# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: acrstealer, storm-2477

# Reference: https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/
# Reference: https://www.virustotal.com/gui/file/277d7f450268aeb4e7fe942f70a9df63aa429d703e9400370f0621a438e918bf/detection

http://144.76.173.247
http://195.123.226.91

# Reference: https://twitter.com/Ishusoka/status/1614028229307928582

http://157.90.248.179
http://213.252.244.62
http://77.73.134.68

# Reference: https://twitter.com/ULTRAFRAUD/status/1620158819023323137

videolan-web.org

# Reference: https://twitter.com/Gi7w0rm/status/1631756650234167299
# Reference: https://twitter.com/MalwareSearcher/status/1638096508686925824
# Reference: https://tria.ge/230303-y6p8daag4w/behavioral1

http://82.118.23.50
pcworldgetin.net

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown

walmart.lc
marketplace.walmart.lc

# Reference: https://twitter.com/Ishusoka/status/1645048767484239872

http://23.254.225.133
http://82.117.255.127
http://82.117.255.128

# Reference: https://twitter.com/Ishusoka/status/1649716132822089728

http://109.105.198.114
http://185.99.132.51
http://192.236.233.253
http://79.137.203.190

# Reference: https://twitter.com/Ishusoka/status/1652670103404544006

http://85.239.62.218

# Reference: https://twitter.com/Ishusoka/status/1655156071168655361

http://185.99.133.246
http://45.8.146.130
http://45.8.146.213

# Reference: https://twitter.com/g0njxa/status/1658488606485540865

http://195.123.227.138
anysoft.live
virtualbox-vb.com

# Reference: https://www.virustotal.com/gui/file/2dc0f50fa7eb53be17b578fbcb66a5ec8c40d250fd9be7b2b96663624fa4dba8/detection

gstatic-node.io

# Reference: https://www.virustotal.com/gui/file/9ee6c9be68204aea85dce08e6ba8c9395f827f22e5f3ee430172abe9ea5fbd0b/detection

aloowforest.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/

http://168.119.4.83
http://217.12.206.230
http://217.25.91.15
http://45.15.25.190
http://89.116.255.182
http://94.142.138.78
http://94.158.244.69
1private.pro
91.215.85.210:48237
agustfreeday-my.xyz
clonecloud-my.xyz
crazypictures.xyz
demomoves.xyz
extrasofts.org
fastcloudlife-my.xyz
flowers-my.xyz
gservice-node.io
kellmda.click
many-verses.xyz
private-cloud-server.pro
skicloud-my.xyz
speedtestip.xyz
stoppublick.xyz
vipcloud-my.xyz
worldofpoetry.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-07-27)

dodgeavay.xyz
gbbsoft.xyz
jonesleming.xyz
jornesfree.xyz
laynchcontrol.xyz
modifesistem.xyz
privategame.xyz
promocar.xyz
promomilk.xyz
scandimyth.xyz
slading.xyz
traftech.pro
viemon.xyz
westwork-my.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-01)

colomndead.xyz
fingerstile.xyz
sloumotion.xyz
trapmusics.xyz

# Reference: https://twitter.com/1ZRR4H/status/1686659981389463552

http://107.172.0.180

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-03)

exitfile.xyz
flaydoor.xyz
sinopticday.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-08-11)

acecnouwglass.xyz
acexoss.xyz
balancelag.xyz
beerword.xyz
blockigro.xyz
booxshistr.xyz
boxhappines.xyz
cloudsaled.xyz
colomna.xyz
coolvtf.xyz
costexcise.xyz
coursenote.xyz
dashminimaltokens.xyz
deadpip.xyz
doorblu.xyz
elitewin.xyz
exfillrar.xyz
exitlife.xyz
fibrodoorsbig.xyz
fileforex.xyz
fisholl.xyz
freeace.xyz
frogswordsale.xyz
gapi-node.io
gitarlessonfinger.xyz
glitchmoon.xyz
glowesbrons.xyz
goldenwalstk.xyz
grossvp.xyz
kpsshistoryone.xyz
kudoflowers.xyz
linesroom.xyz
lowwesprion.xyz
lpsserversonlene.xyz
marketsale.xyz
netforyou.xyz
phonevronlene.xyz
programmbox.xyz
proxyindex.xyz
quotamoney.xyz
scoollovers.xyz
seobrokerstv.xyz
sieratools.xyz
simesmile.xyz
singlesfree.xyz
sonyabest.xyz
starold.xyz
stormwumen.xyz
survviv.xyz
usdseancer.xyz
woodcat.xyz

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/08/old-exploit-kits-still-kicking-around-in-2023
# Reference: https://www.virustotal.com/gui/file/07e06e8277980a60e595da9cd9e03a4ecd2e8f8bdbd3cf5c930ab878ac5b0836/detection

solopodvip-my.xyz

# Reference: https://www.virustotal.com/gui/file/113627a5c1f4faf1e6010c36abfa0b2acefb5632bd827b13444f6d69a387c15e/detection

update-regb-service.com

# Reference: https://twitter.com/1ZRR4H/status/1692149286048616567

checkgoods.xyz

# Reference: https://www.virustotal.com/gui/ip-address/194.87.31.176/relations
# Reference: https://www.virustotal.com/gui/file/c9094685ae4851fd5a5b886b73c7b07efd9b47ea0bdae3f823d035cf1b3b9e48/detection

lazagrc2cnk.xyz
ocmtancmi2c5t.xyz
update-vinc.in.net

# Reference: https://twitter.com/petrovic082/status/1694264617772458363
# Reference: https://www.virustotal.com/gui/file/51925d36298a3d9ceac6067fdc1ba1f799ef5c53553be95d6827192df0700d80/detection

randsoms.click
hopvibestravel.co.za

# Reference: https://www.virustotal.com/gui/ip-address/206.233.128.77/relations

51doudian.xyz
aidoudian.xyz
diyidd.xyz
dodiam.asia
dodiam.live
dodiam.ltd
dodiam.monster
dodiam.one
dodiam.online
dodiam.shop
dodiam.xyz
dodiamhub.xyz
doyoudian.com
wpshub.xyz

# Reference: https://twitter.com/g0njxa/status/1694754823378227312

selfmicrosoft.com

# Reference: https://threatfox.abuse.ch/ioc/1152241/

fullppc.xyz

# Reference: https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/
# Reference: https://otx.alienvault.com/pulse/64f1e91a2dd9db4bd3af8ce4

buyerbrand.xyz
lazagrc3cnk.xyz

# Reference: https://twitter.com/1ZRR4H/status/1701296924471529508

acsfoodthegood.fun
activlessor.fun
adavefrees.xyz
artificialleath.fun
arvimon.fun
assacurajob.fun
astrolco.fun
bakedmatela.fun
balancebordrt.xyz
bearboll.fun
blessdeckite.fun
blockall-my.xyz
bloomhome.xyz
boothroundupdow.fun
bottlewattoh.fun
brockerby.xyz
campphotos.xyz
castomdroms.xyz
cfgy8uj.click
choserowboatfly.fun
cleanvr.xyz
closhemone.fun
coinflore-my.xyz
coldwinded.fun
coolfingers.xyz
coolworks.xyz
curtainjors.fun
cvadrobox.xyz
damageagio.xyz
demanddeal.xyz
dermrtv.fun
diavellipromo-my.xyz
divineservicecity.fun
doggyguffy.fun
downloadfiles-my.xyz
dropfiles-my.xyz
ellifotolive.xyz
equestrianjumpingfrog.fun
faircoupon.xyz
fartyfun.fun
feathspacesaf.fun
fiancejiveimp.fun
fibrodoorsbig.fun
findyhuman.fun
fireworld.fun
flashpool.xyz
follovertv.fun
footfetishlol.xyz
footslou.fun
formiklass.fun
freesco.xyz
freesoftportal.xyz
funnycox.fun
gamefoods.xyz
gaspatchommm.fun
glowesbrones.xyz
gogobad.fun
goldsboxss.xyz
goldtokensool.xyz
gougeflying.fun
gunstormonl.fun
hedgedecay.xyz
jobsvac.xyz
kneesockrod.fun
labourcakefrt.fun
leaseagent.xyz
liveswords.xyz
lockguard.xyz
loufuelscom.fun
loufuelscom.xyz
luidelyator.xyz
magaway.fun
malenursenect.fun
markuschop.fun
mensmoment.xyz
microflawersj.xyz
milkwithlacto.fun
momsikret.xyz
morefilmsfree.fun
morevita-my.xyz
mrcrubsaf.fun
mycollection-my.xyz
noisemakjelly.fun
ollfiles-my.xyz
petsgamess.xyz
piplexm.xyz
pizzasison.xyz
potatomeatball.fun
productionbio.fun
reconphotocolor.xyz
recordbell.fun
resistangroupee.fun
rovengold.fun
satanakop.fun
seededraisinlilinglov.fun
seobrokerstv.fun
sevenzk.xyz
shoppervik.fun
slimtvsocico.fun
sloumitionvideos.xyz
statehaller.fun
stoptme.xyz
superyupp.fun
svaproot.fun
thuspulllig.fun
titanaquaplus.xyz
toastmastone.fun
tobeornottobe.fun
toysforchild.fun
tritonbody.fun
usdseancer.fun
valleydod.fun
vipmusic-my.xyz
warnger.xyz
weaselplacerif.fun
welcometv.fun
xwomencalor.xyz
yachtracingopt.fun
zetmountsqr.fun

# Reference: https://twitter.com/1ZRR4H/status/1701141801401299268

documents.notificationsapps.com

# Reference: https://www.virustotal.com/gui/file/45d9b1765bb06ead1abbc6f8817c009fc3d15ebe1f71d3289f2c10e1e1afb343/detection

qptr.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1701832039995949127
# Reference: https://app.any.run/tasks/ae7fbdf2-f5e3-44c6-8718-f18eddf05c54/

gapi-alpha.io

# Reference: https://twitter.com/karol_paciorek/status/1701592162155327720
# Reference: https://www.virustotal.com/gui/file/10edcd9c40ca57679c78fc5a8a08bf7554d5e41f58f2aa19f299551c7c601601/detection

18866-32530.bacloud.info
sisadmin-my.xyz

# Reference: https://twitter.com/g0njxa/status/1702262724414050537

blockbeerman.fun
gaspatchommm.fun

# Reference: https://twitter.com/g0njxa/status/1702444978503360989

dedoxtrone.fun

# Reference: https://twitter.com/Jane_0sint/status/1702479372261683399
# Reference: https://app.any.run/tasks/409f5138-3853-4910-80d4-3c380b969274/

gasfpa.click

# Reference: https://www.virustotal.com/gui/file/301432e6053a0f092e8f5137a97ef3543934e0f8e200bd0c7844886e4c72e7e9/detection

treepledeeple.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-16)

glinkgik-7.com
hinkli-5.com
jlinkjk-6.com
link-45gik.com
link234-33.com
link43897.com
link5467.com
link76h.com
linked-42.com
linked-66.com
linked-88.com
linkers-92.com
linkhj764.com
linkjshw-4.com
linkll-11.com
linkll-2.com
linko8457y.com
linkqksi-3.com
notion-download.pro
notions-download.com
webex-download.com

# Reference: https://www.virustotal.com/gui/file/fe37f6971c59e02cfb250532fa1862bc58ce6aea100fbde5a7be91586eca2aad/detection

parrotorsk.fun

# Reference: https://twitter.com/1ZRR4H/status/1706747262993350752
# Reference: https://www.virustotal.com/gui/file/6a096c8158da4e2453ba68fe0f780c2e4181c01f125d7831fc5d58a77faf792c/detection

ocmtancmi2c5t.website
orkograkula.fun
stable4download.ocmtancmi2c5t.website

# Reference: https://asec.ahnlab.com/ko/57276/

holdbox.xyz

# Reference: https://twitter.com/g0njxa/status/1707079932977774661

firmpanacewa.fun

# Reference: https://www.silentpush.com/blog/lummac2

2flowers-my.xyz
blockspam-my.xyz
bondappeal.xyz
boxclod.xyz
catfoodbio.xyz
chocomeat.fun
cloudsnike-my.xyz
coolworkss.xyz
cosmosvr3d.xyz
culturalevenings.xyz
deeppoetry.xyz
dogshanter.xyz
downloaddedattre.fun
dromautocar.xyz
ducklingibises.fun
glaziercarde.fun
housegrommy.fun
jomanboy.fun
jumperstad.fun
lackbasinmu.fun
pearlbarleyhit.fun
politicuseles.fun
portlandcor.fun
pregnantflowers.fun
rarefood.fun
rosaryconbo.fun
royalpantss.fun
sausagerollraisin.fun
scruffymapleflat.fun
sendcyniaforeign.fun
socialmadness.fun
sodafountainpr.fun
startablekor.fun
talkinwhitepod.fun
tuberoseprod.fun
veinsmoter.fun
waterparkedone.fun
withdrawlecterns.fun
wolffunny.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-09-29)

erorblackday.xyz
rarefood.fun
rollbeamone.fun
rosaryconbo.fun
royalpantss.fun
woldwidesage.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-07)

begonblom.fun
blingaspireojhau.online
bytecloudasa.website
cameponceowa.site
decorhighsa.pw
destroyevensusp.fun
npskudlu.com
nursepridespan.fun
pedigreeprotone.fun

# Reference: https://twitter.com/JAMESWT_MHT/status/1710940736177238046
# Reference: https://app.any.run/tasks/2576c42c-072a-4914-bfa9-196a54940f21/
# Reference: https://www.virustotal.com/gui/file/5c7a5c97cb1ffcc16367dd9f43192485ec2f2d043fa83c69ada31235f3a464f3/detection

cystnovor.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-10-08)
# Reference: https://www.virustotal.com/gui/file/8b73f81b3dc549b0afd9f1147afa70c92cdf326e7b5a7b7b95ef60ecbc58d194/detection
# Reference: https://www.virustotal.com/gui/file/f8412c9a8d210409888fb0aed2120d12b4be1cb480cf24ed66b13ccbfef6d928/detection

http://172.67.163.21
aivoicechanger.cc
aivoicechanger.xyz
allcentrlizeqweq.fun
amerloun.fun
archipelagocelly.fun
arrogantcatfishef.pw
athwartchannelly.pw
babacloud.pw
bankedbaroloak.site
barbecueappledos.pw
bezstpool.pw
bloockflad.pw
bluepablo.fun
bluesaks.fun
bobbycloud.pw
boddyshow.fun
boldaus.fun
bookgames.pw
booudbras.pw
buggubucks.fun
builaos.fun
bulletforx.fun
casioblue.pw
castomarmor.xyz
ckylake.fun
cleansoft.fun
cleansoft.xyz
clearcracksoft.fun
clearcracksoft.xyz
codeofconducrasa.pw
comperssw.fun
consoles.pw
crossmuchscandta.pw
dannyleagy.fun
dayzilons.pw
defrosscrappeo.pw
diamondcrystal.fun
discussiowardder.website
doooldues.pw
duhodown.fun
ebalkayiu.fun
engrousf.pw
enouselr.pw
feedsuudenli.fun
fenduqs.fun
funnyorgos.site
funpayns.fun
gachimychi.fun
gonberusha.fun
goodmpore.pw
grasialoud.pw
gravellyroadhunge.pw
gursgars.pw
hawsteamjoak.fun
hellouts.fun
helpfulsteepyi.pw
herioteeakl.pw
hokagef.fun
hollconsole.pw
hoodblor.pw
hoooldanos.pw
hovelpubtrav.fun
howlcars.fun
inosthome.fun
interplaychoske.pw
jomjolse.pw
jooshorks.pw
kambuchaorjireji.website
keewoolas.pw
killredls.pw
knittinprophec.pw
koludsa.pw
kowersize.fun
kusmanin.fun
lemoney.fun
loobrain.pw
loodwork.fun
makrsides.pw
mambergame.fun
manguvorpmi.pw
membaers.fun
micelock.fun
momalua.fun
moneywel.fun
moomagou.pw
moonsterd.pw
moskhoods.pw
mouseblock.pw
mouseoiet.fun
mouskules.pw
musicallyageop.pw
naamberso.pw
namegames.fun
netovrema.pw
newsproks.fun
noladuer.pw
nshdpoud.pw
numpersb.fun
nusaproble.pw
oluaskaz.pw
onlyblack.fun
orgstekomnw.pw
osesuppor.fun
outsiderus.pw
oxygendwelli.fun
paintpeasmou.fun
paratositologis.fun
peersneaps.fun
plengreg.fun
proogreso.pw
pruvles.fun
quoolser.pw
realinghuhuhmund.pw
revivalsecularas.pw
ritzytaxypigefow.pw
robolorunerushe.pw
sensfixlook.pw
servkitchin.fun
skinnychattyfur.pw
softaipro.fun
softonyxx.com
spreadbytile.fun
staircompletemil.pw
steycools.pw
suppliepackas.pw
suprafox.fun
susohudan.pw
taretool.pw
teleportfilmona.online
tellindeedcurt.fun
temoolda.pw
tenselwhoevery.pw
terninadeshi.pw
tfestv.fun
tipsydulljaui.website
tirechinecarpett.pw
traillit.fun
turankil.pw
volkels.fun
volkstera.fun
voloknus.pw
vporanu.fun
wakeupperion.site
whethergaseoatra.pw
willowa.fun
willywilk.fun
zamesblack.fun
zoolboues.pw
en.softaipro.fun

# Reference: https://twitter.com/James_inthe_box/status/1711390043821232196

http://172.86.98.101

# Reference: https://twitter.com/r3dbU7z/status/1712335701541257565
# Reference: https://www.virustotal.com/gui/file/50c61ca23c68af02c0146978409a60912ba6cfe4ee31d5d6be736a92f4f0c8d7/detection

signalknockrio.site

# Reference: https://twitter.com/malwrhunterteam/status/1716517330602033659
# Reference: https://www.virustotal.com/gui/file/a42303a1baa0b48a95f6eaf6cfba9cef523492d078692cb2a1ab4889337624a6/detection

senpaireek.fun

# Reference: https://www.virustotal.com/gui/file/b13ce6179417dddff91e37fa3fed298f046a1cc2786a0f5c834f71d2b84751d0/detection

erikskite.fun
nasaprodu.fun
gcdnbabl3png.erikskite.fun

# Reference: https://www.intrinsec.com/wp-content/uploads/2023/10/TLP-CLEAR-Lumma-Stealer-EN-Information-report.pdf
# Reference: https://otx.alienvault.com/pulse/6531428c62ae987b76cc3191

gstatic-service.io
lumma.online
lumma.site

# Reference: https://www.virustotal.com/gui/file/493c87f0fd2fd648d190520b293db61ca612965b6d446352dbf1072164b4e8a7/detection
# Reference: https://www.virustotal.com/gui/file/0796818dc3510e88a966f0aaacd201ba162c46e0bc0f7c670ffbd43df485f5a7/detection

http://85.209.11.204
hackermania.org
/api/files/client/s51
/api/files/client/s52
/api/files/client/s53
/api/files/client/s54

# Reference: https://www.virustotal.com/gui/file/318b4327dcbdff36cb1b5bd2eaa1b08e6f3da93a136656cd301fd6967f790f9e/detection

http://135.181.11.36

# Reference: https://twitter.com/gothburz/status/1727652849008472312
# Reference: https://app.any.run/tasks/dd323037-05ea-4581-9a95-e22519ecc05e/

africathrillthes.pw

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-12-01-v10477/1174
# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-03)

http://5.42.92.179
http://95.217.74.243
2311forget.online
accouncementdivecane.site
acidevenstrisj.pw
activitymousetaitrwws.fun
admplous.pw
albumerrorregisetep.pw
analysisswellenterw.fun
angerprofeessoa.pw
assignmentfinalyy.pw
awareforcemouthwjji.fun
baitbillioledbel.pw
banananationalists.pw
baseballherdowf.fun
baseballleadrwio.pw
beachterminaldiff.fun
beenovelskilleoiw.pw
belongblowrelatefw.pw
betrareptileplas.pw
braidfadefriendklypk.site
brickabsorptiondullyi.site
buffettrickopsd.pw
cakecoldsplurgrewe.pw
carpetcupboardtejjerew.site
carvewomanflavourwop.site
castlesideopwas.pw 
chairtrainlineadju.pw
cherryopposedii.pw
cinemaretailermkw.fun
climbavantgardefe.fun
coldcoercekowja.fun
combpoplaurap.pw
communicationinchoicer.site
communicationpalaoow.pw
conceptcallewrige.pw
confineconcertjuuioa.fun
conservationsownk.pw
conventionleaflew.pw
cooperatecliqueobstac.site
crisisestimatehealtwh.site
cropfemininedynam.pw
crudeleavelegendew.fun
dancenegotiationffi.pw
dayfarrichjwclik.fun
declineconclusioniwo.pw
definefolkeloi.pw
deletefateoow.pw
delivernoteturnwjkl.fun
diagramfiremonkeyowwa.fun
discriminationcagerf.pw
dominantwidthwuiw.fun
downloads.media-talk.ru
drilledtonerconc.pw
droppicches.xyz
effluxcoltural.pw
eliminatechemistrywj.fun
ensurerecommendedd.pw
episodeterrifylat.pw
factorxharasswe.pw
fanlumpactiras.pw
fashionlazynavyresewg.site
flatmourningdressow.pw
fleetconsciousnessjuiw.site
floozielyhowevermist.pw
flowseasonallissoo.pw
formansnappybel.pw
fortunedomerussea.pw
fowlcirlenospp.pw
freckletropsao.pw
frighteninflatejuwi.pw
funeralmaximumjsju.pw
gatelistcoldyeisa.pw
gearboomchocolateowfs.site
geminiflattyord.pw
glovesslave.fun
godlawyerfeelkw.fun
gracecassettecretw.pw
healdieplayeriw.fun
hearpoundesweety.pw
hemispheredonkkl.pw
hotcowerrecoreeew.fun
idealruinrewardesw.fun
issuefightgreetw.fun
laborermemorandumjes.pw
lawitemymodelefr.pw
leaffountainla.fun
lendremindcenterpassew.site
likehulkinggera.pw
limitedconvertjiw.pw
linearcarerefs.pw
lingerescapecleanwja.fun
loogsporus.pw
macaronnicoccker.pw
magazineaccountantw.fun
makegreatagaintwwi.fun
managertraditionwjua.fun
massagemotipoole.pw
meayyammgaterre.pw
media-talk.ru
medicinebuckerrysa.pw
medicinefixlowop.pw
missileverdictwj.fun
moodanvoterowklam.fun
musclechannelnomi.pw
musclefarelongea.pw
neighborhoodfeelsa.fun
neutralpastureop.pw
nz.voicechangeai.pro
occupytapsessijk.pw
offerdelicateros.pw
onsciouosoepewmausj.site
opposesicknessopw.pw
ownerbuffersuperw.pw
payfrecklematurei.pw
perceivedomerusp.pw
personalpromiseo.fun
piggepawneillusio.pw
pinkipinevazzey.pw
platteryippejkomaf.pw
politefrightenpowoa.pw
portionetensioaw.pw
possibilitydespaw.pw
quitstrikesizeowo.pw
racerecessionrestrai.site
ratefacilityframw.fun
refereealivewhu.fun
referralpublicationjk.pw
refusemiserableofka.fun
resortredrobenris.pw
respectablegirlwfwa.fun
retainfactorypunishjkw.site
reviveincapablewew.pw
ribbonfolkcrownyy.pw
roomsodiumdependew.pw
rosemoonsleeptoe.pw
ruleborderdynamiciw.pw
saffronmontybrisk.pw
scanintegrutybatowss.pw
secondrailroadoikj.pw
sentimentprecisio.fun
settlehillcanne.pw
showerreigerniop.pw
showpumpkicartsl.pw
silveraquariumjwu.fun
skipflowposses.pw
slabbymenusportef.pw
slantrearperiosdew.pw
smoothawarescreenyo.pw
societylaboratoryuw.pw
sofacalendareffewx.fun
soupinterestoe.fun
speakeminoritetea.pw
spontaneouslightss.fun
stabsicknessord.pw
suburbmeetabuseowp.pw
suppresssectionje.pw
swarmseasonbuckoo.pw
tankqueueipjsh.pw
tarantulamalaguenrr.pw
territoryrequersp.pw
thinkroarseso.pw
tidecharityhouseow.fun
tidyrespectexpow.fun
tropicanimjrka.pw
troubleexemptioni.pw
turkeyjoystickesp.pw
unawarealarmtwinjje.pw
vesselspeedcrosswakew.site
wakereviewhuwee.pw
wantpiecesoftef.pw
willpoweragreebokkskiew.site
wriggleregisterycos.pw
xpencildiscussiio.pw

# Reference: https://twitter.com/RedDrip7/status/1734513423545720913
# Reference: https://ti.qianxin.com/blog/articles/UTG-Q-003-Supply-Chain-Poisoning-of-7ZIP-on-the-Microsoft-App-Store-EN/
# Reference: https://raw.githubusercontent.com/RedDrip7/APT_Digital_Weapon/master/UTG-Q-003/UTG-Q-003_hash.md
# Reference: https://otx.alienvault.com/pulse/657898bb7319baba70af7f94

50kmovie.com
alosevera.fun
azwin.top
bcca.kr
brolink2s.site
broworker7s.com
browserneedupdate.com
captionhost.net
creatologics.com
danesh-gah.sbs
deputadojoaodaniel.com.br
dns.gobobby.life
download7z-soft.xyz
exe.foxpro.top
foxpro.top
gendalf.top
gobobby.life
gry.gendalf.top
gusel.mom
imagefilestorage.top
jjj.ustrun.top
kar.azwin.top
leanbiome-leanbioome.com
linta.software
mazerah.fun
my.gusel.mom
nallcentrlizeqweq.fun
nalosevera.fun
nbakedmatela.fun
nbrolink2s.site
nbroworker7s.com
nbrowserneedupdate.com
nbulletforx.fun
nduhodown.fun
nexe.foxpro.top
nfeathspacesaf.fun
ngry.gendalf.top
nh2o.activebuy.top
nhawsteamjoak.fun
nhi.salam.monster
nhowlcars.fun
nimagefilestorage.top
njjj.ustrun.top
nkar.azwin.top
nmazerah.fun
nmy.gusel.mom
nnoo.egogol.top
nop.topina.top
nplengreg.fun
nrosaryconbo.fun
nsec.estimate.top
ntak.soydet.top
ntop.toppe.top
ntu.trainlove.monster
nvzz.skitech.top
op.topina.top
opwer.top
skitech.top
topina.top
ustrun.top
vzz.skitech.top
zuripvp.tk

# Reference: https://twitter.com/Syndikalist/status/1734493554691514586

enzvoiceaichanger.site

# Reference: https://twitter.com/g0njxa/status/1735571631789969411
# Reference: https://app.any.run/tasks/3ae62135-57be-4047-b5df-88beea8cae70/

voicechangeai.pro
dz.voicechangeai.pro
ns.voicechangeai.pro
nz.voicechangeai.pro

# Reference: https://twitter.com/g0njxa/status/1737123594054906114
# Reference: https://www.virustotal.com/gui/domain/sergiocostantino.com/relations

sergiocostantino.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2023-12-23)

http://91.92.253.220
absorbbiblowskinj.fun
advancefishexeedw.pw
advertiseshotdecaywi.pw
angerbumpyardee.pw
arresthorrodrw.fun
attachmentartikidw.fun
attyclaim.com
betstamprareempiewa.fun
blastechohackopeower.pw
bombertublestylebanws.fun
breakfastchanneljw.fun
caneclothesdriverhen.pw
captivatechimpanzeef.fun
carstirgapcheatdeposwte.pw
chincenterblandwka.pw
claimpassivedebatw.pw
coastperfumeoslan.fun
conferenctdressingshrw.site
combinethemepiggerygoj.site
copyrightspareddcitwew.site
couragedistributeoeo.pw
creepfleetconfusew.fun
cruelslumpeeris.pw
cupaffordcathedralk.fun
cuttingcoachrecovr.pw
differentliftwelanew.fun
dragonporterloudjettyw.site
dreamtelevisiongues.fun
driftpasssingeriuw.pw
ed.softaipro.fun
en.voiceaichanger.pro
ena.voiceaichanger.pro
ena.voiceaichanger.store
ens.voiceaichanger.site
enz.voiceaichanger.site
eternalchopflattyo.fun
evokenumberpottruckere.fun
expenditureddisumilarwo.site
falsifydisappearsoaeka.pw
familiardvotecheapw.pw
feedbackspidermate.fun
fitnescivilianquesw.pw
folkloreinviteex.pw
froggraduategravi.fun
goddirtybrilliancece.fun
groannysoapblockedstiw.site
illusionqualifiedj.fun
insertrichdedicatewa.pw
interactivetreadrel.fun
jewelassertivebop.fun
kitchenfootballkiw.fun
lipstructorymusclewow.fun
makeexpectentrypon.pw
maskmusicalproplemanw.pw
mixperiodfrienndy.fun
mountainlegislaturel.pw
muggymidnightleanuu.fun
necklacecasecauseowa.fun
nestpatchfillfavo.fun
ownerteztapplicatiow.pw
paperambiguonusphoterew.site
pedestriankididentityw.fun
pickbeatmoduleprefer.pw
playerweighmailydailew.pw
preferencesubwaywad.fun
premiums.voiceaichanger.pro
promo.voiceaichanger.pro
qualifiedbehaviorrykej.site
ranchguarrelguidewa.pw
rarevaluediscow.fun
realitysocialiolee.site
recessionconceptjetwe.pw
representrecyclere.pw
revivalconflictgrippe.site
ritualaccidentrepu.fun
sideindexfollowragelrew.pw
solutionoutlineplaint.fun
speedslumpachierew.fun
stereotypebushexch.fun
subwayspellprotiso.fun
surfsponsorjun.pw
tablesockartfinewa.pw
teardesertfreewo.fun
technologyprosecutiw.pw
testifypiecefarst.fun
theoristnationalprow.fun
tollactionancestorw.pw
transparenteunlawfullyp.site
twinconstellationjkal.fun
underlinefreeapearew.fun
vegatablebeacjinser.fun
viewconceivegiw.fun
virtuereplacerentj.fun
voiceai.attyclaim.com
voiceaichanger.pro
voiceaichanger.store
weedpairfolkloredheryw.site
winnerparagrapdierw.fun
winterrescueplwo.pw
worrystitchsounddywuwp.site
voice.k7pw.com
voiceai.linkedsl.com

# Reference: https://twitter.com/g0njxa/status/1738890509404238017
# Reference: https://app.any.run/tasks/0dedb8f0-0d83-4360-add0-129319875738/

agedelayglacierwe.pw

# Reference: https://www.virustotal.com/gui/file/3715487205bd663c45a2cd4cf85a0a73183a20960d126e8ed3a461ef837c4144/detection

ntdll-update-connect.com

# Reference: https://twitter.com/kienbigmummy/status/1744582708045717901
# Reference: https://www.virustotal.com/gui/file/92b768cf585a5fa46bb9b86e9acec71ad56e4b2b93cc0e77f88da2cdb852dd7c/detection
# Reference: https://www.virustotal.com/gui/file/aa5c2e2376a44428339d1a91f5a48129a15271bb344e46b23fc76468000af67f/detection

build-villa.io.vn

# Reference: https://twitter.com/Syndikalist/status/1744772300946170119

voicechangeai.online
promos.voicechangeai.online
voiceai.electronicweldingcolombia.com

# Reference: https://www.virustotal.com/gui/file/7f44b17f4d1437f97e80e7f372f7b11db0ab21a7658d8521622ac68014014bd7/detection

copyexpertisesausewaverw.site

# Reference: https://www.virustotal.com/gui/file/16d52767bb629f7e84e2c4d770c844987366e9f5d36b52c5e68dea53e6a350be/detection

contextsuffreintymore.fun

# Reference: https://www.virustotal.com/gui/file/e7583882961b541180ce58c3c839fb57e80e467407cd4b2cc7d3ec039a220b62/detection

demonstratorleasheropw.site

# Reference: https://twitter.com/g0njxa/status/1751329389994721780

voicechangeai.online
premiums.voicechangeai.online
promo.voicechangeai.online
promos.voicechangeai.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-01-30)

http://185.172.128.154
absentconvicsjawun.shop
acquisitionfinancej.shop
affordcharmcropwo.shop
alcojoldwograpciw.shop
assaultseekwoodywod.pw
associationokeo.shop
auctiondecadecontaii.shop
baketransparentadw.pics
banquetmasteryfailurw.site
beaturifuelministyuowwas.site
benddiscoleideasbridrew.site
birdvigorousedetertyw.shop
bleednumberrottern.homes
bordersoarmanusjuw.shop
brakesummitfiightre.pics
circulatejobspontane.shop
claimconcessionrebe.shop
cleartotalfisherwo.shop
colorfulequalugliess.shop
combinationconventiwov.shop
communicationgenerwo.shop
consciouosoepewmausj.site
controlopposedcallyo.shop
culturesketchfinanciall.shop
deadpanstupiddyjjuwk.shop
demonstationfukewko.shop
despairphtsograpgp.shop
detectordiscusser.shop
developmentalveiop.homes
diskretainvigorousiw.shop
dismissalcylinderhostw.shop
donorwifeconfusionstronko.site
doonwload.fun
doughmebinnybunio.shop
economicscreateojsu.shop
edurestunningcrackyow.fun
enthusiasimtitleow.shop
entitlementappwo.shop
essayinterventiondepof.site
evokeoutlooklits.shop
executivebrakeji.shop
exemptatmospherestingw.site
exitassumebangpastcone.shop
feturepoudbicchteo.shop
flexibleagttypoceo.shop
gemcreedarticulateod.shop
greetclassifytalk.shop
healthrankunderow.fun
hovermeatglacierrjuw.site
hunterstrawmersp.homes
incredibleextedwj.shop
inviteaccessiblesaltw.shop
joystickempiricalhirpw.site
knonkcdalfyhitt.shop
landgateindirectdangre.shop
lawwormroleveinn.mom
legislationdictater.mom
liabilityarrangemenyit.shop
liabilitynighstjsko.shop
lighterepisodeheighte.fun
mealplayerpreceodsju.shop
medalappearancerackw.shop
mercyaloofprincipleo.pics
modernizepledgeoi.shop
modestessayevenmilwek.shop
mosaicyoungoccasionnyej.site
muggierdragstemmio.fun
nationalistvetecanve.shop
negliganceassumeruew.site
offerimagefancine.shop
offsetundressdriveryjow.site
oneclickyporkeiw.fun
pavementpreferencewjiao.site
peasanthovecapspll.shop
pillowbrocccolipe.shop
pooreveningfuseor.pw
problemregardybuiwo.fun
productivelookewr.shop
publishfavorharbouroe.site
pushjellysingeywus.shop
radicalleafletmissfoxw.pw
reechoingkaolizationp.fun
rejectbettysmartws.shop
relevantvoicelesskw.shop
resergvearyinitiani.shop
sayleafletcamerakwov.site
scrapedirtyieoqk.shop
secretionsuitcasenioise.shop
sessionannoucemenwj.shop
shatterbreathepsw.shop
shortsvelventysjo.shop
smilesnugglemonstouseo.site
sofahuntingslidedine.shop
spokespersonunjuriwo.shop
stamprollabbeymemberw.site
suitcaseacanehalk.shop
technologyenterdo.shop
telldruggcommitetter.shop
theatergenerationju.shop
tolerateilusidjukl.shop
tonguehypnothesislan.shop
townsfolkhiwoeko.fun
triangleseasonbenchwj.shop
turkeyunlikelyofw.shop
tvoikcloud.pw
updaterootapplederjuios.site
vatleaflettrusteeooj.shop
wifeplasterbakewis.shop
worryfillvolcawoi.shop

# Reference: https://www.virustotal.com/gui/file/137aaf991507d90ad86343ea960b798f349504fcbdc3b004ffd9a50366b6c1b9/detection

fantasticabnormally.shop

# Reference: https://www.virustotal.com/gui/file/d83706c6ce5817a7d854e17b99d92d4027fa5b2c960fdb7886b46169ed1e3e06/detection

xm8wyk.site

# Reference: https://twitter.com/1ZRR4H/status/1763013383152976352

trendspider.dev

# Reference: https://www.virustotal.com/gui/file/cc153440791a534326d7c57871f9443b533b4cbeb4b693df58ce9b6ef137cc62/detection

decorousnumerousieo.shop

# Reference: https://www.virustotal.com/gui/file/13878fa249e211d6fe9a3fe49ad570829217e9a75f50fcdd268dc7a6bd1ab5c7/detection

herdbescuitinjurywu.shop
resergvearyinitiani.shop
wisemassiveharmonious.shop

# Reference: https://www.virustotal.com/gui/file/0cb6c879f21d799ecb3907bbe42f34ca7269881658217191f9ce002e74838d8f/detection

asleepfulltytarrtw.shop
colorfulequalugliess.shop
relevantvoicelesskw.shop

# Reference: https://www.virustotal.com/gui/file/9cf7055ad997b7e0371677517b350e69d6dc0500a60e0ca138630e3db496d89b/detection

prematuresolvehumoew.shop

# Reference: https://www.virustotal.com/gui/file/2ba044c9cb003579926f4bc9cb21d0e8e022665546b9fd7c17d9615c176e03d0/detection

wagechaircoupessaywu.shop

# Reference: https://www.virustotal.com/gui/file/2b1039f5409827b3452a6d2c98879b7b5be243f8943bc54237fd10d97af37399/detection

paintercrutcheniw.shop

# Reference: https://www.virustotal.com/gui/file/14090631957ac88ddf886e446d1dcbce90befa7cb8040bf0c858ae6211d5c738/detection

wagonglidemonkywo.shop

# Reference: https://www.virustotal.com/gui/file/0279f6fced0275c1da4efe62b25d58249e7f7748ce9363a1e01b5156c3a8b845/detection
# Reference: https://www.virustotal.com/gui/file/f619065e3de7a25c808af62b9c3a49934a6a93999361f9ad3e2fe9f50f73c2d6/detection

directorryversionyju.shop
respectpitchadopwo.shop

# Reference: https://www.virustotal.com/gui/file/7dbd19ece9d099c65970625b4b3b1b663d538a80da98ed49e05a71341c9f4e56/detection
# Reference: https://www.virustotal.com/gui/file/1bd1837f2fc67064877eb9391c44c3c6709fcf7301cabad0ad1c9b4cab840200/detection

awardlandscareposiw.shop
sailsystemeyeusjw.shop

# Reference: https://www.virustotal.com/gui/file/98f6ecc60e016311511ce920220598b33eb9671e7c71254e76d638d0f2a45883/detection

abuselinenaidwjuew.shop
birdpenallitysydw.shop
cinemaclinicttanwk.shop
colorprioritytubbew.shop
officiallongberyw.shop

# Reference: https://twitter.com/karol_paciorek/status/1780582512596566337
# Reference: https://tria.ge/240417-psw94afb88/behavioral1
# Reference: https://www.virustotal.com/gui/file/09ffc4188bf11bf059b616491fcb8a09a474901581f46ec7f2c350fbda4e1e1c/detection

http://85.239.53.219

# Reference: https://twitter.com/r3dbU7z/status/1782383162116436436
# Reference: https://www.virustotal.com/gui/file/24de10a6c677345b927d2c84f8f58a6fb3918ae9efe64504dc94da887fbed3cb/detection

meadowannivejrsary.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-05-07)

auctiongutollyjkui.shop
democraticseekysiwo.shop
harassretunrstiwo.shop
hearthingdirecwi.shop
palmeventeryjusk.shop
peanuearthflaxes.shop
public-ftp.com
strollheavengwu.shop

# Reference: https://x.com/Threat_Down/status/1791912008746430748

stiffraspyofkwsl.shop
zocmstranslate.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-05-28)

acceptabledcooeprs.shop
appetitesallooonsj.shop
averageaattractiionsl.shop
babycandidateoswp.shop
boredimperissvieos.shop
buttockdecarderwiso.shop
civilianurinedtsraov.shop
employeedscratshj.shop
employhabragaomlsp.shop
femininiespywageg.shop
headraisepresidensu.shop
holicisticscrarws.shop
lineagelasserytailsd.shop
miniaturefinerninewjs.shop
minorittyeffeoos.shop
museumtespaceorsp.shop
obsceneclassyjuwks.shop
plaintediousidowsko.shop
prideconstituiiosjk.shop
roomabolishsnifftwk.shop
sloganprogrevidefkso.shop
smallelementyjdui.shop
sofaprivateawarderysj.shop
stalfbaclcalorieeis.shop
sweetsquarediaslw.shop
tendencyportionjsuk.shop
whispedwoodmoodsksl.shop
zippyfinickysofwps.shop

# Reference: https://www.virustotal.com/gui/file/e158171cee1cd932a42f0fc480644b6098e541108f0dab559d2b161a5daba63c/detection

slamcopynammeks.shop

# Reference: https://www.esentire.com/blog/fake-browser-updates-delivering-bitrat-and-lumma-stealer

accountasifkwosov.shop

# Reference: https://www.virustotal.com/gui/file/39345b9dc44db0aec3ceb63efa9f4b0bb74753da4fa421745acff9835f50debc/detection

considerrycurrentyws.shop
deprivedrinkyfaiir.shop
detailbaconroollyws.shop
horsedwollfedrwos.shop
messtimetabledkolvk.shop
patternapplauderw.shop
relaxtionflouwerwi.shop
understanndtytonyguw.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-06-18)

additionmarriagefoewsv.shop
adoptionalbumgesw.shop
allowbloodythinkews.shop
antiuncontemporary.fun
appliedgrandyjuiw.shop
arrangementyforumekw.shop
assumptionflattyou.shop
audiencegafferokkow.shop
baresoakopiniocowe.fun
bettynoticecovej.shop
bicyclesunhygenico.fun
biographyfirmtrisie.shop
blastoporicwoff.fun
bowelunitrydoorsko.shop
breakdecisiveexpandw.fun
bremenessverdurewas.fun
brickbrothjorkyooe.shop
burnfamesoilratewo.shop
cassetteprodueiwo.shop
catlackjellyodwps.shop
cattilecodereowop.pw
chokepopilarvirusew.shop
chunkylopsidedwos.shop
churchemipircasowl.shop
clientgirlfrienddyjw.shop
comedyhorizonbedwus.shop
competitionpooleow.shop
computerfuneralljwu.shop
conceptionextortyosw.shop
concessionofsellerwo.shop
convictionpartyeokwi.shop
corruptioncrackywosp.shop
counterrailcrwu.shop
declarationlastyj.shop
declineforntyuekw.shop
demonstratedesighw.shop
descriptionappleoj.shop
diamondarrivallyowju.shop
disagreemenywyws.shop
disgustedsorryeedi.shop
distributopsuoprs.shop
divosrcemusemutati.shop
drilmoralwandreowpops.shop
economelogainyjusk.shop
elizgerls.pw
ensureclackexcatwi.shop
exceptionwillapews.shop
executrixrangedcoew.fun
explocommisiowsa.shop
explodesaildecksatt.shop
favourlegislatureduei.shop
fieldtrollyeowskwe.shop
fikkeropendorwiw.pw
fireplacecheckwi.shop
fishboatnurrybeauti.fun
fixturewordbakewos.shop
footflexibleacts.shop
forknegotationaow.shop
fossillandscapefewkew.site
fragmentyperspowp.shop
gameteamfinder.com
geneticsockkdwlsaw.shop
glossydecentjuskwos.shop
goodlocka.pw
grazeinnocenttyyek.shop
greenbowelsustainny.fun
guhomush.pw
handbreeadretwaiw.shop
hushedsombkereos.shop
improvisersmissionjuw.fun
interferencesandyshiw.shop
ironshottallinko.fun
isotrimorphicnongrasse.shop
jewelbasinfrankywoi.shop
jobbyshysinduksowp.shop
joblkessprosgeow.shop
kitchenreviewbewrwsa.shop
legatorypluralishrtw.shop
libertyliebindywv.shop
lightsecretatylattew.shop
likelysoarastonishiow.shop
listenmoutioncow.shop
marchsensedjurkey.shop
mazefearcontainujsy.shop
mazumaponyanthus.fun
mealroomrallpassiveer.shop
methodgreenglassdatw.shop
mutterunlikelyoo.shop
neddlepyramidfunnyjok.fun
negotitatiojdsuktoos.shop
newspaperpotatoju.shop
nimkishraddedrew.shop
noduscheatscake.fun
onebiogopwdsa.site
orbitpettystudio.fun
paininsrertymarshwke.shop
palacetilecomplew.shop
peanutclutchlowwow.shop
pearcyworkeronej.shop
penetratedworrsyw.shop
phobicgiddyfivverr.shop
pielumchalotpostwo.fun
pilothardwarreodsi.shop
pioneerframeoakchew.fun
plasterdaughejsijuk.shop
poledoverglazedkilio.shop
pollutiofactwoijk.shop
portaircoveragejsuk.shop
practicalcoherentt.shop
preachbusstyoiwo.shop
preciousenviouskakei.shop
premeritwallyoko.fun
preocucupationssk.shop
prescriptionstorageag.fun
presencewineonnyui.shop
princeaccessiblepo.shop
pumpedcalmdeadpannkow.shop
pumpkindribblewo.shop
punchtelephoneverdi.store
purefinishonerbrothsjke.shop
questbehavixoporpo.shop
questionconservawuts.shop
quitdigitalplatforwi.shop
rankrandomotherwjsui.shop
recognizestainsw.shop
refundemobxyyeols.shop
regardvelvettynerverf.site
revisedrinkslappyoowi.shop
rightchampionieo.shop
rocketmusclesksj.shop
roleprofittypleasw.shop
roundpolechildryowjv.shop
routinecontoradwjsk.shop
rugbysummerosodnwu.shop
samplepoisonbarryntj.shop
scandalbasketballoe.shop
scshemevalleywelferw.site
seasonaldemonstradojs.shop
sermonundressolcow.shop
simplicitynegotiatiw.shop
smallrabbitcrossing.site
snuggleapplicationswo.fun
souptapedentisttactiwe.shop
speedparticipatewo.shop
steadfastvaluabelywomo.shop
stingmisplacedelivrrw.shop
strainriskpropos.store
stripmarrystresew.shop
superiorhardwaerw.pw
surprisemakedjukenw.shop
surpriserangeloggypo.fun
survivalpersisttww.shop
sustentatorcoagulat.fun
syncarpiajanapiom.fun
tearfulbashfulow.shop
telephoneverdictyow.site
televisionstudiowmmj.shop
templecharteredowis.shop
textureshallodsjk.shop
theoryapparatusjuko.fun
thinrecordsunrjisow.pw
ticketgradiencomfj.shop
tigerrfunerlariro.shop
tropicalironexpressiw.shop
tubewelfaredopw.shop
uncertaintyrestsju.shop
unexaminablespectrall.fun
unhappytidydryypwto.shop
valuablestraigwhi.shop
varianntyfeecterd.shop
vehicledropliberwls.shop
villagemagneticcsa.fun
voicelighterrrepso.shop
warmstrawcounwyhj.shop
warningindicationsjw.shop
wastwfulldashiwnjs.shop
woodfeetumhblefepoj.shop

# Reference: https://www.virustotal.com/gui/file/9cf43d480f6319717934b1a3f97682a4454c1742e2409aa416ba719e606c34ca/detection
# Reference: https://www.virustotal.com/gui/file/c3a9ab0fbf5cbbec8e2c28a168d8f0c485f6cfa9fddd046c94f4704453ee85ee/detection

falseaudiencekd.shop
feighminoritsjda.shop
justifycanddidatewd.shop
marathonbeedksow.shop
pleasurenarrowsdla.shop
raiseboltskdlwpow.shop
richardflorespoew.shop
strwawrunnygjwu.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-06-22)

accumulationeyerwos.shop
backcreammykiel.shop
bargainnygroandjwk.shop
computerexcudesp.shop
disappointcredisotw.shop
doughtdrillyksow.shop
facilitycoursedw.shop
injurypiggyoewirog.shop
leafcalfconflcitw.shop
publicitycharetew.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-06-24-v10626/1760

ablesulkyfirstyews.shop
composepayyersellew.shop
quotakickerrywos.shop
sailorshelfquids.shop

# Reference: https://www.virustotal.com/gui/file/b299a5c40aaff914b314965d62efcf15417a0b55ef641e947e608159bd6c6f9f/detection
# Reference: https://www.virustotal.com/gui/file/15adb154e14f3368db25bce7e45b756391ad9982d2af0687f56cc9a99527cd98/detection

http://91.92.248.132

# Reference: https://x.com/vxremalware/status/1807287716188422443

77.105.135.107:3445
contintnetksows.shop
foodypannyjsud.shop
groundsmooors.shop
potterryisiw.shop
reinforcedirectorywd.shop

# Reference: https://www.virustotal.com/gui/file/004aba94049326997a5effb611dc3fd88b1669fe2a311630bc61138aa728698d/detection

professionalresources.pw

# Reference: https://www.virustotal.com/gui/file/b357c7f065b1cb7f07c91097794424d1aecb6356893798eb4a6ee138ee87bfa0/detection

affecthorsedpo.shop
answerrsdo.shop
bannngwko.shop
bargainnykwo.shop
benchillppwo.shop
bouncedgowp.shop
publicitttyps.shop
radiationnopp.shop
stationacutwo.shop
willingyhollowsk.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-10)

applyzxcksdia.shop
arritswpoewroso.shop
arriveoxpzxo.shop
assignmentygassdyw.shop
begghurldids.shop
bindceasdiwozx.shop
bitchsafettyudjwu.shop
bittercoldzzdwu.shop
catchddkxozvp.shop
charmingtranskw.xyz
civilizzzationo.shop
conformfucdioz.shop
contemplateodszsv.shop
declaredczxi.shop
extorteauhhwigw.shop
invisibledovereats.shop
lyingchemicow.shop
piedsiggnycliquieaw.shop
replacedoxcjzp.shop
requestyex.shop
respectabledpcs.shop
unwielldyzpwo.shop

# Reference: https://x.com/malwrhunterteam/status/1814013663453581342
# Reference: https://www.virustotal.com/gui/file/22bcd32874d4c2b4be760f06820be1e02e97d886249a9b1db51c61a247cf685e/detection

callosallsaospz.shop
flydryszxo.shop
indexterityszcoxp.shop
lariatedzugspd.shop
liernessfornicsa.shop
outpointsozp.shop
shepherdlyopzc.shop
unseaffarignsk.shop
upknittsoappz.shop

# Reference: https://www.virustotal.com/gui/file/0a18067c173a7c4bdc24b8d3a847814b30733cecfdcc305c431a3d1fcc322536/detection

freezetdopzx.shop

# Reference: https://x.com/malwrhunterteam/status/1815460941791981820
# Reference: https://www.virustotal.com/gui/file/b7971b5d452939405cfb8db0ef47e5c83b6747c8a210d59637b0ac469c5ca5df/detection

accessibledpzp.shop
assetdistribution.info
pwarticles.xyz
contur2fa.assetdistribution.info
ctura.assetdistribution.info

# Reference: https://www.virustotal.com/gui/file/f101c64d3b5435c00af570e23a3ef274ec7a86bdc17e6a48b6e76b955c252db4/detection

enormousseop.shop

# Reference: https://x.com/9823f_/status/1815764911630258188
# Reference: https://x.com/9823f_/status/1815764966529536454

deal48441.shop
deal8382.shop
deal8409.shop
deal9401.shop
deliveconf.shop
eu-info.shop
evoga.shop
geetpaag.shop
holabueenoss.shop
neworders-351251.shop
offer-8231.shop
offer-secure.shop
offer5678.shop
offer5893.shop
offer7610.shop
offer7821.shop
offer78231.shop
offer8917.shop
offer8943.shop
ppulsepedlrr.shop
safeespanio.shop
saxzczx.shop
verificacion.shop
xcholasays.shop

# Reference: https://www.virustotal.com/gui/file/a18fb5ee523e9e8894fb9075b5fa0781f40140a6bf4605feb081c5de008b337c/detection

chapterrysopz.shop
wikifacts.pro
edal.wikifacts.pro

# Reference: https://www.virustotal.com/gui/file/6df0c27c9b7346fcfd227ace641a6bbc9f1a2a86e19a1f8c82813c55094cdcd2/detection

rightruesx.shop

# Reference: https://www.virustotal.com/gui/file/5aeed0daa0d8ec420c31282257c7cb8286eb5a150d53b60c7698949923c557be/detection

mundannetransuq.shop

# Reference: https://www.virustotal.com/gui/file/3881d55ece7ce708ff46ff227d2fc43f8346b698859d32a1ef688625148309e3/detection

condar.wikifacts.pro

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-23)

bigmouthudiop.shop
movedwithdrwiaso.shop
overshootsizx.shop
spackledzpxs.shop
whangeeeerodpz.shop

# Reference: https://x.com/1ZRR4H/status/1816022666232373649
# Reference: https://www.virustotal.com/gui/file/893ab38214561c3c6ce16587533a9053f18769db11a1a4b999cb4c0bf0f5552d/detection

warrantelespsz.shop

# Reference: https://www.virustotal.com/gui/file/2aa3c7ed83a905ab7161635b95e97ce757e4e1c74e6922c8f4bc0cfc8ac26995/detection
# Reference: https://www.virustotal.com/gui/file/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34/detection

aplointexhausdh.xyz
compilecoppydkewsw.xyz
depositybounceddwk.xyz
exertcreatedadnndjw.xyz
gloomopiniosnforuw.xyz
manufactiredowreachhd.xyz
oventoolyeditiiow.xyz
panameradovkews.xyz
proffyrobharborye.xyz
slammyslideplanntywks.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-07-26)

beatablydoxzcop.shop
closedjuruwk.shop
importancedopz.shop
spliceszongsop.shop
trobulepcatoa.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-07-26-v10654/1853

advertisedszp.shop
bravedreacisopm.shop
broccoltisop.shop
disappearsodsz.shop
effectivedoxzj.shop
grassytaisol.shop
horizonvxjis.shop
importancedopz.shop
parntorpkxzlp.shop
shellfyyousdjz.shop
spliceszongsop.shop
stimultaionsppzv.shop
teentytinyjeo.shop

# Reference: https://x.com/r3dbU7z/status/1817607423890231742
# Reference: https://www.virustotal.com/gui/file/dcd0823f72d6a145fb9acfbb6f2e4885b3e6fca6dc76f1476bd0c5431ae15ff4/detection
# Reference: https://www.virustotal.com/gui/file/9ef975e93768f270dfb2923e1848ac26d98789ffdf4fb7f9785e2a4260a32cdb/detection
# Reference: https://www.virustotal.com/gui/file/015a04303ee4a925095311e60593fa100951986713324c118d067684d6dd5787/detection

15.197.192.55:1775
185.172.129.25:1775
188.40.187.174:1775
ftpclienter.com
kgeyscaqeacwaccu.xyz
kmiigggyqiwkeeci.xyz
scqekwyoswaguuyo.xyz
skssoeqouussusyi.xyz
uamgayumeqmwemas.xyz
ugmkmoigiimgmaaw.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-07-30-v10656/1858

ammycanedpors.shop
chequedxmznp.shop
dividenntyss.shop
egorepetiiiosn.shop
faceddullinhs.shop
illnesmunxkza.shop
paradexjdoa.shop
shelterryujxo.shop
shootydowtqosm.shop
supportyattraos.shop
triallyforwhgh.shop

# Reference: https://research.checkpoint.com/2024/stargazers-ghost-network/

distincttangyflippan.shop
greentastellesqwm.shop
innerverdanytiresw.shop
lamentablegapingkwaq.shop
macabrecondfucews.shop
standingcomperewhitwo.shop
stickyyummyskiwffe.shop
sturdyregularrmsnhw.shop
vivaciousdqugilew.shop

# Reference: https://www.virustotal.com/gui/file/02a3c287a18f16c925ee19e4b13a4860b65fecb0d5e58b69b5f651e476f25ecf/detection

celosiapatroen.shop
flyyedreplacodp.shop
weaknessmznxo.shop

# Reference: https://www.virustotal.com/gui/file/087ca6e9485fd8fef25c435817ac6a42c0dccee7b2dbb84bd644183d6b11a768/detection

tenntysjuxmz.shop

# Reference: https://www.virustotal.com/gui/file/0ef487a74c9432e7664ac6dec0fe7227cef529f1f853f135551e77eb7ee1beb6/detection

toughsnxcmxz.shop

# Reference: https://x.com/malwrhunterteam/status/1821805570581508568
# Reference: https://www.virustotal.com/gui/file/a6d62490a4df493c01879c39214d91050885cedcdab2457d80da7cacf07d6f14/detection

assumedtribsosp.shop
boattyownerwrv.shop
budgetttysnzm.shop
chippyfroggsyhz.shop
creepydxzoxmj.shop
definitonizmnx.shop
empiredzmwnx.shop
rainbowmynsjn.shop
sulphurhsum.shop
ensetupoffice365.blob.core.windows.net
msoffice365help.blob.core.windows.net
setupmsoffice365.blob.core.windows.net

# Reference: https://www.virustotal.com/gui/file/25dd3a24daf65c9c3e8cdd6fe7d4e8e6b88c6dabd9dc5aeb486a628ec1250109/detection

unnaniomsuado.shop

# Reference: https://www.virustotal.com/gui/file/4d68bc04256f81a4997e189149a7185b2120828d918ade491a6428aaed3e6e48/detection

occurrmensipz.shop
outfittydadop.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-10)

http://195.211.97.9
ballottynsjm.shop
bannertastylbaoeow.xyz
bannybottomskp.shop
bassizcellskz.shop
celebratioopz.shop
citizencenturygoodwk.shop
clouddycuiomsnz.shop
complaintsipzzx.shop
deallerospfosu.shop
demandlinzei.shop
deviationknzm.shop
dirtdrawingjsi.shop
elephanntys.shop
enfixxysdjsip.shop
erdefendkzov.shop
fiondationkvowos.xyz
harmfullyelobardek.shop
hookybeamngwskow.xyz
hugedearwaxxysu.shop
kaminiasbbefow.shop
languagedscie.shop
libarraryspzm.shop
mennyudosirso.shop
nobledpcowep.shop
outfittisozm.shop
palacecirwoos.shop
pallmusksopzm.shop
quialitsuzoxm.shop
scannedunsop.shop
shinyearthtwio.shop
singerreasonnbasldd.xyz
solutionpxmuzo.shop
spitechallengddwlsv.xyz
surprisedscaledowp.xyz
technologggisp.shop
templerrysjzkp.shop
transformatiwosp.shop
varitycookypowerw.xyz
voyagedprivillywk.xyz
whimiscallysmmzn.shop
writerospzm.shop

# Reference: https://x.com/banthisguy9349/status/1824354073916641543

cagedwifedsozm.shop
charecteristicdxp.shop
consciousourwi.shop
deicedosmzj.shop
enthusiandsi.shop
incentiospzxm.shop
interactiedovspm.shop
paperryszjxuo.shop
potentioallykeos.shop
southedhiscuso.shop
torubleeodsmzo.shop
unenviousdxep.shop
weiggheticulop.shop

# Reference: https://x.com/BigDonTea/status/1824307613787410810
# Reference: https://www.virustotal.com/gui/file/8970909a790a15402cd11e7b737e2cd5c9b39b609bcd3e7122049f1665abc228/detection

cam-m1.b-cdn.net
campzips-v1.b-cdn.net
greetycruthsuo.shop

# Reference: https://www.virustotal.com/gui/file/02322c49b6a8cdffd4c65d22583f1ce3f9c5d0e20ff05fd413a362023ce64ee7/detection

pieddfreedinsu.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-18)

buccketpyspm.shop
circullateiosn.shop
comediantes.org
deadpannsjzvn.shop
disappointypsm.shop
excavtaionps.shop
fisstyconsumerosp.shop
futureddospzmvq.shop
meiddlesrsnzop.shop
revivewronggykwos.xyz
riffledopspzio.shop
sleipnirbrowser.org
trickysymptommysqu.xyz

# Reference: https://www.virustotal.com/gui/file/44f3785a638a44fc304e73faec31f19a7afcf6f0c3da7b9cedd2b31bc4ab56d4/detection

revivewronggykwos.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-19-v10669/1904

abandonnyskop.shop
episodepspzmp.shop
guuynsqpwsima.shop
polyctendizxcop.shop
sensitivyitszv.shop

# Reference: https://x.com/g0njxa/status/1826214880539505095
# Reference: https://app.any.run/tasks/58551a68-796b-4605-a3cd-566db979e409

dlvideosfre.click
ch3.dlvideosfre.click
check.dlvideosfre.click
verif.dlvideosfre.click

# Reference: https://www.virustotal.com/gui/file/0a40d445fa8d83d2b7019d692542148c8f17f07e5afd998e3c422a49f4df7d97/detection

miracledzmnqwui.shop

# Reference: https://x.com/RacWatchin8872/status/1826917893457559782

pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev

# Reference: https://www.virustotal.com/gui/file/67a0379932aa7f0fcd0544eec112c29632cb94c25026fb91f4660c9aa42d881d/detection

fictionnykwop.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-25)

a1000128.xsph.ru
absentjuks.shop
acceptconvectiiw.shop
asdasdadskewk.shop
barebrilliancedkoso.shop
berserkydosom.shop
biiishowpmsqi.shop
boillingyskop.shop
caffegclasiqwp.shop
clearrypalsidn.shop
condedqpwqm.shop
conferencefreckewl.shop
convincecandpsuwm.shop
cooperatvassquaidmew.xyz
cottageaskyflolewk.shop
craackypotsis.shop
crisisrottenyjs.xyz
cycasisicio.shop
deadtrainingactioniw.xyz
dependancedkzxkj.shop
discountdkgozxc.shop
discoverymaidykew.shop
discreetdramatricop.shop
drinnkysoapmzv.shop
dueamuggyshkowsv.shop
edificedcampds.shop
edificedcampslzi.shop
enthusiasmmskaso.shop
excellentdiwdu.shop
explorationcoerwk.shop
exporttearryliveedko.shop
exuberanttjdkwo.xyz
femininedspzmhu.shop
flourhishdiscovrw.shop
forymsweeelsm.shop
froytnewqowv.shop
grandcommonyktsju.xyz
haltconcrenrsi.shop
handyxczos.shop
instructionpxjc.shop
jazztgratizecnagnek.xyz
juniirsoow.shop
knowwnysipm.shop
landdumpycolorwskfw.shop
latesttributedowps.shop
liabiliytshareodlkv.shop
locatedblsoqp.shop
markerryshewi.shop
meannypaintipp.shop
millyscroqwp.shop
notoriousdcellkw.shop
ohfantasyproclaiwlo.shop
onionoowzwqm.shop
parallelmercywksoffw.shop
partyyeisdo.shop
playerstomachbwlle.shop
prettilikeopwp.shop
qualificationjdwko.xyz
readdyloopyeow.shop
reluctancedopmxz.shop
salesperosominsid.shop
scenarriotdpq.shop
secretiveonnicuw.shop
separateedmsqj.shop
sinceregianntykuso.shop
snaillymarriaggew.shop
spinedpriceodqp.shop
spoortsiso.shop
stagedchheiqwo.shop
stamppreewntnq.shop
striphousdingkolewp.shop
stronggemateraislw.shop
survivedosaz.shop
sweetcalcutangkdow.xyz
swingcirculateblsdi.shop
thumbdriverrylinnw.shop
timetabledffiewi.shop
timetablepdodwp.shop
traineiwnqo.shop
universittsyos.shop
uttercarrigsno.shop
violanntyisopz.shop
violationsyxzb.shop
welfaredcattewd.xyz
wollfsoaisvz.shop
wordingnatturedowo.xyz

# Reference: https://x.com/r3dbU7z/status/1828177963562549637
# Reference: https://www.virustotal.com/gui/file/a8cc637d455d7e89c1adf34775eadc90a7c8e425fcbe6e5c74303220e50ad5ef/detection
# Reference: https://www.virustotal.com/gui/file/de6df199b5a727199f6540d216a6fa920105b7b2f254b165d63101011c0d178a/detection

computador.run
portalservicos-denatran-serpro-gov-br.org
view.portalservicos-denatran-serpro-gov-br.org
windows.computador.run

# Reference: https://www.virustotal.com/gui/file/0225ca9a6f4b5cee87d1d25b11cd445228f49ab13f65ed1ad104a8ff54702b46/detection

evoliutwoqm.shop

# Reference: https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/
# Reference: https://www.virustotal.com/gui/file/e9457733ee1d946eb69cc9f7db756430d1d055012d26240cec24925aed498098/detection
# Reference: https://www.virustotal.com/gui/file/ee34b612ee13eea868b47c797863619075a28099285a61b1fa7376f72b06ff7a/detection
# Reference: https://www.virustotal.com/gui/file/b7f8be9ae0cde7d6233d50520d76b63474cc5f32f334160a7699a0e77a34d276/detection
# Reference: https://www.virustotal.com/gui/file/47656fd369a7ce08902875a7476a1889b7b770c2a1396bdfde3e5e093b7c79ee/detection

http://188.68.220.48
ufort.info
vamplersam.info

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-08-31)

abortionlaoep.shop
aggiledpozm.shop
applieddyooqnz.shop
approoverowps.shop
arsriefloxzm.shop
awwardwiqi.shop
bordjoyoust.shop
brasshroewwpm.shop
buddgetisozv.shop
burrydedmnzop.shop
calcuatllitwop.shop
cheerysyqsip.shop
chooopywsqu.shop
clerkpolicemandwusi.xyz
colleaguedopzm.shop
conservaitiwo.shop
consideratisiqw.shop
constructgeneratisa.xyz
demopartisom.shop
densitybragpwq.shop
dirreopcspzx.shop
economiicsosoq.shop
energgyosiwpp.shop
ensuredqsnjqk.shop
eternallysosm.shop
evaluateoqwp.shop
fashiiosuwq.shop
fearlessywqmn.shop
flinngyuqwqum.shop
glisteniingwiw.shop
guardeedwospq.shop
guerrillatoswz.shop
hardshippdiv.shop
innovationows.shop
integratedmwqo.shop
interdepmon.shop
iserjpcektoq.shop
ivrelmanitt.shop
largerryskwhq.shop
linedsipzmxo.shop
lunchindooip.shop
matterrydamagedowkds.xyz
muuudsaowis.shop
notairdropton.shop
noticcedospq.shop
ohmparadouio.shop
persiisstowqop.shop
ponintnykqwm.shop
producersosuz.shop
professinowpqqz.shop
projectaownqo.shop
provicnwiqmp.shop
provisionfusni.shop
racklilekwqp.shop
reagoofydwqioo.shop
reptiledqowm.shop
revenuedsozp.shop
scenariospzm.shop
securedosqpsn.shop
shadowqsnqop.shop
strideforuwqm.shop
suntanynwowqm.shop
tenseddrywsqio.shop
tibedowqmwo.shop
toothydsozp.shop
transtitiowo.shop
twilightsizp.shop
uniqueadowpqm.shop
upsettymsnqwk.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

deteriotraiwo.shop
diamonykeqpwm.shop

# Reference: https://x.com/DonPasci/status/1832705603526910141
# Reference: https://tria.ge/240907-yqxbravbkg

teachherwjw.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-08)

appointwiymo.shop
axisdebtwoq.shop
ballettabek.shop
basedsymsotp.shop
bassicnuadnwi.shop
ceremonynekwqn.shop
charistmatwio.shop
chocolatedwq.shop
collonymtqn.shop
commisionipwn.shop
complainnykso.shop
cutesliprpepo.shop
dairyucoemwk.shop
dealleromwn.shop
druggywuop.shop
forummykwqpm.shop
glassestacwop.shop
grassemenwji.shop
ignoracndwko.shop
limitadmitiwo.shop
pensiontqiw.shop
powderquattterwso.shop
preachstrwnwjw.shop
puproceliveo.shop
sculpturedowqm.shop
sentistivowmi.shop
serveghaweqjm.shop
stitchmiscpaew.shop
technicaltip.shop
unawaredfostwp.shop
votteryloeq.shop
waiteralcohowl.shop

# Reference: https://www.virustotal.com/gui/file/331be5f895b0d2fcc92a4477c87c40d247665ac35375e4af85646d820e1b37c1/detection

proffoduwnuq.shop

# Reference: https://www.virustotal.com/gui/file/09af84877c333dfaf359e968337bfaaac06736c432f588829475702272e1cf37/detection

toolstechs.com

# Reference: https://x.com/g0njxa/status/1835393713465405810
# Reference: https://x.com/NDA0E/status/1835403830252748847
# Reference: https://x.com/RakeshKrish12/status/1838820115720061013
# Reference: https://x.com/lontze7/status/1838836764909117750
# Reference: https://x.com/raghav127001/status/1847001926371869172
# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=services.http.response.favicons.md5_hash%3D%22565ac8716e4fd6028e64c29639bfede1%22
# Reference: https://app.validin.com/detail?type=hash&find=565ac8716e4fd6028e64c29639bfede1#tab=host_pairs
# Reference: https://search.censys.io/hosts/82.118.16.132

http://185.11.145.254
http://185.178.208.174
http://185.178.208.191
http://185.7.214.73
http://82.118.16.132
http://84.32.185.206
http://95.181.182.182
82.118.16.132:3389
82.118.16.132:47001
82.118.16.132:5985
82.118.16.132:8080
abaftebeetl.biz
ancientlum.com
apilumma1.fun
arpifox.xyz
bevm.top
comffyrest.run
consirepdi.biz
domainlumm.fun
funlumma.fun
hyve.today
layeredge.today
lum-fun.fun
lum-new.fun
lumma-market.ru
lummarket.fun
lummc2.fun
lumnew.fun
marketlumm.fun
newlumm.fun
oldlumm.fun
oldlumma.fun
perspectiy.cyou
stickintial.cyou
tripzlux.digital
urgenlums.com
writintrvh.top

# Reference: https://x.com/banthisguy9349/status/1835769382733017281
# Reference: https://urlscan.io/search/#filename:%22dober.css%22

http://45.134.26.107
gapi-service.io
lastcoms.fun
static.247.173.76.144.clients.your-server.de

# Reference: https://x.com/fam4r/status/1836497372454465628
# Reference: https://x.com/malwrhunterteam/status/1836498511598059879
# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/09/github-scanner_lumma_18-09-2024.json
# Reference: https://www.virustotal.com/gui/ip-address/185.208.159.43/relations
# Reference: https://www.virustotal.com/gui/file/10d4e15b63a07368299f2245661d7a4626cd1a91a9950a3cbed5b4276d2dc31f/detection
# Reference: https://www.virustotal.com/gui/file/d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207/detection

2x.si
github-scanner.com
github-scanner.shop
githubscanner.workers.dev
eemmbryequo.shop
keennylrwmqlw.shop
licenseodqwmqn.shop
reggwardssdqw.shop
relaxatinownio.shop
tendencctywop.shop
tesecuuweqo.shop
tryyudjasudqo.shop

# Reference: https://x.com/iam_rajhans/status/1836717049353019614
# Reference: https://www.virustotal.com/gui/ip-address/99.79.122.234/relations

http://43.205.115.44
http://99.79.122.234
pancakeswap-finance.linkpc.net
updatemail.publicvm.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-19)

absentcurtaino.shop
acqutiygwl.shop
addicitedoqowm.shop
assettywkwm.shop
aviatiiitwinq.shop
bulletiiitenw.shop
couppertoobaw.shop
cyrtainnywkos.shop
damagedowqm.shop
deaddynpangju.shop
dumpliportiwo.shop
eliminatedowpq.shop
empiredmnuowq.shop
frightennywj.shop
genedjestytw.shop
harassuwqom.shop
heirafairiwo.shop
hennyrelatie.shop
leftoversowmo.shop
managgerowkso.shop
modesttylitwo.shop
murderryewowp.shop
mushroomwiwop.shop
nationattwllwqm.shop
pang-scrooge-carnage.shop
panushciwracelp.shop
planntyitemiw.shop
polishuwqiwom.shop
predictionmq.shop
productedmwqki.shop
proudebenehcs.shop
publicevkwop.shop
punisshepuredo.shop
rafaelappps.shop
resstyeggeuo.shop
salvaitoynwo.shop
seemlyewdmsn.shop
steepycentnqopm.shop
stoolybootwmwn.shop
stryyridomwn.shop
sulphugruewoqm.shop
tabledchargwo.shop
taillymodwp.shop
thirstyywowmq.shop
tinnyauthorsi.shop
understagkedow.shop
vottermrkw.shop
whhhelewmni.shop
wrappyprotesp.shop

# Reference: https://x.com/banthisguy9349/status/1825110613850276035
# Reference: https://x.com/malwrhunterteam/status/1837383953776353526
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-09-19-IOCs-for-file-downloader-to-Lumma-Stealer.txt
# Reference: https://www.virustotal.com/gui/file/2764239db3813e1bbf031ac00531bc98befe0ade1de06cf8b47c811a189217b8/detection
# Reference: https://www.virustotal.com/gui/file/dd6f96d0d6f6ed2b83df7552f77523688f2a2272fce63564bc9ffdcb3157b70e/detection
# Reference: https://www.virustotal.com/gui/file/55663778a8c593b77a82ea1be072c73dd6a1d7a9567bbfbfad7d3dec9f672996/detection

http://45.156.25.126
access-htaccess.com
back-kurwa.com
chick-chick666.com
hit-8841.com
nhit66.com
pick-pick.com
root-head.com
software-license1.com
two-root.com
/cock/dick/169.bin
/little/bitch/239.exe

# Reference: https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/

91.92.243.198:81

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-22)

achievenmtynwjq.shop
appleboltelwk.shop
bearrytankkewo.shop
captainynfanw.shop
carrtychaintnyw.shop
chickerkuso.shop
contractowno.shop
coursedonnyre.shop
fossillargeiw.shop
intelligenctjwi.shop
intoductionweoa.shop
metallygaricwo.shop
milldymarskwom.shop
opponnentduei.shop
presennttykwo.shop
puredoffustow.shop
questionmwq.shop
quotamkdsdqo.shop
steppyplantnw.shop
strappystyio.shop
superrcolellwe.shop
surveriysiop.shop
tearrybyiwo.shop
tendencerangej.shop
trolleyrreiwn.shop

# Reference: https://x.com/banthisguy9349/status/1837835850245136743
# Reference: https://urlscan.io/search/#domain%3Ashop%20AND%20page.url%3A%22%2Fapi%22

abledzovmposia.shop
analystuysowp.shop
bananadwidndewo.shop
candidaiteopwm.shop
chammypaswiqo.shop
compunnnyyioq.shop
deliveerkoqwmn.shop
depsairryosp.shop
discoveriwm.shop
insistytriro.shop
joystickkyjwq.shop
lisstyassicrown.shop
liversymbwqp.shop
muggudrowiwm.shop
obstacleosdsapq.shop
ohhyhousedmxznw.shop
optinewlip.shop
refrencireoi.shop
resindecdesjai.shop
runngerrybiwo.shop
samledwwekspzxp.shop
shareehodwnqm.shop
soliddywdwu.shop
sopranntkwow.shop
stretchedsqosqp.shop
talktaitoovee.shop
tellyqperoiqo.shop
thanngkwwqlm.shop

# Reference: https://www.virustotal.com/gui/file/f7d5e31a90a7a436fb88277e0920c9675b69fa37eee1b97120a27f792ea8ca1d/detection

abortinoiwiam.shop
covvercilverow.shop
deallyharvenw.shop
defenddsouneuw.shop
priooozekw.shop
pumpkinkwquo.shop
racedsuitreow.shop
surroundeocw.shop

# Reference: https://www.virustotal.com/gui/file/2c59d45d84dcffce87d7185ad1c335413ca8e06e37873f24e596a1dcf89fb396/detection

65.109.127.181:3333

# Reference: https://www.virustotal.com/gui/file/ee4b3ad0ab7aa01d1c44e47bf7515628770a6d2458e4ed8f98820c5ff1883fa6/detection

mizzerablekmo.shop

# Reference: https://www.virustotal.com/gui/file/6081b51cb35b877e585e65440539df92d4e8516d7ae087cb18b7a7ce87707185/detection

drawzhotdog.shop
fragnantbui.shop
ghostreedmnu.shop
gutterydhowi.shop
offensivedzvju.shop
performenj.shop
reinforcenh.shop
stogeneratmns.shop
vozmeatillu.shop

# Reference: https://www.virustotal.com/gui/file/eaa4f17fe2fdee87a403b0880fd1fa3bdca6a7d9f435c44b38ab2a3ec058a8bb/detection

swinngydisaosp.shop

# Reference: https://x.com/DaveLikesMalwre/status/1838937361612161315
# Reference: https://x.com/NDA0E/status/1838943185415836139
# Reference: https://x.com/DaveLikesMalwre/status/1841629226719707149
# Reference: https://app.validin.com/detail?find=185.255.122.133&type=ip4&ref_id=30e288367c9#tab=resolutions

http://185.255.122.133
185.255.122.133:443
finalstagetogo.com
finalstepgetshere.com
finalstepgo.com
finalsteptogo.com
getmenextstage.com
trackthemgood.com

# Reference: https://x.com/iam_rajhans/status/1839224928270225591

91.214.78.177:5500

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-09-25-v10703/2006

literacyhangwk.shop
roaddrermncomplai.shop
tiddymarktwo.shop
trustterwowqm.shop
wallkedsleeoi.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-09-30)

admissionfaccen.shop
agreedmeanynj.shop
articultattkwm.shop
ballotnwu.site
bommotmynwjq.shop
branchtriviawlek.shop
candleduseiwo.shop
chaptermusu.store
chlakkymagazi.shop
cittypillyekwo.shop
coinnyfrownwejr.shop
conctrajwi.shop
dosedcastrerwns.shop
famikyjdiag.site
fannydayywjwo.shop
fastidioudqmwo.shop
filetip.shop
invitedmwdnqi.shop
liedshorqwi.shop
lootebarrkeyn.shop
moduledfahhhiov.shop
mysteryedjw.site
oldenlumm.fun
patternucapri.shop
pianoswimen.shop
pilotyiess.shop
possiwreeste.site
ptramidermsnqj.shop
raciimoppero.shop
reliabledmwqj.shop
riderratttinow.shop
siegednwqu.shop
statuesquesiqow.shop
swipedbakkwo.shop
teenaggerwwysm.shop
teenylogicod.shop
underlinemdsj.site
videobenefdii.shop
wrisstytenewj.shop
younngpresseo.shop

# Reference: https://x.com/malwrhunterteam/status/1841063554637541521
# Reference: https://www.virustotal.com/gui/file/467af926472622448eb04925b9fa7351e8542f277f489ae792288829efa164dc/detection

agentyanlark.site
bellykmrebk.site
commandejorsk.site
delaylacedmn.site
offensivednsh.store
writekdmsnu.site

# Reference: https://x.com/malwrhunterteam/status/1841409205716066561
# Reference: https://www.virustotal.com/gui/file/6275fdc6cb613300c08ef09917a6dcd2da5eb1fef5e20bdd214fd9fefeafd8fb/detection

abnomalrkmu.site
absorptioniw.site
chorusarorp.site
gravvitywio.store
mysterisop.site
nurserrsjwuwq.shop
questionsmw.store
snarlypagowo.site
soldiefieop.site
treatynreit.site

# Reference: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
# Reference: https://www.virustotal.com/gui/file/34cba2f6c710bb76d47f9fce2d8b5c462e11b35cd352751b6cdd453521d0a761/detection

fileworld.shop
privilegedkoq.shop
thesiszppdsmi.shop

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-10-03-IOCs-for-SmartLoader-to-Lumma-Stealer.txt

highawaretemptersudwu.xyz

# Reference: https://x.com/RacWatchin8872/status/1842124331544928483
# Reference: https://urlscan.io/search/#hash%3A51280dabfbc880cdc5f92cc2f4f22c8032de5aba401c3268250a11eeb2df1f73%20AND%20page.url%3A%22%2Fapi%22

http://45.76.178.207
advocachark.store
beautidrawk.store
brainnystowi.store
coderollksn.store
consumptiy.site
discouragedk.store
diskegraciw.online
egodoubkeo.site
ejectyflay.store
fallydisablek.site
feltzercario.site
forumustow.store
frannykamj.store
offeviablwke.site
pennyresignyj.store
pittyshishre.site
soupedterju.online
spiderrista.shop
suspictiozn.online
termyfencdw.site
timberiska.online
worldresource.shop

# Reference: https://x.com/RacWatchin8872/status/1842262030700437971

assaultxnh.site
febnceokwi.site
jealouskfnn.site
mountainywj.site
sunhsinkujh.site
throaatyinpak.site
witnesjwuka.site

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-05)

abundanttyj.site
annthostiledm.shop
appendparttenw.shop
bathdoomgaz.store
beearvagueo.site
boarderryowk.shop
brammdysocitrey.shop
carddytrailko.shop
cereeembalank.shop
certainykww.store
clearancek.site
diiiveowmnj.shop
dissapoiznw.store
dividenntykw.shop
eaglepawnoy.store
exmptiondixv.shop
explorationmsn.store
famillmeasurd.shop
flouredbiteowo.shop
gemmyfaithkw.shop
giffrooypwm.shop
makedupperkjs.shop
markyclaktwi.store
millysioitwl.shop
mobbipenju.store
newresource.shop
officemythsjw.shop
oriennnationiw.shop
perforatedmwqn.shop
pierryfurow.site
platformreisio.shop
positionorbiteo.shop
remembkreom.xyz
spirittunek.store
studennotediw.store
sufferinggeryjs.shop
thighfeingjywk.shop
trenndylicensei.shop
truthevideow.store
usseorganizedw.shop
virationli.site
voilantaiowm.shop
weakkysemwmns.shop

# Reference: https://x.com/g0njxa/status/1842152674621317564
# Reference: https://app.any.run/tasks/02afc68d-6687-47a4-894b-3f9d1dda74ca
# Reference: https://www.virustotal.com/gui/file/58299fe21b58cca245f9f5cdf4a6f25bbbd481bd81840600473077977b868bea/detection

bathdoomgaz.store
clearancek.site
dissapoiznw.store
eaglepawnoy.store
firghtenj.online
licendfilteo.site
mobbipenju.store
spirittunek.store
studennotediw.store
kedtypots.sfo3.cdn.digitaloceanspaces.com

# Reference: https://x.com/sudo_Rem/status/1842329196007227843

editai.cloud

# Reference: https://x.com/ViriBack/status/1843271741742698747
# Reference: https://app.any.run/tasks/0c4d9368-64f5-4211-9484-d1fbb0137cd8

http://194.38.20.211
http://89.23.107.75
89.23.107.75:445
sergei-esenin.com

# Reference: https://x.com/RacWatchin8872/status/1843358373967987037

despisedmny.store
difficenwu.store
drivepkmnsu.store
enteryujshb.store
favoryloctw.store
firedsharow.store
folldusgg.store
formatinowk.store
framedui.store
hairypreac.store
holdlykmo.store
lateeminsk.store
patientpro.store
percentyexto.store
strawwybuwjv.store
swearryguwi.store
theftymixu.store
triangledh.store
viablemnuj.store

# Reference: https://x.com/cyberfeeddigest/status/1843656093206995423

comodozeropoint.com

# Reference: https://x.com/malwrhunterteam/status/1843903871804129550
# Reference: https://www.virustotal.com/gui/file/607ef10353465c2772a7f4f0f49bb0cc196130139d543f591800e42d46c11e0c/detection

bemuzzeki.sbs

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-11-08-IOCs-for-malware-from-fake-Clockify-site.txt

http://193.3.168.112

# Reference: https://x.com/Unit42_Intel/status/1844407872471392363
# Reference: https://x.com/RacWatchin8872/status/1844412801428881606
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-10-09-IOCs-for-Lumma-Stealer-from-typosquatted-domain.txt

http://144.126.129.4
allocatinow.sbs
chinnyvoushw.shop
enlargkiw.sbs
lonellykrqwmn.shop
mandarin-ca.com
mathcucom.sbs
resinedyw.sbs
nenkinseido.com
posfrnon.com
posrman.com
rodejs.mom
tgwcol.com
lo.mandarin-ca.com
lulu.mandarin-ca.com

# Reference: https://x.com/RussianPanda9xx/status/1844454351646961812
# Reference: https://www.virustotal.com/gui/file/012231f0c091e468f49a1644a6cd1fae0e28870e15dd773990228f0e71aa6240/detection

cdn-gravitiumgame.xyz
exemplarou.sbs
exilepolsiy.sbs
frizzettei.sbs
invinjurhey.sbs
isoplethui.sbs
laddyirekyi.sbs
wickedneatr.sbs
xilloolli.com

# Reference: https://x.com/RacWatchin8872/status/1844487675317014755
# Reference: https://x.com/DaveLikesMalwre/status/1844546423842316795

annoyingfiler.com
apocalypsedoer.com
basizuw.buzz
condifendteu.sbs
drawwyobstacw.sbs
ehticsprocw.sbs
jokingnations.com
lameuotgiwo.store
pleasegetthisfile.com
vennurviot.sbs

# Reference: https://x.com/banthisguy9349/status/1844372737512632818
# Reference: https://www.virustotal.com/gui/file/65a060f8606f2213f1480ea132d519590f2736d8e1f53edb33fdfb27b3c9d869/detection

rtpdgox.info
app.rtpdgox.info
heks.egrowbrands.com
kale.amwebsolution.com
lide.omernisar.com
mkas.rizwanmano.com
proxy.amazonscouts.com

# Reference: https://x.com/RacWatchin8872/status/1845463023353274781
# Reference: https://x.com/RacWatchin8872/status/1845494648510287951

citedgrinyn.biz
datedhorseuw.biz
electroyw.biz
ensuderowmn.biz
equipyfigv.biz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-13)

abstacctywiwqom.shop
accentypastedw.store
accessgivvwpew.shop
adulterizdsoz.shop
allocateowb.biz
aluminiumsdiqw.shop
appealsozvmio.shop
appearancdeo.shop
archidoveryusk.shop
avatrade-compliance.com
avatrade-global.com
avatrade-regulation.com
avatrade-services.com
avatrade-supervision.com
averageorganicfallfaw.shop
bakefirefighteossw.shop
beerishint.sbs
benefictioraikiitso.xyz
bikeivaiwo.shop
bleedminejw.buzz
breedycodwk.store
bundledborne.shop
cancedhoeysopzv.shop
carrotmjus.store
carvehittyupzew.shop
cfd-regulations.com
cheappyefejej.shop
cititezneowqp.shop
coalitionformutalew.xyz
competitiveovallew.shop
contarraylean.store
corushedk.store
couragefollexpdorwpe.xyz
creamtaretio.shop
creeeamynsaudi.shop
crowddycrossqk.shop
cucubmerkwh.buzz
deallykrisk.store
destructionloserods.shop
diliggentyj.buzz
domainlumm.funlogin
dormynwj.buzz
economilgreattykow.shop
eggyosmdqnjo.shop
elfinnyjwu.buzz
energybarreosp.shop
engineernoticew.shop
entertainingwzw.shop
epiloggati.sbs
errapotprayosk.shop
eveninngykwo.shop
evenyagonizingwff.shop
excellentdizzyvasw.shop
faillymoodkywko.shop
feecruthsdusodq.shop
feelystroll.buzz
firmmydivideow.shop
firstraccedmusical.shop
fixturedalarmyksow.shop
flimsybrieffykmew.shop
fomremywellmadderw.shop
forutnedmhiqo.shop
franticnaughtyeiw.shop
fruityconsti.buzz
furtiveplastickdjw.shop
galleryshortsxaxiwos.shop
goodymuxzjch.shop
grannndjtaom.shop
grannsfulyls.shop
grrenytradwsi.shop
halttbindsj.shop
happytummynk.site
harasssurvivalywk.shop
helipoctrerow.shop
hightpuredospzv.shop
illegalpremiumjwkew.shop
insidewpqm.shop
inspctosm.site
insticntclodwop.shop
judgemeenttiqio.shop
kontaktrot.pw
lagnueiwn.buzz
landownerryparaxodwo.xyz
lonelymqwj.shop
macabredabor.site
magneticcosi.buzz
makketakecoincidejs.shop
mannerskatenotionsu.shop
meltedpleasandtws.shop
meritdiveu.site
messagedoxpzxvm.shop
methodbojjewkl.shop
methodgallonpermisiw.shop
mixturehari.store
monkkerpmzio.shop
muggylasergaijynwjk.shop
multiplyewodqm.shop
negotationpxczp.shop
nippydxmnwquo.shop
nonsensedjwqj.site
onefreex.com
operrayowo.shop
pajamas-stoic-failing.shop
paleneatuw.buzz
parachutedkw.buzz
parkkynenwio.shop
peceptioglaciero.shop
pepperdignitytaciw.shop
periodicroytewrsn.shop
prinntypainrwi.shop
probablekl.site
proclaimykn.buzz
professitonwqu.shop
projejtjmwtjwi.shop
quaintindoorykoskw.shop
rainygori.buzz
randomdeskfireballsw.xyz
readdywiny.buzz
redunadanydelicouios.shop
referencedxlzp.shop
refrigaterpsm.shop
remainyadjw.biz
reporrtisizo.shop
resourcedosqp.shop
roadsterrhetoricaw.shop
roundpleaddso.shop
roundpleaddysxz.shop
salvatiiywo.shop
samefuturistickoew.shop
scientificymalieffkywo.shop
selearntju.buzz
selfishhri.store
sensatinwu.buzz
shaffkmistyid.shop
shelfedpriveowp.shop
sicillyosopzv.shop
sippytryedkwn.shop
sisafffairsop.shop
softcallousdmykw.shop
specialadventurousw.shop
spikeduggli.buzz
spludgemercydowwerw.shop
spotlessimminentys.shop
stckeringdkzpx.shop
stomachoverwis.shop
succesfullysjlewdwp.shop
suiatcarew.biz
tastyoswk.site
terminalprecedentyks.shop
themeletdzoxcpxv.shop
thidrsorebahsufll.shop
tiggerstrhekk.shop
toppledhaemw.shop
tradeprofixmariw.shop
tremendousjuokeyow.shop
tribepresentaitsi.shop
uniedpureevenywjk.shop
uniquedpieco.site
urgedknitqsdio.shop
vannysiidwq.shop
vilounteersyi.shop
wantypoofjk.store
widdensmoywi.sbs
worthsuwqp.shop
zen-space.shop

# Reference: https://x.com/RacWatchin8872/status/1845843569640128544

blesstextrei.buzz
discouragedkw.buzz
endureferrar.buzz
explositonuy.buzz
folkfloreks.buzz
gaspytanykw.buzz
homedarenwj.buzz
innovatioy.buzz
proclaimykn.buzz
punchudump.buzz

# Reference: https://x.com/RacWatchin8872/status/1845783639058968667

factorglaro.biz
firedaggeriu.biz
overcomedenh.biz
persuaddetwj.biz
pinlaunchhut.biz
publisherxzh.biz
pyramidyjwu.biz
renewboostyw.biz
requireow.biz
servebothez.biz
shootyprovedn.biz
sleepysupl.biz
submiytinh.biz
suiatcarew.biz

# Reference: https://x.com/ValidinLLC/status/1845882035107516591

advertuseh.biz
divewanntwj.biz
jellyrealewi.biz
osberverynsb.biz
soupedburhsh.biz

# Reference: https://x.com/ValidinLLC/status/1845886886113394761

counbuyytwy.biz
leaddysalmony.biz
remindydivir.biz
revirepart.biz
siegedcoffy.biz
strippyadvis.biz

# Reference: https://www.virustotal.com/gui/file/01819dd81f96fc48235eaf1d55028d6bd440407b8ab363407872cdd6070e6687/detection

abusipvork.store

# Reference: https://x.com/RacWatchin8872/status/1846531592476319874

acidpassages.cfd
adoptythanyj.cfd
ansectoriyj.cfd
bearryinveu.cfd
blowwyivot.cfd
braidyintw.cfd
constrastywiu.cfd
creepyoso.cfd
crimedcirwo.cfd
cucumberlkt.cfd
decreasefost.cfd
desertedjwuyo.cfd
discoverrwz.cfd
drammesuuio.cfd
droppyrelivei.cfd
ferryfarvo.cfd
foodymovuw.cfd
giveaspectwuy.cfd
hunterrycru.cfd
imgagriwu.cfd
insideparti.cfd
louadywotmn.cfd
matteryshzh.cfd
minoritwtio.cfd
offenycoru.cfd
opiniomot.cfd
palmyrejectiy.cfd
pestyactewi.cfd
pierryjumy.cfd
prinyveri.cfd
promisedjeylk.cfd
promotedcuut.cfd
proviniclkaw.cfd
pumpkineeu.cfd
quittywooruy.cfd
sandiwthu.cfd
scholartp.cfd
sippymroat.cfd
smootyattraw.cfd
snaillyknsu.cfd
spootyleggiu.cfd
stirnyuys.cfd
storefeingny.cfd
strikedrumnyh.cfd
stunnyaccot.cfd
suggestedomb.cfd
sweerprevet.cfd
tractopersuo.cfd
transatcitov.cfd

# Reference: https://www.embeeresearch.io/practical-examples-of-url-hunting-queries-part-1/
# Reference: https://urlscan.io/search/#page.url%3A%2Fhttps%3F%3A%5C%2F%5C%2F%5Ba-z%5D%2B%5C.%5Ba-z%5D%2B%5C%2Fapi%2F%20AND%20page.server%3Acloudflare

abjectthinkaggwblw.xyz
abusipvork.store
aggressivedisillweiw.shop
ayzhendevelopment.xyz
bedtrailpercreowpso.xyz
boundlessopwp.shop
braidyintw.cfd
bulvarprdo.pw
bunkr.black
butcherl.fun
clausegerfild.fun
conceptionnyi.sbs
counbuyytwy.biz
darischkr.xyz
deadkyremarkmindn.fun
divewanntwj.biz
dividefik.buzz
drilltighiisgitn.xyz
enginenek.buzz
exceptionfascinatemoviv.site
fevertalkkywkwm.shop
fightyglobo.sbs
give.lol
goldfinchwood.fun
grazelaunchedpoe.shop
herberyloduso.shop
hollandblu.fun
hollowfantasticdash.shop
imgagriwu.cfd
instamax.shop
interruptigogoz.shop
invitedrevivi.cfd
lasstylinage.cfd
lemnnywu.buzz
lionapi.xyz
matteryshzh.cfd
modellydivi.sbs
mooncourt.xyz
nervepianoyo.sbs
nobleproffbarrieriy.shop
numberlesswortheiwol.shop
opponentsuio.shop
osberverynsb.biz
passimovrt.cfd
photofram.pw
pioneeruyj.sbs
platformcati.sbs
propermixturedwo.xyz
qualifielgalt.sbs
revirepart.biz
scrawwwnykos.xyz
seriessoftydamnge.shop
sippymroat.cfd
smashygally.sbs
smiledocwuj.online
sofftydcleannycexudew.shop
soupedburhsh.biz
southcompetenctder.xyz
specimennativqepthhy.shop
specimmenywoq.shop
spootyleggiu.cfd
strtapewithadblock.xyz
trashefool.store
underlinefiue.sbs
unlikerwu.sbs
varshavlur.pw
wanderibd.cfd
waytinmedicinedskow.shop
wittyhurteh.buzz
worryofficwi.cfd

# Reference: https://x.com/s1dhy/status/1847055129419096144
# Reference: https://app.any.run/tasks/04a15f2e-16b0-4dae-8fc1-3946eacea0cb
# Reference: https://app.any.run/tasks/ec76f873-3048-420f-bbd7-551e862c6e81

all-instructions.com
cosmic-canvas.shop
experttech.shop
learnedwk.store
online-pdf-viewer.com
updateexpert.shop
vibrant-minds.shop
download.all-instructions.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-21)

ambiguitywo.cfd
apic2.fun
archivedky.cfd
arreggshow.cfd
captaitwik.sbs
captivaterz.cfd
chewcaferw.cfd
collectbuffetfilylew.site
comeddycourse.cfd
conglomerateoi.cfd
consumeroo.sbs
cousinsorai.cfd
deepymouthi.sbs
defenntreffu.cfd
deportyowm.sbs
deserveiu.cfd
discoverrysh.cfd
docu-sign.info
domainc2.xyz
draggyworusi.cfd
drinkthawwt.cfd
expectationw.cfd
failuredgrio.cfd
ferrycheatyk.sbs
ferryexpre.cfd
firsthandyw.cfd
flatwarei.cfd
flavflavourk.site
freshmannywju.cfd
gabragerui.cfd
gollyelect.cfd
gravellylib.cfd
grudgednoy.cfd
guttervaiin.cfd
heroicmint.sbs
imageforg.cfd
jurisdictwy.cfd
kneelyopkr.cfd
legislatiu.cfd
legislaturedj.cfd
lickypassk.cfd
litigatin.cfd
lumsecret.fun
magnificwo.store
memberidealky.cfd
messbeamy.cfd
monstourtu.sbs
morselfeattuw.cfd
nurseryfii.cfd
opposutboomy.cfd
plasticyere.cfd
possibledkb.cfd
raceadmiredo.cfd
recessionmar.cfd
reeferpict.cfd
refurnharj.cfd
revolutionwg.cfd
rugbydiffu.cfd
scandallyuru.cfd
scratgyy.biz
sensitiveuw.cfd
shallowbreray.shop
sidercotay.sbs
snailyeductyi.sbs
speedsheety.cfd
spooteddecow.store
squaredow.buzz
stagecrar.cfd
supportnows.cfd
threespecio.site
tournametnu.cfd
westyhayp.cfd
wrigglesight.sbs

# Reference: https://x.com/RacWatchin8872/status/1848673355596988781

agendasinky.cfd
arenabaeny.cfd
assumedsimmy.cfd
balancedwei.cfd
bodyridegw.cfd
buildinggyw.cfd
calfyrelifak.cfd
chaseinfrrc.cfd
chiefdisocu.cfd
cooperatedmw.cfd
coupledxry.cfd
endyreversez.cfd
floodypocu.cfd
harmonydhyr.cfd
hesitateiox.cfd
iniativeit.cfd
lecturstrid.cfd
lucnhyasi.cfd
newsystuff.cfd
noucenemtny.cfd
paitheadki.cfd
pierrycomm.cfd
pleaddymoenu.cfd
reffpicks.cfd
resoluitdrawz.cfd
scrambledmy.cfd
sellyoffri.cfd
sufferiny.cfd
talantedoi.cfd
teenagrski.cfd
tollyabledbyi.cfd
unrestyherf.cfd
valuednoty.cfd

# Reference: https://x.com/g0njxa/status/1848859399647072339

talentedoi.cfd

# Reference: https://x.com/RacWatchin8872/status/1849114931922124822
# Reference: https://app.validin.com/detail?type=raw&find=%D0%A1%D0%B5%D1%80%D0%B3%D0%B5%D0%B9+%D0%95%D1%81%D0%B5%D0%BD%D0%B8%D0%BD#tab=host_pairs

angerrucancjew.site
assetiio.site
bendndyecsaw.store
c1.creative-habitat.shop
creative-habitat.shop
dominatfireow.store
establishedwi.site
graphicowkn.store
limityuwjy.store
lowwyorvek.store
memoranduori.online
mistreetta.store
mutuallkykwo.online
paradermnj.cfd
piniushidom.store
powrggideog.store
relationkwi.online
relieevenj.store
seaosnakewu.online
summityceowk.store
swearryiguwj.store

# Reference: https://www.virustotal.com/gui/file/05329742f309c770924d5fb6bfc034bd2f17c3e646ce33cbf2b5ea51bea5a16a/detection

exportkju.site

# Reference: https://x.com/crep1x/status/1849476775165784388
# Reference: https://app.validin.com/detail?find=193.3.19.110&type=ip4&ref_id=2fe639c8c54#tab=resolutions

iloveschweppes.shop
lakadmakatdg.shop
zadaravstvai.shop
thumbi.cfd

# Reference: https://x.com/kddx0178318/status/1849391461533425844

all-instructions.org
download.all-instructions.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-10-26)

activedomest.sbs
arenbootk.sbs
armretire.sbs
assignetmwj.buzz
bannrjur.biz
blissfttulmoments.top
cemeteryun.cyou
cheappyholk.store
clammygrumnj.store
clsevermarketing.click
colldycatle.cyou
commandseai.cyou
completedyu.cyou
crisiwarny.store
deficticoepwqm.shop
definitib.sbs
directoren.cyou
elaboretib.sbs
electronicpgioneers.live
fashionablei.sbs
founpiuer.store
garagedpoczxzc.shop
genuinedjw.cyou
guiadeseguros.online
housingyid.cyou
jucnglecrea.bet
locaterincrewy.biz
lowwywelcok.cyou
mediavelk.sbs
mikhail-lermontov.com
moonydiscowz.cyou
navygenerayk.store
necklacedmny.store
offybirhtdi.sbs
ostracizez.sbs
pilethroneb.cyou
qualitypxvoz.shop
questinoyn.cyou
revivaldm.cyou
richprotectiveodw.shop
strikebripm.sbs
surveropas.cyou
thighpecr.cyou
topetipeo.cyou
trappysno.cyou
unpleasna.cyou
wheatari.cyou
withdrwblon.cyou

# Reference: https://x.com/s1dhy/status/1850172265981436248
# Reference: https://www.inde.nz/blog/converging-paths-analysis-of-recent-lumma-stealer-campaigns

all-instructions.wsconnect.org
cdn-serveri68n-googleapis.org
dns.cdn-serveri68n-googleapis.org
download.wsconnect.org
instructionhub.net
pdb.timeless-tales.shop
timeless-tales.shop
urban-trek.shop
wsconnect.org

# Reference: https://x.com/RacWatchin8872/status/1850953394988441692
# Reference: https://www.virustotal.com/gui/file/f85529dc59f84aa839e4316cd253c010608f91c4891e34621a4e5544d33cb953/detection

pastelyki.cyou

# Reference: https://x.com/vm001cn/status/1849742127498219927
# Reference: https://app.any.run/tasks/5c1254bd-c596-4839-9d25-06156c3bf37c

plating-civic-curtsy.lol
cdn2.plating-civic-curtsy.lol
cdn3.plating-civic-curtsy.lol

# Reference: https://x.com/RussianPanda9xx/status/1850751855829152194

hsiwhfhdjwkkfncdn.lol
fadehairucw.store
presticitpo.store
scriptyprefej.store
thumbystriw.store

# Reference: https://x.com/JAMESWT_MHT/status/1851602386189471994
# Reference: https://tria.ge/241030-pnxeasskbs
# Reference: https://tria.ge/241030-pnxeastdpm

authorisev.site
computeryrati.site
contemteny.site
dilemmadu.site
forbidstow.site
goalyfeastz.site

# Reference: https://x.com/banthisguy9349/status/1851667637870432734

authorisev.site
beeryadjy.cyou
busineratty.cyou
carbonhari.cyou
circledexj.cyou
computeryrati.site
concedefi.cyou
contemteny.site
contractedorv.biz
countymushroom.cyou
coursednyg.cyou
dialectyocmn.cyou
dilemmadu.site
drinkyresule.cyou
fadehairucw.store
faulteyotk.site
forbidstow.site
foundationw.cyou
freighterjn.cyou
goalyfeastz.site
hornylught.cyou
hurlywolky.cyou
integratedny.cyou
introdycito.cyou
lecturetriy.cyou
mafnufacut.cyou
messejawu.store
opinieni.store
parachutedisky.cyou
presticitpo.store
scriptyprefej.store
seallysl.site
secretarryjw.cyou
servicedny.site
speedywqji.shop
thumbystriw.store
treatmentyj.cyou
varietybouy.cyou

# Reference: https://www.virustotal.com/gui/file/000fd5953ae056997b3fc6152e88ddb5e2ae37815556efb5b4aa15bd691a14fd/detection

nhariutz.cyou
opposezmny.site

# Reference: https://x.com/banthisguy9349/status/1852416010692776110

orchestratb.cyou

# Reference: https://www.virustotal.com/gui/file/aa8b4f55363987976940525d72bf26b3f534e6f4d717eb0eee792100ae5e3f25/detection

villagedguy.cyou

# Reference: https://x.com/RacWatchin8872/status/1853086132113695141

cdn-serveri6881-ns.shop
download.cdn-serveri6881-ns.shop

# Reference: https://x.com/kddx0178318/status/1853487249704284288
# Reference: https://www.virustotal.com/gui/file/111f29810427d40f1f61592c3cfe76393c01016bbd80c982d72ebd906450b747/detection

pub-1f3e5ec684c24b40ae9d9716dd6514f0.r2.dev
proggresinvj.cyou

# Reference: https://x.com/banthisguy9349/status/1854122700261765531

painttfel.fun

# Reference: https://www.virustotal.com/gui/file/5d8c4e788b57655567f4e6679ad08b9576c7f9e5d26db703887b61b2f2f54539/detection

realitydefenyb.cyou

# Reference: https://x.com/ShanHolo/status/1854152424325316699
# Reference: https://www.virustotal.com/gui/file/77f6caa506303dbdcf644380adf5cb01b122f6f5efa3a54d7492754075243e2b/detection

http://31.13.224.189
31.13.224.189:443
bakedstusteeb.shop
mutterissuen.shop
nightybinybz.shop
standartedby.shop
worddosofrm.shop

# Reference: https://pastebin.com/D3VGbqya

actgrievny.fun
berrylinyj.cyou
blasterrysbio.cyou
boys.terrifyenyb.icu
bringlanejk.site
broken.terrifyenyb.icu
conceszustyb.shop
dismissanw.icu
dominatez.cyou
expectegirn.icu
fitnessworld-cinemalovers.shop
frannbradnj.icu
fresh.terrifyenyb.icu
geerkenmsu.shop
goodyparticl.icu
gunnar.pridesctajrh.cyou
healthpathway-culinarydelight.shop
honerstyzu.site
joymagnutwy.cyou
knifedxejsu.cyou
leavedmodzy.shop
lmpethnicb.icu
moeventmynz.site
monopuncdz.site
moutheventushz.shop
parduawarj.site
plaintifuf.site
pridesctajrh.cyou
rainyreplacwv.site
reinfomarbke.site
respectabosiz.shop
rewardywenb.cyou
studentyjw.cyou
terracedjz.cyou
terrifyenyb.icu
travis.terrifyenyb.icu
unityshootsz.site
uppermixturyz.site
vampingrichest.shop

# Reference: https://app.validin.com/detail?find=%D0%A1%D0%B5%D1%80%D0%B3%D0%B5%D0%B9%20%D0%95%D1%81%D0%B5%D0%BD%D0%B8%D0%BD&type=raw#tab=host_pairs (# 2024-11-08)

booklounge-autofanshttps.shop

# Reference: https://www.virustotal.com/gui/file/00f4d4cc428634dbcb742e22647679bc7d16fa8c34bedf2b72a8030e1b24c362/detection

jirafasaltas.fun

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-09)

catkinlows.info
educationnpell.shop
lossycristi.cyou
olduenduyz.fun
perfomnjshin.cyou
reallymenyb.cyou
sdkjhfdskjnck.s3.amazonaws.com

# Reference: https://app.validin.com/detail?find=f37d51bfb5cdce1e654e6ea0e694d11f&type=hash#tab=host_pairs (# 2024-11-09)

pannlumz.com
pixelstory.shop
studyzone-investmentguru.shop
traveljournal-techinsights.shop

# Reference: https://x.com/RacWatchin8872/status/1868795669294850208
# Reference: https://app.validin.com/detail?find=%D0%A1%D0%B5%D1%80%D0%B3%D0%B5%D0%B9%20%D0%95%D1%81%D0%B5%D0%BD%D0%B8%D0%BD&type=raw&ref_id=a3ecce9ffbc#tab=host_pairs (#2024-11-09)
# Reference: https://www.virustotal.com/gui/file/dbcf0894f5311fdda15e57dff778407eda06f2eb07efb2fdf79c4577d49ae215/detection
# Reference: https://www.virustotal.com/gui/file/4131b26783042db2c77b20ef00a297d0efc7b7ee6656ed0c261bfc72e74947e6/detection

artspace-clickcreator.shop
belamai.shop
boldadventure.shop
brighthome.shop
buqowai.shop
camacamuca.org
culture-quest.shop
cycahao.shop
danojeo.shop
datocii.shop
dezaqyu.shop
doqevue.shop
duruvuo.shop
fairycity.shop
fejw.org
fireflypath.shop
forestchime.shop
foresttrail.shop
fylapyy.shop
gentlestream.shop
gentlewave.shop
gozojyi.shop
green-forest.shop
hapoqiy.shop
happyjourney.shop
jadodiy.shop
jimeqey.shop
jonagye.shop
jyfyvia.shop
kawykye.shop
kefuguy.shop
kemuvao.shop
keqirai.shop
kiskanukiska.org
lakuwya.shop
lepagie2.shop
leqezuu.shop
lifestyleclinic-fashionista.shop
localwanderer.shop
lumbluesky.shop
lumcopiqua6.shop
lumcozynest.shop
lumcyjukui.shop
lumdukekiy.shop
lumfokim.shop
lumfyginiu5.shop
lumgenowey9.shop
lumgentlewave.shop
lumjosafay1.shop
lumkecuq.shop
lumkymenau.shop
lumlacumii.shop
lumlideweo.shop
lummomusuo.shop
lummozudey.shop
lummunaqea.shop
lumpeguwey.shop
lumqalij.shop
lumquvonee.shop
lumramavyy.shop
lumrobotay.shop
lumsawedua.shop
lumsuxinya.shop
lumtechtribune.shop
lumtovusao.shop
lumzacynuy.shop
lumzenspace.shop
lumzulyj.shop
mexocey.shop
mindfuljournal.shop
morningjoy.shop
mountain-peak.shop
mysticjourney.shop
mysticriver.shop
nagurui.shop
nature-sounds.shop
naturevibes.shop
ninubeu.shop
nisyqai.shop
nutritionzone-chefsecrets.shop
nykidio.shop
ocean-view.shop
oceanpebble.shop
peacefulmind.shop
qosytuo.shop
radiantsunset.shop
rainbowdream.shop
rapabuo.shop
rifujiy.shop
river-stone.shop
rixokye.shop
rubyfalls.shop
s3-eu-north-1.culture-quest.shop
s3-eu-north-1.travelguide-techtrends.com
sapphirelake.shop
sciencediscovery-gardenhobby.shop
sefikey.shop
sereneoasis.shop
sibyree.shop
silentforest.shop
spicywind.shop
styleclinic-beautyicon.shop
sunny-beach.shop
techtribune.shop
travelguide-techtrends.com
velvetsky.shop
vividspark.shop
wanderlust-gadgetnews.shop
wellnesshub-chefparadise.shop
weponoe.shop
winterchill.shop
wucijyi.shop
wusaryy5.shop
xizs.org
xohivao.shop
zeqyciy.shop

# Reference: https://www.malwarebytes.com/blog/news/2024/11/hello-again-fakebat-popular-loader-returns-after-months-long-hiatus

brownieyuz.sbs
ducksringjk.sbs
explainvees.sbs
relalingj.sbs
repostebhu.sbs
rottieud.sbs
slippyhost.cfd
tamedgeesy.sbs
thinkyyokej.sbs
furliumalerer.site
furnotilioin.site

# Reference: https://x.com/banthisguy9349/status/1855579391708852460
# Reference: https://www.virustotal.com/gui/file/cb974d42183c1b779dd9b15f5014893e4ccd7bcb1c56c62416f028de759ce607/detection

147.45.47.61:8888

# Reference: https://x.com/RacWatchin8872/status/1856315808034574668
# Reference: https://tria.ge/241112-nykyks1lev/behavioral2

300snails.sbs
3xc1aimbl0w.sbs
faintbl0w.sbs
thicktoys.sbs

# Reference: https://x.com/SquiblydooBlog/status/1856415307658670246
# Reference: https://tria.ge/241112-v59c3sxfnl/behavioral1

bored-light.sbs
crib-endanger.sbs
faintbl0w.sbs
fleez-inc.sbs
impresnyb.cyou
marshal-zhukov.com
pull-trucker.sbs
thicktoys.sbs

# Reference: https://www.virustotal.com/gui/file/fbbb5ea69c9b064e3a7017f784a37f54937826fe958b03d65458b4c7e492365c/detection

jobdigitalmarketing.xyz
openaisoralab.com

# Reference: https://x.com/g0njxa/status/1857485682299519034
# Reference: https://app.any.run/tasks/896d628c-59ae-409e-b0b2-7fd6719b7c2a

editproai.org
editproai.pro
proai.club

# Reference: https://x.com/silentpush/status/1934872738193453515
# Reference: https://x.com/salmanvsf/status/1934876836061941779
# Reference: https://www.virustotal.com/gui/ip-address/38.110.228.36/relations
# Reference: https://app.validin.com/detail?find=DocuSign%20-%20Download&type=raw&ref_id=1faff777d8f#tab=host_pairs (# 2025-06-17)
# Reference: https://app.validin.com/detail?find=195.82.147.112&type=ip4&ref_id=d624432cafc#tab=resolutions (# 2025-06-17)

apleos.org
brewdoc.org
brewho.org
curatedstuba.com
hotelsengine.org
pleolive.org
stubacurated.org
tbobookday.org
woldtravel.org
xzibittourticket.org
/panelgood/functions/data_link.php
/panelgood/assets/
/panelgood/functions/

# Reference: https://x.com/illegalFawn/status/1856982430546100434
# Reference: https://x.com/JAMESWT_MHT/status/1857014562744041509
# Reference: https://app.any.run/tasks/df8e7793-2e9d-40d6-ba20-87eb74e6090c

bugijepakx1c.b-cdn.net
cloud-salchechon.com
njprfirm.com
rel1gitiger.cyou

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-16)

approvedne.fun
approvfoor.com
brake-effect.cyou
captcha-verf-sys-v3.b-cdn.net
dudtybresah.cyou
giftedbonus.cyou
goldenstream.shop
hellishaluhg.fun
ignofinisheui.icu
intentiongi.cyou
joinykeryzi.fun
livelol.sbs
manuejcruwhj.cyou
netwrokenb.cyou
packagednyb.cyou
pragapin.sbs
qualifiresui.cyou
quiantiaj.icu
silversky.club
tech-tribune.online
toleratedbaybo.cyou

# Reference: https://app.validin.com/detail?find=e3110428602bf34818240304fc05df95&type=hash&ref_id=8803ea9e4b0#tab=host_pairs

crystalpeak.shop
dreamecho.shop
lumemeraldisle.shop
lumlasolyo.shop
lunarminds.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-17)

3xp3cts1aim.sbs
acrith0t.cyou
c0al1t1onmatch.cyou
p10tgrace.sbs
p3ar11fter.sbs
peepburry828.sbs
processhol.sbs

# Reference: https://x.com/RacWatchin8872/status/1858484225915146393

additioniqqwu.shop
moonlight-glow.shop
thrusstedmdwqni.shop

# Reference: https://x.com/D3LabIT/status/1859597698288009478

befall-sm0ker.sbs
librari-night.sbs
owner-vacat10n.sbs

# Reference: https://www.virustotal.com/gui/file/cc5c482229f5b9d1c88f6ff68abb7461de259749f6230932654bb5aaa3fddd88/detection
# Reference: https://www.virustotal.com/gui/file/1055064ac9b506a5b74090f71c4fabbe4bf077bce9bd80bfce9671e723f50cfc/detection
# Reference: https://www.virustotal.com/gui/file/eec8d8dbdc517184ddfa7353ed89e4ac4d2e6c2fefef2a8c4e2c81bb4b6a9047/detection

164.132.5.124:1111
194.15.46.236:8397
hard-to-find.cyou

# Reference: https://x.com/DaveLikesMalwre/status/1860366437434417343
# Reference: https://app.any.run/tasks/ecd46a59-3878-4e36-a4b8-8b26a0d56a11

frogs-severz.sbs
revirepart.biz

# Reference: https://x.com/TRACLabs_/status/1861075988177707256

blade-govern.sbs
disobey-curly.sbs
frogs-severz.sbs
leg-sate-boat.sbs
marshal-zhukov.com
motion-treesz.sbs
occupy-blushi.sbs
powerful-avoids.sbs
property-imper.sbs
story-tense-faz.sbs

# Reference: https://x.com/Thisism23567356/status/1861367550774292804
# Reference: https://x.com/DaveLikesMalwre/status/1861387766812078398
# Reference: https://www.virustotal.com/gui/file/256f11069e446a62a8f7844662e9c9e9f5ed62b248e6d9b51a3b3586d1920d27/detection

occupy-blushi.sbs

# Reference: https://www.virustotal.com/gui/file/014197c064e4700bced40c9b64481b79e1f45113e3d00ae40146a0e925c97de5/detection

r2cloudmikudau8.shop
snowqueen.site
zasa.r2cloudmikudau8.shop

# Reference: https://x.com/RacWatchin8872/status/1862138058503487800

lumbrightfuture.shop
lumcalmwaters.shop
lumdreamcatch.shop
lumdreamyskies.shop
lumfeatherlight.shop
lumharmonyfields.shop
lumhiddenforest.shop
lumpeacefulmind.shop
lumsilverstream.shop
lumstarglimpse.shop
lumthunderchase.shop

# Reference: https://x.com/g0njxa/status/1861756587980767367

okelale.site

# Reference: https://x.com/orlof_v/status/1862539513018650828

copper-replace.sbs
looky-marked.sbs
plastic-mitten.sbs 
preside-comforter.sbs
record-envyp.sbs
savvy-steereo.sbs 
slam-whipp.sbs
wrench-creter.sbs

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-30)

advice-mixer.cyou
anti-automation-v3.b-cdn.net
appr0dress.cyou
balloon-sneak.cyou
blade-govern.sbs
candidatersz.cyou
cook-rain.sbs
crypto-way.pro
disobey-curly.sbs
dolly10dge.cyou
dwnfile27.b-cdn.net
effect-shake.cyou
encryption-code-verification.b-cdn.net
frogmen-smell.sbs
fumblingactor.cyou
hallowed-noisy.sbs
hellpartnercareeroo.shop
leg-sate-boat.sbs
lumdexibuy.shop
marchhappen.cyou
month-format.cyou
motion-treesz.sbs
powerful-avoids.sbs
property-imper.sbs
quotedjizwe.cyou
story-tense-faz.sbs
tail-cease.cyou
tripeggyun.fun
uniqueplas.sbs
w0rdergen1.cyou
water-acidict.cyou
windpull.cyou

# Reference: https://x.com/RacWatchin8872/status/1863568155739615268

digital-odyssey.shop
lumcitikai.shop
lumcrystalclear.shop
lumjebyhiu.shop
lumvelvettouch.shop
lumwhisperwind.shop
c3.digital-odyssey.shop

# Reference: https://x.com/1ZRR4H/status/1864486678129258641

covery-mover.biz
dare-curbys.biz
dwell-exclaim.biz
formy-spill.biz
impend-differ.biz
print-vexer.biz
se-blurry.biz
zinc-sneark.biz

# Reference: https://x.com/urlquery/status/1865154044722872814
# Reference: https://urlquery.net/report/822930f2-5a1d-41da-8cb6-b28f4b03e605

http://80.76.51.231

# Reference: https://www.virustotal.com/gui/file/dfc48ea8d9ea084c2a227993d551864a6c7e52ca1538f1c85dee8c0d2b5f9e61/detection

empty-paster.cyou

# Reference: https://x.com/RacWatchin8872/status/1865739251595481502
# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-08)
# Reference: https://www.virustotal.com/gui/file/b6d3a1dbf5b7e88d8835f4ebdc6f9991a2591d307880dfdc3db9b2af074919b4/detection

a1m0sph3reds.cyou
aback-sliders.cyou
abate-seekyer.cyou
abusive-fight.cyou
achiever-rsert.cyou
adjust-cheek.cyou
adult-perfect.cyou
allowy-bleed.cyou
announce-own.cyou
ant-cheappy.cyou
appear-guides.cyou
aqua-tic-draco.cyou
attempt-lonely.cyou
atten-supporse.biz
author-ityz.cyou
awake-weaves.cyou
baggy-semll.cyou
battle-curbe.cyou
beaster-toss.cyou
bendydully.click
bet-cook-fixer.cyou
blade-bring.cyou
brass-meaty.cyou
break-fast.cyou
brendon-sharjen.biz
buffet-tape.cyou
burcket-iten.cyou
calendar-obese.cyou
careless-jar.cyou
carry-study.cyou
cashju1cyh0.cyou
category-fly.cyou
cats-flats.cyou
cherries-gentle.cyou
collar-finger.cyou
connect.resourcecloud.shop
contract-dim.cyou
cows-print.cyou
crave-shek.cyou
creating-egg.cyou
crooked-silver.cyou
curved-goose.cyou
cylinder-dawb.cyou
daffy-horses.cyou
dancer-shiner.cyou
debonair-brick.cyou
dependy-endors.cyou
destroy-penn.cyou
disappear-direct.cyou
divergeny-frut.cyou
docky-plot.cyou
drawing-feeling.cyou
drive-connect.cyou
ducks-factes.cyou
dust-rotten.cyou
earn-smash.cyou
empty-handler.cyou
enfire-ween.cyou
enter-door.cyou
enter-exulatn.cyou
exchange-res-id.cyou
extra-large-onz.cyou
fair-neck-un.cyou
favour-routed.cyou
ferry-apples.cyou
ferry-champage.cyou
fire-fighters.cyou
flop-rivers.cyou
foggy-addic.cyou
freezing-knot.cyou
fumbling-furryz.cyou
gardens-carify.cyou
get-read-tidy.cyou
goog-stoop.cyou
greywe-snotty.cyou
grow-deprive.cyou
halt-freight.cyou
halting-lender.cyou
heaved-ster.cyou
hellish-create.cyou
hoster-search.cyou
hosue-billowy.cyou
improve-inhreit.cyou
income-weakk.cyou
inculcate-melt.cyou
induce-impose.cyou
infect-crackle.cyou
inflect-glash.cyou
ir-aterudele.cyou
jam-batty.cyou
jelly-cool.cyou
jigateu.shop
keen-lopsider.cyou
klipdajemua0.shop
ladea-livi.cyou
leap-choke.cyou
legg-power.cyou
loving-card.cyou
macho-scar.cyou
magic-grippy.cyou
make-up-gened.cyou
mark-afraid.cyou
minor-sleety.cyou
misuser-farmer.cyou
modernl-owl-y.cyou
mow-saterry.cyou
nail-cruzz.cyou
narrow-reputat.cyou
nervous-depen.cyou
next-heart.cyou
niffty-machot.cyou
observant-want.cyou
offbeat-moans.cyou
olimpiada.gr
optimized-dwell.cyou
other-rans.cyou
output-fog.cyou
pier-frighten.cyou
pleasure-violate.cyou
point-saunter.cyou
pollution-raker.cyou
ponder-yummy.cyou
position-weave.cyou
potty-laborer.cyou
predator-lemon.cyou
pricey-davingh.cyou
pump-fearless.cyou
purify-shutz.cyou
puzzle-dscland.cyou
puzzling-inject.cyou
quota-tions.cyou
rail-red-bury.cyou
ratiomun.cyou
realize-contemn.cyou
rechnungsportal.sbs
reflect-laugher.cyou
regard-survey.cyou
resourcecloud.shop
riddled-mnu.cyou
ripe-blade.cyou
roomy-wanders.cyou
run-jumpy-atten.cyou
sad-grain-eye.cyou
saddle-auntyr.cyou
salvage-vied.cyou
salve-windp.cyou
saturate-sansi.cyou
saunter-colour.cyou
seat-tabooz.cyou
selective-diffr.cyou
shaker-flat.cyou
sheep-stormy.cyou
shirk-home.cyou
shut-paste.cyou
slam-obscene.cyou
sleet-signaly.cyou
slim-incises.cyou
smash-boiling.cyou
smash-trees.cyou
smooth-reason.cyou
sniffy-roll.cyou
society-puzzled.cyou
sordid-snaked.cyou
soupbra-in.cyou
spade-noted.cyou
spend-shiny.cyou
spooky-hellish.cyou
staking-seat.cyou
stare-roar.cyou
state-solevd.cyou
steep-number.cyou
stem-mellows.cyou
stimulta-erase.cyou
stingy-riddle.cyou
stir-zing.cyou
stun-overall.cyou
stupid-edsee.cyou
succeed-welco.cyou
summon-macabre.cyou
supporse-comment.cyou
sweep-bird.cyou
swif-knot-wat.cyou
system-testyr.cyou
teach-shave.cyou
termin-monir.cyou
threshol-skin.cyou
tidy-celery.cyou
tie-shelf-sip.cyou
tongue-henns.cyou
toqyxuy.shop
treasure-arm.cyou
unabled-defev.cyou
vessel-relieved.cyou
voter-screnn.cyou
voyage-soure.cyou
wave-cracky.cyou
wide-eyeder.cyou
wind-raspy.cyou
wind-taster.cyou
worship-scat.cyou
wrath-full.cyou
wrathful-jammy.cyou
wrench-test.cyou
wrong-oily.cyou

# Reference: https://x.com/Oliver7203/status/1865824742319546470
# Reference: https://www.virustotal.com/gui/file/f946567c5199244b8be5fc3843826ad97c31ee11753e26dbdc57689d443163e8/detection

seat-tabooz.cyou

# Reference: https://x.com/banthisguy9349/status/1866393258789933389
# Reference: https://www.virustotal.com/gui/file/c8437904da3f58baae420967a54c395d09a2586247c3aa361a2e56ac0980bfbb/detection

kliphuqibue.shop

# Reference: https://x.com/JAMESWT_MHT/status/1867599570332791071
# Reference: https://app.any.run/tasks/29235e6b-0358-4349-a468-d22c844efa36
# Reference: https://app.any.run/tasks/3b9f9be5-1f6f-4b8f-9b6b-bab73f981e50

tailyoveriw.my
lusibuck.oss-cn-hongkong.aliyuncs.com

# Reference: https://x.com/JAMESWT_MHT/status/1867600333826142689
# Reference: https://tria.ge/241213-s5xyyasrdy

awake-weaves.cyou
deafeninggeh.biz
debonairnukk.xyz
diffuculttan.xyz
effecterectz.xyz
immureprech.biz
sordid-snaked.cyou
wrathful-jammy.cyou

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-15)

http://65.38.120.31
aquawangy.store
bellflamre.click
classify-shed.biz
fdy0p.springpoitn.xyz
futipoy.shop
kac0t.springpoitn.xyz
motionless-temper.cyou
nailyakwj.help
namerbutty.online
profusetawdy.click
shineugler.biz
spellshagey.biz
springpoitn.xyz
tacitglibbr.biz
troubledinco.click
wwwsecure.icu

# Reference: https://x.com/banthisguy9349/status/1868369658157625834
# Reference: https://x.com/banthisguy9349/status/1868370682733846576
# Reference: https://x.com/JAMESWT_MHT/status/1874734284533363061

http://45.131.135.227
http://77.105.161.133
book-captcha.com
booking.fashion
booking-5721.com
holmenester.com
id-1684377421.com
misiterlom.com
partner-id-6856747.com
razer-partners.com
razer-pr.com
request-homeless.com
t-me.cloud
t-me.lol
t-me.xyz
telegram-autification.lol

# Reference: https://x.com/smica83/status/1868383554838949965
# Reference: https://www.virustotal.com/gui/file/a133fae8e316fd9d9df8cf5f8984457d2525459ad4e39eafe58e026147550fb2/detection
# Reference: https://www.virustotal.com/gui/file/d0e9ada0e6cfa93e889709ff7d21e96b5c093c93b9d8c76ebd73f3333fe6fc6e/detection

page-yoda.sbs
tacitglibbr.biz

# Reference: https://x.com/threatcat_ch/status/1869525282656600528

filenjjutre.online
chrome.downloading.com.de

# Reference: https://www.virustotal.com/gui/file/99c0231462ca655bb8234dbed536b07d15045fa279614f4a9f22bc71b9d77aa5/detection

predatowpmn.shop

# Reference: https://www.virustotal.com/gui/file/01f3a911149eb410b9b1f363dab0f9806f7c10118dc5533eeec450383563599a/detection

crusthdisow.store

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-10-29-v10730/2087

circledexj.cyou
ppi.circledexj.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-10-30-v10731/2092

relaxatiyon.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-04-v10734/2111

herroassebm.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-07-v10737/2120

elitedwari.cyou
ironadminz.cyou
passtyannyb.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-08-v10738/2122

boltycoupeln.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-11-v10739/2129

dayeyerhb.cyou
employerdbz.icu
zanymarkedjz.fun
3number.employerdbz.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-12-v10740/2133

automatic-meaty.sbs

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-15-v10743/2143

activitydmy.icu
crickout.com
kettletakkz.fun
promotechangez.cyou
wackysheibr.fun
washcolorediz.fun
1212tank.activitydmy.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-18-v10744/2147

bab120witty.sbs
bed-cobweb.cyou
brakeritonb.icu
sector-essay.cyou
sliperyedhby.icu

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-25-v10750/2164

farewellnzu.icu
oak-smash.cyou
push-hook.cyou
sturdy-operated.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-26-v10753/2171

s1gn1fyh0se.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-27-v10754/2175

slam-hot.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-11-28-v10760/2181

teentyinch.fun

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-02-v10781/2210

petited-hulking.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-03-v10787/2221

clamfluffys.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-05-v10791/2234

abrasigehs.my
exchanwrysu.my
lettuchsy.my
scarpsniffy.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-09-v10793/2248

corkpennywj.click
fightlsoser.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-10-v10795/2253

formlaner.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-12-v10800/2257

opinioratty.click
unwieldypower.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-16-v10808/2270

dirtytram.click
formbellys.click
formydamagero.click
gradefuture.click
securesways.click
wishbusher.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-17-v10809/2275

aspecteirs.lat
brownyctuwh.click
crosshuaht.lat
discokeyus.lat
energyaffai.lat
grannyejh.lat
necklacebudi.lat
passworoggre.click
rapeflowwj.lat
saaadnesss.shop
sustainskelet.lat
sweepyribs.lat

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-18-v10810/2278

pancakedipyps.click
receptivesfii.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-19-v10811/2280

lossekniyyt.click
simplerapplau.click

# Reference: https://x.com/CyberRaiju/status/1871014838480282050
# Reference: https://x.com/9823f_/status/1871153370741747904
# Reference: https://x.com/9823f_/status/1871153922825441500
# Reference: https://www.virustotal.com/gui/file/13848f74c576b1624b6b64dd556791a7b40b7fee6a0fa7ea6ce3f82c8cc98b2b/detection
# Reference: https://www.virustotal.com/gui/file/68e5e9e1c859b49d2c4d51bd619634da76452d2d05ae52528fe7acfe2842aea0/detection

http://95.217.29.83
ddeapeaceofmind.shop
fuarez.cyou
minimeh.shop
polovoiinspektor.shop
runetvpn.com
runetvpn.info
runetvpn.org
saaadnesss.shop
uuukaraokeboss.shop
dns-me.pages.dev
dnserror-cdw.pages.dev
microsoft-dns-reload.pages.dev
recaptcha-dns-b4.pages.dev
recaptha-verify-8u.pages.dev
restart-dns-service-u2.pages.dev

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-23-v10813/2287

analysiserjzy.click
bakedgooak.site
bashfulacid.lat
cuddlyready.xyz
curverpluch.lat
driblbemris.lat
inventionspo.click
kitteprincv.click
magicaltaster.click
manyrestro.lat
sendypaster.xyz
shapestickyr.lat
slipperyloo.lat
steppriflej.xyz
talkynicer.lat
tentabatte.lat
thesishsej.click
wordyfindy.lat

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-24)

http://212.87.222.185
46.202.155.128:443
asylumejkr.icu
clockersspic.click
crayonutteh.click
erectystickj.click
excluderhsh.click
fabricattewu.click
filezilla-newbuilt.b-cdn.net
gracefulcallou.click
icyidentifysu.click
ingreem-eilish.biz
klarnaportal.icu
klarnaportal.live
kliptizq.shop
lev-tolstoi.com
lewdtworre.click
longelizzaw.click
neqi.shop
obtainableruun.click
portal-klarna.com
portal-klarna.live
principledjs.click
volcanoyev.click
wrappyskmwio.store

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-24-v10816/2293

marrieddinn.click
volcanohushe.click

# Reference: https://www.virustotal.com/gui/file/0bc8237a22dee7558f390bae9cb39923ab6207ba8a6e450474e3390682db30b0/detection

cheapptaxysu.click
observerfry.lat

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-26-v10817/2296

beefshooti.click
bithithol.click
cheapptaxysu.click
fannleadyn.click
markydinnt.lat
thingssalver.click
throushgje.click
undesirabkel.click

# Reference: https://x.com/DaveLikesMalwre/status/1872392665716736393
# Reference: https://app.any.run/tasks/214907d3-4f33-40cc-8481-ea132dc80473

nextgencoding.cyou

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-27-v10818/2299

appliacnesot.buzz
brokenmatte.click
cashfuzysao.buzz
hummskitnj.buzz
inherineau.buzz
mindhandru.buzz
prisonyfork.buzz
rebuildeso.buzz
scentniej.buzz
screwamusresz.buzz
slimmybearz.click
tackybrushz.click

# Reference: https://x.com/RacWatchin8872/status/1873043962686259640
# Reference: https://x.com/RacWatchin8872/status/1872983832707977415
# Reference: https://www.virustotal.com/gui/file/2f1a930aa5ce429a2d891adf0934b969b239f1261b9f5822f3d6c1b3502248fd/detection

alleybikeru.click
parallellywko.shop
tightuteop.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-30-v10819/2306

abruptyopsn.shop
admitunhearl.click
applesactti.click
begguinnerz.biz
censeractersj.click
ch33sep3ts.cyou
cloudewahsj.shop
crackerdolk.click
cureprouderio.click
enterwahsh.biz
fancywaxxers.shop
fivenaii.click
framekgirus.shop
imbibelubmbe.click
jammywritej.click
justyffyr.click
laborersquei.click
lackadausaz.click
nearycrepso.shop
neatskiyos.click
noisycuttej.shop
peelyitemsn.click
rabidcowse.shop
spuriotis.click
stingyerasjhru.click
tentyshoeu.click
tirepublicerj.shop
wetlivelky.click
wholersorie.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-12-31)

aboriginalkyv.click
acceptbaleeri.shop
breezysmiterz.click
cegu.shop
chillysalvagk.click
commentbeseeh.click
cryofficesj.click
deduhko.klipzyroloo.shop
dfgh.online
fallyjustif.click
fantassyzwi.click
fronyzealosud.click
gripfizz.click
hollowrefuz.click
hungrypaster.click
itsrevolutionmagnus.xyz
klipnogijuu.shop
klipsyzogey.shop
klipvumisui.shop
klipzyroloo.shop
ladybughge.click
learningypr.click
locketplyxx.click
lonylexpedn.my
moanungsnake.click
noisercluch.click
notebookgi.click
panelmaideus.click
permissiblene.click
pickduccker.click
q.klipzyroloo.shop
rurallyrishz.click
senc1.melody-wave.shop
sickyicyerh.click
smartoffer-captcha-verification.b-cdn.net
sos-ch-gva-2-exo-io.b-cdn.net
spotlessaja.click
squencehb.cyou
stampyflook.click
tougheryer.click
treehoneyi.click
triptrip.melody-wave.shop
u48631907.ct.sendgrid.net
walkyvulgari.click
wellofflyric.click

# Reference: https://app.validin.com/detail?find=Booking.com%20-%20Partner%20Hub&type=raw#tab=host_pairs (# 2024-12-31)

http://147.45.199.26
http://185.149.146.85
http://83.217.208.140
24swiss-ch.com
5tropamdsfmosrg.site
aatndertrmss09784.world
admbokingcapha5754.com
ajksndfroghvnc5asdf.live
amkdlmfaswagbotasdf.live
attenderoom888963.world
attenderooms83819.world
attendesrmsrfd003924.world
attendesroomsrdf854429.world
attendesroomsrdf857429.world
attendesrvwie.world
attendesvstrms99442.world
beds24-control2.eu
bookidindinetfikat.world
booking-7812.com
booking-support.eu
booking.com-id39199.com
bookmanagesup.com
ch-2secure.com
ch-6secure.com
ch-verifizierung.info
ch-verifizierung.one
com-id39199.com
complstaygste.world
contact-click2348.com
contact-click92348.com
cyclecrazelu.com
datenasw.com
dogeiabs.com
dpmg.club
extgraknetbookidhotel.com
feedbackguest484510.world
feedbackguest485100.world
feedbackguest485121.world
feedbackguest4859121.world
feedbackguest48594821.world
feedbackguest84510.world
feedbackguest84560.world
feedbackguest84950.world
feedbackguest84960.world
feedrfdbackinnguest799014.world
greymove.com
guestrooms881924.world
guetrms993447.world
hotel-26952.eu
hotel-29641.eu
hotel-76325.com
hotel-91524.eu
id-58477931.com
id-97531157.com
instayissueguestvst015348.world
issueguest404239.world
karlikinos.cfd
ksdfks5tasdf.site
leboncoinoffer.fr
legalimmigration.network
lumotrixkia.lol
offer0836.com
offer0897.com
olxpaymetod.sbs
oropjdh.cfd
ostpovok-complete.com
ostpovok-reservation93817.com
ostpovok.com
pamer-pulse.com
parner-id-010101743.com
parner-id-050145156.com
parner-id-114884145156.com
parner-id-13455670145156.com
parner-id-140404505.com
parner-id-149510.com
parner-id-16141.com
parner-id-1684814451.com
parner-id-400414561.com
parner-id-438914581.com
parner-id1501202500.com
partner-id249514.com
phonefuture.lol
phonegenerfure.lol
propierty-hotelid424497.com
recaptcha-pass.com
reviwsgut2138.world
reviwsgut992138.world
rfdincidentview459002.world
rfdincidentview459432.world
ripmrdevil.space
rmsatendrfdverif.world
rmsattendes999814.world
roomsvisitor9931142266.world
roomsvisitor99314342254.world
roomsvisitor9933124224.world
roomsvisitor9934342254.world
roomsvisitor9934342266.world
roomsvisitors202503.world
roomsvisitors881453.world
roomsvisitors882491.world
roomsvisitors91923.world
roomsvisitors991202.world
roomvisitor838381.world
rprttstayguest.world
shibaiabs.com
sicherheitsportal.buzz
sicherheitsportal.click
sicherheitsportal.lat
sicherheitsportal.xyz
stayissueguest95538.world
stayissueguest955682.world
stayissueguest9949282.world
stayissueguestvst015338.world
stayissueguestvst015448.world
stayvisitor4520904.world
swtwint.com
tonviewerapi.com
twintchde.com
twintlo.com
viewmsrfd200945.world
visitorrooms74339.world
visitorrooms998843.world
x-coin.buzz
xcoins-live.com
b.ch-verifizierung.info
booking.parner-id-010101743.com
booking.parner-id-16141.com
iconnect.ripmrdevil.space

# Reference: https://app.validin.com/detail?find=B%D0%BE%D0%BEking.%D1%81%D0%BEm&type=raw#tab=host_pairs (# 2025-01-22)

idhotelreviewi.world
weidbookid.world

# Reference: https://x.com/DaveLikesMalwre/status/1874191057027776804

http://147.45.44.157

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-31-v10820/2307

aliveindu.click
chokedetailke.click
mooncobudy.click

# Reference: https://x.com/solostalking/status/1873971194854314226
# Reference: https://www.virustotal.com/gui/file/436dd0245602a0a9d8b346aa1060784fed3a43aca303a2e7986a0d1121114493/detection

http://142.93.255.45
http://147.45.198.95
http://147.45.44.76
http://185.149.146.150
http://185.149.146.249
http://185.156.41.151
http://209.126.9.234

# Reference: https://x.com/BlinkzSec/status/1875203627528437887

hotel-85319.eu
iurushiskgr.hotel-85319.eu

# Reference: https://x.com/solostalking/status/1875070640589513167
# Reference: https://app.validin.com/detail?type=raw&find=%D0%92%D0%B5%D1%80%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%86%D0%B8%D1%8F+reCAPTCHA#tab=host_pairs (# 2025-01-03)

http://192.252.149.51
http://195.42.142.213
http://37.140.192.110
142-93-255-45.ipv4.staticdns3.io
igorkalinin.com
littlebearcreekweather.com
lumossoul.com
nooma-magia.com
nooma.ru
steem-market.com

# Reference: https://x.com/g0njxa/status/1875288663632069040
# Reference: https://app.any.run/tasks/17c0db38-983c-4214-869b-51444e9dbfdd

kliphylj.shop
simplerwebs.online

# Reference: https://www.virustotal.com/gui/file/c684ace608327e42914332a8290c6f9d633ea0669d5eff2d9050cf62ba542b9b/detection

woolcowwyduo.click

# Reference: https://app.validin.com/detail?type=raw&find=Booking.com+-+Partner+Hub#tab=host_pairs (# 2025-01-04)

alise-pro.xyz
iconnect.quicknetshop.space

# Reference: https://x.com/suyog41/status/1876155401408065891
# Reference: https://www.virustotal.com/gui/file/6f8045294efb0943a3df2df069065f47a78b041bcad3e9e9f1c1beff36061540/detection

http://95.216.183.108
95.216.183.108:443
toptek.sbs

# Reference: https://x.com/ShanHolo/status/1876289095133213005
# Reference: https://www.virustotal.com/gui/file/97708db9928c3a170acb2dbaf4c47c4cabc83d810c6f7d239fd467b8b8a157ff/detection
# Reference: https://www.virustotal.com/gui/file/47f60f31820d9738c430b49303748283f5f04811d1edefdcbec7d09c54c0beaf/detection

impossiblekdo.click

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-01-07)

abberanteusz.click
aloofysofar.click
altadefinizioneapp.com
antssneakr.click
appliacnwatter.click
arisealert.click
berserkyfir.click
bluedlsahwi.click
bootstringjl.click
carveforutune.click
cellardesiresso.sbs
chidesunnyso.click
circle-o.io
connectionlongi.click
conserordersz.click
currenycon.cyou
cutefingeuker.click
cyprecoofamerica.com
deletteproposez.click
digitalarmor.cyou
diseasecooky.click
displayclubby.sbs
doubtermoderuz.click
dreamlonggev.click
dyewounderzn.click
exchangecumb.click
fishbitteruz.click
generatorauc.pro
givepickyl.click
giverlevekj.click
glowscarrytsv.sbs
goatstuff.store
grooveoiy.cyou
grubbytellek.click
hangindgheu.click
healbewilk.cyou
heneyelijhr.click
imbibernes.click
implanthide.click
impoliterenei.click
insurancebyh.cyou
islandbreadyu.click
klipdalygeo.shop
lastlossunbag.click
locketsashayz.click
lushgammyjs.click
managerecetio.click
modernantsrer.click
movementby.cyou
movespendys.sbs
obtainablecloud.click
omitocenaj.buzz
outlookyn.cyou
passhudmrue.click
paymommenro.click
pleadragger.click
quitaffternav.sbs
rainywearyrs.cyou
reflectsurmise.cfd
regularlavhis.click
renewballoi.click
revordirecut.cyou
schooltreeus.click
scirroscus.click
scrawnyinte.click
sectionobligationpow.site
shockingrefle.click
siffinisherz.sbs
sloppymisskr.click
song-ritzy.sbs
spottercurvei.click
stomachabonda.click
storyspaddr.click
survivesuz.click
swiftstringjuo.click
swingybeattyz.sbs
symptomaticdryu.click
territoryleaduo.click
throwupset.click
titleviewvv.click
tongueforcie.click
topofsuper.shop
traygullibalkerj.click
ugliesttabke.click
veilyveinj.cyou
windowthing.click
wisdom-echoes.shop
wonderfulbelif.click
wrongyfallyk.click
yokesandusj.sbs

# Reference: https://x.com/threatcat_ch/status/1876517578195284017

downloading.icu
chrome.downloading.icu

# Reference: https://x.com/salmanvsf/status/1876519991618793668

keepfileviie.icu
odiwyetwer.online

# Reference: https://x.com/lontze7/status/1877664116577349877

versyasist.cfd
versyasist.click
versyasist.guru
versyasist.live
versyasist.online
versyasist.pics
versyasist.sbs
versyasist.shop
versyasist.site
versyasist.space
versyasist.website

# Reference: https://www.virustotal.com/gui/file/0fbaf8915a95a5ba2379243a2eac4c512a67dcee7a38409ebd7a50d254045adb/detection

skidjazzyric.click
sputnik-1985.com

# Reference: https://x.com/marsomx_/status/1878056218427597299
# Reference: https://tria.ge/250111-n6a4caymfy

apporholis.shop
charminammoc.cyou
chipdonkeruz.shop
crowdwarek.shop
femalsabler.shop
handscreamny.shop
robinsharez.shop
soundtappysk.shop
versersleep.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-01-12)

5.253.59.210:7777
advicebedsu.click
annoyingth.click
bashusolici.sbs
beliefbidu.cyou
brasspausez.click
breathauthorit.cyou
butchane.fun
chessimpendero.click
chiefdramatico.click
closedcarvuo.click
convergelivek.cyou
desiredirefus.cyou
detailshaeje.cfd
enthuasticsa.cyou
exultanturue.cyou
farformafor.fun
fastysticke.sbs
feerdaiks.biz
fishubuckerz.cyou
flockanxiius.sbs
fraggielek.biz
freefacerz.sbs
goldyhanders.cyou
grandfathezz.cyou
grandiouseziu.biz
greatvacuutos.cyou
hardtofinner.cfd
homelessdejs.cyou
hoppricerwir.cyou
imbibegoos.cyou
induceboori.cyou
inventcopper.cyou
jubbenjusk.biz
lethalrleju.cyou
liftgoodus.cfd
littlenotii.biz
loosearendos.shop
lumbersayr.cyou
marketlumpe.biz
migratteabid.click
nippypreciosu.cyou
nuttyshopr.biz
openlievenj.sbs
pantswallov.fun
printcess.fun
punishzement.biz
quinceisoz.cam
rampnatleadk.click
reallycaster.cyou
relatiounces.cyou
rhetoricakue.cyou
robinwindyu.click
sailstrangej.cyou
secretarydiff.click
shearairybom.click
shitwavvez.cyou
slingbirdsy.click
spookycappy.biz
thepremiumstuffs.shop
thumpecnskeak.biz
toemagnifuy.biz
truculengisau.biz
unbecoming.shop
unputplycke.cfd
whisperusz.biz
worldtopnews.fun

# Reference: https://x.com/K_N1kolenko/status/1878749886742765631

bloodyswif.lat
finickypwk.lat
kickykiduz.lat
leggelatez.lat
miniatureyu.lat
plodnittpw.lat
savorraiykj.lat
shoefeatthe.lat
washyceehsu.lat

# Reference: https://x.com/JAMESWT_MHT/status/1879071408992792824
# Reference: https://www.virustotal.com/gui/ip-address/92.255.57.120/relations
# Reference: https://app.any.run/tasks/0ee3a58d-f2b2-4d12-a97f-1afb6d0fefec

http://92.255.57.112
bookviewreserve.com
view-reserve.com
admin.bookviewreserve.com

# Reference: https://x.com/StrikeReadyLabs/status/1879232423483015275
# Reference: https://www.virustotal.com/gui/file/92651b71fe52dd4ec8d3d4dfbba974d4e75f7fc68717d8e845a988600bc1723a/detection
# Reference: https://www.virustotal.com/gui/file/db791160ec45c955a79be8361055c256e5fc6c3850fa1fa2298205f2ff0cf1f0/detection

jitterychalk.click

# Reference: https://x.com/StrikeReadyLabs/status/1879502991864348821
# Reference: https://x.com/mal_analysis136/status/1879581622770819163

http://147.45.44.245
http://147.45.44.62
http://147.45.44.98
01webook.info
01xbookid.world
0x1531.info
1xbookeidient.info
appartmets-902283.world
book-vera.org
bookedidvierief.world
bookidvierifer.world
confirmbookid.info
deutschereisehorizontee.com
doordash.gifts
fixecondfirbook.info
fixiedbookid.world
id0xbookidhotel.world
idbookexetraknet.world
idbookingvieriefed.world
properate-id445982.com
securbookinid.com
securebookingid8987.com
x1ondfirmbok.com

# Reference: https://x.com/K_N1kolenko/status/1879766859882656008

aleksandr-block.com
fixxyplanterv.click

# Reference: https://x.com/ShanHolo/status/1879808265607164367
# Reference: https://www.virustotal.com/gui/file/3d1a4b9e37868f54e7e7eb98aae0203e2c50b2977170e0006cd3cbcb071c6b94/detection

fixazo.online
foiloverturnarrival.shop
idealizetreez.shop
e1.foiloverturnarrival.shop
f1.foiloverturnarrival.shop
/new-riii-1-b.pub

# Reference: https://x.com/ffforward/status/1879889672392040846
# Reference: https://www.virustotal.com/gui/file/8125ef032eadfc547bcdd2e311a1d4e2cb33e0383c3ac2d8eb40c43bc6d11634/detection

crookedfoshe.bond
growthselec.bond
immolatechallen.bond
latyoutw.cyou
strivehelpeu.bond

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-01-16)

abandonbubbke.shop
abdibingjwhs.click
abruptupricez.click
actleavejr.shop
adjoininstiff.click
beattalkerz.cyou
boilyroose.shop
breakfasutwy.cyou
bringybooky.click
burnressert.shop
burnwastefulke.shop
bustlingwakef.click
buynostopliik.shop
cabbagebettys.shop
casterliveshow.org
chairsrainys.click
changeablemagent.cyou
chasedamagee.click
chieflateruz.cyou
clockermuzisc.click
complexforkz.click
corruptedusz.cyou
cravebzestysu.shop
crownybusher.click
cultureddirtys.click
curtainykeo.lat
dainfiffxy.shop
dealzforu.pro
degreehourz.click
deprivedsna.cyou
didacticwllo.shop
drainytwiggy.shop
dye-small-yam.cyou
edcatiofireeu.shop
factlosserk.click
fairiespar.cyou
fascinatterz.cyou
ferrydero.com
fixerwingh.click
formoreup.xyz
foundchohi.click
furisiticoffers.info
getflashygai.shop
giftermelde.cfd
goofyffute.click
googlsearchings.art
googlsearchings.cfd
googlsearchings.click
googlsearchings.guru
googlsearchings.online
googlsearchings.quest
googlsearchings.sbs
googlsearchings.shop
googlsearchings.site
googlsearchings.wiki
googlsearchings.xyz
grapplereturnunstamped.shop
holidayeyeus.cyou
hurtyfallyer.click
invinciblepol.click
jarry-deatile.bond
jarry-fixxer.bond
joinmilkeu.shop
jumplilltk.cfd
kitealivejz.shop
kiterexchangez.click
knotgloosi.shop
letterdrive.shop
lusii.oss-ap-southeast-1.aliyuncs.com
magnifudizy.cyou
medicaljummtj.shop
minebradjr.shop
miscreanntyj.cyou
misha-lomonosov.com
monkeycutte.cyou
motivatefaul.cyou
mutterunurse.click
necessaryattm.shop
noiselessreis.click
nonchalanwook.cyou
nonstopshawk.cyou
offerszone.click
overtyfruitz.shop
owerinternal.sbs
pain-temper.bond
parkywatter.cfd
peacebrothez.click
priceygoveiuz.cyou
produceresov.click
pullynailksu.click
quantitypitt.click
rainstofixx.click
receivefishe.click
remakeveile.sbs
reviewofficed.click
rhythmsellk.cyou
rifledford.cyou
ripehungryde.click
royaltyfree.cfd
royaltyfree.click
royaltyfree.fun
royaltyfree.online
royaltyfree.pics
royaltyfree.quest
royaltyfree.site
scaredsensa.sbs
seatobeyue.cyou
shadeplucjek.sbs
sharethewebs.art
sharethewebs.cfd
sharethewebs.click
sharethewebs.online
shootmixxej.shop
showpanicke.shop
skatestringje.click
skinfuzzerz.cyou
sniffdropy.click
solve.bogx.org
solve.gevaq.com
solve.jrqr.org
solve.porw.org
solve.vwglq.com
solve.xfzz.org
solveajbject.cyou
startydashek.click
stomachyumem.cyou
stripedre-lot.bond
supplyedtwoz.click
t2.awagama2.org
tackyguarrd.cyou
this-is-the.b-cdn.net
throwlette.cyou
tinpanckakgou.shop
toppywook.shop
topspent.xyz
tranquiltoughz.shop
trk.zoningweb.com
truckerconner.click
twistforcepo.cfd
u1.grapplereturnunstamped.shop
uppitydearz.cyou
uqitslooep.shop
urtainykeo.lat
utterrelat.shop
veilyspen.shop
venomouszekp.cyou
washytortt.click
welcomeabjesu.cyou
workableefferz.click
you-checked.com
you-have-to-i.b-cdn.net

# Reference: https://app.validin.com/detail?find=B%D0%BE%D0%BEking.%D1%81%D0%BEm&type=raw#tab=host_pairs (# 2025-01-16)

http://147.45.44.115
http://147.45.44.137
http://147.45.44.47
1xwebookingid.world

# Reference: https://x.com/K_N1kolenko/status/1880180829927936369

nikolay-romanov.su
sobrattyeu.bond

# Reference: https://x.com/skocherhan/status/1880415991685115939

adminbokingcapha64578.com
admin-booking-service.com
propeiertyhotelid.top

# Reference: https://x.com/skocherhan/status/1880686544899735833
# Reference: https://www.virustotal.com/gui/ip-address/185.25.118.42/relations

telegram-help.tech

# Reference: https://x.com/skocherhan/status/1880702398345400433

exploredairyaptitude.shop
b1.exploredairyaptitude.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-01-19)

aggresiwevommen.cyou
angerinfecute.cyou
aquaticteachu.cyou
badgerkis.cam
bellgoodysu.cyou
bikedtwittg.shop
burnsubstract.shop
check.qlkwr.com
clammyrobiny.cyou
coattoystreet.shop
comptetscant.shop
confidespill.top
cratevexxer.icu
crowsudysto.shop
deduhko2.kliphuwatey.shop
deedcompetlk.cyou
dein-waschbaer.de
edealselite.shop
elasticchees.help
fcan.kliphigafue.shop
foreigoiru.cyou
givecuubys.click
glibvisitiru.click
healthreiuvw.click
imitiatcarvvh.shop
imperialmaru.shop
infamouszeia.shop
jammy-crusher.bond
joinresperct.shop
kidimprinyj.shop
klipcatepiu0.shop
kliphigafue.shop
kliphuwatey.shop
klipxevojie.shop
longingfluffyr.cyou
lyingcollage.cyou
lyricalamuuso.shop
mallummalqura.com
masa.r2cloudzugybyi8.shop
mittensootsjz.cyou
permussiduebuz.shop
post-to-me.com
purringsawwyuz.cyou
r2cloudzugybyi8.shop
regetgoos.cyou
resonantpasot.icu
seekwiggleuz.shop
sensatiogener.sbs
sizefixeds.icu
skistarteriz.bond
smootycomper.click
ssx.is
steelysacckz.shop
steepfright.shop
stewkickyuope.shop
stewwybravez.click
tawdrydadysz.icu
testylaughge.top
twigbestug.shop
unwrittenuzy.shop
uprootquincju.shop
vladimir-ulyanov.com
voyageprivato.bond
weardawwerz.shop
welltodobaoz.shop
whitebeauti.shop
winnyhelplejsu.shop
wordemnyauop.shop
writerendangez.click
yndo-pepper.bond
yokeseddat.shop

# Reference: https://x.com/salmanvsf/status/1881229580931104812

amazon-ny-gifts.com
bekind.ae

# Reference: https://x.com/dez_/status/1881082356901245398

45.93.20.174:6379

# Reference: https://x.com/crep1x/status/1881404766464676087
# Reference: https://gist.githubusercontent.com/qbourgue/071c333ff5182f031da3ba55cc7da1ec/raw/ec4ba396c0d1052cc8b0a69c1bad1e0e5aef2ab6/malicious_domains_impersonating_reddit_wetransfer_selfau3_dropper_lumma_stealer_20012025.txt
# Reference: https://tria.ge/250120-vzdzzszqgk/behavioral1

weighcobbweo.top
byzg.org
ckfb.org
cklh.org
dbft.org
dghj.org
dyxk.net
fdwn.org
fejw.org
ffzh.org
fkbl.org
fkfy.org
fvhz.org
fyvu.org
fyxy.net
gmvr.org
gsxx.org
haqx.org
husf.org
jrjk.org
jylh.org
jyse.org
kjvy.org
knnr.org
loom.pw
lowk.org
lufd.org
lxtf.org
lymh.net
lzdx.org
mirth.pw
mnxq.org
neqd.org
ntmj.org
nuxq.net
nzlp.org
pemy.org
prxd.org
qaru.org
qequ.org
qezn.org
qgqy.org
qibx.org
qigy.org
qkvp.org
qlkr.org
qujh.org
rdbj.org
rmcz.org
rrxk.org
rujy.org
sjtx.org
sxrz.org
teqg.net
tqfa.org
tynd.org
vaqi.org
vdjm.org
vfwk.org
vhzm.org
vwgl.org
vyki.org
vykm.net
wojq.net
wuwn.net
wyru.org
xelj.net
xeqe.org
xesr.net
xirn.org
xlcs.org
xoqu.org
xotu.org
xtnw.org
zekf.org
zghf.org
zidy.org
zjvm.org
zocv.net
zomk.org
zplg.org
zusv.org
zwgr.org
reddit-0.byzg.org
reddit-0.jylh.org
reddit-0.knnr.org
reddit-0.lufd.org
reddit-0.lzdx.org
reddit-0.ntmj.org
reddit-0.prxd.org
reddit-0.qkvp.org
reddit-0.qlkr.org
reddit-0.rdbj.org
reddit-0.vdjm.org
reddit-0.vwgl.org
reddit-0.wuwn.net
reddit-0.xeqe.org
reddit-0.xesr.net
reddit-0.xotu.org
reddit-0.zidy.org
reddit-0.zocv.net
reddit-0.zomk.org
reddit-0.zusv.org
reddit-00.ntmj.org
reddit-00.zekf.org
reddit-00.zomk.org
reddit-00.zusv.org
reddit-01.byzg.org
reddit-01.lzdx.org
reddit-01.qigy.org
reddit-01.zomk.org
reddit-02.lufd.org
reddit-02.neqd.org
reddit-03.cklh.org
reddit-03.jylh.org
reddit-04.jrjk.org
reddit-04.jylh.org
reddit-04.knnr.org
reddit-04.loom.pw
reddit-04.lzdx.org
reddit-04.ntmj.org
reddit-04.nzlp.org
reddit-04.vdjm.org
reddit-04.xeqe.org
reddit-05.fyvu.org
reddit-07.jrjk.org
reddit-07.zocv.net
reddit-08.qlkr.org
reddit-08.rdbj.org
reddit-08.vykm.net
reddit-09.jylh.org
reddit-09.kjvy.org
reddit-09.mnxq.org
reddit-1.byzg.org
reddit-1.cklh.org
reddit-1.ffzh.org
reddit-1.gmvr.org
reddit-1.knnr.org
reddit-1.lymh.net
reddit-1.lzdx.org
reddit-1.ntmj.org
reddit-1.prxd.org
reddit-1.sjtx.org
reddit-1.vdjm.org
reddit-1.xeqe.org
reddit-1.xesr.net
reddit-1.xotu.org
reddit-1.zekf.org
reddit-1.zomk.org
reddit-10.knnr.org
reddit-10.lzdx.org
reddit-10.ntmj.org
reddit-10.zocv.net
reddit-11.ffzh.org
reddit-11.jylh.org
reddit-11.knnr.org
reddit-11.lzdx.org
reddit-12.jylh.org
reddit-12.knnr.org
reddit-12.lufd.org
reddit-12.nzlp.org
reddit-12.zidy.org
reddit-13.knnr.org
reddit-13.ntmj.org
reddit-13.wuwn.net
reddit-13.xeqe.org
reddit-13.zekf.org
reddit-14.lymh.net
reddit-14.zomk.org
reddit-15.byzg.org
reddit-15.gmvr.org
reddit-15.kjvy.org
reddit-16.xeqe.org
reddit-17.qigy.org
reddit-17.wuwn.net
reddit-17.zocv.net
reddit-18.ntmj.org
reddit-18.qkvp.org
reddit-18.sjtx.org
reddit-19.gmvr.org
reddit-19.knnr.org
reddit-19.zomk.org
reddit-2.byzg.org
reddit-2.ffzh.org
reddit-2.jrjk.org
reddit-2.kjvy.org
reddit-2.knnr.org
reddit-2.loom.pw
reddit-2.lufd.org
reddit-2.lymh.net
reddit-2.lzdx.org
reddit-2.mnxq.org
reddit-2.qkvp.org
reddit-2.qlkr.org
reddit-2.vdjm.org
reddit-2.wuwn.net
reddit-2.xeqe.org
reddit-2.xesr.net
reddit-2.zomk.org
reddit-20.xeqe.org
reddit-21.knnr.org
reddit-21.lymh.net
reddit-21.vdjm.org
reddit-21.zomk.org
reddit-22.jylh.org
reddit-22.kjvy.org
reddit-22.qgqy.org
reddit-22.vdjm.org
reddit-22.vhzm.org
reddit-23.knnr.org
reddit-23.lufd.org
reddit-23.xeqe.org
reddit-23.zusv.org
reddit-24.ntmj.org
reddit-24.sjtx.org
reddit-24.xeqe.org
reddit-24.xesr.net
reddit-25.fyvu.org
reddit-25.jylh.org
reddit-25.lzdx.org
reddit-25.ntmj.org
reddit-25.nzlp.org
reddit-25.rdbj.org
reddit-26.jylh.org
reddit-26.zidy.org
reddit-26.zocv.net
reddit-27.lzdx.org
reddit-28.jylh.org
reddit-28.lzdx.org
reddit-28.qkvp.org
reddit-29.byzg.org
reddit-29.ntmj.org
reddit-29.qlkr.org
reddit-29.xesr.net
reddit-29.zidy.org
reddit-29.zomk.org
reddit-3.ffzh.org
reddit-3.fkbl.org
reddit-3.gmvr.org
reddit-3.jrjk.org
reddit-3.jylh.org
reddit-3.kjvy.org
reddit-3.knnr.org
reddit-3.lufd.org
reddit-3.lymh.net
reddit-3.lzdx.org
reddit-3.ntmj.org
reddit-3.qigy.org
reddit-3.qkvp.org
reddit-3.qlkr.org
reddit-3.vdjm.org
reddit-3.vykm.net
reddit-3.wuwn.net
reddit-3.xeqe.org
reddit-3.xesr.net
reddit-3.xotu.org
reddit-3.zocv.net
reddit-3.zusv.org
reddit-30.cklh.org
reddit-30.ntmj.org
reddit-30.zekf.org
reddit-30.zocv.net
reddit-31.byzg.org
reddit-31.kjvy.org
reddit-31.xeqe.org
reddit-31.xotu.org
reddit-31.zomk.org
reddit-32.cklh.org
reddit-32.neqd.org
reddit-32.ntmj.org
reddit-32.wuwn.net
reddit-32.zomk.org
reddit-33.lzdx.org
reddit-33.ntmj.org
reddit-33.xeqe.org
reddit-34.byzg.org
reddit-34.kjvy.org
reddit-34.rdbj.org
reddit-35.knnr.org
reddit-35.ntmj.org
reddit-35.nzlp.org
reddit-35.zomk.org
reddit-36.jrjk.org
reddit-36.qkvp.org
reddit-36.sjtx.org
reddit-36.vdjm.org
reddit-36.xesr.net
reddit-37.lymh.net
reddit-38.qkvp.org
reddit-38.zekf.org
reddit-39.rdbj.org
reddit-39.vdjm.org
reddit-39.xeqe.org
reddit-39.xesr.net
reddit-4.ffzh.org
reddit-4.fkbl.org
reddit-4.jrjk.org
reddit-4.jylh.org
reddit-4.knnr.org
reddit-4.lufd.org
reddit-4.lymh.net
reddit-4.lzdx.org
reddit-4.ntmj.org
reddit-4.nzlp.org
reddit-4.prxd.org
reddit-4.qkvp.org
reddit-4.qlkr.org
reddit-4.rdbj.org
reddit-4.wuwn.net
reddit-4.xeqe.org
reddit-4.xesr.net
reddit-4.zekf.org
reddit-4.zidy.org
reddit-4.zocv.net
reddit-4.zomk.org
reddit-40.byzg.org
reddit-40.vhzm.org
reddit-40.xesr.net
reddit-41.byzg.org
reddit-41.zomk.org
reddit-42.lufd.org
reddit-42.lymh.net
reddit-42.xesr.net
reddit-43.lzdx.org
reddit-44.ffzh.org
reddit-44.lymh.net
reddit-44.vwgl.org
reddit-45.lzdx.org
reddit-45.nzlp.org
reddit-45.zocv.net
reddit-46.ntmj.org
reddit-46.rdbj.org
reddit-47.byzg.org
reddit-47.ntmj.org
reddit-47.zomk.org
reddit-48.knnr.org
reddit-48.lzdx.org
reddit-48.ntmj.org
reddit-48.qigy.org
reddit-48.wuwn.net
reddit-48.xeqe.org
reddit-48.xesr.net
reddit-49.ffzh.org
reddit-49.knnr.org
reddit-49.mnxq.org
reddit-49.qkvp.org
reddit-5.byzg.org
reddit-5.cklh.org
reddit-5.ffzh.org
reddit-5.fkbl.org
reddit-5.jrjk.org
reddit-5.jylh.org
reddit-5.kjvy.org
reddit-5.knnr.org
reddit-5.loom.pw
reddit-5.lufd.org
reddit-5.lzdx.org
reddit-5.mnxq.org
reddit-5.ntmj.org
reddit-5.qkvp.org
reddit-5.qlkr.org
reddit-5.rdbj.org
reddit-5.vyki.org
reddit-5.wuwn.net
reddit-5.xeqe.org
reddit-5.xotu.org
reddit-5.zidy.org
reddit-5.zocv.net
reddit-5.zomk.org
reddit-50.cklh.org
reddit-50.knnr.org
reddit-50.lufd.org
reddit-51.byzg.org
reddit-51.knnr.org
reddit-52.jylh.org
reddit-52.lzdx.org
reddit-52.nzlp.org
reddit-53.gmvr.org
reddit-53.jrjk.org
reddit-53.lufd.org
reddit-53.mnxq.org
reddit-53.neqd.org
reddit-53.nzlp.org
reddit-54.jylh.org
reddit-54.mnxq.org
reddit-54.qkvp.org
reddit-55.byzg.org
reddit-55.knnr.org
reddit-55.loom.pw
reddit-55.lufd.org
reddit-55.zekf.org
reddit-56.mnxq.org
reddit-56.qkvp.org
reddit-56.zocv.net
reddit-57.cklh.org
reddit-57.jylh.org
reddit-57.ntmj.org
reddit-57.qkvp.org
reddit-57.wuwn.net
reddit-57.xeqe.org
reddit-58.lzdx.org
reddit-58.qigy.org
reddit-58.qkvp.org
reddit-59.lzdx.org
reddit-59.mnxq.org
reddit-59.qkvp.org
reddit-59.xeqe.org
reddit-6.byzg.org
reddit-6.ffzh.org
reddit-6.fyvu.org
reddit-6.gmvr.org
reddit-6.jrjk.org
reddit-6.jylh.org
reddit-6.kjvy.org
reddit-6.knnr.org
reddit-6.lufd.org
reddit-6.lzdx.org
reddit-6.mnxq.org
reddit-6.ntmj.org
reddit-6.nzlp.org
reddit-6.qgqy.org
reddit-6.vykm.net
reddit-6.wuwn.net
reddit-6.xeqe.org
reddit-6.zidy.org
reddit-6.zomk.org
reddit-60.jylh.org
reddit-61.jylh.org
reddit-61.knnr.org
reddit-61.lzdx.org
reddit-61.mnxq.org
reddit-61.qkvp.org
reddit-61.zocv.net
reddit-62.ffzh.org
reddit-62.fkbl.org
reddit-62.knnr.org
reddit-62.lzdx.org
reddit-62.neqd.org
reddit-62.nzlp.org
reddit-63.ntmj.org
reddit-63.prxd.org
reddit-64.neqd.org
reddit-65.knnr.org
reddit-66.fkbl.org
reddit-66.fyvu.org
reddit-66.jrjk.org
reddit-66.jylh.org
reddit-66.rdbj.org
reddit-67.byzg.org
reddit-67.knnr.org
reddit-67.lzdx.org
reddit-67.rdbj.org
reddit-68.cklh.org
reddit-68.ffzh.org
reddit-68.rdbj.org
reddit-68.wuwn.net
reddit-69.knnr.org
reddit-69.loom.pw
reddit-69.rdbj.org
reddit-69.zidy.org
reddit-7.ffzh.org
reddit-7.knnr.org
reddit-7.loom.pw
reddit-7.lufd.org
reddit-7.lzdx.org
reddit-7.mnxq.org
reddit-7.neqd.org
reddit-7.ntmj.org
reddit-7.qkvp.org
reddit-7.sjtx.org
reddit-7.vdjm.org
reddit-7.wuwn.net
reddit-7.xeqe.org
reddit-7.xesr.net
reddit-7.zekf.org
reddit-7.zidy.org
reddit-7.zocv.net
reddit-7.zusv.org
reddit-71.jylh.org
reddit-71.qkvp.org
reddit-71.xeqe.org
reddit-72.byzg.org
reddit-72.lzdx.org
reddit-72.mnxq.org
reddit-72.rdbj.org
reddit-72.zusv.org
reddit-73.ffzh.org
reddit-73.ntmj.org
reddit-73.zomk.org
reddit-74.byzg.org
reddit-74.fkbl.org
reddit-74.lzdx.org
reddit-74.mnxq.org
reddit-76.ntmj.org
reddit-76.qigy.org
reddit-76.rdbj.org
reddit-76.zekf.org
reddit-77.lymh.net
reddit-78.knnr.org
reddit-78.qkvp.org
reddit-78.zocv.net
reddit-79.jrjk.org
reddit-79.kjvy.org
reddit-79.lzdx.org
reddit-79.rdbj.org
reddit-8.byzg.org
reddit-8.fkbl.org
reddit-8.fyvu.org
reddit-8.jrjk.org
reddit-8.jylh.org
reddit-8.knnr.org
reddit-8.loom.pw
reddit-8.lufd.org
reddit-8.lymh.net
reddit-8.lzdx.org
reddit-8.mnxq.org
reddit-8.ntmj.org
reddit-8.nzlp.org
reddit-8.qkvp.org
reddit-8.rdbj.org
reddit-8.vdjm.org
reddit-8.xeqe.org
reddit-8.xotu.org
reddit-8.zekf.org
reddit-8.zomk.org
reddit-8.zusv.org
reddit-81.fkbl.org
reddit-81.vdjm.org
reddit-81.vwgl.org
reddit-81.xeqe.org
reddit-81.xotu.org
reddit-81.zusv.org
reddit-82.gmvr.org
reddit-82.lufd.org
reddit-82.lymh.net
reddit-82.lzdx.org
reddit-83.jrjk.org
reddit-83.knnr.org
reddit-83.loom.pw
reddit-83.lzdx.org
reddit-83.qkvp.org
reddit-83.xesr.net
reddit-83.zomk.org
reddit-84.fyvu.org
reddit-84.rdbj.org
reddit-85.lymh.net
reddit-85.ntmj.org
reddit-85.zekf.org
reddit-86.mnxq.org
reddit-87.knnr.org
reddit-87.ntmj.org
reddit-88.lzdx.org
reddit-88.ntmj.org
reddit-88.vdjm.org
reddit-88.wuwn.net
reddit-88.xeqe.org
reddit-88.zocv.net
reddit-89.pemy.org
reddit-9.ffzh.org
reddit-9.fkbl.org
reddit-9.gmvr.org
reddit-9.jylh.org
reddit-9.knnr.org
reddit-9.lufd.org
reddit-9.lymh.net
reddit-9.lzdx.org
reddit-9.mnxq.org
reddit-9.ntmj.org
reddit-9.nzlp.org
reddit-9.prxd.org
reddit-9.rdbj.org
reddit-9.vdjm.org
reddit-9.xeqe.org
reddit-9.xesr.net
reddit-9.xotu.org
reddit-9.zekf.org
reddit-9.zocv.net
reddit-9.zomk.org
reddit-90.knnr.org
reddit-90.lzdx.org
reddit-90.mnxq.org
reddit-90.prxd.org
reddit-90.xesr.net
reddit-90.zidy.org
reddit-90.zocv.net
reddit-90.zomk.org
reddit-91.knnr.org
reddit-91.lufd.org
reddit-91.lymh.net
reddit-91.nzlp.org
reddit-91.qkvp.org
reddit-91.wuwn.net
reddit-92.lufd.org
reddit-92.nzlp.org
reddit-93.knnr.org
reddit-94.lzdx.org
reddit-94.ntmj.org
reddit-94.wuwn.net
reddit-94.xotu.org
reddit-95.wuwn.net
reddit-96.lufd.org
reddit-96.vdjm.org
reddit-97.lymh.net
reddit-97.lzdx.org
reddit-97.ntmj.org
reddit-98.ffzh.org
reddit-98.mnxq.org
reddit-98.zidy.org
reddit-99.knnr.org
reddit-99.lzdx.org
reddit-99.rdbj.org
reddit-99.vykm.net
wettransfer00.fvhz.org
wettransfer00.nuxq.net
wettransfer00.qujh.org
wettransfer00.vfwk.org
wettransfer02.lxtf.org
wettransfer02.vfwk.org
wettransfer02.xoqu.org
wettransfer03.dyxk.net
wettransfer03.haqx.org
wettransfer03.zplg.org
wettransfer04.husf.org
wettransfer04.jyse.org
wettransfer04.nuxq.net
wettransfer04.xirn.org
wettransfer04.xoqu.org
wettransfer05.fyxy.net
wettransfer05.lxtf.org
wettransfer05.sxrz.org
wettransfer05.tqfa.org
wettransfer05.vfwk.org
wettransfer05.zjvm.org
wettransfer06.gsxx.org
wettransfer06.tynd.org
wettransfer06.vfwk.org
wettransfer07.sxrz.org
wettransfer08.fkfy.org
wettransfer08.gsxx.org
wettransfer08.jyse.org
wettransfer08.lxtf.org
wettransfer08.qujh.org
wettransfer08.wojq.net
wettransfer08.zplg.org
wettransfer09.lxtf.org
wettransfer09.zghf.org
wettransfer10.mirth.pw
wettransfer11.dyxk.net
wettransfer11.gsxx.org
wettransfer11.husf.org
wettransfer11.tynd.org
wettransfer11.vaqi.org
wettransfer12.haqx.org
wettransfer12.vaqi.org
wettransfer12.vfwk.org
wettransfer13.gsxx.org
wettransfer13.tqfa.org
wettransfer13.zghf.org
wettransfer14.fdwn.org
wettransfer14.lxtf.org
wettransfer14.qujh.org
wettransfer14.rmcz.org
wettransfer14.xirn.org
wettransfer14.xoqu.org
wettransfer15.gsxx.org
wettransfer15.qibx.org
wettransfer16.dyxk.net
wettransfer16.husf.org
wettransfer16.jyse.org
wettransfer16.qujh.org
wettransfer16.vfwk.org
wettransfer17.husf.org
wettransfer17.lxtf.org
wettransfer17.qequ.org
wettransfer17.vfwk.org
wettransfer17.xirn.org
wettransfer18.husf.org
wettransfer18.jyse.org
wettransfer19.gsxx.org
wettransfer19.qaru.org
wettransfer19.tynd.org
wettransfer19.vfwk.org
wettransfer19.zjvm.org
wettransfer20.dbft.org
wettransfer20.dghj.org
wettransfer20.lowk.org
wettransfer20.mirth.pw
wettransfer20.rujy.org
wettransfer20.zwgr.org
wettransfer21.ckfb.org
wettransfer21.dbft.org
wettransfer21.lowk.org
wettransfer21.lxtf.org
wettransfer21.nuxq.net
wettransfer21.vfwk.org
wettransfer22.nuxq.net
wettransfer22.tynd.org
wettransfer22.vfwk.org
wettransfer22.zjvm.org
wettransfer23.fvhz.org
wettransfer23.gsxx.org
wettransfer23.rujy.org
wettransfer23.vfwk.org
wettransfer24.lxtf.org
wettransfer24.qujh.org
wettransfer24.rrxk.org
wettransfer24.teqg.net
wettransfer24.vfwk.org
wettransfer25.dbft.org
wettransfer25.gsxx.org
wettransfer25.husf.org
wettransfer25.tynd.org
wettransfer26.gsxx.org
wettransfer26.rujy.org
wettransfer26.vfwk.org
wettransfer26.wojq.net
wettransfer26.wyru.org
wettransfer27.gsxx.org
wettransfer27.husf.org
wettransfer27.nuxq.net
wettransfer27.rrxk.org
wettransfer27.teqg.net
wettransfer27.xoqu.org
wettransfer27.xtnw.org
wettransfer28.husf.org
wettransfer28.sxrz.org
wettransfer28.teqg.net
wettransfer29.gsxx.org
wettransfer29.jyse.org
wettransfer29.lxtf.org
wettransfer29.rrxk.org
wettransfer29.tqfa.org
wettransfer29.xlcs.org
wettransfer30.dbft.org
wettransfer30.gsxx.org
wettransfer30.qujh.org
wettransfer30.rrxk.org
wettransfer30.xirn.org
wettransfer31.husf.org
wettransfer31.lxtf.org
wettransfer31.mirth.pw
wettransfer31.nuxq.net
wettransfer31.teqg.net
wettransfer32.haqx.org
wettransfer32.lxtf.org
wettransfer32.rrxk.org
wettransfer32.vfwk.org
wettransfer33.qujh.org
wettransfer33.tynd.org
wettransfer33.wojq.net
wettransfer35.ckfb.org
wettransfer35.fkfy.org
wettransfer35.husf.org
wettransfer35.lxtf.org
wettransfer35.qezn.org
wettransfer35.teqg.net
wettransfer35.vfwk.org
wettransfer36.wojq.net
wettransfer36.xelj.net
wettransfer36.xirn.org
wettransfer36.zjvm.org
wettransfer37.dbft.org
wettransfer37.rrxk.org
wettransfer37.vfwk.org
wettransfer38.gsxx.org
wettransfer38.sxrz.org
wettransfer38.vfwk.org
wettransfer38.xoqu.org
wettransfer39.dyxk.net
wettransfer39.qibx.org
wettransfer39.rrxk.org
wettransfer40.gsxx.org
wettransfer40.lxtf.org
wettransfer40.sxrz.org
wettransfer41.jyse.org
wettransfer41.lowk.org
wettransfer41.lxtf.org
wettransfer41.zplg.org
wettransfer42.ckfb.org
wettransfer42.dyxk.net
wettransfer42.fdwn.org
wettransfer42.gsxx.org
wettransfer42.husf.org
wettransfer42.qujh.org
wettransfer42.rrxk.org
wettransfer43.gsxx.org
wettransfer43.qezn.org
wettransfer43.rujy.org
wettransfer43.tynd.org
wettransfer43.vfwk.org
wettransfer44.dbft.org
wettransfer44.rmcz.org
wettransfer45.dyxk.net
wettransfer45.gsxx.org
wettransfer45.husf.org
wettransfer45.jyse.org
wettransfer45.lxtf.org
wettransfer45.qaru.org
wettransfer45.zjvm.org
wettransfer46.gsxx.org
wettransfer46.husf.org
wettransfer46.tynd.org
wettransfer46.zjvm.org
wettransfer47.jyse.org
wettransfer47.qujh.org
wettransfer47.rrxk.org
wettransfer47.xirn.org
wettransfer48.dyxk.net
wettransfer48.husf.org
wettransfer48.lxtf.org
wettransfer48.teqg.net
wettransfer48.tynd.org
wettransfer48.vfwk.org
wettransfer48.zghf.org
wettransfer48.zjvm.org
wettransfer49.qujh.org
wettransfer49.teqg.net
wettransfer49.vfwk.org
wettransfer49.xirn.org
wettransfer49.zjvm.org
wettransfer50.dbft.org
wettransfer50.lxtf.org
wettransfer50.vfwk.org
wettransfer50.wojq.net
wettransfer50.xirn.org
wettransfer51.dyxk.net
wettransfer51.fdwn.org
wettransfer51.fvhz.org
wettransfer51.vfwk.org
wettransfer51.zghf.org
wettransfer52.rrxk.org
wettransfer52.tynd.org
wettransfer53.ckfb.org
wettransfer53.fvhz.org
wettransfer53.qibx.org
wettransfer53.tynd.org
wettransfer53.vaqi.org
wettransfer53.xirn.org
wettransfer54.fkfy.org
wettransfer54.husf.org
wettransfer54.tynd.org
wettransfer54.vaqi.org
wettransfer55.fvhz.org
wettransfer55.haqx.org
wettransfer55.qezn.org
wettransfer55.teqg.net
wettransfer55.tynd.org
wettransfer55.vaqi.org
wettransfer55.zghf.org
wettransfer55.zwgr.org
wettransfer56.gsxx.org
wettransfer56.lxtf.org
wettransfer57.gsxx.org
wettransfer57.lxtf.org
wettransfer57.qaru.org
wettransfer57.qujh.org
wettransfer58.ckfb.org
wettransfer58.dbft.org
wettransfer58.jyse.org
wettransfer58.vaqi.org
wettransfer59.husf.org
wettransfer59.lxtf.org
wettransfer59.vfwk.org
wettransfer59.wojq.net
wettransfer59.xirn.org
wettransfer59.zghf.org
wettransfer59.zjvm.org
wettransfer60.dbft.org
wettransfer60.husf.org
wettransfer60.teqg.net
wettransfer60.vfwk.org
wettransfer60.zjvm.org
wettransfer61.fdwn.org
wettransfer61.lowk.org
wettransfer61.lxtf.org
wettransfer61.vfwk.org
wettransfer62.fdwn.org
wettransfer62.lowk.org
wettransfer62.lxtf.org
wettransfer63.fvhz.org
wettransfer63.gsxx.org
wettransfer63.xirn.org
wettransfer64.husf.org
wettransfer64.nuxq.net
wettransfer64.qujh.org
wettransfer64.teqg.net
wettransfer64.wojq.net
wettransfer64.zghf.org
wettransfer65.lxtf.org
wettransfer65.xirn.org
wettransfer67.tqfa.org
wettransfer68.teqg.net
wettransfer68.xtnw.org
wettransfer69.nuxq.net
wettransfer69.rrxk.org
wettransfer70.dyxk.net
wettransfer70.gsxx.org
wettransfer70.qezn.org
wettransfer70.qujh.org
wettransfer70.rujy.org
wettransfer71.lxtf.org
wettransfer71.qibx.org
wettransfer71.rujy.org
wettransfer71.tqfa.org
wettransfer71.xtnw.org
wettransfer72.fejw.org
wettransfer72.jyse.org
wettransfer72.qujh.org
wettransfer72.vfwk.org
wettransfer72.zghf.org
wettransfer74.dbft.org
wettransfer74.dghj.org
wettransfer74.fdwn.org
wettransfer74.fkfy.org
wettransfer74.lowk.org
wettransfer74.rrxk.org
wettransfer75.dyxk.net
wettransfer75.fkfy.org
wettransfer75.gsxx.org
wettransfer75.jyse.org
wettransfer75.lowk.org
wettransfer75.lxtf.org
wettransfer75.rujy.org
wettransfer76.dbft.org
wettransfer76.vfwk.org
wettransfer77.gsxx.org
wettransfer77.husf.org
wettransfer77.lowk.org
wettransfer77.nuxq.net
wettransfer77.qaru.org
wettransfer77.qequ.org
wettransfer77.vfwk.org
wettransfer78.fkfy.org
wettransfer78.fvhz.org
wettransfer78.haqx.org
wettransfer78.rujy.org
wettransfer78.tqfa.org
wettransfer78.vaqi.org
wettransfer78.xtnw.org
wettransfer79.tynd.org
wettransfer79.zjvm.org
wettransfer80.tynd.org
wettransfer80.vfwk.org
wettransfer80.xirn.org
wettransfer81.fkfy.org
wettransfer81.haqx.org
wettransfer81.qibx.org
wettransfer81.qujh.org
wettransfer81.tynd.org
wettransfer81.vfwk.org
wettransfer81.zghf.org
wettransfer82.gsxx.org
wettransfer82.zghf.org
wettransfer83.xirn.org
wettransfer84.dghj.org
wettransfer84.dyxk.net
wettransfer84.fkfy.org
wettransfer84.gsxx.org
wettransfer84.vfwk.org
wettransfer84.wojq.net
wettransfer84.zplg.org
wettransfer85.gsxx.org
wettransfer86.dyxk.net
wettransfer86.fkfy.org
wettransfer86.gsxx.org
wettransfer86.nuxq.net
wettransfer86.xoqu.org
wettransfer87.jyse.org
wettransfer87.lowk.org
wettransfer87.nuxq.net
wettransfer87.rmcz.org
wettransfer87.zjvm.org
wettransfer88.sxrz.org
wettransfer88.tynd.org
wettransfer88.xoqu.org
wettransfer89.fyxy.net
wettransfer89.gsxx.org
wettransfer89.lowk.org
wettransfer89.lxtf.org
wettransfer89.rujy.org
wettransfer89.teqg.net
wettransfer89.vfwk.org
wettransfer90.ckfb.org
wettransfer90.dbft.org
wettransfer90.nuxq.net
wettransfer90.qujh.org
wettransfer90.rujy.org
wettransfer90.sxrz.org
wettransfer90.teqg.net
wettransfer90.vfwk.org
wettransfer91.fvhz.org
wettransfer91.gsxx.org
wettransfer92.dyxk.net
wettransfer92.fdwn.org
wettransfer93.qibx.org
wettransfer93.rujy.org
wettransfer93.zghf.org
wettransfer94.lxtf.org
wettransfer94.teqg.net
wettransfer95.rrxk.org
wettransfer95.wyru.org
wettransfer96.lowk.org
wettransfer96.nuxq.net
wettransfer96.sxrz.org
wettransfer97.dbft.org
wettransfer97.fvhz.org
wettransfer97.jyse.org
wettransfer97.lowk.org
wettransfer97.qaru.org
wettransfer97.qujh.org
wettransfer97.rmcz.org
wettransfer97.teqg.net
wettransfer97.xirn.org
wettransfer97.zghf.org
wettransfer98.gsxx.org
wettransfer98.haqx.org
wettransfer99.rujy.org
wettransfer99.tynd.org
wettransfer99.vfwk.org

# Reference: https://github.com/hagezi/dns-blocklists/issues/4954

too-gle.com

# Reference: https://x.com/James_inthe_box/status/1882526324834939379
# Reference: https://app.any.run/tasks/365f8969-106d-4fa0-8587-7d2593731a67

avoidspaderik.shop
blank-be0n8.in
reliedevopoi.bond
rondtimes.top
tianyinsoft.top
yuriy-gagarin.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-01-24)

abnomrmakio.cyou
affordtempyo.biz
amazingmassivei.shop
apparatusblez.top
appdevelopment.click
artandcrafts.click
artisanalcrafts.click
asping.klipnozenui.shop
automotiveenthusiasts.click
babbebange.cyou
basinstingger.cyou
basketballfan.click
beevasyeip.bond
bestinthemarket.com
bit.kliplubuziy.shop
bodypositivity.click
broadecatez.bond
carfeuspitt.bond
ceaselessarogg.shop
celebrationshub.shop
cn.klipkunefia.shop
coalliste.shop
coffeeenthusiasts.click
communityevents.click
contractsmell.cyou
conveyspecia.top
countefireman.cyou
craftbeerenthusiasts.click
craveinjuur.shop
creativemindtop.top
creativewriting.click
cryptocurrencytrends.click
crystaltreasures.shop
cubesmatch.com
culturesaroundtheworld.click
cyclingadventures.click
danceselfyprem.shop
desertedivi.cyou
diamondrushed.com
digitalmarketing101.click
disgusterproduc.shop
dokedok.shop
earthfarile.cyou
ecofriendlyliving.click
edidos.shop
elfinyamen.bond
emptytoyreor.cyou
encirelk.cyou
endangeburen.shop
espiano.shop
excitingratty.click
familyrecipes.click
fashiontrendsfe.click
financialfreez.click
fitnessgzxear.click
fitnessmotivation.click
fitnezfjourney.click
foodloverrecipes.click
gamesxzeviews.click
gamingcommunity.click
gardeningtipsandtricks.click
ghazaano.shop
granystearr.bond
gustavu.shop
handsbigywz.click
healthyres.click
healthysngtips.click
hikingtrails.click
historicaladventures.click
historyuncovered.click
homeimxent.click
hookmowerz.cyou
horselover.click
hoursuhouy.biz
iconcart.shop
idioticgoodev.top
impolitewearr.biz
jazmina.shop
joopshoop.shop
jupuary.claims
kitestarepatt.click
kizmond.shop
klipkunefia.shop
kliplubuziy.shop
klipnozenui.shop
languageslearning.click
latechilderni.cyou
learballe.shop
lifeinthecity.click
lightdeerysua.biz
localfoodguide.click
localmusic.click
lowlytesste.top
luxeorbit.shop
mannelaeksug.top
markedgroud.shop
measlyrefusz.biz
milta.shop
mixedrecipew.biz
moonehobno.bond
motivationalquotes.click
moviebuffclub.click
musicxoveries.click
natsovers.click
norpor.shop
notifyfrogger.top
numbercloudez.shop
offsetyofcre.bond
oliveroh.shop
onlixurses.click
outdooractivities.click
outdoorphotography.click
oweshaggyerbe.cyou
paleboreei.biz
parentingadvice.click
personalblogadventures.click
petsandanimals.click
photographyforbeginners.click
pixelete.shop
plantcare.click
pleasedcfrown.biz
plothelperfu.top
pluckgatterio.shop
puzzlesandgames.click
quarrelepek.bond
rainy-lamep.bond
recaptcha-go.b-cdn.net
recessiowirs.click
reflecpolit.shop
reflectepatt.click
resso-security.com
retrosome.shop
rewardtide.shop
rezomof.shop
rockemineu.bond
rollaritheju.shop
scienceexperiments.click
sciencefacts.click
scrayshutt.shop
shaileshvisionaryastrologer.com
sheayingero.shop
skincareessentials.click
smallbusinessadvice.click
smarxesting.click
socialmediahacks.click
solve.pvsu.org
solve.xtxy.org
speedmastere.com
startupsandinnovation.click
strattchboster.cyou
suggestyuoz.biz
swallowsowwe.cyou
technewsvews.click
techsxzts.click
thefashioniststop.top
toppyneedus.biz
tradersneez.click
tranuqlekper.bond
travelblogadventures.click
travextography.click
tuttlecombe.click
uncoverreduop.cyou
unicorntop.top
uniquegifts.click
urbxloration.click
versedkinfe.sbs
videoediting.click
virtuallearning.click
wellnessandhealth.click
wildlifeconservation.click
winteractivities.click
woebengeoszis.click
writeimgaiin.cyou
yokecarvekio.cyou

# Reference: https://www.virustotal.com/gui/file/b33648806f28bae6d57103a2081df7d8e8dd03db586c03057f9c60e9ac3b2bc0/detection

beachviopeo.top

# Reference: https://x.com/JAMESWT_MHT/status/1883892951115612425

infochanelpan.com

# Reference: https://x.com/JAMESWT_MHT/status/1883920804284621077
# Reference: https://www.joesandbox.com/analysis/1600596#iocs

agroundyogasuspect.shop
naturelovetop.top
gg.agroundyogasuspect.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-24-v10845/2388

adventurestoptop.top
cuproomymis.top

# Reference: https://x.com/motuariki_/status/1884083786935328938

babberstalek.org
carrystuppeder.net
classyhelped.net
climepunneddus.com
crackdetudo.com
flockefaccek.org
guardeduppe.com
rebuildhurrte.com
smiteattacekr.org

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-01-27-v10846/2393

armysmootevop.top
athleisurestyletop.top
babberstalek.org
carrystuppeder.net
classyhelped.net
climepunneddus.com
creativeoutlookstop.top
flockefaccek.org
foodloverstop.top
guardeduppe.com
innerkomen.com
leerborisup.shop
oppressbreatv.cyou
palehandycook.top
politercuteop.top
rebuildhurrte.com
squezzepreca.top
theadventureclubstop.top
thefashionist.top

# Reference: https://www.virustotal.com/gui/file/e9fff25f8dddc1b755b38157edfe2773c73f5313b9f2897fe7551535213cdd4b/detection
# Reference: https://www.virustotal.com/gui/file/9326824415598f5e9339b08157ed14ba55de4af969e4181456a81f986c86d23a/detection

ecofriendlyhometop.top

# Reference: https://www.virustotal.com/gui/file/5827829bcba2d503cb6c2abbab4d61c1c52c679d02f34ffe54b554e4ea122306/detection

lovelythoughtstop.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-02-02)

absetnoodi.top
accidenfaithyh.cyou
adventuretravelguides.biz
amuchseconder.cyou
answerzeypher.biz
antynewwr.biz
appliancefetc.cyou
aromaticridz.biz
artandcraftsideas.biz
badgeclolourfu.cyou
bakkyyfshirte.shop
barbousgirek.cyou
batteorderz.cyou
believezioep.com
bluermaij.biz
boatseguider.cyou
budgettraveltips.biz
cabbagepattof.net
carcookect.shop
clammypunero.com
classifyagnru.biz
cleavemover.biz
cloudywalkj.click
communityvolunteering.biz
composedmny.cyou
consisbelkju.cyou
containfuftte.cyou
creativewritingprompts.biz
dayclammethir.biz
deliciousrecspes.top
digitalmarketingmasters.biz
digitalnomadlifestyle.biz
dirittoonline.com
diyhomeprojects.biz
dreambjig.top
drinkeracte.biz
drunkedroomen.top
eaveladventures.biz
ecofriendlyproducts.biz
ecommercestrategies.biz
edgedoplastuyc.click
elbowrutterp.cyou
elderlyhusheri.cyou
encourgifter.cyou
enlighetgran.cyou
evengloveuop.cyou
extendequeai.biz
familyfriendlyactivities.biz
fashiontrends2023.biz
fitnesschallenges.biz
fitnessjourney.biz
flavowinoder.cyou
fleshcnateru.cyou
forcenodder.biz
freeezemediccal.biz
friencontorle.biz
funzoningzryu.b-cdn.net
garderjjerop.com
globalcuisinerecipes.biz
goodstylestop.top
gourmetfoodies.biz
greatrabbid.biz
greentechinnovations.biz
hatesomeber.biz
healsuperbusyz.cyou
healthandwellnesshub.biz
healthyrecipesonline.biz
homebakingdelights.biz
homeimprovementideas.biz
homellygage.biz
homeofficeessentials.biz
humorousecou.cyou
hushedgainsya.cyou
iknomona.b-cdn.net
innovatidesigns.biz
innovationhubf.top
inspecatlk.shop
inspirationseekertop.top
jokenvaluuq.cyou
joyfuljournexys.top
klipgylagyi.shop
knowninshea.shop
kubekuqyeud.biz
lastywaxer.click
learnemoaning.cyou
lieneedles.biz
localartisans.biz
localbusinessspotlight.biz
loudcarefuler.cyou
maintainhaat.biz
mannyrahse.biz
mindfulnessmeditaftion.biz
miniattured.biz
minlliving.biz
mistreanranger.biz
muscleinitai.biz
onlinelearningplatform.biz
operregula.biz
orderdiflucan.online
organutyproducts.biz
overttriter.biz
overwrougher.cyou
pageicybrea.cyou
parentingtipsandtricks.biz
pastemiceso.cyou
peacesallyek.biz
personaldevelopmentjourney.biz
personalfinanceadvice.biz
petloverscommunity.biz
phobicharmno.shop
photographolio.biz
plasticreie.com
positiodenyt.cyou
prettylatterz.cyou
progibitusdos.click
progresgohso.cyou
promoforge360.com
pwedereihge.shop
railwaiberred.biz
recordeperishi.biz
remoteworkresources.biz
resolutecherc.cyou
resolveptoreec.cyou
rollinsccred.biz
savorypoundde.cyou
shakeiarrep.biz
shunstriderk.net
skirtgrippys.com
slimdresser.biz
smarthomegadgets.biz
smartiesting.biz
snottypagep.cyou
snowywren.cyou
sorecamper.cyou
spotterrunewxa.cyou
spottyalle.biz
springobtainn.biz
startupsuccessstories.biz
stematockeoff.shop
superutterzop.cyou
suppleregareds.shop
sustainablelivingtips.biz
techgasreview.biz
techreviewcentral.biz
techsavvyparents.biz
tennisincl.com
thangolekke.biz
thebeautylovelytop.top
thehealthylifesstop.top
titlewoundyb.cyou
townysavoz.cyou
traveladdicts.top
travventures.biz
tremista.com
uncledkoe.shop
uniquetopstop.top
urbangardening.biz
versesoffe.biz
vintagecollectibles.biz
virtualeventplanning.biz
vividimaginatigon.top
warlikedbeliev.org
warmconfuse.biz
weartemptr.biz
wellnesscoaching.biz
wellnessretreats.biz
wellnessretreatstop.top
welloffsassyz.cyou
whosealesow.cyou
workedeatch.biz
worshipstrar.biz
wrensnoewr.cyou
xenoporren.biz
zoomsedat.biz

# Reference: https://x.com/solostalking/status/1886309574149652517
# Reference: https://x.com/salmanvsf/status/1886326529745166463
# Reference: https://www.virustotal.com/gui/ip-address/103.71.23.162/relations

http://103.71.23.162
7p0g93pcg0zs.com
91j.lol
92p1ka158tr2.com
api1-telegram.org
api3-telegram.cyou
api7.cfd
authsafegaurd.support
bfiebwkehdudj.com
buildonbeam.support
bv.pe
codeguardians.cyou
d17.lol
darknight.cyou
donald981.com
expertdevelopers.cyou
fi-ton.org
guard-security.net
hkadviser.com
isy62.com
lasso-security.com
meow182.com
nodes.buildonbeam.support
oct.mom
pepegich.live
raven-security.com
rosecloud-security.com
rugcheck.online
safeguard-authenticate.com
safeguard-page.pages.dev
safeguard-tg.com
safeguard-verify.com
safeguardaccept.com
safeguardinterest.online
safenguxx.xyz
sg-auth.life
skystorm.cyou
staytechnation.com
t45deh2um63t.com
techvisionaries.cyou
telegram-verif.com
telegrams.mom
telegramweb.world
tg-safeguard.com
tohrut.com
websites-security.com
yv67i33v15o7.com

# Reference: https://app.validin.com/detail?type=raw&find=Telegram%3A+Contact+%40safeguard#tab=host_pairs (# 2025-02-03)

7aha7o1azo0xz6fh.life
7p0g93pcg0zs.com
92p1ka158tr2.com
buildonbeam.support
front-end228.xyz
gsfeb2oz1ub4.com
gtpn6s454us8.com
neofinancebrasil.com
safeguard-authenticate.com
safeguard-tg.com
safeguard-verify.com
safeguardaccept.com
safeguardrobot.net
safegurad.app
safenguxx.xyz
soloxy.icu
tele-verify.com
telegram-verif.com
telegramweb.world
tohrut.com
yv67i33v15o7.com

# Reference: https://x.com/ShanHolo/status/1886317847275606085

http://103.243.44.33
http://91.219.239.210

# Reference: https://x.com/salmanvsf/status/1886332646068043863
# Reference: https://www.virustotal.com/gui/file/7abfb1283250c346c86bc94aac469626c4aa6b5e58561afd47a034e661bc3136/detection

stiryyilerk.help

# Reference: https://x.com/salmanvsf/status/1886350101884362890

jsf12.com

# Reference: https://x.com/JAMESWT_MHT/status/1887215629402251290

http://176.113.115.225
antbotsv3.com
anti-robot-check.com
antiquebotv3.com
antlb0tv2.com
bookingmanage.com
botverifity.com
capthca.world
infobookingcenter.com
recapchav3.com
recepchtav3.com
recetpcha.com
verification-user.live
7janmain.blogspot.com
admin.capthca.world

# Reference: https://x.com/salmanvsf/status/1887444768093053126

abaft-taboo.bond
conquemappe.bond
cowertbabei.bond
learnyprocce.bond
noxiuos-utopi.bond

# Reference: https://x.com/malware_traffic/status/1887305751636414713
# Reference: https://github.com/malware-traffic/indicators/blob/main/2025-02-05-ClearFake-or-ClickFix-fake-CAPTCHA-for-possible-Vidar.txt

eteherealpath.top
galvanizegestationludicrous.shop
smogturfprance.shop
bit.smogturfprance.shop
bit1.smogturfprance.shop
bitlunch.smogturfprance.shop
u1.galvanizegestationludicrous.shop

# Reference: https://x.com/JAMESWT_MHT/status/1887579646994358407
# Reference: https://www.virustotal.com/gui/file/b85e22327b17da698f72e105d359f5873a8f2f4db38c6d76ec261df841288e74/detection
# Reference: https://www.virustotal.com/gui/file/5f4f3b0d4378171bb18896b50ec84331e5a9b68346d3489c326116cfd9855390/detection
# Reference: https://www.virustotal.com/gui/file/047b7b2565b2b5c1f03be10cd818efc0c63ff1b370f3678a8bb8f7e5d39668da/detection

hyzaars.com
ohart.top
zsilvermoonbeam.hair

# Reference: https://app.validin.com/detail?find=Free%20Download%20WPS%20Office%20for%20PC%2F%20Windows%2F%20Mac%20%7C%20Download%20Latest%20Version&type=raw&ref_id=1a75736dbd6#tab=host_pairs (# 2025-02-07)

cialis26.us
fitbudds.com
imitrex24.com
lioresal4us.shop
malverncurtainmaker.shop
slotwang.com

# Reference: https://www.virustotal.com/gui/file/0d3418185447f00430fbedd7195803b5da9f4bd55169e7d366af8cc7eb5e8de8/detection

blackangel.dev

# Reference: https://www.virustotal.com/gui/file/82fb5bd6b92bbc0b4164117cf133525a0a315fe8e0c28afac10e1e7dadbf34cc/detection

klipjarifaa.shop
mshyhennyk.cyou

# Reference: https://x.com/salmanvsf/status/1888136212369870978

alphabit.vc
infernoenjoyer.cfd
hopeefreamed.com
oppyneedus.biz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-02-09)

absentfool.click
abundantstay.click
activheharmony.cyou
adventureseekerstop.top
advrenturousspirit.click
ahealthychoices.cyou
ainnovativejourneys.click
alhocobser.digital
ambigtiousgoals.cyou
ambitioipirit.click
answeronner.click
applicatinyh.cyou
applyeasyhz.click
aradiantjourney.cyou
ardtfuldesign.cyou
aromatcagge.digital
artisticisnspiration.top
artisticlexpressions.cyou
artistmicventures.click
asphaltgforest.today
astinosyz.click
atranquilwilderness.hair
avangerresi.click
azurgewhisper.hair
babieys271.click
ballekshoerz.digital
baoilkye.click
basmboozled.top
beautifulglandscapes.help
bookinshworld.cyou
bookwormstop.top
bordflattuo.top
boredbeliev.click
brcilliantideas.cyou
breedertremnd.com
brightsmorning.help
bwrightfuture.cyou
c1.unearnedexpressoutlying.shop
cablecrossedi.shop
canva5-belief.cyou
capturefann.cyou
carefulldetai.click
chairsyummt.click
cheeerfulharbor.rest
chillyvibesonlyv.cyou
cirkduallek.click
clearxforms.help
cloudhypathway.boats
clusterbry.cyou
coeoltechhub.cyou
compettevaoucs.digital
cosmicarlray.pics
cosmwvicfield.top
cozycojrner.cyou
cozyhomevpibes.cyou
crceativeconversations.click
crerativeoutlook.cyou
crowngofthesun.today
crushushutte.click
cucriousmt.click
culinarkydelight.cyou
culinarydelighytts.top
culturakljourney.click
cultuyralconnections.click
curiousbereeze.top
currencarjh.click
currentyelcktv.cyou
daughecharij.click
decorateballz.click
deepzthoughts.help
delightfupljourneys.click
digitalwoanderlust.cyou
digittaldreams.cyou
disgustingxtta.shop
drdeambigtoday.cyou
dustyretchern.click
dwriftycloud.pics
echoinggforest.top
ecofrieindlypath.cyou
ecofriendl.top
egralvalues.click
enchanutedmeadow.hair
endymakesh.click
enlargeywuz.click
entrepreneurstop.top
ethereailvoyage.rest
ethnicchos.click
evanescentb.click
evderydaywonder.click
ewndlesspossibilities.cyou
exploratipvepath.click
exxploretheworld.cyou
facepaprpe.click
fairyctale.help
fallyjellyui.click
fangyevasive.shop
farmagrupodw.com
fesvtiveeuphoria.click
findingqworld.help
firnbeastte.top
fitnessaddictstop.top
fitnessgurustop.top
flovurishingideas.click
floweringtstrip.help
flowerscofjoy.today
fly.storage.tigris.dev
forcedryu.click
forwardxinspiration.today
fosteriingjoy.click
fragment.com
frershstart.cyou
freshideastop.top
freshlsmell.today
friendseforever.help
fsamilyfirstlife.click
garulouscuto.com
gleamingvisir.click
gleefuhlcloud.top
glitterywearz.click
glofbalexplorer.cyou
glofbalperspectives.click
gloverrdiny.click
goldbenquasar.boats
greedymonajs.click
greenearoth.cyou
greenzworld.help
hapvpinesshub.cyou
harmonnyrabik.click
hiddenorcphard.hair
hissbringer.click
holisticlapproach.click
hookylucnh.click
hopersmarter.click
humdrumviosl.click
ignoredshee.com
imaginjativepath.click
immenseclosed.top
implodehosu.click
importenptoc.com
inespiringvisions.cyou
innogvativegrowth.click
innovyativespace.cyou
inputrreparnt.com
insfaditions.click
insibghtfuldreams.click
insrpiringcommunity.click
insultfragie.click
islandtosecod.shop
jitteryresuqi.click
joyftulsoul.click
joyfuhldiscovery.click
joyfuljouroney.cyou
jsoyfulcreativity.cyou
jurrekndkdo.click
keropbend.click
kicky-tap.sbs
learningviewz.click
leavefleeffe.top
leeryspcieu.click
libraryuehd.click
lifehtextures.help
lightffntasy.help
lightjheaii.help
losrtparadise.rest
lovgfenters.click
lovingkilndness.cyou
lowlywounde.top
luminouskmoon.today
luxutriousliving.cyou
magicalddreams.help
majesticholed.click
majestimowwer.shop
makeneorlsla.click
mindbfulmoments.cyou
minfdfulmovement.cyou
mixermixedo.click
modernakdventure.cyou
mooprescured.click
moornlitcaravan.top
motionswimmy.click
murmurloude.click
myfsticwave.top
natureinspirged.top
naturewsounds.help
nemoc.kliplygah.shop
nomadsgpirit.top
noticesulk.click
nsurturinggrowth.click
nutrioutimpe.top
odysskhey.today
oldjtale.today
oppositercw.top
optimistoicoutlook.click
overwrougemny.shop
passiounatepursuits.click
pattyruralk.click
paym3278hs.click
pennyspinng.shop
pixelpottato.top
plafyfulsunbeam.boats
playerjur.cyou
playfumlgecko.rest
playfuulspirits.cyou
prkedukken.click
purpohsefulliving.click
pwlayfulwhale.top
pxeacefulperspectives.click
qcleveridea.cyou
qfuirkystar.top
qinspiringecho.rest
qsorceryrealm.top
qsoulfulconnections.click
qsunnydaysahead.cyou
radiantqwuest.top
raditantflower.rest
rebeldettern.com
relymowyiny.shop
resolverdrawz.click
richgtextures.click
rssianhlandscape.today
runnedarred.com
saddyhotter.click
seereneescapes.click
shatt3rhelpfu.cyou
shelterryhsbj.cyou
shiningrstars.help
shivputrajanawad.github.io
simpleuliving.cyou
smartsjolutions.cyou
smilesqplays.help
snowzcrystals.today
sockethingej.click
soggydetai.click
soulfujltraveler.hair
soulvlight.cloud
spirtitedcanvas.top
spontaggere.click
spontnaneouscreativity.click
starlimtjourney.top
styvlishbrowsing.cyou
subduedkinlkly.shop
succeedsofr.click
summerhrain.help
sunnyyserenade.rest
superficialtk.top
tecghhive.top
techsamvvycommunity.cyou
tenderyroots.help
tendyteny.click
testyhurriedo.click
thingspouter.top
thritvingnature.click
thronethurd.click
timeglessbeauty.cyou
torpdidebar.com
tramplyfinej.click
tranqnuilserenity.pics
tranquilcove.rest
travelaidventure.cyou
treegoodyjs.click
twinnylogy.click
txransformativejourney.click
unearnedexpressoutlying.shop
uniqueexpperience.cyou
updfile.cc
uplifhtingstories.cyou
uprootundse.click
uxrbanescape.cyou
vanderagmusic.help
vastactionu.shop
vibranktdream.top
vibrantkmindset.click
vibrbantculturen.click
video-leech.xyz
vsibrantlife.cyou
vwibrantwonders.rest
vwisionarythinkers.click
wandesrlust.top
wanyajarysu.click
warmeembrace.help
warmwhearts.cloud
washysmenn.click
wecllnessinsight.cyou
whimsiucalwishes.rest
zentxropia.top
zgroundedlih.click
zloveandlight.click
znatureconnect.cyou
zthrivingcommunity.cyou

# Reference: https://x.com/skocherhan/status/1888396337365889050

captcha.name
surabayabersholawat.com

# Reference: https://x.com/skocherhan/status/1888762808948367410
# Reference: https://www.virustotal.com/gui/file/53670cf7eaaafe1220cff0247282f792cc05d8fc6917914f0f0035550493bdf2/detection

kvndbb3.com
soyelsolylaluna.online

# Reference: https://x.com/GetWinEvent_/status/1888928631272923176

http://147.45.44.209
http://5.252.155.64
http://5.252.155.89
http://5.252.155.96
5.252.155.64:443
5.252.155.89:443
5.252.155.96:443
acabear.com
amlscout.com
aurbazaar.com
botanicallandscapes.shop
buffll63.org
crixos.com
dailyweathercity.com
feedneedyfoundation.org
flinkcart.com
free3dmaxmodel.com
gaskks88amp.pro
goregasm23.com
gostepdas.world
gt3rs.life
jplivechat.com
kakakslot88ampcuan.org
kakakslot88winamp.com
mapelmoulds.com
playlandng.com
sedeca.app
shibaqq.shop
telegeees.online
testazy.info
xlopix.icu
xuytebeaneddos.online

# Reference: https://x.com/RacWatchin8872/status/1888917257582993536

6ae565684e1f.goregasm23.com
afrizalzona.my.id
app.buyli.in
blog.perbanas.ac.id
bot-ping.pl
buyli.in
game.acabear.com
i.d.afrizalzona.my.id
implantesdentalesjmartinezr.com.ar
internal.queticollc.com
lovettsgallery.com.goregasm23.com
lovettsgallery.goregasm23.com
my.acabear.com
ns1.kakakslot88winamp.com
ns2.kakakslot88winamp.com
queticollc.com
samp.acabear.com
tiltcast.goregasm23.com
winstar365.in
yanci.in

# Reference: https://x.com/salmanvsf/status/1890787251329585212
# Reference: https://app.validin.com/detail?find=Telegram%3A%20Contact%20%40lazyblum&type=raw&ref_id=b0935a6888f#tab=host_pairs (# 2025-02-15)

45-8-144-21.cprapid.com
safeguardauth.com
safeguardianbot.com
saieguard.world
tontestdomain.ru

# Reference: https://x.com/malwrhunterteam/status/1890126066381164754
# Reference: https://www.virustotal.com/gui/file/84c33dac2a7405f61c2dfbc0584f6ef039d22f67e95f03788490744cd28c9767/detection

actiothreaz.com
voicesharped.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-02-25)

abrightforge.cyou
aclearbeam.cyou
adventurolusspirit.click
aexquisitecrafts.cyou
ahgilenexus.top
albummgronakw.shop
alwaysvahead.cloud
amazbingjourneys.cyou
artisnticexpressions.cyou
bayerngrow.com
blast-hubs.com
blastikcn.com
blissfultdays.cyou
boldmeadozw.cyou
breezhymeadow.rest
brighqthorizon.cyou
brightecfho.cyou
brightmhaven.cyou
brightncove.cyou
brigthtgrove.cyou
brixghtquest.cyou
brizghtoasis.cyou
bsoldvista.cyou
bwrightfuture.click
bzrightpath.cyou
cadlmnest.cyou
calfmhaven.cyou
calhmhaven.top
captivjatingstories.cyou
caxndidwave.cyou
chverishedmoments.cyou
clearhecho.cyou
cleqarjourney.cyou
clerarhorizon.cyou
clxearnest.cyou
coczyhome.cyou
codesmorses.com
concernedmarkj.shop
coolgiadget.click
cozkeu.shop
cozyrwetreat.cyou
creativemindsettop.top
creatiyvegroove.top
crispnefst.cyou
crispvoyazge.cyou
crispyquest.cyou
curitousminds.cyou
customers-connexion-clients.com
cwalmjourney.cyou
cwrispbreeze.cyou
cxheerfulriver.pics
cyqfuy.shop
dgazzlingdecor.cyou
ditgitaldream.click
dreamblizss.cyou
dreamneist.cyou
dreamswiay.cyou
dreamvislta.cyou
dreamycraft.cyou
drheahmweaver.top
dynvamicfitness.cyou
ecofrieendlysolutions.cyou
ecreativehub.click
effficientworkflow.cyou
elevatemyind.top
employeecomparison.info
enclumier.com
epdicjourney.cyou
excitinrginnovations.cyou
exnchantedgardens.cyou
fclearcraft.cyou
festivevoibes.cyou
flourishpyoint.top
frdiendlycommunity.cyou
freeshdawn.cyou
frehshecho.top
frershtrail.cyou
fresqhsway.cyou
fresxhhaze.cyou
fxreshecho.cyou
gagehqhshqhq-hahqhsqhshq.cyou
generalmills.pro
gewrye.shop
glowpathy.top
gracefuklstream.rest
greenblisps.cyou
greengliving.click
greennesqt.cyou
greennquest.cyou
greenswayp.cyou
happbytrail.cyou
happtyvibe.cyou
happyhquest.top
happyqueost.cyou
hapypytravels.click
haqppycrest.cyou
hxappycove.cyou
hzappyhorizon.cyou
imoaginesphere.top
infuzoriatufelka.com
innovahtiveproducts.click
inspiringstories.click
johnyvertigo.com
joyfunlmoments.cyou
lingagulidon.com
livelyekvents.cyou
localflavors.cyou
luckyfindps.cyou
meditatetop.top
memokrableencounters.cyou
mercharena.biz
mindfumlliving.cyou
modebrnartistry.cyou
movieartisan.info
mysrticwave.cyou
mystgicdawn.cyou
mysticjpath.cyou
mysticnexst.cyou
mystictqrail.cyou
naiftheking.xyz
nestlecompany.pro
nexntvision.top
nourishingsfoods.cyou
novanesmt.cyou
optvimalwellness.cyou
padxae.shop
passengerinteraction.info
peacefujlmind.click
peajcefulspaces.cyou
perfuectdesign.click
probaforum22.forum24.ru
profilsassociations.com
psurevista.cyou
purcequest.cyou
pureechzo.cyou
purehnorizon.top
purequuest.cyou
puretmeadow.cyou
pxlayfulpets.cyou
qbrightmaze.cyou
qfreshidea.click
qjoyfullantern.pics
qsoftcove.cyou
qtastycuisine.cyou
qtruenest.cyou
queicknest.cyou
questeformeaning.cloud
quicksnhift.top
quidckrecipes.click
quievtstream.cyou
radiahntbeauty.cyou
radiantenyergy.cyou
rehfreshingdrinks.cyou
restfulrletreats.cyou
rugtou.shop
saleekstyle.click
securimel.com
sidlverfishpond.rest
simpleupleasures.cyou
smartechoo.cyou
soafringparakeet.rest
softbljoom.cyou
softechio.cyou
softnestl.cyou
softpaxth.cyou
softzspring.cyou
soulfulimusic.cyou
spargklingclean.cyou
spirmitedtravel.cyou
srmartsolutions.click
stafrmountain.cyou
starcruaft.cyou
stardbawn.cyou
starechoz.cyou
starhavken.cyou
steunningphotography.cyou
stormlegue.com
swoftwave.cyou
sxereneviews.cyou
tecchsavvy.cyou
thougyhtfultravel.cyou
thrillingadventures.cyou
timnelessdesign.cyou
tjzkjw.com
trendyfakshion.click
trueexcho.cyou
truegbloom.cyou
trueszpark.cyou
truvemeadow.cyou
twhoughtfulgifts.cyou
uniquemexperiences.cyou
urbanaodes.click
urbanbreezqe.cyou
urbancraftz.cyou
urbanouasis.cyou
urbanyspark.cyou
urcbanbliss.cyou
usltimateecommerce.cyou
variationcontribution.info
vibraqntconnections.cyou
vibrfanthealth.click
vibrrantcolors.cyou
wavessdemotion.today
whopeefreamed.com
wiesespark.cyou
wilvdflowercottage.pics
wisecrakft.cyou
wisfewave.cyou
wisyefuture.top
wqiseoasis.cyou
zadventurousfood.cyou
zboldmeadow.cyou
zdelightfulbakes.click
zefnecho.cyou
zensphace.cyou
zincaa.shop
zstunningviews.cyou

# Reference: https://x.com/salmanvsf/status/1890324603181936991
# Reference: https://www.virustotal.com/gui/file/da1065870b67a584e3dbaf9f4e7e4f98e51dc403d91889e9e0b92862cfd7a439/detection
# Reference: https://www.virustotal.com/gui/file/ac52dc2ae20931a9117b10a357331b88ac7533b2f1531b845019e5ccf0e18cde/detection
# Reference: https://www.virustotal.com/gui/file/18e9a4b6a771e3d8316971d5253dac518da9b6a13e163f9bcbbf373eec2f8300/detection
# Reference: https://www.virustotal.com/gui/file/152b0d9fa20422ae32938b83d46f26a976c1a5ae963fa1585202f10d372dc76a/detection

dreamerfruits.cloud

# Reference: https://www.virustotal.com/gui/file/0bdbc9de8158bd57ad250cd9aaf8d8679991cf3c27ea9610382df4008b18fa22/detection

http://91.202.233.151

# Reference: https://x.com/g0njxa/status/1889963835777573084
# Reference: https://en.fofa.info/result?qbase64=ZmlkPSJ2bmhHR1lEck5tNzNoQWt2MVNWYllnPT0i (# 2025-02-15)

http://147.45.199.38
http://172.232.38.208
http://185.196.9.234
http://193.143.1.19
http://194.59.30.60
http://198.44.186.177
http://31.13.224.178
http://46.19.143.29
http://79.110.62.112
http://83.222.190.92
http://83.222.191.146
http://87.242.117.137
http://87.246.7.194
http://93.123.85.69
154.216.18.113:8080
172.232.38.208:8080
176.65.140.132:8080
185.93.89.105:8080
193.143.1.19:8080
194.169.175.39:8080
194.169.175.40:8080
194.169.175.43:8080
194.59.30.60:8080
194.59.31.145:8080
198.44.186.177:8080
212.70.149.11:8080
212.70.149.14:8080
213.238.182.147:8080
220.158.233.185:8080
49.12.210.140:8080
5.182.206.205:8080
79.110.62.112:8080
79.110.62.86:8080
83.222.190.92:8080
83.222.191.146:8080
85.204.107.43:8080
85.209.133.130:8080
87.120.112.50:8080
87.242.117.137:8080
87.246.7.194:8080
89.190.156.187:8080
93.123.85.135:8080
95.169.196.22:8080
a.aclearbeam.cyou
a.buqowai.shop
a.cozkeu.shop
a.gewrye.shop
a.jigateu.shop
a.lumfyginiu5.shop
a.lumsawedua.shop
b.aclearbeam.cyou
b.buqowai.shop
b.cozkeu.shop
b.gewrye.shop
b.jigateu.shop
b.lumfyginiu5.shop
b.lumsawedua.shop
contributioninspection.info
dreamcrazfters.top
e4fdc0d3-eebe-4297-bc15-780796d8c861.cyqfuy.shop
lightojourney.top
motivaotedsoul.top
quiwetwaveso.top

# Reference: https://app.validin.com/detail?find=Telegram%3A%20Contact%20%40safeguard&type=raw#tab=host_pairs (# 2025-02-15)

backpack-wallet.org
bchainpro.com
bitcoin-dogs.io
cloud-donkey-space.buzz
cryptonatorwallet.com
goatseusmaximus.io
irc.taketeacher.com
mycelium-wallet.org
orc-token.com
pei-pei.io
peon-coin.com
pepe-token.io
poodle-inu.io
safletsgo.xyz
sealana-coin.io
solsnipingbot.com
telegramweeee.pro
ultraspectacular.life

# Reference: https://x.com/K_N1kolenko/status/1891357171708780823
# Reference: https://www.virustotal.com/gui/file/a4afb81e08cdddb9ce80547454ad3014900e9cde9738b6d4f84471b3f555be44/detection
# Reference: https://www.virustotal.com/gui/file/70d98f07f03fa6e67c6e474a10ea637a2671b3cf60fe4ad67b370662ac20b886/detection

fondnesssprayamiable.shop
pumiceanaerobicbleak.shop
u2.fondnesssprayamiable.shop
u3.fondnesssprayamiable.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-02-17)

abnormasik.click
aesthzeticday.top
aheadrarry.help
ampklevision.top
assignmenttelevision.info
balancedzlife.tech
blisksfulfuture.top
blissfzuljourney.top
boldcyanvas.top
boldquestq.cyou
brhightfusion.top
calmquzest.cyou
campskipleak.pro
cherikshedideas.top
cherishzmoments.top
detailerqusit.help
dfreamwave.cyou
diggyacito.click
dreamekrspace.top
dreamwave.cyou
dynamicyspace.top
echhopoint.top
elysianfizelds.top
embracekchange.top
endxlesspossi.tech
fearrealmean.pro
flourishklife.top
flouriszhzozne.top
graqcefulstep.top
gratefulheartx.tech
gratefulhkeart.top
greehnVibe.top
grzeenbreeze.cyou
happyfoasis.cyou
healthyhabixts.tech
hoarmonynest.top
hopefulpatkh.top
hopeqfulhearts.top
ickyseeky.shop
ideasphark.top
impactsupport.world
inspiqredminds.top
intentionalklife.top
jololyquest.top
jookerkslxsafkr.xyz
joyfuljourneky.top
joyfulnhest.top
joyousqvibes.top
kaleoidoscopewa.top
kindplacesk.top
kindredqspirits.top
kindsprohut.top
kinguserpart.pro
liemitlgessdream.top
lnovewave.top
luminousqpath.top
medicalprocce.shop
minedfrulgrowth.top
minndfulpath.top
mintysoary.help
mqindfuljourney.top
naqturewisdom.top
nestlecompany.world
newhoriozons.top
noureeishedsoul.top
oceanbreoeze.top
openncanvas.top
opetnheearts.top
opuqlentnest.top
painroomarch.pro
peacqegfulmind.top
peactefulpath.top
peakaspiroe.top
pgldrop24.pro
potcryscanj.shop
preyechostun.pro
quietreverie.top
radiantnpulse.top
radiatntideas.top
rgadiantsoul.top
righqtHorizon.cyou
riqsingstaro.top
segrenewaves.top
silingwhip.shop
skywarddnream.top
softdaqwn.cyou
softpafthway.cyou
swafeharbor.top
thwrivenest.top
tragnquilgrove.top
truefbloom.cyou
truenorthn.top
uniggvgersaljoy.top
uniwtysphere.top
urbantraoil.cyou
uyniquequest.top
vigbragntflow.top
visiwonarypath.top
viytalburst.top
wkanderlustpath.top
wzonderfield.top
xpzloreideas.top
xsereneviews.cyou
youzrjoyfulplace.top
zekalousspirit.top
zenfylare.top
zengardxen.cyou
zephzyrcloud.top

# Reference: https://x.com/RacWatchin8872/status/1891595647691768191

bellthinkyj28.help
patchpreseh.help

# Reference: https://x.com/malwrhunterteam/status/1891794791366595043
# Reference: https://www.virustotal.com/gui/file/9056bc6de6486e3116129a5536dc33be7916ff4c8f0b16bfb2e720df1df89681/detection

http://185.81.68.130
filemanaager.net

# Reference: https://www.virustotal.com/gui/file/19268364210977c4938d3ef1d146bfc4e3ee52c502d332b877ae5489e2225fc5/detection

greehnvibe.top

# Reference: https://app.validin.com/detail?find=193.143.1.19&type=ip4&ref_id=09c207557ea#tab=resolutions (# 2025-02-18)

actortoesuz.help
colossallek.click
cooingshutwz.my
deliriousi.click
dimerecyt.click
experaccper.click
fiercewelkk.click
heavyleadez.click
humilitratt.click
ideaggage.click
joyoushybf.click
magicelasti.click
maidpleasan.click
paintygatt.click
petitergain.click
protesterfa.click
punishermarryz.click
queenabora.click
rampantovfe.click
rebelstic.click
removercomf.click
rhythmoiler.click
scarpsaily.click
shearhoaxx.click
stonehacth.click
succinnisr.click
waterrtfree.click

# Reference: https://www.cloudsek.com/blog/lumma-stealer-chronicles-pdf-themed-campaign-using-compromised-educational-institutions-infrastructure

http://87.120.115.240
smiteattacker.org

# Reference: https://www.virustotal.com/gui/file/c8f7bb77e5d49aba5848feaa1309c99c08e84e4c593032be6edb647146f716f0/detection

healthyjouprney.tech

# Reference: https://x.com/RacWatchin8872/status/1891854881381626260

ablekettled.shop
achievesalutto.shop
actleavvek.shop
avoidshirru.shop
beatgoattk.shop
bucketrenouv.shop
busheprettuv.shop
carrofiwi.shop
cavemelodice.shop
celeryddepende.shop
cherriestubb.shop
closedsaccke.shop
cloudsbeeseez.shop
cobwebymitk.shop
comepreventsur.shop
crackerdisccre.shop
creppugler.shop
erracitofge.shop
forcehoppen.shop
fraildinerip.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-02-19)

http://185.215.113.51
arameiup.sbs
klipxytozyi.shop
lestagames.world
lompappojumm.click
lovexlearning.tech
rejoincartridge.shop
smoothsprin.click
urbjanjungle.tech
ty.klipxytozyi.shop
u1.rejoincartridge.shop

# Reference: https://x.com/salmanvsf/status/1892483331830239376

2ndfoundation.events
animecoin.claims
eiz61.com
hari12.com
mshta.net
spx6900claims.events
thohrut.com
white-bush-fd67.marvellousjaquelin.workers.dev

# Reference: https://x.com/RacWatchin8872/status/1892898196935815580

budgetmonargh.fun
earwaxmouzed.fun
introducite.fun
professidefen.fun
sharenholek.fun

# Reference: https://x.com/RacWatchin8872/status/1892900145164861931

drunkeflavorz.pw
executrixfinav.pw
governoagoal.pw
inserbande.pw
parkedingtalke.pw
pricendstrugg.pw
proudgeneratz.pw
rateilamajor.pw
swipedmongk.pw

# Reference: https://x.com/lontze7/status/1892938996931551294
# Reference: https://medium.com/@s.lontzetidis/lummastealer-campaign-too-much-love-for-software-pirates-66ebe4b2f3a6

6meeripw061124z.cfd
aqwerrtfdcfvgggd.info
asdfdfggcvgf.click
azvg3j01ni081224s.click
co5j7408122463k.click
om2wsh210624v7.xyz
u2ig6061124nr1.cfd
v5pxfqo7w061124zh.cfd
zasdxcvfdsxccdff.click

# Reference: https://x.com/ViriBack/status/1894016064108830992
# Reference: https://app.validin.com/detail?find=8bb1ace470ab750c97c906bb9c5fbf91&type=hash&ref_id=405aa613372#tab=host_pairs (# 2025-02-24)

fxepiay.com
ggepiay.com
ggepllay.com
important-confiirm.com
important-confirmation.com
procedeed-verific.com
reservation-confirms.com
verification-proceess.com
hrs.important-confirmation.com
payment.verification-proceess.com

# Reference: https://x.com/motuariki_/status/1894228339608752462
# Reference: https://www.virustotal.com/gui/file/009181320547a4ce587f56f53c977ff4d7dd2df2ceddc7a549a9f46297598b9b/detection

prideforgek.fun
uncertainyelemz.bet
tampermonkey09.top

# Reference: https://www.silentpush.com/blog/lumma-stealer/

jellysipp.shop
pdf-ref095vq842r70.com
roxplo1ts.ws
techetrs.icu
wetransfer.su
workingkeys.info

# Reference: https://x.com/ShanHolo/status/1894377680281243826
# Reference: https://www.virustotal.com/gui/file/e40c9a9d78a09dcb34304f32309b8bc0243ca5efce08f7c028d85af368c79d73/detection

josehan.shop

# Reference: https://app.validin.com/detail?find=Telegram%3A%20Contact%20%40safeguard&type=raw#tab=host_pairs (# 2025-02-25)

app.taketeacher.com
isy62.com.65-109-38-81.cprapid.com
ec2-3-95-161-176.compute-1.amazonaws.com
darwin-glory-leg.space

# Reference: https://app.validin.com/detail?find=B%D0%BE%D0%BEking.%D1%81%D0%BEm&type=raw#tab=host_pairs (# 2025-02-25)

http://150.241.108.92
http://185.102.115.25
http://185.102.115.38
http://185.102.115.75
http://34.32.77.83
http://5.252.153.176
http://77.239.105.25
http://87.120.166.76
http://88.151.117.57

# Reference: https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663/

testdomain123123.shop

# Reference: https://x.com/RacWatchin8872/status/1894811145770541256

earthycodlors.bet
eastehandeop.bet
horoscopedcle.bet
mountainvbreezes.bet
mycampdrivers.bet
sejrenevalley.bet
sinappledreq.bet
speakkernerved.bet

# Reference: https://x.com/RacWatchin8872/status/1895282226864234724
# Reference: https://app.any.run/tasks/fbfde743-fe04-4f87-b7ee-25b9c1477f99

calmingtefxtures.run

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-02-28)

absensnosed.shop
advertised.life
ai.fdswgw.shop
aiqinsights.icu
babyedopposer.site
baconqualit.live
banishbraker.site
batteryaffin.world
beerepiero.online
belongutoppe.shop
bennedospok.run
billesafed.life
bloodyeleftor.world
boltetuurked.digital
breastkanekd.online
breezyarrogan.click
brightfuturjes.tech
brjightfuture.tech
bzondingmoments.tech
cancepatrok.today
caringheadboard.buzz
casedswarmedo.shop
cdn-serveri4345-ns.shop
censcusfunw.icu
chlenvaginakz.icu
churhemarke.online
cid-hmn.com
cjreativejourney.tech
classycribe.top
collapimga.fun
comedyewpest.fun
commercfriek.digital
conceived.today
concentratecr.world
contexthoster.site
dawtastream.bet
deaddereaste.today
deadlyfeaster.site
decreaserid.world
depraveddivinelyresubmit.shop
deprescatve.shop
dilemmformez.fun
dilutedlikel.bet
disastecouse.live
disobilittyhell.live
dns-verify-me.pro
dorklifedubbed.shop
download.caringheadboard.buzz
download.cdn-serveri2245-ns.shop
dozzenquear.fun
dryentaidne.run
dsfljsdfjewf.info
earthsymphzony.today
eczofriendlychoices.tech
embarkiffe.shop
emplofirelpd.online
enlagrestatem.bet
ethnicracker.top
exarthynature.run
eyertacric.top
fallerestez.digital
fdswgw.shop
ferilwk2301.top
ferrybarked.world
foresctwhispers.top
forutnedfunr.online
fpreshstart.tech
geges.shop
girflekoma.digital
goaledharmfuk.live
gomys.shop
graduatteusez.shop
graphick.cloud
grendyreushe.run
grezennaturepath.live
hearemiscrati.shop
heavenhostilk.site
hobbyedsmoker.live
horizocoarhe.shop
horizonedcream.top
hoyoverse.blog
human-verify-4r.pro
human-verify.shop
hutmosquwz.fun
hvsdkfjfhj-sd-1.pro
inf-human.com
innovativezapproach.tech
inspiringjstories.tech
investiigato.website
jewellycotten.digital
jowyfulbloom.shop
kaiserdome.run
kitchensummez.online
kurrenpowed.run
languarel.fun
lawyesaved.today
lgkitstart.life
livlivproliv.shop
livlivprolivasdvaa.shop
livlivvavavava.shop
lockepolitter.click
ly.depraveddivinelyresubmit.shop
marathinwulke.today
metalcourthur.fun
mezadowdances.live
mildpacewp.today
miscrirarisz.today
mizo.dorklifedubbed.shop
mosquwinteck.digital
mui.cdn-serveri4345-ns.shop
naturesartgistry.today
neglectdivid.world
openheartljiving.tech
outlinedtrai.bet
owerenvokken.run
paggerquitl.click
palmnighet.online
passwodbroked.life
pastedeputten.life
pasteflawwed.world
pastoralkyu.click
pausedcritiaca.fun
peacefulgyrove.shop
penetratebatt.pw
petlovinstop.top
physicalsnowwer.digital
ping.caringheadboard.buzz
pingora1.caringheadboard.buzz
pirtyoffensiz.bet
popilatbather.online
porkedbunned.run
posqvevibesonly.tech
potentiashelt.site
praisednette.top
praisepunishek.online
presentymusse.world
privileggoe.live
psychologyed54.cyou
pukisound.icu
pywop.shop
qifyv.shop
quietswtreams.life
rationpolicemof.shop
readdystayer.top
reasonablerwi.today
reconcilen.cyou
refledesige.online
relatedflatte.online
relaxparadisetop.top
resqueoppos.live
rihem.shop
rougheligher.online
ruffyfavour.top
screwpadder.click
securerewinde.top
seizedsentec.online
sellroofed.bet
simpxlehome.tech
sketctedpilld.digital
slantposiz.shop
solarnatgure.run
soqulfonections.tech
starrynsightsky.icu
sterilizeflow.top
strawpeasaen.fun
subawhipnator.life
suggesteaco.shop
surveycupboar.digital
syprassebone.top
tampermonkey01.top
tampermonkey02.top
tampermonkey03.top
tampermonkey04.top
tampermonkey05.top
tampermonkey06.top
tampermonkey07.top
tampermonkey08.top
tampermonkey10.top
thesiaawwor.fun
thichinsideo.online
thingymediay.cyou
thinkbettersoul.live
trackeraired.online
tracnquilforest.life
trickyseane.top
turngallerudgo.icu
turnkindgrai.top
vatloopedo.bet
vavstcilke.site
vf-fired.com
waterubakke.shop
wealthestored.icu
wildxflowerdream.life
willpowerwav.site
wisecreak.site
wqanderludreams.tech
wreckerroom.run
xyxyc.shop

# Reference: https://x.com/RacWatchin8872/status/1895940095116730693

alcohopreden.top
bloomingzgardens.today
crystahlclearwaters.bet
desribessquwd.today
difgitalnexus.run
digitalfxorge.world
earwaxeduek.run
elegantlawwen.run
entereddeacr.run
exposedbuid.life
foortyturhud.run
forfardunifor.world
fortunedtrivial.top
gesturedseedz.fun
goldensounew.world
grainybande.life
hideousown.top
markerjurys.cyou
moduledbillke.world
nateurescanvas.world
natureexpflorer.run
naturerbhythm.world
naturjalharmony.top
netgineero.life
pipesofmugge.fun
reliefintorud.life
towerymodest.top

# Reference: https://x.com/ShanHolo/status/1895811262275338703
# Reference: https://www.virustotal.com/gui/file/879cce6b8a397004f970fa7e6fe7ecfc1ed18bc27ea0fdfd0f89b83e22716a15/detection

futuwrebyte.world

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-03-04)

apwporchestrator.shop
aqppgenius.life
canadapharmacytrust.net
circujitstorm.bet
citxresearchers.icu
codxefusion.top
communicationfell.icu
creative-ideas.top
creativehjub.tech
curlinessgiddysmile.shop
cybgerlaunch.digital
datadynnamics.today
democratoze.space
design-inspiration7.top
devspihral.digital
digital-world24.top
digitalcrdjafters.top
eco-solutions360.top
experimentalideas.today
explorebieology.run
faminuarfas.digital
fastrxorders.com
future-tech2024.top
gadgethgfub.icu
gadgsetflow.shop
gloweceeralk.online
gmoldenhours.tech
growtesitte.life
halfambitie.space
hardrwarehaven.run
hardswarehub.today
innojvatech.shop
iznnovativelabs.today
labnewgaily.world
leafvypathways.top
moderzysics.top
novapherex.digital
pddinghenarkijui.shop
pencilfight.click
pevemtnchil.live
phygcsforum.life
pixeelpioneers.bet
printerdiallog.fun
qquantumcoding.digital
reseagetwork.top
reslinsights.shop
robotticsrealm.top
shisha.curlinessgiddysmile.shop
smart-living365.top
smartnbetwork.today
socialsscesforum.icu
softwavxrereactor.top
tech-expert101.top
techmindzs.live
techpxioneers.run
techspherxe.top
techvkortex.bet
tecwhroots.digital
tewchjourney.icu
tqechtrends.shop
viretualmatrix.today
xn--eclab-1ta.com

# Reference: https://x.com/salmanvsf/status/1897205339248029889
# Reference: https://www.virustotal.com/gui/file/ddb581670264cea474f5b8ff9747610155be3a86a6d7fad2f8f057a97d7133a7/detection

avioverife.live

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-03-05)

biochextryhub.bet
dazcientists.bet
emergixience.bet
establishnappe.space
raiduyrumny.cyou
scieseandbeyond.world
theorxhysics.shop
urbanfzgproject.bet
wordingvenuo.fun

# Reference: https://cert-agid.gov.it/wp-content/uploads/2025/03/lumma-stealer-06-03-2025.json
# Reference: https://www.virustotal.com/gui/file/0567947960bdc914d2f15746e899983101a8dafca582c601a0dd72af49f012b4/detection

consent.oogle.it
eioae.shop
farmandfamilylife.shop
indir-zpf.com
objectstorage.ap-singapore-2.oraclecloud.com
retardoz.shop
wezimin.shop
x1.eioae.shop
x2.eioae.shop
x4.eioae.shop
x5.eioae.shop

# Reference: https://x.com/TRACLabs_/status/1897760777999696190

areawannte.bet
arisechairedd.shop
begindecafer.world
catterjur.live
defaulemot.run
fostinjec.today
garagedrootz.top
modelshiverd.icu
orangemyther.live

# Reference: https://x.com/RacWatchin8872/status/1898008953864269876

absoulpushx.life
agriculthub.run
agriework.life
analgcslab.run
cjuddlepillows.icu
comrfyclouds.run
cozsmicjo.top
cropmqttools.today
croprojegies.run
dataexzorers.icu
discxeryspace.icu
envirbntalstudies.shop
explqngscience.life
fahentures.today
farfinable.top
farmercommunity.life
fieldies.bet
fuurxchnologies.top
gardeninggains.bet
gengfocus.today
gestryfocus.run
greenfieldsnetwork.bet
heritagebreeds.run
labdizeries.run
mathinsighjts.shop
orchardinspiration.top
organicgrowershub.shop
ossifiedreduio.shop
paradoxxedin.world
permaculturepath.run
puillowjourney.icu
scienssights.today
scientififange.top
scienxonnect.run
scizencehub.life
soilandseed.icu
spitestrippe.top

# Reference: https://www.virustotal.com/gui/file/0ce9d9413815fe01e78b447ef493ae44946d3666018e15ac53002d75be2cff97/detection

agroecologyguide.digital
cropcircleforum.today
farmingtzricks.top
seedsxouts.shop

# Reference: https://x.com/RacWatchin8872/status/1898383152281764171

9sterpickced.digital
astralconnec.icu
catterjur.run

# Reference: https://x.com/RacWatchin8872/status/1898744548416700722

animalujnity.run
animnalha.icu
animpalaffe.life
astrfcalinsights.run
astrobib.life
astrogaze.run
astronav.world
astrophysical.today
astrotg.world
baerkandmeow.run
celestigalp.icu
codeevobvlution.run
constellationfe.run
cosmichori.today
cosmopla.life
creathurecove.bet
crebatureco.bet
crittercoorner.today
cueddlycrea.run
farmtoonnection.bet
feathteredf.bet
furryjourlneys.icu
fusrryfables.today
fyeredfamily.world
galxacticex.run
happyjh.world
happyyhowler.icu
huibokoras.run
inztergalact.world
kaittenkorner.today
kingfdomo.today
lightyears.bet
mfeteorolog.life
orbeitings.run
pawfsandcl.world
pevtparadise.world
piellowbliss.icu
pililowease.run
planestaryo.bet
playfulupaws.life
puawprintm.bet
pxawprintsafari.run
qcelestialo.run
quantumuni.life
quantyu.bet
regullanbalk.life
resignfallk.icu
sanugglebud.today
scalfeandtail.life
scientihfichub.bet
sectioarran.bet
soilhewocacy.bet
spacetimech.today
starfieldsin.life
stellafradv.world
tailsogfthewild.world
theinterg.world
tonedanswered.today
universeho.bet
virtualvxinsight.run
voyeugger.today
wildwmorlds.life
wildwonlders.run
wilodlifewhis.icu
winnevarid.run
ztechwave.bet

# Reference: https://x.com/skocherhan/status/1899282001573597380
# Reference: https://www.virustotal.com/gui/file/49b9eae260c0cccf202b6d33a3a8b47e7188e22a234f27cea2aa95b18046ab6d/detection

joinjoaomgcd.appspot.com

# Reference: https://x.com/RacWatchin8872/status/1899532464558628880

accefsorysp.top
agedsoucid.top
bolbtbo.top
classironedd.top
compgonentco.top
desigvndeta.top
fittinvgfie.top
fixfturefin.top
joingeryjunc.top
moluntmarke.top
operateoxasi.top

# Reference: https://x.com/RacWatchin8872/status/1900192855601160611

airsoftadv.life
armamentg.life
citychron.life
citypulsez.life
cityvib.run
gunsandg.run
hiddenstr.world
industryin.today
localfl.bet
localjour.run
pathsofur.today
rangefinde.today
reloadrevol.bet
sightsa.bet
skylinejo.world
snipersecrets.world
townadven.life
townsands.bet
urbanexpe.world
urbanjour.today
vibrantlo.today

# Reference: https://x.com/malwrhunterteam/status/1900249703129677963
# Reference: https://www.virustotal.com/gui/file/dba844b00d59c245382b87ce7441a86c23df76cd517c5a291e91e76ecb8b7873/detection

bugildbett.top
cjlaspcorne.icu
featureccus.shop
htardwarehu.icu
jowinjoinery.icu
latchclan.shop
legenassedk.top
mrodularmall.top

# Reference: https://x.com/RacWatchin8872/status/1900657247920799760

1cjlaspcorne.icu
menuedgarli.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-03-14)

http://139.162.177.235
http://47.236.31.67
http://79.133.46.59
http://84.200.154.155
http://84.200.24.181
0bugildbett.top
0citydisco.bet
0defaulemot.run
0garagedrootz.top
0modelshiverd.icu
0sterpickced.digital
1igaragedrootz.top
1latchclan.shop
1sterpickced.digital
2.sterpickced.digital
2defaulemot.run
2ohtardwarehu.icu
2weaponrywo.digital
3begindecafer.world
3orangemyther.live
4crosshairc.life
4defaulemot.run
4modelshiverd.icu
5arisechairedd.shop
5jowinjoinery.icu
5ktechmindzs.live
6bugildbett.top
6catterjur.run
6cjlaspcorne.icu
6codxefusion.top
6htardwarehu.icu
6jowinjoinery.icu
6naturewsounds.help
6orangemyther.live
6sterpickced.digital
7bugildbett.top
7crosshairc.life
7fostinjec.today
7garagedrootz.top
7menuedgarli.shop
7modelshiverd.icu
7phygcsforum.life
8cjlaspcorne.icu
8latchclan.shop
8mrodularmall.top
8sterpickced.digital
9garagedrootz.top
9hfeatureccus.shop
9modelshiverd.icu
9x.citydisco.bet
acatterjur.run
acjlaspcorne.icu
adweaponrywo.digital
agriwellness.world
artfupldesign.tech
athnome.icu
backyardbounty.live
balancpedlife.tech
barisechairedd.shop
bcjlaspcorne.icu
bcodxefusion.top
bexarthynature.run
bgarulouscuto.com
bhgyuncovered.world
blissfulspillow.digital
bquietswtreams.life
bxettertogether.tech
byjowinjoinery.icu
bz2ncodxefusion.top
cbugildbett.top
cfeatureccus.shop
changemakezrs.tech
chemistrycworner.today
childishbagge.fun
chimneysickend.icu
citydisco.bet
cityscapea.run
citywand.live
cjowinjoinery.icu
cocjkoonpillow.today
coderspabradise.life
confessnibmle.top
corangemyther.live
cowzycomforts.shop
cratevexxerj.icu
creativxecorner.tech
criticuscoke.pw
crosshairc.life
cuddlypifllow.life
culasova.icu
daixlyinspiration.tech
datganalytics.live
dcjlaspcorne.icu
ddeaddereaste.today
decorathnome.icu
deepspac.digital
digitaldreams101.top
dorangemyther.live
dreambigideaxs.tech
dsimensio.bet
eearthsymphzony.today
eeexplorebieology.run
efostinjec.today
electryuonicpulse.world
excitinzgtrends.tech
exoprlanet.digital
expergalscience.live
exploreth.shop
fcatterjur.run
fearlessdreazmers.tech
felegenassedk.top
fieldtovillage.icu
fkmrodularmall.top
flatchclan.shop
flegenassedk.top
followfauc.cyou
foodsktyproject.shop
fruitfuvljourney.tech
furryfinkders.digital
fxreshideas.tech
g-cjlaspcorne.icu
garisechairedd.shop
gcjlaspcorne.icu
gcrosshairc.life
gdpfsj.com
gentlbecomfort.world
genvtlewhispers.tech
geyntlepillows.live
gmodelshiverd.icu
grxeenplanet.tech
guntac.bet
harmoniousrelapzs.tech
harvestseasonblog.life
hgaragedrootz.top
hingehjan.shop
hlegenassedk.top
hphygcsforum.life
ibegindecafer.world
iblastikcn.com
ibugildbett.top
icjlaspcorne.icu
ihtardwarehu.icu
incidenlikedop.digital
inspiredlivxing.tech
inspirzedthoughts.tech
interfensuffer.fun
j8arisechairedd.shop
jcropcircleforum.today
jlegenassedk.top
jojyfulmoments.tech
joyfulhezart.tech
jquietswtreams.life
kbracketba.shop
kbugildbett.top
kmoderzysics.top
ksterpickced.digital
ktechspherxe.top
kulihase.digital
larisechairedd.shop
lcatterjur.run
limitlxesshorizons.tech
livestveblog.live
localfxement.live
market-lum.fun
matkldwide.digital
mbfostinjec.today
mjowinjoinery.icu
morangemyther.live
narisechairedd.shop
nbdsfljsdfjewf.info
nebdulaq.digital
neurozovery.life
nextgenideas2023.top
oblastikcn.com
oearthsymphzony.today
ojowinjoinery.icu
omrodularmall.top
organicfxecrets.today
outofthisw.shop
oxceansounds.digital
passievedhbu.icu
paweshom.digital
peacefzulpillow.today
pfostinjec.today
pgadgethgfub.icu
pillowconxnection.shop
pillowhagven.world
pillowtouzch.shop
pistolsan.digital
pstormlegue.com
q8explorebieology.run
qblastikcn.com
qcitydisco.bet
qfostinjec.today
qlegenassedk.top
qmodelshiverd.icu
qmrodularmall.top
quantuqearch.live
radziantenergy.tech
rcjlaspcorne.icu
rcodxefusion.top
relaxingxpillow.digital
resrtfulnights.live
rgaragedrootz.top
rhtardwarehu.icu
riversftonejourney.digital
rixggingrang.shop
rjowinjoinery.icu
rseedsxouts.shop
sbreedertremnd.com
scikevision.today
sdfwfsdf.icu
shardrwarehaven.run
sharingknowlezdge.tech
sjowinjoinery.icu
smartsolutions24.top
smrodularmall.top
sngugglepillow.live
snuegglypillow.top
sockvoicep.live
soulfuxlconnections.tech
spacevoyag.live
spikyscaldeo.cyou
sprinbgstre.icu
strangerwrehcw.click
sunpnyvibes.tech
sweetmdreampillow.today
tbegindecafer.world
techixnnovation.tech
techworld2025.top
tfeatureccus.shop
togoltrove.shop
twilightobs.today
umrodularmall.top
unaturewsounds.help
univerxes.shop
uorangemyther.live
urbanexp.digital
urbkureforum.top
utechspherxe.top
vbegindecafer.world
vfostinjec.today
vlmrodularmall.top
vrfeatureccus.shop
vtechspherxe.top
vyafostinjec.today
wandererx.tech
wbegindecafer.world
wcatterjur.run
wcrosshairc.life
wdefaulemot.run
weaponrywo.digital
webinspisrve.icu
wildlnifeecho.world
wildpadventures.tech
wirybringero.shop
xcollapimga.fun
xexarthynature.run
xmrodularmall.top
xsterpickced.digital
ycatterjur.run
yfeatureccus.shop
yhtardwarehu.icu
ymodelshiverd.icu
ymrodularmall.top
yshiningrstars.help
ystxarnavig.live
zbugildbett.top
zcitydisco.bet
zenrichyourlife.tech
zfeatureccus.shop
zfostinjec.today
zfurrycomp.top
zimportenptoc.com

# Reference: https://x.com/RacWatchin8872/status/1900700296411504684

armamenta.run
armoranal.bet
armoryhub.shop
arsenaladv.run
artillerya.shop
battlefi.world
bottompushe.today
combatcra.today
concealedca.bet
defensea.top
explosivefe.world
firepowerfo.world
guninfoo.run
gunrightsp.run
muzzlema.today
precisionpo.run
securearmory.bet
shootings.today
tacticaltac.shop
warfaredf.run
weaponwisd.world

# Reference: https://www.virustotal.com/gui/file/00a79b298cea250339bca9e396600ec2e79af7fa1adfd6a65a4d17156f64a1a3/detection

sterpickced.digital

# Reference: https://app.validin.com/detail?find=Telegram%3A%20Contact%20%40lazyblum&type=raw#tab=host_pairs (# 2025-03-17)

178.236.246.105.sslip.io
alls.ltd
appchaingpt.io
authenticatior.com
bnc.taketeacher.com
captcha-safeguard.com
lawpositionteam.com
organictowel.net
saieguard.xyz
westeamlaw.com
westlawexperts.com
westlawtriallaw.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-03-18)

http://147.45.79.52
0arisechairedd.shop
0begindecafer.world
0catterjur.run
0explorebieology.run
0fostinjec.today
0kulihase.digital
0latchclan.shop
0mrodularmall.top
0qcrosshairc.life
0weaponswh.run
12partparcadi.shop
1begindecafer.world
1cmodelshiverd.icu
1governoagoal.pw
1jowinjoinery.icu
1loadoutle.life
1phtardwarehu.icu
1pistolpra.bet
1playrfulpals.digital
2agroecologyguide.digital
2armamenti.world
2blastikcn.com
2bugildbett.top
2catterjur.run
2citydisco.bet
2cjlaspcorne.icu
2crosshairc.life
2dcousidporke.icu
2dsfljsdfjewf.info
2hardrwarehaven.run
2htardwarehu.icu
2jowinjoinery.icu
2kdsfljsdfjewf.info
2puillowjourney.icu
2techspherxe.top
322orangemyther.live
3citydisco.bet
3cjlaspcorne.icu
3defaulemot.run
3fostinjec.today
3htardwarehu.icu
3kp2orangemyther.live
3latchclan.shop
3p1pistolpra.bet
3sterpickced.digital
3vjowinjoinery.icu
3xbreedertremnd.com
4armamenti.world
4borangemyther.live
4bugildbett.top
4cjlaspcorne.icu
4dsfljsdfjewf.info
4exoprlanet.digital
4featureccus.shop
4htardwarehu.icu
4jowinjoinery.icu
4legenassedk.top
4mrodularmall.top
4seedsxouts.shop
4urbanexp.digital
5bugildbett.top
5explorebieology.run
5htardwarehu.icu
5modelshiverd.icu
5orangemyther.live
5sterpickced.digital
6astralconnec.icu
6begindecafer.world
6defaulemot.run
6earthsymphzony.today
6fostinjec.today
6garagedrootz.top
6hseedsxouts.shop
6importenptoc.com
6latchclan.shop
6selfdefens.bet
74citydisco.bet
7begindecafer.world
7catterjur.run
7defaulemot.run
7featureccus.shop
7legenassedk.top
7moderzysics.top
7mrodularmall.top
7selfdefens.bet
7sterpickced.digital
7zlatchclan.shop
84moderzysics.top
8catterjur.run
8htardwarehu.icu
8jowinjoinery.icu
8jpsterpickced.digital
8klegenassedk.top
8legenassedk.top
8mweteorm.top
8pastedeputten.life
9arisechairedd.shop
9begindecafer.world
9caliberc.today
9codxefusion.top
9crosshairc.life
9mrodularmall.top
9techspherxe.top
9weaponrywo.digital
a4qmodelshiverd.icu
aarisechairedd.shop
aarmamenti.world
abegindecafer.world
acrosshairc.life
adcventr.life
adecorathnome.icu
ajarisechairedd.shop
ajweaponrywo.digital
aquietswtreams.life
armamenti.world
armoryacumen.run
armoryarch.shop
asterpickced.digital
battlefie.shop
bbegindecafer.world
bhtardwarehu.icu
blackeblast.run
blegenassedk.top
bshootforyou.world
cafostinjec.today
caliberc.life
caliberc.today
cclassyhelped.net
cdecreaserid.world
cfostinjec.today
cgadgethgfub.icu
cgaragedrootz.top
chtardwarehu.icu
cmenuedgarli.shop
cseedsxouts.shop
cweaponrywo.digital
dcatterjur.run
dfeatureccus.shop
dgaragedrootz.top
dhtardwarehu.icu
dlegenassedk.top
dloadoutle.life
dmrodularmall.top
dsterpickced.digital
dwjowinjoinery.icu
dxkushha.com
dziorangemyther.live
e6mrodularmall.top
ebugildbett.top
ecatterjur.run
ecrosshairc.life
edsimensio.bet
ejowinjoinery.icu
ephygcsforum.life
es-dgtese.top
escapade.bet
euncertainyelemz.bet
ewbugildbett.top
expldore.run
f-fostinjec.today
f3garagedrootz.top
f3htardwarehu.icu
facitydisco.bet
farmfreshideas.digital
fblackeblast.run
fcaliberc.today
fcrosshairc.life
fdecorathnome.icu
fdefaulemot.run
fhobbyedsmoker.live
fhtardwarehu.icu
firearmfab.world
firearmsfe.live
firearmsv.digital
firsatlarsenin.com
foodieloverstop.top
furxnishpla.shop
fvpistolpra.bet
fweaponrywo.digital
g9mrodularmall.top
gbuncertainyelemz.bet
gearthsymphzony.today
ggaragedrootz.top
ghcjlaspcorne.icu
giarmamenti.world
goholiday.run
gpinfuzoriatufelka.com
grelaxingxpillow.digital
gtechspherxe.top
gunhandl.today
gunlovers.top
gunownersg.top
gunpolicy.today
gunsmith.bet
hbgaragedrootz.top
hbtechspherxe.top
hcatterjur.run
hcjlaspcorne.icu
hhardwarehu.icu
hhtardwarehu.icu
hloadoutle.life
hmodelshiverd.icu
hmrodularmall.top
hpsterpickced.digital
hsetfupstore.icu
hskylinejo.world
htracnquilforest.life
iaarmoryarch.shop
iarisechairedd.shop
iarmoryarch.shop
iastralconnec.icu
ifostinjec.today
igadgethgfub.icu
ijowinjoinery.icu
ilegenassedk.top
inestlecompany.world
iorangemyther.live
ironandfir.shop
jbugildbett.top
jcatterjur.run
jcjlaspcorne.icu
jcodxefusion.top
jcrosshairc.life
jfeatureccus.shop
jgaragedrootz.top
jorangemyther.live
jqdefaulemot.run
jsterpickced.digital
kacatterjur.run
karisechairedd.shop
kcatterjur.run
kcitydisco.bet
kfostinjec.today
kgaragedrootz.top
khekgaragedrootz.top
kudecreaserid.world
kweaponrywo.digital
kzteamprokla1.shop
kzteamprokla2.shop
l0legenassedk.top
l4garagedrootz.top
lastralconnec.icu
lbugildbett.top
ldefaulemot.run
legistaiteo.world
lfostinjec.today
lgaragedrootz.top
lguncontrold.shop
ljowinjoinery.icu
loadoutle.life
lsterpickced.digital
lyorangemyther.live
marksmanm.today
mbegindecafer.world
mbugildbett.top
mcodxefusion.top
mgaragedrootz.top
mlatchclan.shop
mpistolpra.bet
mseedsxouts.shop
munitions.life
mweaponrywo.digital
n9modelshiverd.icu
nblast-hubs.com
nfeatureccus.shop
nfostinjec.today
npausedcritiaca.fun
ntechspherxe.top
oagroecologyguide.digital
obegindecafer.world
odefaulemot.run
ofeatureccus.shop
ogaragedrootz.top
olegenassedk.top
omoderzysics.top
oweaponwo.life
parisechairedd.shop
partparcadi.shop
pbegindecafer.world
pcatterjur.run
pfeatureccus.shop
pilloswdelight.bet
pillowrcest.life
pistolpra.bet
planenailke.top
plegenassedk.top
pmrodularmall.top
preoductpark.icu
preoductpark.icu/dJWIn
psterpickced.digital
pupmeholk.bet
qcrosshairc.life
qdefaulemot.run
qfarfinable.top
qgadgethgfub.icu
qgaragedrootz.top
qiastralconnec.icu
qjowinjoinery.icu
qnblackeblast.run
qpillowlove.shop
r11htardwarehu.icu
rarmamenti.world
rarmoryarch.shop
rblackeblast.run
rccrosshairc.life
rlatchclan.shop
rlegenassedk.top
rmetropoli.shop
rmodelshiverd.icu
rnmrodularmall.top
rsterpickced.digital
rugbybrign.life
rweaponrywo.digital
s-cjlaspcorne.icu
s.farfinable.top
sbugildbett.top
scenarisacri.top
scjlaspcorne.icu
screvwspa.icu
scropcircleforum.today
scrosshairc.life
sdecreaserid.world
selfdefens.bet
setfupstore.icu
sfeatureccus.shop
sfostinjec.today
shootef.world
shootforyou.world
shootings.life
shtardwarehu.icu
sorangemyther.live
sqbugildbett.top
sselfdefens.bet
stgellar.shop
swammelohare.top
tacticalte.shop
tacticaltr.shop
taramigo.life
targetsand.shop
targett.top
tcaliberc.today
tcrosshairc.life
tgaragedrootz.top
thtardwarehu.icu
tlegenassedk.top
tmodelshiverd.icu
torangemyther.live
tpistolpra.bet
travelio.digital
triggerte.digital
truckefathu.top
tsterpickced.digital
tvomenuedgarli.shop
tweaponrywo.digital
tweaponwo.life
u1crosshairc.life
uarisechairedd.shop
ucatterjur.run
ucodxefusion.top
uhtardwarehu.icu
ukbegindecafer.world
uqtilityutop.shop
urbanodys.top
uselfdefens.bet
uwildlnifeecho.world
varisechairedd.shop
vbreedertremnd.com
vcjlaspcorne.icu
vforangemyther.live
vmrodularmall.top
vqjowinjoinery.icu
vsterpickced.digital
w-crosshairc.life
w0icjlaspcorne.icu
warisechairedd.shop
wcjlaspcorne.icu
weaponswh.run
weaponwo.life
whmodelshiverd.icu
whtardwarehu.icu
wilddthings.top
wilrdadventur.digital
wlegenassedk.top
wmrodularmall.top
wseedsxouts.shop
wsterpickced.digital
wujowinjoinery.icu
wurbaninsi.top
x1vgaragedrootz.top
xarisechairedd.shop
xcatterjur.run
xcircujitstorm.bet
xfeatureccus.shop
xhardswarehub.today
xjowinjoinery.icu
xllegenassedk.top
xtmrodularmall.top
ybugildbett.top
ycjlaspcorne.icu
yexplorebieology.run
ylbegindecafer.world
yorangemyther.live
ypistolpra.bet
yselfdefens.bet
yweaponwo.life
zbegindecafer.world
zcjlaspcorne.icu
zcrosshairc.life
zghtardwarehu.icu
zjowinjoinery.icu
zmrodularmall.top
zquietswtreams.life
zsfostinjec.today
zweaponrywo.digital

# Reference: https://x.com/skocherhan/status/1902201610006396972
# Reference: https://www.virustotal.com/gui/file/100860ef7d8e9958e93ae3443c9991395924e366cd5ca24b8e1452f7ec930e3c/detection

http://195.82.146.34

# Reference: https://x.com/AzakaSekai_/status/1901595434101157898
# Reference: https://tria.ge/250319-lck1cavtdx/behavioral1
# Reference: https://www.virustotal.com/gui/file/c181be8a2492cb463d6159a955cb29a284e7848061e278be905ffda7bbf4e98d/detection

cousidporke.icu
xselfdefens.bet

# Reference: https://www.virustotal.com/gui/file/062c56f740bb6c2f7297169b873899da35d02470a52d3e88f3181c594aec4d3d/detection

travelilx.top

# Reference: https://x.com/RacWatchin8872/status/1902696907098497170
# Reference: https://app.any.run/tasks/a08761bd-f509-4708-b94a-cc3943675493
# Reference: https://app.any.run/tasks/7bbd518a-18b2-4b81-b751-683c7c4624b6

378945.cfd
7297383.cfd
836787.cfd
927484.cfd
927842.cfd
92841.cfd
994521.cfd
ajksndfroghvnc4asdf.live
bedingfeldarms634.cfd
booking.complaints99831.shop
booking.id-120199821.world
booking.id-1888213.info
booking.reservations-id.com
booking.reviews-57391.info
booking.sales-id-4021.com
check-errorguestis.com
com-review2815.info
comlpt7721.cfd
complaintguest1.com
complaintguest3.com
complaintguest5.com
complaintreservaid2.com
complaintreservaid3.com
complaintreservaid4.com
complaints6236.cfd
complaints99831.cfd
complaints99831.shop
complaintsidguest3.com
complaintsidguest4.com
compliteguest5215.cfd
compliteguest5215.live
compliteguest5215.shop
compliteguest5215.top
compliteguest5215.world
consumer-policy.info
dlmparis623.cfd
elmdenlhotel.cfd
error-reserwisgusta.com
gojeourney.life
guestcomplaint1.com
guestcomplaint2.com
guestcomplaint3.com
guesterror23125.com
guesterrorid612353.com
guestid3329912.cfd
guestid3329912.shop
guestid73436.cfd
guestid734523.cfd
id-120199821.world
id-1888213.info
id3315.com
id5512.com
id723467.com
idcomlreserva3527.com
idcomplaint3.com
idcomplaint4.com
idguest44215.cfd
idguest99366623.cfd
idguestres3.com
idguestres72346.click
idguestreserva12462.cfd
idguestreserva995231.com
idguestreservation634812.com
idguset64325643.com
idres123.click
idres123.world
idreserv7323.cfd
idreservaguest1.com
idreservaguset124634.com
idreserverationguest72353456.cfd
idreservguest2622748.com
idverefication1.com
idverefication2.com
idvereficaton3.com
other-errorreserw.com
payment-comfirmation.com
policy-consume.com
policy-consumer.world
reservagusetid645234.cfd
reservation-id.com
reservations-id.com
reserveratinguestid662233.cfd
reserveratinguestid662233.shop
reserveratinid991.com
review4167-boking.com
reviews-57391.info
saftyplace.com
sales-id-4021.com
stripe-connect.org
userguestid18956.com
userguestid28956.com
userguestid38956.com
vereficatin6124.world
verefication731346.cfd

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-20-v10887/2545

advennture.top
cityesca.top
esccapewz.run
holidamyup.today
sighbtseeing.shop
touvrlane.bet
travewlio.shop
triplooqp.world

# Reference: https://www.virustotal.com/gui/file/37e450007820197207a13517d3a254a50e7bde93a6a0b7e2d130cb4c4cb4e28e/detection

mannydevelope.click

# Reference: https://www.virustotal.com/gui/file/17923ecf7dcafdc4aedf139ecb256d0df6b71f24c77b9ae88cae89b9d7207530/detection

refeplacieud.click

# Reference: https://www.virustotal.com/gui/file/1e05a87da915539b9c05a390fc12fe18f1bb8b4831193b32373e342dae02c2b4/detection

shapeguidecaz.shop

# Reference: https://app.validin.com/detail?find=Verify%20Your%20Request&type=raw#tab=host_pairs (# 2025-03-23)

987233.cfd
185-196-8-60.cprapid.com
booking-assistance-march9931.com
store.mranon.is

# Reference: https://x.com/RacWatchin8872/status/1903935983357227366

astralforging.top
conqstructcor.top
defensein.shop
discoverou.shop
elegangtedg.top
firepowerf.shop
guardiainpets.shop
guncontrold.shop
hannndlehav.shop
marksmanmy.shop
modernmhake.shop
mweteorm.top
panelplxace.top
protectaze.shop
qnaturecud.top
riflesandm.shop
sniperins.shop
suptplystati.shop
tfooltaver.shop
townwand.top
upgradezunio.shop
urbaninsi.top
usefulutivli.top

# Reference: https://www.virustotal.com/gui/file/0e4089d6b6eee0784f68039995b5c51b68051d63760e09e57ee92ec9ee82a5bb/detection

gogetxto.life
travielup.top
wxayfarer.live

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-03-25)

1armamenti.world
4armoryarch.shop
7targett.top
7weaponwo.life
airlightz.shop
aiwavey.run
appgridn.live
artillerygr.shop
atirflee.world
beaminduggl.top
bitcorep.digital
boxedtrends.shop
byteplusx.digital
check.xemyrai6.icu
cometaxk.run
crafottcage.icu
czovercabin.icu
escapoly.shop
flighbtgo.bet
flyxaway.live
ftargett.top
galarona.bet
galaxiay.world
gestaway.bet
getogfone.bet
globekpey.bet
gselfdefens.bet
h2.yyoiy.shop
hacknestm.run
hazperjurke.world
hbugildbett.top
higerson.shop
interstp.live
jellydpubli.icu
jetnroad.bet
jetsetgo.life
knobnhook.icu
l4weaponwo.life
leggbasind.icu
marksmaner.live
oemoutxlet.icu
orbitrxh.shop
pawgsitiv.icu
pepedeepz.icu
pixtreev.run
pselfdefens.bet
qattachmenta.icu
resposibleckk.live
skynetxc.live
soothingpitllow.icu
spacefyu.today
spaceqri.digital
sparkiob.digital
starbits.world
stylefstore.icu
supjportsho.icu
t5impactsupport.world
tanimnalha.icu
tourjoty.bet
touurista.life
trdipwise.bet
trekaolot.run
trobudrunksz.click
tryekland.shop
twripnest.bet
uarmoryarch.shop
voyagenj.bet
wandberup.shop
wandesrl.life
wilidern.life
yarmamenti.world

# Reference: https://x.com/lontze7/status/1905234727935619200

algosetr.digital
alloyexk.digital
appzoner.digital
bugfixu.digital
codemaxq.digital
datagymx.digital
devcodeu.digital
devpathq.digital
enetlabq.digital
ferromny.digital
forgeixv.digital
hacknowl.digital
ironmodw.digital
ironwebi.digital
melteryb.digital
meltonep.digital
meltwaym.digital
moldifye.digital
plugboth.digital
qrtechh.digital
rodcastx.digital
rodgearm.digital
scraplyo.digital
steelbev.digital
steelioc.digital
steelitk.digital
steeluxz.digital
techbitl.digital
techhubq.digital
weldhubt.digital
weldorae.digital

# Reference: https://www.virustotal.com/gui/file/279a5e15ef460b12ac73084bdb94f42e7934d201e59ee14340f5ea7508b3ce79/detection

oreplusm.digital

# Reference: https://www.virustotal.com/gui/file/067f6978264afc5c73da3a6a0aedc816882aada5b9d396568e953afb62e308eb/detection

moldprow.digital

# Reference: https://www.virustotal.com/gui/file/c7ea2f33bd3794014c2666d4e36d56e1f2da0371c989b2c4f41ba05312b9154c/detection
# Reference: https://www.virustotal.com/gui/file/a18412502588d3c09e5ac055aec3f087bdd8d4b84b1f953c8dc034b84692ced5/detection

anvilcov.digital
castmaxw.run
cvrsystem.fr
forgeitt.digital
oreheatq.live
smeltingt.run
steelixr.live

# Reference: https://www.virustotal.com/gui/file/dc4ba5a1c04b5b320976e58bae12a1571aa18ab8b97a13171fb7aab74551d618/detection
# Reference: https://www.virustotal.com/gui/file/1a83a0bf6bdd937e03679a84aba8ae9cedceb97f4461766e98877eae7073b3cf/detection

ingotlyh.digital

# Reference: https://x.com/RacWatchin8872/status/1905984159790641326

astrolym.life
astroutm.life
cosmixxz.live
cosmosyq.shop
galxnetb.today
lunoxxx.shop
moonifyc.digital
moonscik.digital
orbitskc.bet
spacedbv.world
spacenxx.shop
starcloc.bet
starjetv.run
starpopz.live
starwebb.today
voidmaxv.world

# Reference: https://x.com/skocherhan/status/1906609140392198178
# Reference: https://www.virustotal.com/gui/file/06a0c5ec948b65d8377b784b32f0beed36585a0c800b7ef378ed4d2bc6619f66/detection

ironloxp.live
lunoxorn.top
metalsyo.digital
navstarx.shop
rodformi.run

# Reference: https://x.com/skocherhan/status/1906625243914829924
# Reference: https://www.virustotal.com/gui/file/02e7c5670e6a0f94d4abcb70cbaac76716f45a9c746e2c2045cd002ba3eca0ec/detection

abcfarmq.run
bestgems.shop

# Reference: https://x.com/skocherhan/status/1906858391860904011
# Reference: https://www.virustotal.com/gui/file/102d5470420130c5d084d23b7ef856ac723bee676e0dc6162e90ef9191487e22/detection

thrivintgcommunity.top
trndsetterstyle.com

# Reference: https://app.validin.com/detail?find=Verify%20Your%20Request&type=raw#tab=host_pairs (# 2025-04-01)

booking-april-recapt09993748.com
btcpayserver.io
document-notification.com
mranon.is
partner-19644587.com
partner-id.org
payserver.pages.dev
review-booking34891.com
review4571-boking.com
roomnum-9983674.world
sony-verified.com
spen.uphostme.net
uncanceletion.world
uphostme.net
wrvcbdoputfeyv.cfd
ypp-panel.com
ypp-update.com

# Reference: https://x.com/RacWatchin8872/status/1907185561225609310

achedoce.digital
adhventur.today
alivpaxy.digital
alloylyu.digital
alloymou.digital
ammoadven.digital
apireco.digital
arcmeltq.digital
astrateg.today
astrioni.top
astroset.top
astrosyi.digital
astrowev.today
bedrestw.digital
biopaint.digital
biosdening.digital
bootedfared.today
circuitzstream.digital
citycultu.top
combatchron.top
comexisj.digital
cosmicrealms.top
cosmosyf.top
cosmozar.today
cosmozya.digital
curamedi.digital
delpainq.digital
dividentesnub.top
dreamyunature.digital
dreliefr.digital
ecofhculture.digital
elixatei.digital
explorejz.top
ezcureg.digital
fitmedse.digital
fixcturefacto.top
fluffypxillow.today
flyeworld.digital
fragwrantfields.digital
frequeposs.digital
fusrryfrenzy.top
fwurryfriends.top
galaxyv.top
globetprip.digital
globfetix.digital
globinway.digital
glodbejoy.today
goabroafd.today
googutnow.today
gumcarey.digital
gunpowderg.top
happyresgt.top
healthzo.digital
healtxuiry.digital
holvidayo.top
illamedw.digital
inlikelen.digital
innovahtescience.top
jsoftnest.top
klendoct.digital
localadve.digital
localfarmerj.today
lsunarlandsc.digital
lunapixu.top
medicusi.digital
medswayq.digital
metalexj.digital
metalfyz.digital
metalrom.digital
metalupy.digital
milkywaydr.digital
mobviewd.digital
moonsatm.digital
natulreconserve.today
natureinspired.digital
nebulard.today
nebuxisn.top
newpillr.digital
nomadwajy.digital
oreformr.digital
paxthfinder.digital
physicszofne.digital
pillhube.digital
pillowdregams.digital
pillowrzelax.digital
pillowthefrapy.top
pqillowsoft.digital
quaserxr.today
raoamspot.today
remediay.digital
riflesf.top
riflesrev.digital
roadtripde.top
roafmland.today
roamers.today
roamrline.top
robotigsearch.digital
sapmedsw.digital
shootingst.digital
skyhighj.top
skywavej.digital
solsoftt.digital
spaceaet.top
spaxicox.today
spydentn.digital
starbigq.digital
starlabh.top
starolyf.top
staroney.today
steelmor.digital
sustainharvests.top
swnugpillow.top
tacticalt.digital
tacticaltr.top
tamedicq.digital
techinhions.digital
tqravelsy.top
trainywholed.top
traveliln.digital
traveluxk.today
travmelux.today
trekfgory.top
trmedicr.digital
trsekzone.top
trzipwise.digital
vaecation.today
wanderyly.digital
wchiskers.digital
wellmede.digital
windsqweptland.top
workmedy.digital
worldtxix.top

# Reference: https://x.com/OwnerProcessID_/status/1907500316460978298

2targexx.top
kbyteplusx.digital
vsparkiob.digital
xx4travewlio.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-04-06)

0quavabvc.top
0scenarisacri.top
1btargett.top
1grxeasyw.digital
1quavabvc.top
28jrxsafer.top
29krxspint.digital
2plantainklj.run
2xrfxcaseq.live
3z7advennture.top
4advennture.top
5ironloxp.live
5pepperiop.digital
6puerrogfh.live
7advennture.top
7grxeasyw.digital
7jrxsafer.top
7quavabvc.top
8advennture.top
8jrxsafer.top
8rambutanvcx.run
8xrfxcaseq.live
99rhxhube.run
9advennture.top
aadvento.run
appnavia.live
aywmedici.top
bjrxsafer.top
bplantainklj.run
cplantainklj.run
crhxhube.run
darjkafsg.digital
dgalxnetb.today
erhxhube.run
fastbenerfa.shop
fjrxsafer.top
flighttr.run
flourishfo.run
fprivileggoe.live
fpuerrogfh.live
gdeaddereaste.today
gg1.cewal.fun
gkrxspint.digital
gpuerrogfh.live
gquavabvc.top
gxrfxcaseq.live
h0pepperiop.digital
healgeni.live
hxrfxcaseq.live
hywmedici.top
igrxeasyw.digital
ijrxsafer.top
iplpepperiop.digital
iquavabvc.top
joyousczx.live
jrlxspoty.run
jstarcloc.bet
jtargett.top
kadvennture.top
kgalxnetb.today
kpuerrogfh.live
kquavabvc.top
ljrxsafer.top
luncertainyelemz.bet
lxrfxcaseq.live
mbywmedici.top
mgrxeasyw.digital
miropilw.run
mrambutanvcx.run
mywmedici.top
njrxsafer.top
njywmedici.top
npepperiop.digital
nrhxhube.run
ocrhxhube.run
ogrxeasyw.digital
okrxspint.digital
onavstarx.shop
palpableafs.live
paraperw.live
pepperiop.digital
phywmedici.top
plantainklj.run
pquavabvc.top
ptargett.top
ptriplooqp.world
puerrogfh.live
q6rhxhube.run
qplantainklj.run
quavabvc.top
rambutanvcx.run
reboundui.live
sadvennture.top
sezolo.shop
sgalxnetb.today
sparaperw.live
sprmendu.live
srambutanvcx.run
sspacedbv.world
steptbli.digital
synmedsp.live
tadvennture.top
tesra.shop
tgalxnetb.today
transfosdrm.live
tzpuerrogfh.live
unicornu.digital
uplifthj.digital
utargett.top
wjrxsafer.top
xkrxspint.digital
xpuerrogfh.live
xuzkrxspint.digital
yjrxsafer.top
yplantainklj.run
zkrxspint.digital
ztrlxspoty.run

# Reference: https://www.virustotal.com/gui/file/0701becbee63ab67752774b2abff998744488f66f11a2d9e6d1f5da4feed11c0/detection

jrxsafer.top
xrfxcaseq.live

# Reference: https://x.com/skocherhan/status/1909006037249581552
# Reference: https://www.virustotal.com/gui/file/da6999450bfdab3b35897ce99d197068864b5737b22b84788764437ec523937b/detection
# Reference: https://www.virustotal.com/gui/file/2c1de8103e9352f87e9bcf236cc33d84b46013f78b8124ad626afc9b6f86d2c1/detection

2.59.41.142:8080

# Reference: https://x.com/skocherhan/status/1910225192363638822
# Reference: https://www.virustotal.com/gui/file/82d8218f9fd064db4090f69170dd2d5164b0959036ba1931d3ae1f9f9eefe990/detection

renewxc.live

# Reference: https://x.com/skocherhan/status/1911498592897871958

beachekokfd.info
chiptuninginfo.top
domamnsin.info
fakenbetchm.shop
fordfocusextended.info
freekash.info
gbookdm.shop
germafrodit.info
investinvagina.shop
kiriilomeff.shop
noteline.net
ponosbomja.shop
prostatitunet.shop

# Reference: https://x.com/Gi7w0rm/status/1911841503934099824
# Reference: https://tria.ge/250414-vmncwsv1hx/behavioral1

changeaie.top
jawdedmirror.run
liftally.top
lonfgshadow.live
nighetwhisper.top
owlflright.digital
salaccgfa.top
westrosei.live
zestmodp.top

# Reference: https://www.virustotal.com/gui/file/c277bb963987acaf529c2bdef6468f36f0522229168ba890bc8bbd9266cc19e1/detection

iqronrose.top

# Reference: https://x.com/joe4security/status/1912072320392310805
# Reference: https://www.joesandbox.com/analysis/1665160/0/html

clarmodq.top

# Reference: https://www.virustotal.com/gui/file/0dd2fa064c7b8bcfb3db5fb9c067c19b54e4f7cf674761d52e7a3a307f68b999/detection

pang-scrooge-carnage.lol

# Reference: https://x.com/RacWatchin8872/status/1912470730601603503

addictecathef.shop
adventukre.shop
africeconc.digital
agrifyn.digital
agritxtion.icu
agrreestabbe.shop
anidmalallies.shop
animalhyinfo.shop
archanyeltie.digital
argbizzh.digital
assembslyais.shop
astfacea.shop
astraeal.shop
astronab.shop
awakene.digital
banglrateq.digital
bardstoryx.digital
betteray.digital
beyondth.icu
braileconr.digital
brightplf.digital
bxattlepath.digital
canadatatu.digital
changetee.digital
changey.digital
coolmodej.digital
criittercom.shop
digitreepco.digital
drearmypillows.icu
druidstoine.digital
econbele.digital
econczecyh.digital
econfro.digital
econlithw.digital
econnit.digital
econusi.digital
elevatmef.digital
emergoe.digital
equipentxer.icu
estoneconq.digital
esucapist.shop
exaltiazx.digital
extender.digital
fastfwdo.digital
fokuspeedr.digital
forgelegacy.digital
fqairylance.digital
frosbtkeep.digital
galactes.shop
gapporbite.fun
getbetterc.digital
getupmodx.digital
givedpooreko.icu
goldenuage.digital
greeconu.digital
gregarioite.fun
happyfds.digital
heatmodd.digital
hqdataep.digital
inflacoine.digital
irzonshield.digital
joinqw.digital
knightatch.digital
knightsoulf.digital
knowledgtebase.icu
lacdailyw.digital
launchzh.digital
libertyvb.digital
liftmodb.digital
lightyu.digital
locatedcork.shop
lordsvquest.digital
lunaflyq.shop
lunapicu.shop
minstrelsj.digital
minstrelwpay.digital
modadaptb.digital
modflowv.digital
modmovel.digital
modnextq.digital
modpeersr.digital
modsmartu.digital
modtechp.digital
moduplifct.digital
modupx.digital
neburonz.shop
nebuwaxe.shop
nebuxlyh.shop
noblegf.digital
nurseryejec.digital
ogpenhearts.tech
openwq.digital
oqutdoorserenity.icu
orcisthbane.digital
overlapseq.digital
owlfmamir.digital
paincopp.digital
polandecor.digital
producesility.icu
proenhann.digital
qneverquest.digital
qualiftyquar.icu
quasarxp.shop
ratedevea.top
releasegjh.digital
relicstoned.digital
relricwatch.digital
renewmodf.digital
restedpinllow.shop
risevc.digital
rushmn.digital
rxoamify.shop
sacredtaxle.digital
safeaido.digital
scalemodm.digital
sceeptersong.digital
shieldwallj.digital
shiftvc.digital
shinehaired.icu
shootingge.shop
skyblastu.shop
skyflopi.shop
smartmodw.digital
smartupw.digital
southratee.digital
springqw.digital
sprkingawakening.icu
starsciw.shop
stelmeal.digital
stonefuorge.digital
sunsethorsizons.icu
swoerdgrip.digital
tapejstryart.digital
techinssvight.icu
technolwtrends.shop
thnkmodt.digital
thnnkzt.digital
trekifyx.shop
tridpgaze.shop
truestoryc.digital
ugandenxw.digital
unbinddas.digital
unbrokyenvow.digital
underdarkp.digital
upmodisei.digital
vegimedp.digital
videfavcotr.icu
warmoda.digital
wawrdenshire.digital
weavegfg.digital
wildflameo.digital
winetersgard.digital
winningxc.digital
xmedoror.digital
yardedrinkk.shop
zestfad.digital

# Reference: https://x.com/malwrhunterteam/status/1913190582580560074
# Reference: https://x.com/s1dhy/status/1914056511535333862
# Reference: https://app.any.run/tasks/9febf38d-a82a-4705-a8d6-6dac680b3d1d
# Reference: https://www.virustotal.com/gui/file/329f64bb5413cb69ed61dcdcafd3686782d8ac163301de64ff60ba158f35b5c9/detection
# Reference: https://www.virustotal.com/gui/file/cfbc2fcc8a5188d3f66a0e2b2a594db3235595c4d7b92daac86f88dcd531fe7e/detection

cheap-construct-cars.shop
krastrikt.sbs
games1-server.cfd
node2-server.cfd
powerplayzone.rest

# Reference: https://x.com/banthisguy9349/status/1913677743964708887
# Reference: https://www.virustotal.com/gui/file/1a5c5c73e9c6fe8fd4d4c242244d8cb6ba08b37c5dd3cb2bcecbed0726307338/detection

http://185.39.17.162
piratetwrath.run
quilltayle.live
revitmodh.run
starofliught.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-04-20)

0clarmodq.top
0deflamep.live
0galxnetb.today
0iadvennture.top
0jrxsafer.top
0lonfgshadow.live
0navstarx.shop
0ptouvrlane.bet
0puerrogfh.live
0salaccgfa.top
0smeltingt.run
0topographky.top
0upmodini.digital
0wxayfarer.live
0yowlflright.digital
0zestmodp.top
11jrxsafer.top
1advennture.top
1appgridn.live
1biosphxere.digital
1blast-hubs.com
1byteplusx.digital
1cartograhphy.top
1jrxsafer.top
1metalsyo.digital
1navstarx.shop
1nebuxisn.top
1pixtreev.run
1pomelohgj.top
1smeltingt.run
1starcloc.bet
1travewlio.shop
1weldorae.digital
1zestmodp.top
1zlatitudert.live
2-ironloxp.live
20advennture.top
20ywmedici.top
28plantainklj.run
2bzestmodp.top
2castmaxw.run
2changeaie.top
2hemispherexz.top
2jawdedmirror.run
2jsoursopsf.run
2n0weldorae.digital
2rhxhube.run
2smeltingt.run
2spacedbv.world
2travelilx.top
2zealjkh.digital
3.targett.top
34soursopsf.run
3biosphxere.digital
3cartograhphy.top
3castmaxw.run
3changeaie.top
3dplantainklj.run
3ferromny.digital
3hemispherexz.top
3jrxsafer.top
3navstarx.shop
3puerrogfh.live
3qrodformi.run
3quilltayle.live
3rambutanvcx.run
3salaccgfa.top
3xrfxcaseq.live
3zealjkh.digital
4afnavstarx.shop
4arisechairedd.shop
4asalaccgfa.top
4climatologfy.top
4csmeltingt.run
4furthert.run
4galxnetb.today
4inputrreparnt.com
4jrxsafer.top
4lonfgshadow.live
4pepperiop.digital
4quilltayle.live
4spacedbv.world
4steelixr.live
4stormlegue.com
4targett.top
4triplooqp.world
4upmodini.digital
4weldorae.digital
5equatorf.run
5f9navstarx.shop
5metalsyo.digital
5piratetwrath.run
5plantainklj.run
5starcloc.bet
5travelilx.top
5weldorae.digital
5ywmedici.top
5zestmodp.top
6.starcloc.bet
60advennture.top
6castmaxw.run
6deflamep.live
6ferromny.digital
6jmetalsyo.digital
6jrxsafer.top
6oreheatq.live
6oxrfxcaseq.live
6pistolpra.bet
6quavabvc.top
6rambutanvcx.run
6salaccgfa.top
6starcloc.bet
6travelilx.top
6usalaccgfa.top
6wxayfarer.live
6yhtargett.top
7blacksmithz.run
7castmaxw.run
7changeaie.top
7dlonfgshadow.live
7galxnetb.today
7metalsyo.digital
7navstarx.shop
7nighetwhisper.top
7piratetwrath.run
7plantainklj.run
7puerrogfh.live
7soursopsf.run
7sparkiob.digital
7starcloc.bet
7steelixr.live
7usspacedbv.world
7weldorae.digital
7wtouvrlane.bet
7wxayfarer.live
7ywmedici.top
81changeaie.top
87kytorpdidebar.com
886132-coinbase.com
8biosphxere.digital
8castmaxw.run
8cferromny.digital
8clarmodq.top
8easyupgw.live
8ferromny.digital
8fsalaccgfa.top
8furthert.run
8liftally.top
8navstarx.shop
8plantainklj.run
8ptargett.top
8salaccgfa.top
8smeltedx.run
8spacedbv.world
8starofliught.top
8steelixr.live
8targett.top
8touvrlane.bet
8travelilx.top
8weldorae.digital
8xcelmodo.run
8yrambutanvcx.run
8zestmodp.top
9-xrfxcaseq.live
91jrxsafer.top
95aliftally.top
9btargett.top
9clarmodq.top
9czestmodp.top
9e0vironloxp.live
9grxeasyw.digital
9jumpxer.run
9legenassedk.top
9lironloxp.live
9nighetwhisper.top
9soursopsf.run
9starjetv.run
9upmodini.digital
9xrfxcaseq.live
9ywmedici.top
a4pepperiop.digital
aadvennture.top
aardvarkw.live
acceconz.run
aeasyupgw.live
aecoexpanpd.live
afternoocock.it.com
agroeconb.live
ahemispherexz.top
alegenassedk.top
aliftally.top
anavstarx.shop
ancieynttale.live
anestlecompany.world
animalantpics.live
aplantainklj.run
appstreawm.digital
aqmetalsyo.digital
aquesolp.run
asalaccgfa.top
astarofliught.top
asteelixr.live
atfuturizez.live
atropiscbs.live
automazye.digital
avigorbridgoe.top
aweldorae.digital
azestmodp.top
azgalxnetb.today
b.surfaceconsoling.makeup
b6zestmodp.top
badvennture.top
bblast-hubs.com
bcastmaxw.run
bcclarmodq.top
bclimatologfy.top
bearjk.live
beasyupgw.live
bhungreecoq.run
biosphxere.digital
bisonq.live
bktriplooqp.world
blacksmeiths.digital
bliftally.top
bnavstarx.shop
bnighetwhisper.top
boostcmc.run
boostmodw.live
borderkjsyui.shop
boxingcasualty.shop
brambutanvcx.run
bravelyko.run
breuhiag.live
brhxhube.run
brodformi.run
bsalaccgfa.top
bsmeltingt.run
btopographky.top
buzzarddf.live
bwxayfarer.live
bytequesty.digital
bzestmodp.top
c2puerrogfh.live
c5plantainklj.run
c6quilltayle.live
cadvennture.top
cartograhphy.top
cbadvennture.top
cgalxnetb.today
cgrxeasyw.digital
chamelweon.digital
chemcryexplore.live
ciwoodpeckersd.run
cjrlxspoty.run
cjrxsafer.top
cliftally.top
climatologfy.top
clonfgshadow.live
coderspartk.digital
correoaergentino.top
correoargenetino.top
correosapp.info
courtjew.digital
cquilltayle.live
crabw.digital
crackystart.help
crocodilefg.top
cryptolando.digital
csmeltingt.run
ctargett.top
ctmetalsyo.digital
czestmodp.top
datacubei.digital
datafhgorge.live
datanixf.live
dbugildbett.top
dbyteplusx.digital
dcastmaxw.run
ddarjkafsg.digital
ddnighetwhisper.top
dentistdomestic.shop
digilayerx.digital
djawdedmirror.run
dolphine.digital
dpiratetwrath.run
dquilltayle.live
dragonfireq.digital
drbettere.live
drlxspoty.run
dryguitttaow.shop
dsalaccgfa.top
dsighbtseeing.shop
dskynetxc.live
dsoursopsf.run
dstarcloc.bet
dstarofliught.top
dsystemx.digital
dtargett.top
dvjrxsafer.top
dystarcloc.bet
e0gfurthert.run
ebtargett.top
echangeaie.top
ecironloxp.live
eclimatologfy.top
ecoexpanpd.live
econdeni.live
edumakerb.digital
efgalxnetb.today
egeographys.run
ekzestmodp.top
emetalsyo.digital
equatorf.run
equilltayle.live
eskynetxc.live
eupmodini.digital
eurastratse.live
eurowatchw.run
exhaleqw.live
exjrxsafer.top
ezestmodp.top
f2quavabvc.top
f9ywmedici.top
faacastmaxw.run
farmerpreneur.live
fchangeaie.top
fclarmodq.top
ferretwq.digital
ferrofyl.live
fgalxnetb.today
fgeographys.run
fironloxp.live
fishgh.digital
fkquavabvc.top
fliftally.top
flongitudde.digital
flwuffyfriends.live
fpoweldorae.digital
fquavabvc.top
franecont.run
freedomyt.live
fsighbtseeing.shop
fstarofliught.top
futuristx.live
gadvennture.top
gameverseb.digital
gblastikcn.com
gcartograhphy.top
geasyupgw.live
genplust.live
geoecony.live
geographys.run
giveoi.run
gjawdedmirror.run
glowpop.live
glucoseranger.digital
gmetalsyo.digital
gnavstarx.shop
goldfisher.digital
gqferromny.digital
greatborken.com
greeconoimy.run
gregenearthjourney.live
grodformi.run
gsalaccgfa.top
gsoursopsf.run
gstarofliught.top
gsteelixr.live
gtouvrlane.bet
gweldorae.digital
gywmedici.top
gzestmodp.top
h-spacedbv.world
h-tropiscbs.live
h1.glucoseranger.digital
h1.passionwhenever.shop
h1.unalteredaccuracy.shop
h1.wieldercherub.top
h2advennture.top
hackergala.digital
harmystpeo.help
hbyteplusx.digital
hchangeaie.top
healhgf.digital
hedgehocvg.digital
hegrxeasyw.digital
hemispherexz.top
heraldryr.digital
hftargett.top
hindecoo.live
hjesxterplay.run
hliftally.top
hmetalsyo.digital
hnavstarx.shop
hnwoodpeckersd.run
homesteadingjourney.world
howlflright.digital
hplantainklj.run
hqstarcloc.bet
hsmeltingt.run
hspacedbv.world
hsteelixr.live
htargett.top
htravelilx.top
hyperforge.digital
hzealjkh.digital
hzestmodp.top
hznighetwhisper.top
i8geographys.run
iadvennture.top
iatouvrlane.bet
ichangeaie.top
iclarmodq.top
iferromny.digital
iftargett.top
igalxnetb.today
igeographys.run
ignites.live
iguanadx.run
ihbabberstalek.org
ijawdedmirror.run
iladvennture.top
iliftally.top
ilongitudde.digital
imetalsyo.digital
infotechizone.live
innovtechg.digital
instdallinter.shop
ioreheatq.live
iqironloxp.live
iqnterstellles.live
irhxhube.run
isalaccgfa.top
iskynetxc.live
istarcloc.bet
italecony.digital
itravelilx.top
iupmodini.digital
iwashi.biz
ixcelmodo.run
izealjkh.digital
j.easyupgw.live
jadvennture.top
jeasyupgw.live
jellyfisnbnh.live
jesxterplay.run
jgalarona.bet
jjxrfxcaseq.live
joreheatq.live
jpsmeltingt.run
jrambutanvcx.run
jspacedbv.world
jtravelilx.top
juggleshiftless.live
jwxayfarer.live
k2salaccgfa.top
k4plantainklj.run
k8rodformi.run
kappgridn.live
kazrequesot.digital
kcastmaxw.run
kemetalsyo.digital
kjawdedmirror.run
kjrxsafer.top
kkferromny.digital
klonfgshadow.live
kmspicofiles.com
koreheatq.live
kpiratetwrath.run
krhxhube.run
ksalaccgfa.top
ksoursopsf.run
kspacedbv.world
kstarcloc.bet
ktouvrlane.bet
ktravelilx.top
kvdeflamep.live
kywmedici.top
l-targett.top
l3jrxsafer.top
l9travelilx.top
labupfdates.world
ladvennture.top
latitudert.live
lbiosphxere.digital
lchangeaie.top
leasyupgw.live
lgeographys.run
lifecubeq.digital
limiztlesspotential.tech
lip.is
lipsdonny.com
lironloxp.live
ljtravelilx.top
lkdipsafals.digital
llestagames.world
lnavstarx.shop
lowlflright.digital
lpiratetwrath.run
lquilltayle.live
lrambutanvcx.run
lrhxhube.run
lspacedbv.world
lsteelixr.live
ltropiscbs.live
lum-market.fun
lummamarket.com
lvoicesharped.com
lywmedici.top
lzestmodp.top
m3ywmedici.top
m6changeaie.top
ma.soursopsf.run
machinehiub.digital
madvennture.top
maliftally.top
market-lumer.com
maxcloudr.digital
mcartograhphy.top
mclimatologfy.top
mediaflowq.run
medicotu.live
meerkaty.digital
meltarec.run
mequatorf.run
mexratet.digital
mferromny.digital
mflowthai.world
mgalxnetb.today
mholidamyup.today
mjadvennture.top
mjrxsafer.top
mlonfgshadow.live
mmetalsyo.digital
modtimea.run
moonlitwayq.run
movemozd.run
mowlflright.digital
mplantainklj.run
mquavabvc.top
mrodformi.run
msalaccgfa.top
mscastlaby.live
msmeltingt.run
msoursopsf.run
mstarofliught.top
msteelixr.live
mtargett.top
mupmodini.digital
mvweldorae.digital
mweldorae.digital
n39starcloc.bet
namedice.live
naplantainklj.run
ncartograhphy.top
ncastmaxw.run
nchangeaie.top
nclarmodq.top
nequatorf.run
netscoute.digital
newrxst.run
newtsda.digital
newzeconi.digital
nextstepu.live
nquavabvc.top
nrambutanvcx.run
nrlxspoty.run
nrodformi.run
nsighbtseeing.shop
nsmeltingt.run
nspacedbv.world
nwxayfarer.live
o5kqupmodini.digital
oadvennture.top
ochangeaie.top
ochreapy.live
oljrxsafer.top
ometalsyo.digital
ootopographky.top
opiratetwrath.run
opistolpra.bet
opixtreev.run
optifyc.live
optimedi.run
opuerrogfh.live
oquavabvc.top
orhxhube.run
osadvennture.top
osteelixr.live
otopographky.top
otravelilx.top
otravewlio.shop
overcomfsae.run
oxcelmodo.run
oxrfxcaseq.live
ozealjkh.digital
ozestmodp.top
p5pepperiop.digital
p6castmaxw.run
p7appgridn.live
pacimelo.live
padvennture.top
parakehjet.run
passionwhenever.shop
pbiosphxere.digital
pchangeaie.top
pejnguin.live
pesccapewz.run
pferromny.digital
pgalxnetb.today
pgaragedrootz.top
pgrhxhube.run
pirambutanvcx.run
pixelcodey.digital
pixelupf.live
pjrxsafer.top
pliftally.top
plongitudde.digital
plupmodini.digital
pomelohgj.top
porcupineq.digital
potargett.top
prambutanvcx.run
prhxhube.run
psalaccgfa.top
pstarcloc.bet
pstarofliught.top
ptravelilx.top
pywmedici.top
q3travewlio.shop
qcastmaxw.run
qclimatologfy.top
qdarjkafsg.digital
qeasyupgw.live
qfybiosphxere.digital
qgalxnetb.today
qjrxsafer.top
qliftally.top
qnavstarx.shop
qquavabvc.top
qrambutanvcx.run
qrebeldettern.com
qspacedbv.world
qtouvrlane.bet
qtravewlio.shop
qualityow.store
quicktecho.digital
quonecony.live
qwoodpeckersd.run
qxrfxcaseq.live
qywmedici.top
r1.juggleshiftless.live
r1qesccapewz.run
rarhxhube.run
raywmedici.top
rbiosphxere.digital
rchangeaie.top
rdeflamep.live
readvennture.top
rebuildecuon.digital
redcurrczx.digital
reimaginbe.run
remorar.digital
resetnb.run
revampitn.live
revivety.digital
rferromny.digital
rgironloxp.live
rgrxeasyw.digital
ridgeviemme.live
rironloxp.live
rlatitudert.live
rliftally.top
rpiratetwrath.run
rpuerrogfh.live
rsalaccgfa.top
rstarcloc.bet
rtargett.top
rusconfi.run
rushelectc.digital
rweldorae.digital
rwweldorae.digital
rwxayfarer.live
rzestmodp.top
s.rhxhube.run
s4cartograhphy.top
sagowe.live
samedicq.live
saturnoy.life
sblackeblast.run
scastmaxw.run
schangeaie.top
scrapixt.live
sdcastmaxw.run
sealyiu.live
security-verification-centre.com
security.cloydgvarde.com
sensacoukwekch.com
serambutanvcx.run
serbstatp.digital
setfreecxz.live
sewektrip.shop
sferromny.digital
sgeographys.run
shiftmodh.run
sieeraft.digital
siwlverhelm.live
slatitudert.live
sliftally.top
slliftally.top
slothwe.digital
smartbitsx.digital
snailzg.digital
snighetwhisper.top
soargh.run
sorcery.digital
soreheatq.live
sowlflright.digital
speedupde.run
sproutvb.live
spuerrogfh.live
squavabvc.top
ssalaccgfa.top
sslassla.com
ssmeltingt.run
stackwaven.digital
stargett.top
stopographky.top
stravewlio.shop
striketr.live
stropiscbs.live
surfaceconsoling.makeup
surmisehotte.click
swedecoy.digital
sweldorae.digital
sxcelmodo.run
sywmedici.top
takeoffsfd.digital
tapiretre.digital
tatargett.top
tcartograhphy.top
tchangeaie.top
tclarmodq.top
teasyupgw.live
techcastlev.live
techformb.digital
technomindc.digital
techscapeh.digital
tferromny.digital
thiefbshadow.run
thundercoall.live
tiesccapewz.run
timerlesssaga.run
tkrxspint.digital
tlonfgshadow.live
tnighetwhisper.top
topographky.top
tpepperiop.digital
tplantainklj.run
tpuerrogfh.live
tquavabvc.top
transdataa.digital
tripfflux.world
tropiscbs.live
tsmeltingt.run
tt4travewlio.shop
ttargett.top
ttopographky.top
tugrambling.shop
turkeysitao.digital
turkeytzq.live
tvchangeaie.top
twarmoda.digital
tweldorae.digital
twilitghtarc.live
twoodpeckersd.run
twxayfarer.live
txrfxcaseq.live
ubiosphxere.digital
ublastikcn.com
ubyteplusx.digital
ucartograhphy.top
ufclimatologfy.top
ugrxeasyw.digital
uironloxp.live
uliftally.top
umetalsyo.digital
unalteredaccuracy.shop
unavstarx.shop
undo.sg
unimedi.run
uoreheatq.live
usalaccgfa.top
ustarcloc.bet
usteelixr.live
ut-starcloc.bet
utravelilx.top
utravewlio.shop
uufeatureccus.shop
uupmodini.digital
uwoodpeckersd.run
uxcelmodo.run
uzbecobt.digital
uzestmodp.top
v0salaccgfa.top
v6quavabvc.top
v7salaccgfa.top
v8clarmodq.top
vcastmaxw.run
vclarmodq.top
vclimatologfy.top
vdrbettere.live
vgeographys.run
vgrxeasyw.digital
vigorbridgoe.top
vjrxsafer.top
vliftally.top
vlonfgshadow.live
vlongitudde.digital
vmetalsyo.digital
vnaturewsounds.help
vnholidamyup.today
vnjawdedmirror.run
vowlflright.digital
vporcupineq.digital
vrambutanvcx.run
vsalaccgfa.top
vsatargett.top
vstarofliught.top
vsteelixr.live
vtravelilx.top
vtriplooqp.world
vu1btargett.top
vxcelmodo.run
vywmedici.top
w5advennture.top
wadvennture.top
wawrhamer.live
wbrhxhube.run
wbrufdi.digital
webmindsk.digital
webnesti.live
whchangeaie.top
whippetzx.digital
wieldercherub.top
wironloxp.live
wliftally.top
wmetalsyo.digital
wnighetwhisper.top
wolverineas.top
woodpeckersd.run
wpastedeputten.life
wquavabvc.top
wquilltayle.live
wsalaccgfa.top
wsighbtseeing.shop
wsmeltingt.run
wtargett.top
wupmodini.digital
wweldorae.digital
x5begindecafer.world
xblastikcn.com
xbxattlepath.digital
xbytehubi.digital
xchangeaie.top
xclarmodq.top
xclimatologfy.top
xferromny.digital
xfurthert.run
xhemispherexz.top
xironloxp.live
xjrxsafer.top
xmedresp.run
xmetalsyo.digital
xnighetwhisper.top
xolegenassedk.top
xsmeltingt.run
xssteelixr.live
xstarofliught.top
xsteelixr.live
xtravelilx.top
xvigorbridgoe.top
xwxayfarer.live
xzestmodp.top
yadvennture.top
ybiosphxere.digital
ychangeaie.top
yeaio.shop
yequatorf.run
yferromny.digital
yisalaccgfa.top
ykrxspint.digital
yliftally.top
yoreheatq.live
ypepperiop.digital
yrodformi.run
ysalaccgfa.top
yspacedbv.world
ysteelixr.live
ytargett.top
ytravelilx.top
ytriplooqp.world
yvigorbridgoe.top
ywoodpeckersd.run
ywzskynetxc.live
yywmedici.top
z-jrxsafer.top
z6elvernwood.digital
zadvennture.top
zclarmodq.top
zebrai.digital
zestmedo.top
zferromny.digital
zfurthert.run
zgrxeasyw.digital
zironloxp.live
zpawsandplay.live
zpixtreev.run
zrambutanvcx.run
zrodformi.run
zsalaccgfa.top
zsoursopsf.run
zsteelixr.live
ztargett.top
ztravewlio.shop
zusmeltingt.run
zweldorae.digital
zwxayfarer.live

# Reference: https://x.com/RacWatchin8872/status/1915012872607830323

bullfrogvc.digital
kangaroojh.digital
keywestuy.digital
manateeiu.digital
pldcbus.digital
quollgjk.digital
shelducopk.digital
shrimpcvd.digital
tarantutyla.digital
vampirebioat.digital

# Reference: https://x.com/malwrhunterteam/status/1915032158374187405
# Reference: https://www.virustotal.com/gui/file/120316ecaf06b76a564ce42e11f7074c52df6d79b85d3526c5b4e9f362d2f1c2/detection

badnesspandemic.shop

# Reference: https://x.com/h4rmsw4yX/status/1915060199162871940
# Reference: https://www.virustotal.com/gui/file/f831f81d3fe976e42e71b63177682a6795eaaaa302770331f2893fef1a4fbcb6/detection

longitudde.digital

# Reference: https://x.com/malwrhunterteam/status/1915124028404310267
# Reference: https://www.virustotal.com/gui/file/5051f900d63e9d693eaa59be1ce97549f6d4516d2882227400fc7e18f01e97b7/detection
# Reference: https://www.virustotal.com/gui/file/455134278ab45be42a160a0630ac504bb9911234c2bc095e3b5544c00832b4ad/detection

147.45.60.75:2916
185.209.30.91:1466
62.60.234.97:1466
penknifescuttle.shop
whinnypassion.shop
wildlifeautograph.shop
h1.penknifescuttle.shop
h1.whinnypassion.shop
h1.wildlifeautograph.shop

# Reference: https://x.com/malwrhunterteam/status/1915728119413043498
# Reference: https://www.virustotal.com/gui/file/f9685004255de7ff8ab9f10b9b22f325a6737ea03692b8c2124f8481731f1e09/detection

iamnotarobot.sbs

# Reference: https://x.com/RacWatchin8872/status/1917166426835628351

aquilaew.digital
battloeaxes.digital
botflowe.digital
caligust.digital
castuwalls.digital
eaglekl.digital
easyboty.digital
enchanyo.digital
equitesq.digital
fairytas.digital
gladiisr.digital
legenudso.digital
mealair.digital
medievaltao.digital
obeliske.digital
questforhoq.digital
romulusy.digital
smartasxlgorithm.shop
swordandsr.digital
wiyzardin.digital
wizardrry.digital

# Reference: https://x.com/RacWatchin8872/status/1918313398967701754

circumii.digital
deracieqwg.digital
dimerabb.digital
exciteemce.digital
genusmlfhv.digital
golkii.digital
hallsire.digital
iiiowrc.digital
iulianau.digital
jobautoo.digital
legniveb.digital
lucasetql.digital
lucidanp.digital
mustelxfzf.digital
neolamraxc.digital
peasazp.digital
polemodeae.digital
slowneyfti.digital
vennedkufp.digital
wizardschou.digital

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-05-04)

0biosphxere.digital
0cartograhphy.top
0changeaie.top
0climatologfy.top
0darjkafsg.digital
0equatorf.run
0fclarmodq.top
0fishgh.digital
0hgeographys.run
0latitudert.live
0nighetwhisper.top
0opusculy.top
0owlflright.digital
0parakehjet.run
0piratetwrath.run
0quilltayle.live
0r.zestmodp.top
0scriptao.digital
0tbiosphxere.digital
0techsyncq.run
0teczakozmetik.net
0tpistolpra.bet
0woodpeckersd.run
0zenithcorde.top
1clarmodq.top
1geographys.run
1i45praetori.live
1liftally.top
1longitudde.digital
1opusculy.top
1owlflright.digital
1salaccgfa.top
1selfdefens.bet
1u6clarmodq.top
2-longitudde.digital
24parakehjet.run
2biosphxere.digital
2clarmodq.top
2gvigorbridgoe.top
2liftally.top
2lonfgshadow.live
2newzeconi.digital
2nighetwhisper.top
2owlflright.digital
2piratetwrath.run
2starofliught.top
2viriatoe.live
2zestmodp.top
2zjawdedmirror.run
3-starofliught.top
3buzzarddf.live
3disciplipna.top
3g-sviriatoe.live
3jawdedmirror.run
3lonfgshadow.live
3starofliught.top
3tliftally.top
3weaponwo.life
3wjawdedmirror.run
4.changeaie.top
43liftally.top
4biosphxere.digital
4btcgeared.live
4civitasu.run
4clarmodq.top
4datawavej.digital
4eczamedikal.org
4esccapewz.run
4hemispherexz.top
4liftally.top
4longitudde.digital
4lopusculy.top
4mlongitudde.digital
4owlflright.digital
4salaccgfa.top
4techguidet.digital
4uclarmodq.top
4veasyupgw.live
4ywmedici.top
4zenithcorde.top
50woodpeckersd.run
5cartograhphy.top
5changeaie.top
5civitasu.run
5datamanipy.run
5latitudert.live
5liftally.top
5opusculy.top
5quilltayle.live
5salaccgfa.top
5tortoisgfe.top
5tropiscbs.live
6autogearw.live
6clarmodq.top
6climatologfy.top
6fishgh.digital
6fzestmodp.top
6geographys.run
6hemispherexz.top
6kjawdedmirror.run
6owlflright.digital
6starofliught.top
6topographky.top
6zootechq.run
71changeaie.top
7bearjk.live
7buzzarddf.live
7hemispherexz.top
7liftally.top
7lonfgshadow.live
7owlflright.digital
7praetori.live
7vigorbridgoe.top
7woodpeckersd.run
7xrfxcaseq.live
805longitudde.digital
82quilltayle.live
8bearjk.live
8buzzarddf.live
8changeaie.top
8climatologfy.top
8disciplipna.top
8elvernwood.digital
8esalaccgfa.top
8fstarofliught.top
8jgeographys.run
8latitudert.live
8nighetwhisper.top
8pepperiop.digital
8piratetwrath.run
8quilltayle.live
8tropiscbs.live
8woodpeckersd.run
8zenithcorde.top
9baseurzv.run
9biosphxere.digital
9buzzarddf.live
9esccapewz.run
9geographys.run
9hbuzzarddf.live
9liftally.top
9owlflright.digital
9parakehjet.run
9piratetwrath.run
9quilltayle.live
9rlonfgshadow.live
9salaccgfa.top
9techsyncq.run
9topographky.top
9tropiscbs.live
9zestmodp.top
a.owlflright.digital
a.techguidet.digital
a9topographky.top
abuzzarddf.live
accountfun.digital
achangeaie.top
aclimatologfy.top
aeczamedikal.org
aeneasq.live
afishgh.digital
afreeconx.live
ajawdedmirror.run
ajwparakehjet.run
alatitudert.live
alongitudde.digital
anemonebv.run
anighetwhisper.top
antelopej.run
antilcvope.live
apiratetwrath.run
asoursopsf.run
atopographky.top
aureliae.run
awoodpeckersd.run
awxayfarer.live
axistechw.live
aysnakejh.top
azenithcorde.top
b6zenithcorde.top
bardcauft.run
bardsyies.live
baseurzv.run
bjawdedmirror.run
blongitudde.digital
borijinalecza.org
bowlflright.digital
bpiratetwrath.run
brandihx.run
btcgeared.live
btechwaveg.run
btwilitghtarc.live
buequatorf.run
bwoodpeckersd.run
bzenithcorde.top
c0clarmodq.top
caverimared.digital
cbtcgeared.live
cbuzzarddf.live
cdisciplipna.top
chemispherexz.top
civitasu.run
clongitudde.digital
cmwoodpeckersd.run
cnavstarx.shop
corexlaib.top
cowlflright.digital
cstarofliught.top
ctechsyncq.run
cwoodpeckersd.run
cxquilltayle.live
cywmedici.top
datamanipy.run
datawavej.digital
dbxattlepath.digital
dchangeaie.top
ddatawavej.digital
dequatorf.run
devloopt.live
dhemispherexz.top
disciplipna.top
dlatitudert.live
dliftally.top
dogalmedical.org
dragoqnfly.run
dwoodpeckersd.run
dzenithcorde.top
dzestmodp.top
e0ynighetwhisper.top
eclarmodq.top
econbult.live
eczakozmetik.net
eczamedikal.org
edatawavej.digital
eliftally.top
elonfgshadow.live
elongitudde.digital
enighetwhisper.top
eowlflright.digital
estarofliught.top
etjawdedmirror.run
etopographky.top
exceptionicon.top
exitiumt.digital
ezaelwpyeh.eza
f.hemispherexz.top
falcondfy.digital
fbearjk.live
ferrexz.run
fhemispherexz.top
fjliftally.top
fkbiosphxere.digital
flatitudert.live
fmedicalbitkisel.net
forijinalecza.org
formydab.run
fpiratetwrath.run
frlonfgshadow.live
ftechsyncq.run
ftortoisgfe.top
fzestmodp.top
gbardcauft.run
gbrandihx.run
gbweaponwo.life
gclimatologfy.top
gfishgh.digital
ggrxeasyw.digital
gnighetwhisper.top
gobacknihq.digital
gorillao.digital
gpiratetwrath.run
gqzestmodp.top
gsighbtseeing.shop
gsmartbitsx.digital
gtctotdh.eza
gtechsyncq.run
gtopographky.top
h1.exceptionicon.top
h1.riverbankrejoicing.top
h1.startingshabby.world
h2jawdedmirror.run
h9bardcauft.run
hbuzzarddf.live
hclarmodq.top
hclimatologfy.top
hdragoqnfly.run
hequatorf.run
hexitiumt.digital
hgazellevb.digital
hgcivitasu.run
himselcaked.digital
hjawdedmirror.run
hlatitudert.live
hmediaflowq.run
holyseypju.run
homelecyfi.digital
hpiratetwrath.run
hsalaccgfa.top
hstarofliught.top
htechguidet.digital
hzlatitudert.live
hzwgpctypld.eza
i23woodpeckersd.run
i5svigorbridgoe.top
i6easyfwdr.digital
ibearjk.live
ibequatorf.run
ibiosphxere.digital
ifishgh.digital
ihemispherexz.top
indoeconw.live
inighetwhisper.top
intelhube.live
ipiratetwrath.run
iquilltayle.live
itropiscbs.live
j3techchaiun.live
japeconu.run
jbiosphxere.digital
jchangeaie.top
jclarmodq.top
jclimatologfy.top
jlatitudert.live
jliftally.top
jnighetwhisper.top
jowlflright.digital
jproenhann.digital
jquilltayle.live
jscriptao.digital
kbiosphxere.digital
kcartograhphy.top
kchangeaie.top
kclimatologfy.top
kdatawavej.digital
kgeographys.run
kmediaflowq.run
knightliyway.run
kosalaccgfa.top
kquilltayle.live
ksnakejh.top
ktechsyncq.run
l2zestmodp.top
lancefighsg.run
lbardcauft.run
lcartograhphy.top
lcorexlaib.top
lemuruy.live
lemurz.digital
ljorijinalecza.org
llongitudde.digital
lmlatitudert.live
lnighetwhisper.top
lsalaccgfa.top
lstarofliught.top
lucticiq.run
lvigorbridgoe.top
lyjawdedmirror.run
m0viriatoe.live
m2chivalroq.live
mbnighetwhisper.top
medicalbitkisel.net
medievailfea.run
medievalarth.live
medimado.run
mfishgh.digital
mjawdedmirror.run
mmexratet.digital
mobitront.run
moleqew.run
mquilltayle.live
mtpraetori.live
mtropiscbs.live
mutedhofrn.live
mwtquilltayle.live
mzenithcorde.top
n24nighetwhisper.top
n3climatologfy.top
n5biosphxere.digital
n6nighetwhisper.top
n9changeaie.top
narwhaltr.live
ncorexlaib.top
ncznzotwpqr.eza
nechangeaie.top
nhemispherexz.top
nliftally.top
nlonfgshadow.live
nnighetwhisper.top
nodepathr.run
npiratetwrath.run
nquilltayle.live
nsalaccgfa.top
nstarofliught.top
ntropiscbs.live
nzealjkh.digital
o3clarmodq.top
obtcgeared.live
ocartograhphy.top
oclarmodq.top
oclimatologfy.top
oequatorf.run
ofreshenqew.digital
ogeographys.run
ojawdedmirror.run
okapigdf.run
olatitudert.live
onighetwhisper.top
opusculy.top
orijinalecza.net
orijinalecza.org
orjinalecza.net
otechsyncq.run
ovecturar.top
owoodpeckersd.run
ozenithcorde.top
pblockhubr.live
pbrandihx.run
pclimatologfy.top
pdisciplipna.top
pfishgh.digital
phemispherexz.top
pnighetwhisper.top
porijinalecza.net
porjinalecza.net
porpoisecx.run
pparakehjet.run
ppiratetwrath.run
pquilltayle.live
praetori.live
ptechsyncq.run
pttb-opi.xyz
pvigorbridgoe.top
pwoodpeckersd.run
pzestmodp.top
q0topographky.top
qbiosphxere.digital
qclarmodq.top
qeczakozmetik.net
qlatitudert.live
qlongitudde.digital
qpiratetwrath.run
qsectorecoo.live
quaestort.live
quselfdefens.bet
qvecturar.top
r43owlflright.digital
rabbitw.run
rcartograhphy.top
rclarmodq.top
rdisciplipna.top
reczakozmetik.net
requatorf.run
revomodm.run
riverbankrejoicing.top
rmywmedici.top
rtravewlio.shop
rvvigorbridgoe.top
rwoodpeckersd.run
sbtcgeared.live
scivitasu.run
sclarmodq.top
sclimatologfy.top
scriptao.digital
scriptorumh.live
sdynamiczl.live
sequatorf.run
sformydab.run
silveyrmoon.live
slovenecow.live
smedicalbitkisel.net
snakejh.top
spiderq.run
spxtdaspcpik.eza
sstarofliught.top
startingshabby.world
steelgoy.run
stoatrt.live
stratinfot.live
suiadris.digital
svigorbridgoe.top
sviriatoe.live
swoodpeckersd.run
t.salaccgfa.top
t5eczamedikal.org
t9piratetwrath.run
tbczyczdp.eza
tbearjk.live
techchaiun.live
techfocusm.run
techguidet.digital
techmindj.live
techsyncq.run
techwaveg.run
telvernwood.digital
temedicalbitkisel.net
themispherexz.top
tjawdedmirror.run
tjrxsafer.top
toptalentw.top
torijinalecza.net
torjinalecza.net
tortoisgfe.top
tpbrandihx.run
triremeo.digital
tsalaccgfa.top
tsoi-zhiv.com
turtlery.run
tzestmodp.top
uclarmodq.top
udrbettere.live
ufishgh.digital
ulonfgshadow.live
uquilltayle.live
uspacedbv.world
ustarofliught.top
utechguidet.digital
utechsyncq.run
utropiscbs.live
uugeographys.run
v0zestmodp.top
v3nvigorbridgoe.top
valortruade.run
vbtcgeared.live
vdatamanipy.run
vecturar.top
vhemispherexz.top
victoreqs.run
viriatoe.live
viridisw.top
vparakehjet.run
vquilltayle.live
vtropiscbs.live
w7quilltayle.live
wa8btcgeared.live
waardvarkw.live
warldonvu.live
wbtcgeared.live
wcartograhphy.top
wclimatologfy.top
wequatorf.run
wfyzizcy.eza
wizardholdp.run
wlatitudert.live
wpiratetwrath.run
wpquilltayle.live
wqeinqene.com
wscriptao.digital
wtechguidet.digital
wvecturar.top
wvigorbridgoe.top
wzenithcorde.top
wznxcelmodo.run
xadvennture.top
xagroeconb.live
xbearjk.live
xbrandihx.run
xgeographys.run
xlatitudert.live
xliftally.top
xsalaccgfa.top
xsnakejh.top
xtechsyncq.run
xtopographky.top
xtropiscbs.live
xx9piratetwrath.run
y-btcgeared.live
ybardcauft.run
ybearjk.live
ybtcgeared.live
ycartograhphy.top
ygeographys.run
yglongitudde.digital
yhqclimatologfy.top
yjawdedmirror.run
yparakehjet.run
ystarofliught.top
z1topographky.top
z2starofliught.top
z9changeaie.top
zbardcauft.run
zbstarofliught.top
zchangeaie.top
zcivitasu.run
zdvigorbridgoe.top
zeczakozmetik.net
zenithcorde.top
zfishgh.digital
zgeographys.run
zjawdedmirror.run
zliftally.top
zmedicalbitkisel.net
zorjinalecza.net
zowlflright.digital
zparakehjet.run
zquilltayle.live
zstarofliught.top
ztopographky.top
ztortoisgfe.top
ztouvrlane.bet
zzestmodp.top

# Reference: https://x.com/skocherhan/status/1919077155872354334
# Reference: https://app.validin.com/detail?find=cd31ae02ceac55b0c60b6912852219f6&type=hash&ref_id=05eb636da7b#tab=host_pairs (# 2025-05-04)
# Reference: https://www.virustotal.com/gui/file/f609e2bbbfc6f668633e929a4ccedbd9b3b3ba8e50a0934feb7df33155ab714b/detection

joystickvision.run
overplanteasiest.top

# Reference: https://x.com/1ZRR4H/status/1920179449741623504
# Reference: https://app.validin.com/detail?find=185.118.79.175&type=ip4&ref_id=ead985edf6f#tab=resolutions
# Reference: https://tria.ge/250507-vjx3xswnx8

app-sicurezzacarte.sbs
asociado-documentacion.is
asociados-documentacion.info
asociados-documentos.sbs
certificado-aeta.cloud
certificado-aeta.it
certificado-aeta.us
certificate-firmae-solution.sbs
customs-addresspoint-anpost.sbs
departament-anaf.com
documentos-hosting.sbs
drivereasypark.sbs
enterprise-cert.sbs
enterprise-solutions.sbs
firmae-certificado.sbs
firmae-enterprise.sbs
gob-es.com
gob-es.sbs
mime-enterprise-solutions.sbs
morjinalecza.net
sicurezzacarte-online.sbs
sicurezzacartenexi-info.sbs
sicurezzacarteonline.sbs
web-alocator.shop
youtump3oie.xyz
app.sicurezzacarte-online.sbs
auth.customs-addresspoint-anpost.sbs
auth.sicurezzacarteonline.sbs
correos.firmae-enterprise.sbs
dm-aeta.mime-enterprise-solutions.sbs
dm.gob-es.sbs
dm.web-alocator.shop
dm1.mime-enterprise-solutions.sbs
dm2.mime-enterprise-solutions.sbs
dm3.mime-enterprise-solutions.sbs
dm4.mime-enterprise-solutions.sbs
dm5.mime-enterprise-solutions.sbs
enelx-global.enterprise-cert.sbs
garcia-vega.asociado-documentacion.is
garciavega-asociados.documentos-hosting.sbs
garciavega.asociados-documentacion.info
garciavega.asociados-documentos.sbs
home.drivereasypark.sbs
host-factura.certificado-aeta.cloud
host-factura.certificado-aeta.it.com
host-factura.certificado-aeta.us
host-factura.gob-es.com
login.sicurezzacartenexi-info.sbs
logroot.enterprise-solutions.sbs
point.youtump3oie.xyz
repsol-global.firmae-enterprise.sbs
repsol.certificate-firmae-solution.sbs
repsol.firmae-enterprise.sbs
ribera.asociados-documentos.sbs
secure.app-sicurezzacarte.sbs
secure.departament-anaf.com
sede-aeta.gob-es.sbs
sede-agenciatributaria.gob-es.sbs
sede-informatica.certificado-aeta.cloud
sede-informatica.certificado-aeta.it.com
sede-informatica.certificado-aeta.us
sede-informatica.gob-es.com
servero.asociados-documentos.sbs
subdomain.firmae-certificado.sbs
tepegancuernos318-instagram.gob-es.com

# Reference: https://www.virustotal.com/gui/file/01cc90cd8152479f6154db234c72065532da27dde6220a8c7f27ddf9a98f7fd0/detection

http://80.64.18.219
medikalbitkisel.net
medicalbitkisel.org

# Reference: https://x.com/skocherhan/status/1920321510109024641

egiftshop.cloud
highcouncipl.live
improvxf.run
tapandshop.shop
tavernfolkk.run
towerstozne.run
unmutezcx.live
viscosityobserving.shop

# Reference: https://x.com/skocherhan/status/1920189646182527114

thinkellk.run

# Reference: https://x.com/skocherhan/status/1920551014177951845

curiousmjinds.tech
ecozessentials.com
peacefujlmind.tech

# Reference: https://x.com/skocherhan/status/1920610903688368131

eorijinalecza.org
raeneasq.live

# Reference: https://x.com/skocherhan/status/1920425523844411880
# Reference: https://www.virustotal.com/gui/file/2336a347fcace530bb0cfd442c816991c5968c0b9d55dc9a94bd8868e7af9ebe/detection

pashacoin.live
toobit-exchange.com

# Reference: https://x.com/RacWatchin8872/status/1920934862644486461

achoerurdv.digital
aigjmr.digital
apxtfy.digital
bearseduic.digital
bringfznnn.digital
chafjx.digital
coloniqlhi.digital
conynbud.digital
ealdz.digital
excesskyke.digital
familyclif.digital
famprid.digital
flushelett.digital
genmxz.digital
getatasgop.digital
groundtusl.digital
guineayqfp.digital
herosdecos.digital
inflexcytv.digital
ingratgmit.digital
jinglexhsg.digital
joinfoulnz.digital
labradycau.digital
metropoli.shop
missiodowt.digital
mothprjyqw.digital
parftv.digital
parrisrohy.digital
pitchbcmst.digital
polifd.digital
qpuppypla.shop
ranjwa.digital
realiseglg.digital
salivanmbm.digital
satynp.digital
serldp.digital
slashegqnp.digital
sociolimtj.digital
stylefnez.digital
sumeriavgv.digital
supryov.digital
tendolihyy.digital
tossdelak.digital
transmcvrs.digital
triphoy.digital
unlimirxam.digital
villaggcag.digital
wwwsyju.digital

# Reference: https://news.sophos.com/en-us/2025/05/09/lumma-stealer-coming-and-going/
# Reference: https://github.com/sophoslabs/IoCs/blob/master/2025%20Lumma%20Stealer.csv

klipdexypoi.shop
usermahnualplatform-14.site
usermanualplatform.com

# Reference: https://x.com/1ZRR4H/status/1921991903987564829

avisos-dt.com
cabiro.cl
araucahkbm.live
blackswmxc.top
dflowerexju.bet
easterxeen.run
featurlyin.top
plumbbujjh.live
posseswsnc.top
qdoovercovtcg.top
zmedtipp.live
seguimientochdtt.ministeriodesarrollosocial.gob.cl

# Reference: https://x.com/skocherhan/status/1922269784860766270
# Reference: https://www.virustotal.com/gui/file/0b5e5e65c1693c02daa16ca098de830a9bd84d725c84797558929e3b65eb9f62/detection

hunterinrx.run
innovadentalkj.com
overcovtcg.top
files.innovadentalkj.com

# Reference: https://x.com/skocherhan/status/1922269784860766270
# Reference: https://www.virustotal.com/gui/file/d776bfca505375dc8cb44baa202dfb86d826f658f89bdbba9a803ce150bef640/detection

firmunssconnect.site
meteorplyp.live
pub-stat-999.twilightparadox.com

# Reference: https://www.virustotal.com/gui/file/27dfd348770175a7d1f8b4f588775f6de9078d94efe23ad992067e352122197c/detection

flowerexju.bet

# Reference: https://www.virustotal.com/gui/file/73b2743eee49bf101a6cb21a08abdc0cdba1b52cf44bd544543cd0079c19e210/detection

barmgek.digital

# Reference: https://x.com/RacWatchin8872/status/1922605130118988100

apjmxc.digital
backdbp.digital
beatart.digital
bondvq.digital
casswjp.digital
chercw.digital
childpc.digital
cobwuxr.digital
detemjj.digital
deviludp.digital
discrk.digital
erioxmza.digital
explri.digital
fahrenl.digital
flatll.digital
flyfrtee.shop
foistc.digital
genuitz.digital
genxhkwr.digital
glldsv.digital
hdtvwz.digital
incinux.digital
jzourneyy.shop
kidneu.digital
lategja.digital
lathflk.digital
macjajm.digital
metaca.digital
onsrdbld.digital
ozenlul.digital
pingytb.digital
prozyre.digital
pubivxz.digital
racoqd.digital
racxilb.digital
repubjc.digital
revwugi.digital
ringj.digital
saltjfs.digital
serapf.digital
snaklvx.digital
solxlac.digital
steabza.digital
swauh.digital
tacticoo.top
tucuoq.digital
tumcvkc.digital
voyagjeup.shop
voydagist.shop

# Reference: https://x.com/skocherhan/status/1920229374412099899

app-agricole.com
app-update.live
app.bbvasign-es.live
app.bbvasign-update.sbs
app.ledger-firmware.sbs
app.santander-clientes.sbs
auth.caixa-clientes.sbs
auth.easyparking-service.com
banca-movil-es.com
bbvasign-es.live
bbvasign-update.sbs
caixa-clientes.sbs
certificado.firmae-service.com
clientes.bbvasign-es.live
correos.firmae-service.com
easyparking-service.com
firmae-service.com
info-sicurezza-app.com
ledger-firmware.sbs
nalandaglobal.firmae-service.com
pimefactura.firmae-service.com
santander-clientes.sbs
santander.banca-movil-es.com
servero.firmae-service.com
uni.app-update.live

# Reference: https://x.com/skocherhan/status/1920229374412099899

aadcdn.bbvasign-update.sbs
account.bbvasign-update.sbs
accounts.george-service.sbs
app.b2brouter-secure.net
app.sicurezzaonline-info.sbs
b2brouter-secure.net
bbvasign-update.sbs
cdn.bbvasign-update.sbs
endesa.firmaee-clientes.sbs
enterprise-firmae.sbs
firmaee-clientes.sbs
george-service.sbs
go.bbvasign-update.sbs
login.bbvasign-update.sbs
loginlive.bbvasign-update.sbs
outlook.bbvasign-update.sbs
sicurezzaonline-info.sbs
totalenergies-app.enterprise-firmae.sbs

# Reference: https://x.com/skocherhan/status/1923160235323126206

fieldhitty.click
parquedelriovaldivia.cl
tataragirld.site

# Reference: https://x.com/skocherhan/status/1922798556760375383
# Reference: https://www.virustotal.com/gui/file/82db204101b68d97b93c4f5a76c3aabce7b568ced3d25f4c3a5d31b00d187a43/detection
# Reference: https://www.virustotal.com/gui/file/f55b1d950276ebee1adc5de2bf7ff18e18555d9dbb12a3e2d4b2ab163815dd93/detection

ncloud-servers.shop
smarttorg.world

# Reference: https://www.virustotal.com/gui/file/383933ac4e62ba3e68f5f8dc90b8904f943138c17e0313967f9d91ca5a3bd545/detection

leadbase.cloud

# Reference: https://www.virustotal.com/gui/file/a431d777fdbac51da2e93604c246be9da115b2b8bafe8938de3db926428b3c73/detection

paranikol.online

# Reference: https://www.virustotal.com/gui/file/01b899cf62c1be675e5e5ddfb598591183f174f2de640658a8b5bcbfb176a423/detection

srvhostjdfzonhtya215k7.com
usatrustservice.info

# Reference: https://x.com/skocherhan/status/1923660571926319269

anesthwtcm.run
jackthyfuc.run
narrathfpt.top
onehunqpom.life

# Reference: https://x.com/RacWatchin8872/status/1923719380120035367

alleup.digital
brapl.digital
chmydt.digital
comstmo.digital
conmog.digital
feidm.digital
garyb.digital
gratcf.digital
intabg.digital
kizscs.digital
koegje.digital
normacw.digital
royat.digital
sinb.digital
skjym.digital
swizcpll.digital
teoja.digital
timertvey.top
towhnl.digital
wilgch.digital

# Reference: https://x.com/skocherhan/status/1923751995585839388

improveyourlife.shop
bankofamerica.improveyourlife.shop
bankofamericas.improveyourlife.shop
ns1.improveyourlife.shop
ns2.improveyourlife.shop

# Reference: https://x.com/skocherhan/status/1923916445777305782

uvoznessxyy.life

# Reference: https://x.com/skocherhan/status/1923739071064543353
# Reference: https://www.virustotal.com/gui/file/8eb08322033f193a5e7ea16d83c0cd324efaaab628fb245bdb27f6977c2a6d86/detection

releaswrlf.run

# Reference: https://x.com/skocherhan/status/1923911423484129503

6racxilb.digital
dovercovtcg.top

# Reference: https://x.com/RacWatchin8872/status/1924412868046258413

astroidd.shop
bassb.digital
bbmthe.digital
blnpa.digital
crpcto.digital
grobw.digital
modihq.digital
mooncarc.top
osbhob.digital
quaterujrb.shop
sfacqwl.digital
sourpw.digital
textu.digital
whitne.digital

# Reference: https://x.com/RacWatchin8872/status/1924410466324902241

lummamarkets.fun

# Reference: https://x.com/banthisguy9349/status/1924306687978045624

0posseswsnc.top
0wninepicchf.bet
1ywmedici.top
2flowerexju.bet
2vecturar.top
2winterpwthc.digital
39easterxeen.run
3clatteqrpq.digital
3posseswsnc.top
3yoctalfbsh.bet
4orijinalecza.org
4testcawepr.run
6araucahkbm.live
6opusculy.top
6posseswsnc.top
7flowerexju.bet
7posseswsnc.top
7snakejh.top
8exitiumt.digital
8ninepicchf.bet
8octalfbsh.bet
8qovercovtcg.top
adisciplipna.top
agrizzlqzuk.live
aposseswsnc.top
apronsxrum.digital
ariosefqcu.shop
baraucahkbm.live
beasterxeen.run
blackljjwc.run
bviriatoe.live
cblackljjwc.run
clatteqrpq.digital
cloudcontrolsystem.my
copusculy.top
corjinalecza.net
cornerdurv.top
covercovtcg.top
cposseswsnc.top
csvecturar.top
dclatteqrpq.digital
deczakozmetik.net
descenrugb.bet
dinterpwthc.digital
earaucahkbm.live
ecornerdurv.top
emphatakpn.bet
eovercovtcg.top
eposseswsnc.top
fflowerexju.bet
forjinalecza.net
gblackswmxc.top
grizzlqzuk.live
gsaraucahkbm.live
hbarmgek.digital
homewappzb.top
hvoznessxyy.life
imedicalbitkisel.net
insidegrah.run
interpwthc.digital
keczamedikal.org
kflowerexju.bet
laminaflbx.shop
lvclatteqrpq.digital
mblackswmxc.top
mflowerexju.bet
mzmedtipp.live
ninepicchf.bet
nposseswsnc.top
nsnakejh.top
octalfbsh.bet
ometeorplyp.live
onemiltxny.shop
oorijinalecza.net
oposseswsnc.top
p7datawavej.digital
popusculy.top
qpraetori.live
qzmedtipp.live
rleczakozmetik.net
rmedicalbitkisel.net
rninepicchf.bet
rorijinalecza.net
rovercovtcg.top
rstuffgull.top
saxecocnak.live
searchilyo.run
sinterpwthc.digital
stuffgull.top
taraucahkbm.live
testcawepr.run
tvecturar.top
ueczamedikal.org
ujjrxsafer.top
uovercovtcg.top
veasterxeen.run
vpepperiop.digital
wblackswmxc.top
winsidegrah.run
wovercovtcg.top
xovercovtcg.top
ycornerdurv.top
yvoznessxyy.life
zeasterxeen.run

# Reference: https://x.com/skocherhan/status/1924628507608350975

701easter.shop
bambamboo.shop
bitteam.info
coilylove.run
digitalmakertinggb.xyz
freshredfish08.shop
glarefamik.live
gsmartmodw.digital
heavenluck.shop
lovesportstyle.com
lunarayl.live
noblefamo.run
orbitixg.world
personyqum.run
pillowcxloud.world
politewtod.run
quityt.digital
quokkauy.live
raisezx.run
salmonqw.live
seven40nine.shop
sheddeqqlu.live
silvrercrown.run
squider.run

# Reference: https://x.com/skocherhan/status/1924676298808434713

caitraohvi.bet
escczlv.top
flare-299.shop
gettoknwg.life
haircuirfm.top
helpsscodds.in
leasegjjr.digital
trotwhvn.live

# Reference: https://www.virustotal.com/gui/file/d6d7e790c5db51c653ae9b6a08a9d83d49ca1ae0302d10c1bf3bf39ea62fa9e5/detection

bubblezdjw.live
gettoknwg.life
haircuirfm.top
leasegjjr.digital
threatqjqy.top
winterghzp.digital

# Reference: https://x.com/skocherhan/status/1924545501975683247

applyjjzl.run
chainsimbb.run

# Reference: https://x.com/skocherhan/status/1924741330632090021
# Reference: https://www.virustotal.com/gui/file/0218a10266d7d1b82c882ee2c2c9d50bcfa5154827641813b020225766a43245/detection

easyupgw.live
maksimbolshayashopa.live
upmodini.digital
xcelmodo.run

# Reference: https://x.com/skocherhan/status/1924784933693764059
# Reference: https://www.virustotal.com/gui/file/4d0ab9aa14dba8570588eac3f9eff115b848cc01314827d6ad48751ca8b8c300/detection

depop-order.help
depop-order.live
etsy-order.live
fiverr-order.cfd
poshmark-identify.live
poshmark-order.live
royal-order.world
subito.digital
verify-order.live
wallapop-order.world

# Reference: https://app.validin.com/detail?find=edc0735eddc98e99c8ee&type=hash&ref_id=0d0d6a10800#tab=host_pairs

054d5c.cc
alf-br.kids
alf-br.site
alf-bra-tx.site
alf-pag-bra.site
alf-tx.kids
alf-txa.kids
alf-txa.site
alf-txbr.kids
alf-txbr.site
alf-txl.kids
alf-txl.site
alfa-br-pag.site
alfa-bra-tx.site
alfa-pag-bra.site
alfa-txabr.site
alfabra-txa.site
alfan-br-tx.site
alfan-bra-pag.online
alfan-bra-pag.site
alfan-brpag.site
alfan-pag-tx.site
alfan-pagbr.site
alfan-tx-pag.site
alfan-tx-pagx.com
alfan-txbr.site
alfan-txpagx.com
alfanbr-tx.site
alfancorrelos.online
alfancorrelos.site
alfanpag-br.site
alfanpag.site
alfanpagtx.online
alfantx-br.site
alfantx-pagx.com
alfantxabr.site
alfantxbra.site
apicorrelotxal.top
apicorrelotxalfan.click
apicorrelotxalfan.info
apicorrelotxalfan.link
apicorrelotxalfan.me
apicorrelotxalfan.one
apicorrelotxalfan.online
apicorrelotxalfan.xyz
apipagtxcorrelo.click
apipagtxcorrelo.link
apipagtxcorrelo.one
apipagtxcorrelo.online
balkansupply.net
beabs.icu
blockfi-bia-settlement.com
br-alf-pag.site
br-alf.kids
br-alf.site
br-alfan-tx.site
br-alfan.online
br-alfan.site
br-alfantx.site
br-pag-alf.site
br-pag-tx.site
br-pag-txa.site
br-pgtxa.site
br-tx-alfa.site
br-tx.kids
br-tx.online
br-tx.site
br-txa-alf.site
br-txa-pag.site
br-txa.site
br-txl.site
br-txpg.site
bra-alfan.site
bra-alfpag.site
bra-pag-alfan.online
bra-pag-alfan.site
bra-pagalfa.site
bra-tx-alf.site
bra-txaalf.site
bra-txalfa.site
bralf-pag.site
bralf-txa.site
bralfan-tx.site
bralfan-txpg.site
bralftxa.site
brapagtx.site
bratxa-alf.site
bratxa-alfan.site
bratxpag.site
brpag-alfan.site
brpagtax.site
brpagtx.site
brtaxpag.site
brtx-alfa.site
brtx-pag.site
brtxa-alf.site
brtxalf.site
brtxpag.site
bullsyatirim.pro
correlo-pag-tx.digital
correlo-pag-tx.info
correlo-pagstx.info
correlosbrasil.com
depop-identify.digital
depop-order.live
depop-order.sbs
depop-verif.world
etsy-order.live
etsy-order.rest
etsy-order.sbs
eurofinance.info
fiverr-order.cfd
fiverr-order.digital
guumtre-identify.world
hortacapital.com
hurs-veriff-id-24445.icu
ibmbr.com
id-9736.world
identify-order.cfd
importparamee.com
ispirmuzesi.com
locker.linet.app
luainfinity.xyz
mercari-verification.world
olx-order.digital
p4-secureverif.world
pag-alfan-bra.site
pag-br-alf.site
pag-br-txa.site
pag-bra-alfa.site
pag-bra-tx.site
pag-bratx.site
pag-brtx.site
pag-correlos.online
pag-correlos.site
pag-txa-br.site
pag-txbra.site
pagalfan.online
pagalfanbra.site
pagalfbra.site
pagbr-tx.site
pagbra-tx.site
pagbraalfa.site
pagbrtx.site
pagcorrelos.online
pagtx-br.site
pagtxbr.com
pagtxbr.site
pagtxbra.site
paymenkuldeger.com
paymenkuldegerler.com
poshmark-confirm.world
poshmark-identify.info
reckode.com
reindayo.top
royalmail-order.cfd
royalmail-order.live
royalmail-order.world
rustytrade.com
specialps.xyz
subito-it.world
subito-order.live
takasistanbul.pro
taxalfan.online
trstore.vip
tx-alf.kids
tx-alf.site
tx-alfa-br.site
tx-alfan-br.online
tx-alfan-br.site
tx-alfan-pag.site
tx-alfan-pagx.com
tx-alfanbr.site
tx-alfanbra.site
tx-alfbra.site
tx-br-alfan.site
tx-br.com
tx-br.online
tx-br.site
tx-bra-alfa.site
tx-bra.com
tx-bra.kids
tx-bra.online
tx-bra.site
tx-bralfan.site
tx-brapag.site
tx-pag-alfan.site
tx-pag-alfanx.com
tx-pag-bra.site
tx-pagalf.site
tx-pagbr.site
tx-pagbra.site
txa-alfan.online
txa-alfan.site
txa-br-alf.site
txa-br.site
txa-bra.com
txa-bra.online
txa-bra.site
txa-pag.site
txa-pags.site
txaalf-br.site
txaalfabra.site
txabr-alf.site
txabr.site
txabraalfa.site
txabrpag.com
txalf.kids
txalf.site
txalfabr.site
txalfan-br.site
txalfbra.site
txapicorrelo.click
txapicorrelo.com
txapicorrelo.online
txbr-alfan.site
txbr-pag.site
txbr.online
txbra-alfa.site
txbra-alfan.site
txbra-pag.site
txbra.kids
txpag-br.site
txpag-bra.site
txpagalfanx.com
txpagbra.site
txpagcorrelo.info
txpagcorrelo.link
txpagcorrelo.me
txpagcorrelo.online
txpagcorrelo.site
txpagcorrelo.top
v64-id8372973.help
v64-id8985469.help
verif2-process194.shop
verification-order.live
verlf-id848.pro
verlf-id849.shop
verlfposhmark-id922.shop
verlfposhmark-id932.shop
verlfprocessing.shop
vinted-order.cfd
vinted-order.digital
virtualcyclingsg.com
wallapop-order.digital
ylkhunglab.com

# Reference: https://x.com/Unit42_Intel/status/1924866530195427372
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-05-16-IOCs-on-recent-ClickFix-activity.txt

furthert.run
ywmedici.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-05-20)

03onehunqpom.life
06laminaflbx.shop
079biosphxere.digital
0araucahkbm.live
0bflowerexju.bet
0blackswmxc.top
0bqtestcawepr.run
0btcgeared.live
0easterxeen.run
0emphatakpn.bet
0geographys.run
0insidegrah.run
0laminaflbx.shop
0mclatteqrpq.digital
0meteorplyp.live
0ninepicchf.bet
0onehunqpom.life
0orijinalecza.org
0overcovtcg.top
0tortoisgfe.top
0unlimirxam.digital
0uparakehjet.run
0voznessxyy.life
0xxposseswsnc.top
0zvecturar.top
12.innospark.cloud
16testcawepr.run
1blackswmxc.top
1buzzarddf.live
1chemistrycworner.today
1eczakozmetik.net
1eposseswsnc.top
1featurlyin.top
1feczakozmetik.net
1flowerexju.bet
1insidegrah.run
1meteorplyp.live
1onehunqpom.life
1overcovtcg.top
1stuffgull.top
1uaraucahkbm.live
25ninepicchf.bet
2araucahkbm.live
2clatteqrpq.digital
2cornerdurv.top
2descenrugb.bet
2easterxeen.run
2haeneasq.live
2homewappzb.top
2iblackswmxc.top
2medicalbitkisel.net
2ninepicchf.bet
2otestcawepr.run
2overcovtcg.top
2posseswsnc.top
2zmedtipp.live
30featurlyin.top
34blackswmxc.top
35civitasu.run
3ameteorplyp.live
3atomicsmet.run
3blackswmxc.top
3flowerexju.bet
3homewappzb.top
3k0monemiltxny.shop
3medicalbitkisel.net
3onehunqpom.life
3pomelohgj.top
3vorjinalecza.net
40posseswsnc.top
4clatteqrpq.digital
4czmedtipp.live
4dparakehjet.run
4easterxeen.run
4featurlyin.top
4flowerexju.bet
4gettoknwg.life
4homewappzb.top
4jackthyfuc.run
4orjinalecza.net
4posseswsnc.top
4searchilyo.run
4stuffgull.top
4tortoisgfe.top
4tremelzxiy.live
5-4meteorplyp.live
5blackswmxc.top
5buzzarddf.live
5clatteqrpq.digital
5cornerdurv.top
5easterxeen.run
5featurlyin.top
5flowerexju.bet
5grizzlqzuk.live
5iorjinalecza.net
5jackthyfuc.run
5narrathfpt.top
5orjinalecza.net
5overcovtcg.top
5phygcsforum.life
5scriptao.digital
5techsyncq.run
5threatqjqy.top
5uovercovtcg.top
5voznessxyy.life
5zenithcorde.top
6aeneasq.live
6cinsidegrah.run
6civitasu.run
6easterxeen.run
6emeteorplyp.live
6featurlyin.top
6hclarmodq.top
6laminaflbx.shop
6overcovtcg.top
6stuffgull.top
6testcawepr.run
6vflowerexju.bet
6zmedtipp.live
7araucahkbm.live
7bexitiumt.digital
7blackswmxc.top
7cornerdurv.top
7cpblackswmxc.top
7dzmedtipp.live
7emphatakpn.bet
7featurlyin.top
7grizzlqzuk.live
7lancery.digital
7meteorplyp.live
7narrathfpt.top
7overcovtcg.top
7tropiscbs.live
7xlsearchilyo.run
7zmedtipp.live
82jackthyfuc.run
8asaxecocnak.live
8cartograhphy.top
8eczakozmetik.net
8equatorf.run
8featurlyin.top
8grizzlqzuk.live
8insidegrah.run
8jugulagklc.live
8meteorplyp.live
8orijinalecza.net
8orijinalecza.org
8overcovtcg.top
8praetori.live
8stuffgull.top
8testcawepr.run
8wtechsyncq.run
9blackswmxc.top
9clatteqrpq.digital
9descenrugb.bet
9dracxilb.digital
9featurlyin.top
9ffeaturlyin.top
9flowerexju.bet
9gettoknwg.life
9homewappzb.top
9octalfbsh.bet
9overcovtcg.top
9snakejh.top
9stuffgull.top
9testcawepr.run
9tortoisgfe.top
9viriatoe.live
aatomicsmet.run
acladwybn.digital
afeaturlyin.top
aforjinalecza.net
agformydab.run
aj7flowerexju.bet
ajackthyfuc.run
aktblackswmxc.top
albizzcdlv.digital
amniotjnrt.run
anarrathfpt.top
animatcxju.live
anna-akhmatova.com
aovercovtcg.top
apraetori.live
asaxecocnak.live
asnakejh.top
atomicsmet.run
autpostat.cyou
avecturar.top
azmedtipp.live
bblackswmxc.top
bcivitasu.run
beczakozmetik.net
bgrizzlqzuk.live
bjaraucahkbm.live
blameaowi.run
bovercovtcg.top
bparakehjet.run
bposseswsnc.top
btortoisgfe.top
bulgecont.run
busincesposteit.help
businessposuteit.buzz
bxaraucahkbm.live
c5overcovtcg.top
c7praetori.live
campylloir.run
caraucahkbm.live
catsuiqdmn.live
cblackswmxc.top
ccornerdurv.top
ccsninepicchf.bet
cfeaturlyin.top
cflowerexju.bet
cgeographys.run
changenwg.run
chiasmymnb.live
citellcagt.top
cladwybn.digital
correosuyg.top
cpraetori.live
csnakejh.top
ctortoisgfe.top
cvoznessxyy.life
cxesccapewz.run
czmedtipp.live
d1iorijinalecza.net
daggerpewl.run
dancioluffaro.com
dblackswmxc.top
dcornerdurv.top
deasterxeen.run
deczamedikal.org
definitnve.run
demphatakpn.bet
dfeaturlyin.top
dgrizzlqzuk.live
directxapps.shop
dmedicalbitkisel.net
donehunqpom.life
donnypollo.com
doorwanzeh.live
dopusculy.top
dposseswsnc.top
dstuffgull.top
dtortoisgfe.top
eatomicsmet.run
eblackswmxc.top
ebrandihx.run
ebuzzarddf.live
eeczakozmetik.net
efeaturlyin.top
egrizzlqzuk.live
ehfeaturlyin.top
ehomewappzb.top
einovercovtcg.top
einsidegrah.run
elaminaflbx.shop
enarrathfpt.top
eninepicchf.bet
enumermbzz.live
eoblackswmxc.top
eofeaturlyin.top
eqcobwuxr.digital
escapadue.live
etestcawepr.run
eveningeatke.run
faeneasq.live
fanpuy.com
fblackswmxc.top
fbrandihx.run
fbuzzarddf.live
fdescenrugb.bet
fdvecturar.top
feasterxeen.run
fhunterinrx.run
finsidegrah.run
firstezkpg.run
fkposseswsnc.top
flaminaflbx.shop
flamingof.run
fopusculy.top
fovercovtcg.top
fowlflright.digital
fsnakejh.top
fsovercovtcg.top
fsumeriavgv.digital
ftestcawepr.run
ftracxilb.digital
fuemphatakpn.bet
fvecturar.top
fvoznessxyy.life
fzmedtipp.live
fzstarofliught.top
g2easterxeen.run
galijd.shop
garaucahkbm.live
gblackljjwc.run
gbubblezdjw.live
gesccapewz.run
ggrizzlqzuk.live
ghomewappzb.top
gieczamedikal.org
ginsidegrah.run
ginterpwthc.digital
glitzyentire.top
gmeteorplyp.live
golconz.digital
govercovtcg.top
gozmedtipp.live
gposseswsnc.top
greleaswrlf.run
gthreatqjqy.top
gvoznessxyy.life
gzopusculy.top
h1.glitzyentire.top
h1.postedtipped.top
h1.unlimitedblandness.bet
hdisciplipna.top
hdjackthyfuc.run
hemphatakpn.bet
hfeaturlyin.top
hgraduatteusez.shop
hgrizzlqzuk.live
hhomewappzb.top
hinsidegrah.run
hjclatteqrpq.digital
horijinalecza.net
horijinalecza.org
hposseswsnc.top
hsnakejh.top
htechsyncq.run
htinsidegrah.run
htortoisgfe.top
hwordswfrdl.run
i3ninepicchf.bet
iaraucahkbm.live
iblackswmxc.top
ibtcgeared.live
iemphatakpn.bet
iexitiumt.digital
ifeaturlyin.top
iflowerexju.bet
ininepicchf.bet
insulaey.live
iorijinalecza.org
iosif-brodskiy.com
iovercovtcg.top
itflowerexju.bet
ivoznessxyy.life
iwhomewappzb.top
iwposseswsnc.top
iyinsidegrah.run
j0orijinalecza.net
jaeneasq.live
jblackswmxc.top
jemphatakpn.bet
jerusd.digital
jfeaturlyin.top
jgrizzlqzuk.live
jhomewappzb.top
jlaminaflbx.shop
joctalfbsh.bet
jovercovtcg.top
jparakehjet.run
jposseswsnc.top
jtblackljjwc.run
jtestcawepr.run
jtortoisgfe.top
jugulagklc.live
jwracxilb.digital
k1dovercovtcg.top
k7tortoisgfe.top
kaeneasq.live
kaovercovtcg.top
kfishgh.digital
kgrizzlqzuk.live
kinsidegrah.run
klaminaflbx.shop
klinepdwk.live
kmeteorplyp.live
kmtestcawepr.run
knighetwhisper.top
kovercovtcg.top
ktestcawepr.run
ktlaminaflbx.shop
kzenithcorde.top
kzmedtipp.live
lancery.digital
lbearjk.live
lblackswmxc.top
lclarmodq.top
lclatteqrpq.digital
ldarjkafsg.digital
ldisciplipna.top
leasterxeen.run
letcivitasu.run
lflowerexju.bet
lhomewappzb.top
lkeasterxeen.run
llaminaflbx.shop
lnovercovtcg.top
logihubo.live
lorijinalecza.net
lovercovtcg.top
ltestcawepr.run
lviriatoe.live
madagaeyrk.run
maiantfuuk.run
mariosefqcu.shop
maxmtsq.bet
medikalbitkisel.org
mexitiumt.digital
mfeaturlyin.top
milkwevvmw.run
mmeteorplyp.live
mninepicchf.bet
modenoww.run
moondips.bet
mopusculy.top
morijinalecza.org
movercovtcg.top
mposseswsnc.top
mstuffgull.top
mtmmeteorplyp.live
mwovercovtcg.top
myspecialdot.com
nbiosphxere.digital
nblackljjwc.run
nblackswmxc.top
ncornerdurv.top
ndescenrugb.bet
neasterxeen.run
neczakozmetik.net
nexitiumt.digital
nflowerexju.bet
ngeographys.run
ngescczlv.top
ngposseswsnc.top
ngsnakejh.top
nightloqv.run
njackthyfuc.run
nlflowerexju.bet
nninepicchf.bet
nonsliebhz.live
norijinalecza.org
norjinalecza.net
noxajb.top
nsearchilyo.run
ntortoisgfe.top
nwinterghzp.digital
nzmedtipp.live
o8racxilb.digital
o9cornerdurv.top
oaraucahkbm.live
oblackswmxc.top
obrandihx.run
oclatteqrpq.digital
odrbettere.live
ofeaturlyin.top
oflowerexju.bet
ofttimkong.run
ohomewappzb.top
oinsidegrah.run
ojackthyfuc.run
onarrathfpt.top
oqlaminaflbx.shop
osnakejh.top
ozmedtipp.live
paraucahkbm.live
pariosefqcu.shop
pbchangeaie.top
peasterxeen.run
pexitiumt.digital
pfeaturlyin.top
phomewappzb.top
pmedicalbitkisel.net
pmeteorplyp.live
pnoxajb.top
porifefyzc.live
porijinalecza.org
post-post.top
postedtipped.top
postnlpost.help
povercovtcg.top
psearchilyo.run
psnakejh.top
ptortoisgfe.top
pub-d4469a7a24f7423989c5026116ada945.r2.dev
pzenithcorde.top
qaraucahkbm.live
qblackswmxc.top
qborjinalecza.net
qeasterxeen.run
qfeaturlyin.top
qhdatawavej.digital
qonehunqpom.life
qopusculy.top
qposseswsnc.top
qscriptao.digital
qsnakejh.top
quantdatai.live
qucivitasu.run
qvinsidegrah.run
r1travelilx.top
raexitiumt.digital
raraucahkbm.live
rbfeaturlyin.top
rblackswmxc.top
reasterxeen.run
reflecwemy.run
represpnzj.live
retechlabp.run
rfeaturlyin.top
rhomewappzb.top
rmeteorplyp.live
rocketlump.com
rparakehjet.run
rposseswsnc.top
rsearchilyo.run
rtortoisgfe.top
rundowrlgr.run
rvecturar.top
rvoznessxyy.life
rwefeaturlyin.top
sblackljjwc.run
sblackswmxc.top
scaitraohvi.bet
seasterxeen.run
sfeaturlyin.top
sflamingof.run
shoresolfe.live
sidebyafzy.digital
sifeaturlyin.top
sjackthyfuc.run
sjawdedmirror.run
slaminaflbx.shop
slinsidegrah.run
sohaeidacademy.com
sonehunqpom.life
sovercovtcg.top
sposseswsnc.top
starfiswh.live
stechguidet.digital
stestcawepr.run
strengbllk.live
szmedtipp.live
t8zmedtipp.live
t9flowerexju.bet
taigjmr.digital
taleweaiver.run
taretories.live
taskrunp.run
tblackswmxc.top
tclatteqrpq.digital
tclimatologfy.top
teczamedikal.org
temphatakpn.bet
texitiumt.digital
tfeaturlyin.top
tithethrv.run
tjgalijd.shop
tlaminaflbx.shop
tmedicalbitkisel.net
tninepicchf.bet
torijinalecza.org
tposseswsnc.top
tremelzxiy.live
tripfnote.shop
tsaxecocnak.live
tsnakejh.top
ttortoisgfe.top
ttravewlio.shop
tttechmindzs.live
u5eczamedikal.org
uaraucahkbm.live
ubearjk.live
ublackswmxc.top
ubrandihx.run
ubtcgeared.live
ubuzzarddf.live
uclatteqrpq.digital
ucornerdurv.top
udatawavej.digital
udescenrugb.bet
ufeaturlyin.top
undertsoky.run
unlimitedblandness.bet
unnatue.digital
uorjinalecza.net
uposseswsnc.top
valvulnsuq.run
varaucahkbm.live
vblackswmxc.top
vbrandihx.run
vcornerdurv.top
veczakozmetik.net
vfeaturlyin.top
vflowerexju.bet
vinsidegrah.run
vlaminaflbx.shop
vmaxmtsq.bet
vobeliske.digital
vovecturar.top
vovercovtcg.top
vposseswsnc.top
vracxilb.digital
vtechmindj.live
vwopusculy.top
w2bhaircuirfm.top
w8tortoisgfe.top
waeneasq.live
wbardcauft.run
wbearjk.live
wdarjkafsg.digital
weczakozmetik.net
wfeaturlyin.top
wintrerfeast.live
wonehunqpom.life
wopusculy.top
worldpofadventure.today
wposseswsnc.top
wskninepicchf.bet
wsnakejh.top
x0easterxeen.run
x2nodepathr.run
x8snakejh.top
xaraucahkbm.live
xblackswmxc.top
xdescenrugb.bet
xfeaturlyin.top
xflowerexju.bet
xlaminaflbx.shop
xlongitudde.digital
xnarrathfpt.top
xninepicchf.bet
xonehunqpom.life
xopusculy.top
xpvecturar.top
xqtestcawepr.run
xtestcawepr.run
xzenithcorde.top
y-grizzlqzuk.live
y4eczakozmetik.net
yaraucahkbm.live
yeasterxeen.run
yescczlv.top
yfeaturlyin.top
yfeczamedikal.org
ylaminaflbx.shop
ymedicalbitkisel.net
ymeteorplyp.live
yodescenrugb.bet
yonehunqpom.life
yorijinalecza.org
yorjinalecza.net
yposseswsnc.top
yq7zmedtipp.live
yscikevision.today
ytouvrlane.bet
yvdigitroopc.run
zblackljjwc.run
zblackswmxc.top
zclatteqrpq.digital
zcornerdurv.top
zhomewappzb.top
zivoznessxyy.life
zjackthyfuc.run
zlaminaflbx.shop
zorijinalecza.org
zovercovtcg.top
zposseswsnc.top
zpraetori.live
zsaxecocnak.live
zzenithcorde.top

# Reference: https://www.virustotal.com/gui/file/022a4da9ab2fe7e377b91d057787ca39ac5c3c0a598abce4750ef04646bf7f64/detection

fraud.claims
soursopsf.run
brolyx92.duckdns.org
webfornw.zapto.org

# Reference: https://www.virustotal.com/gui/file/022a4da9ab2fe7e377b91d057787ca39ac5c3c0a598abce4750ef04646bf7f64/detection

easyfwdr.digital

# Reference: https://x.com/skocherhan/status/1924949074543079708
# Reference: https://www.virustotal.com/gui/file/107f8c416f7d61390b42404877227f4127dc51ab245c83c4219db0cb58484aa7/detection

affil-1.pages.dev
affiliatetestserver.vodka
asfsafsafasfasf.pages.dev
vodka.money
vodka1.money
vodka3.money
vodkamoney.pages.dev

# Reference: https://www.virustotal.com/gui/file/027bdefdf5d8c3af7c094c03d94aba3134a946dfb1eb722de512735bbd32d380/detection

pulseproj.com

# Reference: https://www.virustotal.com/gui/file/081768de3838617112cac2d8ab1aa35c10f75d52f2e4e80e5a6b308afee4d311/detection

http://185.156.73.73

# Reference: https://x.com/skocherhan/status/1925426030098968982

anchovwwaw.live
bantukemas.com
bubblechrx.run
callrrx.live
cumuloxrlf.live
flyallfiredups.com
helplabp.run
hizliadak.com
jockstrapdisown.today
marybcook.com
ok-back.com
pinqejd.run
snakerjs.run
tattlererun.life
thecsilv.com
voluptlith.run

# Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b
# Reference: https://www.cisa.gov/sites/default/files/2025-05/aa25-141b-threat-actors-deploy-lummac2-malware-to-exfiltrate-sensitive-data-from-organizations.pdf

authorizev.site
hemispheredodnkkl.pw
tirechinecarpet.pw
xayfarer.live

# Reference: https://x.com/g0njxa/status/1925539039983112270

yuriy-andropov.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-05-22)

0advennture.top
0citellcagt.top
1techsyncq.run
2bogtkr.top
3clarmodq.top
3y7korxddl.top
5techguidet.digital
8escczlv.top
998parakehjet.run
9blackljjwc.run
ankyufh.live
bidausid.live
bnarrathfpt.top
cescczlv.top
dgalijd.shop
dordntx.top
ezenithcorde.top
gcitellcagt.top
ibuzzarddf.live
judiivk.live
klocalixbiw.top
korxddl.top
kqstrejqt.bet
lkorxddl.top
localixbiw.top
mescczlv.top
o-narrathfpt.top
ordntx.top
qcornerdurv.top
rcornerdurv.top
rnarrathfpt.top
rsnakejh.top
strejqt.bet
uonehunqpom.life
vbearjk.live
x3hmaxmtsq.bet
zcitellcagt.top
ztechguidet.digital
zthinkellk.run

# Reference: https://x.com/skocherhan/status/1925729581354385723

fiftyblob.boats
hourdigestion.icu
icureq.live
nervehorse.icu
quillexperience.icu
railwaystomach.xyz
wishson.icu
yarnwool.xyz
yeardegree.icu

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-05-19-IOCs-for-CypherIT-and-AutoIt-used-in-distribution-of-Lumma-Stealer.txt

5bubblezdjw.live
8winterghzp.digital
ehaircuirfm.top

# Reference: https://www.virustotal.com/gui/file/e29a3db17025e34336b10d36e5dd59ff5d1ac07ada8df0cddba0d3f3db689f65/detection

blockhubr.live

# Reference: https://x.com/banthisguy9349/status/1926170253723127869
# Reference: https://x.com/banthisguy9349/status/1926489865220202896

sasha-solzhenicyn.ru
rustore.sasha-solzhenicyn.ru

# Reference: https://x.com/skocherhan/status/1926152653542715411
# Reference: https://www.virustotal.com/gui/file/8615d7300624d906f0621bcdab4869d895cca8b589d255bc74ededdac131f366/detection

aphidojwdm.live
bullhevrgg.live
daggioc.run
defender.kim
gmmfjz.run
gofzm.digital
incqtq.run
phoucc.digital
windows.defender.kim

# Reference: https://www.virustotal.com/gui/file/039f4728a0464ca37e27111afb470951e672c87bbf32ee4dde63847ec5ef6228/detection

http://23.95.245.178
voznessxyy.life

# Reference: https://www.virustotal.com/gui/file/136189f6a02676b93067f01941c2e7c7a11322586988f99eb4f6678b72042968/detection

4partyinkilo5.lol
aura-atelier.shop
skyhigh-builders.buzz

# Reference: https://app.validin.com/detail?type=hash&find=d400248c84a4a4cbdf61#tab=host_pairs (# 2025-05-24)

airflysales.shop
blaspheme-herbal.shop
dark-and-white-colors.shop
dspnaubqehjwnpo.shop
elevated-outcomes.shop
files-fly.shop
globe-center.shop
host-hatch.shop
inktreenodes.shop
node-nudge.shop
qnetmy.shop
serve-sites.shop

# Reference: https://x.com/skocherhan/status/1926507155198267425

beemorning.icu
birthteeth.xyz
itopnext.com
lowspacewish.site
megabuy24.xyz
pancakebag.xyz

# Reference: https://x.com/RacWatchin8872/status/1927019425430945803

abubhj.digital
cabzka.digital
calyxtwldk.shop
coavgdc.digital
cyavf.digital
dimelb.digital
frevzb.digital
hadibg.digital
hehspdw.digital
horrduia.digital
lioqki.digital
lomeas.digital
medbnel.digital
pelcxt.digital
privwk.digital
seiyrd.digital
siilvlt.digital
spdbey.digital
sumeriieab.shop
terrgl.digital

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-05-26)

bushzy.digital
caniir.digital
cirxr.digital
cvzco.run
devotiwpad.live
diecam.top
dusrb.digital
ectacz.digital
fedor-dostoevskiy.com
fedor-turin.ru
firzql.digital
fliobo.run
gejezu.digital
genusbwaiw.live
greengwjz.top
harumseeiw.top
hasta.digital
incxwf.shop
indict.digital
miskfg.digital
nercy.live
rechq.digital
sasha-solzhenicyn.run
scricn.digital
sharpy.digital
twinwx.digital
untgst.run
untikr.digital
6441056b613c32a9.sasha-solzhenicyn.ru
russtore.sasha-solzhenicyn.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-05-31)

0cornerdurv.top
0galijd.shop
0testcawepr.run
1anesthwtcm.run
1btcgeared.live
1darjkafsg.digital
1haircuirfm.top
1jfeaturlyin.top
1zealjkh.digital
2techsyncq.run
2winterghzp.digital
3featurlyin.top
3narrathfpt.top
3overcovtcg.top
4bubblezdjw.live
4cc3c767-806f-4deb-a2f0-9260e37035c4.sasha-solzhenicyn.ru
4citellcagt.top
4kmaxmtsq.bet
5caitraohvi.bet
5maxmtsq.bet
6c-ankyufh.live
6escczlv.top
7parakehjet.run
7testcawepr.run
8techguidet.digital
8threatqjqy.top
9caitraohvi.bet
9galijd.shop
9saxecocnak.live
9strejqt.bet
acitellcagt.top
acoustpbns.run
ad7saxecocnak.live
andiranmbr.live
athreatqjqy.top
autodiscover.fedor-turin.ru
baacsr.run
battlefled.top
bbubblezdjw.live
biighy.live
bjackthyfuc.run
bonehunqpom.life
brefif.run
cjackthyfuc.run
clatdk.live
cooscomunicacion.buzz
d3nighetwhisper.top
dariosefqcu.shop
dbubblezdjw.live
dmaxmtsq.bet
drblackswmxc.top
drhvxj.live
evonehunqpom.life
fcitellcagt.top
fnarrathfpt.top
fzenithcorde.top
g4ntrotwhvn.live
glaminaflbx.shop
gleasegjjr.digital
gtropiscbs.live
hwinterghzp.digital
hwoodpeckersd.run
icitellcagt.top
igalijd.shop
imaxmtsq.bet
jnarrathfpt.top
jyfishgh.digital
kclarmodq.top
kstrejqt.bet
lcaitraohvi.bet
lgalijd.shop
lonehunqpom.life
lqbflowerexju.bet
ltechguidet.digital
lwinterghzp.digital
m9clarmodq.top
mail.fedor-turin.ru
mail.wallstolife.com
majlkj.live
makeyrlo.top
map.fedor-turin.ru
map.sasha-solzhenicyn.ru
maps.fedor-turin.ru
maps.sasha-solzhenicyn.ru
mcitellcagt.top
me-overcovtcg.top
nanchovwwaw.live
ncitellcagt.top
nfeaturlyin.top
nnewzeconi.digital
nonehunqpom.life
nrustore.sasha-solzhenicyn.ru
nsasha-solzhenicyn.ru
nzenithcorde.top
owa.fedor-turin.ru
pavpwe.run
pcaitraohvi.bet
phaseogytr.run
plaifolu.live
pnordntx.top
qescczlv.top
qhaircuirfm.top
qizenithcorde.top
racueu.run
radfyzg.digital
rhemispherexz.top
rjackthyfuc.run
rtechsyncq.run
russtore.fedor-turin.ru
rustore.fedor-turin.ru
s4cc3c767-806f-4deb-a2f0-9260e37035c4.sasha-solzhenicyn.ru
sarmoryarch.shop
sitemap.fedor-turin.ru
sitemap.sasha-solzhenicyn.ru
sitemaps.fedor-turin.ru
sitemaps.sasha-solzhenicyn.ru
skpostsk.cfd
snarrathfpt.top
stockmgdd.live
stockyslam.top
sxzkfc.digital
tbuzzarddf.live
thundeqqbw.bet
tidwhf.live
tlocalixbiw.top
tnlocalixbiw.top
tparakehjet.run
ujackthyfuc.run
uporpoisecx.run
venarrathfpt.top
vjackthyfuc.run
vselfdefens.bet
vsfeaturlyin.top
wa.fedor-turin.ru
xcaitraohvi.bet
xcornerdurv.top
xijackthyfuc.run
xonemiltxny.shop
yovercovtcg.top
ztechsyncq.run
ztestcawepr.run

# Reference: https://x.com/p3bt3b/status/1929178150585385223

5ptit5tuded.cyou
aboundag.run
abradeldbb.run
adaptwrx.digital
advancemeq.run
advertisgnj.cyou
aiupdatesd.live
alluringeui.cyou
ammoanaly.live
antikidi.live
astrivee.world
axionexv.life
badoowaideokel.com
battlewlds.live
belleiengieusy.cyou
biseagrre.run
bleed5great.cyou
bulletiner.life
bxreezyretreat.boats
callinuxwf.run
castifye.live
castmanb.live
catedshamefiregifhse.xyz
chipkitk.run
chivalryr.run
citydream.live
clashpravg.cyou
clearui.run
coldshpwyb.run
cometusm.run
coreflighyn.cyou
corgiw.live
coyoteqw.run
currenctlu.cyou
cyberheive.life
datacuet.live
datalabo.run
deviatemow.live
digimodt.live
drawerbeggar.cfd
dryeyewqpx.live
ecomtechv.live
fairytalesw.run
fcushionpillow.live
flighthon.life
forgeitu.live
freedompoa.live
freshredfish00.shop
freshredfish01.shop
freshredfish02.shop
freshredfish03.shop
freshredfish04.shop
freshredfish05.shop
freshredfish06.shop
freshredfish07.shop
freshredfish09.shop
geckoz.digital
gendatag.run
globetrotfe.world
hallowewaplk.run
handgunhan.live
heraldmstaff.live
hoparround.live
hopezx.run
improvsv.live
innovdg.live
irlecont.live
issuehouf.live
jealousslotoykwo.xyz
jellyfishatth.icu
joustingt.run
jumpstarbt.live
jungleamly.run
kiddyphisicallypr.xyz
kirghiqldh.run
kzteamprokla5.icu
ledtechl.run
legatusi.run
lemonwsljq.live
lightenzxc.run
lunafixg.life
magnetvxss.live
maidenbfair.run
maximusw.live
meltifyq.run
metaldoi.run
metalonc.run
modproz.run
modrisey.live
modteamo.live
moldwaye.live
moonskyo.run
moultruchsi.icu
mygadgety.live
mysticmeladow.boats
naturefarmingideas.life
netgizmow.live
ngotronl.run
noblequestx.live
noticedseuh.icu
novapixw.bet
nxaturepals.life
nyalat.run
optiversavl.run
orbitust.bet
owpenfield.run
pardonbackypestyduw.xyz
patronar.run
pearlgclutch.run
pitheckmsv.live
playbfulpicnic.pics
pqembridge.run
precisionde.live
ravebnks.live
risehighq.live
royalwuet.live
sailxz.run
salveupp.run
scrapixo.live
scrapodn.run
sdolarisp.icu
serenecomhfort.life
simplifyq.live
singaprateq.run
skunkxd.live
slowdomkaf.run
smartdatac.run
smelterc.live
smeltioc.run
snugglcycloud.life
soarxvc.run
soliduso.digital
spainbizzr.run
sqhadowguard.run
statibesearch.world
stepupnwr.live
subnorrepg.run
techstyleg.run
thawuy.run
therefsphn.run
threeviolen.icu
thrumgh.live
tidalqhbf.live
tiltvc.digital
todaybyteh.live
tomorrefig.run
tracefd.run
tripfjoyq.life
triphmind.world
tripperxe.live
trsipbeat.world
udsysy.run
ukranege.run
unfolddh.live
unicoriun.live
unihubd.run
unsounsucq.run
valiantdey.live
valuesads.run
vanceteo.run
violanticys.cyou
visionmp.live
voteytr.live
vqalkyrieong.run
wandelrgo.live
wandervc.live
web-security3.com
webpointsl.run
weldecii.live
weldmaxi.digital
wisecr213acktr.cyou
wishagy.live
wolfestandt.run
woodhlandsong.life
woodrebough.run
wordingyhwj.cyou
wrensavoruziu.cyou
zestyasd.run

# Reference: https://x.com/RacWatchin8872/status/1929538310927438219

aihrws.digital
buqtnw.digital
buymxl.digital
cdztf.digital
conzjo.digital
deerzha.digital
hyperqv.digital
joshuagrde.shop
loibgd.digital
loppkq.digital
massisv.digital
nemzvg.digital
payaob.digital
peagzxx.digital
prmbv.digital
salkn.digital
shouqe.digital
silkyacvty.top
sltua.digital
spwha.digital
wiqvty.digital

# Reference: https://x.com/skocherhan/status/1929721088763675083

autogearw.live
bariysf.live
bayg.run
blauaq.live
camckl.digital
citywo.live
claimyourellexir.icu
claimyourellexir.life
claimyourellexir.run
claimyourellexir.top
comimif.digital
debxbu.run
extnpn.live
fipctc.digital
hamgwji.digital
inclinwhrd.top
invertdbdi.top
ivan-turgenev.pro
jusojy.digital
matoqri.digital
mibtsm.run
plaxyrj.run
revkeqn.run
scooyp.run
screhwc.live
shoolh.digital
slqpny.digital
succlnct.icu
summd.run
tinklertjp.bet
ullyr.run
unbelao.live
vinudt.run
weezpu.run
witchdbhy.run
xoglabs.top

# Reference: https://x.com/skocherhan/status/1929773114986025282

adfn.digital
algfbg.live
cipjfb.run
eoelav.digital
innocents.ru
iridiukafw.run
meteorsmm.top
mlmcuz.live
sortirv.live
spcbbe.digital
tryjxp.run
zonescdns.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-06-05)

http://195.82.147.188
195.82.147.188:443
12333333.sasha-solzhenicyn.ru
1254528c-235e-4b9b-9bf3-850214133e82.selcdn.net
4cc3c767-806f-4deb-a2f0-9260e37035c4.fedor-turin.ru
acoustpbns.run
adfn.digital
advertozaq.run
aerosobbyy.live
aihrws.digital
aiupdatesd.live
alcohoyxrf.run
algfbg.live
ammoanaly.live
analbuctwn.live
anteceflwq.live
antikidi.live
astrogdtps.run
autodiscorver.fedor-turin.ru
autodiscover.sasha-solzhenicyn.ru
axionexv.life
bastinkbpg.run
battlewlds.live
biighy.live
buineeeitalypost.top
bulletiner.life
buqtnw.digital
buymxl.digital
castifye.live
castmanb.live
cat.fedor-turin.ru
cdztf.digital
citydream.live
clatdk.live
cleftipkd.live
conzjo.digital
corgiw.live
criminnbkb.run
cyberheive.life
dalasisrud.run
datacuet.live
deerzha.digital
destroltee.live
deviatemow.live
digimodt.live
drhvxj.live
dryeyewqpx.live
eastwahljc.live
ecomtechv.live
emonitorinbl.top
eoelav.digital
evgida.live
facebgll.run
fcushionpillow.live
fipctc.digital
fleurdcuyt.digital
flighthon.life
forgeitu.live
freedompoa.live
gaauo.live
gauntlxdgq.run
glybbp.live
goldenwuwy.run
gzjiuguanjia.com
handgunhan.live
heartokait.digital
hematobmmt.digital
heraldmstaff.live
histiougzo.digital
hoparround.live
htedh5e.today
hyperqv.digital
improvsv.live
innovdg.live
issuehouf.live
japaneonto.digital
joshuagrde.shop
jumpstarbt.live
kerosibfsm.digital
lemonwsljq.live
lenienhywi.run
lepidobdkn.digital
lionetgisu.live
live.irlecont
live.ironloxp.live
loibgd.digital
loppkq.digital
lumamarket.fun
lunafixg.life
madiasdqzr.run
magnetvxss.live
magwaeg.live
map.fedor-turin.ru
map.sasha-solzhenicyn.ru
maps.fedor-turin.ru
maps.sasha-solzhenicyn.ru
massisv.digital
maximusw.live
mibtsm.run
modrisey.live
modteamo.live
moldwaye.live
moufflcmgz.run
mousehulyb.live
mygadgety.live
nemzvg.digital
netgizmow.live
noblequestx.live
nxaturepals.life
orkspy.run
overtujvky.digital
owa.sasha-solzhenicyn.ru
pavpwe.run
payaob.digital
peagzxx.digital
pickcwh.run
pickupkwrp.live
plaxyrj.run
precisionde.live
prmbv.digital
properiloe.digital
punfej.run
puresqrk.live
racueu.run
ratwzk.run
re-verify.info
repzyb.digital
revkeqn.run
risehighq.live
royalwuet.live
rua.fedor-turin.ru
ruborfdyi.digital
runtnwq.run
ruowa.fedor-turin.ru
rurua.fedor-turin.ru
rurusstore.fedor-turin.ru
salkn.digital
screhwc.live
serenecomhfort.life
shelveftls.live
shouqe.digital
silkyacvty.top
simplifyq.live
skunkxd.live
slqpny.digital
sltua.digital
smelterc.live
sneize.run
snugglcycloud.life
spangftsw.digital
spwha.digital
stepupnwr.live
susqhj.run
swoenship.run
sxzkfc.digital
szabpq.live
tacticaltalks.live
thrumgh.live
tidalqhbf.live
tidwhf.live
tinklertjp.bet
tryjxp.run
tyrpsrl.live
unceasnowj.run
uninfowprg.live
urginll.digital
veloutgfht.digital
wa.sasha-solzhenicyn.ru
walleyphpm.run
welldyzb.live
wepwwd.live
wiqvty.digital
witchdbhy.run
wom-cle.shop
woodhlandsong.life
wrapupcrcs.digital
xrayz.run
xyraxl.run

# Reference: https://x.com/skocherhan/status/1930828608139915483
# Reference: https://www.virustotal.com/gui/ip-address/195.82.147.188/relations

aculpr.xyz
agnioysz.xyz
atomihc.xyz
beakewi.run
cemeepv.xyz
censukpy.xyz
cmehh.live
contjs.digital
crimod.xyz
crowfza.xyz
deadir.live
devugp.live
disstqr.run
doneusb.xyz
echimdi.xyz
epsvy.top
fritron.xyz
furifli.xyz
genusie.xyz
geuscljjs.shop
gldsotklz.run
glittmb.xyz
iscouzfya.top
jagatwb.live
jetd.live
kiddykk.xyz
lrqob.live
malvuqr.xyz
matkdpy.xyz
monpratocol.icu
movgpk.live
negotm.xyz
peppinqikp.xyz
portldu.xyz
recipnh.xyz
ribbomv.xyz
ripenue.xyz
roriwfq.xyz
sstemxehg.shop
stochalyqp.xyz
stresq.live
sunbfe.run
takesnly.shop
tastqpk.xyz
toeat.run
vladimir-nabokov.online
vladimir-nabokov.ru
vtliantw.live
wakljur.live
waxnps.live
wzrx.live
youngnu.xyz

# Reference: https://www.virustotal.com/gui/ip-address/195.82.147.187/relations

http://195.82.147.187
195.82.147.187:443
bevm.fun
klokapp.run
playontoy.run

# Reference: https://www.virustotal.com/gui/file/8e5e0ac62b549128985ff574cfe59ab3efddba42a5f0c413d08d0852b827e883/detection

rekrra.run

# Reference: https://www.virustotal.com/gui/file/1a790a9c176acdd79324e0572e5558292947a1115879bb3b8e88519190c6e5cb/detection

airwanhder.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-03-25-v10890/2569

netbitec.live

# Reference: https://www.virustotal.com/gui/file/7d87e22ea8214ead88dbb4bd4671e8f3cfe34ce05a153f8b725e8fb0944ede71/detection

ferrousz.digital

# Reference: https://www.virustotal.com/gui/file/31d34ee56069c44bb8446b12c5d30b5d34e639ae33a571b642ad57cc2b774bba/detection

brightharbor.shop
netcorde.run

# Reference: https://www.virustotal.com/gui/file/c23fa7241a5d806f1cad8917987ca1820f7e5385b38814104f7314fa1b6314b0/detection
# Reference: https://www.virustotal.com/gui/file/2186d8493677107f035ee0fb07f8df726ce7f4cc042bd162e0bad17b418d7ce4/detection

blingharbor.shop
rodstepv.digital

# Reference: https://www.virustotal.com/gui/file/6d1ee76f6000588aaa6b8f2e43107ae0af77f398c71dd58ce00759064f9c2b14/detection

galactad.world

# Reference: https://www.virustotal.com/gui/file/1c593ec9b5b035dfb2e73c383bb5f306b7583c793f39471eb8a9c1c012fb58b6/detection

galactich.today

# Reference: https://www.virustotal.com/gui/file/05263591f7b1487a6cefd98bf47d8a1afcb96d3a0c81f9192817ae1d7fb49c9e/detection

castlaby.live

# Reference: https://www.virustotal.com/gui/file/0e2969bd296c4d633fb91e3333bb9d2f52805bdc6d44d6440bb22dabcc5c1b9b/detection
# Reference: https://www.virustotal.com/gui/file/da2f25a8d4658bbe7d2e01b9301c745f2df425146424e831e6d370be48fb787f/detection

castmann.run

# Reference: https://www.virustotal.com/gui/file/63bd9cf2383f2fc71e5b33c9979d5bcd22944fdb0eae39c3d0e3fbffc6cda893/detection

voyagiei.run

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-01-v10895/2585

ailmentr.run
deflamep.live
ferrofyg.run
oreironx.live
weldarob.live

# Reference: https://www.virustotal.com/gui/file/00a43afa00909000c284d1c88456ee03fb3e55bbbf1992822c44f6244b9d764a/detection

advancesg.live
grxeasyw.digital
rectalcrumb.shop
rhxhube.run
rlxspoty.run
h1.rectalcrumb.shop

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-03-v10897/2592

candidt.live
freshyu.digital
ingotyxx.live
krxspint.digital
liberatuie.run

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-08-v10900/2605

palsmedq.run
zealjkh.digital

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-10-v10902/2615

dipsafals.digital
riseupsz.live
wizmodi.digital

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-11-v10903/2618

elvernwood.digital
modtunes.live

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2025-04-14-v10904/2625

vqaliantheart.live

# Reference: https://www.virustotal.com/gui/file/487420dd26047e44f53acd3d3a80ed51d798fa6426ea7d065e7296f6b36692ff/detection

hungreecoq.run

# Reference: https://www.virustotal.com/gui/file/1a013a1a3deabd28209e60bf95569ab0ff155ae4f1af4bdb291db6feef2569fa/detection

drypingzyr.run

# Reference: https://www.virustotal.com/gui/file/00a52b97eba83caaee8c9d597f832eed56373ac1b73c905dc9de7337973cb7be/detection

bogtkr.top

# Reference: https://www.virustotal.com/gui/file/907b85eb79550da55e7cbd45f151a33fc57fb85d47e3c6091f7fac2cbdeeb476/detection

domaincrop.fun

# Reference: https://x.com/1ZRR4H/status/1932322785696559194
# Reference: https://app.validin.com/detail?find=40.91.108.115&type=ip4&ref_id=4fb898bc515#tab=resolutions

blacksmithz.run
digitroopc.run
extentygow.cyou
far-flung-chon.cyou
fau1tr0mantic.cyou
fosteryehnit.cyou
freshenqew.digital
fresheslam.run
futurizez.live
gainyposhz72.cyou
gunlimit.digital
harvestyepn.cyou
identytyh.cyou
inglexhsg.digital
jumpxer.run
lampk1ted.cyou
licencedjh.cyou
microsoft-free.live
micrst020o3soft.live
myonenoteoutlook.live
needyshaftyz.cyou
office360livemail.live
oficep360.life
patchdivorco.cyou
preachlock12.cyou
progersin.cyou
pupiluersh.cyou
qqmusic.cloud
queuedbyn.cyou
raterevelance.cyou
romanticuscuw.cyou
rxoffersu.run
shared-online.live
smootscatte.cyou
stopruthless.cyou
sunnydisturbev.cyou
sysmeshm.run
tolerany.cyou
veraothu.cyou
youronlineregistration.live
zavalus.pw
zootechq.run

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-06-10)

abezgec.top
abundantdisciplineju.shop
accsrf.top
accusedressproc.fun
acrmfy.live
activxeadventures.tech
advancgtos.shop
adventurequesxt.tech
adventurqopirit.tech
adventurzoussoul.tech
advventurousspi.tech
albatrkloss.digital
alignmqsfk.shop
ambitiondimensiojjeu.shop
ammazingjourney.tech
arnojn.digital
arthurkimbangcotreo.shop
atonishingjwu.shop
aurifyacrosses.fun
autocrhbdr.live
auxthentic.tech
badasshardggg.fun
barmaleygos.fun
beatsnatchdietirony.shop
beddydoublemi.fun
bedroomgrassydwus.shop
beginningboundewk.xyz
bentrez.com
bindstrawwypenumatiws.shop
birkl.digital
bishopinnv.shop
blackholez.shop
bleeddepart.fun
blmhe.digital
bloomingivdeas.tech
bnsx.digital
bodilyooas.shop
booboofur.fun
bottomulcp.digital
bowelwordingexeedw.fun
boxmc.xyz
brakewhiterop.fun
bratigerline.fun
braveheavyintersorwa.shop
breadbasketfree.fun
breadtutuskirt.fun
brgightpath.tech
brightfutuxres.tech
brigxhtminds.tech
britnuq.xyz
broccolydecidesrbeb.shop
brocolilegaistatipo.shop
bulletioncatstoolyeop.fun
callhawj.top
calmingwavesn.tech
cautionesbreadfruitov.shop
cazringhands.tech
ceilingguffwaretwops.shop
ceohm.digital
chachaflipups.fun
chillvibves.tech
circulatebilebrattwko.shop
cjlearpath.tech
clevzerideas.tech
cnjxok.run
coalitionglowmurcufl.shop
coedxz.xyz
coinynodek.fun
colectionittapepo.shop
collaboratizveefforts.tech
comedyspidercoaterwyp.fun
comfortress.fun
compassxionateworl.tech
compazssionateworld.tech
consultationuniformkj.shop
countrnncn.xyz
courtfamilyexoticc.shop
cowqqk.digital
crispcjoffee.tech
cryymd.xyz
curiousexploxrer.tech
curiousmindsxet.tech
curiouvsmind.tech
curioxuscats.tech
curriculumneckcomp.shop
cyclopondoshollap.shop
dedhq.run
definitioncupportti.shop
denimok.net
depjjda.xyz
diagramapplicatiewui.fun
dicyth.xyz
digijtaldream.tech
dinnerhavepear.fun
disciplinemosaictello.shop
discoverl.digital
divorceofficerrybride.shop
dolmxn.xyz
dominationleadershipo.shop
downbmn.xyz
dreajmydays.tech
dreammschoolwarys.xyz
drivewaysetdec.fun
dyadqcot.fun
dynamicgrzowth.tech
dypnamicflow.tech
eaglecheastdiesow.shop
earthfhyfarms.icu
easzxy.top
egmuft.digital
elephancouped.fun
eleycv.shop
encouragingzthts.tech
endlessajdventures.tech
enhancety.digital
enixbilities.tech
enrgexqperiences.tech
epstainable.digital
erilhvs.digital
evrydaywoqnders.tech
exclusionanminoor.shop
exclusivesmartdullj.shop
executrixburryd.shop
exodhr.xyz
expjlorewithme.tech
fantasyreferryairs.pics
favgqu.shop
fearleszsjourney.tech
fecymm.xyz
federalfso.fun
feelingsnakefileww.fun
fertilehatefullykoe.shop
flashydependentfabu.shop
flawlessloutisheuw.shop
flockkydwos.shop
forxbe.digital
framespareresearchhewu.shop
franchisesentenceoppo.shop
freshstjarttoday.tech
friendnunblat.fun
frustreghm.xyz
fullnjd.xyz
gameloopb.digital
gampysr.digital
garexqz.xyz
geglrx.xyz
generatedlexibleop.shop
genntlebreeze.tech
genuscliyt.top
geoezo.top
ghloa.digital
girlfriendrelialkks.shop
goalbegestimanteko.shop
hallonstrouskjl.fun
happxyhome.tech
happyjojurneys.tech
haretq.live
healingjoxurney.tech
heartfeltmoxments.tech
heartfuzlliving.tech
herqtfexpressions.tech
herwxtx.xyz
heryam.xyz
hiapoc.digital
historyreinforceow.fun
hitreasurxes.tech
honorablenonstoppe.shop
hopefulsupposed.fun
hungryberserkcurverw.shop
hyxhxi.shop
hzappyfeet.tech
illusrionsurounnju.shop
imasar.digital
incapableoperationli.shop
industrybuttonyoferwa.fun
informationboothpo.fun
integrityleftossfe.xyz
intentionsituationra.shop
interexstingi.tech
intsn.run
jailykingi.site
jeansjumpersjuk.shop
joyfulcreativizty.tech
joyfuljonurney.tech
joyfuljoxurney.tech
joyfzulconnections.tech
jthesimplelife.tech
kevlarbronedcores.shop
kindhearomqmunity.tech
kinwlyo.xyz
kwork-order.shop
kwork.digital
lasbmt.xyz
legislaturestingtempyk.shop
levelcleveraboards.shop
limitxlesspo.tech
livelnymoments.tech
liveroadcathdonejajw.shop
lixkyf.xyz
liyqconversations.tech
lovelydetanils.tech
lzearningtogether.tech
maddeningtiresomeselc.shop
magnitudetrickhooke.fun
majorityturmourbaltw.shop
marketlum.fun
marketslum.fun
merithandicapraiseow.fun
microphonemchanichipo.shop
mildsilencedeniallyewo.fun
mindfulcreatixvity.tech
mindfullivinqgguide.tech
mindfulmojments.tech
mindfulmopments.tech
mindfulmoxments.tech
mindfultraxvels.tech
mixoyxa.digital
miyelv.xyz
modernkitcjhen.tech
monru.run
moonlqit.icu
mosqueskinfligghtwop.shop
mousemonnetjuks.shop
moveretiredlanddymixt.shop
mvideo-ru.digital
mynsticaljourney.tech
nailnecklaycehondjk.shop
nailwillnew.fun
nanpal.digital
nextlevelz.tech
nonenecrateridsof.shop
norjeu.digital
nowqx.xyz
nxatureinspired.tech
nxaturelover.tech
omnitelurengoisa.shop
opalxrr.xyz
oppowrongyy.fun
optimistxicoutlook.tech
oralcomplexyfreeopew.fun
oslzskf.digital
overchangpurblisheh.shop
paralinguisticsalomer.shop
parfaitlightslo.fun
peacefjulmindset.tech
peacefulpathwaxys.tech
peacefulplxace.tech
peqywb.top
perceptionnycommands.xyz
plapwf.top
playfulexnergy.tech
playfulspxirits.tech
playfuzlminds.tech
playfzulspirit.tech
plfyg.digital
plkensnaije.top
pothoai.run
poxtlb.shop
prihxo.shop
primarykneet.fun
privypbomg.top
prizeroughtskldo.xyz
profilefeebaackk.shop
provemovementpeake.fun
psalgd.xyz
purposefulxliving.tech
qplayfulspirit.tech
radianntpaths.tech
radiantqlife.tech
railikk.digital
ratibae.digital
raxdiantenergy.tech
readyplasticdckye.shop
rearvb.shop
recessbgbs.shop
redceeectronicin.shop
referoweclockapoe.shop
rejecurly.fun
reliefcreepstamywos.shop
reqzeb.digital
researchervariationnyw.shop
resolvhwou.top
retfxv.digital
rnclhy.digital
rocketpotsww.shop
rommelhuamboso.fun
rowprincegoodroyola.shop
rustore.digital
sazerc.digital
scretaa.digital
seeatatignowartws.shop
sekkcableagendad.shop
selfdiscozvery.tech
sewordsqdaily.tech
shinningstars.tech
shool.digital
shortenskinne.top
shutvg.xyz
silverwaver.fun
simxplepleasus.tech
singapxtyr.live
slybkmo.digital
smoapwc.shop
smxartchoices.tech
snehlc.digital
souzlfulsounds.tech
spherespecultadosse.shop
stardashn.shop
steadfastflowerryfir.shop
stmuta.digital
stomrnd.xyz
storagfomp.run
stripdoorbareshowe.fun
struggleoffen.fun
stxylishliving.tech
subwaylaterrysdj.xyz
succeszsfuljourney.tech
summaryadmissionnyl.shop
surgeyt.digital
swallowpractocaowlp.shop
sweetescpapes.tech
swenku.xyz
switchthesisconfiders.shop
swkkje.digital
swydug.xyz
synangiacumidinealbit.shop
syscodep.digital
tangledxwood.digital
telepgoneshootprottw.shop
televisionjurryetern.shop
televisionoffersks.shop
tetragonsmesiadanns.shop
thicew.xyz
thiroqu.live
thoughtfunlr.tech
thozughtfulgifts.tech
thrivinxgcommunity.tech
thrixvingtogether.tech
totalqt.xyz
totplh.xyz
toupdu.digital
tranqtuilpillow.today
trickyadjoiningjjy.shop
truecolxors.tech
truycs.digital
twinco.top
undiveonax.run
unigtyincommunity.tech
unrestdisapeearso.xyz
uplifqtingthoughts.tech
uplifthgf.digital
upliftingexpzeriences.tech
upturnnidx.live
vibrajntvibes.tech
vibrantcommunzities.tech
vibrantdreanms.tech
vibrantljife.tech
vibranxtlifestyle.tech
vibrvantprints.tech
wandejrlust.tech
watchpotentioalbkewo.shop
waterscoppen.com
webfluxd.digital
wellrmy.xyz
wholistichealqth.tech
wilvrdu.top
wisdozmseekers.tech
wojbi.xyz
wronginjectsighttipe.fun
xjoyfulcelebr.tech
xpeacefulvibes.tech

# Reference: https://x.com/silentpush/status/1933077627604226294

anzkb.xyz
aryxnw.xyz
assixny.xyz
bowoqur.xyz
callbacywo.xyz
calledbf.run
caltgc.xyz
canpnh.xyz
centjp.xyz
clirujf.xyz
cobxlm.xyz
coqqxn.xyz
decmzf.xyz
ethnugm.xyz
fetaokt.xyz
guerp.xyz
harmrvw.xyz
hickcsp.xyz
horavd.xyz
immkay.xyz
ineyay.xyz
lakxd.xyz
leutjm.xyz
mindlevqtg.xyz
mordpdv.xyz
myxokgc.xyz
negqjcj.xyz
oblieg.xyz
olzoxo.xyz
proqei.xyz
rapidht.xyz
ravisrq.xyz
resdcv.xyz
roadpxma.run
saokwe.xyz
sbexv.xyz
shaqgn.xyz
sldnys.xyz
strkap.xyz
tarewry.xyz
tilmx.xyz
trenrz.xyz
triobm.xyz
uncombsguq.xyz
unemtyq.xyz
unlfee.xyz
unvkoj.xyz
zwiirl.xyz

# Reference: https://x.com/tofzonne/status/1932656382160871690

mrback.cloud

# Reference: https://x.com/skocherhan/status/1933770733697515932

anymeshes.pro
edgemaple.pro
servecore.today
skoch-g9574.in

# Reference: https://www.virustotal.com/gui/file/72211d8c206cbf68516c89895227f44dc8a7726a89df27268c74027809443088/detection
# Reference: https://www.virustotal.com/gui/file/6c842fe4aadb70d2fd59fad45fe1fec60f109ff97ba4bd845cb9aa959da665af/detection

naturasixc.live

# Reference: https://www.virustotal.com/gui/file/3a35ce764f276a3ddc2227ae3fe42e05780c9cd7254446044d012a296985c45e/detection

stifp.live

# Reference: https://threatfox.abuse.ch/ioc/1542583/
# Reference: https://app.validin.com/detail?find=195.82.147.186&type=ip4&ref_id=aaf078adef9#tab=resolutions (# 2025-06-16)

http://195.82.147.186
195.82.147.186:443
gasfeesethereum.icu
idriss.icu
memecor.icu
testnetmonad.icu

# Reference: https://x.com/abuse_ch/status/1934987754753982527

195.82.146.193:443
195.82.146.221:443
195.82.146.223:443
drafxc.xyz
twiory.xyz

# Reference: https://x.com/skocherhan/status/1935001213860454533
# Reference: https://www.virustotal.com/gui/file/24d7fd4982e36313c881293e6c7dfc680ea94783e03258ea1b07c919143678a2/detection

multiport.shop
skoch-zpeiw.in

# Reference: https://x.com/ShanHolo/status/1935641641290973568

baviip.xyz
bavmv.xyz
equidn.xyz
muzesd.run
schrvk.xyz
trqqe.xyz

# Reference: https://app.validin.com/detail?type=ip&find=85.90.196.155#tab=resolutions

http://85.90.196.155
85.90.196.155:443
anizwlg.xyz
antvu.xyz
atlgqc.xyz
atrojr.xyz
beyxm.xyz
blolln.xyz
blotzm.xyz
bokcgjf.xyz
bowikth.xyz
bowmzf.xyz
boysvf.xyz
butaqud.xyz
catachq.xyz
cojcx.xyz
colonj.xyz
crowngm.xyz
deangp.xyz
detru.xyz
disunu.xyz
electis.xyz
eyermug.xyz
fantpx.xyz
ferzja.xyz
firddy.xyz
galeuqqi.xyz
gasguip.xyz
gewgb.xyz
guttexq.xyz
inflvy.xyz
insye.xyz
irrbi.xyz
kuwtpt.xyz
leftlam.xyz
lifyg.xyz
markwbp.xyz
masor.xyz
mincpiu.xyz
monbd.xyz
monteyh.xyz
monxxb.xyz
nafuq.xyz
naturuk.xyz
nepjz.xyz
norcgdu.xyz
opcez.xyz
praimr.xyz
proxgn.xyz
pyrolqi.xyz
pzbx.xyz
quailnf.xyz
rabqjz.xyz
reexmv.top
restcr.xyz
ropyi.xyz
scihvh.xyz
shaeb.xyz
shawq.xyz
shaypy.xyz
silvyg.xyz
skjgx.xyz
spjeo.xyz
spliba.xyz
splizl.xyz
squafu.xyz
stacdqi.xyz
stranlk.xyz
strinth.xyz
sunssek.xyz
swejog.xyz
tamnmx.xyz
thumse.xyz
thuyrxi.xyz
titco.xyz
transzw.xyz
tuead.xyz
tymvd.xyz
voluntv.xyz
wiggmyq.xyz
wrenthu.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-06-20)

http://85.90.196.153
85.90.196.153:443
calpewawd.run
dhl-lhome.xyz
greqjfu.xyz
naturelovet.top
nightdelicatekols.shop

# Reference: https://x.com/Fact_Finder03/status/1937008374932967866

lumma.web.id

# Reference: https://app.validin.com/detail?find=144.172.115.212&type=ip4&ref_id=9f66936bcda#tab=resolutions

abgzg.xyz
absqln.lat
adsay.xyz
aligey.pics
almzsff.shop
antiqez.shop
antvu.xyz
appqzk.pics
argentiy.top
atlantm.pics
atrojr.xyz
backbx.shop
baroxk.shop
basmsz.xyz
battrf.xyz
beyxm.xyz
bidafgs.lat
bouzxme.shop
braoto.top
bumualu.shop
butaqud.xyz
calxzg.top
capxw.xyz
carroml.lat
carrqp.pics
castcp.lat
casupfi.shop
cateagb.top
cbakk.xyz
cennqq.lat
centbua.pics
cexpxg.xyz
clehygs.shop
clgsh.xyz
cljaln.top
cojcx.xyz
comkxjs.xyz
concvek.shop
contnm.xyz
couamcs.lat
couplpx.top
crawbu.lat
creewuh.shop
crocfz.shop
crowngm.xyz
cryswfn.lat
cucujxc.shop
cziv.shop
darkibn.top
dealbht.shop
decyzz.lat
detru.xyz
didli.xyz
diseysy.lat
dkkig.xyz
dktnd.top
dusjnnn.shop
dzyzb.xyz
earlyew.lat
eboknt.xyz
electis.xyz
emegln.lat
enadpn.pics
endoda.lat
falsiu.shop
familyh.pics
fantpx.xyz
fedes.pics
feelgf.lat
ferjpn.top
ferzja.xyz
flagowe.shop
flizsf.pics
flotzi.shop
folshvs.top
foospjo.lat
foqdra.lat
foqmpk.shop
fpxawz.pics
freqbkv.top
gecoea.lat
geczs.xyz
genhqq.xyz
genmkh.xyz
gilyesu.top
giyewf.shop
gizqt.xyz
glhvps.lat
grhod.shop
grkozh.shop
grkuek.pics
gumkq.xyz
harmst.shop
havyfad.top
heojy.shop
herell.pics
hucwjx.top
idrnmk.top
imperfl.shop
impvmg.pics
insye.xyz
invjzc.shop
irremr.shop
isstdd.lat
iswxch.pics
jaizmf.top
jewbhl.pics
juslcl.shop
keevg.top
ketxsuz.xyz
leehpfe.shop
lelurr.top
letfp.shop
liaxn.xyz
lifyg.xyz
lighri.top
liqz.lat
lnofi.xyz
lodib.xyz
londqx.top
loxmbi.shop
lugiwyh.pics
maddf.pics
mahrox.shop
majvkra.pics
maroui.xyz
meajo.shop
megiz.pics
metopypv.top
meyks.top
mflqsm.xyz
miljei.lat
mjfqq.top
moslet.lat
nafuq.xyz
nbcsfar.xyz
nbwihi.shop
nepjz.xyz
nooinys.lat
northav.pics
nybzxz.shop
nysux.shop
odetgw.pics
olqrw.shop
omahpy.pics
opcez.xyz
pacwpw.xyz
paggdt.lat
papsklg.pics
parlqo.top
perkoj.shop
piejfw.top
pitqhms.shop
pltefd.lat
pluepf.xyz
pnpxsc.pics
pofnxk.top
ponqcf.top
powdgl.lat
prepaxre.lat
prezud.top
przqv.xyz
pyrolqi.xyz
pzbx.xyz
qeel.xyz
quailnf.xyz
rbmlh.xyz
reallr.shop
rebout.top
redacpq.shop
regkjw.xyz
rejpqb.shop
renoex.top
riamoyi.top
roaein.xyz
roccbqw.pics
rumidk.pics
ryxpq.xyz
saleone.top
schiad.top
secrequ.top
senezqj.pics
senylup.pics
shfsz.xyz
siplv.xyz
skepcb.pics
smoozof.top
smoskp.shop
somfhz.lat
sqgzl.xyz
stabkkf.shop
staman.top
stefeu.shop
strupc.pics
suhvqq.shop
sulfvo.top
supihk.shop
swigddmb.top
takefhq.shop
talkrt.lat
tenbiw.shop
theuid.top
thicpl.lat
thigk.xyz
thiyntf.pics
thumse.xyz
titco.xyz
tomxlw.shop
transzw.xyz
trarzcr.top
tretpn.top
trsuv.xyz
tuead.xyz
tymvd.xyz
unctyou.shop
uneqclj.pics
untuia.top
unurew.xyz
upgrazz.top
uponou.lat
urarfx.xyz
usecdvo.shop
venxvrc.top
vetbe.pics
watcyya.shop
wesajkh.top
whaagd.lat
whilhi.pics
whitfmz.top
wonxw.top
wrenthu.xyz
xylolfvzi.top
ycvduc.xyz
yufxt.top

# Reference: https://www.virustotal.com/gui/file/0f11e3f733ffe2629b6a390aeabe79fbaea990456750b4741503e97b4bc7667a/detection

http://176.46.157.32

# Reference: https://app.validin.com/detail?find=15620cb7d31971e7f2b44e7fe038fc75&type=hash&ref_id=2a0df1ac980#tab=host_pairs (# 2025-07-02)

londonoffvisit.com
ripple-legal.com
ripple-regulation.com
ripple-regulatory.com

# Reference: https://www.malware-traffic-analysis.net/2025/07/02/index.html

cloud839v3.cyou
8diaprinzpistpe.blogspot.com
media.cloud839v3.cyou

# Reference: https://www.virustotal.com/gui/file/0652c9613a51183ea2088c88c9c944e601773b086f22c52b49f11e3f60064304/detection

filedisterbuter.icu

# Reference: https://www.virustotal.com/gui/file/07a8bb628ce8d9273c9a258d4d685c74ce3021b9d963bf00d369f4f715b0f4b3/detection

144.172.91.41:8805

# Reference: https://www.virustotal.com/gui/file/23daa458f525159a02ab3b9e7332ef38ec8e2afcb1d4bb1d2c271c1f35aa8948/detection

hotroutingcdn.asia

# Reference: https://www.virustotal.com/gui/file/2f113ea31ed376a252c70d344dac65b109d7ff2dfc6fb635f990eb5f8209a9b2/detection

citadelcdn.pro

# Reference: https://x.com/CyberGhost13337/status/1941871276718531063

security-malware.com

# Reference: https://www.virustotal.com/gui/ip-address/167.160.161.12/relations

acantll.club
acetjjxl.top
agrevpud.shop
airplzo.club
allosno.pics
amplitra.top
ancobkg.top
angucccg.lat
antibigi.pics
aphaecv.lol
arethqg.lat
arnolfv.top
arraeyg.top
arsetca.lat
artifizz.top
aspecqo.top
assalafuz.lat
astfajy.click
autotnyx.pics
bedfelc.lol
berijng.net
blastodx.top
blegekei.lol
blihlo.shop
boltex.net
bornim.top
boylmc.top
briznu.club
brotsjom.shop
bumpegq.lol
bunhgks.click
calioons.top
callxgcs.top
carptrvo.shop
castdyt.pics
cenmyrm.top
chajslf.club
chapaqr.click
charuhd.lat
chocupw.top
cidtfhh.shop
colikvl.pics
columnez.shop
conaarl.top
conaqr.click
cooulpu.shop
coreqdi.pics
corronxu.xyz
coshas.top
cosopwx.shop
courxbs.pics
crucrev.lol
cryixfy.top
cucjdlc.top
cycdjja.shop
danglaz.lol
danglyu.pics
daruubs.top
daubhmg.lat
dermisrg.top
detrewb.net
discorx.top
dispckg.pics
docugfe.pics
dogtrgc.lat
eartheea.life
ecumiki.click
effxwlq.club
eintek.lat
eliminhd.lol
ellexb.lol
evolftp.lat
excalcf.top
exhihfq.lol
exodjhbn.top
exponxb.lol
familkqo.xyz
fitfoom.click
fixoml.pics
flirtn.lol
follcp.org
foundrr.bet
frowjyx.top
furwmsx.shop
garmenae.pics
genatyf.club
genuschs.top
genusuvk.xyz
genuygpa.lol
genvwkd.club
getupb.lat
gigohe.top
glassma.live
glidzgs.top
glycmikv.lol
goldfih.pics
grateb.lat
gregmhy.lol
hardexbo.lat
heartp.top
hejwrgb.club
hermew.pics
herwmxm.club
hobbcxez.top
homovltk.pics
hoverk.club
hypersv.top
hyphap.lat
ictoauf.pics
idioigsa.lol
illusgw.top
inapcads.lat
integkr.pics
intronm.click
inveimzd.lol
inveuy.top
iosivtoah.lat
irreesarw.top
josyfs.shop
keepnody.top
lacdgab.club
largexq.lat
leftmxfg.lol
linejjer.lat
lineqkd.lol
loostny.lat
lupxmvb.club
lysandjkd.lol
machoxt.lat
magneri.pics
manoiwju.pics
marsefx.top
maszgn.club
mcaumnb.shop
membios.top
mesovti.lol
michdcz.club
mixp.digital
mnvgp.click
molefkx.com
mosaicia.top
nageiaju.pics
nanoceus.run
neighll.click
neocskfj.lol
newscos.lol
newyorwr.lol
nonmoyj.lol
nortlmm.com
notnj.club
oesopt.lol
ondcvxe.top
onyxistn.bet
orderfg.top
pallvlxl.lat
palmifl.club
pandhnyk.top
paramkc.lat
pavansmr.pics
pennkavs.top
peouuhv.click
peragwv.club
perfoxd.xyz
permwgp.xyz
perpenab.icu
philomu.club
placlzh.pics
podhxwf.lat
portxo.pics
porzxgnw.lat
potppfu.lat
prefilc.top
prenlmk.click
profityd.lol
prolare.lol
provssk.top
ptyctdu.lol
putfcp.click
raincazn.lat
rayrhs.top
rebeqax.top
recopcwr.top
refrico.lat
religxp.top
remotuw.org
resigev.lol
respluk.pics
restauun.top
rhiuit.shop
rootino.top
royaltbn.xyz
rubidin.top
runuxs.org
sabrkqw.lol
salduel.click
scapqep.club
scrubts.lat
seruneqy.live
setmyaj.click
severhi.lol
sheddeuh.lol
sheepxr.click
siluriyt.lat
siniavzv.life
skunku.top
smijgub.click
smp.rodeo
songs.pics
speake.pics
spicerb.shop
spirbjj.lat
sponfht.com
squirrvm.pics
squqqud.click
srlemnhg.top
stfota.xyz
stolwlu.club
stranzv.pics
strujqwn.xyz
suomuj.top
superuu.lol
swamia.click
sworwdcp.top
teaspdj.top
tefere.lol
tenahfg.click
thinkrz.lol
throseu.shop
togvivl.club
topkkn.pics
topofnm.lat
trainaj.lol
tranfex.lat
tunenrnc.top
ultracpj.xyz
ummact.top
uniebfb.click
unswqik.shop
unthozx.shop
upmosn.lol
utvp1.net
vegemuoe.top
vencfwd.click
vignaxu.lat
vinqdfr.click
visctix.lol
wealy.lol
woodenso.top
worlejrc.xyz
xaurcvu.club
ypresu.club

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma (# 2025-07-13)

10x07.ink
6de608ff-aa77-4dd5-92aa-e31dc31d225b.sasha-solzhenicyn.ru
aging.sasha-solzhenicyn.ru
amituorm.com
anfdfq.pics
annwt.xyz
antszu.top
api.sasha-solzhenicyn.ru
atlakhv.pics
atlantqlpt.bet
autobi.top
bardj.xyz
bedazq.pics
bitjbpc.top
blisao.pics
blog.sasha-solzhenicyn.ru
bqeto.pics
chausseo.com
chehmk.top
clarazx.shop
client.durov-gifts.app
deaoee.shop
deepvqy.shop
delnsc.pics
demo.fedor-turin.ru
dirhcr.lat
dltc.xyz
dmaap.link
dryzc.xyz
dupldaw.pics
durov-gifts.app
duxoq.pics
elopmgg.top
elta-couriiirr.top
estafetaems.top
evricourier-notice.top
eyertyn.lat
feoonrustore.sasha-solzhenicyn.ru
feredo.online
fifdtm.lat
fiuylj.top
flhg.pics
gamtxto.pics
gastrci.lat
gaylw.shop
gazladder.top
halnbb.pics
haowenfa.com
heartny.pics
imasau.pics
invdfgq.pics
iroibk.lat
joylyzv.top
jumclx.pics
jumpkwo.pics
kgqxaa.top
knv.one
letoxtk.shop
ligwkv.pics
ltdvjvr.top
marketlumma.ru
marktth.shop
masmkl.lat
matfqht.lat
mieydn.lat
myinetverif.cloud
nejibn.lat
nelospaet.cfd
ngbmrq.pics
optica.expert
parcel-tracks.live
perdvg.lat
pilqdx.shop
poioblz.pics
posbym.top
postu-is.cfd
prkovy.shop
prvqhm.shop
pupkvw.pics
pypvvsfeoonrustore.sasha-solzhenicyn.ru
quaagq.lat
radlomr.lat
raflft.lat
rasteks.org
rathole.icu
reckdp.pics
saawzig.pics
sciezka.sbs
selmanaged.fun
shiqgvx.shop
shop.sasha-solzhenicyn.ru
sofo.lat
sorrij.top
spiioyt.top
staging.fedor-turin.ru
staging.sasha-solzhenicyn.ru
sthfna.pics
strah.biz
tamwzen.lat
test.fedor-turin.ru
test.sasha-solzhenicyn.ru
ungryo.shop
unsmka.top
vafonp.top
varjdih.shop
vegwrwv.pics
vervzv.xyz
werdqs.lat
whiydg.shop

# Reference: https://www.virustotal.com/gui/file/9e37ec0733410af2b0720597437486c4d3b188be7f5322f9940fad0747607866/detection

resqtk.top

# Reference: https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/

pub-164d8d82c41c4e1b871bc21802a18154.r2.dev
pub-626890a630d8418ea6c2ef0fa17f02ef.r2.dev
pub-7efc089d5da740a994d1472af48fc689.r2.dev
pub-a5a2932dc7f143499b865f8580102688.r2.dev

# Reference: https://www.virustotal.com/gui/file/01ea80da0e4635a0516044148e322ab4fe93806b396e232483299422dc84e559/detection

http://176.46.158.8
workzcloud.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-07-30)

abbcdc.info
abremeh.top
accepkw.shop
acqcfc.top
aczpy.pics
adjvcz.pics
advancednodefx.net
adviykk.top
afdzph.top
agnostn.pics
aixraj.shop
ajuyn.top
alooi.top
amerox.pics
anntiv.pics
aperojk.top
appasxp.pics
atqgz.top
b.fedor-turin.ru
backup.fedor-turin.ru
baemdk.pics
balfts.lat
banati.sasha-solzhenicyn.ru
banirv.top
bannfab.info
batrj.top
bcjpdb.pics
beqeowc.pics
betidsv.top
bisci.top
bittsgly.my
bluepxd.shop
breabm.pics
butmxy.top
butvqr.top
caaokan.shop
carpatxd.lat
cawbn.pics
cb-dd.info
cgsgwl.pics
chamql.shop
chartri.top
chrowhv.click
cichau.lat
cidtpz.top
civijgc.pics
civimd.top
clammyblushi.biz
clotj.pics
collb.shop
cometopa.top
conrlim.top
consono.pics
cooawbi.top
cousmf.lat
coyawl.shop
cryrn.pics
cure.fedor-turin.ru
currx.top
cuvcicr.top
cuwewki.shop
dalwdd.top
dashboard.fedor-turin.ru
dashboard.sasha-solzhenicyn.ru
defvj.pics
defyhub.net
delfxus.today
dessxc.shop
dibb.info
digitmopdg.live
dimtl.top
disrgqs.top
djibbg.shop
doctqc.pics
dravq.asia
drohba.top
dupufl.shop
ecchs.top
elbguy.top
electr.pics
elecxl.lat
elilzy.shop
emageuv.fun
emapsho.fun
encrnb.pics
endtou.top
erhrwcu.top
escgzk.pics
euyzh.top
exploreativethinking.top
exveaxa.lat
famigh.shop
fayebbc.pics
fedrodj.top
fflxah.top
finprom.my
firiaer.fun
fiurz.shop
flamkc.top
fluffycqomfort.world
fradpf.top
fratjo.top
ftgoiv.pics
gasvej.top
gaukbj.pics
gehkmx.top
gennqut.shop
genuj.top
genxsy.top
germon.pics
geymej.top
gimbrte.shop
gloob.top
growtfw.pics
haijl.lat
hakyjq.top
heavdu.pics
hellkkj.shop
hotw.pics
hovve.top
htsfhtdrjbyy1bgxbv.cfd
hylyzb.shop
hypothesizys.click
iddzjd.shop
imphybg.top
inbeso.lat
inkermen.top
insdly.pics
inspnq.shop
instbf.top
insulfm.top
inswti.top
inthxt.shop
jaclwdc.top
jalonla.top
jambnwz.top
karapvc.pics
ketwue.pics
keulkgl.fun
kilcvv.top
laoewv.pics
lateged.shop
libdm.top
lilexu.shop
lineyn.pics
loxinxg.pics
lucufj.pics
lumma-market.fun
madpgk.shop
marixzn.top
marketing.fedor-turin.ru
mastwin.in
mawscf.pics
migwsy.pics
miiuf.top
misco.pics
mispiqad.shop
mistucr.pics
mnemvlk.top
mongok.shop
monkevm.shop
monkkn.top
monzb.top
moxqk.pics
myozyi.lat
naveei.top
neobuvv.shop
neutee.pics
niazw.pics
ninaohi.top
notbwd.top
nucleji.my
numberv.top
odwvzn.shop
orekcee.fun
orienderi.com
ourkbpw.top
pantvi.top
pekyow.pics
personal-bann-fab.info
physicianusepeptides.com
picnq.top
pinepx.pics
pinywpc.top
pledgxe.pics
plnnozg.pics
plsnae.pics
posteqz.top
potosuz.fun
pouytr.pics
precisionbiomeds.com
pressm.shop
prexn.top
prgdzp.pics
psycibdz.shop
psywmfal.sasha-solzhenicyn.ru
qa.sasha-solzhenicyn.ru
qkiaolnd.sasha-solzhenicyn.ru
rankibanni.info
relqfn.shop
retailrakkbakk.info
rictbxt.pics
rubackup.fedor-turin.ru
rubeuiq.pics
rumap.fedor-turin.ru
rurumap.fedor-turin.ru
rururustaging.fedor-turin.ru
rurusitemap.fedor-turin.ru
rurustaging.fedor-turin.ru
rusecure.fedor-turin.ru
rusitemap.fedor-turin.ru
rustaging.fedor-turin.ru
ruwa.fedor-turin.ru
sacrp.top
sanitfy.shop
saviutf.pics
scfyfa.top
sckfs.pics
secure.fedor-turin.ru
selflch.top
sharaqz.top
shodbj.lat
siaetld.top
sibelyt.club
siewcl.top
siiqga.top
siltapl.fun
siyju.pics
skdgh.top
skincee.pics
sndemam.pics
snras.run
soberano.top
softanw.pics
sonskhq.top
sopzbd.top
sparklfm.xyz
spifd.top
spisd.pics
sptegm.top
stg.fedor-turin.ru
stg.sasha-solzhenicyn.ru
stibm.shop
sublimv.top
swalocf.lat
teextes.top
teijx.lat
textmastery.net
tharq.shop
thoqp.lat
tilvfq.pics
tonmtq.pics
tooql.top
trbxlj.top
turnick.pics
uat.fedor-turin.ru
ucoxqdemo.fedor-turin.ru
unfjbw.shop
ungqnh.pics
unxyng.top
urizfah.shop
utiavg.top
uvulyxt.pics
v1.fedor-turin.ru
v1.sasha-solzhenicyn.ru
v2.fedor-turin.ru
venatec.top
viadeo.best
volkxze.club
wagnvp.fun
whirzd.pics
wouamhg.top
wrfygsi.lat
xurekodip.com
yikpspbi.my
zntfybeq.fedor-turin.ru
zyihztu.top

# Reference: https://x.com/skocherhan/status/1950894519261475020
# Reference: https://www.virustotal.com/gui/ip-address/45.61.165.8/relations

agokxl.my
akkeod.com
bardbig.my
breevtf.asia
calamw.my
cezgroup.contact
chaieid.click
dimxmof.asia
drivbqt.click
fabiclw.club
genuksm.click
genuzki.club
goojwgj.club
heaisehs.my
indplgu.my
inelvuq.my
infiuyr.asia
lowtldl.club
mocadia.com
myrthly.club
occyxmwe.asia
parcnaim.click
punarqd.click
revijai.click
stockwises.eu
unavngu.asia
ursumjzs.my
victirtz.asia
violosd.click
viorwvkz.asia
vishneviyjazz.ru
vladupt.my
wargijuh.asia

# Reference: https://x.com/K_N1kolenko/status/1952239821210165479

fillettx.xin
/sadfgsdfgdfg124

# Reference: https://www.trendmicro.com/en_us/research/25/g/lumma-stealer-returns.html
# Reference: https://documents.trendmicro.com/assets/txt/newLummastealer_Blog_IOCsbj7a3x3.txt

ui3.fit

# Reference: https://www.virustotal.com/gui/ip-address/172.86.89.51/relations

actmwtn.my
advebikp.beer
aegiqlfb.xin
annalqut.xin
apothfya.qpon
asseppn.forum
bloodydi.xin
boifse.shop
brunsmmv.qpon
casszroj.forum
citriadn.xin
cobligl.xin
columuyr.xin
delazvf.forum
ebuinwgs.forum
empizjqe.xyz
enreqflj.forum
erthezi.my
figueqhk.xin
firzjogp.xyz
fruiunp.qpon
gatrzjhc.forum
greexlx.beer
hotrocce.xin
ifimthere.com
imaahsxi.xyz
inchapxe.xin
kletkamozga.ru
koubmjm.my
lawrfuys.xyz
leojbl.xin
leptsqpz.xyz
luntpi.xin
lutraqdb.qpon
materdvc.beer
meatuzr.top
mensfjb.qpon
omertaza.beer
ordinarniyvrach.ru
paleatgh.xin
pattemqr.qpon
pftbbz.shop
pictuqyr.qpon
plataukz.xin
problgmx.beer
pursyme.xin
renohhde.xin
rentaxrl.xin
retijaz.beer
sacrakyf.xin
serexvo.beer
singucj.forum
sirwimdw.xin
sourjpa.beer
stamrbyb.xin
steljg.shop
stolewnica.ru
syntrva.forum
tong-zhuang.com
tortodyq.xin
tticopn.my
tui11.com
unshyqov.xin
unsuxvxb.qpon
upwanpdx.qpon
vaganetka.ru
valaniyw.forum
vergimh.forum
vinsodg.top
visokiywkaf.ru
vjpnwk.shop
vtfrxa.shop
wdlmjh.shop
wilddbgh.qpon
woodvuqb.qpon
yamakrug.ru
yrokistorii.ru
yunniuwr.beer
yzwkdl.com
zjxh120.net

# Reference: https://x.com/RacWatchin8872/status/1954505473656238501

airmcjr.top
airsttu.top
appevql.top
chokei.top
clethde.top
crosske.top
deesczj.top
ellipmea.top
epidebg.top
fireqk.top
flamiwf.top
leaprs.top
linexb.top
litaneq.top
melicov.top
nonckucg.top
partilj.top
procuvt.top
quagkmz.top
setswml.top
speazsu.top

# Reference: https://x.com/skocherhan/status/1955527547392786838
# Reference: https://www.virustotal.com/gui/ip-address/138.124.101.92/relations

arktk.xyz
aqaibak.xyz
bluyypff.xyz
burahrmp.forum
ghogqcav.xyz
grab.arktk.xyz
hatsalnm.forum
hyduwkvd.forum
iliafmoj.forum
prowl.arktk.xyz
qbit.arktk.xyz
radarr.arktk.xyz
sabz.arktk.xyz
stisfmye.xyz
sulvtmap.xyz
synrxvtd.forum
watch.arktk.xyz
ydobniudivan.ru

# Reference: https://x.com/skocherhan/status/1955607051872182540
# Reference: https://www.virustotal.com/gui/file/6eee0ac50d5c56a3ccef1d56d230e1c3672199e11c4826276b4aedd1f44ec750/detection

http://85.208.84.35
softytoys.shop

# Reference: https://x.com/RacWatchin8872/status/1956348995338379642

acromrr.top
calixzgk.top
campaqr.top
capsiqp.top
clotmh.top
creaprj.top
cyanogl.top
darkhbt.top
decatvl.top
dishoti.top
dristha.top
folotni.top
genunaf.top
hannuxb.top
homeuhd.top
inceputn.top
jadgqh.top
kenyafu.top
lingzvl.top
mflopj.top
perjxup.top
persprz.top
rockfw.top
seismrzw.top
skitvhg.top
spordcp.top
steyxld.top
sublupm.top
terbibfx.top
theymsq.top
untgxlb.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2025-08-22)

http://167.160.161.11
acromrr.top
acuttia.top
admin.sasha-solzhenicyn.ru
amassb.top
app.fedor-turin.ru
app.sasha-solzhenicyn.ru
assets.fedor-turin.ru
assets.sasha-solzhenicyn.ru
bassjj.top
bdybipypvvsfeoonrustore.sasha-solzhenicyn.ru
bearrre.top
bee496bd.pythonanywhere.com
builie.top
cae0d2ba-9af0-4f25-9013-d6c16ca7c910.sasha-solzhenicyn.ru
calixzgk.top
campaqr.top
capitalior.ru
capsiqp.top
carasvxz.forum
clotmh.top
combvff.top
copulardi.ru
creaprj.top
cursilibim.ru
cyanogl.top
darkhbt.top
dayfestiveo.click
decatvl.top
demo.sasha-solzhenicyn.ru
dev.sasha-solzhenicyn.ru
dimijrw.top
dishoti.top
divqtwp.top
dreamttexxerk.digital
drespi.top
dristha.top
egomdbj.asia
epidmov.top
faitnfk.asia
flagump.top
folotni.top
fulcope.shop
gavavknq.beer
genunaf.top
goethjmr.asia
greerfa.top
habakkg.top
hannuxb.top
homeuhd.top
ilamaxmi.beer
inceputn.top
incmrvk.top
inefqxf.top
invest-place.info
jadgqh.top
kalioso.top
kangiq.top
kenyafu.top
laplmav.xin
ligmfbx.top
lingzvl.top
luxurylifestop.top
maoismn.top
market-lumma.ru
meadotdk.qpon
mflopj.top
nearsic.top
orinacg.top
panlos.forum
park-pcnjc.top
paulbqaf.qpon
perjxup.top
persprz.top
physscq.top
piptpa.top
pudejmoy.xin
quilterribe.top
reschsc.top
retrofik.ru
retrofjslx.run
rockfw.top
rotofay.top
runmgov.ru
seismrzw.top
semipervaz.ru
shagkeg.ru
skitvhg.top
smockle.top
sodipuc.top
spordcp.top
squeaxz.top
stellob.top
stephmf.top
steyxld.top
streamcache.site
sublupm.top
tagawoh.top
templfuw.my
terbibfx.top
theisfjr.top
theymsq.top
tiltyufaz.ru
trannlu.top
tvstream.click
ukrposhttem.top
untgxlb.top
venamst.top
vividhheartbeat.hair
wwwassets.fedor-turin.ru
wwwdemo.sasha-solzhenicyn.ru
zechaxrp.my

# Reference: https://x.com/skocherhan/status/1942342670770171933
# Reference: https://x.com/1nt3l_hunt/status/1942526633535300021
# Reference: https://x.com/SecuritySnacks/status/1958934712119869806
# Reference: https://dti.domaintools.com/hunting-for-malware-networks/

alababababa.cloud
anodes.pro
betrunk.rocks
blogcrptodevelopments.com
chainnode.shop
ervicesmesh.pro
financialway.pro
hugevcdn.pro
interconstructionsite.pro
metaskins.gg
orlideti.com
osuszaczemlawa.pl
registrokim.online
zhuchengsantian.com
zurichinsurince.com

# Reference: https://www.virustotal.com/gui/file/00d56addf96dbc5826046bfbb7a23f0e743acef6595499a03e8326db36e0ce5c/detection

chimerasound.shop

# Reference: https://www.virustotal.com/gui/file/01b6c13de52402f101db77f904b3dcdb0037fa992e90e65b970699b4c387937f/detection

185.245.106.67:17699

# Reference: https://www.virustotal.com/gui/file/0de0d0d59b66115c37224b25810edd71f304da6528411786eaa9588e19fc13ad/detection

185.245.106.67:15348
185.245.106.67:16387

# Reference: https://www.virustotal.com/gui/ip-address/144.172.106.140/relations
# Reference: https://www.virustotal.com/gui/ip-address/213.252.245.117/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.28.71.142/relations

accoapf.top
achoqqe.top
adelxks.top
airtbvi.top
aleyywv.top
anguklp.top
atriurx.top
auspjwr.top
bandmetw.qpon
bearvi.top
beatvwe.top
befswj38.top
blassu.top
blatfdg.top
blisurn.top
bordehx.top
capexzo.top
carlozo.top
chlonch.top
cinnmfl.top
cirwelh.top
condyal.top
conmgyr.top
connbkg.top
craajvg.top
darrfbp.top
debuqda.top
declpfp.top
defiloa.top
demnjyx.top
dermurt.top
disgxow.top
divamgo.top
docuhpu.top
doudnrr.top
droacon.top
duncian.top
dysplld.top
endaepd.top
eudrrfl.top
eugvshk.top
evermvn.top
exchdfh.top
famivfm.top
fasthqx.top
favncyg.top
fawnvjl.top
forkdp.top
formkjk.top
forxba.top
framoa.top
galawgtl.top
geisqbb.top
gelatpy.top
genemgv.top
genupui.top
genusdfg.qpon
graygqk.top
gripck.top
guileml.top
hdj63.icu
hitiedy.top
hittf.top
hocuaox.top
huntlds.top
hydczdp.top
hymnqx.top
incroqj.top
inczujv.top
infids.top
inwkpu.top
ironcrt.top
ketnwdg.my
komidbx.top
larilly.top
lenhpqy.top
lepitzg.top
lievozs.top
lipsofu.top
malelaw.top
mendjks.top
morvoz01.top
mothysb.top
newbvrp.top
niptfyz.top
obblipc.top
oldergunne.ru
onqukok.top
oscaiwz.top
parajga.top
pasyrbe.top
petesie.top
pilotpfp.top
preobsl.top
proleau.top
prolnwo.top
reveham.top
ringlti.top
rutxnm.top
sabiwgb.top
sarpabb.top
scordtw.top
scruxhb.top
sempqrz.top
shofxd.top
sluggtq.top
smoovns.top
sociiud.top
squabkq.top
stimumu.top
strekyc.top
strinyj.top
supporbt.top
synadvn.top
tadjirl.top
taiffmzy.top
tallubk.top
tankrg.top
tensqms.top
threeql.top
togoeww.top
togomwd.top
toplyws.top
treabcf.top
treavi.top
troocea.top
tumbikj.top
turzhzt.top
unfill.top
unworva.top
virwvtz.top
visifxs.top
viticpc.top
waryyip.top
whipwdv.top
whitlcl.top
wildxba.top
windmqg.top

# Reference: https://www.virustotal.com/gui/ip-address/129.226.128.168/relations

acarkkg.top
aciujpr.top
aerokju.top
ancirbf.top
attaocc.top
backab.ru
backkrj.top
bastbjt.top
battpnd.top
buttalx.top
cedacfc.top
claihbs.top
complve.top
cozers.top
cyliwnv.top
depapom.top
eigwos.ru
eleormb.top
eminpxo.top
encibmo.top
finijez.top
genutlx.top
genuumc.top
homemdks.top
huitpah.top
jaywzkd.top
justitt.top
kimmenkiz.ru
laterjs.top
limcuz.ru
lipafru.top
ordczzp.top
palldvz.top
parabcn.top
passzce.top
phenkce.top
pintvv.top
preeybt.top
ravimwz.top
realhwo.top
rebechh.top
sainofj.top
saltzmx.top
sancapq.top
savoesf.top
savoref.top
sepaglu.top
shocvxli.top
shorduy.top
sinujhp.top
skiddgw.top
solacdf.top
telesbx.top
theapte.top
tricyb.top
unexjhg.top

# Reference: https://www.virustotal.com/gui/ip-address/165.227.143.219/relations

apoqosp.top
ardhpeb.top
atomqne.top
battpnd.top
blacksu.top
blooaeo.top
caltpps.top
carrkxh.top
chryzju.top
claihbs.top
comqpru.top
contnni.top
cyliwnv.top
depapom.top
epitherd.ru
excufoc.top
foojblh.top
franrzc.top
genecdg.top
genutlx.top
genuwwk.top
georgej.ru
grodpgy.top
interbk.top
larpfxs.top
laterjs.top
lawsifc.top
leftpvb.top
lipafru.top
loudfci.top
meadofnb.top
milliam.top
monozfx.top
noggs.ru
obtuutc.top
oneflof.ru
onledyv.top
optcows.top
overzmb.top
ozoned.top
palldvz.top
parabcn.top
pintvv.top
pitbubs.top
plurcfq.top
poisoha.top
preeybt.top
rapsmmv.top
sainofj.top
sancapq.top
savoref.top
sepaglu.top
spripof.top
stepwxv.top
typifdl.top
washerv.ru
waterkz.top
wesyjzn.top
willozm.top

# Reference: https://www.virustotal.com/gui/ip-address/157.173.219.148/relations

gravilh.top

# Reference: https://www.virustotal.com/gui/ip-address/206.189.97.184/relations

actcuavh.top
carowf.top
carrokd.top
climjuw.top
dirtdsbv.top
haggwwb.top
monking.top
pivzyhjq.top
plinwxl.top
salvmps.top
serrsvn.top
showcet.top
strypgo.top
swrcfjlm.top
turtljbv.top
unpaclpe.top
vicejlr.top

# Reference: https://www.virustotal.com/gui/ip-address/31.220.109.219/relations

appedfx.top
bastxtu.top
blooaeo.top
chrynks.top
cutatms.top
darnued.top
despofe.top
dietpas.top
disiiat.top
disluqd.top
earffgm.top
echocej.top
epitherd.ru
genulqz.top
genupnt.top
georgej.ru
grenlel.top
hotpsyb.top
hypohuw.top
injurek.top
libahqg.top
marceln.top
noggs.ru
oneflof.ru
pistdvd.top
pubceva.top
somefed.top
tillcuh.top
unmegrx.top
yammrfn.top

# Reference: https://app.validin.com/detail?find=d.ns.selectel.ru&type=dom&ref_id=de459c80ff9#tab=resolutions (# 2025-09-01)

acisbpp.top
anionqh.top
beralvk.top
bitxps.top
brusfnk.top
canzuiq.top
carteop.top
comramm.top
condetv.top
cupclek.top
cusisbz.top
cutdodl.top
eclmezm.top
effiug.top
enljbe.top
ensuibv.top
exfopgg.top
faltlsj.top
famidvw.top
feasero.top
flfzpt.top
gentlsu.top
genubsl.top
glutbfw.top
hairyzd.top
indpret.top
insczel.top
kingduy.top
laevuun.top
lanmew.top
lanwkv.top
medizafx.top
minoxih.top
moutoxj.top
overwwx.top
peppegn.top
pezwsv.top
poniaym.top
presexe.top
pterobm.top
racecem.top
recomdpk.top
reeprka.top
runnrxl.top
scruejk.top
sensiqy.top
servopi.top
sidivhe.top
sonst.top
sortxkm.top
sugaaox.top
swampcs.top
talkxaxs.top
testimc.top
toobedg.top
unpvmqn.top
wirelft.top
wrigwtt.top
xerorov.top
yearsfa.top

# Reference: https://x.com/threatinsight/status/1963310571853611170
# Reference: https://www.virustotal.com/gui/ip-address/64.188.77.163/relations

droplink.digital

# Reference: https://x.com/ShanHolo/status/1963186646729572570

bills-ds.com
dsybills.com
netfliix-uae.co
netflx-renew.tv

# Reference: https://www.virustotal.com/gui/ip-address/134.209.165.152/relations

acrislegt.su
artejbs.bet
backfvb.bet
cerasatvf.su
commgxm.qpon
consnbx.su
dalocoz.bet
decuioz.qpon
disloef.bet
dmybfje.qpon
dogcded.bet
explodd.bet
genulop.bet
genuysf.bet
helltlt.bet
heothjg.qpon
hffiahz.asia
hfteozo.qpon
iaed.link
ideofvb.bet
innervn.bet
inoffek.bet
islamil.bet
kennetk.bet
keoghvg.bet
lactoxn.bet
lapsqyq.bet
leasebu.bet
lithfzx.my
lustmms.bet
mandmqq.bet
marvelvod.com
mugbool.bet
neutray.bet
numeqci.bet
openlkn.bet
polypef.bet
polytgh.bet
pristid.bet
pulluoj.bet
pyscalp.com
radialz.bet
rhussois.su
roomysc.bet
scepxmo.bet
setbnhy.bet
sirhirssg.su
slipxzx.bet
smeartj.bet
spacoai.bet
sprimvd.my
syapboc.qpon
tetrwoo.asia
titlexy.my
trichcd.bet
trimoeb.bet
turrgql.bet
voando26.com

# Reference: https://x.com/skocherhan/status/1964984916032036909
# Reference: https://app.validin.com/detail?find=87.120.126.216&type=ip4&ref_id=f04289efcce#tab=resolutions (# 2025-09-08)

americovespucci.shop
closeddoors.shop
flyinglotuss.shop
joewattone.shop
libertyquality.shop
openedhouses.shop
starshipcrown.shop
suspendedclash.shop
trainisshit.shop
vppvpkcapital.shop
weathersouth.shop
wranglerjeans.shop
wseveneleven.shop

# Reference: https://x.com/skocherhan/status/1964994478634062237

averiryvx.su
diadtuky.su
digitbasket.com
kamenduk.com
prebwle.su
streamin.style
todoexy.su
voando.in

# Reference: https://www.virustotal.com/gui/ip-address/64.227.2.250/relations

antiaix.qpon
anticlk.qpon
archlnr.qpon
atalozv.qpon
autoezx.shop
banabmw.qpon
basehce.qpon
batonra.qpon
bazttlew.shop
bellmnk.asia
blackrz.shop
bluejwh.bet
bondixa.qpon
bouncuid.shop
burkeax.bet
cadqdwk.qpon
capitam.qpon
caressv.qpon
clafvom.qpon
conbjao.qpon
constkj.shop
convysj.qpon
curdlep.qpon
damagex.qpon
denimmi.qpon
detachs.qpon
dishine.qpon
dropphef.shop
easybqy.qpon
enthrqe.bet
excesso.qpon
facilin.qpon
falsapa.qpon
finikoa.qpon
fiobmzv.qpon
fissiklo.shop
flnsyfb.qpon
glibtof.qpon
grewbix.qpon
haleyzq.shop
herwdwy.qpon
hingexr.bet
icerinh.qpon
incocrrm.shop
jambzkb.qpon
jocospt.shop
labiali.shop
lamboey.qpon
laputau.qpon
leafleg.qpon
legisld.qpon
lifsnbu.qpon
luxozqa.shop
mannewd.shop
mindhlo.qpon
mysidak.asia
natione.qpon
neticex.qpon
novellv.qpon
nudismh.qpon
octanzn.bet
orienlc.bet
outfiqh.qpon
permanz.qpon
persrbj.qpon
poisono.asia
proscns.bet
provaiy.qpon
ravishl.qpon
realist.qpon
rhusdniw.shop
scombxu.shop
sculcib.qpon
silverk.qpon
smashaj.qpon
soyabhn.asia
stepvss.qpon
stupide.qpon
subdvivw.shop
subtehi.bet
sulphuc.shop
takepdq.bet
threahg.qpon
undutayx.shop
unimzfs.qpon
unitkgt.qpon
unregun.qpon
veicqxq.qpon
vitambio.shop
wasxhawg.shop
whwwthi.qpon
winslmk.qpon
zairezb.bet

# Reference: https://x.com/tosscoinwitcher/status/1966260836806377585
# Reference: https://www.virustotal.com/gui/ip-address/144.31.221.82/relations
# Reference: https://tria.ge/250911-1sgeesbk9z/behavioral1
# Reference: https://www.virustotal.com/gui/file/6c9ad02b1147124757f91047a9a620728a8b3c7702fec5f53bdd101663f897af/detection
# Reference: https://www.virustotal.com/gui/file/77fa155776da5c63e250ae0fdd0bc1189f594f81dc7ee06d4ea8f3bddab211c1/detection
# Reference: https://www.virustotal.com/gui/file/b43efded5e8f58805d0a3d8ff7ba5b383c48250e3b336fb53a3dc378b727f146/detection

http://143.198.230.197
http://64.227.93.17
144.31.221.82:6060
144.31.221.84:6060
uerluke.sbs

# Reference: https://www.virustotal.com/gui/file/00589211c286eb0655fbda68068c4590d92020461febf5a047a32aa658dc5e07/detection

http://178.16.54.200
lzh.fr
phoenix-brands.dev

# Reference: https://app.validin.com/detail?find=109.104.153.203&type=ip4&ref_id=7a0b625d680#tab=resolutions (# 2025-09-16)

abbeys.asia
bouyeit.asia
bucrew.asia
cloqfw.asia
commum.asia
descroej.su
enfeepy.asia
familef.asia
fladiw.asia
genpyb.asia
highwas.asia
hitwaze.asia
hoobow.asia
hurdln.asia
jackaw.asia
jargonx.asia
leauab.asia
lectola.asia
lepidry.asia
lexenorf.org
malfln.asia
manticu.asia
masmbv.asia
nerlzi.asia
pancred.qpon
plembo.asia
poloxj.asia
purplde.asia
quavevd.asia
reformd.asia
reptlc.asia
repzzm.asia
revolxh.asia
rosajd.asia
runjhb.asia
scruuj.asia
selfcmi.asia
setqvax.asia
suctso.asia
tadolq.asia
tarakmb.asia
weafrc.asia

# Reference: https://www.virustotal.com/gui/ip-address/64.31.56.58/relations

chimxik.shop
chirkqa.shop
famixsk.shop
houshan.shop
implczf.shop
lachcnf.shop
sirtpwv.shop
unapjjh.shop

# Reference: https://www.virustotal.com/gui/ip-address/45.134.26.149/relations

eleccqt.bet
starexs.bet

# Reference: https://www.virustotal.com/gui/file/0024b64a11faad118aa4a4e24344cc70a3ef5eefec8bec2b6b6606418fe01923/detection

yunded.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma (# 2025-09-20)

aeseclink.xyz
faspub.asia
fishfunfun.su
flashojpun.live
gazecoe.ru
greued.asia
inweblink.xyz
joseclink.xyz
maiwau.asia
md.gazecoe.ru
mikhail-bulgakov.su
morticmbnr.run
newflux75.xyz
nonsazv.qpon
notebanae.cyou
notebanin.cyou
notebanjo.cyou
onegodae.icu
onegodin.icu
poundas.shop
resplem.shop
routemate.cloud
routemate.us
stozft.asia
strmuc.asia
swifew.asia

# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.121/relations

lumma-market.su
market-lumma.su
trachyw.qpon

# Reference: https://www.virustotal.com/gui/ip-address/185.178.208.191/relations

anton-chehov.su
rustore.anton-chehov.su

# Reference: https://www.virustotal.com/gui/ip-address/185.178.208.174/relations

iosif-brodskiy.su
rustore.iosif-brodskiy.su

# Reference: https://www.virustotal.com/gui/ip-address/185.178.208.191/relations

korney-chukovsky.su
2b65e9fa-1417-460e-864c-51d4511f2714.korney-chukovsky.su
rustore.korney-chukovsky.su

# Reference: https://www.virustotal.com/gui/ip-address/23.177.185.186/relations

bezvbv.net
bezvbv.shop
bezvbv.ws
commkir.qpon

# Reference: https://www.virustotal.com/gui/ip-address/164.90.129.126/relations

appallf.pics
artteaq.pics
ascomyl.pics
baronby.pics
bendavo.su
boustrn.su
bufospp.pics
concudv.pics
conxmsw.su
dabblmk.pics
decrexd.pics
enterki.pics
epitomv.pics
exposqw.su
extemzd.pics
fixatmu.pics
flattwg.pics
holdonz.pics
loveinl.pics
maniaqr.pics
melambn.pics
milmgqn.pics
narroxp.su
neurold.pics
ozonelf.su
parliah.pics
pesacux.pics
phrupmv.su
politoe.pics
punctmc.pics
retrosa.pics
rightea.pics
rollupf.pics
scallok.pics
schwakf.pics
squatje.su
squeaue.su
thujaii.pics
vicareu.su

# Reference: https://x.com/skocherhan/status/1972332161916178736

atyourservicetranslation.com
chesnokcz.shop
czeskannn.shop
czfeedenew24.shop
czfeedenew241.shop
czfeedenew242.shop
czfeedenew243.shop
czfeedenew31.shop
czfeedenew32.shop
czfeedenew33.shop
czwikconin.shop
czwikcozin.shop
czwionewc.shop
directaqar.com
erexoloff.shop
erexoloffcial.shop
feednewvitrine.shop
floridda.fyi
fnmmazxxxce.shop
jojomiracle.com
lavrolistcz.shop
londonvibe.org
myamiii.com
natprodicsz.shop
natuproduct.shop
neutralprodct.shop
newvwcznew.shop
prethreepe.shop
pretwope.shop
pricelesscarhire.com
productpure.shop
purelineprod.shop
sabuddhi.com
santerosdelamor.com
thepowerballadshow.com
vittetst.shop
walkersvillecomputers.com
weightberryroofficial.shop
zionecnewxcs.shop

# Reference: https://x.com/skocherhan/status/1972267055396123019

cotswmr.pics
jocosoj.pics
quicksp.pics
smiliil.pics

# Reference: https://darkwebinformer.com/ioc-alert-lumma-stealer-api-endpoint-identified/

agentgrabber.com
buycryptograbbers.com
keylessgorepeaters.com

# Reference: https://www.virustotal.com/gui/ip-address/188.132.130.63/relations

anteria.pics
avenutk.shop
backsth.pics
celiawjy.asia
citropt.pics
countiw.asia
cycvmix.shop
decresk.pics
eng-sub.su
extingx.pics
fightat.pics
genuspt.pics
girondh.pics
glimmed.pics
histasup.asia
hypudyk.shop
ismailh.pics
likeheb.pics
loamcpps.asia
misdgxr.shop
morybhb.shop
oriolep.pics
ozoffky.shop
parkdau.pics
quiverwr.asia
secarby.shop
speckhu.asia
spideri.pics
splkulr.shop
stevedw.pics
trampst.pics
uptowrw.asia
vacancz.pics
whinmap.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma (# 2025-10-11)

alfa.pics
arrowxrayboldyeowps.shop
asceniz.shop
bodylne.shop
bonnie-leaks.xyz
cannujv.shop
cleistg.shop
dubznetwork.com
entergo.su
fractux.top
gafiwshop.xyz
gambler-work.com
genushf.shop
jack-sparrow.su
kenges-rakishev-investigation.com
kenges-rakishev-investigations.com
lost-heaven.su
macropoffen.fun
natctqo.fun
quapfi.asia
repottenfuc.fun
servetele.com
sirjosd.shop
sonnet.su
sorbiru.shop
tailfcw.shop
tengmev.fun

# Generic

/c2conf
/c2sock
/lumma0805.exe
/lumma0207.exe
/lumma2406.exe
/lumma2606.exe
/lumma2806.exe
/lummnew.exe
/luma/random.exe
