# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: poseidon stealer, rod stealer, rodmacer stealer, crazyevil, mac.c stealer, macsync stealer, digitstealer, shubstealer

# Reference: https://twitter.com/phd_phuc/status/1651001139750420480
# Reference: https://twitter.com/phd_phuc/status/1651002681798926337
# Reference: https://www.virustotal.com/gui/file/2175cc3bc1e3bf4cc27a9524b34d47c14b9aa094061600c0c4bfee9447bd54b4/detection

37.220.87.16:5000
amos-malware.ru

# Reference: https://twitter.com/malwrhunterteam/status/1651496976486154240
# Reference: https://www.virustotal.com/gui/file/2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097/detection

3fa-all.life
any-viewer.com
app-torrent.org
app-trade.net
apps-torrent.com
apps-torrent.net
apps-torrent.org
apps-trade.org
apps-web.digital
atom-apps.net
auth-apps.club
auth-apps.org
auth-secure.org
axx-play.com
brav-down.com
brav-down.org
bravs-down.com
cosmos-network.io
ens-apps.com
evmchainlist.app
files-box.org
forexx-meta.com
gram-apps.com
gramm-download.net
gua-wallet.com
gua-wallet.org
itrezor.net
itrezor.org
keplrwallet.app
layerzero-foundations.net
memo-apps.net
memo-apps.org
meta-forexx.com
meta-forexx.net
meta-forexx.org
notion-apps.net
otp-apps.net
otp-apps.org
pass-save.com
ph-wallet.org
phan-apps.com
phantom-wallet.at
phantom-wallet.net
phantomm-wallet.us
play-axi.net
q-torrent.com
q-torrent.net
q-torrent.org
rabby-wallet.net
rabby.at
remote-apps.net
remote-apps.org
saver-pass.life
scroll-drop.net
scrollfoundation.net
scrollnetworks.net
secure-apps.org
security-apps.net
security-apps.org
skii-weaver.com
skii-weaver.net
team-apps.club
torent-u.com
tortent-u.com
tortent-u.org
twill-down.com
twillo2.club
u-torrent.org
unisat-wallet.net
unisat.at
uploads-test.org
uth-app.life
vl-play.club
w3fa-all.life
wallet-atom.com
wauth-secure.org
web-wallet.org
wu-torrent.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
# Reference: https://otx.alienvault.com/pulse/64fa053f6f16dd0914077358

app-downloads.org
trabingviews.com
u0131ews.com
xn--gsvews-r9a.com
xn--tradgsvews-0ubd3y.com

# Reference: https://twitter.com/1ZRR4H/status/1700206318718509292

cleanmac-app.top

# Reference: https://threatfox.abuse.ch/ioc/1164482/

http://185.106.93.154
maybe.host
api.maybe.host

# Reference: https://twitter.com/MalGamy12/status/1705151026976760309
# Reference: https://www.virustotal.com/gui/file/19023cd72c8de1423e8082232099c6e38db3e78ceca179af104a3b1ad579d8a5/detection

http://45.144.29.39

# Reference: https://urlscan.io/result/019a9882-7490-72ca-a016-fb42bf59990c/

http://45.144.52.134

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://185.215.113.116

# Reference: https://twitter.com/g0njxa/status/1710678871799152913

dafu-xiaoniangao.monster
/askdaskdIB/22987ggg
/22987ggg
/askdaskdIB

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://104.21.17.179
http://171.22.28.248
http://172.67.177.191
http://185.172.128.163
http://185.172.128.31
http://185.215.113.71
http://194.169.175.117
http://194.49.94.93
http://5.182.86.8
http://5.42.65.107
http://5.42.65.55
http://79.137.198.170
http://89.208.105.191

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
# Reference: https://otx.alienvault.com/pulse/655deaade608a53b8d4ada31

chalomannoakhali.com
jaminzaidad.com
royaltrustrbc.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.98/relations
# Reference: https://www.virustotal.com/gui/file/0956ab422b6bcc44fed1504b524c8bb8c4491da42552c3b179d6bbcb3dc24c85/detection

http://5.42.65.108
trialap.com
slack.trialap.com

# Reference: https://twitter.com/r3dbU7z/status/1748103869375128024
# Reference: https://www.virustotal.com/gui/ip-address/23.227.199.33/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.92.244.104/relations
# Reference: https://www.virustotal.com/gui/file/0316b4d2186dbfbaef8929cb18fed6d6a5ba7a923fd005c94b458b7dd3ada6a8/detection

daddyvjxsa.online
daddyvjxsa.site
parailels.online
parallells.online

# Reference: https://twitter.com/r3dbU7z/status/1755063296145736023
# Reference: https://twitter.com/r3dbU7z/status/1771867585673392149

aianubhav.com
accoun10.com
guruveera.com

# Reference: https://twitter.com/moonlock_lab/status/1772323469947978002
# Reference: https://www.virustotal.com/gui/file/511a01dcb0fe86c9f2f432400a28487d53e83cdb03af7701f28511f260eb1a83/detection
# Reference: https://www.virustotal.com/gui/file/07a4618b5d9e057de25977ec2bd698e3070280be162aaed16b45cdef3ccad862/detection

79.137.192.4:443

# Reference: https://twitter.com/r3dbU7z/status/1786009485846204504
# Reference: https://www.virustotal.com/gui/file/26576c710b3025a4e1b46f78a0e1a9a276e2107291771ae1a9792ebffa2ef930/detection

notion.ph

# Reference: https://twitter.com/birchb0y/status/1790746238758817821
# Reference: https://x.com/malwrhunterteam/status/1900612483900981277
# Reference: https://x.com/malwrhunterteam/status/1902272327980642718
# Reference: https://alden.io/posts/infostealers-a-brewin/
# Reference: https://app.any.run/tasks/834cae35-e7c8-4e63-a66b-814f676e6af2/
# Reference: https://app.validin.com/detail?type=raw&find=Homebrew+%E2%80%94+The+Missing+Package+Manager+for+macOS+%28or+Linux%29 (# 2025-03-14)
# Reference: https://www.virustotal.com/gui/file/513bb09807c9c343fccf7df30f687ea490125745e5ae02177c92efeb514e4b30/detection
# Reference: https://www.virustotal.com/gui/file/9a2e0aadd42144abf97232bff0d3dcec123004b07e1e771c82e0d04f7ae0971a/detection
# Reference: https://www.virustotal.com/gui/file/0a21b30f2e725b73160c542561bf68a2c8f53949557240db34d890583d02e30b/detection

http://109.120.178.3
http://158.255.213.85
http://162.252.175.220
http://167.234.213.68
http://185.246.130.141
http://188.127.225.100
http://5.255.107.149
http://5.42.100.86
http://77.221.151.41
http://79.137.192.4
http://82.115.223.176
http://85.217.222.185
http://94.124.160.117
79.137.192.4:443
94.124.160.117:443
applemacios.com
aroqui.com
axcrid.com
bodega-fyi.pages.dev
brew-download.com
brew.lat
brews.icu
brewsh.cc
brewshh.org
candao.top
coinpepe.xyz
drcohenmd.com
homabrews.org
homebrew-storage.com
homebrew.cx
homebrew.page
homebrewl.pro
hornebrew.mom
mpsime.com
nnvious.com
rectanglemac.pro
trello.bio
willowsushi.com
brew.pages.dev
docs.homebrew.cx
raw.brewsh.cc
raw.homabrews.org

# Reference: https://x.com/Threat_Down/status/1791912008746430748

http://5.182.86.95

# Reference: https://x.com/moonlock_lab/status/1793702034782433441
# Reference: https://www.virustotal.com/gui/file/60ad28afc1b3bd1cfd671c8f5fad7398e1cb7bd811498ef8a371007c4c32e75e/detection
# Reference: https://www.virustotal.com/gui/file/30b89622c779dd06faa909e7e0b8e88f3b75ca78fad00c4cf0ef7db320e3b218/detection
# Reference: https://www.virustotal.com/gui/file/2e3dcbccd9c774a43ec8565378c4ae9f4f6048b5f4c984d99e4f000858b688e3/detection

forked-project.com

# Reference: https://x.com/birchb0y/status/1793735550744375338
# Reference: https://app.validin.com/detail?find=185.172.128.72&type=ip4&ref_id=9fd035b569f#tab=resolutions

altllayer.com
earlymodenetwork.com
leaderwallets.org
lfgjupiter.com
mantanetwork.dev
newparadigm.dev
pixelcommunity.xyz
rodrigos.io

# Reference: https://x.com/Threat_Down/status/1794033775980032497
# Reference: https://www.virustotal.com/gui/file/27ed8f5684e32217a073200ac80d822825f4e9954797f6682c7a6c8d0951fb88/detection

http://65.108.232.23
calenserty.com

# Reference: https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/
# Reference: https://otx.alienvault.com/pulse/65b915078b79508127f170a9

arcbrowser.pro
cleanmymac.pro
parallelsdesktop.pro
pixelmator.pics

# Reference: https://x.com/arch1ehic0x/status/1803095125779791980
# Reference: https://x.com/karol_paciorek/status/1803357816746360903
# Reference: https://x.com/karol_paciorek/status/1803362692566028490
# Reference: https://app.validin.com/detail?find=ROD%20STEALER&type=raw&ref_id=2874a9d4ee7#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/b68fbd104d13e025928f29bb90a25ab5b552ba1275ccd11869cf626fca85fb46/detection

http://185.172.128.110
onipars.pw
truck-ord.site

# Reference: https://x.com/arch1ehic0x/status/1806678546607227054
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.60/relations
# Reference: https://www.virustotal.com/gui/file/474ee78c6636ee478ea7f4521559679fbc468bb326357737bfc465e63ed153fa/detection

agov-access.com
agov-access.net
agov-ch.com
agov-ch.net
register-agov.com
register-agov.net

# Reference: https://x.com/NDA0E/status/1806818805961912577
# Reference: https://x.com/bruce_k3tta/status/1887881634286108734
# Reference: https://x.com/g0njxa/status/1915698276206104905
# Reference: https://search.censys.io/hosts/185.147.124.212
# Reference: https://www.virustotal.com/gui/file/61b0b147bf9bec52818af09d10ca7b81bb94c07d964684f10360abfe426014ba/detection
# Reference: https://www.virustotal.com/gui/file/382b0c1923db5369787f84f839004c171e7d400482055725b091f5eede80a7a4/detection

http://185.147.124.212
http://88.214.50.3
185.147.124.212:22
185.147.124.212:3389
lascolinasresortdalas.com
login-auth-office.com
osheafarm.com
poseidon.cool
robsheraldry.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/ (# 2024-07-01)

http://186.2.171.60
http://37.27.82.196
http://68.66.226.80
186.2.171.60:443
37.27.82.196:443
agovaccess-ch.com
b2cidp-mobilier.com
bitp.alamri-ip.com
bitp.alan.my
bitp.alkareemimport.com
bitp.avansisgroup.com
bitp.blueroselb.com
bitp.clementinasketchbook.com
bitp.dicoar.com
bitp.ebibote.com
bitp.fromagetambourin.fr
bitp.grantindonesia.com
bitp.hapa5387.odns.fr
bitp.heavenconstruction.pk
bitp.heavenmarketing.pk
bitp.htechs.com
bitp.idealindustryltd.com
bitp.kkenterprises.pk
bitp.navihost.in
bitp.nwg.com.pk
bitp.olivrodapatria.online
bitp.ontech.co.zm
bitp.phrapitta.com
bitp.pisuka.com
bitp.pouradhwani.com
bitp.quasar.sa
bitp.quick-eg.com
bitp.raagifts.com
bitp.siupk.net
bitp.smslogin.xyz
bitp.sviat21.com
bitp.tami8849.odns.fr
bitp.tiedyeromania.ro
bitp.tilakhighfiji.com
bitp.weltpropiedades.cl
bitpa.ananyajain.com
bitpa.artemilenario.fr
bitpa.athleticshub.co.uk
bitpa.babajani.com
bitpa.bariel.co.id
bitpa.beautifulbooze.com
bitpa.bghbd.com
bitpa.bicoman.net
bitpa.casamagdalenapublicidad.com.co
bitpa.combienemetmonargent.info
bitpa.dctcbd.com
bitpa.desipolska.pl
bitpa.dogfestival.gr
bitpa.drcaraccessories.com
bitpa.eamarseba.com
bitpa.elshamel.online
bitpa.guptavedika.com
bitpa.hostpinas.com
bitpa.innovatalks.com
bitpa.jcaisse-dev.org
bitpa.mathinmaps.net
bitpa.mejoresconsejosvida.online
bitpa.miogatto.gr
bitpa.miogatto.greffectual
bitpa.moralesalducin.com
bitpa.mydreamsltd.com
bitpa.nationaltemps.co.uk
bitpa.neebs.edu.np
bitpa.newestrealty.com
bitpa.owanbefood.com.ng
bitpa.palms77hotel.com
bitpa.planethair.gr
bitpa.professoranagida.online
bitpa.pta-greece.gr
bitpa.remoteprints.com
bitpa.sarshipping.net
bitpa.smsfi.com
bitpa.socialobserver.in
bitpa.soltita.com
bitpa.tatlibuketi.com
bitpa.tigercampcorbett.com
bitpa.toel4298.odns.fr
bitpa.vendotuttonline.com
bitpa.vissnatech.ir
bp.4dpayme.com
bp.absolutairarcondicionado.com.br
bp.afrokulchagroup.com
bp.americansports.com
bp.aminadabelago.com.br
bp.appoemn.org
bp.bernard-bourcy.net
bp.blogcanadiense.com
bp.brankenattorneys.co.tz
bp.cairnhillwatches.com
bp.car.co.tz
bp.celebratebloomfield.org
bp.celloxwatches.com
bp.ctvidamelhor.com.br
bp.davidliving.com
bp.dieterforjudge.com
bp.dumbeg.com
bp.easthartfordinterfaith.org
bp.edgenetworks.rs
bp.emporioecuador.com
bp.fatp.co.tz
bp.flyingdonvstg.franciaim.net
bp.fortclean.net
bp.fursforus.net
bp.hotelultimafrontiera.com
bp.innovatalks.com
bp.isap-union.gr
bp.jpxhelmet.com
bp.kgcdiary.com
bp.kidsightusa.org
bp.killerworkdev.com
bp.linenessentials.com
bp.littleleafstudio.co.uk
bp.lyctechnologies.com
bp.marthareingold.com
bp.mgcsw.gov.ss
bp.mibenditoadolescente.com
bp.moimoveis.com.br
bp.movie.co.tz
bp.myindiamall.in
bp.natenrjs.com
bp.nationalbeatpoetryfoundation.org
bp.news.co.tz
bp.niceguyrebrands.xyz
bp.paltouchsystems.net
bp.petersparre.com
bp.rafikidodomahotel.com
bp.richardobenton.com
bp.riscasvicosas.pt
bp.saleseconomic.com
bp.sc1jtfu9765.universe.wf
bp.segurobligatorio.pro
bp.seo7sry.com
bp.shivaagorealty.com
bp.stasy-union.gr
bp.sygenpharma.com
bp.tdsorsta.ro
bp.trueearthchanges.com
bp.video.co.tz
bp.watertownctlions.org
bp.wegolions.org
bp.wheelsofwilliamsport.com
bp.wheelsofwilliamsport.net
bp.wocrimestoppers.org
bp.worldcup.co.tz
dibbadu.absoluteitbd.com
dibbadu.arkaconstructores.com
dibbadu.caelectrons.com.br
dibbadu.carboneralabanda.com.co
dibbadu.ciptransfer.com
dibbadu.dolphinmanagement.ro
dibbadu.evergraphics.com
dibbadu.geofieldp.com
dibbadu.institutointei.com
dibbadu.millennialstourandtravel.co.ke
dibbadu.myportfolio.com.co
dibbadu.nextsol.com.br
dibbadu.planamoveis.com.br
dibbadu.proexcon.com
dibbadu.promoveazaonline.com
dibbadu.smartfuture.co.za
dibbadu.sscmcc.cl
dibbadu.sulmov.com.br
dibbadu.trujilloserrano.com
eportal-be.com
eportal-bs.com
extraiptv.giize.com
finanzportal-vermogenzsentrum.com
finanzportal-vermogenzsentrum.net
getgrammerly.com
hd.hdweb2.pw
ip.tvguzel.com
loginzug.com
newcp.abagenciamarketingdigital.com
newcp.adrenalinanet.com.br
newcp.afrikwebacademy.com
newcp.americansports.com
newcp.amtech.sd
newcp.andersonconstantino.com.br
newcp.ankaracilingirci.com
newcp.ankaradatemizliksirketi.com
newcp.ankarasevkattesisat.com
newcp.arteimparables.online
newcp.atlasfizyoterapi.com.tr
newcp.aurcleaning.com
newcp.aurejewelry.ca
newcp.avalanche-store.com
newcp.balcovacicekciler.com
newcp.bayraklicicekciler.com
newcp.bazis-t.uz
newcp.beyondxgroup.online
newcp.bitezeventwedding.com
newcp.bizaccord.com.pk
newcp.bnkilaclama.com
newcp.bonggayon.com
newcp.bornovacicekciler.com
newcp.boscosoft.ae
newcp.botchats.in
newcp.brntemizlik.com
newcp.clay.net.in
newcp.colegioburiti.com.br
newcp.coliturcusco.com.pe
newcp.departamentosenpueblolibre.com
newcp.dihucar.com
newcp.dominantlegaltrans.com
newcp.essasattire.com
newcp.essentemizlik.com
newcp.fahadengineerings.com
newcp.franciaim.net
newcp.frederic-monereau.com
newcp.freud.radi0.im
newcp.fxtransportation.com
newcp.gaziemircicekciler.com
newcp.generation-green.ma
newcp.geofieldp.com
newcp.ghdemo.com.tr
newcp.grid-edge.com.au
newcp.gridedgenews.com
newcp.gssgroup.co.ke
newcp.h-bsofwares.com
newcp.harasselection.com.br
newcp.hiraotomatikkapi.com
newcp.hypercctv.org
newcp.icredes.com
newcp.iluminate.com.mx
newcp.induslab.net
newcp.inkopau-rentcar.com
newcp.ithalatcimiz.com
newcp.japeto.ro
newcp.jcgama.com
newcp.johnballis.com
newcp.karyacorp.com
newcp.libuinsi.my.id
newcp.liderford.com
newcp.lindaballis.com
newcp.lojaflordocerrado.com.br
newcp.lourencoviajante.pt
newcp.maeslanden.nl
newcp.maskinsoftware.com
newcp.maxxcontrol.com.tr
newcp.medyapm.com
newcp.meiya.co.ke
newcp.metse.co.bw
newcp.mexicodemaria.mx
newcp.multipolarsolution.com
newcp.naseemtravels.com
newcp.neutown.com
newcp.ngopicoding.com
newcp.niceguyrebrands.xyz
newcp.nirmalexpertsolutions.com
newcp.oiltanker.com.ng
newcp.olivrodapatria.online
newcp.perapeyzaj.com
newcp.piolinspa.cl
newcp.plastikiniai-langai.eu
newcp.pnmls.cd
newcp.posdata-si.com
newcp.qadricaterers.com
newcp.ram-service.cl
newcp.recubplast.com.co
newcp.royalcontingencia.com
newcp.rsquad.co.ke
newcp.safipompe.ma
newcp.sagarsprings.com
newcp.sbaqala.pk
newcp.sc3bhgr7781.universe.wf
newcp.seo7sry.com
newcp.skinorra.com
newcp.smartlabor.it
newcp.solarib.com
newcp.sosgestion.com.co
newcp.spiegelenergy.com
newcp.spiegelenergy.com.au
newcp.stargazemining.co.za
newcp.superanimalpet.com
newcp.tamilankadai.com
newcp.tamminguyen.co.uk
newcp.tammisnaps.com
newcp.techcube.in
newcp.termomecconsultoria.com.br
newcp.thebestbodrumtemizlik.com
newcp.thebestbodrumtemizlik.comlounge
newcp.thisisafricas.com
newcp.tuintiadmin.com
newcp.ultisol.co.za
newcp.universal-kikaku.com
newcp.uns-kikaku.com
newcp.urunstand.com
newcp.visualmakers.com.pk
newcp.vozminera.mx
newcp.wine-ar.com
newcp.youknowpeople.com
newcpp.1ihost.com.br
newcpp.3dsurf.ir
newcpp.4182-0006ac95072f.wptiger.fr
newcpp.abarclinic.com
newcpp.abrakadabra.com.pe
newcpp.aceleraventas.com
newcpp.activelifemd.com
newcpp.addisbasketball.com
newcpp.adrenalinanet.com.br
newcpp.afrokulcha.co.za
newcpp.afrokulchagroup.com
newcpp.afrokulchatravel.co.za
newcpp.almoajel.sa
newcpp.altaymediaalbania.org
newcpp.aminadabelago.com.br
newcpp.apa.ba
newcpp.aurejewelry.ca
newcpp.aurespa.ca
newcpp.averynigeria.com
newcpp.balebuku.my.id
newcpp.bandamuveegroov.com.br
newcpp.banjarkode.com
newcpp.better-gpt.org
newcpp.billionairesestate.com
newcpp.bocadosdeamor.com
newcpp.build-2-suit.com
newcpp.casadefriossaobenedito.com.br
newcpp.casamagdalenapublicidad.com.co
newcpp.cncmorelos.org
newcpp.confidable.com
newcpp.conquermark.com
newcpp.constructoraharr.clapostolic
newcpp.credencewatches.com
newcpp.damaskin.ro
newcpp.danmartin.ro
newcpp.dilagosburguer.com.br
newcpp.ditsaambiental.com
newcpp.dktravel.com.ec
newcpp.doncellafem.com
newcpp.dsts-immigration.com
newcpp.dungnguyenarchi.com
newcpp.durumdelight.com
newcpp.easthartfordinterfaith.org
newcpp.education21kulimpku.com
newcpp.embassydevelopments.com
newcpp.espace-food.com
newcpp.espinhoserosas.com.br
newcpp.exactcolor.co.ke
newcpp.faforlife.com.ng
newcpp.faforon.com
newcpp.faforon.com.ng
newcpp.falahatishop.com
newcpp.fatp.co.tz
newcpp.faybd.com
newcpp.fitnessupbeat.com
newcpp.fridaybd.com
newcpp.fundacionequiterra.org
newcpp.gemsinnovation.com
newcpp.gridedge.com.au
newcpp.gridedgenews.com
newcpp.h-bsofwares.com
newcpp.harmonyvillage.gr
newcpp.hotel.co.tz
newcpp.huncanlit.com
newcpp.husamekhrawesh.com
newcpp.ibis-inspection.com
newcpp.ilutex.com.br
newcpp.imcbgten4.org
newcpp.institutoiba.org.br
newcpp.inversionesllort.com
newcpp.isabelaayrosa.adv.br
newcpp.johnballis.com
newcpp.kgcdiary.com
newcpp.khabarworld.com
newcpp.killerworkdev.com
newcpp.kotok.net
newcpp.ktktech.my.id
newcpp.kystibbi.com.tr
newcpp.lacitavilla.com
newcpp.lakcards.lk
newcpp.lenterdit.com.ar
newcpp.levinesolutions.net
newcpp.lindaballis.com
newcpp.logdist.ma
newcpp.ludotenis.com
newcpp.luicreativestudio.com
newcpp.magyarkoltok.com
newcpp.mahtokitchencare.com
newcpp.meadvilleorthodontics.com
newcpp.medicalmedia.com.mx
newcpp.meiya.co.ke
newcpp.moimoveis.com.br
newcpp.moralesalducin.com
newcpp.movie.co.tz
newcpp.musamwaky.co.tz
newcpp.nationaltemps.co.uk
newcpp.natroglobal.com
newcpp.news.co.tz
newcpp.nonisec.com
newcpp.nonisec.com.ar
newcpp.ontrace.id
newcpp.park-systems.net
newcpp.payall.com.ng
newcpp.pkmkaranganyar.com
newcpp.pmkt.ao
newcpp.polomilano.com
newcpp.polyvin.com.br
newcpp.powerunits.com.ng
newcpp.powerunits.com.ngwittily
newcpp.powerunits.ng
newcpp.princekushwaha.com.np
newcpp.protrans.com.ph
newcpp.quantum-ev.co
newcpp.quasar.sa
newcpp.quasarful.com
newcpp.recettecuisinegastronomie.fr
newcpp.revenueacademy.it
newcpp.saamtrek.co.za
newcpp.sagarsprings.com
newcpp.sandrasperling.com
newcpp.sbtabriz.com
newcpp.sc1jtfu9765.universe.wf
newcpp.scotiaperu.pe
newcpp.seguroautoagora.com.br
newcpp.seis.co.ke
newcpp.sketchersdesign.co.ke
newcpp.smartzone.sa
newcpp.spiegelenergy.com
newcpp.sscmcc.cl
newcpp.stayeasyplus.com
newcpp.stratwood-gs.ro
newcpp.streakk.com.ng
newcpp.tabledemassagepliante.fr
newcpp.tdsorsta.ro
newcpp.techtrust.pt
newcpp.tecsoluciones.com.pe
newcpp.testabeko.mamaquette.fr
newcpp.thehumanitarianfund.org
newcpp.themavvel.co.ke
newcpp.tracymasonmedia.com
newcpp.uns-kikaku.com
newcpp.uptourismguide.com
newcpp.upvs.com.ng
newcpp.urushomestay.com
newcpp.vanguardaamazonense.com.br
newcpp.wecarefamilydentistry.com
newcpp.wpsuperlink.online
newcpp.wychelmconnect.com.ng
newcpp.xyfinity.co.za
newscp.aaptiroots.in
newscp.academicindia.in
newscp.aeni-script.my.id
newscp.agenciazurc.com.br
newscp.ainirentcar.com
newscp.akia.com.mx
newscp.alauddinsweetmeat.com.bd
newscp.allkemie.com
newscp.almastudio.pe
newscp.antaema.com
newscp.arabic.du.ac.bd
newscp.area14st.com
newscp.aromatherapyacademy.com
newscp.atiliomarola.com.ar
newscp.aunurrafiqofficial.com
newscp.bangfirmanofficial.com
newscp.bariel.co.id
newscp.blueheadfilms.com
newscp.botchats.in
newscp.carboneralabanda.com.co
newscp.carvalhocruz.com.br
newscp.cgsbim.cl
newscp.chaucatotoursperu.com
newscp.clay.net.in
newscp.cncmorelos.org
newscp.colbachabierto.com
newscp.colbiomor.org
newscp.computertechsperts.com
newscp.contechprojects.com
newscp.danmartin.ro
newscp.darfurfm.sd
newscp.debambu.es
newscp.debellis.com.br
newscp.digitalmaster.ro
newscp.dolphinmanagement.ro
newscp.dominioarquitectura.com
newscp.ebitan.com.bd
newscp.entreprisesdavenir.fr
newscp.exideinverterbattery.in
newscp.fatp.co.tz
newscp.gclenterprises.in
newscp.geber.com.mx
newscp.geliankft.hu
newscp.grupoempresarialvasram.com
newscp.grupomv.com.py
newscp.hchemical.sd
newscp.heefhotel.com
newscp.hospitaldesanluis.com.co
newscp.hotelultimafrontiera.com
newscp.hydrosolutions.pe
newscp.ibis-inspection.com
newscp.inncomex.com.mx
newscp.internetareal.net.br
newscp.janeladedramaturgia.com
newscp.junoindia.com
newscp.kashier365.com
newscp.khulumameals.co.za
newscp.laboratoriomacruzfarma.com
newscp.lf21.my.id
newscp.machaquila.com
newscp.mappingcanvasser.com
newscp.maridadymotors.co.ke
newscp.mexicodemaria.mx
newscp.mgglobalinvest.com
newscp.myindiamall.in
newscp.myportodigital.site
newscp.ndwc.com.py
newscp.nextsol.com.br
newscp.nppp.pk
newscp.nsaservices.com.br
newscp.oanachivu.ro
newscp.officialrtv.com
newscp.oiltanker.com.ng
newscp.ontrace.id
newscp.posdata-si.com
newscp.psiqo.com.pe
newscp.rafaelhsouza.com.br
newscp.ranasariagroup.com
newscp.roborave.mx
newscp.romalogistics.com.pe
newscp.sacs.ec
newscp.sagarsprings.com
newscp.savannah.sd
newscp.sc1dsnb7288.universe.wf
newscp.sc1tmtd4794.universe.wf
newscp.sc3bhgr7781.universe.wf
newscp.seotoronto.company
newscp.siarabd.com
newscp.slagveld.co.za
newscp.soltani-shopping.com
newscp.srprof.com
newscp.superanimalpet.com
newscp.swammovers.com
newscp.thirtyline.com.my
newscp.top2stay.com
newscp.tora-ks.com
newscp.tracymasonmedia.com
newscp.trimitrateknikmandiri.com
newscp.universalauto2000.it
newscp.usgonline.mx
newscp.valledelinka.com.pe
newscp.webhostingneo.co.id
newscp.xmartechpro.com
newscp.xpresscard.info
newscp.youthtuko.org
panda.arcaem.com
panda.ckinam.com
panda.creativeeventsbd.com
panda.dilagosburguer.com.br
panda.ffde.com.br
panda.fxtransportation.com
panda.grupoqueiroz.pt
panda.japanbangladeshhospital.com
panda.laofix.com.tr
panda.levinesolutions.net
panda.lojaniq.com
panda.sixfibras.com.br
panda.superdreadi.com
panda.tafca.cl
panda.vifurni.com
panda.viralhab.com
panda.vuacanvas.com
pipp.agauto.co.ke
pipp.debellis.com.br
pipp.diasecampos.com.br
pipp.dilagosburguer.com.br
pipp.dipankardey.com
pipp.eshaqlaw.com
pipp.japanbangladeshhospital.com
pipp.laofix.com.tr
pipp.nsaservices.com.br
pipp.pantallita.com
pipp.retromad1.ro
pipp.seo7sry.com
pipp.showroomilgiornodopo.it
pipp.sixfibras.com.br
portals-swisslife.com
sso-geneveid.com
tv.surebettr.com
tv.yayins.com
zestyahhdog.com
zug-login.com

# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.59/relations

bitp.funhaus.com.br
bitp.lesamisduvelo.fr
bitpa.adm-informatique.fr
bitpa.alkoukhonline.com
bitpa.amberconsult.com.ng
bitpa.ananyaholidays.com
bitpa.ananyaresorts.com
bitpa.ananyaventures.com
bitpa.arthamari.com
bitpa.beautygirlmag.com
bitpa.bocadosdeamor.com
bitpa.dealiatrade.pl
bitpa.dsborneo.com
bitpa.ektajain.com
bitpa.hippocampusinfotech.com
bitpa.lousamel.pt
bitpa.ludotenis.com
bitpa.matrixintertrade.co.th
bitpa.metodologiavirtual.com
bitpa.onpo.com.tr
bitpa.papoetoys.com
bitpa.racq2120.odns.fr
bitpa.registrocolegiados.cl
bitpa.ronafortuna.com
bitpa.ronakglobal.com
bitpa.sarkerrentacar.com
bitpa.telecos.com.pe
bitpa.tradingchilespa.cl
bp.3kmystore.com
bp.4dceria.com
bp.adlibmanagement.com
bp.affixsolution.com.br
bp.afrokulcha.co.za
bp.ainirentcar.com
bp.apotekavesta.rs
bp.appservice.com.mx
bp.aromatherapyacademy.com
bp.artemilenario.fr
bp.artnathacha.com
bp.be-tronics.com
bp.bizaccord.com.pk
bp.bloomfieldcthistory.org
bp.blueheadfilms.com
bp.branditmediahouse.co.za
bp.campovalepet.com.br
bp.checkedgar.com
bp.chuckoakes.net
bp.computertechsperts.com
bp.credencewatches.com
bp.ctgerizim.com.br
bp.diasecampos.com.br
bp.digitalforall.com.ng
bp.dilagosburguer.com.br
bp.dreamakerbd.com
bp.dremilio.com.br
bp.dungnguyenarchi.com
bp.e-drimer.pe
bp.ecce-groups.com
bp.ecomingrupo.com
bp.edu365pro.com
bp.emohoytsega.com
bp.erkutbarel.com.tr
bp.espace-food.com
bp.ets-kadydier.com
bp.excellentagro.biz
bp.faybd.com
bp.feedingspeedy.com
bp.gavasilva.adv.br
bp.gmseafood.cl
bp.grupoempresarialvasram.com
bp.haseed.com
bp.hex29.io
bp.holaquetal.tur.br
bp.homecityseremban.com.my
bp.hotel.co.tz
bp.hypercctv.org
bp.ibis-inspection.com
bp.induplastico.com.br
bp.instalarmacros.info
bp.itiss-cloud.com
bp.jerrylabriola.com
bp.jerrytalks.com
bp.josuesantana.com.br
bp.jprhelmet.com
bp.julianafabrizzi.com.br
bp.katariorganics.com
bp.kwickboxconsultant.com
bp.legitinteriordesign.com
bp.lexis.ma
bp.liazo.com
bp.lilianmeneghel-imoveis.com.br
bp.lionsdistrict23c.org
bp.lionslowvisionctr.org
bp.livingstonedameh.com
bp.lmmotors.com.pe
bp.mail.co.tz
bp.metodologiavirtual.com
bp.metse.co.bw
bp.mibusbolivia.com
bp.mirantedosgolfinhos.com.br
bp.montrexwatches.com
bp.moodle3.cfjulioresende.org
bp.mrsocial.io
bp.niemandsland.net.bo
bp.nynews.live
bp.payall.com.ng
bp.petercianciolo.com
bp.pilaresdealejandria.com.ar
bp.pncoaching.com
bp.pnmls.cd
bp.pousadavilladosgolfinhos.com.br
bp.powerunits.com.ng
bp.powerunits.ng
bp.quantum-ev.co
bp.radiopionerosfm.com
bp.ragdespace.com
bp.rarespeak.com
bp.ravinegloryhospital.co.ke
bp.realpromotora.com.br
bp.regig.org
bp.rowsolution.com
bp.sandrasperling.com
bp.sanymakmur-tc.com
bp.schulmanlaw.net
bp.sistem.eng.br
bp.sixfibras.com.br
bp.spotlesscrystal.com
bp.stwatertechnic.com
bp.t201.eliti.com.br
bp.taalisip.com
bp.techcube.in
bp.techdataminds.in
bp.tezas.in
bp.tracymasonmedia.com
bp.upvs.com.ng
bp.urushomestay.com
bp.venturarodrigues.pt
bp.westernhealthcareservices.com
bp.wissenfamily.org
bp.xyfinity.co.za
ddbyav.xiangjige.com
dibbadu.2kconstructores.com
dibbadu.4vipdjs.com
dibbadu.andresdeveloper.com
dibbadu.autobase.gr
dibbadu.byestrategica.com
dibbadu.centi.co.ke
dibbadu.fabconline.net
dibbadu.gaal0548.odns.fr
dibbadu.graphichub.in
dibbadu.hotelangasmayo.com
dibbadu.iiocouncil.com
dibbadu.inelco.com.mx
dibbadu.junoindia.com
dibbadu.kntgroup.co
dibbadu.logopidea.com
dibbadu.makeopportunity.org
dibbadu.onchange-group.com
dibbadu.pacegallary.com
dibbadu.rumahtua.net
dibbadu.saleseconomic.com
dibbadu.samaelcasanova.com
dibbadu.sc1ozko2782.universe.wf
dibbadu.sc4jtfu9765.universe.wf
dibbadu.showrender.com
dibbadu.techmarketim.com
dibbadu.tezas.in
dibbadu.trackingcookie.info
dibbadu.tuintiadmin.com
dibbadu.viproc.cl
flipdna.com
horoscopo-2022.org
horoszkop2022.com
newcp.agenciadss.com.py
newcp.amaya.cl
newcp.amshesp.com
newcp.appservice.com.mx
newcp.azharconstruction.com
newcp.carvalhocruz.com.br
newcp.celis-massage.fr
newcp.ciaosa.com
newcp.continentlpe.info
newcp.credillants.pe
newcp.diasecampos.com.br
newcp.drajna.ro
newcp.gridedge.com.au
newcp.ibis-inspection.com
newcp.izmircicekciler.com
newcp.marembal-group.com
newcp.simaltrading.nl
newcp.supraseg.com.br
newcp.thirtyline.com.my
newcp.uje.com.co
newcpp.75d7-4bcef4b19275.wptiger.fr
newcpp.adlibmanagement.com
newcpp.affixsolution.com.br
newcpp.agauto.co.ke
newcpp.akilimingi.com
newcpp.antaema.com
newcpp.arcaem.com
newcpp.asainformaticarj.com.br
newcpp.bbwayplastic.com
newcpp.blogcanadiense.com
newcpp.borchtechnology.com
newcpp.car.co.tz
newcpp.cbrsanpedrodelapaz.cl
newcpp.celloxwatches.com
newcpp.collecteau.fr
newcpp.cuentasstreaming.com
newcpp.desiexpats.com
newcpp.ecomingrupo.com
newcpp.educar.com.vc
newcpp.educarinformatica.com.br
newcpp.erkutbarel.com.tr
newcpp.exwebian.com
newcpp.fabconline.net
newcpp.farlujotna.sn
newcpp.fortclean.net
newcpp.foundingfarmerssnacks.com
newcpp.iiocouncil.com
newcpp.impulsedesenvolvimento.com.br
newcpp.informatikaunwaha.com
newcpp.iradio.co.in
newcpp.itiss-cloud.com
newcpp.jcgama.com
newcpp.kanderia.com
newcpp.kento.ec
newcpp.lycominggop.org
newcpp.manaliindiancuisine.es
newcpp.marthareingold.com
newcpp.math.shorbanggo.com
newcpp.mensmadness.com
newcpp.montrexwatches.com
newcpp.mopedic.gm.so
newcpp.moralesiluminacion.com.mx
newcpp.mysterebeauteproducts.com
newcpp.natural-ubiquinol.com
newcpp.nazathai.net
newcpp.nevestech.com.br
newcpp.nyaligalumni.com
newcpp.olivrodapatria.online
newcpp.pakrevolutions.com
newcpp.pantallita.com
newcpp.rayonclothings.com
newcpp.razhmana.com
newcpp.rplogistic.com
newcpp.sara-baby.dz
newcpp.sarmayenegar.ir
newcpp.sc2jtfu9765.universe.wf
newcpp.scandent3d.cl
newcpp.seo7sry.com
newcpp.skiener.ch
newcpp.socialstrategy.pk
newcpp.soteriabiblecollege.com
newcpp.spotred.co.ke
newcpp.supraseg.com.br
newcpp.tagudinmarket.net
newcpp.timezoneservice.com
newcpp.view-mind.com
newcpp.viralhab.com
newcpp.vows-plus.com
newcpp.wheelsofwilliamsport.com
newcpp.ximaluster.com
newcpp.youknowpeople.com
newscp.afrodigitaltd.com
newscp.balebuku.my.id
newscp.capitalrobotia.com.mx
newscp.clinicamaranatha.com.br
newscp.clinicdental.in
newscp.drmahadihasan.com
newscp.erdilmen.com
newscp.eschaton2012.ca
newscp.feedingspeedy.com
newscp.flashcenter.com.br
newscp.gssgroup.co.ke
newscp.hex29.io
newscp.induslab.net
newscp.irisspamysore.in
newscp.jarkonrel.com
newscp.kalnemi.org.mx
newscp.maeslanden.nl
newscp.marembal-group.com
newscp.mariomatic.com.br
newscp.marketeate.com
newscp.masterbusiness.adm.br
newscp.moodle3.cfjulioresende.org
newscp.musaston.com
newscp.nasseradv.com
newscp.nextnovatech.com
newscp.omicc.ca
newscp.printshopper.in
newscp.promoveazaonline.com
newscp.rplogistic.com
newscp.seo7sry.com
newscp.skainetwork.com
newscp.sosgestion.com.co
newscp.sunrialimited.com
newscp.sunrialimited.com.ng
newscp.superbicideermita.com.mx
newscp.titikakamining.pe
newscp.verdelima.com.br
newscp.victorgonzalez.ca
panda.ainaofficial.com
panda.aminadabelago.com.br
panda.appservice.com.mx
panda.beesboertm.co.za
panda.businessgroup.pk
panda.corazza.co.za
panda.iga.co.rw
panda.mopedic.gm.so
panda.mrf-uganda.org
panda.nsaservices.com.br
panda.nyaligalumni.com
panda.ordonezsrl.com.ar
panda.prvapomoc.org
panda.virtualeventscenter.net
panda.wookapp5.com
pipp.espace-food.com
pipp.phrapitta.com
pipp.rggrandhotel.com
pipp.skmuhibbahraya.net
pipp.tredamschools.com.ng
pipp.zero4communication.net
sharehippo.com
wilkersontech.com
yinghuaxia.com
yiyuanzhou.com
yuruifu.com
zhaoriyue.com
zhaosf.nl
zhenhuanyu.com

# Reference: https://www.validin.com/blog/pivoting-to-expand-threat-intelligence/

tl-group.org
tlgroupe.com

# Reference: https://x.com/4n6Bexaminer/status/1820718431257428297

http://193.124.185.23

# Reference: https://x.com/Huntio/status/1820797152085582112
# Reference: https://moonlock.com/loom-macos-stealer

http://147.45.199.1
http://85.28.0.47
dinoverse.app
dinoverse.co
landofdreams.io
smokecoffeeshop.com
tnelloproject.com

# Reference: https://x.com/4n6Bexaminer/status/1822281363946381501
# Reference: https://tria.ge/240810-q2exvawdjb/behavioral1
# Reference: https://www.virustotal.com/gui/file/5ddc1391142c64074354adc87c62f0a048704a490ee785412a64896b0271da39/detection
# Reference: https://www.virustotal.com/gui/file/90f20a29ecc7dfe78341f418105f96604ef412722b0e59e4f1b59a552b02da29/detection
# Reference: https://www.virustotal.com/gui/file/a30ddee89d8fdbb64e84643833ddd8e8fade1e9d98e695956a76a79e8fd7e1ee/detection
# Reference: https://www.virustotal.com/gui/file/e16130704c03cbff99d5990da4e40933347e26b711bfdc579eb99d82725d71f7/detection

http://109.120.176.156
megantic.online

# Reference: https://x.com/4n6Bexaminer/status/1822284540527640735
# Reference: https://www.virustotal.com/gui/file/8becf02ba162c3885ade87fb4634c5d119f411f11c2524284107c5555cbd9b87/detection
# Reference: https://www.virustotal.com/gui/file/305868a8be14bd82f86e6aaa4afd639ad10923741faffe921340dcfa2cdaf9e4/detection

http://185.7.214.148
cleanmylaptopmac.com
eurosocceradventure.com

# Reference: https://twitter.com/malwrhunterteam/status/1704395617399652572
# Reference: https://www.virustotal.com/gui/ip-address/159.203.89.132/relations
# Reference: https://www.virustotal.com/gui/file/ab00aaf35d2db919c71b65c7d8bcb5d3879dbf00b9ff136104caded2a70fc856/detection
# Reference: https://www.virustotal.com/gui/file/34ff1240fcaaae2a37665325f587affcf786cf2c875ea09b7b602a62599bca78/detection
# Reference: https://www.virustotal.com/gui/file/6d47c0554abb8187d4dfc36ad9a242da453f7942b5e60bb0ee170b54caac0cac/detection

cellasllc.com
apps.cellasllc.com

# Reference: https://x.com/malwrhunterteam/status/1794256341508468761
# Reference: https://www.virustotal.com/gui/file/89f991ea9ce2c5b59cc07b703d4052231603601aae1b35cc34b258089b5253d2/detection
# Reference: https://www.virustotal.com/gui/file/5879bcbc293a6278d57fcb61b40bc7f3b351be4307cf888769d726d603033a1b/detection

account.worldhealthresearch.org

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/
# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/

http://185.172.128.110
http://185.172.128.123

# Reference: https://x.com/MalGamy12/status/1826621858319663565
# Reference: https://www.virustotal.com/gui/file/6f429ae81ef2b99cd357ae51da315723ab10f3ee54780b82374000cbee430687/detection

http://45.93.20.174
activecitrux.com
aimodel.itez-kz.com
akool.cleartrip.voyage
akool.travel-watch.org
akordiyonegitimi.com
albert.flora-kz.store
andrewsheppard.com
apkportion.com
b.nenkinseido.com
basgitaregitimi.com
clear-trip-ae.com
cleartrip.voyage
flora-kz.store
flow-kz.store
haiper.cleartrip.voyage
haiper.itez-kz.com
haiper.travel-watch.org
havoc.travel-watch.org
highschools2009.com
imageunic.com
itez-kz.com
load.activecitrux.com
load.managerthreads.com
locktgold.travel-watch.org
managerthreads.com
millikanrams.com
newcastlelimos.com
ns1.millikanrams.com
ns2.millikanrams.com
openaai.clear-trip-ae.com
panel.x00x.online
sorablack.cleartrip.voyage
sunumofisi.com
sweethome.travel-watch.org
synthesia.cleartrip.voyage
synthesia.flow-kz.store
synthesia.travel-watch.org
travel-watch.org
uizard.cleartrip.voyage
uizard.flow-kz.store
uizard.travel-watch.org
weface.cleartrip.voyage
weface.travel-watch.org

# Reference: https://x.com/NDA0E/status/1826640848949575938

apple-kz.store
bendiregitimi.com
l.apple-kz.store

# Reference: https://x.com/maulikl/status/1826727004458422674

agattiairport.com
alcokz.net
basgitardersi.com
bignoxplay.com
freecad-build.com
journeyart.org
ldeogramm.com
leboncoin-fr.eu
leonardo-ai.me
softimageai.org
waltkz.com
sweetbonanzadeserts.com
adwq.leonardo-ai.me
asd.leboncoin-fr.eu
load.freecad-build.com
load.journeyart.org
load.ldeogramm.com
load.softimageai.org
loader.waltkz.com
ns.basgitardersi.com
test.alcokz.net
testtwo.alcokz.net
up.bignoxplay.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash&ref_id=f3f25cf2cce#tab=host_pairs_v2

akordiyondersi.com
albanianvibes.com
ambisecperu.com

# Reference: https://x.com/NDA0E/status/1827318701063860299

techdom.click
aimodel.techdom.click
face.techdom.click
facetwo.techdom.click
haiper.techdom.click
luminarblack.techdom.click
synthesia.techdom.click

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/ (# 2024-08-25)

http://147.45.43.136
http://193.233.132.40
http://45.134.26.7
http://5.42.96.124
http://5.42.96.184
http://77.221.151.45
http://77.221.151.54
http://77.91.77.178
http://77.91.77.38
http://77.91.77.40
http://77.91.77.87
http://77.91.77.88
http://85.209.11.155
http://94.232.249.65
http://95.216.96.104

# Reference: https://app.validin.com/detail?find=413e3a6ee9a4cfe0763c01425a5c9ed0&type=hash#tab=host_pairs_v2

damobile.net
woltde.com
mulkrsvtolooy8s.woltde.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/ (# 2024-09-02)

http://147.45.47.170
http://185.235.128.217
http://185.28.119.85
http://194.59.183.241
185-235-128-217.netherlands-2.vps.ac
amika.pro

# Reference: https://www.virustotal.com/gui/domain/onlyfor.pro/detection

onlyfor.pro

# Reference: https://www.virustotal.com/gui/ip-address/193.233.132.137/relations
# Reference: https://www.virustotal.com/gui/file/0e520908d451c0366b600b08990e9f1958414fcdf67c9401c1319303e95847d9/detection

http://193.233.132.137

# Reference: https://x.com/privacyis1st/status/1840786883959251429

http://209.126.1.139

# Reference: https://x.com/osint_barbie/status/1840865672449995261
# Reference: https://tria.ge/240930-a1fjzsycmr/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/94.232.249.131/relations

alienmanfc6.com
apunanwu.com
cphoops.com
iloanshop.com
kansaskollection.com
ledger-cloud.com
makenleane.com
mdalies.com
modoodeul.com
pakoyayinlari.com
patrickcateman.com
phperl.com
stonance.com
utv4fun.com
/458f4bda41bc00314/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php
/kusaka.php?call=
/kusaka.php

# Reference: https://x.com/ryanchenkie/status/1880730173634699393
# Reference: https://x.com/banthisguy9349/status/1881071388381032933
# Reference: https://urlscan.io/search/#81.19.135.228
# Reference: https://app.validin.com/detail?type=ip&find=81.19.135.228#tab=host_pairs (# 2025-01-19)

http://81.19.135.228
99smoothfm.com
altreklama.com
apcmidland.com
bellwethersurveys.com
benvixa.com
biztus.com
blogorious.com
brucall.com
caniberich.com
cdn-telegram.cyou
cpofficial.com
credovsnra.com
dazhongyao.com
devpe.com
dgsinfo.com
djhyzhicai.com
dunkdeal.com
ecolumy.com
escapeesrvclub.com
gokujoutabi.com
hhynetwork.com
hinckleywebandprint.com
hwebprint.com
jaffarkhan.com
jesumaraz.com
jpavuluri.com
koollyrics.com
kypeti.com
louisianaquickfind.com
loumvideo.com
lovlypets.com
macossoft.com
mascotaenadopcion.com
messiku.com
mx9x.com
netextendersupport.com
newtabwallpaperstheme.com
norikosumiya.com
omerve.com
oouatsup.com
picsler.com
pilzmacher.com
pimmes.com
playchees.com
qdhaoge.com
quevalencia.com
realbenies.com
rgueapp.com
roonvar.com
sarahwillemart.com
schytcdagl.com
shahrsaz.com
soccerimg.com
spalumiere.com
spbsky.com
studioq202.com
tao025.com
tao221.com
tao816.com
tao886.com
tao977.com
taytrin.com
teganlily.com
tiaoshibao.com
tjsemicoke.com
tssale.com
update-appstore.com
vladistudio.com
whsdns.com
wikishared.com
xiangtanjk.com
yaocanting.com
zhongdaauto.com
zoamaster.com
zontricks.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash#tab=host_pairs_v2
# TITLE-HOST=Runway Research | Introducing Runway Gen-4

http://82.197.67.174
http://82.221.139.121
aiaggregator.com
archerwescott.com
bateriegitim.com
baumanufaktur-muenster.com
bjj-gameplan.com
leboncoin.legal
cv.leboncoin.legal
polyling.leboncoin.legal
scrip.leboncoin.legal
script.techdom.shop
techdom.shop

# Reference: https://x.com/Malwarebytes/status/1843401297246269675
# Reference: https://www.malwarebytes.com/blog/news/2024/10/large-scale-google-ads-campaign-targets-utility-software

aerodrame.finance
creativekt.com
designexplorerapp.net
foreducationapp.com
studioplatformapp.net
turnrevenue.com
workmeetingsapp.com
clockify.turnrevenue.com
notion.foreducationapp.com
odoo.studioplatformapp.net
slack.aerodrame.finance
slack.designexplorerapp.net
slack.workmeetingsapp.com

# Reference: https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/

bowerchalke.com
carolinejuskus.com
cautrucanhtuan.com
dekhke.com
lirelasuisse.com
mensadvancega.com
mishapagerealty.com
pabloarruda.com

# Reference: https://x.com/suyog41/status/1851507299073864016
# Reference: https://www.virustotal.com/gui/file/a33705df80d2a7c2deeb192c3de9e7f06c7bfd14b84f782cf86099c52a8b0178/detection

http://194.169.175.117

# Reference: https://x.com/malwrhunterteam/status/1857726856675430531
# Reference: https://www.virustotal.com/gui/file/4fb1fa11f4077e8406ac11e55476d4f6852cc75087063b385060d81c9c166a7f/detection

http://70.34.213.27

# Reference: https://x.com/malwrhunterteam/status/1858482586583998838
# Reference: https://www.virustotal.com/gui/file/ca0f682a5f492c20181ddae738212c8490e4b8e0c1b4fa4b8f5bc48de4592fb7/detection

http://141.98.9.20

# Reference: https://x.com/banthisguy9349/status/1873402882424455582
# Reference: https://x.com/malwrhunterteam/status/1889723588195782906
# Reference: https://www.virustotal.com/gui/file/8d947518564bdbefc9af3811a44f856f8ceea0864cbc0a17f06c04f4f3a4a7d0/detection

http://141.98.9.201
http://141.98.9.202
http://141.98.9.203
http://147.22.1.1
http://147.45.43.49
http://185.174.136.197
http://192.233.132.188
http://193.124.185.50
http://193.124.185.53
http://193.124.185.54
http://193.233.132.126
http://193.233.132.131
http://193.233.132.132
http://193.233.132.138
http://193.233.132.155
http://193.233.132.168
http://193.233.132.188
http://194.120.116.186
http://5.44.41.73
http://85.192.63.234
77.221.134.79:5000
fantafab.com
/81bD01OkzH1z

# Reference: https://x.com/suyog41/status/1877182323340488974
# Reference: https://www.virustotal.com/gui/file/ee015087be69203435175c256ee689a00f9ec693e146536c8c132e3311975ec2/detection

http://81.19.135.54

# Reference: https://x.com/gregclermont/status/1877294378663784912
# Reference: https://www.virustotal.com/gui/file/fa1ffa024184f8ade3ef294b5a7a485a48f52361fbf53d37635c2079c57ebcbb/detection
# Reference: https://www.virustotal.com/gui/file/9a0065d15c985dc95189a5c9e808d0209b6d473dd6f44d328bd3c1d42aaabe4d/detection

brewmacos.com

# Reference: https://x.com/suyog41/status/1878707544576974922
# Reference: https://www.virustotal.com/gui/file/80f492d98f2f409de8d9bd4c35b4f4b616ea1e4e855ed3bdc46bf9a7a956f274/detection
# Reference: https://www.virustotal.com/gui/file/8d2bb3be043442dac22f480f02b449525d5ba99b25f95330b674b8face07bcea/detection
# Reference: https://www.virustotal.com/gui/file/b365ac9a8b2dac885d0dfbd765f4b7b08681e4429f0394781e7d0ccbc50d6044/detection
# Reference: https://www.virustotal.com/gui/file/e064ac38282b8abbca176fcee2e2c792e885c49254d986589d974186aecd940a/detection

http://217.69.2.169

# Reference: https://x.com/motuariki_/status/1851386452590158205
# Reference: https://binhex.ninja/malware-analysis-blogs/amos-stealer-atomic-stealer-malware.html
# Reference: https://www.virustotal.com/gui/file/2f1d906d4ddcdba0425062d3814c89a93a514491a92154be74a4643b5c8c4d14/detection

http://141.98.9.20

# Reference: https://x.com/suyog41/status/1881230577199902765
# Reference: https://www.virustotal.com/gui/file/b73216b8c63faf542814a99389fb63de5fddf3800305dbecfe7aa3b9c0d9ab2a/detection

b2eb-115-135-31-192.ngrok-free.app

# Reference: https://x.com/banthisguy9349/status/1881091525427503602

/H0qlUfGV5EU2zrp3wYKr0

# Reference: https://x.com/i/bookmarks?post_id=1881563556736545256
# Reference: https://www.virustotal.com/gui/file/08caa600a0a35bfbbc2f6465877aa28d94ab499c7ffda8b921fb26d3aa59fd15/detection

demeijer.cfd
praanic.cfd

# Reference: https://x.com/suyog41/status/1881944554993267176
# Reference: https://app.validin.com/detail?find=91.202.233.202&type=ip4&ref_id=1df54403cc8#tab=host_pairs

5rd5tgh.cfd
bfgnet.cfd
bfgnet.icu
bmwqq.icu
explosem.cfd
hdking.cfd
ssrtool.icu
twoc.life
yogeshlond.cfd

# Reference: https://x.com/suyog41/status/1882294278086656352
# Reference: https://www.virustotal.com/gui/file/bc933b5ecca8b3864741c92fe0682f41a36bf809862ec9a61b09c83ad7b3d6ce/detection

sbdar.com

# Reference: https://x.com/suyog41/status/1882665545948069933
# Reference: https://www.virustotal.com/gui/file/f8ee5a52ce151c8120f0824593a9d8e153fc925380afcdb1fcdba0fa16147174/detection

luumu.cfd

# Reference: https://x.com/suyog41/status/1883765480827338881
# Reference: https://www.virustotal.com/gui/file/545b52fa91376883bee84c1c3220b1f16d079c1d85718f6bfc1119d685675385/detection

rickardmetal.com
wiramulia.com

# Reference: https://x.com/suyog41/status/1884123851195572527
# Reference: https://www.virustotal.com/gui/file/a6b35fce9e362a29b298090279b87c206d74b1bc00db0b86781f0a68e560c8b4/detection

http://82.115.223.9

# Reference: https://x.com/malwrhunterteam/status/1887415640597647406
# Reference: https://www.virustotal.com/gui/file/ad4e08c042b0cb618c181be11d72bc049b3799dbb946d58502a6df84f64d2741/detection

http://65.20.101.215

# Reference: https://x.com/suyog41/status/1889669330822111694
# Reference: https://www.virustotal.com/gui/file/809c93b69787a489bc92720dae1d69d03e76251b0c93c6e5e0b7db1a8197af19/detection

gominnanoom.com

# Reference: https://x.com/suyog41/status/1889650750462308762
# Reference: https://www.virustotal.com/gui/file/0cf240e85b629990dcac1035207c0cb60af068a1e11b372af98ecf1767eae97d/detection

karinnapadilla.com

# Reference: https://app.validin.com/detail?find=193.143.1.177&type=ip4&ref_id=efdf26799e6#tab=resolutions

betabux.com
tattoobg.com
vocheng.com
4jslg.tattoobg.com

# Reference: https://x.com/suyog41/status/1891379925342679319
# Reference: https://www.virustotal.com/gui/file/2ce574b3c03b2562b4f2303b5e7a4f262868913d01957689f2fdf40a3ab352f1/detection

ttknives.com
zblong.com

# Reference: https://x.com/suyog41/status/1892460976441872634
# Reference: https://www.virustotal.com/gui/file/24b589981850a0b5646ffcbef4b660637153412d3c1b02e5e526a59ef8595be4/detection

http://45.9.117.152

# Reference: https://www.esentire.com/blog/fake-deepseek-site-infects-mac-users-with-poseidon-stealer
# Reference: https://github.com/eSentire/iocs/blob/main/PoseidonStealer/PoseidonStealer-2-12-2025.txt

manyanshe.com

# Reference: https://x.com/malwrhunterteam/status/1893253918450221381
# Reference: https://app.validin.com/detail?find=4da341eee54094c5f73798447dc4da93&type=hash&ref_id=9d7e2f80322#tab=host_pairs (# 2025-02-22)

http://45.93.20.152
45.93.20.152:22
chromiumdriver.io
chromiumdriverbackend.com
echonex.ai
nevex.app
nowsync.app
nowsyncbackend.com
signdocsback.com
us85web.us
zoombackend.xyz

# Reference: https://x.com/malwrhunterteam/status/1894017454113706430
# Reference: https://x.com/malwrhunterteam/status/1894017461927760345
# Reference: https://x.com/malwrhunterteam/status/1894024411780374748
# Reference: https://x.com/ValidinLLC/status/1895120872421437511
# Reference: https://app.validin.com/detail?find=GrassCall&type=raw&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)
# Reference: https://app.validin.com/detail?find=f28820f49d98f8f7cafca5c256f1b807&type=hash&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)

alphawearmn.com
faceboock-page-support-manage.com
gatherum.net
grasscall.app
grasscall.net
grasscall.org
justworkpannel.icu
onda-zm.net
vibecall.app
wavecall.app
wavecall.ca
wavecall.cc
wavecall.co
wavecall.live
wavecall.org

# Reference: https://x.com/moonlock_lab/status/1894447597240140027
# Reference: https://www.virustotal.com/gui/file/fde8c0db46419585b0718c4df7e444d2aeee28b1fad771d39910389b529a8fad/detection
# Reference: https://www.virustotal.com/gui/file/2581a2b05bb39f16562b652311d8f5381a132cc31873c38312684c7a33520706/detection

asa-content-network.s3.us-west-2.amazonaws.com

# Reference: https://x.com/victorkubashok/status/1894737054841335964

miliste.com

# Reference: https://www.seqrite.com/blog/unmasking-grasscall-campaign-the-apt-behind-job-recruitment-cyber-scams/
# Reference: https://www.virustotal.com/gui/file/b63367bd7da5aad9afef5e7531cac4561c8a671fd2270ade14640cf03849bf52/detection

http://147.45.60.20
147.45.60.20:5000
147.45.60.20:8080

# Reference: https://x.com/suyog41/status/1897979588665655589
# Reference: https://www.virustotal.com/gui/file/c9e1af28664983105a2323974e41c7583b89ba175851195da31a662b6b7bfd54/detection

tarhnegasht.com

# Reference: https://x.com/malwrhunterteam/status/1898292008281575545
# Reference: https://www.virustotal.com/gui/file/d90b53c9aa6709339f989b23291def00f68d640e65505c76f6e8682a63c6e935/detection

http://95.164.53.3

# Reference: https://x.com/malwrhunterteam/status/1902667337297170664
# Reference: https://app.validin.com/detail?find=561a327cb399f779a2266e742be2cd33&type=hash&ref_id=9ca321c580e#tab=host_pairs (# 2025-03-30)

playrocketgalaxy.net
playrocketgalaxy.world
rocketgalaxy.io
rocketgalaxy.world
rocketgalaxyworld.com
wayoutstars.com

# Reference: https://x.com/malwrhunterteam/status/1903189675793146333

celusion.us

# Reference: https://x.com/malwrhunterteam/status/1904124859216490610
# Reference: https://www.virustotal.com/gui/file/eeb2e5f06ef8da29a56d1779c1590d82c76b031e7718d0f6c46d1cb57c036d8e/detection

http://85.209.128.59

# Reference: https://x.com/malwrhunterteam/status/1904124773057105923
# Reference: https://www.virustotal.com/gui/file/a13dfdfccc71c26464da61de63f5ff296b3ec90adbb648d42b9861c8c3e422cb/detection

http://45.140.13.244

# Reference: https://x.com/malwrhunterteam/status/1904220955880177895
# Reference: https://app.validin.com/detail?find=213.21.237.149&type=ip4&ref_id=79c3e6f6820#tab=resolutions (# 2025-03-24)

buzztalk.io
gatori.space
monstersdiscovery.com

# Reference: https://x.com/malwrhunterteam/status/1904256374550462605
# Reference: https://www.virustotal.com/gui/file/be3e3c77cf578c6458d515c5a49cfab653df3ba10ccb86e9d13d2376e24483fb/detection

http://45.131.215.191

# Reference: https://x.com/malwrhunterteam/status/1904592976745034180

rocketrumble.xyz

# Reference: https://x.com/malwrhunterteam/status/1905579706222526890
# Reference: https://app.validin.com/detail?find=6b3a5edfe0448f2e93c091abffba96ba&type=hash&ref_id=e2c75a4c57d#tab=host_pairs (# 2025-03-28)

http://77.221.152.24
stone-hunt.com
stone-hunt.io

# Reference: https://x.com/malwrhunterteam/status/1905686280916402299
# Reference: https://app.validin.com/detail?find=8947c73a5933e1d12d23d74fb5dd7864&type=hash&ref_id=8d8694f68ac#tab=host_pairs (# 2025-03-29)
# Reference: https://app.validin.com/detail?find=d530c7a5c822ae0f952338b43ecd8849&type=hash&ref_id=ebeafce65ac#tab=host_pairs (# 2025-03-29)
# Reference: https://www.virustotal.com/gui/file/743a528f1e4f509baa1a6236d9b55464aa0bb465dbe9016249b01f47e3ba4438/detection

my-design.pro
prepaid-au.com
ultrawiew-account.top
wwwpersec.org

# Reference: https://x.com/malwrhunterteam/status/1905528981698281825
# Reference: https://www.virustotal.com/gui/file/1cf676d1e21e8c26eeb0f5375ca7473344cc1510828725587e71b36a7dd1c32f/detection
# Reference: https://app.validin.com/detail?find=Notion%20Desktop%20App%20for%20Mac%20%26amp%3B%20Windows%20%7C%20Notion&type=raw&ref_id=bde04d0cd30#tab=host_pairs (# 2025-03-29)

notiondesktop.com
notiron.org

# Reference: https://x.com/malwrhunterteam/status/1908258300904288529
# Reference: https://x.com/k3yp0d/status/1908801323933339889
# Reference: https://www.virustotal.com/gui/file/0e87f86ec05ceac7f6476b2b9729e5eda1a28fae10198f8af38d88182de94b5a/detection

captcha-cdn.com
captcha-verify-2q7y.com
captcha-verify-6r4x.com
captcha-verify-9h5v.com
jdiazmemory.com

# Reference: https://x.com/malwrhunterteam/status/1909171425778229705
# Reference: https://app.validin.com/detail?find=chattix&type=raw&ref_id=1ccca210e4c#tab=host_pairs (# 2025-04-07)

beepx.app
chattix.us
miycrellatio.com

# Reference: https://x.com/malwrhunterteam/status/1910055525791814128

mktgweb3.com

# Reference: https://x.com/RussianPanda9xx/status/1910777989840749047

http://85.192.37.66

# Reference: https://x.com/malwrhunterteam/status/1911667841113194722
# Reference: https://www.virustotal.com/gui/file/292df3cc6e89f9dd3b7b29680a6d72b29e6579956dfc25163b2c99840c6035e0/detection

koreablockchainweek.app
o-sn.com
adservice.o-sn.com
appleid.o-sn.com
bin.o-sn.com
blog.o-sn.com
docs.o-sn.com
facebook.o-sn.com
geolocation.o-sn.com
support.o-sn.com

# Reference: https://www.virustotal.com/gui/file/a177e43bcdcbf4a824f2d37ebd62d10e2245c1513d05aea292779e593a7b9176/detection

http://192.124.178.88

# Reference: https://x.com/malwrhunterteam/status/1912815854535823504
# Reference: https://www.virustotal.com/gui/file/1ba47b1d35c38d5c39f187f7e729eb28ce26359f5e9bddd7192679c51d4cda83/detection

http://85.192.49.118

# Reference: https://x.com/suyog41/status/1913141025549476141
# Reference: https://www.virustotal.com/gui/file/e539b6b53cf7009e86d0ddb279dec9b84a099aa8c8b2ecd18d65ee17538d772a/detection

gq8ruzk1h3a8.cfd

# Reference: https://x.com/motuariki_/status/1914649222164718077
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/22-04-2025-Amos-C2-IPs

http://138.124.50.93
http://45.94.47.102

# Reference: https://x.com/malwrhunterteam/status/1914948114705764785
# Reference: https://www.virustotal.com/gui/file/adb30f7ba534207834d9ab8d2c197bf78382be23d28bb17db7c52a3b956c0bb5/detection

esramon.com
security-2k7q-check.com
security-check-l2j4.com
security-check-u8a6.com

# Reference: https://x.com/malwrhunterteam/status/1917491170562687184
# Reference: https://app.validin.com/detail?find=bb319c1ddca7fb76e92556a03f854cac&type=hash&ref_id=077f3a32259#tab=host_pairs (# 2025-04-30)
# Reference: https://www.virustotal.com/gui/file/0f0b26beee869a2882e89efb1151cd4bc885b9b7a0884412d19f87176674afa3/detection

dakarsecurity.com
dancinspirit.com
hbgsecurity.com
lammysecurity.com
security-2u6g-log.com
security-3a7q-run.com
security-6u0g-log.com
security-7f2c-run.com
security-9y5v-scan.com

# Reference: https://x.com/malwrhunterteam/status/1914932549790388269
# Reference: https://www.virustotal.com/gui/file/cc2fa0495b0ef3a6e310bfb7b81a302f6f1b245a7d3d12d77d4e0094e8845809/detection

skytribes.io

# Reference: https://x.com/suyog41/status/1915312489509917167
# Reference: https://x.com/malwrhunterteam/status/1915708059235614881
# Reference: https://app.validin.com/detail?find=eff38f1dda00ae10d3fbf51d8ea42242&type=hash&ref_id=c5baa3c43dd#tab=host_pairs (# 2025-04-25)
# Reference: https://www.virustotal.com/gui/file/4b277c6293ce6d6ff45b89c948e0f9b632c2048d2c3adad5f9179efe34a67981/detection
# Reference: https://www.virustotal.com/gui/file/fdb82e2ad560677d241bd7139995e56295001bc3ef72c67173ae91d5db85cc46/detection

aimplyhired.com
gknkargo.com
mapersan.com
morholding.com
sfmontage.com
form.gknkargo.com
ns1.morholding.com
tt.mapersan.com
tt.morholding.com

# Reference: https://x.com/malwrhunterteam/status/1915818585248645399
# Reference: https://www.virustotal.com/gui/file/1bf39bfbe6617e698a653a95606464cbbaf23bf648978fca646e778f4ffacdaf/detection

otter.live

# Reference: https://x.com/malwrhunterteam/status/1916744699835990021
# Reference: https://www.virustotal.com/gui/file/4924ff91e9be84960f9241130e080bb5f3cbf19f17f62e1fc15e48fb6852cd89/detection

http://199.247.9.173

# Reference: https://x.com/malwrhunterteam/status/1916745410581860669
# Reference: https://www.virustotal.com/gui/file/a8775aa6f0c3f3e877ab193586c0e89f083c519c682ba04981ef9e597be76cd0/detection

fetuchini.store

# Reference: https://x.com/malwrhunterteam/status/1917463094608998753
# Reference: https://www.virustotal.com/gui/file/b2b1ca4da78e91954934bc136ce01f8e5a52bb2d05db300ef743c69b1aa8b27f/detection

http://45.94.47.103

# Reference: https://x.com/NullPwner/status/1917702021618229610
# FAVICON_HASH-HOST=9108dde25ad958b27f6a97d644775dee

http://5.199.166.102
638798112751129792.warsaw-shledrc-acak.info
638798250265338711.kerman-shledrc-acak.info
638799976464357707.lahijan-shledrc-acan.info
638800616981987041.dublin-shledrc-acao.info
638800814946931618.berlin-shledrc-acap.info
638807774991052514.athens-shledrc-acaz.info
638808279286809264.malayer-shledrc-acaz.info
638808705259632794.budapest-shledrc-acba.info
638808983049892586.birjand-shledrc-acba.info
638809434544857586.dublin-shledrc-acbb.info
638809712977746654.athens-shledrc-acbc.info
638810089169181655.shiraz-shledrc-acbc.info

# Reference: https://x.com/suyog41/status/1919259009942712396
# Reference: https://www.virustotal.com/gui/file/f16e85daa5288386169d8355082f02d26dd432cabb9e3b08f9fdf0430c2de883/detection

http://45.94.47.120

# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/07-05-2025-Amos-C2-IPs-Domains

http://193.143.1.177
http://62.60.249.105

# Reference: https://x.com/malwrhunterteam/status/1920161661014466729
# Reference: https://www.virustotal.com/gui/file/1e73b673bce06f26aa4c32f1af76698e2aa59706a61b60ba75c3c4ed7991172a/detection

app-storage-one.xyz

# Reference: https://x.com/NullPwner/status/1921157529188368830
# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing

http://83.222.190.214
odyssey-st.com

# Reference: https://x.com/malwrhunterteam/status/1922409101381742890
# Reference: https://www.virustotal.com/gui/file/a4e36aaebbf904ad8b7639e86b4642a5d5d5407b23c7433daa89c20e1b5d6364/detection

http://45.94.47.145

# Reference: https://x.com/skocherhan/status/1922462317838516405
# Reference: https://app.validin.com/detail?find=ffe32014afcaa1d3f9b404e50d7e157a&type=hash&ref_id=86fe6b7b889#tab=host_pairs (# 2025-05-014)
# Reference: https://www.virustotal.com/gui/file/4c9a8ed229ddfab40582cfb3492a7ff8d5ef2186f43045516272426b6629871e/detection
# BANNER_0_HASH-HOST=9f9235d3664794f4cd2e27bf7cf675b0

0211halexea.pro
ads.lantwrk.com
airportsock.xyz
amentingsimphis7.com
anamera-cletting.com
anceptsevacing.com
attexts-schaiver.com
begestorm-gentside.icu
bellbike.xyz
brinents-enzarre.com
brookierequence.com
candeciesnewmers.com
casinojackpotmst.com
clavorworest.com
clk.relegatedtechsolver.shop
com.airportsock.xyz
commusagemetrazine.com
contigerawatch.ngvm-test.com
conuous-tahations.com
darthtieflyer.com
derepage-limmend.com
dessally-verious.com
detersopencing.com
direstsgratteger.com
diving-lestent.com
dullcists.com
endise-everning.com
etf-alerts.com
forget-lourfarms.com
forsity-angston.icu
fouporial-oppection.com
go.mktdeals.com
go.performance-checkout.com
go.pleasur.ai
go.shape-capsules.shop
goto.unboxedrated.com
gotrack.seniorsorbit.com
grefoxsmatic.com
guirsumedsturist.com
hargery-sunteed.com
hargin-bothmerge.icu
ibunkind.com
info.sciatiease.com
innexicoknored.com
intiolicysubsestra.com
kentruct-frature.com
lantwrk.com
lasorab.com
lewarebrogen.com
linglyzolleges.com
link.myeczemaquiz.com
lp.besofun.site
meetmeup.online
mingdomrelloon.com
minsitorconsing.com
mkleosper.com
modisonmining.com
moon-heart.com
myhealthydreams.com
narakmedia.xyz
ngvm-test.com
now.chancetowin.click
obtalia-monian.xyz
optingsdefulaced.com
performance-checkout.com
piation-elering.com
plaurpoolcamments.ngvm-test.com
rappealspezyme.com
rethod-dettract.icu
rinput-vionably.com
rologybriessity.com
salightfaches.com
samates-seachades.com
secure.etf-alerts.com
seniorsorbit.com
shape-capsules.shop
soft2trak.com
stackgerswarivered.com
sughly-annedy.com
sumerand.com
sushementgoisermal.com
sympusquening.com
t.walkinbathtubs.org
tbdtrack.com
terstrarmotself.com
tirturredspipleted.com
tpm.prplflowpath.com
trablines-hamself.icu
trablishregying.com
track.besttracking.live
track.boostedliver.com
track.darthtieflyer.com
track.fluxbluxnews.com
track.ibunkind.com
track.meetmeup.online
track.narakmedia.xyz
track.nvntrk.com
track.offertadedicata.net
track.reviewcontent.com
track.safesecurityclick.com
track.tradelg.net
tracking.lead-magnet.live
trisontralued.com
trklinking.com
turbohittrack.com
unalities-restelate.com
unboxedrated.com
volvedsovely.com
vtrck.com
woreppercomming.com
worrings-asheer.com
wyouriesinverse.com

# Reference: https://x.com/malwrhunterteam/status/1922700020702142829
# Reference: https://app.validin.com/detail?find=CleanShot%20X%20for%20Mac&type=raw&ref_id=b184cd5f93a#tab=host_pairs (# 2025-05-30)

cleanshotx.cfd
download-cleanshot.cfd

# Reference: https://x.com/motuariki_/status/1924330564880159165
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/19-05-2025-Amos-C2-IPs-Hashes
# Reference: https://www.virustotal.com/gui/file/3bbda6c3695399c068d67c3bc69d92d015d5330ee1176df40c2a521f0416b20f/detection
# Reference: https://www.virustotal.com/gui/file/df5052263fd16e5c34935b58b6d9d76465df0a3c3a1ebfb700e511e936e25dec/detection
# Reference: https://www.virustotal.com/gui/file/aada5d93f099887d6e73e1744ff1e8db9ac18c721266eb4c4c7ba840985c6ce9/detection
# Reference: https://www.virustotal.com/gui/file/36742ba59a06e80703730676f72295f3b06730883d7979eeb93df730d754504a/detection

http://45.94.47.146
http://45.94.47.147
http://85.192.56.11

# Reference: https://x.com/malwrhunterteam/status/1924723878355484874
# Reference: https://www.virustotal.com/gui/file/f573c91f615401caef2c99f93548a54f0bbcfc018e22550cb552b45c03d60312/detection

hubservices.vip

# Reference: https://x.com/malwrhunterteam/status/1924721481725923662
# Reference: https://x.com/solostalking/status/1930977703265554806
# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing
# Reference: https://www.virustotal.com/gui/file/75505c08bbfa79e562a0c7dc9d90ea7cce2364a2a20f459232457921a5653373/detection

83.222.190.214:3333
odyssey1.to

# Reference: https://x.com/malwrhunterteam/status/1925495994885509270
# Reference: https://www.virustotal.com/gui/file/c51786875f1cb268118924aec263514df8069d68cf85f7fed1c2bf6bf6095c4b/detection

entrepreneurshipvillage.com/wp-content/uploads/2021/02/grecaptcha

# Reference: https://x.com/malwrhunterteam/status/1925635508102664267
# Reference: https://app.validin.com/detail?find=2d6f9183dede2e79c7de9b1c04d953fe&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=d3e241db244235d7e36764353b787de0&type=hash&ref_id=d19b8984db4#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=92b908ef253b41d6f4d6f2dc22d9f62c&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-26)
# Reference: https://www.virustotal.com/gui/file/29b039685d5d3893ff13f0478fe8024cdba74120423b8908aa7777008fd8ba3e/detection
# Reference: https://www.virustotal.com/gui/file/0c7330be9bcbfb502a5247f298659b5590a8a58ef634c22ae46eee33e2e49c70/detection

applevpns.com
brewory.com
eiconom.com
homebrewrp.com
isnimitz.com
macostutorial.com
maitaitv.com
meu-inssgovbr.online
specter-storage.com
webull-storage.com

# Reference: https://x.com/malwrhunterteam/status/1926204525435588835
# Reference: https://www.virustotal.com/gui/file/c7516e75f2ffa0626b854c685bde01cfd4a80f015ed6b2ea1833237a5387139f/detection

hostmac.cloud

# Reference: https://x.com/NullPwner/status/1926570453004382511

http://194.26.29.217

# Reference: https://x.com/RussianPanda9xx/status/1908595970352218609
# Reference: https://x.com/banthisguy9349/status/1926982451722682697
# Reference: https://trac-labs.com/the-wagmi-manual-copy-paste-and-profit-2803a15bf540
# BANNER_0_HASH-HOST=5be1b820358b598ff2c0b8f8d8834223
# BANNER_0_HASH-HOST=cd5c0f320d56d8c4099db365562e67de

0ml-store.com
100-international-boutique-purchasing.com
2gatherforever.com
365shoppers.com
4890112.com
acappellabufetramadan.com
adouble-collection.com
aegiokami.com
aerinaorganics.com
afhousing.com
akfnb.com
akusukakopi.one
alicejingbeauty2u.com
alicejingbeautymall.com
alittlestuff.com
almostquaint.com
altnco.com
amcatel.com
anekakitchenware.com
anisedesign.com
annayyar.co
apanakbeli.com
aqualegendconceptshop.net
ar-roast.com
arisheema.com
artechshop.com
asianbritish.com
asoonworld.com
atlasfinders.com
avocadomori.com
awonderlandtw.com
azaanamjad.com
babycosas.com
babymami588.com
bahaibiz.com
bahuba888.com
basementrekordz.com
bassandcoplus.com
bazhenofficial.com
bbasiastore.com
bbeginboutique.com
bcalpha.com.tw
beautyhollic.com
beautymansionstore.com
bedavavideoizle.com
bedazzledlush.com
behomme.tw
benangbynini.com
bestpiz.com
bexarmg.com
bikeabq.com
bilie.co
bilisking2u.com
bitcowe.com
bj31.com.tw
blackymerch.com
blahblah.tw
blondebarhair.com
bogusmerchandise.com
bokittasarawak.com
bolton-onlinestore.com
bomibaby.tw
bottomcoffeeroasters.com
brics.com.tw
brokengooseneck.com
bubunana.com
budt-life.com
bulaugoodgoods.com
bumpnbambino.com
butwho2f.com
byjosietw.com
byondrich.com
byshahidah.com
canbeanyshop.com
candy-fruit-groupbuy.com
carvedcakedesign.com
cataleyacotton.com
cchousingtrade.tw
chantalrae.com
chantii.co
chingkoo.com
chochoshoptw.com
chongswayfrozenmart.com
chuchueat.com
circlebaby21.com
clubdianataiwan2021.com
cnailsmy.com
comicdoma.com
corrinstudio.com
creativemark2u.com
crilight.com
dahdimsum.com
dahliaoils.com
daisyteaa.com
dancojp.com
dankejp.com
danylynnmfashion.com
daoneclothes.com
dermadocskincare.com
dikucikuci.com
district23a.com
divaoffical.com
dmsbatik.com
dodobaby10.com
dorcas-baby.com
dorisscloset.com
doughlittle.com
downloadmacos.com
dreammoodmy.com
dstyleohandmade.com
ecodentataiwan.com
ecospherepetstore.com
egnabev.com
eifkids.com
elfaruefi.com
erphasworkroom.com
escapeesrvelub.com
etechnix.com
ethereallycake.com
evanougat.com
femme-a.com
figure21.com.tw
fioregarden.com
flowerchampflorist.com
flygroceries.com
followerstik.com
fonsc.com
foodstoryshopss.com
foresttcm.com
freesiabox.com
gabeesweets.com
gadesive.com
gardenierbi.com
gateaudemomochee.com
girl-myosotis.com
gloriaycltw.com
glorious7teen.com
gobokharbour.com
grandmasdarling.com
guerillagear.com.tw
guitarfindyou.com
gyhmask.com.tw
happyhappythrift.com
hatchessel.com
hector.tw
heeha-store.tw
heimweetoggery.com
hesingue.com
hkhotpot.com
hoftshop.com
hypercustomz.com
i-rova.com
ididactivewear.com
idieana.com
iii.boutique
ilifethings.com
ilymcollection.com
infnco.com
inla.tw
istmailservice.com
iwstudio.com.tw
jacsmalaysia.store
janggutbear.com
jeannicartisancakes.com
jiaxinbeefest1995.com
jschoicetw.com
junsui-life.com
kabangboutique.com
kakijalan.biz
kalontea.net
katenannie.com
kayanganliving.com
kbcokc.com
kickrollermy.com
kiflhuis.com
kikinaturalwellness.com
kikinatwell.com
kinghomeyeh.com
kingkongdamn.com
kireicute.com
kizunaanime.com
knoble-intl.com
kosmosgrid.com
kpoppavillion.com
kskcollection.com
kuokuocollection.com
labelbornz.com
laojangweb.com
laundrycubeservices.com
leehinmotor.com
lenoreinc.com
lesstoreasia.com
lfm.tw
lidak.tw
lildevi.com
liliysells.com
lisaselect.com
locoano.com.tw
losnashop.com
lotsofloveartwork.com
louislaura.com
lovehazna.com
loveletterkids.com
lshcarproducts.com
lubiduby.com
luminoguard.com
lyraatelier.com
m-e-a-s.com
m28korea.tw
maagj.com
macaronjaracc.com
mandilygift.com
mappercafe.com
marumarulea.com
maysmerized.com
miaowgogo.com
miffycloset.com
mime-flower.com
mimibras.com
minimmer.com
missdadada.com
mohanvpork.com
moishowroom.com
montmartreacc.com
motoktm2u.com
mrkenallen.com
mstore918.com
mucha613.com
muscle-jets.com
muyangyingqing.com
my-magicstore.com
myg1store.com
myglowmemos.com
myhappystarkl.com
myhouseofsocks.com
mypurocoffee.com
mytoys2u.com
naafscarve.net
naatasia.com
nahuypeach.be
nailboxmy.com
natural-deodorant-stone.com
necrolatryrecords.com
nedirakl.com
nervesathletic.com
novalur.com
nullitax.com
nwteaconcept.com
ohhletter.com
ohlumis.com
oi3c.com
oilavishteam.com
olivecandyy.com
oneclick-estore.com
oneredlily.com
online-abset.com
oratw.com
oui.tw
ouiouistudio.store
pakajifreshdelivery.com
pakustore.com
pearlanddaisies.com
pellnaturalhandmade.com
penguintaste.com
peperinty.com
perfumes-collection.net
petitandcoshop.com
picofiltersystem.com
pingopeel.com
pixoos.com
planetajanta.com
playkeyboard.tw
posesinpanni.com
prestigemedispamalaysia.com
ptgglobalsb.com
pulsecoffee.co
queenkorea.com.tw
rainnicious.com
rarepocketofficial.com
rayraygreenhouse.com
realtorrohe.com
reinselect.com
reluck.com.tw
rencahbysherson.com
renjanastores.com
rgarden.shop
ribbont.com
rindept.com
rockexpressxxxxxl.com
rosegallerygiftshop.com
rubyscosplayshop.com
ryopomelo.com
sabbih.com
sabunfiction.com
saharabypsamathe.com
saoaccessories.com
sarradhyya.com
savondemarbella.com
saychisskincare.com
seabluesky530.com
secondplacelife.com
secondspring-store.com
seizeactive.com
sejadahmaryam.com
selfcovidtest.com
sensegears.com
sfworkgarage.com
sgsilvercentre.com
shaashaute.com
shabonito.com
shanellharun.com
sharlenetay.com
shmuacosmetics.com
shopniqabbia.com
shuidangdangofficial.com
silkrushofficial.com
silverlion1977.com
simchatime.com
sislyshop.com
skinholicstore.com
skinnycafe2015.com
smallredlin.store
smate.tw
snkrsss-store.com
solebalms.com
soundtasticmy.com
souqhaven.com
splashi.tw
sqairs.com
sqiucollection.com
stayyuelabel.com
stickynuggzinc.com
stivaliserna.com
studiohikidashi.com
successfulrman.com
sugarcatz.com
superbaccessories.com
surmount.shop
suurostudio.com
taoaroma.com
tejconfetti.store
telekungkareful.com
thasselz.com
the-elodie.com
the3ftstore.com
thecafedeco.com
thechicnoneskpsv.com
thefurfighters.com
thegeroboc.com
thegoodbeercompany.com
thejoiebaker.com
thekiddieshub.com
thelittlelaosia.com
themohcandle.com
thepurposefuljewellery.com
theshoppingbear.com
thesleepycatbookshop.com
thetinytemptress.com
thotlog.com
timetoybar.com
tipsymoment1322.com
titieasygo.com
tjporktrace.com
tkissesmacaron.com
toutatishop.com
trazeall.com
trytea.com.tw
tsestationery.com
ttbabykids.com
tudungfarora.com
tufeicoffee.com
tzaujiang-soap.com
uaofficial.com
ugspy.com
ukasyahgroup.com
usenseseafood.com
utileworks.com
vanillicious.com
vbeltdrives.com
vdrapes.com
veilsstudio.com
velmyna.com
vfashionstore.com
villtage.com
vitawait.com
vuwzer.com
vvvvv-official.com
wangmei-cat.com
weigrain.com
whizurlshop.com
winikigai.com
wuthingsstudio.com
xiaoll.com
xinbakes.com
xyjgamers.com
yapicaexer.com
yklborongruncit.com
yoakeflorist.com
yoloved.com
yuerrrrclothing.com
yusircoltd.com
yvngvualr.com
yyl.com.tw
ziweishop1313.com
/macshare.php
/macshare.php?call=

# Reference: https://x.com/suyog41/status/1926979425079373901
# Reference: https://www.virustotal.com/gui/file/4d3db335f35c4f966e34536895ec6ec11b57c98dcd5b0f3f0c6d143bdce9154b/detection
# Reference: https://www.virustotal.com/gui/file/8b603859ead00473086003dcaa470c1498742328c12face7d878a0d324e4763c/detection
# Reference: https://www.virustotal.com/gui/file/dd0b4a7bbd1940b64eede8346cb7f2f79884e030eb8d44d4a8d1e85919edbfe0/detection

http://45.94.47.136
http://45.94.47.157

# Reference: https://x.com/skocherhan/status/1927086251716354558

applejoins.com
bybapeaches.com
granniesblog.com
maruniryutsu.com
netdepnoithat.com
viicandle.com

# Reference: https://x.com/g0njxa/status/2023409834905743661
# Reference: https://moonlock.com/anti-ledger-malware
# CLASS_0_HASH-HOST/IP=a0e290dacd3c844600041c9716714960
# META_LINKS-HOST/IP=7inject.in
# TITLE-HOST/IP=Вход | 7INJECT.in

http://138.68.93.230
http://185.106.94.147
http://194.113.106.138
http://62.60.232.114
bayneck.com
lagkill.cc
lagkill.lol

# Reference: https://x.com/malwrhunterteam/status/1929787158119755853
# Reference: https://www.virustotal.com/gui/file/08b0fb2bec080d18167c12fdc9be63fc9da4df1d0f3145e980bca96aeec3f770/detection

http://45.94.47.167
http://77.73.129.18

# Reference: https://x.com/suyog41/status/1929544523375329412
# Reference: https://www.virustotal.com/gui/file/400869a7975620373b49950e428517f8113340f0986c519ac3e1c33fefeb5f1f/detection

vostfrseries.com

# Reference: https://x.com/solostalking/status/1930977703265554806

http://185.39.206.183
appmacosx.com
appsmacosx.com
financementure.com
macapp-apple.com
macapps-apple.com
macosapp-apple.com
macosxapp.com
republicasiamedia.com

# Reference: https://x.com/solostalking/status/1933413424006115546

appmacintosh.com
cryptoinfo-news.com
macosx-apps.com
macosxappstore.com

# Reference: https://x.com/txhaflaire/status/1942575186286682544
# Reference: https://app.validin.com/detail?find=b000eb20900b3b90e462&type=hash#tab=host_pairs (# 2025-07-29)
# Reference: https://www.virustotal.com/gui/file/794a4ebc76664b95d79f969514a3517acc8c4a7a6cbeba52e3c480fd0a5a489c/detection
# Reference: https://www.virustotal.com/gui/file/816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565/detection
# Reference: https://urlscan.io/search/#hash%3Aab77cc4e64e6830f333071b3bd0cff2fe583f15b3549ecc00428c14ec4094778
# Reference: https://urlscan.io/result/019dac0c-ca12-76ee-bf8b-eaf0cbb512ca/
# Reference: https://urlscan.io/result/019dac0b-a041-724b-aa72-dd842f8b2d8e/
# BODY_SHA1-HOST/IP=f60574b8de992d8ce5b7e6394fb68d35d1faeb70
# FAVICON_HASH-HOST=9108dde25ad958b27f6a97d644775dee

http://172.94.9.250
http://185.93.89.62
http://185.93.89.63
http://217.119.139.117
http://36.255.98.252
http://45.135.232.33
http://45.146.130.129
http://45.146.130.131
http://45.146.130.132
http://50.201.34.202
http://62.60.131.230
http://62.60.131.249
http://62.60.131.250
http://86.54.25.202
http://86.54.25.204
217.119.139.117:2000
charge0x.at
littlekitty.at
sdojifsfiudgigfiv.to
something0x.at
ukdsopas.at
ip-5-199-166-102.003.ptr.cherryservers.net
lucid-ride.45-135-232-33.plesk.page

# Reference: https://x.com/moonlock_lab/status/1935409328305144215
# Reference: https://x.com/txhaflaire/status/1935678988820640121
# Reference: https://app.validin.com/detail?find=CleanMyMac%3A%20The%20first%20MacBook%20cleaner%20that%20does%20it%20all&type=raw&ref_id=c28132cd209#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=%3A%3A%22og%3Asite_name%22%3A%3A%22CleanMyMac%22&type=raw&ref_id=c28132cd209#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=28b1c5772c62c50aac5b6a26938a54a6&type=hash&ref_id=259109502e2#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=4ff6f30fb290ea2b9c6633791f9671c3&type=hash&ref_id=28cf7a7f4e3#tab=host_pairs (# 2025-06-20)

almehluz.com
carmenzo.com
cleanmymac.cc
cleanmymac.ru
cleanmymacos.com
cleanmymacpro.net
cmvstation.com
cculturel.com
isbulten.com
jcboury.com
maccleaner.shop
sartaaz.com
stanprinston.com
yeklam.com
mail.cleanmymacpro.net
mail.maccleaner.shop

# Reference: https://threatfox.abuse.ch/browse/tag/odyssey/ (# 2025-06-20)

157.185.143.236:17772

# Reference: https://x.com/ShanHolo/status/1937028229581111434
# Reference: https://www.heise.de/en/news/Malvertising-Search-for-standard-commands-for-Macs-delivers-Infostealer-10438976.html
# Reference: https://app.validin.com/detail?find=2512a89b5e1a44df9d52ee2d7fc03e7c&type=hash&ref_id=d2d7c65287d#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/99eabfe358a1df8966676dafbb1350a315e6df105ba5f21f707da2ec3ddbde59/detection

copynv.com
icloudservers.com
insideoutpix.com
organocreto.com
overcasetv.cfd
rainewest.cfd
tdtcross.cfd
theeyeonid.cfd

# Reference: https://x.com/mossdinger/status/1938581110075891967

stanpriston.com

# Reference: https://x.com/1ZRR4H/status/1940168409381232826
# Reference: https://app.validin.com/detail?find=RivaTalk&type=raw&ref_id=8d76252e159#tab=host_pairs (# 2025-07-03)
# Reference: https://www.virustotal.com/gui/file/4a802433176d4678103090719cd052db50692b2755945e57717f28e5dc257b3d/detection
# Reference: https://www.virustotal.com/gui/file/a47778884f0eb94abf2555e773d9bc61b605086dc3dc93809508b8ce778e7a22/detection

http://194.156.103.89
http://5.181.2.58
amao-wama-mac.org
rivatalk.com
slapix.io

# Reference: https://moonlock.com/amos-backdoor-persistent-access

http://45.94.47.158

# Reference: https://x.com/moonlock_lab/status/1942524364844589264
# Reference: https://x.com/txhaflaire/status/1942575165193298228
# Reference: https://www.virustotal.com/gui/file/b62dc580707d0d968c7070a05b04ca7ec61d5ad14333df1c4f327f3c0e6ed3fb/detection
# Reference: https://www.virustotal.com/gui/file/dec750b9d596b14aeab1ed6f6d6d370022443ceceb127e7d2468b903c2d9477a/detection
# Reference: https://app.validin.com/detail?find=3f8f78a27012650f5acc742a3fa3f619388317d8&type=hash&ref_id=96b470bfdbc#tab=host_pairs (# 2025-07-08)

allteching.xyz
webconnect38.com
webconnect49.com
google.webconnect38.com
google.webconnect49.com
meet.google.webconnect38.com
meet.google.webconnect49.com

# Reference: https://x.com/soursecc/status/1945004289832730778

web-connect.us
webconnect11.com
webconnect49.com
webconnect58.com
webconnect88.com
meet.google.web-connect.us
meet.google.webconnect11.com
meet.google.webconnect49.com
meet.google.webconnect58.com
meet.google.webconnect88.com

# Reference: https://x.com/pcrisk/status/1942837939492225107
# Reference: https://app.validin.com/detail?find=TOP-FIXER&type=raw&ref_id=8e29d8ff42c#tab=host_pairs (# 2025-07-09)
# Reference: https://app.validin.com/detail?find=828f254175bfc69f0afb3c7e714e27dd7d02fc6b&type=hash&ref_id=30a15629823#tab=host_pairs (# 2025-07-09)
# Reference: https://www.virustotal.com/gui/file/3283e6d74667db1cf61ad0bbab91a4a8615f4160a30d28f63bba126652d0862a/detection
# Reference: https://www.virustotal.com/gui/file/525becbf7f430c2de1ede247a2c904f5fc7e26e4136e6d599b0b7ff6c3daf9b3/detection
# Reference: https://www.virustotal.com/gui/file/50c5f1488ae8265d68785c35981f8f53b5a151132defe00850788be0cd2ea30d/detection
# Reference: https://www.virustotal.com/gui/file/41734ce3c26fcf178578da3b2c14aa284b2cee4bd5ed9d6a61d8ce1da62ff275/detection
# Reference: https://www.virustotal.com/gui/file/2130c3282ebbd6de959ca507d98e8cb568ce97e1d487aa1fc1d2f7df033501dd/detection

2yolk.com
adrianfrieg.com
api.mac-helps.com
api.mac-trouble.com
clearpc.pro
fixingmacpro.com
fixpricemoving.com
fixpromax.com
fixups4sale.com
guard-os.pro
helpmacs.help
light-os.pro
mac-helps.com
mac-safer.pro
mac-trouble.com
macfixhub.com
macosfaq.net
mobileengagement.workers.dev
passadmin1.mobileengagement.workers.dev
reboot-os.cloud
riv-mog-otta.xyz
top-fixer.com
top-halper.com
uznbhw.com

# Reference: https://app.validin.com/detail?find=151.106.96.4&type=ip4&ref_id=e1f5bc5a5c6#tab=resolutions

fix-mac-easy.com
fixmaceasy.com
fixmacpro.com
helpmaceasy.com
helpyourmac.com
macproeasy.com
macprohelp.com
macpromaster.com
promachelp.com
promacmaster.com
topfixermac.com

# Reference: https://www.validin.com/blog/http_feature_pivoting/
# Reference: https://app.validin.com/detail?type=hash&find=5412dda9e4ae4f6a20278c12a620ac4c#tab=host_pairs (# 2025-07-10)

captainacefrahm.com
fixitanywhere.com

# Reference: https://x.com/L0Psec/status/1973495155291463808
# Reference: https://the-sequence.com/brewing-trouble-homebrew-spoofed-sites-rise
# Reference: https://app.validin.com/detail?find=Homebrew%20%E2%80%94%20The%20Missing%20Package%20Manager%20for%20macOS%20(or%20Linux)&type=raw#tab=host_pairs (# 2025-07-22)

braw.sh
brewe.sh
brewfaq.org
brewsh.cx
brewsh.org
brrewsh.org
homabrew.org
homebrewclubs.org
homebrewfaq.com
homebrewfaq.org
homebrewfaq.us
homebrewlsup.us
homebrewlub.com
homebrewlub.us
homebrewlup.us
homebrewonline.org
homebrewupdate.org
hornebnevv.com
raw.braw.sh
raw.brewsh.cx
raw.brrewsh.org
raw.homabrew.org

# Reference: https://www.virustotal.com/gui/ip-address/159.100.22.123/relations

bedsonlineproject.org
hoteliuscorpatative.org
hoteliuscorpatativs.org
lidoethstk.org
lidoonlinestk.org
lidostk.org
stubacuras.org
stubacurast.org

# Reference: https://x.com/txhaflaire/status/1945745999709835358

mwcaravan.com

# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing

apposx.com
appxmacos.com
cryptoinfnews.com
cryptoinfo-allnews.com
dactarhome.com
emailreddit.com
greenpropertycert.com
macosx-app.com
macxapp.com
ttxttx.com

# Reference: https://x.com/solostalking/status/1948642543119249904
# Reference: https://www.virustotal.com/gui/file/18173041d38c1bc2b6caefcdda0a3d214441ddb4035aa8ddaf178f36a5bee811/detection

actuafix.com
applfix.com
blogifix.com
bossfixes.com
cbfix.com
fix-nic.com
fixablesystems.com
fixer-group.com
fixit-center.com
fixitadvisor.com
fixittricks.com
fixmyhomeonline.com
fixonboarding.com
fixpcathome.com
fixupasap.com
fixyourmedia.com
icanfixtoday.com
ifix-4u.com
mac-fix-hub.com
ozcozy.com

# Reference: https://app.validin.com/detail?find=45.140.17.42&type=ip4&ref_id=430fbdddad1#tab=resolutions

rescue-mac.com

# Reference: https://x.com/Crose_96/status/1949938150333198461
# Reference: https://www.virustotal.com/gui/file/301d376f1ab9dc49873a6fc10474f311efb2a891b00f3cdc4ee2fed0f161cb64/detection

ohmyzsh-get.com

# Reference: https://x.com/L0Psec/status/1952722257052070208
# Reference: https://www.virustotal.com/gui/file/84bc9007228073f4d73f4e6f7a05f920cd9317033d67d4c0cd375bbb95f13c70/detection

ajoyfulbear.com
amoradia.com
arfzs.com
aspotan.com
avamkwilson.com
bomdog.com
brossdeli.com
cnhnational.com
colormeplr.com
comeyco.com
couriontesy.com
cunruivalve.com
dwbutter.com
estanicci.com
figandwine.com
fotosails.com
gfemarket.com
goatramz.com
haminals.com
hogorira.com
hokinusa.com
institutogle.com
kariyerbak.com
kihapma.com
mawebinars.com
micdapp.com
mrvalets.com
nmcrlab.com
pazserraes.com
pfcitalia.com
piposcake.com
reliconn.com
resmanio.com
reviewyoon.com
ristorobepi.com
scygas.com
sdgoodsam.com
secnw.com
shufurepo.com
siappanen.com
sitmulab.com
smoosygear.com
tebogonong.com
tianagarden.com
wasslet.com

# Reference: https://x.com/biggie_linz/status/1952838422005203088
# Reference: https://www.virustotal.com/gui/file/6e15cd9c2a5d7708c6b3b4ae64e8d64ccf54f4020c78302df9e9f67faf985db7/detection
# Reference: https://www.virustotal.com/gui/file/886c36f4625f98537e8f2df5975aab643ad355e13e35023842a10129c0c46865/detection

support-2025-9-14-96279.com
apple.support-2025-9-14-96279.com

# Reference: https://app.validin.com/detail?find=a625f544d8fa8aed90a5e27b4f65184b&type=hash&ref_id=3edeb00d5b6#tab=host_pairs (# 2025-08-06)

04-zoom.us
saakyanart.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos (# 2025-08-07)
# Reference: https://app.validin.com/detail?find=12b0b691a996b2b4f7c513efaeb53b99&type=hash&ref_id=6e68e483527#tab=host_pairs (# 2025-08-07)

aceiteweb.com
adenios.com
agrininsesi.com
alanamango.com
aopasta.com
assancart.com
basallfrey.com
berhs.com
courtetprecis.com
crestviewia.com
drsavala.com
ekochist.com
eriklobben.com
ferreterguia.com
gblbyf.com
goudsite.com
gregtroisi.com
immokraus.com
imosafer.com
jacobaparra.com
jtforce.com
jupagroup.com
laccalhdc.com
letrucvert.com
misshon.com
mizunoaoi.com
netcbc.com
nexuunglobal.com
nitosgallery.com
ntxdm.com
oliviabruns.com
pbmast.com
radiooun.com
redempti.com
sendsgnl.com
smxyrc.com
spekmeats.com
stayinwild.com
stmchina.com
subwara.com
tarangear.com
tebpsy.com
theblumiles.com
tomsti.com
toutentris.com
treohost.com
vivianvalora.com

# Reference: https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8

spalaestacada.com

# Reference: https://x.com/moonlock_lab/status/1955387998578806892
# Reference: https://hackernoon.com/macc-stealer-takes-on-amos-a-new-rival-shakes-up-the-macos-infostealer-market
# Reference: https://www.virustotal.com/gui/file/61f6b48e8433f6bf212c06157bead662f1833b72671b8f832ff3af032fdc4582/detection

innocentwitches.top
kgogowfwef.live

# Reference: https://app.validin.com/detail?find=21e6d9a3878de0ce4a6240064624e598&type=hash&ref_id=436f4260dd7#tab=host_pairs (# 2025-08-15)

bulcaz.com
elemasyon.com
fouinart.com
iconhmc.com

# Reference: https://moonlock.com/macc-stealer-macsync-backdoor
# Reference: https://gist.githubusercontent.com/danslo/1ee79d806493d779c2e5213a0bda8b4f/raw/e8b386f9eb9ec48cb370c72f6c52550b263ce22d/gistfile1.txt

meshsorterio.com
b3e34878-5a7d-458b-8a35-3ea1dae23fdd.meshsorterio.com
brsp.meshsorterio.com
gamma.meshsorterio.com
rxkbnwuc.meshsorterio.com
sphnugamma.meshsorterio.com
staging.meshsorterio.com
testing.meshsorterio.com

# Reference: https://x.com/volrant136/status/1969834756515774880
# Reference: https://www.jamf.com/blog/pyinstaller-malware-jamf-threat-labs/
# Reference: https://www.virustotal.com/gui/file/fc95ff687cfd775acac3b0457332dca170e58b77b27f3ee4f9013984fd9b388d/detection

blazede.com
grand-flash.com
ligobet873.com
myfreshflow.com
stteresaagency.com
vapotrust.com
macstealiwjef8w9euf892jfis893u409wi09eif90w3.onion

# Reference: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
# Reference: https://www.virustotal.com/gui/ip-address/64.188.91.99/relations
# BANNER_0_HASH-HOST=98e92f871c9cc2842ce08356d5c2d376
# BANNER_0_HASH-HOST=f0b7695df281310c34516aa7121a6c48
# BANNER_0_HASH-HOST=b24c3cf2004b0e1c32079cfdf4ed4ee8
# BANNER_0_HASH-HOST=b83ae66f91031ec932c96b27c2ac94cd

3dtechmart.com
al-hamd-trades.com
andijayatrans.com
app-gopluslabs.com
athetiop.com
bauraktars.world
bayikar.life
baykairs.world
blackwestchestersocial.com
blackwidowfinance.com
bonoud.com
ease-ups.com
eetrailer.com
eleven11industries.com
endilinda.com
galvvrachi.com
gamersimpsonse.com
gulftendersgate.com
hanblga.com
hiakmolodes.com
idupisdu.com
jamitros.com
jumaher.com
lblnkedbln.com
mac-pro-app-guide.com
mac-pro-app.com
mac-pro-apps.com
macapppro.com
macinpro.com
macproengine.com
macprograms-pro.com
mana-empire.com
nadedzhda.icu
napworthy.com
ocean-spot.com
ourhealingpoweriswithin.com
pacodogcoin.com
portal-peaqnetwork.com
profitgrowthsolutions.com
rankstaseoshine.com
rokstarseotools.com
savethemurray.com
skilletontour2025.com
star-gold-working.com
tambiktobk.com
trojanonsolbot.com
turbulenok.com
winstaccounting.com
wp-mysterybox.com
ahoastock825.github.io
/mac-git-1-download.html
/mac-git-2-download.html
/mac-git-3-download.html
/mac-git-4-download.html
/mac-git-5-download.html
/mac-git-6-download.html
/mac-git-7-download.html
/mac-git-8-download.html
/mac-git-9-download.html

# Reference: https://x.com/txhaflaire/status/1949875093317779610
# Reference: https://www.virustotal.com/gui/file/c2afb2c050d5675c32fe64ea149c846a32427c901e30398de2bd4395db12f2cb/detection
# Reference: https://www.virustotal.com/gui/file/1e3275db4d609ab1c43776cb2f6a89f7b436457dac6e75c0797f1d532d18fdaf/detection

veitzeatz.com

# Reference: https://x.com/txhaflaire/status/1947932160972714337

ksartaaz.com
maliciosasartaaz.com
malwaresartaaz.com
url-resartaaz.com

# Reference: https://x.com/solostalking/status/1970398358562054434

logmeeine.com
logmeln.com

# Reference: https://www.cyfirma.com/research/odyssey-stealer-the-rebrand-of-poseidon-stealer/

cryptonews-info.com
macxapp.org

# Reference: https://x.com/Now_on_VT/status/1970404965777608932

tradingviewen.com
tradingvieweu.com

# Reference: https://www.virustotal.com/gui/ip-address/185.39.19.224/relations
# BANNER_0_HASH-HOST=33c892281458fe83958a93751c5fb81e
# BANNER_0_HASH-HOST=98e92f871c9cc2842ce08356d5c2d376

acrossprotocols.com
app-matcha.com
bakkesmenu.com
bauraktaris.world
bayikar.world
baykair.world
baykaris.world
bestdigitalmarketing.com
chain-add.com
cooklefun.com
crack-load.com
cs2menu.com
dappladar.com
espanaproperty.com
everyshufflin.com
fi-self-repaying.com
finance-personal.com
fivemmodmenu.net
fwrussia.com
galaxy-swapper-v2.com
gimtuganchiki.com
helldagh.online
kamapulus.icu
kambergebai.com
kamboss.com
kenlead.com
kiddionsmodmenu.net
kidrombobm.com
kimtosin.com
kmsplco.com
krombari.com
kromkamokl.com
meteoraag.com
namatrangul.com
network-portal-dashboard.com
olatugilati.com
ralizon.com
rightpromote.com
tamahsv.com
tamarton.icu
titunlia.icu
ton-stake.net
ucuzayasanacakulkeler.com
us-wavytalk.com
v2-paal.com
v2-xterio.com
vlrtualsprotocol.com

# Reference: https://x.com/banthisguy9349/status/1971492896164676063

1wfrmer.life
afifiniety-photo.world
airdrophotton.xyz
auto-cad.xyz
availproject.life
avidtach.homes
avldtach.shop
avvenay.shop
avveray.homes
avvesun.homes
awe-sun.shop
bantamusr.icu
bayikar.bet
bistki.network
bitiks.com
blolck-games.com
bridge-hyperliqid.com
cleverstudy.lol
cnnalke.shop
comoestases.com
compawsswallet.xyz
dokopka.icu
easways.shop
faralnad.network
faralnad.xyz
fartaland-io.network
fortnitehackv2.com
fragment-tg.com
genshinimpactmodmenu.com
genshinmodmenu.com
gigabyll.pics
gigaioute.xyz
gilgolbutet.pics
glgobytet.shop
gtavkiddionsmodmenu.com
handbrake.homes
hydrogenexecut.com
hylperfinance.network
hylperfinance.xyz
hyperliquid-app.com
hyperlllquid.xyz
jupiteryo.xyz
kasspa-wallet.network
kirita.pics
laeapwalleit.xyz
leaepwallet.xyz
lealpwallet.network
lightingstudio.lol
luckyjet-apps.com
luckyjet-apps.store
luckyjetofficial.online
luckyjetpredictorbot.com
luckyjetpredictorbot.store
luckyjetsignalbot.online
luckyjetwebsite.online
lybira-flnnce.network
lybraifinance.network
lybraifinance.xyz
lybriaflnance.xyz
manta-network.blog
maya-desk.shop
metise.xyz
metlls-dao.xyz
metls-dao.network
metls.info
mines-games.online
minespredictor.com
minespredictor.store
minespredictorbot.online
mode-modular.blog
niotepadplusplus.shop
niotepawd.com
notapad.shop
notepeds.pics
nymtecln.blog
nynntelh.mom
paal.digital
piaylnek.com
pilxeisgame.xyz
pilxel.pics
play-pixiels.xyz
polyiehedra.xyz
poylnex.com
producyglabs.shop
pumpfunn.com
raylnex.com
remix-solidity-ipfs.com
remixparentsers.mom
rgb-gygabit.homes
rgb-gygaibit.mom
rgbfusion.homes
rgbgygalblt.homes
ripple-events.com
rufus.pics
sensnbit.com
siliconwallem.lol
sintolcreated.shop
soflare.network
soflfare.network
soflfare.xyz
solnflare.network
solnflare.xyz
spin-top.com
splton.network
starnket.xyz
stomfi.com
strknetwork.xyz
tangiertiger.homes
tior-priojecti.shop
tonamlcheck.com
trados-studio.pics
trados-studio.shop
turbo-cad.shop
v3-balancer.com
v3-bancor.com
v3-lido.com
valorantskinchanger.pro
viber-ua.shop
warzoneunlockalltool.com
xswapfinance.xyz
yupiterproject.info
zerolandproject.xyz

# Reference: https://x.com/BlinkzSec/status/1972325367684665707
# Reference: https://www.virustotal.com/gui/file/373cf41c5202b8d1c3a87a58e2d6496549edbe5fcae317b84fe393e432324b5b/detection
# Reference: https://www.virustotal.com/gui/file/5be12d5750b54057480f55c47eb0a7e1805d804375946c38666ee37238bb0336/detection
# BANNER_0_HASH-HOST=fba10f7f78009ba109fc111f841835f4
# BANNER_0_HASH-HOST=ca1d5177ddfd5274d031e45baa3c786d

accounts-problem.com
accountsproblem.com
bug.systems
bugs-center.com
bugs-report.com
center-id.help
crash-center.com
device-issues.help
device-problem.com
device-problems.com
devices-support.com
devices-update.com
devices.help
drive-assistant.net
errorfix.help
help-report.com
iboostos.com
ioptimizor.com
ispeedos.com
js-lib.com
linertarim.com
macos.help
os-x.guide
problems-center.com
problems.click
problems.support
problemsystem.com
problemsystem.help
system-bugs.center
system-bugs.com
system-problem.com
system-problems.com
troubles.help
troubleshoot.center
troubleshub.com
updates-center.com
webfiles.app
apple.problems.support
apple.troubleshub.com

# Reference: https://x.com/Crose_96/status/1972756686298648592
# BANNER_0_HASH-HOST=33112a6a90c0a3b487c9d7aeeaba8d63
# BANNER_0_HASH-HOST=6d70cd55f20812dd63b9eb0e046cd2e2
# BANNER_0_HASH-HOST=75a80569c4d5e2125a7f13e7f0039139
# BANNER_0_HASH-HOST=f497dfe9f81886ae587a9ee1c4420ccd
# BANNER_0_HASH-HOST=0d51803dc11f33bc6d4e18f1c7ded400
# BANNER_0_HASH-HOST=c8be5302f0646191737c5611a7a87b4e
# BANNER_0_HASH-HOST=6c21f7ebc2d1c8bcb35b34cba6f7d068
# BANNER_0_HASH-HOST=3c90c989895a2e22d24ff13e494bcd25
# BANNER_0_HASH-HOST=e0d547ae4d129f36f34ca53fc71ca8f8
# BANNER_0_HASH-HOST=d272b623803f0a4fa13f4da676699031
# BANNER_0_HASH-HOST=f5c07882687553671cf14c6a2514c8c9
# BANNER_0_HASH-HOST=fa2c6e4749c9063dfcf512cf20a01342
# BANNER_0_HASH-HOST=fb36754f91ca47ac62622395597c53fb
# CLASS_0_HASH-HOST=77bcbf9b44a9e2a3981824085bb1205d
# META-HOST=:::"twitter:creator":"Virtuoso Rift"
# TITLE-HOST=Download for macOS — DMG or via bash
# TITLE-HOST=Reset for macOS — via bash

http://95.85.237.235
100pesos.ph
1hive.online
360dumedia.com
a4aclan.cfd
acetothree.com
ads360service.com
aicybersecuritygrc.com
alldomainnews.com
amyluc.com
anecdote.press
angel-dena.online
angkabet12.online
aotmac.com
api-adserver.hnproject.xyz
api-dev.vocasia.id
api.vocasia.id
apipdf.sbs
apparelmitten.xyz
apple-develope.com
apple-develope.support
apps-install-mac.com
apps.ellishbohemian.com
appsformacs.com
appstorrent.cc
aqmarithm.com
ariaplus.me
artemesiav.com
aryna-sabalenka-partner.my
astralpacketcore1.cfd
astralpacketcore1.homes
astralpacketcore1.lol
astralpacketcore1.sbs
astralpacketcore1.xyz
astralpacketcore2.lol
astralpacketcore3.lat
astralpacketcore3.lol
astralpacketcore4.cyou
astralpacketcore4.lol
astralpacketcore4.xyz
astralpacketcore5.cyou
astralpacketcore5.xyz
athalaga.com
bah.lol
bankmantap.com
bestplayer.site
betpon.store
bigtrustdata.cc
biscuit.legionkraken.io
bobatotowin889.online
bokepsimontok.id
boobsgoals.com
bookepw.com
boostbiotics.com
brninfo.click
btc-cuts.macos-app.com
buy-yasmin.store
casdiorcdnlink.online
casinobu.live
cdn-cursor.com
celaysimplined.com
cenagratis.com
cladehub.com
claude.slaygent.ai
clawddddd.com
cleahmyimac.com
cleaniymac.com
cleanmymac.online
clickheree.click
cloudfile19mac.sbs
cloudflare-5uz.pages.dev
cmaiaksodkgiuwaka.pages.dev
code.codixcody.com
codixcody.com
coinmarketloans.com
computerhelpforums.net
console.serverlab.shop
control.apipdf.sbs
cosmicrelayhub2.lol
cosmicrelayhub2.sbs
cosmicrelayhub2.xyz
cosmicrelayhub3.cfd
cosmicrelayhub3.lol
cosmicrelayhub4.cyou
cosmicrelayhub4.lol
cosmicrelayhub4.mom
cosmicrelayhub4.xyz
cosmicrelayhub5.cyou
cosmicrelayhub5.homes
cosmicrelayhub5.xyz
cpanel.macos-app.com
creptomus.com
criptomus.com
crucial420.com
cryptomuc.com
cryptomus-app.com
cryptomus-payment-check.com
cryptomus-payments.com
cryptomus-wallet.com
cryptomus.live
cryptomustestnetik.icu
cryptotradesolutions.com
cryptowavematrix4.lol
cryptowavematrix8.cyou
cungxemtin.macos-app.com
cunkale.me
dana123gg.org
dataprismcore3.sbs
dataprismcore4.sbs
davidtinker.com
depobos12.online
dffhj8wjfiwqowf.pages.dev
diana4dwin887.online
directsendhub06.com
download.macos-app.com
downloamacos.com
downmacos.com
drangelfranco.com
easywatchdeal.com
egreenservices.com
email-marketing.hnproject.xyz
emapia.com
empensemairtue.com
evrohome.com
exponentialmc.lat
ezy-apk.macos-app.com
fastdownloaddata.com
favorimgiristop.top
fileambervault.com
fileanchorbay.com
fileaspenstore.com
filebananafolder.sbs
filebasecloud.com
filebinarycraft.com
filebirchshare.com
fileblobforge.com
filebreezelantern.sbs
filebridgepro.com
filebrightbanana.com
filebrightorange.com
filebroccoligarden.com
filebubblecastle.sbs
filebufferstorm.com
filebyteforge.com
filebyteframe.com
filebytegrove.com
filebyteworks.com
filecabbagehub.com
filecacheworks.com
filecactusengine.sbs
filecedarvault.com
filecherryland.com
fileclearcherry.com
filecloudarena.com
filecloudpepper.sbs
filecloudpoint.com
filecloudrivet.com
filecloudsplice.com
filecobweb.com
filecodeforge.com
filecoffeelabs.com
filecopperisland.sbs
filecoregrid.com
filecottonradar.sbs
filecrisppear.com
filecrystalbridge.sbs
filecrystalloom.com
filecyberstack.com
filecybertrail.com
filedashy.com
filedatasphere.com
filedockcenter.com
filedriftforest.com
filedrivecentral.com
filedriveforge.com
filedriveshard.com
filedrivespace.com
fileechoember.com
fileechoport20.com
fileenginebay.com
filefactorylab.com
filefetchloom.com
fileflowcloud.com
fileflowmarket.com
filefogcrate.com
fileforestorbit.sbs
fileframelink.com
fileframelogic.com
filefreshgrape.com
filefrostbutterfly.com
filefrozenvector.com
filefusionstack.com
filegardenhub.com
filegarlicmarket.com
fileglowtin.com
filegoldcoffee.com
filegoldenberry.com
filegranitebutter.sbs
filegrassland.com
filegreenbanana.com
filegridlabs.com
filegridstone.com
filegrowthlabs.com
filehappycoffee.com
filehashfile.com
filehostlogic.com
filehypermesh.com
fileivoryspark.com
filekernelbase.com
filekernelworks.com
fileleafpoint.com
filelemonzone.com
filelinkspace.com
filelogicpear.com
filelogicstack.com
filemaplecamera.sbs
filemaplecloud.com
filemarblefalcon.com
filemarblegarden.sbs
filematrixhub.com
filematrixvault.com
filemelonhub.com
filemetalviolet.sbs
filemeteorblanket.sbs
filemintlantern.com
filemisthub.com
filemistrelay.com
filemonkeyhub.com
filemoonpickle.sbs
fileneonbasket.sbs
filenetworklab.com
filenodeforge.com
fileoaklane.com
fileoceanhammer.sbs
fileoceantrade.com
fileonionworld.com
fileopticdock.com
fileorbden.com
fileorbhub.com
fileorbitfactory.com
fileorchidmagnet.sbs
filepacketflow.com
filepaperfalcon.sbs
filepaperpilot.com
filepathfig.com
filepepperstudio.sbs
filepepperzone.com
filepixelcache.com
filepixelforge.com
filepixelharbor.sbs
fileplanetbanana.com
fileplanetcoffee.sbs
fileplumcircle.com
filepotatostore.com
filepowerhouse.com
filequantmesh.com
filequickburger.com
fileradarcache.com
filerivercanvas.sbs
filesandwichrobot.sbs
fileservernode.com
fileshadowlane.com
filesignalbay.com
filesilvermarket.sbs
filesoftcaramel.com
filesoftsandwich.com
filesolarpatch.com
filesprinter.com
filestackfield.com
filestackplum.com
filestellarhive.com
filestreamguava.com
filesweetcookie.com
filetensorlink.com
filethundercrest.com
filetigersignal.sbs
filetimberwallet.sbs
filetomatofarm.com
filetoolscenter.com
fileuplinkcove.com
filevaporlibrary.com
filevaultplatform.com
filevectorlab.com
filevelvetrocket.sbs
filevelvettractor.sbs
filevertexlab.com
filevoidcascade.com
filevortexink.com
filewildshadow.com
filewillowdrive.com
filewintermachine.sbs
filezonelychee.com
filrcloudbridge.com
filrnextfolder.com
filropenstorage.com
filrprojectspace.com
filrquickupload.com
filrsafekeep.com
filrworksync.com
finalcut-app.com
finenci.com
firstcigarette.com
fluxstoragehub3.sbs
fluxstoragehub4.cyou
focusdiversity.com
formals.org
g.lazadacdn.com
gamematrix.site
garitotowin87.online
gaybreakups.com
gdplayer.fairuseonly.xyz
geekbrainload.com
get-cursor-app.com
get-logic-app.com
get4paynomore.com
getfourpaynomore.com
getstig.org
gfhjkiuhjgbk.pages.dev
ghjnbvfrt567.pages.dev
git44share.sbs
github-appcleaner.appstorrent.cc
github-appcleaner.macos-appguide.com
github-appcleaner.macosappguide.com
github-crossover.appstorrent.cc
github-crossover.macos-appguide.com
github-fancontrol.appstorrent.cc
github-fancontrol.macos-appguide.com
github-homebrew.appstorrent.cc
github-homebrew.macos-appguide.com
github-homebrew.macosappguide.com
github-iina.appstorrent.cc
github-iina.macos-appguide.com
github-iterm.appstorrent.cc
github-iterm.macos-appguide.com
github-iterm.macosappguide.com
github-nodejs.macos-appguide.com
github-nodejs.macosappguide.com
github-postgresql.macos-appguide.com
github-postgresql.macosappguide.com
github-postman.macos-appguide.com
github-postman.macosappguide.com
github-sublimetext.macosappguide.com
github-teams.macosappguide.com
github-tunnelblick.appstorrent.cc
github-tunnelblick.macos-appguide.com
github-tunnelblick.macosappguide.com
github-unarchiver.appstorrent.cc
github-unarchiver.macos-appguide.com
github-vlc.appstorrent.cc
github-vlc.macos-appguide.com
github-vscode.macosappguide.com
glcsnoampgiris.top
glossbyda.com
goluxu.macos-app.com
googl.secureapps.live
gopy777.com
gov-bd.live
gq.legionkraken.io
gua.wantmygift.com
hizlifast.com
hjeujkilem.pages.dev
holder.money
homezrx.com
host.cleanmymac.online
hostadmin77.com
hyperdatamesh1.cfd
hyperdatamesh1.lol
hyperdatamesh1.sbs
hyperdatamesh2.cfd
hyperdatamesh2.lol
hyperdatamesh3.cfd
hyperdatamesh3.cyou
hyperdatamesh3.lol
hyperdatamesh4.baby
hyperdatamesh4.cfd
hyperdatamesh4.cyou
hyperdatamesh4.xyz
hyperdatamesh5.cfd
hyperdatamesh5.lol
illudie.com
indo24hnews.macos-app.com
indonesiafilenetwork.macos-app.com
info.ariaplus.me
install-mac-apps.com
insurranceself.macos-app.com
internetnewsfeed.com
inventory.kym.or.id
invoice-crypomus.com
invoice-crypotmus.com
ishengtong.com
iterm.macosappguide.com
iterm2macos.com
kasdpdmkaasjiaksaoa.pages.dev
kastoto887top.online
kazzs.com
khuyenmai188bet.macos-app.com
khuyenmaim88.macos-app.com
koitoto992jpwin.online
l.anecdote.press
lambobahisamp.top
lazadacdn.com
lcloud77mac.com
lesbianbreakup.com
lesbianbreakups.com
lineargit.lat
livewebcam4u.macos-app.com
m-aum.macos-app.com
m0nopoly-go.site
mac-backup.com
mac-byte-bridge.com
mac-lcloude.sbs
mac-roproforge.digital
mac-zip-rocket.com
mac11oscloud.com
mac1oscloud.com
mac22oscloud.com
mac2cloud.com
mac2cloud4you.com
mac2oscloud.com
mac33oscloud.com
mac3oscloud.com
mac44oscloud.com
mac5oscloud.com
mac66oscloud.com
mac6oscloud.com
mac777oscloud.com
mac77oscloud.com
mac7oscloud.com
mac888oscloud.com
mac8oscloud.com
mac99oscloud.com
mac9oscloud.com
macapp.it.com
macappcore.com
macapplab.com
macappnest.com
macaroq.com
macaroza.com
macblobbus.com
macbridgelink.com
macbytegrab.com
maccacheportal.com
maccarrier.com
maccastlink.com
maccaststream.com
maccdncanyon.com
maccl0ude.com
maccloud12.com
maccloud4you.com
maccodenode.com
maccouriergo.com
maccryptodrop.com
macdatadock.com
macdatapipeline.com
macdataworks.com
macdelta.com
macdockrelay.com
macdockroute.com
macdocpro.com
macdownlink.com
macdriver-drawer.com
macdropio.com
macenix.com
macfile2download.com
macfile4download.com
macfilearmor.com
macfiledownload.com
macfilejet.com
macfilenet.com
macfileseostup.com
macfilesetup.com
macfirstsrtups.com
macfory.com
macgateport.com
macguidecatalog.com
macguidelibrary.com
machelproom.com
machubrelay.com
macivoid.com
maclaneport.com
maclinkon.com
macmigrate.com
macnetcraft.com
macnexusfactory.com
macos-app.com
macos-appguide.com
macos2download.com
macos2file.com
macos2soft.com
macos44soft.com
macos4cloud.com
macos4cloud12.com
macos4download.com
macos4soft.com
macosappguide.com
macoscloud4you.com
macoscloudyou.com
macosdrive.com
macosdrive1.com
macosdrive3.com
macosdrive4.com
macosdrive5.com
macosdrive6.com
macosdrive7.com
macosdrive8.com
macosdrive9.com
macosfile12download.com
macosfile3download.com
macosfile444download.com
macosfile4download.com
macosfile7download.com
macosvpn.com
macpacket.com
macpassage.com
macphotonanchor.com
macpkgzone.com
macportdock.com
macprivacyhub.com
macqueue.com
macquickstartkit.com
macroutedock.com
macsafedatafold.com
macservice-station.com
macsetstopguide.com
macsetupcompanion.com
macsetupfile.com
macsftpspire.com
macshareflash.com
macsharehub.com
macshareup.com
macshortcutlab.com
macsmartlink.com
macsoft834os.info
macsoft838os.info
macsoft848os.info
macsoft848os.online
macsoft849os.info
macsoft849os.online
macsoft938os.info
macsoftwave.com
macstepnotes.com
macstreamer.com
macswiftly.com
mactechdrop.com
mactokentrunk.com
macuplink.com
macuplum.com
macxfercloud.com
magichandshake.com
mail.nxtdrcliam.site
mail1.m-aum.macos-app.com
mainporno.com
maphercheitylus.com
martapaszt.forum
micphotography.com
modestopowerwashing.com
mpacksmedia.online
multichainfolder.com
my-css.online
mybbrc.com
mycodingtoolsd.com
nakama77.online
nebulasyncforge3.mom
nebulasyncforge5.mom
newyorkcity-tour.macos-app.com
nexusriftcore2.cfd
nisanbetgiris.store
nodejs-app.com
nxtdrcliam.site
octotore.com
ogrdowafontanna.pics
oilless.lol
okbos.live
okcuipid.com
opaltogel12.online
opportunitygifts.com
orbitstreamvault2.cfd
orbitstreamvault2.pics
orbitstreamvault4.cyou
orbitstreamvault5.lat
osmac87file.com
ovogacor.online
pafipekanbaru.site
paktoto178winjp.online
pay.1hive.online
pay.cryptomus.live
payamvls.com
presidenslot88.online
provablyfairapp.com
qqhokwarp.com
qris.pw
quantumcachegrid2.baby
quicksandtrousers.xyz
radiant.lat
radtkeins.com
rafallokwenc.autos
reddio.org
refriluxefeitosa.com
rends.me
resetguidemacos.com
restaurantdelivery.org
roypayment.com
safesyncgate10.com
search.secureapps.live
secureapps.live
sflink.xyz
share111git.autos
share111git.beauty
share111git.homes
share111git.quest
share2e2git.sbs
shmsports.com
showfastdeal.com
sicantik.site
singaporetourtip.macos-app.com
site.ariaplus.me
skolaf.com
soft4macos.com
softmacos.com
solid-peak-tai7.pages.dev
solscan.website
sowinsamponline.top
speechotclinic.com
ssmatome.com
stellarbackupnode1.cfd
stellarbackupnode4.baby
stellarbackupnode4.cyou
stellarbackupnode4.pics
stellarbackupnode4.xyz
stellarnodehub1.pics
stellarnodehub4.lat
stellarnodehub5.cfd
stellarpixelnode4.lol
stellarpixelnode5.cfd
stellarpixelnode5.lol
stellarpixelnode8.cfd
streamofday.com
sublimetext.macosappguide.com
suipport.com
sukienvlmb.macos-app.com
sunds.gd
superligawin168ori.online
surokka-gov-bd.click
tadanohito.com
tapchitin20s.macos-app.com
tcibrand.com
techplw.com
tenminutetakeaways.com
teslatoto77.online
ticktick-app.com
tiktok.bokepsimontok.id
timsline.com
tinthoisu24h.macos-app.com
togelup234jp.online
tokem6900.com
token69000.com
tonightthais.macos-app.com
too.clawddddd.com
torrents4mac.com
tradingflowersviw.com
tradngvew.com
travelchanneleurope.macos-app.com
travelnewforest.macos-app.com
trumpanalysis.com
uhyjtkriufhjkd.pages.dev
ukforester.com
ultranodecluster1.cyou
ultranodecluster1.lol
ultranodecluster1.mom
ultranodecluster2.lol
ultranodecluster3.cfd
ultranodecluster3.sbs
ultranodecluster3.xyz
ultranodecluster4.lol
ultranodecluster5.homes
ultranodecluster5.lol
ultranodecluster5.sbs
ultranodecluster5.xyz
uparjonkori.com
update.bookepw.com
upload-image.click
upsreit.com
uptorank.com
us.yobokep.id
vectorpulsemesh8.cyou
videogxhd58.macos-app.com
virtuosorift.com
visareit.com
visionarytechies.com
visionsfcu.cloud
vocasia.id
voltekled.com
vpnforyourmac.com
vrsmm.com
vrsmm.com100pesos.ph
wayimprove.com
webdisk.macos-app.com
woolcrib.info
xinhspa.macos-app.com
yamrest.xyz
yobokep.id
yourdream2reality.com
zingstream69.macos-app.com
bit.sublimetext.macosappguide.com
github.iterm.macosappguide.com

# Reference: https://x.com/suyog41/status/1973987326461423676
# Reference: https://www.virustotal.com/gui/file/a031ba8111ded0c11acfedea9ab83b4be8274584da71bcc88ff72e2d51957dd7/detection
# Reference: https://www.virustotal.com/gui/file/8616284574b01363f791b26d921ae80a7bb3449c5f752df27ada99e507b3203d/detection

franceparfumes.org

# Reference: https://x.com/solostalking/status/1974037558100181430
# CLASS_0_HASH-HOST=34c4fad1530860981c4a1503d64edbb7

adguardapp.com
altyazitube63.lat
auki.supply
aztec-x.network
aztecnetwork.biz
aztecnetwork.digital
aztecnetwork.ink
aztecvault.xyz
brevvis.xyz
claim-brevis.net
cloud-washington.com
digitthorentarix-plexovimiranda.cfd
dropsradar.org
enroll-reppo.xyz
farlabs.live
flare2025.com
gohixes.com
intercheck-cloud.com
jesook.com
kindomford.com
pin-up0046.com
racerdotfun.xyz
revapay.icu
superfornfoundation.xyz
team-extension.pages.dev
team-extensions.pages.dev
cloud.flare2025.com

# Reference: https://x.com/banthisguy9349/status/1974815914060042313
# Reference: https://www.virustotal.com/gui/file/087ab01c622f24c3bbcc8a40da822b80af7941c0017ce925725200aae1969510/detection
# Reference: https://www.virustotal.com/gui/file/0bfa39bb8695539e0e588ce39a35752849873e00fa8f68f744884e2ef66d0f98/detection
# Reference: https://www.virustotal.com/gui/file/748f68dca2824613e130bd6b852c55f18b56447d0a0188f7ad404a3fb476befd/detection

progressdev.xyz

# Reference: https://x.com/suyog41/status/1975518926252511465
# Reference: https://www.virustotal.com/gui/file/7f69f3012e134d1f5084fbb9086697da66a9b0e9240c4e1413777b9e1099aca9/detection

aubr.io

# Reference: https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/
# Reference: https://www.virustotal.com/gui/ip-address/188.92.28.186/relations
# CLASS_0_HASH-HOST=81fdcf68dec325a6b52e368488781a14
# FAVICON_HASH-HOST=a7eda883652648ec8df1e5542b6bb404

http://188.92.28.186
http://45.144.233.192
2pi-bd.com
2pijobs.com
actorspruce.com
aluguelfoco.com
app-en-us.pro
aureateneses.live
axlecord.com
bartio-faucetberachain.lol
bartio-faucets-berachained.lol
blueswap.world
claim-chain.link
claudflurer.com
cleanshot.us
cliente.aluguelfoco.com
cloudlare-lndex.com
coingecko.com-en-us.cloud
com-en-us.cloud
connectaccountingadvisory.co.uk
cyfrowewitryny.online
dactarbari-healthsuite.com
dactarbari.com
debank.com-en-us.cloud
deepseek.com-en-us.cloud
digitarenexus-moventarionexa.cfd
digitarexalumis-novarionexa.cfd
digitarolumis-moventarionexa.cfd
digitnuvarexa-travonquexil.shop
eagleai-research.pages.dev
eagleailab.com
electrum.com-en-us.cloud
elysianwhimsy.org
exodus.com-en-us.cloud
faucet-berachain.lol
faucet-berachains.lol
financelumo.com
fitgearuniverse.com
fusedbaseball.com
fusionsyncer.online
galxe.com-en-us.cloud
github.com-en-us.cloud
hesicoi2.za.com
hoeutrer.com
hoobs.ai
ibs-express.com
ibsexpress.cg
indexsm.com
io-en-us.info
itts.pages.dev
kynterra.com
leaderboarduniswaportfolio.app
ledger.com-en-us.cloud
link-chainlink.com
looksrare.com-en-us.cloud
mail.tesllamacapp.com
mangoder.com
migration-propchain.xyz
navigantix.com
neuraprotocol.icu
novaeclfew.com
opensea.io-en-us.info
orbiter.com-en-us.cloud
orionix.pro
pablico.es
phantom.app-en-us.pro
pinchbug.com
podiumllc.com
pro-pulseagency.com
prunechit.com
rainbet.bet
routejug.top
sapien.lat
scrypto.app
situationspruce.com
skurpmarketing.com
syncswap.com-en-us.cloud
teamsensoft.com
tesllamacapp.com
tuttin-ch.space
ukpropertycert.co.uk
uniswap.com-en-us.cloud
valetfortesla.com
worthchance.com
zantsolution.com
zen-btc.app
zenflex.site

# Reference: https://x.com/L0Psec/status/1975982420919976412
# Reference: https://www.virustotal.com/gui/file/43f7d89e7e3493be24989f1ce5dfbe7fd2869828b8f767645840921cdb92a4c1/detection

nadrty.com

# Reference: https://x.com/Crose_96/status/1976799349779972472
# Reference: https://x.com/Crose_96/status/1976805425455808909
# Reference: https://www.virustotal.com/gui/ip-address/185.251.89.109/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.177.184.137/relations

elasticdataport.com
metricsaggregator.to
nodalservicebase.com
quietlybuildzone.com
secureapimiddleware.com
shadowqueueflow.com
staticruntimelog.com
brsp.secureapimiddleware.com
comgamma.secureapimiddleware.com
gamma.metricsaggregator.to
gamma.secureapimiddleware.com
plsp.metricsaggregator.to
plsp.secureapimiddleware.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/7678

shoter.org

# Reference: https://x.com/suyog41/status/1977605119450735044
# Reference: https://www.virustotal.com/gui/file/ab65b877ba971181e2c4729b4fcbc0375ec70c8f7b0fa7262fd84d5272fb2fcf/detection

nexpal.cc

# Reference: https://x.com/suyog41/status/1978706393692606688
# Reference: https://www.virustotal.com/gui/file/7ae7136853d286fbabc1da07ee891a0c385096ac3be8b3c8c7088c6265e4517f/detection

http://217.119.139.97
217.119.139.97:2000

# Reference: https://www.virustotal.com/gui/file/02c5c936e8bad1d6e9252ad47e0544e91bc33d69c1ed12eadf66fdeae0fff49a/detection
# Reference: https://www.virustotal.com/gui/file/4f69f7abbccb60f04b0eeaee7a37054475abef18e9dc6be1c2c183937783e593/detection
# Reference: https://www.virustotal.com/gui/file/5824b7a5cb3a5bd3a1fd20f6b577a78fff9462e6553cb5dcac2cd342a842f863/detection
# Reference: https://www.virustotal.com/gui/file/947981e686ad189d1365ba3aeae7e30d4a4fd2588824be64e19f04d2888ff502/detection
# Reference: https://www.virustotal.com/gui/file/a231b0c685a774fcbfc05a06af9476b7c82a4b0103cf6796151fc7697a9de826/detection
# Reference: https://www.virustotal.com/gui/file/a2a0a44a8d2a6054df00b9228df73261b8c9b961ea8d394f9a2b7f2ca2a64482/detection
# Reference: https://www.virustotal.com/gui/file/e19924793392da65c27889c6454172125c52f3b39ec198bdae15b7acabcd6b04/detection
# Reference: https://www.virustotal.com/gui/file/fec84913c615173ba00f10778005ce9930db572849d931a065bc73485e4b1340/detection

/api/v1/xuystats

# Reference: https://www.virustotal.com/gui/ip-address/87.120.93.15/relations

arctikshown.com
nuvraka.com
tradingview-mac.com

# Reference: https://x.com/L0Psec/status/1980965563636789444
# Reference: https://www.virustotal.com/gui/file/9a4b14a7ff3cc6443a2b9e3a95a2259295d5809b81cd5829d12fa87d4e60ed71/detection

security-att.com

# Reference: https://x.com/Crose_96/status/1981842656704835769
# Reference: https://x.com/Crose_96/status/1981842834157449479
# Reference: https://x.com/Crose_96/status/1981842856307491190
# Reference: https://www.virustotal.com/gui/file/23ca3d8cb9012c97f95756ab6653f68954c6f233c75f28ad3d4ede37192866b3/detection
# Reference: https://www.virustotal.com/gui/file/87dcdf8506abc83870502ced2cef13731feb95a87229680b98e30faa7d88f998/detection

http://185.95.156.240
alamostc.org
apple-fixhub.com
sktmed.com

# Reference: https://x.com/L0Psec/status/1982063577839157470
# Reference: https://x.com/L0Psec/status/1982059747789734225
# Reference: https://www.virustotal.com/gui/ip-address/45.159.79.219/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.44.87.204/relations
# Reference: https://www.virustotal.com/gui/file/b9ef067ffa09d325a7e378f5495b405d2a6c798795df64ae7cf2fffd8dd2ed4e/detection
# Reference: https://www.virustotal.com/gui/file/15a36e85513b7b41f91f5a41e3a6b483a07096875ee0c437c8f5a6291f017a33/detection
# Reference: https://www.virustotal.com/gui/file/62a247ca3de53553561b50d99fb7565315f7e5947ee16001873ef88927547c4c/detection
# Reference: https://www.virustotal.com/gui/file/b78bc3129be7eb0acae309be4ef96710f886fbe6b2d86a70b1cec3a72fa63ccb/detection
# Reference: https://www.virustotal.com/gui/file/ff3a686d19f69ac1067534471fc25fa05c301db46c49a0415d2cb310dbe6af79/detection
# Reference: https://www.virustotal.com/gui/file/c9dea3af7df48d897f8deb1b5d00a9d01c59fce16899008a6ca0a8c2e7ec9b90/detection
# Reference: https://www.virustotal.com/gui/file/99dd79f9d3bee8df2751734130db381b4af18b46e99cd25654e5460de75bb5f2/detection
# Reference: https://www.virustotal.com/gui/file/738dfff9619135ef8c92d4002b41a59e6c900ad1212b1ee2f0e5523b4e7dfbec/detection
# Reference: https://www.virustotal.com/gui/file/63dde5442626cd25900f42c013c691f822042d4037e1ff180fb613a904b612b7/detection
# Reference: https://www.virustotal.com/gui/file/5feabe20874d4f201668da68ca1e86ee679e91e83ec076cbfb60403de0f455e5/detection
# Reference: https://www.virustotal.com/gui/file/38152f2eef983395ed7c0187299a95078090221cb15b1eaef65ef616ce78e051/detection
# Reference: https://www.virustotal.com/gui/file/133c208e9a3ecf572ae416dac8e5d4d6f1239a7959d4f4adf118d272446b4dc9/detection
# Reference: https://www.virustotal.com/gui/file/10dd967e952639e9b29f43b8534e97abea0e5ac0c31b1fe2178e47983c62182e/detection
# Reference: https://www.virustotal.com/gui/file/e0cad06a4af839da02db55c9c7c7b8fdf52b5b595e5111e5ea3dabb065dafa66/detection
# Reference: https://www.virustotal.com/gui/file/c15a0c4a7d8e9e0c40122043a65f4030246f5605f97dae97eadd3c8e42c1ade2/detection
# Reference: https://www.virustotal.com/gui/file/0b0734fa1b4280f35b5c9c57b9aa110c9a322c22924c8c2c08f39ad166a7d3c8/detection
# Reference: https://www.virustotal.com/gui/file/07d05be5a2031cdd3a12ceb44c3a84075c738e94dbf58566f26b0d91aaa011db/detection
# Reference: https://www.virustotal.com/gui/file/0a1e0d4ed50f9d2988b6f9097dfebc703347e38e5751adcbdde21dcf7a7e0e3b/detection
# Reference: https://www.virustotal.com/gui/file/bc02ee28487208ea4de35f5439f63f60a456b619552f77f2d725cb4140e3b505/detection
# Reference: https://www.virustotal.com/gui/file/0c10b41852c60aa55e5ee3338347be89233072c36852db18f900891c5e3fa714/detection
# Reference: https://www.virustotal.com/gui/file/4764de462124a6a6c18eee2ea3b15886a7a429ab63316be9ad9be75f13d3f4de/detection
# Reference: https://www.virustotal.com/gui/file/598745d81cd8935fde142644ab4ce527071b60ffe2b4ddac73e4f45eec927317/detection
# Reference: https://www.virustotal.com/gui/file/721bd5030773e8fc11f17e725cf2ed19357546cb4ec2653cfe8c752ab0e4cc03/detection
# Reference: https://www.virustotal.com/gui/file/a38be1dd99f2bafa52f858a1f40d46a830da2f45029fe3d8f405781cc2392e48/detection
# Reference: https://www.virustotal.com/gui/file/c3178905a95a5037110f65343378eb562221a8d7c5cbb986b9674609d33e59d6/detection
# Reference: https://www.virustotal.com/gui/file/f2821f2d701a44890fe73d246feb057bd88ee83de4a1263ff9587fdfbb3a79c7/detection
# BANNER_0_HASH-HOST=e09a907e91bd7540a463157a120bbe84
# BANNER_0_HASH-HOST=4f7505bf09b569d2cfe36e17f4147761
# BANNER_0_HASH-HOST=2a504073b2190b0a497965d049cc7b84

abusefolder.com
abusemode.xyz
abuserepo.com
affectway.com
algfirst.com
algsend.com
alkormuse.com
andrybork.space
applegrowe.com
basicdouble.space
boardcourt.com
borkdeal.com
boss-b.live
buchhalterupgrade.com
budgetwijs.com
buildnetcrew.com
busdtape.top
bynvex.com
cerplx.com
chicagosone.com
chillzome.space
colaideborn.com
corpfin-advisory.com
dalafrid.cloud
defaultgater.com
defeatgate.com
defidork.com
defistame.com
deforkmade.com
delivewryme.com
dhulinwerkol.com
digitaletrends.com
digitalewereld.com
dreksim.com
drumcath.com
ergodown.com
filebreef.com
fin-majster.com
fin-slim.com
fin-techzone.com
fin-wijs.com
finan-plan.com
fincieelslim.com
fingramsk.com
finmajster.com
fintipy.com
fiscoskillz.com
folkdoom.com
footballee.com
forcemapp.com
forestnumb.top
frostlwake.com
frozendoome.com
futurefinhub.com
gatedm.com
gatemonteray.com
globalnetman.xyz
graktim.com
greenmodee.com
gynthor.com
help-googleworkspace.com
jantiagoserimodo.com
letgenmode.top
metricmind.net
mind-mastr.com
novauctovnictvo.com
oct-memberfix.space
pfcleaner.com
prunkmjakfolr.com
sg-grow.com
spaarslim-bel.com
u-varo.com
vipgatesecond.top
walikomart.org
wallmrt.net
wlynketozosmone.com
xaphildhrenak.com
yrdansilvera.com
archive.boardcourt.com
archives.boardcourt.com
bsdzcpcp.boardcourt.com
dhrtiqyt.boardcourt.com
emfhgsgy.boardcourt.com
eoaqgpmv.frozendoome.com
itzzonwi.boardcourt.com
jojeayry.boardcourt.com
kfpmddem.boardcourt.com
kwkhfist.boardcourt.com
lwwtkrlm.boardcourt.com
mrgjwlit.boardcourt.com
mvsvnibh.applegrowe.com
pxfgvber.boardcourt.com
redbusprimarydns.boardcourt.com
redbussecondarydns.boardcourt.com
site.budgetwijs.com
site.digitaletrends.com
site.digitalewereld.com
site.fin-majster.com
site.fingramsk.com
site.mind-mastr.com
thuhfovs.boardcourt.com
tztqdmlc.boardcourt.com
vsbtzdey.boardcourt.com
vvxamgim.buildnetcrew.com

# Reference: https://x.com/g0njxa/status/1982934216489984157

apple-pkgs.com
mymadowload.com
ztotys.com

# Reference: https://x.com/suyog41/status/1985611651136307312
# Reference: https://www.virustotal.com/gui/ip-address/77.239.99.216/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.141.160.60/relations
# Reference: https://www.virustotal.com/gui/file/b805acd4744ca0904a2e238c6eedbc12983424647704a95fa80aff51bdd4069d/detection
# Reference: https://www.virustotal.com/gui/file/b4e02f550e13a6b48e92708fc2950942e5d66df0fb2e32a3235ce711ecf7dd63/detection
# Reference: https://www.virustotal.com/gui/file/fb4db942e88f92744fd446de08beafc7d8388e50a5597a8180b049a83e9dc767/detection
# Reference: https://www.virustotal.com/gui/file/088df122fc246fe5374c99e26932d6d9b3c47056ebe58ce1aac0de41d34540f9/detection
# Reference: https://www.virustotal.com/gui/file/f597e9a126f45a0c4506eebe4882f758a2d03ba12079a97a394b1262e395b6b0/detection
# CERT_DOMAIN-HOST=internal

aldentemore.com
apple-java.com
code-cloudflare.com
delgone.space
efordstaut.space
elbrone.com
gate-default.com
gonabemsi.com
lowerdown.space
mac0soft.com
mac2soft.com
mac3soft.com
mac44soft.com
nordmest.com
torodusty.com
workspace-googlemeet.com

# Reference: https://x.com/L0Psec/status/1986258563484831945
# Reference: https://www.virustotal.com/gui/file/589e3f581bdf621b1ddc2ad59a04813a576e48a4fab0b817dbbaae0d55986641/detection

ardeseni.com

# Reference: https://x.com/suyog41/status/1986677968048169222
# Reference: https://www.virustotal.com/gui/file/7145aac66db544b6e2aa41402b1dd684de6d6db137ff938687e0e2ef56d666d6/detection
# Reference: https://www.virustotal.com/gui/file/c4a49d32369ea408fd0439139625304ba6be0439dddf806c46ef985295604eed/detection
# Reference: https://www.virustotal.com/gui/file/02b5e90522b49b3aab96480ebd7cb29e9c7cc628d65ca0b02555022879192302/detection

vipgatearea.com

# Reference: https://izzyboop.com/posts/macsync/
# Reference: https://www.virustotal.com/gui/file/571ddf01e407ecddca1df9db3e5212f8ae76d8d3dfea292facdb862b984ddb67/detection

disruptmyself.com
58462.disruptmyself.com

# Reference: https://www.virustotal.com/gui/ip-address/87.120.93.15/relations
# BANNER_0_HASH-HOST=6c266b25bda0e809c035a0d8a908612b
# BANNER_0_HASH-HOST=84d41b483d5739046e8dd7f85fef6fb1
# TITLE-HOST=Sora 2 — AI without limits for everyone.
# TITLE-HOST=Download for macOS

50promo.com
50promogift.com
573uuu.top
afina-interview.com
afina-interviews.com
canvaspigeon.icu
chatgptsapp.com
download2026.com
getsora.app
getsora.cc
honestly.ink
lucky-io.com
megaxwinvip.art
openai-sora2.com
sorachatgpts.com
updatesrc.bet
zip-trader.com
app.download2026.com
bitkub.50promogift.com
mac.download2026.com
sora.chatgptsapp.com
sora.sorachatgpts.com
v2.chatgptsapp.com
sora.app.download2026.com
sora.mac.download2026.com
sora.v2.chatgptsapp.com

# Reference: https://x.com/L0Psec/status/1988942977767801063
# Reference: https://www.virustotal.com/gui/ip-address/144.31.90.59/relations
# Reference: https://urlscan.io/result/019a7d22-0976-749b-9588-e0f4997733f6/

promo2026.com
promo20l26.com
trad1ngv1ew.blog
tradinviewai.com
tradingview.promo2026.com
tradingview.promo20l26.com
tradingview.new.promo2026.com

# Reference: https://x.com/suyog41/status/1988567262458986837
# Reference: https://www.virustotal.com/gui/ip-address/77.239.99.216/relations
# Reference: https://www.virustotal.com/gui/file/e3102ab9b39d68d1372691c48366d77e977a1410b92919622b86538c31ac74d5/detection
# Reference: https://www.virustotal.com/gui/file/fc2743722e53b87de3b24294d09b79af664534678bf13c6566cdb669463c0830/detection
# Reference: https://www.virustotal.com/gui/file/9fae4d1171db0458612b0308c8e05dcce71e5863855fda05bce120a23408845a/detection
# Reference: https://www.virustotal.com/gui/file/9887aeecc52d368fe4442a7d9d5aecd24dfdb1f122a17e036bb2f3ae2be77be7/detection

amicl.com
atmung.com
aromasynergy.com
cerrillos.com
falsealarms.com
nhaxuong.com
secureave.com
stockalfa.com
taskpicks.com
veryfocus.com

# Reference: https://x.com/txhaflaire/status/1989007806255542281
# Reference: https://x.com/L0Psec/status/1989048095687258118
# Reference: https://x.com/malwrhunterteam/status/2014982649895387592
# Reference: https://x.com/L0Psec/status/2015047749733933457
# Reference: https://www.jamf.com/blog/jtl-digitstealer-macos-infostealer-analysis/
# Reference: https://www.virustotal.com/gui/file/da99f7570b37ddb3d4ed650bc33fa9fbfb883753b2c212704c10f2df12c19f63/detection
# Reference: https://www.virustotal.com/gui/file/9f70756435f474b57765bc004f4ad84d0fb6e29a9aed1c5998c7ee8dfa139baa/detection
# Reference: https://www.virustotal.com/gui/file/47a5467c35b34a28035d82ad75b75a3c1b26bdc6891e1e342db7d4a94f31ed82/detection
# Reference: https://www.virustotal.com/gui/file/dd643a414e9dee3035c90c664bda0f48d251c6d43ce88865ef9fae2056795707/detection
# Reference: https://www.virustotal.com/gui/file/ca699fcc2b74a6bc29032f3fcd3f0cbd4f30103bdffd7875d01af08345a7c894/detection
# Reference: https://www.virustotal.com/gui/file/b46da334d97aaf210873c89bdb08da18db88cc84638986af513a49d663e4091d/detection
# Reference: https://www.virustotal.com/gui/file/5581fc6bb9cb944a9e4ef1f9fe367350824edcc82f517639548530f8f46f2f52/detection
# CLASS_0_HASH-HOST=40761f053f9e3c596078c26e92d0d3d3

applake.app
applelake.app
applelake.io
applelake.org
appsformacs.cc
atlasgpt-browser.com
banana-gun.com
bananagun.cc
centradlispatch.com
chefjeffphilbin.com
clearmacos.com
cushychill.com
dynamichub.app
dynamiclake.org
goldenticketsshop.com
hobework.com
honsteinfacilityservices.com
houstonnphc.com
ledgmanyman.com
ledwindryn.com
livechat-cdn.com
modaalegriadevivir.com
nevadabtcshill.com
segololoraprox.com
sweetseedsbeep.com
67e5143a9ca7d2240c137ef80f2641d6.pages.dev
f0561b4e3c1308eeb8cdd23016ed86ec.pages.dev
f8b2ef8b94b215ce04836d1c47b556ba.pages.dev
srv1023475.hstgr.cloud
lazarusexposed.com
clearvpnshim.com
sockstexasgo.com
booksmagazinetx.com

# Reference: https://x.com/L0Psec/status/1990415249569087601
# Reference: https://www.virustotal.com/gui/file/4d751dd363298589cb436d78cd302f9d794ae1e3670722a464884be908671a9c/detection
# Reference: https://www.virustotal.com/gui/file/65ef40f8eef05b74f2af9f42c367f41c9671438496e2d2a6fa1e5eeb72de8f2f/detection

timebolls.com

# Reference: https://x.com/malwrhunterteam/status/1990747396289278444
# Reference: https://www.virustotal.com/gui/file/745cc1b7f07d3544ab97678081e95f6c726783ed7f3cecdc00587a41966b5cb4/detection

soraxpertai.com

# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.236/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.93.20.210/relations
# TITLE-HOST=Runway Research | Introducing Runway Gen-4

193-143-1-236.cprapid.com
albertdigital-ai.com
api.freevizer.com
distribute-nexo.com
eligible-nexo.com
freevizer.com
ipv6.193-143-1-236.cprapid.com
join-nexo.com
milkroad-token.com
nexo-join.com
nexo-qualified.com
run.upscayl-ai.org
runwau.digital
runway-ai-gen4.org
runway.upscayl-ai.org
season2-kucoin.com
sweet.upscayl-ai.org
upscayl-ai.org

# Reference: https://www.virustotal.com/gui/ip-address/45.93.20.210/relations

ai-creatify.org
ai-deepseek.org
ai-runway.gen3-alpha.com
ai.mysora-app.com
app-creatify.com
app-deepseek.org
app-ispring.com
app-openai.com
app-openai.comindex-sora.app-openai.com
app-sora.org
app-technology.org
check-airdrop.org
comindex-sora.app-openai.com
creatify-app.com
descript-ai.com
escadajobs.com
gen-3-alpha.com
gen-3.me
gen3-alpha.com
get-deepseek.com
get-hiper.me
get-loom.com
get-openai.app-sora.org
get-runway.gen3-alpha.com
get-tradingview.org
index-my.com
index-sora-ai-video.com
index-sora.app-openai.com
index-sora.app-openai.comindex-sora.app-openai.com
la.mysora-app.com
load.mysora-app.com
loom-download.com
lumion2024.com
maxon-cinema4d.com
meta-trader5.com
my-airdropcheck.com
my-creatify.org
my-creativity.org
my-deepseek.com
my-deepseek.org
my-exodus.com
my-hotgame.com
my-koinly.com
my-loom.org
my-pica.art
my-pica.com
mysora-app.com
openai-index-sora.com
openai-index.org
piica-art.com
piica.org
replicate-page.generate-ai.org
run-way.org
runaway-gen3.com
runway-gen3-alpha.com
runway.gen3-alpha.com
sora-ai-download-now.com
sora-ai-explore.com
sora-ai.app-openai.com
sora-installs.com
sora-library.com
soraai-install-now.com
soraai-install.com
sweethome3d-app.org
tarina-haskahakaska.com
tiktoklivestudio.com
tradingview-app.org
tradingview-exchange.com
traidingview-app.com
videoproconv.org
videopto.com

# Reference: https://www.virustotal.com/gui/ip-address/193.233.112.39/relations

doladowania.club
get.ideogrammai.org
ideogrammai.org
my-sweethome.me
myhiper-app.com
myvizard-app.com
sweet-home3d.org
synthesia-app.me
cooy.activecitrux.com
load.myhiper-app.com
load.myvizard-app.com
load.synthesia-app.me
uss.sweet-home3d.org

# Reference: https://www.virustotal.com/gui/ip-address/45.93.20.25/relations

app-trading.xyz
check-air.xyz
creatify.ink
descript-index.com
get-index-sor.com
get-sora-ai.com
git-checker.com
index-download.com
index-sora-app.com
loom.it.com
sor-ai-now.it.com
windsscribe.xyz

# Reference: https://x.com/L0Psec/status/1991525029297942655
# Reference: https://www.virustotal.com/gui/file/5b85fcb9789c2e5acafb527b1c5eadceb0767ca2d60b8730644b58f7f4b65981/detection
# CLASS_0_HASH-HOST=9798869b9313afce18a76e516d7a749a
# FAVICON_HASH-HOST=ba62568a94cbf7dde866f6c34540061c

155-94-155-240.cprapid.com
aeon-winds.com
aeonwoe.com
dreamskygame.com
lunarigame.com
mysticgame.app
mysticgame.online
mysticgameplay.com
mysticlots.com
mysticsolgame.com
mysticstormlegacy.com
mysticwinds.app
mysticwinds.io
mysticwindsgame.com
ns1.mysticlots.com
ns2.mysticlots.com
playlegacygame.com
playskygame.com
playstargarden.com
skygame.io
dhgames.s3.us-east-005.backblazeb2.com

# Reference: https://x.com/L0Psec/status/1993327471127584983
# Reference: https://www.virustotal.com/gui/file/e6de9815c4a3a40acacd456dd7344acfea682f6bc6e72e02ee33cbc6e36de6b2/detection

focusgroovy.com

# Reference: https://x.com/L0Psec/status/1993681010538459575
# Reference: https://www.virustotal.com/gui/file/55ab1159ea860cda42be0cd61c345b53c52b1651bb7f84b8ffc3579c0884c614/detection
# Reference: https://www.virustotal.com/gui/file/1538c0097702b35d74511d90f79093070cfd07a2efc3cd64a49f2eb6d07cd4d6/detection
# Reference: https://www.virustotal.com/gui/file/ed9ccf1f0afa95f10038ebfa69397879e4a108d60ac37188c95703a6f9981315/detection
# Reference: https://www.virustotal.com/gui/file/a5eaaa98e50ab1a2b5899a19d8c04b725e1ad431d8eaf097afe99bf9ce0629f5/detection
# Reference: https://www.virustotal.com/gui/file/8515e88a6c1f121b763785824d5c3aedc60afb94697c041fab884855638d637d/detection
# Reference: https://www.virustotal.com/gui/file/23799438614035d0aa9104a4f90befc32ab6132aae6c7bd4ca5724b051334da1/detection
# Reference: https://www.virustotal.com/gui/file/026f2e0e51605707f2a6f086ff6a051303e9f0484c311aaac2973c9aba34c617/detection

http://185.195.233.152
artimaden.com
gate-main.com

# Reference: https://urlscan.io/result/019ac9b1-76ef-73ba-8b72-c8f12ebfc74a/

solidgate8.com

# Reference: https://x.com/malwrhunterteam/status/1997959762541994292
# Reference: https://www.virustotal.com/gui/file/667e278ef52fa525c91096133ba86d7236821703d288a4c943d4bbe508079280/detection
# Reference: https://www.virustotal.com/gui/file/0a95412c64b264f2c8674fd51f0024297c4bd1a0caa3b4709a5a6fc760df76a1/detection

http://195.24.236.129
195.24.236.129:443

# Reference: https://x.com/txhaflaire/status/1998663328353173924
# Reference: https://x.com/BlinkzSec/status/1998818681703256395

acwmcirf.pro
cloudformac.com
cmnernei.pro
ewrevmiet.pro
fvnueskg.pro
get-mactech.com
getmaclab.com
getmacnow.com
jmpbowl.shop
jmpbowl.space
lfmvehdie.pro
mac-fast.com
pllatformers.org
tfnvydvie.pro
vmgjbvtrj.pro
wkcmutdf.pro
yfjvniesk.pro
zxmnveuo.pro

# Reference: https://x.com/e_kaspersky/status/1998778369006047430

atlas-extension.com

# Reference: https://www.virustotal.com/gui/file/7a3d6a1cc9384df6fd31558e16ac356ecbb1960cb78fdbf30a86f9f093c4206b/detection
# Reference: https://www.virustotal.com/gui/file/d874054687ce5bf99ac4c83791e6f60c7b00db67091de6fe08985d7d56f7a8d2/detection
# TITLE-HOST=ANGKATOTO2 - Link Gacor Hari Ini Slot Maxwin Gampang Menang Deposit 5k

putuartana.com
angkatoto2deposit5k.web.app

# Reference: https://x.com/txhaflaire/status/2000478206076326276
# Reference: https://www.virustotal.com/gui/ip-address/144.31.1.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/144.31.90.119/relations
# Reference: https://www.virustotal.com/gui/ip-address/87.121.82.141/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.39.121.104/relations
# BANNER_0_HASH-HOST=778f23bf6cfc89fbd2b9e33b7d631ca6
# BANNER_0_HASH-HOST=9cb9ee1d5662328f8343a6c09078f2f4
# BANNER_0_HASH-HOST=a4298d81874c791772bfc21fa48b0096
# BANNER_0_HASH-HOST=cc6b0f87f09335b85427361142996d0d
# BANNER_0_HASH-HOST=8724951030de3b0f04652dcbc07e5953
# BANNER_0_HASH-HOST=3a8154798400c0120488bbad75a112da
# BANNER_0_HASH-HOST=281cdb71a1eb1c536de1b295cbd5e910
# BODY_SHA1-HOST=e24d282630d5229e55b0cfdf9405bb9beac9add8
# BODY_SHA1-HOST=343f99eb087e0e4945f42c9df28ab4d2bed9c330

http://45.66.228.85
0auth-session.com
0x9x.com
123cds.com
123coffee.com
123coins.com
123cosmetics.com
2dels.com
2simpledownload.com
9seai.com
activehomeservices.com
agrofindinvest.online
alchemry.com
ap2lehidengift.com
apemarketplace.com
appleid-icloudmac.com
axiom-massage.com
axiommassage.com
backend.beatlebuddy.com
beatlebuddy.com
bestkitchen.info
bfsales.app
bgmpropertybuyers.com
bigfindapartment.ink
blago-apartment.info
bmx-insider.com
brighttradecorp.com
buzzher.club
capitalinfo.ink
carboymotorsports.com
cbswga.com
cdeesigns.com
charlieculp.com
christiansatellitenetwork.com
clairedominics.com
classicmacfiles.com
cloudboxmac.com
cloudmacbackup.com
cloudmacdrive.com
cloudmacfolder.com
cloudmachinait.com
cloudmacrocode.click
cloudmacrofactory.sbs
cloudmacromanagement.com
cloudmacromedia.digital
cloudmacrosolutions.click
cloudmacx.sbs
confirmsok.com
ctdeducationalservices.com
dandsrecruiting.com
darknet.observer
deals2026.com
dickersonbuilders.com
digitalagesanta.com
domenpozh.net
dortabet.com
dr-tamerelshafie.com
draftexempt.com
drmcdermottmd.com
droneslights.com
echoingvistas.com
elitemgmtgroup.com
ensleytechsolutions.com
erctrust.us.com
ethereumguides.com
eurspeed.com
farmconnection.space
fastmacfirstsetup.com
feigaseujera.sbs
film4change.com
fincz2026.ink
fogudarz.com
free-load.store
freehousefind.online
frugalislife.com
ftp.beatlebuddy.com
ftp.brighttradecorp.com
ftp.carologydeals.com
ftp.uaeautobuyer.com
gd6519.com
gd7284.com
getdownio.com
getmacfilesnew.com
ghvmodels.com
git22share.cfd
git22share.sbs
git6share.click
golden2ap0.com
grahamblackburn.com
groovyfox.space
hci-outdoors.com
hidamian.com
holidayrussia.com
homecz2026.online
homevaluesummerville.com
hortonlandscaping.com
hungrymungry.com
icloudmacdrop.com
icloudmacs.com
icloudmacsend.com
imac-forums.com
imacbridge.com
imacdrivedock.com
imacdrivehub.com
imaceasyshare.com
imacfilebase.com
imacfiledrop.com
imacfilesafe.com
imacfolder.com
imacguide.com
imachelp.com
imacinstall.com
imaclaw.com
imaclink.com
imaclinkgate.com
imacloop.com
imacmigrator.com
imacpush.com
imacremote.com
imacrestorehub.com
imacsecurefiles.com
imacsimplesend.com
imacsyncfile.com
imactorrentpro.com
imacturbosend.com
imacworks.com
imaczip.com
indesk.productivemaster.com
insta-macer.com
instamacer.com
instmac.com
instmacs.com
insuranceplansforu.com
ipv6.vm597.tmdcloud.eu
jamondelmedio.com
je.dr-tamerelshafie.com
jjdevelopment4.com
jmjvp.com
jmpbowl.world
jmpbowl.xyz
juniormall.com
kanpolab.com
kj.beatlebuddy.com
landofmusic.com
left.ru.com
linxboxxx.com
liorabattles.com
m2mglobal-logistics.com
mac-faster.com
mac-file.com
mac-instruction.2simpledownload.com
mac-magnus.com
mac-ropartners360.click
mac-tours.com
mac2sup.com
mac555oscloud.com
mac78folder.sbs
mac7system1.sbs
mac88oscloud.com
macabooart.com
macacademyhub.com
macairshare.com
macairxfer.com
macanswerbase.com
macappanswerbase.com
macared.com
macauway.com
macbackuppro.com
macbeamcloud.com
macbeamsend.com
macbinaryloom.com
macbinarymesh.com
macbitnode.com
macbrowser.click
macbrowser.cloud
macbrowser.live
macbytebeam.com
macclassroom.com
maccloudarchive.com
maccloudbackups.com
maccloudbeam.com
maccloudcenter.com
macclouddesk.com
macclouddock.com
macclouddrive.com
maccloudfiles.com
maccloudfolder.com
maccloudglide.com
maccloudjet.com
maccloudsafe.com
maccloudspace.com
maccloudstorage.com
maccloudstore.com
maccloudsync.com
maccloudvault.com
maccloudworld.com
maccloudx.com
maccloudzip.com
maccodestack.com
macdailyguide.com
macdatabranch.com
macdatadrop.com
macdatafabric.com
macdatainbox.com
macdatapioneer.com
macdatapipe.com
macdocklane.com
macdockweave.com
macdownloads.my
macdownloads.pro
macdownloads.shop
macdrivebackup.com
macdrivebox.com
macdrivecloud.com
macdropbeam.com
macdropbox.com
macdropcast.com
macdropnow.com
macedgeflow.com
macedgerelay.com
macfastbox.com
macfi1ec1oud.sbs
macfileairdrop.com
macfilearchive.com
macfileatelier.com
macfilebackup.com
macfilebeam.com
macfilebox.com
macfilecloud.com
macfilecloud5.com
macfilecloud6.com
macfilecloud7.com
macfilecloud8.com
macfilecore.com
macfiledesk.com
macfiledrive.com
macfileflow.com
macfilego.com
macfilelinkdrop.com
macfilemesh.com
macfilenova.com
macfilepipeline.com
macfilepool.com
macfilesafesend.com
macfilesbox.com
macfilesdesk.com
macfilesend.com
macfilesendstream.com
macfileshare.com
macfilesharehub.com
macfilesi.com
macfilespace.com
macfilestorage.com
macfilestore.com
macfileswap.com
macfilevault.com
macfilex.com
macfirstsettingssetup.com
macflowy.com
macfusionfactory.com
macgolddocker.com
macgridlink.com
macgridstore.com
macgridvault.com
macguideatlas.com
macguidecentral.com
macguidecurriculum.com
macguideden.com
macguidehowtos.com
macguideloft.com
macguidepath.com
macguidepress.com
machandoff.com
machelpatlas.com
maciclouddock.com
macicloudtrack.com
macinstallcompanion.com
macjadeplas.com
maclessons.com
maclinkatelier.com
maclinkbox.com
maclinkgo.com
maclinkshare.com
maclivo.com
macmirrorx.com
macmovedata.com
macmyanswers.com
macmylab.com
macmyworld.com
macnetpulse.com
macoblique.com
macos45drive.sbs
macosfilebox.sbs
macpacketfabric.com
macpathfinder.com
macpathy.com
macpayloadhub.com
macpipehub.com
macplasmavault.com
macporthub.com
macpowerhabits.com
macprivacyfastsetup.com
macprivateicloud.com
macpush.com
macqore.com
macrapidbyte.com
macrecoveryguide.com
macrunnerdoc.com
macscanhubs.com
macsendcloud.com
macsendhub.com
macsendlink.com
macsendpath.com
macsendsync.com
macserve.it.com
macsetupbuddy.com
macsetupnotes.com
macsetupplan.com
macshadowfolder.com
macsharefolder.com
macsharego.com
macshuttle.com
macsignal.com
macsignalwarehouse.com
macskillbuilder.com
macsoftgrid.com
macsoftlab.com
macspacepro.com
macspeedx.com
macspool.com
macstackio.com
macsyncbin.com
macsyncbox.com
macsyncsend.com
mactipsmanual.com
macupdateguide.com
macuserlab.com
macvaultatelier.com
macvaultstorage.com
macvividlocker.com
maczenithprotocol.com
mail.0auth-session.com
mail.alchemry.com
mail.apemarketplace.com
mail.beatlebuddy.com
mail.bestkitchen.info
mail.free-load.store
mail.gd6519.com
mail.gd7284.com
mail.hortonlandscaping.com
mail.rileytreeservice.com
mail.satta-kinggl.in
mail.vm597.tmdcloud.eu
mail.yp536.com
mandrel.net
mangalagiricollections.com
markdownshare.com
marketertop.ink
maxpower-g2.com
medexamhub.com
messagetohumans.com
miaartisan.com
ml2si.com
mocktailcity.com
morgans-lewis-app.com
mymacanswers.com
mymacdesk.com
mymacguides.com
mymachelpdesk.com
mymactips.com
mymaczone.com
novaconsultingservices.com
ns1.megaw.org
ns1.vm597.tmdcloud.eu
ns2.vm597.tmdcloud.eu
numberplategenie.com
onlinesmoker.com
paradisestayholdings.com
parthibeasyenglish.com
ppccourseone.info
priceandproposal.com
prixastays.com
propertynurseusa.com
qb.narcissoft.ir
qichezj2025.com
rentselfiespot.com
rileytreeservice.com
rrmstest.beatlebuddy.com
sadabiz.com
safemacguard.com
satta-kinggl.in
seobesttop.ink
sessionbridging.com
share111git.cfd
share111git.lat
sharemacrelay.com
silveraplleapps.com
skpwresorts.com
skygrowthlive.com
smartandsoul.com
smrtlink.site
software-estimation.com
software-estimator.com
sterilepharmacist.com
sweetnich.com
swiftfundslender.com
thecapitalaesthethic.com
thetallestpoppy.com
tiptopmarine.com
tp2149.com
tp2812.com
tp2830.com
tp6028.com
tp6519.com
tp6732.com
tp7153.com
translation-services101.com
twistingly.com
tyrannicaltrump.com
vacuumsavvy.com
viajes-benifaio.com
vm597.tmdcloud.eu
vpnify.cloud
webdisk.brighttradecorp.com
webmail.brighttradecorp.com
wellthywallets.com
westarranch.com
whm.brighttradecorp.com
wpengquine.com
writerstale.com
wyzeonline.com
xotca.com
xrchippenham.net
yamsufoutdoors.com
yawaskits.com
yguboyz.com
yp536.com

# Reference: https://www.virustotal.com/gui/ip-address/34.120.137.41/relations

maccloudone.store
gitlab.maccloudone.store

# Reference: https://x.com/L0Psec/status/2000640414861394137
# Reference: https://www.virustotal.com/gui/file/d538c23dcafab7c2b820680828fb64e8ecf0bdc3a9ee0929b7c80788d687f6da/detection

fortibuse.fun

# Reference: https://github.com/hagezi/dns-blocklists/issues/8349
# Reference: https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust

http://45.94.47.186
http://45.94.47.205
sanchang.org
wbehub.org

# Reference: https://x.com/brkalbyrk7/status/2000683370074755197
# Reference: https://gist.github.com/brkalbyrk/728f602f46fd23b0ee24bb4bc06e53f5

argoflyleens.space
elfrodbloom.coupons
flowdorn.com

# Reference: https://x.com/suyog41/status/2001634340921557149
# Reference: https://www.virustotal.com/gui/file/491ac4e25bf137199889ad6eb84c21358eca6cddcf66215d1dd93f6d4a281ce0/detection
# Reference: https://www.virustotal.com/gui/file/d376e4a8d83350116d47c85515ee0cb9a2fe93fe5a785b8cca494c83ddb372f5/detection
# Reference: https://www.virustotal.com/gui/file/e3387cf7967945e64255bd75b317b8b3643a7aa46c66d14acbff68ebb2fdddc6/detection

groovyfox.today

# Reference: https://x.com/L0Psec/status/2003481091165098035
# Reference: https://www.virustotal.com/gui/file/0a070d32e5b8648c6515cb5a0b6fba202c5c8f80e15f7c3621bd8fecd7708b04/detection

detrenda.com

# Reference: https://x.com/malwrhunterteam/status/2003410738527055970
# Reference: https://www.virustotal.com/gui/file/73d6c7030430ba95cd6bdc7632411f864d51ffdf9517333722effe689e838ff7/detection
# Reference: https://www.virustotal.com/gui/file/b591bfbab57cc69ce985fbc426002ef00826605257de0547f20ebcfecc3724c2/detection

obsidiangate.space

# Reference: https://x.com/suyog41/status/2004082153840332823
# Reference: https://www.virustotal.com/gui/file/a34ed508db6de2e2bf4661c479f546c2b0a74770b781b83386a1d0e3e572c200/detection
# Reference: https://www.virustotal.com/gui/file/29fbd0bd912215d648ded535861f10e07a502c427db7cbddfa86310484a1edc9/detection
# Reference: https://www.virustotal.com/gui/file/e3870929a5c0654ecd51df0e940e4249478aa7bee737880a8b18ade29fe1e3fc/detection

globustree.fun

# Reference: https://x.com/malwrhunterteam/status/2004524906592305442
# Reference: https://www.virustotal.com/gui/file/a7160ddd769e2dc64acd1297216b5aa9651d327c7188dbab468c6fb71c98f97d/detection

figma.cfd

# Reference: https://x.com/L0Psec/status/2004260387555094603
# Reference: https://www.virustotal.com/gui/file/095f4717832a919093bf7ee5e40621218004f93dae1a77b79e5bd493b376f6f0/detection

cloudcode-53295434.com

# Reference: https://x.com/suyog41/status/2005531318365700357
# Reference: https://x.com/jacobprezant/status/2005657662697173429
# Reference: https://www.virustotal.com/gui/file/3eeb19bb7af39decc6789536ca7facbc83cfc6a09af8f0796194a6e4a53eca04/detection
# Reference: https://www.virustotal.com/gui/file/a1f04ce0d44dc1d4db52e2194f3ecc6112b0361b35441f32024a7e908fd02d18/detection
# Reference: https://www.virustotal.com/gui/file/d2a606581e84918b1b03dc1e7498d63ddf399aee8ab2bdce616e1661eb5a79f5/detection

ballfrank.space
ballfrank.xyz
barbermoo.today

# Reference: https://x.com/_raw_data_/status/2009332237154832883
# Reference: https://www.virustotal.com/gui/file/bd02c73dbc5e2f0419bf1d8523a8bedec8ae63527220d2dde7c2172c10755e3a/detection

mubasokurso.com

# Reference: https://x.com/motuariki_/status/2010303925170339903
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Malware/11-01-2026-Macsync-Variant-Dropper-C2-Domains

accindexer.space
argoflyleens.city
argoflyleens.coupons
argoflyleens.world
ballfrank.fun
ballfrank.shop
ballfrank.world
barbermoo.fun
barbermoo.top
barbermoo.world
barbermoo.xyz
claus2doom.co.za
claus3doom.co.za
claus3doom.es
claus5doom.co.za
clausdoom.es
elfrodbloom.space
elfrodbloom.world
foldexmoon.coupons
foldexmoon.fun
foldexmoon.today
foldexmoon.top
foldexmoon.world
foldexmoon.xyz
folkband.fun
folkwakes.com
frolessmoke.co.za
furlabase.com
gonebornes.com
groovyfox.fun
horsten.fun
jmpbowl.fun
jmpbowl.today
jmpbowl.top
torducks.fun
ursamade.space

# Reference: https://x.com/osint_barbie/status/2010737414029840417
# Reference: https://x.com/osint_barbie/status/2010747052247093530
# Reference: https://www.virustotal.com/gui/file/d5f01791e10f7632feaa201b76d313773c4a7372eac6ed92f56dcc1cd0252c05/detection
# Reference: https://www.virustotal.com/gui/file/fbc3d4819f01f2d9d31ecb420d3a9efa12cc4e6bf98415edfffbe99656cdff44/detection
# Reference: https://www.virustotal.com/gui/file/819e0adfcc6ac7dbd1b0bd590a47e005a19da0660b2af3190d6146bed41ac7e8/detection
# Reference: https://www.virustotal.com/gui/file/a3edbcb8c58edadcb79c24e22c20afeddbdfc58ea851c82c1eba5c644720b384/detection

foqguzz.com
dd.foqguzz.com

# Reference: https://www.linkedin.com/posts/abdelghafourbouhdyd_newly-observed-domains-related-to-the-macsync-activity-7416580906590765056-95yu

clausdoom.co.za
claus2doom.co.za
claus3doom.co.za
claus4doom.co.za
claus5doom.co.za
clausdoom.es
claus2doom.es
claus3doom.es
claus4doom.es
claus5doom.es

# Reference: https://x.com/moonlock_lab/status/2011398956463341798
# Reference: https://www.virustotal.com/gui/file/c9558bb7de1df57fdbc8550006581aa9f1dc5638fe59dcae0a1ee5dd5c1c164f/detection
# Reference: https://www.virustotal.com/gui/file/c0107b8e6468bdc68b561d3e9f4c8f90f7c6dadaeb481aa0911b5d14430aedbb/detection

netherworldkingtycoon.com
f02a622c8252f4766d56d5c9267c2e47.pages.dev

# Reference: https://x.com/suyog41/status/2011433849612640565
# Reference: https://www.virustotal.com/gui/file/fcc9aab8fa92b91bd2c4f491e434401179151516654fa4fcca314f3af931f482/detection

http://185.240.208.14

# Reference: https://x.com/suyog41/status/2011433028573421725
# Reference: https://www.virustotal.com/gui/file/275284d1be6c1e6579e2d523de3cbe4fbae3a01a5a666ff9da5a0f35979e74da/detection
# Reference: https://www.virustotal.com/gui/file/4a418e2d1de8f235e8b25161735ce6a56731e7c825b748b8325181f019d008eb/detection
# Reference: https://www.virustotal.com/gui/file/f9a2d8d915a89f4aafb82371f52a894307892980b59fd302335217da2ed8c0af/detection

fbnmoon.shop

# Reference: https://x.com/suyog41/status/2011671928390762829
# Reference: https://www.virustotal.com/gui/file/539a87d1f9c1dec9397808a5759e04772369164945455a30c42b64e87587cecc/detection

gracefulm.fun
securityfenceandwelding.com

# Reference: https://x.com/g0njxa/status/2011518015695999216
# Reference: https://x.com/RacWatchin8872/status/2012676061054550358
# Reference: https://urlscan.io/search/#page.ip:%2293.152.230.130%22

cisco-comunity.com
cisco-software.com
cisco-webex.cc
ciscomediu.com
community-cisco.com
comunity-cisco.com
eu-webex.com
mediu-webex.com
onlinewebex.com
webex-business.com
webex-by-cisco.com
webex-call.com
webex-cisco.com
webex-corporate.com
webex-corporation.com
webex-eu.com
webex-global.com
webex-hub.com
webex-international.com
webex-official.com
webex-platform.com
webex-secure.com
webex-solutions.com
webex-systems.com
webex-worldwide.com
webexmeet-us.com
cisco.onlinewebex.com
cisco.webex-business.com
cisco.webex-call.com
cisco.webex-corporate.com
cisco.webex-corporation.com
cisco.webex-eu.com
cisco.webex-global.com
cisco.webex-hub.com
cisco.webex-international.com
cisco.webex-official.com
cisco.webex-platform.com
cisco.webex-secure.com
cisco.webex-solutions.com
cisco.webex-systems.com
cisco.webex-worldwide.com
mediu.cisco-webex.cc
mediu.ciscomediu.com
mediu.webex-by-cisco.com
mediu.webex-cisco.com
webex.cisco-comunity.com
api.cisco.onlinewebex.com
api.cisco.webex-hub.com
api.cisco.webex-platform.com
api.cisco.webex-secure.com
api.cisco.webex-solutions.com
api.cisco.webex-worldwide.com
api.mediu.ciscomediu.com
api.mediu.webex-cisco.com
api.webex.cisco-software.com

# Reference: https://x.com/malwrhunterteam/status/2013196869510299760
# Reference: https://www.virustotal.com/gui/file/6384f618437fe5d16b04a575e6fffa65e1f68ea93bdbebba50de50fcf7e6520b/detection

imper-strlk5.com

# Reference: https://x.com/g0njxa/status/2013568330624291271
# Reference: https://x.com/suyog41/status/2024102954043658622
# Reference: https://www.virustotal.com/gui/file/a0e66f3067e4aaf5b83e45b7845cc43b2fc96032a4398cab7cc9d11f4f962e91/detection
# BODY_SHA1-HOST/IP=fc486f64c14c71ace099b6a0fa7595a28ce51a97
# CLASS_0_HASH-HOST=a37db3aaf25252e52f5168f6c29d3a71
# CERT_FINGERPRINT_SHA256-HOST=1d435c83e3eb950799de21f3c27cac61b0ae4ff6d87c390f842d36038dd4867d

http://91.244.70.235
http://91.92.242.30
aidevmac.com
macauth.cc
macos-developer.com
msk-captcha.cfd
robloxtopscr.top
verify-captcha.sbs
browndash1368.github.io
github.macos-developer.com
google.macos-developer.com
macos.aidevmac.com
super.macos-developer.com
/15ou8r739pc48rwi
/528n21ktxu08pmer
/gz1xshcbu77ogmgt
/lamq4uerkruo6ssm
/wbizi7ix1j2rp5si

# Reference: https://x.com/suyog41/status/2013927462611071175
# Reference: https://www.virustotal.com/gui/file/e27b82e844480166fb252da9c0723e424add7c7454a46ac9b20676b24fb1fbb2/detection
# BODY_SHA1-HOST=db594fb8dfbbf53c2c0c9507bbaf363f8c207b6e

arithmeticcopper.website
balanceday.xyz
ballfrank.today
bombauthority.website
forkdecision.site
riverarmy.xyz
smashwax.website
stockingkey.site
stockingspy.website
toegrain.xyz
ultradatahost3.baby
torrent.arithmeticcopper.website
torrent.balanceday.xyz
torrent.forkdecision.site
torrent.stockingkey.site
torrent.stockingspy.website
torrent.toegrain.xyz
tracker.riverarmy.xyz
visit.bombauthority.website

# Reference: https://x.com/suyog41/status/2011670874941014281
# Reference: https://www.virustotal.com/gui/file/775fc5ae316cffa7f020100fc042c8b59a970f3888439d64775008a4a3a9cd07/detection

bottleneckid.com

# Reference: https://x.com/suyog41/status/2014201367519273240
# Reference: https://www.virustotal.com/gui/file/b4541df0367f70aab6db9149b8c1700edde1cc94560d552f8be210ecddcea56f/detection
# Reference: https://www.virustotal.com/gui/file/10e3ef99861d3ecf6c81f8f230dbe8b5cd746edd6c69122cfb31f86e461e4dfc/detection

diamondpickaxeforge.com
5a55bdb8a64408489e39df3355d57b63.pages.dev

# Reference: https://x.com/suyog41/status/2015665365947449370
# Reference: https://www.virustotal.com/gui/file/ae6dce47f2570e84df9045d9a237d45e59ce015c4f638693d64b61061eb518f5/detection
# BODY_SHA1-IP=fbe7484aff04793e3dd132410a44e94f23d7a26a

http://213.209.159.10
http://213.209.159.100
http://213.209.159.101
http://213.209.159.102
http://213.209.159.103
http://213.209.159.104
http://213.209.159.105
http://213.209.159.106
http://213.209.159.107
http://213.209.159.108
http://213.209.159.109
http://213.209.159.11
http://213.209.159.110
http://213.209.159.111
http://213.209.159.112
http://213.209.159.113
http://213.209.159.114
http://213.209.159.115
http://213.209.159.116
http://213.209.159.117
http://213.209.159.118
http://213.209.159.119
http://213.209.159.12
http://213.209.159.120
http://213.209.159.121
http://213.209.159.122
http://213.209.159.123
http://213.209.159.124
http://213.209.159.125
http://213.209.159.126
http://213.209.159.127
http://213.209.159.128
http://213.209.159.129
http://213.209.159.13
http://213.209.159.130
http://213.209.159.131
http://213.209.159.132
http://213.209.159.133
http://213.209.159.134
http://213.209.159.135
http://213.209.159.136
http://213.209.159.137
http://213.209.159.138
http://213.209.159.139
http://213.209.159.14
http://213.209.159.140
http://213.209.159.141
http://213.209.159.142
http://213.209.159.143
http://213.209.159.144
http://213.209.159.145
http://213.209.159.146
http://213.209.159.147
http://213.209.159.148
http://213.209.159.149
http://213.209.159.15
http://213.209.159.150
http://213.209.159.151
http://213.209.159.152
http://213.209.159.153
http://213.209.159.154
http://213.209.159.155
http://213.209.159.156
http://213.209.159.157
http://213.209.159.158
http://213.209.159.159
http://213.209.159.16
http://213.209.159.160
http://213.209.159.161
http://213.209.159.162
http://213.209.159.163
http://213.209.159.164
http://213.209.159.165
http://213.209.159.166
http://213.209.159.167
http://213.209.159.168
http://213.209.159.169
http://213.209.159.17
http://213.209.159.170
http://213.209.159.171
http://213.209.159.172
http://213.209.159.173
http://213.209.159.174
http://213.209.159.175
http://213.209.159.176
http://213.209.159.177
http://213.209.159.178
http://213.209.159.179
http://213.209.159.18
http://213.209.159.180
http://213.209.159.181
http://213.209.159.182
http://213.209.159.183
http://213.209.159.184
http://213.209.159.185
http://213.209.159.186
http://213.209.159.187
http://213.209.159.188
http://213.209.159.189
http://213.209.159.19
http://213.209.159.190
http://213.209.159.191
http://213.209.159.192
http://213.209.159.193
http://213.209.159.194
http://213.209.159.195
http://213.209.159.196
http://213.209.159.197
http://213.209.159.198
http://213.209.159.199
http://213.209.159.2
http://213.209.159.20
http://213.209.159.200
http://213.209.159.201
http://213.209.159.202
http://213.209.159.203
http://213.209.159.204
http://213.209.159.205
http://213.209.159.206
http://213.209.159.207
http://213.209.159.208
http://213.209.159.209
http://213.209.159.21
http://213.209.159.210
http://213.209.159.211
http://213.209.159.212
http://213.209.159.213
http://213.209.159.214
http://213.209.159.215
http://213.209.159.216
http://213.209.159.217
http://213.209.159.218
http://213.209.159.219
http://213.209.159.22
http://213.209.159.220
http://213.209.159.221
http://213.209.159.222
http://213.209.159.223
http://213.209.159.224
http://213.209.159.225
http://213.209.159.226
http://213.209.159.227
http://213.209.159.228
http://213.209.159.229
http://213.209.159.23
http://213.209.159.230
http://213.209.159.231
http://213.209.159.232
http://213.209.159.233
http://213.209.159.234
http://213.209.159.235
http://213.209.159.236
http://213.209.159.237
http://213.209.159.238
http://213.209.159.239
http://213.209.159.24
http://213.209.159.240
http://213.209.159.241
http://213.209.159.242
http://213.209.159.243
http://213.209.159.244
http://213.209.159.245
http://213.209.159.246
http://213.209.159.247
http://213.209.159.248
http://213.209.159.249
http://213.209.159.25
http://213.209.159.250
http://213.209.159.251
http://213.209.159.252
http://213.209.159.253
http://213.209.159.254
http://213.209.159.26
http://213.209.159.27
http://213.209.159.28
http://213.209.159.29
http://213.209.159.3
http://213.209.159.30
http://213.209.159.31
http://213.209.159.32
http://213.209.159.33
http://213.209.159.34
http://213.209.159.35
http://213.209.159.36
http://213.209.159.37
http://213.209.159.38
http://213.209.159.39
http://213.209.159.4
http://213.209.159.40
http://213.209.159.41
http://213.209.159.42
http://213.209.159.43
http://213.209.159.44
http://213.209.159.45
http://213.209.159.46
http://213.209.159.47
http://213.209.159.48
http://213.209.159.49
http://213.209.159.5
http://213.209.159.50
http://213.209.159.51
http://213.209.159.52
http://213.209.159.53
http://213.209.159.54
http://213.209.159.55
http://213.209.159.56
http://213.209.159.57
http://213.209.159.58
http://213.209.159.59
http://213.209.159.6
http://213.209.159.60
http://213.209.159.61
http://213.209.159.62
http://213.209.159.63
http://213.209.159.64
http://213.209.159.65
http://213.209.159.66
http://213.209.159.67
http://213.209.159.68
http://213.209.159.69
http://213.209.159.7
http://213.209.159.70
http://213.209.159.71
http://213.209.159.72
http://213.209.159.73
http://213.209.159.74
http://213.209.159.75
http://213.209.159.76
http://213.209.159.77
http://213.209.159.78
http://213.209.159.79
http://213.209.159.8
http://213.209.159.80
http://213.209.159.81
http://213.209.159.82
http://213.209.159.83
http://213.209.159.84
http://213.209.159.85
http://213.209.159.86
http://213.209.159.87
http://213.209.159.88
http://213.209.159.89
http://213.209.159.9
http://213.209.159.90
http://213.209.159.91
http://213.209.159.92
http://213.209.159.93
http://213.209.159.94
http://213.209.159.95
http://213.209.159.96
http://213.209.159.97
http://213.209.159.98
http://213.209.159.99

# Reference: https://x.com/L0Psec/status/2015868376762224745
# Reference: https://www.virustotal.com/gui/file/28d8745c833c1c156128731854d936f16ff22578cf035ad96b7953f3a8020d03/detection

blockbreakeradventure.com
e9f4dcbfc6688fb909042ac55c40e9d6.pages.dev

# Reference: https://x.com/suyog41/status/2016046755708870808
# Reference: https://www.virustotal.com/gui/file/ac012808059775238fc8d924d6b79115be5b04575447c9d337e36d380cd7bc7e/detection

cyberperficient.com

# Reference: https://x.com/suyog41/status/2016041545905107401
# Reference: https://www.virustotal.com/gui/file/f5471a00bb6cdaf01e44311c04de2e66c6f92ccc4b8e42bbb1bcb4e48f86ef3e/detection

forkgramme.com

# Reference: https://x.com/suyog41/status/2016401814548316275
# Reference: https://www.virustotal.com/gui/file/5bfeb4829617918f70233ff0fc53ab0c32b8120f760b5c1f057ae1ef08d69497/detection

http://185.11.61.84

# Reference: https://x.com/suyog41/status/2017252546650534202
# Reference: https://www.virustotal.com/gui/file/f7662ba0bcab3e2e187071afd928acff38ce58f9990f58509fabeb7f2986ebe5/detection
# Reference: https://www.virustotal.com/gui/file/57566c902a6f614599ae7ef9c324f413a1989ab7b779e73909dd926df778fe89/detection
# Reference: https://www.virustotal.com/gui/file/53a0a75981e1bea2647cbb47800d48813b204352e93433b60abcda58abc05aaf/detection

accessintegratedsolutionsllc.com
achieverflowers.website
actiongrandfather.xyz
additionbusiness.icu
aftermathnose.icu
afternoonbite.xyz
afternoonmeasure.sbs
airphysicianllc.com
airthread.info
amountbead.icu
animalscarf.space
api.polarapi.com
apnisaree.com
approvalflavor.sbs
armtiger.xyz
armytiger.info
artcable.icu
artcamera.space
artlibrary.icu
auntlocket.xyz
babieshands.xyz
babieswrist.xyz
backeffect.xyz
balanceselection.info
balancesink.info
basincart.cfd
basketballcarriage.xyz
battletrain.xyz
beadpie.xyz
bedroomcoil.info
bedroomveil.xyz
beginnerchickens.info
bharatfinadvisors.com
birdbeginner.cfd
birthjeans.icu
bookgiants.info
bookscattle.icu
bootstore.xyz
boundarylibrary.xyz
boytaste.info
brickappliance.info
bricktrees.icu
buildingrule.cfd
butteregg.info
buttersteam.xyz
cakespoint.site
cakespoison.xyz
calendarland.xyz
carriageflower.xyz
carscoal.info
cartboy.xyz
carttalk.info
cartway.sbs
cattlebrick.sbs
celerytax.sbs
cellarsmash.website
cemeteryrod.xyz
changepowder.xyz
chinpull.xyz
circlecrib.cfd
coachjelly.icu
committeerepresentative.icu
companyshoe.info
conditionbucket.sbs
congresodefundraising.com
connect.knowledgepull.icu
coughdogs.info
covervoyage.xyz
creampigs.xyz
crimemagic.info
cushionsofa.xyz
dadarmy.sbs
daughterbit.xyz
deathapparatus.icu
degreedistance.cfd
designstraw.info
desirebrick.xyz
deskcanvas.icu
deskchin.cfd
deskstove.info
detailroom.xyz
detailvessel.sbs
developmenthammer.bond
digestionboat.info
digestionveil.icu
dlhaven.com
dloadly.com
dogsmarket.site
dogssofa.xyz
dollsway.xyz
donkeyflower.xyz
downfileex.com
downfreefile.com
downfunfile.com
download-x55.com
download100.xyz
downloadformenow.com
downloadfree4.com
downloadfreemium.com
downloadfullfill.com
downloadmyfilenow.com
downloadnestfree.com
downloadretrieve.com
drainisland.xyz
dressgrandfather.icu
driploadfile.com
drivinghouses.info
dropfluxy.com
ducksargument.info
duckscup.xyz
ducksisland.xyz
earthdistribution.sbs
earthquakedestruction.xyz
edgerail.online
eggscoach.info
enginewren.xyz
existencefriends.info
fairiesmeal.xyz
farmpin.info
fastfiledownload.com
fieldmachine.icu
fieldmeeting.sbs
filefluxfree.com
fine-download.com
finessedownload.com
fingerhand.xyz
fixxdownload.com
flameshelf.xyz
fleshagreement.xyz
flightmeal.icu
flockcup.icu
flowereggnog.xyz
flowersplant.info
foldthings.xyz
freelyfiledrop.com
freestackfiles.com
friendpipe.xyz
friendsbell.icu
friendumbrella.xyz
frogwoman.xyz
fruitrake.info
fuelcellar.sbs
gamebaitangcode.com
geeserhythm.xyz
getfluxfile.com
getfreefiledownload.com
ghostants.icu
giraffecondition.info
glovefork.info
goldenmeteorsbrands.com
governmentshop.info
governorneedle.icu
governorscent.xyz
grapedress.info
grassshoes.icu
grupoamepc.com
gunjump.cfd
gwinnettveterans.com
hairdaughter.sbs
hammerocean.info
hammerpush.icu
handnut.xyz
harborpipe.xyz
hatanger.xyz
hatecat.xyz
historyroad.xyz
holidayscissors.space
honeybeefarm.com
hookknot.xyz
hornyme.com
hotelposadalacatrina.com
housesbath.icu
housetrail.info
hydrantbattle.website
hypergolic-team.com
icesmoke.xyz
icrarating.com
incomewater.info
inkjail.info
insecthoney.xyz
instodownload.com
janstarot.com
jwstechnologiesinc.com
ketoeuphoria.com
keymuscle.xyz
kittensdistribution.xyz
kittybusiness.info
kittyimpulse.info
knifedogs.info
lampdrop.cfd
laughsoda.xyz
legswindow.xyz
levelfeeling.xyz
limitdesign.xyz
loadfilerun.com
loaditfile.com
locketguitar.info
lunchactivity.icu
lurkingspiritsparanormal.com
lushivf.com
maxidownload.com
mencrowd.icu
messedupmugs.com
metaldeath.cfd
micesnake.cfd
middleway.cfd
ministerdinosaurs.xyz
misthydrant.xyz
mittenbell.xyz
momspiders.info
moneythought.xyz
moonhoney.sbs
morningcanvas.icu
morninglibrary.icu
namebath.xyz
nestlingsandnaps.com
nighthospital.space
noconahillscountryclub.com
noisecollar.icu
noisequilt.xyz
northauthority.xyz
numbersubstance.info
orangesbirthday.xyz
pagespoon.xyz
panyear.space
partytreatment.xyz
passengerflowers.icu
pearshirt.online
pearthread.xyz
personloss.info
picklecomparison.icu
picklevolcano.xyz
piebreath.website
piesister.icu
pieslibrary.website
pipetoothbrush.sbs
pizzassilver.icu
planethought.space
plantpear.xyz
planttrains.space
platevoyage.website
pointcart.icu
pointthought.cfd
poisonrespect.xyz
polar-track.com
polarapi.com
polarjs.net
popcornloss.cfd
popcornvolcano.info
potbat.icu
priceletters.xyz
profitrabbits.icu
propertycats.info
propertymonkey.xyz
pushboy.xyz
questionpower.online
quietbulb.xyz
quiverrate.icu
rabbitrat.icu
rainstormchickens.icu
rateseashore.icu
ratestone.xyz
reasonnorth.icu
receiptbadge.info
receiptcontrol.xyz
receiptthroat.icu
recesssoup.online
recesstransport.icu
relationblood.icu
religionjudge.info
religionwrist.xyz
requestdownload.com
rewardlunch.xyz
rhythmicicle.icu
ricepleasure.website
robincompany.xyz
rocksummer.icu
rubtalk.sbs
ruledecision.info
ruleswim.info
rundownload.com
saltwealth.xyz
sassonco.com
scarecrowcent.xyz
scarecrowstew.info
secretarypleasure.xyz
servanteducation.xyz
shadepull.info
shapemeasure.icu
shirtroute.sbs
shockcellar.info
shopspark.cfd
sideoatmeal.info
sinkhouses.icu
sinkmiddle.icu
slavebottle.xyz
sleepprose.cfd
sleepsisters.icu
soapanger.info
sofachin.xyz
softcratefile.com
songsmine.icu
sonparcel.xyz
sparkairplane.xyz
spothumor.site
squarepurpose.xyz
squirrelmoney.xyz
squirrelmuscle.xyz
stampcomparison.xyz
steeljewel.xyz
steelseat.info
stewgeese.fun
stickshock.info
stomachmonkey.icu
storyzebra.icu
streamsack.info
stretchsheep.info
stringbead.cfd
stripperlocker.com
structureback.sbs
structurebee.icu
structurecredit.info
suitheat.xyz
summerbook.icu
summerservant.icu
sunjeans.xyz
supportwindow.xyz
surprisesnakes.xyz
surpriseteeth.sbs
sweaterhot.sbs
swimappliance.icu
systemcard.icu
t2italy.com
taxbalance.icu
teachingquince.icu
teamzoo.info
tentdistance.icu
territoryhands.xyz
testcorn.icu
theguardian247365.com
thenewbosses.com
thingsink.xyz
throatcream.info
thunderfang.info
tigerhoney.info
tinbead.space
toebag.icu
toefarm.icu
toequiet.website
tonguejump.xyz
townbuilding.icu
townpan.icu
trailact.icu
trainsapparatus.icu
trampsea.space
treesrelation.icu
tripbike.info
triprovincesteelroofing.com
trk.download100.xyz
trk.moneythought.xyz
trk.orangesbirthday.xyz
trk.polar-track.com
trk.recesssoup.online
trk.townpan.icu
troubleanger.xyz
trouserscakes.cfd
trouserspail.website
tryhomeserviceboost.com
umbrellapower.info
uncletop.cfd
valueeye.xyz
vasebasin.info
vegetableamusement.xyz
volcanosquirrel.space
volleyballachiever.site
washhumor.xyz
wasterice.icu
watersubstance.xyz
watervein.xyz
wavemist.icu
wealthcakes.info
wealthsize.cfd
weatherbed.info
weightguide.info
whistleback.icu
whistlemitten.online
wirejar.icu
wirethings.website
woodmeasure.icu
woodmine.sbs
worksdigitalshop.com
woundducks.cfd
woundkiss.xyz
wrenchannel.xyz
writinginsurance.info
yakteam.xyz
yarnpie.icu
yearargument.xyz
yearzebra.info
zebrasisters.icu
zebratax.cfd
zephyrlocket.xyz
zerocostdownloads.com
zinchour.icu
zipfilepane.com
zukharilx.world

# Reference: https://x.com/smica83/status/2018261504160665878
# Reference: https://www.virustotal.com/gui/file/f491497db96cc2f9efbde78ea047e40fb13f46192c1b5db6c96d727391204e11/detection

pjf61vhjf1q49wkxpx8xcjjnswpx0il4ne876vsfzoefyyw.pages.dev

# Reference: https://x.com/smica83/status/2018450722749305323
# Reference: https://www.virustotal.com/gui/file/11110a446c3d9be21e180834816f8ca67030347aa027f16ac08aaa64f02ab554/detection

tbgd7je99khvxjp6aciuqe0dewnjy2ldkihnqee6yebgom4t.pages.dev

# Reference: https://x.com/suyog41/status/2018619455694369167
# Reference: https://www.virustotal.com/gui/file/056d72ea26f691e0ce09db1d8dc21c98308d943a85e5f9398e62bf9909904d10/detection

ebemvsextiho.com
hl2j0m1ol5jb3uauu4wddk5zuxb6ey9g4gli8ogw5.pages.dev

# Reference: https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting
# Reference: https://blog.virustotal.com/2026/02/from-automation-to-infection-part-ii.html
# CERT_CN-IP=EC2AMAZ-FHUDDFC

http://202.161.50.59
http://95.92.242.30
http://96.92.242.30
13.217.227.10:13338
13.218.170.161:13338
13.218.224.116:13338
13.220.59.254:13338
18.215.171.150:13338
18.234.150.37:13338
184.72.87.217:13338
184.73.138.225:13338
23.22.204.53:13338
3.80.103.184:13338
3.80.177.13:13338
3.80.69.21:13338
3.85.201.90:13338
3.87.133.41:13338
3.88.14.90:13338
3.90.5.189:13338
3.91.189.88:13338
3.91.244.140:13338
3.93.199.179:13338
34.207.146.44:13338
34.207.151.140:13338
34.224.33.10:13338
34.224.8.146:13338
34.229.147.199:13338
34.229.175.125:13338
34.230.82.19:13338
34.235.114.88:13338
34.235.143.25:13338
44.220.130.180:13338
52.21.28.62:13338
52.54.111.107:13338
52.90.98.28:13338
54.147.212.251:13338
54.152.203.151:13338
54.160.166.68:13338
54.160.207.168:13338
54.163.58.204:13338
54.164.67.197:13338
54.196.245.206:13338
54.196.255.76:13338
54.197.41.178:13338
54.198.112.211:13338
54.208.179.93:13338
54.221.133.119:13338
54.224.213.140:13338
54.225.41.72:13338
54.226.154.205:13338
54.226.192.74:13338
54.226.24.9:13338
54.227.177.137:13338
54.234.104.43:13338
54.234.61.137:13338
54.242.219.185:13338
54.242.24.223:13338
54.242.32.33:13338
54.86.21.255:13338
54.91.154.110:13338
98.81.158.76:13338
98.84.100.46:13338
98.93.238.213:13338
app-distribution.net
install.app-distribution.net
webhook.site/358866c4-81c6-4c30-9c8c-358db4d04412

# Reference: https://x.com/suyog41/status/2018912347717513475
# Reference: https://www.virustotal.com/gui/file/a2009beb4ef41c5ffe81bd89921f9311a89e260d9424b61fd0cdfa9d73ca42f2/detection

okcreditcard.com
/dynamic?txd=

# Reference: https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise
# Reference: https://www.virustotal.com/gui/file/75d67ad34b3ffa0b0932d29d1c2647bd126cf042e0d7313a41c8fe1a06d3d751/detection

http://45.32.150.251
http://45.32.151.157

# Reference: https://x.com/suyog41/status/2019283842906145195
# Reference: https://www.virustotal.com/gui/file/f030e32831eed474411eb86c6d3340bad6e0f6ecd4105bf2a1fc802584fa4a70/detection

gulfcoastfishingcharter.com

# Reference: https://x.com/motuariki_/status/2019229351716483229
# Reference: https://raw.githubusercontent.com/motuariki/IOCs/refs/heads/main/MacOS%20Malware/05-02-2026-Macsync-Variant-C2-Domains

appolobase.com
awesomecamera.com
fbnmoon.coupons
fbnmoon.space
fbnmoon.today
goaenergy.com
laderbaj.net
sestraining.com
techsupp.fun

# Reference: https://x.com/suyog41/status/2020736812776567280
# Reference: https://www.virustotal.com/gui/file/3c5910624b26cfbf0b347f05d307f6762db53ce728c6da99c50a21b6d55d91e1/detection
# Reference: https://www.virustotal.com/gui/file/52a2466b72360d81866dd170e9dd25ca760b2a68b42f84f5a1ff4b3245268014/detection
# Reference: https://www.virustotal.com/gui/file/a47d78e567c4b0ce9bd6d0835bd186fdb8b0a8e56425154ba2a701a47472ebbc/detection
# Reference: https://www.virustotal.com/gui/file/cf9682ab92a2ae4db58f21303b01191e5858246d44032c3ff73e7046a303e7e5/detection

cameework.com

# Reference: https://x.com/suyog41/status/2021094581933310236
# Reference: https://www.virustotal.com/gui/file/a940833dff6c7606665ad0315febed4a86443abebb613d8a7a34c7586d9f9efe/detection

autosalestallahasseefl.com

# Reference: https://x.com/suyog41/status/2021099145931673796
# Reference: https://www.virustotal.com/gui/file/006441b6f5f8c96ab4ba773764454023bfa06c377f79f6e2e4b3d2fc00fc89f8/detection

orlandoremodelingcompany.com

# Reference: https://x.com/suyog41/status/2021163720328491126
# Reference: https://www.virustotal.com/gui/file/2f2c83403a5fc47c10ecf827d10a260e791d2cdd32a2964912597256c9bc6f2a/detection

fixyourallergywithus.com
518nqmuofg15h8wzjqpxmmxawiwituxvfarstztzg5vc1z1xf8.pages.dev

# Reference: https://x.com/moonlock_lab/status/2021182079396962748
# Reference: https://www.virustotal.com/gui/file/292f7558eaaf756910ef75b444d979c4f34c12c76870340649d613b2a42a3e45/detection
# Reference: https://www.virustotal.com/gui/file/4b05ce5c51c5e1c733f51d8e27828464cf50674cbab5f3c8768f161c182b96a2/detection
# Reference: https://www.virustotal.com/gui/file/903f63d5249328172cd37c3ca40a5e4e423c729046203daea01711efb1b72410/detection

sektomas.com
xaceg.com

# Reference: https://x.com/L0Psec/status/2021298204784943160
# Reference: https://www.virustotal.com/gui/file/57d5ed9ef480ac7f087e03d405e6a64b9004366af49e984af6cad612b421a012/detection

sumhvmt6w2w43ddyp2ekh7xaur4xg561.pages.dev

# Reference: https://x.com/suyog41/status/2021581719971692729
# Reference: https://www.virustotal.com/gui/file/07fcc5a44318877001266ad650a82c7ed2eb4756e5df4d73cda86dfaefd7d96e/detection

myghibligenerator.com

# Reference: https://x.com/moonlock_lab/status/2021695650367226108
# Reference: https://www.virustotal.com/gui/file/64068d0b7fbef87a7af91834ead9bc0efa21f814b9e6a945b440db75bbcfed76/detection
# Reference: https://www.virustotal.com/gui/file/6292f64c81dbc57d5135c5773547cc6d79afa15efe4c90cfaf27e087c7aba701/detection
# Reference: https://www.virustotal.com/gui/file/c0676ba7726e6b4b836c2a07aacb92e41efd9eea7cbc31bbf1a7f9f9556dd4cb/detection

apple-mac-disk-space.medium.com
a2abotnet.com
raxelpak.com

# Reference: https://x.com/joe4security/status/2021562181343383741
# Reference: https://x.com/L0Psec/status/2021633029496820167
# Reference: https://www.virustotal.com/gui/file/53cba51776f65f64214698c99ec3aefe24bb78a111287b0a0d71ac096b0b530f/detection
# Reference: https://www.virustotal.com/gui/file/30f97ae88f8861eeadeb54854d47078724e52e2ef36dd847180663b7f5763168/detection

setup-service.com
download.setup-service.com

# Reference: https://x.com/suyog41/status/2021833883864772612
# Reference: https://www.virustotal.com/gui/file/0215393c5ac0b07b74263f4b8473bed5af04e522cf478adfef3c822f8b3836da/detection

a2achannel.com

# Reference: https://x.com/suyog41/status/2021834613703029154
# Reference: https://www.virustotal.com/gui/file/0119213a47928ded45829c4863eeeb7fda16119f0c2260cd7d5a818b59cec0b9/detection
# Reference: https://www.virustotal.com/gui/file/964bcf25a60c1c5416da51e0c15de6338bdd7bc5fc8faa9b44939bf4b1acc95d/detection
# Reference: https://www.virustotal.com/gui/file/cbe6067a9e1a2f4098c46baea2dc60b0073958fa6a1530f7bb8125255f38dd59/detection
# CERT_CN-HOST=minikube

gtleway.com
iejhfwl.website
mini-zmoto.com
share2e2git.quest
share2e2git.yachts
uranop.top
asia.gtleway.com
usa.gtleway.com

# Reference: https://x.com/suyog41/status/2022180739400581137
# Reference: https://www.virustotal.com/gui/file/ee3abb48b5f573ef75ea77d194714f6b56c6b268a3b2135efda1c04b3a667631/detection

x197y6njpmzgyxh848g1hm1rloo3axct0txicmeovkojxo00if5w.pages.dev

# Reference: https://x.com/thehappydinoa/status/2021682074004939089
# Reference: https://censys.com/blog/odyssey-stealer-macos-crypto-stealing-operation
# CLASS_0_HASH-IP=37c84619d2d9e8f23b0491a9aca53d80

http://103.109.100.144
http://103.109.100.163
http://176.46.138.39
http://176.46.138.41
http://177.93.141.109
http://185.7.219.81
http://185.93.89.134
http://185.93.89.60
http://185.93.89.9
http://194.0.234.209
http://208.122.221.203
http://36.255.98.10
http://37.221.66.14
http://62.60.131.149
http://62.60.135.48
http://62.60.135.74
http://77.90.185.24
http://77.90.185.25
http://77.90.185.29
http://77.90.185.62
http://77.90.185.66
http://77.90.185.72
http://83.222.191.196
http://83.222.191.199
http://83.222.191.211
http://83.222.191.212
http://83.222.191.215
http://91.198.77.27
http://94.242.55.24

# Reference: https://cyberandramen.net/2026/02/16/tracking-digitstealer-how-operator-patterns-exposed-c2-infrastructure/

b9c17edb.host.njalla.net
bchat.cc
beetongame.com
binance.comtr-katilim.com
cekrovnyshim.com
chiebi.com
comtr-katilim.com
ebemvsextiho.com
flowerskitty.com
host-185-193-126-219.njalla.net
ironswordzombiekiller.com
n8n.tribusdao.com
red-letter.org
rompompomsigma.com
siriustimes.info
siriustimes.rocks
th6969.top
theinvestcofund.com
tribusadao.com
yourwrongwayz.com

# Reference: https://x.com/suyog41/status/2023347939276632505
# Reference: https://www.virustotal.com/gui/file/bf7edb3afd18641dd0757d9f1b2ff7a9feb8684d1028eb2d36be968dc981c854/detection

ontarioqualitycedar.com

# Reference: https://x.com/suyog41/status/2023369362951086165
# Reference: https://www.virustotal.com/gui/file/7088d6d1e6504655ff414d9c3ce8d3cf1c365cfb2b8d85b6aa52acce31ffadb6/detection
# HOST-META=:"refresh":::"0;url='https://aftermarket.com/seller/onlytopcomdomainsforsale'"
# LOCATION-HOST=https://ud.me/gloriousman.com
# LOCATION-HOST=https://aftermarket.com/seller/onlytopcomdomainsforsale

1stboutique.com
24h-news.com
additionalphotos.com
adultperson.com
advantages.us
amazingfighter.com
amazingmonster.com
anadvisor.com
anotherphotos.com
apartmentsplace.com
apartmentstown.info
apartmentstown.link
appareldelivery.com
apps-store.info
audomainnews.info
awesomestudy.com
beautifulautos.com
bestautos.biz
bestclothing.se
binane.info
binanxe.info
binnance.info
bitcoineshop.com
blockchiin.info
brilliantcafe.info
brilliantcafe.online
buyafood.info
buyafood.link
buyat.shop
buyat.store
buythisfood.com
carwash.top
catchphotos.info
cheapbistro.com
checkour.link
checkour.shop
clickthe.website
clothingboutique.co
clothingboutique.co.uk
clothingboutique.de
clothingboutique.live
clothingboutique.net
clothingboutique.online
clothingboutique.pro
clothingboutique.site
clothingboutique.top
clothingboutique.website
clothingboutique.xyz
clothingcleaning.com
clothingcleaning.info
clothingluxury.com
clothingsalon.info
clothingsalon.online
clothingshop.one
clothingshop.pro
clothingshop.se
clothingstore.se
coffeehouse.top
conceptualstore.com
confidenced.com
coolwebstore.com
creationsforsale.com
creditcarddelivery.com
creditrepair.top
cryptomarket.vip
cuteholiday.com
cutevacations.com
cybereshop.com
deliveryofpizza.com
deluxeportfolio.com
dentalclinic.top
digitalexchange.se
digitalmarket.top
digitalmarketplace.one
digitalmarketplace.pro
digitalphotography.se
digitalphotos.online
digitalphotos.se
digitalshop.se
discountstore.se
domain-blog.info
domainnamecenter.info
e-marketplace.net
e-observer.com
e-photos.net
ebusinesscompany.com
editoring.com
electronicphotos.com
engineeringrepair.com
exchange24h.info
exclusiveguy.com
expertbro.com
expertdrinks.com
fashionclothing.biz
finealcohol.com
foodscooking.com
funnyhelp.com
furniturs.com
furniturs.info
galleryofphotos.com
gamestore.top
generators.top
givea.help
gloriousman.com
goodestore.com
goodestore.info
grandwebsite.com
greatestpage.com
greatez.com
greatwebshop.com
greatzer.com
grocerystore.se
handmading.com
hereislink.com
hilariousphotos.com
holdingsgroup.net
homeservices.top
iamwebsite.com
idealstatus.com
ilovesociety.com
inour.shop
internetboutique.biz
internetmarket.net
internetmarket.se
internetpage.biz
internetpage.one
internetpage.online
internetpage.pro
internetpage.se
internetstore.biz
internetstore.pro
internetstore.se
itiswebsite.com
itiswebsite.online
itsashop.com
itsthe.shop
itswebdesign.com
itswebsite.info
itswebsite.online
juicygarden.com
justmystore.com
largeboutique.com
largefinances.com
largestshop.com
leadingblog.info
leadingblog.online
licensedshop.com
linktoweb.site
lovelygaming.com
magichappiness.com
makea.click
makecleaning.com
makeclick.online
masterworks.pro
metalworks.pro
minijewellery.com
moneycrediting.com
mostpopularshop.com
mostpopularstore.com
myclothing.net
mynewtravel.com
newphotos.net
nicechildren.com
officialresidence.com
okayagency.com
online-shop.biz
online-website.com
onlineboutique.se
onlinemarketplace.one
onlinemarketplace.pro
onlinenews.se
onlineretail.net
onlineretailshop.com
onlineshop-hosting.info
onlineweb.space
onlybestclothing.com
openthelink.com
openthis.page
ourbestshop.com
ourfashionshop.com
ouronline.shop
ourtuning.info
ourtuning.online
ourwebsite.online
overmight.com
pageofme.com
pageto.click
partnerlimited.com
partnershipcompany.com
payforproducts.com
perfectauthor.com
perfectiser.com
personalhouses.com
placefortrade.com
placement.top
powerfulblog.com
premiumboy.com
productslimited.com
profiagency.com
profidentist.com
propertiesloans.com
prosmartstore.info
protech.top
publishercompany.com
quickmotorcycles.info
residenceshop.com
restaurantcooking.com
retailingstore.com
richestshop.com
richsponsor.com
saintgirl.com
seriouspage.com
serviced.in
sexshop.top
shopper-deals.info
shopseek.info
shortclothing.com
smallershop.com
smartezo.com
smartmamashop.info
sponsors.pro
storeofclothing.com
stylishcasino.com
stylishfamily.com
stylishpictures.com
stylishpictures.info
successfulphotos.com
superartworks.com
suppliestrader.com
supporter.pro
sweetuniversity.com
teamrestaurant.com
the-apartments.com
the-clothing.com
theconsultingservices.com
thedigitalphotos.com
thedigitalphotos.info
thefashionclothing.info
thelarge.store
theperfect.me
thepro.website
thesmall.store
thevirtual.store
thisiswebsite.com
topclothing.store
topofdomains.com
topwebsite.net
topwebsite.online
tothe.store
tryeshop.com
tryeshop.info
trymyphotos.com
turboflights.com
unlimitedstartup.com
unofficial.pro
veterans.top
visitour.website
visitourshop.info
wearerestaurant.com
webconsulting.se
webnetwork.online
webshoper.com
webshoper.info
websitenumberone.com
worksforsale.com
worksportfolio.info
worksportfolio.link
worldstopdomains.info
worldstopdomains.link
yourculinary.com
yourdigital.store
yourinternet.site
yourinternetshop.com
yourmega.shop
yournew.shop
youronlyshop.com
yoursclothes.com
yoursmart.shop

# Reference: https://x.com/suyog41/status/2023736036354843065
# Reference: https://www.virustotal.com/gui/file/7088d6d1e6504655ff414d9c3ce8d3cf1c365cfb2b8d85b6aa52acce31ffadb6/detection

christinehoffman.com

# Reference: https://x.com/FABO97662188/status/2023820722674757888

http://199.217.98.33
http://38.244.158.56
malext.com
raytherrien.com

# Reference: https://www.virustotal.com/gui/ip-address/144.31.90.11/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.144.53.160/relations

all-lucky-byte.com
appstorrentmacos.com
clearcontrol2.com
get2mac.com
macforup.com
macx1gree.com
mymacgeniusheiper.com
mymacgeniushelper.com
mytorrentmasx.com
os1apps.com
download.appstorrentmacos.com
mac.os1apps.com

# Reference: https://x.com/suyog41/status/2024363333680582877
# Reference: https://www.virustotal.com/gui/file/ea349ae658ce24fdb994d8a2726314873b306a4c9714e8c66393a8154547c4a3/detection

pressureulcerlawyer.com

# Reference: https://x.com/suyog41/status/2024479497224147390
# Reference: https://www.virustotal.com/gui/file/359391bbed3585cac881d3e0cb1c5d3143f14381a676560dbda2e8d3317f1426/detection

virtualspeechtherapists.com

# Reference: https://x.com/motuariki_/status/2025105973132898450
# Reference: https://www.virustotal.com/gui/file/b4f83f9608c1517ee383d6bbb1975569f03086b85f07dd464d22f06bdad8bda3/detection

22-k5l21fjd91-cla.pages.dev
45h145.pages.dev
623ghjk62.pages.dev
63247wysh.pages.dev
apple-commands-2.pages.dev
apple-commands-3.pages.dev
apple-commands.pages.dev
apple-support-storage-help.pages.dev
apple-support-storage.pages.dev
apple.support-page-1519.com
asdasdasdasdasd-a7o.pages.dev
asfwqg.pages.dev
biopranica.com
center-h.it.com
clabmadamba.pages.dev
clambjjiskasf.pages.dev
cleangkaldgkgk.pages.dev
dcasdasda.pages.dev
dfghujnhgyt7.pages.dev
disksolutma.it.com
dsfsdfsdf.pages.dev
fajhgqw6qw7e8.pages.dev
fastmgkajskac.pages.dev
fg7c2hj3kl6.pages.dev
frezkfanmaks.pages.dev
g431y6.pages.dev
ghjnmhjuie.pages.dev
hidkomas.pages.dev
hkjfgfif.pages.dev
hol1-5gkmap-apgke.pages.dev
hrwhwg.pages.dev
johnson-joseph85.workers.dev
jtrey62.pages.dev
k51kjf9sm1l2k4l1.pages.dev
kayeart.com
kjkgsi-gsjgkan-wintersga.pages.dev
lucky-river-b305cc.johnson-joseph85.workers.dev
mac-1rytr3oucv-hi.pages.dev
mac-1rytr3oucv-sl.pages.dev
mac-1rytr3oucv-st.pages.dev
mac-523jk1nkj12k51-stor.pages.dev
mac-os-helper.com
mac-supp-storage.com
macflstoks.pages.dev
macintosh-hub.com
macos-storageperf.com
macstokgamakslgas.pages.dev
mafilegaslgksma.pages.dev
mcstkamksgqoepr.pages.dev
mcstorsolution.it.com
msg-523981-m.pages.dev
new-csopcx4p6l-cla.pages.dev
new-csopcx4p6l-st.pages.dev
photon-astro.com
sdfsdfsdf-9ce.pages.dev
secure-doproco.com
solutionmacspace.pages.dev
solutionmcstor.pages.dev
solutmadisk.pages.dev
spacesolutionmac.it.com
spider-men.com
stogmargar.pages.dev
stor-jk2135j1lkfsf-gl.pages.dev
storage-apples.pages.dev
storg.pages.dev
storgmambkads.pages.dev
storgvkam.pages.dev
support-disk.com
support-page-1519.com
ty678uihjguy7io.pages.dev
usmabagagkslas.pages.dev
usmagdabas.pages.dev
vvcxzvx.pages.dev
w12512gf1.pages.dev
warp-terminal.com
wetkl274.pages.dev
ywe26.pages.dev

# Reference: https://x.com/L0Psec/status/2025194197641306370
# Reference: https://www.virustotal.com/gui/file/b8f713be3f9cce6d03fb60a233c4e08181015a5a8c8486b83683589d70d4c213/detection

northernvirginiapainting.com

# Reference: https://x.com/suyog41/status/2025809409172230326
# Reference: https://www.virustotal.com/gui/file/38b5018ed838678cb0f997cedb0b807b9930801aff6a086b0fe21722fa4cf9f9/detection

austincoindealer.com

# Reference: https://x.com/suyog41/status/2025806052332335614
# Reference: https://x.com/L0Psec/status/2026031838519570913
# Reference: https://www.virustotal.com/gui/file/fb8d3dafb67d5f388320807be5dc0a81c98da9657877524bdf371c211a2e99ed/detection
# Reference: https://www.virustotal.com/gui/file/9777317ec76efb96cb9c0cdf902435f311221b43525bac54e4403716d3ec19ca/detection

http://96.44.137.216
boosterjuices.com

# Reference: https://x.com/osint_barbie/status/2027258678978433419
# Reference: https://x.com/osint_barbie/status/2027258760507334982
# Reference: https://www.virustotal.com/gui/file/36b327aaee67424ca9aec28cd905331b27a9aac57b1b07627c64fd8692fdf3a8/detection
# BANNER_0_HASH-HOST=80b2702c2d5c1a6778cc23a8e6811465
# HEADER_HASH-HOST=f500a2389518f13abedc

http://45.87.249.57
http://45.87.249.58
123mobilephone.com
1analyzer.com
1chamber.com
303mattress.com
30daytestdrive.com
4ne5718.com
4virtualoffice.com
822publishing.com
a1candies.com
a1exporter.com
a1hospitals.com
a1massager.com
a1mobilephone.com
a1motorparts.com
aaykarseva.com
advanceddreams.com
aijiluxin.com
alltekgt.com
alpinevalor.com
americasgrocerystore.com
apps-tahoe.com
axisjam.com
axylab.net
babyspedia.com
bachelorresorts.com
benaadironline.com
bermavidrio.com
bestoralcarebd.com
bewitchydating.com
biosungardens.com
bong888vn.com
bonjourdoll.com
bquickautotransport.com
brakeson.xyz
broganfund.com
camdenhine.com
cardio-d3fence.com
cbtaxohio.net
celebratudespedida.com
christianfarmersdirect.com
coco-fun2.com
cravinghour.com
demaled.com
desmondswayne.com
dharmikrami.com
dibocars.com
dirtyboysllc.com
dzstudios.net
elrendegypt.com
espainaturalment.com
espootapump.com
evanyalabs.com
femaleledworld.com
freedomairlinekenya.com
frolicforlife.com
get-mac-downloader.com
getpaidtoshipcars.com
ggbuyjunkcartowing.com
goodlivingvacations.com
guacaricoffee.com
henleyscleaning.com
herbalkitchenchronicles.com
holoxworldwide.com
hombressimbolicos.com
huntforwhitetails.com
icreaeditorial.com
ideafactorydesign.com
ifrakhan.com
ihcdn.com
ikaaudio.com
ikasan.com
imrankhan786.com
infinitydental-us.com
ironmanjosh.com
iyalojacoop.com
jetkonnect.com
jjdevelopment3.com
justjivie.com
kagaztrade.com
kosmospole.com
kouncel-eg.com
lamestjamal.com
lancasterumpires.com
lasuvasviajeras.com
leonidas340.com
lifewithdogsstudio.com
lilhomo.com
lnvilinbe.com
lorioday.com
lumier-x.com
luzicleaning.com
madartrades.com
marineso.com
markkortnik.com
maryambinfahad.com
maryannelatanyshyn.com
mastering-skillsacademy.com
maxhealthinsurance360.com
maxysai.com
maybanca99.com
mediastudiocats.com
missisoft.com
moalam.com
mobilemechanicpasco.com
modelverse.com
moltbot-io.com
morningstat.org
motor-remonttrade.com
muhibul.com
myrevvedupai.com
nafsyonline.com
neighborsaver.com
netro-stmen.com
nivitv.com
noorets4so.com
numberoneparklane.com
nwesfactory.com
orderrobaxin.com
osmac-get.com
paulocruzes.com
presoit.com
primitivoclothing.com
pumpsseller.com
purefellowship.com
pyarkidukan.com
ragemonkeydesigns.com
rampageactive.com
readingtheneedle.com
realsteelcoltd.com
remoteworkdaily.com
restorationsmedia.com
rileycrabtreemusic.com
rollencharlies.com
rydetheatre.com
sajidmunir.com
sellwithsmartrecover.com
seriespoil.com
sharekatsoft.com
shinygemlight.com
shrisaikripaconsultancy.com
simmiddleeast.com
simpelecapp.com
smoothtransitionsllc.com
spanish-gold-fly.com
spearsecurityops.com
sportschuckles.com
standardissuekat.com
stewardmotors.com
stumbleandstirbeautybar.com
sumuualajyal.com
taylorsversionrecords.com
teccat-store.com
theauthorofmystory.com
thebeachpokhara.com
thefirstfollow.com
thevipstay.com
ticketsdirectexcursions.com
trackprotech.com
tradingview-terminal.com
tri2s-sh7es.com
triveniinterio.com
valpem.com
vegetablewood.xyz
vlablast.com
watchzmall.com
whattodoincusco.com
whywetlandmatters.com
wildflatlanderdigital.com
willowsandwheatfields.com
willtecollc.com
wintermyst.com
workingspells.com
worldstreet.com
wowirishtours.com
xamartaxi.com
xhifting.com
xpressdispatchers.com
yokachi.com
yomapsofficial.com
yourenergyispower.com
zeeklyons.com
a.apps-tahoe.com
a.get-mac-downloader.com
a.netro-stmen.com
a.osmac-get.com
b.apps-tahoe.com
b.netro-stmen.com
dev.simpelecapp.com
get.moltbot-io.com

# Reference: https://github.com/ChainK1ll/Daily_Intel/blob/main/macOS%20Stealers/MacSync
# BANNER_0_HASH-HOST=7ced615decd732620ed49d68addd19f9

a2aagentive.com
a2aautonomous.com
a2achatbot.com
a2acurrency.com
a2aimpact.com
a2amodeling.com
alfredoway.space
alhpaagent.com
argoflyleens.fun
argoflyleens.today
arlingtonheightsgaragedoors.com
atlsaagent.com
axsiagent.com
ballfrank.coupons
barlowapartments.com
beaocnagent.com
blnedagent.com
bnodagent.com
bodlagent.com
brigthagent.com
brokebin.fun
californiatireshop.com
chianagent.com
clearwaterfishingcompany.com
cleraagent.com
clveeragent.com
cocinadecor.com
codxeagent.com
coeragent.com
comteagent.com
conenctagent.com
congiagent.com
contatoplus.com
cosimcagent.com
curretagent.com
customwrapsnearme.com
cybreagent.com
deppagent.com
digiralagent.com
dremaagent.com
ecnoagent.com
ejecen.com
elfrodbloom.city
elfrodbloom.today
falsheagent.com
famiode.com
flmaeagent.com
flwoagent.com
foldexmoon.space
fuesagent.com
galxyagent.com
gatwayagent.com
gaurdagent.com
germansnipers.com
glimemragent.com
glwoagent.com
goelagent.com
gosemobi.com
grapeballs.fun
greatwallk.com
grnadagent.com
groovyfox.coupons
gylphagent.com
haertagent.com
havneagent.com
hbubagent.com
helxiagent.com
hmoeagent.com
hoepagent.com
holedagent.com
houstongaragedoorinstallers.com
ildisabilitylawyer.com
insihgtagent.com
invesrting.com
invitoenergypartners.com
iphotline.com
jionagent.com
joeyapple.com
kuturu.com
liefagent.com
ligthagent.com
loudounmovingcompany.com
mansfieldpediatrics.com
mayelu.com
mndivorcemediator.com
mondozer.com
octopox.com
oncetimers.com
phoenixfilmproductions.com
ptrei.com
selfreflectiveai.com
share2e2git.autos
shurktomb.space
sphereou.com
storageflipper.com
technicalchief.com
underword.fun
usedteslabuyers.com
vcopp.com
wriconsult.com

# Reference: https://x.com/L0Psec/status/2027542775542018442
# Reference: https://www.virustotal.com/gui/file/10f8c57e2301eac00e6f14c94b5ccb7d42f3972b8fcd74f819ba6d470d7da9a2/detection

rebidy.com

# Reference: https://gi7w0rm.medium.com/amos-stealer-malext-variant-spread-in-a-global-malvertising-campaign-using-free-text-sharing-4d240e11d7e2
# Reference: https://github.com/Gi7w0rm/Blogposts/blob/main/AMOSStealerMalext/IoC_AMOSCampaign.txt

vagturk.com
alfred-5-app-for-macos.medium.com
alfred-5-for-macos.medium.com
apple-mac-hidden-file.medium.com
apple-mac-hidden-issues-guide.medium.com
apple-mac-hidden-space-guide.medium.com
apple-mac-storage-base.medium.com
apple-mac-storage-issues-guide.medium.com
apple-mac-system-hidden.medium.com
apple-macos-disk-space-guide.medium.com
apple-page-186.medium.com
apple-page-6366.medium.com
apple-page-773.medium.com
apple-showhidden-guide.medium.com
apple-storage-guide.mssg.me
apple-usb-guide-macos.medium.com
apple-usb-tips-142136.medium.com
chatgpt-atlas.mssg.me
claude-code-for-mac.mssg.me
claude-code-page.mssg.me
files-mac.mssg.me
google-notebooklm.mssg.me
help-page.medium.com
iina-player-app-for-mac.medium.com
mac-disk-full-helper.medium.com
mac-hidden-files-fix.medium.com
mac-low-storage-guide.medium.com
mac-storage-full-fix.medium.com
mac-support-hidden.medium.com
mac-support-storage-guide.medium.com
mac-usb-upgrade-161425.medium.com
macos-disk-space-tips.medium.com
macos-slow-help.medium.com
macos-storage-fixed.medium.com
macos-storage-guide.medium.com
macos-system-usb.medium.com
macos-usb-fix-guide.medium.com
noteapp-d01.pages.dev
notebooklm-app-on-macbook.medium.com
notebooklm-google-app.pages.dev
project-ms0419431ks13.pages.dev
smart-disk-space-fix.medium.com
storage-guide-macos.medium.com
support-apple-boost-up.medium.com
support-apple-com-en-hidden.medium.com
support-apple-com-slow-mac.medium.com
support-apple-com-usb-mac.medium.com
support-apple-en-freeupspace.medium.com
support-apple-files-help.mssg.me
support-apple-for-macos.mssg.me
support-apple-help-files.medium.com
support-apple-hid-files.medium.com
support-apple-hidden-fix.mssg.me
support-apple-hidden-update.medium.com
support-apple-optimize-mac-os.medium.com
support-apple-page-162.medium.com
support-apple-page-548.medium.com
support-apple-page-549.medium.com
support-apple-page-550.medium.com
support-apple-page-964.medium.com
support-apple-storage-mac.medium.com
support-apple.mssg.me
support-mac-storage.medium.com
usb-help-macos.mssg.me
vic-media-player-app-for-mac.medium.com
vlc-media-player-app-for-mac.medium.com

# Reference: https://x.com/r3dactt/status/2029038660709171317
# Reference: https://www.virustotal.com/gui/file/f2cb9de40cb8b7e13e7d2b0b3e426f8503781a35d8bba3715395430e9b5eeb38/detection
# CLASS_0_HASH-HOST=3fb2a35002bdf2705ec070c1baba1cdf
# FAVICON_HASH-HOST=2298153928b99a72bfe52294988b37d9
# TITLE-HOST=Quickstart - Claude Code Docs

asasaf.pages.dev
asdasdasdadsvvvvv.pages.dev
asdasdqqg.pages.dev
awesome-openclaw-skills-human-guide.pages.dev
bestclawskills.com
buildwithclaude.com
cadeclada.pages.dev
cla-dpo.pages.dev
clabkjskungads.pages.dev
cladacad.pages.dev
cladecde.pages.dev
cladueall.pages.dev
claduecodecode.pages.dev
claucoelast.pages.dev
claud-code.pages.dev
claudame.it.com
claudar.it.com
claudasdasd.pages.dev
claude-code-docs-app.pages.dev
claude-code-docs-page.duckdns.org
claude-code-docs-page.pages.dev
claude-code-docs-site.pages.dev
claude-code-macos.it.com
claude-pf6.pages.dev
claudeee.pages.dev
clavgood.pages.dev
claw121254125.pages.dev
clawdbotskillpacks.com
clawddir.com
clawdir.fun
clawindex.app
clawskills.directory
clawskills.site
clbfhsjbnfjbhrduesjkcc.pages.dev
cljcdjsdojfknksff.pages.dev
clooudeeg.pages.dev
cloude-9fj.pages.dev
cludara.it.com
cludara23.pages.dev
cudcaclad.pages.dev
fdgkjqw.pages.dev
gdfwdgwdgwd.pages.dev
h9512klfdjk239i1m.pages.dev
hgewruuwry.pages.dev
hgr3qeh.it.com
jhk1l36.pages.dev
lessismore-blog.pages.dev
moltbotskills.app
moltdirectory.com
moltdirectory.pages.dev
moltmall.xyz
myclauda.it.com
myclauda41.pages.dev
nnnnnnnnnnnnnnnnnnnnn.pages.dev
opclawskills.com
opclawskills.pages.dev
openclaw-site-avf.pages.dev
openclaw-skill.com
openclaw-skills-directory.pages.dev
openclaw-skills-hub-7qp.pages.dev
openclaw-skills.pages.dev
openclaw-skills.pro
openclaw-skills.store
openclaw-skills.xyz
openclawdirectory.pages.dev
openclawhand.com
openclaws.pro
openclawskill.ai
openclawskillai.pages.dev
openclawskillpacks.com
openclawskills-795.pages.dev
openclawskills-eoo.pages.dev
openclawskills.best
openclawskills.co
openclawskills.dev
openclawskills.info
openclawskills.io
openclawskills.net
openclawskills.online
openclawskills.org
openclawskills.pages.dev
openclawskills.wiki
openclawskills.xyz
project-stor129585.pages.dev
project-stor51092.pages.dev
rhweh234156.pages.dev
skill-openclaw.pages.dev
skills.03241117.xyz
skills.uuz.ai
t15h2kln6my62.pages.dev
xfghbdfghfdgh.pages.dev

# Reference: https://x.com/r3dactt/status/2029125479144538344
# FAVICON_HASH-HOST=022d2055fba0a3727116b40a8e0618a3

claude-code-docs-site.pages.dev
treelast.pages.dev
salahmoftah.com
saramoftah.com

# Reference: https://x.com/GenThreatLabs/status/2029610194934587784
# Reference: https://www.virustotal.com/gui/file/f5669d80eb52f8b6fc90f5c5db98182e7d5297073f120a67b22700bf88c17d27/detection

hoplokiroute.com
hylb9pbsjaqkl03g75jomhrsitz0msicjttolxo.pages.dev

# Reference: https://x.com/GenThreatLabs/status/2029625820193419385
# Reference: https://x.com/k3yp0d/status/2029491865251094850
# Reference: https://x.com/ExpelSecurity/status/2029569288680476698
# Reference: https://x.com/Crose_96/status/2029923900763603089
# Reference: https://www.virustotal.com/gui/file/dba2ec3b729ee5bf9762851da45ac7fd1998f00f5150aade1502d221c20e4d7d/detection
# TITLE-HOST=OpenClaw — Personal AI Assistant

# openclaw.directory
# openclaw.page
app-clawbot.org
bgjkmwgnj.pages.dev
clakkbnuakslab.pages.dev
clasd233r34.pages.dev
claude-code-cmd.squarespace.com
claude-code-docs-page.duckdns.org
claude-code.official-version.com
claude.update-version.com
claulastver.squarespace.com
clawbot.live
clawbot.lol
clawdbbbbb.pages.dev
clawopen.click
doubao.official-version.com
factrox.top
ghvgfghjkhj.pages.dev
google.update-version.com
hgjbulk.pages.dev
lcagw.pages.dev
machineadace.digital
molltbot.online
netjests.update-version.com
official-version.com
openciaw.top
openclaw-ais.pages.dev
openclaw-ais.sitemirror.store
openclaw.official-version.com
openclaw.qom.bd
openclaw.update-version.com
openclawdy.org
opencllaw.digital
opensclaw.ai
opnclawly.org
update-version.com
wubai.site

# Reference: https://x.com/suyog41/status/2029928239880360247
# Reference: https://www.virustotal.com/gui/file/33e1637f9543bf61fa835bc150c4bc9383c3ad054fec55b46e6ab6254cd31756/detection

res2erch-sl0ut.com

# Reference: https://x.com/noclass/status/2029935669426913402

cleans-x.com
cleanmymac.tech
cleanmymacos.org
soft-load.store
stobminipinporl.com
techadapt.io
wallets-gate.io
io-app-git.github.io
it-tool-install.github.io
macpaw.cleanmymacos.org
mail.soft-load.store

# Reference: https://x.com/suyog41/status/2031345203190321436
# Reference: https://www.virustotal.com/gui/file/4a6250d7dab7d82255cc526f6b857af8f53378c186700dd8682408180b92cb6a/detection

bluestonerepair.com

# Reference: https://mp.weixin.qq.com/s/0M1sZq1HqwAAaMbRDBEZEw

coco2-hram.com
install-files.com
jaxfamilylawyers.com
claude-code-docs-app.craft.me
claude-code.install-files.com
docs-claude-code-app.squarespace.com
google-notebooklm.install-files.com
kimi.install-files.com
mac-storage-optimazer.craft.me
macstorage-cleaner.craft.me
notebooklm-last-version.squarespace.com
openclaw-dwnl.squarespace.com
openclaw.install-files.com
qwen.install-files.com

# Reference: https://x.com/MarceloRivero/status/2032582489315668322
# Reference: https://www.virustotal.com/gui/file/1475db4d0c822eddc1a314e3ffc28937cfc047a4035ef616e130a5abe5c74341/detection
# Reference: https://www.virustotal.com/gui/file/ca6b520b314638449999095399454868c332e3fc1402ce60198f000731a202e3/detection
# TITLE-HOST=Claude Code

clafblimdakg.pages.dev
claude-code-macos.framer.ai
claudecodeupdate.squarespace.com
woupp.com

# Reference: https://www.sophos.com/en-us/blog/evil-evolution-clickfix-and-macos-infostealers
# Reference: https://www.virustotal.com/gui/file/17e6258ba8f90f305c480e2aafd95a8955ea7242585fa36eba275fb847acb808/detection

igetmac.com
imaclife.com
mac-autopilot.com
mac-autopilot.de
mac-space.com
macautopilot.com
macautopilot.de
macfixnow.com
mymachub.com
mymacsoft.com
tenkmo.com

# Reference: https://x.com/L0Psec/status/2033976947659673974
# Reference: https://www.virustotal.com/gui/file/7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917/detection

metramon.com

# Reference: https://x.com/r3dactt/status/2034087646956556539
# Reference: https://www.virustotal.com/gui/file/d7635c83bb9e58e54978075ba883e9b4e8ef26bc74bb7f1ed52201a0848d9e8a/detection

win-soft.org

# Reference: https://x.com/suyog41/status/2034847398380568799
# Reference: https://www.virustotal.com/gui/file/7ae0106a9652c66ad2bce561a3211dcb989448f5cfce8ac74b8a6d6f83e3147f/detection
# Reference: https://www.virustotal.com/gui/file/dcaa93844681bce1881ae08bbbb9eeb35d4773574ea1f5cb1c8ddae6d2662b3c/detection

beltoxer.com

# Reference: https://x.com/MarceloRivero/status/2035075917760925767

applemaclos.com

# Reference: https://x.com/L0Psec/status/2036041072980242603
# Reference: https://www.virustotal.com/gui/file/055ce8476ae9079d0ab8a2b99a65040536114384a1a999e1963ca3840174c04b/detection
# Reference: https://www.virustotal.com/gui/file/76ac42d81255cb4ee2db6fd09799351250bfb4672710b5d4e02d90162e41567e/detection

rvdownloads.com
rvvideosondemand.net

# Reference: https://x.com/suyog41/status/2036301451300143553
# Reference: https://www.virustotal.com/gui/file/e2d8b67a42b61fe666f76d4ae51c3433ec1f20918d1b27863b234a834f5d310a/detection
# Reference: https://www.virustotal.com/gui/file/55082556e0f6a9c34788321647d34e9cef8705b43fbba68dae0dd709f17c80a4/detection

fastfilenext.com

# Reference: https://www.recordedfuture.com/research/clickfix-campaigns-targeting-windows-and-macos

assistance-tools.com
diagnostic.wiki
stormac.it.com
apple.assistance-tools.com
apple.diagnostic.wiki

# Reference: https://x.com/suyog41/status/2037074094374732121
# Reference: https://www.virustotal.com/gui/file/9a96f315ab215cc6d60092cdb5a32d7e57ac8523002facc39cda6b370a6aeb03/detection
# Reference: https://www.virustotal.com/gui/file/f02758a235a220f2fa125bb6f45a49e674fd8b91f320a382e8b7017d93afbc74/detection

datasphere.us.com

# Reference: https://x.com/brkalbyrk7/status/2037630047024980291
# Reference: https://gist.github.com/brkalbyrk/d9a88f107b9c05da70861cea64b78af2

wewannaliveinpice.com

# Reference: https://x.com/brkalbyrk7/status/2038224831158603883

miappl.com
octopixeldate.com
pilautfile.com

# Reference: https://gist.github.com/brkalbyrk/d8c136921e15e5a2a07ecf459506ffae
# CLASS_0_HASH-HOST=20ee0f8c13ee2b7899fd15466bcbc2b6

agentq.digital
ai-tools-review.com
aifoundersacademy.ai
aivisuallab.site
anotherkindofdrew.com
astralpacketcore1.baby
astralpacketcore1.cyou
astralpacketcore1.lat
astralpacketcore2.cfd
astralpacketcore2.cyou
astralpacketcore2.lat
astralpacketcore2.sbs
astralpacketcore2.xyz
astralpacketcore3.cyou
astralpacketcore3.sbs
astralpacketcore3.xyz
astralpacketcore4.baby
astralpacketcore4.pics
astralpacketcore4.sbs
astralpacketcore5.lat
astralpacketcore5.lol
astralpacketcore5.mom
astralpacketcore5.pics
aureawealths.com
automationvijay.site
biz-growth-strategy.com
cfdai-sound.space
cosmicrelayhub1.lol
cosmicrelayhub1.pics
cosmicrelayhub1.xyz
cosmicrelayhub2.homes
cosmicrelayhub2.pics
cosmicrelayhub3.baby
cosmicrelayhub3.mom
cosmicrelayhub3.pics
cosmicrelayhub3.xyz
cosmicrelayhub4.baby
cosmicrelayhub4.cfd
cosmicrelayhub4.pics
cosmicrelayhub5.lol
cosmicrelayhub5.pics
cryptowavematrix7.lol
dataprismcore2.cyou
dataprismcore3.cfd
datastreamforge1.cfd
detalnow.com
edgepointweb.buzz
everydaygateweb.buzz
fairfieldshop.buzz
filealphaweave.com
filebinaryhaze.com
fileomegaform.com
finance-smart-tips.com
fluxstoragehub4.sbs
fluxstoragehub5.cyou
fotbal247.com
frontierbase.buzz
fukugyoulog.com
future-tech-news.com
genericflownet.buzz
goldvaultai.net
graystonehub.buzz
gumbollworks.com
health-vital-hacks.com
hyperdatamesh1.xyz
hyperdatamesh2.baby
hyperdatamesh2.cyou
hyperdatamesh2.lat
hyperdatamesh2.pics
hyperdatamesh2.xyz
hyperdatamesh3.homes
hyperdatamesh3.lat
hyperdatamesh3.mom
hyperdatamesh3.pics
hyperdatamesh3.sbs
hyperdatamesh3.xyz
hyperdatamesh4.lat
hyperdatamesh4.lol
hyperdatamesh5.baby
hyperdatamesh5.homes
hyperdatamesh5.lat
hyperdatamesh5.pics
hyperdatamesh5.xyz
hypernodeaxis4.lol
hypernodeaxis8.cyou
info.tangenai.com
kitchen-secret-chef.com
luxfork.com
meilanimacdonald.com
mmdemo.online
moneycompasshq.com
mood-archive.online
music-logic.site
nebulasyncforge1.baby
nebulasyncforge1.lat
nebulasyncforge1.sbs
nebulasyncforge2.baby
nebulasyncforge2.cfd
nebulasyncforge2.lat
nebulasyncforge2.mom
nebulasyncforge2.sbs
nebulasyncforge3.cfd
nebulasyncforge3.cyou
nebulasyncforge4.baby
nebulasyncforge4.cyou
nebulasyncforge4.mom
nebulasyncforge5.cfd
neuralstreamcore1.baby
neuralstreamcore1.cfd
neuralstreamcore1.lat
neuralstreamcore1.lol
neuralstreamcore1.mom
neuralstreamcore1.pics
neuralstreamcore1.sbs
neuralstreamcore1.xyz
neuralstreamcore2.cyou
neuralstreamcore2.homes
neuralstreamcore2.lat
neuralstreamcore2.lol
neuralstreamcore2.mom
neuralstreamcore2.sbs
neuralstreamcore3.baby
neuralstreamcore3.cyou
neuralstreamcore3.lol
neuralstreamcore3.mom
neuralstreamcore3.pics
neuralstreamcore3.xyz
neuralstreamcore4.baby
neuralstreamcore4.cfd
neuralstreamcore4.cyou
neuralstreamcore4.homes
neuralstreamcore4.lol
neuralstreamcore4.mom
neuralstreamcore4.pics
neuralstreamcore5.baby
neuralstreamcore5.cfd
neuralstreamcore5.cyou
neuralstreamcore5.pics
neuralstreamcore5.xyz
nexugenai.com
orbitdatasync1.cyou
orbitdatasync1.homes
orbitdatasync1.mom
orbitdatasync1.sbs
orbitdatasync2.baby
orbitdatasync2.cyou
orbitdatasync2.lol
orbitdatasync2.mom
orbitdatasync2.pics
orbitdatasync4.baby
orbitdatasync4.lat
orbitdatasync4.mom
orbitdatasync4.sbs
orbitdatasync5.baby
orbitdatasync5.cfd
orbitdatasync5.cyou
orbitdatasync5.lat
orbitdatasync5.lol
orbitdatasync5.pics
orbitdatasync5.sbs
orbitstreamvault1.cfd
orbitstreamvault1.mom
orbitstreamvault2.mom
orbitstreamvault3.baby
orbitstreamvault3.lat
orbitstreamvault4.cfd
orbitstreamvault4.lat
orbitstreamvault4.pics
orbitstreamvault5.mom
pet-care-mastery.com
premiermatrix.net
procleanrobot.com
pronosticipro.it
pureflowai.net
quantugear.com
quantumcachegrid1.baby
quantumcachegrid1.cyou
quantumcachegrid1.homes
quantumcachegrid1.mom
quantumcachegrid1.xyz
quantumcachegrid2.cfd
quantumcachegrid2.pics
quantumcachegrid3.cyou
quantumcachegrid3.homes
quantumcachegrid3.lol
quantumcachegrid3.mom
quantumcachegrid3.pics
quantumcachegrid3.sbs
quantumcachegrid4.baby
quantumcachegrid4.lat
quantumcachegrid4.sbs
quantumcachegrid5.lat
quantumcachegrid5.sbs
quantumcachegrid5.xyz
quantumfluxgrid1.lol
quantumfluxgrid2.homes
quantumfluxgrid2.mom
quantumfluxgrid3.lat
quantumfluxgrid3.mom
quantumfluxgrid3.pics
quantumfluxgrid4.cyou
quantumfluxgrid4.lat
quantumfluxgrid4.lol
quantumfluxgrid4.pics
quantumfluxgrid4.sbs
quantumfluxgrid5.baby
quantumfluxgrid5.cyou
quantumfluxgrid5.sbs
quantumfluxgrid5.xyz
smart-home-tips.com
stellarbackupnode1.lat
stellarbackupnode1.mom
stellarbackupnode2.cfd
stellarbackupnode2.cyou
stellarbackupnode2.mom
stellarbackupnode2.xyz
stellarbackupnode3.cfd
stellarbackupnode3.cyou
stellarbackupnode3.lat
stellarbackupnode3.mom
stellarbackupnode3.pics
stellarbackupnode3.xyz
stellarbackupnode4.cfd
stellarbackupnode4.mom
stellarbackupnode5.homes
stellarnodehub1.baby
stellarnodehub1.cyou
stellarnodehub1.lat
stellarnodehub2.baby
stellarnodehub2.lat
stellarnodehub2.mom
stellarnodehub2.xyz
stellarnodehub3.baby
stellarnodehub3.lol
stellarnodehub3.sbs
stellarnodehub4.cfd
stellarnodehub4.lol
stellarnodehub4.mom
stellarnodehub4.pics
stellarnodehub5.cyou
stellarnodehub5.homes
stellarnodehub5.lat
stellarnodehub5.lol
stellarnodehub5.mom
stellarnodehub5.xyz
tangen-x.com
tangenai.com
techgadgetshubs.com
theplants.site
travel-insider-pro.com
ultranodecluster1.baby
ultranodecluster1.lat
ultranodecluster1.pics
ultranodecluster1.xyz
ultranodecluster2.cfd
ultranodecluster2.cyou
ultranodecluster2.mom
ultranodecluster2.sbs
ultranodecluster2.xyz
ultranodecluster3.baby
ultranodecluster3.cyou
ultranodecluster3.lol
ultranodecluster3.pics
ultranodecluster4.cyou
ultranodecluster4.mom
ultranodecluster4.sbs
ultranodecluster4.xyz
ultranodecluster5.cfd
ultranodecluster5.mom
wealthsaga.net
webvormgeving.com
zenithheath.net
index.nebulasyncforge1.baby
index.nebulasyncforge4.baby
index.orbitstreamvault4.lat
orbitstreamvault4.cfdai-sound.space

# Reference: https://x.com/suyog41/status/2038501430580158737
# Reference: https://www.virustotal.com/gui/file/a789d2aa424b4226ff80796b3febac7a277c700b5567794cdf78ee43e360c99e/detection

dryvecar.com

# Reference: https://x.com/officiallyiru/status/2038995383452365033
# Reference: https://www.iru.com/blog/atomic-stealer-amos-returns
# Reference: https://www.virustotal.com/gui/file/e2b03b1860d54db12c8f7b3cd11676cd20d581573eaaa51d902d9c7a17889432/detection

http://45.94.47.204
http://92.246.136.14
92.246.136.14:13000
92.246.136.14:8080
joytion.com
laislivon.com
systellis.com
wusetail.com
/api/tasks/bEh1xeks21KBDjm0/
/bEh1xeks21KBDjm0/

# Reference: https://x.com/suyog41/status/2038945764429459509
# Reference: https://www.virustotal.com/gui/file/6516962a76edb97f81977281cec056f8eb71bf2e7a1ee13f47dd35830a70a2fb/detection

http://78.137.139.98
78.137.139.98:443

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-03-31-SHub-Stealer-Activity.txt?utm_campaign=tti_shubstealer

avafex.com
benefasts-fhgs2.com
bigbossbro777.com
bintail.com
bulletproofdomai2n.com
hello-brothers777.com
hilofet.com
macdev.slab.com
malkim.com
mentaorb.com
miklutaur.com
mikulatur.com
milbiorb.com
moohsnot.top
nibelined.com
nibelineed.com
obniltail.com
reews09weernsus.com
reews09weersus.com
res2erch-sl2ut.com
res2erzch-sl2ut.com
rhymbil.com
seagalnssteavens.com
terafolt.com
us41web.live
we2luck.com

# Refereence: https://x.com/suyog41/status/2039218511898451975
# Reference: https://www.virustotal.com/gui/file/2031b1046436ecc46012a303055de20e1ce7bd305ea13546ebd3389db62dd90f/detection

usadigitizer.com

# Reference: https://objective-see.org/blog/blog_0x88.html

mac-force.squarespace.com

# Reference: https://x.com/suyog41/status/2041037052666667008
# Reference: https://www.virustotal.com/gui/file/11a053c1f7ea00045d97ec9536ea42f7b9c699fdef8990ff4ab064cdc6f362e9/detection

roboticsxp.com

# Reference: https://x.com/suyog41/status/2041034089583800555
# Reference: https://www.virustotal.com/gui/file/6b1f8f44218ebcbf6197979a93e164b8357c926c69b6b04d8fa780899a67c0fa/detection
# Reference: https://www.virustotal.com/gui/file/3a3055c40f2d5a766d8a0a739a2690cba07a6ad8da731583339c9f6fd0de0409/detection
# Reference: https://www.virustotal.com/gui/file/f060b370709708edf382f08ac66a33cb9811ae6d230ba97ee27676eb0f19d304/detection

pissispissman.com

# Reference: https://x.com/volrant136/status/2041165158139961381
# FAVICON_HASH-HOST/IP=e786115ac4b724375700ebd7f4893deb
# CLASS_0_HASH-HOST/IP=48d30576e276634f29f2d762d69e76dd

airvoyagero.com
anydomen.net
biglights.net
kettlewhisper.icu
msne.shop
new88top.com
pauseinterior.xyz
tubestore.digital
1l.domenpozh.net
d5.tubestore.digital
mail.pauseinterior.xyz
y8.anydomen.net

# Reference: https://x.com/BlinkzSec/status/2041941562481840472
# Reference: https://www.virustotal.com/gui/file/7a554e12ae05b6c4ca09fad4669acaa8743ea1c586430c9592f19905e81aa8a1/detection

http://158.94.210.158

# Reference: https://x.com/masaomi346/status/2041905289600102591

jpbassin.com
mac-clean-storage.gitlab.io
mac-usb-fix.bitbucket.io

# Reference: https://x.com/brkalbyrk7/status/2042141526847873165

claude-code-app.gitlab.io
claude-desktop-app.bitbucket.io

# Reference: https://x.com/suyog41/status/2043633709421846801
# Reference: https://www.virustotal.com/gui/file/3cb6ee130aed76599cb2cca302fafb811511537d45cb765a369b9c2035757dcb/detection
# Reference: https://www.virustotal.com/gui/file/c70b3129af1d637636e60ec5a69d98c435eb994638f3c4873c35c659a043695d/detection

persaniusdimonica8.com

# Reference: https://x.com/suyog41/status/2044030629684367478
# Reference: https://www.virustotal.com/gui/file/9062156ebdf683013b5e8b54dfd96dc80d9e6776eafcfebbe5dde7f051feb967/detection

uk01video.live
uk153video.live
uk173video.live
uk176video.live
2o.uk173video.live
2m.uk153video.live
2r.uk176video.live

# Reference: https://x.com/brkalbyrk7/status/2044139560318165073

8orangemediazone.info
alcovey.xyz
apxeagent.com
baemagent.com
daarnagroup.com
dosqueen.com
foodbiteslovers.com
lnuaagent.com
lovemensfitness.com
lvieagent.com
mastreagent.com
meditationyog.com
mergaagent.com
mirthemp.com
mrakagent.com
mteaagent.com
mystciagent.com
neoroagent.com
nvoaagent.com
nxeusagent.com
oepnagent.com
orcaleagent.com
orinoagent.com
peaecagent.com
poratlagent.com
primefinanceway.com
prmieagent.com
proetctagent.com
prptoagent.com
pruagent.com
qantumagent.com
qeuryagent.com
qusetagent.com
raelagent.com
roadreadyexperts.com
roteagent.com
ruenagent.com
sloidagent.com
smratagent.com
sportylight.com
sprieagent.com
sreachagent.com
stelaragent.com
stremaagent.com
synhtagent.com
thnikagent.com
towreagent.com
truaagent.com
twinklyagent.com
upscaleaquatics.com
vastbets.com
vexillographers.com
virtalagent.com
visoinagent.com
vsatagent.com
wihsagent.com

# Reference: https://x.com/suyog41/status/2045093863812112734
# Reference: https://www.virustotal.com/gui/file/9b35195d6305f772adc25776b7aab037178f9b2311107fbd1cf2eb95c4a2d23d/detection

pewweepor092.com

# Reference: https://intel.breakglass.tech/post/odyssey-macos-stealer-backdoored-panel-scan-tron-credential-harvester

scan-tron.link
vash-server.com
api.scan-tron.link

# Reference: https://x.com/FABO97662188/status/2046595945236750756

amgk-winte-osgksab.pages.dev
apple-team.ghost.io
bsbdsbs.pages.dev
c3dxxvc234ef554f23c.pages.dev
checkwatisitnow.com
clabrmercur.pages.dev
cladesktop-apps.com
claud-code-lastversion.squarespace.com
claud-new-tools591.pages.dev
claude-code-deploy.squarespace.com
claude-code-info.pages.dev
claude-code-main.pages.dev
claude-code-product.squarespace.com
claude-code.ink
claude-codeapp.squarespace.com
claude-cowork-desktop.squarespace.com
claude-download.squarespace.com
claudecode-learn.pages.dev
claudecodeddocs.squarespace.com
claudecodedoc.squarespace.com
claudepage.pages.dev
claufua.pages.dev
david-taylor87.workers.dev
eragdkjsadga.pages.dev
fdfwasrgwrhfdgvwr.pages.dev
fgwegweh.pages.dev
fksf952-fsdkj1-weath1.pages.dev
ghegwegwrg.pages.dev
ghjkbhj.pages.dev
gkkma-glcaks-summ.pages.dev
hb8uu38hbx872bv28dbh29.pages.dev
hidden-mac-guide.squarespace.com
hidden-sun-ef93.lelinh140797.workers.dev
i9j9eiod1ncoschkqcjen.pages.dev
jfkqhlgkq.pages.dev
jh893icndvbqw74bjchldl.pages.dev
kieutrinh831993.workers.dev
kj51-weathj-dsjka.pages.dev
late-pond-d4f2.david-taylor87.workers.dev
late-scene-2f6b.olivia-thomas764.workers.dev
lelinh140797.workers.dev
lindagreen2009.workers.dev
lindajackson449.workers.dev
mac-clean.squarespace.com
mac-showfiles.squarespace.com
mac-storage-guide.squarespace.com
mac-usb-drive.squarespace.com
macboost.squarespace.com
maccleaner.squarespace.com
man-5klfdsk134k13412-note.pages.dev
natormcbjsdkmcsa.pages.dev
new-csopcx4p6l-note.pages.dev
new-csopcx4p6l-sl.pages.dev
nhb227nbx872bd6723g4d.pages.dev
not-9rw.pages.dev
note-2knfq1qebv-notebook.pages.dev
note-8uv.pages.dev
noteappbook.pages.dev
noteappncijskc.pages.dev
notebook-dfb.pages.dev
notebooklm-app-cg7.pages.dev
notebooklm-app-site.pages.dev
notebooklm-info.pages.dev
notebooklm-new-ver.squarespace.com
notebooklm-page.pages.dev
notebooklm-update-version.squarespace.com
notebooklm-version-upd.squarespace.com
notegamskardas.pages.dev
noteklmgoodk.pages.dev
notembkasjokk.pages.dev
noteone.pages.dev
noteshbaerhwe.pages.dev
notklmalans.pages.dev
olivia-thomas764.workers.dev
proj-hid513291kzg.pages.dev
project-clau05192.pages.dev
project-clau350918kg.pages.dev
project-hidd501921.pages.dev
project-ms50192kd15.pages.dev
project-msg510901kja.pages.dev
project-note519201.pages.dev
project-usb392891.pages.dev
pycharm.squarespace.com
sceqdsxcqdfcd.pages.dev
shrill-unit-1140.kieutrinh831993.workers.dev
solitary-cell-f4f6.lindagreen2009.workers.dev
sparkling-truth-dcb9.lindajackson449.workers.dev
uih9ehfbhdbfqudbfidfcikqhnegf.pages.dev
us5123proj59891ksjn3419.pages.dev
ymusic.info

# Reference: https://x.com/BlinkzSec/status/2046855798563774805
# Reference: https://www.virustotal.com/gui/file/8004bb3e02d8161dc6e56333223785d6b9a7bc6452d929661305d063c3fea5e3/detection
# Reference: https://www.virustotal.com/gui/file/979857777c8adc4831e3be65f94edcb42b2c43e42dc049a209de617646a736d9/detection

http://64.89.160.11

# Reference: https://x.com/BlinkzSec/status/2046857774332596516
# Reference: https://www.virustotal.com/gui/file/7b9a54852c19ad47c62709b22a9f9381728b4cd610a8d491a8954a7c10ca3242/detection

http://46.151.182.76

# Reference: https://x.com/brkalbyrk7/status/2048822026450657391
# BANNER_0_HASH-HOST=19c2fac64a38ffcd74e4093349b2192e

allhorseraces.com
americanbadboy.com
astralpacketcore3.cfd
astralpacketcore4.cfd
astralpacketcore5.cfd
astralpacketcore5.sbs
auth-djfghdfh.icu
authh-ncbdds.icu
aws.m-mxmail.com
bestdatafound.com
bestfileflow.com
bitdatafolder.com
c3.m-mxmail.com
captcha.m-mxmail.com
chatgptmoneymachine.com
cosmicrelayhub1.cfd
cosmicrelayhub1.homes
cosmicrelayhub1.sbs
cosmicrelayhub2.cfd
cosmicrelayhub3.homes
cosmicrelayhub3.sbs
cosmicrelayhub4.homes
cosmicrelayhub4.sbs
cosmicrelayhub5.cfd
cosmicrelayhub5.sbs
cws.m-mxmail.com
dataprismcore1.sbs
dataprismcore2.sbs
dataprismcore5.sbs
disco-rojo.com
disputehandler.com
dogtyru.com
donotpayai.com
dun.m-mxmail.com
ed.dataprismcore1.sbs
ee.dataprismcore2.sbs
eh.dataprismcore5.sbs
email.m-mxmail.com
epoiibk28.info
eppoiibk.info
exmail.m-mxmail.com
fallingoffacliff.com
fastdatatrust.com
fasttrustloader.com
fileacaciahub.com
filealphaquest.com
filealphastorage.com
fileashfox.com
fileastrogrid.com
fileaurorabase.com
filebbqribs.com
fileblocksystem.com
filebluecrate.com
fileboostnow.com
fileboostspace.com
filebrickjungle.com
filebrightcherry.com
filebuttercroissant.com
filebytefactory.com
filecactuscipher.com
filecandleorchestra.com
filechocolatemuffin.com
filecloudhub.com
filecloudnest.com
filecloudspark.com
fileclusterpath.com
filecobaltmeadow.com
filecodearchive.com
filecodenetwork.com
filecopperjungle.com
filecoraltunnel.com
filecosmicteapot.com
filecryptodash.com
filecrystalink.com
filedaisyfield.com
filedatafactory.com
filedataharbor.com
filedatapassage.com
filedatapoint.com
filedatapulse.com
filedatastation.com
filedatastreamhub.com
filedeltaengine.com
filedriveorbit.com
filedrivepilot.com
fileeasydrop.com
fileechoforge.com
fileemberstone.com
filefasttrack.com
filefilebasilisk.com
filefishandchips.com
fileflashportal.com
fileflorafield.com
filefluxnode.com
filefreshsalad.com
filefreshstack.com
filefrostlink.com
filefusionlab.com
filefusionplanet.com
filefuturevault.com
filegardenbox.com
filegarlicbread.com
fileginkgocloud.com
fileginkgovault.com
fileglassbadger.com
fileglowpocket.com
filegoldenpeach.com
filegoldstream.com
filegrabberx.com
filegreenfield.com
filegreenroot.com
filegrowlabs.com
filegrowthbox.com
filehappytomato.com
filehollowbyte.com
fileinfocloud.com
fileivoryharvest.com
filejadespirit.com
filejuicymelon.com
filekitesaffron.com
filekiwisector.com
filelarkjet.com
filelatencymap.com
filelaunchpad.com
filelegendhub.com
filelilybloom.com
filelinkbase.com
filelinkforge.com
filelinkmatrix.com
filelogiccloud.com
filelogicdrive.com
filelogicspot.com
filelumenpath.com
filelunartrumpet.com
filemarblepacket.com
filemastergrid.com
filemasterzone.com
filemeadowpulse.com
filemediagroup.com
filemetaarchive.com
filemintcompass.com
filemintloop.com
filemintworks.com
filemotionpro.com
filemysticwalnut.com
filenebulagate.com
fileneontrace.com
filenestray.com
fileoakhub.com
fileonyxcarrot.com
fileonyxshore.com
fileopalriddle.com
fileorbitlantern.com
fileorbitnest.com
fileorchiddream.com
filepepperdomain.com
filepinebox.com
filepixelcraft.com
filepixelthunder.com
filepixelvault.com
fileplanetonline.com
fileplantcore.com
fileplantroom.com
filepondbit.com
filepoplarbase.com
filepowerhub.com
fileprimezone.com
fileprismroute.com
filepulsewave.com
filepurplegrape.com
filequantshift.com
filequantumpepper.com
filequantumthread.com
filequeuepilot.com
filequickflow.com
filerosegarden.com
filerubyfactor.com
filesablelink.com
filesaffronpeak.com
fileseedworld.com
filesharpnode.com
filesilversandbox.com
filesmoothieblend.com
filesocketdrive.com
filesparkmango.com
filesprucelink.com
filestormworks.com
filestormywalnut.com
filestrawberrycake.com
filesweetpancake.com
filesyncsparrow.com
filesyncworld.com
filetacoplate.com
filetealchimney.com
filetechhub.com
filetensorport.com
filethreadworks.com
filetopazdistrict.com
filetracksystem.com
filetreehouse.com
filetrustpoint.com
filetuliphouse.com
filetundragarden.com
filetwigbay.com
fileunitmesh.com
fileuploadpro.com
filevaultbridge.com
filevaultengine.com
filevelocove.com
filevelvetanchor.com
filevioletbeacon.com
filevirtualhub.com
filevisionpro.com
filevoidspark.com
filewavecenter.com
filewaveonline.com
filezapnest.com
filezenithdock.com
filezenithmark.com
filezenithroom.com
filezipcasket.com
filezipfast.com
filrdigitalnest.com
filrprivatedrive.com
filrteamvault.com
flowdownload.com
flyermn.com
gabiaoffice.m-mxmail.com
germandiamond.com
globalfilehub.com
h49unlpark.info
homerican.com
hyperdatamesh1.cyou
hyperdatamesh1.homes
hyperdatamesh2.homes
hyperdatamesh2.sbs
hyperdatamesh4.homes
hyperdatamesh4.sbs
hyperdatamesh5.cyou
hyperdatamesh5.sbs
ischoolsystems.com
jamdanceacademy.com
kidfgh.com
kikivanengelenugc.com
learnuq.com
legacypit.com
leofromchicago.com
lineandmind.com
lockerroomteasers.com
login.m-mxmail.com
lx.m-mxmail.com
m-mxmail.com
maccryptocourier.com
macfilefrost.com
macfilephoenix.com
macfilesbackup.com
macforgeport.com
maclanehub.com
macnodefactory.com
macrouteforge.com
macsoft939os.info
macsyncsafari.com
macvaultlane.com
mail.m-mxmail.com
mark-aspelin.com
mono-protocol.com
nebulasyncforge2.pics
neuralstreamcore1.homes
neuralstreamcore3.homes
neuralstreamcore5.homes
nosdn.m-mxmail.com
open.weixin.m-mxmail.com
openfilemarket.com
openfileworld.com
orbitdatasync2.sbs
orbitdatasync3.sbs
organisedtours.com
pepe-snix.com
pinocchio3.com
platinumfolder.com
porarylaumbia.com
praneslmaijudu.info
qiye.m-mxmail.com
quantumfluxgrid1.homes
quantumfluxgrid3.homes
quantumfluxgrid4.homes
quantumfluxgrid5.homes
reg.m-mxmail.com
relaygate49.com
sansalah.com
sg.m-mxmail.com
stellarnodehub1.homes
stellarnodehub1.sbs
stellarnodehub2.sbs
stellarnodehub4.sbs
stellarnodehub5.sbs
sublimecomics.com
swiftsharedock07.com
syncsendhub29.com
syncuploaddock28.com
thebrownsiblings.com
tos4files.com
treespq.com
trustcloudstorage.com
trustloaddata.com
truststoragemac.com
ultranodecluster1.cfd
ultranodecluster1.sbs
ultranodecluster4.cfd
vip.m-mxmail.com
weixin.m-mxmail.com
wx.m-mxmail.com

# Reference: https://x.com/brkalbyrk7/status/2048822026450657391
# Reference: https://www.virustotal.com/gui/file/897c4f7ac89d96ea2378679cc7dd7accc482add46d9395271dcc5c767bb95f4c/detection

cvetochek75.com

# Reference: https://x.com/brkalbyrk7/status/2048822026450657391
# Reference: https://www.virustotal.com/gui/file/3c073479ce90e86ef8e3eded60a0aa0f03292ea15a353443a44f202aaca88de2/detection

mendalik.com

# Reference: https://x.com/brkalbyrk7/status/2048822029562806482

foewpeeestol.com
kofeynayagush.com
molokotarelka.com
pepepupuchek13.com
perewoisbb0.com

# Reference: https://x.com/suyog41/status/2049098438089073128
# Reference: https://www.virustotal.com/gui/file/2936ed377af3292ac35d98d433523002691ac1dd50151c93fc58c6a4161cee88/detection

glowmedaesthetics.com

# Reference: https://x.com/suyog41/status/2049382164463268033
# Reference: https://www.virustotal.com/gui/file/a1f1b52c4f2894ed5cf4337364a01a244915334f6b8052c8fea7190fd5a847d0/detection

allspinfortune.com
betstakee.com
de.stakeonline1.bond
de.stakeonline2.bond
de.stakeonline3.bond
de.stakeonline4.bond
de.stakeonline5.bond
es.stakeonline1.bond
es.stakeonline2.bond
es.stakeonline3.bond
es.stakeonline4.bond
es.stakeonline5.bond
fr.stakeonline1.bond
fr.stakeonline2.bond
fr.stakeonline3.bond
fr.stakeonline4.bond
fr.stakeonline5.bond
it.stakeonline1.bond
it.stakeonline2.bond
it.stakeonline3.bond
it.stakeonline4.bond
it.stakeonline5.bond
point-on-figure.vip
stake-ar.ar
stake-argentina.lat
stake-casino.org
stake-casino.stream
stake-casino1.fr
stake-dev.netlify.app
stake0.ar
stakeargentina.com
stakecasinoaustralia.com
stakecasinohub.com
stakeonline1.bond
stakeonline2.bond
stakeonline3.bond
stakeonline4.bond
stakeonline5.bond
stakeonlinecasino.eu
stakepromocode.uk.com
traconsult.org

# Reference: https://www.malware-traffic-analysis.net/2026/04/22/index.html
# Reference: https://www.virustotal.com/gui/file/226ef67e9bb1a2b93eff605b2ca121d731180feed6c6f01778b343e77c34331b/detection
# Reference: https://www.virustotal.com/gui/file/9352692327f9c7fe1e623f8509d023a19925534da81b70068d5182356d7c152b/detection

arkypc.com
atcoconst.com
filefastdata.com
foto.gd
laislivon.com
lakhov.com
mpasvw.com
nspielman.com
ouilov.com

# Reference: https://x.com/malwrhunterteam/status/2049747425431081322
# Reference: https://x.com/L0Psec/status/2049930610706100576
# Reference: https://www.virustotal.com/gui/file/c1f2a0e5331dd2798b281a839e06b265d4900770f6f1f1ca9ce7907d5fdb672b/detection
# Reference: https://www.virustotal.com/gui/file/0efea83860704f86a6177c91db832707a0dfb42c2a1a90af174a1ae02ce253fe/detection
# Reference: https://www.virustotal.com/gui/file/36844098128ffddf889a06ee518705e55f008d24472e4c5ab5f2cb4861a6ddf1/detection
# Reference: https://www.virustotal.com/gui/file/2ffd402faabbf1a73b4cc6c62190eee38d4cd25ced9054b4b1fa5d5d53106fe0/detection
# Reference: https://www.virustotal.com/gui/file/f227d419494130048181b8ad1aaf362050d66841a15d46f33096b2143f2c1f2e/detection
# Reference: https://www.virustotal.com/gui/file/e4172342217427ed3c90c63ab6da4fa10b5f878873d8c9169414656e277fd5a9/detection

http://45.150.66.241

# Reference: https://x.com/suyog41/status/2050158465805607301
# Reference: https://www.virustotal.com/gui/file/2fa760db37e97a8238d190b5446b7ebfbca50b4dd8877036d0583e27b08b7d7a/detection
# CLASS_0_HASH-HOST=f1e9703e5578f0c3ddf3ce62211a882b
# FAVICON_HASH-HOST=c8a51f62fff24ecf3b5be299a0dca6dd

cloudvesper.ru
hebsbsbzjsjshduxbs.xyz
learntoswim.biz
lumary-metaverse.ru
lumarymv.xyz
lumaworld.site
metavortex.site
streamatora.app
streamatora.com
streamatora.live
streamyard.ai
streamyard.app
streamyard.asia
streamyard.club
streamyard.digital
streamyard.finance
streamyard.in
streamyard.info
streamyard.ink
streamyard.it.com
streamyard.life
streamyard.media
streamyard.org
streamyard.pro
streamyard.pw
streamyard.studio
streamyard.tech
streamyard.zone
streamyards.info
streamyards.life
streamyards.net
streamyards.org
streamzyra.com
websreamyard.com
wechatweb.com

# Reference: https://isc.sans.edu/diary/32942

/gate?buildtxd=

# Reference: https://x.com/haxor31337/status/2051965863432253728

babulikinet.com

# Reference: https://raw.githubusercontent.com/ChainK1ll/Daily_Intel/refs/heads/main/macOS%20Stealers/MacSync

5gsolar.com
absolutelybizarre.com
abudhabirentacar.com
activatellm.com
adcptest.com
advancedoperator.com
advancedpaydays.com
advancedqai.com
agentfoom.com
agenticpodcast.com
agentictrove.com
ai3dbio.com
aiagentessentials.com
aiagentoptimization.com
aicompanionos.com
aicrowdfunder.com
aigenerativeos.com
aihackverse.com
aihealthring.com
aimedikal.com
aimoodrings.com
ainetapps.com
aionlyos.com
aisolutions247.com
aitripadvisor.com
aivectortech.com
aiviagra.com
alibigenerator.com
americaunblocked.com
anythinggoesai.com
arizonaautosalvage.com
artificialprime.com
assistantquantum.com
atautonomous.com
atcognitive.com
atswarm.com
augentics.com
autonomousvelocity.com
ayupuji.com
babygpt5.com
bachine.com
balidentalimplants.com
baliimplants.com
baliimplantsvacation.com
balionlinevisa.com
balipassport.com
balivisaonline.com
baltimorerecordingstudio.com
behindthisdoor.com
bitcoinlnwallet.com
blackmagiccomics.com
blzaeagent.com
bureai.com
caretoolsai.com
cashlessend.com
catamai.com
chatbasedos.com
chatgptstreaming.com
chestradiography.com
chinesecoffeeshop.com
citizen007.com
cleansewellness.com
cognitivery.com
cognitivesoc.com
coingloves.com
commercialroofingsd.com
cvols.com
damnglass.fun
daybreakbali.com
deadmendontlie.com
defenseqai.com
detonomous.com
dialabite.com
dirhamsai.com
docspremium.com
dpsmuz.com
drewbrucker.com
droneshoppingcart.com
dubaiaiconference.com
duskfort.com
ewabeniak.com
exclusivecardesign.com
exploringdreamhomes.com
faithtofame.com
fastmoneyfactory.com
fintelliganceai.com
firstaidgifts.com
foomos.com
fortlauderdalelemonlaw.com
fractionery.com
freeaibuilder.com
frontierboots.com
froyodelivery.com
frozenyogurtdelivery.com
ftduk.com
fusionformulas.com
fuzzyswarm.com
gadade.com
galeriademoda.com
geneasi.com
generalintelligencelab.com
generalintelligencelabs.com
generatery.com
genomicsforge.com
genpowerai.com
genzdiscounts.com
geonlabs.com
gpuexperts.com
greenlandgate.com
hacelu.com
hackservices.com
healthcareqai.com
healthlizer.com
healthmagnus.com
helloubud.com
hotfireclothing.com
howtointelligence.com
howtoownyourmoment.com
hushholidays.com
hyattdubai.com
industrialqai.com
influencersmatter.com
instantaimoney.com
instantmonetization.com
instantpuppy.com
intelligencize.com
interactsai.com
internationalfeministattorney.com
internetswarm.com
investinllm.com
isgilan.com
kcbps.com
kfquantum.com
kickstartpodcast.com
koreanhunters.com
koshernight.com
lalandscapelighting.com
landlordingagent.com
largedronedeliveries.com
largemultimodal.com
leadingbitcoinbank.com
letthemarketdecide.com
liberationavenue.com
llmmanual.com
loungesurvey.com
lxhealthcare.com
lxwellness.com
mallofai.com
masterclasscash.com
meerkade.com
meetautonomous.com
miamidadenotary.com
miamillm.com
millenniummums.com
mistergpu.com
modalpulse.com
modalr.com
modalvault.com
moltino.com
motivationalworkout.com
mrtransplant.com
myfirstfactory.com
mylawagent.com
myugcai.com
nailscanai.com
nationalspacecouncil.com
neodatapro.com
neuralprompting.com
neuronalbiology.com
newmapofamerica.com
nolimitsweb.com
northlightcrm.com
numericagent.com
oaklandwaterdamage.com
ohiosteelbuildings.com
ohmygrok.com
oklahomawarehousing.com
oldmoneyagents.com
onewordman.com
onlinehelpguy.com
orbitalasi.com
orlandopoolcleaningservice.com
paidadspilot.com
pebbledpage.com
peopleorders.com
plasmaticsystems.com
pluginscreate.com
polyphonicos.com
putrian.com
qachine.com
quantumisp.com
quantumkappa.com
quantumrdp.com
quickcafes.com
readycustomers.com
receptorium.com
reclaimgreenland.com
revoje.com
ricewaterbeauty.com
roboticroots.com
robotorphanage.com
rubbishcar.com
rvieragent.com
safekidsai.com
sandiegotkd.com
sapphirecleaners.com
securefilms.com
serverlessintelligence.com
shuffledagents.com
signalforgeai.com
skyringer.com
smartcitiesnow.com
sockstogo.com
sorceryshop.com
speechlanguagemodel.com
starorium.com
startupmanuals.com
startuponboarding.com
stclegion.com
stinarosen.com
storefrontrental.com
storefrontrentals.com
storevisibility.com
sullyphotos.com
superintelligencemap.com
superstarsellers.com
suprafine.com
swarmhand.com
synapsedevice.com
tfmeta.com
thebaliresort.com
thefinalsatoshi.com
thefirstwap.com
thejacksonhouse.com
therealgreenland.com
thisisgreenland.com
thisisslop.com
threadmasterai.com
thugstools.com
timohealth.com
tintingsd.com
trusticai.com
truthbringers.com
twojets.com
tynite.com
ubudbackpacker.com
ukinvestmenttrusts.com
undisputedintelligence.com
unifiedaiapi.com
universefounder.com
unleashllm.com
unstoppableamerica.com
usmortgagehelp.com
validmortgage.com
vaultorium.com
vegasestateagent.com
vegasvideoproductions.com
venturesnova.com
veravora.com
versatilegifts.com
vietnamoasis.com
villaace.com
virgoapparel.com
vivoryx.com
volusiaplumbing.com
washingtonmansion.com
webtowallet.com
whatisslop.com
workerswithoutwalls.com
workingfromyacht.com
worlddentalguide.com
worldmedicaltours.com
xbotica.com
xeebii.com
xtrixx.com
yakimatowing.com
yourcognitive.com
zkpdefense.com
zkptechnology.com

# Reference: https://x.com/L0Psec/status/2052494971563909504
# Reference: https://www.virustotal.com/gui/file/6d979466596978ffcb633a0b8c47adedd0778555c0e513fc3d3c84bcef6f036b/detection

appstore.ms
snowpersone.com
teams.appstore.ms

# Reference: https://www.rstcloud.com/macsync-stealer-c2-infrastructure-rotation/
# Reference: https://www.virustotal.com/gui/file/2cd7305adbe94fecaca76602b028e3279edd9be563e6c6f1401bc69df1155aaa/detection

harveylewisinsuranceagency.com
jacksonvillemma.com
longbeachmartialarts.com
lumenagnet.com
tencentstablecoin.com
wechatstablecoin.com

# Generic

/Arc12645413.dmg
/AGOV-Access.dmg
/otherassets/botnet
