaC4M5a.sys

# Reference: https://twitter.com/FewAtoms/status/1419376268324360194

http://172.245.119.43

# Reference: https://twitter.com/r3dbU7z/status/1418433910057353217

http://62.182.158.226

# Reference: https://twitter.com/360CoreSec/status/1419626312503685126

govrn.xyz
kavach.govrn.xyz

# Reference: https://twitter.com/FewAtoms/status/1420091960912662529

cabinetrouvin.ma

# Reference: https://www.virustotal.com/gui/file/1fab8a218587d0ea6715a9b9abf287f6d825709e091e0dd23193a6787496feff/detection

impure.xyz

# Reference: https://twitter.com/ni_fi_70/status/1106137518976700416

mobilecontractoffers.co.uk

# Reference: https://twitter.com/FewAtoms/status/1420453315201179652

http://18.139.3.198

# Reference: https://twitter.com/InQuest/status/1420688618616655873

http://140.82.33.69

# Reference: https://twitter.com/FewAtoms/status/1420816172732358657

http://13.212.85.21

# Reference: https://www.virustotal.com/gui/file/deaab424c9a230e2acbfa3688a34c410240d7eed3a965c16e51905c34fae6390/detection

qmumdjffuiocstjfmdqt.com

# Reference: https://www.virustotal.com/gui/domain/counterslocal.com/relations

counterslocal.com

# Reference: https://www.virustotal.com/gui/file/cae7469e7f5dc88962b9993f4b415a46f60fcaeea494abb53d19b7d05f28525b/detection

http://37.0.11.8
1freeprivacytoolsforyou.xyz

# Reference: https://www.virustotal.com/gui/file/071231d29a8548be8cb0a8f48a4b23d12e08139fd8dba842781912a11dc7c5f6/detection

softusa.info
spolaect.info

# Reference: https://www.virustotal.com/gui/file/5924fc526a80149a67117ba540a42db389f19bff30f919fb9c0950941e44b52c/detection

installlcube.ru

# Reference: https://twitter.com/ankit_anubhav/status/1422441880164323334

http://192.3.122.133

# Reference: https://www.virustotal.com/gui/domain/adsnative123.com/relations

adsnative123.com

# Reference: https://twitter.com/Racco42/status/1422922614348165122

http://2.56.59.228

# Reference: https://www.virustotal.com/gui/file/f0c643d2b297b3fd566aa953a2305b7dea60efb1d327e39e2522f8931245d21a/detection

worldnit.com

# Reference: https://unit42.paloaltonetworks.com/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/
# Reference: https://www.virustotal.com/gui/ip-address/212.83.186.207/relations

http://212.83.186.207

# Reference: https://twitter.com/Malwar3Ninja/status/1423229743860645892

googlecouponss.com

# Reference: https://www.virustotal.com/gui/file/e6f3ef64b86604078ea707fc892f0912562bc8aa30fe6783edc2a0ff95d8c1eb/detection

hiziiresim.com

# Reference: https://twitter.com/CujoaiLabs/status/1423258390583812102

http://103.59.113.150

# Reference: https://twitter.com/k3yp0d/status/1423262663598034946
# Reference: https://twitter.com/k3yp0d/status/1423263227849359364
# Reference: https://www.virustotal.com/gui/file/3654e1e055ff7d8cc6f492b1894e731d126c339c4cff0aff4fde429e63917360/detection
# Reference: https://www.virustotal.com/gui/file/55983832ede07e1db74bcf43a01bd56fc4639bec9efb632fe291a4441871b0a4/detection

193.40.147.36:8000
23.94.190.180:8000
azure365documents.com
azurefilesupdates.com
documents365updates.com
office365onlinedocuments.com
officeupdateonline.com

# Reference: https://twitter.com/FewAtoms/status/1423299562026975234

http://13.250.41.54

# Reference: https://twitter.com/FewAtoms/status/1415004966591270914

lupasgroup.com

# Reference: https://twitter.com/James_inthe_box/status/1423311821658681347

demo.usa-mycard.com/sql/

# Reference: https://twitter.com/jstrosch/status/1437857995292090371

suriyecastajanslari.bykmedya.com

# Reference: https://www.virustotal.com/gui/file/d7d125932c112904d7485be8ca92338fbee3a80a01ce3ea5073606528755812b/detection

http://185.161.208.194

# Reference: https://www.virustotal.com/gui/ip-address/185.161.208.194/relations

alipayglobal.org
amazonpmnt.com
amzncldn.com
checkpoint-ds.com
cloudamazonft.com
cloudhckpoint.com
covidsrc.com
covidsvcrc.com
deuoffice.org
global-imsec.com
iteamates.com
msftprintsvc.com
printfiledn.com
worldsiclock.com

# Reference: https://twitter.com/pr0xylife/status/1445685832522690562

http://103.167.90.177

# Reference: https://www.virustotal.com/gui/file/7ffcb9f6daf4464de0fc3d659e47b76673c16c0f864ad0d2d1ac40f4b295ddfb/detection

http://103.155.82.159

# Reference: https://twitter.com/reecdeep/status/1446030302934097921

http://3.70.52.8

# Reference: https://www.virustotal.com/gui/domain/statusupdate.one/detection

statusupdate.one

# Reference: https://twitter.com/pr0xylife/status/1446386683071586325

http://103.170.254.249

# Reference: https://twitter.com/pr0xylife/status/1446391370067980294

http://103.232.54.181

# Reference: https://twitter.com/MBThreatIntel/status/1447973920942952449

logue.my

# Reference: https://twitter.com/netresec/status/1272787764765958145
# Reference: https://twitter.com/netresec/status/1272789544245637121
# Reference: https://app.any.run/tasks/d348af9e-1334-499a-b85f-66decc37e728/

sasakiguitarschool.com/v2/events

# Reference: https://www.virustotal.com/gui/domain/testfood.ml/detection

testfood.ml

# Reference: https://www.virustotal.com/gui/domain/dujanadecfoods.ga/relations

dujanadecfoods.ga

# Reference: https://twitter.com/reecdeep/status/1459121655482040343

http://84.252.121.97

# Reference: https://www.virustotal.com/gui/file/42ff32fedd64a59278db988b8b702ff3252f7c2b747baaba6668aba386fb3760/detection

http://194.147.32.53
cpitest.ru

# Reference: https://twitter.com/1ZRR4H/status/1458856549535739904
# Reference: https://twitter.com/1ZRR4H/status/1458860861800398848
# Reference: https://twitter.com/1ZRR4H/status/1458861386092597258

http://13.250.40.196
http://173.82.151.182
http://18.237.162.188

# Reference: https://twitter.com/reecdeep/status/1460514950745579521

http://107.172.75.205

# Reference: https://twitter.com/1ZRR4H/status/1460576019597991946

gianninidesign.com

# Reference: https://www.virustotal.com/gui/file/59662a6deb803ab0221ad1e79e3df698a2607b7ae064fe15dc12e2de71b483a3/detection

http://185.165.29.48

# Reference: https://twitter.com/InQuest/status/1461528762978340864

http://103.167.93.37

# Reference: https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/

http://27.102.127.120

# Reference: https://twitter.com/pr0xylife/status/1450398699121750019

http://135.125.248.37

# Reference: https://twitter.com/Max_Mal_/status/1462201203601948683

http://89.41.182.71

# Reference: https://twitter.com/pr0xylife/status/1462722015786328069

http://198.23.207.36

# Reference: https://twitter.com/1ZRR4H/status/1462912034744549379

http://18.117.9.33

# Reference: https://twitter.com/pr0xylife/status/1463088448139579398

http://198.12.107.112

# Reference: https://twitter.com/pr0xylife/status/1463093186549714946

http://103.145.254.163

# Reference: https://twitter.com/r3dbU7z/status/1463763485880467457

http://134.209.200.69
http://157.245.66.75

# Reference: https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/
# Reference: https://github.com/hpthreatresearch/iocs/blob/main/ratdispenser/urls.txt

http://103.141.138.12
http://185.219.133.122
http://195.133.40.98

# Reference: https://www.virustotal.com/gui/file/dfae4a6d47c4e881aa5ede59d0edcd2ae913b65b129e950ea2ab097bff28ccb0/detection

http://185.130.104.164

# Reference: https://twitter.com/InQuest/status/1464130004854448133

http://103.170.255.140

# Reference: https://twitter.com/InQuest/status/1464159010794491912

http://107.173.143.102

# Reference: https://twitter.com/pr0xylife/status/1464219627253342209

http://103.167.92.73

# Reference: https://twitter.com/InQuest/status/1464310001405767682

http://91.228.218.171

# Reference: https://www.virustotal.com/gui/file/0a8a1b80e189dcda3d05f8d4888468650368c5467be2db68720fd219217ed3b3/detection

update9876.dnsd.me

# Reference: https://twitter.com/pr0xylife/status/1465395752423804929

http://198.46.136.245

# Reference: https://www.virustotal.com/gui/file/ea0fa4b7c445a0b41dcc685eb30ff7eb3eb30bc40dbf12db96dcd5102d6f1359/detection

http://103.167.92.133

# Reference: https://www.virustotal.com/gui/file/04cd1f95b865497975374e6fa29cb916694ea1899a0eaa2ede7365cc5b101d19/detection

http://159.65.230.185

# Reference: https://twitter.com/ScarletSharkSec/status/1458085120502636544

http://198.46.132.212

# Reference: https://www.virustotal.com/gui/file/e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876/detection

http://172.104.109.217

# Reference: https://twitter.com/pr0xylife/status/1468945134926675968

http://194.36.189.205
http://87.251.85.100

# Reference: https://www.virustotal.com/gui/ip-address/47.89.253.69/detection

chrome-update-google.com
critical-update-chrome.com

# Reference: https://twitter.com/jstrosch/status/1469052651124006919

http://20.206.88.15

# Reference: https://app.any.run/tasks/e1a19a3b-4f71-41c0-8925-4062512325d4/
# Reference: https://www.virustotal.com/gui/file/731857a917a829491a03e5482433672fcff9cf33c1471459f23c666654a2ca4e/detection

http://164.90.177.169

# Reference: https://twitter.com/InQuest/status/1468867983904751621

http://23.94.174.158

# Reference: https://www.virustotal.com/gui/file/32162670a5fe6a074491b83e2e631ebebd431dd821e7502f958bea3df4e14146/detection

http://5.182.206.13

# Reference: https://twitter.com/IronNetTR/status/1466794475544616973

moet-rp.online

# Reference: https://twitter.com/Unit42_Intel/status/1470778363254128651

http://149.91.89.17

# Reference: https://twitter.com/gwillem/status/1471143272353611785

divishka.ffox.site

# Reference: https://www.virustotal.com/gui/file/efa22ab0015899c95aa6582cc90314de8d4cf2f52d3267eba50482b75d060ac5/detection

http://103.253.43.214

# Reference: https://www.virustotal.com/gui/file/8c952cbf82718e661016b95979a210fe32bf87f2c5aaf28610db8d32268c7271/detection

cloudjah.com

# Reference: https://twitter.com/h2jazi/status/1472644426887487489

http://40.112.71.203

# Reference: https://twitter.com/FewAtoms/status/1457356476096421897

nofearsw.in

# Reference: https://twitter.com/r3dbU7z/status/1468119168096612357

http://45.67.229.9

# Reference: https://twitter.com/FewAtoms/status/1440007318570143746

http://13.112.210.240

# Reference: https://www.virustotal.com/gui/file/4a4b6ec868a0f96afd0ce677eef87d118d2072d636181d7d24e5d29a963a5085/detection

http://45.9.20.150
/windowshelper.bin

# Reference: https://www.virustotal.com/gui/file/27548c9c3786d5906ecc3e283b4dac95271e88a378e16bc9e61c72be6d944879/detection

ppgggb.com

# Reference: https://www.virustotal.com/gui/file/d6d66f12ecdac2886547a0a49c0e49cfd5f8626aba2b8bc83535d7ad6aa96113/detection

http://185.215.113.23

# Reference: https://twitter.com/jstrosch/status/1475977971039100934

http://8.209.107.30

# Reference: https://twitter.com/JAMESWT_MHT/status/1476105632751267840

http://179.43.187.131

# Reference: https://www.virustotal.com/gui/file/2f3c9975236c099013608ac9852e6c3b9b5677687e28c5683c1ecae38e02bb04/detection

kukupingan.com

# Reference: https://www.virustotal.com/gui/file/3f78e28650b8197835e115005d0f2a9e000d01384e55c15f15097bd86ca1e8e2/detection

fantare.ru
qqq.fantare.ru

# Reference: https://twitter.com/benkow_/status/1476886648818384902
# Reference: https://dpaste.org/Nx77/raw

http://176.111.174.69
http://185.215.113.208
http://193.135.12.27
http://193.38.55.144
http://193.38.55.83
http://193.38.55.84
http://194.61.120.8
http://45.84.179.2

# Reference: https://www.virustotal.com/gui/file/c9414f9e7ec6f3ba759335ac414092b357b131bda6c54f0ab0cee1e9a65eff3f/detection

http://5.181.156.221
http://91.212.150.247
http://91.241.19.38

# Reference: https://www.virustotal.com/gui/file/3b2b4188e8cbac80e7e566dc84a9e49418e7d11a010e2b7e103aeb295cb59581/detection

http://185.70.186.174

# Reference: https://www.virustotal.com/gui/file/9cbaafcc5fabe81105cbe09a869c1576dcb8c09c53386a6426ebead635502a67/detection

http://193.150.70.6
http://45.142.215.144
http://45.159.188.186
http://93.157.62.185

# Reference: https://www.virustotal.com/gui/domain/liveme31.com/relations

liveme31.com

# Reference: https://www.virustotal.com/gui/domain/pplzy.pw/relations

pplzy.pw

# Reference: https://www.virustotal.com/gui/domain/the-flash-man.com/relations

the-flash-man.com

# Reference: https://www.virustotal.com/gui/domain/closedr.info/relations

closedr.info

# Reference: https://www.virustotal.com/gui/domain/mash2.info/relations

mash2.info

# Reference: https://www.virustotal.com/gui/domain/startupmart.bar/relations

startupmart.bar

# Reference: https://www.virustotal.com/gui/domain/spolaect.info/relations

spolaect.info

# Reference: https://www.virustotal.com/gui/domain/gavenetwork.bar/relations

gavenetwork.bar

# Reference: https://www.virustotal.com/gui/domain/get-europe-group.bar/relations

get-europe-group.bar

# Reference: https://www.virustotal.com/gui/domain/mysters.info/relations

mysters.info

# Reference: https://www.virustotal.com/gui/file/1022aed4c67e1fd0bc605d815bf9152d040a3288e91391f9637cbb55e54f0a03/detection

http://91.243.44.130

# Reference: https://www.virustotal.com/gui/file/83c5af47ff7bccc6c1613bcb686b75f7f2c2c3c5f6a8af32decb00b459f799e8/detection

http://45.142.212.196

# Reference: https://www.virustotal.com/gui/file/34ca4e801f564dcfb1127a5ae465dcc7d7d373cdc7e37100c35ad16674a55f7e/detection

http://80.87.200.188

# Reference: https://twitter.com/TheDFIRReport/status/1479090547134455818
# Reference: https://blog.virustotal.com/2022/01/monitoring-malware-abusing-cve-2020-1599.html
# Reference: https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/

commandaadmin.com
teamworks455.com

# Reference: https://twitter.com/1ZRR4H/status/1479298118915178496
# Reference: https://www.virustotal.com/gui/file/bb4ec7c0ef0967028461ba62b3acc5cf18e015f898deb6c85b543bb70745f95e/detection

moneyinstall.us
minecraftlead.ru
stroymatkomplekt.ru

# Reference: https://www.virustotal.com/gui/file/ba95d9a0ccf20be080f89d1be1cda6e1d9fb3600b4b2ac65b187e3ce0119d6c8/detection

http://119.17.214.93

# Reference: https://www.virustotal.com/gui/file/2f3ab54b99c62db313f4a62dc674d71348a5b8d034ecd1a3418d618432e00817/detection

http://119.17.214.92

# Reference: https://www.virustotal.com/gui/file/74f42688a1901d9d16bfb400fdc3918deba5c44c0fc847a03ac8ab473cb3d895/detection

http://119.17.214.96

# Reference: https://twitter.com/James_inthe_box/status/1457745300123127811

http://103.124.106.149

# Reference: https://twitter.com/pr0xylife/status/1455094005914652673

http://202.55.133.79

# Reference: https://twitter.com/pr0xylife/status/1451463373091229716

http://103.167.84.138

# Reference: https://twitter.com/pr0xylife/status/1451466003460808705

http://192.227.158.101

# Reference: https://twitter.com/reecdeep/status/1451460263492849665

http://23.94.159.219

# Reference: https://twitter.com/pr0xylife/status/1450017891924029448

http://103.167.93.12

# Reference: https://twitter.com/InQuest/status/1450014272973586432

http://192.3.110.172

# Reference: https://twitter.com/pr0xylife/status/1447834700693782530

http://23.94.159.208

# Reference: https://twitter.com/InQuest/status/1447383680066990080

http://103.167.90.69

# Reference: https://twitter.com/InQuest/status/1447391470563041282

http://103.155.83.184

# Reference: https://twitter.com/InQuest/status/1447399272723386368

http://202.55.132.141

# Reference: https://twitter.com/r3dbU7z/status/1438962964703363075

http://3.127.222.135

# Reference: https://www.virustotal.com/gui/file/3859ba414a1e01ea8326302491d75c8015e4bc919ca0c7a04f0143b8b3412567/detection

http://95.142.47.19

# Reference: https://www.virustotal.com/gui/file/5a962e6116bde82aa809719f0b1872fa7b1d6a477cc915528ee5d06cea4c1b75/detection

http://185.186.142.166
http://37.49.230.237

# Reference: https://www.virustotal.com/gui/file/90585a2e93e20a3d84e5c28281936bb8503574956aee6dc93820226e604ec79f/detection

http://91.243.44.128

# Reference: https://www.virustotal.com/gui/file/d312e2032ec1797161c4d85347063f8e49e250f100fa8f00c8614552bce87df3/detection

beachbig.com

# Reference: https://twitter.com/pr0xylife/status/1480494355177779202

http://107.173.229.131

# Reference: https://twitter.com/pr0xylife/status/1480841911019655171

http://103.153.79.104

# Reference: https://www.virustotal.com/gui/file/cc5a62e4984a28d010f9c4fad2307db1f156e25ca5e1d471bfae803f01dfb4e3/detection

http://192.3.146.154

# Reference: https://www.virustotal.com/gui/file/c2ce066ae0423a870ecf4dbc36b73a0169f75ce8a0168ecfb81f78d0c3652ca6/detection

http://45.138.72.43

# Reference: https://twitter.com/jstrosch/status/1481338605998067723

http://179.43.140.208

# Reference: https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html

http://13.78.209.105

# Reference: https://www.virustotal.com/gui/file/d42e5f2e60b39e2aca3dd09a4dd5803a04b33821e6da8808ef9ef450d6771e30/detection

http://137.135.65.29

# Reference: https://www.virustotal.com/gui/file/bdcaf31f882353b75031d1d7353085ff529612bec3a62e462fa3086d2a79bb85/detection

http://52.150.26.35

# Reference: https://www.joesandbox.com/analysis/512154?idtype=analysisid#iocs

http://40.85.140.7

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-01-12-IOCs-for-IcedID-with-Cobalt-Strike-and-DarkVNC.txt

http://104.168.44.45

# Reference: https://www.virustotal.com/gui/file/80dcf447cef9dabc2f3ff03a318277ac06185ee7a3566cb48116f41a5c02801b/detection

http://198.23.212.239

# Reference: https://twitter.com/reecdeep/status/1481997298326556677

http://20.51.217.113

# Reference: https://www.virustotal.com/gui/file/6fcf190d85dee62ab18a9bd36d8db98cadc10e75ec8aacd1093013a46e188db4/detection

http://113.212.88.60
113.212.88.60:88

# Reference: https://twitter.com/1ZRR4H/status/1454885256436256779

http://1.234.83.196
http://113.212.88.135
http://113.212.88.60
http://185.254.240.239

# Reference: https://www.virustotal.com/gui/ip-address/37.1.209.213/relations

http://37.1.209.213

# Reference: https://www.virustotal.com/gui/file/cf4e53b7758ebb9a9470cb6fd3a2c69fcd96e045534ab80a44eac752c09e50f0/detection

marks397.co.za

# Reference: https://twitter.com/pr0xylife/status/1483100182829019144

http://198.12.81.81

# Reference: https://twitter.com/felixaime/status/1483089929802498055
# Reference: https://twitter.com/felixaime/status/1483114131595186181
# Reference: https://www.virustotal.com/gui/file/0ddde6a23956364f828de2de1abdbf9fc6d4952683f777d03fe01fa0b367b2b2/detection

http://104.168.32.66
http://20.51.217.113

# Reference: https://www.virustotal.com/gui/file/e14ea6085447b2c93ede3aa3151dd998f1831f782333372b711343d418cfb545/detection

http://146.0.77.114
http://185.130.104.235
http://193.238.47.118

# Reference: https://twitter.com/MBThreatIntel/status/1483145128806129668

http://198.144.176.204

# Reference: https://twitter.com/reecdeep/status/1483348720120967171

http://185.237.206.163

# Reference: https://twitter.com/idclickthat/status/1482032319418535940
# Reference: https://www.virustotal.com/gui/domain/ghostappstore.com/relations

103.61.31.155:8666
99.83.191.53:8666
ghostappstore.com
down.ghostappstore.com

# Reference: https://www.virustotal.com/gui/ip-address/91.241.19.52/relations

http://91.241.19.52

# Reference: https://twitter.com/pr0xylife/status/1483558099587842051

http://180.214.237.30

# Reference: https://www.virustotal.com/gui/file/f25a79f4767d6469e49d59fa050da7ecc7da6e2603ef1645b9ce1758960cb910/detection

http://84.38.133.143

# Reference: https://www.virustotal.com/gui/file/6604c2874c051ea173e5a46d2045501441050ba6a553a8b4ab7164dbfdf95f46/detection

http://35.87.49.226

# Reference: https://www.virustotal.com/gui/file/9fcda8bfa60b55886191c9a849f69092c57f384f55b9bddba78711bb51f1761d/detection

http://45.88.3.236

# Reference: https://www.virustotal.com/gui/file/94766b7f5469168f24fe98d5b8a3bf6828a8a3ce13b4a3e372e9bbdf5efa984d/detection

http://149.28.98.202

# Reference: https://twitter.com/s1ckb017/status/1484099242562101250

http://107.174.138.132

# Reference: https://twitter.com/r3dbU7z/status/1484172382684139530

http://135.148.74.241

# Reference: https://twitter.com/petrovic082/status/1484252860879618057

http://192.210.214.174

# Reference: https://www.virustotal.com/gui/file/e6508fcc221feaf48e4af7a66e74edd76edbf7e0c177a5b5c8d4e581a543ea02/detection

http://172.241.27.208

# Reference: https://www.virustotal.com/gui/file/0291aad7b0fe24f5dc25ded98bf4ad1bf2604f3966abab3a2f262a4ff08721f5/detection

http://185.237.206.185

# Reference: https://twitter.com/malwrhunterteam/status/1484545680077164549
# Reference: https://www.virustotal.com/gui/file/eed311ae1c342ed17301ccc1c93342e163dd1e016f4843ede7c09175e76be541/detection

mynavytoday.com

# Reference: https://twitter.com/cyber__sloth/status/1484465719542747137

http://192.99.190.34

# Reference: https://twitter.com/petrovic082/status/1484837128563474436

http://170.39.212.195

# Reference: https://inquest.net/blog/2022/01/24/analysis-remcos-rat-dropper

http://104.223.119.167
http://64.188.19.241

# Reference: https://www.virustotal.com/gui/ip-address/162.244.32.133/relations

http://162.244.32.133

# Reference: https://twitter.com/reecdeep/status/1485979072933117952

http://192.210.219.13

# Reference: https://twitter.com/malwrhunterteam/status/1486613791504842753
# Reference: https://www.virustotal.com/gui/file/9866573fcfb435c3032cad9ff6116d408bac12d24c9fcf524c280465ca9f2631/detection

http://194.127.192.136

# Reference: https://www.virustotal.com/gui/file/2dd21ba18dede0cf4985b9ab6175898328eb60fca9f0cd3785020e7cc521054e/detection

http://138.68.162.128
http://87.251.64.133

# Reference: https://www.virustotal.com/gui/domain/federguda.ru/relations

federguda.ru

# Reference: https://www.virustotal.com/gui/file/950bc90e32c3af6a835e4e84a966aa54caf81b18b38e46eaf2b94cc9ff214a5f/detection

mikeloayza.com

# Reference: https://www.virustotal.com/gui/file/e7cfe81d4e1f128d38629a9bc2be025f821bf8c001df14771e375b168cc5fe6f/detection

bosslike.ct8.pl
codingguydev.000webhostapp.com

# Reference: https://www.virustotal.com/gui/domain/nxxxn.ga/relations

nxxxn.ga
d.nxxxn.ga
g.nxxxn.ga
r.nxxxn.ga
t.nxxxn.ga
x.nxxxn.ga

# Reference: https://www.virustotal.com/gui/file/00fd0c27ccd389b33d9293b163b3d431cab6dfda9156273eb281a8ec9ae36d24/detection

http://181.214.152.249

# Reference: https://www.virustotal.com/gui/file/1dca676f7e72738b4928d057d009880eab95bba1aec163abed9f2aef74909916/detection

http://45.11.186.24

# Reference: https://www.virustotal.com/gui/file/045de5acd7f3b4b0a4d402c17f8779f68ee957e2323ae61b0d1907dcb1a7472c/detection

http://5.255.100.31

# Reference: https://twitter.com/Dany74746320/status/1485042967811395587

viagramain.com

# Reference: https://urlhaus.abuse.ch/url/2016124/

http://212.192.246.239

# Reference: https://twitter.com/s1ckb017/status/1488105648407601152

foohello.work

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_31.01.2022.txt

http://104.168.32.36

# Reference: https://twitter.com/pr0xylife/status/1488236339283771399

http://192.210.218.119

# Reference: https://www.virustotal.com/gui/file/0275a7b7aa219043d31f1fe5741b5b02c43144ced65c5141badc4ce38581c6b3/detection

http://193.56.146.36
bursakulis.com
chickenwalas.com
cllgxx.com
luminati-china.net
tweakballs.com
tg8.cllgxx.com
hb888.luminati-china.net
testjndmtle.luminati-china.net

# Reference: https://www.virustotal.com/gui/file/cbb1036b419a366580acf33e3279e192ad15635568fb7aea329487109145aa31/detection

http://84.252.122.205

# Reference: https://www.virustotal.com/gui/domain/ddl8.data.hu/relations

ddl8.data.hu

# Reference: https://twitter.com/InQuest/status/1488977019698356230

http://84.38.132.24

# Reference: https://twitter.com/James_inthe_box/status/1489004195000688640

http://209.127.19.101
http://64.188.19.241

# Reference: https://twitter.com/malwrhunterteam/status/1489244181922865155
# Reference: https://www.virustotal.com/gui/ip-address/185.117.72.143/relations

http://185.117.72.143

# Reference: https://twitter.com/1ZRR4H/status/1489286212313567237

http://206.188.196.166

# Reference: https://www.virustotal.com/gui/file/cc53402a8786978db2ff36ec45bd2c289bb204ac61c38a68b696ed96a12c494e/detection

myhost.2zzz.ru

# Reference: https://www.virustotal.com/gui/file/95beb72d6d3c5d7738338fd5c2d2edbf9fe035c8d518ec1fbbaa209fecbdf45f/detection

ioadhost.2zzz.ru
loadhost.2zzz.ru

# Reference: https://www.virustotal.com/gui/file/7fde634192e6012c73e5f4e776de8e5749f12dc9f54e0779105055917d9d2485/detection

files.2zzz.ru

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_07.02.2022.txt

http://18.215.63.247

# Reference: https://www.virustotal.com/gui/file/04b2dc417dc419adc70b8d853142903f7da38511da4e90858d287ae7c016ebf5/detection

http://104.168.5.57

# Reference: https://github.com/pr0xylife/nworm/blob/main/nworm_10.02.2022.txt

http://103.151.125.186
http://54.235.58.2

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_10.02.2022.txt

http://107.173.219.30
http://198.46.132.195

# Reference: https://www.virustotal.com/gui/file/794bcfb84b20f5e74a85d54aa222cc580600a7a6f9ee90ad667989ee1f2f13a5/detection

http://54.144.18.201

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-10%20Remcos%20IOCs

http://209.127.20.130

# Reference: https://www.virustotal.com/gui/file/14afe589bfefb5b555aa0b824d995525bc8a41bef14586108c34540071b637c9/detection

ggiimage.com

# Reference: https://www.virustotal.com/gui/file/e78187122c899922fa5967bb3950dbbdf31608758de38e63d10976901f939a39/detection

http://3.141.31.43

# Reference: https://www.virustotal.com/gui/file/3a88a0123189b10361e57739e572fcf7151f5021d1b7aaf2ccacd4559cd26e95/detection

asia-south-36774.packetriot.net
blissful-river-74383.pktriot.net

# Reference: https://www.virustotal.com/gui/file/083c8ebec80a4a652972b5899c03e4a41711cfa6e1c030654d39dc0f2a4e15e8/detection

boys4dayz.com
duzlwewk2uk96.cloudfront.net

# Reference: https://www.virustotal.com/gui/ip-address/111.90.146.149/relations
# Reference: https://www.virustotal.com/gui/file/2684cbbbe4b27fe7bbf5c4918c9986ffe4052661d2ae0f41d8e1cc02876049b5/detection

asdfk.pw
aupw.pw
choechal.pw
chuizi.icu
cnzzqo.pw
egsa.pw
findone.icu
haikuy.pw
hwuaee.icu
jhuzw.pw
jukaiop.pw
menzbv.pw
mnbuiy.pw
mnbx.pw
oppopp.icu
papoo.pw
papwli.pw
pinguo.icu
poasdl.pw
pplzy.pw
puhua.pw
ticaus.pw
ukcom.pw
vivivovo.icu
whzuix.pw
yiyuli.pw
yuyhmi.pw
znytli.pw
zuxjp.pw

# Reference: https://www.virustotal.com/gui/file/000e5cefeb611d72332acd698462d8bf905caca5f7fc8df6fba36580da526ae9/detection

atomtweaks.com
glclick.com

# Reference: https://www.virustotal.com/gui/file/5fec64545072154ae4165f7b1806e1984667ce1c64d5fb457f966c59727e4018/detection

jackytpload.su

# Reference: https://www.virustotal.com/gui/file/f0de5be449cfd7b81901ba08a7d9bab4fb6fb09bf23cead68a59118c23c920c4/detection

hsl-pebble.cn
s1-i47p.5588888.xyz
/e/10363/shell.txt

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs%202

http://198.23.251.110

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-15%20Remcos%20IOCs

http://192.210.214.221

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-19%20Remcos%20IOCs

http://167.160.166.228

# Reference: https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/

http://81.4.105.174

# Reference: https://www.virustotal.com/gui/file/5c7b06a1d59f2d6237bd858ccf1199528ff6879f1d4e4db197e6d58df7de87a0/detection

http://115.159.154.82

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-08%20Vjw0rm%20IOCs

http://179.61.237.75

# Reference: https://twitter.com/phage_nz/status/1493130615658479617

http://3.86.58.190

# Reference: https://twitter.com/th3_protoCOL/status/1492959950498193408

http://198.100.159.92

# Reference: https://twitter.com/r3dbU7z/status/1493263818222415879

http://5.2.76.43

# Reference: https://twitter.com/jstrosch/status/1493390004936134659

http://185.136.171.110

# Reference: https://twitter.com/MBThreatIntel/status/1493610043513712640

auto-falkanhahn.de

# Reference: https://twitter.com/r3dbU7z/status/1493675446210281479

http://45.32.132.166

# Reference: https://twitter.com/jstrosch/status/1493799495007715329

159.89.55.248:8080

# Reference: https://www.virustotal.com/gui/file/1155c0a3ed4fff855d7638989626d70a34a9cd35c943d5899fce5fa8fb2a47e2/detection

http://107.173.229.134

# Reference: https://www.virustotal.com/gui/domain/celestialcomet.cc/relations

celestialcomet.cc

# Reference: https://www.virustotal.com/gui/domain/cloudstorage.pm/relations

cloudstorage.pm

# Reference: https://www.virustotal.com/gui/domain/allendefarm.pl/relations

allendefarm.pl

# Reference: https://www.virustotal.com/gui/file/2965d4a8e0c8b61acaba9ac5c24424f5d2925ba658a9871553a1cff6cc5db56c/detection

fastcomet.cc

# Reference: https://twitter.com/dubstard/status/1494564720795582465

rari.fund

# Reference: https://twitter.com/malwrhunterteam/status/1494996632005447681

travel-ag.com

# Reference: https://twitter.com/adm1n_usa32/status/1495985775179186176

google247.xyz

# Reference: https://twitter.com/pr0xylife/status/1495818338097844227

http://3.145.46.6

# Reference: https://asec.ahnlab.com/en/31811/

http://103.243.26.225
http://144.48.240.69
http://144.48.240.85
http://81.68.76.46

# Reference: https://twitter.com/malwrhunterteam/status/1489615424937472000
# Reference: https://twitter.com/malwrhunterteam/status/1496231014246621188

nude-photos.casacam.net
nude-photo.giize.com

# Reference: https://twitter.com/pr0xylife/status/1496565773803864068
# Reference: https://www.virustotal.com/gui/domain/aacqx.shop/relations

aacqx.shop

# Reference: https://twitter.com/malwrhunterteam/status/1497235270416097287

http://179.43.175.171

# Reference: https://twitter.com/Dashowl/status/1497620618216452098

http://45.67.230.104

# Reference: https://www.virustotal.com/gui/file/33d5edfef5ffcf3f32ecad4426a11a24069d8e37d3936d528bfb26ff34edbe99/detection

zdert.xyz

# Reference: https://twitter.com/TeamDreier/status/1498960798458298373

/sdfghj654hgfkc/

# Reference: https://twitter.com/MBThreatIntel/status/1499435864035934212

http://192.227.196.211

# Reference: https://twitter.com/reecdeep/status/1499668276149948416

http://107.172.13.168

# Reference: https://otx.alienvault.com/pulse/6222096d5505582bf113ccb7/

http://103.167.92.57

# Reference: https://www.virustotal.com/gui/file/001807f9c24cb224cc074f66a2c9ab8b86dde7c752a7a60632bd2b06080fafbd/detection

duoproc.ru

# Reference: https://www.virustotal.com/gui/file/11889b6adca11a7385d45ced048069c82540888811e5d3b08855e37c17782f73/detection

http://192.3.247.134

# Reference: https://www.virustotal.com/gui/file/2978b63f597bcba76e4bc33311d013b56e170857021dc5154ff94861117d2694/detection

kaaspersky.000webhostapp.com

# Reference: https://twitter.com/pr0xylife/status/1500841191885217792

http://198.12.110.189

# Reference: https://github.com/pr0xylife/Lokibot/blob/main/Lokibot_08.03.2022.txt

http://198.23.251.29

# Reference: https://www.virustotal.com/gui/file/c14c3e28aeede2cb2c195601336f9f44a8549b0a4f473a278c3431f19a05b67d/detection

http://34.105.85.231

# Reference: https://twitter.com/pr0xylife/status/1501489251837427712

http://180.214.236.32

# Reference: https://twitter.com/pr0xylife/status/1501538557302906881

http://52.78.165.165

# Reference: https://twitter.com/malwrhunterteam/status/1501550442668507143

http://193.56.29.230

# Reference: https://twitter.com/InQuest/status/1501556259534872578

http://35.184.204.221
http://94.130.207.164

# Reference: https://twitter.com/malwrhunterteam/status/1501640601359503365
# Reference: https://www.virustotal.com/gui/file/391483124c214da2d00a0819a9097949d6dc30578f4c3722df78ca6693a127cc/detection

http://45.149.128.129

# Reference: https://www.virustotal.com/gui/file/e420d90738208a061aaca7b310bedf7efb56e89451c19d5049649621283ec583/detection

http://18.181.195.19

# Reference: https://twitter.com/petrovic082/status/1502943136611454978

ec2-34-229-64-131.compute-1.amazonaws.com

# Reference: https://twitter.com/jstrosch/status/1504104392353624072

finec-microfinance.com/2/

# Reference: https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/

http://188.119.149.160
188.119.149.160:443
45.61.136.39:443

# Reference: https://twitter.com/0xrb/status/1504337558452715527

controlparks.com/1/

# Reference: https://twitter.com/jstrosch/status/1504650708767109121

utterims.com

# Reference: https://twitter.com/bad_packets/status/1504639326893731840

14.55.65.217:8080

# Reference: https://www.virustotal.com/gui/domain/adds-only.xyz/relations

adds-only.xyz

# Reference: https://www.virustotal.com/gui/file/e6224ff810cce2cbdab4b18591fbf810c12b3ebdc85121f1a56b3dfb36ac3bc3/detection

stoic2019.shop

# Reference: https://www.virustotal.com/gui/domain/cyt8t.com/relations

cyt8t.com

# Reference: https://twitter.com/malwrhunterteam/status/1505192978603823107

http://172.241.27.108

# Reference: https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html (# Win.Malware.Johnnie-9941227-0)
# Reference: https://www.virustotal.com/gui/domain/api.boosting.online/relations
# Reference: https://www.virustotal.com/gui/file/0b725f38337f41789472e3f61b37b425bc3ba2fb6a51a32fbaec219330eb88f7/detection

boosting.online
win3.online
win3.ru
api.boosting.online

# Reference: https://twitter.com/BushidoToken/status/1505639071443570699
# Reference: https://otx.alienvault.com/pulse/6237878e4937d1bad108047f/

http://34.105.85.231
http://35.184.204.221
http://34.71.81.158
consular-thpass.com
consulatelteamthailand.com
teamconsulatelthailand.com
ec2-34-229-64-131.compute-1.amazonaws.com
microsoft.soundcast.me

# Reference: https://twitter.com/tosscoinwitcher/status/1505784120927932418

http://84.38.135.159

# Reference: https://twitter.com/idclickthat/status/1505923827766865924
# Reference: https://www.virustotal.com/gui/file/9c7b2fabd58d70c0e348e23b6e2beac28e26e80566449fb5e5b10c2d6bef2b55/detection

campus-art.com
ledgrelive.com

# Reference: https://twitter.com/James_inthe_box/status/1506680809880621066

http://51.210.78.57

# Reference: https://www.virustotal.com/gui/file/e93cc14c93709b38dc8d95fb58d70d1a8930576c7d16c64c3efbc4cc08d951ff/detection

http://84.38.132.43

# Reference: https://www.virustotal.com/gui/file/03eb59205f453806754b1a677d5d4786431c902f045aef1115ee890b86e7e779/detection

http://185.215.113.93

# Reference: https://www.virustotal.com/gui/file/1caad2746b5dad26d33c116a47aced816d050ff176b7314c99427ad4b03bfbf2/detection

http://172.245.163.174

# Reference: https://www.virustotal.com/gui/file/16e587a78c6af7a68db2eee80ac40ccec784aeb261cfa7bab04c54608dc96324/detection

http://185.215.113.77

# Reference: https://www.virustotal.com/gui/file/0d85bf6b36123e7da8daa9e7504f2b54db40d8d0e9eefa127b5e4c4fff16c53f/detection

http://23.106.122.152
http://37.120.222.60

# Reference: https://www.virustotal.com/gui/file/0d8e031c65e57c9924aa28bb61871e136c52cc522e8b247d504808ae93d779a4/detection

http://193.106.191.196

# Reference: https://twitter.com/malwrhunterteam/status/1508505771935473665

http://156.241.129.39

# Reference: https://twitter.com/0xrb/status/1508691938576576514

http://90.173.99.208

# Reference: https://www.virustotal.com/gui/domain/mbplc.xyz/relations

mbplc.xyz

# Reference: https://www.virustotal.com/gui/domain/igov-service.net/detection

igov-service.net

# Reference: https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
# Reference: https://otx.alienvault.com/pulse/6130ad0fa45240740e294965

ariesbee.com
aurigabee.xyz
bootesbee.com
heartsbeat.gq
xsvpn.cf
r.honeygain.money

# Reference: https://www.virustotal.com/gui/file/f32025e75c842a46fd3088b35dc64df4736cb41f8b08d6ba1706bb143ee16a3e/detection
# Reference: https://www.virustotal.com/gui/file/22594c0c333f61a66000ddec797c0aec98ae9eeaf32d6a7fb8660ac73445d433/detection

http://103.238.225.37
103.238.225.37:443

# Reference: https://twitter.com/malwrhunterteam/status/1509459212493070340

http://103.158.190.54

# Reference: https://www.virustotal.com/gui/domain/dev-com.sc/detection

dev-com.sc
api.dev-com.sc

# Reference: https://www.virustotal.com/gui/domain/degengeneral.000webhostapp.com/relations

degengeneral.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/a82d9e290498a9ba960a9118db0b68eee6934831e96bedc3799766851571c8b9/detection

thiagoviado.com

# Reference: https://twitter.com/jstrosch/status/1509874812503707665

http://50.87.194.40

# Reference: https://twitter.com/malwrhunterteam/status/1510262816057528327

lolo3443443.7m.pl

# Reference: https://www.virustotal.com/gui/domain/zonasertaneja.com.br/relations

zonasertaneja.com.br

# Reference: https://twitter.com/malwrhunterteam/status/1511289543432957957

corncastt.net

# Reference: https://twitter.com/malwrhunterteam/status/1511399876021690381

http://20.106.232.4

# Reference: https://twitter.com/malwrhunterteam/status/1511396879703158795

http://121.5.28.63

# Reference: https://www.virustotal.com/gui/file/3be429999574d121c9004caef1dc4ae73f50d899d4f73cea9fe0b4f166a05356/detection

http://107.173.143.29

# Reference: https://twitter.com/Dashowl/status/1511771478152392711

185.25.50.239:8080

# Reference: https://www.virustotal.com/gui/file/e42f42aa0999285f9b0e1b159cb3778769447877cd3fa96f9dd06313375d8b9a/detection

f0607393.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d8b6bd73a6fc1abb9cbbea7e17f9e38c07f5b2f096012b3df28deb5f0c3dde21/detection

a0604050.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d695bc1bd1a2686198b21cb7e0e776fe29cddca13a858917771e0897d338cc4f/detection

http://96.47.235.202

# Reference: https://twitter.com/Jirehlov/status/1512795466253357062
# Reference: https://www.virustotal.com/gui/file/9e283d465120e808898727d2331e64dea69be9e10e2f26298d6ac2330f07bdf1/detection

telegram-cn.org
tgzh.oss-cn-hongkong.aliyuncs.com

# Reference: https://twitter.com/0xhido/status/1513501384729104385

http://209.127.91.101

# Reference: https://www.virustotal.com/gui/file/ec4debc52011a0e1cfdc28bfcad2fcd17a1ebb36aca7b0b139649463fdbed485/detection

http://185.101.107.92

# Reference: https://www.virustotal.com/gui/file/fe45251115d45f4c6957cfe55c353b41419dd74eeae31dced6235ce5b8f45344/detection

http://38.132.101.45

# Reference: https://twitter.com/pr0xylife/status/1513984415684345868

http://193.27.14.214

# Reference: https://twitter.com/JAMESWT_MHT/status/1514492777593294848

http://78.14.113.227
78.14.113.227:8080

# Reference: https://www.virustotal.com/gui/domain/atps-proximo.pt/relations

atps-proximo.pt

# Reference: https://www.virustotal.com/gui/file/0019c5250ed8b254a0dba743253806bdbd72c408decd1d2d53de03355a0f0f6a/detection

http://107.189.6.214
xxx01xzb.beget.tech

# Reference: https://www.trendmicro.com/en_us/research/21/k/campaign-abusing-rats-uses-fake-websites.html
# Reference: https://otx.alienvault.com/pulse/61a7a4ab87dda2ec4c035c7e

allincalisthenics.com
bingoroll20.net
bingoroll21.net
bingoroll22.net
bingoroll23.net
bummerpost.com
deiflo.com
erin-nathaniel.com
estateplanningcentral.com
evvresponsefund.com
faraipyro.com
nathanfraser.com
nationalinsuranceappraisersregistry.com
neponsetflagfootballleague.com
optimalfatmetabolism.com
toa-ara.com

# Reference: https://www.virustotal.com/gui/file/0d64fd162d94601ddd806df804103f3713c4aa43c201fffb9c92783c29d6094c/detection

http://66.154.112.212

# Reference: https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
# Reference: https://otx.alienvault.com/pulse/612c8ea759d6287ad242b320

23moesian-10.com
23moesian-11.com
23moesian-15.com
23moesian-16.com
23moesian-17.com
23moesian-18.com
23moesian-19.com
23moesian-2.com
23moesian-20.com
23moesian-26.com
77support-update23-4.com
a-cl.xyz
account-info002.com
account-info003.com
account-info004.com
account-info005.com
account-info007.com
account-info008.com
account-info011.com
account-info012.com
accountservicealert002.com
accountservicealert003.com
adminmabuk103.com
adminsecurity101.com
adminsecurity102.com
appgetbox10.com
appgetbox3.com
appgetbox5.com
appgetbox6.com
appgetbox7.com
appgetbox8.com
appgetbox9.com
bas9oiw88remnisn-1.com
bas9oiw88remnisn-10.com
bas9oiw88remnisn-11.com
bas9oiw88remnisn-12.com
bas9oiw88remnisn-13.com
bas9oiw88remnisn-14.com
bas9oiw88remnisn-15.com
bas9oiw88remnisn-16.com
bas9oiw88remnisn-17.com
bas9oiw88remnisn-19.com
bas9oiw88remnisn-2.com
bas9oiw88remnisn-20.com
bas9oiw88remnisn-21.com
bas9oiw88remnisn-22.com
bas9oiw88remnisn-23.com
bas9oiw88remnisn-24.com
bas9oiw88remnisn-25.com
bas9oiw88remnisn-26.com
bas9oiw88remnisn-27.com
bas9oiw88remnisn-3.com
bas9oiw88remnisn-4.com
bas9oiw88remnisn-5.com
bas9oiw88remnisn-7.com
bas9oiw88remnisn-8.com
bas9oiw88remnisn-9.com
berangberang-10.com
berangberang-11.com
berangberang-12.com
berangberang-13.com
berangberang-3.com
berangberang-4.com
berangberang-5.com
berangberang-6.com
berangberang-7.com
berangberang-8.com
berangberang-9.com
bimspelitskalix-xuer2.com
bimspelitskalix-xuer6.com
bimspelitskalix-xuer7.com
bimspelitskalix-xuer9.com
c-hi.xyz
c-tl.xyz
care887-yyrtconsumer23-23.com
care887-yyrtconsumer23-24.com
care887-yyrtconsumer23-25.com
care887-yyrtconsumer23-26.com
care887-yyrtconsumer23-27.com
cokils2ptys-1.com
cokils2ptys-3.com
cokils2ptys-6.com
contackamazon1.com
copris7-yearts-37.com
copris7-yearts-38.com
copris7-yearts-39.com
copris7-yearts-4.com
copris7-yearts-40.com
copris7-yearts-5.com
copris7-yearts-6.com
copris7-yearts-7.com
copris7-yearts-8.com
copris7-yearts-9.com
dak12shub-1.com
dak12shub-10.com
dak12shub-3.com
dak12shub-4.com
dak12shub-6.com
dak12shub-8.com
dak12shub-9.com
f-io.online
fasttuamz587-4.com
fenranutc0x24ai-11.com
fenranutc0x24ai-13.com
fenranutc0x24ai-17.com
fenranutc0x24ai-18.com
fenranutc0x24ai-4.com
gaplerr-xt5.com
gets25-amz.net
gets27-amz.net
gets28-amz.net
gets29-amz.net
gets3-amz.net
gets30-amz.net
gets31-amz.net
gets32-amz.net
gets34-amz.net
gets35-amz.net
gxnhfghnjzh809.com
hayalanphezor-1sit.com
hayalanphezor-2sit.com
hayalanphezor-3sit.com
hayalanphezor-4sit.com
hayalanphezor-6sit.com
hayalanphezor-7sit.com
hpk02h21yyts-6.com
hvgjgj-shoes01.com
hvgjgj-shoes08.com
hvgjgj-shoes10.com
hvgjgj-shoes11.com
hvgjgj-shoes12.com
hvgjgj-shoes13.com
hvgjgj-shoes14.com
hvgjgj-shoes15.com
hvgjgj-shoes16.com
hvgjgj-shoes18.com
hvgjgj-shoes19.com
hvgjgj-shoes20.com
i-at.club
irformainsition0971a8-net16.com
j-on.xyz
jgkxjhx-shoes02.com
jgkxjhx-shoes03.com
jgkxjhx-shoes04.com
jgkxjhx-shoes05.com
jgkxjhx-shoes08.com
jgkxjhx-shoes09.com
kenatipurecehkali-xt12.com
kenatipurecehkali-xt13.com
kenatipurecehkali-xt3.com
kenatipurecehkali-xt4.com
kenatipurecehkali-xt5.com
kenatipurecehkali-xt6.com
ketiak-muser13.com
ketiak-muser14.com
ketiak-muser15.com
laser9078-ter10.com
laser9078-ter11.com
laser9078-ter17.com
maills-activitymove01.com
maills-activitymove02.com
maills-activitymove04.com
masihtidur-shoes01.com
masihtidur-shoes02.com
masihtidur-shoes04.com
masihtidur-shoes07.com
masihtidur-shoes08.com
noticesumartyas-sc13.com
noticesumartyas-sc15.com
noticesumartyas-sc16.com
noticesumartyas-sc17.com
noticesumartyas-sc18.com
noticesumartyas-sc19.com
noticesumartyas-sc2.com
noticesumartyas-sc20.com
noticesumartyas-sc21.com
noticesumartyas-sc22.com
noticesumartyas-sc23.com
noticesumartyas-sc24.com
noticesumartyas-sc25.com
noticesumartyas-sc29.com
noticesumartyas-sc4.com
noticesumartyas-sc5.com
notoficationdeliveryamazon1.com
notoficationdeliveryamazon10.com
notoficationdeliveryamazon12.com
notoficationdeliveryamazon13.com
notoficationdeliveryamazon14.com
notoficationdeliveryamazon16.com
notoficationdeliveryamazon17.com
notoficationdeliveryamazon18.com
notoficationdeliveryamazon19.com
notoficationdeliveryamazon2.com
notoficationdeliveryamazon20.com
notoficationdeliveryamazon23.com
notoficationdeliveryamazon3.com
notoficationdeliveryamazon4.com
notoficationdeliveryamazon5.com
notoficationdeliveryamazon6.com
notoficationdeliveryamazon7.com
notoficationdeliveryamazon8.com
org77supp-minty662-10.com
org77supp-minty662-7.com
org77supp-minty662-8.com
org77supp-minty662-9.com
organix-xtc18.com
organix-xtc21.com
p-at.club
posher876ffffff-25.com
posher876ffffff-29.com
posher876ffffff-30.com
posher876ffffff-5.com
posidma-posidjar01.com
posidma-posidjar03.com
posidma-posidjar05.com
posidma-posidjar06.com
ressstauww-6279-1.com
ressstauww-6279-10.com
ressstauww-6279-3.com
ressstauww-6279-7.com
rick845ko-1.com
rick845ko-10.com
rick845ko-2.com
rick845ko-3.com
rick845ko-5.com
rick845ko-6.com
romanseyilefreaserty0824r-1.com
romanseyilefreaserty0824r-2.com
romanseyilefreaserty0824r-3.com
romanseyilefreaserty0824r-4.com
romanseyilefreaserty0824r-5.com
romanseyilefreaserty0824r-6.com
romanseyilefreaserty0824r-7.com
securemanageprodio-01.com
securemanageprodio-02.com
securemanageprodio-03.com
securemanageprodio-04.com
securemanageprodio-05.com
securityaccount102.com
service-account-374567.com
service-account-5315.com
service-account-7243.com
service-account-7247.com
service-account-7254.com
service-account-735424.com
service-account-762441.com
service-account-76357.com
service-account-764246.com
service-account-8457845.com
solution23-servviue-1.com
solution23-servviue-10.com
solution23-servviue-11.com
solution23-servviue-12.com
solution23-servviue-13.com
solution23-servviue-14.com
solution23-servviue-15.com
solution23-servviue-16.com
solution23-servviue-17.com
solution23-servviue-18.com
solution23-servviue-19.com
solution23-servviue-20.com
solution23-servviue-23.com
solution23-servviue-24.com
solution23-servviue-25.com
solution23-servviue-26.com
solution23-servviue-27.com
solution23-servviue-30.com
solution23-servviue-4.com
solution23-servviue-5.com
solution23-servviue-6.com
solution23-servviue-7.com
solution23-servviue-8.com
solution23-servviue-9.com
spammer-comingson01.com
spammer-comingson02.com
spammer-comingson04.com
spammer-comingson05.com
spammer-comingson07.com
suppamz2-piryshj01-1.com
suppamz2-piryshj01-3.com
suppamz2-piryshj01-6.com
suppamz2-piryshj01-9.com
sux71a37-net1.com
sux71a37-net10.com
sux71a37-net11.com
sux71a37-net12.com
sux71a37-net13.com
sux71a37-net14.com
sux71a37-net15.com
sux71a37-net17.com
sux71a37-net18.com
sux71a37-net19.com
sux71a37-net2.com
sux71a37-net20.com
sux71a37-net21.com
sux71a37-net25.com
sux71a37-net26.com
sux71a37-net27.com
sytesss-tas7.com
tembuslah-bandar01.com
tembuslah-bandar02.com
tembuslah-bandar03.com
tembuslah-bandar04.com
tembuslah-bandar05.com
tembuslah-bandar06.com
tembuslah-bandar07.com
tembuslah-bandar08.com
tembuslah-bandar09.com
tembuslah-bandar10.com
trashxn-euyr1.com
trashxn-euyr10.com
trashxn-euyr11.com
trashxn-euyr12.com
trashxn-euyr14.com
trashxn-euyr15.com
trashxn-euyr16.com
trashxn-euyr17.com
trashxn-euyr18.com
trashxn-euyr19.com
trashxn-euyr2.com
trashxn-euyr20.com
trashxn-euyr3.com
trashxn-euyr5.com
trashxn-euyr6.com
trashxn-euyr7.com
trashxn-euyr9.com
winb2as-wwersd76-1.com
winb2as-wwersd76-10.com
winb2as-wwersd76-12.com
winb2as-wwersd76-18.com
winb2as-wwersd76-19.com
winb2as-wwersd76-20.com
winb2as-wwersd76-4.com
winb2as-wwersd76-6.com
winb2as-wwersd76-7.com
wixclwardwual-updates1.com
wixclwardwual-updates10.com
wixclwardwual-updates5.com
wixclwardwual-updates6.com
wixclwardwual-updates7.com
wixclwardwual-updates8.com
wixclwardwual-updates9.com
wtbwts-junet1.com
xcfhjxfyxnhnjzh10.com
zxcsaxb-good10.com
zxcsaxb-good3.com
zxcsaxb-good4.com
zxcsaxb-good5.com
zxcsaxb-good6.com
zxcsaxb-good8.com

# Reference: https://www.virustotal.com/gui/file/05c4ef24468ae00a47764f92984c36a6ca933dcdbd90fd409ba5327caf43b915/detection

http://192.227.228.106

# Reference: https://www.virustotal.com/gui/file/135436cf2735f3fb5642711e7077e2642d4ce8d17aa1c7bbefaf44c938961db6/detection

http://198.23.212.137

# Reference: https://news.sophos.com/en-us/2021/09/01/fake-pirated-software-sites-serve-up-malware-droppers-as-a-service/
# Reference: https://github.com/sophoslabs/IoCs/blob/master/Troj-DropperAsAService.csv
# Reference: https://otx.alienvault.com/pulse/61374a4e59aeca8acb8bef82/

a3wella3a.club
between3z.xyz
centomor.xyz
deferor2z.xyz
dolihost.xyz
earth00.xyz
eroxyhost.xyz
fiveyear3.club
forendde76gn.shop
freeprocrack.co
freewarefiles.xyz
frommost8z.xyz
hokimxen.xyz
ican3e.club
imy4host.xyz
infringem2ent.xyz
interacti3ve.xyz
introductioel.xyz
intstallusd.online
iswhy3z.xyz
ksergyale.xyz
lectroniccomb.xyz
linkforge.xyz
lp2soza865.xyz
lp2wuza636.xyz
microcodez.xyz
mozense.xyz
msitsbehe.xyz
mswetshop.xyz
mybravo.xyz
perpetua9ted.xyz
removed8.xyz
rereferrme.xyz
ridzfilez.xyz
servewfr.xyz
sincethe9s.xyz
sometimez.xyz
tersareu.xyz
thatyoucan.website
to3453.club
toyourweb.club
ttencomputterl.xyz
ueyctgve.xyz
undesirablez.xyz
werenot3.xyz
ybittrhost.xyz
ybybfkegs.xyz
zjnetdownloads.xyz
ns1.intstallusd.online
ns2.intstallusd.online

# Reference: https://www.proofpoint.com/us/blog/threat-insight/advance-fee-fraud-emergence-elaborate-crypto-schemes
# Reference:https://otx.alienvault.com/pulse/6138bfc48d45215cc40b98b5

coinmace.net
coinomac.com
coins45.com
fortcoin.net
securecoins.net

# Reference: https://twitter.com/InQuest/status/1515803436129959942

http://20.69.97.31

# Reference: https://www.virustotal.com/gui/file/90bad6ae1557a40614230c7352eb1ba0924750e1e62ca94beb90b39657cc3514/detection

free1121.host.od.ua

# Reference: https://www.virustotal.com/gui/file/ee7d738d7011a4ae1f082461bfaa1c336006d848c0035dc297c5eef818786700/detection

http://192.227.168.151

# Reference: https://twitter.com/malwrhunterteam/status/1514193002079690752
# Reference: https://www.virustotal.com/gui/file/eb557b06953a2d623143f8dda6fc26b5f87ab712c7707d8a72bbbb8eee795536/detection

yibozf108.com

# Reference: https://twitter.com/ps66uk/status/1518891820054458369
# Reference: https://www.virustotal.com/gui/file/f6a3c8585bb8996962de5fb9d1318694190e14221b0ca4cac71077a11d60b3c7/detection
# Reference: https://www.virustotal.com/gui/file/593e39e5d52ebbb2c2786d05f0393e134514e37ece253056195782f11f6b20c4/detection

bluecovertrading.com/kelllll/
bluecovertrading.com/NANA/
bluecovertrading.com/s/

# Reference: https://twitter.com/AltShiftPrtScn/status/1519840040637157378

http://134.122.188.206

# Reference: https://www.virustotal.com/gui/file/63966ff6a034c00524f19e2028b75cd66d22af18132847f002c743b38c90407c/detection

http://217.73.66.1

# Reference: https://www.virustotal.com/gui/file/d8b694199e1006b68df340384d2ba14a092b32f8de531f9f9a38a4d4de0fc6dd/detection

http://103.30.40.173

# Reference: https://www.virustotal.com/gui/file/639b0a2f9e13eb32355bcee5361e8b7a4c8af0052eb0b926488ee75b6e6e31ea/detection

jipiao114ai.com

# Reference: https://twitter.com/1ZRR4H/status/1521319670879600640

http://82.165.106.79

# Reference: https://www.virustotal.com/gui/file/69d989d818dc639f1c0a8963d7649164b105b12f9fd42f57f4a4eae269cd0541/detection

http://103.141.137.109

# Reference: https://www.virustotal.com/gui/file/719395314e747db713ac8ff60ea55bc1db749dd3699bde255f57f5e1070fcbc0/detection

http://141.136.27.220

# Reference: https://www.virustotal.com/gui/file/fb435d4b62b442b014052894bddf213d7526278e405567fa05440bd1312952e6/detection

http://2.56.59.232

# Reference: https://twitter.com/pr0xylife/status/1523674058885267457

http://138.201.149.43

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-09%20Redline%20IOCs

http://185.193.89.11

# Reference: https://twitter.com/malwrhunterteam/status/1523982005846917120

http://207.246.81.201

# Reference: https://twitter.com/pr0xylife/status/1524046080224096256

http://46.4.198.55

# Reference: https://www.virustotal.com/gui/file/cc2432775eaa346d07f04e076e614731b9456146997d2c0b1c0655b298e2534e/detection

codeconline.biz
player1523.com
ns1.codeconline.biz
ns1.player1523.com

# Reference: https://twitter.com/b3ard3dav3ng3r/status/1525086110367764480

http://103.200.23.247
/~ggggggco/

# Reference: https://www.virustotal.com/gui/file/24ee20d7f254e1e327ecd755848b8b72cd5e6273cf434c3a520f780d5a098ac9/detection

hectorcalle.com
pilatylu.com

# Reference: https://www.virustotal.com/gui/file/77c2b80009f8dbe9d42283b32bb93decbe26179a171c233c078c49bd629bef6c/detection

http://85.202.169.85

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-19%20Remcos%20IOCs

http://192.210.149.242

# Reference: https://twitter.com/silentpush_labs/status/1527348364915855366

dainikjeevan.com

# Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection

http://193.106.191.190
http://193.124.22.8
http://193.233.48.74
http://193.233.48.98

# Reference: https://www.virustotal.com/gui/file/fbf53255c0a5a3c5f0010df3256462b5f3bfd4def9127808d8265ae4c0b0cb09/detection

http://54.80.204.133

# Reference: https://asec.ahnlab.com/ko/34497/
# Reference: https://otx.alienvault.com/pulse/628ba84a4b309d17941a87a2

http://103.89.30.10
http://104.161.34.171

# Reference: https://twitter.com/tosscoinwitcher/status/1529350646847008768

http://180.214.238.224

# Reference: https://twitter.com/da_667/status/1530260199289798658

http://2.56.57.22

# Reference: https://www.virustotal.com/gui/file/79594030104f5ace4eba6d286194aad282a30376f9eb17a38cfb8ba929404112/detection

manareoeyui.s3.ap-south-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/1223897eca4325cd7291ec4bd0ff77d8e8e13cd82347a037153b9acc052e1465/detection

solro14.s3.ap-northeast-3.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/c9101201af9368c82269aba3c0c995acf31f30aa1e48dac6cbba8b01614dd8aa/detection

sesk90.s3.ap-northeast-2.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/ec819177bde1a859a6104bfd95f2c89d28f281b36d872a52e3e627acf35ce5d5/detection

salereport.org

# Reference: https://www.virustotal.com/gui/file/163717d9ebe4ace6547c05ae5553b2c4d28a1090c8e904d66dee7278239a3b2e/detection

http://86.106.131.132

# Reference: https://twitter.com/reecdeep/status/1531196537497391105

http://185.222.58.109

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-June/030681.html

kealkun.16mb.com
ping.otwalkun.16mb.com

# Reference: https://twitter.com/malwrhunterteam/status/1535593663383977986
# Reference: https://www.virustotal.com/gui/file/dbbe65f992e3e2351de15a0b7e56f6b1cf00b675ec436dfd99032b323e533336/detection

protechnical.com/usbdrop/

# Reference: https://thedfirreport.com/2022/06/06/will-the-real-msiexec-please-stand-up-exploit-leads-to-data-exfiltration/
# Reference: https://otx.alienvault.com/pulse/629dd3e0c697010cdf9bb0fc

http://23.81.246.84

# Reference: https://twitter.com/smica83/status/1536263039464382465

http://193.169.255.203

# Reference: https://twitter.com/James_inthe_box/status/1536418013691277312
# Reference: https://app.any.run/tasks/2d79a22c-84e3-4609-9436-3ceed9e36f36/

http://193.106.191.105

# Reference: https://www.virustotal.com/gui/file/5ed4ead30d4a769ef97c87fac7b1655f3a81b3b334b62647996c01786e340cce/detection

http://188.225.72.105

# Reference: https://www.virustotal.com/gui/file/138d6b7c14089c460dac2f723c91acb6436fdcc1b9dd9f03e711e035d4bd6620/detection

http://45.85.190.93

# Reference: https://twitter.com/JAMESWT_MHT/status/1536678912629129219

http://142.93.245.51

# Reference: https://www.virustotal.com/gui/file/01b4a9e7c4479cf0e72a55af192c151b08f96b8244805711dc8980d05f850e56/detection

http://107.175.212.46

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-20%20Formbook%20IOCs

http://180.214.236.4

# Reference: https://www.virustotal.com/gui/file/8f6bbb53f3f58a4c9cd9662705d3f07627f06b090aec79b68f89d67f4f8a1d4b/detection
# Reference: https://www.virustotal.com/gui/file/861d147336d17e675fa6024f4337ed36c451975d887f2248848d5f5c78423295/detection

ludieridecor.com.br/mmpo12.exe
messageoflightchapel.org/pop2.exe
mywebhost.vn/loal0.exe

# Reference: https://www.virustotal.com/gui/file/2f0d53c60cb7822931ac3f7656afa63081e1bb90b1e2ff07d9bb0d6b8ba02e50/detection

http://136.144.41.109

# Reference: https://twitter.com/1ZRR4H/status/1539729857399119873

http://81.71.163.70

# Reference: https://twitter.com/_Y000_/status/1539775526587420672

http://104.210.219.69

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-24%20AveMaria_Warzone%20RAT%20IOCs

http://20.51.227.181

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-23%20Remcos%20IOCs

http://104.168.32.43
http://198.46.132.217

# Reference: https://twitter.com/th3_protoCOL/status/1539261651722989569

http://176.113.115.107
http://193.27.228.127

# Reference: https://twitter.com/pr0xylife/status/1540304636388802560

http://198.12.81.50

# Reference: https://twitter.com/Ledtech3/status/1539977092338696197

http://192.227.173.33

# Reference: https://www.virustotal.com/gui/file/050e8470ec90cce777efccbd2e5ccc9919e1944965e6d1a83ccdee1da4de7e61/detection

a0684980.xsph.ru

# Reference: https://twitter.com/pr0xylife/status/1540303411387801600

http://107.172.76.188

# Reference: https://twitter.com/pr0xylife/status/1541399140424613891

http://35.177.103.98

# Reference: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat
# Reference: https://www.virustotal.com/gui/file/03700e0d02a6a1d76ecaa4d8307e40f76e07284646b3c45693054996f2e643d7/detection
# Reference: https://www.virustotal.com/gui/file/24811e849a7a0e73788bc893bed81b88405883eb9114557eacd26a90c2a81c29/detection
# Reference: https://www.virustotal.com/gui/file/c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e/detection

http://203.96.191.70
http://72.167.223.219

# Reference: https://app.any.run/tasks/23cb9fa3-e50c-40be-8480-f3a88cee66a0/

http://212.192.241.211

# Reference: https://www.virustotal.com/gui/file/ed47adb067f02b7d9aac66a0d2b4c8b4daee6f3e800aba23425a51e23d6820bb/detection

http://192.3.13.67

# Reference: https://www.virustotal.com/gui/file/450011e609f9ffbaff1d163ea17f05f51546a0fb0372a0ae48286c0248acba91/detection

http://192.227.129.26

# Reference: https://www.virustotal.com/gui/file/792941d598f1539d071142d92e4fb0ffc9e61b5e3570521fa50e67501ae6eadf/detection

http://192.227.168.194

# Reference: https://twitter.com/pmmkowalczyk/status/1542097473283440640

http://103.207.39.127

# Reference: https://tria.ge/210101-ydatejtcj6/behavioral1

http://23.254.228.46

# Reference: https://tria.ge/201203-p9cfx4whpa

http://23.254.229.20

# Reference: https://tria.ge/201203-p9cfx4whpa/behavioral1

http://185.243.113.10

# Reference: https://tria.ge/220617-w92pgachhm

http://193.56.146.76
http://85.202.169.116

# Reference: https://www.virustotal.com/gui/file/01f187b666a8f17996e6446772b67aaef1de9ecbc573d2b043a007a3bedeaca6/detection

http://192.3.245.147

# Reference: https://www.virustotal.com/gui/file/6b03d4b13d860421806b365dc1e04b53118523cf1eb6c0c17dfe69e1c7f3e0de/detection

http://80.66.75.88

# Reference: https://www.virustotal.com/gui/file/0287ac2500cd06804c3264d535d6c78cf9f3bd8bfb7014a0c4658d60f887ee9b/behavior/Zenbox

http://185.106.93.10

# Reference: https://twitter.com/malwrhunterteam/status/1543866954242473986

http://192.227.158.110
/--------_--------------_------------_----------------------------_---------------------_--------/
/--------_--------------_------------_----------------------------_---------------------_--------.doc

# Reference: https://twitter.com/kienbigmummy/status/1544249520783265794

http://192.3.239.42

# Reference: https://twitter.com/InQuest/status/1544265974064549890

hotelconchadomar.com.br/booking/

# Reference: https://twitter.com/malwrhunterteam/status/1544691386011815936

http://64.190.113.166

# Reference: https://twitter.com/InQuest/status/1545328172358672384

http://45.130.138.253

# Reference: https://twitter.com/reecdeep/status/1546464045083103232

http://193.239.164.112
http://20.231.55.108

# Reference: https://twitter.com/kienbigmummy/status/1547444305689968640

http://107.172.73.133

# Reference: https://www.virustotal.com/gui/url/bb67fb9dc7a82f521047f3b9810d6031a4f84e95b1a4c8f9a93ad3466abc8550/detection

http://52.90.94.229

# Reference: https://www.virustotal.com/gui/file/61a65f2ec30e97582a18bc66f8bdf51ffa83e3558d01d2ca7761e7e97ac582a4/detection

http://194.87.45.38

# Reference: https://twitter.com/malwrhunterteam/status/1547857576359997440

http://185.102.170.157

# Reference: https://twitter.com/r3dbU7z/status/1548964165347430401
# Reference: https://www.virustotal.com/gui/ip-address/185.102.170.167/

http://185.102.170.167

# Reference: https://twitter.com/b3ard3dav3ng3r/status/1549315169352040449

http://47.100.221.171

# Reference: https://twitter.com/reecdeep/status/1549314159791202305

http://212.192.246.226

# Reference: https://twitter.com/James_inthe_box/status/1550120630602719232

http://154.127.53.242

# Reference: https://twitter.com/malwrhunterteam/status/1550400225176702976

http://163.123.143.34

# Reference: https://www.virustotal.com/gui/file/072e09c67cd5d534d2b3d168c8503d3ebf3bd06d3cab44426334afe41e5f7c79/detection

ppz.devel.gns.com.br

# Reference: https://twitter.com/tosscoinwitcher/status/1550573481309270018

http://102.37.220.234

# Reference: https://twitter.com/InQuest/status/1551963092275400706

http://89.38.225.138

# Reference: https://twitter.com/InQuest/status/1551953146108420096

http://23.95.52.140

# Reference: https://twitter.com/Ledtech3/status/1552026904064294912

http://96.30.192.132

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-26%20Remcos%20IOCs

http://66.154.103.196

# Reference: https://www.virustotal.com/gui/file/4e1ee2596bc9fc6dc600ea9b39c5a7a0334497ccc142a4b55c24ebff3fd86e11/detection

http://5.206.227.124

# Reference: https://www.virustotal.com/gui/file/e5718ad2c861eaa44324639cc6918b679155670fb92452878abecead76e24144/detection

http://124.220.178.26

# Reference: https://www.virustotal.com/gui/file/c73e0b8a9141e1531a8a2ae1a96da5e89f5366c4dce94a514fe93a9565d51f18/detection

http://5.252.23.65

# Reference: https://twitter.com/Gi7w0rm/status/1552583621692854275

http://103.114.106.120

# Reference: https://twitter.com/InQuest/status/1552577523174744064

http://192.3.110.133

# Reference: https://www.virustotal.com/gui/file/02c3dcb86a3ed2f46043d2bb427b0441e351c0f050709123d1de8afc9bfd1f1d/detection

http://23.95.85.171

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-29%20Lokibot%20IOCs

http://192.3.122.162

# Reference: https://twitter.com/malwrhunterteam/status/1552958115607363586

http://13.239.119.69

# Reference: https://twitter.com/InQuest/status/1554041345119080452

http://104.168.32.38

# Reference: https://twitter.com/InQuest/status/1554090812874625025

http://172.245.163.175

# Reference: https://twitter.com/InQuest/status/1554091006722772998

http://192.210.219.10

# Reference: https://twitter.com/malwrhunterteam/status/1554157800619745281

http://45.138.16.201

# Reference: https://twitter.com/InQuest/status/1554397574240653312

http://198.12.81.67

# Reference: https://twitter.com/jstrosch/status/1554302605697884160

ddrive.online

# Reference: https://twitter.com/malwrhunterteam/status/1554728995261915137

http://146.70.24.168

# Reference: https://twitter.com/1ZRR4H/status/1555094224525197313

193.149.176.134:8000

# Reference: https://twitter.com/jstrosch/status/1555215249678237696

http://208.67.105.125

# Reference: https://twitter.com/JAMESWT_MHT/status/1555439241869631488

http://192.3.152.171

# Reference: https://twitter.com/jstrosch/status/1555212771251425280

http://107.182.129.251

# Reference: https://twitter.com/kienbigmummy/status/1555051973418045440

http://109.206.241.81
http://208.67.105.179

# Reference: https://www.virustotal.com/gui/file/a53036bee6e604897405f5e9064d05afa0a34901bad098219c85da36a2e002b1/detection

http://193.56.146.131

# Reference: https://twitter.com/JAMESWT_MHT/status/1555439241869631488

http://192.3.152.171

# Reference: https://www.virustotal.com/gui/file/cfc7850f9752447ee7eecfe9f90c0fdc2709e9145a9061561a0538c8c013df28/detection

http://185.45.192.234

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-02%20Remcos%20IOCs

http://192.3.76.220

# Reference: https://twitter.com/James_inthe_box/status/1554213035614474240

http://212.192.246.234

# Reference: https://twitter.com/InQuest/status/1555575015231430656

http://107.173.192.130
http://192.3.152.171
http://198.23.207.54

# Reference: https://twitter.com/malwrhunterteam/status/1554522693512355840

kristinalhall.net/wm/

# Reference: https://www.virustotal.com/gui/file/1209e43a1ac72b78767d66cb9ed2cdefb763be3d60a2a9d5998ca39ca1009356/detection

http://107.172.76.190

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-08-08-IOCs-for-IcedID-and-Cobalt-Strike.txt

http://104.238.220.131

# Reference: https://twitter.com/JAMESWT_MHT/status/1557308965075034113

http://107.172.75.169

# Reference: https://www.virustotal.com/gui/file/07a30067b0e7518d38e94e9ddb31cd5982592d91a4af3f8ebbdd60d088196451/detection

rotf.tk

# Reference: https://www.virustotal.com/gui/file/7877f3670de5ac886083b986591e09ea84a8515ab5fa2cadd1237b492c49ce96/detection

l-inky.com

# Reference: https://www.virustotal.com/gui/ip-address/23.94.159.226/relations

http://23.94.159.226

# Reference: https://twitter.com/malwrhunterteam/status/1557379854861058048

tax-irc.com

# Reference: https://twitter.com/MBThreatIntel/status/1557433308803305474

chrome-update.com

# Reference: https://mp.weixin.qq.com/s/cGS8FocPnUdBconLbbaG-g

http://92.255.85.138

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-10%20NetWire%20IOCs

http://192.3.194.246

# Reference: https://twitter.com/InQuest/status/1558027766456532992

http://192.210.149.222

# Reference: https://www.virustotal.com/gui/file/b40aa1b8da985a45319b3c543e1ee714ee0f44752048f3e34fbc4795365f0d41/detection

a0700356.xsph.ru

# Reference: https://twitter.com/James_inthe_box/status/1558094744906915842

http://171.22.30.211

# Reference: https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities

http://108.60.212.220

# Reference: https://twitter.com/tosscoinwitcher/status/1558136237566767104
# Reference: https://tria.ge/220812-t9qk4ahha9
# Reference: https://tria.ge/220812-vckt1sfefr

http://23.95.106.126

# Reference: https://www.virustotal.com/gui/file/a814641ece58ba618155c9267474a575a6423b7bd086c7b534e267e40292e2ce/detection

http://95.217.248.44

# Reference: https://twitter.com/WhichbufferArda/status/1558885857611993089

http://23.95.215.51

# Reference: https://twitter.com/SBousseaden/status/1558916870937395200
# Reference: https://www.virustotal.com/gui/file/1223897eca4325cd7291ec4bd0ff77d8e8e13cd82347a037153b9acc052e1465/detection

solro14.s3.ap-northeast-3.amazonaws.com

# Reference: https://twitter.com/StopMalvertisin/status/1559071063572873217

http://88.198.148.231

# Reference: https://www.virustotal.com/gui/file/fadcfd2f990a0f871a1834723d403a0598faf9f06ca75465c58b69d81342c08f/detection

http://23.95.122.112

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Agent%20Tesla/AgentTesla-%2017082022

http://185.27.133.14

# Reference: https://twitter.com/InQuest/status/1560182408204492801

http://198.12.89.174

# Reference: https://www.virustotal.com/gui/file/064d71f2dce696c067d5a64379a31332c5471b2f74804d6fe1ed653749c20417/detection

http://185.222.57.212

# Reference: https://twitter.com/StopMalvertisin/status/1560237970279759873
# Reference: https://www.virustotal.com/gui/file/6b5f70369a894fe033b349546cfe3cdf41e9fe5a247cf5d7a243de7163e9cea6/detection

http://49.234.67.167

# Reference: https://twitter.com/doc_guard/status/1560615968270737414

http://23.95.34.121

# Reference: https://twitter.com/StopMalvertisin/status/1561438279647768577

http://193.56.146.131

# Reference: https://twitter.com/InQuest/status/1561793671049216003

http://198.23.154.169

# Reference: https://twitter.com/malwrhunterteam/status/1562181279101108224
# Reference: https://www.virustotal.com/gui/file/cb6e6a15e3fbbf893211abb16d9ce465c88b8ebc5feea4af2b0323559dafc18f/detection

http://95.214.24.180

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Remcos%20RAT/Remcos%20-%2024082022

http://20.7.43.70
http://37.139.129.142

# Reference: https://twitter.com/MBThreatIntel/status/1562449846497267715

http://79.110.62.213

# Reference: https://twitter.com/TeamDreier/status/1562709380126355456
# Reference: https://twitter.com/ViriBack/status/1562800945490464768
# Reference: https://twitter.com/pmelson/status/1595119169963687936
# Reference: https://twitter.com/bryceabdo/status/1595122757003808768
# Reference: https://www.virustotal.com/gui/ip-address/23.227.202.214/relations
# Reference: https://www.virustotal.com/gui/file/62ffc3caf75567a698381409efcbb85079fcce7ea9dc46e73689985a20cf24a3/detection

http://193.47.61.182
http://23.227.202.28
fastaccesone.com
fastaccestwo.com
/load/powerDEF.bat

# Reference: https://twitter.com/pollo290987/status/1563054806851194883

http://172.245.220.196

# Reference: https://www.virustotal.com/gui/file/983062aeeda99cea87f22fb07cb07b6394ace16f3c0fa75bafeb77dee7e6e70b/detection

http://192.210.240.101

# Reference: https://twitter.com/Iamdeadlyz/status/1562821456492314625

cthulhu-world.com

# Reference: https://twitter.com/James_inthe_box/status/1562797515249840128

http://172.245.142.35
http://198.12.89.73
198.12.89.73:443

# Reference: https://www.virustotal.com/gui/file/3500006bb33536ef2379f76afe8d70f57141c92025a0c6c14e80fba4a7a6bd9a/detection

http://104.168.32.31

# Reference: https://www.virustotal.com/gui/file/6682fa6682bb8d582f604297cc51b88b0eb30d8f0daff3244d843c5ce1991971/detection

http://192.3.223.201

# Reference: https://www.virustotal.com/gui/file/b45a8888d739677f68d55eaf305e8e00ba219115c60d16640318045e898c006d/detection

csmdfrnd.com

# Reference: https://www.virustotal.com/gui/file/27c50157c334c2a8528777ff4a8b72111ed99b64127aa0851a05e92cc6fba291/detection

derioswinf.org

# Reference: https://twitter.com/blueteamsec1/status/1563216592363978752

http://194.87.31.137
http://2.58.28.60

# Reference: https://twitter.com/James_inthe_box/status/1564613456774709254

http://107.172.4.183

# Reference: https://twitter.com/pollo290987/status/1564616597263847430

http://172.245.214.173

# Reference: https://www.virustotal.com/gui/file/06e2cfec7f1ddcbc35df9322838088535bf096e8f3ca991fa12e49634f1483b0/detection

a0710963.xsph.ru

# Reference: https://twitter.com/StopMalvertisin/status/1564841997810409473
# Reference: https://www.virustotal.com/gui/domain/buchserix.com/detection

buchserix.com

# Reference: https://twitter.com/pollo290987/status/1564875132354584576

http://172.245.142.47
http://185.246.220.130

# Reference: https://twitter.com/CMahalay/status/1564866575772966912
# Reference: https://twitter.com/Iamdeadlyz/status/1564878373889114112

metabloxel.com
metastaxel.com

# Reference: https://twitter.com/StopMalvertisin/status/1563729037671149568
# Reference: https://www.virustotal.com/gui/file/ed3ef87baf72ac521db91bbb0dbd78bb47fc4eb092b7941e6802ab1118c6603d/detection

http://149.28.241.241

# Reference: https://twitter.com/James_inthe_box/status/1565362222682935298

http://81.161.229.110

# Reference: https://www.virustotal.com/gui/file/0495c0518c4d8f7cb71cdfdd10f4736e11d5d2c7bddbebdd735cf79a86390981/detection

http://84.38.134.57

# Reference: https://twitter.com/ANeilan/status/1565424678033920004

http://192.144.227.177

# Reference: https://twitter.com/pr0xylife/status/1565354363765215238

http://193.178.210.58

# Reference: https://twitter.com/StopMalvertisin/status/1565568583597686784

eventorganizer.pk
qaz.im/load/diy5AH/b6d42680-56fd-4f98-ae0e-ff81e3799df6

# Reference: https://tria.ge/220904-sb53fsbhh6/behavioral1

kafei.528k.cn

# Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection
# Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection

http://5.255.103.154
http://62.204.41.123
http://94.26.226.51
http://95.214.24.96

# Reference: https://twitter.com/JAMESWT_MHT/status/1565690847441653760

http://5.252.118.33
http://89.208.104.172

# Reference: https://twitter.com/crep1x/status/1565673153090801665

elmad.my.id

# Reference: https://twitter.com/r3dbU7z/status/1567190038751870977

http://34.133.9.10

# Reference: https://twitter.com/malware_traffic/status/1567296860439678980

http://107.72.61.136

# Reference: https://twitter.com/stoerchl/status/1568156960234639366

microsoft-security-updates.com

# Reference: https://twitter.com/pollo290987/status/1568312064006815747

http://45.137.22.239

# Reference: https://www.virustotal.com/gui/file/1aa2d32ab883de5d4097a6d4fe7718a401f68ce95e0d2aea63212dd905103948/detection

http://5.255.104.227
http://79.110.62.91

# Reference: https://twitter.com/r3dbU7z/status/1568952337837834245

47.242.182.71:8080
47.242.252.175:8080
47.242.67.116:8080
bitdoge.one
rat.bitdoge.one
a-ss.bitdoge.one
e-ss.bitdoge.one
f-ss.bitdoge.one
rat.bitdoge.one

# Reference: https://twitter.com/Jirehlov/status/1568773437799436289

genshincc.com

# Reference: https://twitter.com/WhichbufferArda/status/1569078747067736070

http://146.70.40.230

# Reference: https://twitter.com/pmelson/status/1569134392668311556
# Reference: https://www.virustotal.com/gui/file/d8f0605cdefcc56a5ff25007ba2afca30e423dc2575510255a545d2a98dc059d/detection

void.nfd.com.tr

# Reference: https://twitter.com/tosscoinwitcher/status/1569372648811134977

http://107.172.61.136

# Reference: https://twitter.com/WhichbufferArda/status/1569404716873928707

http://216.189.145.246

# Reference: https://isc.sans.edu/diary/29052

http://107.172.44.187

# Reference: https://twitter.com/InQuest/status/1570166800956157952

http://188.227.57.46

# Reference: https://twitter.com/0xToxin/status/1570501991306231808

http://141.98.6.75

# Reference: https://twitter.com/r3dbU7z/status/1571118142549798912

http://46.30.189.221
burc-groups.com
support.burc-groups.com

# Reference: https://twitter.com/WhichbufferArda/status/1571541189798641666

http://45.79.117.96
/RubberDuckyPayload/
/RubberDucky/

# Reference: https://twitter.com/reecdeep/status/1570400714605608964

http://103.156.93.29

# Reference: https://twitter.com/reecdeep/status/1571863696615395329

http://103.207.39.154

# Reference: https://twitter.com/pollo290987/status/1571893053572452352

http://202.55.132.185

# Reference: https://twitter.com/pollo290987/status/1571900350583508993

http://81.161.229.7

# Reference: https://twitter.com/pollo290987/status/1570106972594126849

http://192.3.173.102

# Reference: https://twitter.com/pollo290987/status/1572232914464555014

http://20.13.18.40

# Reference: https://twitter.com/pollo290987/status/1572239659119575040

http://155.254.17.251

# Reference: https://twitter.com/pollo290987/status/1572628013489197058

http://193.106.191.223

# Reference: https://twitter.com/pollo290987/status/1572627967137792006
# Reference: https://www.virustotal.com/gui/file/6454523a7bb0aec9d2c66c43447ea65bfe8cff6659b4b4fea26d8919571de430/detection
# Reference: https://www.virustotal.com/gui/file/a646ae729b3f8412fa1e2fd7fe6f4c5a592b3ff7446466c0258bee74f9ef2a62/detection

http://45.137.22.42

# Reference: https://twitter.com/James_inthe_box/status/1572939464468729856

http://194.38.23.159

# Reference: https://twitter.com/r3dbU7z/status/1572735985586143236

http://147.135.210.135

# Reference: https://twitter.com/illegalFawn/status/1572242618817581056
# Reference: https://twitter.com/illegalFawn/status/1572247530141880320

klanthelpdesk.live
abnamro.klanthelpdesk.live
asnbank.klanthelpdesk.live
ing.klanthelpdesk.live
knab.klanthelpdesk.live
regiobank.klanthelpdesk.live
snsbank.klanthelpdesk.live
triodos.klanthelpdesk.live
vanlanschot.klanthelpdesk.live

# Reference: https://twitter.com/tosscoinwitcher/status/1546717291726794752

http://107.172.13.154

# Reference: https://www.virustotal.com/gui/file/c22428ab1a13e2396b9994463a7f64d48002c71a4622263a1336c25ec825bd0d/detection

http://190.14.242.242
0hh0.ru
armyserver.myjino.ru

# Reference: https://www.virustotal.com/gui/file/56bf00e13e932307adefa64750e27dc344c2f962deb45f01a359e5c02272b61e/detection

myjerryblogs95.org

# Reference: https://twitter.com/r3dbU7z/status/1574469536878923790
# Reference: https://bazaar.abuse.ch/sample/e785ef69f5e171c382c9cc8678b3bc26fdee971a70d8870d90e03b65aa3fade5/

http://52.221.14.194
http://54.254.144.12
php.ooo

# Reference: https://www.virustotal.com/gui/file/a02a0d8e8fd14382339abf67a9e015849d8479ad58e82f9621b3d08ab287fb2e/detection

mrlee.eu.org

# Reference: https://twitter.com/0xToxin/status/1575574532676468736

http://172.245.214.173

# Reference: https://twitter.com/r3dbU7z/status/1575216278154858496

http://18.163.190.116

# Reference: https://twitter.com/k3dg3/status/1575173131198558208

http://45.153.243.98

# Reference: https://twitter.com/idclickthat/status/1575496131202535424

anydeskremote1.websiteseguro.com

# Reference: https://www.virustotal.com/gui/file/9a4b452634bd83958db7d43c8f35afa8959dfb591174cf08da59e59055099f6b/detection

bontiakhotel.net
janiking.xyz

# Reference: https://twitter.com/r3dbU7z/status/1576012593088516096

http://172.104.66.186

# Reference: https://twitter.com/petrovic082/status/1576888248818728960

http://171.22.30.79

# Reference: https://twitter.com/StopMalvertisin/status/1576927905652756485

justclickam.com

# Reference: https://twitter.com/pollo290987/status/1576940529945747456

teqturn.com

# Reference: https://twitter.com/pollo290987/status/1576940745344581632

http://207.167.64.122

# Reference: https://twitter.com/malwrhunterteam/status/1576984214351724546
# Reference: https://www.virustotal.com/gui/file/f97ee203a3dd08ac38d16295dbf9cb0c7476690ba03a05afefed34d7e8cfd44e/detection

xn--screnshot-iib.net
down.xn--screnshot-iib.net

# Reference: https://securelist.com/uncommon-infection-and-malware-propagation-methods/107640/

d39d3ulzmek390.cloudfront.net

# Reference: https://twitter.com/reecdeep/status/1577668826149306370

http://195.178.120.62

# Reference: https://twitter.com/pollo290987/status/1578047238969892864

http://23.94.163.106

# Reference: https://twitter.com/tosscoinwitcher/status/1578082771561390082

qdgric.tk

# Reference: https://twitter.com/r3dbU7z/status/1578393003433017344

colombiatelecomunicaciones.duckdns.org

# Reference: https://twitter.com/0xToxin/status/1579515632240164864

http://91.213.50.74

# Reference: https://twitter.com/pollo290987/status/1579485286127796226

http://103.133.110.140

# Reference: https://twitter.com/LixaH_CL/status/1579651446219616256
# Reference: https://www.virustotal.com/gui/file/ff1a3fec6f631304d0701838a0550252430dec072b30e1bf272ee8d32454e477/detection

eve-rpg2d.netlify.app

# Reference: https://twitter.com/pollo290987/status/1579485245178798080

http://85.31.46.76

# Reference: https://www.virustotal.com/gui/file/2b65688d3f9b8a03689bee92935c99928042bd18bc99a009a3e51d8bd7ca708e/detection

http://81.3.188.179

# Reference: https://twitter.com/r3dbU7z/status/1580252386508955648

http://198.148.118.129

# Reference: https://twitter.com/James_inthe_box/status/1580575683390058496

http://41.216.183.175

# Reference: https://tria.ge/220810-txhpqacdfn/behavioral1

http://45.154.98.158

# Reference: https://www.virustotal.com/gui/file/00f452bcd981fcca980f2beeaef1d3e43b5ccc4c010ed0410eae5cd86a48c190/detection

http://154.203.154.173
http://154.36.221.68
http://154.36.221.69
http://156.224.158.139
75625358935.com
79181531227.com
93533557591.com
avased6.com
kmrcum2.com
kupfkc9.com
kvkaa.com
kvtaaa.top
mjrvkv5.com
n5632.com
n6271.com
ndhjtlgw.com
taiwtp1.com

# Reference: https://www.virustotal.com/gui/file/1009c900538dc157a378812cec6b2528219cf5133b59b4832456ad0bfa06c139/detection

http://45.85.190.156

# Reference: https://www.virustotal.com/gui/file/3f6d866f09cfabb1aa2a0393d290533ed31705c87b85f77edc3fdd51b90f6e24/detection

http://94.103.86.38

# Reference: https://twitter.com/Ma4j0r/status/1581325465247092736
# Reference: https://www.virustotal.com/gui/domain/huntingknives.shop/detection

huntingknives.shop

# Reference: https://www.malware-traffic-analysis.net/2022/10/12/index.html
# Reference: https://www.virustotal.com/gui/domain/mutiaracendekia.sch.id/detection

mutiaracendekia.sch.id

# Reference: https://www.virustotal.com/gui/file/00c463a40ca66602686d4bc6dc4491a7a164220310d4cfafdfdda38c76df2962/detection

http://45.155.165.132

# Reference: https://www.virustotal.com/gui/file/0051ba35f0d0516d15761054387afa74361607996d6ccd95b42dd53585afd715/detection

http://179.43.163.115
http://45.138.74.230

# Reference: https://www.virustotal.com/gui/file/07cd9b79cb647b10f0118bfec4855f5be2d7fd471ec658f3637041e85b5eab72/detection

http://94.131.107.60

# Reference: https://twitter.com/idclickthat/status/1578963362113007618

afterburner-sofware-download.com
afterburner-msi-soft.com
afterburner-msi-download.com
afterbunrer.org
fermia.online
msiafterburns.online
zmax-software.xyz

# Reference: https://www.virustotal.com/gui/file/01e341771b750f95108335d60b83e483ff3e1aaecb5e34f9ef3e094ddae94c17/detection

f0719334.xsph.ru

# Reference: https://www.virustotal.com/gui/file/00aaedb32f5f4131f1728a4dcb5e9f7611c870a62ef456e2d4e3f429245ffae1/detection

http://85.192.63.184
oovi.it

# Reference: https://unit42.paloaltonetworks.com/malicious-newly-observed-domains/

asuna-sao.us
intesa-sanpaola.ml
zellesupport.info
bakbitionb.com
bsdybwo.tk
bwafduj.tk
createruler.com
jxc786.com
twtyowq.tk

# Reference: https://twitter.com/idclickthat/status/1583099857543122944
# Reference: https://www.virustotal.com/gui/file/baf2a1e0c8cbd56b87cd54b34eff07881b0a234bde4c940608f8dd0f3cf1dec1/detection

http://38.22.109.12
updates-install.com

# Reference: https://www.virustotal.com/gui/file/14e8117a4efec6d2298a31032ac2ba259e40c9686664665754d3a67b456f815a/detection

xn--c1adxo9c.xn--p1ai

# Reference: https://twitter.com/MaelSecurity/status/1583848825407434752

crpalkecizman.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.11/relations

http://91.212.166.11

# Reference: https://www.virustotal.com/gui/ip-address/94.158.247.34/relations

http://94.158.247.34

# Reference: https://www.virustotal.com/gui/file/7997b9ad4b041a9179f0a2ab2ced00371607a241776d11cb7d2c020cf2ab229e/detection

a0727074.xsph.ru
gamesens.space

# Reference: https://www.virustotal.com/gui/file/05a984953329e9ec26db0e36bf760ab71c2d0cad54d4762bef2752f39e56be5b/detection

http://79.137.194.48

# Reference: https://twitter.com/ULTRAFRAUD/status/1584138905380564994

stripe-ipo.co.uk

# Reference: https://twitter.com/jstrosch/status/1584342845493649408

http://180.214.237.34

# Reference: https://tria.ge/221024-qktdxaggc3/behavioral1

http://79.137.202.36

# Reference: https://twitter.com/JAMESWT_MHT/status/1584816141960372224

http://185.197.75.173

# Reference: https://twitter.com/r3dbU7z/status/1584710460737474560

http://163.123.142.183

# Reference: https://twitter.com/r3dbU7z/status/1584717499697754112

http://65.108.107.169

# Reference: https://twitter.com/jstrosch/status/1585280516030451715

pa-ksa.com

# Reference: https://twitter.com/malwrhunterteam/status/1585963555584880641
# Reference: https://www.virustotal.com/gui/file/142cbad8b9d400380c78935e60db104ec080812b1a298f9753a41b2811c856be/detection

http://188.34.187.110

# Reference: https://twitter.com/r3dbU7z/status/1586147609596809216

http://178.79.182.51

# Reference: https://twitter.com/milannshrestga/status/1586668568686436358
# Reference: https://www.virustotal.com/gui/file/f7541f50e183557aad108d1f8d92e5b13a7a0946fcf10d7ccc7550beaf7d3d51/detection

xeonusapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1587176607919341576

http://52.165.43.215

# Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection

http://185.174.137.70

# Reference: https://www.virustotal.com/gui/file/929df8a15e583ad6b64698fb702cf44183f0d726d86cada07cf072d7f9f74913/detection

http://185.216.71.161

# Reference: https://twitter.com/idclickthat/status/1587436337468145667

evernoote.info

# Reference: https://www.virustotal.com/gui/file/1152846f3b47d8179db8e911655ff2099ae8b93a61e7bcdba7fd811014809278/detection

domenfireyes.com

# Reference: https://www.virustotal.com/gui/file/e73830ba17d131a9d35aaacc3e9aedb1effcdd3b2c87fc31709bcb76cc8997cf/detection

http://212.8.244.172

# Reference: https://twitter.com/StopMalvertisin/status/1587757089920716800

http://116.202.12.69

# Reference: https://twitter.com/malwrhunterteam/status/1587917878418079746
# Reference: https://www.virustotal.com/gui/file/349e948e8dce3c3831fc3aa6645228c379e1aad30ac488e9acf613540afe447a/detection
# Reference: https://www.virustotal.com/gui/file/67f68fc797fbf0603d64a1b73ef30bb21613c85f5fe11ee8b40c474160fc7be8/detection

coxms.com

# Reference: https://twitter.com/Jirehlov/status/1478284171030446082
# Reference: https://www.virustotal.com/gui/file/43459add0078b6a62c05541b6c4c1c4b8447019635b1d3b2fe41f306fc149820/detection

jerry888.com

# Reference: https://www.virustotal.com/gui/file/123f0434ed8e6d0697642b11bfb143c7e2c78b4f2f7890232e90e5b1b33fde99/detection

http://23.106.223.27

# Reference: https://www.virustotal.com/gui/file/2fb9a094b5d7336decc1eb8a339010bfa4882a710a459ab53566f4d50d9b4e9b/detection

http://107.172.73.207

# Reference: https://www.virustotal.com/gui/file/006bb70c104711b4038ec023bbda0addfe2d23a4d3d07b438abd00dd059a1ab8/detection

http://172.86.120.156
http://185.174.137.9

# Reference: https://twitter.com/r3dbU7z/status/1590273746530873344

http://45.137.64.40

# Reference: https://twitter.com/r3dbU7z/status/1590272786416955392

http://46.30.188.177

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html

zmsp.top

# Reference: https://www.virustotal.com/gui/file/0416483ff64f2b592acae6fbd5ee529b0e32deb6f6fd1503d82c3f69052967af/detection

http://77.73.134.248

# Reference: https://twitter.com/r3dbU7z/status/1590949646448611329

http://102.221.36.216

# Reference: https://twitter.com/MichalKoczwara/status/1591058266901032960

/inject.profile
/.inject.profile

# Reference: https://twitter.com/jaydinbas/status/1591077457863806976
# Reference: https://www.virustotal.com/gui/file/bf3941e87f57c82a2c1ccec1465e61c67d9465af3320df857e81c7d10e8da6f6/detection
# Reference: https://www.virustotal.com/gui/file/9c086f242120be7a9e57e06b75d8ef6f051a77c6339deaeb574e80ee69590111/detection

http://143.198.80.235
http://51.195.68.197
iacis.ru

# Reference: https://twitter.com/milannshrestga/status/1591332278869069825
# Reference: https://bazaar.abuse.ch/sample/de6705a5123be501fd35e7025b439b07fb0f43227b0bf071ff2167927a418da9/

champcup.io
freezywallet.com

# Reference: https://www.virustotal.com/gui/file/f5f83324bd86872a7103e21c0e2539c75e3df05e85f682f10453e15cff5588dc/detection
# Reference: https://www.virustotal.com/gui/file/22253965d84bef16f8026c0e76c58313a3b2fb1ce2aca2bc5b7cbda1f35297c8/detection

http://193.106.191.102
http://193.106.191.193

# Reference: https://twitter.com/r3dbU7z/status/1591569830628712449

http://81.161.229.133
81.161.229.133:443

# Reference: https://www.virustotal.com/gui/file/75955b7ac0a8f601e7418041ba6e784c173218b97de9545e321cd87227e65fd4/detection

http://138.99.216.227

# Reference: https://twitter.com/luc4m/status/1592176773722443785
# Reference: https://tria.ge/221114-lpyrzabe9s
# Reference: https://www.virustotal.com/gui/file/0f5e16380f6c2bdaea3b5c833e5da76621bdffa2be6534ae137b0b9929f002ed/detection

http://192.227.132.49
/_____________________________00___________00____/
/_00_______00__.doc

# Reference: https://twitter.com/petrovic082/status/1592503743622172674
# Reference: https://app.any.run/tasks/d27c5040-96ed-43ba-ae12-be59c11ab8fd/

http://20.164.200.118

# Reference: https://twitter.com/r3dbU7z/status/1593267205701091335

http://134.255.216.90
134.255.216.90:443

# Reference: https://twitter.com/reecdeep/status/1593534143274549250

http://103.180.133.133

# Reference: https://www.virustotal.com/gui/file/c4b64ee801f4f189c9298086df861e4f49e4788c3b7c5d4bf236cd4f865a7152/detection

http://45.90.217.58

# Reference: https://twitter.com/r3dbU7z/status/1594802805558091799
# Reference: https://www.virustotal.com/gui/file/7020e56bede921b07264a366af2ab6c2454ee3da1d56382636edad0e620889f0/detection

http://34.102.26.38
34.102.26.38:1337

# Reference: https://www.virustotal.com/gui/ip-address/185.246.220.65/detection

http://185.246.220.65

# Reference: https://twitter.com/malwrhunterteam/status/1594818792084971523
# Reference: https://www.virustotal.com/gui/file/0fa2e2f524101e9c5e911e193e7fb145463c0c2a72a5fb14f8f11a8ae3a18593/detection

http://5.42.199.235

# Reference: https://twitter.com/Gi7w0rm/status/1594859059009662976
# Reference: https://www.virustotal.com/gui/file/e7767ba8bcff3242dd32f880cb59894c3ce5615a2557504db976803cd246354e/detection

http://217.21.76.148
sincheats.com

# Reference: https://www.virustotal.com/gui/file/00000416542b6ee3625cc1dd73e347181ac78f6ae7e2dcffaf4228356292ab7c/detection

odomou.com

# Reference: https://twitter.com/osipov_ar/status/1595361844956471300

http://85.209.134.86

# Reference: https://twitter.com/jstrosch/status/1596157041952727041

77.73.134.53:443

# Reference: https://twitter.com/r3dbU7z/status/1596097530697117697

http://20.26.198.137
http://47.201.235.126

# Reference: https://twitter.com/r3dbU7z/status/1596458980334833664

http://194.233.160.187

# Reference: https://twitter.com/kienbigmummy/status/1595997510639570944

http://92.52.217.11

# Reference: https://twitter.com/malwrhunterteam/status/1597325343026688000

http://79.220.199.151

# Reference: https://twitter.com/_brettfitz/status/1597315666658623488

68.183.185.207:8000

# Reference: https://twitter.com/r3dbU7z/status/1597228559608651776
# Reference: https://www.virustotal.com/gui/file/ba5ce65d728b5529fede411b5fb3b99e88a69c797e5bf8b89e18e42a9d6761ff/detection

http://185.248.160.167
185.248.160.167:443
hj446nw23fpilgowvjfmwqqihosvbffwkg6zqdeoy3tqhwxfg7wsz5qd.onion

# Reference: https://twitter.com/James_inthe_box/status/1597961049738981379

http://104.168.45.17

# Reference: https://twitter.com/r3dbU7z/status/1598335148566712320

http://4.233.216.133

# Reference: https://www.virustotal.com/gui/file/df243e0815db5a752647a6faf23e4d333dea48079b5c41ae7dab8bfbcb3a78ae/detection

fortyclothingglobal.com

# Reference: https://www.virustotal.com/gui/file/a7fc1e38349297186b90d7ee6a9a237e8bc4679b6874688cf6b79a7045fd3b47/detection

http://89.208.107.122

# Reference: https://twitter.com/1ZRR4H/status/1598911165782183936
# Reference: https://www.virustotal.com/gui/ip-address/79.137.205.105/detection

http://79.137.205.105

# Reference: https://twitter.com/idclickthat/status/1596533582218276864

pinainstallmentpaydayloans.com
tor-browser.app
torproject.space
torprojekt.click
torprojest.pro

# Reference: https://www.virustotal.com/gui/file/b9162daa2de2470429818300461e77825874a24cd4fd64f8e420cb5a89ac52ae/detection

http://137.74.151.42

# Reference: https://www.virustotal.com/gui/file/2666afc4946c89ed6fae860821ebbe0a0f0c0621b5f6f07ceccf5d390658205b/detection

http://185.246.220.210

# Reference: https://twitter.com/HaoZhixiang/status/1599939493339205634

http://31.41.244.188

# Reference: https://www.virustotal.com/gui/file/199aecbee6d93aaf532c708921112523cb314931268b854ab30da597e2ac5626/detection

garbagefender.site

# Reference: https://cert-agid.gov.it/wp-content/uploads/2022/12/trojan.json_.txt

http://116.203.19.97

# Reference: https://twitter.com/JAMESWT_MHT/status/1600568739598057493

shomesuntry.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1600820096628555776

http://103.232.53.228

# Reference: https://twitter.com/h2jazi/status/1600948637361922049

http://45.61.137.32

# Reference: https://twitter.com/malware_traffic/status/1600944054610821120

http://70.36.107.56

# Reference: https://www.virustotal.com/gui/file/005f72fdf502e02ee95ca7f47d328af5ee9e4970496e9dc0df109c9a625dc6dc/detection

http://103.133.107.162

# Reference: https://twitter.com/r3dbU7z/status/1601279700919541761

http://140.82.34.147

# Reference: https://twitter.com/r3dbU7z/status/1601284174521827328

http://109.107.179.83

# Reference: https://www.virustotal.com/gui/file/05403f55b80ee7f5ae406ab0a828b62ec693a1e782792cc327e5dbb119fbd922/detection

ahredoj.no-ip.com

# Reference: https://www.virustotal.com/gui/file/8340c5e593146a65e1a36635858ed0f85683f1a8c38fa35fe3dc1809afd88558/detection

bccs.no-ip.com

# Reference: https://twitter.com/InQuest/status/1601664349810135045

nftuart.com

# Reference: https://twitter.com/r3dbU7z/status/1602816478696595456

http://51.132.18.186

# Reference: https://www.virustotal.com/gui/file/18f31ac2d71ac144e713f11c2fdd14391962af4b0e77192d3e790a36aeae125d/detection

http://45.87.61.103

# Reference: https://www.virustotal.com/gui/file/21bacedb5ab9b318e8e9c6712e575edaebc795b73aa7f4f2d0e8b9f6da5a738f/detection

http://193.56.146.114

# Reference: https://www.virustotal.com/gui/file/48277f71025a2ab48ef76442a20110d19869736a60c101b0b7c3583680aec4a5/detection

http://79.137.206.108

# Reference: https://www.virustotal.com/gui/file/1443b2fa3ece332d66836172ff5c75237fd064300f3c8c1754c319935ed44797/detection

http://31.41.244.100
http://37.139.129.107
http://66.11.117.45

# Reference: https://twitter.com/SBousseaden/status/1603825679040028673
# Reference: https://www.virustotal.com/gui/file/4c364fdb7b16cc0341595dc5861542c1f1c70758df90a10fec41fb701f79a700/detection
# Reference: https://www.virustotal.com/gui/file/7a491a8df3c38e90c8c7398b53b8772e08d0801629235f4a0713e7ab22245287/detection

rfa.stoanews.com

# Reference: https://www.virustotal.com/gui/file/7260966d2c686f00653db013c8236f9846c8a153203fa331bda98de97acc1068/detection

http://31.41.244.228

# Reference: https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_obama230_19.12.2022.txt

http://146.70.158.183
http://193.42.36.127
http://216.120.201.143
http://51.178.212.188
http://85.239.54.5

# Reference: https://twitter.com/tosscoinwitcher/status/1605264407302328320
# Reference: https://twitter.com/pr0xylife/status/1605266480483934222

http://85.192.49.106
saprefx.com

# Reference: https://www.virustotal.com/gui/file/05e89787eba776d800d12da5e71a7a6a81a7724306ac2788dd8df4c6f9ac0c4a/detection

http://34.80.59.191

# Reference: https://www.virustotal.com/gui/file/0a0889330501ee52ca5fe2b2f41fbcad7d26afce8bc430c7fe274e6ebe64c680/detection

http://192.248.176.138

# Reference: https://twitter.com/jaydinbas/status/1606491508999442433
# Reference: https://www.virustotal.com/gui/file/2b433f5a2aa1b75d75460e6a22f142a47d9c0bc0a89035f767e10a8b571c7b28/detection

http://45.61.137.32
185.181.165.188:443

# Reference: https://www.virustotal.com/gui/file/8f65de95fbd17d07e228fb12dd0902bc1a52ee4690178943f2b1b916ec9f16bd/detection

http://168.100.9.86

# Reference: https://twitter.com/WhichbufferArda/status/1609604183535284224

3.33.188.186:8080

# Reference: https://www.virustotal.com/gui/file/2b077c09e3e5b9035d53cf73f0afc4455463dcb2289816f15f50f68f6b5f5df7/detection

http://162.223.91.111

# Reference: https://www.virustotal.com/gui/file/54f791796231f7899d753f0ba44e7387bf7748dc7a28adbd28f2067c9ab88605/detection

http://45.147.231.183

# Reference: https://twitter.com/ViriBack/status/1611366969998966785

http://95.111.230.118

# Reference: https://twitter.com/_montysecurity/status/1610169927637270528

http://188.68.58.174

# Reference: https://twitter.com/MalwarePotato/status/1612764382429351939

http://103.133.110.147

# Reference: https://www.virustotal.com/gui/file/00ba3f14f8b4ad6f6eef2c0419bca03382599c9f3ac0b2e197535e2dfdaf54a5/detection

http://77.73.134.245

# Reference: https://twitter.com/silentpush/status/1614335072559312896

http://120.24.153.177

# Reference: https://www.virustotal.com/gui/file/000038604b8e6b73ab75246cfcda3d2130b3af2ee09aec9a0eda62ee15c351fb/detection

http://93.184.220.29

# Reference: https://www.virustotal.com/gui/file/fc7229989aa3f9368f053f0a5f4d4e3bbb44b9ca7fa66e388413e288859c2642/detection

http://193.149.129.151

# Reference: https://twitter.com/malware_traffic/status/1615824551686070278

http://64.227.8.75

# Reference: https://www.virustotal.com/gui/file/d57611140a6b1d73d7af71b20049fcea708f8cfa7df31cdca3130c34b8f34ef1/detection

http://121.4.126.232

# Reference: https://www.virustotal.com/gui/file/812d4d9446b7962344e389b9498d08dabce1c9113bb18f554633da7e5992c4a3/detection

http://193.168.49.8
http://62.217.181.4
/warubtt/payload

# Reference: https://blog.talosintelligence.com/following-the-lnk-metadata-trail/
# Reference: https://otx.alienvault.com/pulse/63cc33d43b1e4ebfb2e79e74

2fgithub.com

# Reference: https://twitter.com/jstrosch/status/1617549779122401280
# Reference: https://www.virustotal.com/gui/file/061ace491a55fef669780902bced1a7c87866a9894336ddf4bdbee1a753db530/detection

http://185.246.220.121

# Reference: https://twitter.com/0xDAV1D/status/1617270925686177794

aquarentboats.com

# Reference: https://www.virustotal.com/gui/file/e22dde0bf08c6cddafbc0f6630c2ca0185fdf929ca9239783bb7c17686c23122/detection

http://202.55.132.154

# Reference: https://twitter.com/reecdeep/status/1617859175559888902

http://144.168.243.177

# Reference: https://www.virustotal.com/gui/file/7860121dca35cbc7cf2ac983a9672379cf86edc6cdaafd52f810e1e6b29e3f0b/detection

http://13.38.70.27

# Reference: https://twitter.com/wdormann/status/1617919395174703106

homeforcutepets.com

# Reference: https://twitter.com/doc_guard/status/1618226554882117633

198.27.82.39:8000

# Reference: https://twitter.com/doc_guard/status/1618251592733724673
# Reference: https://www.virustotal.com/gui/file/e57f1d74706b7c5dd7f2191a6abe13979884a470c0789a03dcc1e82deaab68ea/detection

http://173.232.146.78
http://198.23.172.90

# Reference: https://twitter.com/1ZRR4H/status/1618290226409111553

ccbamf.com
integr-all.com
niktell.com

# Reference: https://twitter.com/malwrhunterteam/status/1618200885359935490

openoceans.click
download.openoceans.click

# Reference: https://www.cisa.gov/uscert/ncas/alerts/aa23-025a
# Reference: https://otx.alienvault.com/pulse/63d1b0c79e2757d3bd67106e

247secure.us
deskcareme.live
gscare.live
hservice.live
myhelpcare.cc
myhelpcare.online
nhelpcare.cc
nhelpcare.info
win01.xyz
win03.xyz

# Reference: https://twitter.com/r3dbU7z/status/1618941089834205184

http://103.146.23.112
http://157.90.51.195

# Reference: https://twitter.com/malwrhunterteam/status/1618928371211341828

http://185.254.96.226

# Reference: https://www.virustotal.com/gui/file/b7aa931994a9fb75317ffd6d3594adcab0316f2aa49dbe615969588a030877f8/detection

dinghenbetrobsi.xyz

# Reference: https://twitter.com/kienbigmummy/status/1622846995567382528

http://192.3.223.114

# Reference: https://twitter.com/malwrhunterteam/status/1622735242967584771
# Reference: https://www.virustotal.com/gui/file/6836e1446fc8dae5a7d8ab28c717dd4363f8970fbe11e41b7d67dc43736b2612/detection

hx2covn34b3tb2m33hodc3ppvtih4vg6kbwsw5a4675ndoo2llo3auid.onion.church

# Reference: https://www.virustotal.com/gui/file/08315c14733026ceeb5ba7cd22fc0b2a2f97cfafc56f17ac2f1a0e2a95630cb2/detection

http://192.3.118.141

# Reference: https://www.virustotal.com/gui/file/001997f3e75c1e0e3857f79186bfc2af22a043a2e3bd9b640a22b9f59dbc9149/detection

http://31.31.201.235

# Reference: https://www.virustotal.com/gui/file/04c559bb0be01415e957d3dafa1ed6730505e35736eaea8cb03b8b7d101998bb/detection

http://198.46.136.246

# Reference: https://www.virustotal.com/gui/file/02214be7a1ec20e21ab4209575618bb2a5090f15b53c4aaaac9490634d6aa48b/detection

http://134.0.115.76

# Reference: https://twitter.com/r3dbU7z/status/1624977660735528962

http://45.77.174.98

# Reference: https://twitter.com/r3dbU7z/status/1625159016228716546

http://170.64.137.73

# Reference: https://twitter.com/petrovic082/status/1625482662759608321

chegaacores.com/systems/

# Reference: https://www.virustotal.com/gui/file/c8be839ed95d6bcfd484ba7a9389ba0a56cfd8841c9fde04fe5651ed853bee1a/detection

http://109.206.240.67

# Reference: https://twitter.com/kienbigmummy/status/1625792228340924416

http://195.133.40.108

# Reference: https://www.virustotal.com/gui/file/bd9854943c82e5c5fd424aa1dc9463108d5de7eb3cbde4fd964ef8cc42a4547e/detection

http://95.216.194.51

# Reference: https://twitter.com/wwp96/status/1627709569324683264

rssh.li

# Reference: https://twitter.com/wwp96/status/1627685160937463808

http://103.232.54.88

# Reference: https://twitter.com/1ZRR4H/status/1627793836213665794

http://104.168.32.152

# Reference: https://www.virustotal.com/gui/file/2cb755b44a07942f62c8e695520b7a2e23811430111527ba3c54eaf6cfeac013/detection

http://212.87.204.200

# Reference: https://twitter.com/wwp96/status/1628275564938141699

http://192.3.27.140

# Reference: https://www.virustotal.com/gui/file/123886464f55b7e5dbb297e437c1569e4521c839a6b2ee643f09e28444ad4424/detection

http://185.254.37.64

# Reference: https://www.virustotal.com/gui/file/d009d1247fc57b0da2da76fb93bb359b2d8e764218c96d47356c2329327eaa3e/detection

http://103.189.202.84

# Reference: https://twitter.com/petrovic082/status/1628351556214042624

http://104.144.152.48
http://104.168.32.152

# Reference: https://twitter.com/ecarlesi/status/1628219729058865154

shaprek.shop

# Reference: https://www.virustotal.com/gui/file/10caa63bd58b3bea1a03cf92db93a0395105bb43fecc4f7c66e583636f9a97cc/detection

http://198.46.178.142

# Reference: https://twitter.com/wwp96/status/1628427131515555840
# Reference: https://www.virustotal.com/gui/domain/vashovskycorp.com/detection

vashovskycorp.com

# Reference: https://twitter.com/wwp96/status/1628520430737973248

http://92.52.217.50

# Reference: https://www.virustotal.com/gui/file/00cdc04cddfecc9aae1df6f0a404c6238fb58528ee3c8a0caefb89e6bfb44b10/detection

http://35.176.170.110

# Reference: https://twitter.com/wwp96/status/1628842199570911234

http://3.23.186.85

# Reference: https://twitter.com/wwp96/status/1628838019200389126

http://157.245.157.93

# Reference: https://www.virustotal.com/gui/ip-address/85.119.149.127/relations

ai-chatgptapp.com
any-desk-remote.com
any-dlesk.com
anyd1esk.com
anydesik.com
anydesk-remote.com
apps-chatgpt.com
bittorrent-official.com
chatgpt-ai-tool.com
get-kms-pi-co.com
get-kmspi-co.com
gpuz-official-site.com
gpuz-official.com
gpuzzz.com
k-mspico.com
km-spico.com
kms-pi-co-act.com
kms-pi-co-activator.com
kms-pi-co-download.com
kms-pi-co-downloader.com
kms-pi-co-downloader.org
kms-pi-co-install.com
kms-pi-co-installer.com
kms-pi-co-net.com
kms-pi-co-tool.com
kms-pi-co-web.com
kmsp1co.com
kmspi-co-activator.com
kmspi-co-tool.com
lechpower-gpuz.com
ltechpower-gpuz.com
metatrader4-apps.com
python-apps.com
techpowerup-gpuz.com
tool-chatgpt.com
xn--anydsk-eva.com
xn--zm-ckaa.com
z00nn.com
zoo-rn.com
zoom-for-pc.com
zoorn-us.com
zoornus.com

# Reference: https://twitter.com/InQuest/status/1628657217292365826
# Reference: https://www.virustotal.com/gui/file/591098cf0c9b44ac66ff2224e506451f30333ed53bf14de325041ded11867f3a/detection

http://192.3.101.101

# Reference: https://twitter.com/petrovic082/status/1628752236430909441

http://185.29.8.109
http://23.94.148.10
http://23.94.99.5

# Reference: https://twitter.com/suyog41/status/1629053362653077505

http://103.182.17.195

# Reference: https://twitter.com/wwp96/status/1629124018761523200

http://185.246.221.126

# Reference: https://twitter.com/wwp96/status/1629138502473420800

revitape.com/gdy/

# Reference: https://www.virustotal.com/gui/file/96910d4cde5d93e92d937f4ef28057e61846a6d7e4aa569d719185b892c16bd0/detection

http://185.246.220.34
http://45.15.159.15
http://62.204.41.245

# Reference: https://asec.ahnlab.com/en/47088/
# Reference: https://otx.alienvault.com/pulse/63e25c5cbc100230953c2d2e

http://43.128.62.42
http://45.144.3.216

# Reference: https://www.virustotal.com/gui/file/23073f04696ea6bf57f802b1cab1652ebaba661bb051861dd3c07b8c7afd4482/detection

http://104.168.45.119

# Reference: https://twitter.com/r3dbU7z/status/1630121537939308544

http://167.179.87.238

# Reference: https://twitter.com/drfabiocastro/status/1630237999798820866
# Reference: https://twitter.com/drfabiocastro/status/1630416230409555969

http://5.199.69.239
anydesk-appwindows.info
winrarapp.info

# Reference: https://blog.cyble.com/2023/02/22/the-growing-threat-of-chatgpt-based-phishing-attacks/
# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-02-28-v10255/336
# Reference: https://otx.alienvault.com/pulse/63f678b56b50c0f7a4720626

chatgpt-go.online
chat-gpt-online-pc.com
chat-gpt-pc.online
openai-pc-pro.online

# Reference: https://twitter.com/James_inthe_box/status/1631333730055856138

http://198.46.174.170

# Reference: https://twitter.com/MichalKoczwara/status/1631623466658013184

http://193.117.208.109

# Reference: https://twitter.com/MichalKoczwara/status/1631683477648072706

http://170.250.131.155

# Reference: https://www.virustotal.com/gui/file/1754cecf1e1e48307e88fddb9a1dd0bee0aa9a5c4a1b2545b4f1922d0c402f2f/detection

http://185.181.8.147

# Reference: https://www.virustotal.com/gui/file/62bfcd6ad96951af9bd54bc9f99fce2f8cd3fa58549c8c794cc567c2321220c9/detection

http://79.137.206.102

# Reference: https://twitter.com/kienbigmummy/status/1632038253443575811
# Reference: https://www.virustotal.com/gui/file/cb87ec5825659ec1919ac6ffdec4b88e4336c0be420c726ceab1917689fdd161/detection
# Reference: https://www.virustotal.com/gui/file/97ceffc6a9462c025e344a0b709c3470ff551a914cce1ed209e4ddd63b734182/detection

http://107.175.212.18

# Reference: https://twitter.com/wwp96/status/1632898326453469184

http://195.123.247.87

# Reference: https://twitter.com/wwp96/status/1633187206830641152

http://192.227.162.28

# Reference: https://twitter.com/wwp96/status/1633571276622282753
# Reference: https://app.any.run/tasks/d4522b96-70dc-4c13-850f-3e6e498b85ab/

bdadvisors.ma

# Reference: https://twitter.com/og_patate/status/1633925757947858944

http://191.101.2.199

# Reference: https://twitter.com/kienbigmummy/status/1635217184191549446

http://103.167.92.45

# Reference: https://www.virustotal.com/gui/file/de846ac791561337ffff910b091bb8bc10e5897c1a4fb76e2f32e52a3451495c/detection

maqboolimpex.co/wp-admin/js/a1/

# Reference: https://app.any.run/tasks/4dcd6a63-3d44-4080-b38e-aa984191a5d3/
# Reference: https://otx.alienvault.com/pulse/64134c80df7e5abdb1f7699d
# Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

http://104.225.129.102
http://137.184.130.162
http://137.184.130.164
http://144.96.103.245
http://149.28.85.24
http://184.168.104.171
http://185.186.245.72
http://193.8.172.113
http://193.8.172.13
http://216.120.201.12
http://37.184.130.162
http://45.77.212.12
http://5.34.178.246
http://79.133.124.242
http://92.38.169.193
http://92.38.176.109
http://92.38.176.130
104.225.129.102:443
137.184.130.162:443
137.184.130.164:443
144.96.103.245:443
149.28.85.24:443
184.168.104.171:443
185.186.245.72:443
193.8.172.113:443
193.8.172.13:443
216.120.201.12:443
37.184.130.162:443
45.77.212.12:443
5.34.178.246:443
79.133.124.242:443
92.38.169.193:443
92.38.176.109:443
92.38.176.130:443
hivnd.com/thumpxcache

# Reference: https://www.virustotal.com/gui/file/0760ae9b4d7eaa7ba0d1d9442c82c9d6b9dcfd6329fa4222aa4fa3b47da78929/detection

http://190.211.254.211

# Reference: https://twitter.com/crep1x/status/1636352248014946307

http://84.252.94.185

# Reference: https://twitter.com/r3dbU7z/status/1636728297777254401

http://194.62.1.199

# Reference: https://twitter.com/1ZRR4H/status/1637205517083856896

corpolevesuplementos.com.br/2022pws/

# Reference: https://twitter.com/vxremalware/status/1636863275395686401

http://179.43.141.100

# Reference: https://twitter.com/petrovic082/status/1638174842779467779

http://172.245.33.146
http://192.3.101.160
http://202.55.132.230

# Reference: https://twitter.com/sicehice/status/1638340952610725890

http://23.106.215.242

# Reference: https://twitter.com/sicehice/status/1638608121500168192

http://66.228.37.7

# Reference: https://twitter.com/sicehice/status/1638680582438699008

http://20.214.232.149

# Reference: https://www.virustotal.com/gui/file/04db053ddaf38c4d040e12c2ffdd19a98dbeb9cafb43e4ef397e95da97ba3036/detection

http://103.232.53.25

# Reference: https://twitter.com/sicehice/status/1639256583975624704

http://185.238.3.205

# Reference: https://twitter.com/malwrhunterteam/status/1639324161431437312

http://52.230.106.137

# Reference: https://www.virustotal.com/gui/file/16ff551a19804e004b3306e612ebad6de2da70d8cd674b83cc5d530a928bc7ef/detection

http://195.133.192.49
http://94.131.8.3

# Reference: https://twitter.com/sicehice/status/1639258283612545027

http://185.254.97.84

# Reference: https://twitter.com/sicehice/status/1638674378345832449

http://220.247.167.232
220.247.167.232:443

# Reference: https://twitter.com/sicehice/status/1638661695768862720

http://54.146.247.191

# Reference: https://twitter.com/sicehice/status/1638584956342476808

http://206.189.9.27

# Reference: https://twitter.com/idclickthat/status/1640733752966930433
# Reference: https://twitter.com/idclickthat/status/1640764717386924043

download-doucloud.cn
download-doucloud.com
doudou-tools.com

# Reference: https://twitter.com/malwrhunterteam/status/1641007887127379968
# Reference: https://www.virustotal.com/gui/file/4f4125ae0d97bba152cf35399418e4f82f3998116770ce88e1cecb82ae738369/detection
# Reference: https://www.virustotal.com/gui/file/0a01ed52800ae36de5179c399e7605c6f934d98a45ef8912bef7479e7b993b1c/detection
# Reference: https://www.virustotal.com/gui/file/d6e9fffb7e83990e620839f3371ba13c79741e70290fc8d95f925dad5bddde54/detection

bonnioad-mci.com

# Reference: https://twitter.com/suyog41/status/1641038677504585728
# Reference: https://www.virustotal.com/gui/file/c632467f79992fca86b1bb62ceaac83583ac82fcc262ae5df5b61fd61eea4c08/detection

worldpharmafze.com

# Reference: https://twitter.com/petrovic082/status/1642912129211682817

http://43.137.10.95

# Reference: https://www.virustotal.com/gui/file/ba2848dd130c26176303690fd5a07e945dfbd20c59f253dc56cc64611409518d/detection

oliwierlubianka.olmi.pl

# Reference: https://twitter.com/malwrhunterteam/status/1643212405587976196

dev-javascript-support-enable.pantheonsite.io

# Reference: https://twitter.com/malwrhunterteam/status/1642994177095942146
# Reference: https://twitter.com/malwrhunterteam/status/1642993019992387584
# Reference: https://isc.sans.edu/diary/rss/29708
# Reference: https://otx.alienvault.com/pulse/642bda624b63276eba73e5c1

channel-platform.s3.ap-east-1.amazonaws.com
infoamanewonliag.online
winwin.co.th/intro/

# Reference: https://twitter.com/sicehice/status/1643799396595777536

http://20.211.5.151

# Reference: https://www.virustotal.com/gui/ip-address/103.139.45.3/relations
# Reference: https://www.virustotal.com/gui/file/470319dd9293eb6d6f05141e1e547b952b4c86d410ffc4a95453a27353837e26/detection

http://103.139.45.3

# Reference: https://threatfox.abuse.ch/browse/malware/win.ave_maria/

http://104.223.19.96
http://212.83.46.109

# Reference: https://twitter.com/sicehice/status/1646155898010624001

http://172.81.61.224
172.81.61.224:443

# Reference: https://www.virustotal.com/gui/file/dcd0e43f175a2464788c2875137ac3f2987e1e3c3266f3295834fca4766ab779/detection

http://179.43.142.201
http://179.43.155.247

# Reference: https://www.virustotal.com/gui/file/02de7dc70bed64b07d9556aed181e3d8ee811f86736684f69f3973e7e8fef104/detection
# Reference: https://www.virustotal.com/gui/file/0191964e405347382178a7381117b0bea92a9f26c7ef5cee78d31473e0be34c2/detection
# Reference: https://www.virustotal.com/gui/file/5e16d11733b3516e3efc69145980eae528a987ae7d46819dfb8e8328a6d876ec/detection

http://23.184.48.143
http://45.15.157.136
http://45.61.187.67
http://79.137.194.132
http://79.137.194.41

# Reference: https://twitter.com/WhichbufferArda/status/1648788380744929282
# Reference: https://www.virustotal.com/gui/file/3013cff4c3e0feea59c67876526413c8d2bb2c6c9a13b76945a4ad624c1f9979/detection

bienenstock.eastus.cloudapp.azure.com

# Reference: https://twitter.com/malwrhunterteam/status/1650871512847593475
# Reference: https://www.virustotal.com/gui/file/3035ab2a9c83b4fb5159981c8ccd159b300a28b91e45e7b38793407d243dc9d3/detection

lucaagostini.it/regallo/

# Reference: https://twitter.com/sicehice/status/1651029587961294848

http://64.226.78.9

# Reference: https://twitter.com/g0njxa/status/1652034044299714563

http://89.185.85.247

# Reference: https://twitter.com/0xperator/status/1653167477075918849

http://179.43.182.147

# Reference: https://www.virustotal.com/gui/file/fc5b9fd6ba61665c70694052bace9b21b1f962b6e929792024616287b33b17f6/detection

http://185.215.113.105

# Reference: https://twitter.com/pollo290987/status/1654581586342338560

http://192.253.237.23

# Reference: https://www.virustotal.com/gui/file/db8b069ef0a46f4c5d85fb77e7df4a873ed5b5bc5b0eab38ef2374ddf6f94ad5/detection

http://103.155.81.71
http://154.221.27.200
http://23.94.206.76

# Reference: https://www.virustotal.com/gui/file/ce4f4df08dda9778407122ddcef79796651032ee0b7442cfba708597e75e1e7d/detection

http://62.109.13.77

# Reference: https://twitter.com/reecdeep/status/1655846018645147648

http://103.232.53.243

# Reference: https://www.virustotal.com/gui/file/48dd2330f418cf9019cd581fee1abcb5da6fe8ed353e0a2d067fea8dd0d3f285/detection

http://62.204.41.169

# Reference: https://twitter.com/Gi7w0rm/status/1657342163628294145

http://77.91.77.6

# Reference: https://www.virustotal.com/gui/file/8e9c6b72a19705e65d654814d0770a67c7c4a2e52915f6115dc740ab254ed4a9/detection

http://141.98.6.163
http://23.95.122.250
http://45.141.27.208
http://45.81.235.111
http://85.217.144.228
http://94.142.138.148

# Reference: https://twitter.com/malwrhunterteam/status/1663240885839044608

http://45.77.194.187

# Reference: https://twitter.com/doc_guard/status/1666756116288512003

http://45.83.140.48

# Reference: https://twitter.com/JAMESWT_MHT/status/1666757492347371523

http://84.54.50.31

# Reference: https://www.virustotal.com/gui/file/4ce73c379ff622c7be13a7b056fdbf4b677a7072af4a3baa5e5dd7535e78117f/detection

http://83.97.73.134

# Reference: https://www.virustotal.com/gui/file/b0a609913a5b002f776efdb1eed4592dd3addf05b8dd90415ec8e897fe149dba/detection

http://194.180.48.90

# Reference: https://www.virustotal.com/gui/file/714e2bba3ebbd40c0c85f4a73fca616b7bbe9ab6e4feedc195ac0885973dadca/detection

http://103.116.15.39
http://103.131.57.119
http://103.57.130.116
http://107.175.113.210
http://141.98.6.99
http://185.252.179.100
http://185.252.179.254
http://192.3.101.139
http://192.3.109.146
http://192.3.193.194
http://20.22.239.93
http://217.196.96.158
http://23.94.148.6
http://45.66.230.149
http://45.81.39.192
http://5.42.64.15
http://77.105.146.74
http://77.91.68.16
http://77.91.68.30
http://81.177.143.184
http://83.97.73.129
http://83.97.73.183
http://95.214.25.239

# Reference: https://www.virustotal.com/gui/file/847a1d56185a69c2e30b44368c404bc91107463274fa66b260277b1c0616b66b/detection

http://77.73.133.113

# Reference: https://www.virustotal.com/gui/file/061076cc209f95d32bcd4a38ab229551cf25de12e545d1c15939abf9529bb0d0/detection

http://23.106.122.155

# Reference: https://twitter.com/Yeti_Sec/status/1681294210492669953

http://137.184.41.38

# Reference: https://www.virustotal.com/gui/file/db3faed8140a81bfeb2e70fc2d87412f7d1a1629b21f22a43783649eda2ef387/detection

http://192.3.118.24

# Reference: https://www.virustotal.com/gui/file/0cc7883198df53af5b4e7d6b14204ea5ab51066a52031f8f814cedccc491bd9a/detection

http://45.66.230.164
http://77.91.124.31
http://77.91.124.40

# Reference: https://www.virustotal.com/gui/file/005388ce01b74c5de11f70f3f082a93f6234577b4978a14f36864183fc3221a5/detection

http://44.203.122.41

# Reference: https://www.virustotal.com/gui/file/2750db58bd94b97aa33fb563461c528c54eb3f08f3315b0648291842576e6857/detection

http://103.16.215.29

# Reference: https://twitter.com/1ZRR4H/status/1684929856159518720

driversdocs.com
downloadanexo07.page.link

# Reference: https://app.any.run/tasks/07d48cef-8f74-4755-96c9-c793a8ede462/

http://45.15.156.229
http://87.120.88.198

# Reference: https://twitter.com/ULTRAFRAUD/status/1686473941307551744

http://4.233.216.133

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-24%20DarkGate%20IOCs

http://162.243.71.6

# Reference: https://twitter.com/malwrhunterteam/status/1686846930138124288
# Reference: https://www.virustotal.com/gui/file/2be90f30f92197b61107ef9319bdec3e9535dcd4c65a6b59dcf08d111a4e679f/detection

github-readme.com

# Reference: https://twitter.com/James_inthe_box/status/1687092068160884738

http://23.94.148.61

# Reference: https://www.virustotal.com/gui/file/077c6e0a6a5df926dd7673d81f466faf5a11b8e04d3a5ecddf9d7951107e0026/detection

http://103.6.248.9
http://192.3.189.179
http://194.180.49.153
http://198.46.176.189
http://2.59.254.18
http://23.95.122.94

# Reference: https://twitter.com/petrovic082/status/1679357685387476992

http://103.6.248.9

# Reference: https://www.virustotal.com/gui/file/76a7490d3f1b0685f60a417d1c9cf96927b473825a914221f092f82ea112b571/detection

http://107.172.130.135
http://109.248.144.244
http://192.227.183.138
http://198.46.173.137
http://95.164.86.244

# Reference: https://twitter.com/reecdeep/status/1688812981881077760

http://185.161.211.81

# Reference: https://twitter.com/JustWantToQ1/status/1688990541852082177

http://155.94.129.4

# Reference: https://www.zscaler.com/blogs/security-research/statc-stealer-decoding-elusive-malware-threat

http://95.217.5.87

# Reference: https://www.virustotal.com/gui/domain/sdkvm.site/detection

sdkvm.site

# Reference: https://twitter.com/sicehice/status/1689840704879509504

http://45.227.252.247

# Reference: https://twitter.com/sicehice/status/1689830829634023424

http://103.89.15.53
/BypassNeo-reGeorg/
/JEECMS-INJECT/
/CVE-2017-0213_x64.exe
/CVE-2018-8120_x64.exe
/CVE-2019-1458.exe
/CVE-2012-1732.exe

# Reference: https://www.virustotal.com/gui/file/bb53dabca138400f399a9fca9cef7d8377cbb958415c92b336a869911b33e6a7/detection

pan.qianxin.com

# Reference: https://www.virustotal.com/gui/file/113627a5c1f4faf1e6010c36abfa0b2acefb5632bd827b13444f6d69a387c15e/detection

http://89.208.104.191

# Reference: https://app.any.run/tasks/698f65e2-2af2-4969-8d52-f388744af33b/

http://5.42.67.10

# Reference: https://twitter.com/reecdeep/status/1686309702278283264

http://23.95.60.83

# Reference: https://www.esentire.com/blog/stealc-delivered-via-deceptive-google-sheets
# Reference: https://www.virustotal.com/gui/ip-address/195.123.241.141/relations

annasom.com
checonstruct.com
chkonst.com
gaccconstrust.com
opentablesort.com
pulbaw.com
sectiondatas.com
sheconstanta.com
sheetsconstruct.com
sheetsdataaccess.com

# Reference: https://twitter.com/fr0s7_/status/1692906178110423221

http://35.246.28.111

# Reference: https://twitter.com/doc_guard/status/1693244869118963910
# Reference: https://www.virustotal.com/gui/file/d986c4d64650cdbb34bfbe5133846627db098f37f6c757d615f511d5a794507a/detection

http://192.210.175.4

# Reference: https://twitter.com/Gi7w0rm/status/1693432581583184029

http://83.217.9.18
83.217.9.18:443

# Reference: https://www.virustotal.com/gui/file/3e8ac08892d633b002ebe862b10025b870e33a7a69435886c2203aa352fd2025/detection

http://193.56.146.7
http://194.58.108.112
crazysheriff.com

# Reference: https://twitter.com/nahamike01/status/1693914776462901515

http://60.204.140.244
/shika_beacon.bin

# Reference: https://www.virustotal.com/gui/file/67b7a3c8418343b4726730196eb7c35b410f677636b158ff9e8b7603ee645cfe/detection

http://103.16.225.211
http://193.109.85.112
http://193.233.255.9

# Reference: https://twitter.com/reecdeep/status/1694273196910899288

http://96.9.208.75

# Reference: https://twitter.com/sicehice/status/1694532065050468464

http://79.110.48.58

# Reference: https://www.virustotal.com/gui/file/a08c36812818618f44782c3677c8b8b8159a1beacbad66adbe232e694d91176e/detection

http://65.109.160.103

# Reference: https://twitter.com/sicehice/status/1694549050584973690

http://188.68.242.169

# Reference: https://www.virustotal.com/gui/ip-address/192.3.223.26/detection

http://192.3.223.26

# Reference: https://www.virustotal.com/gui/file/558fcfd3568b805c1f7d3c6f4469d1fd7e750b9cddae2e090da6acffe4f9dcb1/detection

http://185.225.75.154

# Reference: https://www.virustotal.com/gui/file/ec8c114e9c0bd6154bd58396c72fabe79e2ffe70dea761cabc98b35186723360/detection

http://103.37.60.77

# Reference: https://www.virustotal.com/gui/ip-address/217.12.206.218/detection

http://217.12.206.218

# Reference: https://www.virustotal.com/gui/file/7a5efa51ae71f8a93dfb88504f5941bb7e46ea3b7b7c1859b8257d84106ee1ea/detection

http://185.149.146.210

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/2f951a74a5ba88b341ce63a29c0714bdd5c210a1

http://146.190.238.148
http://174.138.6.26
http://179.43.142.79
http://217.114.43.157
http://45.15.156.161
http://95.214.24.244
a0694046.xsph.ru

# Reference: https://twitter.com/petrovic082/status/1699766482517798930

http://95.214.27.55
http://95.214.27.56

# Reference: https://urlhaus.abuse.ch/browse/tag/RedLineStealer/

http://103.16.215.196
http://103.170.118.35
http://103.180.134.66
http://103.250.79.174
http://103.29.3.236
http://103.37.60.36
http://103.57.130.167
http://103.74.104.213
http://104.168.46.25
http://104.208.85.234
http://107.175.202.150
http://107.175.202.170
http://109.206.243.208
http://109.207.171.30
http://137.184.177.170
http://142.132.234.53
http://143.42.126.67
http://143.92.48.59
http://149.50.129.58
http://159.223.216.123
http://16.171.47.83
http://163.123.143.201
http://172.245.191.101
http://176.113.115.176
http://176.113.115.183
http://179.43.162.122
http://185.106.93.138
http://185.154.14.167
http://185.161.248.175
http://185.161.248.25
http://185.161.248.37
http://185.225.73.56
http://185.225.73.86
http://185.225.75.194
http://185.252.179.228
http://192.210.255.49
http://192.3.108.47
http://192.3.109.135
http://192.3.109.162
http://192.3.193.171
http://192.3.216.144
http://192.3.23.247
http://192.3.26.168
http://193.142.59.113
http://193.142.59.172
http://193.201.9.240
http://193.233.20.16
http://193.233.20.18
http://193.233.20.21
http://193.233.20.22
http://193.3.19.157
http://193.3.19.158
http://193.3.19.251
http://193.42.33.216
http://193.56.146.10
http://193.56.146.210
http://194.169.175.138
http://194.180.48.72
http://194.50.153.183
http://194.55.224.13
http://194.59.218.151
http://198.23.187.135
http://198.46.177.160
http://20.234.58.62
http://209.145.51.44
http://212.113.106.252
http://217.182.46.178
http://217.196.96.98
http://23.94.148.51
http://23.94.37.197
http://23.95.122.126
http://31.41.244.202
http://34.101.154.50
http://45.144.66.232
http://45.15.159.174
http://45.15.159.230
http://45.15.159.69
http://45.80.29.139
http://45.81.39.190
http://45.95.67.38
http://47.111.23.242
http://5.206.227.115
http://5.252.177.91
http://5.255.105.147
http://5.42.199.124
http://5.75.199.27
http://62.204.41.112
http://62.204.41.119
http://62.204.41.248
http://62.204.41.251
http://62.204.41.90
http://65.109.165.65
http://65.21.3.192
http://77.91.124.231
http://77.91.124.47
http://77.91.124.5
http://77.91.68.157
http://77.91.77.241
http://77.91.77.53
http://77.91.78.166
http://77.91.84.172
http://79.110.49.136
http://79.137.194.203
http://79.137.206.226
http://80.85.241.84
http://80.85.241.98
http://83.97.73.126
http://83.97.73.128
http://83.97.73.130
http://83.97.73.131
http://84.54.50.77
http://85.208.139.242
http://87.121.221.58
http://88.218.61.38
http://89.185.85.189
http://89.208.104.62
http://91.103.252.189
http://91.103.252.204
http://91.210.224.40
http://93.183.72.7
http://93.183.73.20
http://94.130.228.214
http://94.156.253.108
http://94.228.169.191
http://95.179.197.56
http://95.214.27.254
http://95.216.143.153

# Reference: https://twitter.com/James_inthe_box/status/1701241082934092060

http://192.3.172.208

# Reference: https://twitter.com/James_inthe_box/status/1701228919410815190

http://23.95.122.91

# Reference: https://twitter.com/James_inthe_box/status/1701588159224840332

http://23.94.239.122

# Reference: https://twitter.com/g0njxa/status/1702041635343773759

http://171.22.28.208

# Reference: https://www.virustotal.com/gui/file/9f284bc1348a3f5e22dea564278f787eca8df824a9f8ded3dc6ec1cc8be6318e/detection

http://179.43.162.96

# Reference: https://threatfox.abuse.ch/ioc/1163977/

http://64.188.13.135

# Reference: https://twitter.com/r3dbU7z/status/1703053664443945002

http://94.131.99.140

# Reference: https://twitter.com/ViriBack/status/1703386287405711630

motioncontorlshop.com

# Reference: https://www.virustotal.com/gui/file/031daed402811261fd30ee19e846074bcb3bde5721c8024fb0d4631449159416/detection
# Reference: https://www.virustotal.com/gui/file/72ab003512da5dfcd370a411011de59d202a8447acfa3f28fb9a267f4e4a3b71/detection

http://8.218.169.130

# Reference: https://www.virustotal.com/gui/ip-address/47.74.51.220/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.208.22.78/relations

newsoftup.com
topupdatesoft.com

# Reference: https://research.checkpoint.com/2023/unveiling-the-shadows-the-dark-alliance-between-guloader-and-remcos/

http://38.242.193.23

# Reference: https://twitter.com/jstrosch/status/1704273520421736771

http://195.3.223.234

# Reference: https://twitter.com/r3dbU7z/status/1704851480405295495

http://45.66.230.113

# Reference: https://twitter.com/r3dbU7z/status/1704854108455551274

http://89.58.44.125

# Reference: https://www.virustotal.com/gui/file/014797cac586da92f12bea4cda0d400105e0732e1403b51d794cde02c22beeb9/detection

http://195.2.74.10

# Reference: https://www.virustotal.com/gui/ip-address/45.9.148.28/relations

http://45.9.148.28
45.9.148.28:443
dlkfjdslkfjspofuoermeroivoirev.com

# Reference: https://twitter.com/g0njxa/status/1707079932977774661

http://167.88.160.150

# Reference: https://twitter.com/malwrhunterteam/status/1710574202531496208

svo-nagrada.com

# Reference: https://twitter.com/karol_paciorek/status/1712422451534045305

http://194.180.48.248

# Reference: https://twitter.com/1ZRR4H/status/1712597100876140616

http://217.196.96.217

# Reference: https://twitter.com/g0njxa/status/1715081804649046128

http://195.130.202.18

# Reference: https://www.virustotal.com/gui/file/19717024f0f46fdaae7ff1a61ea414f7ff84af8fb20203738beaf8d2d0a6e85a/detection

http://171.22.28.213
http://185.216.70.222

# Reference: https://tria.ge/231030-hwtj2sbf4x/behavioral1

http://94.228.168.226

# Reference: https://twitter.com/karol_paciorek/status/1719257691086901347

http://124.223.55.73

# Reference: https://twitter.com/karol_paciorek/status/1719991069075534068
# Reference: https://tria.ge/231102-jhepeaba42/behavioral1

http://45.61.160.199

# Reference: https://twitter.com/banthisguy9349/status/1720106681336557608

http://146.190.168.240

# Reference: https://www.virustotal.com/gui/file/04fd3794814871b31fef000b51e51b6c20ad7646b3c74a585a668f95cf14fa06/detection

http://91.215.85.15

# Reference: https://www.virustotal.com/gui/file/336bdd325de95e6ed91b86db85aaf99a673b681c2e4d7611675c04492f0edb81/detection
# Reference: https://www.virustotal.com/gui/file/89a71662a8c7bb15d26bad72aded5d84af2670ec9dd7877105e4b8d6658e1178/detection

lokefa.biz
cc.lokefa.biz

# Reference: https://twitter.com/karol_paciorek/status/1721423283323564531

http://206.189.20.127

# Reference: https://twitter.com/karol_paciorek/status/1721516368984461620

http://82.115.223.78

# Reference: https://www.virustotal.com/gui/ip-address/136.243.151.123/relations

http://136.243.151.123

# Reference: https://www.virustotal.com/gui/file/2aa3c6dd94498a7a640f8c4aef123024be8edc16d77da79f84354339aff235b3/detection

http://194.49.94.67

# Reference: https://twitter.com/karol_paciorek/status/1723024066112557542

http://54.90.216.100

# Reference: https://www.virustotal.com/gui/file/ee9735fac7826f59fa94510188bba3b1feac251cb5e2bda5d1263a06c2f3cf75/detection

africatechs.com
imagebengalnews.com
marrakechfolkloredays.com/clips.exe
skkassociates.com/5ea275.exe

# Reference: https://www.virustotal.com/gui/file/fa90294c2cd7c12d68524c55cc5ed0e3276d0a7bbce8fedec1e0cf679e521298/detection

http://5.42.92.93

# Reference: https://www.virustotal.com/gui/file/01c52fb377d59ee5c9ac7db9cbf58186f6470f3a5c78d378bc2a0cb79627c2fe/detection

http://193.47.61.250

# Reference: https://www.virustotal.com/gui/file/024d4cc08b1badd5d5c72d09eb638fec489fec3953a14fd1a9208e11f88f85ac/detection

http://216.108.230.28

# Reference: https://twitter.com/kddx0178318/status/1726565163107766513

http://159.89.50.225

# Reference: https://twitter.com/malwrhunterteam/status/1727243723065463101

http://82.147.85.169

# Reference: https://twitter.com/crep1x/status/1727970393237983640
# Reference: https://tria.ge/231124-j8b17shh91/behavioral2

http://185.172.128.160

# Reference: https://twitter.com/g0njxa/status/1729232608830394409
# Reference: https://twitter.com/g0njxa/status/1729235418825343406
# Reference: https://www.virustotal.com/gui/file/0808202fc3bd5e570b2106a4f991de5beeee739960b1167a590da92727b813a6/detection

http://176.120.64.136
http://84.246.85.41
http://95.164.87.58

# Reference: https://twitter.com/k3yp0d/status/1729908135375020125
# Reference: https://www.virustotal.com/gui/file/ff0179442402fa306c85ba83a87df2cc46d13012a1e2819e73a6b3586c5c8dc3/detection
# Reference: https://www.virustotal.com/gui/file/9745eaca508255646d2039383150952955f49196767a160968fcf83130ad9a90/detection
# Reference: https://www.virustotal.com/gui/file/93988c13f8e6dc3cc6d9256992d417057e164785c1ad05f6984fc769af5b597a/detection
# Reference: https://www.virustotal.com/gui/file/5901691afd331944b38939588b1ac7480c1ea76ba32c703bb61af1be4c72bb50/detection

http://94.156.71.74

# Reference: https://www.virustotal.com/gui/file/8fe98ae573432ec9f94b3ad6ed10bef5f3a5308751842c3a5f8f4fcd1786028b/detection

http://3.145.88.189

# Reference: https://twitter.com/1ZRR4H/status/1729989615795290612

http://37.48.108.40

# Reference: https://twitter.com/AlvieriD/status/1730331193676079512

http://51.255.46.245

# Reference: https://twitter.com/fmc_nan/status/1730473372667310343

publicpolicyfiles.info
/YsadjhWEiusadWjha34g/

# Reference: https://www.virustotal.com/gui/file/c19b457db06b149c100dd8273757362f0dd2d972b82cda0c49eb849b748a9e35/detection
# Reference: https://www.virustotal.com/gui/file/2c0b94ce8d181d6e70c050572ce521314ff2810494be61332513b3293a0ff04a/detection

http://45.144.28.76

# Reference: https://twitter.com/karol_paciorek/status/1729070903936565401

http://122.144.6.226

# Reference: https://twitter.com/karol_paciorek/status/1730544154113913108

http://161.35.124.71

# Reference: https://app.any.run/tasks/f30a98fb-a904-46db-89e8-988b9bd1cdd5/

http://5.42.64.35
http://91.92.250.161
graspalace.com
stim.graspalace.com

# Reference: https://www.virustotal.com/gui/file/be0dc158152fc2de2e3552779884f45e7ac9cb1a62456d23d0a6ee78e357c757/detection

http://5.181.80.172

# Reference: https://www.virustotal.com/gui/file/00d1f5a79ae5c2d5fe9125408473e2d3cf1bf2be593ffba52bb258b1b8ddbce3/detection

http://185.196.8.238

# Reference: https://twitter.com/tosscoinwitcher/status/1735088307246338123

books.ttc.edu.sg

# Reference: https://twitter.com/kienbigmummy/status/1736685822278320582

http://172.245.208.4

# Reference: https://www.virustotal.com/gui/file/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce/detection

http://89.23.101.11

# Reference: https://twitter.com/ULTRAFRAUD/status/1737156172967227718
# Reference: https://www.virustotal.com/gui/file/19e6bb8cc19a7d08f07bb2feb3ed68f83b6b7027a812b6e5cb7589f3721a81cd/detection

acrobat-download.pages.dev

# Reference: https://www.virustotal.com/gui/file/00331e30a238c216d8dafd37ccc46fbaecf71d6040c7ed490b769396dd06138d/detection

jorjifornk.live

# Reference: https://www.virustotal.com/gui/file/87b9a298088ed30406e897f152ad34f0e3e50bce09b317a50286a81cbc7913fd/detection

http://62.84.96.105

# Reference: https://www.virustotal.com/gui/file/15a9668dd97b402ed3cfe390a61af803f076d4b3876086d26ab4c4211c145c7e/detection

http://77.91.68.21

# Reference: https://twitter.com/malwrhunterteam/status/1748735466248028659
# Reference: https://www.virustotal.com/gui/file/b79bc27c296bc7360d1f7f9199af6266d58f4c1140d3e54a974b4cd990d9076c/detection

http://51.210.106.154

# Reference: https://www.virustotal.com/gui/file/2a80fbf0919eaf7f46f8d84bc9657bbebb041a02d0e9b6a0cc66ed925dbfeff1/detection

http://163.5.215.242

# Reference: https://www.virustotal.com/gui/file/6e67ad1a4aaf6373ca42ed195ff7a1bf1752bee36ac9d7c129f021a29ec2fab0/detection

http://91.92.247.96

# Reference: https://www.virustotal.com/gui/file/006a32e2f235b193697cf1a5304530f5688ac362b5bcb38617d500e72b28375e/detection

http://109.107.182.3

# Reference: https://twitter.com/ybspro_official/status/1736239437007450311
# Reference: https://www.virustotal.com/gui/file/69be02c5a5f62002a2210c37378b9bf6dc943640d88f4c6545c421c6bcc741e8/detection

0aczpd.top
eg8ga8.com
sjxshx.top
whjsmdhum5.icu
kkweb.sjxshx.top
ssweb.0aczpd.top
wss.eg8ga8.com

# Reference: https://www.virustotal.com/gui/file/d35648979ad90bdd1f27896dd66d77e9972a6b5b86d3ae88c556dd7bbafbd7fa/detection

http://91.92.252.194

# Reference: https://twitter.com/banthisguy9349/status/1752335418253566314
# Reference: https://twitter.com/banthisguy9349/status/1752333552006410496

http://193.35.18.17
http://193.35.18.38

# Reference: https://twitter.com/Jane_0sint/status/1752289153319051511
# Reference: https://twitter.com/malwrhunterteam/status/1755196841866522727

poisontoolz.com
magic.poisontoolz.com
power.poisontoolz.com

# Reference: https://www.virustotal.com/gui/file/137aaf991507d90ad86343ea960b798f349504fcbdc3b004ffd9a50366b6c1b9/detection

http://109.107.182.40
http://185.196.10.146

# Reference: https://twitter.com/banthisguy9349/status/1754214111863591389

http://5.42.64.3

# Reference: https://twitter.com/banthisguy9349/status/1755133340959625622

http://159.253.214.149

# Reference: https://twitter.com/banthisguy9349/status/1757036445045317687
# Reference: https://www.virustotal.com/gui/file/d58e9bf9a9580351f63b58f032835693845a3aab0db24791ba67eff6411b49f3/detection

http://206.238.220.26
206.238.220.26:443

# Reference: https://twitter.com/banthisguy9349/status/1758125817115128160
# Reference: https://www.virustotal.com/gui/file/1fa0501aff8e0af858e612110c4f0f8caddde562c8ad6d8d48d446691eb45b27/detection

http://5.181.80.99
cheatful.cc

# Reference: https://twitter.com/Threat_Down/status/1758191703251472503
# Reference: https://www.virustotal.com/gui/ip-address/45.83.178.195/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.42.67.1/relations

2xcrypto.cc
2xeth.cc
acrbrigde.io
airdrop-enosys.global
airdrop-injective.com
airdrop-pendle.finance
airdrop-zetablockchain.com
allowlist-mavia.com
astration.io
bgtrade.gift
bitmusk.co
cealtis-app.com
chainlink-treasury.com
charschvwab.com
citaexpress.mx
claim-fairdesk.com
claimdune.com
claimmassa.com
claims-matic.com
claimsart.com
claimsdune.com
claimsquant.com
claimsrlb.com
claimsxen.com
claimxspectar.com
crypteriumplay.com
crypteriumplay.io
cryptmusk.com
dinoerc.com
earnis.xyz
eligibility-layerzero.com
eligible-layerzero.com
enroll-wormhole.com
eth2x.cc
ethmusk.com
ethmusk2x.cc
event-manta.network
form-beincrypto.com
freecad-en.com
freecad-en.net
freecad-en.org
freecad-eng.com
freecad-eng.net
freecad-eng.org
freecadsft.com
freecadsft.net
freecadsft.org
freecadtech.com
freecadtech.net
freecadtech.org
freecadtechs.com
freecadtechs.net
freecadtechs.org
freecadtecs.com
freecadtecs.org
gearupbooster.io
insurancemao.com
joins-neotokyo.codes
jointhegrapes.xyz
launchpad-starknet.io
linea-claims.com
mainnet-blast.io
maskcrypto.cc
maskx2.com
matic-claim.com
mint-neotokyocodes.com
mint-synthtopia.world
muskbtc.cc
muskbtcx2.com
muskdrop.cc
musketh2x.cc
muskx2.com
ninjachetcs2.com
oldworldstuffs.com
paltform-ambire.org
panterapolls.org
parsec-en.com
parsec-en.net
parsec-en.org
parsec-eng.com
parsec-eng.net
parsec-eng.org
parsec-online.org
parsecsft.com
parsecsft.net
parsecsft.org
parsecsoft.net
parsectechs.com
parsectechs.net
parsectechs.org
parsecworks.net
playcrypterium.com
playcrypterium.io
pools-friend.tech
redirect-mavia.com
redirect-wormhole.com
saitamatokens.com
sledgehammer-app.com
solana-ambire.org
space-invisiblefriends.com
synthetixclaim.com
token-saga.xyz
voteambires.org
winscp-en.com
winscp-eng.com
winscp-eng.net
winscp-eng.org
winscptechs.com
winscptechs.net
winscptechs.org
worldcrypterium.com
worldcrypterium.io
x2eth.cc
yggclaim.com
zapper.gifts

# Reference: https://twitter.com/karol_paciorek/status/1755939550881276136

http://103.175.16.55

# Reference: https://twitter.com/karol_paciorek/status/1756954512810524798

http://20.201.116.50

# Reference: https://twitter.com/banthisguy9349/status/1760298819713941667

http://194.48.250.71

# Reference: https://twitter.com/banthisguy9349/status/1764913875101606229

http://103.183.113.17

# Reference: https://twitter.com/banthisguy9349/status/1765361402103894197

http://91.92.247.179
http://91.92.248.21

# Reference: https://twitter.com/banthisguy9349/status/1765365349711581323

http://147.124.217.110
147.124.217.110:443

# Reference: https://twitter.com/banthisguy9349/status/1767128739962335640

http://94.156.69.140

# Reference: https://twitter.com/banthisguy9349/status/1767921346837680478

http://107.175.69.54

# Reference: https://twitter.com/banthisguy9349/status/1772665108419719561

http://185.196.9.191

# Reference: https://twitter.com/r3dbU7z/status/1773114422933737968

poltosnevopros.com

# Reference: https://twitter.com/banthisguy9349/status/1773663691365306450

http://185.148.241.107

# Reference: https://twitter.com/r3dbU7z/status/1773776394670977304
# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.178/relations

findreaders.com
idplays188.com
notiontry.co
protranslated.com
rtpcuan138.com
trynotion.ceo
trynotion.org
notion.findreaders.com
notion.idplays188.com
notion.protranslated.com
notion.rtpcuan138.com

# Reference: https://www.virustotal.com/gui/ip-address/194.116.214.225/relations
# Reference: https://www.virustotal.com/gui/file/98f6ecc60e016311511ce920220598b33eb9671e7c71254e76d638d0f2a45883/detection

drop-download.com

# Reference: https://twitter.com/r3dbU7z/status/1777308083762384907

interrating.net

# Reference: https://www.virustotal.com/gui/domain/packetinfo.com/relations

packetinfo.com

# Reference: https://www.virustotal.com/gui/domain/appxoxo.com/relations

appxoxo.com

# Reference: https://threatfox.abuse.ch/browse/tag/Nitrogen/ (# 2024-04-11)

file-zilla-projectt.org
infoputty.com
pputy.com
putt-get.com
puttyy.ca
puuty.org
ssh-client.co

# Reference: https://www.virustotal.com/gui/domain/micrisoftdrivers.com/relations

micrisoftdrivers.com
catalog.micrisoftdrivers.com

# Reference: https://www.virustotal.com/gui/file/b75bcac5ec35390643667804d61f521bc5345291b9955319a44957c6b933dd90/detection

http://45.41.241.41

# Reference: https://twitter.com/banthisguy9349/status/1780230441993125893

http://147.45.178.5
http://81.19.141.13
http://94.156.67.22

# Reference: https://twitter.com/malwrhunterteam/status/1780702428343808069

tceh.us

# Reference: https://twitter.com/banthisguy9349/status/1782118382076088376

http://94.156.8.104

# Reference: https://twitter.com/ShanHolo/status/1779809614109856215

puttyy.com

# Reference: https://twitter.com/ShanHolo/status/1781929665923350896

http://193.233.132.234

# Reference: https://twitter.com/banthisguy9349/status/1782378150313296012

http://87.120.84.140

# Reference: https://twitter.com/g0njxa/status/1782877937257087472

fortnitehack.download

# Reference: https://twitter.com/BlinkzSec/status/1783197042707476990

http://124.241.30.45
http://195.130.202.79

# Reference: https://twitter.com/BlinkzSec/status/1783197039037460553

http://195.130.202.36

# Reference: https://twitter.com/banthisguy9349/status/1785245803453231385

http://85.239.238.79

# Reference: https://twitter.com/JustWantToQ1/status/1786693268576600211
# Reference: https://twitter.com/JustWantToQ1/status/1786693417059152088
# Reference: https://twitter.com/JustWantToQ1/status/1786693721343312007
# Reference: https://twitter.com/JustWantToQ1/status/1786694114169278790
# Reference: https://twitter.com/JustWantToQ1/status/1786694462032265404
# Reference: https://twitter.com/JustWantToQ1/status/1786695311794073946
# Reference: https://twitter.com/JustWantToQ1/status/1786697020008288623
# Reference: https://twitter.com/JustWantToQ1/status/1786697637221077099
# Reference: https://twitter.com/JustWantToQ1/status/1786699168074862787
# Reference: https://twitter.com/JustWantToQ1/status/1786699281056845939
# Reference: https://twitter.com/JustWantToQ1/status/1786699704840966147
# Reference: https://twitter.com/JustWantToQ1/status/1786700180403740732

http://103.127.83.1
http://103.84.90.148
http://107.151.244.248
http://111.230.103.58
http://124.220.200.241
http://128.223.51.19
http://134.122.132.30
http://140.143.187.51
http://154.12.86.164
http://154.91.195.27
http://154.91.228.225
http://193.168.145.240
http://20.234.166.219
http://206.238.115.168
http://38.6.153.10
http://45.157.69.179
http://54.233.141.78
http://66.42.43.179
103.158.37.94:8080
111.67.192.181:888
124.248.65.242:8899
144.48.223.202:5001
192.227.146.252:8080
211.101.247.89:9099
38.6.164.106:8080
43.248.101.146:8899

# Reference: https://twitter.com/JustWantToQ1/status/1786701139343212801
# Reference: https://www.virustotal.com/gui/ip-address/8.217.129.51/relations
# Reference: https://www.virustotal.com/gui/file/2cc443c1b60701015116a7a80ed06f0f89a50c74fde4bf2476bcee7ccedf1af3/detection

http://45.76.20.86
00281.cn
1523xh.cn
841ihg.cn
cbpxfzo.cn
dektyux.cn
gfqfoqz.cn
jaanxyk.cn
news700.cn
npfixcb.cn
p48kxd.cn
p9143i.cn
pnpzvea.cn
pssmgwc.cn
qwzxqdl.cn
anonymous.mobi
anonymous.vin
qizong.xyz
youbi.co
888.anonymous.mobi
quick.anonymous.vin
tf.anonymous.mobi
xs.anonymous.mobi
yk.youbi.co

# Reference: https://app.validin.com/detail?type=dom&find=payload.exe

http://104.248.53.100
http://164.152.111.201
http://185.148.241.244
http://34.16.143.104
http://45.66.230.22
http://46.119.220.241
http://54.234.139.53
http://82.31.123.157
http://90.15.154.112
files.symo.dev
server.nkcontabilidade.com.br

# Reference: https://twitter.com/JustWantToQ1/status/1787075115823337564

http://43.156.247.227
http://45.204.80.87
http://46.23.108.251
http://85.203.4.146

# Reference: https://www.virustotal.com/gui/file/9138d498545eaa4fe2e96c37329014d1255ece8ba5130d45b1e0518be5600dfa/detection
# Reference: https://www.virustotal.com/gui/file/edfd7a54e73d5c28b3f0838fd38ed7c689de8ca9ff962f4fb954348bb216cbec/detection

dessinanime.org
a.dessinanime.org
b.dessinanime.org
hostedsecurefileso.000webhostapp.com

# Reference: https://x.com/r3dbU7z/status/1791427143890616353
# Reference: https://www.virustotal.com/gui/file/fa84b9a89565c6271b53d14cb706a8143869bb6b52919a7c299bcdfd0084bbed/detection

mercado-seg.site

# Reference: https://x.com/petrovic082/status/1792468229916336331
# Reference: https://app.any.run/tasks/aa740191-33b6-4bbb-bf58-ae302fa9b48e/

http://5.42.96.170
http://5.42.96.78

# Reference: https://x.com/banthisguy9349/status/1793311629087519142

http://94.16.119.223

# Reference: https://x.com/banthisguy9349/status/1792867290519687679

http://104.234.204.67
104.234.204.67:443

# Reference: https://x.com/lontze7/status/1795724219608916010

http://89.23.96.113

# Reference: https://www.virustotal.com/gui/file/e158171cee1cd932a42f0fc480644b6098e541108f0dab559d2b161a5daba63c/detection

http://103.219.154.129
http://204.137.14.135
http://91.202.233.231

# Reference: https://www.virustotal.com/gui/file/2d8524c8b31583d8237455c7211f486667d4cd9ae7db7ac4bab3cbde6b9a5e7b/detection

http://91.202.233.232
http://94.232.45.38

# Reference: https://x.com/ShanHolo/status/1791374709658927222

http://192.3.216.56
http://192.3.239.30

# Reference: https://x.com/banthisguy9349/status/1798435454641193460

http://94.156.64.91

# Reference: https://x.com/doc_guard/status/1804498032685170835
# Reference: https://www.virustotal.com/gui/file/07d66d5f867572bfbed2128def7e1aa43792de09f3d709c77241f0950295f579/detection

http://91.92.120.127
hassanyaghtin.ru.com

# Reference: https://x.com/c_APT_ure/status/1805572570323784114
# Reference: https://www.virustotal.com/gui/file/7bc2536f2b4f69cb20c0d7f996aaedafab15cf4d73f54792e74ac72be3ecf01f/detection

http://104.194.134.68

# Reference: https://www.virustotal.com/gui/file/42cadc25aa22d894670084395c8e8d711a2d5f371888e6c9e46269cdf46fa719/detection

http://45.59.118.51

# Reference: https://x.com/banthisguy9349/status/1808897135489757260

http://91.142.77.83

# Reference: https://x.com/James_inthe_box/status/1811143010777977010

http://57.180.253.244

# Reference: https://x.com/malwrhunterteam/status/1814742192830689546

officialphoenix.com/jadu/

# Reference: https://x.com/banthisguy9349/status/1814916027320291407

http://185.196.9.251

# Reference: https://x.com/ShanHolo/status/1818220546980507957

http://45.61.136.185

# Reference: https://x.com/banthisguy9349/status/1818724463971910010

http://147.45.44.100
147.45.44.100:8001

# Reference: https://www.virustotal.com/gui/file/00455181b93b059b2cf3c5cebfa85b18cd952a7491d4d902d51ad1b1cc1ed4e6/detection

ftp21.cc
down.ftp21.cc
ftp.ftp21.cc
hook.ftp21.cc
ssl.ftp21.cc

# Reference: https://x.com/banthisguy9349/status/1819388663031070949

http://45.86.86.75

# Reference: https://x.com/banthisguy9349/status/1819731358022877228
# Reference: https://urlhaus.abuse.ch/host/47.110.247.171

http://47.110.247.171

# Reference: https://www.virustotal.com/gui/file/390616bcc31369fc8fe1b83e8d4bffc64a9a9663fa9c00806fa15c1ec3897546/detection

funletters.net

# Reference: https://www.virustotal.com/gui/file/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce/detection

http://103.133.214.139
http://106.54.47.178
http://154.91.83.219
http://158.101.28.192
http://185.172.128.228
http://185.172.128.59
http://23.94.54.101

# Reference: https://x.com/banthisguy9349/status/1820075321753764052
# Reference: https://urlhaus.abuse.ch/url/3088294/

http://83.97.73.202

# Reference: https://x.com/banthisguy9349/status/1820487883738013878
# Reference: https://urlhaus.abuse.ch/host/193.203.238.55/

http://193.203.238.55

# Reference: https://x.com/banthisguy9349/status/1820497300755755195

http://188.40.78.204
http://45.131.66.20
http://45.131.66.65
http://45.89.127.155
http://5.101.179.214
http://5.182.207.10
http://91.200.100.86

# Reference: https://x.com/banthisguy9349/status/1820535382611730873

http://193.32.162.25
http://51.77.140.74

# Reference: https://x.com/x0verloadx/status/1820609777111871930

http://193.32.162.25
http://51.77.140.74

# Reference: https://www.virustotal.com/gui/file/2061dec80f6d248a35748d31493ed5337aa980c3641777faff8f8e5d22d1dc30/detection

proton-ti-ru.1gb.ru

# Reference: https://x.com/RakeshKrish12/status/1825427919532900450

http://159.203.225.195
remotetools.tech2u.com

# Reference: https://www.virustotal.com/gui/file/0a40d445fa8d83d2b7019d692542148c8f17f07e5afd998e3c422a49f4df7d97/detection

http://147.45.44.131

# Reference: https://x.com/r3dbU7z/status/1827337582038151402
# Reference: https://app.validin.com/detail?find=vape.exe&type=dom&ref_id=6c65992899b#tab=host_pairs_v2

http://172.104.175.166
http://172.232.142.101
http://192.46.209.237
http://45.79.169.153
christosxen.site
poserfetish.com

# Reference: https://www.virustotal.com/gui/file/8568a043bbf74369e69ddc8d59d78f10260810e4b551ab4b0284106f3cfbbbd3/detection

cilyseyann.org
keauniolas.org
saasishub.org

# Reference: https://x.com/malwrhunterteam/status/1828174169273511947
# Reference: https://www.virustotal.com/gui/file/d863d9572524236e97528275899b73ffe7f182b4824bd7efc12a2e8ae3e8955e/detection
# Reference: https://www.virustotal.com/gui/file/5dd24b369d9545a6f381c5c29c3762e6a7c8f3e806ebdfa09ef682db459c2cee/detection
# Reference: https://www.virustotal.com/gui/file/44d3fbf225fc3e6ae2bf8b68f3dd69fc180d29e2b69ff8f53c83ce78c07845ce/detection

ad87h92j.com
web.ad87h92j.com

# Reference: https://www.virustotal.com/gui/file/08cf326108782473dbc008955009ca9273f93cdb53871c94eced72e2448aeef8/detection

http://147.45.47.81

# Reference: https://x.com/cyberfeeddigest/status/1828389688161206304

http://192.140.225.33

# Reference: https://www.virustotal.com/gui/ip-address/93.123.39.173/relations

http://93.123.39.173

# Reference: https://x.com/karol_paciorek/status/1829447674623410387

http://85.208.108.182

# Reference: https://x.com/Huntio/status/1830512931945222604

http://134.249.131.123
134.249.131.123:443

# Reference: https://x.com/ShanHolo/status/1831715325173244108

http://154.216.20.170

# Reference: https://x.com/banthisguy9349/status/1832001699126362394

http://94.156.69.91

# Reference: https://x.com/banthisguy9349/status/1832014510359482580

http://195.18.23.81
195.18.23.81:8000

# Reference: https://x.com/cyberfeeddigest/status/1833824361918128212
# Reference: https://www.virustotal.com/gui/file/57b29aed7eae1c61815cfa73b0d17177b96bdccc43ebc8616b32d94a65a04305/detection

korea.addnt.ru

# Reference: https://x.com/banthisguy9349/status/1835291311882326216

http://139.180.221.240
http://141.164.38.31
http://147.189.169.166
http://149.28.53.205
http://172.245.173.168
http://193.233.48.63
http://195.85.114.50
http://207.148.88.226
http://209.141.35.225
http://213.232.115.49
http://45.76.94.51

# Reference: https://x.com/banthisguy9349/status/1835721423601443037

http://103.130.147.211

# Reference: https://www.virustotal.com/gui/file/4246e68694277751281a131fa90e660da6b02d1eb95d0d3aa52d2c6180583512/detection
# Reference: https://www.virustotal.com/gui/file/9221ee57f825e241fb90d0e991298b06403f816c3965130c2cc164fb0d15beae/detection

http://147.45.43.197
http://79.137.197.159
http://79.137.202.22

# Reference: https://x.com/tosscoinwitcher/status/1836191156004360620
# Reference: https://tria.ge/240917-z7ezgavgjh/behavioral1

http://203.69.64.200

# Reference: https://x.com/cyberfeeddigest/status/1837200915155275946
# Reference: https://www.virustotal.com/gui/file/3181b9e14bffa3e661dbe542f0b90b81023c47025948f6c0757299e7e6471051/detection

http://160.25.72.207

# Reference: https://x.com/cyberfeeddigest/status/1837934557095776431
# Reference: https://www.virustotal.com/gui/file/c5a3e91b24d47ad645c7fb9b4ac0ca12898dd0728467f05fbc066ed300d7938a/detection

http://185.240.104.133

# Reference: https://www.virustotal.com/gui/ip-address/45.14.246.53/relations

kbokopin.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering

http://185.217.197.84
http://89.23.98.98

# Reference: https://www.virustotal.com/gui/file/030fcc7717abd44083b6595ca0a44c0cdbcc152c804e15a65b6d1b606cce3c17/detection

http://66.63.187.123

# Reference: https://x.com/malwrhunterteam/status/1839258008204779861
# Reference: https://www.virustotal.com/gui/file/934a35f92555d0004e1fb78fd91f6dd33036afa329c0900969adb07305231f74/detection

appnotrix.com
nesssagetress.s3.eu-north-1.amazonaws.com

# Reference: https://x.com/cyberfeeddigest/status/1839375752128602458

http://154.12.36.162
154.12.36.162:443

# Reference: https://x.com/banthisguy9349/status/1839937406969020433

/Bypass%20Windows%20Defender/
/Bypass_Windows_Defender/

# Reference: https://x.com/cyberfeeddigest/status/1840182934583550183

try.paf.ninja

# Reference: https://x.com/_JohnHammond/status/1839920699949080716

http://95.85.34.71

# Reference: https://x.com/cyberfeeddigest/status/1840360763606585740

tdhost.dk/download/

# Reference: https://x.com/cyberfeeddigest/status/1840646455037505584

2dan.cc/download/

# Reference: https://x.com/cyberfeeddigest/status/1840644878989983903

sebastianmihai.com/downloads/

# Reference: https://x.com/cyberfeeddigest/status/1840839874988917079

root.cern/download/

# Reference: https://x.com/cyberfeeddigest/status/1840643535499923498

http://190.92.116.190

# Reference: https://x.com/ShanHolo/status/1841010497723797510

http://192.3.220.22

# Reference: https://www.virustotal.com/gui/file/01d432dc43060e6280d11393f5110c8dd9a45c2832433ba133d363a2f0ae4137/detection

londontownlink.com

# Reference: https://x.com/cyberfeeddigest/status/1844355639801163952

master.elant.cz

# Reference: https://x.com/Cryptolaemus1/status/1846565573439754356

http://91.225.219.174

# Reference: https://x.com/9823f_/status/1847256664757412188

http://194.5.152.215

# Reference: https://x.com/banthisguy9349/status/1847611599881662895
# Reference: https://urlhaus.abuse.ch/host/152.89.239.119/
# Reference: https://www.virustotal.com/gui/file/98fe4a111c262f5313f299df6c23d3601aaa325cc6e436bbc25864a97ce30755/detection

http://152.89.239.119
xamplex.de

# Reference: https://x.com/cyberfeeddigest/status/1847449464799449183

mhc-e1mas.altsolve.com

# Reference: https://x.com/banthisguy9349/status/1847945297906847888
# Reference: https://urlhaus.abuse.ch/host/147.45.180.126/

http://147.45.180.126

# Reference: https://x.com/ShanHolo/status/1850138336393863678

http://107.175.113.214

# Reference: https://www.virustotal.com/gui/file/08d73aa2c382ba0828591c7e0f3904b235c1a3643f4b1033d84963bc8eade46f/detection

http://62.204.41.194

# Reference: https://x.com/banthisguy9349/status/1851325410933686719

dl.jrdesklabs.com

# Reference: https://x.com/ShanHolo/status/1851538934997647650

http://193.233.48.194

# Reference: https://www.virustotal.com/gui/file/83eaa1b744a80100205ef0df2fc1e0b161ae8e0deae153b9dcad6c889e76fd82/detection

http://154.216.17.170

# Reference: https://x.com/cyberfeeddigest/status/1855736606076108986

http://193.2.0.110
www2.arnes.si/~sopgrbas/mirk/intranet/mirk05/

# Reference: https://x.com/malwrhunterteam/status/1856408735800754302
# Reference: https://www.virustotal.com/gui/file/ec9320875fe14415e6a5b12ccd957ac36ca6b3349c7357836d896199fcd662ea/detection

myaccount-ssa.info

# Reference: https://x.com/tosscoinwitcher/status/1858588990678724873

http://45.202.33.25

# Reference: https://x.com/cyberfeeddigest/status/1859237927005430052

dl.jacksonit.co.uk

# Reference: https://x.com/DaveLikesMalwre/status/1860366437434417343
# Reference: https://app.any.run/tasks/ecd46a59-3878-4e36-a4b8-8b26a0d56a11

http://192.81.132.76

# Reference: https://x.com/cyberfeeddigest/status/1860411649896939674

http://103.178.17.35

# Reference: https://www.virustotal.com/gui/file/3b087fe0e4002c5a02e66b34829a1471c1d524dcd103e6632bbe933339f53328/detection

fegg.ru

# Reference: https://twitter.com/vinopaljiri/status/1481707473534951428
# Reference: https://bazaar.abuse.ch/sample/e39c7edbd6d906a8c2c3b5bd2825dd11b7e0ca57a80802da11c202f9a5154c13/#comments
# Reference: https://www.virustotal.com/gui/file/7e1f267168a9c065009aedae592610e35c37eb59a04167bb5d982ca54fab2536/detection
# Reference: https://www.virustotal.com/gui/file/62128124274283114c9e1a4ee695bdbb3ef9892d8588830820dd2049bcb054d7/detection

http://193.56.146.34
193.56.146.34:6666
193.56.146.34:7777

# Reference: https://www.virustotal.com/gui/file/affe48775d86f29b81657a2d916ea72d9ea313286487df3f455523db1abc4992/detection
# Reference: https://www.virustotal.com/gui/file/d863704583bd135ddb01295ec8df0d7e23b7d036dd29205433f976c447b31ea4/detection

energyreviews.info

# Reference: https://www.virustotal.com/gui/file/84c88c3462ce8586c3123bbf0eb330e7ede6cc334ca29eccfd593ac54a612f89/detection

hostlan.ddns.net

# Reference: https://www.virustotal.com/gui/file/701a3bea607466d8695b0529154db8ad8f612079cc387e170a379df22fd26423/detection

documentfiles.org

# Reference: https://www.virustotal.com/gui/file/862f90934b1e70fcba4d100ec6a2525e72fc9f5564ca578f8b638144995d98f4/detection

culiacanmexapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1505117542284673029
# Reference: https://www.virustotal.com/gui/file/8b78abdcbf1f920e48cd6b2f0f98f054722aeed85dad2156510c7345dc79adb1/detection
# Reference: https://www.virustotal.com/gui/file/eaf65589091d918eed715bfdcdc58693003bde48ebbb251a7bc4e55a52ba83a5/detection

webtenders.top
39eedg.webtenders.top
86eiwv.webtenders.top

# Reference: https://www.virustotal.com/gui/file/fc95c2c59d3abdff84fbf0bae9f65a24e2f3b27096134a425f58ff9bf9eca9ea/detection

md2022.3utilities.com

# Reference: https://www.virustotal.com/gui/file/45fbcd97f558df487706a5efee45fcd56a53d6d0225c4da2b3f5e07f44d6573c/detection

199.102.48.251:1433
sql8001.site4now.net

# Reference: https://twitter.com/f3d__/status/1526134628993716225
# Reference: https://www.virustotal.com/gui/file/04c5bd98c76723f2dc52ed506de1aadcd9c523655ee290954ded5064557a79b3/detection

jopkerto.tech

# Reference: https://www.virustotal.com/gui/file/013ad204ea94407ae80f99de9d790b1dc4881a228b841ff2a7edafe327971891/detection

powerdust.digital
restoreuseroffers-api.com

# Reference: https://www.virustotal.com/gui/file/49b6d7bcd5df2820a565cb74d420aa9bebca88a5ef77e5cb512996a064be33ec/detection

http://54.254.255.10

# Reference: https://www.virustotal.com/gui/file/a2bc4705df30cf44e95978b9ae8f48b5a79b2d43e42a87ad3e7bfdad23aad5fe/detection

199.102.48.248:1433
sql8003.site4now.net

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030669.html

truecolor8.xyz

# Reference: https://www.virustotal.com/gui/file/b20f82311894af0f53a50b90959503676f95ccea983a331acc4ef23a300c5383/detection
# Reference: https://www.virustotal.com/gui/file/4e0c08afd422a68d4908cd18f47694e089f916e81d53e05adfb2ddf689be5927/detection

http://170.187.237.76

# Reference: https://www.virustotal.com/gui/file/0926c663a25cbea1ce98b2ec061c31b7493ab6494f5c6c6c765576da139d5896/detection

5.206.224.233:445

# Reference: https://www.virustotal.com/gui/file/d9d32cc03cd04e5b2bd3f1158424451b253880d139c0309e13170f353d1ab51a/detection

sanggap.vn

# Reference: https://www.virustotal.com/gui/file/3a4356af5c91c4e46877dacb2b88502763dfc1af0064339fa7f2b9bdad11cf78/detection

supportcheck-dns14.ga
wilkino.ml

# Reference: https://twitter.com/malwrhunterteam/status/1536428969188261890
# Reference: https://www.virustotal.com/gui/file/20d194fe98e33e152bd6a652188bb0da42e243780e718f88999fa1d4029b0f81/detection

coalminners.shop

# Reference: https://www.virustotal.com/gui/file/2e9fe6cb074abe9e4d34ca1ce2ab1e4da5f55d70ceaa349a96df00a6e2502379/detection

liveonedgessprinkle.xyz

# Reference: https://www.virustotal.com/gui/file/ab790bf86be272ed47cd9c13f060a8bf28e4d424d7716780f9e8fb27301212bd/detection

riquepuge.xyz

# Reference: https://www.virustotal.com/gui/file/12eb1cec67cb261d33c202f79ba0fad5468aaa3fcfc76f663b1618f3a7ece58c/detection

heltayokke.temp.swtest.ru

# Reference: https://twitter.com/malwrhunterteam/status/1539331504081453057
# Reference: https://www.virustotal.com/gui/file/d5fc8f42b8ec97ce6ae6007b994c855dd2b07e98697d0c2d2990d9b080d044c1/detection

http://185.66.88.250

# Reference: https://twitter.com/StopMalvertisin/status/1567358749672902659
# Reference: https://twitter.com/ffforward/status/1567405904240181248
# Reference: https://www.virustotal.com/gui/file/c08ba7c0297cd515c5a24918f6e1ec705b72cdeea40078494d8b51de447b6b8c/detection
# Reference: https://www.virustotal.com/gui/file/c43dfda63e6e534776eb24d284d0bdf21115181b49d6e31091de795d957cb5fc/detection

azure-company.net
cloud.azure-company.net
d.azure-company.net
secure.azure-company.net
word.azure-company.net
world.azure-company.net

# Reference: https://www.virustotal.com/gui/file/dc6c402f9d2caa06d694279015602cb4731015b11ac44abeec9c093bed198b7d/detection

88.151.101.56:8889
s2mail.hu
blowjob.silentsignal.hu

# Reference: https://www.virustotal.com/gui/file/d36e6effd2db4d5a34016d492a08142994fafdc24dd65631c240efa3cc7fa56a/detection
# Reference: https://www.virustotal.com/gui/file/77af67e929da5ffb9cbec2effb7aa30d2af75d6bef2a5aff82501d86792605fa/detection
# Reference: https://www.virustotal.com/gui/file/60c152156f1f993f8aa4ab6b7266afe086f843a369f3253b87452f1b4ffbc795/detection
# Reference: https://www.virustotal.com/gui/file/187e9e08f1237fbfe27e7c60efb24aeb110e1d2747a612dff900d5729cfc1c42/detection

raysend.ddns.net
/1100914_cgmh
/1110804_promate
/1110915_tcbbank
/1100914_cgmh/
/1110804_promate/
/1110915_tcbbank/
/1100914_cgmh/att.php
/1110804_promate/att.php
/1110915_tcbbank/att.php

# Reference: https://www.virustotal.com/gui/file/29b3cf17d3b9bbfc858e027f988bd7077c67b1dc2d9fc240892e868b5097f4f2/detection

101.99.90.117:8080

# Reference: https://www.virustotal.com/gui/file/66b9071271d849ed6168a0987d3f1a626926fee7b6031b3868d8da0b344c1f95/detection

http://45.77.248.204

# Reference: https://www.virustotal.com/gui/file/eedb863078dbdbd83a0d52d86dd779f27115360e17676e539602f4e1a8c9437c/detection

http://195.133.18.63

# Reference: https://www.virustotal.com/gui/file/9c8d007d755dc44d07bf97acf187252a5a3691fc91e3810b7d1d4710dbbdf886/detection
# Reference: https://www.virustotal.com/gui/file/bccdf089864bc3a209ee2e659952905904a963945e5b52a515f88f9556145228/detection

tahtsaasdasdasdawedw234135asdsadsadsadsadasyeetwebhoost000.com
/yeet/thatsthek3253255435inglu345345435211343243232432432234er.html
/thatsthek3253255435inglu345345435211343243232432432234er.html

# Reference: https://www.virustotal.com/gui/file/eeaa829e42e608e845c8d0a048d8e57ddbf56ed9c86733dc8af47a244a7fd3ec/detection
# Reference: https://www.virustotal.com/gui/file/c9f0a470c33a36cc76ebe89ef9055dca4cebb217735ca1564f9aaa435bb6fb5c/detection
# Reference: https://www.virustotal.com/gui/file/2b6f03e06241154c2ef9f527da05250f7ae280ce8bcc54b4bfad70977cdc48ab/detection

tahtsayeetwebhoost000.com
/thatsthekinglucifer.html

# Reference: https://www.virustotal.com/gui/file/1acc2cd58dc3088174722758ae80c643badaec512af4b847b89d8fd9354af224/detection

konyahaberler.xyz
dicomm-001-site35.ctempurl.com
/anesrq/
/hxjxxwav/
/nlbzyhfs/
/pmslsda/
/tfbgl/

# Reference: https://www.virustotal.com/gui/file/17f597ac79d80d40d89530d14ef9e1128e11ea0f9521c18b2808d74c91c5ee85/detection

w67270es.beget.tech

# Reference: https://www.virustotal.com/gui/file/056b316197c959d0f8af89dcd0940b6aa3dd9679bf6776adf27d2d130303493a/detection

i92951pr.beget.tech

# Reference: https://twitter.com/h2jazi/status/1583462430780182529
# Reference: https://gist.github.com/usualsuspect/2daa864841a06f50e199930e5898611b
# Reference: https://www.virustotal.com/gui/file/e58103f462174deb92790c59d4e412f032818651b703c84c3ee38e70cc49511d/detection
# Reference: https://www.virustotal.com/gui/file/eac98b403ca300e25f9bbcca474f39ca7495c61a4c86b259e4e0df2bfabd565e/detection

http://64.44.135.5
/online_998212.php
/register_219921.php
/upload_887741.php

# Reference: https://www.virustotal.com/gui/file/673883ceb7adf30ad980e5e51b7515414becba3b5f6b96068dc4d35b092799fe/detection

apitucariamod.tk

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-November/030797.html

download.agency

# Reference: https://twitter.com/1ZRR4H/status/1590745721783087104
# Reference: https://www.joesandbox.com/analysis/1110451#iocs
# Reference: https://www.virustotal.com/gui/ip-address/162.0.232.115/relations

ad-sweden.com
easynsecureinvest.com
sunat-mail.xyz
sunat-pe.store
sunat-pe.xyz
gringox1.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/457f1b161cd8b64b34f83155815f4e521c35395d9c1192ae21df5ce8784e6982/detection
# Reference: https://www.virustotal.com/gui/file/d053fc782cf5ebd34469ac390c557eb24394cb9efdf06b542e9da9ce23b99635/detection
# Reference: https://www.virustotal.com/gui/file/132e9fd665e88ab0884befa3c3ca6bd75ec788dbe9499b99c1246ea22a4140b0/detection
# Reference: https://www.virustotal.com/gui/file/18a93ea98b124495d6bd81df64b1871d461f90f1c895b291238e233f87720707/detection
# Reference: https://www.virustotal.com/gui/file/ae6189de6a562bdfcb338fdbcce6da8529e997e8f76be6daf865f7fdf895d9c1/detection

trock2.xyz
trock3.xyz
trock4.xyz
zairtaz.com

# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.68/relations
# Reference: https://www.virustotal.com/gui/file/ceb0b6871855e86846c8a8f41d1aac362461bf6f7a35bb62edd5e362e45a85f3/detection
# Reference: https://www.virustotal.com/gui/file/39e9ca4f263b9b58cf62a8dc422184b9737448e7a281d41d6315a596b4ae3e96/detection

45.61.136.68:8443

# Reference: https://www.virustotal.com/gui/file/3730f842e22fb8208fc2b2e7ae2a50e51bd1eada82257172076cb16ddf99fc62/detection

necrobod.top

# Reference: https://twitter.com/malwrhunterteam/status/1597924083899170822
# Reference: https://twitter.com/malwrhunterteam/status/1597935776381423616
# Reference: https://www.virustotal.com/gui/file/8e195903baa4f7d5f30c20f95706a1cd669e49a73a300f270304abe996e511a6/detection

enoclima-001-site1.htempurl.com
systemspro-001-site1.etempurl.com

# Reference: https://twitter.com/malwrhunterteam/status/1620853142077456384
# Reference: https://www.virustotal.com/gui/file/bd743e9e8171a8a0feea98e293ea372cfd5b328e6bec9e534f210bd7f94fbe1c/detection

comfort-001-site1.dtempurl.com
roniltd-001-site1.ftempurl.com

# Reference: https://www.virustotal.com/gui/file/6f21b0d86f14bfc37b67da2377ba5836eff98ed12ccfc65c0a772ed9782e9122/detection

http://54.39.233.130

# Reference: https://twitter.com/k3yp0d/status/1601883693131468800
# Reference: https://www.virustotal.com/gui/file/ae532935a45eb3637d5346d5e6b3a4645863d2d27e557f90457c5fa3c7429ade/detection

http://185.97.118.249

# Reference: https://twitter.com/malwrhunterteam/status/1602395550975918113
# Reference: https://twitter.com/malwrhunterteam/status/1602420210711105536
# Reference: https://www.virustotal.com/gui/file/34f2970bbb70a0f2efa74c4614cfd002a58433b5178b98b194969871ddee050f/detection
# Reference: https://www.virustotal.com/gui/file/94c41f453c2755b682fbcdd807061f753c5cf2ba5a14aafe251e565f938a797e/detection

188.120.235.227:443
62.109.25.230:443

# Reference: https://www.virustotal.com/gui/file/413d45477384c1461ca6f84a771479ee91a12474ccfe35d051f184785c2d9362/detection

nacimbio.com.ru

# Reference: https://twitter.com/malwrhunterteam/status/1603734566660882432
# Reference: https://www.virustotal.com/gui/file/5db4afa2773dc7fe62fbad37f966a292065d39990678a2a481264c91e8674f15/detection

fernandagomes.mom
meaa2v.fernandagomes.mom
p6agz.fernandagomes.mom
w8uenr.fernandagomes.mom

# Reference: https://www.virustotal.com/gui/file/a132d8b608ed740dbc38d8f79a785935fd9d209153b187b85842c0ebbbd779b2/detection
# Reference: https://www.virustotal.com/gui/file/95920d7b8adb29f59731ceb6aa8d69799875a398fa7814983a86be66c85cc087/detection

form-results.net

# Reference: https://www.virustotal.com/gui/file/079bf93dcaacbf1bb3ce5b5318157414f3cb65fc9a72312c700311caf752880c/detection

stronghoodserver.xyz

# Reference: https://www.virustotal.com/gui/file/8a5c880b1bdc4499d827536d67c5905553a138de27e780a4ef1d5c0dafeaf311/detection

http://185.20.186.53

# Reference: https://twitter.com/VirITeXplorer/status/1605208471586086912
# Reference: https://www.virustotal.com/gui/file/0e87250ee492e4380e288ef7f8f7a66d5b764578bbbe74eaff738a81045d5e38/detection

nibpur.com

# Reference: https://twitter.com/SBousseaden/status/1605893068045144066
# Reference: https://twitter.com/SBousseaden/status/1605898074454429702
# Reference: https://isc.sans.edu/diary/29376
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.54/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.41.244.55/relations
# Reference: https://otx.alienvault.com/pulse/63a5b253fafdcb6eb69c5c7d
# Reference: https://www.virustotal.com/gui/file/029210065e177399d8e84248e30e6edea12a6f8a80ac9f42a97c308d48599294/detection

http://185.163.45.221
http://195.133.196.230
http://195.2.81.70
http://46.151.24.226
acehphonnajaya.com
dogotungtam.com
israelifrenchbulldogs.com
aerjlakerl.online
aerrkaler.online
ajerlakerl.online
aseroqpwrrtl.online
baherlakerl.online
boleriaae.online
cklicverto.space
cklicverto.website
coldcreekranch.com
daerkalero.online
daeroqioalerk.online
daeroqpwrola.online
erqowwela.online
erquipoe.online
gaherlaler.online
getherkae.online
hetriaelr.online
oferialerkal.online
qweiaoer.online
reajksrltr.online
therkaler.online
tyaerahger.online
zaeroalerk.online
bandaiosk.site
bolumbernar.site
casanistent.site
clovenant.site
coronentask.site

# Reference: https://twitter.com/fr0s7_/status/1605908087562436611
# Reference: https://asec.ahnlab.com/en/46865/
# Reference: https://otx.alienvault.com/pulse/63dd0dfabe956f4746fa7816
# Reference: https://app.any.run/tasks/43bd77b6-f553-41f3-b134-ef39e420c39a/

fastfilestore.com
filecompact.com
filetodownload.com
filedowns.net
the-fast-file.com
naver.filetodownload.com
naver.filedowns.net

# Reference: https://www.virustotal.com/gui/file/1af9b6d0955fce9f86d7874dea1f63ddd3dd7abe774430a555703457b5c04ca8/detection

8llc.net

# Reference: https://www.virustotal.com/gui/file/13834a3234d31cb5d15bafaa76fe496756abd2c742c27b317a834b8ba2fd1c31/detection

1otal.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://79.137.202.132

# Reference: https://twitter.com/sakaijjang/status/1609072061691068416
# Reference: https://wezard4u.tistory.com/6314 (Korean)

http://162.202.12.69

# Reference: https://twitter.com/StopMalvertisin/status/1612686998380367872
# Reference: https://www.virustotal.com/gui/file/d93914b0a18ba85eb17b8b9ac2fff89af58671b9291d86d85b799fd9f1c5f37f/detection

donew-order.com
wintop-rus.com

# Reference: https://twitter.com/malwrhunterteam/status/1613974272929562648

2hook2hook.tk

# Reference: https://www.virustotal.com/gui/file/8574472a406c42402e4ccc2d1130a243267421787052e2bf308184860735e4b0/detection

justatmeis.life

# Reference: https://www.virustotal.com/gui/file/ff94d073b6b56b97b73e0e4b41fd391a8a341ef55c699b1cceee2363de817bdc/detection

141.95.84.40:3000

# Reference: https://www.virustotal.com/gui/file/f80699c3fd7eaeeb520e30674bd728d2050e61735c8202bfdafab115529318c2/detection

141.95.84.40:6666

# Reference: https://www.virustotal.com/gui/file/b70e128727f97cf565488c4ec88fbf441e756708c45a9a00d4e0a03a00270a79/detection

141.95.84.40:3080

# Reference: https://www.virustotal.com/gui/file/a4b62b658e2f2bf3c2325549d400e09f17afd8b30482aef6355e93adc71ae534/detection

141.95.84.40:1111

# Reference: https://www.virustotal.com/gui/file/57a4f08b3418d83dea03950e0278dba7e3d43de03d6f34d76ad5dd66ca5dc5c5/detection

141.95.84.40:8880

# Reference: https://www.virustotal.com/gui/file/51827193b9913cf02906d5a816b7a623795d2b2e3c7573398d625365e9264bca/detection

141.95.84.40:4783

# Reference: https://www.virustotal.com/gui/file/28023f9c0eefe5e47193e2980e06f93c3e50d2e64273a54cabe47f3011702036/detection

teams.root.sx

# Reference: https://www.virustotal.com/gui/file/75177399e434689c236cb7341b30de17b7f98e301023eadcad1ebb4df93ec968/detection

5.3.139.29:12000
5.3.139.29:8020
9bit.root.sx

# Reference: https://www.virustotal.com/gui/file/0857a8d13d35ce4155c3bf20d43ca5417642dba1fa9cd62a6826156db83509f4/detection

http://172.174.176.153

# Reference: https://www.virustotal.com/gui/file/01ebbab4f468bbdec6d537ee0cfd16a99f635e71697e5d93772a6da0fa49c351/detection

lesav-m.keenetic.pro

# Reference: https://twitter.com/malwrhunterteam/status/1620544434822877184
# Reference: https://www.virustotal.com/gui/file/fa96d202d7d709fa13f5ee0810d03c85ec66b1a842938582de0286da9302194c/detection

http://3.127.208.155

# Reference: https://www.virustotal.com/gui/file/0ca5123f5eda465db9f90003f8ff8bc77afaa88034a0b64564bcd4d96718e573/detection
# Reference: https://www.virustotal.com/gui/file/dd70cde84fe271d20c2ddd38445f58004f3f07ab49960f7d7d9da6f43c9cf107/detection

20.100.173.74:6102

# Reference: https://twitter.com/JAMESWT_MHT/status/1626246267142651906
# Reference: https://app.any.run/tasks/52c2a12d-980f-42d4-b6b9-01ef797afa88/
# Reference: https://www.virustotal.com/gui/file/02c0287ef7e582ab40149de264782b6e6d8aaa853aaf773b25749fa41e056a2b/detection

lijosa.com
uqeu7tir7m4k1lz0phdr.com

# Reference: https://www.virustotal.com/gui/file/9efd9ba4ed7a9f2f5861bff81547c53d1b70e0c0ecfa1ccc9610a75a761681ce/detection
# Reference: https://www.joesandbox.com/analysis/993278#iocs

kzeaqky6axif3jukzx7jj7ylhfgtytpb3xeojsfigogriyv6bv3cimyd.onion

# Reference: https://www.virustotal.com/gui/file/e390d6e193c5d42632c920a7e57002b6f54b80ccfafd0a75c86738fa47e4a737/detection

sll.li
app.sll.li

# Reference: https://www.virustotal.com/gui/file/9a6542e7da5c82465fd053f020d82161a8995c3353b58ac9b3e085d70d9ecf8d/detection

http://62.197.136.3

# Reference: https://www.virustotal.com/gui/file/523918f3bcbecc4b5e87175a83055849780b0e52c7e846a028722b8b35461fe7/detection
# Reference: https://www.virustotal.com/gui/file/8532a585baee116f9dda34ee3cf73c3dd50ba510bcd242a48dd113f23c512280/detection

20.187.104.130:3849
20.187.104.130:3857

# Reference: https://www.virustotal.com/gui/file/91039f60586fb846a6139fd5f1d6ce353c677b3776029494783d52d13c72d4fc/detection

20.164.207.94:1020

# Reference: https://www.virustotal.com/gui/ip-address/79.124.8.24/relations
# Reference: https://www.virustotal.com/gui/file/84868d405a26268627b642c3affc62595f9b45ab31e60df6e50a98bce70e1dc6/detection
# Reference: https://www.virustotal.com/gui/file/697bc999409c87f4ef4c5310764f8a129bbf35757540fc2a696020a34e0fecd8/detection
# Reference: https://www.virustotal.com/gui/file/b87af77c70fa7eeb039a0469ec2ed2a782f193c39459d851428d68377f328d30/detection

newinsurancejob.ru
newinsurancejob1.ru
newmakingmoney2.ru
newmakingmoney3.ru
serverdard.ru
serverdard1.ru
serverdard3.ru
stubuploadbykukuru.ru
stubuploadbykukuru1.ru

# Reference: https://twitter.com/wwp96/status/1628126394487300096
# Reference: https://app.any.run/tasks/bcf7055c-4d1a-4cc6-a7c1-a3656b61627a/
# Reference: https://www.virustotal.com/gui/file/2c814c61891a1b3b9067b82b5357d13505b4ced6fd827fdde4c3116efb3f9cef/detection

http://104.156.149.6
mandalorecnote.com

# Reference: https://twitter.com/malwrhunterteam/status/1628415758156931074
# Reference: https://www.virustotal.com/gui/ip-address/193.42.33.121/detection
# Reference: https://www.virustotal.com/gui/file/19994528fd5ed4e5dde591bbd4c10ea69449596a75d7102c1335fa21a94f3998/detection

http://193.42.33.121

# Reference: https://www.virustotal.com/gui/file/2040a00e8ecb93a33ee59b9b9b2837225f9121280fc74f565de524c61b2c220c/detection

http://103.147.185.18

# Reference: https://www.virustotal.com/gui/file/08f49df7f9f25682078b77213fc10969ee007fe236dcf70263114d0986aa33e3/detection

178.175.142.195:54878
entropy.group
update.entropy.group

# Reference: https://www.virustotal.com/gui/file/0e4f63bdaadc18c2a261aa7524209978986266094539abbbe2f7f0e55c0aa064/detection

171.244.57.196:222

# Reference: https://twitter.com/malwrhunterteam/status/1630559634963480577
# Reference: https://www.virustotal.com/gui/file/644d41773f6bf13819d1e2c6f26f759538bf1e9ec07ae995cd166beb5cfcb907/detection

osjovanmikic.edu.rs

# Reference: https://twitter.com/h2jazi/status/1630983583727747085
# Reference: https://www.virustotal.com/gui/file/8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006/detection

nationalweatherserviceapp.com
sc.nationalweatherserviceapp.com

# Reference: https://twitter.com/malwrhunterteam/status/1630881334582210560
# Reference: https://www.virustotal.com/gui/file/d3bea31897d661a7f0d134e82292de2082e660f34d22f9247480738dce70976c/detection

karena.info

# Reference: https://twitter.com/doc_guard/status/1630909953639579648
# Reference: https://www.virustotal.com/gui/file/c6cf98ecfc06b5f5fe496b81d0cae90b93ce1dbf6e4c10efd03bedb8e67f005a/detection

wealthcapital.digital

# Reference: https://twitter.com/0xToxin/status/1631281875195949056
# Reference: https://tria.ge/230302-qbdbbscf6y/behavioral2
# Reference: https://www.virustotal.com/gui/file/27ecfa00b539c43909201151775ddfdfb7dc6f86556e13a41ea10efb2e8d76f3/detection

http://176.124.217.20
http://212.113.116.147

# Reference: https://www.virustotal.com/gui/file/f706e65275fa8d0bfc5254d0814dad695c0aba0acfee5d54f2f946bef074055d/detection

realizeimeusonho.co
uiuahm.realizeimeusonho.co
xgiaww.realizeimeusonho.co

# Reference: https://twitter.com/malwrhunterteam/status/1632806055133495298
# Reference: https://www.virustotal.com/gui/file/e72dc71684d57785129e128b05212467e528912106c8fe63c25baacbf0340ea5/detection

http://5.8.8.100

# Reference: https://twitter.com/wwp96/status/1635316522355945472
# Reference: https://www.virustotal.com/gui/file/f8726f2d5b6138a617a48118eafa412cc488b0142ed3031c5eda33244765182b/detection

45.80.158.65:222
macmax13.dynalias.org

# Reference: https://twitter.com/embee_research/status/1635613492232486918
# Reference: https://www.virustotal.com/gui/ip-address/47.252.45.173/relations
# Reference: https://www.virustotal.com/gui/file/80aad667f60f6283a3195a937fca2591299bbcecfd3c76ad4215a40961718b01/detection
# Reference: https://www.virustotal.com/gui/file/19efed6c9d1af91c5c11b6fb44a4fd06e9d418c8b294d78734524df7b6c7e71d/detection

gurnard.sbs
mbantilanda.top
mbenza.top
boston.gurnard.sbs
colorado.gurnard.sbs
denver.gurnard.sbs
montana.gurnard.sbs
dick2.mbenza.top
dick4.mbenza.top
dick6.mbenza.top
dick8.mbenza.top
file.goosenecks.sbs
fun.goosenecks.sbs
job.goosenecks.sbs
nensi1.mbantilanda.top
nensi3.mbantilanda.top
nensi5.mbantilanda.top
nensi7.mbantilanda.top
work.goosenecks.sbs

# Reference: https://twitter.com/malwrhunterteam/status/1636480630350331910
# Reference: https://www.virustotal.com/gui/file/c6cbe381d581107b6531067e9108febd3016c9335c1d773e1b1e0ee435525111/detection

csl-invest.com
sony.csl-invest.com

# Reference: https://twitter.com/malwrhunterteam/status/1637072764174585856
# Reference: https://www.virustotal.com/gui/file/388e1f36d35dcbe4675821f4104514f66bcefdee33752acad874e45bdf44499a/detection

meubooking.com.br/2023/reservations.php?file=

# Reference: https://www.virustotal.com/gui/file/20ca052bc52642c405973b7085edbb40b22aa28d7e781dddc43760097ea58722/detection

a0745450.xsph.ru

# Reference: https://www.virustotal.com/gui/domain/skynetx.com.br/detection
# Reference: https://www.virustotal.com/gui/file/32100b2bece73242da58c2bfd1e8e335e3616c6346c54464e9c0d3453bfd1f6a/detection

skynetx.com.br

# Reference: https://twitter.com/jaydinbas/status/1637806949931577354
# Reference: https://www.virustotal.com/gui/file/b54853a58dbd27ba8dfa978cdcd28327b66ba7359d4b14a3a3f105b63595809d/detection

http://149.28.140.122
techvibeo.com

# Reference: https://twitter.com/doc_guard/status/1637932033765769220
# Reference: https://www.virustotal.com/gui/file/58e6856571868d55dbfd636710ac2590c574589c7609402d5f7cdba17ba78653/detection

gripaco.gr

# Reference: https://twitter.com/StopMalvertisin/status/1638202950928703490
# Reference: https://www.virustotal.com/gui/file/1a0dbaef78cc34c9d60972aec1f89e20ea9cbddad07ce897a2552a719919d8db/detection

http://35.177.182.187

# Reference: https://twitter.com/jaydinbas/status/1638532960595898368
# Reference: https://www.virustotal.com/gui/file/56425e7b644e91d929186a11704b92a657f970b1e3ea32c249b0d2ab95f83fd4/detection

ntc-netpk.serveftp.com

# Reference: https://twitter.com/malwrhunterteam/status/1639320109130063872
# Reference: https://www.virustotal.com/gui/file/783d6753583a5d4a01fdd93d242e29f76324625d3b1c701a3fac161aa325bfce/detection

grconstdesign.com

# Reference: https://app.any.run/tasks/39a97065-c83c-472c-9976-78601a55ffde/

185.12.45.26:41043

# Reference: https://twitter.com/r3dbU7z/status/1639938724711616512
# Reference: https://www.virustotal.com/gui/file/4f74acef6d7c54e20e37dc1023dbf0e16af6e942ac6b401be6dc24ae4f1079ee/detection

http://103.123.242.104

# Reference: https://twitter.com/sicehice/status/1640160970994753537

185.225.74.72:8000

# Reference: https://twitter.com/sicehice/status/1640172761594335232
# Reference: https://www.virustotal.com/gui/file/7b67e609cebf71e73de96164e0aab3f119167d5857b51393c22c5f68e0eb147b/detection

http://18.218.30.74
flb.itplushost.com

# Reference: https://twitter.com/sicehice/status/1639251947332194305

http://45.33.88.161

# Reference: https://twitter.com/sicehice/status/1639090824540749824

http://45.137.207.151

# Reference: https://twitter.com/sicehice/status/1639052756093743104

35.162.248.7:8000

# Reference: https://twitter.com/sicehice/status/1640816987113762817

141.147.4.146:10000
141.147.4.146:8081

# Reference: https://www.virustotal.com/gui/file/4cd96a6edbd8b5d526a34d6c4bf4396d2d94fd30e2e4d22a7364bf6f6214dbbc/detection

sleda.eu
sleda.sleda.eu

# Reference: https://www.virustotal.com/gui/file/ec56d42e349c438158f5a7f619da9fbf301a22cca63c9332b7323d7f18ebb868/detection

helpachildinukraine.one

# Reference: https://twitter.com/jstrosch/status/1643626772632678402

naostech.org

# Reference: https://twitter.com/shaybt12/status/1644593596690038784

134.209.113.185:8000
206.189.151.223:8000

# Reference: https://twitter.com/0xToxin/status/1645076370685411333

http://45.88.67.75

# Reference: https://twitter.com/jstrosch/status/1645461105039253505

54.224.107.126:8080

# Reference: https://twitter.com/sicehice/status/1645494638285922322

http://3.129.51.198
3.129.51.198:443

# Reference: https://twitter.com/sicehice/status/1645500578758369307

23.95.222.225:8989

# Reference: https://twitter.com/suyog41/status/1646145074244321282
# Reference: https://twitter.com/suyog41/status/1646145077016666118
# Reference: https://www.virustotal.com/gui/file/e61ad1ca19a69d4c85b91d8b7b69cf08413fd78fd7df1c878a10a4c5b4497b9e/detection
# Reference: https://www.virustotal.com/gui/file/063edf9cb113941eb73b3db4a34ac0c9f82a756ded9b0dc974dc9a85b466c169/detection

http://146.190.207.64
http://167.71.11.62
146.190.207.64:8080
167.71.11.62:8080

# Reference: https://blogs.jpcert.or.jp/ja/2023/04/parallax-rat.html (Japanese)
# Reference: https://www.virustotal.com/gui/file/1973d7b2bf9877208fc751868aadd2810fbd72693f7fe090c926505714284cec/detection

http://171.22.30.220
http://179.43.154.184

# Reference: https://www.fortinet.com/blog/threat-research/malware-disguised-as-document-ukraine-energoatom-delivers-havoc-demon-backdoor
# Reference: https://otx.alienvault.com/pulse/6438008e68e96dc4eb0c9506

ukrtatnafta.org

# Reference: https://twitter.com/malwrhunterteam/status/1646609191568658458
# Reference: https://www.virustotal.com/gui/file/6fdfb56033dd92edfde1461cab42042d38ce43b8f2cb75872e7435e62ed744ca/detection

http://37.220.87.53

# Reference: https://www.virustotal.com/gui/file/26db654aae8f2a5e149ad19d76f6e6762613b211261dd47267c90f3476f3d5c4/detection

fvia.app

# Reference: https://twitter.com/malwrhunterteam/status/1648632414053310469
# Reference: https://www.virustotal.com/gui/file/3bc92870934e54ac014d8e8b4b33db27b4cbc4bd3d6a0f4ce659c36b110a138b/detection

207.246.123.37:8000
207.246.123.37:8880

# Reference: https://www.virustotal.com/gui/file/af9977c76770b364ea633569bee7e8da713028fadfee1b6dd7a96884e110bfe8/detection

hardcore-mountain-97323.pktriot.net

# Reference: https://twitter.com/malwrhunterteam/status/1649049054540886020
# Reference: https://www.virustotal.com/gui/file/b88eb7ca0239f6d67531d33459415b8d1d0fa6db72293b5b6cf722a366ae660c/detection
# Reference: https://www.virustotal.com/gui/file/e67048add2dcbb9758bd5443b546786a9153ad39e5e467743b43fb5035747f60/detection

uk-leninsky.ru

# Reference: https://twitter.com/k3yp0d/status/1649047745813164032
# Reference: https://www.virustotal.com/gui/file/67fec790c36ca34844e6a0ba9c49e1ab1f150905ff412cd9ece72608997a15d3/detection

platform-intranet.com

# Reference: https://twitter.com/sicehice/status/1649226590507638784

173.208.220.134:8080

# Reference: https://twitter.com/sicehice/status/1649228136448507911

31.220.76.24:9000

# Reference: https://twitter.com/0xperator/status/1650252120736579587

179.43.141.100:444

# Reference: https://twitter.com/sicehice/status/1650306036434100227

136.244.84.50:8022

# Reference: https://twitter.com/sicehice/status/1650287853606248448

42.2.155.80:8080

# Reference: https://twitter.com/ULTRAFRAUD/status/1650604698141859853

jiayi-luxury.com

# Reference: https://twitter.com/sicehice/status/1650692593175470080

42.194.164.247:1234
42.194.164.247:8000

# Reference: https://twitter.com/sicehice/status/1650684759314518017

http://152.228.175.85

# Reference: https://twitter.com/sicehice/status/1650682009923072001

http://185.193.125.34

# Reference: https://twitter.com/sicehice/status/1650678836399316994

198.58.102.19:9030

# Reference: https://www.virustotal.com/gui/file/9e9cdb82750b93e9e14fbb09e25cd9ee84d74b8383362cba8f66c3cfed99b9ec

bibutik.com.tr

# Reference: https://www.virustotal.com/gui/file/7f482c7d24e7191746061169e8bb9d329026638be072bf4526a2509b34ccf32c/detection

http://45.82.69.203

# Reference: https://twitter.com/MichalKoczwara/status/1650887693402882050

167.172.44.218:8090

# Reference: https://www.virustotal.com/gui/file/0a8616d62d28ed7d8ef580784dee2fc816f8d5200e339e69f925078b288a6d7b/detection

http://45.82.71.119
45.82.71.119:443

# Reference: https://www.virustotal.com/gui/file/2d9f0179595ba0a74803c5d3446a1d63c0769f2356632ee55ba2095b6fbfcd1b/detection

http://45.67.228.48

# Reference: https://twitter.com/doc_guard/status/1651554422974021632

http://149.102.255.183

# Reference: https://twitter.com/malwrhunterteam/status/1653055096295399425

http://46.175.149.13

# Reference: https://twitter.com/malwrhunterteam/status/1654021997762949120
# Reference: https://www.virustotal.com/gui/file/e6f07bf2d3a44eefe22b64ecb5513a6cad5039df5fe055afff6a5c5098750265/detection

corporacionhardsoft.com/x/file.html

# Reference: https://www.virustotal.com/gui/file/b6ba28cd7e6152eca49b060e78ae19121f9b3d4cb9c87743843a076d73f191a1/detection

http://109.206.240.64

# Reference: https://twitter.com/malwrhunterteam/status/1656221999411101696

http://185.225.69.226
/Zhongguos8/bnghjrtytyyu6666.png
/bnghjrtytyyu6666.png
/Zhongguos8/

# Reference: https://twitter.com/sicehice/status/1656865587874725893

43.226.26.60:8000

# Reference: https://twitter.com/WhichbufferArda/status/1657110430806953999

http://51.79.241.228
51.79.241.228:8008

# Reference: https://twitter.com/ULTRAFRAUD/status/1657404232809496577

http://198.13.56.131

# Reference: https://twitter.com/r3dbU7z/status/1657789649329299460
# Reference: https://www.virustotal.com/gui/ip-address/5.135.199.12/detection

npmrepos.com

# Reference: https://threatfox.abuse.ch/ioc/1087357/

http://138.197.96.208
/BVvzsHfP/Uni.bat
/BVvzsHfP/

# Reference: https://www.virustotal.com/gui/file/63ddb34c0196ad0597464fcc39667e2410bbfcd51ffb5d52e69081bb342531ca/detection

http://107.189.11.87
http://149.102.225.1
pel63.bio
/bShxYysy/

# Reference: https://twitter.com/suyog41/status/1660893657623347200
# Reference: https://www.virustotal.com/gui/file/459d3d75db323b230afc26b1f5bf2ea40591eeb7bb3d4927f87f302b71108e24/detection
# Reference: https://www.virustotal.com/gui/file/42f3651063202a8fd42021a1ffc27bd1b9709779ec10654368ea34d8f047d08b/detection

3.67.12.158:4444

# Reference: https://twitter.com/1ZRR4H/status/1662273718251401217

http://139.99.155.76

# Reference: https://www.virustotal.com/gui/file/05ed683ee4ff09df5c1d3b9a504465630c26a33621feaa546eb12c79bd6d719c/detection

http://159.65.42.223

# Reference: https://twitter.com/malwrhunterteam/status/1662035432748507136
# Reference: https://www.virustotal.com/gui/ip-address/172.93.179.29/relations
# Reference: https://www.virustotal.com/gui/file/1e12506f7967910d6edad3eb0488edbcdc2566067ad6c2697c5d36b2becb62f3/detection

jaic-vc.co.in
crypto.jaic-vc.co.in

# Reference: https://twitter.com/d1savow3d/status/1658184832118059008

http://143.198.179.233
http://157.230.81.104

# Reference: https://twitter.com/d1savow3d/status/1656389039543517186

http://143.198.167.100
http://147.182.215.193
http://198.211.103.229

# Reference: https://twitter.com/d1savow3d/status/1656022810496573455

http://137.184.136.226
http://204.48.20.36

# Reference: https://twitter.com/d1savow3d/status/1598741744304017409

http://45.32.88.76

# Reference: https://twitter.com/d1savow3d/status/1583537021334659072

http://146.190.213.228

# Reference: https://twitter.com/d1savow3d/status/1582840515061436416

http://142.93.113.157

# Reference: https://twitter.com/d1savow3d/status/1582425215602110464

http://165.22.5.227

# Reference: https://twitter.com/d1savow3d/status/1582500814832050176

http://137.184.152.116

# Reference: https://twitter.com/d1savow3d/status/1582102016087953408

http://165.22.180.224

# Reference: https://twitter.com/d1savow3d/status/1579929145689395201

http://137.184.77.141

# Reference: https://twitter.com/d1savow3d/status/1578479921030389766

http://67.205.172.95

# Reference: https://twitter.com/0xToxin/status/1661766093566771201
# Reference: https://gist.github.com/kirk-sayre-work/2fff45b0e07b37a59dcf4cff423440be

http://159.203.143.66
vincentnicotra.com

# Reference: https://twitter.com/malwrhunterteam/status/1669663265171947525
# Reference: https://www.virustotal.com/gui/file/2627c86fd8f42d1d6fee45550e3fc9c6e0d4cd02a2d16d599d333b4cc25b3e3b/detection

rsvydaaqhgw.workers.dev
twilight-silence-6b2f.rsvydaaqhgw.workers.dev

# Reference: https://www.virustotal.com/gui/file/c149b95c4ff79668ca124cb218bf2f2b5fc8bf90372848370450ca94644d876d/detection

http://103.131.56.71

# Reference: https://www.virustotal.com/gui/file/c148a834aae7a530a727075b67a54ecb477224b2caffa6416ae622c2485be063/detection

103.149.46.177:22
htaturnerforlifeboyyy.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1679891135068614671
# Reference: https://www.virustotal.com/gui/file/dfdb1fb94f77d5c84b1f5095dcb23999f5b105ac9c83bff13a02159b8ba77151/detection

185.209.31.133:8889

# Reference: https://www.virustotal.com/gui/file/05d926f3a1c691ee095a7b8fab6487ae1c7d6266a81d8c2ff9b441883055fa20/detection

http://194.147.84.197

# Reference: https://www.virustotal.com/gui/file/24da2c24a97e13c3fd164b441d6a7116bffb56b691b9165ae53583db5bd70c6e/detection

http://217.195.203.216
cpufan.club
d.cpufan.club

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html

http://172.245.244.118
balkancelikdovme.com
bridgefieldapartmentsapp.ie
cargopattern.shop
chemaxes.com
designwebexpress.com
dhqid3b4b9u6ecv6jcxva0f.webdav.drivehq.com
dhqid45r064utd5gygt2jy6.webdav.drivehq.com
dhqid5neul4wc9w74pynlrs.webdav.drivehq.com
dhqid9pjapv63d8xvji8g4s.webdav.drivehq.com
dhqidctjo3ugevk9u5sev1r.webdav.drivehq.com
dhqidee98lja03f52atdmii.webdav.drivehq.com
dhqidfvyxawy0du9akl2ium.webdav.drivehq.com
dhqidgnmst61lc8gboy0qu4.webdav.drivehq.com
dhqidhhva53s2qvmxwxtkrm.webdav.drivehq.com
dhqidhx2c2f2oc8lccg38tx.webdav.drivehq.com
dhqidk9oi3yuhf43sb05xgn.webdav.drivehq.com
dhqidlnsxx2qigisdvn7x2f.webdav.drivehq.com
dhqidlu10mna2tuk2qfoaew.webdav.drivehq.com
dhqido7gy8hiehwprjhli16.webdav.drivehq.com
dhqidoakoljbb9jnbssiau2.webdav.drivehq.com
dhqidqot3k8sh7ve2ns9nry.webdav.drivehq.com
dhqidvdosqx8tu0vq1h1d1g.webdav.drivehq.com
dhqidvjn6bfvi00cb0834a3.webdav.drivehq.com
dhqidvooruijtwg0lyucl5s.webdav.drivehq.com
dhqidwhws4rkw80f312lkpm.webdav.drivehq.com
efghij.za.com
fashionstylist.za.com
internetshortcuts.link
landtours.rs
lfomessi.za.com
pdf-readonline.website
reasypay.sa.com
seductivewomen.co.uk

# Reference: https://www.virustotal.com/gui/file/685d08cf7ea497dfc2d06d7ef5e1adecb2e8716c318426941fe7af6af34e9030/detection

ntihk.net

# Reference: https://www.virustotal.com/gui/file/2750db58bd94b97aa33fb563461c528c54eb3f08f3315b0648291842576e6857/detection

http://192.3.243.146

# Reference: https://www.virustotal.com/gui/file/05f3c3043ce59ea4711d0a090e69382370be2a8ad4f2526260c57eafe305e1fc/detection

http://192.3.243.148

# Reference: https://www.virustotal.com/gui/file/7836e87fff64da8f169c2253b9fa7bbc0ce8b52b3fb398a56ee1df7dea262818/detection
# Reference: https://www.virustotal.com/gui/file/2311d9faffb1402345d8998e421e39807ae349677a61008e0452c232951eeca0/detection

http://192.3.243.150
serverftp.online

# Reference: https://www.virustotal.com/gui/file/2a80e7804960d16a1b89bd8e46ba60cc697a396926edba4d3ca0ea0653b90fdd/detection

http://192.3.243.151

# Reference: https://www.virustotal.com/gui/file/8c4bc6ed9991809c5bd70ebd6b31ac467b7a994e023f4442a1330f97d8b7181b/detection

http://192.3.243.152
http://31.42.186.198

# Reference: https://www.virustotal.com/gui/file/17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f/detection

http://107.175.202.15

# Reference: https://twitter.com/sicehice/status/1675999361585786880

20.94.82.221:8000

# Reference: https://twitter.com/sicehice/status/1675282674108317696

45.77.124.153:8081

# Reference: https://twitter.com/sicehice/status/1668834356444446722

http://174.49.101.134

# Reference: https://twitter.com/sicehice/status/1658975084973903873

http://3.112.222.230

# Reference: https://twitter.com/sicehice/status/1658227388117839874

http://95.179.206.132

# Reference: https://twitter.com/sicehice/status/1658223115564982273

http://144.126.159.195

# Reference: https://www.virustotal.com/gui/file/487f11c0edc0c2e9450bc3c9b55394d697465c02a2c27baeddd9809f7e1775b4/detection

facturacionmx.click

# Reference: https://www.virustotal.com/gui/file/152c6aa91bc274a0662811c5671f952e44f4f0c72378f667d91a9b4c93a5e4c8/detection

http://91.212.166.12

# Reference: https://twitter.com/c_APT_ure/status/1687562895914041344
# Reference: https://www.virustotal.com/gui/file/1bf287baf71f2a0872005e73399685df6b3a2b27cb2f27511deb4bdf566fbe67/detection

hiqsolution.com/line.exe
thanhancompany.com/ta/line.hta

# Reference: https://www.virustotal.com/gui/file/5cfffe09ec2b4ba2dc5dd6367ad383f95906be1982b0fe3aee1f4d9263b17485/detection

namesilo.my.id

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/08/agenttesla_07-08-2023.json

http://80.76.51.248

# Reference: https://twitter.com/StopMalvertisin/status/1689649264421691392
# Reference: https://threatfox.abuse.ch/ioc/1149430/
# Reference: https://www.virustotal.com/gui/file/00a7657105d9f67c04078a68eff41d222930564b4e48ce5afd18c5540ea54646/detection
# Reference: https://www.virustotal.com/gui/file/027dd65b1a4a9f4df605cc18d9e5a9fdbbfea4decb81d012a97ee4734cbc67b8/detection

http://38.165.12.236
38.55.185.75:6000
juechen.ddo.jp

# Reference: https://www.virustotal.com/gui/file/2566790bc205591858b7158178dc89f117629b9f3fe382dd1d678a0f2e598c1c/detection

http://23.94.239.89

# Reference: https://twitter.com/sicehice/status/1689849369464279040

68.233.113.39:8000
68.233.113.39:8001

# Reference: https://www.virustotal.com/gui/file/3bdcf101c47a72ac3adee9c56bf0165db266cf23d7699219e64a6a8f22c21451/detection

vuagame.store

# Reference: https://www.virustotal.com/gui/file/75c73628f84e13167d9dda78c47e8a7b49545dd278ec9a721d4b08e2a0253fdb/detection

clear.merseine.com

# Reference: https://www.virustotal.com/gui/file/0031733395abd0d1501148b1ff45fd2c831869a6150aee65ba70f01f08029459/detection

http://195.123.226.82

# Reference: https://twitter.com/fr0s7_/status/1691781672511909893
# Reference: https://www.virustotal.com/gui/file/db16d611b7536210a3198e49da828a2092147bf7dee70a66b52e39cd87322389/detection

microsoftdnsserver.xyz

# Reference: https://www.virustotal.com/gui/file/e8114ee5b7d3ccaa7bd6dfaeeea775c3628ea88b96cd496136f7f11bcc4a400e/detection

abkedjypdnbntud.website
fhuapy.abkedjypdnbntud.website

# Reference: https://twitter.com/doc_guard/status/1692569242153955688
# Reference: https://www.virustotal.com/gui/file/476fc61aa532b9bf4cd2742d187c88c09ab72b46b456a732c358df004c8e0e68/detection

18.231.172.130:14666

# Reference: https://twitter.com/1ZRR4H/status/1692651633854079229
# Reference: https://www.virustotal.com/gui/file/d3a293b206d36b03a3cdd24daf32559717577b2bb1daee36182083ba52f5650b/detection

sdocsus.top

# Reference: https://twitter.com/r3dbU7z/status/1692907294478987559
# Reference: https://www.virustotal.com/gui/file/18ae27a2832341b12e039b37a48cd1d59d1b2529b02c7713e292bf88942ca93a/detection

http://185.106.93.147

# Reference: https://twitter.com/Gi7w0rm/status/1693432581583184029
# Reference: https://tria.ge/230821-bb4qysaa78/behavioral2
# Reference: https://tria.ge/230821-bcdwxsaa79/behavioral1
# Reference: https://www.virustotal.com/gui/file/b1c0cde97930bbfd18ca72f10db85ab335e87a72b685f59ded5f34f3476397ce/detection

45.159.249.119:443

# Reference: https://twitter.com/Gi7w0rm/status/1693604866185117912

139.99.32.95:8000

# Reference: https://blogs.jpcert.or.jp/ja/2023/08/maldocinpdf.html
# Reference: https://otx.alienvault.com/pulse/64ee05533831ae24210ee53d
# Reference: https://www.virustotal.com/gui/ip-address/179.60.147.105/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.60.147.117/relations
# Reference: https://www.virustotal.com/gui/file/ef59d7038cfd565fd65bae12588810d5361df938244ebad33b71882dcf683058/detection
# Reference: https://www.virustotal.com/gui/file/098796e1b82c199ad226bff056b6310262b132f6d06930d3c254c57bdf548187/detection
# Reference: https://www.virustotal.com/gui/file/5b677d297fb862c2d223973697479ee53a91d03073b14556f421b3d74f136b9d/detection

cloudmetricsapp.com
web365metrics.com

# Reference: https://twitter.com/doc_guard/status/1693950989064093968
# Reference: https://app.docguard.io/16c72e6b9b5c0dbe5bc34b97aad5159e642bce43071ce7c81472ff3f8346be40/results/dashboard
# Reference: https://www.virustotal.com/gui/file/16c72e6b9b5c0dbe5bc34b97aad5159e642bce43071ce7c81472ff3f8346be40/detection

paynet.group
support-microsoft.paynet.group
vendor-compliance.paynet.group
work-from-home-survey.paynet.group

# Reference: https://twitter.com/milannshrestga/status/1694571988227117442
# Reference: https://tria.ge/230824-ge513sbh5y/behavioral1

businessai.cfd
businessai.click

# Reference: https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/
# Reference: https://otx.alienvault.com/pulse/64c80a42487c59686ed640a3
# Reference: https://www.virustotal.com/gui/file/293fe23849cffb460e8d28691c640a5292fd4649b0f94a019b45cc586be83fd9/detection

http://216.41.162.172
http://216.51.171.17

# Reference: https://www.virustotal.com/gui/file/e3602d0eb7149004ae6cf4befec8c6d61ac391189122744fff4a1de2cdad4aa3/detection

http://85.208.139.229

# Reference: https://www.virustotal.com/gui/file/37df15fbc780ef089ffffb6be8a98dfd8f3cb189b1e2a21d3bb223b81332d49e/detection
# Reference: https://www.virustotal.com/gui/file/9b67faeed1ff38ac5a56953393a435fcab6361d63c7d8a506f79b9bf73fb8b39/detection

136.144.41.183:7003
dswa.1337.cx
kjjjk.3dxtras.com

# Reference: https://www.virustotal.com/gui/file/003ee41e4d27f0bf81525803dd60574b1f549bb1c3bf0cf5e0562509db9615aa/detection

contador5xm.hopto.org

# Reference: https://twitter.com/ThreatBookLabs/status/1695424354341814283

speeed.zapto.org

# Reference: https://www.virustotal.com/gui/file/c6259991c47586a6faa18f9c6a27da350f21d71f5f302e7225ee1b20592f2c26/detection
# Reference: https://www.virustotal.com/gui/file/5b59f275972284a4055169924527cb8819644a070a7332d9063c03ce9184863d/detection

thisinhthanhlichh.io.vn

# Reference: https://www.virustotal.com/gui/file/59f96d0f56ac5457e684aae0fd3479969e68878f3ad222661e484931a65877ed/detection

http://153.127.35.128

# Reference: https://www.virustotal.com/gui/file/2d5751825043ca6cd2d3faf768a23dba6496e3cf304a6dde3fe380c17911377b/detection

aselectricalpvt.com/wp-content/themes/porto/css/Porto-Font/sserv.jpg
belfort24.com/wp-content/themes/Newspaper/images/demo/sserv.jpg

# Reference: https://twitter.com/fr0s7_/status/1696633267552751992
# Reference: https://www.virustotal.com/gui/file/443f05d26f6c05ad62a45b0fc5fe620e006702cff3b28606fcfc08fffd762a40/detection

185.244.51.134:6600
instructsia.zip

# Reference: https://twitter.com/Dkavalanche/status/1697244028331581684

empersamx01.lifehealthcares.com
refsat100236.lifehealthcares.com

# Reference: https://twitter.com/souiten/status/1697552282613948615
# Reference: https://www.virustotal.com/gui/file/5e914133503e60491b445e5a06f3fa8144463340a3c9dc6d875bbfdcd6ff7f55/detection

http://54.71.250.16

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/commit/e9038b523a2787127643bec36e30377c44d92927

/work/Elpuxpkilck
/Elpuxpkilck

# Reference: https://twitter.com/0x6rss/status/1699023755668828231
# Reference: https://twitter.com/noexceptcpp/status/1699116561120817630

change-infos.com
fr-address.com
post-infos.com
mailgo24.sbs
newall-getrenew.digital
pr24note.info
wholeadress-renew.digital

# Reference: https://twitter.com/malwrhunterteam/status/1699115395989271035
# Reference: https://www.virustotal.com/gui/file/02190852aa191c4ff6d22136cabf24d3b396c6a776187fcde523d38b9a33e13b/detection

52.147.196.140:9000

# Reference: https://twitter.com/malwrhunterteam/status/1699125348510699957
# Reference: https://www.virustotal.com/gui/file/8cdfa4962c2acf5912d41f3f748b066966d273b4c898e1e3a5b78fba3eb20a84/detection

ckvjn0w2vtc0000jnq7ggj73ktyyyyyyb.oast.fun

# Reference: https://twitter.com/malwrhunterteam/status/1699310236534727142
# Reference: https://www.virustotal.com/gui/ip-address/144.91.112.240/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.192.96.184/relations
# Reference: https://www.virustotal.com/gui/file/b08c9c6416ab236fa3ca56b53994cea8fdb8a4123601b75f368e6ed2b67a705a/detection
# Reference: https://www.virustotal.com/gui/file/c4a78c5bab3902724a58731290ed549ae675793084f2f06bcf18fa10e8d38590/detection
# Reference: https://www.virustotal.com/gui/file/e3a8160483749aeab36cc52e221a65cde7aa1e1c58e7085226b962b8a736f3c9/detection
# Reference: https://www.virustotal.com/gui/file/ee6fc963e2c18daede818638bcfdf5f4f09b1ddee17d156f4e9785f1562865a7/detection

avkeyfinder.shop
avkeyfinder.store
downloadalpha.store
invoicedownload.info
payorderreceipt.info
revmail.one
scandocument.online
tautvydastijunaitis.com
zzlsteel.cc
/invoicep/scandavn2281728191
/scandavn2281728191

# Reference: https://www.virustotal.com/gui/file/41a652807b0e7c4b8c726fe70850c57b0897da1c96a105dcdb48a76566f434b9/detection

clk-info.ru

# Reference: https://www.virustotal.com/gui/file/0190e867668e9be091e3d52261b62ef9b65059565ec17168813f82e7693af2fd/detection

prkl-ads.ru

# Reference: https://www.virustotal.com/gui/file/108989044c7cd9e9740131a0644d3dc639ea0503cd5cd24c4cea6f724cc1e2e0/detection

prkl-ads.site

# Reference: https://www.virustotal.com/gui/file/963915492c0b0cfff08133e7ff349ac12f87bac5cb0b2e409c41ac957b531fdd/detection
# Reference: https://www.virustotal.com/gui/file/a4503f116394ceace2824dc1ee93819f3361b310c2576e03bdb2b8250fc377f9/detection

mookmook.online
zoolzool.online
trust-flare.ru

# Reference: https://twitter.com/1ZRR4H/status/1699930507276882240

2478dotfarm.site
mega378-fon.site
super-mega378.site
super56fall.online
top789market.online
top789market.site
trill-gone123.site
true-storm89.online

# Reference: https://twitter.com/doc_guard/status/1700182765717618802
# Reference: https://www.virustotal.com/gui/file/8f6ef41f653c7f01a5105f48277e683727470996d9f53dd245c8aa3a102bb6a3/detection

cn3.site

# Reference: https://www.virustotal.com/gui/file/01280c214895175d13b04a2c0437bf73c859a6a48199b91618d1a0adb886b6c5/detection

185.154.14.5:30000

# Reference: https://urlhaus.abuse.ch/browse/tag/exe/

185.209.230.21:8080
192.236.199.167:4256

# Reference: https://twitter.com/malwrhunterteam/status/1700105820644462736
# Reference: https://www.virustotal.com/gui/file/e11f0b388f00b177ee036de39d352b503408d9b313307848f1cdd4d9b11c6733/detection

http://104.168.204.165

# Reference: https://www.virustotal.com/gui/file/1788f34dfd88047906a12007c9f7870d23656ba85c186bba00821879c4276b2a/detection

cristinaamaro.com
lintingdaun.com

# Reference: https://www.virustotal.com/gui/file/037ea773b9fb5ebd2db940df9141f566bc4651d9d718440ee52b716cf479af17/detection

invertirenmercados.com

# Reference: https://twitter.com/Jane_0sint/status/1701545803741905182
# Reference: https://www.virustotal.com/gui/file/2941a93ff5c576dd0c1a26065eb7f373c6a8a1899aea54c325afee59b22187be/detection

106.14.149.15:88
47.100.240.250:6900

# Reference: https://www.virustotal.com/gui/file/04dc1b7849b83258ee101df7f1ee50900d18c2a598a59e08bcedbaa5629cd763/detection

http://45.144.136.14
/1337/loader

# Reference: https://x.com/malwrhunterteam/status/1701669714244542758
# Reference: https://x.com/malwrhunterteam/status/1861347137553912201
# Reference: https://x.com/AzakaSekai_/status/1846482785009348692
# Reference: https://www.virustotal.com/gui/file/b9bebbc0c45cbc87124ba497cb7b7f15fbac6e39535869ae006a950ac04ea285/detection
# Reference: https://www.virustotal.com/gui/file/999f521ac605427945035a6d0cd0a0847f4a79413a4a7b738309795fd21d3432/detection
# Reference: https://www.virustotal.com/gui/file/5ff89db10969cba73d1f539b12dad42c60314e580ce43d7b57b46a1f915a6a2b/detection
# Reference: https://www.virustotal.com/gui/file/1d82927ab19db7e9f418fe6b83cf61187d19830b9a7f58072eedfd9bdf628dab/detection
# Reference: https://www.virustotal.com/gui/file/18e75bababa1176ca1b25f727c0362e4bb31ffc19c17e2cabb6519e6ef9d2fe5/detection
# Reference: https://www.virustotal.com/gui/file/131113c21e5fa23ab493f559ebac248302ef658da5cf62abbcea0a1e391ba8d2/detection
# Reference: https://www.virustotal.com/gui/file/fe463c973906697ea6144ab27fcf30a6bb4296ac7876d3d69b466679767da009/detection
# Reference: https://www.virustotal.com/gui/file/e1b0ff357aa5d71570e9ef356e01a1aa394bf0e9c391c1925a5c4a584b4f53e1/detection

http://157.173.104.153
http://154.90.62.248
issue.homes
panakeos.icu
/wHk4tMu9XpWA/

# Reference: https://www.virustotal.com/gui/file/08ccb639d18f192ab8120a9c5e2b9eb1499ab6e948aa25d8f108ed49228366ce/detection

http://193.42.33.63

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-15%20AsyncRAT%20IOCs

49dprq8p.r.eu-west-1.awstrack.me
tax-form-docoments.blogspot.com
labradorinblack.com/.do/
labradorinblack.com/.f/

# Reference: https://threatfox.abuse.ch/browse/tag/UNAM/

http://129.151.135.50
http://145.131.31.175
http://15.188.54.35
http://155.248.230.159
http://172.104.103.158
http://178.124.176.209
http://185.225.75.76
http://34.125.225.70
http://45.143.147.184
http://5.181.80.113
http://51.38.81.65
http://78.85.121.201
https://193.105.135.135
https://45.67.230.182
https://47.87.145.154
https://87.254.9.5
https://95.214.24.45
14.225.8.224:8080
212.64.217.73:4000
5.135.50.76:8080
64.225.66.198:18080

# Reference: https://twitter.com/0x6rss/status/1703520178691084410
# Reference: https://www.virustotal.com/gui/file/1c0e4f0434fd44820a9ae3521c2e2d42008b081835300fefb52830b6542950d2/detection

159.69.11.30:7000
159.69.11.30:8080

# Reference: https://twitter.com/r3dbU7z/status/1703747280208298334

primeworldwide.org/PostOnce/

# Reference: https://www.virustotal.com/gui/file/64411e51808db35eb23325b25eb8559a0b9b035c21984276b62dc99e9ea726c2/detection
# Reference: https://www.virustotal.com/gui/file/96577c22329073d0846f6911b0e72d9bf414b8cdce96a93231a15878fe67b117/detection
# Reference: https://www.virustotal.com/gui/file/12783152a098c1af9f23f0c802f5a4f94c67402224c3003dbe26367695ffd1f1/detection

http://173.44.141.131

# Reference: https://twitter.com/malwrhunterteam/status/1704142716941066346
# Reference: https://www.virustotal.com/gui/file/0fb7f966b968c944157309a1a742a5574b481686dc8b9b3e6655dc71bef84fa3/detection
# Reference: https://www.virustotal.com/gui/file/6ce6307f7b5d6c5760c85f36465fffb2b56c66518dfbf2ab37b2a2cf8b3725f2/detection

akteam.team
5bU6zqih3rLtAT.sce1.user.computer.computer.b.akteam.team
5bu6zqih3rltat.sce1.azure.azure-pc.azure-pc.b.akteam.team
5bu6zqih3rltat.sce1.george.desktop-b0t93d6.desktop-b0t93d6.b.akteam.team

# Reference: https://twitter.com/malwrhunterteam/status/1704231060865778097
# Reference: https://www.virustotal.com/gui/file/97240a5b528433677bee9cc89e4f9fd7896bd77a30b0903b20bd6c9e3b23f694/detection

http://45.154.98.209

# Reference: https://www.virustotal.com/gui/file/b406ace674e14a74ec32869f7a143d53e812ff5713eec7513871dc2ed51cf65e/detection

cornbascet.site
wjriehl.com

# Reference: https://twitter.com/malwrhunterteam/status/1704483766461173984
# Reference: https://www.virustotal.com/gui/file/3af0a90d9a3cd77aa0353ec59bd8129fb799ee72daa6e61555c6228219385d43/detection
# Reference: https://www.virustotal.com/gui/file/64e733d51b0e03957003f0b5e424efd1068f331226880e0c212de2c29b2a38d6/detection
# Reference: https://www.virustotal.com/gui/file/1169c5ba2feae0192d2d8d45ce2fc3456bca1d6633d46b0f219bd62fddcca922/detection

http://89.23.100.222

# Reference: https://twitter.com/0xToxin/status/1698972467555889532
# Reference: https://twitter.com/JAMESWT_MHT/status/1699053975490949208
# Reference: https://twitter.com/JAMESWT_MHT/status/1705109356956574079
# Reference: https://twitter.com/JAMESWT_MHT/status/1705205457483350444
# Reference: https://www.virustotal.com/gui/file/717c6d49e4df554a386191492a5b0096dc3d07000de5ed58d2862872ef3b83cc/detection
# Reference: https://www.virustotal.com/gui/file/4babca7c722f8a15f744e27075ddeb2d541940211bf945031e6cced27f60f4bd/detection
# Reference: https://www.virustotal.com/gui/file/5ca151c69317137a321c909fd075091f575b71f170413aa474228ba5a60fe6cd/detection
# Reference: https://www.virustotal.com/gui/file/8684d345cdc78cc9460541d0924440087e6d47814b1485e0736fcc68077bce12/detection

247info.click
hide04.xyz
reshuld247.click
instance-m73xwc-relay.screenconnect.com
instance-sjnih6-relay.screenconnect.com
instance-v6ojw1-relay.screenconnect.com

# Reference: https://twitter.com/malwrhunterteam/status/1704961734149046441
# Reference: https://www.virustotal.com/gui/file/6dfb5bfb256efe7f2952f8c21f08e6a2bbbba7022e6317b80acc12b6841b1264/detection

kads.kr/plugin/sns/facebook/src/update/

# Reference: https://www.virustotal.com/gui/file/fa406c532ea3d7cae05411df0ed5a541630a07f26a247a22d907f424397c72ce/detection

sahmanapah.sns.am

# Reference: https://twitter.com/ULTRAFRAUD/status/1705209115000070206
# Reference: https://www.virustotal.com/gui/file/60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d/detection

46.151.24.25:8000
46.151.24.25:8080

# Reference: https://twitter.com/r3dbU7z/status/1704468416491409784

http://198.74.110.88

# Reference: https://www.fortinet.com/blog/threat-research/new-midgedropper-variant
# Reference: https://otx.alienvault.com/pulse/650815eae6309eba75a1d6a2
# Reference: https://www.virustotal.com/gui/file/4345a92dfbb18d66609ab445df9d4cdd8dfb972d1872c5817c3556371a05301c/detection

http://185.225.68.37

# Reference: https://www.virustotal.com/gui/file/5fe0500266860557912ff1d77ed5e386f4c849bf21891e46dedabad62d78d328/detection

http://2.56.57.147

# Reference: https://www.virustotal.com/gui/file/3b4113baf10a48f03cf288abc2953e183d3990fcaa11e416fedc6815823a139b/detection

hitech.instanthq.com

# Reference: https://www.virustotal.com/gui/file/24826c443e96f3f424198cf9b00bb5649595113307632d69b92e3d8070e6d525/detection

170.178.190.213:25075
maggie-greene.instanthq.com
vmjudf58h.maggie-greene.instanthq.com

# Reference: https://twitter.com/R3dHash/status/1705381311861661828

http://5.252.22.56

# Reference: https://www.virustotal.com/gui/file/22b0640066bf4746059b7e6057520776160a4c0fbb3dbdd5ac39f8ca9b1b860b/detection
# Reference: https://www.virustotal.com/gui/file/372198d2d295710f68d8894514d8c2b9e66655b7ede190a5dd02423bc7d0ab0f/detection

213.152.160.142:5401
23.227.206.142:5401

# Reference: https://www.virustotal.com/gui/file/0e7ac22489f0f0bbaf026cb56b0012ebdf18eb0b176d3655d5a245507e4313aa/detection

http://185.228.72.8

# Reference: https://www.virustotal.com/gui/file/0d3d678e767b06171022cdb1d9997257078f75de7070b7e9fa620eea7629647d/detection

http://79.110.49.55

# Reference: https://www.virustotal.com/gui/file/ce9afd85592a8a55ee6d020b3582644e0e1249571a0443757cc31d7214597a78/detection

http://45.88.66.43
/meemmmeemmee.txt

# Reference: https://twitter.com/0x6rss/status/1706641285329703155
# Reference: https://www.virustotal.com/gui/file/100f8ee11d41f374890b20af724154977405b23983a66b18f9728daf3211c3ae/detection
# Reference: https://www.virustotal.com/gui/file/7829789bb0290ad34295531e1fb55c2bcedf839062fddd1ddaf98852ad5a5419/detection

http://103.38.236.46
103.38.236.46:443
recipemedical.com
cynical-drink.aeza.network

# Reference: https://twitter.com/James_inthe_box/status/1706655766709768273

66.94.97.98:8080

# Reference: https://www.virustotal.com/gui/file/6925b7c34ad3c1bf662370fa0b5e6fdad8e37f28736c27bef74c5835971d2ea7/detection

aflomusic.com
credit-volta.com

# Reference: https://twitter.com/malwrhunterteam/status/1706690313975136529

http://116.203.121.140

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-27%20SocGholish_Lumma%20IOCs

xxxmir.info

# Reference: https://twitter.com/r3dbU7z/status/1707677528100368591

http://45.150.67.7

# Reference: https://tria.ge/210926-r8qtcsfac3/behavioral2

shellloader.top

# Reference: https://twitter.com/malwrhunterteam/status/1707679371270721618

one-clickr.icu

# Reference: https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala

http://4.216.137.19
http://52.253.105.171

# Reference: https://twitter.com/doc_guard/status/1709557264250495203
# Reference: https://www.virustotal.com/gui/file/3e090a3f20ab44f4efec21a7896198035f9076a9badc8764e4a0bd2fe68c45f5/detection

http://172.86.76.208

# Reference: https://twitter.com/1ZRR4H/status/1709989527303979476
# Reference: https://www.virustotal.com/gui/file/0f84c0223414a84ccaae529c25147153a7c12b6427bb9e00d2f2219118657baf/detection

egov-cambodia.com
files.egov-cambodia.com

# Reference: https://twitter.com/Merlax_/status/1710072519795896676
# Reference: https://pastebin.com/ZuX2jtsV

http://104.131.7.178
http://104.131.7.183
http://104.131.7.184
http://104.131.7.92
http://104.248.20.148
http://104.248.6.108
http://137.184.146.225
http://137.184.156.181
http://137.184.156.55
http://137.184.30.149
http://137.184.72.202
http://137.184.74.92
http://138.197.102.160
http://138.197.102.98
http://138.197.108.60
http://138.197.110.113
http://138.197.110.87
http://138.197.28.194
http://138.197.28.197
http://138.197.72.36
http://142.93.233.33
http://146.185.219.57
http://147.182.178.123
http://159.223.15.20
http://159.223.15.35
http://161.35.83.173
http://161.35.93.230
http://164.90.194.79
http://164.90.195.222
http://164.90.197.37
http://164.90.197.7
http://164.90.203.10
http://165.22.214.82
http://167.172.18.102
http://167.71.82.135
http://167.99.78.77
http://178.128.85.57
http://178.62.206.18
http://178.62.209.228
http://178.62.213.189
http://178.62.213.222
http://178.62.213.232
http://180.149.37.12
http://180.149.37.15
http://180.149.37.6
http://180.149.37.62
http://180.149.37.66
http://180.149.37.67
http://185.244.210.144
http://209.97.146.124
http://209.97.146.198
http://209.97.146.210
http://209.97.146.226
http://209.97.146.248
http://45.135.229.117
http://45.80.209.26
http://5.181.27.14
http://5.181.27.211
http://5.181.27.215
http://5.181.27.226
http://5.181.27.23
http://5.181.27.233
http://5.181.27.31
http://5.181.77.145
http://5.181.77.155
http://5.181.77.168
http://5.181.77.197
http://5.181.77.199
http://5.181.77.211
http://5.181.77.213
http://5.181.77.214
http://5.181.77.218
http://5.181.77.226
http://5.181.77.227
http://5.181.77.234
http://5.181.77.242
http://5.181.77.245
http://5.181.77.246
http://5.181.77.77
http://5.188.168.245
http://5.188.228.121
http://5.188.34.92
http://5.8.33.49
http://5.8.33.90
http://5.8.41.242
http://5.8.95.118
http://51.15.8.116
http://51.15.8.34
http://64.225.4.86
http://67.222.10.1
http://89.44.194.141
http://91.236.169.229
http://92.223.30.44
http://92.38.135.141
http://92.38.149.30
http://95.85.72.245
best-national-movers.com
crs.10fw.net
demarcusjtong.icu
dmvcashoffer.org
goldraw188.com
harshsrivastava.online
hktoyexpo.com
kebaikanminyakbidara.com
lifeming.com
min20-finance.com
min20oonline.com
pecahteros.shop
protectiveworlswide.com
pyzikypin.justdied.com
ridesharerevenue.com
southernwealthadvisors.com
sugahicus.com
sugahicuw.com
thehandmadebusinesses.com
thelushdollar.com
thewaystowealthy.com
tigrinhoapp.online
vacantlandreport.com
viablelandreport.com
vividfr.com
weightlossdietcapsule.com

# Reference: https://twitter.com/SecureSh3ll/status/1710788954239193376
# Reference: https://www.virustotal.com/gui/file/fd03ea32f520aa57ee6b4e29eedf1c897857f9368933c2bb3367d2016dc27454/detection
# Reference: https://www.virustotal.com/gui/file/557e3ef6693e6ba4d93908f4fbd5eadee59ffce431f74c57b38718df75efc670/detection

http://154.82.85.42
154.82.85.42:1572
154.82.85.42:8080
fack58.com

# Reference: https://twitter.com/1ZRR4H/status/1711686844490936568 (# CVE-2023-3519, Citrix VPN, Netscaler VPN)
# Reference: https://twitter.com/ValidinLLC/status/1712535238998376611
# Reference: https://www.virustotal.com/gui/ip-address/85.209.11.134/relations
# Reference: https://securityintelligence.com/x-force/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/

cdnjs.live
cloud-js.cloud
cloudjs.live
cloudjs.us
js-cloud.us
jscdn.biz
jscdn.us
jscloud.biz
jscloud.ink
jscloud.live
jscript.live
jscript.us
jscriptcdn.biz
jscriptcdn.live
jscriptcdn.us
jscriptcloud.biz

# Reference: https://twitter.com/whichbuffer/status/1712200899869790319

138.68.162.162:8081

# Reference: https://twitter.com/naumovax/status/1712449056352444730
# Reference: https://www.virustotal.com/gui/file/ec175a771f670fe5c9f7a1756efa74a693254eaaa7a6c5d46fbd9dddbb34e34c/behavior
# Reference: https://www.virustotal.com/gui/file/be46b47e582414db4fe41ca45f4ad180b46ebb101e682a87808b32f2762f7cde/behavior
# Reference: https://www.virustotal.com/gui/file/ce5d3ec4169ff72ee9f164880f8c916ec93c8e409812b464744b91803eceec2c/behavior

http://118.190.154.23
http://121.36.219.126
117.89.178.176:6666
118.190.154.23:8088
120.24.48.197:8009
120.24.48.197:8047
120.27.22.83:5001
120.27.22.83:5002
120.27.22.83:5005
120.78.149.238:12368
121.36.219.126:8088
143.92.35.64:39990
202.124.250.84:8205
202.124.250.84:8219
202.124.250.84:8223
202.124.250.84:8229
202.124.250.84:8241
202.124.250.91:8000
202.124.250.91:8095
203.135.100.66:8024
203.135.100.66:8710
203.135.100.66:8712
43.241.17.49:3031
43.241.17.49:8080
43.248.184.246:8212
8.134.23.213:8500
abc.dahhh.cn
/api/ocrMozilla/5.0
/api/getcontenttitlevariableseparatornumberletterHanzistrco
/api/postcomplete/api/getcontenttitlevariableseparatornumberletterHanzistrco

# Reference: https://threatfox.abuse.ch/browse/malware/vbs.vbrevshell/
# Reference: https://threatfox.abuse.ch/browse/tag/Vshell/

1.12.221.190:4000
1.13.158.52:8082
101.200.161.116:8082
101.200.90.115:8082
101.201.57.139:8082
101.201.79.83:8082
101.35.219.93:8082
101.37.165.37:8082
101.43.129.115:8082
103.12.148.35:8088
103.252.119.151:8082
103.42.179.226:8082
103.42.179.227:8082
103.42.179.228:8082
103.42.179.229:8082
103.42.179.230:8082
103.57.228.100:8082
103.57.228.101:8082
103.57.228.102:8082
103.57.228.98:8082
103.57.228.99:8082
104.208.85.234:8082
106.14.196.216:8082
106.54.209.187:8082
107.148.160.198:8082
107.148.160.198:8087
107.148.160.198:8089
107.151.241.155:8082
107.175.221.48:8082
107.175.28.248:8082
110.40.156.244:8082
110.42.229.51:8082
110.42.64.204:8082
111.231.4.143:8082
112.126.68.27:8080
112.213.108.222:8088
114.115.220.199:8082
114.116.119.253:8082
117.18.7.49:8082
117.50.172.191:58888
117.50.177.128:8080
118.193.40.20:8082
118.195.226.22:8082
118.195.245.162:8082
118.99.32.174:8082
119.45.128.170:8082
119.45.171.202:8082
119.91.219.240:8082
119.91.89.203:8082
120.26.241.209:8082
120.27.223.80:8082
120.46.165.195:8082
120.53.86.130:8082
121.196.202.174:8082
121.229.36.89:8082
122.51.97.82:8082
123.249.100.157:8082
123.249.106.68:8082
123.57.74.206:8082
124.221.145.245:8082
124.222.111.174:8082
124.222.129.148:6001
124.70.202.212:8082
124.71.38.170:8082
128.14.75.45:8082
128.14.75.45:8087
128.14.75.45:8089
134.122.132.51:8082
134.122.132.52:8082
137.175.51.175:8082
139.198.115.86:8082
139.199.181.87:8082
139.224.17.133:8082
139.224.194.38:8082
139.224.216.109:8082
14.22.116.218:8082
142.171.173.188:8082
149.127.236.196:8082
154.201.75.13:8082
154.37.152.26:8082
154.8.204.75:8082
154.91.202.147:8082
155.94.163.251:8082
156.251.172.46:8082
16.171.112.33:18082
162.14.110.131:8082
164.155.206.126:8082
165.22.60.62:8082
171.115.221.205:8082
172.245.92.205:8084
172.247.35.240:8082
172.247.35.240:8087
172.247.35.240:8089
173.82.79.5:8082
175.178.147.242:8082
182.92.127.39:8082
182.92.77.74:8082
193.112.108.217:8082
193.42.32.71:8082
198.44.165.190:8082
198.52.97.143:8082
198.74.117.83:8082
207.148.101.73:8082
216.240.134.17:8082
216.83.44.138:8089
216.83.44.139:8089
216.83.44.140:8089
23.224.121.65:8082
23.224.132.179:8082
23.224.197.71:8082
23.251.32.24:8082
23.251.32.24:8089
27.124.47.147:8088
3.135.65.39:8082
37.44.244.226:8082
38.54.107.228:8082
38.55.144.26:8089
38.6.163.121:8082
38.6.172.245:8082
39.107.239.30:8082
42.193.108.137:8080
43.139.235.58:8082
43.143.225.146:8082
43.156.54.179:8082
43.228.91.222:8082
43.243.73.167:8088
43.254.216.226:8082
45.76.221.240:8082
45.77.176.118:8082
45.77.250.196:8082
45.8.159.17:8082
45.83.151.234:8082
47.103.80.231:8082
47.104.15.215:8082
47.104.241.90:8082
47.104.246.195:8082
47.104.73.41:8090
47.92.199.199:8082
47.93.101.161:8082
47.94.168.41:8082
47.95.156.195:8082
49.232.222.60:8082
61.174.60.155:8082
61.54.27.211:8082
64.176.182.6:8082
8.134.166.14:8082
8.142.104.78:8082
8.217.10.81:8082
8.217.5.132:8082
81.69.191.238:8082
81.71.162.183:8082
82.156.18.214:8082
83.229.67.75:8082
84.32.41.23:8082
96.43.86.12:8082
hfsax.com
hkwzxx.com
sdpwjcj.com
yrsdq.com

# Reference: https://twitter.com/r3dbU7z/status/1713604087520825699
# Reference: https://www.virustotal.com/gui/file/5ba80acd8c4fd67d42aec5c665d3934b7ecffca1b216e910279a1719f40dcdc1/detection

91.207.183.9:8000

# Reference: https://twitter.com/Gi7w0rm/status/1713853872660205585

http://167.99.214.15

# Reference: https://twitter.com/Gi7w0rm/status/1713702882594201975
# Reference: https://twitter.com/sloppy_bear/status/1713903156306870346

http://45.63.7.212
cvpaper.in

# Reference: https://twitter.com/Gi7w0rm/status/1713923723718238600

http://85.214.156.226

# Reference: https://twitter.com/malwrhunterteam/status/1714230086956732842
# Reference: https://www.virustotal.com/gui/file/1dc3418db90285df1aed8b120ad83874a7de713d8def7c30ac3d0c30f635163b/detection

http://89.23.96.63

# Reference: https://www.virustotal.com/gui/file/2827bbea71a2c90a1b3ef41239292c4803b78bd3bc18b7ef810d31bd9952d39c/detection

http://185.254.37.80

# Reference: https://twitter.com/g0njxa/status/1713646692699087328

http://95.181.173.155

# Reference: https://twitter.com/malwrhunterteam/status/1714261624192635237
# Reference: https://www.virustotal.com/gui/file/b9a4327c5d5e4b868ece53e9108cd34adae37992d17a272d56cddc1c343ce401/detection

anyvpns.com
cdn.anyvpns.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
# Reference: https://www.virustotal.com/gui/file/782dbaee36f386468646a765972bbcf2c625d690d922500ba63068fd9ed30934/detection

104.21.55.78:52054
104.234.147.61:52054
172.67.170.192:52054
85.208.107.200:52054
89.23.107.32:52054
jquerywins.com
karelisweb.com
mojenyc.com
mybigeye.icu
notepadxtreme.com
switcodes.com
/?JPBDu=wnAwy
/LXGZlAJgmvCaQfer/
/LXGZlAJgmvCaQfer/rWABCTDEqFVGdHIQ.html
/gYebt/?Buhmz=
/index.php?JPBDu=wnAwy
/rWABCTDEqFVGdHIQ.html

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/10/screenconnect_ultravnc_19-10-2023.json
# Reference: https://twitter.com/JAMESWT_MHT/status/1715187694135922878
# Reference: https://www.virustotal.com/gui/file/2b3006b181e2b12f611638000e355e0fda59c62930c3188739d029892188de34/detection

cryptoapex-invests.com
instance-a3g6br-relay.screenconnect.com
instance-ln8lsc-relay.screenconnect.com
server-nix5f911b27-relay.screenconnect.com

# Reference: https://www.virustotal.com/gui/domain/dr22.biz/relations

dr22.biz

# Reference: https://threatfox.abuse.ch/ioc/1191395/

47.115.230.18:8098

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2023-10-18-IOCs-from-IcedID-forked-variant-with-VNC-and-Cobalt-Strike.txt

instance-jc1vlj-relay.screenconnect.com

# Reference: https://twitter.com/1ZRR4H/status/1716290332885745949

http://163.123.143.17
http://81.19.140.150
163.123.143.17:445

# Reference: https://twitter.com/karol_paciorek/status/1716395306202358156
# Reference: https://twitter.com/g0njxa/status/1716401754068123784

http://139.59.113.146
b0ru70.github.io
research.plu.ac.th

# Reference: https://twitter.com/malwrhunterteam/status/1716517330602033659
# Reference: https://www.virustotal.com/gui/file/a42303a1baa0b48a95f6eaf6cfba9cef523492d078692cb2a1ab4889337624a6/detection

3pmapps.fun
gnupg.3pmapps.fun

# Reference: https://www.virustotal.com/gui/domain/ctl.sk/relations
# Reference: https://www.virustotal.com/gui/domain/jt-banka.eu/relations
# Reference: https://www.virustotal.com/gui/file/c81f61e669603b59e0b224cf0eb0f86a4d23b9cf050ca484ae87e22b64709a72/detection
# Reference: https://www.virustotal.com/gui/file/b9b0b9284f7db13fa27b7665dcab0482e2a439792e4ead52a4404820c1e5f698/detection

ctl.sk
jt.ctl.sk
mailin1.ctl.sk
mailin2.ctl.sk
jt-banka.eu
365sso.jt-banka.eu
sso365.jt-banka.eu

# Reference: https://twitter.com/Gi7w0rm/status/1716901758348521850

ogenki.com.my
/xsxlzx-shell/

# Reference: https://twitter.com/malwrhunterteam/status/1716907663181902131
# Reference: https://www.virustotal.com/gui/file/77d976b89ab6f65be7fc67673d4016735aafa3abbd33f2f958410d9d4d8d78f5/detection

genbtoomny.click

# Reference: https://twitter.com/r3dbU7z/status/1717062792589586859
# Reference: https://www.virustotal.com/gui/file/b4eb821c7e48bef8495bd3dd4ae9eb71cd2e64ffe098d8773d6efa57a2ebb3bc/detection

http://13.39.110.1

# Reference: https://www.virustotal.com/gui/file/5c34a701dfc8fed23b216a34bdb455e10bc965f29d21f85ece97ca7c74383bd6/detection

mega-z-upload.com
selenundlock.com

# Reference: https://twitter.com/karol_paciorek/status/1717460110627189013

http://47.88.79.56

# Reference: https://twitter.com/doc_guard/status/1717578836777308315
# Reference: https://www.virustotal.com/gui/file/4fabc888fa31352edf90330a5f8d3b75ea510b625c36ff45dee8287beb292c56/detection
# Reference: https://www.virustotal.com/gui/file/4274844d4e8d4337d45f75cf440a97d9c12b15be8ff61ef5cfea7545ce04b69c/detection
# Reference: https://www.virustotal.com/gui/file/40b79fcb5cfc3272ee8a59e223cc310b4d73aac238d3840acd283f801eda3e3a/detection

globaltimedns.top

# Reference: https://twitter.com/r3dbU7z/status/1717681468799844760

bankfcyprus.com

# Reference: https://twitter.com/fr0s7_/status/1717809713205985380

securepdfdocus.biz

# Reference: https://www.virustotal.com/gui/file/ebe0790a4e73314adbf63b910d4435c5a09cd028a606e417cf6f386d7cb7a05b/detection
# Reference: https://www.virustotal.com/gui/file/4cf218aec726274630dba16d9384544c72edc34d4288a1e3b0d786d829524413/detection
# Reference: https://www.virustotal.com/gui/file/ddfdd3542222a4d768bd72424b727474244a6e4b13f81befb9422866c7fdb2f0/detection
# Reference: https://www.virustotal.com/gui/file/c6dc04197194a659ca7906a08ab043307dbaee90ac1d4527529dcc92a2992e59/detection
# Reference: https://www.virustotal.com/gui/file/ad447395730eb6890cc386ba809b77d2a76e33d1b82ebaee1d05f2ee7b441de0/detection
# Reference: https://www.virustotal.com/gui/file/792ac74aff41ec6525b01bdd3a38c0dd7305de1ad94951a79731346fc88c21d1/detection
# Reference: https://www.virustotal.com/gui/file/5178b61c4db461b51537b9de98f59fe18a1b6baf0108e1478ac279a2db708088/detection

103.99.62.15:65422
206.238.199.51:65422
2hao2.oss-cn-hongkong.aliyuncs.com
adll.oss-cn-hongkong.aliyuncs.com
aexe.oss-cn-hongkong.aliyuncs.com
aomeikj.oss-cn-hongkong.aliyuncs.com
conkaikaizjderoujima.oss-cn-hongkong.aliyuncs.com
zhenlong363.oss-cn-hongkong.aliyuncs.com
jbpossa.oss-cn-hongkong.aliyuncs.com
thesonoftheforest.oss-cn-hongkong.aliyuncs.com

# Reference: https://cybersecuritynews.com/confluence-zero-day-vulnerability/ (# CVE-2023-22515, DarkShadow, Oro0lxy)
# Reference: https://otx.alienvault.com/pulse/652832b6f960f3f7421e6da9

http://104.128.89.92
http://192.69.90.31
http://199.193.127.231
http://23.105.208.154
104.128.89.92:443
192.69.90.31:443
199.193.127.231:443
23.105.208.154:443

# Reference: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ (# CVE-2021-1435)
# Reference: https://otx.alienvault.com/pulse/652d723d05fd9cabcde27e54

http://154.53.56.231
http://154.53.63.93
http://5.149.249.74
154.53.56.231:443
154.53.63.93:443
5.149.249.74:443

# Reference: https://twitter.com/leak_ix/status/1719074800314859691
# Reference: https://www.shodan.io/host/38.60.199.10

http://38.60.199.10
38.60.199.10:22
38.60.199.10:443

# Reference: https://threatfox.abuse.ch/ioc/1196777/

116.204.110.99:8082

# Reference: https://threatfox.abuse.ch/browse/malware/win.empire_downloader/

http://164.92.246.33
http://18.221.226.193
http://20.102.61.215
http://218.161.70.146
http://23.96.53.135
http://45.32.81.149
http://45.77.79.14
13.52.36.101:8081
194.9.172.238:1443

# Reference: https://www.virustotal.com/gui/ip-address/188.225.60.5/detection
# Reference: https://www.virustotal.com/gui/file/8888b13dca93c8fb63a8564900ec1c3e03bc10236c5049ec1d703235f50c0349/detection

sarcoma.space
spacatty.fun

# Reference: https://twitter.com/abuse_ch/status/1718890685166755920
# Reference: https://urlhaus.abuse.ch/url/2726600/

botfusion1-8f4913f37609.herokuapp.com

# Reference: https://twitter.com/Merlax_/status/1719112693473292571

http://186.64.113.61

# Reference: https://twitter.com/malwrhunterteam/status/1719104612714574309
# Reference: https://www.virustotal.com/gui/file/c2d3fc535e56c109478a742ec44c635c18845dc2e8fd27f13d1fa155588849f6/detection

taxfile.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/00162181a1c8cedc5f394638ae6d0814abc47608e36b06707b36424fb8f211d7/detection

appsmob.info
coinmaster.pw
coinmaster.gamescheatspot.com
/coinmasterhack

# Reference: https://www.virustotal.com/gui/ip-address/4.201.49.4/relations
# Reference: https://www.virustotal.com/gui/file/294c2571ae4d691c92f5946d47dbf78033947f4c2983a8e51564dcc94d0e649c/detection

assistance-aide.fr
assistance-service-clients.com
ca-assistance-clients.com
ca-assistance-clients.fr
ca-support-assistance.fr
google-assistance.fr
go-file.fr
support-assistance-clients-ca.fr

# Reference: https://twitter.com/doc_guard/status/1720030244516643274
# Reference: https://www.virustotal.com/gui/file/aee00173af3d3e8630696a72bd942522543734c26b37afeffbee6d2057285a9a/detection

http://85.195.105.97

# Reference: https://threatfox.abuse.ch/ioc/1198248/

82.157.154.37:8082

# Reference: https://threatfox.abuse.ch/ioc/1201259/

134.122.132.23:8082

# Reference: https://twitter.com/k3yp0d/status/1720471855432151417
# Reference: https://www.virustotal.com/gui/ip-address/146.70.145.168/relations
# Reference: https://www.virustotal.com/gui/file/24e10e8f98c36aa9fcfa63efa3cc45bfb53586bf82cd3a183c4a4edfeb942087/detection

http://146.70.145.168
fsb-uvedomlenie.ru
animalclub.net/dogs/puppy.png
animalclub.net/dogs/qz1
/000000000_OOOOOOOO_ooooooo_ooOOOOOOO_OOOOO/OOOOOOOOO_OOOOOOO_OOO.doc
/000000000_OOOOOOOO_ooooooo_ooOOOOOOO_OOOOO/
/OOOOOOOOO_OOOOOOO_OOO.doc

# Reference: https://twitter.com/g0njxa/status/1721444417586778207

http://138.68.134.18

# Reference: https://www.virustotal.com/gui/file/00043c767c113a4886f01c5c251ca8eb61653f8f4e8e98bca1a51b42f3f33e03/detection

mydrugdir.com
pimlm.com

# Reference: https://twitter.com/g0njxa/status/1722325422283567388

http://51.38.115.103
http://63.141.252.148
http://77.105.147.44
http://88.99.105.167

# Reference: https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification

http://45.155.37.105
http://45.182.189.100
http://81.19.138.52

# Reference: https://twitter.com/malwrhunterteam/status/1723017726120149327

http://5.206.224.58

# Reference: https://www.virustotal.com/gui/domain/psp2111.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/3b6674fa7a6e0ec4cf1f397ea5daeaa23bbb7e24b51fe0be268aa1fd50568f5c/detection

psp2111.ddns.net

# Reference: https://www.virustotal.com/gui/domain/japanjoe1821.ddns.net/relations
# Reference: https://www.virustotal.com/gui/file/ac2ab2f22599a4c27c60001e274da3f29d487890a30a2761985a2f3f8c093246/detection

japanjoe1821.ddns.net

# Reference: https://twitter.com/doc_guard/status/1724397172366451198
# Reference: https://app.docguard.io/32587eb5fc64ea95bedeff63529ae09316832fe43ca9961e877f03b8428db250/results/dashboard
# Reference: https://www.virustotal.com/gui/file/5eee291b4252b66880c0e2dc3bb62bd3e6f1813320b839016f07ab2374a640f2/detection
# Reference: https://www.virustotal.com/gui/file/4202789483158024de2ce0a94a904d61c916923212237263d4d3d478a8d8fb5b/detection

http://172.245.33.131

# Reference: https://twitter.com/1ZRR4H/status/1725196037441110128
# Reference: https://twitter.com/malwrhunterteam/status/1724720871980368311
# Reference: https://www.virustotal.com/gui/file/02c7f90308e5fbe779514ef05ea002fcce91158c98c94cbc179417aa4c955d23/detection
# Reference: https://www.virustotal.com/gui/file/30457374df7ceb536593f72f6d3a31e1d8f81dfb5c76a9dfaaca34e8ce7ba528/detection

transportsd.shop
booshome.transportsd.shop
goosemx.z29.web.core.windows.net

# Reference: https://www.virustotal.com/gui/file/728d3320582daca13297abb67e78b60e4cd6b3eb8c72d1d36f689750699bb681/detection

23.105.235.71:5555

# Reference: https://www.virustotal.com/gui/file/9581c8d4ecafe6c7a734ceb200d6da784b38e93535205501e090c9777f348498/detection
# Reference: https://www.virustotal.com/gui/file/89a0d72a57460815c7164f762d542bc52660d0ca500339c5e90523bd4e602d45/detection
# Reference: https://www.virustotal.com/gui/file/59f0780eff6333ae8b2e148781d94f152c2bd4b902bfde1f4bd9eae4de6e83a1/detection

46.86.250.102:8080
proxy.stephan.nrw

# Reference: https://www.virustotal.com/gui/file/06eb020c0b1dae3ca39f2e49f13a60ab19064eb4896ec759901f02d7ee4036cb/detection

bc1q22hp7n28whk5h94z93vm05hfx2zxs8.com
bc1qrju227jw2hs5zjm7ftn3xshgpdgpa2.com

# Reference: https://www.virustotal.com/gui/file/24d30f7df893a5491229b8526b488b7bdad0ad8494fa9e13bdfa2919cd131f1b/detection

khoadang50.repl.co
macro.khoadang50.repl.co

# Reference: https://www.virustotal.com/gui/file/49ab3c9dfe03ed9f93c19a4b2f48499bcf4304a0ee05864aab014dce04710790/detection

file.khoadang50.repl.co

# Reference: https://twitter.com/doc_guard/status/1727673206482301100
# Reference: https://www.virustotal.com/gui/file/8e55ab6c789595529e4e837536931e09c7d759f9df0e8905b1a67edb000b6981/detection

craftupdate.online
wild.craftupdate.online
/asdf/leiji1920kjfk
/leiji1920kjfk

# Reference: https://www.virustotal.com/gui/file/b29804b761d4eda0a6c7dfc9e4387431c82600cf462041096f7fec3c904151ac/detection

jkghfdt.xyz
mnojdk.xyz
nafsdwas.click

# Reference: https://twitter.com/1ZRR4H/status/1729196411843985530

http://109.107.190.43
http://217.197.107.49
109.107.190.43:445

# Reference: https://twitter.com/v0lundr_/status/1729409817578455234

http://46.246.12.11

# Reference: https://www.virustotal.com/gui/file/c3d2685e8a8925b3383cfea7800e3ae8fe45157e3b08b274575304be54bc8b90/detection
# Reference: https://www.virustotal.com/gui/file/fdb3c7545207d570fe7788b00d444975c7e28f5648b83db0a9908cc6dff65b08/detection

afbnrrxrjg.ru
abqmvo6wyp09h8n.afbnrrxrjg.ru
mxjac2qoiu7fyhd.afbnrrxrjg.ru

# Reference: https://www.virustotal.com/gui/file/1393f8e456d67f08932d134bb37ddd0e5a5011c7b92cec8456570f879d836939/detection

http://185.81.157.149

# Reference: https://twitter.com/nahamike01/status/1729811255282520446

wiireshark.org

# Reference: https://twitter.com/idclickthat/status/1730628513206526007

athelp.cc
cashapphelp3.us
cashapphelp5.us
cbhelp.live
cscare.us
fbhelp.live
gkhelp.info
help360.us
liveform.us
mhdesk.us
qscare.cc
qscare.info
qscare.live
qscare.online
qscare.us
qshelp.cc
qshelp.info
qshelp.live
qshelp.online
qshelp.us
sphelp.info

# Reference: https://twitter.com/doc_guard/status/1731649902818595202
# Reference: https://www.virustotal.com/gui/file/1354ec56e9bead8a7821e30f3b15578ca803359e9d19746bda9a23b62e1f471e/detection

http://172.245.208.126

# Reference: https://twitter.com/1ZRR4H/status/1731709473977160117

94.198.53.143:8000

# Reference: https://twitter.com/banthisguy9349/status/1731752367572263001

139.59.72.48:8000

# Reference: https://twitter.com/alex_lanstein/status/1732485636601319519
# Reference: https://www.virustotal.com/gui/file/88f64c6021b469a40d3d5bf6ab0f563313caafe5e5ba79854cc31f880636c152/detection

http://163.5.64.41

# Reference: https://twitter.com/malware_traffic/status/1732437588059832338

gamonosa.sa.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1732037072385630621
# Reference: https://twitter.com/br0pi/status/1732059287210316266
# Reference: https://cert.pl/en/posts/2023/05/powerdash-malspam/
# Reference: https://www.virustotal.com/gui/file/569130785d0fa06a39b269a5640e0e016f6393342a91608b5f0bdf8465a74d9f/detection

http://5.63.152.179
http://89.104.67.191
89.104.67.191:8000
/dash/post_data/
/dash/post_png/
/dash/post_txt/
/dash/post_zip/
/dash/bots/delete/
/dash/bots/update/

# Reference: https://twitter.com/alex_lanstein/status/1732514545011163268
# Reference: https://www.virustotal.com/gui/file/c5e0e26dd2e8b743188343871bc2cab02c966da49d25efddcaa8fdb8b876886b/detection

drecterion.com/wp-content/Miche.png

# Reference: https://twitter.com/JustWantToQ1/status/1732266534192496990
# Reference: https://www.virustotal.com/gui/file/f0b28f23eb9f436990412e43ad71d8216a2af7bbac1239103fb93ab0b67334b0/detection
# Reference: https://www.virustotal.com/gui/file/e60e796cb218a125e34ab82d1c851a4642d4f0a8582bf441522caa90da0cc9af/detection
# Reference: https://www.virustotal.com/gui/file/af2bd7b81008d0d7e0baae36f94a53a18c5e2c55016211784008d18b3f3e939b/detection

185.174.101.131:8081
hipop.info

# Reference: https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
# Reference: https://otx.alienvault.com/pulse/65707ab6e66cbcb43bd4f250
# Reference: https://www.virustotal.com/gui/ip-address/83.97.20.81/relations

s7610rir.pw
somepools555.pw
swhw71un.pw
asd.s7610rir.pw
asq.d6shiiwz.pw
asq.r77vh0.pw
asq.swhw71un.pw
us1.somepools555.pw

# Reference: https://www.virustotal.com/gui/file/0c3affef7b7928a44cf5050ed0d38724bf182993db63f786eb926007bd135323/detection

dyjbb.dnset.com

# Reference: https://twitter.com/banthisguy9349/status/1734301694719050200

128.1.76.179:5566
128.1.76.180:443

# Reference: https://twitter.com/gothburz/status/1734526642251304973 (# CVE-2023-46604)

http://139.180.185.248
http://188.166.177.88

# Reference: https://twitter.com/0x3A44/status/1734640511628017904

http://46.246.80.13
46.246.80.13:443

# Reference: https://app.any.run/tasks/5fb71446-d9ef-4c31-ab32-b93c465a32cc/

dfhduh.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1735249295090106569
# Reference: https://www.virustotal.com/gui/file/3cdcea51cd516b777c10e81f58f05cab9f00b787a35402e11df49c05f692976c/detection

ref-media.net

# Reference: https://twitter.com/suyog41/status/1735584361255469349
# Reference: https://www.virustotal.com/gui/file/fcb97ac234876b962adf6f741aa9e7f25ca82ae0c7b7be2500c73f3b8b7cdbcf/detection

pfizer-careers.net

# Reference: https://twitter.com/JustWantToQ1/status/1735870555373355048

64.150.190.149:64

# Reference: https://www.virustotal.com/gui/file/e5147145099559ce6f573dec81b396061885afda8de998b765eee806d767bfd2/detection

542199235l.com

# Reference: https://www.virustotal.com/gui/file/8d20f09faf9f69e2064a949e9574a68aa6777746734de900d9369f28656fd1f9/detection

http://46.246.12.14

# Reference: https://twitter.com/doc_guard/status/1734938547881193574
# Reference: https://www.virustotal.com/gui/file/0f6832b333e43176dd26b84a4db536d345850162b86e88b8ede8a204836a1dae/detection

theannoyingsite.com
youareanidiot.cc
ve43.aadika.xyz

# Reference: https://twitter.com/doc_guard/status/1737494486295486473
# Reference: https://app.docguard.io/4bfc29dff0955937190a085c6114d5019555558ed4a79b4fcb75a18ed28a3252/results/dashboard
# Reference: https://www.virustotal.com/gui/file/4bfc29dff0955937190a085c6114d5019555558ed4a79b4fcb75a18ed28a3252/detection

micrgen.ru

# Reference: https://www.virustotal.com/gui/ip-address/37.143.129.182/relations
# Reference: https://www.virustotal.com/gui/file/b3b41a17736281bcdfaae96acb657e32811456430ecbf06730706d2c9e96b0e6/detection

idf.pics
idfinfo.pw
idfleaks.info

# Reference: https://twitter.com/banthisguy9349/status/1738120871850483887

http://195.35.25.136

# Reference: https://twitter.com/malwrhunterteam/status/1738178664477438094
# Reference: https://www.virustotal.com/gui/file/d4ccc58d8e30048a387153642dfa2ee78500b0e9dab6130370bf9576d3e6d1c6/detection

pdf-online.top
usaid.pm

# Reference: https://twitter.com/malwrhunterteam/status/1738254214353064420
# Reference: https://twitter.com/malwrhunterteam/status/1740146804073906343
# Reference: https://cert.gov.ua/article/6276988 (# UAC-0184)
# Reference: https://www.virustotal.com/gui/ip-address/46.249.58.40/relations
# Reference: https://www.virustotal.com/gui/file/bd871a2ccd6d7c4f89f9f5087e60cfdcc7ab35b670cfda7ddfd6dbbab8c8560c/detection
# Reference: https://www.virustotal.com/gui/file/ef6edacf6ee1e0dd2e53046a91ba84d10a8adda6918ca7aac6e96ead432efbbc/detection

46.249.49.148:3232
funedunet.com
new-tech-savvy.com

# Reference: https://twitter.com/malwrhunterteam/status/1745175988114247680

http://163.5.169.28

# Reference: https://twitter.com/malwrhunterteam/status/1739358047808454978
# Reference: https://www.virustotal.com/gui/file/487c77fe374d38a45f0c0b16deb3f0f113104e396eed88543a81dd2023720a9f/detection

winrar-lab.github.io

# Reference: https://twitter.com/Cuser07/status/1739476155491832275
# Reference: https://www.virustotal.com/gui/file/5c61ab46e64c8de31e03dd9c8f79f18bd86ecf57d980e36f0e877003d1def063/detection

minehidden.ru
microsoft-word-ru.github.io

# Reference: https://twitter.com/banthisguy9349/status/1738128525331251392

http://104.248.54.93
http://138.197.150.104
http://143.198.172.172
http://146.190.158.3
http://147.182.133.75
http://159.203.3.76
http://159.203.48.121
http://188.166.187.50
http://64.227.79.134
64.227.79.134:443

# Reference: https://www.virustotal.com/gui/file/9a4147fcc9d6561e1548496ef1759ad73d93e1743e93d3c57490333eb9681915/detection

sun876954.space

# Reference: https://twitter.com/banthisguy9349/status/1740356886615167260

http://91.92.253.192
91.92.253.192:443

# Reference: https://twitter.com/noexceptcpp/status/1740347631816122829

212.60.5.131:4433

# Reference: https://twitter.com/Cuser07/status/1741037664768512343
# Reference: https://twitter.com/threatinsight/status/1749494654293405942
# Reference: https://www.virustotal.com/gui/file/f9a6a9f0507c5eb6c8c53a33f8f294d1381ed250cfbce6e8bda45ee295ca260b/detection

http://64.52.80.221
64.52.80.221:445
/fCzQvTAP/ewrtnyu75473
/fCzQvTAP/
/ewrtnyu75473

# Reference: https://twitter.com/ClearskySec/status/1741482152280129889
# Reference: https://www.virustotal.com/gui/file/d84c39579e61c406380f37da7c2a6758ed9a4c9a0e7697c073e2ddbb563360cd/detection
# Reference: https://www.virustotal.com/gui/file/1b598c7c35f00d2c940dfd3745bd9e5d036df781d391b8f3603a2969c666761b/detection
# Reference: https://www.virustotal.com/gui/file/0429bdc6a302b4288aea1b1e2f2a7545731c50d647672fa65b012b2a2caa386e/detection

http://124.168.91.178
http://194.126.178.8
124.168.91.178:445
159.196.128.120:54763
159.196.128.120:55555
194.126.178.8:54763

# Reference: https://twitter.com/banthisguy9349/status/1742123105827344654
# Reference: https://www.virustotal.com/gui/file/23e4e812b985eb7f0dfe4440a281d290681d48292b564e95389472a44067f382/detection
# Reference: https://www.virustotal.com/gui/file/57bb1a9274ec2f2f65508b3eefd222b46f9c600c3352d80488d7f903937a409b/detection
# Reference: https://www.virustotal.com/gui/file/4c58578a87a0f032ac2fb2889565de0d40c9c358d4e48dbdbe8ce74f8ccb62b7/detection

91.92.240.152:1338
91.92.240.152:1339

# Reference: https://twitter.com/malwrhunterteam/status/1742200432217215049
# Reference: https://www.virustotal.com/gui/file/afe3cb9b582273ff47916f1c2cdc111b8bc58bd54e6d28f6a31fef4f663e3abc/detection

officesmicrosoft.com
mc.officesmicrosoft.com

# Reference: https://www.zscaler.com/blogs/security-research/threat-actors-exploit-cve-2017-11882-deliver-agent-tesla
# Reference: https://otx.alienvault.com/pulse/659590aec2e01294d509fc1e

http://193.42.33.51

# Reference: https://www.virustotal.com/gui/file/000044e47ee47ce1f18fea0a33e17da583cb25e174cc24e2fbdbf29c1c82ea92/detection

evacdir.com

# Reference: https://www.virustotal.com/gui/ip-address/164.90.149.198/relations

bkhnmeficinnhii.top
cibgbgfjcmlbmcd.top
cnbhhabgjabmfab.top
dfmnkgnidkadgcd.top
dififcihkccceik.top
edggnhnjdnmfljm.top
fdkidechlddhdbf.top
fnfihgcmjdiimii.top
gfecmamfejggbhm.top
hlbibfkimfelcja.top
iaidkcggfkhkabh.top
ijjbfhkjmicnhcj.top
jamnfbaffgdclbn.top
jjndidahgmibnic.top
leeegfhihnjflcl.top
mcmlkgijhdghcjg.top
mgmmcbdgaflejie.top
nbcmadlhbhmiibn.top
nnjeegbjibkjkjh.top

# Reference: https://www.virustotal.com/gui/ip-address/162.33.177.125/relations

bikhgghnjndnlmj.top
cnngkbijcmaclie.top
lfbmjjcanenfllj.top
mleknedjhckhlhe.top
nchjcmfebbhkldn.top
setorempresarial.online

# Reference: https://twitter.com/malwrhunterteam/status/1745199276056027435
# Reference: https://www.virustotal.com/gui/ip-address/141.8.193.27/relations
# Reference: https://www.virustotal.com/gui/file/4ac32148284e1b9710bca20bc8fae1ba8f831dda7921bf12b73041a715555a6f/detection

api-gate.xyz

# Reference: https://twitter.com/sicehice/status/1747030318924677353

http://85.31.205.231

# Reference: https://www.virustotal.com/gui/file/104db086fa0e7c362f6ea00f9c93852bf2476dedc8ee3bda074cdb237411e658/detection

boggaym1.hopto.org
jhonny1.hopto.org

# Reference: https://www.virustotal.com/gui/file/a1bd8fdc639b7e0f2b1343e0f0e7807d404aab4adcae6972752d189adebdc030/detection
# Reference: https://www.virustotal.com/gui/file/45a40d542def7819241bf68e0b6ba3374834446266393bd5d254a602e95ea681/detection

bbstudent2.com

# Reference: https://twitter.com/doc_guard/status/1747612590950240626
# Reference: https://www.virustotal.com/gui/file/b4492ba093f845b6fb37941af65635c5cf5095d415cca54cfeaa7231fa8d0c82/detection
# Reference: https://www.virustotal.com/gui/file/e570c9cbef39307361396ca601d5726d5cceadfbf9a39133654bf03b6eaf2156/detection

http://192.227.173.43
192.227.173.43:445

# Reference: https://twitter.com/alex_lanstein/status/1748359390736879820
# Reference: https://www.virustotal.com/gui/file/502d1efa5ff5403a5eed1caf375adc0fb4b038a3a0b3571e35270ff7a0cc3538/detection

pandoraleaks.org

# Reference: https://www.virustotal.com/gui/file/7ee503bade7073d8da987399701924596242b1e41e35f55884190a4fc4e00b9d/detection

khelrangfssa.org

# Reference: https://www.virustotal.com/gui/file/9605968addccaa2323334d501b99ab88cd0b879bc8a2b4c5dc1d27c4d27d5e53/detection

http://191.233.27.50

# Reference: https://twitter.com/malwrhunterteam/status/1748790038555451806

halalhotels.net/wp-content/uploads/

# Reference: https://twitter.com/malwrhunterteam/status/1750263043701776696
# Reference: https://twitter.com/doc_guard/status/1750511099328299392
# Reference: https://www.virustotal.com/gui/file/245fa95180f396ac41e757b3292edba9a6d2cd352ef3a9e3b946d32961fe5459/detection

http://37.120.222.148
entertainment-in-tenerife.com/wp-content/uploads/

# Reference: https://twitter.com/suyog41/status/1749692921237078090
# Reference: https://www.virustotal.com/gui/file/0bb98b450b35148c02826bf353afaaea82c8cbdbca5a1e76b8cd3704b8657b0f/detection

http://45.153.241.239

# Reference: https://twitter.com/ShanHolo/status/1750135335952990523
# Reference: https://www.virustotal.com/gui/file/3c00c886b8be39b8711f76cc7225c6941be5fd3336d0ffc939959e8c3b755bbc/detection

101.99.94.234:47001
101.99.94.234:5985
101.99.94.234:7070
101.99.94.234:8000
101.99.94.234:8090
148.163.93.51:47001
148.163.93.51:5985
148.163.93.51:8080
148.163.93.51:9090
172.86.96.111:47001
172.86.96.111:5985
172.86.96.111:7070
172.86.96.111:8080
172.86.96.111:8081

# Reference: https://www.virustotal.com/gui/file/9d88ecdd4dce40bea6c22e721b10b2e9e49650679734ca411f6232ea4097e83d/detection

http://51.79.244.21

# Reference: https://twitter.com/malwrhunterteam/status/1749905406703366614
# Reference: https://www.virustotal.com/gui/file/b79fc5448d47587c2d038f8a06e52d59b053aa5aab03a6aa884c3a113e31caf9/detection

frank-weekly-frog.ngrok-free.app

# Reference: https://twitter.com/1ZRR4H/status/1750261119216710029

http://148.163.93.51
148.163.93.51:445

# Reference: https://www.virustotal.com/gui/file/05df7a0c57ddb53db47daa1e23462221b9dcadf8ed43341a6722b16f4e5b9216/detection

http://181.41.200.209

# Reference: https://twitter.com/banthisguy9349/status/1749331670187040802
# Reference: https://www.virustotal.com/gui/file/4971112623eb9259a641b60f6416c1701ba02f08ed1c590948f5e487744bcf03/detection

http://185.81.157.123
http://185.81.157.150
http://185.81.157.160
http://185.81.157.24
185.81.157.123:999

# Reference: https://twitter.com/1ZRR4H/status/1751310603916882357
# Reference: https://www.virustotal.com/gui/ip-address/91.92.251.163/relations
# Reference: https://www.virustotal.com/gui/file/d576202174867dbed41a0dde9841b8deb1c4c3cb54bc3f3cb1311d97e0f1fd58/detection
# Reference: https://www.virustotal.com/gui/file/2986cab6e805bdeeedf6b815ee439417e2c861c33ef67c77b4c1ad57ad9d6169/detection
# Reference: https://www.virustotal.com/gui/file/ac702ccbd80c7f46d05ed6ecbbac34a930c0c1befe4dfc9e74bdcd7c7b4c09a4/detection
# Reference: https://www.virustotal.com/gui/file/861c39ed6c9c822297b546d05fc0c5ea6011a29fc8ed9afd8c2a34b07aa043b9/detection
# Reference: https://www.virustotal.com/gui/file/504be1f8bf80df47b6cbe74f1837864da5ec119e4ea91eae268e3652a626a4a9/detection

http://91.92.251.163
91.92.251.163:445
galaxe-team.info
protecionbbva.info

# Reference: https://twitter.com/malwrhunterteam/status/1750876407834501411
# Reference: https://www.virustotal.com/gui/file/1ff893e6dccc586fb6b2ef5ea58f0d9137b646e61b17c9aaf1eef4f1703831cc/detection
# Reference: https://www.virustotal.com/gui/file/052c9175ede58455ea20be0df7a0095a3a6645e2c3acf5b67411e7b18df69689/detection

5desconcertais.sa.com

# Reference: https://twitter.com/nahamike01/status/1751481757365629263

http://72.167.151.88
72.167.151.88:443
thebaut-avocats.store

# Reference: https://www.virustotal.com/gui/file/cdd069f6a4cebf0020343e7788b6bb9d6e0a276513c822d8db9edac428812167/detection
# Reference: https://www.virustotal.com/gui/file/84de49fc64eef65cba50df918817cd41328ac07bae39fd041a39d2f6d5d685ac/detection

http://147.50.253.30
/JEERADET/
/JEERADET/updater/getserverinfo.xml
/JEERADET/updater/wzupd.xml
/JEERADET/updater/
/updater/wzupd.xml

# Reference: https://twitter.com/cyber_ra1/status/1752035174408458561
# Reference: https://www.virustotal.com/gui/file/ea17ccf4bf55f23b8a93f8e17e470be440211f463d5b7e01958843c8c160f765/detection
# Reference: https://www.virustotal.com/gui/file/a0ed5dd1fe038a22bf5953c4d12ece80d09d0f58a991503dca3ce659455b8d4d/detection
# Reference: https://www.virustotal.com/gui/file/295aef7c1199c1f1ed7d487694e977ec858c5819140ed09808e175fcc49472f0/detection

http://139.144.212.135

# Reference: https://twitter.com/banthisguy9349/status/1752339128648122859

http://194.48.250.74
http://45.141.202.254
45.141.202.254:443

# Reference: https://twitter.com/doc_guard/status/1752343177896317394
# Reference: https://www.virustotal.com/gui/file/346d471bd9f585ac6a4a6b6e11a12004edffdccf92680d701935a7e653fb2b0d/detection
# Reference: https://www.virustotal.com/gui/file/f8cbeec0ed28a8828e727c4059fe0d3bf3b34abb3978cdaf112bc36eec83983e/detection

http://185.222.163.245

# Reference: https://blog.cluster25.duskrise.com/2024/01/30/russian-apt-opposition
# Reference: https://www.virustotal.com/gui/ip-address/158.160.129.176/relations

nasa.network
news4you.top
zdg.re
mta-sts.news4you.top

# Reference: https://twitter.com/banthisguy9349/status/1752424117511331865
# Reference: https://www.virustotal.com/gui/file/2027eb5ee4bc199f4a3a70331470db268f5d57474e469d4d4ad3986d5e51399e/detection

http://159.253.214.149
http://161.97.132.85
http://162.19.24.166
http://183.90.230.5
http://184.168.106.46
http://185.176.58.32
http://216.69.162.32
http://45.82.120.47
http://51.79.99.120
http://51.91.45.248
http://91.241.48.106
128.199.66.118:4001
128.199.66.118:88
159.253.214.149:8443
161.97.132.85:3000
161.97.132.85:3012
161.97.132.85:3020
161.97.132.85:3036
161.97.132.85:3045
161.97.132.85:4447
161.97.132.85:7080
161.97.132.85:7081
161.97.132.85:8443
161.97.132.85:8880
162.19.24.166:2100
162.19.24.166:3001
162.19.24.166:3002
162.19.24.166:3838
162.19.24.166:4330
162.19.24.166:8080
162.19.24.166:8126
162.19.24.166:8787
162.19.24.166:9090
162.19.24.166:44321
184.168.106.46:2077
184.168.106.46:2078
184.168.106.46:2082
184.168.106.46:2083
184.168.106.46:2095
184.168.106.46:2096
185.176.58.32:14118
185.176.58.32:14119
185.176.58.32:1515
185.176.58.32:3000
185.176.58.32:3333
185.176.58.32:5985
185.176.58.32:8054
185.176.58.32:8080
185.176.58.32:8090
185.176.58.32:8182
185.176.58.32:8183
185.176.58.32:8391
185.176.58.32:8888
185.176.58.32:8889
185.176.58.32:9090
185.176.58.32:9193
185.66.9.215:81
216.69.162.32:2077
216.69.162.32:2078
216.69.162.32:2082
216.69.162.32:2083
216.69.162.32:2095
216.69.162.32:2096
37.61.242.66:8080
37.61.242.66:8902
37.61.242.66:8903
37.61.242.66:8905
37.61.242.66:8907
37.61.242.66:8913
37.61.242.66:8914
37.61.242.66:8915
37.61.242.66:8916
37.61.242.66:8917
37.61.242.66:8918
45.82.120.47:2525
45.82.120.47:443
45.82.120.47:8088
45.82.120.47:9999
51.91.45.248:8083
51.91.45.248:8888
51.91.45.248:8889
67.205.139.23:8000
67.205.139.23:8001
67.205.139.23:8002
67.205.139.23:8003
91.241.48.106:8443
91.241.48.106:8880
91.241.48.106:943

# Reference: https://twitter.com/banthisguy9349/status/1752646985234931730

http://185.66.9.215
http://62.210.137.149
http://77.105.147.252
216.69.162.32:443

# Reference: https://twitter.com/banthisguy9349/status/1754099584190538104

http://94.156.67.99

# Reference: https://twitter.com/banthisguy9349/status/1754134426391359554
# Reference: https://www.virustotal.com/gui/file/3650667be007a3733dc935f0978ae5964e6dac65728b31d44e6b4d92c5220042/detection

http://91.92.246.143

# Reference: https://twitter.com/banthisguy9349/status/1754141078754570563

http://91.92.255.196

# Reference: https://twitter.com/k3yp0d/status/1754380225792577647
# Reference: https://www.virustotal.com/gui/file/499528fb822e6cf086e98d9e27067f939ecbf0a3791f701a0a6f9a44ba8864ea/detection

http://188.119.112.115

# Reference: https://twitter.com/malwrhunterteam/status/1754492533344715254
# Reference: https://www.virustotal.com/gui/file/eae913c5ae1efaa00cb2a9584e26a290cd16a31125616b394ff661611c4dbb24/detection

109.107.182.4:8888

# Reference: https://twitter.com/k3yp0d/status/1754843731830677754
# Reference: https://www.virustotal.com/gui/file/78b3a5b6d4147ba84b6cefd2c0f24c2a25818ab09b264b1b5259184181f3d25f/detection
# Reference: https://www.virustotal.com/gui/file/968f41985f25a99a475b323809d80ebdb25be230302a24cbf9fb55c042593227/detection

intuite.duckdns.org
proseriesintute.blogspot.com

# Reference: https://twitter.com/malwrhunterteam/status/1755664166038184444
# Reference: https://www.virustotal.com/gui/file/b05b80452ef1057e76a6ec313165b2da95a41fcbcd5820daa07bb5f224e3afa6/detection

jourcutedesignonline.com

# Reference: https://twitter.com/doc_guard/status/1756049358640857415
# Reference: https://www.virustotal.com/gui/file/dc01ce59f5d50ba47a587952b9a83c3f1271d4103babc4106b29eb86cb67c441/detection

al-rasikh.com

# Reference: https://twitter.com/banthisguy9349/status/1756687611102453888

http://94.156.64.142
http://94.156.64.145
http://94.156.64.150
http://94.156.64.151
http://94.156.64.152
http://94.156.64.153
http://94.156.64.158
http://94.156.64.160
http://94.156.64.161
http://94.156.64.162

# Reference: https://twitter.com/banthisguy9349/status/1756692625480913370

91.92.250.124:8000
91.92.252.116:8000

# Reference: https://www.virustotal.com/gui/file/61085e8dfb80e7de7fba6b83066253f6479fb81b4bbc0b4c4b18477c035bf92c/detection

mw-solaris.com

# Reference: https://twitter.com/malwrhunterteam/status/1757497300375556172
# Reference: https://www.virustotal.com/gui/file/bc1adc815864c9ecf69a3d8062995562d9b0d86478808ccc0eee2710b358afc5/detection
# Reference: https://www.virustotal.com/gui/file/5183058ce59c83432109e959f6ad5f05ef94b49a95dc306f7212ee9448225d09/detection

jstor.site

# Reference: https://www.virustotal.com/gui/file/02b99f36f3eeef14baa8e1412a988da082cb303a78239ed903dad466da5f59d3/detection

http://45.74.19.84

# Reference: https://www.virustotal.com/gui/file/10b609ce1c79ed4d772fbc8597f1fa9f712fa00d9cf36a7c46b162fa54623843/detection

unlockpdf.co

# Reference: https://www.virustotal.com/gui/file/b8fdf6a5e04908a5fc29572c848c9511e1d1670072e1e8ae01b69c9a11d05294/detection

http://178.73.192.19

# Reference: https://www.virustotal.com/gui/file/1c7593078f69f642b3442dc558cddff4347334ed7c96cd096367afd08dca67bc/detection

seeceafcleaners.co.uk

# Reference: https://www.virustotal.com/gui/file/a06366b0fa7d5744a507ef1afdafa02d81a4315bdba697993b7ee4fce76f1d7e/detection

http://45.81.39.111

# Reference: https://twitter.com/TLP_R3D/status/1760560620485661027

116.0.56.101:9191
64.31.63.240:443

# Reference: https://twitter.com/malwrhunterteam/status/1760648792028709181
# Reference: https://www.virustotal.com/gui/ip-address/179.43.180.49/relations
# Reference: https://www.virustotal.com/gui/file/49036e3800ba67ab63b09d3ac7e8f45230deca4ee0603b3786ca7d77ca347aa2/detection

share-pdf-fast.com

# Reference: https://app.any.run/tasks/d31016d0-867e-4f3b-abc4-50e4f52d4169/
# Reference: https://www.virustotal.com/gui/file/ff498064ff8c719bdf3e968b5a8739be2b8fa7916cb8966e2e5634f04ef9af32/detection

http://107.173.4.5
/CryptersAndToojjjjls.vbs
/jajajjajajava.txt

# Reference: https://twitter.com/banthisguy9349/status/1762883187699556388

http://173.212.248.30
srv-3.hostylite.com

# Reference: https://twitter.com/karol_paciorek/status/1763224968651800648

http://5.78.101.147

# Reference: https://twitter.com/1ZRR4H/status/1763433453876335093

182.23.67.109:8088

# Reference: https://twitter.com/1ZRR4H/status/1762598851737690328

80.94.95.227:45354

# Reference: https://twitter.com/banthisguy9349/status/1764382521276485989

http://91.92.253.92

# Reference: https://twitter.com/banthisguy9349/status/1764381700233035900

http://91.92.241.45

# Reference: https://twitter.com/noexceptcpp/status/1765438678967410998
# Reference: https://app.any.run/tasks/ccb87bc3-8d0c-4909-ad0b-ce48abc36378/

http://185.25.50.24
88.119.171.83:8000

# Reference: https://twitter.com/banthisguy9349/status/1766060945976046007

http://193.93.248.103

# Reference: https://www.virustotal.com/gui/file/e35ba53261955ab3ff50649240eef61f498c3892a1f167a1d6f38f4f130bb754/detection

204.10.194.37:6213
nl2-4.deploy.sbs

# Reference: https://www.virustotal.com/gui/domain/nl3.deploy.sbs/detection

nl3.deploy.sbs

# Reference: https://twitter.com/ULTRAFRAUD/status/1766821901056311525

download-createstudioo.com
kingkh.pythonanywhere.com

# Reference: https://twitter.com/alex_lanstein/status/1767270274993361404
# Reference: https://www.virustotal.com/gui/file/cb07dc2bb5f7e7d478432f54001c811a1279f46ca23bb0a1464319a0d1f16d5e/detection

data.linksbin.co

# Reference: https://twitter.com/banthisguy9349/status/1769770269797646829

http://128.1.76.180
128.1.76.180:443

# Reference: https://twitter.com/banthisguy9349/status/1769774446234005802

146.190.145.137:1338

# Reference: https://twitter.com/banthisguy9349/status/1769755483768803650

http://94.156.71.26

# Reference: https://twitter.com/banthisguy9349/status/1769782362466881883

http://116.203.201.240
http://89.23.99.86

# Reference: https://twitter.com/banthisguy9349/status/1769771599824040038

47.115.221.17:8081

# Reference: https://twitter.com/doc_guard/status/1759572032503578664
# Reference: https://www.virustotal.com/gui/file/051e148125846ad66f285884ae40e72ebc59bf6a15220b4927cc0c5046b7c60e/detection

mayanboats.com/wp-content/uploads/

# Reference: https://twitter.com/doc_guard/status/1769724159997644933
# Reference: https://www.virustotal.com/gui/file/051e148125846ad66f285884ae40e72ebc59bf6a15220b4927cc0c5046b7c60e/detection

ianmckenzieanderson.com/wp-content/uploads/

# Reference: https://twitter.com/banthisguy9349/status/1770831512788705496

194.164.192.12:8080

# Reference: https://www.virustotal.com/gui/file/00254ddf941309f710ca27ad9aea9131ccd8babdbd6b8b4fd939da2e46c9a6f6/detection

http://37.1.220.206
winsprizesnow.site
/bTcpkT?subacc=

# Reference: https://twitter.com/malwrhunterteam/status/1770557731298033940
# Reference: https://www.virustotal.com/gui/ip-address/89.208.104.10/relations
# Reference: https://www.virustotal.com/gui/file/358f0e012b129051cd808c0d901b50418fc09add0e2a5d306ddced82b9bc3ff7/detection

zcr.ink
ztm.ink

# Reference: https://twitter.com/naumovax/status/1770906845953118256
# Reference: https://www.virustotal.com/gui/file/ea0f69db204d3eba39ab341bcfa82cd26650142f84c484adddae1e7a53c3ca78/detection

logimofficeofffmnicr0softonline.com

# Reference: https://www.virustotal.com/gui/file/299ff9d74335f579d43bc1a03ff43728f8ba0fbefcda859654eb0724671477fd/detection

cdnopenweb.co

# Reference: https://twitter.com/alex_lanstein/status/1771905091991195821
# Reference: https://www.virustotal.com/gui/file/024acfac45780795bfd2c35043990440e84a533b38059ef2a79ce89e8a4c0b57/detection

101.99.94.234:8888
mid-selections-prohibited-merely.trycloudflare.com

# Reference: https://twitter.com/r3dbU7z/status/1772579014122565923
# Reference: https://www.virustotal.com/gui/file/88c240ddab06e74a5b6425a9b1d91fa0532e619d1565bf1c79cafd78cc1d2615/detection

islamtito.xyz

# Reference: https://twitter.com/Dkavalanche/status/1773040405820387781

projetymastrexz.westus.cloudapp.azure.com

# Reference: https://twitter.com/banthisguy9349/status/1772955283297366489

91.92.251.119:8080

# Reference: https://twitter.com/banthisguy9349/status/1772957297527943313

91.92.251.195:8888

# Reference: https://www.virustotal.com/gui/file/405ed745200b616e7e31defd66c8207534e15a1d1d4bca144f1ea35d1cb722e1/detection

dn3hksy6kf.com

# Reference: https://www.virustotal.com/gui/file/c9329007524b3da130c8635a226c8cbe3a4e803b813f5b2237ed976feb9d2c8d/detection

http://193.233.133.179

# Reference: https://twitter.com/banthisguy9349/status/1777366942795386957

http://51.210.237.196

# Reference: https://twitter.com/karol_paciorek/status/1777395068883591247

lbc-tt.com

# Reference: https://twitter.com/RacWatchin8872/status/1778393784809595092

http://1.13.158.52
http://101.34.85.235
http://121.196.200.127
http://154.40.57.241
http://43.138.212.90
http://45.61.136.98
http://47.101.128.7
1.13.158.52:21
1.13.158.52:8000
1.13.158.52:8084
1.13.158.52:888
1.13.158.52:8888
1.13.245.178:22
1.13.245.178:5003
1.13.245.178:8080
101.34.85.235:22
101.34.85.235:8082
101.34.85.235:8084
119.123.218.35:1701
119.123.218.35:1723
119.123.218.35:2010
119.123.218.35:21
119.123.218.35:888
119.123.218.35:889
119.123.218.35:9000
119.123.219.99:2010
119.123.219.99:21
119.123.219.99:81
119.123.219.99:888
119.123.219.99:889
119.45.223.112:22
119.45.223.112:8080
119.45.223.112:8081
119.45.223.112:8085
119.45.223.112:81
121.196.200.127:22
121.196.200.127:5003
121.196.200.127:7890
124.221.70.199:8880
154.40.57.241:22
154.40.57.241:8000
154.40.57.241:9000
158.247.250.133:22
158.247.250.133:443
34.92.128.224:22
34.92.128.224:8000
43.138.212.90:22
43.138.212.90:28888
43.138.212.90:40110
43.138.212.90:7000
43.138.212.90:801
43.138.212.90:8080
43.139.161.196:47001
43.139.161.196:5985
43.139.161.196:9000
45.61.136.98:1354
45.61.136.98:22
45.61.136.98:443
45.61.136.98:8000
45.61.136.98:8080
47.101.128.7:22
47.101.128.7:3334
47.101.128.7:7001
47.101.128.7:7002
47.101.128.7:8080
54.95.206.159:22
54.95.206.159:443
54.95.206.159:8000

# Reference: https://twitter.com/banthisguy9349/status/1778350677204316384

http://202.79.168.65
47.92.29.211:8001

# Reference: https://asec.ahnlab.com/en/64034/

http://35.185.187.24

# Reference: https://twitter.com/banthisguy9349/status/1780196797572378937

45.88.90.68:5000

# Reference: https://www.virustotal.com/gui/file/4d9274cfe7a2bd9a125352271d1634708e1f9b1d70b056d1c1950cb98b8f91ff/detection

globalsolutionunlimitedltd.com

# Reference: https://twitter.com/doc_guard/status/1780586776647668123
# Reference: https://www.virustotal.com/gui/file/d545c5b74a79797a1833d3a2f897b9ed49d2eeffaaf7049db7bfa8551fb4a80e/detection

glucoselow.store
yourgreatbargain.com

# Reference: https://www.virustotal.com/gui/file/5fa488552cbba6b8c0995c8adbd80c88e053f74e2e80c683b969ad900dc08a5a/detection

doggygangers.com

# Reference: https://twitter.com/banthisguy9349/status/1780925439030051190

188.121.114.194:8000

# Reference: https://cert.gov.ua/article/6278620 (# UAC-0149)
# Reference: https://www.virustotal.com/gui/file/8f8abfa6717ad2043a295d16b5aeeac3e7084b7994f6eec8351e18a9a3c59997/detection

netman.servehttp.com
worker-misty-mouse-6ac7.aky15825.workers.dev

# Reference: https://twitter.com/banthisguy9349/status/1782402749805527142

http://222.230.144.112
114.158.55.198:50001
118.243.43.7:60000
180.2.118.1:5001
213.118.170.113:8000
218.219.255.116:60000
222.150.151.23:2000
61.213.102.62:60000
87.175.73.111:81
94.224.234.108:2080

# Reference: https://twitter.com/banthisguy9349/status/1782401923133354148

http://185.209.161.184

# Reference: https://twitter.com/banthisguy9349/status/1782404196400066837

http://134.255.232.30

# Reference: https://twitter.com/doc_guard/status/1782401510350954620
# Reference: https://app.docguard.io/ed4149d5ac4b15e22b9f240e75638ea3c4da01a021d30ed2d062919159c6a7c9/results/dashboard

clubedasluluzinhasro.com.br/assets/image/

# Reference: https://twitter.com/alex_lanstein/status/1782764409967788278

moment-clubs-re-fans.trycloudflare.com

# Reference: https://twitter.com/banthisguy9349/status/1782687945431957899

http://143.92.36.161
http://154.38.226.29
143.92.36.161:8888
/down/pOkDKV78QUk2
/pOkDKV78QUk2

# Reference: https://twitter.com/RacWatchin8872/status/1782707093088170142

192.253.234.80:8000

# Reference: https://twitter.com/banthisguy9349/status/1783873353469645250

http://39.103.217.92

# Reference: https://twitter.com/banthisguy9349/status/1783864142127882734

http://91.92.254.78

# Reference: https://twitter.com/doc_guard/status/1783841178829656511
# Reference: https://www.virustotal.com/gui/file/cc962c0a4622bab42951b90f77821327a7807907226f5f8972762beb195aa8c7/detection

http://23.95.60.77
bun.is

# Reference: https://twitter.com/banthisguy9349/status/1784891801419014416

91.215.85.18:9380

# Reference: https://twitter.com/doc_guard/status/1784960119102431684
# Reference: https://www.virustotal.com/gui/file/b985a88d7eb12be800f12605685aa016066153d1752ee3a6aded9be0cfc6bff4/detection

h8vtcztgjh.ru
e0fab4dffce023758aa12ddcef.h8vtcztgjh.ru

# Reference: https://twitter.com/banthisguy9349/status/1785240900383248797

148.135.35.177:3389

# Reference: https://twitter.com/banthisguy9349/status/1785242060728995872

http://185.81.29.119

# Reference: https://twitter.com/malwrhunterteam/status/1786350323059069054

89.23.99.47:7777

# Reference: https://twitter.com/r3dbU7z/status/1786430134171373733

http://161.129.66.7
http://89.23.107.244
89.23.107.244:445

# Reference: https://twitter.com/xorJosh/status/1786017157249110459

45.61.137.109:8080

# Reference: https://twitter.com/JustWantToQ1/status/1787075115823337564

http://89.23.97.199
89.23.97.199:443
156.248.74.9:58926
61.132.227.209:3389

# Reference: https://twitter.com/banthisguy9349/status/1787528985825480993

154.40.47.195:9000

# Reference: https://twitter.com/banthisguy9349/status/1787508349791031314

185.234.216.64:8000

# Reference: https://twitter.com/ShanHolo/status/1787551650493747688

http://74.249.96.36

# Reference: https://twitter.com/banthisguy9349/status/1787388546187243704

http://164.68.102.223
http://178.18.243.38

# Reference: https://twitter.com/k3yp0d/status/1787851479421772047
# Reference: https://twitter.com/k3yp0d/status/1787852438591910201
# Reference: https://www.virustotal.com/gui/file/387252ca8e89f7c3daceb48ab1279dfe597a9043095624a485aa5820b3c446b9/detection
# Reference: https://www.virustotal.com/gui/file/608009b402c00bb8ef65cc8d805e1522ddf1632c7479be05244ebd38483e22df/detection

advertnow.org
adverty.info
corptravel.org
feedstream.info
kantiana.info
yandeks.info
kant300.kantiana.info
moscow.corptravel.org
passport.yandeks.info
ulitsa.svobody.org

# Reference: https://twitter.com/r3dbU7z/status/1787994785443189168
# Reference: https://www.virustotal.com/gui/ip-address/147.45.50.23/relations
# Reference: https://www.virustotal.com/gui/file/110453e521d785df5608df30e373c966f30ec135b3bdf085fc939c2c156db0ca/detection

79.133.57.62:6868
kreativeentdeckungsreisenerleben.com
kreativitatsreisenerleben.com
schnellbericht.com
schweizaktuell.org
tagesschlaglicht.org
weltgeschehenonline.org
weltreport24.org

# Reference: https://twitter.com/r3dbU7z/status/1787996206519480715
# Reference: https://www.virustotal.com/gui/ip-address/147.45.50.26/relations

inspirationsquellenerkunden.com
kunstlerischereisenentdecken.com
traumweltenerleben.com

# Reference: https://twitter.com/CyberRaiju/status/1788466982763012155
# Reference: https://www.virustotal.com/gui/file/759d8edcb0fc7b6ed288d647cc6fdf9598d944b922654fae2e999d2f89407b3d/detection

dailynewspagechannel.com

# Reference: https://twitter.com/ShanHolo/status/1788512597660033228

http://192.3.179.142
192.3.179.142:443

# Reference: https://twitter.com/doc_guard/status/1788583646007304673
# Reference: https://www.virustotal.com/gui/file/d2f166b0669a67b663691b4510eaf3bccac5fcca85c36edf46f93967846381b1/detection

bc1q7syczyekazugzppa6kcse4n.com

# Reference: https://twitter.com/r3dbU7z/status/1789336992880218598
# Reference: https://www.virustotal.com/gui/file/af2386431856e1b8e41a0f94210c42919498250506fffde57886b1e3e6b1f0f4/detection
# Reference: https://www.virustotal.com/gui/file/7e20ee4509fdda1fb646b4e05687e77952debbcb47dcaccea185496855e45de6/detection

http://193.124.33.71
193.124.33.71:445

# Reference: https://twitter.com/RussianPanda9xx/status/1789750961122029912
# Reference: https://www.esentire.com/blog/socgholish-sets-sights-on-victim-peers
# Reference: https://github.com/esThreatIntelligence/iocs/blob/main/SocGholish/SocGholish_iocs_4-27-2024.txt

http://170.130.55.72
170.130.55.72:445

# Reference: https://twitter.com/BroadAnalysis/status/1790109770956816514
# Reference: https://www.virustotal.com/gui/file/4e41547b3d61e50c514fcbc614013dd0bce37140453d3384a062a01232af1e84/detection
# Reference: https://www.virustotal.com/gui/file/ad200ec219d604d4d042a8bdd3c1b66f01af76ba178ad39433822de45ba1a4e4/detection

baqebei1.online
cdnforfiles.xyz
rtattack.baqebei1.online

# Reference: https://twitter.com/banthisguy9349/status/1790324149015003632

http://94.156.68.134

# Reference: https://twitter.com/naumovax/status/1790298161178714149
# Reference: https://www.virustotal.com/gui/file/b3c38e68a626f8f1e5893cd157b697a4b871153230f6658f0d34a8eba929cdbf/detection
# Reference: https://www.virustotal.com/gui/file/efb40209e243fc78f072d6328866345c594362713cfcca6cbb7a0935b675d6cf/detection

110.34.30.9:6600

# Reference: https://twitter.com/RacWatchin8872/status/1790408334413058260

61.132.227.203:3389

# Reference: https://twitter.com/jcarndt/status/1790766240924827808
# Reference: https://www.virustotal.com/gui/file/88b0000946443be5eec18d0c508210a06ff6c15216b30191af1531ac52d8465b/detection

http://103.182.18.152

# Reference: https://twitter.com/1ZRR4H/status/1790783159769997451
# Reference: https://www.virustotal.com/gui/file/f21535b4f4fc2d7162199248a839cf2fe68436449df4250fc23beff360cf22d0/detection

maty-homelab.site
casaos.maty-homelab.site
stfu.maty-homelab.site

# Reference: https://twitter.com/karol_paciorek/status/1791056351843500196

185.29.11.28:9999

# Reference: https://twitter.com/malwrhunterteam/status/1791070147391741992

boy-such-icon-positive.trycloudflare.com

# Reference: https://x.com/RacWatchin8872/status/1791118692677238952

45.62.170.4:8080

# Reference: https://x.com/alex_lanstein/status/1791459164205769040
# Reference: https://www.virustotal.com/gui/ip-address/128.199.107.104/relations
# Reference: https://www.virustotal.com/gui/file/5b3b4f424a14b3b9a2325f2728b7f8161097c944991eba778404a4319d1ac649/detection
# Reference: https://www.virustotal.com/gui/file/3620fb27aee5cf0cf83698bf9560ea474531489725df554de00c4843654a3f66/detection
# Reference: https://www.virustotal.com/gui/file/057b1320dac065bd574b0757454c3f54f2caf8c197643583ea397f09b341e7b8/detection

128.199.107.104:1337
128.199.107.104:8080
128.199.107.104:9999
arsenal.30cm.tw
house.30cm.tw
linebot.30cm.tw

# Reference: https://x.com/banthisguy9349/status/1791853395352977877

101.34.243.60:8000

# Reference: https://x.com/banthisguy9349/status/1792871011341254663

http://91.92.253.182
91.92.253.182:443

# Reference: https://x.com/banthisguy9349/status/1793248710786261363

159.203.102.30:8088

# Reference: https://x.com/karol_paciorek/status/1793201203049796069

http://91.92.255.93

# Reference: https://x.com/karol_paciorek/status/1793201205050499327

http://91.92.251.57

# Reference: https://x.com/1ZRR4H/status/1793465492268892316
# Reference: https://www.virustotal.com/gui/file/4f7650a2b698db4c95e4ff0f4b6781c9c8f6d00c810892aebbd5b5c54a34b2da/detection

jlmin.cc

# Reference: https://www.virustotal.com/gui/file/025a5b463a1b258bdc75068063741aa53a947d51c6aa6c63b748d293a9856a96/detection

http://104.168.32.18
lnkz.at
/FVOYj

# Reference: https://x.com/malwrhunterteam/status/1794492875427717611

lolobon123.loophole.site

# Reference: https://www.virustotal.com/gui/file/b491ee8de858d9c79184af505fd966e9cc12dd14773d9edb46a26a8deacb7be1/detection

feedsource.loophole.site

# Reference: https://x.com/malwrhunterteam/status/1794495275110633727
# Reference: https://www.virustotal.com/gui/file/ec9d860c799d61487c2cf9af383144f8afb5db9d96ba30e210ecbd6a38c5fc1e/detection

kstapsara.vn/public/assets/administration/mainstructure/js/wow/wow.min2.js

# Reference: https://x.com/karol_paciorek/status/1795756727285211425

209.126.2.226:8000
alexander-l-jpeg-plate.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/c648f890c494acfcc2765023f059e802006ffb8dc15efe971ed9434f1b133559/detection

http://18.228.48.177
megasena1.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/104.21.64.157/relations
# Reference: https://www.virustotal.com/gui/file/2725d9d222527858dfd082eebe5e373afee0dfa37b0283610d69d1327b90a10b/detection
# Reference: https://www.virustotal.com/gui/file/572e81215e6531c3d9c70f032eb419fc490f970cd9f0a9d3c3ffaf84b5313cf2/detection

stat1c-jquery.com
static-jquery.com
files.stat1c-jquery.com

# Reference: https://x.com/banthisguy9349/status/1795853665967694193

http://51.254.53.24
http://86.68.222.14

# Reference: https://x.com/lontze7/status/1796042071192547484

1.14.247.162:8888

# Reference: https://www.esentire.com/blog/fake-browser-updates-delivering-bitrat-and-lumma-stealer

http://77.221.151.31

# Reference: https://x.com/banthisguy9349/status/1796431005928341572
# Reference: https://urlhaus.abuse.ch/host/185.73.125.6/

http://185.73.125.6

# Reference: https://x.com/lontze7/status/1796823844335890633

http://124.71.81.174

# Reference: https://x.com/malwrhunterteam/status/1797633812945682533

criticalfuckdedicated.s3.ap-southeast-1.amazonaws.com

# Reference: https://x.com/malwrhunterteam/status/1798270656410526004

fuckbracklabxx.z13.web.core

# Reference: https://x.com/lontze7/status/1798586011724968058

http://34.174.239.174

# Reference: https://x.com/karol_paciorek/status/1799020657663246757
# Reference: https://www.virustotal.com/gui/file/c9c2546efc2ee99e47fe5c29594db9f17125d2b9ea4210755ba857c72692210d/detection

139.180.210.100:81

# Reference: https://x.com/banthisguy9349/status/1798783454265385158

http://194.59.30.95
http://194.59.31.133
http://205.234.144.41
http://45.88.91.59

# Reference: https://x.com/banthisguy9349/status/1799436026403795356

92.127.156.174:8880

# Reference: https://x.com/banthisguy9349/status/1799437817967267888

http://93.127.163.240
91.215.85.18:9380

# Reference: https://x.com/banthisguy9349/status/1799440505899778051

103.234.72.8:888

# Reference: https://x.com/banthisguy9349/status/1799443510455566441

120.48.123.240:88

# Reference: https://x.com/banthisguy9349/status/1799478204605805015

http://47.120.46.210

# Reference: https://x.com/banthisguy9349/status/1799488287574233188

http://217.71.224.90
http://35.154.242.244
http://68.183.149.9
http://79.96.65.212
http://92.204.132.114

# Reference: https://x.com/karol_paciorek/status/1800136361904914569
# Reference: https://www.virustotal.com/gui/file/6b3f2e0c7ca1bdc6fb56035ec57ea39ef1f8b626bc5d99866fe00ba119357c8d/detection

http://45.61.132.126
45.61.132.126:8080

# Reference: https://x.com/karol_paciorek/status/1800789107477750225
# Reference: https://x.com/banthisguy9349/status/1802264644632870978

92.118.57.244:8000
92.118.57.244:8080

# Reference: https://x.com/raghav127001/status/1801072160993141240

134.17.14.54:8888

# Reference: https://x.com/karol_paciorek/status/1801506981653434854
# Reference: https://www.virustotal.com/gui/file/08cd1b8c8e2f1949874bc2017a8afe0709738ed145ce5193775cce9cff22af5a/detection

http://192.236.147.174

# Reference: https://x.com/karol_paciorek/status/1802255896355000653

38.153.61.61:9080

# Reference: https://x.com/banthisguy9349/status/1802266105836114149

142.11.195.90:8000

# Reference: https://x.com/BlinkzSec/status/1802410054978875726

45.207.168.170:7755

# Reference: https://x.com/StrikeReadyLabs/status/1802690503667793936

http://103.54.153.116

# Reference: https://x.com/lontze7/status/1803337566361382946

http://114.35.152.240

# Reference: https://x.com/Merlax_/status/1803607368430743655

http://109.74.197.9
http://135.125.88.172
http://139.177.207.121
http://139.59.45.181
http://139.59.45.47
http://139.59.45.53
http://139.99.216.140
http://139.99.216.203
http://139.99.216.53
http://139.99.217.211
http://139.99.217.247
http://139.99.217.51
http://139.99.218.125
http://139.99.218.147
http://139.99.218.247
http://139.99.219.122
http://139.99.219.138
http://139.99.219.234
http://139.99.220.3
http://139.99.220.30
http://139.99.222.159
http://139.99.222.211
http://139.99.222.231
http://139.99.222.51
http://139.99.222.7
http://141.95.74.126
http://141.95.74.132
http://141.95.74.216
http://141.95.74.48
http://141.95.74.79
http://141.95.75.101
http://141.95.75.137
http://141.95.75.154
http://152.42.156.82
http://170.187.252.123
http://170.187.252.152
http://172.105.97.100
http://174.138.123.31
http://198.74.58.78
http://213.219.39.76
http://45.33.41.86
http://5.181.27.205
http://66.175.210.242
http://66.175.210.252
http://68.183.246.230
http://92.38.149.131

# Reference: https://x.com/9823f_/status/1803788916082037041

http://103.101.202.11
http://103.101.202.44
http://103.90.160.141
http://103.90.161.81
http://104.131.2.24
http://104.236.197.133
http://104.248.13.133
http://104.248.13.137
http://104.248.13.160
http://104.248.254.207
http://104.248.38.53
http://104.248.79.32
http://104.248.90.221
http://128.199.103.56
http://128.199.112.134
http://128.199.112.147
http://128.199.112.148
http://128.199.127.209
http://128.199.150.193
http://128.199.215.177
http://128.199.232.69
http://128.199.86.217
http://128.199.88.222
http://128.199.88.82
http://134.209.101.96
http://134.209.121.43
http://134.209.146.146
http://134.209.177.121
http://134.209.185.206
http://134.209.20.57
http://134.209.254.77
http://135.125.200.171
http://135.125.245.25
http://135.125.246.51
http://135.125.66.221
http://135.125.89.130
http://135.125.89.54
http://135.125.91.207
http://137.184.146.62
http://137.184.161.233
http://137.184.161.236
http://137.184.161.240
http://137.184.179.27
http://137.184.231.169
http://137.184.30.147
http://137.184.70.54
http://137.184.87.212
http://138.197.106.119
http://138.197.120.70
http://138.197.127.176
http://138.197.127.98
http://138.197.132.136
http://138.197.146.101
http://138.197.164.215
http://138.197.167.61
http://138.197.167.68
http://138.68.141.239
http://138.68.98.115
http://139.28.220.89
http://139.28.4.162
http://139.28.4.164
http://139.28.4.165
http://139.28.4.166
http://139.28.4.175
http://139.28.4.176
http://139.28.4.177
http://139.28.4.178
http://139.28.4.179
http://139.28.4.29
http://139.28.4.64
http://139.59.105.12
http://139.59.114.116
http://139.59.118.185
http://139.59.118.189
http://139.59.118.191
http://139.59.121.102
http://139.59.227.185
http://139.59.75.218
http://139.59.77.209
http://139.99.216.120
http://139.99.216.141
http://139.99.216.15
http://139.99.216.168
http://139.99.216.182
http://139.99.216.187
http://139.99.216.220
http://139.99.217.141
http://139.99.217.144
http://139.99.217.166
http://139.99.217.184
http://139.99.217.221
http://139.99.217.234
http://139.99.217.89
http://139.99.218.113
http://139.99.218.160
http://139.99.218.243
http://139.99.219.156
http://139.99.219.241
http://139.99.219.249
http://139.99.219.49
http://139.99.219.92
http://139.99.220.12
http://139.99.220.135
http://139.99.220.167
http://139.99.220.174
http://139.99.220.20
http://139.99.220.209
http://139.99.220.28
http://139.99.220.65
http://139.99.221.127
http://139.99.221.15
http://139.99.221.56
http://139.99.222.17
http://139.99.222.175
http://139.99.222.185
http://139.99.222.187
http://139.99.222.207
http://139.99.222.209
http://139.99.222.253
http://139.99.222.29
http://139.99.222.55
http://139.99.223.101
http://139.99.223.173
http://139.99.223.176
http://139.99.223.205
http://139.99.223.224
http://139.99.223.241
http://139.99.223.93
http://139.99.237.128
http://139.99.238.101
http://139.99.239.9
http://141.94.104.71
http://141.94.173.198
http://141.94.173.253
http://141.94.2.122
http://141.94.2.65
http://141.94.64.204
http://141.94.65.136
http://141.95.74.121
http://141.95.74.40
http://141.95.75.109
http://141.95.75.149
http://141.95.75.158
http://141.95.75.191
http://141.95.75.96
http://142.93.122.204
http://142.93.126.148
http://142.93.126.170
http://142.93.154.241
http://142.93.219.163
http://142.93.97.2
http://143.110.233.174
http://143.110.233.64
http://143.110.235.72
http://143.110.239.80
http://143.110.242.103
http://143.198.145.2
http://143.198.157.92
http://143.198.163.1
http://143.198.173.232
http://143.198.173.233
http://143.198.215.161
http://143.198.221.39
http://143.198.224.6
http://143.198.226.138
http://143.198.33.84
http://143.198.5.191
http://143.198.53.112
http://143.198.59.216
http://143.198.88.143
http://143.198.90.71
http://143.198.99.72
http://144.126.215.46
http://144.126.225.17
http://144.126.226.159
http://144.126.230.141
http://144.126.234.21
http://145.239.135.165
http://145.239.135.186
http://145.239.135.195
http://145.239.135.44
http://145.239.135.48
http://145.239.135.59
http://145.239.28.159
http://145.239.28.221
http://145.239.28.229
http://145.239.29.129
http://145.239.29.27
http://145.239.29.53
http://145.239.30.111
http://145.239.30.147
http://145.239.30.237
http://145.239.31.143
http://145.239.31.15
http://145.239.31.58
http://145.239.31.74
http://146.190.103.133
http://146.190.105.102
http://146.190.106.237
http://146.190.170.182
http://146.190.175.132
http://146.190.250.196
http://146.190.40.173
http://146.190.52.210
http://146.190.82.146
http://146.190.90.86
http://146.190.96.82
http://146.59.116.238
http://146.59.117.138
http://146.59.117.139
http://146.59.117.170
http://146.59.200.132
http://146.59.201.161
http://146.59.201.84
http://146.59.203.164
http://146.59.204.85
http://146.59.205.138
http://146.59.242.39
http://146.59.243.240
http://147.182.154.33
http://147.182.230.81
http://148.113.136.236
http://148.113.137.194
http://148.113.137.225
http://148.113.137.226
http://148.113.137.78
http://148.113.138.118
http://148.113.139.145
http://148.113.139.173
http://148.113.139.189
http://148.113.139.27
http://148.113.139.7
http://148.113.140.187
http://148.113.141.125
http://148.113.142.54
http://148.113.142.7
http://148.113.143.165
http://148.113.143.243
http://148.113.143.29
http://148.113.143.68
http://149.202.53.222
http://15.235.143.236
http://15.235.186.146
http://15.235.203.109
http://15.235.203.51
http://15.235.40.187
http://15.235.40.87
http://15.235.41.170
http://15.235.48.170
http://15.235.48.234
http://15.235.48.73
http://15.235.48.92
http://15.235.49.134
http://15.235.49.170
http://15.235.49.179
http://15.235.49.186
http://15.235.49.229
http://152.228.134.133
http://152.228.134.8
http://152.228.135.129
http://152.228.213.15
http://152.228.228.163
http://152.228.228.221
http://152.228.242.186
http://152.228.242.196
http://152.228.242.20
http://152.228.242.32
http://152.228.242.33
http://152.228.242.68
http://152.228.242.69
http://152.228.243.146
http://152.228.243.47
http://152.228.243.49
http://152.228.243.97
http://152.42.166.111
http://152.42.174.75
http://157.230.12.104
http://157.230.254.240
http://157.245.110.12
http://157.245.145.89
http://157.245.253.108
http://157.245.253.142
http://157.245.253.148
http://157.245.253.149
http://157.245.71.161
http://157.245.71.203
http://157.245.71.64
http://157.245.79.8
http://159.203.1.1
http://159.203.11.74
http://159.203.17.131
http://159.203.47.139
http://159.203.86.207
http://159.223.137.95
http://159.223.160.223
http://159.223.195.114
http://159.223.2.185
http://159.223.214.103
http://159.223.3.71
http://159.223.37.141
http://159.223.51.228
http://159.223.68.56
http://159.223.78.206
http://159.223.87.93
http://159.253.120.94
http://159.65.125.221
http://159.65.139.100
http://159.65.218.254
http://159.65.83.201
http://159.65.83.222
http://159.65.89.237
http://159.89.126.5
http://159.89.152.52
http://159.89.193.96
http://159.89.39.52
http://159.89.43.182
http://159.89.45.107
http://159.89.45.30
http://159.89.99.157
http://161.35.34.136
http://161.35.85.77
http://162.19.117.110
http://162.19.118.103
http://162.19.118.55
http://162.19.119.69
http://162.19.223.110
http://162.19.223.202
http://163.5.143.63
http://164.90.142.254
http://164.90.166.61
http://164.90.180.220
http://164.90.192.162
http://164.90.192.21
http://164.90.192.6
http://164.90.204.182
http://164.90.238.235
http://164.92.132.45
http://164.92.144.27
http://164.92.154.241
http://164.92.177.54
http://164.92.186.242
http://164.92.223.17
http://164.92.253.61
http://164.92.66.98
http://164.92.72.169
http://164.92.95.208
http://165.22.106.208
http://165.22.109.233
http://165.22.109.90
http://165.22.54.84
http://165.22.57.161
http://165.227.124.77
http://165.227.34.103
http://165.227.97.9
http://165.232.135.111
http://165.232.159.27
http://165.232.163.19
http://165.232.169.237
http://165.232.171.201
http://165.232.181.166
http://165.232.188.30
http://165.232.85.212
http://167.172.106.38
http://167.172.41.157
http://167.172.76.102
http://167.71.20.26
http://167.71.30.35
http://167.99.177.151
http://167.99.43.187
http://167.99.66.53
http://170.64.135.107
http://170.64.147.125
http://170.64.149.72
http://170.64.153.118
http://170.64.153.153
http://170.64.153.80
http://170.64.154.142
http://170.64.154.168
http://170.64.158.133
http://170.64.163.243
http://170.64.193.108
http://170.64.210.231
http://170.64.232.99
http://172.104.25.82
http://172.233.1.237
http://172.233.17.149
http://172.233.17.197
http://172.233.17.9
http://172.233.253.191
http://172.233.26.254
http://173.212.202.78
http://174.138.1.239
http://174.138.13.76
http://174.138.14.247
http://174.138.21.114
http://174.138.3.222
http://174.138.35.111
http://174.138.35.120
http://174.138.41.157
http://174.138.46.177
http://178.128.123.104
http://178.128.202.245
http://178.128.229.8
http://178.128.230.236
http://178.128.235.252
http://178.128.239.25
http://180.149.47.74
http://185.154.12.216
http://185.154.12.52
http://185.154.14.133
http://185.154.14.150
http://185.154.14.177
http://185.154.14.184
http://185.154.14.185
http://185.154.14.216
http://185.154.14.60
http://185.154.14.64
http://185.158.248.90
http://185.167.97.82
http://185.200.191.147
http://185.202.223.115
http://185.220.204.192
http://185.233.202.198
http://185.51.246.100
http://185.51.246.140
http://185.51.246.146
http://185.51.246.160
http://185.51.246.221
http://185.51.246.232
http://185.51.246.25
http://185.51.246.38
http://185.51.246.74
http://185.51.246.77
http://188.165.70.225
http://188.166.179.44
http://188.166.190.210
http://188.166.241.12
http://188.166.249.175
http://188.166.27.236
http://193.233.202.51
http://194.195.215.202
http://194.62.96.244
http://195.234.82.166
http://195.234.82.168
http://195.234.82.171
http://195.234.82.208
http://195.234.82.209
http://195.234.82.210
http://195.234.82.211
http://195.234.82.220
http://195.234.82.222
http://198.199.76.233
http://198.244.140.11
http://198.244.140.151
http://198.244.140.192
http://198.244.140.203
http://198.244.142.115
http://198.244.142.145
http://198.244.142.66
http://198.244.142.89
http://198.244.142.96
http://198.244.143.137
http://198.244.143.138
http://198.244.143.50
http://198.244.143.92
http://198.244.148.215
http://202.78.170.63
http://206.189.204.82
http://206.189.30.3
http://206.189.89.156
http://208.113.129.169
http://208.115.225.109
http://209.38.134.224
http://209.38.138.101
http://212.8.244.170
http://212.8.244.175
http://212.8.244.177
http://212.8.244.179
http://212.8.244.180
http://212.8.244.185
http://212.8.244.190
http://212.8.244.191
http://212.8.244.195
http://212.8.244.203
http://212.8.244.216
http://213.156.142.32
http://213.156.142.36
http://213.156.142.47
http://213.255.209.248
http://217.182.210.174
http://217.195.205.101
http://217.195.205.103
http://217.195.205.104
http://217.195.205.108
http://217.195.205.109
http://217.195.205.136
http://217.195.205.137
http://217.195.205.139
http://217.195.205.142
http://223.165.6.161
http://24.144.81.251
http://24.144.82.161
http://24.144.93.222
http://24.199.107.94
http://24.199.113.16
http://24.199.94.114
http://31.184.206.175
http://37.61.229.102
http://37.61.229.142
http://37.61.229.246
http://45.10.58.64
http://45.132.106.23
http://45.141.85.188
http://45.141.85.203
http://45.141.85.215
http://45.141.85.223
http://45.141.85.234
http://45.141.85.247
http://45.141.85.248
http://45.55.198.76
http://45.55.200.174
http://45.65.9.6
http://45.80.208.114
http://45.80.208.177
http://45.80.208.49
http://45.80.208.78
http://45.80.209.125
http://45.80.209.143
http://45.80.209.150
http://45.80.209.158
http://45.80.209.167
http://45.80.209.173
http://45.80.209.175
http://45.80.209.176
http://45.86.86.207
http://45.91.203.127
http://45.91.203.135
http://45.91.203.163
http://45.91.203.168
http://45.91.203.35
http://45.91.203.67
http://45.91.203.94
http://45.91.203.97
http://46.101.126.164
http://46.101.146.83
http://46.101.86.144
http://5.181.27.115
http://5.181.27.118
http://5.181.27.122
http://5.181.27.125
http://5.181.27.129
http://5.181.27.4
http://5.181.27.43
http://5.181.27.46
http://5.181.27.48
http://5.181.27.52
http://5.181.27.54
http://5.181.27.56
http://5.181.27.60
http://5.181.27.63
http://5.181.27.71
http://5.181.27.97
http://5.181.27.98
http://5.181.77.103
http://5.181.77.210
http://5.188.0.146
http://5.8.33.113
http://5.8.33.163
http://51.15.137.74
http://51.15.228.79
http://51.158.75.110
http://51.178.56.163
http://51.178.56.38
http://51.178.56.93
http://51.178.58.111
http://51.178.59.169
http://51.178.59.232
http://51.178.59.52
http://51.178.60.141
http://51.178.60.171
http://51.178.60.230
http://51.178.60.232
http://51.178.60.74
http://51.178.61.197
http://51.178.61.9
http://51.178.62.141
http://51.178.62.86
http://51.178.63.124
http://51.178.63.150
http://51.178.63.191
http://51.178.63.206
http://51.178.63.240
http://51.195.232.120
http://51.195.232.87
http://51.195.233.129
http://51.195.233.17
http://51.210.120.119
http://51.210.120.190
http://51.210.120.206
http://51.210.120.216
http://51.210.121.124
http://51.210.121.220
http://51.210.125.245
http://51.210.145.243
http://51.210.159.141
http://51.210.249.108
http://51.222.141.172
http://51.222.143.176
http://51.68.164.135
http://51.68.164.241
http://51.68.164.86
http://51.68.164.87
http://51.68.164.89
http://51.68.165.175
http://51.68.165.44
http://51.68.166.45
http://51.68.166.49
http://51.68.167.139
http://51.68.48.157
http://51.68.48.200
http://51.68.48.223
http://51.68.48.249
http://51.68.48.69
http://51.68.49.143
http://51.68.49.15
http://51.68.49.193
http://51.68.49.235
http://51.68.49.248
http://51.68.49.4
http://51.68.80.205
http://51.68.81.150
http://51.68.81.88
http://51.68.86.133
http://51.68.86.170
http://51.68.87.126
http://51.68.88.204
http://51.68.88.76
http://51.68.91.60
http://51.68.92.2
http://51.68.92.201
http://51.68.93.181
http://51.68.93.199
http://51.68.94.203
http://51.75.168.104
http://51.75.168.15
http://51.75.168.226
http://51.75.168.23
http://51.75.168.88
http://51.75.168.98
http://51.75.169.137
http://51.75.169.161
http://51.75.169.8
http://51.75.90.39
http://51.75.95.40
http://51.75.95.80
http://51.79.140.104
http://51.79.140.105
http://51.79.140.112
http://51.79.140.113
http://51.79.140.149
http://51.79.140.160
http://51.79.140.198
http://51.79.140.213
http://51.79.140.27
http://51.79.140.57
http://51.79.140.93
http://51.79.141.1
http://51.79.141.100
http://51.79.141.170
http://51.79.141.196
http://51.79.141.215
http://51.79.141.246
http://51.79.141.32
http://51.79.141.47
http://51.79.141.79
http://51.79.141.96
http://51.79.141.97
http://51.79.142.144
http://51.79.142.145
http://51.79.142.146
http://51.79.142.160
http://51.79.142.174
http://51.79.142.36
http://51.79.143.14
http://51.79.143.154
http://51.79.143.155
http://51.79.143.156
http://51.79.143.168
http://51.79.143.236
http://51.79.143.43
http://51.79.143.78
http://51.83.224.96
http://51.83.226.36
http://51.83.227.130
http://51.83.227.144
http://51.83.251.92
http://51.83.252.33
http://51.83.253.129
http://51.83.253.156
http://51.83.254.28
http://51.83.255.214
http://51.83.35.53
http://51.89.225.83
http://51.89.227.223
http://51.89.227.37
http://51.89.227.56
http://51.89.228.53
http://51.89.229.241
http://51.89.4.51
http://51.91.139.158
http://51.91.139.169
http://51.91.140.67
http://51.91.145.159
http://51.91.147.11
http://51.91.150.38
http://54.36.113.2
http://54.36.116.28
http://54.36.118.32
http://54.36.119.50
http://54.38.137.212
http://57.128.105.218
http://57.128.107.232
http://57.128.109.13
http://57.128.112.49
http://57.128.113.85
http://57.128.114.98
http://57.128.160.166
http://57.128.162.217
http://57.128.164.249
http://57.128.166.179
http://57.128.167.15
http://57.128.167.98
http://57.128.19.137
http://57.128.19.25
http://57.128.24.107
http://57.128.24.125
http://57.128.24.148
http://57.128.24.207
http://57.128.25.185
http://57.128.25.251
http://57.128.26.218
http://57.128.27.239
http://57.128.27.40
http://57.128.28.107
http://57.128.28.141
http://57.128.28.182
http://57.128.28.223
http://57.128.29.178
http://57.128.29.233
http://57.128.29.234
http://57.128.29.6
http://57.128.30.110
http://57.128.30.179
http://57.128.30.187
http://57.128.30.19
http://57.128.30.200
http://57.128.37.112
http://57.128.37.91
http://57.128.56.13
http://57.128.56.143
http://57.128.56.181
http://57.128.56.208
http://57.128.56.221
http://57.128.56.60
http://57.128.56.78
http://57.128.57.176
http://57.128.57.18
http://57.128.57.195
http://57.128.57.221
http://57.128.57.23
http://57.128.57.254
http://57.128.57.50
http://57.128.58.109
http://57.128.58.130
http://57.128.58.185
http://57.128.58.245
http://57.128.59.1
http://57.128.59.107
http://57.128.59.135
http://57.128.59.142
http://57.128.59.176
http://57.128.59.184
http://57.128.59.32
http://57.128.61.163
http://57.128.62.137
http://57.128.63.105
http://57.128.68.126
http://57.128.68.145
http://57.128.68.211
http://57.128.68.250
http://57.128.69.13
http://57.128.69.168
http://57.128.69.48
http://57.128.69.52
http://57.128.70.1
http://57.128.70.11
http://57.128.70.121
http://57.128.70.173
http://57.128.70.8
http://57.128.71.111
http://57.128.71.142
http://57.128.80.146
http://57.128.80.32
http://57.128.80.43
http://57.128.84.147
http://57.128.86.140
http://57.128.86.50
http://57.128.86.60
http://57.128.87.169
http://57.129.22.182
http://57.129.30.14
http://57.129.31.49
http://57.129.32.102
http://57.129.35.126
http://64.226.126.245
http://64.227.156.218
http://64.227.169.54
http://64.227.185.247
http://64.23.153.11
http://64.23.155.186
http://64.23.162.132
http://64.23.162.133
http://64.23.162.187
http://64.23.162.45
http://64.23.176.251
http://64.23.184.90
http://64.23.184.91
http://64.23.186.139
http://66.55.64.21
http://67.205.168.230
http://67.205.169.20
http://67.207.81.63
http://67.207.90.38
http://67.207.93.205
http://68.183.114.150
http://68.183.179.236
http://68.183.197.47
http://68.183.20.135
http://68.183.201.94
http://68.183.205.135
http://68.183.225.241
http://68.183.48.106
http://69.10.46.42
http://69.10.48.85
http://69.162.81.70
http://74.63.223.139
http://74.63.223.153
http://74.63.223.220
http://77.220.215.151
http://79.133.110.223
http://80.89.228.243
http://80.89.228.27
http://80.89.229.139
http://80.89.229.42
http://83.229.69.151
http://84.46.236.42
http://89.116.233.214
http://89.117.0.119
http://89.38.145.185
http://89.44.193.167
http://89.44.193.176
http://89.44.193.75
http://91.134.100.50
http://91.134.101.11
http://91.134.101.112
http://91.134.101.124
http://91.134.101.185
http://91.134.101.20
http://91.134.101.210
http://91.134.101.219
http://91.134.101.28
http://91.134.101.8
http://91.134.102.21
http://91.134.102.25
http://91.134.102.34
http://91.134.102.97
http://91.134.19.252
http://91.134.30.97
http://91.134.86.143
http://91.134.86.161
http://91.134.86.36
http://91.134.86.90
http://91.134.87.10
http://91.134.87.158
http://91.134.87.163
http://91.134.87.22
http://91.134.87.7
http://91.134.96.103
http://91.134.96.116
http://91.134.96.168
http://91.134.96.31
http://91.134.96.34
http://91.134.96.53
http://91.134.96.57
http://91.134.96.96
http://91.134.97.199
http://91.134.97.224
http://91.134.97.241
http://91.134.97.39
http://91.134.97.68
http://91.134.98.128
http://91.134.98.14
http://91.134.98.150
http://91.134.98.203
http://91.134.98.216
http://91.134.98.24
http://91.134.98.250
http://91.134.98.8
http://91.134.99.100
http://91.134.99.18
http://91.134.99.63
http://91.134.99.72
http://91.134.99.8
http://91.134.99.93
http://92.38.169.222
http://92.38.169.229
http://93.185.167.163
http://95.85.77.15
23.super-ypshop.shop
6iptv.shop
a.bb.ccc.dddd.super-easysshop.shop
a17.manageremisioncfdi23.online
a8.shellsolucoes.com.br
bb.ccc.dddd.super-easysshop.shop
buy.6iptv.shop
ccc.dddd.super-easysshop.shop
classestrainredrtl.co.uk
dddd.super-easysshop.shop
donnapdoty.icu
entrada9.aberturasvip.com
facturacion6.familiabrasil.online
familiabrasil.online
finame.dynuddns.com
frent6.farpajeans.com.br
friendskazino.site
junta7.desejolanjerie.com.br
lawrencersaldana.xyz
lojas7.fraternocomidas.com
madmail20.diadiadasentregas.com
madmail3.asvesmil.com.br
madmail3.diadiadasentregas.com
madmail5.diadiadasentregas.org
madmail7.diadiadasentregas.net
main1.affliate.net
main2.affliate.net
manageremisioncfdi23.online
markcnelson.icu
mildredjhobbs.icu
mmail9.florearcursos.com.br
monggeum.com
mosr5.desejolanjerie.com.br
nicolasbbrantley.icu
open19.impestinent.com.br
painel4.finame.dynuddns.com
painel5.finame.dynuddns.com
patriciacmosqueda.xyz
patriciaswoods.xyz
rithmony.online
riversedge.gorges.dev
safraatm.cfd
safrainvest.cfd
sandrapmorton.pro
santa4.financiastecnics.com
sd-119515.dedibox.fr
seansscott.icu
seg14.safraatm.cfd
super-easysshop.shop
super-ypshop.shop
testingdemo1.affliate.net
testingdemo2.affliate.net
wbsubdomain.a.bb.ccc.dddd.super-easysshop.shop
web25.vinhedomist.com
website.super-easysshop.shop
what.website.super-easysshop.shop

# Reference: https://app.validin.com/detail?type=dom&find=caminho-ranger-32.php#tab=reputation

http://103.89.12.154
http://103.90.160.217
http://103.90.160.34
http://103.90.161.133
http://103.90.161.232
http://104.131.4.245
http://104.131.9.199
http://104.236.11.22
http://104.236.74.87
http://104.236.74.98
http://104.248.112.130
http://104.248.124.172
http://104.248.13.64
http://104.248.13.65
http://104.248.43.167
http://104.248.79.68
http://104.26.4.95
http://128.199.128.115
http://128.199.13.249
http://128.199.140.210
http://128.199.140.53
http://128.199.141.49
http://128.199.148.109
http://128.199.153.195
http://128.199.168.69
http://128.199.197.199
http://128.199.209.102
http://128.199.77.196
http://128.199.86.36
http://128.199.88.87
http://134.122.118.172
http://134.122.33.99
http://134.122.36.165
http://134.122.41.193
http://134.122.45.59
http://134.122.46.103
http://134.209.102.251
http://134.209.103.163
http://134.209.106.79
http://134.209.109.225
http://134.209.146.194
http://134.209.229.198
http://134.209.241.156
http://134.209.249.241
http://135.125.206.217
http://135.125.244.170
http://135.125.246.157
http://135.125.90.155
http://135.125.90.89
http://137.184.114.162
http://137.184.119.193
http://137.184.12.95
http://137.184.15.249
http://137.184.162.14
http://137.184.162.167
http://137.184.198.216
http://137.184.225.160
http://137.184.225.171
http://137.184.235.187
http://137.184.39.143
http://137.184.4.199
http://137.184.85.71
http://137.184.92.170
http://138.197.120.209
http://138.197.134.124
http://138.197.149.33
http://138.197.66.181
http://138.68.140.92
http://138.68.141.129
http://138.68.154.215
http://138.68.182.134
http://138.68.224.112
http://139.162.156.134
http://139.28.4.94
http://139.59.105.71
http://139.59.180.239
http://139.59.22.225
http://139.99.155.201
http://139.99.216.189
http://139.99.216.196
http://139.99.217.159
http://139.99.217.208
http://139.99.218.13
http://139.99.220.151
http://139.99.220.225
http://139.99.220.231
http://139.99.221.102
http://139.99.221.132
http://139.99.221.143
http://139.99.221.245
http://139.99.221.71
http://139.99.222.107
http://139.99.222.70
http://139.99.223.36
http://141.94.104.214
http://141.94.169.130
http://141.94.175.140
http://141.94.210.5
http://141.95.74.5
http://141.95.75.178
http://141.95.75.49
http://141.95.75.88
http://141.95.86.208
http://142.93.100.50
http://142.93.109.242
http://142.93.154.209
http://142.93.169.133
http://142.93.218.65
http://142.93.31.12
http://142.93.31.6
http://143.110.146.108
http://143.110.149.162
http://143.110.153.240
http://143.110.157.61
http://143.110.158.55
http://143.110.188.157
http://143.110.192.77
http://143.110.209.52
http://143.110.248.252
http://143.198.102.112
http://143.198.103.251
http://143.198.109.85
http://143.198.152.71
http://143.198.153.8
http://143.198.158.123
http://143.198.197.25
http://143.198.209.95
http://143.198.210.137
http://143.198.215.10
http://143.198.217.54
http://143.198.226.187
http://143.198.237.195
http://143.198.33.245
http://143.198.34.250
http://143.198.36.223
http://143.198.41.140
http://143.198.42.47
http://143.198.44.123
http://143.198.51.61
http://143.198.79.245
http://143.198.83.89
http://143.244.177.100
http://145.239.135.187
http://145.239.135.199
http://145.239.135.226
http://145.239.135.232
http://145.239.135.35
http://145.239.28.109
http://145.239.28.180
http://145.239.28.224
http://145.239.29.102
http://145.239.29.105
http://145.239.29.111
http://145.239.29.165
http://145.239.29.48
http://145.239.29.56
http://145.239.31.54
http://145.239.31.57
http://146.185.219.191
http://146.185.219.247
http://146.185.219.61
http://146.190.105.4
http://146.190.115.58
http://146.190.137.14
http://146.190.137.77
http://146.190.147.209
http://146.190.151.140
http://146.190.151.223
http://146.190.153.111
http://146.190.153.157
http://146.190.154.141
http://146.190.159.156
http://146.190.168.156
http://146.190.172.156
http://146.190.175.143
http://146.190.175.173
http://146.190.33.124
http://146.190.44.150
http://146.190.46.70
http://146.190.58.164
http://146.190.60.26
http://146.190.61.58
http://146.59.117.242
http://146.59.240.144
http://147.182.154.60
http://147.182.244.86
http://148.113.136.206
http://148.113.136.3
http://148.113.136.66
http://148.113.136.86
http://148.113.138.150
http://148.113.139.216
http://148.113.139.46
http://148.113.140.103
http://148.113.140.125
http://148.113.140.130
http://148.113.140.36
http://148.113.140.59
http://148.113.140.94
http://148.113.141.246
http://148.113.142.84
http://148.113.143.150
http://15.235.186.190
http://15.235.186.240
http://15.235.202.221
http://15.235.202.42
http://15.235.202.55
http://15.235.202.59
http://15.235.203.111
http://15.235.203.39
http://15.235.203.87
http://15.235.47.210
http://15.235.48.245
http://15.235.48.47
http://15.235.49.100
http://15.235.49.241
http://15.235.49.81
http://150.95.30.48
http://150.95.31.65
http://150.95.82.94
http://151.115.52.107
http://151.115.72.90
http://152.228.134.5
http://152.228.160.76
http://152.228.228.150
http://152.228.228.64
http://152.228.231.37
http://152.228.242.169
http://152.228.242.204
http://152.228.242.46
http://152.228.242.59
http://152.42.170.15
http://154.16.126.17
http://157.230.110.114
http://157.230.18.97
http://157.230.42.201
http://157.230.46.67
http://157.230.49.133
http://157.230.57.37
http://157.230.58.167
http://157.245.149.196
http://157.245.193.30
http://157.245.197.135
http://157.245.201.159
http://157.245.49.58
http://157.245.58.239
http://157.245.62.197
http://159.203.10.110
http://159.203.11.217
http://159.203.11.235
http://159.203.15.10
http://159.203.17.11
http://159.203.24.50
http://159.203.38.86
http://159.203.44.158
http://159.203.81.101
http://159.203.98.21
http://159.223.1.48
http://159.223.1.89
http://159.223.140.248
http://159.223.194.28
http://159.223.197.64
http://159.223.202.115
http://159.223.204.76
http://159.223.220.121
http://159.223.230.241
http://159.223.238.121
http://159.223.57.27
http://159.223.65.9
http://159.223.92.171
http://159.253.120.232
http://159.65.134.201
http://159.65.143.217
http://159.65.240.151
http://159.89.126.151
http://159.89.198.106
http://159.89.202.27
http://159.89.43.204
http://159.89.45.117
http://159.89.99.209
http://161.35.172.37
http://161.35.195.60
http://161.35.214.199
http://161.35.26.89
http://161.35.37.32
http://161.35.68.212
http://162.19.118.186
http://162.19.123.189
http://162.19.223.128
http://162.19.223.18
http://162.19.223.65
http://162.19.246.155
http://162.19.246.225
http://162.19.246.230
http://162.243.187.113
http://163.172.145.172
http://163.172.36.44
http://163.172.45.130
http://164.90.139.207
http://164.90.142.249
http://164.90.155.136
http://164.90.172.30
http://164.90.186.220
http://164.90.197.32
http://164.90.221.15
http://164.90.233.204
http://164.92.128.58
http://164.92.132.57
http://164.92.197.72
http://164.92.74.254
http://164.92.79.56
http://164.92.91.118
http://164.92.99.92
http://165.22.109.10
http://165.22.109.158
http://165.22.175.118
http://165.22.220.60
http://165.22.228.102
http://165.22.235.21
http://165.22.237.186
http://165.22.73.38
http://165.22.74.146
http://165.22.94.242
http://165.227.102.92
http://165.227.110.40
http://165.227.33.181
http://165.227.34.18
http://165.227.38.98
http://165.227.42.227
http://165.232.106.98
http://165.232.137.134
http://165.232.139.108
http://165.232.166.238
http://165.232.169.185
http://165.232.169.248
http://165.232.171.167
http://165.232.175.126
http://165.232.175.58
http://165.232.185.43
http://165.232.186.139
http://167.172.60.175
http://167.172.70.16
http://167.71.130.90
http://167.71.169.145
http://167.71.213.93
http://167.71.88.117
http://167.71.96.202
http://167.99.141.218
http://167.99.150.129
http://170.64.137.88
http://170.64.142.251
http://170.64.146.134
http://170.64.149.84
http://170.64.152.3
http://170.64.154.217
http://170.64.158.100
http://170.64.163.4
http://170.64.164.90
http://170.64.166.114
http://170.64.173.190
http://170.64.181.149
http://170.64.181.79
http://170.64.187.241
http://170.64.202.253
http://170.64.204.224
http://170.64.210.29
http://170.64.210.46
http://170.64.210.73
http://170.64.216.98
http://170.64.226.101
http://170.64.232.44
http://172.105.148.191
http://173.198.236.84
http://174.138.33.113
http://176.123.1.104
http://176.123.1.111
http://176.123.2.134
http://178.128.103.108
http://178.128.109.124
http://178.128.120.18
http://178.128.225.19
http://178.128.233.185
http://178.128.235.247
http://178.128.87.112
http://178.62.211.33
http://185.105.0.85
http://185.154.12.229
http://185.154.13.231
http://185.154.14.101
http://185.154.14.114
http://185.154.14.118
http://185.154.14.141
http://185.154.14.23
http://185.154.14.42
http://185.158.248.237
http://185.167.97.225
http://185.189.13.91
http://185.204.109.106
http://185.220.204.53
http://185.24.233.23
http://185.51.246.196
http://185.51.246.58
http://188.121.109.197
http://188.166.145.97
http://188.166.148.153
http://188.166.169.50
http://188.166.189.71
http://188.166.210.158
http://188.166.218.206
http://188.166.218.43
http://188.166.224.12
http://188.166.229.57
http://188.166.233.192
http://188.166.250.203
http://195.154.113.14
http://195.154.119.172
http://195.211.45.212
http://195.234.82.115
http://195.234.82.116
http://195.234.82.117
http://195.234.82.143
http://195.234.82.161
http://195.234.82.206
http://195.234.82.214
http://195.234.82.219
http://195.234.82.224
http://195.234.82.229
http://195.234.82.233
http://195.234.82.234
http://195.234.82.24
http://195.88.57.204
http://198.244.142.194
http://198.244.142.32
http://198.244.143.118
http://198.244.143.235
http://202.78.170.26
http://206.189.10.114
http://206.189.141.84
http://206.189.236.99
http://206.189.29.147
http://208.115.225.39
http://209.97.162.188
http://209.97.165.127
http://209.97.174.232
http://212.8.244.40
http://213.156.142.31
http://217.182.211.139
http://217.195.205.102
http://217.195.205.134
http://217.195.205.135
http://217.195.205.138
http://217.195.205.140
http://217.195.205.141
http://217.195.205.213
http://217.195.205.98
http://24.144.82.193
http://24.144.90.7
http://24.144.94.104
http://24.144.94.99
http://24.199.100.29
http://24.199.109.200
http://24.199.109.207
http://24.199.113.184
http://24.199.125.215
http://37.59.25.116
http://37.61.229.224
http://37.61.229.226
http://37.61.229.241
http://45.141.85.222
http://45.80.208.168
http://45.80.209.127
http://45.80.209.142
http://45.80.209.145
http://45.80.209.148
http://45.80.209.149
http://45.91.203.211
http://46.101.116.214
http://46.101.200.143
http://5.181.27.113
http://5.181.77.101
http://5.181.77.122
http://5.181.77.34
http://5.181.77.36
http://5.181.77.62
http://5.188.108.148
http://5.188.108.201
http://5.188.133.173
http://5.188.133.196
http://5.188.6.221
http://5.189.221.226
http://5.189.221.232
http://5.8.33.132
http://5.8.33.136
http://5.8.33.199
http://5.8.33.211
http://5.8.33.223
http://5.8.33.59
http://5.8.33.74
http://5.8.33.80
http://5.8.33.82
http://5.8.33.84
http://5.8.41.160
http://5.8.41.208
http://51.15.125.53
http://51.15.177.185
http://51.15.177.194
http://51.15.192.71
http://51.15.252.153
http://51.15.253.32
http://51.15.7.120
http://51.15.8.126
http://51.15.8.174
http://51.15.9.26
http://51.158.112.231
http://51.159.152.79
http://51.159.34.137
http://51.159.35.124
http://51.159.35.34
http://51.161.109.46
http://51.178.57.225
http://51.178.59.102
http://51.178.60.107
http://51.178.60.173
http://51.178.61.37
http://51.178.63.229
http://51.195.233.177
http://51.195.43.24
http://51.210.124.4
http://51.210.126.45
http://51.210.144.158
http://51.210.144.232
http://51.210.147.141
http://51.210.147.226
http://51.38.114.73
http://51.68.166.220
http://51.68.167.3
http://51.68.49.171
http://51.68.49.45
http://51.68.49.88
http://51.68.81.247
http://51.68.82.225
http://51.68.82.241
http://51.68.82.39
http://51.68.88.131
http://51.68.89.97
http://51.68.90.134
http://51.68.90.194
http://51.68.92.46
http://51.75.168.24
http://51.75.169.250
http://51.75.169.74
http://51.75.169.81
http://51.75.63.104
http://51.75.92.229
http://51.75.94.140
http://51.77.109.120
http://51.77.111.109
http://51.77.214.176
http://51.79.100.97
http://51.79.140.156
http://51.79.141.234
http://51.79.142.149
http://51.79.142.237
http://51.79.142.27
http://51.79.142.57
http://51.79.143.215
http://51.79.143.83
http://51.79.27.94
http://51.83.225.106
http://51.83.227.22
http://51.83.249.217
http://51.83.34.146
http://51.91.137.64
http://51.91.138.213
http://51.91.139.17
http://51.91.143.243
http://51.91.150.28
http://51.91.208.23
http://54.38.136.175
http://54.38.138.227
http://54.38.138.34
http://57.128.122.137
http://57.128.122.190
http://57.128.122.26
http://57.128.163.244
http://57.128.164.232
http://57.128.164.72
http://57.128.164.85
http://57.128.165.92
http://57.128.166.150
http://57.128.166.247
http://57.128.166.37
http://57.128.167.121
http://57.128.167.139
http://57.128.167.3
http://57.128.24.233
http://57.128.25.192
http://57.128.25.221
http://57.128.27.203
http://57.128.28.17
http://57.128.28.173
http://57.128.28.82
http://57.128.30.108
http://57.128.30.55
http://57.128.36.108
http://57.128.37.42
http://57.128.56.106
http://57.128.56.113
http://57.128.56.214
http://57.128.56.62
http://57.128.57.77
http://57.128.57.90
http://57.128.58.110
http://57.128.58.14
http://57.128.59.235
http://57.128.59.33
http://57.128.68.108
http://57.128.70.126
http://57.128.70.249
http://57.128.70.5
http://57.128.70.52
http://57.128.81.241
http://57.128.84.226
http://57.129.31.70
http://57.129.32.165
http://57.129.32.28
http://57.129.32.4
http://62.146.227.151
http://64.227.122.194
http://64.227.129.169
http://64.227.96.25
http://64.227.96.62
http://64.227.97.89
http://64.23.155.195
http://64.23.157.5
http://64.23.162.153
http://64.23.165.19
http://64.23.169.202
http://64.23.169.70
http://64.31.22.155
http://68.183.124.7
http://68.183.193.165
http://68.183.194.118
http://68.183.202.33
http://68.183.237.102
http://68.183.34.39
http://79.133.110.217
http://79.133.110.218
http://79.133.110.219
http://79.133.110.222
http://79.133.110.225
http://79.133.110.227
http://79.133.110.228
http://79.133.110.62
http://80.240.112.235
http://80.85.140.123
http://84.46.236.41
http://89.117.0.121
http://89.44.193.177
http://91.134.100.12
http://91.134.100.179
http://91.134.100.213
http://91.134.100.47
http://91.134.102.74
http://91.134.86.111
http://91.134.86.177
http://91.134.86.21
http://91.134.86.92
http://91.134.87.138
http://91.134.87.224
http://91.134.87.247
http://91.134.96.13
http://91.134.96.177
http://91.134.96.243
http://91.134.97.203
http://91.134.98.47
http://91.134.99.95
http://94.103.188.56
109-74-197-9.ip.linodeusercontent.com
145.239.135.35.sslip.io
198.244.143.235.sslip.io
51-79-142-174.cprapid.com
83-229-69-151.cprapid.com
92-38-149-131.cprapid.com
admin.onlinefact.info
adoring-swirles.mics-sandbox.com
advisorone.site
affectionate-kirch.mics-sandbox.com
aliciastrickland.autos
amont-ski.com
amont-skiing.com
angry-tharp.141-94-175-140.plesk.page
api.onlinefact.info
app2.felg.in
athena.dataval.munic.io
avaliacao7.salaobelezahirota.com
awx.changsijay.com
b52nzcnrho5473.duckdns.org
bcd1.za.com
bemr9.za.com
blog.changsijay.com
bmtp.oceania.com.au
bootcamp38-gitlab-coffee-shop-staging.changsijay.com
byteonestextou.com
bz.mn
catalogservice.dev.common.beat.no
catalogservice.test.common.beat.no
cd4.mario09.online
cdef8.sa.com
cdn-vip-1.ohitv.org
cefi.my3cx.fr
chakaralaya.com
changsijay.com
chat.begoochand.com
cliente2.itnbrasillogistica.com
cliente4.itnbrasillogistica.com
cloud.testbed.ovh
colemarie.com
comp.06.cosmobeauty.barueri.br
condescending-lamport.mics-sandbox.com
condescending-mcnulty.mics-sandbox.com
controle1.blsconsultingnova.com
cpanel.92-38-149-131.cprapid.com
cpanel.mtcsupport.com.au
cpcalendars.92-38-149-131.cprapid.com
cpcontacts.92-38-149-131.cprapid.com
cranky-heisenberg.mics-sandbox.com
customer2.ext.qual.2pl.ovh
customer2.qual.2pl.ovh
cwww8.ru.com
dast-22528575-dast-default.changsijay.com
dcmv2.za.com
dkat4.ru.com
dkol4.ru.com
dmwatchfc.com
dn1142.mis.ovh
dvuy3.sa.com
eiip0.ru.com
ejhx1.sa.com
entrega7.newfacecentrodebeleza.com
er5.buzz
ext.customer2.qual.2pl.ovh
ext.lb2.qual.e4p.ovh
ext.syslog2.qual.market.ovh
ext.term1.qual.2pl.ovh
eybe7.sa.com
fiberlike.aurorainiceland.com
files.changsijay.com
files.oltaneo.fr
filmyjunctionstudios.com
fmsp3.za.com
friendly-brattain.mics-sandbox.com
ftpofra25.footballfantasyforum.com
fzcj6.ru.com
git.changsijay.com
gitlab.jitiv.com
gkff0.ru.com
glowconjecture.shop
grafana.changsijay.com
gx6.best
happy-shockley.mics-sandbox.com
highfieldjamesconsulting.3cx.uk
hrqa6.ru.com
icng4.za.com
idod8.ru.com
images.dev.common.beat.no
improverunningform.com
integracao1.distribuidoraruivo.com
inventory.oltaneo.fr
ip200.ip-51-68-48.eu
ip35.ip-145-239-135.eu
ip97.ip-51-79-141.net
ipgk4.za.com
jdom8.ru.com
jenkins-spring-slave.spork.tech
jhwtk4.click
jnuw9.ru.com
kassa.onlinefact.info
koczubn2sg.youltube.biz
kopo-dev.com
krxt0.ru.com
ku0.best
lab.changsijay.com
laughing-morse.mics-sandbox.com
lb2.ext.qual.e4p.ovh
lb2.qual.e4p.ovh
le-22528575.changsijay.com
lg2i.on3cx.fr
liqf2.ru.com
login.onlinefact.info
looool.tiess.services
loving-curie.mics-sandbox.com
ltqtv0.click
mach1.newsxmedia.com
mail.109-74-197-9.cprapid.com
mail.92-38-149-131.cprapid.com
mail.changsijay.com
mail.quartzsticky.com
mail.shaar.ovh
mapa.hop2.pl
medium.jean-claude-init.com
mknl8.ru.com
modest-visvesvaraya.mics-sandbox.com
monster.nextgentechnews.com
moonyzer.fr
musing-ptolemy.135-125-246-51.plesk.page
musing-swirles.mics-sandbox.com
naturalpark-outdoor.com
naturalpark-sport.com
ne9.best
needfull.uz
newharborllink.com
newstodayn.info
nqkr8.ru.com
ns1.eubf.net
ns2.khbntu.click
ns314693.ip-37-59-25.eu
nwpu9.ru.com
ocutech-api.dinacode.com
ocutech.dinacode.com
optimized.coreme.fr
optimized2.coreme.fr
otyt6.ru.com
ov2.best
part-hepsiduraba.net
pop.ptk-mir.ru
pp.upervision.com
ppa.airlines-manager.com
primallegyptt.xyz
prod.en.bv.loco.red
producao10.cataratastransportes.com
pxkr6.ru.com
pzab4.ru.com
qc9.buzz
quartzsticky.com
quirky-feynman.mics-sandbox.com
quizzical-northcutt.mics-sandbox.com
qzkk0.ru.com
rdp.phonemail.net
redflix.biz
rq8.best
sad-shirley.mics-sandbox.com
sbux3.ru.com
sharp-yalow.mics-sandbox.com
shiningsister-sport.com
shiningsisters-sport.com
slackoffs.com
smtp.ptk-mir.ru
spiceshq.com
sqaurecpacevswamabe.sbs
sqaurecpacevswmcd.cfd
sqaurecpacewsbilhs.cfd
sqaurecpacewsmi.sbs
sqaurecpacewsuawb.cfd
squarcpacesmbanu.sbs
squarcpacesmbauedo.sbs
squarcpacesmbawovnih.sbs
squarcpacesmbaws.sbs
squarecpacemsbbl.sbs
squarecpacemszk.sbs
squarencpacesheswnm.sbs
squarencpaceshra.sbs
squarenpacenbindbt.sbs
squarenpacenbirv.sbs
squarenpacenbite.sbs
squarenpavewni.sbs
squarenpavwlnzai.sbs
squarescpacencizwd.sbs
squarescpacencuwh.sbs
squaresnpacesukrblvo.sbs
staging.spiceshq.com
stest.newsxmedia.com
support.mindfalls.com
sw4.best
swapinsights.com
syslog2.ext.qual.market.ovh
syslog2.qual.market.ovh
tachar.online
tender-agnesi.mics-sandbox.com
term1.ext.qual.2pl.ovh
term1.qual.2pl.ovh
thestoddardclan.com
tls12.changsijay.com
tls13.changsijay.com
tqbs2.ru.com
trusting-jones.mics-sandbox.com
tssg8.ru.com
ucrm0.ru.com
uf5.best
uklon.nextgentechnews.com
upbeat-lamport.mics-sandbox.com
updsfdsd.wikaba.com
utility.bitbot.net.au
v2.gpdl.online
vfqb6.ru.com
virtmin.watahazawoz.pl
vm1021416.had.pm
vm1187220.kvm.had.wf
vm1366783.ssd1.had.yt
vtdjl0.click
vwpk1.sa.com
w2.tachar.online
w7.tachar.online
w8.tachar.online
warski.com
wcwelding.live
webmail.92-38-149-131.cprapid.com
whm.5-188-108-148.cprapid.com
whm.92-38-149-131.cprapid.com
wiki.changsijay.com
wloy6.za.com
worker.onlinefact.info
wp-bottleneck.com
wp.changsijay.com
xa3.best
xyoz4.ru.com
yaw-allroad.com
yaw-cycling.com
yaw-offroads.com
yawcycle.com
yawcycling.com
yawoffroad.com
yawriding.com
yb9.best
youtude.biz
zbcs0.ru.com
zeged4.click
zwwn2.ru.com

# Reference: https://x.com/malwrhunterteam/status/1804083030820061278
# Reference: https://www.virustotal.com/gui/file/a3e22819ab5b3e27b4289f137ea336c9dfb1f47391cc44f5d4567c7bdd9d67ef/detection
# Reference: https://www.virustotal.com/gui/file/3fdc2b8db422a5df537b0061f67fcd808fa01b16b3f23e7950b394139e2639ae/detection
# Reference: https://www.virustotal.com/gui/file/0eb26174e722600f19a2f89f4e77d7382e6b24eea30f3c62c70a8324f34a2b77/detection

charcool.online

# Reference: https://x.com/JAMESWT_MHT/status/1804149597477933396

shellstp.info

# Reference: https://x.com/1ZRR4H/status/1804284417638056104
# Reference: https://www.virustotal.com/gui/file/cac8f9e6df8a82795d76abad54b4e6dc5bf6a9d65606be9c1e31b8594fc7b521/detection

viverosmarinos.com

# Reference: https://x.com/banthisguy9349/status/1804806186622951680

http://178.215.236.253

# Reference: https://x.com/banthisguy9349/status/1804804540387979301

http://194.48.251.176
http://194.59.30.176

# Reference: https://x.com/momomopas/status/1805515563596496930

101.99.92.203:9090

# Reference: https://www.virustotal.com/gui/file/04bf13f5e478ad2ad567f8c31a54fd399fb2536f3c89a47f5e9aaeeed416eef6/detection

sped.lol

# Reference: https://x.com/banthisguy9349/status/1806641278244868137

94.156.69.221:8000

# Reference: https://x.com/ShanHolo/status/1806608159491924450

http://35.194.215.14

# Reference: https://x.com/banthisguy9349/status/1806737735761240099

http://23.26.77.186

# Reference: https://x.com/ni_fi_70/status/1807691029950161323

http://176.223.134.190

# Reference: https://x.com/RacWatchin8872/status/1807748355214160172

http://4.203.104.98

# Reference: https://www.virustotal.com/gui/file/1d018679fcb85bee8fba2d7545be348e236076135623e1f2b216923fd602ce2f/detection

ric-finanz.com

# Reference: https://x.com/ShanHolo/status/1808924928827404469

http://34.126.174.34

# Reference: https://x.com/banthisguy9349/status/1809141971190948149

154.26.130.227:8080
3.99.165.254:8000
5.189.141.96:8000

# Reference: https://x.com/karol_paciorek/status/1809161475350552937

http://77.105.135.22

# Reference: https://x.com/karol_paciorek/status/1809164184476692929

http://77.105.160.30

# Reference: https://x.com/banthisguy9349/status/1809191207278461186

http://5.42.67.26
http://66.59.64.108
http://77.105.132.5

# Reference: https://x.com/banthisguy9349/status/1809205202987172059

http://5.206.227.56

# Reference: https://x.com/malwareforme/status/1809257799387361422
# Reference: https://www.virustotal.com/gui/ip-address/117.56.7.26/relations
# Reference: https://www.virustotal.com/gui/file/45d3063b41fc1d6c8387600e49b6da5c8ec9909ef3636d539ca2a10aec7f3c59/detection
# Reference: https://www.virustotal.com/gui/file/9effb51a23106bc461b5d33a6af2d732f04d2d0ce9ac0a59467147098d159c99/detection
# Reference: https://www.virustotal.com/gui/file/5d4dcd98f95bb8281dd856cb1597c2094f047d4693a85a63e1cadfe43b0f04ce/detection

http://128.199.156.238
neptune.twilightparadox.com
solmo.twilightparadox.com
solo.twilightparadox.com

# Reference: https://x.com/1ZRR4H/status/1809285083997630827
# Reference: https://www.virustotal.com/gui/file/bea7affbaaa5a7eb9616b48216450d1bec20fd5f43f4af3507017b4c5cdfd003/detection

verizon-tops-sports-gba.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/032479c9aa261691b45f71f860e29a7d19e47b28f54f2bddfb1077d706c94ebe/detection

a0942143.xsph.ru

# Reference: https://app.validin.com/detail?find=doublez.online&type=dom&ref_id=0ce1192495d#tab=host_pairs_v2

doublez.online

# Reference: https://www.virustotal.com/gui/file/133164eceee2d1e85e944750d1e51be6edb67d78e645df7b7cadfb5aedbdb88d/detection

ssapisite.com

# Reference: https://www.virustotal.com/gui/file/1f7c8efeeba59ea7e342f3575472ce7b593bf254ba3e8855028875c0f2548561/detection
# Reference: https://www.virustotal.com/gui/file/9ac5f50ccd9767f2aaae7879dfae0e7e1f97c0ac1c3faccd5fe9d88b691db464/detection

pdfonlineqrdocs.com
qrbarcodesecureofficeauth.com

# Reference: https://app.validin.com/detail?find=shell.elf&type=dom&ref_id=844ac3457ab#tab=host_pairs_v2

http://139.196.110.126
http://142.118.19.254
http://146.190.15.117
http://173.82.206.125
http://3.18.225.56
http://35.211.63.78
http://64.23.228.47
http://77.170.165.141

# Reference: https://x.com/karol_paciorek/status/1810247343289053474

http://194.156.99.172

# Reference: https://x.com/dez_/status/1810314284746080415
# Reference: https://www.virustotal.com/gui/file/8decdfe5e000475d09f077a3d5b06843f1138e307141e0d0433526ae7037731d/detection
# Reference: https://www.virustotal.com/gui/file/6fa43ef5572470e2a3129a181927a671d816484911d891fabb76e6d29827e6b7/detection

http://154.82.92.201
comc0m.com

# Reference: https://x.com/lontze7/status/1810175784872489463

http://185.255.95.93

# Reference: https://www.virustotal.com/gui/file/410f8b24dca48192b36ed51437e568a4e6781d80f36745a9987fc28b1d98deb2/detection

presvolica.com

# Reference: https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/

cbmelipilla.cl/te/

# Reference: https://x.com/banthisguy9349/status/1795422523863007289

http://80.76.49.162
http://85.209.133.18

# Reference: https://www.virustotal.com/gui/file/0b631de4060b07fac030e2f40b9ed800c0ad0d80db24a4281cf022b5b970c3e6/detection

infectcurve.shop

# Reference: https://x.com/banthisguy9349/status/1812883811988033904

http://94.156.69.146

# Reference: https://x.com/ShanHolo/status/1813149888001011754
# Reference: https://www.virustotal.com/gui/file/dd748e04276a2d77490012f8373d8b6be0baa76140c9c3b649f43caec20c919a/detection

http://191.232.181.180
191.232.181.180:443

# Reference: https://x.com/malwrhunterteam/status/1813311575723511869
# Reference: https://www.virustotal.com/gui/file/bef99f862b9d7a47bddf9d51121196ab2f25234b38169c49e47a672bf849a7c9/detection

http://37.60.234.203
atrf-help.org
telemetry.atrf-help.org

# Reference: https://x.com/karol_paciorek/status/1813856475670024690

http://45.55.131.63
netdaemon.org

# Reference: https://www.virustotal.com/gui/file/806086b840f22037026ca63793563b55251840d7804e5287fbc60c241853f847/detection

http://47.128.226.30

# Reference: https://x.com/StrikeReadyLabs/status/1811136876457382325
# Reference: https://x.com/ShadowChasing1/status/1814129779735699949
# Reference: https://www.virustotal.com/gui/file/4870bd4dd74adf0634948cd3b44816b358c474f39186da3bf82eddcf886d44a3/detection

158.255.215.115:443
langchao.363c85a36a.ipv6.1433.eu.org

# Reference: https://x.com/RacWatchin8872/status/1813904016281378930

http://89.197.154.116

# Reference: https://x.com/banthisguy9349/status/1814925887906664718

http://91.92.255.65
imgbb.xyz

# Reference: https://x.com/banthisguy9349/status/1814979492286271584

http://103.198.26.104
http://141.95.110.31

# Reference: https://x.com/banthisguy9349/status/1814916027320291407

http://185.99.135.162

# Reference: https://x.com/RacWatchin8872/status/1815338996005777590

http://162.250.98.10

# Reference: https://x.com/malwrhunterteam/status/1815633400327205073
# Reference: https://www.virustotal.com/gui/file/e9b2833ae4d1558919b78ba246935636cf0bccd2e25534acb634c31daef7a712/detection
# Reference: https://www.virustotal.com/gui/file/1d91134ce11e46cf5f17beeffc75dcafa06b58657f21c0f5ed1c9e1318c12be1/detection

http://163.5.112.21
163.5.112.21:3000

# Reference: https://x.com/malwrhunterteam/status/1815361770443493736
# Reference: https://www.virustotal.com/gui/file/25744c328b7a84ae8c5a7aa02275960c4cbd00d887c800a61f96f09128e6adc2/detection

http://45.32.117.177

# Reference: https://x.com/1ZRR4H/status/1815978978508677154

54.87.15.121:8080

# Reference: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

http://62.133.61.26
http://62.133.61.43
21centuryart.com

# Reference: https://www.virustotal.com/gui/ip-address/3.126.250.13/relations

http://3.126.250.13
britishamericanstobacco.com

# Reference: https://www.virustotal.com/gui/ip-address/123.57.237.30/relations

http://123.57.237.30

# Reference: https://www.virustotal.com/gui/ip-address/1.15.44.211/relations

http://1.15.44.211
1.15.44.211:8888

# Reference: https://www.virustotal.com/gui/ip-address/121.37.222.47/relations

http://121.37.222.47

# Reference: https://www.virustotal.com/gui/ip-address/49.232.144.225/relations

http://49.232.144.225

# Reference: https://www.virustotal.com/gui/file/cbe097d3f3b35355fe6d4df22cb3b140c6a676911f90d086792a5916fa2c6681/detection

http://8.222.220.3

# Reference: https://www.virustotal.com/gui/ip-address/124.222.8.250/relations

http://124.222.8.250

# Reference: https://www.virustotal.com/gui/ip-address/172.105.86.36/relations

http://172.105.86.36

# Reference: https://www.virustotal.com/gui/ip-address/38.207.173.58/relations

http://38.207.173.58

# Reference: https://app.validin.com/detail?find=poc.xml&type=dom&ref_id=e30ecd2c1d8#tab=host_pairs_v2

http://142.171.88.194
http://172.86.99.204
http://34.121.46.17
http://34.172.164.244
http://47.92.148.22
http://94.156.189.180

# Reference: https://x.com/Merlax_/status/1816220561514570130

http://31.13.213.46
http://64.23.186.111
31.13.213.46:445
31.13.213.46:8080

# Reference: https://x.com/1ZRR4H/status/1816358558927036816
# Reference: https://www.virustotal.com/gui/file/ef3c36f9c54d7e428a2ebf37d70a711c80d87e1774b60c573615ae4dae4bdf42/detection

vcredist2010x64.pages.dev

# Reference: https://x.com/HackingLZ/status/1816168200817492044

20.83.148.22:50032

# Reference: https://x.com/banthisguy9349/status/1816851258826703207
# Reference: https://www.virustotal.com/gui/ip-address/94.156.64.250/relations
# Reference: https://www.virustotal.com/gui/file/ebca29f57f5633d4a544899f7a97c6f81c9755c7f506ab52fada1302fd0a7eb1/detection

http://94.156.64.250
bggovpost.art
chronopostfr.art
dpdpsots.top
gpostge.bar
justhdwall.com
laposte-fr.bid
laposte-fr.de
mb0xffice.xyz
mzauths.xyz
postacgme.bar
postagovrs.bar
postgovbn.bar
rs-posta.bar
cloth.mzauths.xyz
h0l.mzauths.xyz

# Reference: https://x.com/banthisguy9349/status/1816850575692083473

http://94.156.71.166

# Reference: https://x.com/malwrhunterteam/status/1817159273391997363
# Reference: https://www.virustotal.com/gui/file/76fbbac936ae594503e2795d521777eaf86a5fcd788f50894307c483b6c07430/detection

auvergnerhonealpes-jo.com
downloadimplant.auvergnerhonealpes-jo.com

# Reference: https://www.virustotal.com/gui/file/bc85d43f0cc64c4a3c1dbb2047d458c20b36aa3900fda6d4f89ee99d7af51564/detection
# Reference: https://www.virustotal.com/gui/file/857574b7d5e60f321426138e7818b51aa5b35777ecbbda67a0f037b8dca5c370/detection

e-taxes.info

# Reference: https://x.com/StrikeReadyLabs/status/1817191427832447270
# Reference: https://www.virustotal.com/gui/file/cf2620781f64b31c7914497b9d42e6d846b5d97f66ca42768c438c9c3b6a1778/detection

secure-webmail.azureedge.net

# Reference: https://x.com/r3dbU7z/status/1817607423890231742
# Reference: https://www.virustotal.com/gui/file/dcd0823f72d6a145fb9acfbb6f2e4885b3e6fca6dc76f1476bd0c5431ae15ff4/detection
# Reference: https://www.virustotal.com/gui/file/9ef975e93768f270dfb2923e1848ac26d98789ffdf4fb7f9785e2a4260a32cdb/detection
# Reference: https://www.virustotal.com/gui/file/015a04303ee4a925095311e60593fa100951986713324c118d067684d6dd5787/detection

http://62.133.61.97

# Reference: https://x.com/lontze7/status/1817783150795210932
# Reference: https://x.com/banthisguy9349/status/1817784577886232913

http://120.77.253.240
http://159.65.205.138
http://203.68.22.96
120.77.253.240:443
159.65.205.138:443
159.65.205.138:8080
159.65.205.138:9100
203.68.22.96:1288
203.68.22.96:443

# Reference: https://x.com/suyog41/status/1817829659729350681
# Reference: https://www.virustotal.com/gui/file/eb552b17b3978ef35b096bd2c1a778d04f883a7b1f6510038549651e147e2e73/detection

27.106.123.108:8080

# Reference: https://x.com/raghav127001/status/1817856814618182025
# Reference: https://www.virustotal.com/gui/file/e6e7ebe7e09c2742569efc41b97019e2092320afee4cef3ca35345513606479d/detection
# Reference: https://www.virustotal.com/gui/file/b6ffc23ae03c6f691526d6afb21028a034382871474cbee649e4a25d7632b77a/detection

http://87.242.107.248
87.242.107.224:443

# Reference: https://x.com/fr0s7_/status/1817904875000193350
# Reference: https://www.virustotal.com/gui/file/6cbf52091bbe95b9ed385911892877d2cea5c3b9965d375b3091786fd0f6d4f2/detection

http://149.248.76.31
teamsconnect.net

# Reference: https://www.virustotal.com/gui/file/b9bb4eb13cb09c25862151e98059905804034304d4c65d9efe1f2ad0da38301a/detection

ie-servenet.shop

# Reference: https://www.virustotal.com/gui/file/29a3ed8701d860d246dc11f097632855f94d6ca25764d357690d50579b595884/detection

sunbelitle.pw

# Reference: https://x.com/malwrhunterteam/status/1818224362752761993
# Reference: https://www.virustotal.com/gui/file/79623531989ddcab766d92a5d1d3a7c73fae31303a16d640703182e05d19e013/detection

78.40.116.172:18174
forgen.sbs

# Reference: https://x.com/StrikeReadyLabs/status/1818276081797058653
# Reference: https://www.virustotal.com/gui/file/0507816fbeae794daeb92d26eba3ef6d55016f2d2bd9f644a9d8324be89a9ff3/detection

adobeversao24.000.pe

# Reference: https://x.com/Thisism23567356/status/1818286576629370942
# Reference: https://www.virustotal.com/gui/file/0a9b373b26311223fc4a723465f835d99d849d3713bf38eabeeaebf13f3bbf54/detection

us05web-zoom.com
workspace.us05web-zoom.com

# Reference: https://x.com/d4rksystem/status/1818316623188570443

http://94.156.67.244
94.156.67.244:445

# Reference: https://x.com/ShanHolo/status/1818574318785229282
# Reference: https://www.virustotal.com/gui/file/23f170c701bf4c7ba84dfb071b7f0c3dc017396a571f7b65592e5a7b2bf3e5e5/detection

http://104.219.239.104

# Reference: https://www.virustotal.com/gui/file/19cbff064f6a5854cab74e34f8e56f641afec0f53d509fa2036bcb73b1803172/detection

geradcontsad.pro

# Reference: https://x.com/banthisguy9349/status/1819082273037471896
# Reference: https://app.validin.com/detail?find=usdtAdmin%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E6%98%AF%E5%BC%80%E6%BA%90%E7%9A%84PHP%E4%BC%81%E4%B8%9A%E7%BA%A7%E7%BD%91%E7%AB%99%E6%94%B6%E6%AC%BE%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F&type=raw&ref_id=147a50abcb9#tab=host_pairs_v2

101.32.44.191:443
101.34.65.156:443
103.101.205.128:443
103.140.228.34:443
103.146.141.15:443
103.147.14.211:443
103.148.150.205:443
103.233.9.174:443
103.233.9.188:443
103.42.30.80:443
103.68.61.96:443
103.86.86.188:443
103.97.58.237:443
104.143.47.180:443
104.160.40.254:443
104.233.160.252:443
107.148.174.191:443
107.148.20.125:443
107.148.237.241:443
107.148.50.126:443
107.148.73.200:443
116.205.246.155:443
118.195.248.103:443
119.45.197.252:443
123.249.71.176:443
124.156.188.41:443
124.71.57.60:443
13.231.5.114:443
13.250.140.30:443
134.122.205.50:443
142.171.117.149:443
149.88.76.150:443
15.207.249.39:443
150.158.41.128:443
152.32.151.126:443
154.201.65.145:443
154.201.65.155:443
154.21.85.56:443
154.221.23.55:443
154.23.187.131:443
154.23.188.80:443
154.44.8.133:443
154.56.60.132:443
154.82.85.62:443
156.224.25.5:443
156.232.11.91:443
156.234.137.18:443
156.234.39.137:443
170.106.80.79:443
172.247.44.22:443
173.249.199.61:443
182.16.43.50:443
184.168.124.82:443
198.46.194.107:443
202.146.216.98:443
203.86.233.119:443
205.234.252.135:443
206.119.160.105:443
206.119.172.145:443
206.238.179.17:443
207.148.107.242:443
208.87.207.190:443
216.107.136.130:443
23.95.242.80:443
27.124.21.6:443
34.150.225.170:443
34.253.235.71:443
38.143.11.118:443
38.207.178.151:443
38.6.219.21:443
38.60.163.233:443
42.192.219.108:443
43.128.110.180:443
43.128.78.132:443
43.129.28.202:443
43.133.72.225:443
43.135.124.104:443
43.153.105.82:443
43.153.42.161:443
43.199.34.219:443
43.249.207.213:443
45.116.76.72:443
45.152.67.154:443
45.158.230.83:443
47.236.15.53:443
47.236.159.2:443
47.243.254.103:443
47.245.118.5:443
47.245.134.108:443
49.51.104.142:443
67.21.87.130:443
8.142.18.88:443
8.209.79.11:443
8.210.129.102:443
8.218.100.116:443
81.69.15.125:443
85.8.183.8:443
93.127.185.131:443
94.74.76.47:443
157game.cc
37ti.com
5920.live
7777games.net
a13.ylwtt.com
aazzss.cc
aleokg.com
api.hsken.org
bf.wtoxo.com
btshop123.com
eigolinks.com
faqself.com
gmaill.cn
gmtkm.com
h5.imk09.top
hmucloud.com
hsken.org
im.gmtkm.com
imk09.top
ine-qr.mx
innovationmalls.com
ishopfly.me
join-demo.com
m.aazzss.cc
mh.wtoxo.com
mk.ziyuanfx.tech
pay.157game.cc
pay.btshop123.com
pay.eigolinks.com
pay.usdtsite.com
pay.xuexi02.top
pay6g.work
pp.innovationmalls.com
qiuzhang.one
r.wtoxo.com
ruanwenfuwu.com
shopglobal.beauty
shuzi.ine-qr.mx
sltech.icu
store.wangbapay.com
t.pay6g.work
t1.pay6g.work
test.yilufacai1688.top
ttess.top
topquality24.com
u.ishopfly.me
upay.37ti.com
us.faqself.com
usdpay.gmaill.cn
usdt.7777games.net
usdt.gmaill.cn
usdt.ruanwenfuwu.com
usdt.sltech.icu
usdt.usdtadmin.com
usdtadmin.com
usdtpay.join-demo.com
usdtpay.wtoxo.com
usdtpf.5920.live
usdtsite.com
user.gmtkm.com
uu.gmaill.cn
v7.xiaonongjiang.cn
w.aleokg.com
wangbapay.com
wanhaoguoji208.top
wp.wtoxo.com
wtoxo.com
xiaonongjiang.cn
xuexi02.top
xxyyzz.cyou
yilufacai1688.top
ylwtt.com
yunyiyipay.com
zhifu988.com
ziyuanfx.tech

# Reference: https://www.virustotal.com/gui/file/7d05db7f4cbf2251b2708349b7edfe448af83ee5616116012a044ec810d32e5b/detection

slkdbfkwfd.julienolsson.com

# Reference: https://x.com/banthisguy9349/status/1819275426394517760

http://193.23.55.209

# Reference: https://app.validin.com/detail?type=dom&find=bypass.txt#tab=host_pairs_v2

http://107.170.226.83
omgwtfxss.com
pushespret.com

# Reference: https://x.com/raghav127001/status/1819968071894716903
# Reference: https://x.com/banthisguy9349/status/1820888386183549182

http://91.92.243.78
91.92.243.78:8080

# Reference: https://x.com/k3yp0d/status/1820069329745940736
# Reference: https://www.virustotal.com/gui/file/3989c19861e93c1a6d43145c23bde77a588c384fd05d0d9adbe9cdc5dc915be3/detection

pfizer-careers.net

# Reference: https://x.com/suyog41/status/1820358561639080088
# Reference: https://app.validin.com/detail?find=82.118.26.100&type=ip4&ref_id=2ce02f35281#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/b4c1845f499e6aa90f115b8b87cdb03b790c2af86387d111652cb36341776f85/detection

frew.line.pm
reg.tcp4.me
rne.ooguy.com
timse.v6.navy

# Reference: https://x.com/malwrhunterteam/status/1820342786840735768
# Reference: https://www.virustotal.com/gui/file/d2a74db6b9c900ad29a81432af72eee8ed4e22bf61055e7e8f7a5f1a33778277/detection
# Reference: https://www.virustotal.com/gui/file/66039b04fea3a5c58aec6e25847d163880d1c2f69511237075809fd761a3cc2f/detection

http://142.111.77.196

# Reference: https://x.com/RakeshKrish12/status/1820415749816762870

http://101.42.158.190

# Reference: https://www.virustotal.com/gui/file/db8d4cc2d61f71408623dc1aa242d874c754a6ba51e53b2514888016a0444fe0/detection

http://193.3.19.108

# Reference: https://x.com/raghav127001/status/1820699658634600772

23.95.107.6:8000

# Reference: https://x.com/raghav127001/status/1820693963705065885

172.245.227.230:8000

# Reference: https://x.com/raghav127001/status/1820274650703700102

91.92.255.252:8080

# Reference: https://x.com/RacWatchin8872/status/1820818775505039517

http://104.243.47.92
104.243.47.92:443

# Reference: https://x.com/malwrhunterteam/status/1821182170268090729
# Reference: https://x.com/malwrhunterteam/status/1821186622953501148
# Reference: https://www.virustotal.com/gui/file/0a8baece0e6e1ad3daffe0b14774a8bc1dd2bae37fce61d9b9914865395dde66/detection
# Reference: https://www.virustotal.com/gui/file/fc76f0b0d1c84a939a8d6a3684c7f08b3288f91f18c39fb232c6f2b6c3f8297d/detection

pheexaijeich.global.ssl.fastly.net

# Reference: https://www.virustotal.com/gui/file/2374e435da3de1d3ea930588148ee3b9933c7adf9cedf7e157b8ba3a027e6692/detection
# Reference: https://www.virustotal.com/gui/file/ba8315ba77f818ab1af81a1380c9ecc1ac5cd97c12da9358a2ab77d305c830a7/detection

http://104.168.152.139

# Reference: https://x.com/doc_guard/status/1821513954100646036
# Reference: https://app.docguard.io/871e96fc0a955e25288ca9a3e94468b1855b36c9dc0200898e35c049d9275e2e/results/dashboard
# Reference: https://www.virustotal.com/gui/file/871e96fc0a955e25288ca9a3e94468b1855b36c9dc0200898e35c049d9275e2e/detection

http://192.3.243.147

# Reference: https://www.virustotal.com/gui/file/0714671314754f5830bd40aba2f7f238796f18dc3c8dcd571ca4413e2ec2b124/detection

http://192.3.101.150

# Reference: https://tria.ge/240807-hpsn6stgjk/behavioral2

http://45.90.89.50

# Reference: https://x.com/StrikeReadyLabs/status/1821598760025100736

http://18.117.221.152

# Reference: https://x.com/banthisguy9349/status/1821643531313656193

http://208.109.233.212
http://64.95.11.41
http://91.92.244.191
http://91.92.244.206
http://91.92.245.29
http://91.92.245.68
http://91.92.245.87
212.233.109.208.host.secureserver.net
a.packagedeals.sbs
a.parcel.beauty
a.parceljob.cfd
ab.posty.sbs
correosapp.hair
dhl123.motorcycles
fedexz.top
firegold.ygto.com
packagedeals.sbs
parcel.beauty
parceljob.cfd
postbir.xyz
postcoes.sbs
postngl.cfd
posty.sbs
wtrxaxq.org
xn--en1b51xdyf.com
yoshmormai.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/cea295ccfe6d772a40cdfa8e31e42c3433f7f9b672f9f8ecf5905a4a78fd49ce/detection

http://139.162.180.91

# Reference: https://www.virustotal.com/gui/file/ce9f13606eb8e1db4a08e379d1e67261da3bd5b9de8699ceaa42399dee9877f2/detection

http://107.175.113.209

# Reference: https://www.virustotal.com/gui/file/1a2c48ac17760f2a0193102df05b97a569e34a358ed58685dc752f06a0a8cf07/detection

http://23.94.239.112

# Reference: https://www.virustotal.com/gui/file/28de81812959bd688775647dbcf67911cdc4262d8fe99f53b4eed25897de74de/detection

rev75-athx.cfd

# Reference: https://threatfox.abuse.ch/browse/tag/Vshell/ (# 2024-08-10)

1.94.120.249:8082
116.205.231.3:8082
119.45.14.41:8082
124.221.30.83:8081
149.104.29.1:8082
154.8.204.75:58082
162.14.116.25:8082
193.112.85.116:8082
38.207.178.156:8082
47.116.123.8:8082
47.120.58.214:8082
47.74.4.13:8082
47.96.107.37:8082
59.110.18.123:8082
8.130.24.188:8082
8.134.126.121:8086

# Reference: https://x.com/k3yp0d/status/1822584994230931669
# Reference: https://www.virustotal.com/gui/file/200dd48f27d105a843b0597cd89442d18445917198d8e3522e8e6e7df6b6ef18/detection

http://159.89.205.132

# Reference: https://www.virustotal.com/gui/file/0000b93dbb1d71f0357e4ef2b4e6a40e2b499ff2d31a11c9b0c9315523f66bdd/detection

xt0zgse9orvkxt0zgse9orvkxt0zgse9orvkxt0zg.xyz

# Reference: https://x.com/EncapsulateJ/status/1823063034459549819

http://8.222.186.154

# Reference: https://x.com/r3dbU7z/status/1823074348774699364

http://62.133.61.49

# Reference: https://x.com/HackingLZ/status/1823403147194245408

34.142.217.190:8000

# Reference: https://www.virustotal.com/gui/file/68cf1cdb92872cf7b081f88acc14a789c10c3385df3654e803e801e6b0cf9ebf/detection

http://167.99.22.47
kinovizbx.xyz
sustac.com

# Reference: https://x.com/r3dbU7z/status/1823481652653252852
# Reference: https://www.virustotal.com/gui/ip-address/168.100.8.192/relations
# Reference: https://www.virustotal.com/gui/file/5da6e620feb8de1a649d9640ea86a9e62a9e9b46315e43b1cffe0d02cf751283/detection
# Reference: https://www.virustotal.com/gui/file/c3c792274c284d69c46c76702ce71cd1aab014c4b00f1a522f23bb26775f73a0/detection
# Reference: https://www.virustotal.com/gui/file/c4c0f463dc992738d79b4a3d99d45f6aa21f319ca19f5941a98cc50421d8673c/detection

http://64.94.84.206
168.100.8.192:3000
168.100.8.192:3001
portalmxenlinea.sbs
supportg1547405865.sbs

# Reference: https://www.virustotal.com/gui/file/24875e178c84a4a682474a8d81b4e1c795f56ba93a2916e56957d99ce4aa1745/detection

http://23.95.235.16
http://91.92.254.194
http://91.92.254.29

# Reference: https://x.com/ShadowChasing1/status/1823685051055529989
# Reference: https://www.virustotal.com/gui/file/24a6f2c50c5d6382983d2964718c554e7597f0d027377c489d8ea60852e5ea22/detection

http://46.101.122.204

# Reference: https://x.com/malwrhunterteam/status/1823981809316601937
# Reference: https://www.virustotal.com/gui/file/bf5fa08873648f7be26de7bdbf1e07252f285d6deeb21cc8a395882808788805/detection

http://45.89.52.80

# Reference: https://x.com/banthisguy9349/status/1824143884274065735

http://185.196.11.122

# Reference: https://x.com/banthisguy9349/status/1824325635730239647

ia803104.us.archive.org/27/items/vbs_20240726_20240726/

# Reference: https://www.virustotal.com/gui/file/0000a515e0875515da9159ec17dad82ff36a0d72c0a77fdbd9f3a9a70fc39e9c/detection

savagaj.femato.co.za

# Reference: https://www.virustotal.com/gui/file/0201d176fed67247b814379923a7b0dd86b5c6ea1a7dc73cf0442dd753a922f8/detection

http://185.74.252.151

# Reference: https://x.com/r3dbU7z/status/1825446480213135418
# Reference: https://www.virustotal.com/gui/file/58825aed684e4f296bec053e74191390dda066a7f022e0d87c2c9a1f9b67058c/detection

http://2.58.14.10

# Reference: https://x.com/malwrhunterteam/status/1825631744017707274
# Reference: https://www.virustotal.com/gui/file/be080777332ad1186fb8547a6a354b2beba62f2a24537eb7b79e849f084a95be/detection

cdn.glitch.global/59e3786e-8284-4f16-8844-134b12e58b6f/

# Reference: https://x.com/r3dbU7z/status/1826007608614072593
# Reference: https://www.virustotal.com/gui/file/9557bf84b1c63559c3010d5f4ba0f0a56d58cbe0e4e7a50f86ae888206842d19/detection
# Reference: https://www.virustotal.com/gui/file/8e9dd1b754c98b6a878d43a9af2871240a3e8f476fd111153fe4eb1f8fd971f2/detection

http://195.74.86.116

# Reference: https://x.com/JAMESWT_MHT/status/1826301714422546885
# Reference: https://app.any.run/tasks/96eb12db-dbca-4add-8522-4394d568faa3/

http://144.91.79.54

# Reference: https://x.com/malwrhunterteam/status/1826510465649750030
# Reference: https://www.virustotal.com/gui/file/f2b1175a07eb346979a062c57876e2cfaf6b24fc9f5631d04c0257f3dfef897b/detection
# Reference: https://www.virustotal.com/gui/file/7117cde797e0895aad72a7c0a51c1e05aa08fc4166bc3f086f79333573d44428/detection

http://157.245.63.23
157.245.63.23:443

# Reference: https://x.com/r3dbU7z/status/1826595093983170862
# Reference: https://www.virustotal.com/gui/file/e6637ece78b046288009fc83f7366c31759f6299e859a6b923b7072fd6c33fbd/detection

resourcepool.store
ghost.resourcepool.store

# Reference: https://x.com/karol_paciorek/status/1826546190013382887

http://202.151.176.76

# Reference: https://x.com/banthisguy9349/status/1826986945035022557

147.45.79.168:8000
147.45.79.168:8443

# Reference: https://x.com/banthisguy9349/status/1827279090136563892

47.113.230.158:5000

# Reference: https://x.com/banthisguy9349/status/1827639367067709670

27.25.151.236:8080

# Reference: https://x.com/cyberfeeddigest/status/1827699564918550571

c32.19aq.com

# Reference: https://x.com/malwrhunterteam/status/1828028438407479788
# Reference: https://www.virustotal.com/gui/file/0077647aa98f096591f70bbd3f1a0364b56c5e39f68ed85509b28a31b2d4f869/detection

http://118.107.42.233

# Reference: https://x.com/raghav127001/status/1826530842401014251

check-tl-ver-198-c.buzz
wenufod.xyz
mvgde.check-tl-ver-198-c.buzz

# Reference: https://www.virustotal.com/gui/file/00e8b39180fa5f7aad233fe7440aa1ab2b22b203258d61d074a74c3549e99081/detection

facilities-qt-hollow-depot.trycloudflare.com

# Reference: https://x.com/suyog41/status/1828301311168618862
# Reference: https://www.virustotal.com/gui/file/8fc85c02d7522f84cb6378b65a97108ece62d8d0950be64c42c2d7fbc5ffa6ea/detection
# Reference: https://www.virustotal.com/gui/file/649a2b31f41064e7172c457ccd4a7626356e6a083ff7aa30a6df115870c976b2/detection
# Reference: https://www.virustotal.com/gui/file/2bde4177eb3d100e82d78c31263c5e28f0835215346659cdd1ac86e489feb8a5/detection
# Reference: https://www.virustotal.com/gui/file/7bb6a4d51be7d28d5383d11f5d5b19f5aa9589c7de77196e4ecca11e8a63a4d0/detection

125.132.180.68:5000
14.35.253.146:5000
175.214.55.10:5000

# Reference: https://x.com/r3dbU7z/status/1828485079682756805
# Reference: https://www.virustotal.com/gui/file/af57af22780443ae7b4c7079248526ce15bd8e0931d941c151df8284bc3fc863/detection

lcxzioythl.pro

# Reference: https://x.com/banthisguy9349/status/1828491900204024089
# Reference: https://www.virustotal.com/gui/file/86f475ee6220112ea2533831a33cdcbdffb1d30d93abad6c6f4f250cd65b96ac/detection

http://154.216.18.175

# Reference: https://www.virustotal.com/gui/file/8b7cd9b0ed28ba9d6cb08b589525ada4aceeeeeecd60f317a7e3fff60e461999/detection

http://193.117.208.101

# Reference: https://www.virustotal.com/gui/ip-address/185.216.70.142/relations
# Reference: https://www.virustotal.com/gui/file/3995a7e7eb8eeafb0b6da2c3813e61d11993a820d478c87809136de79d8f8280/detection
# Reference: https://www.virustotal.com/gui/file/372eefdc4bf9f4a4382db2762fcf9a9db559c9d4fff2ee5f5cf5362418caaa92/detection

http://185.216.70.142

# Reference: https://www.virustotal.com/gui/file/736575d7277732b652edade1e21e8614755935b24ba6b032c2a831748a006ac4/detection

http://194.42.207.3
http://45.66.231.148
jeuxviddeo.com

# Reference: https://x.com/JangPr0/status/1829030214539907233
# Reference: https://www.virustotal.com/gui/file/bea38970febac64eb77bd9c1484cb48d2fa61fb925bbeb39d0aa6b9149e654cf/detection

43.203.173.81:8080

# Reference: https://x.com/malwrhunterteam/status/1829127614868439316

mydoc.ngrok.pro

# Reference: https://www.virustotal.com/gui/file/d8b11b8b437f83a1ad55c954b4a80081abfaf3c29cbc922d57b76bc20745111a/detection

myfiles.ngrok.pro

# Reference: https://www.virustotal.com/gui/file/36041630856ef1c227fd14d2f9a20d5f42226a02a536ac79cca3552d69a4ba19/detection

http://94.156.67.226

# Reference: https://www.virustotal.com/gui/file/06b0c7b4b8c0ccc4a489ce6906a9e6d5d350c6f43c91358c36802b0849aa3f4f/detection

pad-grant-resources-genuine.trycloudflare.com

# Reference: https://x.com/Joseliyo_Jstnk/status/1826170816909750533
# Reference: https://www.virustotal.com/gui/file/90973055aaab24fd10f28eda5b20a0aff15d5ef22d55344fe23d8ddfd6235fbc/detection
# Reference: https://www.virustotal.com/gui/file/d0a31bac5f6483881dfd2150ba3a20e17db2d54cc47f7f3ce2e29a6b74646040/detection

dol-stepcheck.com
one1-directory.com
openbids-dol.com
rfp-dolgov.com

# Reference: https://www.virustotal.com/gui/file/eb82eb8efc9f6480c08616f47157816801a15da95f3b2b3a674a1c29f6f0026e/detection
# Reference: https://www.virustotal.com/gui/file/dc30cfa6578d26c1ec3a286679ad3fec457587bdacf9f596c5d5e2350564cec7/detection
# Reference: https://www.virustotal.com/gui/file/b604eaa319de22e055c05771fd20378f225da0ede8cb7909c83682a7927c204d/detection
# Reference: https://www.virustotal.com/gui/file/72d36563a8155c1a33ae38c54d9534ac26b89cca70a4ecf735cb853fd257f292/detection
# Reference: https://www.virustotal.com/gui/file/3d5aa944aa08b42d0b6ed2989f8f1c4b41e42e2937d04b1fb0ecce09bc3a183d/detection

react-jquery.com

# Reference: https://x.com/malwrhunterteam/status/1828866492852777205
# Reference: https://www.virustotal.com/gui/file/cc0532b39faa0ba7d37adce82006b075b7d9363b1cb13fe5b5d1bd348ced07a6/detection
# Reference: https://www.virustotal.com/gui/file/6b8be94da26dafffea2d0cafaeaa36dd96faced23d76c8bcd218b1efd1273e60/detection

146.190.98.156:22233

# Reference: https://www.virustotal.com/gui/file/04453ea41476b86993617efaeb1f574a92c1d070b9c7b50170600a4c17a55373/detection

ugtv.online

# Reference: https://x.com/StrikeReadyLabs/status/1830774821795274784

housing-support.me

# Reference: https://www.virustotal.com/gui/file/8d31ed88202e42a456cef92be1da6e91ee89f763b12e9cddca525453a8d86d6c/detection

7situacaoirregularidadeirpf2023.stufftoread.com
churrascariavitallene.com
vingspktorkgameprocexps5.com
suportecontatowebmail2023.brazilsouth.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/34356d9c7ef071b115f41a87965e7abe183b2fb099a2e76272ca469268ee1537/detection

rtplivejpslot388.lol

# Reference: https://www.virustotal.com/gui/file/c5492d613f9c1aca60e521a8bf92b6724a1b839007fdaeaf0dd4cd35a8544eee/detection

jxc-agri.com

# Reference: https://www.activecountermeasures.com/malware-of-the-day-tunneled-c2-beaconing/

http://91.92.240.113

# Reference: https://x.com/1ZRR4H/status/1832971253239660768

213.109.147.108:4242

# Reference: https://x.com/DaveLikesMalwre/status/1832884049251049909

http://185.241.208.90

# Reference: https://x.com/RacWatchin8872/status/1833450025503821960

http://120.24.161.110

# Reference: https://x.com/StrikeReadyLabs/status/1833499194536919426
# Reference: https://www.virustotal.com/gui/file/4e875fff5c75fe3917207185d4873a0a96adaf9f0ee1483484d1debbf80fbcbe/detection

146.70.145.225:443
srv510786.hstgr.cloud
winupdate-check-news.ignorelist.com

# Reference: https://x.com/karol_paciorek/status/1833434905587396630
# Reference: https://www.virustotal.com/gui/file/c07e92647c58d22541517b52a7c7af5031deacc9261d5eb45ea7f72d778df49a/detection

http://45.154.98.20

# Reference: https://www.virustotal.com/gui/file/f1d6b309708d2f0f449169681f5d10bc57c92fa9afb1e22075f6995b1b0d960e/detection

http://118.24.129.8
118.24.129.8:35757

# Reference: https://x.com/RacWatchin8872/status/1834170994375774618
# Reference: https://x.com/banthisguy9349/status/1854566264548560953

123.60.104.67:8000
123.60.104.67:9999

# Reference: https://x.com/StrikeReadyLabs/status/1834414735158022602
# Reference: https://www.virustotal.com/gui/file/18ace3a46a21a4aaee4525a8fae831f05a9d425bb37061a7975ee2ea2d52d8a3/detection

cdn4.filehaus.su

# Reference: https://x.com/cyberfeeddigest/status/1834868587158294850

http://34.228.38.116

# Reference: https://x.com/1ZRR4H/status/1835105228506476769

http://119.28.78.133

# Reference: https://www.virustotal.com/gui/file/96465ce935015f6b1ddcfbcf378a8ec5b314ca9034210c6ec908ea38283fa2f7/detection

http://185.234.247.14
shotsera.com

# Reference: https://x.com/karol_paciorek/status/1836723394919682080

http://162.0.224.92
j6.gg

# Reference: https://x.com/_CPResearch_/status/1836723335532515803

versionupdate.xyz

# Reference: https://x.com/kddx0178318/status/1836740364796895602

hercvlesconcrete.com

# Reference: https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/

http://104.131.7.207
http://141.98.234.166
http://147.45.178.54
http://147.45.50.142
http://147.45.50.144
http://147.45.50.172
http://147.45.50.214
http://147.45.50.23
http://147.45.50.26
http://147.45.50.34
http://147.45.50.57
http://147.45.50.86
http://147.45.79.82
http://151.236.17.180
http://168.100.9.199
http://178.209.51.222
http://185.143.223.188
http://185.196.8.158
http://191.243.196.114
http://193.233.75.13
http://194.190.152.108
http://194.87.252.22
http://200.150.194.109
http://206.188.196.28
http://212.18.104.111
http://45.151.62.238
http://46.29.234.129
http://62.133.61.101
http://62.133.61.104
http://62.133.61.106
http://62.133.61.148
http://62.133.61.155
http://62.133.61.168
http://62.133.61.189
http://62.133.61.207
http://62.133.61.240
http://62.133.61.37
http://62.133.61.69
http://62.133.61.73
http://62.133.61.79
http://62.133.61.90
http://62.133.61.98
http://78.153.139.202
http://79.137.203.158
http://82.115.223.234
http://84.247.187.231
http://89.110.78.58
http://89.23.103.118
http://89.23.103.123
http://89.23.103.188
http://89.23.103.205
http://89.23.103.253
http://89.23.103.56
http://89.23.103.57
http://89.23.103.97
http://89.23.107.123
http://89.23.107.168
http://89.23.107.181
http://89.23.107.240
http://89.23.107.251
http://89.23.107.67
http://89.23.113.140
http://91.202.233.136
http://91.92.240.234
http://91.92.240.247
http://91.92.240.29
http://91.92.243.198
http://91.92.243.74
http://91.92.245.185
http://91.92.245.222
http://91.92.246.102
http://91.92.248.129
http://91.92.248.77
http://91.92.248.90
http://91.92.250.150
http://91.92.250.44
http://91.92.251.35
http://91.92.253.126
http://91.92.254.167
http://92.118.112.223
http://92.118.112.253
http://94.131.112.206
http://94.156.64.74
http://94.156.64.76
http://94.156.65.126
http://94.156.65.130
http://94.156.69.111
http://94.156.69.6
http://94.156.8.31
http://95.164.68.24
http://95.216.196.85

# Reference: https://x.com/banthisguy9349/status/1837796949136752932

http://101.126.87.87

# Reference: https://x.com/karol_paciorek/status/1838226912264479036

http://185.38.142.128

# Reference: https://www.virustotal.com/gui/file/ef05d8c68e1e2b9ea7cfbad9bce3acfbd8b2367a28297d2e4c23d9d9340feca2/detection

http://188.93.233.163

# Reference: https://x.com/Gi7w0rm/status/1838854503694516349

rg.gamepeak.in

# Reference: https://x.com/Gi7w0rm/status/1838882702843396489

http://100.1.226.154

# Reference: https://x.com/malwrhunterteam/status/1838867310729142280
# Reference: https://www.virustotal.com/gui/file/fd7fc93e57fa76a036b73ce21ae615d99aa2a0ca45b96973b7dab63d21e5ffc6/detection

http://91.222.173.140

# Reference: https://x.com/Gi7w0rm/status/1838951321879068990

1.92.89.193:8080

# Reference: https://x.com/DaveLikesMalwre/status/1837677211547017260
# Reference: https://www.virustotal.com/gui/file/582959b7f4789e58fc08d272d3d8364bafc2b3ab117f93fc5f85cde9c0630027/detection

http://209.105.248.135
runds.duckdns.org

# Reference: https://app.validin.com/detail?find=sostener.vbs&type=dom&ref_id=de2831d246d#tab=host_pairs_v2

http://181.131.216.24
http://181.140.64.44
http://181.235.0.29
http://181.235.12.53
http://181.235.14.198
http://186.169.40.143
http://186.169.42.117
http://186.169.72.37
http://186.169.76.39
http://186.169.89.218
http://186.169.94.22
http://191.88.251.24
http://191.88.254.56
http://191.93.112.233
http://191.93.113.151
http://209.105.248.135
http://45.135.232.38
45-135-232-38.cprapid.com
jdosdjos.space
update-facebok.com
updatee-facebok.com
users-kucoin.com
mail.45-135-232-38.cprapid.com
mail.update-facebok.com

# Reference: https://x.com/banthisguy9349/status/1839325002732376552

42.192.14.109:9999

# Reference: https://x.com/banthisguy9349/status/1839326280959091079

47.111.135.21:8080

# Reference: https://x.com/banthisguy9349/status/1839329674608214260

203.204.217.190:8080

# Reference: https://x.com/StrikeReadyLabs/status/1839626001317327265
# Reference: https://www.virustotal.com/gui/file/9ffd9422c22195d0bce91577154d380c696bd02e846da4579ca056eeca2d8c66/detection

http://172.232.234.9

# Reference: https://x.com/banthisguy9349/status/1839937406969020433
# Reference: https://x.com/banthisguy9349/status/1839984167913718075

http://34.142.201.103
209.151.152.177:8000
34.142.201.103:8443
34.142.201.103:9993
45.120.107.43:8080
77.81.230.154:8080

# Reference: https://x.com/banthisguy9349/status/1840086305767580094

http://140.83.50.60
140.83.50.60:8001

# Reference: https://urlhaus.abuse.ch/host/58.23.215.23/
# Reference: https://www.virustotal.com/gui/file/055c25c8704a39911cabaf85498b3185fc3f792601836a3b8c83cb89c1235b70/detection

117.28.27.74:8765
117.28.27.75:8765
117.28.27.76:8765
27.152.240.185:8765
36.249.46.154:8765
36.249.46.166:8765
36.249.46.167:8765
36.249.46.168:8765
36.249.46.169:8765
36.249.46.170:8765
36.249.46.171:8765
36.249.46.172:8765
36.249.46.173:8765
36.249.46.174:8765
36.249.46.232:8765
36.249.46.233:8765
36.249.46.234:8765
36.249.46.235:8765
36.249.46.236:8765
36.249.46.237:8765
36.249.46.238:8765
36.249.46.239:8765
36.249.46.240:8765
36.249.46.241:8765
58.23.215.155:8765
58.23.215.156:8765
58.23.215.157:8765
58.23.215.158:8765
58.23.215.159:8765
58.23.215.160:8765
58.23.215.161:8765
58.23.215.162:8765
58.23.215.163:8765
58.23.215.164:8765
58.23.215.170:8765
58.23.215.171:8765
58.23.215.172:8765
58.23.215.173:8765
58.23.215.174:8765
58.23.215.175:8765
58.23.215.176:8765
58.23.215.177:8765
58.23.215.178:8765
58.23.215.179:8765
58.23.215.23:8765
58.23.215.24:8765
58.23.215.25:8765
58.23.215.26:8765
58.23.215.27:8765
58.23.215.28:8765
58.23.215.29:8765
58.23.215.30:8765
58.23.215.31:8765
58.23.215.32:8765
58.23.215.62:8765
58.23.215.63:8765
58.23.215.64:8765
58.23.215.65:8765
58.23.215.66:8765
58.23.215.67:8765
58.23.215.68:8765
58.23.215.69:8765
58.23.215.70:8765
58.23.215.71:8765
wieie.cn

# Reference: https://x.com/DaveLikesMalwre/status/1840170583272595881
# Reference: https://www.virustotal.com/gui/file/4e6824f248330bd4172bd07a109add479745a33386b6c5754597c5ee1b3198cd/detection

http://13.61.8.111

# Reference: https://x.com/k3yp0d/status/1841082596039507978
# Reference: https://www.virustotal.com/gui/file/d4de41642e31a43cdec017816f7990a7d9eb706bff85fea480052d2a1d62c097/detection
# Reference: https://www.virustotal.com/gui/file/14351ae11863745dd326f30556b3e6010db8582b7d3499e1a6bc76a801f24c3f/detection

meta.flokq.com

# Reference: https://x.com/DaveLikesMalwre/status/1841281294396797239

101.99.92.10:8000

# Reference: https://www.virustotal.com/gui/file/48fc64defe12868f480f074cb229440a1a6e034cbafdc3e65a8417107f624c1b/detection

91.92.250.115:8080

# Reference: https://www.virustotal.com/gui/file/d472c895106cfebcb6eea8701416aed96b9770c256432ee7ee7a9b8a60a6d254/detection

http://172.245.123.9

# Reference: https://x.com/ShanHolo/status/1842802254434140226

http://172.245.123.6

# Reference: https://app.validin.com/detail?find=45.80.158.76&type=ip4&ref_id=dfa879c1e5c#tab=reputation

http://45.80.158.76

# Reference: https://x.com/Merlax_/status/1842001785587650815

http://167.0.201.5
http://186.169.63.46
http://186.169.83.212
http://190.9.223.135
186.169.63.46:443

# Reference: https://x.com/malwrhunterteam/status/1842253568255959169
# Reference: https://www.virustotal.com/gui/file/810d1314dea7205f851b76fcc583ba816bcec8d3186f3c03df1ddfc54e233450/detection

http://80.66.79.95

# Reference: https://github.com/StrikeReady-Inc/samples/blob/main/2024-10-04%20interesting%20ua%20lnks/urls.txt

http://154.216.17.56
http://195.10.205.113
http://80.66.79.150
http://80.66.79.155

# Reference: https://x.com/banthisguy9349/status/1842246259765088421

http://65.52.240.233

# Reference: https://x.com/malwrhunterteam/status/1842312416102928583
# Reference: https://www.virustotal.com/gui/file/2bf40a88c866b16124039495791b99cd71ddf5f1c8decea75d18e8400b52b6ea/detection

57.128.129.22:5824
payhostmsa.shop
spare-shadows-dreams-tourist.trycloudflare.com

# Reference: https://x.com/cyberfeeddigest/status/1841917478273941935

http://37.46.132.110

# Reference: https://x.com/banthisguy9349/status/1842944347417014304

http://109.248.6.229
http://116.48.102.33
http://124.223.12.165
http://142.93.209.148
http://152.42.221.20
http://83.229.120.79
101.126.22.160:8000
150.158.84.155:8888
194.140.233.120:90
222.120.252.246:9999
45.91.81.254:8000
49.234.54.77:65102
82.156.29.211:8083
84.54.191.178:5555

# Reference: https://x.com/Max_Mal_/status/1842936347256029627
# Reference: https://www.virustotal.com/gui/file/1822636a57752d06999da566e21c16b1f0dc465e225af2c2afba6ffb1cde0512/detection
# Reference: https://www.virustotal.com/gui/file/f02ba578e0f962f6be46187b288e22a4dbe972878893ecb81ff5f33944aef4b4/detection

http://95.164.17.212

# Reference: https://x.com/karol_paciorek/status/1843271345913925943

http://18.206.176.138

# Reference: https://x.com/s1dhy/status/1843746391337943272

http://64.52.80.157
itaucontrato.zip
loglider.com.br
railwaysy.online

# Reference: https://hunt.io/blog/inside-a-cybercriminal-s-server-ddos-tools-spyware-apks-and-phishing-pages

http://137.184.53.152
137.184.53.152:443

# Reference: https://x.com/malwrhunterteam/status/1844062190556553349
# Reference: https://www.virustotal.com/gui/file/bc6b22395ea6a6d94612d4ec2b8e486aad1f5292c6fa1161c9fcf030239d10ad/detection
# Reference: https://www.virustotal.com/gui/file/b55585d011d4d6851cff7776b4506cb0865325236c2ec322ae0777c06243be55/detection

http://24.152.39.227

# Reference: https://x.com/cyberfeeddigest/status/1843574372876812441

http://68.183.94.199

# Reference: https://x.com/kddx0178318/status/1843633294451323227
# Reference: https://www.virustotal.com/gui/ip-address/103.64.128.51/relations

360degcrm.com
b2bsystemxs.com
systemsepay.com
systemxssepay.com

# Reference: https://x.com/doc_guard/status/1844407522750497138
# Reference: https://www.virustotal.com/gui/file/d5359f418089f7af7ef279ba0e9239a2dab4b868aad459ff6751e832831bfd2f/detection

http://162.250.124.142
http://69.10.48.240

# Reference: https://x.com/cyberfeeddigest/status/1844704404529627257

http://45.10.243.106

# Reference: https://x.com/malwrhunterteam/status/1844856030141776303
# Reference: https://www.virustotal.com/gui/file/560affc6b715d349bfc1284bbaa473305ff13ccb853fa248337dd7dfded3805e/detection

avisojudicial.org

# Reference: https://x.com/cyberfeeddigest/status/1845549506000994704

http://107.175.75.51

# Reference: https://x.com/cyberfeeddigest/status/1845111233751466170

http://77.81.244.170

# Reference: https://x.com/StrikeReadyLabs/status/1845881714607792250
# Reference: https://www.virustotal.com/gui/file/92d71e5e265fd266036881767a83093838004130be44b448f033cc3f7195172e/detection

http://103.27.108.146

# Reference: https://x.com/malwrhunterteam/status/1846097535904985294
# Reference: https://www.virustotal.com/gui/file/2bef9c146d7a3989b8af1c6b95007f6719f7b147b253d1225db3fe135362790c/detection

http://159.223.8.77
1drv.media
1drv.pictures

# Reference: https://x.com/banthisguy9349/status/1846261680210112987

shiped.de
op.shiped.de

# Reference: https://x.com/banthisguy9349/status/1844756240183779425

http://134.209.241.3
134.209.241.3:443

# Reference: https://x.com/karol_paciorek/status/1846892197964124263

http://47.236.122.191

# Reference: https://x.com/malwrhunterteam/status/1846995768877457494
# Reference: https://www.virustotal.com/gui/file/b0da9e82ec888ecad575e2b027bad8d040180afb6116fc778531db84a3843e3c/detection
# Reference: https://www.virustotal.com/gui/file/a14de680626320014b4e874252b5f9fdc48bd2ed9355f55999a85f8d870e2fad/detection
# Reference: https://www.virustotal.com/gui/file/9cd2698d22ea6c144489b104d7d4680392f5ec333791fe164090b513b3073a7c/detection
# Reference: https://www.virustotal.com/gui/file/2581270620b8d44b35fab6c704838e4e1d53af5c5c0ab9ee05cd7456c2538017/detection

fsb.rodeo

# Reference: https://x.com/StrikeReadyLabs/status/1846991213414535427/

http://89.23.103.158

# Reference: https://x.com/raghav127001/status/1846837961813643659

http://193.233.112.100
193.233.112.100:443

# Reference: https://x.com/banthisguy9349/status/1847175329120460936

n.ddnsgratis.com.br

# Reference: https://x.com/karol_paciorek/status/1847196303773605989

http://178.61.171.67

# Reference: https://x.com/malwrhunterteam/status/1847272150316556768
# Reference: https://www.virustotal.com/gui/file/01a936be463805b5f875f854afc596b900edf912127c3a107bfdef6c5ecde9bd/detection

http://45.82.13.15
gov-case.info
sec.gov-case.info

# Reference: https://x.com/banthisguy9349/status/1847990192218521657
# Reference: https://app.validin.com/detail?find=I%20See%20you!&type=raw&ref_id=1dfd283f260#tab=host_pairs_v2

http://128.199.11.181
http://128.199.247.173
http://134.209.79.78
http://144.24.149.174
http://146.190.114.66
http://156.225.129.209
http://159.203.122.212
http://165.227.194.13
http://167.71.11.77
http://167.99.72.133
http://178.253.40.205
http://178.79.157.141
http://185.101.104.240
http://185.56.171.168
http://188.166.177.132
http://194.195.92.71
http://198.12.88.145
http://2.58.84.200
http://209.250.233.58
http://38.242.242.182
http://45.133.178.165
http://46.105.30.53
http://82.213.245.39
eugenio.ddns.net

# Reference: https://www.virustotal.com/gui/file/f6d8d4988844576ce042e45a0247d56197faba7a633742b6e1d7fd8db30166f1/detection

http://172.234.252.181

# Reference: https://www.virustotal.com/gui/file/3f7a5830f2edc0a5d6943b6a5eabe28f8e26a5ecd7a729495efc4f09f1500fc2/detection

digitalpinnaclepub.com

# Reference: https://x.com/malwrhunterteam/status/1848714445452689503
# Reference: https://www.virustotal.com/gui/file/296ac811f404a3312f9747d574e228bf4e638ae3e0b0618fb1b3aedc17788f54/detection
# Reference: https://www.virustotal.com/gui/file/2b6acb22acc5d68550a0bd86023cd08bc24e0e325c432cd70b8c4d0c23557ca6/detection

cgdfiles.azureedge.net

# Reference: https://x.com/banthisguy9349/status/1850473219561546152

49.65.214.126:8088

# Reference: https://x.com/k3yp0d/status/1850910398800679402
# Reference: https://www.virustotal.com/gui/file/6414736583ad9b59da9d2e554b661a1f147c7fd6a0879078bd86379f3ad0bbf4/detection

slot.somee.com

# Reference: https://www.virustotal.com/gui/file/2970a1843d2f7ce1e25cffaeb9100097e1308208d229401a5a143e4f963673da/detection
# Reference: https://www.virustotal.com/gui/file/f44f1a4fc0921e6649aeff8f660a02d9b51aeae19b14bb50c39f1afc655d102f/detection

dh0.fun
lc.dh0.fun

# Reference: https://app.validin.com/detail?type=ip&find=5.42.80.2#tab=host_pairs

http://5.42.80.2

# Reference: https://x.com/malwrhunterteam/status/1851191303800778892
# Reference: https://www.virustotal.com/gui/file/8caa3860f4e12e70495dad9e530134f2eb378302062ba6e882138ddb517b8f01/detection

jofilesjo.com

# Reference: https://www.virustotal.com/gui/file/052a1608655a2da8932a8befb7073c93fd9e1b5082ec2e4e02eb1f51d7e0b4ee/detection

http://193.3.19.225

# Reference: https://x.com/malwrhunterteam/status/1851327563282739491
# Reference: https://www.virustotal.com/gui/file/71260e5c51c834c18a174201f66c14e41c01fd574e0dc95d4c39e7e89b0d9360/detection

sw.lifeboxtransfer.com

# Reference: https://www.virustotal.com/gui/file/5796b9a167c9a20f5ce5f5acba3ee48b82283280e25bd66a68377895944a1bae/detection
# Reference: https://www.virustotal.com/gui/file/5c2288a79dad1936d113ec9bdcd36d6579ae5ca44691e1c3dea5f8bcdec6f297/detection

http://191.96.78.152

# Reference: https://x.com/johnk3r/status/1851752612367921238
# Reference: https://x.com/johnk3r/status/1854695923537805598
# Reference: https://app.validin.com/detail?type=dom&find=aaaee.selfip.org#tab=host_pairs

aaaee.blogdns.org
aaaee.dnsalias.net
aaaee.dyndns.biz
aaaee.dyndns.info
aaaee.forgot.her.name
aaaee.from-az.net
aaaee.from-de.com
aaaee.from-md.com
aaaee.from-me.org
aaaee.from-nd.com
aaaee.from-nv.com
aaaee.from-pa.com
aaaee.from-wa.com
aaaee.game-server.cc
aaaee.groks-the.info
aaaee.groks-this.info
aaaee.here-for-more.info
aaaee.homedns.org
aaaee.homeunix.org
aaaee.is-a-bulls-fan.com
aaaee.is-a-democrat.com
aaaee.is-a-landscaper.com
aaaee.is-a-nurse.com
aaaee.is-a-republican.com
aaaee.is-slick.com
aaaee.isa-geek.net
aaaee.selfip.org
aaaee.space-to-rent.com
aaaee.webhop.net
addnew.doesntexist.org
aerret.webhop.net
aewaew.barrel-of-knowledge.info
agenal.ajayusoft.com
aweewe.barrel-of-knowledge.info
awewrwa.dnsalias.org
awrqa.is-gone.com
azczxs.from-nd.com
charlote.is-a-geek.org
dfdfdfvd.is-a-geek.org
dfvdfvfddf.is-a-anarchist.com
dgdfb.groks-this.info
ewrew.is-a-caterer.com
ewrew.is-a-musician.com
fghfgbfg.dyndns-work.com
fgnfgfgsd.dynathome.net
gdfgdfdv.groks-this.info
gdhbbdv.broke-it.net
gdhbbdv.hobby-site.org
gdhbbdv.homelinux.com
gdhbbdv.is-a-blogger.com
gdhbbdv.is-a-bruinsfan.org
gdhbbdv.is-a-student.com
gdhbbdv.is-into-games.com
gdhbbdv.is-very-sweet.org
gdhbbdv.remotecam.nu
gdhbbdv.sellsyourhome.org
gegrewew.ath.cx
ggg.is-a-painter.com
grtgr.webhop.biz
hjmhjm.is-a-landscaper.com
hthth.is-a-knight.org
hyhyhy.is-a-therapist.com
jujuju.dyndns-free.com
jujuju.from-pa.com
kjjghhjgf.is-uberleet.com
nftg.buyshouses.net
nftg.dnsalias.org
nftg.doesntexist.com
nftg.dynalias.net
nftg.dynathome.net
nftg.dyndns-at-home.com
nftg.from-ak.com
nftg.from-ky.com
nftg.from-nd.com
nftg.here-for-more.info
nftg.hobby-site.com
nftg.is-a-bruinsfan.org
nftg.is-slick.com
nftg.isa-geek.net
nftg.kicks-ass.org
nftg.lebtimnetz.de
nftg.misconfused.org
nmfhnjf.knowsitall.info
sccsdcsdcv.from-tn.com
sccsdcsdcv.homeunix.net
sccsdcsdcv.is-a-democrat.com
sccsdcsdcv.is-an-actress.com
sccsdcsdcv.likescandy.com
scsfscscs.doomdns.org
scsfscscs.homelinux.com
scsfscscs.is-a-chef.net
scsfscscs.is-an-actress.com
sdfgfv.dyndns-free.com
sdfgfv.stuff-4-sale.org
sfsdfsdvsd.gets-it.net
sfsdfsdvsd.neat-url.com
soniafernandes.my3cx.com.br
suanfe.is-a-landscaper.com
suanfe.kicks-ass.net
tehytdf.ftpaccess.cc
tehytdf.sellsyourhome.org
tttht.is-a-therapist.com
ujuju.for-better.biz
ujuju.from-md.com
ujuju.here-for-more.info
ujujuju.barrel-of-knowledge.info
ujujuju.blogdns.com
ujujuju.dynalias.net
ujujuju.from-nv.com
ujujuju.from-pa.com
ujujuju.hobby-site.com
ujujuju.homelinux.com
ujujuju.is-a-anarchist.com
ujujuju.is-a-painter.com
ujujuju.is-a-republican.com
ujujuju.is-found.org
ujujuju.is-uberleet.com
ujujuju.merseine.org
ujujuju.selfip.biz
vbxvb.is-very-good.org
wewef.from-sc.com
wewef.gets-it.net
wrwwewfe.dyndns.tv
wrwwewfe.from-la.net
wrwwewfe.from-wi.com
wrwwewfe.is-a-blogger.com
wrwwewfe.is-a-rockstar.com
wrwwewfe.merseine.org
wrwwewfe.selfip.com
wrwwewfe.selfip.org
yyhyhy.simple-url.com
zvczcz.saves-the-whales.com

# Reference: https://x.com/DaveLikesMalwre/status/1851762437361668446

208.85.20.137:8080

# Reference: https://x.com/StrikeReadyLabs/status/1851798863637516345

transportation.us.org/files/

# Reference: https://x.com/StrikeReadyLabs/status/1851944009033224532/history
# Reference: https://www.virustotal.com/gui/file/06561b823184eb243a781bdf8db1cbd36ab8ed1bf60fb9204d07557d077c9453/detection

http://31.214.157.49
http://66.63.187.150
66.63.187.150:445

# Reference: https://x.com/StrikeReadyLabs/status/1852047416746291350
# Reference: https://www.virustotal.com/gui/file/4ce0e08f6677e7da973525f5362e45cb633993043d87fb5d25e20c0b4aea0127/detection
# Reference: https://www.virustotal.com/gui/file/b60f13f429513c1dbf646753c2ab4bffeab3b75c9e068ad94c91076f11a50a32/detection

3k8twy1z.space
tkjkcxz.store

# Reference: https://x.com/1ZRR4H/status/1852067211050938422

94.237.59.211:8000

# Reference: https://x.com/StrikeReadyLabs/status/1852338012488634491
# Reference: https://www.virustotal.com/gui/file/a359e8ec3e7c82e1dbc0c8dc903704bffd522ebb51696b5caa051c6300ac3907/detection
# Reference: https://www.virustotal.com/gui/file/b9d937b6bf7b4367140e398fc722fcb091909ca16430f2a8b0ed846f2e0ee932/detection

http://147.45.178.92
investor.us.org

# Reference: https://x.com/malwrhunterteam/status/1852366602366333146
# Reference: https://www.virustotal.com/gui/file/a1889a999e50a8b09a9f16c2b7e3fb6982e874eeda69a99172979912836296ce/detection

apitradingview.com

# Reference: https://x.com/malwrhunterteam/status/1852420327189688496
# Reference: https://x.com/JAMESWT_MHT/status/1852628442644111527
# Reference: https://app.any.run/tasks/37f022a1-a2ee-459e-ab76-65c54cc7a3f7

51.195.251.11:5022
83.136.208.180:5029
medcolemantang.nl
shippingalerts.online
vonhelmsgrouped.org
vptriathloninc.com

# Reference: https://x.com/banthisguy9349/status/1849722855220478320

37.60.252.188:8888

# Reference: https://x.com/DaveLikesMalwre/status/1852825484947570988
# Reference: https://www.virustotal.com/gui/file/671b686a2f119e1ca4c1451c3eff0f789bb4c1dbb087386d4022a8824acba4a1/detection

haven-quantity-bring-exclusion.trycloudflare.com

# Reference: https://x.com/suyog41/status/1853265456976871560
# Reference: https://www.virustotal.com/gui/file/1b506b3aa30fc256981018bf8c9e9f03f50a2edcc0a26339dc7c876e681ad8f8/detection
# Reference: https://www.virustotal.com/gui/file/f8bdde36affc7e2fcd3724b1e3536541518da8aec4e891de29766bb5504a10db/detection

objetucarro.sbs
scredindenvaz46.objetucarro.sbs
trufenrinnal.objetucarro.sbs

# Reference: https://x.com/malwrhunterteam/status/1853741175380816229
# Reference: https://www.virustotal.com/gui/file/9c0b84e1f7cacd3c0f3f0938d21e7d6412747fe48c222a3061a8f63bc2d0f466/detection

172.245.159.28:443
172.245.159.28:8080

# Reference: https://x.com/StrikeReadyLabs/status/1853851875684073752
# Reference: https://www.virustotal.com/gui/file/a760b608d3857435340ff1c96d017c07314f73325bce71e16d0fb362820c9820/detection

aliempregoraiz.site

# Reference: https://x.com/banthisguy9349/status/1853709132869607639

http://107.172.31.13
http://107.175.229.146
http://192.3.101.141
http://192.3.216.142
http://198.46.178.134
http://45.149.241.183
cuzinneeeefile.duckdns.org
fridaylocalmanager.duckdns.org
fridayyybabedatinglover.duckdns.org
mirakleeeman.duckdns.org
mondayyyyvbsgreeceee.duckdns.org
thursdayyyyyyfileeee.duckdns.org
wednesdayyyyyyfile.duckdns.org

# Reference: https://x.com/1ZRR4H/status/1854029075720851965

80.76.51.159:8080

# Reference: https://x.com/malwrhunterteam/status/1854090838604972464
# Reference: https://www.virustotal.com/gui/ip-address/158.160.100.27/relations
# Reference: https://tria.ge/241106-qex5xazmat/behavioral2
# Reference: https://www.virustotal.com/gui/file/b349c1c867962658136ef754f7c46947f42c8317c390b2c8488f4e16c5a10498/detection
# Reference: https://www.virustotal.com/gui/file/c75645740d7d6716f85a07bc404aa31a8c12dea0adae8fe7151176b78b9d4d5d/detection
# Reference: https://www.virustotal.com/gui/file/d0cc8003a6301c77b9c94eebe0c3e9373b69681a72e38aeb30ebc3c9876f2701/detection
# Reference: https://www.virustotal.com/gui/file/f6cfa802d95dea965c8f45f3d3975111901b9ed347fbb2fe4fbda238c20ba089/detection

alfabankpayroll.ru
api.alfabankpayroll.ru
web.alfabankpayroll.ru

# Reference: https://x.com/idclickthat/status/1854204601081438678
# Reference: https://x.com/illegalFawn/status/1854196462961189100
# Reference: https://www.virustotal.com/gui/ip-address/195.26.227.152/relations

http://185.147.124.40
dropbeastbot.xyz
hawai5stars.com
xtranetaccess.com

# Reference: https://x.com/StrikeReadyLabs/status/1854537007801749893
# Reference: https://www.virustotal.com/gui/file/c1059b8fa9c49d69645d32e9c11a98205bbbb206bd16c9c41a022bd787961a19/detection

botanyeco.org

# Reference: https://x.com/banthisguy9349/status/1854477432700477893

176.111.174.138:8000

# Reference: https://x.com/lontze7/status/1854497457574494324

http://185.208.156.226

# Reference: https://x.com/idclickthat/status/1854208283373957291

http://185.245.107.96

# Reference: https://x.com/idclickthat/status/1854529809591791881
# Reference: https://www.virustotal.com/gui/file/6905b4b4bc10a37ef57a613505702236938049bd3e05832cc916b35b1f5abdf3/detection

http://74.81.37.234
belieber.info
belieberfan.club
dailysphere.org

# Reference: https://x.com/idclickthat/status/1854317447719145593

http://172.86.75.215

# Reference: https://x.com/cyberfeeddigest/status/1854639949703794978

http://144.34.162.13
hackbiji.cc
fish.hackbiji.cc

# Reference: https://www.virustotal.com/gui/ip-address/27.255.80.170/relations

http://27.255.80.170

# Reference: https://x.com/banthisguy9349/status/1854822084171469284
# Reference: https://www.virustotal.com/gui/file/10659940f2d3316523d1c619c6092cf3ade457177b610d47b1a1f052a2ad5c5c/detection

101.133.166.204:8000

# Reference: https://x.com/raghav127001/status/1854686323950629206

45.12.138.251:11800

# Reference: https://x.com/malwrhunterteam/status/1854814661469712729
# Reference: https://www.virustotal.com/gui/file/760e7c6cb77c54fcacd22972a2b6b928f4181f63455f1a24800ed7ff2ae94ec5/detection

d4fsd94p6ntmp.cloudfront.net

# Reference: https://x.com/lontze7/status/1854878302109892814
# Reference: https://x.com/RacWatchin8872/status/1854891809807151344
# Reference: https://app.validin.com/detail?find=asegurar.vbs&type=dom&ref_id=0d0be108061#tab=host_pairs
# Reference: https://app.validin.com/detail?find=segura.vbs&type=dom&ref_id=0d0be108061#tab=host_pairs

http://152.201.182.125
http://152.201.184.235
http://152.201.184.91
http://152.202.226.52
http://152.202.230.190
http://152.202.233.48
http://152.202.234.12
http://152.204.165.90
http://167.0.196.114
http://181.236.112.169
http://181.236.124.54

# Reference: https://x.com/ShanHolo/status/1855189166729887990

http://54.158.34.216

# Reference: https://www.virustotal.com/gui/file/008db7b1d766015d0c4b70423796dfe893b0182e98050492b531b7dc65e14356/detection

miralbha.online

# Reference: https://x.com/banthisguy9349/status/1855682671994884459

http://154.38.176.148
http://191.96.207.229

# Reference: https://www.virustotal.com/gui/file/cc34538fe03ba3d622596fc51d5561d20017ddf71390e7109819adcb519427ff/detection
# Reference: https://www.virustotal.com/gui/file/cc34538fe03ba3d622596fc51d5561d20017ddf71390e7109819adcb519427ff/detection

brokimimshin23tyuensideti.org
ra2utyr6zsdchelinais.com
muj4wxzugaldcvbiloker.com
wendertusidekulinriot.com

# Reference: https://x.com/banthisguy9349/status/1855905960071491803

http://194.26.192.76
194.26.192.76:443

# Reference: https://x.com/StrikeReadyLabs/status/1856083093989556265
# Reference: https://app.validin.com/detail?find=Donald%20Trump%20%7C%20Select%20your%20blockchain!&type=raw&ref_id=b3d05621ba6#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/44660a8ee9588624a610e54463d3ffbce1bf235482a1e88dd2d376a5fb74edbb/detection

http://62.60.236.149
trump-now.com
winapi772.site
x2trump.com

# Reference: https://x.com/k3yp0d/status/1856318774841913358
# Reference: https://www.virustotal.com/gui/file/2c98bc212bfe602ecf7dda4d9be47c0d37ecbe83ea0772809c5feef3b4e0f635/detection
# Reference: https://www.virustotal.com/gui/file/dd351352b913188862f6a16d939dd0327012b9cd5cb7dc0ef8459b8714bfceba/detection

rested-mudfish-evident.ngrok-free.app
wondrous-ladybird-basically.ngrok-free.app

# Reference: https://x.com/banthisguy9349/status/1856303206495580231

http://103.125.252.179
http://103.246.18.4
http://111.62.185.113
http://120.72.84.44
http://123.60.59.48
http://134.209.35.191
http://136.144.209.67
http://150.107.75.69
http://158.101.196.44
http://164.92.249.212
http://167.172.47.192
http://173.246.39.125
http://185.254.97.212
http://194.62.250.115
http://198.0.170.53
http://20.51.210.12
http://200.73.116.133
http://204.216.222.72
http://206.189.180.188
http://208.109.189.16
http://221.204.41.47
http://27.128.148.117
http://3.106.254.162
http://45.79.167.143
http://50.116.37.73
http://85.215.123.177
http://88.125.206.72
http://88.80.188.96
103.247.164.242:8126
140.115.59.15:3000
152.67.41.155:8069
157.230.126.196:1337
161.97.185.203:8100
182.176.163.231:8089
189.28.186.38:7070
192.3.159.189:8080
194.135.25.44:8080
195.228.0.166:5566
220.100.13.64:888
222.239.248.207:7937
222.252.15.38:9090
23.95.254.136:7080
27.102.130.160:801
27.102.130.176:801
31.220.92.125:8088
34.102.78.64:9002
34.173.59.165:8080
38.54.16.223:81
4.180.120.64:8000
4.228.230.148:4443
45.32.200.249:8000
47.109.192.219:8000
51.91.138.229:8001
52.151.88.215:8000
71.232.158.233:18080
8.209.212.26:8000
8.218.100.120:8888
90.145.223.142:443

# Reference: https://x.com/cyberfeeddigest/status/1856062543824843147

http://94.131.110.205
94.131.110.205:443

# Reference: https://x.com/johnk3r/status/1856727049869602874
# Reference: https://www.virustotal.com/gui/file/fecaffc65de43bb2294d6f21e29625220e87f43d08e84d971ba71c59c37a6d34/detection
# Reference: https://www.virustotal.com/gui/file/e5cb840b16a3d3fb048fa4069b5a743ecb3f65d9b2565a998a3cc5e51f934ba9/detection
# Reference: https://www.virustotal.com/gui/file/46d6961532ec4a6b752d39886d6a5ca8253d2221960ca6d529a393d10b8ee14d/detection

http://141.11.128.154
http://141.11.128.178
141.11.128.178:8128
141.11.128.178:8138
141.11.128.178:8151
141.11.128.178:8198
141.11.128.178:8205
141.11.128.178:8328
141.11.128.178:8406
141.11.128.178:8424
141.11.128.178:8437

# Reference: https://app.any.run/tasks/66824c77-2b16-4392-adb7-d7df0ac398cf/

http://92.42.96.30
92.42.96.30:445

# Reference: https://x.com/malwrhunterteam/status/1857869684932030615
# Reference: https://www.virustotal.com/gui/file/80c839c2491cf6c9a4e298b149af41b636ef42bc3255032a666b7afd6f0d23b0/detection
# Reference: https://www.virustotal.com/gui/file/847dfe2209165a60a5d2f896cbde8f296bcaca1b478ec05edc68ca36c68d235a/detection

http://147.45.50.109
147.45.50.109:445
fb-accountcenter.info

# Reference: https://x.com/daniel_sloof/status/1857869980018311361

http://193.188.22.73
bcbshieldn.com
premiumserviceads.com

# Reference: https://x.com/JAMESWT_MHT/status/1858512292746236336
# Reference: https://app.any.run/tasks/f1d29e6d-c7f6-4fb8-96c4-f8d998d822cf

ni-olympic-forests-invoice.trycloudflare.com
ready-bathroom-carter-membrane.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1858480858321014949

german-multiple-reunion-foundation.trycloudflare.com

# Reference: https://x.com/SeguInfo/status/1858525796479991949
# Reference: https://www.virustotal.com/gui/file/4d633c448d2a80a98fb7bd66a562917b6023816858049f4a4d5272ccf3096b06/detection

135.59.205.92.host.secureserver.net

# Reference: https://x.com/DaveLikesMalwre/status/1859031448725938422
# Reference: https://app.any.run/tasks/e4a3e4d5-3adb-450c-bcf2-0f1b75b81d98
# Reference: https://www.virustotal.com/gui/file/1c62769d0e740cfe9aa4a873d4c164634897168b7574dc3088ba42711cfd84f2/detection

cbpsendfi.info

# Reference: https://x.com/DaveLikesMalwre/status/1859364062309822572

65.20.104.193:8080
shadon.net

# Reference: https://x.com/karol_paciorek/status/1859954097908256877
# Reference: https://www.virustotal.com/gui/file/981db65a918db89fba166dc5b9063d873ca4a2528cf9d56e8bf893fd53b98ba0/detection

http://65.21.198.54

# Reference: https://x.com/DaveLikesMalwre/status/1860081562903281941
# Reference: https://app.any.run/tasks/3abc116c-e92d-4bdf-a43a-4c4b9df619d4

http://23.254.243.71
213.6.120.228:8000

# Reference: https://x.com/malwrhunterteam/status/1859988550655291395
# Reference: https://www.virustotal.com/gui/file/79b6e63218982c1e85a5e1798c5484e7e034cfecbe9f2da604f668fda8428af4/detection

77.91.73.101:443
dfssinstitute.com

# Reference: https://x.com/cyberfeeddigest/status/1860339192326148536

202.4.186.74:8888

# Reference: https://x.com/malwrhunterteam/status/1860370058867884468
# Reference: https://www.virustotal.com/gui/file/bd7e660fa8d3f9415c2cb60dcba07283470cdd6130d628b945278000134d7b69/detection

http://194.59.30.10
194.59.30.10:443

# Reference: https://x.com/thoughtfault/status/1860513406010400798

http://144.217.161.32

# Reference: https://x.com/StrikeReadyLabs/status/1861382459067122074
# Reference: https://www.virustotal.com/gui/file/6cbc581d5910b529fd9bfe37e05322f6eda0d48efc2e85479f61ea6becc10ca9/detection

http://156.238.236.209

# Reference: https://x.com/cyberfeeddigest/status/1862943514117423361
# Reference: https://www.virustotal.com/gui/file/9932ba7ecd442543d900978589ac030a5412f6e2edaa50b3b6ce481b0c84b257/detection
# Reference: https://www.virustotal.com/gui/file/29f7fb29421a892dfd0c21bc667c09956dc6d32e401683f2b85bf361f6d7ef11/detection

http://46.40.90.231

# Reference: https://x.com/malwrhunterteam/status/1862123763237630024
# Reference: https://www.virustotal.com/gui/file/580fcf22242c1fef6549fdfb6df25a72b4f0e902a5f6716c6b11905bd3fbc6fd/detection

0day.works

# Reference: https://x.com/malwrhunterteam/status/1861853158810452380
# Reference: https://www.virustotal.com/gui/file/2a097e705e59e118066bfc8f4d824cfedddbfcfe88b0a13ad3d3c4531c5eb3b7/detection

dzpvwobr.ru
ufn.dzpvwobr.ru

# Reference: https://www.virustotal.com/gui/file/da27e23d12efa9217cc06498fce1c423e6e6abb32c222abd6bead6938bb9e638/detection
# Reference: https://www.virustotal.com/gui/file/ad94dbf54fd1708a0ebcf2742a3acfdb42a889870e1a7d715e534e13d58873f2/detection
# Reference: https://www.virustotal.com/gui/file/77aff357e69fc000335b586ff638ab44734766356203ade34b3675709e61e4ca/detection
# Reference: https://www.virustotal.com/gui/file/3004bb2d2bce7114ebc7a2d0e56ff94bf37287d31c6bb78b3878b0ebe9d366a3/detection

http://213.108.22.208

# Reference: https://x.com/solostalking/status/1864532060896924136

http://13.92.118.96

# Reference: https://x.com/banthisguy9349/status/1865358144190509416

http://31.13.224.51
http://82.117.87.222

# Reference: https://x.com/banthisguy9349/status/1865365655169491231

http://104.233.210.179
http://147.50.240.62
http://176.113.115.163
http://185.202.113.6
http://192.3.243.136
http://194.87.145.71
http://194.87.31.196
http://34.131.9.88
http://42.193.42.92
http://45.76.191.170
http://78.20.115.5
http://91.214.78.71
2ig.cs.alab01.de
52575815-38-20200406120634.webstarterz.com
api.hostize.com
arteflordeliz.com.br
by.haory.cn
caca.vercel.app
covertservices.lol
dl.l96.org
down.ruanmei.com
ds2.obmenvsemfiles.com
exodus.lat
file.garden
gachetroi.com
grupodulcemar.pe
haha.ifhmodule.com
harmeetmotors.com
immense.software
inspirecollege.co.uk
l3monrat.com
memoriumloader.lol
monsterservice.xyz
nextjs-boilerplate-liard-nine-70.vercel.app
quanlyphongnet.com
rb3.ftnt.io
reddemon.xyz
rowine.lol
spiffy-biscochitos-b76efe.netlify.app
stipamana.com
store.monsterservice.xyz
update.cg100iii.com
wanfreeprogram.shop
ximonite.com

# Reference: https://x.com/cyberfeeddigest/status/1865491614917099831

http://193.219.28.148
193.219.28.148:443

# Reference: https://www.virustotal.com/gui/file/183c57d9af82964bfbb06fbb0690140d3f367d46d870e290e2583659609b19f2/detection

apple-online.shop

# Reference: https://x.com/orlof_v/status/1865736313921495199

http://104.168.155.254
http://104.236.20.176
http://117.72.36.133
http://130.61.230.173
http://138.2.157.76
http://140.238.42.106
http://142.44.163.133
http://15.204.227.70
http://159.203.68.47
http://164.215.103.253
http://172.84.94.120
http://178.128.53.197
http://18.191.236.208
http://18.221.118.190
http://185.231.233.254
http://195.201.232.236
http://212.28.179.145
http://213.165.90.159
http://34.32.218.171
http://37.120.164.104
http://45.207.202.122
http://54.78.74.237
http://8.222.170.66
http://96.30.198.132

# Reference: https://x.com/banthisguy9349/status/1866121920808419751

http://202.29.95.12

# Reference: https://x.com/ShanHolo/status/1866768979727094008

http://172.233.139.5

# Reference: https://x.com/DaveLikesMalwre/status/1866638790799843804

http://65.38.121.151
65.38.121.151:8080

# Reference: https://x.com/JAMESWT_MHT/status/1867583058242941101
# Reference: https://www.virustotal.com/gui/file/ef5e8d7b372a5dd70303f6efe7af8b43c0c7e423df2591e612696e62a2f6f248/detection

establishing-appliance-publication-obvious.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/23863950b51d6367bc582903344bddf0ba81454ef53c6d2403b57a3035d75844/detection

usage-supposed-nurses-rica.trycloudflare.com

# Reference: https://x.com/smica83/status/1867922027468005803
# Reference: https://www.virustotal.com/gui/file/74e324106186b83f9f6420874dc47e3c80aba08670cc9ec1266cdb95207cddf6/detection

http://123.136.93.78
123.136.93.78:7000
123.136.93.78:8443

# Reference: https://www.virustotal.com/gui/file/b8a1bbd67a97c7be7c3bedcd6cca79840c836b89f647aa47de8b8aa19c24965c/detection

http://154.216.16.83
http://2.58.56.243

# Reference: https://www.zscaler.com/blogs/security-research/nodeloader-exposed-node-js-malware-evading-detection

chillers.com.ar
korepi.xyz

# Reference: https://x.com/ShanHolo/status/1867888227350417719

http://212.113.107.84

# Reference: https://x.com/banthisguy9349/status/1868246412254990732

http://147.45.47.15
adobe-acrobat.com

# Reference: https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446

http://91.212.166.60

# Reference: https://x.com/ShanHolo/status/1869024156907626657

http://192.3.179.166

# Reference: https://x.com/banthisguy9349/status/1868691655123186156
# Reference: https://www.virustotal.com/gui/file/317e430bc1b60bfef6b1cf065aee81285bd1324c8a4032d9ee68cec0119f05d2/detection

http://87.120.126.205

# Reference: https://x.com/JAMESWT_MHT/status/1869734464970268769
# Reference: https://app.any.run/tasks/a49f35b8-defe-4548-a798-887ad8e8abc5
# Reference: https://www.virustotal.com/gui/file/10f0a14d9fb497e9aed942fc9193811b5437bb4dbd606c3db0b69f2273ce601a/detection

iblue.team/update.sct

# Reference: https://urlhaus.abuse.ch/browse.php?search=c78dde15ecb3b9c4b443077c78b23829237db6bfa7ad71c8e70427e20e14004c

83.136.209.53:26077
makingbmw2skodahossh.net
additional-markets-fee-romance.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/0682a58e457903fce3e17842e5d2b271b1ea84c45da77e1f5a0c91e631bc6b2c/detection

ddl.safone.dev

# Reference: https://x.com/x86rax/status/1871278843404894464
# Reference: https://x.com/ViriBack/status/1871287287860146425

http://216.7.91.110
http://66.84.11.61

# Reference: https://x.com/cyberfeeddigest/status/1871628711080137158

http://163.172.38.6

# Reference: https://x.com/cyberfeeddigest/status/1871627185884430425

http://41.204.120.138

# Reference: https://x.com/StrikeReadyLabs/status/1872487295078834404
# Reference: https://github.com/StrikeReady-Inc/samples/blob/main/2024-12-26%20susp%20uac0184/urls.txt

http://146.185.239.45
http://146.185.239.47
http://146.185.239.51
http://146.185.239.56
http://146.185.239.60
http://80.66.79.159
http://80.66.79.195
http://80.66.79.200
http://80.66.79.36
http://80.66.79.91

# Reference: https://x.com/cyberfeeddigest/status/1873722537705714100

mytestlab.rocks

# Reference: https://x.com/JAMESWT_MHT/status/1867655300440064205
# Reference: https://x.com/Tac_Mangusta/status/1873846754288030066

windowsupdate.htb

# Reference: https://x.com/banthisguy9349/status/1875599493967835437

http://124.220.93.33

# Reference: https://x.com/ShanHolo/status/1877315923012456497

87.121.86.2:8080

# Reference: https://app.validin.com/detail?find=cbot.exe&type=dom&ref_id=86824230b95#tab=host_pairs

ezywelfar.online
063ec24b-4506-40ad-b9ff-c4a14aa2cd43.ezywelfar.online
sitemap.ezywelfar.online
ytpdlayayt78zihm.ezywelfar.online

# Reference: https://x.com/banthisguy9349/status/1878131847344845152
# Reference: https://app.validin.com/detail?find=kanew.exe&type=dom&ref_id=4c175b76c33#tab=host_pairs

http://45.9.148.181
http://45.93.20.67

# Reference: https://x.com/ShanHolo/status/1878147343062638608

http://66.63.187.250

# Reference: https://x.com/DaveLikesMalwre/status/1879174412207038612

http://101.32.40.22

# Reference: https://x.com/JAMESWT_MHT/status/1879861859450560929

tracked-dosage-deeper-verbal.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/51157f53e83fb4e2536a13d04ba683a3b5bb222a6e1772c54b19a0b52689fc99/detection

http://62.122.184.98

# Reference: https://x.com/cyberfeeddigest/status/1880354479750455361

m.bureaux.fr

# Reference: https://x.com/ViriBack/status/1881327750503665912

ps5.zip
cdn.ps5.zip

# Reference: https://x.com/JAMESWT_MHT/status/1881370512854761826
# Reference: https://www.virustotal.com/gui/file/a489b6d09e31f5e15f6ef396579e30fa0714b01864c39e0cfc87680b88359b38/detection

http://31.177.110.99

# Reference: https://x.com/ShanHolo/status/1882063368980463745

servicee.x24hr.com

# Reference: https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html
# Reference: https://documents.trendmicro.com/assets/txt/Fakeinstallers-IOCswCQX6fX.txt

http://194.116.215.195

# Reference: https://x.com/James_inthe_box/status/1882526324834939379
# Reference: https://app.any.run/tasks/365f8969-106d-4fa0-8587-7d2593731a67

palharesinformatica.com.br

# Reference: https://www.virustotal.com/gui/file/a5df505a187815f7caff1bb2479d6e9ae450c46d4de15ab696b8d4bde7542350/detection

http://103.110.33.188

# Reference: https://x.com/JAMESWT_MHT/status/1883960931123896436
# Reference: https://www.virustotal.com/gui/file/13aceeda067ad9ee98e2bb4262c0d7d329be9a3cf9d8cfd5e262d0b255123073/detection

rugs-activity-kim-isbn.trycloudflare.com

# Reference: https://x.com/JAMESWT_MHT/status/1885255778300211530

http://89.23.97.214

# Reference: https://x.com/malwrhunterteam/status/1887071048455139621

coaches-revealed-everyday-bargain.trycloudflare.com
downloads-dimension-loading-alpine.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1886889686473564451

http://89.23.99.249

# Reference: https://x.com/malwrhunterteam/status/1887817760761172184

bush-felt-fossil-richard.trycloudflare.com

# Reference: https://x.com/jcarndt/status/1887523224923111536

http://87.120.120.56

# Reference: https://x.com/malwrhunterteam/status/1887930020057825621

http://212.34.135.153

# Reference: https://x.com/Merlax_/status/1886887454247891153

http://102.165.46.179
102.165.46.179:443

# Reference: https://x.com/DaveLikesMalwre/status/1886536583710740628
# Reference: https://www.virustotal.com/gui/file/5d1b85c383d695998af3fcab882759b1bda93c4db6cd8da0d274731e95fd7f68/detection

http://185.147.125.135
http://45.151.62.80

# Reference: https://x.com/cyberfeeddigest/status/1888940250518405501

dl.behbahan.net/pub/Program/

# Reference: https://x.com/cyberfeeddigest/status/1889043065261998218

http://210.109.103.157

# Reference: https://x.com/skocherhan/status/1888747484777787787

http://178.173.237.222

# Reference: https://x.com/cyberfeeddigest/status/1889403511580012993

http://149.90.47.7

# Reference: https://x.com/malwrhunterteam/status/1889379574519402633
# Reference: https://www.virustotal.com/gui/file/73acf4ee3f689fd4e68707c3d392d58d2c4f944453d1e08902e00645d690c8e9/detection

klingpremium.xyz

# Reference: https://x.com/Tac_Mangusta/status/1889652723185750455

itech-sy.com

# Reference: https://x.com/skocherhan/status/1889958278681047247/history
# Reference: https://www.virustotal.com/gui/file/b93507c131a129dd08246282e1440daa25fcefdf95f3af23ada29660258e1a6d/detection

http://146.19.207.4
getawp.xyz

# Reference: https://www.virustotal.com/gui/file/49b1d08b0d97612ad177935b35ed6ccf80cdb818c55c0f6c3158c8d573d896a7/detection

http://95.216.224.46

# Reference: https://x.com/JAMESWT_MHT/status/1890358298743820682

http://196.251.92.64

# Reference: https://x.com/skocherhan/status/1890401939646472318
# Reference: https://app.validin.com/detail?find=puxar.zip&type=dom&ref_id=e6589c39f60#tab=host_pairs (# 2025-02-14)

http://138.197.39.185
http://138.197.43.24
http://143.198.23.149
http://159.203.137.96
http://159.65.164.118
http://159.65.172.67
http://159.65.172.98
http://164.90.150.177
http://164.90.154.40
http://18.216.148.210
http://192.241.243.75
http://3.91.208.147
http://54.165.253.198
3vnxdr.easypanel.host
analytics.turmad.com
crm.expressosaoluiz.com
hml.expressosaoluiz.com
node.kindredorder.com
minivino.com
socket.expressosaoluiz.com
tecosaltillo.com
trpultz.com
trytin.com

# Reference: https://x.com/malwrhunterteam/status/1890667855374401721

pad-buy-sounds-photographers.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1890668849990647844

tucson-option-aspect-recommended.trycloudflare.com

# Reference: https://x.com/DaveLikesMalwre/status/1890755338443563099
# Reference: https://app.any.run/tasks/47dd4904-9cf7-4fa4-91bf-93b3d852a91b

http://45.61.157.179
kdr-ru.ru

# Reference: https://x.com/DaveLikesMalwre/status/1891152970483445785

cayman-inter-descending-processed.trycloudflare.com
relates-pit-velocity-simply.trycloudflare.com

# Reference: https://x.com/salmanvsf/status/1891392767386960222
# Reference: https://www.virustotal.com/gui/file/6cfd012560ced03c3b14b8c841e0dfdc402f7894409865fa8431f43677d91e76/detection
# Reference: https://www.virustotal.com/gui/file/f5147089f2ce2d03465d3ceeb32f2813dab15e5103b52ca8013e93c149f55326/detection

hkuu.oss-cn-hongkong.aliyuncs.com

# Reference: https://app.validin.com/detail?find=2c2951f9c795c19412bf900f8e0ea00e&type=hash#tab=host_pairs (# 2025-02-17)

britney-dollar-brass-mat.trycloudflare.com
data.bonami.cloud
dav.denzy.net
deadly-fascinating-along-staying.trycloudflare.com
di-thanksgiving-essentially-enable.trycloudflare.com
episode-windsor-subdivision-delivery.trycloudflare.com
everywhere-nat-enhanced-closing.trycloudflare.com
information-differently-genesis-jackie.trycloudflare.com
inventory-obelis.ltd
italia-committees-practical-violence.trycloudflare.com
minute-madonna-cakes-supplemental.trycloudflare.com
possess-probably-coupon-cure.trycloudflare.com
srv.couleurscaraibes.fr
webdav-aws-dtwin.web3d.opencascade.com
weight-raid-relaxation-forests.trycloudflare.com
whats-menu-familiar-zshops.trycloudflare.com
wrote-kernel-extend-designation.trycloudflare.com

# Reference: https://x.com/JAMESWT_MHT/status/1891548272243687483
# Reference: https://www.virustotal.com/gui/file/aeed1fc8365a2d894d35c6e5232df2fa30d82480e071b200e818293035c89783/detection

http://193.233.85.226

# Reference: https://x.com/James_inthe_box/status/1891546004458971621

otarvesq.com
dmc.otarvesq.com

# Reference: https://x.com/malwrhunterteam/status/1892204162177200570

http://176.65.142.34

# Reference: https://x.com/malwrhunterteam/status/1892527657520189461

festivals-enquiry-chick-bit.trycloudflare.com

# Reference: https://x.com/James_inthe_box/status/1892583544989364733

did-efficiency-than-lenses.trycloudflare.com
em-ash-announcements-alpha.trycloudflare.com
reached-theoretical-regular-impact.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1892615573957120081

plan-shakespeare-phillips-sharp.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1894141741881499827
# Reference: https://www.virustotal.com/gui/file/02d34aaf036eafb8f42f20a0dd1d30a7aeb89c5c5b463ec8f67f3cd73f58ed20/detection

101.43.216.184:11519

# Reference: https://x.com/malwrhunterteam/status/1894125972942701014

rounds-cams-rebecca-polls.trycloudflare.com

# Reference: https://x.com/James_inthe_box/status/1894158786862219587

nl-theatre-saver-impact.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1894313124569694363

boc-uh-relatively-po.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1894426521273516341

educational-preference-interfaces-buddy.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1894675330960409052

tournament-temporarily-yard-risks.trycloudflare.com

# Reference: https://x.com/James_inthe_box/status/1894768592669032952

assistance-newton-adam-indiana.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1895098454990581791

http://83.217.208.90

# Reference: https://x.com/malwrhunterteam/status/1895096846558605378

returned-yea-unknown-stats.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1895780937184727044
# Reference: https://app.validin.com/detail?find=c68d22bd5820fc841b03bb803df2dc28&type=hash&ref_id=b7b05d27ae9#tab=host_pairs (# 2025-03-01)
# Reference: https://www.virustotal.com/gui/file/38eff554ddee7664cd8b1c003ddf96f7ebe608acbe236b74e9045fd831a0c100/detection

mtelemetry.sbs
verifyhuman.run

# Reference: https://github.com/hagezi/dns-blocklists/issues/5392

orchael.fun
unstal.cfd
comprehension.unstal.cfd
unambia.orchael.fun

# Reference: https://x.com/malwrhunterteam/status/1896540467107606698
# Reference: https://www.virustotal.com/gui/file/e6df89bb9d51817fff1b7704e70d406584d80839e1bb1cb319c4150015b84914/detection

http://146.185.233.97

# Reference: https://x.com/malwrhunterteam/status/1896695407801172337
# Reference: https://www.virustotal.com/gui/file/502104d48d0a4735a6a051744277c9231f8da156311ec99367bca50b7a47a613/detection

http://146.185.233.90

# Reference: https://github.com/hagezi/dns-blocklists/issues/5399

addfaunugraipt.com
faunugraipt.com
phirussacmush.net
trumpsupport.help

# Reference: https://x.com/James_inthe_box/status/1896653528351093039

add-jackson-revenge-ballet.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/236850ae28015cf9b0f20a677ade5bef2a85bef665585c48d88cc00a823323ad/detection
# Reference: https://www.virustotal.com/gui/file/ef0b2e0c337e11a94279025f9cdeba519d1aee7c1af3013053fe510955e2aa85/detection

http://146.185.233.98

# Reference: https://x.com/skocherhan/status/1897424368159879365
# Reference: https://www.virustotal.com/gui/file/96cdddf90916214f2b9d63dbcb7b6274e0ff7ed4a3ee68790de12f3daf42181a/detection

89.185.80.111:8080

# Reference: https://x.com/malwrhunterteam/status/1897634513951371369

juan-caring-organizations-failures.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1897929796383846770
# Reference: https://www.virustotal.com/gui/file/d0e8a91af95d62dc58dbfd64970f1b255c6bffedeaf21b3e6ec4e89496f6c67a/detection
# Reference: https://www.virustotal.com/gui/file/83024c7a9ba256a36fb9b751926170c08dd4daa1866c119856cd091b1275897f/detection

http://81.19.131.95

# Reference: https://x.com/malwrhunterteam/status/1899863136728920535

typically-nut-personalized-syndication.trycloudflare.com

# Reference: https://x.com/ShanHolo/status/1899474762339906031

http://192.227.228.22
192.227.228.22:443

# Reference: https://x.com/cyberfeeddigest/status/1900181591894147479

sequoiagroup.com/utils/

# Reference: https://x.com/malwrhunterteam/status/1900127561381802279
# Reference: https://www.virustotal.com/gui/file/75797892d19890d12a9715232127e3148c508dab8ea7ff8f3ecaaa64b6e58116/detection

http://62.133.61.75

# Reference: https://x.com/Jane_0sint/status/1900251834121335278
# Reference: https://app.any.run/tasks/baf4febd-cc6d-4236-9dc9-98ddfe6aa930

3.69.157.220:10407

# Reference: https://x.com/malwrhunterteam/status/1900267666436174164
# Reference: https://www.virustotal.com/gui/file/d8a641a419044c45be2bf1bf10d143a5848a5c341935501664a007df73776bd7/detection

http://38.180.213.4

# Reference: https://x.com/ex_raritas/status/1900537374553055555

http://176.65.144.3

# Reference: https://x.com/malwrhunterteam/status/1900658107161665879
# Reference: https://www.virustotal.com/gui/file/69e6acdc7a1124c97d47a623678faa81db0fc6a3c4d46e2c4379c5c65ccf54be/detection
# Reference: https://www.virustotal.com/gui/file/86b75bfaac57298437c34792013311140d3de3e03782748581e7e06197936115/detection

jnb20prdstr01a.store.core.windows.net
mckcrecruitment.z1.web.core.windows.net
web.jnb20prdstr01a.store.core.windows.net

# Reference: https://www.virustotal.com/gui/file/dbef75087e09f92c3e59ed05d00bce81f03f0d53249f97ce84a145c10c7dd136/detection

http://147.45.44.68

# Reference: https://x.com/JAMESWT_MHT/status/1901147192053596414
# Reference: https://www.virustotal.com/gui/file/13b501f0887373000a42e10b0f2abf1b4cd2f0b8ece2f3465c76f6c239c84c7c/detection
# Reference: https://www.virustotal.com/gui/file/2227f966be3c28923b1b711bcf132cda755db183fdd881136be9719f38a1b5bc/detection

braindemics.org

# Reference: https://x.com/malwrhunterteam/status/1901629453719015710
# Reference: https://www.virustotal.com/gui/file/c8602f6132e3d7327c8ea8896010936d2b236bb595fd9a0a9436eec69bb86c49/detection

http://212.192.14.113
cloudcentstorage.com
meritencore.com

# Reference: https://x.com/malwrhunterteam/status/1901680350226428346
# Reference: https://www.virustotal.com/gui/file/140dbeffbf914b560c223e4eec4381866c51484eee5fc50c244264c4e1e0bb10/detection

http://172.245.20.222

# Reference: https://x.com/malwrhunterteam/status/1901707303058813139

196.251.117.42:20123

# Reference: https://x.com/malwrhunterteam/status/1901967890070253742

invoice-docs-file.site

# Reference: https://x.com/malwrhunterteam/status/1902307233934795216
# Reference: https://www.virustotal.com/gui/file/92de472b6dfad0781ef198d4af2538ed2d87fbf327858d9c27ba880d4d6c162c/detection

196.251.80.250:16309
bonidasrl.com

# Reference: https://x.com/malwrhunterteam/status/1902811486713680052
# Reference: https://www.virustotal.com/gui/file/0bc63fbe7843ff41fc6f933af3a459b9b8057599e28366e9b60f2e346ecf2de8/detection
# Reference: https://www.virustotal.com/gui/file/f70714fc5f89aa40b94f66b1f5fe9911fae1b362e53425f0ef028461513767fa/detection

http://103.112.98.118

# Reference: https://x.com/salmanvsf/status/1903019138131395056
# Reference: https://www.virustotal.com/gui/file/5ea53c39d9cb7d959399eac0009ed62fc41917a14e5f1a7fc951c4e12989a600/detection

ugta-hacks.shop

# Reference: https://x.com/jcarndt/status/1903131106020319532

bay-boy-mali-carter.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1903375113887609009

healthy-deemed-essays-opens.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1903537263377629324
# Reference: https://www.virustotal.com/gui/file/8395fc6e4708a45a51769d0dbf21cf7654d9076e6e9ad728d8b1a02c6ed72020/detection

dubai-mods-vincent-yellow.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1903526450281521596
# Reference: https://www.virustotal.com/gui/file/56f62aa193a254ea2607bb1f42971ebbe4e69631d0afb1f80beb6a89b83046ca/detection

myupload.net

# Reference: https://x.com/smica83/status/1903771907926712651
# Reference: https://www.virustotal.com/gui/file/10e1c1afb6cecc338b955f71be696310a09bc2a7db7be855589c7818079890b1/detection

pcheck.me

# Reference: https://x.com/skocherhan/status/1903968293997658584
# Reference: https://www.virustotal.com/gui/file/041b5d7d9326495a95264aeb63bb5ec66ec6f7c9342da886577d8b910a57645d/detection

http://109.172.87.111
http://144.91.127.5

# Reference: https://x.com/skocherhan/status/1903972594316964124
# Reference: https://www.virustotal.com/gui/file/b71900a845d1fbfe8d6e40957af57a77e8eaee3a0ff2cf7dcfcf04c9b49dc992/detection

http://217.154.16.81
http://69.48.201.40

# Reference: https://x.com/ViriBack/status/1903973216193773820
# Reference: https://www.virustotal.com/gui/file/0e4089d6b6eee0784f68039995b5c51b68051d63760e09e57ee92ec9ee82a5bb/detection

http://185.156.73.98
http://62.60.226.112
ofice365.github.io

# Reference: https://x.com/RakeshKrish12/status/1904060612214173950

http://174.138.23.254

# Reference: https://x.com/malwrhunterteam/status/1904127600202530995
# Reference: https://www.virustotal.com/gui/file/ac1a623822a4d44bfb300d86d9210fbaaf0c73c1ec8cdea00236bacf154b09c0/detection

parallels.ltd
download.parallels.ltd

# Reference: https://x.com/malwrhunterteam/status/1904166167960260840

climate-larger-winner-ash.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1904963648176480262

glass-tm-docs.com/verkoopcontract-data/

# Reference: https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/
# Reference: https://github.com/eset/malware-ioc/tree/master/ransomhub

http://45.32.206.169

# Reference: https://x.com/malwrhunterteam/status/1905190905469956528
# Reference: https://www.virustotal.com/gui/file/0cefb8d750ef3004cb6e7e446cfd15d9d6a72c551435354d42d05743d2e0efa6/detection

85.239.53.86:36989
85.239.53.86:42271

# Reference: https://x.com/malwrhunterteam/status/1905334961126715668
# Reference: https://www.virustotal.com/gui/file/de88a2f58d34e7ccb564fb9605ea802c82f91aa2e29e25df7301876ede8f8de6/detection

http://92.255.85.6

# Reference: https://x.com/malwrhunterteam/status/1905318627215049117

amazonawsi.com
tencentcloudapl.com
api.amazonawsi.com
api.tencentcloudapl.com
demo.amazonawsi.com

# Reference: https://x.com/skocherhan/status/1906569347369177461
# Reference: https://www.virustotal.com/gui/file/01902edf91dfab71f33fc2095fa61380f60001c96d5179f2a32550a589be2bb9/detection

http://195.211.191.93

# Reference: https://www.virustotal.com/gui/file/29bc848edc7ba6ff09809b2ef47150a87ddd77f199d18ee38ad563d9a9309244/detection

http://160.25.232.62

# Reference: https://www.virustotal.com/gui/file/d7dd79f0577c03725669147331f983e8552cd166e612e2a0b1e9256acb2f954c/detection

http://104.245.241.157

# Reference: https://x.com/ClearskySec/status/1907073303879299554

http://146.185.239.33
http://38.180.49.67
http://38.180.49.87

# Reference: https://x.com/malwrhunterteam/status/1907144832650297420

hugo-clark-stanley-lopez.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1907366373233213880

147.45.221.229:8080

# Reference: https://app.validin.com/detail?find=WsgiDAV%20-%20Index%20of%20%2F%20&type=raw&ref_id=92d22e2d855#tab=host_pairs (# 2025-04-02)

consortium-event-watershed-worm.trycloudflare.com
malawi-light-pill-bolt.trycloudflare.com
nissan-signature-rs-noise.trycloudflare.com

# Reference: https://app.validin.com/detail?find=45.94.31.242&type=ip4&ref_id=076ab22c2d7#tab=host_responses (# 2025-04-02)

http://45.94.31.242
45.94.31.242:8000

# Reference: https://app.validin.com/detail?find=8.219.103.194&type=ip4&ref_id=076ab22c2d7#tab=host_responses (# 2025-04-02)

http://8.219.103.194
8.219.103.194:5000

# Reference: https://x.com/malwrhunterteam/status/1907161758889885738
# Reference: https://www.virustotal.com/gui/file/48328ce3a4b2c2413acb87a4d1f8c3b7238db826f313a25173ad5ad34632d9d7/detection

http://185.237.165.230

# Reference: https://x.com/ch4ng3th1ss/status/1907525413016055820
# Reference: https://app.validin.com/detail?find=sliver.exe&type=dom&ref_id=b4fcf6a0d7e#tab=host_pairs (# 2025-04-03)

http://34.199.135.59
http://44.217.22.217
http://54.90.80.120
idbnyus.com

# Reference: https://x.com/redrabytes/status/1907578887703277936

http://85.192.48.186

# Reference: https://x.com/ShanHolo/status/1907143013807059309
# Reference: https://www.virustotal.com/gui/file/91b0b1f842b5380d81ecf3f023a2b8a2a7abb86dc9ef4de58f569752dbe15f52/detection

http://162.0.213.235
162.0.213.235:443

# Reference: https://x.com/ShanHolo/status/1907722473442853261

http://77.239.125.78

# Reference: https://x.com/malwrhunterteam/status/1908210612645032160

ep-chose-blanket-cheats.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1908242568434888777

identity-rapid-vessel-benz.trycloudflare.com

# Reference: https://x.com/ShanHolo/status/1908820465067450612

http://13.215.72.59

# Reference: https://www.virustotal.com/gui/file/0701becbee63ab67752774b2abff998744488f66f11a2d9e6d1f5da4feed11c0/detection

http://104.168.28.10
http://107.174.192.179
http://64.227.147.100

# Reference: https://x.com/DaveLikesMalwre/status/1908880979080728726

bernard-criterion-consultant-url.trycloudflare.com
dolls-pet-bon-shirts.trycloudflare.com

# Reference: https://x.com/DaveLikesMalwre/status/1909308172034085105

http://85.192.49.136

# Reference: https://x.com/ShanHolo/status/1909533969780965829

http://176.65.144.205

# Reference: https://x.com/malwrhunterteam/status/1909595081444556975

newcastle-rating-artificial-commissioners.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1909599096203075663

shed-determination-conviction-herself.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1909597678989725751

cold-neon-springfield-asset.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1909639802636378558

numbers-queensland-rec-thumbs.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1909640364903805165

representations-acknowledge-removed-rocks.trycloudflare.com

# Reference: https://x.com/ex_raritas/status/1910301184323170533

http://176.65.142.190

# Reference: https://x.com/malwrhunterteam/status/1910431815115874663
# Reference: https://www.virustotal.com/gui/file/92ce1d99232069a56991f5d843f1ffa3cd3d5c30e36212387aa39772d391777d/detection

nova-blight.fun
novasubdomainsocool.nova-blight.fun

# Reference: https://x.com/malwrhunterteam/status/1910750831575494850

jacob-saudi-proxy-installed.trycloudflare.com

# Reference: https://x.com/cyberfeeddigest/status/1910766802260414622

http://213.16.62.185

# Reference: https://x.com/skocherhan/status/1911202151541440901

http://5.230.36.105

# Reference: https://x.com/ShanHolo/status/1911335401786089876

http://104.168.7.18

# Reference: https://www.virustotal.com/gui/file/09e7cf5f60e1799d95aaebce0ef9ed68b3b0d2c921f0f4fa9f2471d8bf4dbdc0/detection

http://216.9.226.137
bonato.digital

# Reference: https://www.virustotal.com/gui/file/1288749acbec0442294a4de48b128c1b4a2434ecb18d48ad5567bf0a2542a837/detection

http://172.245.123.17

# Reference: https://x.com/malwrhunterteam/status/1911848306541572226

achievements-plates-station-gaming.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1911898094850941055
# Reference: https://www.virustotal.com/gui/file/513ebd11a13b17d7dce3681aa7a100dc4d2bfe40643eb39376898e6a0b00d21f/detection
# Reference: https://www.virustotal.com/gui/file/356fc07c85f3f595aeb7533a1670a1b6237050a3b58e190b23bb93bf6c0e6889/detection

http://46.161.0.20

# Reference: https://x.com/malwrhunterteam/status/1912131182482927876
# Reference: https://www.virustotal.com/gui/file/e3259b3652a66a87a04c9d3145d196958bd6197a69fa6a30d327ead56c0aaca0/detection
# Reference: https://www.virustotal.com/gui/file/560245186b74719f4ac3f9f93fbd79e3f2c1238ef6b121e01cd509ef62c53785/detection
# Reference: https://www.virustotal.com/gui/file/453ce10de95c232efb225751413a0c6bee0e86a92568b02db8cd6f55d932afe9/detection

http://81.19.131.128

# Reference: https://x.com/malwrhunterteam/status/1912416512452727124
# Reference: https://www.virustotal.com/gui/file/bcb3a39d7339370a539ad601944eec205515df3411f6a38654ccdf257f87d45c/detection

http://8.134.199.119

# Reference: https://x.com/abuse_ch/status/1912534630013481357

http://62.60.226.200

# Reference: https://x.com/malwrhunterteam/status/1912633751512969633

markets-zip-tasks-dover.trycloudflare.com
pendant-ask-chi-comparable.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/19847a5a6149eb7c8aae9a265525e2e9b48e7a5b46ad8c4000284ccd9710b4a2/detection

http://45.146.81.73

# Reference: https://x.com/ElementalX2/status/1913247237771083802
# Reference: https://www.virustotal.com/gui/file/f4bb263eb03240c1d779a00e1e39d3374c93d909d358691ca5386387d06be472/detection

mail.9kyd.com

# Reference: https://x.com/James_inthe_box/status/1912864102504153100

http://176.65.134.79
176.65.134.79:443

# Reference: https://x.com/banthisguy9349/status/1914364724348674536

http://142.44.198.83
142.44.198.83:443

# Reference: https://x.com/JAMESWT_WT/status/1914735784395002323

demopark.com.tr

# Reference: https://x.com/malwrhunterteam/status/1912221417845751858

fy-golf-fraction-bath.trycloudflare.com
valuable-munich-private-institution.trycloudflare.com

# Reference: https://x.com/skocherhan/status/1911885303490420799
# Reference: https://www.virustotal.com/gui/file/2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2/detection

http://192.3.26.143
http://89.110.92.167

# Reference: https://x.com/ShanHolo/status/1915305788429525041

halifax-potato-routine-script.trycloudflare.com
seven-tx-wicked-rwanda.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1915345171606065318
# Reference: https://www.virustotal.com/gui/file/c7e6a88d4fddc3cc873a1ebd6ed37199a0a41e031b9b80e98a1ac990c4416467/detection

http://8.213.216.95

# Reference: https://app.validin.com/detail?find=2c2951f9c795c19412bf900f8e0ea00e&type=hash#tab=host_pairs (# 2025-04-25)

724hediye.com
bufing-portfolio-eventually-quote.trycloudflare.com
carry-lately-hills-systematic.trycloudflare.com
divide-snow-pound-clip.trycloudflare.com
diy-solution-warriors-workflow.trycloudflare.com
fileupload.loophole.site
here-eliminate-judy-zoloft.trycloudflare.com
meals-screenshot-collaboration-theft.trycloudflare.com
n-rhythm-victoria-venture.trycloudflare.com
pleased-stripes-framing-synopsis.trycloudflare.com
status-vital-apr-regional.trycloudflare.com
test.vasecure.site

# Reference: https://x.com/malwrhunterteam/status/1915695553779769389
# Reference: https://www.virustotal.com/gui/file/35b8281e499b0779bae22150dac254ddaa71b012c02fe4710ade2188e73f55be/detection

http://147.93.111.114

# Reference: https://x.com/DaveLikesMalwre/status/1916202694932316656

http://195.82.147.91
http://45.67.229.40

# Reference: https://x.com/malwrhunterteam/status/1916109931406660023

http://66.63.187.9

# Reference: https://x.com/banthisguy9349/status/1916105701828550813

http://80.64.16.35

# Reference: https://x.com/banthisguy9349/status/1916105701828550813
# Reference: https://www.virustotal.com/gui/ip-address/185.39.17.239/detection

http://185.39.17.239

# Reference: https://x.com/1ZRR4H/status/1916077192095711571
# Reference: https://www.virustotal.com/gui/file/62f413c582ee9d7b169e31d3bb408472d22a847a5d073bddfc18f5f861ac817f/detection

http://103.68.181.217

# Reference: https://x.com/ShanHolo/status/1916788287416442887

http://104.168.32.79

# Reference: https://x.com/malwrhunterteam/status/1916817079929368666
# Reference: https://www.virustotal.com/gui/file/d8e88bc991b855c38414a1402a0c0ebb8b15f5d3e309cefd16f57c79ce21f067/detection

zip-pharmacy-capabilities-pattern.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1916818543691043186

waves-headset-qualify-rep.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1916946401730179377

http://83.138.53.186

# Reference: https://x.com/malwrhunterteam/status/1916948290614039016

http://45.15.162.16

# Reference: https://x.com/JAMESWT_WT/status/1917170269816328217

http://176.65.144.23

# Reference: https://x.com/malwrhunterteam/status/1917871330289909958

photographers-forums-mc-league.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1917839589013676224
# Reference: https://www.virustotal.com/gui/file/9f6e77574294fe83e7cdeb2734721f8e558c504d8a97aedd0fb3c9ec087bbcba/detection

apruu.s3.ap-southeast-1.amazonaws.com

# Reference: https://x.com/JAMESWT_WT/status/1917985199112986652
# Reference: https://app.any.run/tasks/5972a8c5-5b87-4579-9cc5-8bc268abd6c0
# Reference: https://app.any.run/tasks/d9ba419a-d1cd-4912-b114-74a8f0416c75
# Reference: https://www.virustotal.com/gui/file/a300e62cdad3282467bd71fb7cd7931a734a84528f1b49a2874409a8301c048b/detection

http://80.64.18.173

# Reference: https://x.com/malwrhunterteam/status/1918051636393513129
# Reference: https://x.com/naumovax/status/1922977722331992422
# Reference: https://x.com/JAMESWT_WT/status/1923006246401048820
# Reference: https://www.virustotal.com/gui/file/4addded66ed92fa76bae32cfc577fc892b4b34e115c8b116d60c9340b382dd92/detection
# Reference: https://www.virustotal.com/gui/file/c2f3c16e2d03e9333789a920c316346d302b5cc9e23b31fb832cbecbe86f25de/detection

http://64.20.33.198
64.20.33.198:443
http://74.50.81.190
74.50.81.190:443

# Reference: https://www.virustotal.com/gui/file/5222d19176c9512eb5baa42d6d0c7ac1701bf18cd3742664e251782fb4d6ec37/detection

pumainvestments.azurewebsites.net

# Reference: https://www.virustotal.com/gui/file/005c4a849b9d3810b14a814788d5bb085c3c144fe482a94c58ce8bedda59dfe8/detection

http://45.142.202.56

# Reference: https://x.com/malwrhunterteam/status/1918239811204497490

zip-lately-permitted-jd.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/2f12470db4f787de480173d34fd69d78e53f265e229d9ee93cc278d7fe1ecfb9/detection

whiteafrica.lovestoblog.com

# Reference: https://www.virustotal.com/gui/file/c14f61d848a1a0859c75f8f26db7fb25694cc3af30087aace50c5e16f0f293ef/detection
# Reference: https://www.virustotal.com/gui/file/f996183b6993ffcd3f1aae9d066514ab0bac96efc62cc322ca6336787acc00d6/detection

url.oaxisoa.xyz

# Reference: https://x.com/ShanHolo/status/1918592056798134371

minutes-amazing-curriculum-maui.trycloudflare.com

# Reference: https://x.com/DaveLikesMalwre/status/1918631504848072865

travel-sagem-distant-potential.trycloudflare.com

# Reference: https://threatfox.abuse.ch/browse/tag/FakeCaptcha/ (# 2025-05-04)

http://161.35.127.139
http://82.146.62.232
http://85.198.109.144

# Reference: https://www.virustotal.com/gui/file/48157c03bf9731926f9567fe1fabc807bff166241f8d6c27e6308dde68112669/detection

94.158.244.124:443

# Reference: https://x.com/smica83/status/1919115114818503143
# Reference: https://www.virustotal.com/gui/file/4fd5ac728d23e19fe64b0c873c94b4daee4ad157a5b5036b22b04cd456ef970f/detection

http://146.185.239.10

# Reference: https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2025/03/iocs_gamaredon_remcos.txt

http://81.19.131.95

# Reference: https://x.com/ShanHolo/status/1919355876239970432
# Reference: https://www.virustotal.com/gui/file/224343df909265a37a08bf25e190b099e131db115407629f6a300ba584fc61ef/detection

http://45.152.149.15

# Reference: https://x.com/malwrhunterteam/status/1919842276601209179
# Reference: https://www.virustotal.com/gui/file/7a507379dcd15533cdf067ae7a44bf5f37eee04695f66dbdca4a933b3feab8b7/detection

http://196.251.117.146
196.251.117.146:45741
silver-hubdachwohnwagen.de

# Reference: https://www.virustotal.com/gui/file/2c4b0d27190db31f2ea5416bc67822584c5d0ec82555cbd83c70ee2732add297/detection

served-writings-history-likelihood.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1920817596565184716

196.251.117.146:38562

# Reference: https://www.virustotal.com/gui/file/00fa30b4140c3e913a146fa4b60ed9c6714a73b28dc7406d181e8bb87e426b89/detection

sagheur.top

# Reference: https://www.virustotal.com/gui/file/00d0736bb95c9846b8aca85bf57f7f667b7b563bc64f1a21786ed4d6a6908dd0/detection

reoals.site

# Reference: https://x.com/malwrhunterteam/status/1915653547657437381
# Reference: https://x.com/Thisism23567356/status/1916474398829068307
# Reference: https://www.virustotal.com/gui/file/8f6bd4aad71d11efa46687b9968dae8d735af6f966cdc3e955f859a3fd707fdd/detection

dropiibox.com
quote.dropiibox.com

# Reference: https://x.com/ShanHolo/status/1921860087196319854

http://154.197.69.150

# Reference: https://www.virustotal.com/gui/file/5dc19af167f7e6812d4343bfbc97f996f856e114715d262d869d842c41ebde4b/detection

your-update-server.com

# Reference: https://x.com/rst_cloud/status/1921735230609661984
# Reference: https://www.morphisec.com/blog/new-noodlophile-stealer-fake-ai-video-generation-platforms/

http://85.209.87.207
85.209.87.207:443

# Reference: https://x.com/ShanHolo/status/1922586969613193447

http://107.173.47.140
107.173.47.140:443

# Reference: https://x.com/malwrhunterteam/status/1923049703068819644

196.251.90.185:39274

# Reference: https://x.com/malwrhunterteam/status/1923483620351566105

digital-childrens-junior-cure.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/d6d7e790c5db51c653ae9b6a08a9d83d49ca1ae0302d10c1bf3bf39ea62fa9e5/detection

http://185.156.72.2

# Reference: https://x.com/skocherhan/status/1924630349222396328

http://87.121.84.254

# Reference: https://x.com/skocherhan/status/1924587211669774551

http://62.60.226.165

# Reference: https://www.virustotal.com/gui/file/0b32b7403e40f6041eae2a47fb347de0cf4ec8d7df421fc330fe4003bd716f0c/detection

xabanak.online
32e7ca523408.vps.myjino.ru

# Reference: https://www.virustotal.com/gui/file/0bcf66840ce892666f1b245bb63d6976135fbe39729f9063be627525ec7802fb/detection

http://195.58.39.237
http://77.90.153.244

# Reference: https://x.com/malwrhunterteam/status/1925539720257261611
# Reference: https://www.virustotal.com/gui/file/b1e7b934504d30e9886bb396f96c1271317eb3e7d560f39b748ffd3229d5c174/detection

appliance-periodically-butler-wanting.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1925495994885509270
# Reference: https://www.virustotal.com/gui/file/ef4da18aaf928751600c50d7128777ac36c793a71c34d6ac393200c0c4271556/detection
# Reference: https://www.virustotal.com/gui/file/6a9e794381463c3eb947e4dcf075854f0a842f2eecfbfd3ed5358c4a8b4d0810/detection
# Reference: https://www.virustotal.com/gui/file/5854c6560fe3bf47cad820d55fa798385439821c8c87b5b0df83995df320ab5b/detection

entrepreneurshipvillage.com/uploads/2021/02/

# Reference: https://x.com/malwrhunterteam/status/1926222802710905160
# Reference: https://www.virustotal.com/gui/file/10a54cea78b10499cefa121bd6b7f7b24947bfdd1fc79b47416520d2a410285c/detection

videomanagerentry.s3.ap-northeast-1.amazonaws.com

# Reference: https://x.com/skocherhan/status/1926146456747958589
# Reference: https://www.virustotal.com/gui/file/120cf737ee936a8fbf7107252c65955e06b93a6fd1e7a97ac9f5876fd3a208e6/detection

http://185.156.72.121

# Reference: https://x.com/ClearskySec/status/1926914302323138638
# Reference: https://www.virustotal.com/gui/file/ecd0262b8f8c0722f33baaeaf6f3b6a9ad2268aab48d49879f027e4d5c5e03ee/detection

tciflusa.org

# Reference: https://x.com/malwrhunterteam/status/1926952279703224781
# Reference: https://www.virustotal.com/gui/file/85bae6fe73a9e2bf0819a6f60adfc458392a7a56de23f10d3bdddb8e3a97a8ec/detection

photollss.s3.ap-northeast-1.amazonaws.com

# Reference: https://x.com/malwrhunterteam/status/1926967925761605973
# Reference: https://www.virustotal.com/gui/file/9939d7aa1f4bb8c8bebea7734241ddcfd979a52689bbaba2288760c81e95f9f2/detection
# Reference: https://www.virustotal.com/gui/file/9484e0a31d9dbe00b4d989dd4226b337d582ac9ad845544f0d5479bbc98304c9/detection

http://88.119.179.153

# Reference: https://x.com/malwrhunterteam/status/1927117437662622019

archived-hungary-paxil-tubes.trycloudflare.com

# Reference: https://x.com/skocherhan/status/1927117940706431284

taslogin.s3.ap-southeast-1.amazonaws.com

# Reference: https://x.com/D3LabIT/status/1927353401135837187
# Reference: https://www.virustotal.com/gui/file/cd57258684931fbbaeb60413939120b7ec08b81929a9eb662fb1446471700103/detection

http://176.65.142.252
http://213.209.150.249

# Reference: https://www.elastic.co/security-labs/betting-on-bots

http://62.72.22.91

# Reference: https://x.com/skocherhan/status/1927119161676718385

agricultural-brooks-nevertheless-hawk.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1927410092363722827

pop-incl-accountability-pharmacy.trycloudflare.com

# Reference: https://www.trellix.com/blogs/research/cfo-spear-phishing-netbird-attack/

http://192.3.95.152

# Reference: https://x.com/malwrhunterteam/status/1928346929575968970

works-clubs-attendance-vi.trycloudflare.com

# Reference: https://x.com/JAMESWT_WT/status/1928405826705801340

lender-router-exclusively-fraction.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1928495763895492685

wizard-individual-intervals-franklin.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1928737715853418881

discretion-membrane-import-destiny.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1928875651743821998

uploaded-overall-seating-browser.trycloudflare.com

# Reference: https://x.com/malwrhunterteam
# Reference: https://www.virustotal.com/gui/file/304715448d7cb3bedc6ecdbfe31639105e6d62576a6e31512330b59ae02bd90d/detection

googlefiles.ru

# Reference: https://x.com/skocherhan/status/1930828608139915483
# Reference: https://www.virustotal.com/gui/file/3afb055aaeef763bbf6c5847680f0cf951aa0175f1fd2a790b6e52ed4e454a8a/detection

surge-stitch.buzz

# Reference: https://x.com/ShanHolo/status/1930938926656577780

http://104.168.5.43

# Reference: https://x.com/malwrhunterteam/status/1930929738157064338

bought-boulder-algeria-warned.trycloudflare.com

# Reference: https://app.validin.com/detail?find=1aa7309224d1295b8e63748e2938f19bebbc07e59b2d2562cd687c1bb7818f2c&type=hash&ref_id=894bd14d9fb#tab=host_pairs (# 2025-06-06)

adam-marker-resident-smith.trycloudflare.com
added-covering-g-plants.trycloudflare.com
amy-transit-deliver-approach.trycloudflare.com
assume-evaluated-varying-corps.trycloudflare.com
automatically-sub-paul-language.trycloudflare.com
away-landscapes-carmen-participation.trycloudflare.com
blend-affiliate-synthesis-childrens.trycloudflare.com
breach-fruit-knife-investigators.trycloudflare.com
breath-alleged-massive-wall.trycloudflare.com
cattle-provision-referred-procedure.trycloudflare.com
cleaner-consideration-thoroughly-personally.trycloudflare.com
combining-better-realized-oven.trycloudflare.com
cosmetics-around-inexpensive-illustration.trycloudflare.com
decide-approaches-refers-whale.trycloudflare.com
discs-advertisers-researchers-reduces.trycloudflare.com
easy-republican-cancellation-carrying.trycloudflare.com
eggs-cottage-pieces-compute.trycloudflare.com
entry-similarly-investigator-sports.trycloudflare.com
examined-green-bureau-stats.trycloudflare.com
expressed-atlantic-montana-delicious.trycloudflare.com
float-exception-rock-cliff.trycloudflare.com
forty-japan-executives-span.trycloudflare.com
franchise-specifications-money-lamp.trycloudflare.com
frederick-situations-upc-robinson.trycloudflare.com
ghz-phillips-vpn-undergraduate.trycloudflare.com
glenn-net-tcp-numbers.trycloudflare.com
graduate-failed-regulatory-rwanda.trycloudflare.com
grip-forum-configured-boom.trycloudflare.com
hobbies-gratis-literally-dry.trycloudflare.com
hours-affected-personals-grey.trycloudflare.com
imports-nh-packed-arthur.trycloudflare.com
improving-tribal-occurrence-seat.trycloudflare.com
kennedy-throwing-knock-whats.trycloudflare.com
kidney-sin-bernard-constraints.trycloudflare.com
knight-projector-weed-uw.trycloudflare.com
kyle-scenes-librarian-supporters.trycloudflare.com
leslie-ads-between-icq.trycloudflare.com
letters-supplements-dig-audio.trycloudflare.com
merchants-controversial-came-contributor.trycloudflare.com
miniature-attraction-stephanie-enforcement.trycloudflare.com
mood-she-studios-muslim.trycloudflare.com
mug-hu-reel-owner.trycloudflare.com
now-refer-several-tariff.trycloudflare.com
occurs-spain-hack-gabriel.trycloudflare.com
packets-knit-artistic-broadcast.trycloudflare.com
pickup-thumbnails-mercy-sharp.trycloudflare.com
precisely-axis-trustee-couple.trycloudflare.com
problems-indicating-late-newport.trycloudflare.com
profiles-as-rip-adverse.trycloudflare.com
proposal-cas-za-yea.trycloudflare.com
prototype-ds-constitute-efforts.trycloudflare.com
quebec-slots-gmt-graduates.trycloudflare.com
recommendation-samoa-weights-guyana.trycloudflare.com
referring-finest-nil-epson.trycloudflare.com
remembered-value-brazilian-tied.trycloudflare.com
revenues-vertex-advantages-under.trycloudflare.com
rt-eau-prophet-proof.trycloudflare.com
seem-walks-registrar-identity.trycloudflare.com
selling-water-adelaide-plugins.trycloudflare.com
shock-relations-enhancement-picks.trycloudflare.com
shoe-reflect-hearing-destiny.trycloudflare.com
skiing-month-drill-replace.trycloudflare.com
slovenia-trap-laugh-mix.trycloudflare.com
so-workflow-harm-una.trycloudflare.com
sorts-pushed-completely-manuals.trycloudflare.com
ste-containing-companion-skill.trycloudflare.com
studied-assumes-revolutionary-conversations.trycloudflare.com
study-ti-occasion-girls.trycloudflare.com
sublime-tragedy-counties-sculpture.trycloudflare.com
superb-rotation-gourmet-frequently.trycloudflare.com
tracked-afterwards-generates-began.trycloudflare.com
vary-latin-satisfy-affects.trycloudflare.com
vegetables-plaza-shall-pl.trycloudflare.com
vid-making-dat-delete.trycloudflare.com
vital-work-cool-views.trycloudflare.com
vocabulary-bangladesh-designation-manhattan.trycloudflare.com
waters-owner-marvel-my.trycloudflare.com
whatever-hearings-transmission-daisy.trycloudflare.com
yorkshire-offer-ctrl-vocational.trycloudflare.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-14-v10904/2625
# Reference: https://www.virustotal.com/gui/file/14c944e7b623e1e1e850a45fc798aecb33531897b7c3466de575778306457dd6/detection
# Reference: https://www.virustotal.com/gui/file/39a671aa441bd6b5cdd34faa43b07f2fc9d625973a402dd49f3e0e77cc8a6eb8/detection
# Reference: https://www.virustotal.com/gui/file/8a66773cb9c357419499fe506e1c410f867747705048c71497c562286a685872/detection

identity-shield.org

# Reference: https://x.com/BushidoToken/status/1931847960179974482

1.94.184.17:8000
wqtzskzmtp.zaza.eu.org

# Reference: https://x.com/salmanvsf/status/1931964276832669710
# Reference: https://x.com/salmanvsf/status/1931967581273137632
# Reference: https://app.any.run/tasks/ccbff3d9-74e2-435b-988b-8c5f7f822c5d
# Reference: https://www.virustotal.com/gui/file/d80f8a5f01b82bbde8269edda02f658246286f7a87a20b09b09297d127d4b6b8/detection

attached-overdue-invoices.vercel.app
hoferunpaidinvoicestatementinvds.vercel.app
invoice-statement-overdue.vercel.app
invoice82084-attached-copy.vercel.app
invoicereunpaiadinv-beta.vercel.app
invoices-attached-doc.vercel.app
invoices-attachedpdf.vercel.app
invoices-overdues100.vercel.app

# Reference: https://x.com/K_N1kolenko/status/1933412927521886415

http://172.245.123.11

# Reference: https://x.com/skocherhan/status/1933823946564022566
# Reference: https://www.virustotal.com/gui/file/0106ab8a342e41df40f9f46a58d9477047ca324736158e0658bf32b63e94b3c0/detection
# Reference: https://www.virustotal.com/gui/file/3bb5cf64f8fae65c777e04a37fb36753cb14804759cc46370961f52ea4cc8bf3/detection
# Reference: https://www.virustotal.com/gui/file/a7e46cdb4b38b42cf594d843726bf5f49b109e8db09f9ce17655d558c63c93b8/detection

outlook1203840780elgn.onlinaeansaoiasisjoucjiodsjioajoidijdu.top
outlook1203840780euhg.onlinaeansaoiasisjoucjiodsjioajoidijdu.top
outlook1203840780ifyn.onlinaeansaoiasisjoucjiodsjioajoidijdu.top
outlook1203840780irot.onlinaeansaoiasisjoucjiodsjioajoidijdu.top
outlook1203840780jezs.onlinaeansaoiasisjoucjiodsjioajoidijdu.top

# Reference: https://x.com/ShanHolo/status/1934005699173814294

http://51.21.190.246

# Reference: https://x.com/banthisguy9349/status/1934267500541190271

http://52.230.23.114
/c2_payload_aes.exe
/may_payload.bin

# Reference: https://x.com/banthisguy9349/status/1934328875875799299
# Reference: https://www.virustotal.com/gui/file/ebd9f26c7b1cb83e53a3eed446aee4e83e8a5ec86f06e07543e5fb1d4ad602c7/detection

lena255f.beget.tech

# Reference: https://x.com/James_inthe_box/status/1934672232846119239

emergency-enquiries-standing-blake.trycloudflare.com
wisconsin-thereafter-bryant-stocks.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/0172ca7c07d1d52dc163090886d5f32a5dcf528506d19203e4c405495f51c60b/detection

greensboro-even-suburban-str.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/15c5bae04f67b042e6694167b03c0285460c086584b5a5c5b9956358a3b3e451/detection

payment-upgrades-atmospheric-transmission.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/160f48d0ce19a3f50ce41d83404fd662c4a787a020c194ad653a3efa67726378/detection

consumption-combined-techniques-stanford.trycloudflare.com

# Reference: https://x.com/skocherhan/status/1935141720074895731

http://216.250.252.105

# Reference: https://www.securonix.com/blog/analyzing_serpentinecloud-threat-actors-abuse-cloudflare-tunnels-threat-research/

bold-accepts-wide-te.trycloudflare.com
catalogs-amounts-functions-chicago.trycloudflare.com
departments-emperor-maximize-synopsis.trycloudflare.com
depot-arrange-zero-kai.trycloudflare.com
flexibility-hawaiian-ever-bon.trycloudflare.com
flour-riding-merit-refers.trycloudflare.com
hose-jerusalem-sure-older.trycloudflare.com
integration-previous-brilliant-true.trycloudflare.com
menu-conviction-given-not.trycloudflare.com
milton-smithsonian-raising-mind.trycloudflare.com
obtaining-removing-blocking-effectiveness.trycloudflare.com
opportunities-choosing-non-torture.trycloudflare.com
reensboro-even-suburban-str.trycloudflare.com
surprise-poly-longitude-populations.trycloudflare.com
vertical-pentium-b-dead.trycloudflare.com
violin-amendment-stranger-job.trycloudflare.com

# Reference: https://research.checkpoint.com/2025/minecraft-mod-malware-stargazers/

http://147.45.79.104
http://185.95.159.125

# Reference: https://x.com/ShanHolo/status/1935992352616653099

minneapolis-dealt-taking-clerk.trycloudflare.com
surveillance-capacity-slovak-latina.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/d5c5dadbe03ee965a69a571b78bb6756ba270ee3f793cc525cdac027e5fadc7a/detection

http://86.54.25.50

# Reference: https://cert.orange.pl/aktualnosci/zainfekuj-sie-sam-kampania-clickfix/
# Reference: https://www.virustotal.com/gui/file/03286fa30d368dd9808703a4b289cf66195944420fdbb2cdf9a4d82b23743c75/detection

http://195.10.205.75
http://5.252.153.72

# Reference: https://x.com/skocherhan/status/1939469340002201734

http://198.12.126.164

# Reference: https://x.com/skocherhan/status/1939971767075754001

myaccel.blue

# Reference: https://x.com/BlinkzSec/status/1940432244105236522

http://121.40.202.70

# Reference: https://x.com/BlinkzSec/status/1940435499703025708

ecs-124-70-158-53.compute.hwclouds-dns.com

# Reference: https://x.com/1ZRR4H/status/1940856358456512838

http://184.174.96.39

# Reference: https://www.virustotal.com/gui/file/0d2ccb31613eb9d4362a14e3255c2598c9c6cd857caf58dfd585db98fbea50bb/detection

http://66.63.187.164

# Reference: https://www.virustotal.com/gui/file/74f2f9249516fac7062c69a078e2f8e1c3a870dd09a0697fa80f8a47e3af05be/detection

ec2-18-188-140-168.us-east-2.compute.amazonaws.com

# Reference: https://x.com/smica83/status/1941123532798484824
# Reference: https://www.virustotal.com/gui/file/485d659f6acbd970002813bc642b42887be254718f3a294f5202c6a78652f459/detection

13.127.108.165:8080

# Reference: https://x.com/skocherhan/status/1942058690774778005

http://52.55.68.97

# Reference: https://x.com/skocherhan/status/1942053746344632411

81.19.137.134:8080

# Reference: https://www.virustotal.com/gui/file/d2ad45b066f3d4964b70587287945ba59eaf8d204718d359df29fcfe91a357cb/detection

http://146.103.104.108

# Reference: https://x.com/galkofahi/status/1942861328437084601

http://47.236.178.137

# Reference: https://www.virustotal.com/gui/file/030d719412fc375d9fdfeb2bc12e325d320fc1e0415ee319a481c4f1bc872434/detection

http://104.243.40.138
http://217.154.192.102

# Reference: https://x.com/elormkdaniel/status/1943300291132108841
# Reference: https://www.virustotal.com/gui/file/25cb0fe205d0c62a70823469b2bdfb80398cfb0248b9a5fab119af625f65c075/detection

http://188.72.243.72
nahuysplyaga.ru
puskovayaustanovka.ru
zolotiyeyayca.ru

# Reference: https://x.com/smica83/status/1943430125296464177

http://198.55.98.29

# Reference: https://x.com/skocherhan/status/1943516890858439044

http://101.99.93.12
http://101.99.93.121
http://101.99.93.127
http://101.99.93.129
http://101.99.93.134
http://101.99.93.154
http://101.99.93.211
http://101.99.93.245
http://101.99.93.246
http://101.99.93.43
http://101.99.93.78

# Reference: https://x.com/BlinkzSec/status/1944803587302768937
# Reference: https://www.virustotal.com/gui/file/81235db7363dcb5a1b36957de69722500093e675b124362bdc1f4dd9388b55f7/detection
# Reference: https://www.virustotal.com/gui/file/75323981b16efcb8cd4d03f6536481d0e0665d48318e17a5b6956b79241201f8/detection
# Reference: https://www.virustotal.com/gui/file/5ae672496d4862f0366f369cf908bb39ae2d76ba220f108da5b4b7aa76a93eac/detection
# Reference: https://www.virustotal.com/gui/file/4732f2ac8fcfed0fe2453e8d8235af3b60159d971ef3348ac374faa1bd5248fb/detection
# Reference: https://www.virustotal.com/gui/file/17ce6be7e77ac65ffab4ef6589e35833416301c4b514e97e7eb2c5d05ee6ea7f/detection

http://95.164.53.249

# Reference: https://x.com/1ZRR4H/status/1944835848752566756

http://196.251.71.46
http://45.151.62.238
45.151.62.238:445

# Reference: https://x.com/ShanHolo/status/1945027338078441651
# Reference: https://www.virustotal.com/gui/ip-address/45.32.210.13/relations

journeysafter60.site
pestsafeguard.sbs
retireetravelcare.sbs
retirify.sbs
travelopedia.sbs
usc6a.site
vid-ai.sbs
vidai.sbs
wordofjesus.site
download.vid-ai.sbs
pro.vid-ai.sbs

# Reference: https://www.virustotal.com/gui/file/f93b9c9ccb3a18e2819d4abac6ac49cfecf2c7cc4ef975182f80d0c0a92bb87f/detection

wgetfiles.com

# Reference: https://x.com/JAMESWT_WT/status/1945092115588944093

http://206.189.189.57
huhl5r.easypanel.host

# Reference: https://x.com/ShadowOpCode/status/1945465068390396306

http://172.236.108.48
172.236.108.48:443

# Reference: https://www.virustotal.com/gui/file/04d9ea0ac37f3e5ddf6db1da2ef1ef5ea790cac5b651e023ff6deb2eeca79489/detection

angrymusu.me

# Reference: https://x.com/galkofahi/status/1947202313950474245

http://5.252.153.100

# Reference: https://x.com/ShanHolo/status/1947969418912563200

http://185.117.0.206

# Reference: https://www.virustotal.com/gui/file/0020d4df86d5fc878cdf9f071d1fd10821335649eaf1f39a1f891b6c0769b6fe/detection

http://188.166.28.199

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-07-24-IOCs-for-Vidar-activity.txt

http://89.23.107.148
http://89.23.113.207
89.23.107.148:445
89.23.113.207:445

# Reference: https://x.com/smica83/status/1948657982016729224
# Reference: https://app.validin.com/detail?find=ligolo-ng.history&type=dom&ref_id=d81e2cd3597#tab=host_pairs (# 2025-07-26)

http://62.113.66.137
http://54.74.21.177
http://82.25.117.71

# Reference: https://app.validin.com/detail?find=mimikatz.exe&type=dom&ref_id=cb0d825ec93#tab=host_pairs (# 2025-07-26)

http://103.79.78.186
http://106.54.239.18
http://124.221.38.181
http://124.222.229.235
http://13.39.205.164
http://14.199.58.210
http://154.205.145.173
http://159.89.205.160
http://167.179.86.190
http://167.71.227.77
http://167.99.31.61
http://176.198.204.120
http://18.141.140.13
http://18.222.153.176
http://192.228.143.187
http://195.149.53.28
http://195.149.55.49
http://20.55.49.145
http://212.227.245.12
http://3.21.247.34
http://37.143.15.110
http://39.98.204.142
http://43.134.60.222
http://46.120.173.112
http://47.128.236.179
http://47.90.155.109
http://5.205.252.95
http://57.128.227.42
http://78.40.219.126
http://8.211.157.140
http://84.247.147.214
http://89.238.176.13
http://93.115.21.186
http://93.127.172.168
ip-93-115-21-186-122360.vps.hosted-by-mvps.net

# Reference: https://app.validin.com/detail?type=dom&find=shell.hta#tab=host_pairs (# 2025-07-26)

http://122.114.193.75
http://18.143.227.100
http://31.97.37.117

# Reference: https://x.com/skocherhan/status/1949643698989355086
# Reference: https://www.virustotal.com/gui/file/90bc42881701c5be22be13b4f962708f09cb7b2e3a4623473da5e17550ee4b1f/detection
# Reference: https://www.virustotal.com/gui/file/06e03a18e240fa1d755b824f1ff0b05acbbde4003757e8067e45b515a9ff5eb4/detection

getswift.gg
getswift.vip
key.getswift.gg
key.getswift.vip
vsblobprodscussu5shard66.blob.core.windows.net
vsblobprodscussu5shard82.blob.core.windows.net

# Reference: https://x.com/skocherhan/status/1949819887322378360

phoenix-online-nexus.com

# Reference: https://x.com/galkofahi/status/1951932833158619176
# Reference: https://www.virustotal.com/gui/file/cc4e91ffc44e87127a9c233d685084c2c9817a659cfd9b4dedb14dfcbd1e2ae9/detection

92.118.112.17:8080

# Reference: https://www.team-cymru.com/post/fingerprinting-malware-c2s-with-tags

http://103.251.164.121
http://196.251.84.193
http://196.251.90.74

# Reference: https://x.com/BlinkzSec/status/1953057861434503310

http://103.245.231.248
103.245.231.248:443

# Reference: https://x.com/JAMESWT_WT/status/1953422275220283774

http://172.96.172.173
172.96.172.173:443

# Reference: https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms-iocs.txt

http://185.100.157.74

# Reference: https://www.virustotal.com/gui/file/55f6a5cf46fef4da9e6027846d7c34e20416c1fd83178d15b87c3ae59bf85325/detection

http://94.159.99.169

# Reference: https://x.com/cyberfeeddigest/status/1957519963541176457

http://118.174.134.187

# Reference: https://x.com/1ZRR4H/status/1957964700534387022
# Reference: https://www.virustotal.com/gui/file/0130846db7a816768b2b54f42cfbfe0e5f03e90894a389ff99e7d80d9a19893d/detection

testesdev.ngrok.app

# Reference: https://x.com/SquiblydooBlog/status/1957577434041315440
# Reference: https://tria.ge/250818-2fycvayjw9/behavioral1

deardonaldtrumpsuckdick.com
fbisuckmydick.com

# Reference: https://app.validin.com/detail?find=WsgiDAV%20-%20Index%20of%20%2F%20&type=raw&ref_id=09b5b2d7b0f#tab=host_pairs (# 2025-08-21)

0be7953b6183453bc6ba182bf6b8ba79.loophole.site
29fe3231ed6d135d6d587276a82a4c9a.loophole.site
2e328acc085e5f3cbf95eb7dbc14335d.loophole.site
31fbe614036d5694823299355aed8481.loophole.site
3f092954af9a481e9f8ad58611d29620.loophole.site
44.246.143.230.nip.io
4a8737deb4057bbee1a3c8524cd4fed6.loophole.site
5a43e6a45be33b4739fba699782e6c7c.loophole.site
61b4fea9a1f98c0a086eb430d5ff2c63.loophole.site
6499298d41476bd20587a5b5079f0031.loophole.site
6755aa608c405dbe0e641f4ca32459b4.loophole.site
6d15fce9b4793ca2b766a5ea7df67a34.loophole.site
7ce637a4765d94655c5e90270494197d.loophole.site
8d47114af5f3c9c1051f4c599218bda3.loophole.site
9068b4e84c812001ecab3ddc66da29b0.loophole.site
94c37e2e72eeb7f939672573653dee49.loophole.site
antomygray.com
architects-mins-emails-dimensions.trycloudflare.com
assets.cdnaccess.com
avv-tdk.info
b39252dcf20bbf89fcc140a5eff8688e.loophole.site
backupstorage.task.sasc.tf
be00ac3c008c6258932d59fa71e42835.loophole.site
binary-acceptance-hotel-difficult.trycloudflare.com
blockcarbon.earth
ce06346ab546e95714b24383642e7e33.loophole.site
cloud-s3-storage.net
credit-agricole.webdav.innov-eula.com
curve-sewing-metropolitan-bi.trycloudflare.com
d5178df0c23f308cd3b5b88a7a3d7666.loophole.site
designsclick.info
drive.tov-zhbtz.com
eugene-reuters-subdivision-quarter.trycloudflare.com
f8412d18b65f41971fc60ee914d24a70.loophole.site
files.healthylifefeed.com
fundamentals-committee-uploaded-queue.trycloudflare.com
gear-increases-prefers-gender.trycloudflare.com
golden-founded-liz-openings.trycloudflare.com
imap.spatialdatacloud.com
ion-msgid-book-french.trycloudflare.com
ip205.ip-139-99-115.net
ipv6test.denzy.net
kali.alfa.h4ck.me
live.ns-online.com
login.nnicrosoftonlines.com
lol-julian-impossible-bermuda.trycloudflare.com
louise-monitors-mo-rating.trycloudflare.com
mail.d2inssur.ru
mastodon.tabbyslimeking.xyz
mikeswebdav.appspot.com
miracle-receives-lightbox-brighton.trycloudflare.com
native-shipments-forty-polar.trycloudflare.com
nnicrosoftonlines.com
plc-trunk-mature-and.trycloudflare.com
postposted-dat-realistic-email.trycloudflare.com
remained-century-feeds-exchange.trycloudflare.com
remote.spatialdatacloud.com
removing-build-governor-searching.trycloudflare.com
rivus.jasonchien.space
rockwell-capjtal.com
runzzganzz.lexcz.me
rush-poetry-stations-disciplinary.trycloudflare.com
science-payments-comics-dom.trycloudflare.com
ser-tribune-require-bodies.trycloudflare.com
share.ukrdefteh.com
shmoul.ovh
shmoulzoom.com
sitemap.spatialdatacloud.com
sitemaps.spatialdatacloud.com
smtp.spatialdatacloud.com
spatialdatacloud.com
targets-hold-role-laundry.trycloudflare.com
trxaso.com
turns-hung-sparc-wound.trycloudflare.com
verify.certkeys.org
vincentboyer.fr
violent-specifications-mas-huge.trycloudflare.com
wdav.khjde.xyz
webdav-proxy.whoongyi-network.workers.dev
webdav.gca-cloud.fr
witness-girlfriend-vegas-referrals.trycloudflare.com
wsgidav.wooe.cc
x-web-drv.net
xn--crdit-agricole-6z8g.com
xn--credit-agricol-j08g.com
yolusui.net

# Reference: https://x.com/k3yp0d/status/1959853255074189455
# Reference: https://app.any.run/tasks/eb4538dc-7efc-4e8c-a642-cc1251eba849

http://178.17.58.49

# Reference: https://x.com/skocherhan/status/1959888846096572677

http://57.155.1.42

# Reference: https://www.virustotal.com/gui/ip-address/108.181.164.27/relations

http://108.181.164.27

# Reference: https://x.com/smica83/status/1959919952485368289
# Reference: https://www.virustotal.com/gui/file/7e3684ed572ab0b5da17c66cf37155bf236cf61d1151ca5d5484b7b54c6788e6/detection
# Reference: https://www.virustotal.com/gui/file/dfc7723f23ceeb2f5bd0e76cdfdc379d14302e32c04fa1fc21c0218ca08ced1b/detection

http://109.71.252.234

# Reference: https://www.virustotal.com/gui/file/616864f53937aff7a9fe42f182539b56a0af7f22026526ad7611b969a18cf977/detection

nullarmorupload.xyz

# Reference: https://x.com/smica83/status/1961156187396681852
# Reference: https://tria.ge/250828-xwr4jsynx9/behavioral1

129.90.74.97.host.secureserver.net

# Reference: https://x.com/midnight_comms/status/1963953695692869845

120.25.163.165:8080

# Reference: https://x.com/BlinkzSec/status/1964225398746517979

http://186.169.40.245

# Reference: https://www.virustotal.com/gui/ip-address/107.189.20.206/relations

ezirekpeynistulum.sbs
gpt4dan.com

# Reference: https://x.com/banthisguy9349/status/1964655234560757805

119.123.219.181:888

# Reference: https://x.com/suyog41/status/1963960555628109974
# Reference: https://urlscan.io/result/01992e01-473c-77fb-a7f5-e0b49d7a1281/

nmailhub.com

# Reference: https://x.com/BlinkzSec/status/1967484530950078963

47.237.94.217:8080

# Reference: https://x.com/midnight_comms/status/1967593758796775456

210.16.163.207:808

# Reference: https://x.com/ShanHolo/status/1968567313369538673

holidays-diary-some-vancouver.trycloudflare.com
meat-media-sl-type.trycloudflare.com
pi-healing-sudan-kennedy.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1969090449244635195

configured-puzzles-possess-sugar.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1969090088299561063

huge-arrangements-magnet-flu.trycloudflare.com

# Reference: https://x.com/DTCERT/status/1969013068374983003
# Reference: https://www.virustotal.com/gui/file/6947dc1c5a2bc28eb7dc2ef49f3ee0b3565a22a9f4b4d5f1c6ce5e63387cf63d/detection

marketplace-proceeds-montana-merely.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/c4568f4a32cffc324af713b2561c01ba3c4c9b50a2c77dc9b60c724a3ef96bf0/detection

getfix.win

# Reference: https://x.com/banthisguy9349/status/1969683100385898623
# Reference: https://www.virustotal.com/gui/file/00cdbb6d6f4cea7fb1cebe5273d12a519039ec478e3fbda56936b7c2c022d639/detection

http://176.46.157.48

# Reference: https://github.com/hagezi/dns-blocklists/issues/7439

http://185.34.52.181

# Reference: https://www.virustotal.com/gui/file/9e344084e3751569e820a06b4ca20cc1b8062d43a87224018809b51c73b984cf/detectionz

http://104.168.5.20

# Reference: https://www.virustotal.com/gui/file/66c139f7356dceff6b1000b7eb3721a40a672c8989892a4aeff7547a046a58d5/detection

http://196.251.117.34

# Reference: https://www.virustotal.com/gui/file/c3f451354de6fe675f1c756733208fc6739ebb3603449b68a1c41419d952944b/detection

http://209.59.168.75

# Reference: https://x.com/BlinkzSec/status/1972222406522810581

http://149.28.148.17

# Reference: https://www.malware-traffic-analysis.net/2025/09/24/index.html

http://86.54.24.25

# Reference: https://x.com/smica83/status/1973635999717793892
# Reference: https://www.virustotal.com/gui/file/236ccfa7a6e8e11dcef470390963b923e494b0b127db7986cefd4904219d6b13/detection

http://104.168.7.197

# Reference: https://x.com/Ryan_Riordz/status/1975300113632542894

api.backupdata.info
dam-basename-performances-mph.trycloudflare.com
fileaccess.f5.si
gmvtest9.ddns.net
outlok-hotmail.com
patrickwerlen.ch
pretty-ebony-feeds-ericsson.trycloudflare.com
registry.patrickwerlen.ch
scholar-medline-vegetarian-neon.trycloudflare.com
static-obligations-baths-carnival.trycloudflare.com
tiger-checkout-draws-basketball.trycloudflare.com
watches-omaha-partnerships-median.trycloudflare.com

# Reference: https://x.com/skocherhan/status/1973729697151467815

http://172.86.90.176

# Reference: https://x.com/netresec/status/1976197250469724350
# Reference: https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool

rism.pages.dev

# Reference: https://x.com/malwrhunterteam/status/1976970416771285084

reed-cartoon-boolean-libraries.trycloudflare.com

# Reference: https://x.com/SquiblydooBlog/status/1977361720281625061
# Reference: https://www.virustotal.com/gui/file/0ecb2d75873df01afde0364f01015ccbbc27994fcdfbcfa0b124b27751b8ba59/detection

38.60.203.110:50505

# Reference: https://x.com/BlinkzSec/status/1977817540945391926

46.37.123.15:8000
46.37.123.15:8080

# Reference: https://x.com/smica83/status/1978529343757271421

cornwall-optimum-aviation-seekers.trycloudflare.com

# Reference: https://x.com/ni_fi_70/status/1978764858788086044

bancopatrimonial.com

# Reference: https://x.com/smica83/status/1978017659720532478
# Reference: https://www.virustotal.com/gui/file/42f2626005f1e359d33861b55b62681f52274e02283279fcc3e54be3ee52ffa3/detection

http://192.3.177.140
http://84.38.134.12

# Reference: https://www.virustotal.com/gui/file/45861cfb823fb2a2d59f697e13623934c635fc8bceb9af5f282343fd224dfab2/detection

http://23.95.103.208

# Reference: https://github.com/hagezi/dns-blocklists/issues/7722

inv-901156.vercel.app

# Generic

/-..-/
/.-.......................-/
/--------------.------------------.------------------.-----------/
/.-....................................................-....................................-/
/.-------.--.----------.--------------------.................--------/
/..----------..----------------.---------.--------/
/..---------..-----------.----.....----..----/
/..-.....----------------------.......---------------------------..---.....-----/
/...-.-.-....................................--/
/...-.-.-.-.-.........................-----------------/
/..-.-.-.-.-.-.-.-.-.-.-._---------_-------_-------....-.-/
/.----------------------.------------------------------.-/
/-................................................................................-/
/...--------------.....----------------............----------------/
/_--00_o______---0o0_00_0oo_0-o_o0-__________o0o-__________/
/______________00___________0____________00_________/
/..........document/
/...xxx........./
/xx...x...x/
/-..-/......dot
/......dot
/................................................................................dot
/...............dot
/................wbk
/................................................w.wiz
/---.---.--.-.--_-----------_------_-_--_-------wiz_...wiz
/__________0__0_0________00__.doc
/dDd_-----------D----------........d-----....dD--..-------....D-dDd--..-----.dothtml
/.csrss.exe
/0bsessbypass.bat
/5555-meter.deb
/5555-shell.deb
/aaaaaaaaaaa.dll
/ccccccccccc.dll
/freeeeeeeee.dll
/admin_Bot.exe
/aes_cbc_shellcode.txt
/attack.exe
/avbypass.txt
/b64_shellcode.txt
/backd00r.exe
/backstab.exe
/01BypassAV.exe
/beacon_x64.exe
/beacon_x64_amazon.exe
/beacon_x64_cheches.exe
/beacon_x64_dukes.exe
/beacon_x64_emotet.exe
/beacon_x64_formbook.exe
/beacon_x64_gandcrab.exe
/beacon_x64_hancitor.exe
/beacon_x64_jaff.exe
/beacon_x64_jasperloader.exe
/beacon_x64_jq1.exe
/beacon_x64_jq2.exe
/beacon_x64_notion.exe
/beacon_x64_office365.exe
/beacon_x64_onedrive.exe
/beacon_x64_quantloader.exe
/beacon_x64_safeko.exe
/beacon_x64_trick.exe
/beacon_x64_ur_snif.exe
/beacon_x64_xbash.exe
/buildz.exe
/byfronbypass.html
/byfronbypass
/bypassav-1.exe
/bypassPS-CLM.exe
/bypass.exe
/bypass.txt
/Bypass%20AV.exe
/Bypass%20AV2.exe
/BypassAV.exe
/BypassAV_se.exe
/bypassav-1.exe
/bypassav_2.exe
/bypassav_360.exe
/bypass_iooolllllllllll.txt
/bypass_iooollllllllll.txt
/bypass_iooolllllllll.txt
/bypass_iooollllllll.txt
/bypass_iooolllllll.txt
/bypass_iooollllll.txt
/bypass_iooolllll.txt
/bypass_iooollll.txt
/bypass_iooolll.txt
/bypass_ioooll.txt
/bypass_ioool.txt
/bypass_U_1232435467897654.txt
/Bypass32.exe
/BypassAV.txt
/BypassUAC.exe
/bypassvalue.exe
/Bypass1.txt
/bypassvalue.txt
/iscsicpl_BypassUAC_x86.exe
/Msf&Cs_Bypass_AV.exe
/MyBypassAV.exe
/newBypassAV.exe
/CjojMi1rBOPnILx.exe
/chrome_inject.exe
/dasdzxccdsgfsdf
/direct/MAPE_Form.dotm
/downloadPayloadServer.zip
/downloadrShell
/fuckingdllENCR.dll
/Doc1.doc
/Doc1.dot
/Doc1.dotm
/hack.exe
/hivenightmare.exe
/hkcmd/document.doc
/https_payload.exe
/vbc.exe
/fullBatPayload.bin
/getInjector
/GruntHTTP.exe
/IATInfect2008_64.exe
/InfectSocks32_SQL_AntiVirus.vmp.dll
/InfectSocks64_SQL_AntiVirus.vmp.dll
/loader_exe_64.exe
/loader_exe.exe
/lsas.exe
/mimikatz.exe
/payload.bin
/payload_x64.bin
/payload.exe
/Rat/Domain.txt
/webmailed/updates.exe
/MemInjectJar.jar
/newratexploitlink
/BOTNET_HOST/
/bypass_20210428_0905/
/exploit
/exploit.exe
/loader.encrypted.bin
/loader.encrypted.exe
/zzz_exploit.exe
/payload.dll
/payload.exe
/payload.res
/payload.txt
/PayloadsAllTheThings/
/PrintSpoofer.dll
/PrintSpoofer.exe
/reverseshell.bin
/reverseshell.exe
/reverse_shell.bin
/reverse_shell.exe
/revshell.bin
/revshell.exe
/rev_shell.bin
/rev_shell.exe
/safe_shell.exe
/safe_shell.shc.exe
/SharpBypassUAC.exe
/shell-x64.exe
/shell_x64.exe
/shell-x86.exe
/shell_x86.exe
/shell189.exe
/shell249.exe
/ShellCode_Loader.exe
/shellcode_1.jpg
/shellcode
/shellcode.bin
/shellcode.exe
/shellcode01.exe
/shellcodeAny.bin
/ShellcodeInjector.exe
/shell.bin
/shell.exe
/shellcode.txt
/shellcode_test.txt
/ShellWaitForProcess.exe
/X64BypassAV.exe
/bin/stub.exe
/bins/stub.exe
/stub.exe
/plugins/keylogger.p
/plugins/keylogger.php
/wwww/ees.doc
/loader.plg
/pws.plg
/xhack.exe
/botupdate
/getbotinjects
/getkeyloggers
/testbypass.exe
/winshell.exe
/Rat/Realrat/
/Realrat/
/RemoteShellcodeExec/
/WalletSteal.bin
/loader/injection.dll
/wp-imcludes/
/main/shell.bin
/yaml-payload-master/
/dwn_payload_file
/upl_payload_file
/shellsajshdasd/
/snakeyaml-memshell/
/yaml-payload/
/yaml-payload-for_Win/
