# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: shadowladder, hijackloader, snappyclient

# Reference: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?linkId=10719875

http://62.133.61.56
forikabrof.click
matodown.b-cdn.net
nextomax.b-cdn.net
potexo.b-cdn.net

# Reference: https://x.com/GenThreatLabs/status/1827007175627010077
# Reference: https://github.com/avast/ioc/blob/master/Lumma/Lumma_08_2024.txt

anti-bot1.b-cdn.net
asdkjjkasdn-aptv1.b-cdn.net
bidvert.b-cdn.net
bot-check2.b-cdn.net
bot-check3.b-cdn.net
bot-checking.b-cdn.net
bot-detection.b-cdn.net
bot-test.b-cdn.net
continuedownloader.com
downloadsbeta.com
downloadstep.com
galaksion.b-cdn.net
hypochloridtilz.click
kjbnfdkbf74.b-cdn.net
kjhsdfh-capv1.b-cdn.net
manistream1.b-cdn.net
mato-camp-v2.b-cdn.net
mato-camp-v4.b-cdn.net
papad.b-cdn.net
popcsh.b-cdn.net
popunder.b-cdn.net
popup.b-cdn.net
proto.b-cdn.net
provenotrobot.b-cdn.net
security-check.b-cdn.net
spam.b-cdn.net
streamingsplays.com
verification.b-cdn.net

# Reference: https://x.com/ge0lev/status/1827393504793804891

bidvertiser.b-cdn.net
lengo-20cb4.kxcdn.com
mato-camp-v1.b-cdn.net
microsoftcamp-c1.b-cdn.net
microsoftcamp-v1.b-cdn.net
popad.b-cdn.net
vercapth63.b-cdn.net
verify-captcha-987.b-cdn.net
verifyhuman476.b-cdn.net

# Reference: https://x.com/RakeshKrish12/status/1827961172970119274
# Reference: https://www.virustotal.com/gui/file/9887456e52e81549c7eb274da0462a075b4a234f185115a5dba9bbb11c11b208/detection

cdn-serveri18n-googleapis.com
dev.cdn-serveri18n-googleapis.com

# Reference: https://app.validin.com/detail?type=dom&find=pub-9c4ec7f3f95c448b85e464d2b533aac1.r2.dev#tab=reputation

opsopanels.click

# Reference: https://app.validin.com/detail?type=dom&find=opsopanels.click#tab=host_pairs_v2

apzzz-20c7e.kxcdn.com
greenenorgusd.b-cdn.net
jhsnshueyt.click
uploadz908.b-cdn.net

# Reference: https://x.com/r3dbU7z/status/1827008313579417909
# Reference: https://www.virustotal.com/gui/file/76b3d685142919820401d377843658c7a92a60d168f6be16d04461ab176e63de/detection

loginsmoobu.com

# Reference: https://x.com/ge0lev/status/1828551713428775043
# Reference: https://urlscan.io/search/#page.url%3A%2F.*%5C..*(%5C%2F%7C%5C-)verify%5C-%5B%5E%5C%2F%5D*%5C.html%2F%20AND%20page.url%3A(human%20OR%20captcha%20OR%20system)

human-check2.b-cdn.net
human-check3.b-cdn.net
human-verificati0n.b-cdn.net

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-28-IOCs-for-Lumman-Stealer-from-fake-human-captcha-copy-paste-script.txt

get-verified.b-cdn.net
get-verified2.b-cdn.net
human-check.b-cdn.net
human-verify02.b-cdn.net
myapt67.s3.amazonaws.com

# Reference: https://www.ontinue.com/resource/obfuscated-powershell-leads-to-lumma-c2-stealer/

campzips1.b-cdn.net

# Reference: https://app.validin.com/detail?find=BunnyCDN%20Node%20LA1-1002&type=raw&ref_id=d15a589b9a2#tab=host_pairs_v2

aidat-onliine-iadelerii-porttalie138.b-cdn.net
aidat1-e-devlet-onlinec934.b-cdn.net
aidt-onlineii-iadelerii-portalie250.b-cdn.net
aiidatat3-e-devlett-onlineeebtb210.b-cdn.net
anindamerkez.b-cdn.net
app-bnkr.b-cdn.net
bali7kuvani.b-cdn.net
bneawaytmm.b-cdn.net
bokadari7.b-cdn.net
bonusdeli.b-cdn.net
burulasdolummnoktasi.b-cdn.net
daffdfdfsd.b-cdn.net
dfzafgrgfsvrsr.b-cdn.net
dvlaidtt-online-iadeleeri-portalie107.b-cdn.net
e-devlet-online-eportali333.b-cdn.net
edevlet-online-aiidatt-basvurunuzz41.b-cdn.net
faktypolska21.b-cdn.net
faktypolska6.b-cdn.net
fibabaqnk2-intt-ssvbessi-webhiztfnbt833.b-cdn.net
gortstdmdcvoale.b-cdn.net
hmnrndvu.b-cdn.net
icilecekcorba.b-cdn.net
incest-hentai.b-cdn.net
livediscodating.b-cdn.net
monsterprelaunchcom.b-cdn.net
nvimerkezirrr.b-cdn.net
nviradnsadhas.b-cdn.net
nzat.b-cdn.net
obiletrezervasyonal.b-cdn.net
ogretmenbonus.b-cdn.net
olay.b-cdn.net
opertuy.b-cdn.net
pooprip.b-cdn.net
randvudesin.b-cdn.net
rndvus-ual.b-cdn.net
scagrsthsrhrshsrg.b-cdn.net
shortcuts.b-cdn.net
tkyugv.b-cdn.net
tr-tccbm-155tr.b-cdn.net
track-dark-bz.b-cdn.net

# Reference: https://x.com/RacWatchin8872/status/1829524427366977600

get-verified3.b-cdn.net
glksion.b-cdn.net

# Reference: https://x.com/ge0lev/status/1829649128336605264

adstrra.b-cdn.net
one-step.b-cdn.net
second-step.b-cdn.net

# Reference: https://x.com/0Dayhta/status/1832054562280108317
# Reference: https://www.virustotal.com/gui/file/55b96b221a8aed3376ea4abf3f3ca89d07fa23bce039563a7e0f6c6e887ee2a9/detection
# Reference: https://www.virustotal.com/gui/file/3fff6f2ff5690a77d5ec7ed5cd1c85c95710e92bf06ea2ec7ecd3f64789f207e/detection
# Reference: https://www.virustotal.com/gui/file/2edae4af5d8f8f0b24cae435c08651f29b8d02e87e66acaf7e9eee1f740f93fa/detection
# Reference: https://www.virustotal.com/gui/file/2e0c0e72e3f94756ddb50ed7d52e4eeb18646625ba1035ec97a9b0e42c956b1b/detection

clicktogo.click
human-verification5.b-cdn.net

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-08-29-v10677/1924

poko.b-cdn.net
propller.b-cdn.net
zone02.b-cdn.net

# Reference: https://x.com/kddx0178318/status/1834199075689730320

876z.b-cdn.net
verifyfull8434.b-cdn.net

# Reference: https://x.com/g0njxa/status/1834326261545529391
# Reference: https://app.any.run/tasks/d9e94e88-73b0-46ac-9318-eb09484c14e3

newvideozones.click

# Reference: https://x.com/kddx0178318/status/1834200990565773334
# Reference: https://urlscan.io/sha256/235db27b55a506bc36fd3ff9caa2174003aaed5be39a35461e81b605ab98eaef/

report1.b-cdn.net

# Reference: https://x.com/0Dayhta/status/1834393770307006624

brazilwoiuxd.click

# Reference: https://twitter.com/k3yp0d/status/1787748197361725863
# Reference: https://www.virustotal.com/gui/file/51a72e692be5bea6846e1fe7344e4a158714580921281ec5b08d6403f0a3049f/detection

fatodex.b-cdn.net

# Reference: https://x.com/dark0pcodes/status/1841878702310764872

myfilez.b-cdn.net

# Reference: https://x.com/AzakaSekai_/status/1842441626989511062
# Reference: https://www.virustotal.com/gui/file/145f6e37a5fa98aee04493102c705b677d30e2f68199758fcda669ae91c093a3/detection

files404sa.b-cdn.net
spam-check-v30.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1844356014532870603
# Reference: https://www.virustotal.com/gui/file/b4bc40366058acdb2af851a6e7fb7abf328c5fbb815654f11bc01e04f20550bc/detection

dls01.b-cdn.net
msi01s.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1846307247074238907
# Reference: https://www.virustotal.com/gui/file/79c2cd09e1e8090fca5d338443dfb3a61e11a8458599d9174d7c0460527eb22a/detection
# Reference: https://www.virustotal.com/gui/file/d70d1bb37d1c578dfea61815e5a58e49343f4996f30d3e304fb12678f090ac26/detection

mydlls1.b-cdn.net
mymsi1.b-cdn.net

# Reference: https://x.com/kddx0178318/status/1846908706518155520

captcha-verification-v20.b-cdn.net
gigav1.b-cdn.net

# Reference: https://x.com/iam_rajhans/status/1847214063886979121

cummlouder.co
app.cummlouder.co

# Reference: https://www.virustotal.com/gui/file/4940e1187d228f1e5d3bd6b4c26eea7fda3d694eced4445426c80d25edef4e40/detection

winrar01.b-cdn.net

# Reference: https://x.com/RacWatchin8872/status/1850629604370788452
# Reference: https://urlscan.io/search/#page.domain%3A%22b-cdn.net%22%20AND%20page.url%3A%22%2F.*%5C.txt%24%2F%22

1.6.0.9.2.4.tt1.b-cdn.net
1600924t1.b-cdn.net
160924tt1.b-cdn.net
aws-stores-ii.b-cdn.net
best-received.b-cdn.net
clipx.b-cdn.net
discx.b-cdn.net
doctx111.b-cdn.net
easytx.b-cdn.net
fast-choice-v10.b-cdn.net
fetchinglinknow.b-cdn.net
filepathloadss.b-cdn.net
firstzoningpull.b-cdn.net
funbunistica.b-cdn.net
get-zip.b-cdn.net
go-for-zip.b-cdn.net
iilp.b-cdn.net
keepmyfilehere.b-cdn.net
micro-store-v52.b-cdn.net
mini-storage.b-cdn.net
mnl0.b-cdn.net
mobx.b-cdn.net
next-level-verify-01.b-cdn.net
pingaadioload.b-cdn.net
pltx11.b-cdn.net
pluspagingstore.b-cdn.net
prublingapage.b-cdn.net
pz-01.b-cdn.net
pz022.b-cdn.net
rartxt41.b-cdn.net
sanfistivcr.b-cdn.net
secondlyypages.b-cdn.net
simplex.b-cdn.net
softx.b-cdn.net
storingprogress.b-cdn.net
tera14.b-cdn.net
tera15.b-cdn.net
tera18.b-cdn.net
tgsfr.b-cdn.net
togsopogso.b-cdn.net
tr10.b-cdn.net
tr14.b-cdn.net
tr15.b-cdn.net
tr18.b-cdn.net
trx41.b-cdn.net
trx77.b-cdn.net
ttx77.b-cdn.net
txtn222.b-cdn.net
view31.b-cdn.net
view42.b-cdn.net
win7.b-cdn.net
wintx41.b-cdn.net
xilx222.b-cdn.net
zone07.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1850988565510881613
# Reference: https://www.virustotal.com/gui/file/0e7688ac949ad3987d64e65782aacf4bfa1b04a7364ce843ee84027c121705b0/detection
# Reference: https://www.virustotal.com/gui/file/6485f2df14c72a461bb1988d1cbb8a57f9f032e5d0a632234de6dfa36c97539d/detection

create-desktop-verify.b-cdn.net

# Reference: https://x.com/banthisguy9349/status/1851680673301696888
# Reference: https://www.virustotal.com/gui/file/cf0c298e6e33ce0f4fd9e356b6a82ed82b588e498490223031b7befae6239c6e/detection

dllmicrosoft.b-cdn.net
msimicrosoft.b-cdn.net

# Reference: https://x.com/kddx0178318/status/1853487249704284288

v56hdblw79c0wn6.b-cdn.net

# Reference: https://x.com/banthisguy9349/status/1854145103792586797

bukfjs17hds.b-cdn.net
check-in-verified.b-cdn.net
cnnctzov1.b-cdn.net
e4df625dced6cb1e925b6d3ad117de9b.b-cdn.net
garagstorev1.b-cdn.net
getzone.b-cdn.net
getzone1.b-cdn.net
getzone2.b-cdn.net
getzone3.b-cdn.net
gochop.b-cdn.net
loadingfaslyv11.b-cdn.net
loadingfaslyv12.b-cdn.net
loadingfaslyv15.b-cdn.net
loadingfaslyv16.b-cdn.net
loadingfaslyv9.b-cdn.net
newsystem-check3.b-cdn.net
newsystem-checkt.b-cdn.net
newsystem-checkz.b-cdn.net
omkavi14.b-cdn.net
omkavi15.b-cdn.net
omkavi17.b-cdn.net
pub-d6448def2aba44ce96071bebcc1ce641.r2.dev
sdsdfzipo.b-cdn.net
steppingfrpage.b-cdn.net
trx11.b-cdn.net
verified-desktop-in.b-cdn.net
verify-check-you.b-cdn.net
zip-store.oss-ap-southeast-1.aliyuncs.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lumma/ (# 2024-11-09)

bot-checker.b-cdn.net
bot-detector.b-cdn.net
botcheck.b-cdn.net
captcha-verification-sys-v1.b-cdn.net
check-bot11.b-cdn.net
checkthisverify.b-cdn.net
first-steps.b-cdn.net
hbhjkbjhbjkhv11.b-cdn.net
human-verification4.b-cdn.net
human-verify1.b-cdn.net
robo-step.b-cdn.net
spam-check1.b-cdn.net
stream-checker.b-cdn.net

# Reference: https://app.validin.com/detail?find=193.151.136.249&type=ip4&ref_id=f772d7b812d#tab=resolutions
# Reference: https://urlscan.io/result/8e20749c-dff0-40a5-b23c-637e3f5efceb/

philipson.agency
philipson-agency.com

# Reference: https://x.com/JAMESWT_MHT/status/1865460372553023874
# Reference: https://www.virustotal.com/gui/file/239ee15976c36dbd71785d29fe0ae9ec5b6ea70f022ceccc77edb0767efc1d16/detection

193.143.1.46:6110
dbasopma.me

# Reference: https://x.com/salmanvsf/status/1866412050395840572
# Reference: https://urlscan.io/search/#page.title.keyword%3A%22Verify%20You%20Are%20Human%22

0000353-stripe.com
000330-stripe.com
000331-stripe.com
000332-stripe.com
000333-stripe.com
000334-stripe.com
000991-stripe.com
000993-stripe.com
000994-stripe.com
003390-stripe.com
003391-stripe.com
003392-stripe.com
003395-stripe.com
0612023314-stripe.com
094855-stripe.com
1202102023-stripe.com
2023024760-stripe.com
2023142426-stripe.com
2023213840-stripe.com
user0063-stripe.com
user0067-stripe.com
user00761-stripe.com
user00762-stripe.com
user00769-stripe.com
user00900-stripe.com
user00901-stripe.com
user00902-stripe.com
user00903-stripe.com
user00904-stripe.com
user00991-stripe.com
user06078-stripe.com
9c4ec7f3f95c448b85e464d2b533aac20.b-cdn.net
9c4ec7f3f95c448b85e464d2b533aac29.b-cdn.net
anti-automation-v2.b-cdn.net
antibotx.b-cdn.net
any-44.b-cdn.net
any-46.b-cdn.net
baptist-texas.net
barzi7.b-cdn.net
barzi8.b-cdn.net
bestdrugs.biz
bmy7etxgksxo.objectstorage.sa-santiago-1.oci.customer-oci.com
bot-blocker-v3.b-cdn.net
bot-blocker-v9.b-cdn.net
bot-check-e15.b-cdn.net
bot-check-page.b-cdn.net
bot-check-v5.b-cdn.net
bot-check-v9.b-cdn.net
bot-detection-v1.b-cdn.net
bot-detection-v3.b-cdn.net
bot1check.b-cdn.net
botcheck-encrypted-system.b-cdn.net
captcha-page.b-cdn.net
captcha-recognition-v2.b-cdn.net
captcha2-6pe.pages.dev
cdn-downloads-now.xyz
check-page316.b-cdn.net
check-your-humanity.b-cdn.net
check-zone-v11.b-cdn.net
cherry-bounce.b-cdn.net
darkbonet.darkdumps.xyz
darkdumps.xyz
dashboard01-stripe.com
dashboard122-stripe.com
dashboard2236-stripe.com
dashboard2313-stripe.com
dashboard26-stripe.com
dashboard2730-stripe.com
dashboard2883-stripe.com
dashboard3212-stripe.com
dashboard3982-stripe.com
dashboard563-stripe.com
dashboard9-stripe.com
dealpills24.com
doc-view-files.wxrunie.do
drugsonline.biz
eu-prime-service.com
expressway.b-cdn.net
fax-docs-viewer.s3.amazonaws.com
fileyes.b-cdn.net
fina-page-of-v39.b-cdn.net
final-chek-v10.b-cdn.net
final-chek-v14.b-cdn.net
final-chek-v18.b-cdn.net
final-chek-v25.b-cdn.net
final-chek-v28.b-cdn.net
final-chek-v31.b-cdn.net
final-chek-v33.b-cdn.net
final-chek-v34.b-cdn.net
final-chek-v37.b-cdn.net
final-chek-v45.b-cdn.net
final-step-v15.b-cdn.net
first-path.b-cdn.net
frelancervn.com
full-fast-movie-downloader.b-cdn.net
gaccess.b-cdn.net
gaccess1.b-cdn.net
gaccess19.b-cdn.net
gaccess2.b-cdn.net
get-to-step-007.b-cdn.net
heic2.b-cdn.net
human-checking-10.b-cdn.net
human-verification2.b-cdn.net
human-verification3.b-cdn.net
id-check-bot-b.b-cdn.net
id-check-bot-v4.b-cdn.net
impcaptchapage.b-cdn.net
information-first.com
ip-check-v12.b-cdn.net
kon-lita01.b-cdn.net
lab.adversarygroup.com
landingp1.b-cdn.net
last-step-v44.b-cdn.net
last-v89-verify.b-cdn.net
lets-move-to10.b-cdn.net
load-check003.b-cdn.net
loading-wait.b-cdn.net
loadingfaslyv8.b-cdn.net
loadvistufinv24.b-cdn.net
marimarbahamas.me
myhotdrug.com
mymedshoplive.com
mypull-zone.b-cdn.net
nowheretocallhome.com
omkavi05.b-cdn.net
omkavi10.b-cdn.net
omkavi12.b-cdn.net
onlinepharmacytab24.com
picklejuice.com
pillsonlineservices.com
pillsshoplive.com
pillsyou.com
pillzone.net
profit25.online
prop-bot.b-cdn.net
prop-check.b-cdn.net
prop-guard.b-cdn.net
prop-sheild.b-cdn.net
pub-7a0525921ff54f1193db83d7303c6ee8.r2.dev
qabu-botafile.b-cdn.net
ready-to-go-100.b-cdn.net
ready-to-go-101.b-cdn.net
ready-to-go-104.b-cdn.net
ready-to-go-113.b-cdn.net
ready-to-go-29.b-cdn.net
ready-to-go-4.b-cdn.net
ready-to-go-90.b-cdn.net
ready-to-go-93.b-cdn.net
recaptcha-checking-v3.b-cdn.net
redirect-to-this-111.b-cdn.net
relatomomento.online
request-pending.b-cdn.net
restoindia.me
robo-test.b-cdn.net
robot-detect-sys-v30.b-cdn.net
robot-detect-x1.b-cdn.net
robot-detection-sys-v2.b-cdn.net
safe-access-zone-v1.b-cdn.net
safe-page-b1.b-cdn.net
safe-page-b3.b-cdn.net
scan-bot13.b-cdn.net
scan-bot4.b-cdn.net
sec-check-v1.b-cdn.net
secure-bot22.b-cdn.net
secure-bot9.b-cdn.net
secure-step-a1.b-cdn.net
sg-authentification-g.com
sg-authentification-h.com
sg-authentification-i.com
sg-authentification-m.com
sg-authentification-n.com
solunadevelopment.com
spam-auth-v1.b-cdn.net
spam-detect-v1.b-cdn.net
spam-protect-v1.b-cdn.net
spam-verification.b-cdn.net
spam-verify.b-cdn.net
spark-captcha.netlify.app
step-second.b-cdn.net
step-to-verify-b93.b-cdn.net
tempcontrol.cfd
texasprimeservices.com
travelwithandrew.xyz
us-north-11-wasabisys.b-cdn.net
us-north-7-wasabisys.b-cdn.net
user0-stripe.com
user0019-stripe.com
user0066-stripe.com
user00766-stripe.com
user00990-stripe.com
user00992-stripe.com
user00993-stripe.com
user0243-stripe.com
user0244-stripe.com
user0246-stripe.com
user0247-stripe.com
user0258-stripe.com
user0261-stripe.com
user0262-stripe.com
user0269-stripe.com
user0279-stripe.com
user0282-stripe.com
user0319-stripe.com
user0421-stripe.com
user0473-stripe.com
user0519-stripe.com
user0541-stripe.com
user0619-stripe.com
user06660-stripe.com
user0679-stripe.com
user0694-stripe.com
user0719-stripe.com
user072-stripe.com
user0721-stripe.com
user0761-stripe.com
user0819-stripe.com
user0864-stripe.com
user0919-stripe.com
user0996-stripe.com
user11607-stripe.com
user12477-stripe.com
user13477-stripe.com
user19-stripe.com
user2134-stripe.com
user2239-stripe.com
user2619-stripe.com
user31007-stripe.com
user3190-stripe.com
user3212-stripe.com
user3219-stripe.com
user3289-stripe.com
user3539-stripe.com
user4002-stripe.com
user4329-stripe.com
user609-stripe.com
user60993-stripe.com
user60994-stripe.com
user6363-stripe.com
user6426-stripe.com
user6519-stripe.com
user6643-stripe.com
user7531-stripe.com
user7659-stripe.com
user8479-stripe.com
user910095-stripe.com
user9132-stripe.com
user9334-stripe.com
user9719-stripe.com
user9879-stripe.com
ver-bot1.b-cdn.net
ver-bot5.b-cdn.net
verification.northeurope.cloudapp.azure.com
verified-robot.b-cdn.net
verify-hostname.b-cdn.net
verifyrobot.b-cdn.net
viettelpay79.com
ytfjghloadv1.b-cdn.net
zonistoringv1.b-cdn.net

# Reference: https://x.com/JAMESWT_MHT/status/1868568379835158564
# Reference: https://www.virustotal.com/gui/file/92f2599f5dc2df644e9bbd4688c75eb36f2a0dcd12324e608289f43b56156cfd/detection

193.143.1.46:6129
dbasopma.biz
dbasopma.club
dbasopma.info
dbasopma.one
dbasopmagroup.forum
desired-equally-delete-choir.trycloudflare.com

# Reference: https://x.com/JAMESWT_MHT/status/1868604703103402112
# Reference: https://app.validin.com/detail?find=51.89.158.77&type=ip4&ref_id=b806ceb2d08#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/be08b9a4ae8b267dcead07a7ef284cec889ac4d42250f753b6d89b327c34af79/detection
# Reference: https://www.virustotal.com/gui/file/7672dc5342d9001339635a974819294371142bdfbe9edaa5af64854dc8361d44/detection

51.89.158.77:3452
51.89.158.77:7020
calvindavennnopport.shop
jsfbanming.shop
krynifbeqw.shop
shippingmentnotice.xyz

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-09-18-v10697/1989

controlleractiveserver.com
document-publisher.org
download.instructionclub.com
download.instructionclubs.com
downloadfile.b-cdn.net
instructionclub.com
instructionclubs.com
mato-camp2.b-cdn.net
mato2.b-cdn.net
mato3f.b-cdn.net
peco.b-cdn.net
powers.b-cdn.net
sitehealthtipsart.com
streamvideox.b-cdn.net
trackmyshipeng.sitehealthtipsart.com
transparency.b-cdn.net
vidstreemz.b-cdn.net
zexodown-2.b-cdn.net

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-04-v10788/2227

desbullariamos.sa.com
recommends-returned-browser-brave.trycloudflare.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-11-v10796/2254

carldi.org
maybelsrka.my
youngsweays.my

# Reference: https://x.com/salmanvsf/status/1879441183237427585
# Reference: https://urlscan.io/search/#page.server:%22WsgiDAV/4.3.0%20Cheroot/9.0.0%20Python/3.11.1%22

101.99.94.234:8080
142.11.195.90:8888
144.126.134.25:5000
144.126.134.25:8080
154.216.18.97:5865
154.216.18.99:5228
154.216.18.99:9175
193.143.1.46:5938
212.28.178.113:8080
212.28.178.113:8888
51.89.199.99:9094
57.128.129.22:5378
62.146.227.231:8080
62.146.227.231:8888
acorsclouts.duckdns.org
ap-0182.cfd
bapromuxbes.duckdns.org
bkasgseves.duckdns.org
burrkeklprinting.tech
capitalisca.duckdns.org
dbasopma.art
dbasopma.click
dbasopma.cv
dbasopma.my
ebimmes.duckdns.org
fr-form-hugsd.duckdns.org
indepopobkasgseves.duckdns.org
ip22.ip-57-128-129.eu
reducapromuxbes.duckdns.org
renouv-maladie-enligne.com
sac-pores.duckdns.org
sinkcado.duckdns.org
spredingrm2.duckdns.org
trackmyshipang.site
trackmyshipmng.site
trackmyshipnng.site
trackmyshipqng.site
vmi1838661.contaboserver.net

# Reference: https://urlhaus.abuse.ch/asn/60068/ (# 2025-01-26)

condmattes.b-cdn.net
escritor.b-cdn.net
getfile420.b-cdn.net
infinitys.b-cdn.net
kinbowex.b-cdn.net
klkl9.b-cdn.net
moixerintendent.b-cdn.net
mubjahuke.b-cdn.net
nopar.b-cdn.net
platfrm.b-cdn.net
surficingpag.b-cdn.net
ump911.b-cdn.net
zuiolressodermic.b-cdn.net

# Reference: https://x.com/salmanvsf/status/1934515880526012617
# Reference: https://www.virustotal.com/gui/file/ff5e584010c2fda05098cc76ffa1a056d3a489deb89292f283247511bdda9f7d/detection

http://196.251.116.154
http://45.137.99.210
http://93.113.25.151
wurmlingenkoribunduseiffen.com
/v10/buhm.php

# Reference: https://x.com/smica83/status/1937478435208610258
# Reference: https://x.com/ShanHolo/status/1939613456325599493
# Reference: https://tria.ge/250624-ntnhxaswet/behavioral2
# Reference: https://www.virustotal.com/gui/file/9258a7ec655140209e0337a49e32a1720574acbc9858a86b7ac895f25e41a172/detection

141.98.6.14:5563
cdnhelofin.pro

# Reference: https://www.virustotal.com/gui/file/01ea80da0e4635a0516044148e322ab4fe93806b396e232483299422dc84e559/detection

179.43.167.210:3333
179.43.167.210:3334
helpfandaven.org

# Reference: https://x.com/SquiblydooBlog/status/1982163251942334938
# Reference: https://www.virustotal.com/gui/file/df605aa20e6a2d09ceefd7db62e7ff24c6495007f5dc2a453e66a6dc8090b1d7/detection

193.24.123.97:3333
193.24.123.97:3334
hello-squiblydoo-do-you-like-kitties.com
squiblydooisacianigger.com

# Reference: https://www.virustotal.com/gui/file/1a728bf9256571244ff6f3b1f0874f6d27054506ca6103e00de1493be8f4050f/detection

fuckdajews.com

# Reference: https://www.virustotal.com/gui/file/d7e5be8aa67b33d9cd681c126c5523c919692ef44af69b470def0863d2f28120/detection

sexycallcenter.com

# Reference: https://www.virustotal.com/gui/ip-address/193.24.123.97/relations

ciscoweb.app
gdrfad-gov.com
webexchat.chat

# Reference: https://www.virustotal.com/gui/file/c3aa49f823a0e4f371ff392d37ff0240658ca82fdac496f4345d90ae6534e83c/detection

gawanjaneto.com

# Reference: https://x.com/malwrhunterteam/status/2011554940326719819
# Reference: https://www.virustotal.com/gui/file/f154fa45aab0fce2d7eaae7b733f3d59ac9cb6d3421705d7d26a1f89e5e7001f/detection

144.124.242.70:4444

# Reference: https://www.zscaler.com/blogs/security-research/technical-analysis-snappyclient
# FAVICON_HASH-IP=6cb58ca6448a0c37574fcdd0b76ffdca

104.219.239.2:3333
104.219.239.2:3334
109.107.168.72:3333
109.107.168.72:3334
135.181.138.114:3333
135.181.138.114:3334
139.60.162.100:3333
139.60.162.100:3334
141.255.161.122:3333
141.255.161.122:3334
144.31.4.78:3333
144.31.4.78:3334
149.50.96.164:3333
149.50.96.164:3334
149.50.97.164:3333
149.50.97.164:3334
149.50.97.174:3333
149.50.97.174:3334
151.242.122.227:3333
151.242.122.227:3334
154.213.177.2:3333
154.213.177.2:3334
154.213.177.30:3333
154.213.177.30:3334
155.2.192.215:3333
155.2.192.215:3334
155.2.192.218:3333
155.2.192.218:3334
158.94.208.34:3333
158.94.208.34:3334
158.94.209.188:3333
158.94.209.188:3334
158.94.211.237:3333
158.94.211.237:3334
158.94.211.70:3333
158.94.211.70:3334
162.33.178.216:3333
162.33.178.216:3334
164.132.5.117:3333
164.132.5.117:3334
176.65.132.219:3333
176.65.132.219:3334
178.16.52.152:3333
178.16.52.152:3334
178.16.54.144:3333
178.16.54.144:3334
178.16.55.242:3333
178.16.55.242:3334
179.43.139.10:3333
179.43.139.10:3334
179.43.140.114:3333
179.43.140.114:3334
179.43.152.106:3333
179.43.152.106:3334
179.43.159.106:3333
179.43.159.106:3334
179.43.166.242:3333
179.43.166.242:3334
179.43.190.98:3333
179.43.190.98:3334
185.196.11.63:3333
185.196.11.63:3334
185.208.158.190:3333
185.208.158.190:3334
185.208.158.78:3333
185.208.158.78:3334
185.93.89.154:3333
185.93.89.154:3334
190.211.252.42:3333
190.211.252.42:3334
193.149.190.153:3333
193.149.190.153:3334
193.233.112.188:3333
193.233.112.188:3334
193.233.113.137:3333
193.233.113.137:3334
193.233.126.110:3333
193.233.126.110:3334
193.24.123.89:3333
193.24.123.89:3334
193.29.104.155:3333
193.29.104.155:3334
195.177.94.94:3333
195.177.94.94:3334
195.2.73.100:3333
195.2.73.100:3334
195.3.221.137:3333
195.3.221.137:3334
195.3.221.166:3333
195.3.221.166:3334
196.251.72.79:3333
196.251.72.79:3334
196.251.86.254:3333
196.251.86.254:3334
199.127.61.237:3333
199.127.61.237:3334
199.217.99.210:3333
199.217.99.210:3334
2.57.122.108:3333
2.57.122.108:3334
212.11.64.157:3333
212.11.64.157:3334
212.11.64.253:3333
212.11.64.253:3334
213.165.45.183:3333
213.165.45.183:3334
217.119.139.62:3333
217.119.139.62:3334
23.94.252.133:3333
23.94.252.133:3334
31.42.184.161:3333
31.42.184.161:3334
31.57.166.134:3333
31.57.166.134:3334
34.127.165.93:3333
34.127.165.93:3334
38.22.104.116:3333
38.22.104.116:3334
38.255.38.3:3333
38.255.38.3:3334
43.228.157.175:3333
43.228.157.175:3334
45.134.26.78:3333
45.134.26.78:3334
45.140.17.61:3333
45.140.17.61:3334
45.141.84.229:3333
45.141.84.229:3334
45.144.52.34:3333
45.144.52.34:3334
45.156.87.8:3333
45.156.87.8:3334
45.76.39.238:3333
45.76.39.238:3334
45.76.71.127:3333
45.76.71.127:3334
45.87.249.150:3333
45.87.249.150:3334
45.9.149.93:3333
45.9.149.93:3334
46.151.182.211:3333
46.151.182.211:3334
5.78.122.195:3333
5.78.122.195:3334
54.39.30.233:3333
54.39.30.233:3334
62.60.177.43:3333
62.60.177.43:3334
62.60.179.105:3333
62.60.179.105:3334
62.60.247.114:3333
62.60.247.114:3334
64.190.113.150:3333
64.190.113.150:3334
65.108.141.82:3333
65.108.141.82:3334
65.108.233.15:3333
65.108.233.15:3334
66.163.113.238:3333
66.163.113.238:3334
66.90.86.58:3333
66.90.86.58:3334
67.217.228.145:3333
67.217.228.145:3334
72.5.43.193:3333
72.5.43.193:3334
77.93.154.19:3333
77.93.154.19:3334
84.201.25.62:3333
84.201.25.62:3334
84.201.5.253:3333
84.201.5.253:3334
86.54.24.142:3333
86.54.24.142:3334
87.121.79.21:3333
87.121.79.21:3334
88.210.63.164:3333
88.210.63.164:3334
89.124.91.214:3333
89.124.91.214:3334
89.185.80.207:3333
89.185.80.207:3334
91.199.163.124:3333
91.199.163.124:3334
91.202.233.144:3333
91.202.233.144:3334
91.215.85.86:3333
91.215.85.86:3334
91.219.239.144:3333
91.219.239.144:3334
91.219.239.165:3333
91.219.239.165:3334
91.92.241.27:3333
91.92.241.27:3334
92.118.112.33:3333
92.118.112.33:3334
92.255.85.108:3333
92.255.85.108:3334
92.51.2.122:3333
92.51.2.122:3334
95.179.181.111:3333
95.179.181.111:3334
95.216.16.159:3333
95.216.16.159:3334
96.9.124.111:3333
96.9.124.111:3334

# Reference: https://www.virustotal.com/gui/file/104c56644026c5e2e4ea40b300a37d980d0a767ff3f198fde19cd99b7cac8c7e/detection

91.84.123.231:3333
91.84.123.231:3334

# Reference: https://www.virustotal.com/gui/file/04c9c57b1d0de5c3f9d53a701c3db7ea39b754f94279f8d344fa11b5e7e2c298/detection

185.39.19.186:3333
185.39.19.186:3334

# Reference: https://x.com/smica83/status/2047616468909506667
# Reference: https://tria.ge/260424-lxjm1sfs7n/behavioral1

85.11.161.198:9191

# Reference: https://www.virustotal.com/gui/file/40200223dd447abc06b68185ac8e1fbaced6cbf1e0a389e5b73d880a81512bd8/detection
# Reference: https://www.virustotal.com/gui/file/875907837ae13671b52c8c2485b9edf6d735aee12f1b5cfe9c0ebfcc150d7c18/detection

http://76.13.175.231
76.13.175.231:9658
85.11.161.198:6600
robinhuds.com
pub-063ac3a76c104317a6bb75c93dba34bd.r2.dev
