# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: shadowladder, hijackloader

# Reference: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?linkId=10719875

http://62.133.61.56
forikabrof.click
matodown.b-cdn.net
nextomax.b-cdn.net
potexo.b-cdn.net

# Reference: https://x.com/GenThreatLabs/status/1827007175627010077
# Reference: https://github.com/avast/ioc/blob/master/Lumma/Lumma_08_2024.txt

anti-bot1.b-cdn.net
asdkjjkasdn-aptv1.b-cdn.net
bidvert.b-cdn.net
bot-check2.b-cdn.net
bot-check3.b-cdn.net
bot-checking.b-cdn.net
bot-detection.b-cdn.net
bot-test.b-cdn.net
continuedownloader.com
downloadsbeta.com
downloadstep.com
galaksion.b-cdn.net
hypochloridtilz.click
kjbnfdkbf74.b-cdn.net
kjhsdfh-capv1.b-cdn.net
manistream1.b-cdn.net
mato-camp-v2.b-cdn.net
mato-camp-v4.b-cdn.net
papad.b-cdn.net
popcsh.b-cdn.net
popunder.b-cdn.net
popup.b-cdn.net
proto.b-cdn.net
provenotrobot.b-cdn.net
security-check.b-cdn.net
spam.b-cdn.net
streamingsplays.com
verification.b-cdn.net

# Reference: https://x.com/ge0lev/status/1827393504793804891

bidvertiser.b-cdn.net
lengo-20cb4.kxcdn.com
mato-camp-v1.b-cdn.net
microsoftcamp-c1.b-cdn.net
microsoftcamp-v1.b-cdn.net
popad.b-cdn.net
vercapth63.b-cdn.net
verify-captcha-987.b-cdn.net
verifyhuman476.b-cdn.net

# Reference: https://x.com/RakeshKrish12/status/1827961172970119274
# Reference: https://www.virustotal.com/gui/file/9887456e52e81549c7eb274da0462a075b4a234f185115a5dba9bbb11c11b208/detection

cdn-serveri18n-googleapis.com
dev.cdn-serveri18n-googleapis.com

# Reference: https://app.validin.com/detail?type=dom&find=pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev#tab=reputation

opsopanels.click

# Reference: https://app.validin.com/detail?type=dom&find=opsopanels.click#tab=host_pairs_v2

apzzz-20c7e.kxcdn.com
greenenorgusd.b-cdn.net
jhsnshueyt.click
uploadz908.b-cdn.net

# Reference: https://x.com/r3dbU7z/status/1827008313579417909
# Reference: https://www.virustotal.com/gui/file/76b3d685142919820401d377843658c7a92a60d168f6be16d04461ab176e63de/detection

loginsmoobu.com

# Reference: https://x.com/ge0lev/status/1828551713428775043
# Reference: https://urlscan.io/search/#page.url%3A%2F.*%5C..*(%5C%2F%7C%5C-)verify%5C-%5B%5E%5C%2F%5D*%5C.html%2F%20AND%20page.url%3A(human%20OR%20captcha%20OR%20system)

human-check2.b-cdn.net
human-check3.b-cdn.net
human-verificati0n.b-cdn.net

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-28-IOCs-for-Lumman-Stealer-from-fake-human-captcha-copy-paste-script.txt

get-verified.b-cdn.net
get-verified2.b-cdn.net
human-check.b-cdn.net
human-verify02.b-cdn.net
myapt67.s3.amazonaws.com

# Reference: https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/

campzips1.b-cdn.net

# Reference: https://app.validin.com/detail?find=BunnyCDN%20Node%20LA1-1002&type=raw&ref_id=d15a589b9a2#tab=host_pairs_v2

aidat-onliine-iadelerii-porttalie138.b-cdn.net
aidat1-e-devlet-onlinec934.b-cdn.net
aidt-onlineii-iadelerii-portalie250.b-cdn.net
aiidatat3-e-devlett-onlineeebtb210.b-cdn.net
anindamerkez.b-cdn.net
app-bnkr.b-cdn.net
bali7kuvani.b-cdn.net
bneawaytmm.b-cdn.net
bokadari7.b-cdn.net
bonusdeli.b-cdn.net
burulasdolummnoktasi.b-cdn.net
daffdfdfsd.b-cdn.net
dfzafgrgfsvrsr.b-cdn.net
dvlaidtt-online-iadeleeri-portalie107.b-cdn.net
e-devlet-online-eportali333.b-cdn.net
edevlet-online-aiidatt-basvurunuzz41.b-cdn.net
faktypolska21.b-cdn.net
faktypolska6.b-cdn.net
fibabaqnk2-intt-ssvbessi-webhiztfnbt833.b-cdn.net
gortstdmdcvoale.b-cdn.net
hmnrndvu.b-cdn.net
icilecekcorba.b-cdn.net
incest-hentai.b-cdn.net
livediscodating.b-cdn.net
monsterprelaunchcom.b-cdn.net
nvimerkezirrr.b-cdn.net
nviradnsadhas.b-cdn.net
nzat.b-cdn.net
obiletrezervasyonal.b-cdn.net
ogretmenbonus.b-cdn.net
olay.b-cdn.net
opertuy.b-cdn.net
pooprip.b-cdn.net
randvudesin.b-cdn.net
rndvus-ual.b-cdn.net
scagrsthsrhrshsrg.b-cdn.net
shortcuts.b-cdn.net
tkyugv.b-cdn.net
tr-tccbm-155tr.b-cdn.net
track-dark-bz.b-cdn.net

# Reference: https://x.com/RacWatchin8872/status/1829524427366977600

get-verified3.b-cdn.net
glksion.b-cdn.net

# Reference: https://x.com/ge0lev/status/1829649128336605264

adstrra.b-cdn.net
one-step.b-cdn.net
second-step.b-cdn.net

# Reference: https://x.com/0Dayhta/status/1832054562280108317
# Reference: https://www.virustotal.com/gui/file/55b96b221a8aed3376ea4abf3f3ca89d07fa23bce039563a7e0f6c6e887ee2a9/detection
# Reference: https://www.virustotal.com/gui/file/3fff6f2ff5690a77d5ec7ed5cd1c85c95710e92bf06ea2ec7ecd3f64789f207e/detection
# Reference: https://www.virustotal.com/gui/file/2edae4af5d8f8f0b24cae435c08651f29b8d02e87e66acaf7e9eee1f740f93fa/detection
# Reference: https://www.virustotal.com/gui/file/2e0c0e72e3f94756ddb50ed7d52e4eeb18646625ba1035ec97a9b0e42c956b1b/detection

clicktogo.click
human-verification5.b-cdn.net

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

poko.b-cdn.net
propller.b-cdn.net
zone02.b-cdn.net

# Reference: https://x.com/kddx0178318/status/1834199075689730320

876z.b-cdn.net
verifyfull8434.b-cdn.net

# Reference: https://x.com/g0njxa/status/1834326261545529391
# Reference: https://app.any.run/tasks/d9e94e88-73b0-46ac-9318-eb09484c14e3

newvideozones.click

# Reference: https://x.com/kddx0178318/status/1834200990565773334
# Reference: https://urlscan.io/sha256/235db27b55a506bc36fd3ff9caa2174003aaed5be39a35461e81b605ab98eaef/

report1.b-cdn.net

# Reference: https://x.com/0Dayhta/status/1834393770307006624

brazilwoiuxd.click

# Reference: https://twitter.com/k3yp0d/status/1787748197361725863
# Reference: https://www.virustotal.com/gui/file/51a72e692be5bea6846e1fe7344e4a158714580921281ec5b08d6403f0a3049f/detection

fatodex.b-cdn.net

# Reference: https://x.com/dark0pcodes/status/1841878702310764872

myfilez.b-cdn.net

# Reference: https://x.com/AzakaSekai_/status/1842441626989511062
# Reference: https://www.virustotal.com/gui/file/145f6e37a5fa98aee04493102c705b677d30e2f68199758fcda669ae91c093a3/detection

files404sa.b-cdn.net
spam-check-v30.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1844356014532870603
# Reference: https://www.virustotal.com/gui/file/b4bc40366058acdb2af851a6e7fb7abf328c5fbb815654f11bc01e04f20550bc/detection

dls01.b-cdn.net
msi01s.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1846307247074238907
# Reference: https://www.virustotal.com/gui/file/79c2cd09e1e8090fca5d338443dfb3a61e11a8458599d9174d7c0460527eb22a/detection
# Reference: https://www.virustotal.com/gui/file/d70d1bb37d1c578dfea61815e5a58e49343f4996f30d3e304fb12678f090ac26/detection

mydlls1.b-cdn.net
mymsi1.b-cdn.net

# Reference: https://x.com/kddx0178318/status/1846908706518155520

captcha-verification-v20.b-cdn.net
gigav1.b-cdn.net

# Reference: https://x.com/iam_rajhans/status/1847214063886979121

cummlouder.co
app.cummlouder.co

# Reference: https://www.virustotal.com/gui/file/4940e1187d228f1e5d3bd6b4c26eea7fda3d694eced4445426c80d25edef4e40/detection

winrar01.b-cdn.net

# Reference: https://x.com/RacWatchin8872/status/1850629604370788452
# Reference: https://urlscan.io/search/#page.domain%3A%22b-cdn.net%22%20AND%20page.url%3A%22%2F.*%5C.txt%24%2F%22

1.6.0.9.2.4.tt1.b-cdn.net
1600924t1.b-cdn.net
160924tt1.b-cdn.net
aws-stores-ii.b-cdn.net
best-received.b-cdn.net
clipx.b-cdn.net
discx.b-cdn.net
doctx111.b-cdn.net
easytx.b-cdn.net
fast-choice-v10.b-cdn.net
fetchinglinknow.b-cdn.net
filepathloadss.b-cdn.net
firstzoningpull.b-cdn.net
funbunistica.b-cdn.net
get-zip.b-cdn.net
go-for-zip.b-cdn.net
iilp.b-cdn.net
keepmyfilehere.b-cdn.net
micro-store-v52.b-cdn.net
mini-storage.b-cdn.net
mnl0.b-cdn.net
mobx.b-cdn.net
next-level-verify-01.b-cdn.net
pingaadioload.b-cdn.net
pltx11.b-cdn.net
pluspagingstore.b-cdn.net
prublingapage.b-cdn.net
pz-01.b-cdn.net
pz022.b-cdn.net
rartxt41.b-cdn.net
sanfistivcr.b-cdn.net
secondlyypages.b-cdn.net
simplex.b-cdn.net
softx.b-cdn.net
storingprogress.b-cdn.net
tera14.b-cdn.net
tera15.b-cdn.net
tera18.b-cdn.net
tgsfr.b-cdn.net
togsopogso.b-cdn.net
tr10.b-cdn.net
tr14.b-cdn.net
tr15.b-cdn.net
tr18.b-cdn.net
trx41.b-cdn.net
trx77.b-cdn.net
ttx77.b-cdn.net
txtn222.b-cdn.net
view31.b-cdn.net
view42.b-cdn.net
win7.b-cdn.net
wintx41.b-cdn.net
xilx222.b-cdn.net
zone07.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1850988565510881613
# Reference: https://www.virustotal.com/gui/file/0e7688ac949ad3987d64e65782aacf4bfa1b04a7364ce843ee84027c121705b0/detection
# Reference: https://www.virustotal.com/gui/file/6485f2df14c72a461bb1988d1cbb8a57f9f032e5d0a632234de6dfa36c97539d/detection

create-desktop-verify.b-cdn.net

# Reference: https://x.com/banthisguy9349/status/1851680673301696888
# Reference: https://www.virustotal.com/gui/file/cf0c298e6e33ce0f4fd9e356b6a82ed82b588e498490223031b7befae6239c6e/detection

dllmicrosoft.b-cdn.net
msimicrosoft.b-cdn.net

# Reference: https://x.com/kddx0178318/status/1853487249704284288

v56hdblw79c0wn6.b-cdn.net

# Reference: https://x.com/banthisguy9349/status/1854145103792586797

bukfjs17hds.b-cdn.net
check-in-verified.b-cdn.net
cnnctzov1.b-cdn.net
e4df625dced6cb1e925b6d3ad117de9b.b-cdn.net
garagstorev1.b-cdn.net
getzone.b-cdn.net
getzone1.b-cdn.net
getzone2.b-cdn.net
getzone3.b-cdn.net
gochop.b-cdn.net
loadingfaslyv11.b-cdn.net
loadingfaslyv12.b-cdn.net
loadingfaslyv15.b-cdn.net
loadingfaslyv16.b-cdn.net
loadingfaslyv9.b-cdn.net
newsystem-check3.b-cdn.net
newsystem-checkt.b-cdn.net
newsystem-checkz.b-cdn.net
omkavi14.b-cdn.net
omkavi15.b-cdn.net
omkavi17.b-cdn.net
pub-d6448def2aba44ce96071bebcc1ce641.r2.dev
sdsdfzipo.b-cdn.net
steppingfrpage.b-cdn.net
trx11.b-cdn.net
verified-desktop-in.b-cdn.net
verify-check-you.b-cdn.net
zip-store.oss-ap-southeast-1.aliyuncs.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-09)

bot-checker.b-cdn.net
bot-detector.b-cdn.net
botcheck.b-cdn.net
captcha-verification-sys-v1.b-cdn.net
check-bot11.b-cdn.net
checkthisverify.b-cdn.net
first-steps.b-cdn.net
hbhjkbjhbjkhv11.b-cdn.net
human-verification4.b-cdn.net
human-verify1.b-cdn.net
robo-step.b-cdn.net
spam-check1.b-cdn.net
stream-checker.b-cdn.net

# Reference: https://app.validin.com/detail?find=193.151.136.249&type=ip4&ref_id=f772d7b812d#tab=resolutions
# Reference: https://urlscan.io/result/8e20749c-dff0-40a5-b23c-637e3f5efceb/

philipson.agency
philipson-agency.com

# Reference: https://x.com/JAMESWT_MHT/status/1865460372553023874
# Reference: https://www.virustotal.com/gui/file/239ee15976c36dbd71785d29fe0ae9ec5b6ea70f022ceccc77edb0767efc1d16/detection

193.143.1.46:6110
dbasopma.me

# Reference: https://x.com/salmanvsf/status/1866412050395840572
# Reference: https://urlscan.io/search/#page.title.keyword%3A%22Verify%20You%20Are%20Human%22

0000353-stripe.com
000330-stripe.com
000331-stripe.com
000332-stripe.com
000333-stripe.com
000334-stripe.com
000991-stripe.com
000993-stripe.com
000994-stripe.com
003390-stripe.com
003391-stripe.com
003392-stripe.com
003395-stripe.com
0612023314-stripe.com
094855-stripe.com
1202102023-stripe.com
2023024760-stripe.com
2023142426-stripe.com
2023213840-stripe.com
user0063-stripe.com
user0067-stripe.com
user00761-stripe.com
user00762-stripe.com
user00769-stripe.com
user00900-stripe.com
user00901-stripe.com
user00902-stripe.com
user00903-stripe.com
user00904-stripe.com
user00991-stripe.com
user06078-stripe.com
9c4ec7f3f95c448b85e464d2b533aac20.b-cdn.net
9c4ec7f3f95c448b85e464d2b533aac29.b-cdn.net
anti-automation-v2.b-cdn.net
antibotx.b-cdn.net
any-44.b-cdn.net
any-46.b-cdn.net
baptist-texas.net
barzi7.b-cdn.net
barzi8.b-cdn.net
bestdrugs.biz
bmy7etxgksxo.objectstorage.sa-santiago-1.oci.customer-oci.com
bot-blocker-v3.b-cdn.net
bot-blocker-v9.b-cdn.net
bot-check-e15.b-cdn.net
bot-check-page.b-cdn.net
bot-check-v5.b-cdn.net
bot-check-v9.b-cdn.net
bot-detection-v1.b-cdn.net
bot-detection-v3.b-cdn.net
bot1check.b-cdn.net
botcheck-encrypted-system.b-cdn.net
captcha-page.b-cdn.net
captcha-recognition-v2.b-cdn.net
captcha2-6pe.pages.dev
cdn-downloads-now.xyz
check-page316.b-cdn.net
check-your-humanity.b-cdn.net
check-zone-v11.b-cdn.net
cherry-bounce.b-cdn.net
darkbonet.darkdumps.xyz
darkdumps.xyz
dashboard01-stripe.com
dashboard122-stripe.com
dashboard2236-stripe.com
dashboard2313-stripe.com
dashboard26-stripe.com
dashboard2730-stripe.com
dashboard2883-stripe.com
dashboard3212-stripe.com
dashboard3982-stripe.com
dashboard563-stripe.com
dashboard9-stripe.com
dealpills24.com
doc-view-files.wxrunie.do
drugsonline.biz
eu-prime-service.com
expressway.b-cdn.net
fax-docs-viewer.s3.amazonaws.com
fileyes.b-cdn.net
fina-page-of-v39.b-cdn.net
final-chek-v10.b-cdn.net
final-chek-v14.b-cdn.net
final-chek-v18.b-cdn.net
final-chek-v25.b-cdn.net
final-chek-v28.b-cdn.net
final-chek-v31.b-cdn.net
final-chek-v33.b-cdn.net
final-chek-v34.b-cdn.net
final-chek-v37.b-cdn.net
final-chek-v45.b-cdn.net
final-step-v15.b-cdn.net
first-path.b-cdn.net
frelancervn.com
full-fast-movie-downloader.b-cdn.net
gaccess.b-cdn.net
gaccess1.b-cdn.net
gaccess19.b-cdn.net
gaccess2.b-cdn.net
get-to-step-007.b-cdn.net
heic2.b-cdn.net
human-checking-10.b-cdn.net
human-verification2.b-cdn.net
human-verification3.b-cdn.net
id-check-bot-b.b-cdn.net
id-check-bot-v4.b-cdn.net
impcaptchapage.b-cdn.net
information-first.com
ip-check-v12.b-cdn.net
kon-lita01.b-cdn.net
lab.adversarygroup.com
landingp1.b-cdn.net
last-step-v44.b-cdn.net
last-v89-verify.b-cdn.net
lets-move-to10.b-cdn.net
load-check003.b-cdn.net
loading-wait.b-cdn.net
loadingfaslyv8.b-cdn.net
loadvistufinv24.b-cdn.net
marimarbahamas.me
myhotdrug.com
mymedshoplive.com
mypull-zone.b-cdn.net
nowheretocallhome.com
omkavi05.b-cdn.net
omkavi10.b-cdn.net
omkavi12.b-cdn.net
onlinepharmacytab24.com
picklejuice.com
pillsonlineservices.com
pillsshoplive.com
pillsyou.com
pillzone.net
profit25.online
prop-bot.b-cdn.net
prop-check.b-cdn.net
prop-guard.b-cdn.net
prop-sheild.b-cdn.net
pub-7a0525921ff54f1193db83d7303c6ee8.r2.dev
qabu-botafile.b-cdn.net
ready-to-go-100.b-cdn.net
ready-to-go-101.b-cdn.net
ready-to-go-104.b-cdn.net
ready-to-go-113.b-cdn.net
ready-to-go-29.b-cdn.net
ready-to-go-4.b-cdn.net
ready-to-go-90.b-cdn.net
ready-to-go-93.b-cdn.net
recaptcha-checking-v3.b-cdn.net
redirect-to-this-111.b-cdn.net
relatomomento.online
request-pending.b-cdn.net
restoindia.me
robo-test.b-cdn.net
robot-detect-sys-v30.b-cdn.net
robot-detect-x1.b-cdn.net
robot-detection-sys-v2.b-cdn.net
safe-access-zone-v1.b-cdn.net
safe-page-b1.b-cdn.net
safe-page-b3.b-cdn.net
scan-bot13.b-cdn.net
scan-bot4.b-cdn.net
sec-check-v1.b-cdn.net
secure-bot22.b-cdn.net
secure-bot9.b-cdn.net
secure-step-a1.b-cdn.net
sg-authentification-g.com
sg-authentification-h.com
sg-authentification-i.com
sg-authentification-m.com
sg-authentification-n.com
solunadevelopment.com
spam-auth-v1.b-cdn.net
spam-detect-v1.b-cdn.net
spam-protect-v1.b-cdn.net
spam-verification.b-cdn.net
spam-verify.b-cdn.net
spark-captcha.netlify.app
step-second.b-cdn.net
step-to-verify-b93.b-cdn.net
tempcontrol.cfd
texasprimeservices.com
travelwithandrew.xyz
us-north-11-wasabisys.b-cdn.net
us-north-7-wasabisys.b-cdn.net
user0-stripe.com
user0019-stripe.com
user0066-stripe.com
user00766-stripe.com
user00990-stripe.com
user00992-stripe.com
user00993-stripe.com
user0243-stripe.com
user0244-stripe.com
user0246-stripe.com
user0247-stripe.com
user0258-stripe.com
user0261-stripe.com
user0262-stripe.com
user0269-stripe.com
user0279-stripe.com
user0282-stripe.com
user0319-stripe.com
user0421-stripe.com
user0473-stripe.com
user0519-stripe.com
user0541-stripe.com
user0619-stripe.com
user06660-stripe.com
user0679-stripe.com
user0694-stripe.com
user0719-stripe.com
user072-stripe.com
user0721-stripe.com
user0761-stripe.com
user0819-stripe.com
user0864-stripe.com
user0919-stripe.com
user0996-stripe.com
user11607-stripe.com
user12477-stripe.com
user13477-stripe.com
user19-stripe.com
user2134-stripe.com
user2239-stripe.com
user2619-stripe.com
user31007-stripe.com
user3190-stripe.com
user3212-stripe.com
user3219-stripe.com
user3289-stripe.com
user3539-stripe.com
user4002-stripe.com
user4329-stripe.com
user609-stripe.com
user60993-stripe.com
user60994-stripe.com
user6363-stripe.com
user6426-stripe.com
user6519-stripe.com
user6643-stripe.com
user7531-stripe.com
user7659-stripe.com
user8479-stripe.com
user910095-stripe.com
user9132-stripe.com
user9334-stripe.com
user9719-stripe.com
user9879-stripe.com
ver-bot1.b-cdn.net
ver-bot5.b-cdn.net
verification.northeurope.cloudapp.azure.com
verified-robot.b-cdn.net
verify-hostname.b-cdn.net
verifyrobot.b-cdn.net
viettelpay79.com
ytfjghloadv1.b-cdn.net
zonistoringv1.b-cdn.net

# Reference: https://x.com/JAMESWT_MHT/status/1868568379835158564
# Reference: https://www.virustotal.com/gui/file/92f2599f5dc2df644e9bbd4688c75eb36f2a0dcd12324e608289f43b56156cfd/detection

193.143.1.46:6129
dbasopma.biz
dbasopma.club
dbasopma.info
dbasopma.one
dbasopmagroup.forum
desired-equally-delete-choir.trycloudflare.com

# Reference: https://x.com/JAMESWT_MHT/status/1868604703103402112
# Reference: https://app.validin.com/detail?find=51.89.158.77&type=ip4&ref_id=b806ceb2d08#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/be08b9a4ae8b267dcead07a7ef284cec889ac4d42250f753b6d89b327c34af79/detection
# Reference: https://www.virustotal.com/gui/file/7672dc5342d9001339635a974819294371142bdfbe9edaa5af64854dc8361d44/detection

51.89.158.77:3452
51.89.158.77:7020
calvindavennnopport.shop
jsfbanming.shop
krynifbeqw.shop
shippingmentnotice.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-09-18-v10697/1989

controlleractiveserver.com
document-publisher.org
download.instructionclub.com
download.instructionclubs.com
downloadfile.b-cdn.net
instructionclub.com
instructionclubs.com
mato-camp2.b-cdn.net
mato2.b-cdn.net
mato3f.b-cdn.net
peco.b-cdn.net
powers.b-cdn.net
sitehealthtipsart.com
streamvideox.b-cdn.net
trackmyshipeng.sitehealthtipsart.com
transparency.b-cdn.net
vidstreemz.b-cdn.net
zexodown-2.b-cdn.net

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-04-v10788/2227

desbullariamos.sa.com
recommends-returned-browser-brave.trycloudflare.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-11-v10796/2254

carldi.org
maybelsrka.my
youngsweays.my

# Reference: https://x.com/salmanvsf/status/1879441183237427585
# Reference: https://urlscan.io/search/#page.server:%22WsgiDAV/4.3.0%20Cheroot/9.0.0%20Python/3.11.1%22

101.99.94.234:8080
142.11.195.90:8888
144.126.134.25:5000
144.126.134.25:8080
154.216.18.97:5865
154.216.18.99:5228
154.216.18.99:9175
193.143.1.46:5938
212.28.178.113:8080
212.28.178.113:8888
51.89.199.99:9094
57.128.129.22:5378
62.146.227.231:8080
62.146.227.231:8888
acorsclouts.duckdns.org
ap-0182.cfd
bapromuxbes.duckdns.org
bkasgseves.duckdns.org
burrkeklprinting.tech
capitalisca.duckdns.org
dbasopma.art
dbasopma.click
dbasopma.cv
dbasopma.my
ebimmes.duckdns.org
fr-form-hugsd.duckdns.org
indepopobkasgseves.duckdns.org
ip22.ip-57-128-129.eu
reducapromuxbes.duckdns.org
renouv-maladie-enligne.com
sac-pores.duckdns.org
sinkcado.duckdns.org
spredingrm2.duckdns.org
trackmyshipang.site
trackmyshipmng.site
trackmyshipnng.site
trackmyshipqng.site
vmi1838661.contaboserver.net

# Reference: https://urlhaus.abuse.ch/asn/60068/ (# 2025-01-26)

condmattes.b-cdn.net
escritor.b-cdn.net
getfile420.b-cdn.net
infinitys.b-cdn.net
kinbowex.b-cdn.net
klkl9.b-cdn.net
moixerintendent.b-cdn.net
mubjahuke.b-cdn.net
nopar.b-cdn.net
platfrm.b-cdn.net
surficingpag.b-cdn.net
ump911.b-cdn.net
zuiolressodermic.b-cdn.net

# Reference: https://x.com/salmanvsf/status/1934515880526012617
# Reference: https://www.virustotal.com/gui/file/ff5e584010c2fda05098cc76ffa1a056d3a489deb89292f283247511bdda9f7d/detection

http://196.251.116.154
http://45.137.99.210
http://93.113.25.151
wurmlingenkoribunduseiffen.com
/v10/buhm.php

# Reference: https://x.com/smica83/status/1937478435208610258
# Reference: https://x.com/ShanHolo/status/1939613456325599493
# Reference: https://tria.ge/250624-ntnhxaswet/behavioral2
# Reference: https://www.virustotal.com/gui/file/9258a7ec655140209e0337a49e32a1720574acbc9858a86b7ac895f25e41a172/detection

141.98.6.14:5563
cdnhelofin.pro

# Reference: https://www.virustotal.com/gui/file/01ea80da0e4635a0516044148e322ab4fe93806b396e232483299422dc84e559/detection

179.43.167.210:3333
179.43.167.210:3334
helpfandaven.org
