# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Artilllerie/status/1115258738368294913

/rnm226.php
/rnm238.php

# Reference: https://twitter.com/malware_traffic/status/732996960953622528

/xtrfgdb7.php

# Reference: https://twitter.com/malware_traffic/status/723237083851022337

/ckjvgphz.php

# Reference: https://twitter.com/teoseller/status/648537487397289984

/ajuno.php

# Reference: https://twitter.com/malware_traffic/status/1138999824613687298

http://80.85.155.70
work.a-poster.info

# Reference: https://twitter.com/VK_Intel/status/1139926661162512384
# Reference: https://github.com/k-vitali/Malware-Misc-RE/blob/master/2019-06-14-tofsee-spambot-modules.notes.vk.txt

/pchfv.php
144.76.199.2:416
144.76.199.43:416
176.111.49.43:416
46.4.52.109:416
85.25.119.25:416

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Malware.Tofsee-7090196-1)

gordinka.xyz

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html (# Win.Malware.Tofsee-7349716-1)

nekfad.xyz
ponedobla.bit

# Reference: https://www.virustotal.com/gui/file/4de062a251b1b38575f8e815823b27f05e8a8eba69aec44b89bfa5a88155c747/detection

/vbyjqfw.php
/dhmuswvy.php
/bvmrgqc.php
/codfxpwuq.php
/psfyclat.php
/qxxrym.php
/frwxpvpm.php
/rusehw.php
/hmrlyx.php
/ckhadxg.php
/sslkzbml.php
/mwwqjy.php
/hrlaguph.php

# Reference: https://www.virustotal.com/gui/ip-address/51.91.31.87/relations
# Reference: https://www.virustotal.com/gui/file/b0a8c4f50a4fbddd68c67fd25f04c72c8bc82164c4cc1c63773b48d51194173b/detection
# Reference: https://www.virustotal.com/gui/file/8294d7ef6650dda837626df88d3af1f4ae21440ee5a85e3cdf9222baacea5583/detection

51.91.31.87:13333

# Reference: https://www.virustotal.com/gui/file/0de56d003ad4b2ec2b3baefc186761c0d6e7ecc957cee322b337d8317ccfdeab/detection

93.171.200.64:35000

# Reference: https://www.virustotal.com/gui/ip-address/45.128.204.56/relations

45.128.204.56:8087

# Reference: https://www.virustotal.com/gui/file/71ac7ffe233607924e6475dc2537d28a1647e78fd0e2d85f3af8760e87009e06/detection

176.9.114.177:416
188.165.238.150:416
46.28.66.2:416
78.31.67.23:416
93.179.69.109:416

# Reference: https://www.virustotal.com/gui/file/c77be7705adde8882fe9b8d2ae1120ffc978ce8993c39a1b908a595c34a44f62/detection

176.9.114.177:419
188.165.238.150:419
46.28.66.2:419
46.4.52.109:419
78.31.67.23:419
93.179.69.109:419

# Reference: https://www.virustotal.com/gui/file/401defb46887dfb03a9359ebbb257f228204b5bdbc669e1f6e48a2390ffe7737/detection

176.9.114.177:418
188.165.238.150:418
46.28.66.2:418
46.4.52.109:418
78.31.67.23:418
93.179.69.109:418

# Reference: https://www.virustotal.com/gui/file/abfe24e0c4203696a78fce0947d0badb0add61798317346d6d68942330c7ad16/detection

176.9.114.177:420
188.165.238.150:420
46.28.66.2:420
46.4.52.109:420
78.31.67.23:420
93.179.69.109:420

# Reference: 	https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html (# Win.Packed.Tofsee-7586819-1)

bestladies.cn
bestdates.cn
bestgirlsdates.cn
sex-finder4you1.com

# Reference: https://www.virustotal.com/gui/file/29ddb2d3b572e9d87505f655c114f35acb083d726c73c1e4ee3a796302960f3c/detection

43.231.4.7:443
85.114.134.88:486
sex-finder4you4.com

# Reference: https://www.virustotal.com/gui/file/ea9a07e2c8c8bae733c472099b4a8819ecb035d978ae10fb12de0162192ec241/detection

85.114.134.88:487

# Reference: https://www.virustotal.com/gui/file/94b9e7576fdb55902edf135d96a5d0bf48886753d4e236fc9ae77e53b5ccea36/detection

176.9.114.177:423
188.165.238.150:423
46.28.66.2:423
46.4.52.109:423
78.31.67.23:423
93.179.69.109:423

# Reference: https://www.virustotal.com/gui/ip-address/176.119.28.112/relations
# Reference: https://www.virustotal.com/gui/file/37f4c5a020461568f4870b7f55be47911575fe3ea45e8ed893f5dd47134ce5cf/detection

176.119.28.112:3333

# Reference: https://www.virustotal.com/gui/file/31cc99bdafbb1cca9fbc8ed4e909cc087471eb3ecb3343c1d5e5ee2467398032/detection

32ggswww2.info
jssbwtgssq.com
rwsb3tsgw.xyz
vyefb543.ru

# Reference: https://www.virustotal.com/gui/file/56742b2b280832be53db097ffc3cf69947588f367627151198938d683ed0afee/detection

45.126.183.208:8087

# Reference: https://www.virustotal.com/gui/file/46d510e878697c063192b6ae34af6f61e1324e94fd8dd8d4d32f1cf4966824aa/detection

176.9.114.177:417
188.165.238.150:417
46.28.66.2:417
46.4.52.109:417
78.31.67.23:417
85.114.134.88:481
93.179.69.109:417

# Reference: https://www.virustotal.com/gui/file/79aa41afc62c74ad0bad77400a6bf8a950128b1762cbf18d4ae83fc8de2a61b5/detection

144.76.173.210:5595

# Reference: https://www.virustotal.com/gui/file/9ad58966c6dbcada05cd1d7b802af1b3643c91bb62921e834d5440d14bc5ca9c/detection

176.9.114.177:430
188.165.238.150:430
46.28.66.2:430
46.4.52.109:430
78.31.67.23:430
85.114.134.88:486
93.179.69.109:430

# Reference: https://www.virustotal.com/gui/file/1dbb73d845e92a993ca73be56c987d38b7fd2921eb0fca86d8d6be3fab3a6b76/detection

185.180.196.91:25000
45.126.183.208:8087
95.181.178.17:486
144.76.199.2:422
144.76.199.43:422
176.111.49.43:422
46.4.52.109:422
85.25.119.25:422

# Reference: https://www.virustotal.com/gui/file/600a779ace9a420685a0e2b38d5302391f5732a509d691a4563d0e9d570d1cbd/detection

85.114.134.88:481
176.9.114.177:425
188.165.238.150:425
46.28.66.2:425
46.4.52.109:425
78.31.67.23:425
93.179.69.109:425

# Reference: https://www.virustotal.com/gui/file/d513c313d237d4ac514e27766b0140f18cd82f2ddef16533364457164bb6a2dc/detection

45.153.203.33:5050

# Reference: https://www.virustotal.com/gui/file/56d637b03d20f84e27caba2da1f147ff022e22f659aa26fe8e6be2cceb3cb47c/detection

fakecontact.top
heniav.xyz

# Reference: https://www.virustotal.com/gui/file/a8fd30b03500b24c3f28f24919bbad05355c837271fb4c49f6fc495afe11b9b1/detection

212.22.87.191:484

# Reference: https://www.virustotal.com/gui/domain/mx0a-0021cb01.pphosted.com/relations

mx0a-0021cb01.pphosted.com

# Reference: https://www.dragos.com/blog/industry-news/a-new-water-watering-hole/
# Reference: https://otx.alienvault.com/pulse/60a41a33d66b2282cdb15e2e

darkteam.store

# Reference: https://www.virustotal.com/gui/file/74c27d013f304005b5703dadd2d1e306b8995c5c840dc20ee2d01ea1ada2de80/detection

85.114.134.88:484

# Reference: https://www.virustotal.com/gui/file/befe9a15cfe1b2a5acd3e6935f57f1b2bd81c5b4a0a51ef58093b0c2077c952a/detection

lazystax.ru

# Reference: https://www.virustotal.com/gui/file/7157b3add71ff5e921770e829c78bf836f6864eaad12638e87007bf871c57f87/behavior/C2AE

dzydzya.biz
59.188.74.26:465
111.121.193.242:465
103.248.137.133:465
115.230.124.76:465

# Reference: https://www.virustotal.com/gui/file/411b47fa6cf20ae9f60368d9f5dd84300f4a607150c8788c8c22839631b55667/behavior/VirusTotal%20Jujubox

defeatwax.ru
193.56.146.244:480

# Reference: https://www.virustotal.com/gui/file/90f5f64f6d058a648703f5fd4875dc890ddadaa237c22e9c31fa8b2d987bab2d/behavior/C2AE

lakeflex.ru
quadoil.ru

# Reference: https://www.virustotal.com/gui/file/0229a33928016fcbd60d19563894ed028f0947f6b470c17948c05a7a26a29e9b/behavior/C2AE

refabyd.info

# Reference: https://www.virustotal.com/gui/file/bda39f9370c5cac9ccfb4bad309a6dabb92c7431aa5af0cac4cb91ac7c88443b/detection

144.76.199.2:416
144.76.199.2:417
144.76.199.2:429
144.76.199.43:416
144.76.199.43:417
144.76.199.43:429
176.111.49.43:416
176.111.49.43:417
176.111.49.43:429
185.254.190.218:484
46.4.52.109:416
46.4.52.109:417
46.4.52.109:429
5.9.32.166:481
85.25.119.25:416
85.25.119.25:417
85.25.119.25:429
93.189.41.62:8080

# Reference: https://www.virustotal.com/gui/file/55d5a5ece238cfa4e0d999c5ba0b871dbe7664ed28ebb5c5e885f6d60ddaa8d1/detection

mubrikych.top
oxxyfix.xyz

# Reference: https://www.virustotal.com/gui/file/ae56e7d113a619aba4b7a8e204bda7f345d7ea9bb9000e2a1b3288042958518c/detection

85.114.134.88:480

# Reference: https://www.virustotal.com/gui/file/70e5635f2da4c99855a33aad3a86c8124bdda23b3e1d99775d434db866fdc650/detection

185.7.214.171:431
185.7.214.210:431
185.7.214.212:431
185.7.214.213:487
45.9.20.178:431
45.9.20.179:431
45.9.20.187:431

# Reference: https://github.com/ti-research-io/ti/blob/main/DGA/Tofsee/DGALIST-Tofsee.txt

dulduld.ch
dumduma.biz
duqduqg.biz
dutdutg.ch
duuduuf.ch
duvduvc.ch
dvbdvbc.biz
dvfdvfe.biz
dvgdvgi.ch
dvhdvha.biz
dvhdvhf.ch
dvjdvjh.ch
dwadwag.ch
dwidwid.biz
dwmdwmd.biz
dwmdwmf.biz
dwmdwmj.ch
dwndwnc.biz
dwndwnc.ch
dwndwnd.biz
dwndwnd.ch
dwndwne.ch
dwodwoa.biz
dwodwob.ch
dwodwoh.ch
dwpdwpc.biz
dwpdwpd.ch
dwpdwph.ch
dwrdwrb.ch
dwrdwrc.ch
dwsdwsb.ch
dwtdwtb.biz
dwtdwtg.biz
dwtdwtj.ch
dwudwua.ch
dwudwuj.ch
dwvdwva.ch
dwvdwvg.biz
dwvdwvi.biz
dwvdwvj.biz
dwwdwwb.ch
dwxdwxb.ch
dwxdwxc.ch
dwxdwxe.ch
dwxdwxj.ch
dwydwya.ch
dwydwyf.ch
dwydwyg.biz
dwydwyj.biz
dwzdwzc.ch
dwzdwze.biz
dwzdwzf.ch
dwzdwzj.biz
dxadxaa.biz
dxadxag.biz
dxadxag.ch
dxbdxbe.biz
dxbdxbf.biz
dxbdxbg.biz
dxbdxbh.ch
dxcdxcc.ch
dxcdxcd.biz
dxddxde.ch
dxddxdg.biz
dxedxed.ch
dxedxei.ch
dxedxej.biz
dxfdxfb.biz
dxfdxfc.biz
dxfdxfd.biz
dxfdxfi.biz
dxgdxgb.biz
dxgdxgd.biz
dxgdxgh.ch
dxgdxgj.biz
dxhdxhb.biz
dxhdxhj.biz
dxidxic.biz
dxidxic.ch
dxidxie.biz
dxidxih.ch
dxjdxja.biz
dxjdxja.ch
dxjdxjg.biz
dxjdxjg.ch
dxjdxjh.biz
dxkdxkd.biz
dxkdxkf.ch
dxkdxki.biz
dxldxld.ch
dxmdxme.biz
dxndxnb.ch
dxndxnc.biz
dxndxnc.ch
dxndxnd.biz
dxndxnh.ch
dxndxnj.ch
dxodxob.biz
dxodxod.biz
dxodxoe.biz
dxpdxpc.ch
dxpdxpe.biz
dxpdxph.ch
dxqdxqc.ch
dxrdxrg.biz
dxsdxsc.biz
dxsdxsh.ch
dxsdxsj.biz
dxtdxtc.biz
dxtdxti.ch
dxudxuc.biz
dxudxui.ch
dxvdxvi.ch
dxwdxwd.ch
dxwdxwh.ch
dxwdxwi.biz
dxxdxxa.ch
dxxdxxb.ch
dxxdxxf.biz
dxxdxxi.ch
dxydxyc.ch
dxydxyg.biz
dxydxyj.ch
dxzdxzg.biz
dxzdxzh.biz
dxzdxzj.biz
dyadyae.biz
dyadyaf.ch
dyadyai.ch
dybdybc.biz
dybdybh.ch
dybdybi.ch
dybdybj.biz
dycdyca.ch
dycdycc.ch
dycdycg.biz
dycdycg.ch
dyddyda.biz
dyddydc.ch
dyddydh.ch
dyedyei.biz
dyfdyfd.ch
dyfdyfg.biz
dyfdyfj.ch
dygdygb.biz
dyhdyhi.biz
dyhdyhi.ch
dyidyic.biz
dyidyig.ch
dyjdyjb.ch
dyjdyje.ch
dyjdyjh.ch
dyjdyji.ch
dykdykb.biz
dykdykd.biz
dykdykg.biz
dyldyld.biz
dyldyld.ch
dyldyle.ch
dymdyma.biz
dymdymd.biz
dyndynh.biz
dyndyni.biz
dyodyoa.biz
dyodyoa.ch
dyodyob.biz
dypdypa.biz
dypdypc.ch
dypdypi.ch
dyqdyqa.ch
dyqdyqd.biz
dyqdyqg.biz
dyqdyqh.biz
dyqdyqi.ch
dyrdyra.biz
dyrdyrb.biz
dyrdyrd.ch
dyrdyre.biz
dyrdyrg.biz
dyrdyrh.biz
dyrdyri.ch
dysdysa.biz
dysdysa.ch
dysdysb.ch
dysdysd.ch
dysdyse.ch
dysdysg.biz
dysdysg.ch
dysdysi.ch
dysdysj.biz
dytdyth.biz
dyudyub.biz
dyudyue.biz
dyudyuf.ch
dyudyuh.biz
dyvdyvh.biz
dywdywc.ch
dywdywd.biz
dywdywe.biz
dywdywh.biz
dyxdyxj.ch
dyzdyzf.ch
dzadzah.biz
dzadzaj.ch
dzbdzbe.biz
dzcdzcj.ch
dzddzda.biz
dzddzdc.ch
dzddzde.biz
dzedzea.ch
dzedzeb.biz
dzedzef.biz
dzedzeh.biz
eaieaia.biz
eaieaia.ch
eaieaib.biz
eaieaib.ch
eaieaic.biz
eaieaic.ch
eaieaid.biz
eaieaid.ch
eaieaie.biz
eaieaie.ch
eaieaif.biz
eaieaif.ch
eaieaig.biz
eaieaig.ch
eaieaih.biz
eaieaih.ch
eaieaii.biz
eaieaii.ch
eaieaij.biz
eaieaij.ch
eajeaja.biz
eajeaja.ch
eajeajb.biz
eajeajb.ch
eajeajc.biz
eajeajc.ch
eajeajd.biz
eajeajd.ch
eajeaje.biz
eajeaje.ch
eajeajf.biz
eajeajf.ch
eajeajg.biz
eajeajg.ch
eajeajh.biz
eajeajh.ch
eajeaji.biz
eajeaji.ch
eajeajj.biz
eajeajj.ch

# Reference: https://www.virustotal.com/gui/file/6aad2d92bb7afdb29d2aebd19ed518120a975353c46ea3db1a5c2c8a1d675646/detection

144.76.199.43:423
144.76.199.2:423
176.111.49.43:423
46.4.52.109:423
85.25.119.25:423

# Reference: https://www.virustotal.com/gui/file/05343a42626ec21c12c2e642814860efe16284278e6fd595d2efcae0647b4c0d/detection

185.215.113.71:416
185.244.41.146:416
185.7.214.171:416
185.7.214.210:416
185.7.214.212:416
91.243.44.11:416

# Reference: https://www.virustotal.com/gui/file/5a962e6116bde82aa809719f0b1872fa7b1d6a477cc915528ee5d06cea4c1b75/detection

185.7.214.171:429
185.7.214.210:429
185.7.214.212:429
45.9.20.187:429
45.9.20.178:429
45.9.20.179:429
193.56.146.146:485

# Reference: https://www.virustotal.com/gui/file/f4b9f542dfee6f40bb239c0d47296672c37d15521322b78e53daa9d7d399eebf/detection

185.215.113.71:421
185.244.41.156:421
185.7.214.171:421
185.7.214.210:421
185.7.214.212:421
185.7.214.51:485
91.243.33.4:421
763655-cs37094.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/a7ee420fd3a477e690dab56f47b264dd6c8376941101065d6645716bbf4b6333/detection

185.215.113.71:425
185.244.41.156:425
185.7.214.171:425
185.7.214.210:425
185.7.214.212:425
185.7.214.51:481
91.243.33.4:425

# Reference: https://www.virustotal.com/gui/file/bff743d7d127f7ebb99f8f4560682c6428ffec0fe04e5c74ef7e987e54069b5b/detection

185.253.219.200:424
193.56.146.41:424
193.56.146.42:424
193.56.146.43:424
193.56.146.188:480
51.158.144.223:424
91.219.63.95:424

# Reference: https://www.virustotal.com/gui/file/2e56f46ade294f995ba0b40cb333193d967b4239547e7b4ea4b9b6bd896df394/detection

192.162.246.7:422
193.56.146.40:486
193.56.146.41:422
193.56.146.42:422
193.56.146.43:422
95.216.195.92:422

# Reference: https://www.virustotal.com/gui/file/5e0c288cbbfcf3d42a11b380eae2eb7d2cc9d4406ea09515f7512318df701221/detection

185.244.41.146:430
185.215.113.71:430
185.7.214.51:486
185.7.214.171:430
185.7.214.210:430
185.7.214.212:430
91.243.33.3:430

# Reference: https://www.virustotal.com/gui/file/8137f7ea287ebfce0b9663ba126fd0e117e15d566c59412abc8929566f8cfb9d/detection

148.251.137.62:10281

# Reference: https://www.virustotal.com/gui/file/10015424deb6bd49a26cb72e2ce8386f943dd2862b6bd2c33859e8ac9de4598d/detection

144.76.199.2:423
144.76.199.2:426
144.76.199.43:423
144.76.199.43:426
176.111.49.43:423
176.111.49.43:426
46.4.52.109:423
46.4.52.109:426
85.25.119.25:423
85.25.119.25:426
91.203.5.169:8087
94.23.27.38:482

# Reference: https://www.virustotal.com/gui/file/469e4aa1e6b4a0f29376943c9971946004292629f8a79820075bcb967c502aeb/detection

103.93.124.134:8087
95.181.178.17:480

# Reference: https://www.virustotal.com/gui/file/68e6fa2b60b3156318e1ff86510c56ce5d3e79936d9f4483980f8a509cd05b87/detection

193.56.146.188:484

# Reference: https://www.virustotal.com/gui/file/059b66dbf14b0ca82b30eb2799e29d0ce354a869a97c47cf5488d626ce3f7b87/detection

144.76.199.2:427
144.76.199.43:427
176.111.49.43:427
46.4.52.109:427
85.25.119.25:427
95.181.178.17:483

# Reference: https://www.virustotal.com/gui/file/79f5e36118066944dee611871702de84cf23d51af939837f5e86c4e384ad8db9/detection

144.76.199.2:428
144.76.199.43:428
176.111.49.43:428
46.4.52.109:428
78.31.67.189:484
85.25.119.25:428

# Reference: https://www.virustotal.com/gui/file/868dc7b2ec8a701555cea7f0707e26b5f4393b9d81b2c4f7884f9a4e271c3cd4/detection

144.76.199.2:420
176.111.49.43:420
190.2.131.101:420
46.4.52.109:420
85.25.119.25:420
93.179.68.4:420

# Reference: https://www.virustotal.com/gui/file/8a95fcea2d9784112668258efcce0a1c32152c829daa769d75ed4a8396ff0924/detection

144.76.199.2:429
144.76.199.43:429
176.111.49.43:429
46.4.52.109:429
85.25.119.25:429
95.181.178.17:485

# Reference: https://www.virustotal.com/gui/file/a9a6c638dce713e776dca8e1831f0483e7172957e24326211d30b39d415534a0/detection

185.7.214.171:423
185.7.214.210:423
185.7.214.212:423
45.9.20.178:423
45.9.20.179:423
45.9.20.187:423

# Reference: https://www.virustotal.com/gui/file/ce888f35283c4bc30768f6643c37606a0ee0825da4836bf9374dd5518f6f1e4b/detection

interestourflash.info
seameansto.info

# Reference: https://tria.ge/220924-rwrvwscgdk/behavioral2

176.113.115.153:426
176.113.115.154:426
176.113.115.155:426
176.113.115.156:426
176.113.115.157:426

# Reference: https://www.virustotal.com/gui/file/23941746340e89fb699e4ecec106fbfd40186fc5b483bf72d82d5d5a2706863f/detection

176.113.115.153:423
176.113.115.154:423
176.113.115.155:423
176.113.115.156:423
176.113.115.157:423

# Reference: https://www.virustotal.com/gui/file/c075fd44d38604c5990bb1b273c173a97ab7b6c45063efa3393a81d593f78a20/detection

144.76.199.43:420
85.25.185.229:484

# Reference: https://www.virustotal.com/gui/file/0d018bef7dc5e274d5589cd9af8e49419cbf52bdfb9cd7d19e480c63263f9dd6/detection

185.215.113.38:423
185.244.41.156:423
91.243.33.5:423

# Reference: https://www.virustotal.com/gui/file/013b3f6f49d38432a8e11feb5dfc685b358f4eee8ee80aac1b263559ed258706/detection

130.0.232.208:417
130.0.232.208:428
144.76.108.82:417
144.76.108.82:428
185.253.217.20:417
185.253.217.20:428
217.172.179.54:417
217.172.179.54:428
45.90.34.87:417
45.90.34.87:428
5.9.72.48:417
5.9.72.48:428
83.151.238.34:40005

# Reference: https://www.virustotal.com/gui/file/56742e1089c9d98d0f7f4b3426bfeb3a4669fb8577b421a3831ae70163da45c5/detection

176.113.115.153:427
176.113.115.154:427
176.113.115.155:427
176.113.115.156:427
176.113.115.157:427
176.113.115.158:483
80.66.75.4:427

# Reference: https://www.virustotal.com/gui/file/537ec0422d183cec0fdbce49015dde564bbf36de1e0046d887cdaa2efd53ff7d/detection

62.204.41.45:482
62.204.41.46:418
62.204.41.47:418
62.204.41.48:418
62.204.41.49:418
62.204.41.50:418
91.243.33.5:418

# Reference: https://www.virustotal.com/gui/file/343899be6fbc4efdc2fc34741a3fc98e4ca56bb3b49478237b7fa6ff6c84fd5a/detection

176.113.115.153:420
176.113.115.153:427
176.113.115.153:430
176.113.115.154:420
176.113.115.154:427
176.113.115.154:430
176.113.115.155:420
176.113.115.155:427
176.113.115.155:430
176.113.115.156:420
176.113.115.156:427
176.113.115.156:430
176.113.115.157:420
176.113.115.157:427
176.113.115.157:430
176.113.115.158:483
176.113.115.158:484
176.113.115.158:486
80.66.75.4:420
80.66.75.4:427
80.66.75.4:430

# Reference: https://www.virustotal.com/gui/file/9aad941badbf8f169e0aa104d37f8299aab0a4b34112602447e4b72850e93110/detection

185.7.214.171:424
185.7.214.210:424
185.7.214.212:424
193.56.146.146:480
193.56.146.146:486
193.56.146.250:424
193.56.146.251:424
193.56.146.252:424

# Reference: https://www.virustotal.com/gui/file/dca12909c44dcfc264d795756e4e6e1b5af851fc2482d08f176c04dc27e0e124/detection

144.76.199.2:430
144.76.199.43:430
176.111.49.43:430
81.31.201.152:43594
85.25.119.25:430

# Reference: https://www.virustotal.com/gui/file/fa8aae19b41c3bebd0cf59e67336b40e3c1a36e8461d205af28cec856145405b/detection

176.113.115.153:416
176.113.115.153:431
176.113.115.154:416
176.113.115.154:431
176.113.115.155:416
176.113.115.155:431
176.113.115.156:416
176.113.115.156:431
176.113.115.157:416
176.113.115.157:431
176.113.115.158:480
176.113.115.158:487
80.66.75.4:416
80.66.75.4:431

# Reference: https://www.virustotal.com/gui/file/00190fcf5317e95bc62eab5b139e619c2ea19b2347c4c789f730ddfe96a3e92c/detection

176.113.115.153:422
176.113.115.153:428
176.113.115.154:422
176.113.115.154:428
176.113.115.155:422
176.113.115.155:428
176.113.115.156:422
176.113.115.156:428
176.113.115.157:422
176.113.115.157:428
185.215.113.38:424
185.215.113.38:425
185.244.41.156:424
185.7.214.51:480
31.41.244.82:422
31.41.244.82:428
31.41.244.85:422
31.41.244.85:428
62.204.41.23:422
62.204.41.23:428
62.204.41.24:422
62.204.41.24:428
62.204.41.25:422
62.204.41.25:428
62.204.41.48:424
80.66.75.4:422
80.66.75.4:428
91.243.33.254:484
91.243.33.254:486
91.243.33.5:422
91.243.33.5:424
91.243.33.5:425
91.243.33.5:428

# Reference: https://www.virustotal.com/gui/file/a6bd696d8e6445e1e2703a1a47988edb06ad012f9e4f0132e736b3a34df75777/detection

176.113.115.153:417
176.113.115.153:420
176.113.115.154:417
176.113.115.154:420
176.113.115.155:417
176.113.115.155:420
176.113.115.156:417
176.113.115.156:420
176.113.115.157:417
176.113.115.157:420
176.113.115.158:481
176.113.115.158:484
185.246.220.218:443
80.66.75.4:417

# Reference: https://app.any.run/tasks/e2abfc94-ea30-41c0-a816-df47963340d1/
# Reference: https://www.virustotal.com/gui/file/00076ee13b9542c8118745c7efca55f9ba6d671d0367cd52d7514c5484aaf942/detection

176.113.115.135:422
176.113.115.135:431
176.113.115.136:422
176.113.115.136:431
176.113.115.239:422
176.113.115.239:431
176.113.115.239:8080
183.79.223.249:465
31.41.244.81:419
31.41.244.81:421
31.41.244.82:419
31.41.244.82:421
31.41.244.83:419
31.41.244.83:421
31.41.244.84:419
31.41.244.84:421
31.41.244.85:419
31.41.244.85:421
80.66.75.254:486
80.66.75.254:487
91.243.33.254:483
91.243.33.254:485
91.243.33.4:424
91.243.33.5:419
91.243.33.5:421

# Reference: https://www.virustotal.com/gui/file/07f60737add24d8238a6e2846165a512d8b7a0b36410f24d02608721b7ada1dc/detection

http://176.113.115.239

# Reference: https://www.virustotal.com/gui/file/1536347be27128f25522a9b720f2f987507f9138eb84453103507ebea56eb6e5/detection

193.56.146.41:431
193.56.146.42:431
193.56.146.43:431
213.227.140.23:431
5.61.37.41:431
95.216.195.92:431

# Reference: https://www.virustotal.com/gui/file/002a4246be4001cc2fb7f2e68c52feac96653f27c128035c034ace04c65b7311/detection

176.113.115.135:416
176.113.115.136:416
176.113.115.239:416
176.113.115.84:416
45.143.201.238:416
80.66.75.254:480

# Reference: https://app.any.run/tasks/a89659cc-085d-426c-8b9b-dedaa559858a/

176.113.115.135:429
176.113.115.136:429
176.113.115.84:429
176.113.115.85:429
45.143.201.238:429
62.122.184.58:485
62.122.184.92:429
80.66.75.4:429

# Reference: https://www.virustotal.com/gui/file/a53033c9b2f99fd0e41a3d994974f6e22015af2d1ee5c197368d32a36a8d6791/detection

185.49.68.143:417
185.49.68.143:431
193.56.146.188:481
193.56.146.188:487
193.56.146.41:417
193.56.146.42:417
193.56.146.43:417
77.222.55.43:417
77.222.55.43:431

# Reference: https://www.virustotal.com/gui/file/23b9847bd7311fabec83cecc885228a3754cfceba5420d50120934ea2a668920/detection

176.113.115.153:419
176.113.115.154:419
176.113.115.155:419
176.113.115.156:419
176.113.115.157:419
80.66.75.4:419

# Reference: https://www.virustotal.com/gui/file/a58866eb30533df161551a3264e8f9d37db52e9e018023ee9301c50b1efd7a74/detection

45.9.20.178:430
45.9.20.179:430
45.9.20.187:430

# Reference: https://threatfox.abuse.ch/browse/malware/win.tofsee/ (# 2023-10-01)

144.76.108.82:430
172.82.190.178:426
185.16.40.157:427
185.161.248.127:416
185.183.162.195:427
185.215.113.58:443
185.49.70.93:426
188.130.209.2:483
195.242.110.99:430
212.22.87.191:486
217.172.179.54:430
31.192.237.6:426
31.42.189.81:426
47.251.38.135:443
51.178.207.67:430
54.36.100.25:427
87.251.71.150:427
87.251.71.150:430
91.203.5.144:430
92.38.171.179:426
95.179.157.19:482
95.181.178.110:426
muspelheim.be
nidavellir.top
niflheimr.cn
rgtryhbgddtyh.biz
ronaldo7streams.blogspot.com
vanaheim.cn
wertdghbyrukl.ch

# Reference: https://www.virustotal.com/gui/file/67fad958b447509b27fc54262297238a6f3e45ed73b0403e8aa07aa2b24d7d7f/detection

5.9.32.166:484

# Reference: https://www.virustotal.com/gui/file/12e27e1a67fc0d17cc63769b910b080786f517c0e4f01e545f5698e9162341fc/detection

45.9.20.177:443
45.9.20.177:486
51.158.144.223:430
91.219.63.95:430

# Reference: https://www.virustotal.com/gui/file/49b527dacc10e6d0e9d2924ecc4e59a8d727d5a2eb89aea324d303f4c8e7ba28/detection

185.101.158.33:21

# Reference: https://www.virustotal.com/gui/file/0a00671012b4cc6d328abe79ae061427f25595a5996d78dba6522d13abb23647/detection

176.111.174.92:416
176.113.115.225:416
193.143.1.5:416
213.109.202.188:416
83.97.73.44:416

# Reference: https://www.virustotal.com/gui/file/e614441409a7a5a9bcec809ffc695dd19c71ac2d3eaf240b6b8d50acfefbb412/detection

176.113.115.135:420
176.113.115.135:430
176.113.115.136:420
176.113.115.136:430
176.113.115.225:420
176.113.115.84:420
176.113.115.84:430
193.143.1.5:420
193.143.1.5:430
45.143.201.238:420
45.143.201.238:430
80.66.75.11:484
83.97.73.44:420
83.97.73.44:430

# Reference: https://www.virustotal.com/gui/file/dda4901dc20eff090c140eefaf21307535ce1620be5329baaeb3dbd4d62b9fa2/detection

176.113.115.84:417
176.113.115.84:431
193.143.1.5:417
193.143.1.5:431
45.143.201.238:431
80.66.75.11:481
83.97.73.44:431

# Reference: https://www.virustotal.com/gui/file/c7237e407b491e30d0f144969b225b91a1586bc66e12f2256ef2cd2b826888ee/detection

176.111.174.92:423
176.113.115.135:417
176.113.115.135:423
176.113.115.135:424
176.113.115.136:417
176.113.115.136:423
176.113.115.136:424
176.113.115.225:424
176.113.115.84:423
176.113.115.84:424
193.143.1.5:423
193.143.1.5:424
213.109.202.188:423
45.143.201.238:417
45.143.201.238:423
45.143.201.238:424
80.66.75.11:480
83.97.73.44:417
83.97.73.44:424

# Reference: https://www.virustotal.com/gui/file/a3a289c9219af271b7e7282f07f746bf0545985427436049728547a5e0ba4ab6/detection

176.113.115.135:428
176.113.115.136:428
176.113.115.225:430
176.113.115.84:428
193.143.1.5:428
45.143.201.238:428
80.66.75.11:486
83.97.73.44:428

# Reference: https://www.virustotal.com/gui/file/a25c1b1fb5eb977ad8232e559bc8ebd06a738eb900b524100d156d94da47adb0/detection

176.113.115.225:417

# Reference: https://www.virustotal.com/gui/file/9dc3cce3ecaa1992fbc781a6029cb6e4119ace31c6acf08fe1d033b30a8dc85c/detection

176.113.115.135:418
176.113.115.136:418
176.113.115.225:429
176.113.115.84:418
193.143.1.5:418
193.143.1.5:429
45.143.201.238:418
80.66.75.11:482
80.66.75.11:485
83.97.73.44:418
83.97.73.44:429

# Reference: https://www.virustotal.com/gui/file/36ec5f7dc0c4ca8cbf221e29140f3537bdfb346c9527a7503206122d58dac470/detection

176.113.115.225:418

# Reference: https://www.virustotal.com/gui/file/2f9c9ce20410a27d2b9c6b75821899812daf14d07aa20b877c661cee71beb749/detection

176.113.115.135:426
176.113.115.135:427
176.113.115.136:426
176.113.115.136:427
176.113.115.225:427
176.113.115.84:426
176.113.115.84:427
193.143.1.5:426
193.143.1.5:427
45.143.201.238:426
45.143.201.238:427
80.66.75.11:483
83.97.73.44:426
83.97.73.44:427

# Reference: https://www.virustotal.com/gui/file/56b19794ce4b1df0c754a6a480a9bf59d030ce929cfc8140d1b822d79e7f3ef6/detection

185.215.113.38:427
185.244.41.156:427
185.7.214.210:427
185.7.214.51:487
62.204.41.45:483
62.204.41.46:427
62.204.41.48:423
62.204.41.48:427
91.243.33.5:427

# Reference: https://www.virustotal.com/gui/file/513c6eefa2a3097a951ee0deac651116fd9b14578df1397a6d5ecb75a9e19b1f/detection

http://103.15.106.221
http://130.185.108.137
http://93.115.25.110
185.147.125.145:427
185.147.125.145:431
185.147.125.146:427
185.147.125.146:431
185.147.125.147:427
185.147.125.147:431
185.243.96.106:427
185.243.96.106:431
185.42.12.45:427
185.42.12.45:431
185.7.214.51:427
185.7.214.51:431

# Reference: https://x.com/skocherhan/status/1924949074543079708
# Reference: https://www.virustotal.com/gui/file/02e86f24f42157fd8cc31cfee28f3ca3832f5192814a20e2a546f91bda412972/detection

http://111.121.193.238
http://188.190.114.21
185.11.61.15:427
185.11.61.16:427
185.156.72.27:427
185.156.72.58:427
185.42.12.21:427
185.7.214.57:483
