# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: poseidon stealer, rod stealer, rodmacer stealer, crazyevil, mac.c stealer, macsync stealer

# Reference: https://twitter.com/phd_phuc/status/1651001139750420480
# Reference: https://twitter.com/phd_phuc/status/1651002681798926337
# Reference: https://www.virustotal.com/gui/file/2175cc3bc1e3bf4cc27a9524b34d47c14b9aa094061600c0c4bfee9447bd54b4/detection

37.220.87.16:5000
amos-malware.ru

# Reference: https://twitter.com/malwrhunterteam/status/1651496976486154240
# Reference: https://www.virustotal.com/gui/file/2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097/detection

3fa-all.life
any-viewer.com
app-torrent.org
app-trade.net
apps-torrent.com
apps-torrent.net
apps-torrent.org
apps-trade.org
apps-web.digital
atom-apps.net
auth-apps.club
auth-apps.org
auth-secure.org
axx-play.com
brav-down.com
brav-down.org
bravs-down.com
cosmos-network.io
ens-apps.com
evmchainlist.app
files-box.org
forexx-meta.com
gram-apps.com
gramm-download.net
gua-wallet.com
gua-wallet.org
itrezor.net
itrezor.org
keplrwallet.app
layerzero-foundations.net
memo-apps.net
memo-apps.org
meta-forexx.com
meta-forexx.net
meta-forexx.org
notion-apps.net
otp-apps.net
otp-apps.org
pass-save.com
ph-wallet.org
phan-apps.com
phantom-wallet.at
phantom-wallet.net
phantomm-wallet.us
play-axi.net
q-torrent.com
q-torrent.net
q-torrent.org
rabby-wallet.net
rabby.at
remote-apps.net
remote-apps.org
saver-pass.life
scroll-drop.net
scrollfoundation.net
scrollnetworks.net
secure-apps.org
security-apps.net
security-apps.org
skii-weaver.com
skii-weaver.net
team-apps.club
torent-u.com
tortent-u.com
tortent-u.org
twill-down.com
twillo2.club
u-torrent.org
unisat-wallet.net
unisat.at
uploads-test.org
uth-app.life
vl-play.club
w3fa-all.life
wallet-atom.com
wauth-secure.org
web-wallet.org
wu-torrent.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
# Reference: https://otx.alienvault.com/pulse/64fa053f6f16dd0914077358

app-downloads.org
trabingviews.com
u0131ews.com
xn--gsvews-r9a.com
xn--tradgsvews-0ubd3y.com

# Reference: https://twitter.com/1ZRR4H/status/1700206318718509292

cleanmac-app.top

# Reference: https://threatfox.abuse.ch/ioc/1164482/

http://185.106.93.154
maybe.host
api.maybe.host

# Reference: https://twitter.com/MalGamy12/status/1705151026976760309
# Reference: https://www.virustotal.com/gui/file/19023cd72c8de1423e8082232099c6e38db3e78ceca179af104a3b1ad579d8a5/detection

http://45.144.29.39

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://185.215.113.116

# Reference: https://twitter.com/g0njxa/status/1710678871799152913

dafu-xiaoniangao.monster
/askdaskdIB/22987ggg
/22987ggg
/askdaskdIB

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://104.21.17.179
http://171.22.28.248
http://172.67.177.191
http://185.172.128.163
http://185.172.128.31
http://185.215.113.71
http://194.169.175.117
http://194.49.94.93
http://5.182.86.8
http://5.42.65.107
http://5.42.65.55
http://79.137.198.170
http://89.208.105.191

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
# Reference: https://otx.alienvault.com/pulse/655deaade608a53b8d4ada31

chalomannoakhali.com
jaminzaidad.com
royaltrustrbc.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.98/relations
# Reference: https://www.virustotal.com/gui/file/0956ab422b6bcc44fed1504b524c8bb8c4491da42552c3b179d6bbcb3dc24c85/detection

http://5.42.65.108
trialap.com
slack.trialap.com

# Reference: https://twitter.com/r3dbU7z/status/1748103869375128024
# Reference: https://www.virustotal.com/gui/ip-address/23.227.199.33/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.92.244.104/relations
# Reference: https://www.virustotal.com/gui/file/0316b4d2186dbfbaef8929cb18fed6d6a5ba7a923fd005c94b458b7dd3ada6a8/detection

daddyvjxsa.online
daddyvjxsa.site
parailels.online
parallells.online

# Reference: https://twitter.com/r3dbU7z/status/1755063296145736023
# Reference: https://twitter.com/r3dbU7z/status/1771867585673392149

aianubhav.com
accoun10.com
guruveera.com

# Reference: https://twitter.com/moonlock_lab/status/1772323469947978002
# Reference: https://www.virustotal.com/gui/file/511a01dcb0fe86c9f2f432400a28487d53e83cdb03af7701f28511f260eb1a83/detection
# Reference: https://www.virustotal.com/gui/file/07a4618b5d9e057de25977ec2bd698e3070280be162aaed16b45cdef3ccad862/detection

79.137.192.4:443

# Reference: https://twitter.com/r3dbU7z/status/1786009485846204504
# Reference: https://www.virustotal.com/gui/file/26576c710b3025a4e1b46f78a0e1a9a276e2107291771ae1a9792ebffa2ef930/detection

notion.ph

# Reference: https://twitter.com/birchb0y/status/1790746238758817821
# Reference: https://x.com/malwrhunterteam/status/1900612483900981277
# Reference: https://x.com/malwrhunterteam/status/1902272327980642718
# Reference: https://alden.io/posts/infostealers-a-brewin/
# Reference: https://app.any.run/tasks/834cae35-e7c8-4e63-a66b-814f676e6af2/
# Reference: https://app.validin.com/detail?type=raw&find=Homebrew+%E2%80%94+The+Missing+Package+Manager+for+macOS+%28or+Linux%29 (# 2025-03-14)
# Reference: https://www.virustotal.com/gui/file/513bb09807c9c343fccf7df30f687ea490125745e5ae02177c92efeb514e4b30/detection
# Reference: https://www.virustotal.com/gui/file/9a2e0aadd42144abf97232bff0d3dcec123004b07e1e771c82e0d04f7ae0971a/detection
# Reference: https://www.virustotal.com/gui/file/0a21b30f2e725b73160c542561bf68a2c8f53949557240db34d890583d02e30b/detection

http://109.120.178.3
http://158.255.213.85
http://162.252.175.220
http://167.234.213.68
http://185.199.108.153
http://185.199.109.153
http://185.199.110.153
http://185.199.111.153
http://185.246.130.141
http://188.127.225.100
http://5.255.107.149
http://5.42.100.86
http://77.221.151.41
http://79.137.192.4
http://82.115.223.176
http://85.217.222.185
http://94.124.160.117
79.137.192.4:443
94.124.160.117:443
applemacios.com
aroqui.com
axcrid.com
bodega-fyi.pages.dev
brew-download.com
brew.lat
brews.icu
brewsh.cc
brewshh.org
candao.top
coinpepe.xyz
drcohenmd.com
homebrew-storage.com
homebrew.cx
homebrew.page
homebrewl.pro
hornebrew.mom
mpsime.com
nnvious.com
rectanglemac.pro
trello.bio
willowsushi.com
brew.pages.dev
docs.homebrew.cx
raw.brewsh.cc

# Reference: https://x.com/Threat_Down/status/1791912008746430748

http://5.182.86.95

# Reference: https://x.com/moonlock_lab/status/1793702034782433441
# Reference: https://www.virustotal.com/gui/file/60ad28afc1b3bd1cfd671c8f5fad7398e1cb7bd811498ef8a371007c4c32e75e/detection
# Reference: https://www.virustotal.com/gui/file/30b89622c779dd06faa909e7e0b8e88f3b75ca78fad00c4cf0ef7db320e3b218/detection
# Reference: https://www.virustotal.com/gui/file/2e3dcbccd9c774a43ec8565378c4ae9f4f6048b5f4c984d99e4f000858b688e3/detection

forked-project.com

# Reference: https://x.com/birchb0y/status/1793735550744375338
# Reference: https://app.validin.com/detail?find=185.172.128.72&type=ip4&ref_id=9fd035b569f#tab=resolutions

altllayer.com
earlymodenetwork.com
leaderwallets.org
lfgjupiter.com
mantanetwork.dev
newparadigm.dev
pixelcommunity.xyz
rodrigos.io

# Reference: https://x.com/Threat_Down/status/1794033775980032497
# Reference: https://www.virustotal.com/gui/file/27ed8f5684e32217a073200ac80d822825f4e9954797f6682c7a6c8d0951fb88/detection

http://65.108.232.23
calenserty.com

# Reference: https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/
# Reference: https://otx.alienvault.com/pulse/65b915078b79508127f170a9

arcbrowser.pro
cleanmymac.pro
parallelsdesktop.pro
pixelmator.pics

# Reference: https://x.com/arch1ehic0x/status/1803095125779791980
# Reference: https://x.com/karol_paciorek/status/1803357816746360903
# Reference: https://x.com/karol_paciorek/status/1803362692566028490
# Reference: https://app.validin.com/detail?find=ROD%20STEALER&type=raw&ref_id=2874a9d4ee7#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/b68fbd104d13e025928f29bb90a25ab5b552ba1275ccd11869cf626fca85fb46/detection

http://185.172.128.110
onipars.pw
truck-ord.site

# Reference: https://x.com/arch1ehic0x/status/1806678546607227054
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.60/relations
# Reference: https://www.virustotal.com/gui/file/474ee78c6636ee478ea7f4521559679fbc468bb326357737bfc465e63ed153fa/detection

agov-access.com
agov-access.net
agov-ch.com
agov-ch.net
register-agov.com
register-agov.net

# Reference: https://x.com/NDA0E/status/1806818805961912577
# Reference: https://x.com/bruce_k3tta/status/1887881634286108734
# Reference: https://x.com/g0njxa/status/1915698276206104905
# Reference: https://search.censys.io/hosts/185.147.124.212
# Reference: https://www.virustotal.com/gui/file/61b0b147bf9bec52818af09d10ca7b81bb94c07d964684f10360abfe426014ba/detection
# Reference: https://www.virustotal.com/gui/file/382b0c1923db5369787f84f839004c171e7d400482055725b091f5eede80a7a4/detection

http://185.147.124.212
http://88.214.50.3
185.147.124.212:22
185.147.124.212:3389
lascolinasresortdalas.com
login-auth-office.com
osheafarm.com
poseidon.cool
robsheraldry.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/ (# 2024-07-01)

http://186.2.171.60
http://37.27.82.196
http://68.66.226.80
186.2.171.60:443
37.27.82.196:443
agovaccess-ch.com
b2cidp-mobilier.com
bitp.alamri-ip.com
bitp.alan.my
bitp.alkareemimport.com
bitp.avansisgroup.com
bitp.blueroselb.com
bitp.clementinasketchbook.com
bitp.dicoar.com
bitp.ebibote.com
bitp.fromagetambourin.fr
bitp.grantindonesia.com
bitp.hapa5387.odns.fr
bitp.heavenconstruction.pk
bitp.heavenmarketing.pk
bitp.htechs.com
bitp.idealindustryltd.com
bitp.kkenterprises.pk
bitp.navihost.in
bitp.nwg.com.pk
bitp.olivrodapatria.online
bitp.ontech.co.zm
bitp.phrapitta.com
bitp.pisuka.com
bitp.pouradhwani.com
bitp.quasar.sa
bitp.quick-eg.com
bitp.raagifts.com
bitp.siupk.net
bitp.smslogin.xyz
bitp.sviat21.com
bitp.tami8849.odns.fr
bitp.tiedyeromania.ro
bitp.tilakhighfiji.com
bitp.weltpropiedades.cl
bitpa.ananyajain.com
bitpa.artemilenario.fr
bitpa.athleticshub.co.uk
bitpa.babajani.com
bitpa.bariel.co.id
bitpa.beautifulbooze.com
bitpa.bghbd.com
bitpa.bicoman.net
bitpa.casamagdalenapublicidad.com.co
bitpa.combienemetmonargent.info
bitpa.dctcbd.com
bitpa.desipolska.pl
bitpa.dogfestival.gr
bitpa.drcaraccessories.com
bitpa.eamarseba.com
bitpa.elshamel.online
bitpa.guptavedika.com
bitpa.hostpinas.com
bitpa.innovatalks.com
bitpa.jcaisse-dev.org
bitpa.mathinmaps.net
bitpa.mejoresconsejosvida.online
bitpa.miogatto.gr
bitpa.miogatto.greffectual
bitpa.moralesalducin.com
bitpa.mydreamsltd.com
bitpa.nationaltemps.co.uk
bitpa.neebs.edu.np
bitpa.newestrealty.com
bitpa.owanbefood.com.ng
bitpa.palms77hotel.com
bitpa.planethair.gr
bitpa.professoranagida.online
bitpa.pta-greece.gr
bitpa.remoteprints.com
bitpa.sarshipping.net
bitpa.smsfi.com
bitpa.socialobserver.in
bitpa.soltita.com
bitpa.tatlibuketi.com
bitpa.tigercampcorbett.com
bitpa.toel4298.odns.fr
bitpa.vendotuttonline.com
bitpa.vissnatech.ir
bp.4dpayme.com
bp.absolutairarcondicionado.com.br
bp.afrokulchagroup.com
bp.americansports.com
bp.aminadabelago.com.br
bp.appoemn.org
bp.bernard-bourcy.net
bp.blogcanadiense.com
bp.brankenattorneys.co.tz
bp.cairnhillwatches.com
bp.car.co.tz
bp.celebratebloomfield.org
bp.celloxwatches.com
bp.ctvidamelhor.com.br
bp.davidliving.com
bp.dieterforjudge.com
bp.dumbeg.com
bp.easthartfordinterfaith.org
bp.edgenetworks.rs
bp.emporioecuador.com
bp.fatp.co.tz
bp.flyingdonvstg.franciaim.net
bp.fortclean.net
bp.fursforus.net
bp.hotelultimafrontiera.com
bp.innovatalks.com
bp.isap-union.gr
bp.jpxhelmet.com
bp.kgcdiary.com
bp.kidsightusa.org
bp.killerworkdev.com
bp.linenessentials.com
bp.littleleafstudio.co.uk
bp.lyctechnologies.com
bp.marthareingold.com
bp.mgcsw.gov.ss
bp.mibenditoadolescente.com
bp.moimoveis.com.br
bp.movie.co.tz
bp.myindiamall.in
bp.natenrjs.com
bp.nationalbeatpoetryfoundation.org
bp.news.co.tz
bp.niceguyrebrands.xyz
bp.paltouchsystems.net
bp.petersparre.com
bp.rafikidodomahotel.com
bp.richardobenton.com
bp.riscasvicosas.pt
bp.saleseconomic.com
bp.sc1jtfu9765.universe.wf
bp.segurobligatorio.pro
bp.seo7sry.com
bp.shivaagorealty.com
bp.stasy-union.gr
bp.sygenpharma.com
bp.tdsorsta.ro
bp.trueearthchanges.com
bp.video.co.tz
bp.watertownctlions.org
bp.wegolions.org
bp.wheelsofwilliamsport.com
bp.wheelsofwilliamsport.net
bp.wocrimestoppers.org
bp.worldcup.co.tz
dibbadu.absoluteitbd.com
dibbadu.arkaconstructores.com
dibbadu.caelectrons.com.br
dibbadu.carboneralabanda.com.co
dibbadu.ciptransfer.com
dibbadu.dolphinmanagement.ro
dibbadu.evergraphics.com
dibbadu.geofieldp.com
dibbadu.institutointei.com
dibbadu.millennialstourandtravel.co.ke
dibbadu.myportfolio.com.co
dibbadu.nextsol.com.br
dibbadu.planamoveis.com.br
dibbadu.proexcon.com
dibbadu.promoveazaonline.com
dibbadu.smartfuture.co.za
dibbadu.sscmcc.cl
dibbadu.sulmov.com.br
dibbadu.trujilloserrano.com
eportal-be.com
eportal-bs.com
extraiptv.giize.com
finanzportal-vermogenzsentrum.com
finanzportal-vermogenzsentrum.net
getgrammerly.com
hd.hdweb2.pw
ip.tvguzel.com
loginzug.com
newcp.abagenciamarketingdigital.com
newcp.adrenalinanet.com.br
newcp.afrikwebacademy.com
newcp.americansports.com
newcp.amtech.sd
newcp.andersonconstantino.com.br
newcp.ankaracilingirci.com
newcp.ankaradatemizliksirketi.com
newcp.ankarasevkattesisat.com
newcp.arteimparables.online
newcp.atlasfizyoterapi.com.tr
newcp.aurcleaning.com
newcp.aurejewelry.ca
newcp.avalanche-store.com
newcp.balcovacicekciler.com
newcp.bayraklicicekciler.com
newcp.bazis-t.uz
newcp.beyondxgroup.online
newcp.bitezeventwedding.com
newcp.bizaccord.com.pk
newcp.bnkilaclama.com
newcp.bonggayon.com
newcp.bornovacicekciler.com
newcp.boscosoft.ae
newcp.botchats.in
newcp.brntemizlik.com
newcp.clay.net.in
newcp.colegioburiti.com.br
newcp.coliturcusco.com.pe
newcp.departamentosenpueblolibre.com
newcp.dihucar.com
newcp.dominantlegaltrans.com
newcp.essasattire.com
newcp.essentemizlik.com
newcp.fahadengineerings.com
newcp.franciaim.net
newcp.frederic-monereau.com
newcp.freud.radi0.im
newcp.fxtransportation.com
newcp.gaziemircicekciler.com
newcp.generation-green.ma
newcp.geofieldp.com
newcp.ghdemo.com.tr
newcp.grid-edge.com.au
newcp.gridedgenews.com
newcp.gssgroup.co.ke
newcp.h-bsofwares.com
newcp.harasselection.com.br
newcp.hiraotomatikkapi.com
newcp.hypercctv.org
newcp.icredes.com
newcp.iluminate.com.mx
newcp.induslab.net
newcp.inkopau-rentcar.com
newcp.ithalatcimiz.com
newcp.japeto.ro
newcp.jcgama.com
newcp.johnballis.com
newcp.karyacorp.com
newcp.libuinsi.my.id
newcp.liderford.com
newcp.lindaballis.com
newcp.lojaflordocerrado.com.br
newcp.lourencoviajante.pt
newcp.maeslanden.nl
newcp.maskinsoftware.com
newcp.maxxcontrol.com.tr
newcp.medyapm.com
newcp.meiya.co.ke
newcp.metse.co.bw
newcp.mexicodemaria.mx
newcp.multipolarsolution.com
newcp.naseemtravels.com
newcp.neutown.com
newcp.ngopicoding.com
newcp.niceguyrebrands.xyz
newcp.nirmalexpertsolutions.com
newcp.oiltanker.com.ng
newcp.olivrodapatria.online
newcp.perapeyzaj.com
newcp.piolinspa.cl
newcp.plastikiniai-langai.eu
newcp.pnmls.cd
newcp.posdata-si.com
newcp.qadricaterers.com
newcp.ram-service.cl
newcp.recubplast.com.co
newcp.royalcontingencia.com
newcp.rsquad.co.ke
newcp.safipompe.ma
newcp.sagarsprings.com
newcp.sbaqala.pk
newcp.sc3bhgr7781.universe.wf
newcp.seo7sry.com
newcp.skinorra.com
newcp.smartlabor.it
newcp.solarib.com
newcp.sosgestion.com.co
newcp.spiegelenergy.com
newcp.spiegelenergy.com.au
newcp.stargazemining.co.za
newcp.superanimalpet.com
newcp.tamilankadai.com
newcp.tamminguyen.co.uk
newcp.tammisnaps.com
newcp.techcube.in
newcp.termomecconsultoria.com.br
newcp.thebestbodrumtemizlik.com
newcp.thebestbodrumtemizlik.comlounge
newcp.thisisafricas.com
newcp.tuintiadmin.com
newcp.ultisol.co.za
newcp.universal-kikaku.com
newcp.uns-kikaku.com
newcp.urunstand.com
newcp.visualmakers.com.pk
newcp.vozminera.mx
newcp.wine-ar.com
newcp.youknowpeople.com
newcpp.1ihost.com.br
newcpp.3dsurf.ir
newcpp.4182-0006ac95072f.wptiger.fr
newcpp.abarclinic.com
newcpp.abrakadabra.com.pe
newcpp.aceleraventas.com
newcpp.activelifemd.com
newcpp.addisbasketball.com
newcpp.adrenalinanet.com.br
newcpp.afrokulcha.co.za
newcpp.afrokulchagroup.com
newcpp.afrokulchatravel.co.za
newcpp.almoajel.sa
newcpp.altaymediaalbania.org
newcpp.aminadabelago.com.br
newcpp.apa.ba
newcpp.aurejewelry.ca
newcpp.aurespa.ca
newcpp.averynigeria.com
newcpp.balebuku.my.id
newcpp.bandamuveegroov.com.br
newcpp.banjarkode.com
newcpp.better-gpt.org
newcpp.billionairesestate.com
newcpp.bocadosdeamor.com
newcpp.build-2-suit.com
newcpp.casadefriossaobenedito.com.br
newcpp.casamagdalenapublicidad.com.co
newcpp.cncmorelos.org
newcpp.confidable.com
newcpp.conquermark.com
newcpp.constructoraharr.clapostolic
newcpp.credencewatches.com
newcpp.damaskin.ro
newcpp.danmartin.ro
newcpp.dilagosburguer.com.br
newcpp.ditsaambiental.com
newcpp.dktravel.com.ec
newcpp.doncellafem.com
newcpp.dsts-immigration.com
newcpp.dungnguyenarchi.com
newcpp.durumdelight.com
newcpp.easthartfordinterfaith.org
newcpp.education21kulimpku.com
newcpp.embassydevelopments.com
newcpp.espace-food.com
newcpp.espinhoserosas.com.br
newcpp.exactcolor.co.ke
newcpp.faforlife.com.ng
newcpp.faforon.com
newcpp.faforon.com.ng
newcpp.falahatishop.com
newcpp.fatp.co.tz
newcpp.faybd.com
newcpp.fitnessupbeat.com
newcpp.fridaybd.com
newcpp.fundacionequiterra.org
newcpp.gemsinnovation.com
newcpp.gridedge.com.au
newcpp.gridedgenews.com
newcpp.h-bsofwares.com
newcpp.harmonyvillage.gr
newcpp.hotel.co.tz
newcpp.huncanlit.com
newcpp.husamekhrawesh.com
newcpp.ibis-inspection.com
newcpp.ilutex.com.br
newcpp.imcbgten4.org
newcpp.institutoiba.org.br
newcpp.inversionesllort.com
newcpp.isabelaayrosa.adv.br
newcpp.johnballis.com
newcpp.kgcdiary.com
newcpp.khabarworld.com
newcpp.killerworkdev.com
newcpp.kotok.net
newcpp.ktktech.my.id
newcpp.kystibbi.com.tr
newcpp.lacitavilla.com
newcpp.lakcards.lk
newcpp.lenterdit.com.ar
newcpp.levinesolutions.net
newcpp.lindaballis.com
newcpp.logdist.ma
newcpp.ludotenis.com
newcpp.luicreativestudio.com
newcpp.magyarkoltok.com
newcpp.mahtokitchencare.com
newcpp.meadvilleorthodontics.com
newcpp.medicalmedia.com.mx
newcpp.meiya.co.ke
newcpp.moimoveis.com.br
newcpp.moralesalducin.com
newcpp.movie.co.tz
newcpp.musamwaky.co.tz
newcpp.nationaltemps.co.uk
newcpp.natroglobal.com
newcpp.news.co.tz
newcpp.nonisec.com
newcpp.nonisec.com.ar
newcpp.ontrace.id
newcpp.park-systems.net
newcpp.payall.com.ng
newcpp.pkmkaranganyar.com
newcpp.pmkt.ao
newcpp.polomilano.com
newcpp.polyvin.com.br
newcpp.powerunits.com.ng
newcpp.powerunits.com.ngwittily
newcpp.powerunits.ng
newcpp.princekushwaha.com.np
newcpp.protrans.com.ph
newcpp.quantum-ev.co
newcpp.quasar.sa
newcpp.quasarful.com
newcpp.recettecuisinegastronomie.fr
newcpp.revenueacademy.it
newcpp.saamtrek.co.za
newcpp.sagarsprings.com
newcpp.sandrasperling.com
newcpp.sbtabriz.com
newcpp.sc1jtfu9765.universe.wf
newcpp.scotiaperu.pe
newcpp.seguroautoagora.com.br
newcpp.seis.co.ke
newcpp.sketchersdesign.co.ke
newcpp.smartzone.sa
newcpp.spiegelenergy.com
newcpp.sscmcc.cl
newcpp.stayeasyplus.com
newcpp.stratwood-gs.ro
newcpp.streakk.com.ng
newcpp.tabledemassagepliante.fr
newcpp.tdsorsta.ro
newcpp.techtrust.pt
newcpp.tecsoluciones.com.pe
newcpp.testabeko.mamaquette.fr
newcpp.thehumanitarianfund.org
newcpp.themavvel.co.ke
newcpp.tracymasonmedia.com
newcpp.uns-kikaku.com
newcpp.uptourismguide.com
newcpp.upvs.com.ng
newcpp.urushomestay.com
newcpp.vanguardaamazonense.com.br
newcpp.wecarefamilydentistry.com
newcpp.wpsuperlink.online
newcpp.wychelmconnect.com.ng
newcpp.xyfinity.co.za
newscp.aaptiroots.in
newscp.academicindia.in
newscp.aeni-script.my.id
newscp.agenciazurc.com.br
newscp.ainirentcar.com
newscp.akia.com.mx
newscp.alauddinsweetmeat.com.bd
newscp.allkemie.com
newscp.almastudio.pe
newscp.antaema.com
newscp.arabic.du.ac.bd
newscp.area14st.com
newscp.aromatherapyacademy.com
newscp.atiliomarola.com.ar
newscp.aunurrafiqofficial.com
newscp.bangfirmanofficial.com
newscp.bariel.co.id
newscp.blueheadfilms.com
newscp.botchats.in
newscp.carboneralabanda.com.co
newscp.carvalhocruz.com.br
newscp.cgsbim.cl
newscp.chaucatotoursperu.com
newscp.clay.net.in
newscp.cncmorelos.org
newscp.colbachabierto.com
newscp.colbiomor.org
newscp.computertechsperts.com
newscp.contechprojects.com
newscp.danmartin.ro
newscp.darfurfm.sd
newscp.debambu.es
newscp.debellis.com.br
newscp.digitalmaster.ro
newscp.dolphinmanagement.ro
newscp.dominioarquitectura.com
newscp.ebitan.com.bd
newscp.entreprisesdavenir.fr
newscp.exideinverterbattery.in
newscp.fatp.co.tz
newscp.gclenterprises.in
newscp.geber.com.mx
newscp.geliankft.hu
newscp.grupoempresarialvasram.com
newscp.grupomv.com.py
newscp.hchemical.sd
newscp.heefhotel.com
newscp.hospitaldesanluis.com.co
newscp.hotelultimafrontiera.com
newscp.hydrosolutions.pe
newscp.ibis-inspection.com
newscp.inncomex.com.mx
newscp.internetareal.net.br
newscp.janeladedramaturgia.com
newscp.junoindia.com
newscp.kashier365.com
newscp.khulumameals.co.za
newscp.laboratoriomacruzfarma.com
newscp.lf21.my.id
newscp.machaquila.com
newscp.mappingcanvasser.com
newscp.maridadymotors.co.ke
newscp.mexicodemaria.mx
newscp.mgglobalinvest.com
newscp.myindiamall.in
newscp.myportodigital.site
newscp.ndwc.com.py
newscp.nextsol.com.br
newscp.nppp.pk
newscp.nsaservices.com.br
newscp.oanachivu.ro
newscp.officialrtv.com
newscp.oiltanker.com.ng
newscp.ontrace.id
newscp.posdata-si.com
newscp.psiqo.com.pe
newscp.rafaelhsouza.com.br
newscp.ranasariagroup.com
newscp.roborave.mx
newscp.romalogistics.com.pe
newscp.sacs.ec
newscp.sagarsprings.com
newscp.savannah.sd
newscp.sc1dsnb7288.universe.wf
newscp.sc1tmtd4794.universe.wf
newscp.sc3bhgr7781.universe.wf
newscp.seotoronto.company
newscp.siarabd.com
newscp.slagveld.co.za
newscp.soltani-shopping.com
newscp.srprof.com
newscp.superanimalpet.com
newscp.swammovers.com
newscp.thirtyline.com.my
newscp.top2stay.com
newscp.tora-ks.com
newscp.tracymasonmedia.com
newscp.trimitrateknikmandiri.com
newscp.universalauto2000.it
newscp.usgonline.mx
newscp.valledelinka.com.pe
newscp.webhostingneo.co.id
newscp.xmartechpro.com
newscp.xpresscard.info
newscp.youthtuko.org
panda.arcaem.com
panda.ckinam.com
panda.creativeeventsbd.com
panda.dilagosburguer.com.br
panda.ffde.com.br
panda.fxtransportation.com
panda.grupoqueiroz.pt
panda.japanbangladeshhospital.com
panda.laofix.com.tr
panda.levinesolutions.net
panda.lojaniq.com
panda.sixfibras.com.br
panda.superdreadi.com
panda.tafca.cl
panda.vifurni.com
panda.viralhab.com
panda.vuacanvas.com
pipp.agauto.co.ke
pipp.debellis.com.br
pipp.diasecampos.com.br
pipp.dilagosburguer.com.br
pipp.dipankardey.com
pipp.eshaqlaw.com
pipp.japanbangladeshhospital.com
pipp.laofix.com.tr
pipp.nsaservices.com.br
pipp.pantallita.com
pipp.retromad1.ro
pipp.seo7sry.com
pipp.showroomilgiornodopo.it
pipp.sixfibras.com.br
portals-swisslife.com
sso-geneveid.com
tv.surebettr.com
tv.yayins.com
zestyahhdog.com
zug-login.com

# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.59/relations

bitp.funhaus.com.br
bitp.lesamisduvelo.fr
bitpa.adm-informatique.fr
bitpa.alkoukhonline.com
bitpa.amberconsult.com.ng
bitpa.ananyaholidays.com
bitpa.ananyaresorts.com
bitpa.ananyaventures.com
bitpa.arthamari.com
bitpa.beautygirlmag.com
bitpa.bocadosdeamor.com
bitpa.dealiatrade.pl
bitpa.dsborneo.com
bitpa.ektajain.com
bitpa.hippocampusinfotech.com
bitpa.lousamel.pt
bitpa.ludotenis.com
bitpa.matrixintertrade.co.th
bitpa.metodologiavirtual.com
bitpa.onpo.com.tr
bitpa.papoetoys.com
bitpa.racq2120.odns.fr
bitpa.registrocolegiados.cl
bitpa.ronafortuna.com
bitpa.ronakglobal.com
bitpa.sarkerrentacar.com
bitpa.telecos.com.pe
bitpa.tradingchilespa.cl
bp.3kmystore.com
bp.4dceria.com
bp.adlibmanagement.com
bp.affixsolution.com.br
bp.afrokulcha.co.za
bp.ainirentcar.com
bp.apotekavesta.rs
bp.appservice.com.mx
bp.aromatherapyacademy.com
bp.artemilenario.fr
bp.artnathacha.com
bp.be-tronics.com
bp.bizaccord.com.pk
bp.bloomfieldcthistory.org
bp.blueheadfilms.com
bp.branditmediahouse.co.za
bp.campovalepet.com.br
bp.checkedgar.com
bp.chuckoakes.net
bp.computertechsperts.com
bp.credencewatches.com
bp.ctgerizim.com.br
bp.diasecampos.com.br
bp.digitalforall.com.ng
bp.dilagosburguer.com.br
bp.dreamakerbd.com
bp.dremilio.com.br
bp.dungnguyenarchi.com
bp.e-drimer.pe
bp.ecce-groups.com
bp.ecomingrupo.com
bp.edu365pro.com
bp.emohoytsega.com
bp.erkutbarel.com.tr
bp.espace-food.com
bp.ets-kadydier.com
bp.excellentagro.biz
bp.faybd.com
bp.feedingspeedy.com
bp.gavasilva.adv.br
bp.gmseafood.cl
bp.grupoempresarialvasram.com
bp.haseed.com
bp.hex29.io
bp.holaquetal.tur.br
bp.homecityseremban.com.my
bp.hotel.co.tz
bp.hypercctv.org
bp.ibis-inspection.com
bp.induplastico.com.br
bp.instalarmacros.info
bp.itiss-cloud.com
bp.jerrylabriola.com
bp.jerrytalks.com
bp.josuesantana.com.br
bp.jprhelmet.com
bp.julianafabrizzi.com.br
bp.katariorganics.com
bp.kwickboxconsultant.com
bp.legitinteriordesign.com
bp.lexis.ma
bp.liazo.com
bp.lilianmeneghel-imoveis.com.br
bp.lionsdistrict23c.org
bp.lionslowvisionctr.org
bp.livingstonedameh.com
bp.lmmotors.com.pe
bp.mail.co.tz
bp.metodologiavirtual.com
bp.metse.co.bw
bp.mibusbolivia.com
bp.mirantedosgolfinhos.com.br
bp.montrexwatches.com
bp.moodle3.cfjulioresende.org
bp.mrsocial.io
bp.niemandsland.net.bo
bp.nynews.live
bp.payall.com.ng
bp.petercianciolo.com
bp.pilaresdealejandria.com.ar
bp.pncoaching.com
bp.pnmls.cd
bp.pousadavilladosgolfinhos.com.br
bp.powerunits.com.ng
bp.powerunits.ng
bp.quantum-ev.co
bp.radiopionerosfm.com
bp.ragdespace.com
bp.rarespeak.com
bp.ravinegloryhospital.co.ke
bp.realpromotora.com.br
bp.regig.org
bp.rowsolution.com
bp.sandrasperling.com
bp.sanymakmur-tc.com
bp.schulmanlaw.net
bp.sistem.eng.br
bp.sixfibras.com.br
bp.spotlesscrystal.com
bp.stwatertechnic.com
bp.t201.eliti.com.br
bp.taalisip.com
bp.techcube.in
bp.techdataminds.in
bp.tezas.in
bp.tracymasonmedia.com
bp.upvs.com.ng
bp.urushomestay.com
bp.venturarodrigues.pt
bp.westernhealthcareservices.com
bp.wissenfamily.org
bp.xyfinity.co.za
ddbyav.xiangjige.com
dibbadu.2kconstructores.com
dibbadu.4vipdjs.com
dibbadu.andresdeveloper.com
dibbadu.autobase.gr
dibbadu.byestrategica.com
dibbadu.centi.co.ke
dibbadu.fabconline.net
dibbadu.gaal0548.odns.fr
dibbadu.graphichub.in
dibbadu.hotelangasmayo.com
dibbadu.iiocouncil.com
dibbadu.inelco.com.mx
dibbadu.junoindia.com
dibbadu.kntgroup.co
dibbadu.logopidea.com
dibbadu.makeopportunity.org
dibbadu.onchange-group.com
dibbadu.pacegallary.com
dibbadu.rumahtua.net
dibbadu.saleseconomic.com
dibbadu.samaelcasanova.com
dibbadu.sc1ozko2782.universe.wf
dibbadu.sc4jtfu9765.universe.wf
dibbadu.showrender.com
dibbadu.techmarketim.com
dibbadu.tezas.in
dibbadu.trackingcookie.info
dibbadu.tuintiadmin.com
dibbadu.viproc.cl
flipdna.com
horoscopo-2022.org
horoszkop2022.com
newcp.agenciadss.com.py
newcp.amaya.cl
newcp.amshesp.com
newcp.appservice.com.mx
newcp.azharconstruction.com
newcp.carvalhocruz.com.br
newcp.celis-massage.fr
newcp.ciaosa.com
newcp.continentlpe.info
newcp.credillants.pe
newcp.diasecampos.com.br
newcp.drajna.ro
newcp.gridedge.com.au
newcp.ibis-inspection.com
newcp.izmircicekciler.com
newcp.marembal-group.com
newcp.simaltrading.nl
newcp.supraseg.com.br
newcp.thirtyline.com.my
newcp.uje.com.co
newcpp.75d7-4bcef4b19275.wptiger.fr
newcpp.adlibmanagement.com
newcpp.affixsolution.com.br
newcpp.agauto.co.ke
newcpp.akilimingi.com
newcpp.antaema.com
newcpp.arcaem.com
newcpp.asainformaticarj.com.br
newcpp.bbwayplastic.com
newcpp.blogcanadiense.com
newcpp.borchtechnology.com
newcpp.car.co.tz
newcpp.cbrsanpedrodelapaz.cl
newcpp.celloxwatches.com
newcpp.collecteau.fr
newcpp.cuentasstreaming.com
newcpp.desiexpats.com
newcpp.ecomingrupo.com
newcpp.educar.com.vc
newcpp.educarinformatica.com.br
newcpp.erkutbarel.com.tr
newcpp.exwebian.com
newcpp.fabconline.net
newcpp.farlujotna.sn
newcpp.fortclean.net
newcpp.foundingfarmerssnacks.com
newcpp.iiocouncil.com
newcpp.impulsedesenvolvimento.com.br
newcpp.informatikaunwaha.com
newcpp.iradio.co.in
newcpp.itiss-cloud.com
newcpp.jcgama.com
newcpp.kanderia.com
newcpp.kento.ec
newcpp.lycominggop.org
newcpp.manaliindiancuisine.es
newcpp.marthareingold.com
newcpp.math.shorbanggo.com
newcpp.mensmadness.com
newcpp.montrexwatches.com
newcpp.mopedic.gm.so
newcpp.moralesiluminacion.com.mx
newcpp.mysterebeauteproducts.com
newcpp.natural-ubiquinol.com
newcpp.nazathai.net
newcpp.nevestech.com.br
newcpp.nyaligalumni.com
newcpp.olivrodapatria.online
newcpp.pakrevolutions.com
newcpp.pantallita.com
newcpp.rayonclothings.com
newcpp.razhmana.com
newcpp.rplogistic.com
newcpp.sara-baby.dz
newcpp.sarmayenegar.ir
newcpp.sc2jtfu9765.universe.wf
newcpp.scandent3d.cl
newcpp.seo7sry.com
newcpp.skiener.ch
newcpp.socialstrategy.pk
newcpp.soteriabiblecollege.com
newcpp.spotred.co.ke
newcpp.supraseg.com.br
newcpp.tagudinmarket.net
newcpp.timezoneservice.com
newcpp.view-mind.com
newcpp.viralhab.com
newcpp.vows-plus.com
newcpp.wheelsofwilliamsport.com
newcpp.ximaluster.com
newcpp.youknowpeople.com
newscp.afrodigitaltd.com
newscp.balebuku.my.id
newscp.capitalrobotia.com.mx
newscp.clinicamaranatha.com.br
newscp.clinicdental.in
newscp.drmahadihasan.com
newscp.erdilmen.com
newscp.eschaton2012.ca
newscp.feedingspeedy.com
newscp.flashcenter.com.br
newscp.gssgroup.co.ke
newscp.hex29.io
newscp.induslab.net
newscp.irisspamysore.in
newscp.jarkonrel.com
newscp.kalnemi.org.mx
newscp.maeslanden.nl
newscp.marembal-group.com
newscp.mariomatic.com.br
newscp.marketeate.com
newscp.masterbusiness.adm.br
newscp.moodle3.cfjulioresende.org
newscp.musaston.com
newscp.nasseradv.com
newscp.nextnovatech.com
newscp.omicc.ca
newscp.printshopper.in
newscp.promoveazaonline.com
newscp.rplogistic.com
newscp.seo7sry.com
newscp.skainetwork.com
newscp.sosgestion.com.co
newscp.sunrialimited.com
newscp.sunrialimited.com.ng
newscp.superbicideermita.com.mx
newscp.titikakamining.pe
newscp.verdelima.com.br
newscp.victorgonzalez.ca
panda.ainaofficial.com
panda.aminadabelago.com.br
panda.appservice.com.mx
panda.beesboertm.co.za
panda.businessgroup.pk
panda.corazza.co.za
panda.iga.co.rw
panda.mopedic.gm.so
panda.mrf-uganda.org
panda.nsaservices.com.br
panda.nyaligalumni.com
panda.ordonezsrl.com.ar
panda.prvapomoc.org
panda.virtualeventscenter.net
panda.wookapp5.com
pipp.espace-food.com
pipp.phrapitta.com
pipp.rggrandhotel.com
pipp.skmuhibbahraya.net
pipp.tredamschools.com.ng
pipp.zero4communication.net
sharehippo.com
wilkersontech.com
yinghuaxia.com
yiyuanzhou.com
yuruifu.com
zhaoriyue.com
zhaosf.nl
zhenhuanyu.com

# Reference: https://www.validin.com/blog/pivoting-to-expand-threat-intelligence/

tl-group.org
tlgroupe.com

# Reference: https://x.com/4n6Bexaminer/status/1820718431257428297

http://193.124.185.23

# Reference: https://x.com/Huntio/status/1820797152085582112
# Reference: https://moonlock.com/loom-macos-stealer

http://147.45.199.1
http://85.28.0.47
dinoverse.app
dinoverse.co
landofdreams.io
smokecoffeeshop.com
tnelloproject.com

# Reference: https://x.com/4n6Bexaminer/status/1822281363946381501
# Reference: https://tria.ge/240810-q2exvawdjb/behavioral1
# Reference: https://www.virustotal.com/gui/file/5ddc1391142c64074354adc87c62f0a048704a490ee785412a64896b0271da39/detection
# Reference: https://www.virustotal.com/gui/file/90f20a29ecc7dfe78341f418105f96604ef412722b0e59e4f1b59a552b02da29/detection
# Reference: https://www.virustotal.com/gui/file/a30ddee89d8fdbb64e84643833ddd8e8fade1e9d98e695956a76a79e8fd7e1ee/detection
# Reference: https://www.virustotal.com/gui/file/e16130704c03cbff99d5990da4e40933347e26b711bfdc579eb99d82725d71f7/detection

http://109.120.176.156
megantic.online

# Reference: https://x.com/4n6Bexaminer/status/1822284540527640735
# Reference: https://www.virustotal.com/gui/file/8becf02ba162c3885ade87fb4634c5d119f411f11c2524284107c5555cbd9b87/detection
# Reference: https://www.virustotal.com/gui/file/305868a8be14bd82f86e6aaa4afd639ad10923741faffe921340dcfa2cdaf9e4/detection

http://185.7.214.148
cleanmylaptopmac.com
eurosocceradventure.com

# Reference: https://twitter.com/malwrhunterteam/status/1704395617399652572
# Reference: https://www.virustotal.com/gui/ip-address/159.203.89.132/relations
# Reference: https://www.virustotal.com/gui/file/ab00aaf35d2db919c71b65c7d8bcb5d3879dbf00b9ff136104caded2a70fc856/detection
# Reference: https://www.virustotal.com/gui/file/34ff1240fcaaae2a37665325f587affcf786cf2c875ea09b7b602a62599bca78/detection
# Reference: https://www.virustotal.com/gui/file/6d47c0554abb8187d4dfc36ad9a242da453f7942b5e60bb0ee170b54caac0cac/detection

cellasllc.com
apps.cellasllc.com

# Reference: https://x.com/malwrhunterteam/status/1794256341508468761
# Reference: https://www.virustotal.com/gui/file/89f991ea9ce2c5b59cc07b703d4052231603601aae1b35cc34b258089b5253d2/detection
# Reference: https://www.virustotal.com/gui/file/5879bcbc293a6278d57fcb61b40bc7f3b351be4307cf888769d726d603033a1b/detection

account.worldhealthresearch.org

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/
# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/

http://185.172.128.110
http://185.172.128.123

# Reference: https://x.com/MalGamy12/status/1826621858319663565
# Reference: https://www.virustotal.com/gui/file/6f429ae81ef2b99cd357ae51da315723ab10f3ee54780b82374000cbee430687/detection

http://45.93.20.174
activecitrux.com
aimodel.itez-kz.com
akool.cleartrip.voyage
akool.travel-watch.org
akordiyonegitimi.com
albert.flora-kz.store
andrewsheppard.com
apkportion.com
b.nenkinseido.com
basgitaregitimi.com
clear-trip-ae.com
cleartrip.voyage
flora-kz.store
flow-kz.store
haiper.cleartrip.voyage
haiper.itez-kz.com
haiper.travel-watch.org
havoc.travel-watch.org
highschools2009.com
imageunic.com
itez-kz.com
load.activecitrux.com
load.managerthreads.com
locktgold.travel-watch.org
managerthreads.com
millikanrams.com
newcastlelimos.com
ns1.millikanrams.com
ns2.millikanrams.com
openaai.clear-trip-ae.com
panel.x00x.online
sorablack.cleartrip.voyage
sunumofisi.com
sweethome.travel-watch.org
synthesia.cleartrip.voyage
synthesia.flow-kz.store
synthesia.travel-watch.org
travel-watch.org
uizard.cleartrip.voyage
uizard.flow-kz.store
uizard.travel-watch.org
weface.cleartrip.voyage
weface.travel-watch.org

# Reference: https://x.com/NDA0E/status/1826640848949575938

apple-kz.store
bendiregitimi.com
l.apple-kz.store

# Reference: https://x.com/maulikl/status/1826727004458422674

agattiairport.com
alcokz.net
basgitardersi.com
bignoxplay.com
freecad-build.com
journeyart.org
ldeogramm.com
leboncoin-fr.eu
leonardo-ai.me
softimageai.org
waltkz.com
sweetbonanzadeserts.com
adwq.leonardo-ai.me
asd.leboncoin-fr.eu
load.freecad-build.com
load.journeyart.org
load.ldeogramm.com
load.softimageai.org
loader.waltkz.com
ns.basgitardersi.com
test.alcokz.net
testtwo.alcokz.net
up.bignoxplay.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash&ref_id=f3f25cf2cce#tab=host_pairs_v2

akordiyondersi.com
albanianvibes.com
ambisecperu.com

# Reference: https://x.com/NDA0E/status/1827318701063860299

techdom.click
aimodel.techdom.click
face.techdom.click
facetwo.techdom.click
haiper.techdom.click
luminarblack.techdom.click
synthesia.techdom.click

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/ (# 2024-08-25)

http://147.45.43.136
http://193.233.132.40
http://45.134.26.7
http://5.42.96.124
http://5.42.96.184
http://77.221.151.45
http://77.221.151.54
http://77.91.77.178
http://77.91.77.38
http://77.91.77.40
http://77.91.77.87
http://77.91.77.88
http://85.209.11.155
http://94.232.249.65
http://95.216.96.104

# Reference: https://app.validin.com/detail?find=413e3a6ee9a4cfe0763c01425a5c9ed0&type=hash#tab=host_pairs_v2

damobile.net
woltde.com
mulkrsvtolooy8s.woltde.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/ (# 2024-09-02)

http://147.45.47.170
http://185.235.128.217
http://185.28.119.85
http://194.59.183.241
185-235-128-217.netherlands-2.vps.ac
amika.pro

# Reference: https://www.virustotal.com/gui/domain/onlyfor.pro/detection

onlyfor.pro

# Reference: https://www.virustotal.com/gui/ip-address/193.233.132.137/relations
# Reference: https://www.virustotal.com/gui/file/0e520908d451c0366b600b08990e9f1958414fcdf67c9401c1319303e95847d9/detection

http://193.233.132.137

# Reference: https://x.com/privacyis1st/status/1840786883959251429

http://209.126.1.139

# Reference: https://x.com/osint_barbie/status/1840865672449995261
# Reference: https://tria.ge/240930-a1fjzsycmr/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/94.232.249.131/relations

alienmanfc6.com
apunanwu.com
cphoops.com
iloanshop.com
kansaskollection.com
ledger-cloud.com
makenleane.com
mdalies.com
modoodeul.com
pakoyayinlari.com
patrickcateman.com
phperl.com
stonance.com
utv4fun.com
/458f4bda41bc00314/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php
/kusaka.php?call=
/kusaka.php

# Reference: https://x.com/ryanchenkie/status/1880730173634699393
# Reference: https://x.com/banthisguy9349/status/1881071388381032933
# Reference: https://urlscan.io/search/#81.19.135.228
# Reference: https://app.validin.com/detail?type=ip&find=81.19.135.228#tab=host_pairs (# 2025-01-19)

http://81.19.135.228
99smoothfm.com
altreklama.com
apcmidland.com
bellwethersurveys.com
benvixa.com
biztus.com
blogorious.com
brucall.com
caniberich.com
cdn-telegram.cyou
cpofficial.com
credovsnra.com
dazhongyao.com
devpe.com
dgsinfo.com
djhyzhicai.com
dunkdeal.com
ecolumy.com
escapeesrvclub.com
gokujoutabi.com
hhynetwork.com
hinckleywebandprint.com
hwebprint.com
jaffarkhan.com
jesumaraz.com
jpavuluri.com
koollyrics.com
kypeti.com
louisianaquickfind.com
loumvideo.com
lovlypets.com
macossoft.com
mascotaenadopcion.com
messiku.com
mx9x.com
netextendersupport.com
newtabwallpaperstheme.com
norikosumiya.com
omerve.com
oouatsup.com
picsler.com
pilzmacher.com
pimmes.com
playchees.com
qdhaoge.com
quevalencia.com
realbenies.com
rgueapp.com
roonvar.com
sarahwillemart.com
schytcdagl.com
shahrsaz.com
soccerimg.com
spalumiere.com
spbsky.com
studioq202.com
tao025.com
tao221.com
tao816.com
tao886.com
tao977.com
taytrin.com
teganlily.com
tiaoshibao.com
tjsemicoke.com
tssale.com
update-appstore.com
vladistudio.com
whsdns.com
wikishared.com
xiangtanjk.com
yaocanting.com
zhongdaauto.com
zoamaster.com
zontricks.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash#tab=host_pairs_v2

http://82.197.67.174
http://82.221.139.121
aiaggregator.com
archerwescott.com
bateriegitim.com
baumanufaktur-muenster.com
bjj-gameplan.com
leboncoin.legal
scrip.leboncoin.legal
script.techdom.shop
techdom.shop

# Reference: https://x.com/Malwarebytes/status/1843401297246269675
# Reference: https://www.malwarebytes.com/blog/news/2024/10/large-scale-google-ads-campaign-targets-utility-software

aerodrame.finance
creativekt.com
designexplorerapp.net
foreducationapp.com
studioplatformapp.net
turnrevenue.com
workmeetingsapp.com
clockify.turnrevenue.com
notion.foreducationapp.com
odoo.studioplatformapp.net
slack.aerodrame.finance
slack.designexplorerapp.net
slack.workmeetingsapp.com

# Reference: https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/

bowerchalke.com
carolinejuskus.com
cautrucanhtuan.com
dekhke.com
lirelasuisse.com
mensadvancega.com
mishapagerealty.com
pabloarruda.com

# Reference: https://x.com/suyog41/status/1851507299073864016
# Reference: https://www.virustotal.com/gui/file/a33705df80d2a7c2deeb192c3de9e7f06c7bfd14b84f782cf86099c52a8b0178/detection

http://194.169.175.117

# Reference: https://x.com/malwrhunterteam/status/1857726856675430531
# Reference: https://www.virustotal.com/gui/file/4fb1fa11f4077e8406ac11e55476d4f6852cc75087063b385060d81c9c166a7f/detection

http://70.34.213.27

# Reference: https://x.com/malwrhunterteam/status/1858482586583998838
# Reference: https://www.virustotal.com/gui/file/ca0f682a5f492c20181ddae738212c8490e4b8e0c1b4fa4b8f5bc48de4592fb7/detection

http://141.98.9.20

# Reference: https://x.com/banthisguy9349/status/1873402882424455582
# Reference: https://x.com/malwrhunterteam/status/1889723588195782906
# Reference: https://www.virustotal.com/gui/file/8d947518564bdbefc9af3811a44f856f8ceea0864cbc0a17f06c04f4f3a4a7d0/detection

http://141.98.9.201
http://141.98.9.202
http://141.98.9.203
http://147.22.1.1
http://147.45.43.49
http://185.174.136.197
http://192.233.132.188
http://193.124.185.50
http://193.124.185.53
http://193.124.185.54
http://193.233.132.126
http://193.233.132.131
http://193.233.132.132
http://193.233.132.138
http://193.233.132.155
http://193.233.132.168
http://193.233.132.188
http://194.120.116.186
http://5.44.41.73
http://85.192.63.234
77.221.134.79:5000
fantafab.com
/81bD01OkzH1z

# Reference: https://x.com/suyog41/status/1877182323340488974
# Reference: https://www.virustotal.com/gui/file/ee015087be69203435175c256ee689a00f9ec693e146536c8c132e3311975ec2/detection

http://81.19.135.54

# Reference: https://x.com/gregclermont/status/1877294378663784912
# Reference: https://www.virustotal.com/gui/file/fa1ffa024184f8ade3ef294b5a7a485a48f52361fbf53d37635c2079c57ebcbb/detection
# Reference: https://www.virustotal.com/gui/file/9a0065d15c985dc95189a5c9e808d0209b6d473dd6f44d328bd3c1d42aaabe4d/detection

brewmacos.com

# Reference: https://x.com/suyog41/status/1878707544576974922
# Reference: https://www.virustotal.com/gui/file/80f492d98f2f409de8d9bd4c35b4f4b616ea1e4e855ed3bdc46bf9a7a956f274/detection
# Reference: https://www.virustotal.com/gui/file/8d2bb3be043442dac22f480f02b449525d5ba99b25f95330b674b8face07bcea/detection
# Reference: https://www.virustotal.com/gui/file/b365ac9a8b2dac885d0dfbd765f4b7b08681e4429f0394781e7d0ccbc50d6044/detection
# Reference: https://www.virustotal.com/gui/file/e064ac38282b8abbca176fcee2e2c792e885c49254d986589d974186aecd940a/detection

http://217.69.2.169

# Reference: https://x.com/motuariki_/status/1851386452590158205
# Reference: https://binhex.ninja/malware-analysis-blogs/amos-stealer-atomic-stealer-malware.html
# Reference: https://www.virustotal.com/gui/file/2f1d906d4ddcdba0425062d3814c89a93a514491a92154be74a4643b5c8c4d14/detection

http://141.98.9.20

# Reference: https://x.com/suyog41/status/1881230577199902765
# Reference: https://www.virustotal.com/gui/file/b73216b8c63faf542814a99389fb63de5fddf3800305dbecfe7aa3b9c0d9ab2a/detection

b2eb-115-135-31-192.ngrok-free.app

# Reference: https://x.com/banthisguy9349/status/1881091525427503602

/H0qlUfGV5EU2zrp3wYKr0

# Reference: https://x.com/i/bookmarks?post_id=1881563556736545256
# Reference: https://www.virustotal.com/gui/file/08caa600a0a35bfbbc2f6465877aa28d94ab499c7ffda8b921fb26d3aa59fd15/detection

demeijer.cfd
praanic.cfd

# Reference: https://x.com/suyog41/status/1881944554993267176
# Reference: https://app.validin.com/detail?find=91.202.233.202&type=ip4&ref_id=1df54403cc8#tab=host_pairs

5rd5tgh.cfd
bfgnet.cfd
bfgnet.icu
bmwqq.icu
explosem.cfd
hdking.cfd
ssrtool.icu
twoc.life
yogeshlond.cfd

# Reference: https://x.com/suyog41/status/1882294278086656352
# Reference: https://www.virustotal.com/gui/file/bc933b5ecca8b3864741c92fe0682f41a36bf809862ec9a61b09c83ad7b3d6ce/detection

sbdar.com

# Reference: https://x.com/suyog41/status/1882665545948069933
# Reference: https://www.virustotal.com/gui/file/f8ee5a52ce151c8120f0824593a9d8e153fc925380afcdb1fcdba0fa16147174/detection

luumu.cfd

# Reference: https://x.com/suyog41/status/1883765480827338881
# Reference: https://www.virustotal.com/gui/file/545b52fa91376883bee84c1c3220b1f16d079c1d85718f6bfc1119d685675385/detection

rickardmetal.com
wiramulia.com

# Reference: https://x.com/suyog41/status/1884123851195572527
# Reference: https://www.virustotal.com/gui/file/a6b35fce9e362a29b298090279b87c206d74b1bc00db0b86781f0a68e560c8b4/detection

http://82.115.223.9

# Reference: https://x.com/malwrhunterteam/status/1887415640597647406
# Reference: https://www.virustotal.com/gui/file/ad4e08c042b0cb618c181be11d72bc049b3799dbb946d58502a6df84f64d2741/detection

http://65.20.101.215

# Reference: https://x.com/suyog41/status/1889669330822111694
# Reference: https://www.virustotal.com/gui/file/809c93b69787a489bc92720dae1d69d03e76251b0c93c6e5e0b7db1a8197af19/detection

gominnanoom.com

# Reference: https://x.com/suyog41/status/1889650750462308762
# Reference: https://www.virustotal.com/gui/file/0cf240e85b629990dcac1035207c0cb60af068a1e11b372af98ecf1767eae97d/detection

karinnapadilla.com

# Reference: https://app.validin.com/detail?find=193.143.1.177&type=ip4&ref_id=efdf26799e6#tab=resolutions

betabux.com
tattoobg.com
vocheng.com
4jslg.tattoobg.com

# Reference: https://x.com/suyog41/status/1891379925342679319
# Reference: https://www.virustotal.com/gui/file/2ce574b3c03b2562b4f2303b5e7a4f262868913d01957689f2fdf40a3ab352f1/detection

ttknives.com
zblong.com

# Reference: https://x.com/suyog41/status/1892460976441872634
# Reference: https://www.virustotal.com/gui/file/24b589981850a0b5646ffcbef4b660637153412d3c1b02e5e526a59ef8595be4/detection

http://45.9.117.152

# Reference: https://www.esentire.com/blog/fake-deepseek-site-infects-mac-users-with-poseidon-stealer
# Reference: https://github.com/eSentire/iocs/blob/main/PoseidonStealer/PoseidonStealer-2-12-2025.txt

manyanshe.com

# Reference: https://x.com/malwrhunterteam/status/1893253918450221381
# Reference: https://app.validin.com/detail?find=4da341eee54094c5f73798447dc4da93&type=hash&ref_id=9d7e2f80322#tab=host_pairs (# 2025-02-22)

http://45.93.20.152
45.93.20.152:22
chromiumdriver.io
chromiumdriverbackend.com
echonex.ai
nevex.app
nowsync.app
nowsyncbackend.com
signdocsback.com
us85web.us
zoombackend.xyz

# Reference: https://x.com/malwrhunterteam/status/1894017454113706430
# Reference: https://x.com/malwrhunterteam/status/1894017461927760345
# Reference: https://x.com/malwrhunterteam/status/1894024411780374748
# Reference: https://x.com/ValidinLLC/status/1895120872421437511
# Reference: https://app.validin.com/detail?find=GrassCall&type=raw&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)
# Reference: https://app.validin.com/detail?find=f28820f49d98f8f7cafca5c256f1b807&type=hash&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)

alphawearmn.com
faceboock-page-support-manage.com
gatherum.net
grasscall.app
grasscall.net
grasscall.org
justworkpannel.icu
onda-zm.net
vibecall.app
wavecall.app
wavecall.ca
wavecall.cc
wavecall.co
wavecall.live
wavecall.org

# Reference: https://x.com/moonlock_lab/status/1894447597240140027
# Reference: https://www.virustotal.com/gui/file/fde8c0db46419585b0718c4df7e444d2aeee28b1fad771d39910389b529a8fad/detection
# Reference: https://www.virustotal.com/gui/file/2581a2b05bb39f16562b652311d8f5381a132cc31873c38312684c7a33520706/detection

asa-content-network.s3.us-west-2.amazonaws.com

# Reference: https://x.com/victorkubashok/status/1894737054841335964

miliste.com

# Reference: https://www.seqrite.com/blog/unmasking-grasscall-campaign-the-apt-behind-job-recruitment-cyber-scams/
# Reference: https://www.virustotal.com/gui/file/b63367bd7da5aad9afef5e7531cac4561c8a671fd2270ade14640cf03849bf52/detection

http://147.45.60.20
147.45.60.20:5000
147.45.60.20:8080

# Reference: https://x.com/suyog41/status/1897979588665655589
# Reference: https://www.virustotal.com/gui/file/c9e1af28664983105a2323974e41c7583b89ba175851195da31a662b6b7bfd54/detection

tarhnegasht.com

# Reference: https://x.com/malwrhunterteam/status/1898292008281575545
# Reference: https://www.virustotal.com/gui/file/d90b53c9aa6709339f989b23291def00f68d640e65505c76f6e8682a63c6e935/detection

http://95.164.53.3

# Reference: https://x.com/malwrhunterteam/status/1902667337297170664
# Reference: https://app.validin.com/detail?find=561a327cb399f779a2266e742be2cd33&type=hash&ref_id=9ca321c580e#tab=host_pairs (# 2025-03-30)

playrocketgalaxy.net
playrocketgalaxy.world
rocketgalaxy.io
rocketgalaxy.world
rocketgalaxyworld.com
wayoutstars.com

# Reference: https://x.com/malwrhunterteam/status/1903189675793146333

celusion.us

# Reference: https://x.com/malwrhunterteam/status/1904124859216490610
# Reference: https://www.virustotal.com/gui/file/eeb2e5f06ef8da29a56d1779c1590d82c76b031e7718d0f6c46d1cb57c036d8e/detection

http://85.209.128.59

# Reference: https://x.com/malwrhunterteam/status/1904124773057105923
# Reference: https://www.virustotal.com/gui/file/a13dfdfccc71c26464da61de63f5ff296b3ec90adbb648d42b9861c8c3e422cb/detection

http://45.140.13.244

# Reference: https://x.com/malwrhunterteam/status/1904220955880177895
# Reference: https://app.validin.com/detail?find=213.21.237.149&type=ip4&ref_id=79c3e6f6820#tab=resolutions (# 2025-03-24)

buzztalk.io
gatori.space
monstersdiscovery.com

# Reference: https://x.com/malwrhunterteam/status/1904256374550462605
# Reference: https://www.virustotal.com/gui/file/be3e3c77cf578c6458d515c5a49cfab653df3ba10ccb86e9d13d2376e24483fb/detection

http://45.131.215.191

# Reference: https://x.com/malwrhunterteam/status/1904592976745034180

rocketrumble.xyz

# Reference: https://x.com/malwrhunterteam/status/1905579706222526890
# Reference: https://app.validin.com/detail?find=6b3a5edfe0448f2e93c091abffba96ba&type=hash&ref_id=e2c75a4c57d#tab=host_pairs (# 2025-03-28)

http://77.221.152.24
stone-hunt.com
stone-hunt.io

# Reference: https://x.com/malwrhunterteam/status/1905686280916402299
# Reference: https://app.validin.com/detail?find=8947c73a5933e1d12d23d74fb5dd7864&type=hash&ref_id=8d8694f68ac#tab=host_pairs (# 2025-03-29)
# Reference: https://app.validin.com/detail?find=d530c7a5c822ae0f952338b43ecd8849&type=hash&ref_id=ebeafce65ac#tab=host_pairs (# 2025-03-29)
# Reference: https://www.virustotal.com/gui/file/743a528f1e4f509baa1a6236d9b55464aa0bb465dbe9016249b01f47e3ba4438/detection

my-design.pro
prepaid-au.com
ultrawiew-account.top
wwwpersec.org

# Reference: https://x.com/malwrhunterteam/status/1905528981698281825
# Reference: https://www.virustotal.com/gui/file/1cf676d1e21e8c26eeb0f5375ca7473344cc1510828725587e71b36a7dd1c32f/detection
# Reference: https://app.validin.com/detail?find=Notion%20Desktop%20App%20for%20Mac%20%26amp%3B%20Windows%20%7C%20Notion&type=raw&ref_id=bde04d0cd30#tab=host_pairs (# 2025-03-29)

notiondesktop.com
notiron.org

# Reference: https://x.com/malwrhunterteam/status/1908258300904288529
# Reference: https://x.com/k3yp0d/status/1908801323933339889
# Reference: https://www.virustotal.com/gui/file/0e87f86ec05ceac7f6476b2b9729e5eda1a28fae10198f8af38d88182de94b5a/detection

captcha-cdn.com
captcha-verify-2q7y.com
captcha-verify-6r4x.com
captcha-verify-9h5v.com
jdiazmemory.com

# Reference: https://x.com/malwrhunterteam/status/1909171425778229705
# Reference: https://app.validin.com/detail?find=chattix&type=raw&ref_id=1ccca210e4c#tab=host_pairs (# 2025-04-07)

beepx.app
chattix.us
miycrellatio.com

# Reference: https://x.com/malwrhunterteam/status/1910055525791814128

mktgweb3.com

# Reference: https://x.com/RussianPanda9xx/status/1910777989840749047

http://85.192.37.66

# Reference: https://x.com/malwrhunterteam/status/1911667841113194722
# Reference: https://www.virustotal.com/gui/file/292df3cc6e89f9dd3b7b29680a6d72b29e6579956dfc25163b2c99840c6035e0/detection

koreablockchainweek.app
o-sn.com
adservice.o-sn.com
appleid.o-sn.com
bin.o-sn.com
blog.o-sn.com
docs.o-sn.com
facebook.o-sn.com
geolocation.o-sn.com
support.o-sn.com

# Reference: https://www.virustotal.com/gui/file/a177e43bcdcbf4a824f2d37ebd62d10e2245c1513d05aea292779e593a7b9176/detection

http://192.124.178.88

# Reference: https://x.com/malwrhunterteam/status/1912815854535823504
# Reference: https://www.virustotal.com/gui/file/1ba47b1d35c38d5c39f187f7e729eb28ce26359f5e9bddd7192679c51d4cda83/detection

http://85.192.49.118

# Reference: https://x.com/suyog41/status/1913141025549476141
# Reference: https://www.virustotal.com/gui/file/e539b6b53cf7009e86d0ddb279dec9b84a099aa8c8b2ecd18d65ee17538d772a/detection

gq8ruzk1h3a8.cfd

# Reference: https://x.com/motuariki_/status/1914649222164718077
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/22-04-2025-Amos-C2-IPs

http://138.124.50.93
http://45.94.47.102

# Reference: https://x.com/malwrhunterteam/status/1914948114705764785
# Reference: https://www.virustotal.com/gui/file/adb30f7ba534207834d9ab8d2c197bf78382be23d28bb17db7c52a3b956c0bb5/detection

esramon.com
security-2k7q-check.com
security-check-l2j4.com
security-check-u8a6.com

# Reference: https://x.com/malwrhunterteam/status/1917491170562687184
# Reference: https://app.validin.com/detail?find=bb319c1ddca7fb76e92556a03f854cac&type=hash&ref_id=077f3a32259#tab=host_pairs (# 2025-04-30)
# Reference: https://www.virustotal.com/gui/file/0f0b26beee869a2882e89efb1151cd4bc885b9b7a0884412d19f87176674afa3/detection

dakarsecurity.com
dancinspirit.com
hbgsecurity.com
lammysecurity.com
security-2u6g-log.com
security-3a7q-run.com
security-6u0g-log.com
security-7f2c-run.com
security-9y5v-scan.com

# Reference: https://x.com/malwrhunterteam/status/1914932549790388269
# Reference: https://www.virustotal.com/gui/file/cc2fa0495b0ef3a6e310bfb7b81a302f6f1b245a7d3d12d77d4e0094e8845809/detection

skytribes.io

# Reference: https://x.com/suyog41/status/1915312489509917167
# Reference: https://x.com/malwrhunterteam/status/1915708059235614881
# Reference: https://app.validin.com/detail?find=eff38f1dda00ae10d3fbf51d8ea42242&type=hash&ref_id=c5baa3c43dd#tab=host_pairs (# 2025-04-25)
# Reference: https://www.virustotal.com/gui/file/4b277c6293ce6d6ff45b89c948e0f9b632c2048d2c3adad5f9179efe34a67981/detection
# Reference: https://www.virustotal.com/gui/file/fdb82e2ad560677d241bd7139995e56295001bc3ef72c67173ae91d5db85cc46/detection

aimplyhired.com
gknkargo.com
mapersan.com
morholding.com
sfmontage.com
form.gknkargo.com
ns1.morholding.com
tt.mapersan.com
tt.morholding.com

# Reference: https://x.com/malwrhunterteam/status/1915818585248645399
# Reference: https://www.virustotal.com/gui/file/1bf39bfbe6617e698a653a95606464cbbaf23bf648978fca646e778f4ffacdaf/detection

otter.live

# Reference: https://x.com/malwrhunterteam/status/1916744699835990021
# Reference: https://www.virustotal.com/gui/file/4924ff91e9be84960f9241130e080bb5f3cbf19f17f62e1fc15e48fb6852cd89/detection

http://199.247.9.173

# Reference: https://x.com/malwrhunterteam/status/1916745410581860669
# Reference: https://www.virustotal.com/gui/file/a8775aa6f0c3f3e877ab193586c0e89f083c519c682ba04981ef9e597be76cd0/detection

fetuchini.store

# Reference: https://x.com/malwrhunterteam/status/1917463094608998753
# Reference: https://www.virustotal.com/gui/file/b2b1ca4da78e91954934bc136ce01f8e5a52bb2d05db300ef743c69b1aa8b27f/detection

http://45.94.47.103

# Reference: https://x.com/NullPwner/status/1917702021618229610

http://5.199.166.102

# Reference: https://x.com/suyog41/status/1919259009942712396
# Reference: https://www.virustotal.com/gui/file/f16e85daa5288386169d8355082f02d26dd432cabb9e3b08f9fdf0430c2de883/detection

http://45.94.47.120

# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/07-05-2025-Amos-C2-IPs-Domains

http://193.143.1.177
http://62.60.249.105

# Reference: https://x.com/malwrhunterteam/status/1920161661014466729
# Reference: https://www.virustotal.com/gui/file/1e73b673bce06f26aa4c32f1af76698e2aa59706a61b60ba75c3c4ed7991172a/detection

app-storage-one.xyz

# Reference: https://x.com/NullPwner/status/1921157529188368830
# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing

http://83.222.190.214
odyssey-st.com

# Reference: https://x.com/malwrhunterteam/status/1922409101381742890
# Reference: https://www.virustotal.com/gui/file/a4e36aaebbf904ad8b7639e86b4642a5d5d5407b23c7433daa89c20e1b5d6364/detection

http://45.94.47.145

# Reference: https://x.com/skocherhan/status/1922462317838516405
# Reference: https://app.validin.com/detail?find=ffe32014afcaa1d3f9b404e50d7e157a&type=hash&ref_id=86fe6b7b889#tab=host_pairs (# 2025-05-014)
# Reference: https://www.virustotal.com/gui/file/4c9a8ed229ddfab40582cfb3492a7ff8d5ef2186f43045516272426b6629871e/detection

ads.lantwrk.com
airportsock.xyz
casinojackpotmst.com
com.airportsock.xyz
conuous-tahations.com
darthtieflyer.com
endise-everning.com
etf-alerts.com
go.performance-checkout.com
go.shape-capsules.shop
hargin-bothmerge.icu
lantwrk.com
mingdomrelloon.com
minsitorconsing.com
performance-checkout.com
rinput-vionably.com
samates-seachades.com
secure.etf-alerts.com
shape-capsules.shop
soft2trak.com
sushementgoisermal.com
tpm.prplflowpath.com
track.darthtieflyer.com

# Reference: https://x.com/malwrhunterteam/status/1922700020702142829
# Reference: https://app.validin.com/detail?find=CleanShot%20X%20for%20Mac&type=raw&ref_id=b184cd5f93a#tab=host_pairs (# 2025-05-30)

cleanshotx.cfd
download-cleanshot.cfd

# Reference: https://x.com/motuariki_/status/1924330564880159165
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/19-05-2025-Amos-C2-IPs-Hashes
# Reference: https://www.virustotal.com/gui/file/3bbda6c3695399c068d67c3bc69d92d015d5330ee1176df40c2a521f0416b20f/detection
# Reference: https://www.virustotal.com/gui/file/df5052263fd16e5c34935b58b6d9d76465df0a3c3a1ebfb700e511e936e25dec/detection
# Reference: https://www.virustotal.com/gui/file/aada5d93f099887d6e73e1744ff1e8db9ac18c721266eb4c4c7ba840985c6ce9/detection
# Reference: https://www.virustotal.com/gui/file/36742ba59a06e80703730676f72295f3b06730883d7979eeb93df730d754504a/detection

http://45.94.47.146
http://45.94.47.147
http://85.192.56.11

# Reference: https://x.com/malwrhunterteam/status/1924723878355484874
# Reference: https://www.virustotal.com/gui/file/f573c91f615401caef2c99f93548a54f0bbcfc018e22550cb552b45c03d60312/detection

hubservices.vip

# Reference: https://x.com/malwrhunterteam/status/1924721481725923662
# Reference: https://x.com/solostalking/status/1930977703265554806
# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing
# Reference: https://www.virustotal.com/gui/file/75505c08bbfa79e562a0c7dc9d90ea7cce2364a2a20f459232457921a5653373/detection

83.222.190.214:3333
odyssey1.to

# Reference: https://x.com/malwrhunterteam/status/1925495994885509270
# Reference: https://www.virustotal.com/gui/file/c51786875f1cb268118924aec263514df8069d68cf85f7fed1c2bf6bf6095c4b/detection

entrepreneurshipvillage.com/wp-content/uploads/2021/02/grecaptcha

# Reference: https://x.com/malwrhunterteam/status/1925635508102664267
# Reference: https://app.validin.com/detail?find=2d6f9183dede2e79c7de9b1c04d953fe&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=d3e241db244235d7e36764353b787de0&type=hash&ref_id=d19b8984db4#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=92b908ef253b41d6f4d6f2dc22d9f62c&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-26)
# Reference: https://www.virustotal.com/gui/file/29b039685d5d3893ff13f0478fe8024cdba74120423b8908aa7777008fd8ba3e/detection
# Reference: https://www.virustotal.com/gui/file/0c7330be9bcbfb502a5247f298659b5590a8a58ef634c22ae46eee33e2e49c70/detection

applevpns.com
brewory.com
eiconom.com
homebrewrp.com
isnimitz.com
macostutorial.com
maitaitv.com
meu-inssgovbr.online
specter-storage.com
webull-storage.com

# Reference: https://x.com/malwrhunterteam/status/1926204525435588835
# Reference: https://www.virustotal.com/gui/file/c7516e75f2ffa0626b854c685bde01cfd4a80f015ed6b2ea1833237a5387139f/detection

hostmac.cloud

# Reference: https://x.com/NullPwner/status/1926570453004382511

http://194.26.29.217

# Reference: https://x.com/RussianPanda9xx/status/1908595970352218609
# Reference: https://x.com/banthisguy9349/status/1926982451722682697
# Reference: https://trac-labs.com/the-wagmi-manual-copy-paste-and-profit-2803a15bf540

afhousing.com
arisheema.com
asoonworld.com
azaanamjad.com
bedavavideoizle.com
bexarmg.com
bikeabq.com
bitcowe.com
chantalrae.com
downloadmacos.com
escapeesrvelub.com
etechnix.com
fioregarden.com
followerstik.com
gadesive.com
gardenierbi.com
hesingue.com
kbcokc.com
kosmosgrid.com
lenoreinc.com
lildevi.com
m-e-a-s.com
mrkenallen.com
novalur.com
nullitax.com
peperinty.com
pixoos.com
planetajanta.com
posesinpanni.com
realtorrohe.com
sabbih.com
simchatime.com
sqairs.com
stickynuggzinc.com
stivaliserna.com
superbaccessories.com
thotlog.com
tjporktrace.com
trazeall.com
ugspy.com
vbeltdrives.com
vuwzer.com
xiaoll.com
yvngvualr.com
/macshare.php
/macshare.php?call=

# Reference: https://x.com/suyog41/status/1926979425079373901
# Reference: https://www.virustotal.com/gui/file/4d3db335f35c4f966e34536895ec6ec11b57c98dcd5b0f3f0c6d143bdce9154b/detection
# Reference: https://www.virustotal.com/gui/file/8b603859ead00473086003dcaa470c1498742328c12face7d878a0d324e4763c/detection
# Reference: https://www.virustotal.com/gui/file/dd0b4a7bbd1940b64eede8346cb7f2f79884e030eb8d44d4a8d1e85919edbfe0/detection

http://45.94.47.136
http://45.94.47.157

# Reference: https://x.com/skocherhan/status/1927086251716354558

applejoins.com
bybapeaches.com
granniesblog.com
maruniryutsu.com
netdepnoithat.com
viicandle.com

# Reference: https://moonlock.com/anti-ledger-malware

http://138.68.93.230
lagkill.cc

# Reference: https://x.com/malwrhunterteam/status/1929787158119755853
# Reference: https://www.virustotal.com/gui/file/08b0fb2bec080d18167c12fdc9be63fc9da4df1d0f3145e980bca96aeec3f770/detection

http://45.94.47.167
http://77.73.129.18

# Reference: https://x.com/suyog41/status/1929544523375329412
# Reference: https://www.virustotal.com/gui/file/400869a7975620373b49950e428517f8113340f0986c519ac3e1c33fefeb5f1f/detection

vostfrseries.com

# Reference: https://x.com/solostalking/status/1930977703265554806

http://185.39.206.183
appmacosx.com
appsmacosx.com
financementure.com
macapp-apple.com
macapps-apple.com
macosapp-apple.com
macosxapp.com
republicasiamedia.com

# Reference: https://x.com/solostalking/status/1933413424006115546

appmacintosh.com
cryptoinfo-news.com
macosx-apps.com
macosxappstore.com

# Reference: https://x.com/txhaflaire/status/1942575186286682544
# Reference: https://app.validin.com/detail?find=b000eb20900b3b90e462&type=hash#tab=host_pairs (# 2025-07-29)
# Reference: https://www.virustotal.com/gui/file/794a4ebc76664b95d79f969514a3517acc8c4a7a6cbeba52e3c480fd0a5a489c/detection
# Reference: https://www.virustotal.com/gui/file/816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565/detection

http://185.93.89.62
http://185.93.89.63
http://45.135.232.33
http://45.146.130.129
http://45.146.130.131
http://45.146.130.132
http://50.201.34.202
charge0x.at
sdojifsfiudgigfiv.to
lucid-ride.45-135-232-33.plesk.page

# Reference: https://x.com/moonlock_lab/status/1935409328305144215
# Reference: https://x.com/txhaflaire/status/1935678988820640121
# Reference: https://app.validin.com/detail?find=CleanMyMac%3A%20The%20first%20MacBook%20cleaner%20that%20does%20it%20all&type=raw&ref_id=c28132cd209#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=%3A%3A%22og%3Asite_name%22%3A%3A%22CleanMyMac%22&type=raw&ref_id=c28132cd209#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=28b1c5772c62c50aac5b6a26938a54a6&type=hash&ref_id=259109502e2#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=4ff6f30fb290ea2b9c6633791f9671c3&type=hash&ref_id=28cf7a7f4e3#tab=host_pairs (# 2025-06-20)

almehluz.com
carmenzo.com
cleanmymac.cc
cleanmymac.ru
cleanmymacos.com
cleanmymacpro.net
cmvstation.com
cculturel.com
isbulten.com
jcboury.com
maccleaner.shop
sartaaz.com
stanprinston.com
yeklam.com
mail.cleanmymacpro.net
mail.maccleaner.shop

# Reference: https://threatfox.abuse.ch/browse/tag/odyssey/ (# 2025-06-20)

157.185.143.236:17772

# Reference: https://x.com/ShanHolo/status/1937028229581111434
# Reference: https://www.heise.de/en/news/Malvertising-Search-for-standard-commands-for-Macs-delivers-Infostealer-10438976.html
# Reference: https://app.validin.com/detail?find=2512a89b5e1a44df9d52ee2d7fc03e7c&type=hash&ref_id=d2d7c65287d#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/99eabfe358a1df8966676dafbb1350a315e6df105ba5f21f707da2ec3ddbde59/detection

copynv.com
icloudservers.com
insideoutpix.com
organocreto.com
overcasetv.cfd
rainewest.cfd
tdtcross.cfd
theeyeonid.cfd

# Reference: https://x.com/mossdinger/status/1938581110075891967

stanpriston.com

# Reference: https://x.com/1ZRR4H/status/1940168409381232826
# Reference: https://app.validin.com/detail?find=RivaTalk&type=raw&ref_id=8d76252e159#tab=host_pairs (# 2025-07-03)
# Reference: https://www.virustotal.com/gui/file/4a802433176d4678103090719cd052db50692b2755945e57717f28e5dc257b3d/detection
# Reference: https://www.virustotal.com/gui/file/a47778884f0eb94abf2555e773d9bc61b605086dc3dc93809508b8ce778e7a22/detection

http://194.156.103.89
http://5.181.2.58
amao-wama-mac.org
rivatalk.com
slapix.io

# Reference: https://moonlock.com/amos-backdoor-persistent-access

http://45.94.47.158

# Reference: https://x.com/moonlock_lab/status/1942524364844589264
# Reference: https://x.com/txhaflaire/status/1942575165193298228
# Reference: https://www.virustotal.com/gui/file/b62dc580707d0d968c7070a05b04ca7ec61d5ad14333df1c4f327f3c0e6ed3fb/detection
# Reference: https://www.virustotal.com/gui/file/dec750b9d596b14aeab1ed6f6d6d370022443ceceb127e7d2468b903c2d9477a/detection
# Reference: https://app.validin.com/detail?find=3f8f78a27012650f5acc742a3fa3f619388317d8&type=hash&ref_id=96b470bfdbc#tab=host_pairs (# 2025-07-08)

allteching.xyz
webconnect38.com
webconnect49.com
google.webconnect38.com
google.webconnect49.com
meet.google.webconnect38.com
meet.google.webconnect49.com

# Reference: https://x.com/soursecc/status/1945004289832730778

web-connect.us
webconnect11.com
webconnect49.com
webconnect58.com
webconnect88.com
meet.google.web-connect.us
meet.google.webconnect11.com
meet.google.webconnect49.com
meet.google.webconnect58.com
meet.google.webconnect88.com

# Reference: https://x.com/pcrisk/status/1942837939492225107
# Reference: https://app.validin.com/detail?find=TOP-FIXER&type=raw&ref_id=8e29d8ff42c#tab=host_pairs (# 2025-07-09)
# Reference: https://app.validin.com/detail?find=828f254175bfc69f0afb3c7e714e27dd7d02fc6b&type=hash&ref_id=30a15629823#tab=host_pairs (# 2025-07-09)
# Reference: https://www.virustotal.com/gui/file/3283e6d74667db1cf61ad0bbab91a4a8615f4160a30d28f63bba126652d0862a/detection
# Reference: https://www.virustotal.com/gui/file/525becbf7f430c2de1ede247a2c904f5fc7e26e4136e6d599b0b7ff6c3daf9b3/detection
# Reference: https://www.virustotal.com/gui/file/50c5f1488ae8265d68785c35981f8f53b5a151132defe00850788be0cd2ea30d/detection
# Reference: https://www.virustotal.com/gui/file/41734ce3c26fcf178578da3b2c14aa284b2cee4bd5ed9d6a61d8ce1da62ff275/detection
# Reference: https://www.virustotal.com/gui/file/2130c3282ebbd6de959ca507d98e8cb568ce97e1d487aa1fc1d2f7df033501dd/detection

2yolk.com
adrianfrieg.com
api.mac-helps.com
api.mac-trouble.com
clearpc.pro
fixingmacpro.com
fixpricemoving.com
fixpromax.com
fixups4sale.com
guard-os.pro
helpmacs.help
light-os.pro
mac-helps.com
mac-safer.pro
mac-trouble.com
macfixhub.com
macosfaq.net
mobileengagement.workers.dev
passadmin1.mobileengagement.workers.dev
reboot-os.cloud
riv-mog-otta.xyz
top-fixer.com
top-halper.com
uznbhw.com

# Reference: https://app.validin.com/detail?find=151.106.96.4&type=ip4&ref_id=e1f5bc5a5c6#tab=resolutions

fix-mac-easy.com
fixmaceasy.com
fixmacpro.com
helpmaceasy.com
helpyourmac.com
macproeasy.com
macprohelp.com
macpromaster.com
promachelp.com
promacmaster.com
topfixermac.com

# Reference: https://www.validin.com/blog/http_feature_pivoting/
# Reference: https://app.validin.com/detail?type=hash&find=5412dda9e4ae4f6a20278c12a620ac4c#tab=host_pairs (# 2025-07-10)

captainacefrahm.com
fixitanywhere.com

# Reference: https://x.com/L0Psec/status/1973495155291463808
# Reference: https://the-sequence.com/brewing-trouble-homebrew-spoofed-sites-rise
# Reference: https://app.validin.com/detail?find=Homebrew%20%E2%80%94%20The%20Missing%20Package%20Manager%20for%20macOS%20(or%20Linux)&type=raw#tab=host_pairs (# 2025-07-22)

braw.sh
brewe.sh
brewfaq.org
brewsh.cx
brewsh.org
brrewsh.org
homabrew.org
homebrewclubs.org
homebrewfaq.com
homebrewfaq.org
homebrewfaq.us
homebrewlsup.us
homebrewlub.com
homebrewlub.us
homebrewlup.us
homebrewonline.org
homebrewupdate.org
hornebnevv.com
raw.braw.sh
raw.brewsh.cx
raw.brrewsh.org
raw.homabrew.org

# Reference: https://www.virustotal.com/gui/ip-address/159.100.22.123/relations

bedsonlineproject.org
hoteliuscorpatative.org
hoteliuscorpatativs.org
lidoethstk.org
lidoonlinestk.org
lidostk.org
stubacuras.org
stubacurast.org

# Reference: https://x.com/txhaflaire/status/1945745999709835358

mwcaravan.com

# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing

apposx.com
appxmacos.com
cryptoinfnews.com
cryptoinfo-allnews.com
dactarhome.com
emailreddit.com
greenpropertycert.com
macosx-app.com
macxapp.com
ttxttx.com

# Reference: https://x.com/solostalking/status/1948642543119249904
# Reference: https://www.virustotal.com/gui/file/18173041d38c1bc2b6caefcdda0a3d214441ddb4035aa8ddaf178f36a5bee811/detection

actuafix.com
applfix.com
blogifix.com
bossfixes.com
cbfix.com
fix-nic.com
fixablesystems.com
fixer-group.com
fixit-center.com
fixitadvisor.com
fixittricks.com
fixmyhomeonline.com
fixonboarding.com
fixpcathome.com
fixupasap.com
fixyourmedia.com
icanfixtoday.com
ifix-4u.com
mac-fix-hub.com
ozcozy.com

# Reference: https://app.validin.com/detail?find=45.140.17.42&type=ip4&ref_id=430fbdddad1#tab=resolutions

rescue-mac.com

# Reference: https://x.com/Crose_96/status/1949938150333198461
# Reference: https://www.virustotal.com/gui/file/301d376f1ab9dc49873a6fc10474f311efb2a891b00f3cdc4ee2fed0f161cb64/detection

ohmyzsh-get.com

# Reference: https://x.com/L0Psec/status/1952722257052070208
# Reference: https://www.virustotal.com/gui/file/84bc9007228073f4d73f4e6f7a05f920cd9317033d67d4c0cd375bbb95f13c70/detection

ajoyfulbear.com
amoradia.com
arfzs.com
aspotan.com
avamkwilson.com
bomdog.com
brossdeli.com
cnhnational.com
colormeplr.com
comeyco.com
couriontesy.com
cunruivalve.com
dwbutter.com
estanicci.com
figandwine.com
fotosails.com
gfemarket.com
goatramz.com
haminals.com
hogorira.com
hokinusa.com
institutogle.com
kariyerbak.com
kihapma.com
mawebinars.com
micdapp.com
mrvalets.com
nmcrlab.com
pazserraes.com
pfcitalia.com
piposcake.com
reliconn.com
resmanio.com
reviewyoon.com
ristorobepi.com
scygas.com
sdgoodsam.com
secnw.com
shufurepo.com
siappanen.com
sitmulab.com
smoosygear.com
tebogonong.com
tianagarden.com
wasslet.com

# Reference: https://x.com/biggie_linz/status/1952838422005203088
# Reference: https://www.virustotal.com/gui/file/6e15cd9c2a5d7708c6b3b4ae64e8d64ccf54f4020c78302df9e9f67faf985db7/detection
# Reference: https://www.virustotal.com/gui/file/886c36f4625f98537e8f2df5975aab643ad355e13e35023842a10129c0c46865/detection

support-2025-9-14-96279.com
apple.support-2025-9-14-96279.com

# Reference: https://app.validin.com/detail?find=a625f544d8fa8aed90a5e27b4f65184b&type=hash&ref_id=3edeb00d5b6#tab=host_pairs (# 2025-08-06)

04-zoom.us
saakyanart.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos (# 2025-08-07)
# Reference: https://app.validin.com/detail?find=12b0b691a996b2b4f7c513efaeb53b99&type=hash&ref_id=6e68e483527#tab=host_pairs (# 2025-08-07)

aceiteweb.com
adenios.com
agrininsesi.com
alanamango.com
aopasta.com
assancart.com
basallfrey.com
berhs.com
courtetprecis.com
crestviewia.com
drsavala.com
ekochist.com
eriklobben.com
ferreterguia.com
gblbyf.com
goudsite.com
gregtroisi.com
immokraus.com
imosafer.com
jacobaparra.com
jtforce.com
jupagroup.com
laccalhdc.com
letrucvert.com
misshon.com
mizunoaoi.com
netcbc.com
nexuunglobal.com
nitosgallery.com
ntxdm.com
oliviabruns.com
pbmast.com
radiooun.com
redempti.com
sendsgnl.com
smxyrc.com
spekmeats.com
stayinwild.com
stmchina.com
subwara.com
tarangear.com
tebpsy.com
theblumiles.com
tomsti.com
toutentris.com
treohost.com
vivianvalora.com

# Reference: https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8

spalaestacada.com

# Reference: https://x.com/moonlock_lab/status/1955387998578806892
# Reference: https://hackernoon.com/macc-stealer-takes-on-amos-a-new-rival-shakes-up-the-macos-infostealer-market
# Reference: https://www.virustotal.com/gui/file/61f6b48e8433f6bf212c06157bead662f1833b72671b8f832ff3af032fdc4582/detection

innocentwitches.top
kgogowfwef.live

# Reference: https://app.validin.com/detail?find=21e6d9a3878de0ce4a6240064624e598&type=hash&ref_id=436f4260dd7#tab=host_pairs (# 2025-08-15)

bulcaz.com
elemasyon.com
fouinart.com
iconhmc.com

# Reference: https://moonlock.com/macc-stealer-macsync-backdoor
# Reference: https://gist.githubusercontent.com/danslo/1ee79d806493d779c2e5213a0bda8b4f/raw/e8b386f9eb9ec48cb370c72f6c52550b263ce22d/gistfile1.txt

meshsorterio.com
b3e34878-5a7d-458b-8a35-3ea1dae23fdd.meshsorterio.com
brsp.meshsorterio.com
gamma.meshsorterio.com
rxkbnwuc.meshsorterio.com
sphnugamma.meshsorterio.com
staging.meshsorterio.com
testing.meshsorterio.com

# Reference: https://x.com/volrant136/status/1969834756515774880
# Reference: https://www.jamf.com/blog/pyinstaller-malware-jamf-threat-labs/
# Reference: https://www.virustotal.com/gui/file/fc95ff687cfd775acac3b0457332dca170e58b77b27f3ee4f9013984fd9b388d/detection

blazede.com
grand-flash.com
ligobet873.com
myfreshflow.com
stteresaagency.com
vapotrust.com
macstealiwjef8w9euf892jfis893u409wi09eif90w3.onion

# Reference: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages

app-gopluslabs.com
athetiop.com
bauraktars.world
bayikar.life
baykairs.world
bonoud.com
eetrailer.com
endilinda.com
galvvrachi.com
gamersimpsonse.com
hiakmolodes.com
idupisdu.com
jamitros.com
jumaher.com
mac-pro-app-guide.com
mac-pro-app.com
mac-pro-apps.com
macproengine.com
macprograms-pro.com
mana-empire.com
nadedzhda.icu
napworthy.com
ocean-spot.com
portal-peaqnetwork.com
skilletontour2025.com
tambiktobk.com
turbulenok.com
wp-mysterybox.com
ahoastock825.github.io
/mac-git-1-download.html
/mac-git-2-download.html
/mac-git-3-download.html
/mac-git-4-download.html
/mac-git-5-download.html
/mac-git-6-download.html
/mac-git-7-download.html
/mac-git-8-download.html
/mac-git-9-download.html

# Reference: https://x.com/txhaflaire/status/1949875093317779610
# Reference: https://www.virustotal.com/gui/file/c2afb2c050d5675c32fe64ea149c846a32427c901e30398de2bd4395db12f2cb/detection
# Reference: https://www.virustotal.com/gui/file/1e3275db4d609ab1c43776cb2f6a89f7b436457dac6e75c0797f1d532d18fdaf/detection

veitzeatz.com

# Reference: https://x.com/txhaflaire/status/1947932160972714337

ksartaaz.com
maliciosasartaaz.com
malwaresartaaz.com
url-resartaaz.com

# Reference: https://x.com/solostalking/status/1970398358562054434

logmeeine.com
logmeln.com

# Reference: https://www.cyfirma.com/research/odyssey-stealer-the-rebrand-of-poseidon-stealer/

cryptonews-info.com
macxapp.org

# Reference: https://x.com/Now_on_VT/status/1970404965777608932

tradingviewen.com
tradingvieweu.com

# BANNER_0_HASH-HOST=33c892281458fe83958a93751c5fb81e
# BANNER_0_HASH-HOST=98e92f871c9cc2842ce08356d5c2d376

acrossprotocols.com
app-matcha.com
bakkesmenu.com
bauraktaris.world
bayikar.world
baykair.world
baykaris.world
bestdigitalmarketing.com
chain-add.com
cooklefun.com
crack-load.com
cs2menu.com
dappladar.com
espanaproperty.com
everyshufflin.com
fi-self-repaying.com
finance-personal.com
fivemmodmenu.net
fwrussia.com
galaxy-swapper-v2.com
gimtuganchiki.com
helldagh.online
kamapulus.icu
kambergebai.com
kamboss.com
kiddionsmodmenu.net
kidrombobm.com
kimtosin.com
kmsplco.com
krombari.com
kromkamokl.com
meteoraag.com
namatrangul.com
network-portal-dashboard.com
olatugilati.com
rightpromote.com
tamahsv.com
tamarton.icu
titunlia.icu
ton-stake.net
us-wavytalk.com
v2-paal.com
v2-xterio.com
vlrtualsprotocol.com

# Reference: https://x.com/banthisguy9349/status/1971492896164676063

1wfrmer.life
afifiniety-photo.world
airdrophotton.xyz
auto-cad.xyz
availproject.life
avidtach.homes
avldtach.shop
avvenay.shop
avveray.homes
avvesun.homes
awe-sun.shop
bantamusr.icu
bayikar.bet
bistki.network
bitiks.com
blolck-games.com
bridge-hyperliqid.com
cleverstudy.lol
cnnalke.shop
comoestases.com
compawsswallet.xyz
dokopka.icu
easways.shop
faralnad.network
faralnad.xyz
fartaland-io.network
fortnitehackv2.com
fragment-tg.com
genshinimpactmodmenu.com
genshinmodmenu.com
gigabyll.pics
gigaioute.xyz
gilgolbutet.pics
glgobytet.shop
gtavkiddionsmodmenu.com
handbrake.homes
hydrogenexecut.com
hylperfinance.network
hylperfinance.xyz
hyperliquid-app.com
hyperlllquid.xyz
jupiteryo.xyz
kasspa-wallet.network
kirita.pics
laeapwalleit.xyz
leaepwallet.xyz
lealpwallet.network
lightingstudio.lol
luckyjet-apps.com
luckyjet-apps.store
luckyjetofficial.online
luckyjetpredictorbot.com
luckyjetpredictorbot.store
luckyjetsignalbot.online
luckyjetwebsite.online
lybira-flnnce.network
lybraifinance.network
lybraifinance.xyz
lybriaflnance.xyz
manta-network.blog
maya-desk.shop
metise.xyz
metlls-dao.xyz
metls-dao.network
metls.info
mines-games.online
minespredictor.com
minespredictor.store
minespredictorbot.online
mode-modular.blog
niotepadplusplus.shop
niotepawd.com
notapad.shop
notepeds.pics
nymtecln.blog
nynntelh.mom
paal.digital
piaylnek.com
pilxeisgame.xyz
pilxel.pics
play-pixiels.xyz
polyiehedra.xyz
poylnex.com
producyglabs.shop
pumpfunn.com
raylnex.com
remix-solidity-ipfs.com
remixparentsers.mom
rgb-gygabit.homes
rgb-gygaibit.mom
rgbfusion.homes
rgbgygalblt.homes
ripple-events.com
rufus.pics
sensnbit.com
siliconwallem.lol
sintolcreated.shop
soflare.network
soflfare.network
soflfare.xyz
solnflare.network
solnflare.xyz
spin-top.com
splton.network
starnket.xyz
stomfi.com
strknetwork.xyz
tangiertiger.homes
tior-priojecti.shop
tonamlcheck.com
trados-studio.pics
trados-studio.shop
turbo-cad.shop
v3-balancer.com
v3-bancor.com
v3-lido.com
valorantskinchanger.pro
viber-ua.shop
warzoneunlockalltool.com
xswapfinance.xyz
yupiterproject.info
zerolandproject.xyz

# Reference: https://x.com/BlinkzSec/status/1972325367684665707
# Reference: https://www.virustotal.com/gui/file/373cf41c5202b8d1c3a87a58e2d6496549edbe5fcae317b84fe393e432324b5b/detection
# Reference: https://www.virustotal.com/gui/file/5be12d5750b54057480f55c47eb0a7e1805d804375946c38666ee37238bb0336/detection
# BANNER_0_HASH-HOST=fba10f7f78009ba109fc111f841835f4

accounts-problem.com
accountsproblem.com
bug.systems
bugs-center.com
bugs-report.com
center-id.help
crash-center.com
device-issues.help
device-problem.com
device-problems.com
devices-support.com
devices-update.com
devices.help
help-report.com
iboostos.com
ioptimizor.com
ispeedos.com
js-lib.com
linertarim.com
macos.help
problems-center.com
problems.click
problems.support
system-bugs.com
system-problem.com
system-problems.com
troubles.help
troubleshoot.center
troubleshub.com
updates-center.com
webfiles.app
apple.problems.support
apple.troubleshub.com

# Reference: https://x.com/Crose_96/status/1972756686298648592

apple-develope.com
apple-develope.support

# Reference: https://x.com/suyog41/status/1973987326461423676
# Reference: https://www.virustotal.com/gui/file/a031ba8111ded0c11acfedea9ab83b4be8274584da71bcc88ff72e2d51957dd7/detection
# Reference: https://www.virustotal.com/gui/file/8616284574b01363f791b26d921ae80a7bb3449c5f752df27ada99e507b3203d/detection

franceparfumes.org

# Reference: https://x.com/solostalking/status/1974037558100181430
# CLASS_0_HASH-HOST=34c4fad1530860981c4a1503d64edbb7

adguardapp.com
cloud-washington.com
gohixes.com
intercheck-cloud.com
jesook.com

# Reference: https://x.com/banthisguy9349/status/1974815914060042313
# Reference: https://www.virustotal.com/gui/file/087ab01c622f24c3bbcc8a40da822b80af7941c0017ce925725200aae1969510/detection
# Reference: https://www.virustotal.com/gui/file/0bfa39bb8695539e0e588ce39a35752849873e00fa8f68f744884e2ef66d0f98/detection
# Reference: https://www.virustotal.com/gui/file/748f68dca2824613e130bd6b852c55f18b56447d0a0188f7ad404a3fb476befd/detection

progressdev.xyz

# Reference: https://x.com/suyog41/status/1975518926252511465
# Reference: https://www.virustotal.com/gui/file/7f69f3012e134d1f5084fbb9086697da66a9b0e9240c4e1413777b9e1099aca9/detection

aubr.io

# Reference: https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/
# Reference: https://www.virustotal.com/gui/ip-address/188.92.28.186/relations
# CLASS_0_HASH-HOST=81fdcf68dec325a6b52e368488781a14
# FAVICON_HASH-HOST=a7eda883652648ec8df1e5542b6bb404

http://188.92.28.186
http://45.144.233.192
2pi-bd.com
2pijobs.com
actorspruce.com
aluguelfoco.com
app-en-us.pro
axlecord.com
bartio-faucetberachain.lol
bartio-faucets-berachained.lol
blueswap.world
claim-chain.link
claudflurer.com
cleanshot.us
cliente.aluguelfoco.com
cloudlare-lndex.com
coingecko.com-en-us.cloud
com-en-us.cloud
connectaccountingadvisory.co.uk
cyfrowewitryny.online
dactarbari-healthsuite.com
dactarbari.com
debank.com-en-us.cloud
deepseek.com-en-us.cloud
digitarexalumis-novarionexa.cfd
digitnuvarexa-travonquexil.shop
eagleai-research.pages.dev
eagleailab.com
electrum.com-en-us.cloud
elysianwhimsy.org
exodus.com-en-us.cloud
faucet-berachain.lol
faucet-berachains.lol
fitgearuniverse.com
fusedbaseball.com
galxe.com-en-us.cloud
github.com-en-us.cloud
hoobs.ai
ibs-express.com
ibsexpress.cg
indexsm.com
io-en-us.info
itts.pages.dev
leaderboarduniswaportfolio.app
ledger.com-en-us.cloud
link-chainlink.com
looksrare.com-en-us.cloud
migration-propchain.xyz
neuraprotocol.icu
opensea.io-en-us.info
orbiter.com-en-us.cloud
orionix.pro
pablico.es
phantom.app-en-us.pro
pinchbug.com
podiumllc.com
prunechit.com
rainbet.bet
routejug.top
situationspruce.com
syncswap.com-en-us.cloud
teamsensoft.com
tuttin-ch.space
ukpropertycert.co.uk
uniswap.com-en-us.cloud
worthchance.com
zantsolution.com
zen-btc.app

# Reference: https://x.com/L0Psec/status/1975982420919976412
# Reference: https://www.virustotal.com/gui/file/43f7d89e7e3493be24989f1ce5dfbe7fd2869828b8f767645840921cdb92a4c1/detection

nadrty.com

# Reference: https://x.com/Crose_96/status/1976799349779972472
# Reference: https://x.com/Crose_96/status/1976805425455808909

secureapimiddleware.com
brsp.secureapimiddleware.com
comgamma.secureapimiddleware.com
gamma.secureapimiddleware.com
plsp.secureapimiddleware.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/7678

shoter.org

# Reference: https://x.com/suyog41/status/1977605119450735044
# Reference: https://www.virustotal.com/gui/file/ab65b877ba971181e2c4729b4fcbc0375ec70c8f7b0fa7262fd84d5272fb2fcf/detection

nexpal.cc

# Reference: https://x.com/suyog41/status/1978706393692606688
# Reference: https://www.virustotal.com/gui/file/7ae7136853d286fbabc1da07ee891a0c385096ac3be8b3c8c7088c6265e4517f/detection

http://217.119.139.97
217.119.139.97:2000

# Generic

/Arc12645413.dmg
/AGOV-Access.dmg
/otherassets/botnet
