# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: shadowhammer, shadowpad, apt41, apt-c-41, double dragon, earth baku, earth baxia, lowkey, AXIOMATICASYMPTOTE, RedEcho, xianggang, eagerbee, toughprogress, ta415, voldemort

# Reference: https://securelist.com/operation-shadowhammer/89992/

asushotfix.com

# Reference: https://twitter.com/ydklijnsma/status/1110220766778286080
# Reference: https://twitter.com/ydklijnsma/status/1110189880313692160

homeabcd.com
simplexoj.com

# Reference: https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/

103.19.3.17:443
103.19.3.43:443
103.19.3.44:443
103.19.3.44:1194
117.16.142.9:443
23.236.77.175:443
23.236.77.177:443
infestexe.com

# Reference: https://content.fireeye.com/apt-41/rpt-apt41
# Reference: https://otx.alienvault.com/pulse/5d4ae9f31ae8a479422a17ab

agegamepay.com
ageofwuxia.com
ageofwuxia.info
ageofwuxia.net
ageofwuxia.org
bugcheck.xigncodeservice.com
byeserver.com
dnsgogle.com
gamewushu.com
gxxservice.com
ibmupdate.com
infestexe.com
kasparsky.net
linux-update.net
macfee.ga
micros0ff.com
micros0tf.com
notped.com
operatingbox.com
paniesx.com
serverbye.com
sexyjapan.ddns.info
symanteclabs.com
techniciantext.com
win7update.net

# Reference: https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html
# Reference: https://www.virustotal.com/gui/ip-address/67.229.97.229/relations

http://67.229.97.229
67.229.97.229:5985
67.229.97.229:9999

# Reference: https://www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html
# Reference: https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/
# Reference: https://otx.alienvault.com/pulse/5da5eaab4516e8056a6d59fb

checkin.travelsanignacio.com

# Reference: https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
# Reference: https://otx.alienvault.com/pulse/5e7b4a11d552fbcfce6c314d
# Reference: https://twitter.com/sysgoblin/status/1237054973579583489 (# CVE-2020-10189)

http://66.42.98.220
http://91.208.184.78
66.42.98.220:12345
74.82.201.8:12345
91.208.184.78:443
accounts.longmusic.com
dylerays.tk
exchange.dumb1.com

# Reference: https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/
# Reference: https://otx.alienvault.com/pulse/5e95c0d3d12068d29f538338
# Reference: https://www.virustotal.com/gui/ip-address/66.42.98.220/relations

http://66.42.98.220
66.42.98.220:12345
119.28.139.20:443
alibaba.zzux.com
exchange.longmusic.com

# Reference: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/shadowpad-novaya-aktivnost-gruppirovki-winnti/ (Russian, # ShadowPad IOC)

ertufg.com
filename.onedumb.com
info.kavlabonline.com
ncdle.net
trendupdate.dns05.com
ttareyice.jkub.com
unaecry.zzux.com
yandex2unitedstated.dns04.com

# Reference: https://www.trendmicro.com/en_us/research/20/i/u-s--justice-department-charges-apt41-hackers-over-global-cyberattacks.html
# Reference: https://otx.alienvault.com/pulse/5f650a34fabdf2c7bf7a7616

http://104.233.224.227

# Reference: https://vblocalhost.com/uploads/VB2020-Lunghi-Horejsi.pdf (# Cluster 2)

ashcrack.freetcp.com
heatidc.com
infrast.ygto.com
notify.serveuser.com
platform.freetcp.com
reply.ygto.com
tripmerry.com

# Reference: https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf

arestc.net
icefirebest.com
mongolv.com
pneword.net

# Reference: https://blog.macnica.net/blog/2020/11/dtrack.html
# Reference: https://otx.alienvault.com/pulse/5fc12f0ec26699f8ccd97838

mail.gietriangle.org/public/src3.png
tastygoodness.net
ussainc.org

# Reference: https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf
# Reference: https://otx.alienvault.com/pulse/603d0dcc0a0f44e375d16c62/

escanavupdate.club
indrails.com
ixrails.com
ntpc-co.com
pandorarve.com
ptciocl.com
ubuntumax.com
websencl.com
indianrailway.hopto.org
indrra.ddns.net
inraja.ddns.net
modibest.sytes.net
railway.sytes.net
railways.hopto.org
astudycarsceu.net
indiasunsung.com
shipcardonlinehelp.com
smartdevoe.com

# Reference: https://blog.group-ib.com/colunmtk_apt41
# Reference: https://otx.alienvault.com/pulse/60c34510bd6707ce53355efc

colunm.tk
cs.colunm.tk
ns1.colunm.tk
ns2.colunm.tk
service.dns22.ml
server04.dns04.com
service04.dns04.com

# Reference: https://content.fireeye.com/apt41-jp/rpt-apt41-jp
# Reference: https://otx.alienvault.com/pulse/610cf675620c3a10851e62d0

backdoor.apt.photo

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/BB_APT41.json

isbigfish.xyz

# Reference: https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/

dbhubspi.com
glbaitech.com
kinopoisksu.com
necemarket.com
dev.kinopoisksu.com
holdmem.dbhubspi.com
m.necemarket.com
mb.glbaitech.com
ns.glbaitech.com
st.kinopoisksu.com

# Reference: https://www.mandiant.com/resources/apt41-us-state-governments

milli-seconds.com
queryip.cf
time12.cf
viewdns.ml
winsproxy.com
work.viewdns.ml
workers.viewdns.ml
work.queryip.cf
cdn.ns.time12.cf
east.winsproxy.com
afdentry.workstation.eu.org
ns1.entrydns.eu.org
subnet.milli-seconds.com

# Reference: https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41
# Reference: https://otx.alienvault.com/pulse/615da9a8e2c277e1749757c3

assistcustody.xyz
chaindefend.bid
defendchain.xyz
isbigfish.xyz
mircosoftdoc.com
zalofilescdn.com
microsoftbooks.dns-dns.com
ns.mircosoftdoc.com

# Reference: https://www.mandiant.com/resources/apt41-us-state-governments

down-flash.com
microsoftfile.com
libxqagv.ns.dns3.cf

# Reference: https://www.mandiant.com/resources/mobileiron-log4shell-exploitation
# Reference: https://otx.alienvault.com/pulse/6244606893ddbc9a6a5bbdeb
# Reference: https://www.virustotal.com/gui/file/fb091547c42fcd5917283b3a79ee86e7388d57789327289d6d357e71ae28ddff/detection

103.224.80.44:8080
103.242.133.48:44322
103.242.133.48:8085
198.13.40.130:2222
note.down-flash.com
111111.note.down-flash.com
2f2640fb.dns.1433.eu.org
335b5282.dns.1433.eu.org
d5922235.dns.1433.eu.org

# Reference: https://twitter.com/0xrb/status/1509396448387153920
# Reference: https://www.virustotal.com/gui/file/536def339fefa0c259cf34f809393322cdece06fc4f2b37f06136375b073dff3/detection

43.129.188.223:10333
longlifetrump.com

# Reference: https://otx.alienvault.com/pulse/624ff0af271429d152b5a27e

greatsong.soundcast.me
supermarket.ownip.net
supership.dynv6.net

# Reference: https://documents.trendmicro.com/assets/white_papers/wp-earth-baku-an-apt-group-targeting-indo-pacific-countries.pdf
# Reference: https://otx.alienvault.com/pulse/613b110f3e005c40fe57317d

dns224.com
mssetting.com
twitterproxy.com
microsofthelp.dns1.us
ns.cloud01.tk
ns.cloud20.tk
ns1.extrsports.ru

# Reference: https://twitter.com/AltShiftPrtScn/status/1519840040637157378
# Reference: https://www.virustotal.com/gui/file/d2d927e7cdb804c416e70e41290453a7902420894b5cb17fdb688e9ee7943b13/detection

138.68.61.82:444

# Reference: https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
# Reference: https://otx.alienvault.com/pulse/6270f28cc2cfb0f83fe7b211

farisrezky.com
freewula.strangled.net
gfsg.chickenkiller.com
greenhugeman.dns04.com
pic.farisrezky.com
szuunet.strangled.net
final.staticd.dynamic-dns.net

# Reference: https://blog.group-ib.com/apt41-world-tour-2021
# Reference: https://otx.alienvault.com/pulse/630615f326d4b91e473170fe

delaylink.tk
socialpt2021.club
cs16.dns04.com
newimages.socialpt2021.tk

# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments
# Reference: https://otx.alienvault.com/pulse/632082a05037fdffef98dcb4
# Reference: https://www.virustotal.com/gui/file/c48e1ff27b6386dadd7a8b696c00b0b96d27dffc8ee5df393765ba538c272c11/detection

27.124.17.222:443

# Reference: https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html
# Reference: https://github.com/carbonblack/active_c2_ioc_public/blob/main/shadowpad/shadowpad_202210.tsv

http://149.127.176.12
http://149.127.176.14
http://164.155.51.9
http://38.54.4.48
http://45.79.122.225
http://65.21.57.12
103.120.82.243:443
103.133.139.23:443
103.133.139.29:443
103.138.82.202:443
103.138.82.215:443
103.143.73.116:443
103.151.229.130:443
103.151.229.139:443
103.151.229.35:443
103.151.229.74:443
103.209.233.172:443
103.231.14.171:443
103.254.75.140:443
103.27.108.20:443
103.27.109.182:443
103.56.19.113:443
103.56.19.157:443
103.56.19.42:443
103.93.76.135:443
107.155.50.198:443
116.204.134.123:443
120.79.8.23:443
134.122.134.140:443
134.122.188.187:443
137.220.185.203:443
137.220.53.224:443
137.220.55.36:443
139.180.188.58:443
139.180.193.182:443
14.18.191.150:443
149.127.176.12:443
149.127.176.14:443
149.127.176.22:443
149.28.151.244:53
152.32.133.68:443
152.32.139.128:443
154.201.144.60:443
154.215.96.211:443
154.38.118.107:443
156.240.104.115:443
156.240.104.149:443
156.240.107.248:443
158.247.202.188:443
163.197.32.39:443
163.197.34.109:443
167.179.78.160:443
167.179.78.160:53
167.71.236.226:443
172.105.36.249:443
173.254.227.204:443
185.207.155.146:443
188.116.48.62:443
193.239.191.95:443
211.239.213.13:443
213.59.118.124:443
38.54.4.48:443
38.55.223.221:443
43.129.188.223:443
45.134.1.74:443
45.137.10.3:443
45.32.102.50:443
45.32.121.100:443
45.32.248.92:443
45.76.152.71:443
45.76.152.71:53
45.77.169.228:443
45.77.250.209:443
45.77.252.157:443
5.181.4.59:443
61.97.248.72:443
65.21.57.12:443
66.42.60.66:443
8.136.179.117:443
8.208.94.94:443
85.9.26.104:53
92.38.135.71:443
95.85.67.48:443

# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi/IOCs-hack-the-real-box-apt41-new-subgroup-earth-longzhi.txt
# Reference: https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html
# Reference: https://otx.alienvault.com/pulse/636d814b3faea55b00ea98b8
# Reference: https://www.virustotal.com/gui/file/f8fa90be3e6295c275a4d23429e8738228b70693806ed9b2f482581487cb8e08/detection
# Reference: https://www.virustotal.com/gui/file/76998c3cef50132d7eb091555b034b03a351bd8639c1c5dc05cf1ea6c19331d9/detection
# Reference: https://www.virustotal.com/gui/file/4bc4d2ad9b608c8564eb5da5d764644cbb088c2f1cb61427d11f7b2ce4733add/detection

http://139.180.138.226
http://47.108.173.88
139.180.138.226:8000
47.108.173.88:8098
47.108.173.88:8099

# Reference: https://community.emergingthreats.net/t/daily-ruleset-update-summary-2022-11-11/149

ymvh8w5.xyz
c.ymvh8w5.xyz

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/APT-hunting/hunting-cobaltstrike-beacons-in-the-dark.pdf
# Reference: https://www.virustotal.com/gui/ip-address/185.14.29.72/relations

schememicrosoft.com
aliyun.com.co
microport.com.cn
microsoftbooks.dynamic-dns.net
microsoftdocs.dns05.com
microsoftonlineupdate.dynamic-dns.net
ns.microsoftdocs.dns05.com

# Reference: https://twitter.com/r3dbU7z/status/1605356770330828802
# Reference: https://twitter.com/jaydinbas/status/1605532948480000002
# Reference: https://www.virustotal.com/gui/file/867e8902612f9e9a390fc667ffd53343e324c8c677c12dcbca4e1b9f14b0e461/detection

43.229.155.42:8000
43.229.155.38:8443
google-au.ga
cdn.google-au.ga

# Reference: https://go.recordedfuture.com/hubfs/reports/cta-2023-0330.pdf 

adobe-cdn.org
akamaixed.net
dl-flash.tk
linuxupdate.info
microsoftcontents.com
portomnail.com
tcplog.com
xxe.pw
a.linuxupdate.info
aejava.ddns.net
aejva.ddns.net
aone.ddns.net
back.rooter.tk
box.xxe.pw
chrome.down-flash.com
cloudat.ddns.net
cloudcat.ddns.net
dash.tcplog.com
dns.xxe.pw
down.xxe.pw
down1.linuxupdate.info
down2.linuxupdate.info
exchange.openmd5.com
exchange.portomnail.com
fonts.google-au.ga
gknbm.ddns.net
help.down-flash.com
help.tcplog.com
js.down-flash.com
jsj1.linuxupdate.info
lemonupdate.ddns.net
linux.down-flash.com
linuxupdate.ddns.net
ltupdate.ddns.net
mail.xxe.pw
mirros.microsoftcontents.com
mirros3.linuxupdate.info
mm.portomnail.com
n2.xxe.pw
ns1.xxe.pw
ns2.xxe.pw
officecdn-microsoft-com.akamaixed.net
proxy.xxe.pw
q.xxe.pw
q2.xxe.pw
q4.xxe.pw
qq.xxe.pw
static.adobe-cdn.org
static.tcplog.com
transcom.ddns.net
twnoc.ddns.net
updatenew.servehttp.com
vbnmob.ddns.net
volleyball.ddns.net
vpnmobupdate.ddns.net
x.xxe.pw
xxe.linuxupdate.info
yunchat.ddns.net

# Reference: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
# Reference: https://www.virustotal.com/gui/file/38e18d79b83e7c0afbe1ac246a7a5fe6b2783adc085e9aeb2ec610e76f5ccaad/detection

116.205.4.18:33889
121.42.149.52:8002
andropwn.xyz
win10micros0ft.com
alxc.tbtianyan.com
dns.win10micros0ft.com
huaxin-bantian.duckdns.org
smiss.imwork.net

# Reference: https://twitter.com/tiresearch1/status/1688843159265325056

ap.philancourts.com
atomiclampco.com
closeby.coupons
ftp.gulliverwear.com
gulliverwear.com
news.revecontopsy.com
securityhealthservice.com
test.dagnelie.fr
test.securityhealthservice.com

# Reference: https://twitter.com/tiresearch1/status/1689173376487849984

bulkyservice.info
mexicobulk.info
kdalpqwx312dwjbb.leopard2.com
mta0.bulkyservice.info
mta0.mexicobulk.info
ns1.bulkyservice.info
ns2.bulkyservice.info
ns2.mexicobulk.info
server.mexicobulk.info

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/

120.25.0.139:8443
193.36.117.21:443
219.141.161.65:443
47.94.196.131:444

# Reference: https://stairwell.com/resources/security-alert-enrichment-shadowpad-variants/
# Reference: https://www.virustotal.com/gui/file/48ac2ca316e636109524e72c771afc7e4592f0a6c1de827985aa090f17b98879/detection

rtxwen.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-10-13)

http://103.113.8.225
http://103.113.8.232
http://104.233.160.81
http://104.233.161.173
http://107.150.124.43
http://107.173.63.250
http://112.213.109.121
http://112.213.109.131
http://112.213.109.141
http://114.29.254.126
http://114.29.254.17
http://114.29.254.201
http://114.29.254.94
http://143.92.52.130
http://143.92.52.133
http://143.92.52.137
http://149.28.25.119
http://154.26.153.129
http://154.84.23.116
http://156.234.169.19
http://158.247.239.102
http://16.162.44.42
http://182.16.60.150
http://185.161.209.2
http://194.37.97.132
http://198.135.48.10
http://20.214.1.160
http://207.148.97.160
http://3.112.45.157
http://38.47.116.103
http://38.47.123.94
http://38.54.50.224
http://43.135.1.200
http://43.242.34.23
http://43.255.28.190
http://45.63.65.123
http://45.77.157.245
http://5.255.88.185
http://54.249.142.61
http://61.238.103.165
http://63.141.237.100
http://63.141.237.208
http://64.44.184.105
http://72.18.215.38
http://8.218.191.58
http://8.218.234.216
http://96.9.211.159
101.99.94.142:443
103.106.202.158:8443
103.106.202.163:8443
103.113.8.225:443
103.113.8.225:53
103.113.8.225:8080
103.113.8.232:443
103.113.8.232:8080
103.146.231.2:443
103.68.193.225:8443
103.94.76.115:81
103.94.76.163:443
104.208.73.38:53
104.233.161.173:53
104.233.161.173:8080
104.37.175.64:443
107.150.124.43:53
107.173.63.250:21
112.213.109.121:443
112.213.109.121:53
112.213.109.131:443
112.213.109.131:53
112.213.109.141:443
112.213.109.141:53
122.254.94.69:8000
124.220.78.199:8443
13.208.47.9:443
139.84.163.79:443
139.84.163.79:8080
139.84.163.79:8443
143.92.52.130:12345
143.92.52.130:21
143.92.52.130:443
143.92.52.130:53
143.92.52.130:8000
143.92.52.133:21
143.92.52.133:443
143.92.52.133:8000
143.92.52.137:21
143.92.52.137:443
143.92.52.137:53
143.92.52.137:8000
143.92.56.71:10000
149.28.145.25:443
154.19.70.222:8000
154.19.70.222:8080
154.19.70.94:65000
154.84.23.116:12345
154.84.23.116:21
154.84.23.116:443
154.84.23.116:8000
156.234.169.19:443
156.234.169.19:8080
156.234.211.149:8080
158.247.222.2:21
158.247.222.2:53
158.247.222.2:8443
158.247.239.102:443
165.84.180.74:443
180.178.42.34:65000
180.178.42.35:65000
180.178.42.38:65000
182.16.60.150:443
182.16.60.150:53
182.16.60.150:8080
185.161.209.2:443
192.236.195.253:443
193.37.59.246:443
194.37.97.132:443
198.135.48.10:443
20.210.134.241:443
202.182.115.238:443
208.72.153.162:8080
208.85.21.210:443
216.83.41.111:443
216.83.41.112:443
216.83.41.113:443
38.45.120.138:12345
38.45.120.139:12345
38.45.120.140:12345
38.45.120.141:12345
38.45.120.142:12345
38.47.116.103:443
38.47.123.94:443
38.47.220.183:65000
38.47.221.162:12345
38.47.221.86:443
38.54.50.224:443
38.54.50.224:53
38.54.50.224:8080
38.60.217.198:443
43.135.1.200:443
43.135.1.200:8080
43.154.29.157:12345
43.242.34.23:443
45.63.65.123:443
45.74.41.38:21
45.74.6.174:443
45.76.110.175:443
45.76.110.175:8080
45.76.213.19:443
45.76.213.19:8080
45.77.157.245:443
5.253.36.199:443
54.249.142.61:8080
64.44.184.105:21
78.141.208.113:443
8.218.234.216:443
8.218.234.216:8080
96.9.211.159:21
96.9.211.159:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-10-26)

http://103.158.190.167
http://103.255.118.149
http://103.255.118.150
http://103.51.110.5
http://104.194.129.178
http://104.233.167.99
http://118.193.56.234
http://124.126.116.7
http://139.180.193.182
http://149.202.45.103
http://149.28.157.235
http://149.88.75.49
http://156.236.114.202
http://158.247.202.188
http://158.247.203.58
http://158.247.213.14
http://165.154.227.192
http://167.179.108.149
http://173.199.123.205
http://198.13.42.128
http://216.128.177.23
http://38.60.217.40
http://45.76.189.91
http://45.77.244.237
http://46.17.103.152
http://5.252.178.38
http://64.176.47.148
http://95.174.24.213
http://95.85.91.50
101.99.88.70:4443
103.146.231.40:44444
103.146.231.40:55555
103.22.255.14:8002
103.43.19.239:443
103.51.110.5:443
104.194.129.178:443
104.194.129.178:44444
104.194.129.178:53
111.203.154.198:8002
111.203.154.199:8002
112.94.221.4:8002
112.95.159.90:443
113.98.238.83:443
114.255.80.175:8002
120.236.186.153:8002
121.201.64.100:38002
121.32.27.111:8002
124.126.116.6:8002
124.126.116.7:8002
124.133.230.153:8002
128.14.105.245:443
134.122.189.25:443
134.122.189.25:53
134.122.189.32:443
139.180.193.182:8080
139.180.217.229:443
139.59.29.27:443
141.164.62.87:8443
144.202.27.95:8443
146.185.219.33:443
146.185.219.33:8443
146.70.157.115:8080
146.70.157.115:8081
146.70.157.115:8443
148.66.50.42:4443
148.66.50.43:4443
149.202.45.103:443
149.202.45.103:8080
149.202.45.103:88
149.88.75.49:443
149.88.75.49:53
152.32.133.68:8088
154.7.64.133:44444
154.7.64.169:44444
156.236.114.202:443
156.236.114.202:53
158.247.202.188:53
158.247.202.188:995
158.247.241.217:18443
158.247.241.217:443
158.247.241.217:8443
16.163.146.134:8443
165.154.227.192:443
165.154.227.192:8080
173.199.123.205:443
18.193.11.42:8083
183.162.222.8:8002
183.236.220.4:8002
192.71.26.55:443
194.165.59.120:443
207.148.120.140:993
216.128.177.23:443
217.12.206.194:443
218.3.254.252:44444
220.248.252.114:8002
220.248.252.114:8012
3.19.1.60:8083
3.219.38.25:8083
3.84.66.152:8083
36.255.221.118:44444
36.255.221.118:58443
38.54.20.187:443
39.96.58.23:8084
39.96.58.23:8883
45.76.217.11:443
45.77.244.237:443
45.77.244.237:8080
46.17.103.152:443
46.17.103.152:8080
46.17.103.152:8081
46.17.103.152:88
46.246.98.47:443
47.242.188.74:4443
5.252.178.38:443
5.252.178.38:8080
5.252.178.38:8081
5.78.83.190:443
64.176.37.149:443
64.176.37.149:8080
64.176.58.84:443
77.72.85.16:443
77.72.85.16:8080
77.72.85.16:8081
77.72.85.16:88
8.218.212.77:8080
8.219.186.164:443
88.119.169.116:443
88.218.192.21:443
95.179.217.17:443
95.85.91.50:443
95.85.91.50:53

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-20)

http://103.97.176.121
http://109.123.230.56
http://16.163.142.128
http://167.179.98.155
http://175.27.191.226
http://203.69.170.86
http://207.148.120.140
http://38.54.84.31
http://45.67.230.185
http://45.86.162.190
103.56.19.158:993
103.97.176.121:443
103.97.176.121:8080
112.121.187.179:12345
13.115.129.191:8080
13.208.47.9:53
154.204.24.244:65000
154.7.64.210:44444
158.247.202.188:993
158.247.253.206:443
165.154.233.32:1024
175.27.191.226:21
175.27.191.226:443
185.189.241.155:53
185.189.241.155:8080
185.189.241.159:443
185.189.241.159:53
185.189.241.186:443
185.189.241.186:53
185.189.241.208:53
185.189.241.208:8080
203.69.170.86:21
203.69.170.86:443
207.148.120.140:443
207.148.120.140:995
209.58.190.167:32443
34.92.77.165:443
43.230.161.205:12345
45.67.230.185:443
45.74.6.148:8443
45.74.6.188:21
95.174.24.213:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-23)

http://37.120.247.29
101.132.147.163:8002
106.52.128.236:12340
106.52.128.236:8443
106.52.243.150:12340
118.126.107.95:12340
119.29.143.243:12340
119.29.143.243:8443
119.29.165.74:12340
119.29.165.74:8443
119.29.249.227:12340
119.29.249.227:8443
119.29.73.94:12340
119.29.73.94:8443
119.29.8.235:12340
119.29.8.235:8443
119.29.84.169:12340
120.233.114.145:22000
120.233.114.145:22001
120.233.114.145:22002
120.233.114.145:22003
120.233.114.145:22004
120.233.114.145:22005
120.233.114.145:22006
120.233.114.145:22007
120.233.114.212:22000
120.233.114.212:22001
120.233.114.212:22002
120.233.114.212:22003
120.233.114.212:22004
120.233.114.212:22005
120.233.114.212:22006
120.233.114.212:22007
122.114.18.100:12340
122.114.18.103:12340
122.114.18.103:22350
122.114.18.104:12340
122.114.18.106:12340
122.114.18.106:22350
122.114.18.107:12340
122.114.18.107:22350
122.114.18.108:12340
122.114.18.108:22350
122.114.18.109:12340
122.114.18.109:22350
122.114.18.111:12340
122.114.18.111:22350
122.114.18.112:12340
122.114.18.112:22350
122.114.18.113:12340
122.114.18.113:22350
122.114.18.114:12340
122.114.18.115:12340
122.114.18.115:22350
122.114.18.116:12340
122.114.18.116:22350
122.114.18.119:12340
122.114.18.119:22350
122.114.18.120:12340
122.114.18.120:22350
122.114.18.123:12340
122.114.18.123:22350
122.114.18.124:12340
122.114.18.124:22350
122.114.18.19:12340
122.114.18.19:22350
122.114.18.22:12340
122.114.18.22:22350
122.114.18.25:12340
122.114.18.25:22350
122.114.18.26:12340
122.114.18.26:22350
122.114.18.27:12340
122.114.18.27:22350
122.114.18.30:12340
122.114.18.30:22350
122.114.18.31:12340
122.114.18.31:22350
122.114.18.32:12340
122.114.18.32:22350
122.114.18.35:12340
122.114.18.35:22350
122.114.18.38:12340
122.114.18.38:22350
122.114.18.39:12340
122.114.18.39:22350
122.114.18.42:22350
122.114.18.43:12340
122.114.18.43:22350
122.114.18.44:12340
122.114.18.44:22350
122.114.18.46:12340
122.114.18.46:22350
122.114.18.47:12340
122.114.18.47:22350
122.114.18.49:12340
122.114.18.49:22350
122.114.18.50:12340
122.114.18.50:22350
122.114.18.52:12340
122.114.18.52:22350
122.114.18.53:12340
122.114.18.53:22350
122.114.18.54:12340
122.114.18.54:22350
122.114.18.55:12340
122.114.18.55:22350
122.114.18.57:12340
122.114.18.57:22350
122.114.18.58:12340
122.114.18.58:22350
122.114.18.59:12340
122.114.18.59:22350
122.114.18.62:12340
122.114.18.62:22350
122.114.18.64:12340
122.114.18.64:22350
122.114.18.65:12340
122.114.18.65:22350
122.114.18.66:12340
122.114.18.66:22350
122.114.18.68:12340
122.114.18.68:22350
122.114.18.74:12340
122.114.18.74:22350
122.114.18.75:12340
122.114.18.75:22350
122.114.18.76:12340
122.114.18.76:22350
122.114.18.77:12340
122.114.18.77:22350
122.114.18.78:12340
122.114.18.78:22350
122.114.18.79:12340
122.114.18.79:22350
122.114.18.7:12340
122.114.18.7:22350
122.114.18.83:12340
122.114.18.83:22350
122.114.18.85:12340
122.114.18.85:22350
122.114.18.87:12340
122.114.18.87:22350
122.114.18.88:12340
122.114.18.88:22350
122.114.18.89:12340
122.114.18.89:22350
122.114.18.90:12340
122.114.18.90:22350
122.114.18.91:12340
122.114.18.91:22350
122.114.18.94:12340
122.114.18.94:22350
122.114.18.96:12340
122.114.18.96:22350
122.114.18.97:12340
122.114.18.97:22350
122.114.18.98:12340
122.114.18.98:22350
122.9.125.150:8000
122.9.125.150:8001
122.9.125.150:8002
122.9.125.150:8003
122.9.125.150:8004
122.9.125.150:8005
122.9.125.150:8006
122.9.125.150:8007
123.207.16.103:12340
129.204.202.169:12340
139.199.155.188:1235
139.199.166.208:12340
139.199.166.208:8443
139.199.72.163:12340
139.199.72.163:8443
139.199.83.96:12340
192.109.119.100:443
193.200.16.184:443
37.120.247.29:443
37.120.247.29:8080
43.153.63.174:12340

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-25)

http://103.146.230.153
103.146.230.153:443
106.14.196.21:8000
106.14.196.21:8001
106.14.196.21:8002
106.14.196.21:8003
111.230.31.215:1235
114.116.237.206:8000
114.116.237.206:8001
114.116.237.206:8002
114.116.237.206:8003
114.116.237.206:8004
114.116.237.206:8005
114.116.237.206:8006
114.116.237.206:8007
117.78.9.251:8000
117.78.9.251:8001
117.78.9.251:8002
117.78.9.251:8003
117.78.9.251:8004
117.78.9.251:8005
117.78.9.251:8006
117.78.9.251:8007
118.89.62.61:12340
119.29.170.82:1235
119.3.157.2:8000
119.3.157.2:8001
119.3.157.2:8002
119.3.157.2:8003
119.3.157.2:8004
119.3.157.2:8005
119.3.157.2:8006
119.3.157.2:8007
119.3.164.101:8000
119.3.164.101:8001
119.3.164.101:8002
119.3.164.101:8003
119.3.164.101:8004
119.3.164.101:8005
119.3.164.101:8006
119.3.164.101:8007
120.233.114.141:22000
120.233.114.141:22002
120.233.114.141:22003
120.233.114.141:22004
120.233.114.141:22005
120.233.114.141:22006
120.233.114.141:22007
120.233.114.144:22000
120.233.114.144:22001
120.233.114.144:22002
120.233.114.144:22003
120.233.114.144:22004
120.233.114.144:22006
120.233.114.144:22007
120.233.114.146:22000
120.233.114.146:22001
120.233.114.146:22002
120.233.114.146:22003
120.233.114.146:22004
120.233.114.146:22005
120.233.114.146:22007
120.233.114.156:22000
120.233.114.156:22001
120.233.114.156:22002
120.233.114.156:22003
120.233.114.156:22004
120.233.114.156:22005
120.233.114.156:22006
120.233.114.156:22007
120.233.114.161:22000
120.233.114.161:22001
120.233.114.161:22002
120.233.114.161:22003
120.233.114.161:22004
120.233.114.161:22006
120.233.114.161:22007
120.233.114.167:22000
120.233.114.167:22001
120.233.114.167:22002
120.233.114.167:22003
120.233.114.167:22004
120.233.114.167:22005
120.233.114.167:22006
120.233.114.167:22007
120.233.114.169:22000
120.233.114.169:22001
120.233.114.169:22002
120.233.114.169:22003
120.233.114.169:22004
120.233.114.169:22005
120.233.114.169:22007
120.233.114.171:22000
120.233.114.171:22001
120.233.114.171:22002
120.233.114.171:22003
120.233.114.171:22004
120.233.114.171:22005
120.233.114.171:22006
120.233.114.171:22007
120.233.114.177:22000
120.233.114.177:22001
120.233.114.177:22002
120.233.114.177:22003
120.233.114.177:22004
120.233.114.177:22005
120.233.114.177:22006
120.233.114.177:22007
120.233.114.182:22001
120.233.114.182:22002
120.233.114.182:22004
120.233.114.182:22005
120.233.114.182:22006
120.233.114.182:22007
120.233.114.187:22001
120.233.114.187:22002
120.233.114.187:22003
120.233.114.187:22004
120.233.114.187:22005
120.233.114.187:22006
120.233.114.187:22007
120.233.114.190:22000
120.233.114.190:22001
120.233.114.190:22002
120.233.114.190:22003
120.233.114.190:22004
120.233.114.190:22005
120.233.114.190:22006
120.233.114.190:22007
120.233.114.204:22000
120.233.114.204:22001
120.233.114.204:22003
120.233.114.204:22004
120.233.114.204:22005
120.233.114.204:22007
120.233.114.210:22000
120.233.114.210:22001
120.233.114.210:22002
120.233.114.210:22003
120.233.114.210:22004
120.233.114.210:22005
120.233.114.210:22006
120.233.114.210:22007
120.233.114.214:22000
120.233.114.214:22001
120.233.114.214:22002
120.233.114.214:22003
120.233.114.214:22004
120.233.114.214:22005
120.233.114.214:22006
120.233.114.214:22007
120.233.114.215:22000
120.233.114.215:22001
120.233.114.215:22002
120.233.114.215:22003
120.233.114.215:22004
120.233.114.215:22005
120.233.114.215:22007
120.233.114.218:22001
120.233.114.218:22002
120.233.114.218:22003
120.233.114.218:22004
120.233.114.218:22005
120.233.114.218:22006
120.233.114.218:22007
120.233.114.225:22000
120.233.114.225:22001
120.233.114.225:22002
120.233.114.225:22003
120.233.114.225:22004
120.233.114.225:22005
120.233.114.225:22006
120.233.114.225:22007
120.233.114.226:22000
120.233.114.226:22001
120.233.114.226:22002
120.233.114.226:22004
120.233.114.226:22005
120.233.114.226:22006
120.233.114.226:22007
120.233.114.235:22000
120.233.114.235:22001
120.233.114.235:22002
120.233.114.235:22003
120.233.114.235:22004
120.233.114.235:22005
120.233.114.235:22006
120.233.114.235:22007
120.233.114.237:22001
120.233.114.237:22003
120.233.114.237:22004
120.233.114.237:22006
120.233.114.237:22007
120.233.114.242:22000
120.233.114.242:22001
120.233.114.242:22003
120.233.114.242:22004
120.233.114.242:22005
120.233.114.242:22006
120.233.114.242:22007
120.233.114.243:22000
120.233.114.243:22001
120.233.114.243:22003
120.233.114.243:22004
120.233.114.243:22005
120.233.114.243:22006
120.233.114.243:22007
120.233.114.244:22000
120.233.114.244:22002
120.233.114.244:22003
120.233.114.244:22004
120.233.114.244:22005
120.233.114.244:22006
120.233.114.244:22007
120.46.141.88:8000
120.46.141.88:8001
120.46.141.88:8002
120.46.141.88:8003
120.46.141.88:8004
120.46.141.88:8005
120.46.141.88:8006
120.46.141.88:8007
120.46.152.197:8000
120.46.152.197:8001
120.46.152.197:8002
120.46.152.197:8003
120.46.152.197:8004
120.46.152.197:8005
120.46.152.197:8006
120.46.152.197:8007
120.46.157.112:8000
120.46.157.112:8001
120.46.157.112:8002
120.46.157.112:8003
120.46.157.112:8004
120.46.157.112:8005
120.46.157.112:8006
120.46.157.112:8007
121.36.200.164:8000
121.36.200.164:8001
121.36.200.164:8002
121.36.200.164:8003
121.36.200.164:8004
121.36.200.164:8005
121.36.200.164:8006
121.36.200.164:8007
121.36.203.169:8000
121.36.203.169:8001
121.36.203.169:8002
121.36.203.169:8003
121.36.203.169:8004
121.36.203.169:8005
121.36.203.169:8006
121.36.203.169:8007
121.36.205.81:8000
121.36.205.81:8001
121.36.205.81:8002
121.36.205.81:8003
121.36.205.81:8004
121.36.205.81:8005
121.36.205.81:8006
121.36.205.81:8007
121.36.21.47:8000
121.36.21.47:8001
121.36.21.47:8002
121.36.21.47:8003
121.36.21.47:8004
121.36.21.47:8005
121.36.21.47:8006
121.36.21.47:8007
121.36.212.187:8000
121.36.212.187:8001
121.36.212.187:8002
121.36.212.187:8003
121.36.212.187:8004
121.36.212.187:8005
121.36.212.187:8006
121.36.212.187:8007
121.36.22.58:8000
121.36.22.58:8001
121.36.22.58:8002
121.36.22.58:8003
121.36.22.58:8004
121.36.22.58:8005
121.36.22.58:8006
121.36.22.58:8007
121.36.223.91:8000
121.36.223.91:8001
121.36.223.91:8002
121.36.223.91:8003
121.36.223.91:8004
121.36.223.91:8005
121.36.223.91:8006
121.36.223.91:8007
121.36.241.218:8000
121.36.241.218:8001
121.36.241.218:8002
121.36.241.218:8003
121.36.241.218:8004
121.36.241.218:8005
121.36.241.218:8006
121.36.241.218:8007
121.36.43.95:8000
121.36.43.95:8001
121.36.43.95:8002
121.36.43.95:8003
121.36.43.95:8004
121.36.43.95:8005
121.36.43.95:8006
121.36.43.95:8007
121.36.64.43:8000
121.36.64.43:8001
121.36.64.43:8002
121.36.64.43:8003
121.36.64.43:8004
121.36.64.43:8005
121.36.64.43:8006
121.36.64.43:8007
121.37.136.145:8000
121.37.136.145:8001
121.37.136.145:8002
121.37.136.145:8003
121.37.136.145:8004
121.37.136.145:8005
121.37.136.145:8006
121.37.136.145:8007
121.37.161.136:8000
121.37.161.136:8001
121.37.161.136:8002
121.37.161.136:8003
121.37.161.136:8004
121.37.161.136:8005
121.37.161.136:8006
121.37.161.136:8007
121.37.179.2:8000
121.37.179.2:8001
121.37.179.2:8002
121.37.179.2:8003
121.37.179.2:8004
121.37.179.2:8005
121.37.179.2:8006
121.37.179.2:8007
121.37.184.68:8000
121.37.184.68:8001
121.37.184.68:8002
121.37.184.68:8003
121.37.184.68:8004
121.37.184.68:8005
121.37.184.68:8006
121.37.184.68:8007
122.114.18.13:12340
122.114.18.13:22350
122.114.18.86:22350
122.114.18.92:12340
122.114.18.92:22350
122.9.111.24:8000
122.9.111.24:8001
122.9.111.24:8002
122.9.111.24:8003
122.9.111.24:8004
122.9.111.24:8005
122.9.111.24:8006
122.9.111.24:8007
122.9.112.171:8000
122.9.112.171:8001
122.9.112.171:8002
122.9.112.171:8003
122.9.112.171:8004
122.9.112.171:8005
122.9.112.171:8006
122.9.112.171:8007
122.9.121.124:8000
122.9.121.124:8001
122.9.121.124:8002
122.9.121.124:8003
122.9.121.124:8004
122.9.121.124:8005
122.9.121.124:8006
122.9.121.124:8007
122.9.122.105:8000
122.9.122.105:8001
122.9.122.105:8002
122.9.122.105:8003
122.9.122.105:8004
122.9.122.105:8005
122.9.122.105:8006
122.9.122.105:8007
122.9.122.166:8000
122.9.122.166:8001
122.9.122.166:8002
122.9.122.166:8003
122.9.122.166:8004
122.9.122.166:8005
122.9.122.166:8006
122.9.122.166:8007
122.9.123.90:8000
122.9.123.90:8001
122.9.123.90:8002
122.9.123.90:8003
122.9.123.90:8004
122.9.123.90:8005
122.9.123.90:8006
122.9.123.90:8007
122.9.124.131:8000
122.9.124.131:8001
122.9.124.131:8002
122.9.124.131:8003
122.9.124.131:8004
122.9.124.131:8005
122.9.124.131:8006
122.9.124.131:8007
122.9.124.96:8000
122.9.124.96:8001
122.9.124.96:8002
122.9.124.96:8003
122.9.124.96:8004
122.9.124.96:8005
122.9.124.96:8006
122.9.124.96:8007
122.9.125.139:8000
122.9.125.139:8001
122.9.125.139:8002
122.9.125.139:8003
122.9.125.139:8004
122.9.125.139:8005
122.9.125.139:8006
122.9.125.139:8007
122.9.125.184:8000
122.9.125.184:8001
122.9.125.184:8002
122.9.125.184:8003
122.9.125.184:8004
122.9.125.184:8005
122.9.125.184:8006
122.9.125.184:8007
122.9.125.26:8000
122.9.125.26:8001
122.9.125.26:8002
122.9.125.26:8003
122.9.125.26:8004
122.9.125.26:8005
122.9.125.26:8006
122.9.125.26:8007
122.9.126.138:8000
122.9.126.138:8001
122.9.126.138:8002
122.9.126.138:8003
122.9.126.138:8004
122.9.126.138:8005
122.9.126.138:8006
122.9.126.138:8007
122.9.126.21:8000
122.9.126.21:8001
122.9.126.21:8002
122.9.126.21:8003
122.9.126.21:8004
122.9.126.21:8005
122.9.126.21:8006
122.9.126.21:8007
122.9.126.235:8000
122.9.126.235:8001
122.9.126.235:8002
122.9.126.235:8003
122.9.126.235:8004
122.9.126.235:8005
122.9.126.235:8006
122.9.126.235:8007
122.9.126.59:8000
122.9.126.59:8001
122.9.126.59:8002
122.9.126.59:8003
122.9.126.59:8004
122.9.126.59:8005
122.9.126.59:8006
122.9.126.59:8007
122.9.126.74:8000
122.9.126.74:8001
122.9.126.74:8002
122.9.126.74:8003
122.9.126.74:8004
122.9.126.74:8005
122.9.126.74:8006
122.9.126.74:8007
122.9.96.62:8000
122.9.96.62:8001
122.9.96.62:8002
122.9.96.62:8003
122.9.96.62:8004
122.9.96.62:8005
122.9.96.62:8006
122.9.96.62:8007
122.9.98.121:8000
122.9.98.121:8001
122.9.98.121:8002
122.9.98.121:8003
122.9.98.121:8004
122.9.98.121:8005
122.9.98.121:8006
122.9.98.121:8007
123.207.12.142:1235
123.207.16.103:8443
123.207.18.157:12340
123.207.18.157:8443
123.60.12.32:8000
123.60.12.32:8001
123.60.12.32:8002
123.60.12.32:8003
123.60.12.32:8004
123.60.12.32:8005
123.60.12.32:8006
123.60.12.32:8007
123.60.218.46:8000
123.60.218.46:8001
123.60.218.46:8002
123.60.218.46:8003
123.60.218.46:8004
123.60.218.46:8005
123.60.218.46:8006
123.60.218.46:8007
123.60.221.78:8000
123.60.221.78:8001
123.60.221.78:8002
123.60.221.78:8003
123.60.221.78:8004
123.60.221.78:8005
123.60.221.78:8006
123.60.221.78:8007
123.60.31.114:8000
123.60.31.114:8001
123.60.31.114:8002
123.60.31.114:8003
123.60.31.114:8004
123.60.31.114:8005
123.60.31.114:8006
123.60.31.114:8007
123.60.31.166:8000
123.60.31.166:8001
123.60.31.166:8002
123.60.31.166:8003
123.60.31.166:8004
123.60.31.166:8005
123.60.31.166:8006
123.60.31.166:8007
123.60.92.210:8000
123.60.92.210:8001
123.60.92.210:8002
123.60.92.210:8003
123.60.92.210:8004
123.60.92.210:8005
123.60.92.210:8006
123.60.92.210:8007
123.60.94.121:8000
123.60.94.121:8001
123.60.94.121:8002
123.60.94.121:8003
123.60.94.121:8004
123.60.94.121:8005
123.60.94.121:8006
123.60.94.121:8007
124.70.128.38:8000
124.70.128.38:8001
124.70.128.38:8002
124.70.128.38:8003
124.70.128.38:8004
124.70.128.38:8005
124.70.128.38:8006
124.70.128.38:8007
124.70.186.208:8000
124.70.186.208:8001
124.70.186.208:8002
124.70.186.208:8003
124.70.186.208:8004
124.70.186.208:8005
124.70.186.208:8006
124.70.186.208:8007
124.70.204.39:8000
124.70.204.39:8001
124.70.204.39:8002
124.70.204.39:8003
124.70.204.39:8004
124.70.204.39:8005
124.70.204.39:8006
124.70.204.39:8007
124.70.21.77:8000
124.70.21.77:8001
124.70.21.77:8002
124.70.21.77:8003
124.70.21.77:8004
124.70.21.77:8005
124.70.21.77:8006
124.70.21.77:8007
124.70.29.43:8000
124.70.29.43:8001
124.70.29.43:8002
124.70.29.43:8003
124.70.29.43:8004
124.70.29.43:8005
124.70.29.43:8006
124.70.29.43:8007
124.70.87.2:8000
124.70.87.2:8001
124.70.87.2:8002
124.70.87.2:8003
124.70.87.2:8004
124.70.87.2:8005
124.70.87.2:8006
124.70.87.2:8007
124.71.10.22:8000
124.71.10.22:8001
124.71.10.22:8002
124.71.10.22:8003
124.71.10.22:8004
124.71.10.22:8005
124.71.10.22:8006
124.71.10.22:8007
124.71.14.157:8000
124.71.14.157:8001
124.71.14.157:8002
124.71.14.157:8003
124.71.14.157:8004
124.71.14.157:8005
124.71.14.157:8006
124.71.14.157:8007
124.71.186.151:8000
124.71.186.151:8001
124.71.186.151:8002
124.71.186.151:8003
124.71.186.151:8004
124.71.186.151:8005
124.71.186.151:8006
124.71.186.151:8007
124.71.192.182:8000
124.71.192.182:8001
124.71.192.182:8002
124.71.192.182:8003
124.71.192.182:8004
124.71.192.182:8005
124.71.192.182:8006
124.71.192.182:8007
124.71.193.201:8000
124.71.193.201:8001
124.71.193.201:8002
124.71.193.201:8003
124.71.193.201:8004
124.71.193.201:8005
124.71.193.201:8006
124.71.193.201:8007
124.71.205.70:8000
124.71.205.70:8001
124.71.205.70:8002
124.71.205.70:8003
124.71.205.70:8004
124.71.205.70:8005
124.71.205.70:8006
124.71.205.70:8007
124.71.228.182:8000
124.71.228.182:8001
124.71.228.182:8002
124.71.228.182:8003
124.71.228.182:8004
124.71.228.182:8005
124.71.228.182:8006
124.71.228.182:8007
124.71.63.158:8000
124.71.63.158:8001
124.71.63.158:8002
124.71.63.158:8003
124.71.63.158:8004
124.71.63.158:8005
124.71.63.158:8006
124.71.63.158:8007
124.71.99.215:8000
124.71.99.215:8001
124.71.99.215:8002
124.71.99.215:8003
124.71.99.215:8004
124.71.99.215:8005
124.71.99.215:8006
124.71.99.215:8007
139.159.152.195:8000
139.159.152.195:8001
139.159.152.195:8002
139.159.152.195:8003
139.159.152.195:8004
139.159.152.195:8005
139.159.152.195:8006
139.159.152.195:8007
139.9.119.173:8000
139.9.119.173:8001
139.9.119.173:8002
139.9.119.173:8003
139.9.119.173:8004
139.9.119.173:8005
139.9.119.173:8006
139.9.119.173:8007
139.9.135.156:8000
139.9.135.156:8001
139.9.135.156:8002
139.9.135.156:8003
139.9.135.156:8004
139.9.135.156:8005
139.9.135.156:8006
139.9.135.156:8007
139.9.138.15:8000
139.9.138.15:8001
139.9.138.15:8002
139.9.138.15:8003
139.9.138.15:8004
139.9.138.15:8005
139.9.138.15:8006
139.9.138.15:8007
139.9.221.228:8000
139.9.221.228:8001
139.9.221.228:8002
139.9.221.228:8003
139.9.221.228:8004
139.9.221.228:8005
139.9.221.228:8006
139.9.221.228:8007
139.9.36.241:8000
139.9.36.241:8001
139.9.36.241:8002
139.9.36.241:8003
139.9.36.241:8004
139.9.36.241:8005
139.9.36.241:8006
139.9.36.241:8007
139.9.37.126:8000
139.9.37.126:8001
139.9.37.126:8002
139.9.37.126:8003
139.9.37.126:8004
139.9.37.126:8005
139.9.37.126:8006
139.9.37.126:8007
139.9.80.84:8000
139.9.80.84:8001
139.9.80.84:8002
139.9.80.84:8003
139.9.80.84:8004
139.9.80.84:8005
139.9.80.84:8006
139.9.80.84:8007
139.9.86.92:8000
139.9.86.92:8001
139.9.86.92:8002
139.9.86.92:8003
139.9.86.92:8004
139.9.86.92:8005
139.9.86.92:8006
139.9.86.92:8007
141.164.54.104:443
185.126.237.57:443
193.112.241.118:12340
218.64.122.107:8081
37.120.247.29:8443
38.54.32.114:443
38.54.84.31:443
45.77.174.203:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-12-03)

http://103.56.55.153
http://141.164.54.104
http://154.84.23.110
http://165.154.64.215
http://40.74.70.136
http://45.74.6.169
http://45.74.6.251
http://45.77.174.203
http://5.183.95.202
http://54.219.223.239
http://96.9.210.77
101.132.147.163:8000
101.132.147.163:8001
101.132.147.163:8003
101.200.77.210:6051
116.72.78.89:8443
118.249.189.96:13702
118.69.225.164:1433
118.89.52.171:8000
118.89.52.171:8001
118.89.52.171:8002
118.89.52.171:8003
119.3.188.193:8000
119.3.188.193:8001
119.3.188.193:8002
119.3.188.193:8003
119.3.188.193:8004
119.3.188.193:8005
119.3.188.193:8006
119.3.188.193:8007
119.3.227.189:8000
119.3.227.189:8001
119.3.227.189:8002
119.3.227.189:8003
119.3.227.189:8004
119.3.227.189:8005
119.3.227.189:8006
119.3.227.189:8007
120.233.114.141:22001
120.233.114.144:22005
120.233.114.146:22006
120.233.114.161:22005
120.233.114.169:22006
120.233.114.182:22000
120.233.114.182:22003
120.233.114.184:22000
120.233.114.184:22001
120.233.114.184:22002
120.233.114.184:22003
120.233.114.184:22004
120.233.114.184:22005
120.233.114.184:22006
120.233.114.184:22007
120.233.114.186:22000
120.233.114.186:22001
120.233.114.186:22002
120.233.114.186:22003
120.233.114.186:22004
120.233.114.186:22005
120.233.114.186:22006
120.233.114.186:22007
120.233.114.187:22000
120.233.114.204:22002
120.233.114.204:22006
120.233.114.215:22006
120.233.114.218:22000
120.233.114.226:22003
120.233.114.229:22000
120.233.114.229:22001
120.233.114.229:22002
120.233.114.229:22003
120.233.114.229:22004
120.233.114.229:22005
120.233.114.229:22006
120.233.114.229:22007
120.233.114.237:22000
120.233.114.237:22002
120.233.114.237:22005
120.233.114.242:22002
120.233.114.243:22002
120.233.114.244:22001
120.233.50.14:22000
120.233.50.14:22001
120.233.50.14:22002
120.233.50.14:22003
120.233.50.14:22004
120.233.50.14:22005
120.233.50.14:22006
120.233.50.14:22007
120.46.142.56:8000
120.46.142.56:8001
120.46.142.56:8002
120.46.142.56:8003
120.46.142.56:8004
120.46.142.56:8005
120.46.142.56:8006
120.46.142.56:8007
121.36.106.89:8000
121.36.106.89:8001
121.36.106.89:8002
121.36.106.89:8003
121.36.106.89:8004
121.36.106.89:8005
121.36.106.89:8006
121.36.106.89:8007
121.36.83.144:8000
121.36.83.144:8001
121.36.83.144:8002
121.36.83.144:8003
121.36.83.144:8004
121.36.83.144:8005
121.36.83.144:8006
121.36.83.144:8007
122.114.18.100:22350
122.114.18.42:12340
122.254.94.69:443
123.60.55.205:8000
123.60.55.205:8001
123.60.55.205:8002
123.60.55.205:8003
123.60.55.205:8004
123.60.55.205:8005
123.60.55.205:8006
123.60.55.205:8007
124.223.102.72:8443
124.70.200.238:8000
124.70.200.238:8001
124.70.200.238:8002
124.70.200.238:8003
124.70.200.238:8004
124.70.200.238:8005
124.70.200.238:8006
124.70.200.238:8007
124.70.202.122:8000
124.70.202.122:8001
124.70.202.122:8002
124.70.202.122:8003
124.70.202.122:8004
124.70.202.122:8005
124.70.202.122:8006
124.70.202.122:8007
124.70.38.91:8000
124.70.38.91:8001
124.70.38.91:8002
124.70.38.91:8003
124.70.38.91:8004
124.70.38.91:8005
124.70.38.91:8006
124.70.38.91:8007
124.70.56.41:8000
124.70.56.41:8001
124.70.56.41:8002
124.70.56.41:8003
124.70.56.41:8004
124.70.56.41:8005
124.70.56.41:8006
124.70.56.41:8007
124.70.63.174:8000
124.70.63.174:8001
124.70.63.174:8002
124.70.63.174:8003
124.70.63.174:8004
124.70.63.174:8005
124.70.63.174:8006
124.70.63.174:8007
13.115.194.155:53
14.225.192.198:443
148.66.22.106:443
148.66.22.106:8443
148.66.22.107:443
148.66.22.107:8443
148.66.22.108:443
148.66.22.108:8443
148.66.22.109:443
148.66.22.109:8443
148.66.22.110:443
148.66.22.110:8443
149.202.45.103:8081
149.28.23.65:12345
154.84.23.116:53
156.59.39.106:443
165.154.64.215:443
208.76.222.168:443
211.75.116.27:443
216.83.40.84:443
3.91.231.34:8083
35.77.99.82:53
38.180.54.6:443
38.181.24.48:8000
38.181.24.48:8080
38.60.221.150:443
43.128.40.28:8080
43.229.112.203:65000
45.195.76.26:443
45.74.6.77:8443
45.76.110.175:53
45.77.183.245:8080
45.86.162.190:443
52.128.229.100:443
52.128.229.98:443
52.128.229.99:443
54.219.223.239:53
64.176.59.90:443
96.9.210.77:21
96.9.210.77:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-12-24)

http://192.109.119.100
http://45.32.106.247
http://46.246.98.47
1.12.224.214:12340
192.109.119.100:8080
45.129.199.38:443
45.129.199.38:8080
45.76.83.253:443
89.38.131.70:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-03)

http://107.148.73.109
http://110.173.53.162
http://141.98.212.38
http://143.92.60.54
http://155.138.142.176
http://185.189.241.209
http://194.246.114.4
http://34.96.231.241
http://45.117.102.174
http://45.67.34.151
http://45.74.6.14
http://45.74.6.175
http://8.130.26.42
http://8.212.157.140
1.94.125.189:8000
1.94.125.189:8001
103.86.45.200:2096
103.86.45.200:53
107.148.45.172:443
107.148.73.109:443
110.173.53.162:443
121.37.164.60:8000
121.37.164.60:8001
121.37.164.60:8002
121.37.164.60:8003
121.37.164.60:8004
121.37.164.60:8005
121.37.164.60:8007
122.114.18.86:12340
122.254.94.69:8080
123.60.174.4:8000
123.60.174.4:8001
124.71.188.124:8000
124.71.188.124:8001
124.71.188.124:8002
124.71.188.124:8004
124.71.188.124:8005
124.71.188.124:8007
141.98.212.38:8080
149.28.136.218:443
151.236.18.179:443
156.255.3.7:443
156.59.168.116:1688
156.59.168.116:443
175.27.191.226:53
185.130.214.116:443
185.189.241.209:443
185.189.241.254:443
185.189.241.254:53
192.71.26.172:443
194.116.191.150:443
194.116.191.150:8081
194.116.191.150:88
194.246.114.4:21
194.246.114.4:443
20.6.82.79:443
23.225.71.115:12345
23.225.71.115:8888
34.81.45.231:443
34.96.231.241:53
37.1.193.156:443
43.132.173.7:12345
43.135.1.200:53
45.32.106.247:443
45.67.34.151:443
45.67.34.151:8080
45.74.6.175:21
52.128.229.100:12345
52.128.229.101:443
52.128.229.102:12345
52.128.229.102:443
52.128.229.98:12345
52.128.229.99:12345
58.20.44.195:13702
60.204.211.54:8000
60.204.211.54:8001
8.130.26.42:12345
8.130.26.42:443
8.212.157.140:443
94.131.119.167:8080
sdfsj3h1s54-yh.foy9dong.com
stationarycell.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-16)

http://155.138.154.203
1.92.75.200:8000
1.92.75.200:8001
1.92.75.200:8002
1.92.75.200:8003
1.92.75.200:8004
1.92.75.200:8005
1.92.75.200:8006
1.92.75.200:8007
1.92.91.219:8000
1.92.91.219:8001
1.92.91.219:8002
1.92.91.219:8003
1.92.91.219:8004
1.92.91.219:8005
1.92.91.219:8006
1.92.91.219:8007
1.94.125.189:8002
1.94.125.189:8003
1.94.125.189:8004
1.94.125.189:8005
1.94.125.189:8006
1.94.125.189:8007
103.91.64.204:443
103.91.64.204:80
120.46.66.113:8000
120.46.66.113:8001
120.46.66.113:8002
120.46.66.113:8003
120.46.66.113:8004
120.46.66.113:8005
120.46.66.113:8006
120.46.66.113:8007
121.37.164.60:8006
123.60.174.4:8002
123.60.174.4:8003
123.60.174.4:8004
123.60.174.4:8005
123.60.174.4:8006
123.60.174.4:8007
124.70.0.94:8000
124.70.0.94:8001
124.70.0.94:8002
124.70.0.94:8003
124.70.0.94:8004
124.70.0.94:8005
124.70.0.94:8006
124.70.0.94:8007
124.70.98.249:8000
124.70.98.249:8001
124.70.98.249:8002
124.70.98.249:8003
124.70.98.249:8004
124.70.98.249:8005
124.70.98.249:8006
124.70.98.249:8007
124.71.188.124:8003
124.71.188.124:8006
124.71.218.160:8000
124.71.218.160:8001
124.71.218.160:8002
124.71.218.160:8003
124.71.218.160:8004
124.71.218.160:8005
124.71.218.160:8006
124.71.218.160:8007
124.71.222.120:8000
124.71.222.120:8001
124.71.222.120:8002
124.71.222.120:8003
124.71.222.120:8004
124.71.222.120:8005
124.71.222.120:8006
124.71.222.120:8007
139.159.146.137:8000
139.159.146.137:8001
139.159.146.137:8002
139.159.146.137:8003
139.159.146.137:8004
139.159.146.137:8005
139.159.146.137:8006
139.159.146.137:8007
139.9.180.3:8000
139.9.180.3:8001
139.9.180.3:8002
139.9.180.3:8003
139.9.180.3:8004
139.9.180.3:8005
139.9.180.3:8006
139.9.180.3:8007
139.9.41.174:8000
139.9.41.174:8001
139.9.41.174:8002
139.9.41.174:8003
139.9.41.174:8004
139.9.41.174:8005
139.9.41.174:8006
139.9.41.174:8007
194.116.191.150:8080
45.77.183.245:443
5.252.178.189:443
5.252.178.189:8080
60.204.211.54:8002
60.204.211.54:8003
60.204.211.54:8004
60.204.211.54:8005
60.204.211.54:8006
60.204.211.54:8007

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-23)

http://103.91.64.204
http://38.55.204.19
http://5.252.178.189
155.138.154.203:443
195.123.217.139:443
20.2.219.165:3389
27.44.204.144:22000
27.44.204.144:22002
27.44.204.144:22003
27.44.204.144:22004
27.44.204.144:22005
27.44.204.144:22007
27.44.204.161:22000
27.44.204.161:22001
27.44.204.161:22002
27.44.204.161:22003
27.44.204.161:22004
27.44.204.161:22005
27.44.204.161:22006
27.44.204.161:22007
27.44.204.219:22000
27.44.204.219:22001
27.44.204.219:22003
27.44.204.219:22004
27.44.204.219:22007
27.44.204.229:22000
27.44.204.233:22001
27.44.204.233:22002
45.32.106.247:8080
5.252.178.189:8443

# Reference: https://twitter.com/nahamike01/status/1755183472677924879

supermirco.us
micro.supermirco.us
mircoo.supermirco.us
ns.supermirco.us

# Reference: https://twitter.com/luc4m/status/1778110699870310840

165.154.227.192:6005
165.154.227.192:7000

# Reference: https://twitter.com/Cyberteam008/status/1779763262722355512

173.199.71.210:443
185.174.172.41:443
194.156.99.115:443
194.156.99.115:8443
195.85.250.254:443
45.77.65.219:443
65.20.98.31:443

# Reference: https://twitter.com/ValidinLLC/status/1779916377039495523

80.92.204.66:3306
80.92.204.66:443

# Reference: https://twitter.com/1ZRR4H/status/1783528366194196585
# Reference: https://app.validin.com/detail?type=raw&find=AndroidControl+v1.0.4#tab=host_pairs

http://120.78.223.152
http://47.241.218.217
http://8.219.55.216
120.78.223.152:443
47.241.218.217:443
8.219.55.216:443
vmess.xhhzs.cn

# Reference: https://x.com/SBousseaden/status/1794484811064586632
# Reference: https://www.virustotal.com/gui/file/deecc7fa56d74dcf87ddf728261a1fe9a4f7a0e0d187111ab60e5b8051e59ae3/detection

prod.microsoftdirect.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-06-09)

103.158.190.167:443
128.14.105.154:443
139.180.208.107:443
146.70.157.115:443
164.215.103.248:443
173.199.71.24:443
185.167.61.21:443
185.81.114.45:443
193.56.255.142:443
207.148.95.161:443
38.55.204.19:80
38.60.193.62:443
45.116.78.250:443
45.159.250.235:443
45.32.115.37:443
47.242.52.22:443
47.243.60.4:443
64.176.8.105:443
8.210.134.47:443
8.210.167.64:443
8.210.168.192:443
8.210.174.168:443
8.210.221.119:443
8.210.4.242:443
8.210.74.92:443
8.217.0.193:443
8.217.107.25:443
8.217.122.135:443
8.217.84.192:443
8.217.96.167:443
8.218.128.35:443
8.218.163.77:443
8.218.17.11:443
8.218.193.197:443
8.218.213.245:443
8.218.217.76:443
8.218.244.117:443
8.218.248.158:443
8.218.56.204:443
94.131.110.28:443

# Reference: https://x.com/nahamike01/status/1799730688725508290

http://158.247.199.185
158.247.199.185:3389
158.247.199.185:443
158.247.199.185:53

# Reference: https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust
# Reference: https://www.virustotal.com/gui/ip-address/95.164.16.231/relations

http://152.89.244.185
akacur.tk
eloples.com
ns1.akacur.tk
ns2.akacur.tk
orange-breeze-66bb.tezsfsoikdvd.workers.dev

# Reference: https://x.com/Cyberteam008/status/1818119578204934582
# Reference: https://pastebin.com/AYzCKMsf

amazonlivenews.com
gmail.verifypay.shop
google.pythonpplus.org
googleaccount.org
microsoftbackups.com
microsoftremotehelps.com
micsoftonedrive.com
pishgaman.pw
pythonpplus.org
verifypay.shop
youtubedownloading.com
qw05.liaoqazqq.com
s.pishgaman.pw
voiptelsolutions.splynx.app

# Reference: https://x.com/Huntio/status/1824654200955080733
# Reference: https://x.com/_langly/status/1824768675548672100

bingsearches.com
buildhosting.club
cargobussi.org
googlelivenews.com
mail-pk.xyz
microsoftcode.com
microsoftdaily.com
microsoftdesktop.com
pk-information.com
solarwindsaf.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-08-18)

http://167.179.103.75
http://207.246.119.197
http://46.29.163.195
http://64.176.179.67
http://64.176.44.238
http://95.179.235.165
http://96.30.196.210
108.61.208.146:443
149.28.146.215:443
152.32.201.190:443
167.179.106.174:443
173.199.122.23:53
185.76.78.78:443
198.13.51.5:443
199.247.10.114:443
199.247.23.228:443
202.182.118.85:443
207.246.106.76:443
207.246.119.197:443
207.246.119.197:8080
38.54.79.213:443
38.60.134.143:443
45.77.170.31:443
45.77.36.13:443
89.38.128.94:443
95.179.163.123:443
95.179.242.107:443
95.179.249.161:443
96.30.196.210:443
app.kaspersky-scan.com
auth.microsoftsservice.com
bold-hamilton.207-246-119-197.plesk.page
cloud.kaspersky-scan.com
cloud.microsoftsservice.com
db.microsoftsservice.com
gov.jmjejij.otzo.com
hb.kaspersky-scan.com
id2.microsoftsservice.com
img.shaduruanjian8.com
it.jmjejij.otzo.com
jmjejij.otzo.com
kaspersky-scan.com
micro.gay
microsoftsservice.com
randzalo.com
shaduruanjian8.com
stdhgd.com
tc.microsoftsservice.com
top.microsoftsservice.com
update.micro.gay
weblink.microsoftsservice.com

# Reference: https://www.trendmicro.com/en_sg/research/24/h/earth-baku-latest-campaign.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/h/earth-baku/ioc-a-dive-into-earth-baku-latest-campaign.txt
# Reference: https://www.virustotal.com/gui/file/7f24bc080281d250ec88493e5803e488721a17c9382cd54ba8dfbcb785f23a88/detection

cdn7854.workers.dev
icy-bar-c375.microsoft-updates.workers.dev
microsoft-updates.workers.dev
mircoupdate.https443.net
realgodad.workers.dev
shrill-tooth-b557.vgfjuic.workers.dev
track.cdn78544.ru
vgfjuic.workers.dev
update-chrome.realgodad.workers.dev

# Reference: https://x.com/Cyberteam008/status/1826126334919082085
# Reference: https://www.virustotal.com/gui/ip-address/154.90.58.189/relations
# Reference: https://www.virustotal.com/gui/ip-address/38.54.50.46/relations
# Reference: https://www.virustotal.com/gui/file/b2d2380ec8001acfacbba10305c5dd4fe8bd153bfb00377bb6c6a0f94b29e804/detection
# Reference: https://www.virustotal.com/gui/file/f16faa26f8871692c49c5bc4a047b33aad0dcffdba5c6d8f08ad636b94859cf7/detection

http://38.60.198.164
91newai.com
new-openai.com
ngo.91newai.com
tw.new-openai.com

# Reference: https://x.com/Cyberteam008/status/1826433189012730325
# Reference: https://www.virustotal.com/gui/ip-address/89.38.128.94/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.231.205.25/relations

netbill.pk
admin.netbill.pk
mail.netbill.pk
random.netbill.pk

# Reference: https://x.com/Cyberteam008/status/1828624431117181112
# Reference: https://en.fofa.info/result?qbase64=Y2VydD0iMTgyMDk2NTM3Njc1ODE0NDk5NDEi

152.32.139.23:443
45.112.53.130:8080

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-08)

http://103.27.111.247
http://103.87.10.214
112.120.226.125:5006
121.229.58.86:3306
123.56.0.80:10000
139.180.223.116:443
141.164.50.114:443
144.202.1.189:21
144.202.1.189:443
154.205.145.210:443
156.244.2.26:443
159.69.83.16:443
165.22.117.169:443
167.179.112.116:443
192.71.213.155:443
194.5.212.218:443
194.5.212.218:53
199.247.2.134:443
199.247.23.86:443
207.148.120.98:443
207.148.66.49:443
208.85.16.252:443
219.78.165.215:5006
31.192.107.196:443
35.181.55.11:443
38.60.217.161:443
38.60.250.74:443
45.32.151.219:443
45.32.32.252:443
45.76.189.33:443
45.77.133.154:443
45.77.9.96:443
66.42.37.139:443
80.240.16.246:443
82.67.49.76:63601
95.179.145.120:443
95.179.220.191:443
95.179.221.218:443
95.179.240.31:443

# Reference: https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/

185.132.125.72:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-09)

158.247.243.186:443
206.189.224.6:443
5.42.74.254:2083

# Reference: https://x.com/malwrhunterteam/status/1815256468431528370
# Reference: https://x.com/nao_sec/status/1826977609328325111
# Reference: https://jp.security.ntt/tech_blog/appdomainmanager-injection
# Reference: https://www.virustotal.com/gui/file/1d40ac126547b1523a3fb7d584deec907315c5ef7f44ffa96ef4bd18702101f6/detection

krislab.site
msn-microsoft.org
s3-microsoft.com
s3bucket-azure.online
trendmicrotech.com
visualstudio-microsoft.com
xtools.lol
static.krislab.site

# Reference: https://x.com/StrikeReadyLabs/status/1819460764517683658
# Reference: https://x.com/dez_/status/1825896855466565963
# Reference: https://www.virustotal.com/gui/file/4edc77c3586ccc255460f047bd337b2d09e2339e3b0b0c92d68cddedf2ac1e54/detection

s3cloud-azure.com
status.s3cloud-azure.com
360photo.oss-cn-hongkong.aliyuncs.com
s3-r-w.me-south-1.amazonaws.com
wordpresss-data.s3.me-south-1.amazonaws.com

# Reference: https://x.com/suyog41/status/1835557924443509029
# Reference: https://www.virustotal.com/gui/file/7d8894520e26755e0f191078df140898882837c90d338174487c1e2d17a72756/detection

http://103.214.173.55
103.214.173.55:443
xiang1234.oss-cn-hongkong.aliyuncs.com

# Reference: https://x.com/StrikeReadyLabs/status/1826969590494064789
# Reference: https://www.virustotal.com/gui/file/0ba468400dd88b6dbe96407cb104f28876adb62805689d97de5d2650770ff39c/detection

proradead.s3.sa-east-1.amazonaws.com

# Reference: https://x.com/Cyberteam008/status/1836967191893176652
# Reference: https://www.virustotal.com/gui/ip-address/139.84.133.219/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.76.165.217/relations

microsoftdnshelp.com
techsupport-microsoft.co.in
ns1.microsoftdnshelp.com
ns2.microsoftdnshelp.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-22)

http://47.242.52.22
http://8.210.174.168
http://8.217.122.135
109.207.171.191:443
121.162.13.25:21
121.162.13.25:8022
139.84.236.159:443
141.164.35.65:443
149.28.186.14:443
149.28.28.9:443
151.236.23.49:443
155.138.195.85:443
167.179.70.58:443
217.69.6.191:443
38.60.199.119:443
45.80.215.133:443
47.242.52.22:53
64.176.229.94:443
8.217.107.25:44444
8.217.107.25:53
8.217.122.135:53
8.218.163.77:53
8.218.193.197:44444
8.218.193.197:53
95.179.134.240:53
95.179.176.94:8443

# Reference: https://x.com/r0ny_123/status/1837896240865923072
# Reference: https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/i/earth-baxia-uses-spear-phishing-and-geoserver-exploit-to-target-apac/IOCs%20-%20Earth%20Baxia%20Uses%20Spear-Phishing%20and%20GeoServer%20Exploit%20to%20Target%20APAC.txt

http://152.42.243.170
http://167.172.84.142
http://167.172.89.142
http://188.166.252.85
152.42.243.170:22
152.42.243.170:443
167.172.84.142:443
167.172.89.142:443
188.166.252.85:443
browser-events-data-microsoft.com
hinet.ink
hinet.lat
islot.ink
oca.pics
s3-azure.com
bobs8.oss-cn-hongkong.aliyuncs.com
cooltours.s3.sa-east-1.amazonaws.com
doare-assets.s3.sa-east-1.amazonaws.com
ecgglass-arq.s3.sa-east-1.amazonaws.com
homologacao-sisp.s3.sa-east-1.amazonaws.com
kcalmoments.s3.me-south-1.amazonaws.com
ms1.hinet.lat
msa.hinet.ink
recordar-simmco.s3.sa-east-1.amazonaws.com
rocean.oca.pics
s3-contemp.s3.sa-east-1.amazonaws.com
souzacambos.s3.sa-east-1.amazonaws.com
static.trendmicrotech.com
us2.s3bucket-azure.online
xiiltrionsoledadprod.s3.sa-east-1.amazonaws.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-29)

http://8.210.134.47
http://8.210.167.64
http://8.210.221.119
http://8.210.74.92
http://8.218.17.11
http://8.218.56.204
136.244.119.156:443
198.13.39.189:443
202.162.108.45:443
38.60.196.212:443
45.76.191.59:443
46.246.98.47:8080

# Reference: https://x.com/pancak3lullz/status/1853452698919555575
# Reference: https://www.virustotal.com/gui/ip-address/136.244.116.245/relations
# Reference: https://www.virustotal.com/gui/ip-address/64.176.69.95/relations

kasperskyupdate.com
paloaltonetworkhelp.com

# Reference: https://x.com/DmitriyMelikov/status/1856721308802793496
# Reference: https://blogs.blackberry.com/en/2024/11/lightspy-apt41-deploys-advanced-deepdata-framework-in-targeted-southern-asia-espionage-campaign

103.255.176.176:28992
119.147.213.48:28992
202.43.239.13:28992

# Reference: https://x.com/Cyberteam008/status/1858703453981450712
# Reference: https://www.virustotal.com/gui/file/79c2c656eac34f628406855c9fafe36161ac423c071d9b20b64f4f511c9ec241/detection

http://37.120.222.37
37.120.222.37:443

# Reference: https://x.com/Cyberteam008/status/1861596387625890122

103.96.130.107:443
139.180.129.136:443
139.84.168.41:443
158.247.214.28:443
165.154.201.115:443
188.208.141.207:443
45.125.67.58:443

# Reference: https://securelist.com/eagerbee-backdoor/115175/
# Reference: https://www.virustotal.com/gui/ip-address/151.236.16.167/relations
# Reference: https://www.virustotal.com/gui/ip-address/194.71.107.215/relations
# Reference: https://www.virustotal.com/gui/ip-address/62.233.57.94/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.118.21.230/relations

http://195.123.242.120
http://5.34.176.46
195.123.242.120:443
5.34.176.46:443
carruthersfredericklawyers.com
carruthersfredericklegals.com
ellisonpeterslaws.com
ellisonpeterslawyer.com
feedfoodconcerning.info
feedfoodconcerning.org
gnel.feedfoodconcerning.org
goldmanrichardlegal.com
goldmanrichardlegals.com
oldfriendsnetwork.com
rambiler.com
socialentertainments.store

# Reference: https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set
# Reference: https://www.virustotal.com/gui/file/e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064/detection

185.195.237.123:443
185.82.217.164:443
195.123.245.79:443
45.90.58.103:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2025-01-05)

http://104.167.16.95
http://185.117.89.125
http://185.22.153.161
http://185.22.154.64
http://45.140.168.49
http://46.17.41.15
http://46.17.41.154
http://47.242.0.122
http://47.242.16.105
http://5.252.178.185
http://8.210.30.189
http://8.210.6.230
http://8.217.0.193
http://8.217.84.192
http://8.218.163.77
http://8.218.193.197
http://8.218.213.245
http://8.218.217.76
http://8.218.244.117
http://8.218.25.58
103.215.216.72:443
103.27.109.72:443
103.87.8.199:443
104.167.16.95:443
107.191.62.206:443
117.50.213.101:443
118.194.249.212:8080
136.244.116.245:443
136.244.80.115:443
139.84.214.241:443
139.84.214.241:53
141.164.49.53:8443
149.28.128.65:443
149.28.159.61:443
158.247.252.152:443
166.1.22.41:443
176.126.83.225:443
185.186.76.151:443
185.213.20.117:443
185.81.115.126:443
199.247.22.187:443
212.192.215.143:443
217.69.15.243:443
27.124.53.33:443
38.60.211.116:443
43.246.208.207:443
43.246.210.196:443
45.32.121.197:8080
45.32.51.228:8080
45.76.209.205:443
45.77.16.161:443
45.77.170.188:443
47.242.0.122:443
47.242.16.105:443
47.242.16.105:53
5.189.221.41:443
5.252.178.185:443
64.176.59.232:443
64.176.65.49:443
64.176.69.95:443
65.20.76.134:443
65.20.78.130:443
8.210.30.189:443
8.210.6.230:443
8.218.25.58:443
8.218.25.58:53
91.149.240.153:443
91.149.241.103:443
95.179.179.83:443
95.179.244.134:443
64-176-59-232.ipv4.staticdns3.io
64.176.65.49.sslip.io
app.microsoftstaticapi.com
asdasw21.icu
cdn.withrental.com
hopeful-jang.207-246-119-197.plesk.page
micheeasodh.top
microsoftstaticapi.com
node5.cnaidun.net
sapress.help
silly-swirles.207-246-119-197.plesk.page

# Reference: https://app.validin.com/detail?type=hash&find=e760bb9ce1e83e274def380574509c7b9e9088ff#tab=host_pairs (# 2025-02-27)

139.180.205.23:443
45.32.115.128:443
64.176.226.182:443
95.179.156.122:443
gomyhalf.com
microsoftasps.com
symence.org

# Reference: https://www.scrible.com/view/source/R2IO1C0L20LQG2MG3443K8O48P4CM20E:1424161239/

139.84.137.63:443
192.142.18.42:443
193.56.255.214:443
37.120.239.33:443
boopainc.com
chtq.net
dsqurey.com
emazemedia.com
oossafe.com
superdasqe.me
api.emazemedia.com
caba.superdasqe.me
czs.superdasqe.me
dscriy.chtq.net
home.boopainc.com
network.oossafe.com
notes.oossafe.com
updata.dsqurey.com

# Reference: https://x.com/Cyberteam008/status/1899314534999019567

101.99.93.140:443
139.84.137.60:443
89.38.225.202:443
89.38.225.208:443
91.245.253.79:443

# Reference: https://x.com/smica83/status/1904134295087718450
# Reference: https://www.welivesecurity.com/en/eset-research/operation-fishmedley/

162.33.178.23:443
168.100.10.136:443
192.46.223.211:443
78.141.202.70:443
googleauthenticatoronline.com
api.googleauthenticatoronline.com

# Reference: https://x.com/Cyberteam008/status/1909432343976091981
# Reference: https://www.virustotal.com/gui/file/7ad3331be038b43c1a19066f1e4edbe85dfb08596d70774a5e15480394626d39/detection

45.77.33.174:443
updatemic.com
update.updatemic.com

# Reference: https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad

developers-cloudfare.us
gjbopwmail.kozow.com
gssllxqxqzyo.giize.com
opwmail.kozow.com
static.developers-cloudfare.us
zngb.kozow.com

# Reference: https://x.com/Cyberteam008/status/1910171025137934629

139.84.168.246:443
158.247.253.66:443
172.235.10.225:443
172.235.10.252:443
206.71.149.117:443
23.227.199.38:443
38.132.122.152:443
38.180.82.106:443
43.255.158.158:443
43.255.158.97:443
45.32.172.203:443
64.190.113.165:443
64.227.185.216:443
65.20.66.77:443

# Reference: https://x.com/Jane_0sint/status/1910650292342862257
# Reference: https://app.any.run/tasks/2c3b303a-b412-449e-b380-f1e7de76d452

154.31.217.200:443

# Reference: https://hunt.io/blog/keyplug-infrastructure-tls-certificates-ghostwolf-activity

103.146.230.130:443
103.146.230.165:443
103.146.230.183:443
103.226.155.96:443
103.226.155.98:443
103.234.96.167:443
103.244.148.80:443
108.61.159.145:443
111.180.200.74:443
114.55.6.216:443
13.124.47.148:443
13.209.204.54:443
13.214.160.122:443
13.214.172.25:443
13.214.203.53:443
13.228.200.171:443
13.250.182.175:443
139.180.145.193:443
139.180.153.109:443
139.180.188.174:443
139.180.189.81:443
139.180.211.30:443
139.180.213.58:443
139.84.175.197:443
149.28.130.130:443
149.28.131.126:443
15.168.60.114:443
154.12.87.168:443
154.92.16.198:443
158.247.203.247:443
158.247.234.25:443
158.247.245.229:443
158.247.251.91:443
158.247.253.114:443
173.209.62.187:443
173.209.62.189:443
173.209.62.190:443
18.142.113.169:443
18.142.162.202:443
18.143.183.217:443
18.163.6.115:443
202.182.121.16:443
202.79.173.211:443
202.79.173.220:443
202.79.173.228:443
205.185.121.28:443
207.148.71.45:443
209.141.36.195:443
3.0.139.139:443
3.1.206.135:443
3.38.151.172:443
36.255.220.179:443
38.55.24.53:443
39.106.32.186:443
43.130.61.252:443
43.201.51.16:443
43.249.36.84:443
45.137.10.166:443
45.137.10.37:443
45.148.244.220:443
45.32.101.56:443
45.32.125.90:443
45.76.150.120:443
45.77.34.88:443
47.245.60.81:443
47.245.99.137:443
47.92.204.81:443
5.188.34.87:443
51.79.177.23:443
54.151.200.128:443
64.176.50.30:443
64.176.51.12:443
64.176.83.46:443
65.20.69.6:443
65.20.70.52:443
65.20.78.204:443
65.20.78.223:443
65.20.79.14:443
65.20.79.156:443
65.20.84.44:443
66.42.49.65:443
67.43.228.18:443
67.43.228.19:443
67.43.228.20:443
67.43.228.21:443
67.43.228.22:443
67.43.234.149:443
67.43.234.150:443
8.209.255.168:443
8.213.131.120:443
8.218.156.56:443
8.219.191.81:443
8.222.220.3:443
8.222.243.185:443
88.218.192.22:443

# Reference: https://x.com/Tac_Mangusta/status/1828077441925157172
# Reference: https://www.virustotal.com/gui/file/3e8f51ec601e6e9c3aaafd3d156721fc85911544417d43f6b6c0b029a009c584/detection
# Reference: https://www.virustotal.com/gui/file/9ed37a790ed5d90511d5b88140e531d789357e6fd745efba6a1ec0d42f20aeec/detection

resource.infinityfreeapp.com

# Reference: https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort
# Reference: https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics

cloud.msapp.workers.dev
invasion-prisoners-inns-aging.trycloudflare.com
pants-graphs-optics-worse.trycloudflare.com
pubs.infinityfreeapp.com
recall-addressed-who-collector.trycloudflare.com
term-restore-satisfied-hence.trycloudflare.com
ways-sms-pmc-shareholders.trycloudflare.com
word.msapp.workers.dev

# Reference: https://asec.ahnlab.com/en/91166/

163.61.102.245:443

# Reference: https://hunt.io/blog/tracking-shadowpad-infrastructure-via-non-standard-certificates
# Reference: https://www.virustotal.com/gui/file/e9bb6609ffe43c5c9a1617818097568a7e873aa1499d9f5e05c2c6c5ac8cb962/detection

http://5.34.176.152
139.84.168.128:443
146.70.92.137:443
afsder.com
alpha-els.com
api.sourcedata.kuwannba.com
az.performed12.com
dsqueryonline.com
fadfar.com
foligni.it
google.org.im
img.shaduruanjian8.com
imiul.com
imjzo.com
installation77.com
kazakhtelecom.zzux.com
kkdiscover.com
kuwannba.com
kzb.performed12.com
m.shadurauanjian8.com
mails.foligni.it
micro.gay
microsoft.kiwi.nz
microsoft.performed12.com
mirco.supermirco.us
mircoo.supermirco.us
ns.supermirco.us
performed12.com
power.installation77.com
shaduranjian8.com
shadurauanjian8.com
shaduruanjian8.com
sourcedata.kuwannba.com
supermirco.us
time.afsder.com
time.kkdiscover.com
turkeylahainasunset.com
updata.dsqueryonline.com
updata.installation77.com
update.alpha-els.com
update.imiul.com
update.imjzo.com
update.kkdiscover.com
update.micro.gay
update.performed12.com

# Reference: https://blog.talosintelligence.com/knife-cutting-the-edge/
# Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2026/02/knife-cutting-the-edge.txt

ad.scgawj.com

# Reference: https://x.com/nahamike01/status/2020407834119487677
# BANNER_0_HASH-HOST=10ee48a49205990adfa53d95d5e0fb09
# BANNER_0_HASH-HOST=b75392bd391b31c247d903d9612ba280
# BANNER_0_HASH-HOST=ea4257da522d5f2ba53e59c39b380d5e
# BODY_SHA1-HOST=e760bb9ce1e83e274def380574509c7b9e9088ff
# BODY_SHA1-HOST=eff78801ee5c100ae6d785b1e18767dbbce9a7f3

139.84.139.117:443
149.104.104.76:443
149.28.145.214:443
154.205.133.142:443
154.205.145.180:443
217.69.1.147:443
38.54.42.48:443
38.54.50.10:443
45.32.242.67:443
45.63.52.128:443
45.76.157.118:443
45.77.176.85:443
45.77.255.25:443
64.176.50.187:443
64.176.65.222:443
65.20.75.136:443
95.179.254.241:443
64.176.35.214.sslip.io
cyberkaspersky.com
dasdasgoogle.com
dnssupportpc.com
easymicrosoft.com
getgooglecard.com
gmailnews.net
goldenclear.top
googleminigames.com
gxh191.top
helpwebmicrosoft.com
kasperskyprotect.com
kasperskysecure.com
mcafeeupdates.com
mezigom.com
microfastforbenden.com
microsoftonedrive.help
midtntoday.com
networkpach.com
quickmicrosoft.com
rtku.lat
sdbnasbnf.top
topmicrosoft.com
topmicrosoftmarketing.com
ufsllcdxb-ae.com
umbet.art
zitanlodge.com
bssllxqxqzyo.giize.com
en.earthen.io
ns1.dnssupportpc.com
ns2.dnssupportpc.com
smsvc.mooo.com
update.networkpach.com
vip.googleminigames.com
6ed123bf7c014f8597b97c1e88c9d7e1.ddns.gcloud.gg
intanschools.py628fxjlk-gok67gvk2652.p.temp-site.link

# Reference: https://app.validin.com/detail?find=https%3A%2F%2Fkaspersky.com%2Fads.txt&type=raw&ref_id=a73a038fe6c#tab=host_pairs (# 2025-02-09)

kasperskyguard.co
kasperskyguard.com
kasperskyshield.co
mesto-backtend-mp.nomoredomains.sbs
mesto-frontend-mp.nomoredomains.sbs

# Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2026-02-09)

http://103.85.252.170
http://104.238.135.232
http://139.84.210.208
http://155.138.162.190
http://155.138.194.141
http://185.22.152.183
http://185.238.189.41
http://193.200.16.184
http://207.148.37.85
http://45.129.3.220
http://45.77.153.108
http://46.17.41.246
http://46.29.163.163
http://70.34.203.0
1.92.101.250:8000
1.92.101.250:8001
1.92.101.250:8002
1.92.101.250:8003
1.92.101.250:8004
1.92.101.250:8005
1.92.101.250:8006
1.92.101.250:8007
1.92.107.96:8000
1.92.107.96:8001
1.92.107.96:8002
1.92.107.96:8003
1.92.107.96:8004
1.92.107.96:8005
1.92.107.96:8006
1.92.107.96:8007
1.92.148.235:8000
1.92.148.235:8001
1.92.148.235:8002
1.92.148.235:8003
1.92.148.235:8004
1.92.148.235:8005
1.92.148.235:8006
1.92.148.235:8007
1.92.72.199:8000
1.92.72.199:8001
1.92.72.199:8002
1.92.72.199:8003
1.92.72.199:8004
1.92.72.199:8005
1.92.72.199:8006
1.92.72.199:8007
1.92.98.22:8000
1.92.98.22:8001
1.92.98.22:8002
1.92.98.22:8003
1.92.98.22:8004
1.92.98.22:8005
1.92.98.22:8006
1.92.98.22:8007
1.94.101.136:8000
1.94.101.136:8002
1.94.101.136:8003
1.94.101.136:8004
1.94.101.136:8005
1.94.101.136:8006
1.94.101.136:8007
1.94.125.147:8000
1.94.125.147:8001
1.94.125.147:8002
1.94.125.147:8003
1.94.125.147:8004
1.94.125.147:8005
1.94.125.147:8006
1.94.125.147:8007
1.94.137.47:8000
1.94.137.47:8001
1.94.137.47:8002
1.94.137.47:8003
1.94.137.47:8004
1.94.137.47:8005
1.94.137.47:8006
1.94.137.47:8007
1.94.2.18:8000
1.94.2.18:8001
1.94.2.18:8002
1.94.2.18:8003
1.94.2.18:8004
1.94.2.18:8005
1.94.2.18:8006
1.94.2.18:8007
1.94.30.121:8000
1.94.30.121:8001
1.94.30.121:8002
1.94.30.121:8003
1.94.30.121:8004
1.94.30.121:8005
1.94.30.121:8006
1.94.30.121:8007
1.94.96.137:8000
1.94.96.137:8001
1.94.96.137:8002
1.94.96.137:8003
1.94.96.137:8004
1.94.96.137:8005
1.94.96.137:8007
103.27.111.247:443
103.82.143.13:56891
103.85.252.170:443
104.167.16.95:8080
108.181.121.150:8083
110.41.14.216:8000
110.41.14.216:8001
110.41.14.216:8002
110.41.14.216:8003
110.41.14.216:8004
110.41.14.216:8005
110.41.14.216:8006
110.41.14.216:8007
110.41.169.151:8000
110.41.169.151:8001
110.41.169.151:8002
110.41.169.151:8003
110.41.169.151:8004
110.41.169.151:8005
110.41.169.151:8006
110.41.169.151:8007
110.41.22.9:8000
110.41.22.9:8001
110.41.22.9:8002
110.41.22.9:8003
110.41.22.9:8004
110.41.22.9:8005
110.41.22.9:8006
110.41.22.9:8007
110.41.56.186:8000
110.41.56.186:8001
110.41.56.186:8002
110.41.56.186:8003
110.41.56.186:8004
110.41.56.186:8005
110.41.56.186:8006
110.41.56.186:8007
110.41.63.167:8000
110.41.63.167:8001
110.41.63.167:8002
110.41.63.167:8003
110.41.63.167:8004
110.41.63.167:8005
110.41.63.167:8006
110.41.63.167:8007
112.26.72.6:8002
112.27.239.72:8002
112.27.239.72:8012
112.27.239.72:8032
112.30.118.6:8002
117.133.132.134:8002
117.133.132.135:8002
117.48.148.58:6951
119.3.251.25:8000
119.3.251.25:8001
119.3.251.25:8002
119.3.251.25:8003
119.3.251.25:8004
119.3.251.25:8005
119.3.251.25:8006
119.3.251.25:8007
120.46.221.103:8000
120.46.221.103:8001
120.46.221.103:8002
120.46.221.103:8003
120.46.221.103:8004
120.46.221.103:8005
120.46.221.103:8006
120.46.221.103:8007
120.46.76.213:8000
120.46.76.213:8001
120.46.76.213:8002
120.46.76.213:8003
120.46.76.213:8004
120.46.76.213:8005
120.46.76.213:8006
120.46.76.213:8007
120.46.93.223:8000
120.46.93.223:8001
120.46.93.223:8002
120.46.93.223:8003
120.46.93.223:8004
120.46.93.223:8005
120.46.93.223:8006
120.46.93.223:8007
121.36.196.101:8000
121.36.196.101:8001
121.36.196.101:8002
121.36.196.101:8003
121.36.196.101:8005
121.36.196.101:8006
121.36.196.101:8007
121.37.172.191:8000
121.37.172.191:8001
121.37.172.191:8002
121.37.172.191:8003
121.37.172.191:8004
121.37.172.191:8005
121.37.172.191:8006
121.37.172.191:8007
121.37.184.225:8000
121.37.184.225:8001
121.37.184.225:8002
121.37.184.225:8003
121.37.184.225:8004
121.37.184.225:8005
121.37.184.225:8006
121.37.184.225:8007
121.37.241.33:8000
121.37.241.33:8001
121.37.241.33:8002
121.37.241.33:8003
121.37.241.33:8004
121.37.241.33:8005
121.37.241.33:8006
121.37.241.33:8007
121.37.42.92:8000
121.37.42.92:8001
121.37.42.92:8002
121.37.42.92:8003
121.37.42.92:8004
121.37.42.92:8005
121.37.42.92:8006
121.37.42.92:8007
121.9.235.74:38002
123.249.11.137:8000
123.249.11.137:8001
123.249.11.137:8002
123.249.11.137:8003
123.249.11.137:8004
123.249.11.137:8005
123.249.11.137:8006
123.249.11.137:8007
123.249.83.110:8000
123.249.83.110:8001
123.249.83.110:8002
123.249.83.110:8003
123.249.83.110:8004
123.249.83.110:8005
123.249.83.110:8006
123.249.83.110:8007
123.60.109.41:8000
123.60.109.41:8001
123.60.109.41:8002
123.60.109.41:8003
123.60.109.41:8004
123.60.109.41:8005
123.60.109.41:8006
123.60.109.41:8007
123.60.12.240:8000
123.60.12.240:8001
123.60.12.240:8002
123.60.12.240:8003
123.60.12.240:8004
123.60.12.240:8005
123.60.12.240:8006
123.60.12.240:8007
123.60.12.89:8000
123.60.12.89:8002
123.60.57.205:8000
123.60.57.205:8001
123.60.57.205:8002
123.60.57.205:8003
123.60.57.205:8004
123.60.57.205:8005
123.60.57.205:8006
123.60.57.205:8007
123.60.87.106:8000
123.60.87.106:8001
123.60.87.106:8002
123.60.87.106:8004
123.60.87.106:8005
123.60.87.106:8006
123.60.87.106:8007
124.70.144.172:8000
124.70.144.172:8001
124.70.144.172:8002
124.70.144.172:8003
124.70.144.172:8004
124.70.144.172:8005
124.70.144.172:8006
124.70.144.172:8007
124.70.159.31:8000
124.70.159.31:8001
124.70.159.31:8002
124.70.159.31:8003
124.70.159.31:8004
124.70.159.31:8005
124.70.159.31:8006
124.70.159.31:8007
124.70.183.141:8000
124.70.183.141:8001
124.70.183.141:8002
124.70.183.141:8004
124.70.183.141:8005
124.70.183.141:8006
124.70.183.141:8007
124.70.211.119:8000
124.70.211.119:8001
124.70.211.119:8002
124.70.211.119:8003
124.70.211.119:8004
124.70.211.119:8005
124.70.211.119:8006
124.70.211.119:8007
124.70.24.54:8000
124.70.24.54:8001
124.70.24.54:8002
124.70.24.54:8003
124.70.24.54:8004
124.70.24.54:8005
124.70.24.54:8006
124.70.24.54:8007
124.70.25.220:8000
124.70.25.220:8001
124.70.25.220:8002
124.70.25.220:8003
124.70.25.220:8004
124.70.25.220:8005
124.70.25.220:8006
124.70.25.220:8007
124.70.6.168:8000
124.70.6.168:8001
124.70.6.168:8002
124.70.6.168:8003
124.70.6.168:8004
124.70.6.168:8005
124.70.6.168:8006
124.70.6.168:8007
124.71.106.171:8000
124.71.106.171:8001
124.71.106.171:8002
124.71.106.171:8003
124.71.106.171:8004
124.71.106.171:8005
124.71.106.171:8006
124.71.106.171:8007
124.71.110.242:8000
124.71.110.242:8001
124.71.110.242:8002
124.71.110.242:8003
124.71.110.242:8004
124.71.110.242:8005
124.71.110.242:8006
124.71.110.242:8007
124.71.183.120:8000
124.71.183.120:8001
124.71.183.120:8002
124.71.183.120:8003
124.71.183.120:8004
124.71.183.120:8005
124.71.183.120:8006
124.71.183.120:8007
124.71.219.161:8000
124.71.219.161:8001
124.71.219.161:8002
124.71.219.161:8003
124.71.219.161:8004
124.71.219.161:8005
124.71.219.161:8006
124.71.219.161:8007
124.71.40.146:8000
124.71.40.146:8001
124.71.40.146:8002
124.71.40.146:8003
124.71.40.146:8004
124.71.40.146:8005
124.71.40.146:8006
124.71.40.146:8007
124.71.46.172:8000
124.71.46.172:8001
124.71.46.172:8002
124.71.46.172:8003
124.71.46.172:8004
124.71.46.172:8005
124.71.46.172:8006
124.71.46.172:8007
124.71.59.199:8000
124.71.59.199:8001
124.71.59.199:8002
124.71.59.199:8003
124.71.59.199:8004
124.71.59.199:8005
124.71.59.199:8006
124.71.59.199:8007
124.71.68.111:8000
124.71.68.111:8001
124.71.68.111:8002
124.71.68.111:8003
124.71.68.111:8004
124.71.68.111:8005
124.71.68.111:8006
124.71.68.111:8007
124.71.82.204:8000
124.71.82.204:8001
124.71.82.204:8002
124.71.82.204:8003
124.71.82.204:8004
124.71.82.204:8005
124.71.82.204:8006
124.71.82.204:8007
13.115.238.220:443
134.185.92.226:8083
136.244.113.131:443
139.159.134.211:8000
139.159.134.211:8001
139.159.134.211:8002
139.159.134.211:8003
139.159.134.211:8004
139.159.134.211:8005
139.159.134.211:8006
139.159.134.211:8007
139.159.144.152:8000
139.159.144.152:8001
139.159.144.152:8002
139.159.144.152:8003
139.159.144.152:8004
139.159.144.152:8005
139.159.144.152:8006
139.159.144.152:8007
139.159.236.31:8000
139.159.236.31:8001
139.159.236.31:8002
139.159.236.31:8003
139.159.236.31:8004
139.159.236.31:8005
139.159.236.31:8006
139.159.236.31:8007
139.84.142.99:443
139.84.164.174:443
139.84.164.242:443
139.84.210.208:443
139.84.210.208:53
139.9.104.90:8000
139.9.104.90:8001
139.9.104.90:8002
139.9.104.90:8003
139.9.104.90:8004
139.9.104.90:8005
139.9.104.90:8006
139.9.104.90:8007
139.9.112.179:8000
139.9.112.179:8001
139.9.112.179:8002
139.9.112.179:8003
139.9.112.179:8004
139.9.112.179:8005
139.9.112.179:8006
139.9.112.179:8007
139.9.178.8:8000
139.9.178.8:8001
139.9.178.8:8002
139.9.178.8:8003
139.9.178.8:8004
139.9.178.8:8005
139.9.178.8:8006
139.9.178.8:8007
139.9.202.119:8000
139.9.202.119:8001
139.9.202.119:8002
139.9.202.119:8003
139.9.202.119:8004
139.9.202.119:8005
139.9.202.119:8006
139.9.202.119:8007
139.9.54.20:8000
139.9.54.20:8001
139.9.54.20:8002
139.9.54.20:8003
139.9.54.20:8004
139.9.54.20:8005
139.9.54.20:8006
139.9.54.20:8007
14.17.95.174:22000
141.164.42.5:443
149.28.78.189:42306
152.67.14.88:8083
154.205.139.12:443
154.90.63.250:443
155.138.162.190:8080
155.138.194.141:8080
155.248.216.246:8083
158.247.192.122:443
16.163.161.107:443
16.163.161.107:53
18.189.135.166:8083
192.121.162.90:443
192.124.176.43:443
194.15.112.204:443
195.133.5.224:443
20.42.105.243:8083
207.148.37.85:443
207.148.37.86:443
207.148.37.87:443
207.148.97.65:443
220.248.242.6:8002
220.248.253.6:8002
27.44.125.99:22000
27.44.204.122:22000
27.44.204.122:22001
27.44.204.122:22002
27.44.204.122:22003
27.44.204.122:22005
27.44.204.122:22007
27.44.204.126:22000
27.44.204.126:22001
27.44.204.126:22002
27.44.204.126:22003
27.44.204.126:22005
27.44.204.126:22007
27.44.204.13:22001
27.44.204.141:22000
27.44.204.141:22001
27.44.204.141:22002
27.44.204.141:22003
27.44.204.141:22005
27.44.204.141:22007
27.44.204.144:22001
27.44.204.147:22000
27.44.204.147:22001
27.44.204.147:22002
27.44.204.147:22003
27.44.204.147:22005
27.44.204.147:22007
27.44.204.159:22000
27.44.204.159:22001
27.44.204.159:22002
27.44.204.159:22003
27.44.204.159:22005
27.44.204.159:22007
27.44.204.160:22000
27.44.204.160:22001
27.44.204.160:22002
27.44.204.160:22003
27.44.204.160:22005
27.44.204.160:22007
27.44.204.167:22000
27.44.204.167:22001
27.44.204.167:22002
27.44.204.167:22005
27.44.204.167:22007
27.44.204.173:22000
27.44.204.173:22001
27.44.204.173:22002
27.44.204.173:22003
27.44.204.173:22005
27.44.204.173:22007
27.44.204.174:22000
27.44.204.174:22001
27.44.204.174:22002
27.44.204.174:22003
27.44.204.174:22005
27.44.204.174:22007
27.44.204.185:22000
27.44.204.185:22001
27.44.204.185:22002
27.44.204.185:22003
27.44.204.185:22005
27.44.204.185:22007
27.44.204.188:22000
27.44.204.188:22001
27.44.204.188:22002
27.44.204.188:22003
27.44.204.188:22005
27.44.204.188:22007
27.44.204.194:22000
27.44.204.194:22001
27.44.204.194:22002
27.44.204.194:22003
27.44.204.194:22005
27.44.204.194:22007
27.44.204.216:22000
27.44.204.216:22001
27.44.204.216:22002
27.44.204.216:22003
27.44.204.216:22005
27.44.204.216:22007
27.44.204.219:22002
27.44.204.219:22005
27.44.204.229:22001
27.44.204.229:22003
27.44.204.233:22000
27.44.204.233:22003
27.44.204.233:22005
27.44.204.233:22007
27.44.204.238:22000
27.44.204.238:22001
27.44.204.238:22002
27.44.204.238:22005
27.44.204.239:22000
27.44.204.239:22001
27.44.204.239:22002
27.44.204.239:22003
27.44.204.239:22005
27.44.204.239:22007
27.44.204.254:22000
27.44.204.254:22001
27.44.204.254:22002
27.44.204.254:22003
27.44.204.254:22005
27.44.204.254:22007
27.44.204.28:22000
27.44.204.28:22001
27.44.204.28:22002
27.44.204.28:22003
27.44.204.28:22004
27.44.204.28:22005
27.44.204.28:22007
27.44.204.52:22000
27.44.204.52:22001
27.44.204.52:22002
27.44.204.52:22003
27.44.204.52:22005
27.44.204.52:22007
27.44.204.55:22000
27.44.204.55:22001
27.44.204.55:22002
27.44.204.55:22003
27.44.204.55:22005
27.44.204.55:22007
27.44.204.61:22000
27.44.204.61:22001
27.44.204.61:22002
27.44.204.61:22003
27.44.204.61:22005
27.44.204.61:22007
27.44.204.68:22000
27.44.204.68:22001
27.44.204.68:22002
27.44.204.68:22003
27.44.204.68:22005
27.44.204.68:22007
27.44.204.76:22000
27.44.204.76:22001
27.44.204.76:22002
27.44.204.76:22003
27.44.204.76:22005
27.44.204.76:22007
27.44.204.85:22000
27.44.204.85:22001
27.44.204.85:22002
27.44.204.85:22003
27.44.204.85:22005
27.44.204.85:22007
27.44.204.86:22000
27.44.204.86:22001
27.44.204.86:22002
27.44.204.96:22000
27.44.204.96:22001
38.54.17.232:443
38.54.17.232:53
38.54.29.25:443
38.54.42.48:15000
38.54.79.170:443
38.54.79.249:443
38.60.199.60:443
38.60.208.184:443
38.60.250.74:8443
43.138.154.208:4430
43.246.208.207:8080
45.61.136.97:443
45.77.153.108:443
45.77.170.149:443
45.77.33.202:443
45.77.47.239:443
47.242.0.122:53
5.188.190.252:443
5.252.178.185:8080
51.195.209.197:8083
51.68.204.240:8083
52.194.253.134:443
54.160.16.115:8083
60.204.158.219:8000
60.204.158.219:8001
60.204.158.219:8002
60.204.158.219:8003
60.204.158.219:8004
60.204.158.219:8005
60.204.158.219:8006
60.204.158.219:8007
60.204.227.172:8000
60.204.227.172:8001
60.204.227.172:8002
60.204.227.172:8003
60.204.227.172:8004
60.204.227.172:8005
60.204.227.172:8006
60.204.227.172:8007
60.204.240.204:8000
60.204.240.204:8001
60.204.240.204:8002
60.204.240.204:8003
60.204.240.204:8004
60.204.240.204:8005
60.204.240.204:8006
60.204.240.204:8007
60.204.250.241:8000
60.204.250.241:8001
60.204.250.241:8002
60.204.250.241:8003
60.204.250.241:8004
60.204.250.241:8005
60.204.250.241:8006
60.204.250.241:8007
60.204.251.134:8000
60.204.251.134:8001
60.204.251.134:8002
60.204.251.134:8003
60.204.251.134:8004
60.204.251.134:8005
60.204.251.134:8006
60.204.251.134:8007
64.176.229.94:8443
64.176.35.214:443
64.176.50.187:8443
64.176.96.141:443
78.141.221.31:443
8.218.244.117:53
80.225.209.211:8083
89.106.207.114:443
app30.hema129.com
app40.hema129.com
bganmcza.top
channels.openvista.ma
cnt9.stayout.life
commandidate.directory
ec2-16-163-161-107.ap-east-1.compute.amazonaws.com
fervent-curran.45-77-153-108.plesk.page
gallant-pike.45-77-153-108.plesk.page
grxcmoyh.top
infallible-tereshkova.199-247-22-187.plesk.page
ip-89-38-128-94-106854.vps.hosted-by-mvps.net
jqvmwznu.top
laodocument.com
maxdesigns.top
mgm4adminsi.com
mhgxpcgd.top
patch.updatesapi.com
riwmztda.top
smivsugd.top
sv3.xxyybb.xyz
wait.imiul.com
xeaefryx.top
xvaxzoac.top
xxyybb.xyz
