# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: netsupportmanager, netsupportmanagerrat

# Reference: https://www.malware-traffic-analysis.net/2018/07/05/index.html

desjardinscourriel818654.pw

# Reference: https://app.any.run/tasks/9de1c3d6-745d-4b89-b653-f8f4414a40f1

desjardinsmail6as6545g.pw

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834
# Reference: https://pastebin.com/C5XYY221
# Reference: https://www.virustotal.com/gui/ip-address/77.83.174.70/relations

http://77.83.174.70
77.83.174.70:2077
thedokatrade.com
highnoon2.com
copylanco.com
glekrg.com

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976
# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

http://5.45.73.63
5.45.73.63:2131
donbwh.com

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

http://94.242.198.167
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/JAMESWT_MHT/status/927523630778650627

bmwfastcar1337.com

# Reference: https://twitter.com/anyrun_app/status/912276794648272897
# Reference: https://app.any.run/tasks/f1a72d72-2e96-4d8b-9ad7-1f74e162d585

overwbuff.com
http://195.123.211.9
195.123.211.9:13378

# Reference: https://twitter.com/JAMESWT_MHT/status/906086386377379845

pudgenormpers.com

# Reference: https://twitter.com/VK_Intel/status/1135507293573931008
# Reference: https://www.virustotal.com/gui/file/11918aadc1e4942a1e458afab5c10971fb87d84b693b2c31f5497aa289fa20da/detection

176.119.30.142:8765

# Reference: https://twitter.com/VK_Intel/status/1143606935373172736

31.7.62.214:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1166106371403763714

179.43.146.90:443

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

http://179.43.159.246

# Reference: https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html
# Reference: https://otx.alienvault.com/pulse/5d9378b8f36a91c436c5f93c

track.amishbrand.com
gnf6.ruscacademy.in
backup.awarfaregaming.com
link.easycounter210.com

# Reference: https://habr.com/ru/company/pt/blog/471960/ (Russian)

185.225.17.66:443

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://179.43.146.90

# Reference: https://pastebin.com/iqcg0Ys7

http://185.225.19.35

# Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php

http://91.243.80.120
http://94.242.198.167
179.43.191.122:2259
31.31.196.204:1488
94.242.198.167:1488
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

http://103.16.228.173

# Reference: https://twitter.com/VK_Intel/status/1196136022658207750
# Reference: https://www.virustotal.com/gui/ip-address/94.158.245.91/relations

94.158.245.91:1488
ololoev.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1199078758298206208

5.181.156.36:1321

# Reference: https://twitter.com/VK_Intel/status/1224647173872193538

gjuauyfhjha.cn
sasggegzui.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152

103.16.228.173:1488

# Reference: https://app.any.run/tasks/32eeb667-b66b-4dea-b343-ae43941f7b20/

micrdata.com
safuuf7774.pw
wobada.com

# Reference: https://unit42.paloaltonetworks.com/cortex-xdr-detects-netsupport-manager-rat-campaign/
# Reference: https://github.com/pan-unit42/iocs/blob/master/NetSupportManager

http://185.163.45.88
http://94.158.245.182
94.158.245.182:443
unclebillswv.com/verisign.php
firstteamcareer.com/user.php
busyserviceinc.com/webdoc.php
edisonlee.net/maildir.phpq
newtontool.ca/wp-contents.php
brotherselectricco.com/host.php
innovativemasonry.net/hostgator-welcome.php
greenheartmed.org/captcha.php
ultraeventgroup.com/wp-element.php
jnachb.com/wp-comment.php
adroitpmps.com/wp-list.php
ledampenergy.net/wp-comment.php
hostfleek.com/backup.msi
alpinehandlingsystems.com/backup.msi
jintsung.cn
4ourkidsky.com

# Reference: https://twitter.com/killamjr/status/1234547286807584773

http://185.163.45.118

# Reference: https://twitter.com/malwrhunterteam/status/1236215722885464064
# Reference: https://www.virustotal.com/gui/file/870972fabfb6c59f1c3959cea9201d3c4d48756585970de869d063ec69983ab8/detection

http://23.227.207.138
23.227.207.138:12233
browserinstallup.com

# Reference: https://twitter.com/jcarndt/status/1241090163008307206
# Reference: https://app.any.run/tasks/b46069d5-ec22-481e-af2b-c14474978f79/

tardigradeventures.com

# Reference: https://www.virustotal.com/gui/file/1a08a65d4199f08d60644f2aee1182d87f29b36d38257239e5c80965ed65e0d1/detection
# Reference: https://twitter.com/olihough86/status/1243561290439839745
# Reference: https://app.any.run/tasks/aa3e41ee-b1c0-4333-939e-e4199c1daa56/

http://5.181.156.14
5.181.156.14:443
covidpreventandcure.com
komnop.com

# Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# NetSupportManagerRAT)

covidpreventandcure.com
covidwhereandhow.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1255849588788953088

62.173.145.56:2721
avheaven.icu
bssupport.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1260492238758588419
# Reference: https://app.any.run/tasks/0b4ce298-496a-4b15-9e94-0fbbb616422e/

62.173.154.94:2145
avheaven.space
brassaffid.com

# Reference: https://twitter.com/jcarndt/status/1275108512046211074
# Reference: https://app.any.run/tasks/c9e195d3-227c-480a-8515-1cdadcf29485/

membersonlytraining.com

# Reference: https://app.any.run/tasks/cc3ac8a1-394f-4488-89e1-6107017b2360/

http://45.133.245.57

# Reference: https://twitter.com/JAMESWT_MHT/status/1285170628656615424
# Reference: https://bazaar.abuse.ch/sample/8ab3b9367304dccac78095808260417a46c0f37720051592b9a32ba3b030743d
# Reference: https://www.virustotal.com/gui/file/68313d4b45cc908f541dd581d7b9d1e8ccadcbf205714c12c36b58083ada7345/detection

http://62.173.138.41
62.173.138.41:2071
numienimfe2.com
ysanhumeg1.com

# Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection

http://5.45.74.219

# Reference: https://www.virustotal.com/gui/file/86fc3e58537ac903356866de03df56baaba69b2641f90da283560a08fc60786b/detection

http://45.133.245.192

# Reference: https://twitter.com/malware_traffic/status/1321482374044069888

http://46.17.106.230
46.17.106.230:3543

# Reference: https://www.virustotal.com/gui/file/8781b76845a95237e38d007e1ce0c5743e3eb95717e13b85a6b2a963cf4c0d2d/detection
# Reference: https://www.virustotal.com/gui/file/5f7f2f6e7ed3cc8243fad060f0b64267ceb629456eab62215847419eb7f4494e/detection

192.169.6.95:3294
http://192.169.6.95
http://45.138.172.158

# Reference: https://twitter.com/cyb3rops/status/1372941834104807426
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SunBurst/SilverFish_Solarwinds.pdf

mgdsoufjgh4hgba.xyz
nefvnvudygct4.xyz
huntaget.cn
moreeu.cn
moreofit.cn
torpoa.cn

# Reference: https://www.virustotal.com/gui/file/2add4e3f9acd88b53c97989b309bccdf35456c444d7b4436bd0b9b04f1d16cf4/detection

http://88.119.171.110
88.119.171.110:443

# Reference: https://www.virustotal.com/gui/file/672eebccfb00a9a4cc11fec4232eff3c87f7870d1cef4c647d364801cab814ca/detection

http://37.61.213.242
37.61.213.242:2549

# Reference: https://www.virustotal.com/gui/file/45ff625f17a1e9ad65dd94c376034148d6d8eee8a41b1209f566a907f5d6d6c7/detection

http://46.161.40.59
46.161.40.59:3085

# Reference: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection

http://62.173.140.217
62.173.140.217:1337
coinduck.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c5962e29f3f752f3fe8ae5cef5022fb819eb8dfad91ba81c9e1ccd44ac8d5fd5/detection

185.156.172.130:2549
fiseddaniret1.com
fiseddaniret2.com

# Reference: https://www.virustotal.com/gui/file/131586137654c8774dc2ba571834e7d20881c53e2e91421fe832159004954ab8/detection

http://1.254.1.1
http://192.64.119.126
visualmultiplicationsinc.club
worktwork3.xyz

# Reference: https://www.virustotal.com/gui/file/013928987cd0092ef2f5de55f2ae076ff67297ccd75bc6a2959eff4301591ddf/detection

findmemolite.com
dvqyswmvahrqd.cloudfront.net

# Reference: https://github.com/pr0xylife/NetSupportRAT/commit/8ce0fa44a9a9c899031dc3340f23aa601e3ffeaa

http://5.252.178.213
contentcdns.net

# Reference: https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee
# Reference: https://www.virustotal.com/gui/file/552f65f0ae7b001df20dc2875b136f55669daa09ba02d10d9b688a3511cbb4ca/detection
# Reference: https://www.virustotal.com/gui/file/ccc0204486cbf8b6db43711ddf8d847cfc15d5f713c60b53c461c4e4eeeb1a4f/detection
# Reference: https://www.virustotal.com/gui/file/617c331b65e0d26e1e64a04f06555891e719b578fd2bdc41065458176821f0c1/detection

http://149.28.68.114
http://194.180.158.173
http://45.76.172.113
http://45.77.87.77
http://5.252.178.213
http://87.120.8.141
aasdig8g7b448ugudf.cn
asaasdivu73774vbaa33.cn
businessaudit.tax
hlmequipment.com
mixerspring.cn
nsncasicuasyca831cs3vvz.cn
sjvuvja.com

# Reference: https://twitter.com/idclickthat/status/1550876054440509445
# Reference: https://www.virustotal.com/gui/file/4a6e542f77e622f7084e5b5bddab43ae4e80a07ade56e3063e3959fd03040dd0/detection

http://95.217.35.62
95.217.35.62:1337
pokemongo-nft.io

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Riskware/Riskware%20-%2008082022
# Reference: https://www.virustotal.com/gui/file/080fa496d57ca79f09b2717b384a3a34080bbfcef8a1198bbea1901e4b571991/detection

http://108.61.207.16
108.61.207.16:49760
telemetry-cdn-ny.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-16%20NetSupport%20RAT%20IOCs

http://23.88.96.2
asdbgbwi8ww.icu

# Reference: https://twitter.com/pollo290987/status/1561042448683618304

http://151.236.14.69
7nt.at

# Reference: https://twitter.com/0xToxin/status/1558007700180582400

duvje6egvuas.com
sdhbuh474jhguakfi3jgh3.cn

# Reference: https://github.com/executemalware/Malware-IOCs/commit/5db274edcb157e7d003c1201211674b6bc140fc2

http://78.47.32.144
asdjdoo3vsd.icu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-22%20NetSupport%20RAT%20IOCs

http://167.235.67.199
ghev.top
tojh5roh4.top

# Reference: https://twitter.com/mojoesec/status/1561805273651617793

52226asdiobioboioie.com
jjdfu.fun

# Reference: https://twitter.com/phage_nz/status/1562229369669828608

aisdyhvuekmfa33.cn
dfuy.fun
iurb.top
sdfijiusgydygbugjsadifr.com

# Reference: https://twitter.com/pollo290987/status/1562535463251898369

asdbjhsdf63.cn
rijd.fun
sadvi8ejvas.icu
sdsdfnjdsfhis6g4fr.com

# Reference: https://tria.ge/220829-t7q4vacahl/behavioral2

adhkjdlkasd.icu
riut.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-09-08%20NetSupport%20RAT%20IOCs

ghvab.xyz

# Reference: https://twitter.com/pollo290987/status/1568312124799176704

http://103.153.183.74

# Reference: https://twitter.com/pollo290987/status/1570114932041043972

http://94.130.179.90
fbueg.top

# Reference: https://twitter.com/pollo290987/status/1572284261721591808

http://78.47.255.163
eruge.xyz

# Reference: https://twitter.com/pollo290987/status/1573375977178234881

http://88.198.178.95
fygba.fun

# Reference: https://twitter.com/pollo290987/status/1574770057460211712

http://78.47.81.171
gunbj.top

# Reference: https://twitter.com/nosecurething/status/1574939506566135809

fhb7dhb8z84ehg.xyz
rgkiboinas.men
sdgjoujhbsiuhdisd.com

# Reference: https://twitter.com/pollo290987/status/1576941098483998722

http://75.102.34.39

# Reference: https://twitter.com/pollo290987/status/1578047035793711110

http://23.88.52.251
db8ew.top

# Reference: https://twitter.com/pollo290987/status/1580579019543568385
# Reference: https://twitter.com/phage_nz/status/1592273345185468416
# Reference: https://tria.ge/221114-1cg11sab4z/behavioral1
# Reference: https://www.virustotal.com/gui/file/2a968ae38c10430c37a108f6919d0d5eb4e8e10415f927437a051e1fbd3ae7d4/detection
# Reference: https://www.virustotal.com/gui/file/157b4754d3cc372bb4b236c37036eb0729cff6bba01220f3d0cc1c9f340d68ea/detection

176.113.115.91:2145
31.41.244.112:2145
89.185.85.44:2145
89.208.103.208:2145
8ltd8.com
npinmclaugh11.com
npinmclaugh14.com

# Reference: https://www.virustotal.com/gui/file/05bb07f3dfae2584a5f6382f23ba58bbea9feeea01509c446a1c75e47a9dfa13/detection

http://140.82.15.232
140.82.15.232:2970

# Reference: https://www.virustotal.com/gui/file/498d6c9301e100f9b7752a6ee34b6873747efa876a9767f51c8eb8dd6a2ff63a/detection

http://116.202.22.58
sdfuubw.icu

# Reference: https://isc.sans.edu/diary/rss/29170
# Reference: https://otx.alienvault.com/pulse/6352a4f01abba547918c8a4d

http://176.124.216.159
176.124.216.159:5511

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-26%20NetSupport%20RAT%20IOCs

she32rn1.com

# Reference: https://www.virustotal.com/gui/file/bfa0f0a9d939eb766c9fd81be03e3b2cd4ed43b977832a21e73156a7201ff1ed/detection

http://193.106.191.152
185.158.251.35:4421
193.106.191.152:4421
dcejartints16.com
dcejartints17.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://89.185.85.44

# Reference: https://www.virustotal.com/gui/file/058118f80fc1a977d07f012560d2ca6109709d20ba6a81e017f294f6e37f2f28/detection

151.236.14.69:2940
pinustamilbe10.com

# Reference: https://twitter.com/x3ph1/status/1612583145257275392
# Reference: https://twitter.com/x3ph1/status/1612636188212338690

gkdkr.icu
gubje.top
noinmsyvhruhjbi4hs.cn
sdvubjser.top

# Reference: https://www.virustotal.com/gui/file/e0f1dc2d0d42622578b3d4e609a5f428edcc41273c60640711f092570cda132c/detection

http://142.132.188.48
fasfybue.icu
rgkiboinas.men

# Reference: https://twitter.com/BroadAnalysis/status/1613255257789693953

http://94.158.244.38
52226asdiobioboioie.com

# Reference: https://www.virustotal.com/gui/file/12d2c229d192506c13f8dfbb5e9edb5b9b369a6e0b5ddc7cb2647d02d7fcdae5/detection

http://194.180.174.152
194.180.174.152:1203
pro1vin7ce.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-27%20GoogleAds_NetSupport%20RAT%20IOCs

http://185.161.210.23

# Reference: https://twitter.com/dlevyny7/status/1619081793344512000
# Reference: https://www.virustotal.com/gui/ip-address/185.161.210.23/relations
# Reference: https://www.virustotal.com/gui/file/8301d30f35705f82c85b56c51fc9f79f9071c3cb3e984b9c55aefe98b830cfc6/detection

anydeks-access.com
mindamiedolis19.com

# Reference: https://twitter.com/1ZRR4H/status/1620141013686968320

http://176.124.216.31

# Reference: https://twitter.com/crep1x/status/1620542075082260480
# Reference: https://tria.ge/230131-z4s2xscd3t/behavioral2

any-desk-app.life
audacity-app-official.site
canva-app-official.site
handbrake-app-official.site
ledger-app-official.site
libreoffice-app-official.site
teamviewer-app-official.site
tronlink-official.site
dkimqwertyasd.com
harddrystamp.com

# Reference: https://twitter.com/Iamdeadlyz/status/1626286424713736194
# Reference: https://www.virustotal.com/gui/file/2bee969bf4dd2fc0e5b6de9f835a037b486fe6f599ec20485231710b06033837/detection
# Reference: https://www.virustotal.com/gui/file/84520291f6556c00cb44314d2994037e0b098bc97c73826c6b6d3e03564b243d/detection

http://89.107.10.44
89.107.10.44:9999
arponet.duckdns.org

# Reference: https://twitter.com/Iamdeadlyz/status/1626286411879190528

http://195.133.197.185

# Reference: https://twitter.com/AnFam17/status/1628995393143832576

94.158.244.118:1203

# Reference: https://twitter.com/nosecurething/status/1631005059302522900

dssdgihbiuieyygvkdsiy4.cn
gunhdr.top

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-09-v10262/351

gybvhxu.top
itugbjhb.xyz

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-23%20NetSupport%20RAT%20IOCs

http://116.203.241.111
dirjbrb.fun
dvjurtt.top
sdfojbeufibibsuu8u.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1641700979434217475

glorrytertyds1.com
glorrytertyds15.com
howcankfhns.com
ktalarisa18.com
ktalarisa19.com
plshaquntarav31.com
plshaquntarav32.com
uzurtela1.com
uzurtela42.com
xjmko311.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1641714810696998916

http://51.195.53.204
dcanalirder12.com
dcanalirder15.com
jalalymola11.com
jalalymola17.com
mindamiedolis20.com
whatulookingat.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising/ioc-new-opcJacker-malware-distributed-via-fake-vpn-malvertising.txt
# Reference: https://otx.alienvault.com/pulse/6424417d4f7e34fdcc85af29

alle13net1.com
alle13net2.com
comes1.com
comes2.com
gattri1.com
gattri2.com
installer-xvpn-g.site
installer-xvpn-h.site
installer-xvpn-k.site
installer-xvpn-n.site
irbxvpn.site
irexvpn.site
irfxvpn.site
irhxvpn.site
irixvpn.site
irkxvpn.site
irqxvpn.site
irtxvpn.site
iruxvpn.site
irwxvpn.site
manigiajabae32.com
manigiajabae35.com
neskrab1.com
neskrab2.com
nesupcli.com
uhcoxvpn.site

# Reference: https://twitter.com/1ZRR4H/status/1643512391940952064
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.129/relations

http://91.107.198.110
gsdgtruhu45.cn
irejhg.fun
retbr.fun
tumnt.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

rtern.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

dfrgb.fun

# Reference: https://twitter.com/abuse_ch/status/1646397352469577728
# Reference: https://www.virustotal.com/gui/file/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/detection

http://79.137.207.54
79.137.207.54:5222
balbalz1.com

# Reference: https://twitter.com/StopMalvertisin/status/1648223628067237890
# Reference: https://twitter.com/souiten/status/1648250631600373760
# Reference: https://www.virustotal.com/gui/file/e927e79de25207d548965e90ec87c26021b9549b5108ac0de99cc9c85556841b/detection

http://87.251.67.111
87.251.67.111:1935
glazgo141.com
glazgo142.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-04-17%20NetSupport%20RAT%20IOCs

http://23.88.125.55
erbieiv.top
rubjbz.fun
ssgdubuerx4.cn

# Reference: https://twitter.com/pollo290987/status/1653139934956363777
# Reference: https://twitter.com/pollo290987/status/1653486646774362112
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-01%20NetSupport%20RAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/e3d142307cbbf3d0d8eac76364993e52833d1ba7318a9ca93dc7f950c49e8ec5/detection

http://195.201.237.50
eduvu.top
erigb.top
sdjbizirebz.cn

# Reference: https://twitter.com/pollo290987/status/1653796442723475458

asdyg.fun
dsauvsiv.top

# Reference: https://twitter.com/pollo290987/status/1654206717251530753
# Reference: https://www.virustotal.com/gui/file/026d17e445821b1d208cb399f451f688f2ba1882a0596661c5d728213aa70e18/detection

http://193.233.232.218
http://89.22.237.94
89.22.237.94:5222
blahadfurtik.com
blahadfurtik2.com

# Reference: https://www.virustotal.com/gui/file/2ba36fbdb1ade985521f651d2fef8667b788658b87423297fddb88f70fbbd411/detection

http://79.137.203.68
79.137.203.68:5222
hdwarframebot.com

# Reference: https://twitter.com/pollo290987/status/1654357341314117633

dsauvsiv.top
erivhx.fun

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-04%20NetSupport%20RAT%20IOCs

dubhd.top

# Reference: https://twitter.com/pollo290987/status/1654540593756872706

http://45.138.74.89

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-08%20NetSupport%20IOCs
# Reference: https://www.virustotal.com/gui/file/9488e05b2be4ef6494ed61a15246de5a1b9e2e7a1673c660a35a162a4e29f339/detection

http://94.130.187.192
pruvb.fun

# Reference: https://twitter.com/pollo290987/status/1658540867840270337
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-15%20NetSupport%20RAT%20IOCs

http://128.140.14.43
sdfhr.top
tryxe.fun
sasfyvuaseyzzs.cn

# Reference: https://gist.github.com/kirk-sayre-work/1a7ec92ab9018ffac71ee5826de9aba8

http://193.233.233.92
http://91.193.43.96

# Reference: https://twitter.com/JAMESWT_MHT/status/1658779419043942402
# Reference: https://www.virustotal.com/gui/file/d885b84d8d8059451a119b32d164280284d428350d2bfcfaf7b84f1b2223a42a/detection

176.124.198.7:5222
alnama.net/realty/license.php
itsupportadminguy.info/itsurjia/homeps.php
/itsurjia/homeps.php

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-18%20NetSupport%20RAT%20IOCs

rszee.top

# Reference: https://threatfox.abuse.ch/ioc/1119451/

77.105.146.153:5222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-23%20NetSupport%20RAT%20IOCs

http://5.75.145.41
ergtu.top
reubhh.fun
sertte56gzxes.cn
/rt.php?i=NOT-A-RESEARCHER

# Reference: https://tria.ge/230526-gyq19sea99/behavioral11

91.215.85.180:5222

# Reference: https://twitter.com/JAMESWT_MHT/status/1662371119532318720
# Reference: https://tria.ge/230527-hj77nsba65/behavioral2
# Reference: https://www.virustotal.com/gui/file/faf9b23508c4445bf9017cacb3b4f08f39d0cd0cd48cc17156320abb6083d9c7/detection

http://188.227.59.169
http://80.66.88.143
80.66.88.143:1935
golden-scalen.com
xoomep1.com
xoomep2.com

# Reference: https://twitter.com/doc_guard/status/1668890440324579329
# Reference: https://www.virustotal.com/gui/file/7e9362b520bf227bfa1c152710b76b7ff83f41f4a7cae42bbb3cfa1473bb0edc/detection

http://91.107.213.253
sizie.fun

# Reference: https://www.virustotal.com/gui/file/0ab1ccca6453218c59fbff6aa2af85ec62a790bcf18426a86f12ba5fe9ed96b3/detection

asuxtp.fun

# Reference: https://www.virustotal.com/gui/file/2817e17cbaa3588d1f1d8fb8a371489693bbdea53a05a34fac71b41bf91e7081/detection

fyzyxe.top

# Reference: https://twitter.com/FirstWatchCyber/status/1678473223678074882
# Reference: https://www.virustotal.com/gui/ip-address/143.244.162.145/relations
# Reference: https://www.virustotal.com/gui/ip-address/157.90.249.226/relations

asfgze.fun
digibi.fun
regibd.fun
sdguzx.fun
ahmgbgjhdlmmlnf.top
cmbefalcljjblia.top
deediinlfifelek.top
ejhbmdagngcglaf.top
jenililhdcaegeg.top
kiknaijcgclkdnl.top
knifdjhlkchdaic.top
nbjhllilknbjldk.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-13%20AsyncRAT%20IOCs

prigze.top
zegfze.top

# Reference: https://gist.github.com/kirk-sayre-work/f9748c3cae156b56a0751679085b3f8e

bisiv.top
dubpv.top
eovze.fun
igsufb.top
izrvb.top
lvuse.top
lvvmze.top
sdifiv.top
tvfzie.top
vizhez.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-24%20AsyncRAT%20IOCs

rigjz.fun

# Reference: https://twitter.com/abuse_ch/status/1685911335719100416
# Reference: https://www.virustotal.com/gui/ip-address/176.111.174.101/relations
# Reference: https://twitter.com/JAMESWT_MHT/status/1685921789539389440
# Reference: https://twitter.com/JAMESWT_MHT/status/1685923203141582848
# Reference: https://www.virustotal.com/gui/file/37cb07ef75c90beb2af9df3faf02283c71ef48cbffce24bcd46049b38939d26b/detection
# Reference: https://www.virustotal.com/gui/file/5e6c05f47399616a63798cb40df75b90912f3dffa84b310ee26db960fc62522f/detection
# Reference: https://www.virustotal.com/gui/file/b75b778b3ca3698225351e0e36376be5da90ec890f4dcf5db970a1f08d8ed37c/detection

http://95.179.150.54
http://95.179.189.207
95.179.189.207:1313
95.179.150.54:1315
95.179.150.54:1414
archivde.xyz
luckyday0728.org
sambireact1.com
sambireact2.com
unclesrug31.com
unclesrug32.com
yeah07.online

# Reference: https://www.virustotal.com/gui/file/c395a71bfd66e923a94cbdc32e5257e51e43b3262bdbd2c75afb36fefed9f3b8/detection

http://94.158.247.27
94.158.247.27:5051
conluase62.com

# Reference: https://twitter.com/x3ph1/status/1686554084294152192

94.158.247.23:5050
magydostravel.com

# Reference: https://www.virustotal.com/gui/file/6318e4335b1098781e35d7464d20b7f92015e86f21c5aad3147e18d6bf9bba7d/detection

http://94.158.244.41

# Reference: https://www.virustotal.com/gui/file/18f2356888cd0909399b77211c732a3f808b06b4fd740e32c5e8105193296706/detection

http://91.215.85.176
91.215.85.176:5222
norominis1.com
norominis2.com

# Reference: https://bazaar.abuse.ch/sample/f5f167423d31cdd7e742d6ae85d6170f26203ec7496d4e098f9e16f40e864c0a/
# Reference: https://www.virustotal.com/gui/file/f5f167423d31cdd7e742d6ae85d6170f26203ec7496d4e098f9e16f40e864c0a/detection
# Reference: https://www.virustotal.com/gui/file/845087bb407b34d8003174a3b63b6c50c7ab4b13ef81636b8344740bb7a8559c/detection

http://185.225.75.33
185.225.75.33:443

# Reference: https://bazaar.abuse.ch/sample/933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6/
# Reference: https://www.virustotal.com/gui/file/5ffb5e9942492f15460e58660dd121b31d4065a133a6f8461554ea8af5c407aa/detection

http://45.15.158.212
45.15.158.212:1412
jokosampbulid1.com
jokosampbulid2.com

# Reference: https://twitter.com/malware_traffic/status/1691546307683352576
# Reference: https://www.virustotal.com/gui/file/de3d0a11dec2e3b4afce991a690024e96dca389f8a0a3c6a65b559c9f1c12d59/detection

http://94.156.6.111
94.156.6.111:443
xcelcareers.com

# Reference: https://twitter.com/1ZRR4H/status/1692484935947563405
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.202/relations

eyftze.top

# Reference: https://www.virustotal.com/gui/file/38669dd5ccced3c29f3eb6bad7a04fbdc2cc81ea6f7c76b03cf1c4fee6c5f3f0/detection

http://185.163.45.36
185.163.45.36:5051

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-22%20AsyncRAT%20IOCs

rigujze.fun

# Reference: https://www.virustotal.com/gui/file/00c9a25198c62d243549a458be44f24a71bc999bdb279fc6336ddedeccf637a1/detection
# Reference: https://threatfox.abuse.ch/ioc/1152573/

http://79.137.205.69
79.137.205.69:3725
falafelgoo1.com

# Reference: https://www.virustotal.com/gui/file/cf4b26813e325da0c821da65e1417bea0045f8349204518b58381609b6662803/detection
# Reference: https://www.virustotal.com/gui/file/8d0f88f0a641392f67dcba2a15d18dc3023bc3de35d6ed6e4664948ed928d36e/detection

http://94.158.244.56

# Reference: https://www.virustotal.com/gui/file/9f5feccfcce9d5a6af03e983c7fce6a38cf40fd0cfc518a612c696c572ba2fd5/detection

http://139.60.163.37
139.60.163.37:2940
pinustamilbe12.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-29%20AsyncRAT%20IOCs

easdiv.top

# Reference: https://twitter.com/0xToxin/status/1697254384932184572
# Reference: https://app.any.run/tasks/fc8794c8-ef16-4102-9be4-70b5745c08ab/

zpeifujz.top

# Reference: https://gist.github.com/kirk-sayre-work/f3ff9633cea04c7eed5f00962a6a666d

docusec.top
eividsy.top
euuvua3.top
fahzza.fun
fiauta.top
fuzuci.top
prizba.top
rubize.top
saifozi.fun
sdfuzien.top
secdoct.top
sevyr.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-31%20NetSupport%20RAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8/detection

http://5.252.177.126
http://5.252.178.51
5.252.177.126:443
5.252.178.51:443

# Reference: https://www.virustotal.com/gui/file/9101403bb729cabebd79206aad130293890154cd7a6fba3417471a645ea3ef25/detection
# Reference: https://www.virustotal.com/gui/file/1b74c1fcbe83096cd703bfe9343163894f3a0a83c3708edf97fac42c43ebee83/detection

http://5.42.82.229
http://79.137.205.69
5.42.82.229:3725
79.137.205.69:3725

# Reference: https://www.virustotal.com/gui/file/343d63ff67300da163c035fd16eeaf73ca0d8b472725be1cf501addbc205c487/detection

79.137.202.177:3725

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-05%20AsyncRAT%20IOCs

sdfuvy.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-07%20AsyncRAT%20IOCs

ehxevg.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-09-10)
# Reference: https://www.virustotal.com/gui/file/cc625f2839019ee79af16b580a5248ea119e1a69411cd7498e68d0fb93257f32/detection

http://5.39.110.142
http://5.79.72.218
http://91.92.242.229
5.39.110.142:1770
5.79.72.218:1770
91.92.242.229:443
pkvithtosh11.com
pkvithtosh17.com

# Reference: https://www.virustotal.com/gui/file/6a507c4b04ecd8052a518e77c2cadaf32b89018ae7bc7857b0b799c82c8fe23b/detection

http://185.163.46.93

# Reference: https://www.virustotal.com/gui/file/4a9f42167f399abfbb42a5ee4d52922eb3f7f1ce88d23824f01d13e50609b8b9/detection

http://94.158.245.150

# Reference: https://www.virustotal.com/gui/file/c38c08aa33317d483b8c3f2572189deffd054a8805d463ef2437d4e7aa458436/detection

http://95.216.186.137
95.216.186.137:2701
dmforinenam17.com
dmforinenam18.com

# Reference: https://www.virustotal.com/gui/file/1a011068e00ff24aaef338efc5d21f51abbf47cf1f1006b1b79c78bc84b1d3c6/detection

http://5.252.178.48
5.252.178.48:443

# Reference: https://threatfox.abuse.ch/ioc/1183943/

http://5.252.177.214
5.252.177.214:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-10-12)

http://5.252.177.111
5.252.177.111:443
sdjfnvnbbz.pw

# Reference: https://twitter.com/reecdeep/status/1715053326859895210
# Reference: https://www.virustotal.com/gui/file/c418c883f8d85ed6de3ca033f925c29bf5f5ef4926d62e04d61b6c015dbeb841/detection
# Reference: https://www.virustotal.com/gui/file/d4085ca36709f3b3a2d5a38cba70fbcd439dbc3be024c29829bfa10d8ef44f53/detection

orivzije.top

# Reference: https://twitter.com/x3ph1/status/1719115004530581756
# Reference: https://www.virustotal.com/gui/file/18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d/detection
# Reference: https://www.virustotal.com/gui/file/2725bdb19861c6bd2d4156040473da04abe32c8701e6a7d0cbeeca8425127c10/detection

http://185.163.47.243
185.163.47.243:443

# Reference: https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
# Reference: https://www.virustotal.com/gui/file/b910500a9fce47fa4db13b2ad2aea72f20df4743a66b6099fb4b9a4d71912e50/detection

http://79.137.206.37
79.137.206.37:133
wsus-isv-internal.tech
wsus-isv-local.tech

# Reference: https://twitter.com/JAMESWT_MHT/status/1719446999420846529
# Reference: https://www.virustotal.com/gui/file/2a2d79f2b08ecfc76c536c2c9f17922f8272ada7ee318e359529a38d769973ac/detection
# Reference: https://www.virustotal.com/gui/file/f21aea9606f94eba27674cfb40a4aeccd5c73577a3997e4687accc63eaa2efa7/detection

sduyvzep.top
/m0t3hg0h8uyx
/wsjdfghd

# Reference: https://twitter.com/reecdeep/status/1720122106854166900
# Reference: https://app.any.run/tasks/5139943d-a620-4a3b-a062-264460825126/

lzlzy4e.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-11-07)

http://185.163.47.137
http://5.181.156.60
http://91.92.242.5
185.163.47.137:443
5.181.156.235:443
5.181.156.60:443
91.92.242.5:443
91.92.244.196:443
91.92.247.248:443

# Reference: https://www.virustotal.com/gui/file/48ff224a396a4583990cb16a88a555817bff10ffbd85597ad941c6d2f5e78dda/detection

speedsupport.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1727335614805078515
# Reference: https://www.virustotal.com/gui/file/3407337dea12501ed2d524ed049d69a8e188bcd585f1a4055b60d4369cfc348b/detection

http://185.225.17.47
185.225.17.47:136
glaciecrw.cfd
huggertlow.top

# Reference: https://twitter.com/1ZRR4H/status/1731019006318985352
# Reference: https://www.virustotal.com/gui/file/0fdc3d43677d406fb68b434d25a5757f5981ecc19ec616f8ddcd9126ba548014/detection

46.149.74.125:1061
andater393.net
svanaten1.com
svanaten2.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-12-22%20AsyncRAT%20IOCs
# Reference: https://app.validin.com/axon?source=DNS&zone_filter=top&limit=100&type=ip&find=206.166.251.17

prozvegz.top
sossoshn.top
ruzivre.top

# Reference: https://www.virustotal.com/gui/file/01caca23428e0f6d56feda4b411d989f4b0c8ad4dd28664f5f2b7de428b76004/detection

http://194.38.21.53
194.38.21.53:1203

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-01-24)

136.244.108.223:1411
152.89.218.212:443
185.163.46.93:443
185.26.239.180:443
45.61.147.162:3301
45.67.230.205:443
5.181.156.45:443
91.92.245.80:443
94.158.244.56:443
94.158.245.150:443

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-01-23%20NetSupport%20RAT%20IOCs

hsdiagnostico.com

# Reference: https://twitter.com/1ZRR4H/status/1750170408463008120
# Reference: https://www.virustotal.com/gui/file/a04f3d2be0b51c4c302bc4b881ee6c6b507bc432272fc37d7c531060607e7932/detection

blawx.com/letter.php
defigmi.com/1/GetData.php
core-click.net
helasirasi.com
helasiras1i13.com

# Reference: https://www.virustotal.com/gui/file/09c64c1e380b08904417424f0335f960ae10bebb57dda489028084db71fb6a17/detection

http://95.142.47.11
95.142.47.11:1203

# Reference: https://twitter.com/doc_guard/status/1764652970682048592/history
# Reference: https://www.virustotal.com/gui/file/56fe0d3edd415c0ca1b7fc7bf960300e085465cd2a6d0ec3600191aac25a66e4/detection
# Reference: https://www.virustotal.com/gui/file/7144b8408b3ad9ae2d035cf122f9311673a38e9f26177c3c12d390c68ecb54b4/detection

http://79.132.130.233
79.132.130.233:443
compactgrill.hu

# Reference: https://twitter.com/seguridadyredes/status/1767900519094235335
# Reference: https://twitter.com/1ZRR4H/status/1767915425097044097
# Reference: https://www.virustotal.com/gui/file/387b55861b370471596725c10e55a33e82834f711aa24b01cd23a9ac9f27a721/detection

http://192.236.192.48
rahnoturkey.com
nes.cosmopeople.in
/nyhjkszpcccggjukfgnattexybnfgziizyh.txt

# Reference: https://twitter.com/k3yp0d/status/1767934844061794764
# Reference: https://www.virustotal.com/gui/file/f72cb853fcec9002c9c5fb978bc5ebcd0e6d4b86cc4a778d5fd4c2c7dc619095/detection

custompcadvisor.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-21%20FakeUpdates_IOCs

http://5.181.156.5
5.181.156.5:443

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-03-27-IOCs-for-Google-ad-leading-to-Netsupport-RAT.txt
# Reference: https://www.virustotal.com/gui/file/9656977251436512b44027a7ae0e10b1481db5232c5588ffc36d7f8297345e33/detection

http://45.155.249.55
45.155.249.55:443
techcoredigital.com
tomuttaro.com

# Reference: https://www.virustotal.com/gui/file/f455dbcd58ae3f4ba10bfcb0357b9828774c29f3f5bc48005efd6123f46cebfb/detection

http://45.11.180.127
45.11.180.127:3120
dcnlaleanae8.com
dcnlaleanae9.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1784900827930349915
# Reference: https://twitter.com/ValidinLLC/status/1784948155051610425

arts.ghazalamini.ir
arts.spotylife.ir
cdn.ghazalamini.ir
cnwsj.2060y.workers.dev
finacial.patrickring.net
financial.patrickring.net
fl.7s9r.ir
fl.aghanima.ir
fl.aronafsharmeds.ir
fl.daryayebikaran.ir
fl.derakhtedaneshi.ir
fl.libraryriazi.ir
fl.musicbarani.ir
fl.nimartltd.ir
fl.samsungshopify.ir
flcdn.7s9r.ir
flcdn.aronafsharmeds.ir
flcdn.asbeabijoon.ir
flcdn.daryayebikaran.ir
flcdn.myoldgames.ir
flcdn.samsungshopify.ir
flcdn.youroldgames.ir
ghazalamini.ir
herkolvg.amir27386.win
hero.morphling.ir
home.morphling.ir
irc10.spotylife.ir
irc11.spotylife.ir
irc13.spotylife.ir
irc2.spotylife.ir
irc5.spotylife.ir
irc6.spotylife.ir
irc7.spotylife.ir
mrfl.morphling.ir
nimartltd.ir
smtl.spotylife.ir
srv2.spotylife.ir
sub.nimartltd.ir
testsite2023.store
wls.lbcc.workers.dev
wsj.pm
wsj.webserve.workers.dev

# Reference: https://twitter.com/JAMESWT_MHT/status/1784942910057648537
# Reference: https://www.virustotal.com/gui/ip-address/38.180.62.49/relations

babolk1.com
greekpool.com
rewilivak13.com

# Reference: https://twitter.com/crep1x/status/1786150754983575656

http://103.106.2.16
http://103.159.132.236
http://103.159.133.234
http://104.194.156.214
http://104.234.118.78
http://104.237.234.27
http://104.41.179.80
http://107.6.74.93
http://110.141.253.13
http://139.162.120.150
http://139.28.220.180
http://142.132.190.124
http://142.132.238.181
http://142.202.205.89
http://149.248.8.148
http://150.14.52.17
http://157.90.248.115
http://157.98.255.23
http://159.69.186.8
http://162.33.179.238
http://162.55.56.201
http://165.127.124.33
http://166.1.160.205
http://167.235.159.22
http://167.235.207.169
http://167.235.49.247
http://167.235.75.93
http://168.100.11.196
http://176.107.184.61
http://176.124.217.215
http://179.43.159.76
http://184.106.79.117
http://185.163.45.124
http://185.163.45.186
http://185.163.45.43
http://185.163.47.150
http://185.181.229.215
http://185.209.22.198
http://185.212.44.49
http://185.225.17.250
http://185.225.19.176
http://185.243.112.80
http://185.31.160.130
http://185.34.234.106
http://185.4.65.191
http://185.87.49.233
http://185.91.107.158
http://187.86.226.73
http://188.127.224.196
http://193.106.191.132
http://193.16.147.35
http://193.25.182.217
http://193.65.70.211
http://194.180.191.107
http://194.230.77.110
http://194.38.20.14
http://194.38.21.18
http://194.40.243.233
http://194.74.71.172
http://198.144.189.68
http://198.239.91.160
http://199.102.91.7
http://199.127.38.75
http://199.16.199.2
http://199.188.205.15
http://199.255.38.118
http://199.34.228.77
http://2.58.15.67
http://20.40.140.199
http://201.192.253.111
http://204.90.181.2
http://208.35.209.64
http://212.140.133.235
http://213.252.244.126
http://217.126.98.85
http://220.233.64.142
http://23.108.57.114
http://23.88.100.249
http://23.99.231.137
http://3.94.229.245
http://31.7.62.214
http://37.1.205.73
http://37.1.220.113
http://40.115.136.93
http://45.11.180.120
http://45.133.245.38
http://45.139.236.20
http://45.140.146.49
http://45.15.157.194
http://45.159.248.241
http://45.61.136.72
http://45.67.228.248
http://46.149.74.125
http://47.48.212.100
http://5.181.156.11
http://5.181.156.110
http://5.181.156.144
http://5.181.156.168
http://5.181.156.177
http://5.181.156.235
http://5.181.156.45
http://5.195.23.13
http://5.224.19.90
http://5.45.74.233
http://5.61.44.162
http://5.75.193.206
http://5.75.224.41
http://5.8.54.81
http://5.8.63.140
http://50.116.17.41
http://52.1.65.139
http://59.145.88.11
http://62.173.125.171
http://62.173.145.56
http://62.173.154.94
http://62.22.15.151
http://65.109.164.238
http://65.52.150.29
http://66.42.103.163
http://67.36.85.34
http://77.246.104.53
http://77.52.201.106
http://77.91.101.205
http://77.91.101.44
http://78.141.198.19
http://78.47.174.223
http://78.47.198.6
http://79.132.132.129
http://80.154.112.190
http://81.223.83.70
http://81.45.131.56
http://81.91.178.23
http://83.206.126.185
http://85.23.132.21
http://85.94.194.169
http://87.121.52.81
http://89.144.47.4
http://89.187.117.133
http://89.208.103.208
http://91.215.85.171
http://91.215.85.180
http://91.217.80.31
http://91.228.10.140
http://94.158.244.26
http://94.158.244.47
http://94.158.245.166
http://94.158.245.186
http://94.158.247.101
http://94.158.247.26
http://94.158.247.61
http://94.158.247.80
http://94.158.247.87
http://95.164.37.152
http://95.179.253.195
http://96.57.25.203
http://94.158.245.182
103.106.2.16:443
1win-a.com
claimguardgp.com
fileexchange.thyssenkrupp.com
healthcatchers.com
helpdesk.pattisonsign.com
laserexposer.de
mybmswarehouse.com
rrcs-24-227-166-90.sw.biz.rr.com
rrcs-97-79-156-184.sw.biz.rr.com
sftp.tredence.com
shares.tr.mufg.jp
vlive.vodacom.co.za

# Reference: https://x.com/suyog41/status/1793926087082389599
# Reference: https://www.virustotal.com/gui/ip-address/51.89.111.5/relations
# Reference: https://www.virustotal.com/gui/file/3ff315a489945596e594a58be67541c3a9fbbe98febfd985423d57f3bbea665e/detection
# Reference: https://www.virustotal.com/gui/file/5974347c962c2cf11a05c151440fb0741d27ae79b73d3801389be78edf373779/detection

http://51.89.111.5
51.89.111.5:1771
pbkvithtosh07.com
pbkvithtosh08.com
beliefreport.online

# Reference: https://x.com/Threat_Down/status/1800919313798537505
# Reference: https://www.virustotal.com/gui/ip-address/74.119.194.232/relations
# Reference: https://www.virustotal.com/gui/file/473dcdb2f3a7dc1695db6c8c7b0521f9509007298669125bf97a829f85eb3d4b/detection
# Reference: https://www.virustotal.com/gui/file/ea5ec5bd69cfa7597edb4572762471ebd7408a26295ea95c4e67b6e1dbba9f38/detection

http://94.158.245.103
94.158.245.103:443
goyardblue.online
psk777.casa
r6pedihosi.website

# Reference: https://x.com/JAMESWT_MHT/status/1802973030160990460
# Reference: https://app.any.run/tasks/d224ed9c-af50-4877-8776-5970dc96e017/

http://173.44.141.66
173.44.141.66:3121
dcnvahedforil31.com
dcnvahedforil38.com

# Reference: https://x.com/JAMESWT_MHT/status/1805500877081293197
# Reference: https://app.any.run/tasks/ac26a2f9-c3fe-47c9-b93c-3a198d6e7965/

http://91.202.5.209
91.202.5.209:443
nld360.com
nld360180.com

# Reference: https://x.com/malwrhunterteam/status/1806319685295546755
# Reference: https://www.virustotal.com/gui/file/63da1609061ef7c4a77d4f76e8fa2f8775f8a08320e7d83221e470f916edad1d/detection
# Reference: https://www.virustotal.com/gui/file/3828c533000b04734fe9772c4651deb619cfbf84fb1464f1d2122a53dfb56d83/detection
# Reference: https://www.virustotal.com/gui/file/048efbaf310a62e02f180b26cb8cb2f8c8c2286f6dad126a78467c81e5173899/detection

http://77.238.233.175
77.238.233.175:443

# Reference: https://x.com/JAMESWT_MHT/status/1810573140751176178
# Reference: https://app.any.run/tasks/35f89c70-db1a-4771-8a57-e1cea88c35f5/

45.11.59.217:443

# Reference: https://x.com/silentpush/status/1811079662518382739
# Reference: https://www.silentpush.com/blog/fin7/

166.88.159.37:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://210.249.114.153
http://210.249.114.154
101.108.13.204:7443
101.108.135.200:7443
103.159.133.234:25661
107.22.165.49:443
109.195.102.70:443
109.195.124.16:3321
110.13.35.37:443
120.25.239.36:443
168.119.132.233:443
178.124.152.84:8443
178.188.188.211:5500
178.188.188.212:5500
178.188.188.213:5500
179.159.167.251:3085
179.49.112.238:3085
179.95.122.211:9990
181.116.72.52:5609
181.167.199.179:5603
181.4.0.8:9000
183.96.100.53:443
185.11.51.242:4433
185.23.192.33:444
185.243.112.80:12521
185.83.148.30:3085
186.0.139.220:443
186.0.139.220:444
186.225.10.251:3085
186.236.112.114:3085
189.115.194.186:9990
189.203.156.164:3085
190.210.247.1:5909
191.242.219.204:9990
193.19.242.55:1443
195.16.128.11:3085
195.245.189.240:443
196.117.5.252:443
196.127.164.213:443
198.244.197.118:9443
2.136.235.200:3085
2.139.253.110:3085
2.58.15.67:25661
20.105.139.205:443
200.116.185.173:3085
200.152.101.176:9090
200.180.67.154:9444
200.243.0.50:443
203.157.208.2:3085
206.210.123.104:8888
210.249.114.153:443
210.249.114.154:443
212.170.14.98:443
212.231.195.19:3085
212.55.27.214:3085
213.149.181.121:469
23.24.178.33:3085
23.24.178.35:3085
40.85.218.196:59595
41.142.248.254:443
5.236.37.121:443
61.96.204.117:443
62.119.81.101:58573
62.156.170.137:1111
62.157.233.146:5555
82.71.120.166:443
83.48.66.207:3085
84.28.36.114:443
86.53.241.21:447
88.17.122.156:443
88.17.27.121:443
91.196.170.88:5555
92.186.214.11:3085
92.187.191.119:3085
93.188.122.139:4433
93.198.179.203:81
93.198.180.127:81
93.232.107.227:81
93.232.107.227:82
93.232.108.46:81
95.189.100.119:443

# Reference: https://www.virustotal.com/gui/file/b73f5ec0edd2b9aa57244e524b327db0f27f89d15433f9a0fca45f33ea3a6a18/detection

http://194.180.191.69
194.180.191.69:443

# Reference: https://x.com/malwrhunterteam/status/1817959103282692598
# Reference: https://www.virustotal.com/gui/file/5b2c19c32d0a4725f4d5057bab96ebc00a60774926c04daa451f628677762603/detection

http://5.181.156.26
5.181.156.26:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

178.188.188.210:5500
189.168.203.234:443
196.117.164.141:443
206.210.123.104:8889
79.239.99.165:65385
84.154.179.217:81

# Reference: https://x.com/CyberRaiju/status/1821486680290861521
# Reference: https://x.com/CyberRaiju/status/1821486689186922844
# Reference: https://www.virustotal.com/gui/file/4be1f385cb4c1bc4d055568807a8d632c0e550184817fcdb602d1a75134336f9/detection

http://194.180.191.32
194.180.191.32:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

http://104.250.238.120
122.99.131.253:443
130.164.171.194:443
167.86.160.188:443
178.188.188.214:5500
190.231.88.140:5609
191.242.219.160:9990
37.74.45.12:443
79.241.107.168:82
88.211.117.186:3085
89.130.137.6:3085
90.173.96.4:3085
93.232.97.216:82

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-08-18)

157.173.210.213:443
173.46.80.233:443
194.180.191.183:443
45.11.59.216:443
45.82.84.13:443
5.181.159.28:443
91.222.175.247:443
94.232.42.28:443

# Reference: https://x.com/pollo290987/status/1825769268354417144
# Reference: https://www.virustotal.com/gui/file/347c7a6cf37657f08e2c4cf3606edb4b183ccf256830917159f665489091ff26/detection
# Reference: https://www.virustotal.com/gui/file/5108c65ba3d5e5e529a342f5b105a7b11a66d1a097bd191169eaf46acee8358d/detection
# Reference: https://www.virustotal.com/gui/file/72ae89edb920e6a7dbf5c9b02dd60028318273c10d8ebe62b2bc0e3fbe462c98/detection
# Reference: https://www.virustotal.com/gui/file/9866d79a4565b247956540e85a639715b8b6de0485bc412444b4c119ef1c7a5c/detection

fossilbay.net
khertz.net
mujerymadre.org
staradeal.com
vissalia.me
/4ftdjoe9sj4jswmtcrjo77mbnwm2pyzq/avatar.webp
/cutonw43pexve2jpbuzjijyoib2buumd/avatar.webp
/g28j2itwo6y0joruhzfcq8i3snymtpu4/avatar.webp
/om9qkcoqbwd25kzgyc5fmh3gfv4955gg/avatar.webp
/viq2a62nt3u1ox5i5d0nkn8c4plqjb92/avatar.webp
/4ftdjoe9sj4jswmtcrjo77mbnwm2pyzq/
/cutonw43pexve2jpbuzjijyoib2buumd/
/g28j2itwo6y0joruhzfcq8i3snymtpu4/
/om9qkcoqbwd25kzgyc5fmh3gfv4955gg/
/viq2a62nt3u1ox5i5d0nkn8c4plqjb92/

# Reference: https://x.com/r3dbU7z/status/1827345358181052509
# Reference: https://www.virustotal.com/gui/file/82956b9e19565685a9c1fdaeea5e77643f2486df5ecd5f7c79bb4f772fd19ac3/detection

mysecureserveronlinefolder.com
hulolawyo199jestie01.duckdns.org
hulolawyo199jestie02.duckdns.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

101.108.9.24:7443
189.133.140.188:443
62.119.81.149:58573
62.119.81.74:58573
93.198.189.5:81

# Reference: https://x.com/silentpush_labs/status/1831716500597809506
# Reference: https://www.virustotal.com/gui/file/0dc3a40e9f726f18e3ebac92ee5944d9c12b2ee71252f2b711434c3628877ca1/detection

http://194.180.191.183
194.180.191.183:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

130.164.171.81:443
179.95.173.13:9990

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-09-08)

166.88.159.187:443
172.208.117.89:443
5.181.159.137:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

101.108.253.7:7443
179.95.202.160:9990
187.173.200.31:443

# Reference: https://x.com/smica83/status/1835971412588208440
# Reference: https://x.com/JAMESWT_MHT/status/1835980550613459316
# Reference: https://www.virustotal.com/gui/file/3d0838ea4a847f62ef9ef3f14289d119e06837538152e787ba1a1c57e4e7bf2b/detection
# Reference: https://www.virustotal.com/gui/file/a3cdd57cf75f0e1eeaf4f0d46acb509799629dfa05be139707baf164260c4be2/detection

juchesoviet48.com
taurihostmetrics.com
trustgiron.com
trustgiron3332.com
wiresapplication.com

# Reference: https://www.virustotal.com/gui/file/ad5c03186f34fe73b386fe0c08f34620953753f6575ddf111556cdf2dc9b6f2c/detection

http://95.164.115.224
95.164.115.224:2080
barsukenotikejik.com
enotikkrolikzayac.com
update-ledger.net

# Reference: https://app.validin.com/detail?type=ip&find=91.208.127.61#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/1629e330badb4eac4694f7bd7418544737d6aa434c2e941584fb80ce4137a522/detection

http://91.208.127.61
91.208.127.61:2080
ghub-application.top
obs-studio.ltd
tablebusiness.us

# Reference: https://www.virustotal.com/gui/file/03f48716ab05974447b0eac981b623388c365059b76b2efc64278a15248814a2/detection

http://162.33.178.156
162.33.178.156:3122
amnahuseta19.com

# Reference: https://www.virustotal.com/gui/file/850f464e8c0fc382d8c597c1c6f3d4ccc74498176e2302b94c850f8235c658b3/detection

http://37.1.209.225
37.1.209.225:443
armayalitim.com
mlm-cdn.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

189.115.194.189:9990
196.127.51.182:443

# Reference: https://www.proofpoint.com/au/blog/threat-insight/clipboard-compromise-powershell-self-pwn

cdn3535.shop

# Reference: https://x.com/JAMESWT_MHT/status/1842217911680741377
# Reference: https://app.any.run/tasks/c58bddb9-7664-41da-9886-55cb3f60c440
# Reference: https://www.virustotal.com/gui/file/1b63f83f06dbd9125a6983a36e0dbd64026bb4f535e97c5df67c1563d91eff89/detection

http://166.88.159.37
166.88.159.37:443

# Reference: https://www.virustotal.com/gui/ip-address/37.10.71.155/relations

bretvenyzer17.com
dcaiergewas10.com
dcorismeng19.com
dfaiernewa21.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

101.109.165.137:7443
167.86.135.144:443
179.95.125.28:9990
179.95.163.195:9990
79.241.100.193:81
83.49.208.110:443
84.154.176.61:81
93.232.100.4:81

# Reference: https://x.com/JAMESWT_MHT/status/1851560595830546448
# Reference: https://www.virustotal.com/gui/file/164442f00f7c9fa2e5b279d8d16fc3b29bf6dcda098d25f530573f4a3ff30169/detection

http://91.149.232.112
91.149.232.112:443

# Reference: https://x.com/joe4security/status/1851914797350019510
# Reference: https://www.joesandbox.com/analysis/1545769/0/html#deviceScreen
# Reference: https://www.virustotal.com/gui/file/9431c7d585f31d959ca97d5955a9ec2c83f51b379de0b89c3d74f64c1e288f46/detection

http://92.255.85.135
92.255.85.135:443

# Reference: https://x.com/JAMESWT_MHT/status/1852321885817585873

anyhowdo.com
payiki.com

# Reference: https://x.com/JAMESWT_MHT/status/1852400677198127494

mylandez.com
ponycon2015.com

# Reference: https://x.com/crep1x/status/1853503474278842601
# Reference: https://tria.ge/241104-wgv18atmaz/behavioral2

147.45.198.18:9999
aholicist.duckdns.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

101.108.0.93:7443
101.108.98.173:7443
102.96.170.169:443
102.96.189.23:443
13.208.181.93:7001
130.164.181.123:443
167.86.142.20:443
18.218.60.255:14265
190.231.88.140:5604
203.157.208.4:3085
34.221.83.22:50580
43.201.247.139:28015
52.53.231.243:51500
79.241.103.139:82
83.49.214.212:443
84.154.190.205:81
88.17.123.100:443

# Reference: https://x.com/banthisguy9349/status/1847199289413378463
# Reference: https://x.com/SquiblydooBlog/status/1856415307658670246
# Reference: https://x.com/JAMESWT_MHT/status/1856427660034859486
# Reference: https://tria.ge/241112-v59c3sxfnl/behavioral1
# Reference: https://www.virustotal.com/gui/file/52728ffbb20c4e3125756e22a0032e7441c8ddf71aafb0aa2f7bec63aa64382a/detection

fusion-avto.com
fusion2-avto3.com
gailsacademy.com
gatugo.com

# Reference: https://x.com/JAMESWT_MHT/status/1859987588494590175
# Reference: https://www.virustotal.com/gui/file/6334dcc67ba20c70ee65184dcb7f4fb19d38cf27e8e08904a8d51daf85f4c038/detection

http://194.180.191.64
194.180.191.64:443

# Reference: https://x.com/JAMESWT_MHT/status/1861353397108023341
# Reference: https://www.virustotal.com/gui/ip-address/176.126.113.166/relations
# Reference: https://www.virustotal.com/gui/file/484c7f54d1b5a6fbbb5cbcf0a01a3b7b9ddb77a7bfbd859cf68bb29b686db80c/detection
# Reference: https://www.virustotal.com/gui/file/49f4e7cdd3716a8e33a6659daa709606a4d74ae84525fa395efd8687f7e9d2ae/detection

185.170.144.66:1773
okolinabeauty.com
etsy.okolinabeauty.com
megaeth1337.duckdns.org

# Reference: https://x.com/JAMESWT_MHT/status/1861366216268435620
# Reference: https://www.virustotal.com/gui/file/25d923a04b40403fdf337be6a6fe6dbd6f84bf4e1897ba09573661f73827a800/detection

http://94.232.43.219
94.232.43.219:443
kokachi.com
kokachi334.com

# Reference: https://x.com/g0njxa/status/1861756602803433643
# Reference: https://app.any.run/tasks/9d7e8ad2-1d9f-4066-9fab-2bf431206699

http://65.108.223.245
65.108.223.245:443
marocohra.com
marocohra332211.com

# Reference: https://x.com/malwrhunterteam/status/1862240848768811306
# Reference: https://www.virustotal.com/gui/file/e71581382e5f6148f535c92380999fc2ab91786c32ba6c1debb13f2a68accb3c/detection

patbunn.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2024-12-15)

101.108.7.62:7443
102.96.170.201:443
125.24.11.192:7443
13.125.222.217:35554
13.201.73.114:55922
13.212.17.251:8159
13.246.43.102:5360
13.56.182.170:50580
13.56.182.170:8130
13.60.91.16:3390
13.60.91.16:9090
143.92.185.180:443
15.168.9.197:4444
167.86.160.57:443
179.95.120.66:9990
179.95.198.146:9990
18.134.13.141:7170
18.140.198.129:33343
18.140.234.254:30005
18.140.234.254:51005
18.183.47.77:46862
18.224.108.120:3585
181.116.72.52:5802
3.123.27.44:12594
3.34.182.155:11112
3.38.213.230:49152
3.38.213.230:5902
3.99.184.10:18333
35.166.46.121:2380
44.202.65.39:49319
54.144.68.137:40780
54.199.213.149:623
54.236.228.148:2077
72.11.148.132:443
84.154.185.157:81
88.17.25.237:443
93.232.107.170:81
93.232.96.63:81

# Reference: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
# Reference: https://otx.alienvault.com/pulse/63fcc40dc61f21260d830fdb

neashell1.com
neashell2.com
she32rn2.com
shetrn1.com
shetrn2.com

# Reference: https://x.com/JAMESWT_MHT/status/1866398847595151363
# Reference: https://www.virustotal.com/gui/file/20d55ad0b67bc671cc9e4507f0d1cf24c59dbc1e9877d2c03ba3e66aa44bcd41/detection
# Reference: https://www.virustotal.com/gui/file/6ba3976f8956dceb2903dc89b9b66c3d81ceb93566b6244b58c4929a454815c0/detection

45.140.17.15:3785
91.201.112.10:3785
cycleconf.com
ganeres1.com
ganeres2.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

102.96.189.112:443
125.24.166.105:7443
13.115.118.250:9042
13.125.57.105:2762
13.231.139.33:9301
13.231.253.174:59179
13.244.61.79:50001
13.245.117.198:10328
13.246.11.167:4730
13.37.247.161:18084
13.38.19.250:443
13.38.49.150:32995
13.38.65.151:8088
13.40.105.76:888
13.48.84.127:51381
130.164.138.166:443
15.168.144.229:8008
15.236.123.155:3128
15.237.132.145:2095
16.16.26.11:3389
18.130.15.97:1521
18.159.141.158:37036
18.193.3.69:2281
18.193.3.69:5222
18.201.102.245:55410
18.228.30.250:3390
3.106.183.189:5938
3.11.80.137:20256
3.123.228.130:9042
3.145.146.142:41146
3.15.238.173:16339
3.26.31.73:18245
3.26.42.181:47929
3.27.91.209:6719
3.38.211.194:2077
3.78.220.221:2086
35.178.190.68:5222
35.179.177.158:7001
35.181.5.63:28080
35.183.18.22:6846
35.183.246.10:53765
35.77.221.213:389
35.78.206.123:35857
35.85.152.199:623
35.85.152.199:8773
35.91.252.200:135
35.95.118.9:49502
43.202.32.43:5000
43.207.32.128:119
44.192.128.61:47877
47.129.103.18:24961
51.17.112.90:9142
52.10.174.127:49127
52.16.157.89:2086
52.208.190.176:49833
52.87.173.188:23894
54.170.214.24:5984
54.178.62.54:6713
54.186.30.8:623
54.206.65.193:83
54.233.192.91:1911
54.244.190.244:2086
54.252.216.128:8389
54.69.63.53:2404
54.71.6.246:22011
54.75.221.101:1098
54.78.191.125:2096
54.94.110.132:33634
54.94.110.132:53134
84.154.178.61:81
84.154.178.61:82
93.232.105.202:81

# Reference: https://x.com/skocherhan/status/1876396484142174274

35.91.57.41:5172

# Reference: https://x.com/skocherhan/status/1879217959157273085

http://185.157.213.71
http://45.155.249.215

# Reference: https://x.com/JAMESWT_MHT/status/1879881417334858172
# Reference: https://app.validin.com/detail?find=185.33.87.199&type=ip4&ref_id=2223fde8ecd#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/0138ecffbf3d9c954bc9f14b75f7533ea6be3dca621bfe1fee165b00adfb557b/detection

http://194.180.191.24
194.180.191.24:443
luoli8.life
pablogutierrez.life
possi8le.life

# Reference: https://x.com/ffforward/status/1879889672392040846
# Reference: https://www.virustotal.com/gui/file/8125ef032eadfc547bcdd2e311a1d4e2cb33e0383c3ac2d8eb40c43bc6d11634/detection

http://176.10.125.96
176.10.125.96:443
adpanels.net

# Reference: https://x.com/neonprimetime/status/1879929436671504628
# Reference: https://neonprimetime.blogspot.com/2025/01/cloudlfare-captcha-netsupport-rat.html

eiesoft.com
hardcorelegends.com
guidemytax.com

# Reference: https://x.com/JAMESWT_MHT/status/1881335595655729349
# Reference: https://app.any.run/tasks/96408e3d-2cd2-4aef-a924-fcab83e43936
# Reference: https://www.virustotal.com/gui/file/03805934b45114b1744a179b66f96288a50a2364b42533ac5f1ef08fb36a0449/detection

http://147.45.44.200
147.45.44.255:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-20)

102.100.55.41:443
102.96.170.178:443
102.96.171.124:443
102.96.215.117:443
13.203.156.41:18084
13.208.209.19:3000
13.208.209.19:40600
13.208.209.19:5900
13.208.43.151:503
13.214.178.210:554
13.245.198.21:2443
13.247.213.233:1098
13.36.240.203:9142
13.38.28.128:4567
130.164.189.158:443
143.92.166.75:443
15.152.31.8:2003
15.156.194.143:2096
15.168.237.174:6451
15.188.76.53:40922
15.223.121.79:6720
15.236.55.38:1616
15.237.27.113:179
16.171.234.49:2077
167.86.165.174:443
179.95.199.110:9990
18.118.18.234:21
18.132.213.43:6881
18.144.53.225:104
18.175.181.75:13610
18.182.48.253:17778
18.183.54.182:4242
18.191.204.120:995
18.193.7.241:2080
18.200.191.216:1433
18.202.197.17:5903
192.52.167.140:443
204.236.180.179:26141
210.249.114.153:80
210.249.114.154:80
3.106.250.133:135
3.107.10.187:54254
3.111.34.33:19556
3.111.34.33:20256
3.128.76.125:10258
3.26.9.179:3260
3.27.150.236:31199
3.35.229.88:28015
3.39.223.58:831
3.69.19.106:1244
3.69.19.106:18244
3.70.183.47:2
3.88.194.54:4443
3.88.195.76:788
3.99.192.92:50260
34.215.168.199:6513
34.245.83.74:1962
34.245.83.74:41812
35.159.235.132:694
35.180.125.212:26009
35.183.121.254:18245
35.183.128.122:2000
35.183.128.122:58000
35.183.128.122:5900
35.76.114.8:56549
35.78.190.249:6443
35.87.123.60:50949
43.201.0.57:3000
43.203.202.155:17778
43.204.216.189:18082
43.206.116.52:44818
43.207.219.203:58603
47.129.118.237:37558
52.38.129.113:27637
52.67.181.124:2
54.161.69.90:35199
54.199.8.237:1311
54.202.8.211:17777
54.202.8.211:55177
54.203.151.9:7134
54.206.84.49:2455
54.206.84.49:51005
54.207.116.209:10258
54.207.116.209:8008
54.238.225.137:8000
65.0.71.79:8088
79.241.96.94:82
79.241.99.57:82
84.154.181.109:81
84.154.190.18:82
99.79.51.92:45954

# Reference: https://x.com/James_inthe_box/status/1882191777689752015

http://95.179.158.213
95.179.158.213:443

# Reference: https://x.com/skocherhan/status/1882598887199789305

http://5.10.250.240
http://5.181.159.111
http://88.218.62.153
5.10.250.240:443
5.181.159.111:443
5.181.159.13:443
67.36.85.34:443
88.218.62.153:443
95.179.150.54:443
95.179.189.207:443

# Reference: https://x.com/miltinh0c/status/1881780237043966111
# Reference: https://www.virustotal.com/gui/file/3d0d2e0348fd6330be4a3300f415064b39dff2c60ed94d948d85738fe027d0e3/detection
# Reference: https://www.virustotal.com/gui/file/6e645cccd9b23a01622a7bed9aaa5c3c78a5840066d246af8ee15fe20c846e78/detection

185.149.146.153:9999
gemini-desktop.com
lordxg.net

# Reference: https://x.com/skocherhan/status/1883335978510925908
# Reference: https://www.virustotal.com/gui/file/fa270fba735e978736082287a7b3bf504d4424886a2c820aff0a90c7a905103a/detection
# Reference: https://www.virustotal.com/gui/file/ea210e18ae549d36e5f8386affe84061cc5f4f9518479feee4868c3533559866/detection
# Reference: https://www.virustotal.com/gui/file/c274d849d3bf25f38f966e07fb1dca7e421040902c38eb594e196a2b69320789/detection
# Reference: https://www.virustotal.com/gui/file/490ca0c3f440c86afecfebcfdbdc368d5667bf8adaf99e46227d90b9085d07cc/detection

http://45.92.179.245
http://46.8.233.62
45.92.179.245:1644
5.10.250.240:1644
semorahisnd32.com
semorahisnd34.com

# Reference: https://x.com/JAMESWT_MHT/status/1884169796784382238
# Reference: https://www.virustotal.com/gui/file/cf604ce7940c1250b5910b03a73bedd7eca263245848e7cbbcea86b956362362/detection
# Reference: https://www.virustotal.com/gui/file/dc6a52ad6d637eb407cc060e98dfeedcca1167e7f62688fb1c18580dd1d05747/detection
# Reference: https://www.virustotal.com/gui/file/18f8f49577a8a0aca2c719acac0e5fc2d3265da0aa34e165811f4e9e03bcf945/detection

http://101.99.91.153
http://111.90.148.177
111.90.148.177:443

# Reference: https://www.virustotal.com/gui/file/3ad08b08d5e23538fd188a442471944f09f6599a795dafa98619e0a96f9d4cdd/detection

http://101.99.75.232
http://5.181.158.24
5.181.158.24:443

# Reference: https://x.com/JAMESWT_MHT/status/1887135842478489685
# Reference: https://www.virustotal.com/gui/file/78e1e350aa5525669f85e6972150b679d489a3787b6522f278ab40ea978dd65d/detection

http://91.222.173.67
91.222.173.67:443
monagpt.com
mtsalesfunnel.com

# Reference: https://www.team-cymru.com/post/tracing-the-path-from-smartapesg-to-netsupport-rat

194.31.109.74:2552
194.31.109.74:443
194.31.189.74:2552
194.31.189.74:443
45.140.146.49:447
45.67.35.101:443
45.8.145.132:447
5.181.157.69:1500
5.181.157.69:3389
5.181.157.69:443
5.181.157.69:5985
5.181.158.15:1500
5.181.158.15:3389
5.181.158.15:443
5.181.158.15:5985
5.181.159.113:443
77.91.101.205:447
77.91.101.44:447
91.228.10.140:443
95.164.37.152:443
23mtkro.cn
allenew1.com
asdgelvasd.icu
asdsrjhegrhj.xyz
comparegjs.com
dgdsrzzw45tg.cn
dsfygfnb3.icu
dvtrstrhdbcvbxr.xyz
e3ubj753ifg.xyz
fdoshbjdo.icu
fufvnasie.icu
gfu6nfmgnm86gm.xyz
isaydiuaysoidalkspw.com
jkhmzxvidfyidu.xyz
mgsubneu4hgba.xyz
mixuvvvjsurub.cn
msguguudfh4.xyz
nfdsnvuusds7d64jg.cn
recsfgsfxvdgr.xyz
ruhvsvya.icu
safvyhgdrsdfhd.xyz
sasygzsu4zusaty.cn
scheduleyaraupd2.cn
sdgn446yhd.cn
sevndgkhkidgr.xyz
sidfbuz8egozs.cn
ssdghgrehndx.cn
tripdsbeacgsa43wes.xyz
u4snvsrtvlrui.xyz
u55fbwiubyuere.xyz
usjnvovoo4.net
zjdhduv.com
zytjbgev.icu

# Reference: https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution

fbinter.com
incomputersolutions.com
mellittler.com

# Reference: https://x.com/JAMESWT_MHT/status/1892413493636157777

http://194.180.191.229
194.180.191.229:443
poormet.com

# Reference: https://x.com/skocherhan/status/1899655047698370920

http://185.149.146.151
http://193.233.113.70
193.233.113.70:1488
gmglobal-links.info
ilovedogandcatsandallanimals.top

# Reference: https://x.com/JAMESWT_MHT/status/1902987618469495001
# Reference: https://www.virustotal.com/gui/file/76f0b30a1d93469ab744ac81a2f9f96f180e5df964189d3f9b71aef2673dff46/detection

http://45.76.36.132
45.76.36.132:5555
hoormantop.com

# Reference: https://x.com/malwrhunterteam/status/1903007034670207385
# Reference: https://www.virustotal.com/gui/file/5afc9b30c522545344b315c66f210f789bd0b54ad01617a6291feef466e89a7c/detection

http://162.19.130.138
162.19.130.138:9164

# Reference: https://x.com/JAMESWT_MHT/status/1902698334285906171
# Reference: https://app.any.run/tasks/a649a405-bb3a-47c6-89fe-21f1d42053a2
# Reference: https://www.virustotal.com/gui/file/4f0799fcfa27ca1c4aea0d1bd15e7c240176715746cea9d3f7ba856f05dbf6d8/detection

meet-join.us
google.meet-join.us

# Reference: https://www.virustotal.com/gui/file/56b8dd3d3f315fdc2535ab39cce142a56244fc67b2e9559f2422865f5daa6009/detection
# Reference: https://www.virustotal.com/gui/file/9453b16376d96ca318624bde0e9bda5a75cacecdc58380e67d714c64bfcb14a6/detection
# Reference: https://www.virustotal.com/gui/file/f236c96da2f63c74c3ed16a5d9691856f0b9b51eee8990baa146bb15c021598a/detection

http://82.115.223.231
82.115.223.231:9999
z1n1tsu.duckdns.org

# Reference: https://x.com/malware_traffic/status/1904987561686188255
# Reference: https://x.com/JAMESWT_MHT/status/1905269383984746790
# Reference: https://www.virustotal.com/gui/file/3d725d512aec4e8708884334c7f180b7d071da8560ba49c2836fc6acb726afa6/detection
# Reference: https://www.virustotal.com/gui/file/4c048169e303dc3438e53e5abdec31b45b5184f05dc6d1bc39e18caa0e4a3f3e/detection
# Reference: https://www.virustotal.com/gui/file/43f97072c151dab7cbfb366c1832d475e959577cf71d583d2733d74d8bf6c90d/detection

http://194.180.191.168
194.180.191.168:443
alcmz.top
directoryframework.top
layardrama21.top

# Reference: https://x.com/malwrhunterteam/status/1908088318010507521
# Reference: https://www.virustotal.com/gui/file/ee19619f5334370fdcf2d6655d13ef6fedddbb6e358588974bdfea4f33abd7e4/detection

http://194.180.191.51
194.180.191.51:443
covaticonstructioncorp.shop

# Reference: https://x.com/malwrhunterteam/status/1909704612489093507
# Reference: https://www.virustotal.com/gui/file/76df8e9e0398bc3cac82bf59a15f73957c4c09d8256e6e8450ab0049ed52c961/detection

http://216.245.184.37
216.245.184.37:443

# Reference: https://x.com/DaveLikesMalwre/status/1911786619201335599
# Reference: https://x.com/JAMESWT_WT/status/1911831278866792671
# Reference: https://app.validin.com/detail?type=dom&find=tribunrtp.com#tab=host_pairs (# 2025-04-14)
# Reference: https://www.virustotal.com/gui/file/5342fa80b4f8f983322e8932819ef6037f837b93719a77f06f48d4a6eb7b17f8/detection
# Reference: https://www.virustotal.com/gui/file/b9419fedcfe948ceb92114a47a1acabe3096827cc88e871081da757f430acd32/detection

http://176.10.125.37
176.10.125.37:443
esmarket.net
garudartp.xyz
infopilot-rtp.xyz
mail.rtpgamepilot.xyz
mail.trikmainpilot.xyz
pastipilot77.xyz
pilot77-rtp.com
polapatenpilot.xyz
remote.xrtv.net
rj.tradingvie.sbs
rtpgamepilot.xyz
rtpserbaguna.xyz
tradiingview-zh.com
tradingvie.cfd
tradingvie.sbs
tradingview-token-calims.pages.dev
tradingview-zh-cn.com
tradingviewdownloads.mcmeda.com
tradingviewzh-cn.com
tradlngview-desktop.biz
tradlngvlewdesktop.icu
trding-view-zh.us
tribunrtp.com
trikmainpilot.xyz
xrtv.net

# Reference: https://x.com/JAMESWT_WT/status/1911848010692108367
# Reference: https://www.virustotal.com/gui/file/5b29530a97c26171c60844fac181ffeea81e457e8de12dbc6234498324598fa4/detection
# Reference: https://www.virustotal.com/gui/file/e31dd4211373485ded55acd393d24f1e5ac0fd6118e52d6608c303665bee7164/detection

http://176.10.111.106
http://65.109.65.153
176.10.111.106:443
65.109.65.153:443
edbeat.net
fans-web.net
glona.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2025-04-27)

http://147.45.44.255
http://192.52.167.140
http://94.158.244.118
100.27.205.78:21301
100.27.33.179:18946
101.108.107.97:7443
101.108.135.165:7443
101.108.149.199:7443
101.108.71.54:7443
101.109.237.106:7443
101.99.94.199:3156
102.100.54.130:443
102.100.55.52:443
102.100.55.72:443
102.100.73.159:443
102.100.73.234:443
102.96.148.166:443
102.96.170.59:443
102.96.189.137:443
102.96.215.23:443
111.229.194.121:9088
112.132.215.186:9088
118.122.8.154:10042
118.122.8.154:35100
118.122.8.154:8139
118.122.8.155:12571
118.122.8.221:1833
118.174.155.155:7443
119.206.8.161:6001
121.141.37.193:6000
121.141.37.193:6001
121.89.205.206:60129
125.24.175.85:7443
125.24.5.72:7443
125.25.107.91:7443
125.25.109.91:7443
13.125.181.205:4841
13.125.230.160:9300
13.125.238.218:587
13.125.52.28:4730
13.125.59.142:46342
13.125.69.10:3306
13.125.69.10:4506
13.125.80.32:4730
13.126.245.58:101
13.126.245.58:2701
13.126.245.58:9301
13.201.194.125:50000
13.203.159.2:47130
13.203.159.2:4730
13.203.210.189:2082
13.203.232.69:2052
13.208.113.115:103
13.208.125.136:44158
13.208.127.239:14265
13.208.134.191:593
13.208.161.251:2181
13.208.164.192:8010
13.208.165.189:4746
13.208.166.13:101
13.208.169.228:10260
13.208.172.53:2570
13.208.172.53:70
13.208.181.173:46174
13.208.241.42:18082
13.208.243.209:41849
13.208.245.242:46201
13.208.252.170:1961
13.208.71.18:49331
13.210.188.96:22556
13.211.233.30:2154
13.212.169.131:29745
13.214.134.78:8159
13.214.141.247:5432
13.214.145.72:9090
13.214.172.236:12000
13.214.182.18:5984
13.214.187.174:6002
13.214.188.109:44158
13.214.201.99:1098
13.231.249.197:22305
13.232.126.176:636
13.232.216.139:13919
13.232.216.28:37420
13.232.63.191:4321
13.233.80.253:3796
13.244.157.101:60000
13.244.66.40:81
13.244.67.163:4242
13.244.87.214:6006
13.244.98.6:11112
13.244.98.71:513
13.245.117.46:19999
13.245.230.214:9201
13.245.230.73:6462
13.246.194.171:6443
13.246.3.184:2403
13.246.38.200:32773
13.246.39.244:6005
13.246.40.30:1961
13.247.183.109:2086
13.247.185.225:465
13.247.185.57:11
13.247.224.115:28103
13.247.238.154:9936
13.247.88.111:1599
13.247.98.57:53073
13.247.98.57:623
13.251.129.97:443
13.251.129.9:2079
13.251.44.61:6667
13.37.229.171:14147
13.37.236.177:52959
13.37.237.41:3260
13.37.238.216:5985
13.37.251.2:12000
13.38.106.188:10261
13.38.11.108:88
13.38.11.108:8888
13.38.112.168:82
13.38.122.42:51235
13.38.39.242:7001
13.38.4.197:18245
13.38.67.75:6667
13.40.103.201:2456
13.40.105.17:8089
13.40.111.214:8008
13.40.156.106:113
13.40.161.1:8081
13.40.37.82:21
13.48.106.14:831
13.48.190.228:5938
13.48.190.228:888
13.48.26.102:4369
13.51.167.241:9142
13.51.6.197:42217
13.51.6.197:6667
13.53.125.0:42690
13.53.216.242:2376
13.53.216.242:9876
13.54.174.201:4336
13.56.159.44:5858
13.56.182.60:8037
13.56.252.22:5060
13.56.254.234:8013
13.57.217.123:32107
13.58.63.224:902
13.60.200.38:50805
13.60.212.91:56358
13.60.238.152:17778
13.60.93.51:9876
13.61.151.92:37
13.61.16.132:44818
130.164.148.61:443
130.164.163.76:443
130.164.164.111:443
130.164.172.59:443
130.164.188.187:443
136.144.163.253:9312
137.117.193.178:6000
138.201.174.58:12444
139.64.51.82:443
139.64.59.135:443
14.38.220.251:6001
140.143.185.160:8771
142.161.78.123:2379
147.142.181.240:6000
147.45.44.200:443
15.152.30.143:1224
15.152.34.157:221
15.152.42.175:15443
15.152.42.175:49943
15.152.42.175:6443
15.156.204.223:1521
15.156.207.217:20546
15.157.60.72:44818
15.157.62.240:33332
15.164.245.43:6008
15.168.15.67:35203
15.168.15.67:35753
15.168.164.74:11102
15.168.164.74:2
15.168.239.40:4444
15.188.185.232:7001
15.188.232.5:51200
15.188.76.86:101
15.206.128.233:9317
15.206.170.157:2454
15.206.89.42:40374
15.207.247.17:58603
15.222.13.226:9201
15.222.7.86:14125
15.223.175.114:1414
15.228.201.119:54284
15.228.201.119:5984
15.228.222.15:21785
15.228.237.18:88
15.236.202.202:1024
15.236.210.224:9201
15.236.90.232:771
15.237.109.110:19
15.237.149.167:21997
15.237.41.135:5902
15.237.45.6:17778
15.237.57.60:8080
15.237.57.60:830
154.42.164.142:6000
154.42.164.142:6001
16.16.201.2:28337
16.170.162.146:83
16.171.47.201:11103
167.86.160.250:443
167.86.161.92:443
167.86.172.29:443
167.86.174.240:443
167.86.190.189:443
174.77.180.50:8540
174.77.180.50:8574
174.77.180.50:8590
174.77.180.50:8591
176.82.138.228:6000
176.82.171.71:6001
176.82.192.80:6000
176.82.209.133:6000
176.82.214.16:6000
176.82.217.48:6001
179.95.123.112:9990
179.95.123.126:9990
179.95.170.82:9990
179.95.173.137:9990
179.95.195.165:9990
179.95.197.65:9990
179.95.205.120:9990
18.116.20.64:4839
18.116.31.108:3260
18.117.140.15:2455
18.117.81.88:2628
18.118.185.207:14000
18.118.185.207:7000
18.118.47.63:4840
18.119.101.156:11000
18.130.223.107:7171
18.132.193.183:20547
18.133.140.136:15
18.133.141.67:12603
18.133.141.67:52603
18.133.141.67:58603
18.133.185.32:35000
18.134.10.192:2082
18.138.230.180:41964
18.144.12.35:10252
18.144.20.237:54443
18.144.58.41:2404
18.153.12.108:15443
18.156.77.132:2000
18.156.77.132:51200
18.157.182.192:21280
18.157.182.192:50580
18.157.182.192:8080
18.157.182.192:8880
18.170.115.178:20548
18.171.214.155:501
18.171.227.60:40000
18.171.227.60:9200
18.175.244.54:888
18.175.244.54:8888
18.175.51.61:4841
18.175.51.61:591
18.175.56.117:17450
18.175.56.117:250
18.175.56.117:60000
18.179.43.144:8085
18.182.2.140:5873
18.183.153.54:20546
18.185.239.0:2086
18.185.239.0:27236
18.185.33.50:4841
18.192.183.122:102
18.193.6.217:4433
18.195.207.4:8000
18.196.250.35:52200
18.196.250.35:60000
18.196.250.35:8000
18.197.226.57:8081
18.199.99.219:42969
18.201.201.45:5986
18.201.220.7:57563
18.212.27.17:593
18.212.34.158:8008
18.212.89.240:15
18.215.167.6:104
18.215.167.6:2454
18.216.239.233:2567
18.217.134.80:26667
18.217.59.108:19790
18.218.35.184:7001
18.219.218.39:19
18.220.190.184:6362
18.222.12.121:103
18.222.12.121:2003
18.222.12.121:34203
18.222.225.114:35000
18.222.225.114:50000
18.222.225.114:8649
18.224.153.152:9999
18.224.6.225:2152
18.228.154.220:16073
18.228.197.55:666
18.228.26.120:10813
18.228.40.121:4242
18.228.43.251:1912
18.228.43.251:1962
18.228.6.17:3299
18.229.134.62:11112
18.230.148.208:2003
18.230.25.70:11341
18.230.25.70:4841
18.231.183.14:4839
18.231.255.164:32114
18.231.9.22:43
18.237.2.54:21025
18.237.71.237:2053
18.237.71.237:2403
181.167.82.139:5603
181.64.27.115:8406
184.169.215.70:4949
184.73.77.124:14000
184.73.77.124:7000
185.208.158.237:443
185.231.69.80:2080
190.10.11.37:6000
190.10.11.37:6001
190.10.11.44:6000
190.10.11.44:6001
190.10.11.55:6000
190.10.11.55:6001
193.218.118.187:53422
194.180.191.149:443
194.180.191.171:443
194.180.191.17:443
194.180.191.189:443
194.180.191.67:443
196.120.15.148:443
196.120.15.225:443
197.44.133.250:6000
197.44.133.250:6001
2.140.190.104:6001
2.143.95.145:6001
200.107.126.227:3085
203.144.184.186:8594
203.144.184.187:8594
211.104.21.158:6000
211.192.69.59:6000
211.196.53.251:6000
211.197.164.131:6000
211.197.164.253:6001
212.115.109.161:6000
212.115.109.161:6001
213.0.57.229:6000
220.76.133.13:6001
220.76.180.78:6000
220.93.101.10:6000
222.89.70.13:9088
23.24.178.33:5454
24.112.49.153:5051
24.112.49.153:5150
27.254.69.17:8700
3.0.49.58:2455
3.10.174.114:20000
3.10.174.114:7000
3.10.174.114:8000
3.10.176.75:13858
3.101.57.14:18246
3.101.78.160:8996
3.101.89.252:6002
3.106.243.140:4839
3.106.248.182:16992
3.107.14.27:17
3.107.166.83:55174
3.107.3.146:1201
3.108.53.155:5938
3.109.153.34:83
3.109.213.193:8554
3.123.4.89:1025
3.123.4.89:21025
3.127.145.44:1201
3.128.25.18:8081
3.131.98.69:1911
3.131.98.69:20611
3.131.99.8:35798
3.138.201.5:13
3.141.15.5:2053
3.142.51.239:20573
3.144.157.115:243
3.144.188.154:2067
3.145.145.226:25852
3.145.146.232:2079
3.15.13.254:2403
3.22.221.240:49502
3.22.221.240:502
3.238.57.178:2281
3.248.199.29:2762
3.249.103.77:873
3.249.47.173:1244
3.249.94.10:10647
3.25.140.14:264
3.25.188.83:30228
3.25.233.150:2052
3.252.60.52:4840
3.255.251.193:102
3.255.251.193:10252
3.255.251.193:2752
3.255.251.193:6002
3.26.144.235:31242
3.26.144.235:9142
3.26.222.89:4321
3.26.24.29:14082
3.26.96.127:4444
3.27.109.240:20001
3.27.109.240:49501
3.27.109.240:50001
3.27.109.240:501
3.27.11.157:10686
3.27.239.131:1599
3.27.6.230:25760
3.35.47.178:44728
3.36.116.178:5009
3.68.102.213:1201
3.68.97.150:8000
3.68.97.150:9600
3.69.197.94:44818
3.69.54.234:5985
3.70.11.235:7723
3.71.15.207:4242
3.71.30.199:3306
3.76.199.53:2405
3.77.145.228:9600
3.77.42.26:195
3.79.45.173:38690
3.8.15.5:18031
3.8.23.180:5905
3.8.96.179:5986
3.80.129.156:4433
3.80.129.156:833
3.81.69.245:5672
3.83.242.231:21290
3.85.103.12:7000
3.86.107.117:24247
3.91.49.221:15
3.93.24.229:17
3.93.24.229:6667
3.94.10.63:18244
3.94.10.63:39994
3.94.10.63:4444
3.96.151.21:788
3.96.165.66:11112
3.96.165.93:2455
3.96.191.215:2761
3.96.214.65:30003
3.96.218.163:20546
3.99.139.81:16992
34.200.228.33:27552
34.201.34.158:9142
34.205.48.230:11453
34.207.181.116:17369
34.213.162.168:2403
34.214.104.113:50673
34.216.6.87:9306
34.217.16.27:16992
34.217.214.70:102
34.217.214.70:14352
34.217.214.70:23652
34.217.214.70:46702
34.217.65.213:5902
34.219.107.81:6633
34.219.188.83:33604
34.219.232.134:993
34.221.141.190:5991
34.222.21.132:54240
34.222.23.99:902
34.223.2.188:21
34.226.138.182:29667
34.239.124.16:4839
34.239.124.16:49089
34.240.169.56:19573
34.243.214.249:1961
34.244.21.227:1604
34.245.206.244:1912
34.245.41.38:7634
34.248.255.15:6653
34.249.158.108:12101
34.252.142.16:58657
34.254.233.198:8883
35.153.198.6:1433
35.154.251.234:4839
35.155.232.238:5938
35.158.106.145:26333
35.174.115.57:2087
35.178.244.216:873
35.179.100.140:10261
35.179.164.167:30709
35.180.13.14:5984
35.180.133.55:4839
35.180.159.147:18244
35.180.159.147:22844
35.180.211.187:5984
35.180.228.21:591
35.180.232.55:101
35.180.232.55:7001
35.180.71.126:7000
35.180.71.126:9300
35.181.58.125:28491
35.181.61.21:20095
35.182.151.200:10001
35.182.151.200:501
35.182.151.200:8001
35.182.188.168:10013
35.182.50.99:4321
35.183.112.54:12271
35.183.136.246:179
35.183.20.90:2082
35.183.43.83:43766
35.183.62.69:2628
35.183.69.182:2181
35.183.81.251:37913
35.183.99.53:8174
35.78.171.69:1963
35.78.180.139:5432
35.78.186.43:6957
35.78.206.139:8080
35.78.77.46:17
35.86.80.194:8081
35.86.98.1:27017
35.88.121.146:40902
35.89.166.10:3128
35.89.241.123:9084
35.91.169.160:43
35.91.169.160:8443
35.93.138.89:102
35.93.156.51:902
35.93.209.149:4840
35.93.230.174:33389
37.12.3.194:6001
37.12.35.141:6001
37.12.43.108:6001
37.12.58.104:6001
37.13.39.51:6001
37.97.101.75:5001
43.200.254.212:13384
43.201.248.30:16942
43.204.109.231:18246
43.204.218.74:16166
43.206.123.192:82
43.206.154.248:2079
43.207.217.215:993
44.201.149.221:9200
44.203.193.124:179
44.203.45.132:20256
44.204.188.88:4150
44.204.211.51:26223
44.243.105.226:4063
44.243.82.28:15999
44.244.111.179:16189
44.244.120.160:873
44.246.125.235:54848
44.246.194.239:18245
45.61.141.226:443
46.137.55.13:4444
47.128.236.221:39618
47.129.114.201:9333
47.129.124.98:1629
47.129.128.232:175
47.129.131.178:135
47.129.131.178:13835
47.129.164.22:8089
47.129.169.193:2000
47.129.169.193:51200
47.129.169.193:9200
47.129.179.230:175
47.129.179.230:21025
47.129.179.230:5938
47.129.179.230:8575
47.129.212.21:33146
47.129.226.81:2096
47.129.248.32:44158
47.129.254.41:4321
49.4.9.38:2000
5.181.157.160:443
5.181.159.60:443
5.181.159.62:443
5.205.127.254:6001
5.205.191.98:6001
5.205.216.100:6001
5.227.65.129:7777
50.233.74.170:6000
50.233.74.170:6001
51.159.55.59:53722
51.17.159.232:52662
51.17.79.84:443
51.198.130.30:6001
51.20.250.8:55554
51.20.60.170:9042
51.20.69.43:2052
51.20.94.18:9600
51.21.2.102:465
51.44.8.103:15000
51.52.92.243:7007
51.84.110.214:47223
51.84.68.245:179
52.10.229.69:11112
52.11.223.41:27974
52.142.146.146:6000
52.15.133.37:4104
52.193.58.5:1521
52.195.178.254:18246
52.199.248.182:11
52.201.232.45:554
52.209.223.124:40000
52.23.156.175:14900
52.23.156.175:35100
52.23.156.175:50100
52.23.156.175:55200
52.33.90.47:52244
52.37.189.73:5172
52.47.171.145:16993
52.47.171.145:443
52.50.39.44:8008
52.50.88.125:19000
52.50.88.125:5900
52.53.183.22:6667
52.53.199.238:389
52.53.221.221:6362
52.53.228.88:2078
52.53.243.107:8090
52.56.213.66:9796
52.65.232.189:103
52.65.232.189:503
52.66.11.210:27995
52.67.16.135:2082
52.67.16.135:42032
52.67.231.24:11211
52.67.231.24:20111
52.67.231.24:34411
52.67.69.128:6443
52.78.63.138:26319
52.78.73.214:1723
52.89.199.16:2004
52.91.218.1:101
54.151.13.167:19080
54.151.39.99:2628
54.152.83.70:4150
54.153.145.247:21100
54.165.112.96:85
54.165.221.106:10859
54.166.193.172:9161
54.167.126.234:17
54.167.31.58:13210
54.167.31.58:5060
54.168.200.156:37215
54.170.28.226:12209
54.176.233.249:17
54.176.77.195:50000
54.177.88.161:9333
54.177.89.187:12162
54.178.49.171:8728
54.180.138.77:7634
54.180.235.236:2000
54.180.250.167:10001
54.180.250.167:27651
54.183.190.151:5671
54.183.76.134:8636
54.184.25.65:52200
54.184.25.65:5900
54.184.8.206:593
54.184.8.206:993
54.185.163.25:1963
54.186.96.95:8159
54.188.72.230:995
54.189.181.127:16098
54.189.72.119:37213
54.191.132.60:2181
54.191.132.60:81
54.191.185.125:5240
54.191.194.56:4444
54.193.120.169:15927
54.193.120.169:59877
54.193.163.62:503
54.193.51.242:7634
54.196.216.193:21542
54.203.9.92:1961
54.206.46.15:7001
54.206.46.15:9601
54.210.76.140:9067
54.212.119.154:51610
54.212.58.238:32298
54.212.66.96:7547
54.213.218.45:6004
54.213.235.215:10256
54.215.212.2:57465
54.215.56.171:2701
54.218.252.88:9999
54.219.14.165:2628
54.219.24.138:18080
54.224.46.54:195
54.225.8.237:13205
54.227.76.173:8081
54.227.77.76:40760
54.232.43.57:10002
54.232.61.174:29618
54.232.61.174:44818
54.233.69.25:16992
54.233.69.35:25565
54.248.204.127:7634
54.67.80.225:15664
54.70.120.69:38035
54.74.249.239:60000
54.75.174.55:10260
54.75.204.104:3260
54.75.204.104:36310
54.82.229.132:1098
54.87.180.125:8137
54.95.202.23:5986
56.124.106.90:3306
56.124.106.90:4506
56.124.106.90:9306
56.124.52.240:44818
56.155.3.36:7006
56.155.36.56:43832
56.228.3.202:4282
57.180.245.137:119
59.13.16.228:6001
59.56.110.231:9088
61.76.179.183:6000
61.76.179.79:6001
61.83.135.87:6001
63.176.170.74:48382
63.32.99.39:32764
63.33.57.73:113
64.190.113.159:1488
64.72.205.68:12521
65.0.11.173:28015
65.0.73.139:35549
65.1.110.138:9418
65.1.112.156:47703
65.1.112.156:5903
65.116.183.70:443
65.2.74.7:1098
65.2.82.33:32764
65.39.69.46:5001
72.5.43.162:444
79.140.230.226:4949
79.241.100.145:81
79.241.105.156:82
79.241.109.16:82
80.229.15.254:6000
81.45.67.197:5432
82.116.44.82:65
82.68.2.174:31022
82.71.120.166:44443
83.49.208.95:443
83.49.90.149:443
84.154.180.143:82
84.154.182.153:81
84.154.183.164:82
84.154.190.128:82
84.154.190.183:81
87.92.132.67:6001
88.112.168.157:6000
88.17.113.40:443
88.17.119.80:443
88.31.16.17:6001
88.31.45.5:6001
88.31.54.12:6001
91.202.5.18:443
91.211.250.95:80
91.225.217.174:50001
91.228.113.199:9026
91.228.113.199:9028
91.228.113.199:9031
91.228.113.199:9032
91.228.113.199:9037
91.241.5.44:5446
93.198.178.131:81
93.198.178.208:82
93.198.184.30:82
93.198.191.146:82
93.198.191.182:82
93.198.191.241:82
93.232.102.78:81
93.232.107.71:82
93.232.108.168:81
93.232.97.253:82
93.232.98.162:81
93.232.99.200:81
93.232.99.23:81
94.130.132.103:5555
94.158.245.66:443
94.158.245.81:443
94.232.244.62:444
94.24.109.185:32766
95.111.205.82:19569
95.125.152.200:6000
95.38.89.121:6000
98.82.13.245:11112
allstatetransports.com
amnahuseta20.com
apouttv28.com
clustersf.com
daligrakahrr44.com
devmodebeta.dev
erectilehelp.top
fuckhdmov.top
goaccredited.biz
gotintouch.shop
haidao10.top
heavyraintoday.com
heavyraintoday.net
heavysnowday.com
heavysnowday.net
highway-loads.com
itradepay.com
kokosinka1.com
kokosinka2.com
logitehc.online
lordfox11.net
mobilemstt.tpb.vn
readytostartsomething.com
realty-bundles.com
safetydatasheets-t.phillips66.com
smart-american.com
stocktemplates.net
todocarritos.top
tomfilfb.duckdns.org
traversecityspringbreak.com
ukuhost.net
yogupay.net

# Reference: https://x.com/malwrhunterteam/status/1918783701032255623
# Reference: https://www.virustotal.com/gui/file/edd1d2773f6e4dc652603238f46fa8a1e1251938c59d0d12fee123f2cc5e1537/detection

http://111.90.143.217
http://185.149.146.73
111.90.143.217:1488

# Reference: https://x.com/JAMESWT_WT/status/1920817831454642362
# Reference: https://app.any.run/tasks/99230bee-1554-4da4-b75e-9f863fb58221

http://77.83.207.89
http://80.64.18.178
77.83.207.89:443
80.64.18.178:443
blessyoumother.world
godblessyou.world

# Reference: https://x.com/skocherhan/status/1922135739334078652
# Reference: https://www.virustotal.com/gui/file/f3edb3a34c965954d03c32151380f6321d621f95a16b0b1bc9c73e3289ba9a77/detection

http://185.237.165.232
185.237.165.232:443
freshersnet.com

# Reference: https://x.com/JAMESWT_WT/status/1922239124104163425
# Reference: https://www.virustotal.com/gui/file/5b591827cf487b3f049bbf7b6f73e995eb12c5ed34b62f020dd597a21d155c07/detection
# Reference: https://www.virustotal.com/gui/file/09511c842d4be2a7396d6c1ace9f005737b1f1951026bb6531ea51fe029ce565/detection
# Reference: https://www.virustotal.com/gui/file/2bab4ad93fff8e90d2240f3b2bf1d57be383988d82fe95db9a6bfd8d68c723e5/detection
# Reference: https://www.virustotal.com/gui/file/49cd802835891b273d2a0ba1e35c8a082ae1c78bf54c074440a1794e745419cb/detection
# Reference: https://www.virustotal.com/gui/file/27b54935c0096101f3c47ca90a59527212fc26d7d6cf45f48fbe43b1dd3911aa/detection
# Reference: https://www.virustotal.com/gui/file/4a31219fccf3a43a6e9d95f354d9c77c200ba973e4fd3e61fc66bb77000a253c/detection
# Reference: https://www.virustotal.com/gui/file/18bb6537671a88628eafaf8e638e38a63a20a5b114ccf5460a7be4df7ea5df05/detection

http://162.252.173.251
http://176.10.119.250
http://94.158.245.115
http://94.158.245.56
162.252.173.251:443
176.10.119.250:443
94.158.245.115:443
94.158.245.56:443
bylistening.com
clientforbigbug.cloud
ejays.com
hwaccess.net
relambia.net
wheremylifestreet.cloud

# Reference: https://x.com/JAMESWT_WT/status/1922540668599037980
# Reference: https://www.virustotal.com/gui/file/c29b8221b7f08ba923d3ad7bfdec0f456bec48f4e015e726c920aa9b5f1bcc91/detection

101.99.91.21:1488

# Reference: https://x.com/malwrhunterteam/status/1922645334188073466
# Reference: https://www.virustotal.com/gui/file/7918ebbbbfe168a09991b9608b1b288da83e336c956dab97912e14057eac0076/detection

hgame33.com
sti-salyk.com

# Reference: https://github.com/prodaft/malware-ioc/blob/master/SavageLadybug/NetSupportRAT.md

http://166.88.159.98
http://166.88.228.24
http://176.32.39.71
http://188.124.59.18
http://188.132.183.172
http://193.23.118.165
http://195.133.67.165
http://2.58.95.73
http://216.74.123.141
http://46.29.160.235
http://5.252.176.143
http://89.187.25.108
http://91.184.250.215
166.88.159.98:443
166.88.228.24:443
176.32.39.71:443
188.124.59.18:443
188.132.183.172:443
193.23.118.165:443
195.133.67.165:443
2.58.95.73:443
216.74.123.141:443
46.29.160.235:443
5.252.176.143:443
89.187.25.108:443
91.184.250.215:443
kelvialp.com

# Reference: https://www.virustotal.com/gui/file/c2a2641ed571c1e025561ef1f6d3ffa2a9362c68bebb2a0884f638a8a06d37b9/detection

http://94.158.245.132
94.158.245.132:443

# Reference: https://x.com/JAMESWT_WT/status/1928074932426088537
# Reference: https://www.virustotal.com/gui/file/6d0857a9c77f9c5f2a5e6921e1cb9f7e1a5d6b947ad63b364d291157d3f840fb/detection
# Reference: https://www.virustotal.com/gui/file/21f5a8d450faa152a84f61f77975f2ee3ff83e777f2a60cf1f99ad5641c1260f/detection
# Reference: https://www.virustotal.com/gui/file/33ab76140a0453a36d7feeeef2eb6e6147bb2b2096d4a08df7a81a2bfb882f82/detection
# Reference: https://www.virustotal.com/gui/file/18c313e678ce64866aa8b765b4ab857d09a46aa06473d6097d9d36760107462b/detection
# Reference: https://www.virustotal.com/gui/file/d6f64b624f36cc924b3a7829cdb59ebee3057dc2293ed571738f6635f6713743/detection

http://185.231.154.75
http://5.252.178.123
http://94.158.245.131
http://91.184.245.3
185.231.154.75:443
5.252.178.123:443
94.158.245.131:443
94.158.245.137:443
91.184.245.3:443
30salads.com
fixitjo.com

# Reference: https://x.com/skocherhan/status/1928462801648951407
# Reference: https://x.com/skocherhan/status/1928462801648951407
# Reference: https://www.virustotal.com/gui/file/6ed0e5411c6836ee5caa3e4b6c25c381a648a434bd9948cd135b7c6b5762d76b/detection

http://83.222.190.174
83.222.190.174:443
beerbadlove.com
thanksbadbeer.com
sunriseopen.com

# Reference: https://x.com/skocherhan/status/1928443768190931349
# Reference: https://x.com/JAMESWT_WT/status/1928467860025750009

cloudverifsecure.com
troubleinternetverif.com

# Reference: https://dti.domaintools.com/how-threat-actors-exploit-human-trust/
# Reference: https://github.com/DomainTools/SecuritySnacks/blob/main/2025/Prove-You-Are-Human.csv

0xpaste.com
aitradingview.app
aitradingview.dev
batalia-dansului.xyz
battalia-dansului.com
betamodetradingview.dev
betatradingview.app
betatradingview.dev
charts-beta.dev
codepaste.io
dans-lupta.xyz
dev-beta.com
dev-update.dev
devbetabeta.dev
devchart.ai
developer-ai.dev
developer-beta.dev
developer-mode.dev
developer-package.dev
developer-update.dev
developerbeta.dev
devmode-beta.dev
devtradingview.ai
devtradingview.net
docusign.sa.com
docusign.za.com
docusimg.sa.com
docusingl.sa.com
docusingle.sa.com
gitcodes.app
gitcodes.io
gitcodes.net
gitcodes.org
gitpaste.com
givcodes.com
hubofnotion.com
jeffsorsonblog.dev
loyalcompany.net
mhousecreative.com
modedev.ai
modedeveloper.ai
modedeveloper.com
modedevs.ai
oktacheck.it.com
pasteco.com
pastefy.com
pastefy.net
pastefy.pro
tradingview-ai.dev
tradingview-beta.dev
tradingviewai.dev
tradingviewbeta.dev
tradingviewdev.com
tradingviewindicator.dev
tradingviewtool.com
tradingviewtoolz.com
tradingviewtradingview.dev
updatebeta.app

# Reference: https://www.virustotal.com/gui/file/415bcec86da4bc8db32e08e52dea86b970a2fe58915141b8d81a30f181d1b7a5/detection

http://94.158.245.39
94.158.245.39:443

# Reference: https://x.com/JAMESWT_WT/status/1932428890854904151
# Reference: https://www.virustotal.com/gui/file/561324b3960a67a540e005218abcd43a510b0abc07bb196f1ad1f2d2135a0c19/detection

http://185.207.133.123
185.207.133.123:4545
sssi1u9sakjsddsq.com
updatebeta.us

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2025-06-10)

101.108.101.80:7443
101.108.60.120:7443
101.108.73.129:7443
101.109.164.189:7443
101.109.205.1:7443
102.100.54.53:443
102.100.72.239:443
102.96.214.106:443
102.96.214.152:443
102.96.214.223:443
108.136.135.26:789
108.136.227.222:11
108.136.42.0:13
108.137.71.89:12252
108.137.71.89:16052
108.137.71.89:2202
108.137.71.89:4602
108.137.71.89:5252
108.137.71.89:6002
108.137.71.89:902
108.137.71.89:9152
115.231.8.131:9088
118.122.8.155:1650
118.122.8.155:18044
118.122.8.155:3155
118.122.8.155:3780
118.122.8.155:8594
118.122.8.155:8839
118.122.8.157:18044
118.122.8.221:12443
125.25.102.161:7443
125.25.108.76:7443
13.115.247.117:11
13.124.201.190:11
13.125.160.234:50580
13.127.100.43:20548
13.200.255.42:175
13.201.117.158:18245
13.201.117.158:46445
13.203.215.200:18444
13.208.168.67:20546
13.208.181.240:10397
13.208.248.19:5150
13.212.248.223:12428
13.221.115.68:8126
13.231.55.89:50100
13.235.238.93:458
13.244.100.235:19
13.244.100.235:4369
13.244.151.202:51005
13.244.151.202:6005
13.244.95.122:44819
13.245.196.23:1911
13.245.28.228:7523
13.246.3.182:135
13.247.182.227:9999
13.247.230.1:42736
13.247.67.85:32963
13.247.67.85:47163
13.250.58.164:10002
13.38.32.179:503
13.38.77.215:59555
13.39.193.137:4786
13.57.193.25:39072
13.59.93.28:10000
13.60.198.129:70
13.60.2.2:34241
13.61.153.242:17455
136.144.163.253:8825
136.144.164.95:35002
144.172.93.80:443
144.86.22.200:443
15.152.32.140:789
15.152.54.240:20547
15.157.69.142:40257
15.168.241.34:990
15.168.9.236:2002
15.185.121.55:3299
15.185.200.33:5435
15.185.76.243:30487
15.185.76.54:17387
15.206.179.134:28080
15.207.106.110:860
15.223.188.149:6699
15.223.204.174:17777
15.223.204.174:427
15.228.240.240:3268
15.229.6.161:593
15.236.35.158:9160
15.237.216.194:17778
157.175.147.11:2086
157.175.186.219:2086
157.175.54.222:13
16.163.0.76:4063
16.170.231.130:11875
16.24.66.248:2376
16.24.67.226:16423
16.24.77.198:12113
16.26.41.189:8586
16.26.92.152:19871
16.50.156.179:5985
16.50.65.228:32764
16.51.153.12:18246
16.51.81.255:13000
16.78.253.194:2404
16.78.93.131:7634
167.86.171.34:443
167.86.172.163:443
174.77.180.50:8526
176.82.189.27:6001
177.0.136.157:456
179.134.104.251:9990
179.134.110.145:9990
18.100.124.89:43
18.118.121.60:51091
18.133.246.144:1244
18.134.198.152:8280
18.135.105.115:2403
18.143.159.156:18080
18.143.179.51:2403
18.144.12.245:4433
18.162.156.20:2
18.163.40.45:790
18.171.211.137:5432
18.175.138.188:2454
18.182.66.217:6003
18.188.181.166:135
18.188.181.166:38985
18.201.198.70:55000
18.208.161.116:49
18.230.74.250:1521
18.231.125.241:1194
18.231.248.100:14385
18.231.3.95:51005
18.231.3.95:6005
184.169.244.219:8190
184.72.172.252:2456
185.225.17.74:443
185.39.17.38:443
195.200.16.29:443
195.210.178.70:16993
196.120.22.122:443
196.120.76.93:443
2.143.144.138:600
2.143.144.138:6001
200.150.114.52:5605
211.192.42.66:6001
211.192.69.59:6001
220.124.100.162:6001
23.227.198.208:443
3.10.226.62:1962
3.101.119.119:16992
3.110.43.70:59567
3.110.87.108:6005
3.112.172.253:44286
3.112.172.253:5986
3.112.231.184:26868
3.126.152.185:3299
3.135.183.122:718
3.148.227.196:8389
3.16.78.199:4443
3.16.78.199:6443
3.24.180.187:14265
3.24.212.87:7001
3.24.212.87:9201
3.249.21.15:5984
3.25.166.106:4063
3.25.173.186:2082
3.25.173.186:82
3.25.189.37:3562
3.26.17.43:2874
3.26.197.43:44818
3.28.132.250:50446
3.28.207.190:9042
3.28.253.248:10030
3.28.253.248:12180
3.28.253.248:20880
3.28.253.248:28080
3.28.43.77:623
3.29.67.43:10258
3.29.67.43:808
3.80.91.122:12242
3.80.91.122:8142
3.80.91.122:8649
3.81.110.95:2003
3.81.110.95:5903
3.96.125.25:465
34.207.146.89:20201
34.219.48.185:39931
34.220.174.146:20141
34.222.33.147:10002
34.243.22.57:445
34.245.181.229:19
34.254.223.173:427
35.154.17.69:6005
35.157.146.19:34070
35.178.181.119:6362
35.178.25.124:9395
35.179.132.39:789
35.181.173.72:36341
35.182.126.131:833
35.182.236.183:2403
37.13.170.119:6000
37.13.226.128:6000
40.192.27.89:1521
43.198.205.13:55164
43.198.88.206:13
43.198.89.167:1024
43.199.156.171:16027
43.199.206.226:1433
43.202.57.177:20546
43.205.117.56:4369
43.207.110.113:4063
43.217.161.180:44417
43.217.81.52:81
43.218.38.186:14307
45.125.66.20:443
45.155.250.139:3121
45.158.8.227:6001
45.81.23.69:443
46.137.224.70:50389
47.128.228.209:3260
47.128.228.209:8010
47.129.144.57:636
47.129.155.195:2444
47.129.174.207:32764
47.79.87.210:993
5.252.155.14:443
51.112.44.201:28871
51.16.217.68:174
51.16.44.166:11889
51.17.115.82:902
51.17.225.103:5902
51.17.225.103:6002
51.17.42.240:20845
51.17.8.61:52200
51.17.8.61:60000
51.17.8.61:8000
51.20.131.192:44819
51.20.182.179:103
51.20.189.124:38248
51.21.135.162:20546
51.21.135.162:29496
51.21.244.6:8200
51.44.163.128:8144
51.44.180.18:17
51.44.212.155:20955
51.44.221.38:52200
51.44.221.38:60000
51.52.92.243:6102
51.52.92.243:7025
51.94.183.219:11
51.95.114.161:4839
52.15.69.140:9600
52.195.168.77:503
52.196.127.37:427
52.210.234.4:2761
52.23.156.175:16050
52.23.156.175:17000
52.23.156.175:35250
52.23.156.175:7050
52.23.156.175:7700
52.23.156.175:8500
52.56.94.173:35818
52.66.197.93:33060
52.79.126.186:11872
54.149.52.8:12459
54.151.101.117:49
54.159.25.210:2281
54.168.57.156:2096
54.176.146.128:53766
54.179.175.137:902
54.183.238.0:41795
54.187.139.165:113
54.191.4.203:1963
54.193.216.210:1201
54.193.89.16:8502
54.195.16.111:54879
54.197.10.95:44818
54.199.65.227:179
54.202.91.63:2096
54.212.6.27:1913
54.218.2.134:1553
54.218.66.197:2379
54.219.75.80:32092
54.221.20.76:1995
54.232.158.79:18246
54.236.199.83:2154
54.236.199.83:2404
54.244.141.27:19999
54.90.144.239:11112
54.93.76.125:33189
54.93.76.125:4839
56.124.32.96:13123
56.124.95.65:43877
56.155.82.73:2220
57.180.29.79:1433
63.177.248.74:25565
63.177.254.5:4148
65.2.30.8:9146
68.117.246.143:4343
74.177.197.62:6000
74.177.197.62:6001
79.239.114.113:62843
79.241.104.98:81
79.241.96.52:82
84.154.183.108:82
84.154.191.72:82
86.93.140.187:443
88.17.30.37:443
89.203.249.232:12138
93.198.177.105:81
93.198.178.231:81
93.198.180.238:81
93.198.182.192:81
93.198.188.83:81
93.198.190.245:81
93.198.190.251:82
93.232.100.60:82
93.232.110.241:81
94.158.245.104:443
94.158.245.118:443
94.158.245.13:443
94.158.245.140:443
95.253.134.107:4483
98.103.64.132:6514
1sou.top
789pettoys.shop
anunciaconalianzalima.com
apex-consultant.com
azaleacapital.com
badgervolleyball.org
carodine.net
celebratingseniors.net
chinapark.top
classiccolonialhomes.com
cuoreincomune.com
daviddarle.fr
downloadfreak.top
eurobrandsindia.com
fmovies123.top
insideedgepr.com
intellegrationllc.com
islighting.top
jaagnet.com
jakestrack.com
jazzcafeposk.org
judahshop.com
kaestner.top
kingdomholding.top
kubarekauction.com
lang3666.top
lgsdesign.co.uk
loispaigesimenson.com
lordphoenix.net
lx7v9.top
maidforyou1985.com
markrampton.com
medthermography.com
multiperfect.cloud
my-privatebanker.top
nackt-bilder.top
pathwayplan.com
probuildgroupusa.com
rag382.top
sdnews.top
snapcans.top
static.noleggiodisci.com
territoirespaysagistes.com
tiffanyearringforwomen.top
totalsolucao.com
uncustomary.org
upgradegc.com
vacconnect.com
viralmarketingsuite.com
wavob.top
windomstatetheater.com
yxta.top

# Reference: https://www.virustotal.com/gui/file/a3b908a1a3344dcca5e46ebf4eee8c0d5d609b1e6186dd1d9787600c2a387e28/detection

http://5.181.157.34
5.181.157.34:443

# Reference: https://www.virustotal.com/gui/file/bd0f28fa9d6c2549098b6d92e97615417ee3d1e35dab09bf077a44266de65cf1/detection
# Reference: https://www.virustotal.com/gui/file/a6c53f127f2ad85d5b3b03031e28406cfbc9d1d1ba2de62c428a3819d550596e/detection
# Reference: https://www.virustotal.com/gui/file/3cad069ea95833b152292e61a1614ca9a7714c90dd069b71a3f1802a5260d366/detection

http://5.181.157.35
5.181.157.35:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-06-14)

13.233.140.193:51117
13.233.89.168:6008
143.92.148.183:443
15.160.40.136:81
16.176.226.190:51947
16.26.40.174:1521
18.100.43.78:6002
18.163.33.90:25001
18.197.16.79:6362
3.107.160.120:5432
3.135.194.28:82
46.137.145.127:9300
51.20.96.28:43063
52.221.228.115:2376
54.176.71.134:11112
54.207.185.124:8089
54.210.203.58:6009
64.72.205.204:12521
79.241.109.7:81

# Reference: https://x.com/banthisguy9349/status/1934165893946183726
# Reference: https://www.virustotal.com/gui/file/148c2e77797ecce4f4f813198adb8023282197846329b352262741e90cbff9dd/detection
# Reference: https://www.virustotal.com/gui/file/2edd3116836ea979f855a9dbe4deb02adf562daf40041b1105ff164e514a3591/detection

http://176.9.34.165
176.9.34.165:443
147.45.199.1:9999
all-stat1228.com
gamelove11.net
winkorean.duckdns.org

# Reference: https://x.com/skocherhan/status/1934547449449754823
# Reference: https://www.virustotal.com/gui/file/261fbe678ec27c4809595198ad09aa78f4285d3ef512b4ecb773dab1616f95e4/detection

kubarekauction.com

# Reference: https://www.recordedfuture.com/research/grayalpha-uses-diverse-infection-vectors-deploy-powernet-loader-netsupport-rat
# Reference: https://go.recordedfuture.com/hubfs/reports/cta-2025-0613.pdf (# GrayAlpha)
# Reference: https://www.virustotal.com/gui/file/1f52416232bf57e6cbd8a72335a5f321cf8a571e53b043ee69dc3647d4978844/detection
# Reference: https://www.virustotal.com/gui/file/3cfcb57b94e69372cd2815dc63d66ab4b4ac4fec48b3b092f76ae5c9beaa353f/detection
# Reference: https://www.virustotal.com/gui/file/62242df8c7db337e46f44c4323ac9738adba89f095deb8e5d873ee8b35fa5079/detection
# Reference: https://www.virustotal.com/gui/file/b3a95ec7b1e7e73ba59d3e7005950784d2651fcd2b0e8f24fa665f89a7404a56/detection
# Reference: https://www.virustotal.com/gui/file/802338ddade5c023b83dd2111fe30b7d5b4b21b86408e91544345e0c45702a1d/detection
# Reference: https://www.virustotal.com/gui/file/3d00468448abc115a138a0d7c0e39db72bf3c46ed086926e7b9f1854835676b6/detection
# Reference: https://www.virustotal.com/gui/file/2c59f3552a77d2c9527970ae99e204ec279756ac24815a899ab43356420057e7/detection

http://206.206.123.97
http://212.224.107.150
http://62.76.234.49
206.206.123.97:443
212.224.107.150:443
62.76.234.49:443

# Reference: https://www.malware-traffic-analysis.net/2025/06/18/index.html

http://94.158.245.135
94.158.245.135:443

# Reference: https://x.com/JAMESWT_WT/status/1938502422579527840

aquafestonline.com
nitrorub.com

# Reference: https://github.com/malware-traffic/indicators/blob/main/2025-06-27-IOCs-for-SmartApeSG-to-ClickFix-page-to-NetSupport-RAT.txt
# Reference: https://www.virustotal.com/gui/file/03401e4637259a56561ad3f18cc76933345f6a3c8d64dc44fc6751052471b551/detection

http://185.163.45.30
185.163.45.30:443
camplively.com/smks.zip
exemplar-industry.com/zify.zip

# Reference: https://x.com/skocherhan/status/1938764527593546113
# Reference: https://www.virustotal.com/gui/file/f18fc38f0071b4a8247bab02bafca0bcf8dafb9f89b183f194ed3aa1e4bbc18e/detection

http://94.158.245.67
94.158.245.67:443

# Reference: https://x.com/skocherhan/status/1938764527593546113
# Reference: https://www.virustotal.com/gui/file/5ae5b247a6467b1d2773ea7f9692b8aefa8361a9372805ea22960d2ff462691b/detection

http://94.158.245.111
94.158.245.111:443
# shop.oljaeinfalt.com/lotz.zip (Ref: https://github.com/stamparm/maltrail/issues/19352)

# Reference: https://x.com/skocherhan/status/1938759906087100611
# Reference: https://www.virustotal.com/gui/file/c881f1019852319ff8b6d4ed2a876c03be91d2696dba6ebced3ddc98060ee339/detection
# Reference: https://www.virustotal.com/gui/file/784cdde8701eaeeafc459b7c56c4b7103b502da09fa99ab7b618ebe5a7be7458/detection
# Reference: https://www.virustotal.com/gui/file/3d2e92af3b269b054da237871cb8d6033ef25f000a7357cdc12753e6afd49bf5/detection

http://5.181.157.51
5.181.157.51:443

# Reference: https://x.com/skocherhan/status/1938754927121310052
# Reference: https://www.virustotal.com/gui/file/5ff742e134e3d17ec7abea435f718e8f5603b95e7984e024b2310ac9ef862ddf/detection

http://94.158.245.174
94.158.245.174:443
michellegraci.com/hatz.zip

# Reference: https://x.com/skocherhan/status/1938759294855311631
# Reference: https://www.virustotal.com/gui/file/16ccb4e9cbc42a227ef0ba6e6dfb40d8ddfe61541aeb5fc910eecea5929e2baf/detection
# Reference: https://www.virustotal.com/gui/file/b88815eae93f6cc92ef0c5a450893aaaba50b2a74821399eec7ce516e33afc4b/detection
# Reference: https://www.virustotal.com/gui/file/40d2d23b7a59980a4bb634f5ef32731dd6159dec21b016610819c6ba59eac42f/detection
# Reference: https://www.virustotal.com/gui/file/2fe9ed946e7bfd3520b2d7e9336b9baa7ee15d888bb7919d3ed3bc993b0b8de4/detection
# Reference: https://www.virustotal.com/gui/file/84e44a1ec6a9be589a849779dbdb8c1228712ccf55476c60237be0dcc50cb27a/detection
# Reference: https://www.virustotal.com/gui/file/72d2351a611504bad5240ee7f0d6888a3b8bfca9f371d64312551527db0546b9/detection

http://194.180.158.202
http://194.180.158.203
http://194.180.158.204
http://194.180.158.205
194.180.158.202:443
194.180.158.203:443
194.180.158.204:443
194.180.158.205:443

# Reference: https://app.validin.com/detail?find=WIN-JK328LDDJ61&type=dom&ref_id=c59455388cc#tab=host_pairs (# 2025-06-28)

http://5.181.157.49
http://5.181.157.50
http://5.181.157.51
http://5.181.157.52
http://5.181.157.53
http://5.181.157.54
http://5.181.157.55
http://5.181.157.56
http://5.181.157.57
http://5.181.157.58
http://5.181.157.59
http://5.181.157.60
http://5.181.157.61
http://5.181.157.62
http://5.181.157.63
http://5.181.158.41
5.181.157.49:443
5.181.157.50:443
5.181.157.51:443
5.181.157.52:443
5.181.157.53:443
5.181.157.54:443
5.181.157.55:443
5.181.157.56:443
5.181.157.57:443
5.181.157.58:443
5.181.157.59:443
5.181.157.60:443
5.181.157.61:443
5.181.157.62:443
5.181.157.63:443
5.181.158.41:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2025-06-29)

http://13.211.207.49
http://94.158.245.104
102.96.148.134:443
112.187.223.50:6001
117.139.192.25:2000
125.25.98.201:7443
13.158.139.252:2083
13.201.38.58:666
13.208.193.77:465
13.232.37.248:10258
13.234.32.95:4841
13.239.251.147:2
13.245.196.7:3310
13.245.30.86:55554
13.246.12.142:2403
13.246.35.159:29057
13.38.77.255:101
13.38.77.255:50001
13.53.198.166:995
13.56.230.93:30396
13.61.14.119:18059
130.164.161.236:443
15.152.49.131:30875
15.157.63.71:1962
15.160.190.238:50936
15.160.190.238:636
15.160.190.99:45156
15.160.201.4:7443
15.161.48.49:9998
15.168.13.231:2086
15.168.175.237:4841
15.223.185.231:1807
15.237.196.169:20548
157.175.176.159:3128
16.16.28.179:18245
16.16.28.179:445
16.162.253.247:10001
16.24.172.86:1311
16.24.172.98:2628
16.50.207.238:2077
16.50.45.78:1200
16.51.166.1:23927
16.51.71.248:2087
16.51.89.171:8089
16.62.126.222:41795
16.62.128.106:9206
16.62.221.28:34144
16.62.81.180:28949
16.78.105.149:7443
176.82.167.62:6001
176.82.216.124:6000
179.95.196.96:9990
179.95.202.203:9990
18.100.123.189:10001
18.100.123.189:11101
18.100.123.189:8001
18.100.124.119:789
18.101.186.216:21304
18.130.226.244:18244
18.182.3.254:3306
18.215.154.8:50000
18.226.52.101:9090
18.230.76.228:10000
18.230.76.228:12000
18.230.76.228:250
18.237.76.155:17777
181.12.250.37:5610
196.120.22.74:443
211.192.42.4:6001
213.131.49.166:4899
3.108.66.143:7547
3.129.23.119:2404
3.137.218.60:3299
3.145.106.94:2405
3.145.80.162:4321
3.25.170.205:48177
3.28.185.175:18246
3.29.129.151:135
3.35.206.79:20001
3.36.127.61:6697
3.38.192.195:4444
3.79.63.177:5010
3.86.105.71:5901
3.9.19.33:179
3.9.19.33:2079
3.96.153.247:33389
3.97.14.41:9306
34.216.174.212:9077
34.222.14.1:593
34.227.114.2:427
35.152.54.190:902
35.177.232.236:11112
35.177.59.45:17
35.183.136.126:5558
35.183.93.124:6697
37.12.5.43:6001
37.13.21.44:6000
37.13.26.52:6000
38.132.101.38:443
40.177.103.163:18642
40.177.103.163:46642
43.198.203.105:102
43.198.207.95:18049
43.198.207.95:4949
43.198.207.95:8649
43.198.90.225:8159
43.199.162.210:21025
43.201.102.238:5858
43.203.235.164:12506
43.203.235.164:20256
43.205.192.238:4841
43.205.239.207:11102
43.208.229.32:1024
43.208.75.92:12210
43.209.3.230:3306
43.217.153.115:3004
44.220.149.216:15
5.205.207.203:6001
50.18.143.103:50025
51.16.244.165:2443
51.17.167.100:9999
51.17.4.106:22636
51.17.4.106:46736
51.44.21.233:19
51.44.221.26:2004
51.84.175.149:6006
51.92.135.136:20000
51.95.20.122:10052
51.95.20.122:11102
51.95.20.122:2052
51.96.143.116:2677
52.195.215.6:623
52.210.123.160:20202
52.67.95.19:58603
52.67.95.19:5903
54.154.145.60:8090
54.154.62.82:81
54.160.149.207:18244
54.174.203.95:443
54.194.23.239:88
54.216.20.41:10261
54.216.20.41:1311
54.250.206.117:20999
54.253.241.166:7547
54.65.225.126:34666
54.67.30.185:12220
54.67.30.185:9020
54.87.185.33:20717
54.87.185.33:6667
54.87.56.61:48141
54.93.96.138:18244
56.155.3.102:40378
56.228.13.92:10260
63.177.241.22:2380
78.12.1.227:81
79.241.100.4:82
80.27.56.224:6001
84.154.176.100:82
84.154.191.111:81
92.205.129.119:3011
93.232.106.230:82
94.158.245.63:443
95.127.239.206:6000
98.130.124.136:30005
98.130.85.214:1414
cazaleacapital.com
certifiedhackerindia.com
deepholeintheworld.com
northwindimmigration.com
quickfreightuae.com
sinofreights.com
startupcheetah.com
verifintcon.com
vikingtenerife.com

# Reference: https://x.com/skocherhan/status/1938761187685961829
# Reference: https://www.virustotal.com/gui/file/b400609e4745308477584d46955d64420861e5d464e992c22f201a4b1e985e16/detection

http://77.238.246.170
77.238.246.170:443
blog.tequide.com/lifeisgood.zip

# Reference: https://x.com/skocherhan/status/1939604623213592756
# Reference: https://www.virustotal.com/gui/file/d7120d47e610b1a6d286cf7ecffd06a874a73df0bccc1f93978a6143a17998b9/detection
# Reference: https://www.virustotal.com/gui/file/600fe22b334f62db2f459747aca9d48c899d072185095d8f2d9d4a89a50e7cc1/detection

http://194.180.158.132
194.180.158.132:443
sidebysidetherapy.com.au/1/load.php
sidebysidetherapy.com.au/1/load2.php

# Reference: https://x.com/JAMESWT_WT/status/1942184882358084048
# Reference: https://www.virustotal.com/gui/file/7e743ab9e4f8a16c417a682918f4ab560e926846549cfb816c44fe43db41322d/detection

88.218.93.71:443
summer25hot.org

# Reference: https://x.com/skocherhan/status/1942245396828299652
# Reference: https://www.virustotal.com/gui/file/8c0a5d871845c89a2a1e32c740dc525c0b3a6c5f7ab352af845f0678ab47a0c4/detection
# Reference: https://www.virustotal.com/gui/file/3115dea35c32b82f16c2d6295463f5816b85d494d30021cd146fed83297694c6/detection
# Reference: https://www.virustotal.com/gui/file/02c16c70420a167d871a024b41c3671c2d0cf394323fdb646d12e675d76c40ef/detection

http://94.158.244.161
94.158.244.161:443

# Reference: https://x.com/skocherhan/status/1942245396828299652
# Reference: https://www.virustotal.com/gui/file/6ece29f8e0c5dda37171b028f264d54bc87357409fb2253fdd002e9f550c4bff/detection
# Reference: https://www.virustotal.com/gui/file/5186e776d01f8b590f67c62f59e68c6f3b4d3beea9d46357642bc7c32122297c/detection
# Reference: https://www.virustotal.com/gui/file/04c34daf86e83e911e5bd46b5159415d5970d7bb67e125053012a2f7607686b6/detection

http://185.163.45.61
185.163.45.61:443

# Reference: https://x.com/skocherhan/status/1942387234482647139
# Reference: https://www.virustotal.com/gui/file/fb36fcb1c7f1f33f66c3f885a87c1508014c502d1776292f99daa8e0e671b799/detection

http://95.179.130.254
95.179.130.254:443

# Reference: https://x.com/skocherhan/status/1942376813067387018
# Reference: https://www.virustotal.com/gui/file/12055d6be639b5534a33a775e188e1f51fb3c060ba113440f6f3228c1120053d/detection

http://147.45.218.43
http://5.9.58.91
147.45.218.43:5555
5.9.58.91:5555
kitmans.net
netstat2.com

# Reference: https://x.com/JAMESWT_WT/status/1942518632342327355

147.45.218.49:443
5.9.58.91:443
78.128.112.206:443
bodstrun3.net
composiska.net
dainaris11.org
hitmanzok.net
lossikna1.net
pintest1.net
solofarm.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c8663dea9db342499a125f2f00b74c8ee662c04d909a4176760c020acc9c2ee3/detection
# Reference: https://www.virustotal.com/gui/file/5c0c637768ae50a40a76240472c5318baa9d7361744eb87ce5ef4cb614f60d35/detection

http://45.125.66.123
45.125.66.123:443

# Reference: https://x.com/skocherhan/status/1943534574568456570
# Reference: https://www.virustotal.com/gui/file/30560c47fc13e03ae68ad206ebbb6bf916f888e35a9f3890e09b9e5753624084/detection

http://5.181.159.204
5.181.159.204:443

# Reference: https://x.com/skocherhan/status/1943527947043741804
# Reference: https://www.virustotal.com/gui/file/4a2ef2c5c483d631fbdd746d32d018e3a4908bc60dfae879f458489a35cdcfb1/detection

http://5.181.157.164
5.181.157.164:443

# Reference: https://x.com/skocherhan/status/1944440400585875794
# Reference: https://www.virustotal.com/gui/file/595920cf2e36c51812c448df4afe809a2265f3522c295c2e653808ca851aa0e4/detection
# Reference: https://www.virustotal.com/gui/file/8706dd6b6ff157b0e616e2299287c18f475720f373a7ab224e77461ccb4195e7/detection

http://5.181.159.203
5.181.159.203:443
agenciacrabli.com/1/load.php
agenciacrabli.com/2/load.php

# Reference: https://x.com/JAMESWT_WT/status/1944664889189974446

http://185.163.45.41
http://185.163.45.73
http://185.163.47.72
http://5.181.159.200
http://5.181.159.201
http://5.181.159.202
http://5.181.159.205
185.163.45.41:443
185.163.45.73:443
185.163.47.72:443
5.181.159.200:443
5.181.159.201:443
5.181.159.202:443
5.181.159.205:443

# Reference: https://x.com/JAMESWT_WT/status/1944680584640627019
# Reference: https://www.virustotal.com/gui/file/e977da157a96d8b1eda912d769ce34c4a58b4b2108d5eaafe29d834cd87e7e16/detection
# Reference: https://www.virustotal.com/gui/file/016a6f5aa0a0f6a9fac58b47d97171ee1d00fbc700b060f4aaa71423aa559ab6/detection

http://193.143.1.216
193.143.1.216:443
resetis.com

# Reference: https://x.com/JAMESWT_WT/status/1944685213982101650
# Reference: https://www.virustotal.com/gui/file/40cd93c23a235d47f4a2aa3ed0a2ac98a486b37b8f75bef6a7bb5d268a7d5f67/detection
# Reference: https://www.virustotal.com/gui/file/438a885ff1eac30b0d27193b02c6695e8e806a2d339de0d0b6bc555dad79d520/detection
# Reference: https://www.virustotal.com/gui/file/2bd3a8ebf7e059e776bf9ed1a87f455467087e8e845618795e7dec6318d2ccad/detection

http://176.65.140.160
176.65.140.160:443

# Reference: https://x.com/JAMESWT_WT/status/1944750838896861488
# Reference: https://www.virustotal.com/gui/file/8f9abc7d4c506597867d65bb902ed8fca719e55e7173b9d5c82b0b30633bb84c/detection
# Reference: https://www.virustotal.com/gui/file/cfdb1b1533db2f5d93cdc177a1dc310c1be9a28780c6ed114e69e6149aae3eff/detection

http://45.142.193.119
45.142.193.119:443

# Reference: https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/
# Reference: https://www.virustotal.com/gui/file/525173453e285d6a6bfdef8ac2241ed4d64b106110ca1e8049f820d9a5ff805f/detection

http://80.77.23.48
lasix20.com
leocompany.org
mh-sns.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-07-26)

100.27.209.121:14265
100.27.209.121:615
102.100.54.55:443
102.100.73.246:443
102.96.149.206:443
102.96.170.230:443
118.174.70.104:7443
13.114.15.139:49501
13.127.151.53:1224
13.127.250.197:1963
13.208.185.26:119
13.208.249.200:53663
13.208.32.85:19518
13.213.19.51:4839
13.232.71.100:5222
13.233.168.184:26160
13.233.99.139:58194
13.245.111.102:831
13.245.230.203:17954
13.246.221.95:17778
13.247.186.229:20201
13.247.190.233:8013
13.36.167.50:50308
13.37.239.254:25434
13.38.41.124:20001
13.38.52.144:40000
13.38.81.62:11103
13.38.81.62:5903
13.38.84.98:50994
13.48.178.184:389
13.51.167.29:104
13.51.176.77:5903
13.59.10.58:808
13.61.141.59:44819
130.164.175.159:443
130.164.181.230:443
139.64.5.15:443
15.160.119.2:1244
15.160.172.231:20547
15.160.87.249:39116
15.161.111.151:1912
15.161.91.90:10258
15.161.93.7:135
15.185.176.62:6009
15.188.146.16:833
15.228.192.200:2181
15.237.190.215:2078
15.237.251.27:34673
157.175.168.179:6005
157.175.176.151:1194
157.175.176.151:4894
157.175.188.83:1201
157.175.188.83:20001
157.175.55.36:52057
16.24.145.72:7207
16.24.171.193:2456
16.26.53.53:37892
16.51.151.204:1080
16.51.166.161:8636
16.51.57.139:15976
16.51.66.78:14231
16.62.240.47:4839
16.63.101.3:81
16.63.137.205:20000
16.63.137.205:3550
16.78.22.100:2761
16.79.68.103:52126
176.34.42.250:465
179.95.194.18:9990
179.95.201.82:9990
179.95.204.243:9990
18.100.143.170:5900
18.142.251.30:2628
18.143.94.16:6443
18.153.210.162:1963
18.163.238.189:13325
18.167.126.213:1024
18.167.126.213:20574
18.170.213.135:7170
18.175.149.170:13000
18.175.149.170:8000
18.175.149.170:9200
18.183.141.66:2000
18.183.141.66:9200
18.191.218.224:4582
18.199.146.33:2375
18.208.220.64:50580
18.231.106.229:2701
18.231.246.194:55615
18.231.52.182:8080
18.60.153.144:20547
18.60.200.175:50580
18.60.233.146:81
18.60.233.146:831
18.61.119.224:445
18.61.159.31:2262
18.61.48.54:17270
181.12.248.204:5610
182.52.120.78:7443
196.120.15.116:443
3.10.205.17:1099
3.10.205.17:9999
3.145.103.35:22199
3.25.173.252:2053
3.25.68.150:2456
3.254.193.20:8389
3.28.185.133:2053
3.28.43.194:1963
3.29.244.163:113
3.29.58.110:9104
3.29.67.233:2455
3.29.67.233:37805
3.67.64.87:41795
3.70.241.88:18245
3.80.186.71:1961
3.96.126.19:3306
3.96.189.206:1024
3.96.189.206:1224
3.96.210.38:501
34.222.124.155:11112
34.254.158.94:4730
35.152.252.225:2080
35.152.252.225:31680
35.152.252.225:50580
35.156.214.186:102
35.163.114.205:44818
35.180.121.47:179
35.180.203.168:18572
35.180.210.246:1801
35.180.210.246:49501
35.180.255.4:20256
35.180.255.4:2456
35.180.255.4:26306
35.183.198.97:56905
35.90.2.59:18856
40.176.177.0:10261
40.176.229.93:20546
40.176.253.172:45207
40.177.115.50:104
40.192.38.8:18246
40.192.38.8:48796
43.198.184.116:58000
43.198.88.243:3000
43.199.163.222:18245
43.201.51.47:119
43.207.83.12:1224
43.208.192.188:48641
43.208.5.219:7170
43.217.97.47:7000
43.218.133.31:36673
44.201.73.92:41795
51.112.47.23:27034
51.16.209.16:20342
51.16.250.152:2376
51.17.184.103:3390
51.17.184.103:8090
51.17.21.189:3306
51.20.181.47:1912
51.20.248.15:23642
51.44.83.45:39320
51.84.57.233:2443
51.84.57.233:4093
51.84.57.233:443
51.84.68.56:1099
51.92.218.68:995
51.92.224.227:9042
52.194.225.30:3390
52.207.62.89:20548
52.47.127.136:6827
52.53.250.171:2375
54.149.158.27:51200
54.149.158.27:7000
54.155.253.62:34011
54.167.91.150:32579
54.169.174.87:8880
54.171.100.90:8888
54.176.63.12:5985
54.177.38.62:1194
54.187.89.54:18138
54.191.179.49:7443
54.199.161.171:35183
54.204.63.61:4730
54.215.245.94:2083
54.233.16.132:14166
54.238.203.127:4841
54.241.95.108:5986
54.244.59.22:135
54.255.225.255:7078
54.64.166.20:33824
54.65.51.137:2762
54.78.57.178:10260
54.78.57.178:10810
56.124.127.146:26090
63.179.1.26:789
65.0.130.57:2000
65.2.180.166:831
78.12.244.199:1244
78.12.5.9:3390
84.154.177.136:82
88.17.115.11:443
93.198.188.234:82
93.232.100.194:82
93.232.111.2:82
93.232.99.226:81
98.130.135.39:5938

# Reference: https://x.com/JAMESWT_WT/status/1950487314439803375

108.61.198.38:443
109.107.170.126:443
162.33.179.223:443
185.149.146.73:1488
185.163.45.130:443
185.163.45.140:443
185.163.45.87:443
185.163.45.97:443
185.196.8.219:443
193.233.206.23:443
199.188.200.195:443
38.180.62.49:443
45.147.196.90:443
45.61.128.74:443
45.76.253.210:443
5.181.156.11:443
5.181.156.177:443
5.181.156.36:443
5.181.159.141:443
5.252.117.214:443
5.252.178.23:443
51.195.53.204:443
83.222.190.38:443
91.84.106.175:443
91.92.248.21:443
94.158.244.118:443
94.158.244.26:5051
94.158.244.41:443
95.216.253.73:443
1994collective.com
1994collective13.com
armayalitim1722.com
asaplink.net
asdjiive.icu
asojdijvoieji3jc.cn
balbalz2.com
balibumba1.com
balibumba2.com
bretvenyzer19.com
dcaiergewas11.com
deperekanuki1.com
deperekanuki2.com
dfaiernewa23.com
diigbiej5g.cn
ewtrtc.top
falafelgoo2.com
gribidi1.com
gribidi2.com
gribov.net
joewoodonline.com
joewoodonline3232.com
kycol.net
labudanka1.com
labudanka2.com
ooork.com
ravinads.com
ravtinoba1.com
ravtinoba2.com
rtuvaid.com
rtuvaid38.com
savastijir1.com
savastijir2.com
school2.net
securiji1.com
securiji2.com
thabidu.com
thumkagrill.com
tineynaimb1.com
tradinghuy.duckdns.org
tutrd.com
urukurubustar1.com

# Reference: https://www.virustotal.com/gui/file/323fbe09726d9d622ae250ecdf0843a094dd0d9e7d4d301f28e7ce600ffb5760/detection

sasdi9efasdb3jao9393.cn
telemetry.cdn.ny.com

# Reference: https://x.com/ElementalX2/status/1952594521394450840
# Reference: https://www.virustotal.com/gui/file/5cea87c570e7add7729d3c4c6dec118e0732987a21b464a26d0794bf4de137d8/detection
# Reference: https://www.virustotal.com/gui/file/7bdc9de03d61ca0018d00120a92e14986255074cddb76a01dec81d4dd85bf1e5/detection

kgauditcheck.com
proauditkg.com

# Reference: https://x.com/skocherhan/status/1954780410652582049

170.130.165.177:443
170.130.55.203:443
185.197.74.58:5531
185.230.143.110:1918
193.24.123.37:443
194.0.234.17:443
31.214.157.35:443
5.252.178.104:443
51.89.107.105:9191
80.66.88.55:443
82.115.223.134:443
82.115.223.236:2011
88.214.24.71:2544

# Reference: https://www.virustotal.com/gui/file/9f91e248ef13fc6271f30edde625f1d785173359f40270b2d1d22c47ed5734b4/detection
# Reference: https://www.virustotal.com/gui/file/ef3cea2f46a7a306ca797891442638771163f6d77388acc3846a55da94276647/detection
# Reference: https://www.virustotal.com/gui/file/fef70d52801dc9d0a1b0e236f105fbadc4c0e4c52f056457da5b08ed8bb86296/detection

http://45.155.249.13
45.155.249.13:443
erinsha.com
parasitfri.com

# Reference: https://x.com/netresec/status/1959907365609775230
# Reference: https://infosec.exchange/@monitorsg/114867563467717172
# Reference: https://www.virustotal.com/gui/file/448b4a5cf4c6c0dcac98d803accbd5174c52361cb1b132a728a8c1b52d56839f/detection

as5yo.top
lpdesigns.uk

# Reference: https://x.com/netresec/status/1960236337807659117

45.88.104.226:3085
spaces.center

# Reference: https://x.com/JAMESWT_WT/status/1962065143086354753
# Reference: https://www.malware-traffic-analysis.net/2025/08/20/index.html
# Reference: https://www.virustotal.com/gui/file/f621d31c17dd7706e157e1195e230b151b8d25e780928991e1b1901e58789731/detection

http://38.146.28.242
38.146.28.242:443
westford-computing6.net
westford-systems.icu
cdn.westford-computing6.net

# Reference: https://x.com/skocherhan/status/1964978489892966665
# Reference: https://www.virustotal.com/gui/ip-address/43.218.76.102/community

43.218.76.102:790

# Reference: https://x.com/JAMESWT_WT/status/1965350312862253313
# Reference: https://www.virustotal.com/gui/file/5510b3356e1c65e054c4b042188d61fb281ed7e905dfc9e7f2c0f8aca3d58f1b/detection

141.98.11.175:443
atafixmyout.com
biaotltt.com
bobilockyou.com
bolbonota.com
dasdajklsdkaksldkjd.com
forstupguysoo.com
kaldotrototo.com
kukuepbemy.com
lastmychancetoss.com
losiposithankyou.com
newgenlosehops.com
notforstupguya.com
oppapafkfkfk.com
otofixmyin.com

# Reference: https://x.com/Maverits/status/1965838862640644497
# Reference: https://x.com/Cyber0verload/status/1965893933915058404

http://178.16.54.125
http://178.16.54.130
http://178.16.54.131
http://178.16.54.132
http://178.16.54.134
http://178.16.54.139
178.16.54.125:443
178.16.54.130:443
178.16.54.131:443
178.16.54.132:443
178.16.54.134:443
178.16.54.139:443

# Reference: https://x.com/JAMESWT_WT/status/1968264739873812849
# Reference: https://www.virustotal.com/gui/file/65219d70f5c46785626f4bc9c88ea20ba4dd533c7e9af5cb166eeee07d4753ff/detection

http://51.89.107.105
51.89.107.105:9191

# Reference: https://x.com/JAMESWT_WT/status/1968264739873812849
# Reference: https://www.virustotal.com/gui/file/eea854920b54d2daadd282a95071ee15fe699c64f09fb2c90e4266881140e847/detection

http://185.39.19.233
185.39.19.233:443
ghostrio.com
olbanha.com

# Reference: https://x.com/JAMESWT_WT/status/1968264739873812849
# Reference: https://www.virustotal.com/gui/file/b8b41fc5230f49909f46d871af9317ab88ea31dbfe2b4e988c64388b338ef90d/detection

cassandpool2.net

# Reference: https://x.com/JAMESWT_WT/status/1968264739873812849
# Reference: https://www.virustotal.com/gui/file/e5ad69840f1eda75da2f59cc3472d118f9b94a5f42bd661d6e7644cee9caacef/detection

http://178.16.54.131
178.16.54.131:443

# Reference: https://x.com/JAMESWT_WT/status/1969078281656733860
# Reference: https://www.virustotal.com/gui/file/f2063ae3fd1d8adba575304f66267e881909e773c23ecf97844b96086b66013a/detection
# Reference: https://www.virustotal.com/gui/file/8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039/detection

http://141.98.11.224
141.98.11.224:5555
nsgatetest1.digital

# Reference: https://x.com/smica83/status/1973359494018244855
# Reference: https://www.virustotal.com/gui/file/850e30f978d413e4e8569a101d1689d5fb1e44aac53da2f7737f90a49486991b/detection
# Reference: https://www.virustotal.com/gui/file/523b07a24b1aa29cfdc4963a6ab0ef27e0458f4dccb444563cc5d0dc772444c8/detection
# Reference: https://www.virustotal.com/gui/file/05c38a73d9a4ea07d9a851a15fd649573835a3b4b62761b4a8b12133bd9e8de8/detection
# CERT_FINGERPRINT_SHA256-HOST=bad0b5b0f1a67521a9d84b747d9b01b585e4f2eed737465fe1f468b6ae20297e
# CERT_FINGERPRINT_SHA256-HOST=355d7c0df9e6c9c09fde0957ed73f7b802f5ca055858f2ed8cb3a9b9cb728e63

http://62.164.177.249
62.164.177.249:443
85.208.84.115:7777
londakensofreb.shop
lvataimbrichade.icu
tintaricalycher.cfd
zeppettablaidar.site
zilmadradensell.space

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-10-05)

http://15.237.116.211
http://47.128.148.221
http://54.89.255.236
101.108.108.68:7443
101.108.134.143:7443
102.100.55.208:443
102.100.73.224:443
102.96.148.188:443
102.96.148.70:443
102.96.170.17:443
102.96.171.32:443
102.96.188.215:443
102.96.189.193:443
102.96.214.19:443
102.96.214.215:443
102.96.214.65:443
104.238.35.235:24551
105.154.21.122:443
105.159.148.109:443
108.137.68.134:2077
108.137.69.124:59345
109.195.115.106:3321
118.174.154.230:7443
118.174.71.22:7443
13.112.193.216:43469
13.124.101.174:20201
13.124.82.166:10261
13.126.101.250:8010
13.201.10.7:2795
13.201.25.169:28951
13.208.190.18:5061
13.208.242.86:16992
13.208.252.175:40961
13.211.143.231:6640
13.211.214.125:38896
13.211.80.141:49152
13.212.35.30:888
13.220.134.86:9080
13.229.211.114:4840
13.231.207.37:40000
13.232.253.158:18138
13.233.127.232:2375
13.233.166.137:2454
13.244.64.198:2454
13.245.75.9:1433
13.245.75.9:833
13.246.240.58:46558
13.246.240.58:7908
13.246.41.198:2000
13.247.120.203:2087
13.247.149.120:8159
13.247.58.212:4840
13.247.58.212:8090
13.247.60.219:25565
13.247.60.219:55615
13.250.126.10:8013
13.39.104.25:9779
13.39.161.218:34659
13.40.3.205:34210
13.40.97.10:43
13.48.138.122:35791
13.55.33.0:42957
13.55.37.74:8159
13.57.231.137:58467
13.58.108.28:2095
13.58.108.28:8545
13.58.108.28:995
13.60.200.7:10261
13.60.220.2:2077
13.62.19.37:5671
13.62.49.104:41795
139.64.25.160:443
143.92.155.82:443
144.86.33.171:443
144.86.38.158:443
15.152.46.24:58609
15.152.50.124:18246
15.156.192.129:4369
15.157.71.70:18082
15.157.71.70:8082
15.157.72.236:45615
15.160.120.126:44819
15.160.128.228:20548
15.160.140.165:2000
15.160.140.165:5900
15.160.167.247:60000
15.160.175.79:2095
15.160.195.251:2000
15.160.233.53:3000
15.160.26.255:46164
15.160.40.131:59929
15.160.87.48:8443
15.161.246.69:36177
15.168.3.125:10261
15.168.61.27:1311
15.185.52.154:17729
15.222.11.66:42241
15.237.144.163:8020
15.237.251.20:44817
157.175.166.224:8965
157.175.185.202:13181
16.16.187.155:7656
16.162.253.247:50376
16.162.46.213:2077
16.171.236.166:20256
16.24.207.16:5985
16.24.70.88:7170
16.24.71.107:21842
16.24.72.24:56769
16.26.33.120:5060
16.26.92.78:40338
16.28.104.49:37404
16.50.237.232:790
16.50.41.216:3260
16.50.46.106:9042
16.51.151.246:48285
16.51.152.223:17811
16.51.158.109:8020
16.51.89.90:54617
16.52.42.81:6960
16.52.85.16:9999
16.62.129.84:102
16.62.129.84:5902
16.62.221.203:3587
16.62.81.178:6007
16.62.81.5:2581
16.63.108.75:20997
16.63.157.158:3128
16.63.157.158:50478
16.63.161.46:47951
16.63.167.228:29451
16.63.19.217:58603
16.63.226.179:10000
16.63.226.179:9600
16.63.35.98:44818
16.78.2.231:2086
167.86.145.81:443
179.95.172.188:9990
179.95.202.249:9990
179.95.203.131:9990
179.95.203.166:9990
179.95.205.237:9990
18.117.100.92:45450
18.117.100.92:58600
18.117.78.125:21214
18.119.161.168:2096
18.119.172.78:788
18.153.208.239:771
18.158.61.80:14596
18.158.61.80:19646
18.163.196.135:3086
18.163.40.223:18030
18.163.6.103:14265
18.167.134.167:8082
18.171.149.220:18080
18.171.170.5:20547
18.171.204.198:31594
18.175.137.195:101
18.181.197.12:30875
18.181.96.254:1135
18.190.176.112:40000
18.191.235.136:54505
18.199.91.254:554
18.207.94.125:42681
18.222.117.10:4841
18.222.118.200:11211
18.228.192.59:2096
18.228.193.81:995
18.230.11.233:636
18.231.123.165:16992
18.231.172.205:1963
18.61.119.177:1024
18.61.174.117:5986
18.61.252.144:11101
196.120.15.138:443
196.120.22.121:443
201.235.123.146:5603
3.10.203.198:4839
3.10.226.241:10259
3.101.63.107:4840
3.101.63.178:83
3.101.82.15:6008
3.104.111.160:1099
3.110.220.107:55615
3.12.151.112:2405
3.122.120.54:20546
3.14.135.71:2083
3.145.178.209:2096
3.145.178.209:31746
3.145.71.121:8008
3.145.71.121:808
3.145.72.62:8000
3.148.113.159:60000
3.148.197.135:9601
3.23.92.222:56501
3.25.136.196:44817
3.252.44.152:113
3.254.194.200:30462
3.26.78.124:6362
3.28.136.187:2281
3.28.185.123:10443
3.28.46.76:30386
3.29.126.59:4567
3.29.33.64:1962
3.34.252.229:59514
3.35.25.29:48746
3.36.89.84:13258
3.39.254.225:11213
3.68.149.214:102
3.70.240.42:8010
3.71.39.192:6362
3.71.87.13:18082
3.76.205.31:50090
3.76.34.46:34341
3.89.225.68:788
3.91.158.229:501
3.91.96.234:20548
3.92.21.197:14548
3.96.215.227:7547
3.96.221.134:17079
3.99.188.26:35547
3.99.191.168:5672
34.217.107.216:44818
34.217.96.253:18245
34.222.42.128:3306
34.223.229.37:41877
34.234.67.174:5060
34.247.188.220:3299
34.247.188.220:6699
34.251.9.79:2405
35.152.141.253:8636
35.159.113.84:41371
35.176.152.5:2455
35.178.201.56:12925
35.178.203.23:9876
35.180.127.3:50805
35.180.127.3:51005
35.180.65.171:50805
35.180.8.137:427
35.183.105.9:18082
35.86.100.98:10259
35.87.176.246:2376
35.87.82.29:7443
35.92.47.41:10204
35.93.44.212:9042
40.176.189.140:11102
40.192.15.48:44818
40.192.2.32:4567
40.192.99.189:102
41.250.137.88:443
43.198.101.99:7000
43.198.102.222:102
43.198.185.150:1787
43.198.222.90:27017
43.198.225.38:5061
43.198.245.54:10699
43.199.160.18:2380
43.199.160.18:8130
43.200.254.110:9600
43.202.1.14:59465
43.203.128.54:5706
43.203.193.29:2281
43.203.233.141:2003
43.203.255.221:15443
43.204.30.122:48591
43.204.38.39:38783
43.207.199.12:10000
43.207.199.12:52200
43.207.199.12:5900
43.207.74.125:4000
43.207.74.125:9600
43.209.3.178:6443
43.218.233.122:6881
43.218.233.122:8081
44.243.107.60:20201
44.252.84.108:18245
44.252.84.108:2095
47.128.80.213:58178
47.129.120.1:28234
47.129.154.181:58000
51.112.51.159:47080
51.112.53.216:4443
51.16.46.172:15616
51.17.225.195:6362
51.17.5.111:4443
51.17.51.236:14000
51.20.142.120:5995
51.20.250.182:2944
51.20.94.251:9301
51.34.22.175:4567
51.34.39.107:51200
51.44.160.173:8888
51.44.82.75:3128
51.84.175.155:20277
51.84.9.95:7000
51.94.31.130:8883
51.95.70.41:55274
52.10.110.75:25314
52.17.47.98:81
52.195.235.214:88
52.36.18.177:8090
52.47.199.124:1963
52.53.246.92:8888
52.63.111.178:31022
52.89.245.59:44818
54.176.224.0:1311
54.180.135.29:113
54.180.140.26:9142
54.183.190.75:8080
54.183.65.116:2404
54.184.96.39:8013
54.196.124.91:18244
54.198.55.119:47587
54.207.216.190:2080
54.207.216.190:830
54.209.57.32:20548
54.219.39.97:10001
54.219.39.97:3001
54.219.39.97:9601
54.224.94.224:179
54.234.30.196:25565
54.246.253.2:59068
54.250.164.8:8013
54.255.172.127:1200
54.255.172.127:48750
54.255.172.127:5000
54.65.66.80:7000
54.72.244.163:50625
54.78.64.124:2181
54.93.181.242:14000
54.93.181.242:7000
56.124.124.92:49152
56.124.56.70:48950
56.155.113.234:50995
56.155.117.222:23905
56.155.141.62:309
56.155.28.140:2004
56.155.45.192:2455
56.155.92.53:47851
63.176.165.233:13394
63.176.95.110:20001
64.23.97.215:443
65.1.135.2:23408
78.12.193.1:20058
79.241.100.83:82
79.241.104.139:81
79.241.107.250:82
79.241.108.185:81
79.241.108.34:81
79.241.110.80:82
84.154.177.111:82
84.154.177.236:81
84.154.177.236:82
84.154.183.163:81
84.27.86.226:443
88.116.203.218:5500
88.116.203.219:5500
88.116.203.220:5500
88.116.203.221:5500
89.216.98.17:3085
92.187.178.71:3085
93.198.179.57:81
93.198.181.242:81
93.198.183.133:81
93.198.185.141:81
93.198.188.186:81
93.232.103.14:82
93.232.98.22:82
95.217.58.77:42932
98.82.185.184:2181
99.79.78.100:6513

# Reference: https://x.com/JAMESWT_WT/status/1975861841399329244
# Reference: https://www.virustotal.com/gui/file/236d0788e4f5491cf67749cc4a5e56118d98f4254c047c36c98153375b2b6e5a/detection
# Reference: https://www.virustotal.com/gui/file/afc45cc0df7f7e481bff45c6f62a6418b6ae4c8b474ec36113e05ab7ca7e2743/detection
# Reference: https://www.virustotal.com/gui/file/381be3339f6f7bed438c356dd3bcacf4479caccde268694b2bfeb1b5a5cef63c/detection
# Reference: https://www.virustotal.com/gui/file/05e274ec9eb3e295c5bf0661f578346555d8951b04a3afedf6197cab72dcf1c2/detection

http://62.164.177.48
http://77.83.175.131
http://176.124.203.76
http://92.119.114.15
176.124.203.76:443
62.164.177.48:443
77.83.175.131:2080
92.119.114.15:2080
adventurergsdfjg.com
basketballast.com
blueprintsfdskjhfd.com
foundationasdasd.com
generationkasdm.com
jordanyshop.com
remarkableaskf.com
smallfootmyfor.com
sonosarcl.net
sonosarcx.com
stonewoder.com
understandott.com
universitynsd.com

# Reference: https://x.com/malwrhunterteam/status/1978197936095006741
# Reference: https://www.virustotal.com/gui/file/ffed8cd32c68d30a9e0f3d4484084982ca92667a99ade3bf32d58125dcd15f5e/detection
# CLASS_0_HASH-HOST=2f9316fdfd2c1ead41317933d3c41424
# CLASS_0_HASH-IP=2f9316fdfd2c1ead41317933d3c41424

http://103.246.145.161
http://109.248.161.67
103.246.145.161:443
cassndrpool3.com
setupeu.com
setupeurope.eu

# Generic trails

/iplog/newg.php
/JSX/testpost.php
/fakeurl.htm
