# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ares, kronos, osiris, regretlocker

# Reference: https://www.proofpoint.com/us/threat-insight/post/kronos-reborn

jhrppbnh4d674kzh.onion
jmjp2l7yqgaj5xvv.onion
mysmo35wlwhrkeez.onion
suzfjfguuis326qw.onion
dkb-agbs.com
fritsy83.website
oo00mika84.website
milliaoin.info
kioxixu.abkhazia.su
lionoi.adygeya.su
startupbulawayo.website

# Reference: http://www.broadanalysis.com/2016/10/31/compromised-site-redirects-to-rig-exploit-kit-delivering-kronos-and-nymaim/

2mynameins3344.net
johane3234.net

# Reference: https://twitter.com/nao_sec/status/1148799237049552896
# Reference: https://twitter.com/VK_Intel/status/1148803869239128071
# Reference: https://app.any.run/tasks/dcae4160-a76a-483c-ae4c-788eed561103/

xtaahlcqyfppmvwwprblvveog.paletoxyz.com

# Reference: https://twitter.com/JayTHL/status/1166744243861360642

d2gyv54plbc23to.onion

# Reference: https://twitter.com/Artilllerie/status/1179753482783473665

chlwdxvug4ptljce.onion

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html (# Win.Malware.Osiris-7191711-1)

updateserver4.top
updateserver7.top
updateserver5.top
updateserver9.top
updateserver2.top
updateserver8.top
updateserver10.top
updateserver6.top
updateserver3.top

# Reference: https://twitter.com/VK_Intel/status/1190317493224689667
# Reference: https://www.virustotal.com/gui/file/f61870ea2b807f6a3314ff303942961b6f4009464da09d98ea202d3450534ad3/detection

jpb3hvq7v7bsyemq.onion

# Reference: https://www.virustotal.com/gui/ip-address/142.93.190.102/relations

http://142.93.190.102
142.93.190.102:3389
142.93.190.102:443

# Reference: https://www.virustotal.com/gui/file/9d1b1960355e72b205189e7a122b6a9c4197cca650569edc89612a62d6b66efc/detection

managejave.myftp.org
update43x.myvnc.com

# Reference: https://twitter.com/malwrhunterteam/status/1321375502179905536
# Reference: https://www.virustotal.com/gui/file/a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4/detection

http://193.23.244.244
128.31.0.34:9131

# Reference: https://twitter.com/malwrhunterteam/status/1321388593416462337

344744.cloud4box.ru
regretzjibibtcgb.onion

# Reference: https://twitter.com/nazywam/status/1323624894458925056

o3qrynq3djknfebz.onion

# Reference: https://blog.morphisec.com/long-live-osiris-banking-trojan-targets-german-ip-addresses
# Reference: https://otx.alienvault.com/pulse/60219f6bdc6edbc5308da56b/

ylnfkeznzg7o4xjf.onion

# Reference: https://twitter.com/D3LabIT/status/1359122226277195777
# Reference: https://www.virustotal.com/gui/file/8bbd51eb0dd0cac3e3cbd683b140b7eea3b6f13ce0c214af48f32a26791949e1/detection

mydynamite.dynv6.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1359404803596648450

rieseshopping.it/wp-content/plugins/set.exe
rieseshopping.it/wp-content/plugins/amss.jpg

# Reference: https://twitter.com/nazywam/status/1325399134808010752

linkoz.xyz

# Reference: https://www.virustotal.com/gui/file/57e348bbe709ef986f51259a8e14f6062ce36f98f2176d08f0165b124d72a9bb/detection

8.209.68.209:4039
march-socat01.com
march-socat01.xyz
marchassl01.com

# Reference: https://www.virustotal.com/gui/file/1d0ada2c71521fe445cf859da8f64b51ea469a5ed46af07364e777458c26c5ac/detection

185.220.101.193:20193
36.227.169.186:9030

# Reference: https://twitter.com/siri_urz/status/1369394878027825161
# Reference: http://vxvault.net/ViriList.php?MD5=BA756BD88B3C26C287DB5863FC232F50

wifoweijijfoiwjweoi.xyz

# Reference: https://twitter.com/benkow_/status/1369594973524553730

trqtfidgqmcmqytw.onion

# Reference: https://www.zscaler.com/blogs/security-research/ares-malware-grandson-kronos-banking-trojan
# Reference: https://pastebin.com/XU6YfvWG
# Reference: https://otx.alienvault.com/pulse/606e1808f8f6722a577e7cf9

cabletv.top
ddkdfefflfff.top
ddkdfheekfgj.top
ddkdflefmdgm.top
ddkdfodfkdhq.top
ddkdfqfemdgq.top
ddkdiedekdig.top
ddkdihfdlfji.top
ddkdiledmdkm.top
ddkdioedkeio.top
ddkdiqedlejs.top
ddkdjeddmfkf.top
ddkdjhffldlh.top
ddkdjledlfkm.top
ddkdjodekflo.top
ddkdjqeekdjs.top
ddkdleeflfnf.top
ddkdlhdfmelh.top
ddkdlleflenl.top
ddkdlodfmfmp.top
ddkdlqefkelr.top
ddkdoeefkeqg.top
ddkdoheekepi.top
ddkdolddlfpm.top
ddkdoofeleop.top
ddkdoqeemdpr.top
ddkdseffkdte.top
ddkdshdekfui.top
ddkdsledmfsn.top
ddkdsofdmdsp.top
ddkdsqeeldur.top
ddkifeeeligf.top
ddkifhfekjhi.top
ddkifldemifn.top
ddkifodekjfo.top
ddkifqfemkgq.top
ddkiieddkjif.top
ddkiieeelkif.xyz
ddkiiffdkijh.xyz
ddkiigedliji.xyz
ddkiihdemjii.top
ddkiihfelikh.xyz
ddkiildfmikm.top
ddkiilefmjim.xyz
ddkiioeflijq.top
ddkiiofelkkq.xyz
ddkiiqddmiiq.top
ddkiiqefmiir.xyz
ddkiirfdmjks.xyz
ddkiitefkkju.xyz
ddkijedelklg.top
ddkijheemikj.top
ddkijledmjll.top
ddkijodemkjo.top
ddkijqedmjlr.top
ddkikefflime.top
ddkikhddljlj.top
ddkiklfemkll.top
ddkikodfkklo.top
ddkikqedljls.top
ddkileedljmg.top
ddkilhfdljlh.top
ddkillfdmilm.top
ddkiloedlkmo.top
ddkilqedlkns.top
ddkioeeflioe.top
ddkiohdfljqj.top
ddkioleekjom.top
ddkioodemkpp.top
ddkioqedljpq.top
ddkiseeelitg.top
ddkishddmkui.top
ddkisldelitm.top
ddkisodekkuo.top
ddkisqffmkts.top
ddkxfedflzhe.top
ddkxfhfelygj.top
ddkxflefkyfl.top
ddkxfodfmzhp.top
ddkxfqdemxfq.top
ddkxieddkxkg.top
ddkxihefkyij.top
ddkxilefmzil.top
ddkxioefmxjo.top
ddkxiqdfkxks.top
ddkxjeeelylg.top
ddkxjheflxji.top
ddkxjlefmxln.top
ddkxjoffmzlq.top
ddkxjqefmyls.top
ddkxkeddmylg.top
ddkxkhffkzkj.top
ddkxklfekyml.top
ddkxkoddmykq.top
ddkxkqeelxlr.top
ddkxleddmzlf.top
ddkxlhfdlzmi.top
ddkxlldflzll.top
ddkxloddmzlo.top
ddkxlqeemymr.top
ddkxoefdkzpg.top
ddkxohedlxpi.top
ddkxolddmzql.top
ddkxooffkxpo.top
ddkxoqefkxqq.top
ddkxsedfmzuf.top
ddkxshfemysi.top
ddkxslfemxum.top
ddkxsoddkyuo.top
ddkxsqddkxss.top
m3r7ifpzkdix4rf5.onion
qqkzfkax24p4elax.onion
securebankingapp.com
vbyrduc537l5po3w.onion
wifoweijijfoiwjweoi.xyz
ylnfkeznzg7o4xjf.onion

# Reference: https://twitter.com/The_d0c_T0R/status/1127233691451891712

88.184.237.14:8888

# Reference: https://www.virustotal.com/gui/file/56b14179deca2645e16d68a72d49c8b4fa46f8d64796b012bdd42661465c30e9/detection

asmkopvdmvoasdkm.ml
ddkiigfewewdliji.to
ddkiihsdffelikh.ml
ddkiiodgjgfelkkq.to
ddkiirwfdmjks.to
ddkiiseretfgdeelkif.ml
ddkiisfsdffdkijh.ml
ddkiitewefkkju.to
geotrackangsdfetatistics.ml
updatesdfetrtegfsv121.to

# Reference: https://twitter.com/malwrhunterteam/status/1410197757667823618
# Reference: https://www.virustotal.com/gui/file/531686f56257eafa0da5908fa50d5ef2ef51efee156c1185c212ed0958ee5b59/detection

193.11.164.243:9030
94.16.114.105:8080

# Reference: https://www.joesandbox.com/analysis/439583/0/html

ljp2pqlc7i4ooqhk.onion

# Reference: https://www.virustotal.com/gui/ip-address/129.6.15.28/relations
# Reference: https://www.virustotal.com/gui/file/2f114030f6bc025c355ce247e82fc244702d53036aa4fd89c4b01eba70061e3c/detection

129.6.15.28:13

# Reference: https://www.virustotal.com/gui/file/d7272251fdef11a2b44182ddbfa9dbc91fa88ed8e4f57bcea0ff3c4d84ef6f40/detection

185.220.101.148:11148
37.114.40.104:8080

# Reference: https://www.virustotal.com/gui/file/a57f60eae0f6b446bfb2d59f108dd402748e6c70f1f700acb0ba5cd12e2760a0/detection

185.112.146.135:9101

# Reference: https://www.virustotal.com/gui/file/d789ab4dc3b2a4251710f80aa3d5a874a4775ab6ef816693b453fb9062ef5024/detection

185.244.167.14:6080
195.123.212.113:1357

# Reference: https://www.virustotal.com/gui/file/5e6ef628137c28f19e239d1f71e3ee5ead570e6d309656592d990468435f52b0/detection

128.31.0.39:9101
76.73.17.194:9090
81.37.103.124:10001

# Reference: https://www.virustotal.com/gui/file/3b182b7f2e7ec315f1376ed7f87831cccd1e232996f831cf7693b55862f4ab53/detection

sgjplhbtmolxqud6.onion

# Reference: https://www.virustotal.com/gui/file/00c7a90e0156be6a38ff98da86b43a3d6e8200a9246f99ed5b63a7c77dbaa919/detection

continuenumsync.ml
damaschinasfalsas.host
ddkiigfewewdliji.to
ddkiihsdffelikh.ml
ddkiiodgjgfelkkq.to
ddkiirwfdmjks.to
ddkiiseretfgdeelkif.ml
ddkiisfsdffdkijh.ml
elmesondejuanita.vip
erekiirwfdmjks.to
geotrackangsdfetatistics.ml
lamesadelafonda.space
lerolerocandelero.vip
llamadassinlimiteshoy.top
matatenalegal.vip
piedrapapelotijera.vip
serpientesyescaleras.top
ytumamatambien.host

# Reference: https://www.virustotal.com/gui/file/2d623fccf93888dbaa35fe07f9c765cfffd425fc56878214640aa7ed4b83970e/detection

odontologoarmandojoel.me

# Reference: https://tria.ge/220407-q9wkkaeahn/behavioral1

http://199.249.230.188
http://199.249.230.73
http://45.137.184.31
http://93.95.100.166
212.83.167.220:9030
62.210.137.233:443

# Reference: https://twitter.com/naumovax/status/1531676896710344706
# Reference: https://app.any.run/tasks/a0a726e6-dd2a-4f7a-85ed-7d7cdcc9ad78/

raintravel-001-site1.itempurl.com
reinltd-001-site1.htempurl.com

# Reference: https://github.com/threatlabz/iocs/blob/main/ares/ares_dga_domains_12-2022.txt
# Reference: https://github.com/threatlabz/iocs/blob/main/ares/ares_dga_domains_11-2022.txt
# Reference: https://github.com/threatlabz/iocs/blob/main/ares/ares_dga_domains_10-2022.txt
# Reference: https://github.com/threatlabz/iocs/blob/main/ares/ares_dga_domains_09-2022.txt
# Reference: https://github.com/threatlabz/iocs/blob/main/ares/ares_dga_domains_08-2022.txt
# Reference: https://github.com/threatlabz/iocs/blob/main/ares/c2_urls.txt

aeqpxqnrpvmudmbxtmjo.info
aezetftogzkomns.org
afexahygjclmn.info
affptoavdvnmqyf.biz
afjcnlccpetaxdzelpyw.net
afthptslohtxez.info
afxspurrgtd.org
afzzvafgz.info
aghhmteyeswdrsbxxw.org
agjotusfdijifepjkxulvwg.biz
ahdvzcnhwyhbzsckfuvjba.biz
ajdopjovpovpi.org
ajstunstiwbcyes.biz
aknhtuxlsqbkdwoiwbwuag.com
akphmfmvunmfrtlbvqehxxcpe.biz
albtrahabxvinamj.biz
alxnjice.info
alzawvcghupuhkgknrdifr.biz
amcshwvmbyxvneykes.org
anmalsgbacychfqek.info
aoupulwwkmi.org
apskjfsjopatamusu.org
aqswulapfxm.biz
arcbuualeuecu.biz
assestabqt.info
auoexrqryxjwlccmeohevjnxq.com
avlycvwhwcol.org
awsvzramxwmbyqztuevbwvv.org
axowplsnwlipfvxsafeeqnjk.org
ayqzbglqubrzzezbdjlf.biz
bagxqykmmkw.org
bbitgoqivmnj.biz
bcilxbwrulenrwdd.info
bdgvgskxgj.net
bdjgnpqtypbv.org
bdwytmphgml.org
bembwvmpluqrtlojyxyrene.biz
bfwcueaalyy.net
bhgeafbrsmnuhsdmiiqcb.org
bhlqnpezxugusmowedibrzttg.com
biwpqofbyemeejapi.org
bkvbdnvxojgpmbrvhji.org
blebjoyfjd.biz
bmvkkhuiyiwdulaqqcahrb.biz
bnczwwheeahxiwohvngd.net
bnmsckpy.org
bnypzmmjbdkczgsnfhgaltupn.biz
bokwsxxwgygvameo.info
bqjbbogjeaa.info
btpdimfozpo.biz
bupwsvcubusfqcgwjarkuzegm.net
bvcynpiwi.info
bwjfjmova.info
bwvcwaoxuqnhry.com
bwznxzgflfyqbyhz.info
bytqndajubxkhqjy.org
bzrygpxlctasevhxa.org
bzvrjnfkbexsenpsjjxluwqn.org
cbavfosrjjlxohlhxrxt.info
cbbyemjptnnvcdd.org
cbimmnjplweqg.biz
cdacuivppmjmlsljagy.net
cdrqxxnjnjvfp.biz
cfmbnydzmswlrukcfmjvr.net
cfthwchkbtohfyijwaopc.biz
chokcyaim.com
cisxxbdereuhuyupfjvf.info
cjvojgvectavk.biz
cljcxtanvexgfrnoifrm.com
clnafula.info
cluxymhv.info
cmaxpkvremwlvzqrzq.org
cmbpmfhejeutsbfpbssiixvm.org
cmvrgbyiuqoioj.info
cngfqoemxjiy.org
cnmzxneofckqkuivd.com
cnyqxozhoayyucyzgp.com
cowodpqejue.com
cphxmqpvwlnct.com
cpnzgeoyzkdn.biz
cpunkqafekttuypcltotk.com
cpyetarlmafiutnqjx.com
cqfcyeaundntuddxlydsanr.biz
crbuwifkgf.org
csifthehbtg.org
ctclclojdtyhmqrhhe.info
ctgmunzeglqmrjzulshri.com
ctsjjtddgomgi.net
ctsxlrksoqpj.org
cxswgpjpuntycbnxytpnzp.biz
cyidcqkazomy.net
cznmrzymmaqfyrpmvkyvsyo.org
czxpkktlfeznbtmpn.info
dazayxiovekfftirfctyjqd.org
dbgunahpcwesuxg.org
dfwufcwlhsguwmwgdsgu.org
dfzvvfzxxnzbuvjyapcvb.net
dggxbedkykatldoyshic.biz
dgsdgxcroeoqyspzbb.net
dhdbgdzplmv.net
dhjjseiltfgkgdsojzlgbd.info
djcyjewz.com
dkqnlmmqhd.org
dlpagxzqln.biz
dneuwsvbo.net
dnndfjyfyzuluugbyhkoavao.com
doirhalqlrwuur.info
dopuwjrvgcbw.net
dpacyneddtzjevw.org
dqbcfturck.info
dqfoqppzenloo.org
dqutjjbi.org
dqzqkcadjubabrujehnsxohzn.com
dsfemyjpg.org
dsfrsnkl.biz
dspjpxpodecdmdu.biz
dugsvlrozrmkxkndkkvobmgyu.net
duqizymzjuqx.org
dwdbimmnkjcmzaqppt.biz
dxbfoywxmptdmxxgdq.com
dxwiabhqmcvrirx.biz
dznxxqtyaczqwq.org
dzpyypnqbmnffhfzbu.org
dzwnlpypkidmngoudzph.net
eaefhjsshfizykoitqzxebyd.com
edavngwvqedszgoi.org
effebtihtaezri.net
ejmdjhjopkk.org
ekxprzsagpcqucbj.biz
eltlwlrgmxkreqdl.net
emwjbaocuzxzvsda.info
emzcxrfnxmogtkb.org
endkrcsrgdxsizwvwiyxh.biz
enryeujwwitdduv.org
eopbjrhumeoktv.org
epcmhsipmfkfyqqmdmh.biz
epnarpyeigqkjnshcvxkw.org
epoxsltiunrrsqxdzg.biz
eqcvtnbmeikjsgh.info
eqeldkwtjewvenufjhdrju.org
eqznclxqldiuwmflmdyjyku.org
eratoirezuubwgpled.biz
ertxesgadpbps.biz
esiputbpgrwj.biz
eswnbbpdzdqqnlv.net
eukvwqet.org
evcwtxgfsz.org
evsrnjujotoxefnnwnvdi.biz
ewgiwunhalqq.com
ewvfhtynigrfemzynnquuxrc.com
exjdwqdijpbviegsap.com
fbnrdqifvqglsu.net
fctcmkaosuigsfns.info
fcxzxtrvvkolacds.info
fdymwocojutqlc.org
fgpvvwmbemsyhdjudoiko.info
fgsbgsgnfnlkbzfxry.info
fikwumsescnqi.net
fkaetutctajqz.com
flmmajzfcdtnbyiifgaubss.org
flnvbapoqupuoqiecryui.info
flsuaujeokqmxxtl.biz
fmjeouemffwymtouniqtzlb.info
fqeloibbkijoxnmfujrmchn.org
frhbujxkiqcdsujjtfo.com
fushuakqvwwdi.net
fvxhvuqhw.org
fwhanmbrh.info
fwxaaelhuzveweeypdd.org
fyphwfrhoojfukujna.org
gdpulqjbzchkzuaumu.info
gdzvtxncpbappzyszhwgjmrgk.com
ghizpxpxdwynsgjfxciooiz.biz
ghphbmvrswddtbyihetqtkt.com
gjfujbtodcwfslaaukawedolb.org
gjitkardmwnjsvxargctwda.net
gkaczczgbzglwwsp.com
gkhmrzablkxgsgbzemagnst.com
gkuxxsbueebpttvsv.org
glnimsywpmjdtcwcpvce.com
govknfyq.net
gpmrilmwzpw.biz
gtuxwacuzutgdcvwynkfwofur.net
gtwfxfowbzfiskqrz.net
guslwztrknhey.org
gwbzbfjfwrpgnrrnkiuu.com
gwqkgjueniiw.org
gwrvdcmezrtqkz.com
gylhfqmuppsuhbxyvol.info
haipzcsaaw.org
haoadyojsuynupdv.net
hazovvbctmpkaigwzdbtpve.com
hcqgbstdfbrrzquesvqitfo.info
hdabxrzybrhrtwvhkoukanhp.net
hdkydaetwtimwanmbil.com
hdrmhiuvkrnbynsnwif.biz
heejpgmufleoobjaz.org
hhiqrbwikde.info
hhuxqnkhobk.biz
hifswzqkxomqsy.com
hjaenazucuujxsjes.org
hkgayepran.biz
hkvbbwwrnqfltejo.net
hllxvjyraolxwatnzgrrclxnm.org
hmdemoqnxclfylwmatgmayvo.net
hnrwseefqmcgvbkdelzpbo.biz
hnsyvfdwzmiezpltxle.com
hqcfhffufazlcxshfgndbtle.org
hqkkokxmfmeejnmfh.net
hsmfxvvatwcepimvhzcubonku.org
htcafayx.info
htitiwhz.org
htjobznedbvsyrxhrnxsuuc.com
htupzivadbrrugozbo.biz
hulnzjuqdcdbwm.net
hxaajuakzdhc.info
hxioufjxrkgrycqfoubq.org
hyfujxozzmvribmcgq.org
hymzxwynyodbzzsq.com
hynhtikkccxclja.net
hzuuoppqzweciihwzzxfkjx.org
hzzhmzthtvipqchnwst.info
idjqaehjbmloughsuajvnycig.net
ifmdctciqdbdkeunepxbtoh.org
ifrbevjxgpibivny.biz
igprkfqoahrwuwwenga.biz
ihyzsusqstpvkiozncgaer.info
iildjojv.info
iizoywdfpqqyvuholdkrdlt.com
inrjlqhfcppl.biz
ipqhoitcofreuaw.info
ipseufjthimbkums.com
irqidesqgnygqtcdugwzg.biz
iscurnkxwmeioluxjbeqzi.org
itsprthrlj.biz
ivdcsnrjyve.biz
ivozzyxrglemszgp.com
iwpztzdirrcswfffuz.info
ixzfsehxymdwoctbmpfvlnt.net
iyfcqmilzziduxxis.info
izcwjnzolvljicfoxtlsgahrb.com
iztlcqlnlkjnepx.biz
jbbimobhy.biz
jdiyplexsuidttthq.net
jdjufralkxycbd.org
jdxwystfoysfoatkrbaq.biz
jfjcczxrfnxmpkrjfpcti.com
jfzxsxuccehrvmcuyezqlsnd.biz
jgxcvpxxvfkxkgyyxwkiszo.biz
jhgjocjfzrfrkpfa.com
jilfvhulghmldxmb.biz
jjaaayctyuht.info
jjjytfyukuq.org
jkfwblyuudzokjxuqssafx.net
jmejqudwkubirvsy.net
jmpazjquptializpeqvko.net
jnleevbnw.org
jnofyfbuatidgx.org
jntsstaent.org
jooboolamtsrc.info
jotlkdetazjbguiwrumisclbm.org
jpsqiwrqrlpnws.biz
jqetgldohtf.org
jslunhankaucxtqurrhh.com
jsnrmrzwiulbmjpniafmbsheu.com
jueqsawtrmmuunekrrcq.org
jupuxithey.com
juxxtmfqglytpasipoaeyy.org
jvtbxfbbwtmrrejwsddgxeykv.org
jycdbcoesjxwlp.info
jydcwqisxfyrjmfir.com
jymcsgvvtuymfbcivegnqacfn.net
jyuzunnhexaomxrmgrribs.biz
jzcowelbahxhkriiu.net
jznilwezhqwdp.info
kbmzfpdldmu.com
kbosdcngilxherzcjracf.info
kcbcjiqpsnlclteqrt.com
kcmdsrapukosxvqnb.org
kcxkytenhsbbfipivtqrff.biz
keclupjkowxvhuoruxfg.net
kefzygrqhnz.biz
kexrixydqoibdoinlvko.org
kfoslwpowndfynniakfsl.net
kfqdcqnqvjbyorincefhunzl.biz
kgqfvomsdryidiisnohzox.org
khckwekpuz.biz
khshuxmjvksrtdioayfccf.biz
kjlwxohznhumlg.biz
kkkaiwxhdgbaiwlykty.org
klcffeqxscmusnih.org
klvfokpnhhrcffzku.net
klwaktfvjlxcouewykh.net
knwhcavphtyo.net
knxucxmmbdbc.org
koknuifnkkqufey.info
kqegsrnuqkfkdjj.org
ksnicjvlrhzotedcdn.net
kuoytqerl.org
kvymnmtibcfcbbbeirwooeqn.org
kwrnopve.net
kygiqwangjhmfubihirqzij.org
kymweibf.org
lahvrqtxwzumyk.org
lajbzlbajpbdfuozf.com
lasazlpcvgp.org
lbllhtzzkdj.org
lcfwdtnllymlsivaq.com
lcjdztsvtpvslcbiw.org
ldeyemzftw.info
ldnguqze.org
lduzvkdlffurwsrilcqvjj.org
ldzhpswenibh.info
lehstpxdpgoamjzcntep.org
lelottcmwyjtvfyrcmstyfsiq.info
lhkbkdwfobolbtgkwmppddj.net
lhmxrricfgzptmdo.info
liwxxgwfwcat.org
ljeuytivodtpo.org
lkqxtuydhmdydof.com
llbkeikzi.com
lmdfbabllhzcfdomogl.org
lmobmgojiixxvdhttbd.biz
lndfafga.net
lnipthvpuuevtpjjrr.com
lphpifjqkxgbwujddeeotnost.net
lpoasstpeapqwlgfjfknbn.com
lrgxaolwjgyphvrpotgdvpfv.org
lrprdhtrdblh.net
lrswryeupx.org
lsmoabctpkvzjba.info
lsqktqtprzseynhul.com
lsuliwpuhovocjeyjxlggotft.info
ltjwvzqrpjvyuxqjzlqua.net
luechmulyvf.com
luikilvon.com
lukfoqiydikisdi.org
lumacifn.org
lvoehgcusmdakxibeuogk.com
lwmznghqjaa.biz
lwzwsesaioejpe.org
lxzmqekbptgcpsus.biz
lyfluldfiwtakte.biz
makthjbmsdmxjjeixxmdwhv.info
mcrhvpuldrv.biz
mcvtsucdkdexvztat.org
mcylugomws.net
mdgfayonwwprluzutlcud.net
mdmzcbwcxcpl.info
mfzmmtce.org
mgtmepsh.biz
mhbgnhmirheajbpxcrye.org
miqxvurivmbafn.biz
mjhoddxzwopcte.net
mjrkrzrllw.biz
mkkpvpwiedngddkf.org
mklkctmlqsryerhltxebh.net
mknruohpybjoftrynlrau.org
mkypstyoxfmwtrtl.org
mkzwhhgtlpv.org
mmehdtigplx.org
mndfoyaki.net
mnnhiwdrhauaznrjupfsbvobh.org
mowgvjbpsy.org
mplshrxao.info
mpqigifiz.net
mpqrxtvvezirp.net
mrulgixkbyf.net
msirddguztwcbgaeyjo.com
mxekahcaolryntmhrxpk.biz
mxpxgjccypbkkfwbvmtqn.org
mxzfskyrnrffd.info
mzfytemhhblvhxogdmc.org
mzkmapyqrlzvuwgmahhsmt.org
naehfsulqmbygdtysyjmwpt.com
naomzsozcnhq.net
nbuctocibbdu.com
ncnytexdsbbvfzisuxpjsav.info
nctozektfzwcqwibbyhpdvnc.biz
ndwdvaqfbaqhcbqhftucguzm.org
nedtcijnkfkocxmcrhua.info
nefqqyprbxaauwisqfkyj.org
nejzjggdqrbbcfedhkxxz.org
neowqmityaqihykzbqyfc.com
neulltaruzfbbwnbyfvul.biz
nfxsdjabpiwcbnshsgc.net
nglwvsihfrtbvyqmmvychjn.info
ngpnfcclxidhnuzpmujdtclw.org
ngtocpmubklcugmzcof.com
nhfthajezrtuslvso.org
njfsgumdatyliog.org
njgultjrneepcbcsrqpzsrq.org
nkcvcsikedrjizdplvt.info
nkskskftsiggbk.info
nlxdabwkpdbooquodki.org
nmeroxowj.org
nmvvrilkyhak.com
nmyqlecpanmy.info
nnkshwsqzgvitboysa.org
nnnphltbcuo.info
nobkohbokeayuitwk.org
npcjhyiupozmqoabmljck.biz
nqrnwiyjiay.org
nssdumyndmad.org
nudgtyrfnvqu.org
nvkeqlsaj.org
nvlhgbkcskmtaoexlgvl.info
nwqyqzbsfoyyjhtbzudb.info
ocbktyoi.net
oceawikaebxvxyosjjofwiqif.biz
ocmplbti.org
oeqajtiwbqtxuocalupx.com
oigfitabyloejseunihz.net
oigthpau.com
oimcrpvzrznjnwiguahlgd.info
ojhnbzlgrtbwjnjaoyuqctp.com
ojpkvnwrxckqbdjih.biz
okarmcbswinyvvteqtm.net
okqqpzqlrcj.info
omxbcfnzknajbhinbx.org
onfwmtjfntfzp.info
onkpxxrpkpialf.info
oousvdmgvhj.com
opaucnsdqildltwkdn.org
ophnahzuhvdmsjqlvezfd.com
oqlklnrmqopworqwusmj.com
oqohdtcxtlpxvthlsbcuo.com
orktsorgl.biz
orrpzvlwraratqpafrubmm.com
orrutqzk.com
osnktkctrsevlgtlnabcmzruo.org
ouagsnzrufivcvotser.org
outtmnnehqvgjii.net
ovnjggzukjzztytqxjzxvc.net
ovqxcwjrsjefvwdiidxgogy.org
ozwltevtjzxjt.biz
ozydpbfdhamhmjttpoeznwti.info
pbalyyzgn.com
pbpjimhvwmniqpaw.com
pdyuprhliobvyrs.org
pfjtpbryzatrworwajvsn.org
pfqwzqznuwetcothstxetzj.com
pjcwxgzpywynuddmezhalrvi.com
pjzvodwnnfwvc.net
pknnplzpifjzqrp.net
pltkfzydzgq.net
plwojsoe.biz
poichmsozhrmrb.org
powdghbmebmtou.org
ppoqimdczdfeioahu.net
pqauivvcwemjsjsaysubsxvss.net
pqeeemnwwbljdkv.biz
pqjnydrzvkdruwe.com
pqqejtqyrspdwykpbdqrztm.org
pszdvxpphnkowhgcyl.com
ptltetfmogk.org
puikbmyrzmq.net
pwrqxldt.biz
pwyptbouropchk.org
pxtalcijztbzkdhl.com
pyivcvbrcitebglwsj.net
pyuhjuenemw.com
pzerkliaifltkqjldgallqic.org
pziqexexorsnivchiaedsg.org
qafbausui.org
qarfwazr.com
qclzqwik.info
qdavlycfepldabbu.info
qdvcflxmmqaqcqnh.org
qffsvjveauqdibxls.biz
qjlduffytkpextsrsspdzib.org
qkhuwebuavnznbkwhqkwya.org
qktkcrstg.biz
qnpbpgxubtvha.org
qoaufydnlylrbcyyfmkkh.biz
qpdokcamgkyik.com
qpismvbqpssmrbldnlx.org
qpjoalkgryossphy.biz
qpxyarxubyoaeqcqvfp.org
qqxuduyppnopmxnrpswo.org
qsgxvqvtmcuodfqh.org
qtylalryxuwrbepgtysprzz.net
quihkzkiyaejfvjgkrndfxy.net
qvbzgzpepbtrfmmjfbvxugz.org
qvehoshorduwvctkazqqcdv.com
qvpycpittj.org
qxwremuzjzhwcwj.info
ragoczttbbrtcyltd.biz
rcbpkoefkmcyvpowanqpaobn.biz
rdbfkqdzgbic.info
rfcrgwuhidyhwly.info
rgonwxjypbmptqbbsgwkfn.org
rhxfauifsjar.net
rhyiwzaynbbelicajmrdmr.info
rjtahlvqthrtlgkjaqabxbyb.info
rkusvwoqpry.org
rodoyrfnomvnsnmawqaime.org
rokhyjkvq.org
rpdmlfrpwmjwlwgnbnykrzp.org
rpfkesskzdjjx.net
rpieyzuifbhstpifte.org
rpiqbnud.net
rpxnwdgtongq.org
rsjmxhikfvusddm.org
rssghfoaew.biz
rtomwyusyce.info
rvtscshajlanmdiwtztslcwnc.com
rwbknoanpmlnpdzhmvjyla.com
rwtstknjnkpqdmuetuwv.org
rxqnvepjjdqodpjegrpkfw.net
rynfpjrrs.biz
ryolmmvvomcorol.com
rypprioitwerotrunje.info
rzbnftxgkqoffk.com
sbldbssdqutdrtlw.org
scdqywvlnitgdkgug.com
scfejzfocx.org
servvkghpllat.org
sfesyyynqpmhryplsn.org
sflylnjpaoilzpjrlbjgssxl.com
sfyizhwtelf.org
sgaokwpsnslozjjbdsvt.biz
sgfvorcprtwtujbpczxvzeyv.org
sggddqdmozbuixkbpokh.info
sgtlbekgdzspotwwvfg.org
shcvbrpcrni.com
shecnjkzmcrjqbryblyptg.net
shvinbmkksmxklodeutyjdnbs.org
shxupgpxqlxh.info
sjnnzyad.net
skcbmpkzljdzkbyuxrtwpb.org
skpkkwvttytbctxetkzvh.com
sksrhjulp.biz
skvzbfgusbmahnotfue.org
smamptdaxgz.biz
smnwptuouasifw.net
snjwxplzohvbfpqeeoztgdwx.com
soofssozlgpbbz.org
spbdarxermrnersdfewg.biz
spjfwcpwxkxtzggreocsq.net
spshdnwsxkuymy.org
sqahzasvxlfqfgmbhaprfa.org
sqbnndxmoc.net
srnzoxkacbjohxjl.org
sryrwtifuglkpvkjdvgqjpbg.biz
ssmckiqqpzqn.org
szginnbzrhkse.org
szzadlmd.info
tbsgkgixsshsgsjwscdn.org
tcpdboqhjbfftjstbkforwv.org
tcqwuuayhp.com
tdqnmrlhfnmtysgs.com
tebqjuia.info
tfgcuspsnoznu.com
tgvxlsvicnnwapcjigaxj.org
thdbretlq.org
thlpitecls.biz
tmkooywjpizgjdtchjd.net
tnisfdagvkerh.com
tomolina.top
touyxddlmrgwwhdoqrnlrkwr.com
tqdtwhnveviezdaf.biz
trnlbipit.info
truktkqrhbqid.com
tswcpdxiaaz.com
ttymwcnfmcnicqdrhvw.org
tufrrgtzwfznsevqszvcgzi.info
tunxnzqkjdysh.org
tunzjiguolrbgfygybvvxsn.org
turwhuvoxibkfrlglil.org
tvadlncsdjxxltxaev.com
tynxgljfmcrxqkcjpyvnaip.net
uaviwxxtrxdrbxdg.biz
uctyrcsplfjwfa.info
udoolbsgdz.net
uebupsjj.org
uekwhyuqyinnqxqwphkumxz.biz
uesotgihodmiegyawqhwyq.info
ufzlxzxjdhgujuhdengrcjti.com
ugnnzgbirvceq.org
uhohcemnaasfwaxmho.info
uijsohwjbt.org
uimlehvhuwtckjgpdgig.net
uippsfkjsfava.info
uitwzhlmqqidusohphmmi.net
uljhusbzxceqkuywneumuax.com
umfqusahtislcw.org
umgkxgjjccmkftfuyydsdt.com
unbucpzfkhtrtpriuf.info
upvpplonzfcohfsqp.net
urrfgttfkt.info
urzomvebcg.com
usbvqyiimkysdxrversshdh.net
usreptephplkslqcksoc.com
uuekjnpzghqjfhl.org
uwfkrfstac.info
uwfrunztleskagatcrnh.biz
uwnfcxazbxmeoenypvajybw.net
uwzegrombv.org
uxrbzxnfjgurckgjtkeqnyed.org
uxsraytgcjwyskr.biz
uxtbmhaks.biz
vayhubxbw.info
vcjdgulhecshnzi.biz
veolrvpufhfzljpdwkvxccv.net
vexjhmvqrgi.com
vhcbandfcftdazbri.info
vhdmonarrado.org
vhezumefmfatuigafujygp.org
vhfrymxypwcrxaioki.org
vobcbqhyuvogywqftopafzw.org
vpidrhbcvo.com
vpwaikvtragkhcwamnyt.org
vqjfwzerqcknenpynl.net
vqltnastlljytybsc.org
vtytihfrdyvdgv.biz
vuzipfwyqdzd.net
vvjpyatalcjosncfswymbum.biz
vzexanktpodazsnnlpbfmrz.net
vzglenxgohsgb.biz
waaxrjidhkfxuemibynhubns.com
waduceefuteakxakjrj.com
waszjghtecejuhhx.org
wavmntdslimnqbrjvillbq.biz
wbknjfjmq.net
wczamtfsflkfohxyh.com
wdxgxetzguprpjkzfqfib.org
wedaikjieytoxjpbcs.org
wezsceqwyiqmxoorfgsiad.net
wfnyzfwjlarffupafqh.org
wghevzwbi.org
wgmivpaxszuqdtlszogo.net
wgxhfkmetcwnxaqnlhce.info
witlqzmflvnkvxxrumrmabhi.info
wjbsosgwpaszuam.org
wjokjjoehamrj.org
wjqyvotzzvklkwtbru.info
wjyusebg.org
wkxjncowhilaxwldnkrrmhq.org
wlgnizoxmc.biz
wljciumueorhdyahoqtqg.net
wljqpzusmjncsifct.net
wmfekfrfmcuaiosthrxu.com
wmugkabwaqggadtukqc.org
wnrofpeaaidlwjrhhvvhzb.org
wojwxbefozrxuaealwzv.org
wokemvaulr.info
wokgdohouytso.net
wpcdbnpoqlhujpljypwam.net
wpioqqyhdttoymcxkredun.org
wpktydpdserqqtqpzt.biz
wqwmfbmqslhhehywdsurbnrkl.org
wsyppucgwqasui.org
wurdxhrnpwnhszaqa.org
wvfhzehorjavobcqpfepf.org
wxxxaygzqy.org
wzhjrmltv.com
wzijegwnfntz.info
xajcyxnxpbtvvftzjlpbx.net
xbgjtjobsmhzjvxolrhkgjtmt.com
xcbgnskeshhl.net
xcfpmffqnl.com
xdvncbxixf.net
xecdnvkulcivqnrfe.net
xecpgrctubln.info
xghkewefnlo.biz
xhuwpbolthec.net
xjvwkfraknaq.net
xjzljeivxdj.org
xkspmlhpkun.biz
xlrkfinbg.org
xlrpqxpedtzmovg.org
xlvyrxovunqmgebpooa.org
xmxerhadcszdwflkzjiceyygd.biz
xnsvifwxaaybujgrqfua.org
xozkqvmwnigpqiuktkptczky.org
xpruaozmqblfelsgddsskxxig.biz
xqkwqkodtayamkjoixkiawen.net
xrdhzlauvphjqmcvpxek.info
xrfjugxsxbnhircpflvefheam.org
xtbyaoluropgpixgkgqpgfg.org
xuouxufwdc.org
xwnijtzlb.biz
xxydrcdwjrwjsypxkxcwr.biz
xzxhsgrosg.com
yacuuhnqueydv.org
yemdfaaqkx.org
yemjxpeuktedx.biz
yfewlzvusbnjbe.com
yhdaxgxeeoxrhvimztuop.org
yhzkksdxobbohxdduviyccang.net
ymhuflysgalcfslxuytw.org
ymqxnfexxnkhxnwfrbsmgzfk.net
ynjqwpctck.org
yochogqmsezefrgvwpooutxc.org
yogzmexdo.net
yqdcptlg.com
ysawukcqielkkhex.org
ysqoogvpyldzmpfrzcqy.biz
ytjbibnfhioqvidkzo.net
yuttlgolfvhibanlf.com
yvsbbmpvyneqhekn.biz
ywhxqqycbzckobqfxbfzs.org
ywkbcxeuykgtvufwgszllqids.info
ywnvjmhrj.org
ywvmqojpwfrsjgbastuv.info
yxidxyfpku.org
yxmdebplgrzpw.org
yyedtxypjvtavkajopol.com
yzumrdunsufkejji.info
yzuohgkvvrwg.com
yzuxgrzcnlehbacuxh.net
yzuzswfkybcmllnel.net
zacwqqhncqexqjadumva.org
zahdnhgplnetn.org
zajeuxlxktecpfdufl.net
zamsdfedk.info
zapdskypqh.org
zayaugajoxoks.com
zdaogimfst.biz
zelwyuspp.com
zfnynhejdfgi.org
zftnbtynaoknwtsbofkh.com
zgdhrdaprvjrif.biz
zgxwldddahkwchag.net
ziikvoezcers.com
ziizkpbcdwj.biz
zityycicpmqlvh.org
zjgzwkigkwwrgtwdxfk.net
zjmsbmstwzk.net
zkhedomcvpaiv.biz
zkwdxdoycewkr.info
zlcscgtoowvesekleekcf.net
zmhwiefs.net
zmrauphdxmsccixxibbkhvejs.com
znkfilhjqeqhsboodd.info
zrdvokaejotebulk.org
zrkgqscj.com
zsbnszpznxdazxxsmd.com
zsjoscexocaz.org
zuddtvhjjasccucxatyzboslp.biz
zuykkenbgcpz.org
zvupswjpudcmha.info
zwmzdpqgawlwod.org
zwxgddqmfksudxflzkpsju.biz
zwypqkceqwtkpcjzwfidvq.com
zycmganctze.net
zzhgvaxvsvkaekkxzlwqncuh.biz
zzmghnkpfbvikfqjmzlz.info
zzmlwansfyuccivdfscnhcsr.com
zzuslindidfglfxdvpn.org

# Reference: https://www.virustotal.com/gui/file/aad98f57ce0d2d2bb1494d82157d07e1f80fb6ee02dd5f95cd6a1a2dc40141bc/detection

springahate.at
springahatee.at
springahateee.at
springalove.at
springalovee.at

# Reference: https://www.virustotal.com/gui/file/41cd80f3af46a6a0c0a005d1ab5649f6019f069a4d4112253383f4ac84317a5b/detection

185.189.125.22:56131
rastreio-correios.com

# Reference: https://www.virustotal.com/gui/file/03f554fa05a43c4f4ef9c791faa2750a422ee8a8c14ec6a6b57f6fc4da620340/detection

185.213.175.106:48000
58.9.110.19:46462
dump17alertos.com
dump17alertos.xyz

# Reference: https://www.virustotal.com/gui/file/e9b9c765a2ef65df753660eb6748293dc4d178d1c9c0704b45f770aaee5f1e02/detection

185.203.116.234:4035
ok22asddvr.com
ok22asddvr.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.ares/

http://142.11.236.77
http://18.142.254.96
http://5.161.104.72
2.58.113.190:8035
34.121.161.18:5900
47.242.51.181:8080
5.161.104.72:443
66.42.93.127:3306
77.68.91.91:443
academy.marketing4ecommerce.net
goldmineonline.co.uk
h91.wpherc.dev
host.wphercules.com
winedoscom.stag.tempweb.dev

# Reference: https://twitter.com/owenkruse2/status/1753865039998746926

http://47.242.51.181
47.242.51.181:9009

# Reference: https://twitter.com/JustWantToQ1/status/1786704286128161255

103.124.105.246:808
103.214.140.15:8080
103.228.64.114:2375
103.255.45.75:808
115.126.74.57:808
119.6.238.12:666
119.6.239.68:666
119.6.239.80:8888
119.6.239.81:666
119.6.239.83:666
130.162.137.254:808
139.155.142.35:808
14.225.19.116:50000
140.207.165.123:808
149.115.234.35:8081
149.115.234.35:8082
149.115.234.54:8081
149.115.234.54:8082
149.115.234.80:8081
149.115.234.80:8082
152.70.93.125:808
152.70.93.125:8088
154.12.29.107:808
154.211.15.205:808
154.211.21.221:8080
154.38.91.217:808
158.101.159.210:8080
172.96.139.194:8080
172.96.139.195:8080
172.96.139.196:8080
172.96.139.197:8080
172.96.139.198:8080
192.227.146.254:8080
192.253.230.13:2222
192.253.230.3:8080
192.3.64.148:8080
20.89.133.71:9527
205.185.123.25:808
206.238.42.151:8080
216.250.106.198:8080
216.83.48.118:808
219.128.25.2:8999
23.224.131.57:666
23.224.230.34:808
38.6.189.182:808
4.216.93.211:9529
43.139.120.91:8080
43.163.210.179:808
43.243.111.177:8088
45.61.186.55:8081
47.92.169.92:808
64.112.72.230:8080
64.176.80.30:8080
69.165.69.136:2375
69.30.214.46:8080
69.30.214.46:8082
8.219.246.185:8082
81.68.216.37:8082
91.208.240.108:8088
91.208.240.132:8088
91.208.240.63:8088
agent.betwbb.com
betwbb.com
mx4.mailer.socialsmartie.com
viper.betwbb.com

# Reference: https://www.virustotal.com/gui/file/4a7d98590befe7f48428ee7a1017f74cb36aefb96a7ceff59a630c1c1b472439/detection

pm2pavba27wr4m34.onion

# Reference: https://threatfox.abuse.ch/browse/malware/win.ares/ (# 2025-05-11)

http://31.220.41.207
academia-m4eco.dev.tempweb.dev
academym4econet.stag.tempweb.dev
atrilevents.com
campus-thealbanycentre-com.stag.tempweb.dev
campus.thealbanycentre.com
cyber-c.dev.tempweb.dev
diarioabiertoes.stag.tempweb.dev
digestivovaldecilla.com
efestudionet.wphercules.dev
mindapplesorg.stag.tempweb.dev
neurotecaes.dev.tempweb.dev
restauranteatrapallada.com
sendock-com.stag.tempweb.dev
shabbyandchic.es
static.72.104.161.5.clients.your-server.de
studioverso.wphercules.dev
thealbanycentrecom.stag.tempweb.dev
weloversize-com.dev.tempweb.dev
wondercat.es
wpherc-com.stag.tempweb.dev
wpherc-es.dev.tempweb.dev
wpherc-es.stag.tempweb.dev

# Generic trails

/kpanel/connect.php
/panel/connect.php
/panel/upload/coremx.cmp
/panel/upload/data.cmp
/panel/upload/mxadspower2021.cmp
/panel/upload/waznvm2021.cmp
/panel/upload/waztn.cmp
/ZRNlFwIb/connect.php
/tor/keys/fp-sk/
/tor/micro/d/
/tor/server/fp/
/tor/status-vote/current/consensus
