# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/VK_Intel/status/1268610373004845059
# Reference: https://twitter.com/malwrhunterteam/status/1268966003582566401
# Reference: https://www.virustotal.com/gui/file/91e18e5e048b39dfc8d250ae54471249d59c637e7a85981ab0c81cf5a4b8482d/detection
# Reference: https://twitter.com/abuse_ch/status/1269852916074110976
# Reference: https://twitter.com/ScumBots/status/1270904922909872128
# Reference: https://twitter.com/bryceabdo/status/1271498581271330821
# Reference: https://twitter.com/ScumBots/status/1266120897020248065
# Reference: https://twitter.com/VK_Intel/status/1273346999740481536
# Reference: https://twitter.com/cyber__sloth/status/1273990449796198407
# Reference: https://twitter.com/MBThreatIntel/status/1275106542795329536
# Reference: https://twitter.com/bryceabdo/status/1275153235620347904
# Reference: https://twitter.com/cyber__sloth/status/1278997323960352768
# Reference: https://twitter.com/VK_Intel/status/1279856863178379265
# Reference: https://twitter.com/bryceabdo/status/1280941877408215040
# Reference: https://twitter.com/Dan__Mayer/status/1281026825926275072
# Reference: https://twitter.com/bryceabdo/status/1281683188826476544
# Reference: https://twitter.com/sisoma2/status/1282347857752793088
# Reference: https://twitter.com/ScumBots/status/1284620297312899072
# Reference: https://twitter.com/VK_Intel/status/1285251276335394817
# Reference: https://twitter.com/malwrhunterteam/status/1288438777623588866
# Reference: https://twitter.com/bryceabdo/status/1288558940557660162
# Reference: https://twitter.com/VK_Intel/status/1290318472434593792
# Reference: https://twitter.com/abuse_ch/status/1290630827152482307
# Reference: https://twitter.com/bryceabdo/status/1290638836347867136
# Reference: https://twitter.com/d4rksystem/status/1292836072985186305
# Reference: https://twitter.com/d4rksystem/status/1293595428869623809
# Reference: https://twitter.com/d4rksystem/status/1294316886579204096
# Reference: https://twitter.com/d4rksystem/status/1295378909949829122
# Reference: https://twitter.com/bryceabdo/status/1295400365035323392
# Reference: https://twitter.com/bryceabdo/status/1295348221401849859
# Reference: https://twitter.com/malwrhunterteam/status/1296006838341730304
# Reference: https://twitter.com/malwrhunterteam/status/1296385118039408640
# Reference: https://twitter.com/SiberTurkce/status/1297314456779849732
# Reference: https://app.any.run/tasks/a7c92987-a473-4ff1-b372-1a77e9b9decf/
# Reference: https://app.any.run/tasks/27fbdbfb-e057-4a9e-9d4e-693b909aec0f/
# Reference: https://app.any.run/tasks/db7c3b9e-6358-494a-9cb4-245804c70472/
# Reference: https://bazaar.abuse.ch/sample/3e6c11f27c1309c63abe0a1563c6141ce7b8d8110419c572be46dcb3578db443/
# Reference: https://www.virustotal.com/gui/ip-address/47.98.172.161/relations
# Reference: https://www.virustotal.com/gui/ip-address/103.73.67.169/relations
# Reference: https://www.virustotal.com/gui/file/9127040d80ffbebb9955bcc555420a120ecf48414c6844dd4855f7af7cbf24c0/detection
# Reference: https://www.virustotal.com/gui/file/c786e4de11e64be8d4118cf8ba6b210e3396e3bb579f3afd4bf528c35bab4a6b/detection
# Reference: https://www.virustotal.com/gui/file/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada/detection
# Reference: https://www.virustotal.com/gui/file/a0b8c7df99d8c8ee6488f091e3a85adc3cc9e9694600c5b44ff9a77f18440eb1/detection
# Reference: https://www.virustotal.com/gui/file/cfce56dad68d7f1c394ed90701eaf2ac0234eaa58666a95ab69f09b9d68e3166/detection
# Reference: https://www.virustotal.com/gui/file/bc7c981300bcc3e4d2a5bf466f0082abfb1cefea323398f611ca3bd3b2cd8847/detection
# Reference: https://www.virustotal.com/gui/file/201dceb5c7e8e54a72d9eb9247bcc9c6c1ce4bdc3c55409fb9a52d47b01799d2/detection
# Reference: https://www.virustotal.com/gui/file/1d08196ad8f4a2c207c229cb0305a1d1d7cd2e0c62672288e1a0339d50f7a12b/detection
# Reference: https://www.virustotal.com/gui/file/bb9b158dd736f0d79af54347b22d601488ee21fc5c4d1a5e4134ffd37210d9c4/detection
# Reference: https://www.virustotal.com/gui/file/b889c77d3c4d2d6b18e40d8464361aa4e9624fd81d7c7f96058c7a2a892a7f7c/detection
# Reference: https://www.virustotal.com/gui/file/2576b210dedb085df2fa992f7c1b5d4f1dce5dfb6ba0a27142a6d184d02f96c5/detection
# Reference: https://www.virustotal.com/gui/file/a5c6c0b4a5397d0796d79d215ebb3bcbe6421787ee27d088d9afdd2a41f85e28/detection
# Reference: https://www.virustotal.com/gui/file/c6276381af7a009277c8f4e19867fdbe65c7bbe25b5560961c72ece22075de6b/detection
# Reference: https://www.virustotal.com/gui/file/06086f2e9c847e2a677a4e02bfd61ee54bb24a1f6ccf06e70e391dca5cf3347e/detection
# Reference: https://www.virustotal.com/gui/file/b83cada9c2dcf4381ddad40b4e61fdb5b77d7b776712f623cae92a8e5e40dd9c/detection
# Reference: https://www.virustotal.com/gui/file/df8c266e39c85b35d7d7ba3165d9f224b6dce9fb9bb14657ff2872fc4e236efc/detection
# Reference: https://www.virustotal.com/gui/file/79222d38743b7d3e2f208fd3dd01bc8e4c8428a5c5df3608c2db94a2d82a4b74/detection
# Reference: https://www.virustotal.com/gui/file/9b820101221c735fdab1decf617d4a8c6bedba759d0821972f71eb2abd8fe1e7/detection
# Reference: https://www.virustotal.com/gui/file/1fddb3dd1c9691b5790370e92524a456634ea127af40a64e2a2656ed2f238077/detection
# Reference: https://www.virustotal.com/gui/file/de9fb5ae3fafcfdf1c471baae83928ab000801c5b4878717f54dabac35ba7528/detection
# Reference: https://www.virustotal.com/gui/file/75cc406dac68a06b89b86ea746fe0d947544b4e5b5b194f7aa754327a45127b9/detection
# Reference: https://www.virustotal.com/gui/file/2690860626a3b170c1ed972d3d0abb66908caf031d3a52e99334ac1ce559933b/detection
# Reference: https://www.virustotal.com/gui/file/c51c6261ec425453f9b1d2229266b6a6470faee26ba646438c4f2db3a3e40f81/detection
# Reference: https://www.virustotal.com/gui/file/ed19505af22c3c6457c6eaa7797442bfc4b2e7b033a0492ebbd0a31cdf295c6f/detection
# Reference: https://www.virustotal.com/gui/file/63a1a4b5ee7f06eac89b39ff826733d706b97635e45ed5a724f3d1e1857d4153/detection
# Reference: https://www.virustotal.com/gui/file/ba684857aec6b421eb7b5780e5b78df48efadfdbd913f3142bb70825e056ddcd/detection
# Reference: https://www.virustotal.com/gui/file/0aa01cb516c022547ce7034f1ca21e1134a5cf11c85a83c89e411edbf39f7188/detection
# Reference: https://www.virustotal.com/gui/file/217bb3510d12a0893c7d279f7729bed532682da2a6945e0d0531a2f4d296a5a8/detection
# Reference: https://www.virustotal.com/gui/file/b081d2983f3e2b4a12a5bb63c14c868098ac076114b2033ec57f75e61f0cbe0a/detection
# Reference: https://www.virustotal.com/gui/file/b97f7d0972ce0247068b3e26b7d5b72aab4b13515f7cce271b760d8f96c0b837/detection
# Reference: https://www.virustotal.com/gui/file/0790e138f23c1335d30fae4b1cd42937f6c43b1300b40bc02c15f48f48aac6d7/detection
# Reference: https://www.virustotal.com/gui/file/acc0b0822c145305a93e9d3647e689d21901e0e4f00cd1bbba243454f8dc7445/detection
# Reference: https://www.virustotal.com/gui/file/40f192e247c94a1628803d7f97f07be0c5518f377f2e57fb07246dfa2c1bfa8c/detection
# Reference: https://www.virustotal.com/gui/file/8ab748f1371df23572b12d26bf32d88e579be77bb730528396f0a4d53f2ea8db/detection
# Reference: https://www.virustotal.com/gui/file/3c598f856412b72ff1d50d39293b357e422699fe329e03bf3b1859f3e3bee3c8/detection
# Reference: https://www.virustotal.com/gui/file/81a62d5e8827a65466bbbea46d2c3a3597dae8458aa11eba0ca0e7102c06a2d3/detection
# Reference: https://www.virustotal.com/gui/file/70eae6d411554b0587f9bc3e7e7cc753e81b8086310dc5fa8181c44632fe1ada/detection
# Reference: https://www.virustotal.com/gui/file/74ba43e07c57b6aac5581e77f585c10d8707dc16a58a65fe27dc48ddcd05b149/detection
# Reference: https://www.virustotal.com/gui/file/d0e08274a178568977ec783eb99e82d80287e721bb67c9348af592067bb5ca04/detection
# Reference: https://www.virustotal.com/gui/file/7b1144668c6fd523ab7f421eb9f724cb8a1effc85fd2a0ca6386a3de7b8745fd/detection
# Reference: https://www.virustotal.com/gui/file/45b253db751c69bdc1d532167e482ef03f426d4dd06a513d342faf61e976f269/detection
# Reference: https://www.virustotal.com/gui/file/663a1620146702c3210eb0ce4389dc20b1ae1d952c9566b5778e20f360fe090b/detection
# Reference: https://www.virustotal.com/gui/file/a90bee1d485bcbf91f771a1b43f783d56048506c4fb2e93560ad1e84ab0f2a2e/detection
# Reference: https://www.virustotal.com/gui/file/59415cd23bfc12d279394e6b236334c176dc2b83444c7c16a387d40c026c3e58/detection
# Reference: https://www.virustotal.com/gui/file/1293f0c34a1c3c1cc381a748d577d0246a0e5347b4e4a585420702dcec2ea9ff/detection
# Reference: https://www.virustotal.com/gui/file/41128cccd33e0034c4cd7d780da576e8c1037da21348571b17d77aa2f77270f1/detection
# Reference: https://www.virustotal.com/gui/file/883c1f116448550be96f42cb3ff650d02770798ab382a1801e84028d986a41c2/detection
# Reference: https://www.virustotal.com/gui/file/af3c45f941a7c7fe4aa3fa19a0e73ccc021b997d3ec72a72ee30f892fdc28435/detection
# Reference: https://www.virustotal.com/gui/file/65748b58b0580782b6e8aac5ebb2f9842dc8ab1cacf4fb6a7c93e546dc806124/detection
# Reference: https://www.virustotal.com/gui/file/e571cd3a4c0744cb3c5443b868577adced331a7545fcb6e2ed0efbe7506a2f9b/detection
# Reference: https://www.virustotal.com/gui/file/1a9bbebde954b27cbf6006128e1a22bdfa81d4ea853ba99bab4ec3333ea0bb89/detection
# Reference: https://www.virustotal.com/gui/file/df3a63acc7b50b4f76d1c4a1f6b014512d64b9803a1c8c1e047e59142777c5a7/detection
# Reference: https://www.virustotal.com/gui/file/866b0d38c7e14bf17f049fb1543f518c891424c9b5aa6a67dd195230a1d6c063/detection
# Reference: https://www.virustotal.com/gui/file/7cba6b6c6be23da94ded1ce4bf3e4d8b246be0f2b680b7b376dc0c4e2fb1fdbc/detection
# Reference: https://www.virustotal.com/gui/file/241a1134ff620ebe2640a33a8aafd411c000b0a79774312a1697e47cb8d41bc4/detection
# Reference: https://www.virustotal.com/gui/file/ac4264160b365dbf7ae7d8fd794437408f7bee4ab5b43562a1ed4a777c721d60/detection
# Reference: https://www.virustotal.com/gui/file/e4ca37b939f9ca60aab3b68d49169ee93e46548b76dfb31eeb43d4161fd3dc1a/detection
# Reference: https://www.virustotal.com/gui/file/9b27a5018742f9fd6d6c1f94e56215b64eaf0b263e43b82feec02ceeab208398/detection
# Reference: https://www.virustotal.com/gui/file/6b07347f1041d1415d27d2b8e488861738ae492d91b3c20d3c63bf9aac24c618/detection
# Reference: https://www.virustotal.com/gui/file/6a7cc1605bd960679139025251b4d75178fa30caeb1968f744929c27f8030903/detection
# Reference: https://www.virustotal.com/gui/file/aaf496757bc935e63ee7b77a1b99ac62032a30255b38426915371620eb09c494/detection
# Reference: https://www.virustotal.com/gui/file/ec80dafae2b435962d141d4137ba9e9b84d36c5933828c490d113a88b9c4d2a5/detection
# Reference: https://www.virustotal.com/gui/file/3f6a83e5c484e9d495e3f29ffcedc2881690d54a7058e5c677e3feda66ed96fe/detection
# Reference: https://www.virustotal.com/gui/file/eb1d75f02e09b08c65e1541bddcd6888c334977bb1fb603fa45dcd1a836bb406/detection
# Reference: https://www.virustotal.com/gui/file/2610754a99eb906bc26243eff669ca156c0b0cfb56875fc93ec17a607c95cfb4/detection
# Reference: https://www.virustotal.com/gui/file/966c1e28256b05643504b99716bbeb200ec19a577018f81fa87afa25adf91349/detection
# Reference: https://www.virustotal.com/gui/file/8818926ece9a710a855fa177e1b99860da65b93ec9035d99f93a794885bbd569/detection
# Reference: https://www.virustotal.com/gui/file/ec06102bf93522b24afce8e7641a0182b4bf0c53861599f22b5ee257ad1ee2d8/detection
# Reference: https://www.virustotal.com/gui/file/06f5157afd7a7595fbe784a6e098a8286bf5f3cded51f4969b431066baa5c386/detection
# Reference: https://www.virustotal.com/gui/file/fa1621a1171424dfc1671013d1027817d6d8792c1709416754a37abc5ab057fc/detection
# Reference: https://www.virustotal.com/gui/file/5e627b14e776856c2904f622b43da929fbc41c1d0b753cd0f98913d8eeaf3544/detection
# Reference: https://www.virustotal.com/gui/file/b8c45daf9ab25efa15938474bfea3dc7265d6183a12c7dc15e0c4ba4c8fb5d32/detection
# Reference: https://www.virustotal.com/gui/file/8f881c41b67a4170458e00fb809aa70b654c2fa56492c0b307ae8f0f0e19c119/detection
# Reference: https://www.virustotal.com/gui/file/c626145b58a19a639b3250472fe72d8efdb6117b43618591292eb6a8216c2fea/detection
# Reference: https://www.virustotal.com/gui/file/037b31af7dd458885e26a667a51305ef1d927ee2f4edc30b88e40df07d688a35/detection
# Reference: https://www.virustotal.com/gui/file/ac01f66470b49d74801c7954fcef0f644e9560295c66f0ae10106d6b874e7344/detection
# Reference: https://www.virustotal.com/gui/file/32b8ffac3250444904e6af3fca1f6408e684f11ad59e6c46887cf44f5de19e6b/detection
# Reference: https://www.virustotal.com/gui/file/bd50fceeb89d220f6710030d3aacbc2427c5796d9b7f3dee8a362f4e7d4113ef/detection
# Reference: https://www.virustotal.com/gui/file/8c195ec63793d4d4927cb5e06cd2c5771cedab32baecd2097454e3709e2748cc/detection
# Reference: https://www.virustotal.com/gui/file/203f753b4e81e49247f62c3f59e6744e6b7b3b0a399ebe7118b0fcc23c6ebf22/detection
# Reference: https://www.virustotal.com/gui/file/af2bc53c341eaa7f66aeb3e4ebf060b686ea155c53dabde46b5be66cbd43d803/detection
# Reference: https://www.virustotal.com/gui/file/888750cee6858ec2c6131628caa562be26b1c65ecaeff4addcbf73a456c99517/detection
# Reference: https://www.virustotal.com/gui/file/46b3109edcdd1cde67200eb9e4ae5c2120837a07e891266a04dd033d49bea774/detection
# Reference: https://www.virustotal.com/gui/file/5cf1056b581d44583325bc9e76291201b265f8b9b4f429e75948e72fd3678e4f/detection
# Reference: https://www.virustotal.com/gui/file/a95bc01a29ac616addd8de1175cc7d9829d0df06057b88964be2962f5c93d887/detection
# Reference: https://www.virustotal.com/gui/file/b96adf2b963739440e30c50e52a07b37711356238a586f6f0267db7d722b44cf/detection
# Reference: https://www.virustotal.com/gui/file/d7ccd0d5372559401b658a95bff01ee87c971dd156ef214c69f664304228fae2/detection
# Reference: https://www.virustotal.com/gui/file/fd3131ed00a549e74a748e85b586ef78d07330fd4e1d365aacdc0b4b5f6f67cc/detection
# Reference: https://www.virustotal.com/gui/file/2f408250c933dcb7eda32d753f17dc431b46b449d6c7d7ca3025fbe380cfc2d1/detection
# Reference: https://www.virustotal.com/gui/file/a4d2e612e77dcc342b1f5d82d46171e2fcd30f4e4cc4d14c1333930fce062de5/detection
# Reference: https://www.virustotal.com/gui/file/17b47507c571fd0991f2470a90c89c381a40a13e6fcdb7fee9171ac854a60efc/detection
# Reference: https://www.virustotal.com/gui/file/342d1aa4c4802c86a8abd3e01954e08b07253b374bd63206ac0783fd3ac9d8e6/detection
# Reference: https://www.virustotal.com/gui/file/e0ee55e0cb93b6ee7c05d621203b02d80efa20b9f6e81f358b60fe46f3025814/detection
# Reference: https://www.virustotal.com/gui/file/25252261401920a07bf257a208446c78875bfffe2bd2f753235b11332f429e80/detection
# Reference: https://www.virustotal.com/gui/file/b2fed38cf0b3cc2b92b2b1dc193ea309c7ef9c90f0941171cdb61cbb7c4bd124/detection
# Reference: https://www.virustotal.com/gui/file/14e0f1b88468c759b17a973728c8c8da394d2624b4f9aa1e4ecbf80366a7a487/detection
# Reference: https://www.virustotal.com/gui/file/dba7ce026c226da8b54c9edf36d34fdf630e13c0319cca0f43661a686e702f07/detection
# Reference: https://www.virustotal.com/gui/file/cc8f59afac88e3d8b8805d3cccdf93711b371518cb20889b2f5d412845089030/detection
# Reference: https://www.virustotal.com/gui/file/b7ab50cc2d5573a205666be0b8a83523d614347673e58daf00ac9072beb9dca4/detection
# Reference: https://www.virustotal.com/gui/file/6d2af4341f956c200257535080a37b252dc910e0d52bc295e1a4803ee80c34af/detection
# Reference: https://www.virustotal.com/gui/file/6d2af4341f956c200257535080a37b252dc910e0d52bc295e1a4803ee80c34af/detection
# Reference: https://www.virustotal.com/gui/file/0562e5a3adee03b840bf767c48603aa807536181d8db2ec7681155038013d4bd/detection
# Reference: https://www.virustotal.com/gui/file/e99509ba8514cdbca496011cda5d7f32c9ec3452a4778ff0ec85ed11ebd73b1d/detection
# Reference: https://www.virustotal.com/gui/file/4d8232c8973ec2c528be5f380b9f027a7221023e2b2e774403a8839385b2e197/detection
# Reference: https://www.virustotal.com/gui/file/5130e07eda1bde32fcf52cbeeccfdfb376a452be17540ec66f05da7d9b808fcf/detection
# Reference: https://www.virustotal.com/gui/file/9485ba313d5141997bd094d278139303e1d59392a7c0b611efc5947eedb4abc6/detection
# Reference: https://www.virustotal.com/gui/file/0ceaf7d3a3b4e5d449ab2f60503b3ad2033ed7c136fa8f860548167abe8c9879/detection
# Reference: https://www.virustotal.com/gui/file/19f9ce568f425779bded9b58d132c8e2dac84f1337e278fc73aaed837fcf3be0/detection
# Reference: https://www.virustotal.com/gui/file/86ecb5b31182eb2fd094398cbc5a7f3d20aa6a661a733294009d14cd7ba19224/detection
# Reference: https://www.virustotal.com/gui/file/18e1faee8a479ff511cfe0ce6a49a1863f9123828aafc7a8f9bcc2b818f0c606/detection
# Reference: https://www.virustotal.com/gui/file/ae3ebebf3ff7d84f1371c5b3a81911c7e50acb4700ae41ab42b63a2de18f08b4/detection
# Reference: https://www.virustotal.com/gui/file/8f08b27ce2952751b62c818323535ed72fc2a0a5706ecccc1afc6e0024d5d59c/detection
# Reference: https://www.virustotal.com/gui/file/12278a4c7c9600fbe9e527388a4d96b5d29e110cf630d20ddc1efdb8f069b3c9/detection
# Reference: https://www.virustotal.com/gui/file/65b353273d5aa143b6ad5fc5ee4af51930ccef9ea96d07345a619f8950d1132d/detection
# Reference: https://www.virustotal.com/gui/file/178bba892544670c9b347112461fc5443e02bd5a7685c9c29a4218dcf64eb25c/detection
# Reference: https://www.virustotal.com/gui/file/723a84df66c3ee2f788acd1426e1a14176f1f27dba10cc842ba05acfb659615e/detection
# Reference: https://www.virustotal.com/gui/file/e05f6dab54210a041235191663afd7f296c4733e42d9f09b971a9861bf317df8/detection
# Reference: https://www.virustotal.com/gui/file/8f7b9a377a14260d8bdcc6e18e749013a0c2c09a60d46fa026d77f6d92b7b801/detection
# Reference: https://www.virustotal.com/gui/file/23b970bbb13046fc091e0f97417fbf6047279e05935ab29b2e0d6eaa16c4fbd3/detection
# Reference: https://www.virustotal.com/gui/file/e99cc027c77bed5c1414225e39093bde66c654a9adfcca9cb3ddafa266410aea/detection
# Reference: https://www.virustotal.com/gui/file/ce83f302a60301e222c23e67a7525106d610c6231c23d747ad4263669c1c88c7/detection
# Reference: https://www.virustotal.com/gui/file/925f678c8adafa7aeae7d0894ea871001ffabe237d6e6b5764eabb0c59c6f8d1/detection
# Reference: https://www.virustotal.com/gui/file/8255cac50835b7957f99c316b18db603429583e2c9f2fe605e5a4a9f19c6e9cb/detection
# Reference: https://www.virustotal.com/gui/file/e6454c8bb951808c4a233ab5f3d3e2967a5090f64b1797b6514f22dc4abf283a/detection
# Reference: https://www.virustotal.com/gui/file/e4f8ba6b534fe074a465bed485952ad9077ae9ec2559aa704da65a6848b926ef/detection
# Reference: https://www.virustotal.com/gui/file/26760ca79ec85b46777cda948a746134b8513692075fbc17db7a553b24fd3482/detection
# Reference: https://www.virustotal.com/gui/file/2c75fcb1983a87e786ec745a20df2f2e508c294da40e956e0c46786005120a6c/detection
# Reference: https://www.virustotal.com/gui/file/59aca50cb75bc0a04800fdaa9e55c259f08b07f5705783def02789c1cfe439d1/detection
# Reference: https://www.virustotal.com/gui/file/0bcb3e0d5496e7211313a35799aa38d4b571d316014ebd2242ca8d556f9d32a3/detection
# Reference: https://www.virustotal.com/gui/file/4c830a4247fc3203fbc7fde4ec81d002fd4899cac3e364a7cb30d15bf09c147e/detection
# Reference: https://www.virustotal.com/gui/file/0e7ca7211cdac296ed0b50ca565b91b320db3152d32e23f88c6c46e2ea003e48/detection
# Reference: https://www.virustotal.com/gui/file/a0bf02f7dd4044543ecaf4df5b150e945ac719f0a9899ffafd11f641de1acf2b/detection
# Reference: https://www.virustotal.com/gui/file/b97b606aef81420a441aba88b42c44aa8e102390434be5714d33bb07645912d2/detection
# Reference: https://www.virustotal.com/gui/file/8d1baf0c8b986b24d03c608c4edaa1053d3dc90065bfcd2a827651a6effb0bdb/detection
# Reference: https://www.virustotal.com/gui/file/4e002bce081442b7bc369d0a52eca3dba64d38649da8416863bd40b8bc3a49c7/detection
# Reference: https://www.virustotal.com/gui/file/14c63d1c8979ac3e55720fbfedd7f1f7fb68bbf16a2ca2882284817cf01ccd8f/detection
# Reference: https://www.virustotal.com/gui/file/32142bfd3bdea4149b55c42462a82bcf349cadb64d08c6a86d4aaf2b76697ba6/detection
# Reference: https://www.virustotal.com/gui/file/041e2abbe05bf376269b41e88f3eac89ae1cb5ac6f0455bd5bd70cd4fd47ac10/detection
# Reference: https://www.virustotal.com/gui/file/89817e1b41550510423b0228002a17b9920432d0d20f42d700aa3ba64f559fc3/detection
# Reference: https://www.virustotal.com/gui/file/5c263861953572824bdecc358c48a73d1c29f3351ed494fd1074230e9e7f2b32/detection
# Reference: https://www.virustotal.com/gui/file/adae349f4b35b704d8b07ef08021f7c01943ff5b4e77dd775551978c68f80b54/detection
# Reference: https://www.virustotal.com/gui/file/dc5c65a9d3dd46e29143c7fea02a070ae6b29395687462e21c7830c12510f05c/detection
# Reference: https://www.virustotal.com/gui/file/d587d29bd55768099f37c62c2fb94cae86c741aea8598ba81c78b9dc9d326719/detection
# Reference: https://www.virustotal.com/gui/file/0a0b584f7f6b0ebb48a9b77bf4aff49d87fe6415ddd61a658334d759269e4e92/detection
# Reference: https://www.virustotal.com/gui/file/7fbb2b279ca7e0c3805a516e66ad495f3525c99140459bde810dab0f370c656e/detection
# Reference: https://www.virustotal.com/gui/file/a0822940a97be891b6d669ab1501fe9fd20e544aedc0514b34057f6c41b4c4f7/detection
# Reference: https://www.virustotal.com/gui/file/c893ea2cde94539b29ea04f5ae4f6a078f22bf8512612127c6ae5aab11e83be4/detection
# Reference: https://www.virustotal.com/gui/file/0321ab9427231744eac118feca875d2e4cdefab7fd4b2438fdd6bc148a29f894/detection
# Reference: https://www.virustotal.com/gui/file/0701bbc25b7ebefd61eaeec13bf1f8502b80a266cd4ce6ddfb650832b4d18b86/detection
# Reference: https://www.virustotal.com/gui/file/421c81b27bf6f7932b5ee00d1898195ffb516cbe84fe410c4eba5f3c17c4e9c5/detection
# Reference: https://twitter.com/malwrhunterteam/status/1299375482643927045
# Reference: https://twitter.com/bryceabdo/status/1299369692709236738
# Reference: https://twitter.com/bryceabdo/status/1294044087121858560
# Reference: https://twitter.com/bryceabdo/status/1293198360615231488
# Reference: https://twitter.com/bryceabdo/status/1290330524834201604
# Reference: https://twitter.com/bryceabdo/status/1303324710688628738
# Reference: https://twitter.com/bryceabdo/status/1306226330166464512
# Reference: https://app.any.run/tasks/e2d1a0d7-875b-4ea0-bb60-fc05bb9ea742/
# Reference: https://app.any.run/tasks/7c554c3b-4bb8-47e4-9eb8-9a6827998ebf/
# Reference: https://app.any.run/tasks/ffc1ecff-e461-4474-8352-551db7e7b06f/
# Reference: https://app.any.run/tasks/31076788-db3b-4caa-89de-105c3e389aef/
# Reference: https://app.any.run/tasks/b21034a4-e7b5-4b7b-b914-0f3cbe8296a0/
# Reference: https://app.any.run/tasks/886477ef-ef81-4661-8bc9-43dbe7af8d7c/
# Reference: https://app.any.run/tasks/bb4550be-e808-42ee-b774-6a70b6d20b60/
# Reference: https://app.any.run/tasks/3095963a-5c11-4fe5-ad78-8722bda375e8/
# Reference: https://app.any.run/tasks/ffd4ef2f-756b-41d6-913a-9bf0314d0041/
# Reference: https://app.any.run/tasks/c034a9dc-85e2-40ce-b7bf-ea37f35c0c56/
# Reference: https://app.any.run/tasks/cd200345-e7e3-4efe-b72e-84535c477b66/
# Reference: https://app.any.run/tasks/0d8bd7ea-5b29-4772-be98-01727944dd8e/
# Reference: https://app.any.run/tasks/2b091597-7999-4927-a0d5-8f2fefb2f828/
# Reference: https://app.any.run/tasks/5059012f-55e1-4407-9ef7-ccc962d1fc5e/
# Reference: https://app.any.run/tasks/73532d2a-c4c9-415a-8f2c-6f1bed1c5821/
# Reference: https://app.any.run/tasks/aa5d7890-1ab8-4fea-ac36-49f1a8e1611f/

# Note: CobaltStrike, CrowdStrike

http://101.132.33.79
http://103.140.228.201
http://104.243.34.50
http://106.13.84.99
http://112.74.33.227
http://114.67.98.102
http://116.85.25.159
http://120.79.218.54
http://120.79.51.94
http://121.43.238.160
http://129.204.227.27
http://142.93.5.32
http://149.129.72.37
http://154.92.16.126
http://155.94.133.110
http://172.245.153.150
http://18.195.207.204
http://218.253.251.90
http://218.253.251.100
http://31.14.40.55
http://45.66.250.14
http://45.78.67.211
http://45.80.191.125
http://45.119.117.102
http://45.145.185.188
http://46.166.128.234
http://47.105.143.181
http://51.77.103.125
http://62.60.135.22
http://78.142.18.157
101.132.33.79:443
101.132.33.79:4527
103.117.137.34:3322
103.214.168.176:443
104.233.224.237:4389
104.27.158.158:8080
104.27.158.158:8443
104.27.159.158:8443
106.13.84.99:23333
106.13.84.99:8989
106.14.82.209:8443
106.15.106.246:8888
106.52.228.232:8888
106.75.8.237:8899
107.174.144.153:9002
109.235.70.99:443
114.67.98.102:30900
114.67.98.102:7799
116.85.25.159:12358
116.85.25.159:39999
117.50.63.248:40080
118.24.108.239:8000
118.89.59.179:8123
120.79.218.54:9999
120.79.51.94:8080
120.79.51.94:8443
121.199.46.249:3333
121.199.46.249:4444
121.199.46.249:9000
121.199.46.249:9090
121.36.102.227:443
121.36.102.227:7777
121.36.102.227:8888
121.36.149.225:4444
121.36.149.225:6677
121.36.149.225:6699
121.36.149.225:7788
121.36.149.225:7799
121.36.149.225:84
121.36.149.225:85
121.36.149.225:88
122.114.162.219:4568
122.51.34.238:4445
123.206.41.254:8888
129.204.227.27:44521
124.70.151.66:8888
135.181.49.38:443
139.196.171.222:12080
139.196.171.222:9999
139.196.86.63:11111
139.196.86.63:11112
139.196.86.63:12331
139.196.86.63:12345
139.199.158.84:14333
139.199.158.84:14433
139.199.158.84:2333
139.199.158.84:55533
139.199.158.84:8091
139.224.239.145:2333
139.224.239.145:6666
139.224.31.47:6578
149.129.54.16:8082
152.136.147.116:8848
154.206.40.42:5555
154.92.16.126:7779
155.94.133.110:4000
155.94.133.110:443
162.244.80.177:443
167.114.205.47:443
172.245.153.150:443
172.245.153.150:81
172.67.186.150:8080
193.112.99.77:8888
194.135.81.96:443
194.156.133.23:8008
218.253.251.90:8001
3.6.98.232:443
39.101.207.158:12358
39.101.207.158:39999
39.101.174.221:12358
39.101.174.221:39999
39.97.243.151:8080
39.98.140.30:443
42.159.7.101:7255
42.159.7.101:8633
45.76.158.91:443
45.76.158.91:6666
45.76.209.19:80
45.78.67.211:777
45.80.191.125:888
47.104.129.249:14444
47.104.84.3:8000
47.105.143.181:8885
47.115.37.55:8111
47.93.16.255:12344
47.93.231.121:11111
47.93.231.121:18080
47.93.231.121:50443
47.93.231.121:55555
47.93.231.121:8080
47.93.254.49:666
47.95.32.44:5566
47.97.160.248:4443
47.97.160.248:44444
47.97.160.248:44445
47.97.160.248:8000
47.98.172.161:8081
49.233.73.185:1234
49.233.78.35:8888
49.235.199.136:20480
49.235.166.224:12406
59.110.213.182:12345
59.110.213.182:443
59.110.213.182:8888
60.205.215.23:8001
66.42.39.79:443
78.142.18.157:443
8.210.181.149:16678
8.211.19.217:443
81.68.136.238:8891
91.241.19.10:443
97.64.22.226:1080
97.64.22.226:443
116.85.25.159:39999
116.85.25.159:12358
202.182.110.58:443
8.210.181.149:16678
130.204.52.112/en_US/
130.204.52.112/submit.php
121.36.149.225:82
211.159.158.117:1233
173.82.26.59:9090
198.13.51.69:88
206.189.42.30:9002
101.201.65.35:8080
49.233.13.210:8443
49.12.104.241/fwlink
69.64.49.110/g.pixel
46.8.198.25/g.pixel
amlakist.com
pwspaic.com
paic.website
haha.autohome.com.cn
androidtopapp.com
bankshopstars.site
cashihash.com
cashtil.com
cdn-cloudflare.org
checkbacktill.com
cob.wolt.services
cofeedback.com
computerupdate2020.microsoft.com
consultane.com
dr0pbox.myftp.biz
dukeid.com
ec2.amazzed.top
ec4.wddiosp.net
jahjaho.net
microsoftdoc.live
moffice365.live
robotvice.com
websitelistbuilder.com
typiconsult.com
image91.360doc.com
welcome.toutiao.com
payroll.blogtodaynews.com
zalofilescdn.com
mcafee-endpoint.com
microsoft-bj.ml
microsoft-shop.com
microsoft365.ga
microsofts.download
mrnxvdm.tk
nortonupdate.com
office365-update.servehttp.com
omnomnom.group
reportsbank.com
sharepoint-update.com
signup-now.com
hosting-64.xyz
netf30813.monster
pipelevel64.xyz
2-server.xyz
media64.xyz
netw32.xyz
pipe-64.xyz
robertstratton.xyz
rogerwlaker.xyz
onlinestephanie.xyz
jarredlike.xyz
vhvh.pw
xyxyxt.net
unwomen.org/jquery-3.3.1.min.js
prodibi.com/jquery-3.3.1.min.js
oriental-residence.com/jquery-3.3.1.min.js
atakai-technologies.online
amatai-technologies.site
akamai-technologies.website
amamai-tecnologies.digital
amamai-tecnologies.space
amatai-technologies.digital
faisal-cv.com
vzproxy.verizon.com
winsecurityupdate7x32.org
updatesecurity64win.org
winupdate7x32.org
winupdate7x32.net
securityupdatewin32.org
dealeva.com
dombug.com
goodroy.com
keyisa.com
paraget.com
peernew.com
stephq.com
toproy.com
freesectest.ml
winservsec.com
studentedu.hk.appledaily.live

# Reference: https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html
# Reference: https://otx.alienvault.com/pulse/5ef1091a9653016c3a10d2c8

http://134.209.196.51
http://134.209.200.91
http://139.59.1.154
http://139.59.79.105
http://139.59.81.167
http://157.245.78.153
http://165.22.201.190
http://188.166.14.73
http://188.166.25.156
http://202.59.79.131
139.59.1.154:8201
202.59.79.131:8080
tecbeck.com

# Reference: https://app.any.run/tasks/073d7bd4-4118-4a60-b0c6-7fcb99261fe2/
# Reference: https://app.any.run/tasks/0c2a5bd1-3a04-4bf2-90db-370040821288/

193.203.14.162:7898
45.138.72.132:80

# Reference: https://app.any.run/tasks/148aea5f-232c-4696-9c31-e37ddba65513/

192.119.110.130:443

# Reference: https://app.any.run/tasks/6409d356-c7dc-4a74-83cb-14e03436f243/

42.159.86.214:8080

# Reference: https://twitter.com/bryceabdo/status/1250501636201512965

microsoft-ns1.com
office365upgrade.com

# Reference: https://twitter.com/bryceabdo/status/1306593639217283073

msdn64x7.net

# Reference: https://twitter.com/bryceabdo/status/1308743381099646976

conwaytools.me

# Reference: https://twitter.com/bryceabdo/status/1308778721797640195

dockerresearchlabs.com

# Reference: https://www.virustotal.com/gui/file/545274ea63b297206e53adfda656e3df67dcb035a847becfa63f8b0d31ad2974/detection
# Reference: https://www.virustotal.com/gui/file/1e8a375aca4a4e10e6c002eea55737b98651c59a5e075db9cd3fc66b6c826c20/detection

http://116.63.179.203
116.63.179.203:8080

# Reference: https://www.virustotal.com/gui/file/3ea3a1629e806031a53acca9937f0a61f6bc6768a8cd1a22edb4ad0ac4bd158a/detection

118.31.63.29:4444

# Reference: https://www.virustotal.com/gui/file/fae0bb1e37cda8c9d0ebf08512f3fda50fe09a0852e86fed52c741c72e4e2006/detection

microsoftupdates.ml

# Reference: https://twitter.com/malwrhunterteam/status/1307004506090205184
# Reference: https://www.virustotal.com/gui/file/6cd20654fc250ac87991352b57036c4cd65845615d3e76ca708059036725ce84/detection

58.215.157.240:80
58.215.157.241:80

# Reference: https://twitter.com/d4rksystem/status/1306963562129227777

101.32.46.240:443
windows-update.nz

# Reference: https://www.virustotal.com/gui/file/5c0efb94f94503bf22dca20783f649935dc2bce25b1e60f4f717d99f36f7bd8f/detection

47.56.126.243:8443

# Reference: https://www.virustotal.com/gui/file/3c411a8e15a5f9da25398aa9f9a6ce5850d253b6e5b677e316641afbe1ef48ce/detection

http://39.103.129.174
39.103.129.174:8090

# Reference: https://twitter.com/d4rksystem/status/1310600150847455234

checkavail.space

# Reference: https://twitter.com/reegun21/status/1309500548224184322
# Reference: https://www.virustotal.com/gui/file/09f345ed03515edb3e0098c1f7b79a8e93b1ff8189f56eecb8bea47136a152c2/detection

http://188.119.149.108
188.119.149.108:443
18.192.188.29:8001
http://37.1.210.141
molinahealthcare.gq
x.necential.de

# Reference: https://twitter.com/d4rksystem/status/1310962538335662084

154.194.255.61:1112

# Reference: https://www.virustotal.com/gui/file/608f082e569b2e089e1c89a789e1963c108f972d20ea4e0b5114c0661c50fe6a/detection
# Reference: https://www.virustotal.com/gui/file/fffd5fb4107407ecc42df03dec6cc20d164b651879ac0a77455e07d9fc001a6d/detection

185.200.34.175:12345

# Reference: https://www.virustotal.com/gui/file/cd76d1d4806e451e88c98e804bccc696e0d78775c9a4a696e9de1fe732c98846/detection

http://121.37.212.243
35.194.127.200:9090

# Reference: https://twitter.com/d4rksystem/status/1311346316908339200

35.201.229.47:6666

# Reference: https://www.virustotal.com/gui/file/bbcf017b03cd244398f6a69f4543d8c91c13b92fb24988915b8c6528b57d9e30/detection

155.94.135.156:14357

# Reference: https://www.virustotal.com/gui/file/ffb4cb0c66f58bb549fcdaa8a3479add80d7b1f69b71fefe4ea7dc029ec45871/detection

155.94.135.156:4445

# Reference: https://www.virustotal.com/gui/file/3a562c03a7158a1bb8c5afb0ce70bacdc4b7f5f03ea92363403197e58e6e99c9/detection

117.174.113.71:1213

# Reference: https://www.virustotal.com/gui/file/5da35edd8ddc0c4300a7e885ccaf417daf393150d35aad3f1d24a4839dea2e4b/detection

117.174.113.71:65500

# Reference: https://www.virustotal.com/gui/file/e6d37db815eb5f61f76f3dece07af0fbed2542beaf496cd5c4a800cafa70cea3/detection

117.174.113.71:8888

# Reference: https://www.virustotal.com/gui/file/cca380d18764adc6589cb94018c7a3cec6daa125c2909dd26a531c448501c8dc/detection

githubsec.tk

# Reference: https://www.virustotal.com/gui/file/87dca59ec3d55bcb1b05da564e5ce0a164ab633f1c46a18a97f72a30efff7388/detection

molinahealthcare.gq

# Reference: https://www.virustotal.com/gui/file/606c40821c82c44ce2990de952de16065d2289e1ffb91e003682675d9b1ec2fe/detection

120.25.123.158:8443

# Reference: https://www.virustotal.com/gui/file/248e6a90db1260061df8dac193d70f237210302479455b7110935066ddc99ee4/detection

154.209.69.6:1234

# Reference: https://www.virustotal.com/gui/file/53dbb408672eef0fb71f27a9fda1e9ec35588c7cd390893e2627dd3acb516459/detection

154.209.69.6:7899

# Reference: https://www.virustotal.com/gui/file/d5191559a3016231a9f1a1d29dae98496d431f31884db7c2572e8e071c014486/detection

http://154.209.69.6

# Reference: https://twitter.com/d4rksystem/status/1312029574331600896

119.45.191.253:8080

# Reference: https://twitter.com/malwrhunterteam/status/1312098094260117504

live-dvb-c.youku.com

# Reference: https://www.virustotal.com/gui/file/7d4657bc4224540eac6992d4b87b2570aefd4a7dfcc3ee7f246f2ff4a291ec71/detection

104.243.19.135:8088

# Reference: https://www.virustotal.com/gui/file/5549083af6734261be7cade3bbadbffdde00b12d8f4f884ec71c9e2ef5306118/detection

104.243.19.135:5678

# Reference: https://www.virustotal.com/gui/file/aa0be24ac6b5aaf757424cf2bc9f4f72321f445ef0ccd28d1e279cebd3ec754b/detection

http://114.80.110.39

# Reference: https://www.virustotal.com/gui/file/81a69e85fc1bf4c6549035ea7d0e8ff5351da4aa015e7fb53f43738b7f8b05e2/detection

http://113.96.179.221
http://36.99.196.220
http://58.49.193.212

# Reference: https://www.virustotal.com/gui/file/a2b3f282a809d01e197ec7c04c96c1971110e8e0d4dc22c7d5c7f16b86150808/detection

123.207.20.180:10015

# Reference: https://www.virustotal.com/gui/file/48b73e0d34194b834c713ad773e4a261c27b4a7b771b54e89e98909e82fdd2f7/detection

123.207.20.180:10070

# Reference: https://www.virustotal.com/gui/file/fcd72dbd60e6b2665d10e5a5d4d480ecd2b3e5fd736d4a526bd22704e4df8269/detection

123.207.20.180:10025

# Reference: https://www.virustotal.com/gui/file/02570bc3de4a4bbe76c33cba3f610820cbc979aec89a683c5b2cc8e044ed158d/detection

123.207.20.180:10035

# Reference: https://www.virustotal.com/gui/file/9f49451812417ec0c359aaf2791ed62d9a9019741134c20d2e3eb222d3a703ca/detection

123.207.20.180:10014

# Reference: https://www.virustotal.com/gui/file/9c2f7b86462774b99bdbc96e24a11723a1edc34a3d98a6a414a78ae5370d06c0/detection

123.207.20.180:10062

# Reference: https://www.virustotal.com/gui/file/84437b68342e0b1fa131b1fcf1dbde90a24462eeb2b86143b52d56957b829dc2/detection

123.207.20.180:10072

# Reference: https://www.virustotal.com/gui/file/bae843b3dcac33a4e812d7cc498358932cca6fdf7e07a742f2d92bd265a1e84f/detection

123.207.20.180:10058

# Reference: https://www.virustotal.com/gui/file/ed59e4cc578bbb125166e58942544cf1bf68393a5ca59b31a2bf2e62a77175d9/detection

139.219.7.217:4430

# Reference: https://www.virustotal.com/gui/file/fab3890bb36681ba07af2ceffdea9fd7bd42626daa4719e69b10cff4f36dfef0/detection

119.28.93.67:8000

# Reference: https://twitter.com/levigundert/status/1312065474927235072

172.241.29.12:3790

# Reference: https://www.virustotal.com/gui/file/ebbd2f4eef7ebb924a6f8b0eb9a7a5e0762992bfaca34bf6ab200b905b087bd4/detection

116.85.69.130:443

# Reference: https://www.virustotal.com/gui/file/09cc55acdc1f3241261386a9ba57eb17f2d1ea8570d60f6f91d2ce15a6e80681/detection

42.51.67.111:8611

# Reference: https://www.virustotal.com/gui/file/e4dd5fc22ff3e9b0fa1f5b7b65fb5dfeac24aab741eee8a7af93f397b5720f4a/detection

103.205.7.201:8600
42.51.67.111:8612

# Reference: https://www.virustotal.com/gui/file/4c9a82765eeedefaead451e778eb0a0d3b9a5d6f149e6f005adb637e6be39bf6/detection
# Reference: https://twitter.com/pmelson/status/1312796980473729024

185.174.103.157:443
185.174.103.157:80

# Reference: https://www.virustotal.com/gui/file/a9ca1d6a981ccc8d8b144f337c259891a67eb6b85ee41b03699baacf4aae9a78/detection

178.79.179.200:443

# Reference: https://www.virustotal.com/gui/file/418e111b53bc96cadb2aebd57fe8c9315834c647ccc7aa4ee5a7cd9e0715fb2f/detection

116.62.174.32:6666
http://116.62.174.32

# Reference: https://twitter.com/ScumBots/status/1313140725383651329
# Reference: https://www.virustotal.com/gui/ip-address/87.121.52.229/relations

87.121.52.229:443
supercombinating.com

# Reference: https://www.virustotal.com/gui/file/452e2b1c870841ea7d8fe7a9b3046206d634a9e4180abea218c06736e129e419/detection

212.64.65.50:53

# Reference: https://www.virustotal.com/gui/file/69dab575d08d749dbaac76f7ae5ca87a83a7f7beb56ccecdf551df54c7a13255/detection

116.63.155.102:443

# Reference: https://www.virustotal.com/gui/file/bbe04907b22f077c3b52985b738168cdc970ee5c8f7f25899a45e4d1cdf94b14/detection

39.108.195.174:8001

# Reference: https://www.virustotal.com/gui/file/6b40a7ce3a67ebdcb825f59709576dcc97c7dc2d52d6e4677c790dd326c9f5df/detection

60.190.119.117:8008

# Reference: https://www.virustotal.com/gui/file/466c909ef1e4ee4293acd3999565a5fdbdd226d46d716698bc41581c35f713fa/detection

60.190.119.117:9009

# Reference: https://twitter.com/d4rksystem/status/1313494222872420352

http://144.34.165.136
http://18.159.252.67

# Reference: https://www.virustotal.com/gui/file/4c3d2a07b5ddb595f37cce72ef7cab2b6df27cee6f6d1c83cca15ba6d8798615/detection
# Reference: https://www.virustotal.com/gui/file/e107115c6a844fb98475caaa449474e95e4f562b47f3e45fbf14b643dd13c613/detection

pepesec.azureedge.net

# Reference: https://www.virustotal.com/gui/file/b9bcaaefb5dd8f522945d12a4f6d57a42a6e2db6998a7386144144592b1c0952/detection

103.205.7.201:3320
103.205.7.201:37412
aaabbbccc-liebiao.9pyw.com

# Reference: https://www.virustotal.com/gui/file/b1a82bb2c571f69d88aa28b70e231b8a249aeea810179e3762304d66695c4d2b/detection

103.205.7.201:8001

# Reference: https://www.virustotal.com/gui/file/9f8deedba4e28c66d5f597d7031b0160425b3a90fa5c2297bcad097f9e7096eb/detection
# Reference: https://www.virustotal.com/gui/file/10433791ae6fecb3d1f8801e168a8d8230056d59390ab6405cf0dbdf424ebb2b/detection

45.32.62.213:8880

# Reference: https://www.virustotal.com/gui/file/36a2e64665dbea84776253e15bd8bc9cebfb647e085fcfee50f24e3b0b4c7582/detection

207.148.118.99:443
jsc.aliyunsdn.com

# Reference: https://twitter.com/malwrhunterteam/status/1314558847588143105
# Reference: https://www.virustotal.com/gui/file/236f333149df4e6a888330f98453f2ed2b5175a9dc5f7c9b3375ab89d916627c/detection
# Reference: https://www.virustotal.com/gui/file/bc4e902a2fb6d9224587212fa4ca49133f2f6b5e4dcdfee2f71dd5ff85a68a66/detection

139.155.91.159:21001
45.32.207.129:21001
host.360-update.com

# Reference: https://www.virustotal.com/gui/file/cca109052df824b750402bf3302102be844e8c0a1ae70ce322035f4c17a12f21/detection

http://45.86.163.86

# Reference: https://www.virustotal.com/gui/file/759501730757f599f2e3934f452f127c765300fdca9fce57cd9590647d6d1684/detection
# Reference: https://www.virustotal.com/gui/file/959244b071e6762f42dc5c22f237a20f56c9df60218fb0673d37450ad74282fb/detection

104.24.110.22:2095
104.24.111.22:2095
172.67.219.38:2095
usahack.xyz

# Reference: https://www.virustotal.com/gui/file/7d95da7bd7f521b988809acd34e37b4fa956e3612398447ed12c67d8c6508d5c/detection
# Reference: https://www.virustotal.com/gui/file/d0d31768cde303eb954ae5209a415c7f551f3f701a1cb43a68c97f86386cb057/detection

http://103.152.132.23
103.152.132.23:443

# Reference: https://www.virustotal.com/gui/file/fbd2233ff798f26fb3998f5149af251f07fe4fa06b255dd6b991a569ae8097d5/detection
# Reference: https://www.virustotal.com/gui/file/1b0318224a1d139510139e1765c5e7b1295fc29c0ee861ea33a1ff4f68a93023/detection

13.67.239.91:443
api.pcocot.com

# Reference: https://www.virustotal.com/gui/file/0fffc765338044eccefa1984d3c52e1a37d21f780d9cf3cba56b80fef84518bd/detection

120.79.244.41:7878

# Reference: https://twitter.com/d4rksystem/status/1315672322762825729

http://194.99.21.202

# Reference: https://app.any.run/tasks/03ec2e4c-e5be-4f8b-a1d9-ca4fd51db517/

http://45.32.32.95

# Reference: https://www.virustotal.com/gui/file/9ca0885bc44fc50015d2db4775a8b16272805ee4f5fd2bab5b6371c8ae576348/detection

45.32.1.7:2233

# Reference: https://twitter.com/d4rksystem/status/1316035968340766726
# Reference: https://www.virustotal.com/gui/file/a0578b73f58e8cf479f9c69d1e8ad29977359dd6121a0be234e58df476a26dd6/detection

54.179.204.35:443
msregistrar.com

# Reference: https://www.virustotal.com/gui/file/ae6ca525ecf445ed86bd0d8a9b917afacfc45b54243dcae1e5578cfd3369b5e5/detection
# Reference: https://www.virustotal.com/gui/file/e031505f9fc872531f9d8718d342ca7fdd90585efdac2198a69374f79776f310/detection
# Reference: https://www.virustotal.com/gui/file/68eb410bd9e172538dcd99bd3c0c1bbf2754117c4de6772cf1bdf537ad990c76/detection
# Reference: https://www.virustotal.com/gui/file/af94d92e216aa5d2ad6f11de234e9d23b313f08fb5cc8d376212a43128caa595/detection

104.31.89.151:2083
104.31.89.151:8880
172.67.148.251:2083
z652.com

# Reference: https://www.virustotal.com/gui/file/0d66c2fbe562a48e10c2f3d728f26dec2b8de81a78552928a35e57ee7501e495/detection
# Reference: https://www.virustotal.com/gui/file/7e2204fcc0bf11d3dd9273178ed3e7ac1acd812a6053b77904a0771e3d5ae7fb/detection
# Reference: https://www.virustotal.com/gui/file/7bef980f2d19a5f122432902b760af9ca36e7eb0fea31c5e276a92d2c7727733/detection

http://145.249.106.231

# Reference: https://twitter.com/d4rksystem/status/1316423524882345984

http://194.87.95.167

# Reference: https://twitter.com/malwrhunterteam/status/1316668613747597312
# Reference: https://www.virustotal.com/gui/ip-address/109.201.142.110/relations
# Reference: https://www.virustotal.com/gui/file/f90129b0d41a4602f9a9ab2377fbab2fb59b0c3044fd86b1944671216b62aa4f/detection
# Reference: https://www.virustotal.com/gui/file/b6e8845304e6e747baffabb5f041201231eed8c2b27eeb0b2b22128e69f0038b/detection

109.201.142.110:443
forteupdate.com

# Reference: https://twitter.com/kyleehmke/status/1316727958661476353
# Reference: https://twitter.com/kyleehmke/status/1316727959735205897
# Reference: https://twitter.com/kyleehmke/status/1316727960666284033
# Reference: https://www.virustotal.com/gui/ip-address/45.147.229.52/relations
# Reference: https://www.virustotal.com/gui/file/4544b478b2029ec38eb4bda111741a10f0684e38f1b29ce092b93df882d11f9e/detection
# Reference: https://www.virustotal.com/gui/file/2376a8da650c124b3d916765f82929b4109f20bc4f211a39a4d1cd4391780d1f/detection

45.147.229.52:443
45.147.230.131:443
ate-cic.com
backup-helper.com
backup-leader.com
backup-simple.com
bakcup-checker.com
bakcup-monster.com
boost-servicess.com
itsme-belgie.com
nas-leader.com
nas-simple-helper.com
online-activering.com
service-checker.com
service-leader.com

# Reference: https://app.any.run/tasks/cc2dbd61-ce6a-43e3-b078-c5a4fca5d84e/
# Reference: https://www.virustotal.com/gui/ip-address/185.153.198.124/relations

185.153.198.124:443

# Reference: https://www.virustotal.com/gui/file/7a6c30e910938a30bbd5928e2e1d80020148c3e7862d6059b83cde816a139e4c/detection
# Reference: https://www.virustotal.com/gui/file/868f5c21ea3610220291376f0f0840e1bf48e42e117c8cffe25c8f728f3ea53d/detection
# Reference: https://www.virustotal.com/gui/file/f2dd98c4956ba7ddf88cf6038d7c0fa2619e33e7c1ac37d36f6583b596bf6e75/detection

http://42.194.215.224
42.194.215.224:443
42.194.215.224:50001

# Reference: https://www.virustotal.com/gui/file/20b8d8491a64104cad453e037a8cc68c489679e8e070d74f3186c21f918bcdcb/detection

104.27.159.224:2086
charismatic-guy.me

# Reference: https://twitter.com/d4rksystem/status/1317118108696334341

155.94.151.222:443
http://156.239.157.66
http://207.148.102.51

# Reference: https://www.virustotal.com/gui/file/db38d9b23211526933e20a725cc0a21106e4b960565ecbbd8bb8ecaa45acfb4c/detection
# Reference: https://www.virustotal.com/gui/file/c74ad1f1d812516367adedc579e9cace3fbb38400bd372ff2baa476eb076eb73/detection
# Reference: https://www.virustotal.com/gui/file/2546cf19855a5772834dcbd41fbc9206946c6c9953243edc96831e9d667677e8/detection

pepesec3.azureedge.net
pepesec3.ec.azureedge.net

# Reference: https://www.virustotal.com/gui/file/f092ffd1167579c7d0314f654ed25432da3e4cbc8b48b58fd6ed3a16d6f186ed/detection

101.37.85.106:7555

# Reference: https://www.virustotal.com/gui/file/f30cc30aaf88b4470250880cb2da47807d1d4985f843b18c00d2e51ac78131b6/detection

101.37.85.106:8080

# Reference: https://www.virustotal.com/gui/file/5e91ff40d85e197751696bb1f6ab66055b6408ef99bfc12e54f27fc4f7674268/detection

101.37.85.106:9988

# Reference: https://app.any.run/tasks/fbd0a347-e914-470c-97b1-e3275d619357/
# Reference: https://www.virustotal.com/gui/file/c9d9e4e25c1b8672d126d8269fa64643b17314515c6ed0fc33c12fed0f69ce63/detection

huawei-promotion.com
home.huawei-promotion.com

# Reference: https://twitter.com/malwrhunterteam/status/1318109081882841088
# Reference: https://www.virustotal.com/gui/file/d2eee2fa771e54c1a44cfc4d40eef50be4776a25987b72633f7b91faf2302092/detection

217.12.218.199:443

# Reference: https://twitter.com/kyleehmke/status/1318154835183677440

best-backup.com
best-nas.com
bestservicehelper.com
simple-backupbooster.com
simpleservice-checker.com
top-backuphelper.com
top-backupservice.com
top3-services.com
topbackup-helper.com
topbackupintheworld.com
topservice-masters.com
topservicebooster.com

# Reference: https://twitter.com/kyleehmke/status/1319575445600428035

backups1helper.com
driver-boosters.com
driver1downloads.com
service-hel.com
service1update.com
service1view.com
servicehel.com
servicereader.com
top3servicebooster.com
view-backup.com

# Reference: https://www.virustotal.com/gui/file/8cc100635c5b90972a8001ad8a7160ed6be058e077eef9cdf437cd1805eaf104/detection

52.14.54.251:443

# Reference: https://www.virustotal.com/gui/file/f205dd34ad12009018bd7318b552ceb7c3413a3d3ed54dc5af76247fd1290d5a/detection

bullheadcitybee.us
westharrison.org

# Reference: https://app.any.run/tasks/d11dc06d-229b-48ed-ad75-cf39571b10ee/

46.8.180.147:443

# Reference: https://app.any.run/tasks/95038ae0-03ab-4fa9-a14c-cc3abd7c849a/

http://103.228.130.104/updates.rss

# Reference: https://app.any.run/tasks/45879790-4707-46b7-a12b-f4043e360feb/

http://173.234.155.231/ga.js

# Reference: https://app.any.run/tasks/4106d3df-1efc-479f-9539-b00ed7cc1dbb/

172.247.123.118:9080

# Reference: https://app.any.run/tasks/5fc7e87e-c219-4a94-8dd9-f7d95c4d68e5/

160.124.49.133:7777

# Reference: https://app.any.run/tasks/6344a790-6098-4f2f-8940-c47fc3d10a7b/

http://37.221.113.120/push

# Reference: https://app.any.run/tasks/6d22ffda-7494-4139-8752-a73c70c4f984/

144.168.63.190:8082

# Reference: https://app.any.run/tasks/6725e2c2-9de5-4f6e-8929-519b4a6a99e6/
# Reference: https://app.any.run/tasks/8d7f1fb5-6beb-47b5-ad78-c441e3133ceb/

http://45.146.165.142/IE9CompatViewList.xml
http://45.146.165.142/cm

# Reference: https://app.any.run/tasks/27cf987c-943c-48e7-ab21-9aeec430b242/

198.13.32.247:8000

# Reference: https://app.any.run/tasks/faca4fb3-89e9-4e22-af0e-f0abfe347172/

139.180.188.22:888

# Reference: https://app.any.run/tasks/419868a6-3152-48be-8cc9-379d636ce9a9/

http://109.234.34.116/push

# Reference: https://app.any.run/tasks/15e8bd10-0b7a-4486-89bb-f8204514397f/

http://172.81.212.89/push

# Reference: https://app.any.run/tasks/fdb56336-1231-4fbc-a460-998246103eaf/

http://202.182.117.241/load

# Reference: https://app.any.run/tasks/abd0ee54-f91d-485f-bd0c-f827368da494/

http://81.68.140.178/g.pixel

# Reference: https://app.any.run/tasks/793f930a-e893-40c6-8444-763d708190b3/

http://139.224.116.161/push

# Reference: https://app.any.run/tasks/e6240347-3e5a-4ee1-9cdf-616666b19475/

http://207.154.250.85/g.pixel

# Reference: https://app.any.run/tasks/d1861257-be9c-4cfd-999d-8ea0288b4d77/

http://45.141.84.212/push

# Reference: https://app.any.run/tasks/e448fa2a-b57f-4aa2-af20-dd7ca2a85f50/

http://45.146.165.227/updates.rss

# Reference: https://twitter.com/malware_traffic/status/1318713989371756544

http://104.238.134.63/submit.php
http://104.238.134.63/updates.rss

# Reference: https://app.any.run/tasks/1a9e61d4-813d-48f8-94c0-1fea1e7e1118/

http://45.141.84.218/visit.js

# Reference: https://app.any.run/tasks/afbf9daf-f83e-413b-b8f6-27028d8e9622/

47.75.251.9:8888

# Reference: https://app.any.run/tasks/4dab1cc1-6627-468e-9c74-b6caa512f91d/

http://83.220.172.27/g.pixel

# Reference: https://app.any.run/tasks/a9bc0914-a647-4a2a-8ee5-1bf72011354e/

http://117.78.1.204/pixel.gif

# Reference: https://app.any.run/tasks/3fd032a3-3c13-41a2-8fc6-63e25fbf4b14/

flash-load.ml

# Reference: https://app.any.run/tasks/9b1ced11-696c-48e6-ad44-b47253d1fe0d/

47.94.196.194:8888

# Reference: https://app.any.run/tasks/8ae79b03-edda-4e8c-8515-0115727b2c45/

conf.azureedge.net

# Reference: https://app.any.run/tasks/b5a83b7c-50fe-46de-a36d-efdbdbc46a11/

kalicobalt.ddns.net

# Reference: https://app.any.run/tasks/e4f1997e-d40d-43f4-8efc-8a09ce3502ed/

47.97.164.40:8080

# Reference: https://app.any.run/tasks/be7683e4-c5ea-4aa7-a83b-ba0782a83d2e/

93.115.21.43:8080

# Reference: https://app.any.run/tasks/ac5be7de-e06b-4038-9765-7a9a89e76cbc/

158.247.211.216:8080

# Reference: https://www.virustotal.com/gui/file/2a2ee5c57f94511369b7f3d3a1d0c0547599f8578892c3e717af700dcde1ddf6/detection

node.podzone.org

# Reference: https://www.virustotal.com/gui/file/fddcc86a7c20b70f58f7f0d9d9c61a6eff5342b0d8510889616fe26e99c04035/detection
# Reference: https://www.virustotal.com/gui/file/9675f832a7dfda9e5cbbc6ae409b8d630392e56c29fe4e110d27134100e31d52/detection

http://5.79.119.191/ga.js
5.79.119.191:8080

# Reference: https://www.virustotal.com/gui/file/8b8ffeec1b276b158b8c2334dbcac254135c4dbbbe66637bfcf2bcef39a2f5cd/detection

45.134.168.146:6868

# Reference: https://www.virustotal.com/gui/file/452e2b1c870841ea7d8fe7a9b3046206d634a9e4180abea218c06736e129e419/detection

212.64.65.50:53

# Reference: https://www.virustotal.com/gui/file/bbe04907b22f077c3b52985b738168cdc970ee5c8f7f25899a45e4d1cdf94b14/detection

39.108.195.174:8001

# Reference: https://app.any.run/tasks/b20786f0-36d7-4377-87ac-8fb2747d6c95/

iqio.net

# Reference: https://app.any.run/tasks/5323d269-3367-4bdb-b189-5847f35646c1/

43.226.155.154:443

# Reference: https://www.virustotal.com/gui/file/857a50958036298fb9869190575990b36ec13885f0588c7f31da01a8f63fdefd/detection
# Reference: https://app.any.run/tasks/d83bf908-159e-42de-a656-b2924b2c1761/

http://104.238.134.63

# Reference: https://www.virustotal.com/gui/file/2a2ee5c57f94511369b7f3d3a1d0c0547599f8578892c3e717af700dcde1ddf6/detection

185.161.210.189:443

# Reference: https://twitter.com/malwrhunterteam/status/1318904041590718469
# Reference: https://www.virustotal.com/gui/file/836db6bde6f664fa42b020c7b4549713022eac87410c1ed1104b6d4df615a599/detection

topbackupintheworld.com

# Reference: https://twitter.com/kyleehmke/status/1318896410687885312
# Reference: https://twitter.com/kyleehmke/status/1318896411757498375

backup1helper.com
backup1master.com
boost-yourservice.com
checktodrivers.com
driver1master.com
driver1updater.com
driverdwl.com
godofservice.com
service1updater.com
viewdrivers.com

# Reference: https://www.virustotal.com/gui/file/a32e37ae08d6a723dff7313d96bc7e23fe9b7db18295e2916f3c935530329919/detection

frontend.physicsandcs.me

# Reference: https://twitter.com/d4rksystem/status/1318960239513804801

213.164.204.7:443

# Reference: https://twitter.com/pancak3lullz/status/1318990219824287744

http://195.123.246.33
103.143.81.177:443
106.52.152.85:443
123.56.228.208:8484
47.100.12.121:7890
47.244.3.176:39002
49.233.155.141:7001

# Reference: https://app.any.run/tasks/d400a6c0-38ce-4242-aadb-e08c96913608/

http://209.126.119.186/YeQM
http://209.126.119.186/cm

# Reference: https://www.virustotal.com/gui/file/315a3095062001ec75a2e4e9bf2b068ce840860c218d4c4b408eb39706578951/detection

test.praetorian-threat-hunt.com

# Reference: https://www.virustotal.com/gui/file/d3a62b4a0b738173562b0323780bf1f0f56f4a8c2258a669447f75e6e2c341aa/detection

47.103.205.254:8081

# Reference: https://www.virustotal.com/gui/file/9300ae74258f6f1d8e2186636fbf9f3f689983b53d3d56245766496552edd257/detection
# Reference: https://www.virustotal.com/gui/file/0732084ec0399e14fddab091557d7d3ef6b0ccf613f6910803c33727954e7c33/detection

120.78.196.37:8888

# Reference: https://www.virustotal.com/gui/file/da725957d24a193350af135631ab7b286983caeaa1619b61c2535aa1794575c2/detection
# Reference: https://www.virustotal.com/gui/file/2a644f9a1caee7aebd48c9bb630fe6908f05c9bf16cdf5c892fe5d46f669433c/detection

47.98.105.114:8888

# Reference: https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/

havemosts.com
quwasd.com

# Reference: https://twitter.com/malwrhunterteam/status/1319353040785330176
# Reference: https://www.virustotal.com/gui/file/22231ae860d3e69476c2b697403e42e941bea53e244bfd2e7ebf47e527da2f1a/detection
# Reference: https://www.virustotal.com/gui/file/7714576e5255b891f909e82ef775d38a595ea4188c61af82b640194c53cd6a16/detection
# Reference: https://www.virustotal.com/gui/file/4f7dd00a005caf046dd7e494fea25be2264974264d567edfc89122242b7c41bc/detection
# Reference: https://www.virustotal.com/gui/file/6a539aaded06c2fb9dc8466e8d98f5413d53c5e0e75db61989332e9998b7a76c/detection

173.232.146.37:443

# Reference: https://app.any.run/tasks/3d9decdf-154d-4225-9ccb-dd246ac80875/

139.162.161.211:13541

# Reference: https://www.virustotal.com/gui/file/5c2d669c29bf38e23703703a396d53917f0822d5f599ff3df212319cb755ebee/detection

http://47.98.118.25/j.ad

# Reference: https://www.virustotal.com/gui/file/0e06fd34e65536711149762f673f5d884f6b2bb469198f09f4917dc29957a7e6/detection

47.98.118.25:8000

# Reference: https://www.virustotal.com/gui/file/4ee861177122b8cd8bb560eb3ea1897895be00aab79071b3b4792ef80689dde4/detection

132.232.80.78:8520

# Reference: https://www.virustotal.com/gui/file/93378648feffe8e9f40d3c72d98ea7ee5537a7019c9b49bfa7a2f3c1bcf5e6a2/detection

132.232.80.78:8052

# Reference: https://www.virustotal.com/gui/file/7e41151b49920e8fbe014814bd28afbb306d98fd9e45030326fb943c9ff91015/detection

132.232.80.78:5438

# Reference: https://www.virustotal.com/gui/file/af1114bfdff6f3fef37685976e500f20d4db1e94173957ed9f539ebb48ae0ad6/detection

144.34.218.157:23333

# Reference: https://www.virustotal.com/gui/file/7f4b50d2a55c50ac53bc04cd5b6733f659aff46597c65bdda38ce6f1a1deb843/detection
# Reference: https://www.virustotal.com/gui/file/deb398aa4b335f7c0c6f3a7a63ce46f60c21ada112a2ab76995f277ff1f97d3f/detection
# Reference: https://www.virustotal.com/gui/file/49d2bfac6f67d27805524c41ea6f29f965ebf4aba0ce6995b0639a09ce852962/detection
# Reference: https://www.virustotal.com/gui/file/f57dc2131a87e7cad9b18c82b8efb215d1c985c43764751431cce2a9374b93eb/detection

news.gfstaxadvisory.com

# Reference: https://www.virustotal.com/gui/file/ebbec6471d6aefea65e705cbced4ccc934bd09e81046c476d70e8b9ef0f1e9db/detection

104.239.178.204:8080
reward-firstenergy.azureedge.net

# Reference: https://www.virustotal.com/gui/file/df6b79b9b98b3832d6fde2b99906e1a93cf1a5e2a848ee5c42fc7ed48216c1aa/detection

173.82.110.209:443

# Reference: https://www.virustotal.com/gui/file/5daf37825cdc2b41a078b9a4b73c62700c2a6e41ae7d696b3fa644310109c253/detection

binbong.net

# Reference: https://twitter.com/James_inthe_box/status/1319742462693314561

office-cdn6.azureedge.net

# Reference: https://www.virustotal.com/gui/file/623332bed79f64a1eb61b00ef5b6578c1a61cec774ec9471aff8931a80e7e5e4/detection
# Reference: https://www.virustotal.com/gui/file/6979ec25a08584254fa65eeb6c1afafce160e41d90020feb7a200c0820fa79a8/detection

tothesky.merseine.com

# Reference: https://www.virustotal.com/gui/file/d8b888596f39303218f057514f02ab7203c8a48728b2eacce84c7fd0896d670f/detection

121.36.252.20:881

# Reference: https://www.virustotal.com/gui/file/84afb641bdcfca87b509c1b97783705557e9be5bf6dcb7932806540f7afe35dc/detection

121.36.252.20:882

# Reference: https://www.virustotal.com/gui/file/10c60f8438d275a4d778a8017e963eb78d2b1ba9bb7df601018a49ac6afbf3aa/detection

121.36.252.20:999

# Reference: https://www.virustotal.com/gui/file/867a132629eb3616f1d466d05fd0ebda770ef5edad04002d542af1f2911c6adf/detection

121.36.252.20:1111

# Reference: https://www.virustotal.com/gui/file/6e78a9c4b51c808bf9ecb4bd2b93ccffb4eab0a831386e32561c371f5e629f18/detection

49.235.252.199:12305

# Reference: https://www.virustotal.com/gui/file/6fb246e17e3b442a24cae411f061e986b9c847233129808d4319bb538869a701/detection

81.69.14.19:13355

# Reference: https://www.virustotal.com/gui/file/3b18371984244b90ee23c8fd5b2b75d278749f81027930152fa1b0730762b4ea/detection

81.69.14.19:33899

# Reference: https://www.virustotal.com/gui/file/f46c27806c51b9ca44d349fea8f6041445c1c3580a3658511dd8db94fbbb18c9/detection

ssl.cccccsssss.com

# Reference: https://twitter.com/kyleehmke/status/1321370267025727488

idriveboost.com
idrivecheck.com
idrivedownload.com
idrivedwn.com
idrivefinder.com
idrivehepler.com
idriverrs.com
idriveupdate.com
idriveview.com
service1boost.com
service1upd.com

# Reference: https://www.virustotal.com/gui/file/cb896a1dfc536a1dae13bf96c44d4296ec12ce5f423347872ec18f2e5d27e286/detection

http://81.71.34.172/IE9CompatViewList.xml
http://81.71.34.172/L5rj

# Reference: https://www.virustotal.com/gui/file/d6b93583d2c8d20f8875011a119f12ac9f75c5c40710dbf8a6a78a1621fd9758/detection

139.9.55.197:446

# Reference: https://www.virustotal.com/gui/file/d5d18dc766092ff6930e01f8245f61239e3546292cbba98eee4ff2a0f7a64048/detection

148.70.139.64:1221

# Reference: https://twitter.com/malwrhunterteam/status/1321421801440858112
# Reference: https://www.virustotal.com/gui/file/fe75f7b188da991162296d782d906b30b5be301e2234aac1b0b3714b742205f4/detection

123.57.241.254:81
182.92.3.93:5678

# Reference: https://www.virustotal.com/gui/file/3e5712bbacb8a667457d554e86a66b8d0a0c6f4c580062b18bfba6d33124c50a/detection

95.179.141.5:9999

# Reference: https://www.virustotal.com/gui/file/25ed94591db7227a89568c088d7acc6cc06d339d4af3b300cba306c89aa67642/detection

148.72.211.222:7777

# Reference: https://www.virustotal.com/gui/file/940256445907dff1f5151a7aca61841d7aa29ee9ff47f99b9b4bc57cbbebb50f/detection

http://160.119.79.88

# Reference: https://www.virustotal.com/gui/file/0e723e0b0ec849c9d9b2b6b6410ba03cd184f03301470c57da662ec84eed0bf7/detection

high.vphelp.net

# Reference: https://www.virustotal.com/gui/file/f345e5048ec968417d288cb9e01d50bd262be45c18db1552af30380a3902626f/detection

360bug.net

# Reference: https://twitter.com/malware_traffic/status/1321482374044069888
# Reference: https://twitter.com/malware_traffic/status/1321182175916679168
# Reference: https://www.malware-traffic-analysis.net/2020/11/04/index.html
# Reference: https://twitter.com/sS55752750/status/1332491880861487104
# Reference: https://www.virustotal.com/gui/file/e765b7584834e1438df2865e24651067c59d50dc165ace09e293d295b6e90843/detection

http://185.153.199.166/match
http://185.153.199.166/pixel
http://69.30.232.138/activity
http://69.30.232.138/GJRy
http://69.30.232.138/submit.php

# Reference: https://twitter.com/d4rksystem/status/1321496952358555655

http://103.80.27.87
http://104.238.134.63
http://209.126.119.186

# Reference: https://twitter.com/d4rksystem/status/1319292434136895488

158.247.212.131:1080
http://194.99.21.202

# Reference: https://gist.github.com/aaronst/6aa7f61246f53a8dd4befea86e832456 (# UNC1878)
# Reference: https://otx.alienvault.com/pulse/5f99dd6b17da45dfb9dc296e

aaatus.com
actionshunter.com
avrenew.com
ayechecker.com
ayiyas.com
backup-helper.com
backup-leader.com
backup-simple.com
backup1helper.com
backup1master.com
backup1service.com
backup1services.com
backupmaster-service.com
backupmasterservice.com
backupmastter.com
backupnas1.com
backups1helper.com
bakcup-checker.com
bakcup-monster.com
best-backup.com
best-nas.com
bestservicehelper.com
besttus.com
bigtus.com
biliyilish.com
bithunterr.com
blackhoall.com
boost-servicess.com
boost-yourservice.com
boostsecuritys.com
boostyourservice.com
bouths.com
brainschampions.com
bugsbunnyy.com
cantliee.com
caonimas.com
chainnss.com
chalengges.com
cheapshhot.com
check1domains.com
check4list.com
checkhunterr.com
checktodrivers.com
checkwinupdate.com
chekingking.com
ciscocheckapi.com
cleardefencewin.com
cmdupdatewin.com
comssite.com
conhostservice.com
cylenceprotect.com
daggerclip.com
debug-service.com
defenswin.com
developmasters.com
dotmaingame.com
driver-boosters.com
driver1downloads.com
driver1master.com
driver1updater.com
driverdwl.com
driverjumper.com
easytus.com
eighteenthservicehelper.com
eighthservicehelper.com
eighthserviceupdater.com
eithtservice-developer.com
elephantdrrive.com
eleventhservicehelper.com
eleventhserviceupdater.com
errvghu.com
fastbloodhunter.com
fifteenthservicehelper.com
fifthservice-developer.com
fifthservicehelper.com
fifthserviceupdater.com
findtus.com
firstservice-developer.com
firstserviceupdater.com
firstservisehelper.com
firsttus.com
fourservicehelper.com
fourteenthservicehelper.com
fourthservice-developer.com
fourthserviceupdater.com
freeallsafe.com
freeoldsafe.com
gameleaderr.com
getinformationss.com
giveasees.com
greattus.com
gtrsqer.com
gungameon.com
gunsdrag.com
hakunaman.com
hakunamatatata.com
harddagger.com
havemosts.com
havesetup.net
helpforyourservice.com
hungrrybaby.com
huntersservice.com
hurrypotter.com
hybriqdjs.com
idrivecheck.com
idrivedownload.com
idrivedwn.com
idrivefinder.com
idrivehepler.com
idriveupdate.com
idriveview.com
iexploreservice.com
imagodd.com
info-develop.com
jomamba.best
jonsonsbabyy.com
kungfupandasa.com
lindasak.com
livecheckpointsrs.com
livetus.com
loockfinderrs.com
loxliver.com
lsassupdate.com
lsasswininfo.com
luckyhunterrs.com
martahzz.com
maybebaybe.com
microsoftupdateswin.com
mixunderax.com
moonshardd.com
mountasd.com
myservicebooster.com
myservicebooster.net
myserviceconnect.net
myserviceupdater.com
myyserviceupdater.com
nas-leader.com
nas-simple-helper.com
nasmastrservice.com
newservicehelper.com
nineteenthservicehelper.com
ninethservice-developer.com
ninethserviceupdater.com
ninthservicehelper.com
nomadfunclub.com
puckhunterrr.com
pudgeee.com
qascker.com
quwasd.com
raaidboss.com
raidbossa.com
rapirasa.com
razorses.com
realgamess.com
regbed.com
reginds.com
remotessa.com
renovatesystem.com
rulemonster.com
saynoforbubble.com
scrservallinst.info
secondlivve.com
secondservice-developer.com
secondservicehelper.com
secondserviceupdater.com
service-booster.com
service-boosterr.com
service-checker.com
service-hel.com
service-hellper.com
service-helpes.com
service-hunter.com
service-leader.com
service-updateer.com
service-updater.com
service1boost.com
service1update.com
service1updater.com
service1view.com
serviceboosterr.com
serviceboostnumberone.com
servicecheckerr.com
servicedbooster.com
servicedhunter.com
servicedpower.com
servicedupdater.com
servicegungster.com
servicehel.com
servicehunterr.com
servicemonsterr.com
servicemount.com
servicereader.com
servicesbooster.com
servicesbooster.org
servicesecurity.org
serviceshelpers.com
serviceshelps.com
servicesupdater.com
serviceswork.net
serviceupdates.net
serviceupdatter.com
serviceuphelper.com
servicewikii.com
seventeenthservicehelper.com
seventhservice-developer.com
seventhservicehelper.com
seventhserviceupdater.com
sexycservice.com
sexyservicee.com
shabihere.com
sibalsakie.com
simple-backupbooster.com
sixteenthservicehelper.com
sixthservice-developer.com
sixthservicehelper.com
sixthserviceupdater.com
sobcase.com
sophosdefence.com
sunofgodd.com
sweetmonsterr.com
target-support.online
tarhungangster.com
taskshedulewin.com
tenthservice-developer.com
tenthservicehelper.com
tenthserviceupdater.com
thirdservice-developer.com
thirdservicehelper.com
thirdserviceupdater.com
thirteenthservicehelper.com
tiancaii.com
timesshifts.com
top-backuphelper.com
top-backupservice.com
top-servicebooster.com
top-serviceupdater.com
top3-services.com
top3servicebooster.com
topbackup-helper.com
topbackupintheworld.com
topsecurityservice.net
topservice-masters.com
topservicebooster.com
topservicehelper.com
topservicesbooster.com
topservicesecurity.com
topservicesecurity.net
topservicesecurity.org
topservicesupdate.com
topservicesupdates.com
topserviceupdater.com
twelfthservicehelper.com
twelvethserviceupdater.com
twentiethservicehelper.com
unlockwsa.com
update-wind.com
update-wins.com
updatemanagir.us
updatewinlsass.com
updatewinsoftr.com
view-backup.com
viewdrivers.com
vnuret.com
voiddas.com
web-analysis.live
windefenceinfo.com
windefens.com
winsysteminfo.com
winsystemupdate.com
wodemayaa.com
wondergodst.com
worldtus.com
yourserviceupdater.com
yoursuperservice.com
zapored.com
zetrexx.com
zhameharden.com

# Reference: https://twitter.com/kyleehmke/status/1321728850095722496

backupslive.com

# Reference: https://twitter.com/kyleehmke/status/1321737401530753026

boost-helper.com
supservupdate.com

# Reference: https://www.virustotal.com/gui/file/fb40acf24c2ea5e6736f2c1c0f7d98f37b746a4d84f164071f95550f4e49458f/detection

47.75.49.6:6050

# Reference: https://www.virustotal.com/gui/file/264357a7374d079801cca76340e58b2461105d432a89f9e09f903d0da8d24d39/detection

143.229.2.88:80

# Reference: https://www.virustotal.com/gui/file/9eb47a6c5f215414a4013a6ab4327049416fe6d65abccf7444e96cff892dc8b7/detection

47.105.163.137:23233

# Reference: https://www.virustotal.com/gui/file/79c305001ff2aea1d206c6d04968cbc29ae444ce0344a822cac69e2faadbb164/detection

47.105.163.137:12345

# Reference: https://www.virustotal.com/gui/file/6d4664aacc2836ac8c3bf5a7a42e811611b4ea517df3b27139a70f51d8cddf9a/detection

47.105.163.137:8099

# Reference: https://www.virustotal.com/gui/file/59231471c76ab9907d3c6fea4d8b0f43b3ef45f6e5a6f6d553e7d906b6bcc1d8/detection

134.175.132.40:23456

# Reference: https://twitter.com/kyleehmke/status/1321865650474749957

it1booster.com
itopupdater.com
iupdaters.com
iupdatemaster.com
imasterupdate.com

# Reference: https://twitter.com/kyleehmke/status/1322106062011617280

checksservice.com
ibackupboost.com
ibackupupdate.com
ibackupview.com
iservicec.com
nasbooster.com
nashelper.com
nasupdater.com
uncheckhel.com

# Reference: https://twitter.com/kyleehmke/status/1321966648614658048

thecheckupdater.com

# Reference: https://twitter.com/pancak3lullz/status/1321885918660300802

140.143.197.39:10086
149.28.16.36:1521
211.149.143.218:8000

# Reference: https://www.virustotal.com/gui/file/5d418feab981866f23a0688ebc85cb0cf4f98eb92048004458a813a1b9d52176/detection

139.186.141.206:65501

# Reference: https://www.virustotal.com/gui/file/f61eb6bf364a4cc23290c185d56f90c2565a9162a036e5cf8f5fc8af67a1a8f1/detection
# Reference: https://www.virustotal.com/gui/file/efbcf5c9ec20679078ef00c42f380e1a04f9625547e5a15b8741678fa05b028e/detection

http://139.186.141.206

# Reference: https://www.virustotal.com/gui/file/7f178d07678a8970ade0e14578d0162efbba6c2bfa7098aa1778c7d1eea6513b/detection

52.44.106.115:8080
cs.bulletproofsi.net

# Reference: https://www.virustotal.com/gui/file/b5fd03a00a354ba67b665266763b8551b36962c9ff6f49c54da91d48b207d91a/detection

3.14.182.203:18090

# Reference: https://www.virustotal.com/gui/file/1b4ce21ff998637410f184771b1bc01f089d8c73e736f3b3c2f612f5a402d3c4/detection

103.56.53.100:443

# Reference: https://twitter.com/VK_Intel/status/1212432682162016257
# Reference: https://www.virustotal.com/gui/file/bcc76bed332a3ae1cce1a71250c9d7161d1d7276fc8483fa9b223447a24e6450/behavior/VirusTotal%20Jujubox
# Reference: https://www.virustotal.com/gui/file/cc672f0e694636dbc141427657a1587b919ae28c85af9d8538cd3c1092ecc392/behavior/VirusTotal%20Cuckoofork
# Reference: https://www.virustotal.com/gui/file/3e7a8bca3b4875a6f63579a71d0f2b2a6293263e76edcebe6cf6984af432dc25/behavior/VirusTotal%20Cuckoofork

103.56.53.100:10810

# Reference: https://www.virustotal.com/gui/file/8f3eb6ca303de759c0530906ad4675432d7d3361641b46413e12f325b4028081/detection

http://31.44.184.131

# Reference: https://www.virustotal.com/gui/file/16a3803656f70e65fe4818432cf2bfd6d293d23c7f41959bee31aa2c183ac8da/detection
# Reference: https://www.virustotal.com/gui/file/ff9d82009094ed094b1d18dc9cd13d5b263f145210bf944be68d061d1e1c4003/detection

143.110.153.235:443

# Reference: https://www.virustotal.com/gui/file/fd60a365711b77d5c65ba30eb8881f6c4394b46a479a4c979a5989b89cf1a0d2/detection

23.227.193.100:443

# Reference: https://www.virustotal.com/gui/file/ddc569b4b371e8739996ff33215a923b844b5b03749790cf75f9ab6603c3a136/detection

104.27.186.163:8080
104.27.187.163:8080
172.67.183.108:8080
ctfd.top

# Reference: https://www.virustotal.com/gui/file/fcb544510d1744406077429d367605c73ddd03a1b31b32b468652c5e60122041/detection

192.255.235.221:8080

# Reference: https://www.virustotal.com/gui/file/e841f48e2f8b53b18bba468aa0e0750c29538084260580f65f42a768b6599678/detection

47.52.205.194:8080

# Reference: https://www.virustotal.com/gui/file/28adb97f94cb528043cda387095ca6d0d284340b16ddc0c36984b5d59c4f36e1/detection

45.141.136.26:8080

# Reference: https://www.virustotal.com/gui/file/618f1afd938330360c6c7e697a276c85c10db536c55206956b46bf23fb7c2804/detection

207.148.104.252:8080

# Reference: https://www.virustotal.com/gui/file/08890674762bd62c7c63a7ec91b8b26cd4ac530ca7eb7bf1f18f321b6567be5c/detection

23.19.227.11:443
secure.voidlink.me

# Reference: https://www.virustotal.com/gui/file/764b6060d93f31baa39ee7cffba028c237cce33aea7c43f8a2cf19702d1d7c2a/detection

103.117.72.60:443

# Reference: https://www.virustotal.com/gui/file/4c29431b6decc3f966b5786a55a8e9ceb04ad0c6fb59295bc78997deccc019ee/detection

179.43.176.224:443

# Reference: https://www.virustotal.com/gui/file/c9de1ff05ed8a74947a8ac68a5ad54ad74d3f5701b819b4bfb8192b35438c5b5/detection

176.31.255.202:443

# Reference: https://www.virustotal.com/gui/file/e8abb8bbfa60013665f5947e831ad0a262bc85980efb27d580ab1fea5a3879cf/detection
# Reference: https://www.virustotal.com/gui/file/91e6b17800d0039a1ae521723a823af163726b374b0000eba1ebeb12bae7cf46/detection

154.204.32.173:8080

# Reference: https://www.virustotal.com/gui/file/17cbc30be2a0a1350766f14277f8969abe238ffe7b976cba95acaf5a184db1cb/detection
# Reference: https://www.virustotal.com/gui/file/b9cea76014590101a13077d40e91b3855de146d5c5ad65fc1e6f779313c5a207/detection

http://104.238.176.21/load

# Reference: https://www.virustotal.com/gui/file/dbc71de2d933f5f79d4f5cd01b6abbfd341b70d813af24f3092e5bc15519ff00/detection
# Reference: https://www.virustotal.com/gui/file/0dd6e196a02ba389b39c6bb8cd5668fdcd0719091866be3190955be33aade418/detection

bhenergy.centralus.cloudapp.azure.com

# Reference: https://app.any.run/tasks/45eb07a2-2781-4e13-94d5-aa9d48e67e61/

keefu.10086.cn

# Reference: https://www.virustotal.com/gui/file/fe94ffe8485662d7556499e4c3fd8d0a2384cebe45958ccf57d49d2730f238b9/detection

idv0h0h.qiniudns.com
login.10010.com

# Reference: https://www.virustotal.com/gui/file/62205a6b33fa758e0b9780b69bb4f8cac18b12525f83daee912832a97d1eb58d/detection
# Reference: https://www.virustotal.com/gui/file/8dd15f9bbba4431f084a8fe22213c22f403171aa0053d89342ae8623e21e8639/detection

stuats.sogou.com

# Reference: https://www.virustotal.com/gui/file/ab4601ac99c5e561246f5de7846dd94bc3fa74111a0e03ab38a960e9890d8d2f/detection
# Reference: https://www.virustotal.com/gui/file/4cbec25c7a773ae8ddbbe65ab97209638d7006c1cf29b97bb76798eac5394ffe/detection

oary.10086.cn

# Reference: https://twitter.com/malwrhunterteam/status/1323263013516943360
# Reference: https://www.virustotal.com/gui/file/851e07db545c79f64376b878285ad1e87952e5fd3f9eb387ef4002f700ea4ea8/detection
# Reference: https://www.virustotal.com/gui/file/ae7ddde22416d8ad817b8818228133cda683b670128b3a8255301885ca27d2fb/detection

http://129.211.181.170
129.211.181.170:1874

# Reference: https://www.virustotal.com/gui/file/143528bb022be3b398e985416277ae6ede1a6f43c01399e9045663a75c848d46/detection
# Reference: https://www.virustotal.com/gui/file/0932ccf3503410b8c15e02397716eeb871ce0319a665bb5b759b0c18ca984c6c/detection

mobilecdnprod.azureedge.net

# Reference: https://www.virustotal.com/gui/file/d4e20df9f1c79159a4f02205f56abfdcce87e58f7b7aa1befc581c83819e5bce/detection
# Reference: https://www.virustotal.com/gui/file/bd5c17c75eed391966980a17884876c6c39da687b6740959a813a83f3ff80e83/detection

47.99.123.186:8888

# Reference: https://www.virustotal.com/gui/file/b053817484417fb0c36322010a5cc789719008f486f46237aacac7ee6697cb86/detection

158.247.207.120:443

# Reference: https://twitter.com/d4rksystem/status/1323293797153939457
# Reference: https://www.virustotal.com/gui/file/f923c157ea93bc5a0956b6c9e3f5d9e3dcb22165c4196008680dea3305a5cde2/detection
# Reference: https://www.virustotal.com/gui/file/f54198f8fdd30825fde851ab705824de8362cd7a00c6f5b2d4515517f12f0999/detection
# Reference: https://www.virustotal.com/gui/ip-address/139.162.97.239/relations

139.162.97.239:4455
139.162.97.239:4456
cs40a.microsoftupa.com
test.systemdata.club
up.systemdata.club

# Reference: https://www.virustotal.com/gui/file/fbe20c327ebb8ed7bf9dd0e466d676c6e4dadb844b675642b6ca74fa14fc750c/detection

31.220.42.147:8443

# Reference: https://www.virustotal.com/gui/file/ca70952f853bb8fb9099faffc0602c173403825e09e461f06a1bdb44b9f6bdce/detection

w30.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/5e61af3b108b23908ceb33e6392d6912b52ae32363b683398ea1cd41d5aea956/detection

abo.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/73d168bfe4d6b6f057066506e280c4bcad81dc3163fcf98fca2d7462baca0280/detection

eidkfu23sjfsfjbsdf.microsoft-shop.com
idudjwujjdj2kkdk.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/49f5dcd2852264cca876856351a9094ad06a5a2c94d0a9ea4f169bb5e8d0b415/detection

tiehsijisne.microsoft-shop.com

# Reference: https://www.virustotal.com/gui/file/e17db305ac45e86f1265e88a183cab8e5d1eb6517e9a6bb6f80f9ec9e00ac26e/detection

182.92.169.148:8080

# Reference: https://www.virustotal.com/gui/file/54c3ca28084b5e49b163ab0ee905f8f72fa6f65724c1b04ef432a22c3c105f3d/detection

182.92.169.148:8888

# Reference: https://www.virustotal.com/gui/file/2d649a5a2ac07b53053c66c8007b939818629b757ff25a5d2bfa0b0f0c063857/detection

down.flash-plays.com

# Reference: https://www.virustotal.com/gui/file/ec50240df30bcbc5ece80e6a6702b7230b81e68b712083f01a5780761693c5ae/detection

43.251.227.203:443
ugliquarie.com

# Reference: https://twitter.com/malwrhunterteam/status/1323965345737093121
# Reference: https://www.virustotal.com/gui/file/06fb7b0e660f2b551d4b803190a5d8d88ba8165aab9361a0a2dd8f31d2692886/detection

34.92.61.61:1434
flashdowns.com

# Reference: https://www.virustotal.com/gui/file/ed3262a230711f164aa079bd20e676d749e5a607069046130800cd97e25cd5b3/detection

103.87.11.175:88
m0z.api.qq.com.w.cdngslb.com

# Reference: https://www.virustotal.com/gui/file/1ec7430ed88d3174432e996d07dfccbf2bdacdc2ba2e7abd73240e998c5efb90/detection

148.70.157.133:4413

# Reference: https://www.virustotal.com/gui/file/448248247c3fa95507dfbfed45a16280612821166508793bf92a026db1d7daef/detection

148.70.157.133:4433

# Reference: https://www.virustotal.com/gui/file/d16c11caf47ab3eec7f928c25717346379a6f05e34a35f49d48de07d7abf82c9/detection

120.92.109.248:443

# Reference: https://www.virustotal.com/gui/file/a57ef61972d08cf47873248bb5d06f3723f0cdd4f3a10c82ae73b873d72af3a1/detection

120.92.109.248:85
dowload.flsah.com.cm

# Reference: https://www.virustotal.com/gui/file/060500558c754696c0056ec073344071c058d198ea0dba06632f93edb1276624/detection

217.12.208.31:443

# Reference: https://www.virustotal.com/gui/file/dc8fd92155a01e30d5796edbbbbdbd7d4ecfb3f8dd15b0866d4e2de1e30e5224/detection
# Reference: https://www.virustotal.com/gui/file/264ae534b9fb647504765f8aa6dfc402ff568ba886908960f54eee143f2a32b4/detection

45.83.237.34:7777

# Reference: https://www.virustotal.com/gui/file/ab99e91e1b0951feabd09d049e0ac9d9412c67603415c10cbeadde5842ca02d2/detection

5.2.64.135:443
bugsbunnyy.com

# Reference: https://www.virustotal.com/gui/file/8e48823f951db827171b5150050d210eda8409a59533000e3682d0d9d70ceac7/detection
# Reference: https://www.virustotal.com/gui/file/6aa0dc29e72f3c8378b107b88faef7cac1e3c5c9b290af049849cdbe091414bc/detection
# Reference: https://www.virustotal.com/gui/file/7182033c16ec4880570eba76fdbc25c041132c27b5c90a98deccf35eec8cc7d5/detection

45.76.145.235:60020

# Reference: https://www.virustotal.com/gui/file/1f5b40ade04d66e6d93c116ff86949adad3e878404be25f609cb38efcd98eb4e/detection

101.132.194.59:8008
waf.micorsoft.cc

# Reference: https://www.virustotal.com/gui/file/5499a4de788a5ece6f3ceb8415462b6292eee04c4c6a68d8597482add6aac553/detection

101.132.194.59:443

# Reference: https://www.virustotal.com/gui/file/a07802bf6ac8c5a64d101d33f99010c5f3e73e3609f84b331fcfc336b72aa9d2/detection

101.132.194.59:9000

# Reference: https://www.virustotal.com/gui/file/0ab53a41d19bf4fb2d3ecb4af5a0629374ec080af7c48fe3d95194cf656d24a0/detection

111.229.90.89:8080

# Reference: https://www.virustotal.com/gui/file/a653e64278421ffa3a3d84d7c0ec881b48f220b21157fea425ee893c430662eb/detection

111.229.90.89:10005

# Reference: https://www.virustotal.com/gui/file/09253fae2e7279e392bd09f8217359194dc13472d15cc506d84ff486c1ee2420/detection

95.179.236.54:5555

# Reference: https://www.virustotal.com/gui/file/cd4d3fee9c5d24f47ff4d0d35a50b1105a92e75c7181c6fd6a6dbb3f4c86513a/detection
# Reference: https://www.virustotal.com/gui/file/f413e4919000ff95e9ffe4b212bc09ef3a9ddf1e1ca4de19e59ac6c32b2a149a/detection

95.179.236.54:1306
pagga.net

# Reference: https://www.virustotal.com/gui/file/e9dc7735e0a4dd1f8b4aa5772296c1534130ec5f56e82024c4368ae4a4eada96/detection

121.36.132.39:443

# Reference: https://www.virustotal.com/gui/file/1aa555818c68fd54759f68af5482389637090b4f77ea5ad2a1fc9f669ae632e3/detection

121.36.132.39:80

# Reference: https://www.virustotal.com/gui/file/0eb0c5e18b832fa336d7cb7f3113de381f104d415cb1031e978228302a961bc3/detection

178.79.134.144:443
tcpsessionsconnect.com

# Reference: https://www.virustotal.com/gui/file/22a6696f66eecd4200c2e70a81072f63504f5981ce568d918ca1ea67e7744118/detection

http://178.79.134.144

# Reference: https://www.virustotal.com/gui/file/b5d95d5b099d97bb34b67c04edd6e58626d49eb0c234b71c58f06d6169741f39/detection

103.14.33.199:443
103.14.33.199:2161
43.228.91.117:443
fllash.org
update.offices-cloud.com

# Reference: https://www.virustotal.com/gui/file/0292971aa7dbe526f8b2cc5fdde8dddc9956576b5d61b7f5e82714293afcd3c6/detection

90.125.116.103:4444

# Reference: https://www.virustotal.com/gui/ip-address/3.120.98.217/relations
# Reference: https://www.virustotal.com/gui/file/d9914d636fe6e6e674e1d85594decf89a87c35bfa2e44f5bf73dfe88f023d320/detection

3.120.98.217:8080

# Reference: https://www.virustotal.com/gui/file/d4d438925fb775a4a599abd3054b036a95f12b4dc9f29d4d1506a985b2c23934/detection

http://49.235.206.130

# Reference: https://www.virustotal.com/gui/domain/f1ash-cn.space/relations

f1ash-cn.space

# Reference: https://www.virustotal.com/gui/file/330354c0ec0e2b1526e109d1e3018781e02c1ef336c6e2947c49ff6eae7df3cb/detection

81.68.220.79:19988

# Reference: https://www.virustotal.com/gui/file/18b8a776a146a8f70cb1759e2209e1306910e572177eae7519f9c5525c83bc15/detection

47.108.69.61:22234

# Reference: https://www.virustotal.com/gui/file/d389987f841e86f26d9b9a63edb5f07e6ed452326663446a4cb75d0d49ebed17/detection

49.235.204.16:2222

# Reference: https://www.virustotal.com/gui/file/4749a3889e6f28618dd509df2d1ff0cd20b5278a516ec07ba414fdcacbd8f32d/detection

http://49.235.204.16

# Reference: https://www.virustotal.com/gui/file/2023a9456cfc41d86cedca003b2d6d8d444b951e01e555d82a16ecc6362ed906/detection

49.235.204.16:8080

# Reference: https://www.virustotal.com/gui/file/15a672607a662e0b8c8d35d86ac8e056be6d582f9aba24392f19f55923047c63/detection

usglobefw04.azureedge.net

# Reference: https://www.virustotal.com/gui/file/2c4b6a96485df3e2f71d5d702b8dceaa24e59bd95688146b7c8acef67b4f35a3/detection

d2c2jjoukxxvug.cloudfront.net
d2pm03h7avw356.cloudfront.net
d3nlhg2r60muhw.cloudfront.net
d3ser9acyt7cdp.cloudfront.net

# Reference: https://twitter.com/_re_fox/status/1325809653100539904

182.254.229.239:8080

# Reference: https://www.virustotal.com/gui/file/6f9381cc332e43a6694e27fb3fa4332926e1d9a8fc0841f921428c35e24f3ffe/detection
# Reference: https://www.virustotal.com/gui/file/c306377eee1ddd473a6a33674dc19831e288f55253bffbf1c49b1afca2f3d666/detection

72.19.12.115:443

# Reference: https://www.virustotal.com/gui/file/bd4b15585ca610eb5ec1834a989841a7a954021f30b5a3c190b46438ee84fb74/detection
# Reference: https://www.virustotal.com/gui/file/7bc243a9bcb1e00808d4f476f88a23aec4df59b9f8931627c7bea62c8985fc16/detection

http://72.19.12.115/k2Fy

# Reference: https://www.virustotal.com/gui/file/ce17f6dea74a71a7907fa4ee7b5dbc57ae2ec16969505ecefea0033ca08e1f46/detection

39.105.160.62:8098

# Reference: https://www.virustotal.com/gui/file/80ebcfdf18af249ae5d1008419a3c2d6f6107cbfa626dd549656806e9f2a8015/detection
# Reference: https://www.virustotal.com/gui/file/bab13f448eb39f975539d8282983b5898e67e1fd9804a309b75ca93a64a73aaf/detection

39.105.160.62:443

# Reference: https://twitter.com/VK_Intel/status/1294320579311435776
# Reference: https://www.virustotal.com/gui/file/590583431e954fffd2e8cc450dbc13d75280687042e1331caa42252e39e686cb/detection
# Reference: https://www.virustotal.com/gui/file/bb4a1bfc461963bfaa2661a8ddb8d961b7d5fdf92af40d2db4581498fc44044c/detection

46.166.129.169:443
mswinupdate.net

# Reference: https://www.virustotal.com/gui/file/6314840653e33838a69da0501fbf061a8da1f5b300fdf7f7a6095c362f0a69f0/detection

192.169.7.160:80

# Reference: https://www.virustotal.com/gui/file/1027f2cf0b1318d8f0fa521198a57046dbe0dbe96c12fbb6ed54e1e6bbbda42a/detection

51.79.42.156:443

# Reference: https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/5/
# Reference: https://www.virustotal.com/gui/ip-address/192.169.6.180/relations

cloud.falconoasisdubai.com
syvansoft.com
gue.life
m33.bar
easyco.club
j3qq4.club

# Reference: https://app.any.run/tasks/21966bbb-91ec-44a3-bad7-2040f568395b/

111.229.163.55:443
hoo.wiki

# Reference: https://app.any.run/tasks/3968c6f0-ad4a-4b87-af15-1914f9801afa/
# Reference: https://twitter.com/Myrtus0x0/status/1334173921533325312

173.234.25.74:443
http://173.234.25.74/9Jdu
http://173.234.25.74/iZET

# Reference: https://app.any.run/tasks/2c4986bb-b857-4fe0-8970-2ad93719f22d/

http://23.227.193.167/ca

# Reference: https://app.any.run/tasks/002c03a7-ff4a-4c5e-8b2c-9588ea7ee329/

http://47.95.32.44/dot.gif

# Reference: https://www.virustotal.com/gui/file/19301c139fe82e40fa99c98626bb01440d9bc90ea96ad245cd453d9a453256ee/detection
# Reference: https://www.virustotal.com/gui/file/50456281509d8a6d0f2a38068300c52bba3f5b4d7e0e659856bcea312cf48787/detection

156.234.168.104:8888

# Reference: https://www.virustotal.com/gui/file/f3549866e58f771a8d587eb9111c3284522422e8b720d6bf4084a2f9d0db8fa9/detection

47.102.217.201:8886

# Reference: https://www.virustotal.com/gui/file/89d3159596848405fb64d403f2839d6d28c0522ecd13eb1bff6041604f559c44/detection

47.102.217.201:8888

# Reference: https://www.virustotal.com/gui/file/6e0e07fda4c862ceb3b7920daf251a226dc757b3a024de22096f1a7a485a4630/detection

176.122.147.196:443

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/7ecf71aacd3df89913fe308dcb84b3c4fa057fbb62fd7d01f54d19088f6e71de/detection
# Reference: https://www.virustotal.com/gui/file/7e8904b605f0fbb2cc752b205647abc63328dc248fa43edd368b872a2da362ac/detection

http://212.48.66.92
http://212.48.66.92/en_US/all.js
http://212.48.66.92/uEwT
http://212.48.66.92/xdcd

# Reference: https://www.virustotal.com/gui/file/269bafb60e5f7a6bc8db0dd33d08841be54f1a17c385fe4632339e43d95abdb1/detection

http://122.51.143.60/loJ7
122.51.143.60:803

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md

91xx.cc
adecco-report.com
adoption-aid.org
d3qa8hx8i84f47.cloudfront.net
epic.pwnage.loc
home.huawei-promotion.com
kalicobalt.ddns.net
mrhacker97.ddns.net
mutual888.best
r1.xn--habibban-kmb.com
survey-monkey.org
ti.capitalviewfinance.com
usahack.xyz

# Reference: https://www.virustotal.com/gui/file/1c3bc54ecdcbce9f2f86db803e36a1500234b38c82d2c0fdd50583da417df183/detection

http://13.58.5.244/paIB

# Reference: https://www.virustotal.com/gui/file/11ba9f4a4275b0c7c8ac0d8019d9f3a81bfc63d45faa889a1e7ee0d16efc411e/detection

http://1.202.156.1/djU9
http://1.202.156.1/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/59346a058455e17f91763a24f5ca2928b8ed761e550df636d3aae7f94cf6de94/detection

104.207.140.218:443

# Reference: https://www.virustotal.com/gui/file/a2556639c5fbf29c6b765147822f9bda7d5f48a683d4c3cc056ef7d0e3729e47/detection

http://39.101.199.31/jquery-3.3.1.min.js
http://39.101.199.31/jquery-3.3.1.slim.min.js

# Reference: https://www.virustotal.com/gui/file/b500e9bcea1e062851b056df947b5415b8f0e74318a4e04644b5dd54b6517f21/detection

http://106.12.215.252

# Reference: https://www.virustotal.com/gui/file/a491e3efefb8ee4f93bf28e791b351fcc3be88ee38116540b76f6bbf1a7b2003/detection

106.12.215.252:8081

# Reference: https://www.virustotal.com/gui/file/2d9c0f7590d97c3be6a52a9cedf26dabecf8972dfe654d2bd4c6cf5ee1b018c7/detection

106.54.241.235:12345
106.54.241.235:33333

# Reference: https://www.virustotal.com/gui/file/d6a9bfa1d0ec3d6fb5ec9b2ce671342473d61bcea0048287b341ec484ad8309f/detection
# Reference: https://www.virustotal.com/gui/file/968011126141a98ef390b0ef6c8be66403e68cfe810ba21f041e3adeb737560b/detection

http://106.54.241.235
106.54.241.235:34567

# Reference: https://www.virustotal.com/gui/file/ccbe10f1dfcfe584e54f993bc0e9eb35c5c145e95dbd2cada3cad1c6aaec2c70/detection

http://106.55.236.131/Et9j

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/556165d841071545a8edf1162080590c50533054e5fbbe8fcafd569590221817/detection
# Reference: https://www.virustotal.com/gui/file/f9e9270991c4d6767cece2dd76a03513d11189f998c5d9cdc94cc48192e20a0b/detection
# Reference: https://www.virustotal.com/gui/file/fff570decdac74231f37526c27ef443c19a0055003ae71c999a37c77922a27e8/detection

http://106.75.78.217/m6uD

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/b61db30cb3c060f843a12dfe0f5bb9fef86c348d5e28977d9ec4c61d821fd110/detection

http://108.61.162.56/MHXo

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/5ecec0f3f1e29ead7673b8d40bf809331ab28af3097f68bd069751961519ffd4/detection
# Reference: https://www.virustotal.com/gui/file/e2b79cc06f2f9e505ca06b97a6751669e7d896f215cb11ffcd7b6b789df33512/detection

http://116.85.41.79/4pfR

# Reference: https://www.virustotal.com/gui/file/f2b7fc575b4cf964b7b3ae6f9623fd01f9820f4da9b3e64dc43bf947359770aa/detection

117.88.56.206:1066

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/3c7a80764b49350026ce689dbb8bc8f3e37a5b4614d1a4a13d927c5b23a1b2ee/detection

http://117.88.56.206/y3iG

# Reference: https://www.virustotal.com/gui/file/341b44a725f69867db7a0dd8e57f0bea7d582bcff86c2579a5d132b9223ded85/detection

http://118.31.1.116/ZTFh
118.31.1.116:50052

# Reference: https://www.virustotal.com/gui/file/c446722ffd564a3287bfd616ea85bdd1e1ecf4a03d77f817a63073dab37a97b8/detection

121.37.23.161:443

# Reference: https://www.virustotal.com/gui/file/745ae375da2ee6be0b641047708532b792f6c634b23eb0402e9136717cd1214c/detection

http://121.37.23.161/d9sL
http://121.37.23.161/ptj

# Reference: https://www.virustotal.com/gui/file/294136ed7aa9d23a4386481e610d066f7e5bf3f37ec1e34d9a15a968ad5862f0/detection

122.112.138.192:53

# Reference: https://www.virustotal.com/gui/file/52d21e5d1289416df9819b00e9f0aaa1105f6050123fb097ed030a963fcd90cd/detection

http://122.112.138.192/8lHp

# Reference: https://www.virustotal.com/gui/file/269bafb60e5f7a6bc8db0dd33d08841be54f1a17c385fe4632339e43d95abdb1/detection

http://122.51.143.60/loJ7
122.51.143.60:803

# Reference: https://www.virustotal.com/gui/file/9d345432c872ec1b5359d2cb5018a4a52c168009754bb0ea4f3aa9bf26e74bb8/detection

http://141.164.56.116/ApHc
http://141.164.56.116/__utm.gif

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/a857c66f44fef41539c2909ac0d69eebf9db1898d0d336fcb0ca626f258eea3e/detection

http://146.185.133.122/vKAZ

# Reference: https://www.virustotal.com/gui/file/2c897aa21d0597badebfb6d8d6326d532d97fe4d30ac65d63ab3b0f58b6dd83c/detection

149.28.108.116:443

# Reference: https://www.virustotal.com/gui/file/cd5b5114360b83f9ce4197346e3c78d7acf9be801dfc7603236feba73f454037/detection

http://149.28.108.116/KdAl

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/bd1db88e8c8c6792c505368c0e35d11f2c02cadfc9c6574eef41f9bc3b733dda/detection

http://151.80.255.19/qSiR

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/c17b3077ace950f0607fa5feb3cdc04bbed3918c7098d5e36ea54490228193a6/detection

http://152.136.223.136/NOZe

# Reference: https://www.virustotal.com/gui/file/3d7db56df63ea0788472bfabd83a5b9d21fc4783a92b918e6d192adee3789f6f/detection

http://161.35.76.1/jquery-3.3.1.min.js
http://161.35.76.1/jquery-3.3.1.slim.min.js

# Reference: https://www.virustotal.com/gui/file/f2d4fa4ed5c6ec715095a4d7f5913035de4f97c96616944df985afe32ac67035/detection

161.35.76.1:443

# Reference: https://www.virustotal.com/gui/file/ef79ce215078a49444e9d78888c84fdf9a50cb4f35c55009f5388fb694c4c7d6/detection

http://182.254.229.239/3hhY
182.254.229.239:8080

# Reference: https://www.virustotal.com/gui/file/80460c85abdfbf40334afb9f1720c38fd8b87f1fc8aa92935cbf53feaf2a4271/detection

http://192.236.195.182/jquery-3.3.1.slim.min.js
http://192.236.195.182/jquery-3.3.1.min.js
192.236.195.182:38080

# Reference: https://www.virustotal.com/gui/file/45c270c69642a44628bbc8fdb49bd0d3530837498d0c976264ff887b4c190cb0/detection

http://198.13.61.95/Whi4

# Reference: https://www.virustotal.com/gui/file/c0347cc14406650c25755451b675d8f69b3dec9ed02fb7b4e23d51c3bc41f433/detection

35.200.81.207:22222

# Reference: https://www.virustotal.com/gui/file/74a386d38daba24e1c9e45228778ef964d10bbf28b0ebf6c9b83dd164806557e/detection

35.200.81.207:10222

# Reference: https://www.virustotal.com/gui/file/fe73fcde87fa0923a0a041abea42cc4ce867cea2e63991af508424dfb4919e65/detection

http://35.200.81.207/pixel
http://35.200.81.207/en_US/all.js
http://35.200.81.207/j.ad

# Reference: https://www.virustotal.com/gui/file/5411ce0ea0ec043578ae544448a6cff9271b06a9662733ec522abeeceaba6855/detection

35.221.158.178:443

# Reference: https://www.virustotal.com/gui/file/5d728f14b30875938342bc545ce6f5f679c33721ea88acc7c48a012569e84d31/detection

http://39.97.187.94/3qGq
http://39.97.187.94/pixel

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/e58bd92cf1b0ea353be74d88cdd107b834560aad1e8051585e7cc9c82dcefbd6/detection

http://43.254.217.140/jquery-3.3.1.slim.min.js
http://43.254.217.140/jquery-3.3.1.min.js
43.254.217.140:8181

# Reference: https://www.virustotal.com/gui/file/fc24ee87ffb99f850567b52466c4f066bd1fd687e25a7ff61676f5efea986917/detection

http://45.14.227.19/9zFc
http://45.14.227.19/j.ad

# Reference: https://www.virustotal.com/gui/file/bc499b4e8ef7f90ad1c2acbd4c37240a45dfd6b589e510d09ae20a2cf384bcf5/detection

45.32.16.101:8080

# Reference: https://www.virustotal.com/gui/file/955af56719c97d47e200fc35dc78f00551d8dc590bd030d1a03b332259b6dd88/detection

45.76.220.75:1234

# Reference: https://www.virustotal.com/gui/file/30a37b19d27a24773f61360a81efacfd71bc543db2ebb5d27b68feded2d621b3/detection

http://45.77.179.157/SoJP
45.77.179.157:8088

# Reference: https://www.virustotal.com/gui/file/43b7199ba9ced50fcda9805a555164c1e4de6998defcc443b4a2cb9103cc2ede/detection

47.101.57.72:2333

# Reference: https://www.virustotal.com/gui/file/f7b2382521ca34a2c85b69df42ffa46d8acddfa532a00b3b3d114a41fe0ba769/detection

47.110.49.237:5555

# Reference: https://www.virustotal.com/gui/file/9c20d2dd36ae54686bcca963174882622ec046704d7725325447f6d3bac42978/detection

47.110.49.237:443

# Reference: https://www.virustotal.com/gui/file/cd6a4fdca0c789141f1969b0e076a47676330da99c7018d63d9b4d7b619e6ad5/detection

47.241.38.143:8081

# Reference: https://www.virustotal.com/gui/file/76d71a6f93f0e3b2eff54fd26eb47ac811f31a954182e96f573f9d780fab841a/detection

47.52.113.152:8180

# Reference: https://www.virustotal.com/gui/file/ca1b9824f2bbac0d5df3fe084c06ca2dfcab5f89b3906e95385658bbe852908a/detection

http://47.52.113.152/activity

# Reference: https://www.virustotal.com/gui/file/2c0701ffcbca2fa3d1db55864e016bf3a0ac3cfeb6721d8d78edc1067748b03e/detection

http://47.52.113.152/fVRN
http://47.52.113.152/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/0ceaf7d3a3b4e5d449ab2f60503b3ad2033ed7c136fa8f860548167abe8c9879/detection

47.93.16.255:12344

# Reference: https://www.virustotal.com/gui/file/a020ef2407ac9fdde89fc5bc25d7928c727970851a7640cec5c9c98cf5a2418b/detection
# Reference: https://www.virustotal.com/gui/file/c2b7de1d5fb6b68b2511eaae6e8e9ada28c68ca3af0afff1461f16664017839d/detection

http://47.98.103.103/EXhW
47.98.103.103:8080

# Reference: https://www.virustotal.com/gui/file/9d0608d655369f6560108f00950937f2cd9cd71b4db086f906281be8bdb76623/detection

http://49.233.78.35/SZ9v

# Reference: https://www.virustotal.com/gui/file/e99afaac02cf8ea99cc6ccaac40a4bb2fb183966cabba96b8862313c7c20ccfc/detection

http://49.233.78.35/a5rT

# Reference: https://www.virustotal.com/gui/file/952e2e21c3349c7892a6cb1951cae0c523a32f66867042f887574d7c3163fa88/detection
# Reference: https://www.virustotal.com/gui/file/d1c711612bd8ba0d00ec0283208570a28a3e1425353c7b32700d86a87b0c027e/detection

http://52.255.154.38/De9z
http://52.255.154.38/pixel.gif
http://52.255.154.38/g.pixel

# Reference: https://www.virustotal.com/gui/file/e52b3b550113df657254843dc3ff1c2c38c0402f59a88313ace9b91656c95fe8/detection

http://54.196.84.189
videoramjet.com
/messages/DALBNSf25
/messages/C0527B0NM

# Reference: https://www.virustotal.com/gui/file/6bddcb99c930698afef5134df4fecc1c4b48872d36a39614858b56f7327a5139/detection

http://59.110.158.22/wK8b
59.110.158.22:8000

# Reference: https://www.virustotal.com/gui/file/805cc20ae7a6b67fc3ebf0ea1075cc5c252ad55dd0c4fe7ad3ed430d08a103d3/detection

http://60.205.220.98/pA2y

# Reference: https://www.virustotal.com/gui/file/04d8b4613286225000f5271e9868e307790a975ff456d767afe82bd919456106/detection

http://60.205.220.98/YOSa

# Reference: https://www.virustotal.com/gui/file/af30a0c199021767e0984baf57669f530f31c380c7a4f11043240d470c30060b/detection

http://60.205.220.98
http://60.205.220.98/Mcx4

# Reference: https://www.virustotal.com/gui/file/9992aec878d603fe2a1458751b77e4ec552f6cf8c6c09e48c5f807133dc1ba13/detection

64.69.57.84:443
gov-hr-no-reply.org

# Reference: https://www.virustotal.com/gui/file/adf27955e0fda73c5d1b99e814bee601bcc8909b55920f837abf51c1ff788dfc/detection

http://64.69.57.84/cwM5

# Reference: https://www.virustotal.com/gui/file/043ea2bae5f7cff876da42f32f3240274a649fd49a85389fd490801ab6f623be/detection

hr-resources.org

# Reference: https://www.virustotal.com/gui/file/e3efd291e531278a04e309302c35f8933d6bbcb732039f81bf2500fbef66aa34/detection

71.10.16.250:8443

# Reference: https://github.com/re-fox/documentation/blob/master/malware/macros/cobalt_shellcode.md
# Reference: https://www.virustotal.com/gui/file/47738baf983269d039fc55067746dccbac57f30ad2ffa910d4f7497f96f9229e/detection

http://74.120.172.183/SBfa

# Reference: https://www.virustotal.com/gui/file/464484289d028509c89d5e8056dfcc5cee243ebff12701297fe4856fcfaa4932/detection

http://81.70.56.208/CPde
http://81.70.56.208/push
81.70.56.208:4433

# Reference: https://www.virustotal.com/gui/file/2d1b87e82b7fea8f7c711debd2fe92ddb01ad18784159a714a8e4dc894f95727/detection

95.169.14.147:8081

# Reference: https://www.virustotal.com/gui/file/6400f9fe827967816f16f2af43b53754f5975c64db570a7de7fba69206fb7b13/detection

96.45.183.244:8080

# Reference: https://www.virustotal.com/gui/file/882c3f41c3f8ff6e299db8a6a6785122bbe7c00eb3ffa86ca77653a5729772e4/detection

96.45.183.244:6666

# Reference: https://www.virustotal.com/gui/file/1a0f48e56b2f58ee11e88ac911d5598f92ec8734feb8c66fc95e7de18dd39b21/detection

http://96.45.183.244/tM2i

# Reference: https://www.virustotal.com/gui/file/ca4963745454cc8584cec4e53d27d78c86a4766a4f69b0b37617efcd915621c8/detection
# Reference: https://www.virustotal.com/gui/file/7d7f4996fa545e1f908c24755b0e497351e1efe1ef4d046ea2ed92be132411bd/detection

45.147.230.132:443
boost-servicess.com

# Reference: https://www.virustotal.com/gui/file/656381c997f4757689bc31d9b9f365eabf1bdc088c7dc8b75ce7640addb30aa2/detection

119.45.4.42:8888

# Reference: https://www.virustotal.com/gui/file/f4777116f503931aaf7953401a7e88c7bf602cbfc118152cff38c0bf96ddbcf2/detection

119.45.4.42:5555

# Reference: https://www.virustotal.com/gui/file/7f12220502b6baed9cdd0fc89c88dc7c47edc785335bdc475de882defe9f4dcb/detection
# Reference: https://www.virustotal.com/gui/file/d1406b32581483ffc9797a6c0bd398414d7be34c490f9a648a011be3832ca43e/detection
# Reference: https://www.virustotal.com/gui/file/d2258ff4a177be2bcf20d92b9d2d1a62bb0e79f61761537a2ebb12ab8aeedf62/detection

45.134.83.4:5001

# Reference: https://www.virustotal.com/gui/file/6344073807b66a646ef744921a8f8de485611fd4dfa4a4011eefe81290c04578/detection

175.24.47.183:443

# Reference: https://www.virustotal.com/gui/file/8f05930f9f26275c4101517d475ee318c7fe62f302d5490ac05bb9f0003986a2/detection

http://175.24.47.183/visit.js

# Reference: https://www.virustotal.com/gui/file/cc0b38eec38df97ef265821434574567f0ad1e72bb3fbc133bd2ae7e723a95f4/detection

123.56.26.234:8888

# Reference: https://www.virustotal.com/gui/file/1d0107571430b4a54fb17bfffa3218541f382d570f06052577e6ca6b8885c640/detection

http://153.92.0.100/c/c13.php

# Reference: https://www.virustotal.com/gui/file/67284ed3e60109a2beaf8a7ba470b30ee49fcc6403f3cf060f0ba393cfcffb10/detection

123.56.127.36:443

# Reference: https://www.virustotal.com/gui/file/f1c19f195a0830ba7e4a15b32b50a606d198b4c5bbac09ecd4316f14bf4ddf0c/detection

123.56.127.36:8972

# Reference: https://www.virustotal.com/gui/file/6e7859a64cff67dcf12c5e092a7d8f3717cb8e072b4e9552bd7a25bc2b4b1302/detection

http://185.205.210.46
http://95.179.177.157
apps.vvvnews.com

# Reference: https://www.virustotal.com/gui/file/ec063c3d4d9dc6e65f0b8147c24d96e651e54919927af2e5bf05cc1357ef82c4/detection
# Reference: https://www.virustotal.com/gui/file/f7cf3384c7393105be4937d0db3f2f4fd449e907d3706b4ebd00021ce97cd1b4/detection

95.179.177.157:1444

# Reference: https://www.virustotal.com/gui/file/1d8da51c622b387d932f2efe082cc501ca1ea26ea5dc708e513cb45f403b00f0/detection

eiphaem9aifur1udaizu.badedsho.space
ooliey0phuoghei2cei7.cleans.online
oow8phokeing6kai5hah.glowtrow.online

# Reference: https://www.virustotal.com/gui/file/074cdc735747bd83b86127b057eefe8db934f96dbdc635c548541a1735dec3e0/detection

http://185.191.32.161/push

# Reference: https://www.virustotal.com/gui/file/9b7bfe03e7f4bb404da8f449efb8a207cb1bafdff29a2e865129263314a93e01/detection

185.191.32.161:6016

# Reference: https://www.virustotal.com/gui/file/b5dca5c9475c19b26e3b3910ad032535c85f5730ffd3b265381554da2c3d9f84/detection

175.24.68.66:11111

# Reference: https://www.virustotal.com/gui/file/a2dedf260283a55f3c0905fa31202787aac1357e400c9fa14f89380d9045d1d5/detection

81.71.123.105:8901

# Reference: https://www.virustotal.com/gui/file/3fb5cdd21ac199b127d0c4eec01f223c360324004d52a103604b185c6890220e/detection
# Reference: https://www.virustotal.com/gui/file/afbc49023b9dda2f072fcd85903e4e11f8a04098d8c278b1c93d3b9c4b08d1c5/detection

106.12.45.140:8081

# Reference: https://www.virustotal.com/gui/file/ae2f7ab26f1ed5b3116b62be5b818b57acd79ef0a0a1ee95fbdd6ffa422426c9/detection

39.100.128.14:8080

# Reference: https://www.virustotal.com/gui/file/100d532378e5d7fedb60171f3293e9a4a7d8a6f5f826d7b3706b524b6dca3f66/detection

romansoft2016.asuscomm.com
rs-labs.com/jquery-3.3.1.min.js
rs-labs.com/jquery-3.3.1.slim.min.js

# Reference: https://twitter.com/malwrhunterteam/status/1328324828365991936
# Reference: https://www.virustotal.com/gui/file/a3955af0613cd3dc48bf96bfc65f30bfc13b64fca43b5ffcf2a8a0c6bc47361e/detection
# Reference: https://www.virustotal.com/gui/file/3851e5786386acc5f6eecfe385a3811102f984cc1dd974981b376acd4e6013bc/detection

45.134.21.8:114
45.134.21.8:61
45.134.21.8:62

# Reference: https://www.virustotal.com/gui/file/3570978d39cf1b1d55a6255ddb76394867fcbff8b5590d3fe934b57cbd674208/detection

http://45.63.58.134

# Reference: https://www.virustotal.com/gui/file/7a287dcc61773269eb2966ce964c033f2fb703ba15549739baf68aa8b2a5e07a/detection

http://178.79.174.78/cx

# Reference: https://twitter.com/Unit42_Intel/status/1328425382140387328
# Reference: https://github.com/pan-unit42/tweets/blob/master/2020-11-16-Cobalt-Strike-IOCs.txt

http://185.99.133.180/IE9CompatViewList.xml
http://185.99.133.180/submit.php

# Reference: https://www.virustotal.com/gui/file/74d3bba6147343c9ef2ead56e1b234136d23b493f458c8833c8689127e70c908/detection

118.24.85.85:3306

# Reference: https://www.virustotal.com/gui/file/37a1d16fb8e503d3f9f595835e57e70a053d30c60e1b14900c44275b6fda951c/detection

118.24.85.85:45000

# Reference: https://www.virustotal.com/gui/file/dc7df8d601d61b38fe25dbe42bf9f771a1ec6e38fdc5a3898eeb5b05f5602f91/detection

94.191.105.132:8888

# Reference: https://www.virustotal.com/gui/file/2d5faced5204d48393de832009681a7fc93cb4bc9258afc4ef1bcf9b96995cc1/detection

94.191.105.132:1155

# Reference: https://www.virustotal.com/gui/file/0dd1b79d72cd349abed49d263bec1e93efd265064b2028d06f0d793f36486e70/detection

94.191.105.132:5353

# Reference: https://www.virustotal.com/gui/file/096211fce668ba1868d28aa1381643c7a69dc18eeda09e428921b8f1fa247de2/detection

http://94.191.105.132/64.txt

# Reference: https://www.virustotal.com/gui/file/9afc0365f71f68ed6ad038d21e9b33abd780d1cb48a2544daf64ead6789b59e5/detection

158.247.195.228:8080

# Reference: https://www.virustotal.com/gui/file/f6271a4328267413eb1c413068942b23289a616c74b24a5fa9955eb495c0cf28/detection

68.183.64.4:443

# Reference: https://www.virustotal.com/gui/file/bea6ba2864dee681775d60bec57c9dbc72910de304200e3e9f7c1446728df432/detection

120.79.37.40:6969

# Reference: https://www.virustotal.com/gui/file/ef26ca830514fa2ed1ea2b3dc297da428bc3f844a11abf7efce0031847ecbfd5/detection

42.192.85.158:61111

# Reference: https://www.virustotal.com/gui/file/de35644b2da01077bcfe3c3ea851c4570622b92e977f18d6c7e6d90f0c12a64d/detection

42.192.85.158:65511

# Reference: https://www.virustotal.com/gui/file/bccf9ce59ec40d342c0f8ab027475ae67d42199fa0e97acab82a67d3b0758565/detection

183.230.14.175:4445

# Reference: https://www.virustotal.com/gui/file/51f788d06153a8edfa2f926b025dd682f03f68db7fb06eebb1d4913ee95428e0/detection

http://124.156.146.4/jquery-3.3.1.min.js
http://124.156.146.4/jquery-3.3.1.slim.min.js

# Reference: https://www.virustotal.com/gui/file/94ec64a350a488382be5c66bfed44bbf9d34381935cc943d6f169e932ecf8447/detection

78.128.113.14:443

# Reference: https://www.virustotal.com/gui/file/617804572bba6037d7384e8604611689150759d1309a759749f96098c9f1e66a/detection

175.24.3.61:8089

# Reference: https://www.virustotal.com/gui/file/4742666a73b53ca2ec59175ccc68836e1ad13658e780583fdd329df4a0e7b353/detection

175.24.3.61:8443

# Reference: https://www.virustotal.com/gui/file/ad3805ba7b05e346554ab7bec139d2546c95c6cad5ccd38565d22ca8a7e3cf4f/detection

49.234.112.148:42906

# Reference: https://www.virustotal.com/gui/file/3cbb49bad573702295e234888496502ad92df09b28bd25012ae9dd5ac7b0b712/detection

http://49.234.112.148/dot.gif

# Reference: https://www.virustotal.com/gui/file/9cec131ed54b1ea836a6b2c009bdc158327621a0d724bdf9be78692a444395bf/detection

49.234.112.148:10021
49.234.112.148:10063

# Reference: https://www.virustotal.com/gui/file/803e605d046bc38f142dfa72159d940c4ea39fe1a4d547a6423d4cea1cf79460/detection
# Reference: https://www.virustotal.com/gui/file/2cae51376a229da171e6a772a9088c60f28929b54f005f3f0202588cf7d8118f/detection

188.119.112.174:443
188.119.112.174:8081
girls4dating.asia

# Reference: https://tria.ge/201120-artt41g8gj

85.143.220.196:8180

# Reference: https://tria.ge/201119-rv4fmbb6h2

d25bm6hkar6nys.cloudfront.net

# Reference: https://tria.ge/201117-cshe9df3ts

glowtrow.online
badedsho.space
cleans.online

# Reference: https://tria.ge/201117-865grrwyln

glowtrow.fun
cleans.space
glowtrow.site

# Reference: https://tria.ge/201117-a93dl7a8c2

universalec.com.zclngty.club

# Reference: https://tria.ge/201117-4mjw4vbxjs

paic-agent.com

# Reference: https://www.virustotal.com/gui/file/3052d4b0bdc509213ec359c66e114afede130eedd1e6baf548721f8761ea8ab8/detection

31.214.157.38:3982
mahalaka.hopto.org

# Reference: https://www.virustotal.com/gui/file/7a71e2a36327b12faa710b2cf281cb175803a4cec83dc26434298020be6b9e3d/detection
# Reference: https://www.virustotal.com/gui/file/d32a1f3532d271c198cd256af4401b20802a83dfe36867d9517f7a91e657b49e/detection
# Reference: https://www.virustotal.com/gui/file/b8cfdc616fa79f73d12d5dd8ee14ecae82c2bb55232d56cb98f92fd7ca2674f0/detection

http://54.234.214.221

# Reference: https://twitter.com/malwrhunterteam/status/1329800283405299712
# Reference: https://www.virustotal.com/gui/file/381ed40735167b76b29f53a84f4c524c7059b50367576f7d295d58d3d45d837d/detection

45.147.230.0:8080

# Reference: https://www.virustotal.com/gui/file/242d147695e36440905fbfee8e5a2ce1ca4ece6f77053fc87042b93351ae3fdd/detection

144.34.178.133:1234

# Reference: https://www.virustotal.com/gui/file/fa7b8e7b2f3357a300d16393d2d4bd79f9f484551ffce610356c83d6a5bb464f/detection

144.34.178.133:4444

# Reference: https://www.virustotal.com/gui/file/d46cbe962eb9ad1eb622590a8af8831eced724d80ffdea3c62416f74a9dfdee8/detection

81.17.28.82:443
driversupd.com

# Reference: https://www.virustotal.com/gui/file/63385e4cd4d6055d928d8636b341af27dce32b09df9c6bc47258ac5d42f030f7/detection

43.226.152.6:3665

# Reference: https://www.virustotal.com/gui/file/b5d6f03dff65732c2726be7d6a85304a6681aa61ad4983c66520bf7c1ede87d0/detection

139.180.203.104:443
microsoft.systemservices.network

# Reference: https://www.virustotal.com/gui/file/fe68261d34bc36d24aec8f42eb7a71f37e7137a439f093fcf6ff20254278b849/detection

http://139.180.203.104/pixel.gif

# Reference: https://www.virustotal.com/gui/file/95a7bd7bbaf0f82a13e18c9b6c5094e734f65fc560524b15e220b7b98da0f5bc/detection

http://139.180.203.104/Vaq5

# Reference: https://www.virustotal.com/gui/file/bb3bf87670b617cce0302726d13a2d80392f85a361bdbc6e43ffdb4aa441a2d5/detection

47.98.53.81:12345

# Reference: https://www.virustotal.com/gui/file/fe58643d8cd2e2215824658f9847f3998d040c0906ae575199dd96032db047c8/detection

47.98.53.81:5678

# Reference: https://www.virustotal.com/gui/file/8e004fb428b3da9f015ffffee201dc751f48c3d8a8048b404a17156f48e1eecf/detection

hotel.azureedge.net

# Reference: https://www.virustotal.com/gui/file/fbb7294818e5822b623b812b1f6cc6dfdb37958ec86c59845a05a9d0bd29c429/detection

103.56.19.57:8011

# Reference: https://www.virustotal.com/gui/file/02e3bd7380af6941e070cb1d5081ee8c553eca574ccb4116e5fa6dd53e8ac90f/detection

103.56.19.57:8080

# Reference: https://www.virustotal.com/gui/file/c585269efa9af762d44a31334e250d4d2225f7ea2c3c7168f653b852fcd67383/detection

74.82.205.102:4433

# Reference: https://www.virustotal.com/gui/file/2672c889f74d8a7482735c4e5e69125fcd361e2b726f0efef85147c217030a24/detection
# Reference: https://www.virustotal.com/gui/file/869786e71751e7a96b5d463dd84155b0ef7b1bca688f3316a56fe4aa47250ed7/detection
# Reference: https://www.virustotal.com/gui/file/b62db92062c358a7c27543b6d33ad0a6492dcfe0ac1e73d133e58eb95610d455/detection

49.235.230.115:9090

# Reference: https://www.virustotal.com/gui/file/3b48d22d508ac31820d79b6392da0513c07cfee9ccfb6aa18200c04f279c0f92/detection

http://43.226.39.8/pixel.gif
http://43.226.39.8/ZWjB

# Reference: https://www.virustotal.com/gui/file/80b9e5b0af31e1848156a01f5228736a7961205c706051501e7d4a6bd5369641/detection
# Reference: https://www.virustotal.com/gui/file/9220e87e2f9cdf87f62d6f35e42c25695037e2bb7115a16b638b1e2a3e52175f/detection

154.221.28.190:8888

# Reference: https://www.virustotal.com/gui/file/d46cbe962eb9ad1eb622590a8af8831eced724d80ffdea3c62416f74a9dfdee8/detection

81.17.28.82:443
driversupd.com

# Reference: https://twitter.com/wwp96/status/1331067128150102016
# Reference: https://app.any.run/tasks/1c8330e1-f622-428f-9d99-7644562ce29d/
# Reference: https://www.virustotal.com/gui/file/8dafde4809fae1db6c2de051de9a005c43c4b0218af4e3c1f30fa6a0f65316fc/detection

http://176.123.2.216
176.123.2.216:443

# Reference: https://www.virustotal.com/gui/file/03f1106b8dd0358866fa44bba022b7c556f8d7a006d2a8336711e9aaa01934f7/detection

165.227.199.214:443

# Reference: https://www.virustotal.com/gui/file/1f760a55c7704267c5757d86a4959fb9278e1699efac8ae153298b46a9f9bab0/detection

144.91.119.150:443
powershell.services

# Reference: https://www.virustotal.com/gui/file/844f919caec3c6d941ad22a49ecb7e289cadec865e45dd7812a064fb694b98c3/detection

96.45.188.69:12554

# Reference: https://www.virustotal.com/gui/file/b4f2a04a299cbed3500294972428948ce767e3ef98c06c724d7a2662438b3c1d/detection

96.45.188.69:8888

# Reference: https://www.virustotal.com/gui/file/d68f75ec6e2c9a35f1992ff66cadf000db1941a05c331e93bda8ddeea3ff7e89/detection
# Reference: https://www.virustotal.com/gui/file/187ae89a0b4bf3b2e25c3f8f8fc6737d41cb33304d6bd4998b07efbac3318ac1/detection

39.101.199.31:80
39.102.120.235:80
cdn.bootcss.com/jquery-3.3.2.min.js
cdn.bootcss.com/jquery-3.3.2.slim.min.js

# Reference: https://www.virustotal.com/gui/file/7f8b378a273ca7926f17e5542acf2057ad8acd144ce04ef610ea7d76646156b7/detection

47.97.75.227:9999

# Reference: https://www.virustotal.com/gui/file/2f06e1ebb58084266d0dbe4942c904ab2b75f747433328b4810ea8f628859ece/detection

47.93.42.183:3432

# Reference: https://www.virustotal.com/gui/file/bd56b8a4bf5072417ed9e31818b0fdde1645ba2c25c2aaf20d8ad1902eaddbcb/detection

47.93.42.183:4312

# Reference: https://www.virustotal.com/gui/file/b7c75cdfc47b81b0a156f8ccc8fd65f42b2bbf473a4d9b359e3fbc0395de69e2/detection

http://103.39.217.134/hYLP

# Reference: https://www.virustotal.com/gui/file/e2002eecffec3c3075629dd38a447c4b7c54bf4d5c695e454001eb49563900d1/detection

http://103.39.217.134/vaP5
http://103.39.217.134/updates.rss

# Reference: https://www.virustotal.com/gui/file/df1b0c4a0da231faaeca990ed959419919fd43bf53b41469427ecbe797793612/detection

http://103.39.217.134/b7Ky

# Reference: https://www.virustotal.com/gui/file/02aa893ce29d4b94a00a6784ffaebafa8578fe6b73f7f162eb66a41f572debb9/detection
# Reference: https://www.virustotal.com/gui/file/18848c50d4479a4f595f51081ae7feaca509c6fd9516f0120db443d56519896d/detection

103.39.217.134:9527

# Reference: https://www.virustotal.com/gui/file/844f919caec3c6d941ad22a49ecb7e289cadec865e45dd7812a064fb694b98c3/detection

96.45.188.69:12554

# Reference: https://www.virustotal.com/gui/file/470184351398597c6b608a8420a1733c4f12dd53ca763d383327c5b826be58ee/detection

96.45.188.69:8888

# Reference: https://www.virustotal.com/gui/file/ddf9264c245a187b876376ea8f4d87d8065c5f955b7f51f01b09dd474e534102/detection

47.93.116.160:6606

# Reference: https://www.virustotal.com/gui/file/1c4ab8c457ae7d1a22abbd93ea41f1500fa8b94c8bb555ce68f50049bd1f5869/detection

47.93.116.160:8808

# Reference: https://www.virustotal.com/gui/file/0060448db81e7d89207253bd49b780d2a4d6f066214511bcff8c7fe66175a110/detection

47.93.116.160:8080

# Reference: https://www.virustotal.com/gui/file/b18d2f4e34ab368e270e809016b0ce5ce689bedf46c9eccd9b4966780ea5b5e4/detection

47.93.116.160:8088

# Reference: https://www.virustotal.com/gui/file/bcbf609c4e41b03edcc055cf0db87ebcc8c555fa8d78284ffbf2d2636b4d5961/detection

47.93.116.160:9909

# Reference: https://www.virustotal.com/gui/file/92b180bcdc8a906b86f90ea181fc09c4764dfc47201c8dd05fede2fb86e7bbea/detection

43.240.156.5:443

# Reference: https://www.virustotal.com/gui/file/56b489cb23a47dcc4e8dba401d7521675cccbee72f9b73e38670eda8304856a8/detection

43.240.156.5:6060

# Reference: https://www.virustotal.com/gui/file/4e05f08cd26671a8fec3c8687d5c18fe6e8aa2f3b0d773ea930b3a1776799bb9/detection

43.240.156.5:8080

# Reference: https://www.virustotal.com/gui/file/4d4c79a03d00fbdd34f3a511100b7fe8b56e7a31eb2b3b4eeddaf56e1afa7a7b/detection

80.209.241.7:444

# Reference: https://twitter.com/malware_traffic/status/1331634103591063552

199.217.117.184:443
199.217.117.184:444

# Reference: https://www.virustotal.com/gui/file/3ee84da35a45fbea2921fd6998803dff1f7ffa42692f38bdb18ab27ceff8821c/detection
# Reference: https://www.virustotal.com/gui/file/6c0f6a7bbca83f4486d8f7e4b44967e9a729ba2f7896475bd593b955b5d58aa2/detection

http://8.131.96.175/9njL
http://8.131.96.175/__utm.gif
http://8.131.96.175/submit.php

# Reference: https://www.virustotal.com/gui/file/09ca93b8d8a96574de2df02296e8786cfe2a90b02a0da21a776bcee7d5eeb58d/detection
# Reference: https://www.virustotal.com/gui/file/c599ec2159d8d97ab77a183107d8b22b05b7375a660e35d1a06502edac05d600/detection

http://124.71.155.107/oMQO
http://124.71.155.107/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/a5c9be733aa3bef8f3de2b6a60b64570b7752af1c42ecd47902659f4bc6b39c7/detection

123.57.190.31:8080

# Reference: https://www.virustotal.com/gui/file/a4cc50c504d79641dcb4aced2f6d5a780ec8f90e73d09bed17bc8219e4b138a0/detection

47.92.33.59:18310

# Reference: https://www.virustotal.com/gui/file/e83f5dd498184f81fb20fd13ebca29b9975805edc8be92d446f76a6a466f3831/detection

http://47.114.39.239/g.pixel

# Reference: https://www.virustotal.com/gui/file/ba0666b5b5f4a1ea37862624256ae6ae12c1e666a7530e8625cdea43a99a3814/detection

47.114.39.239:12345

# Reference: https://www.virustotal.com/gui/file/6e54203caece33561d723d0b3eb5c728eeb32712553f2228ed3d725028992c4b/detection

47.114.39.239:4321

# Reference: https://www.virustotal.com/gui/file/55bab42b7f2df407d3476ec14f505ebd18e37881952f0cc684864ff0d3715950/detection

172.81.250.135:443

# Reference: https://www.virustotal.com/gui/file/4524ed179abbabe030ac86d6749f1e4cd89e1967b7273187b1a7f7dd327480a2/detection

172.81.250.135:9998

# Reference: https://www.virustotal.com/gui/file/e4c3fe5e5784a2339414853e2b4e957819621a28742c50c085da5dd9c5de6124/detection

116.63.181.150:443

# Reference: https://www.virustotal.com/gui/file/2a089d2ae1a727ad3aa88588b6a8a705c5e7c4245f867556cedae9a7fbeb61d8/detection

139.196.21.224:33060

# Reference: https://www.virustotal.com/gui/file/0fae1cbc98e8cd5d6cb63ac0df293ab51aaf27385e58e5edb6bf146aac487ca9/detection

139.196.21.224:8080

# Reference: https://www.virustotal.com/gui/file/57cbe5e9a60549646c81e3301fe3e91f1e589561cf6b5ed9c42f7866611be764/detection

139.196.21.224:8091

# Reference: https://www.virustotal.com/gui/file/1db461e68c1eba2254ce9777c637b23fa9cd1bcf9f07721a5c7bbe0429b824d6/detection

47.108.92.73:60080

# Reference: https://www.virustotal.com/gui/file/d55a4da3be9ed2a5ba9c18367f8f2d08931e31d65f607341f9b620696478a35e/detection

47.108.92.73:7001

# Reference: https://www.virustotal.com/gui/file/28982143a30c84917fa6f6528299eab9d731537a730c78a57fb69c565c9123d2/detection

104.27.172.56:8880
cs.tomassky.cc

# Reference: https://twitter.com/d4rksystem/status/1332021306095759368

43.255.30.192:8848

# Reference: https://www.virustotal.com/gui/file/02902cd3128b70961053ae8978958085f17da4dbf5b5cdecfdc5a794b30c7184/detection

47.103.213.82:4564

# Reference: https://www.virustotal.com/gui/file/0f3fb784daf189ef6d715a22935f167adffeefb011ebac2851766be344a74bdc/detection

47.103.213.82:44415

# Reference: https://www.virustotal.com/gui/file/a1a682a11c6cb6efff714f444c05ab8b9c38f03a4f880f5766a84e09e5f87cdc/detection

104.248.148.158:4444
167.172.5.160:4444

# Reference: https://www.virustotal.com/gui/file/b4433d8598e1cd33f76ca0d90489c39f31ba719dcebcabb9eb4f1038c2b7ddbe/detection

104.248.148.158:443

# Reference: https://twitter.com/d4rksystem/status/1332359186215276550
# Reference: https://www.virustotal.com/gui/file/8fb330ad33623311934e11c6baf785c8d47adf8f0bcc3dec251314faa4f22973/detection
# Reference: https://www.virustotal.com/gui/file/dada30ae6d4d5dfc6752c653eaa5555ff54547416d2f29845921bbb5c28ec7ed/detection
# Reference: https://www.virustotal.com/gui/file/a4d7c3783abb6d4ccbb9b64633fbefe3522a688e5abaccb305549624282d504b/detection

http://94.103.84.81/cm
http://94.103.84.81/g.pixel
http://94.103.84.81/SKuI
http://94.103.84.81/submit.php

# Reference: https://www.virustotal.com/gui/file/8f6c6c6857eb174213ee171e700f4a9f938c6ee09f7ed25fa0d058543c000a11/detection

49.232.203.19:1234

# Reference: https://www.virustotal.com/gui/file/86fce281b97357cd2e70ad8be424825925e8bbfa6cd4ac815277e69b3289a89d/detection

49.232.203.19:3333

# Reference: https://www.virustotal.com/gui/file/b72c2c98b4679c05706a07e069d75fb2a07a95c5c9009bb953a4ee414fa56e15/detection

http://176.123.3.108/9ioK
http://176.123.3.108/cx

# Reference: https://www.virustotal.com/gui/file/aae9ae1e90db9ecffa9eb7daabeb0c9b0b5ddd734986a29ece24edae6a33fa81/detection

http://176.123.3.108/BhfL

# Reference: https://www.virustotal.com/gui/file/7d12f0760d38b502718d23e10207824115a16cfbfab72752c494792413fb5c50/detection

176.123.3.108:443

# Reference: https://www.virustotal.com/gui/file/98c0c3b8a81d32d8c09ddf8bdf86667361dbef18fdd58f08945f7ac39a5cc4b5/detection

45.77.19.7:12345

# Reference: https://www.virustotal.com/gui/file/c98b06b3cd2c8a324b913e8246eb2c56848f1ed0cd1964891df41aa0f4128972/detection

47.98.151.153:6666

# Reference: https://www.virustotal.com/gui/file/7c8bf39daa154d4f7e456285569687a41d0bf120962f17216f686bbe1c26223c/detection

47.98.151.153:8888

# Reference: https://www.virustotal.com/gui/file/10ab80b1134f8d96d67924fde4096185e4b21ff2a795aa3fc317eb7cd2491483/detection
# Reference: https://www.virustotal.com/gui/file/5b59bc38d6c13b08859b793ec8b4ab6932d9f2fc4e9330ac9ed08af50bed26cc/detection

39.102.64.207:443

# Reference: https://www.virustotal.com/gui/file/7ddfc90224ea8a4247e4179ac0bdc36355cebe7876c669a4f09111cb4c1dd8c8/detection

118.126.66.150:2233

# Reference: https://www.virustotal.com/gui/file/8865e9bc5221c321a9ae17eb92d3e5bfc7ef61debcc0840f515a3ebbcf3cf3be/detection

118.126.66.150:22211

# Reference: https://www.virustotal.com/gui/file/a8ff149ec3592c55322c6c28f4ef9b4e217fab646ff0891ca16d7fa9664fd539/detection

http://118.126.66.150/Encrypted1.mp3

# Reference: https://www.virustotal.com/gui/file/ea4c60fcb0eb8b0545caa1a04c1f1d83d949e2f9e88e8f4c34234ba10e6ddb82/detection

http://218.253.251.74/aY8k
http://218.253.251.74/g.pixel

# Reference: https://www.virustotal.com/gui/file/6ace78dcc968c6dac6d62a19c95144c587c59635caa414c772f183b8bdc8d40d/detection

http://218.253.251.74/nvB6
http://218.253.251.74/ga.js

# Reference: https://www.virustotal.com/gui/file/607b31170981013fd2a0b2d4b57c4b3ee1f580745e1dfda8c7bea926cbffc702/detection

http://218.253.251.74/SaGa
http://218.253.251.74/updates

# Reference: https://www.virustotal.com/gui/file/b48d95dbfa90aa9982d9a7a6ecb304eaad0ccd380f891aa7ec10074d71f9e086/detection

218.253.251.74:443

# Reference: https://www.virustotal.com/gui/file/3373a1b27de2f91e4b3ee2fc0a399a9f9417fc5ff899ea0910f29681ba6963cb/detection

218.253.251.74:8098

# Reference: https://twitter.com/_re_fox/status/1333621485064368129
# Reference: https://www.virustotal.com/gui/file/b32281d7f00b086d41d7f19d7723ecbc4cc897ef75865c8da177351588cf9fa4/detection

39.106.226.204:8083
http://39.106.226.204/6ljP

# Reference: https://www.virustotal.com/gui/file/b63c9360d731038eeef5da2dfee933378c5910ca82724173207089a3c58bad82/detection

103.133.214.253:3309

# Reference: https://twitter.com/d4rksystem/status/1333848341239582721

193.187.118.232:443

# Reference: https://twitter.com/malware_traffic/status/1333565587163815937

206.54.190.220:8080

# Reference: https://www.virustotal.com/gui/file/ee11d26a1ac7b60bfd92a62cbd191eaedc83c8c0116e8ae8f6610a8e47c59de8/detection

microsoft-updata-info.monster

# Reference: https://www.virustotal.com/gui/file/5ce0be92070b2600b04ec18d9ee6a02f2e7dce330a49d6e865a430a8a92fe68c/detection

104.24.126.54:8880
104.24.127.54:8880
172.67.212.101:8880

# Reference: https://www.virustotal.com/gui/file/09750fd4962b8e5ab205f36b5316346a9ad4e60afc9fb29167abef0c8daef6f0/detection

139.180.194.87:2233

# Reference: https://www.virustotal.com/gui/file/0a3fec45848cac6231aeccad4cf934c7d003a26e8400a13207e3e976aefa6f76/detection

139.180.194.87:35578

# Reference: https://www.virustotal.com/gui/file/e0cb2b65e10e21dfec69d699b48db046908a1d2318c706cebef94a155de3bbda/detection

116.85.69.58:443

# Reference: https://www.virustotal.com/gui/file/9f84d0d8cb6da41461fac8bb84fab901fbb044f409d1bb245d24c201c0ecc8a9/detection

118.31.47.97:5555

# Reference: https://www.virustotal.com/gui/file/4a143c58cc13a2c6a7fd09100126096c79fef2277bc36cb64a6a3dae536dffaa/detection

115.159.92.12:8888

# Reference: https://www.virustotal.com/gui/file/1bc4712fee32b45dffa71c8335cfbc0e444a46c47eaaaf074f7eda60c3058429/detection

39.98.250.32:22345

# Reference: https://www.virustotal.com/gui/file/d6d0c76aa4758e952be2a8f2b4916232bfde5324f09466d03c1956a0783c9db3/detection

39.98.250.32:4001

# Reference: https://www.virustotal.com/gui/file/44bebe666a6afc38d707052451ee34b8c3c20b16dcd4dd77bfe27c22d6a22113/detection

39.98.250.32:443

# Reference: https://github.com/whickey-r7/grab_beacon_config/blob/main/README.md
# Reference: https://www.virustotal.com/gui/ip-address/82.194.164.37/relations

kasperskys.net

# Reference: https://www.virustotal.com/gui/file/d5c99e101b000316d3b2197f958d487597f7ae7ac273c2a229e8fb0bd0e2aee8/detection

104.27.128.88:8080
robbot2unions.robster2osunion.tk

# Reference: https://mp.weixin.qq.com/s/BLM8tM88x9oT4CjSiupE2A (Chinese)

100.26.209.220:443
103.39.18.167:443
103.73.97.119:443
106.55.153.204:443
114.116.33.191:8888
114.118.5.108:443
118.24.85.85:3306
119.23.184.235:7777
142.54.188.26:443
144.217.207.21:443
152.32.252.47:8080
153.92.127.204:443
159.69.156.245:80
176.121.14.249:80
176.123.8.228:8000
185.150.117.50:443
185.202.0.111:80
185.212.47.171:443
185.225.19.125:443
185.244.149.152:443
185.52.3.205:443
192.144.234.207:80
218.253.251.118:8443
23.224.41.132:80
39.100.224.129:8888
39.102.52.75:81
45.147.229.199:8080
45.153.243.215:443
45.76.247.184:80
46.148.26.246:443
47.105.180.183:80
47.242.148.4:80
47.244.13.36:80
47.95.119.10:8080
47.95.231.140:8080
47.98.166.253:80
49.232.217.171:80
49.232.42.92:443
49.233.155.141:7001
49.234.94.85:8081
5.34.181.12:5985
51.195.35.0:8888
78.128.113.14:443
81.70.9.64:80
83.242.96.163:80
88.99.89.152:80
89.45.4.135:8080
89.46.86.160:80
95.179.228.227:443
agturnfa.com
cdn.az.gov
io.amscloud.xyz
kinging.ysan.ml
nguyenlieu.gratekey.com
skyler.shacknet.biz
yambanetsdev.net

# Reference: https://www.virustotal.com/gui/file/4b0cede42a189e7f730a6035cb16ee97b659290c6d8f7862eb0099b498f297a8/detection

http://104.31.83.68
update-flash.info

# Reference: https://www.virustotal.com/gui/file/a9a187949d6706593841c418058a20313f2c15aa752ac9e88df7340caac60952/detection

cattom.buzz

# Reference: https://www.virustotal.com/gui/file/8a1d7b30b8bd096b2756e452fe30c682212f75f72c7511dcaa875a59a02966c5/detection

115.159.119.89:8898

# Reference: https://www.virustotal.com/gui/file/5b5bfc06075466e337dfdccbf32259634a1eef833e4e5dd2c37e25c006c1d1f7/detection

116.253.29.201:80
console.mail.163.com/js/jquery-3.3.2.min.js
console.mail.163.com/js/jquery-3.3.2.slim.min.js

# Reference: https://www.virustotal.com/gui/file/95bef2506cc1ecee96d622e2bdfb7ed13a49d615bbd7a84e7566e9e68e041292/detection

139.155.2.101:8000
3as0n.cn

# Reference: https://www.virustotal.com/gui/file/2e7b8ab76e41e1dbe7556225095a3aefdc4a5d7dd5a3cbc430edb4794507cae6/detection

114.116.187.243:8080

# Reference: https://www.virustotal.com/gui/file/70c9cb89a84121341e5d8cebd11aaacabd1d77471979d0d3cbfe5ca6450a865b/detection
# Reference: https://www.virustotal.com/gui/file/2506e8af5d8934565ef2ba28837c64e204025a9e4635c1d49c75ddf248d2cf3a/detection

47.56.224.63:8888

# Reference: https://www.virustotal.com/gui/file/5ea81f3f8630d60734f5e6d0721c5774bb82598398efa48c8c1b5d3bffd808ab/detection
# Reference: https://www.virustotal.com/gui/file/b0ab20a25f60ee72fc70b5ee8d2f815eee26b7b2f4e6decf32fd2ed9e0688778/detection

138.197.154.110:80

# Reference: https://www.virustotal.com/gui/file/f420cd419f00fccd03e2132f4e6f13db7867c55996174dd44541bee95347abe4/detection

119.23.218.37:8254

# Reference: https://www.virustotal.com/gui/file/87dc163ed495c4f37b5a9c487e993e9dfccdc2277511f29a9c0e7253933c98eb/detection

119.23.218.37:8250

# Reference: https://www.virustotal.com/gui/file/b2aceda8bc806d197344ca9a7e54608780bbba9c1bc21dda029a34235ff02644/detection

119.23.218.37:9999

# Reference: https://www.virustotal.com/gui/file/9b9b459fc8be56e4579a432b2e2453755212dd70c1198deeda9d7d6b4dab444d/detection

182.92.202.24:443

# Reference: https://www.virustotal.com/gui/file/0631458030028ebe655b638b8942515244d764386c1d84020d54920a4dfa4d26/detection

47.116.0.48:8080

# Reference: https://www.virustotal.com/gui/file/fc6a7fa755e864683cb45f40c4568633a79cd2ab24f732a62f4c211fc0c68f1a/detection

http://47.116.0.48/HXTi
http://47.116.0.48/match
http://47.116.0.48/submit.php

# Reference: https://www.virustotal.com/gui/file/5574230619decc16184df471eee09d8f9d0abf6cd3b754aa97ceddf5d9999b55/detection

http://31.44.184.73/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/99e555c6478ff8627525ac8aee26b08f405d447b9d9e97315b6381a02cde818c/detection

31.44.184.73:50008

# Reference: https://www.virustotal.com/gui/file/85b23e5e52505b2ef3aa587c35f311d4ec2c7d28de85e4cdc0f003f3a819d199/detection

31.44.184.73:50014

# Reference: https://www.virustotal.com/gui/file/dfcddb1023d6f0ead818c4a5d7813486eab19afe2409a64e3af0c2a7be4aed7c/detection

31.44.184.73:50016

# Reference: https://www.virustotal.com/gui/file/a3035a49ca2c77f9aba9c570a3cdc70104ffa1d9743b72bd7400731ff0e11740/detection

31.44.184.73:50026

# Reference: https://www.virustotal.com/gui/file/5f3bca97e34342e5742e52a5367ce0d6b3beab2afed26e7c1c104c8df67bf21b/detection

60.205.254.76:8000

# Reference: https://www.virustotal.com/gui/file/ad5fd27c128182aa7ee81df510f717b9269a83d07d851eaf6ce1cb2c1acd592a/detection

60.205.254.76:82

# Reference: https://www.virustotal.com/gui/file/6766240a7cf8e7ab4b60ef2aa003710ac536c183f1b67f29d9b803368d37e49d/detection

101.227.0.145:443
111.13.103.248:443
119.188.130.222:443
119.249.48.101:443
124.132.135.236:443
153.3.231.239:443
153.99.248.235:443

# Reference: https://www.virustotal.com/gui/file/6e559f35ff9b88cbc14c74a65db46b1f16525fcfeebe97125b9c6c3a6e8f564c/detection
# Reference: https://www.virustotal.com/gui/file/ff9edb4259f2d7baa26293b96e5bad20ebd571de88541307d01d4405790072d2/detection

http://47.103.53.54/fPZL
http://47.103.53.54/oTFS
http://47.103.53.54/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/d005a02061a031978138988943d418c018a70075376897e46c308c35ec9ef969/detection

47.103.53.54:443

# Reference: https://www.virustotal.com/gui/file/4c1b8495e5cbfea84cb9eaac1d19a8aa8cf5ea6b3753440d379af30f3814c673/detection

8.210.69.47:8888

# Reference: https://twitter.com/malware_traffic/status/1334531678602207243

173.234.25.74:8080
45.170.251.101:8080

# Reference: https://www.virustotal.com/gui/file/299d29050b3bd30b574276824d6479896e726cffdf9c12818b68b7be281960be/detection

60.205.152.98:8080

# Reference: https://www.virustotal.com/gui/file/8aa87e40e47d40864c4881a4198c686da44ef4ea9c78d74ce258b40a29309c97/detection
# Reference: https://www.virustotal.com/gui/domain/hihihitesttesttest.xyz/relations

104.24.124.240:2086
hihihitesttesttest.xyz
picture.hihihitesttesttest.xyz

# Reference: https://www.virustotal.com/gui/file/4b09100594f9d94796247959777cfa6f942d2e31ad65c757b3ec19d7a28f5533/detection

104.27.177.89:8080
outlook.best

# Reference: https://www.virustotal.com/gui/file/8bab882d75173569e62b13743b73ac34189978f96d60df2543a2e4aed7219395/detection

94.242.55.115:8080

# Reference: https://www.virustotal.com/gui/file/7b873f44a9ceedbb3aca652b0376f7457f79703b654da5e994c734cc64b3cc68/detection

104.28.24.131:8080
172.67.193.181:8080
testqweasdzxc.biz
cs.testqweasdzxc.biz

# Reference: https://www.virustotal.com/gui/file/e177e8036aa18e5db66f97472d3d024bade66ef0719b3679c8d471b56d98b2c8/detection

42.192.139.103:1000

# Reference: https://www.virustotal.com/gui/file/c1a97ef9f45c08c908c3bbbcfda663424d32b2eab4aa41f95cd7f0082289798b/detection
# Reference: https://www.virustotal.com/gui/file/f92473be720e5624a475c1e669605a1e591a57dfd42673d0e57e156edc63d331/detection

47.100.32.234:1234

# Reference: https://www.virustotal.com/gui/file/c2a1ac2b8b500ddeaddf3df77e431990c4a0b974e5648bacfa805f8d5018c2d1/detection

http://39.106.226.204/updates.rss
http://39.106.226.204/submit.php

# Reference: https://www.virustotal.com/gui/file/f64bb2192d538f58509094e009817fdc6f46e793b1fbc98db31f5e356db854ff/detection

120.78.165.96:443

# Reference: https://www.virustotal.com/gui/file/f0f50cb371a1972c5624f3313e0abc56477838b7829bdb1d0be51a70dc0324c0/detection

120.78.165.96:3128

# Reference: https://www.virustotal.com/gui/file/5b56dc66275656946a4337fcc7f5cfe9651554f0876288e3e07b15e643895b64/detection

120.78.165.96:8000

# Reference: https://www.virustotal.com/gui/file/3ba8a68e2c8594ba6401dd504031364d8ef794e67cb032afabea5cd385983769/detection

http://120.78.165.96/j.ad

# Reference: https://www.virustotal.com/gui/file/b23027cfbb2a6eed56c6a02bcbaa738193b4976e128d6d61aa9d28688e240887/detection

104.27.138.58:443
vip.vhvh.pw

# Reference: https://www.virustotal.com/gui/file/706078a02aa37a4270913c9a487c3d6eb5768b847ef6ea8e18b7914726a3540d/detection

xxx.vhvh.pw

# Reference: https://twitter.com/jorgemieres/status/1329085096574345218

108.62.49.249:777
my1empire.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1330923636585328642

http://69.30.232.138/dpixel
http://69.30.232.138/submit.php
http://69.30.232.138/updates.rss

# Reference: https://www.virustotal.com/gui/domain/lousingloo.com/relations
# Reference: https://www.virustotal.com/gui/file/25b461a82145700217d3c61aebd56bf1eab101e5b8b4274913964dfb6bcc18d7/detection

http://173.234.25.74/fwlink
lousingloo.com

# Reference: https://twitter.com/d4rksystem/status/1334180532679307266

103.231.222.39:8089

# Reference: https://twitter.com/_re_fox/status/1334948772787482632
# Reference: https://www.virustotal.com/gui/file/7a949bb815d301faa0fae209b88ba499c062bbb620b9f90ecf2451a63f544f1b/detection
# Reference: https://www.virustotal.com/gui/file/85a9bd760655b6c92042a16235b6be127d9ca7fb4e151690e0d7b60b5190a31d/detection

sbi-cloud.net

# Reference: https://www.virustotal.com/gui/file/44f2a2dfaac2bc84cd0ca99346d9c6872dedc06d71ff9b2a10fdf1d9fbe40047/detection

13.72.111.119:443

# Reference: https://twitter.com/pmelson/status/1330575151725993987

websecurenetworks.xyz

# Reference: https://twitter.com/d4rksystem/status/1313131838114729984

103.117.136.70:3322
http://103.117.136.70
pc1024.net

# Reference: https://twitter.com/Dan__Mayer/status/1289720249051279362

diz0zog9i207j.cloudfront.net

# Reference: https://twitter.com/Dan__Mayer/status/1277406943691194368

brookingsinstitute.org/jquery-3.3.1.min.js
brookingsinstitute.org/jquery-3.3.1.slim.min.js

# Reference: https://twitter.com/BlackLotusLabs/status/1270746166796464129

bezatraud.me
checkoffice.me
lekoservidns.net
rednote.pro

# Reference: https://www.virustotal.com/gui/file/de6b411106ea88d89a59cc83625efb9b8483d8ded8f08e297e2b328f45da660e/detection

http://123.57.90.172/i6Xf

# Reference: https://www.virustotal.com/gui/file/4e24d53de90495076b1bdb48bad6d28c88215544c817d3bcad7734349a67e76d/detection

http://123.57.90.172/dot.gif
http://123.57.90.172/WVXX

# Reference: https://www.virustotal.com/gui/file/3c3c26069da0210aef34e4d982e0312716bc722033b7342cb1e2e0045d979f53/detection

81.69.248.69:88

# Reference: https://www.virustotal.com/gui/file/2cb1ce45e1ab86f2228fad11c815863baa14fac5983d756d82b3d743f85ab810/detection
# Reference: https://www.virustotal.com/gui/file/57b1b2443310e017eac5d2fa5619efb2a9a2a24d14e4beb191f3171110a4dc7c/detection

45.62.111.85:5566

# Reference: https://www.virustotal.com/gui/file/59bb2260dd9adb0f1d277f98a3f8de8eb8850c1224703c81a376d962bdddbf3e/detection

47.113.95.40:188

# Reference: https://www.virustotal.com/gui/file/5aef7ac2deb4a7dd1d850f604053e9746903f12dcad414af7561e7f5018bab70/detection

http://47.113.95.40/PJQq
http://47.113.95.40/zOMGAPT

# Reference: https://www.virustotal.com/gui/file/b1ee0bccd9dbc0faee67454ccf03e700e06bb620e66a3974b79c9611f3a52f1f/detection

47.113.95.40:5656

# Reference: https://www.virustotal.com/gui/file/7b5969215bcab3e1aab682e450af4c75fdac0b29fb665db22fcf8a5c8a170020/detection

47.113.95.40:443

# Reference: https://www.virustotal.com/gui/file/51792418822119416f5e47d2d47ea4b8714bb929888f1d15116d2ea43b0c0895/detection

47.113.95.40:88

# Reference: https://www.virustotal.com/gui/file/2fadcb70f2720cf8c0aae85400e8528c91d988a5ab2dbf2c32bb2e9738c7fd4c/detection

185.21.66.206:999
srv.cybesys.com

# Reference: https://www.virustotal.com/gui/file/06656338e96a8960b208a6b451d39937f2186d708e7841c2e33c00faa28c8d25/detection

185.21.66.206:6666

# Reference: https://www.virustotal.com/gui/file/24b38774f74fb8e8ceadee81d597ac74a747ca1af455cb559f72b3f985f26697/detection

212.95.150.10:8088

# Reference: https://twitter.com/malware_traffic/status/1336136217004478465

23.106.160.138:8888

# Reference: https://www.virustotal.com/gui/file/426ff11eebe31f9ad9b69e2ca424dc7e1b4088483daecc517390e940fcb0957f/detection
# Reference: https://www.virustotal.com/gui/file/9cba130f241d6e88df27b8aab3f74e0286ecc1ea93772fea233136c4fe777b4c/detection

165.25.252.25:22223

# Reference: https://www.virustotal.com/gui/file/b7203d70ad337a379c815a988a760a864eeaae5e68760b39307486b228257add/detection
# Reference: https://www.virustotal.com/gui/file/3aeebf11210d1cc89801ab3ef7a6fe9ff989d8f1a4689c94745fcda8f155f979/detection

139.199.185.41:443
139.199.185.41:445

# Reference: https://www.virustotal.com/gui/file/5033e3094ab38c5750aec7fa46e72f1349cbe7ba0c90691acef7269811575bbc/detection
# Reference: https://www.virustotal.com/gui/file/f3415fef85686e33b85d6858c9c299830f4d6ea3a52f5f1a749e65d0b82adca1/detection

aliiyunn.cn

# Reference: https://www.virustotal.com/gui/file/f951c06a1ce366aec9d62b2a4bedc63e272f717bf98db47eb4573eeb05cd0e31/detection

88.119.171.55:443

# Reference: https://www.virustotal.com/gui/file/b6e802f769d9b086b44514dcbea9694b5e7d4f3ff1cafdbae307df57aba8767c/detection

http://88.119.171.55/lv.html

# Reference: https://twitter.com/bryceabdo/status/1336309563721658370
# Reference: https://www.virustotal.com/gui/file/be4cde410e83980e46edbfa08cfcd7d8b2f1f343614d7c035938cd620f6df6f8/behavior/C2AE

cwsedge.net

# Reference: https://www.virustotal.com/gui/file/06e23bc577e0b29bbd936dd437c180fe69f1b827964d6e2e7620c46b494fb7f7/detection

20.36.203.162:443

# Reference: https://www.virustotal.com/gui/file/6ff4fb61e4619fedf7b45e33b95e523a7698b6e80873dba2353bdcecdc1716e0/detection

121.4.51.73:8012

# Reference: https://www.virustotal.com/gui/file/00bef429522a738023996c83babab3c50a55e8a9e3ef7e1836ac850b7a0d953d/detection

http://121.4.51.73/Z4ie

# Reference: https://www.virustotal.com/gui/file/6f8afdab6c2064cd50ced3c70c1fcd915ff686b8a001939dd592ee4790efd774/detection

49.235.233.13:8787

# Reference: https://www.virustotal.com/gui/file/db124f49603ba12db47fa8b2b336037daab92e15f41b73a3e21d730f87a37806/detection

49.235.233.13:8090

# Reference: https://www.virustotal.com/gui/file/f2e2ef3573ba3c9a5f40cbe8083cb502adfaafb1c4de127439f24e3c1e6003da/detection

219.153.250.6:7110
vuln.vip

# Reference: https://www.virustotal.com/gui/file/dd45c7841af5f0962b674edfc66beb2d8e7d2508b721aa75b3fed82ff934f489/detection

47.93.116.52:20006

# Reference: https://www.virustotal.com/gui/file/a1645b7f17688b3d63074bd4c71c0817827e3ab06e7b19f8141b86ed7d98fea2/detection

47.93.116.52:25678

# Reference: https://www.virustotal.com/gui/file/3c94adea202a39b6b371a5738882e28dede9ae3ab3433c9d7ed713d45b73140c/detection

173.248.240.41:443

# Reference: https://www.virustotal.com/gui/file/ec1e4c170353d4188e842a2fe521f858180e5a16ff985350ef2f0dde45c8775c/detection

173.248.240.41:2222

# Reference: https://www.virustotal.com/gui/file/2f343c85455b645451b65949bdc78daece061b29becbc45af9852cc6b8f608d1/detection

139.9.135.25:9999

# Reference: https://www.virustotal.com/gui/file/8fc2297f136bbbd4411921453f56ba2e4fb87b96107e487f6cee64d0c5cfe3d5/detection

http://185.191.32.180/g.pixel

# Reference: https://www.virustotal.com/gui/file/bd68bc387e70e1d66f9b180dbcbb0b52846b38d735023368bc45d7845d752739/detection

185.191.32.180:443

# Reference: https://www.virustotal.com/gui/file/cb81b4e9b113f4f838ba35628ffde22141a328f623563fbddb1225d7a4b5e176/detection

http://49.232.217.171/visit.js

# Reference: https://www.virustotal.com/gui/file/366c4b928ed347aad9f840a3f5c1a1a25e1cf18c21ad414e70d8d93c9593ec5e/detection

http://49.232.217.171/XXXU

# Reference: https://www.virustotal.com/gui/file/5e91c3e6719baf5714c5f62e687641c2c9f1f474ec1275d291ac2fc326698002/detection

45.61.136.200:443
flashupdates.ml

# Reference: https://www.virustotal.com/gui/file/3b5ae781ec34b697b7e27d03c02a7853b2da6373cd6615bee8da877e959c19b8/detection

45.61.136.200:8081

# Reference: https://www.virustotal.com/gui/file/49438f7882905706c9bed8b5ff1efcbdff2f5c40d99181e5c468304684eadde5/detection

160.124.103.247:8080

# Reference: https://www.virustotal.com/gui/file/4dc1ce69956d55a1b8507e847db2f61b5ac25ae7f568fab6a24475d53553722c/detection

167.179.76.185:8090

# Reference: https://www.virustotal.com/gui/file/e8dbc7557aab525e1e9b005bc140d2f6233b4c2ff259f5683a63cf48117ec2be/detection

167.179.76.185:8092

# Reference: https://www.virustotal.com/gui/file/9c56e076eb3017e9abd90159474e0386b57437278714531052e5ab505ca5c7bf/detection

45.76.17.69:7777

# Reference: https://www.virustotal.com/gui/file/6f37da9a1581e4f05c60f2254da2752ca56bbb59a433c383e8d030347d69a6c9/detection

110.34.180.32:8443
get-flash.net

# Reference: https://www.virustotal.com/gui/file/7df551e7e44c8451bd8883a76067acbb6ee9f4bb7246241f87e602ca070fc28c/detection

http://110.34.180.32

# Reference: https://www.virustotal.com/gui/file/d288975f5e09590bbe740df7a4a563f55430f3e04cb570d1ba673ca516faf63e/detection
# Reference: https://www.virustotal.com/gui/file/525ed9138027f0c87ac1d0b9f125e500b27f3674745b8291658d92303db5f537/detection
# Reference: https://www.virustotal.com/gui/file/0c3fcc6d9ada66b51fae4890b3c9c5b886bf275a61c78ff3771a02989494ca3e/detection

182.254.229.239:12369
82.254.229.239:8080
http://182.254.229.239/3hhY
http://182.254.229.239/DjJd
http://182.254.229.239/jUSJ
http://182.254.229.239/updates.rss

# Reference: https://www.virustotal.com/gui/file/0c51db2b41b62387444bceb7402612766d48c45a0a37716abb90f42ab23cb349/detection
# Reference: https://www.virustotal.com/gui/file/ff8202df26cc68229e87c99c63c41f075baba15b02554232ee37fff00d9711b4/detection

34.96.157.246:8081
cs.l10.pw
cs2.l10.pw
cs3.l10.pw

# Reference: https://twitter.com/malware_traffic/status/1337069757217058817

173.234.25.74:1080
23.160.192.180:1080

# Reference: https://twitter.com/d4rksystem/status/1337094732724510722

siliconpower2020.best

# Reference: https://www.virustotal.com/gui/file/b9e13e0348be4998a5c96f13290db6ed60abcd19c69a253c39c1b3e9b928a9fb/detection

46.173.214.102:8080

# Reference: https://www.virustotal.com/gui/file/fe5585dfda44ca136bb2fb383052d03452f34c371a2349be0d0cbb6b07437865/detection

http://46.173.214.102/cm

# Reference: https://www.virustotal.com/gui/file/5337a7e43f8a4f07d7fac18d35f91554a4109e634e68016d57232c6511763203/detection

8.210.125.201:443

# Reference: https://www.virustotal.com/gui/file/f654aba8646b662966e122fab0d579f5564177e6c3ccc509013daca9be68d6c1/detection

8.210.125.201:42294

# Reference: https://www.virustotal.com/gui/file/05f68a44d888e74a53d5e1c4a2ec7299291aa5445ad37e6b7a61455ef2241e26/detection

8.210.125.201:44445

# Reference: https://www.virustotal.com/gui/file/8cd6863be41cd2977802f1dd4dcb9f712dbbef3a8fa2a38d013d0181c7873d08/detection

8.210.125.201:6666

# Reference: https://www.virustotal.com/gui/file/eb3c6a6ac57d4281c91c6c65738a08ce67bdb35228a500e30ea8e4e32d1634a2/detection

http://8.210.125.201/Exi6
http://8.210.125.201/visit.js

# Reference: https://www.virustotal.com/gui/file/6f63454f16a7743b4f8b3e1e41cf10cc2c3ad5a394ace79f75a0d269e42d3d8e/detection

40.73.37.51:12358
40.73.37.51:39999

# Reference: https://www.virustotal.com/gui/file/ccef51bcfe6df30ab6e76ef74f9cd3b573cc06018cc34db3805821e06692df22/detection

http://101.32.186.196/__utm.gif

# Reference: https://www.virustotal.com/gui/file/a0bf32fe5f024e9ce0283f279c53432cabff90bebc626def0d93aaf60671e8a8/detection

http://101.32.186.196/qAfE
http://101.32.186.196/visit.js

# Reference: https://www.virustotal.com/gui/file/572e6bf2c8c14eff6aa7a86bd28c57df7cb020ba55760a66d4127f61d50b81f1/detection

182.254.189.223:23456

# Reference: https://www.virustotal.com/gui/file/1699bb142f99431bc75312561fe69272b50b0659f32546573363fc39ed3d90f0/detection

97.64.120.240:8088

# Reference: https://www.virustotal.com/gui/file/26dc51caa2e4e103284499d47478d6d60af9c06366d2ef26872a93ab31be0eee/detection

97.64.120.240:443

# Reference: https://www.virustotal.com/gui/file/e7d98734d84673477e3cd6ce5f315190b56fab9024d02a52c3128991517df685/detection

192.210.207.169:7835

# Reference: https://www.virustotal.com/gui/file/af48a271a7868e9e51d85551c399dfcbb367e8865182b84d848d1f1e1c39080a/detection

192.210.207.169:7839

# Reference: https://www.virustotal.com/gui/file/c3454dc79cec7e8c0beeb6bc60a1c465a3870677342be200dedd0369dbdcd8f8/detection

106.54.241.235:8998

# Reference: https://www.virustotal.com/gui/file/026e4068eb7b071351b345c94313a005c6bdc921a34a91a2bfdc3f003bdda4a0/detection

http://47.110.83.12/pixel.gif

# Reference: https://www.virustotal.com/gui/file/d988dd179ffe96f4d5c83a1376219fa3b3092d9261a9a0e464ad3f53e4a9cd2f/detection

47.110.83.12:443

# Reference: https://twitter.com/d4rksystem/status/1337419370935451655

http://101.32.186.196
103.231.222.39:8089
34.96.157.246:8081
85.239.35.92:8080

# Reference: https://www.virustotal.com/gui/file/254a1b0a5117ce4571607a988019dbf6dea6888df3748f45f8fc29fcd9704365/detection

78.172.137.227:3132
88.252.227.228:3132
hackercoc.duckdns.org

# Reference: https://twitter.com/_re_fox/status/1338161174689554432
# Reference: https://app.any.run/tasks/5fe5195a-55dc-4101-aeff-a1e454f7e14e/

47.97.211.147:8094
http://47.97.211.147

# Reference: https://www.virustotal.com/gui/file/dee21ebd78b700fcae37e689049231363d2f3a0f89a59c683abd7b86679e7737/detection

http://120.26.162.133/cx

# Reference: https://www.virustotal.com/gui/file/3f7e7808234d84b713c2fe94f3be0401c8fe3d7829bc701add763b53accb10ac/detection

120.26.162.133:81

# Reference: https://twitter.com/malwrhunterteam/status/1338501103701331968

182.61.16.221:8443
45.133.239.206:8443

# Reference: https://twitter.com/malware_traffic/status/1338530303736889350

173.234.25.74:8080
92.119.157.10:8080

# Reference: https://www.virustotal.com/gui/file/2084af9e72d1a86410b644a374d51a4ec97baedd7200c1d9810b5c9f126f1799/detection
# Reference: https://www.virustotal.com/gui/file/1498bf9c6d691704bd826f3b902be7e32996bfd08eb427b2d6e7b123d2f9d8e8/detection
# Reference: https://www.virustotal.com/gui/file/fa941638776877d560aade096dc920f08beeb4810168beefe5f9b904d6ca48af/detection
# Reference: https://www.virustotal.com/gui/file/5b2143bdd4d815d7326eee1bbada90d959b8a6db942e3e9913425838ce585b57/detection
# Reference: https://www.virustotal.com/gui/file/27c453bfd2d429667ff5ad47dc9287e8a40170a2bd41aaaa117d5341d06f2190/detection

http://107.173.156.100/2hTn
http://107.173.156.100/cx
http://107.173.156.100/fwlink
http://107.173.156.100/QlGX
http://107.173.156.100/submit.php
http://107.173.156.100/xAl7
107.173.156.100:8081

# Reference: https://www.virustotal.com/gui/file/7bc03b9489be1f17e0d5dd989a3b4761ac2730b2fa9d794b40b0d6ffcb06be33/detection

167.88.177.156:7777

# Reference: https://www.virustotal.com/gui/file/8033ecaadeec4207be3a4f33a809b011e3aeeeeea939276d868efd7bf49c5b84/detection

http://104.27.190.148/s/ref=nb_sb_noss_1/
http://104.27.191.148/s/ref=nb_sb_noss_1/
http://172.67.148.155/s/ref=nb_sb_noss_1/
a305.cloud

# Reference: https://www.virustotal.com/gui/file/119062449169c134bd521857a19f6d900294fb1fddfe467101e4428be5dcfdf4/detection
# Reference: https://www.virustotal.com/gui/file/a59327592df7181ca2d1557484601c6b5cd44bf4ec11b1972460a36236029b32/detection

http://14.192.48.172

# Reference: https://www.virustotal.com/gui/file/4a4344111a74aa0d3d60eb1bc8708b84414e0f4b5f9093827f6de57ba74c0826/detection

103.140.45.100:443

# Reference: https://www.virustotal.com/gui/file/f22e0d896be2abf530f53abc5b55d3bdc591782644922249a7e2aade1c7bd915/detection

103.140.45.100:8080

# Reference: https://www.virustotal.com/gui/file/992f1aa86c81fe3d09bbf26cdfae31c7353cb9e94ceb40fd7ba7a26a1c730914/detection

39.97.216.52:12358
39.97.216.52:39999

# Reference: https://twitter.com/JAMESWT_MHT/status/1339130150752018433
# Reference: https://app.any.run/tasks/29cfb8d8-8ea7-4e4c-8129-da93357b249f/
# Reference: https://www.virustotal.com/gui/file/b1a3bfc40a3c56e8e1d98a44a60cfb4bfdb6001b71d12b219f1f12495dd96e9e/detection

139.60.161.99:443
http://139.60.161.99/ptj
http://139.60.161.99/SQDu

# Reference: https://app.any.run/tasks/7cb4a242-b9a5-497e-8678-45dee6f8c646/
# Reference: https://app.any.run/tasks/b94d84ca-a112-490f-b1b2-00c8cd9b263d/

http://45.82.79.89/__utm.gif
http://45.82.79.89/update
http://45.82.79.89/fwlink

# Reference: https://app.any.run/tasks/29cfb8d8-8ea7-4e4c-8129-da93357b249f/

http://139.60.161.99/SQDu
http://139.60.161.99/ptj

# Reference: https://www.virustotal.com/gui/file/3a83df00faf261734ddb1e2793514a20e13c8d06cd7d01c5a6cbed9d1d93f02b/detection

121.40.167.210:3306

# Reference: https://www.virustotal.com/gui/file/dec04d237b6d30b28f4c3d023b2f336c75e07a0b234b9746187f4bf8ada3f577/detection

5.253.16.192:801

# Reference: https://twitter.com/d4rksystem/status/1339284159798288386

185.191.32.180:3389

# Reference: https://app.any.run/tasks/ef8cbde8-2bd9-42e0-954e-4dc2600e6bee/

152.136.176.65:1234
152.136.176.65:8888

# Reference: https://app.any.run/tasks/abc99234-6bfc-41cb-af8e-d4de5ac9ad35/
# Reference: https://app.any.run/tasks/c9d6891b-7c01-46f5-a7a3-d586d5f3f5b5/

straitsnetline.com

# Reference: https://www.virustotal.com/gui/file/8a3d19f41c539c66707bacbcdec760e92e8d41af5e245c199976df17f2e6d482/detection

155.94.149.156:8008

# Reference: https://www.virustotal.com/gui/file/2e55617db3cc088420d78898548be6e92b88e6f1e56b732284fcbef2131dd6d8/detection

47.95.205.52:10086

# Reference: https://www.virustotal.com/gui/file/a6c256fa6a1cc48decc1716d2aee531a5a79ab196a1687fbcbebb35dddd11081/detection

118.186.196.170:13212

# Reference: https://www.virustotal.com/gui/file/5b2aafbbb40eb5bf7da36037adf9d2f432d5301a3c530295a7d2088846de2482/detection

http://104.168.218.221/cx

# Reference: https://www.virustotal.com/gui/file/bd9a4b7f574541829eaa5a7742ebd5ebcf922f0ff65ebaeac1f234e7a813ae02/detection

http://104.168.218.221/load
http://104.168.218.221/submit.php

# Reference: https://www.virustotal.com/gui/file/624091aca2c49d96fc7e119e80334bb462f4542e6b9672f38e3cd649870a3eb2/detection

http://104.168.218.221/mI1v
http://104.168.218.221/IE9CompatViewList.xml

# Reference: https://www.virustotal.com/gui/file/488c136c074eaa1f0a9889e58ed2a632859bc0acb10b3a227e9b823b061f3c0d/detection

http://104.168.218.221/QCah

# Reference: https://www.virustotal.com/gui/file/d90555da2f33b4ccf86d5918619b1778db84bde1e412dac70db4b7b02cabd83b/detection

http://104.168.218.221/activity

# Reference: https://twitter.com/malware_traffic/status/1339647762934194178
# Reference: https://twitter.com/malware_traffic/status/1340028093667418112
# Reference: https://www.malware-traffic-analysis.net/2020/12/15/index.html
# Reference: https://www.malware-traffic-analysis.net/2020/12/15/index.html

matesmapizza.com
matespizza.com
travmeetlett.com
172.241.27.244:443
172.241.27.244:8888
185.125.206.173:443
185.125.206.173:8080
http://172.241.27.244/ga.js
http://172.241.27.244/updates.rss
http://172.241.27.244/submit.php

# Reference: https://twitter.com/JAMESWT_MHT/status/1339886413530222593
# Reference: https://www.virustotal.com/gui/file/6c0b542727a8ab1eb0c465f034548c8784396b40343af584b3f81586067eb247/detection

217.12.218.250:443
http://217.12.218.250
zbfgns.xyz

# Reference: https://app.any.run/tasks/cf972799-05e2-4b2c-9e90-dc8c30acd9ca/

http://158.247.199.238/ptj

# Reference: https://www.virustotal.com/gui/file/659f7d1e419ec3a4bcc3d7d229552fd10c2ad90fc7486159617377e86b5255be/detection

43.242.203.43:8001

# Reference: https://www.virustotal.com/gui/file/07b1ce3076ad93f54bfb3b94818f7ae17fcc2c258940e4a1f73acd5ebff0e3e1/detection

118.31.48.220:4444

# Reference: https://www.virustotal.com/gui/file/08872db3de65ce9388a987d949b1c1f8698d5ceaa7546476685c616dc395f728/detection

118.31.48.220:4448
alibabaclouds.de

# Reference: https://www.virustotal.com/gui/file/995d68e363ee3a2e238e059f70edc1cc3e05bfb0dd5ada46d4b6ba4e5e7fcc56/detection

107.173.159.179:8080

# Reference: https://www.virustotal.com/gui/file/c15e71c0d33ccea3eefd285706a98c57f56eb29063830fbf9bd11df934f9e11e/detection

http://23.227.194.185/ptj

# Reference: https://www.virustotal.com/gui/file/8f44ea4bc8d8bae81abf7103a57734d7644befac1cf9ba2089444bd80d512452/detection

http://23.227.194.185/8rQa

# Reference: https://www.virustotal.com/gui/file/7676184f1bcf1e5199831ae74b112fee7ea91bb447797a1818dd616d0a8f1592/detection

103.45.180.150:6789

# Reference: https://www.virustotal.com/gui/file/df61d11ea575f6e2dad25f74302209dfc6ecccf285407914f4e29fca80617902/detection

120.25.26.254:40002

# Reference: https://www.virustotal.com/gui/file/f9bfe423adda20fb5342a4cdb285b2f46411238c53e97f8cf6cc9cca212db0a9/detection
# Reference: https://www.virustotal.com/gui/file/c0850ac999435399818128e5b18dda5f20efe55796d9c690e2b51cd419d59118/detection

149.6.167.60:443
elisea-mutuelle.fr

# Reference: https://www.virustotal.com/gui/file/ac355158b35182d2b564f19f574a6a5cdbeb890bddce280285bfccc81187d48d/detection

47.104.76.193:50050

# Reference: https://www.virustotal.com/gui/file/3d0c70dcadb8314ee3ca612ae8694381944a1eedf5b510471648daad15b9af30/detection

49.232.139.79:8080

# Reference: https://www.virustotal.com/gui/file/996926aed33bcc5c335072106f945d9b4d813b96f52b2c9ffacfe3eeed09d2ce/detection

103.210.237.121:666

# Reference: https://twitter.com/d4rksystem/status/1340326024643563522

96.30.194.63:8856

# Reference: https://www.virustotal.com/gui/file/b760a1867894578c66f3f2fde55f7718488af41c252798488fc20773e7a1d9e0/detection

flash.google-api-tools.com
m107.google-api-tools.com

# Reference: https://www.virustotal.com/gui/file/0c770e55f39ed42f126fbe2a27d42835034d8d498dbfaf5aa64209c3d7dde72c/detection

42.192.250.156:30102

# Reference: https://www.virustotal.com/gui/file/0aceb631a29ae7fd0d39093ad817e9e058e2b8cfe2f4ba5ad46f9702e302cd54/detection

42.192.250.156:51234

# Reference: https://www.virustotal.com/gui/file/a234904e83702cd7fbd4b7ddb3e2ae74f76df99501fe88b918cd951d39d80e31/detection

47.96.124.100:4000

# Reference: https://www.virustotal.com/gui/file/7fb1e3a4cc208649346744be46213b4282a5e5a29d94dda88ca478bf00f24868/detection

106.15.234.137:1234

# Reference: https://www.virustotal.com/gui/file/4c6913beee2577008061ef415849d84aa84f6590689da04f78c521f3f5f98542/detection

106.15.234.137:4445

# Reference: https://www.virustotal.com/gui/file/2acaa972daa704d743ff968bf50ee766fda9d3b53c0863b27046cf0acc203f33/detection
# Reference: https://www.virustotal.com/gui/file/a76343e216a39368819b7cfed8ee32e46c8eac940247500455100767f5719aab/detection

globalcrisiscentre.com

# Reference: https://www.virustotal.com/gui/file/97e26a9b9aa83c87a6a0ddf01fc1a2ae37e25fdd62801d95fb9b9e3d1e59b166/detection

118.24.230.196:10024

# Reference: https://www.virustotal.com/gui/file/db3b5f50469ac9f88cf9b9d7f87636defca523ad6ebf6486745c88c8ca66d5fa/detection

118.24.230.196:1080

# Reference: https://www.virustotal.com/gui/file/5a2e478f5a1fdb271f27595506b3cf93cf297b4ef588697c4f627690a778bfdb/behavior/C2AE
# Reference: https://www.virustotal.com/gui/file/e0fc2cf31a0fd7f4bfa1ba453fd8f272784330de2ecba80104455252a931789b/behavior

http://95.217.1.81/maps/overlaybfpr

# Reference: https://www.virustotal.com/gui/file/80b8188a776c1812d62a68e0af06ac9da712ccee3faa40921ee484018cb45ebc/detection

185.239.227.29:443

# Reference: https://www.virustotal.com/gui/file/1cfe3954337e9a489a7e13d5a521eee4140e9b4793d21e557813b93ef0e82169/detection

47.92.198.4:50000

# Reference: https://www.virustotal.com/gui/file/7820645aa32c6bc86ef37468ce21340484cc907cbdc97235fe9a0d94a170a8b4/detection

47.92.198.4:53

# Reference: https://www.virustotal.com/gui/file/822efb1c4fd6bb6c9fd0eef6cfd5870662004bffd714ddcfebe2ce5c5df849aa/detection

47.106.222.106:9999

# Reference: https://www.virustotal.com/gui/file/ba5b3b1d467632bb1d9382a074bf1fec570fe8eb958718418cf1d9b0a9fccb30/detection

34.92.24.12:4444

# Reference: https://www.virustotal.com/gui/file/32d7045bc771fb8a948ef85db2a6aa8be0c4d9824ee0193c3e697b88e5d4f740/detection

47.108.63.51:8091

# Reference: https://www.virustotal.com/gui/file/406c0ed78e2e979287ec565b922fa1906523866cf84e1f83df0176c878986e6e/detection

47.108.63.51:8092

# Reference: https://www.virustotal.com/gui/file/e689ca51931fec482f16fc32f620e1eb2a678789d77dff0bc43df43acf64fb79/detection

47.108.63.51:8099

# Reference: https://www.virustotal.com/gui/file/0aba6dcf7b7fcfee93f46b0170d6ed34fb1ee7ca821b86432a9be0077444250c/detection

http://81.70.205.125/push
http://81.70.205.125/XVYU

# Reference: https://www.virustotal.com/gui/file/0d653249a6d62912bb63d68c7973ed6bdd350cdf503e83ad670fd4094d14facb/detection

http://81.70.205.125/g.pixel

# Reference: https://www.virustotal.com/gui/file/9ff843b2c207b54118f18c50050e285d57a8104803901747c03ab5e0cca987eb/detection

http://81.70.205.125/9uDj

# Reference: https://www.virustotal.com/gui/file/b03e97cdc9f9ba9f3309b22346ae26863b234181bfc400c06d35de19cdb220e0/detection

93.115.22.196:7173

# Reference: https://www.virustotal.com/gui/file/506640c9db9b685fbc5cca25abd08a25857867f6f92cdde577256c0a092d556a/detection

206.166.251.75:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1341649635488780288
# Reference: https://www.virustotal.com/gui/ip-address/198.44.97.180/relations
# Reference: https://www.virustotal.com/gui/file/8d5443306c8e566cfe3918642ad8f50139cf620f5be6c3e6e8d91a7fb0a551a1/detection

198.44.97.180:443

# Reference: https://twitter.com/MichalKoczwara/status/1341659356866240517
# Reference: https://docs.google.com/spreadsheets/d/1bYvBh6NkNYGstfQWnT5n7cSxdhjSn1mduX8cziWSGrw/edit#gid=1882940247
# Reference: https://www.virustotal.com/gui/file/7bea79443352a5849b25271a167520174307ca41df04e7b1beb041ec42cdea68/detection

101.132.116.202:12111
101.132.116.202:12000
101.132.116.202:3389
101.32.29.242:8443
103.149.27.116:50050
103.45.120.215:8443
104.194.10.58:50050
104.243.33.7:50050
106.12.39.243:8443
106.13.22.69:8443
106.15.248.163:445
108.160.136.100:8080
115.71.237.123:3000
118.24.85.85:6379
119.23.42.235:8889
119.28.194.152:8089
119.28.194.152:8090
119.29.89.253:8443
119.45.236.153:8443
120.131.5.115:8443
120.53.239.167:9443
121.41.82.60:8443
129.28.196.47:50050
139.180.133.153:50050
139.196.37.219:4443
140.82.19.26:8080
140.82.50.221:7443
144.202.113.237:4443
144.217.207.21:4443
144.34.186.152:8443
146.185.132.43:8443
150.109.4.202:8181
150.136.163.159:444
154.209.86.57:10443
154.83.122.51:50050
156.251.174.109:4443
158.247.195.228:3780
160.16.208.58:8443
162.14.14.10:8443
162.254.204.222:8443
165.22.37.148:50050
167.179.66.246:8081
167.179.78.159:8443
168.206.184.193:50050
168.206.184.194:50050
168.206.184.195:50050
168.206.184.196:50050
168.206.184.197:50050
168.206.184.199:50050
168.206.184.200:50050
168.206.184.201:50050
168.206.184.204:50050
168.206.184.205:50050
168.206.184.210:50050
168.206.184.211:50050
168.206.184.212:50050
168.206.184.214:50050
168.206.184.215:50050
168.206.184.216:50050
168.206.184.217:50050
168.206.184.218:50050
168.206.184.220:50050
168.206.185.194:50050
168.206.185.197:50050
168.206.185.198:50050
168.206.185.199:50050
168.206.185.201:50050
168.206.185.203:50050
168.206.185.207:50050
168.206.185.210:50050
168.206.185.212:50050
168.206.185.214:50050
168.206.185.216:50050
168.206.185.218:50050
168.206.185.219:50050
168.206.185.220:50050
168.206.185.221:50050
168.206.186.193:50050
168.206.186.194:50050
168.206.186.195:50050
168.206.186.196:50050
168.206.186.197:50050
168.206.186.198:50050
168.206.186.200:50050
168.206.186.201:50050
168.206.186.202:50050
168.206.186.203:50050
168.206.186.205:50050
168.206.186.206:50050
168.206.186.207:50050
168.206.186.208:50050
168.206.186.213:50050
168.206.186.214:50050
168.206.186.219:50050
168.206.187.194:50050
168.206.187.200:50050
168.206.187.203:50050
168.206.187.204:50050
168.206.187.205:50050
168.206.187.206:50050
168.206.187.209:50050
168.206.187.210:50050
168.206.187.211:50050
168.206.187.212:50050
168.206.187.214:50050
168.206.187.215:50050
168.206.187.218:50050
168.206.187.219:50050
168.206.187.220:50050
168.206.187.222:50050
168.206.188.193:50050
168.206.188.198:50050
168.206.188.199:50050
168.206.188.204:50050
168.206.188.206:50050
168.206.188.207:50050
168.206.188.208:50050
168.206.188.211:50050
168.206.188.214:50050
168.206.188.215:50050
168.206.188.216:50050
168.206.188.217:50050
168.206.188.220:50050
168.206.188.222:50050
168.206.189.193:50050
168.206.189.194:50050
168.206.189.196:50050
168.206.189.198:50050
168.206.189.199:50050
168.206.189.200:50050
168.206.189.201:50050
168.206.189.203:50050
168.206.189.204:50050
168.206.189.205:50050
168.206.189.206:50050
168.206.189.211:50050
168.206.189.212:50050
168.206.189.215:50050
168.206.189.217:50050
168.206.189.218:50050
168.206.189.219:50050
168.206.189.222:50050
168.206.190.193:50050
168.206.190.194:50050
168.206.190.195:50050
168.206.190.197:50050
168.206.190.203:50050
168.206.190.204:50050
168.206.190.206:50050
168.206.190.208:50050
168.206.190.209:50050
168.206.190.211:50050
168.206.190.212:50050
168.206.190.217:50050
168.206.190.218:50050
168.206.190.221:50050
168.206.191.193:50050
168.206.191.195:50050
168.206.191.198:50050
168.206.191.200:50050
168.206.191.201:50050
168.206.191.205:50050
168.206.191.208:50050
168.206.191.209:50050
168.206.191.212:50050
168.206.191.215:50050
168.206.191.219:50050
168.206.191.221:50050
172.241.27.72:8080
172.82.179.170:8443
172.86.75.37:4443
178.79.134.144:4443
18.166.120.171:8443
182.163.74.90:8081
182.92.103.213:4443
185.243.41.224:8443
185.251.45.187:8089
192.51.188.134:8443
192.51.188.134:9443
193.218.39.208:8081
193.29.15.177:8443
194.156.228.12:8443
195.54.167.89:2000
195.54.167.89:3000
195.54.167.89:4000
199.195.251.56:8443
199.217.117.184:444
203.107.46.131:8443
204.44.83.214:50050
204.44.83.89:4443
205.185.120.101:444
212.129.150.253:1521
212.64.44.176:8087
216.24.188.130:9443
217.12.218.250:444
217.174.240.46:8443
217.174.241.129:8443
217.174.241.57:8443
218.253.251.118:8443
23.106.223.53:444
31.14.40.230:4443
31.14.40.230:8080
31.14.40.230:8090
34.80.154.214:8443
34.80.203.249:8443
35.220.144.193:8443
35.241.66.244:8443
39.106.10.161:8443
39.109.116.2:444
39.96.18.240:8443
39.97.213.91:8443
43.242.201.222:8443
43.255.30.192:8443
45.114.10.17:50050
45.136.244.149:8443
45.147.231.51:8080
45.254.64.7:2087
45.32.107.171:8089
45.76.208.172:50050
45.77.23.209:5555
47.102.86.216:8081
47.103.150.221:10443
47.104.108.112:8080
47.106.239.62:4443
47.110.90.89:4443
47.116.0.48:3306
47.245.31.124:1521
47.75.249.112:10443
47.75.55.181:8443
47.92.242.153:8443
47.97.100.135:8088
47.97.116.203:2000
47.98.239.204:4443
49.12.104.241:8080
49.12.104.241:8081
49.12.104.241:8083
49.12.104.241:8314
49.234.94.85:50050
49.234.94.85:8081
49.235.110.247:8443
52.170.92.187:50050
60.12.215.101:8443
80.209.241.7:8443
80.211.200.179:2443
80.211.200.179:9443
81.68.136.171:10443
81.68.85.109:9443
81.70.154.226:7443
99.81.122.12:50050
360.anonymou5.com
360hao.xyz
360updata.ml
800best.ml
8868e034138a484e.myvnc.com
a93.xyz
about.inno-finance.com
adhesivesbursts.com
admin.hack0ne.tk
agreementices121.roman-indigo.com
agturnfa.com
aliyunoss-beijing.subns.xyz
amazon.aliyuncs.cc
amazoning.sytes.net
api.vinavass.net
apiservice.webhop.net
arsecops.smugmug.com
autotoll.net
awayfar.top
b1.ineedrevs.com
b2.crazyshoppings.com
badc2.ml
banweb.cityu.dev
bdiaccs.global.ssl.fastly.net
bird.allsafelink.com
blog.chat5l88.com
bookstorexs.tk
brusses.com
burtonschlorofluorocarbon.com
c2.thestronghold.xyz
cdn.baiduanalyst.xyz
cdn1.agency.thomsonreuters.com
cdns.blogsite.org
cgbackup.napaioki.com
check.fiashupdate.xyz
checkavail.space
cla.fronthot.com
cloud-fer.com
cloud.symantecupdates.info
cloudata.cf
cob.vesselsregister.com
cob.wolt.services
coco.cechire.com
code.jquerys.xyz
coivo2xo.livehost.live
coivotek.livehost.live
confederational.com
contmetric.com
control.commanderinthe.cloud
cordby.com
creditnetfinance.com
cs.cross-fire.cf
cs.gfjhgfjkj.tk
cs.italycannon.cf
cs.l10.pw
cs201020.vi-05.com
csmu.website
csxeiaweuao781cs.cf
cuphq.com
d1hp3kzjl3pr7y.cloudfront.net
d1iz6lkxr9mblm.cloudfront.net
d1yxgunqlbb2ab.cloudfront.net
d2mq9y2bddy4j9.cloudfront.net
d2xdjeule1g229.cloudfront.net
d37vvfpyclbf9b.cloudfront.net
dangky.dinefilly.com
daohang.lusongsong.com
dealeva.com
delicalo.dnsalias.net
deloitte-services.azureedge.net
deltawrite.com
digitallightphotography.net
dns.spc-networks.com
dockerlabsserver.com
ebs.awsedge.net
en.flsah.cc
englishhelpernet.com
fc.cyber1ink.com
ffxrqyzbypyxrlfzhx.jnuer.me
fin.manvifinance.com
fly.forkbty.xyz
fonts.stata.buzz
forteupdate.com
fswyer.com
fuck.dogshitio.com
fuckbc.ctlers.club
game.soultravel.online
githongkong.com
goodroy.com
h22.club
hello.fitcomn.com
help.office-books.com
hjdytrgfoljgdyoxfa.com
hk.fcalebook.com
homify.pl
hoo.wiki
hotshoppingdeal.website
hr.vietnamworks.org
http.ifirstmeet.cn
httpc2.xo0.pw
hw8.info
hypnolab.site
icandraft.com
image.bj.alicdn.network
image91.360doc.com
img.e37998.com
img.intactlinks.com
ims.trust-update.com
inteldrivers.com
io.amscloud.xyz
joycomm.com
keyisa.com
kinging.ysan.ml
klapp.cpuclean.com
leno.initiativeus.com
lily.webpowernow.com
links.mhkbtwlkj.com
live.eyva93us.online
login.fastlinein.com
m24.yourintrinsichealth.com
marcusswooster.com
mesteratosr.me
microlog.azureedge.net
microport.com.cn
microsoft-us.ga
microsoft.sfkd.cf
microsoft.systemservices.network
microsoft0com.cf
microsoftcenter.info
microsofts.network
microstamplet.me
msft-cdn.net
msg.sheblueshadow.com
mycloudup.com
myredirector1.live
nelnetbanks.com
news.baotuoitre.co
news.itamarty.com
news.khmedianyc.com
nfdkjbfwjakd.ml
nguyenlieu.gratekey.com
ntservicespack.com
ntwindowsupdate.com
oa.srsec.me
oomdatacollect.global.ssl.fastly.net
outlook.best
peernew.com
pepsicoamerica.com
pnt.data-akamai.com
pnwcontent-delivery.com
porr.company
pro.pro-pay.xyz
qfaet.com
qq.cattom.buzz
raymondjames.hostedconnectedrisk.com
reboderia.online
rijkzijn.nl
roofstock-cdn5.azureedge.net
rto.redteam.cafe
s03mdn.net
sb.flashfack.ren
sbgprodib.oberto.za.net
scripts.arshmedicalfoundation.com
scripts.completelyinnocuousdomain.com
secure.mllnm.com
securityreserch86.net
seetoo.fayservicing.org
server2.f2pool.vip
service.microsoft-us.ga
service.office247.tech
servupdates.com
shl.netsuite-labs.com
shopwqd.cf
siliconpower2020.best
sit.watchdog3.com
skyler.shacknet.biz
slatebank.com
slit.conseques.com
soft.lityun.com
soso-gogo.com
ssl.securelogonweb.com
static.alicdn.network
static.azureimgages.com
stephq.com
studentedu.hk.appledaily.live
supercombinating.com
sync.googlesyncdication.com
syscx.com
system.administrator.party
systemservices.network
tcpsessionsconnect.com
test.equinix.dev
testginwebsite.tk
thuongthuc.gtagrobem.com
timesyncad.com
top.jimwilkens.com
try.fillytable.com
ttpre.eastus.cloudapp.azure.com
updata.flash-tool.ml
update-online.zevenet.art
update.checkavail.space
update.dockerlabsserver.com
update.iguyi.co
update.microsoftcenter.info
update.msupdateserver6.com
update.pinyin.pw
update03.microsoft-essentials.com
update1.jscachecdn.com
updatesecurity64win.org
updatesourcehealth.com
us-system89.com
v.autohome.com.cn
valvestrailer696.roman-indigo.com
web.kidork.net
welcome.toutiao.com
who.selfip.org
whoisdm.gotdns.com
winupdate10pack2048.net
wmjdvuif.limyonly.me
wustatwindows.com
x.ziper.xyz
xx1.utopis.best
xxx.vhvh.pw
yambanetsdev.net
yambanetsdev.org
yd.sougoucm.top

# Reference: https://www.virustotal.com/gui/ip-address/5.189.184.60/community

5.189.184.60:443

# Reference: https://www.virustotal.com/gui/file/afeeb22372b20402ba0c53911c9f041cbb226b6c23f8810ec1e8260bd7cd4b37/behavior

31.14.40.230:8092

# Reference: https://www.virustotal.com/gui/file/008767bbd69c1bd0d18314df6293798e8ed3ecd908866634a63fd83420daea2c/detection

http://63.33.199.16/s/ref=nb_sb_noss_1/

# Reference: https://www.virustotal.com/gui/file/fdbfcc2a911c6254940e85e7585e59080a223fd4b9ef79f4dac90c00af7dbc4a/detection

103.45.190.251:1234

# Reference: https://www.virustotal.com/gui/file/b4b5eb22599b3f9943ee8657909a01452037d3730e7297273c957715d63e3972/detection

207.148.92.158:8080

# Reference: https://www.virustotal.com/gui/file/975710e70381e722d9ed571a22a3222a68914c1e91b403788afd5b0e021787d6/detection

207.148.92.158:8081

# Reference: https://www.virustotal.com/gui/file/f1ea21e59884cb7bdc3420f1c6ce8c97d763ef1c0ed2247e5696f5a966711491/detection

47.244.164.226:10000

# Reference: https://www.virustotal.com/gui/file/f06a20618d4599fc557736d036bce5ccbb784388ee11a3d7fde4017bcccfb8d6/detection

121.196.37.91:8010

# Reference: https://www.virustotal.com/gui/file/f502884e8a6ef2cc811830293676c29fce4be340889da67a9f5d413bc92f7e52/detection

121.196.37.91:8888

# Reference: https://www.virustotal.com/gui/file/57ebdb3b16b672a28b609b4476cc1e1fa0f96e2e4e8d8f2dfc3a48874fcf350b/detection

129.211.16.123:60000

# Reference: https://www.virustotal.com/gui/file/93a20257f14097f4b3bf8267c5ac8a5ef0cfececcfcac337b9c5c49fa49f44ab/detection

129.211.16.123:4333

# Reference: https://www.virustotal.com/gui/file/bf61345462e0d820d88e8fb93a2f63031ebc29e353367ec437cbd3bbfff31a13/detection

129.211.16.123:10000

# Reference: https://www.virustotal.com/gui/file/6bd4a9e1da9b2a9e52fac310f1ff50bd9a7fe8f3d8be792c710365c99ec6d55b/detection

152.136.176.65:8888

# Reference: https://twitter.com/_pr4gma/status/1341843586728517633
# Reference: https://www.virustotal.com/gui/file/8a0a8a72069184d31abae3adc6a867a930611f5df82271358e0a9fed8a5f3a2d/detection

red.therclegalgroup.com

# Reference: https://twitter.com/cyb3rops/status/1342019965428367361
# Reference: https://tria.ge/201213-599sgkpmpa

85.143.222.15:8082

# Reference: https://www.virustotal.com/gui/file/6ce83b51d5c9c9fa299b3fcde0814ce6e8a374c62e445868ea8c5f7ce4985d5c/detection

47.108.170.28:8088

# Reference: https://www.virustotal.com/gui/file/4fde5a70ff36bfc1c732079fd36958a4466e379275ee02efd0ef9728534e9601/detection

3.22.15.135:17638
faisal3030.ddns.net

# Reference: https://www.virustotal.com/gui/file/5aaf8da807cf61bca67a66c8b538a9b97fba24ec0f757e0360ff560db19d7116/detection
# Reference: https://www.virustotal.com/gui/file/9573d746beede64ee2286aa614dc316883cfa9b5eba12429ab6239cb35b9b359/detection

192.119.106.91:23456

# Reference: https://www.virustotal.com/gui/file/fddf10a3e1dcc9d7c9d95e6159baf3b100c19c1d342873b27e5a2e63ec555324/detection

47.104.91.8:8888

# Reference: https://www.virustotal.com/gui/file/77b9b9f9949830980e6680fca41ce4af818fc1a38eb936da77c0c4adfffd6556/detection

47.104.91.8:443

# Reference: https://www.virustotal.com/gui/file/7f86ea562cf21d19b8e3a59ecb62bd1aeacc02546315684b8f2de5608bd115da/detection

47.104.91.8:8080

# Reference: https://www.virustotal.com/gui/file/8ea5693f2ac8ad4a28a7c25502b1f422e4e04a26596524db917b4186447b953b/detection

121.4.94.130:8034

# Reference: https://www.virustotal.com/gui/file/533386b0855d53bf66e81a938737cd121504311a88f24cdf9d1ee898e7171cc0/detection
# Reference: https://www.virustotal.com/gui/file/ad4d13f6984a35d48ffeb7d606b1ab144a873104f2c3e93f799e4985196a8575/detection

101.133.217.207:20222

# Reference: https://www.virustotal.com/gui/file/da1f6a50693771fcf5f5b3544d10aada0dc2821893ca3c6172bff15668ebd151/detection

154.222.29.211:8080

# Reference: https://www.virustotal.com/gui/file/4e6492eae15faa4024c52d4b1886f6fc8ad6b4b68eb942cb693deda082d8b8c3/detection

http://154.222.29.211/IE9CompatViewList.xml
http://154.222.29.211/LNaa

# Reference: https://www.virustotal.com/gui/file/7658e400e9c5d1e5560738eea9d032ea79f5c272c76b588d8f825fe3336d45a9/detection

88.119.175.125:3174

# Reference: https://www.virustotal.com/gui/file/87491c1e3daba5db3c7a56a8b483a5e04bd66c9f4542db19b4414430dcaf72e7/detection
# Reference: https://www.virustotal.com/gui/file/85479db32cbad5ac4943f3b4f76b3d1d72f07c0389d23c4eb60ef9b784b57a04/detection

195.54.160.99:6657

# Reference: https://www.virustotal.com/gui/file/8f00569e0eb53dedcac5e0d8aeb74dfa482bec126276d4c27e70ceac9f5ea9ca/detection

103.234.72.215:8080

# Reference: https://www.virustotal.com/gui/file/eec1c916f1e931d79feb7981f48b1eecc4603e8c2e4e553d8a9dc210aad1e432/detection

http://5.39.222.25/__utm.gif

# Reference: https://www.virustotal.com/gui/file/da86625cd482a9ba0700de17961179f4ce1bc360a88346a91568c2cd54e13d91/detection

5.39.222.25:8080

# Reference: https://www.virustotal.com/gui/file/61083e9fc8362f65e18ea6a5d512b346d084fe764ad69e03f7d7e12d33245ffd/detection

http://47.93.226.198/YSVZ
http://47.93.226.198/fwlink

# Reference: https://www.virustotal.com/gui/file/049344631b9858bcdeea2bd0d5b679687278f40a793486a65224336c2dc242ba/detection

47.93.226.198:10000
http://47.93.226.198/EfCn

# Reference: https://www.virustotal.com/gui/file/45205d6aab000767cb5ee3a19fff4a145c9b4996218bf66f63f5558f3bb2be91/detection

http://47.93.226.198/i9uE

# Reference: https://www.virustotal.com/gui/file/79d9f2a6c7fe8ccfaa35322597948bb9a7bb947bbc99c1622c7ba60dd9f85859/detection

http://47.93.226.198/vGk4

# Reference: https://www.virustotal.com/gui/file/1303e3200b5031db4c6cdd7f51e43b1a366c20c6acbc9132b807b5865ea59c1c/detection

http://47.93.226.198/YYWS

# Reference: https://www.virustotal.com/gui/file/2672aa7e5cd1fa2bc0c81b218226fa2832880cdd52b1d379af92d0bbe81a6753/detection

47.93.226.198:8080

# Reference: https://www.virustotal.com/gui/file/0450285a3ac8523f7e959541ddc74e08bb7b551e7e78687f00805f2fc238c7c1/detection

222.212.168.108:52443
askme911.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b68c8765cc47e5c4ce4b030c94a6f0f5f7376083946c5ba2ac2d3a104ddbccb6/detection

http://81.69.250.97/pixel.gif

# Reference: https://www.virustotal.com/gui/file/06ce332c8812f5e869c74cced97f8a8e6c42c08b1c303f93ba1f18cfc6a91458/detection

81.69.250.97:5656

# Reference: https://www.virustotal.com/gui/file/7ee4bb53f3678c5c8d712dda11cf2684fedf7fb03873663980fc41ff0721d195/detection

81.69.250.97:1234

# Reference: https://www.virustotal.com/gui/file/ee952dffe3f3a5742b552c593b94798fc4be1dd940d3718b8035b8a28714cf03/detection

118.193.35.15:8888

# Reference: https://www.virustotal.com/gui/file/6e8dec6420254b4343497fbc31f50e863a102c2b06e859453af36a6b99a81080/detection

3.134.39.220:19136

# Reference: https://www.virustotal.com/gui/file/6a22c9139edb7a90d91d76550c52c986ded74ea8a8df405ef2afbb2bf5a89494/detection

39.107.99.0:23456

# Reference: https://www.virustotal.com/gui/file/3afc9ed705caf53993d191bf00db031b921fad21bba56febeee478ce304d5666/detection

39.107.99.0:52864

# Reference: https://www.virustotal.com/gui/file/12b9dc3e2897f4bfc65708b51390fdb2dada0404516f5be095c6a6da596e5257/detection

47.245.2.100:4523

# Reference: https://www.virustotal.com/gui/file/e2a155c51150609d3c0cce905c8830310ba6bfd6c5fbf7aa906c0ac6d1f7e075/detection

47.245.2.100:81

# Reference: https://www.virustotal.com/gui/file/ea1c5a2b013ab2e1e4f76e96fce2ab581a1ee11f9fb1628e6703c45f97dcb4a9/detection

http://47.245.2.100/zv39
http://47.245.2.100/pixel.gif

# Reference: https://www.virustotal.com/gui/file/5b499094c887469dc56ea906a076394834c82e13f0b93ba7e5dfb6d43505bb7b/detection

http://47.245.2.100/QtLK
http://47.245.2.100/ca

# Reference: https://www.virustotal.com/gui/file/8c11abfe49cc1397541ed3b4f03560d8f96f8292f39f7c4277cdfed3ff5be377/detection

http://47.245.2.100/updates.rss

# Reference: https://www.virustotal.com/gui/file/acd6f1fb482ff2e0274c6bf097f48012aedca4951d455221235ac85edadec285/detection

47.245.2.100:13123

# Reference: https://www.virustotal.com/gui/file/4bc836fa83965d2fc603d139c0e6553c0f539cb9ff980a07de69747e04feb391/detection
# Reference: https://www.virustotal.com/gui/file/e9e6ae938921fbd854cb38e52f64da474e6adb217965a008f4ed4a3b2065368e/detection

34.92.81.162:12456
34.92.81.162:9898
47.245.2.100:9999

# Reference: https://www.virustotal.com/gui/file/f29c69e9822aa6633c358eb3a6e55e171f54e933efc325225bbc30e5238e1ff8/detection

47.245.2.100:8899

# Reference: https://www.virustotal.com/gui/file/320fe6d415747b6f1ba3899ff4cbc910136dd9887f99f62fb803ee6630a3264d/detection

http://34.92.81.162

# Reference: https://www.virustotal.com/gui/file/528ae32b0b52b7a9bb803a4d006c7b8bd6871225e9a14b00fad69264dfd7284a/detection

81.68.192.125:8080
81.68.192.125:8558

# Reference: https://www.virustotal.com/gui/file/2ce3888e486fc98b4b7d5da677a111ce96cfe2c0f47f11db1aa50f4ac6172d02/detection

47.93.12.104:8888

# Reference: https://www.virustotal.com/gui/file/923791962d5a174a2a636075bdbb6f0abb6d9f728eb21be211fe6718402f7e33/detection

47.98.99.151:7777

# Reference: https://www.virustotal.com/gui/file/cb36f7abbc2660c4f8c26e165268a4ab5c5b89588ff1aab2f52b52704d05431b/detection

47.98.99.151:9898

# Reference: https://www.virustotal.com/gui/file/bfb09ebae3494ac0ed08fdb77261e71310f881d912130bb7dd6b24130d6ad97a/detection

http://45.135.135.132/pixel

# Reference: https://www.virustotal.com/gui/file/e0ba514263a753790d707767ec5d7ef491e7721d7d2f1c0691f935cb8b5d3f79/detection

http://45.135.135.132/w9SZ
http://45.135.135.132/cm

# Reference: https://twitter.com/_re_fox/status/1343034361793425415

47.101.57.72:8001
47.101.57.72:8848

# Reference: https://www.virustotal.com/gui/file/800058511f439027d7fba4348135402474d7ddf8b51a5076329d85d9e68eb0c6/behavior/Lastline

123.59.120.251:443
123.59.120.251:4433
mhkbtwlkj.com

# Reference: https://www.virustotal.com/gui/file/dfc824d5451b966d2242d14c39d268e28e0fad2b572400be2682721b5c370e99/detection

microsoftupa.com
svchost.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/file/3a1731cae48d8f3447fddaceea4737cfc8a86b53d6f0dd4b5d7e84d68a79864b/detection
# Reference: https://www.virustotal.com/gui/file/226fabab71701d92daf735ed4220fd42341eda0aaf65f4d03f8338925418a459/detection

54.205.218.4:443
gov-hr-no-reply.org

# Reference: https://www.virustotal.com/gui/file/6218b70d242dc20aa4f6ba0d61d94999ceb50bfb2b7826e503a01c52c5ae5ccc/detection

172.93.165.241:443

# Reference: https://www.virustotal.com/gui/file/f6807250de51122bca88a4ac18b44690fe31dedc5246849821aeba08a9e2a46c/detection

47.97.110.173:8888

# Reference: https://www.virustotal.com/gui/file/af860c5e192c400117afcd2f8fde3cc90603de3b108efadf4e86462965c604eb/detection

http://47.97.110.173/en_US/all.js

# Reference: https://www.virustotal.com/gui/file/3ddfa9efb71cf9a05095f6c059951c286787f3b0af5de3098d2e4ec61268325a/detection

49.232.160.175:38999

# Reference: https://twitter.com/d4rksystem/status/1343965001032282118

103.45.120.54:54445
http://146.56.193.250/j.ad

# Reference: https://www.virustotal.com/gui/file/8502203c89498a3938c6fdb1593bc2ca04b0a2c31367ea0990939169cc626020/detection
# Reference: https://www.virustotal.com/gui/file/171fb3d8a390492fa8e7dcef11d62be3d0ea2b0799856880e9120da183a11f05/detection
# Reference: https://www.virustotal.com/gui/file/f91d7f0570ee3eadcf36763c6cf4ed4746f0c96e823a92aefd58fe99d7d60a63/detection
# Reference: https://www.virustotal.com/gui/file/de0c41531ff9391cbd08745461bf276385a47932051c0cb7d498f61546664ef6/detection
# Reference: https://www.virustotal.com/gui/file/4627a4781576ed5ab26744b8ff836a4fb9b7c83a852962e6e0519c0d65e051f8/detection

104.31.88.151:2086
104.31.88.151:2087
104.31.89.151:2087
172.67.148.251:2086
172.67.148.251:2087
microsoft.z652.com

# Reference: https://www.virustotal.com/gui/file/c642aaaf7f31b0ef49a026428ae8e7b36420283f713a6dca9a6d899ed9e04ec9/detection

8.210.75.7:1111

# Reference: https://www.virustotal.com/gui/file/53cf50030f3fe00d1e1170bb38f78d6e07b094402ab0f7b3f7b3a5875b24f1a0/detection

8.210.75.7:1113

# Reference: https://www.virustotal.com/gui/file/1dd4c93d5450c141d69037c1ec740e13112dfbdf96130d42b6b3e7380b5b2a40/detection

121.196.150.68:5555

# Reference: https://www.virustotal.com/gui/file/1af7207041d8e257cf207ec8c244c2cdb871fa21864388fbdf68a9cf9159d8ea/detection

121.196.150.68:5557

# Reference: https://www.virustotal.com/gui/file/6c7867aee3de6f58306af1762a9185ce4bf5bfec74aa7889414a192fa0bbca45/detection

120.131.10.194:8081

# Reference: https://www.virustotal.com/gui/file/ae73101edc3a19b7f85ead97f2b126ca3d7297b1b186fe4fa6558b50767e4968/detection
# Reference: https://www.virustotal.com/gui/file/6a2ea640f36f36d630a22ba4e70240abbe91f2aa7fb103853817c7d019dd59dd/detection

103.232.214.177:8087

# Reference: https://www.virustotal.com/gui/file/408a3ebea3b9b3cd1eeb99eb4fabf3f2fb6d0d0b40df6cf4b1c20286df23df5f/detection

93.180.156.77:443

# Reference: https://www.virustotal.com/gui/file/248d6b5e74d21a2bc3963faf085f80c9bcfa32c0719f3e5e5371d365e8892468/detection

93.180.156.77:8082

# Reference: https://www.virustotal.com/gui/file/d7ede69b96bd482cfaeffe0ee582b23f507a46237070c75c3b711d0be716538b/detection

micsoftin.us

# Reference: https://www.virustotal.com/gui/file/7391b25302b2488aa0bc6d4d52f4f4811d8d8f784f5262c53d5933a7c7580600/detection

104.24.106.22:8443
104.24.106.22:8880
mingpao.us

# Reference: https://www.virustotal.com/gui/file/d546daa385c1b05514c1a3a85bf536259660e650e20c09af41a2966a42e8a127/detection
# Reference: https://www.virustotal.com/gui/file/abd81e97006124b547bbb387de853b1990ff38a87dce3377a1e5e535d1b203d6/detection

nfdkjbfwjakd.ml

# Reference: https://www.virustotal.com/gui/file/ca02c24dbe1f0909cd13645a9919de5b2e59a40255b436e2caa4b3a27d4d9980/detection

173.234.25.74:53

# Reference: https://twitter.com/d4rksystem/status/1344327395487191040
# Reference: https://www.virustotal.com/gui/file/429004136495fcfc85a29e276f0b6ec4faf0c5018d246466a4b7e2e056443c83/detection
# Reference: https://www.virustotal.com/gui/file/e6600772ee983ecd6584ee472d76ed7c864b648a37d3bcab802cca8d64d44aa3/detection

http://115.159.35.235/AwPU
http://115.159.35.235/BuXN
http://115.159.35.235/load
http://115.159.35.235/sQBW

# Reference: https://www.virustotal.com/gui/file/8db1b325eb640e3e556abb4846a447e7f9378df093cf3fb1bf3dca22057d5aea/detection

149.248.6.193:2000

# Reference: https://www.virustotal.com/gui/file/1a0aa4e9b12b8902a93e15c2aac03b951dce662fe4234a5bdc11018703810059/detection

149.248.6.193:2008

# Reference: https://www.virustotal.com/gui/file/44da6b2802bf497c49233a61c0538282ec0f79dcb4f234a0ba7471fadfdbfa0d/detection

149.248.6.193:2009

# Reference: https://www.virustotal.com/gui/file/d2940094f2b7ce5c90a22c009a616f36db53abd6861b04daa076c02aa646298f/detection

149.248.6.193:2010

# Reference: https://www.virustotal.com/gui/file/9bf4965b4daccbf2252291b215630adc8eb345038e48b63ef3e92e9af35cf1ee/detection

149.248.6.193:4000

# Generic

/_/scs/mail-static/_/js/
# /s/ref=nb_sb_noss_1/  # Note: appears in regular cases - Amazon
/Simpletest?SimpleFuck=
/maps/overlaybfpr?q=
/IE9CompatViewList.xml
# /g.pixel  # Note: appears in regular cases - Google for "/adscores/g.pixel"
/hello/flash.php?id=
/windowsxp/updcheck.php?id=
