# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: smokeloader, retefe

# Reference: https://blog.malwarebytes.com/cybercrime/2018/01/fake-spectre-and-meltdown-patch-pushes-smoke-loader/

coolwater-ltd-supportid.ru
localprivat-support.ru
service-consultingavarage.ru

# Reference: https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html

killermansopitu.com

# Reference: https://www.fireeye.com/blog/threat-research/2018/06/rig-ek-delivering-monero-miner-via-propagate-injection-technique.html
# Reference: http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/

nhocbo.bit

# Reference: https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html

ukcompany.me
ukcompany.pw
ukcompany.top

# Reference: https://twitter.com/ViriBack/status/1045123124910592000

supremebiz.info

# Reference: https://twitter.com/ViriBack/status/1047664167010926593

haxmall.in

# Reference: https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

/js/metrology/jma.php

# Reference: https://twitter.com/Racco42/status/1097990743711461376

lzlgoy4b17sy5.com

# Reference: https://blog.fox-it.com/2019/03/27/psixbot-the-evolution-of-a-modular-net-bot/

5gssghhs2w.org
dvhwzq.ru
hdxaet.ru
hghwwgh6.info
jdcbhs.ru
kdcbst.ru
kkted54d.ru
si2113gher.com
vshmesz.com
vygxxhh.bit

# Reference: https://twitter.com/malware_traffic/status/1112776731331620865
# Reference: https://www.virustotal.com/gui/domain/taj.co.ug/relations

taj.co.ug
/xzcqefxa/index.php

# Reference: https://twitter.com/James_inthe_box/status/1118534516379803648

anotherblock.bit

# Reference: https://twitter.com/James_inthe_box/status/1120693994428567552

mynah505.com.kz

# Reference: https://otx.alienvault.com/pulse/5ccb14c894ed463151dcced4
# Reference: https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe

bizbhutanevents.com/wp-rss.php
kjkpropertysolutions.com/wp-rss.php
laserowakasia.pl/wp-rss.php
racyroyalcoin.com/wp-rss.php
thealtilium.com/wp-rss.php
ltro3fxssy7xsqgz.onion

# Reference: https://twitter.com/Antelox/status/1104350571430141952

3bbbccvomp5uhznz.onion
auybplpgam3c62tc.onion
hiv3dylycjbvgrxr.onion
m2pgzofn4w6ttgbb.onion
n6g66hecwbnf7bg4.onion

# Reference: https://twitter.com/peterkruse/status/1049669678086479877

jpxgaweyfdym5zv2.onion

# Reference: https://twitter.com/JaromirHorejsi/status/1017739363613102083

yzpayb4sqad7gnin.onion

# Reference: https://twitter.com/JaromirHorejsi/status/1106230909282541568

bozuniy4sgprvinf.onion

# Reference: https://twitter.com/JaromirHorejsi/status/816203736636915712

f3lrid44upxfgnbe.onion

# Reference: https://twitter.com/P3pperP0tts/status/1133502768935784448

thebotarmy.com

# Reference: https://twitter.com/_CPResearch_/status/1141080891529334784
# Reference: https://pastebin.com/gg4ni5Pm
# Reference: https://www.virustotal.com/gui/file/fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934/detection
# Reference: https://otx.alienvault.com/pulse/5d094cbf85df945a77c3fa45
# Reference: https://research.checkpoint.com/2019-resurgence-of-smokeloader/
# Reference: https://otx.alienvault.com/pulse/5d24b44109756f4227d75025

babolgum.icu
esupdate.icu
fileboard.live
mypromo.online
skcalladhellormi.xyz
vinomag.pw
alltest-service012505.ru
besttest-service012505.ru
biotest-service012505.ru
clubtest-service012505.ru
domtest-service012505.ru
infotest-service012505.ru
kupitest-service012505.ru
megatest-service012505.ru
mirtest-service012505.ru
mostest-service012505.ru
mytest-service01242505.ru
mytest-service012505.ru
newtest-service012505.ru
proftest-service012505.ru
protest-01242505.tk
protest-01252505.ml
protest-01262505.ga
protest-01272505.cf
protest-01282505.gq
protest-01292505.com
protest-01302505.net
protest-01312505.org
protest-01322505.biz
protest-01332505.info
protest-01342505.eu
protest-01352505.nl
protest-01362505.mobi
protest-01372505.name
protest-01382505.me
protest-01392505.garden
protest-01402505.art
protest-01412505.band
protest-01422505.bargains
protest-01432505.bet
protest-01442505.blue
protest-01452505.business
protest-01462505.casa
protest-01472505.city
protest-01482505.click
protest-01492505.company
protest-01502505.futbol
protest-01512505.gallery
protest-01522505.game
protest-01532505.games
protest-01542505.graphics
protest-01552505.group
protest-02252505.ml
protest-02262505.ga
protest-02272505.cf
protest-02282505.gq
protest-03252505.ml
protest-03262505.ga
protest-03272505.cf
protest-03282505.gq
protest-05242505.tk
protest-06242505.tk
protest-service01242505.ru
protest-service012505.ru
rustest-service012505.ru
rutest-service01242505.ru
rutest-service012505.ru
shoptest-service012505.ru
supertest-service012505.ru
test-service01242505.ru
test-service012505.com
test-service012505.eu
test-service012505.fun
test-service012505.host
test-service012505.info
test-service012505.net
test-service012505.net2505.ru
test-service012505.online
test-service012505.org2505.ru
test-service012505.pp2505.ru
test-service012505.press
test-service012505.pro
test-service012505.pw
test-service012505.ru.com
test-service012505.site
test-service012505.space
test-service012505.store
test-service012505.su
test-service012505.tech
test-service012505.website
test-service012505.xyz
test-service01blog2505.ru
test-service01club2505.ru
test-service01dom2505.ru
test-service01forum2505.ru
test-service01info2505.ru
test-service01land2505.ru
test-service01life2505.ru
test-service01plus2505.ru
test-service01pro2505.ru
test-service01rus2505.ru
test-service01shop2505.ru
test-service01stroy2505.ru
test-service01torg2505.ru
toptest-service012505.ru
vsetest-service012505.ru

# Reference: https://twitter.com/James_inthe_box/status/1144917655503040515

zeronde.in

# Reference: https://twitter.com/James_inthe_box/status/1148406371265593344

http://51.91.19.20

# Reference: https://twitter.com/malware_traffic/status/1090366374772383745

youlifesucks.life

# Reference: https://twitter.com/marcos_alvares/status/1158680329881882625

jok3r5.pw
ktngb33.pw
l0vew1n5.xyz

# Reference: https://twitter.com/nao_sec/status/1162581586644070400
# Reference: https://app.any.run/tasks/09dd4638-ca3f-4649-bc37-a5a452070083/
# Reference: https://twitter.com/tkanalyst/status/1162733635679617025
# Reference: https://app.any.run/tasks/9b3c4d44-2996-470e-be96-ce7ae94fa8cd/

advertserv99.club
ezstat.ru
gougounu.site
mailadvert2551mk29.club
popadvert.world
sdstat9551as4.club
statexadvert.club

# Reference: https://malwarebreakdown.com/2017/07/24/the-seamless-campaign-drops-ramnit-follow-up-malware-azorult-stealer-smoke-loader-etc/

zabugrom.bit

# Reference: https://twitter.com/i/status/1164236292407742464
# Reference: https://app.any.run/tasks/77a62614-4e5b-4e31-8a42-2238b3911194/

vilamax.home.pl
son0fman.pw

# Reference: https://twitter.com/nao_sec/status/1165997780675874816
# Reference: https://app.any.run/tasks/76f63a44-e603-43bf-8288-d9e01addcdba/

btcseller.club
zxtds.world

# Reference: https://twitter.com/tkanalyst/status/1170688633172443139
# Reference: https://app.any.run/tasks/fd9a41e5-4768-4ab0-afd3-83988feb49c8/

advertserv25.world

# Reference: https://twitter.com/peterkruse/status/1171685525377495040
# Reference: https://twitter.com/tkanalyst/status/1173068957386866688
# Reference: https://pastebin.com/kZVikTtP
# Reference: https://www.virustotal.com/gui/ip-address/5.101.181.35/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.25.50.148/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.25.50.163/relations

advertland.net
advertmex.world
advertserv25.world
advertserv99.club
advexmai42dn.world
advexmail23mn.world
advexmail2551.club
advexmail255143x.club
advexmail2551fc7.club
advexmail270711.club
dsmail95.xyz
dsmailx9547.xyz
ecmero.com
fdmail70.club
griffintech.ru
kxserv65.club
kxserv652.club
kxservx6527.club
mailadvert17dt.world
mailadvert19.world
mailadvert2551.club
mailadvert2551zx1.club
mailadvert5917dx.world
mailadvert917dx.world
mailserv1551.club
mailserv1551ex97.club
mailserv1551kx3.club
mailserv171.club
mailserv7.club
mailserv75.com
mailserv85m.world
mailserv93fd.world
mailstat55.club
mailstat557.club
mailstatx5577.club
mextes.com
popadvert.world
sdstat901511.club
sdstat9551.club
sdstat955192rv.club
sdstat9551as4.club
sdstat9551pm3.club
sdstat95xz.world
sdstat97tp.world
serverupdate7.world
starserver45.world
starserver4551.club
starserver4551mx2.club
starserver715km.world
starserver75ms.world
statexadver32s.world
statexadver35111.club
statexadver3552.club
statexadver3552ap93.club
statexadver3552mn12.club
swissmarine.club
zel.biz
(advert|advertmarin|advertpage|advertserv|advertstar|advertstat|advertstex|advexmai|aqstarserver|\w{1,3}xspot|blogserv|bstarserver|cmailad|cmailadvert|dgxxstarserver|gmailadvert|htdserv|cmailserv|dsmaild|fdmail|kmailserv|kstarserver|kxserv|kxservxmar|mailadvert|mailserv|mailsmall|mailstat|nadvexmail|pmadvert|psxadvexmail|pstarserver|pzlkxadvert|pzfdmserv|rmailserv|rstarserver|rexstat|rexspot|sdstat|servicem|serverupdate|smantex|starserver|statexadver|starxpush|txmvazmrserv|txmvpltadvert|txmvgbnserv|xzlkmcserv|zmailserv|zvwxadvexmail)[0-9][0-9a-z]+\.(com|club|world|xyz)

# Reference: https://www.virustotal.com/gui/file/b1b974ceee5968a8453e015356edfded1e9dcba5dda50320f78abf24a4a3e0dd/relations

195.201.161.25:2012

# Reference: https://twitter.com/benkow_/status/1164894072580071424

rollansdx.icu

# Reference: https://github.com/silence-is-best/c2db#smokeloader

thankg1.org

# Reference: https://app.any.run/tasks/59bf16be-0c99-43f7-954c-94f952f5eb84/

blogserv27.com

# Reference: https://twitter.com/OttoScav/status/1189220259842187264

careandhelporganization.co.ug

# Reference: https://twitter.com/James_inthe_box/status/1197128315519193088

manikurshoping.ru

# Reference: https://twitter.com/wwp96/status/1206660123256655874

dill10n1.pw/tg/

# Reference: https://twitter.com/James_inthe_box/status/1207417534103732224
# Reference: https://app.any.run/tasks/0d1e9add-f1bc-4387-9bb9-e9fa67f393f6/

jungl35.pw

# Reference: https://twitter.com/kyleehmke/status/1209107746437652480

cloudfront365.com

# Reference: https://twitter.com/James_inthe_box/status/1084282526649147392

fribola.com
mailcdn-office365.io
rocket365.to
update-vmware-service.com

# Reference: https://twitter.com/nao_sec/status/1212931538658004994
# Reference: https://app.any.run/tasks/929d4bd2-2442-45c7-8662-88affaa43cea/

054-235-2465.com
234-25-23-423.com
3053-325-43-253.com
324-23-32432.com
35-23-4532-34.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1217739290270191616
# Reference: https://app.any.run/tasks/2d3d98af-5fcd-4bb0-b0c2-b1fbb09175a4/

kinokritikboss.ru

# Reference: https://www.exposedbotnets.com/2017/10/bookwormsbiorhythmtopsmoke-loader.html

bookwormsbiorhythm.top
charlesadvanced.top

# Reference: https://twitter.com/killamjr/status/1221505288194232320
# Reference: https://app.any.run/tasks/2fa282b6-3e39-49c6-b642-20c8e979d218/

j5cool.xyz

# Reference: https://twitter.com/JayTHL/status/1222384280057319427

troubleshootingasaservice.com

# Reference: https://twitter.com/tkanalyst/status/1225614413350064129
# Reference: https://app.any.run/tasks/ba7e7df3-5eca-4c97-89b6-ddc54f358c36/

chuam365.site

# Reference: https://twitter.com/James_inthe_box/status/1228084030853173248
# Reference: https://app.any.run/tasks/791ddd7b-8e65-461a-9b36-2a023a01e81b/
# Reference: https://app.any.run/tasks/78da8635-9460-45b9-a386-39408008de10/

wdifsdf9820.site
wdifsdf9820.xyz

# Reference: https://pastebin.com/inmdCbi1

soapstampingmachines.com/a2/
soapstampingmachines.com/a/
mac-pro.it/1/

# Reference: https://twitter.com/nao_sec/status/1231149711517634560
# Reference: https://app.any.run/tasks/f1cf470c-ae7e-4831-bc2a-d845a6e616a2/
# Reference: https://www.virustotal.com/gui/file/6f545b2b4503530d6c7df25150a9d68f192b078410086a6073a72c34d3b5f0ea/detection

huivaritaslloa.info
infinitydeveloperspes.info
unverifiedintigoosjai.info

# Reference: https://twitter.com/nao_sec/status/1239137537328701442
# Reference: https://app.any.run/tasks/72580d88-98c9-4495-8321-27f0f6763a2c/

bakery365sawamura.website
offwhiteoallrightou.today

# Reference: https://twitter.com/nao_sec/status/1244567558499389440
# Reference: https://app.any.run/tasks/29d5e021-b083-4316-a9b0-5ad0669f1f39/

bealkian.today
ferymspaniumryou.today
tophundretgoods.today

# Reference: https://app.any.run/tasks/964e4bb8-5a59-496b-9fa8-c3799b6f687e/

ferymspaniumryou.today
sumrachnorber.agency
seamseamnim.today
ruffsdf.today
stopcfams.today
buchxuchsd.agency
girlaina.fun

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

cleancleankkl.net
ghjk78kjhb.net

# Reference: https://twitter.com/FaLconIntel/status/1255665102264528898
# Reference: https://app.any.run/tasks/3f461626-f5e7-4a6c-8b5b-f517bb5619e2/

165.22.96.155:3719
as-1.9hits.com
as-2.9hits.com
as-3.9hits.com

# Reference: https://exchange.xforce.ibmcloud.com/url/hfgfr56745fg.com/admin/gate.php

hfgfr56745fg.com

# Reference: https://www.virustotal.com/gui/file/016f95ec4da0bfd09781714004240abb4f79092b697ae3f3a0868dbfc68f7bf1/detection

45.142.214.39:2012

# Reference: https://www.virustotal.com/gui/file/3be335c997727ae7458ab4ef38892059f9331bc30d48cc8f2d601a517f24899f/detection

193.187.175.34:2012

# Reference: https://twitter.com/reecdeep/status/1268489894306942976
# Reference: https://twitter.com/3rg4f4/status/1268470579541221377

agenciatributaria.site
transvil2.xyz
utenti.info
utenti.live

# Reference: https://twitter.com/reecdeep/status/1269911390141190144

flablenitev.site
lendojekam.xyz
lgrarcosbann.club
lpequdeliren.fun

# Reference: https://app.any.run/tasks/0f097295-2483-45fe-9e64-a55ca8033cb5/
# Reference: https://app.any.run/tasks/fabf6492-1583-4a83-8f7f-d1b9539d9a7c/
# Reference: https://www.virustotal.com/gui/domain/stoknolimchin.exnet.su/relations
# Reference: https://www.virustotal.com/gui/file/2e692927e6d8f711a6ab79e0b5cba6fd6608bfaa43415f1c634119bd296581d6/detection

bteyryeuliliezya.website
dilitainfstezya.website
etasuklavish.today
grammmdinss.today
iizminsaosgstezya.website
isemnisdsidfnstezya.space
kimchinikuzims.today
kimonodridstezya.website
kstlaspodastezya.space
kvkukodasstezya.website
lupadypa.dagestan.su
mragyzmachnobesdi.today
musaroprovadnikov.live
mvodicascdstezya.space
nastyagatezya.website
pikabysapindsstezya.website
roompampamgandish.wtf
skkrapchikuhdncstezya.space
slacvostinrius.today
stobikosdmstezya.website
stoknolimchin.exnet.su
stolkgolmishutich.termez.su
straponuliusyn.today
teemforyourexprensiti.life
viprasputinsd.chimkent.su
yptututdrfezya.website

# Reference: https://www.virustotal.com/gui/file/5bc98c9ee4c28735ed4e72d0b7e03aa824c17716d965b7b07c33a9629ef95335/detection

etasuklavish.today
grammmdinss.today
kimchinikuzims.today
lupadypa.dagestan.su
mragyzmachnobesdi.today
musaroprovadnikov.live
slacvostinrius.today
stoknolimchin.exnet.su
straponuliusyn.today
viprasputinsd.chimkent.su

# Reference: https://pastebin.com/5QKdKvZH

bblkatozainastezya.pet
bteyryeuliliezya.website
bzfdrtadestezya.abkhazia.su
dadadlodddstezya.space
dilitainfstezya.website
drandugaosissstezya.today
glovesddstezya.adygeya.su
iizminsaosgstezya.website
isemnisdsidfnstezya.space
kimonodridstezya.website
korybaxaya.today
kstlaspodastezya.space
ktxuentostsstezya.abkhazia.su
kvkukodasstezya.website
lambadadndstezya.adygeya.su
lgpakistandstezya.adygeya.su
mariusanna.live
mvodicascdstezya.space
nastyagatezya.website
olvnedorogocsnstezya.space
pcdakirgistanddstezya.adygeya.su
pikabysapindsstezya.website
promolniyaropsstezya.space
rastrirovaldrttezya.website
rdododopizzaarstezya.red
rumndadstezya.adygeya.su
semenoavsya.today
skkrapchikuhdncstezya.space
smkladryginichedkezya.today
sstempossdstezya.abkhazia.su
steplerstezya.today
stobikosdmstezya.website
vislouxoasstezya.pet
yptututdrfezya.website

# Reference: https://app.any.run/tasks/d87258f6-f4a5-426e-b6b7-addfe1a490e9/

4ermanderezya.website
bteyryeuliliezya.website
etasuklavish.today
grammmdinss.today
ihglassdzya.website
kimchinikuzims.today
klasgindtezya.space
kmileronurzya.website
lupadypa.dagestan.su
mikluhasya.website
mragyzmachnobesdi.today
musaroprovadnikov.live
pikabyatezya.website
riserdfnstezya.space
rufinurtdrfezya.website
slacvostinrius.today
stoknolimchin.exnet.su
straponuliusyn.today
streptokokusstezya.space
ticketbonus.fun
viprasputinsd.chimkent.su

# Reference: https://www.virustotal.com/gui/domain/swxadvexmail19mn.xyz/relations

swxadvexmail19mn.xyz

# Reference: https://twitter.com/MBThreatIntel/status/1277749661676126209

adexhangetomatto.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1282950881273696259
# Reference: https://twitter.com/malwrhunterteam/status/1247931172811874305
# Reference: https://app.any.run/tasks/2e7abcd4-e6e1-4523-85c8-51db9134ebfa/
# Reference: https://app.any.run/tasks/15f42296-0d96-4536-a255-04105ec7339d/
# Reference: https://www.virustotal.com/gui/file/d3c075c5c6d9c6e8fcfda4a408c5bd8f5fc4c6ff6acf339293c50f72f89f585f/detection

amfibiyapolyakova.com
crocopexpire.ug
informatioshopname.ru
opetileon.ru
scproducts7.ru
siciliyaopartion.ru
yamaha.ug

# Reference: https://www.virustotal.com/gui/file/0dc377b173e5f1379ec75b49e2cb4c62872c36bf01958bf31070c37b5fd6e2c3/detection

10022020newfolder33417-01242510022020.space
10022020test146831-service1002012510022020.space

# Reference: https://app.any.run/tasks/024fa218-732d-40e7-b5f1-3b297935f57e/

rururmask4ermanderezya.website
rururmaskbteyryeuliliezya.website
rururmaskihglassdzya.website
rururmaskkmileronurzya.website
rururmaskkmoderatordstezya.website
rururmaskmikluhasya.website
rururmaskpikabyatezya.website
rururmaskprikchinhdncstezya.space
rururmaskriserdfnstezya.space
rururmaskrufinurtdrfezya.website
rururmasksilkavayssstezya.website
rururmaskstreptokokusstezya.space

# Reference: https://twitter.com/theDark3d/status/1294668801804468225
# Reference: https://www.virustotal.com/gui/file/b0f84f98fc1876b73c07fb048b7d2e069b862de7ab004c1afb0a2ab1edfe43f4/detection

44youtuubering.net
7ui3n2rezz.top
advertxman7x.xyz
advstat70.host
apicsserver.pro
atxspot20.xyz
atxspot20x.xyz
autogrant.pw
bankshopstars.xyz
bankshopstars34321.net
bepargotunhis.host
bingooodsg.icu
cnock.net
cnock.xyz
cnocks.net
cs-top-gs.xyz
custom100.ru
darikita.xyz
dermasfannyer.top
dexspot2.xyz
dexspot2x.xyz
dill10n1.xyz
dsmail977sx.xyz
dsmaild544x.xyz
dunujilis11r.net
dupavstrane.ru
elysium-inc.net
eseruuynli2.net
exvirnani.party
exvirnani.review
eyazadenong.net
fdmail85.club
ferelomantirisp.ru
fthryaus.art
gameonfagpsf.pw
gdemesto6699.ru
ghjuytr33r.net
googchrom.xyz
gretianopelletua.top
gtres.icu
halyavapridi.top
hehasdoneit.xyz
hewilldoit.xyz
hissscomplacence.icu
honeyindoc.ru
humann.art
ilabbjjpbdzij.xyz
ilabjmhrrygwf.top
ilabonjsnmwiy.top
ilaboqbdeqwem.xyz
ilabxctzzcbtw.top
iluiloinu.net
indamixtuy.net
io90s8dudi.xyz
jelie.host
junntd.xyz
justinbiberpiror.net
kiselsbulkoycafe.ru
kloverfilderild.today
lidbalkanostor.ru
liufuturist.top
llpcompany.info
lorriesconcomitant.icu
manicord.top
mbadanewyear24ngozi.xyz
migyno.party
missidiowi.xyz
mossvivoweb.ru
nabudar.top
natuturalistic.net
newestthings.guru
nonecryptasul.top
notfortuaj.net
novactistoncklinkerv.xyz
nukaraguasleep.net
nulikuliey.net
onlineanddirect.info
oohdojssks9uf.net
pecunia777.at
petrandu.xyz
ploernysannyer.top
protest-0130.net
protest-0132.biz
protest-0140.art
protest-0143.bet
protest-0145.business
protest-0147.city
protest-0151.gallery
protest-0153.games
protest-0154.graphics
protest-0155.group
pukupoko.top
rebnunino.net
reccx92ifjwj.xyz
renulistikass.net
restaurantzakromarodiny.ru
rexspot7x.xyz
rexstat35x.xyz
rexstat35xm.xyz
robotdogtech.ru
selebtiti.net
seostatistikanalyze.xyz
seostatsmicron.xyz
septembexisecel.ru
servicem977x.xyz
servicem977xm.xyz
shopmarketbase.xyz
somatedsedse.host
starxpush7x.xyz
statsseotraff.xyz
stoppmanssguy.today
taneymci.icu
teatroprodakshn.today
test-service01.net
test-service01.press
test-service01.xyz
tommuikirtyur.top
tommyjeansforyou.today
tuyuop44cu.top
ulicamoiavdolidorogidoma.top
uyuduninast.top
venosur.top
vinder55.monster
vinimaxcopy.ru
xpom.icu
xsss99.icu
yuliyaworkinghere.ru
zanimalko78.ru
zaniolofusa.net
zaversheniegoda.ru

# Reference: https://www.virustotal.com/gui/file/f5c1762f7b2e62540ed3340f3550844d6dd36e8f3c60f0e623cdbaca440944c7/detection

dgxxstarserver17km.xyz
psxadvexmail19mn.xyz

# Reference: https://www.virustotal.com/gui/file/0687165c7a9b105319ada7d1ea051a4852a5b2f32c81a322e6af98d0db9d9257/detection

htdserv985.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1300780509572857858
# Reference: https://bazaar.abuse.ch/sample/ad3bb3f26289dc46ab58afb6cdf67ca9a256519fd9d087a418f849f9bcb78c25/

dogewareservice.ru

# Reference: https://www.virustotal.com/gui/file/0d261d63162d4087a82d1f67012c781cc0aaa05fbe801566f9bffa8d23981736/detection

98iudjsandsas.info
dksjdhsjda89j.info
oi2jidsdjsdd.info

# Reference: https://blog.malwarebytes.com/social-engineering/2020/09/malvertising-campaigns-come-back-in-full-swing/
# Reference: https://otx.alienvault.com/pulse/5f59270f9f09e5c82665a7b3

2831ujedkdajsdj.info
928eijdksasnfss.info
adexhangetomatto.space
bumblizz.com
canadaversaliska.info
chinadevmonster.top
dkajsdjiqwdwnfj.info
einlegesohle.com
encelava.com
intica-deco.com
krostaur.com
leiomity.com
surdised.com
uneaskie.com
websolvent.me

# Reference: https://app.any.run/tasks/cafe9b8b-03a7-41b3-854d-c21c67129fa9/

adexhangejuicyads.website

# Reference: https://app.any.run/tasks/991ee0d9-3989-486a-9b52-7a5c27dd315f/
# Reference: https://www.virustotal.com/gui/file/121143554df56a27877ea26c1a11bf2ca52334a76c563e6aa5408898ff35d521/detection

douyogads.xyz
etasuklavish.today
kimchinikuzims.today
line-mme.xyz
mragyzmachnobesdi.today
realy-chat.online

# Reference: https://twitter.com/Racco42/status/1313893751631368193
# Reference: https://app.any.run/tasks/1d9e80ef-ad3c-49a6-9df7-b4fc70ff412e/

gmbshop.ru
informatioshopname.ru
ucar.ug
ukronet.ru
wopropertyhomane.xyz

# Reference: https://www.virustotal.com/gui/ip-address/91.240.87.148/relations

explorupdate.xyz
updateexpplore.xyz

# Reference: https://www.virustotal.com/gui/file/724ce0d8ca978f9bb9004c2252fb51b44f96c87721d68582ec67268cbd8f13a5/detection

applediscussions3827.top

# Reference: https://www.virustotal.com/gui/file/70c2409fd7dc5e597a928f76e4f575adc2c37d73ee3eaee4dfa4081029218c93/detection

x-100new.com

# Reference: https://www.virustotal.com/gui/file/e12feee342a5b7d3e7b57d7dd4842b9c39f660525ae952c81acb6560e01f91f6/detection

goo0g2.xyz
j-20.best
japan-semui.xyz

# Reference: https://www.virustotal.com/gui/file/22618c273f6a28b18d6fd38b709371a415c6c61e424ca0b82b97870df78cfce5/detection

bankshopstars34321.com

# Reference: https://www.virustotal.com/gui/file/c0391f2d0673bc46b3e6de957545650a5f304a0b4b7d6560a733bf92ffd47102/detection

advert95.xyz
pmadvert70.xyz
rexspot7.xyz
zvwxadvexmail19mn.xyz

# Reference: https://www.virustotal.com/gui/file/468be88fa01e1a33af3db76c32051845e0560a264087a33c21ea63b7b9b31a1c/detection

masterrmaskkapsulrttezya.ru
real-chat.club

# Reference: https://www.virustotal.com/gui/file/91647ac947d5d5d3a0dc69e98070bfc2f9841d7839b579d69c524b02869a497f/detection

sm15sdsd.xyz

# Reference: https://twitter.com/pancak3lullz/status/1325834533934133248

rexspot7xm.xyz
txmvazmrserv194.xyz
txmvpltadvert275.xyz
txmvgbnserv639.xyz

# Reference: https://www.virustotal.com/gui/file/481f6865b6aea3558691e45e7c1de5d3d742a30a06cd4091c6af660b8ad9bf1d/detection
# Reference: https://www.virustotal.com/gui/file/eead77418d69043a8a2aff74fff2292890bca6d6cd26140800f1041f87867452/detection

36193378665f085b.club
56330638d76e1c9b.club
7139e7c222390629.xyz
range6d109e83.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1329783380305653767
# Reference: https://bazaar.abuse.ch/sample/cb76c19c178a71a5115ee308b51de416255de06d4e8226fdda8e59275a519c14/
# Reference: https://www.virustotal.com/gui/file/cb76c19c178a71a5115ee308b51de416255de06d4e8226fdda8e59275a519c14/detection
# Reference: https://www.virustotal.com/gui/file/255e2f5a73623eeada2438de7fe335e2ff3d3e56038da9d457d53770c6f62dba/detection
# Reference: https://www.virustotal.com/gui/ip-address/8.208.96.47/relations

akreusus2m.top
bonalore.top
cdncachefiles.top
manustor.top
memebia.top
memedonu.top
penotrona.top
perucant.top
ronerd.top
securityboulevard.top
treshmendklu.top
turaconte.top
webportaal.top

# Reference: https://twitter.com/FaLconIntel/status/1331245624797392898
# Reference: https://app.any.run/tasks/aeb0c845-5768-43e5-b490-db080cc23151/
# Reference: https://www.virustotal.com/gui/file/8afc2dd7267bbf83a46549f4e7731f6473610c33bc9ee41b4dd0b994c3a29473/detection

http://95.217.27.240
deutchlanddreaam.xyz
etasuklavish.today
kimchinikuzims.today
melt-asleeps.xyz
mragyzmachnobesdi.today
siberiarrmaskkapsulrttezya.ru
slacvostinrius.today

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/02/domen-toolkit-gets-back-to-work-with-new-malvertising-campaign/
# Reference: https://www.virustotal.com/gui/file/1a91b2a3a252554842de875c89f6eee105bc419d7e32d3a5c9f0f9078780ab30/detection

junsga.com
vgerkisv.com
vuterfaste.ru
vuterfaste.shop

# Reference: https://www.virustotal.com/gui/file/26475ff6c9e4f4491448d66fb97cc70ed9379587d65903ab525f0d8eed1f2930/detection

kayumina.ru

# Reference: https://www.virustotal.com/gui/file/be6d388bf9884d9c73bab12fae60cd8bcab27d1c16d85473cc029f18f21a4e05/detection

195.189.96.150:4044
pzlkxadvert475.xyz
xzlkmcserv437.xyz

# Reference: https://www.virustotal.com/gui/file/1970b8ddf7c86fbc5cba4d7a0458daefb194e1a7fe91c5b415bf07c13c61e0e2/detection

78.47.43.35:4044
pzfdmserv275.xyz

# Reference: https://pastebin.com/H0m0CHy6

5.101.191.51:2012
advertstar85.com
kstarserver17km.club

# Reference: https://app.any.run/tasks/d5809e95-3a8f-4609-880d-b5f4fc8eaa5e/

dolsggiberiaoserkmikluhasya.chimkent.su
dolsibegriaosersk4ermanderezya.chimkent.su
massidfberiatersksilkavayssstezya.ru
rdosdripakloserikabyatezya.chimkent.su
ripakteenrufinishryeuliliezya.ru
rufinisrufripakhmileronurzya.ru
rufislomnishsripakerdfnstezya.adygeya.su
rufiteemnisripakhglassdzya.ru
rurugyrfripakinishtokokusstezya.ru
rusddripakoloserufinurtdrfezya.chimkent.su

# Reference: https://www.virustotal.com/gui/file/186783b2a9a06fb88c30abd5bf632737e671130a10a3717fcc80c0a6a27e932b/detection

cncode.pw

# Reference: https://twitter.com/malware_traffic/status/1357838284181942273

teachmeforlife.com

# Reference: https://twitter.com/James_inthe_box/status/1362872983652499456
# Reference: https://twitter.com/James_inthe_box/status/1362877178929500160
# Reference: https://app.any.run/tasks/f8cf1335-3d10-43fb-8be1-07351095cee3/

main21.site
main21.space
main21.xyz
/adm2021/gate.php

# Reference: https://www.virustotal.com/gui/file/4135ad4d01cf12dd881e7c2cd18d6c5b1c4b10fc4975ac4db7c74a661af0b0c4/detection

olobus.casa
trusho.online

# Reference: https://app.any.run/tasks/9d49cf88-ea20-444c-b849-b01aa84f6b7e/

etasuklavish.today
mragyzmachnobesdi.today
kimchinikuzims.today
straponuliusyn.today
slacvostinrius.today

# Reference: https://twitter.com/gorimpthon/status/1367114234992025602
# Reference: https://app.any.run/tasks/84f5993d-12a8-4d3d-a106-df5ea3442c19/

cfsmarthome.net/1/

# Reference: https://www.virustotal.com/gui/file/f5448e60bc7429b32f402691f2e7168fd931e78e88de9948e1b4af0bd9910329/detection
# Reference: https://www.virustotal.com/gui/file/502ce2c7e598c46b3ce22e24dbbdce07042b2d6e63f8ffc08c8940f3845b8356/detection

jelliousbrain.xyz
mightydollars.xyz
moneyom.xyz
musicislife.xyz
powerinserts.xyz

# Reference: https://twitter.com/ANeilan/status/1374724684508508167
# Reference: https://twitter.com/ffforward/status/1374734692033966082

faleyouind.xyz
telegram-us.com

# Reference: https://twitter.com/nao_sec/status/1375465237902553090
# Reference: https://app.any.run/tasks/4b4870d4-4290-4b65-9287-9e2e77db9f52/

ankltrafficexit.xyz

# Reference: https://www.virustotal.com/gui/file/57290220f611832cbc11c8b6d4929f1dcb585cb5a4c1b2833dca53c04fe072ba/detection

gotanda-clinic.xyz

# Reference: https://www.virustotal.com/gui/file/6a19690c18bd40cd820d719d6b3ee7d5eca1bbd8304cb6066f9d370b6177ab6e/detection

fuck00001.com
fuck00001.info
fuck022551.ru
zoa5533.xyz

# Reference: https://twitter.com/r3dbU7z/status/1385904261435887616
# Reference: https://www.virustotal.com/gui/file/364bcd3b0a74ff15848f1e2c286922fb84ac88a85785e7821544b0539f4e1ff9/detection

al-commandoz.com
antalya-belek.com
luxurysv.com
massagespijkenisse.com
rexgorellhondaevent.com

# Reference: https://twitter.com/Racco42/status/1387328400340180993
# Reference: https://tria.ge/210428-c6yb8kb1ga
# Reference: https://www.virustotal.com/gui/file/4fd71cc36bffa3a5bd4298132dd4aa1a1fda84fb15b691145477050cff010c5d/detection

alfavanilin.ru
autopartswarehouses.ru
baksproperty.gov.ug
citycapproperty.ru
gmbshop.ru
magistralpsw.ru
memoloves.ru
mpmanagertzz.ru
powerglasspot.ru
smbproperty.ru

# Reference: https://www.virustotal.com/gui/file/982c311fe3706744ee5f13e377ff92710385d79eb7287183205f94bd2a05418d/detection

hostunes.info

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

kossnew.com

# Reference: https://www.virustotal.com/gui/file/2c9fdd0b15c5aa905d18cb1e65c5a62bc993065aa56213bbacf2bfc9c3fda4e2/detection

zysbpt.com

# Reference: https://www.virustotal.com/gui/file/abbfe8661c41b59ea96923ef83d26263ef766ebd113be39305f275e136d7aead/detection

atxspot20cx.best
dexspot2cx.club

# Reference: https://www.virustotal.com/gui/ip-address/45.11.19.100/relations

tnxvazmrserv194.xyz
tnxvfdmserv275.xyz
tnxvgbnserv639.xyz
tnxvhtdserv985.xyz
tnxvlkmcserv437.xyz
tnxvlkxadvert475.xyz
tnxvmtxserv437.xyz
tnxvpltadvert275.xyz
tnxvskdfadvert329.xyz
tnxvvncadvert549.xyz

# Reference: https://www.virustotal.com/gui/file/47ad8b99041cd1e47e27256a0e9fdd6dd239debd8f64b10d74a12577c311783c/detection

austinfam.xyz
sausklarnl.xyz

# Reference: https://www.virustotal.com/gui/file/3a6b7c80b96f8fb46d7a38fb527087a643cd4dd3ba2fd6e627484eb2aeb1bf80/detection

ezcube.ru

# Reference: https://www.virustotal.com/gui/file/80f93e9a5c8b08d8041a122ddb066da33a1975a876cd94a6af4b20679ded2ec6/detection

counterpros.online
tesorak.ru

# Reference: https://twitter.com/pollo290987/status/1404358946819878912

howdycash.com
kpotiques.com
lahuertasonora.com
mebbing.com
ppcspb.com
twcamel.com

# Reference: https://twitter.com/pollo290987/status/1415925808766623744

conceitosseg.com
finbelportal.com
integrasidata.com
ozentekstil.com
telanganadigital.com

# Reference: https://www.virustotal.com/gui/ip-address/213.252.245.62/relations

advexmail893s.world
sdstat320d.com
sdstat320d.world

# Reference: https://tria.ge/210731-pdc5qrte6n

escalivrouter.net
netomishnetojuk.net
nick22doom4.net
nusotiso4.su
nusurtal4f.net
palisotoliso.net
rickkhtovkka.biz
wrioshtivsio.su

# Reference: https://www.virustotal.com/gui/file/0969327fda05101320538ec7c3df4ca3a024fdffc9ff58bcf5570a0960bd9df7/detection

netvxi.com
vtdilet.com
tinnys.monster

# Reference: https://www.virustotal.com/gui/file/68518a8fb724eac960721da1f3fd80718ca30964476872c8937daff2ff5d4d32/detection

defeatwax.ru
refabyd.info

# Reference: https://www.virustotal.com/gui/file/4d78cef5385d944a3f7f27d262018327ad84cab37112961070056f2579d37c7f/detection

vandoreik.com

# Reference: https://twitter.com/1ZRR4H/status/1460576019597991946

jeevanpunetha.com
membro.at
misipu.cn
targiko.ru
vues3d.com
zavodooo.ru

# Reference: https://www.silentpush.com/blog/privacy-tools-not-for-you

privacy-tools-for-you-777.com
privacy-toolz-for-you-3000.top
privacy-toolz-for-you-403.top
privacy-toolz-for-you-404.top
privacy-toolz-for-you-5000.top
privacy-toolz-for-you-502.top
privacy-toolz-for-you-503.top
privacytools-for-you3000.xyz
privacytools1234foryou.xyz
privacytoolsforyou.xyz
privacytoolsforyoufree.xyz
privacytoolz123foryou.club
privacytoolz123foryou.top
privacytoolz123foryou.xyz
privacytoolzfor-you5000.top
privacytoolzfor-you6000.top
privacytoolzfor-you7000.com
privacytoolzfor-you7000.top
privacytoolzforyou-5000.top
privacytoolzforyou-6000.top
privacytoolzforyou-7000.com
privacytoolzforyou-7000.top
privacytoolzforyou.xyz
privacytoolzforyou5000.top
privacytoolzforyou6000.top
privacytoolzforyou7000.top

# Reference: https://www.virustotal.com/gui/file/0adcdd7612a39e133675c677f72fd5a76e8597b59338e43ff5263f45af6d2a2a/detection

privacytools-foryou777.com

# Reference: https://twitter.com/xuy1202/status/1479098379422793734
# Reference: https://pastebin.com/58R86i8C

privacy-tools-for-you-778.com
privacy-tools-for-you777.com
privacytools-for-you-777.com

# Reference: https://www.virustotal.com/gui/file/1022aed4c67e1fd0bc605d815bf9152d040a3288e91391f9637cbb55e54f0a03/detection

privacytools-foryou-777.com

# Reference: https://www.virustotal.com/gui/file/469a4633e8a76e67f66ce8917c0797943b383289f1d317c06aa79977d8bfae79/detection

privacy-tools-for-you-779.com

# Reference: https://www.virustotal.com/gui/file/c2c074381d900532e327a4667664949b3436f8896a1be2e7ead279863cf98036/detection

privacy-tools-for-you-780.com

# Reference: https://www.virustotal.com/gui/file/01ac2b3990a1cf431549d25cc7b1b280d7a9cb80c9ab3c9bdd804b19e941143a/detection

privacy-tools-for-you-800.com

# Reference: https://twitter.com/James_inthe_box/status/1467896939144380417
# Reference: https://app.any.run/tasks/4f3d9c06-b9ba-41b5-8a47-ad8251d6fa41/

http://185.215.113.40
1fdsdfsdfdsf.space
2fds33rdsrsdrs.space
3fds4544gfgf.space
4jgfdjgdh5fds.space
5gfdtktkkt44.space

# Reference: https://twitter.com/pr0xylife/status/1471775848005050370

mbologwuholing.co.ug

# Reference: http://report.threatbook.cn/ST.pdf

mohge.xyz

# Reference: https://www.virustotal.com/gui/file/5b20ff6e7ceb7404d440cd5c7d7e851678cd1d21b9e99d48603c5ad9d802b278/detection

drossmnfg.com

# Reference: https://twitter.com/1ZRR4H/status/1477687688308432896

melchen-testet.at
mnenenravitsya.ru
pbxbmu70275.cn
pitersprav.ru
zjymf.com

# Reference: https://www.virustotal.com/gui/file/681a639fbab22f9030769ecd8d8d716ce4f8cfc01b6f1a2f3ef8722a97cacee7/detection

45.142.212.209:2012

# Reference: https://www.virustotal.com/gui/file/2d5549816f794402b7ba4b65f640ac0a11fe79635404c26d37dad08c74dce13e/detection

45.142.212.110:2012

# Reference: https://www.virustotal.com/gui/file/49a171c11b2bde7751b5521c4193f7cbc325db7f98c78e219205c76895d58415/detection

45.142.212.47:2012

# Reference: https://www.virustotal.com/gui/file/d50fc8f9ae212aaad0d217ba2552558b3d9ad952231a92fa544d3120eb6290ae/detection

45.142.212.9:2012

# Reference: https://www.virustotal.com/gui/file/90585a2e93e20a3d84e5c28281936bb8503574956aee6dc93820226e604ec79f/detection

amogohuigotuli.at
srtuiyhuali.at

# Reference: https://www.virustotal.com/gui/file/65485654c5a71328d6311a9743188c51cf7843166e07eb44bb4d0028666a61b8/detection
# Reference: https://www.virustotal.com/gui/file/ff830452706d1d2cb6066c4f2b9169f7e132938d0745318b2e59aaeeaa1f7993/detection

0axqpcc.cn
dishakhan.com
mayak-lombard.ru
mebel-lass.ru
misha.at
roohaniinfra.com

# Reference: https://www.virustotal.com/gui/domain/leatherbond.top/relations

leatherbond.top

# Reference: https://www.virustotal.com/gui/file/c86ceb78c8aa8ecb5e96f7d44a8c593ef2c310102189366d4c0d35e80c0115c9/detection

skincrawling.top

# Reference: https://www.virustotal.com/gui/file/a7ee420fd3a477e690dab56f47b264dd6c8376941101065d6645716bbf4b6333/detection

sehfdkfjvgn.xyz

# Reference: https://www.virustotal.com/gui/file/71b9aabc6410180136837fc0b0b690fd43240438f597e83a089594e93dc9aa1c/detection

habala.online

# Reference: https://www.virustotal.com/gui/file/0dd2cd4c816b2b29b60d1c5f0302cd23097b860b8a1aa63e4c380f94db4d515c/detection

cleaner-partners.biz

# Reference: https://www.virustotal.com/gui/file/0ddde6a23956364f828de2de1abdbf9fc6d4952683f777d03fe01fa0b367b2b2/detection

afrocalite.ga

# Reference: https://tria.ge/220119-wjky2acbc3

abpa.at
alumik-group.ru
d7qw.cn
emaratghajari.com
zamkikurgan.ru

# Reference: https://www.virustotal.com/gui/file/c37a27f67059a2781034c6c88fb0c4df654700c75d384b25ca3d7fb07858200b/detection

http://20.51.217.113

# Reference: https://www.virustotal.com/gui/ip-address/172.64.80.1/relations
# Reference: https://www.virustotal.com/gui/file/d2c4d81ae9ae45af262bf4fe7028eb87923d6929ceed4481379707760522f5e0/detection

hornygl.xyz
luminati-china.xyz
raitanori.xyz

# Reference: https://www.virustotal.com/gui/ip-address/189.225.195.118/relations

nahbleiben.at
trackersapi.at

# Reference: https://ti-research.io/ioc_extender/?name=TF_SmokeLoader

pervl201.xyz
pervl202.xyz
pervl203.xyz
xsasianpinaycdn01.xyz
xsasianpinaycdn02.xyz
xsasianpinaycdn03.xyz
xsasianpinaycdn04.xyz
xsasianpinaycdn05.xyz
xsasianpinaycdn06.xyz
xsasianpinaycdn07.xyz
xsasianpinaycdn08.xyz
xsasianpinaycdn10.xyz
xtremestream01.xyz
xtremestream02.xyz
xtremestream03.xyz

# Reference: https://www.virustotal.com/gui/file/ea2aba1a17de28fee1a6097e91c4ceb0f3887f6bbcce46dfe4d2e342b87bef9e/detection

stata2021.link

# Reference: https://www.virustotal.com/gui/file/a5e29da1d357106bbefc52fef87e5a996b0928ad0bd13366aea299a67a2908b2/detection

cjnovone.top

# Reference: https://www.virustotal.com/gui/file/00fd0c27ccd389b33d9293b163b3d431cab6dfda9156273eb281a8ec9ae36d24/detection

balls0000of7777steel.com

# Reference: https://www.virustotal.com/gui/file/1dca676f7e72738b4928d057d009880eab95bba1aec163abed9f2aef74909916/detection

call0000the7777cops.com
drcopps.com

# Reference: https://twitter.com/pr0xylife/status/1488236339283771399
# Reference: https://www.virustotal.com/gui/ip-address/5.188.88.216/relations

afrocalite.ga
clasique.ga
cretenom.ga
tootoo.ga

# Reference: https://www.virustotal.com/gui/file/a7dcf8734b58bf1c06d4de3c2478d95087c57a411466f760701050b612173cbb/detection

http://198.23.207.10
/webxpo/gate.php
/webxpo_sYYsr235.bin

# Reference: https://twitter.com/Jane_0stin/status/1488885579534282761
# Reference: https://app.any.run/tasks/a755e650-c332-4a5b-b0a4-89df52f09b73/

jggrmmojcc.com

# Reference: https://www.virustotal.com/gui/file/019bba3c7d23e163d3e3baed7500fc9c3850dfef9053a2e8d68e756d21d5c833/detection

imidcjjopa.com
jpgamehome.com
mygameadmin.com
qbaoacmprb.com
56.jpgamehome.com
bh.mygameadmin.com

# Reference: https://intel471.com/blog/privateloader-malware
# Reference: https://otx.alienvault.com/pulse/6202a9bc1182eff53c3eea00

threesmallhills.com

# Reference: https://www.virustotal.com/gui/file/02083f46860f1ad11e62b2b5f601a86406f7ee3c456e6699ee2912c5d1d89cb9/detection
# Reference: https://www.virustotal.com/gui/file/059d615ce6dee655959d7feae7b70f3b7c806f3986deb1826d01a07aec5a39cf/detection

bullions.tk
eyecosl.ga
mizangs.tw
tootoo.ga
venis.ml
xpowebs.ga

# Reference: https://www.virustotal.com/gui/file/03a8dcef10df18713185a402c59056159587a1f1fffb2db70a0ad9cabc84b632/detection

badgoodreason.com
dollybuster.at
h161529.srv15.test-hf.su
pjure.at

# Reference: https://www.virustotal.com/gui/file/a937a72c01011f2400e4f73838f918a38ef4e4b68ef9ddcbb8fad406c214b369/detection

ovicrush.cn

# Reference: https://www.virustotal.com/gui/file/3c362636f19b4626866ca745bb197ebcc4f2fab1f2bec6b7f208c0748dc39dcd/detection

napalisagvali.com
ozentekstil.com
pimpmyturntables.com

# Reference: https://app.any.run/tasks/ebb14c8d-fa90-461e-96fd-ce47eb6b6337/

ebitecc.com
highperformancedformats.com
privacy-tools-for-you-795.com
vegamylife.com

# Reference: https://www.virustotal.com/gui/file/0d8e031c65e57c9924aa28bb61871e136c52cc522e8b247d504808ae93d779a4/detection
# Reference: https://www.virustotal.com/gui/file/0d85bf6b36123e7da8daa9e7504f2b54db40d8d0e9eefa127b5e4c4fff16c53f/detection

coralee.at
soulguard.at

# Reference: https://www.virustotal.com/gui/file/04fbd10e257126427064f0267224a312f25d6e8722ab2f81923f7b175e03933c/detection

22031822295303.poi.ato3.fun

# Reference: https://www.virustotal.com/gui/file/01f930857a90583654fe09fa9c71bc509df359c48318a8a09fb17b635d070e37/detection

22031412502902.poi.ato3.fun
bbb7d.com
biz-acc.ru
curvreport.com
ducvietcao.com
mordo.ru
piratia-life.ru
pkodev.net
toimap.com
viagratos.com

# Reference: https://www.virustotal.com/gui/ip-address/185.95.186.58/relations
# Reference: https://www.virustotal.com/gui/file/f8856a9be46c533273581793064b4329f7ff7e686688433fc3a792957dbf1208/detection

cucumbetuturel4.com
linislominyt11.at
monsutiur4.com
moroitomo4.net
nunuslushau.com
nusurionuy5ff.at
susuerulianita1.net
trackersapi.at

# Reference: https://www.virustotal.com/gui/file/00bdcc03cb7cabe7a4db739e65ecce1c9aa80683a70c14f340787176cc0e403b/detection

gamebuy768.com
gp.gamebuy768.com

# Reference: https://www.virustotal.com/gui/file/a942ef2cf5324fbe6bf30a300a40fa2e7a398ba563afed7e0c5f674ee1ed1cc3/detection

fasel.pw

# Reference: https://www.virustotal.com/gui/file/a3ca7fad901aa245723cdb69432656376b09278214a35d8642aac81933955787/detection

securetunnel.co
/vpnchecker.php?type=check&uid=
/vpnchecker.php?type=ping&uid=
/vpnchecker.php?type=update&uid=

# Reference: https://www.virustotal.com/gui/file/0000168b62a47fd2a418490547019f5ba14d2e1b92e7a35257031313a0121e66/detection

abrakadabra.host

# Reference: https://www.virustotal.com/gui/file/f6e364380d54ea2e5f8095c36129576f2088967dba1359b126f4a98570869efa/detection

45.137.23.211:4449

# Reference: https://www.virustotal.com/gui/file/3841c77465ae42152868692241e9fd883a48d1a8a72eadbfb266e9a34eb660a9/detection

zensiert.at

# Reference: https://www.virustotal.com/gui/file/02b9fd1719cb43f233190b77210c82fdd7849cb3c0976259d3d5a551fe0b28dd/detection

lilisjjoer44.com
limo00ruling.org
linislominyt11.at
luxulixionus.net
mini55tunul.com
nikogkojam.org
nikogminut88.at
opqwes.top
samnutu11nuli.com

# Reference: https://www.virustotal.com/gui/file/90f0705f2b0f18c7be0b11aa13467bb57c3da88dca0b0651e7fd3d5349b5777f/detection

privacy-tools-for-you-102.xyz

# Reference: https://www.virustotal.com/gui/file/04ac6d2bd7a4015ce8b202b2c51d9960aea134aa19370c8af3db269f0445d04b/detection

privacy-tools-for-you-103.xyz

# Reference: https://www.virustotal.com/gui/file/293007d6b9bcd2d30780be9ea45d1e2302953a1a09f55dc1ceea10883c76e0ef/detection

colgefine.at

# Reference: https://twitter.com/malware_traffic/status/1529219133895847939

happyday9risce.com

# Reference: https://www.virustotal.com/gui/file/00b04ee7514c93430f02fb0d333ae8f787a3707f8eeb0bf096e2e131c2a999e5/detection

bahninfo.at
equix.ru
go-piratia.ru
img4mobi.com
lite-server.ru
multilow.com
worldalltv.com

# Reference: https://www.virustotal.com/gui/file/4e1b9c9a29377435b5db26b95573937f356597d96475f58e28e51e520bfbdf51/detection

rfgsdfhfghdfjdghkj.xyz

# Reference: https://www.virustotal.com/gui/file/0b5d0023a2a10c970ea8d0eaf23052317c29a00f0c9122ff62e3c7ca63985505/detection

95.181.153.93:11374
a0654745.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0347229e50af8907dfe2bda2f40c4e853e5eaac0a666efb0dfa588bc6b3b9949/detection

cruzdiabloestudio.com.ar
geoshit.com
kick-man-wish-lil.xyz
weblivemusicinc.com

# Reference: https://www.virustotal.com/gui/file/0036ef9eca61e045fd34726758631c2cb26770471f91ec39daefd81bae1a3d2c/detection

lili-dog-case.xyz

# Reference: https://www.virustotal.com/gui/file/004ef0b3a382eadec54cc6bae5afb7ba8919614a4144b5e2e4bf2d6d66748c10/detection

aucmoney.com
atvcampingtrips.com
thegymmum.com

# Reference: https://www.virustotal.com/gui/file/3fd826fc0c032721466b94ab3ec7dcfe006cc284e16132af6b91dfbc064b0907/detection

http://92.53.105.14

# Reference: https://www.virustotal.com/gui/file/f8c17cb375e8ccad5b0e33dae65694a1bd628f91cac6cf65dd11f50e91130c2d/detection

188.225.34.245:3000

# Reference: https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities

afrocalite.com
dhemgldxkv.com
sorathlions.com
/tmp/bfJrKD4g0bJL73qw/
/bfJrKD4g0bJL73qw/

# Reference: https://twitter.com/pollo290987/status/1564616597263847430
# Reference: https://www.virustotal.com/gui/ip-address/34.116.193.214/relations
# Reference: https://www.virustotal.com/gui/file/11847c4c4a8a3ba89e151f40d6917516a2ace9adea74593e7a2032b3962a2c32/detection

clamprite.ga
craigmut.com
idpbnmf.com
lapclique.ga

# Reference: https://www.virustotal.com/gui/file/415cef68482c74fcfff231fafc63bf9835c72da00e826e753aac86f704db7ac8/detection

rippledev.live

# Reference: https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/
# Reference: https://otx.alienvault.com/pulse/6334443264821a04f52170e1

privacy-tools-for-you-782.com
privacy-tools-for-you-791.com

# Reference: https://www.virustotal.com/gui/file/9777e708e8c9e652a74f98d2d512bdb5dd533ff2dc5ce6f2d8f335ded5fa94f6/detection

v2serv.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/212.8.252.159/relations
# Reference: https://www.virustotal.com/gui/ip-address/80.66.87.17/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.239.53.10/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.239.53.245/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.23.97.13/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.134.214.15/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.140.112.157/relations
# Reference: https://www.virustotal.com/gui/file/00c463a40ca66602686d4bc6dc4491a7a164220310d4cfafdfdda38c76df2962/detection
# Reference: https://www.virustotal.com/gui/file/07cd9b79cb647b10f0118bfec4855f5be2d7fd471ec658f3637041e85b5eab72/detection

jamesmillion.xyz
jamesmillion1.xyz
jamesmillion10.xyz
jamesmillion11.xyz
jamesmillion12.xyz
jamesmillion2.xyz
jamesmillion3.xyz
jamesmillion4.xyz
jamesmillion5.xyz
jamesmillion6.xyz
jamesmillion7.xyz
jamesmillion8.xyz
jamesmillion9.xyz
kingnew.xyz
kingnew1.xyz
kingnew10.xyz
kingnew11.xyz
kingnew12.xyz
kingnew2.xyz
kingnew3.xyz
kingnew4.xyz
kingnew5.xyz
kingnew6.xyz
kingnew7.xyz
kingnew8.xyz
kingnew9.xyz

# Reference: https://www.virustotal.com/gui/file/0051ba35f0d0516d15761054387afa74361607996d6ccd95b42dd53585afd715/detection

avtlsgosecure.com
furubujjul.net
gulutina49org.org
liubertiyyyul.net
stalnnuytyt.org
starvestitibo.org
winnlinne.com
youyouumenia5.org

# Reference: https://www.joesandbox.com/analysis/700916/0/html

ginjin.org
hiragaih.com
sakuratoma.com

# Reference: https://www.joesandbox.com/analysis/700915/0/html

hasekushi.com
kanzay.biz
kyotobowls.com
ojinsei.com
yukyurice.com

# Reference: https://www.virustotal.com/gui/file/00221666dec1a50f08ed21af02c42150b8d75203e7b86f2a17080a8df5ea9af4/detection

privacy-tools-for-you-453.com

# Reference: https://www.virustotal.com/gui/file/1a68501afae9f44131d9e6fc6a4dd8f85782460bc0cd9c10bd1c40f6ac5145f7/detection

asfvbsdgqwg.xyz

# Reference: https://www.virustotal.com/gui/file/846d88bc1902580a545849dd7bfbb9b8154e145a7c9d7c64e1a40f07f9e1993c/detection

adobeflashupdate.dynu.com
systemupdate5.dtdns.net
transactiona.com

# Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection

bururutu44org.org
guluiiiimnstra.net
hulimudulinu.net
nuluitnulo.me
nvulukuluir.net

# Reference: https://www.virustotal.com/gui/ip-address/35.238.161.88/relations

privacy-tools-for-you-796.com
privacy-tools-for-you-801.com
privacy-tools-for-you-802.com
privacy-tools-for-you-900.com
privacy-tools-for-you-901.com

# Reference: https://www.virustotal.com/gui/file/006bb70c104711b4038ec023bbda0addfe2d23a4d3d07b438abd00dd059a1ab8/detection

freeshmex.at
fresherlights.com
gencayemlak.com
o3l3roozuidudu.com
o36fafs3sn6xou.com

# Reference: https://twitter.com/James_inthe_box/status/1380877954050220041
# Reference: https://www.proofpoint.com/us/blog/threat-insight/malware-masquerades-privacy-tool
# Reference: https://otx.alienvault.com/pulse/60df0c7c5e03d145c6a38652

http://45.144.225.71
diragame.com
gensoterman.com
jaishomo.info
privacmytools.site
privacytools.xyz
privacytoolsforyou.site

# Reference: https://www.virustotal.com/gui/file/23941746340e89fb699e4ecec106fbfd40186fc5b483bf72d82d5d5a2706863f/detection
# Reference: https://www.virustotal.com/gui/file/0ba6070de6b8909b712ee7dc2003525b46bdac50ec29658d3d8e2f6b85811fa7/detection

http://208.67.104.60
kokoko-24.online
megalobster.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.106.191.21/relations

hestapo.shop
megustomarivanna.shop

# Reference: https://www.virustotal.com/gui/ip-address/85.239.53.233/relations
# Reference: https://www.virustotal.com/gui/file/05e8abefda6f72401ceaa8feb36810945132255217cc5bdb202e4bd42f648a53/detection
# Reference: https://www.virustotal.com/gui/file/06c9681d0fcdc083535d3aaa823b0d5a483bb93f237fb7857cd8e72b20f4088c/detection

85.239.53.233:81
chardhesha.xyz
denestyenol.xyz
exirdonanos.xyz
jalocliche.xyz
pornhub-viewer.fun

# Reference: https://www.virustotal.com/gui/file/e4d1f9f3cbbf244e29a73a9a6619723eb3f729e5ec6ee1e7c261ff6dbd90cdfb/detection

http://193.106.191.23

# Reference: https://www.virustotal.com/gui/file/0190cb9e53fda3197b42b21537e8dcdef1342cc62401c32b8acc058c9f1778e6/detection

88.198.115.208:81

# Reference: https://www.virustotal.com/gui/ip-address/5.206.227.41/relations

your-privacy-service-21.xyz
your-privacy-service-231.xyz
your-privacy-service-315.xyz
your-privacy-service-41.xyz
your-privacy-service-61.xyz
your-privacy-service-771.xyz
your-private-service.xyz

# Reference: https://twitter.com/TeamDreier/status/1592475506808483841
# Reference: https://www.joesandbox.com/analysis/746372/0/html
# Reference: https://www.virustotal.com/gui/ip-address/37.0.14.217/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.214.219.166/relations
# Reference: https://www.virustotal.com/gui/file/60e7b7d68084b224611ea87344f10989fcfc56043989430e4395d09c3115682b/detection

37.0.14.212:7086
autoland-ls.de
autohous-lips.de
autohuas-e-c.de
autohuas-hesse.de
caravan-spezialistan.de
fiat-amenn.de
lankanau-bremen.de
psycho-holsitik.de

# Reference: https://www.virustotal.com/gui/ip-address/185.246.221.151/relations
# Reference: https://www.virustotal.com/gui/file/1aa2e032d496b4a5367a54b802a3f65d427a7a3eb80d84f2346235d368979921/detection

c2csosi228d.com
cctvrs3ss38.com
r3oidsofsios.com
s2scomm20.com
sos3382uirs.com
w3stxyzrujp.com
xdd42sdfsdf.com

# Reference: https://www.virustotal.com/gui/ip-address/34.171.171.32/relations
# Reference: https://www.virustotal.com/gui/file/032d017f5538478a3c8334f3636feb33be6a4fc112b82339e0f1ba3d210d7c7c/detection

advertstex15.club
asdfghjkl.host
mxblogs19.xyz
sdadvert20.xyz

# Reference: https://twitter.com/HaoZhixiang/status/1599939493339205634

careers-info.com

# Reference: https://twitter.com/h2jazi/status/1600536584398553107
# Reference: https://www.virustotal.com/gui/file/d1cdab058056e0e4cbf2a08851d493d9f46d1d36e65f7b284d2ecc3558e80660/detection

abdkuxv4.tk
pees-panelllu-6.tk
racheladelman.me
str-qvebc5.ml

# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.96/relations
# Reference: https://www.virustotal.com/gui/file/038e57cf568ba5ed0f9dac615478c645d0e663bdd9fb57e50076c5e07392ed49/detection
# Reference: https://www.virustotal.com/gui/file/c601895ced392d0000d1c3403d40582da75eabff4bb19c2d213e3d54a7960fff/detection

linevanarsor.xyz
xharemaicamol.xyz

# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.94/relations

cenyeyalory.xyz
kaiaiannial.xyz
plearshurnez.nl
riottazelda.com

# Reference: https://www.virustotal.com/gui/file/1443b2fa3ece332d66836172ff5c75237fd064300f3c8c1754c319935ed44797/detection
# Reference: https://www.virustotal.com/gui/file/8bf4d905bd122a034a718693e9dc5c45e22315419562c41053293a42b1485351/detection

mycyberumbrella.com
new-arbitrum.io
host.new-arbitrum.io
/coolcat/gate.php
/coolcatgate.php

# Reference: https://www.virustotal.com/gui/file/188800537623aa5a614e58439cbecb809747c7a088f3389ecb1a9fe216f0b4ec/detection

31.41.244.14:4694

# Reference: https://www.virustotal.com/gui/file/f27826a05617f1aad7a90db2e851fa6462b0b6db81fdba22b4299f5d12441046/detection

15.204.170.24:1111

# Reference: https://www.virustotal.com/gui/file/02074294a16b02d4deb61f85f16c2ef3847f47cf5c53c5c15c011a854486f1ef/detection

dfbfgngnghdn.yachts

# Reference: https://www.virustotal.com/gui/file/7050c0e3e8a5734f8f19072642b9a43a336579234a11236ced24cf7dab1bd086/detection

agressivemnaiq.xyz

# Reference: https://twitter.com/tosscoinwitcher/status/1607827228989206528
# Reference: https://tria.ge/221227-x7pskabb8x/behavioral1

cluster-obtain.site

# Reference: https://www.virustotal.com/gui/file/0051ba35f0d0516d15761054387afa74361607996d6ccd95b42dd53585afd715/detection

dowe.at
crazytree0021.ga

# Reference: https://www.virustotal.com/gui/file/34dc14528893caf025173bef0104f2229adb26c23f0bd5cbb4c6653d80c306ba/detection

moskal.fun

# Reference: https://www.virustotal.com/gui/file/45d75d09a7226a88ae37565b99209e48c379a80ce867f71123d2cec8b383542d/detection

smokeeveryday.site

# Reference: https://www.virustotal.com/gui/file/05551936b0a0acd81808f341d8d4d497be8435df9bbf1da7c6d6595513e95208/detection

31.41.244.4:4062

# Reference: https://www.virustotal.com/gui/file/ff081c7a2775044bea8bd3b9bc36180202b32794cfdebf84c7fd69c82d5432f8/detection

kolo5oso.com
meta-zone-1.online
meta-zone-1.ru
metazone1.com

# Reference: https://www.virustotal.com/gui/file/12d2c229d192506c13f8dfbb5e9edb5b9b369a6e0b5ddc7cb2647d02d7fcdae5/detection

cmdevelopment.tech
dataonestorage.com

# Reference: https://twitter.com/r3dbU7z/status/1624059501258190853
# Reference: https://www.virustotal.com/gui/file/bd7dfd1a455f14482be1b6838b767d5a10ca0426fd4232dd69a159b94e94a492/detection

rosanew-jp.site
swoonwastan.site
uno-boss-site.site

# Reference: https://www.virustotal.com/gui/file/7858bffea20cffd024d5132442c44feb6f6c68b3e0b60fc3622d83ddd2793923/detection

http://23.254.227.202
http://23.254.227.205
http://23.254.227.214

# Reference: https://www.virustotal.com/gui/file/fb15ec7a194b19b2c9cf7118d1d1a5632e3d63d7cb8cb41c4fae2c94f60e45ef/detection

consqumirism.org
destoringnacism.org
ilaboratoryoo.org
kosmopolitizm.org
ukrainebadcountry.org

# Reference: https://twitter.com/TrackerC2Bot/status/1614056045072064512
# Reference: https://www.virustotal.com/gui/file/f9056fcccb1c3055a5284580c99bec189a6d8272577abe3788fd17f14407b8a3/detection

http://213.252.247.28
http://213.252.247.42
http://88.119.170.115

# Reference: https://www.virustotal.com/gui/file/001997f3e75c1e0e3857f79186bfc2af22a043a2e3bd9b640a22b9f59dbc9149/detection

aaoocmdrqa.com
addgrinbpd.com
ahdojndgar.com
aidercfdqf.com
aipnnfbcej.com
apfmanrheo.com
armdfmggpd.com
bcianqqjmo.com
bdehfoqjbr.com
biecahiiba.com
brgqnoeqqq.com
cedcmcbqpr.com
cgmprqbpjo.com
cibdirfhiq.com
crdqrijecj.com
criijhmrnp.com
dapribqpjn.com
dbcqicgchi.com
ddardijbbn.com
dfbijfhcpo.com
dfqfccpdq.com
dgapahgqae.com
dhhimecrii.com
dojjoqfddg.com
eaifriioaa.com
ebijjfjaed.com
ebqojobjao.com
eobrhbijmj.com
fcbijriqpp.com
fdpahrjbhh.com
fgorerrrmh.com
fhajopmjrc.com
gbdopoefgo.com
ggjmdgrhbq.com
ggrjfffgdi.com
gibacofccf.com
gjpnjmdada.com
gpncferfhc.com
hbhnordpgi.com
hchebghadc.com
hicaprifph.com
hmgddbbphj.com
hpcbrfmcjr.com
hqefcdbiae.com
iambqjrdca.com
ibiqocqpad.com
ieaifrocan.com
ifgeqgnccq.com
ihgncfdqah.com
ijhdfeegqh.com
ijnrrmnqgb.com
imhochafdm.com
ioiahehjah.com
iqohmrmobh.com
irbdprpppe.com
jadirfdjrf.com
jcnipherfp.com
jddohjoojp.com
maigbegbpn.com
mamipcjecq.com
mgfcahgcfh.com
mhhcaaeiip.com
mnbgaemmnq.com
mojmphhbhh.com
mqonqcmbha.com
mqrpnhjieg.com
nfjqhmjaig.com
nfnjdpnobc.com
ngmeagndqp.com
nrdbbednjm.com
ocrgjeqjoh.com
oeojhjnemc.com
oggaqpdgeb.com
omcbqoojar.com
ooncmhipca.com
oppgagdmge.com
oracjbjjnf.com
orbgmjqahc.com
orqhhnaeri.com
pdpberrfda.com
pggbqnppmq.com
pioajceghm.com
pjehbmoqfg.com
pojfdfpmgb.com
pomefnjqqn.com
poqejqbafp.com
pqggjmfear.com
qepffhiccm.com
qinfmceoji.com
qpnmhcbcrh.com
rbanmcphia.com
rcmhrapmbp.com
rdhbdijhho.com
rebprohorh.com
rfegdaoniq.com
ripimpiord.com
rrcocohfdn.com

# Reference: https://www.virustotal.com/gui/file/d3dd2d5057c02c8ef7d77950214f04adeb909ea45d9c69dc0296d827f5befdfe/detection

http://94.142.138.116

# Reference: https://www.virustotal.com/gui/file/26317358d7dbcfdf4eb51ed2618f8c317d2a032a9f70e1c5d8bcf8fa90649141/detection

ajyew33.com
aappatey.com
potunulit.org
vvvos3s50a.com
aac.ajyew33.com
iueg.aappatey.com
t.vvvos3s50a.com
siaoheg.aappatey.com

# Reference: https://x.com/banthisguy9349/status/1969775396087284095
# Reference: https://threatfox.abuse.ch/ioc/1202228/
# Reference: https://threatfox.abuse.ch/ioc/1202229/
# Reference: https://www.virustotal.com/gui/file/62bfcd6ad96951af9bd54bc9f99fce2f8cd3fa58549c8c794cc567c2321220c9/detection
# Reference: https://www.virustotal.com/gui/file/019396c5e78ffa41b570cdb939780bcb851a114569fb6eeece0a33294088373b/detection

http://185.103.101.163
http://185.105.88.137
http://185.139.70.22
http://185.159.129.125
http://185.161.248.185
http://213.248.43.100
http://213.248.43.103
http://213.248.43.105
http://213.248.43.109
http://213.248.43.127
http://213.248.43.40
http://213.248.43.48
http://213.248.43.53
http://213.248.43.54
http://80.66.89.128
http://80.66.89.157
http://80.66.89.68
hgjjytjyuk.site
izzjjs1m.beget.tech
megaproxy.beget.tech
pavkihdh.beget.tech
/loader/OWIsN2UsN2MsYTMsOWUsODIsOGYsOTAsNmQsN2Ys
/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
/OWIsN2UsN2MsYTMsOWUsODIsOGYsOTAsNmQsN2Ys
/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
/ytasodysodisowQsytesodgsotasotusnjusn2Qs

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/

http://176.113.115.171
http://185.173.36.42
http://185.215.113.209
http://188.116.36.174
http://190.123.44.195
http://193.106.191.136
http://193.56.146.21
http://194.9.71.107
http://2.56.59.26
http://45.83.122.134
http://45.83.122.136
http://5.101.0.32
http://85.239.55.154
http://92.255.85.131
http://92.255.85.40
http://94.140.114.197
http://94.140.114.84
http://94.140.115.129
http://94.140.115.144
http://94.140.115.185
108.179.193.18:443
185.215.113.209:443
191.6.208.9:443
193.56.146.214:443
04yh16065cdi.xyz
100klv.com
1waa.com
33qd2w560vnx.xyz
4urhappiness.com
7iqt53dr345u.com
aek0aicifaloh1yo.com
aerostraphen.xyz
ahead4scores.ac.ug
akmedia.in
alluvianna19.club
alotofquotes.com
andbal.com
aradysiusep10.top
arakeishant5.top
asfaltwerk.com
autocarsjames.com
azarehanelle19.top
b4y08hrp3jdb.com
bartanayane7.top
basicath.ga
best-forsale.com
bethesdaserukam.org
bostoc.com
brandyjaggers.com
brutuilionust.com
bubushkalioua.com
bukubuka1.net
bulimu55t.net
bullions.top
camasirx.com
casagenaro.com
cdn1.wf
cdn2.wf
cdn3.wf
chmxnautoparts.com
cinems.club
cio.lankapanel.net
cletonmy.com
clothes.surf
dejarestaurant.com
denerux.top
dibilabok.ga
directorycart.com
diving-phocea.com
dumuilistrati.at
e-lanpengeonline.com
ejeana.co.ug
ekcentric.com
elroisolutions.com
eruiopijhgnn4.xyz
eyecosl.top
fcmsites.com.br
fdgjdfgehr4.space
fdsjkuhreyu4.space
fernandomayol.com
feryleromand11.top
fgdgdjfgfdgdf.space
fgdgjhdfgdfjgd.space
fgdjgsdfghj4fds.space
fgdsjghdfghjdfhgd.space
fioajfoiarjfoi1.xyz
fiskahlilian16.top
fortuitousopportunities.com
fresh-cars.net
fsdhjfsdhfsd.space
fufuiloirtu.com
galala.ru
gdfhjgfhdjghjashjgdf.space
gdfjgdfh4543nf.space
gebzetuning.com
geenaldencia9.top
gejajoo7.top
gejajoo7.xyz
gerer.at
gfdgashgsjdfhgjhsdf.space
gfdghfsdfghfdegr.space
gfdhjdsjhgsdhgfjfsdhj.space
gfdjgdfjgdhfbg.space
gfdjgh4re3rfds.space
gfdkjgdfhughrue.space
gfdsjgsuhdgurur.space
gfhjdsghdfjg23.space
ghahantellorb.com
giovaninardo13.club
girneotel.com
glasamaddama17.club
glueberry-og.cc
glueberry-og.co
glueberry-og.to
gmpeople.com
golilopaster.org
govsurplusstore.com
gthdsqhtpthdysqljvty.space
hajezey1.xyz
hamilaharr6.top
hancarlenei9.top
hasarcyaionex.shop
hbeat.ru
hbibhibihnj11.store
hefahei6.top
hefahei6.xyz
hepryceeaaa13.top
hie7doodohpae4na.com
hoh0aeghwugh2gie.com
honawey7.top
honawey7.xyz
hujukui3.net
hutnilior.net
hydroxychl0roquine.xyz
igbyugfwbwb5.xyz
iknhyghggh15.store
imaker.io
iselaharty12.club
japanarticle.com
jebeccallis4.top
joiklslfsa.xyz
kevonahira2.top
kimballiett2.top
kingriffaele4.top
kokihap7siexz3.com
kotabuki.com
krigenpharmaceuticals.com
kwazone.com
lacoibipitanga.com.br
lecanardstsornin.com
les-pub.com
linavanandr11.club
lynettaram7.top
m3600.com
magilson.top
maintage.xyz
manctelayaller.com
marlingarly18.club
mbackupss.xyz
meet-ru.ru
megalinkbj.com.br
mile48.com
mj4aj8r55mho.com
moabscript.ir
moonlightly.xyz
motionberry999xerz.ru
mservid.xyz
mvesotk.xyz
naghenrietti1.top
nalirou7.top
nalirou7.xyz
nanavatisworld.com
ne4ym7bjn1ts.com
neriir0f76gr.com
newzelannd66.org
nextlytm.com
nicehybridseeds.com
nityanneron5.top
novanosa5org.org
novohudosovu.com
nuljjjnuli.org
nulls.zzz.com.ua
ny-city-mall.com
oakland-studio.video
ones.zzz.com.ua
onyokandis9.store
otriluyttn.org
paishancho17.top
pass-finger.com
people4jan.com
phocea-sudan.com
phunilbeauty.com
pipevai4.top
pipevai4.xyz
pipevai40.top
pizza-don.ru
planilhasvba.com.br
poclecta.ga
poiuytrcvb13.store
poudineh.com
psycho-holsitik.de
purekidboo.com
qianyoupj.cn
quericeriant20.top
randomsite1234.com
rapmusic.at
rdukhnihioh2.xyz
resbkjpokfct9.store
rigtestforum.click
rigtestforum.ru
rigtestforum.to
rixoxeu9.xyz
rpk32ubon.ac.th
rrelleynaniy6.store
ryewrewthxjsfhydfbsd.space
ryuesrseyth3.space
sadineyalas8.top
samilabok.ga
samillavakiv10.top
savixtothenation.co.ug
sdfghjklemm3.xyz
sdfygfygu10.store
seattle-university.video
seodatastats.xyz
seq8ueceqoxy.com
shfuhfuwhhc6.xyz
sleoppen.com
slusextense.com
smartbubox.com
sokdikksiiefgsdf.cyou
somatoka51hub.net
soryytlic4.net
spbdg.ru
statisticblogpack.xyz
statssblogsta.com
statssblogsta.in
stempelbeton.at
stemschools.in
streetofcards.com
successcoachceo.com
swedenkhabar.com
swp6fbywla09.com
sysaheu9.top
sysaheu9.xyz
szpnc.cn
teualabok.ga
tierzahnarzt.at
tnt-az.com
tolilolihul.net
turbocell.ir
twinrealty.com
ubrianella12.top
uggeboots.com
uhvu.cn
umayaniela6.top
urydiahadyss16.club
varmisende.com
vegangelist3.top
venerynnet1.top
verboliatsiaeeees.com
vfwlkjhbghg12.store
viahalexandy14.top
video.nalahotel.com
vispik.at
vjcmvz.cn
wa5zu7sekai8xeih.com
wenataliana15.top
wijibui0.top
wijibui0.xyz
wildzipcode.biz
witra.ru
xacokuo8.top
xacokuo8.xyz
xadriettany3.top
xandirkaniel20.club
xsedfgtbh14.store
ycdfzd.com
ydiannetter18.top
ygyguguuju8.store
yic0oosaeiy7ahng.com
zayneliann14.club
zennclinic.com
zesiahavie8.top
zorinosali15.club
/4vGegaUF/

# Reference: https://www.virustotal.com/gui/file/015d6a4b1c9aae0842ba40dedcb0d4f2d891ea82575dad5a991454101393d4ea/detection

http://5.181.80.133

# Reference: https://www.virustotal.com/gui/ip-address/187.156.109.2/relations
# Reference: https://www.virustotal.com/gui/file/16ff551a19804e004b3306e612ebad6de2da70d8cd674b83cc5d530a928bc7ef/detection

aapu.at
perficut.at

# Reference: https://www.virustotal.com/gui/file/3c4f456e84a4b82254480d17bd6db4c0a9ae6259e085b362b10183a82956d1ba/detection

212.193.30.115:5900
1kljhjffdvcbfghb.buzz

# Reference: https://medium.com/checkmarx-security/who-broke-npm-malicious-packages-flood-leading-to-denial-of-service-77ac707ddbf1

http://149.154.158.34
http://15.204.49.142
http://193.233.20.35
http://65.109.226.91
http://94.142.138.131

# Reference: https://www.virustotal.com/gui/file/dcd0e43f175a2464788c2875137ac3f2987e1e3c3266f3295834fca4766ab779/detection
# Reference: https://www.virustotal.com/gui/file/568c74ad13aabae265d49cf081e49a21446d006160f4e9f802f3e5b12e1ac457/detection

firsttrusteedrx.ru
kingpirate.ru
h168476.srv22.test-hf.su

# Reference: https://www.virustotal.com/gui/file/0191964e405347382178a7381117b0bea92a9f26c7ef5cee78d31473e0be34c2/detection

respekt5569.com

# Reference: https://www.virustotal.com/gui/file/0191964e405347382178a7381117b0bea92a9f26c7ef5cee78d31473e0be34c2/detection

fgjhffgfg.site

# Reference: https://twitter.com/Gi7w0rm/status/1649005498069401601
# Reference: https://www.virustotal.com/gui/ip-address/77.73.134.38/relations
# Reference: https://tria.ge/230420-ml7q5sbc8z/behavioral2
# Reference: https://tria.ge/230420-mpceeabc9z/behavioral2
# Reference: https://www.virustotal.com/gui/file/b7d9f37e382bbb34858885e08b72ae41a73e484a9b30f8f0e16bd3f546daa018/detection
# Reference: https://www.virustotal.com/gui/file/4cdd84432b44fc5ccea5e8843a6d0f1ff1163e647e8d6c955f05f4b249e3531d/detection

http://77.73.134.38
charlslogin.com

# Reference: https://twitter.com/Gi7w0rm/status/1649888273278328834
# Reference: https://tria.ge/230422-zbry6aac5y/behavioral2
# Reference: https://tria.ge/230422-z12vnaad9w/behavioral2

185.225.74.84:7702
213.152.162.99:13742
fortniteprouniversity.com

# Reference: https://twitter.com/Gi7w0rm/status/1652428464136364041
# Reference: https://tria.ge/230420-tbfy1aah35/behavioral1

radiobridge-egy.com/tmp/index.php

# Reference: https://www.virustotal.com/gui/file/eae4b77ea1c206dc0a5fd6c0f34d2eae940b8fd20558aadf67ae4481099db184/detection

leaderspro.ps
onlinetechdesk.com

# Reference:https://www.virustotal.com/gui/ip-address/193.106.175.177/relations
# Reference:https://www.virustotal.com/gui/file/24471f2fd20e7386aa533b51bf851cdeb9ee0750a615273c6004b86e463d36d2/detection

3dstore.pro
balkimotion.ru
coudzoom.ru
criticalosl.tech
homospoison.ru
humanitarydp.ug
ipodromlan.ru
lamazone.site
ligaspace.ru
maximprofile.net
redport80.ru
shopersport.ru
sindoproperty.org
superboler.com
zaliphone.com

# Reference: https://twitter.com/Gi7w0rm/status/1655218703921823751
# Reference: https://www.virustotal.com/gui/file/3ebfbbd09064aae6f6238d019637a666740b3b35141e46cf76524c8dde88fb26/detection

petchx.com
protonme.support
smartphoodapp.com
pylox.petchx.com

# Reference: https://www.virustotal.com/gui/file/9c27c7e2d15ee3728d0ab72f260bfd55527ac3d68c5502bb2aaa1d1faa397465/detection

45.15.156.33:456

# Reference: https://www.virustotal.com/gui/file/07f60737add24d8238a6e2846165a512d8b7a0b36410f24d02608721b7ada1dc/detection

http://85.208.136.10

# Reference: https://cert.gov.ua/article/4755642 (Ukrainian)

alegoomaster.com
azartnyjboy.com
droopily.eu
filterfullproperty.ru
freesitucionap.com
gondurasonline.ug
hopentools.site
infomalilopera.ru
jkghdj2993jdjjdjd.ru
jskgdhjkdfhjdkjhd844.ru
kismamabeforyougo.com
kissmafiabeforyoudied.eu
kjhgdj99fuller.ru
nabufixservice.name
polinamailserverip.ru
premiumjeck.site
prostotaknet.net
verycheap.store
zaikaopentra-com-ug.online
zaikaopentra.com.ug
zakolibal.online
zalamafiapopcultur.eu

# Reference: https://twitter.com/MavericksInt/status/1664970769753952257
# Reference: https://www.virustotal.com/gui/file/010d144869892ef9fccb18e477d5250434647ef99d8bd490e88a7a9789b982b5/detection

http://31.31.198.27

# Reference: https://www.virustotal.com/gui/file/1c70f987a0839d11826f053ae90e81a277fa154f5358303fe9a511dbe8b529f2/detection

77.105.147.140:15666

# Reference: https://twitter.com/Gi7w0rm/status/1672281793075064845
# Reference: https://twitter.com/tosscoinwitcher/status/1672333506180161536
# Reference: https://tria.ge/230622-164f4sbd5v
# Reference: https://tria.ge/230623-v6zj9shd7t/behavioral2

insigth001.s3.amazonaws.com
dbconnectionbase.hopto.org
pingconectstatus.hopto.org
pushline.gotdns.ch
/1452365/15062023.php
/onBo/connS.php
/stats001/WCLOYKJB.txt

# Reference: https://embee-research.ghost.io/smokeloader-analysis-with-procmon/
# Reference: https://www.virustotal.com/gui/ip-address/176.124.193.111/relations

americanocoffea.ru
internetcygane.ru

# Reference: https://www.virustotal.com/gui/file/c8635bfe191b150e8425193ffba489f93b909b02b5a644a148bf2b7a9060773d/detection

79.137.199.199:15666
toobussy.com

# Reference: https://www.virustotal.com/gui/file/cfb5c20ec8d95c35f7edb8743084d4491e43c62c575cf0102b4f6781c50689de/detection

camoverde.pw

# Reference: https://cert.gov.ua/article/5158006 (Ukrainian)

cityofuganda.ug
goodlenuxilam.site
hillespostelnm.eu
jimloamfilling.online
jslopasitmon.com
kilomunara.com
krasavchikoleg.net
liverpulapp.ru
maxteroper.ru
nafillimonilini.net
napropertyhub.eu
samoramertut.ru
sismasterhome.ru
supermarioprohozhdenie.ru
vertusupportjk.org
zaikadoctor.ru
zallesman.ru
zarabovannyok.eu

# Reference: https://www.virustotal.com/gui/file/0cc7883198df53af5b4e7d6b14204ea5ab51066a52031f8f814cedccc491bd9a/detection

http://176.113.115.84
176.113.115.84:8080
pwcamoverde.pw
camoverde.pwcamoverde.pw

# Reference: https://www.virustotal.com/gui/file/db93afadb567278fe2ddfb26a43d318dcbf3959fa09f3fe901ebe22e0aeaa359/detection

hooligapps.site

# Reference: https://twitter.com/fr0s7_/status/1682294007013974017
# Reference: https://tria.ge/230721-jdcz1sdc2s/behavioral1

abracodabugalimpopo.ru
coinmakopenarea.su
gondurasonline.ru
hopentools.ru
humanitarydp.ru
infomailforyoumak.ru
kismamabeforyougo.ru
kismamabeforyougo.su
kissmafiabeforyoudied.ru
mediaplatformapharm.ru
metallergroup.ru
nabufixservice.su
zaikaopentra-com-ug.su
zaikaopentra.com.ru
zalamafiapopcultur.ru

# Reference: https://cert.gov.ua/article/5269451

tvpharm.ru
ukr-net-downloadfile.su

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-07-27)

http://176.113.115.47
http://193.56.146.214
http://194.180.48.53
http://77.91.68.29
176.113.115.47:443
admlogs.online
admlogs77x.online
anydesk-my.com
atlanta-newspaper.com
biraber.ws
blogstat355.xyz
blogstatserv25.xyz
blogxstat25.xyz
blogxstat38.xyz
bloomberg.ga
ca-ferrari-club.com
cpcorprotationltd.com
demblog289.xyz
dexblog45.xyz
dollyjonsaw.top
etasicath.com
fusdertoplerq.top
greenbi.net
humman.art
ladogatur.ru
mariton.ws
masloperukwed.top
miami-golf-club.com
mollyfishers.cc
omacrestinc.ga
pik96.ru
pyasicath.com
seattle-fishing-club.com
servblog757.xyz
serverlogs37.xyz
serverxlogs21.xyz
servxblog79.xyz
speakdyn.com
stalagmijesarl.com
suprememax.ga
ukdantist-sarl.com
utah-saints.com
wuc11.com
zasicath.com

# Reference: https://www.virustotal.com/gui/file/22f099bfa5de512e73d9ef83d5e9badd5ed4222a9e34431e7ca057eed7545042/detection

124.156.138.24:1152

# Reference: https://asec.ahnlab.com/ko/40556/ (Korean)

fujysoey.com
gesshtbow.com
kuitobowls.com
kyotoltdssl.com

# Reference: https://www.virustotal.com/gui/ip-address/134.255.254.105/relations
# Reference: https://www.virustotal.com/gui/ip-address/159.253.18.136/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.89.125.136/relations
# Reference: https://www.virustotal.com/gui/file/19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8/detection
# Reference: https://www.virustotal.com/gui/file/afddec37cdc1d196a1136e2252e925c0dcfe587963069d78775e0f174ae9cfe3/detection

134.255.254.105:39001
45.89.125.136:4044
admhexlogs215.xyz
admhexlogs25.xyz
admlog2.xyz
admlogs17.xyz
admlogs25.xyz
cexsad917.xyz
cexsad97.xyz
dexsel29.xyz
dnm777.xyz
fexstat227.xyz
fexstat257.xyz
gentexlog28.xyz
lucabet66.xyz
samnex18.xyz
sentrex219.xyz
sentrex29.xyz
septrex45.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-08-19)

01stroy.ru
gromograd.ru
mal-net.com
taibi.at

# Reference: https://twitter.com/James_inthe_box/status/1695083980410982598
# Reference: https://app.any.run/tasks/c36701a1-632b-484b-ae45-b9bc65b5a902/

data-surf.site

# Reference: https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
# Reference: https://otx.alienvault.com/pulse/64eca0ac44f7afd8582ec134

http://194.87.32.20
http://195.123.212.53

# Reference: https://twitter.com/Jane_0sint/status/1699745329078231082
# Reference: https://www.virustotal.com/gui/ip-address/45.131.66.236/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.131.66.61/relations
# Reference: https://www.virustotal.com/gui/ip-address/46.36.219.3/relations

admlogs195.xyz
amx15.xyz
amx155.xyz
amx55.xyz
amx75.xyz
amxt15.xyz
mkhexlogs215.xyz
mksad917.xyz
mkstat227.xyz
mktexlog238.xyz
moknex158.xyz
servblog25.xyz

# Reference: https://www.virustotal.com/gui/ip-address/95.214.26.25/relations

o339ku32b3yk26.com
o391tckjywmtj0.com
o3b1wk8sfk74tf.com
o3npxslymcyfi2.com
o3zxuhcc4hl9mi.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-09-18)
# Reference: https://www.virustotal.com/gui/ip-address/45.61.136.186/relations

alaska-ships.com
gudintas.at
logitech.bio
logitech.wiki
nebraska-pizza.com
rosatiauto.com
unity.bz
unity.us.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-09-20)

admlogs85x.xyz
blogmstat255.xyz
blogmstat389.xyz
demblog575.xyz
servermlogs27.xyz
servmblog45.xyz

# Reference: https://twitter.com/James_inthe_box/status/1704613961533182311
# Reference: https://app.any.run/tasks/5351d819-f48e-4502-a315-6643b743182f/

gudintas.at

# Reference: https://www.virustotal.com/gui/ip-address/46.161.27.222/relations
# Reference: https://www.virustotal.com/gui/file/b2ebd0af7ac3f4f2ce9f14ebbb0693f98fab439f80080e9483ac5bb84e6236d4/detection
# Reference: https://www.virustotal.com/gui/file/86c0fff5ac32ec396ddd4fbb716e25a013a9defa6de72aa8041ba8cfb5a69494/detection

panelss.name
panelssmorrreqw.org

# Reference: https://twitter.com/1ZRR4H/status/1709421805880877346
# Reference: https://www.virustotal.com/gui/file/759f68868414e8e7bf602a631d34740a125a7d8821b313330ad2469a96616e0c/detection
# Reference: https://www.virustotal.com/gui/file/51574e9dc00eca75a025fe34e729a487624e1f2f77100618ff67cffb80a36686/detection

http://172.86.75.52
fdjij93fjdksfklwi.com

# Reference: https://www.virustotal.com/gui/ip-address/194.87.32.152/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.31.196.206/relations
# Reference: https://www.virustotal.com/gui/ip-address/85.143.172.45/relations
# Reference: https://www.virustotal.com/gui/file/0d910dac90a30dec52c6484bd7087f4a1d55d827a093a2f43c9dfe59a082aab9/detection
# Reference: https://www.virustotal.com/gui/file/143310670009099214b1b1a812e98a485db3e2879ab35dca8ba63005a62a610c/detection
# Reference: https://www.virustotal.com/gui/file/185b82b06a5bc2ccb5643440227293c7fa123216f7abfb685bdc0dc70dffdc37/detection
# Reference: https://www.virustotal.com/gui/file/9a528b2b31d9d59018878fdf3b9d8db235df606500c67a4b8be3075701b014fc/detection
# Reference: https://www.virustotal.com/gui/file/a512209933998bcd0a07a16af04aa7fd05e3c23103978ad250a7e1cb249d4baa/detection
# Reference: https://www.virustotal.com/gui/file/ccf57eff80d10c7a3d6236802e91d4f60fbe68a8cca21d670ffdb7c6c6cb897b/detection
# Reference: https://www.virustotal.com/gui/file/d895f40a994cb90416881b88fadd2de5af165eec1cd41b0ddd08fa1d6b3262bb/detection

diplombar.by
dublebomber.ru
iloveua.ir
ipoluchayteudovolstvie.ru
kozachok777.ru
moyabelorussiya.by
nomnetozhedenyuzhkanuzhna.ru
popuasyfromua.ru
propertyiran.ir
propertyminsk.by
prostosmeritesya.ru
restmantra.by
sakentoshi.ru
specnaznachenie.ru
super777bomba.ru
tvoyaradostetoya.ru
ukr-net-download-files-php-name.ru
yavasponimayu.ru
zakrylki809.ru
zasadacafe.by
emv1.mediaplatformapharm.ru
mail.ukr-net-downloadfile.su

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-10-07)

criogetikfenbut.org
kumbuyartyty.net
lightseinsteniki.org
liuliuoumumy.org
onualituyrs.org
snukerukeutit.org
stualialuyastrelia.net
sumagulituyo.org
tonimiuyaytre.org
tyiuiunuewqy.org

# Reference: https://www.virustotal.com/gui/file/952c1544471b56e17871acc8d28b83ef9f6a99cc263eb8a030119489c728fa8d/detection

msktk.ru
soetegem.com
talesofpirates.net
wirtshauspost.at

# Reference: https://threatfox.abuse.ch/ioc/1192015/

yvzgz.cyou

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-10-25)

http://178.250.186.15
http://185.216.70.235
http://194.49.94.113
dpav.cc
kggcp.com
lrproduct.ru
pirateking.online
piratia.pw

# Reference: https://urlhaus.abuse.ch/url/1705633/

pingosip.top

# Reference: https://twitter.com/g0njxa/status/1720391876140748838
# Reference: https://app.validin.com/axon?find=193.106.175.190&type=ip
# Reference: https://app.validin.com/axon?find=37.139.129.88&type=ip
# Reference: https://app.validin.com/axon?find=45.11.27.150&type=ip
# Reference: https://www.virustotal.com/gui/ip-address/37.139.129.88/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.215.85.209/relations
# Reference: https://www.virustotal.com/gui/file/04fd3794814871b31fef000b51e51b6c20ad7646b3c74a585a668f95cf14fa06/detection
# Reference: https://www.virustotal.com/gui/file/0ef16bb45f1c63be6a920635827e5f873076103964c817a380d538caa9bc3976/detection

http://91.92.243.151
albertwashington.art
albertwashington.icu
dl-broomcleaner.online
dl1-broomcleaner.online
dl2-broomcleaner.online
dl54-broomcleaner.icu
dl85-broomcleaner.icu
dl86-broomcleaner.icu
dl87-broomcleaner.icu
fdjbgkhjrpfvsdf.online
lrefjviufewmcd.org
medfioytrkdkcodlskeej.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-11-04)

againandagaingmorder.ru
antidomen.by
cafewithcraftbeer.ru
colbasaibliny.ru
etovamnepomozhet.ru
foodplacecafe.by
mymozhemesche.ru
myvasocheunlyubim.ru
narkotikizlo.ru
nekuritebambuk.ru
pozvonimnepozvoni.ru
propertyofiranmy.ir
spasibozavsedruziya.ru
sportlotovukraine.ru
vseochenxorosho.ru
vymnenravites.by
ximpromooo.ru
yavashakrysha.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-11-08)

http://163.5.169.23
dnalnoomnus.ru
kkudndkwatnfevcaqeefytqnh.top
nnzqahmamqucusarjveovbuyt.cyou
uohhunkmnfhbimtagizqgwpmv.to
whxzqkbbtzvdyxdeseoiyujzs.co

# Reference: https://www.virustotal.com/gui/file/02a8f44506f086128b18c4efb473c58406026d467f4fdcad07c5d02ffe97df47/detection

bobkelsofan.com
experiment.pw
flyawayaero.net
laubenstein.space
m7val1dat0r.info
potatogoose.com
rawcracker.com

# Reference: https://threatfox.abuse.ch/ioc/1201234/

http://5.42.92.190

# Reference: https://www.virustotal.com/gui/file/2aa3c6dd94498a7a640f8c4aef123024be8edc16d77da79f84354339aff235b3/detection

etiquetaspiura.com

# Reference: https://www.virustotal.com/gui/file/d4b5b8369e830681facb4ab0457bee049829f57e7217351f028380d96abd6cb2/detection

http://31.14.41.237

# Reference: https://www.virustotal.com/gui/file/fa90294c2cd7c12d68524c55cc5ed0e3276d0a7bbce8fedec1e0cf679e521298/detection

merchentusindiajute.com

# Reference: https://www.virustotal.com/gui/ip-address/2.88.130.57/relations
# Reference: https://www.virustotal.com/gui/file/fa90294c2cd7c12d68524c55cc5ed0e3276d0a7bbce8fedec1e0cf679e521298/detection

brusuax.com
shohetrc.com
tceducn.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.privateloader/ (# 2023-11-25)

http://185.117.75.107
http://185.183.96.10
http://185.198.57.70
http://185.45.192.107
http://185.45.192.112
http://185.45.192.24
http://185.45.192.74
http://185.45.193.182
http://185.82.200.15
http://185.82.200.93
http://185.82.202.126
http://193.37.71.56
http://213.248.43.34
http://213.248.43.99
http://80.66.89.151
http://88.198.194.33
http://91.92.252.232

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-11-25)

humydrole.com
trunk-co.ru
weareelight.com

# Reference: https://cert.gov.ua/article/6276584

cafeteriumups.ru
downloadrezerves.ru
monopoliafromyou.ru
superdadymster.ru
unayt.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2023-12-04)
# Reference: https://www.virustotal.com/gui/file/04972d71f8aff1fbb496c59d25003c3782e0d98b3a4634c6cf52d6f769bea097/detection

http://194.49.94.120
http://194.49.94.145
http://194.49.94.210
fpodsp0532xc.com
gucc352093520.com
legdfls2369.com

# Reference: https://threatfox.abuse.ch/ioc/1210657/

http://81.19.131.34

# Reference: https://twitter.com/ULTRAFRAUD/status/1735023846976098350

http://109.186.217.138

# Reference: https://www.virustotal.com/gui/file/82879c42f648e0c4324ad4d8c5c64dcdd19c9a19c0a76974612ff9eab4157b12/detection

olivehr.co.za

# Reference: https://www.virustotal.com/gui/file/03d5d2824dc08cbc7269df2894690a83abf3be78d493dcdc381b457dd54f358d/detection

http://185.215.113.68

# Reference: https://www.virustotal.com/gui/file/7b9c1aa81aef60c0b403ff3859fc4c6be0b48fb56e1a4456f42ed0da84941993/detection

2shbdjfksf2.monster
onlinedownloadsyouapp.online

# Reference: https://www.virustotal.com/gui/file/30f5564e58d11d68bb6f8f01c745a9e60f2dd5362534c7c959868d9d554e86e5/detection

http://185.215.113.58

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2024-01-03)

buriatiarutuhuob.net
cassiosssionunu.me
channelpi.com
cittrans.ru
goodfooggooftool.net
gxutc2c.com
lovelyloversbouuyrs.net
lumustruoues.net
mth.com.ua
opengamerstypepsy.net
proekt8.ru
rakutenmakutern.net
reitaust.com
selebration17io.io
sindusyndy.net
sinuptinulium.net
stanystarysturu.net
sulugilioiu19.net
thethuthe3.net
tybytimemunutere.net
vacantion18ffeu.cc
valarioulinity1.net

# Reference: https://www.virustotal.com/gui/file/87b9a298088ed30406e897f152ad34f0e3e50bce09b317a50286a81cbc7913fd/detection

http://77.105.147.130

# Reference: https://asec.ahnlab.com/en/60703/

agropromnubilon.ru
avicilombio.ru
civilomicanko.ru
germagosuplos.ru
limanopostserver.ru
lumangilocino.ru
niconicalucans.ru
numbilonautoparts.ru
specvestniknuk.ru
specvigoslik.ru

# Reference: https://twitter.com/Cyber0verload/status/1754918473384259987
# Reference: https://www.virustotal.com/gui/ip-address/193.233.193.14/relations
# Reference: https://www.virustotal.com/gui/file/4841be428d00d29ab878fda23850d948bc2d12eefb31621c0272e301d95bbc7f/detection

homemademagazine.ru
kitfishstore.ru
postapocalipsisumt.ru

# Reference: https://www.virustotal.com/gui/file/3e5d00a0c1631e94b08f8fa84145748f5616662a89e2c0b4d5df3dba864b217c/detection

82.115.223.228:88

# Reference: https://www.virustotal.com/gui/domain/emgvod.com/relations
# Reference: https://urlhaus.abuse.ch/host/emgvod.com/

emgvod.com

# Reference: https://www.virustotal.com/gui/file/04d12cc5a6230ead14384094c83fc9ccebf022013f561dd661a6ef8fb61ac286/detection

blogserv279.club
blogspace14.com
dsmail94x.xyz
kxserv250.club
servicem977.club

# Reference: https://farghlymal.github.io/SmokeLoader-Analysis/

http://95.217.43.206
planilhasvbap.com.br
rixoxeu9.top

# Reference: https://www.virustotal.com/gui/file/cc153440791a534326d7c57871f9443b533b4cbeb4b693df58ce9b6ef137cc62/detection

trad-einmyus.com

# Reference: https://www.virustotal.com/gui/file/06131f2cd9146fb3ae32fbe272a33214c3258ec9a3636cea42d2aa7b26b85e3e/detection

dofuly.info
slim.dofuly.info

# Reference: https://www.virustotal.com/gui/file/d8f1979b2b2a3d59db7716e40738d5d2a3d557055831e54f8e1f52079dd04aa5/detection

voxel.dofuly.info

# Reference: https://www.virustotal.com/gui/file/c54dec8c6c088c7b13267214dbc9ecb2f1e7aa3883e5bc4abe80accc83d32131/detection

foxcyan.com
cool.foxcyan.com

# Reference: https://www.virustotal.com/gui/file/7860ba1f015ecc2e29a9c2aa99172c9fadd5bcde68e6f2a8a66095e88f29ff5c/detection

bestsup.su
midnight.bestsup.su

# Reference: https://www.virustotal.com/gui/file/540a78159878e8c97bb15530b7a1959b3f5b407f2adbf3ffded92daf51fc24bf/detection

namemail.org
shipofdestiny.com

# Reference: https://www.virustotal.com/gui/file/3c3fcc09bcc385c0b3f4ec53a4997a8402dfb35ff0ee0c73cf59b40da068a212/detection

namecloudvideo.org
shipbank.org

# Reference: https://www.virustotal.com/gui/domain/himanfast.com/relations
# Reference: https://www.virustotal.com/gui/file/00795fd116664aa99d122668342bf042bb4229529e8928d43581fdf5f74a49ae/detection

himanfast.com
api.himanfast.com
forest.himanfast.com
pic.himanfast.com
sl.himanfast.com

# Reference: https://scpc.gov.ua/api/files/8e300d33-6257-4d7f-8f72-457224268343 (# UAC-0006)

82privathostel.ru
cafesupergeroy13.ru
druigvsegdaryadom.ir
hipermomentum7.ru
istericaoperamus.ru
kartoshenkocaferest.ru
limpopo365year.ru
popuasyvsegda.ru
privathostel.ru
restoranguliuyuli.ru
spasibosaunaibanya.by
specagendcafemsk.ru
vilimonstertut.ru
yalublyukartoshku.by
zaletelicaferestoran.ru

# Reference: https://www.virustotal.com/gui/file/325c04a1ba8998e3d443615fee2642daaa48a3a7d8e4aa0425058e20f144ab71/detection

http://135.181.226.134
carsalessystem.com

# Reference: https://www.virustotal.com/gui/file/69f5c3e085c768e07e35c6b66d2c95aff939eb52affefb8fc4d28d4ae50ae792/detection

http://93.115.25.10
http://93.115.25.13
http://93.115.25.49
http://93.115.25.73

# Reference: https://www.virustotal.com/gui/file/fd1d5fec8f62cc15205b91cffeafc3b97312882fe31a69c517020ea9db325d2d/detection

dichvuthe247.top

# Reference: https://twitter.com/Gi7w0rm/status/1787191908298612783
# Reference: https://tria.ge/240405-rxhzdafa43/behavioral1

http://80.66.81.208

# Reference: https://twitter.com/alex_lanstein/status/1790004557696659522
# Reference: https://www.virustotal.com/gui/file/57422d7d2c86a15aac59f4d8cda193090c7d7d8b5f4e36dcfcc940fc72daed88/detection

fackyourus8684.site

# Reference: https://x.com/alex_lanstein/status/1792910064027648273
# Reference: https://x.com/alex_lanstein/status/1792910915358105968
# Reference: https://www.virustotal.com/gui/ip-address/31.44.6.84/relations
# Reference: https://www.virustotal.com/gui/file/96e1fc4906cb79eab198dc76dbed47afc5855d26be0ca37910f8359b2683aef0/detection

rafraystore.ru

# Reference: https://cert.gov.ua/article/6279366

agentsuperpupervinil.ru
ccbaminumpot.ru
picwalldoor.ru
sephoraofficetz.ru
vikompalion.ru
vivianstyler.ru

# Reference: https://www.virustotal.com/gui/file/e158171cee1cd932a42f0fc480644b6098e541108f0dab559d2b161a5daba63c/detection

dbfhns.in
greendag.ru
guteyr.cc
a0986499.xsph.ru

# Reference: https://medium.com/@Intel_Ops/phobos-ransomware-analysing-associated-infrastructure-used-by-8base-646560302a8d

admlogs85.xyz
admxlogs215.xyz
admxlogs25.xyz
advserv.xyz
amx395.xyz
blogserv.xyz
gentexlog238.xyz
mentran450.xyz
mexstat.pro
mktrex219.xyz
mxtmx.xyz
mxzex322.xyz
piserver22.net
privat1505.xyz
samnex158.xyz
zopte234.xyz
zxmextog23.xyz
zxvad95.xyz

# Reference: https://www.virustotal.com/gui/file/034726d9f17c87593110acedd6c4bb6ebdc65cc188df873fb51f7aceaa108cda/detection

5aafb734311f9709.xyz
a91e4d615c3fed7a.xyz
ba2fe24a94118f9e.club

# Reference: https://x.com/naumovax/status/1805250614995066997
# Reference: https://tria.ge/231107-vt8bmscc7z/behavioral1

http://193.37.71.131

# Reference: https://x.com/c_APT_ure/status/1805572570323784114
# Reference: https://www.virustotal.com/gui/file/7bc2536f2b4f69cb20c0d7f996aaedafab15cf4d73f54792e74ac72be3ecf01f/detection

http://172.86.105.109
/ups/Snup.bat

# Reference: https://www.virustotal.com/gui/file/b357c7f065b1cb7f07c91097794424d1aecb6356893798eb4a6ee138ee87bfa0/detection

ellaboratepwsz.xyz
pedestriankodwu.xyz
penetratedpoopp.xyz
swellfrrgwwos.xyz
towerxxuytwi.xyz

# Reference: https://app.validin.com/detail?find=173.255.204.62&type=ip4&ref_id=04a1ac2c8a9#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/1e7fb39c52ba502920d98374e0cdf8a2447c737bd0b88c06839e81be3a751688/detection

cx5519.com
evilos.cc
gebeus.ru
geotravelsgi.xyz
office-techs.biz

# Reference: https://x.com/raghav127001/status/1820237011761926208
# Reference: https://www.virustotal.com/gui/file/abdf746e4c16ddc86d74533bd0e4d724ab4f45e81f0139a03c00bfb152139aab/detection

http://91.92.242.16
admlogs475.xyz
bloglogs275.xyz
blogmstat575.xyz
demblog755.xyz
servblog455.xyz
serverlogs275.xyz

# Reference: https://www.virustotal.com/gui/file/0017c10d57b9cb90cf9aba8b1d9085995c841fb65ca3680ebcb9876bfbe8cc49/detection

moonloaderupdate.ru

# Reference: https://x.com/g0njxa/status/1828882353596559534
# Reference: https://app.any.run/tasks/0769140e-987d-49b5-8153-ba254187ac70/

http://77.73.129.64
/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms

# Reference: https://www.virustotal.com/gui/ip-address/147.45.125.198/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.156.72.78/relations
# Reference: https://www.virustotal.com/gui/file/e90e3104a90a1e407b82eaeb3f5da46bf02732e02d1ff28a3e9f20a4cbeac4fa/detection
# Reference: https://www.virustotal.com/gui/file/05c142da3ae4cf8bf84604ee5206aba25891115fdef1f08381967b0587682ace/detection
# Reference: https://www.virustotal.com/gui/file/11ff2fb196c2c778d30dcbcfa9f565efec12ea2c21a0637fa9a53e5cf9a45610/detection
# Reference: https://www.virustotal.com/gui/file/2280e1df8b5bc1e4456606c151b3bdc259cd693488d86eac9418a741fe899b25/detection
# Reference: https://www.virustotal.com/gui/file/21250f53ad27ca1cffb175b02f364dd2a68067de25fdd9237f75ebb100558da5/detection
# Reference: https://www.virustotal.com/gui/file/4ba2014ad66c7560d294685ff8d94f87e08b6f1ea4a0210ea8bdca1b736bd3a5/detection

http://185.156.72.78
alfacentarusmulticopter.ru
bigormisfromnep.ru
biolaboratoryininternet.ru
davepz.top
dodpizza.xyz
expertconstraction.ru
expertpromotions.ru
fimdocuspon.ru
hipotolamusaremus.ru
incomenitoxcert.ru
johnfabiconinteraption.ru
moyapochtafrommycountry.ru
revececoordinatemain.ru
simplemodulefocemocus.ru
storeagroculturnaya.ru
systemcctvunderworldstp.ru
ukr-net-download-files-servermanager.ru
ukr-net-files-download-redirection-manager-server.ru
ukr-net-files-download-redirection-manager-ukr-net.ru
ukr-net-files-download-redirection-manager.ru
ukr-net-files-loading-application.ru
api.hipotolamusaremus.ru
dev.hipotolamusaremus.ru
fru.davepz.top
m9b.davepz.top
yw6.davepz.top

# Reference: https://x.com/cyberfeeddigest/status/1833929240099869168
# Reference: https://www.virustotal.com/gui/file/cee3ac99fb4fc11130707fb5fedaa2489f8a114385f4cddd8857952f0581a2ad/detection
# Reference: https://www.virustotal.com/gui/file/5deff829cc94b2231bfd85695d667ee87a31f311bf412ea48445c3bb2370e2d5/detection

haporproletioperavivo.ru

# Reference: https://threatfox.abuse.ch/browse/malware/win.smokeloader/ (# 2024-09-22)

epohe.ru
nusdhj.ws
nwgrus.ru
olihonols.in.net
wshcnsd.xyz
yosoborno.com

# Reference: https://medium.com/walmartglobaltech/diving-into-rilide-02684e540b48

jftolsa.ws
nicetolosv.xyz

# Reference: https://x.com/StrikeReadyLabs/status/1841120654680097028
# Reference: https://www.virustotal.com/gui/ip-address/45.143.201.14/relations
# Reference: https://www.virustotal.com/gui/file/9b5b32e97fe50bcb986c6cfd85aced20c6de425cc646a648bf42224ab58aba60/detection

bestmagazineforanimalsunicum.ru
goodmastersportunicum.ru
ukr-netfilediscdownloadapplication.ru
unicexpertmagazine.pw

# Reference: https://www.virustotal.com/gui/file/4565d915440b5bab8672208a15d9a1f90f2c6e78dcac6fa08ba9968e1f94c948/detection

http://212.193.4.66

# Reference: https://app.validin.com/detail?find=46.173.218.226&type=ip4&ref_id=ea8c5332a62#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/2362761a52c2e4e146b2adb74262cfe2f32805a2cdd0c8f2553d9aaa2dff09f4/detection

gobpanelhost.com
myphotobase1.com

# Reference: https://app.validin.com/detail?find=46.173.218.226&type=ip4&ref_id=ea8c5332a62#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/11208fb0fa2bd84e6a3adac59b108e43ad64685aafff3894f25b5e826396e102/detection

login-brex.com
polopics-upload.com

# Reference: https://x.com/JAMESWT_MHT/status/1869745921606779208
# Reference: https://www.virustotal.com/gui/ip-address/94.156.177.51/relations
# Reference: https://app.any.run/tasks/5469404d-e9dd-4c23-8bcf-dc57bf67a11a

connecticutproperty.ru
constractionscity1991.lat
oncomnigos.ru
restructurisationservice.ru
spotcarservice.ru
ns1.constractionscity1991.lat
ns2.constractionscity1991.lat
ns3.constractionscity1991.lat
ns4.constractionscity1991.lat

# Reference: https://x.com/JAMESWT_MHT/status/1880217865028268514
# Reference: https://www.virustotal.com/gui/ip-address/94.156.177.72/relations
# Reference: https://www.virustotal.com/gui/file/02b396e48e9b1b6c50158284ea5736be86b91e48695f980694c9c63cfe43dfb8/detection

http://94.156.177.72
consultationoffice.ru
downloadmanager.ru
fileexportinc.ru
metamask-security.info
systemkeitaro.ru

# Reference: https://x.com/gothburz/status/1886800745590096249
# Reference: https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html

lazaretmed.pw
oncomnigos.online
southlander.ru
technoads.pw
unicalads.ru

# Reference: https://www.cloudsek.com/blog/getsmoked-uac-0006-returns-with-smokeloader-targeting-ukraines-largest-state-owned-bank

http://89.23.107.219
3-zak-media.de
cityutl.ru
/fdjskf88cvt/

# Reference: https://x.com/malwrhunterteam/status/1890310409392947659

http://94.156.177.155

# Reference: https://x.com/DaveLikesMalwre/status/1891550284142547336
# Reference: https://app.any.run/tasks/f6040863-227b-41ea-b7fa-fae3fd7fc7c4
# Reference: https://www.virustotal.com/gui/file/b42638a2d04d8f5bb64d9cabb6dadadf8922891e0b7a7492e5d5d39fd05798eb/detection
# Reference: https://www.virustotal.com/gui/file/a4113937825a504bce4b15efa954f980c8e7560d23aefedc2322810b117ccc3b/detection
# Reference: https://www.virustotal.com/gui/file/38968a8f0cc0f965f18aa0a1adc2ae6ceefef65b893b0c5b216fc6a781e15d2e/detection

http://94.103.125.110
bunnieharlanbarack.com
doorwooden.online
historli.ru
josefmannjewell.com
nmvhf.com
smartservers25.com
uacert-onukr.com
uaonline-savukr.xyz
ukr-gov-idua.com
ukrbord-uacom.com
ukrulruabank.pro
viplataukraine.com
/krustpaperbot1
/krustpaperjre

# Reference: https://x.com/skocherhan/status/1897129405278716347
# Reference: https://www.virustotal.com/gui/file/35bf9dfd223e02da2ee3d57ec493156787a3c2cecb8b655a583985a2f14cc6e3/detection

lindex24.ru
llcbc.org
movlat.com
qeqei.xyz

# Reference: https://x.com/skocherhan/status/1923739071064543353
# Reference: https://www.virustotal.com/gui/ip-address/185.156.72.196/relations
# Reference: https://www.virustotal.com/gui/file/8eb08322033f193a5e7ea16d83c0cd324efaaab628fb245bdb27f6977c2a6d86/detection

http://185.156.72.196

# Reference: https://x.com/skocherhan/status/1925729581354385723

tronsstatistiks.dev

# Reference: https://x.com/skocherhan/status/1941030364543426634
# Reference: https://www.virustotal.com/gui/ip-address/77.90.153.141/relations
# Reference: https://www.virustotal.com/gui/file/7282004c0d02019b16529ab753202f521dde539bc58083c3658d459398c6e514/detection

loveharmony.live

# Reference: https://www.virustotal.com/gui/file/0020d4df86d5fc878cdf9f071d1fd10821335649eaf1f39a1f891b6c0769b6fe/detection

privacy-tools-for-you-792.com

# Reference: https://www.virustotal.com/gui/file/0393698f1855bd7de3dc52196cee6734ab3b77ff2570a27d49851060a45b0b43/detection

privacy-tools-for-you-793.com

# Reference: https://www.virustotal.com/gui/file/008830c5e7ae84eb28836568dbca222d29b4442e3134bf4f49c02686b48e09bf/detection

privacy-tools-for-you-794.com

# Reference: https://www.zscaler.com/blogs/security-research/smokeloader-rises-ashes
# Reference: https://www.virustotal.com/gui/file/49af6dca52d73cf4600379f9df734740ceb4f4d8c2ed419ee582f4441c32fe5f/detection

http://176.46.152.46
http://178.16.53.7
ardt.info
cobyrose.com
cusnick.com
dfbdw3tyge.info/tmp
dfbdw3tyge.info
disciply.nl
e-bonds.ru
es-koerier.nl
ownmbaego.com
solanges.info
udlg.nl

# Reference: https://x.com/banthisguy9349/status/1969775396087284095
# Reference: https://threatfox.abuse.ch/browse/tag/SmartLoader/ (# 2025-09-22)

http://141.98.6.56
http://146.19.128.146
http://150.241.105.82
http://150.241.108.62
http://159.255.37.200
http://178.236.243.5
http://185.159.130.173
http://185.170.153.121
http://185.170.153.243
http://185.184.122.38
http://185.184.122.75
http://185.184.123.138
http://193.23.200.19
http://193.23.200.26
http://193.23.200.78
http://193.233.126.91
http://193.233.16.35
http://213.176.72.47
http://213.176.73.34
http://213.176.73.72
http://213.176.73.80
http://217.119.129.21
http://77.105.164.178
http://77.105.164.40
http://77.105.164.59
http://77.105.164.65
http://80.66.81.11
http://80.66.81.134
http://80.66.85.195
http://80.66.89.146
http://80.66.89.161
http://80.66.89.165
http://87.120.36.50
http://89.169.12.115
http://89.169.12.119
http://89.169.12.122
http://89.169.12.179
http://89.169.12.42
http://89.169.12.78
http://89.169.13.160
http://89.169.13.187
http://89.169.13.215
http://89.169.13.30
http://91.196.32.114
http://91.196.32.121
http://91.196.33.27
http://91.196.33.33
http://91.196.34.17
http://91.196.34.40
http://92.42.96.203
http://94.156.114.56
http://94.156.154.121
http://94.156.154.177
http://94.156.155.34
http://95.164.53.100
http://95.164.53.26
http://95.164.53.45
http://95.164.55.93
141.98.6.56:443
146.19.128.146:443
150.241.105.82:443
150.241.108.62:443
159.255.37.200:443
178.236.243.5:443
185.159.130.173:443
185.170.153.121:443
185.170.153.243:443
185.184.122.38:443
185.184.122.75:443
185.184.123.138:443
193.23.200.19:443
193.23.200.26:443
193.23.200.78:443
193.233.126.91:443
193.233.16.35:443
212.193.4.66:443
213.176.72.47:443
213.176.73.34:443
213.176.73.72:443
213.176.73.80:443
217.119.129.21:443
77.105.164.178:443
77.105.164.40:443
77.105.164.59:443
77.105.164.65:443
77.91.77.144:443
80.66.81.11:443
80.66.81.134:443
80.66.85.195:443
80.66.89.146:443
80.66.89.161:443
80.66.89.165:443
87.120.36.50:443
89.169.12.115:443
89.169.12.119:443
89.169.12.122:443
89.169.12.179:443
89.169.12.42:443
89.169.12.78:443
89.169.13.160:443
89.169.13.187:443
89.169.13.215:443
89.169.13.30:443
91.196.32.114:443
91.196.32.121:443
91.196.33.27:443
91.196.33.33:443
91.196.34.17:443
91.196.34.40:443
92.42.96.203:443
94.156.114.56:443
94.156.154.121:443
94.156.154.177:443
94.156.155.34:443
95.164.53.100:443
95.164.53.26:443
95.164.53.45:443
95.164.55.93:443
aproxy.app
layer1.icu
proxy1.icu

# Generic trails

/advlogs9579/index.php
/advlogs95/index.php
/blogpics17/index.php
/bgstat60943/index.php
/logstat95/index.php
/logstatx77/index.php
/serverlogs29/index.php
/serverstat315/index.php
/statweb255/index.php
/statweb577/index.php
/statweb77/index.php
/statweb955/index.php
/advlogs9579/
/advlogs95/
/blogpics17/
/bgstat60943/
/logstat95/
/logstatx77/
/serverlogs29/
/serverstat315/
/statweb255/
/statweb577/
/statweb77/
/statweb955/
/grabberRules
/ldx777mx.exe
