# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: blackwidow, lactrodectus, unidentified111

# Reference: https://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_111
# Reference: https://threatfox.abuse.ch/browse/tag/Latrodectus/

146.19.143.113:443
151.236.9.226:443
185.106.102.82:443
185.123.53.150:443
185.123.53.208:443
185.36.143.155:443
185.99.133.228:443
185.99.133.77:443
193.168.141.104:443
193.168.141.27:443
193.168.143.133:443
194.110.247.73:443
213.232.235.220:443
45.129.199.163:443
45.129.199.165:443
45.129.199.23:443
45.155.120.130:443
45.155.121.157:443
45.155.121.203:443
45.59.118.118:443
5.101.44.49:443
5.181.202.164:443
5.230.41.133:443
5.230.42.207:443
5.230.68.180:443
5.230.74.51:443
5.231.0.38:443
5.231.1.213:443
5.255.113.34:443
5.255.113.36:443
5.255.116.158:443
5.255.126.243:443
85.239.34.138:443
85.239.34.69:443
91.235.234.194:443
antyparkov.site
saicetyapy.space
stratimasesstr.com
winarkamaps.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-02-13%20Latrodectus%20IOCs

45.140.146.156:445

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_11.03.2024.txt

drifajizo.fun
durete.org
ginzbargatey.tech
minndarespo.icu
popfealt.one
qyjifia.org
scifimond.com

# Reference: https://www.virustotal.com/gui/ip-address/193.106.174.218/relations
# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_22.03.2024.txt

advancedtherapyservice.com
agaishop.org
bezizeo9.org
cabobao3.org
cajameu.org
carstop01.org
cemiwyi7.org
cuxu.org
defifya.org
deqytuu9.org
divajoa.org
drenlick.org
duwacua.org
dydxl.org
esitlow.org
etherfi.club
fazadoe.org
femuseu.org
fokeqi.org
fuwer.org
ganstaeraop.shop
gejyg.org
gihibml.org
gilasau.org
globalwam.org
gmsmwil.org
gotuqoa.org
grunzalom.fun
gyjyhyo8.org
hejoweo.org
hesekiu8.org
hofaty.org
hoqociy.org
horaot.org
hycoworldwide.info
intellipowerinc.com
jesebyy.org
jiwypiy9.org
junat.org
kaqan.org
kasnackamarch.info
lacejuy.org
lajuqao.org
lecexuo1.org
lmfpbpm.org
lufyfeo.org
lugotye1.org
luhuhu.org
lykireo.org
lyzupoy.org
malew.org
mapamui0.org
maramaravilha.com
marypopkinz.com
melon-type.org
mihalee.org
mimerou.org
mmtixmm.org
moxiroo.org
mypusau.org
nefolai.org
nevujo.org
niceburlat.me
niryjee1.org
nurunia.org
pabybiy6.org
pegumay.org
pisuxy.org
poxof.org
ppmpqii.org
pubmass.info
pubonao.org
pucak.org
pydypu.org
pykuhae.org
qazoryy.org
qehykyo.org
qeqady.org
qoroh.org
quwezui.org
qykusee.org
riwesi.org
roofsting.org
sabehey.org
sibunyu.org
simanay.org
sokingscrosshotel.com
somajea.org
sudukio5.org
sumorio6.org
sumuta.org
suzabyu.org
sytukoe8.org
tapyjya.org
ticava.org
tipenuu.org
tirymui5.org
titnovacrion.top
tyjexau.org
tyxoxoy.org
u41sal.org
vajosoo.org
venilios.org
vizewye.org
vlbmqpm.org
vopytei.org
vpdpkli.org
wabycui5.org
web3rse.com
wireoneinternet.info
wpmlvii.org
wygupua.org
xacygo.org
xirygiy.org
xmgpsmi.org
xufybyo.org
xuhyjoe5.org
zefecaa6.org
zefos.org
zehowyy.org
zixirml.org
zuwagie6.org

# Reference: https://twitter.com/1ZRR4H/status/1772973076172460383
# Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations

skinnyjeanso.com

# Reference: https://twitter.com/IronNetTR/status/1776321136751485019

http://45.140.146.156
http://45.95.11.134
45.140.146.156:445
45.95.11.134:445

# Reference: https://twitter.com/karol_paciorek/status/1780582512596566337

http://45.95.11.217
45.95.11.217:445

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_25.04.2024.txt

http://45.95.11.217
188.40.202.44:20000
grizmotras.com
pewwhranet.com
wrankaget.site

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_26.04.2024.txt
# Reference: https://www.virustotal.com/gui/file/4cf2b612939359977df51a32d2f63e2cb0c6c601e114b8e4812bd548d1db85fe/detection
# Reference: https://www.virustotal.com/gui/file/4e7ac0bdb516e983b3cab7f79850d8102d2bf4117bb343b68d0da73780cceb1a/detection

http://146.19.106.236
188.40.201.16:10000
jarinamaers.shop
startmast.shop

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_29.04.2024.txt

http://185.219.220.149
144.76.231.240:10000
dimozti1.org

# Reference: https://twitter.com/akaclandestine/status/1786019075077910874
# Reference: https://www.virustotal.com/gui/ip-address/193.106.174.210/relations

1206jeans.com
adaletli.org
adzacrwlv5.org
akalindaslo.org
arrivingback.org
atqawa.org
bagkfao.org
bakrgmb.org
bestfiveweb.com
bewildering.org
blanketed.org
boldenslawncare.com
bwbmmwihost.org
cabalra.org
camera-optic.org
cardetailingshop.org
cataloguing.org
cazathusly.org
chei-krim.cc
classifiedtext.org
cojlbob.org
confabulation.org
coverstill.org
crdektvlab.org
cris-melodian.org
ctzedtlvd.org
danteshpk.com
dbxeqab.org
defllanna.com
discompose.org
drenlournase.com
driver-schedule.uk
e2gm.com
ellwtwlwa.org
entertainmenttron.org
ere-home.org
extranet-admin.com
extranetmanage.com
fagrzra.org
flfmxbm.org
fuligua.org
gazzkkznews.org
gebbcal.org
howsoever.org
hrlsgvir.org
hubswsu.org
hyundaitmvbbla1.org
incmediapress.org
interiourbydennis.com
jafoplt.org
jokso.org
jurofye.org
kimwap.org
korajla.org
kosukeshimura.com
kozmmkk.org
krd6.com
kungplfotao.org
labljas.org
lapaxmm.org
lazadrs.org
letsfpl.com
ljvnzal.org
lldbkar3.org
lvm514.com
malrgtrong.org
martialartshistory.org
mayanui.com
mebumau.org
meta-duocontacts.com
mexicos.in
mlzanrv2ii.org
mmqsrsl.org
mmsmvnm.org
mnsmsla.org
mvcpjotop.org
necrtlr4.org
nlqbgkl5.org
non-cryptographic.org
nppfsptpf0.org
osamcaf.org
paramountdubaihotels.com
paramounthotesldubaiae.com
personalsp.com
psix6pn.top
pytvzix.org
qbra7.com
qogmjlm.org
qsopdo.org
raydiumv.com
raydllumv.com
reauthorize.org
reredrb5.org
sapalb.org
sidipidi-child.org
simplyfitphilly.com
sizeloberslip.org
slock-download-us.org
slrehaa.org
sobopnm.org
soevirg3.org
suitablestandartcomfromdom.org
t77gp.com
tha285.com
tkcovmk.org
tlvanao.org
toryfya.org
tovkrro.org
turbotux-download.org
unanswerable.org
unmarred.org
unobtrusively.org
unpeopled.org
uq4oo4.personalsp.com
user-cancel-request.com
usprivatemoneylender.com
verifypersonal.online
vidiato.net
vnfmnmo.org
vrlanus.org
vyn7.com
wacallo.org
warriortechniques.org
wgf692.com
z5sg.com
zagmwla.org
zaimbel.site
zaplslm5w.org
zoom-usa.org
ztdltmk.org

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_09.05.2024.txt

illoskanawer.com
workspacin.cloud

# Reference: https://www.elastic.co/security-labs/spring-cleaning-with-latrodectus
# Reference: https://www.virustotal.com/gui/file/aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c/detection

aytobusesre.com

# Reference: https://x.com/SBousseaden/status/1792896014090682544

altynbe.com
boriz400.com
ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io
uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io

# Reference: https://threatfox.abuse.ch/browse/malware/win.unidentified_111/ (# 2024-06-22)

http://91.194.11.64
104.129.20.167:443
104.129.20.71:443
104.129.20.98:443
104.129.21.231:443
104.129.21.246:443
104.129.21.52:443
104.36.229.104:443
104.36.229.16:443
116.202.14.187:443
146.19.143.134:443
146.19.143.84:443
162.19.135.156:443
176.123.1.221:443
176.124.32.55:443
184.174.96.179:443
185.164.163.79:443
185.73.125.157:443
185.73.125.7:443
185.93.221.101:443
185.93.221.108:443
185.93.221.118:443
190.211.254.153:443
190.211.254.187:443
192.153.57.136:443
192.236.160.230:443
193.168.141.153:443
193.168.141.62:443
193.168.141.64:443
193.168.143.169:443
193.168.143.173:443
193.168.143.17:443
194.26.141.31:443
198.244.224.83:443
213.139.205.137:443
38.114.102.6:443
45.129.199.127:443
45.129.199.246:443
45.86.86.29:443
46.249.58.101:443
5.230.34.68:443
5.230.45.229:443
5.230.54.39:443
5.255.108.187:443
5.255.108.56:443
5.255.113.173:443
5.255.115.172:443
5.255.116.222:443
5.255.117.240:443
5.255.117.46:443
5.255.123.240:443
5.42.221.10:443
64.227.147.74:443
64.7.198.158:443
66.63.188.141:443
66.63.188.21:443
66.63.189.102:443
74.119.193.200:443
77.83.196.180:443
83.147.17.46:443
85.239.33.247:443
85.239.33.54:443
85.239.61.165:443
87.251.67.74:443
87.251.67.95:443
91.149.219.102:443
91.194.11.183:443
91.235.234.121:443
91.235.234.149:443
91.235.234.195:443
91.242.163.63:443
92.249.48.43:443
92.249.48.6:443
94.232.41.106:443
94.232.46.11:443
95.164.68.73:443
anikvan.com
aplihartom.com
drendormedia.com
fasestarkalim.com
frotneels.shop
ganowernis.com
ggrastyal.live
goalcempiz.com
grebiunti.top
jertacco.com
kalopvard.com
kokcheez.website
kokmausrest.online
krestaop.com
lastaflirtely.me
lettecoft.com
loolsena.shop
lustrafeel.com
mastgonzo.com
pirkomagar.com
postolwepok.tech
pumcarcheto.red
qaliharsit.tech
riscoarchez.com
sluitionsbad.tech
trasenanoyr.best
ultroawest.com
wikistarhmania.com
zumkoshapsret.com

# Reference: https://x.com/Threatlabz/status/1804918852528357791
# Reference: https://x.com/1ZRR4H/status/1804959121596158388

http://193.32.177.192
http://85.208.108.63
manclinoste.website
prufkespotr.com
shopboksret.com
tristgodfert.com

# Reference: https://x.com/Threatlabz/status/1805268196989243406

filomeranta.com

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-25-IOCs-from-Latrodectus-activity.txt

barsman.biz
bibidj.biz
finjuiceer.com
garunt.biz
meakdgahup.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.lactrodectus/ (# 2024-08-11)

103.117.141.168:443
103.117.141.59:443
103.117.141.96:443
104.168.135.67:443
141.94.122.24:443
151.236.9.25:443
166.1.22.133:443
167.114.90.208:443
172.96.137.155:443
176.31.29.67:443
179.43.141.216:443
184.174.96.80:443
185.196.11.114:443
185.196.11.28:443
185.208.158.218:443
185.73.124.47:443
185.81.114.243:443
190.211.254.112:443
190.211.254.176:443
193.138.195.41:443
193.42.36.60:443
213.139.205.162:443
217.195.153.167:443
217.195.153.181:443
217.195.153.204:443
23.227.202.187:443
23.227.203.161:443
23.254.201.238:443
23.254.230.8:443
45.143.166.161:443
45.143.166.190:443
45.143.166.66:443
45.143.166.85:443
45.143.166.95:443
46.105.141.52:443
5.149.248.166:443
5.181.159.53:443
5.255.101.33:443
5.8.47.86:443
51.91.35.153:443
62.106.66.243:443
62.106.66.46:443
84.32.41.225:443
84.32.41.24:443
87.121.61.37:443
87.121.61.48:443
87.251.67.218:443
89.150.57.186:443
91.193.18.185:443
91.242.163.172:443
94.158.244.32:443
94.232.41.95:443
94.232.46.205:443
godfaetret.com
spikeliftall.com

# Reference: https://x.com/vmray/status/1823762654156018020
# Reference: https://www.vmray.com/analyses/_vt/5cecb26a3f33/report/network.html
# Reference: https://www.virustotal.com/gui/file/5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8/detection

agrahusrat.com
minrezviko.com

# Reference: https://hunt.io/blog/latrodectus-malware-masquerades-as-ahnlab-security-software-to-infect-victims

103.144.139.189:443
coolarition.com
stripplasst.com
worlpquano.com

# Reference: https://x.com/karol_paciorek/status/1829447674623410387
# Reference: https://app.validin.com/detail?find=lokodoko.zip&type=dom&ref_id=4ce06dee5c3#tab=host_pairs_v2

/lokodoko.zip

# Reference: https://threatfox.abuse.ch/browse/malware/win.lactrodectus/ (# 2024-09-09)

104.168.165.91:443
179.43.134.189:443
185.196.10.151:443
194.14.208.217:443
213.139.205.246:443
45.143.166.23:443
51.161.207.175:443
87.251.67.228:443
peronikilinfer.com
restoreviner.com

# Reference: https://x.com/k3dg3/status/1834322310557282727
# Reference: https://tria.ge/240912-yvd1zasanm/behavioral1
# Reference: https://www.virustotal.com/gui/file/e7fc51310e3318c7220b4373e81d42357e9e6c073bb87d1a18e88ac81a6b4587/detection
# Reference: https://www.virustotal.com/gui/file/b54fa96edd93e7a1c4def6962829ebff010c3195068ab3d97472fd335cef169b/detection
# Reference: https://www.virustotal.com/gui/file/19e02dd879498330e06612f53d1d2a887aea7548a992eda7336d4ee8dc346cdd/detection
# Reference: https://www.virustotal.com/gui/file/0c281abf4ce958882aad9f7a63b90d9ba8a4d892c51a2b36414d6c002294a081/detection

http://193.203.203.40
isomicrotich.com
rilomenifis.com

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_18.09.2024.txt
# Reference: https://www.virustotal.com/gui/file/1b9e17bfbd292075956cc2006983f91e17aed94ebbb0fb370bf83d23b14289fa/detection
# Reference: https://www.virustotal.com/gui/file/5c7a3bd2baa8303354d8098b8d5961f111e467002bb0c6fee120825b32798228/detection

193.124.185.116:8041
193.124.185.117:8041
92.118.112.130:8041
bazarunet.com
greshunka.com
tiguanin.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.latrodectus/ (# 2024-09-24)

klemanzino.net
krinzhodom.com
leroboy.com
mazinom.com

# Reference: https://x.com/albertzsigovits/status/1839037992293503120
# Reference: https://www.joesandbox.com/analysis/1518616#iocs

finilamedima.com
pomaspoteraka.com

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_03.10.2024.txt

opewolumeras.com

# Reference: https://www.virustotal.com/gui/file/3b86c9516bd5d57758ab976e32af2d7873d7ad0b0e063a49ee13c168f2c1e980/detection

http://194.54.156.91
185.106.92.54:8041
82.115.223.39:8041
82.115.223.40:8041

# Reference: https://blog.eclecticiq.com/inside-intelligence-center-lunar-spider-enabling-ransomware-attacks-on-financial-sector-with-brute-ratel-c4-and-latrodectus

http://188.119.113.152
http://45.14.244.124
eniloramesta.com

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_19.11.2024.txt

bestmarsgood.com
cerwintifed.com
reateberam.com

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_02.12.2024.txt
# Reference: https://www.virustotal.com/gui/file/658b8c47d7193c7c31a2540b2f54fcdfb9298d8346a4ad3be7e684ef946f57a5/detection

asrcloudonline.sbs
dogirafer.com

# Reference: https://github.com/pr0xylife/Latrodectus/blob/main/Latrodectus_17.12.2024.txt
# Reference: https://www.virustotal.com/gui/file/bfa5a8096421376038689c94a1bdd758b422f4b0fda06dbb3bf373bd30b1086f/detection

cloudlsk.sbs
proliforetka.com
syncme.life
aureonline.cloudlsk.sbs

# Reference: https://x.com/smica83/status/1884533319926259752
# Reference: https://bazaar.abuse.ch/sample/adf05622d174be0d74cf9a19fb33b6c3bc0491dd32b71693487d0f1c36f14388/
# Reference: https://tria.ge/250129-lbwqfstpcz/behavioral1

piloferstaf.com
ypredoninen.com

# Reference: https://x.com/smica83/status/1885323270318117083
# Reference: https://tria.ge/250131-qz8r5syqgr

vivaforevew.com
wersogkiwgow.com

# Reference: https://x.com/malwrhunterteam/status/1887476274852987197
# Reference: https://tria.ge/250206-qxf94syjgr
# Reference: https://www.virustotal.com/gui/file/e6cd0dde6cacb65177d316907059d883933ec7033cd2b913af577fee1f1d07ed/detection

apworsindos.com
reminasolirol.com

# Reference: https://x.com/MsftSecIntel/status/1903174779856883903

forefilarem.com
horetimodual.com

# Reference: https://x.com/malwrhunterteam/status/1910012632007946659
# Reference: https://www.virustotal.com/gui/file/3ebab9121aef087c075e8f79e67473c39331943e650f55dc11da764bf1cd1b23/detection

porelinofigoventa.com
rofleratom.com

# Reference: https://x.com/malwrhunterteam/status/1912430590453825922
# Reference: https://www.virustotal.com/gui/file/aef5c150cfe8154ed290b293e30d552cfb9b40b3552369345c7c2f135b63aac4/detection

architrata.com
carflotyup.com
cesf.live

# Reference: https://x.com/malwrhunterteam/status/1921142763350860149
# Reference: https://www.virustotal.com/gui/file/5f84809a778841f1dc64bc43d6bb1a822d6aa04a3ae65c5f9ad31a7fcb2cbca9/detection

daringdesigners.com
topguningit.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.latrodectus/ (# 2025-05-11)

castpshost.com
digitalflwr.com
dpard.live
formenista.com
fvlc.live
fyyl.live
grazafnulp.com
intellisense.live
lofiramegi.com
p.dpard.live
pikchestop.com
reidenhetic.com
remustarofilac.com
tolefarma.com
trapgnistro.com
trymeakafr.com
tynifinilam.com
ugive.live
umatblog.top
xiolewarentiom.com

# Reference: https://x.com/wbmmfq/status/1928511287874445724

higtwebgenis.com
safewithusres.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.latrodectus/ (# 2025-06-15)

domtrst455.com
dqrdbv.com
pros0512.com
prot12-05.com
valifoprofsto.com
visafropik.com

# Reference: https://x.com/SquiblydooBlog/status/1942538885717975430
# Reference: https://www.virustotal.com/gui/file/b97cd404ceab09bdd92003599566d946cead1d5d5dba528327821fe4f18108ec/detection

aliondrifdions.com
gorahripliys.com

# Reference: https://x.com/vmray/status/1943638986255147103
# Reference: https://www.vmray.com/analyses/Latrodectus-version-2-2-Whenasked/report/network.html
# Reference: https://www.virustotal.com/gui/file/5ec37444f9ead97f89b74b0b0ee6707bd67a61cb1ad1aa7f5ba85613b722cf4a/detection

iondrivinos34.com
rolkdsgwasagt.com

# Reference: https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/

btco.live
byjs.live
decr.live
diab.live
heyues.live
izan.live
lexip.live
mailam.live
mhbr.live
netluc.live
rimz.live
veuwb.live
webbs.live
k.mailam.live
k.veuwb.live
r.netluc.live

# Reference: https://x.com/ShadowOpCode/status/1966144101289701608
# Reference: https://www.virustotal.com/gui/ip-address/178.16.54.218/relations
# Reference: https://app.any.run/tasks/15f308f6-e74b-4258-a66e-b3293a10955e

sigdalokanolkas.com

# Reference: https://x.com/FarghlyMal/status/1971166552054772071
# Reference: https://www.virustotal.com/gui/file/dc25dd8cc1ce53da33777c82b6acfb820ede522e894093386349538e0b58d86c/detection

daestfestifalkrlon.com
mbkes.com

# Reference: https://x.com/1ZRR4H/status/1971300450537222596

adsqwiolkuerkom.com
alfryudabikuta.com
asakusubinitohas.com
basokilometrsdo.com
blaksdioklery.com
darklousdirupas.com
dasrilkosdirosado.com
djkloyfarelbister.com
dlinofinopasster.com
dorevilokpadjghs.com
doskaevriakjoilo.com
fadoklismokley.com
faryshopkleyskipi.com
fikysandroisder.com
ganstopliomalifas.com
gasrobariokley.com
hdflksgreklams.com
jojikloertoys.com
kasldericoname.com
kutakdokliurio.com
kwestgidokudiojek.com
kwjfalvalkloun.com
laghuirtinosdek.com
lalasisifuryglap.com
lilikutliputsdf.com
lounfaslkijsdf.com
signamoykloysd.com
sisadfriolkdle.com
sistoronykastadro.com

# Reference: https://x.com/malwrhunterteam/status/1986057920463720500
# Reference: https://www.virustotal.com/gui/ip-address/66.175.239.195/relations
# Reference: https://www.virustotal.com/gui/file/b78dbc66a99cdec46ca38ee09f7804edf082987e8fd832c612479bf5d8a46df0/detection

abanso.com
agaub.com
agayol.com
agloti.com
ahyoud.com
akajuz.com
aknold.com
akratus.com
alkatir.com
amelop.com
angoch.com
arcadabra.com
arcadaz.com
armanok.com
asadir.com
assaty.com
avlury.com
avnym.com
avulat.com
azabeq.com
azutra.com
azzafir.com
baktors.com
barhosh.com
belhux.com
beloci.com
binqyu.com
birdmon.com
bitsuv.com
bokhoch.com
boufey.com
bousiha.com
brivai.com
brotimings.com
bulvok.com
catygo.com
chakoch.com
chasingpips.com
chelako.com
chomaj.com
cloudiesfly.com
cloudsbk.com
coulaj.com
daiboi.com
deffox.com
derkol.com
dimsho.com
djaiji.com
dolsti.com
doufiz.com
dragonzed.com
dragozon.com
drakuta.com
dreany.com
drosti.com
edjuk.com
elliky.com
eniha.com
enomaj.com
erazir.com
esmaki.com
evakov.com
explak.com
fakrony.com
falcta.com
falgat.com
falizt.com
farashafly.com
feloki.com
fidosh.com
figlot.com
flabou.com
flacop.com
fladok.com
flandu.com
flatwovs.com
foundons.com
fricht.com
fuldu.com
fuljia.com
funaty.com
gameswaka.com
gamlova.com
gammor.com
gamovz.com
gamozar.com
gamshu.com
gamwolf.com
gamyna.com
gelopy.com
gerroj.com
glidof.com
gloure.com
golodia.com
gondap.com
goodloko.com
gounaw.com
granod.com
grodop.com
guklu.com
gumfin.com
gurirol.com
gushna.com
haboul.com
happyfelliz.com
hifony.com
hoplou.com
houary.com
iamoun.com
iklote.com
imboj.com
immojy.com
inbaty.com
inpraj.com
jallom.com
jealka.com
jenafo.com
jirbol.com
jokano.com
joupal.com
kaidik.com
kalikus.com
kalodri.com
kalunia.com
kamanj.com
kamfiv.com
klusna.com
knorou.com
kobitea.com
kobochi.com
kolmizone.com
kondoc.com
koubel.com
kulozi.com
leektro.com
leemad.com
leomun.com
leosef.com
levanz.com
limakt.com
limonja.com
lodjy.com
lokbai.com
lokmad.com
lounba.com
lovamer.com
lovelyflayer.com
lozawa.com
lunsot.com
lyndro.com
maidro.com
makdob.com
martanoz.com
meonik.com
mewzyk.com
miluve.com
mirmonz.com
mistrey.com
mivorix.com
mobodiz.com
mobojy.com
mogaza.com
mokonad.com
molbibi.com
monble.com
mondrak.com
mosisat.com
motanj.com
namossa.com
nazdri.com
newoup.com
niktir.com
niprad.com
nodrou.com
numrod.com
obasou.com
okanza.com
olimai.com
opandi.com
ophous.com
orbiav.com
orklom.com
oshwai.com
ovlai.com
pioran.com
plakev.com
poktar.com
pyrmidaz.com
quirsh.com
quniat.com
quosko.com
reedov.com
riokau.com
rojeun.com
rondila.com
rushov.com
sabnon.com
salvonia.com
samhok.com
saplim.com
sasapu.com
sedriv.com
sekkol.com
senboul.com
sevonz.com
shikl.com
sholova.com
simojy.com
sishmo.com
snaiv.com
soukem.com
splouv.com
stamok.com
taimoj.com
tanild.com
tchupy.com
tefand.com
temaje.com
tofaney.com
trinuv.com
ufotapa.com
umouk.com
unquop.com
vanaile.com
vandoxy.com
verocrown.com
vivagamez.com
volboi.com
volubyt.com
vradop.com
vukity.com
vuktu.com
wadlou.com
wadrou.com
wadush.com
wakoch.com
wazij.com
wendoz.com
witnar.com
woahou.com
wowgam.com
yahaie.com
yaktou.com
yamond.com
yanona.com
yastad.com
yellowmoons.com
yeshta.com
zamcho.com
zammor.com
zarfoq.com
ziktal.com
zonatra.com
zultrak.com

# Reference: https://threatfox.abuse.ch/browse/malware//win.latrodectus (# 2025-11-19)

adoklixiokloer.com
afolpderniolakfduik.com
afonoditrixdxcomplany.com
afsdloiutropic.com
ardotcharleybuking.com
ariokliasklfdnok.com
asderaopafolasuys.com
asioklaydpory.com
asiolkijmadikola.com
astonmartiomanebiklos.com
avakreplianamame.com
bagonamaditrohds.com
barbnormadasolkuidfsa.com
barobgpsa.com
bibifarisfarilsd.com
bibigigatrols.com
biklomanymonerteotr.com
birmatrabiloktrabvel.com
bistroilonalkidimosds.com
brutalinfgonzasochi.com
bubuklaysdertolitodas.com
bundosceradfolia.com
cersaavtolabnovuklubykol.com
chachsdorinatrinitripokla.com
chakulilipopifikolas.com
daestfestifalkrlon43.com
dakiloifhsnuukka.com
daom2gaslioryrocky.com
derfonlyadenmokrsw.com
didogpjokertroya.com
didrogudoharilo.com
dosyposycom.com
draklofsitewebsdrift.com
dralbandrhifit.com
dumkaumkasrot.com
erahitopupikloss.com
fadiomasdpir.com
fasecompasedfjjd.com
fasiokiurtuiolkads.com
fastmionarabastore.com
feradonmanilosaki.com
fexelxilkopory.com
fifalolafasertikonex.com
fiklokasilupafas.com
filojaspergloplas.com
firopirocloundare.com
furiolkariomastbe.com
gansroroyfgdst.com
gasdoinertiolkihas.com
gasrihoirteyui.com
geargasporuion.com
geartopciklorek.com
geoternalkoddfiso.com
gifrodasderty.com
gukolinanyamannoklo.com
h1asoplooproe.com
h1hundynotesuom.com
hasadipocopshas.com
havalkilofilojast.com
hhrrtyusdfar.com
hisikolarionfire.com
hristomasitomasdf.com
ireblogthedomsiki.com
irectashasdri.com
jarcovilokaserdrinok.com
jauiolkerytamp.com
juliavirafoklios.com
justriojadiokliobass.com
k5aiodybloxdasom.com
kashrykkskcjfkkdks.com
kflyghtovilodas.com
kikliloputocrowfly.com
klafiokindw.com
klonfcrtyseaflow.com
krisaldasliodsahj.com
krivomadogolyhp.com
krlopskhfutroplsa.com
laifedorikomakons.com
larioiokolid.com
lasoriodrens.com
levovestrigerklobis.com
lilasdorycomsik.com
llojikartid.com
lolkasdokriosell.com
lorraineyeung.com
mareditrixfiresa.com
marokolidoss.com
maukateciklodasresm.com
maximakampanijosnuostatai.com
mimamimoflarestore.com
mioasiosumslauyoks.com
mustdohavetrinmydimo.com
nanomiloklosikolaymas.com
narvadriftbide.com
natanisralninoklips.com
ninojokerfireyxfisto.com
novakremokasdogiosan.com
nuriaduriokalklass.com
oasioncounertstrike.com
on.borneointernusa.com
pikipika.cn
ploykalofomarixcley.com
qiokbrohaschosdikolane.com
qrwestfiodterty.com
quikstartmaindiloflare.com
rackklousdiksonmauf.com
serlace.xyz
servilinisfadustrit.com
sharpekolasdomeyko.com
sisternoybabuyeriklow.com
sitesgpt.com
slequip.com
stasdirecthpsumsufgh.com
storage-static4f6575d55box.s3.eu-west-1.amazonaws.com
strikerolionaolqnfks.com
sum1oxazaracklary.com
sumgifaluis.com
thederekmainblogportal.com
tidxuxisudolia.com
titiprostertuk.com
titiytreip.com
tokjikoladutrack.com
triosdoryumkas.com
trolsfigabubu.com
ttryiptiytre.com
um-records.com
valoikdortordas.com
vartaslowblogisfera.com
vilorhilokasdhermiol.com
viropirostandap.com
visionpro-optical.com
vitasdrudalokistok.com
vivaboklaysdera.com
wasagtrolkdsg.com
wilowiklayd.com
winfrauikol.com
xilofonsriugagadlon.com
yuikasdojhf.com

# Reference: https://www.netresec.com/?page=Blog&month=2025-12&post=Latrodectus-BackConnect

185.93.221.12:443
193.168.143.196:443
grasmetral.com
jarkaairbo.com
scupolasta.store
