# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ps1bot

# Reference: https://twitter.com/ScumBots/status/1052260096422625281

ryenylittleleague.azureedge.net

# Reference: https://twitter.com/ScumBots/status/1053342340012744705

call.sysapi.net

# Reference: https://twitter.com/ScumBots/status/1053341937271476224

yi4qsyaprvlbephz.onion.to

# Reference: https://twitter.com/ScumBots/status/1059443242612203520

mypsh.ddns.net

# Reference: https://twitter.com/ScumBots/status/1060034869013700608

rekt.onthewifi.com

# Reference: https://twitter.com/ScumBots/status/1061987878987816960

leon-de-bruxelle.com

# Reference: https://twitter.com/ScumBots/status/1062368314670891008

frontieredevie.fr

# Reference: https://twitter.com/ScumBots/status/1066171943399903232

epelix-63870.portmap.io

# Reference: https://twitter.com/ScumBots/status/1069302264974721024

alphatool.serveo.net

# Reference: https://twitter.com/ScumBots/status/1069654505636139017

meterpreter.serveo.net

# Reference: https://twitter.com/ScumBots/status/1070687543543386114

it-pro.serveo.net

# Reference: https://twitter.com/ScumBots/status/1074270423804723200

globalact.gq

# Reference: https://twitter.com/ScumBots/status/1075034205472653312

0.tcp.ngrok.io

# Reference: https://twitter.com/ScumBots/status/1078973915840552960

manage-shope.com

# Reference: https://twitter.com/ScumBots/status/1079066477289005057

amazon34.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1081939579693920257

rostelekom.pw

hack.localtunnel.digital-securite.ovh
digital-securite.ovh
kaliccbx.ddns.net

# Reference: https://twitter.com/ScumBots/status/1098326434274267142

195.3.146.86:443

# Reference: https://twitter.com/ScumBots/status/1100239578068328454

noticiasfinancieras.zapto.org

# Reference: https://twitter.com/ScumBots/status/1101069508419178503

46.29.163.222:9999

# Reference: https://twitter.com/ScumBots/status/1103395507546845190

leel.ddns.net

# Reference: https://twitter.com/ScumBots/status/1104348618335678464

104.145.231.114:8091

# Reference: https://twitter.com/ScumBots/status/1105065844005048321

91.211.88.131:5555

# Reference: https://twitter.com/ScumBots/status/1106460030218440709

95.179.235.70:443

# Reference: https://twitter.com/ScumBots/status/1106994800660807681

186.81.33.145:63000

# Reference: https://twitter.com/ScumBots/status/1107437718659891200

186.81.33.145:64000

# Reference: https://twitter.com/ScumBots/status/1107225070819332097

k.bank3.io

# Reference: https://twitter.com/ScumBots/status/1108808003829014530

noticiasfinancieras.zapto.org

# Reference: https://twitter.com/ScumBots/status/1110314175715311616

194.48.152.35:443

# Reference: https://twitter.com/ScumBots/status/1112449681454452736

159.89.214.31:42069

# Reference: https://twitter.com/ScumBots/status/1112450458700996608

193.161.193.99:40138

# Reference: https://twitter.com/ScumBots/status/1113317717300469760

95.213.251.165:7070

# Reference: https://twitter.com/ScumBots/status/1113955672138354688

186.81.33.145:64500

# Reference: https://twitter.com/ScumBots/status/1114833955822481408

151.80.60.117:6666

# Reference: https://twitter.com/ScumBots/status/1114849055501422593

47.95.251.134:8886

# Reference: https://twitter.com/ScumBots/status/1116428100286537728

78.192.98.226:4444

# Reference: https://twitter.com/ScumBots/status/1117790943208513537

52.15.72.79:14441

# Reference: https://twitter.com/ScumBots/status/1117793457999949824

5.19.4.164:4444

# Reference: https://twitter.com/ScumBots/status/1117808559637577730

52.15.72.79:10241

# Reference: https://twitter.com/ScumBots/status/1118058956298051584

185.242.21.78:80

# Reference: https://twitter.com/ScumBots/status/1118261545220345856

159.89.214.31:4343

# Reference: https://twitter.com/ScumBots/status/1119448112613986305

193.161.193.99:39125

# Reference: https://twitter.com/ScumBots/status/1119987918247006209

18.216.53.253:11712

# Reference: https://twitter.com/ScumBots/status/1120279841763483649

52.14.61.47:17369

# Reference: https://twitter.com/ScumBots/status/1121470183523201026

52.14.61.47:19552

# Reference: https://twitter.com/ScumBots/status/1121854255898472453

87.223.180.106:4444

# Reference: https://twitter.com/ScumBots/status/1121891714321518593

170.70.41.120:8080

# Reference: https://twitter.com/pmelson/status/1123226187348705281

193.161.193.99:34346

# Reference: https://twitter.com/ScumBots/status/1123531266593312774

185.202.174.118:80

# Reference: https://twitter.com/ScumBots/status/1124651146621194241

88.99.59.176:666

# Reference: https://twitter.com/ScumBots/status/1125841489181978625

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1126122085405921280

194.5.250.129:443

# Reference: https://twitter.com/ScumBots/status/1126466859258327042

check.wittmann-it-security.org

# Reference: https://twitter.com/ScumBots/status/1131387542715150336

18.223.41.243:12432

# Reference: https://twitter.com/ScumBots/status/1132894210573643777

134.209.84.8:8082

# Reference: https://twitter.com/ScumBots/status/1133583150750343168

109.150.206.190:443

# Reference: https://twitter.com/ScumBots/status/1135807664200527873

193.161.193.99:54015

# Reference: https://twitter.com/ScumBots/status/1141761391621283846

46.177.202.34:5151

# Reference: https://twitter.com/ScumBots/status/1141794546570997760

91.200.103.24:443

# Reference: https://twitter.com/ItsReallyNick/status/1014522001900306433
# Reference: https://www.virustotal.com/gui/file/457282edec9eb312d6d99644c4a7c097b4c8984a023e255a5942b5dab5635a56/detection

52.17.157.98:445

# Reference: https://twitter.com/pmelson/status/1143536066781204481

aaa.stage.13171101.lol.intepi.net

# Reference: https://twitter.com/pmelson/status/1143527997888180234

179.43.160.219:80

# Reference: https://twitter.com/ScumBots/status/1143807370969210883

3.14.212.173:18032

# Reference: https://twitter.com/ScumBots/status/1143959624430829570

54.36.163.79:80

# Reference: https://twitter.com/ScumBots/status/1145504975939866624

116.206.228.203:7834

# Reference: https://twitter.com/ScumBots/status/1148985146550493188

190.166.86.4:4444

# Reference: https://twitter.com/ScumBots/status/1149750278842912768

194.99.22.146:443

# Reference: https://twitter.com/ScumBots/status/1150554457668751360

146.255.150.56:4444

# Reference: https://twitter.com/ScumBots/status/1151144078215700480

103.242.237.110:4446

# Reference: https://twitter.com/ScumBots/status/1151148452652421121

kurosan.ddns.net

# Reference: https://twitter.com/ScumBots/status/1151145809108512769

78.193.216.186:4446

# Reference: https://twitter.com/ScumBots/status/1151906993810083842

52.14.249.189:8080

# Reference: https://twitter.com/ScumBots/status/1156103391753506821

3.14.212.173:12313

# Reference: https://twitter.com/ScumBots/status/1156359755281195008

3.17.202.129:12313

# Reference: https://twitter.com/ScumBots/status/1156840752342818818

185.207.205.12:28741

# Reference: https://twitter.com/ScumBots/status/1157218238041866240

185.207.205.12:28742

# Reference: https://twitter.com/ScumBots/status/1159527654225301506

149.6.167.58:443

# Reference: https://twitter.com/ScumBots/status/1160356057207713792

95.144.8.33:4444

# Reference: https://twitter.com/ScumBots/status/1160550196004237312

3.19.3.150:12081

# Reference: https://twitter.com/ScumBots/status/1160550327273295872

3.14.212.173:12081

# Reference: https://twitter.com/ScumBots/status/1160537610718253056

18.223.41.243:19419

# Reference: https://twitter.com/ScumBots/status/1161082450140958720

194.5.250.105:443

# Reference: https://twitter.com/ScumBots/status/1161967029018071046

attem83.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1162058130307584002

153.73.72.79:4444

# Reference: https://twitter.com/ScumBots/status/1165093924517625856

185.244.150.240:443

# Reference: https://twitter.com/ScumBots/status/1165422297328619521

18.223.41.243:12313

# Reference: https://twitter.com/ScumBots/status/1165808947657420800

18.223.41.243:15578

# Reference: https://twitter.com/ScumBots/status/1166415604384972800

18.223.41.243:14529

# Reference: https://twitter.com/ScumBots/status/1167576493758791681

45.45.76.113:1337

# Reference: https://twitter.com/ScumBots/status/1170326258372218880

82.102.24.42:4444

# Reference: https://twitter.com/ScumBots/status/1170357503370170368

104.154.246.115:443

# Reference: https://twitter.com/ScumBots/status/1171978786507808768

amazon34.duckdns.org

# Reference: https://twitter.com/i/status/1172612874708996096
# Reference: https://app.any.run/tasks/a2ddc0ed-5c0f-409e-bf26-457a9237ce3d/

159.246.29.114:443

# Reference: https://twitter.com/ScumBots/status/1173444749287710720

onezero0.net

# Reference: https://twitter.com/ScumBots/status/1176404662653730817

141.255.159.11:4444

# Reference: https://twitter.com/ScumBots/status/1178475870652116994

185.61.148.70:443

# Reference: https://twitter.com/VK_Intel/status/1179450328900685831

91.214.124.20:80

# Reference: https://twitter.com/ScumBots/status/1180077281714348033

45.62.225.56:443

# Reference: https://twitter.com/ScumBots/status/1180114767970803712

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1180121450092617728

27.164.5.106:16728

# Reference: https://twitter.com/ScumBots/status/1180887202265489409

185.92.74.29:4444

# Reference: https://twitter.com/ScumBots/status/1180977806920036353

185.92.74.29:35555

# Reference: https://twitter.com/ScumBots/status/1181239022875824131

3.17.202.129:13147

# Reference: https://twitter.com/ScumBots/status/1181435313270525953

psycho.ooguy.com

# Reference: https://twitter.com/ScumBots/status/1183274933348192258

tronium.ddns.net

# Reference: https://twitter.com/ScumBots/status/1183654188192014337

3.19.3.150:19416

# Reference: https://twitter.com/pmelson/status/1184143380294619137

137.218.255.213:22849

# Reference: https://twitter.com/ScumBots/status/1186090265611767808

193.161.193.99:49202

# Reference: https://twitter.com/ScumBots/status/1186624502945517569

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1188695655608455173

76.218.94.80:4444

# Reference: https://twitter.com/ScumBots/status/1190274811139969024

18.223.41.243:17192

# Reference: https://twitter.com/ScumBots/status/1190807095806963713

18.223.41.243:19650

# Reference: https://twitter.com/DidierStevens/status/1192870847217840131

3.134.31.210:8080

# Reference: https://twitter.com/ScumBots/status/1193726301967917057

18.188.14.65:14404

# Reference: https://twitter.com/ScumBots/status/1195001191253643270

5.175.214.20:18880

# Reference: https://twitter.com/ScumBots/status/1195118477520121856

5.94.121.244:4444

# Reference: https://twitter.com/ScumBots/status/1195564311982354433

192.241.132.33:4433

# Reference: https://twitter.com/ScumBots/status/1195729497934508035

186.10.116.109:4455

# Reference: https://twitter.com/ScumBots/status/1196883776405725191

df98fdslkjfs.red

# Reference: https://twitter.com/ScumBots/status/1197508727001305089

85.152.6.30:8080

# Reference: https://twitter.com/ScumBots/status/1200520713536491520

185.174.172.201:443

# Reference: https://twitter.com/ScumBots/status/1200716613202391040

193.161.193.99:56282

# Reference: https://twitter.com/ScumBots/status/1200720388281569280

192.241.133.27:4466

# Reference: https://twitter.com/ScumBots/status/1201587934127886338

telastex.net

# Reference: https://twitter.com/ScumBots/status/1201978181139550210

24.52.217.77:5443

# Reference: https://twitter.com/ScumBots/status/1203528860098281472

updateqdb.com

# Reference: https://twitter.com/ScumBots/status/1204219193698267146

134.209.84.8:8082

# Reference: https://twitter.com/ScumBots/status/1204414044804800517

92.84.116.3:1911

# Reference: https://twitter.com/ScumBots/status/1206925775464796163

18.188.14.65:12260

# Reference: https://twitter.com/ScumBots/status/1210387460083073025

217.80.20.213:1515

# Reference: https://www.virustotal.com/gui/file/cfc2bd30cdeacd9c3a91259f0013778d4e5436871e929f10c1cd8d7b14b041a7/detection

18.223.41.243:18113
3.17.202.129:18113
3.19.3.150:18113

# Reference: https://www.virustotal.com/gui/file/0320d90a95fbb080763f71deb3148f32bf78abf8f10286dcf118c0e36a936292/detection

3.14.212.173:4040
3.17.202.129:16416

# Reference: https://www.virustotal.com/gui/file/b537f1d14d0524c436532ea2be7d0fe51ce543886b477a8517480fc68dc57a6b/detection

3.17.202.129:13841

# Reference: https://www.virustotal.com/gui/file/95f1ea0b38a61e7778ef017e091206f99f13ded7ddf2fc36a20de8da70055e12/detection

3.17.202.129:12010

# Reference: https://www.virustotal.com/gui/file/70bba627efb3ff53f0175adc91f8475fbaf2a7cad3d6a804b80d75abe7381b74/detection

3.14.212.173:15905

# Reference: https://www.virustotal.com/gui/file/3e4e78dd9cbddd1800d0891ef95f6f5bda212bcbb1a069f2fbaaba3668ac85f7/detection

3.14.212.173:12734

# Reference: https://www.virustotal.com/gui/file/a3ed5434cd0962e13e85377f3e2737b027d75f46445ce2410dc5538164242be9/detection

3.17.202.129:17299
3.19.114.185:17299

# Reference: https://www.virustotal.com/gui/file/695b9ca3cd336e0372732e0d5227ca0e58da1dfc3298615e9c0ace25cb1baf3d/detection

18.188.14.65:15344
3.17.202.129:15344

# Reference: https://www.virustotal.com/gui/file/27b0e998a7920147e7d58753f1d8d96dbbaec541076e5361a04324a9753081f2/detection

3.14.212.173:17035
3.17.202.129:17035

# Reference: https://www.virustotal.com/gui/file/14fe05562eeefb83448360308522709a31db34955de01bca438965af343c66a6/detection

18.223.41.243:11265

# Reference: https://www.virustotal.com/gui/file/5638ed9a9d4ea35e861d344441a2e5b1e4cdcfc358c8c7dd077574dd49657a3d/detection

96ac532a.ngrok.io

# Reference: https://www.virustotal.com/gui/file/cd8b19cbe08a2ace933b9f3e631d4752c1f8f56e04646c03510877cda5c87e3d/detection

193.161.193.99:49202

# Reference: https://www.virustotal.com/gui/file/13843c62906ce22307c6861b25b5e8672aa1766f4e41cb425a0c9468a6823085/detection

193.161.193.99:63420

# Reference: https://www.virustotal.com/gui/file/25cd26e740426b51a966a2c1c4888496c27bba7abf12589fae98394f3550e027/detection

3.19.3.150:15492

# Reference: https://www.virustotal.com/gui/file/cfc2bd30cdeacd9c3a91259f0013778d4e5436871e929f10c1cd8d7b14b041a7/detection

18.223.41.243:18113
3.17.202.129:18113
3.19.3.150:18113

# Reference: https://www.virustotal.com/gui/file/66bc47048c508f0bde60a88deb339e914b6f3c60bb1b2256e83d118bf3dad928/detection

3.19.3.150:80

# Reference: https://www.virustotal.com/gui/file/4c63034454f490a8ed01a7685e1606d32da5e7f301d3538bccf4f7de5e41bd66/detection

3.19.3.150:19416

# Reference: https://www.virustotal.com/gui/file/2bb71dbfb2ccf9eddb7143437a2b430181d472fce6b819426b8c4e3ce1f5bf82/detection

3.19.3.150:11036

# Reference: https://www.virustotal.com/gui/file/c7157233ddc1df83112d6eb3466180b3347f1069d8b878d424747508ccd9d949/detection

3.19.114.185:15344
3.19.3.150:15344

# Reference: https://www.virustotal.com/gui/file/8835a022439a0b630a2c2eba40b9bcf0432cb8d68d7a0060a1a44246cec29ab2/detection

3.19.3.150:11317

# Reference: https://www.virustotal.com/gui/file/7d60fd1bbf98b86ead194f76bf4413f9a70b91567037c015156a5c70d7c7a5eb/detection

3.19.3.150:29038

# Reference: https://www.virustotal.com/gui/file/bc4689aab804e44f23cf60bb9bc4c17bd68b73224f7267d1a0d41c3d55af4458/detection

185.101.92.3:1777

# Reference: https://www.virustotal.com/gui/file/218d24468418a0b6fd800a464ba64aeea42add82a11c284ee094076555c3d237/detection

trszrfea.ddns.net

# Reference: https://www.virustotal.com/gui/file/73562ccfd6dc94c59dcd691aceccdf1eeee089ff69a041234f3bf65dc218bbab/detection

185.101.92.3:8636

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1213831684791123969

23.227.207.185:444

# Reference: https://twitter.com/ScumBots/status/1215378978212646927

107.191.46.239:14293

# Reference: https://twitter.com/ScumBots/status/1217633122059259905

newsrecordmusic112.monster

# Reference: https://twitter.com/ScumBots/status/1217920265478459395

194.99.22.145:443

# Reference: https://twitter.com/ScumBots/status/1217922012481556480

45.153.186.51:443

# Reference: https://twitter.com/ScumBots/status/1217872955310530560

185.244.150.5:4444

# Reference: https://twitter.com/ScumBots/status/1218660424876462082

137.224.106.4:73

# Reference: https://twitter.com/ScumBots/status/1218849343442210816

3.17.202.129:11591

# Reference: https://www.virustotal.com/gui/file/c15ecbb84c15839556f39589f7f513dc3785b5ac727ba26f2d29b9993661696f/detection

185.27.134.11:24004

# Reference: https://twitter.com/ScumBots/status/1219796839031103494

165.227.61.185:443

# Reference: https://twitter.com/ScumBots/status/1219988825130356736
# Reference: https://www.virustotal.com/gui/domain/officestorage.org/relations

185.245.84.106:443
officestorage.org

# Reference: https://twitter.com/ScumBots/status/1219998021926182924

185.165.168.226:443
virtualofficeroom.com

# Reference: https://twitter.com/ScumBots/status/1220180618132316160

fearlesslyhuman.org

# Reference: https://twitter.com/ScumBots/status/1190345274872532993

c2.virus.eu

# Reference: https://twitter.com/ScumBots/status/1183048566929002496

3.8.236.109:443

# Reference: https://twitter.com/ScumBots/status/1218566229264343041

autodiscover.cisco-gateway.com

# Reference: https://www.virustotal.com/gui/file/09f1ee55ee6d228e8bca7120191ef4160294a2b45743ba2b52449f4bd6fd730f/detection (# Nishang)

3.17.202.129:16437

# Reference: https://twitter.com/ScumBots/status/1220945633625935872 (# Nishang)

3.17.202.129:11353

# Reference: https://twitter.com/ScumBots/status/1220945728811552773 (# Nishang)

3.17.202.129:17008

# Reference: https://twitter.com/ScumBots/status/1220946013600518144 (# Nishang)

3.17.202.129:17413

# Reference: https://twitter.com/ScumBots/status/1220945586955964418 (# Nishang)

3.17.202.129:19355

# Reference: https://twitter.com/ScumBots/status/1220945824517173248 (# Nishang)

3.17.202.129:14901

# Reference: https://twitter.com/ScumBots/status/1220945776081326085 (# Nishang)

3.17.202.129:12022

# Reference: https://twitter.com/ScumBots/status/1220945964506107904 (# Nishang)

3.17.202.129:16264

# Reference: https://twitter.com/ScumBots/status/1220945917223874561 (# Nishang)

3.17.202.129:18777

# Reference: https://twitter.com/ScumBots/status/1220945680551895040 (# Nishang)

3.17.202.129:16437

# Reference: https://twitter.com/ScumBots/status/1220945870386012160 (# Nishang)

3.17.202.129:10146

# Reference: https://twitter.com/ScumBots/status/1221394913562124289 (# Nishang)

3.17.202.129:18163

# Reference: https://twitter.com/ScumBots/status/1221410012804911105 (# Nishang)

3.17.202.129:12205

# Reference: https://twitter.com/ScumBots/status/1221437692157865984 (# Nishang)

3.17.202.129:11916

# Reference: https://twitter.com/ScumBots/status/1221445243301715970 (# Nishang)

3.17.202.129:15404

# Reference: https://twitter.com/ScumBots/status/1221467894363705344 (# Nishang)

3.17.202.129:15173

# Reference: https://twitter.com/ScumBots/status/1222242996755845120 (# Nishang)

3.17.202.129:19733

# Reference: https://twitter.com/ScumBots/status/1222265648564273153 (# Nishang)

3.17.202.129:10418

# Reference: https://twitter.com/ScumBots/status/1222532412279808000 (# Nishang)

3.17.202.129:10740

# Reference: https://twitter.com/ScumBots/status/1222597835474030592 (# Nishang)

3.17.202.129:17202

# Reference: https://twitter.com/ScumBots/status/1222814262403399680 (# Nishang)

3.17.202.129:11400

# Reference: https://twitter.com/ScumBots/status/1223586875371401217 (# Nishang)

3.17.202.129:14379

# Reference: https://twitter.com/ScumBots/status/1223654823356256256 (# Nishang)

3.17.202.129:15404

# Reference: https://twitter.com/ScumBots/status/1223994559912464386 (# Nishang)

3.17.202.129:14766

# Reference: https://twitter.com/ScumBots/status/1223994628220866560 (# Nishang)

3.17.202.129:15676

# Reference: https://twitter.com/ScumBots/status/1222207486062735363

82.31.142.196:80
whipped.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1222451876064526337

45.32.72.237:443

# Reference: https://twitter.com/ScumBots/status/1222517422483288065

bankingadvice.net

# Reference: https://twitter.com/ScumBots/status/1222576942748250114

27.4.98.173:443

# Reference: https://www.virustotal.com/gui/file/f5f0d36874f9e69329601f2334b6d4f218bafe857b3cbb5f9e8ad13d328f0d51/detection

weirdly.crabdance.com

# Reference: https://www.virustotal.com/gui/file/611e4ecdf7e7db5e2308f3af69d01a4a28866aa3b434d77f7a2b7a95a8faf292/detection

194.5.98.139:444

# Reference: https://www.virustotal.com/gui/file/bb11f097959ea9c8854e064fb63008f0fd3916f13ad9437762b133663613b56d/detection

178.124.140.147:444

# Reference: https://twitter.com/ScumBots/status/1223577316024115200

51.159.56.13:32042

# Reference: https://www.virustotal.com/gui/file/f5f0d36874f9e69329601f2334b6d4f218bafe857b3cbb5f9e8ad13d328f0d51/detection

185.148.241.50:444

# Reference: https://twitter.com/ScumBots/status/1225790150564859905

18.223.41.243:14272

# Reference: https://twitter.com/ScumBots/status/1225807757019840512

18.223.41.243:14272

# Reference: https://twitter.com/pmelson/status/1226248009786236928

58.96.92.95:38900

# Reference: https://twitter.com/ScumBots/status/1226278360436924416

renovatesystem.com

# Reference: https://www.virustotal.com/gui/file/cb4778c05f0c2635000bd05e42070994568e9e4d992e32536c406217fb5b063e/detection

185.101.92.3:1204
danger11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/143aea5d387c714790accdfa13a9cd0f6eef6b7b957b5c3b2f3a9e4e3e03c4b5/detection

27.63.179.85:1202

# Reference: https://www.virustotal.com/gui/file/3b436a5c83b85b2734a34367a488d7ea59b086708b5c2c2582265607fab36adf/detection

185.101.92.3:1209
27.63.162.41:1209

# Reference: https://twitter.com/ScumBots/status/1226967904626913281

46.119.226.171:4444

# Reference: https://twitter.com/ScumBots/status/1226906959946899457

94.156.189.250:443

# Reference: https://twitter.com/ScumBots/status/1228827730038398977

185.147.15.22:443

# Reference: https://twitter.com/ScumBots/status/1229078059871096832
# Reference: https://www.virustotal.com/gui/file/a1c29c076b654c070bad23d0d49018e7e6b54bf4cc942da9b59aec6c7f086d26/detection

139.59.145.48:80

# Reference: https://twitter.com/ScumBots/status/1229751243075092487

137.224.106.4:73

# Reference: https://twitter.com/ScumBots/status/1229647311187386368

3.17.148.164:4444

# Reference: https://twitter.com/ScumBots/status/1231132845567025152

41.242.125.159:9326

# Reference: https://twitter.com/ScumBots/status/1231146688389242881

46.19.138.139:8080

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.11/relations

45.66.250.11:443
45.66.250.11:80

# Reference: https://twitter.com/ScumBots/status/1232300541243535364
# Reference: https://www.virustotal.com/gui/ip-address/209.97.190.80/relations

209.97.190.80:80

# Reference: https://twitter.com/ScumBots/status/1232427628751179778

2.58.47.203:51022

# Reference: https://twitter.com/ScumBots/status/1232842863211315202

empire.hillsclerk.us

# Reference: https://twitter.com/ScumBots/status/1232864255902470145

203.132.95.52:4444

# Reference: https://twitter.com/ScumBots/status/1233415444608036870

45.77.65.211:443

# Reference: https://app.any.run/tasks/e84e3cdc-9ba0-4756-ab1d-fcd49627310a/

3.19.3.150:19011
3.19.3.185:19011

# Reference: https://app.any.run/tasks/41e07e9b-b2c7-4a68-a753-bac8af8b5129/

18.223.41.243:19011

# Reference: https://app.any.run/tasks/7f128fa7-fb0d-4dee-9030-838756962045/

3.17.202.129:16276

# Reference: https://app.any.run/tasks/a24f9f91-7f49-4c39-9fd7-a201823e0dd3/

18.223.41.243:17037

# Reference: https://app.any.run/tasks/be1bef6c-d7e1-48bd-8615-36ae937e5149/

51.79.13.195:443

# Reference: https://app.any.run/tasks/d28a0271-4c99-41db-b465-6b8f491be0f7/

18.188.14.65:17085

# Reference: https://app.any.run/tasks/b2e3dce5-0431-49b8-bfa9-755ede26669f/

3.17.202.129:17085

# Reference: https://app.any.run/tasks/45c2192e-d4aa-4c9f-8023-df08ce3fe263/

18.223.41.243:17085

# Reference: https://app.any.run/tasks/caee7291-f505-434f-9776-f3823f800924/

3.19.3.150:19926

# Reference: https://app.any.run/tasks/614143b4-f937-4440-a6fa-75104cbe3749/

3.19.3.150:17085

# Reference: https://app.any.run/tasks/371b7c11-6ca7-4b47-9c7f-3fb2a2925778/

18.223.41.243:19926

# Reference: https://app.any.run/tasks/b78b0de3-6fec-48ed-8fec-2b89eded1ccf/

18.223.41.243:12297

# Reference: https://app.any.run/tasks/4d8c492a-5e93-44a2-ae25-de5b0c42995a/

3.19.114.185:19926

# Reference: https://app.any.run/tasks/3fc8bb68-e8c2-4fa7-933b-f4d2f3311f86/

3.19.114.185:12297

# Reference: https://app.any.run/tasks/ff1c77ac-741d-4fe3-88f2-078703b8b554/

3.19.3.150:13705

# Reference: https://app.any.run/tasks/2b671d09-a141-4182-89fc-8b22f82ce17c/

18.188.14.65:18003

# Reference: https://app.any.run/tasks/919c78ff-42e7-4a31-bf86-e049acd51087/

3.17.202.129:18460

# Reference: https://app.any.run/tasks/20629c84-f053-43b8-92f6-a5ac72e0ec0e/

3.19.3.150:14975

# Reference: https://app.any.run/tasks/8042e101-7155-420d-9341-d3465ca67200/

5.199.167.188:443

# Reference: https://app.any.run/tasks/02bec560-ffa8-4dd1-a454-0ed53a8e5477/

18.223.41.243:17697

# Reference: https://app.any.run/tasks/d32fdbff-318b-47f7-a4fb-b6a0ea43dd31/

45.147.230.255:443

# Reference: https://app.any.run/tasks/27766850-f078-4c83-b3b9-efb0555102a5/

95.179.223.7:443

# Reference: https://app.any.run/tasks/1f8f95bd-c468-44df-a85d-a12db4b6bec5/

23.227.207.185:444

# Reference: https://app.any.run/tasks/4bcf6d77-73c1-474b-880d-8336b4e2b684/

5.252.176.28:443

# Reference: https://app.any.run/tasks/47215b69-0652-4d00-a3b7-b0105d8bc6f8/

154.194.3.229:443

# Reference: https://app.any.run/tasks/56966ffa-ce51-43ee-b0f3-ea4d7255700b/

106.13.161.43:8008

# Reference: https://app.any.run/tasks/dbabc592-e5ba-4aac-baa2-cab401522d58/

108.62.141.34:443

# Reference: https://app.any.run/tasks/41364a08-e861-4c8b-8667-191853c31580/

91.214.124.64:443

# Reference: https://app.any.run/tasks/ee44f6c0-2aeb-4850-ae2f-3ffdba532096/

79.137.36.9:4444

# Reference: https://app.any.run/tasks/40c32568-72c6-49fe-b168-a9dbe611d15a/

37.48.83.137:443

# Reference: https://app.any.run/tasks/41511d60-4804-4d84-83d8-b17b58e8d119/

47.95.210.165:8088

# Reference: https://twitter.com/ScumBots/status/1235898016126636032

amazn.cloud

# Reference: https://twitter.com/ScumBots/status/1237294702384291840
# Reference: https://www.virustotal.com/gui/file/2fce54f19cc11e9bea9a18952cae872d43d22bfba1e3bbb393ed9a94cd41ac0e/detection

manulife.ca-syschk.net

# Reference: https://twitter.com/James_inthe_box/status/1237491709824516096
# Reference: https://twitter.com/ScumBots/status/1237494768000614400

107.4.90.214:666

# Reference: https://twitter.com/ScumBots/status/1237851828500365317
# Reference: https://www.virustotal.com/gui/file/6c97dbef34d64b48f0f774e458bbc25f38b902b3c2f3e819e3b276c781511603/detection

newsrecordmusic112.monster

# Reference: https://twitter.com/ScumBots/status/1237898455797792769

185.92.74.29:35555

# Reference: https://twitter.com/ScumBots/status/1237898529734967298

185.211.245.139:8744

# Reference: https://twitter.com/ScumBots/status/1237898605979025409

ahost.rythmstick.net

# Reference: https://twitter.com/ScumBots/status/1238045901559607296

3.120.130.166:4444

# Reference: https://twitter.com/ScumBots/status/1238198152789966850

217.182.54.208:5490

# Reference: https://twitter.com/ScumBots/status/1238427161482211328

77.72.131.69:443

# Reference: https://twitter.com/malwrhunterteam/status/1238433863862550535

34.217.82.194:4444

# Reference: https://twitter.com/ScumBots/status/1238564315239768065

68.202.129.2:444

# Reference: https://twitter.com/ScumBots/status/1238761868623306752
# Reference: https://twitter.com/StopMalvertisin/status/1631629929845764097
# Reference: https://www.virustotal.com/gui/file/a21154a8f1e40e4c15a68c15c1fd3d0b2f2d227c55d328c05425c19f97a825cc/detection

3.90.140.45:8080
35.170.96.22:8080
54.80.171.208:8080
emp.fourhorsemen.tech

# Reference: https://twitter.com/ScumBots/status/1238764388259168257

bankingadvice.net

# Reference: https://www.virustotal.com/gui/file/daab59d033ea03ebeb8a80666895c703f84be5e55d0652d28018c38419b0b1b7/detection

79.134.225.87:7519

# Reference: https://twitter.com/ScumBots/status/1239777308426350592

LostSec.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1239831415941988352
# Reference: https://www.virustotal.com/gui/ip-address/83.171.237.192/relations

83.171.237.192:443

# Reference: https://twitter.com/ScumBots/status/1239828901699948544

185.189.183.47:443

# Reference: https://twitter.com/ScumBots/status/1241030568860672000

78.98.10.243:6969

# Reference: https://twitter.com/ScumBots/status/1241330107983237120

193.161.193.99:48650

# Reference: https://www.virustotal.com/gui/file/0102a1e5c866802c447fd541a064deb0649989766797fce6c66710661644a2ae/detection

3.135.90.78:19505

# Reference: https://twitter.com/ScumBots/status/1242039722723196928

185.244.30.75:5544

# Reference: https://twitter.com/ScumBots/status/1242403412077096961

youtube-au.com

# Reference: https://twitter.com/ScumBots/status/1242561911541182464

45.147.229.143:1499

# Reference: https://twitter.com/ScumBots/status/1243837813843537920

3.90.140.45:8080
emp.fourhorsemen.tech

# Reference: https://twitter.com/ScumBots/status/1243842847016615936

3.133.136.228:8080

# Reference: https://twitter.com/ScumBots/status/1243835299656056832

195.2.92.129:8080

# Reference: https://twitter.com/ScumBots/status/1243832784256487424

119.28.226.59:8080

# Reference: https://twitter.com/ScumBots/status/1244671656490078211

193.161.193.99:25820

# Reference: https://twitter.com/ScumBots/status/1244679610975105033

193.161.193.99:59646

# Reference: https://twitter.com/ScumBots/status/1244677096301105153

193.161.193.99:5555

# Reference: https://twitter.com/ScumBots/status/1244671587292532738
# Reference: https://www.virustotal.com/gui/file/871931280a302e93984da3c771823100ac5bba0d8f57b0fb9311966f58563de3/detection

139.162.161.211:11320
139.162.161.211:12130

# Reference: https://twitter.com/notajungman/status/1245737937419079680
# Reference: https://app.any.run/tasks/92024127-dfc1-43eb-8f67-f06cd80c473a/

us.palodevops.com

# Reference: https://www.virustotal.com/gui/file/03dd215f9bea6267537736d045f61cd1168e18a1e713550a5d4b847a8dbd563d/detection

171.5.183.76:2516
171.5.188.210:2516
flukez.ddns.net

# Reference: https://twitter.com/ScumBots/status/1250583513147064321

pastebin-sucks-now.biz

# Reference: https://twitter.com/ScumBots/status/1251780150959788032

134bd4b7.ngrok.io

# Reference: https://www.virustotal.com/gui/file/7829b5e1783d04dbbf18d2f482ca5a231c706b06183d53138c8561b0f60d1101/detection

141.255.154.68:4444

# Reference: https://www.virustotal.com/gui/file/86fca38ef2f17c94467cacf4a016c4f1e72d43ca847b99ee04244a4395029892/detection

77.223.232.41:8080

# Reference: https://twitter.com/ScumBots/status/1257468572051353605

sumo.twcug.net

# Reference: https://twitter.com/ScumBots/status/1257510386238177281

162.241.114.106:443

# Reference: https://twitter.com/ScumBots/status/1257510600827121667

3.19.3.150:18415

# Reference: https://app.any.run/tasks/cdb3201c-b063-436f-872a-7527ec118ed9/

41.141.56.139:4444

# Reference: https://twitter.com/ScumBots/status/1258790257610424321

93.26.183.236:4444

# Reference: https://twitter.com/ScumBots/status/1258817981817196544

45.132.73.167:8443
macloud.xyz

# Reference: https://twitter.com/ScumBots/status/1259090833191702529

3.17.202.129:11868

# Reference: https://twitter.com/ScumBots/status/1259699832136052741

3.137.63.131:19019

# Reference: https://twitter.com/ScumBots/status/1260003082605416448

46.21.147.111:443

# Reference: https://twitter.com/ScumBots/status/1260420191453941760

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/aa4c0c3573390beac0d610b51e665dddd3067593b9e3e642b84a84f08362591d/detection

microsoft-support.servehttp.com

# Reference: https://twitter.com/ScumBots/status/1260854950021812224

52.137.10.66:8080
frogoveryoureyes-2.workisboring.com

# Reference: https://twitter.com/ScumBots/status/1261694398456385536

58.186.22.82:3189

# Reference: https://www.virustotal.com/gui/file/5af0920fe7e468368563aed81c3f8bf00124a8480f2cd42cb9f3ab90229cd485/detection

utils.oss-cn-beijing.aliyuncs.com

# Reference: https://twitter.com/ScumBots/status/1263936676969275393

18.188.14.65:15252

# Reference: https://twitter.com/ScumBots/status/1263935061122039816

3.19.3.150:16128

# Reference: https://www.virustotal.com/gui/file/73f27d0736457997141cde9bbedfa5e7f5a3706282d1999e00f8b1629ee5797a/detection

starpingisd.net

# Reference: https://twitter.com/ScumBots/status/1264926396155154432

3.20.98.123:10343

# Reference: https://twitter.com/ScumBots/status/1265588641168003072

3.19.3.150:10038

# Reference: https://twitter.com/ScumBots/status/1267184160013275137

3.137.63.131:12405

# Reference: https://twitter.com/ScumBots/status/1267184230142029827

3.137.63.131:16051

# Reference: https://twitter.com/ScumBots/status/1270078224119345157

netconnect.online

# Reference: https://twitter.com/ScumBots/status/1270465776164757504

52.47.122.36:443

# Reference: https://twitter.com/ScumBots/status/1270882271625711616

91.241.19.50:441

# Reference: https://www.virustotal.com/gui/file/53f796dbbffb542e42082913b54de4550fafe2e2b0c14194a4ef3ac6ad297089/detection
# Reference: https://app.any.run/tasks/0226a288-c2c5-4ff6-b6fb-cffbd18450f7/

ostrykebs.pl

# Reference: https://twitter.com/malwrhunterteam/status/1271160638342127618

/powersploit-payload

# Reference: https://www.virustotal.com/gui/file/e008999f37b5eacb30d9f8df95a774a92caca1de9d4eb0444f63fe28b85ea9a3/detection

122.178.241.198:4444
topsideduck.ddns.net

# Reference: https://www.virustotal.com/gui/file/6a60f839ad4e0feb6528840ead34f680cb975c13c1e6e4e9a5d132eb24992928/detection

82.137.218.185:4000

# Reference: https://twitter.com/ScumBots/status/1272933338345586690

217.129.59.131:443

# Reference: https://twitter.com/ScumBots/status/1272967268713082881

http://18.231.21.238

# Reference: https://twitter.com/iamwinstonm/status/1273195438619967489

http://185.244.149.202

# Reference: https://twitter.com/ScumBots/status/1273509581734502401

3.13.191.225:10360

# Reference: https://twitter.com/ScumBots/status/1273793952114753537

3.20.98.123:16853

# Reference: https://twitter.com/ScumBots/status/1274873568388620288

3.20.98.123:19779

# Reference: https://twitter.com/ScumBots/status/1274876086254473225

3.21.60.148:17272

# Reference: https://twitter.com/ScumBots/status/1274879860339544064

51.79.158.48:4141

# Reference: https://twitter.com/ScumBots/status/1274951580119371776

3.19.6.32:16555

# Reference: https://twitter.com/ScumBots/status/1274954097775579142

3.21.60.148:19960

# Reference: https://twitter.com/ScumBots/status/1274954166981582850

3.21.60.148:19760

# Reference: https://twitter.com/ScumBots/status/1274959133687656448

3.137.63.131:16057

# Reference: https://twitter.com/ScumBots/status/1275165640148557825

3.13.191.225:28288

# Reference: https://twitter.com/ScumBots/status/1275238473767755776

3.135.90.78:16604

# Reference: https://twitter.com/ScumBots/status/1275515779828584449

3.13.191.225:1337

# Reference: https://twitter.com/ScumBots/status/1275637659482959873

3.17.117.250:1337

# Reference: https://www.virustotal.com/gui/file/2ff79bdaf50e36f7f2f37506ce0ad1e9fafc4d8d40073cedcf050ddb7ce87539/detection

91.241.19.50:27119

# Reference: https://www.virustotal.com/gui/file/7f9390b993605ce2f1097533422e8d6bc43ca2e5d878dd44fdcd6e456f027d71/detection

91.241.19.50:443

# Reference: https://twitter.com/ScumBots/status/1276310538809675777

bot.ruptur88.cf

# Reference: https://twitter.com/ScumBots/status/1276277332752437248

148.101.44.115:3306

# Reference: https://twitter.com/ScumBots/status/1276265872366149633

3.18.75.105:15008

# Reference: https://twitter.com/pmelson/status/1276531571231789058

5.199.174.204:9443

# Reference: https://twitter.com/ScumBots/status/1276773591649042433

195.206.105.52:5389

# Reference: https://app.any.run/tasks/1337bdde-7564-493f-b5a1-57fdbec6cc5c/

http://45.129.96.110

# Reference: https://twitter.com/ScumBots/status/1278940366658568192

3.17.117.250:16240

# Reference: https://twitter.com/ScumBots/status/1278963016621580288

139.155.2.101:8081

# Reference: https://twitter.com/ScumBots/status/1278767101864542208

52.151.2.106:8888

# Reference: https://twitter.com/ScumBots/status/1278600633394880512

23.105.221.34:4443

# Reference: https://twitter.com/ScumBots/status/1280229759843172353

loljumbo.serveousercontent.com

# Reference: https://twitter.com/ScumBots/status/1281078730627198976

94.156.189.220:6522

# Reference: https://www.virustotal.com/gui/file/0503b17fb6673ab7adf3c53405f8d9bca2a1666f890f01e7fc170eec64264e94/detection

3.19.6.32:11642

# Reference: https://twitter.com/ScumBots/status/1281279531559649287
# Reference: https://www.virustotal.com/gui/ip-address/206.189.151.95/detection
# Reference: https://www.virustotal.com/gui/domain/webupdate.live/relations

netconnect.online
upserver.ml
webupdate.live

# Reference: https://twitter.com/ScumBots/status/1281678408863420417

94.156.189.220:6530

# Reference: https://twitter.com/ScumBots/status/1282010599027814400

185.244.213.8:443

# Reference: https://twitter.com/ScumBots/status/1282614578258550784

3.18.75.105:16334

# Reference: https://twitter.com/ScumBots/status/1282783188620845057

94.156.189.220:1959

# Reference: https://twitter.com/ScumBots/status/1283213525645754369

3.20.98.123:10593

# Reference: https://twitter.com/ScumBots/status/1283548228315750401

193.161.193.99:52614

# Reference: https://twitter.com/ScumBots/status/1284099360813391872

77.255.61.191:4444

# Reference: https://www.virustotal.com/gui/file/c67706504a82f8ffb08ad9a011b987c56748a2edeeeaf7b350e152a7c412352a/detection

172.94.59.115:4444

# Reference: https://www.virustotal.com/gui/file/25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30/detection

104.244.78.10:443

# Reference: https://www.virustotal.com/gui/file/cb0a57a9de876adec68084482dd819110c38e3a7ea30c2ff9bffa7eb2275280b/detection

versageshops.best

# Reference: https://www.virustotal.com/gui/file/45116c476093055ac6bb414c6270b76f2988e0af05ee3eb3943a5eb36271a0d7/detection

122.171.58.94:8885

# Reference: https://twitter.com/JAMESWT_MHT/status/1287660192579162112
# Reference: https://app.any.run/tasks/1cb4244e-4887-429c-a1a3-447ff6464994/

64.188.22.106:443
office-update.net

# Reference: https://twitter.com/ScumBots/status/1287763508952739844

34.90.230.177:443

# Reference: https://www.virustotal.com/gui/file/225f7d3a59452bab7b07882f4b09643d6f0c32d8efdb89a7602f5dc0070c0c32/detection

94.140.114.160:61262

# Reference: https://www.virustotal.com/gui/file/b4d465a5d1f9a9b57ac91eff7b2e622f6d596617b62797d14efbd721d3b5dc74/detection

195.54.160.115:8018

# Reference: https://twitter.com/InQuest/status/1289636542621908992
# Reference: https://www.virustotal.com/gui/domain/divineleverage.org/relations

divineleverage.org/12.msi
divineleverage.org/4.php
divineleverage.org/6.msi
divineleverage.org/de.php

# Reference: https://www.virustotal.com/gui/file/cbc445b76e9b4364088442abb6f4af3ca70b242e462f66a974dbfebce94b6a81/detection

3.17.117.250:443

# Reference: https://www.virustotal.com/gui/file/a3585d049877144fec5ba1fcaba028ecedb05ab46a174d6ef5105351e5a66579/detection

supercombinating.com

# Reference: https://www.virustotal.com/gui/file/f8276187bbb6dc1523b2f7619b3905466cacb6a58e5d335257fd29e9b0dd8253/detection

213.87.133.142:443

# Reference: https://www.virustotal.com/gui/file/21c5b859c59ef1997f0135552d068d41646fa478bbde43302ccbcf9d8e432aeb/detection

193.34.166.103:443

# Reference: https://www.virustotal.com/gui/file/9c676f263a4eaf2057f657cbd63af106b3d22dda5ed37c55152e4dc9f6ea6769/detection

142.93.56.217:2905

# Reference: https://www.virustotal.com/gui/file/6db020f21e1544eca23093995b6eae7e8b031b65bfe2eca9f4d8dc73b30c7b79/detection

142.93.56.217:4443

# Reference: https://twitter.com/sysopfb/status/1288160992124444672
# Reference: https://www.virustotal.com/gui/ip-address/106.53.232.176/relations
# Reference: https://www.virustotal.com/gui/file/c5eee3c38b0ce6c869cd46ade783ab5ef09a30f08d7f8ddf8870de2d04068e74/detection

106.53.232.176:443
bobohacker.oss-cn-shenzhen.aliyuncs.com

# Reference: https://www.virustotal.com/gui/file/9e7885743e15912ab7284edfe9ef1113d7fc65568a12e1b96ac010598afa9fde/detection

49.235.144.34:4433

# Reference: https://www.virustotal.com/gui/file/d09e55ea3fbae604c29e6ef25247a3273c66044218a6a28fa79abcaa84f10be0/detection

49.235.144.34:8899

# Reference: https://www.virustotal.com/gui/file/e4ea5efc8a9511bb51d35f25a76e35ff941877252a4d3f043f3547c63d176ddf/detection

91.232.105.248:1337

# Reference: https://www.virustotal.com/gui/file/7150ef5a8c8381c68e7e305fb5b370a34bfcfa144aa8c138f04cc9e39080daf9/detection

18.222.239.205:7000

# Reference: https://www.virustotal.com/gui/file/c6ed0ba7acc1ba9ebc7de487f92d8232528be6b0dd7765bf35e0c4161a386d97/detection

206.189.70.79:9876

# Reference: https://www.virustotal.com/gui/file/bd914aba1523c1bec3c5bc7d4918f7163ac6e4f7b7778b383ac934a0644061e6/detection

81.184.61.235:2121

# Reference: https://www.virustotal.com/gui/file/ef70ffeb0ca757c688f8d3f0d5cb2a712b29778ec2c04e1b78f6fd4d31a84bb3/detection

67.43.224.135:443

# Reference: https://www.virustotal.com/gui/file/c6ed0ba7acc1ba9ebc7de487f92d8232528be6b0dd7765bf35e0c4161a386d97/detection

206.189.70.79:9876

# Reference: https://www.virustotal.com/gui/file/71fcfac0eb853bfd9be99ff5ecc2c127bfc78c4248097fd705f8f5a5ade426fb/detection

52.14.61.47:17239

# Reference: https://www.virustotal.com/gui/file/fbfbf239d27dc218c156510a471fd72b83f04aef36deea1c05ff7f7646953f20/detection

185.212.227.247:1333

# Reference: https://www.virustotal.com/gui/file/108b68986924bf60cc39da01a2f140aa6ddeec056df099cf4a73abfbcdc08930/detection

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/90e0ce066f5ad7b902a24872aaaf4769996753ce5ee1b407e5db432fd4c471a2/detection

191.242.111.2:1515

# Reference: https://www.virustotal.com/gui/file/bdf90a891969cd8ed146efd7ac19a9b9cd976eb4dbbaf90c6c08a387acfb5e0b/detection

172.105.28.98:1443

# Reference: https://www.virustotal.com/gui/file/d1fe07320067c3ab75a7ca30741116974880c885437760eecaff8623a21baa56/detection

360lab.ddns.net

# Reference: https://www.virustotal.com/gui/file/4bcab93f768c19811b4fd1069f791c10b16b4a9e126faccfe2f3f2b3256d12e5/detection

49.235.23.236:9999

# Reference: https://www.virustotal.com/gui/file/d7542afc77f35b98bba90a89c38fab550ec536a3fb57fe24d362fa301ebc3ac2/detection

62.171.159.243:3333

# Reference: https://www.virustotal.com/gui/file/44e50b2c62d637e3247c79e88f7af40c4f0bb77eb91c91a83dfa80e95720548f/detection

45.76.209.19:443

# Reference: https://www.virustotal.com/gui/file/ec59dc742452c5fe33489183f03bdd40ecc179642f0c393d16e327d61cae94ba/detection

45.76.209.19:4444

# Reference: https://www.virustotal.com/gui/file/14ffe076ac8cdb3d6f780adf09d743299e9ebec5699b533f64920ef5b7596184/detection

google34.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/f5e69036674045c33682c568993d0c1f287640c85d85deaed7d607fdf72f5666/detection

5.34.180.171:456
rostelekom.pw

# Reference: https://www.virustotal.com/gui/file/3f3a5568991c970cbf9378bd29f86413c39202091aa9d58fa5b67213576c5774/detection

79.134.225.46:2309

# Reference: https://www.virustotal.com/gui/file/be63a303af673f5c03b02107af3a7ac1bac102c3b75f8a11b8e04256a58ab327/detection

52.15.194.28:19286

# Reference: https://www.virustotal.com/gui/file/ead07ee3695925a1b79eafe57bfb023a54254848e68031afa7459f87d14361ec/detection

185.82.217.66:8787

# Reference: https://twitter.com/ScumBots/status/1299191823106215937
# Reference: https://www.virustotal.com/gui/file/189a21b97949a56e32797c3ce37db2624551190073e61194d98736e843e6977f/detection

aigoodojoqu5oopae3ee.sitestill.space
goosh5wie8oa1oov2viw.sitestill.fun

# Reference: https://www.virustotal.com/gui/file/a768b19d3fd1c0f043cc24119c366efdd0e4a0a8483dd9759d2a6a568de6d2ae/detection

185.205.210.179:4321

# Reference: https://www.virustotal.com/gui/file/9f749f0c696c948a80ff3cbea061f0326990925ae32aecc905fe95533518d604/detection

185.205.210.179:6341

# Reference: https://www.virustotal.com/gui/file/22bb3e8141a415f83bca4e2dd8b4bf6413a47e4ee5e38131c4c5b8349f21ee0b/detection

92.42.14.133:443

# Reference: https://www.virustotal.com/gui/file/b301db6b72a2196f99e3da577bd47b724af5d219c192ac2ed921179c0b015592/detection

3.19.6.32:443

# Reference: https://www.virustotal.com/gui/file/4ea106c4e2f1b9a56c00ce01b9a1c941e2f9fdb8df9ff6e91fad93ea81eddcc2/detection

3.21.60.148:14067

# Reference: https://www.virustotal.com/gui/file/c380f48e3d649b6a44b05134108a8c79536f289240e9ed9135e35dadffb6c350/detection

47.99.211.221:8011

# Reference: https://twitter.com/ScumBots/status/1302012841059287043
# Reference: https://www.virustotal.com/gui/file/ba00ffb4b8242f1ad034374a374cf2a9c693cf26b2ba0aa14d1c499e94f4a698/detection

76.21.118.155:4444

# Reference: https://www.virustotal.com/gui/file/f69b1d7998fb00503dea99fa02e19fd61fd1cac2dc84226b86e9d321a51563da/detection

193.109.85.11:8080

# Reference: https://www.virustotal.com/gui/file/6fdc5cc3cbc299f8473d365c87a2fc74813835e7cd4a56ea8b463a9b897936d3/detection

3.239.85.50:8

# Reference: https://www.virustotal.com/gui/file/9f3014f373a5ef6939b7553b770932e57d3dd56225162e4a7134824dd290a37f/detection

3.131.123.134:17759

# Reference: https://www.virustotal.com/gui/file/bb2beae5059a34febd4e88b9cec4167c90d75809debe57848638f26847d7c07f/detection

192.243.108.143:8080

# Reference: https://www.virustotal.com/gui/file/77c48346e04d756712f68db858f7a4e9fcc54bb7681560e9769f741fa55795d8/detection

Rezureax123333-50626.portmap.io

# Reference: https://www.virustotal.com/gui/file/05d75b372218a5c28b3c47f591f969a59714a5fadbc4b9bd4d18611c76920c66/detection

185.150.117.78:443

# Reference: https://www.virustotal.com/gui/file/fb49d3c2488b86be9ea13014a95b87b4e08582511bea1432e100c1d31e39175c/detection

35.182.213.89:443

# Reference: https://www.virustotal.com/gui/file/674be83562be595dbdf31801b9b0f141cef5ef52e23a982a011c175607ae5342/detection

3.134.125.175:17186

# Reference: https://www.virustotal.com/gui/file/79e27ceee57607cbc60ffbc772f01a654b40cd5491553c3cb544d06c3f0f7941/detection

3.130.209.29:13544

# Reference: https://www.virustotal.com/gui/file/102e9f1bffbed86cbbdd383c24c0f4339ab33fc2da0d3cc935237ce127a5e123/detection

38.132.99.165:443

# Reference: https://www.virustotal.com/gui/file/f83e23d630554a3b6db9378964a0a7161ef354cd41d39566b595c86b83a79dcb/detection

45.227.255.171:443

# Reference: https://www.virustotal.com/gui/file/b87336d536c68362ac710bc6ab411965747ec2cd60036292d8ab5f469183acb7/detection

172.241.29.12:443

# Reference: https://www.virustotal.com/gui/file/8db15f541e5b5de82eb55c2fb1720c399d2660a6739255bf1a03763a24fb7586/detection

148.72.176.8:1312
windown-network.myq-see.com

# Reference: https://www.virustotal.com/gui/file/2d631a0a33e915ac3e401d563928a4a7e6d521a8a6be201842b136a86651c846/detection

15.188.8.184:4444

# Reference: https://www.virustotal.com/gui/file/996193e0dcfb60760d7c92527ddec506a8935ad4b42e7fa5ae43bf9e92fe6c4a/detection

71.142.245.190:4444

# Reference: https://www.virustotal.com/gui/file/353f5ffbc3a9c6da2b6d12e3cd1ae99f87e49437375ed2774bcecf9c1515746d/detection

84.238.38.219:1024

# Reference: https://www.virustotal.com/gui/file/f35286de33f3de43806610d65219afb60338e8efb7fa1cb8de5620ddc71bf478/detection

45.227.255.189:443

# Reference: https://www.virustotal.com/gui/file/dae5abc6158c84e826975c7cad786bef9ed4e8c21920ede7d4a71ff6d7d84ab2/detection

104.225.157.144:9000

# Reference: https://www.virustotal.com/gui/file/7459887fba5dea90da46008690a5fee008597a901d7d32754139a2045dced180/detection

92.38.152.45:80

# Reference: https://www.virustotal.com/gui/file/81c87fa0c8cb5d844791509523cd00e98fee1657293c2c62e2e0f73efafe8937/detection

193.161.193.99:59494

# Reference: https://www.virustotal.com/gui/file/817dc0cc93600e2dd0fd49a78f1ddfad61da80a590774841dc15236d82f223fa/detection

160.119.79.88:443

# Reference: https://www.virustotal.com/gui/file/467bfaa6e5d3d29684c964dad40fca99e85dcdeef7ebb2580010d9e61e5b4e7d/detection

39.105.179.187:4400

# Reference: https://www.virustotal.com/gui/file/f55c4c8016756c63c772524c51961821157a07b4febc196cf7a635e36f74b7da/detection

141.105.66.240:8441
h0pe1759.ddns.net

# Reference: https://www.virustotal.com/gui/file/e19485415d49798547753a9fab67bd6a7c0ab0a234b4366f65dd85621838c4c8/detection

1.202.156.1:39999

# Reference: https://www.virustotal.com/gui/file/4067b40f3381b90f611399555f2cac36cd571dcb42fcca91be906489f0c29bf1/detection

http://45.146.165.219

# Reference: https://www.virustotal.com/gui/file/8f0215a8677cc41794519ca18fcc4ea00b9f9080962508d3d7a8f6a7f3d7992f/detection

http://91.241.19.21

# Reference: https://www.virustotal.com/gui/file/3c68ccfd70614ba27c88a1300d3a3401719e2282ead93c1f2f9a02a296e6654a/detection

52.14.18.129:11429

# Reference: https://www.virustotal.com/gui/file/8915f63fdecfcc72e43af78bf188f390ca485ed8f05e34481eee7334c48682b9/detection

199.195.253.79:4242

# Reference: https://www.virustotal.com/gui/file/d8b8be152f7587e115e3e083814837031cb97af56b576e479e1e4fb0ad46323a/detection

193.161.193.99:22898

# Reference: https://www.virustotal.com/gui/file/0b8c09c5a62155c82d499601b3725574fec04b077ee0d9972de330f53e007c64/detection

ns.vvwvv.tk

# Reference: https://www.virustotal.com/gui/file/967a6a41410fd7c6a9aefb86dbe31a184a2b27357e8d19e4a807e227ba9029eb/detection

156.209.144.96:4455

# Reference: https://www.virustotal.com/gui/file/6772f63826584c7cccf747b80735bdc8d76bf4fd76369a5af3d9d67443befbb8/detection

156.209.206.200:4455

# Reference: https://www.virustotal.com/gui/file/94838b74b218eef0bab19cb5cd58cda81ced3006382be914ceeb4b52c861e96b/detection

115.159.119.89:80

# Reference: https://www.virustotal.com/gui/file/ffa2e985e7598a092b2d61a66269965c162d5286c7f4b630ffbe7ac640a2f598/detection

109.59.118.171:4444

# Reference: https://www.virustotal.com/gui/file/6e79a451bfdc2c16b72e44c537de4efcb54d355f53d0054a11652e5c800fd2fa/detection

106.10.106.0:443

# Reference: https://twitter.com/pmelson/status/1336835181387374599
# Reference: https://www.virustotal.com/gui/file/411a3098347a34cc46f681cd855b152386da064d625e0f418de92a7cdcf7b94c/detection

47.111.13.98:80

# Reference: https://www.virustotal.com/gui/file/971adad65b31ac9ca6ea3c3a5085ce2bc1f27004250bf18e87da2bd6dfea090b/detection

193.161.193.99:4884

# Reference: https://www.virustotal.com/gui/file/5684fa5e0b0aad1e253dca7cc71b6d5092731d29887a22d65546d84d170dc5e7/detection

193.161.193.99:36555

# Reference: https://www.virustotal.com/gui/file/f5b943d0135ca0030092231df4a90c4011a878467c16b6f08e21892af1195475/detection

104.28.10.8:2052

# Reference: https://www.virustotal.com/gui/file/369c7f4ef0ca549b6d3ed4b11c9d069836414300f5903c19091072ceba8a3062/detection

3.89.39.190:4141

# Reference: https://www.virustotal.com/gui/file/7c35885540eacc15930b1f9cdd2541d69a299d0dc89bd7e5764213986916a908/detection

3.131.147.49:19910

# Reference: https://twitter.com/James_inthe_box/status/1338971736016969728

3.133.107.218:3131

# Reference: https://www.virustotal.com/gui/file/d64454bde412b0a7f7f1b9fa413a39ae0e6cf1f8a42ee120d757eaabf8c22033/detection

192.16.0.12:4444

# Reference: https://www.virustotal.com/gui/file/6ef17302c43f67aa1b2c30d86d5b13e592a1abd5b5aa2cef9f21e5ed0f35cec1/detection

124.187.65.208:6606

# Reference: https://www.virustotal.com/gui/file/c2e6f2496ab549c258a1d004fb0c5548413c81f5a556611c369d93a75e3835be/detection

185.205.209.3:443

# Reference: https://www.virustotal.com/gui/file/2b18ab922508b1702b7e6735d16cd3df3260da225ed7436507b329f6f23b43c8/detection

106.75.81.232:12345

# Reference: https://www.virustotal.com/gui/file/aeabd843be9c686bb4db7d720329862c1a6b3c428424f6aec3f6d119c6a70675/detection

5.167.22.68:8080

# Reference: https://www.virustotal.com/gui/file/c24f81c9d092c6c54f2909d6510cab0c0ea0cb6da78f90118bc3f623d5b09e93/detection

47.115.171.255:443

# Reference: https://www.virustotal.com/gui/file/83165474a39af396fbf927271d4f98c9d9567d696723c84ca4ceefbdedc51a72/detection

3.138.45.170:10730

# Reference: https://www.virustotal.com/gui/file/c06ceb893ead5ecb10aaed10c1f7ad8663981130f0fde5a8cbb86cc94200afe4/detection

151.0.0.54:4444

# Reference: https://twitter.com/ScumBots/status/1362431659728060421
# Reference: https://twitter.com/pmelson/status/1362432245152190465
# Reference: https://www.virustotal.com/gui/file/be6d55780cf2ec71310936d3ea31e8efb3d2ff0c21e1ce7d934a673b2d235655/detection

pterobot.net
scret1.ga

# Reference: https://www.virustotal.com/gui/file/d6a9d915eabf42f467fc6639717876cde95897ff42ffb20006ba9feb2f473c3a/detection

3.138.180.119:14119

# Reference: https://twitter.com/jhencinski/status/1367141043695742977
# Reference: https://www.virustotal.com/gui/file/ca9a59ec3f8f6c68b2faad832a163477f2a54870895ce81754ae9496739cb0a5/detection

http://86.105.18.116
86.105.18.116:8080

# Reference: https://www.virustotal.com/gui/file/70b8acf083e052ead5bfc43510d8b0c8f3d0a2d7111050cae5527e89e979e138/detection

18.207.38.244:9002

# Reference: https://www.virustotal.com/gui/file/38e4d4e5436fc2dc31cf37d13670b72a5a8f4319e36cc70436064eaa8a3aa219/detection

18.207.38.244:4444

# Reference: https://www.virustotal.com/gui/file/fb80cc96d1da0bb7f840dde51a602868d6c7b094560f034a204a417250e29cbb/detection

18.207.38.244:7878

# Reference: https://www.virustotal.com/gui/file/19ecc6e0e711913c85d0a0642972ca3a384084681b6cb9894a892669efce54e5/detection

45.33.100.49:4444

# Reference: https://www.virustotal.com/gui/file/45404167e89a4e85efb1b916509bc33e1d28347597051926fd18bbc33a1e350a/detection

185.153.199.102:19999

# Reference: https://www.virustotal.com/gui/file/26b52f93f1e317e82c10b4080a1b1ea257f73f34806722b8fa28d7ace6801eff/detection

45.33.100.49:443

# Reference: https://twitter.com/r3dbU7z/status/1371989287034585089

frostycitadel.xyz

# Reference: https://www.virustotal.com/gui/file/d06b6e85af0ab7ec12f7d5fba3a5ed87093a054a8c355fe4b908f51259e3f89a/detection

3.128.107.74:15257

# Reference: https://www.virustotal.com/gui/file/c1f6e9066d6253223b7a6b1f88992a05a79e54455125d1def4f9dc9e1f4e3c64/detection

3.138.180.119:15001

# Reference: https://www.virustotal.com/gui/file/b698123b562ed9646fe16d2d353191d8c79473b68c9d92de58a181f37b3c305e/detection

3.142.167.54:10274

# Reference: https://www.virustotal.com/gui/file/9ac9f3790d575e1afe3203ab45681b3e4e2d024dad4cba74825f05b3a8efabc6/detection

3.141.210.37:14956

# Reference: https://www.virustotal.com/gui/file/44a1ebcf5f3b564d8ba1b94b7f7bdd7dc731e098f98df602706848bfebe1a589/detection

8.9.6.228:4444

# Reference: https://www.virustotal.com/gui/file/08b08f269beab5f6bfcc046fbc3b2ba1d9df85b7d162ca0d4227390eac70aef8/detection

100.15.133.91:6002

# Reference: https://twitter.com/TheDFIRReport/status/1382313940533796865
# Reference: https://beta.shodan.io/host/136.244.100.210

136.244.100.210:22
136.244.100.210:443

# Reference: https://www.virustotal.com/gui/file/bf256c96ad1bebc4bd595ce59168c27beac3806a674243c4c90f9e08c1a11fec/detection

104.46.95.54:443

# Reference: https://www.virustotal.com/gui/file/98917a9aad6dc80c2ddd23f69ec8064c7e9940a6d9d095cad87a9257ea17925b/detection

75.141.150.74:1337

# Reference: https://www.virustotal.com/gui/file/289f2a019cad83a3014c7d25385f46b80a2bac195744c13129ef0aec3db7fe66/detection

103.146.74.4:2811

# Reference: https://www.virustotal.com/gui/file/972d78154aa35a9ac3c6d5f0cfbf70d3f2123239cb15ef04bd17c390b9d7186e/detection

141.255.152.226:2811

# Reference: https://www.virustotal.com/gui/file/ea01c860df4cb1f77eec64988ed6c24b076e86248c29443d5f2aed65974fe9f1/detection

141.255.157.246:1447

# Reference: https://www.virustotal.com/gui/file/63cc5e3a7fb07e88666fb8c2628971292e92801554ebad66b5e496aebca5124e/detection

182.2.164.147:1337

# Reference: https://www.virustotal.com/gui/file/eb8e24fb8118faf4b657686cae0f3dc367999e8632eef16104f69d84d6f241e2/detection

18.188.14.65:15739
18.216.53.253:15739
18.223.41.243:15739
18.224.144.66:15739
198.58.98.92:15739
3.13.191.225:15739
3.134.125.175:15739
3.134.196.116:15739
3.134.39.220:15739
3.135.90.78:15739
3.137.63.131:15739
3.14.182.203:15739
3.14.212.173:15739
3.17.117.250:15739
3.17.202.129:15739
3.17.7.232:15739
3.19.114.185:15739
3.19.3.150:15739
3.20.98.123:15739
3.22.30.40:15739
45.79.7.70:15739
45.79.9.205:15739
52.14.61.47:15739
52.15.183.149:15739
52.15.194.28:15739
52.15.62.13:15739
52.15.72.79:15739

# Reference: https://www.virustotal.com/gui/file/e2be06a6a516709ef11b6d2a3bab1cabb97cc38304b5bbd9450c140bb4db644a/detection

95.211.239.205:555
windows-srv.16-b.it

# Reference: https://twitter.com/TheDFIRReport/status/1387455318569988105
# Reference: https://beta.shodan.io/host/47.111.239.107

http://47.111.239.107
47.111.239.107:9443

# Reference: https://www.virustotal.com/gui/file/c08b712cae78d20d2f0f143a320098e722ffe6070b56b010f09c49edfb7c05ac/detection

159.203.228.45:443

# Reference: https://www.virustotal.com/gui/file/1cd6c84e68002428d5f593e38a37a8b96b73918633287b7d1c4c71b2eb9338f2/detection

13.58.157.220:17109
3.142.129.56:17109
3.142.167.4:17109
3.142.167.54:17109
3.142.81.166:17109
3.19.130.43:17109

# Reference: https://www.inde.nz/blog/different-kind-of-zoombomb
# Reference: https://tria.ge/210325-j85q1nwljj
# Reference: https://www.virustotal.com/gui/file/f547410bd2f0b667b640e350d7c8c55cd4c2f7249e534c02c63d824c87ee2454/detection

http://139.60.161.60
http://45.146.164.111

# Reference: https://www.virustotal.com/gui/file/47e22ff3a144d35cf9839c719009c65618dc3bdf027d151170a5c9882830fbc4/detection

151.80.70.31:4444

# Reference: https://twitter.com/TheDFIRReport/status/1392089649984774146
# Reference: https://beta.shodan.io/host/20.47.114.17

http://20.47.114.17
20.47.114.17:443

# Reference: https://www.virustotal.com/gui/file/16cdf36f2594d6980ef823f1f0405ffb6efaecf143ce790ea16cdf832858816e/detection

195.154.170.195:5555

# Reference: https://www.virustotal.com/gui/file/18539194e29621d4d23a1071b5ada043a71f59085d22c99193d1434e782810ab/detection

146.0.128.54:59498

# Reference: https://twitter.com/TheDFIRReport/status/1394257640851640323
# Reference: https://beta.shodan.io/host/46.101.235.245

46.101.235.245:443

# Reference: https://www.virustotal.com/gui/file/50e825a3a61e6f5fab0740c7ced94ac994d954b95df998fb06f6c11833863006/detection

3.136.65.236:10456

# Reference: https://www.virustotal.com/gui/file/6ce2400e5b6b0ee6feb5d868d89ced79c828b6bba5d837306e44a42f9bb2b952/detection

173.230.145.224:4444

# Reference: https://twitter.com/TheDFIRReport/status/1407322479664762890

207.154.205.192:443

# Reference: https://twitter.com/ScumBots/status/1413488183971663873
# Reference: https://www.virustotal.com/gui/file/bd292dd957afeb361a60e90239d84e03664a3d972934635ca7f5bd73a330cc01/detection

3.13.191.225:15328

# Reference: https://unit42.paloaltonetworks.com/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/

103.238.227.201:7788
104.131.154.119:8080
104.131.182.177:443
104.145.225.3:8081
104.233.102.23:8080
107.170.132.24:443
108.61.211.36:443
108.61.217.22:443
137.117.188.120:443
138.121.170.12:3031
138.121.170.12:3133
138.121.170.12:3135
138.121.170.12:3136
138.121.170.12:3137
138.121.170.12:3138
138.121.170.12:500
14.144.144.66:8081
145.131.7.190:8080
146.148.58.157:8088
149.56.178.124:8080
159.203.18.172:8080
163.172.175.132:8089
185.117.72.45:8080
187.177.151.80:12345
187.228.46.144:8888
188.68.59.11:8081
191.101.31.118:8081
192.241.129.69:443
197.85.191.186:443
205.232.71.92:443
212.99.114.202:443
23.239.12.15:8080
24.111.1.135:22
41.230.232.65:5552
45.63.109.205:8443
46.101.185.146:8080
46.101.203.156:443
46.101.90.248:443
46.246.87.205:443
50.251.57.67:8080
50.3.74.72:8080
52.28.242.165:8080
52.28.250.99:8080
52.36.245.145:8080
52.39.227.108:443
52.86.125.177:443
64.137.176.174:12345
66.11.115.25:8080
66.192.70.39:443
66.60.224.82:443
68.66.9.76:443
69.20.66.229:9443
84.14.146.74:443
84.200.2.13:8080
84.200.84.185:443
93.176.84.34:443
93.176.84.45:443
http://104.130.51.215
http://11.79.40.53
http://139.59.12.202
http://159.203.89.248
http://163.172.151.90
http://166.78.124.106
http://197.85.191.186
http://222.230.139.166
http://23.116.90.9
http://47.88.17.109
http://52.19.131.17
http://52.196.119.113
http://66.192.70.38
http://78.229.133.134
http://93.187.43.200
http://95.211.139.88
http://98.103.103.168
http://98.103.103.170
192.ho4x.com
ahyses.ddns.net
amazonsdeliveries.com
chgvaswks045.efgz.efg.corp
ciagov.gotdns.ch
dsecti0n.gotdns.ch
enterprizehost.com
host-101.ipsec.io
jdirving.email
kernel32.ddns.net
kooks.ddns.net
logexpert.eu
megalon.trustwave.com
metrowifi.no-ip.org
microsoft-invites.com
microsoft-update7.myvnc.com
mygoogle-analytics.com
pie32.mooo.com
polygon.1dn0.xyz
remote-01.web-access.us
rzepka.se
securetx.ddns.net
sixeight.av-update.com
sparta34.no-ip.biz
sukem.zapto.org
vanesa.ddns.net
wellsfargolegal.com

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/45.32.206.130

http://45.32.206.130
45.32.206.130:22
45.32.206.130:443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/46.101.104.95

46.101.104.95:443
46.101.104.95:8000
46.101.104.95:8443
46.101.104.95:9100

# Reference: https://twitter.com/ScumBots/status/1423468949774217219
# Reference: https://www.virustotal.com/gui/file/5dc6dfbc8044deb6a3745a29fa4e285f62f91fe2a73ca247272bfd539b75f128/detection

192.100.0.17:4444

# Reference: https://twitter.com/ScumBots/status/1438826396491595777
# Reference: https://www.virustotal.com/gui/file/dbc4e318ce40d4ebfda9f59438f8c13a1ac6f89c5e6ecf6acfebe818c1641676

130.193.41.58:443

# Reference: https://twitter.com/ScumBots/status/1457362285861736453
# Reference: https://www.virustotal.com/gui/file/ea6cbb61f0589f139f4a79652e820329b02a5017e2a3703e8e35e33c012c13f4/detection

18.194.132.191:443

# Reference: https://twitter.com/ScumBots/status/1462040606872592395
# Reference: https://www.virustotal.com/gui/file/c92a7f657301e496610ae9ff85e01fe8e60f1179cae6e062bfcfd191a4c0e30d

23.88.123.250:4444

# Reference: https://www.virustotal.com/gui/file/27a220a96badc097884262c8a9358aa84e41b322556e08d30b1eb9bd1b78f167/detection

185.146.232.30:1337

# Reference: https://twitter.com/TheDFIRReport/status/1467860126077911043

138.197.167.41:443

# Reference: https://www.virustotal.com/gui/file/2e92e5f45d575d43a0a1d21654e0691b6ea7b45da9761482095005b6611d8419/detection

115.186.187.80:1234

# Reference: https://www.virustotal.com/gui/file/a6ef8216979b8b7f8f033bbcba91b4cba9a8cead9c4553e0855cd51956f61efd/detection
# Reference: https://www.virustotal.com/gui/file/ed77c28f2115e221d32e032db915ddd4247b665aa28e9f391f96b1730a41a861/detection

45.146.164.160:4321

# Reference: https://www.virustotal.com/gui/file/4c2574de9f72209ee2e1e7fe23830746850170869af411bef2111c4097d5f8da/detection

24.135.12.28:8080

# Reference: https://www.virustotal.com/gui/file/9a1c09403bd04ba1af32df5ba156671814193bd9518129dfa14f707eae785378/detection

51.178.75.43:41200

# Reference: https://www.virustotal.com/gui/ip-address/185.112.146.165/relations
# Reference: https://www.virustotal.com/gui/file/c8f710f0a9c18d38a7ecf4ca6a9d28219c32037a643a1d45989831c0ec975048/detection
# Reference: https://www.virustotal.com/gui/file/c9d281b901ce339495a0c2984e79ceaaa8a769c79bd27d211026cba030e9f794/detection
# Reference: https://www.virustotal.com/gui/file/d2cdc57f4bde1e89d65db8201f240e626022e08df5be3f8fa585848c1119530a/detection
# Reference: https://www.virustotal.com/gui/file/21c14dfb477a1c4e005c56d1676aa5a90f9e08e1b0c07c486fb55f21e75e2621/detection
# Reference: https://www.virustotal.com/gui/file/b544e5581dbdca825eb07a15fa3bc7c208577e8489b620f479f96a792241efb3/detection
# Reference: https://www.virustotal.com/gui/file/4fdec157e4343619c671e3d722bf75baafe24a65cc60a45603eb720f1a503999/detection
# Reference: https://www.virustotal.com/gui/file/e93ea9ebfb97c8fdfe00ce405a14d661581c494c648827cdea6ba89089284df4/detection

185.112.146.165:4446
185.112.146.165:45000
185.112.146.165:8080
185.112.146.165:8081
54.38.220.85:123
badmildiou.com
nidhoggr.club
treefighter.org

# Reference: https://threatfox.abuse.ch/browse/tag/log4j/

185.254.196.122:4445

# Reference: https://twitter.com/ankit_anubhav/status/1471079526658560003
# Reference: https://tria.ge/211215-njvt8sadaq/behavioral1

62.182.158.156:6666
62.182.158.156:8888

# Reference: https://www.virustotal.com/gui/file/20ad997410c4e5ac78ad3ecaf76bf3595aacda71e899a0bd2ef90917afd69ff0/detection

13.58.157.220:17525
3.142.129.56:17525
3.142.167.4:17525
3.142.167.54:17525
3.142.81.166:17525
3.19.130.43:17525

# Reference: https://www.virustotal.com/gui/file/0156ca6f8fb12a2415de4c896f346caab9f342ccd597912b88e890805fcd1e3d/detection

3.129.187.220:14020
3.131.147.49:14020
3.133.207.110:14020
3.136.65.236:14020
3.138.180.119:14020
3.22.15.135:14020

# Reference: https://twitter.com/petrovic082/status/1467822724932321288
# Reference: https://app.any.run/tasks/d367b18c-69e6-4026-b84a-4f8d52098687/
# Reference: https://www.virustotal.com/gui/file/bb627db44f44c8b23220602f5ae6bc2fa34b89d612ab3118f815fca43cfcf331/detection

v3-fastupload.s3-accelerate.amazonaws.com

# Reference: https://twitter.com/r3dbU7z/status/1468119168096612357
# Reference: https://www.virustotal.com/gui/file/fafbf0870568dae2e02913cbe158011c867098bda883c8f85a13d1f83a4aa937/detection

208.88.226.158:443

# Reference: https://twitter.com/drb_ra/status/1476180260953726978

emailservices.events

# Reference: https://twitter.com/drb_ra/status/1476758694729764890

188.166.171.154:443

# Reference: https://twitter.com/TheDFIRReport/status/1461733507324162056

13.90.131.107:443

# Reference: https://www.virustotal.com/gui/file/4a61696932f036bd2f57482516fd5d8b7e2939259757f82d17ed27f6fe430794/detection

3.14.182.203:12417

# Reference: https://www.virustotal.com/gui/file/2d1f1b961df03d0f572f072aae89e6c2f9e947d87551df85781d781cbf5a3918/detection

45.142.212.161:8881

# Reference: https://www.virustotal.com/gui/file/bd7745a252f92a9a8ef0e0469d113c354dde8547e1cbc9a865080cfa48eda9c8/detection

boyte.sytes.net

# Reference: https://twitter.com/ffforward/status/1479416818829860866

/katalogpwsh/

# Reference: https://www.virustotal.com/gui/file/64dcd0626a335c212083a51ffffc37950fcd5dfea73b8e6a5d8c92d6abfd8e71/detection

119.45.102.166:4445

# Reference: https://www.virustotal.com/gui/file/bc3beb2ce29d965c215baf97c54cb321d7f579a7a6fe6a4992e4f1f5d8d51808/detection

194.5.98.253:5900
joelthomas.linkpc.net

# Reference: https://www.virustotal.com/gui/file/27db881cc60237f6c967fd8475115a64dec4b9246908e2a940382dad66bb31d7/detection

167.172.61.60:443

# Reference: https://www.virustotal.com/gui/file/e67a7ce47865a9324cf1419c71204a15fb24dc875a0a51451bf71d29d7c41fd3/detection

167.172.61.60:444

# Reference: https://twitter.com/JAMESWT_MHT/status/1488152643230965760
# Reference: https://www.virustotal.com/gui/file/9786fa48e5307616b67727ae75b1b08393b71ad9c088c6277a598638d1bb5a15/detection

imagingworld.in/factur.docx
imagingworld.in/report.pdf
pinkstravels.com/locals.php

# Reference: https://www.virustotal.com/gui/file/512cd7d8f32c1da7b949871b47cee24c454e58585b6ea151c66789fd4a065c78/detection

yugnuvurka.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/29e7cf9579480cc3787c3e33add6e99611611c448eea2c7cf67e789d64d397ff/detection

zospayilmu.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/034927ea9d5aa9bb0a88a364af4d9733f5b9b933aa7ecd45b6aa9e1cc221c6ca/detection

http://5.181.80.213

# Reference: https://twitter.com/malwrhunterteam/status/1489520707809779715
# Reference: https://www.virustotal.com/gui/file/d7ba3b1d6fe9230a53606857508d0e79682e71fbd9200e70360700d831d8fef3/detection

coolfreecv.com:443/doc/coolfreecv_resume_en_06_n.docx

# Reference: https://www.virustotal.com/gui/file/1038e0df36ff80507942b6ac24f5bfda0d23416a5385c8c645ff0a8cf4f66acf/detection

http://198.50.177.251

# Reference: https://twitter.com/ScumBots/status/1492247150251720707
# Reference: https://www.virustotal.com/gui/file/f51e500a628692adcc6aec55c3277675c8bbcb842fabfb61dab7408e2dd2968d/detection

18.188.14.65:18033
18.216.53.253:18033
18.223.41.243:18033
18.224.144.66:18033
198.58.98.92:18033
3.13.191.225:18033
3.134.125.175:18033
3.134.196.116:18033
3.134.39.220:18033
3.135.90.78:18033
3.137.63.131:18033
3.14.182.203:18033
3.14.212.173:18033
3.17.117.250:18033
3.17.202.129:18033
3.17.7.232:18033
3.19.114.185:18033
3.19.3.150:18033
3.20.98.123:18033
3.22.30.40:18033
45.79.7.70:18033
45.79.9.205:18033
52.14.61.47:18033
52.15.183.149:18033
52.15.194.28:18033
52.15.62.13:18033
52.15.72.79:18033

# Reference: https://www.virustotal.com/gui/file/3dfe6b6f02b05498e07f164ca29545631cbc909a1c1000a4e40113407cde1d03/detection

http://45.64.112.51

# Reference: https://twitter.com/jaydinbas/status/1493202636866261000
# Reference: https://www.virustotal.com/gui/file/4db544c4ff262ba2f01b23cf9d6c3af23cae203efb7e06d7960ad06ada564f2b/detection
# Reference: https://www.virustotal.com/gui/file/944a8fac13b495f11628696c04673115c90ee650fc8ff3e440335e6d73df2496/detection
# Reference: https://www.virustotal.com/gui/file/de62e54976010eebd7a764e7ad5029a23b26256308f713229f724abb4f4be05c/detection

inexa-group.com
paste.inexa-group.com

# Reference: https://twitter.com/jaydinbas/status/1489241835927216128
# Reference: https://www.virustotal.com/gui/file/c23e61db0e74e6d48ba27f17461abc88c700e0a386ffdbd4c1a1571ebf630d4f/detection

i-development.one

# Reference: https://www.virustotal.com/gui/file/922f078a109aa494d631a81d67e6b9db994af58db023fa9c69576c96e2616ae3/detection

hdoc.duckdns.org

# Reference: https://twitter.com/1ZRR4H/status/1496748012256866308

101.35.121.232:8000

# Reference: https://www.virustotal.com/gui/file/a0e90b286000cff6bc9236c1d49763b19b554b8cd5cd7549907c8de88e372240/detection
# Reference: https://www.virustotal.com/gui/file/985f7026e7e8482e4c7e0fd87390b99aa9d00888774189cbf6828fb4553dbb80/detection

42.193.39.49:8080

# Reference: https://twitter.com/Max_Mal_/status/1500447223217278980
# Reference: https://www.virustotal.com/gui/file/fb7970ac7563dedda8cf507d7dabcfbe15f32bd91c4499420a50cd318d5ec439/detection

http://103.142.218.18

# Reference: https://www.virustotal.com/gui/file/f5a4a5e62200a8409389072b0b9e3af7760b9d83f479cdc25b100319bbe2b2e8/detection

http://157.245.250.76

# Reference: https://twitter.com/ScumBots/status/1501868046822031361
# Reference: https://www.virustotal.com/gui/file/c24bbc9e4f16081e64d94b6104890b37b4492e14ea62cfc7844f511ede25e081/detection

149.28.148.219:8445

# Reference: https://twitter.com/ScumBots/status/1502341161393999872
# Reference: https://www.virustotal.com/gui/file/0012303bbcfa1d83fc655c54c28ffe2cd041504f1ab8ae704dc0614f2b2a07ba/detection

85.214.237.196:443

# Reference: https://www.virustotal.com/gui/file/449888a9bd8efbfe0f9c15965882d3ea50fec4a124bc7fd603ac16956289a16c/detection

154.16.167.72:1006

# Reference: https://www.virustotal.com/gui/file/938300c70c7ee66a45b6e747f068a1d08e6191a6fbd17d73d6ea2ee673da9f0f/detection

124.222.220.31:4444

# Reference: https://twitter.com/drb_ra/status/1504978479309332480

18.135.28.6:443

# Reference: https://twitter.com/drb_ra/status/1507194659285745665

tunnistautuminen.quest

# Reference: https://twitter.com/drb_ra/status/1507152832264298496

red-ops.team
/qqzddddd/2018/load.php

# Reference: https://twitter.com/drb_ra/status/1507877703017508868

18.116.32.198:443

# Reference: https://twitter.com/drb_ra/status/1507917437899055106

149.167.94.36:443

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
# Reference: https://www.virustotal.com/gui/file/77e0d3366f7516cb2661a48c252fee7a1bc0abfe598feae40cf4e1c918fe97ee/detection
# Reference: https://www.virustotal.com/gui/file/9d4640bde3daf44cc4258eb5f294ca478306aa5268c7d314fc5019cf783041f0/detection
# Reference: https://www.virustotal.com/gui/file/c7dd490adb297b7f529950778b5a426e8068ea2df58be5d8fd49fe55b5331e28/detection

swordoke.com

# Reference: https://twitter.com/drb_ra/status/1509195039095803918

193.36.15.251:443

# Reference: https://www.virustotal.com/gui/file/51973e690c8790f7270b2e1e99383a81bac1f01bc5f46dab9341834513721ef6/detection

3.141.142.211:12356

# Reference: https://twitter.com/drb_ra/status/1510064550632169479

androidenews.com

# Reference: https://twitter.com/drb_ra/status/1510609246534180873

http://142.93.233.148

# Reference: https://www.virustotal.com/gui/file/2b15cb9ae88ee3aa9a9fe8a27479a570062c8c31e0b28f264f0223412221fb93/detection

95.216.221.82:4444

# Reference: https://twitter.com/drb_ra/status/1511371495271976965

nettitude.gzpt.org

# Reference: https://twitter.com/drb_ra/status/1511501477793222665

daq09367inkax.cloudfront.net

# Reference: https://twitter.com/ScumBots/status/1512096689422839815
# Reference: https://www.virustotal.com/gui/file/472e4f80a21736d734de6735d6686d4526d76ff68c3ffc5880d0e44580b1b0ba/detection

46.4.114.111:9999

# Reference: https://twitter.com/drb_ra/status/1512998349426896897

143.198.71.104:443

# Reference: https://twitter.com/drb_ra/status/1512999086638735365

appsteams.com

# Reference: https://twitter.com/drb_ra/status/1513690881408348166

office.thebrain.net

# Reference: https://twitter.com/drb_ra/status/1514041527814823947

45.56.113.131:443

# Reference: https://twitter.com/drb_ra/status/1514449947650924546

ye-cert.com

# Reference: https://www.virustotal.com/gui/file/0008e122dff45c48ab93361085280cca8c0f8f0f35f742ea73a772f03dde1f41/detection

seryanjek.com

# Reference: https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
# Reference: https://otx.alienvault.com/pulse/6135d2c0c031eac2759657d6

135.181.10.218:443

# Reference: https://twitter.com/drb_ra/status/1516937383090044930

34.235.5.141:443

# Reference: https://twitter.com/drb_ra/status/1516940210776547328

54.37.225.27:443

# Reference: https://twitter.com/drb_ra/status/1516940512422506496

classcharts.uk

# Reference: https://twitter.com/drb_ra/status/1518577537651200000

109.228.40.199:443

# Reference: https://twitter.com/osipov_ar/status/1518654392777510916

http://138.124.184.220

# Reference: https://twitter.com/drb_ra/status/1519839795471659008

52.185.188.46:443

# Reference: https://twitter.com/drb_ra/status/1520199027547062274

18.208.248.51:443

# Reference: https://twitter.com/drb_ra/status/1520226667624648706

pankki.store

# Reference: https://twitter.com/ScumBots/status/1520700888112930817
# Reference: https://www.virustotal.com/gui/file/5b386d361997ea2108141a8c22ae8f6bb3835a8e23ef25dd72b9438674dc595c/detection

106.10.106.0:4444

# Reference: https://twitter.com/ScumBots/status/1521869837185781762
# Reference: https://www.virustotal.com/gui/file/5e0ff6e0762fefc8f7a7d214b9717c64abb8000283014965b74225fed08eeb89/detection

206.189.119.181:443

# Reference: https://twitter.com/drb_ra/status/1522757920068411399

147.182.134.175:443
174.138.110.120:443

# Reference: https://twitter.com/drb_ra/status/1522920341500219394

52.246.168.227:443

# Reference: https://twitter.com/drb_ra/status/1525299882256375808

159.65.136.204:5050

# Reference: https://twitter.com/drb_ra/status/1524547711781027841

23.163.0.59:443

# Reference: https://twitter.com/drb_ra/status/1524910249731293207

34.238.250.112:443

# Reference: https://twitter.com/drb_ra/status/1525482106171887623

159.203.28.9:443

# Reference: https://twitter.com/drb_ra/status/1525488694215458823

195.123.220.222:443

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/

collaboration-bw.de
kleinm.de

# Reference: https://twitter.com/ScumBots/status/1526215976748036102
# Reference: https://www.virustotal.com/gui/file/cb3ddfba160b1a928fc99c80e8b3f82ed620998d082793022461aef6ba2f3e0c/detection

3.126.224.214:16050

# Reference: https://twitter.com/drb_ra/status/1526926521583259649

150.136.140.174:443

# Reference: https://twitter.com/drb_ra/status/1527094517156962304

95.213.145.101:443

# Reference: https://twitter.com/drb_ra/status/1528185222709362689

docs.jcbbrokers.com

# Reference: https://twitter.com/drb_ra/status/1528375525798035458

206.189.4.169:443

# Reference: https://www.virustotal.com/gui/file/0022045c76a9880ed0dbef3db814c92529c9e5fdbc5e1b1dc0fdcc26140fb45a/detection

digitalcomparendo.com.co

# Reference: https://www.virustotal.com/gui/file/a6bca64361aaaf870b90525ffc35e2b17d2ba17b94a7bde793f0aafa02f11c54/detection

sellinruss2.com

# Reference: https://www.virustotal.com/gui/file/50538c1210a31fe8608676a6c7b061bc4b8472db053de6fa80daae7d86372e28/detection

http://54.159.59.99

# Reference: https://twitter.com/drb_ra/status/1529991314326147086

159.223.194.182:443

# Reference: https://www.virustotal.com/gui/file/cdfc5ba406b1099a15ec57cd52c916238a8a89a3e6505f47a692cba92739f455/detection

king-ccards.online

# Reference: https://twitter.com/malwrhunterteam/status/1531709311746985984
# Reference: https://www.virustotal.com/gui/file/e8f0a2f79a91587f1d961d6668792e74985624d652c7b47cc87367cb1b451adf/detection
# Reference: https://www.virustotal.com/gui/file/bf10a54348c2d448afa5d0ba5add70aaccd99506dfcf9d6cf185c0b77c14ace5/detection
# Reference: https://www.virustotal.com/gui/file/1f245b9d3247d686937f26f7c0ae36d3c853bda97abd8b95dc0dfd4568ee470b/detection

109.248.59.74:1337

# Reference: https://twitter.com/ScumBots/status/1531994048269000706
# Reference: https://www.virustotal.com/gui/file/254d9104946b1fa73c5447dcf57c6a8172401feec7d9c518eba23df90b57ca4f/detection

54.190.24.216:8080

# Reference: https://twitter.com/ScumBots/status/1532355178447388673
# Reference: https://www.virustotal.com/gui/file/6f761d9149c1ab9e1a19c77821419e3b11b60d8649ed4406c269c2b96690d0c0/detection

3.22.53.161:10221

# Reference: https://twitter.com/malwrhunterteam/status/1532443932453388288
# Reference: https://www.virustotal.com/gui/file/8d7117bc2c97e7e1a2c6417c37edc1031fb9441cbedc40ed38276d441d018d9b/detection

8866ddd7771251526d5e5e.cloudflareworkers.com

# Reference: https://twitter.com/ScumBots/status/1532933990927286272
# Reference: https://www.virustotal.com/gui/file/dd5d4da062f7b6363d3f165e76392b84ff455def8eeca2980b92f9295c364171/detection

3.6.115.182:16512

# Reference: https://www.virustotal.com/gui/file/3eb41d7351608e5ec7ae17da7bd889a6edadb3fd26080546d5093bd7fbd108bd/detection

adfj4356sjkl23jf367ld234k6fh6k86s234.jquerydb.com
resource.jquerydb.com

# Reference: https://twitter.com/drb_ra/status/1532701358586994688

13.59.166.155:443

# Reference: https://twitter.com/drb_ra/status/1532710008470884355

109.234.36.5:443

# Reference: https://twitter.com/drb_ra/status/1532882609541455873

bcxstaging.co.za
dev.bcxstaging.co.za

# Reference: https://twitter.com/drb_ra/status/1532882928316858370

daq09367inkax.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/b536ba7328c4913798d2146ddceec2bf7891abef728f2c57db71b153f59a5ef3/detection

http://101.43.242.147

# Reference: https://twitter.com/drb_ra/status/1533973002232246272

54.215.206.234:443
imadeyou.click
c2.imadeyou.click

# Reference: https://twitter.com/drb_ra/status/1533983732381646848

150.136.140.174:443

# Reference: https://www.virustotal.com/gui/file/b9b479158d5dea67310c4c0c732e852de11830f3416d5eb2faf01b777fdac20f/detection

dianli.ru

# Reference: https://twitter.com/drb_ra/status/1535428913190555649

109.234.36.5:443

# Reference: https://unit42.paloaltonetworks.com/cve-2022-26134-atlassian-code-execution-vulnerability/
# Reference: https://otx.alienvault.com/pulse/62a08073756f4059e6464d77

http://167.99.57.116
http://172.104.31.117
http://18.216.140.250
http://18.221.234.103
http://191.37.248.120
http://192.99.152.200
http://193.106.191.71
http://2.56.11.65
http://27.1.1.34
http://31.13.191.157
http://54.88.149.100
http://84.17.48.94
http://87.249.135.167
http://89.187.170.129

# Reference: https://twitter.com/pmelson/status/1536819641846272008
# Reference: https://www.virustotal.com/gui/file/1b9c291c4dca0f4af299a0ece26a7c3b3f87a0a7eb9f5b57aa7c894774c40407/detection

104.16.243.78:8080
104.16.244.78:8080
162.255.119.65:8080
n00bzunit3d.xyz
challs.n00bzunit3d.xyz
ctf.n00bzunit3d.xyz
test.n00bzunit3d.xyz
wiki.n00bzunit3d.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1537022403347460096
# Reference: https://www.virustotal.com/gui/file/a8ce2181ce6e56c147412c600a430fdb7baf68550b6f822b98a1759f52adb72f/detection

gmgeneraltrading.com

# Reference: https://twitter.com/malwrhunterteam/status/1537412988558245888
# Reference: https://www.virustotal.com/gui/file/de495346ac81d29707c92181382989cbcc9ecab3feeb7c38eb6fe4364c89cde8/detection

transacor.ma

# Reference: https://twitter.com/malwrhunterteam/status/1537424206434119680
# Reference: https://www.virustotal.com/gui/file/68462163987c2f96488ff08d44d88b6f08d5da7ecbb478bd38d4a156bb61e2b7/detection

facturamx.club

# Reference: https://twitter.com/Dkavalanche/status/1537483210409803777

http://20.240.40.118

# Reference: https://twitter.com/malwrhunterteam/status/1537521767262015488

smarthav.com

# Reference: https://twitter.com/malwrhunterteam/status/1538094207478517764
# Reference: https://www.virustotal.com/gui/file/ddbd0b917d017d5709bd4fb2e0acd4d877d829fb9bc32865550fb556eadb6739/detection

pidipurev.com

# Reference: https://www.virustotal.com/gui/file/03269a24a60591752df46b0303e61c51798333dafd9ed59513bfa620866c2358/detection

gr3.ddns.net

# Reference: https://twitter.com/drb_ra/status/1537231657119338498

20.78.19.235:443

# Reference: https://twitter.com/malwrhunterteam/status/1539333876895854592
# Reference: https://www.virustotal.com/gui/file/2c861d284d35b5d9bd79c697430c32a41759ff713269ca54aabd165505d4ede4/detection
# Reference: https://www.virustotal.com/gui/file/b38109e065c8fe5fdaf88f182597b6bff73c6578f02a757afdba7031db054913/detection
# Reference: https://www.virustotal.com/gui/file/fd3cfce2a371634763db5d184ee7b8115e48baa16177d27376a61c75092e1a32/detection
# Reference: https://www.virustotal.com/gui/file/a2514e2e9c9eb522c07ddad50c66a0c99d9ac64a7445722f94bd5fb358e45220/detection
# Reference: https://www.virustotal.com/gui/file/6e2be3ffea3e74f39145d89bd69a91162c4a436a51da3c1e1b9131c8f8764861/detection

206.84.168.139:4444
206.84.168.191:4444
206.84.168.30:4444
206.84.169.110:4444
strongvpn.ga

# Reference: https://twitter.com/drb_ra/status/1539425978438516737

192.18.141.199:443

# Reference: https://twitter.com/malwrhunterteam/status/1539621033908621314
# Reference: https://www.virustotal.com/gui/file/5270cb73da9b7ca550e1ae3ccd2e0875c7a5e49782daf2ca169d6a29d479f628/detection

http://95.217.244.204
infinite-stars.net

# Reference: https://www.virustotal.com/gui/file/c557d03fa307f13a3086053c022a8e146b1e5725995e2bf0fd2ef2d66d0ba9ea/detection

nikitarovonovich.pserver.ru

# Reference: https://twitter.com/malwrhunterteam/status/1540614846600908800

http://46.21.153.250

# Reference: https://twitter.com/ScumBots/status/1540390624788185089
# Reference: https://www.virustotal.com/gui/file/a3465a008ffa2a0946e1ebe4124f6569623940d0494a264c6329c818fdecb279/detection

3.142.129.56:1869

# Reference: https://twitter.com/ScumBots/status/1541462190745686016
# Reference: https://www.virustotal.com/gui/file/3e79efb3d76cd8ff9734ddab1e0cc2a08cf1903a6e1b6382acb7ea86a5d19660/detection

79.110.52.135:8080

# Reference: https://twitter.com/ScumBots/status/1542158527388680194
# Reference: https://www.virustotal.com/gui/file/9c4b568c60f30008f19e76a1cc16f37dbf2826c22a580f39b4f009a40f7530e7/detection

170.187.232.147:87

# Reference: https://twitter.com/malwareforme/status/1542261607035588608
# Reference: https://www.virustotal.com/gui/file/98d94759958e3b79de90e9da6a2a5d904cd3efc7c0f45773d2ac5dc4b63f1d56/detection

http://176.100.42.180

# Reference: https://www.virustotal.com/gui/file/21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20/detection

http://120.48.85.228

# Reference: https://twitter.com/drb_ra/status/1542850540421488640

45.14.224.96:443

# Reference: https://twitter.com/malwrhunterteam/status/1544045677482762241
# Reference: https://www.virustotal.com/gui/file/902d69ecac8da439d9e80b08b034c3bc94dca3b150bf2564752169682954ad43/detection

0c020.com

# Reference: https://twitter.com/drb_ra/status/1544122690818162689

83.229.83.41:443

# Reference: https://twitter.com/malwrhunterteam/status/1544688445154594819
# Reference: https://www.virustotal.com/gui/file/b9d958bdc2ce406d4fae5e73d19e9b3f5222a61e3fe3655ed36bb6ab83e145e7/detection

gojourneys.com/service.hta

# Reference: https://twitter.com/ScumBots/status/1545123058616307713
# Reference: https://www.virustotal.com/gui/file/924276827de0e5d6a1ffc01cb025f206159e974b71796c7b850794258daa1878/detection

payrewardapp.com
api.payrewardapp.com
imv.payrewardapp.com

# Reference: https://www.virustotal.com/gui/file/6da3fbd52970e23b106401bb82298e353f9d1db09fab7a6ad16b6a2ad0188060/detection

161.35.90.195:4444
c2server.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1547580496460206080
# Reference: https://twitter.com/StopMalvertisin/status/1547851359948804096

http://185.228.83.60
/alksdldoosal
/wxbTRXIuGyNqdPhzfYlJeDOUWKFC

# Reference: https://www.virustotal.com/gui/file/afa2a4fbfb46e5c2f687a741e7b8337c14a52c7bfcbe28cc27933a41dcdb8a6a/detection

Nerviusss25-51690.portmap.host

# Reference: https://twitter.com/drb_ra/status/1548662939716034562

a-banking.com
fly.a-banking.com

# Reference: https://www.virustotal.com/gui/file/c36f0d9d77e5fb8fbe251b57a6a02f7da6222bf270960a79c00422a56c8ca859/detection

45.32.160.133:9191

# Reference: https://www.virustotal.com/gui/file/f18667d39c13df2cc1cd68af0246667e9d7e614ba572120befe16e38f306b035/detection

212.192.242.16:1000

# Reference: https://www.virustotal.com/gui/file/4b445a21fa7863a844b90beebfb5bed18e2acea8f5747b32453fc31d9112963f/detection

downloadyarbot.shopyfi.ir

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/growling-bears-make-thunderous-noise.html

46.229.215.108:4433
78.40.219.13:8888

# Reference: https://www.virustotal.com/gui/file/eca5efb923224e2d8fddfcba53d30b44c8c68fc6cb73bca72dc4ec424096a7ef/detection

95.111.250.149:8000

# Reference: https://www.virustotal.com/gui/file/8948fb84fbefb2c969888ab77d438cb8ac00694551dbac317b236fda66e4a739/detection

20.226.41.232:9001

# Reference: https://www.virustotal.com/gui/file/30ce8e40b79621b0555bb818b71d769d3edf6210944007c17d1f31e918fadc45/detection

106.52.42.139:6789
106.52.42.139:801

# Reference: https://twitter.com/drb_ra/status/1550280325506469890

http://45.14.224.110
/vfe01s/1/vsopts.js/

# Reference: https://www.virustotal.com/gui/file/0da30282299c1f351510bfd83463d4ba820687c027e854b1b03fd6124547d77f/detection

213.170.135.6:25561
insmp.net
uk.insmp.net

# Reference: https://www.virustotal.com/gui/file/68a4fd2b4fe913f6ec71196731f0fa3bbed17589ee18d6ec2878a8a20001f905/detection
# Reference: https://www.virustotal.com/gui/file/4d72c7d6ded3cae715ce6f362d3ec79de5f484a264bf52532df316a496ecad04/detection
# Reference: https://www.virustotal.com/gui/file/3694875ffe41f247ef6b5d6eb2d5d3f9ee4939e94735f4aec96e1fa7e3e64d78/detection

aasporo.com

# Reference: https://www.virustotal.com/gui/file/56b823c64968f9eb87a57b688e569eb7040501f291be4606cb226ff281eaffb4/detection
# Reference: https://www.virustotal.com/gui/file/68a2c4cce8c8e8cdf819d8b4f8ab88c0c851fb4ca0dcc07d562a6befc4172380/detection

95.213.145.101:443

# Reference: https://www.virustotal.com/gui/file/04eabcc001b383709ce35e3b116812382dbe1ee77ad8bd2f0da7d39d14ce3b6d/detection
# Reference: https://www.virustotal.com/gui/file/20cf0e39859e911a23db28f8890ad018ff55a3ec6e2b3b849151ce21b08f47de/detection

209.141.58.154:6363
cvc.7766.org

# Reference: https://www.virustotal.com/gui/file/1373d61f65df4004490791ade8a04490db396c2e7a248f680896c524e0f5ffd5/detection

18.158.249.75:12778

# Reference: https://www.virustotal.com/gui/file/2c91462fb50fb7d0a394317401f9044db58e652435cd3beb05ae6e0a0184d63a/detection

http://66.70.238.65

# Reference: https://twitter.com/drb_ra/status/1552819839382835202

167.71.88.90:443
/utag/lbg/main/prod/utag.15.js

# Reference: https://twitter.com/drb_ra/status/1553373644386189312

192.9.244.42:443
/trader-update/history&pd=/

# Reference: https://www.virustotal.com/gui/file/0411b1c23bfb671d36136760706cf85a11af5cfd16f8de47a330a8ca915f1eef/detection

64.52.80.168:7778

# Reference: https://twitter.com/StopMalvertisin/status/1554677296472399872

78.85.17.88:8443

# Reference: https://twitter.com/StopMalvertisin/status/1554738107001765888

78.85.17.88:9991

# Reference: https://www.virustotal.com/gui/file/9c69b39140e43602c4040ab7e9fadf3d74fdc4f9f92cddd2586e6a24fe8c70e4/detection

sky-titans.net

# Reference: https://www.virustotal.com/gui/file/f506dc1b194dfd25df0dfc2490e53138400e0fd5147e79878e878168b57d8531/detection

http://185.156.43.249
185.156.43.249:5544

# Reference: https://www.virustotal.com/gui/file/e451243cc7e2ff3b82a99501ae6e0d3461d7c30e3ff23d71a70b9e5afe6400cf/detection

185.156.43.249:443

# Reference: https://www.virustotal.com/gui/file/ab19c9ee6c97509b12adae6bc4c3e2f3aeb295d6bb6dc39bfc4caab9d5c02c8e/detection

185.156.43.249:8088

# Reference: https://www.virustotal.com/gui/file/463e0ad8bd88738a3ad56095fd6c1df32db01b9194fe0c240e484c4ec877814e/detection

185.156.43.249:4433

# Reference: https://www.virustotal.com/gui/file/5887040b238982d1ec370dec2dfc2f20a3b358e1f03aa30e1c82f9ed46d0ef9a/detection
# Reference: https://www.virustotal.com/gui/file/7ddc9bbf5a0cb96e1a3eabd57c7a3c9529c99d47828c52782cc41f9479110894/detection

hjit.ru

# Reference: https://twitter.com/StopMalvertisin/status/1555461886711590913
# Reference: https://www.virustotal.com/gui/file/50cd4fbf0ebfe65fc135523fda1525a32dc50764748f863193da22d4616c8666/detection

54.91.111.47:4455
autodontreplyservices.com
ec2-54-91-111-47.compute-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1556069100820086785

96.31.77.61:8888

# Reference: https://www.virustotal.com/gui/file/2932baac30e642651f27b4b7c6f77b9122742f49866da5160e9db776b1e832e9/detection

185.100.65.237:4447

# Reference: https://www.virustotal.com/gui/file/bc556718de6fc8d375c7a4121e7d68632caf1fd5439cfd4d9c48d21e092476e6/detection

bfparty.org

# Reference: https://twitter.com/malwrhunterteam/status/1559881926688784385
# Reference: https://www.virustotal.com/gui/file/16b4a6fec76b452f77a6832871ff2e906d673e557a0e6c2673fc952181d1319b/detection

buckotx.s3.amazonaws.com

# Reference: https://twitter.com/malwrhunterteam/status/1559902576757424130
# Reference: https://www.virustotal.com/gui/file/6634cd044332d28d153519298fd0f68590d966d1c970a80d5a6462fd5a9734ec/detection

azistcool.linkpc.net

# Reference: https://www.virustotal.com/gui/file/eca7dc19194ed6de874c9591106be959f0b4f6ec250f3617634b61aa13639a10/detection

finxiio.com

# Reference: https://twitter.com/pollo290987/status/1560155917341130752
# Reference: https://www.virustotal.com/gui/file/737d0d04046e490f3e69e8ab944487d9bd78d77d6be943811949f00f6b89bdd7/detection

sodkvsodkv.facturas.stuff-4-sale.us

# Reference: https://twitter.com/malwrhunterteam/status/1560584179955314688
# Reference: https://www.virustotal.com/gui/file/e6433b54eeeca4efa18f93bd3d90339114edd040a16083e6d5be17f7f0f655e3/detection

shipminttracking.net

# Reference: https://www.virustotal.com/gui/file/b6173bfaf49c806340d65cd48b9f368a5153c3116c2f724e69cf91ea324563d3/detection

137.184.88.94:9001

# Reference: https://twitter.com/malwrhunterteam/status/1560635393971589122
# Reference: https://www.virustotal.com/gui/ip-address/34.80.234.86/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.69.236.3/relations
# Reference: https://www.virustotal.com/gui/file/de55f77361210aeacf9a5989479c0ad790d31633d6899100fa42828156fc79ed/detection
# Reference: https://www.virustotal.com/gui/file/7596564139a66bb4e164cfcae16940e3c4c7909cbbaae1c60aa4a91061a1e54d/detection

iisn.at
iiso.in
ilsvt.co
looi.io
lslb.in
sisidra.ws
tls-i.in
tls-n.in
tornado.ws

# Reference: https://twitter.com/drb_ra/status/1558253131968008192

65.20.81.201:443

# Reference: https://twitter.com/drb_ra/status/1558431403385257985

anmal.ddns.net

# Reference: https://twitter.com/drb_ra/status/1560810734673661952

164.132.138.128:443
91.194.3.36:443

# Reference: https://www.virustotal.com/gui/file/4cc1b6c78cb2a820743f20316044eec68bfeb25dee7615954de27847cde26229/detection

18.219.180.158:8080
phisher.nastydomain.com

# Reference: https://www.virustotal.com/gui/file/f2e4736e8c1776a983021311ff48404d78f02de5677b187828e7b40544e33cb7/detection

http://35.158.114.105

# Reference: https://www.virustotal.com/gui/file/7ce2a0f058befe3034a1bf27d5aa8c7cdcd79e1a0064bb4e83cb179097fb3b8d/detection

webshare01.onlinesecure365.com

# Reference: https://twitter.com/drb_ra/status/1563141828396056578

d2gzdrbvjbbq9z.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1563142062798938112

13.234.39.14:443

# Reference: https://www.virustotal.com/gui/file/16007ea6ae7ce797451baec2132e30564a29ee0bf8a8f05828ad2289b3690f55/detection

http://45.89.125.189

# Reference: https://www.virustotal.com/gui/file/454add1bfdc98b944ed97984f1771ec09c9a4c869e3fb6936573d0db8a83ac30/detection

82.2.66.222:21

# Reference: https://www.virustotal.com/gui/file/1da0ce0810952354a5e288a3dd6690338228933c5ff726d317c4748a4322e6dd/detection

82.2.66.222:4444

# Reference: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
# Reference: https://otx.alienvault.com/pulse/630f67c49a28f85f26b91f5a

apiregis.com
updatesagent.com
xmlschemeformat.com

# Reference: https://twitter.com/drb_ra/status/1564765008503967749

3.121.201.91:8080

# Reference: https://www.virustotal.com/gui/file/74a75862bd3fb1df2110cfa2f4de6a56c6370c4aba30df4c6b98ea3346d6366a/detection
# Reference: https://www.virustotal.com/gui/file/0439db34ebaca953064a84b4976b5d0533076594f4d92b6b0d7829988845dbca/detection

pc2.heapack.com

# Reference: https://twitter.com/drb_ra/status/1566577843886227459

54.39.238.131:1335

# Reference: https://www.virustotal.com/gui/file/8e698623199611102ffb0e72e86d76c9a2178e4efb3e7346bcfb37269074e6bc/detection
# Reference: https://www.virustotal.com/gui/file/c8117e93fa43454f1bfd6ecd0324dd08f55beae4258e63d484f72b6aafbdf40d/detection

huntsman-dfir.tech
malware-analysis.huntsman-dfir.tech

# Reference: https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/
# Reference: https://www.virustotal.com/gui/file/c23e61db0e74e6d48ba27f17461abc88c700e0a386ffdbd4c1a1571ebf630d4f/detection

i-development.one

# Reference: https://twitter.com/malwrhunterteam/status/1567135765569671168
# Reference: https://www.virustotal.com/gui/file/518a0d736b7d9e015548c7bf2eb3b9692817caf67acc20869f68adc5af5b7200/detection

scorpio-cdn.com

# Reference: https://twitter.com/malwrhunterteam/status/1567146303674585090
# Reference: https://www.virustotal.com/gui/file/78cc518559f2348e4c959848d0c2671e96d16c166db0aaa7633dd67ab6bc58ef/detection
# Reference: https://www.virustotal.com/gui/file/bcb1fed53879768a3fa7b6d7f77695e9f2971a20e2cbb5df0b2a0a83c3088946/detection

http://168.119.107.156

# Reference: https://www.welivesecurity.com/2022/09/06/worok-big-picture/
# Reference: https://otx.alienvault.com/pulse/63174ac2e0c9d93ffa7e32f5

suhypercloud.org
travel-commercials.agency
airplane.travel-commercials.agency
bus.travel-commercials.agency
fly.travel-commercials.agency
train.travel-commercials.agency
central.suhypercloud.org
customer.suhypercloud.org
srv.suhypercloud.org

# Reference: https://twitter.com/drb_ra/status/1566942796153511936

185.64.247.240:4443

# Reference: https://www.virustotal.com/gui/file/be746568cc611f15da95184f3080f2d976f9c45e09b77e10d5916e99b2ab5555/detection

85.209.179.63:4444

# Reference: https://www.virustotal.com/gui/file/93f73b12dae2cc2629bd301941a995e4833c10e27a988c929f21257edbef14c3/detection

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/e3416839a6b0aad2e470b8ab7c2b27c8a8919686ffbdbf5f1496a3edebb22f8f/detection

82.167.230.163:7331

# Reference: https://www.virustotal.com/gui/file/d7a5fbc4865a624221fc15de663c4abe9628865ffda7fdf77a350ac67e57f82e/detection

20.224.161.53:1000

# Reference: https://www.virustotal.com/gui/file/a8e002532b37acf502145cff1f6485877c524a6075bbcae537c758ee22bb3900/detection

162.241.224.143:9001

# Reference: https://www.virustotal.com/gui/file/31b9785480154d9def6cefb099b5dd32716634a9cfa4baf471c2164ef6f58028/detection

209.25.141.181:20960

# Reference: https://www.virustotal.com/gui/file/9fad60dd882e26b555f5127ffc7b70326f57ab84271185bbbf469e5eb1ed5e4b/detection

5.183.95.123:443

# Reference: https://twitter.com/malwrhunterteam/status/1567887497090285569
# Reference: https://www.virustotal.com/gui/file/2e551962c5d2641f8ff5e35156e7b2f1a02f6c0c29c4066692a7e14541f5ac93/detection

185.43.7.204:443

# Reference: https://twitter.com/malwrhunterteam/status/1568190202266386434
# Reference: https://www.virustotal.com/gui/file/bc6202d58b5ed72e9b23b617f5a3d2888169f471af884b573d67e8a58fe5d4c5/detection

bashamed.org
zeytoonict.com

# Reference: https://twitter.com/malwrhunterteam/status/1568198491226226688
# Reference: https://www.virustotal.com/gui/file/8ae18fc31866c3a35ede249b97457598e78cb6a0988df1dd58b9ddb1f3e88c05/detection

woo097878780.000webhostapp.com

# Reference: https://twitter.com/drb_ra/status/1568421255627550720

173.82.212.78:443

# Reference: https://twitter.com/StopMalvertisin/status/1568529585893175296
# Reference: https://twitter.com/StopMalvertisin/status/1568529591991693313

http://185.45.192.208
http://185.82.202.121

# Reference: https://www.virustotal.com/gui/file/2062108b6af5401e11ecc1666906745f499449e3e80bd3e439b6a0132afec3cb/detection
# Reference: https://www.virustotal.com/gui/file/bb5afa2cc56710ed33c78dbf56120628cc9b3f120d7847a92efd86a19a14e573/detection

spoilgrey.com

# Reference: https://twitter.com/malwrhunterteam/status/1570430443983441921
# Reference: https://www.virustotal.com/gui/file/917c20c5de91f02122a2cfe9d97c70294b1a38d1c1aead5dd6765a39621086f4/detection

d23grfsvusxgzv.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/2d7613b00471b735332dd5ba14bfa05da3d04c79e34304a4419244ff60ee3017/detection

irc.us.org

# Reference: https://twitter.com/malwrhunterteam/status/1570008286417813506
# Reference: https://www.virustotal.com/gui/file/aabe271f846165939b72213794ac12099bac575b250c71cce1f80919c76c0ba9/detection

test.dfir.com.au

# Reference: https://twitter.com/malwrhunterteam/status/1571064193956319235
# Reference: https://www.virustotal.com/gui/file/2de7c6cbb107b72c67711008a704284f24a0e7294316109b87bb6ff1b06fe397/detection

host1849145.hostland.pro

# Reference: https://twitter.com/StopMalvertisin/status/1571136090760966144
# Reference: https://www.virustotal.com/gui/file/797e74d61badfcd0b2fc15b467cc5aee5eeec93b1ac41ccf08749740f10ae475/detection
# Reference: https://www.virustotal.com/gui/file/33b77459b3b88949e2110f81c77c5024f2701a5bfa580f275da9b8f2316c2c73/detection

142.93.204.150:4433

# Reference: https://twitter.com/abuse_ch/status/1572833978184499201
# Reference: https://tria.ge/220921-g1gwdabadl

149.57.171.69:8080

# Reference: https://www.virustotal.com/gui/file/59d451917630e02e1c38ce6485e187f403279abc0f1afc744f82dd3b9c4a4ccb/detection

6-express.ch

# Reference: https://www.virustotal.com/gui/file/8c785cfe27ba43be28feb28ea9f056a65cebe62abd652f11b82196d819853d37/detection

workplaceanddiversity.com
updatepkg8.workplaceanddiversity.com

# Reference: https://twitter.com/malwrhunterteam/status/157361918168947507
# Reference: https://www.virustotal.com/gui/file/b2de5e474c1a933468603795e736d7d7dfdc8e13b5f14e6fba7e9849298cc8bb/detection

105.108.117.187:21000
105.108.198.242:21000
105.109.159.46:21000
154.246.109.149:21000
154.246.113.83:21000
154.246.146.88:20000
154.246.234.136:21000
154.247.9.173:21000
197.207.8.74:21000
webjava.mywire.org

# Reference: https://www.virustotal.com/gui/file/8fa32222a5317a6734271299d86c84b0041c0d41959f2b9a76b00af92818cda8/detection

104.248.32.159:443

# Reference: https://twitter.com/MichalKoczwara/status/1574103025693622277

/PoshC2.bat

# Reference: https://twitter.com/malwrhunterteam/status/1574440704838963201
# Reference: https://twitter.com/StopMalvertisin/status/1574442449983836160
# Reference: https://www.shodan.io/host/176.124.219.223
# Reference: https://www.virustotal.com/gui/file/59d86574bc99b593abdcf563628af93581eb109748951cac649b3076c70f215d/detection
# Reference: https://www.virustotal.com/gui/file/1cb4c0402251b5ed56c0a7f6e4d3c4ede4d5a34ece829077a0e2dd3d2523fce0/detection

176.124.219.223:135
176.124.219.223:49664
176.124.219.223:49665
176.124.219.223:49666
176.124.219.223:49667
176.124.219.223:49668
176.124.219.223:49670
176.124.219.223:49682

# Reference: https://www.virustotal.com/gui/file/8cdf57dda39f0a10b6f176bc623faba45ed0540d520876b4b67828846f9d7cdb/detection

172.93.181.204:8000

# Reference: https://twitter.com/malwrhunterteam/status/1575453078987366400
# Reference: https://www.virustotal.com/gui/file/558334aa04310114c9433cbd33f44bb35b05f6bd0a29be944adc086215f3b65b/detection

bypass.today

# Reference: https://twitter.com/drb_ra/status/1577506068212719618

213.226.123.157:9197

# Reference: https://twitter.com/drb_ra/status/1570773343258697729

http://188.166.116.129

# Reference: https://twitter.com/drb_ra/status/1573681067541798912

188.166.116.129:6969

# Reference: https://twitter.com/drb_ra/status/1576372562958991361

45.14.224.190:443

# Reference: https://twitter.com/RedPacketSec/status/1577046901194690585

103.27.203.197:444

# Reference: https://twitter.com/RedPacketSec/status/1577046902310375428

18.132.247.80:443

# Reference: https://www.virustotal.com/gui/ip-address/216.240.130.72/relations
# Reference: https://www.virustotal.com/gui/file/8b9c05a1e4a3b701bf8d2229a70bc83cc25b975ab16dbc2a2d0f98d319eeae0a/detection

gamesnetb.com
443.gamesnetb.com
443.onedriveup.today
disk.camdvr.org
disk.casacam.net
netdisk.780wow.com
netdisk.ddnsgeek.com
pan20220109.onedriveup.today
rack.780wow.com
rockdisk.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/fc47b1c0aeb5f6b19af07329a889e39640c626b89ef2e58fe1ec2f0742b0810b/detection

37.0.14.202:3030

# Reference: https://twitter.com/drb_ra/status/1582887247170351105

185.64.247.59:4443

# Reference: https://twitter.com/malwrhunterteam/status/1583197120105877504
# Reference: https://www.virustotal.com/gui/file/5d2f1d7a4f8cda18fd9103e686c811f8e60afc40d3b97b4e05e1394b1c01182c/detection

s5grdzk4uv23llh6ahlx2n2d2s4elzrdrok5rkf7qnhgytud2cqiy6yd.onion.ws
/whatnoplease

# Reference: https://twitter.com/drb_ra/status/1584160635729809410

c2.nathancoats.com

# Reference: https://twitter.com/drb_ra/status/1584355435984785408

192.9.169.86:443

# Reference: https://twitter.com/drb_ra/status/1584886337282375680

adpworkforce.app

# Reference: https://twitter.com/drb_ra/status/1585613063952138240

45.137.117.200:443

# Reference: https://twitter.com/h2jazi/status/1586128535004987392
# Reference: https://www.virustotal.com/gui/file/f7c3ca865baa3553ab44e1cd8f6cf0421a2e4bc12d228abda1296069a07d86b4/detection

d1codu14p1gdvw.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1586705416779612165

116.203.51.117:443

# Reference: https://www.virustotal.com/gui/file/1b82739880e1851d032b09de787033bd19135c8496124cd505b32afe4212b7b0/detection

http://89.22.233.149

# Reference: https://twitter.com/malwrhunterteam/status/1587571283159547906
# Reference: https://www.virustotal.com/gui/file/ab2f0ffb3a1f762f0de9bc5bd8b529232729f1f790eb07c55097ad3eb204d061/detection

192.46.211.76:443
192.46.211.76:8000
lelouch.tk
a.lelouch.tk

# Reference: https://twitter.com/malwrhunterteam/status/1588580672121470977
# Reference: https://www.virustotal.com/gui/file/ae6c02ba554be6dcda3610e8048d0649418f96ed0a8e2cda0a9d27ed4a46ddcc/detection

45.141.215.215:8080
sisal-policy-italy.duckdns.org
sisal-updater.duckdns.org

# Reference: https://twitter.com/drb_ra/status/1588154272402870272

74.208.135.130:443

# Reference: https://twitter.com/sysk1ll3r/status/1589615455396040706
# Reference: https://www.virustotal.com/gui/file/aaa97571b8c811109ab623de66ca34027193e0e78835abd187f6c5750fc1c6d2/detection
# Reference: https://www.virustotal.com/gui/file/0976d94f317fc0050d2e6250b327044b49320fd9ab283d6d9b3d192ef2ff328f/detection

http://195.133.40.130
http://20.106.255.48

# Reference: https://twitter.com/drb_ra/status/1589958958869090304

/babel-polyfill/6.3.14/polyfill.min.js
/babel-polyfill/6.3.14/polyfill.min.js=/

# Reference: https://twitter.com/r3dbU7z/status/1590276341106356229

http://45.154.98.151
45.154.98.151:443
45.154.98.151:777
niva.linkpc.net

# Reference: https://twitter.com/ScumBots/status/1591185331474374675
# Reference: https://www.virustotal.com/gui/file/8f1e1aa4ffded36e953eaf3b679fca21bffc5ca1c837c03fe97ba9ecf93b39fa/detection

193.161.193.99:23235

# Reference: https://twitter.com/ScumBots/status/1590743667064586241
# Reference: https://www.virustotal.com/gui/file/6de48c8c9301b869034fab854c3d518810c2bcc0957093b4739ef0e16912fc3c/detection

jeffersonfilho-23235.portmap.host

# Reference: https://twitter.com/drb_ra/status/1591227919493373952

http://45.93.31.122
/adServingData/PROD/TMClient/6/8736/

# Reference: https://www.virustotal.com/gui/file/d2432ae81241cd0041c23c81b7ddb874ac29b8cc77025a44b41c249a41f3a094/detection

193.33.195.152:3000

# Reference: https://twitter.com/malwrhunterteam/status/1592231757461741569
# Reference: https://www.virustotal.com/gui/file/af3b595215fe40422c0d4a10bbfc2d0e609edf315fbcb372951eea626f58f41f/detection

3mtbusa.com

# Reference: https://twitter.com/drb_ra/status/1593418944332894209

microsoftonedrive.online

# Reference: https://twitter.com/drb_ra/status/1593779349982879744

emergency-coms.com
cc.emergency-coms.com

# Reference: https://twitter.com/luc4m/status/1595105175492087810
# Reference: https://www.virustotal.com/gui/file/49d1d6bfc32f81df0fa87f715be219c26de59067ff1c6e17a2564598900a2a3c/detection

http://146.70.87.186

# Reference: https://twitter.com/malwrhunterteam/status/1594818792084971523
# Reference: https://www.virustotal.com/gui/file/0fa2e2f524101e9c5e911e193e7fb145463c0c2a72a5fb14f8f11a8ae3a18593/detection

201.121.29.197:81
201.121.68.116:81

# Reference: https://twitter.com/drb_ra/status/1595767943841058817

159.65.92.230:443

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Posh.txt

http://146.59.201.131
109.234.36.5:443
109.248.6.221:443
132.145.106.12:8443
146.190.86.212:4443
159.223.20.20:443
159.69.180.8:443
165.22.119.30:443
178.20.47.220:443
184.72.153.18:443
185.193.126.28:443
192.18.141.199:443
193.36.15.251:443
20.218.128.59:443
3.65.198.167:443
3.72.176.74:443
34.235.5.141:443
44.192.81.16:443
45.137.117.200:8443
62.182.159.147:443
79.51.197.75:443
94.130.106.165:443
95.164.87.82:443
95.213.145.101:443
98.142.143.13:8000

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_PowerSploit.txt

http://190.157.37.153
http://82.157.181.130
http://88.91.32.192
18.209.76.109:8080

# Reference: https://twitter.com/malwrhunterteam/status/1596217071742128128
# Reference: https://www.virustotal.com/gui/file/74712e4b42600980566b6dc10df3fb2f63a7daefc3e28abc591d222e3fe0ece0/detection

161.49.96.244:13373
gsismo.com

# Reference: https://www.virustotal.com/gui/file/71459112f7bd7cda5d383db74555399740c532064537aa876c45657438381ccf/detection

http://62.204.41.222

# Reference: https://twitter.com/ScumBots/status/1598210368408543233
# Reference: https://www.virustotal.com/gui/file/eee29a4a94a23810cab689c09e4a83362278a344f3364ee371defcdd96c8e195/detection

154.12.244.1:46969

# Reference: https://twitter.com/ScumBots/status/1596161656874221568
# Reference: https://www.virustotal.com/gui/file/8198e99eec93b479880e3a05a3148fb6f849bd1a678d9d1589582e9255553bdc/detection

194.163.157.141:4444
furfag.xyz

# Reference: https://twitter.com/drb_ra/status/1598305446137589760

159.223.20.20:443

# Reference: https://twitter.com/drb_ra/status/1598474873675866114
# Reference: https://www.virustotal.com/gui/file/44cbf54f2bf9d02e326f24bc3d0bbf5d6e070d17407afd404acdca2366da643c/detection

http://34.235.5.141
evilredteamthings.com

# Reference: https://twitter.com/xorJosh/status/1598646907802451969

193.201.9.101:11196

# Reference: https://twitter.com/malwrhunterteam/status/1599836594844098560
# Reference: https://www.virustotal.com/gui/file/5002bad1d29e3bb13f1c52be33796963564e639852ecf347503eb1fc2c8c4a89/detection

merry-froyo-94e086.netlify.app

# Reference: https://twitter.com/ScumBots/status/1600165757303783425
# Reference: https://www.virustotal.com/gui/file/68493c8e28d56058cc5fb345c037f37ba97a738f15e78e3fe8e94749cb809d40/detection

95.90.54.183:8080

# Reference: https://twitter.com/ScumBots/status/1600168337576808452
# Reference: https://www.virustotal.com/gui/file/e69cc36ecb2e75c8f9b969eb6f3cf37a371e33375f1b466b47e0e261340a9367/detection

95.90.54.183:8

# Reference: https://twitter.com/ScumBots/status/1600228665178132518
# Reference: https://twitter.com/ScumBots/status/1600228737768951838
# Reference: https://www.virustotal.com/gui/file/341f194d9ccc811fcc3995eee085f66e299a17aa2272b8a91b3093de281bfac9/detection
# Reference: https://www.virustotal.com/gui/file/d1644309bcecc22c100bd188d2b8ae6072d89113378c90e131672de97c8e49cc/detection

209.165.201.17:4444

# Reference: https://www.virustotal.com/gui/file/e56cbac2134c6bcb67cf25428f8d7db959d341a26d81e4eb4f9f77e7186e5906/detection

http://155.133.23.244

# Reference: https://twitter.com/malwrhunterteam/status/1601189140305186817
# Reference: https://www.virustotal.com/gui/file/d1a4a68b2dc8689752a51b596e383f380c974593f4478fee79f0cac6627f2ae8/detection

20.172.137.101:8080

# Reference: https://www.virustotal.com/gui/file/b1b86bdefc10d4f3fb18fd2d6fcc4cf9e8ed73c108c772e0870f3545731cb3f5/detection
# Reference: https://www.virustotal.com/gui/file/4a614fbe0450a785de13f100465b8212d03e8f358676d2d8e54022bf991e1142/detection
# Reference: https://www.virustotal.com/gui/file/3fbb76f59491281628c762e16b1f07724f1dccf207b13aff3b6ec405143fb7b5/detection

jobbfinderrr.xyz
xvfghtyua.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/46ed79dc34684fe4e0eb948bb4c8804fa9422a2b5774ee122fc7a24ef67d09d1/detection

3.142.141.21:8080

# Reference: https://www.virustotal.com/gui/file/593c91faf0605f937b676f0f6aea7324fd0800fcf630ca0c591aa18fa2c97238/detection
# Reference: https://www.virustotal.com/gui/file/427d31a39e30e238772ec5c7a7e5f21456455ca2c14ed33c3b637ddaafdf8d36/detection

3.142.141.21:30303

# Reference: https://www.virustotal.com/gui/ip-address/3.142.141.21/relations

ms-security-desk.cf

# Reference: https://www.virustotal.com/gui/ip-address/18.222.107.105/relations
# Reference: https://www.virustotal.com/gui/file/474a83ab9e606773f64bce7d639dae8a56f262af53ef0e7ee0d5be2bc6695d88/detection

18.222.107.105:1335

# Reference: https://twitter.com/ScumBots/status/1602702148290154496
# Reference: https://www.virustotal.com/gui/file/907610dddd18d371a814dafb80bf5fae3743cf2867b2f31590263f7c9c9114dc/detection

212.86.109.121:443

# Reference: https://twitter.com/ScumBots/status/1602858497409966080
# Reference: https://www.virustotal.com/gui/file/7a35b26ca56a9c4d04af40eded45352c5d1b8e1d8118a1dc26e5a5a80a1114e2/detection

18.229.146.63:16497

# Reference: https://twitter.com/ScumBots/status/1603359300478533632
# Reference: https://www.virustotal.com/gui/file/47a14e36512627b8f66d448935f547a8cd117a6761385fb178303795084cbf11/detection

54.37.161.92:22

# Reference: https://twitter.com/ScumBots/status/1603361811658596352
# Reference: https://www.virustotal.com/gui/file/ac0ac1aa9a3ca544a1218c836e42e858ec0e10444c72c09b2f1f9191ebfad636/detection

34.126.164.120:22

# Reference: https://twitter.com/ScumBots/status/1604028706950889474
# Reference: https://www.virustotal.com/gui/file/d0a7bd25b378287585c36b96d279de61374155a26916ea18509754644ad7cd03/detection

34.126.109.143:22

# Reference: https://www.virustotal.com/gui/file/d74ba5885f7659e58ae5a3d739ad7cc2be61917c13fd4ab4637a14a9f40851ae/detection

mamonci.ga
jacksonmuhammad990.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e9ed31263978322e1dcfb1e30e9e0958d7ba1e4e32b0e2d6286861ecd1c9c58/detection

http://185.29.10.41

# Reference: https://twitter.com/ScumBots/status/1604436389726142464

172.245.92.207:443

# Reference: https://twitter.com/ScumBots/status/1604884348305539075
# Reference: https://www.virustotal.com/gui/file/b485020628c5eb8f6964f79e89a9a3f522197210e300e820fc796763108a8ddf/detection

35.240.198.92:22

# Reference: https://twitter.com/ScumBots/status/1604891894366015488
# Reference: https://www.virustotal.com/gui/file/c071dcff79e062d648272664093f9886070e2df9b91ccfcf4332d296341fd05e/detection

20.226.72.14:22

# Reference: https://twitter.com/r3dbU7z/status/1604992480830967808

http://104.238.149.39

# Reference: https://twitter.com/malwrhunterteam/status/1604964169023115264
# Reference: https://www.virustotal.com/gui/file/b3cb1b5e3d828e25d9802cc536dd89e347bb70528285e1bf1e1acf123fb4659e/detection

letshackit.shohos.com

# Reference: https://www.virustotal.com/gui/file/e019717ced89e11e199b1480a5f3d85cda81181141f906093f39e0d2a13d9c5c/detection

3.129.187.220:11830
3.131.147.49:11830
3.133.207.110:11830
3.136.65.236:11830
3.138.180.119:11830
3.22.15.135:11830

# Reference: https://www.virustotal.com/gui/file/e724b87d50e009d1f60874451295724dff48d10231a9e5cc9c124acf962bf97d/detection

11.23.33.44:10225

# Reference: https://www.virustotal.com/gui/file/cd3dfff05a8b3134ebddd96e081465ed1f2fa847511976bc2eebed34eb114ae5/detection

3.22.53.161:13575

# Reference: https://twitter.com/VirITeXplorer/status/1605592225559089152
# Reference: https://twitter.com/VirITeXplorer/status/1605592378110119936

34.116.134.195:49751

# Reference: https://twitter.com/MichalKoczwara/status/1605658798437199872

62.182.159.147:8000

# Reference: https://twitter.com/ScumBots/status/1606044491546337280

195.58.39.167:8080

# Reference: https://unit42.paloaltonetworks.com/threat-brief-OWASSRF/

140.82.52.35:443
192.248.176.138:443
216.128.146.38:443
217.69.10.255:22
45.32.144.71:443
45.76.246.112:22

# Reference: https://twitter.com/malwrhunterteam/status/1608154920011825155
# Reference: https://www.virustotal.com/gui/file/6d4bc2f881d3b7c9df405e5550268db7382dd06e3451e0815cf365a6ef25ff90/detection

http://193.149.187.234

# Reference: https://twitter.com/pmelson/status/1609602465015414786
# Reference: https://www.virustotal.com/gui/file/4f3a7247427aa4cd1995b6ef6b41031c0e7c53e7fbf015c5bcc8a8195bc62b3c/detection
# Reference: https://www.virustotal.com/gui/file/2573edb9592715b7e0048056279d6d707c959fe815148f733e60b4eb0fca3aea/detection

ahoravideo-blog.com
ahoravideo-blog.xyz
ahoravideo-cdn.com
ahoravideo-cdn.xyz
ahoravideo-chat.com
ahoravideo-chat.xyz
ahoravideo-endpoint.com
ahoravideo-endpoint.xyz
ahoravideo-schnellvpn.com
ahoravideo-schnellvpn.xyz
bideo-blog.com
bideo-blog.xyz
bideo-cdn.com
bideo-cdn.xyz
bideo-chat.com
bideo-chat.xyz
bideo-endpoint.com
bideo-endpoint.xyz
bideo-schnellvpn.com
bideo-schnellvpn.xyz
cesareurope.com
fairu-blog.com
fairu-blog.xyz
fairu-cdn.com
fairu-cdn.xyz
fairu-chat.com
fairu-chat.xyz
fairu-endpoint.com
fairu-endpoint.xyz
fairu-schnellvpn.com
fairu-schnellvpn.xyz
k6027.eu
privatproxy-blog.com
privatproxy-blog.xyz
privatproxy-cdn.com
privatproxy-cdn.xyz
privatproxy-chat.com
privatproxy-chat.xyz
privatproxy-endpoint.com
privatproxy-endpoint.xyz
privatproxy-schnellvpn.com
privatproxy-schnellvpn.xyz
wmail-blog.xyz
wmail-cdn.com
wmail-cdn.xyz
wmail-chat.com
wmail-chat.xyz
wmail-endpoint.com
wmail-endpoint.xyz
wmail-schnellvpn.com
wmail-schnellvpn.xyz

# Reference: https://twitter.com/ScumBots/status/1610836059171987458
# Reference: https://www.virustotal.com/gui/file/56ad36ce1198a3da04f1caaad5dce450dface16309df8757a61dfe87548bebc4/detection

35.247.134.103:22

# Reference: https://www.virustotal.com/gui/file/c47a352bbb2d61a67a96b07695d5b31568ae1f9e9cfd649637570289bffbb19f/detection

poisonhosting.live

# Reference: https://twitter.com/ScumBots/status/1614464983122706435
# Reference: https://www.virustotal.com/gui/file/7bc9afd562babf7e328c1264dd95ff88d62cef6e41d0b5b1a4265cd2ba3d12fd/detection

34.87.169.136:22

# Reference: https://twitter.com/ScumBots/status/1614548033575817218
# Reference: https://www.virustotal.com/gui/file/b90b8990514c7a059fc25d4f2d49e95c2b99ab63354af58fee859c1502d2bfca/detection

165.22.76.250:22

# Reference: https://www.virustotal.com/gui/file/f854ee6b89136167029b67a2b53c55d438df3099530b352d3e7766daaba9369d/detection

http://194.180.48.211

# Reference: https://twitter.com/malwrhunterteam/status/1615066293652029440
# Reference: https://www.virustotal.com/gui/file/97eb0366f9f0fe5d8e0b53a92c5b6b315e867634dc15a5f0155fc8fb2919c3a1/detection

enhanced-google.com

# Reference: https://twitter.com/drb_ra/status/1614775265619578880

185.111.207.102:8080

# Reference: https://twitter.com/drb_ra/status/1615358787128545280

185.193.126.28:443

# Reference: https://twitter.com/malwrhunterteam/status/1615409256219480086
# Reference: https://www.virustotal.com/gui/file/68454ddcd864cd72fd03d0682f6a6e1e2cc0a2220ac1f3645dce6b4ffc801fb4/detection

lattescremato.xyz
miraistealer.xyz

# Reference: https://www.virustotal.com/gui/file/0dac98b37e63036bcd0ff0d8c1764337884b764895a9890b6fd3f6d449ef03c6/detection

russianmen75.top

# Reference: https://twitter.com/malwrhunterteam/status/1615801267913379841
# Reference: https://www.virustotal.com/gui/file/65d00e6ea3afb5ddc4c0a4e3939d08749c13ba1ccf7ebf00cd9426e3f2f0cf34/detection

164.92.162.96:1980
thelegendo.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1615815578886733829
# Reference: https://www.virustotal.com/gui/file/76dbc25ab7e6a68da4e09d7d5be440a81b12cbc756167fc1541a2d476b1d4c50/detection

188.132.130.60:8848

# Reference: https://www.virustotal.com/gui/file/ac3afc5b7972d04750df994044c154cfe1a8b14f66e1785d2d07683cf3ce515a/detection

healthnewsallover.com
hjordans.com

# Reference: https://www.virustotal.com/gui/file/04b3b20749f0368b84326c117709e00a7abdc2e1e2827a19765d07fb27192626/detection

bllsl1.shop

# Reference: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

111.68.7.122:8080
111.68.7.122:8081
149.28.193.216:8080
149.28.193.216:8081
172.93.193.64:8080
172.93.193.64:8081

# Reference: https://twitter.com/drb_ra/status/1617150178691006464

141.145.213.10:443

# Reference: https://twitter.com/1ZRR4H/status/1617295296014471169
# Reference: https://www.virustotal.com/gui/file/3e09a109f1b6b8a7c4fff965aeceb874557835d2b25b6b38e2a1ee33f3896a29/detection

frun.digital
otun1.xyz

# Reference: https://twitter.com/nosecurething/status/1617598720048263168
# Reference: https://www.virustotal.com/gui/file/6795bc29e730807523a7896f7666a2b5d9bf9b3ec5175956aadb42370c26316f/detection
# Reference: https://www.virustotal.com/gui/file/30fde5ac8a0d9ae8892726c44cec9ae1b5461b5693674c51e0639b73c9840b25/detection
# Reference: https://www.virustotal.com/gui/file/2803be04664a8cbc029fa8ef12658468f9977cb7371e06649f2afa571640add0/detection

172.245.45.213:3235

# Reference: https://twitter.com/x0rPE/status/1617472916807102465
# Reference: https://tria.ge/230123-me8pvsee6y/behavioral2

http://194.110.247.26
http://45.86.86.13
194.110.247.26:443
45.86.86.13:443

# Reference: https://twitter.com/xorJosh/status/1617553360000897024

http://149.28.193.216
149.28.193.216:443

# Reference: https://www.virustotal.com/gui/file/385ce140ecdd905c02d2fed664260d4271fa59d5b3e8998730ec9ca9926d8857/detection

ads-check.com

# Reference: https://twitter.com/ScumBots/status/1618298988188340262
# Reference: https://www.virustotal.com/gui/file/90f7f2a6acaa52850e60eac82c37276cea12426a24f10cca944eaa6746cfeb65/detection

193.161.193.99:22049

# Reference: https://businessinsights.bitdefender.com/technical-advisory-proxyhell-exploit-chains-in-the-wild

http://172.86.123.228
http://64.44.168.92

# Reference: https://twitter.com/drb_ra/status/1618432623189151745

135.181.253.65:443

# Reference: https://twitter.com/r3dbU7z/status/1618940230756872200
# Reference: https://www.virustotal.com/gui/file/8bd2ae95df444e91d6f69cd4b8555928e8f456afd7cab4cbdf04949835296ff3/detection

letsdo19877.strangled.net

# Reference: https://www.virustotal.com/gui/file/0b0d87744aa21b7ed3a5cf738bd655f3aa4f9608f7a28a8ea55dee3ac5c3c838/detection

http://163.123.142.210

# Reference: https://www.virustotal.com/gui/file/b8f0ad8c5dcbf0dea665d7836fe8ec139d7156752971a41e314cd2ef67405195/detection

http://179.43.175.187

# Reference: https://twitter.com/Merlax_/status/1619375830240731137
# Reference: https://www.virustotal.com/gui/file/f50786ae8ef79be5751bb4a3ded7be56fc66eff90794594f6d13d6959a669d15/detection

http://193.47.61.200
193.47.61.200:3387

# Reference: https://www.virustotal.com/gui/file/7766d6f7cb261c2678fa6fb08096ec1a5c7169480cb6f01b583d41f926289ded/detection

156.251.172.22:5555

# Reference: https://www.virustotal.com/gui/file/9e33046dff56d64ce5df6ff69d79fc83392241cf89f34856516c0c3d3b71f51b/detection

156.251.172.22:7855

# Reference: https://www.virustotal.com/gui/file/b9124056b73e4974b94770aef72cd653a7f9f33db407b734930fc18d8b17862d/detection

156.251.172.22:8862

# Reference: https://www.virustotal.com/gui/file/87099fe915a8795c491d0617ce20d7d9617747d8dc03a90e0082ca680b147157/detection

192.241.142.215:8282

# Reference: https://twitter.com/ScumBots/status/1619915893072433154
# Reference: https://www.virustotal.com/gui/file/1d35d110df09bc6081201bdc0e22c40646ee5104959c7021f28603841f66c080/detection

92.47.181.173:25

# Reference: https://twitter.com/malwrhunterteam/status/1620130758328455168
# Reference: https://www.virustotal.com/gui/ip-address/185.200.191.77/relations
# Reference: https://www.virustotal.com/gui/file/db2455440bb46036cbb5b7652786e005a837f5e2784540faca0a5c198d8952e6/detection

docus.space
docustorein.com

# Reference: https://www.virustotal.com/gui/file/8dcb011381a43cc9501bb3209d7d2863b8efc8d4bcebbdef341653cbc19a5095/detection

drivestoragecloud.com

# Reference: https://www.virustotal.com/gui/file/4abd213238c149ad4bfce9c2ac0de09e2714f8515901640996063a768ba1ff16/detection

103.46.128.44:53158

# Reference: https://twitter.com/malwrhunterteam/status/1623396323893411840
# Reference: https://www.virustotal.com/gui/file/10dc75c51b92cfd98093ee6bb94a5cb5ec1ceab872cb026a9bb21696e966bd5b/detection

3.85.231.45:443
/n0/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw
/n0/v3/links/ping-beat/check

# Reference: https://twitter.com/malwrhunterteam/status/1623621074037489664
# Reference: https://www.virustotal.com/gui/file/b3efeaa272619d54a7224bc10257229c7b075c79e3a5eacc206cbd0e3a604409/detection
# Reference: https://www.virustotal.com/gui/file/78099c7fd0ed38c41b18d43ff81ab91ed9154d97f158aac938d2c110edc86548/detection
# Reference: https://www.virustotal.com/gui/file/47a8503a4ef87b577fc38ee67d21c150ac58d72e0dd36e3987d7d0b9dbddba5e/detection
# Reference: https://www.virustotal.com/gui/file/77928be787e85103d49a1c56d0ca07a479daabb532154022b05a9002fd4f213a/detection

43.135.172.12:1900

# Reference: https://twitter.com/drb_ra/status/1626755809282609152

cspecim.store
blog.cspecim.store

# Reference: https://twitter.com/r3dbU7z/status/1625651123414523905
# Reference: https://www.virustotal.com/gui/file/0e49e77c0c8642ed8859a99c14fec1680e5a2ac689f15134074a4629b8642283/detection
# Reference: https://www.virustotal.com/gui/file/1adc5f86acd494f70a9a7001ca94644b21118c5f87c5fbd3835572cadcdfcc9a/detection

172.245.142.98:3389
172.245.142.98:4545
172.245.142.98:60
172.245.142.99:3389
192.3.113.194:3389
htxbdz.com
mail4.htxbdz.com
mail5.htxbdz.com
mail6.htxbdz.com

# Reference: https://www.virustotal.com/gui/file/b300f2c9534c3c9012d1108b15cb8057a24196ff29d982455de48555902081b6/detection

154.247.92.203:55

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-13%20Unknown%20Malware%20IOCs

http://46.161.40.72
/r/klf/5B876CA5C3AA0A7D

# Reference: https://www.virustotal.com/gui/file/18e254b9280a517c2cf84e73aaa23cdcf4d1e27b76deb37655d06c0a7ca5be8f/detection

3.141.210.37:17182

# Reference: https://www.virustotal.com/gui/file/794a7f6bb6bf9c1a2e0f47f36d0eb1b609f0d1de62dc50e859a6c62b77ded96c/detection

111.90.143.228:24

# Reference: https://twitter.com/ScumBots/status/1626214893740494851
# Reference: https://www.virustotal.com/gui/file/7bc2ba99e3289ac9d4939a56abfc90cb45c912aa0bed71f3084ad3cfa5898008/detection

31.210.55.103:41507

# Reference: https://twitter.com/ScumBots/status/1628016779451633664
# Reference: https://www.virustotal.com/gui/file/6c142b7ba9967a16d0a3a44ffd73713ca7cfd430eb79aa81f319e8165685528e/detection

134.122.51.63:22

# Reference: https://www.virustotal.com/gui/file/fd7d7fc9b18a81d921cd3bfa3b613f3558fcf4a31807146aa89a32776ff72954/detection

178.175.142.195:21288

# Reference: https://www.virustotal.com/gui/file/de9f00e68026508c42c1daf5fb77d78238ef01090b74d95e154aed8b8e0d5a0a/detection

178.175.142.195:57805

# Reference: https://twitter.com/malwrhunterteam/status/1628813529787555841
# Reference: https://www.virustotal.com/gui/file/d446a8aad146468b406229699b7614bfac715e1de2c8d0a6cdd626c677ee42c8/detection

wheufcvbheuywbfyhuwebfhuwef.africa
targetplay.wheufcvbheuywbfyhuwebfhuwef.africa

# Reference: https://twitter.com/ScumBots/status/1629738118159933445
# Reference: https://www.virustotal.com/gui/file/f3ac93766c4eab18906fcf0815eb01ad4409374e4736a855282237949a8ffafb/detection

34.126.190.114:22

# Reference: https://twitter.com/drb_ra/status/1629854149289422848

164.92.110.36:443

# Reference: https://www.virustotal.com/gui/file/9c1c570d490d67fde5689068726807b936d5fbe9a299a0760aa9d75e916e2305/detection

tequilamisorpresa.com/execution.php?tag=

# Reference: https://twitter.com/ScumBots/status/1630236404641824768
# Reference: https://www.virustotal.com/gui/file/000ebda7b9dbd9631ece03e1f6cddb887fe1f5913bbd04a241bc76ddf7618671/detection

34.87.98.110:22

# Reference: https://twitter.com/ScumBots/status/1630545929735401472
# Reference: https://www.virustotal.com/gui/file/b05e15ee98671f388cb1155a797e48cae944c01dd11179e5e295cdb45be3099c/detection

134.122.51.63:9001

# Reference: https://twitter.com/James_inthe_box/status/1630675575907164160
# Reference: https://app.any.run/tasks/4671f5c3-3ab2-403d-b1f6-416590ce1da0/
# Reference: https://www.virustotal.com/gui/file/416d0d7dbea6ad6e637e61a67301ffd3188af87d11e0ea7efe25e2a97e4eccf7/detection

miningpoolsforyou.com

# Reference: https://twitter.com/StopMalvertisin/status/1631318228722135047
# Reference: https://www.virustotal.com/gui/file/9a7061a539333e9f833a589197a60258ebb820bba5f1f29d5b31453e8e392d0f/detection

powpowpowff.blogspot.com

# Reference: https://twitter.com/1ZRR4H/status/1631651702763057152
# Reference: https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966

http://104.223.35.221
http://212.192.246.232
143.244.153.229:8090
146.70.126.178:57228
149.28.57.130:443
45.154.14.194:443
45.154.14.194:8080
160.20.147.145:8000
185.163.45.86:8000
45.146.7.20:8000
79.141.162.36:8888
80.85.156.184:8088
80.85.156.184:8085

# Reference: https://twitter.com/drb_ra/status/1631633081558859779

host.airmap.com

# Reference: https://twitter.com/ScumBots/status/1632754233039527936
# Reference: https://www.virustotal.com/gui/file/1d14e967192870bd29053933049d2e96f39839bdc85eaf483b0e38bdd8ca51aa/detection

28.106.10.80:53

# Reference: https://www.virustotal.com/gui/file/c5a641335e86b0d3d2718e52a2ea2fa8ac69c8fbb490189a7d11373974daa2c3/detection

3.67.161.133:15914

# Reference: https://twitter.com/executemalware/status/1633610231484751873
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-08%20Unknown%20Malware%20IOCs
# Reference: https://tria.ge/230224-vjmxysab33

http://159.223.101.65

# Reference: https://twitter.com/ScumBots/status/1633827558969212928
# Reference: https://www.virustotal.com/gui/file/a7f9be04c5f609331698b762f9454ad44cb4e6195e33dc5925e9b697c5e752c0/detection

20.100.194.20:8000

# Reference: https://twitter.com/ScumBots/status/1635503601907900417
# Reference: https://www.virustotal.com/gui/file/d0b836f5c561beeb92c457ce0d37347a5f5883ffb534f3b810c028b8f18517ca/detection

34.87.122.159:9001

# Reference: https://twitter.com/abuse_ch/status/1635711819397333000
# Reference: https://www.virustotal.com/gui/file/0555c8c1ad0e7f87671050f86a2895a8843fec5412a898a429e6010d3d0b5f15/detection

fuckallav.ru

# Reference: https://twitter.com/ScumBots/status/1636476259910729731
# Reference: https://www.virustotal.com/gui/file/ece46db4c34d9fa466905781dd4655db15ae3997318731a0dab51a2a026759aa/detection

28.106.10.80:14034

# Reference: https://twitter.com/ScumBots/status/1637076541208231937
# Reference: https://www.virustotal.com/gui/file/b9324465988881f24c0fcd158131e534f62bcaba7db23386616722910b2c6ce7/detection

34.124.206.184:9001

# Reference: https://twitter.com/ScumBots/status/1637076472086122496
# Reference: https://www.virustotal.com/gui/file/f306e739afa0e5ee265168997d7c34b9e7c901502d6585f24d93003a369f9457/detection

192.46.237.69:9001

# Reference: https://twitter.com/ScumBots/status/1637203552798900224
# Reference: https://www.virustotal.com/gui/file/89f447dc083895db8e1fdab06775de3a26aa5dfb87bee7000486cb5b4c6957c1/detection

28.106.10.80:4444

# Reference: https://twitter.com/jaydinbas/status/1637788868152885251
# Reference: https://www.virustotal.com/gui/file/25bc3c2c9ae8e0e65a93f52a4950056f584b6856514e2405a229e31633537983/detection

wjecpujpanmwm.tk

# Reference: https://twitter.com/drb_ra/status/1637793804030730244

d11jof8403sg9j.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/ab9bd97e350f7131c358da0db0d78182e4b96790155b646dc773df96e317d5cd/detection

tdameretrust.com

# Reference: https://www.virustotal.com/gui/ip-address/212.87.204.124/relations
# Reference: https://www.virustotal.com/gui/file/ba770b2c7f3d106ec679220f3e6c4a433b03afd53c581100e8c959538b806ec6/detection

http://212.87.204.124
212.87.204.124:5555
datacenter11.myftp.org
shopdataserver4.sytes.net

# Reference: https://twitter.com/ScumBots/status/1639620733394636804
# Reference: https://www.virustotal.com/gui/file/b4d11693d3fb4604c6e8f03b4967117d1af261907760bd0f78237df7a701f182/detection

34.124.190.131:9001

# Reference: https://twitter.com/sicehice/status/1639101351635369986

http://54.177.246.246

# Reference: https://twitter.com/ScumBots/status/1641171832140189696
# Reference: https://www.virustotal.com/gui/file/a834e4bfd6830bb7e4327fddd04e5016a3205850c4e7ba93ee8eeb7f202bc2f0/detection

173.249.15.168:4445

# Reference: https://www.virustotal.com/gui/file/505c33f56fe6d317aaa10ae05a9484585391c7b46fb13f65442eb0e86c34dd43/detection

144.168.46.50:7000
worknow.con-ip.com

# Reference: https://twitter.com/keydet89/status/1646928107864207362

103.253.43.5:30580

# Reference: https://www.virustotal.com/gui/file/76f49e8ccba8a9195fe9b8f2e2ff80d1128565ad1f7e42e4755423feb77f1470/detection

faceappinc.com

# Reference: https://twitter.com/malwrhunterteam/status/1650469422404886528
# Reference: https://www.virustotal.com/gui/ip-address/128.140.1.67/relations
# Reference: https://www.virustotal.com/gui/file/5e79a0a4a891aa33b2255df4d171e1c51882fd33d03591f801442c06f9fd38a8/detection
# Reference: https://www.virustotal.com/gui/file/0968da23ead738f7a1dd25acb456b5c79d6f62d5a1b0a3bdb93d2b855418149f/detection
# Reference: https://www.virustotal.com/gui/file/8f9fa90f6de669f9492a1a524fbefdda74499f4a047539b0388575f07f14f909/detection

aghbh73ehefiv787ywe8ads.com
o8i9asf86v76t3y67t63gg.cn
ptiva.fun
rytha.top

# Reference: https://twitter.com/ScumBots/status/1649978986045349890
# Reference: https://www.virustotal.com/gui/file/c8e7181a5926feae8db19b5007326f00a6b2cbee18343576b5f18ef4d165aded/detection

62.171.159.243:8080

# Reference: https://twitter.com/pmelson/status/1650976633828921344
# Reference: https://twitter.com/pmelson/status/1650980285343825923

105.105.6.114:9000
eeeeeeee0000001.ddns.net

# Reference: https://www.virustotal.com/gui/file/7f5fb027de46a8cf2436d2e7a768150d63154cb02379ef34f504367cf3bb9cf4/detection

45.82.69.203:443

# Reference: https://twitter.com/ScumBots/status/1651275024358162438
# Reference: https://www.virustotal.com/gui/file/b5c6be6a443762f5173d0c675ccaabf556851f27b287c4fd4449b9c9c83556ea/detection

142.132.183.135:4444

# Reference: https://twitter.com/jaydinbas/status/1651632311937507329
# Reference: https://www.virustotal.com/gui/file/a58da133b8aedcdca44489bf5bac98a1257f050af186620c8c0bae110f1e672b/detection

storage-cloud.ddns.net

# Reference: https://www.virustotal.com/gui/file/3028df18abecde50bca9d535f5ed9603a69f90a3ef9dfe2cd48f3e52d70fda2f/detection

81.19.141.20:31338

# Reference: https://twitter.com/r3dbU7z/status/1652177054589132801

18.222.184.115:4443
tcspune.co

# Reference: https://twitter.com/ScumBots/status/1653008955302445059
# Reference: https://www.virustotal.com/gui/file/b04cbe549f89af4695e80f2cb4baef7b43b0b88e29647f13c9b3e3871496a1ee/detection

34.142.174.196:9001

# Reference: https://twitter.com/pmelson/status/1654202794792853504

http://89.108.99.150
95.163.240.184:8000

# Reference: https://www.virustotal.com/gui/file/1ad299cbd28b33a9990715d79a9e27ac900114b7466cc6838ec66aaa85a68070/detection

sifibv.fun

# Reference: https://www.virustotal.com/gui/file/e942269f4344075f700c66969e50065d70d9c8686dc020c7ead42cd28858e540/detection

194.213.3.170:7000
winhost.con-ip.com

# Reference: https://twitter.com/souiten/status/1658059802201964545
# Reference: https://www.virustotal.com/gui/file/0d70893cd0ac11d0620faed3ee22bf8db61c430ea3ff862045cd632e714e767f/detection

18.228.115.60:18632
18.231.93.153:18632
54.94.248.37:18632

# Reference: https://twitter.com/malwrhunterteam/status/1658197993273565187
# Reference: https://www.virustotal.com/gui/file/ff5d3736cb0f0d09bce42c5d6d6b6c4ac126a378028e4bd5c8ca8d47f3585530/detection

http://91.134.166.20
91.134.166.20:8888

# Reference: https://twitter.com/malwrhunterteam/status/1659483903399272448
# Reference: https://www.virustotal.com/gui/file/bcfb1cf90d507fbbc52217d35d84d3dd3c55bcc3cf825ef35e4b829525544b7c/detection
# Reference: https://www.virustotal.com/gui/file/a7317dfa2e5fd9bc944a84cd7fd72d943377b567cd186eeea2af5066b28ff0a9/detection

217.12.218.107:25928
217.12.218.107:30139

# Reference: https://x.com/malwrhunterteam/status/1911894843632071088
# Reference: https://www.virustotal.com/gui/ip-address/37.143.10.156/relations
# Reference: https://www.virustotal.com/gui/file/91834c3c11d6b48dab2938d347907d8ef8d0353092e0a32494875e50b100dc7d/detection

documents-drive.com
ducumentsrepository.info

# Reference: https://x.com/JAMESWT_WT/status/1912127891107643801
# Reference: https://www.virustotal.com/gui/file/44cb60c9bb448b33549b2002a84fd56483bbb17fab3f1d861a7f4256a063bbb5/detection

ms-coauth.com

# Reference: https://x.com/k3yp0d/status/1840737328681120219
# Reference: https://app.validin.com/detail?type=ip&find=45.147.228.17#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=45.61.133.102#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/757fcc23a03ad93e5414ae62b910ec171286123a903472bc9bfe102ec9d30d78/detection

emotionsforsale.shop
onedriveview.shop
securedonline.net

# Reference: https://www.virustotal.com/gui/file/28060272b537b023d19c03baead2e218f53a65b66cfc2da8b1daa97b9647e8e5/detection

34.87.124.163:9001

# Reference: https://www.virustotal.com/gui/file/1add3c29ce97618963a134bf62210158e673bae68def105343c36553005d3ef1/detection
# Reference: https://www.virustotal.com/gui/file/7095b88ff7dd5f5c13ac2bcc59cf66cacdfb0b4190172edf6a91e3abdbc8faec/detection
# Reference: https://www.virustotal.com/gui/file/8190ddbfc7c18eebeb0c4444faf57b30b74f23f523b2e6330aac6f06aa233a6b/detection

http://144.91.82.35
144.91.82.35:1234
recon.wleberre.fr
traefik.wleberre.fr

# Reference: https://www.virustotal.com/gui/file/88a6c349783d253832cfe99a610cfd5232d9d542959930077850c9730acb5580/detection

193.161.193.99:24466

# Reference: https://www.virustotal.com/gui/file/54409d93f527e796b88c4ebdcf2224e8559cdc97e6720eb99ba04f1258d04477/detection

103.203.221.232:5555

# Reference: https://www.virustotal.com/gui/file/22c9e750c38078ccaa1ba4d54fdf08a8974304fd761620a164c8804f12601787/detection

3.125.209.94:18859

# Reference: https://www.virustotal.com/gui/file/7ea4f35d8d316416e7ae0e5b4fe5a67e48254a392af2ee372d17bb98646d0c8e/detection

34.142.250.168:9001

# Reference: https://www.virustotal.com/gui/file/522cf9ec022cd77ca08afe8c1b2d7ad468601193e98cec074034702db36d7a21/detection

http://194.55.224.183

# Reference: https://www.virustotal.com/gui/file/404b3b8eb3635f2d7d25794af53ee63870b8fa8b9f85e5cf65890964ffedd8b4/detection

arianpardaz.ir

# Reference: https://www.virustotal.com/gui/file/b069a9f636161914c000badcc2097eb195d2fb3c566f286d81bd803a1326b411/detection

http://185.106.93.175

# Reference: https://www.virustotal.com/gui/ip-address/121.127.33.21/relations
# Reference: https://www.virustotal.com/gui/file/8b987c555eeb667b602c7abf81205f3f3b8c585d7fd112f271548fa5adb2872b/detection

121.127.33.21:443
v4ink.shop

# Reference: https://twitter.com/ScumBots/status/1680564271149621249
# Reference: https://www.virustotal.com/gui/file/c01068e733eb7056b1c9c6ec8692c379c28fa775445755ee913153ca2e69fc6b/detection

77.74.198.52:5252

# Reference: https://www.virustotal.com/gui/file/09a230c8d2534c93ef9a87c0869bd5ba04cb2b0f2e6d5e3d767b5cc088e830a9/detection

35.183.18.77:4444

# Reference: https://www.virustotal.com/gui/file/4d854ff95d848fae253dd1803549268b190c1f8b422ab58470afa33720f21423/detection

194.26.135.112:443

# Reference: https://www.virustotal.com/gui/file/80c788e8b6f97287525c9d397811e6d06bc6f2bf6462635b3d4e47850a3ecd0b/detection

34.124.235.86:9001

# Reference: https://app.any.run/tasks/d2f4eb73-16d9-4c17-844e-a38aa4fd8833/

cff66d08-d3f8-42db-911c-ce670399a441.usrfiles.com

# Reference: https://www.virustotal.com/gui/file/0d0c3b34ca6fdea82bbc6997d4c9e76f5a10bb290bb75caaa40db2083c33bb85/detection

81.80.40.49:5567

# Reference: https://www.virustotal.com/gui/file/767aab9584af0b1b5fa71311c60d8338bb696cabe1a94783eb4ac3c70e80872b/detection

195.164.49.184:5060
fileless.ecsc23.hack.cert.pl

# Reference: https://www.virustotal.com/gui/file/8b6d6e78ad91bbf07fa4bebbe2060d2bf3f5e0812133e38c45b95622a40a8ea9/detection

165.22.120.187:1337

# Reference: https://twitter.com/drb_ra/status/1682766283266244608
# Reference: https://app.any.run/tasks/a20b7b3b-993e-4fff-87cd-1ee4118d5107/

94.198.53.89:443
microsoft-support.zapto.org

# Reference: https://www.virustotal.com/gui/file/a127dc707f592712f4437a04b9a926e3972715c84a0a41d8810010c935e4a281/detection

azuremigration.westus3.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/1cad453ece89801b6a2390901855ae9795c0489252bc3738065a0b0dba990eb2/detection

http://192.169.69.69

# Reference: https://twitter.com/sicehice/status/1675995894716530690

167.172.75.230:443
167.172.75.230:8000

# Reference: https://www.virustotal.com/gui/file/fc4f9388511935eb60dd0ce6a20f2283ae2a3a3e0dcb82968216c007d2181d97/detection

89.189.163.174:4443

# Reference: https://twitter.com/sicehice/status/1687598958854524928

173.254.247.87:8080
192.210.174.143:8089

# Reference: https://www.virustotal.com/gui/file/c0e5098c8da2e4b299cde8eebb6dd9d584428ee85d7f045bace94a4c1cfbb341/detection

85.239.243.243:8080

# Reference: https://twitter.com/sicehice/status/1688562143770161152
# Reference: https://www.virustotal.com/gui/file/64a3aec5e48da6f14945e536895c2571d3bf3e55a779f01376ad76af85d764ad/detection

44.238.8.1:9001
starkiller.cc

# Reference: https://www.virustotal.com/gui/file/8b9c05a1e4a3b701bf8d2229a70bc83cc25b975ab16dbc2a2d0f98d319eeae0a/detection
# Reference: https://www.virustotal.com/gui/file/2d7834a739b77aabd8a7b9ce98a5bcf9a7deec15e6b1f3a921f7b3ad8a6d2d11/detection
# Reference: https://www.virustotal.com/gui/file/25a93411b5cc6b5162ae2410ed17e095393c2136de81626fbbe88906d5017602/detection

netdisk.780wow.com
netdisk.ddnsgeek.com

# Reference: https://twitter.com/malwrhunterteam/status/1689237232899502082

38.105.232.166:8080

# Reference: https://www.virustotal.com/gui/file/6c5816812ad2b8dcf1bdf8e7a393c283202f85b1c998c899639579c3458abc26/detection

77.74.198.52:8083

# Reference: https://www.gdatasoftware.com/blog/2019/07/35061-server-side-polymorphism-powershell-backdoors
# Reference: https://otx.alienvault.com/pulse/5d2da19e3055b91559471028

adm.esurf.info
green.4107irishivy.info
green.dddownhole.com
green.nogel.tech
red.1407cty13pec.com
red.340airport.com
sad.childrensliving.com
space.4fallingstar.info
stats.emeraldsurfwatermanagement.com
wws.rheovesthr.com

# Reference: https://twitter.com/sicehice/status/1689823307351146496

146.190.92.173:8000
159.65.140.154:443
159.65.140.154:8000

# Reference: https://twitter.com/ScumBots/status/1690282049406464000
# Reference: https://www.virustotal.com/gui/file/a1d92d7aaf76c140263408d888b089932b91ddbd647ed62370d717b051e3ca93/detection

146.70.158.173:8080

# Reference: https://github.com/conexioninversa/WOPR/blob/main/C2_Posh.txt (# 2023-08-12)

103.230.142.243:443
3.70.143.123:443
3.78.75.167:443
62.182.159.155:443

# Reference: https://twitter.com/ScumBots/status/1691170399625572353
# Reference: https://www.virustotal.com/gui/file/e606be399e9435970268ba6f0e552f6426b229ff62a30fd61256733282937261/detection

96.27.38.90:443

# Reference: https://twitter.com/ULTRAFRAUD/status/1692807375395094961
# Reference: https://www.virustotal.com/gui/file/a70d2999b817814f006a7f3e0bda9a69e8be0d4835e9c03cc3d39aa3e0a510e7/detection
# Reference: https://www.virustotal.com/gui/file/a8a9859f09378a4efd8802691e6ddf6aa0ae9fd4182149cee44c2fc0beb98fbb/detection

103.145.13.69:13337
103.145.13.69:8181
h4ck0ps.cc
vms.h4ck0ps.cc

# Reference: https://twitter.com/sicehice/status/1694535541671268748

http://35.174.153.211
35.174.153.211:443

# Reference: https://twitter.com/sicehice/status/1694542540563755127

38.145.203.20:8000

# Reference: https://twitter.com/sicehice/status/1694546485864435835

95.163.168.155:8000

# Reference: https://twitter.com/sicehice/status/1694537861012267015

37.59.41.105:8080

# Reference: https://twitter.com/ScumBots/status/1694590454094787006
# Reference: https://www.virustotal.com/gui/file/b312edcf516092e0b3caecc4f75e30f8c893d995fecceeccb1a82c5d622af3ed/detection

http://43.142.102.110

# Reference: https://twitter.com/drb_ra/status/1696696188978745773

45.79.196.203:443

# Reference: https://www.virustotal.com/gui/file/01bb93056a4e243f6c65298f68568819a0719abd56ed9c271bd53009a3a47542/detection

cg7cy082vtc00008r4sggedsxyeyyyyyb.oast.fun

# Reference: https://twitter.com/ScumBots/status/1698926512676757876
# Reference: https://www.virustotal.com/gui/file/6ab9f03168ef97048e9a4c38572a5c3491550ecc207ad6794a0af14dbe262b22/detection

103.189.234.23:8080

# Reference: https://twitter.com/ScumBots/status/1699749435872346462
# Reference: https://www.virustotal.com/gui/file/fce494b4dbbadbfc64925ac00092a8465ccb2c7ec18153798fac517ae9289f90/detection

173.44.141.140:443

# Reference: https://twitter.com/ScumBots/status/1700053942464360662
# Reference: https://www.virustotal.com/gui/file/4210fb29431b8f05f68b2b488454cd3d7db8b5fcf8a723fbbc9434073385f3ba/detection

11.239.125.213:5439

# Reference: https://twitter.com/ScumBots/status/1699466347053281617
# Reference: https://www.virustotal.com/gui/file/8280fc83a755f6b9e8a8ba8895d00f5c9f6537815246bcd037436f6efa123ce5/detection

1.15.157.229:8080

# Reference: https://www.virustotal.com/gui/file/7e1180455a5558850a07f4ce55b245f948fe8cbd234585999e55c6ac33f26d49/detection

156.223.95.69:4444
0x0.sytes.net

# Reference: https://www.virustotal.com/gui/file/35192d4d74912cc9fcc11fb8ddb9f7623017433ed6dcab72e7386fd5d5a3e419/detection
# Reference: https://www.virustotal.com/gui/file/7775055c940a803de65a81a6b8948b8d0bb2e362fdc241535becf00c73e6a0d4/detection

http://103.68.109.31
103.68.109.31:1337

# Reference: https://twitter.com/r3dbU7z/status/1705654727176777736

138.201.121.107:2222

# Reference: https://twitter.com/jaydinbas/status/1706289240781308236

macores.com

# Reference: https://www.virustotal.com/gui/file/259ad9bd08ed475a5544f37c11e7d4a18c8feffe50e1be9944de1ff20ccaee6c/detection

3.126.37.18:12533

# Reference: https://www.virustotal.com/gui/file/2b07b93de86a3a206484cb65893556da14810f29737ce1301cd4252869629711/detection

79.110.196.41:9005

# Reference: https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala

4.216.137.19:443
4.216.137.19:8080

# Reference: https://twitter.com/_JohnHammond/status/1708910264261980634

103.163.187.12:8080
/cz3eKnhcaD0Fik7Eexo66A

# Reference: https://twitter.com/drb_ra/status/1709382606972653886

135.181.37.202:443

# Reference: https://www.virustotal.com/gui/file/8e7a257076b6e97b4d50e99426598607241dfddd376b7a3b8b128b8f60415c0c/detection

testrain.s3.us-west-1.amazonaws.comc

# Reference: https://threatfox.abuse.ch/browse/malware/win.poshc2/ (# 2023-10-11)

103.39.230.213:3790
157.245.128.27:443
18.134.14.164:443
185.255.79.26:3790
46.243.186.112:3790
51.250.38.28:443
68.183.227.107:444
70.77.124.96:8443
94.198.53.143:443
94.23.228.43:443

# Reference: https://twitter.com/ScumBots/status/1712717382886560036
# Reference: https://www.virustotal.com/gui/file/4f97115e2fffc6c52bcf715b0c54152bcc95811dfdabfca02d0f136ecfbac9a3/detection

45.128.232.86:9001

# Reference: https://twitter.com/ScumBots/status/1711390002867732883
# Reference: https://www.virustotal.com/gui/file/b7c49151c1cf72e7a366cb0d5daf70492d05ebaed4f9264102d5b9f02f890109/detection

lovelace.loophole.site

# Reference: https://twitter.com/ScumBots/status/1712838182587228272
# Reference: https://www.virustotal.com/gui/file/8d5378448b2ac7511a59ad7fe8b3026f3a04f8f956a382ed852ae7f2fca57fc9/detection

45.128.232.86:1337

# Reference: https://threatfox.abuse.ch/ioc/1189595/

88.210.9.139:443

# Reference: https://threatfox.abuse.ch/ioc/1189901/

185.234.216.64:443

# Reference: https://twitter.com/banthisguy9349/status/1757768177696571871

185.234.216.64:8000

# Reference: https://threatfox.abuse.ch/ioc/1191031/

159.100.29.105:8888

# Reference: https://www.virustotal.com/gui/ip-address/181.56.166.194/detection

http://181.56.166.194

# Reference: https://threatfox.abuse.ch/ioc/1191345/

213.219.37.158:443

# Reference: https://www.virustotal.com/gui/ip-address/130.61.40.154/detection

http://130.61.40.154

# Reference: https://twitter.com/ScumBots/status/1717576908685053966
# Reference: https://www.virustotal.com/gui/file/b6e4d8b5d4b3fc1c45673cd91d0fd54da4706ecc63f9821a161fdea05ce8fee0/detection

34.87.67.111:9001

# Reference: https://twitter.com/ScumBots/status/1717576983251390579
# Reference: https://www.virustotal.com/gui/file/c9d39adf22200b9ac92bc07e6dd12c1c30562ca6819b5a1182142c5c8bb1dbed/detection

139.144.176.53:9001

# Reference: https://threatfox.abuse.ch/ioc/1196098/

3.253.77.60:443

# Reference: https://www.sentinelone.com/blog/threat-actors-actively-exploiting-progress-ws_ftp-via-multiple-attack-chains/
# Reference: https://otx.alienvault.com/pulse/6525605d7e0da326e806369b

2adc9m0bc70noboyvgt357r5gwmnady2.oastify.com
bgvozb1wnz86q952zxjlwusv2m8gw5.oastify.com
qzt3iqkb6erl9oohic20f9bal1rsfh.oastify.com

# Reference: https://threatfox.abuse.ch/ioc/1197635/

13.48.77.144:443

# Reference: https://twitter.com/malwrhunterteam/status/1719817510063649096
# Reference: https://twitter.com/malwrhunterteam/status/1719814620146196785
# Reference: https://www.virustotal.com/gui/file/4ea37ddd66bb4ece8c16eb02a016f45650a1e5677454533d3f1d3fd2c61f040b/detection
# Reference: https://www.virustotal.com/gui/file/be4d6ecea23712790a13f4d538a5bc9feaaa61054f7fd9d0cb45d304a1129250/detection

communications-stream.azurewebsites.net
globalupdates.azurewebsites.net

# Reference: https://twitter.com/malwrhunterteam/status/1719778744531915103
# Reference: https://www.virustotal.com/gui/file/7f5fd51b97907e7dbad4a79aea928d562d93dc56dd7320a6823dcd55fe1b727c/detection

shdf.global.ssl.fastly.net

# Reference: https://twitter.com/Gi7w0rm/status/1721564409800142986
# Reference: https://www.virustotal.com/gui/file/cb6768fc529a0124cfb417faa72bbbc47942d8594d7f36bf40595f25c1bd1e73/detection

http://193.149.129.136
193.149.129.136:55556

# Reference: https://x.com/suyog41/status/1915373432574775499
# Reference: https://x.com/malwrhunterteam/status/1915382237236785464
# Reference: https://www.virustotal.com/gui/file/3c9d179d6c8061fb921285c59259e53129f7dcd6c02a685276908d28504c8a8c/detection
# Reference: https://www.virustotal.com/gui/file/8beba833da758b47c77e62269bba3624a16b33f7f8b791d6a5343c819b5c7075/detection

http://65.38.120.193
/PaloNetwork/Files/JL01.html
/PaloNetwork/Files/FG03.html
/PaloNetwork/Files/iloveyou.png

# Reference: https://twitter.com/drb_ra/status/1721707992142282792
# Reference: https://www.virustotal.com/gui/file/f232292c5a5be9cca042b6a204b3eac6e2b47de5683376eb9dca3a4283c38417/detection
# Reference: https://www.virustotal.com/gui/file/f1919abe7364f64c75a26cff78c3fcc42e5835685301da26b6f73a6029912072/detection
# Reference: https://www.virustotal.com/gui/file/ebd54bda4cc2adc94cc987a6a6e0e381aed0e3b35242bb283c9431117e9f1d9f/detection
# Reference: https://www.virustotal.com/gui/file/ac65fc0b341293796fba4e6b060ea3b2784456a0c3414ca5818726b42246d1a7/detection

aqlifecare.com
health.aqlifecare.com

# Reference: https://twitter.com/drb_ra/status/1721895020880712100
# Reference: https://www.virustotal.com/gui/file/208c395d7cba4adf69df4f95fd9c874ff52ffab14df525e50d1255d3d950f2ab/detection
# Reference: https://www.virustotal.com/gui/file/52b58ee6ebe69ee13fe970a68eda09118aa83d5a669b79090f6a880fd9d344d8/detection

viewservice.org/usersync/tradedesk/

# Reference: https://threatfox.abuse.ch/ioc/1199587/

132.145.106.12:443

# Reference: https://twitter.com/1ZRR4H/status/1722515857832559066
# Reference: https://www.virustotal.com/gui/file/4ff71b3f881dbf6692adf9fe686da6acfe8190a53d2b0afca3815b2d4903f019/detection

http://80.92.206.203
80.92.206.203:443

# Reference: https://www.virustotal.com/gui/file/85239a43c106a44aac81c772f87982848cf18bcce87b5c0b5c4f1b1ea17c8b66/detection

cloudfare.webredirect.org

# Reference: https://twitter.com/ScumBots/status/1722878084913693164
# Reference: https://www.virustotal.com/gui/file/a4fafa40bfe7001d890c256f6c4456a63ba16165f37ce7763a18ae4d48ffcba2/detection

18.177.76.42:19536

# Reference: https://twitter.com/ScumBots/status/1722988815965409392
# Reference: https://www.virustotal.com/gui/file/3e2c2052e4854730e5de9f445426030f03c80ea3d031eb89b23b6cdd65a55b9d/detection

18.177.60.68:18056

# Reference: https://threatfox.abuse.ch/ioc/1201542/

79.143.181.62:443

# Reference: https://twitter.com/ScumBots/status/1723308424081907796
# Reference: https://www.virustotal.com/gui/file/573e2765776dbe271ef7feefa7502d7a758178f067c595ea9908e2df2ae9abb0/detection

18.177.0.235:18072

# Reference: https://twitter.com/doc_guard/status/1725564939878756608
# Reference: https://www.virustotal.com/gui/file/33d3af4cae982d5f0456f3b13d5dcf90506c0262e2900d4ef32a4e01a59628bc/detection
# Reference: https://www.virustotal.com/gui/file/92343dd76241c60af94b8ccd1d841539dce75f61baf0c8f7eb655244e7c74f5d/detection
# Reference: https://www.virustotal.com/gui/file/96c62314d9fe9d18efb86551ac411d17de0e9ecda19654355da9b5e80ef91cf0/detection

45.94.171.145:65001
rootsomer.com.tr

# Reference: https://twitter.com/malwrhunterteam/status/1726684924189778027
# Reference: https://www.virustotal.com/gui/file/51d58c202db91bf0cdb3fd5008dcec32e098d6ce11d8bfe60eeb48f52b9881d9/detection

89.23.96.127:7777
drive-cloud.site
google.drive-cloud.site

# Reference: https://www.virustotal.com/gui/file/17e224b87896058d524b045a1f381cdef5706e39269a241ff66ce182a236a8e1/detection

growens.it

# Reference: https://www.virustotal.com/gui/file/ed5d694d561c97b4d70efe934936286fe562addf7d6836f795b336d9791a5c44/detection

adobe-us-updatefiles.digital

# Reference: https://twitter.com/ScumBots/status/1729243782003007627
# Reference: https://www.virustotal.com/gui/file/f8d9c76db48bcacc9d1d6eebd448fe64840a22ca02b4adf038369de0ab1c0854/detection

69.69.69.69:9032

# Reference: https://twitter.com/ScumBots/status/1730067964680958059
# Reference: https://www.virustotal.com/gui/file/701bf64997d99ecd5746a74490b91907ae7a2932a1328e8f8153060b5517f201/detection

18.177.76.42:16408

# Reference: https://twitter.com/ScumBots/status/1730062930895372548
# Reference: https://www.virustotal.com/gui/file/ef7fdc6dce3cd02b4723a02076161a2db53c8d3872d87c01b90c3a4493822044/detection

18.176.183.3:16499

# Reference: https://twitter.com/ScumBots/status/1730005048715846083
# Reference: https://www.virustotal.com/gui/file/672f42064edaf777423c28564d4699ba6d3a8ce7be6d2a077bfb2c56033d2738/detection

18.177.53.48:10233

# Reference: https://twitter.com/ScumBots/status/1730002531143602423
# Reference: https://www.virustotal.com/gui/file/2a7876be11ba9711d3c40dc32d0a682ab5d9f5f97a1e48800ff0e071c4494418/detection

18.177.0.235:18650

# Reference: https://twitter.com/ScumBots/status/1729855312239186318
# Reference: https://www.virustotal.com/gui/file/d7f55aee386b92996121a3db058a99ebcb36c8beb102ec97a84a0861f0ed668b/detection

185.198.56.73:10443

# Reference: https://twitter.com/ScumBots/status/1729786117203931283
# Reference: https://www.virustotal.com/gui/file/9085492cb286de93e5827917b70ff0766d2428b6f7fc3048f832a21fb48d0c0b/detection

18.177.0.235:18224

# Reference: https://twitter.com/ScumBots/status/1729783590202867719
# Reference: https://www.virustotal.com/gui/file/0d386a97d8bb9b552ec6f5b846e5d5782e8e1961d6b5f20ecfbe0c6f1ce4f692/detection

18.177.0.235:19610

# Reference: https://twitter.com/ScumBots/status/1728486288553087217
# Reference: https://www.virustotal.com/gui/file/0a5b954528f496eba1fbfb342beb2f6fba414eb65fb4080a25e6076dd8f81f7a/detection

147.185.221.17:28648

# Reference: https://twitter.com/ScumBots/status/1727526214837948878
# Reference: https://www.virustotal.com/gui/file/1f66f988f842c0b1d50d7988354ddaaaf7df2d171b8407f12fae111db7a19a62/detection

18.177.60.68:16672

# Reference: https://twitter.com/ScumBots/status/1727523700713336901
# Reference: https://www.virustotal.com/gui/file/ca78da048be50d57af074b9348150606c11564a087f8b15eb273a4c853a6557c/detection

18.177.76.42:17168

# Reference: https://twitter.com/ScumBots/status/1727518668345532521
# Reference: https://www.virustotal.com/gui/file/ddde2b7bf9b8272efc367ff0a32f9195b38f81c103c64d1773994236f41aa861/detection

18.176.183.3:13608

# Reference: https://twitter.com/ScumBots/status/1725412296111911402
# Reference: https://www.virustotal.com/gui/file/85cb3767b22a0fe7280519d30663972557ccd681738baa855f70daf767dc6d42/detection

18.177.76.42:18064

# Reference: https://twitter.com/ScumBots/status/1724780625121714349
# Reference: https://www.virustotal.com/gui/file/404c3ce096f6991834caeae8a5969f52b73b796c5ac7896875f069b708f8032b/detection

18.176.183.3:16992

# Reference: https://twitter.com/ScumBots/status/1724418231362822592
# Reference: https://www.virustotal.com/gui/file/0259975a0674bd03f1293281ee6d4b01be43929f3d505b3f8d243332ab3b1cca/detection

18.177.76.42:12625

# Reference: https://twitter.com/ScumBots/status/1724408165658243082
# Reference: https://www.virustotal.com/gui/file/7ac271b284c02f95bf6333c1de26f494eb6b780ce09d2c704afa3cdb112f7528/detection

18.176.183.3:16208

# Reference: https://twitter.com/ScumBots/status/1724078495829991483
# Reference: https://www.virustotal.com/gui/file/f8bd60ec9c3262f9df306c0aacc83c5e3e78665a49e1b2e8d1bcbf9169a1f700/detection

18.177.0.235:15888

# Reference: https://twitter.com/ScumBots/status/1724008034785952116
# Reference: https://www.virustotal.com/gui/file/f5d21d57cbc53dccee84e7bb701c3070661d0cbd39ff352b660df2846f126c72/detection

18.177.60.68:12816

# Reference: https://twitter.com/ScumBots/status/1724005519151485194
# Reference: https://www.virustotal.com/gui/file/51dbd2d4dd796949b14afc81aeb78fd1c712b068e101b9ad1572d6e770491806/detection

18.177.0.235:19410

# Reference: https://twitter.com/ScumBots/status/1723947633100628349
# Reference: https://www.virustotal.com/gui/file/22c1329be33647af3519c6ecac6f934b1bedfad2266f23ba34e5c81817ea4d59/detection

18.177.60.68:12641

# Reference: https://twitter.com/ScumBots/status/1723945125082964066
# Reference: https://www.virustotal.com/gui/file/24f8581f8da73997f9fdf1d19a4da0140fd85fb684f6d657e2d0547320489722/detection

18.177.76.42:18744

# Reference: https://twitter.com/ScumBots/status/1723942676880318551
# Reference: https://www.virustotal.com/gui/file/cdaa6ce98344ce69b6c93bee366ec1a746d672aacf9d14df4af326a6d536d0c3/detection

18.176.183.3:12601

# Reference: https://twitter.com/ScumBots/status/1723942599138939269
# Reference: https://www.virustotal.com/gui/file/040fe52ae08209acdec3c0856d79ad53bb89d45f42837cf64bcc1bd9af9e5fc1/detection

18.177.76.42:10528

# Reference: https://twitter.com/ScumBots/status/1723937565940523176
# Reference: https://www.virustotal.com/gui/file/8b6b6dd7e953ef8d730f7a33cdf56ba0dd2b02097c89310287d25333a7f0b2f7/detection

18.176.183.3:13833

# Reference: https://twitter.com/ScumBots/status/1723935058027843806
# Reference: https://www.virustotal.com/gui/file/f75e602c31a8fc107f944cac6d30d2711c1d4f5ffb8645a9e387a3ff6340fcd4/detection

18.177.53.48:13833

# Reference: https://twitter.com/ScumBots/status/1723310946230128775
# Reference: https://www.virustotal.com/gui/file/80834896d6c0dd7a61c3d5f89ddea06e793184077b6ee4a70168d51fca54fb1f/detection

18.177.0.235:19193

# Reference: https://twitter.com/ScumBots/status/1723308424081907796
# Reference: https://www.virustotal.com/gui/file/573e2765776dbe271ef7feefa7502d7a758178f067c595ea9908e2df2ae9abb0/detection

18.177.0.235:18072

# Reference: https://twitter.com/ScumBots/status/1723298436395540941
# Reference: https://www.virustotal.com/gui/file/11d03bb5069bb781567169aa37b8da61e731a9753447344f4ce5cb731017b5b3/detection

18.177.76.42:14706

# Reference: https://twitter.com/ScumBots/status/1723298359253864618
# Reference: https://www.virustotal.com/gui/file/17b1db76f845ac1236a13a0e81b07c6f81b8bcf54d79056008768b521e0d9eca/detection

18.177.76.42:19464

# Reference: https://twitter.com/ScumBots/status/1723293319004926397
# Reference: https://www.virustotal.com/gui/file/a332d9a03fc5f058bbe43920c63a82343f4968584fd3de95247b422658bd2518/detection

18.177.60.68:11625

# Reference: https://twitter.com/ScumBots/status/1723190139885642115
# Reference: https://www.virustotal.com/gui/file/37f9b9194773dcfd0661a084d43d806aa7889724bb8828de7ebd100397877911/detection

18.177.53.48:17984

# Reference: https://twitter.com/ScumBots/status/1723187627598193086
# Reference: https://www.virustotal.com/gui/file/054d994f7c6575ceb31aacc8380898277205861e99b49462752b1750c3cd9a26/detection

18.176.183.3:12209

# Reference: https://twitter.com/ScumBots/status/1723185112961954128
# Reference: https://www.virustotal.com/gui/file/7993994480e859b0c8a6260089c144fac5daaff6249a68094958f981328fdb31/detection

18.177.0.235:14922

# Reference: https://twitter.com/ScumBots/status/1722996370481512623
# Reference: https://www.virustotal.com/gui/file/399f0d3ef13f91a2ee84d27d8f2ea6662a77f62447f607122dac5efed13797c3/detection

18.177.53.48:11440

# Reference: https://twitter.com/ScumBots/status/1722994015358824650
# Reference: https://www.virustotal.com/gui/file/28c9d3eb510a2d423951ebc0f3aafc804fed15f8680da0513a06f677742aec75/detection

18.176.183.3:10122

# Reference: https://twitter.com/ScumBots/status/1722993929631441381
# Reference: https://www.virustotal.com/gui/file/79792001fd78cfb7d07746926ec9eefbd6629ab669c685e4d55d2380034f59a0/detection

18.177.60.68:11867

# Reference: https://twitter.com/ScumBots/status/1722993849792864518
# Reference: https://www.virustotal.com/gui/file/ef21228079382941b59c91068b715a80a6f49d4d822c3f332658cafd052d68f3/detection

18.177.60.68:11385

# Reference: https://twitter.com/ScumBots/status/1722991407143469058
# Reference: https://www.virustotal.com/gui/file/6bcf5cbe50239b2787bf97843ecdc7a6fc816d71e70630b0bd6f0a0f21db6e65/detection
# Reference: https://www.virustotal.com/gui/file/332ccdc1968fc98802a85ba05013a2c699a7382b72b9d9f08334b910203e3af2/detection

18.177.0.235:13721

# Reference: https://twitter.com/ScumBots/status/1722986456845590690
# Reference: https://www.virustotal.com/gui/file/9c59ec234bea2a43db1ef08f405b519f31d88dd90bb3bcad04150cfb6ac05eac/detection
# Reference: https://www.virustotal.com/gui/file/5c726429d44b966bea1464470dd66b3a24d3e824a5e7652edbce20bf69673d4e/detection

18.177.76.42:12819

# Reference: https://twitter.com/ScumBots/status/1722986378139431243
# Reference: https://www.virustotal.com/gui/file/54033f0f9f507ae3d5773696000bdd3e63f5da1cec2794504700339446134169/detection

18.177.53.48:18056

# Reference: https://twitter.com/ScumBots/status/1722968685369856086
# Reference: https://www.virustotal.com/gui/file/1393b94f6048c81c78642a75dee59081d6800673bb97895f06419c2bf5f41d89/detection

18.177.76.42:12433

# Reference: https://twitter.com/ScumBots/status/1722961348877856916
# Reference: https://www.virustotal.com/gui/file/051fdadbc6f1cf9488a8d9abf15971216541c70110a75198bab0622dfa0af293/detection

18.177.76.42:16321

# Reference: https://twitter.com/ScumBots/status/1722958621032472836
# Reference: https://www.virustotal.com/gui/file/41f968891129a281f8570aca44a8001a29c560937aec8b80cbb60f576a4600a7/detection

18.177.53.48:15584

# Reference: https://twitter.com/ScumBots/status/1722895698817855941
# Reference: https://www.virustotal.com/gui/file/bb732f7511c559012473fbbdb286e5cc84b9a73b10a0eefd6611d51bd712b331/detection

18.177.60.68:12872

# Reference: https://twitter.com/ScumBots/status/1722878084913693164
# Reference: https://www.virustotal.com/gui/file/a4fafa40bfe7001d890c256f6c4456a63ba16165f37ce7763a18ae4d48ffcba2/detection

18.177.76.42:19536

# Reference: https://www.virustotal.com/gui/file/f8127f7205bbbdfa3f40a4c009703641c0ed09cf89aa6ce5510524feccaa8726/detection
# Reference: https://www.virustotal.com/gui/file/89e6f33824e88d57cda8be418ff52e814fb29cd39ac5f825eae2a024cb6ef700/detection

185.81.157.149:2023
france8292.nerdpol.ovh

# Reference: https://twitter.com/karol_paciorek/status/1730544154113913108

65.0.50.125:22355

# Reference: https://www.virustotal.com/gui/ip-address/3.93.178.75/detection

http://3.93.178.75

# Reference: https://twitter.com/ScumBots/status/1731740236240015801
# Reference: https://www.virustotal.com/gui/file/93bf4be640c337f290ba1fdf264d56bc3213738219d5ab63d0f0a8cac9630d04/detection

138.2.157.219:443

# Reference: https://twitter.com/alex_lanstein/status/1732868035843645723
# Reference: https://www.virustotal.com/gui/file/bb09b5b26c1c74cf828eec82048ae6271724f61007dd853a3ba705b6dde04337/detection

122.228.116.67:8080

# Reference: https://twitter.com/drb_ra/status/1732758759754141753

d11zd6hrtvyf1p.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/4c34df2f7423f7b7bf7440e051035c1e5d9db272c741d629141324491b0d4d5d/detection

3.126.37.18:14362

# Reference: https://twitter.com/ScumBots/status/1735535234664308787
# Reference: https://www.virustotal.com/gui/file/44c7c3e0dfb28cab1ef535f8a53dba0e5488e7b5239a144006fbd25a5e6c01ca/detection

18.136.148.247:15343
18.139.9.214:15343

# Reference: https://twitter.com/ScumBots/status/1735532726797672915
# Reference: https://www.virustotal.com/gui/file/3b657c49664960ef41e9db981923cad7e73bafa1d87f93d1789409d7f58539b7/detection

18.136.148.247:16423

# Reference: https://www.virustotal.com/gui/file/86086bc19dd4e1316fe6dee93454f4808fcb7e2ba3948097dc48f01cf2b10c5e/detection

115.50.30.228:33238
115.63.183.62:58957
117.252.168.65:36030
222.137.83.24:39926

# Reference: https://www.virustotal.com/gui/file/762c7289fb016bbcf976bd104bd8da72e17d6d81121a846cd40480dbdd876378/detection

196.196.156.2:49210
196.196.156.2:57881

# Reference: https://twitter.com/Cuser07/status/1740659266900611531
# Reference: https://www.virustotal.com/gui/file/8edfc87e63a2800702665a5c8d5d7b7d5cd549febcdacf8a22bd391c851a45ec/detection

d1ebpf5ahsunvt.cloudfront.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.poshc2/ (# 2024-01-03)

http://13.48.77.144
http://173.249.26.59
139.84.172.20:443
161.35.21.152:443
173.249.26.59:443
35.80.38.180:443
35.80.38.180:8443
65.20.68.219:443
d328.net

# Reference: https://tria.ge/231230-q2rawaebc3/behavioral1

steam-install.run

# Reference: https://twitter.com/ScumBots/status/1740670327271653589
# Reference: https://www.virustotal.com/gui/file/317152256190ca37a0fa1ce2c1807024c98a3267ef1eb6842a7a2a09833e2062/detection

35.239.127.10:443

# Reference: https://twitter.com/ScumBots/status/1743064852963144055
# Reference: https://www.virustotal.com/gui/file/b7f4dcdb365b9a74324ccb0e750e8181500268e7f413973e1b873ceda159a509/detection

193.161.193.99:64773

# Reference: https://www.virustotal.com/gui/file/fcd6f5506ed12295692c7c1e5b8c4104aa379ac37d1034374ba9c3e3328e3914/detection

85.209.11.36:26670
2610asdkj.site
bchbonus.com

# Reference: https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube

176.113.115.224:29983
176.113.115.226:29983
176.113.115.227:29983
176.113.115.229:29983
176.113.115.232:29983

# Reference: https://twitter.com/ScumBots/status/1744771096124039618
# Reference: https://www.virustotal.com/gui/file/e7b3bb4a61a12b8c4ce7d0f4ab6f7fd899883a871d4d426de076f87b3392bcc6/detection

79.113.4.99:8081

# Reference: https://twitter.com/ScumBots/status/1744839048693162495
# Reference: https://www.virustotal.com/gui/file/a242aeb820185122af76bac0689167116dc5077172ba71cb92459c70d4233fcd/detection

193.161.193.99:61800

# Reference: https://twitter.com/sicehice/status/1745307281267294342
# Reference: https://www.virustotal.com/gui/file/bf50b3d9d11c1fe5d56c3a9152f37f141ed00b43813bdf267b2cbf605257f8f7/detection

52.57.79.63:4444
/powershell-backdoor-generator-main/

# Reference: https://twitter.com/drb_ra/status/1746166747332301039

3.120.209.174:443

# Reference: https://twitter.com/ScumBots/status/1746588069258575897
# Reference: https://www.virustotal.com/gui/file/fa18091c3f994270dfd753f791351b1efe8058520fec8059aaf1981ad952c26d/detection

3.6.115.64:90001

# Reference: https://twitter.com/0xBurgers/status/1661279651157737472
# Reference: https://www.esentire.com/blog/workersdevbackdoor-delivered-via-malvertising

advanced-ip-scanner.net
advanced-ip-scanners.net
wtf-system-4758995.workers.dev
wtf-system-4759011.workers.dev
cdn-software.workers.dev
extended-system.workers.dev
cdn-cloude.extended-system.workers.dev
cdn-us-tech.wtf-system-4758995.workers.dev
cdn-us-tech.wtf-system-4759011.workers.dev
us.cdn-software.workers.dev

# Reference: https://twitter.com/drb_ra/status/1746896061325582823

wrk5.eastus.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/d35648979ad90bdd1f27896dd66d77e9972a6b5b86d3ae88c556dd7bbafbd7fa/detection

163.5.64.98:58003
91.92.254.174:5800
91.92.254.174:58001
91.92.254.174:58002
91.92.254.174:58003
blue.o7lab.me

# Reference: https://twitter.com/drb_ra/status/1750335823524893138

165.227.246.129:443

# Reference: https://twitter.com/ScumBots/status/1753921394436415944
# Reference: https://www.virustotal.com/gui/file/8afcb016e39b5494802e39839ffbc469896525980214fc5f22ec49d19defb636/detection

45.128.232.34:9001

# Reference: https://twitter.com/ScumBots/status/1754356754173849915
# Reference: https://www.virustotal.com/gui/file/ce6cb6551226f51abde1475e1a0485cad9494a19d35424dd199c220e3ddd129a/detection

34.139.44.168:8000

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1754830872031744020
# Reference: https://www.virustotal.com/gui/file/3761fb4c5b30d06501fe6688019ace6c899bdfc278049ddd91b96e0efe0d8830/detection
# Reference: https://www.virustotal.com/gui/file/b9c763ed1cd4cabc6faa0fece7738a941de1d65163d05480c9790217d931c7c8/detection

46.101.126.207:443
46.101.126.207:8080

# Reference: https://twitter.com/ScumBots/status/1754975840197120088
# Reference: https://www.virustotal.com/gui/file/aebb2b7cd7fc664e0bf3ff878d7058986b047159b4f9f9004ba45f1837c5f2a7/detection

194.21.3.8:1337

# Reference: https://www.virustotal.com/gui/file/cfa40f0fec496888a22ddf61803cc9ddfdabf06d85d4fedf7efbed59d29b9eea/detection

194.5.98.235:5900

# Reference: https://twitter.com/karol_paciorek/status/1757353098035511512
# Reference: https://www.virustotal.com/gui/file/609a919f7f20b2099e0e283f46b768f749d8c9a7998a539bc4d29b56fb74373f/detection

http://144.76.219.54
144.76.219.54:8081

# Reference: https://twitter.com/Purp1eW0lf/status/1758825322399625545

185.147.213.194:443

# Reference: https://twitter.com/ScumBots/status/1761372989214298223
# Reference: https://www.virustotal.com/gui/file/5e04174a8cba880cce9d6d7d4073e7402f6855eb4adb0b47f5f73da86e212d15/detection

130.61.108.56:25575

# Reference: https://twitter.com/ScumBots/status/1767541137768697951
# Reference: https://www.virustotal.com/gui/file/619148d288215955662b7019384c6fefb5bd4d96fecb80368a7b6de23736dc08/detection

13.37.87.194:7007

# Reference: https://twitter.com/ScumBots/status/1767563807293931542
# Reference: https://www.virustotal.com/gui/file/017292ffa323ca3deb8a1c0a6ba2f32ed2fd2ec75eed5a22f8fbc096880fc944/detection

13.37.87.194:443

# Reference: https://www.virustotal.com/gui/file/7072297b018300c0f1d432ac4a7e98ebca34c9377215a55b1fd186551fd6b2e9/detection
# Reference: https://www.virustotal.com/gui/file/e1f0d4706f5c9aae0902b278c423f3cb135180ecd69f43d47111a06f1e647e91/detection

18.177.53.48:15486

# Reference: https://www.virustotal.com/gui/file/74aee342201d218a640fcc57974cb713e23ca05e6e74111c35bb797de7390028/detection

18.176.183.3:14849

# Reference: https://www.virustotal.com/gui/file/97103a38ca96751430190a2c14bda371fa1753b6ac8c904c3783b151fbafadab/detection

18.176.183.3:19517

# Reference: https://www.virustotal.com/gui/file/15cb5d2170a131a4c402dbd2a8a5d5b5996709b2b5ebdf03e4b6350096fac7dc/detection

18.176.183.3:13584

# Reference: https://www.virustotal.com/gui/file/f00fdb2a462b1ee5bce21181ee2e8f7beb6a17b7ebdcfeae1d7669ec886c1627/detection

18.176.183.3:15502

# Reference: https://www.virustotal.com/gui/file/4f6e8de8f57b96d6342121d01a67a803ba88015de8283122245c5e3a6f4efe0d/detection

18.177.60.68:15302

# Reference: https://www.virustotal.com/gui/file/380a561a3e8d488489f101560830ecdf309851bbd9ad45f92a09121cdb2fd568/detection

165.227.224.60:8080

# Reference: https://www.virustotal.com/gui/file/55cd6b23ce8586bde06e974745a025c9f6595415c71a3595bf217a7ccc7554a3/detection

85.245.250.108:8080

# Reference: https://www.virustotal.com/gui/file/160540c6f26752264bd90cae32ead977868637d9afac14d9726972fc49b86b8b/detection

3.6.115.64:19833
3.6.30.85:19833

# Reference: https://www.virustotal.com/gui/file/d3f02563e38094e0216ddb73b215b5d9ce99011c43a3211f450c153df93c99ea/detection

185.117.118.21:49769

# Reference: https://www.virustotal.com/gui/file/1b0b6d51d6ea22574c9252ec096477a78e1f2ef10e92cae027292f4418c885b9/detection

18.177.60.68:17489

# Reference: https://www.virustotal.com/gui/file/60694a0680edba3640008ae16bf7f521fe91b93c1a2c440657b6d86c0ec7c00f/detection

18.176.183.3:13450

# Reference: https://www.virustotal.com/gui/file/9119d51da2a9ff70b77834056723b1791f0d2f09a5eee499a683681270eff8e8/detection

18.176.183.3:13433

# Reference: https://www.virustotal.com/gui/file/d1df44a5213dda2704c92779cbea83964d5aa8686e03884cd722201ea3ce33cb/detection

18.176.183.3:13745

# Reference: https://www.virustotal.com/gui/file/4a825aec2c8f92ac8802adcba44991ba7ad1d4912c9a453f32d6d09cc08e4bb4/detection
# Reference: https://www.virustotal.com/gui/file/1d0e66c92b3cbde06ee14aa910ed51647a60d33459f7f81873fbfd09df29529a/detection
# Reference: https://www.virustotal.com/gui/file/3b838c2761af6a8b49c7460d3ed835a23441ed4d6e3a037c9c5d2ffa31693c54/detection

18.156.13.209:11592
18.157.68.73:11592
18.197.239.5:11592
3.127.138.57:11592

# Reference: https://www.virustotal.com/gui/file/300c58f06ba356a509afeb048354143fd9172e676eb1307b6a7a7f338f199e01/detection

165.227.224.60:8080

# Reference: https://www.virustotal.com/gui/file/a303a8a831b577dca4a1188fbe257c348fe73102a3aa43d2e60243b61ad63ef8/detection

http://15.161.126.107

# Reference: https://www.virustotal.com/gui/file/2f6fa0b9f9997e0b5ae31f85c56c6ecf583a33990ad8fae3148f706b57d69514/detection

194.213.3.8:9555

# Reference: https://www.virustotal.com/gui/file/52f4b9da3052bd5bf99bc87bc9d9eb5f94ce65ab89198c5408daa3d17ab7c4af/detection

18.176.183.3:18619

# Reference: https://www.virustotal.com/gui/file/39d5ec5af27ce18da21501d59d72063bbae2f7886a9da17cac4aa9f496f1dde8/detection

18.177.60.68:16180

# Reference: https://www.virustotal.com/gui/file/4c464611b5ab88d75a4a573cf864776deb293aa2a8fc3c1c5fb17adab6cca8e7/detection

18.177.0.235:12545

# Reference: https://www.virustotal.com/gui/file/fde50d772933f871c8e67d7f2c44981b8740593f9dd5a12ef6fbe52f2f531492/detection

18.176.183.3:14612

# Reference: https://www.virustotal.com/gui/file/4377e4584c8fdfba307ac4f61b6a3ae0e93fb1708ebfc6d1723a53e8fe500941/detection

18.176.183.3:14084

# Reference: https://twitter.com/IronNetTR/status/1767991130652626995

http://185.65.202.192

# Reference: https://twitter.com/IronNetTR/status/1767991209065115925

206.166.251.44:8080

# Reference: https://twitter.com/ScumBots/status/1770559127304999047
# Reference: https://www.virustotal.com/gui/file/a9989f854fdee68ad82862be83757397bc3131e77aedcf078d31fc3ba3ece04d/detection

85.214.121.47:8080

# Reference: https://twitter.com/ScumBots/status/1772590664611459077
# Reference: https://www.virustotal.com/gui/file/ae51983d406eab5d3474be806f9f057e1a6388e02677b469977464e544f18b4c/detection

18.177.0.235:13209

# Reference: https://twitter.com/ScumBots/status/1772573040276078807
# Reference: https://www.virustotal.com/gui/file/ea9d8cbb0eaaed3fab23b069aec0ee9ac6e0fe3a6a57cbe7def486a736ac0ad5/detection

18.177.0.235:14441

# Reference: https://twitter.com/ScumBots/status/1772588140881907728
# Reference: https://www.virustotal.com/gui/file/9561282d29829885243a5bf6a5f7b5a0e3d9c4187f281a9b400c7c26cc438d95/detection

18.177.53.48:18003

# Reference: https://twitter.com/pmelson/status/1773705034892472694
# Reference: https://www.virustotal.com/gui/file/34aa011f2db60d320f9286b3f5688fe9d75473cc388e34098bed69b464c11579/detection
# Reference: https://www.virustotal.com/gui/file/039832b2b7acb64ccd9385e8e2fd7a1763d2bf0ec107d61d80c48f9241b4cb6f/detection

http://52.196.119.113

# Reference: https://www.virustotal.com/gui/file/7a46b0f4cad3859514ba19e1954a957b905e69dbd52ca7f0cd9ced44e5826f1a/detection

18.177.76.42:15494

# Reference: https://twitter.com/1ZRR4H/status/1775560879158731261
# Reference: https://www.virustotal.com/gui/file/f3821c10dba9a35fe7481cab6dc612dca66378b91037b859e5e2252321ba3ed3/detection
# Reference: https://www.virustotal.com/gui/file/7d432fbc93fb201322c6a1e1cf8d7753c5d036650aa69366205dbbb58ef06cc0/detection

http://185.236.228.29
185.236.228.29:8443

# Reference: https://twitter.com/IronNetTR/status/1777393539044757842

118.25.142.205:1337
118.25.142.205:8080

# Reference: https://twitter.com/crep1x/status/1777957087521202185
# Reference: https://www.virustotal.com/gui/ip-address/82.221.129.44/relations

advanced-ip-scann.org

# Reference: https://twitter.com/ScumBots/status/1778460591692120277
# Reference: https://www.virustotal.com/gui/file/79b6cf9670250fdadb03949552e3d73d17640b1df04ad11b6af3b2d74f2c9ba7/detection

180.184.171.155:4004

# Reference: https://twitter.com/drb_ra/status/1779870354992705630

149.28.232.182:443

# Reference: https://twitter.com/IronNetTR/status/1779989608710701261

http://23.133.88.248
62.67.52.141:8000

# Reference: https://www.virustotal.com/gui/file/dc6c7fc7353f8204e52c6e346b44ee2da18e562ef74ff77fe57f4993a52eb4ec/detection

18.141.129.246:16038
52.220.121.212:16038

# Reference: https://www.virustotal.com/gui/file/4f956c0d67e34145bdb0f7241e2c4d012e147843935d3df1eefd80c7f97524de/detection

13.229.3.203:19151
52.220.121.212:19151

# Reference: https://www.virustotal.com/gui/file/2dc64d70cd121ba2158431cf2c4379e88a8d9e96c8db6d2d4573bd0dacb712de/detection

144.76.71.93:111
powershellcmd.theworkpc.com

# Reference: https://twitter.com/ScumBots/status/1790656008173350936
# Reference: https://www.virustotal.com/gui/file/0b257b2ab2f9f1004f7a145b34dfe1376ef272f644adc0312ff7c3cf9ad0b3d6/detection

172.217.169.195:443

# Reference: https://twitter.com/ScumBots/status/1790827071721046438
# Reference: https://www.virustotal.com/gui/file/b7e39546b815a2128615a0f773928bd1655320956e9ed2494f8f5439cd836632/detection

18.228.115.60:10955
54.94.248.37:10955

# Reference: https://twitter.com/ScumBots/status/1790819532535214303
# Reference: https://www.virustotal.com/gui/file/2cb36e7f0db958d2f54d7db41314f394c3b4fa4f6fd4f4b442506725811ebe17/detection

3.13.191.225:16598
3.134.125.175:16598

# Reference: https://x.com/NDA0E/status/1793631858405818663
# Reference: https://pastebin.com/raw/6PTTM4MD

http://20.163.176.155
20.163.176.155:443
powershell.skype-api.co.uk

# Reference: https://x.com/ScumBots/status/1799582256777826469
# Reference: https://www.virustotal.com/gui/file/123b8d0fea7b632f597898db9f6e3795a7aa5352b7e23ff13544fb82a8fe1cd0/detection

18.228.115.60:15559
54.94.248.37:15559

# Reference: https://x.com/ScumBots/status/1799587290064322567
# Reference: https://www.virustotal.com/gui/file/fe1dd78574699a0cbd9178866f2eec401d3f931218d8cbf73ac7d94daebd87fd/detection

18.228.115.60:11160
54.94.248.37:11160

# Reference: https://x.com/ScumBots/status/1799617488180691059
# Reference: https://www.virustotal.com/gui/file/196ba4c3caecb1d450771c2582a9dd02a87bceee907a8ea0dc7cd57695cbd965/detection

18.229.146.63:10164

# Reference: https://x.com/ScumBots/status/1799657759333372393
# Reference: https://www.virustotal.com/gui/file/2ff4753d7b38f46bc7b8d32ac1f0ad0a5edbbc815fffb2426856acfb24e34a62/detection

3.13.191.225:10406
3.22.30.40:10406

# Reference: https://x.com/ScumBots/status/1800322134998188037
# Reference: https://www.virustotal.com/gui/file/184fd3350809479000bd696299c03a323bf48371170a67679f0ba8e9e7fd4b66/detection

54.94.248.37:11870

# Reference: https://x.com/ScumBots/status/1802551826874515793
# Reference: https://www.virustotal.com/gui/file/2ba5fa6b026e78675f28ac510417a767acbcb4b43d9ec5c1c4052661c2cbf9aa/detection

192.244.206.42:6724

# Reference: https://x.com/ScumBots/status/1806034772809883679
# Reference: https://www.virustotal.com/gui/file/0c3ea8f0e65eb748a8b3e7378d02544e01581f1b6fb3e1d57a1af60d32001f38/detection

9655-96-126-112-246.ngrok-free.app

# Reference: https://www.virustotal.com/gui/file/0ca46fb10da403fd20317cbd55434388275c7e9abba697ca4c9916f241ff53f6/detection

fb6mj2jff0oz3rop.myfritz.net

# Reference: https://x.com/malwrhunterteam/status/1817215954247729266
# Reference: https://www.virustotal.com/gui/file/da9f9b521be52116d29654789ea62091e7cffd0ae875e69d5030305307c3411a/detection

s4m5vyfx72sjlsuzt72fabn3iv2igwovo3azn27im3xz3emt47gk6zad.onion

# Reference: https://x.com/malwrhunterteam/status/1818727670911582232
# Reference: https://www.virustotal.com/gui/file/181fe99c16fa6cc87a3161bc08a9e2dbd17531c7d713b09d8567c1b3debe121f/detection

37.143.129.165:9050
37.143.129.165:9999
opioem3zmp3bgx3qjqkh6vimkdoerrwh3uhawklm5ndv5e7k3t4edbqd.onion

# Reference: https://x.com/malwrhunterteam/status/1821842795918729623
# Reference: https://www.virustotal.com/gui/file/9e3d9a65d37163a70d1578971179bad24671d08ec12bd4d5d87b523b89fa1dc6/detection

gravitytop.duckdns.org

# Reference: https://x.com/k3yp0d/status/1822584994230931669
# Reference: https://www.virustotal.com/gui/file/20a30be9df8e2e1244afebc48d8bedf728b2ee42c4c8c89757b37b10361a494d/detection

159.89.205.132:4443

# Reference: https://www.virustotal.com/gui/file/edd8d665474246b3dcef184ba9b18479b8d33ee0232b918b2fe35f43b969875e/detection

118.26.38.52:8090

# Reference: https://www.virustotal.com/gui/file/772dc10ce0c1a5c6e955fc82ab80fcca15307876832aae0ad52c0ea8b5fe1973/detection

118.26.38.52:8091

# Reference: https://x.com/malwrhunterteam/status/1824049414341534204
# Reference: https://www.virustotal.com/gui/file/9423adbc1793e7b785dd96cbac37e651d8988aa7870b795613c4a12674e21afb/detection
# Reference: https://www.virustotal.com/gui/file/30a645175c581415d55d434e7feefbddee0e0ba0b584a27699d2b7be2de7bca6/detection

146.190.90.45:8080

# Reference: https://x.com/drb_ra/status/1825707175093661803

52.230.83.254:443

# Reference: https://www.virustotal.com/gui/file/e8639f74f8209c9f0bc1ddae413a6721f30acdc63e3b44635bb0e7d0df83ee10/detection

52.230.83.254:5678

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/IPPortC2s-30day.csv

3.121.42.179:443

# Reference: https://www.virustotal.com/gui/file/b456ed7fe5e86e361935de61a4b6e49a975c06f6737c9a6dc06f64d637ddcf50/detection

193.117.208.101:7777

# Reference: https://x.com/malwrhunterteam/status/1830886952180068808
# Reference: https://www.virustotal.com/gui/file/f44bdaa55e1365c6628a2e3c09907cb340db29c648a3efb2900813c06caac060/detection
# Reference: https://www.virustotal.com/gui/file/d6513550cc5256ece6007aeafe9d39c4cda4c8ccab2daebe5c48d0583e1b02f6/detection
# Reference: https://www.virustotal.com/gui/file/8de9581d99d64252080d4a00bb75660b3d95bd05772556a0f1cb21bb68afa166/detection

207.154.255.134:8443
/ZIen7RH/1zFNrVrn0
/1zFNrVrn0
/ZIen7RH

# Reference: https://x.com/byrne_emmy12099/status/1830826203936366835
# Reference: https://www.virustotal.com/gui/file/32033f5b4596caa21f8e59fa3b0ae140a30b10a7fb982a383b0c5722b851d2b2/detection

http://117.72.70.169

# Reference: https://www.virustotal.com/gui/file/c0aecec5b4f0aef02bf9787e0e7aa390a38764611a6f756cebf0ebd4898d7ea0/detection

23.163.0.72:443

# Reference: https://x.com/malwrhunterteam/status/1831329411083256023
# Reference: https://www.virustotal.com/gui/file/4f165bf8290bca3fd8056155899b78c2c745e675d1edfc4cf3cabc5302834453/detection
# Reference: https://www.virustotal.com/gui/file/95ebf269b7b7e6d405378005909448721dea4913b50311050efa01f3918e23dd/detection

http://185.196.10.14
185.196.10.14:443
ms-crt-update.com
wnd-ls.info

# Reference: https://x.com/banthisguy9349/status/1835386974795915677

211.196.223.62:9999
/Invoke-PowerShellTcp.ps1
/Invoke-PowerShellTcp1.ps1

# Reference: https://x.com/kddx0178318/status/1836032502118469912

pub-26ee9be236b54d0cb1b570a203543b93.r2.dev

# Reference: https://x.com/karol_paciorek/status/1838226912264479036
# Reference: https://tria.ge/240923-rpw62aydkj/behavioral2
# Reference: https://www.virustotal.com/gui/file/c96b8380f3acee84358759a9b70a5e7f46b0b0084b875ec82d6cd787a72f727d/detection
# Reference: https://www.virustotal.com/gui/file/8df8bac8fe6e592dd7a859c85cd85a76744e3236c52f3754328d99daa8e7e963/detection
# Reference: https://www.virustotal.com/gui/file/572add5dac2c74afce068a401eaa207b833bb86f041606a1dbb6903566a6ed22/detection
# Reference: https://www.virustotal.com/gui/file/369beedc04350f9913cc3806ebf5395de318abca9cead9b6f69565c974bedf4b/detection
# Reference: https://www.virustotal.com/gui/file/2c713900f23b2e85b1c0e02b6dd134c05fcfb1f5e6b02c2950cdbf7d1c7d24a4/detection

172.111.186.180:12284
154.21.14.89:15488
gibbooc2.com

# Reference: https://www.virustotal.com/gui/file/21e9c3fe8da1816b523825d1891ee899f2b93b67c812a746d1cc19ad1479ae18/detection

188.40.59.208:8080
jffjdjkbfek.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/016830208b67f225761df7b598b75cd7c892ad856b34c3f5116b1c458cde5efe/detection

91.92.250.115:4443

# Reference: https://x.com/malwrhunterteam/status/1845029320311374203
# Reference: https://www.virustotal.com/gui/file/db114465cab2a9be7e57e18abfddfd9c7ecfd121090c345698f5c54bb037ba30/detection
# Reference: https://www.virustotal.com/gui/file/c69ab262ac3f73277c4b9a777a408f57feb618e2e00bc2e66e8d97274083c742/detection
# Reference: https://www.virustotal.com/gui/file/0d92e9fa4eebb8988f8c106499329a0ad0773d0cc1cc2ff254b1da592cc08afa/detection

http://212.232.22.140
212.232.22.140:443

# Reference: https://x.com/StrikeReadyLabs/status/1846335184213258436
# Reference: https://www.virustotal.com/gui/file/8229f281a93f18612a47843aa69e94312b52180e7f775fd58e5ea04608e23bd0/detection

jackcontentmkt.com

# Reference: https://x.com/suyog41/status/1848301462553813462
# Reference: https://x.com/suyog41/status/1848338824960806944
# Reference: https://www.virustotal.com/gui/file/6981a60d432d6b56980932f2a645813dc8e4a7987c29fabd810e9040f97ea6b7/detection
# Reference: https://www.virustotal.com/gui/file/2e25e45dbc3106141933db4d006db37e7054cff7007825f429a11a82d8f4e9eb/detection

charleskeith-group.com
rovalfashion.blog
career.charleskeith-group.com
documents.rovalfashion.blog

# Reference: https://www.virustotal.com/gui/file/2fd743a0666b4d990a40cbe83636f7c51423860a19904553c8faac7edd11dec6/detection

qq7u0.com
t.qq7u0.com

# Reference: https://x.com/k3yp0d/status/1851189193143189730
# Reference: https://www.virustotal.com/gui/file/47c38f8d21240a76cccf0b6000ee571d1b46b0da5482ab71bef2ae0c935e7b50/detection

65.38.121.107:12345

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/IPPortC2s-90day.csv (# 2024-11-10)

176.111.174.138:443
47.76.86.199:443

# Reference: https://x.com/malwrhunterteam/status/1861740034883305694
# Reference: https://www.virustotal.com/gui/file/9ee44af1c67b6391151d300afa5b7625339a5cc0dcfacb19f6f43a8122c23efb/detection
# Reference: https://www.virustotal.com/gui/file/330c264bbb3a4ee3e6ffafd16e599c16e76088793ae68b216fa5d17bdde33584/detection
# Reference: https://www.virustotal.com/gui/file/1dee11c1282c60ec5b51dd3b83db97ce1a1f65953ea75825e188a6204eda327f/detection

178.215.224.246:9999

# Reference: https://x.com/malwrhunterteam/status/1862624900592119903
# Reference: https://www.virustotal.com/gui/file/e29d2bd946212328bcdf783eb434e1b384445f4c466c5231f91a07a315484819/detection

http://79.124.78.109

# Reference: https://x.com/redrabytes/status/1866254308800446653
# Reference: https://www.virustotal.com/gui/file/002c21418485ce37db73718090b4cf0963343ec57858984176c29828433a7ce8/detection
# Reference: https://www.virustotal.com/gui/file/0e7d5f7e7a774c2fdafc243face49e36d09df8b6f6d7fb8fb45012280ff8fd67/detection

http://31.13.224.16
31.13.224.16:1445

# Reference: https://x.com/naumovax/status/1866478008430625178
# Reference: https://tria.ge/241209-g5d1aazphz/behavioral1
# Reference: https://www.virustotal.com/gui/file/aa823a279a54bf15f82b2f1dadd9f75c8dc9b3a088b289f21c5769bef199fa08/detection

147.185.221.24:20600
michael-currently.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/70278ca40fa83bb0ece05e455ac3907aba311f004ba10f8d723cde1dda8caf89/detection

officeupdate.live

# Reference: https://x.com/banthisguy9349/status/1867487667853701258
# Reference: https://www.virustotal.com/gui/file/1ee2a9a7c6716e3244755860dde26392068a6dadbccc530aecd51914257a5a51/detection

http://15.161.105.91
15.161.105.91:4444

# Reference: https://x.com/byrne_emmy12099/status/1868220373092999635
# Reference: https://www.virustotal.com/gui/file/da3736e0a496b841d13da123473bb9d630ba78b68a5de99be2476b8ed1d02658/detection

5.44.32.90:9191

# Reference: https://www.virustotal.com/gui/file/167451dd9f09180567907a96316a2680b67157a92c14c753465ed5e3d5e40703/detection

api-conect-v1.digital
web.api-conect-v1.digital

# Reference: https://www.virustotal.com/gui/ip-address/212.224.93.241/relations
# Reference: https://app.validin.com/detail?type=dom&find=api-conect-v1.org#tab=host_pairs
# Reference: https://app.validin.com/detail?find=Nota%20Fiscal&type=raw&ref_id=5663d651f5d#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/64edce40efb957d4faf53ead6b82fb70b02c05e1dda4adb9c0e3535396374bbb/detection
# Reference: https://www.virustotal.com/gui/file/b2f2fce332ae6659f9b83551bacea0eac088d4993aa2aea569714109724cda76/detection
# Reference: https://www.virustotal.com/gui/file/db5bd2d7f564d3563aa46fc3521a3a1c40914b39ab1c215d5af39a1bff1939e0/detection

api-conect-v1.org
bot-interaction-navegador.click
bot-interaction-navegador.com
bot-interaction-navegador.net
bot-interaction-navegador.online
portifolio-advanced.help
sign-in-portfolio.pro

# Reference: https://x.com/ShanHolo/status/1870776463554982198
# Reference: https://www.virustotal.com/gui/file/a93016ca786dd53269892b81f2e49c50556faa988fb29c8753de411f521a2caf/detection

204.216.222.72:4444

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/IPPortC2s-90day.csv (# 2025-01-02)

18.220.100.26:443
91.240.118.204:443

# Reference: https://www.virustotal.com/gui/file/f83fee229ddbe821bf4710dee92cc02196689646fd79ab372b2d9cb940dd394f/detection
# Reference: https://www.virustotal.com/gui/file/6fa943eb4c0a5ad9993da79e019bb62d00246103b9fd13e93986098072727596/detection
# Reference: https://www.virustotal.com/gui/file/2050cbdb74065a62353a2a2bcee6486113bccc3d1e071ffb1b395e856a52e214/detection

vilkasbuilders.com

# Reference: https://x.com/StrikeReadyLabs/status/1879232423483015275
# Reference: https://www.virustotal.com/gui/file/92651b71fe52dd4ec8d3d4dfbba974d4e75f7fc68717d8e845a988600bc1723a/detection
# Reference: https://www.virustotal.com/gui/file/db791160ec45c955a79be8361055c256e5fc6c3850fa1fa2298205f2ff0cf1f0/detection

codebizz.com/7896745657879090.mp4
codebizz.com/NETJIQHP.exe
codebizz.com/SBBFernverkehr.pdf

# Reference: https://www.virustotal.com/gui/file/d1a30376318ac2c047f99506508d4a10fbdf31f76d51f47d71147b3a66a66894/detection

fill-tomap.com

# Reference: https://x.com/skocherhan/status/1882669372973490417
# Reference: https://www.virustotal.com/gui/file/6a099d194d5da3e8920ecd9b2688e77dbab1ac420b2557f40a88edb649b339d6/detection
# Reference: https://www.virustotal.com/gui/file/ce85a2c0c46cdcd0c80033c50a7300b97f904045ede5b3644c7f3c1bab6c7f6f/detection

cryptopotato.net

# Reference: https://x.com/drb_ra/status/1883872057005363506

185.147.124.10:443

# Reference: https://x.com/malware_traffic/status/1884476331821326816
# Reference: https://www.malware-traffic-analysis.net/2025/01/28/index.html
# Reference: https://www.virustotal.com/gui/file/2dd4dba195a2994751e11f855a1a4d9f6ca384867b8e5f62b0e692729603fe05/detection

http://64.52.80.211
86.107.101.93:25658
compaq-hr-buyers-where.trycloudflare.com

# Reference: https://x.com/malwrhunterteam/status/1888948304005746852
# Reference: https://www.virustotal.com/gui/file/ede28fc0163702956fb6b356242d0089084a084746f6da3a8ce2f25e2a09fc1e/detection
# Reference: https://www.virustotal.com/gui/file/6e4d098ea581c6961d4777d4d57733a3b8a68ccec6cf8067557b1748380f4798/detection
# Reference: https://www.virustotal.com/gui/file/2436a5dc0fae2fd6c7d53d3cf78658b88c47ed58006074c580cb882408e1317d/detection

45.192.170.202:18854
45.192.170.202:18855
45.192.170.202:18856
45.192.170.202:8850
45.192.170.202:8852

# Reference: https://x.com/malwrhunterteam/status/1890305544545611888
# Reference: https://www.virustotal.com/gui/file/d28a119903c477aede62a18af5e441bdbe0359ac450612cfc453c874ac1952e8/detection
# Reference: https://www.virustotal.com/gui/file/630c67766d2464e2e8870167b0f6f36f451b0b6d79932366960f668346986b40/detection

45.128.12.101:1340

# Reference: https://www.virustotal.com/gui/file/042d6a65c72d16cd9c89ee8cf62b3477edb045ec16c83e22038d1b05a55fa635/detection
# Reference: https://www.virustotal.com/gui/file/5307219dcb8ee239bbf87854450dddeeb35860d2f15f2496aaa77fe03967ca6d/detection
# Reference: https://www.virustotal.com/gui/file/6b61934dea7d3b16f46b12dc810972a58e4278632ad39abdbf79801fca7a4875/detection

91.206.178.120:5001

# Reference: https://www.virustotal.com/gui/file/a7d093616150edffba8ab7ae589dae0097dafb2dedc90fa3b9437cdef09bf42d/detection
# Reference: https://www.virustotal.com/gui/file/1df18eee15111abda5fb1430aada1ed2a8dd1adfed9f4e6c48d53886a0949d43/detection

keytool.cc
adobecc.keytool.cc
capcut.keytool.cc
cupcut.keytool.cc
office365.keytool.cc
photoshop.keytool.cc
premiere.keytool.cc
spotify.keytool.cc
windows.keytool.cc

# Reference: https://www.virustotal.com/gui/file/12b061ecc807165c160ad96f22cd922a9c3a831358126dbd8d42242068fb821f/detection

rejoseluluar.com

# Reference: https://x.com/skocherhan/status/1891413497809903645
# Reference: https://www.virustotal.com/gui/file/356a6936bc3e59716365a95d28fd715454bfad2c6cd8d8d70a23b3a357c69ab0/detection

xegan4.site

# Reference: https://x.com/malwrhunterteam/status/1891926759408279775
# Reference: https://x.com/ShanHolo/status/1892214399030419719
# Reference: https://www.virustotal.com/gui/file/eb8da26034035f08946acb6fc127e3b2db884a024a61aea99397c46aedc70145/detection

http://146.185.233.96

# Reference: https://x.com/JAMESWT_MHT/status/1892930111625678859
# Reference: https://tria.ge/250221-qlvy5avjt5/behavioral2

/BlackShell256/Null-AMSI/refs/heads/main/Invoke-NullAMSI.ps1
/BlackShell256/
/Invoke-NullAMSI.ps1

# Reference: https://x.com/skocherhan/status/1893319241002095020
# Reference: https://www.virustotal.com/gui/file/6ecf5d71e9e538d4cc59db73b3b0314cd663f1d09ff27b560871bc8742a9b5d4/detection
# Reference: https://www.virustotal.com/gui/file/787c1128407b755ed110651a47f19fddeb7074168ead5cf6d21a5ecdb8547eab/detection
# Reference: https://www.virustotal.com/gui/file/dbcb23be28a736f1f1564f879d8c437f8af5d43ed037bce0c87a644f1a931cea/detection

busforua.world

# Reference: https://github.com/hagezi/dns-blocklists/issues/5317
# Reference: https://www.virustotal.com/gui/file/4f9ec5212d6eac6586ca4a32cd3ef4669c08b5b526f70940b05874939e5eb717/detection

sportsspot-moviebuffs.com
92mapped03.sportsspot-moviebuffs.com
apped01.sportsspot-moviebuffs.com
mapped01.sportsspot-moviebuffs.com
mapped02.sportsspot-moviebuffs.com
mapped03.sportsspot-moviebuffs.com
mapped04.sportsspot-moviebuffs.com
mapped11111111.sportsspot-moviebuffs.com
mapped11111112.sportsspot-moviebuffs.com
mapped11111113.sportsspot-moviebuffs.com
mapped11111114.sportsspot-moviebuffs.com
mapped63.sportsspot-moviebuffs.com
mappede1.sportsspot-moviebuffs.com
s3-us-north-1.sportsspot-moviebuffs.com

# Reference: https://x.com/malwrhunterteam/status/1895028447170408590
# Reference: https://www.virustotal.com/gui/file/a859c1673c5db25b2a04008508034d36c9a329001f506e617a2599bbc734142c/detection
# Reference: https://www.virustotal.com/gui/file/a7828452da13948111071f1903b1bfbd19874ddb90e89694fd685dc0bbef2af6/detection

23.236.59.72:4444
overengine.store
data.overengine.store
update.overengine.store

# Reference: https://x.com/solostalking/status/1897360674185208022

forbescheck.top
scansol.in
twitter.my
safecheck.mosco.cc

# Reference: https://www.virustotal.com/gui/file/0ed2a4a890b4edad5600f94d7816ce84a24d15647f7c3efa703f4eefeb82890a/detection

microsoftnetservice.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1902336307528913245
# Reference: https://www.virustotal.com/gui/file/72ecbebb658ea1fe80515d96cb5bd4a978a73b7c60552ab9c9b17aec20f4c28a/detection

cloud-ddie.click
dropxfile.xyz
jkboard.help
nhappk.click
ntspk1.top
app.jkboard.help
mst.jkboard.help

# Reference: https://x.com/Jane_0sint/status/1902465896897040658
# Reference: https://app.any.run/tasks/1153f0ba-2645-47fe-9f73-4849cdf73fb5
# Reference: https://app.any.run/tasks/82eafd8e-c3db-415e-a84d-07632af7ad90

45.145.91.164:64830

# Reference: https://hunt.io/blog/russian-actor-cloudflare-phishing-telegram-c2
# Reference: https://app.validin.com/detail?find=%3A%3A%3A%22description%22%3A%22SchemaPI%20ile%20kaliteli%20backlink%27ler%20edinin%20ve%20arama%20motorlar%C4%B1nda%20%C3%BCst%20s%C4%B1ralara%20%C3%A7%C4%B1k%C4%B1n.%20SEO%20performans%C4%B1n%C4%B1z%C4%B1%20art%C4%B1rmak%20i%C3%A7in%20%C3%B6zel%20olarak%20tasarlanm%C4%B1%C5%9F%20%C3%A7%C3%B6z%C3%BCmlerimizle%20tan%C4%B1%C5%9F%C4%B1n.%22&type=raw&ref_id=3803bae4989#tab=host_pairs (# 2025-05-02)
# Reference: https://www.virustotal.com/gui/file/0a91a18d9d2bd24e679543fc956746fd8cdccc55939853def0a790dfeb132343/detection
# Reference: https://www.virustotal.com/gui/file/334c494241e9f60a9ed9005c31ee91c02d4467f417beec166a2dbfc885da4bdb/detection
# Reference: https://www.virustotal.com/gui/file/5720662d40be94b68735a96ef056f5a777c879db3af470c01ad2297a15a1d06a/detection
# Reference: https://www.virustotal.com/gui/file/675a0935b07fd067d0dd9a0b8be548943034ca197b2fe1c04d36d1c86989672f/detection
# Reference: https://www.virustotal.com/gui/file/d46d64606d1b9e21eb0c9095fea389b335b8f01c17cb68ba9699dee2a06c5282/detection

http://195.177.95.169
http://213.209.150.191
3dflow-85wo.pages.dev
3dlinker-gs9y.pages.dev
3dmeshhub-k35m.pages.dev
cloud3d-k5sa.pages.dev
cloudforge-g9gi.pages.dev
cloudforge-p9cm.pages.dev
devcloud-5lpl.pages.dev
devcloud-63gg.pages.dev
devcore-2lef.pages.dev
devcore-ec8q.pages.dev
devgrid-1wsz.pages.dev
devgrid-72kx.pages.dev
devhub-dn06.pages.dev
dmca-hub-r2ao.pages.dev
idufgljr.procansopa1987.workers.dev
meshlinker-2imf.pages.dev
polybase-6e8v.pages.dev
procansopa1987.workers.dev
renderbase-27s7.pages.dev
renderbase-tp71.pages.dev
renderhub-30pd.pages.dev
renderhub-5bam.pages.dev
rendernest-54x9.pages.dev
rendernest-en88.pages.dev
rendernest-y4et.pages.dev

# Reference: https://x.com/malwrhunterteam/status/1910330072596148616
# Reference: https://www.virustotal.com/gui/file/000dad70daa62b07d6216c76e9bf2763871bce36e6bbff9178ce4347a3b9d131/detection

cavradocuments.top
api.cavradocuments.top
app.cavradocuments.top
documents.cavradocuments.top

# Reference: https://x.com/moneroon/status/1910672445670842395
# Reference: https://www.virustotal.com/gui/file/63b56da83ddf792c7753515af5e5b25816a54e1fc10bcc6693b7028e645df2a6/detection

45.79.43.128:8888

# Reference: https://www.virustotal.com/gui/file/283065d0478086711e8233bbc086a94ffca668ad9aab3b7de0aef9d9d44f3b60/detection

micrasoftsuport.uk
help.micrasoftsuport.uk

# Reference: https://x.com/abuse_ch/status/1912534630013481357
# Reference: https://app.validin.com/detail?find=4d7b998f9ffaf8f1451817aee8d0499635485d41&type=hash&ref_id=adf8c5b44f6#tab=host_pairs (# 2025-04-16)
# Reference: https://www.virustotal.com/gui/file/2cdacba9a2c3997c3bc40b721f08b207f11098d7bdf3a7b487e4202e854c08e5/detection

185.170.153.104:3000
5.252.153.120:3000
5.252.153.120:8082
5.252.153.120:8888
5.252.153.122:3000
5.252.153.122:7000
66.63.187.72:3000
85.209.153.84:3000
95.164.53.146:3000
95.164.53.146:8089

# Reference: https://blog.talosintelligence.com/emerging-interlock-ransomware/
# Reference: https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2024/11/emerging-interlock-ransomware.txt

45.61.136.228:8080
64.95.10.95:8080
complement-parliamentary-chairs-hc.trycloudflare.com
pipe-hawaii-monkey-automatic.trycloudflare.com
investigators-boxing-trademark-threatened.trycloudflare.com
sublime-forecasts-pale-scored.trycloudflare.com
medicine-podcasts-halo-expected.trycloudflare.com
una-idol-ta-missile.trycloudflare.com
views-ethics-orientation-roommate.trycloudflare.com
refrigerator-cheers-indicator-ferrari.trycloudflare.com
securities-variance-vocal-temporal.trycloudflare.com
musicians-implied-less-model.trycloudflare.com
dc-broader-green-norwegian.trycloudflare.com
scientific-shown-desperate-ratio.trycloudflare.com
phones-pichunter-businesses-drop.trycloudflare.com
pub-motorola-viking-charger.trycloudflare.com
fotos-phillips-princess-baker.trycloudflare.com
california-appeals-pilot-harper.trycloudflare.com
diff-beats-belize-chapter.trycloudflare.com
suffering-arnold-satisfaction-prior.trycloudflare.com
washing-cartridges-watts-flags.trycloudflare.com
open-exceptions-cleared-feelings.trycloudflare.com
analytical-russell-cincinnati-settings.trycloudflare.com
photo-auction-visual-gains.trycloudflare.com
mortgage-i-concrete-origins.trycloudflare.com
casting-advisors-older-invitations.trycloudflare.com
forest-offensive-height-letters.trycloudflare.com
speak-head-somebody-stays.trycloudflare.com
lancaster-sean-initial-ru.trycloudflare.com
strain-brighton-focused-kw.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/d718441a0ab4697b70fab53e6a4c3b463e549443d259abf08b2f57806f96b0b7/detection
# Reference: https://www.virustotal.com/gui/file/0d88e1060d63d4f92adc3c5ac5837d774dba116bc133b4ae548a54de3ca1a9d8/detection

you-hub.online
youhub.shop

# Reference: https://x.com/malwrhunterteam/status/1912943905915760995
# Reference: https://www.virustotal.com/gui/file/170fd5675f58c076fc371a7dbd7356134ac5e0735490be682b8ef0aa922fb89a/detection

eclectic-twilight-7a616e.netlify.app

# Reference: https://x.com/malwrhunterteam/status/1913154621456998719
# Reference: https://www.virustotal.com/gui/file/6a82e620fdcc5e11e5aa776bd70c120dfb83a921d89edcfe40ed899d227e2ff1/detection

http://34.132.177.150
34.132.177.150:4444
repoupdater.ddns.net
/ozS3jlAM9V/

# Reference: https://x.com/JAMESWT_WT/status/1913476420182892665

http://185.39.17.70

# Reference: https://www.virustotal.com/gui/file/b4cca39ff758883d5e0ad9feea98b1ddf6031bf0ca86d623631fb7f8bf09ae46/detection
# Reference: https://www.virustotal.com/gui/file/52c847b8a115eb50a63d8c2f9ea4ac6cdd33302dd05b239d685670d14f4ebf85/detection

http://62.113.114.117

# Reference: https://www.virustotal.com/gui/file/f9b1b0bb01681d70f40a80ad6ca191f0bdd3d10260ed6dabee6c5d93783121fd/detection

duolingos.com

# Reference; https://threatfox.abuse.ch/browse/tag/FakeCaptcha/ (# 2025-04-20)
# Reference: https://www.virustotal.com/gui/file/4805f60425ac421f28e7df371c33b05a0b7a09ab96fe70dedac72fc9c26c33fb/detection
# Reference: https://www.virustotal.com/gui/file/d6427e58dfa1a8bfb69f510d4c3806c36cbb7fcfac82984cafcd2ff539631f0d/detection

http://107.172.31.5
http://156.238.227.41
http://167.114.85.75
http://18.230.108.113
http://185.177.239.10
http://185.196.8.34
http://207.231.111.48
http://23.27.51.244
http://44.197.200.249
http://77.97.240.130
http://93.123.109.39
110.41.78.57:8080
110.41.78.57:8443
147.124.212.226:6065
45.200.149.104:5000
47.90.142.15:2333
51.21.41.165:5555
54.83.104.93:1433
62.133.60.69:7777
autoparts-online.us

# Reference: https://x.com/malwrhunterteam/status/1916023291862503587
# Reference: https://www.virustotal.com/gui/file/10f02ed5ce084881608fda64a12b4e3b7b34e0bcaf99789bb957e2d33f0acbd5/detection

savelsares.com

# Reference: https://x.com/malwrhunterteam/status/1918056452108804448
# Reference: https://www.virustotal.com/gui/file/ed49e65c4c3decc5420a560bf72d01a52f11e7184b627f087e07d044b7179b84/detection

codeberg.org/ftap4/AaronYohirs_Test_Junks_lol/raw/branch/main/test2.ps1

# Reference: https://x.com/malwrhunterteam/status/1920491277977612494
# Reference: https://www.virustotal.com/gui/file/5bba8e7b6f31b3bdd2db9562b327e5e464867aeb436c268957ecee9690db181d/detection

http://181.174.164.161

# Reference: https://x.com/malwrhunterteam/status/1920932712866615657
# Reference: https://www.virustotal.com/gui/file/67df661ff72fc94f477bd55f43ad52192b05ea73ea50fdb041afb708fa4171ef/detection

35.158.159.254:18309

# Reference: https://x.com/malwrhunterteam/status/1921283947691917371
# Reference: https://www.virustotal.com/gui/file/6756b5d86df9d04c471a7c288c517b9e29243ba58f59b564ce955a305d50ebc1/detection

198.52.226.7:1238
sexsy2w.ddns.net
ssos.ddns.net
ssosa12.ddns.net
ssosrr.ddns.net

# Reference: https://x.com/JAMESWT_WT/status/1922185649056100727
# Reference: https://github.com/km3dg3/IOCs/blob/main/2025-05-12%20%7C%20UNK%20Stealer%20%7C%20Booking%20ClickFix
# Reference: https://www.virustotal.com/gui/file/5c02bfe719c33a92eeb98c5e871f109b9b0f47b16b37969149f7e8bf052487aa/detection

195.201.108.189:33336

# Reference: https://x.com/malwrhunterteam/status/1922952114805903780
# Reference: https://www.virustotal.com/gui/file/9921a27f076ed0b97258aa551a8fbe89373005271242ea19d43781bd7b0b461c/detection
# Reference: https://www.virustotal.com/gui/file/63a4cf9f9a746bb16554a80638e6b71513ee579819b36751ad053fdf678b3fbe/detection
# Reference: https://www.virustotal.com/gui/file/3d7b27f36fb5bb3ea0da96fad9198db2b8743612de2d2bbca79acc2955e2f87b/detection

80.78.26.235:8990

# Reference: https://x.com/malwrhunterteam/status/1923079196668006790
# Reference: https://www.virustotal.com/gui/file/f84f257b2c66c2bc4a0a54626ad5936443c6b77330e49ca382e61d13263dede5/detection

ielnhduq.213rrfgv.workers.dev
kcopizvn.70federal.workers.dev
orange-silence-43ae.3022protestant.workers.dev

# Reference: https://x.com/malwrhunterteam/status/1924457468567937077
# Reference: https://www.virustotal.com/gui/file/70baad1fc7ed2d05b14f3b30f844e8987f208474e65c107984e6945fad7d4e83/detection

95.214.55.246:8282
nriasoruvd.info
bncisdor.nriasoruvd.info

# Reference: https://x.com/Jane_0sint/status/1924884166711087454
# Reference: https://app.any.run/tasks/d6b763aa-3622-4018-a8c0-da570831793a
# Reference: https://app.validin.com/detail?find=91.103.253.40&type=ip4#tab=host_responses

http://91.103.253.40
91.103.253.40:443
91.103.253.40:8080
91.103.253.40:8443
91.103.253.40:8888

# Reference: https://x.com/Jane_0sint/status/1925079845072965749
# Reference: https://app.any.run/tasks/99bfdbe5-ce86-447c-ae94-1e62d7e68ed2
# Reference: https://www.virustotal.com/gui/file/1c11a58d26c60be5a48823e7d2ff574e3e86e766808e6b97d8082187a4e3d776/detection

http://38.95.173.164

# Reference: https://x.com/skocherhan/status/1925172295862997378
# Reference: https://www.virustotal.com/gui/file/2847b390d3df80579b0e4a2aef3eecb06a2253d209aed90114f24fb4c7212817/detection

adfinity.buzz
bscdjks.pro
edsflps2.pro
enyaa.shop
iko9v5.pro

# Reference: https://x.com/malwrhunterteam/status/1925295578537156975
# Reference: https://www.virustotal.com/gui/file/6bf52b79adbd2b79118700810b8437e2ec2e5e19d599e4e068c8f6f0d76ffc1a/detection
# Reference: https://www.virustotal.com/gui/file/59b04b031aff40bb4a1c7a81219ad61e860a6b0452a99be9294bd0f27a88819a/detection
# Reference: https://www.virustotal.com/gui/file/0e415f71530b9d65e9804d8bc3fb12f53d26e6c27919db32c8a2924e437ecaa7/detection

http://181.174.164.117

# Reference: https://www.virustotal.com/gui/file/a5da401d02053603b68980d3a0837b501ed6d258c77af65236bf73c9a9387f4a/detection

nonever.net

# Reference: https://x.com/malwrhunterteam/status/1925665942358327745
# Reference: https://www.virustotal.com/gui/file/8ada4f8d1be370c1b888e7d04ef3427fd3416b110d260dc5b4c9b72bc6d7f0cd/detection
# Reference: https://www.virustotal.com/gui/file/d51c195b698c411353b10d5b1795cbc06040b663318e220a2d121727c0bb4e43/detection
# Reference: https://www.virustotal.com/gui/file/6cad6a36b95e202140bbcc22eeb8c3ada8b316b57a8ba047a3c4aa603c31b911/detection
# Reference: https://www.virustotal.com/gui/file/ffd69146c5b02305ac74c514cab28d5211a473a6c28d7366732fdc4797425288/detection

45.141.139.222:465

# Reference: https://x.com/malwrhunterteam/status/1925929597499002880
# Reference: https://www.virustotal.com/gui/file/a5f28823626d57c3324aaf93ddb94eed6cc01d6bd815fdfe1fe0c67c93ca8f7d/detection

x0.at/nCgJ.bin

# Reference: https://app.any.run/tasks/e6886dec-cac6-469a-b0e3-7b1d7ce78c37
# Reference: https://www.virustotal.com/gui/file/049717cb511767ba59737ab654fe0141a3ef373e44f0f019c2e398fc14d51418/detection

microsoftech.shop

# Reference: https://www.virustotal.com/gui/file/c7b3edb4ac469044fac6e277e8d44c17ddefb6c0574bea48172cfca93ed6b726/detection

cda-foundations.s3.us-east-1.amazonaws.com

# Reference: https://www.virustotal.com/gui/file/f99f15c3129acabd5a5a60d96ed70c9405efc054ba0b9ad8e434026d80e16b85/detection

0daydreams.net

# Reference: https://x.com/skocherhan/status/1928440873433309326
# Reference: https://x.com/JAMESWT_WT/status/1928471343139275132
# Reference: https://app.any.run/tasks/3b904d30-3831-47b9-81a3-956e17d2dd92
# Reference: https://www.virustotal.com/gui/file/7e7233333d5f8e00d619fd33b9a5df95c3511f29f85bdf2166208c37cbe0a61b/detection
# Reference: https://www.virustotal.com/gui/file/bc3f44f92c6bdb03a0ac5c6ebb4204c1f834f94079161c6591df2ffe4d9d5436/detection

cahasdxca123.com
domainservicecontrol.com

# Reference: https://x.com/malwrhunterteam/status/1929904966610669620
# Reference: https://x.com/salmanvsf/status/1930179705229193583
# Reference: https://x.com/smica83/status/1930356671668453651
# Reference: https://www.virustotal.com/gui/file/d5c6c135a18021938ee93828b48d0b772c2ec870d04bb3c6f89f9abc33f7c798/detection
# Reference: https://www.virustotal.com/gui/file/8e4dd89d9d7c0a15cd79fe9d2891a6b111cfe531c7b4f5c2bbc8ae08e82ed870/detection
# Reference: https://www.virustotal.com/gui/file/ae21a12721baccba97fcd45823afbfc71c864c0c79fa0662aeb0c0dabdb5d8df/detection
# Reference: https://www.virustotal.com/gui/file/b5da6cdea3ceb91a555dd5b74638d55b59dd6376de8f7e26e2c2df671695bfb9/detection
# Reference: https://www.virustotal.com/gui/file/2830bd85e6754e926e050f092822c3276d69f2209ec4b86398033391772b189b/detection
# Reference: https://www.virustotal.com/gui/file/80318e73a2c37c61bedf5f2aa75734141cc3fb15d7f96c7a41d7f9e1abef258e/detection
# Reference: https://www.virustotal.com/gui/file/92718b74bb64fa92fa0e47aae96b7aee59b592abc75c42caa46f2248c587adb9/detection
# Reference: https://www.virustotal.com/gui/file/3481d204f0865577c9643d8d3f0ed45d6555ae4476d43dc80ffc94e0e6a0ddf9/detection

http://5.101.81.42
http://5.101.82.52
http://5.101.83.18

# Reference: https://x.com/smica83/status/1934408123282022751
# Reference: https://www.virustotal.com/gui/file/2c3054c2953053e8c70211587bf33cb26562b3edb3770c91a17f9e49277dd5f2/detection

germanov.xyz

# Reference: https://www.malware-traffic-analysis.net/2025/06/18/index.html
# Reference: https://www.virustotal.com/gui/file/4fa6df014fea29cd34c51a70ecc77fe971457143e3d0da2ad4e0d6ed14a46424/detection

eddereklam.com/drlo.zip
eddereklam.com/tuqw.zip

# Reference: https://x.com/salmanvsf/status/1935590497088852093

pub-a06eb79f0ebe4a6999bcc71a2227d8e3.r2.dev

# Reference: https://x.com/smica83/status/1936554735592476908
# Reference: https://www.virustotal.com/gui/file/92673255eee7a3b54d07498c2c6cf3d2ea61e800c2594d2f5267143ffc90ef0c/detection

example.com/load2/src/file.txt

# Reference: https://x.com/smica83/status/1937107452589171103
# Reference: https://www.virustotal.com/gui/file/83b62b39d0fa49698d5bb13b57393b6de01412e7cbea3ab678d21f00b9f01a28/detection
# Reference: https://www.virustotal.com/gui/file/df071df73a1d9a4ea0eb5d62b4d00a08528dbd1ba6f1da91918e02a27e77533e/detection
# Reference: https://www.virustotal.com/gui/file/f2faa4a5f3620f076e02b330eb67a3cfb970d2403f41b79633bf5ee93ec23b82/detection

mintagency.info
careers.mintagency.info
mail.mintagency.info
mt-link.mintagency.info

# Reference: https://x.com/JAMESWT_WT/status/1940105088909156724
# Reference: https://x.com/ShadowOpCode/status/1940334306909618463
# Reference: https://x.com/skocherhan/status/1940324554402144605
# Reference: https://www.virustotal.com/gui/file/26a5e18d6ac86a865250452528664d4cde74187d741fcf98370efb34d4219490/detection
# Reference: https://www.virustotal.com/gui/file/1ff6ee23b4cd9ac90ee569067b9e649c76dafac234761706724ae0c1943e4a75/detection
# Reference: https://www.virustotal.com/gui/file/66bb810e16031a891196487fd8ddc01cb2ac5c95191a49a6360b098d3b9b9bec/detection

180.178.189.17:33338
180.178.189.17:443

# Reference: https://x.com/RussianPanda9xx/status/1940831134759506029

blake-wright-andorra-learners.trycloudflare.com

# Reference: https://www.virustotal.com/gui/ip-address/45.137.22.112/relations
# Reference: https://www.virustotal.com/gui/file/d8604df1be3bb24d3f93433e192bf49635a03cf0ebc319274ec7318668e792bf/detection

45.137.22.112:3389
newgfttgjjk.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bc71f8278a3a040089f3c4c3e92c3adaa8c098bfebb949f5dd14cd2c17c2598d/detection

pub-75d9e09aa5304a0f9b7cd6c04c01b53e.r2.dev

# Reference: https://www.virustotal.com/gui/file/030d719412fc375d9fdfeb2bc12e325d320fc1e0415ee319a481c4f1bc872434/detection

95.214.54.172:7607

# Reference: https://www.virustotal.com/gui/file/12ba178c082a0a281eaf6a742f9ad4bc75940b73a9b186f103b45652d77dd617/detection

141.98.6.34:5554

# Reference: https://x.com/smica83/status/1944502436326002946
# Reference: https://www.joesandbox.com/analysis/1735424#iocs

pesterbdd.com

# Reference: https://x.com/BlinkzSec/status/1944803587302768937
# Reference: https://urlhaus.abuse.ch/url/3583285/

hollywoodcafeonmain.com/wplus.ps1

# Reference: https://www.virustotal.com/gui/file/eefdc013fae015be06900c47d879e402cfea2ddd6a24db11b4007ccefc27e8df/detection

104.207.148.168:8080

# Reference: https://x.com/ElementalX2/status/1945145930954469761
# Reference: https://www.virustotal.com/gui/file/6c5a89c3dd7b596fd1be2aa88eddb3234bf6f006638c9bb3e04c33f416d28080/detection
# Reference: https://www.virustotal.com/gui/file/8556f07ceb37e726a66c357cb3b76bba1eb13c21ffe85fdb37685ecfd06205db/detection
# Reference: https://www.virustotal.com/gui/file/9d95228173bf5f29bc3d26f19e2962ca65fab572095aeafd955bde7df574ee9c/detection

http://5.101.80.15

# Reference: https://x.com/k3yp0d/status/1945771813868314758
# Reference: https://bsky.app/profile/k3yp0d.bsky.social/post/3lu5l5t5eq22o
# Reference: https://www.deepinstinct.com/blog/no-macro-no-worries-vsto-being-weaponized-by-threat-actors
# Reference: https://www.virustotal.com/gui/file/b3282dc58ad961911d94b712cea11f649b0ba785d7ff74d7ed9946e1260dd521/detection

34.241.171.114:443
classicfonts.live

# Reference: https://www.virustotal.com/gui/file/f1c217fa4e46b9a4df22adea62d1acd4f3016c1aac17737611f4f178bfcf1bc1/detection

http://89.221.217.65

# Reference: https://www.virustotal.com/gui/file/ae71cb4c8c5c46b04e12731f9184f829e5f4fb71460fda8089ece9aeaf815aee/detection

illegalwebsite.com

# Reference: https://app.validin.com/detail?find=powershell%20IEX(New-Object%20Net.Webclient).DownloadString(http%3A%2F%2Fde1c5dc3da78.eu.ngrok.io)&type=raw&ref_id=5c1a9b34db7 (# 2025-07-19)

de1c5dc3da78.eu.ngrok.io

# Reference: https://app.validin.com/detail?find=powershell%20-WindowStyle%20Hidden%20IEX%20(New-Object%20Net.WebClient).DownloadString(%27https%3A%2F%2Fshinobotps1.com%2Fdownload_get.php%27)%3B&type=raw&ref_id=5c1a9b34db7 (# 2025-07-19)

shinobotps1.com
shinohack.me

# Reference: https://www.virustotal.com/gui/file/35f27fb2e665ca608d9b94ba89750ed27aed82aa554806ebe3d8ce9bec7508dc/detection

pa.reyes-holdings.uk

# Reference: https://x.com/smica83/status/1947624319430922338
# Reference: https://tria.ge/250722-nrah9svwbz/behavioral1
# Reference: https://tria.ge/250719-q8eweswqv9/behavioral2

66.63.187.20:8000
burden-psp-holding-evaluation.trycloudflare.com
j-bookmarks-annie-possess.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/a31eba665f419b0d35d43cbb84ba31851cb6bdef6bf2ac239866bdcda532342f/detection

intuite.icu
intuite.info

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/IPPortC2s-90day.csv (# 2025-07-26)

195.66.213.157:443

# Reference: https://x.com/1nt3l_hunt/status/1949849917599400278

87.121.221.113:9090

# Reference: https://x.com/volrant136/status/1949856151610233052

doublecounter.cfd
doublecounter.fun
doublecounter.top

# Reference: https://x.com/ShadowOpCode/status/1950933939998097676
# Reference: https://www.virustotal.com/gui/file/54ed8df92b06ede84497598d70f41779697ee4a03c8fc1496a47ea0ea45d1ad9/detection

http://216.9.224.88

# Reference: https://www.pointwild.com/threat-intelligence/trojan-winlnk-powershell-runner
# Reference: https://www.virustotal.com/gui/file/506ecb76cf8e39743ec06129d81873f0e4c1ebfe7a352fc5874d0fc60cc1d7c6/detection
# Reference: https://www.virustotal.com/gui/file/d6811b643d0ec877760e780d87a0993e04d3b37177f8e004f913e25b5a5faefe/detection

mal289re1.es
uldg354.eu
shipping-hr.ro

# Reference: https://x.com/1ZRR4H/status/1952495584730071482
# Reference: https://www.virustotal.com/gui/file/aa23f21bae3d3bbe722bcd03aaf8c440bede9a5ec01d3840f87567ea41925c98/detection

http://144.91.103.204

# Reference: https://x.com/smica83/status/1952416486343229708
# Reference: https://tria.ge/250804-vm5xyas1bv/behavioral1

andrefelipedonascime1753562407700.0461178.meusitehostgator.com.br
/JIBXKFGnby_3/

# Reference: https://x.com/smica83/status/1952409663367975089
# Reference: https://www.virustotal.com/gui/file/8c882a44da33b7ea1e3992423525404c785570008ec9cac0e41027912ad6e23c/detection

http://64.7.198.123
96.9.124.209:8080

# Reference: https://www.virustotal.com/gui/file/fc1ebd19fb145efc56c192c3f6baa32a0f69311c995b2316cf13371316b53ec1/detection

control2lecture.store
hungnzshinklshk.ink

# Reference: https://x.com/smica83/status/1954613441009750341
# Reference: https://www.virustotal.com/gui/file/10dd3d8c69c28d05aa1b29440d576362ecc901c5da270d655ff1a853f732e73a/detection

3-4px.pages.dev

# Reference: https://x.com/smica83/status/1954897718524232137
# Reference: https://www.virustotal.com/gui/file/cd5fd6a6e81efd1eade5693597330c7cd1476ebbf5f425e0ac476d4a2ad4f4cf/detection

valmamagenta.workers.dev
telegram-worker.valmamagenta.workers.dev

# Reference: https://x.com/ShadowOpCode/status/1954853970012238296
# Reference: https://www.virustotal.com/gui/file/508591e3e426219da8658096aa48fa5658ef6ef67badcf4c4f316d5396578feb/detection

doublemanfs.com

# Reference: https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8
# Reference: https://www.virustotal.com/gui/file/c7e13b2ad0523b701e1ccbfe6cb77d63b55c6a41f645bc9a6c98c8d8ff82c61b/detection
# Reference: https://www.virustotal.com/gui/file/97eba8090a2a043125862667d9d37dc0e1a36613ac7e3a37826e56d63a78bc73/detection
# Reference: https://www.virustotal.com/gui/file/846dd064b89ba2eea0cdea76f4f660fd2ebc0bb4c007b10f46e565c9ec9848a9/detection

178.250.188.57:38493

# Reference: https://x.com/ElementalX2/status/1955509557272203486
# Reference: https://app.validin.com/detail?find=188.244.191.61&type=ip4&ref_id=4d62866933c#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/20665f5812fa6ed99ebef18203e0d333805728ceb7342afdbbb33e6579040edc/detection

216.239.32.21:7070
216.239.34.21:7070
216.239.38.21:7070
blog.ddnsking.com
blog.hldns.ru
blog.sytes.net
blog.zapto.org

# Reference: https://www.fortinet.com/blog/threat-research/clickfix-to-command-a-full-powershell-attack-chain
# Reference: https://www.virustotal.com/gui/file/bc157725ccfe5c3c0fbd8e1c0361defec593601eaa42a9a8dbff93309148cc38/detection

pharmacynod.com

# Reference: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2025/08/ps1bot-malvertising-campaign.txt

http://109.120.179.170
http://131.174.164.238
http://147.45.45.168
http://181.174.164.12
http://181.174.164.170
http://181.174.164.180
http://181.174.164.2
http://181.174.164.201
http://181.174.164.238
http://181.174.164.47
http://213.176.113.168
http://5.252.153.94
http://62.60.178.24
http://77.110.116.227

# Reference: https://x.com/JAMESWT_WT/status/1955883901299101776
# Reference: https://www.virustotal.com/gui/file/d51f81ee026df39447143b67eaf16326c30e0c9477c0d50507f1fbfffe53abd6/detection

102.135.95.102:7777

# Reference: https://x.com/ShadowOpCode/status/1955988458645668169
# Reference: https://app.any.run/tasks/36e5dd2e-5674-48e5-90c1-1653d53b3f7b

macino21.gt.tc

# Reference: https://www.virustotal.com/gui/file/219aac79d17dacb27f7fd1fbd62a435f3b4ea7054d086e8962fafe334dc55680/detection

84.21.189.228:5504

# Reference: https://securityaffairs.com/181203/cyber-crime/encrypthub-abuses-brave-support-in-new-campaign-exploiting-msc-eviltwin-flaw.html
# Reference: https://app.validin.com/detail?find=a959f63897979d907ef8ad21e2c971ae&type=hash&ref_id=3bdd9b9ae65#tab=host_pairs (# 2025-08-17)
# Reference: https://app.validin.com/detail?find=1ca931e6876392468fdb732e580cf7ad&type=hash&ref_id=3bdd9b9ae65#tab=host_pairs (# 2025-08-17)
# Reference: https://app.validin.com/detail?find=80d8bea73badb21e88306c6f387aed64&type=hash&ref_id=3bdd9b9ae65#tab=host_pairs (# 2025-08-17)
# Reference: https://www.virustotal.com/gui/file/eab7d0b897d425a2fce561a609692d810a456e93956cb0db1843f823be406bc7/detection

audiorealtek.com
bitacid.net
cjhsbam.com
reaitek.com
rivatalk.net
soft-gets.com
xn----8sbn4abdhnl.com
api.rivatalk.net
fastdomain-uoemathhvq.workers.dev
safesurf.fastdomain-uoemathhvq.workers.dev

# Reference: https://x.com/JAMESWT_WT/status/1957028393221800020
# Reference: https://tria.ge/250817-lypknatzew/behavioral1

196.251.72.192:1234

# Reference: https://www.virustotal.com/gui/file/5f3e26e42fd5e449cb388298ca92e36434c21705d6db45226d10ecdb11dfee8d/detection

95.164.53.214:5554

# Reference: https://x.com/smica83/status/1957723516918460493
# Reference: https://www.virustotal.com/gui/ip-address/31.57.35.90/relations
# Reference: https://www.virustotal.com/gui/file/3860ee4d50aafb58a16ed8713cbdebc2bb044b61c2475c38848660bb0d25b093/detection
# Reference: https://www.virustotal.com/gui/file/035bcada4326a06d28fb3b6aa9e833facc5b9e1fe2eb931a53dd1ac2050b1b67/detection

http://31.57.35.90
31.57.35.90:9555
esdras.ddns.net
farzads.asuscomm.com
neoesdras.ddns.net

# Reference: https://x.com/smica83/status/1957719173959733371
# Reference: https://tria.ge/250819-j5vzxa1rt4/behavioral1

provrm.ru
/d1ovu/pon/raw/refs/heads/main/res.bat

# Reference: https://x.com/smica83/status/1958604670135673077
# Reference: https://www.virustotal.com/gui/file/f7aa5a03767a01c819d6b504b70ad1f1cc51a269f17346787512746a5af3573d/detection

/k53xupn43/i965652f/refs/heads/main/m.ps1

# Reference: https://x.com/smica83/status/1958799973773942959
# Reference: https://x.com/JAMESWT_WT/status/1960296641728012587
# Reference: https://tria.ge/250822-jr8nvadp9x/behavioral1
# Reference: https://app.any.run/tasks/45637a70-ead4-4141-91de-31b51ecdcbdb

103.63.28.71:1433
103.63.28.71:2024

# Reference: https://x.com/smica83/status/1958804084879741067
# Reference: https://www.virustotal.com/gui/file/fe814a3b59fc8e874288f81c96625ccba75a07b953bef3ac8d6acd4832f51d53/detection

/hectorp12/respaldo1212/main/cmd.txt

# Reference: https://x.com/smica83/status/1958921706979963239
# Reference: https://tria.ge/250822-teev4swqs4/behavioral1

/api/file/wQ4vTmBA

# Reference: https://x.com/JAMESWT_WT/status/1959198084556267909
# Reference: https://app.any.run/tasks/56cc97d3-31e4-4b6f-aa99-ec2f28e7182d
# Reference: https://www.virustotal.com/gui/file/b018115f3ccac4d1b0fd586e6ab8da27492cbe53dbaa87a4bf42ef7fd79d0803/detection

huygtryguh.lol

# Reference: https://x.com/smica83/status/1959719935908643203
# Reference: https://tria.ge/250824-zhbwhsyvct/behavioral1

pottery-determination-oakland-kingston.trycloudflare.com
victim-mar-tones-outreach.trycloudflare.com

# Reference: https://x.com/smica83/status/1959585629647647007
# Reference: https://tria.ge/250824-n253xstzbx/behavioral1

bbrlxwtkbgvpnpfykexu.supabase.co

# Reference: https://x.com/k3yp0d/status/1959853255074189455
# Reference: https://app.any.run/tasks/eb4538dc-7efc-4e8c-a642-cc1251eba849
# Reference: https://www.virustotal.com/gui/ip-address/91.245.254.76/relations
# Reference: https://app.validin.com/detail?find=9b8a19bce8022f7cddff522e62c63dfc&type=hash&ref_id=6b92f485b65#tab=host_pairs (# 2025-08-25)
# Reference: https://www.virustotal.com/gui/file/c7e9bb895c490c5fe8db36a67a3393e1a3d0b49ffb8c0fe0cb3f4272b7a9e3ec/detection

1kkk-ebr.pages.dev
1kkve.pages.dev
70addb0e.redirectto-zz6.pages.dev
actupon.it.com
approving.it.com
are-you-human.pages.dev
begins.it.com
benten.ink
bestpicked.best
blabberingmate.com
brightsite.it.com
buzzingflybees.com
bx55kelly.pages.dev
carabineros.top
cloudingcdn.biz
desiload.art
desmok.shop
ferari1.email
ferrabits.com
flashwebonline.org
fre-sec.pages.dev
gemmrktoffer.org
gocomplete.it.com
gucproceed.pages.dev
hencook.work
jekitech.cloud
lanterncoast.com
leadingzones.live
letscomplete.it.com
letsprove.it.com
lilder.top
llder.top
loadingnext.fit
monakovi.pages.dev
nextstepgo.pages.dev
nowget.it.com
onward.it.com
passon.it.com
pestern.pages.dev
power-walk.info
prass.pages.dev
proceed.it.com
proceedingto.pages.dev
redirectto-zz6.pages.dev
resolviaglobal.com
ritavoi.com
robinvilla.it.com
royce.city
roycebits.com
royevita.com
rusu.blog
saintlaur.pages.dev
secad.pages.dev
secas.pages.dev
serveweb-2rj.pages.dev
singlelink.pages.dev
speedyhare.club
spintowin.shop
ssdash.pages.dev
summitvia.com
tesesern881.pages.dev
turismo555.website
tutag.top
urusbits.com
uruvita.com
venai.pages.dev
verify-if-human.pages.dev
visithub.best
yexteral.pages.dev

# Reference: https://www.virustotal.com/gui/ip-address/87.251.69.66/relations

aryudrfesr.buzz
brtygfwfrt.buzz
cdnsecure.best
cloudsecuity.best
cloudsecurity.best
crwecgivgy.buzz
drioaryase.buzz
errtjhohyu.buzz
passto.it.com

# Referecne: https://x.com/Merlax_/status/1960048599678493033
# Reference: https://www.virustotal.com/gui/file/3552b1fded77d4c0ec440f596de12f33be29c5a0b5463fd157c0d27259e5a2df/detection

mezi.bet
rs.mezi.bet

# Reference: https://x.com/k3dg3/status/1959997478335648092
# Reference: https://tria.ge/250825-sehrbsak7v/behavioral1

185.28.119.179:1234

# Reference: https://x.com/smica83/status/1960344607226531966
# Reference: https://tria.ge/250826-rea6tazsht/behavioral1

http://168.100.10.73
168.100.10.73:5000

# Reference: https://x.com/smica83/status/1960614147990683698

/hi4201225/gv725/
/ud-progen2/725-mrw/

# Reference: https://www.virustotal.com/gui/file/3ad68200bdff9069561ff7bf99a913ee24ad8409398dde4f3adb5d6cbea07788/detection

212.22.86.82:2020

# Reference: https://x.com/JAMESWT_WT/status/1963825407939006749
# Reference: https://www.malware-traffic-analysis.net/2025/09/03/index.html

85.209.129.105:2020

# Reference: https://x.com/drb_ra/status/1961062947175694451

185.235.178.14:443

# Reference: https://x.com/JAMESWT_WT/status/1961292003620102532
# Reference: https://app.any.run/tasks/c098d1df-add9-4995-b164-1c20c1fd51be
# Reference: https://www.virustotal.com/gui/file/e5b8a45ac9d7d834bb73cff512a680bf0926d97ee5410601f503b27cbd80bbb4/detection
# Reference: https://www.virustotal.com/gui/file/7309e3ed236fcf61a68680a73fc6f8c740476504cac0dd6b2dd31b7331fec7e9/detection

bilaskf.com

# Reference: https://www.virustotal.com/gui/ip-address/176.96.137.225/relations
# Reference: https://www.virustotal.com/gui/file/e7a7afbb64b3329705966fa898676d24d95967a7a782ccaccebf7713a68bbb47/detection

app-download-pc.accesscam.org
app-download-pc.freeddns.org
app-download.loseyourip.com
app-driver.kozow.com
dcccd.accesscam.org
downlad-x.casacam.net
downlad.camdvr.org
shorten-urls.kozow.com
shorten-urls.work.gd

# Reference: https://x.com/smica83/status/1961680045438558405
# Reference: https://tria.ge/250830-heq3lavwax/behavioral1

andrefelipedonascime1756166725866.0531865.meusitehostgator.com.br

# Reference: https://www.virustotal.com/gui/file/bd7f85666f40b09884c13443a404389ba18708d3c8cafca7371522f563d83856/detection

http://5.8.19.43
5.8.19.43:443

# Reference: https://x.com/JAMESWT_WT/status/1963463508353286359
# Reference: https://app.any.run/tasks/b007ae14-b021-4d3d-9e71-7f3b2d5fa508
# Reference: https://www.virustotal.com/gui/file/e2773afcc680bcafa076687dd51785fa99b0fba77e4765b1c4f64b6278522edd/detection

biokdsl.com

# Reference: https://x.com/BlinkzSec/status/1963186318382452968
# Reference: https://www.virustotal.com/gui/file/61ec38741f1b45c5e797ab56bedc01f63fb089d1946f978a1ba735602e2cb455/detection

starmanx.org

# Reference: https://www.virustotal.com/gui/file/789df0bfdf91c7990542d571597ab7baf8789fb114bd2426ba595d116870f22e/detection

81.21.1.205:4531

# Reference: https://www.virustotal.com/gui/file/ee4960b8b58b91c85ee01ebc6f40752dd0dcb04c2695428da507484670f1091a/detection

34.132.183.57:5552
frygzjyhtiunvhvnacif.supabase.co
win2325.webredirect.org

# Reference: https://x.com/malwrhunterteam/status/1964034069894754812
# Reference: https://www.virustotal.com/gui/file/56aa74793533fdcfd26449e66295adb31a920afc9993005c27a4e274f4196f4a/detection
# Reference: https://www.virustotal.com/gui/file/84f34f24a7f7852ac1c5e99ec3de6e215138d7b8a39514963dc6596945b105d8/detection

http://185.193.125.160
ololo-dsj.pages.dev
yr52byzdja.pages.dev
42a25631.yr52byzdja.pages.dev

# Reference: https://x.com/smica83/status/1965698562706313405
# Reference: https://tria.ge/250910-kner2axxbz/behavioral1

5.2.217.61:4444

# Reference: https://x.com/ShadowOpCode/status/1966143414489227695
# Reference: https://www.virustotal.com/gui/file/37e96cc01fcf657c68d05cb1814e63eaa46582c21a23edec1a8e5d6d81257f9c/detection

rihby.com

# Reference: https://www.virustotal.com/gui/file/081921671d15071723cfe979633a759a36d1d15411f0a6172719b521458a987d/detection

80.253.249.186:5504

# Reference: https://www.virustotal.com/gui/file/0127c758de634d04ae1c721ad2d8ce63574366e83dd140ad1a34d8f75418b712/detection
# Reference: https://www.virustotal.com/gui/file/5534ca1aa6be7ecd2f94e13509d9d464579b6e5ee87b02884bceee424dfe999e/detection
# Reference: https://www.virustotal.com/gui/file/807e2578fb2c305ec05b9378ee3f8cc6cab2ca431313d3b84d6f0db6ee8f5656/detection

csend.net

# Reference: https://x.com/smica83/status/1970604652694585853
# Reference: https://www.virustotal.com/gui/file/e1fe9bbaaf7f480d6e8404c2f87d76d61abeace6120ee39b327af8188d1076a8/detection

ms-distro.space
appl.endl.site
sixsixsix.ms-distro.space

# Reference: https://x.com/solostalking/status/1971560418041819283

neutronsparty.live

# Reference: https://tria.ge/251001-njz4ysxlx7/behavioral1
# Reference: https://www.virustotal.com/gui/file/03446e7dc87a01a5eac65bc3d82b02a488393cd2d6bd213ab3d90ffca25d6456/detection

134.255.211.63:8443
garphicbelos.com
sub.garphicbelos.com

# Reference: https://x.com/smica83/status/1975087975831843078
# Reference: https://www.virustotal.com/gui/file/b521c89d99dfd6a4e14d93db4a226a484ca6297b699d8dc716156dda84bd22a5/detection

elegant-starburst-d473a1.netlify.app

# Reference: https://x.com/smica83/status/1974947405910155548
# Reference: https://www.virustotal.com/gui/file/1bcc710829bf29f31834501f4b331d89089c16f1c3bf9fefcaabd8c3ead66aad/detection
# Reference: https://www.virustotal.com/gui/file/6742c888a46175c1667d5f5c8eb50bbd902ec9104d14a6a8c0b44c613f1a5a81/detection

178.17.62.9:81
178.17.62.9:82
sslprouser.online

# Reference: https://x.com/smica83/status/1974938930278694920
# Reference: https://www.virustotal.com/gui/file/5a6eb07f992dcbbd97a391e455332bbeaeca1174739d98de2dbbead7e6e346c8/detection

seagreen-capybara-853936.hostingersite.com

# Reference: https://x.com/smica83/status/1974241200837198052
# Reference: https://www.virustotal.com/gui/file/1a9d6a860d046af0c18dc02a3e445c9bf70a55b6aa3f55b48f0e82241eef1d19/detection

facturastbs.shop
grupoatvsac.com
grupouwle.it.com
midasx.site
mnfgrupo.store
affs.grupoatvsac.com
bmx.mnfgrupo.store
cgf.facturastbs.shop
cgf.midasx.site
md.grupouwle.it.com

# Reference: https://x.com/smica83/status/1973792161289416786
# Reference: https://www.virustotal.com/gui/file/036501416a25798cc43e7f156fec0eb33485bb5da2be4a924714463f4248f1a9/detection

apocolypser.s3.us-east-1.amazonaws.com
reporter9128.s3.us-east-1.amazonaws.com

# Reference: https://x.com/smica83/status/1975137863999381806
# Reference: https://www.virustotal.com/gui/file/a2f153c69a85cedabb5f56c03d669b3b3cd8c6251df6cdd22612173e0a4e1411/detection

bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi.ipfs.dweb.link
bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi.ipfs.w3s.link
/ipfs/bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi/
/bafybeih7yhidsxpjat2izpmos5tnah5mi24xr3hhltfb3zlhhnsry4ncbi/

# Reference: https://x.com/smica83/status/1975194167564460309
# Reference: https://x.com/skocherhan/status/1975228835575759210
# Reference: https://www.virustotal.com/gui/file/96049994641fea4958fbd17eff8bd04aeade173ead38a04989637a33cbda74c2/detection

147.185.211.211:33519

# Reference: https://x.com/cyber_ra1/status/1976170806637101401

45.43.11.138:8000

# Reference: https://x.com/suyog41/status/1976256819447132170
# Reference: https://www.virustotal.com/gui/file/dd2bbd0f59d2b87a971380e97cb759caf3192aa05617fd19d7a6a15218549c96/detection

globalsources.world

# Reference: https://x.com/smica83/status/1976904744817078499
# Reference: https://www.virustotal.com/gui/file/b7e4f3359bd414470423ca62f7ea1ac497cad0aed6ad60df2217527fff2679cf/detection

meusitehostgator.com.br
009423af623840eb89fb1759543879431.1851946.meusitehostgator.com.br

# Reference: https://x.com/BlinkzSec/status/1977041350643401174

38.128.251.126:7895

# Reference: https://x.com/smica83/status/1978600894217269424
# Reference: https://www.virustotal.com/gui/file/9cfdd19ba384d9b247c12d49368dbbe0720dc020e28c9af32a37f7c5edcb5be8/detection

nullarmor.cc

# Reference: https://x.com/smica83/status/1978771256762606024

http://45.9.148.46

# Reference: https://x.com/Malwar3Ninja/status/1978352792398856319

85.209.129.37:5504

# Reference: https://x.com/skocherhan/status/1978568094072156558

asusdriver.live

# Reference: https://x.com/smica83/status/1978880380187938929
# Reference: https://www.virustotal.com/gui/file/84f6f3a7c219b94c9689601a4b179880b12d661f38456f38f3b4e197566855f2/detection
# Reference: https://www.virustotal.com/gui/file/b67fb83392e59d2c62ba606c44cfaa9141d98bd7fed7028539b5ea70cc24ed87/detection
# Reference: https://www.virustotal.com/gui/file/cc5366e31fdaaad3fda3936f9ba67fce2e9c38f34c0607bea1a3855189edd4c0/detection

http://185.208.158.42

# Reference: https://x.com/smica83/status/1980712647260766425
# Reference: https://www.virustotal.com/gui/file/b36a0c0fee4f14ca2440825cd6c93578b8572c28a2cf817ee9b795a2091a52a0/detection
# Reference: https://www.virustotal.com/gui/file/4491d37941a3a2b1d42170a1679185b886252862063b8dd543440634bb7d5cfb/detection

44.210.117.2:157
44.210.117.2:50493
44.210.117.2:7411
rustenvolvedplus.mmafan.biz

# Reference: https://x.com/JAMESWT_WT/status/1981032559275278629
# Reference: https://x.com/JAMESWT_WT/status/2005189118746394709
# Reference: https://www.virustotal.com/gui/ip-address/45.144.53.213/relations
# Reference: https://www.virustotal.com/gui/file/57fd776598ff331aea5318dd21e976fec224b604537b358898d10763adea0a8b/detection

2bknb.com
2fa-acc.com
2fa-bks.com
2fa-bz.com
2fa-mc.com
2fa-sb.com
2fa-vrf.com
2fa-vrs.com
2vbkb.com
2vbks.com
asvrdf.com
asxms.com
asxvc.com
avrfd.com
bkbknx.com
bkn-svn.com
bknca.com
bkndmn.com
bknsvf.com
bknvns.com
bknvrd.com
bknvrdmn.com
bksvfd.com
bkvzr.com
bkxvd.com
bkxvnx.com
bkzvr.com
bokcts.com
bokinse.com
boknsh.com
bokprsec.com
bookmzi.com
bookn-conf.com
bookrsi.com
bookxmm.com
bookzq.com
cbknvf.com
checkvrf.com
cpsvfd.com
cpthhs.com
cptvrf.com
gbknvf.com
gvrfd.com
h-network23.com
hhs-lnk.com
hhscpl.com
ibvrfk.com
msf-teams.com
mst-teams.com
nbkvr.com
nvrfn.com
sftinst.com
teams-mst.com
tradeviiuew.com
tradevuiew.com
tradingviewcx.com
tradingviewsc.com
vbknx.com
vbkrn.com
vkbnv.com
vrfdns.com
vrfnbk.com
vrszx.com
vrxds.com
vsrfd.com
wcptf.com
zoom-cnf.com
zoom-lnk.com
zoomcnf.com
zoomsrvc.com

# Reference: https://www.virustotal.com/gui/file/0017a6ce03de74afb8343d26140d92dbf2c4683c89aa5e79ec324d530ccb250d/detection
# Reference: https://www.virustotal.com/gui/file/d186c51207155682981b5ce468545ba878b4bea19e8324377a4811ea86a21afb/detection
# Reference: https://www.virustotal.com/gui/file/e7f459ae907c0bfe33c825ba54b1cfb18df94c4247af053615a15f32eba387ae/detection

134.195.90.207:51865
171.22.79.135:51865
lnsyhxsc.com

# Reference: https://x.com/smica83/status/1983163906131710020
# Reference: https://tria.ge/251028-qqpmxawqdn/behavioral2

http://62.60.179.230

# Reference: https://x.com/JustWantToQ1/status/1983248971175776338

http://74.48.140.160

# Reference: https://www.virustotal.com/gui/file/afa7541526a92e40af85a67393e02df631a3b591cac110bf5c1e0774167e1b76/detection

82.118.22.155:4444

# Reference: https://www.security.com/blog-post/ukraine-russia-attacks

185.145.245.209:22065
ciscoheartbeat.com

# Reference: https://www.virustotal.com/gui/file/cc7cd6f43f862528fc1ec72cbb17fe040eec61f1e84118c73ec586fd634c538d/detection

erspce-all.s3.dualstack.ap-southeast-1.amazonaws.com

# Reference: https://x.com/JAMESWT_WT/status/1984540688986386523
# Reference: https://app.any.run/tasks/45713e99-9b34-44dd-8c9e-a1eb82fe3012

45.135.232.149:9999
bilkaso.com
kakapupuneww.com

# Reference: https://x.com/BlinkzSec/status/1984562610772087157

http://178.16.53.64

# Reference: https://x.com/smica83/status/1985032767365849598
# Reference: https://www.virustotal.com/gui/file/c011f71a30177b61fd2d4bfce7057ef3f3c3b9e455f0eda2789d563a7a548d2b/detection
# Reference: https://www.virustotal.com/gui/file/ff2dc7d90d6da16ea6d0692faa911017a60ea67935e9235bf06a43c0f1e89951/detection

http://185.208.158.126

# Reference: https://x.com/smica83/status/1986143896963776795
# Reference: https://www.virustotal.com/gui/ip-address/64.190.113.6/relations
# Reference: https://www.virustotal.com/gui/file/a2677edad28346f8bb1eae1b477d70b082316ae69a1e1da76a2863fc3cd6433e/detection

72.5.43.147:7777
bleckckncdcjcbj.top
ihineeegamfnhin.top
oieyrz41.top
yvbzt2261.top

# Reference: https://x.com/smica83/status/1986933039721533897
# Reference: https://www.virustotal.com/gui/file/d5dd5ff3f7cdac526cff6dc8aa166e553665656a31ea331c8634dff60f52525e/detection
# Reference: https://www.virustotal.com/gui/file/057349014da18f4b265bbc22d63a2c5232eb6a5693d1fcb6bc85803ae68b9262/detection

http://91.108.248.20
91.108.248.20:8443
declaration.linkpc.net

# Reference: https://x.com/smica83/status/1987097598390390953
# Reference: https://www.virustotal.com/gui/file/c809455732654c98bc433606ecf280c15a6fb47bcd4dfef0d1308f6fbfd9c91d/detection

dandzone.pakasak.com
manufacturers-archive-romance-purposes.trycloudflare.com

# Reference: https://x.com/smica83/status/1987109558225977588
# Reference: https://tria.ge/251108-mt26maem5y/behavioral1

104.194.153.132:4443

# Reference: https://x.com/malwrhunterteam/status/1987886836039967021
# Reference: https://www.virustotal.com/gui/file/49afb7cd00552939ba01d4b1b3d06c063f6b36f2b43e4baf373abb486415331d/detection

http://185.223.93.102
http://45.159.189.85

# Reference: https://x.com/malwrhunterteam/status/1988307858937835937
# Reference: https://www.virustotal.com/gui/file/60b773b42e4efb5beb0c867f60f4a3175481cfea60a29df3cb72307d45f69fba/detection

http://45.144.53.73

# Reference: https://x.com/malwrhunterteam/status/1988673787135742011
# Reference: https://www.virustotal.com/gui/file/d6cb10bf0fade5f85562c6c700396b0dafc694a575f5d97472db52ee53b54dd4/detection

http://194.14.217.88
approve-cdn.com

# Reference: https://x.com/YungBinary/status/1989157220601475134
# Reference: https://www.esentire.com/blog/evalusion-campaign-delivers-amatera-stealer-and-netsupport-rat
# Reference: https://github.com/eSentire/iocs/blob/main/Amatera/Amatera-IoCs-11-12-2025.txt
# Reference: https://www.virustotal.com/gui/file/a91ba72c69a7092a1799642943ef7f8ddc484f5e14897c86a9fe80f24bb050df/detection
# Reference: https://www.virustotal.com/gui/file/ac7b607fbeb126a19b4f7dbd8686d6436b20b2ab654471e23429cc23dd47410b/detection
# Reference: https://www.virustotal.com/gui/file/9583c92a219a687517e89f15af4fb957262a8734a10239bf06b740e5a8b87b69/detection

http://87.120.219.26
congenialespresso.top
/P9m4H7S2FqDTof

# Reference: https://x.com/444hex/status/1989430879215915265

sistemdetect.com

# Reference: https://x.com/smica83/status/1988873478410322171
# Reference: https://www.virustotal.com/gui/file/53141f18f17296807e2665f7583d00b1c5dd3313f0161958bdd6bc9b3b9b8b20/detection

142.202.191.188:1112
diskloocryfull.dynuddns.net

# Reference: https://x.com/smica83/status/1989637484050092380
# Reference: https://tria.ge/251115-l73tmszkem/behavioral1
# Reference: https://www.virustotal.com/gui/file/55b3ec4ebfe1a2765ecbb18c84b9e70779774d56ab42778b09e83f02e3df7934/detection

94.103.1.168:56001

# Reference: https://x.com/solostalking/status/1990086911545794998
# BANNER_0_HASH-HOST=c46649b95f7b872a62e65e80c3345fdd

cooluploadsbro.com
primarysettings.support
safeguard-verification.support

# Reference: https://x.com/malwrhunterteam/status/1990484740995260818
# Reference: https://x.com/malwrhunterteam/status/1991813938586214631
# Reference: https://www.virustotal.com/gui/file/3894c76e9fb7180d6f0a94e70899440573abb79ce60792c85f7ee4ea66281530/detection
# BANNER_0_HASH-HOST=bc86d8227b96b0b052a9aedf0706df7a
# HEADER_HASH-HOST=e4c09a4fa28e3122136d

http://82.118.16.207
approveclf.biz
approveis.info
download2042.xyz
freemacapps.online
h3kkk.com
olyadw.pro
sounbo.pro
tcatex.pro

# Reference: https://x.com/solostalking/status/1991018224067002822

http://185.107.74.188
nondoc.icu

# Reference: https://x.com/malwrhunterteam/status/1992205477820903500
# Reference: https://www.virustotal.com/gui/file/bcc059cc520871d1564b26fd79b9068d9e7a9666596c0435a98c5a0f299b5f28/detection

hcidoc.in

# Reference: https://www.virustotal.com/gui/file/95f2de6e59c3c8143dc33ea94f58b466862d45f96cb818a0c89e2a7a55cc2026/detection
# Reference: https://www.virustotal.com/gui/file/cb5e19f593f1a08ef2077adcf1624d0c0f26410ad4bcc803be7ec8970709c029/detection
# Reference: https://www.virustotal.com/gui/file/cd9dd04fdff36c8e81afd446653e19d2c68360714376f7128fc731744927ea68/detection

http://146.185.239.63

# Reference: https://www.virustotal.com/gui/file/5c62d25e7aaa8e2b5b8fe4568b317851f6e5f667102b142b8d25cc05c892f270/detection

http://45.83.140.12

# Reference: https://www.virustotal.com/gui/file/2a3933510838227a8c52052ede82f52a858aad9ebe37415fe6bdf679870feea7/detection

recogb.cfd

# Reference: https://x.com/Officialwhyte22/status/1992488535824212125

http://185.225.28.90

# Reference: https://x.com/smica83/status/1993759792184057927
# Reference: https://www.virustotal.com/gui/file/11c4b0b31bd4d6a34d6c558c66b77b96f3a89125910623d9642e9f5f942c320e/detection

http://5.8.19.46

# Reference: https://x.com/smica83/status/1993761123967905932
# Reference: https://www.virustotal.com/gui/file/2fcfbc1f258d5762cfcf5f72623ccf631babadcc5a99e2220f1850082d96b4ba/detection

http://146.185.239.63

# Reference: https://x.com/ex_raritas/status/1993746960524726331

http://46.8.226.22

# Reference: https://x.com/malwrhunterteam/status/1994441533731307664
# Reference: https://www.virustotal.com/gui/file/65a1d8ca5284d70df6a0a5cbd9a69c11c87e8cf7c17483aa213c31fe544c9c9f/detection

mowal67825.workers.dev
tiny-queen-ada8.mowal67825.workers.dev

# Reference: https://x.com/malwrhunterteam/status/1993429603554410766

5.230.45.198:8000
5.230.45.198:8080
5.230.45.198:8081

# Reference: https://x.com/SquiblydooBlog/status/1994746083260731487
# Reference: https://x.com/SquiblydooBlog/status/1999454278512181462
# Reference: https://www.virustotal.com/gui/file/e132be181eb9a803a95b4009de529fa1db1ccc7b8fc8b19dc17d1b9eb26bac14/detection
# Reference: https://www.virustotal.com/gui/file/8cb3a5a1a3ae192018049dcbf37f58678e0c21323f9ddd7e1201d695d1b1826b/detection

http://188.137.248.240
http://85.192.49.248

# Reference: https://www.virustotal.com/gui/file/9982e94fd9d15feb5696d9463e9e9b980ea26d97ac735b836b0db36436b0aafb/detection

musicpub.s3.us-east-005.backblazeb2.com

# Reference: https://x.com/tuckner/status/1996735619955855387
# Reference: https://app.any.run/tasks/238a0727-b9e1-4149-a347-51e45b9ee852
# Reference: https://www.virustotal.com/gui/file/369479bd9a248c9448705c222d81ff1a0143343a138fc38fc0ea00f54fcc1598/detection

46.105.59.197:21
46.105.59.197:40144
46.105.59.197:40207
syn1112223334445556667778889990.org
server09.mentality.cloud

# Reference: https://x.com/smica83/status/1998007402990326199
# Reference: https://x.com/smica83/status/2017694398658609190
# Reference: https://www.virustotal.com/gui/file/f22d7ab1e5580151a09461f6212fce8811a5cbfbe0413092bb6f8a9d1b53d118/detection
# CERT_FINGERPRINT_SHA256-HOST=6abed6893f41ac625302996c89d7e2635511586ee648c9c1a5cadda8233d802f

liberti.icu
loubran.cfd
vissualstudio.info
download.vissualstudio.info
mail.loubran.cfd

# Reference: https://x.com/BlinkzSec/status/1998831927495622940
# Reference: https://www.virustotal.com/gui/file/00fdf3195bf81be2eadf92339108a635871358c37396e3d9ceed6f9ca8a4acf3/detection

acro-drive.com

# Reference: https://x.com/smica83/status/1998729536230281458
# Reference: https://www.virustotal.com/gui/file/908350ecfed89b9cff83be0c4789b47b0bd145a5e9ebf117dc535a0e787e5f48/detection

http://86.54.42.162

# Reference: https://x.com/DaveLikesMalwre/status/1999195463107452946
# Reference: https://www.virustotal.com/gui/file/11c8a61135364b7bad9d9b6458cde5f1c7e6c4f1ad4557dfb320f4c240a8b6f0/detection
# Reference: https://www.virustotal.com/gui/file/7cf8b395c459caa7fb3a9517b08645f78c35ed46db30ce9a24da33e258819283/detection

azulwork.com

# Reference: https://x.com/banthisguy9349/status/2047667932008972700
# Reference: https://www.virustotal.com/gui/file/7ee11c00048bab33f590dc2e056d024ced3c22fb366a48df5ee383d9ba0ff8e0/detection
# Reference: https://www.virustotal.com/gui/file/79d957366136ba4689e5fb10c56bc9924a290f950054bd46d1e1cf82f2729e69/detection

penguinpublishers.org
ghost.nestdns.com

# Reference: https://x.com/abuse_ch/status/2000470885740769441
# Reference: https://www.virustotal.com/gui/file/09a60d89554fc8c2d3d60a82673bf8e31b600cf8ae243562a6a4d901e5f4abe4/detection
# Reference: https://www.virustotal.com/gui/file/19311f466b84973c97e1001439e42625a28b64340492db5e3ad9539057d9de00/detection
# Reference: https://www.virustotal.com/gui/file/1b372092abd1c44a679af5d619466dc5a6092726af540ac5cb8936a345075810/detection
# Reference: https://www.virustotal.com/gui/file/fe6ffeb69998a252fb9803c08ae9fb627b8ed9ef4f5fccbc0aed912099316d13/detection
# Reference: https://www.virustotal.com/gui/file/32d7cb05cdc2264b50b1286249b38367675a3dd499f635344946be07d1d65bb0/detection

103.27.157.60:5506
w2li.xyz
w2socks.xyz

# Reference: https://www.virustotal.com/gui/file/a1432c163d00964e629cbf199b69634bf44fe9d36cae4d14bfff91326018043f/detection

95.164.53.115:5506

# Reference: https://x.com/JAMESWT_WT/status/2000829956532920542
# Reference: https://x.com/skocherhan/status/2000876930887758010
# Reference: https://app.any.run/tasks/ffc6c1c7-838d-4b00-b3ad-0bc16399653a

2bkks.com
2fa-accs.com
2fa-bns.com
2fa-css.com
2vrfcs.com
bknsitv.com
bng-bsk.com
boklsn.com
bokprofare.com
bokprost.com
bokprowit.com
boksitver.com
bokverviol.com
bonskqys.com
bookmzn.com
booknx.com
low-house.com
oncameraworkout.com
tradingviewms.com

# Reference: https://x.com/tial_cl/status/1999169289794764862

103.27.157.8:5506

# Reference: https://x.com/malwrhunterteam/status/2003063100598304870
# Reference: https://www.virustotal.com/gui/file/d4eb4ff02df659fdeec17d36b77084627469623bb3c7d16383d257404b52d1c3/detection

78.40.209.32:5506

# Reference: https://www.virustotal.com/gui/file/ae5b32db7b49d5c3a8c1feb0a51c2c7debd734fff01c8218235bf396798c8556/detection
# Reference: https://www.virustotal.com/gui/file/45211fe257ad5e4d1a2abc6220087d679d03604c111373db690a3937546809ec/detection
# Reference: https://www.virustotal.com/gui/file/dc0fb15124db9fe5993143b6f120eb7052249e8ecdc3ddb59defc98b47e90c77/detection

198.13.158.127:5506

# Reference: https://x.com/smica83/status/2008967699205062750
# Reference: https://www.virustotal.com/gui/file/643fe4bf793c941d42c14c59d85fa033381652fafbd4122792c04cc0316c2d68/detection

80.253.249.176:5506

# Reference: https://www.virustotal.com/gui/file/3f306359bc6562b8cbe92d6e114b4bb6bb61f59850b17a2783d5ffc616f810b7/detection

attsimplesocial.com

# Reference: https://x.com/smica83/status/2001993485113856303
# Reference: https://www.virustotal.com/gui/file/881289c50b0da2430a3d87eb7dc5d788910f0c2b415159604628eb097bc85423/detection

http://168.231.73.143

# Reference: https://x.com/smica83/status/2002493152641585438
# Reference: https://www.virustotal.com/gui/file/414db44b4d9fb12d73498677d31432496508b29ddc68288816316e298968e641/detection

http://86.54.42.149

# Reference: https://x.com/smica83/status/2002494238450384923
# Reference: https://www.virustotal.com/gui/file/274407caf5f51c9f2d39d593b3de75aaf09953df1fd67fe1d6503a4cb2c996c0/detection
# Reference: https://www.virustotal.com/gui/file/bc1fa32164ea48f4b0a0bf0f614887b9bd642ca1c5c783f6c1bc1e4425617766/detection

http://5.101.83.21

# Reference: https://x.com/smica83/status/2002475206003364207

wonderpetak.github.io
/W0nderpet4k/

# Reference: https://x.com/JAMESWT_WT/status/2002992045225574718
# Reference: https://x.com/JAMESWT_WT/status/2002992048677200191
# Reference: https://app.any.run/tasks/87d9565b-8536-4e1d-9f59-1c24517c7082
# Reference: https://www.virustotal.com/gui/file/26971616502a27576c062bc83a4e377925348107ca7e3eb8f96e42743a9ad077/detection
# Reference: https://www.virustotal.com/gui/file/409676db97ad7c6e48fe62a71f53cde1c62f5ac2849d32d58bcb659255801578/detection

09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.usrfiles.com
backupallfresh2030.com
decjan2026.blogspot.com
hotdecjanniygga.blogspot.com

# Reference: https://x.com/RedDrip7/status/2003291923524780071
# Reference: https://www.virustotal.com/gui/file/829c4334f8a4effeade1679773057d643e06a7ff87b2510b6bfb305f6b64e7c7/detection

132.145.90.226:15002

# Reference: https://x.com/malwrhunterteam/status/2003198867194675288
# Reference: https://www.virustotal.com/gui/file/66541968931f1e22f6f0449ca345019a8621b36f3af48784c05c6e0e6a3d98e8/detection
# Reference: https://www.virustotal.com/gui/file/60342473a9adbfff7fcfde0b4cd3b910caf24704691dc3b9a174fd1ed8bfee90/detection
# Reference: https://www.virustotal.com/gui/file/33c105ff8b68bf4def06d516c3c5030432164d367e085dbd065ca04a22cffc9e/detection

166.1.60.218:7654
193.32.177.63:5001
pb6.pw

# Reference: https://x.com/smica83/status/2003647493373067695

http://178.130.46.39
64.95.10.212:443

# Reference: https://x.com/smica83/status/2005043727178309822
# Reference: https://x.com/skocherhan/status/2005375076309549264
# Reference: https://www.virustotal.com/gui/file/e5389af56fae1ed9c3eb85a96bd0f0a2493cec8129c7767bb6b792d1f583144e/detection

health-status-rs.com
advent-of-the-relics-forum.htb.blue

# Reference: https://x.com/volrant136/status/2006046298886066569
# Reference: https://www.virustotal.com/gui/ip-address/213.199.56.71/detection
# Reference: https://www.virustotal.com/gui/file/a076cfe1a27756aa9a07a9901253ca5c3cf21adb91ed2d5d3c7db993cedd1319/detection

213.199.56.64:6780
213.199.56.71:42756

# Reference: https://www.virustotal.com/gui/file/810874542cd3b3a5745674a13cb71b4084b49f82f9f54505e02e32f320a0fb1b/detection

magicalpig.com

# Reference: https://x.com/malwrhunterteam/status/2006115824281571589
# Reference: https://www.virustotal.com/gui/file/027a47997bfe86e3a703b6d8e0bcfd9844013e373864b3da8690f694ee30c7cf/detection
# Reference: https://www.virustotal.com/gui/file/599f34fb7a1108c98dc8d50d7026c463112ebd742b4645b68b9b905f65c0f41e/detection
# Reference: https://www.virustotal.com/gui/file/c82e850bde8356518593396680cd700191e1697a54075e0ba9b52f845cb1a940/detection

http://172.86.105.49
172.86.105.49:443
95.215.108.158:443

# Reference: https://x.com/malwrhunterteam/status/2006058656647835859
# Reference: https://www.virustotal.com/gui/file/f655c276abb6f67aa3d279e0a33fa654c6924e126bdaf2493f5371b698811a4a/detection

baser22.online
lebrinw.icu

# Reference: https://x.com/smica83/status/2003645513309290906
# Reference: https://www.virustotal.com/gui/file/54cbe048b4ece6183ada3ddfb8b6767d75768a53e8ff58ff4fd2678d18dceaf3/detection

223.165.5.38:443
elpaies.info
xuang.elpaies.info
zong.elpaies.info
/Gyugiujkh_14654/UIyuukj_46
/Gyugiujkh_14654/
/UIyuukj_46

# Reference: https://x.com/smica83/status/2007089539056271840
# Reference: https://www.virustotal.com/gui/file/089667f37f91f775cc02f6d5b8403d5033475f366bb1595762336722b4e45ac4/detection

cancunsds.pro
gf.cancunsds.pro

# Reference: https://x.com/smica83/status/2007865345982296447
# Reference: https://www.virustotal.com/gui/file/c8f5a4d26b10be34a2b865ad914b296f3618998d42e1c12ef0374c014b8bac58/detection

209.50.227.155:8040
209.50.227.155:8041

# Reference: https://x.com/suyog41/status/2009525373038678021
# Reference: https://www.virustotal.com/gui/file/1553bfac012b20a39822c5f2ef3a7bd97f52bb94ae631ac1178003b7d42e7b7f/detection

mid.great-site.net

# Reference: https://x.com/JAMESWT_WT/status/2009903018834268288
# Reference: https://app.any.run/tasks/c2386fbf-43b8-4f8f-a746-d5d127b72a67

addnewss.news
cilliodlitated.com
clientloginapp.help
flashsksk.com
hdjd.xyz
koskelad.com
paperspls.lol
valexcrack.com

# Reference: https://x.com/smica83/status/2010981280628851013
# Reference: https://www.virustotal.com/gui/file/c611ca779a9fb703cbe0c6943415ff5e163c8bcebbbde16c28c8d979ffcf2100/detection
# Reference: https://www.virustotal.com/gui/file/c80fa3ec24f32c24358e4239530afb13e04b50183f7bf9bd1a0df6b83b93ac9b/detection

b8217fef.thisisnotyourland.pages.dev

# Reference: https://x.com/1ZRR4H/status/2011123679107944830

5.53.125.131:81

# Reference: https://sec0wn.blogspot.com/2026/01/from-new-years-surprise-to-bag-of-coal.html
# Reference: https://sec0wn.blogspot.com/2026/01/part-2-from-new-years-surprise-to-bag.html

4e0aadf775c9md5kcgmjzj3md5r.engine10-authz-prd.in.net
fd147-api5-control-plane80-routing-mesh-prd-az1.in.net
int-api527-service75-discovery2-registry782-72core-xp03.in.net
jsgmjzj3md5kcr.152api-svc5-fd8-telemetry-metrics-collector-node050.in.net
jsgmjzj3mdax2i9hcbm5re9a2e52hhv4jp5kcr.152api-svc5-fd8-telemetry-metrics-collector-node050.in.net
mp.fd147-api5-control-plane80-routing-mesh-prd-az1.in.net
q67j6c2zqxim4zgugydc-api-svc-fd.state-manager-cache-mn02.in.net

# Reference: https://x.com/smica83/status/2011888268363907124

51.77.111.100:8570

# Reference: https://x.com/malwrhunterteam/status/2011808746695995627
# Reference: https://www.virustotal.com/gui/file/cc3d3d40dd45115d1a492998dd0a502df2f5352a555dbce0bed7da87c3a370ce/detection

voentorg.ua.ydns.eu

# Reference: https://x.com/RussianPanda9xx/status/2012289747507441998
# Reference: https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke

http://199.217.98.108

# Reference: https://x.com/netresec/status/2012170261999554765

64.190.113.206:79

# Reference: https://x.com/byrne_emmy12099/status/2012836835006033921
# Reference: https://www.virustotal.com/gui/file/03315debd0c7a253b59a6b447d0673aa3de84103ca3cd4d5b6148c018d90b39b/detection
# Reference: https://www.virustotal.com/gui/file/bd8a48d4dc71552c790a44065cce77c7592f1d00e6cbe904af01f1d164d4dd78/detection

servicelog-information.com

# Reference: https://x.com/suyog41/status/2013597388557164896
# Reference: https://www.virustotal.com/gui/file/87e0c2d7a016d4b6a1768293ced796674ba2ad936840c29fb987387a4ce30282/detection

/pandora0009/mouunifi/main/hiugbjhji.pdf
/pandora0009/mouunifi/main/oechestraioq.txt
/pandora0009/mouunifi/

# Reference: https://x.com/malwrhunterteam/status/2014339747888365676
# Reference: https://www.virustotal.com/gui/file/252c728d0356f6f2927a7051c891addfa03535fc47abe049423076038fa74e35/detection
# Reference: https://www.virustotal.com/gui/file/8636a3f8681addaa95e068d421f1dd9801cdbcd876b90df03be272f826d637fa/detection

http://185.93.89.44
http://185.93.89.85
212.34.132.119:58087

# Reference: https://x.com/JAMESWT_WT/status/2015124015992418566
# Reference: https://www.virustotal.com/gui/file/20374d96d121a5fe7d4c1308b73392d969d1fcff9e8869ebd62e161c7b10b7b8/detection

unimaxtechnologies.in
wilmypos.com

# Reference: https://x.com/smica83/status/2016976355699638548
# Reference: https://www.virustotal.com/gui/file/c1ed2d44c170e47212a9d6f71780be76775c6045bdccae77e3bf34eb14355051/detection

terazosine.fit

# Reference: https://x.com/smica83/status/2016987519624110449
# Reference: https://www.virustotal.com/gui/file/153b1be9aa2517541433ce34070f08ed262ed183a193d841e165a1560447a622/detection

20.6.131.247:8080
refund.eastasia.cloudapp.azure.com

# Reference: https://www.virustotal.com/gui/file/4314bcfb0a96897dd21632ce46900ab3d0d1c7addda2fbd5d8d2e586535f1939/detection

ghana-teer.sbs

# Reference: https://www.virustotal.com/gui/file/735951c49e1af3b9f00bfb50791ba3d26c7098a98e28d53e8225510fe730f0ba/detection

http://206.245.167.65

# Reference: https://x.com/smica83/status/2018309873851678966
# Reference: https://x.com/t3ft3lb/status/2018342914670071847
# Reference: https://www.virustotal.com/gui/ip-address/185.208.158.188/relations
# Reference: https://www.virustotal.com/gui/file/a15c9988f8d3cdb68b43dcef51bba46978fb5d2207a447dbd36e7aef8dddc553/detection
# Reference: https://www.virustotal.com/gui/file/d8498dafcd22923116bba133be9969c467953acbf3c04b365c4b725bfa590061/detection
# Reference: https://www.virustotal.com/gui/file/e59b01f23bea63893707542ef15b3e092928b52254a7134924e5a5cb6407e6e2/detection
# BANNER_0_HASH-HOST=5d67f3168e006b80abd71209c5b4fc14
# BANNER_0_HASH-HOST=aed31a0f8175f0b37a15625fe3690cde
# BANNER_0_HASH-HOST=af03500847a4c8fe004220cd9edb3fb0

115fz.kyun.li
amphetamine.kyun.li
api.newfolder.click
cloudflare-svc.kyun.li
cloudflare.kyun.li
codeinecrazy.xyz
coolservice.kyun.li
dellago.casa
dicevpn.xyz
evm-indexer.zengate-dev.com
fuckfbi.kyun.li
mail.dellago.casa
mcp.01i.uk
methadone.kyun.li
newfolder.click
ozonwork.org
panel.newfolder.click
playerdragonbike.com
russianintelligence.kyun.li
test.newfolder.click
w-panel.live
w2.kyun.li
weapon-d.xyz
weapon.codeinecrazy.xyz
whost.kyun.li
wv3.xyz
wv3link.com
zengate-dev.com

# Reference: https://www.virustotal.com/gui/file/076a6ef8784bdf5ee99d014e8a3898b8b62d5dba442a807285818ef4000b154a/detection

fastshippingsbd.com

# Reference: https://x.com/JAMESWT_WT/status/2016765297491869708
# Reference: https://www.virustotal.com/gui/file/ea455824ada64047aba9990bfa8825e807ebbd40bf21617faf0b3460af2a8ffe/detection

http://87.251.69.12

# Reference: https://www.virustotal.com/gui/file/23cb5fa202566cc5e5990176916214c4299785028ffcd7bea09d21bba69dfd6b/detection

212.34.138.4:443

# Reference: https://x.com/smica83/status/2019105662270406852
# Reference: https://www.virustotal.com/gui/file/25db9e8f7fa51bd00434cd0ed5ada9981d0fadc4147b56719c45206ea2568c2a/detection

http://46.161.0.94

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-02-03-IOCs-from-KongTuke-ClickFix-activity.txt
# BANNER_0_HASH-HOST=70b8e5e16ce5efff6b8196a3b37500a2
# CLASS_0_HASH-HOST=7dab56008f12f9c05e2ff06bd240b9cc

app.frugesta.top
app.hegmmnn.com
autrax.online
caoadvies.com
coachthuytrang.com
corporacionquicagua.com
eatlivebewellrd.com
frttsch.com
frugesta.top
grebusat.top
heatherjukes.com
hegmmnn.com
hermisron.com
icemaidencometh.com
itcy.online
liyin.party
makotosites.com
mikkelsonco.com
murazkk.com
pay.shadowintern.xyz
penningtonassociatesba.com
rfile.liyin.party
shadowintern.xyz
shopspacebag.com
spencersmithsings.com
tranzor.online

# Reference: https://x.com/smica83/status/2019371013012877631
# Reference: https://www.virustotal.com/gui/file/279144a2a073b654093ff45c991ed72e746a868a93993be661ba5c712a97a2a9/detection

http://193.238.152.123

# Reference: https://isc.sans.edu/diary/32682

uniworldrivercruises-co.uk

# Reference: https://www.microsoft.com/en-us/security/blog/2026/02/05/clickfix-variant-crashfix-deploying-python-rat-trojan/
# Reference: https://www.virustotal.com/gui/file/c76c0146407069fd4c271d6e1e03448c481f0970ddbe7042b31f552e37b55817/detection
# Reference: https://www.virustotal.com/gui/file/bc8b5281f8de521cd437a01612ac06aa14623f214cddd934ec82fc74ea2196b2/detection
# Reference: https://www.virustotal.com/gui/file/a743530682221786096fc59a4c163054c947cc6d0604c766ca0af8928a3a52af/detection
# Reference: https://www.virustotal.com/gui/file/3da7acd6e7924ada32fb1de1608874e7df58fd1cb460608a45dbdb2caf544603/detection

http://144.31.221.179
http://144.31.221.197
http://69.67.173.30

# Reference: https://x.com/smica83/status/2020805279000977760
# Reference: https://www.virustotal.com/gui/file/d95d3c8b1f7055405c66ea62fc943ae4e7b110aaf3f382b23c3c9aa1a81227e1/detection

91.92.34.238:445

# Reference: https://x.com/skocherhan/status/2020745120664936721
# Reference: https://www.virustotal.com/gui/file/121b8be27523679c3c114e3142c7ad99e3c3944770a90285ceb58bdbb7ea9351/detection

http://77.105.161.174

# Reference: https://x.com/smica83/status/2020843436132516005
# Reference: https://www.virustotal.com/gui/file/4cd5fb3306dedbb98647a45a311bb686f9082861934a2ea41ff6931af9e48997/detection

h8f8.help
novo.tf
c.novo.tf
ru.h8f8.help

# Reference: https://x.com/smica83/status/2020849393113366935
# Reference: https://www.virustotal.com/gui/file/fe7dd0edd4734a9c605c20d5963d95ebc33da9b3f908c9d62b0f68e125ee12d8/detection
# TITLE-HOST=Envio de Comprovante

bcfl.online
bentwich.press
btnskin.care
cignarella.xyz
diklik.link
dooballth.com
earspasm.link
google-meet-conn.zone
griptape.link
hancockdocs.reviews
imagefly.photo
minitipps.com
mogusa.bio
naxion.live
npa.news
payshope-lojas.com
pdfsmtp.live
pdfwebex.live
peggyeng.land
phs.fyi
proemails.shop
sustainablegreendentistry.education
tara.gives
uliege.link
version1.team

# Reference: https://www.virustotal.com/gui/file/e20831cecd763d0dc91fb39f3bd61d17002608c5a40a6cf0bd16111f4e50d341/detection

188.137.224.145:1998

# Reference: https://www.virustotal.com/gui/ip-address/45.13.212.251/relations
# Reference: https://www.virustotal.com/gui/file/4324946594baf4170b6bedb6dc35bffa8e7b2bc6f41462daa21ca14dedfd4567/detection
# Reference: https://www.virustotal.com/gui/file/af9e031ec40c7c51402a74b1c7a8ad65dcfc3a20e4b57e4b7ad3e9e121278b68/detection

avprog.cc
avservice.cc
avsprog.cc
enixwegemtir.cc
ieservice.cc
lmsevice.cc
msconfig.cc
msprog.cc
mupadete.network
myazbuk.network
mybulk.network
mynext.network
platamy.network
servispro.network
uiservice.cc
winntservice.cc
winservice.cc
xmri.network

# Reference: https://x.com/smica83/status/2022708743968891035
# Reference: https://www.virustotal.com/gui/file/5830c290b366e970c5ea25db9727a8b5df8d3cc62aa7e7756e9eb688d43d78e6/detection

http://159.255.38.19
netip4.ru
secure.netip4.ru

# Reference: https://x.com/YungBinary/status/2022736551575425297

http://64.227.40.197
64.227.40.197:2000
64.227.40.197:4000
64.227.40.197:8080

# Reference: https://x.com/smica83/status/2023454582794580164
# Reference: https://www.virustotal.com/gui/ip-address/195.58.54.229/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.156.27.193/relations
# Reference: https://www.virustotal.com/gui/file/d54ac06c67f53368db393aadce11838019c95c32cba99d90d2efa4219202ace6/detection
# Reference: https://www.virustotal.com/gui/file/0780ad6ecdf92dd6d4c89c5e0cd69ce4b0ef439df54b2fc2c618f0ff39382044/detection
# Reference: https://www.virustotal.com/gui/file/09bb44cba75ce0db212f0c3a0babefbc0c05f97e419a69f1185dc66d4fb7cd1b/detection
# Reference: https://www.virustotal.com/gui/file/24b2f1d434b822133679940445c60347f8ad3bf1c4d22bfb57483fd97f76d338/detection
# Reference: https://www.virustotal.com/gui/file/2dd8712251076c17347c918b434ab4d61c9e91556b0eb9ab7ac9d18aa9afe15e/detection
# Reference: https://www.virustotal.com/gui/file/82a45be3d6b8275a49cf3c5d3aa23af094070d8f2beb51ec78dbea5742ea7570/detection
# Reference: https://www.virustotal.com/gui/file/a0e6035dbf5116e8de48606db01d79c5042ab9ac3d4504bdaf65cc4c55fc6e70/detection
# Reference: https://www.virustotal.com/gui/file/9dd9d17fe59be22e0a53aabfc359e11ff9b6cd717946563429e069e373c93c6a/detection
# Reference: https://www.virustotal.com/gui/file/c53f13b6214aa16d44c12d834dd5bc767b0c23b505fe44309b3f07c72031bcdd/detection
# Reference: https://www.virustotal.com/gui/file/1ac2c21c314bc1554ec0074adeedf1900b6be0da5c07359568c33a5cbd876161/detection
# Reference: https://www.virustotal.com/gui/file/2396e6b1ff979a71f850fa0cb0fcb9d5a6e0b62d02b38057734bf168ee42033b/detection
# Reference: https://www.virustotal.com/gui/file/b806acf8705977eecd3ba84f289bfa89783f62bb142c4aa93d1e2ded37897903/detection
# BANNER_0_HASH-HOST=e6d4903c0194ff264da6a4bb24fc2c54

1cbit-dev.com
cheap-market.online
cheap-zone.online
cosmetic-shop.online
defendcore.online
moscow-media.online

# Reference: https://www.virustotal.com/gui/file/017af94e0bdf6e1377d69055d3fd72ec5d37d8bd776ec6913efe394ab9d65f59/detection

au72nuxzv2.ufs.sh

# Reference: https://x.com/smica83/status/2023453372125180162
# Reference: https://www.virustotal.com/gui/file/0d9be421a3aa0ed86033487a387dc429274d131d4f233e3909fde41bccc2b0c6/detection

brathost.com
tunnel.brathost.com

# Reference: https://x.com/joe4security/status/2023727140546417099
# Reference: https://www.joesandbox.com/joereverser/analysis/download/98fb8a47-bdc0-42b2-919c-3e93138a681b
# Reference: https://www.virustotal.com/gui/file/0ab8c295c929dca7dedb2e8e351251d5917319277ecd06e2103fdeec45f27377/detection

http://206.245.132.218

# Reference: https://x.com/smica83/status/2023824502476673087
# Reference: https://x.com/BlinkzSec/status/2023828979862696275
# Reference: https://www.virustotal.com/gui/file/f9379841a073f7e25db5680b359a9b7ad5a006a23599a55e98569db5e590200b/detection
# Reference: https://www.virustotal.com/gui/file/0d468b15e0a4763a51298e08c83818cfbf3055f24b7809a78da6a9556f9831ac/detection

144.172.88.250:4443

# Reference: https://x.com/malwrhunterteam/status/2021993107978596774
# Reference: https://www.virustotal.com/gui/file/3d901f908bec9bfef6096ea51b1fcc57154dace831bf92caed226201964c0a1a/detection

micros0ft0ffice.com

# Reference: https://www.virustotal.com/gui/file/72b42b0a3f81f87a57de68a85073507e31a2396a7fb43229b4a087aec1d32817/detection
# Reference: https://www.virustotal.com/gui/file/6d42dc19f4b0a8d12316b1956afd3a75aaacefe6ee9a0b1f5a6226514d85d946/detection
# Reference: https://www.virustotal.com/gui/file/675288f2acf488cdae11d6473910ee11407ccaee87e9692d279cd694381f6e30/detection

http://158.94.209.33
http://178.16.53.70
158.94.210.166:9993

# Reference: https://www.malware-traffic-analysis.net/2026/02/02/index.html

144.31.238.37:79
85.137.253.64:3456

# Reference: https://www.virustotal.com/gui/file/38cccab10ce21045978e13c751a14e5fb1ad232e81415428b1a8db4408a737ea/detection

107.152.32.98:3471
fz08eod16.localto.net

# Reference: https://x.com/StrikeReadyLabs/status/1852047416746291350
# Reference: https://x.com/malwrhunterteam/status/2024836827471876304
# Reference: https://x.com/smica83/status/2024838699108753919
# Reference: https://www.virustotal.com/gui/file/4ce0e08f6677e7da973525f5362e45cb633993043d87fb5d25e20c0b4aea0127/detection
# Reference: https://www.virustotal.com/gui/file/b60f13f429513c1dbf646753c2ab4bffeab3b75c9e068ad94c91076f11a50a32/detection
# Reference: https://www.virustotal.com/gui/file/95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09/detection
# Reference: https://www.virustotal.com/gui/file/39b20454efc5821d4f35e1a1ef23d390d522437f8bc314b24ed196fd2fd3cfc0/detection
# Reference: https://www.virustotal.com/gui/file/65f4a9b7ff22f1db6f02457566ad29fce94349912d078c8c8c783cc130423e3e/detection
# BANNER_0_HASH-HOST=059baf7f62c8eab557d8d288756c93cb
# BANNER_0_HASH-HOST=1221b36a56a85b289f1463d7af37ba92

0ds.ru
1t0mptvm.shop
3k8twy1z.quest
3k8twy1z.space
4hlufcwvh.click
ab5bbf18.pro
aviatorsto.com
bpdgqa4vg.cfd
cdn-static.space
desktop.tlgr.org
dofixyo-blog.site
egr.am
flexflowxwy.info
jyaleihx1v.r0zsk4ikk.top
macos.tlgr.org
mindzenithpqr.info
myapiservice.com
ngm1xef.click
ngm1xef.site
onlinetelegram.ru
r0zsk4ikk.site
r0zsk4ikk.top
rowan.im
tkjkcxz.online
tkjkcxz.store
translations.tlgr.org
vlpc9e6.online
xlegic.click
xlegic.rest

# Reference: https://www.virustotal.com/gui/file/8c81e55285c63b7763279d775665232f2cc80a27a536d11f49c65f3521dba898/detection
# Reference: https://www.virustotal.com/gui/file/cf7629829394e2c8e15a85e361255d185338b9903b49bae9e1f722d82f1fbd90/detection
# BANNER_0_HASH-HOST=0705c89622e117284f871e5d3c416e63
# CERT_FINGERPRINT_SHA256-HOST=33af5b7c03c8171d056a4c69810d70fda2941fc553a3a654b37a1b761e413ffd
# CERT_FINGERPRINT_SHA256-HOST=7aa57a0a742e8f7bb69b938434fca9c7d349b35fb25a2950d0d2fac0e275aa67

http://37.77.150.50
http://62.60.226.224
37.77.150.50:443
62.60.226.224:443
62.60.226.224:6000
gatepass-corp.com
go-meet-v3.com
hileburada.com
key-legit.com
steam-cloud.pro
verifi-cation.com

# Reference: https://x.com/smica83/status/2025980750017769491
# Reference: https://www.virustotal.com/gui/file/cff92fae1e6f42acac0a7a206b25469a6fb1414b36306cb74cb2a1f2529cc6d6/detection

http://195.10.205.65

# Reference: https://www.virustotal.com/gui/file/0e4780dd90a355c293a08c5607887b95ba4d7d5bffea1a8df92450dfc08934ea/detection

alphazero1-endscape.cc
alphazero10-endscape.cc
alphazero2-endscape.cc
alphazero3-endscape.cc
alphazero4-endscape.cc
alphazero5-endscape.cc
alphazero6-endscape.cc
alphazero7-endscape.cc
alphazero8-endscape.cc
alphazero9-endscape.cc

# Reference: https://x.com/malwrhunterteam/status/2026251417372049675
# Reference: https://www.virustotal.com/gui/file/73ae9fe72b3340b95e7187cd51de3b7476cfb84aa20b9903cfaff4f1c96a3e01/detection

streamcdn.click

# Reference: https://www.cyberproof.com/blog/fake-captcha-attack-uncovered-clickfix-infostealer-campaign/
# Reference: https://www.virustotal.com/gui/file/1011ba9b0a530ba47ce40d13be2380e0da42507df6ee07f5f566b9d5d3e35acb/detection

http://91.92.240.219
pinmaha.com

# Reference: https://x.com/smica83/status/2026368400381944001
# Reference: https://tria.ge/260224-xesnradz3d/behavioral1

64.91.224.4:4444

# Reference: https://x.com/malwrhunterteam/status/2026412293878157472
# Reference: https://www.virustotal.com/gui/file/7cdc63f6cb960db552cdc88e96315b0dc6a7f1418afa452ae325c197351fa8de/detection

cdn0x.store

# Reference: https://x.com/goldenjackel12/status/2026600098176901247
# Reference: https://x.com/smica83/status/2028783375729721376
# Reference: https://x.com/goldenjackel12/status/2029153659200909471
# Reference: https://www.virustotal.com/gui/file/92962bfa6df48ec0f13713c437af021f4138dc5a419bc92bc8a376d625a6519a/detection
# Reference: https://www.virustotal.com/gui/file/2902cdee050a60c3129b4bb84e74ddda7b129c3473556f689d83609d9a5981a7/detection
# Reference: https://www.virustotal.com/gui/file/3edae7a3502c4c6101911be485f865dbec0072d6af329534bf475f44429fe415/detection
# Reference: https://www.virustotal.com/gui/file/92962bfa6df48ec0f13713c437af021f4138dc5a419bc92bc8a376d625a6519a/detection
# Reference: https://www.virustotal.com/gui/file/27d7a398a58c12093bc49f7144dac2f079232768096d0558c226ea5c53782e29/detection
# Reference: https://www.virustotal.com/gui/file/1d0ea66d347325902e20a12e1f2f084be45d3d6045264e513dcc420b9928013c/detection

/uploads/82WX5GP8CI/
/uploads/A5556OAAN3/
/uploads/AVQB61TVOX/
/uploads/F1OQY9GU84/
/uploads/OKW5RN48ZJ/

# Reference: https://x.com/malwrhunterteam/status/2026641577142112663
# Reference: https://www.virustotal.com/gui/file/63fc8d5144cca9c9454987530e45d627a411e4b5b0e3dddef3e850a8a33cc7f6/detection

http://45.133.73.4
http://87.121.79.25
http://87.121.79.6

# Reference: https://x.com/smica83/status/2026756509057614283
# Reference: https://www.virustotal.com/gui/file/d2ca7d6de6f442d32226ae80271829e9ec78994b5d38f0fc5f382c4659ed29bc/detection

http://5.101.83.47

# Reference: https://x.com/5mukx/status/2026736447181423012
# Reference: https://www.virustotal.com/gui/file/b84cae735e31089c68658e3d12fa8ca438537217204fe0f26b995f3c42b8e974/detection

http://212.118.40.188
dnsprovaiduny.com
pnl8.vercel.app

# Reference: https://x.com/smica83/status/2026964267832856754
# Reference: https://www.virustotal.com/gui/file/5eb0919a29cb127fbd394bd30efcb11d8330afb8ef485da1e7d213795f7833c4/detection
# Reference: https://www.virustotal.com/gui/file/3f4496da61c2f0c4198caa6d81ba40325717f02e5925993b4d1cb7f93623406b/detection
# Reference: https://www.virustotal.com/gui/file/3bfc93e71eb756132354b4a58f2c505e708963fdf5d466b978d12fafcecd3af8/detection

176.124.222.122:7000
176.124.222.122:81
194.33.61.36:7000
194.33.61.36:81
194.33.61.36:82
80.85.241.154:7000
80.85.241.154:81
hui228.ru
khkjhjkhjkhjkhkjkj.com

# Reference: https://x.com/volrant136/status/2027043925819896216
# Reference: https://www.virustotal.com/gui/file/b2e9ef81af6c4686944e5c589d420fc9dffbf9af7afe3e1e913cece273626070/detection

http://162.19.214.220
185.82.202.150:443
162-19-214-220.eyeohost.net
162.19.214.220.sslip.io
apostile.zapto.org
googletranslate.zapto.org
behnam.strangled.net
phoenixnetwork2.xyz

# Reference: https://www.virustotal.com/gui/file/d1bfeeffb9ce99d92afa5d76997222d616214c0df0a12a6099d09d8c94f1a1fa/detection

resistantmusic.shop

# Reference: https://x.com/smica83/status/2027366771783557194
# Reference: https://www.virustotal.com/gui/file/cd973f4aa8d847341e0aac04ca5f4c2e06ae22a8e5ec7dcdbd0d281f3dbc9cc5/detection

eszja.cloud
eszja.net
nav.domains

# Reference: https://www.virustotal.com/gui/file/bf967d084a8397a8e5d18550bbffcb8b4727ee1ca69786b5cc4246326518e0cf/detection

tokenad.io

# Reference: https://www.virustotal.com/gui/file/171eba62ff1726c421e64868ee492710ba274a7f4d5b1ec5e1835431fb0ab0d5/detection
# Reference: https://www.virustotal.com/gui/file/3a15e0ed7f7a7419108511f28c80f1d7670860d8198335d57f4a1d350ff0715f/detection
# Reference: https://www.virustotal.com/gui/file/171eba62ff1726c421e64868ee492710ba274a7f4d5b1ec5e1835431fb0ab0d5/detection

eszja.com
eszjagov.com
nav.eszja.com

# Reference: https://x.com/smica83/status/2028062478416900569
# Reference: https://tria.ge/260301-m2ckyadx3h/behavioral1
# Reference: https://www.virustotal.com/gui/file/06c114d3cb12d582ca255de6fb3c5874502c7f8e33e1a96e0b937fa1e5f8da8d/detection

o-parana.com

# Reference: https://x.com/smica83/status/1980709291695743172
# Reference: https://www.virustotal.com/gui/ip-address/45.130.41.169/relations
# Reference: https://www.virustotal.com/gui/file/07d3fc6fa90d5a34c28fdccd72b39e7b2fead0b58b28102ecc834877558606d8/detection
# Reference: https://www.virustotal.com/gui/file/f4652e66f32ed97c860b2de39665faa7841f3a22688ad77123101c8bc42d5601/detection
# Reference: https://www.virustotal.com/gui/file/73ba4b97e3656bfb21d26004846e8d19ad6d84b24103c6934fb89d79f0a0b85b/detection

150.241.66.66:4444
aye-coding.su
colortune.ru
optimizator-pc.ru

# Reference: https://x.com/smica83/status/2028879285755248987
# Reference: https://www.virustotal.com/gui/file/7bded1d3b08cf42fb9e30a872cafca0ecf31b098c4372234b225cc31e7b7eb94/detection
# Reference: https://www.virustotal.com/gui/file/e15d51f4373e31458edfe4e25d55397d7e26a688c062c44f68fd8a22e9065d8c/detection

89.185.84.13:19347
/axhtymsbrkiems935.css

# Reference: https://www.virustotal.com/gui/file/9eb91bfa5529d3764b65963b255c23fde42358a7d9d7a47cee17d3eda291f597/detection

79.110.49.219:9999

# Reference: https://www.virustotal.com/gui/file/5d5877ecb54df843d7a02e78913af058e8342d723d9e7d088c970dfcbae1a910/detection

rolimons.dev

# Reference: https://www.virustotal.com/gui/file/44617ce5d289a5a8464f78511bbd206c91ad2d23e858d21d5cb14670126dbb34/detection
# Reference: https://www.virustotal.com/gui/file/ee8d8c2f6556e56023f0dd15c604be477207579ba455b750b0c98fa0f44ba0f7/detection

http://46.226.162.174

# Reference: https://x.com/JAMESWT_WT/status/2029119694049878306
# Reference: https://www.virustotal.com/gui/file/4265b06cb89c30c5ab927fec152caf45f40a9c6b598e91b70aef3f3667679b99/detection
# Reference: https://www.virustotal.com/gui/file/47d4c1b4495893f20967cbdc0383e152ab10043cde8d92f6d0d3519c95751ff1/detection
# Reference: https://www.virustotal.com/gui/file/795351e6817a009d98f049a71831fd8d4cb7b44c52c4971ad059419abafb71c1/detection
# Reference: https://www.virustotal.com/gui/file/83062bae9549c9098ed5475ee676f042a7562fd5c616bca36c4779d92b7b0683/detection

http://107.173.143.33

# Reference: https://x.com/suyog41/status/2029094897165451545
# Reference: https://www.virustotal.com/gui/file/33a29949d535a03dcfbd68e1bf31fd8525b7d8823e3e32785a66c65724d9c93b/detection

montarek.com/wp-includes/js/common/src/cart.php
montarek.com/wp-includes/js/common/src/content.php

# Reference: https://x.com/smica83/status/2029293474248311161
# Reference: https://www.virustotal.com/gui/file/6c3a3b0cf41d37f75d3883c26c9dac8fc9b08a4c87ecf719caa6263ea5395e4d/detection

drivesphotos.com

# Reference: https://x.com/malwrhunterteam/status/2029498155998339472
# Reference: https://www.virustotal.com/gui/file/2bb4d8005b666a26e2ae20b6088f121c6b9a192006db6763ed752c372b7a780e/detection

blankeyeo.com

# Reference: https://x.com/smica83/status/2029533280412823991
# Reference: https://www.virustotal.com/gui/file/781c95ee87e5d9f5ab670a3164894a9e78796a2563ee076770eac467ea8b377b/detection

3540000000.xyz
getthishusd.live
dandelionflowerbase.workers.dev
roseflowerbase.workers.dev
my-zip-generator.roseflowerbase.workers.dev
my-zip-generator.dandelionflowerbase.workers.dev
/cz8wl3l.php

# Reference: https://x.com/g0njxa/status/2029555167423553754
# Reference: https://www.virustotal.com/gui/ip-address/185.170.154.125/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.137.198.222/relations
# Reference: https://www.virustotal.com/gui/file/8657a9d36d9432f2a0d2cedc4abb3d34e63cdca83e59f1fa1104483e54457a6a/detection

1hjgew.com
2fhdf.com
3hdrc.com

# Reference: https://x.com/MsftSecIntel/status/2029692931502641528
# Reference: https://www.virustotal.com/gui/file/9445a75b0b44583c7e349fea7dc54c1ccd900f51cfa729a0b1da5a890c34d742/detection
# Reference: https://www.virustotal.com/gui/file/133f7849ff23dbd73ee3e98bf63b3797377f6f36eaedab81f8b5b21f8f34a363/detection
# BANNER_0_HASH-HOST=2d30477af0feb856d542e4790600c0bc
# HEADER_HASH-HOST=fd61b6661c1095159423

berlof.shop
ferlik.shop

# Reference: https://x.com/smica83/status/2029930842596786391
# Reference: https://tria.ge/260306-r2a5bsgw7k/behavioral1
# Reference: https://www.virustotal.com/gui/file/7851d886d5bb344e86893e2d924d0abf86250f18bc559a39da81658098036150/detection
# FAVICON_HASH-HOST=7e74adca29fbd83e2dc64e1ebbe78956

http://196.251.107.12
lianteick.info
ysu-info.am
back.ysu-info.am
login.ysu-info.am
news.ysu-info.am
server.lianteick.info

# Reference: https://x.com/smica83/status/2029992617144934578
# Reference: https://www.virustotal.com/gui/file/6371f599f652fe2126886c487718173008a14bf830d1a1f707201cfcc2e7f552/detection

http://193.238.153.64

# Reference: https://x.com/smica83/status/2029993722880913484
# Reference: https://www.virustotal.com/gui/file/14cfadb8c0154dc1174b0b9af74765f769fad524d17eb2ec494ce02c9a221c8d/detection

http://46.28.70.102

# Reference: https://x.com/BlinkzSec/status/2030109037803556972

http://64.94.54.122

# Reference: https://x.com/smica83/status/2030277803904524733
# Reference: https://www.virustotal.com/gui/file/8e50528cc74404f47377f47b359f650c14791dc04a93e61812a26178498a7637/detection
# Reference: https://www.virustotal.com/gui/file/8ec5cf4b793e2924f6f89c9d5a4f85c080c4ce6e09ffd05fbb0c535c3dc0aff4/detection
# Reference: https://www.virustotal.com/gui/file/6c14d697dbc5dcdc7b17da23e6f2b29a47efc0a09ec011c78469d96d8b226f42/detection

http://150.241.115.97

# Reference: https://x.com/skocherhan/status/2030430046700351866

dialkwik.in

# Reference: https://www.virustotal.com/gui/file/430b69b2268bb1f2f0821c8cf65d648917e1d13fd5c6f945b5830534e1d0e559/detection

http://185.242.3.239
45.150.34.0:443

# Reference: https://threatfox.abuse.ch/browse/malware/js.ether_rat/ (# 2026-03-11)

aurineuroth.com
bermanlawrsk.com
chjunhao.com
palshona.com
wpuadmin.shop

# Reference: https://x.com/neonprimetime/status/2031790156726878488
# Reference: https://x.com/blackorbird/status/2031996220361875770
# Reference: https://github.com/rapid7/Rapid7-Labs/blob/main/IOCs/ClickFix_DoubleDonut_Campaign_IOCs.txt
# Reference: https://www.virustotal.com/gui/file/df8c0e33a2187c687ca0cd16737f0624fb99016b1a059d6d7bae5783e209327e/detection
# Reference: https://www.virustotal.com/gui/file/84e2cf93a2a6e98742799c1ef026f53648a2488ef123f4fe747fb71e90680537/detection
# Reference: https://www.virustotal.com/gui/file/60b6688c4c49bbe063437c16a8d1186234e86b8e8edc84d6c20bd84c55468648/detection
# Reference: https://www.virustotal.com/gui/file/211d050854578e8b858354d9f0178d349348a88b0eafd12c7540f08404b06064/detection

158.94.210.166:5555
178.16.55.40:5555
198.251.89.239:27767
applicationhost17.com

# Reference: https://x.com/smica83/status/2032038115250979244
# Reference: https://www.virustotal.com/gui/file/ec7f0d5da376591878b9bcd908e06e7d0e90176ecd99e41577167e29e47d40e4/detection

http://80.71.224.185

# Reference: https://x.com/smica83/status/2032056040443781477
# Reference: https://www.virustotal.com/gui/file/bf46a2c78fc8679f3cf6494c3078dfefc2cff29d2ab200d7300751dc38933e70/detection
# Reference: https://www.virustotal.com/gui/file/e2fa0b30bc6b4ee575f25b2f00ded2eb12e54edd1b6f80c04b55d86c42e588e7/detection

80.253.251.8:5225
80.253.251.8:5997
80.253.251.8:7122

# Reference: https://x.com/blackorbird/status/2031996220361875770
# Reference: https://github.com/rapid7/Rapid7-Labs/blob/main/IOCs/ClickFix_DoubleDonut_Campaign_IOCs.txt

http://45.61.148.118

# Reference: https://x.com/BlinkzSec/status/2032199678893166811

http://185.23.238.149

# Reference: https://thehackernews.com/2026/03/investigating-new-click-fix-variant.html

94.156.170.255:443

# Reference: https://www.virustotal.com/gui/file/da268456fb574f66952046aef9217cee9a85a69ab9915e38c17bbac9d46c84f1/detection

a2africa.com

# Reference: https://www.virustotal.com/gui/file/649761b463b5a8ee0397ab1292214baa5fb41551abffabbc227d58e2317cb94b/detection

sjrhs.org

# Reference: https://www.virustotal.com/gui/file/6ba8cad8cbd71ddcbf2708fa838f566985a8976d680886d89da949b0c29141d6/detection

103.240.146.232:1337

# Reference: https://www.virustotal.com/gui/file/fe521a59ea91252440a744c709ffce10aa9bde3199348105e54067c650ccea12/detection

190.97.165.119:1337

# Reference: https://x.com/g0njxa/status/2033231931362463750
# Reference: https://www.virustotal.com/gui/file/60171e71774630b9f5c824e2a4ee4742aff1461e0c1910395430ba1592c469cd/detection

foxkids.us

# Reference: https://isc.sans.edu/diary/32796
# Reference: https://www.virustotal.com/gui/ip-address/159.65.191.64/relations
# Reference: https://www.virustotal.com/gui/file/95937e99d4a8f433a5c21aacc71f6ddb4c8513690444d0bb9628c531c7348ec0/detection

forcebiturg.com
hilarylooren.com

# Reference: https://x.com/JAMESWT_WT/status/2033631054926393541
# Reference: https://app.any.run/tasks/9af568c0-b9be-4625-b97e-c69b86fecf3d
# Reference: https://tria.ge/260221-2ety2aez3d/behavioral1
# Reference: https://tria.ge/260201-sfg67aev3h/behavioral1
# Reference: https://www.virustotal.com/gui/file/6079ea3491929e7669cafc986d7118699eb3ac13659da96e60558788c9f4d225/detection
# Reference: https://www.virustotal.com/gui/file/8fc9e924a4d74ea5d836809d043bdc0aedf4f9213532eed33cdc48c3246dcb29/detection
# BANNER_0_HASH-HOST=320c8fb5acb87c0f96f7f1a5726832c5
# BANNER_0_HASH-HOST=d07251599d7618b1dec6e6bdedc7f65f
# BODY_SHA1-HOST=c10194989c8b2e971bbb580d0681639464867522

cloudflare.report
kentuckyfiredepartment.com
rewardgoldshop.com
srv1455238.hstgr.cloud
mail.srv1455238.hstgr.cloud

# Reference: https://x.com/smica83/status/2033913634972135878
# Reference: https://www.virustotal.com/gui/file/86c1000216fd6015aed5c21c88dc962943d7a04d7e1be770a7fa62bcbf367235/detection

87.120.219.222:41292

# Reference: https://x.com/malwrhunterteam/status/2034004347630006501
# Reference: https://tria.ge/260317-zd98hsbx8l/behavioral1
# Reference: https://www.virustotal.com/gui/file/dabfd4c52271a9324f773dda53ed70f1117da979e20d152479b9e8815729a48e/detection

weatherchecker.live
api.weatherchecker.live

# Reference: https://x.com/smica83/status/2034374314657542395
# Reference: https://www.virustotal.com/gui/file/16b8310d44a5a0c96539cca1eb04396020337e7a6f9b97ebc5ee12739b87f13a/detection

http://151.243.109.239

# Reference: https://x.com/JAMESWT_WT/status/2034313979468685765
# Reference: https://www.virustotal.com/gui/file/8f2cedfae722350505db1e134f08861d703fc8ee3780641233ed615559078e2c/detection

captcha-verification-module.com

# Reference: https://x.com/BlinkzSec/status/2034013249138462876
# Reference: https://www.virustotal.com/gui/file/e63b6b875326bad1c16a3b079e02a83daf2c73a5c5bccc67a891b6de6c09d84f/detection
# Reference: https://www.virustotal.com/gui/file/5aa0098ca107f74ce5f4708be60ab0edd476b1757abd01150f4908e1d2a7e1f6/detection

http://156.233.71.230
156.233.71.230:443
156.233.71.230:8080
megoo.duckdns.org
megooo.duckdns.org
slashxx.duckdns.org

# Reference: https://x.com/smica83/status/2034623318892908862
# Reference: https://www.virustotal.com/gui/file/5b9bf7957a9f8869c87ace1a6d76b48e2623073e72739ad0636b5dfa4bb2e0c3/detection

zynaris.com
zynaris.io

# Reference: https://x.com/SinghSoodeep/status/2034625833847972088
# Reference: https://www.virustotal.com/gui/ip-address/185.177.239.78/relations
# Reference: https://www.virustotal.com/gui/file/5605c95b7b94c0e39f82ff6dcea00acd92b995bda9706c3304ffa708d75a3d41/detection
# Reference: https://www.virustotal.com/gui/file/689d38aa455c64a1ae36e08f2531e97622aed9eb1e955639620ebb1966f34759/detection
# Reference: https://www.virustotal.com/gui/file/fb2494856aa3b7c8c5ab8c52ce732a170f4bee25faaaa47d3ff9f2092f125601/detection

bokphotguest.pro
dsfsdperfume-fr.com
sadsadasdasdfgd.com
zloapobikahy23.bond

# Reference: https://x.com/FatzQatz/status/2034846071369998693
# Reference: https://www.virustotal.com/gui/file/7e9171fa04a9019727f31dfb23e735cfc63daf01788cfaeb809705e926173ac4/detection

fix-bkg.com

# Reference: https://www.virustotal.com/gui/file/fae7374cff7d9fc2ec2d30405175b8171c680713aba8853e34a4d91cd085e638/detection

http://144.31.47.76
developerstation.live
securesslconnect.cfd

# Reference: https://www.virustotal.com/gui/file/75749c315f39faf32ab6758f3c1cb0cc992150ab4a3e841a3afc5679bb639ab1/detection

zonawood.org

# Reference: https://x.com/smica83/status/2036395637067956443
# Reference: https://tria.ge/260324-mjcg8ahz8n/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/45.94.47.164/relations

clearvoyage.digital
ecs-ent-aff-mgr.in.net
3cc1deb7404a7e9b.ecs-ent-aff-mgr.in.net

# Reference: https://github.com/cert-orangecyberdefense/cti/tree/main/cancoillotte
# Reference: https://www.virustotal.com/gui/ip-address/176.96.137.225/relations
# Reference: https://www.virustotal.com/gui/file/9ddded16af4820654a43fb73d2f6b676640776a3017ea0cfdb34f42fefbd5d4b/detection

cloudsynn.com
support.cloudsynn.com
myservice.webredirect.org
mylog.webredirect.org
apexlegends.org

# Reference: https://x.com/smica83/status/2037108149790949680
# Reference: https://www.virustotal.com/gui/file/a97ca0675c4b21a23d20f49f5511e47ba658f676bdc5ec4121d6a3ec279c3bf8/detection

khanieteam.com

# Reference: https://www.virustotal.com/gui/file/dfc90251e7cd5e45ba01b9a9fd088ef27451bb5433f7e670a33375083f9dd5e8/detection

ascom.company

# Reference: https://www.virustotal.com/gui/file/5f85e5741c2acbdf28622b3ae538c0fbe9014b20232313cda1d9fa6fc83566e5/detection

pub-6d532b12105b49bd96b29361979b87a1.r2.dev

# Reference: https://x.com/smica83/status/2037466834656477265
# Reference: https://www.virustotal.com/gui/file/4647707f5c01c2e8135d2bf95860422144d29fa36d83543a34a283b44a27e1b7/detection

http://146.185.239.36

# Reference: https://x.com/smica83/status/2037478589147316229
# Reference: https://tria.ge/260327-ml7q5ses3n/behavioral1

vmi3176001.contaboserver.net
ajozivuvezoqehet.workers.dev
foxv101.ajozivuvezoqehet.workers.dev

# Reference: https://x.com/smica83/status/2037480084026634530
# Reference: https://www.virustotal.com/gui/file/81d93004a02a455af01b0f709e34d5134108ec350f9391dc0f91a00a54998590/detection

http://169.40.135.35

# Reference: https://x.com/smica83/status/2037493544059830380
# Reference: https://www.virustotal.com/gui/file/7689fe3be975ad8d33e0b81b540990d858209e215cd0faccd8ffa82102dd5bd0/detection

http://80.71.224.97

# Reference: https://x.com/smica83/status/2037935379475509527
# Reference: https://tria.ge/260328-vbqzmshz6j/behavioral1

144.172.88.60:4443

# Reference: https://x.com/JAMESWT_WT/status/2038493345794625886
# Reference: https://app.any.run/tasks/4f57659f-bf16-4a82-affd-650181e760bf
# Reference: https://www.virustotal.com/gui/file/a241d95bfbd5998e27297059dc219826aca22c638862dd86d63f68ef33ed1cc6/detection

agdosve.com

# Reference: https://x.com/smica83/status/2038390573803954501
# Reference: https://www.virustotal.com/gui/file/9a00be0feb068d2b75cadbc2ab503dfc0105d355e065cc41f2b75433bef0b910/detection

thegodhand.cc

# Reference: https://x.com/smica83/status/2038582887696486866
# Reference: https://tria.ge/260330-nt22asc16w/behavioral1
# Reference: https://www.virustotal.com/gui/file/e8d5395ed8fb773f0f3aecffb4c0bc964bf1e1b602ecb14651f9471cf2b36601/detection

shop-discount.xyz

# Reference: https://x.com/JAMESWT_WT/status/2038618749658333225
# Reference: https://app.any.run/tasks/d74ffe00-ede6-4980-8cad-d20ee8cdeafe
# Reference: https://www.virustotal.com/gui/file/a6cde37cfd8b9621536ba6a9ced64f248978f0793b1a4fe7929cc3e535738d3e/detection
# Reference: https://www.virustotal.com/gui/file/fc88b233b5723886758932d74fffd3e58b528b6dfe328c16bec581ecdd452fa8/detection

mlbkn.com

# Reference: https://x.com/smica83/status/2038603886030660036
# Reference: https://www.virustotal.com/gui/file/7ffbbc1a13dd7042fb0c1f5677c67ad4b3b9c209043e6dfd5a254949ce0bc0c9/detection

investndms.com

# Reference: https://x.com/smica83/status/2038917700974465387
# Reference: https://www.virustotal.com/gui/file/3c03f964492dbdcfdbf1fe7b4cfc990fecb5e5e71bfdb578f66ad36dc4adea0d/detection

172.111.138.100:1990
dropmb.com/api/shares/RKGB/files/0ca73971-de65-44a4-bf2e-121e9a077133

# Reference: https://x.com/suyog41/status/2036730635759522109
# Reference: https://www.virustotal.com/gui/file/3cfb245c57351778297e0fcaf6349cc04825153210530213e10dd681bb6acbb9/detection

http://3.120.243.70

# Refereence: https://www.virustotal.com/gui/file/154193e63ac4a577d609d0b8ef99417d8c2fd6c62bf307d6a733f29c295322b5/detection
# HEADER_HASH-HOST/IP=b0108234541230ad6a56

http://140.82.18.48
http://144.31.130.8
http://144.31.54.243
http://162.33.178.253
http://185.218.19.117
http://192.109.200.151
http://193.233.82.43
http://193.58.122.229
http://194.48.141.192
http://45.135.180.200
http://45.137.99.253
http://45.151.106.88
http://45.87.249.51
http://85.192.27.152
http://89.208.107.4
http://94.26.90.100

# Reference: https://x.com/ShanHolo/status/2041417789483708689
# Reference: https://www.virustotal.com/gui/file/7766ba103dc56f1f6c0ee9fadeb0cfe79327a3264863dbed25dd7f37d9abe04a/detection

grcoil.net
mail.grcoil.net

# Reference: https://www.virustotal.com/gui/file/37721e6b938293cab3193367c9f53226baef67eb3b233c76aef376ad0ca42106/detection

48.222.9.8:3000

# Reference: https://x.com/smica83/status/2041247019721781650
# Reference: https://www.virustotal.com/gui/file/2a0af4ecd6bf09b3fefd1c0c5a2e973bd6aee7877934cf80d3fb5c8bf0108810/detection
# Reference: https://www.virustotal.com/gui/file/5b314814e08ac5d6cd6e0c3e73c284293c7c24d5ab9da8cc0c9de2a0839f9db5/detection
# Reference: https://www.virustotal.com/gui/file/66c063b5112c25c57ccd9ae20280ba746b9f4db660cba03cc7fbed08b3efcd78/detection
# Reference: https://www.virustotal.com/gui/file/9935ba4462fbbbe35c6cc878fc2bb062a9f0d6b4b5e3be32d25c060588373343/detection

http://163.5.102.98

# Reference: https://www.virustotal.com/gui/file/18f79e4032e8ad64ac4c25aed4f2e9e6e510582d45a6126b9184a307a9ca480a/detection
# Reference: https://www.virustotal.com/gui/file/68829f1aaf370b9199d3b3ceb90ddb1516caef6582369aa4ca1740c7d617de70/detection

91.196.32.232:8080
91.196.32.232:8081
91.196.32.232:8082
91.196.32.232:8089
91.196.32.232:8443

# Reference: https://x.com/smica83/status/2041798500216603002
# Reference: https://www.virustotal.com/gui/file/6bf08a076e1698fe4ea8686d7b17570ac1c1d550eb05efa6b732a3d941d55161/detection

http://163.5.102.97

# Reference: https://www.virustotal.com/gui/file/db983813be5b9d7243ddfd3bc7ca3ab5e462f8b50571c250e91414ba1f5cbf30/detection

129.213.9.74:1338

# Reference: https://x.com/SinghSoodeep/status/2042911118633640322
# Reference: https://www.virustotal.com/gui/file/a1abbc1e0f2595aa946a5378984516f6fd8746009ba8299f92107914ca082c08/detection

april-dateroom.com

# Reference: https://x.com/smica83/status/2043042341439648160
# Reference: https://tria.ge/260411-x76q3saz4y/behavioral1

visapics.info

# Reference: https://intel.breakglass.tech/post/refundonex-shadow-panel-phaas
# Reference: https://www.virustotal.com/gui/file/790bef4e5600628de41967e51bbe809a19b5c1a562fa93c5d67a062e753f442e/detection
# BANNER_0_HASH-HOST=2078c4f152e739fec5a5f7797941f655
# CLASS_0_HASH-HOST=fde243e6a975affaef8a40df2cd382af

4b.refundonex.com
87-121-52-72.cprapid.com
a-amp.tarafbetgunceladres.com
amp.betcisikayet.com
amp.betesbetkayit.com
amp.mistycasinogirisi.com
amp.nisanbetkayit.com
amp.poliwingirisadresi.com
amp.slotdaygirisi.com
amp.sonbahissikayet.com
amp.suratbetgirisi.com
amp.vadicasinogirisi.com
amp.winbiradresi.com
amp.yedibahiskayit.com
api.mycloudhat.com
api.topcloudz.com
api.wintestwin.xyz
app.nisanbetkayit.com
armazendanet6.com
betcisikayet.com
betesbetkayit.com
ct.betesbetkayit.com
dashboard.seogur.com
documetos10.armazendanet6.com
documetos2.armazendanet6.com
documetos3.armazendanet6.com
documetos4.armazendanet6.com
documetos6.armazendanet6.com
documetos7.armazendanet6.com
documetos8.armazendanet6.com
documetos9.armazendanet6.com
fasttrackm.com
files.mycloudhat.com
files.wintestwin.xyz
fl.yedibahiskayit.com
ge.suratbetgirisi.com
ilktahmin.com
inst.refundonex.com
j2.sonbahissikayet.com
mail.fasttrackm.com
mistycasinogirisi.com
mycloudhat.com
new.nisanbetkayit.com
nisanbetkayit.com
notafiscal2.sortebetsp.com
pj.mistycasinogirisi.com
poliwingirisadresi.com
refundonex.com
s5.poliwingirisadresi.com
sendysafe.com
slotdaygirisi.com
snaplast.duckdns.org
sonbahissikayet.com
suratbetgirisi.com
systemup.xyz
tarafbetgunceladres.com
topcloudz.com
tv.tarafbetgunceladres.com
vadicasinogirisi.com
winbiradresi.com
winsystemup.xyz
wintestwin.xyz
winup.su
winupdate.xyz
yedibahiskayit.com

# Reference: https://x.com/nahamike01/status/2043130248422895857

xt24.com

# Reference: https://x.com/smica83/status/2043058814656581649

photodocvault.info
safedocs-hub.info

# Reference: https://x.com/muha2xmad/status/2043705339263021107
# Reference: https://www.virustotal.com/gui/ip-address/178.16.52.101/relations
# Reference: https://www.virustotal.com/gui/file/7258f4a2cca516541ea58fc46c66d4eacc23245635abe4c9b9283bd96c84458f/detection

http://178.16.52.101
ai-nexora.sbs
all-imager-hst.click
bnnsbdsdn-js.beer
bnsclod.beer
capcha-cdn-js.beer
cdn-2faclov.sbs
cdn-plugin-js.beer
cdn-yethounds.beer
cgfuryclaud.shop
clnsdns.beer
cloud-save-image.sbs
dncloteam.beer
dreff-nsdns.beer
exdanteam.beer
ghdnsserverns.beer
js-server.beer
jsframeworkns.beer
l3cdnns.beer
lcates-vs.beer
lckcdnjs.beer
lenteam.beer
lndteam.beer
localcloudcss.sbs
mandare.life
mnoskemp.beer
neiwteamcdn.beer
nexus-server.click
nsservclod.beer
polygon-date.beer
rpc-cloud.beer
rpc-polygon.beer
sdhscndnssl.beer
sdnssmdf-js.beer
siteamnsserv.beer
smnsdns.beer
ssg-cdn.beer
sssndns.beer
stabcdnvlc.beer
store-image.shop
str-smcontrcats.cfd
teamcss.beer
tiffanydanley.com
verification-cdn-cloud.beer
virtual-cdncloud.sbs
vnmdnns.beer
vnmstokns.beer
vsactivens.beer
vsbnsbootstrup.beer
winecdn.sbs
workcdnmass.beer
wpteamcdn.beer

# Reference: https://x.com/malwrhunterteam/status/2043768375109697772
# Reference: https://x.com/smica83/status/2047243460424442266
# Reference: https://urlscan.io/result/019d8c4d-569f-7462-a591-563ff8921013/
# Reference: https://tria.ge/260413-x3jqrahz8x/behavioral1
# Reference: https://www.virustotal.com/gui/file/996db74a739c17a3d0ecd2f50cf523dfcbed497c27c1cb9f622f02519db2d6d5/detection

http://188.137.255.66
188.137.255.66:4444

# Reference: https://x.com/smica83/status/2044135255955710208
# Reference: https://www.virustotal.com/gui/file/ee3d776cdaf82335e4293e19ee313cc35eee49cde9963b96766a8f9c89d44a79/detection

45.138.16.64:5443
45.138.16.64:8041
legitserver.theworkpc.com

# Reference: https://x.com/smica83/status/2043767357328212281
# Reference: https://www.virustotal.com/gui/file/8c9bd82cd489bb95827d3653ae3cfa3ab9879a35e16ef47855265c333198d09f/detection

http://169.40.135.119

# Reference: https://x.com/smica83/status/2044836948032827759
# Reference: https://www.virustotal.com/gui/file/80b875df61fac83d0ff878b6dce5ce67db88c397522e6f6a7ccae5bf882eef0d/detection

154.36.180.151:8080

# Reference: https://x.com/smica83/status/2045129620295426127
# Reference: https://www.virustotal.com/gui/file/ea4185ea31e4dd826262d615176bc2eee5457e3a1967dc5902dc267d514f622a/detection

visaphoto-secure.info

# Reference: https://x.com/smica83/status/2045239389987463288
# Reference: https://www.virustotal.com/gui/file/f6b1f7b24b1a8e11ed93f906a5fa6dee63de357b9034317efcc14bb44b7c68a8/detection

photo-vaultdocs.info

# Reference: https://x.com/Fact_Finder03/status/2045385067695067529
# Reference: https://www.virustotal.com/gui/file/666af211d57c35c445124d04554e84a3a21b76f063cde388c7553c61a44c0da7/detection

117.53.47.247:4444

# Reference: https://x.com/smica83/status/2045618350131171824
# Reference: https://www.virustotal.com/gui/file/1718af5379aee7f59fb0c808177abe8f0269b4a8a469b59ee70ad508596c0aac/detection

heliosup.info

# Reference: https://www.virustotal.com/gui/file/5398dfa9b21d13c9881b8775353022160a05f203b981432c15d0d7ca17e2eb54/detection

157.20.182.25:1917
lastmin1917.dynuddns.com

# Reference: https://x.com/smica83/status/2046542314240147473
# Reference: https://www.virustotal.com/gui/file/22374d7c9634ab4e35c6860ad77c7137fb3553004a86a50ee120b665ee81f1b2/detection

http://146.185.239.43

# Reference: https://x.com/smica83/status/2046544556603150503
# Reference: https://x.com/JAMESWT_WT/status/2046551624286388355
# Reference: https://www.virustotal.com/gui/file/0c3d64b1310fe9ce85aae9f250dcb9bca38141dfa7b0f17e0408c6a204dc1846/detection
# Reference: https://www.virustotal.com/gui/file/85935099e5616c7c63c6d49c307d15abd1333f8cab69f9c20eb328962f1cb383/detection

docshub-secure.com

# Reference: https://x.com/smica83/status/2046662085837308179
# Reference: https://www.virustotal.com/gui/file/7d1abbdb866dff61ad7cb8c0ba58812b026d29b19a3045bd968bffd72b7e7328/detection

acbcr.ro/wp-content/update.ps1

# Reference: https://x.com/smica83/status/2047035460770312508
# Reference: https://tria.ge/260422-x6a8saax7t/behavioral1
# Reference: https://www.virustotal.com/gui/file/5816b746b3a6d5546fb2b16169b1ad7824fd200eb28d20542f7a2d21ea7ad902/detection

virtually-milwaukee-manuals-kits.trycloudflare.com

# Reference: https://x.com/smica83/status/2047240990591680806
# Reference: https://www.virustotal.com/gui/file/2011979e934b0e2b9ded9a03240605db298077e1eceb8591b8be27485ce1378a/detection

http://193.169.194.39

# Reference: https://x.com/smica83/status/2047316034114183459
# Reference: https://tria.ge/260423-rfxffaew2p/behavioral1

quote-texas-son-manufactured.trycloudflare.com

# Reference: https://x.com/smica83/status/2048702700435411434
# Reference: https://www.virustotal.com/gui/file/8610470c9152baa063b98267eb5f21c1480f9af70cc49fe50aafd2d6e985ea45/detection

lesoulkir.info

# Reference: https://x.com/malwrhunterteam/status/2048722660113178659
# Reference: https://www.virustotal.com/gui/file/f24eb3afaf390222d910b8a42b22c83ab9470fe0492b3316917e068560611985/detection

http://104.164.55.223
104.164.55.223:443

# Reference: https://x.com/smica83/status/2049221402163544167
# Reference: https://www.virustotal.com/gui/file/6e5507c1676b4f41f5eac58b880edd2fb47a584602205710e3db80a3529fc7f8/detection

http://138.201.128.249

# Reference: https://x.com/malwrhunterteam/status/2049458253243810069
# Reference: https://www.virustotal.com/gui/file/3e76abacebd37b694ab9e31fe305e0732e1c3cce4cce3ef236f36fbb85e33958/detection

139.162.162.66:4444
chatcamic.com
sagi.chatcamic.com
sagiw.chatcamic.com

# Reference: https://www.virustotal.com/gui/file/29b3bf1e7d596572c877a095b31d054c8e6ed9002bc698a8a152bd96a0a1b0e5/detection
# BANNER_0_HASH-HOST=93ef7a6b197fb5a1cdd09f63cb03c2ad

bandage.healthydefinitetrunk.com
bethub.world
cherrymixtureinstrument.com
dungeon.playerdragonbike.com
healthydefinitetrunk.com
sailor.monc.eu.org
surgery.healthydefinitetrunk.com
theoryviraleliminate.com

# Reference: https://www.virustotal.com/gui/file/25fd94e5f0685db3c1166895b2ec03c75e77ca9ef684dd5f53703e50256de69f/detection
# Reference: https://www.virustotal.com/gui/file/ffda4f894ca784ce34386c52b18d61c399eb2fc8c9af721933a5de1a8fff9e1b/detection

aftermaths-attraction.com
couturellin.com

# Reference: https://www.virustotal.com/gui/file/9d73708210344e7e9d367878a9b25bc11ff27f4440a961d20c8fe1843c04b535/detection

7bx4zjh14m.ufs.sh

# Reference: https://x.com/smica83/status/2049807978866368670
# Reference: https://tria.ge/260430-pqw7bahz7m/behavioral1

dryer-totals-xbox-beautiful.trycloudflare.com

# Reference: https://x.com/smica83/status/2050317116532781453
# Reference: https://www.virustotal.com/gui/file/517b97394fdb1c1bdc8703d28e018f254f062abf63384800f864b3325db06fa4/detection

accommodate-barely-parents-wma.trycloudflare.com

# Reference: https://x.com/smica83/status/2050316052337192967
# Reference: https://www.virustotal.com/gui/file/c3320971eee2022f51e8496b5daae69946526cbf8478434bdcc74af81c1699e0/detection

departure-protocol-pursuit-instructors.trycloudflare.com

# Reference: https://www.virustotal.com/gui/file/01586d4e2572909873585d09ed226fdf65dc7f20560454e0331aba7940822e40/detection

http://5.8.18.95

# Reference: https://x.com/smica83/status/2050651892431151207
# Reference: https://x.com/smica83/status/2051631729874464931
# Reference: https://www.virustotal.com/gui/file/2a9d3bb7fe42cb3fe8df5347f6e92a5f770d13d9d2b5dd47d3e09f7f8a2acd3d/detection
# Reference: https://www.virustotal.com/gui/file/b2a8540d1bd0a51ed3300d04e48460922df21aa297c0d4e258fa07b0a314b060/detection

1dtw009857n4.workers.dev
2311207078.workers.dev
4r5krsvhbivg.workers.dev
acropont.com
admbooked.pro
adogilololoshka.workers.dev
ahmed-abdula-ahmed.workers.dev
albumcyclistgroped.pages.dev
almadrasa.es
alomhuakopo5.cfd
anisatunkuriyahbaby.workers.dev
appartnet-client.com
armorsales.com
armoursales.com
ashleydbeverly.workers.dev
asoiunguya.click
atxdl.com
b55113232.workers.dev
bearace.info
bergsteel.info
bew212sa.pro
bookedadmpanel.pro
booklng-extranet-panel46719.click
booklng-extranet-panel51638.click
booklng-extranet-panel74813.click
booklng-extranet-panel94813.click
booklng-panelconflrm.com
booklnpanel-appartment.com
bookphotogrou.pro
bookphotohot.pro
brass-iq.app
brass-iq.com
btc-orvix-9.com
btc-str.io
bullswoolpark.com
burninglife.info
cakevm.workers.dev
cameorflame.com
canonisationtravel.com
cccczh80.workers.dev
chelmsfordfarmersmarket.org
cheng0905.sbs
chinese-methodist-school-north-point.workers.dev
cirugiasegura.pages.dev
cirugiasegura01.workers.dev
confirmation-618.com
confirmation-id446.com
confirmation-id557.com
conflrm-appartner.com
conflrmation-bookpanel.com
cupi2107.workers.dev
czh2.pages.dev
dadtuy2w4hp5.workers.dev
dancebeat.info
darkshouse.info
dashgamein.info
dashwake.info
ddd07sniper02.workers.dev
deeprace.info
delwiriter.info
deminestryuid.info
denemands.info
derbyoni.info
derbyonly.info
details-id583019.info
deusaffort.com
deutschecasinosliste.de
devil666new6zt6k.workers.dev
doc-hot-line.workers.dev
doc-safevault.info
docs-id317824.com
docstore-safe.info
docvault-pro.info
dotexe.site
drive-sharefiles.info
dynamo-tr.com
echecktrac.com
eiserman.ca
elliottobrien.com
emmanuelstleonardsdachurch.org
erifakd391lsja.com
erisdfgd531lsja.com
eurbpvfo.workers.dev
ewo24.biz
ezetombacapo.workers.dev
fanxiaoqin.site
fegnhel.info
feofila-yakovleva-2002.workers.dev
finksload.info
flyvirtual.pages.dev
form614312.icu
galabauhuber.de
gameclickerhub333.info
goshoptok.com
guestphotohot.pro
gymgala2024.be
harujajl928.pro
hegliocap.info
heliosdue.info
helthfulcore.info
honosleak.info
hyperoleplay.com
ichyadevid.workers.dev
icv-commerce.com
icvcommerce.com
id10321435revrse-confrlm-panel.com
id3702579photo-image-docs.com
id454354335revrse-confrlm-panel.com
id454354735revrse-confrlm-panel.com
id645283-photo-doc.com
id90321435revrse-confrlm-panel.com
id90321455revrse-confrlm-panel.com
identification-file56739.info
ieltsprepx.com
image-id512389-docs.com
image-id62814media.com
imagevault-safe.info
integrativeinsightpress.lat
jdskl139sla.com
jdsklksall213sa.com
jeffstimp.info
jekqjsdo129dks.com
jelaursoq.info
jenkstry.info
johnson7988.cc.cd
joincroud.info
jokesnites.info
jokesprite.info
jonler.workers.dev
justhandsoff.info
kafekiskeya.com
kelopins.info
kentjerk.info
kerryglow.info
keybest.info
kfc360.com
kinderandkids.com
kiptownim.info
kirpingoes.com
klassniylink124.com
kskvcnqi281osf.com
laranjafrutagostosa.cfd
lestresot.info
lifelinehaircare.com
logadmbookauth.com
lookinlip.info
loyaljust.info
loyalrecipents.info
mcclatchietreeandlawn.com
mdzisan77e.workers.dev
meltingroact.com
menstrace.info
metabiblia.blog
mev-rip.pages.dev
minimalism.edu.kg
ministrew.info
my-documents.info
mybote.workers.dev
mydocs-id21784.info
myfile-id51937.info
mystic-forge-studios.pages.dev
mytun666.pages.dev
nabava-cda.workers.dev
ninetyfriend.com
nium-90d.workers.dev
nodeworks.ru
omegagases.info
online-turkce.lat
ourhistory.pages.dev
outoftopg.com
pafikabupatenindragirihilir.org
partner-conflrmpanel.com
partnerbookconflrm.com
pevajoy.online
photo-7216102.click
photo-7216302.sbs
photo-7216382.info
photo-doc-id2503.com
photo-id53641297.info
photo-id5631894.com
photo-id5839271.com
photo-vault.info
photo549270-mydocs.com
photobokviol.pro
photochanelbook.pro
photodoc-secure.info
photoguestadm.pro
photoguesthis.pro
photosafe-hub.info
photovault-hub.info
picture-fileid2026.info
pin-haoke.cc
pllabs.com.ar
plus1688.xyz
pr-460.workers.dev
prejointl.info
pro-gardeners.com
procammoescul.blog
profayle-help.bond
prog4923.workers.dev
property-help.bond
property-helpdesk.info
purrnmg.workers.dev
racestrech.info
readme.team
reallytimes.com
recallnine.info
recepyman.info
recovery-id-768521745.com
recovery-id-768580245.com
recovery-id-768861745.com
redkeyeye.info
reliancedetection.com
richkemp.info
runtucc.qzz.io
runtuyuming.workers.dev
rvbands.com
sad5345tsa.workers.dev
safe-docs.info
safeimage-vault.icu
safephoto-vault.info
safevault-hub.info
sannadkmtr.workers.dev
sasha1003ch.workers.dev
secure-docs-hub.info
secure-guestfiles-id51984.info
secure-imagehub.info
secure-visa.info
securedoc-photos.info
securedocs-hub.info
securephoto-hub.info
securepic-hub.info
share-2rr.pages.dev
societyplus.app
soma-tech-hub.pages.dev
somatech-admin.workers.dev
somatech.pages.dev
sonosusa.shop
sp2smalaysia.com
speakup-server.com
speakuphome.com
spenlifes.info
spotproject.org
stats-channel-2026.info
support-booking.bond
support-reserve.bond
sybunucagy.pro
tamjd.workers.dev
team-ai.uk
techsaltm.site
testphoto.icu
txhash.io
uosagas.pages.dev
variousnum.info
vault-visapics.info
vaultphoto-hub.online
ver903asa.info
vergously.info
verification-id287.com
verification-id341.com
verification-id389.cc
verification-id487.com
verification-id558.com
verification-id711.com
verification-id717.com
verificationid-3891.com
verifkgsdfk23js.com
verkaspo21.com
vers392sd.pro
video-secure.info
vijayaraj.blog
vilentravel.com
virkso.com
visa-photohub.icu
visa-safedocs.info
visa-vault.info
visadoc-hub.info
visaimage-storage.icu
vixew71482.workers.dev
vlt-docs.info
vmcloud.pages.dev
web-sveltekit.pages.dev
websp2smy.workers.dev
willam7988.workers.dev
win9yat-cheung.workers.dev
xeniominb.info
y5its5mxmv.workers.dev
zeeferg.com
zenfiusa.com
zinalyze.pro

# Reference: https://x.com/smica83/status/2050634797790208217
# Reference: https://www.virustotal.com/gui/file/d05f508ede3043cf30f993b135a07904967129219466a7cc11cd39e9041b973f/detection

zango.usite.pro

# Reference: https://www.virustotal.com/gui/file/722c517095fc8ede2c96a67fba4cecc32ae941c9b30c3085f1c210257fbcc358/detection

25dec754.shop

# Reference: https://x.com/g0njxa/status/2051780533823139928
# Reference: https://app.any.run/tasks/7583b22d-f73f-4d12-94d3-7c1ad5fb3f2d

http://162.33.179.149
http://45.61.136.94
http://64.95.10.14
http://64.95.12.238
http://64.95.13.76

# Reference: https://x.com/malwrhunterteam/status/2052129467691098259
# Reference: https://www.virustotal.com/gui/file/13b72da65d7a04921ff519ca36f01b09a4e18991f8a3e933b993040d5067de95/detection

http://108.165.123.10
108.165.123.10:7777
kjisaclab.abrdns.com

# Reference: https://x.com/smica83/status/2052336400792510619
# Reference: https://www.virustotal.com/gui/file/4a0edbbe5490182f27e930552cfda973f77c581bb6be1467d0087682e2d6e2f1/detection

http://193.169.194.40

# Generic

/Posh_v2_dropper_x64.exe
/Posh_v4_dropper_x64.exe
/poshc2+user.txt
