# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: TA866

# Reference: https://twitter.com/WhichbufferArda/status/1608089945985486852
# Reference: https://www.virustotal.com/gui/file/f8cf2f07b20419758fbeaa23abae285c917df9c4e94a5259679993f8e9f37cab/detection
# Reference: https://www.virustotal.com/gui/file/aebb1578371dbf62e37c8202d0a3b1e0ecbce8dd8ca3065ab26946e8449d60ae/detection

http://141.98.82.254
/blob/8gu4bf.la5z
/blob/is4mlw.suqp

# Reference: https://tria.ge/221227-ktbbsshg51/behavioral1

http://116.202.18.132
/blob/q3k6tk.xi8o

# Reference: https://twitter.com/AnFam17/status/1607477672057208835
# Reference: https://twitter.com/AnFam17/status/1607479956870950913
# Reference: https://www.joesandbox.com/analysis/733720/0/html
# Reference: https://www.virustotal.com/gui/file/00f6b0a064a86b2566643178456211043732edbde4f6a5e9f829791c10e47141/detection
# Reference: https://www.virustotal.com/gui/file/4f9ad8a74aca60bf0cf3750c876313acc1e70d74e07a52dfeb3cb3c21f545b7a/detection

http://185.145.245.124

# Reference: https://www.virustotal.com/gui/file/4f9ad8a74aca60bf0cf3750c876313acc1e70d74e07a52dfeb3cb3c21f545b7a/detection

http://85.208.136.26
/blob/5iqmtn.iq54

# Reference: https://twitter.com/malware_traffic/status/1608673979132436481
# Reference: https://app.any.run/tasks/ceef5e3f-1f42-473b-8c7d-4692dcd117f1/

http://162.33.178.106
noetpode.com
/blob/5mloob.qqvr

# Reference: https://twitter.com/malware_traffic/status/1610385687781449730
# Reference: https://www.malware-traffic-analysis.net/2023/01/03/index.html

noteepad.hasankahrimanoglu.com.tr
/gjntrrm/zznb2o.hgfq

# Reference: https://twitter.com/1ZRR4H/status/1610590795278712832
# Reference: https://twitter.com/1ZRR4H/status/1610590799112159232

http://45.82.176.11
45.82.176.11:443
anydesk-for-desktop.com
aromaindianrestaurantlounge.com
install-anydesk.com
istaller-zoom.com
zoom-for-desktop.com
/blob/hf00ob.u4zc

# Reference: https://twitter.com/ViriBack/status/1610999181459738624

http://165.232.186.202
http://212.23.222.49
http://65.109.161.133
http://79.137.206.68
http://95.214.53.95

# Reference: https://twitter.com/Merlax_/status/1610830108373270530
# Reference: https://pastebin.com/yPBahSAk

http://104.168.32.136
http://107.148.130.121
http://146.70.157.76
http://152.89.196.174
http://167.235.202.111
http://172.86.123.86
http://179.43.142.109
http://179.43.142.142
http://179.43.142.29
http://179.43.142.37
http://179.43.154.157
http://179.43.154.168
http://179.43.154.212
http://179.43.155.136
http://179.43.155.144
http://179.43.156.145
http://179.43.156.151
http://179.43.162.115
http://179.43.162.79
http://179.43.163.118
http://179.43.175.136
http://179.43.175.230
http://179.43.175.34
http://179.43.176.13
http://179.43.176.39
http://179.43.176.54
http://179.43.176.68
http://179.43.176.78
http://179.43.187.233
http://179.43.187.95
http://185.209.160.18
http://185.209.160.99
http://185.223.93.141
http://193.233.234.13
http://193.38.55.7
http://193.42.33.180
http://193.42.33.42
http://193.42.33.73
http://193.47.61.174
http://194.4.49.152
http://217.12.201.112
http://31.41.244.157
http://31.41.244.38
http://34.150.88.233
http://45.138.74.237
http://45.144.30.114
http://45.182.189.195
http://45.66.151.81
http://45.81.39.102
http://47.57.236.111
http://5.182.39.203
http://5.230.73.134
http://5.75.171.154
http://62.204.41.57
http://62.233.50.246
http://62.233.51.95
http://78.46.190.160
http://79.137.194.240
http://79.137.202.78
http://85.209.135.172
http://88.210.12.126
http://89.22.230.175
http://91.202.5.208
http://95.179.136.89
104.168.32.136:443
107.148.130.121:443
146.70.157.76:443
152.89.196.174:443
167.172.69.255:443
167.235.202.111:443
172.86.123.86:443
179.43.142.109:443
179.43.142.142:443
179.43.142.29:443
179.43.142.37:443
179.43.154.157:443
179.43.154.168:443
179.43.154.212:443
179.43.155.136:443
179.43.155.144:443
179.43.156.145:443
179.43.156.151:443
179.43.162.115:443
179.43.162.79:443
179.43.163.118:443
179.43.175.136:443
179.43.175.230:443
179.43.175.34:443
179.43.176.13:443
179.43.176.39:443
179.43.176.54:443
179.43.176.68:443
179.43.176.78:443
179.43.187.233:443
179.43.187.95:443
185.209.160.18:443
185.209.160.99:443
185.223.93.141:443
193.233.234.13:443
193.38.55.7:443
193.42.33.180:443
193.42.33.42:443
193.42.33.73:443
193.47.61.174:443
194.4.49.152:443
217.12.201.112:443
31.41.244.157:443
31.41.244.38:443
34.150.88.233:443
45.138.74.237:443
45.144.30.114:443
45.182.189.195:443
45.66.151.81:443
45.81.39.102:443
47.57.236.111:443
5.182.39.203:443
5.230.73.134:443
5.75.171.154:443
62.204.41.57:443
62.233.50.246:443
62.233.51.95:443
78.46.190.160:443
79.137.194.240:443
79.137.202.78:443
85.209.135.172:443
88.210.12.126:443
89.22.230.175:443
91.202.5.208:443
95.179.136.89:443

# Reference: https://twitter.com/ViriBack/status/1611091230779138072

http://116.202.18.132
http://141.98.82.254
http://179.43.154.212
http://179.43.163.118
http://194.4.49.152
elon-first.com
myada2x.com
myevent22.net
v1477680.hosted-by-vdsina.ru

# Reference: https://twitter.com/0xrb/status/1611241904917876737

http://192.30.243.151
http://216.250.255.148
http://216.250.255.149
http://5.44.251.17
http://5.44.251.20
http://82.115.223.169
http://85.192.49.170
116.202.18.132:443
141.98.82.254:443
162.33.178.106:443
165.232.186.202:443
192.30.243.151:443
193.56.146.6:443
212.23.222.49:443
216.250.255.148:443
216.250.255.149:443
5.44.251.17:443
5.44.251.20:443
65.109.161.133:443
79.137.206.68:443
82.115.223.169:443
85.192.49.170:443
95.214.53.95:443

# Reference: https://twitter.com/suyog41/status/1611326908041682952
# Reference: https://www.virustotal.com/gui/file/ae82c37e4a6ec833aa743244b942033dcdd10f163cc45af519fa693ce035a002/detection

/blob/oay66h.aw7p

# Reference: https://twitter.com/Merlax_/status/1611412523663912961

kukazanatena.co.ke
theabevalle.com

# Reference: https://twitter.com/idclickthat/status/1612268584020971520
# Reference: https://twitter.com/1ZRR4H/status/1612472092326346752

install-zoom.com
virtualbse.com

# Reference: https://twitter.com/1ZRR4H/status/1613275088098304002

bluestacks-install.com
zoom-meetings-download.com
zoom-meetings-install.com
zoomus-install.com

# Reference: https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/

anydleslk-download.com
install-anydeslk.com
zoom-video-install.com
zoomvideo-install.com

# Reference: https://threatfox.abuse.ch/ioc/1068137/

textedit-notepad.com

# Reference: https://threatfox.abuse.ch/ioc/1068138/

http://164.90.172.224

# Reference: https://www.virustotal.com/gui/file/a2e9a2389faf04b67fbbd6fc71134860a145db7643d88ba312390493d5619302/detection

/blob/jb59sc.rk2g

# Reference: https://www.virustotal.com/gui/file/da16f2574eeab4267e24f416d625ed8ced553ed25bc51f22860ef565fa1c3f92/detection

http://31.41.244.16
/chachacha/ec3wm4.8xb6

# Reference: https://twitter.com/1ZRR4H/status/1614728368334716932
# Reference: https://twitter.com/1ZRR4H/status/1614728371644125187
# Reference: https://twitter.com/1ZRR4H/status/1614821592550326275

http://77.91.122.230
fargonding.store
hughtexeideas.store
mororead.store
rontr.store
montofagasta.store
rontreal.store
slavyanmar.store
toysbrasnovo.store
obs-project.festcommerzblog.com

# Reference: https://twitter.com/IronNetTR/status/1615757537273315365
# Reference: https://github.com/IronNetCybersecurity/IronNetTR/blob/main/ironradar/rhadamanthys/ironradar_1d_rhadamanthys_2022_1_18.csv

152.89.198.59:443
157.254.194.23:443
172.105.5.70:443
179.43.142.40:443
179.43.156.132:443
179.43.175.114:443
179.43.187.233:3306
185.209.160.43:443
185.225.74.144:443
185.225.74.200:443
185.81.68.104:443
memtromeds.com
moosdies.top

# Reference: https://twitter.com/DonPasci/status/1616428435550740482

sourcegimp.com
sourcsegimp.com
soursegimp.com

# Reference: https://www.virustotal.com/gui/file/c27d7174b52a423cdd51187de5c53bd0f3dfebbc76f92575864f3ba4abf2f012/detection

http://79.137.197.29
/rfbqtotg/Dpcejhz.bmp

# Reference: https://twitter.com/crep1x/status/1623394701456859137
# Reference: https://tria.ge/230208-kpd7wshc6t/behavioral2
# Reference: https://www.virustotal.com/gui/file/b2a3e00ad2ee588b552137c94d5f3a4611c2f40d0be23ef6b6b12227baa24ae4/detection
# Reference: https://www.virustotal.com/gui/file/9b6f87d991b04b9eb7c1b5e4bff6b2fff7c8b53156396c1e60ee9523ddd9ece9/detection
# Reference: https://www.virustotal.com/gui/file/04aca53d460d19c73283bcd131e56ccbd4384d5303400dc318d3371b2edba522/detection

http://109.206.243.168
http://144.76.33.241
http://179.43.154.216
http://179.43.154.219
http://78.47.79.11
http://91.215.85.157
193.149.180.103:3301
193.149.180.103:666
/dewight1/colibri.api
/update/nti4ta.3dhh
/nti4ta.3dhh

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/Rhadamanthys_Stealer_Panels_10_02_2023.txt

http://179.43.142.71
http://179.43.154.164
http://179.43.176.21
http://94.142.138.26
179.43.142.71:443
179.43.154.164:443
179.43.176.21:443
94.142.138.26:443

# Reference: https://twitter.com/nao_sec/status/1625691518509121537

http://79.137.204.54
/custints/g73lab.id9x

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/Rhadamanthys_Panel_scan_16-02-2023_01-03-32.txt

45.137.66.211:443

# Reference: https://twitter.com/BroadAnalysis/status/1630680889771323392
# Reference: https://www.virustotal.com/gui/file/001e6a0bc8566e594f377a33e4d108bba5821e407d38ddd745fe2477ae23a7ff/detection

http://191.101.14.159
/abctop/rfvnq4.co0l

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Aurora_Stealer/txt/Aurora_Panel_scan_02-03-2023_19-30-23.txt

179.43.142.172:443
195.3.223.120:443
195.3.223.218:443

# Reference: https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me
# Reference: https://otx.alienvault.com/pulse/63e3c458fe346cfc050d6880
# Reference: https://www.virustotal.com/gui/file/09c26bfe15d9ac65a9a4a73ccaf20c352d496feecb6a7fd3d5ce3b27d16faeea/detection

http://79.137.198.60
annemarieotey.com
anyfisolusi.com
black-socks.org
bluecentury.org
duinvest.info
duncan-technologies.net
enigma-soft.com
expresswebstores.com
fgpprlaw.com
footballmeta.com
gfcitservice.net
listfoo.org
mikefaw.com
otameyshan.com
peak-pjv.com
repossessionheadquarters.org
samsontech.mobi
shiptrax24.com
southfirstarea.com
styleselect.com
thebtcrevolution.com
virtualmediaoffice.com

# Reference: https://www.zscaler.com/blogs/security-research/technical-analysis-rhadamanthys-obfuscation-techniques
# Reference: https://otx.alienvault.com/pulse/63f63a41659035a81b740554

/blob/vpuu9i.7b4x

# Reference: https://twitter.com/AuCyble/status/1632625549964361730
# Reference: https://www.virustotal.com/gui/ip-address/185.137.235.119/relations

chatgptsinstall.com
exchangecash.online
getchatgptapi.com
getchatgptapp.com
gpt-chat-app.org
gptchatdownload.com
gptchatdownloadpc.com
gptchatdownlod.com
hyperplayofficial.com
inkscapeapps.com
installchatgpt.me
installchatgpt.online
installchatgpt.org
installwebex.com
installwebex.online
lastpass-app.com
lastpassinstall.com
lastpassofficial.com
lastpassofficial.me
lhyperplay.com
metamask-apps.com
officialhyperplay.com
officialschatgpt.com
officialstargate.com
setupchatgpt.com
sketchup-tool.com
snapclhats.com
snapclnats.com
web-ex-app.com
webex-meetings.com
webex.icu
webexsign.com
webexsign.org

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_10-03-2023_23-22-36.txt

193.149.185.118:443
45.77.66.151:443

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_16-03-2023_19-43-54.txt

87.251.67.40:443
91.215.85.157:443

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_23-03-2023_19-17-12.txt

185.225.73.180:443

# Reference: https://www.virustotal.com/gui/file/90bfffe7bfde826f6204ef3546d139b6293d37ef59dbf2cc9d685eb6bb6c8d23/detection
# Reference: https://www.virustotal.com/gui/file/4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3e/detection

/ggkanor/0mv8dc.bqmu
/0mv8dc.bqmu

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/csv/Rhadamanthys_2023-04-13_16-24-28.csv

http://108.61.189.120

# Reference: https://twitter.com/crep1x/status/1649067627996672000
# Reference: https://www.virustotal.com/gui/file/58105a9ffb1d4675481d1c945d20630807f9dc2dc3d107a66f2d928125508226/detection

http://104.156.149.126

# Reference: https://twitter.com/g0njxa/status/1645559497987850241

/fredom/YTmeta.api

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_Panel_scan_27-04-2023_16-34-09.txt

http://179.43.142.172
http://185.225.73.180
http://45.77.66.151
179.43.142.172:443
185.225.73.180:443
45.77.66.151:443

# Reference: https://twitter.com/powershellcode/status/1678470714024939520

http://185.228.234.189
185.228.234.189:443

# Reference: https://twitter.com/g0njxa/status/1682332969451569153

rhadwikiwwzr6sfzygsr3qh7lwu5ghnaoupxwpsj2xuxjcgcebikh7id.onion
stealerskymtni3tiagmx3pqktjgkm2iigwj6e2touws773emrfjvoyd.onion

# Reference: https://threatfox.abuse.ch/ioc/1146917/

45.81.39.169:8889

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2023-08-03)

http://104.156.149.126
http://109.206.240.181
http://109.206.243.168
http://116.202.18.132
http://116.203.136.70
http://143.198.207.43
http://144.76.33.241
http://156.227.6.50
http://162.33.178.106
http://162.33.178.64
http://164.90.172.224
http://179.43.142.201
http://179.43.142.29
http://179.43.142.39
http://179.43.142.40
http://179.43.154.181
http://179.43.154.216
http://179.43.154.219
http://179.43.155.198
http://179.43.155.206
http://179.43.156.145
http://179.43.162.87
http://179.43.176.6
http://179.43.187.95
http://185.209.160.43
http://185.209.160.99
http://185.225.73.180
http://185.246.221.59
http://185.250.205.73
http://191.101.14.159
http://193.233.20.1
http://193.37.70.80
http://193.38.55.238
http://193.42.33.73
http://195.3.223.120
http://198.135.54.147
http://216.250.255.149
http://31.192.237.70
http://31.41.244.38
http://31.41.244.80
http://35.220.153.89
http://40.82.159.41
http://45.12.253.133
http://45.128.234.63
http://45.131.66.61
http://45.15.159.234
http://45.150.65.4
http://45.66.151.81
http://45.82.176.11
http://45.9.74.71
http://46.36.219.3
http://5.206.224.182
http://5.230.73.134
http://62.233.50.246
http://62.233.51.122
http://62.233.51.95
http://65.109.161.133
http://68.183.230.60
http://77.91.122.230
http://78.47.79.11
http://79.110.62.195
http://79.137.204.54
http://79.137.206.68
http://79.137.248.54
http://81.161.229.234
http://85.192.49.170
http://85.208.136.26
http://89.22.230.175
http://91.215.85.157
http://91.215.85.173
http://95.214.53.95
101.99.91.115:443
104.156.149.126:443
107.148.129.135:443
108.61.189.120:443
109.123.252.250:443
109.206.240.223:443
139.28.37.187:443
141.98.11.18:5351
141.98.6.20:2050
141.98.6.78:2205
142.11.215.202:443
144.76.33.241:443
146.190.162.187:443
146.190.228.125:443
159.65.13.48:443
162.0.217.254:443
163.123.142.243:443
164.90.172.224:443
165.22.48.84:443
167.235.139.187:443
176.113.115.86:443
179.43.142.104:443
179.43.142.107:443
179.43.142.23:443
179.43.154.183:443
179.43.154.219:443
179.43.154.224:443
179.43.154.240:443
179.43.154.245:443
179.43.156.141:443
179.43.156.143:443
179.43.162.2:443
179.43.162.87:443
179.43.162.89:443
179.43.162.94:443
179.43.162.99:443
179.43.163.126:443
179.43.175.195:443
179.43.175.197:443
179.43.176.6:443
179.43.187.197:443
179.43.187.201:443
179.43.187.217:443
179.43.187.80:443
185.107.237.56:443
185.17.0.142:4348
185.209.161.81:2022
185.209.162.190:8080
185.224.129.51:8080
185.225.73.181:443
185.242.87.157:443
185.246.222.251:7469
185.246.222.75:443
185.250.205.73:443
185.250.205.73:8080
185.254.37.92:443
185.43.223.200:443
185.99.133.136:443
188.225.35.87:443
193.149.180.103:443
193.233.20.1:443
193.37.70.80:443
193.37.70.91:443
193.38.55.238:443
193.42.32.236:9070
193.42.33.123:443
194.180.48.102:443
194.180.48.19:443
195.133.40.229:443
195.201.37.208:443
195.3.223.214:5130
212.192.246.118:443
212.193.30.57:8080
212.87.204.3:8080
23.106.124.111:443
23.254.167.32:5892
31.41.244.16:443
37.220.87.35:443
45.12.253.133:443
45.12.253.181:443
45.12.253.92:7079
45.128.234.197:443
45.128.234.63:443
45.150.67.45:443
45.153.186.15:443
45.159.188.236:6779
45.159.188.66:6893
45.159.189.31:3047
45.77.32.158:443
45.81.39.169:8889
45.9.74.150:8080
45.9.74.71:443
46.175.150.169:443
5.206.224.182:443
5.230.68.142:443
5.230.73.94:443
5.230.75.236:443
5.75.142.184:443
5.75.168.236:443
62.204.41.88:443
62.233.51.121:443
62.233.51.122:443
77.91.68.146:8080
79.133.180.168:443
79.137.195.45:8080
79.137.197.174:443
79.137.199.193:443
79.137.204.54:443
79.137.248.54:443
80.66.88.72:443
81.161.229.177:443
81.19.140.83:2077
82.115.223.174:8080
84.54.50.158:443
84.54.50.159:443
85.192.49.170:6636
85.217.144.82:443
87.120.88.209:5211
87.251.67.77:443
91.103.252.25:5894
91.213.50.62:443
91.215.85.145:443
91.228.197.254:443
94.131.106.71:443
94.142.138.27:443
95.214.25.203:4033
95.214.27.17:443
95.214.27.198:443
95.214.27.214:443
/blob/hiu6qd.5u17
/blob/swz9lm.1e3k
/blob/u4z70m.ft7e
/bnlib/upc0ac.61j3
/cylook/ki5lbl.zdvr
/logimamonta/LEND.api
/logimamonta/youtube.api
/modlib/o6u3ke.661c
/work/nfw74d.xos1
/84x7k7op.1fspl

# Reference: https://www.virustotal.com/gui/ip-address/5.255.107.172/detection

http://5.255.107.172

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/Rhadamanthys/txt/Rhadamanthys_C2_21_07_to_31_08_2023.txt

136.243.177.54:8010
179.43.142.126:6546
185.17.0.221:3709
185.221.67.14:3142
185.225.73.49:4851
185.244.48.109:7314
192.236.147.141:1642
193.109.85.76:6623
208.91.189.147:2905
212.23.221.72:4907
23.152.0.240:7033
45.66.230.106:8748
91.103.252.25:4681
94.156.102.83:4925
94.156.253.150:7546
95.216.58.127:3364
95.217.10.109:7820

# Reference: https://www.virustotal.com/gui/file/717c6d49e4df554a386191492a5b0096dc3d07000de5ed58d2862872ef3b83cc/detection
# Reference: https://www.virustotal.com/gui/file/b904fa91c8949cb19ba7a9b91e87da13cc47facd826f8bf31f71bbd5ce201928/detection
# Reference: https://www.virustotal.com/gui/file/96a42e9c48bdff00a465e584305b5f031510da8e49409e78518022a8ee232304/detection
# Reference: https://www.virustotal.com/gui/file/457175fc2d1304df94e6e411944f188a97f11753991caf80f6e9f15e34d478b4/detection
# Reference: https://www.virustotal.com/gui/file/08f91bf3a2c4bc8e1cbf4c15a19c4d83ce3af95b2c36260e6ace75450ccc5df0/detection

http://172.217.16.206
http://45.12.253.137
connecteds.online
/files/wdssbp/Azaza
/files/wdssbp/Azaza3
/files/wdssbp/Fido
/files/wdssbp/Fido2
/files/wdssbp/GameBoy
/files/wdssbp2/Bronder
/files/wdssbp2/DoomInstaller
/files/wdssbp2/SensApiD
/files/wdssbp2/SensApiE
/files/wdssbp/
/files/wdssbp2/
/wdssbp/Azaza
/wdssbp/Azaza3
/wdssbp/Fido
/wdssbp/Fido2
/wdssbp/GameBoy
/wdssbp2/Bronder
/wdssbp2/DoomInstaller
/wdssbp2/SensApiD
/wdssbp2/SensApiE

# Reference: https://twitter.com/karol_paciorek/status/1703732303367672306
# Reference: https://tria.ge/230918-mx2dhagg7t/behavioral2
# Reference: https://tria.ge/230918-nbz4zsgh4s/behavioral1
# Reference: https://www.virustotal.com/gui/file/1aafbb728f50518d78e14ef7018338f07453a9715f5bc037606ce6c140ee44c3/detection

171.22.28.205:8181
185.244.48.240:3619
194.180.49.48:9715
31.222.238.209:7702
49.13.68.19:6435
79.133.180.126:3886
94.131.112.209:9856
94.156.102.165:443
95.214.55.177:2474

# Reference: https://twitter.com/JAMESWT_MHT/status/1717514680422313988
# Reference: https://twitter.com/reecdeep/status/1727969240756441236
# Reference: https://app.any.run/tasks/cc1a66bf-8b29-400e-967b-9687e2411abb/
# Reference: https://www.virustotal.com/gui/file/28ee2b81591ace7a552b3a921e9efb6128041cdf6634d5570283225ea3db7a20/detection

23.152.0.240:3957
/835a189ccf9d6badf60eacc/6rs81itm.nx5p8
/835a189ccf9d6badf60eacc/oafcpjjl.sp0ps
/835a189ccf9d6badf60eacc/oafcpjjl.sp0
/6rs81itm.nx5p8
/oafcpjjl.sp0ps
/oafcpjjl.sp0

# Reference: https://threatfox.abuse.ch/ioc/1196609/

65.21.101.233:4714

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2023-11-10)

http://163.123.142.243
185.170.144.159:6918
185.221.196.69:5127
185.250.45.93:8925
212.23.221.72:7797
31.192.236.94:6642
5.42.65.27:4811
82.115.223.128:9081
87.121.221.145:9271
91.103.252.25:1033
91.103.252.25:1746
91.103.253.174:1199
94.103.94.153:7414
94.156.102.175:443
95.181.173.164:9397
95.214.55.177:1689

# Reference: https://twitter.com/karol_paciorek/status/1727314303752208410
# Reference: https://www.virustotal.com/gui/file/a96d1f994a40cde4bb1bf6f80ce96af5b7e7d934edbb95100ab2fb777f8f2d84/detection

http://185.221.196.81

# Reference: https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
# Reference: https://www.virustotal.com/gui/file/bb8bbcc948e8dca2e5a0270c41c062a29994a2d9b51e820ed74d9b6e2a01ddcf/detection

104.129.128.188:9537

# Reference: https://twitter.com/g0njxa/status/1743248482750652723
# Reference: https://app.any.run/tasks/616d2fa4-9595-4b0b-be84-dd5580df2fc5/

176.113.115.224:6230
185.130.226.143:6575
kms-full.com
kms-product.eu
kms-product.pro

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2024-01-05)

http://217.197.107.138
165.232.87.210:5945
185.209.161.162:19000
193.233.132.95:3699
195.3.223.126:4287
77.246.104.220:3422
91.92.242.217:19000
91.92.249.101:443
91.92.253.159:19000
91.92.253.3:19000
95.214.25.71:1645
95.217.82.39:19000

# Reference: https://twitter.com/reecdeep/status/1745391796706795673
# Reference: https://app.any.run/tasks/877c5718-df46-40e8-af49-4f9c139205ca/

141.105.68.140:9392

# Reference: https://any.run/malware-trends/rhadamanthys (# 2024-01-25)
# Reference: https://www.virustotal.com/gui/file/3cfb7fec43036027f8bde45526ecd6d3d4ee2a51fb6d4476d5cd398ced8a3c17/detection
# Reference: https://www.virustotal.com/gui/file/3778411ff33576685f13f163cac7b3452ea7bdce7caa92924ff5194d4b5d0785/detection

http://212.193.30.32
http://31.220.57.50
amxt25.xyz
motorline.pw
mylangroups.com
8002.motorline.pw
api.mylangroups.com
/CRYPTORPROLIV
/a6ba5b1ae6dec5f7c/
/a6ba5b1ae6dec5f7c/8tkf22v9.ed2jd
/a6ba5b1ae6dec5f7c/j5e4ok98.h44x9
/abctop/oy7xup.thms
/api/59ywc1.5oic
/api/5uwuz3.sr4b
/api/9wcnem.x0vs
/api/CRYPTORPROLIV
/api/mpnz0d.fxbz
/modlib/79q4x9.fkc9
/modlib/8q85xm.zmam
/wgetlist/in60fc.j42a

# Reference: https://twitter.com/banthisguy9349/status/1753719065007239582
# Reference: https://www.virustotal.com/gui/file/b2345de696d1605616e1c5264570288737796e7b39dfa176d882d96b47e4bede/detection

http://185.216.70.80
185.216.70.80:1799
/5ceebbbb9bccc4449a/b42ta04b.sp33o
/5ceebbbb9bccc4449a/
/b42ta04b.sp33o

# Reference: https://twitter.com/h2jazi/status/1758507658791862627
# Reference: https://www.virustotal.com/gui/file/5cb65b469023dcc77ede21c66a753fa9cbe67597aae142958fce4936ce3974aa/detection

185.23.108.220:6339

# Reference: https://twitter.com/doc_guard/status/1760295318808121348
# Reference: https://www.virustotal.com/gui/file/1c7476c33f0d56e970dbfad87da96739d74bbd1928c4a044715ea75f61e72192/detection

whitemansearch.shop

# Reference: https://twitter.com/ViriBack/status/1769336570459386268
# Reference: https://twitter.com/ViriBack/status/1769340643883581816
# Reference: https://www.virustotal.com/gui/file/098318e3517c6d2f526bc6aaccb02a5f37fb615069b1656b5ba176dd6385a581/detection

http://185.172.128.170
wexe.ink

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
# Reference: https://www.virustotal.com/gui/file/bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203/detection

151.236.21.128:4738
192.121.16.228:22
astrosphere.world
puttyconnect.info
zodiacrealm.info

# Reference: https://twitter.com/r3dbU7z/status/1772940912919740719
# Reference: https://www.virustotal.com/gui/ip-address/188.40.171.105/relations
# Reference: https://www.virustotal.com/gui/file/1910a3ea0c95c9a15e6695eaff4c1c4a71ad7440a56fc4df893ea506146661e8/detection
# Reference: https://www.virustotal.com/gui/file/8568a043bbf74369e69ddc8d59d78f10260810e4b551ab4b0284106f3cfbbbd3/detection

45.147.199.21:2314
bedispio.wiki
cilyseyann.org
daikenn.club
inatekrin.ink
keauniolas.org
ndsikapher.cloud
sarianarg.com
winoxarl.pro
zahogon.vip
zesteka.pro

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
# Reference: https://otx.alienvault.com/pulse/66017db30442d5ba6d624260

arnaudpairoto.com
/onserver3.php

# Reference: https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign
# Reference: https://www.virustotal.com/gui/ip-address/37.1.212.198/relations
# Reference: https://otx.alienvault.com/pulse/65a98e9c335df7bc26b4d81a

http://37.1.212.198
mycasemembers.icu
scanner-ip-adv.com
tradingviewapp.icu
tradingviewapp.sbs

# Reference: https://www.virustotal.com/gui/file/0b2fe8188163d143a4c7fe09ce892dcf45fe0e43ca869ec8e65cca020ee06cb2/detection

http://77.221.137.22
77.221.137.22:443
/a8bdd0312f3daae757dcbbe2/s7gxggiw.fsc1l
/s7gxggiw.fsc1l

# Reference: https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer

indscpm.xyz
94.131.104.223:443

# Reference: https://twitter.com/K_N1kolenko/status/1779788792552906932
# Reference: https://www.virustotal.com/gui/file/c829be0e78641329583de11672027a67cb3fc2ba31059e258a87001953b8f4ac/detection
# Reference: https://www.virustotal.com/gui/file/4d7ff7ef62614937e0cbebbd3f454a1df8f1752788a29709a1256d78393c0662/detection

185.234.216.132:2130
/5cd712a757a55321d4/ecvfk21e.20bg8
/5cd712a757a55321d4/dpddjk53.13lbs
/dpddjk53.13lbs
/ecvfk21e.20bg8

# Reference: https://twitter.com/x3ph1/status/1765502001469636955
# Reference: https://tria.ge/240306-z2rq3sae4y/behavioral1

91.92.251.50:3399
viewdocsfile.xyz
hv.viewdocsfile.xyz

# Reference: https://twitter.com/johnk3r/status/1790387254315118707

opensun.monster
stand-dog.com
/2704e.bs64

# Reference: https://x.com/malwrhunterteam/status/1813432141486665759
# Reference: https://www.virustotal.com/gui/file/52a1115da23f47ccb3b9f0cb5b96741472e757c833082434ef6f7fe4a39d4d21/detection
# Reference: https://www.virustotal.com/gui/file/03011232c01450af9a42fb5f3954dcb40c36c9ba9ad06d6a213febda03c5bd8f/detection
# Reference: https://www.virustotal.com/gui/file/b940bf46f79be84b95f0cc1718cd020f76ee1a99a64023a859c25f9b53543e76/detection

79.110.49.242:2075
/8f30b20831bade7a2/bmtox8we.0cepo
/8f30b20831bade7a2/63qlt2hh.c7rth
/8f30b20831bade7a2/
/63qlt2hh.c7rth
/bmtox8we.0cepo

# Reference: https://x.com/r3dbU7z/status/1815405709972193765
# Reference: https://www.virustotal.com/gui/ip-address/144.76.48.53/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.130.255.143/relations

afternburner.org
alerstat.org
amorefysuop.pro
bidalopswer.org
brarve.com
brlave.com
coverahug.org
discoverahuge.org
dogpoorse.com
doweoanst.pro
finsthis.cloud
foojerwa.ink
fostoopas.cloud
fostoopas.site
hoopsature.click
imbajodoobveb.pro
mireiaskqans.com
notion.ws
proxybrowse.org

# Reference: https://x.com/r3dbU7z/status/1815738131439632828
# Reference: https://app.validin.com/detail?find=5.9.198.36&type=ip4&ref_id=7210e896344#tab=resolutions

koloosdas.life
iit-consulting.org
macrium.org

# Reference: https://x.com/JAMESWT_MHT/status/1815399555183034464
# Reference: https://app.any.run/tasks/7662f569-af72-4c37-a1ed-f4ef3d14c0a7/
# Reference: https://www.virustotal.com/gui/file/7568695926acc0184a6d8364e55c2fec814fc7800641ae30e8a69a4f2c39e5b5/detection

http://74.119.195.176
109.120.176.41:4394
109.120.176.41:443
74.119.195.176:4443

# Reference: https://www.virustotal.com/gui/file/d94ffbeb0ca3a1ed919281dc57e95cd34064bc053f59ec69d9cdbb5d6a714b36/detection

http://217.197.107.154
/e0bd9c1f4515facb49/m58gpf5u.6eabm
/e0bd9c1f4515facb49/
/m58gpf5u.6eabm

# Reference: https://www.virustotal.com/gui/file/7587be1d73dd90015c6200921d320ff0edcec19d7465b64d8ab8d12767c0f328/detection

http://85.28.47.139
/e0bd9c1f4515facb49/gj28n35o.2n73x
/gj28n35o.2n73x

# Reference: https://www.virustotal.com/gui/file/35a70792a57447358477e5ca678420f14f577ed8e7956c9ee9013b8633d7feac/detection
# Reference: https://www.virustotal.com/gui/file/141ee34a8afb8f5a9d47e4910395bc70098a40ab46eb65bf3fb0b8e7c415c956/detection

176.124.198.186:443
77.91.77.200:443
/e0bd9c1f4515facb49/tcg5blro.3wf1o
/tcg5blro.3wf1o

# Reference: https://www.virustotal.com/gui/file/7a1a58f0b66bc1a1c0920c247f6a150e50bcd28c8c6092e2c65f7c499e1dd40f/detection
# Reference: https://www.virustotal.com/gui/file/209c1b59720cd3e725445eb2b41f6fdc3ce523b88a9d9e5f581118e50dfa6bfa/detection

45.15.159.127:8287
/f530c8c20d51d6283e9594a/1b9n5xj5.5c38n
/f530c8c20d51d6283e9594a/6vox1v1p.ssmgs
/f530c8c20d51d6283e9594a/
/1b9n5xj5.5c38n
/6vox1v1p.ssmgs

# Reference: https://www.virustotal.com/gui/file/d247f757d8b0b96aa59a1d1af2f06677a4bf88d4ec9d9bf2087988159157888a/detection
# Reference: https://www.virustotal.com/gui/file/059b0277ed5bbf9978f41482d69177840201223cd6001788d0de6d3c9ea990a2/detection

http://41.216.183.3
91.92.243.113:3099
/a9f45d765b01a030d5d/cft96hcx.2grjb
/a9f45d765b01a030d5d/
/cft96hcx.2grjb

# Reference: https://research.checkpoint.com/2024/stargazers-ghost-network/
# Reference: https://www.virustotal.com/gui/file/64a49ff6862b2c924280d5e906bc36168112c85d9acc2eb778b72ea1d4c17895/detection
# Reference: https://www.virustotal.com/gui/file/060de3b4cf3056f24de882b4408020cee0510cb1ff0e5007c621bc98e5b4bdf3/detection

147.45.44.73:1488
147.78.103.199:2529
89.23.98.116:1444

# Reference: https://www.virustotal.com/gui/file/1fd5d4bbe948c9c60602392c338ea07fdbe44dea6216013a62c180aea97d2c1f/detection
# Reference: https://www.virustotal.com/gui/file/2003e381ae90e155ee9e413ecb9d696b5e01b0774a619fd72a02d31b85e74177/detection

195.85.250.221:4827
/dd66d96a09e5b9d57/6k1r96p5.g2eon
/dd66d96a09e5b9d57/
/6k1r96p5.g2eon

# Reference: https://www.virustotal.com/gui/file/0977091d893c69b8e301044c06e4f6a8016b4ee4d79c5810c6d21951598aa195/detection
# Reference: https://www.virustotal.com/gui/file/0b0b55d288891d1e995aa5c0a187f86388155156d1075b1279a82b9a33101754/detection

82.115.223.43:25565
82.115.223.93:3869

# Reference: https://www.virustotal.com/gui/file/2812bff1ead67a077addcb6191a223fb213d4382610ba78c30bd410190195dc5/detection

94.156.8.76:4283

# Reference: https://www.virustotal.com/gui/file/1444be93622b4eb94453dc89c3b2d547db6e4a6c45de0f3ad7ccdf19e89ad756/detection

147.45.44.27:2656
/5dc721849275d2052d68b45e/ut5m8tlp.n072k
/5dc721849275d2052d68b45e/
/ut5m8tlp.n072k

# Reference: https://www.virustotal.com/gui/file/4d475ad0c121a381c0997ba4a608c54ad5c5c0e5fe80561cfeab39c15486472d/detection

147.45.44.25:5877
/d36cbb23c68ffaff25/vjj0dpxt.ggr8h
/d36cbb23c68ffaff25/
/vjj0dpxt.ggr8h

# Reference: https://www.virustotal.com/gui/file/2ae394f90549041bd6e745e28feab1eb7b9d3c24128c3dc9782ca4ed2e978d04/detection
# Reference: https://www.virustotal.com/gui/file/0c91e714ce9cead2e439338d29c60619e3328feb2de9ae4e07aab5840b17f8f5/detection

94.156.8.83:4785
94.156.8.85:3195
uploadex.pw

# Reference: https://www.virustotal.com/gui/file/d1458d4c7ecd0cc55ae9927830540bd459157d36023e0b41003a3518add76898/detection
# Reference: https://www.virustotal.com/gui/file/c5ac047b3b5f6742f0eae476426e5819318707594694015b352d217df94f5071/detection

185.125.50.70:1731
/2c51ed20daec0b6c42/4cnct69r.js6ns
/2c51ed20daec0b6c42/ko5nvi8o.d9gia
/2c51ed20daec0b6c42/
/4cnct69r.js6ns
/ko5nvi8o.d9gia

# Reference: https://www.virustotal.com/gui/file/22597d205a140d83e71c3aeea8746b1a874cc8d426894249ae07aa69d0710781/detection
# Reference: https://www.virustotal.com/gui/file/7ea29ccdacab4fddd741533bb17032d011fbed4b46a6b957bbb049f597923907/detection

185.74.255.29:2080
/f2ca4fdf02e2a/6actks26.1x8bf
/f2ca4fdf02e2a/
/6actks26.1x8bf

# Reference: https://www.virustotal.com/gui/file/ba258c42715c601d7fea188f662275e1fb6a665718a96124f8a2be1a5de27d44/detection

94.156.10.37:2036
/efc85e6acdfc3a785/1evgkhav.3ltvh
/efc85e6acdfc3a785/
/1evgkhav.3ltvh

# Reference: https://www.virustotal.com/gui/file/28529afc2b353bdce2236eef5bf274a36d979313c13f46aa8986b3546428a44d/detection
# Reference: https://www.virustotal.com/gui/file/29123023532e125720424f1eb38d0f783ffcf24660c2728a20130d2cedbade16/detection

147.78.103.93:4394

# Reference: https://www.virustotal.com/gui/file/eed6fd889c8f54304bd8ef1da4c5596251f4445925835a36d834575ce687d6cb/detection
# Reference: https://www.virustotal.com/gui/file/88d9096edf055555d97736d8d306b66f7ad4ee5f3b13a68f885480faee80e5ea/detection

http://37.1.214.238
38.180.80.23:1636
/08f40fa940d4d07730cea/stb9aujf.q2gqf
/08f40fa940d4d07730cea/
/stb9aujf.q2gqf

# Reference: https://www.virustotal.com/gui/file/940c4215db10e957a76db5c360a590d894640bc811831ac53a50fe90953c9208/detection

94.156.8.211:2096
/255d808fda21a5/00v7tdtm.gtsv5
/255d808fda21a5/
/00v7tdtm.gtsv5

# Reference: https://www.virustotal.com/gui/file/0500e5ad7e344d32ee26da988aeb30f6344a0c89a68eacce5d6a5683d1fee0e1/detection
# Reference: https://www.virustotal.com/gui/file/17ba2754f7671b6fa7ec2311d45e8874988b6fd65e799a9551bb16a9ce986e7d/detection

159.69.186.28:8914
240506192407915.mar.tari91.shop

# Reference: https://www.virustotal.com/gui/file/5578a78576a35a6a95c8a5372e7d498fd4d2a4d5d7abe7369a14307d578192c6/detection

147.45.68.131:5888

# Reference: https://www.virustotal.com/gui/file/d34f63df04faa6c172ccacc9ac4b7572a28d332e27f2130c7eb2dee9a49a0f04/detection

45.61.137.165:2297
/60e467a6b549721041a09/efv4104h.1i0da
/60e467a6b549721041a09/
/efv4104h.1i0da

# Reference: https://www.virustotal.com/gui/file/52038c38dc147fbb2ae03a8569cf07cb2d1d29c14d7fa30215757afd3076c89a/detection
# Reference: https://www.virustotal.com/gui/file/936e7754b3df49aa5149332aecf193ea1753dc844f63284a25a43363df6d9e1f/detection
# Reference: https://www.virustotal.com/gui/file/4be740b7411f644b92749c5fd9be10b827f885c13690aaf7857a6d58b44e9c8c/detection
# Reference: https://www.virustotal.com/gui/file/9e495b41518154b5c5cb3fff866aa26c894adf164b2639f05ba23bb5e75be5ef/detection
# Reference: https://www.virustotal.com/gui/file/c50326e6b68e807eaf188f95ff6e2a17df11efbfd0936395b452946085b83fcd/detection
# Reference: https://www.virustotal.com/gui/file/f1b77c35dabb24df4429eed471f1846b46e5f25c353bbed277a8a4f0ffef06d6/detection

87.120.84.232:2084
/2b6c01e7a6591d730234fd/cmrdfs08.9h6cm
/2b6c01e7a6591d730234fd/h6h29p5o.tu8eo
/2b6c01e7a6591d730234fd/m82butue.apqnl
/2b6c01e7a6591d730234fd/nwodv9oe.x0oo4
/2b6c01e7a6591d730234fd/rwe52hcc.4w485
/2b6c01e7a6591d730234fd/
/cmrdfs08.9h6cm
/h6h29p5o.tu8eo
/m82butue.apqnl
/nwodv9oe.x0oo4
/rwe52hcc.4w485

# Reference: https://www.virustotal.com/gui/file/53bda0f58bb516a31caeed5a0616648cc0f47233514d3a6c8b8cded2110fa955/detection

94.156.8.156:1886
5.255.117.197:6073
any-data.org
rx.any-data.org
/b67624e7e58bd8c44e0bf769/32i2lnpi.9u8b6
/b67624e7e58bd8c44e0bf769/
/32i2lnpi.9u8b6

# Reference: https://www.virustotal.com/gui/file/f4dde5135d892a3b27afc4a95376e7880eee75c2d0b1b711baf4a9bd93bda187/detection
# Reference: https://www.virustotal.com/gui/file/16bf28c3de807beac1635ac6e78925024379d6d53943ec1dd74a565b4885e150/detection

147.124.221.241:1149
/9c59034ac60846f8/mrx8h4of.prxvo
/9c59034ac60846f8/
/mrx8h4of.prxvo

# Reference: https://www.virustotal.com/gui/file/442dce3fa625e1c45830c63504935e764512a5176ee26f3b0595f09cf9c78a07/detection
# Reference: https://www.virustotal.com/gui/file/d77f17d94ea95f79b848b654e3db77df05cda581b210380143516764f30e3f57/detection

147.45.68.112:3423
/29c9ef0d81fe7ec2a5239/kmja9t4f.063i9
/29c9ef0d81fe7ec2a5239/
/kmja9t4f.063i9

# Reference: https://www.virustotal.com/gui/file/0518892b68d9401cee558e0615322ba2a902d759e36b315a55fe7238aff71d72/detection

185.125.50.38:3034
/739bd3e91cd40ca83/tg.api
/739bd3e91cd40ca83/

# Reference: https://www.virustotal.com/gui/file/6124b3aef8d816372e8e6a4d7bf5452e1752c8689aefac2654e1be8de81149a8/detection

http://94.232.249.139
94.232.249.139:443
/0555b35654ad1656/bkks8cde.s5cev
/0555b35654ad1656/
/bkks8cde.s5cev

# Reference: https://www.virustotal.com/gui/file/53218d2a6a643f61f191b955d34b2e3ada7ea1fe464c3ed44ecf66bbe4c90d9c/detection

94.232.249.140:2025
silentpulse.space

# Reference: https://www.virustotal.com/gui/file/321af007759c75bf0614fae50fcb64c0e64d5e9f148d9a2480fde468f216bfeb/detection
# Reference: https://www.virustotal.com/gui/file/2a8326edeb3ca0debbe32ab0d0a0c36e00ab88aaeb2ec6566592c75d4d6b532b/detection
# Reference: https://www.virustotal.com/gui/file/8924deb5685d7dfda380016b361d3380f4b970858a1410c6c26f419711d5db14/detection

94.156.8.61:5562
/8752b9a6a0c711d/1kseoq27.jhdfj
/8752b9a6a0c711d/
/1kseoq27.jhdfj

# Reference: https://www.virustotal.com/gui/file/06c1138caa402a130fdb039247285891d1e2d17d687aec131c60ab0165f5900b/detection

188.119.112.100:7811

# Reference: https://www.virustotal.com/gui/file/19989f80ebbeb884d3b48f1e83cd433eaff1f2e8bcc98a5c1262d4bf2f44a957/detection

168.119.96.63:6965
240103190656685.mar.tari91.shop
/09ae997ff691fd2fc/for1j5wk.5rlin
/09ae997ff691fd2fc/
/for1j5wk.5rlin

# Reference: https://www.virustotal.com/gui/file/67543d2d1bc9ef32ead244089fa2cd86e4834ccfef7a06637a1896e8686ea725/detection

193.233.132.109:7268
/55eda4145b3ded541/kts5r0mj.id4op
/55eda4145b3ded541/
/kts5r0mj.id4op

# Reference: https://www.virustotal.com/gui/file/90b1fa4e026c28ba9cf5ffb6a4c5889ead247384a9b55cc881a96ff8cd3c1f13/detection
# Reference: https://www.virustotal.com/gui/file/a9fc15804622a1e0cba35575ea7e2245b6bf4f459fb2272bf9c2624cf1c2265e/detection

http://94.156.8.129
185.216.70.91:6327
94.156.8.129:443
/68c8ee7d3c216cd1fa3c/siploou6.qgojr
/68c8ee7d3c216cd1fa3c/
/siploou6.qgojr

# Reference: https://www.virustotal.com/gui/file/b2f74bf89381c3e684b6aa102cfe029cfe5c4f88038920d003321814fc670777/detection
# Reference: https://www.virustotal.com/gui/file/cc50b23f42573a44922f18b0ea76ae8096eafa1cfda126eb4e26503f20729464/detection

94.156.8.225:1647
/3a1d417ab1b4633fb1ae7841/6pqmvpif.tecx5
/3a1d417ab1b4633fb1ae7841/
/6pqmvpif.tecx5

# Reference: https://www.virustotal.com/gui/file/342b579d05db5b5220e63b71df78339efe2c94437c1d18832e66cf52974d2428/detection
# Reference: https://www.virustotal.com/gui/file/5da24471ee10bbface1bbb376fe60fc75bdf677c9c906606fe0d61635496ad28/detection

http://49.13.61.146
49.13.61.146:443
240103190656685.mar.tari91.shop
/09ae997ff691fd2fc/0dj1hnai.ratr2
/09ae997ff691fd2fc/
/0dj1hnai.ratr2

# Reference: https://www.virustotal.com/gui/file/425d4992f51bac167484250968197f5cd0d5ef7c655286dfef05c44723a06a7c/detection
# Reference: https://www.virustotal.com/gui/file/8ea6e5baa67f2bbdcf33e69cab0a78992d9f6d8e8ff2b6c8d053ee9ac416af45/detection
# Reference: https://www.virustotal.com/gui/file/cd2dba4557a92c72e571c6031769621b1f019b32f2f2c3771b07e11612754f55/detection
# Reference: https://www.virustotal.com/gui/file/f90d8200d482bc9cf35a9b64a5bb1da69b3c0f0529c1ebc9d9cff1ef078fe353/detection

147.45.79.165:9621
/b39580502b0cd76c55/5w4gsj2q.af5nl
/b39580502b0cd76c55/vtjgppbt.82r25
/b39580502b0cd76c55/
/5w4gsj2q.af5nl
/vtjgppbt.82r25

# Reference: https://www.virustotal.com/gui/file/074591a5e410d0b4fb1eb9b29a0ea837470341c348ce0b19fc1cd694ce5002bc/detection
# Reference: https://www.virustotal.com/gui/file/0017c10d57b9cb90cf9aba8b1d9085995c841fb65ca3680ebcb9876bfbe8cc49/detection

147.45.44.13:1849
/90a878e6a80b4c105d7a4/ab1g67kh.ou2sb
/90a878e6a80b4c105d7a4/
/ab1g67kh.ou2sb

# Reference: https://www.virustotal.com/gui/file/102c9038f311da53770861f410d59c9bb49f5a94800902a9a7ac173a7321c89b/detection

185.216.70.103:3951
/23fa5e4c813bef61/9wb4gxku.2go4e
/23fa5e4c813bef61/
/9wb4gxku.2go4e

# Reference: https://www.virustotal.com/gui/file/6d38ecc7c7421b3294ece31e257138dba7c1e933d5d4aecac68acd1b0395f7f8/detection

/5cd712a757a55321d4/vas3cqwt.tv428
/5cd712a757a55321d4/
/vas3cqwt.tv428

# Reference: https://www.virustotal.com/gui/file/62ea8ac2927d5de142414964ba812d8fbd18b890569f39d2ed9ef79a538eac49/detection
# Reference: https://www.virustotal.com/gui/file/0b1701a5efd9f0ac27fa5ca8f058ce3a099bc9fd04611c3eb906fbab8f6bacde/detection

http://147.78.103.70
http://94.156.8.232
94.156.8.232:1622
94.156.8.232:443
z-kasino.com
/Zwdfqj12932WFNp/2CWQd71234x/zm1r3c216DFxrtf34213z/
/2CWQd71234x/
/Zwdfqj12932WFNp/
/zm1r3c216DFxrtf34213z/
/c1402fa62dc004/s209r0u5.lrdw9
/c1402fa62dc004/
/s209r0u5.lrdw9

# Reference: https://www.virustotal.com/gui/file/a4d516143d9796db7f937013ec6321699fbc745f20d87b0d9c463773f803c46a/detection
# Reference: https://www.virustotal.com/gui/file/9c94294cce93ccc24ae8b5fdbd0e40872283dff512f651aa801540742a7d22aa/detection
# Reference: https://www.virustotal.com/gui/file/884e2b61f3c5983302018dbd67630d7882e5b0985fa1fd88c521526654560ddd/detection

147.78.103.158:9164
/4464cbf7b7e4c5f57/1g59us79.sq8ti
/4464cbf7b7e4c5f57/
/1g59us79.sq8ti

# Reference: https://www.virustotal.com/gui/file/807f3be1bbb99c0806287883de81b45480a89f6a1841bd71571ca49b6edec5cf/detection

147.124.220.235:5751
/fc60589c694beb0/l02kh86w.la6pm
/fc60589c694beb0/
/l02kh86w.la6pm

# Reference: https://www.virustotal.com/gui/file/195567e33ccb27a635787ffb1f3bd82e880d9dc96b526a6df4a1b4135336bbd0/detection
# Reference: https://www.virustotal.com/gui/file/cace661f64a437760f75f1dc0a4d27ddde7bc0d7131d082baa6ecf95c12c3796/detection
# Reference: https://www.virustotal.com/gui/file/d32800752f254903ea73376bc6c83f5c21d317957f086f8c5b7dc1c1e3264a51/detection

45.77.90.90:2584
/231d3e8d1e3b2d2991/3wma888e.b3sug
/231d3e8d1e3b2d2991/ck4hpiqq.vp2pe
/231d3e8d1e3b2d2991/ll3kcjfm.t205o
/231d3e8d1e3b2d2991/
/3wma888e.b3sug
/ck4hpiqq.vp2pe
/ll3kcjfm.t205o

# Reference: https://www.virustotal.com/gui/file/1d7e535034b97ce822224434275527340ed50c9f3d1682697fd4a8ccfde06a46/detection

147.78.103.128:2118
/e00d19ef9c162f804fafdc43/61gnehbk.p9c7c
/e00d19ef9c162f804fafdc43/
/61gnehbk.p9c7c

# Reference: https://www.virustotal.com/gui/file/0db89dcb32a731ba535ccc4a5f92c1a6d28aaf47707cef8b8164e9f7746092e6/detection
# Reference: https://www.virustotal.com/gui/file/4ae463fc2c0c26e51550cd7d0999811397858232cad471073479b714bdbbed66/detection

141.105.68.140:9392
/720531aa55999f9/MainFlow
/720531aa55999f9/

# Reference: https://www.virustotal.com/gui/file/0085b52ad7a33767afd7604a1a31e19666f5c03623fd33f0a87d7d8762c44bcc/detection

93.123.39.67:2031
/de7de69c81a8945fd/n416bgd3.dd6fj
/de7de69c81a8945fd/
/n416bgd3.dd6fj

# Reference: https://www.virustotal.com/gui/file/38f73590bb0ccb8ce5d4cf6714d07b00c22fe94c43ca29bee7c83f26e279d3b5/detection

91.92.247.20:7206
/c981cfa3ff0e7f967ace7/grhi7ar6.h46ua
/c981cfa3ff0e7f967ace7/
/grhi7ar6.h46ua

# Reference: https://www.virustotal.com/gui/file/acb7082e84d5687566cda40061ce24bb930cf68b9954bf023abb5798e1c3a3ad/detection

80.66.79.88:7691

# Reference: https://www.virustotal.com/gui/file/e61c77eb8d6efcd53a4f606ad4c911932ca90f838354082ebae7250f260bddc9/detection
# Reference: https://www.virustotal.com/gui/file/c34f02d2d0ae81b32ee2ac5128161812a69b798f0d9554207412b51309a0c37b/detection
# Reference: https://www.virustotal.com/gui/file/ad612957cfbcbc6b35d4c99f866c91715acb65f96541c86abbcd019d11f0c2e0/detection

94.156.67.91:6939
/063f04131db66c38e7/qksewsl3.7linm
/063f04131db66c38e7/r5ja48vi.18otd
/063f04131db66c38e7/
/qksewsl3.7linm
/r5ja48vi.18otd

# Reference: https://www.virustotal.com/gui/file/c054e087aebd717a9114793976e36fa9ad0f0b423c62cb972136cdc817c90907/detection
# Reference: https://www.virustotal.com/gui/file/2a4a5dd292f61bc749a25978da5db1f25a1b399a6d739305a5625c9c3c430918/detection

94.232.249.135:8690
/22513b90cc606fc/pal8qjsq.fb5je
/22513b90cc606fc/
/pal8qjsq.fb5je

# Reference: https://www.virustotal.com/gui/file/fefa72d1ece93c77c259c007f83b3e2126188b6106ae2f0de46d0b30e7a2e440/detection

107.189.3.166:1873/e1bb991a5d5d7be581/m0l1adip.7j5ws
107.189.3.166:1873
/e1bb991a5d5d7be581/m0l1adip.7j5ws
/e1bb991a5d5d7be581/
/m0l1adip.7j5ws

# Reference: https://www.virustotal.com/gui/file/d77f22addf2f22fb23de403112ad96a5f34b00eaa168929c876dfbba8f9e65a5/detection
# Reference: https://www.virustotal.com/gui/file/e3163d0270f568156eab48f5a88d4b9f397936105e6f1ec81a3bdebf5957cb5a/detection

95.164.85.120:7272
/57d86f8c23390a/hghxxchl.860j3
/57d86f8c23390a/
/hghxxchl.860j3

# Reference: https://medium.com/walmartglobaltech/rhadamanthys-v0-6-0-automating-config-decryption-06eb0f28b55f

carssell.online
dyk3j10rcxd1av9.xyz
hankirit.asia
kelimzorro.xyz
pdfiso.com
qxugb3qpfpafmlto.xyz
renzoprotocols.co
uaabcvsolwgl.xyz
wanderpics.net
xt6drjp542fz6j7xt.xyz
api.dyk3j10rcxd1av9.xyz
api.hankirit.asia
api.kelimzorro.xyz
api.pdfiso.com
api.qxugb3qpfpafmlto.xyz
api.uaabcvsolwgl.xyz
api.xt6drjp542fz6j7xt.xyz
one.renzoprotocols.co

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2024-08-17)

185.209.30.112:9202
188.208.197.140:5906
pastratas.ac.ug

# Reference: https://x.com/ShanHolo/status/1828083266236363185
# Reference: https://www.virustotal.com/gui/file/269f16510e12acc4fdacb0891c605e944cce9845517ec817ea5a06f0c6c362f5/detection

147.124.222.184:7232
foojerwa.ink
yoganesteron.wiki
/2ff7fa032802244/tnvi7gis.n72p2
/2ff7fa032802244/
/tnvi7gis.n72p2

# Reference: https://www.virustotal.com/gui/file/39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d/detection

147.78.103.162:44480
93.123.39.72:5171
/f0905302a725dad1c/s9hbb0ou.11791
/f0905302a725dad1c/
/s9hbb0ou.11791

# Reference: https://x.com/r3dbU7z/status/1824472050028679486
# Reference: https://www.virustotal.com/gui/ip-address/136.243.209.210/relations
# Reference: https://www.virustotal.com/gui/file/a063acc37f8c2a6df7f3c7d685ca0f9ae0fa5cfce867f124ed425c18dafa95c3/detection

amplosurestob.homes
atlaissian.com
dopsry.ink
gpasoobater.pro
ipcheadoop.pro
loasdpyreasoonjop.cloud
nooaasdzasg.live
roobsadlov.cloud
saprinoduys.ink
shawnydne.org
silobsatewpes.click
simonasoshiop.click
wokodloisa.pro

# Reference: https://x.com/StrikeReadyLabs/status/1830420330541703309
# Reference: https://www.virustotal.com/gui/file/4a9e11f3a1b5b7543f00f4f662b4602c5449c78f7181a139af3b804aa7316006/detection
# Reference: https://www.virustotal.com/gui/file/fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911/detection

51.75.171.9:5151
57.128.169.122:4104
/9640d96bbead45f349f3ab9/Xteam1.api
/9640d96bbead45f349f3ab9/Xteam2.api

# Reference: https://x.com/JAMESWT_MHT/status/1831706666087104793
# Reference: https://x.com/StrikeReadyLabs/status/1834412449291706503
# Reference: https://app.any.run/tasks/297f7bcd-3070-4381-9168-561ff6f17016
# Reference: https://www.virustotal.com/gui/file/34918278f6eb6b5e3afa8da406eb3c5a4cc3b7c4a1cee55320fecdbef4e0a463/detection
# Reference: https://www.virustotal.com/gui/file/e0b4e3f7d35c182ca48c49c635138ab343c4415dae32a086ba19c0ecaf41936e/detection
# Reference: https://www.virustotal.com/gui/file/01c3e4114427cce7ab6bf90cfa72164a8cfd37dcadddb69817c31679e12fd263/detection

63.141.252.2:3715
63.141.252.2:3736
deadmunky.nl
/b607677f1d5be7bf651f2/q1bwmeni.33ap7
/b607677f1d5be7bf651f2/
/q1bwmeni.33ap7

# Reference: https://x.com/banthisguy9349/status/1836062997141225964

mexs.xyz

# Reference: https://x.com/crep1x/status/1838884440543465937
# Reference: https://www.virustotal.com/gui/file/b2a9ce1b9474564ed479861222f41161bca44bf584953f5c13348b0d5d3ab8ab/detection
# Reference: https://www.virustotal.com/gui/file/2ffc8acfe1c879ca0b6e411738145814d5205107f52e99a22903c16d55e211cf/detection

http://91.103.140.200
91.103.140.200:443
/3936a074a2f65761a5eb8/6fmfpmi7.fwf4p
/3936a074a2f65761a5eb8/
/6fmfpmi7.fwf4p

# Reference: https://www.recordedfuture.com/research/rhadamanthys-stealer-even-demigods-can-die
# Reference: https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf

103.148.58.146:5199
103.148.58.151:5199
103.148.58.152:5199
103.173.179.189:443
104.234.167.212:443
107.189.28.160:7705
135.181.4.162:2423
139.99.17.158:443
142.132.161.168:443
144.76.133.166:8034
147.124.220.233:7843
147.45.44.107:443
147.45.44.126:443
147.45.44.143:443
147.45.44.187:443
147.45.44.195:443
147.45.70.184:1525
149.102.143.198:9586
154.216.17.126:4501
154.216.17.181:443
154.216.17.85:443
154.216.18.122:2013
154.216.19.149:2047
162.254.34.46:443
167.88.170.44:443
170.205.38.149:443
172.236.107.96:443
178.22.31.64:443
185.161.251.67:6777
185.161.251.6:5545
185.184.26.10:4928
185.196.10.175:6491
185.196.11.237:9697
185.209.161.207:2421
185.234.216.132:2018
192.30.242.19:9480
192.30.242.44:6581
193.124.205.63:7404
193.143.1.77:1640
193.143.1.77:1641
193.188.20.191:443
193.200.134.94:9880
198.135.48.191:3090
38.180.100.139:443
38.180.188.69:443
45.152.84.68:443
45.159.188.37:443
45.202.35.41:2085
45.61.166.131:443
5.230.67.168:5140
57.128.169.122:443
74.81.56.118:8039
77.221.148.235:443
77.238.245.97:2017
77.238.248.142:443
77.91.78.112:443
80.66.75.110:9176
81.19.131.103:2013
83.217.209.45:5902
83.217.209.52:443
85.209.90.135:443
88.99.62.143:3674
89.117.152.231:443
89.117.152.61:443
89.208.103.86:8537
89.23.103.235:443
92.246.139.134:443
94.232.249.76:443
94.232.249.92:443
95.216.91.91:1614
95.217.44.124:7584

# Reference: https://x.com/banthisguy9349/status/1842512698136793543
# Reference: https://www.virustotal.com/gui/file/04564c481b2b3c094bef173df90782f6fc83bd7a02c028024676ee1036d8fa1f/detection

/97e9fc994198e76/ok9djscw.jxh0g
/97e9fc994198e76/
/ok9djscw.jxh0g

# Reference: https://x.com/JAMESWT_MHT/status/1843729226836648237
# Reference: https://www.virustotal.com/gui/file/5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848/detection
# Reference: https://www.virustotal.com/gui/file/a83e7ec9997f8e98ae0a3e27c20430d9711215bc71591406688312f8663c7e1b/detection
# Reference: https://www.virustotal.com/gui/file/b4dabf844bceeb5b1fa448549735296b4bdf289f346f960228d52a7a09e35ea1/detection

bemostake.space
rocketdocs.lol
1h982d.bemostake.space

# Reference: https://x.com/malwrhunterteam/status/1844262367355600988
# Reference: https://x.com/malwrhunterteam/status/1848292183419297971
# Reference: https://www.virustotal.com/gui/file/1ca01541cf2d8141f08f18dc2c95e84e9b7e016a1d6cb0f4d21d05480e78677b/detection
# Reference: https://www.virustotal.com/gui/file/49a5952350cbf535bc0d8fd8351acf8113f5ab041cb78e14eb050b16b3106f5c/detection
# Reference: https://www.virustotal.com/gui/file/831b7a08fa6df2d4a1726814a0ade5edb11750bee767c94db2b90347528d46cf/detection

198.251.84.78:6495
filecloudvv235.life
fileclousee533.life
screenpalss.online

# Reference: https://blog.talosintelligence.com/threat-actors-use-copyright-infringement-phishing-lure-to-deploy-infostealers/

139.99.82.239:443
139.99.82.239:6658

# Reference: https://www.virustotal.com/gui/file/1bc2cc52a0a789c84d04a6e2bf3a6ce092bb365e93b27d8a075b90cdf4cfcb5c/detection

83.217.208.134:5675

# Reference: https://www.virustotal.com/gui/file/1103d24428005f23b7c88bdaafc615d1b4ed4320f3554e096712c80dfc4048f8/detection

154.216.19.63:4766
/4ce7d48214581d0e9ece8758/bljd7jsh.rk9oq
/4ce7d48214581d0e9ece8758/
/bljd7jsh.rk9oq

# Reference: https://www.virustotal.com/gui/file/42edc53eec43edfe500967882f8e7f7e787614223466817b25d71565fdf3b49c/detection

154.216.17.46:3673

# Reference: https://www.virustotal.com/gui/file/491057285068c1f71efba4e3dc274aceab23d0c174c8e36e7628267a88e3a523/detection

62.60.154.229:4883

# Reference: https://www.virustotal.com/gui/file/5c1917c63fc09983d5f31cb7278122405f28364b93956a96cf635e52f7381f2a/detection

185.196.8.56:4907
5.252.153.125:4447

# Reference: https://x.com/JAMESWT_MHT/status/1862039746505048119
# Reference: https://www.virustotal.com/gui/file/0949242082c2b9d1335b4116a3beb48762782560add525b894fa2a9aa136bd98/detection

185.196.8.68:9367
11-14hotelmain.blogspot.com

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/d0187a569804b3ba422f2e927efcfbf649cd6a721c8d2be884b59ead1475f264/detection

31.41.244.193:7991

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/c19e8b675ea6a89461d8023c1d68756eea6356b7d4558f293741fa7325e17280/detection

185.234.66.205:4056

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/9508758950052518fbbd72dfcc957f8d30763e8e7e556cf9881d03be798b7074/detection

31.41.244.193:443
94.131.123.94:8252

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/631a2412a411043eb5b571a865fe9d030a5801244e8690ad7a0fee070235cd93/detection

45.87.153.188:1831

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/c3159d554310d51982d1eaa16b3b5b87e8b5bc90598fd4f1749596d8bd8c9e4b/detection

193.124.205.63:7390
/1d7c07d7f0b063/xtt6wabb.8qt3e
/1d7c07d7f0b063/
/xtt6wabb.8qt3e

# Reference: https://x.com/TLP_R3D/status/1862605486790521119

http://103.148.202.31
http://103.20.102.9
http://179.43.171.196
http://185.106.176.178
http://185.196.10.135
http://185.196.8.76
http://185.208.156.152
http://45.150.32.106
http://45.150.32.136
http://45.202.35.162
http://5.22.159.192
http://64.7.199.25
http://87.247.158.115
103.148.202.31:443
103.20.102.9:443
179.43.171.196:443
185.196.10.135:443
185.106.176.178:443
185.196.8.76:443
185.208.156.152:443
45.150.32.106:443
45.150.32.136:443
45.202.35.162:443
5.22.159.192:443
64.7.199.25:443
87.247.158.115:443

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/39e509d2d00f75d6681ae91e5a77324a70969853b50d326aee2966a765a267b7/detection

45.202.35.152:3222

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/504dc704fd2ba043ea2c2b23ba83a202121aac7b4fedebfe74296a16394dca73/detection

45.200.149.30:15556
45.202.35.156:5942

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8/detection

185.147.124.244:2456

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/7f714d1fe31c0e0b58f6e98c86717c8e62dcf722513de35d25e9f31330d4027f/detection

92.255.85.148:3574

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/5aadbf4040d7821fe13103773317f2424e0dc24e7685ff6f3334a283b874fdfa/detection

104.37.175.221:7575
/1b422f87470a4ca5005/plk6hnkc.rs0vh
/1b422f87470a4ca5005/
/plk6hnkc.rs0vh

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/67213378b7fde5c985f7c1758ad26a1480e3f328ecc6f361240e39359fc142ed/detection
# Reference: https://www.virustotal.com/gui/file/3369e82f4fabd069ac3f0be325ea691a61a450902b699becf6fd93ab52516e98/detection

185.196.11.18:443
185.196.11.18:9367
/ab43097ee4f6e091aed46f79/egwnwtg7.7xr4h
/ab43097ee4f6e091aed46f79/88pw46v5.ki88g
/ab43097ee4f6e091aed46f79/
/88pw46v5.ki88g
/egwnwtg7.7xr4h

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/dc4e6d0d214d0e62dd445a4dbbd875ebd1e895cf834989437956f873f624ec10/detection

185.196.11.18:7257

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/b085058d74dcc62af15c4c52aaa7bc716e7c42617b0109338199d7830adab058/detection

185.208.158.117:1650

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/d09f663a2d0eb8e668be62b0b9fa2d649c3928dde99ecdc5f76c4fc94995533a/detection
# Reference: https://www.virustotal.com/gui/file/c6d23f8e39a10cc03c9f28bc08e0a27a275277c1a767d38ec10735aa975896a5/detection

185.209.162.23:1962
185.209.162.23:443

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/11aaef331823d119378e98bf0ab89217c8de81148ac44f192f6500e771b7db80/detection
# Reference: https://www.virustotal.com/gui/file/23cc51f11fb3d06260787a8347c6bd5103ab8de986d73e00095c5326ef8b02a2/detection
# Reference: https://www.virustotal.com/gui/file/3b4a1126725e6029e56fae177fdf0869594528b7c48d7cde366fcefb946672e3/detection
# Reference: https://www.virustotal.com/gui/file/677b8ff45ebb9486a99aecf8dd2b4b362010573ecc4d0d082eda6a36a7cab671/detection
# Reference: https://www.virustotal.com/gui/file/9deb3a89994c9d207b36dba0469c6fdc68d7a088144f1d7fc83a00bf892ef001/detection

185.196.11.237:9697
193.149.185.109:443
/f002171ab05c7/11expj05.4wccc
/f002171ab05c7/73434jqg.jxviu
/f002171ab05c7/9xqdctgg.ir1fr
/f002171ab05c7/hip4946p.881o6
/f002171ab05c7/
/11expj05.4wccc

# Reference: https://x.com/TLP_R3D/status/1862605486790521119
# Reference: https://www.virustotal.com/gui/file/95e7c2825d5a105294febf85a335d9fdb79bdff77ecea2f4ae4344339396a11e/detection
# Reference: https://www.virustotal.com/gui/file/686366aabba69733ff18ebf79d03e9fd73677eb7c69aaff9a468bbf6b038cdab/detection
# Reference: https://www.virustotal.com/gui/file/676aaaa306c6424ed630fa94cbca0564eb9de3ffc9c12b451beaa69b2be28e16/detection

198.251.84.107:9254
/dc33e47f6acdb4eefe/k190bd7f.hlxtp
/dc33e47f6acdb4eefe/wrgcq32k.7w09v
/dc33e47f6acdb4eefe/
/k190bd7f.hlxtp
/wrgcq32k.7w09v
/73434jqg.jxviu
/9xqdctgg.ir1fr
/hip4946p.881o6

# Reference: https://x.com/JAMESWT_MHT/status/1863143295200764308

b00king.com.ng

# Reference: https://x.com/malwrhunterteam/status/1862635245742223598
# Reference: https://www.virustotal.com/gui/file/9c54c04af9444408bb7439bbfcba5dd1e3af9c654e74f27a4d59c9274c8babe0/detection

185.196.8.56:4907

# Reference: https://x.com/JAMESWT_MHT/status/1865698568256065868
# Reference: https://app.any.run/tasks/87088349-321e-45cc-bf9f-909f1dd503ef
# Reference: https://www.virustotal.com/gui/file/d34b820b8da5cc2e9c33d6b50019aff7eaf9ba61e1f54567c845f8b7fef6a759/detection

http://185.236.228.92
185.236.228.92:445

# Reference: https://x.com/banthisguy9349/status/1866026387368493113

107.189.28.160:19000 
154.216.17.167:19000
154.216.17.46:19000
154.216.20.133:19000
154.216.20.133:4983
154.216.20.204:19000
154.216.20.204:4879
154.216.20.224:19000
154.216.20.224:9773
154.216.20.89:19000
162.254.34.46:19000
185.196.10.135:19000
185.196.11.18:19000
185.196.8.56:19000
185.196.8.68:19000
185.196.8.76:19000
193.124.205.63:19000
198.251.84.107:19000
81.19.131.103:19000
81.19.131.103:4381
83.217.208.134:19000
/2348b54ec82726c89b/9hfirt08.0j81o
/2348b54ec82726c89b/cq6wlswe.fcd2t
/56550f5c2153d/b8rt6fk9.jxflo
/1vp6sfe1.3qdp1
/9hfirt08.0j81o
/b8rt6fk9.jxflo
/cq6wlswe.fcd2t
/rr2fjdbd.7m9po

# Reference: https://x.com/JAMESWT_MHT/status/1868977756635382026
# Reference: https://www.virustotal.com/gui/file/09f8248e67a54fec5a43f9afe0924963a7ab783c16481a2801519c2d14ed8ee1/detection

104.161.43.18:2845
1zf9cygs0q3iviyowq83ddwzwtgf78rh.ngrok.app

# Reference: https://x.com/suyog41/status/1869329098675499282
# Reference: https://www.virustotal.com/gui/ip-address/91.212.166.105/relations
# Reference: https://www.virustotal.com/gui/file/d50ef6dfe673c64ea281f842b3971efeebdf61844fb3bab92f3a77331cd9378a/detection
# Reference: https://www.virustotal.com/gui/file/73f608926b7cadc48ad656faf26c8ff319cfa9dbfbab6aad6621e44d145c82b8/detection

floratranslator.live
floratranslator.ddns.net
/b3ad89898301a3d857946a/r5p0n0t5.vxx0f
/b3ad89898301a3d857946a/
/r5p0n0t5.vxx0f

# Reference: https://x.com/JAMESWT_MHT/status/1869457468268683771
# Reference: https://app.any.run/tasks/9501045c-5bfd-4fe0-8268-6b3d8c991d49
# Reference: https://www.virustotal.com/gui/file/1770daf26ce48b85a1a92a5890b8d290158cf83c24cd033d64232a5fa5c14602/detection

http://87.120.112.91
www.astenterprises.com.pk/ef/ef.vbs
www.tdejb.com/ef/Skifterne.sea

# Reference: https://x.com/JAMESWT_MHT/status/1869667603863736615
# Reference: https://www.virustotal.com/gui/file/1676766aa84245f0c139b5c38772af13b24a16140c7e552fee00c21784952ad2/detection
# Reference: https://www.virustotal.com/gui/file/2d4c300ef566b5b93590ecc1be25a8bd8c14fbc2de0bf5032af67ca31be1e6ea/detection
# Reference: https://www.virustotal.com/gui/file/392604ab2bec909bac2b3ca93504934e7f9d70aa5233d07769154c5a10006a3f/detection

5.35.36.120:7957
solus.today
ebitm.co.uk/salah/wp-includes/assets/ping.php

# Reference: https://x.com/K_N1kolenko/status/1871066835619365345

185.245.105.64:7289

# Reference: https://x.com/JAMESWT_MHT/status/1876905709603889630
# Reference: https://app.any.run/tasks/f9106b5b-cd37-460a-894a-91f873f506ce

185.196.11.217:7257
adminbooking.blob.core.windows.net
/6d5f5120d519e2005/jqrh3upi.r9xlf
/6d5f5120d519e2005/
/jqrh3upi.r9xlf

# Reference: https://x.com/suyog41/status/1878774517407027315
# Reference: https://www.virustotal.com/gui/file/46de7f030e1a91a8549ab0d358cb55453895237ef61c5e84f540efa5ce329ba5/detection
# Reference: https://www.virustotal.com/gui/file/3124f0b02db0da7e65f0dd833bf966063495be392f78d92c0c812ba21dc4703d/detection

floradocs.live

# Reference: https://x.com/lontze7/status/1881618330504851772

alibababet.space
bitcoin4u.store
dirtysocks.phd
firstcoltd.com
floratechnology.live
floratrans.live
rtpneraca69.site

# Reference: https://x.com/JAMESWT_MHT/status/1881642391373005030
# Reference: https://www.virustotal.com/gui/file/30f9628ef1da3569de65c2b70f9ee8e738148952c25860730c3978f246a31f97/detection

66.181.33.65:443
66.181.33.65:5664

# Reference: https://x.com/JAMESWT_MHT/status/1887044731974103292
# Reference: https://www.virustotal.com/gui/file/76b250356e4134b077c2325b72113047f2499b54625a584fa8c908572562b43d/detection
# Reference: https://www.virustotal.com/gui/file/a0295663c005e7515aa5d3ef0af36efbe4fd1dce9fb31609037c4eb0ab68a014/detection
# Reference: https://www.virustotal.com/gui/file/d1fa29e5e267bed728d5a215e5c13cc61ccbf4b75b0e2afe546bf28effbae285/detection
# Reference: https://www.virustotal.com/gui/file/1ae54c1b5ede07c8eac0abd823f52491bcf80565be46ea362b0aac00613947e7/detection

http://89.23.103.39
138.124.53.206:2718
147.45.71.230:41593
194.87.31.237:5000
89.23.103.143:5000
89.23.103.143:5001
89.23.103.143:5002

# Reference: https://x.com/ShanHolo/status/1887095662791004181

dadejsbehdurugovz.lol
dopomogaforukrainepeople247.buzz
dopomoogaw823.world
dopooomogaa247247dopomoga.world
fearkeltlthepomogat.world
homebitlite24.sbs
pomshedhekshe.buzz
rsmemdjsaj.buzz
sadons.online
sadonsgithub.site
somsnanehdhbrth.buzz
vesmpomoshvhs.buzz
vsemdopomoga24na7grazdanam.buzz

# Reference: https://x.com/JAMESWT_MHT/status/1891413090677264779
# Reference: https://www.virustotal.com/gui/file/1ace6a4e90dcba06e63d381e9ec9bd0b5d855d82f00cbb4232aa97597a5d0961/detection
# Reference: https://www.virustotal.com/gui/file/605d3c423ded09d3f91fb86a3389eac14147d61b573429824b9d60d4bf475fbc/detection

185.196.11.201:7257
2-13-25-hotel.blogspot.com

# Reference: https://x.com/salmanvsf/status/1892131569806299520
# Reference: https://www.virustotal.com/gui/file/609a86b92de9f0152066f1e5422e519d2b200f3f9bf0ae224a0ccd2022e972e0/detection
# Reference: https://www.virustotal.com/gui/file/b1dab04cc0e3a975dbd6fb815ad87f3401f039676c2c64667735a6e7d03ef6dc/detection

103.108.66.218:8879

# Reference: https://x.com/skocherhan/status/1892062428269081020
# Reference: https://www.virustotal.com/gui/file/83fa16f72c36b0003cdc4dd717f6da1f3a4526b3ab5300f6a1df9a7a304e4946/detection
# Reference: https://www.virustotal.com/gui/file/224a7155f8fe52dac59f0176ca5c0a85a0faece8383dddf34d88b2b6e065a68e/detection

93.88.203.13:5000
93.88.203.13:7001
feb-13-25-cpa-only.blogspot.com
feballcpa2025.blogspot.com
manachutiya2025.duckdns.org
manachutiyagandonew2025.duckdns.org

# Reference: https://x.com/skocherhan/status/1893291986519572789
# Reference: https://www.virustotal.com/gui/file/6040d0533be2cf1f3da0f2b2657c4caa496e665f4c8f1c57634053070c530779/detection

176.65.134.127:4889
45.125.66.252:443
supportappme.com
/9791c7440f275517fcd8f6/hghaoj4o.mbvai
/9791c7440f275517fcd8f6/
/hghaoj4o.mbvai

# Reference: https://x.com/1ZRR4H/status/1894844136454529367

185.196.11.46:3340

# Reference: https://www.seqrite.com/blog/unmasking-grasscall-campaign-the-apt-behind-job-recruitment-cyber-scams/
# Reference: https://www.virustotal.com/gui/file/b63367bd7da5aad9afef5e7531cac4561c8a671fd2270ade14640cf03849bf52/detection

45.129.185.24:1896
rustaisolutionnorisk.com
/22c0d31ace677b/digpu6k5.xditc
/22c0d31ace677b/
/digpu6k5.xditc

# Reference: https://x.com/malwrhunterteam/status/1897999690810966528
# Reference: https://www.virustotal.com/gui/file/60c30c405411231afd4b9bb14e145a3ef7f80fedabe1da90ca161f32e7159ab0/detection
# Reference: https://www.virustotal.com/gui/file/e19625c4c8e18a63235e872ccee0a2291c5b40aa535cab21e8ef8091ccf12641/detection

135.181.181.109:2595
195.82.147.72:3499

# Reference: https://x.com/malwrhunterteam/status/1897999690810966528

usernetid.com
api.usernetid.com
/8db5b1425c52a4ca5fd9/uvvmvkni.ln8gh
/8db5b1425c52a4ca5fd9/
/uvvmvkni.ln8gh

# Reference: https://www.virustotal.com/gui/file/076ca7150777c3c1d8a9d3c2d56525f78dd77c4fb06118635fbfde1a93a10e4b/detection
# Reference: https://app.validin.com/detail?find=MW325R&type=raw&ref_id=8d207c8aa7a#tab=host_pairs (2025-03-02)

updateubuntu.com
api.updateubuntu.com

# Reference: https://www.virustotal.com/gui/file/58a0d36aa8594bbe16e635f8c4ddefc990d040220c964b981af84111fc75a0ce/detection
# Reference: https://www.virustotal.com/gui/file/5565dfd01e83091015a6324c1f045b3120584cbf998b51075448e29f1f9deac7/detection

185.33.87.209:2637
/18e4b46e0a73729f/ivjmmeoe.aw1cj
/18e4b46e0a73729f/
/ivjmmeoe.aw1cj

# Reference: https://x.com/salmanvsf/status/1901891226322014623
# Reference: https://www.virustotal.com/gui/file/7158d0d349116ab884f6396466d378dd31fd2d2db28243e0272452d70f9c822f/detection

147.124.219.157:3243
147.124.219.157:443

# Reference: https://www.virustotal.com/gui/file/23be6128d09cf14d356eb1bb653624155b636cb089bbb7cfe689c2971d610cfd/detection

185.208.158.7:9355

# Reference: https://x.com/JAMESWT_MHT/status/1902731923186737389
# Reference: https://app.any.run/tasks/934fb7f2-78a8-42cc-b78f-622c392a54c6

104.37.172.175:1057
104.37.172.175:443
51.79.188.221:56001

# Reference: https://x.com/tosscoinwitcher/status/1903152024923115746
# Reference: https://www.virustotal.com/gui/file/79212a76f167cf5628a51517f503531daf063d04f0aa5e115b5671121d1ac052/detection

/20b914549e22319594/xqi18be9.xp6h6
/20b914549e22319594/

# Reference: https://x.com/1ZRR4H/status/1904750322943218098
# Reference: https://app.validin.com/detail?find=7f63a8c0a71a90af8274d42b34c9bd71&type=hash&ref_id=a2caf9091d8#tab=host_pairs (# 2025-03-26)
# Reference: https://www.virustotal.com/gui/file/9632bbed44c3e3a51074fcd3b63ad4322c39a54c92c3c7dc13938cc7c34e639c/detection
# Reference: https://www.virustotal.com/gui/file/39705f7bef4ace3fb6f3970c2d954c721b31975f0a6e975bc32a023afd680c6e/detection

23.95.32.229:9743
alfa-communication.com
astriia.com
playshowdown.xyz
playswd.xyz
playswdbtc.xyz
showdowngame.io
swdbtc.xyz
swdgame.xyz
/f96fa30b9bc142e9d5c/ie2scj3f.m2e4b
/f96fa30b9bc142e9d5c/
/ie2scj3f.m2e4b

# Reference: https://x.com/malwrhunterteam/status/1905204544029483058
# Reference: https://www.virustotal.com/gui/file/a63060468bd709eff8ab35c0cf0abab5b1e4818e189f00dd1338b52307715ec8/detection
# Reference: https://www.virustotal.com/gui/file/39c0b0e85410bdd8517ca23f94a960d0f79fa1c99fa7185c8d67dec0bf981f5f/detection

5.180.30.120:4016
xiaomi-sync.com
/f6dc68640e717e025e93/ulqg22vr.d8inn
/f6dc68640e717e025e93/
/ulqg22vr.d8inn

# Reference: https://x.com/SquiblydooBlog/status/1920065836779462705
# Reference: https://x.com/James_inthe_box/status/1920163408990908539
# Reference: https://www.virustotal.com/gui/ip-address/185.40.86.132/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.220.8.106/relations
# Reference: https://app.any.run/tasks/c9759b61-3e1e-4f14-be82-8482100b97a2
# Reference: https://www.virustotal.com/gui/file/aec4e5e79e5690c6f8f97334da9aa9898fb5ea68c6458efee70a45a88863c925/detection

cloud-acer.pro
xiaomi-sync.shop
zoom-meeting-conference.com
sftp.xiaomi-sync.com
smb.xiaomi-sync.shop

# Reference: https://x.com/RacWatchin8872/status/1905402246566666490

http://77.239.96.51
ypp-studio.com

# Reference: https://x.com/netresec/status/1911755970415391204
# Reference: https://x.com/naumovax/status/1912085949879644473
# Reference: https://www.virustotal.com/gui/file/e35b505de844f1c473307ae7fc372ca4eb9baa6c7eb4026fee7c49c8aa50f51c/detection
# Reference: https://www.virustotal.com/gui/file/4c21b40c94fcd13b60b99ef1e4f372126a86e6f526c6cc134f205794c4357bd7/detection
# Reference: https://www.virustotal.com/gui/file/06989b502e0cadb46535def4eb7ec5032ff49134ad1fabc4d0d7f5d4ab7da967/detection
# Reference: https://www.virustotal.com/gui/file/3cb57f7e67ee1985e513f6e591fe143c1b8b2d0178f06e39e39da1e0f51484d4/detection

185.40.86.132:7705
/d39b1f1167408636e0ae1fed/mo7v9dps.bdv6q
/d39b1f1167408636e0ae1fed/
/mo7v9dps.bdv6q

# Reference: https://x.com/SquiblydooBlog/status/1920065836779462705
# Reference: https://www.virustotal.com/gui/file/2dbf5ed2c82bcee9a3f7993d512cefef781f2f0472273c94ac310a83ff65efa1/detection
# Reference: https://www.virustotal.com/gui/file/de1571f8e87faed7d1fd7a9cbf0dd337057a554739830164d626ae2c716aebcd/detection

185.40.86.132:7005
/d39b1f1167408636e0ae1fed/5j9er6fp.pw49i
/5j9er6fp.pw49i

# Reference: https://app.validin.com/detail?find=Responsive%20Portfolio%20Website&type=raw&ref_id=3a40fcda49f#tab=host_pairs (# 2025-05-07)

0ctf.net
108.61.207.182.nip.io
21.dontkillmyapp.com
aadityaray.com
aasthamahapatra.tech
abdelhadi-portfolio.netlify.app
abdelmoneim-benaicha.tech
academynaimoun.dz
acat-portfolio.pages.dev
adarshrajghimire.com.np
adeeteeh.com
adri-portfolio.duckdns.org
akmalikhsan-responsiveweb-portfolio.pages.dev
alanarthur.net
aliasiri.com
alicewebdesigner.altervista.org
anantakandel.com.np
anas-arif-01.github.io
ankitsinghrathore.com
api-facebook.pro
api.blog-mi.pro
api.webacer.net
api.xiaomi-sync.pro
aryan.anantakandel.com.np
asus-helpmecenter.com
asus-web.com
ateaautret.eu
azami.thevos.jp
besi94.ch
bibekbhasinkshrestha.com.np
blog-mi.pro
blog-mi.shop
blog.haut.vip
ceshi5634.xyz
cloud.xiaomi-sync.pro
cloudflare-1k8.pages.dev
codefactory.live
constania.info
coul.top
cv-github-io.pages.dev
cv1-github-io.pages.dev
dustinbehnke.de
eversayno.xyz
facuerhardt.github.io
fiqi.dev
flavien-alonzo.fr
flawlessdelvs.pages.dev
ftp.alicewebdesigner.altervista.org
ftp.lenovo-sync.com
ftp.rutiglianojoele.altervista.org
ftp.share-facebook.shop
ganesh-portfolio.pages.dev
harckhan.netlify.app
harpreetdawar.com
haut.vip
hemant.vercel.app
hiivarun.in
huawei-blog.com
jewhearts.com
jl-9ro.pages.dev
jony-dev.netlify.app
kashisportfolio.pages.dev
kevinlermitte-portfolio.pages.dev
knight.uxiaod.com
kt-network.cn
laela.noc-gpm.xyz
leadclickzhosting.com
lenovo-sync.com
liangyinstar.cloud
lumnix1115151451.xyz
mail.sophia.codefactory.live
mail.yeshiworkgeorge.com
martin-mohammed.com
mcifald.com
me.yuzaoyah.site
menghongdao.com
mi.coul.top
minakrv.netlify.app
my-portfolio-4zh.pages.dev
my-portfolio-58q.pages.dev
my-portfolio-9yv.pages.dev
my-portfolio-website-8zz.pages.dev
myself-h3e10.kinsta.page
nehal4.netlify.app
nirajan.pages.dev
omaralakel.pages.dev
ou.coul.top
pers-26k.pages.dev
personal-portfolio-snowy-chi.vercel.app
personal-website-01t.pages.dev
pglocalservice.com
portfolio-67g.pages.dev
portfolio-e9s.pages.dev
portfolio-euy.pages.dev
portfolio.moabdurrakib.com
portfolioabdelbasset.pages.dev
potfolio-zk8.pages.dev
profile.coul.top
responsive-portfolio-websit-gtdk3.kinsta.page
rifakath.techylens.com
robinzhaopx.com
rokib.pages.dev
rokib.tech
ruthikaportfolio.pages.dev
ruthiportfolio.pages.dev
ruthiportfolio05.pages.dev
rutiglianojoele.altervista.org
ryan-djebbar.fr
sabby.vercel.app
salmi-zakaria.com
saran-portfolio-page.netlify.app
sftp.api-facebook.pro
sftp.blog-mi.shop
sftp.sync-facebook.com
sftp.xiaomi-sync.com
sg3.teknologibangsacerdas.com
share-facebook.shop
shekharshashank.in
shetype.com
shiamip.pages.dev
silly-mahavira-65d3e4.netlify.app
smb.sync-facebook.com
smb.xiaomi-sync.pro
smb.xiaomi-sync.shop
sophia.codefactory.live
ssh.api-facebook.pro
ssh.lenovo-sync.com
ssh.share-facebook.shop
ssh.sync-facebook.com
ssh.xiaomi-sync.shop
staging.kirankatuwal.com.np
stellajimenez.com
still-production.com
sync-facebook.com
sync.blog-mi.shop
sync.xiaomi-sync.pro
technoleg.online
the-coder-ahmed.pages.dev
tvx.mobi
vrccoin.site
webacer.net
wondrous-bunny-9c59a6.netlify.app
xbuzztech.site
xiaomi-sync.com
xiaomi-sync.pro
xiaomi-sync.shop
yaniszf.my.id
yasanga.me
yeshiworkgeorge.com
yunse.dev
yunsecode.com
zackym.com

# Reference: https://x.com/skocherhan/status/1924814510436618495
# Reference: https://www.virustotal.com/gui/file/9d2eb97d89a1d979bf2a57aedf8c1ff77cd934895d890fc45686d547ca0faf11/detection

104.245.240.4:1792

# Reference: https://x.com/Threatlabz/status/1925228814503952444

107.189.28.160:4096
/HbTaQwW5z38xHKTdU6J2SRpwSzq9kzhg/5dw66tsl.h19u5
/HbTaQwW5z38xHKTdU6J2SRpwSzq9kzhg/
/5dw66tsl.h19u5

# Reference: https://www.virustotal.com/gui/file/0b2746c3bff6cbeef1575a377f41d95cd100e50ec818a935655a7646ac985633/detection

154.81.179.131:9645
/73a997a43140cbc86fa65e/8xd79oqk.0uunf
/73a997a43140cbc86fa65e/
/8xd79oqk.0uunf

# Reference: https://x.com/skocherhan/status/1931046796714967480
# Reference: https://www.virustotal.com/gui/file/ed03d68d1696cca4c7e5345f3abbb856762e7c24923bc8f9eb68924c53af1832/detection

65.109.160.160:4433

# Reference: https://www.virustotal.com/gui/file/357829b06c1c185e44efa729dd8671487a43778a3be1b6f46c7956f4d4cb49e2/detection

104.37.175.218:7982
/da03ab84e7f8187e6/v3iuaiea.tsf2o
/da03ab84e7f8187e6/
/v3iuaiea.tsf2o

# Reference: https://www.elastic.co/security-labs/taking-shellter
# Reference: https://www.virustotal.com/gui/file/ff5ba6ae965654b8838ff39ab28395296e7805d1790988c4ec9e1565e17ea801/detection
# Reference: https://www.virustotal.com/gui/file/c865f24e4b9b0855b8b559fc3769239b0aa6e8d680406616a13d9a36fbbc2d30/detection
# Reference: https://www.virustotal.com/gui/file/68a71f74c21e542a7594c8e883adf4f6eee036440bdb7773e9bbe03780eba233/detection

http://94.141.123.182
45.138.74.1:5553
94.141.123.182:4133
plotoraus.shop
/gaDERGEteway/3pls2pun.u78t9
/gaDERGEteway/fjgcuo8u.t0caq
/gaDERGEteway/
/3pls2pun.u78t9
/fjgcuo8u.t0caq

# Reference: https://x.com/bluish_red_/status/1940822456492872040
# Reference: https://app.validin.com/detail?type=raw&find=%2FCN%3Dcharon#tab=host_pairs (# 2025-07-03)
# Reference: https://www.virustotal.com/gui/file/bfc55dcd25b2ef66c5be52d67eada7fc143431a1c7d0049b6c2345f74f75ebbf/detection

http://45.153.34.174
/SgDatFeway/smxe0xdr.sah5v
/SgDatFeway/
/smxe0xdr.sah5v

# Reference: https://www.virustotal.com/gui/ip-address/5.35.38.7/relations
# Reference: https://www.virustotal.com/gui/file/02e28e37bc221381afb888f6c4699df1315a3493ead40ecc1d3d610077c555a4/detection

178.20.45.155:3872
5.35.38.7:443
gameforlikaks.top
globaltexp.top
magicdogeh.top
api.gameforlikaks.top
api.globaltexp.top
api.magicdogeh.top
v2795105.hosted-by-vdsina.ru

# Reference: https://www.virustotal.com/gui/file/2c4b10eb957cfedd63ce2fc88c49b4acefd3d25fe8c31a5f151e4b58161b8a56/detection
# Reference: https://www.virustotal.com/gui/file/7f483a420ccdb801418f9c1fd88063668367ff9c886de491f394fac794b04286/detection
# Reference: https://www.virustotal.com/gui/file/3eb1de1edb6da38d9833366ab69b6506ef266a124ae5abdc3900a05a8fb0ac8b/detection
# Reference: https://www.virustotal.com/gui/file/3eb1de1edb6da38d9833366ab69b6506ef266a124ae5abdc3900a05a8fb0ac8b/detection

http://178.20.45.155
178.20.45.155:3872
/76ece4d3ab5c60ead288414/3mlviepo.413xr
/76ece4d3ab5c60ead288414/j01nngp3.cf686
/76ece4d3ab5c60ead288414/l6nh5uuv.c7hhk
/76ece4d3ab5c60ead288414/t852dovi.awtac
/76ece4d3ab5c60ead288414/
/3mlviepo.413xr
/j01nngp3.cf686
/l6nh5uuv.c7hhk
/t852dovi.awtac

# Reference: https://x.com/bluish_red_/status/1940822456492872040
# Reference: https://app.validin.com/detail?type=raw&find=%2FCN%3Dcharon#tab=host_pairs (# 2025-07-03)
# Reference: https://www.virustotal.com/gui/file/3464c59c857e90012b23478e93e95d1d3c58ee788dd801f253d61168c0edc02c/detection

194.164.245.9:6296
89.110.87.119:443
cheperblast.top
deadmonkey.ru
godfatheralive.top
goolagstalinmore.top
managerfjo.top
metafamily.cfd
mfriend.online
shimforfreal.top
shimoneaprel.top
starolymx.com
api.godfatheralive.top
api.goolagstalinmore.top
api.managerfjo.top
api.shimforfreal.top
api.shimoneaprel.top
get.cheperblast.top
/32229be74bbb5ed8/ub59gtuk.niruc
/32229be74bbb5ed8/
/ub59gtuk.niruc

# Reference: https://www.virustotal.com/gui/file/8cff04f47b22b1080899abe5a4aedbb1157f291b5902ddc5390806507818fa8b/detection

171.22.120.227:443
/6519b3d55998bf5e49d571/11kp499q.9esmx
/6519b3d55998bf5e49d571/
/11kp499q.9esmx

# Reference: https://www.virustotal.com/gui/file/4996c632b8b6c5f14e73bb2928e66aa2ed5b3e1be6e7ca9955c2ef45773fbae2/detection

5.180.52.4:443
85.209.157.5:443
85.209.157.10:443
85.209.158.10:443
sftp.aprosgestion.com
/gateway/2jel50b6.amlpi
/2jel50b6.amlpi

# Reference: https://www.virustotal.com/gui/file/85f35708f062078f9ff0b7dc224fe18fdd9b6b7e5b5e0418f3dec2de1361775d/detection

193.233.113.173:443
185.170.154.149:4433
/gateway/mhocu4wc.kstvf
/mhocu4wc.kstvf

# Reference: https://www.virustotal.com/gui/file/90368efed1cb835dcb06176b71d5309dc4c46e414812013ecfc72178ba8498d3/detection
# Reference: https://www.virustotal.com/gui/file/b3e16ccc29fc8bfa6b2788d865fe21abc7c17d5b930268ddb68f126a6d80a70c/detection

lafmhjatioaper.help
/gateway/wx63hdsg.mk9hj
/wx63hdsg.mk9hj

# Reference: https://x.com/bluish_red_/status/1940822456492872040
# Reference: https://app.validin.com/detail?type=raw&find=%2FCN%3Dcharon#tab=host_pairs (# 2025-07-03)

http://91.84.99.97
144.202.41.72:443
149.28.237.131:443
18.188.140.168:443
192.124.178.188:443
195.82.147.73:443
216.250.253.125:443
38.244.193.60:443
45.153.34.129:443
45.153.34.139:443
45.153.34.152:443
45.153.34.175:443
45.153.34.178:443
45.153.34.192:443
45.74.10.124:443
45.74.16.154:443
45.74.16.156:443
5.187.2.166:443
62.3.15.94:443
66.248.206.240:443
77.110.127.54:443
77.239.96.100:443
85.209.156.5:443
91.216.169.19:443
91.84.99.97:443

# Reference: https://www.virustotal.com/gui/file/5195b5e0359d94d709b1bf3e05cb309226617447b989ba0ea86e8896d5965770/detection

89.169.12.138:443

# Reference: https://www.virustotal.com/gui/file/2246feb7c6a79ca7c54b900b01f799b184aa9e0f156c0b3c775fba4ce880c642/detection
# Reference: https://www.virustotal.com/gui/file/945336ea9a5aa86b985dfbfbbe1c381099ecfcb6da10f2742fcdd29475907801/detection
# Reference: https://www.virustotal.com/gui/file/d7bc381eef47591c2f1a4052bf87f37fcca072f393a9142c8d8e46a4922cea6f/detection

http://89.169.12.140
/gateway/9ns74a2g.2g2nc
/9ns74a2g.2g2nc

# Reference: https://www.virustotal.com/gui/file/88d1186ae755d6044ea9e64371300ab0a523bbc9ba8b4cc38cda57de4c158f59/detection
# Reference: https://www.virustotal.com/gui/file/9529510c3347ed8eb9abd39579314f5501549b37ab1e4c82e76fd038546f65a6/detection

http://62.60.226.194
62.60.226.194:443
/DDFDSSS/ctfplwn8.oo1en
/DDFDSSS/xsjp70np.mslj4
/ctfplwn8.oo1en
/xsjp70np.mslj4

# Reference: https://www.virustotal.com/gui/file/f393d94c657302843222bb609c9667f05bf0e1840dbe7ae2cf69013c09cd5c7e/detection

http://185.170.154.252
185.170.154.252:443
/gateway/ardjqg74.espbm
/ardjqg74.espbm

# Reference: https://x.com/banthisguy9349/status/1969380548427587641
# Reference: https://www.virustotal.com/gui/file/193beb52288d6940b319a340f9e3f58baef16e113381ef1acdb5ccd2b2e1863c/detection
# Reference: https://www.virustotal.com/gui/file/5195e59ef4c5c82a02e37723976a17670f5f1e8b41df868e7d0600d2396e23a5/detection

107.150.0.79:443
/gateway/16crvv1a.d7sga
/gate12837912way/kxulk3af.wnpid
/16crvv1a.d7sga
/kxulk3af.wnpid
/gate2hj45g2kway/lpr307k4.ka879
/gate2hj45g2kway/
/lpr307k4.ka879

# Reference: https://www.virustotal.com/gui/file/ba8d5fe15f61989f663220e6433aa76ebbf6a49ae4f604c5f4cbceb665115751/detection

http://195.10.205.78
/gateway/0ppn39ki.sqtj6
/0ppn39ki.sqtj6

# Reference: https://www.virustotal.com/gui/file/7cf145b7bcae1b31bd67939f116d18b9bbccb9f730658fc4cdc34c0d2a1187be/detection

176.65.142.101:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.rhadamanthys/ (# 2025-07-05)

http://66.63.187.190
104.37.172.175:19000
104.37.175.226:19000
104.37.175.249:443
104.37.175.249:8888
107.150.0.77:19000
107.150.0.77:443
107.150.0.77:8888
107.167.93.210:19000
107.173.180.117:443
107.175.30.197:443
107.178.103.74:19000
108.61.117.233:8088
116.202.22.233:443
135.181.10.139:19000
135.181.122.216:19000
135.181.181.109:19000
135.181.4.162:19000
136.243.242.29:8113
138.199.152.79:443
138.199.152.79:8888
147.124.219.157:19000
147.124.221.148:19000
147.124.221.148:443
147.124.221.148:8888
148.135.119.47:443
151.242.2.20:19000
157.90.14.147:14321
165.22.154.195:19000
165.22.154.195:443
165.22.154.195:8888
176.123.7.193:443
176.123.7.193:8888
176.65.134.127:19000
176.65.134.145:19000
176.65.134.153:19000
176.65.134.153:9912
176.65.134.33:19000
176.65.134.33:443
176.65.138.143:19000
176.65.140.26:19000
176.65.140.26:443
176.65.140.26:8888
176.65.140.27:19000
176.65.140.27:443
176.65.140.27:8888
176.65.141.165:8587
176.65.141.166:2405
176.65.141.207:19000
176.65.141.207:443
176.65.141.207:8888
176.65.141.209:19000
176.65.141.219:19000
176.65.141.250:19000
176.65.141.48:19000
176.65.141.62:19000
176.65.142.201:19000
176.65.142.21:19000
176.65.142.34:19000
176.65.142.61:19000
176.65.142.92:19000
176.65.143.149:19000
176.65.143.152:19000
176.65.143.204:8049
176.65.144.105:8888
176.65.144.106:19000
176.65.144.168:19000
176.65.144.179:19000
178.255.126.19:443
178.255.126.19:8888
179.43.141.35:443
179.43.176.17:19000
179.43.176.5:443
179.43.176.5:8888
179.43.176.8:19000
179.43.182.221:19000
179.43.182.221:443
179.43.182.221:8888
179.43.182.61:19000
180.178.189.34:8181
185.106.176.178:19000
185.107.74.8:8088
185.149.146.41:14431
185.149.146.41:1912
185.196.11.170:19000
185.196.8.215:19000
185.196.8.26:443
185.208.156.43:19000
185.208.158.7:19000
185.208.158.91:19000
185.208.159.170:19000
185.21.13.139:19000
185.245.105.118:19000
185.39.206.250:8888
188.245.239.55:19000
192.153.57.185:19000
192.30.242.216:443
192.30.242.216:8888
192.30.242.248:19000
192.30.242.44:19000
193.124.205.11:19000
193.124.205.45:19000
193.124.205.45:443
193.124.205.45:8888
193.233.112.103:11010
193.24.123.213:19000
194.113.245.11:8474
194.164.245.8:443
194.164.245.8:8888
194.5.62.208:19000
194.87.29.221:443
194.87.29.221:8888
195.10.205.101:19481
195.10.205.70:19000
195.10.205.78:19000
195.10.205.78:443
195.82.146.172:8888
195.82.146.180:8811
195.82.146.47:8704
195.82.147.21:19000
195.82.147.24:19000
195.82.147.26:19000
195.82.147.36:19000
195.82.147.73:19000
195.82.147.84:19000
196.251.69.173:1915
198.135.48.192:19000
198.135.48.192:443
198.135.48.192:8888
198.135.48.94:19000
198.135.48.94:443
198.135.48.94:8888
198.135.52.142:19000
198.135.55.145:19000
198.144.183.226:443
206.123.145.22:443
212.34.154.50:443
212.34.154.50:8888
213.209.150.104:8181
213.209.150.140:443
213.209.150.140:8888
213.209.150.143:19000
213.209.150.143:4233
213.209.150.20:443
213.209.150.20:8888
216.250.252.47:19000
216.250.252.47:443
216.250.252.47:5026
217.156.122.3:19000
23.88.69.148:443
23.94.122.150:11453
23.95.32.229:19000
31.172.74.175:19000
37.27.239.58:8888
37.27.239.58:8899
38.180.152.36:19000
43.255.158.248:11453
43.255.158.248:19000
45.12.219.193:19000
45.12.219.193:443
45.12.219.193:8888
45.125.66.142:19000
45.134.26.140:19000
45.137.99.191:19000
45.137.99.58:19000
45.141.87.119:9000
45.142.194.131:443
45.142.194.131:8888
45.142.194.141:443
45.142.194.141:8888
45.142.194.47:19000
45.142.194.48:19000
45.144.53.186:443
45.144.53.186:8888
45.150.32.106:19000
45.153.34.116:19000
45.153.34.119:19000
45.153.34.122:19000
45.153.34.122:8888
45.153.34.127:8888
45.153.34.130:19000
45.153.34.134:8888
45.153.34.135:19000
45.153.34.137:19000
45.153.34.138:19000
45.153.34.140:19000
45.153.34.140:443
45.153.34.140:8888
45.153.34.143:19000
45.153.34.147:1199
45.153.34.147:19000
45.153.34.147:4433
45.153.34.147:8888
45.153.34.148:19000
45.153.34.167:19000
45.153.34.168:19000
45.153.34.168:443
45.153.34.168:8888
45.153.34.171:19000
45.153.34.173:4413
45.153.34.181:4243
45.153.34.199:19000
45.153.34.229:19000
45.153.34.229:443
45.153.34.235:19000
45.153.34.237:443
45.153.34.242:442
45.153.34.28:19000
45.153.34.85:1912
45.156.87.109:19000
45.156.87.126:19000
45.74.10.208:8888
46.101.114.89:19000
49.12.168.200:443
49.12.168.200:8888
49.13.0.36:443
49.13.0.36:8888
5.149.250.166:9915
5.175.234.99:443
5.175.234.99:8888
5.252.153.226:443
5.252.155.208:443
5.252.155.208:8888
62.60.226.118:443
62.60.226.118:8888
62.60.226.128:443
62.60.226.128:8888
62.60.226.143:19000
62.60.226.143:443
62.60.226.143:8888
62.60.226.173:19000
62.60.226.176:19000
62.60.226.185:19000
62.60.226.185:443
62.60.226.185:44333
62.60.226.193:19000
62.60.226.19:443
62.60.226.19:8888
62.60.226.24:19000
62.60.226.44:443
62.60.226.44:8888
62.60.226.79:443
62.60.226.79:8888
62.60.226.84:19000
62.60.226.89:19000
65.108.129.23:443
65.108.129.23:8888
65.108.206.243:443
65.108.206.243:8888
65.108.207.18:8888
65.21.118.116:443
72.5.42.44:1587
74.117.196.250:19000
77.110.116.74:19000
77.73.129.44:5902
77.83.207.146:19000
77.83.207.146:443
77.83.207.146:8888
81.19.131.173:19000
83.217.209.230:443
83.222.191.196:11000
84.200.154.49:19000
85.158.108.139:19892
85.158.108.184:19014
85.158.110.87:8899
86.54.42.145:19000
86.54.42.154:19000
86.54.42.215:19000
86.54.42.217:19000
86.54.42.224:19000
88.198.15.183:19000
88.210.34.29:19000
88.210.34.29:4178
88.210.34.29:443
89.23.98.145:8900
89.34.230.116:8888
89.34.230.119:19000
89.34.230.169:19000
89.34.230.16:19000
89.34.230.184:19000
89.34.230.69:19000
91.240.118.2:19000
91.240.118.2:9769
92.60.47.178:19000
93.113.25.244:19000
94.141.123.182:29300
94.141.123.182:443
94.156.227.14:19000
95.214.53.17:19000
95.214.53.17:443
95.214.53.17:8888
95.216.19.115:19000
api.blue-pencil-wave.today
api.strawberry-fruit.shop
asp.hankeringcrestedwrist.shop
blue-pencil-wave.today
bv.yuoei.shop
cf.jolttapestry.fun
everydayitstimeto.christmas
fuzzikittenhaus.com
hankeringcrestedwrist.shop
i.jolttapestry.fun
jolttapestry.fun
mail.miliao.cc
ovalre.us
partopikoto.live
playing-music.oss-ap-southeast-7.aliyuncs.com
sk2.boxingcasualty.shop
strawberry-fruit.shop
vvrn.akkba.cloud
w1.discoverconicalcrouton.shop
yuoei.shop
/0721217eab03d184996db/0c8607s1.q8xnq
/0721217eab03d184996db/jks0dfje.0f4gv
/0721217eab03d184996db/uihhm5or.adx0l
/0c8607s1.q8xnq
/192xrm94.kf4
/1bsv4t78.ugtje
/20abda5e27a457d5bae88f8/smgx4whh.hodau
/2ptlciku.20d33
/78fc5131525a9e8d335b1/192xrm94.kf4
/78fc5131525a9e8d335b1/2ptlciku.20d33
/78fc5131525a9e8d335b1/bu4x10qt.a1
/7b10d5d78fdd0/p09qs22q.4xr9s
/7fbe5fb3ba958a77f17d1d400555809e71d86fe8999830c1.wpd
/EDHGFDSDFG/1bsv4t78.ugtje
/bu4x10qt.a1
/jks0dfje.0f4gv
/p09qs22q.4xr9s
/smgx4whh.hodau
/uihhm5or.adx0l

# Reference: https://www.virustotal.com/gui/file/a96fdd10d8c3531841ae89c755b9718933b29169d7848de63cf3b9dd898ff5ab/detection
185.209.161.182:9057
/c406104e77bccd507d/ck9m16vt.l8rlx
/ck9m16vt.l8rlx

# Reference: https://www.virustotal.com/gui/file/5826336df34ba4f5d2e645c82122c2cc9d5fe61d4b10d2282d880293e568d2ee/detection
# Reference: https://www.virustotal.com/gui/file/c6cee0adfe511e99fa64af9d939d4c1d115dd56b17df1c7e60a165d122f50a57/detection

http://176.65.142.184
176.65.142.184:443
185.21.13.139:4433
/gateway/dxavsfuw.06d5c
/gateway/vwdnrjpb.h1pcn
/dxavsfuw.06d5c
/vwdnrjpb.h1pcn

# Reference: https://www.virustotal.com/gui/file/0c493fc4f0be85073e5087cd3a990da53bd96245e952585f01c9ef8be24e492e/detection

193.68.89.45:7055

# Reference: https://www.virustotal.com/gui/file/1cfc3b32aeb66367c054ac339add02b24805f90a3d0b53bd61b4670d0edf8a55/detection

http://194.143.146.43
/gateway/ssv15b6p.dnpel
/ssv15b6p.dnpel

# Reference: https://www.virustotal.com/gui/file/80d7caf2863c1b2e8bcbfeaf02a0fcd84b376b052658ce09e4d9dd2450cb16dc/detection

178.255.126.19:8888
178.255.126.223:4433

# Reference: https://www.virustotal.com/gui/file/0a5bb6b29e70f99c51cc97726ceab44771dca068cc5d56780c9abf71662bb287/detection

http://83.217.208.52
/gateway/1wqt7kjq.lvck8
/1wqt7kjq.lvck8

# Reference: https://www.virustotal.com/gui/file/3de30cac1e834e75ae41446551445fd3fe44f603ce30015f3ffcc1218f36f051/detection

http://159.69.59.93
/gateway/ju1o2hgj.8o8e5
/ju1o2hgj.8o8e5

# Reference: https://www.virustotal.com/gui/file/8cc2854d14061632ea0e427f4c0bbd60c6f6fd35c70860fed8ad22d148fead42/detection

http://89.150.40.77
89.150.40.77:443
/windowsiis2022/g1ci1mt7.8u9p8
/windowsiis2022/
/g1ci1mt7.8u9p8

# Reference: https://www.virustotal.com/gui/file/0f72603467745275eb5c43871e0295bc9b89659010fbf1650e1c82196a5e29a4/detection

45.159.248.242:6339

# Reference: https://www.virustotal.com/gui/file/ed597a341853ca2040d200f9450e4a7f0d393129d613db96b3aed7dbe8a15976/detection

sync.sagargolf.com

# Reference: https://x.com/galkofahi/status/1947990984580567097
# Reference: https://www.virustotal.com/gui/file/9b04ba3901bf0de8609dcc7854d11f83849b7ff88347d52959f3c439343164c8/detection
# Reference: https://www.virustotal.com/gui/file/c309ac17d39fb13751882787b3f97a4053641d33ac537291575333d4db9ae3d0/detection

http://185.196.8.26
185.196.8.26:4200
/lund/gqiuheg9.d743d
/gqiuheg9.d743d

# Reference: https://x.com/Threatlabz/status/1950949733935223110
# Reference: https://www.virustotal.com/gui/file/eb5558d414c6f96efeb30db704734c463eb08758a3feacf452d743ba5f8fe662/detection

192.30.242.210:8888
/gateway/qq7o8k3h.fnliq
/qq7o8k3h.fnliq

# Reference: https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8

185.39.206.236:443
/gateway/aoaowmat.s0srx
/aoaowmat.s0srx

# Reference: https://x.com/anyrun_app/status/1955261592087458195
# Reference: https://app.validin.com/detail?find=d6fe9b51105378c746287ad700ec55db&type=hash&ref_id=c3d31df9ce7#tab=host_pairs (# 2025-08-12)
# Reference: https://www.virustotal.com/gui/file/924f21d03e7f7835f76c84bb6875cb01d4e5a9ef5608bc2aebebfab5340686cd/detection

194.87.29.253:443
80.253.249.108:4356
84.200.80.8:443
bro-flashy-cat88.xyz
flaxergaurds.com
loanauto.cloud
temopix.com
wetotal.net
winmic.live
zerontwoposh.live
/gateway/6caqmphx.fan5l
/gateway/n5eepk7n.2a6s4
/6caqmphx.fan5l
/n5eepk7n.2a6s4

# Reference: https://x.com/SquiblydooBlog/status/1955686642934800694
# Reference: https://www.virustotal.com/gui/file/8a2590c9a17beff4632e5c888cee885f37901a664d21309b8b3b803462b160d7/detection
# Reference: https://www.virustotal.com/gui/file/abf052189d7c4ecb828806ff3e559de0e4bd0ba5e69c01575a8f8217bf2868d6/detection

194.55.137.74:443
glokdrofko.top
unared-cdn.asia

# Reference: https://x.com/g0njxa/status/1959989875404366284
# Reference: https://x.com/netresec/status/1960248042554081784
# Reference: https://www.virustotal.com/gui/file/7908c78041ece2129127d26500321b09f094e41c66f535454884bb4d79573b9b/detection

198.135.48.43:18088
/gateway/tsf0eqxx.dju47
/tsf0eqxx.dju47

# Reference: https://x.com/K_N1kolenko/status/1960961408780095864
# Refereence: https://www.virustotal.com/gui/file/b18aa5a1a02bcd28e242c1d23585d565f88063e6c1b251873e5872c95652679a/detection

185.102.115.18:44533
185.102.115.18:58834

# Reference: https://x.com/JAMESWT_WT/status/1968934473740833091
# Reference: https://app.any.run/tasks/0df667b4-b779-483b-933d-a9b78fc41b75
# Reference: https://www.virustotal.com/gui/file/4a98e39be920cf2a999e3d5a25bf4f0192dc574eab6b47c69a76222c0cb2d69a/detection

80.253.249.210:443
/gateway/xkcuwr37.ogwja
/xkcuwr37.ogwja

# Reference: https://www.virustotal.com/gui/file/00b2fcef0757d618e1e8fb107096d2c4b65855eb3e16021206ccb5c4f03fcac3/detection

176.46.152.62:5858

# Reference: https://x.com/thebitdoodler/status/1971655864793850200
# Reference: https://www.virustotal.com/gui/file/9b488286cdf0d6025096bac071a9d1068e1ac2e4348f231f5c3b241db2051534/detection

http://64.188.91.83
64.188.91.83:54433
spawnstars1.shop
/gateway/ii0wjcja.3p5xf
/ii0wjcja.3p5xf

# Reference: https://www.virustotal.com/gui/file/59ff0305c48efa67262ff44c6dc719a03f297acd61d66f54d78496aff03d79a6/detection
# Reference: https://www.virustotal.com/gui/file/bd322aca125d095bb81195df86f43772187bc4f5133ff8f78c84c7ee11a9b8d1/detection
# Reference: https://www.virustotal.com/gui/file/59ff0305c48efa67262ff44c6dc719a03f297acd61d66f54d78496aff03d79a6/detection

80.253.249.208:4231
82.22.174.33:443
shiporitoy.sbs
shiteathre.sbs
shiwa.sbs
snaifre.sbs
trelev.live
treten.live
tretwe.live
wieish.sbs
wisev.sbs
/gateway/202hphki.v8dkr
/202hphki.v8dkr

# Reference: https://www.virustotal.com/gui/file/07696e89e560cff18a41c9cedcbdf7d1732b072a00631155759d8ee1edb542c5/detection

193.233.126.173:443
/gateway/excak9i5.wd6ow
/excak9i5.wd6ow

# Reference: https://www.virustotal.com/gui/file/5517dc210ae01f2bb76ea06afebcfdc25065ce5f9ab4c900e1c496451ff6686e/detection

ganjasmokeha.top
api.ganjasmokeha.top

# HEADER_HASH-HOST=f060620cf4f86b6481dc

akbweb.top
apreldown.top
blagomezbart.top
filtergoyrdo.top
gabrielnonstops.top
gigachatglob.top
gnomeblocks.top
goodfatherbab.top
newphilshim.top
newshimforjune.top
newshimone.top
newshimtwo.top
voinaimurtols.top
api.akbweb.top
api.apreldown.top
api.blagomezbart.top
api.filtergoyrdo.top
api.gabrielnonstops.top
api.gigachatglob.top
api.gnomeblocks.top
api.goodfatherbab.top
api.newphilshim.top
api.newshimforjune.top
api.newshimone.top
api.newshimtwo.top
api.voinaimurtols.top

# Reference: https://www.virustotal.com/gui/file/7a8fc9266ee3f169e22833bfdf0ff5c7dc3b59fa0a6d612a01905f27362ddf10/detection

adolfcjgos.top
api.adolfcjgos.top
/76ece4d3ab5c60ead288414/fi3cxhti.l1g9r
/76ece4d3ab5c60ead288414/
/fi3cxhti.l1g9r

# BANNER_0_HASH-HOST=254b8175e050e3d0844beed9d894d030

globalshimserv.top
glpovmdasda.top
majesticpoison.top
mancotacobell.top
nl2.stablepod1.top
rnsddse.top
stablepod1.top

# Reference: https://x.com/JAMESWT_WT/status/1972690379066474773
# Reference: https://www.virustotal.com/gui/file/7b08010f90000aebb4e4fe941cf0f5126c040691b7c2eb1abe5bc100f7005a76/detection

185.196.9.212:443
5.252.153.112:8000
5.252.153.240:8000
bthizkquvq.pw
intuite.site
intuite.tech
hotel.intuite.tech
hotel.intuite.site
hotelsep.blogspot.com
potalgonabunbunsed.blogspot.com
/master/5208wlg6.vnad9
/5208wlg6.vnad9

# Reference: https://www.virustotal.com/gui/file/76790344db486db20af8caf3a3045a9c15d88bd1bb1d440adb3a3faeb625e681/detection
# Reference: https://www.virustotal.com/gui/file/ea1556f31371a93603d5d7325e865c313f3b3a59d0a7ac4a4728c338f2049619/detection

oneltak.top

# Reference: https://www.virustotal.com/gui/file/abd92c6d1d75a6d018906b0f56bfb793056e8b9054ebb1fbf79ac496e65f875b/detection

http://212.11.64.215

# Reference: https://www.virustotal.com/gui/file/c87990f603179c0f6c6fe57c82e578b502b87797761861043d7b2e347931be3d/detection

/gDatDeDway/f55ciojg.ew56r
/gDatDeDway/
/f55ciojg.ew56r

# Reference: https://www.virustotal.com/gui/ip-address/185.208.159.226/relations
# Reference: https://www.virustotal.com/gui/file/d21c9ea71b552edbf0fed362c8dcb7f71f6f06208371cb65fe526c65546d6c89/detection

bradseek.top
falconmx.top
menslaks.top
petsloot.top

# Reference: https://www.virustotal.com/gui/file/ea26270b360f4c2d2d73db3959e905872ab59ea680b91f76aa87ec4a58a92fd4/detection
# Reference: https://www.virustotal.com/gui/file/ff14429d2ec2104a1c7f61e7561d3eef27f476ef8a943307890eb37f1e6529d5/detection

144.172.106.201:4133

# Reference: https://www.virustotal.com/gui/file/0146b0e2b5c59abe56321f0a8913c9f18b9bdb67425a31f1e08fb7f15c60cfb7/detection

185.208.159.226:8888

# Reference: https://www.virustotal.com/gui/file/be5e9e2e0d43feb54b0cffbc54e4150e7f1bc22d8c033f9c23789ec683b56734/detection

185.33.84.159:443
194.55.137.26:2022
194.55.137.30:443
5.180.52.28:443
77.91.75.254:443
79.141.168.224:443
85.208.119.17:443
85.209.156.7:443
85.209.157.6:443
85.209.158.14:443
/gateway/calh79rb.cjjfi
/calh79rb.cjjfi

# Reference: https://www.virustotal.com/gui/file/f1d45569c2f00002de673d4c7502a2af613d69a84af84dc8fd7a43b38ca37937/detection

http://77.105.136.71
/gateway/9o5fknci.dm9qh
/9o5fknci.dm9qh

# Reference: https://www.virustotal.com/gui/file/456660eb6695d1ba9e569abedb1ce42b0f56a80c8eb331ea8ba0bdb4358880d0/detection

77.105.136.71:443
diamomong.top
api.diamomong.top

# Reference: https://www.virustotal.com/gui/file/572fee73ab64f53b68589e37cdf30f28c2b94776ed87f17229e448aa6d6fe524/detection

http://77.73.129.35
77.73.129.44:41433
/gateway/ofcfljv6.pme0l
/ofcfljv6.pme0l

# Reference: https://www.virustotal.com/gui/file/fa9bf2db089d568182b184a7e2084dc9e0cd600d57a6c79f6bc0ee169b18dce9/detection

http://185.149.146.172
185.149.146.172:443
/zdesbilvova/qhdigs9k.6c26b
/qhdigs9k.6c26b

# Reference: https://www.virustotal.com/gui/file/93b5030357aa13dd7b27238143af70bf19966bde05fd59786eadc8b68a5556d9/detection

45.142.193.98:5418
77.90.185.70:443
/get/8i5s7jan.ugmwg
/8i5s7jan.ugmwg

# Reference: https://www.virustotal.com/gui/ip-address/5.9.198.36/relations

anaivilonamand.xyz
bodeleialinnsa.xyz
canadadelhoyo.com
debindaianeree.xyz
hnofinjarcisen.xyz
holinswincetta.xyz
lisonneringeer.xyz
navivawsisonau.xyz
ndelevielolipr.xyz
oneazasharilli.xyz
owerneodonereo.xyz
quminathingach.xyz
unbelentenengn.xyz
viliatarizeril.xyz
xartamarakatha.xyz
zaloniarshiabr.xyz

# Reference: https://research.checkpoint.com/2025/rhadamanthys-0-9-x-walk-through-the-updates/
# Reference: https://www.virustotal.com/gui/file/0877849f6d367539d0e9d895e42a1c94d8f288c748428bb8e2634ed0dc927389/detection

193.84.71.81:443
/gateway/xhfc6bab.jg3hl
/gateway/wcm6paht.htbq1
/xhfc6bab.jg3hl
/wcm6paht.htbq1

# Reference: https://www.virustotal.com/gui/file/19801ee4c790ff671259d4a47f3cbd48bae686d2d9967a440e00cef35041ace9/detection
# Reference: https://www.virustotal.com/gui/file/8f9eab6f52ecaa2412126c0a1bbd0fe6415a5345ad970ea3ec285284f8ffe9e0/detection
# Reference: https://www.virustotal.com/gui/file/a54faa6500ada27d2a1ea3bb298897fbda25240a170bc40af8e6f39bce930d4f/detection
# Reference: https://www.virustotal.com/gui/file/ccbcbf8d6399bce1f3df74c2e3f2919f2c343c646689ecffe3f773b68b1e04d2/detection

193.8.184.120:54433

# Reference: https://www.virustotal.com/gui/file/a4240b24d90590d356c4c6e7f6d9c5604a52a2b76c16d1b90c54ab1f74826d42/detection

109.234.36.180:443

# Reference: https://www.virustotal.com/gui/file/26d3f212f445da539cfd857ad5199d0f20baa341296fb4051656c55823630256/detection

146.103.99.179:443

# Reference: https://www.virustotal.com/gui/file/3aa535904d599508d7be920a414a5e9c28ebbc6729557b7b872ad8b86ad16d91/detection

5.180.46.40:44313

# Reference: https://www.virustotal.com/gui/file/bd322aca125d095bb81195df86f43772187bc4f5133ff8f78c84c7ee11a9b8d1/detection

shiteatwop.sbs

# Reference: https://www.virustotal.com/gui/file/28c92680092fe5179ef00d0996b5e627476d8aec574a5d17cc4abb4c41934d52/detection

84.21.189.85:443
qsetshi.live

# Reference: https://www.virustotal.com/gui/file/ee25ba77afab31fd892f99ac868c83a11a2e86ee55b11235d57d0c039d4e09d3/detection
# Reference: https://www.virustotal.com/gui/file/c7a88bf748cccc547490018a222b339fc5574e38ecd59109a841eb0360b14aec/detection

176.46.158.19:43433
193.68.89.57:443
/gateway/wg60jsfj.t62os
/wg60jsfj.t62os

# Reference: https://www.virustotal.com/gui/file/6f29573ba5b8764610549510c146f9346c710534af4783dd9d622dd18a573115/detection

185.177.239.153:443
/gateway/ehqqu17t.n576u
/ehqqu17t.n576u

# Reference: https://www.virustotal.com/gui/file/77ea1145bc499b42106c56b1e3487a6c54d338235b7bdfc2cccd2926127ea1c4/detection

fivadm.sbs
fouradm.sbs
tesshi.live
thretadm.sbs
twetadm.sbs

# Reference: https://www.virustotal.com/gui/file/4ee662939cd683ba9a3aa8335a0dbad15d433b73cc4d23d144c9a628ddbfdb44/detection

78.40.193.42:443
glpombjghty.top
api.glpombjghty.top

# Reference: https://www.virustotal.com/gui/file/15d04f836366ee6e340f21d8deaacae6661a9233c0d421f1864d4e0d6feb7aab/detection
# Reference: https://www.virustotal.com/gui/file/27a620c3e613c203be54a3e2865e63a656b57d52404b0232553c963d006e5a08/detection
# Reference: https://www.virustotal.com/gui/file/46792d2af5e0263583d77ba0bdc050aa568a9e4b246dba8eb3bbfedce826ca79/detection
# Reference: https://www.virustotal.com/gui/file/f1f3e54d6b7f14b5945e4078779cd55073380287df217744e508918ce23f9020/detection

192.52.242.79:443
192.52.242.79:54433

# Reference: https://www.joesecurity.org/reports/report-4991369.html
# Reference: https://www.virustotal.com/gui/ip-address/141.98.80.175/relations
# Reference: https://www.virustotal.com/gui/file/4cb16ea1c2b2a8119822a6a54236056b5296e6141233092fbd424f5f06900fa5/detection

194.87.10.203:44333
securitysettings.live
xoiiasdpsdoasdpojas.com

# Reference: https://research.checkpoint.com/2025/youtube-ghost-network/

178.16.53.236:6343
5.252.155.231:443
5.252.155.99:443
94.74.164.157:8888
openai-pidor-with-ai.com
/gateway/3jw9q65j.b3tit
/gateway/6xomjoww.1hj7n
/gateway/pqnrojhl.adc7k
/gateway/r2sh55wm.a56d3
/3jw9q65j.b3tit
/6xomjoww.1hj7n
/pqnrojhl.adc7k
/r2sh55wm.a56d3

# Reference: https://x.com/JAMESWT_WT/status/1983836794472034357
# Reference: https://www.virustotal.com/gui/file/02011917dbf7bdbdae64dc353a6e54faa6c6885beb9ce0a68b71c64056b6d165/detection

http://176.46.152.80
176.46.152.80:443
/gateway/bbw58g4g.bsmmt
/gateway/gyou6y2d.3fu8vEcLU
/bbw58g4g.bsmmt
/gyou6y2d.3fu8vEcLU

# Reference: https://x.com/smica83/status/1986082290372628694
# Reference: https://www.virustotal.com/gui/file/0dfb670ecca529d5421549a5a316d4866a43b08b2cd6ecdf3dda6bbc9f78d73d/detection
# Reference: https://www.virustotal.com/gui/file/fcbae0ca655ab789c87cb1eb0dd8b67efb9152983845eb3f7d4842f96a2ab118/detection
# Reference: https://www.virustotal.com/gui/file/35be9fe467eb6eccd43535bce0a3a60207312a57886be75bebf69196e800e891/detection

http://193.233.127.23
192.154.253.194:1080
80.66.72.64:443
beastmod.fit
/inc/t3lqs8r8.2urxq
/t3lqs8r8.2urxq

# Reference: https://www.virustotal.com/gui/file/b313091e22b59dfe0ee60577dc720c7e0241699c9ae87dae8b9f2b4752b54ffd/detection

5.180.52.29:443

# Reference: https://www.virustotal.com/gui/file/07dbc28f593ccff0663fbb0b64153e035402496fd7eabd0dffed1198a01f3cf0/detection
# Reference: https://www.virustotal.com/gui/file/14dca59e68fa2f461c9adb2444e74f35231f0b6ec48d4962a09b3d82d8487d01/detection

37.221.66.129:45433
37.221.66.130:443

# Reference: https://www.virustotal.com/gui/file/57667304a8fb44849444264729f4ea7332952b607ad7b13112001e2d12753500/detection

103.245.231.234:443
/gateway/nlljbstj.e4fic
/nlljbstj.e4fic

# Reference: https://www.virustotal.com/gui/ip-address/109.107.168.124/relations
# BANNER_0_HASH-IP=441ed58786211a63db817040cad8c71c

109.107.168.124:443

# Reference: https://www.virustotal.com/gui/ip-address/23.95.68.186/relations
# BANNER_0_HASH-IP=441ed58786211a63db817040cad8c71c

23.95.68.186:443

# Reference: https://www.virustotal.com/gui/ip-address/192.124.178.34/relations
# BANNER_0_HASH-IP=441ed58786211a63db817040cad8c71c

192.124.178.34:443

# Reference: https://www.virustotal.com/gui/file/01d35fd250e14d0f3b6562b020dc131ed0003ad4c73b33cdbdfdb5f33b0becba/detection

http://104.164.55.24
103.245.231.185:443
104.164.55.24:44133
/apichk/fsgvbu1p.td2n5
/fsgvbu1p.td2n5

# Reference: https://www.virustotal.com/gui/ip-address/87.120.93.221/relations
# BANNER_0_HASH-IP=441ed58786211a63db817040cad8c71c

87.120.93.221:443

# Reference: https://www.virustotal.com/gui/file/1e508106d600d1b1d39d96dd586610f920d368e7783fd65d512daadeca041014/detection
# Reference: https://www.virustotal.com/gui/file/4827cce4c8bbbc058494d8cf4466aba35501becfa352b955d45fba79d89d25b2/detection
# Reference: https://www.virustotal.com/gui/file/04d39773c79255aa2d29863b3ae9e661af6d03b9049bd8c1ec7686388323d54c/detection

http://178.236.252.150
80.253.249.118:187
93.113.25.43:443
reductedusima.world
tergunmola.cc
redem.reductedusima.world

# Reference: https://www.virustotal.com/gui/ip-address/5.180.46.64/details
# BANNER_0_HASH-IP=441ed58786211a63db817040cad8c71c

5.180.46.64:443

# Reference: https://www.virustotal.com/gui/file/933c77892a28369912f150e10996f44a03258aefbcdff6c8f231aa3418aae684/detection

88.119.169.128:443

# Reference: https://www.virustotal.com/gui/file/3bc97a97dfc436a088e706111f0f6a39a78faa9790ecf4a7bd8217b148f5ecbe/detection

144.31.1.159:54433
69.42.220.38:443

# Reference: https://www.virustotal.com/gui/file/5ad366cb07ce20d8ae0488272c16551953ad373ddd128ebe0aca6076514410e4/detection
# Reference: https://www.virustotal.com/gui/file/62e50edd6550486f5da61b8a2c80d01d4ac7b81bddb77b8e8bffb66c9bb8b7a4/detection
# Reference: https://www.virustotal.com/gui/file/701eb0ac1a73d3c6098d0b524fc3f8218e38468a29cfb7361cf947e0aea5d57d/detection
# Reference: https://www.virustotal.com/gui/file/f0bf9a3a70f224dbbf266b3030d59d2c3be597f22142963b7e3b02e19c71840b/detection
# Reference: https://www.virustotal.com/gui/file/f94a5873c3bd33bbdc2ced4acac04c2817527d3b71b51a0b91207520e499a9f9/detection
# Reference: https://www.virustotal.com/gui/file/fca7fe0cd60adec5216fb624c571d738cae12789c24b1c90c566a86dfd514e44/detection

5.101.82.20:443
5.101.84.178:4232

# Reference: https://www.virustotal.com/gui/ip-address/104.245.240.10/relations
# BANNER_0_HASH-IP=600c482f80d39074922f2cd1611bf294

104.245.240.10:443

# Reference: https://www.virustotal.com/gui/file/8ddd01d98e35a2b7f3f93c0567ab04b0082c3ddf26a1a6278e8a07f27842f2bb/detection

64.188.77.34:443
/b26w3w5yh99wgcnuh/ssk23nrd.igl7o
/b26w3w5yh99wgcnuh/
/ssk23nrd.igl7o

# Reference: https://www.virustotal.com/gui/ip-address/45.155.249.74/relations
# BANNER_0_HASH-IP=600c482f80d39074922f2cd1611bf294

45.155.249.74:443

# Reference: https://www.virustotal.com/gui/file/8bd44e2a4829f3be4af02377b3630f2ccfe929f82521d18c2670a2cdc069e2fe/detection

185.141.216.63:443
/EgatEewEay/h7s4kwdr.4166c
/EgatEewEay/
/h7s4kwdr.4166c

# Reference: https://www.virustotal.com/gui/file/b2e1ca1b03fe64f26329500a61e2f27b3d7f786d28db467cb47c0df336ea9ac4/detection

62.60.234.109:44233
85.159.228.128:443

# Reference: https://www.virustotal.com/gui/file/dbcc6adad71339ba794e44671546d1a68d3cad2492aaf89aa4563d9a45caa702/detection
# Reference: https://www.virustotal.com/gui/file/d03ec35c817324b7a5edd27f4b0908789ff5410f0d415a67bac1926fd924b0be/detection
# Reference: https://www.virustotal.com/gui/file/b7a8fc2fa9de2b4a0d29b9f95581f9db7451359870e901c2b249e907039af187/detection
# Reference: https://www.virustotal.com/gui/file/863fd1c371d5ed9b41ae1bfa7214bd47be81978aba7506782bbb7baeb937637f/detection
# Reference: https://www.virustotal.com/gui/file/06fdcf326fdcae064db469743ff68f4abf6bfb8b300ad906c0049041773dbb54/detection

109.122.197.192:443
shikofourpuro.live
shikopuro.live
/gateway/ow3miqmm.kwp7w
/ow3miqmm.kwp7w

# Reference: https://www.virustotal.com/gui/ip-address/80.97.160.88/relations
# BANNER_0_HASH-IP=441ed58786211a63db817040cad8c71c

80.97.160.88:443

# Reference: https://www.virustotal.com/gui/file/719b02cbcd302402f881e4722fbbc8914ba311c5a1150050bb8174335fd725ff/detection
# Reference: https://www.virustotal.com/gui/file/bad6b2f3cca5e4992430cfa37c53a35e0f2d2cbe0dfe977f17f35c9411c88cb3/detection

45.153.34.90:443
/gateway/rjwt8rm7.sun1b
/rjwt8rm7.sun1b

# Reference: https://www.virustotal.com/gui/file/6f56db12f3d18cf836fa13fc47af03f5ac808e55d4d0c97fa8a60dcf6b1302bc/detection

193.233.112.236:5254
40w629twp1.services
km1hx7llk8.cc
default.40w629twp1.services
default.km1hx7llk8.cc

# Reference: https://www.virustotal.com/gui/file/536ef5e9a9fb1c08d42dd05c27efa59119367aa62b5a2c5df5f0b6bbdaa0f39c/detection
# Reference: https://www.virustotal.com/gui/file/6b114bb1b7eaeb2af531c0132e828b277e6dfd6a684814f66b77b032d82f7527/detection

194.102.104.154:443
/gateway/1o7tlt3i.ggmji
/1o7tlt3i.ggmji

# Reference: https://www.virustotal.com/gui/ip-address/194.11.226.246/relations
# Reference: https://www.virustotal.com/gui/file/0359744e81ddd0e36c2111540711f994b8428ea57cce73a5d817a856d07011ba/detection
# Reference: https://www.virustotal.com/gui/file/09f3030f45646d4a97e95c3b048ac188a15880062be06f8f6d58403e6972dcc2/detection

194.11.226.246:443
i1i1i1i1illllliiii1i1i1i1i1i1.online

# Reference: https://www.virustotal.com/gui/file/2b3e04d9349c2ebe1acab426410182ad351959db8c599ecf0babdf9466b3be80/detection

151.243.18.241:443
/gateway/ctrnv40k.u270m
/ctrnv40k.u270m

# Reference: https://www.virustotal.com/gui/ip-address/185.102.115.211/relations
# Reference: https://www.virustotal.com/gui/file/709b649f8c717fe5097d9befdcee79b6bbff251c7178a99300623034ff1f940e/detection
# Reference: https://www.virustotal.com/gui/file/0b77e5171182e2c40320e68a90dfbddf57647471e7f2d0ec529f128b3057aeab/detection

185.102.115.211:443
saer.pro

# Reference: https://www.virustotal.com/gui/ip-address/178.17.48.186/relations
# Reference: https://www.virustotal.com/gui/file/4bef288da1dcbedd0fe11d8b427a327c92a296698610df1983bcf1e4d55f24a0/detection

178.17.48.186:443
185.177.239.146:34433
185.177.239.146:443

# Reference: https://www.virustotal.com/gui/ip-address/146.103.114.25/relations
# Reference: https://www.virustotal.com/gui/file/9d0aea1d541a5e3e28985f66e379d9a38dfe1f13cefb17dafcce55d97318d4a7/detection

146.103.114.25:443
easybilling.shop
lovelace.click
septembernewshim.top
api.septembernewshim.top

# Reference: https://www.virustotal.com/gui/file/b99caad59ea417e19de005afa8ca3bb6c9c3fae8561b0e188d06d0a04e71d3c2/detection

86.109.75.2:443
/gateway/uq7qtw8b.i1s4u
/uq7qtw8b.i1s4u

# Reference: https://www.virustotal.com/gui/file/5371d56cc6f7a5e9c10e5616f7e7a060def41c32c903e3cce3fd5b89190bb0ec/detection

198.105.126.187:443

# Reference: https://www.virustotal.com/gui/file/0199acb277289aee8c0a55d1f745ba75992deeea06be3421b6c9e68f83285a9b/detection
# Reference: https://www.virustotal.com/gui/file/21e10e01f8323a668e0114df4bd1a197e7d8bb6d66f4d5e38a375dc161c6516b/detection

45.12.70.187:56866
94.156.236.154:4433
94.156.236.154:443

# Reference: https://www.virustotal.com/gui/file/2e6c63916557e6d907db86a0dac56cf8454cc6c9eb3dca968d67775e62afadb1/detection
# Reference: https://www.virustotal.com/gui/file/5f98c246c350fc15f33d869c9ff16c5fb3be812ee2f3088f8a815194cc57154d/detection
# Reference: https://www.virustotal.com/gui/file/63c5bd62a3d9a9c030957c5b2cec3e83416a3d8b8e3175472ecacd20544150c8/detection
# Reference: https://www.virustotal.com/gui/file/e20d377dba31c99e537c4bd62c70a12c5e677269cc66e9ee6ab28a7a136d9068/detection

77.90.15.203:443
77.90.15.203:54433

# Reference: https://www.virustotal.com/gui/file/3971cb3a250f4250f0eb1d420b7cff514ce2b54b566ac40d3ef4ce6a2a568a47/detection
# Reference: https://www.virustotal.com/gui/file/31b6408818fd468a94be494798aad20eed5f3308deca1c8bdb5cd205213f51a4/detection
# Reference: https://www.virustotal.com/gui/file/70025b6830fbf592712a2700d8b4cec326e804d7fd9192e8d1619e61b6498a52/detection
# Reference: https://www.virustotal.com/gui/file/f1b984b914fa8e9fd2a6ff6866e4ede73dd5a6733d3040805b22b2e6829b1914/detection
# Reference: https://www.virustotal.com/gui/file/d8b0bb22649f5af90a64074ae92b989dbbc8d66891ce9b3fa585dae2f6ece0e5/detection
# Reference: https://www.virustotal.com/gui/file/d24367c5fc016d27080adfa17bf8b5a73f8cec40a04a060e7235b9e9b0da1caa/detection
# Reference: https://www.virustotal.com/gui/file/b313387e70b1e0a0bcfe292557883593a4c60aa55be496f942714ef40772ded3/detection
# Reference: https://www.virustotal.com/gui/file/886395a7a6559b415cda331a5c6acf2e221c7b3d31cf422de40e568cf4fda578/detection

94.74.164.173:443
/gateapi/0p1u7xmf.aieqf
/gateapi/5pgoecql.0wwjr
/gateapi/6jcbf5c1.x5qct
/gateapi/cfvqgcht.q774c
/gateway/qlo2ep5k.4vg4o
/gateapi/v2t7xs9b.64xfw
/0p1u7xmf.aieqf
/5pgoecql.0wwjr
/6jcbf5c1.x5qct
/cfvqgcht.q774c
/qlo2ep5k.4vg4o
/v2t7xs9b.64xfw

# Reference: https://www.virustotal.com/gui/file/a4177c16d7e04b9a621d32df10550536f7a3a9151d1cb22b62358b6c36d9cb1b/detection

45.153.34.163:443
/gatEEEEeway/q784vg1l.938rp
/gatEEEEeway/
/q784vg1l.938rp

# Reference: https://www.virustotal.com/gui/file/08158828a7fc98af14f45c5f46a67d056fb99f10aed510fe6415d7ee508441dc/detection

80.97.160.205:443

# Reference: https://www.virustotal.com/gui/ip-address/5.252.155.51/relations
# BANNER_0_HASH-IP=600c482f80d39074922f2cd1611bf294

5.252.155.51:443

# Reference: https://www.virustotal.com/gui/ip-address/185.72.8.252/relations
# BANNER_0_HASH-IP=600c482f80d39074922f2cd1611bf294

185.72.8.252:443

# Reference: https://www.virustotal.com/gui/file/f02579faf9a440db8296b552ab6d9e38d2980ab17e057c0f12ce53a262f53670/detection
# Reference: https://www.virustotal.com/gui/file/e1a67dc8eeeb9ce831a749c901dc25ccf3e1c1a65e46d6c8f56a7257040f7f81/detection
# Reference: https://www.virustotal.com/gui/file/bea86f96daba70fe9a1993948aa0994d96cb4c3ebd0da148ec061d609d19fe61/detection
# Reference: https://www.virustotal.com/gui/file/66f9fcd863677e39bca36bcbe9dbb8d138606e89afabbbf7d89096e233cc6d6a/detection
# Reference: https://www.virustotal.com/gui/file/5764be0ec2398a956afacb27f8b85b13d4c93f913599924f50aacff54d7e790a/detection
# Reference: https://www.virustotal.com/gui/file/23ac7a1ebb3fff24d922858fa38001804f18d8cdd031ac41b9f38f9ade8b0fbf/detection

83.217.208.173:443
/gate/0dlsf36p.g5muh
/gate/5nfdffxp.xshtr
/gate/cgvg0hs4.4irst
/gate/maacjldh.lr6oj
/gate/o1wjrlhr.bg40j
/gate/xdcoihlj.3fjfq
/0dlsf36p.g5muh
/5nfdffxp.xshtr
/cgvg0hs4.4irst
/maacjldh.lr6oj
/o1wjrlhr.bg40j
/xdcoihlj.3fjfq

# Reference: https://www.virustotal.com/gui/file/e2167bc88e7d6c016c9baa42b617b2bec5384c69ec194efe1cd6146d0433ba3e/detection

176.46.141.11:6431
/gate/uveudx2h.s6lja
/uveudx2h.s6lja

# Reference: https://www.virustotal.com/gui/ip-address/103.245.231.156/relations
# BANNER_0_HASH-IP=600c482f80d39074922f2cd1611bf294

103.245.231.156:443

# Reference: https://www.virustotal.com/gui/ip-address/185.141.216.91/relations
# BANNER_0_HASH-IP=600c482f80d39074922f2cd1611bf294

185.141.216.91:443

# Reference: https://www.virustotal.com/gui/file/fc5bbbd63e7fd5f785766829852b296638e7a0d13beff1475424281ffb6356a7/detection
# Reference: https://www.virustotal.com/gui/file/d81b98253ec73d83e84e8345788f6bfa04ce3def57e09dd1ed24f80c35c5e21c/detection
# Reference: https://www.virustotal.com/gui/file/19596462804449e8c46358a64431e8499b05bc2c11b11f9fd02800a3c9d74b1e/detection

194.102.104.244:443
/gateway/084dcddp.8cnvd
/gateway/onkf46ck.qhob4
/084dcddp.8cnvd
/onkf46ck.qhob4

# Reference: https://app.validin.com/detail?find=600c482f80d39074922f2cd1611bf294&type=hash#tab=host_pairs (# 2025-11-07)

authdiscordconnect.com
discordconnect-auth.com
inform-zone.com
secure05-schwab.help
squ-are-fl.top
trustwalletappdownload.com

# Reference: https://www.virustotal.com/gui/file/1115aa5a92af50ccaf2d613691254b5a737ff2a03549113aba0e2e51cceb10c4/detection
# Reference: https://www.virustotal.com/gui/file/6070326c63d450799fa8154b3392a09e80f90632af5853f56803c782549f678b/detection
# Reference: https://www.virustotal.com/gui/file/81db09da91604e696e7c3519a59de9a64994051e56a68677db358d3a5a80013c/detection

91.236.230.35:443
termite.life
/gateway/8r99ape7.vd5ga
/8r99ape7.vd5ga

# Reference: https://www.virustotal.com/gui/file/cf948755dcc804a8a313bab2cebe0adf0532cace5b8c29a0738b2fed6a2ece50/detection
# Reference: https://www.virustotal.com/gui/file/5dc89dbd2aaf578b5802c717c630614f6473876b01aefe7424af3f55ba12cd05/detection
# BANNER_0_HASH-HOST=3455c0c935d773c9547cdd06ccdff5dd

ionia74.xyz
slip345.xyz
/gateway/0fwqqwq8.xg1fd
/gateway/n4r0gbrh.x0gxk
/0fwqqwq8.xg1fd
/n4r0gbrh.x0gxk

# Reference: https://www.validin.com/blog/fake_dmca_notice_scam_hunting/

http://185.153.198.115
45.80.231.244:443
/gateway/fc2lje6m.mprui
/fc2lje6m.mprui

# Reference: https://x.com/YungBinary/status/1985415355523584454

103.245.231.203:443
104.164.55.133:443
185.198.234.232:443
/apichk/bief8u31.ao3gp

# Reference: https://app.validin.com/detail?find=f060620cf4f86b6481dc&type=hash&ref_id=5cce1978ba1#tab=host_pairs (# 2025-11-08)

adservices.sbs
alertlivetoday.digital
alertstreamer.digital
bca-bank.shop
bemxiro.live
bentira.live
bigstepix.shop
bolnaro.live
bontera.live
borixa.digital
bosxira.digital
breakingbuzzlive.digital
breakingpulse.digital
brendex.digital
brenlom.digital
brenprefa.digital
brenxa.digital
brenzoxa.live
bretzo.live
brimex.digital
buxvilo.shop
buzzflare.digital
buzzflashlive.digital
buzzimpactnow.digital
buzzwave.digital
buzzwhirlnews.digital
chickaboom.shop
clokryl.live
clonexo.live
clonyl.digital
cloquix.digital
comptech.sbs
croberq.digital
crokryl.digital
cromexa.live
crosyla.live
danvero.digital
darpero.digital
darwilo.live
dexviro.digital
dhl-paket.live
directalert.digital
directflarewave.digital
directfocus.digital
dobnira.live
domendominator.shop
donparo.digital
dopnera.live
dorimeinserino.shop
dorpira.digital
dorxino.digital
draxnexo.live
draxprefa.digital
draxtyn.live
draxvyx.digital
draxvyx.live
drupira.live
dulpino.digital
dulvano.digital
dunxira.digital
dylnero.digital
dylpino.live
dytlina.digital
ecmtincinc.live
eigwion.sbs
fandrixo.live
fexlino.digital
finvaro.live
fivshiwi.sbs
flareblastpulse.digital
flashfocuslive.digital
flashlivewire.digital
flashreactlive.digital
flashupdatefeed.digital
fledex.digital
flekryl.live
flenyl.digital
flequix.digital
flexta.live
floxina.live
foslita.live
fovlira.live
frandelo.live
fylquero.live
fyltira.digital
fympero.digital
fyzmira.digital
galxino.digital
garnexo.live
giplero.live
glimberq.digital
glimdex.live
glimkryl.digital
glimlom.live
glimsyla.digital
glimxta.digital
globalit.sbs
glynova.digital
golxira.digital
gomxila.digital
goxnira.digital
gromilo.live
gryxino.digital
gylxora.digital
haval-f7xz.shop
hotbuzzlive.digital
hotscope.digital
hulxino.digital
hylvano.live
hyrnilo.digital
ignoremicrosoft.live
instantnewsflash.digital
jafnero.digital
jaxvalo.digital
jazlera.digital
jebxina.live
jekparo.digital
jekviro.digital
jemparo.digital
jemxira.live
jenviro.digital
jipnaro.live
jolrvo.digital
jolxta.digital
jonvito.live
jorleta.live
jubxira.digital
julveno.live
jupkryl.digital
juplyx.digital
jupnyl.digital
juprvo.digital
jupvara.live
jupxta.live
jupzern.live
jupzoxa.live
jynvero.digital
kalnira.digital
kaltira.digital
karnexo.live
kemparo.digital
kemporo.live
kernilo.live
kezkryl.digital
kezlom.digital
kezlyx.digital
kezrvo.digital
kezsyla.digital
keztyn.digital
keztyn.live
kjhfkrjhfr.shop
korlero.live
krakryl.digital
kranyl.digital
kratyn.digital
kraxta.digital
krazern.live
kylvero.digital
lemxiro.digital
lgbtmeme.shop
livebolt.digital
livebuzzwave.digital
liveconnectpulse.digital
livecoveragebuzz.digital
liveheadliner.digital
livehostingers.shop
livehypezone.digital
liveimpactnews.digital
liveimpactnow.digital
liveupdatepulse.digital
livewavefeed.digital
livewirenow.digital
lopnaro.digital
lopxira.digital
loxtrix.digital
lubvaro.live
luptero.live
luxnira.live
lylocare.shop
lyqpira.digital
lyrnexo.digital
lyzquro.live
marndex.digital
marneta.live
marnlom.live
marnvara.live
mekzino.digital
melxora.digital
mevtrana.live
mexpiro.live
mexpona.live
mokvero.digital
mokzira.digital
molpena.live
mosnero.digital
murneta.live
murparo.digital
murzano.live
mylpera.live
naiyez.sbs
nalpino.digital
nekvalo.live
neverlandstop.shop
newpikotilo.live
nexdex.live
nexkryl.digital
nexlyx.digital
nexmexa.live
nexvara.digital
nexzoxa.live
norquro.digital
novpira.digital
nulpira.digital
nypzino.digital
onsevadm.sbs
parposhifour.live
pavlero.live
pelxera.live
pexnira.live
pivlero.digital
plonyl.live
plotrex.digital
plotyn.digital
plovyx.digital
plozern.digital
polototupo.shop
ponviro.digital
pryllyx.digital
pryltyn.digital
prylvara.digital
prylzern.digital
pulsebreaking.digital
pulsefirelive.digital
qamxilo.live
qelmexo.live
qelmira.digital
qenzaro.live
qezvora.live
qonwilo.digital
qopxino.digital
quickstreamer.digital
qumparo.digital
quortyn.digital
qurnavo.live
qymzilo.live
ralnira.shop
realbuzzfeed.digital
realtimeflow.digital
realtimequiver.digital
realtimezap.digital
relporo.live
rezina.shop
ropartpikotos.live
rufveto.live
ryntavo.live
sabnero.live
salvira.digital
sevwion.sbs
shiteafirs.live
shockstreamer.digital
shockwaveupdate.digital
sivquaro.live
slylyx.live
slyvyx.live
slyzoxa.digital
smartlinkcompany.live
solviro.digital
soneadme.sbs
sparkstreamer.digital
ssixshw.sbs
stormfurynews.digital
strberq.live
streamflareup.digital
streamflicker.digital
streamfury.digital
streamshock.digital
strkryl.live
strmexa.live
strtyn.live
strvyx.digital
strxta.live
strzern.live
strzoxa.digital
sulvero.digital
sulvero.shop
sumplys.sbs
talnira.digital
tarnexo.digital
taxlira.live
taxviro.digital
tezvero.digital
thetrendsetters.sbs
tolxino.digital
tomxilo.live
torquno.live
torvema.live
torvixo.digital
tospira.live
tovnira.digital
tumxaro.digital
tuvxira.digital
twotopokir.shop
vakvero.digital
valryno.live
valxira.digital
verpilo.live
vexlino.digital
vivasorteaficial.live
voklero.live
voknira.digital
vorprefa.live
vorquino.live
vortyn.live
vorxilo.digital
vylrona.live
vynqulo.digital
warkilo.live
warquno.digital
waznilo.digital
werxilo.digital
wevlira.live
wimtero.digital
wolxira.live
wolzaro.live
wolzino.digital
worfino.live
wornexo.digital
wurnexa.live
xernilo.live
xylnero.digital
yuvxira.live
zaknero.digital
zarnaxa.live
zelpiro.live
zelzern.live
zenparo.digital
zewlira.live
zexparo.digital
zilviro.shop
zimxino.digital
zivmorta.live
zolpira.digital
zulnero.digital
zunpiro.digital
zunviro.digital
zurnavo.digital
zurparo.live
zylberq.live
zylrvo.live
zylvoxa.live
zylvyx.digital
zynparo.digital
zynvero.digital
zyrnexa.digital

# Reference: https://www.virustotal.com/gui/file/17f1708d36917a3095a76e3c6dc49d345fb0d95309894ca3ac54097f2e22d104/detection

45.153.34.36:443
52zlot.com
/gateway/ftxxtimq.o6l5l
/ftxxtimq.o6l5l


# Reference: https://www.virustotal.com/gui/file/cf7fbf3d1d77755e4f93437db9a125650a1d8dbe36e9e9ada012f6de1b175be1/detection

addfivestars.com
/gateway/qsgqd524.huq53
/qsgqd524.huq53

# Reference: https://www.virustotal.com/gui/file/2cedf1fe94351b22132bbbc10a9c5477dbae8c528a8b6c4b1a35e01717a85a33/detection
# Reference: https://www.virustotal.com/gui/file/92e64686ae9f2a5566cafeb66a033592ce57bf5c904d05f5e91dd354577c93a6/detection

193.5.65.150:443
/gateway/34uqsxcj.8tl4e
/gateway/3pavwibh.8vh2x
/34uqsxcj.8tl4e
/3pavwibh.8vh2x

# Reference: https://www.virustotal.com/gui/ip-address/103.30.211.4/relations
# BANNER_0_HASH-IP=1df1cd4c2c4abb0260648b15205b84fb

103.30.211.4:443

# Reference: https://www.virustotal.com/gui/ip-address/5.161.115.197/relations
# BANNER_0_HASH-IP=1df1cd4c2c4abb0260648b15205b84fb

5.161.115.197:443
makemeemotional.pro

# Reference: https://www.virustotal.com/gui/file/4cb620428080d0a2d9de18bbd702f1dc66b732946a1bb93f6adbb05940ccaa1d/detection

151.243.113.45:443
/gateway/l1vis5wj.cvlwj
/l1vis5wj.cvlwj

# Reference: https://x.com/smica83/status/1987598276946739680

/gateway/oc2prl8u.pmizq
/oc2prl8u.pmizq

# Reference: https://x.com/abuse_ch/status/1988915294698451052
# Reference: https://threatfox.abuse.ch/browse/tag/OpEndgame/ (# 2025-11-13)

101.99.92.109:1443
103.101.85.15:19123
103.179.44.44:19212
103.20.102.9:3443
103.231.75.211:443
103.245.231.136:19333
103.245.231.156:49034
103.245.231.206:2749
103.245.231.98:1890
103.246.146.91:19000
103.249.135.85:15000
104.161.39.245:8335
104.161.39.254:4433
104.164.55.149:55000
104.164.55.245:19000
104.164.55.30:9184
104.218.50.177:54432
104.245.240.10:34000
104.245.240.4:1806
104.245.241.177:19000
104.245.241.207:9168
104.245.241.221:6107
104.37.172.154:19000
104.37.172.158:41313
104.37.172.175:1075
104.37.172.245:443
104.37.175.226:4143
104.37.175.232:443
107.150.0.131:6443
107.150.0.51:1806
107.172.225.83:443
107.178.115.242:4432
108.61.117.233:443
109.107.168.112:44333
109.107.168.124:19231
109.107.168.68:54435
109.107.168.83:14333
109.120.152.100:19000
109.120.152.103:19000
109.120.152.66:7230
109.120.187.53:19666
116.202.116.210:2861
116.202.156.120:6259
116.202.216.170:19000
135.181.10.139:1914
135.181.133.118:4423
135.181.133.178:11230
135.181.180.204:1066
135.181.242.30:3930
135.181.49.172:19000
135.181.66.235:19000
136.0.141.235:1555
136.0.141.60:45000
136.0.141.64:43434
136.0.42.116:8356
136.0.8.190:14412
136.0.9.16:19555
136.243.242.29:4432
137.74.224.95:44625
138.124.108.229:19000
138.124.35.170:19000
138.201.8.234:7483
139.177.205.200:55000
139.59.4.189:5321
141.11.247.15:15905
141.11.247.7:6463
141.98.6.208:7865
141.98.6.47:443
141.98.6.58:19000
144.124.230.99:59606
144.124.243.106:6960
144.172.102.238:19000
144.172.104.126:443
144.172.106.201:1908
144.172.106.246:443
144.172.110.75:44535
144.172.97.206:41313
144.31.1.159:59000
144.31.191.189:19555
144.31.191.215:19888
144.31.2.164:54543
144.31.3.100:1555
144.31.3.108:54333
144.31.3.9:18908
144.76.108.22:9947
144.76.17.58:1144
144.76.33.247:34432
144.76.35.24:7843
146.103.110.138:5000
146.103.111.242:443
146.103.99.179:12200
146.59.148.84:1958
147.124.216.164:7140
147.124.217.206:443
147.124.222.174:4343
147.45.198.29:34433
147.45.217.245:1923
147.45.44.173:8454
147.45.44.66:3897
147.45.50.33:44355
147.45.50.34:443
147.45.69.15:3519
147.45.71.158:5142
148.251.11.221:19000
148.251.215.146:6443
148.251.3.177:44264
148.251.4.73:443
150.241.105.246:8203
150.40.118.107:443
150.40.119.195:19033
150.40.119.224:44364
151.242.2.20:443
151.242.2.21:443
151.242.2.28:5746
151.242.2.92:5933
151.242.43.137:4813
154.201.66.160:39030
154.81.179.125:9641
154.81.179.127:7527
154.81.179.128:7899
154.81.179.129:8290
154.81.179.130:8075
154.81.179.131:7379
154.81.179.132:9070
154.81.179.133:8588
154.81.179.134:9539
154.81.179.135:9886
154.81.179.136:9640
154.81.179.137:8308
154.81.179.199:8153
154.81.179.205:7931
154.81.179.211:9643
154.81.179.235:7991
154.81.179.28:8850
155.94.155.141:1921
156.225.64.164:19505
156.235.89.21:443
156.236.76.30:1932
157.180.106.112:41333
157.180.4.106:5868
157.180.49.216:54543
157.180.5.89:7272
157.180.52.113:44633
157.180.57.233:8561
157.180.6.86:9992
158.94.208.8:34643
158.94.209.38:44333
159.100.14.131:34423
159.100.17.93:4443
159.100.9.231:1231
159.223.77.51:19000
162.120.17.30:443
162.19.211.132:443
162.250.124.18:34389
162.252.199.72:19000
162.55.232.21:9443
162.55.246.248:4432
163.5.221.37:6966
165.99.9.121:44111
166.88.96.239:19500
167.148.195.35:54435
167.148.195.36:59843
167.86.126.126:443
168.119.77.253:443
172.233.52.102:1823
172.86.88.7:443
172.94.95.195:4432
172.94.95.224:44364
173.214.162.172:59500
173.214.173.120:5556
173.249.63.56:19000
175.110.65.11:34000
176.100.37.77:1321
176.46.141.11:19250
176.46.157.23:3010
176.46.157.38:1324
176.46.158.19:1902
176.46.158.53:2079
176.65.132.125:45353
176.65.132.135:19555
176.65.132.146:44333
176.65.132.151:44338
176.65.132.221:443
176.65.132.23:54543
176.65.132.24:19666
176.65.132.27:19500
176.65.132.37:45453
176.65.132.55:12000
176.65.132.66:41313
176.65.132.88:59055
176.65.132.89:5443
176.65.134.141:5115
176.65.134.244:8917
176.65.138.186:1562
176.65.139.28:1923
176.65.140.144:19000
176.65.140.197:19093
176.65.141.165:19765
176.65.141.248:3846
176.65.141.47:5905
176.65.141.62:9079
176.65.142.11:5935
176.65.142.201:9338
176.65.142.20:7174
176.65.143.157:9746
176.65.143.176:44364
176.65.144.105:7331
176.65.144.168:5670
176.9.1.139:24433
176.98.185.125:8308
176.98.185.77:59000
176.98.185.9:443
176.98.186.46:4431
178.16.52.22:44733
178.16.54.246:19200
178.16.55.58:44333
178.17.57.65:54543
178.17.59.57:43333
178.17.62.135:443
178.22.24.253:48322
178.22.24.47:4343
178.236.252.109:41333
178.255.126.223:19000
179.43.172.2:44332
179.43.176.16:8690
179.43.176.5:4433
179.43.176.8:1600
179.43.182.183:1942
179.43.182.234:44312
179.43.182.61:443
179.60.146.251:41313
185.102.115.103:443
185.102.115.121:4432
185.102.115.18:54543
185.102.115.37:19000
185.102.115.72:19000
185.102.115.8:6904
185.106.93.45:15500
185.107.74.102:43438
185.107.74.8:14333
185.117.91.37:18000
185.125.50.186:15400
185.147.124.138:9261
185.147.124.167:9287
185.147.124.194:9261
185.147.124.238:3174
185.147.124.2:5374
185.147.124.58:9663
185.153.197.104:48333
185.156.72.74:443
185.177.127.90:43434
185.177.239.146:34000
185.193.88.54:19231
185.196.10.209:19000
185.196.11.170:3300
185.196.9.183:19000
185.196.9.212:19093
185.196.9.225:443
185.196.9.64:3040
185.208.156.226:80
185.208.158.115:443
185.208.158.121:19000
185.208.158.184:54543
185.208.158.249:443
185.208.159.170:2498
185.209.161.182:19552
185.209.162.23:19000
185.209.30.29:4343
185.21.14.116:4939
185.213.25.60:19231
185.221.196.185:54527
185.23.238.171:19000
185.233.45.37:291
185.235.137.178:3526
185.235.137.189:29832
185.243.98.9:2079
185.245.105.118:3250
185.25.118.209:443
185.39.17.101:9399
185.39.17.169:19000
185.39.17.188:19000
185.39.17.219:8515
185.39.19.139:45453
185.39.206.250:19000
185.40.86.36:33303
185.40.86.42:30777
185.40.86.64:17077
185.42.12.37:8296
185.65.202.76:55000
185.7.214.61:6386
185.93.89.59:19000
185.98.169.64:6443
188.166.218.69:19000
191.96.207.42:33300
192.109.138.65:54543
192.142.0.64:8847
192.153.57.185:443
192.154.253.194:443
192.159.99.159:5000
192.30.242.145:46443
192.30.242.15:443
192.30.242.203:4432
192.30.242.205:43636
192.30.242.206:6423
192.30.242.216:6463
192.30.242.248:443
192.30.242.44:40435
192.30.243.24:56463
192.30.243.7:443
192.52.242.22:45543
192.52.242.57:19555
192.52.242.79:1955
193.111.117.35:43645
193.124.205.11:7095
193.124.205.45:45453
193.124.205.74:45453
193.143.1.168:19000
193.143.1.17:716
193.143.1.205:5905
193.143.1.87:19000
193.149.180.44:1213
193.149.190.132:19220
193.151.108.14:443
193.178.169.10:19000
193.23.55.230:4423
193.233.112.30:443
193.24.123.98:443
193.47.60.54:45453
193.5.65.181:34333
193.68.89.44:443
193.68.89.45:1921
193.8.184.120:59000
193.84.71.81:13903
194.0.234.25:44321
194.102.104.153:59500
194.113.37.139:59500
194.116.217.199:18088
194.164.245.8:44333
194.165.16.30:19000
194.26.192.10:38443
194.5.62.209:1438
194.55.137.16:1921
194.55.137.30:662
194.58.34.155:19555
194.58.47.163:5000
194.58.47.69:19555
194.87.10.203:19032
194.87.196.25:443
195.10.205.209:1934
195.10.205.70:443
195.10.205.75:41313
195.10.205.86:4143
195.2.93.221:29021
195.24.237.171:1986
195.62.49.230:5205
195.82.146.172:19135
195.82.146.180:29000
195.82.146.43:1231
195.82.146.47:9070
195.82.146.70:8872
195.82.147.12:19000
195.82.147.133:4143
195.82.147.42:19000
195.82.147.71:8922
195.82.147.72:19000
196.251.114.65:8281
196.251.115.162:7681
196.251.69.173:443
196.251.69.183:1966
196.251.69.70:45355
196.251.70.217:19345
196.251.72.196:7681
196.251.72.207:1854
196.251.80.109:9443
196.251.80.121:1314
196.251.80.222:1213
196.251.81.121:45333
196.251.81.93:19019
196.251.84.117:19000
196.251.87.150:19000
198.135.48.190:9597
198.135.48.201:443
198.135.48.43:48843
198.135.48.98:443
198.135.52.12:4143
198.135.52.190:4239
198.135.52.64:54543
198.135.53.69:54332
198.251.88.63:34343
198.251.89.75:442
198.96.94.94:6333
2.56.177.203:0
202.71.14.169:1955
202.71.14.196:19000
202.71.14.226:18080
205.209.110.46:4543
206.123.145.144:19093
206.123.145.22:19000
206.206.123.13:19045
206.245.132.105:19300
206.71.149.45:19421
207.180.201.76:52443
209.159.157.164:41313
212.11.64.49:19093
212.34.148.184:34333
213.145.86.149:4343
213.165.55.209:19000
213.176.64.248:5032
213.176.79.44:4633
213.176.79.90:11011
213.209.150.143:19130
213.209.150.44:6107
213.21.237.206:4452
213.21.245.151:443
213.21.245.68:443
213.226.113.43:7369
213.252.238.44:34333
213.252.238.7:46363
216.126.227.149:44333
216.173.113.134:44433
216.224.116.15:41113
216.250.254.116:443
216.250.254.188:3443
216.250.254.194:41413
216.250.254.49:443
216.250.254.63:54543
216.250.255.15:443
216.250.255.2:44333
217.119.129.10:19000
217.12.220.15:4143
217.138.215.111:15000
217.156.122.219:1943
217.156.122.93:59035
217.156.66.137:34213
217.156.66.250:9166
23.132.164.245:443
23.137.100.22:7654
23.137.100.24:7501
23.227.203.179:41331
23.26.237.95:15092
23.27.164.2:19555
23.27.176.142:34356
23.27.186.130:55000
23.27.24.235:13412
23.88.5.107:443
23.88.69.148:54435
23.88.73.217:48383
23.94.252.214:1966
23.94.252.45:44331
23.94.252.55:41333
23.95.162.162:4698
3.13.49.148:1214
31.170.22.54:39000
31.56.146.245:19500
31.57.108.244:45353
31.57.166.99:44355
31.57.219.162:17312
31.58.226.103:41333
37.221.66.129:1955
37.27.103.61:54443
37.27.107.50:45434
37.27.195.206:46363
37.27.58.51:443
37.27.62.16:55333
37.49.148.208:19000
38.180.142.54:9987
38.180.152.36:29000
38.54.86.132:19000
38.60.254.209:19000
38.68.33.4:19000
43.255.158.248:443
45.11.57.85:7857
45.12.254.199:19000
45.12.70.187:46353
45.125.66.252:9210
45.125.66.25:443
45.130.145.26:19000
45.131.183.18:49433
45.131.215.5:19000
45.131.64.89:1874
45.134.26.29:41121
45.135.232.209:54453
45.136.68.30:44131
45.137.99.191:6940
45.137.99.58:443
45.137.99.98:7762
45.141.233.163:4142
45.141.233.42:41431
45.142.193.98:14431
45.142.194.48:8226
45.143.167.64:19000
45.144.53.205:18032
45.144.53.235:19000
45.147.196.101:41313
45.147.196.42:8217
45.150.32.106:1912
45.150.34.107:19888
45.153.34.116:51505
45.153.34.119:443
45.153.34.120:19555
45.153.34.122:443
45.153.34.127:443
45.153.34.128:15505
45.153.34.132:7899
45.153.34.133:8290
45.153.34.134:45435
45.153.34.137:45353
45.153.34.140:48366
45.153.34.143:443
45.153.34.148:1901
45.153.34.14:1902
45.153.34.162:443
45.153.34.166:443
45.153.34.170:443
45.153.34.174:53500
45.153.34.176:4431
45.153.34.179:44333
45.153.34.181:53333
45.153.34.191:23400
45.153.34.193:12300
45.153.34.194:443
45.153.34.195:1920
45.153.34.206:12312
45.153.34.225:443
45.153.34.227:443
45.153.34.229:1321
45.153.34.235:443
45.153.34.242:12340
45.153.34.245:12000
45.153.34.25:39230
45.153.34.26:14423
45.153.34.44:50300
45.153.34.68:1923
45.153.34.75:443
45.153.34.83:443
45.153.34.86:443
45.154.98.17:36453
45.155.249.74:59000
45.155.69.195:222
45.156.87.100:443
45.156.87.101:443
45.156.87.102:19123
45.156.87.109:443
45.156.87.116:4243
45.156.87.117:1932
45.156.87.119:39340
45.156.87.126:4143
45.156.87.14:43143
45.156.87.153:54543
45.156.87.169:6443
45.156.87.170:1986
45.156.87.191:443
45.156.87.206:19555
45.156.87.211:34343
45.156.87.219:443
45.156.87.220:443
45.156.87.221:2300
45.156.87.22:6600
45.156.87.230:19888
45.156.87.234:443
45.156.87.238:44113
45.156.87.239:41333
45.156.87.34:1999
45.156.87.35:7443
45.156.87.58:45333
45.156.87.7:443
45.156.87.99:443
45.156.87.9:1955
45.159.230.138:443
45.221.64.153:1923
45.221.64.63:443
45.32.243.28:4433
45.74.10.124:19000
45.74.10.208:7331
45.74.16.210:443
45.80.231.244:19023
45.88.104.148:19000
45.9.149.28:19000
45.9.149.49:19000
45.93.20.15:19000
45.93.20.244:7175
45.93.20.62:19000
45.94.31.140:5443
45.94.31.205:14423
45.94.31.85:5453
45.94.47.127:19000
46.161.0.67:54423
46.4.166.175:1787
47.243.190.10:443
47.76.58.219:8653
47.83.255.26:44333
5.101.81.118:34413
5.101.81.119:29323
5.101.82.20:19023
5.101.84.141:45453
5.101.84.164:45353
5.101.84.98:443
5.101.86.25:19555
5.101.86.79:54313
5.101.86.81:1912
5.135.60.208:44321
5.135.60.209:34000
5.149.248.82:54533
5.149.250.166:8872
5.149.250.167:19008
5.180.46.40:19023
5.180.52.28:39000
5.181.132.135:19093
5.187.2.166:24112
5.230.38.96:9930
5.252.153.121:443
5.252.153.14:443
5.252.153.15:8133
5.252.153.226:4432
5.252.155.133:54453
5.252.155.185:19000
5.252.155.21:4143
5.252.155.81:44234
5.253.59.48:15908
5.9.74.25:7991
5.9.95.140:7072
54.165.120.15:10443
62.113.116.201:19000
62.133.60.102:8901
62.3.15.94:19055
62.60.158.10:53000
62.60.178.210:45453
62.60.179.33:15050
62.60.226.104:1902
62.60.226.146:42333
62.60.226.178:24875
62.60.226.194:1234
62.60.226.37:443
62.60.226.84:7800
62.60.226.86:7792
62.60.226.98:4423
62.60.234.109:1902
62.60.234.58:1902
62.60.239.155:19555
62.60.249.110:1956
62.84.102.127:19000
64.185.236.213:19121
64.188.124.34:443
64.188.91.231:1912
64.188.91.58:38333
64.188.91.83:59000
64.20.58.242:46865
64.227.169.241:43433
64.235.46.56:8265
64.52.80.149:46363
64.7.199.19:4423
64.7.199.200:4143
64.95.12.97:19000
65.108.123.180:443
65.108.126.101:443
65.108.132.151:15000
65.108.140.109:8161
65.108.196.99:45435
65.108.198.231:7547
65.108.20.71:4132
65.108.207.18:4438
65.108.97.235:443
65.109.119.170:44333
65.109.160.160:19000
65.109.69.174:45453
65.109.83.26:443
65.21.118.116:19000
65.21.160.221:6659
65.21.69.85:3185
65.21.91.167:40303
66.63.187.100:19000
66.63.187.22:9168
67.217.228.164:19000
68.235.46.8:6443
69.12.83.190:44333
69.50.94.89:46743
70.36.99.102:45435
70.36.99.148:3165
70.36.99.150:45453
70.36.99.157:45333
70.36.99.250:42333
70.36.99.253:42332
70.36.99.2:54543
72.60.132.168:54535
72.61.22.9:19500
72.61.85.157:4131
74.81.33.8:34543
74.81.33.9:45444
77.105.143.139:59500
77.105.143.45:54543
77.105.161.180:45453
77.105.161.18:29000
77.105.164.251:443
77.110.114.186:1901
77.110.116.74:443
77.110.119.98:45453
77.110.125.28:11433
77.110.99.189:35453
77.238.255.151:19000
77.239.124.170:443
77.239.96.100:12342
77.73.129.21:12131
77.83.207.226:861
77.83.207.252:41313
77.90.15.201:34543
77.90.15.203:15000
77.90.153.141:8203
77.91.75.15:19067
78.46.40.157:15000
78.46.40.246:4431
79.137.248.180:19555
8.212.60.191:3443
80.209.234.117:767
80.240.30.231:1505
80.253.249.169:6463
80.253.249.208:1923
80.253.249.210:5605
80.253.251.160:5955
80.64.18.203:8515
80.64.19.147:4343
80.64.30.236:19000
80.64.30.243:2249
80.64.30.8:4090
80.82.65.99:12030
80.97.160.12:59043
81.19.131.103:4433
81.90.29.156:19555
81.90.31.20:15500
81.90.31.25:54543
81.91.176.90:44324
82.115.223.171:19000
82.117.84.136:1513
82.147.84.147:443
82.153.138.65:2310
82.153.138.70:8979
83.217.208.150:54443
83.217.208.36:3897
83.217.208.50:1734
83.217.208.79:443
83.217.209.45:1052
83.217.215.136:45335
84.200.128.192:12020
84.200.154.49:443
84.200.87.189:13000
84.21.189.163:54543
84.21.189.187:19000
84.21.189.30:45453
84.21.189.35:19541
84.21.189.85:12300
84.32.41.178:9637
84.54.47.90:5443
85.121.148.15:1654
85.158.108.134:30775
85.158.108.139:19000
85.158.108.140:30302
85.158.110.109:2861
85.159.228.186:49300
85.192.37.8:59546
85.192.41.223:43333
85.192.49.9:16700
85.192.60.109:6443
85.192.61.140:53040
85.198.109.94:45453
85.198.110.69:443
85.208.84.43:39020
85.209.129.29:41313
85.239.62.29:616
86.107.101.245:12300
86.54.25.94:41433
86.54.42.144:3080
87.120.107.44:443
87.120.126.122:44321
87.120.126.143:19000
87.120.186.128:19000
87.120.93.182:59000
87.120.93.185:5443
87.120.93.98:35443
87.228.53.147:5343
87.228.53.149:56000
88.119.166.184:48131
88.119.167.169:45678
88.198.15.183:443
88.214.48.9:6386
88.214.50.113:45333
88.214.50.190:49054
89.110.101.59:3443
89.110.92.41:443
89.110.99.116:1990
89.163.155.192:10006
89.23.107.146:19000
89.248.163.94:443
89.34.230.119:3775
89.34.230.252:4343
89.35.131.101:19000
91.142.74.191:41310
91.184.247.172:11111
91.198.166.234:443
91.212.166.49:443
91.214.78.172:1916
91.214.78.19:443
91.215.85.176:44433
91.215.85.4:45453
91.219.238.82:3443
91.220.8.104:4329
91.220.8.105:17045
91.236.230.35:15950
91.244.71.14:54543
91.84.116.215:44333
91.92.240.108:4131
91.92.240.200:44333
91.92.241.189:45353
91.92.241.20:41333
91.92.241.235:19142
91.92.241.250:34002
91.92.242.132:45453
91.92.242.42:42323
91.92.242.89:34443
91.92.46.192:443
91.92.46.210:34312
91.92.46.76:443
91.92.46.96:1923
91.99.133.179:8443
92.242.166.161:19000
92.255.85.7:19000
92.63.197.198:8443
93.113.25.244:443
93.115.25.140:44355
93.152.230.74:59000
93.183.125.3:54535
94.103.169.87:45453
94.130.21.181:457
94.130.222.114:41431
94.130.53.166:13930
94.141.123.65:443
94.156.232.116:55443
94.156.232.150:1443
94.156.232.151:19023
94.156.232.190:4131
94.156.232.232:45434
94.156.232.65:19323
94.156.236.154:19000
94.181.203.33:6570
94.181.203.36:46333
94.181.203.38:19000
94.181.203.77:4432
94.181.203.82:6300
94.26.90.7:44833
94.26.90.85:1874
94.74.164.157:5443
94.74.164.186:5443
94.74.164.252:19000
94.74.164.94:45333
94.74.191.121:55355
94.74.191.23:1923
95.164.123.60:4438
95.164.123.87:39000
95.164.53.170:43666
95.164.53.226:1555
95.164.53.43:9921
95.164.55.22:1923
95.181.173.142:5000
95.211.190.14:46363
95.214.53.17:4233
95.215.207.173:443
95.216.107.51:12300
95.216.115.49:19444
95.216.247.61:59000
95.216.25.188:19324
95.216.37.45:19000
95.216.8.81:1443
95.217.137.229:19000
95.217.204.232:14333
95.217.207.55:4243
95.217.248.41:9621
95.217.249.155:19000
95.217.37.150:443
95.217.43.106:54435
95.217.65.166:19000
95.217.82.119:19000
96.9.124.13:5363
96.9.124.172:7432
96.9.125.78:19000
97.120.228.201:6443
98.159.109.85:1542
98.159.109.98:443

# Reference: https://research.checkpoint.com/2025/gachiloader-node-js-malware-with-api-tracing/

http://178.16.53.193
http://78.16.53.193
176.46.152.18:8181
185.141.216.120:1888
94.154.35.99:1888
cxbnqdytjgrxutmzawczv.cg
jfbcrmphnnikoktsmcpzirlplkwp.zl
/0f4m3h8r.trz19
/8pv47lge.93qfg
/el3tkioe.xcg4w
/gDatFeDway/
/gDatFeDway/mh3af5md.wg4ja
/gDatFeDway/r26ggaap.dssde
/gDatFeDway/ujp8k5q9.kbtsk
/gateway/0f4m3h8r.trz19
/gateway/8pv47lge.93qfg
/gateway/el3tkioe.xcg4w
/gateway/mbw0n34s.gibis
/gateway/st2jdbg8.gsg45
/gateway/wwpac3ey.q23nf
/mbw0n34s.gibis
/mh3af5md.wg4ja
/r26ggaap.dssde
/st2jdbg8.gsg45
/ujp8k5q9.kbtsk
/wwpac3ey.q23nf
