# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: poseidon stealer, rod stealer, rodmacer stealer, crazyevil, mac.c stealer, macsync stealer, digitstealer, shubstealer

# Reference: https://twitter.com/phd_phuc/status/1651001139750420480
# Reference: https://twitter.com/phd_phuc/status/1651002681798926337
# Reference: https://www.virustotal.com/gui/file/2175cc3bc1e3bf4cc27a9524b34d47c14b9aa094061600c0c4bfee9447bd54b4/detection

37.220.87.16:5000
amos-malware.ru

# Reference: https://twitter.com/malwrhunterteam/status/1651496976486154240
# Reference: https://www.virustotal.com/gui/file/2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097/detection

3fa-all.life
any-viewer.com
app-torrent.org
app-trade.net
apps-torrent.com
apps-torrent.net
apps-torrent.org
apps-trade.org
apps-web.digital
atom-apps.net
auth-apps.club
auth-apps.org
auth-secure.org
axx-play.com
brav-down.com
brav-down.org
bravs-down.com
cosmos-network.io
ens-apps.com
evmchainlist.app
files-box.org
forexx-meta.com
gram-apps.com
gramm-download.net
gua-wallet.com
gua-wallet.org
itrezor.net
itrezor.org
keplrwallet.app
layerzero-foundations.net
memo-apps.net
memo-apps.org
meta-forexx.com
meta-forexx.net
meta-forexx.org
notion-apps.net
otp-apps.net
otp-apps.org
pass-save.com
ph-wallet.org
phan-apps.com
phantom-wallet.at
phantom-wallet.net
phantomm-wallet.us
play-axi.net
q-torrent.com
q-torrent.net
q-torrent.org
rabby-wallet.net
rabby.at
remote-apps.net
remote-apps.org
saver-pass.life
scroll-drop.net
scrollfoundation.net
scrollnetworks.net
secure-apps.org
security-apps.net
security-apps.org
skii-weaver.com
skii-weaver.net
team-apps.club
torent-u.com
tortent-u.com
tortent-u.org
twill-down.com
twillo2.club
u-torrent.org
unisat-wallet.net
unisat.at
uploads-test.org
uth-app.life
vl-play.club
w3fa-all.life
wallet-atom.com
wauth-secure.org
web-wallet.org
wu-torrent.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
# Reference: https://otx.alienvault.com/pulse/64fa053f6f16dd0914077358

app-downloads.org
trabingviews.com
u0131ews.com
xn--gsvews-r9a.com
xn--tradgsvews-0ubd3y.com

# Reference: https://twitter.com/1ZRR4H/status/1700206318718509292

cleanmac-app.top

# Reference: https://threatfox.abuse.ch/ioc/1164482/

http://185.106.93.154
maybe.host
api.maybe.host

# Reference: https://twitter.com/MalGamy12/status/1705151026976760309
# Reference: https://www.virustotal.com/gui/file/19023cd72c8de1423e8082232099c6e38db3e78ceca179af104a3b1ad579d8a5/detection

http://45.144.29.39

# Reference: https://urlscan.io/result/019a9882-7490-72ca-a016-fb42bf59990c/

http://45.144.52.134

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://185.215.113.116

# Reference: https://twitter.com/g0njxa/status/1710678871799152913

dafu-xiaoniangao.monster
/askdaskdIB/22987ggg
/22987ggg
/askdaskdIB

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://104.21.17.179
http://171.22.28.248
http://172.67.177.191
http://185.172.128.163
http://185.172.128.31
http://185.215.113.71
http://194.169.175.117
http://194.49.94.93
http://5.182.86.8
http://5.42.65.107
http://5.42.65.55
http://79.137.198.170
http://89.208.105.191

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
# Reference: https://otx.alienvault.com/pulse/655deaade608a53b8d4ada31

chalomannoakhali.com
jaminzaidad.com
royaltrustrbc.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.98/relations
# Reference: https://www.virustotal.com/gui/file/0956ab422b6bcc44fed1504b524c8bb8c4491da42552c3b179d6bbcb3dc24c85/detection

http://5.42.65.108
trialap.com
slack.trialap.com

# Reference: https://twitter.com/r3dbU7z/status/1748103869375128024
# Reference: https://www.virustotal.com/gui/ip-address/23.227.199.33/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.92.244.104/relations
# Reference: https://www.virustotal.com/gui/file/0316b4d2186dbfbaef8929cb18fed6d6a5ba7a923fd005c94b458b7dd3ada6a8/detection

daddyvjxsa.online
daddyvjxsa.site
parailels.online
parallells.online

# Reference: https://twitter.com/r3dbU7z/status/1755063296145736023
# Reference: https://twitter.com/r3dbU7z/status/1771867585673392149

aianubhav.com
accoun10.com
guruveera.com

# Reference: https://twitter.com/moonlock_lab/status/1772323469947978002
# Reference: https://www.virustotal.com/gui/file/511a01dcb0fe86c9f2f432400a28487d53e83cdb03af7701f28511f260eb1a83/detection
# Reference: https://www.virustotal.com/gui/file/07a4618b5d9e057de25977ec2bd698e3070280be162aaed16b45cdef3ccad862/detection

79.137.192.4:443

# Reference: https://twitter.com/r3dbU7z/status/1786009485846204504
# Reference: https://www.virustotal.com/gui/file/26576c710b3025a4e1b46f78a0e1a9a276e2107291771ae1a9792ebffa2ef930/detection

notion.ph

# Reference: https://twitter.com/birchb0y/status/1790746238758817821
# Reference: https://x.com/malwrhunterteam/status/1900612483900981277
# Reference: https://x.com/malwrhunterteam/status/1902272327980642718
# Reference: https://alden.io/posts/infostealers-a-brewin/
# Reference: https://app.any.run/tasks/834cae35-e7c8-4e63-a66b-814f676e6af2/
# Reference: https://app.validin.com/detail?type=raw&find=Homebrew+%E2%80%94+The+Missing+Package+Manager+for+macOS+%28or+Linux%29 (# 2025-03-14)
# Reference: https://www.virustotal.com/gui/file/513bb09807c9c343fccf7df30f687ea490125745e5ae02177c92efeb514e4b30/detection
# Reference: https://www.virustotal.com/gui/file/9a2e0aadd42144abf97232bff0d3dcec123004b07e1e771c82e0d04f7ae0971a/detection
# Reference: https://www.virustotal.com/gui/file/0a21b30f2e725b73160c542561bf68a2c8f53949557240db34d890583d02e30b/detection

http://109.120.178.3
http://158.255.213.85
http://162.252.175.220
http://167.234.213.68
http://185.246.130.141
http://188.127.225.100
http://5.255.107.149
http://5.42.100.86
http://77.221.151.41
http://79.137.192.4
http://82.115.223.176
http://85.217.222.185
http://94.124.160.117
79.137.192.4:443
94.124.160.117:443
applemacios.com
aroqui.com
axcrid.com
bodega-fyi.pages.dev
brew-download.com
brew.lat
brews.icu
brewsh.cc
brewshh.org
candao.top
coinpepe.xyz
drcohenmd.com
homabrews.org
homebrew-storage.com
homebrew.cx
homebrew.page
homebrewl.pro
hornebrew.mom
mpsime.com
nnvious.com
rectanglemac.pro
trello.bio
willowsushi.com
brew.pages.dev
docs.homebrew.cx
raw.brewsh.cc
raw.homabrews.org

# Reference: https://x.com/Threat_Down/status/1791912008746430748

http://5.182.86.95

# Reference: https://x.com/moonlock_lab/status/1793702034782433441
# Reference: https://www.virustotal.com/gui/file/60ad28afc1b3bd1cfd671c8f5fad7398e1cb7bd811498ef8a371007c4c32e75e/detection
# Reference: https://www.virustotal.com/gui/file/30b89622c779dd06faa909e7e0b8e88f3b75ca78fad00c4cf0ef7db320e3b218/detection
# Reference: https://www.virustotal.com/gui/file/2e3dcbccd9c774a43ec8565378c4ae9f4f6048b5f4c984d99e4f000858b688e3/detection

forked-project.com

# Reference: https://x.com/birchb0y/status/1793735550744375338
# Reference: https://app.validin.com/detail?find=185.172.128.72&type=ip4&ref_id=9fd035b569f#tab=resolutions

altllayer.com
earlymodenetwork.com
leaderwallets.org
lfgjupiter.com
mantanetwork.dev
newparadigm.dev
pixelcommunity.xyz
rodrigos.io

# Reference: https://x.com/Threat_Down/status/1794033775980032497
# Reference: https://www.virustotal.com/gui/file/27ed8f5684e32217a073200ac80d822825f4e9954797f6682c7a6c8d0951fb88/detection

http://65.108.232.23
calenserty.com

# Reference: https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/
# Reference: https://otx.alienvault.com/pulse/65b915078b79508127f170a9

arcbrowser.pro
cleanmymac.pro
parallelsdesktop.pro
pixelmator.pics

# Reference: https://x.com/arch1ehic0x/status/1803095125779791980
# Reference: https://x.com/karol_paciorek/status/1803357816746360903
# Reference: https://x.com/karol_paciorek/status/1803362692566028490
# Reference: https://app.validin.com/detail?find=ROD%20STEALER&type=raw&ref_id=2874a9d4ee7#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/b68fbd104d13e025928f29bb90a25ab5b552ba1275ccd11869cf626fca85fb46/detection

http://185.172.128.110
onipars.pw
truck-ord.site

# Reference: https://x.com/arch1ehic0x/status/1806678546607227054
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.60/relations
# Reference: https://www.virustotal.com/gui/file/474ee78c6636ee478ea7f4521559679fbc468bb326357737bfc465e63ed153fa/detection

agov-access.com
agov-access.net
agov-ch.com
agov-ch.net
register-agov.com
register-agov.net

# Reference: https://x.com/NDA0E/status/1806818805961912577
# Reference: https://x.com/bruce_k3tta/status/1887881634286108734
# Reference: https://x.com/g0njxa/status/1915698276206104905
# Reference: https://search.censys.io/hosts/185.147.124.212
# Reference: https://www.virustotal.com/gui/file/61b0b147bf9bec52818af09d10ca7b81bb94c07d964684f10360abfe426014ba/detection
# Reference: https://www.virustotal.com/gui/file/382b0c1923db5369787f84f839004c171e7d400482055725b091f5eede80a7a4/detection

http://185.147.124.212
http://88.214.50.3
185.147.124.212:22
185.147.124.212:3389
lascolinasresortdalas.com
login-auth-office.com
osheafarm.com
poseidon.cool
robsheraldry.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/ (# 2024-07-01)

http://186.2.171.60
http://37.27.82.196
http://68.66.226.80
186.2.171.60:443
37.27.82.196:443
agovaccess-ch.com
b2cidp-mobilier.com
bitp.alamri-ip.com
bitp.alan.my
bitp.alkareemimport.com
bitp.avansisgroup.com
bitp.blueroselb.com
bitp.clementinasketchbook.com
bitp.dicoar.com
bitp.ebibote.com
bitp.fromagetambourin.fr
bitp.grantindonesia.com
bitp.hapa5387.odns.fr
bitp.heavenconstruction.pk
bitp.heavenmarketing.pk
bitp.htechs.com
bitp.idealindustryltd.com
bitp.kkenterprises.pk
bitp.navihost.in
bitp.nwg.com.pk
bitp.olivrodapatria.online
bitp.ontech.co.zm
bitp.phrapitta.com
bitp.pisuka.com
bitp.pouradhwani.com
bitp.quasar.sa
bitp.quick-eg.com
bitp.raagifts.com
bitp.siupk.net
bitp.smslogin.xyz
bitp.sviat21.com
bitp.tami8849.odns.fr
bitp.tiedyeromania.ro
bitp.tilakhighfiji.com
bitp.weltpropiedades.cl
bitpa.ananyajain.com
bitpa.artemilenario.fr
bitpa.athleticshub.co.uk
bitpa.babajani.com
bitpa.bariel.co.id
bitpa.beautifulbooze.com
bitpa.bghbd.com
bitpa.bicoman.net
bitpa.casamagdalenapublicidad.com.co
bitpa.combienemetmonargent.info
bitpa.dctcbd.com
bitpa.desipolska.pl
bitpa.dogfestival.gr
bitpa.drcaraccessories.com
bitpa.eamarseba.com
bitpa.elshamel.online
bitpa.guptavedika.com
bitpa.hostpinas.com
bitpa.innovatalks.com
bitpa.jcaisse-dev.org
bitpa.mathinmaps.net
bitpa.mejoresconsejosvida.online
bitpa.miogatto.gr
bitpa.miogatto.greffectual
bitpa.moralesalducin.com
bitpa.mydreamsltd.com
bitpa.nationaltemps.co.uk
bitpa.neebs.edu.np
bitpa.newestrealty.com
bitpa.owanbefood.com.ng
bitpa.palms77hotel.com
bitpa.planethair.gr
bitpa.professoranagida.online
bitpa.pta-greece.gr
bitpa.remoteprints.com
bitpa.sarshipping.net
bitpa.smsfi.com
bitpa.socialobserver.in
bitpa.soltita.com
bitpa.tatlibuketi.com
bitpa.tigercampcorbett.com
bitpa.toel4298.odns.fr
bitpa.vendotuttonline.com
bitpa.vissnatech.ir
bp.4dpayme.com
bp.absolutairarcondicionado.com.br
bp.afrokulchagroup.com
bp.americansports.com
bp.aminadabelago.com.br
bp.appoemn.org
bp.bernard-bourcy.net
bp.blogcanadiense.com
bp.brankenattorneys.co.tz
bp.cairnhillwatches.com
bp.car.co.tz
bp.celebratebloomfield.org
bp.celloxwatches.com
bp.ctvidamelhor.com.br
bp.davidliving.com
bp.dieterforjudge.com
bp.dumbeg.com
bp.easthartfordinterfaith.org
bp.edgenetworks.rs
bp.emporioecuador.com
bp.fatp.co.tz
bp.flyingdonvstg.franciaim.net
bp.fortclean.net
bp.fursforus.net
bp.hotelultimafrontiera.com
bp.innovatalks.com
bp.isap-union.gr
bp.jpxhelmet.com
bp.kgcdiary.com
bp.kidsightusa.org
bp.killerworkdev.com
bp.linenessentials.com
bp.littleleafstudio.co.uk
bp.lyctechnologies.com
bp.marthareingold.com
bp.mgcsw.gov.ss
bp.mibenditoadolescente.com
bp.moimoveis.com.br
bp.movie.co.tz
bp.myindiamall.in
bp.natenrjs.com
bp.nationalbeatpoetryfoundation.org
bp.news.co.tz
bp.niceguyrebrands.xyz
bp.paltouchsystems.net
bp.petersparre.com
bp.rafikidodomahotel.com
bp.richardobenton.com
bp.riscasvicosas.pt
bp.saleseconomic.com
bp.sc1jtfu9765.universe.wf
bp.segurobligatorio.pro
bp.seo7sry.com
bp.shivaagorealty.com
bp.stasy-union.gr
bp.sygenpharma.com
bp.tdsorsta.ro
bp.trueearthchanges.com
bp.video.co.tz
bp.watertownctlions.org
bp.wegolions.org
bp.wheelsofwilliamsport.com
bp.wheelsofwilliamsport.net
bp.wocrimestoppers.org
bp.worldcup.co.tz
dibbadu.absoluteitbd.com
dibbadu.arkaconstructores.com
dibbadu.caelectrons.com.br
dibbadu.carboneralabanda.com.co
dibbadu.ciptransfer.com
dibbadu.dolphinmanagement.ro
dibbadu.evergraphics.com
dibbadu.geofieldp.com
dibbadu.institutointei.com
dibbadu.millennialstourandtravel.co.ke
dibbadu.myportfolio.com.co
dibbadu.nextsol.com.br
dibbadu.planamoveis.com.br
dibbadu.proexcon.com
dibbadu.promoveazaonline.com
dibbadu.smartfuture.co.za
dibbadu.sscmcc.cl
dibbadu.sulmov.com.br
dibbadu.trujilloserrano.com
eportal-be.com
eportal-bs.com
extraiptv.giize.com
finanzportal-vermogenzsentrum.com
finanzportal-vermogenzsentrum.net
getgrammerly.com
hd.hdweb2.pw
ip.tvguzel.com
loginzug.com
newcp.abagenciamarketingdigital.com
newcp.adrenalinanet.com.br
newcp.afrikwebacademy.com
newcp.americansports.com
newcp.amtech.sd
newcp.andersonconstantino.com.br
newcp.ankaracilingirci.com
newcp.ankaradatemizliksirketi.com
newcp.ankarasevkattesisat.com
newcp.arteimparables.online
newcp.atlasfizyoterapi.com.tr
newcp.aurcleaning.com
newcp.aurejewelry.ca
newcp.avalanche-store.com
newcp.balcovacicekciler.com
newcp.bayraklicicekciler.com
newcp.bazis-t.uz
newcp.beyondxgroup.online
newcp.bitezeventwedding.com
newcp.bizaccord.com.pk
newcp.bnkilaclama.com
newcp.bonggayon.com
newcp.bornovacicekciler.com
newcp.boscosoft.ae
newcp.botchats.in
newcp.brntemizlik.com
newcp.clay.net.in
newcp.colegioburiti.com.br
newcp.coliturcusco.com.pe
newcp.departamentosenpueblolibre.com
newcp.dihucar.com
newcp.dominantlegaltrans.com
newcp.essasattire.com
newcp.essentemizlik.com
newcp.fahadengineerings.com
newcp.franciaim.net
newcp.frederic-monereau.com
newcp.freud.radi0.im
newcp.fxtransportation.com
newcp.gaziemircicekciler.com
newcp.generation-green.ma
newcp.geofieldp.com
newcp.ghdemo.com.tr
newcp.grid-edge.com.au
newcp.gridedgenews.com
newcp.gssgroup.co.ke
newcp.h-bsofwares.com
newcp.harasselection.com.br
newcp.hiraotomatikkapi.com
newcp.hypercctv.org
newcp.icredes.com
newcp.iluminate.com.mx
newcp.induslab.net
newcp.inkopau-rentcar.com
newcp.ithalatcimiz.com
newcp.japeto.ro
newcp.jcgama.com
newcp.johnballis.com
newcp.karyacorp.com
newcp.libuinsi.my.id
newcp.liderford.com
newcp.lindaballis.com
newcp.lojaflordocerrado.com.br
newcp.lourencoviajante.pt
newcp.maeslanden.nl
newcp.maskinsoftware.com
newcp.maxxcontrol.com.tr
newcp.medyapm.com
newcp.meiya.co.ke
newcp.metse.co.bw
newcp.mexicodemaria.mx
newcp.multipolarsolution.com
newcp.naseemtravels.com
newcp.neutown.com
newcp.ngopicoding.com
newcp.niceguyrebrands.xyz
newcp.nirmalexpertsolutions.com
newcp.oiltanker.com.ng
newcp.olivrodapatria.online
newcp.perapeyzaj.com
newcp.piolinspa.cl
newcp.plastikiniai-langai.eu
newcp.pnmls.cd
newcp.posdata-si.com
newcp.qadricaterers.com
newcp.ram-service.cl
newcp.recubplast.com.co
newcp.royalcontingencia.com
newcp.rsquad.co.ke
newcp.safipompe.ma
newcp.sagarsprings.com
newcp.sbaqala.pk
newcp.sc3bhgr7781.universe.wf
newcp.seo7sry.com
newcp.skinorra.com
newcp.smartlabor.it
newcp.solarib.com
newcp.sosgestion.com.co
newcp.spiegelenergy.com
newcp.spiegelenergy.com.au
newcp.stargazemining.co.za
newcp.superanimalpet.com
newcp.tamilankadai.com
newcp.tamminguyen.co.uk
newcp.tammisnaps.com
newcp.techcube.in
newcp.termomecconsultoria.com.br
newcp.thebestbodrumtemizlik.com
newcp.thebestbodrumtemizlik.comlounge
newcp.thisisafricas.com
newcp.tuintiadmin.com
newcp.ultisol.co.za
newcp.universal-kikaku.com
newcp.uns-kikaku.com
newcp.urunstand.com
newcp.visualmakers.com.pk
newcp.vozminera.mx
newcp.wine-ar.com
newcp.youknowpeople.com
newcpp.1ihost.com.br
newcpp.3dsurf.ir
newcpp.4182-0006ac95072f.wptiger.fr
newcpp.abarclinic.com
newcpp.abrakadabra.com.pe
newcpp.aceleraventas.com
newcpp.activelifemd.com
newcpp.addisbasketball.com
newcpp.adrenalinanet.com.br
newcpp.afrokulcha.co.za
newcpp.afrokulchagroup.com
newcpp.afrokulchatravel.co.za
newcpp.almoajel.sa
newcpp.altaymediaalbania.org
newcpp.aminadabelago.com.br
newcpp.apa.ba
newcpp.aurejewelry.ca
newcpp.aurespa.ca
newcpp.averynigeria.com
newcpp.balebuku.my.id
newcpp.bandamuveegroov.com.br
newcpp.banjarkode.com
newcpp.better-gpt.org
newcpp.billionairesestate.com
newcpp.bocadosdeamor.com
newcpp.build-2-suit.com
newcpp.casadefriossaobenedito.com.br
newcpp.casamagdalenapublicidad.com.co
newcpp.cncmorelos.org
newcpp.confidable.com
newcpp.conquermark.com
newcpp.constructoraharr.clapostolic
newcpp.credencewatches.com
newcpp.damaskin.ro
newcpp.danmartin.ro
newcpp.dilagosburguer.com.br
newcpp.ditsaambiental.com
newcpp.dktravel.com.ec
newcpp.doncellafem.com
newcpp.dsts-immigration.com
newcpp.dungnguyenarchi.com
newcpp.durumdelight.com
newcpp.easthartfordinterfaith.org
newcpp.education21kulimpku.com
newcpp.embassydevelopments.com
newcpp.espace-food.com
newcpp.espinhoserosas.com.br
newcpp.exactcolor.co.ke
newcpp.faforlife.com.ng
newcpp.faforon.com
newcpp.faforon.com.ng
newcpp.falahatishop.com
newcpp.fatp.co.tz
newcpp.faybd.com
newcpp.fitnessupbeat.com
newcpp.fridaybd.com
newcpp.fundacionequiterra.org
newcpp.gemsinnovation.com
newcpp.gridedge.com.au
newcpp.gridedgenews.com
newcpp.h-bsofwares.com
newcpp.harmonyvillage.gr
newcpp.hotel.co.tz
newcpp.huncanlit.com
newcpp.husamekhrawesh.com
newcpp.ibis-inspection.com
newcpp.ilutex.com.br
newcpp.imcbgten4.org
newcpp.institutoiba.org.br
newcpp.inversionesllort.com
newcpp.isabelaayrosa.adv.br
newcpp.johnballis.com
newcpp.kgcdiary.com
newcpp.khabarworld.com
newcpp.killerworkdev.com
newcpp.kotok.net
newcpp.ktktech.my.id
newcpp.kystibbi.com.tr
newcpp.lacitavilla.com
newcpp.lakcards.lk
newcpp.lenterdit.com.ar
newcpp.levinesolutions.net
newcpp.lindaballis.com
newcpp.logdist.ma
newcpp.ludotenis.com
newcpp.luicreativestudio.com
newcpp.magyarkoltok.com
newcpp.mahtokitchencare.com
newcpp.meadvilleorthodontics.com
newcpp.medicalmedia.com.mx
newcpp.meiya.co.ke
newcpp.moimoveis.com.br
newcpp.moralesalducin.com
newcpp.movie.co.tz
newcpp.musamwaky.co.tz
newcpp.nationaltemps.co.uk
newcpp.natroglobal.com
newcpp.news.co.tz
newcpp.nonisec.com
newcpp.nonisec.com.ar
newcpp.ontrace.id
newcpp.park-systems.net
newcpp.payall.com.ng
newcpp.pkmkaranganyar.com
newcpp.pmkt.ao
newcpp.polomilano.com
newcpp.polyvin.com.br
newcpp.powerunits.com.ng
newcpp.powerunits.com.ngwittily
newcpp.powerunits.ng
newcpp.princekushwaha.com.np
newcpp.protrans.com.ph
newcpp.quantum-ev.co
newcpp.quasar.sa
newcpp.quasarful.com
newcpp.recettecuisinegastronomie.fr
newcpp.revenueacademy.it
newcpp.saamtrek.co.za
newcpp.sagarsprings.com
newcpp.sandrasperling.com
newcpp.sbtabriz.com
newcpp.sc1jtfu9765.universe.wf
newcpp.scotiaperu.pe
newcpp.seguroautoagora.com.br
newcpp.seis.co.ke
newcpp.sketchersdesign.co.ke
newcpp.smartzone.sa
newcpp.spiegelenergy.com
newcpp.sscmcc.cl
newcpp.stayeasyplus.com
newcpp.stratwood-gs.ro
newcpp.streakk.com.ng
newcpp.tabledemassagepliante.fr
newcpp.tdsorsta.ro
newcpp.techtrust.pt
newcpp.tecsoluciones.com.pe
newcpp.testabeko.mamaquette.fr
newcpp.thehumanitarianfund.org
newcpp.themavvel.co.ke
newcpp.tracymasonmedia.com
newcpp.uns-kikaku.com
newcpp.uptourismguide.com
newcpp.upvs.com.ng
newcpp.urushomestay.com
newcpp.vanguardaamazonense.com.br
newcpp.wecarefamilydentistry.com
newcpp.wpsuperlink.online
newcpp.wychelmconnect.com.ng
newcpp.xyfinity.co.za
newscp.aaptiroots.in
newscp.academicindia.in
newscp.aeni-script.my.id
newscp.agenciazurc.com.br
newscp.ainirentcar.com
newscp.akia.com.mx
newscp.alauddinsweetmeat.com.bd
newscp.allkemie.com
newscp.almastudio.pe
newscp.antaema.com
newscp.arabic.du.ac.bd
newscp.area14st.com
newscp.aromatherapyacademy.com
newscp.atiliomarola.com.ar
newscp.aunurrafiqofficial.com
newscp.bangfirmanofficial.com
newscp.bariel.co.id
newscp.blueheadfilms.com
newscp.botchats.in
newscp.carboneralabanda.com.co
newscp.carvalhocruz.com.br
newscp.cgsbim.cl
newscp.chaucatotoursperu.com
newscp.clay.net.in
newscp.cncmorelos.org
newscp.colbachabierto.com
newscp.colbiomor.org
newscp.computertechsperts.com
newscp.contechprojects.com
newscp.danmartin.ro
newscp.darfurfm.sd
newscp.debambu.es
newscp.debellis.com.br
newscp.digitalmaster.ro
newscp.dolphinmanagement.ro
newscp.dominioarquitectura.com
newscp.ebitan.com.bd
newscp.entreprisesdavenir.fr
newscp.exideinverterbattery.in
newscp.fatp.co.tz
newscp.gclenterprises.in
newscp.geber.com.mx
newscp.geliankft.hu
newscp.grupoempresarialvasram.com
newscp.grupomv.com.py
newscp.hchemical.sd
newscp.heefhotel.com
newscp.hospitaldesanluis.com.co
newscp.hotelultimafrontiera.com
newscp.hydrosolutions.pe
newscp.ibis-inspection.com
newscp.inncomex.com.mx
newscp.internetareal.net.br
newscp.janeladedramaturgia.com
newscp.junoindia.com
newscp.kashier365.com
newscp.khulumameals.co.za
newscp.laboratoriomacruzfarma.com
newscp.lf21.my.id
newscp.machaquila.com
newscp.mappingcanvasser.com
newscp.maridadymotors.co.ke
newscp.mexicodemaria.mx
newscp.mgglobalinvest.com
newscp.myindiamall.in
newscp.myportodigital.site
newscp.ndwc.com.py
newscp.nextsol.com.br
newscp.nppp.pk
newscp.nsaservices.com.br
newscp.oanachivu.ro
newscp.officialrtv.com
newscp.oiltanker.com.ng
newscp.ontrace.id
newscp.posdata-si.com
newscp.psiqo.com.pe
newscp.rafaelhsouza.com.br
newscp.ranasariagroup.com
newscp.roborave.mx
newscp.romalogistics.com.pe
newscp.sacs.ec
newscp.sagarsprings.com
newscp.savannah.sd
newscp.sc1dsnb7288.universe.wf
newscp.sc1tmtd4794.universe.wf
newscp.sc3bhgr7781.universe.wf
newscp.seotoronto.company
newscp.siarabd.com
newscp.slagveld.co.za
newscp.soltani-shopping.com
newscp.srprof.com
newscp.superanimalpet.com
newscp.swammovers.com
newscp.thirtyline.com.my
newscp.top2stay.com
newscp.tora-ks.com
newscp.tracymasonmedia.com
newscp.trimitrateknikmandiri.com
newscp.universalauto2000.it
newscp.usgonline.mx
newscp.valledelinka.com.pe
newscp.webhostingneo.co.id
newscp.xmartechpro.com
newscp.xpresscard.info
newscp.youthtuko.org
panda.arcaem.com
panda.ckinam.com
panda.creativeeventsbd.com
panda.dilagosburguer.com.br
panda.ffde.com.br
panda.fxtransportation.com
panda.grupoqueiroz.pt
panda.japanbangladeshhospital.com
panda.laofix.com.tr
panda.levinesolutions.net
panda.lojaniq.com
panda.sixfibras.com.br
panda.superdreadi.com
panda.tafca.cl
panda.vifurni.com
panda.viralhab.com
panda.vuacanvas.com
pipp.agauto.co.ke
pipp.debellis.com.br
pipp.diasecampos.com.br
pipp.dilagosburguer.com.br
pipp.dipankardey.com
pipp.eshaqlaw.com
pipp.japanbangladeshhospital.com
pipp.laofix.com.tr
pipp.nsaservices.com.br
pipp.pantallita.com
pipp.retromad1.ro
pipp.seo7sry.com
pipp.showroomilgiornodopo.it
pipp.sixfibras.com.br
portals-swisslife.com
sso-geneveid.com
tv.surebettr.com
tv.yayins.com
zestyahhdog.com
zug-login.com

# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.59/relations

bitp.funhaus.com.br
bitp.lesamisduvelo.fr
bitpa.adm-informatique.fr
bitpa.alkoukhonline.com
bitpa.amberconsult.com.ng
bitpa.ananyaholidays.com
bitpa.ananyaresorts.com
bitpa.ananyaventures.com
bitpa.arthamari.com
bitpa.beautygirlmag.com
bitpa.bocadosdeamor.com
bitpa.dealiatrade.pl
bitpa.dsborneo.com
bitpa.ektajain.com
bitpa.hippocampusinfotech.com
bitpa.lousamel.pt
bitpa.ludotenis.com
bitpa.matrixintertrade.co.th
bitpa.metodologiavirtual.com
bitpa.onpo.com.tr
bitpa.papoetoys.com
bitpa.racq2120.odns.fr
bitpa.registrocolegiados.cl
bitpa.ronafortuna.com
bitpa.ronakglobal.com
bitpa.sarkerrentacar.com
bitpa.telecos.com.pe
bitpa.tradingchilespa.cl
bp.3kmystore.com
bp.4dceria.com
bp.adlibmanagement.com
bp.affixsolution.com.br
bp.afrokulcha.co.za
bp.ainirentcar.com
bp.apotekavesta.rs
bp.appservice.com.mx
bp.aromatherapyacademy.com
bp.artemilenario.fr
bp.artnathacha.com
bp.be-tronics.com
bp.bizaccord.com.pk
bp.bloomfieldcthistory.org
bp.blueheadfilms.com
bp.branditmediahouse.co.za
bp.campovalepet.com.br
bp.checkedgar.com
bp.chuckoakes.net
bp.computertechsperts.com
bp.credencewatches.com
bp.ctgerizim.com.br
bp.diasecampos.com.br
bp.digitalforall.com.ng
bp.dilagosburguer.com.br
bp.dreamakerbd.com
bp.dremilio.com.br
bp.dungnguyenarchi.com
bp.e-drimer.pe
bp.ecce-groups.com
bp.ecomingrupo.com
bp.edu365pro.com
bp.emohoytsega.com
bp.erkutbarel.com.tr
bp.espace-food.com
bp.ets-kadydier.com
bp.excellentagro.biz
bp.faybd.com
bp.feedingspeedy.com
bp.gavasilva.adv.br
bp.gmseafood.cl
bp.grupoempresarialvasram.com
bp.haseed.com
bp.hex29.io
bp.holaquetal.tur.br
bp.homecityseremban.com.my
bp.hotel.co.tz
bp.hypercctv.org
bp.ibis-inspection.com
bp.induplastico.com.br
bp.instalarmacros.info
bp.itiss-cloud.com
bp.jerrylabriola.com
bp.jerrytalks.com
bp.josuesantana.com.br
bp.jprhelmet.com
bp.julianafabrizzi.com.br
bp.katariorganics.com
bp.kwickboxconsultant.com
bp.legitinteriordesign.com
bp.lexis.ma
bp.liazo.com
bp.lilianmeneghel-imoveis.com.br
bp.lionsdistrict23c.org
bp.lionslowvisionctr.org
bp.livingstonedameh.com
bp.lmmotors.com.pe
bp.mail.co.tz
bp.metodologiavirtual.com
bp.metse.co.bw
bp.mibusbolivia.com
bp.mirantedosgolfinhos.com.br
bp.montrexwatches.com
bp.moodle3.cfjulioresende.org
bp.mrsocial.io
bp.niemandsland.net.bo
bp.nynews.live
bp.payall.com.ng
bp.petercianciolo.com
bp.pilaresdealejandria.com.ar
bp.pncoaching.com
bp.pnmls.cd
bp.pousadavilladosgolfinhos.com.br
bp.powerunits.com.ng
bp.powerunits.ng
bp.quantum-ev.co
bp.radiopionerosfm.com
bp.ragdespace.com
bp.rarespeak.com
bp.ravinegloryhospital.co.ke
bp.realpromotora.com.br
bp.regig.org
bp.rowsolution.com
bp.sandrasperling.com
bp.sanymakmur-tc.com
bp.schulmanlaw.net
bp.sistem.eng.br
bp.sixfibras.com.br
bp.spotlesscrystal.com
bp.stwatertechnic.com
bp.t201.eliti.com.br
bp.taalisip.com
bp.techcube.in
bp.techdataminds.in
bp.tezas.in
bp.tracymasonmedia.com
bp.upvs.com.ng
bp.urushomestay.com
bp.venturarodrigues.pt
bp.westernhealthcareservices.com
bp.wissenfamily.org
bp.xyfinity.co.za
ddbyav.xiangjige.com
dibbadu.2kconstructores.com
dibbadu.4vipdjs.com
dibbadu.andresdeveloper.com
dibbadu.autobase.gr
dibbadu.byestrategica.com
dibbadu.centi.co.ke
dibbadu.fabconline.net
dibbadu.gaal0548.odns.fr
dibbadu.graphichub.in
dibbadu.hotelangasmayo.com
dibbadu.iiocouncil.com
dibbadu.inelco.com.mx
dibbadu.junoindia.com
dibbadu.kntgroup.co
dibbadu.logopidea.com
dibbadu.makeopportunity.org
dibbadu.onchange-group.com
dibbadu.pacegallary.com
dibbadu.rumahtua.net
dibbadu.saleseconomic.com
dibbadu.samaelcasanova.com
dibbadu.sc1ozko2782.universe.wf
dibbadu.sc4jtfu9765.universe.wf
dibbadu.showrender.com
dibbadu.techmarketim.com
dibbadu.tezas.in
dibbadu.trackingcookie.info
dibbadu.tuintiadmin.com
dibbadu.viproc.cl
flipdna.com
horoscopo-2022.org
horoszkop2022.com
newcp.agenciadss.com.py
newcp.amaya.cl
newcp.amshesp.com
newcp.appservice.com.mx
newcp.azharconstruction.com
newcp.carvalhocruz.com.br
newcp.celis-massage.fr
newcp.ciaosa.com
newcp.continentlpe.info
newcp.credillants.pe
newcp.diasecampos.com.br
newcp.drajna.ro
newcp.gridedge.com.au
newcp.ibis-inspection.com
newcp.izmircicekciler.com
newcp.marembal-group.com
newcp.simaltrading.nl
newcp.supraseg.com.br
newcp.thirtyline.com.my
newcp.uje.com.co
newcpp.75d7-4bcef4b19275.wptiger.fr
newcpp.adlibmanagement.com
newcpp.affixsolution.com.br
newcpp.agauto.co.ke
newcpp.akilimingi.com
newcpp.antaema.com
newcpp.arcaem.com
newcpp.asainformaticarj.com.br
newcpp.bbwayplastic.com
newcpp.blogcanadiense.com
newcpp.borchtechnology.com
newcpp.car.co.tz
newcpp.cbrsanpedrodelapaz.cl
newcpp.celloxwatches.com
newcpp.collecteau.fr
newcpp.cuentasstreaming.com
newcpp.desiexpats.com
newcpp.ecomingrupo.com
newcpp.educar.com.vc
newcpp.educarinformatica.com.br
newcpp.erkutbarel.com.tr
newcpp.exwebian.com
newcpp.fabconline.net
newcpp.farlujotna.sn
newcpp.fortclean.net
newcpp.foundingfarmerssnacks.com
newcpp.iiocouncil.com
newcpp.impulsedesenvolvimento.com.br
newcpp.informatikaunwaha.com
newcpp.iradio.co.in
newcpp.itiss-cloud.com
newcpp.jcgama.com
newcpp.kanderia.com
newcpp.kento.ec
newcpp.lycominggop.org
newcpp.manaliindiancuisine.es
newcpp.marthareingold.com
newcpp.math.shorbanggo.com
newcpp.mensmadness.com
newcpp.montrexwatches.com
newcpp.mopedic.gm.so
newcpp.moralesiluminacion.com.mx
newcpp.mysterebeauteproducts.com
newcpp.natural-ubiquinol.com
newcpp.nazathai.net
newcpp.nevestech.com.br
newcpp.nyaligalumni.com
newcpp.olivrodapatria.online
newcpp.pakrevolutions.com
newcpp.pantallita.com
newcpp.rayonclothings.com
newcpp.razhmana.com
newcpp.rplogistic.com
newcpp.sara-baby.dz
newcpp.sarmayenegar.ir
newcpp.sc2jtfu9765.universe.wf
newcpp.scandent3d.cl
newcpp.seo7sry.com
newcpp.skiener.ch
newcpp.socialstrategy.pk
newcpp.soteriabiblecollege.com
newcpp.spotred.co.ke
newcpp.supraseg.com.br
newcpp.tagudinmarket.net
newcpp.timezoneservice.com
newcpp.view-mind.com
newcpp.viralhab.com
newcpp.vows-plus.com
newcpp.wheelsofwilliamsport.com
newcpp.ximaluster.com
newcpp.youknowpeople.com
newscp.afrodigitaltd.com
newscp.balebuku.my.id
newscp.capitalrobotia.com.mx
newscp.clinicamaranatha.com.br
newscp.clinicdental.in
newscp.drmahadihasan.com
newscp.erdilmen.com
newscp.eschaton2012.ca
newscp.feedingspeedy.com
newscp.flashcenter.com.br
newscp.gssgroup.co.ke
newscp.hex29.io
newscp.induslab.net
newscp.irisspamysore.in
newscp.jarkonrel.com
newscp.kalnemi.org.mx
newscp.maeslanden.nl
newscp.marembal-group.com
newscp.mariomatic.com.br
newscp.marketeate.com
newscp.masterbusiness.adm.br
newscp.moodle3.cfjulioresende.org
newscp.musaston.com
newscp.nasseradv.com
newscp.nextnovatech.com
newscp.omicc.ca
newscp.printshopper.in
newscp.promoveazaonline.com
newscp.rplogistic.com
newscp.seo7sry.com
newscp.skainetwork.com
newscp.sosgestion.com.co
newscp.sunrialimited.com
newscp.sunrialimited.com.ng
newscp.superbicideermita.com.mx
newscp.titikakamining.pe
newscp.verdelima.com.br
newscp.victorgonzalez.ca
panda.ainaofficial.com
panda.aminadabelago.com.br
panda.appservice.com.mx
panda.beesboertm.co.za
panda.businessgroup.pk
panda.corazza.co.za
panda.iga.co.rw
panda.mopedic.gm.so
panda.mrf-uganda.org
panda.nsaservices.com.br
panda.nyaligalumni.com
panda.ordonezsrl.com.ar
panda.prvapomoc.org
panda.virtualeventscenter.net
panda.wookapp5.com
pipp.espace-food.com
pipp.phrapitta.com
pipp.rggrandhotel.com
pipp.skmuhibbahraya.net
pipp.tredamschools.com.ng
pipp.zero4communication.net
sharehippo.com
wilkersontech.com
yinghuaxia.com
yiyuanzhou.com
yuruifu.com
zhaoriyue.com
zhaosf.nl
zhenhuanyu.com

# Reference: https://www.validin.com/blog/pivoting-to-expand-threat-intelligence/

tl-group.org
tlgroupe.com

# Reference: https://x.com/4n6Bexaminer/status/1820718431257428297

http://193.124.185.23

# Reference: https://x.com/Huntio/status/1820797152085582112
# Reference: https://moonlock.com/loom-macos-stealer

http://147.45.199.1
http://85.28.0.47
dinoverse.app
dinoverse.co
landofdreams.io
smokecoffeeshop.com
tnelloproject.com

# Reference: https://x.com/4n6Bexaminer/status/1822281363946381501
# Reference: https://tria.ge/240810-q2exvawdjb/behavioral1
# Reference: https://www.virustotal.com/gui/file/5ddc1391142c64074354adc87c62f0a048704a490ee785412a64896b0271da39/detection
# Reference: https://www.virustotal.com/gui/file/90f20a29ecc7dfe78341f418105f96604ef412722b0e59e4f1b59a552b02da29/detection
# Reference: https://www.virustotal.com/gui/file/a30ddee89d8fdbb64e84643833ddd8e8fade1e9d98e695956a76a79e8fd7e1ee/detection
# Reference: https://www.virustotal.com/gui/file/e16130704c03cbff99d5990da4e40933347e26b711bfdc579eb99d82725d71f7/detection

http://109.120.176.156
megantic.online

# Reference: https://x.com/4n6Bexaminer/status/1822284540527640735
# Reference: https://www.virustotal.com/gui/file/8becf02ba162c3885ade87fb4634c5d119f411f11c2524284107c5555cbd9b87/detection
# Reference: https://www.virustotal.com/gui/file/305868a8be14bd82f86e6aaa4afd639ad10923741faffe921340dcfa2cdaf9e4/detection

http://185.7.214.148
cleanmylaptopmac.com
eurosocceradventure.com

# Reference: https://twitter.com/malwrhunterteam/status/1704395617399652572
# Reference: https://www.virustotal.com/gui/ip-address/159.203.89.132/relations
# Reference: https://www.virustotal.com/gui/file/ab00aaf35d2db919c71b65c7d8bcb5d3879dbf00b9ff136104caded2a70fc856/detection
# Reference: https://www.virustotal.com/gui/file/34ff1240fcaaae2a37665325f587affcf786cf2c875ea09b7b602a62599bca78/detection
# Reference: https://www.virustotal.com/gui/file/6d47c0554abb8187d4dfc36ad9a242da453f7942b5e60bb0ee170b54caac0cac/detection

cellasllc.com
apps.cellasllc.com

# Reference: https://x.com/malwrhunterteam/status/1794256341508468761
# Reference: https://www.virustotal.com/gui/file/89f991ea9ce2c5b59cc07b703d4052231603601aae1b35cc34b258089b5253d2/detection
# Reference: https://www.virustotal.com/gui/file/5879bcbc293a6278d57fcb61b40bc7f3b351be4307cf888769d726d603033a1b/detection

account.worldhealthresearch.org

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/
# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/

http://185.172.128.110
http://185.172.128.123

# Reference: https://x.com/MalGamy12/status/1826621858319663565
# Reference: https://www.virustotal.com/gui/file/6f429ae81ef2b99cd357ae51da315723ab10f3ee54780b82374000cbee430687/detection

http://45.93.20.174
activecitrux.com
aimodel.itez-kz.com
akool.cleartrip.voyage
akool.travel-watch.org
akordiyonegitimi.com
albert.flora-kz.store
andrewsheppard.com
apkportion.com
b.nenkinseido.com
basgitaregitimi.com
clear-trip-ae.com
cleartrip.voyage
flora-kz.store
flow-kz.store
haiper.cleartrip.voyage
haiper.itez-kz.com
haiper.travel-watch.org
havoc.travel-watch.org
highschools2009.com
imageunic.com
itez-kz.com
load.activecitrux.com
load.managerthreads.com
locktgold.travel-watch.org
managerthreads.com
millikanrams.com
newcastlelimos.com
ns1.millikanrams.com
ns2.millikanrams.com
openaai.clear-trip-ae.com
panel.x00x.online
sorablack.cleartrip.voyage
sunumofisi.com
sweethome.travel-watch.org
synthesia.cleartrip.voyage
synthesia.flow-kz.store
synthesia.travel-watch.org
travel-watch.org
uizard.cleartrip.voyage
uizard.flow-kz.store
uizard.travel-watch.org
weface.cleartrip.voyage
weface.travel-watch.org

# Reference: https://x.com/NDA0E/status/1826640848949575938

apple-kz.store
bendiregitimi.com
l.apple-kz.store

# Reference: https://x.com/maulikl/status/1826727004458422674

agattiairport.com
alcokz.net
basgitardersi.com
bignoxplay.com
freecad-build.com
journeyart.org
ldeogramm.com
leboncoin-fr.eu
leonardo-ai.me
softimageai.org
waltkz.com
sweetbonanzadeserts.com
adwq.leonardo-ai.me
asd.leboncoin-fr.eu
load.freecad-build.com
load.journeyart.org
load.ldeogramm.com
load.softimageai.org
loader.waltkz.com
ns.basgitardersi.com
test.alcokz.net
testtwo.alcokz.net
up.bignoxplay.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash&ref_id=f3f25cf2cce#tab=host_pairs_v2

akordiyondersi.com
albanianvibes.com
ambisecperu.com

# Reference: https://x.com/NDA0E/status/1827318701063860299

techdom.click
aimodel.techdom.click
face.techdom.click
facetwo.techdom.click
haiper.techdom.click
luminarblack.techdom.click
synthesia.techdom.click

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/ (# 2024-08-25)

http://147.45.43.136
http://193.233.132.40
http://45.134.26.7
http://5.42.96.124
http://5.42.96.184
http://77.221.151.45
http://77.221.151.54
http://77.91.77.178
http://77.91.77.38
http://77.91.77.40
http://77.91.77.87
http://77.91.77.88
http://85.209.11.155
http://94.232.249.65
http://95.216.96.104

# Reference: https://app.validin.com/detail?find=413e3a6ee9a4cfe0763c01425a5c9ed0&type=hash#tab=host_pairs_v2

damobile.net
woltde.com
mulkrsvtolooy8s.woltde.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/ (# 2024-09-02)

http://147.45.47.170
http://185.235.128.217
http://185.28.119.85
http://194.59.183.241
185-235-128-217.netherlands-2.vps.ac
amika.pro

# Reference: https://www.virustotal.com/gui/domain/onlyfor.pro/detection

onlyfor.pro

# Reference: https://www.virustotal.com/gui/ip-address/193.233.132.137/relations
# Reference: https://www.virustotal.com/gui/file/0e520908d451c0366b600b08990e9f1958414fcdf67c9401c1319303e95847d9/detection

http://193.233.132.137

# Reference: https://x.com/privacyis1st/status/1840786883959251429

http://209.126.1.139

# Reference: https://x.com/osint_barbie/status/1840865672449995261
# Reference: https://tria.ge/240930-a1fjzsycmr/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/94.232.249.131/relations

alienmanfc6.com
apunanwu.com
cphoops.com
iloanshop.com
kansaskollection.com
ledger-cloud.com
makenleane.com
mdalies.com
modoodeul.com
pakoyayinlari.com
patrickcateman.com
phperl.com
stonance.com
utv4fun.com
/458f4bda41bc00314/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php
/kusaka.php?call=
/kusaka.php

# Reference: https://x.com/ryanchenkie/status/1880730173634699393
# Reference: https://x.com/banthisguy9349/status/1881071388381032933
# Reference: https://urlscan.io/search/#81.19.135.228
# Reference: https://app.validin.com/detail?type=ip&find=81.19.135.228#tab=host_pairs (# 2025-01-19)

http://81.19.135.228
99smoothfm.com
altreklama.com
apcmidland.com
bellwethersurveys.com
benvixa.com
biztus.com
blogorious.com
brucall.com
caniberich.com
cdn-telegram.cyou
cpofficial.com
credovsnra.com
dazhongyao.com
devpe.com
dgsinfo.com
djhyzhicai.com
dunkdeal.com
ecolumy.com
escapeesrvclub.com
gokujoutabi.com
hhynetwork.com
hinckleywebandprint.com
hwebprint.com
jaffarkhan.com
jesumaraz.com
jpavuluri.com
koollyrics.com
kypeti.com
louisianaquickfind.com
loumvideo.com
lovlypets.com
macossoft.com
mascotaenadopcion.com
messiku.com
mx9x.com
netextendersupport.com
newtabwallpaperstheme.com
norikosumiya.com
omerve.com
oouatsup.com
picsler.com
pilzmacher.com
pimmes.com
playchees.com
qdhaoge.com
quevalencia.com
realbenies.com
rgueapp.com
roonvar.com
sarahwillemart.com
schytcdagl.com
shahrsaz.com
soccerimg.com
spalumiere.com
spbsky.com
studioq202.com
tao025.com
tao221.com
tao816.com
tao886.com
tao977.com
taytrin.com
teganlily.com
tiaoshibao.com
tjsemicoke.com
tssale.com
update-appstore.com
vladistudio.com
whsdns.com
wikishared.com
xiangtanjk.com
yaocanting.com
zhongdaauto.com
zoamaster.com
zontricks.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash#tab=host_pairs_v2
# TITLE-HOST=Runway Research | Introducing Runway Gen-4

http://82.197.67.174
http://82.221.139.121
aiaggregator.com
archerwescott.com
bateriegitim.com
baumanufaktur-muenster.com
bjj-gameplan.com
leboncoin.legal
cv.leboncoin.legal
polyling.leboncoin.legal
scrip.leboncoin.legal
script.techdom.shop
techdom.shop

# Reference: https://x.com/Malwarebytes/status/1843401297246269675
# Reference: https://www.malwarebytes.com/blog/news/2024/10/large-scale-google-ads-campaign-targets-utility-software

aerodrame.finance
creativekt.com
designexplorerapp.net
foreducationapp.com
studioplatformapp.net
turnrevenue.com
workmeetingsapp.com
clockify.turnrevenue.com
notion.foreducationapp.com
odoo.studioplatformapp.net
slack.aerodrame.finance
slack.designexplorerapp.net
slack.workmeetingsapp.com

# Reference: https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/

bowerchalke.com
carolinejuskus.com
cautrucanhtuan.com
dekhke.com
lirelasuisse.com
mensadvancega.com
mishapagerealty.com
pabloarruda.com

# Reference: https://x.com/suyog41/status/1851507299073864016
# Reference: https://www.virustotal.com/gui/file/a33705df80d2a7c2deeb192c3de9e7f06c7bfd14b84f782cf86099c52a8b0178/detection

http://194.169.175.117

# Reference: https://x.com/malwrhunterteam/status/1857726856675430531
# Reference: https://www.virustotal.com/gui/file/4fb1fa11f4077e8406ac11e55476d4f6852cc75087063b385060d81c9c166a7f/detection

http://70.34.213.27

# Reference: https://x.com/malwrhunterteam/status/1858482586583998838
# Reference: https://www.virustotal.com/gui/file/ca0f682a5f492c20181ddae738212c8490e4b8e0c1b4fa4b8f5bc48de4592fb7/detection

http://141.98.9.20

# Reference: https://x.com/banthisguy9349/status/1873402882424455582
# Reference: https://x.com/malwrhunterteam/status/1889723588195782906
# Reference: https://www.virustotal.com/gui/file/8d947518564bdbefc9af3811a44f856f8ceea0864cbc0a17f06c04f4f3a4a7d0/detection

http://141.98.9.201
http://141.98.9.202
http://141.98.9.203
http://147.22.1.1
http://147.45.43.49
http://185.174.136.197
http://192.233.132.188
http://193.124.185.50
http://193.124.185.53
http://193.124.185.54
http://193.233.132.126
http://193.233.132.131
http://193.233.132.132
http://193.233.132.138
http://193.233.132.155
http://193.233.132.168
http://193.233.132.188
http://194.120.116.186
http://5.44.41.73
http://85.192.63.234
77.221.134.79:5000
fantafab.com
/81bD01OkzH1z

# Reference: https://x.com/suyog41/status/1877182323340488974
# Reference: https://www.virustotal.com/gui/file/ee015087be69203435175c256ee689a00f9ec693e146536c8c132e3311975ec2/detection

http://81.19.135.54

# Reference: https://x.com/gregclermont/status/1877294378663784912
# Reference: https://www.virustotal.com/gui/file/fa1ffa024184f8ade3ef294b5a7a485a48f52361fbf53d37635c2079c57ebcbb/detection
# Reference: https://www.virustotal.com/gui/file/9a0065d15c985dc95189a5c9e808d0209b6d473dd6f44d328bd3c1d42aaabe4d/detection

brewmacos.com

# Reference: https://x.com/suyog41/status/1878707544576974922
# Reference: https://www.virustotal.com/gui/file/80f492d98f2f409de8d9bd4c35b4f4b616ea1e4e855ed3bdc46bf9a7a956f274/detection
# Reference: https://www.virustotal.com/gui/file/8d2bb3be043442dac22f480f02b449525d5ba99b25f95330b674b8face07bcea/detection
# Reference: https://www.virustotal.com/gui/file/b365ac9a8b2dac885d0dfbd765f4b7b08681e4429f0394781e7d0ccbc50d6044/detection
# Reference: https://www.virustotal.com/gui/file/e064ac38282b8abbca176fcee2e2c792e885c49254d986589d974186aecd940a/detection

http://217.69.2.169

# Reference: https://x.com/motuariki_/status/1851386452590158205
# Reference: https://binhex.ninja/malware-analysis-blogs/amos-stealer-atomic-stealer-malware.html
# Reference: https://www.virustotal.com/gui/file/2f1d906d4ddcdba0425062d3814c89a93a514491a92154be74a4643b5c8c4d14/detection

http://141.98.9.20

# Reference: https://x.com/suyog41/status/1881230577199902765
# Reference: https://www.virustotal.com/gui/file/b73216b8c63faf542814a99389fb63de5fddf3800305dbecfe7aa3b9c0d9ab2a/detection

b2eb-115-135-31-192.ngrok-free.app

# Reference: https://x.com/banthisguy9349/status/1881091525427503602

/H0qlUfGV5EU2zrp3wYKr0

# Reference: https://x.com/i/bookmarks?post_id=1881563556736545256
# Reference: https://www.virustotal.com/gui/file/08caa600a0a35bfbbc2f6465877aa28d94ab499c7ffda8b921fb26d3aa59fd15/detection

demeijer.cfd
praanic.cfd

# Reference: https://x.com/suyog41/status/1881944554993267176
# Reference: https://app.validin.com/detail?find=91.202.233.202&type=ip4&ref_id=1df54403cc8#tab=host_pairs

5rd5tgh.cfd
bfgnet.cfd
bfgnet.icu
bmwqq.icu
explosem.cfd
hdking.cfd
ssrtool.icu
twoc.life
yogeshlond.cfd

# Reference: https://x.com/suyog41/status/1882294278086656352
# Reference: https://www.virustotal.com/gui/file/bc933b5ecca8b3864741c92fe0682f41a36bf809862ec9a61b09c83ad7b3d6ce/detection

sbdar.com

# Reference: https://x.com/suyog41/status/1882665545948069933
# Reference: https://www.virustotal.com/gui/file/f8ee5a52ce151c8120f0824593a9d8e153fc925380afcdb1fcdba0fa16147174/detection

luumu.cfd

# Reference: https://x.com/suyog41/status/1883765480827338881
# Reference: https://www.virustotal.com/gui/file/545b52fa91376883bee84c1c3220b1f16d079c1d85718f6bfc1119d685675385/detection

rickardmetal.com
wiramulia.com

# Reference: https://x.com/suyog41/status/1884123851195572527
# Reference: https://www.virustotal.com/gui/file/a6b35fce9e362a29b298090279b87c206d74b1bc00db0b86781f0a68e560c8b4/detection

http://82.115.223.9

# Reference: https://x.com/malwrhunterteam/status/1887415640597647406
# Reference: https://www.virustotal.com/gui/file/ad4e08c042b0cb618c181be11d72bc049b3799dbb946d58502a6df84f64d2741/detection

http://65.20.101.215

# Reference: https://x.com/suyog41/status/1889669330822111694
# Reference: https://www.virustotal.com/gui/file/809c93b69787a489bc92720dae1d69d03e76251b0c93c6e5e0b7db1a8197af19/detection

gominnanoom.com

# Reference: https://x.com/suyog41/status/1889650750462308762
# Reference: https://www.virustotal.com/gui/file/0cf240e85b629990dcac1035207c0cb60af068a1e11b372af98ecf1767eae97d/detection

karinnapadilla.com

# Reference: https://app.validin.com/detail?find=193.143.1.177&type=ip4&ref_id=efdf26799e6#tab=resolutions

betabux.com
tattoobg.com
vocheng.com
4jslg.tattoobg.com

# Reference: https://x.com/suyog41/status/1891379925342679319
# Reference: https://www.virustotal.com/gui/file/2ce574b3c03b2562b4f2303b5e7a4f262868913d01957689f2fdf40a3ab352f1/detection

ttknives.com
zblong.com

# Reference: https://x.com/suyog41/status/1892460976441872634
# Reference: https://www.virustotal.com/gui/file/24b589981850a0b5646ffcbef4b660637153412d3c1b02e5e526a59ef8595be4/detection

http://45.9.117.152

# Reference: https://www.esentire.com/blog/fake-deepseek-site-infects-mac-users-with-poseidon-stealer
# Reference: https://github.com/eSentire/iocs/blob/main/PoseidonStealer/PoseidonStealer-2-12-2025.txt

manyanshe.com

# Reference: https://x.com/malwrhunterteam/status/1893253918450221381
# Reference: https://app.validin.com/detail?find=4da341eee54094c5f73798447dc4da93&type=hash&ref_id=9d7e2f80322#tab=host_pairs (# 2025-02-22)

http://45.93.20.152
45.93.20.152:22
chromiumdriver.io
chromiumdriverbackend.com
echonex.ai
nevex.app
nowsync.app
nowsyncbackend.com
signdocsback.com
us85web.us
zoombackend.xyz

# Reference: https://x.com/malwrhunterteam/status/1894017454113706430
# Reference: https://x.com/malwrhunterteam/status/1894017461927760345
# Reference: https://x.com/malwrhunterteam/status/1894024411780374748
# Reference: https://x.com/ValidinLLC/status/1895120872421437511
# Reference: https://app.validin.com/detail?find=GrassCall&type=raw&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)
# Reference: https://app.validin.com/detail?find=f28820f49d98f8f7cafca5c256f1b807&type=hash&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)

alphawearmn.com
faceboock-page-support-manage.com
gatherum.net
grasscall.app
grasscall.net
grasscall.org
justworkpannel.icu
onda-zm.net
vibecall.app
wavecall.app
wavecall.ca
wavecall.cc
wavecall.co
wavecall.live
wavecall.org

# Reference: https://x.com/moonlock_lab/status/1894447597240140027
# Reference: https://www.virustotal.com/gui/file/fde8c0db46419585b0718c4df7e444d2aeee28b1fad771d39910389b529a8fad/detection
# Reference: https://www.virustotal.com/gui/file/2581a2b05bb39f16562b652311d8f5381a132cc31873c38312684c7a33520706/detection

asa-content-network.s3.us-west-2.amazonaws.com

# Reference: https://x.com/victorkubashok/status/1894737054841335964

miliste.com

# Reference: https://www.seqrite.com/blog/unmasking-grasscall-campaign-the-apt-behind-job-recruitment-cyber-scams/
# Reference: https://www.virustotal.com/gui/file/b63367bd7da5aad9afef5e7531cac4561c8a671fd2270ade14640cf03849bf52/detection

http://147.45.60.20
147.45.60.20:5000
147.45.60.20:8080

# Reference: https://x.com/suyog41/status/1897979588665655589
# Reference: https://www.virustotal.com/gui/file/c9e1af28664983105a2323974e41c7583b89ba175851195da31a662b6b7bfd54/detection

tarhnegasht.com

# Reference: https://x.com/malwrhunterteam/status/1898292008281575545
# Reference: https://www.virustotal.com/gui/file/d90b53c9aa6709339f989b23291def00f68d640e65505c76f6e8682a63c6e935/detection

http://95.164.53.3

# Reference: https://x.com/malwrhunterteam/status/1902667337297170664
# Reference: https://app.validin.com/detail?find=561a327cb399f779a2266e742be2cd33&type=hash&ref_id=9ca321c580e#tab=host_pairs (# 2025-03-30)

playrocketgalaxy.net
playrocketgalaxy.world
rocketgalaxy.io
rocketgalaxy.world
rocketgalaxyworld.com
wayoutstars.com

# Reference: https://x.com/malwrhunterteam/status/1903189675793146333

celusion.us

# Reference: https://x.com/malwrhunterteam/status/1904124859216490610
# Reference: https://www.virustotal.com/gui/file/eeb2e5f06ef8da29a56d1779c1590d82c76b031e7718d0f6c46d1cb57c036d8e/detection

http://85.209.128.59

# Reference: https://x.com/malwrhunterteam/status/1904124773057105923
# Reference: https://www.virustotal.com/gui/file/a13dfdfccc71c26464da61de63f5ff296b3ec90adbb648d42b9861c8c3e422cb/detection

http://45.140.13.244

# Reference: https://x.com/malwrhunterteam/status/1904220955880177895
# Reference: https://app.validin.com/detail?find=213.21.237.149&type=ip4&ref_id=79c3e6f6820#tab=resolutions (# 2025-03-24)

buzztalk.io
gatori.space
monstersdiscovery.com

# Reference: https://x.com/malwrhunterteam/status/1904256374550462605
# Reference: https://www.virustotal.com/gui/file/be3e3c77cf578c6458d515c5a49cfab653df3ba10ccb86e9d13d2376e24483fb/detection

http://45.131.215.191

# Reference: https://x.com/malwrhunterteam/status/1904592976745034180

rocketrumble.xyz

# Reference: https://x.com/malwrhunterteam/status/1905579706222526890
# Reference: https://app.validin.com/detail?find=6b3a5edfe0448f2e93c091abffba96ba&type=hash&ref_id=e2c75a4c57d#tab=host_pairs (# 2025-03-28)

http://77.221.152.24
stone-hunt.com
stone-hunt.io

# Reference: https://x.com/malwrhunterteam/status/1905686280916402299
# Reference: https://app.validin.com/detail?find=8947c73a5933e1d12d23d74fb5dd7864&type=hash&ref_id=8d8694f68ac#tab=host_pairs (# 2025-03-29)
# Reference: https://app.validin.com/detail?find=d530c7a5c822ae0f952338b43ecd8849&type=hash&ref_id=ebeafce65ac#tab=host_pairs (# 2025-03-29)
# Reference: https://www.virustotal.com/gui/file/743a528f1e4f509baa1a6236d9b55464aa0bb465dbe9016249b01f47e3ba4438/detection

my-design.pro
prepaid-au.com
ultrawiew-account.top
wwwpersec.org

# Reference: https://x.com/malwrhunterteam/status/1905528981698281825
# Reference: https://www.virustotal.com/gui/file/1cf676d1e21e8c26eeb0f5375ca7473344cc1510828725587e71b36a7dd1c32f/detection
# Reference: https://app.validin.com/detail?find=Notion%20Desktop%20App%20for%20Mac%20%26amp%3B%20Windows%20%7C%20Notion&type=raw&ref_id=bde04d0cd30#tab=host_pairs (# 2025-03-29)

notiondesktop.com
notiron.org

# Reference: https://x.com/malwrhunterteam/status/1908258300904288529
# Reference: https://x.com/k3yp0d/status/1908801323933339889
# Reference: https://www.virustotal.com/gui/file/0e87f86ec05ceac7f6476b2b9729e5eda1a28fae10198f8af38d88182de94b5a/detection

captcha-cdn.com
captcha-verify-2q7y.com
captcha-verify-6r4x.com
captcha-verify-9h5v.com
jdiazmemory.com

# Reference: https://x.com/malwrhunterteam/status/1909171425778229705
# Reference: https://app.validin.com/detail?find=chattix&type=raw&ref_id=1ccca210e4c#tab=host_pairs (# 2025-04-07)

beepx.app
chattix.us
miycrellatio.com

# Reference: https://x.com/malwrhunterteam/status/1910055525791814128

mktgweb3.com

# Reference: https://x.com/RussianPanda9xx/status/1910777989840749047

http://85.192.37.66

# Reference: https://x.com/malwrhunterteam/status/1911667841113194722
# Reference: https://www.virustotal.com/gui/file/292df3cc6e89f9dd3b7b29680a6d72b29e6579956dfc25163b2c99840c6035e0/detection

koreablockchainweek.app
o-sn.com
adservice.o-sn.com
appleid.o-sn.com
bin.o-sn.com
blog.o-sn.com
docs.o-sn.com
facebook.o-sn.com
geolocation.o-sn.com
support.o-sn.com

# Reference: https://www.virustotal.com/gui/file/a177e43bcdcbf4a824f2d37ebd62d10e2245c1513d05aea292779e593a7b9176/detection

http://192.124.178.88

# Reference: https://x.com/malwrhunterteam/status/1912815854535823504
# Reference: https://www.virustotal.com/gui/file/1ba47b1d35c38d5c39f187f7e729eb28ce26359f5e9bddd7192679c51d4cda83/detection

http://85.192.49.118

# Reference: https://x.com/suyog41/status/1913141025549476141
# Reference: https://www.virustotal.com/gui/file/e539b6b53cf7009e86d0ddb279dec9b84a099aa8c8b2ecd18d65ee17538d772a/detection

gq8ruzk1h3a8.cfd

# Reference: https://x.com/motuariki_/status/1914649222164718077
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/22-04-2025-Amos-C2-IPs

http://138.124.50.93
http://45.94.47.102

# Reference: https://x.com/malwrhunterteam/status/1914948114705764785
# Reference: https://www.virustotal.com/gui/file/adb30f7ba534207834d9ab8d2c197bf78382be23d28bb17db7c52a3b956c0bb5/detection

esramon.com
security-2k7q-check.com
security-check-l2j4.com
security-check-u8a6.com

# Reference: https://x.com/malwrhunterteam/status/1917491170562687184
# Reference: https://app.validin.com/detail?find=bb319c1ddca7fb76e92556a03f854cac&type=hash&ref_id=077f3a32259#tab=host_pairs (# 2025-04-30)
# Reference: https://www.virustotal.com/gui/file/0f0b26beee869a2882e89efb1151cd4bc885b9b7a0884412d19f87176674afa3/detection

dakarsecurity.com
dancinspirit.com
hbgsecurity.com
lammysecurity.com
security-2u6g-log.com
security-3a7q-run.com
security-6u0g-log.com
security-7f2c-run.com
security-9y5v-scan.com

# Reference: https://x.com/malwrhunterteam/status/1914932549790388269
# Reference: https://www.virustotal.com/gui/file/cc2fa0495b0ef3a6e310bfb7b81a302f6f1b245a7d3d12d77d4e0094e8845809/detection

skytribes.io

# Reference: https://x.com/suyog41/status/1915312489509917167
# Reference: https://x.com/malwrhunterteam/status/1915708059235614881
# Reference: https://app.validin.com/detail?find=eff38f1dda00ae10d3fbf51d8ea42242&type=hash&ref_id=c5baa3c43dd#tab=host_pairs (# 2025-04-25)
# Reference: https://www.virustotal.com/gui/file/4b277c6293ce6d6ff45b89c948e0f9b632c2048d2c3adad5f9179efe34a67981/detection
# Reference: https://www.virustotal.com/gui/file/fdb82e2ad560677d241bd7139995e56295001bc3ef72c67173ae91d5db85cc46/detection

aimplyhired.com
gknkargo.com
mapersan.com
morholding.com
sfmontage.com
form.gknkargo.com
ns1.morholding.com
tt.mapersan.com
tt.morholding.com

# Reference: https://x.com/malwrhunterteam/status/1915818585248645399
# Reference: https://www.virustotal.com/gui/file/1bf39bfbe6617e698a653a95606464cbbaf23bf648978fca646e778f4ffacdaf/detection

otter.live

# Reference: https://x.com/malwrhunterteam/status/1916744699835990021
# Reference: https://www.virustotal.com/gui/file/4924ff91e9be84960f9241130e080bb5f3cbf19f17f62e1fc15e48fb6852cd89/detection

http://199.247.9.173

# Reference: https://x.com/malwrhunterteam/status/1916745410581860669
# Reference: https://www.virustotal.com/gui/file/a8775aa6f0c3f3e877ab193586c0e89f083c519c682ba04981ef9e597be76cd0/detection

fetuchini.store

# Reference: https://x.com/malwrhunterteam/status/1917463094608998753
# Reference: https://www.virustotal.com/gui/file/b2b1ca4da78e91954934bc136ce01f8e5a52bb2d05db300ef743c69b1aa8b27f/detection

http://45.94.47.103

# Reference: https://x.com/NullPwner/status/1917702021618229610

http://5.199.166.102

# Reference: https://x.com/suyog41/status/1919259009942712396
# Reference: https://www.virustotal.com/gui/file/f16e85daa5288386169d8355082f02d26dd432cabb9e3b08f9fdf0430c2de883/detection

http://45.94.47.120

# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/07-05-2025-Amos-C2-IPs-Domains

http://193.143.1.177
http://62.60.249.105

# Reference: https://x.com/malwrhunterteam/status/1920161661014466729
# Reference: https://www.virustotal.com/gui/file/1e73b673bce06f26aa4c32f1af76698e2aa59706a61b60ba75c3c4ed7991172a/detection

app-storage-one.xyz

# Reference: https://x.com/NullPwner/status/1921157529188368830
# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing

http://83.222.190.214
odyssey-st.com

# Reference: https://x.com/malwrhunterteam/status/1922409101381742890
# Reference: https://www.virustotal.com/gui/file/a4e36aaebbf904ad8b7639e86b4642a5d5d5407b23c7433daa89c20e1b5d6364/detection

http://45.94.47.145

# Reference: https://x.com/skocherhan/status/1922462317838516405
# Reference: https://app.validin.com/detail?find=ffe32014afcaa1d3f9b404e50d7e157a&type=hash&ref_id=86fe6b7b889#tab=host_pairs (# 2025-05-014)
# Reference: https://www.virustotal.com/gui/file/4c9a8ed229ddfab40582cfb3492a7ff8d5ef2186f43045516272426b6629871e/detection

ads.lantwrk.com
airportsock.xyz
casinojackpotmst.com
com.airportsock.xyz
conuous-tahations.com
darthtieflyer.com
endise-everning.com
etf-alerts.com
go.performance-checkout.com
go.shape-capsules.shop
hargin-bothmerge.icu
lantwrk.com
mingdomrelloon.com
minsitorconsing.com
performance-checkout.com
rinput-vionably.com
samates-seachades.com
secure.etf-alerts.com
shape-capsules.shop
soft2trak.com
sushementgoisermal.com
tpm.prplflowpath.com
track.darthtieflyer.com

# Reference: https://x.com/malwrhunterteam/status/1922700020702142829
# Reference: https://app.validin.com/detail?find=CleanShot%20X%20for%20Mac&type=raw&ref_id=b184cd5f93a#tab=host_pairs (# 2025-05-30)

cleanshotx.cfd
download-cleanshot.cfd

# Reference: https://x.com/motuariki_/status/1924330564880159165
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/19-05-2025-Amos-C2-IPs-Hashes
# Reference: https://www.virustotal.com/gui/file/3bbda6c3695399c068d67c3bc69d92d015d5330ee1176df40c2a521f0416b20f/detection
# Reference: https://www.virustotal.com/gui/file/df5052263fd16e5c34935b58b6d9d76465df0a3c3a1ebfb700e511e936e25dec/detection
# Reference: https://www.virustotal.com/gui/file/aada5d93f099887d6e73e1744ff1e8db9ac18c721266eb4c4c7ba840985c6ce9/detection
# Reference: https://www.virustotal.com/gui/file/36742ba59a06e80703730676f72295f3b06730883d7979eeb93df730d754504a/detection

http://45.94.47.146
http://45.94.47.147
http://85.192.56.11

# Reference: https://x.com/malwrhunterteam/status/1924723878355484874
# Reference: https://www.virustotal.com/gui/file/f573c91f615401caef2c99f93548a54f0bbcfc018e22550cb552b45c03d60312/detection

hubservices.vip

# Reference: https://x.com/malwrhunterteam/status/1924721481725923662
# Reference: https://x.com/solostalking/status/1930977703265554806
# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing
# Reference: https://www.virustotal.com/gui/file/75505c08bbfa79e562a0c7dc9d90ea7cce2364a2a20f459232457921a5653373/detection

83.222.190.214:3333
odyssey1.to

# Reference: https://x.com/malwrhunterteam/status/1925495994885509270
# Reference: https://www.virustotal.com/gui/file/c51786875f1cb268118924aec263514df8069d68cf85f7fed1c2bf6bf6095c4b/detection

entrepreneurshipvillage.com/wp-content/uploads/2021/02/grecaptcha

# Reference: https://x.com/malwrhunterteam/status/1925635508102664267
# Reference: https://app.validin.com/detail?find=2d6f9183dede2e79c7de9b1c04d953fe&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=d3e241db244235d7e36764353b787de0&type=hash&ref_id=d19b8984db4#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=92b908ef253b41d6f4d6f2dc22d9f62c&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-26)
# Reference: https://www.virustotal.com/gui/file/29b039685d5d3893ff13f0478fe8024cdba74120423b8908aa7777008fd8ba3e/detection
# Reference: https://www.virustotal.com/gui/file/0c7330be9bcbfb502a5247f298659b5590a8a58ef634c22ae46eee33e2e49c70/detection

applevpns.com
brewory.com
eiconom.com
homebrewrp.com
isnimitz.com
macostutorial.com
maitaitv.com
meu-inssgovbr.online
specter-storage.com
webull-storage.com

# Reference: https://x.com/malwrhunterteam/status/1926204525435588835
# Reference: https://www.virustotal.com/gui/file/c7516e75f2ffa0626b854c685bde01cfd4a80f015ed6b2ea1833237a5387139f/detection

hostmac.cloud

# Reference: https://x.com/NullPwner/status/1926570453004382511

http://194.26.29.217

# Reference: https://x.com/RussianPanda9xx/status/1908595970352218609
# Reference: https://x.com/banthisguy9349/status/1926982451722682697
# Reference: https://trac-labs.com/the-wagmi-manual-copy-paste-and-profit-2803a15bf540
# BANNER_0_HASH-HOST=5be1b820358b598ff2c0b8f8d8834223
# BANNER_0_HASH-HOST=cd5c0f320d56d8c4099db365562e67de

0ml-store.com
100-international-boutique-purchasing.com
2gatherforever.com
365shoppers.com
4890112.com
acappellabufetramadan.com
adouble-collection.com
aegiokami.com
aerinaorganics.com
afhousing.com
akfnb.com
akusukakopi.one
alicejingbeauty2u.com
alicejingbeautymall.com
alittlestuff.com
almostquaint.com
altnco.com
amcatel.com
anekakitchenware.com
anisedesign.com
annayyar.co
apanakbeli.com
aqualegendconceptshop.net
ar-roast.com
arisheema.com
artechshop.com
asianbritish.com
asoonworld.com
atlasfinders.com
avocadomori.com
awonderlandtw.com
azaanamjad.com
babycosas.com
babymami588.com
bahaibiz.com
bahuba888.com
basementrekordz.com
bassandcoplus.com
bazhenofficial.com
bbasiastore.com
bbeginboutique.com
bcalpha.com.tw
beautyhollic.com
beautymansionstore.com
bedavavideoizle.com
bedazzledlush.com
behomme.tw
benangbynini.com
bestpiz.com
bexarmg.com
bikeabq.com
bilie.co
bilisking2u.com
bitcowe.com
bj31.com.tw
blackymerch.com
blahblah.tw
blondebarhair.com
bogusmerchandise.com
bokittasarawak.com
bolton-onlinestore.com
bomibaby.tw
bottomcoffeeroasters.com
brics.com.tw
brokengooseneck.com
bubunana.com
budt-life.com
bulaugoodgoods.com
bumpnbambino.com
butwho2f.com
byjosietw.com
byondrich.com
byshahidah.com
canbeanyshop.com
candy-fruit-groupbuy.com
carvedcakedesign.com
cataleyacotton.com
cchousingtrade.tw
chantalrae.com
chantii.co
chingkoo.com
chochoshoptw.com
chongswayfrozenmart.com
chuchueat.com
circlebaby21.com
clubdianataiwan2021.com
cnailsmy.com
comicdoma.com
corrinstudio.com
creativemark2u.com
crilight.com
dahdimsum.com
dahliaoils.com
daisyteaa.com
dancojp.com
dankejp.com
danylynnmfashion.com
daoneclothes.com
dermadocskincare.com
dikucikuci.com
district23a.com
divaoffical.com
dmsbatik.com
dodobaby10.com
dorcas-baby.com
dorisscloset.com
doughlittle.com
downloadmacos.com
dreammoodmy.com
dstyleohandmade.com
ecodentataiwan.com
ecospherepetstore.com
egnabev.com
eifkids.com
elfaruefi.com
erphasworkroom.com
escapeesrvelub.com
etechnix.com
ethereallycake.com
evanougat.com
femme-a.com
figure21.com.tw
fioregarden.com
flowerchampflorist.com
flygroceries.com
followerstik.com
fonsc.com
foodstoryshopss.com
foresttcm.com
freesiabox.com
gabeesweets.com
gadesive.com
gardenierbi.com
gateaudemomochee.com
girl-myosotis.com
gloriaycltw.com
glorious7teen.com
gobokharbour.com
grandmasdarling.com
guerillagear.com.tw
guitarfindyou.com
gyhmask.com.tw
happyhappythrift.com
hatchessel.com
hector.tw
heeha-store.tw
heimweetoggery.com
hesingue.com
hkhotpot.com
hoftshop.com
hypercustomz.com
i-rova.com
ididactivewear.com
idieana.com
iii.boutique
ilifethings.com
ilymcollection.com
infnco.com
inla.tw
istmailservice.com
iwstudio.com.tw
jacsmalaysia.store
janggutbear.com
jeannicartisancakes.com
jiaxinbeefest1995.com
jschoicetw.com
junsui-life.com
kabangboutique.com
kakijalan.biz
kalontea.net
katenannie.com
kayanganliving.com
kbcokc.com
kickrollermy.com
kiflhuis.com
kikinaturalwellness.com
kikinatwell.com
kinghomeyeh.com
kingkongdamn.com
kireicute.com
kizunaanime.com
knoble-intl.com
kosmosgrid.com
kpoppavillion.com
kskcollection.com
kuokuocollection.com
labelbornz.com
laojangweb.com
laundrycubeservices.com
leehinmotor.com
lenoreinc.com
lesstoreasia.com
lfm.tw
lidak.tw
lildevi.com
liliysells.com
lisaselect.com
locoano.com.tw
losnashop.com
lotsofloveartwork.com
louislaura.com
lovehazna.com
loveletterkids.com
lshcarproducts.com
lubiduby.com
luminoguard.com
lyraatelier.com
m-e-a-s.com
m28korea.tw
maagj.com
macaronjaracc.com
mandilygift.com
mappercafe.com
marumarulea.com
maysmerized.com
miaowgogo.com
miffycloset.com
mime-flower.com
mimibras.com
minimmer.com
missdadada.com
mohanvpork.com
moishowroom.com
montmartreacc.com
motoktm2u.com
mrkenallen.com
mstore918.com
mucha613.com
muscle-jets.com
muyangyingqing.com
my-magicstore.com
myg1store.com
myglowmemos.com
myhappystarkl.com
myhouseofsocks.com
mypurocoffee.com
mytoys2u.com
naafscarve.net
naatasia.com
nahuypeach.be
nailboxmy.com
natural-deodorant-stone.com
necrolatryrecords.com
nedirakl.com
nervesathletic.com
novalur.com
nullitax.com
nwteaconcept.com
ohhletter.com
ohlumis.com
oi3c.com
oilavishteam.com
olivecandyy.com
oneclick-estore.com
oneredlily.com
online-abset.com
oratw.com
oui.tw
ouiouistudio.store
pakajifreshdelivery.com
pakustore.com
pearlanddaisies.com
pellnaturalhandmade.com
penguintaste.com
peperinty.com
perfumes-collection.net
petitandcoshop.com
picofiltersystem.com
pingopeel.com
pixoos.com
planetajanta.com
playkeyboard.tw
posesinpanni.com
prestigemedispamalaysia.com
ptgglobalsb.com
pulsecoffee.co
queenkorea.com.tw
rainnicious.com
rarepocketofficial.com
rayraygreenhouse.com
realtorrohe.com
reinselect.com
reluck.com.tw
rencahbysherson.com
renjanastores.com
rgarden.shop
ribbont.com
rindept.com
rockexpressxxxxxl.com
rosegallerygiftshop.com
rubyscosplayshop.com
ryopomelo.com
sabbih.com
sabunfiction.com
saharabypsamathe.com
saoaccessories.com
sarradhyya.com
savondemarbella.com
saychisskincare.com
seabluesky530.com
secondplacelife.com
secondspring-store.com
seizeactive.com
sejadahmaryam.com
selfcovidtest.com
sensegears.com
sfworkgarage.com
sgsilvercentre.com
shaashaute.com
shabonito.com
shanellharun.com
sharlenetay.com
shmuacosmetics.com
shopniqabbia.com
shuidangdangofficial.com
silkrushofficial.com
silverlion1977.com
simchatime.com
sislyshop.com
skinholicstore.com
skinnycafe2015.com
smallredlin.store
smate.tw
snkrsss-store.com
solebalms.com
soundtasticmy.com
souqhaven.com
splashi.tw
sqairs.com
sqiucollection.com
stayyuelabel.com
stickynuggzinc.com
stivaliserna.com
studiohikidashi.com
successfulrman.com
sugarcatz.com
superbaccessories.com
surmount.shop
suurostudio.com
taoaroma.com
tejconfetti.store
telekungkareful.com
thasselz.com
the-elodie.com
the3ftstore.com
thecafedeco.com
thechicnoneskpsv.com
thefurfighters.com
thegeroboc.com
thegoodbeercompany.com
thejoiebaker.com
thekiddieshub.com
thelittlelaosia.com
themohcandle.com
thepurposefuljewellery.com
theshoppingbear.com
thesleepycatbookshop.com
thetinytemptress.com
thotlog.com
timetoybar.com
tipsymoment1322.com
titieasygo.com
tjporktrace.com
tkissesmacaron.com
toutatishop.com
trazeall.com
trytea.com.tw
tsestationery.com
ttbabykids.com
tudungfarora.com
tufeicoffee.com
tzaujiang-soap.com
uaofficial.com
ugspy.com
ukasyahgroup.com
usenseseafood.com
utileworks.com
vanillicious.com
vbeltdrives.com
vdrapes.com
veilsstudio.com
velmyna.com
vfashionstore.com
villtage.com
vitawait.com
vuwzer.com
vvvvv-official.com
wangmei-cat.com
weigrain.com
whizurlshop.com
winikigai.com
wuthingsstudio.com
xiaoll.com
xinbakes.com
xyjgamers.com
yapicaexer.com
yklborongruncit.com
yoakeflorist.com
yoloved.com
yuerrrrclothing.com
yusircoltd.com
yvngvualr.com
yyl.com.tw
ziweishop1313.com
/macshare.php
/macshare.php?call=

# Reference: https://x.com/suyog41/status/1926979425079373901
# Reference: https://www.virustotal.com/gui/file/4d3db335f35c4f966e34536895ec6ec11b57c98dcd5b0f3f0c6d143bdce9154b/detection
# Reference: https://www.virustotal.com/gui/file/8b603859ead00473086003dcaa470c1498742328c12face7d878a0d324e4763c/detection
# Reference: https://www.virustotal.com/gui/file/dd0b4a7bbd1940b64eede8346cb7f2f79884e030eb8d44d4a8d1e85919edbfe0/detection

http://45.94.47.136
http://45.94.47.157

# Reference: https://x.com/skocherhan/status/1927086251716354558

applejoins.com
bybapeaches.com
granniesblog.com
maruniryutsu.com
netdepnoithat.com
viicandle.com

# Reference: https://x.com/g0njxa/status/2023409834905743661
# Reference: https://moonlock.com/anti-ledger-malware
# CLASS_0_HASH-HOST/IP=a0e290dacd3c844600041c9716714960
# META_LINKS-HOST/IP=7inject.in
# TITLE-HOST/IP=Вход | 7INJECT.in

http://138.68.93.230
http://185.106.94.147
http://194.113.106.138
http://62.60.232.114
bayneck.com
lagkill.cc
lagkill.lol

# Reference: https://x.com/malwrhunterteam/status/1929787158119755853
# Reference: https://www.virustotal.com/gui/file/08b0fb2bec080d18167c12fdc9be63fc9da4df1d0f3145e980bca96aeec3f770/detection

http://45.94.47.167
http://77.73.129.18

# Reference: https://x.com/suyog41/status/1929544523375329412
# Reference: https://www.virustotal.com/gui/file/400869a7975620373b49950e428517f8113340f0986c519ac3e1c33fefeb5f1f/detection

vostfrseries.com

# Reference: https://x.com/solostalking/status/1930977703265554806

http://185.39.206.183
appmacosx.com
appsmacosx.com
financementure.com
macapp-apple.com
macapps-apple.com
macosapp-apple.com
macosxapp.com
republicasiamedia.com

# Reference: https://x.com/solostalking/status/1933413424006115546

appmacintosh.com
cryptoinfo-news.com
macosx-apps.com
macosxappstore.com

# Reference: https://x.com/txhaflaire/status/1942575186286682544
# Reference: https://app.validin.com/detail?find=b000eb20900b3b90e462&type=hash#tab=host_pairs (# 2025-07-29)
# Reference: https://www.virustotal.com/gui/file/794a4ebc76664b95d79f969514a3517acc8c4a7a6cbeba52e3c480fd0a5a489c/detection
# Reference: https://www.virustotal.com/gui/file/816bf9ef902251e7de73d57c4bf19a4de00311414a3e317472074ef05ab3d565/detection
# FAVICON_HASH-HOST=9108dde25ad958b27f6a97d644775dee
# Reference: https://urlscan.io/search/#hash%3Aab77cc4e64e6830f333071b3bd0cff2fe583f15b3549ecc00428c14ec4094778

http://185.93.89.62
http://185.93.89.63
http://217.119.139.117
http://36.255.98.252
http://45.135.232.33
http://45.146.130.129
http://45.146.130.131
http://45.146.130.132
http://50.201.34.202
http://62.60.131.230
http://62.60.131.249
http://62.60.131.250
217.119.139.117:2000
charge0x.at
littlekitty.at
sdojifsfiudgigfiv.to
something0x.at
ip-5-199-166-102.003.ptr.cherryservers.net
lucid-ride.45-135-232-33.plesk.page

# Reference: https://x.com/moonlock_lab/status/1935409328305144215
# Reference: https://x.com/txhaflaire/status/1935678988820640121
# Reference: https://app.validin.com/detail?find=CleanMyMac%3A%20The%20first%20MacBook%20cleaner%20that%20does%20it%20all&type=raw&ref_id=c28132cd209#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=%3A%3A%22og%3Asite_name%22%3A%3A%22CleanMyMac%22&type=raw&ref_id=c28132cd209#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=28b1c5772c62c50aac5b6a26938a54a6&type=hash&ref_id=259109502e2#tab=host_pairs (# 2025-06-18)
# Reference: https://app.validin.com/detail?find=4ff6f30fb290ea2b9c6633791f9671c3&type=hash&ref_id=28cf7a7f4e3#tab=host_pairs (# 2025-06-20)

almehluz.com
carmenzo.com
cleanmymac.cc
cleanmymac.ru
cleanmymacos.com
cleanmymacpro.net
cmvstation.com
cculturel.com
isbulten.com
jcboury.com
maccleaner.shop
sartaaz.com
stanprinston.com
yeklam.com
mail.cleanmymacpro.net
mail.maccleaner.shop

# Reference: https://threatfox.abuse.ch/browse/tag/odyssey/ (# 2025-06-20)

157.185.143.236:17772

# Reference: https://x.com/ShanHolo/status/1937028229581111434
# Reference: https://www.heise.de/en/news/Malvertising-Search-for-standard-commands-for-Macs-delivers-Infostealer-10438976.html
# Reference: https://app.validin.com/detail?find=2512a89b5e1a44df9d52ee2d7fc03e7c&type=hash&ref_id=d2d7c65287d#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/99eabfe358a1df8966676dafbb1350a315e6df105ba5f21f707da2ec3ddbde59/detection

copynv.com
icloudservers.com
insideoutpix.com
organocreto.com
overcasetv.cfd
rainewest.cfd
tdtcross.cfd
theeyeonid.cfd

# Reference: https://x.com/mossdinger/status/1938581110075891967

stanpriston.com

# Reference: https://x.com/1ZRR4H/status/1940168409381232826
# Reference: https://app.validin.com/detail?find=RivaTalk&type=raw&ref_id=8d76252e159#tab=host_pairs (# 2025-07-03)
# Reference: https://www.virustotal.com/gui/file/4a802433176d4678103090719cd052db50692b2755945e57717f28e5dc257b3d/detection
# Reference: https://www.virustotal.com/gui/file/a47778884f0eb94abf2555e773d9bc61b605086dc3dc93809508b8ce778e7a22/detection

http://194.156.103.89
http://5.181.2.58
amao-wama-mac.org
rivatalk.com
slapix.io

# Reference: https://moonlock.com/amos-backdoor-persistent-access

http://45.94.47.158

# Reference: https://x.com/moonlock_lab/status/1942524364844589264
# Reference: https://x.com/txhaflaire/status/1942575165193298228
# Reference: https://www.virustotal.com/gui/file/b62dc580707d0d968c7070a05b04ca7ec61d5ad14333df1c4f327f3c0e6ed3fb/detection
# Reference: https://www.virustotal.com/gui/file/dec750b9d596b14aeab1ed6f6d6d370022443ceceb127e7d2468b903c2d9477a/detection
# Reference: https://app.validin.com/detail?find=3f8f78a27012650f5acc742a3fa3f619388317d8&type=hash&ref_id=96b470bfdbc#tab=host_pairs (# 2025-07-08)

allteching.xyz
webconnect38.com
webconnect49.com
google.webconnect38.com
google.webconnect49.com
meet.google.webconnect38.com
meet.google.webconnect49.com

# Reference: https://x.com/soursecc/status/1945004289832730778

web-connect.us
webconnect11.com
webconnect49.com
webconnect58.com
webconnect88.com
meet.google.web-connect.us
meet.google.webconnect11.com
meet.google.webconnect49.com
meet.google.webconnect58.com
meet.google.webconnect88.com

# Reference: https://x.com/pcrisk/status/1942837939492225107
# Reference: https://app.validin.com/detail?find=TOP-FIXER&type=raw&ref_id=8e29d8ff42c#tab=host_pairs (# 2025-07-09)
# Reference: https://app.validin.com/detail?find=828f254175bfc69f0afb3c7e714e27dd7d02fc6b&type=hash&ref_id=30a15629823#tab=host_pairs (# 2025-07-09)
# Reference: https://www.virustotal.com/gui/file/3283e6d74667db1cf61ad0bbab91a4a8615f4160a30d28f63bba126652d0862a/detection
# Reference: https://www.virustotal.com/gui/file/525becbf7f430c2de1ede247a2c904f5fc7e26e4136e6d599b0b7ff6c3daf9b3/detection
# Reference: https://www.virustotal.com/gui/file/50c5f1488ae8265d68785c35981f8f53b5a151132defe00850788be0cd2ea30d/detection
# Reference: https://www.virustotal.com/gui/file/41734ce3c26fcf178578da3b2c14aa284b2cee4bd5ed9d6a61d8ce1da62ff275/detection
# Reference: https://www.virustotal.com/gui/file/2130c3282ebbd6de959ca507d98e8cb568ce97e1d487aa1fc1d2f7df033501dd/detection

2yolk.com
adrianfrieg.com
api.mac-helps.com
api.mac-trouble.com
clearpc.pro
fixingmacpro.com
fixpricemoving.com
fixpromax.com
fixups4sale.com
guard-os.pro
helpmacs.help
light-os.pro
mac-helps.com
mac-safer.pro
mac-trouble.com
macfixhub.com
macosfaq.net
mobileengagement.workers.dev
passadmin1.mobileengagement.workers.dev
reboot-os.cloud
riv-mog-otta.xyz
top-fixer.com
top-halper.com
uznbhw.com

# Reference: https://app.validin.com/detail?find=151.106.96.4&type=ip4&ref_id=e1f5bc5a5c6#tab=resolutions

fix-mac-easy.com
fixmaceasy.com
fixmacpro.com
helpmaceasy.com
helpyourmac.com
macproeasy.com
macprohelp.com
macpromaster.com
promachelp.com
promacmaster.com
topfixermac.com

# Reference: https://www.validin.com/blog/http_feature_pivoting/
# Reference: https://app.validin.com/detail?type=hash&find=5412dda9e4ae4f6a20278c12a620ac4c#tab=host_pairs (# 2025-07-10)

captainacefrahm.com
fixitanywhere.com

# Reference: https://x.com/L0Psec/status/1973495155291463808
# Reference: https://the-sequence.com/brewing-trouble-homebrew-spoofed-sites-rise
# Reference: https://app.validin.com/detail?find=Homebrew%20%E2%80%94%20The%20Missing%20Package%20Manager%20for%20macOS%20(or%20Linux)&type=raw#tab=host_pairs (# 2025-07-22)

braw.sh
brewe.sh
brewfaq.org
brewsh.cx
brewsh.org
brrewsh.org
homabrew.org
homebrewclubs.org
homebrewfaq.com
homebrewfaq.org
homebrewfaq.us
homebrewlsup.us
homebrewlub.com
homebrewlub.us
homebrewlup.us
homebrewonline.org
homebrewupdate.org
hornebnevv.com
raw.braw.sh
raw.brewsh.cx
raw.brrewsh.org
raw.homabrew.org

# Reference: https://www.virustotal.com/gui/ip-address/159.100.22.123/relations

bedsonlineproject.org
hoteliuscorpatative.org
hoteliuscorpatativs.org
lidoethstk.org
lidoonlinestk.org
lidostk.org
stubacuras.org
stubacurast.org

# Reference: https://x.com/txhaflaire/status/1945745999709835358

mwcaravan.com

# Reference: https://hunt.io/blog/macos-clickfix-applescript-terminal-phishing

apposx.com
appxmacos.com
cryptoinfnews.com
cryptoinfo-allnews.com
dactarhome.com
emailreddit.com
greenpropertycert.com
macosx-app.com
macxapp.com
ttxttx.com

# Reference: https://x.com/solostalking/status/1948642543119249904
# Reference: https://www.virustotal.com/gui/file/18173041d38c1bc2b6caefcdda0a3d214441ddb4035aa8ddaf178f36a5bee811/detection

actuafix.com
applfix.com
blogifix.com
bossfixes.com
cbfix.com
fix-nic.com
fixablesystems.com
fixer-group.com
fixit-center.com
fixitadvisor.com
fixittricks.com
fixmyhomeonline.com
fixonboarding.com
fixpcathome.com
fixupasap.com
fixyourmedia.com
icanfixtoday.com
ifix-4u.com
mac-fix-hub.com
ozcozy.com

# Reference: https://app.validin.com/detail?find=45.140.17.42&type=ip4&ref_id=430fbdddad1#tab=resolutions

rescue-mac.com

# Reference: https://x.com/Crose_96/status/1949938150333198461
# Reference: https://www.virustotal.com/gui/file/301d376f1ab9dc49873a6fc10474f311efb2a891b00f3cdc4ee2fed0f161cb64/detection

ohmyzsh-get.com

# Reference: https://x.com/L0Psec/status/1952722257052070208
# Reference: https://www.virustotal.com/gui/file/84bc9007228073f4d73f4e6f7a05f920cd9317033d67d4c0cd375bbb95f13c70/detection

ajoyfulbear.com
amoradia.com
arfzs.com
aspotan.com
avamkwilson.com
bomdog.com
brossdeli.com
cnhnational.com
colormeplr.com
comeyco.com
couriontesy.com
cunruivalve.com
dwbutter.com
estanicci.com
figandwine.com
fotosails.com
gfemarket.com
goatramz.com
haminals.com
hogorira.com
hokinusa.com
institutogle.com
kariyerbak.com
kihapma.com
mawebinars.com
micdapp.com
mrvalets.com
nmcrlab.com
pazserraes.com
pfcitalia.com
piposcake.com
reliconn.com
resmanio.com
reviewyoon.com
ristorobepi.com
scygas.com
sdgoodsam.com
secnw.com
shufurepo.com
siappanen.com
sitmulab.com
smoosygear.com
tebogonong.com
tianagarden.com
wasslet.com

# Reference: https://x.com/biggie_linz/status/1952838422005203088
# Reference: https://www.virustotal.com/gui/file/6e15cd9c2a5d7708c6b3b4ae64e8d64ccf54f4020c78302df9e9f67faf985db7/detection
# Reference: https://www.virustotal.com/gui/file/886c36f4625f98537e8f2df5975aab643ad355e13e35023842a10129c0c46865/detection

support-2025-9-14-96279.com
apple.support-2025-9-14-96279.com

# Reference: https://app.validin.com/detail?find=a625f544d8fa8aed90a5e27b4f65184b&type=hash&ref_id=3edeb00d5b6#tab=host_pairs (# 2025-08-06)

04-zoom.us
saakyanart.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos (# 2025-08-07)
# Reference: https://app.validin.com/detail?find=12b0b691a996b2b4f7c513efaeb53b99&type=hash&ref_id=6e68e483527#tab=host_pairs (# 2025-08-07)

aceiteweb.com
adenios.com
agrininsesi.com
alanamango.com
aopasta.com
assancart.com
basallfrey.com
berhs.com
courtetprecis.com
crestviewia.com
drsavala.com
ekochist.com
eriklobben.com
ferreterguia.com
gblbyf.com
goudsite.com
gregtroisi.com
immokraus.com
imosafer.com
jacobaparra.com
jtforce.com
jupagroup.com
laccalhdc.com
letrucvert.com
misshon.com
mizunoaoi.com
netcbc.com
nexuunglobal.com
nitosgallery.com
ntxdm.com
oliviabruns.com
pbmast.com
radiooun.com
redempti.com
sendsgnl.com
smxyrc.com
spekmeats.com
stayinwild.com
stmchina.com
subwara.com
tarangear.com
tebpsy.com
theblumiles.com
tomsti.com
toutentris.com
treohost.com
vivianvalora.com

# Reference: https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8

spalaestacada.com

# Reference: https://x.com/moonlock_lab/status/1955387998578806892
# Reference: https://hackernoon.com/macc-stealer-takes-on-amos-a-new-rival-shakes-up-the-macos-infostealer-market
# Reference: https://www.virustotal.com/gui/file/61f6b48e8433f6bf212c06157bead662f1833b72671b8f832ff3af032fdc4582/detection

innocentwitches.top
kgogowfwef.live

# Reference: https://app.validin.com/detail?find=21e6d9a3878de0ce4a6240064624e598&type=hash&ref_id=436f4260dd7#tab=host_pairs (# 2025-08-15)

bulcaz.com
elemasyon.com
fouinart.com
iconhmc.com

# Reference: https://moonlock.com/macc-stealer-macsync-backdoor
# Reference: https://gist.githubusercontent.com/danslo/1ee79d806493d779c2e5213a0bda8b4f/raw/e8b386f9eb9ec48cb370c72f6c52550b263ce22d/gistfile1.txt

meshsorterio.com
b3e34878-5a7d-458b-8a35-3ea1dae23fdd.meshsorterio.com
brsp.meshsorterio.com
gamma.meshsorterio.com
rxkbnwuc.meshsorterio.com
sphnugamma.meshsorterio.com
staging.meshsorterio.com
testing.meshsorterio.com

# Reference: https://x.com/volrant136/status/1969834756515774880
# Reference: https://www.jamf.com/blog/pyinstaller-malware-jamf-threat-labs/
# Reference: https://www.virustotal.com/gui/file/fc95ff687cfd775acac3b0457332dca170e58b77b27f3ee4f9013984fd9b388d/detection

blazede.com
grand-flash.com
ligobet873.com
myfreshflow.com
stteresaagency.com
vapotrust.com
macstealiwjef8w9euf892jfis893u409wi09eif90w3.onion

# Reference: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
# Reference: https://www.virustotal.com/gui/ip-address/64.188.91.99/relations
# BANNER_0_HASH-HOST=98e92f871c9cc2842ce08356d5c2d376
# BANNER_0_HASH-HOST=f0b7695df281310c34516aa7121a6c48
# BANNER_0_HASH-HOST=b24c3cf2004b0e1c32079cfdf4ed4ee8
# BANNER_0_HASH-HOST=b83ae66f91031ec932c96b27c2ac94cd

3dtechmart.com
al-hamd-trades.com
andijayatrans.com
app-gopluslabs.com
athetiop.com
bauraktars.world
bayikar.life
baykairs.world
blackwestchestersocial.com
blackwidowfinance.com
bonoud.com
ease-ups.com
eetrailer.com
eleven11industries.com
endilinda.com
galvvrachi.com
gamersimpsonse.com
gulftendersgate.com
hanblga.com
hiakmolodes.com
idupisdu.com
jamitros.com
jumaher.com
lblnkedbln.com
mac-pro-app-guide.com
mac-pro-app.com
mac-pro-apps.com
macapppro.com
macinpro.com
macproengine.com
macprograms-pro.com
mana-empire.com
nadedzhda.icu
napworthy.com
ocean-spot.com
ourhealingpoweriswithin.com
pacodogcoin.com
portal-peaqnetwork.com
profitgrowthsolutions.com
rankstaseoshine.com
rokstarseotools.com
savethemurray.com
skilletontour2025.com
star-gold-working.com
tambiktobk.com
trojanonsolbot.com
turbulenok.com
winstaccounting.com
wp-mysterybox.com
ahoastock825.github.io
/mac-git-1-download.html
/mac-git-2-download.html
/mac-git-3-download.html
/mac-git-4-download.html
/mac-git-5-download.html
/mac-git-6-download.html
/mac-git-7-download.html
/mac-git-8-download.html
/mac-git-9-download.html

# Reference: https://x.com/txhaflaire/status/1949875093317779610
# Reference: https://www.virustotal.com/gui/file/c2afb2c050d5675c32fe64ea149c846a32427c901e30398de2bd4395db12f2cb/detection
# Reference: https://www.virustotal.com/gui/file/1e3275db4d609ab1c43776cb2f6a89f7b436457dac6e75c0797f1d532d18fdaf/detection

veitzeatz.com

# Reference: https://x.com/txhaflaire/status/1947932160972714337

ksartaaz.com
maliciosasartaaz.com
malwaresartaaz.com
url-resartaaz.com

# Reference: https://x.com/solostalking/status/1970398358562054434

logmeeine.com
logmeln.com

# Reference: https://www.cyfirma.com/research/odyssey-stealer-the-rebrand-of-poseidon-stealer/

cryptonews-info.com
macxapp.org

# Reference: https://x.com/Now_on_VT/status/1970404965777608932

tradingviewen.com
tradingvieweu.com

# Reference: https://www.virustotal.com/gui/ip-address/185.39.19.224/relations
# BANNER_0_HASH-HOST=33c892281458fe83958a93751c5fb81e
# BANNER_0_HASH-HOST=98e92f871c9cc2842ce08356d5c2d376

acrossprotocols.com
app-matcha.com
bakkesmenu.com
bauraktaris.world
bayikar.world
baykair.world
baykaris.world
bestdigitalmarketing.com
chain-add.com
cooklefun.com
crack-load.com
cs2menu.com
dappladar.com
espanaproperty.com
everyshufflin.com
fi-self-repaying.com
finance-personal.com
fivemmodmenu.net
fwrussia.com
galaxy-swapper-v2.com
gimtuganchiki.com
helldagh.online
kamapulus.icu
kambergebai.com
kamboss.com
kenlead.com
kiddionsmodmenu.net
kidrombobm.com
kimtosin.com
kmsplco.com
krombari.com
kromkamokl.com
meteoraag.com
namatrangul.com
network-portal-dashboard.com
olatugilati.com
ralizon.com
rightpromote.com
tamahsv.com
tamarton.icu
titunlia.icu
ton-stake.net
ucuzayasanacakulkeler.com
us-wavytalk.com
v2-paal.com
v2-xterio.com
vlrtualsprotocol.com

# Reference: https://x.com/banthisguy9349/status/1971492896164676063

1wfrmer.life
afifiniety-photo.world
airdrophotton.xyz
auto-cad.xyz
availproject.life
avidtach.homes
avldtach.shop
avvenay.shop
avveray.homes
avvesun.homes
awe-sun.shop
bantamusr.icu
bayikar.bet
bistki.network
bitiks.com
blolck-games.com
bridge-hyperliqid.com
cleverstudy.lol
cnnalke.shop
comoestases.com
compawsswallet.xyz
dokopka.icu
easways.shop
faralnad.network
faralnad.xyz
fartaland-io.network
fortnitehackv2.com
fragment-tg.com
genshinimpactmodmenu.com
genshinmodmenu.com
gigabyll.pics
gigaioute.xyz
gilgolbutet.pics
glgobytet.shop
gtavkiddionsmodmenu.com
handbrake.homes
hydrogenexecut.com
hylperfinance.network
hylperfinance.xyz
hyperliquid-app.com
hyperlllquid.xyz
jupiteryo.xyz
kasspa-wallet.network
kirita.pics
laeapwalleit.xyz
leaepwallet.xyz
lealpwallet.network
lightingstudio.lol
luckyjet-apps.com
luckyjet-apps.store
luckyjetofficial.online
luckyjetpredictorbot.com
luckyjetpredictorbot.store
luckyjetsignalbot.online
luckyjetwebsite.online
lybira-flnnce.network
lybraifinance.network
lybraifinance.xyz
lybriaflnance.xyz
manta-network.blog
maya-desk.shop
metise.xyz
metlls-dao.xyz
metls-dao.network
metls.info
mines-games.online
minespredictor.com
minespredictor.store
minespredictorbot.online
mode-modular.blog
niotepadplusplus.shop
niotepawd.com
notapad.shop
notepeds.pics
nymtecln.blog
nynntelh.mom
paal.digital
piaylnek.com
pilxeisgame.xyz
pilxel.pics
play-pixiels.xyz
polyiehedra.xyz
poylnex.com
producyglabs.shop
pumpfunn.com
raylnex.com
remix-solidity-ipfs.com
remixparentsers.mom
rgb-gygabit.homes
rgb-gygaibit.mom
rgbfusion.homes
rgbgygalblt.homes
ripple-events.com
rufus.pics
sensnbit.com
siliconwallem.lol
sintolcreated.shop
soflare.network
soflfare.network
soflfare.xyz
solnflare.network
solnflare.xyz
spin-top.com
splton.network
starnket.xyz
stomfi.com
strknetwork.xyz
tangiertiger.homes
tior-priojecti.shop
tonamlcheck.com
trados-studio.pics
trados-studio.shop
turbo-cad.shop
v3-balancer.com
v3-bancor.com
v3-lido.com
valorantskinchanger.pro
viber-ua.shop
warzoneunlockalltool.com
xswapfinance.xyz
yupiterproject.info
zerolandproject.xyz

# Reference: https://x.com/BlinkzSec/status/1972325367684665707
# Reference: https://www.virustotal.com/gui/file/373cf41c5202b8d1c3a87a58e2d6496549edbe5fcae317b84fe393e432324b5b/detection
# Reference: https://www.virustotal.com/gui/file/5be12d5750b54057480f55c47eb0a7e1805d804375946c38666ee37238bb0336/detection
# BANNER_0_HASH-HOST=fba10f7f78009ba109fc111f841835f4
# BANNER_0_HASH-HOST=ca1d5177ddfd5274d031e45baa3c786d

accounts-problem.com
accountsproblem.com
bug.systems
bugs-center.com
bugs-report.com
center-id.help
crash-center.com
device-issues.help
device-problem.com
device-problems.com
devices-support.com
devices-update.com
devices.help
drive-assistant.net
errorfix.help
help-report.com
iboostos.com
ioptimizor.com
ispeedos.com
js-lib.com
linertarim.com
macos.help
os-x.guide
problems-center.com
problems.click
problems.support
problemsystem.com
problemsystem.help
system-bugs.center
system-bugs.com
system-problem.com
system-problems.com
troubles.help
troubleshoot.center
troubleshub.com
updates-center.com
webfiles.app
apple.problems.support
apple.troubleshub.com

# Reference: https://x.com/Crose_96/status/1972756686298648592
# BANNER_0_HASH-HOST=33112a6a90c0a3b487c9d7aeeaba8d63
# BANNER_0_HASH-HOST=6d70cd55f20812dd63b9eb0e046cd2e2
# BANNER_0_HASH-HOST=75a80569c4d5e2125a7f13e7f0039139
# BANNER_0_HASH-HOST=f497dfe9f81886ae587a9ee1c4420ccd
# BANNER_0_HASH-HOST=0d51803dc11f33bc6d4e18f1c7ded400
# BANNER_0_HASH-HOST=c8be5302f0646191737c5611a7a87b4e
# BANNER_0_HASH-HOST=6c21f7ebc2d1c8bcb35b34cba6f7d068
# BANNER_0_HASH-HOST=3c90c989895a2e22d24ff13e494bcd25
# BANNER_0_HASH-HOST=e0d547ae4d129f36f34ca53fc71ca8f8
# BANNER_0_HASH-HOST=d272b623803f0a4fa13f4da676699031
# BANNER_0_HASH-HOST=f5c07882687553671cf14c6a2514c8c9
# BANNER_0_HASH-HOST=fa2c6e4749c9063dfcf512cf20a01342
# BANNER_0_HASH-HOST=fb36754f91ca47ac62622395597c53fb
# CLASS_0_HASH-HOST=77bcbf9b44a9e2a3981824085bb1205d
# META-HOST=:::"twitter:creator":"Virtuoso Rift"
# TITLE-HOST=Download for macOS — DMG or via bash
# TITLE-HOST=Reset for macOS — via bash

100pesos.ph
1hive.online
360dumedia.com
a4aclan.cfd
acetothree.com
ads360service.com
amyluc.com
anecdote.press
angel-dena.online
angkabet12.online
aotmac.com
api-adserver.hnproject.xyz
api-dev.vocasia.id
api.vocasia.id
apipdf.sbs
apple-develope.com
apple-develope.support
apps-install-mac.com
apps.ellishbohemian.com
appstorrent.cc
aqmarithm.com
artemesiav.com
aryna-sabalenka-partner.my
athalaga.com
bah.lol
bankmantap.com
bestplayer.site
betpon.store
bobatotowin889.online
bokepsimontok.id
boostbiotics.com
brninfo.click
btc-cuts.macos-app.com
buy-yasmin.store
casdiorcdnlink.online
casinobu.live
cdn-cursor.com
cenagratis.com
cleahmyimac.com
cleaniymac.com
cloudfile19mac.sbs
computerhelpforums.net
console.serverlab.shop
control.apipdf.sbs
cpanel.macos-app.com
cryptotradesolutions.com
cungxemtin.macos-app.com
cunkale.me
dana123gg.org
depobos12.online
diana4dwin887.online
download.macos-app.com
downloamacos.com
downmacos.com
drangelfranco.com
easywatchdeal.com
email-marketing.hnproject.xyz
emapia.com
evrohome.com
ezy-apk.macos-app.com
favorimgiristop.top
finalcut-app.com
finenci.com
formals.org
g.lazadacdn.com
gamematrix.site
garitotowin87.online
gdplayer.fairuseonly.xyz
get-cursor-app.com
get-logic-app.com
get4paynomore.com
getfourpaynomore.com
getstig.org
git44share.sbs
github-appcleaner.appstorrent.cc
github-appcleaner.macos-appguide.com
github-appcleaner.macosappguide.com
github-crossover.appstorrent.cc
github-crossover.macos-appguide.com
github-fancontrol.appstorrent.cc
github-fancontrol.macos-appguide.com
github-homebrew.appstorrent.cc
github-homebrew.macos-appguide.com
github-homebrew.macosappguide.com
github-iina.appstorrent.cc
github-iina.macos-appguide.com
github-iterm.appstorrent.cc
github-iterm.macos-appguide.com
github-iterm.macosappguide.com
github-nodejs.macos-appguide.com
github-nodejs.macosappguide.com
github-postgresql.macos-appguide.com
github-postgresql.macosappguide.com
github-postman.macos-appguide.com
github-postman.macosappguide.com
github-sublimetext.macosappguide.com
github-teams.macosappguide.com
github-tunnelblick.appstorrent.cc
github-tunnelblick.macos-appguide.com
github-tunnelblick.macosappguide.com
github-unarchiver.appstorrent.cc
github-unarchiver.macos-appguide.com
github-vlc.appstorrent.cc
github-vlc.macos-appguide.com
github-vscode.macosappguide.com
glcsnoampgiris.top
glossbyda.com
goluxu.macos-app.com
googl.secureapps.live
gopy777.com
gov-bd.live
gua.wantmygift.com
hizlifast.com
hostadmin77.com
illudie.com
indo24hnews.macos-app.com
indonesiafilenetwork.macos-app.com
install-mac-apps.com
insurranceself.macos-app.com
inventory.kym.or.id
ishengtong.com
iterm.macosappguide.com
iterm2macos.com
kastoto887top.online
kazzs.com
khuyenmai188bet.macos-app.com
khuyenmaim88.macos-app.com
koitoto992jpwin.online
l.anecdote.press
lambobahisamp.top
lazadacdn.com
lcloud77mac.com
livewebcam4u.macos-app.com
m-aum.macos-app.com
m0nopoly-go.site
mac-backup.com
mac-byte-bridge.com
mac-lcloude.sbs
mac-roproforge.digital
mac-zip-rocket.com
mac11oscloud.com
mac1oscloud.com
mac22oscloud.com
mac2cloud.com
mac2cloud4you.com
mac2oscloud.com
mac33oscloud.com
mac3oscloud.com
mac44oscloud.com
mac5oscloud.com
mac66oscloud.com
mac6oscloud.com
mac777oscloud.com
mac77oscloud.com
mac7oscloud.com
mac888oscloud.com
mac8oscloud.com
mac99oscloud.com
mac9oscloud.com
macapp.it.com
macappcore.com
macapplab.com
macappnest.com
macaroq.com
macaroza.com
macblobbus.com
macbridgelink.com
macbytegrab.com
maccacheportal.com
maccarrier.com
maccastlink.com
maccaststream.com
maccdncanyon.com
maccl0ude.com
maccloud12.com
maccloud4you.com
maccodenode.com
maccouriergo.com
maccryptodrop.com
macdatadock.com
macdatapipeline.com
macdataworks.com
macdelta.com
macdockrelay.com
macdockroute.com
macdocpro.com
macdownlink.com
macdriver-drawer.com
macdropio.com
macenix.com
macfile2download.com
macfile4download.com
macfilearmor.com
macfiledownload.com
macfilejet.com
macfilenet.com
macfileseostup.com
macfilesetup.com
macfirstsrtups.com
macfory.com
macgateport.com
macguidecatalog.com
macguidelibrary.com
machelproom.com
machubrelay.com
macivoid.com
maclaneport.com
maclinkon.com
macmigrate.com
macnetcraft.com
macnexusfactory.com
macos-app.com
macos-appguide.com
macos2download.com
macos2file.com
macos2soft.com
macos44soft.com
macos4cloud.com
macos4cloud12.com
macos4download.com
macos4soft.com
macosappguide.com
macoscloud4you.com
macoscloudyou.com
macosdrive.com
macosdrive1.com
macosdrive3.com
macosdrive4.com
macosdrive5.com
macosdrive6.com
macosdrive7.com
macosdrive8.com
macosdrive9.com
macosfile12download.com
macosfile3download.com
macosfile444download.com
macosfile4download.com
macosfile7download.com
macosvpn.com
macpacket.com
macpassage.com
macphotonanchor.com
macpkgzone.com
macportdock.com
macprivacyhub.com
macqueue.com
macquickstartkit.com
macroutedock.com
macsafedatafold.com
macservice-station.com
macsetstopguide.com
macsetupcompanion.com
macsetupfile.com
macsftpspire.com
macshareflash.com
macsharehub.com
macshareup.com
macshortcutlab.com
macsmartlink.com
macsoftwave.com
macstepnotes.com
macstreamer.com
macswiftly.com
mactechdrop.com
mactokentrunk.com
macuplink.com
macuplum.com
macxfercloud.com
mail1.m-aum.macos-app.com
martapaszt.forum
modestopowerwashing.com
mpacksmedia.online
my-css.online
mybbrc.com
nakama77.online
newyorkcity-tour.macos-app.com
nisanbetgiris.store
nodejs-app.com
ogrdowafontanna.pics
okbos.live
opaltogel12.online
osmac87file.com
ovogacor.online
pafipekanbaru.site
paktoto178winjp.online
pay.1hive.online
payamvls.com
presidenslot88.online
qqhokwarp.com
qris.pw
radtkeins.com
rafallokwenc.autos
reddio.org
refriluxefeitosa.com
rends.me
resetguidemacos.com
restaurantdelivery.org
roypayment.com
search.secureapps.live
secureapps.live
sflink.xyz
share111git.autos
share111git.beauty
share111git.homes
share111git.quest
share2e2git.sbs
shmsports.com
showfastdeal.com
sicantik.site
singaporetourtip.macos-app.com
soft4macos.com
softmacos.com
sowinsamponline.top
ssmatome.com
streamofday.com
sublimetext.macosappguide.com
suipport.com
sukienvlmb.macos-app.com
superligawin168ori.online
surokka-gov-bd.click
tadanohito.com
tapchitin20s.macos-app.com
tcibrand.com
teslatoto77.online
ticktick-app.com
tiktok.bokepsimontok.id
tinthoisu24h.macos-app.com
togelup234jp.online
torrents4mac.com
tonightthais.macos-app.com
tradingflowersviw.com
tradngvew.com
travelchanneleurope.macos-app.com
travelnewforest.macos-app.com
ukforester.com
uparjonkori.com
upload-image.click
uptorank.com
us.yobokep.id
videogxhd58.macos-app.com
virtuosorift.com
visionarytechies.com
visionsfcu.cloud
vocasia.id
voltekled.com
vpnforyourmac.com
webdisk.macos-app.com
xinhspa.macos-app.com
yobokep.id
zingstream69.macos-app.com
bit.sublimetext.macosappguide.com
github.iterm.macosappguide.com

# Reference: https://x.com/suyog41/status/1973987326461423676
# Reference: https://www.virustotal.com/gui/file/a031ba8111ded0c11acfedea9ab83b4be8274584da71bcc88ff72e2d51957dd7/detection
# Reference: https://www.virustotal.com/gui/file/8616284574b01363f791b26d921ae80a7bb3449c5f752df27ada99e507b3203d/detection

franceparfumes.org

# Reference: https://x.com/solostalking/status/1974037558100181430
# CLASS_0_HASH-HOST=34c4fad1530860981c4a1503d64edbb7

adguardapp.com
altyazitube63.lat
aztecnetwork.biz
cloud-washington.com
dropsradar.org
enroll-reppo.xyz
farlabs.live
flare2025.com
gohixes.com
intercheck-cloud.com
jesook.com
kindomford.com
pin-up0046.com
racerdotfun.xyz
cloud.flare2025.com

# Reference: https://x.com/banthisguy9349/status/1974815914060042313
# Reference: https://www.virustotal.com/gui/file/087ab01c622f24c3bbcc8a40da822b80af7941c0017ce925725200aae1969510/detection
# Reference: https://www.virustotal.com/gui/file/0bfa39bb8695539e0e588ce39a35752849873e00fa8f68f744884e2ef66d0f98/detection
# Reference: https://www.virustotal.com/gui/file/748f68dca2824613e130bd6b852c55f18b56447d0a0188f7ad404a3fb476befd/detection

progressdev.xyz

# Reference: https://x.com/suyog41/status/1975518926252511465
# Reference: https://www.virustotal.com/gui/file/7f69f3012e134d1f5084fbb9086697da66a9b0e9240c4e1413777b9e1099aca9/detection

aubr.io

# Reference: https://unit42.paloaltonetworks.com/clickfix-generator-first-of-its-kind/
# Reference: https://www.virustotal.com/gui/ip-address/188.92.28.186/relations
# CLASS_0_HASH-HOST=81fdcf68dec325a6b52e368488781a14
# FAVICON_HASH-HOST=a7eda883652648ec8df1e5542b6bb404

http://188.92.28.186
http://45.144.233.192
2pi-bd.com
2pijobs.com
actorspruce.com
aluguelfoco.com
app-en-us.pro
axlecord.com
bartio-faucetberachain.lol
bartio-faucets-berachained.lol
blueswap.world
claim-chain.link
claudflurer.com
cleanshot.us
cliente.aluguelfoco.com
cloudlare-lndex.com
coingecko.com-en-us.cloud
com-en-us.cloud
connectaccountingadvisory.co.uk
cyfrowewitryny.online
dactarbari-healthsuite.com
dactarbari.com
debank.com-en-us.cloud
deepseek.com-en-us.cloud
digitarenexus-moventarionexa.cfd
digitarexalumis-novarionexa.cfd
digitarolumis-moventarionexa.cfd
digitnuvarexa-travonquexil.shop
eagleai-research.pages.dev
eagleailab.com
electrum.com-en-us.cloud
elysianwhimsy.org
exodus.com-en-us.cloud
faucet-berachain.lol
faucet-berachains.lol
fitgearuniverse.com
fusedbaseball.com
galxe.com-en-us.cloud
github.com-en-us.cloud
hoobs.ai
ibs-express.com
ibsexpress.cg
indexsm.com
io-en-us.info
itts.pages.dev
leaderboarduniswaportfolio.app
ledger.com-en-us.cloud
link-chainlink.com
looksrare.com-en-us.cloud
migration-propchain.xyz
neuraprotocol.icu
opensea.io-en-us.info
orbiter.com-en-us.cloud
orionix.pro
pablico.es
phantom.app-en-us.pro
pinchbug.com
podiumllc.com
prunechit.com
rainbet.bet
routejug.top
sapien.lat
situationspruce.com
syncswap.com-en-us.cloud
teamsensoft.com
tuttin-ch.space
ukpropertycert.co.uk
uniswap.com-en-us.cloud
worthchance.com
zantsolution.com
zen-btc.app

# Reference: https://x.com/L0Psec/status/1975982420919976412
# Reference: https://www.virustotal.com/gui/file/43f7d89e7e3493be24989f1ce5dfbe7fd2869828b8f767645840921cdb92a4c1/detection

nadrty.com

# Reference: https://x.com/Crose_96/status/1976799349779972472
# Reference: https://x.com/Crose_96/status/1976805425455808909
# Reference: https://www.virustotal.com/gui/ip-address/185.251.89.109/relations
# Reference: https://www.virustotal.com/gui/ip-address/23.177.184.137/relations

elasticdataport.com
metricsaggregator.to
nodalservicebase.com
quietlybuildzone.com
secureapimiddleware.com
shadowqueueflow.com
staticruntimelog.com
brsp.secureapimiddleware.com
comgamma.secureapimiddleware.com
gamma.metricsaggregator.to
gamma.secureapimiddleware.com
plsp.metricsaggregator.to
plsp.secureapimiddleware.com

# Reference: https://github.com/hagezi/dns-blocklists/issues/7678

shoter.org

# Reference: https://x.com/suyog41/status/1977605119450735044
# Reference: https://www.virustotal.com/gui/file/ab65b877ba971181e2c4729b4fcbc0375ec70c8f7b0fa7262fd84d5272fb2fcf/detection

nexpal.cc

# Reference: https://x.com/suyog41/status/1978706393692606688
# Reference: https://www.virustotal.com/gui/file/7ae7136853d286fbabc1da07ee891a0c385096ac3be8b3c8c7088c6265e4517f/detection

http://217.119.139.97
217.119.139.97:2000

# Reference: https://www.virustotal.com/gui/file/02c5c936e8bad1d6e9252ad47e0544e91bc33d69c1ed12eadf66fdeae0fff49a/detection
# Reference: https://www.virustotal.com/gui/file/4f69f7abbccb60f04b0eeaee7a37054475abef18e9dc6be1c2c183937783e593/detection
# Reference: https://www.virustotal.com/gui/file/5824b7a5cb3a5bd3a1fd20f6b577a78fff9462e6553cb5dcac2cd342a842f863/detection
# Reference: https://www.virustotal.com/gui/file/947981e686ad189d1365ba3aeae7e30d4a4fd2588824be64e19f04d2888ff502/detection
# Reference: https://www.virustotal.com/gui/file/a231b0c685a774fcbfc05a06af9476b7c82a4b0103cf6796151fc7697a9de826/detection
# Reference: https://www.virustotal.com/gui/file/a2a0a44a8d2a6054df00b9228df73261b8c9b961ea8d394f9a2b7f2ca2a64482/detection
# Reference: https://www.virustotal.com/gui/file/e19924793392da65c27889c6454172125c52f3b39ec198bdae15b7acabcd6b04/detection
# Reference: https://www.virustotal.com/gui/file/fec84913c615173ba00f10778005ce9930db572849d931a065bc73485e4b1340/detection

/api/v1/xuystats

# Reference: https://www.virustotal.com/gui/ip-address/87.120.93.15/relations

arctikshown.com
nuvraka.com
tradingview-mac.com

# Reference: https://x.com/L0Psec/status/1980965563636789444
# Reference: https://www.virustotal.com/gui/file/9a4b14a7ff3cc6443a2b9e3a95a2259295d5809b81cd5829d12fa87d4e60ed71/detection

security-att.com

# Reference: https://x.com/Crose_96/status/1981842656704835769
# Reference: https://x.com/Crose_96/status/1981842834157449479
# Reference: https://x.com/Crose_96/status/1981842856307491190
# Reference: https://www.virustotal.com/gui/file/23ca3d8cb9012c97f95756ab6653f68954c6f233c75f28ad3d4ede37192866b3/detection
# Reference: https://www.virustotal.com/gui/file/87dcdf8506abc83870502ced2cef13731feb95a87229680b98e30faa7d88f998/detection

http://185.95.156.240
alamostc.org
apple-fixhub.com
sktmed.com

# Reference: https://x.com/L0Psec/status/1982063577839157470
# Reference: https://x.com/L0Psec/status/1982059747789734225
# Reference: https://www.virustotal.com/gui/ip-address/45.159.79.219/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.44.87.204/relations
# Reference: https://www.virustotal.com/gui/file/b9ef067ffa09d325a7e378f5495b405d2a6c798795df64ae7cf2fffd8dd2ed4e/detection
# Reference: https://www.virustotal.com/gui/file/15a36e85513b7b41f91f5a41e3a6b483a07096875ee0c437c8f5a6291f017a33/detection
# Reference: https://www.virustotal.com/gui/file/62a247ca3de53553561b50d99fb7565315f7e5947ee16001873ef88927547c4c/detection
# Reference: https://www.virustotal.com/gui/file/b78bc3129be7eb0acae309be4ef96710f886fbe6b2d86a70b1cec3a72fa63ccb/detection
# Reference: https://www.virustotal.com/gui/file/ff3a686d19f69ac1067534471fc25fa05c301db46c49a0415d2cb310dbe6af79/detection
# Reference: https://www.virustotal.com/gui/file/c9dea3af7df48d897f8deb1b5d00a9d01c59fce16899008a6ca0a8c2e7ec9b90/detection
# Reference: https://www.virustotal.com/gui/file/99dd79f9d3bee8df2751734130db381b4af18b46e99cd25654e5460de75bb5f2/detection
# Reference: https://www.virustotal.com/gui/file/738dfff9619135ef8c92d4002b41a59e6c900ad1212b1ee2f0e5523b4e7dfbec/detection
# Reference: https://www.virustotal.com/gui/file/63dde5442626cd25900f42c013c691f822042d4037e1ff180fb613a904b612b7/detection
# Reference: https://www.virustotal.com/gui/file/5feabe20874d4f201668da68ca1e86ee679e91e83ec076cbfb60403de0f455e5/detection
# Reference: https://www.virustotal.com/gui/file/38152f2eef983395ed7c0187299a95078090221cb15b1eaef65ef616ce78e051/detection
# Reference: https://www.virustotal.com/gui/file/133c208e9a3ecf572ae416dac8e5d4d6f1239a7959d4f4adf118d272446b4dc9/detection
# Reference: https://www.virustotal.com/gui/file/10dd967e952639e9b29f43b8534e97abea0e5ac0c31b1fe2178e47983c62182e/detection
# Reference: https://www.virustotal.com/gui/file/e0cad06a4af839da02db55c9c7c7b8fdf52b5b595e5111e5ea3dabb065dafa66/detection
# Reference: https://www.virustotal.com/gui/file/c15a0c4a7d8e9e0c40122043a65f4030246f5605f97dae97eadd3c8e42c1ade2/detection
# Reference: https://www.virustotal.com/gui/file/0b0734fa1b4280f35b5c9c57b9aa110c9a322c22924c8c2c08f39ad166a7d3c8/detection
# Reference: https://www.virustotal.com/gui/file/07d05be5a2031cdd3a12ceb44c3a84075c738e94dbf58566f26b0d91aaa011db/detection
# Reference: https://www.virustotal.com/gui/file/0a1e0d4ed50f9d2988b6f9097dfebc703347e38e5751adcbdde21dcf7a7e0e3b/detection
# Reference: https://www.virustotal.com/gui/file/bc02ee28487208ea4de35f5439f63f60a456b619552f77f2d725cb4140e3b505/detection
# Reference: https://www.virustotal.com/gui/file/0c10b41852c60aa55e5ee3338347be89233072c36852db18f900891c5e3fa714/detection
# Reference: https://www.virustotal.com/gui/file/4764de462124a6a6c18eee2ea3b15886a7a429ab63316be9ad9be75f13d3f4de/detection
# Reference: https://www.virustotal.com/gui/file/598745d81cd8935fde142644ab4ce527071b60ffe2b4ddac73e4f45eec927317/detection
# Reference: https://www.virustotal.com/gui/file/721bd5030773e8fc11f17e725cf2ed19357546cb4ec2653cfe8c752ab0e4cc03/detection
# Reference: https://www.virustotal.com/gui/file/a38be1dd99f2bafa52f858a1f40d46a830da2f45029fe3d8f405781cc2392e48/detection
# Reference: https://www.virustotal.com/gui/file/c3178905a95a5037110f65343378eb562221a8d7c5cbb986b9674609d33e59d6/detection
# Reference: https://www.virustotal.com/gui/file/f2821f2d701a44890fe73d246feb057bd88ee83de4a1263ff9587fdfbb3a79c7/detection
# BANNER_0_HASH-HOST=e09a907e91bd7540a463157a120bbe84
# BANNER_0_HASH-HOST=4f7505bf09b569d2cfe36e17f4147761
# BANNER_0_HASH-HOST=2a504073b2190b0a497965d049cc7b84

abusefolder.com
abusemode.xyz
abuserepo.com
affectway.com
algfirst.com
algsend.com
alkormuse.com
andrybork.space
applegrowe.com
basicdouble.space
boardcourt.com
borkdeal.com
boss-b.live
buchhalterupgrade.com
budgetwijs.com
buildnetcrew.com
busdtape.top
bynvex.com
cerplx.com
chicagosone.com
chillzome.space
colaideborn.com
corpfin-advisory.com
dalafrid.cloud
defaultgater.com
defeatgate.com
defidork.com
defistame.com
deforkmade.com
delivewryme.com
dhulinwerkol.com
digitaletrends.com
digitalewereld.com
dreksim.com
drumcath.com
ergodown.com
filebreef.com
fin-majster.com
fin-slim.com
fin-techzone.com
fin-wijs.com
finan-plan.com
fincieelslim.com
fingramsk.com
finmajster.com
fintipy.com
fiscoskillz.com
folkdoom.com
footballee.com
forcemapp.com
forestnumb.top
frostlwake.com
frozendoome.com
futurefinhub.com
gatedm.com
gatemonteray.com
globalnetman.xyz
graktim.com
greenmodee.com
gynthor.com
help-googleworkspace.com
jantiagoserimodo.com
letgenmode.top
metricmind.net
mind-mastr.com
novauctovnictvo.com
oct-memberfix.space
pfcleaner.com
prunkmjakfolr.com
sg-grow.com
spaarslim-bel.com
u-varo.com
vipgatesecond.top
walikomart.org
wallmrt.net
wlynketozosmone.com
xaphildhrenak.com
yrdansilvera.com
archive.boardcourt.com
archives.boardcourt.com
bsdzcpcp.boardcourt.com
dhrtiqyt.boardcourt.com
emfhgsgy.boardcourt.com
eoaqgpmv.frozendoome.com
itzzonwi.boardcourt.com
jojeayry.boardcourt.com
kfpmddem.boardcourt.com
kwkhfist.boardcourt.com
lwwtkrlm.boardcourt.com
mrgjwlit.boardcourt.com
mvsvnibh.applegrowe.com
pxfgvber.boardcourt.com
redbusprimarydns.boardcourt.com
redbussecondarydns.boardcourt.com
site.budgetwijs.com
site.digitaletrends.com
site.digitalewereld.com
site.fin-majster.com
site.fingramsk.com
site.mind-mastr.com
thuhfovs.boardcourt.com
tztqdmlc.boardcourt.com
vsbtzdey.boardcourt.com
vvxamgim.buildnetcrew.com

# Reference: https://x.com/g0njxa/status/1982934216489984157

apple-pkgs.com
mymadowload.com
ztotys.com

# Reference: https://x.com/suyog41/status/1985611651136307312
# Reference: https://www.virustotal.com/gui/ip-address/77.239.99.216/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.141.160.60/relations
# Reference: https://www.virustotal.com/gui/file/b805acd4744ca0904a2e238c6eedbc12983424647704a95fa80aff51bdd4069d/detection
# Reference: https://www.virustotal.com/gui/file/b4e02f550e13a6b48e92708fc2950942e5d66df0fb2e32a3235ce711ecf7dd63/detection
# Reference: https://www.virustotal.com/gui/file/fb4db942e88f92744fd446de08beafc7d8388e50a5597a8180b049a83e9dc767/detection
# Reference: https://www.virustotal.com/gui/file/088df122fc246fe5374c99e26932d6d9b3c47056ebe58ce1aac0de41d34540f9/detection
# Reference: https://www.virustotal.com/gui/file/f597e9a126f45a0c4506eebe4882f758a2d03ba12079a97a394b1262e395b6b0/detection
# CERT_DOMAIN-HOST=internal

aldentemore.com
apple-java.com
code-cloudflare.com
delgone.space
efordstaut.space
elbrone.com
gate-default.com
gonabemsi.com
lowerdown.space
mac0soft.com
mac2soft.com
mac3soft.com
mac44soft.com
nordmest.com
torodusty.com
workspace-googlemeet.com

# Reference: https://x.com/L0Psec/status/1986258563484831945
# Reference: https://www.virustotal.com/gui/file/589e3f581bdf621b1ddc2ad59a04813a576e48a4fab0b817dbbaae0d55986641/detection

ardeseni.com

# Reference: https://x.com/suyog41/status/1986677968048169222
# Reference: https://www.virustotal.com/gui/file/7145aac66db544b6e2aa41402b1dd684de6d6db137ff938687e0e2ef56d666d6/detection
# Reference: https://www.virustotal.com/gui/file/c4a49d32369ea408fd0439139625304ba6be0439dddf806c46ef985295604eed/detection
# Reference: https://www.virustotal.com/gui/file/02b5e90522b49b3aab96480ebd7cb29e9c7cc628d65ca0b02555022879192302/detection

vipgatearea.com

# Reference: https://izzyboop.com/posts/macsync/
# Reference: https://www.virustotal.com/gui/file/571ddf01e407ecddca1df9db3e5212f8ae76d8d3dfea292facdb862b984ddb67/detection

disruptmyself.com
58462.disruptmyself.com

# Reference: https://www.virustotal.com/gui/ip-address/87.120.93.15/relations
# BANNER_0_HASH-HOST=6c266b25bda0e809c035a0d8a908612b
# BANNER_0_HASH-HOST=84d41b483d5739046e8dd7f85fef6fb1
# TITLE-HOST=Sora 2 — AI without limits for everyone.
# TITLE-HOST=Download for macOS

50promo.com
50promogift.com
573uuu.top
afina-interview.com
afina-interviews.com
chatgptsapp.com
download2026.com
getsora.app
getsora.cc
honestly.ink
lucky-io.com
megaxwinvip.art
sorachatgpts.com
updatesrc.bet
zip-trader.com
app.download2026.com
bitkub.50promogift.com
mac.download2026.com
sora.chatgptsapp.com
sora.sorachatgpts.com
v2.chatgptsapp.com
sora.app.download2026.com
sora.mac.download2026.com
sora.v2.chatgptsapp.com

# Reference: https://x.com/L0Psec/status/1988942977767801063
# Reference: https://www.virustotal.com/gui/ip-address/144.31.90.59/relations
# Reference: https://urlscan.io/result/019a7d22-0976-749b-9588-e0f4997733f6/

promo2026.com
promo20l26.com
trad1ngv1ew.blog
tradinviewai.com
tradingview.promo2026.com
tradingview.promo20l26.com
tradingview.new.promo2026.com

# Reference: https://x.com/suyog41/status/1988567262458986837
# Reference: https://www.virustotal.com/gui/ip-address/77.239.99.216/relations
# Reference: https://www.virustotal.com/gui/file/e3102ab9b39d68d1372691c48366d77e977a1410b92919622b86538c31ac74d5/detection
# Reference: https://www.virustotal.com/gui/file/fc2743722e53b87de3b24294d09b79af664534678bf13c6566cdb669463c0830/detection
# Reference: https://www.virustotal.com/gui/file/9fae4d1171db0458612b0308c8e05dcce71e5863855fda05bce120a23408845a/detection
# Reference: https://www.virustotal.com/gui/file/9887aeecc52d368fe4442a7d9d5aecd24dfdb1f122a17e036bb2f3ae2be77be7/detection

amicl.com
atmung.com
aromasynergy.com
cerrillos.com
falsealarms.com
nhaxuong.com
secureave.com
stockalfa.com
taskpicks.com
veryfocus.com

# Reference: https://x.com/txhaflaire/status/1989007806255542281
# Reference: https://x.com/L0Psec/status/1989048095687258118
# Reference: https://x.com/malwrhunterteam/status/2014982649895387592
# Reference: https://x.com/L0Psec/status/2015047749733933457
# Reference: https://www.jamf.com/blog/jtl-digitstealer-macos-infostealer-analysis/
# Reference: https://www.virustotal.com/gui/file/da99f7570b37ddb3d4ed650bc33fa9fbfb883753b2c212704c10f2df12c19f63/detection
# Reference: https://www.virustotal.com/gui/file/9f70756435f474b57765bc004f4ad84d0fb6e29a9aed1c5998c7ee8dfa139baa/detection
# Reference: https://www.virustotal.com/gui/file/47a5467c35b34a28035d82ad75b75a3c1b26bdc6891e1e342db7d4a94f31ed82/detection
# Reference: https://www.virustotal.com/gui/file/dd643a414e9dee3035c90c664bda0f48d251c6d43ce88865ef9fae2056795707/detection
# Reference: https://www.virustotal.com/gui/file/ca699fcc2b74a6bc29032f3fcd3f0cbd4f30103bdffd7875d01af08345a7c894/detection
# Reference: https://www.virustotal.com/gui/file/b46da334d97aaf210873c89bdb08da18db88cc84638986af513a49d663e4091d/detection
# Reference: https://www.virustotal.com/gui/file/5581fc6bb9cb944a9e4ef1f9fe367350824edcc82f517639548530f8f46f2f52/detection
# CLASS_0_HASH-HOST=40761f053f9e3c596078c26e92d0d3d3

applake.app
applelake.app
applelake.io
applelake.org
appsformacs.cc
atlasgpt-browser.com
banana-gun.com
bananagun.cc
centradlispatch.com
chefjeffphilbin.com
clearmacos.com
cushychill.com
dynamichub.app
dynamiclake.org
goldenticketsshop.com
hobework.com
honsteinfacilityservices.com
houstonnphc.com
ledgmanyman.com
ledwindryn.com
livechat-cdn.com
modaalegriadevivir.com
nevadabtcshill.com
segololoraprox.com
sweetseedsbeep.com
67e5143a9ca7d2240c137ef80f2641d6.pages.dev
f0561b4e3c1308eeb8cdd23016ed86ec.pages.dev
f8b2ef8b94b215ce04836d1c47b556ba.pages.dev
srv1023475.hstgr.cloud
lazarusexposed.com
clearvpnshim.com
sockstexasgo.com
booksmagazinetx.com

# Reference: https://x.com/L0Psec/status/1990415249569087601
# Reference: https://www.virustotal.com/gui/file/4d751dd363298589cb436d78cd302f9d794ae1e3670722a464884be908671a9c/detection
# Reference: https://www.virustotal.com/gui/file/65ef40f8eef05b74f2af9f42c367f41c9671438496e2d2a6fa1e5eeb72de8f2f/detection

timebolls.com

# Reference: https://x.com/malwrhunterteam/status/1990747396289278444
# Reference: https://www.virustotal.com/gui/file/745cc1b7f07d3544ab97678081e95f6c726783ed7f3cecdc00587a41966b5cb4/detection

soraxpertai.com

# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.236/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.93.20.210/relations
# TITLE-HOST=Runway Research | Introducing Runway Gen-4

193-143-1-236.cprapid.com
albertdigital-ai.com
api.freevizer.com
distribute-nexo.com
eligible-nexo.com
freevizer.com
ipv6.193-143-1-236.cprapid.com
join-nexo.com
milkroad-token.com
nexo-join.com
nexo-qualified.com
run.upscayl-ai.org
runwau.digital
runway-ai-gen4.org
runway.upscayl-ai.org
season2-kucoin.com
sweet.upscayl-ai.org
upscayl-ai.org

# Reference: https://www.virustotal.com/gui/ip-address/45.93.20.210/relations

ai-creatify.org
ai-deepseek.org
ai-runway.gen3-alpha.com
ai.mysora-app.com
app-creatify.com
app-deepseek.org
app-ispring.com
app-openai.com
app-openai.comindex-sora.app-openai.com
app-sora.org
app-technology.org
check-airdrop.org
comindex-sora.app-openai.com
creatify-app.com
descript-ai.com
escadajobs.com
gen-3-alpha.com
gen-3.me
gen3-alpha.com
get-deepseek.com
get-hiper.me
get-loom.com
get-openai.app-sora.org
get-runway.gen3-alpha.com
get-tradingview.org
index-my.com
index-sora-ai-video.com
index-sora.app-openai.com
index-sora.app-openai.comindex-sora.app-openai.com
la.mysora-app.com
load.mysora-app.com
loom-download.com
lumion2024.com
maxon-cinema4d.com
meta-trader5.com
my-airdropcheck.com
my-creatify.org
my-creativity.org
my-deepseek.com
my-deepseek.org
my-exodus.com
my-hotgame.com
my-koinly.com
my-loom.org
my-pica.art
my-pica.com
mysora-app.com
openai-index-sora.com
openai-index.org
piica-art.com
piica.org
replicate-page.generate-ai.org
run-way.org
runaway-gen3.com
runway-gen3-alpha.com
runway.gen3-alpha.com
sora-ai-download-now.com
sora-ai-explore.com
sora-ai.app-openai.com
sora-installs.com
sora-library.com
soraai-install-now.com
soraai-install.com
sweethome3d-app.org
tarina-haskahakaska.com
tiktoklivestudio.com
tradingview-app.org
tradingview-exchange.com
traidingview-app.com
videoproconv.org
videopto.com

# Reference: https://www.virustotal.com/gui/ip-address/193.233.112.39/relations

doladowania.club
get.ideogrammai.org
ideogrammai.org
my-sweethome.me
myhiper-app.com
myvizard-app.com
sweet-home3d.org
synthesia-app.me
cooy.activecitrux.com
load.myhiper-app.com
load.myvizard-app.com
load.synthesia-app.me
uss.sweet-home3d.org

# Reference: https://www.virustotal.com/gui/ip-address/45.93.20.25/relations

app-trading.xyz
check-air.xyz
creatify.ink
descript-index.com
get-index-sor.com
get-sora-ai.com
git-checker.com
index-download.com
index-sora-app.com
loom.it.com
sor-ai-now.it.com
windsscribe.xyz

# Reference: https://x.com/L0Psec/status/1991525029297942655
# Reference: https://www.virustotal.com/gui/file/5b85fcb9789c2e5acafb527b1c5eadceb0767ca2d60b8730644b58f7f4b65981/detection
# CLASS_0_HASH-HOST=9798869b9313afce18a76e516d7a749a
# FAVICON_HASH-HOST=ba62568a94cbf7dde866f6c34540061c

155-94-155-240.cprapid.com
aeon-winds.com
aeonwoe.com
dreamskygame.com
lunarigame.com
mysticgame.app
mysticgame.online
mysticgameplay.com
mysticlots.com
mysticsolgame.com
mysticstormlegacy.com
mysticwinds.app
mysticwinds.io
mysticwindsgame.com
ns1.mysticlots.com
ns2.mysticlots.com
playlegacygame.com
playskygame.com
playstargarden.com
skygame.io
dhgames.s3.us-east-005.backblazeb2.com

# Reference: https://x.com/L0Psec/status/1993327471127584983
# Reference: https://www.virustotal.com/gui/file/e6de9815c4a3a40acacd456dd7344acfea682f6bc6e72e02ee33cbc6e36de6b2/detection

focusgroovy.com

# Reference: https://x.com/L0Psec/status/1993681010538459575
# Reference: https://www.virustotal.com/gui/file/55ab1159ea860cda42be0cd61c345b53c52b1651bb7f84b8ffc3579c0884c614/detection
# Reference: https://www.virustotal.com/gui/file/1538c0097702b35d74511d90f79093070cfd07a2efc3cd64a49f2eb6d07cd4d6/detection
# Reference: https://www.virustotal.com/gui/file/ed9ccf1f0afa95f10038ebfa69397879e4a108d60ac37188c95703a6f9981315/detection
# Reference: https://www.virustotal.com/gui/file/a5eaaa98e50ab1a2b5899a19d8c04b725e1ad431d8eaf097afe99bf9ce0629f5/detection
# Reference: https://www.virustotal.com/gui/file/8515e88a6c1f121b763785824d5c3aedc60afb94697c041fab884855638d637d/detection
# Reference: https://www.virustotal.com/gui/file/23799438614035d0aa9104a4f90befc32ab6132aae6c7bd4ca5724b051334da1/detection
# Reference: https://www.virustotal.com/gui/file/026f2e0e51605707f2a6f086ff6a051303e9f0484c311aaac2973c9aba34c617/detection

http://185.195.233.152
artimaden.com
gate-main.com

# Reference: https://urlscan.io/result/019ac9b1-76ef-73ba-8b72-c8f12ebfc74a/

solidgate8.com

# Reference: https://x.com/malwrhunterteam/status/1997959762541994292
# Reference: https://www.virustotal.com/gui/file/667e278ef52fa525c91096133ba86d7236821703d288a4c943d4bbe508079280/detection
# Reference: https://www.virustotal.com/gui/file/0a95412c64b264f2c8674fd51f0024297c4bd1a0caa3b4709a5a6fc760df76a1/detection

http://195.24.236.129
195.24.236.129:443

# Reference: https://x.com/txhaflaire/status/1998663328353173924
# Reference: https://x.com/BlinkzSec/status/1998818681703256395

acwmcirf.pro
cloudformac.com
cmnernei.pro
ewrevmiet.pro
fvnueskg.pro
get-mactech.com
getmaclab.com
getmacnow.com
jmpbowl.shop
jmpbowl.space
lfmvehdie.pro
mac-fast.com
pllatformers.org
tfnvydvie.pro
vmgjbvtrj.pro
wkcmutdf.pro
yfjvniesk.pro
zxmnveuo.pro

# Reference: https://x.com/e_kaspersky/status/1998778369006047430

atlas-extension.com

# Reference: https://www.virustotal.com/gui/file/7a3d6a1cc9384df6fd31558e16ac356ecbb1960cb78fdbf30a86f9f093c4206b/detection
# Reference: https://www.virustotal.com/gui/file/d874054687ce5bf99ac4c83791e6f60c7b00db67091de6fe08985d7d56f7a8d2/detection
# TITLE-HOST=ANGKATOTO2 - Link Gacor Hari Ini Slot Maxwin Gampang Menang Deposit 5k

putuartana.com
angkatoto2deposit5k.web.app

# Reference: https://x.com/txhaflaire/status/2000478206076326276
# Reference: https://www.virustotal.com/gui/ip-address/144.31.1.133/relations
# Reference: https://www.virustotal.com/gui/ip-address/144.31.90.119/relations
# Reference: https://www.virustotal.com/gui/ip-address/87.121.82.141/relations
# Reference: https://www.virustotal.com/gui/ip-address/89.39.121.104/relations
# BANNER_0_HASH-HOST=778f23bf6cfc89fbd2b9e33b7d631ca6
# BANNER_0_HASH-HOST=9cb9ee1d5662328f8343a6c09078f2f4
# BANNER_0_HASH-HOST=a4298d81874c791772bfc21fa48b0096
# BANNER_0_HASH-HOST=cc6b0f87f09335b85427361142996d0d
# BANNER_0_HASH-HOST=8724951030de3b0f04652dcbc07e5953
# BANNER_0_HASH-HOST=3a8154798400c0120488bbad75a112da
# BANNER_0_HASH-HOST=281cdb71a1eb1c536de1b295cbd5e910
# BODY_SHA1-HOST=e24d282630d5229e55b0cfdf9405bb9beac9add8
# BODY_SHA1-HOST=343f99eb087e0e4945f42c9df28ab4d2bed9c330

http://45.66.228.85
0auth-session.com
0x9x.com
123cds.com
123coffee.com
123coins.com
123cosmetics.com
2dels.com
2simpledownload.com
9seai.com
agrofindinvest.online
alchemry.com
ap2lehidengift.com
apemarketplace.com
appleid-icloudmac.com
axiom-massage.com
axiommassage.com
backend.beatlebuddy.com
beatlebuddy.com
bestkitchen.info
bfsales.app
bigfindapartment.ink
blago-apartment.info
brighttradecorp.com
buzzher.club
capitalinfo.ink
carboymotorsports.com
cbswga.com
cdeesigns.com
charlieculp.com
christiansatellitenetwork.com
clairedominics.com
classicmacfiles.com
cloudboxmac.com
cloudmacbackup.com
cloudmacdrive.com
cloudmacfolder.com
cloudmachinait.com
cloudmacrocode.click
cloudmacrofactory.sbs
cloudmacromanagement.com
cloudmacromedia.digital
cloudmacrosolutions.click
cloudmacx.sbs
confirmsok.com
ctdeducationalservices.com
darknet.observer
deals2026.com
dickersonbuilders.com
digitalagesanta.com
dortabet.com
draftexempt.com
drmcdermottmd.com
droneslights.com
echoingvistas.com
elitemgmtgroup.com
erctrust.us.com
ethereumguides.com
eurspeed.com
fastmacfirstsetup.com
feigaseujera.sbs
film4change.com
fincz2026.ink
fogudarz.com
freehousefind.online
frugalislife.com
ftp.beatlebuddy.com
ftp.brighttradecorp.com
ftp.carologydeals.com
ftp.uaeautobuyer.com
gd6519.com
gd7284.com
getmacfilesnew.com
ghvmodels.com
git22share.cfd
git22share.sbs
git6share.click
golden2ap0.com
grahamblackburn.com
groovyfox.space
hci-outdoors.com
hidamian.com
holidayrussia.com
homecz2026.online
hortonlandscaping.com
hungrymungry.com
icloudmacdrop.com
icloudmacs.com
icloudmacsend.com
imac-forums.com
imacbridge.com
imacdrivedock.com
imacdrivehub.com
imaceasyshare.com
imacfilebase.com
imacfiledrop.com
imacfilesafe.com
imacfolder.com
imacguide.com
imachelp.com
imacinstall.com
imaclaw.com
imaclink.com
imaclinkgate.com
imacloop.com
imacmigrator.com
imacpush.com
imacremote.com
imacrestorehub.com
imacsecurefiles.com
imacsimplesend.com
imacsyncfile.com
imactorrentpro.com
imacturbosend.com
imacworks.com
imaczip.com
indesk.productivemaster.com
insta-macer.com
instamacer.com
instmac.com
instmacs.com
ipv6.vm597.tmdcloud.eu
jamondelmedio.com
jjdevelopment4.com
jmjvp.com
jmpbowl.world
jmpbowl.xyz
juniormall.com
kanpolab.com
kj.beatlebuddy.com
linxboxxx.com
liorabattles.com
mac-faster.com
mac-file.com
mac-instruction.2simpledownload.com
mac-magnus.com
mac-ropartners360.click
mac-tours.com
mac2sup.com
mac555oscloud.com
mac78folder.sbs
mac7system1.sbs
mac88oscloud.com
macabooart.com
macacademyhub.com
macairshare.com
macairxfer.com
macanswerbase.com
macappanswerbase.com
macared.com
macauway.com
macbackuppro.com
macbeamcloud.com
macbeamsend.com
macbinaryloom.com
macbinarymesh.com
macbitnode.com
macbrowser.click
macbrowser.cloud
macbrowser.live
macbytebeam.com
macclassroom.com
maccloudarchive.com
maccloudbackups.com
maccloudbeam.com
maccloudcenter.com
macclouddesk.com
macclouddock.com
macclouddrive.com
maccloudfiles.com
maccloudfolder.com
maccloudglide.com
maccloudjet.com
maccloudsafe.com
maccloudspace.com
maccloudstorage.com
maccloudstore.com
maccloudsync.com
maccloudvault.com
maccloudworld.com
maccloudx.com
maccloudzip.com
maccodestack.com
macdailyguide.com
macdatabranch.com
macdatadrop.com
macdatafabric.com
macdatainbox.com
macdatapioneer.com
macdatapipe.com
macdocklane.com
macdockweave.com
macdownloads.my
macdownloads.pro
macdownloads.shop
macdrivebackup.com
macdrivebox.com
macdrivecloud.com
macdropbeam.com
macdropbox.com
macdropcast.com
macdropnow.com
macedgeflow.com
macedgerelay.com
macfastbox.com
macfi1ec1oud.sbs
macfileairdrop.com
macfilearchive.com
macfileatelier.com
macfilebackup.com
macfilebeam.com
macfilebox.com
macfilecloud.com
macfilecloud5.com
macfilecloud6.com
macfilecloud7.com
macfilecloud8.com
macfilecore.com
macfiledesk.com
macfiledrive.com
macfileflow.com
macfilego.com
macfilelinkdrop.com
macfilemesh.com
macfilenova.com
macfilepipeline.com
macfilepool.com
macfilesafesend.com
macfilesbox.com
macfilesdesk.com
macfilesend.com
macfilesendstream.com
macfileshare.com
macfilesharehub.com
macfilesi.com
macfilespace.com
macfilestorage.com
macfilestore.com
macfileswap.com
macfilevault.com
macfilex.com
macfirstsettingssetup.com
macflowy.com
macfusionfactory.com
macgolddocker.com
macgridlink.com
macgridstore.com
macgridvault.com
macguideatlas.com
macguidecentral.com
macguidecurriculum.com
macguideden.com
macguidehowtos.com
macguideloft.com
macguidepath.com
macguidepress.com
machandoff.com
machelpatlas.com
maciclouddock.com
macicloudtrack.com
macinstallcompanion.com
macjadeplas.com
maclessons.com
maclinkatelier.com
maclinkbox.com
maclinkgo.com
maclinkshare.com
maclivo.com
macmirrorx.com
macmovedata.com
macmyanswers.com
macmylab.com
macmyworld.com
macnetpulse.com
macoblique.com
macos45drive.sbs
macosfilebox.sbs
macpacketfabric.com
macpathfinder.com
macpathy.com
macpayloadhub.com
macpipehub.com
macplasmavault.com
macporthub.com
macpowerhabits.com
macprivacyfastsetup.com
macprivateicloud.com
macpush.com
macqore.com
macrapidbyte.com
macrecoveryguide.com
macrunnerdoc.com
macscanhubs.com
macsendcloud.com
macsendhub.com
macsendlink.com
macsendpath.com
macsendsync.com
macserve.it.com
macsetupbuddy.com
macsetupnotes.com
macsetupplan.com
macshadowfolder.com
macsharefolder.com
macsharego.com
macshuttle.com
macsignal.com
macsignalwarehouse.com
macskillbuilder.com
macsoftgrid.com
macsoftlab.com
macspacepro.com
macspeedx.com
macspool.com
macstackio.com
macsyncbin.com
macsyncbox.com
macsyncsend.com
mactipsmanual.com
macupdateguide.com
macuserlab.com
macvaultatelier.com
macvaultstorage.com
macvividlocker.com
maczenithprotocol.com
mail.0auth-session.com
mail.alchemry.com
mail.apemarketplace.com
mail.beatlebuddy.com
mail.bestkitchen.info
mail.gd6519.com
mail.gd7284.com
mail.hortonlandscaping.com
mail.rileytreeservice.com
mail.satta-kinggl.in
mail.vm597.tmdcloud.eu
mail.yp536.com
mandrel.net
mangalagiricollections.com
markdownshare.com
marketertop.ink
maxpower-g2.com
medexamhub.com
messagetohumans.com
miaartisan.com
ml2si.com
morgans-lewis-app.com
mymacanswers.com
mymacdesk.com
mymacguides.com
mymachelpdesk.com
mymactips.com
mymaczone.com
novaconsultingservices.com
ns1.megaw.org
ns1.vm597.tmdcloud.eu
ns2.vm597.tmdcloud.eu
onlinesmoker.com
paradisestayholdings.com
parthibeasyenglish.com
ppccourseone.info
propertynurseusa.com
qb.narcissoft.ir
qichezj2025.com
rentselfiespot.com
rileytreeservice.com
rrmstest.beatlebuddy.com
sadabiz.com
safemacguard.com
satta-kinggl.in
seobesttop.ink
sessionbridging.com
share111git.cfd
share111git.lat
sharemacrelay.com
silveraplleapps.com
skpwresorts.com
skygrowthlive.com
smartandsoul.com
smrtlink.site
software-estimation.com
software-estimator.com
sterilepharmacist.com
sweetnich.com
swiftfundslender.com
thetallestpoppy.com
tiptopmarine.com
tp2149.com
tp2812.com
tp2830.com
tp6028.com
tp6519.com
tp6732.com
tp7153.com
translation-services101.com
twistingly.com
tyrannicaltrump.com
vacuumsavvy.com
viajes-benifaio.com
vm597.tmdcloud.eu
vpnify.cloud
webdisk.brighttradecorp.com
webmail.brighttradecorp.com
wellthywallets.com
westarranch.com
whm.brighttradecorp.com
wpengquine.com
writerstale.com
wyzeonline.com
xotca.com
yamsufoutdoors.com
yawaskits.com
yguboyz.com
yp536.com

# Reference: https://www.virustotal.com/gui/ip-address/34.120.137.41/relations

maccloudone.store
gitlab.maccloudone.store

# Reference: https://x.com/L0Psec/status/2000640414861394137
# Reference: https://www.virustotal.com/gui/file/d538c23dcafab7c2b820680828fb64e8ecf0bdc3a9ee0929b7c80788d687f6da/detection

fortibuse.fun

# Reference: https://github.com/hagezi/dns-blocklists/issues/8349
# Reference: https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust

http://45.94.47.186
http://45.94.47.205
sanchang.org
wbehub.org

# Reference: https://x.com/brkalbyrk7/status/2000683370074755197
# Reference: https://gist.github.com/brkalbyrk/728f602f46fd23b0ee24bb4bc06e53f5

argoflyleens.space
elfrodbloom.coupons
flowdorn.com

# Reference: https://x.com/suyog41/status/2001634340921557149
# Reference: https://www.virustotal.com/gui/file/491ac4e25bf137199889ad6eb84c21358eca6cddcf66215d1dd93f6d4a281ce0/detection
# Reference: https://www.virustotal.com/gui/file/d376e4a8d83350116d47c85515ee0cb9a2fe93fe5a785b8cca494c83ddb372f5/detection
# Reference: https://www.virustotal.com/gui/file/e3387cf7967945e64255bd75b317b8b3643a7aa46c66d14acbff68ebb2fdddc6/detection

groovyfox.today

# Reference: https://x.com/L0Psec/status/2003481091165098035
# Reference: https://www.virustotal.com/gui/file/0a070d32e5b8648c6515cb5a0b6fba202c5c8f80e15f7c3621bd8fecd7708b04/detection

detrenda.com

# Reference: https://x.com/malwrhunterteam/status/2003410738527055970
# Reference: https://www.virustotal.com/gui/file/73d6c7030430ba95cd6bdc7632411f864d51ffdf9517333722effe689e838ff7/detection
# Reference: https://www.virustotal.com/gui/file/b591bfbab57cc69ce985fbc426002ef00826605257de0547f20ebcfecc3724c2/detection

obsidiangate.space

# Reference: https://x.com/suyog41/status/2004082153840332823
# Reference: https://www.virustotal.com/gui/file/a34ed508db6de2e2bf4661c479f546c2b0a74770b781b83386a1d0e3e572c200/detection
# Reference: https://www.virustotal.com/gui/file/29fbd0bd912215d648ded535861f10e07a502c427db7cbddfa86310484a1edc9/detection
# Reference: https://www.virustotal.com/gui/file/e3870929a5c0654ecd51df0e940e4249478aa7bee737880a8b18ade29fe1e3fc/detection

globustree.fun

# Reference: https://x.com/malwrhunterteam/status/2004524906592305442
# Reference: https://www.virustotal.com/gui/file/a7160ddd769e2dc64acd1297216b5aa9651d327c7188dbab468c6fb71c98f97d/detection

figma.cfd

# Reference: https://x.com/L0Psec/status/2004260387555094603
# Reference: https://www.virustotal.com/gui/file/095f4717832a919093bf7ee5e40621218004f93dae1a77b79e5bd493b376f6f0/detection

cloudcode-53295434.com

# Reference: https://x.com/suyog41/status/2005531318365700357
# Reference: https://x.com/jacobprezant/status/2005657662697173429
# Reference: https://www.virustotal.com/gui/file/3eeb19bb7af39decc6789536ca7facbc83cfc6a09af8f0796194a6e4a53eca04/detection
# Reference: https://www.virustotal.com/gui/file/a1f04ce0d44dc1d4db52e2194f3ecc6112b0361b35441f32024a7e908fd02d18/detection
# Reference: https://www.virustotal.com/gui/file/d2a606581e84918b1b03dc1e7498d63ddf399aee8ab2bdce616e1661eb5a79f5/detection

ballfrank.space
ballfrank.xyz
barbermoo.today

# Reference: https://x.com/_raw_data_/status/2009332237154832883
# Reference: https://www.virustotal.com/gui/file/bd02c73dbc5e2f0419bf1d8523a8bedec8ae63527220d2dde7c2172c10755e3a/detection

mubasokurso.com

# Reference: https://x.com/motuariki_/status/2010303925170339903
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Malware/11-01-2026-Macsync-Variant-Dropper-C2-Domains

accindexer.space
argoflyleens.city
argoflyleens.coupons
argoflyleens.world
ballfrank.fun
ballfrank.shop
ballfrank.world
barbermoo.fun
barbermoo.top
barbermoo.world
barbermoo.xyz
claus2doom.co.za
claus3doom.co.za
claus3doom.es
claus5doom.co.za
clausdoom.es
elfrodbloom.space
elfrodbloom.world
foldexmoon.coupons
foldexmoon.fun
foldexmoon.today
foldexmoon.top
foldexmoon.world
foldexmoon.xyz
folkband.fun
folkwakes.com
frolessmoke.co.za
furlabase.com
gonebornes.com
groovyfox.fun
horsten.fun
jmpbowl.fun
jmpbowl.today
jmpbowl.top
torducks.fun
ursamade.space

# Reference: https://x.com/osint_barbie/status/2010737414029840417
# Reference: https://x.com/osint_barbie/status/2010747052247093530
# Reference: https://www.virustotal.com/gui/file/d5f01791e10f7632feaa201b76d313773c4a7372eac6ed92f56dcc1cd0252c05/detection
# Reference: https://www.virustotal.com/gui/file/fbc3d4819f01f2d9d31ecb420d3a9efa12cc4e6bf98415edfffbe99656cdff44/detection
# Reference: https://www.virustotal.com/gui/file/819e0adfcc6ac7dbd1b0bd590a47e005a19da0660b2af3190d6146bed41ac7e8/detection
# Reference: https://www.virustotal.com/gui/file/a3edbcb8c58edadcb79c24e22c20afeddbdfc58ea851c82c1eba5c644720b384/detection

foqguzz.com
dd.foqguzz.com

# Reference: https://www.linkedin.com/posts/abdelghafourbouhdyd_newly-observed-domains-related-to-the-macsync-activity-7416580906590765056-95yu

clausdoom.co.za
claus2doom.co.za
claus3doom.co.za
claus4doom.co.za
claus5doom.co.za
clausdoom.es
claus2doom.es
claus3doom.es
claus4doom.es
claus5doom.es

# Reference: https://x.com/moonlock_lab/status/2011398956463341798
# Reference: https://www.virustotal.com/gui/file/c9558bb7de1df57fdbc8550006581aa9f1dc5638fe59dcae0a1ee5dd5c1c164f/detection
# Reference: https://www.virustotal.com/gui/file/c0107b8e6468bdc68b561d3e9f4c8f90f7c6dadaeb481aa0911b5d14430aedbb/detection

netherworldkingtycoon.com
f02a622c8252f4766d56d5c9267c2e47.pages.dev

# Reference: https://x.com/suyog41/status/2011433849612640565
# Reference: https://www.virustotal.com/gui/file/fcc9aab8fa92b91bd2c4f491e434401179151516654fa4fcca314f3af931f482/detection

http://185.240.208.14

# Reference: https://x.com/suyog41/status/2011433028573421725
# Reference: https://www.virustotal.com/gui/file/275284d1be6c1e6579e2d523de3cbe4fbae3a01a5a666ff9da5a0f35979e74da/detection
# Reference: https://www.virustotal.com/gui/file/4a418e2d1de8f235e8b25161735ce6a56731e7c825b748b8325181f019d008eb/detection
# Reference: https://www.virustotal.com/gui/file/f9a2d8d915a89f4aafb82371f52a894307892980b59fd302335217da2ed8c0af/detection

fbnmoon.shop

# Reference: https://x.com/suyog41/status/2011671928390762829
# Reference: https://www.virustotal.com/gui/file/539a87d1f9c1dec9397808a5759e04772369164945455a30c42b64e87587cecc/detection

gracefulm.fun
securityfenceandwelding.com

# Reference: https://x.com/g0njxa/status/2011518015695999216
# Reference: https://x.com/RacWatchin8872/status/2012676061054550358
# Reference: https://urlscan.io/search/#page.ip:%2293.152.230.130%22

cisco-comunity.com
cisco-software.com
cisco-webex.cc
ciscomediu.com
community-cisco.com
comunity-cisco.com
eu-webex.com
mediu-webex.com
onlinewebex.com
webex-business.com
webex-by-cisco.com
webex-call.com
webex-cisco.com
webex-corporate.com
webex-corporation.com
webex-eu.com
webex-global.com
webex-hub.com
webex-international.com
webex-official.com
webex-platform.com
webex-secure.com
webex-solutions.com
webex-systems.com
webex-worldwide.com
webexmeet-us.com
cisco.onlinewebex.com
cisco.webex-business.com
cisco.webex-call.com
cisco.webex-corporate.com
cisco.webex-corporation.com
cisco.webex-eu.com
cisco.webex-global.com
cisco.webex-hub.com
cisco.webex-international.com
cisco.webex-official.com
cisco.webex-platform.com
cisco.webex-secure.com
cisco.webex-solutions.com
cisco.webex-systems.com
cisco.webex-worldwide.com
mediu.cisco-webex.cc
mediu.ciscomediu.com
mediu.webex-by-cisco.com
mediu.webex-cisco.com
webex.cisco-comunity.com
api.cisco.onlinewebex.com
api.cisco.webex-hub.com
api.cisco.webex-platform.com
api.cisco.webex-secure.com
api.cisco.webex-solutions.com
api.cisco.webex-worldwide.com
api.mediu.ciscomediu.com
api.mediu.webex-cisco.com
api.webex.cisco-software.com

# Reference: https://x.com/malwrhunterteam/status/2013196869510299760
# Reference: https://www.virustotal.com/gui/file/6384f618437fe5d16b04a575e6fffa65e1f68ea93bdbebba50de50fcf7e6520b/detection

imper-strlk5.com

# Reference: https://x.com/g0njxa/status/2013568330624291271
# Reference: https://x.com/suyog41/status/2024102954043658622
# Reference: https://www.virustotal.com/gui/file/a0e66f3067e4aaf5b83e45b7845cc43b2fc96032a4398cab7cc9d11f4f962e91/detection
# BODY_SHA1-HOST/IP=fc486f64c14c71ace099b6a0fa7595a28ce51a97
# CLASS_0_HASH-HOST=a37db3aaf25252e52f5168f6c29d3a71
# CERT_FINGERPRINT_SHA256-HOST=1d435c83e3eb950799de21f3c27cac61b0ae4ff6d87c390f842d36038dd4867d

http://91.244.70.235
http://91.92.242.30
aidevmac.com
macauth.cc
macos-developer.com
msk-captcha.cfd
robloxtopscr.top
verify-captcha.sbs
browndash1368.github.io
github.macos-developer.com
google.macos-developer.com
macos.aidevmac.com
super.macos-developer.com
/528n21ktxu08pmer
/gz1xshcbu77ogmgt
/wbizi7ix1j2rp5si

# Reference: https://x.com/suyog41/status/2013927462611071175
# Reference: https://www.virustotal.com/gui/file/e27b82e844480166fb252da9c0723e424add7c7454a46ac9b20676b24fb1fbb2/detection

ballfrank.today
bombauthority.website
ultradatahost3.baby
visit.bombauthority.website

# Reference: https://x.com/suyog41/status/2011670874941014281
# Reference: https://www.virustotal.com/gui/file/775fc5ae316cffa7f020100fc042c8b59a970f3888439d64775008a4a3a9cd07/detection

bottleneckid.com

# Reference: https://x.com/suyog41/status/2014201367519273240
# Reference: https://www.virustotal.com/gui/file/b4541df0367f70aab6db9149b8c1700edde1cc94560d552f8be210ecddcea56f/detection
# Reference: https://www.virustotal.com/gui/file/10e3ef99861d3ecf6c81f8f230dbe8b5cd746edd6c69122cfb31f86e461e4dfc/detection

diamondpickaxeforge.com
5a55bdb8a64408489e39df3355d57b63.pages.dev

# Reference: https://x.com/suyog41/status/2015665365947449370
# Reference: https://www.virustotal.com/gui/file/ae6dce47f2570e84df9045d9a237d45e59ce015c4f638693d64b61061eb518f5/detection
# BODY_SHA1-IP=fbe7484aff04793e3dd132410a44e94f23d7a26a

http://213.209.159.10
http://213.209.159.100
http://213.209.159.101
http://213.209.159.102
http://213.209.159.103
http://213.209.159.104
http://213.209.159.105
http://213.209.159.106
http://213.209.159.107
http://213.209.159.108
http://213.209.159.109
http://213.209.159.11
http://213.209.159.110
http://213.209.159.111
http://213.209.159.112
http://213.209.159.113
http://213.209.159.114
http://213.209.159.115
http://213.209.159.116
http://213.209.159.117
http://213.209.159.118
http://213.209.159.119
http://213.209.159.12
http://213.209.159.120
http://213.209.159.121
http://213.209.159.122
http://213.209.159.123
http://213.209.159.124
http://213.209.159.125
http://213.209.159.126
http://213.209.159.127
http://213.209.159.128
http://213.209.159.129
http://213.209.159.13
http://213.209.159.130
http://213.209.159.131
http://213.209.159.132
http://213.209.159.133
http://213.209.159.134
http://213.209.159.135
http://213.209.159.136
http://213.209.159.137
http://213.209.159.138
http://213.209.159.139
http://213.209.159.14
http://213.209.159.140
http://213.209.159.141
http://213.209.159.142
http://213.209.159.143
http://213.209.159.144
http://213.209.159.145
http://213.209.159.146
http://213.209.159.147
http://213.209.159.148
http://213.209.159.149
http://213.209.159.15
http://213.209.159.150
http://213.209.159.151
http://213.209.159.152
http://213.209.159.153
http://213.209.159.154
http://213.209.159.155
http://213.209.159.156
http://213.209.159.157
http://213.209.159.158
http://213.209.159.159
http://213.209.159.16
http://213.209.159.160
http://213.209.159.161
http://213.209.159.162
http://213.209.159.163
http://213.209.159.164
http://213.209.159.165
http://213.209.159.166
http://213.209.159.167
http://213.209.159.168
http://213.209.159.169
http://213.209.159.17
http://213.209.159.170
http://213.209.159.171
http://213.209.159.172
http://213.209.159.173
http://213.209.159.174
http://213.209.159.175
http://213.209.159.176
http://213.209.159.177
http://213.209.159.178
http://213.209.159.179
http://213.209.159.18
http://213.209.159.180
http://213.209.159.181
http://213.209.159.182
http://213.209.159.183
http://213.209.159.184
http://213.209.159.185
http://213.209.159.186
http://213.209.159.187
http://213.209.159.188
http://213.209.159.189
http://213.209.159.19
http://213.209.159.190
http://213.209.159.191
http://213.209.159.192
http://213.209.159.193
http://213.209.159.194
http://213.209.159.195
http://213.209.159.196
http://213.209.159.197
http://213.209.159.198
http://213.209.159.199
http://213.209.159.2
http://213.209.159.20
http://213.209.159.200
http://213.209.159.201
http://213.209.159.202
http://213.209.159.203
http://213.209.159.204
http://213.209.159.205
http://213.209.159.206
http://213.209.159.207
http://213.209.159.208
http://213.209.159.209
http://213.209.159.21
http://213.209.159.210
http://213.209.159.211
http://213.209.159.212
http://213.209.159.213
http://213.209.159.214
http://213.209.159.215
http://213.209.159.216
http://213.209.159.217
http://213.209.159.218
http://213.209.159.219
http://213.209.159.22
http://213.209.159.220
http://213.209.159.221
http://213.209.159.222
http://213.209.159.223
http://213.209.159.224
http://213.209.159.225
http://213.209.159.226
http://213.209.159.227
http://213.209.159.228
http://213.209.159.229
http://213.209.159.23
http://213.209.159.230
http://213.209.159.231
http://213.209.159.232
http://213.209.159.233
http://213.209.159.234
http://213.209.159.235
http://213.209.159.236
http://213.209.159.237
http://213.209.159.238
http://213.209.159.239
http://213.209.159.24
http://213.209.159.240
http://213.209.159.241
http://213.209.159.242
http://213.209.159.243
http://213.209.159.244
http://213.209.159.245
http://213.209.159.246
http://213.209.159.247
http://213.209.159.248
http://213.209.159.249
http://213.209.159.25
http://213.209.159.250
http://213.209.159.251
http://213.209.159.252
http://213.209.159.253
http://213.209.159.254
http://213.209.159.26
http://213.209.159.27
http://213.209.159.28
http://213.209.159.29
http://213.209.159.3
http://213.209.159.30
http://213.209.159.31
http://213.209.159.32
http://213.209.159.33
http://213.209.159.34
http://213.209.159.35
http://213.209.159.36
http://213.209.159.37
http://213.209.159.38
http://213.209.159.39
http://213.209.159.4
http://213.209.159.40
http://213.209.159.41
http://213.209.159.42
http://213.209.159.43
http://213.209.159.44
http://213.209.159.45
http://213.209.159.46
http://213.209.159.47
http://213.209.159.48
http://213.209.159.49
http://213.209.159.5
http://213.209.159.50
http://213.209.159.51
http://213.209.159.52
http://213.209.159.53
http://213.209.159.54
http://213.209.159.55
http://213.209.159.56
http://213.209.159.57
http://213.209.159.58
http://213.209.159.59
http://213.209.159.6
http://213.209.159.60
http://213.209.159.61
http://213.209.159.62
http://213.209.159.63
http://213.209.159.64
http://213.209.159.65
http://213.209.159.66
http://213.209.159.67
http://213.209.159.68
http://213.209.159.69
http://213.209.159.7
http://213.209.159.70
http://213.209.159.71
http://213.209.159.72
http://213.209.159.73
http://213.209.159.74
http://213.209.159.75
http://213.209.159.76
http://213.209.159.77
http://213.209.159.78
http://213.209.159.79
http://213.209.159.8
http://213.209.159.80
http://213.209.159.81
http://213.209.159.82
http://213.209.159.83
http://213.209.159.84
http://213.209.159.85
http://213.209.159.86
http://213.209.159.87
http://213.209.159.88
http://213.209.159.89
http://213.209.159.9
http://213.209.159.90
http://213.209.159.91
http://213.209.159.92
http://213.209.159.93
http://213.209.159.94
http://213.209.159.95
http://213.209.159.96
http://213.209.159.97
http://213.209.159.98
http://213.209.159.99

# Reference: https://x.com/L0Psec/status/2015868376762224745
# Reference: https://www.virustotal.com/gui/file/28d8745c833c1c156128731854d936f16ff22578cf035ad96b7953f3a8020d03/detection

blockbreakeradventure.com
e9f4dcbfc6688fb909042ac55c40e9d6.pages.dev

# Reference: https://x.com/suyog41/status/2016046755708870808
# Reference: https://www.virustotal.com/gui/file/ac012808059775238fc8d924d6b79115be5b04575447c9d337e36d380cd7bc7e/detection

cyberperficient.com

# Reference: https://x.com/suyog41/status/2016041545905107401
# Reference: https://www.virustotal.com/gui/file/f5471a00bb6cdaf01e44311c04de2e66c6f92ccc4b8e42bbb1bcb4e48f86ef3e/detection

forkgramme.com

# Reference: https://x.com/suyog41/status/2016401814548316275
# Reference: https://www.virustotal.com/gui/file/5bfeb4829617918f70233ff0fc53ab0c32b8120f760b5c1f057ae1ef08d69497/detection

http://185.11.61.84

# Reference: https://x.com/suyog41/status/2017252546650534202
# Reference: https://www.virustotal.com/gui/file/f7662ba0bcab3e2e187071afd928acff38ce58f9990f58509fabeb7f2986ebe5/detection
# Reference: https://www.virustotal.com/gui/file/57566c902a6f614599ae7ef9c324f413a1989ab7b779e73909dd926df778fe89/detection
# Reference: https://www.virustotal.com/gui/file/53a0a75981e1bea2647cbb47800d48813b204352e93433b60abcda58abc05aaf/detection

achieverflowers.website
actiongrandfather.xyz
additionbusiness.icu
aftermathnose.icu
afternoonbite.xyz
afternoonmeasure.sbs
airthread.info
amountbead.icu
animalscarf.space
api.polarapi.com
approvalflavor.sbs
armtiger.xyz
armytiger.info
artcable.icu
artlibrary.icu
auntlocket.xyz
babieshands.xyz
babieswrist.xyz
backeffect.xyz
balanceselection.info
balancesink.info
basincart.cfd
basketballcarriage.xyz
battletrain.xyz
beadpie.xyz
bedroomcoil.info
bedroomveil.xyz
beginnerchickens.info
birdbeginner.cfd
birthjeans.icu
bookgiants.info
bookscattle.icu
bootstore.xyz
boundarylibrary.xyz
boytaste.info
brickappliance.info
bricktrees.icu
buildingrule.cfd
butteregg.info
buttersteam.xyz
cakespoint.site
cakespoison.xyz
calendarland.xyz
carriageflower.xyz
carscoal.info
cartboy.xyz
carttalk.info
cartway.sbs
cattlebrick.sbs
celerytax.sbs
cellarsmash.website
cemeteryrod.xyz
changepowder.xyz
chinpull.xyz
circlecrib.cfd
coachjelly.icu
committeerepresentative.icu
companyshoe.info
conditionbucket.sbs
connect.knowledgepull.icu
covervoyage.xyz
creampigs.xyz
crimemagic.info
cushionsofa.xyz
dadarmy.sbs
daughterbit.xyz
deathapparatus.icu
degreedistance.cfd
designstraw.info
desirebrick.xyz
deskcanvas.icu
deskchin.cfd
detailroom.xyz
detailvessel.sbs
developmenthammer.bond
digestionboat.info
digestionveil.icu
dloadly.com
dogsmarket.site
dogssofa.xyz
dollsway.xyz
donkeyflower.xyz
downfileex.com
downfreefile.com
downfunfile.com
download-x55.com
download100.xyz
downloadformenow.com
downloadfree4.com
downloadfreemium.com
downloadfullfill.com
downloadmyfilenow.com
downloadnestfree.com
downloadretrieve.com
drainisland.xyz
dressgrandfather.icu
driploadfile.com
drivinghouses.info
ducksargument.info
duckscup.xyz
ducksisland.xyz
earthdistribution.sbs
earthquakedestruction.xyz
edgerail.online
eggscoach.info
fairiesmeal.xyz
farmpin.info
fastfiledownload.com
fieldmachine.icu
fieldmeeting.sbs
filefluxfree.com
fine-download.com
finessedownload.com
fingerhand.xyz
fixxdownload.com
flameshelf.xyz
fleshagreement.xyz
flightmeal.icu
flockcup.icu
flowereggnog.xyz
flowersplant.info
foldthings.xyz
freelyfiledrop.com
freestackfiles.com
friendpipe.xyz
friendsbell.icu
friendumbrella.xyz
frogwoman.xyz
fruitrake.info
fuelcellar.sbs
geeserhythm.xyz
getfluxfile.com
getfreefiledownload.com
ghostants.icu
giraffecondition.info
glovefork.info
governmentshop.info
governorneedle.icu
governorscent.xyz
grapedress.info
grassshoes.icu
gunjump.cfd
hairdaughter.sbs
hammerocean.info
hammerpush.icu
handnut.xyz
harborpipe.xyz
hatanger.xyz
hatecat.xyz
historyroad.xyz
hookknot.xyz
housesbath.icu
housetrail.info
hydrantbattle.website
icesmoke.xyz
icrarating.com
incomewater.info
inkjail.info
insecthoney.xyz
instodownload.com
keymuscle.xyz
kittensdistribution.xyz
kittybusiness.info
kittyimpulse.info
knifedogs.info
lampdrop.cfd
laughsoda.xyz
levelfeeling.xyz
limitdesign.xyz
loadfilerun.com
loaditfile.com
locketguitar.info
lunchactivity.icu
lurkingspiritsparanormal.com
maxidownload.com
mencrowd.icu
metaldeath.cfd
micesnake.cfd
middleway.cfd
ministerdinosaurs.xyz
misthydrant.xyz
mittenbell.xyz
momspiders.info
moneythought.xyz
moonhoney.sbs
morningcanvas.icu
morninglibrary.icu
namebath.xyz
nighthospital.space
noisecollar.icu
northauthority.xyz
orangesbirthday.xyz
pagespoon.xyz
partytreatment.xyz
passengerflowers.icu
pearshirt.online
pearthread.xyz
picklecomparison.icu
picklevolcano.xyz
piebreath.website
piesister.icu
pieslibrary.website
pipetoothbrush.sbs
pizzassilver.icu
plantpear.xyz
planttrains.space
platevoyage.website
pointcart.icu
pointthought.cfd
poisonrespect.xyz
polar-track.com
polarapi.com
polarjs.net
popcornvolcano.info
potbat.icu
priceletters.xyz
profitrabbits.icu
propertycats.info
propertymonkey.xyz
pushboy.xyz
questionpower.online
quietbulb.xyz
quiverrate.icu
rabbitrat.icu
rainstormchickens.icu
rateseashore.icu
ratestone.xyz
reasonnorth.icu
receiptbadge.info
receiptcontrol.xyz
receiptthroat.icu
recesssoup.online
recesstransport.icu
relationblood.icu
religionjudge.info
religionwrist.xyz
requestdownload.com
rewardlunch.xyz
rhythmicicle.icu
ricepleasure.website
robincompany.xyz
rocksummer.icu
rubtalk.sbs
ruledecision.info
ruleswim.info
rundownload.com
saltwealth.xyz
sassonco.com
scarecrowcent.xyz
scarecrowstew.info
secretarypleasure.xyz
shadepull.info
shapemeasure.icu
shirtroute.sbs
shockcellar.info
shopspark.cfd
sideoatmeal.info
sinkhouses.icu
sinkmiddle.icu
slavebottle.xyz
sleepprose.cfd
sleepsisters.icu
soapanger.info
sofachin.xyz
softcratefile.com
songsmine.icu
sonparcel.xyz
sparkairplane.xyz
spothumor.site
squarepurpose.xyz
squirrelmoney.xyz
squirrelmuscle.xyz
stampcomparison.xyz
steeljewel.xyz
steelseat.info
stewgeese.fun
stickshock.info
stomachmonkey.icu
storyzebra.icu
streamsack.info
stretchsheep.info
stringbead.cfd
structureback.sbs
structurebee.icu
structurecredit.info
suitheat.xyz
summerbook.icu
summerservant.icu
sunjeans.xyz
supportwindow.xyz
surprisesnakes.xyz
surpriseteeth.sbs
sweaterhot.sbs
swimappliance.icu
systemcard.icu
taxbalance.icu
teachingquince.icu
teamzoo.info
tentdistance.icu
territoryhands.xyz
testcorn.icu
throatcream.info
thunderfang.info
tigerhoney.info
tinbead.space
toebag.icu
toefarm.icu
toequiet.website
tonguejump.xyz
townbuilding.icu
townpan.icu
trailact.icu
trainsapparatus.icu
trampsea.space
treesrelation.icu
tripbike.info
trk.download100.xyz
trk.moneythought.xyz
trk.orangesbirthday.xyz
trk.polar-track.com
trk.recesssoup.online
trk.townpan.icu
troubleanger.xyz
trouserscakes.cfd
trouserspail.website
umbrellapower.info
uncletop.cfd
valueeye.xyz
vasebasin.info
vegetableamusement.xyz
volcanosquirrel.space
volleyballachiever.site
washhumor.xyz
wasterice.icu
watersubstance.xyz
watervein.xyz
wavemist.icu
wealthcakes.info
wealthsize.cfd
weatherbed.info
weightguide.info
whistleback.icu
whistlemitten.online
wirejar.icu
wirethings.website
woodmeasure.icu
woodmine.sbs
woundducks.cfd
woundkiss.xyz
wrenchannel.xyz
writinginsurance.info
yarnpie.icu
yearargument.xyz
yearzebra.info
zebrasisters.icu
zebratax.cfd
zephyrlocket.xyz
zerocostdownloads.com
zinchour.icu
zipfilepane.com
zukharilx.world

# Reference: https://x.com/smica83/status/2018261504160665878
# Reference: https://www.virustotal.com/gui/file/f491497db96cc2f9efbde78ea047e40fb13f46192c1b5db6c96d727391204e11/detection

pjf61vhjf1q49wkxpx8xcjjnswpx0il4ne876vsfzoefyyw.pages.dev

# Reference: https://x.com/smica83/status/2018450722749305323
# Reference: https://www.virustotal.com/gui/file/11110a446c3d9be21e180834816f8ca67030347aa027f16ac08aaa64f02ab554/detection

tbgd7je99khvxjp6aciuqe0dewnjy2ldkihnqee6yebgom4t.pages.dev

# Reference: https://x.com/suyog41/status/2018619455694369167
# Reference: https://www.virustotal.com/gui/file/056d72ea26f691e0ce09db1d8dc21c98308d943a85e5f9398e62bf9909904d10/detection

ebemvsextiho.com
hl2j0m1ol5jb3uauu4wddk5zuxb6ey9g4gli8ogw5.pages.dev

# Reference: https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting
# Reference: https://blog.virustotal.com/2026/02/from-automation-to-infection-part-ii.html
# CERT_CN-IP=EC2AMAZ-FHUDDFC

http://202.161.50.59
http://95.92.242.30
http://96.92.242.30
13.217.227.10:13338
13.218.170.161:13338
13.218.224.116:13338
13.220.59.254:13338
18.215.171.150:13338
18.234.150.37:13338
184.72.87.217:13338
184.73.138.225:13338
23.22.204.53:13338
3.80.103.184:13338
3.80.177.13:13338
3.80.69.21:13338
3.85.201.90:13338
3.87.133.41:13338
3.88.14.90:13338
3.90.5.189:13338
3.91.189.88:13338
3.91.244.140:13338
3.93.199.179:13338
34.207.146.44:13338
34.207.151.140:13338
34.224.33.10:13338
34.224.8.146:13338
34.229.147.199:13338
34.229.175.125:13338
34.230.82.19:13338
34.235.114.88:13338
34.235.143.25:13338
44.220.130.180:13338
52.21.28.62:13338
52.54.111.107:13338
52.90.98.28:13338
54.147.212.251:13338
54.152.203.151:13338
54.160.166.68:13338
54.160.207.168:13338
54.163.58.204:13338
54.164.67.197:13338
54.196.245.206:13338
54.196.255.76:13338
54.197.41.178:13338
54.198.112.211:13338
54.208.179.93:13338
54.221.133.119:13338
54.224.213.140:13338
54.225.41.72:13338
54.226.154.205:13338
54.226.192.74:13338
54.226.24.9:13338
54.227.177.137:13338
54.234.104.43:13338
54.234.61.137:13338
54.242.219.185:13338
54.242.24.223:13338
54.242.32.33:13338
54.86.21.255:13338
54.91.154.110:13338
98.81.158.76:13338
98.84.100.46:13338
98.93.238.213:13338
app-distribution.net
install.app-distribution.net
webhook.site/358866c4-81c6-4c30-9c8c-358db4d04412

# Reference: https://x.com/suyog41/status/2018912347717513475
# Reference: https://www.virustotal.com/gui/file/a2009beb4ef41c5ffe81bd89921f9311a89e260d9424b61fd0cdfa9d73ca42f2/detection

okcreditcard.com
/dynamic?txd=

# Reference: https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise
# Reference: https://www.virustotal.com/gui/file/75d67ad34b3ffa0b0932d29d1c2647bd126cf042e0d7313a41c8fe1a06d3d751/detection

http://45.32.150.251
http://45.32.151.157

# Reference: https://x.com/suyog41/status/2019283842906145195
# Reference: https://www.virustotal.com/gui/file/f030e32831eed474411eb86c6d3340bad6e0f6ecd4105bf2a1fc802584fa4a70/detection

gulfcoastfishingcharter.com

# Reference: https://x.com/motuariki_/status/2019229351716483229
# Reference: https://raw.githubusercontent.com/motuariki/IOCs/refs/heads/main/MacOS%20Malware/05-02-2026-Macsync-Variant-C2-Domains

appolobase.com
awesomecamera.com
fbnmoon.coupons
fbnmoon.space
fbnmoon.today
goaenergy.com
laderbaj.net
sestraining.com
techsupp.fun

# Reference: https://x.com/suyog41/status/2020736812776567280
# Reference: https://www.virustotal.com/gui/file/3c5910624b26cfbf0b347f05d307f6762db53ce728c6da99c50a21b6d55d91e1/detection
# Reference: https://www.virustotal.com/gui/file/52a2466b72360d81866dd170e9dd25ca760b2a68b42f84f5a1ff4b3245268014/detection
# Reference: https://www.virustotal.com/gui/file/a47d78e567c4b0ce9bd6d0835bd186fdb8b0a8e56425154ba2a701a47472ebbc/detection
# Reference: https://www.virustotal.com/gui/file/cf9682ab92a2ae4db58f21303b01191e5858246d44032c3ff73e7046a303e7e5/detection

cameework.com

# Reference: https://x.com/suyog41/status/2021094581933310236
# Reference: https://www.virustotal.com/gui/file/a940833dff6c7606665ad0315febed4a86443abebb613d8a7a34c7586d9f9efe/detection

autosalestallahasseefl.com

# Reference: https://x.com/suyog41/status/2021099145931673796
# Reference: https://www.virustotal.com/gui/file/006441b6f5f8c96ab4ba773764454023bfa06c377f79f6e2e4b3d2fc00fc89f8/detection

orlandoremodelingcompany.com

# Reference: https://x.com/suyog41/status/2021163720328491126
# Reference: https://www.virustotal.com/gui/file/2f2c83403a5fc47c10ecf827d10a260e791d2cdd32a2964912597256c9bc6f2a/detection

fixyourallergywithus.com
518nqmuofg15h8wzjqpxmmxawiwituxvfarstztzg5vc1z1xf8.pages.dev

# Reference: https://x.com/moonlock_lab/status/2021182079396962748
# Reference: https://www.virustotal.com/gui/file/292f7558eaaf756910ef75b444d979c4f34c12c76870340649d613b2a42a3e45/detection
# Reference: https://www.virustotal.com/gui/file/4b05ce5c51c5e1c733f51d8e27828464cf50674cbab5f3c8768f161c182b96a2/detection
# Reference: https://www.virustotal.com/gui/file/903f63d5249328172cd37c3ca40a5e4e423c729046203daea01711efb1b72410/detection

sektomas.com
xaceg.com

# Reference: https://x.com/L0Psec/status/2021298204784943160
# Reference: https://www.virustotal.com/gui/file/57d5ed9ef480ac7f087e03d405e6a64b9004366af49e984af6cad612b421a012/detection

sumhvmt6w2w43ddyp2ekh7xaur4xg561.pages.dev

# Reference: https://x.com/suyog41/status/2021581719971692729
# Reference: https://www.virustotal.com/gui/file/07fcc5a44318877001266ad650a82c7ed2eb4756e5df4d73cda86dfaefd7d96e/detection

myghibligenerator.com

# Reference: https://x.com/moonlock_lab/status/2021695650367226108
# Reference: https://www.virustotal.com/gui/file/64068d0b7fbef87a7af91834ead9bc0efa21f814b9e6a945b440db75bbcfed76/detection
# Reference: https://www.virustotal.com/gui/file/6292f64c81dbc57d5135c5773547cc6d79afa15efe4c90cfaf27e087c7aba701/detection
# Reference: https://www.virustotal.com/gui/file/c0676ba7726e6b4b836c2a07aacb92e41efd9eea7cbc31bbf1a7f9f9556dd4cb/detection

apple-mac-disk-space.medium.com
a2abotnet.com
raxelpak.com

# Reference: https://x.com/joe4security/status/2021562181343383741
# Reference: https://x.com/L0Psec/status/2021633029496820167
# Reference: https://www.virustotal.com/gui/file/53cba51776f65f64214698c99ec3aefe24bb78a111287b0a0d71ac096b0b530f/detection
# Reference: https://www.virustotal.com/gui/file/30f97ae88f8861eeadeb54854d47078724e52e2ef36dd847180663b7f5763168/detection

setup-service.com
download.setup-service.com

# Reference: https://x.com/suyog41/status/2021833883864772612
# Reference: https://www.virustotal.com/gui/file/0215393c5ac0b07b74263f4b8473bed5af04e522cf478adfef3c822f8b3836da/detection

a2achannel.com

# Reference: https://x.com/suyog41/status/2021834613703029154
# Reference: https://www.virustotal.com/gui/file/0119213a47928ded45829c4863eeeb7fda16119f0c2260cd7d5a818b59cec0b9/detection
# Reference: https://www.virustotal.com/gui/file/964bcf25a60c1c5416da51e0c15de6338bdd7bc5fc8faa9b44939bf4b1acc95d/detection
# Reference: https://www.virustotal.com/gui/file/cbe6067a9e1a2f4098c46baea2dc60b0073958fa6a1530f7bb8125255f38dd59/detection
# CERT_CN-HOST=minikube

gtleway.com
iejhfwl.website
mini-zmoto.com
share2e2git.quest
share2e2git.yachts
uranop.top
asia.gtleway.com
usa.gtleway.com

# Reference: https://x.com/suyog41/status/2022180739400581137
# Reference: https://www.virustotal.com/gui/file/ee3abb48b5f573ef75ea77d194714f6b56c6b268a3b2135efda1c04b3a667631/detection

x197y6njpmzgyxh848g1hm1rloo3axct0txicmeovkojxo00if5w.pages.dev

# Reference: https://x.com/thehappydinoa/status/2021682074004939089
# Reference: https://censys.com/blog/odyssey-stealer-macos-crypto-stealing-operation
# CLASS_0_HASH-IP=37c84619d2d9e8f23b0491a9aca53d80

http://103.109.100.144
http://103.109.100.163
http://176.46.138.39
http://176.46.138.41
http://177.93.141.109
http://185.7.219.81
http://185.93.89.134
http://185.93.89.60
http://185.93.89.9
http://194.0.234.209
http://208.122.221.203
http://36.255.98.10
http://37.221.66.14
http://62.60.131.149
http://62.60.135.48
http://62.60.135.74
http://77.90.185.24
http://77.90.185.25
http://77.90.185.29
http://77.90.185.62
http://77.90.185.66
http://77.90.185.72
http://83.222.191.196
http://83.222.191.199
http://83.222.191.211
http://83.222.191.212
http://83.222.191.215
http://91.198.77.27
http://94.242.55.24

# Reference: https://cyberandramen.net/2026/02/16/tracking-digitstealer-how-operator-patterns-exposed-c2-infrastructure/

b9c17edb.host.njalla.net
bchat.cc
beetongame.com
binance.comtr-katilim.com
cekrovnyshim.com
chiebi.com
comtr-katilim.com
ebemvsextiho.com
flowerskitty.com
host-185-193-126-219.njalla.net
ironswordzombiekiller.com
n8n.tribusdao.com
red-letter.org
rompompomsigma.com
siriustimes.info
siriustimes.rocks
th6969.top
theinvestcofund.com
tribusadao.com
yourwrongwayz.com

# Reference: https://x.com/suyog41/status/2023347939276632505
# Reference: https://www.virustotal.com/gui/file/bf7edb3afd18641dd0757d9f1b2ff7a9feb8684d1028eb2d36be968dc981c854/detection

ontarioqualitycedar.com

# Reference: https://x.com/suyog41/status/2023369362951086165
# Reference: https://www.virustotal.com/gui/file/7088d6d1e6504655ff414d9c3ce8d3cf1c365cfb2b8d85b6aa52acce31ffadb6/detection
# HOST-META=:"refresh":::"0;url='https://aftermarket.com/seller/onlytopcomdomainsforsale'"
# LOCATION-HOST=https://ud.me/gloriousman.com
# LOCATION-HOST=https://aftermarket.com/seller/onlytopcomdomainsforsale

1stboutique.com
24h-news.com
additionalphotos.com
adultperson.com
advantages.us
amazingfighter.com
amazingmonster.com
anadvisor.com
anotherphotos.com
apartmentsplace.com
apartmentstown.info
apartmentstown.link
appareldelivery.com
apps-store.info
audomainnews.info
awesomestudy.com
beautifulautos.com
bestautos.biz
bestclothing.se
binane.info
binanxe.info
binnance.info
bitcoineshop.com
blockchiin.info
brilliantcafe.info
brilliantcafe.online
buyafood.info
buyafood.link
buyat.shop
buyat.store
buythisfood.com
carwash.top
cheapbistro.com
checkour.link
checkour.shop
clickthe.website
clothingboutique.co
clothingboutique.co.uk
clothingboutique.de
clothingboutique.live
clothingboutique.net
clothingboutique.online
clothingboutique.pro
clothingboutique.site
clothingboutique.top
clothingboutique.website
clothingboutique.xyz
clothingcleaning.com
clothingcleaning.info
clothingluxury.com
clothingsalon.info
clothingsalon.online
clothingshop.one
clothingshop.pro
clothingshop.se
clothingstore.se
coffeehouse.top
conceptualstore.com
confidenced.com
coolwebstore.com
creationsforsale.com
creditcarddelivery.com
creditrepair.top
cryptomarket.vip
cuteholiday.com
cutevacations.com
cybereshop.com
deliveryofpizza.com
deluxeportfolio.com
dentalclinic.top
digitalexchange.se
digitalmarket.top
digitalmarketplace.one
digitalmarketplace.pro
digitalphotography.se
digitalphotos.online
digitalphotos.se
digitalshop.se
discountstore.se
domain-blog.info
domainnamecenter.info
e-marketplace.net
e-observer.com
e-photos.net
ebusinesscompany.com
editoring.com
electronicphotos.com
engineeringrepair.com
exclusiveguy.com
expertbro.com
expertdrinks.com
fashionclothing.biz
finealcohol.com
foodscooking.com
funnyhelp.com
furniturs.com
furniturs.info
galleryofphotos.com
gamestore.top
generators.top
givea.help
gloriousman.com
goodestore.com
goodestore.info
grandwebsite.com
greatestpage.com
greatez.com
greatwebshop.com
greatzer.com
grocerystore.se
handmading.com
hereislink.com
hilariousphotos.com
holdingsgroup.net
homeservices.top
iamwebsite.com
idealstatus.com
ilovesociety.com
inour.shop
internetboutique.biz
internetmarket.net
internetmarket.se
internetpage.biz
internetpage.one
internetpage.online
internetpage.pro
internetpage.se
internetstore.biz
internetstore.pro
internetstore.se
itiswebsite.com
itiswebsite.online
itsashop.com
itsthe.shop
itswebdesign.com
itswebsite.info
itswebsite.online
juicygarden.com
justmystore.com
largeboutique.com
largefinances.com
largestshop.com
leadingblog.info
leadingblog.online
licensedshop.com
linktoweb.site
lovelygaming.com
magichappiness.com
makea.click
makecleaning.com
makeclick.online
masterworks.pro
metalworks.pro
minijewellery.com
moneycrediting.com
mostpopularshop.com
mostpopularstore.com
myclothing.net
mynewtravel.com
newphotos.net
nicechildren.com
officialresidence.com
okayagency.com
online-shop.biz
online-website.com
onlineboutique.se
onlinemarketplace.one
onlinemarketplace.pro
onlinenews.se
onlineretail.net
onlineretailshop.com
onlineshop-hosting.info
onlineweb.space
onlybestclothing.com
openthelink.com
openthis.page
ourbestshop.com
ourfashionshop.com
ouronline.shop
ourtuning.info
ourtuning.online
ourwebsite.online
overmight.com
pageofme.com
pageto.click
partnerlimited.com
partnershipcompany.com
payforproducts.com
perfectauthor.com
perfectiser.com
personalhouses.com
placefortrade.com
placement.top
powerfulblog.com
premiumboy.com
productslimited.com
profiagency.com
profidentist.com
propertiesloans.com
prosmartstore.info
protech.top
publishercompany.com
residenceshop.com
restaurantcooking.com
retailingstore.com
richestshop.com
richsponsor.com
saintgirl.com
seriouspage.com
serviced.in
sexshop.top
shopper-deals.info
shopseek.info
shortclothing.com
smallershop.com
smartezo.com
smartmamashop.info
sponsors.pro
storeofclothing.com
stylishcasino.com
stylishfamily.com
stylishpictures.com
stylishpictures.info
successfulphotos.com
superartworks.com
suppliestrader.com
supporter.pro
sweetuniversity.com
teamrestaurant.com
the-apartments.com
the-clothing.com
theconsultingservices.com
thedigitalphotos.com
thedigitalphotos.info
thefashionclothing.info
thelarge.store
theperfect.me
thepro.website
thesmall.store
thevirtual.store
thisiswebsite.com
topclothing.store
topofdomains.com
topwebsite.net
topwebsite.online
tothe.store
tryeshop.com
tryeshop.info
trymyphotos.com
turboflights.com
unlimitedstartup.com
unofficial.pro
veterans.top
visitour.website
visitourshop.info
wearerestaurant.com
webconsulting.se
webnetwork.online
webshoper.com
webshoper.info
websitenumberone.com
worksforsale.com
worksportfolio.info
worksportfolio.link
worldstopdomains.info
worldstopdomains.link
yourculinary.com
yourdigital.store
yourinternet.site
yourinternetshop.com
yourmega.shop
yournew.shop
youronlyshop.com
yoursclothes.com
yoursmart.shop

# Reference: https://x.com/suyog41/status/2023736036354843065
# Reference: https://www.virustotal.com/gui/file/7088d6d1e6504655ff414d9c3ce8d3cf1c365cfb2b8d85b6aa52acce31ffadb6/detection

christinehoffman.com

# Reference: https://x.com/FABO97662188/status/2023820722674757888

http://199.217.98.33
http://38.244.158.56
malext.com
raytherrien.com

# Reference: https://www.virustotal.com/gui/ip-address/144.31.90.11/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.144.53.160/relations

all-lucky-byte.com
appstorrentmacos.com
clearcontrol2.com
get2mac.com
macforup.com
macx1gree.com
mymacgeniusheiper.com
mymacgeniushelper.com
mytorrentmasx.com
os1apps.com
download.appstorrentmacos.com
mac.os1apps.com

# Reference: https://x.com/suyog41/status/2024363333680582877
# Reference: https://www.virustotal.com/gui/file/ea349ae658ce24fdb994d8a2726314873b306a4c9714e8c66393a8154547c4a3/detection

pressureulcerlawyer.com

# Reference: https://x.com/suyog41/status/2024479497224147390
# Reference: https://www.virustotal.com/gui/file/359391bbed3585cac881d3e0cb1c5d3143f14381a676560dbda2e8d3317f1426/detection

virtualspeechtherapists.com

# Reference: https://x.com/motuariki_/status/2025105973132898450
# Reference: https://www.virustotal.com/gui/file/b4f83f9608c1517ee383d6bbb1975569f03086b85f07dd464d22f06bdad8bda3/detection

45h145.pages.dev
623ghjk62.pages.dev
63247wysh.pages.dev
apple-commands-2.pages.dev
apple-commands-3.pages.dev
apple-commands.pages.dev
apple-support-storage-help.pages.dev
asdasdasdasdasd-a7o.pages.dev
asfwqg.pages.dev
biopranica.com
center-h.it.com
dcasdasda.pages.dev
dfghujnhgyt7.pages.dev
disksolutma.it.com
fg7c2hj3kl6.pages.dev
g431y6.pages.dev
ghjnmhjuie.pages.dev
hkjfgfif.pages.dev
jtrey62.pages.dev
k51kjf9sm1l2k4l1.pages.dev
kayeart.com
mac-os-helper.com
macintosh-hub.com
macos-storageperf.com
mcstorsolution.it.com
photon-astro.com
sdfsdfsdf-9ce.pages.dev
secure-doproco.com
solutionmacspace.pages.dev
solutionmcstor.pages.dev
solutmadisk.pages.dev
spacesolutionmac.it.com
storage-apples.pages.dev
storg.pages.dev
support-disk.com
ty678uihjguy7io.pages.dev
vvcxzvx.pages.dev
w12512gf1.pages.dev
warp-terminal.com
wetkl274.pages.dev
ywe26.pages.dev

# Reference: https://x.com/L0Psec/status/2025194197641306370
# Reference: https://www.virustotal.com/gui/file/b8f713be3f9cce6d03fb60a233c4e08181015a5a8c8486b83683589d70d4c213/detection

northernvirginiapainting.com

# Reference: https://x.com/suyog41/status/2025809409172230326
# Reference: https://www.virustotal.com/gui/file/38b5018ed838678cb0f997cedb0b807b9930801aff6a086b0fe21722fa4cf9f9/detection

austincoindealer.com

# Reference: https://x.com/suyog41/status/2025806052332335614
# Reference: https://x.com/L0Psec/status/2026031838519570913
# Reference: https://www.virustotal.com/gui/file/fb8d3dafb67d5f388320807be5dc0a81c98da9657877524bdf371c211a2e99ed/detection
# Reference: https://www.virustotal.com/gui/file/9777317ec76efb96cb9c0cdf902435f311221b43525bac54e4403716d3ec19ca/detection

http://96.44.137.216
boosterjuices.com

# Reference: https://x.com/osint_barbie/status/2027258678978433419
# Reference: https://x.com/osint_barbie/status/2027258760507334982
# Reference: https://www.virustotal.com/gui/file/36b327aaee67424ca9aec28cd905331b27a9aac57b1b07627c64fd8692fdf3a8/detection
# BANNER_0_HASH-HOST=80b2702c2d5c1a6778cc23a8e6811465
# HEADER_HASH-HOST=f500a2389518f13abedc

303mattress.com
advanceddreams.com
apps-tahoe.com
axisjam.com
babyspedia.com
benaadironline.com
bermavidrio.com
bestoralcarebd.com
bewitchydating.com
bonjourdoll.com
bquickautotransport.com
broganfund.com
camdenhine.com
cardio-d3fence.com
celebratudespedida.com
coco-fun2.com
demaled.com
dharmikrami.com
espootapump.com
evanyalabs.com
femaleledworld.com
frolicforlife.com
get-mac-downloader.com
getpaidtoshipcars.com
henleyscleaning.com
holoxworldwide.com
hombressimbolicos.com
huntforwhitetails.com
icreaeditorial.com
ideafactorydesign.com
ihcdn.com
ikaaudio.com
ikasan.com
infinitydental-us.com
ironmanjosh.com
iyalojacoop.com
jetkonnect.com
jjdevelopment3.com
justjivie.com
lamestjamal.com
lilhomo.com
lnvilinbe.com
lumier-x.com
luzicleaning.com
marineso.com
maryambinfahad.com
maryannelatanyshyn.com
maxysai.com
missisoft.com
moalam.com
moltbot-io.com
muhibul.com
neighborsaver.com
netro-stmen.com
nivitv.com
noorets4so.com
nwesfactory.com
osmac-get.com
paulocruzes.com
purefellowship.com
rampageactive.com
readingtheneedle.com
restorationsmedia.com
rileycrabtreemusic.com
rollencharlies.com
shinygemlight.com
simmiddleeast.com
simpelecapp.com
stumbleandstirbeautybar.com
thefirstfollow.com
thevipstay.com
trackprotech.com
tradingview-terminal.com
tri2s-sh7es.com
valpem.com
watchzmall.com
whattodoincusco.com
whywetlandmatters.com
workingspells.com
wowirishtours.com
xhifting.com
xpressdispatchers.com
yourenergyispower.com
zeeklyons.com
a.apps-tahoe.com
a.get-mac-downloader.com
a.netro-stmen.com
a.osmac-get.com
b.apps-tahoe.com
b.netro-stmen.com
dev.simpelecapp.com
get.moltbot-io.com

# Reference: https://github.com/ChainK1ll/Daily_Intel/blob/main/MacSync

a2aagentive.com
alfredoway.space
argoflyleens.fun
argoflyleens.today
ballfrank.coupons
brokebin.fun
californiatireshop.com
clearwaterfishingcompany.com
cocinadecor.com
contatoplus.com
customwrapsnearme.com
elfrodbloom.city
elfrodbloom.today
foldexmoon.space
germansnipers.com
gosemobi.com
grapeballs.fun
greatwallk.com
groovyfox.coupons
houstongaragedoorinstallers.com
invesrting.com
iphotline.com
joeyapple.com
kuturu.com
loudounmovingcompany.com
mndivorcemediator.com
mondozer.com
octopox.com
oncetimers.com
phoenixfilmproductions.com
share2e2git.autos
shurktomb.space
sphereou.com
storageflipper.com
technicalchief.com
underword.fun
usedteslabuyers.com
vcopp.com

# Reference: https://x.com/L0Psec/status/2027542775542018442
# Reference: https://www.virustotal.com/gui/file/10f8c57e2301eac00e6f14c94b5ccb7d42f3972b8fcd74f819ba6d470d7da9a2/detection

rebidy.com

# Generic

/Arc12645413.dmg
/AGOV-Access.dmg
/otherassets/botnet
