# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: mispadu

# Reference: https://github.com/silence-is-best/c2db#ursa-loader

/nj41.php

# Reference: https://app.any.run/tasks/20f85f4b-ffc8-4e15-841c-03ecc150c4a4/

http://45.132.242.89

# Reference: https://twitter.com/JAMESWT_MHT/status/1290523174136946688
# Reference: https://www.virustotal.com/gui/file/e84bd675169dd1ccc077454d08aad592dd97d6a188e841ad02a2e888bd7c1a48/detection

http://104.44.143.28

# Reference: https://twitter.com/luc4m/status/1291985996850925576

mageurox01.hopto.org

# Reference: https://app.any.run/tasks/09bfdbe7-e8d7-42d5-a1cd-fc29586bd74b/

/bd21.php

# Reference: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
# Reference: https://otx.alienvault.com/pulse/5f610cb62458e403adeca72d

http://191.235.99.13
http://51.143.39.80
http://66.70.237.175
http://51.222.39.128
http://51.81.104.17
http://104.44.143.28
/lp1a.php

# Reference: https://twitter.com/sirpedrotavares/status/1318924601162870785
# Reference: https://www.virustotal.com/gui/file/b29028058aa066a993379f424482b3da2ac0b799b71f2da529071616919c4ead/detection
# Reference: https://www.virustotal.com/gui/file/4219d9606f428e914a91edb807d48e4bd30387827e3704318b32bb9a103a7d27/detection
# Reference: https://www.virustotal.com/gui/file/773fd094f93cd9db61173a29bbec99a6293e1a64f181186f36685d6f01827a99/detection
# Reference: https://www.virustotal.com/gui/file/3a4fe7cb28eac0a6fdb2a4831fae4f705b4715af8570e97cf73d07f3f2f598d1/detection
# Reference: https://www.virustotal.com/gui/file/7695ea92f052ada409ec014319a03588606d49125bab96128715ff1a3811463d/detection
# Reference: https://www.virustotal.com/gui/file/c867e31b5dd19dae446f9a3ea0735acfde45f8e2c87b3b7d2d1ce317f10f1f08/detection

http://104.41.57.9
http://142.44.218.78
http://191.235.78.73

# Reference: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/

http://104.41.57.9
http://104.44.143.28
http://13.58.123.122
http://142.44.218.78
http://144.217.32.24
http://191.235.78.73
http://191.235.99.13
http://191.239.122.4
http://40.70.86.161
http://45.132.242.89
http://51.143.39.80
http://51.222.39.127
http://51.222.39.128
http://51.81.104.17
http://52.91.227.152
http://54.233.78.131
http://54.39.33.188
http://66.70.237.175
http://87.98.137.173

# Reference: https://twitter.com/sirpedrotavares/status/1328012434087555072
# Reference: https://www.virustotal.com/gui/file/b2c2319b2b73ffc89e93508845eef2e544a7046d0c337b8973ba86558d4d5271/detection

http://40.65.223.174
http://40.84.210.148
http://70.37.106.179

# Reference: https://app.any.run/tasks/8b1d33f6-a637-4c0a-a315-95952d89796f/

http://149.56.76.254

# Reference: https://twitter.com/sirpedrotavares/status/1362034175696662530
# Reference: https://app.any.run/tasks/31a56984-5e8b-4bf9-98be-34b5ff3be475/

http://144.217.17.185
http://185.150.117.9
http://192.95.2.164

# Reference: https://twitter.com/pollo290987/status/1380418256285089793

http://51.79.9.85

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1395699114826928129

mcdonalds-cupon.s3.us-west-000.backblazeb2.com

# Reference: https://twitter.com/ffforward/status/1488837379314044932
# Reference: https://app.any.run/tasks/6ce19469-6f1f-42bc-9864-2e3a07fc6a6b/
# Reference: https://tria.ge/220202-jgyqwshgb6/behavioral1
# Reference: https://www.joesandbox.com/analysis/565971/0/html

http://149.248.55.205
149.248.55.205:49743
149.248.55.205:49744
contafop01.onthewifi.com
painelxxx2021a3.bounceme.net
/ghj672a.php
/ghj672136.rht45
/ghj672162.rht45
/ghj672am1.rht45

# Reference: https://www.virustotal.com/gui/file/0001d7fe1cb06a6f55f2852efbdc11333130642c511ce02a5504850deb3e2f5e/detection

http://66.206.13.2
208.115.109.53:8010
208.115.109.53:8030

# Reference: https://twitter.com/pollo290987/status/1569196919330570242
# Reference: https://pastebin.com/cg8tAe1F

11097.masterdaweb.net
magu.kozow.com

# Reference: https://twitter.com/StopMalvertisin/status/1584769822977851392

bola.com.au/images/hh/cfdi/do/it.php
highlineadsl.com/ddd/it.php

# Reference: https://twitter.com/1ZRR4H/status/1596279919838990337

document0.click
kh7jv.store
pagosdeclaraciones.shop
sgscommanager.shop
smart2nopagos.shop
websylvania.com

# Reference: https://twitter.com/1ZRR4H/status/1627085493023424512

facturas4.click

# Reference: https://twitter.com/1ZRR4H/status/1691389689796919297

http://172.86.68.194
172.86.68.194:445
chidoriland.com
/1r49ucc73/hs4q07q/it.php
/1r49ucc73/hs4q07q/
/1r49ucc73/
/hs4q07q/

# Reference: https://twitter.com/0xToxin/status/1722659950302769410

http://193.149.176.210
http://54.37.205.197

# Reference: https://twitter.com/0xToxin/status/1723709490485153960
# Reference: https://www.virustotal.com/gui/file/2d07d544e550a5e825107cfce42201a5a9e6e5d478a535fe57da86030c4ae624/detection

blackinfect.ddns.net

# Reference: https://twitter.com/pollo290987/status/1773110284095234083

ervimefacdigitataltrans.switzerlandnorth.cloudapp.azure.com

# Reference: https://x.com/pollo290987/status/1816977988489031947
# Reference: https://app.validin.com/detail?find=0b8c85495cec452651953b1c6f25d653dbcca569a2ac38236539ee4b6b2170c4&type=hash&ref_id=0a9184257b9#tab=host_pairs_v2

http://91.92.254.149
analistawebs.hair
analistawebs.yachts
coldshare.org
contpt.top
ns1.coldshare.org
ns2.coldshare.org

# Reference: https://x.com/pollo290987/status/1818099255052996692
# Reference: https://www.virustotal.com/gui/ip-address/38.60.224.167/relations
# Reference: https://www.virustotal.com/gui/file/0335e438ff586c75c5a0aded3dccf33d77a9d96e49c4eb4405ff59187ed341b1/detection

http://38.60.224.167
contmnet.site
contssd.zapto.org

# Reference: https://x.com/pollo290987/status/1818413633157910694
# Reference: https://www.virustotal.com/gui/file/0f0a34d2bb013fd0cf705a7808732343ffac6a2308f924275e377cbd105930b1/detection
# Reference: https://www.virustotal.com/gui/file/3a6d5c07b3ed6f1c24f589c3bd54a49842273d8050fb87bf7f33786bf0b2b1ae/detection

http://68.178.202.78
227.20.168.184.host.secureserver.net
78.202.178.68.host.secureserver.net
/asdtrg4grf.vbs
/veletricafds652fdacsw2azxx.php

# Reference: https://x.com/pollo290987/status/1820626182737412218
# Reference: https://www.virustotal.com/gui/ip-address/95.164.5.57/relations
# Reference: https://www.virustotal.com/gui/file/225341f69f153dcb90aea484f90149eaf7bb05c1ead55bde1cde2a568bed9848/detection

contgeraklf.com
contgera.zapto.org

# Reference: https://x.com/Merlax_/status/1860080823338487945

http://103.252.123.177
http://104.192.42.61
http://104.192.42.77
http://137.74.241.160
http://138.255.160.11
http://191.243.161.1
http://191.243.161.205
http://192.99.44.135
http://208.109.191.29
http://208.109.234.229
http://208.109.235.150
http://208.109.242.212
http://208.109.245.35
http://208.109.246.25
http://211.170.51.149
http://24.152.37.117
http://3.114.201.220
http://54.199.117.13
http://64.52.80.70
http://66.29.135.78
http://68.178.206.87
http://72.145.0.52
http://92.205.184.158
http://92.205.19.247
http://92.205.22.52
123.179.205.92.host.secureserver.net
147.32.167.72.host.secureserver.net
175.245.109.208.host.secureserver.net
183.29.205.92.host.secureserver.net
198.233.109.208.host.secureserver.net
216.76.148.132.host.secureserver.net
225.183.62.50.host.secureserver.net
23.179.205.92.host.secureserver.net
230.247.109.208.host.secureserver.net
01backpanther01.ddns.net
01direjuntox01.ddns.net
01mbaxjuntox01.ddns.net
01pantherback01.ddns.net
01s3wct01.ddns.net
01trpnoilahtiniep.servebeer.com
02backpanther02.ddnsking.com
02direjuntox02.ddnsking.com
02mbaxjuntox02.ddnsking.com
02pantherback02.ddnsking.com
02s3wct02.ddnsking.com
02trproebic.servegame.com
03backpanther03.3utilities.com
03direjuntox03.3utilities.com
03mbaxjuntox03.3utilities.com
03pantherback03.3utilities.com
03s3wct03.3utilities.com
03trpavurnaer.servehttp.com
04backpanther04.bounceme.net
04direjuntox04.bounceme.net
04mbaxjuntox04.bounceme.net
04pantherback04.bounceme.net
04s3wct04.bounceme.net
05backpanther05.freedynamicdns.net
05direjuntox05.freedynamicdns.net
05mbaxjuntox05.freedynamicdns.net
05pantherback05.freedynamicdns.net
05s3wct05.freedynamicdns.net
06backpanther06.freedynamicdns.org
06direjuntox06.freedynamicdns.org
06mbaxjuntox06.freedynamicdns.org
06pantherback06.freedynamicdns.org
06s3wct06.freedynamicdns.org
07backpanther07.gotdns.ch
07direjuntox07.gotdns.ch
07mbaxjuntox07.gotdns.ch
07pantherback07.gotdns.ch
07s3wct07.gotdns.ch
08backpanther08.hopto.org
08direjuntox08.hopto.org
08mbaxjuntox08.hopto.org
08pantherback08.hopto.org
08s3wct08.hopto.org
09backpanther09.myddns.me
09direjuntox09.myddns.me
09mbaxjuntox09.myddns.me
09pantherback09.myddns.me
09s3wct09.myddns.me
10backpanther10.myftp.biz
10direjuntox10.myftp.biz
10mbaxjuntox10.myftp.biz
10pantherback10.myftp.biz
10s3wct10.myftp.biz
11backpanther11.myftp.org
11direjuntox11.myftp.org
11mbaxjuntox11.myftp.org
11pantherback11.myftp.org
11s3wct11.myftp.org
11trpliuaum.viewdns.net
12backpanther12.ddns.net
12direjuntox12.ddns.net
12mbaxjuntox12.ddns.net
12pantherback12.ddns.net
12s3wct12.ddns.net
12trpsalas.redirectme.net
13backpanther13.ddnsking.com
13direjuntox13.ddnsking.com
13mbaxjuntox13.ddnsking.com
13pantherback13.ddnsking.com
13s3wct13.ddnsking.com
13trphteryukbelec.servebeer.com
14backpanther14.3utilities.com
14direjuntox14.3utilities.com
14mbaxjuntox14.3utilities.com
14pantherback14.3utilities.com
14s3wct14.3utilities.com
15backpanther15.bounceme.net
15direjuntox15.bounceme.net
15mbaxjuntox15.bounceme.net
15pantherback15.bounceme.net
15s3wct15.bounceme.net
16backpanther16.freedynamicdns.net
16direjuntox16.freedynamicdns.net
16mbaxjuntox16.freedynamicdns.net
16pantherback16.freedynamicdns.net
16s3wct16.freedynamicdns.net
17backpanther17.freedynamicdns.org
17direjuntox17.freedynamicdns.org
17mbaxjuntox17.freedynamicdns.org
17pantherback17.freedynamicdns.org
17s3wct17.freedynamicdns.org
18backpanther18.gotdns.ch
18direjuntox18.gotdns.ch
18mbaxjuntox18.gotdns.ch
18pantherback18.gotdns.ch
18s3wct18.gotdns.ch
19backpanther19.hopto.org
19direjuntox19.hopto.org
19mbaxjuntox19.hopto.org
19pantherback19.hopto.org
19s3wct19.hopto.org
1trpridnarsu.servegame.com
20backpanther20.myddns.me
20direjuntox20.myddns.me
20mbaxjuntox20.myddns.me
20pantherback20.myddns.me
20s3wct20.myddns.me
21backpanther21.myftp.biz
21direjuntox21.myftp.biz
21mbaxjuntox21.myftp.biz
21pantherback21.myftp.biz
21s3wct21.myftp.biz
21trpadeovnara.servehttp.com
22backpanther22.myftp.org
22direjuntox22.myftp.org
22mbaxjuntox22.myftp.org
22pantherback22.myftp.org
22s3wct22.myftp.org
22trpeblag.serveminecraft.net
23backpanther23.ddns.net
23direjuntox23.ddns.net
23mbaxjuntox23.ddns.net
23pantherback23.ddns.net
23s3wct23.ddns.net
247wtlxcr5b.myvnc.com
24backpanther24.ddnsking.com
24direjuntox24.ddnsking.com
24mbaxjuntox24.ddnsking.com
24pantherback24.ddnsking.com
24s3wct24.ddnsking.com
25backpanther25.3utilities.com
25direjuntox25.3utilities.com
25mbaxjuntox25.3utilities.com
25pantherback25.3utilities.com
25s3wct25.3utilities.com
26backpanther26.bounceme.net
26direjuntox26.bounceme.net
26mbaxjuntox26.bounceme.net
26pantherback26.bounceme.net
26s3wct26.bounceme.net
27backpanther27.freedynamicdns.net
27direjuntox27.freedynamicdns.net
27mbaxjuntox27.freedynamicdns.net
27pantherback27.freedynamicdns.net
27s3wct27.freedynamicdns.net
28backpanther28.freedynamicdns.org
28direjuntox28.freedynamicdns.org
28mbaxjuntox28.freedynamicdns.org
28pantherback28.freedynamicdns.org
28s3wct28.freedynamicdns.org
29backpanther29.gotdns.ch
29direjuntox29.gotdns.ch
29mbaxjuntox29.gotdns.ch
29pantherback29.gotdns.ch
29s3wct29.gotdns.ch
2trpnoisiuw.viewdns.net
30backpanther30.hopto.org
30direjuntox30.hopto.org
30mbaxjuntox30.hopto.org
30pantherback30.hopto.org
30s3wct30.hopto.org
31backpanther31.myddns.me
31direjuntox31.myddns.me
31mbaxjuntox31.myddns.me
31pantherback31.myddns.me
31s3wct31.myddns.me
31trpopuxgeleb.redirectme.net
3trprihtietoer.servebeer.com
41trpnepec.servegame.com
42trprodnada.servehttp.com
4trprodsalu.serveminecraft.net
51trpnoiaclig.viewdns.net
52trpnadaer.redirectme.net
5trpoheuxle.servebeer.com
61trpridakeyc.servegame.com
alamaudonweb.com
atsocarelepap.redirectme.net
bbgpw101up.gotdns.ch
bbgpw102up.ddnsking.com
bbgpw103up.gotdns.ch
bbgpw104up.ddnsking.com
bbgpw105up.gotdns.ch
bbgpw106up.ddnsking.com
bbgpw107up.gotdns.ch
bbgpw108up.ddnsking.com
bbgpw109up.gotdns.ch
bbgpw110up.ddnsking.com
bbgpw111up.gotdns.ch
bbgpw112up.ddnsking.com
bbgpw113up.gotdns.ch
bbgpw114up.ddnsking.com
bbgpw115up.gotdns.ch
bbgpw116up.ddnsking.com
bbgpw117up.gotdns.ch
bbgpw118up.ddnsking.com
bbgpw119up.gotdns.ch
bbgpw120up.ddnsking.com
bbgpw121up.gotdns.ch
bbgpw122up.ddnsking.com
bbgpw123up.gotdns.ch
bbgpw124up.ddnsking.com
bbgpw125up.gotdns.ch
bbgpw126up.ddnsking.com
bbgpw127up.gotdns.ch
bbgpw128up.ddnsking.com
bbgpw129up.gotdns.ch
bbgpw130up.ddnsking.com
bbgpw131up.gotdns.ch
danw01.ddns.net
danw01up.servequake.com
danw02up.viewdns.net
danw03up.servequake.com
danw04up.viewdns.net
danw05up.servequake.com
danw06up.viewdns.net
danw07up.servequake.com
danw08up.viewdns.net
danw09up.servequake.com
danw10up.viewdns.net
danw11up.servequake.com
danw12up.viewdns.net
danw13up.servequake.com
danw14up.viewdns.net
danw15up.servequake.com
danw16up.viewdns.net
danw17up.servequake.com
danw18up.viewdns.net
danw19up.servequake.com
danw20up.viewdns.net
danw21up.servequake.com
danw22up.viewdns.net
danw23up.servequake.com
danw24up.viewdns.net
danw25up.servequake.com
danw26up.viewdns.net
danw27up.servequake.com
danw28up.viewdns.net
danw29up.servequake.com
danw30up.viewdns.net
danw31up.servequake.com
inquisit55splash.zapto.org
jamresy01up.servequake.com
jamresy02up.viewdns.net
jamresy03up.servequake.com
jamresy04up.viewdns.net
jamresy05up.servequake.com
jamresy06up.viewdns.net
jamresy07up.servequake.com
jamresy08up.viewdns.net
jamresy09up.servequake.com
jamresy10up.viewdns.net
jamresy11up.servequake.com
jamresy12up.viewdns.net
jamresy13up.servequake.com
jamresy14up.viewdns.net
jamresy15up.servequake.com
jamresy16up.viewdns.net
jamresy17up.servequake.com
jamresy18up.viewdns.net
jamresy19up.servequake.com
jamresy20up.viewdns.net
jamresy21up.servequake.com
jamresy22up.viewdns.net
jamresy23up.servequake.com
jamresy24up.viewdns.net
jamresy25up.servequake.com
jamresy26up.viewdns.net
jamresy27up.servequake.com
jamresy28up.viewdns.net
jamresy29up.servequake.com
jamresy30up.viewdns.net
jamresy31up.servequake.com
levitynnatural.jetos.com
levytynatural.jetos.com
norcopop.serveminecraft.net
oiapmasomsirut.servebeer.com
pat2wx.webhop.me
pat2wx01up.servemp3.com
pat2wx02up.ddnsking.com
pat2wx03up.servemp3.com
pat2wx04up.ddnsking.com
pat2wx05up.servemp3.com
pat2wx06up.ddnsking.com
pat2wx07up.servemp3.com
pat2wx08up.ddnsking.com
pat2wx09up.servemp3.com
pat2wx10up.ddnsking.com
pat2wx11up.servemp3.com
pat2wx12up.ddnsking.com
pat2wx13up.servemp3.com
pat2wx14up.ddnsking.com
pat2wx15up.servemp3.com
pat2wx16up.ddnsking.com
pat2wx17up.servemp3.com
pat2wx18up.ddnsking.com
pat2wx19up.servemp3.com
pat2wx20up.ddnsking.com
pat2wx21up.servemp3.com
pat2wx22up.ddnsking.com
pat2wx23up.servemp3.com
pat2wx24up.ddnsking.com
pat2wx25up.servemp3.com
pat2wx26up.ddnsking.com
pat2wx27up.servemp3.com
pat2wx28up.ddnsking.com
pat2wx29up.servemp3.com
pat2wx30up.ddnsking.com
pat2wx31up.servemp3.com
plorext1247wtlxcr5b.bounceme.net
pmuplasoloc.servehttp.com
ptmx101up.servemp3.com
ptmx102up.ddnsking.com
ptmx103up.servemp3.com
ptmx104up.ddnsking.com
ptmx105up.servemp3.com
ptmx106up.ddnsking.com
ptmx107up.servemp3.com
ptmx108up.ddnsking.com
ptmx109up.servemp3.com
ptmx110up.ddnsking.com
ptmx111up.servemp3.com
ptmx112up.ddnsking.com
ptmx113up.servemp3.com
ptmx114up.ddnsking.com
ptmx115up.servemp3.com
ptmx116up.ddnsking.com
ptmx117up.servemp3.com
ptmx118up.ddnsking.com
ptmx119up.servemp3.com
ptmx120up.ddnsking.com
ptmx121up.servemp3.com
ptmx122up.ddnsking.com
ptmx123up.servemp3.com
ptmx124up.ddnsking.com
ptmx125up.servemp3.com
ptmx126up.ddnsking.com
ptmx127up.servemp3.com
ptmx128up.ddnsking.com
ptmx129up.servemp3.com
ptmx130up.ddnsking.com
ptmx131up.servemp3.com
ptmx201up.servemp3.com
ptmx202up.ddnsking.com
ptmx203up.servemp3.com
ptmx204up.ddnsking.com
ptmx205up.servemp3.com
ptmx206up.ddnsking.com
ptmx207up.servemp3.com
ptmx208up.ddnsking.com
ptmx209up.servemp3.com
ptmx210up.ddnsking.com
ptmx211up.servemp3.com
ptmx212up.ddnsking.com
ptmx213up.servemp3.com
ptmx214up.ddnsking.com
ptmx215up.servemp3.com
ptmx216up.ddnsking.com
ptmx217up.servemp3.com
ptmx218up.ddnsking.com
ptmx219up.servemp3.com
ptmx220up.ddnsking.com
ptmx221up.servemp3.com
ptmx222up.ddnsking.com
ptmx223up.servemp3.com
ptmx224up.ddnsking.com
ptmx225up.servemp3.com
ptmx226up.ddnsking.com
ptmx227up.servemp3.com
ptmx228up.ddnsking.com
ptmx229up.servemp3.com
ptmx230up.ddnsking.com
ptmx231up.servemp3.com
retnecbob.redirectme.net
retnecbob.servegame.com
riot44theendurable.zapto.org
s3wct4p1.viewdns.net
seguresnueva01.ddns.net
seguresnueva02.ddns.net
seguresnueva03.ddns.net
seguresnueva04.ddns.net
seguresnueva05.ddns.net
seguresnueva06.ddns.net
seguresnueva07.ddns.net
snegaivlautpac.redirectme.net
snugelbub.serveminecraft.net
snugpot.servebeer.com
stupendous22sec.zapto.org
teporcam.servegame.com
the11industrious.zapto.org
vmcnydf4125as.serveirc.com
wistfulpotatoes.com
wretched33kinder.zapto.org
xcpopabmas.viewdns.net
zalevitelosag.redirectme.net

# Reference: https://x.com/smica83/status/1964025679688712234
# Reference: https://tria.ge/250905-whze2a1mz3/behavioral1

http://104.243.37.31
jmtykwlohydeiud.com
/jyetnng1a.php
/jyetnng1390.dhytytrta
/jyetnng1am1.dhytytrta
/jyetnng1aa3.dhytytrta

# Reference: https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/
# Reference: https://otx.alienvault.com/pulse/5dd3cdf234fc603cc25eba8a

http://18.219.25.133
http://3.19.223.147
http://51.75.95.179
promoscupom.cf

# Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/mispadu-banking-trojan-resurfaces
# Reference: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
# Reference: https://twitter.com/sirpedrotavares/status/1305076741107519488/
# Reference: https://otx.alienvault.com/pulse/5f6b9eba7dbd6eb5c9a5bfa9

01fckgwxqweod01.ddns.net
01odinxqwefck01.ddns.net
02fckgwxqweod02.ddnsking.com
02odinxqwefck02.ddnsking.com
03fckgwxqweod03.3utilities.com
03odinxqwefck03.3utilities.com
04fckgwxqweod04.bounceme.net
04odinxqwefck04.bounceme.net
05fckgwxqweod05.freedynamicdns.net
05odinxqwefck05.freedynamicdns.net
06fckgwxqweod06.freedynamicdns.org
06odinxqwefck06.freedynamicdns.org
07fckgwxqweod07.gotdns.ch
07odinxqwefck07.gotdns.ch
08fckgwxqweod08.hopto.org
08odinxqwefck08.hopto.org
09fckgwxqweod09.myddns.me
09odinxqwefck09.myddns.me
10fckgwxqweod10.myftp.biz
10odinxqwefck10.myftp.biz
11fckgwxqweod11.myftp.org
11odinxqwefck11.myftp.org
12fckgwxqweod12.ddns.net
12odinxqwefck12.ddns.net
13fckgwxqweod13.ddnsking.com
13odinxqwefck13.ddnsking.com
14fckgwxqweod14.3utilities.com
14odinxqwefck14.3utilities.com
15fckgwxqweod15.bounceme.net
15odinxqwefck15.bounceme.net
16fckgwxqweod16.freedynamicdns.net
16odinxqwefck16.freedynamicdns.net
17fckgwxqweod17.freedynamicdns.org
17odinxqwefck17.freedynamicdns.org
18fckgwxqweod18.gotdns.ch
18odinxqwefck18.gotdns.ch
19fckgwxqweod19.hopto.org
19odinxqwefck19.hopto.org
20fckgwxqweod20.myddns.me
20odinxqwefck20.myddns.me
21fckgwxqweod21.myftp.biz
21odinxqwefck21.myftp.biz
22fckgwxqweod22.myftp.org
22odinxqwefck22.myftp.org
23fckgwxqweod23.ddns.net
23odinxqwefck23.ddns.net
24fckgwxqweod24.ddnsking.com
24odinxqwefck24.ddnsking.com
25fckgwxqweod25.3utilities.com
25odinxqwefck25.3utilities.com
26fckgwxqweod26.bounceme.net
26odinxqwefck26.bounceme.net
27fckgwxqweod27.freedynamicdns.net
27odinxqwefck27.freedynamicdns.net
28fckgwxqweod28.freedynamicdns.org
28odinxqwefck28.freedynamicdns.org
29fckgwxqweod29.gotdns.ch
29odinxqwefck29.gotdns.ch
30fckgwxqweod30.hopto.org
30odinxqwefck30.hopto.org
31fckgwxqweod31.myddns.me
31odinxqwefck31.myddns.me

# Reference: https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/

http://24.199.98.128
24.199.98.128:445
moscovatech.com
plinqok.com
trilivok.com
xalticainvest.com

# Reference: https://gist.github.com/kirk-sayre-work/a4a8c83481bbf0197375e3fd21914fc1

102.57.205.92.host.secureserver.net
148.241.109.208.host.secureserver.net
179.150.167.72.host.secureserver.net
198.148.167.72.host.secureserver.net
43.244.109.208.host.secureserver.net
homesdfarts.shop
rekemchiwdnas.com
mtxp1.2waky.com
mut4.toh.info
trahomesd.homesdfarts.shop

# Reference: https://x.com/pollo290987/status/1831575245792182642
# Reference: https://www.virustotal.com/gui/file/9317af65c8b296e993c28b85c017fca713e143daa367797ec1749b82cbc89a72/detection

20.188.109.208.host.secureserver.net
94.33.167.72.host.secureserver.net
/pskf2a.php

# Reference: https://x.com/Dkavalanche/status/1838336655645614125

203.21.205.92.host.secureserver.net

# Reference: https://x.com/1ZRR4H/status/1843621676526792900

135.53.167.72.host.secureserver.net

# Reference: https://x.com/Merlax_/status/1882390321713316274

http://64.95.10.181
104.234.70.158:6996
15.235.41.28:7001
170.238.45.201:7885
172.86.84.227:6974
172.96.161.188:5559
172.96.161.248:5558
209.250.231.141:7513
217.182.105.61:8007
34.46.212.86:8001
35.246.228.83:5555
51.91.209.34:8001
54.36.116.0:8577
54.36.118.231:6499
57.129.58.72:7000
87.121.86.212:6555
azsxdcedws42rfs.servepics.com
azsxdcfvgbhn.serveirc.com
cas7hco.is-a-conservative.com
cub9clesaver.is-a-cubicle-slave.com
deignrich.is-a-designer.com
dscxfvsgstsdxs.viewdns.net
eanwealth.is-a-doctor.com
fiancialgold.is-a-financialadvisor.com
gafsrwewsfwrs.servegame.com
geemaster.is-a-geek.net
go9gold.is-a-chef.org
go9nknight.is-a-knight.org
gol69mining.is-a-chef.com
gol6xhunter.is-a-celticsfan.org
gol9enllama.is-a-llama.com
gold7rush.is-a-candidate.org
golhunterx.is-a-hunter.com
golx9routex.is-a-chef.net
grnincome.is-a-green.com
gsfdrewte8n.ddns.net
gur9fgold.is-a-guru.com
hardash.is-a-hard-worker.com
ikmjnhbgvfcs.servebeer.com
ikujyhtgrfed.myvnc.com
iwuwter43fsfd.servehalflife.com
jmhngbfvdcsxsx.servequake.com
jmnhgbyutfvdcesx.servepics.com
jsgdfdreteed.hopto.org
kajdhdfxfcdseew.ddnsking.com
kishhsfdrwew.bounceme.net
kmjnhbgvfdcxs.servecounterstrike.com
kmjnhuygbdds.servemp3.com
kmjshdgdteresw2.zapto.org
ksiuetrtr7363.freedynamicdns.net
ksjhdfewre4e.viewdns.net
ksjhdgteyrid.myftp.org
ksjshfdfretr63.redirectme.net
ksjsmndvcxdstd6.serveftp.com
ksksjhdgffxcsd4.ddns.net
ksmnvcfdgfteri.serveminecraft.net
lan9old.is-a-landscaper.com
lawy77rgold.is-a-lawyer.com
libetwealth.is-a-libertarian.com
libr7alrich.is-a-liberal.com
lin9uigold.is-a-linux-user.org
loauusgdtdss.3utilities.com
loikjnhbgvfdce.webhop.me
loikmjnhuytgbvfr.sytes.net
loisujsgdfcxvd.zapto.org
lokiujyhtgsx.servegame.com
loopijnu7677hs.servemp3.com
losiuwyetegsfs.gotdns.ch
lospieyterswsa.hopto.org
loueyerrsedwcs.myddns.me
lskhdfferessd.serveblog.net
lskjsgdferete.myvnc.com
lsksjhdgferes.servebeer.com
lsksjhdgfvxcdeu.serveirc.com
lsooskdjdmcnbgd.myftp.biz
lsosojdjdgbccxx.freedynamicdns.net
mjhngbfvdce.serveftp.com
mjhsfdretryuwe.myftp.biz
mjnhbgvfdcsx.serveblog.net
mjshgdfer3s.gotdns.ch
mnbvcfde34r.sytes.net
moe9ymagnet.is-a-democrat.com
mondro01up.servemp3.com
mondro02up.ddnsking.com
mondro03up.servemp3.com
mondro04up.ddnsking.com
mondro05up.servemp3.com
mondro06up.ddnsking.com
mondro07up.servemp3.com
mondro08up.ddnsking.com
mondro09up.servemp3.com
mondro10up.ddnsking.com
mondro11up.servemp3.com
mondro12up.ddnsking.com
mondro13up.servemp3.com
mondro14up.ddnsking.com
mondro15up.servemp3.com
mondro16up.ddnsking.com
mondro17up.servemp3.com
mondro18up.ddnsking.com
mondro19up.servemp3.com
mondro20up.ddnsking.com
mondro21up.servemp3.com
mondro22up.ddnsking.com
mondro23up.servemp3.com
mondro24up.ddnsking.com
mondro25up.servemp3.com
mondro26up.ddnsking.com
mondro27up.servemp3.com
mondro28up.ddnsking.com
mondro29up.servemp3.com
mondro30up.ddnsking.com
mondro31up.servemp3.com
mone9ywizard.is-a-caterer.com
moygeek.is-a-geek.org
msjdiwuw92.ddnsking.com
msjshdfdre3s.onthewifi.com
msjshdgferweusi.myddns.me
msnbdccxfddsre.servehttp.com
msngdfdre5.freedynamicdns.org
mus9igold.is-a-musician.com
mxgv2w01up.servemp3.com
mxgv2w02up.ddnsking.com
mxgv2w03up.servemp3.com
mxgv2w04up.ddnsking.com
mxgv2w05up.servemp3.com
mxgv2w06up.ddnsking.com
mxgv2w07up.servemp3.com
mxgv2w08up.ddnsking.com
mxgv2w09up.servemp3.com
mxgv2w1.servepics.com
mxgv2w10up.ddnsking.com
mxgv2w11up.servemp3.com
mxgv2w12up.ddnsking.com
mxgv2w13up.servemp3.com
mxgv2w14up.ddnsking.com
mxgv2w15up.servemp3.com
mxgv2w16up.ddnsking.com
mxgv2w17up.servemp3.com
mxgv2w18up.ddnsking.com
mxgv2w19up.servemp3.com
mxgv2w20up.ddnsking.com
mxgv2w21up.servemp3.com
mxgv2w22up.ddnsking.com
mxgv2w23up.servemp3.com
mxgv2w24up.ddnsking.com
mxgv2w25up.servemp3.com
mxgv2w26up.ddnsking.com
mxgv2w27up.servemp3.com
mxgv2w28up.ddnsking.com
mxgv2w29up.servemp3.com
mxgv2w30up.ddnsking.com
mxgv2w31up.servemp3.com
mxjhndbgsfree.serveminecraft.net
nas9cacash.is-a-nascarfan.com
nhgbjmkmnbx.servehalflife.com
nshsfdvccxsswe.webhop.me
nur9swealth.is-a-nurse.com
olikujyhtgrf.onthewifi.com
olkiuj76tgfr.servequake.com
owiwuete63543.bounceme.net
pain9trgold.is-a-painter.com
pateta01up.servemp3.com
pateta02up.ddnsking.com
pateta03up.servemp3.com
pateta04up.ddnsking.com
pateta05up.servemp3.com
pateta06up.ddnsking.com
pateta07up.servemp3.com
pateta08up.ddnsking.com
pateta09up.servemp3.com
pateta10up.ddnsking.com
pateta11up.servemp3.com
pateta12up.ddnsking.com
pateta13up.servemp3.com
pateta14up.ddnsking.com
pateta15up.servemp3.com
pateta16up.ddnsking.com
pateta17up.servemp3.com
pateta18up.ddnsking.com
pateta19up.servemp3.com
pateta20up.ddnsking.com
pateta21up.servemp3.com
pateta22up.ddnsking.com
pateta23up.servemp3.com
pateta24up.ddnsking.com
pateta25up.servemp3.com
pateta26up.ddnsking.com
pateta27up.servemp3.com
pateta28up.ddnsking.com
pateta29up.servemp3.com
pateta30up.ddnsking.com
pateta31up.servemp3.com
patetahw1.webhop.me
patkx1.gotdns.ch
patkx101up.servemp3.com
patkx102up.ddnsking.com
patkx103up.servemp3.com
patkx104up.ddnsking.com
patkx105up.servemp3.com
patkx106up.ddnsking.com
patkx107up.servemp3.com
patkx108up.ddnsking.com
patkx109up.servemp3.com
patkx110up.ddnsking.com
patkx111up.servemp3.com
patkx112up.ddnsking.com
patkx113up.servemp3.com
patkx114up.ddnsking.com
patkx115up.servemp3.com
patkx116up.ddnsking.com
patkx117up.servemp3.com
patkx118up.ddnsking.com
patkx119up.servemp3.com
patkx120up.ddnsking.com
patkx121up.servemp3.com
patkx122up.ddnsking.com
patkx123up.servemp3.com
patkx124up.ddnsking.com
patkx125up.servemp3.com
patkx126up.ddnsking.com
patkx127up.servemp3.com
patkx128up.ddnsking.com
patkx129up.servemp3.com
patkx130up.ddnsking.com
patkx131up.servemp3.com
ppwow992735ssx.sytes.net
pqoqiwue62es.freedynamicdns.org
qazxswedcvfrtgb.myftp.org
r3xg01up.servequake.com
r3xg02up.viewdns.net
r3xg03up.servequake.com
r3xg04up.viewdns.net
r3xg05up.servequake.com
r3xg06up.viewdns.net
r3xg07up.servequake.com
r3xg08up.viewdns.net
r3xg09up.servequake.com
r3xg10up.viewdns.net
r3xg11up.servequake.com
r3xg12up.viewdns.net
r3xg13up.servequake.com
r3xg14up.viewdns.net
r3xg15up.servequake.com
r3xg16up.viewdns.net
r3xg17up.servequake.com
r3xg18up.viewdns.net
r3xg19up.servequake.com
r3xg20up.viewdns.net
r3xg21up.servequake.com
r3xg22up.viewdns.net
r3xg23up.servequake.com
r3xg24up.viewdns.net
r3xg25up.servequake.com
r3xg26up.viewdns.net
r3xg27up.servequake.com
r3xg28up.viewdns.net
r3xg29up.servequake.com
r3xg30up.viewdns.net
r3xg31up.servequake.com
sderfdcxsddffs3.servecounterstrike.com
snshhdhdytetre5.sytes.net
tecgeek.is-a-geek.com
ujmnhytgbvfd.servehttp.com
vfcdxszabgnhmj.redirectme.net
wea9thpro.is-a-cpa.com
xsdsewre435a.3utilities.com

# Reference: https://x.com/Merlax_/status/1892387093193609514

http://160.153.172.106
http://160.153.172.33
http://160.153.173.113
http://160.153.173.160
http://160.153.173.179
http://160.153.173.227
http://160.153.173.69
http://160.153.173.84
http://160.153.174.24
http://160.153.174.3
http://160.153.174.38
http://160.153.175.99
http://208.109.37.95
http://208.109.39.114
http://37.148.201.105
http://72.167.134.73
http://72.167.143.231
57.129.23.16:6061
198.243.109.208.host.secureserver.net
243.200.148.37.host.secureserver.net
253.176.169.192.host.secureserver.net
42.173.153.160.host.secureserver.net
76.21.168.184.host.secureserver.net
93.143.167.72.host.secureserver.net
97.49.167.72.host.secureserver.net
01mxarjuntoq01.ddns.net
01mxarjuntow01.ddns.net
02mxarjuntoq02.ddnsking.com
02mxarjuntow02.ddnsking.com
03mxarjuntoq03.3utilities.com
03mxarjuntow03.3utilities.com
04mxarjuntoq04.bounceme.net
04mxarjuntow04.bounceme.net
05mxarjuntoq05.freedynamicdns.net
05mxarjuntow05.freedynamicdns.net
06mxarjuntoq06.freedynamicdns.org
06mxarjuntow06.freedynamicdns.org
07mxarjuntoq07.gotdns.ch
07mxarjuntow07.gotdns.ch
08mxarjuntoq08.hopto.org
08mxarjuntow08.hopto.org
09mxarjuntoq09.myddns.me
09mxarjuntow09.myddns.me
10mxarjuntoq10.myftp.biz
10mxarjuntow10.myftp.biz
11mxarjuntoq11.myftp.org
11mxarjuntow11.myftp.org
12mxarjuntoq12.ddns.net
12mxarjuntow12.ddns.net
13mxarjuntoq13.ddnsking.com
13mxarjuntow13.ddnsking.com
14mxarjuntoq14.3utilities.com
14mxarjuntow14.3utilities.com
15mxarjuntoq15.bounceme.net
15mxarjuntow15.bounceme.net
16mxarjuntoq16.freedynamicdns.net
16mxarjuntow16.freedynamicdns.net
17mxarjuntoq17.freedynamicdns.org
17mxarjuntow17.freedynamicdns.org
18mxarjuntoq18.gotdns.ch
18mxarjuntow18.gotdns.ch
19mxarjuntoq19.hopto.org
19mxarjuntow19.hopto.org
20mxarjuntoq20.myddns.me
20mxarjuntow20.myddns.me
21mxarjuntoq21.myftp.biz
21mxarjuntow21.myftp.biz
22mxarjuntoq22.myftp.org
22mxarjuntow22.myftp.org
23mxarjuntoq23.ddns.net
23mxarjuntow23.ddns.net
24mxarjuntoq24.ddnsking.com
24mxarjuntow24.ddnsking.com
25mxarjuntoq25.3utilities.com
25mxarjuntow25.3utilities.com
26mxarjuntoq26.bounceme.net
26mxarjuntow26.bounceme.net
27mxarjuntoq27.freedynamicdns.net
27mxarjuntow27.freedynamicdns.net
28mxarjuntoq28.freedynamicdns.org
28mxarjuntow28.freedynamicdns.org
29mxarjuntoq29.gotdns.ch
29mxarjuntow29.gotdns.ch
30mxarjuntoq30.hopto.org
30mxarjuntow30.hopto.org
31mxarjuntoq31.myddns.me
31mxarjuntow31.myddns.me

# Reference: https://x.com/1ZRR4H/status/1892619437804573180

wrsh.blob.core.windows.net
/wusgdh/index.html

# Reference: https://x.com/Merlax_/status/1901807022909378874

http://132.148.72.23
http://132.148.79.238
http://160.153.172.116
http://160.153.172.183
http://160.153.172.22
http://160.153.172.63
http://160.153.172.89
http://160.153.173.214
http://160.153.173.232
http://160.153.173.49
http://160.153.174.132
http://160.153.174.159
http://160.153.174.220
http://160.153.174.233
http://160.153.174.40
http://160.153.174.66
http://160.153.174.76
http://160.153.175.131
http://160.153.175.181
http://160.153.175.194
http://160.153.175.233
http://160.153.175.36
http://160.153.175.88
http://192.169.176.148
http://192.169.177.12
http://208.109.228.124
http://208.109.37.178
http://37.148.201.43
http://64.202.185.127
http://64.202.186.158
http://64.202.186.172
http://64.202.188.206
http://64.202.188.207
http://64.202.189.100
http://64.202.189.48
http://64.202.189.59
http://64.202.191.129
http://72.167.133.167
http://92.205.129.134
http://92.205.164.90
http://92.205.228.109
http://92.205.57.180
160.153.175.213:443
172.96.161.189:5587
172.96.161.85:5588
196.251.115.150:6555
45.137.214.73:8511
64.202.185.182:443
64.202.188.26:443
64.202.189.168:443
168.40.167.72.host.secureserver.net
178.37.109.208.host.secureserver.net
03trpavurnaer.servehxxp.com
21trpadeovnara.servehxxp.com
42trprodnada.servehxxp.com
84.173.153.160.host.secureserver.net
msnbdccxfddsre.servehxxp.com
pmuplasoloc.servehxxp.com
ujmnhytgbvfd.servehxxp.com

# Reference: https://x.com/Merlax_/status/1910876560749437061

172.96.140.97:6836
172.96.142.77:0591
172.96.161.235:6234
188.245.227.53:9985
194.238.24.68:6669
34.59.32.85:8001
38.210.209.243:6675
51.77.148.222:1259
247wtlxcr5B.myvnc.com
crarow1.zzux.com
mgl01up.servemp3.com
mgl02up.ddnsking.com
mgl03up.servemp3.com
mgl04up.ddnsking.com
mgl05up.servemp3.com
mgl06up.ddnsking.com
mgl07up.servemp3.com
mgl08up.ddnsking.com
mgl09up.servemp3.com
mgl10up.ddnsking.com
mgl11up.servemp3.com
mgl12up.ddnsking.com
mgl13up.servemp3.com
mgl14up.ddnsking.com
mgl15up.servemp3.com
mgl16up.ddnsking.com
mgl17up.servemp3.com
mgl18up.ddnsking.com
mgl19up.servemp3.com
mgl20up.ddnsking.com
mgl21up.servemp3.com
mgl22up.ddnsking.com
mgl23up.servemp3.com
mgl24up.ddnsking.com
mgl25up.servemp3.com
mgl26up.ddnsking.com
mgl27up.servemp3.com
mgl28up.ddnsking.com
mgl30up.ddnsking.com
mgl31up.servemp3.com
plorext1247wtlxcr5B.bounceme.net
ucrarow01.freedynamicdns.org
ucrarow02.gotdns.ch
ucrarow03.hopto.org
ucrarow04.myddns.me
ucrarow05.myftp.biz
ucrarow06.myftp.org
ucrarow07.ddns.net
ucrarow08.ddnsking.com
ucrarow09.3utilities.com
ucrarow10.bounceme.net
ucrarow11.freedynamicdns.net
ucrarow12.freedynamicdns.org
ucrarow13.gotdns.ch
ucrarow14.hopto.org
ucrarow15.myddns.me
ucrarow16.ddns.net
ucrarow17.ddnsking.com
ucrarow18.3utilities.com
ucrarow19.bounceme.net
ucrarow20.freedynamicdns.net
ucrarow21.freedynamicdns.org
ucrarow22.gotdns.ch
ucrarow23.hopto.org
ucrarow24.myddns.me
ucrarow25.myftp.biz
ucrarow26.myftp.org
ucrarow27.ddns.net
ucrarow28.ddnsking.com
ucrarow29.3utilities.com
ucrarow30.bounceme.net
ucrarow31.freedynamicdns.net

# Reference: https://app.validin.com/detail?find=5e352ec49c836e132efadee959963d0f457822ba&type=hash&ref_id=8c835a65cf5#tab=host_pairs (# 2025-09-08)

04mxarjuntox04.bounceme.net
4rbr35.ddns.us
arjun112.ddnsfree.com
cmod01.longmusic.com
contadorgfa.organiccrap.com
contfjkda.organiccrap.com
contgjb.justdied.com
cpnel04.dynamic-dns.net
cpnel05.dynamic-dns.net
cpnel07.dynamic-dns.net
diasempre09.3utilities.com
geralka.justdied.com
karan.accesscam.org
mkx5.jkub.com
nyagaxpfpadaknf.jetos.com
ovheweluffzlw.justdied.com
r54r4.toythieves.com

# Reference: https://x.com/Merlax_/status/1969167116382454069

104.128.72.14:7578
217.182.105.61:8007
171.27.205.92.host.secureserver.net
183.129.205.92.host.secureserver.net
194.149.167.72.host.secureserver.net
59.225.205.92.host.secureserver.net
9ilmvsd50jdh.servequake.com
administracionbsgfd5s.unusualperson.com
administrativoloaisu2.stufftoread.com
admonk8siood.servep2p.com
aluminioscsxdw42.cable-modem.org
arquitectosmsjhd7.ciscofreak.com
asdfpoiu67q.sytes.net
asistentejanjs88.collegefan.org
cdolmgs620sx.sytes.net
clientesksmhdg52.couchpotatofries.org
comercialmskid8s.damnserver.com
compramnbscw8.servehumour.com
construccioneslwo923z.ditchyourip.com
constructoramsjhd1a.dnsfor.me
consultoresmsnvde5.dnsiskinky.com
consultoriamnvdw8.dvrcam.info
contabilidamskjdu8.point2this.com
corporativomskjduzx8.eating-organic.net
despachomsnbdew8.fantasyleague.cc
directormnvscdx2a.golffan.us
ds3wju8klo0s.viewdns.net
edcvfr5t7dx.servegame.com
equipomsnbcsd38.health-carereform.com
ertybnmcx2.zapto.org
exportacionmsnvd8sw.homesecuritypc.com
facturacionmsjhdt88.hosthampster.com
gbhncdsxza428.servemp3.com
guerrerohafscxsd8.net-freaks.com
hortifrutimsjhd88s.ilovecollege.info
industriesmsnvdc57.loginto.me
inmobiliariam8jhd828.mlbfan.org
jajhshysrreesx38.ddns.net
jhnbgtrfe5e8.serveirc.com
kisoafdsew4259.ddnsking.com
kkdhg43wsazx.hopto.org
l510nbsxy7.servepics.com
laojdhefrw91b4.myftp.biz
laosoiwueue92.bounceme.net
llskdhteue62.3utilities.com
logisticamsnvdc5928.servesarcasm.com
lsoduetetr5369.myftp.org
materialeskwiw928s.myactivedirectory.com
mecanicamskd92.mydissent.net
medicomskod92a8.myeffect.net
mjunhytgb67.serveftp.com
nhytoik87yxs.serveminecraft.net
ploikjytfs5728.servehttp.com
plouywtre5.servebeer.com
poikmjnhgbyt.redirectme.net
poosjjhdgfdv.serveblog.net
powiueyet535mz.myvnc.com
powmsjhdvfxcd02.onthewifi.com
pqoey6uet6bvcdx.myddns.me
psoodyet5353x.gotdns.ch
qcderfgtyhu9.servehalflife.com
qwalooterwe2309.freedynamicdns.org
restaurantemsjhd928.mymediapc.net
tosiyterwe243.freedynamicdns.net
transportemksid827.mypsx.net
vgynjim542b.webhop.me
xswcdevfrxs3.servecounterstrike.com

# Reference: https://x.com/Merlax_/status/1973567974645833955
# Reference: https://www.forcepoint.com/blog/x-labs/malware-lurking-behind-secureserver-net-urls

http://45.40.96.231
34.95.244.203:56789
198.148.167.72.host.secureserver.net
233.20.168.184.host.secureserver.net
gsc020983d.blob.core.windows.net
jpmorgan-fisrt.homelinux.com
worksone.servebbs.com

# Generic

/aj31.php
/ak51.php
/bd21.php
/bd22.php
/bd23.php
/bk71.php
/h781.php
/h783.php
/ju61.php
/ju62.php
/faq3Gz2.php
/index2ErZ.php
/admin/faq3Gz2.php
