# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: veil

# Reference: https://www.virustotal.com/gui/file/67d8a0e47628fad2ac3c107361712fbd62baafd6765cebe27050799467ece1d3/detection

3.19.3.150:18789

# Reference: https://www.virustotal.com/gui/file/a1a8571463e9eb9eec7d5c97ec0abe6fd857b0ca194368323e9e67a6b6950cf5/detection

18.223.41.243:17796
3.19.3.150:17796

# Reference: https://www.virustotal.com/gui/file/658f70cc473ac26588b8bcae90590d580149fbec14391d2e1ee3975d7f64a0f7/detection

3.19.3.150:16490

# Reference: https://www.virustotal.com/gui/file/a3ed5434cd0962e13e85377f3e2737b027d75f46445ce2410dc5538164242be9/detection

3.17.202.129:17299

# Reference: https://www.virustotal.com/gui/file/e9d549022bb6cca4724e0c4ba327090feed28274ca2d34753a53c7d62fc691f5/detection

3.19.3.150:17499

# Reference: https://www.virustotal.com/gui/file/b44b3bf9f2e8ec761a3523d45cde7eb11b13f4092c0c5c537f2b8951eaee3f9a/detection

3.19.3.150:18664

# Reference: https://www.virustotal.com/gui/file/1607f9a67c6d215557a5d6eb013a7bf0b09ea485717318d2f596c6231a4b3e13/detection

3.135.90.78:13947
3.20.98.123:13947

# Reference: https://twitter.com/malwrhunterteam/status/1291329141124616194
# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/485fcf4c2834e20d71b6765eccd79f6b0880d6a9fdc5d3e519a943862e9b8246/detection

77.52.245.101:8080

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/30eb8727af3b8a2f4551574c7d826e9f27480e79d242b92d392b1f64091acf12/detection

77.52.149.197:8080

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/314ce9b62cecb9435d9ff2338943e4e784cbfbaf9a65dbda7fe1064f477afe41/detection

77.52.147.162:591

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/11123fd370dfdb5d9d5cade853fa923679377c7791bda00d2f415078e2729e65/detection

77.52.245.101:8008

# Reference: https://bazaar.abuse.ch/browse/tag/RITEIL%20SERVIS%20OOO/
# Reference: https://www.virustotal.com/gui/file/ea1213c0a684662e8305cfe1c6eeebbb12a9d1404e7571438d3730cc1df1caab/detection

77.52.149.197:11371

# Reference: https://www.virustotal.com/gui/file/8b960bc33cfb67c684a678041c828c2bf9ad9f8786c9bc53783bcc7cac158ecb/detection

156.204.54.101:1234
freenote20.ddns.net

# Reference: https://www.virustotal.com/gui/file/4d8714d498d56758f59f6a4e1e65767d01b5a8fa07442895b5d4469b39caa8e3/detection

193.161.193.99:28503
private147-28503.portmap.host

# Reference: https://www.virustotal.com/gui/file/72b9e6cddd3b847e45835a7d32afbc37a2d07065217d21966c9538590b4b4317/detection

114.255.25.23:39999

# Reference: https://www.virustotal.com/gui/file/409f9f3a71decc2746cfa80d821916dcc93f30bccd0d0970335b634fa89ac68e/detection

120.78.194.220:8080

# Reference: https://www.virustotal.com/gui/file/968f0fd6bda81147e5838dec62dc524c899590dbf809c6d66ecf9deebcf0c8c2/detection
# Reference: https://www.virustotal.com/gui/file/07a35f757860a3e154ba22422ffe5d3346d1b9d35d512ea71eb2c14c8104c1a4/detection

http://8.210.57.138
8.210.57.138:443
mozi.fun

# Reference: https://www.virustotal.com/gui/file/3aa7e67de95a64bb63449c70845a262fc29deeeea15da925d92301dabbd06c45/detection
# Reference: https://www.virustotal.com/gui/file/189dd6d63e9ef007d479d7abc6a3e66a09036b92a8e22b5808e78a53ad3d23e6/detection

117.252.180.207:8081
59.98.19.237:8086
server441.ddns.net

# Reference: https://www.virustotal.com/gui/file/26e872bffc7855d27db5202f64ce052780e9011a3a0d044a5e58c904668446db/detection

http://65.49.209.210
65.49.209.210:8123
panda.homes

# Reference: https://twitter.com/luc4m/status/1473016100208193538
# Reference: https://www.virustotal.com/gui/file/07d2c7e6ad2f889fc3ab3313b01f2c4fdb698a273309d9674a539bb49e935096/detection
# Reference: https://www.virustotal.com/gui/file/d7e30e17c271be6e32c4492c65432d96addde5de51b5a2f296f6bb0c9b8e73d1/detection

185.254.196.122:4445

# Reference: https://www.virustotal.com/gui/file/e537a63ffbb92e25061fd4e8d210b8c9ba96c9c74c8f3c5683e06fa766c095dc/detection

freename.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/78a5601d6e622921b5364d265445316aa7a7a83c508150c133e0bfb0ffb8f69e/detection

f0589740.xsph.ru

# Reference: https://www.virustotal.com/gui/file/8f9995aaaf8096437e625027c31650ccf8a2d35bf841c0fe489e267f6cfe4c16/detection

http://110.42.170.219
110.42.170.219:8080

# Reference: https://twitter.com/malwrhunterteam/status/1492139766409748487
# Reference: https://www.virustotal.com/gui/file/afe1274014f8b9221aba0dbab08fd3cc7bb8a436745e65697fb8c88ac37fbb82/detection

hublinklogistics.online
mail.hublinklogistics.online

# Reference: https://www.virustotal.com/gui/file/2e2a71e5f2139a640b436f6894a944b3d02c85744c211aaa266e12761543efc5/detection

120.79.99.82:6666

# Reference: https://www.virustotal.com/gui/file/1821113b7134dcaebd9004a1c84b862e97be6b9a8dbce62fe4b4440656430fb9/detection

1qaz5tgb.vaiwan.com

# Reference: https://www.virustotal.com/gui/file/af469070fb16d7cefd7f19240629483575764a59049f6cca4180d2518f4bf969/detection
# Reference: https://www.virustotal.com/gui/file/b7bcb5ec0b229b7547f9b24524b1964b997025db1437a14c27ef6b698e14c6bb/detection

83.41.130.122:1337
83.41.130.122:1338
83.41.130.122:1339
/payloads/n71.py
/payloads/sQs.py
/stagers/n71.py
/stagers/sQs.py
/flask_wtf/

# Reference: https://www.virustotal.com/gui/file/2f7258db6cebcdc2ed7082576ed37580c9061010356c0be0f69876ee4b8033aa/detection

51.81.133.91:956
ramziv.com

# Reference: https://www.virustotal.com/gui/file/899719a27c8b0648d94db95975b53a262f735024714b18135ac4ced227df6950/detection

5.39.217.212:1338

# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030667.html

anti-theft-web.herokuapp.com

# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/WSL%20samples.txt
# Reference: https://www.virustotal.com/gui/file/53854c6d163bfd0c56d8b297ac43bd25c21f696de6063031241e792ee65df441/detection

185.63.90.137:1338

# Reference: https://www.virustotal.com/gui/file/92b901f3e6d45ab35153af340ea89d52aa3cc10bea0c2ad73cc6dfc51c8dd8de/detection

193.233.48.102:8082
193.233.48.103:8082
193.233.48.104:8082
193.233.48.105:8082
193.233.48.106:8082
193.233.48.112:8082
193.233.48.114:8082
193.233.48.119:8082
193.233.48.11:8082
193.233.48.120:8082
193.233.48.123:8082
193.233.48.124:8082
193.233.48.125:8082
193.233.48.128:8082
193.233.48.130:8082
193.233.48.131:8082
193.233.48.133:8082
193.233.48.134:8082
193.233.48.136:8082
193.233.48.137:8082
193.233.48.138:8082
193.233.48.143:8082
193.233.48.144:8082
193.233.48.150:8082
193.233.48.152:8082
193.233.48.156:8082
193.233.48.157:8082
193.233.48.159:8082
193.233.48.161:8082
193.233.48.163:8082
193.233.48.165:8082
193.233.48.166:8082
193.233.48.16:8082
193.233.48.171:8082
193.233.48.172:8082
193.233.48.174:8082
193.233.48.176:8082
193.233.48.177:8082
193.233.48.179:8082
193.233.48.17:8082
193.233.48.180:8082
193.233.48.185:8082
193.233.48.186:8082
193.233.48.188:8082
193.233.48.190:8082
193.233.48.191:8082
193.233.48.195:8082
193.233.48.196:8082
193.233.48.199:8082
193.233.48.201:8082
193.233.48.202:8082
193.233.48.208:8082
193.233.48.209:8082
193.233.48.20:8082
193.233.48.210:8082
193.233.48.213:8082
193.233.48.219:8082
193.233.48.21:8082
193.233.48.221:8082
193.233.48.222:8082
193.233.48.228:8082
193.233.48.230:8082
193.233.48.232:8082
193.233.48.235:8082
193.233.48.238:8082
193.233.48.240:8082
193.233.48.243:8082
193.233.48.251:8082
193.233.48.25:8082
193.233.48.29:8082
193.233.48.30:8082
193.233.48.31:8082
193.233.48.32:8082
193.233.48.38:8082
193.233.48.39:8082
193.233.48.42:8082
193.233.48.43:8082
193.233.48.46:8082
193.233.48.51:8082
193.233.48.54:8082
193.233.48.55:8082
193.233.48.59:8082
193.233.48.61:8082
193.233.48.70:8082
193.233.48.72:8082
193.233.48.75:8082
193.233.48.7:8082
193.233.48.81:8082
193.233.48.82:8082
193.233.48.88:8082
193.233.48.8:8082
193.233.48.92:8082
193.233.48.93:8082
193.233.48.95:8082
193.233.48.97:8082
193.233.48.99:8082
194.87.218.105:8082
194.87.218.107:8082
194.87.218.108:8082
194.87.218.113:8082
194.87.218.114:8082
194.87.218.115:8082
194.87.218.116:8082
194.87.218.11:8082
194.87.218.129:8082
194.87.218.12:8082
194.87.218.130:8082
194.87.218.132:8082
194.87.218.143:8082
194.87.218.144:8082
194.87.218.151:8082
194.87.218.155:8082
194.87.218.159:8082
194.87.218.161:8082
194.87.218.166:8082
194.87.218.16:8082
194.87.218.172:8082
194.87.218.175:8082
194.87.218.182:8082
194.87.218.188:8082
194.87.218.191:8082
194.87.218.199:8082
194.87.218.19:8082
194.87.218.200:8082
194.87.218.202:8082
194.87.218.207:8082
194.87.218.20:8082
194.87.218.211:8082
194.87.218.220:8082
194.87.218.229:8082
194.87.218.22:8082
194.87.218.232:8082
194.87.218.235:8082
194.87.218.245:8082
194.87.218.246:8082
194.87.218.30:8082
194.87.218.41:8082
194.87.218.45:8082
194.87.218.50:8082
194.87.218.52:8082
194.87.218.54:8082
194.87.218.55:8082
194.87.218.62:8082
194.87.218.63:8082
194.87.218.65:8082
194.87.218.69:8082
194.87.218.7:8082
194.87.218.91:8082
194.87.218.98:8082
194.87.218.99:8082

# Reference: https://www.virustotal.com/gui/file/56c71771fe95f622e089af65b0eb8eada4b540d05a5ca62266066076b11cb0a2/detection

104.21.36.13:2096
175.178.253.29:8078

# Reference: https://www.virustotal.com/gui/file/16a40c4043a9eb9b0a08856304fb1212e28d445d86b81d7c4d22a6b5f6e7754e/detection

172.67.183.14:2096

# Reference: https://twitter.com/jaydinbas/status/1555252921381621763
# Reference: https://twitter.com/r3dbU7z/status/1609167125159071746
# Reference: https://twitter.com/malwrhunterteam/status/1612878799707983873
# Reference: https://www.joesandbox.com/analysis/781545?idtype=analysisid#iocs
# Reference: https://www.virustotal.com/gui/ip-address/199.188.206.3/relations
# Reference: https://www.virustotal.com/gui/ip-address/206.166.251.12/relations
# Reference: https://www.virustotal.com/gui/file/24d66c7d5c6250403a957c282772b01c9edab85a29bcea8e0690ad7672f74ddf/detection
# Reference: https://www.virustotal.com/gui/file/4a32aa89a5250801c53d19370d98682e0561b642901bdd2987831bc983e0a544/detection
# Reference: https://www.virustotal.com/gui/file/f4354796c7aee104f6cfe1f66aef5bd03cdefde90409cc8ae529024ce60e09ee/detection

http://206.166.251.12
169.239.129.108:5555
bbprizz.com
prizebb.com
securewares.site
secureway.fun
files.secureway.fun
login.securewares.site
login.secureway.fun
install.realproheros.com

# Reference: https://www.virustotal.com/gui/file/a64245a5843cf289fb23169c561f9136c873165eb9d883bec47faeb73d3b8f4e/detection
# Reference: https://www.virustotal.com/gui/file/936ab5649f300aeab28640239bdf7e8eb62f8dc5344ffffe87912c97e28fe389/detection
# Reference: https://www.virustotal.com/gui/file/72fbcc57dc384ded926a96bbf82cac503f3986f2cb96178be259b91f961dbe41/detection
# Reference: https://www.virustotal.com/gui/file/53dc1be94450eeb91f1d36f27d056e834e05ee35a0b44f0c1818dfe684ce08c8/detection
# Reference: https://www.virustotal.com/gui/file/3a6d373f3bc8e36145a7e5d48465836fe80bf3cdde30377ac90a03eb1df5a371/detection

43.143.162.153:8080

# Reference: https://www.virustotal.com/gui/file/1fe0162e3b68d41262d29b77005d2e13e0af309dcd0b1a4f09d350bc1614afea/detection

11.23.33.44:47143
dumb5206-47143.portmap.host

# Reference: https://blog.talosintelligence.com/threat-roundup-1021-1028-2/ (# Win.Malware.Python-9975702-0)

foxlocfe.beget.tech
hacker.my1.ru
s30.ucoz.net
s51.ucoz.net
s54.ucoz.net

# Reference: https://www.virustotal.com/gui/file/991db79632f6f6f4a5d6a6575aed744492aa2954e2c09f01242422061b3593c7/detection

139.162.77.242:8080

# Reference: https://twitter.com/r3dbU7z/status/1595181847016767493
# Reference: https://twitter.com/r3dbU7z/status/1595727153567498242
# Reference: https://www.virustotal.com/gui/file/f2819b77b1061be1f6f32c8c142df471f3771dbfb4d26c89c14faae8048af7b7/detection

139.162.77.242:8081
139.59.11.24:8080
139.59.11.24:8081

# Reference: https://twitter.com/malwrhunterteam/status/1599021885173379072
# Reference: https://www.virustotal.com/gui/file/f73ccd67a7a37668cbba6a8015a177373593252a83eeb7a1c0302ba2b648ecaa/detection
# Reference: https://www.virustotal.com/gui/file/4ba80767469a39af019984693582f006395b5fada1f68a407417d6b9595d0aea/detection

44.230.248.34:22

# Reference: https://www.virustotal.com/gui/file/181fcaee6492e81918abb48e75a1ec7ee441f30814f927458a86896c3d686872/detection

145.14.144.98:42439
145.14.145.4:43668

# Reference: https://twitter.com/Purp1eW0lf/status/1602989967776808961

179.60.149.28:4427

# Reference: https://www.virustotal.com/gui/file/1c88ebbedebe88e9de3b0694fcfc50db071201ec03b515ed7e383ce7701d3499/detection
# Reference: https://www.virustotal.com/gui/file/8c96f68983d2121849c035f840232fa2882fe36d3330ba7751fe5087e39274f5/detection

178.250.158.229:443

# Reference: https://twitter.com/r3dbU7z/status/1608014855084072962
# Reference: https://www.virustotal.com/gui/ip-address/168.138.130.12/relations
# Reference: https://www.virustotal.com/gui/file/c3d211758a1061afe67cfeb1e63a4c3cc870534e8b6bab2fbb5423e56268ff96/detection
# Reference: https://www.virustotal.com/gui/file/f3b47d77553a489ab492849a3d8045f33d978d785b270e4d79309b41d8f91aa9/detection

updateptbr.online
archive.updateptbr.online
mail.updateptbr.online
mx.updateptbr.online

# Reference: https://www.virustotal.com/gui/file/bebb0109b37c20614dd423fac267883f1d82b57e361e66ec215f0560a415d5f3/detection

http://108.61.117.30

# Reference: https://www.virustotal.com/gui/file/27e69c96af1f692ce43706904de61f841abec45a57ff0b7a7d3cbbb417455a53/detection

http://179.60.150.118
179.60.150.118:443

# Reference: https://twitter.com/malwrhunterteam/status/1616055391045156866
# Reference: https://www.virustotal.com/gui/file/74dd9c8896969dac4e61de8a790dc8e11f1683ddb800f841574c27984b6b82c3/detection

152.136.105.53:801

# Reference: https://twitter.com/Artilllerie/status/1628774019380961282

free-gptchat.com

# Reference: https://twitter.com/AuCyble/status/1632685255072296966
# Reference: https://www.virustotal.com/gui/ip-address/185.225.69.192/relations
# Reference: https://www.virustotal.com/gui/file/cf00187ab49e7b08e5500b5ffcfb22529f4c4556567a7fe1bc5dcd4a9438d1c7/detection

chat-gpt-ai-pc.info

# Reference: https://twitter.com/drfabiocastro/status/1635164514017771520
# Reference: https://www.virustotal.com/gui/file/0b55c8f9aa113984ddf72ad57d7fcebff0f43f8dd509283777c9de5491132707/detection
# Reference: https://www.virustotal.com/gui/file/ac84a2aafd0b308baaf423124f85460dc06a968928c2b7c21c7430ec197a82f2/detection

capcutdesktop.shop
capcutdesktop.site
capcutdesktop.xyz
darktext.xyz

# Reference: https://www.virustotal.com/gui/file/8d93df88c993e8513157cf4c66af85c9fe0f59414a95efa3ab14d1d1a68fcc4c/detection

206.189.80.59:22117
asia-southeast-48343.packetriot.net
pensive-smoke-55664.pktriot.net

# Reference: https://www.virustotal.com/gui/file/676bbc867f33262416dda81ebc8e09687e4f293eb40f63781f779618266ed885/detection

chemistry.kqnfkpoccicxiudstqonfotuwsrhuxkwhqjjfsbjhonoubrccy.nl

# Reference: https://twitter.com/reecdeep/status/1651154171125481476
# Reference: https://twitter.com/conTao621399/status/1651237168226942981

# 202.117.92.133:27017
45.82.71.11:4433
45.82.71.11:5555
45.82.71.11:6666
45.82.71.11:8879

# Reference: https://unit42.paloaltonetworks.com/chatgpt-scam-attacks-increasing/
# Reference: https://otx.alienvault.com/pulse/64417ea3fd9afae377286978
# Reference: https://www.virustotal.com/gui/file/ab68a3d42cb0f6f93f14e2551cac7fb1451a49bc876d3c1204ad53357ebf745f/detection
# Reference: https://www.virustotal.com/gui/file/94a064bf46e26aafe2accb2bf490916a27eba5ba49e253d1afd1257188b05600/detection

appleshop.top
chatgpt-oracle.com
chatgpt.jobs
chatgptforchrome.com
openai.us
openai.xyz
x2chatgpt.org
chatgpt.appleshop.top
pay.chatgpt-oracle.com

# Reference: https://www.virustotal.com/gui/file/61ef1298ffdb8ec4816a94462e80c4969d23576af5cbdd6a7c6b90b67eb70456/detection

122.10.90.12:28888

# Reference: https://www.virustotal.com/gui/file/2286add62333a0d31dd45b753aea2c94177593578b8c5880a805aa479c77f680/detection

122.10.88.226:9000

# Reference: https://www.virustotal.com/gui/file/12d46e88e20b579e1f260a61872a52d34f15f248846e3552464970b79d4aa8ff/detection

47.102.122.197:4455

# Reference: https://www.virustotal.com/gui/file/b692e438cef89dc57d7cf774a1eaa97ff88fd1e9c287546ad685bb9b3e9a6bac/detection

62.171.178.45:443
62.171.178.45:4444

# Reference: https://www.virustotal.com/gui/file/d2842dbfdebd337ba986346ec6ec19dba59cd5a39f8b93d60e6e38a21beb43d6/detection

100.42.74.199:10073

# Reference: https://www.virustotal.com/gui/file/043ddeb68f8613c931e300b2d34799014f6a2eab2e4caa91dd22915cbf777f0f/detection

18.231.93.153:10337

# Reference: https://twitter.com/xorJosh/status/1717504124764233944
# Reference: https://www.virustotal.com/gui/ip-address/23.227.203.165/relations

winccp.net

# Reference: https://twitter.com/johnk3r/status/1729191313973948808
# Reference: https://x.com/naumovax/status/1805250614995066997
# Reference: https://tria.ge/231107-vt8bmscc7z/behavioral1
# Reference: https://www.virustotal.com/gui/file/160096748e6c23f97fde1b7dca24663118daf8830f589bf59fc2b758634463fd/detection
# Reference: https://www.virustotal.com/gui/file/5a1f859bf7bce4b755ca5afb777748b3d95b36f7395db0d8a41398c50913dcfc/detection

186.210.228.82:4418
186.210.228.82:6273
186.210.228.82:7311
186.210.228.82:8294
20.197.230.172:3821
20.197.230.172:7311
20.197.230.172:9983
20.197.248.236:2119
20.197.248.236:3821
20.197.248.236:5178
20.197.248.236:8294
camera-empresa.accesscam.org
cei.sytes.net
varejaobrasil.ddns.net
yunes.ddns.com.br
dpsols7.autodesk360.com
fkj993yf3933.brazilsouth.cloudapp.azure.com
gg498jhh2x9434.brazilsouth.cloudapp.azure.com
hh5839004jh.brazilsouth.cloudapp.azure.com
ibs11xkd8943.brazilsouth.cloudapp.azure.com
jghskd9kfx7.brazilsouth.cloudapp.azure.com
kf4fj92zfkj92.brazilsouth.cloudapp.azure.com

# Reference: https://twitter.com/johnk3r/status/1732385424369225915
# Reference: https://tria.ge/231206-qrs2qadd3t/behavioral2

getmola6.autodesk360.com
kj5kj3x48yx483004jxxkjsxx000334.brazilsouth.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/da069c387ccdc8b187d75a722f790f62d36388ea542e5c33e4f444c7dbe66b63/detection

51.89.19.244:46718

# Reference: https://twitter.com/Artilllerie/status/1760956928811745634
# Reference: https://twitter.com/JAMESWT_MHT/status/1760985250086506973
# Reference: https://www.virustotal.com/gui/ip-address/192.30.138.157/relations
# Reference: https://www.virustotal.com/gui/file/2949487e3dbd5caf6ddd488bdc92946088e81fafb27a6a29be84c1de8ff48b8d/detection

capcut-desktop-pro.com
comturonepro.com
cyberlinksk.com
cyberlinkskd.com
freedownloadmanage.org
gimp-pc.com

# Reference: https://www.virustotal.com/gui/file/a46a1feb67c1358872ffaa83f108646fbb7d9288142c773d7beb8e9e90aa0300/detection

c2.igboat.com

# Reference: https://twitter.com/johnk3r/status/1780994904526664128
# Reference: https://www.virustotal.com/gui/file/00450b58b2cd5f736c3f3951182f1aa324e490c7145736c31b17c7a52caf74a8/detection

balgogan-kerago.eu

# Reference: https://twitter.com/RacWatchin8872/status/1783851718737903830
# Reference: https://www.virustotal.com/gui/file/9c759b30dc3b3f36e739f7549b21112329686673e3673a697cb3d41cb13a3962/detection
# Reference: https://www.virustotal.com/gui/file/37ba18a7d992cd0dd9ed49a70a3552289552d50ac0a938072eba0bc1de5f5691/detection

129.154.46.185:32768
129.154.46.185:32773
129.154.46.185:32774
129.154.46.185:8080
vyapar.vaisworks.com

# Reference: https://twitter.com/abodovic1/status/1788300833605533764

145.220.74.183:1338

# Reference: https://x.com/G60930953/status/1815811815722439090
# Reference: https://www.virustotal.com/gui/file/5ba542fcfa45d50c0d65dda4dbbd7a28f737a2fc53841ddaab7f68ae1cdf5183/detection
# Reference: https://www.virustotal.com/gui/file/584f9af427ee5257848efc4dbc7a16f96715e33ede7cb6ae3933d94af5894ec7/detection

http://139.99.232.135
http://185.255.114.63
dshu.xyz
theprofits.online
mail.dshu.xyz

# Reference: https://x.com/malwrhunterteam/status/1818242642515255645
# Reference: https://www.virustotal.com/gui/file/f59d4724b71561a571e0d03517ddbdcca1ea94b6544b5085c0c2811433813d8f/detection
# Reference: https://www.virustotal.com/gui/file/1b59c5f3eada33684b3466450690616e32efbd5c4ad037057ff150c13201839d/detection

103.248.61.237:8899

# Reference: https://x.com/malwrhunterteam/status/1818631140045210019
# Reference: https://www.virustotal.com/gui/file/0cdeecdaadc2850a3edee77d62e369cb5b640eac30da2a553a788b2953a568c6/detection

23.95.169.251:15621
hzkjabc.oss-cn-hongkong.aliyuncs.com

# Reference: https://www.virustotal.com/gui/file/6292b234cd9019c87a4056a0f5e9ac6924527a14cfbb55af6fd1eccde73db7a5/detection

100.28.171.91:8080
silentisvox.com

# Reference: https://www.virustotal.com/gui/file/c5282f9cfa7082a0f2796e7280f0fe17106e20cc78876b98706711221b8e549c/detection

181.215.135.141:32400

# Reference: https://x.com/malwrhunterteam/status/1840133793878806574
# Reference: https://www.virustotal.com/gui/file/4a203ac2139a5253c5d5d1f4e293cb965a4a71bb79ba1ad3f31a70d0f2d9e705/detection

ds0ap76pbrcdd.cloudfront.net

# Reference: https://x.com/cyb3rops/status/1842924869501276412
# Reference: https://www.virustotal.com/gui/file/69620e7c53c961b5be1c66716c1238a72be8039f8b42a2798dc2f4bf94fc02c9/detection
# Reference: https://www.virustotal.com/gui/file/06192c659f0d3d30d5c9cae994e2d323408212c9b1c34b96005a87f50c467325/detection

protopower.icu
bing.protopower.icu

# Reference: https://x.com/malwrhunterteam/status/1861744431738617927
# Reference: https://www.virustotal.com/gui/file/f24da117d1dba1a57ceb72308d5ca95cf05bcb4d7703beccb7f017a66af8def6/detection
# Reference: https://www.virustotal.com/gui/file/8cf02620232259a292546939d10d862f8485e52ff2035d8dfe13dac193cda8b0/detection
# Reference: https://www.virustotal.com/gui/file/151a5363fc588d02b5323baf1e9d778ee665fea7c7f26c0dc8336a3f8082ea58/detection
# Reference: https://www.virustotal.com/gui/file/077cef5c451328971b0982ee3132bb94d3c3b61ea944d8aa9a2cd8d291ed581c/detection

103.76.84.29:6280
103.76.84.29:7021

# Reference: https://github.com/TheRavenFile/Intel-Stories/blob/main/IOC%20Stories
# Reference: https://www.virustotal.com/gui/file/f0a3c1d44712277009abdb87f7f013e5f52cd9c1601566bcac980a7ae2dd8ede/detection
# Reference: https://www.virustotal.com/gui/file/134ef7be21da1bf756cc595ddd67b1caedda2ab4bb200ef9bbec5173aff7ffb1/detection

116.198.204.121:5000
116.198.204.121:8081

# Reference: https://x.com/JAMESWT_MHT/status/1865069372395450850
# Reference: https://app.any.run/tasks/98cf8c81-88da-4889-8a6b-199fb0ee5e5d
# Reference: https://www.virustotal.com/gui/file/7d85db4c15db793280a65ddf0f1713e88f62f0eb87f00a4b4b6c3431eff4ccb9/detection
# Reference: https://www.virustotal.com/gui/file/aa278fedf75ca629997113488d789e91f73a275575c22194c7bf7d59b30c9bc9/detection

badlarrysguitars.com

# Reference: https://x.com/JAMESWT_MHT/status/1865087073482358887
# Reference: https://x.com/karol_paciorek/status/1865006904981733866
# Reference: https://www.virustotal.com/gui/file/fc0548ade2bfc5da7bc754b8c05f88999cd51d9358f81ee7835dc9592a1ddc37/detection
# Reference: https://www.virustotal.com/gui/file/f247f3d4a34b8b2cec52dae3595a657a1f84e28c3a32717df415d08c6a5e9784/detection

111.90.143.115:3000
111.90.143.115:5001

# Reference: https://x.com/JAMESWT_MHT/status/1869712223918256423

mtclibraries.com

# Reference: https://www.virustotal.com/gui/file/43710524d5a6fabb7e3fb13be3bf69adeb3cbbd1992f8a42e0bb1beb5f9b6d67/detection

http://212.87.222.84
212.87.222.84:443

# Reference: https://github.com/hagezi/dns-blocklists/issues/5268
# Reference: https://www.virustotal.com/gui/file/0051e9ef07a06771cedc1599d0d1e6b904ea93984a9fd3ea9e8996abfe36e9cb/detection

dieserbenni.ru

# Reference: https://www.virustotal.com/gui/file/5285f8be4c2e0abd294648e0a02b2fd9e98542c3e4dc2dfe174fbadb7e1c1486/detection

h4ndl3r.vercel.app

# Reference: https://x.com/malwrhunterteam/status/1912481554762248616
# Reference: https://www.virustotal.com/gui/file/f9a06ed191537b8e4b7f412d5b4bcf4da0cfeb7097f6bf2a5d49b61325ea3b92/detection
# Reference: https://www.virustotal.com/gui/file/2cf283860ab62d38c276de49811eb72e647bd88aaf64faded6c9c2ce4cd8021b/detection

95.67.13.216:8443

# Reference: https://x.com/skocherhan/status/1913322074879242253
# Reference: https://www.virustotal.com/gui/file/f49f5fa26e7ee6a9ab36f89382caacf4512a30b76482bddcc29a1c8d5cf5bd0e/detection

redtiger.shop

# Reference: https://x.com/G60930953/status/1913772786146824423
# Reference: https://www.virustotal.com/gui/file/4e256572e001b76872074878f8ecd2be3f237c9b3a18d0059e2f4a3888579b5b/detection
# Reference: https://www.virustotal.com/gui/file/6721f5c45548b75af91526bf0afc83dd0017572453e3a37bd95b8b6ac98b9746/detection

eip.netask.workers.dev

# Reference: https://x.com/malwrhunterteam/status/1917495174566981685
# Reference: https://x.com/malwrhunterteam/status/1917496381062709423
# Reference: https://www.virustotal.com/gui/file/3eb1851c31a6b9834ff53c0acd6190f029d5018ee494fd4944b4c057c7aa7d9c/detection
# Reference: https://www.virustotal.com/gui/file/d672454b766bec37fd4e6473ed57dddeb5e4b2936cc9bdccee8869aa8da0614f/detection

212.162.155.42:4455
antreprenor.eu/wp-admin/start.bat
iverteh.hr/HRT-Opomena/HTV-Opomena.pdf.lnk
glamtex.com/NetworkService.exe

# Reference: https://x.com/Thisism23567356/status/1925174222768292142
# Reference: https://www.virustotal.com/gui/file/a81668b3d64b950208e811acd5b9c92075574183b3d42f237526748ad3e1c119/detection
# Reference: https://www.virustotal.com/gui/file/703278435a97d7c0dd3fe3362de2148101f6d2db370761ec3bbf6e292196658c/detection
# Reference: https://www.virustotal.com/gui/file/c2d38079174c01d19255ccdc0ef34488ec4997b18a5a73e3207bc30880d86c4d/detection
# Reference: https://www.virustotal.com/gui/file/5fd4f8459ba3eeea9c97718be3febc6ec0382043c51d13af5ab8409cf06d72b9/detection
# Reference: https://www.virustotal.com/gui/file/37fb087cade56f7c2c1441902077eeef35b555f0bad7c4b53dd94fd3a54f3a25/detection
# Reference: https://www.virustotal.com/gui/file/11311525e3c6497247500b616263aed3a2ad57296e0135675990782ef023a5c3/detection
# Reference: https://www.virustotal.com/gui/file/9513d78958f1ce15ca512e0e01b68fa3725e06ceff217f58ebbe450538f4c7f9/detection

fastdocumentshared.com
globalcopyrightalerts.com
musiccopyrightnotice.org

# Reference: https://x.com/marsomx_/status/1925126120099237993
# Reference: https://www.virustotal.com/gui/file/248a36071b83f7f98f8f87eed5beff1f4828eaa065b7a1fe63f0a525cb46ac88/detection

185.170.154.197:7645

# Reference: https://www.virustotal.com/gui/file/0517860a6dd13962059e3a3f621cef118bc507acaa86335dfb2211d199c9a5b7/detection

rtost.duckdns.org

# Reference: https://x.com/Officialwhyte22/status/1972901723413889324

http://94.130.85.211

# Reference: https://research.jfrog.com/post/check-your-socks-a-deep-dive-into-soopsocks-pypi/
# Reference: https://www.virustotal.com/gui/file/19e3cf29efe92608b95938816e809857baa158bf74237e1425e8ee5c69a274d6/detection
# Reference: https://www.virustotal.com/gui/file/cab9d3c35a38314ce6b7e49fc976a9fe3fe07dbee8eafe89913fa308798007bb/detection

14.54.173.214:6969
soop.space
install.soop.space

# Reference: https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
# Reference: https://www.virustotal.com/gui/file/aa0d3859d6633b62bccfb69017d33a8979a3be1f3f0a5a4bf6960d6c73d41121/detection

http://185.181.60.11
185.181.60.11:443
200.107.207.26:22
200.107.207.26:8808
