# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ScumBots/status/1052260096422625281

ryenylittleleague.azureedge.net

# Reference: https://twitter.com/ScumBots/status/1053342340012744705

call.sysapi.net

# Reference: https://twitter.com/ScumBots/status/1053341937271476224

yi4qsyaprvlbephz.onion.to

# Reference: https://twitter.com/ScumBots/status/1059443242612203520

mypsh.ddns.net

# Reference: https://twitter.com/ScumBots/status/1060034869013700608

rekt.onthewifi.com

# Reference: https://twitter.com/ScumBots/status/1061987878987816960

leon-de-bruxelle.com

# Reference: https://twitter.com/ScumBots/status/1062368314670891008

frontieredevie.fr

# Reference: https://twitter.com/ScumBots/status/1066171943399903232

epelix-63870.portmap.io

# Reference: https://twitter.com/ScumBots/status/1069302264974721024

alphatool.serveo.net

# Reference: https://twitter.com/ScumBots/status/1069654505636139017

meterpreter.serveo.net

# Reference: https://twitter.com/ScumBots/status/1070687543543386114

it-pro.serveo.net

# Reference: https://twitter.com/ScumBots/status/1074270423804723200

globalact.gq

# Reference: https://twitter.com/ScumBots/status/1075034205472653312

0.tcp.ngrok.io

# Reference: https://twitter.com/ScumBots/status/1078973915840552960

manage-shope.com

# Reference: https://twitter.com/ScumBots/status/1079066477289005057

amazon34.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1081939579693920257

rostelekom.pw

hack.localtunnel.digital-securite.ovh
digital-securite.ovh
kaliccbx.ddns.net

# Reference: https://twitter.com/ScumBots/status/1098326434274267142

195.3.146.86:443

# Reference: https://twitter.com/ScumBots/status/1098495046318542848

10.77.55.60:9991

# Reference: https://twitter.com/ScumBots/status/1100239578068328454

noticiasfinancieras.zapto.org

# Reference: https://twitter.com/ScumBots/status/1101069508419178503

46.29.163.222:9999

# Reference: https://twitter.com/ScumBots/status/1103395507546845190

leel.ddns.net

# Reference: https://twitter.com/ScumBots/status/1104348618335678464

104.145.231.114:8091

# Reference: https://twitter.com/ScumBots/status/1105065844005048321

91.211.88.131:5555

# Reference: https://twitter.com/ScumBots/status/1106460030218440709

95.179.235.70:443

# Reference: https://twitter.com/ScumBots/status/1106994800660807681

186.81.33.145:63000

# Reference: https://twitter.com/ScumBots/status/1107437718659891200

186.81.33.145:64000

# Reference: https://twitter.com/ScumBots/status/1107225070819332097

k.bank3.io

# Reference: https://twitter.com/ScumBots/status/1108808003829014530

noticiasfinancieras.zapto.org

# Reference: https://twitter.com/ScumBots/status/1110314175715311616

194.48.152.35:443

# Reference: https://twitter.com/ScumBots/status/1111334651430359040

198.18.133.111:8081

# Reference: https://twitter.com/ScumBots/status/1112449681454452736

159.89.214.31:42069

# Reference: https://twitter.com/ScumBots/status/1112450458700996608

193.161.193.99:40138

# Reference: https://twitter.com/ScumBots/status/1113317717300469760

95.213.251.165:7070

# Reference: https://twitter.com/ScumBots/status/1113955672138354688

186.81.33.145:64500

# Reference: https://twitter.com/ScumBots/status/1114833955822481408

151.80.60.117:6666

# Reference: https://twitter.com/ScumBots/status/1114849055501422593

47.95.251.134:8886

# Reference: https://twitter.com/ScumBots/status/1116428100286537728

78.192.98.226:4444

# Reference: https://twitter.com/ScumBots/status/1117790943208513537

52.15.72.79:14441

# Reference: https://twitter.com/ScumBots/status/1117793457999949824

5.19.4.164:4444

# Reference: https://twitter.com/ScumBots/status/1117808559637577730

52.15.72.79:10241

# Reference: https://twitter.com/ScumBots/status/1118058956298051584

185.242.21.78:80

# Reference: https://twitter.com/ScumBots/status/1118261545220345856

159.89.214.31:4343

# Reference: https://twitter.com/ScumBots/status/1119448112613986305

193.161.193.99:39125

# Reference: https://twitter.com/ScumBots/status/1119987918247006209

18.216.53.253:11712

# Reference: https://twitter.com/ScumBots/status/1120279841763483649

52.14.61.47:17369

# Reference: https://twitter.com/ScumBots/status/1121470183523201026

52.14.61.47:19552

# Reference: https://twitter.com/ScumBots/status/1121854255898472453

87.223.180.106:4444

# Reference: https://twitter.com/ScumBots/status/1121891714321518593

170.70.41.120:8080

# Reference: https://twitter.com/pmelson/status/1123226187348705281

193.161.193.99:34346

# Reference: https://twitter.com/ScumBots/status/1123531266593312774

185.202.174.118:80

# Reference: https://twitter.com/ScumBots/status/1124651146621194241

88.99.59.176:666

# Reference: https://twitter.com/ScumBots/status/1125841489181978625

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1126122085405921280

194.5.250.129:443

# Reference: https://twitter.com/ScumBots/status/1126466859258327042

check.wittmann-it-security.org

# Reference: https://twitter.com/ScumBots/status/1131387542715150336

18.223.41.243:12432

# Reference: https://twitter.com/ScumBots/status/1132894210573643777

134.209.84.8:8082

# Reference: https://twitter.com/ScumBots/status/1133583150750343168

109.150.206.190:443

# Reference: https://twitter.com/ScumBots/status/1135807664200527873

193.161.193.99:54015

# Reference: https://twitter.com/ScumBots/status/1141761391621283846

46.177.202.34:5151

# Reference: https://twitter.com/ScumBots/status/1141794546570997760

91.200.103.24:443

# Reference: https://twitter.com/ItsReallyNick/status/1014522001900306433
# Reference: https://www.virustotal.com/gui/file/457282edec9eb312d6d99644c4a7c097b4c8984a023e255a5942b5dab5635a56/detection

52.17.157.98:445

# Reference: https://twitter.com/pmelson/status/1143536066781204481

aaa.stage.13171101.lol.intepi.net

# Reference: https://twitter.com/pmelson/status/1143527997888180234

179.43.160.219:80

# Reference: https://twitter.com/ScumBots/status/1143807370969210883

3.14.212.173:18032

# Reference: https://twitter.com/ScumBots/status/1143959624430829570

54.36.163.79:80

# Reference: https://twitter.com/ScumBots/status/1145504975939866624

116.206.228.203:7834

# Reference: https://twitter.com/ScumBots/status/1148985146550493188

190.166.86.4:4444

# Reference: https://twitter.com/ScumBots/status/1149750278842912768

194.99.22.146:443

# Reference: https://twitter.com/ScumBots/status/1150554457668751360

146.255.150.56:4444

# Reference: https://twitter.com/ScumBots/status/1151144078215700480

103.242.237.110:4446

# Reference: https://twitter.com/ScumBots/status/1151148452652421121

kurosan.ddns.net

# Reference: https://twitter.com/ScumBots/status/1151145809108512769

78.193.216.186:4446

# Reference: https://twitter.com/ScumBots/status/1151906993810083842

52.14.249.189:8080

# Reference: https://twitter.com/ScumBots/status/1156103391753506821

3.14.212.173:12313

# Reference: https://twitter.com/ScumBots/status/1156359755281195008

3.17.202.129:12313

# Reference: https://twitter.com/ScumBots/status/1156840752342818818

185.207.205.12:28741

# Reference: https://twitter.com/ScumBots/status/1157218238041866240

185.207.205.12:28742

# Reference: https://twitter.com/ScumBots/status/1159527654225301506

149.6.167.58:443

# Reference: https://twitter.com/ScumBots/status/1160356057207713792

95.144.8.33:4444

# Reference: https://twitter.com/ScumBots/status/1160550196004237312

3.19.3.150:12081

# Reference: https://twitter.com/ScumBots/status/1160550327273295872

3.14.212.173:12081

# Reference: https://twitter.com/ScumBots/status/1160537610718253056

18.223.41.243:19419

# Reference: https://twitter.com/ScumBots/status/1161082450140958720

194.5.250.105:443

# Reference: https://twitter.com/ScumBots/status/1161967029018071046

attem83.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1162058130307584002

153.73.72.79:4444

# Reference: https://twitter.com/ScumBots/status/1165093924517625856

185.244.150.240:443

# Reference: https://twitter.com/ScumBots/status/1165422297328619521

18.223.41.243:12313

# Reference: https://twitter.com/ScumBots/status/1165808947657420800

18.223.41.243:15578

# Reference: https://twitter.com/ScumBots/status/1166415604384972800

18.223.41.243:14529

# Reference: https://twitter.com/ScumBots/status/1167576493758791681

45.45.76.113:1337

# Reference: https://twitter.com/ScumBots/status/1170326258372218880

82.102.24.42:4444

# Reference: https://twitter.com/ScumBots/status/1170357503370170368

104.154.246.115:443

# Reference: https://twitter.com/ScumBots/status/1171978786507808768

amazon34.duckdns.org

# Reference: https://twitter.com/i/status/1172612874708996096
# Reference: https://app.any.run/tasks/a2ddc0ed-5c0f-409e-bf26-457a9237ce3d/

159.246.29.114:443

# Reference: https://twitter.com/ScumBots/status/1173444749287710720

onezero0.net

# Reference: https://twitter.com/ScumBots/status/1176404662653730817

141.255.159.11:4444

# Reference: https://twitter.com/ScumBots/status/1178475870652116994

185.61.148.70:443

# Reference: https://twitter.com/VK_Intel/status/1179450328900685831

91.214.124.20:80

# Reference: https://twitter.com/ScumBots/status/1180077281714348033

45.62.225.56:443

# Reference: https://twitter.com/ScumBots/status/1180114767970803712

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1180121450092617728

27.164.5.106:16728

# Reference: https://twitter.com/ScumBots/status/1180887202265489409

185.92.74.29:4444

# Reference: https://twitter.com/ScumBots/status/1180977806920036353

185.92.74.29:35555

# Reference: https://twitter.com/ScumBots/status/1181239022875824131

3.17.202.129:13147

# Reference: https://twitter.com/ScumBots/status/1181435313270525953

psycho.ooguy.com

# Reference: https://twitter.com/ScumBots/status/1183274933348192258

tronium.ddns.net

# Reference: https://twitter.com/ScumBots/status/1183654188192014337

3.19.3.150:19416

# Reference: https://twitter.com/pmelson/status/1184143380294619137

137.218.255.213:22849

# Reference: https://twitter.com/ScumBots/status/1186090265611767808

193.161.193.99:49202

# Reference: https://twitter.com/ScumBots/status/1186624502945517569

3.92.243.227:4444

# Reference: https://twitter.com/ScumBots/status/1188695655608455173

76.218.94.80:4444

# Reference: https://twitter.com/ScumBots/status/1190274811139969024

18.223.41.243:17192

# Reference: https://twitter.com/ScumBots/status/1190807095806963713

18.223.41.243:19650

# Reference: https://twitter.com/DidierStevens/status/1192870847217840131

3.134.31.210:8080

# Reference: https://twitter.com/ScumBots/status/1193726301967917057

18.188.14.65:14404

# Reference: https://twitter.com/ScumBots/status/1195001191253643270

5.175.214.20:18880

# Reference: https://twitter.com/ScumBots/status/1195118477520121856

5.94.121.244:4444

# Reference: https://twitter.com/ScumBots/status/1195564311982354433

192.241.132.33:4433

# Reference: https://twitter.com/ScumBots/status/1195729497934508035

186.10.116.109:4455

# Reference: https://twitter.com/ScumBots/status/1196883776405725191

df98fdslkjfs.red

# Reference: https://twitter.com/ScumBots/status/1197508727001305089

85.152.6.30:8080

# Reference: https://twitter.com/ScumBots/status/1200520713536491520

185.174.172.201:443

# Reference: https://twitter.com/ScumBots/status/1200716613202391040

193.161.193.99:56282

# Reference: https://twitter.com/ScumBots/status/1200720388281569280

192.241.133.27:4466

# Reference: https://twitter.com/ScumBots/status/1201587934127886338

telastex.net

# Reference: https://twitter.com/ScumBots/status/1201978181139550210

24.52.217.77:5443

# Reference: https://twitter.com/ScumBots/status/1203528860098281472

updateqdb.com

# Reference: https://twitter.com/ScumBots/status/1204219193698267146

134.209.84.8:8082

# Reference: https://twitter.com/ScumBots/status/1204414044804800517

92.84.116.3:1911

# Reference: https://twitter.com/ScumBots/status/1206925775464796163

18.188.14.65:12260

# Reference: https://twitter.com/ScumBots/status/1210387460083073025

217.80.20.213:1515

# Reference: https://www.virustotal.com/gui/file/cfc2bd30cdeacd9c3a91259f0013778d4e5436871e929f10c1cd8d7b14b041a7/detection

18.223.41.243:18113
3.17.202.129:18113
3.19.3.150:18113

# Reference: https://www.virustotal.com/gui/file/0320d90a95fbb080763f71deb3148f32bf78abf8f10286dcf118c0e36a936292/detection

3.14.212.173:4040
3.17.202.129:16416

# Reference: https://www.virustotal.com/gui/file/b537f1d14d0524c436532ea2be7d0fe51ce543886b477a8517480fc68dc57a6b/detection

3.17.202.129:13841

# Reference: https://www.virustotal.com/gui/file/95f1ea0b38a61e7778ef017e091206f99f13ded7ddf2fc36a20de8da70055e12/detection

3.17.202.129:12010

# Reference: https://www.virustotal.com/gui/file/70bba627efb3ff53f0175adc91f8475fbaf2a7cad3d6a804b80d75abe7381b74/detection

3.14.212.173:15905

# Reference: https://www.virustotal.com/gui/file/3e4e78dd9cbddd1800d0891ef95f6f5bda212bcbb1a069f2fbaaba3668ac85f7/detection

3.14.212.173:12734

# Reference: https://www.virustotal.com/gui/file/a3ed5434cd0962e13e85377f3e2737b027d75f46445ce2410dc5538164242be9/detection

3.17.202.129:17299
3.19.114.185:17299

# Reference: https://www.virustotal.com/gui/file/695b9ca3cd336e0372732e0d5227ca0e58da1dfc3298615e9c0ace25cb1baf3d/detection

18.188.14.65:15344
3.17.202.129:15344

# Reference: https://www.virustotal.com/gui/file/27b0e998a7920147e7d58753f1d8d96dbbaec541076e5361a04324a9753081f2/detection

3.14.212.173:17035
3.17.202.129:17035

# Reference: https://www.virustotal.com/gui/file/14fe05562eeefb83448360308522709a31db34955de01bca438965af343c66a6/detection

18.223.41.243:11265

# Reference: https://www.virustotal.com/gui/file/5638ed9a9d4ea35e861d344441a2e5b1e4cdcfc358c8c7dd077574dd49657a3d/detection

96ac532a.ngrok.io

# Reference: https://www.virustotal.com/gui/file/cd8b19cbe08a2ace933b9f3e631d4752c1f8f56e04646c03510877cda5c87e3d/detection

193.161.193.99:49202

# Reference: https://www.virustotal.com/gui/file/13843c62906ce22307c6861b25b5e8672aa1766f4e41cb425a0c9468a6823085/detection

193.161.193.99:63420

# Reference: https://www.virustotal.com/gui/file/25cd26e740426b51a966a2c1c4888496c27bba7abf12589fae98394f3550e027/detection

3.19.3.150:15492

# Reference: https://www.virustotal.com/gui/file/cfc2bd30cdeacd9c3a91259f0013778d4e5436871e929f10c1cd8d7b14b041a7/detection

18.223.41.243:18113
3.17.202.129:18113
3.19.3.150:18113

# Reference: https://www.virustotal.com/gui/file/66bc47048c508f0bde60a88deb339e914b6f3c60bb1b2256e83d118bf3dad928/detection

3.19.3.150:80

# Reference: https://www.virustotal.com/gui/file/4c63034454f490a8ed01a7685e1606d32da5e7f301d3538bccf4f7de5e41bd66/detection

3.19.3.150:19416

# Reference: https://www.virustotal.com/gui/file/2bb71dbfb2ccf9eddb7143437a2b430181d472fce6b819426b8c4e3ce1f5bf82/detection

3.19.3.150:11036

# Reference: https://www.virustotal.com/gui/file/c7157233ddc1df83112d6eb3466180b3347f1069d8b878d424747508ccd9d949/detection

3.19.114.185:15344
3.19.3.150:15344

# Reference: https://www.virustotal.com/gui/file/8835a022439a0b630a2c2eba40b9bcf0432cb8d68d7a0060a1a44246cec29ab2/detection

3.19.3.150:11317

# Reference: https://www.virustotal.com/gui/file/7d60fd1bbf98b86ead194f76bf4413f9a70b91567037c015156a5c70d7c7a5eb/detection

3.19.3.150:29038

# Reference: https://www.virustotal.com/gui/file/bc4689aab804e44f23cf60bb9bc4c17bd68b73224f7267d1a0d41c3d55af4458/detection

185.101.92.3:1777

# Reference: https://www.virustotal.com/gui/file/218d24468418a0b6fd800a464ba64aeea42add82a11c284ee094076555c3d237/detection

trszrfea.ddns.net

# Reference: https://www.virustotal.com/gui/file/73562ccfd6dc94c59dcd691aceccdf1eeee089ff69a041234f3bf65dc218bbab/detection

185.101.92.3:8636

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1213831684791123969

23.227.207.185:444

# Reference: https://twitter.com/ScumBots/status/1215378978212646927

107.191.46.239:14293

# Reference: https://twitter.com/ScumBots/status/1217633122059259905

newsrecordmusic112.monster

# Reference: https://twitter.com/ScumBots/status/1217920265478459395

194.99.22.145:443

# Reference: https://twitter.com/ScumBots/status/1217922012481556480

45.153.186.51:443

# Reference: https://twitter.com/ScumBots/status/1217872955310530560

185.244.150.5:4444

# Reference: https://twitter.com/ScumBots/status/1218660424876462082

137.224.106.4:73

# Reference: https://twitter.com/ScumBots/status/1218849343442210816

3.17.202.129:11591

# Reference: https://www.virustotal.com/gui/file/c15ecbb84c15839556f39589f7f513dc3785b5ac727ba26f2d29b9993661696f/detection

185.27.134.11:24004

# Reference: https://twitter.com/ScumBots/status/1219796839031103494

165.227.61.185:443

# Reference: https://twitter.com/ScumBots/status/1219988825130356736
# Reference: https://www.virustotal.com/gui/domain/officestorage.org/relations

185.245.84.106:443
officestorage.org

# Reference: https://twitter.com/ScumBots/status/1219998021926182924

185.165.168.226:443
virtualofficeroom.com

# Reference: https://twitter.com/ScumBots/status/1220180618132316160

fearlesslyhuman.org

# Reference: https://twitter.com/ScumBots/status/1190345274872532993

c2.virus.eu

# Reference: https://twitter.com/ScumBots/status/1183048566929002496

3.8.236.109:443

# Reference: https://twitter.com/ScumBots/status/1218566229264343041

autodiscover.cisco-gateway.com

# Reference: https://www.virustotal.com/gui/file/09f1ee55ee6d228e8bca7120191ef4160294a2b45743ba2b52449f4bd6fd730f/detection (# Nishang)

3.17.202.129:16437

# Reference: https://twitter.com/ScumBots/status/1220945633625935872 (# Nishang)

3.17.202.129:11353

# Reference: https://twitter.com/ScumBots/status/1220945728811552773 (# Nishang)

3.17.202.129:17008

# Reference: https://twitter.com/ScumBots/status/1220946013600518144 (# Nishang)

3.17.202.129:17413

# Reference: https://twitter.com/ScumBots/status/1220945586955964418 (# Nishang)

3.17.202.129:19355

# Reference: https://twitter.com/ScumBots/status/1220945824517173248 (# Nishang)

3.17.202.129:14901

# Reference: https://twitter.com/ScumBots/status/1220945776081326085 (# Nishang)

3.17.202.129:12022

# Reference: https://twitter.com/ScumBots/status/1220945964506107904 (# Nishang)

3.17.202.129:16264

# Reference: https://twitter.com/ScumBots/status/1220945917223874561 (# Nishang)

3.17.202.129:18777

# Reference: https://twitter.com/ScumBots/status/1220945680551895040 (# Nishang)

3.17.202.129:16437

# Reference: https://twitter.com/ScumBots/status/1220945870386012160 (# Nishang)

3.17.202.129:10146

# Reference: https://twitter.com/ScumBots/status/1221394913562124289 (# Nishang)

3.17.202.129:18163

# Reference: https://twitter.com/ScumBots/status/1221410012804911105 (# Nishang)

3.17.202.129:12205

# Reference: https://twitter.com/ScumBots/status/1221437692157865984 (# Nishang)

3.17.202.129:11916

# Reference: https://twitter.com/ScumBots/status/1221445243301715970 (# Nishang)

3.17.202.129:15404

# Reference: https://twitter.com/ScumBots/status/1221467894363705344 (# Nishang)

3.17.202.129:15173

# Reference: https://twitter.com/ScumBots/status/1222242996755845120 (# Nishang)

3.17.202.129:19733

# Reference: https://twitter.com/ScumBots/status/1222265648564273153 (# Nishang)

3.17.202.129:10418

# Reference: https://twitter.com/ScumBots/status/1222532412279808000 (# Nishang)

3.17.202.129:10740

# Reference: https://twitter.com/ScumBots/status/1222597835474030592 (# Nishang)

3.17.202.129:17202

# Reference: https://twitter.com/ScumBots/status/1222814262403399680 (# Nishang)

3.17.202.129:11400

# Reference: https://twitter.com/ScumBots/status/1223586875371401217 (# Nishang)

3.17.202.129:14379

# Reference: https://twitter.com/ScumBots/status/1223654823356256256 (# Nishang)

3.17.202.129:15404

# Reference: https://twitter.com/ScumBots/status/1223994559912464386 (# Nishang)

3.17.202.129:14766

# Reference: https://twitter.com/ScumBots/status/1223994628220866560 (# Nishang)

3.17.202.129:15676

# Reference: https://twitter.com/ScumBots/status/1222207486062735363

82.31.142.196:80
whipped.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1222451876064526337

45.32.72.237:443

# Reference: https://twitter.com/ScumBots/status/1222517422483288065

bankingadvice.net

# Reference: https://twitter.com/ScumBots/status/1222576942748250114

27.4.98.173:443

# Reference: https://www.virustotal.com/gui/file/f5f0d36874f9e69329601f2334b6d4f218bafe857b3cbb5f9e8ad13d328f0d51/detection

weirdly.crabdance.com

# Reference: https://www.virustotal.com/gui/file/611e4ecdf7e7db5e2308f3af69d01a4a28866aa3b434d77f7a2b7a95a8faf292/detection

194.5.98.139:444

# Reference: https://www.virustotal.com/gui/file/bb11f097959ea9c8854e064fb63008f0fd3916f13ad9437762b133663613b56d/detection

178.124.140.147:444

# Reference: https://twitter.com/ScumBots/status/1223577316024115200

51.159.56.13:32042

# Reference: https://www.virustotal.com/gui/file/f5f0d36874f9e69329601f2334b6d4f218bafe857b3cbb5f9e8ad13d328f0d51/detection

185.148.241.50:444

# Reference: https://twitter.com/ScumBots/status/1225790150564859905

18.223.41.243:14272

# Reference: https://twitter.com/ScumBots/status/1225807757019840512

18.223.41.243:14272

# Reference: https://twitter.com/pmelson/status/1226248009786236928

58.96.92.95:38900

# Reference: https://twitter.com/ScumBots/status/1226278360436924416

renovatesystem.com

# Reference: https://www.virustotal.com/gui/file/cb4778c05f0c2635000bd05e42070994568e9e4d992e32536c406217fb5b063e/detection

185.101.92.3:1204
danger11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/143aea5d387c714790accdfa13a9cd0f6eef6b7b957b5c3b2f3a9e4e3e03c4b5/detection

27.63.179.85:1202

# Reference: https://www.virustotal.com/gui/file/3b436a5c83b85b2734a34367a488d7ea59b086708b5c2c2582265607fab36adf/detection

185.101.92.3:1209
27.63.162.41:1209

# Reference: https://twitter.com/ScumBots/status/1226967904626913281

46.119.226.171:4444

# Reference: https://twitter.com/ScumBots/status/1226906959946899457

94.156.189.250:443

# Reference: https://twitter.com/ScumBots/status/1228827730038398977

185.147.15.22:443

# Reference: https://twitter.com/ScumBots/status/1229078059871096832
# Reference: https://www.virustotal.com/gui/file/a1c29c076b654c070bad23d0d49018e7e6b54bf4cc942da9b59aec6c7f086d26/detection

139.59.145.48:80

# Reference: https://twitter.com/ScumBots/status/1229751243075092487

137.224.106.4:73

# Reference: https://twitter.com/ScumBots/status/1229647311187386368

3.17.148.164:4444

# Reference: https://twitter.com/ScumBots/status/1231132845567025152

41.242.125.159:9326

# Reference: https://twitter.com/ScumBots/status/1231146688389242881

46.19.138.139:8080

# Reference: https://www.virustotal.com/gui/ip-address/45.66.250.11/relations

45.66.250.11:443
45.66.250.11:80

# Reference: https://twitter.com/ScumBots/status/1232300541243535364
# Reference: https://www.virustotal.com/gui/ip-address/209.97.190.80/relations

209.97.190.80:80

# Reference: https://twitter.com/ScumBots/status/1232427628751179778

2.58.47.203:51022

# Reference: https://twitter.com/ScumBots/status/1232842863211315202

empire.hillsclerk.us

# Reference: https://twitter.com/ScumBots/status/1232864255902470145

203.132.95.52:4444

# Reference: https://twitter.com/ScumBots/status/1233415444608036870

45.77.65.211:443

# Reference: https://app.any.run/tasks/e84e3cdc-9ba0-4756-ab1d-fcd49627310a/

3.19.3.150:19011
3.19.3.185:19011

# Reference: https://app.any.run/tasks/41e07e9b-b2c7-4a68-a753-bac8af8b5129/

18.223.41.243:19011

# Reference: https://app.any.run/tasks/7f128fa7-fb0d-4dee-9030-838756962045/

3.17.202.129:16276

# Reference: https://app.any.run/tasks/a24f9f91-7f49-4c39-9fd7-a201823e0dd3/

18.223.41.243:17037

# Reference: https://app.any.run/tasks/be1bef6c-d7e1-48bd-8615-36ae937e5149/

51.79.13.195:443

# Reference: https://app.any.run/tasks/d28a0271-4c99-41db-b465-6b8f491be0f7/

18.188.14.65:17085

# Reference: https://app.any.run/tasks/b2e3dce5-0431-49b8-bfa9-755ede26669f/

3.17.202.129:17085

# Reference: https://app.any.run/tasks/45c2192e-d4aa-4c9f-8023-df08ce3fe263/

18.223.41.243:17085

# Reference: https://app.any.run/tasks/caee7291-f505-434f-9776-f3823f800924/

3.19.3.150:19926

# Reference: https://app.any.run/tasks/614143b4-f937-4440-a6fa-75104cbe3749/

3.19.3.150:17085

# Reference: https://app.any.run/tasks/371b7c11-6ca7-4b47-9c7f-3fb2a2925778/

18.223.41.243:19926

# Reference: https://app.any.run/tasks/b78b0de3-6fec-48ed-8fec-2b89eded1ccf/

18.223.41.243:12297

# Reference: https://app.any.run/tasks/4d8c492a-5e93-44a2-ae25-de5b0c42995a/

3.19.114.185:19926

# Reference: https://app.any.run/tasks/3fc8bb68-e8c2-4fa7-933b-f4d2f3311f86/

3.19.114.185:12297

# Reference: https://app.any.run/tasks/ff1c77ac-741d-4fe3-88f2-078703b8b554/

3.19.3.150:13705

# Reference: https://app.any.run/tasks/2b671d09-a141-4182-89fc-8b22f82ce17c/

18.188.14.65:18003

# Reference: https://app.any.run/tasks/919c78ff-42e7-4a31-bf86-e049acd51087/

3.17.202.129:18460

# Reference: https://app.any.run/tasks/20629c84-f053-43b8-92f6-a5ac72e0ec0e/

3.19.3.150:14975

# Reference: https://app.any.run/tasks/8042e101-7155-420d-9341-d3465ca67200/

5.199.167.188:443

# Reference: https://app.any.run/tasks/02bec560-ffa8-4dd1-a454-0ed53a8e5477/

18.223.41.243:17697

# Reference: https://app.any.run/tasks/d32fdbff-318b-47f7-a4fb-b6a0ea43dd31/

45.147.230.255:443

# Reference: https://app.any.run/tasks/27766850-f078-4c83-b3b9-efb0555102a5/

95.179.223.7:443

# Reference: https://app.any.run/tasks/1f8f95bd-c468-44df-a85d-a12db4b6bec5/

23.227.207.185:444

# Reference: https://app.any.run/tasks/4bcf6d77-73c1-474b-880d-8336b4e2b684/

5.252.176.28:443

# Reference: https://app.any.run/tasks/47215b69-0652-4d00-a3b7-b0105d8bc6f8/

154.194.3.229:443

# Reference: https://app.any.run/tasks/56966ffa-ce51-43ee-b0f3-ea4d7255700b/

106.13.161.43:8008

# Reference: https://app.any.run/tasks/dbabc592-e5ba-4aac-baa2-cab401522d58/

108.62.141.34:443

# Reference: https://app.any.run/tasks/41364a08-e861-4c8b-8667-191853c31580/

91.214.124.64:443

# Reference: https://app.any.run/tasks/ee44f6c0-2aeb-4850-ae2f-3ffdba532096/

79.137.36.9:4444

# Reference: https://app.any.run/tasks/40c32568-72c6-49fe-b168-a9dbe611d15a/

37.48.83.137:443

# Reference: https://app.any.run/tasks/41511d60-4804-4d84-83d8-b17b58e8d119/

47.95.210.165:8088

# Reference: https://twitter.com/ScumBots/status/1235898016126636032

amazn.cloud

# Reference: https://twitter.com/ScumBots/status/1237294702384291840
# Reference: https://www.virustotal.com/gui/file/2fce54f19cc11e9bea9a18952cae872d43d22bfba1e3bbb393ed9a94cd41ac0e/detection

manulife.ca-syschk.net

# Reference: https://twitter.com/James_inthe_box/status/1237491709824516096
# Reference: https://twitter.com/ScumBots/status/1237494768000614400

107.4.90.214:666

# Reference: https://twitter.com/ScumBots/status/1237851828500365317
# Reference: https://www.virustotal.com/gui/file/6c97dbef34d64b48f0f774e458bbc25f38b902b3c2f3e819e3b276c781511603/detection

newsrecordmusic112.monster

# Reference: https://twitter.com/ScumBots/status/1237898455797792769

185.92.74.29:35555

# Reference: https://twitter.com/ScumBots/status/1237898529734967298

185.211.245.139:8744

# Reference: https://twitter.com/ScumBots/status/1237898605979025409

ahost.rythmstick.net

# Reference: https://twitter.com/ScumBots/status/1238045901559607296

3.120.130.166:4444

# Reference: https://twitter.com/ScumBots/status/1238198152789966850

217.182.54.208:5490

# Reference: https://twitter.com/ScumBots/status/1238427161482211328

77.72.131.69:443

# Reference: https://twitter.com/malwrhunterteam/status/1238433863862550535

34.217.82.194:4444

# Reference: https://twitter.com/ScumBots/status/1238564315239768065

68.202.129.2:444

# Reference: https://twitter.com/ScumBots/status/1238761868623306752

54.80.171.208:8080
emp.fourhorsemen.tech

# Reference: https://twitter.com/ScumBots/status/1238764388259168257

bankingadvice.net

# Reference: https://www.virustotal.com/gui/file/daab59d033ea03ebeb8a80666895c703f84be5e55d0652d28018c38419b0b1b7/detection

79.134.225.87:7519

# Reference: https://twitter.com/ScumBots/status/1239777308426350592

LostSec.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1239831415941988352
# Reference: https://www.virustotal.com/gui/ip-address/83.171.237.192/relations

83.171.237.192:443

# Reference: https://twitter.com/ScumBots/status/1239828901699948544

185.189.183.47:443

# Reference: https://twitter.com/ScumBots/status/1241030568860672000

78.98.10.243:6969

# Reference: https://twitter.com/ScumBots/status/1241330107983237120

193.161.193.99:48650

# Reference: https://www.virustotal.com/gui/file/0102a1e5c866802c447fd541a064deb0649989766797fce6c66710661644a2ae/detection

3.135.90.78:19505

# Reference: https://twitter.com/ScumBots/status/1242039722723196928

185.244.30.75:5544

# Reference: https://twitter.com/ScumBots/status/1242403412077096961

youtube-au.com

# Reference: https://twitter.com/ScumBots/status/1242561911541182464

45.147.229.143:1499

# Reference: https://twitter.com/ScumBots/status/1243837813843537920

3.90.140.45:8080
emp.fourhorsemen.tech

# Reference: https://twitter.com/ScumBots/status/1243842847016615936

3.133.136.228:8080

# Reference: https://twitter.com/ScumBots/status/1243835299656056832

195.2.92.129:8080

# Reference: https://twitter.com/ScumBots/status/1243832784256487424

119.28.226.59:8080

# Reference: https://twitter.com/ScumBots/status/1244671656490078211

193.161.193.99:25820

# Reference: https://twitter.com/ScumBots/status/1244679610975105033

193.161.193.99:59646

# Reference: https://twitter.com/ScumBots/status/1244677096301105153

193.161.193.99:5555

# Reference: https://twitter.com/ScumBots/status/1244671587292532738
# Reference: https://www.virustotal.com/gui/file/871931280a302e93984da3c771823100ac5bba0d8f57b0fb9311966f58563de3/detection

139.162.161.211:11320
139.162.161.211:12130

# Reference: https://twitter.com/notajungman/status/1245737937419079680
# Reference: https://app.any.run/tasks/92024127-dfc1-43eb-8f67-f06cd80c473a/

us.palodevops.com

# Reference: https://www.virustotal.com/gui/file/03dd215f9bea6267537736d045f61cd1168e18a1e713550a5d4b847a8dbd563d/detection

171.5.183.76:2516
171.5.188.210:2516
flukez.ddns.net

# Reference: https://twitter.com/ScumBots/status/1250583513147064321

pastebin-sucks-now.biz

# Reference: https://twitter.com/ScumBots/status/1251780150959788032

134bd4b7.ngrok.io

# Reference: https://www.virustotal.com/gui/file/7829b5e1783d04dbbf18d2f482ca5a231c706b06183d53138c8561b0f60d1101/detection

141.255.154.68:4444

# Reference: https://www.virustotal.com/gui/file/86fca38ef2f17c94467cacf4a016c4f1e72d43ca847b99ee04244a4395029892/detection

77.223.232.41:8080

# Reference: https://twitter.com/ScumBots/status/1257468572051353605

sumo.twcug.net

# Reference: https://twitter.com/ScumBots/status/1257510386238177281

162.241.114.106:443

# Reference: https://twitter.com/ScumBots/status/1257510600827121667

3.19.3.150:18415

# Reference: https://app.any.run/tasks/cdb3201c-b063-436f-872a-7527ec118ed9/

41.141.56.139:4444

# Reference: https://twitter.com/ScumBots/status/1258790257610424321

93.26.183.236:4444

# Reference: https://twitter.com/ScumBots/status/1258817981817196544

45.132.73.167:8443
macloud.xyz

# Reference: https://twitter.com/ScumBots/status/1259090833191702529

3.17.202.129:11868

# Reference: https://twitter.com/ScumBots/status/1259699832136052741

3.137.63.131:19019

# Reference: https://twitter.com/ScumBots/status/1260003082605416448

46.21.147.111:443

# Reference: https://twitter.com/ScumBots/status/1260420191453941760

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/aa4c0c3573390beac0d610b51e665dddd3067593b9e3e642b84a84f08362591d/detection

microsoft-support.servehttp.com

# Reference: https://twitter.com/ScumBots/status/1260854950021812224

52.137.10.66:8080
frogoveryoureyes-2.workisboring.com

# Reference: https://twitter.com/ScumBots/status/1261694398456385536

58.186.22.82:3189

# Reference: https://www.virustotal.com/gui/file/5af0920fe7e468368563aed81c3f8bf00124a8480f2cd42cb9f3ab90229cd485/detection

utils.oss-cn-beijing.aliyuncs.com

# Reference: https://twitter.com/ScumBots/status/1263936676969275393

18.188.14.65:15252

# Reference: https://twitter.com/ScumBots/status/1263935061122039816

3.19.3.150:16128

# Reference: https://www.virustotal.com/gui/file/73f27d0736457997141cde9bbedfa5e7f5a3706282d1999e00f8b1629ee5797a/detection

starpingisd.net

# Reference: https://twitter.com/ScumBots/status/1264926396155154432

3.20.98.123:10343

# Reference: https://twitter.com/ScumBots/status/1265588641168003072

3.19.3.150:10038

# Reference: https://twitter.com/ScumBots/status/1267184160013275137

3.137.63.131:12405

# Reference: https://twitter.com/ScumBots/status/1267184230142029827

3.137.63.131:16051

# Reference: https://twitter.com/ScumBots/status/1270078224119345157

netconnect.online

# Reference: https://twitter.com/ScumBots/status/1270465776164757504

52.47.122.36:443

# Reference: https://twitter.com/ScumBots/status/1270882271625711616

91.241.19.50:441

# Reference: https://www.virustotal.com/gui/file/53f796dbbffb542e42082913b54de4550fafe2e2b0c14194a4ef3ac6ad297089/detection
# Reference: https://app.any.run/tasks/0226a288-c2c5-4ff6-b6fb-cffbd18450f7/

ostrykebs.pl

# Reference: https://twitter.com/malwrhunterteam/status/1271160638342127618

/powersploit-payload

# Reference: https://www.virustotal.com/gui/file/e008999f37b5eacb30d9f8df95a774a92caca1de9d4eb0444f63fe28b85ea9a3/detection

122.178.241.198:4444
topsideduck.ddns.net

# Reference: https://www.virustotal.com/gui/file/6a60f839ad4e0feb6528840ead34f680cb975c13c1e6e4e9a5d132eb24992928/detection

82.137.218.185:4000

# Reference: https://twitter.com/ScumBots/status/1272933338345586690

217.129.59.131:443

# Reference: https://twitter.com/ScumBots/status/1272967268713082881

http://18.231.21.238

# Reference: https://twitter.com/iamwinstonm/status/1273195438619967489

http://185.244.149.202

# Reference: https://twitter.com/ScumBots/status/1273509581734502401

3.13.191.225:10360

# Reference: https://twitter.com/ScumBots/status/1273793952114753537

3.20.98.123:16853

# Reference: https://twitter.com/ScumBots/status/1274873568388620288

3.20.98.123:19779

# Reference: https://twitter.com/ScumBots/status/1274876086254473225

3.21.60.148:17272

# Reference: https://twitter.com/ScumBots/status/1274879860339544064

51.79.158.48:4141

# Reference: https://twitter.com/ScumBots/status/1274951580119371776

3.19.6.32:16555

# Reference: https://twitter.com/ScumBots/status/1274954097775579142

3.21.60.148:19960

# Reference: https://twitter.com/ScumBots/status/1274954166981582850

3.21.60.148:19760

# Reference: https://twitter.com/ScumBots/status/1274959133687656448

3.137.63.131:16057

# Reference: https://twitter.com/ScumBots/status/1275165640148557825

3.13.191.225:28288

# Reference: https://twitter.com/ScumBots/status/1275238473767755776

3.135.90.78:16604

# Reference: https://twitter.com/ScumBots/status/1275515779828584449

3.13.191.225:1337

# Reference: https://twitter.com/ScumBots/status/1275637659482959873

3.17.117.250:1337

# Reference: https://www.virustotal.com/gui/file/2ff79bdaf50e36f7f2f37506ce0ad1e9fafc4d8d40073cedcf050ddb7ce87539/detection

91.241.19.50:27119

# Reference: https://www.virustotal.com/gui/file/7f9390b993605ce2f1097533422e8d6bc43ca2e5d878dd44fdcd6e456f027d71/detection

91.241.19.50:443

# Reference: https://twitter.com/ScumBots/status/1276310538809675777

bot.ruptur88.cf

# Reference: https://twitter.com/ScumBots/status/1276277332752437248

148.101.44.115:3306

# Reference: https://twitter.com/ScumBots/status/1276265872366149633

3.18.75.105:15008

# Reference: https://twitter.com/pmelson/status/1276531571231789058

5.199.174.204:9443

# Reference: https://twitter.com/ScumBots/status/1276773591649042433

195.206.105.52:5389

# Reference: https://app.any.run/tasks/1337bdde-7564-493f-b5a1-57fdbec6cc5c/

http://45.129.96.110

# Reference: https://twitter.com/ScumBots/status/1278940366658568192

3.17.117.250:16240

# Reference: https://twitter.com/ScumBots/status/1278963016621580288

139.155.2.101:8081

# Reference: https://twitter.com/ScumBots/status/1278767101864542208

52.151.2.106:8888

# Reference: https://twitter.com/ScumBots/status/1278600633394880512

23.105.221.34:4443

# Reference: https://twitter.com/ScumBots/status/1280229759843172353

loljumbo.serveousercontent.com

# Reference: https://twitter.com/ScumBots/status/1281078730627198976

94.156.189.220:6522

# Reference: https://www.virustotal.com/gui/file/0503b17fb6673ab7adf3c53405f8d9bca2a1666f890f01e7fc170eec64264e94/detection

3.19.6.32:11642

# Reference: https://twitter.com/ScumBots/status/1281279531559649287
# Reference: https://www.virustotal.com/gui/ip-address/206.189.151.95/detection
# Reference: https://www.virustotal.com/gui/domain/webupdate.live/relations

netconnect.online
upserver.ml
webupdate.live

# Reference: https://twitter.com/ScumBots/status/1281678408863420417

94.156.189.220:6530

# Reference: https://twitter.com/ScumBots/status/1282010599027814400

185.244.213.8:443

# Reference: https://twitter.com/ScumBots/status/1282614578258550784

3.18.75.105:16334

# Reference: https://twitter.com/ScumBots/status/1282783188620845057

94.156.189.220:1959

# Reference: https://twitter.com/ScumBots/status/1283213525645754369

3.20.98.123:10593

# Reference: https://twitter.com/ScumBots/status/1283548228315750401

193.161.193.99:52614

# Reference: https://twitter.com/ScumBots/status/1284099360813391872

77.255.61.191:4444

# Reference: https://www.virustotal.com/gui/file/c67706504a82f8ffb08ad9a011b987c56748a2edeeeaf7b350e152a7c412352a/detection

172.94.59.115:4444

# Reference: https://www.virustotal.com/gui/file/25801b86c6d2f41ea26db2b6508568ac95e0c568cd7f54af74676181e2564a30/detection

104.244.78.10:443

# Reference: https://www.virustotal.com/gui/file/cb0a57a9de876adec68084482dd819110c38e3a7ea30c2ff9bffa7eb2275280b/detection

versageshops.best

# Reference: https://www.virustotal.com/gui/file/45116c476093055ac6bb414c6270b76f2988e0af05ee3eb3943a5eb36271a0d7/detection

122.171.58.94:8885

# Reference: https://twitter.com/JAMESWT_MHT/status/1287660192579162112
# Reference: https://app.any.run/tasks/1cb4244e-4887-429c-a1a3-447ff6464994/

64.188.22.106:443
office-update.net

# Reference: https://twitter.com/ScumBots/status/1287763508952739844

34.90.230.177:443

# Reference: https://www.virustotal.com/gui/file/225f7d3a59452bab7b07882f4b09643d6f0c32d8efdb89a7602f5dc0070c0c32/detection

94.140.114.160:61262

# Reference: https://www.virustotal.com/gui/file/b4d465a5d1f9a9b57ac91eff7b2e622f6d596617b62797d14efbd721d3b5dc74/detection

195.54.160.115:8018

# Reference: https://twitter.com/InQuest/status/1289636542621908992
# Reference: https://www.virustotal.com/gui/domain/divineleverage.org/relations

divineleverage.org/12.msi
divineleverage.org/4.php
divineleverage.org/6.msi
divineleverage.org/de.php

# Reference: https://www.virustotal.com/gui/file/cbc445b76e9b4364088442abb6f4af3ca70b242e462f66a974dbfebce94b6a81/detection

3.17.117.250:443

# Reference: https://www.virustotal.com/gui/file/a3585d049877144fec5ba1fcaba028ecedb05ab46a174d6ef5105351e5a66579/detection

supercombinating.com

# Reference: https://www.virustotal.com/gui/file/f8276187bbb6dc1523b2f7619b3905466cacb6a58e5d335257fd29e9b0dd8253/detection

213.87.133.142:443

# Reference: https://www.virustotal.com/gui/file/21c5b859c59ef1997f0135552d068d41646fa478bbde43302ccbcf9d8e432aeb/detection

193.34.166.103:443

# Reference: https://www.virustotal.com/gui/file/9c676f263a4eaf2057f657cbd63af106b3d22dda5ed37c55152e4dc9f6ea6769/detection

142.93.56.217:2905

# Reference: https://www.virustotal.com/gui/file/6db020f21e1544eca23093995b6eae7e8b031b65bfe2eca9f4d8dc73b30c7b79/detection

142.93.56.217:4443

# Reference: https://twitter.com/sysopfb/status/1288160992124444672
# Reference: https://www.virustotal.com/gui/ip-address/106.53.232.176/relations
# Reference: https://www.virustotal.com/gui/file/c5eee3c38b0ce6c869cd46ade783ab5ef09a30f08d7f8ddf8870de2d04068e74/detection

106.53.232.176:443
bobohacker.oss-cn-shenzhen.aliyuncs.com

# Reference: https://www.virustotal.com/gui/file/9e7885743e15912ab7284edfe9ef1113d7fc65568a12e1b96ac010598afa9fde/detection

49.235.144.34:4433

# Reference: https://www.virustotal.com/gui/file/d09e55ea3fbae604c29e6ef25247a3273c66044218a6a28fa79abcaa84f10be0/detection

49.235.144.34:8899

# Reference: https://www.virustotal.com/gui/file/e4ea5efc8a9511bb51d35f25a76e35ff941877252a4d3f043f3547c63d176ddf/detection

91.232.105.248:1337

# Reference: https://www.virustotal.com/gui/file/7150ef5a8c8381c68e7e305fb5b370a34bfcfa144aa8c138f04cc9e39080daf9/detection

18.222.239.205:7000

# Reference: https://www.virustotal.com/gui/file/c6ed0ba7acc1ba9ebc7de487f92d8232528be6b0dd7765bf35e0c4161a386d97/detection

206.189.70.79:9876

# Reference: https://www.virustotal.com/gui/file/bd914aba1523c1bec3c5bc7d4918f7163ac6e4f7b7778b383ac934a0644061e6/detection

81.184.61.235:2121

# Reference: https://www.virustotal.com/gui/file/ef70ffeb0ca757c688f8d3f0d5cb2a712b29778ec2c04e1b78f6fd4d31a84bb3/detection

67.43.224.135:443

# Reference: https://www.virustotal.com/gui/file/c6ed0ba7acc1ba9ebc7de487f92d8232528be6b0dd7765bf35e0c4161a386d97/detection

206.189.70.79:9876

# Reference: https://www.virustotal.com/gui/file/71fcfac0eb853bfd9be99ff5ecc2c127bfc78c4248097fd705f8f5a5ade426fb/detection

52.14.61.47:17239

# Reference: https://www.virustotal.com/gui/file/fbfbf239d27dc218c156510a471fd72b83f04aef36deea1c05ff7f7646953f20/detection

185.212.227.247:1333

# Reference: https://www.virustotal.com/gui/file/108b68986924bf60cc39da01a2f140aa6ddeec056df099cf4a73abfbcdc08930/detection

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/90e0ce066f5ad7b902a24872aaaf4769996753ce5ee1b407e5db432fd4c471a2/detection

191.242.111.2:1515

# Reference: https://www.virustotal.com/gui/file/bdf90a891969cd8ed146efd7ac19a9b9cd976eb4dbbaf90c6c08a387acfb5e0b/detection

172.105.28.98:1443

# Reference: https://www.virustotal.com/gui/file/d1fe07320067c3ab75a7ca30741116974880c885437760eecaff8623a21baa56/detection

360lab.ddns.net

# Reference: https://www.virustotal.com/gui/file/4bcab93f768c19811b4fd1069f791c10b16b4a9e126faccfe2f3f2b3256d12e5/detection

49.235.23.236:9999

# Reference: https://www.virustotal.com/gui/file/d7542afc77f35b98bba90a89c38fab550ec536a3fb57fe24d362fa301ebc3ac2/detection

62.171.159.243:3333

# Reference: https://www.virustotal.com/gui/file/44e50b2c62d637e3247c79e88f7af40c4f0bb77eb91c91a83dfa80e95720548f/detection

45.76.209.19:443

# Reference: https://www.virustotal.com/gui/file/ec59dc742452c5fe33489183f03bdd40ecc179642f0c393d16e327d61cae94ba/detection

45.76.209.19:4444

# Reference: https://www.virustotal.com/gui/file/14ffe076ac8cdb3d6f780adf09d743299e9ebec5699b533f64920ef5b7596184/detection

google34.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/f5e69036674045c33682c568993d0c1f287640c85d85deaed7d607fdf72f5666/detection

5.34.180.171:456
rostelekom.pw

# Reference: https://www.virustotal.com/gui/file/3f3a5568991c970cbf9378bd29f86413c39202091aa9d58fa5b67213576c5774/detection

79.134.225.46:2309

# Reference: https://www.virustotal.com/gui/file/be63a303af673f5c03b02107af3a7ac1bac102c3b75f8a11b8e04256a58ab327/detection

52.15.194.28:19286

# Reference: https://www.virustotal.com/gui/file/ead07ee3695925a1b79eafe57bfb023a54254848e68031afa7459f87d14361ec/detection

185.82.217.66:8787

# Reference: https://twitter.com/ScumBots/status/1299191823106215937
# Reference: https://www.virustotal.com/gui/file/189a21b97949a56e32797c3ce37db2624551190073e61194d98736e843e6977f/detection

aigoodojoqu5oopae3ee.sitestill.space
goosh5wie8oa1oov2viw.sitestill.fun

# Reference: https://www.virustotal.com/gui/file/a768b19d3fd1c0f043cc24119c366efdd0e4a0a8483dd9759d2a6a568de6d2ae/detection

185.205.210.179:4321

# Reference: https://www.virustotal.com/gui/file/9f749f0c696c948a80ff3cbea061f0326990925ae32aecc905fe95533518d604/detection

185.205.210.179:6341

# Reference: https://www.virustotal.com/gui/file/22bb3e8141a415f83bca4e2dd8b4bf6413a47e4ee5e38131c4c5b8349f21ee0b/detection

92.42.14.133:443

# Reference: https://www.virustotal.com/gui/file/b301db6b72a2196f99e3da577bd47b724af5d219c192ac2ed921179c0b015592/detection

3.19.6.32:443

# Reference: https://www.virustotal.com/gui/file/4ea106c4e2f1b9a56c00ce01b9a1c941e2f9fdb8df9ff6e91fad93ea81eddcc2/detection

3.21.60.148:14067

# Reference: https://www.virustotal.com/gui/file/c380f48e3d649b6a44b05134108a8c79536f289240e9ed9135e35dadffb6c350/detection

47.99.211.221:8011

# Reference: https://twitter.com/ScumBots/status/1302012841059287043
# Reference: https://www.virustotal.com/gui/file/ba00ffb4b8242f1ad034374a374cf2a9c693cf26b2ba0aa14d1c499e94f4a698/detection

76.21.118.155:4444

# Reference: https://www.virustotal.com/gui/file/f69b1d7998fb00503dea99fa02e19fd61fd1cac2dc84226b86e9d321a51563da/detection

193.109.85.11:8080

# Reference: https://www.virustotal.com/gui/file/6fdc5cc3cbc299f8473d365c87a2fc74813835e7cd4a56ea8b463a9b897936d3/detection

3.239.85.50:8

# Reference: https://www.virustotal.com/gui/file/9f3014f373a5ef6939b7553b770932e57d3dd56225162e4a7134824dd290a37f/detection

3.131.123.134:17759

# Reference: https://www.virustotal.com/gui/file/bb2beae5059a34febd4e88b9cec4167c90d75809debe57848638f26847d7c07f/detection

192.243.108.143:8080

# Reference: https://www.virustotal.com/gui/file/77c48346e04d756712f68db858f7a4e9fcc54bb7681560e9769f741fa55795d8/detection

Rezureax123333-50626.portmap.io

# Reference: https://www.virustotal.com/gui/file/05d75b372218a5c28b3c47f591f969a59714a5fadbc4b9bd4d18611c76920c66/detection

185.150.117.78:443

# Reference: https://www.virustotal.com/gui/file/fb49d3c2488b86be9ea13014a95b87b4e08582511bea1432e100c1d31e39175c/detection

35.182.213.89:443

# Reference: https://www.virustotal.com/gui/file/674be83562be595dbdf31801b9b0f141cef5ef52e23a982a011c175607ae5342/detection

3.134.125.175:17186

# Reference: https://www.virustotal.com/gui/file/79e27ceee57607cbc60ffbc772f01a654b40cd5491553c3cb544d06c3f0f7941/detection

3.130.209.29:13544

# Reference: https://www.virustotal.com/gui/file/102e9f1bffbed86cbbdd383c24c0f4339ab33fc2da0d3cc935237ce127a5e123/detection

38.132.99.165:443

# Reference: https://www.virustotal.com/gui/file/f83e23d630554a3b6db9378964a0a7161ef354cd41d39566b595c86b83a79dcb/detection

45.227.255.171:443

# Reference: https://www.virustotal.com/gui/file/b87336d536c68362ac710bc6ab411965747ec2cd60036292d8ab5f469183acb7/detection

172.241.29.12:443

# Reference: https://www.virustotal.com/gui/file/8db15f541e5b5de82eb55c2fb1720c399d2660a6739255bf1a03763a24fb7586/detection

148.72.176.8:1312
windown-network.myq-see.com

# Reference: https://www.virustotal.com/gui/file/2d631a0a33e915ac3e401d563928a4a7e6d521a8a6be201842b136a86651c846/detection

15.188.8.184:4444

# Reference: https://www.virustotal.com/gui/file/996193e0dcfb60760d7c92527ddec506a8935ad4b42e7fa5ae43bf9e92fe6c4a/detection

71.142.245.190:4444

# Reference: https://www.virustotal.com/gui/file/353f5ffbc3a9c6da2b6d12e3cd1ae99f87e49437375ed2774bcecf9c1515746d/detection

84.238.38.219:1024

# Reference: https://www.virustotal.com/gui/file/f35286de33f3de43806610d65219afb60338e8efb7fa1cb8de5620ddc71bf478/detection

45.227.255.189:443

# Reference: https://www.virustotal.com/gui/file/dae5abc6158c84e826975c7cad786bef9ed4e8c21920ede7d4a71ff6d7d84ab2/detection

104.225.157.144:9000

# Reference: https://www.virustotal.com/gui/file/7459887fba5dea90da46008690a5fee008597a901d7d32754139a2045dced180/detection

92.38.152.45:80

# Reference: https://www.virustotal.com/gui/file/81c87fa0c8cb5d844791509523cd00e98fee1657293c2c62e2e0f73efafe8937/detection

193.161.193.99:59494

# Reference: https://www.virustotal.com/gui/file/817dc0cc93600e2dd0fd49a78f1ddfad61da80a590774841dc15236d82f223fa/detection

160.119.79.88:443

# Reference: https://www.virustotal.com/gui/file/467bfaa6e5d3d29684c964dad40fca99e85dcdeef7ebb2580010d9e61e5b4e7d/detection

39.105.179.187:4400

# Reference: https://www.virustotal.com/gui/file/f55c4c8016756c63c772524c51961821157a07b4febc196cf7a635e36f74b7da/detection

141.105.66.240:8441
h0pe1759.ddns.net

# Reference: https://www.virustotal.com/gui/file/e19485415d49798547753a9fab67bd6a7c0ab0a234b4366f65dd85621838c4c8/detection

1.202.156.1:39999

# Reference: https://www.virustotal.com/gui/file/4067b40f3381b90f611399555f2cac36cd571dcb42fcca91be906489f0c29bf1/detection

http://45.146.165.219

# Reference: https://www.virustotal.com/gui/file/8f0215a8677cc41794519ca18fcc4ea00b9f9080962508d3d7a8f6a7f3d7992f/detection

http://91.241.19.21

# Reference: https://www.virustotal.com/gui/file/3c68ccfd70614ba27c88a1300d3a3401719e2282ead93c1f2f9a02a296e6654a/detection

52.14.18.129:11429

# Reference: https://www.virustotal.com/gui/file/8915f63fdecfcc72e43af78bf188f390ca485ed8f05e34481eee7334c48682b9/detection

199.195.253.79:4242

# Reference: https://www.virustotal.com/gui/file/d8b8be152f7587e115e3e083814837031cb97af56b576e479e1e4fb0ad46323a/detection

193.161.193.99:22898

# Reference: https://www.virustotal.com/gui/file/0b8c09c5a62155c82d499601b3725574fec04b077ee0d9972de330f53e007c64/detection

ns.vvwvv.tk

# Reference: https://www.virustotal.com/gui/file/967a6a41410fd7c6a9aefb86dbe31a184a2b27357e8d19e4a807e227ba9029eb/detection

156.209.144.96:4455

# Reference: https://www.virustotal.com/gui/file/6772f63826584c7cccf747b80735bdc8d76bf4fd76369a5af3d9d67443befbb8/detection

156.209.206.200:4455

# Reference: https://www.virustotal.com/gui/file/94838b74b218eef0bab19cb5cd58cda81ced3006382be914ceeb4b52c861e96b/detection

115.159.119.89:80

# Reference: https://www.virustotal.com/gui/file/ffa2e985e7598a092b2d61a66269965c162d5286c7f4b630ffbe7ac640a2f598/detection

109.59.118.171:4444

# Reference: https://www.virustotal.com/gui/file/6e79a451bfdc2c16b72e44c537de4efcb54d355f53d0054a11652e5c800fd2fa/detection

106.10.106.0:443

# Reference: https://twitter.com/pmelson/status/1336835181387374599
# Reference: https://www.virustotal.com/gui/file/411a3098347a34cc46f681cd855b152386da064d625e0f418de92a7cdcf7b94c/detection

47.111.13.98:80

# Reference: https://www.virustotal.com/gui/file/971adad65b31ac9ca6ea3c3a5085ce2bc1f27004250bf18e87da2bd6dfea090b/detection

193.161.193.99:4884

# Reference: https://www.virustotal.com/gui/file/5684fa5e0b0aad1e253dca7cc71b6d5092731d29887a22d65546d84d170dc5e7/detection

193.161.193.99:36555

# Reference: https://www.virustotal.com/gui/file/f5b943d0135ca0030092231df4a90c4011a878467c16b6f08e21892af1195475/detection

104.28.10.8:2052

# Reference: https://www.virustotal.com/gui/file/369c7f4ef0ca549b6d3ed4b11c9d069836414300f5903c19091072ceba8a3062/detection

3.89.39.190:4141

# Reference: https://www.virustotal.com/gui/file/7c35885540eacc15930b1f9cdd2541d69a299d0dc89bd7e5764213986916a908/detection

3.131.147.49:19910

# Reference: https://twitter.com/James_inthe_box/status/1338971736016969728

3.133.107.218:3131

# Reference: https://www.virustotal.com/gui/file/d64454bde412b0a7f7f1b9fa413a39ae0e6cf1f8a42ee120d757eaabf8c22033/detection

192.16.0.12:4444

# Reference: https://www.virustotal.com/gui/file/6ef17302c43f67aa1b2c30d86d5b13e592a1abd5b5aa2cef9f21e5ed0f35cec1/detection

124.187.65.208:6606

# Reference: https://www.virustotal.com/gui/file/c2e6f2496ab549c258a1d004fb0c5548413c81f5a556611c369d93a75e3835be/detection

185.205.209.3:443

# Reference: https://www.virustotal.com/gui/file/2b18ab922508b1702b7e6735d16cd3df3260da225ed7436507b329f6f23b43c8/detection

106.75.81.232:12345

# Reference: https://www.virustotal.com/gui/file/aeabd843be9c686bb4db7d720329862c1a6b3c428424f6aec3f6d119c6a70675/detection

5.167.22.68:8080

# Reference: https://www.virustotal.com/gui/file/c24f81c9d092c6c54f2909d6510cab0c0ea0cb6da78f90118bc3f623d5b09e93/detection

47.115.171.255:443

# Reference: https://www.virustotal.com/gui/file/83165474a39af396fbf927271d4f98c9d9567d696723c84ca4ceefbdedc51a72/detection

3.138.45.170:10730

# Reference: https://www.virustotal.com/gui/file/c06ceb893ead5ecb10aaed10c1f7ad8663981130f0fde5a8cbb86cc94200afe4/detection

151.0.0.54:4444

# Reference: https://twitter.com/ScumBots/status/1362431659728060421
# Reference: https://twitter.com/pmelson/status/1362432245152190465
# Reference: https://www.virustotal.com/gui/file/be6d55780cf2ec71310936d3ea31e8efb3d2ff0c21e1ce7d934a673b2d235655/detection

pterobot.net
scret1.ga

# Reference: https://www.virustotal.com/gui/file/d6a9d915eabf42f467fc6639717876cde95897ff42ffb20006ba9feb2f473c3a/detection

3.138.180.119:14119

# Reference: https://twitter.com/jhencinski/status/1367141043695742977
# Reference: https://www.virustotal.com/gui/file/ca9a59ec3f8f6c68b2faad832a163477f2a54870895ce81754ae9496739cb0a5/detection

http://86.105.18.116
86.105.18.116:8080

# Reference: https://www.virustotal.com/gui/file/70b8acf083e052ead5bfc43510d8b0c8f3d0a2d7111050cae5527e89e979e138/detection

18.207.38.244:9002

# Reference: https://www.virustotal.com/gui/file/38e4d4e5436fc2dc31cf37d13670b72a5a8f4319e36cc70436064eaa8a3aa219/detection

18.207.38.244:4444

# Reference: https://www.virustotal.com/gui/file/fb80cc96d1da0bb7f840dde51a602868d6c7b094560f034a204a417250e29cbb/detection

18.207.38.244:7878

# Reference: https://www.virustotal.com/gui/file/19ecc6e0e711913c85d0a0642972ca3a384084681b6cb9894a892669efce54e5/detection

45.33.100.49:4444

# Reference: https://www.virustotal.com/gui/file/45404167e89a4e85efb1b916509bc33e1d28347597051926fd18bbc33a1e350a/detection

185.153.199.102:19999

# Reference: https://www.virustotal.com/gui/file/26b52f93f1e317e82c10b4080a1b1ea257f73f34806722b8fa28d7ace6801eff/detection

45.33.100.49:443

# Reference: https://twitter.com/r3dbU7z/status/1371989287034585089

frostycitadel.xyz

# Reference: https://www.virustotal.com/gui/file/d06b6e85af0ab7ec12f7d5fba3a5ed87093a054a8c355fe4b908f51259e3f89a/detection

3.128.107.74:15257

# Reference: https://www.virustotal.com/gui/file/c1f6e9066d6253223b7a6b1f88992a05a79e54455125d1def4f9dc9e1f4e3c64/detection

3.138.180.119:15001

# Reference: https://www.virustotal.com/gui/file/b698123b562ed9646fe16d2d353191d8c79473b68c9d92de58a181f37b3c305e/detection

3.142.167.54:10274

# Reference: https://www.virustotal.com/gui/file/9ac9f3790d575e1afe3203ab45681b3e4e2d024dad4cba74825f05b3a8efabc6/detection

3.141.210.37:14956

# Reference: https://www.virustotal.com/gui/file/44a1ebcf5f3b564d8ba1b94b7f7bdd7dc731e098f98df602706848bfebe1a589/detection

8.9.6.228:4444

# Reference: https://www.virustotal.com/gui/file/08b08f269beab5f6bfcc046fbc3b2ba1d9df85b7d162ca0d4227390eac70aef8/detection

100.15.133.91:6002

# Reference: https://twitter.com/TheDFIRReport/status/1382313940533796865
# Reference: https://beta.shodan.io/host/136.244.100.210

136.244.100.210:22
136.244.100.210:443

# Reference: https://www.virustotal.com/gui/file/bf256c96ad1bebc4bd595ce59168c27beac3806a674243c4c90f9e08c1a11fec/detection

104.46.95.54:443

# Reference: https://www.virustotal.com/gui/file/98917a9aad6dc80c2ddd23f69ec8064c7e9940a6d9d095cad87a9257ea17925b/detection

75.141.150.74:1337

# Reference: https://www.virustotal.com/gui/file/289f2a019cad83a3014c7d25385f46b80a2bac195744c13129ef0aec3db7fe66/detection

103.146.74.4:2811

# Reference: https://www.virustotal.com/gui/file/972d78154aa35a9ac3c6d5f0cfbf70d3f2123239cb15ef04bd17c390b9d7186e/detection

141.255.152.226:2811

# Reference: https://www.virustotal.com/gui/file/ea01c860df4cb1f77eec64988ed6c24b076e86248c29443d5f2aed65974fe9f1/detection

141.255.157.246:1447

# Reference: https://www.virustotal.com/gui/file/63cc5e3a7fb07e88666fb8c2628971292e92801554ebad66b5e496aebca5124e/detection

182.2.164.147:1337

# Reference: https://www.virustotal.com/gui/file/eb8e24fb8118faf4b657686cae0f3dc367999e8632eef16104f69d84d6f241e2/detection

18.188.14.65:15739
18.216.53.253:15739
18.223.41.243:15739
18.224.144.66:15739
198.58.98.92:15739
3.13.191.225:15739
3.134.125.175:15739
3.134.196.116:15739
3.134.39.220:15739
3.135.90.78:15739
3.137.63.131:15739
3.14.182.203:15739
3.14.212.173:15739
3.17.117.250:15739
3.17.202.129:15739
3.17.7.232:15739
3.19.114.185:15739
3.19.3.150:15739
3.20.98.123:15739
3.22.30.40:15739
45.79.7.70:15739
45.79.9.205:15739
52.14.61.47:15739
52.15.183.149:15739
52.15.194.28:15739
52.15.62.13:15739
52.15.72.79:15739

# Reference: https://www.virustotal.com/gui/file/e2be06a6a516709ef11b6d2a3bab1cabb97cc38304b5bbd9450c140bb4db644a/detection

95.211.239.205:555
windows-srv.16-b.it

# Reference: https://twitter.com/TheDFIRReport/status/1387455318569988105
# Reference: https://beta.shodan.io/host/47.111.239.107

http://47.111.239.107
47.111.239.107:9443

# Reference: https://www.virustotal.com/gui/file/c08b712cae78d20d2f0f143a320098e722ffe6070b56b010f09c49edfb7c05ac/detection

159.203.228.45:443

# Reference: https://www.virustotal.com/gui/file/1cd6c84e68002428d5f593e38a37a8b96b73918633287b7d1c4c71b2eb9338f2/detection

13.58.157.220:17109
3.142.129.56:17109
3.142.167.4:17109
3.142.167.54:17109
3.142.81.166:17109
3.19.130.43:17109

# Reference: https://www.inde.nz/blog/different-kind-of-zoombomb
# Reference: https://tria.ge/210325-j85q1nwljj
# Reference: https://www.virustotal.com/gui/file/f547410bd2f0b667b640e350d7c8c55cd4c2f7249e534c02c63d824c87ee2454/detection

http://139.60.161.60
http://45.146.164.111

# Reference: https://www.virustotal.com/gui/file/47e22ff3a144d35cf9839c719009c65618dc3bdf027d151170a5c9882830fbc4/detection

151.80.70.31:4444

# Reference: https://twitter.com/TheDFIRReport/status/1392089649984774146
# Reference: https://beta.shodan.io/host/20.47.114.17

http://20.47.114.17
20.47.114.17:443

# Reference: https://www.virustotal.com/gui/file/16cdf36f2594d6980ef823f1f0405ffb6efaecf143ce790ea16cdf832858816e/detection

195.154.170.195:5555

# Reference: https://www.virustotal.com/gui/file/18539194e29621d4d23a1071b5ada043a71f59085d22c99193d1434e782810ab/detection

146.0.128.54:59498

# Reference: https://twitter.com/TheDFIRReport/status/1394257640851640323
# Reference: https://beta.shodan.io/host/46.101.235.245

46.101.235.245:443

# Reference: https://www.virustotal.com/gui/file/50e825a3a61e6f5fab0740c7ced94ac994d954b95df998fb06f6c11833863006/detection

3.136.65.236:10456

# Reference: https://www.virustotal.com/gui/file/6ce2400e5b6b0ee6feb5d868d89ced79c828b6bba5d837306e44a42f9bb2b952/detection

173.230.145.224:4444

# Reference: https://twitter.com/TheDFIRReport/status/1407322479664762890

207.154.205.192:443

# Reference: https://twitter.com/ScumBots/status/1413488183971663873
# Reference: https://www.virustotal.com/gui/file/bd292dd957afeb361a60e90239d84e03664a3d972934635ca7f5bd73a330cc01/detection

3.13.191.225:15328

# Reference: https://unit42.paloaltonetworks.com/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/

100.100.100.100:8080
103.238.227.201:7788
104.131.154.119:8080
104.131.182.177:443
104.145.225.3:8081
104.233.102.23:8080
107.170.132.24:443
108.61.211.36:443
108.61.217.22:443
137.117.188.120:443
138.121.170.12:3031
138.121.170.12:3133
138.121.170.12:3135
138.121.170.12:3136
138.121.170.12:3137
138.121.170.12:3138
138.121.170.12:500
14.144.144.66:8081
145.131.7.190:8080
146.148.58.157:8088
149.56.178.124:8080
159.203.18.172:8080
163.172.175.132:8089
172.30.18.11:443
185.117.72.45:8080
187.177.151.80:12345
187.228.46.144:8888
188.68.59.11:8081
191.101.31.118:8081
192.241.129.69:443
197.85.191.186:443
198.18.133.111:8081
205.232.71.92:443
212.99.114.202:443
23.239.12.15:8080
24.111.1.135:22
41.230.232.65:5552
45.63.109.205:8443
46.101.185.146:8080
46.101.203.156:443
46.101.90.248:443
46.246.87.205:443
50.251.57.67:8080
50.3.74.72:8080
52.28.242.165:8080
52.28.250.99:8080
52.36.245.145:8080
52.39.227.108:443
52.86.125.177:443
64.137.176.174:12345
66.11.115.25:8080
66.192.70.39:443
66.60.224.82:443
68.66.9.76:443
69.20.66.229:9443
84.14.146.74:443
84.200.2.13:8080
84.200.84.185:443
93.176.84.34:443
93.176.84.45:443
http://104.130.51.215
http://11.79.40.53
http://139.59.12.202
http://159.203.89.248
http://163.172.151.90
http://166.78.124.106
http://197.85.191.186
http://222.230.139.166
http://23.116.90.9
http://47.88.17.109
http://52.19.131.17
http://52.196.119.113
http://66.192.70.38
http://78.229.133.134
http://93.187.43.200
http://95.211.139.88
http://98.103.103.168
http://98.103.103.170
192.ho4x.com
ahyses.ddns.net
amazonsdeliveries.com
chgvaswks045.efgz.efg.corp
ciagov.gotdns.ch
dsecti0n.gotdns.ch
enterprizehost.com
host-101.ipsec.io
jdirving.email
kernel32.ddns.net
kooks.ddns.net
logexpert.eu
megalon.trustwave.com
metrowifi.no-ip.org
microsoft-invites.com
microsoft-update7.myvnc.com
mygoogle-analytics.com
pie32.mooo.com
polygon.1dn0.xyz
remote-01.web-access.us
rzepka.se
securetx.ddns.net
sixeight.av-update.com
sparta34.no-ip.biz
sukem.zapto.org
vanesa.ddns.net
wellsfargolegal.com

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/45.32.206.130

http://45.32.206.130
45.32.206.130:22
45.32.206.130:443

# Reference: https://twitter.com/TheDFIRReport/status/1423331717117579268
# Reference: https://beta.shodan.io/host/46.101.104.95

46.101.104.95:443
46.101.104.95:8000
46.101.104.95:8443
46.101.104.95:9100

# Reference: https://twitter.com/ScumBots/status/1423468949774217219
# Reference: https://www.virustotal.com/gui/file/5dc6dfbc8044deb6a3745a29fa4e285f62f91fe2a73ca247272bfd539b75f128/detection

192.100.0.17:4444

# Reference: https://twitter.com/ScumBots/status/1438826396491595777
# Reference: https://www.virustotal.com/gui/file/dbc4e318ce40d4ebfda9f59438f8c13a1ac6f89c5e6ecf6acfebe818c1641676

130.193.41.58:443

# Reference: https://twitter.com/ScumBots/status/1457362285861736453
# Reference: https://www.virustotal.com/gui/file/ea6cbb61f0589f139f4a79652e820329b02a5017e2a3703e8e35e33c012c13f4/detection

18.194.132.191:443

# Reference: https://twitter.com/ScumBots/status/1462040606872592395
# Reference: https://www.virustotal.com/gui/file/c92a7f657301e496610ae9ff85e01fe8e60f1179cae6e062bfcfd191a4c0e30d

23.88.123.250:4444

# Reference: https://www.virustotal.com/gui/file/27a220a96badc097884262c8a9358aa84e41b322556e08d30b1eb9bd1b78f167/detection

185.146.232.30:1337

# Reference: https://twitter.com/TheDFIRReport/status/1467860126077911043

138.197.167.41:443

# Reference: https://www.virustotal.com/gui/file/2e92e5f45d575d43a0a1d21654e0691b6ea7b45da9761482095005b6611d8419/detection

115.186.187.80:1234

# Reference: https://www.virustotal.com/gui/file/a6ef8216979b8b7f8f033bbcba91b4cba9a8cead9c4553e0855cd51956f61efd/detection
# Reference: https://www.virustotal.com/gui/file/ed77c28f2115e221d32e032db915ddd4247b665aa28e9f391f96b1730a41a861/detection

45.146.164.160:4321

# Reference: https://www.virustotal.com/gui/file/4c2574de9f72209ee2e1e7fe23830746850170869af411bef2111c4097d5f8da/detection

24.135.12.28:8080

# Reference: https://www.virustotal.com/gui/file/9a1c09403bd04ba1af32df5ba156671814193bd9518129dfa14f707eae785378/detection

51.178.75.43:41200

# Reference: https://www.virustotal.com/gui/ip-address/185.112.146.165/relations
# Reference: https://www.virustotal.com/gui/file/c8f710f0a9c18d38a7ecf4ca6a9d28219c32037a643a1d45989831c0ec975048/detection
# Reference: https://www.virustotal.com/gui/file/c9d281b901ce339495a0c2984e79ceaaa8a769c79bd27d211026cba030e9f794/detection
# Reference: https://www.virustotal.com/gui/file/d2cdc57f4bde1e89d65db8201f240e626022e08df5be3f8fa585848c1119530a/detection
# Reference: https://www.virustotal.com/gui/file/21c14dfb477a1c4e005c56d1676aa5a90f9e08e1b0c07c486fb55f21e75e2621/detection
# Reference: https://www.virustotal.com/gui/file/b544e5581dbdca825eb07a15fa3bc7c208577e8489b620f479f96a792241efb3/detection
# Reference: https://www.virustotal.com/gui/file/4fdec157e4343619c671e3d722bf75baafe24a65cc60a45603eb720f1a503999/detection
# Reference: https://www.virustotal.com/gui/file/e93ea9ebfb97c8fdfe00ce405a14d661581c494c648827cdea6ba89089284df4/detection

185.112.146.165:4446
185.112.146.165:45000
185.112.146.165:8080
185.112.146.165:8081
54.38.220.85:123
badmildiou.com
nidhoggr.club
treefighter.org

# Reference: https://threatfox.abuse.ch/browse/tag/log4j/

185.254.196.122:4445

# Reference: https://twitter.com/ankit_anubhav/status/1471079526658560003
# Reference: https://tria.ge/211215-njvt8sadaq/behavioral1

62.182.158.156:6666
62.182.158.156:8888

# Reference: https://www.virustotal.com/gui/file/20ad997410c4e5ac78ad3ecaf76bf3595aacda71e899a0bd2ef90917afd69ff0/detection

13.58.157.220:17525
3.142.129.56:17525
3.142.167.4:17525
3.142.167.54:17525
3.142.81.166:17525
3.19.130.43:17525

# Reference: https://www.virustotal.com/gui/file/0156ca6f8fb12a2415de4c896f346caab9f342ccd597912b88e890805fcd1e3d/detection

3.129.187.220:14020
3.131.147.49:14020
3.133.207.110:14020
3.136.65.236:14020
3.138.180.119:14020
3.22.15.135:14020

# Reference: https://twitter.com/petrovic082/status/1467822724932321288
# Reference: https://app.any.run/tasks/d367b18c-69e6-4026-b84a-4f8d52098687/
# Reference: https://www.virustotal.com/gui/file/bb627db44f44c8b23220602f5ae6bc2fa34b89d612ab3118f815fca43cfcf331/detection

v3-fastupload.s3-accelerate.amazonaws.com

# Reference: https://twitter.com/r3dbU7z/status/1468119168096612357
# Reference: https://www.virustotal.com/gui/file/fafbf0870568dae2e02913cbe158011c867098bda883c8f85a13d1f83a4aa937/detection

208.88.226.158:443

# Reference: https://twitter.com/drb_ra/status/1476180260953726978

emailservices.events

# Reference: https://twitter.com/drb_ra/status/1476758694729764890

188.166.171.154:443

# Reference: https://twitter.com/TheDFIRReport/status/1461733507324162056

13.90.131.107:443

# Reference: https://www.virustotal.com/gui/file/4a61696932f036bd2f57482516fd5d8b7e2939259757f82d17ed27f6fe430794/detection

3.14.182.203:12417

# Reference: https://www.virustotal.com/gui/file/2d1f1b961df03d0f572f072aae89e6c2f9e947d87551df85781d781cbf5a3918/detection

45.142.212.161:8881

# Reference: https://www.virustotal.com/gui/file/bd7745a252f92a9a8ef0e0469d113c354dde8547e1cbc9a865080cfa48eda9c8/detection

boyte.sytes.net

# Reference: https://twitter.com/ffforward/status/1479416818829860866

/katalogpwsh/

# Reference: https://www.virustotal.com/gui/file/64dcd0626a335c212083a51ffffc37950fcd5dfea73b8e6a5d8c92d6abfd8e71/detection

119.45.102.166:4445

# Reference: https://www.virustotal.com/gui/file/bc3beb2ce29d965c215baf97c54cb321d7f579a7a6fe6a4992e4f1f5d8d51808/detection

194.5.98.253:5900
joelthomas.linkpc.net

# Reference: https://www.virustotal.com/gui/file/27db881cc60237f6c967fd8475115a64dec4b9246908e2a940382dad66bb31d7/detection

167.172.61.60:443

# Reference: https://www.virustotal.com/gui/file/e67a7ce47865a9324cf1419c71204a15fb24dc875a0a51451bf71d29d7c41fd3/detection

167.172.61.60:444

# Reference: https://twitter.com/JAMESWT_MHT/status/1488152643230965760
# Reference: https://www.virustotal.com/gui/file/9786fa48e5307616b67727ae75b1b08393b71ad9c088c6277a598638d1bb5a15/detection

imagingworld.in/factur.docx
imagingworld.in/report.pdf
pinkstravels.com/locals.php

# Reference: https://www.virustotal.com/gui/file/512cd7d8f32c1da7b949871b47cee24c454e58585b6ea151c66789fd4a065c78/detection

yugnuvurka.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/29e7cf9579480cc3787c3e33add6e99611611c448eea2c7cf67e789d64d397ff/detection

zospayilmu.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/034927ea9d5aa9bb0a88a364af4d9733f5b9b933aa7ecd45b6aa9e1cc221c6ca/detection

http://5.181.80.213

# Reference: https://twitter.com/malwrhunterteam/status/1489520707809779715
# Reference: https://www.virustotal.com/gui/file/d7ba3b1d6fe9230a53606857508d0e79682e71fbd9200e70360700d831d8fef3/detection

coolfreecv.com:443/doc/coolfreecv_resume_en_06_n.docx

# Reference: https://www.virustotal.com/gui/file/1038e0df36ff80507942b6ac24f5bfda0d23416a5385c8c645ff0a8cf4f66acf/detection

http://198.50.177.251

# Reference: https://twitter.com/ScumBots/status/1492247150251720707
# Reference: https://www.virustotal.com/gui/file/f51e500a628692adcc6aec55c3277675c8bbcb842fabfb61dab7408e2dd2968d/detection

18.188.14.65:18033
18.216.53.253:18033
18.223.41.243:18033
18.224.144.66:18033
198.58.98.92:18033
3.13.191.225:18033
3.134.125.175:18033
3.134.196.116:18033
3.134.39.220:18033
3.135.90.78:18033
3.137.63.131:18033
3.14.182.203:18033
3.14.212.173:18033
3.17.117.250:18033
3.17.202.129:18033
3.17.7.232:18033
3.19.114.185:18033
3.19.3.150:18033
3.20.98.123:18033
3.22.30.40:18033
45.79.7.70:18033
45.79.9.205:18033
52.14.61.47:18033
52.15.183.149:18033
52.15.194.28:18033
52.15.62.13:18033
52.15.72.79:18033

# Reference: https://www.virustotal.com/gui/file/3dfe6b6f02b05498e07f164ca29545631cbc909a1c1000a4e40113407cde1d03/detection

http://45.64.112.51

# Reference: https://twitter.com/jaydinbas/status/1493202636866261000
# Reference: https://www.virustotal.com/gui/file/4db544c4ff262ba2f01b23cf9d6c3af23cae203efb7e06d7960ad06ada564f2b/detection
# Reference: https://www.virustotal.com/gui/file/944a8fac13b495f11628696c04673115c90ee650fc8ff3e440335e6d73df2496/detection
# Reference: https://www.virustotal.com/gui/file/de62e54976010eebd7a764e7ad5029a23b26256308f713229f724abb4f4be05c/detection

inexa-group.com
paste.inexa-group.com

# Reference: https://twitter.com/jaydinbas/status/1489241835927216128
# Reference: https://www.virustotal.com/gui/file/c23e61db0e74e6d48ba27f17461abc88c700e0a386ffdbd4c1a1571ebf630d4f/detection

i-development.one

# Reference: https://www.virustotal.com/gui/file/922f078a109aa494d631a81d67e6b9db994af58db023fa9c69576c96e2616ae3/detection

hdoc.duckdns.org

# Reference: https://twitter.com/1ZRR4H/status/1496748012256866308

101.35.121.232:8000

# Reference: https://www.virustotal.com/gui/file/a0e90b286000cff6bc9236c1d49763b19b554b8cd5cd7549907c8de88e372240/detection
# Reference: https://www.virustotal.com/gui/file/985f7026e7e8482e4c7e0fd87390b99aa9d00888774189cbf6828fb4553dbb80/detection

42.193.39.49:8080

# Reference: https://twitter.com/Max_Mal_/status/1500447223217278980
# Reference: https://www.virustotal.com/gui/file/fb7970ac7563dedda8cf507d7dabcfbe15f32bd91c4499420a50cd318d5ec439/detection

http://103.142.218.18

# Reference: https://www.virustotal.com/gui/file/f5a4a5e62200a8409389072b0b9e3af7760b9d83f479cdc25b100319bbe2b2e8/detection

http://157.245.250.76

# Reference: https://twitter.com/ScumBots/status/1501868046822031361
# Reference: https://www.virustotal.com/gui/file/c24bbc9e4f16081e64d94b6104890b37b4492e14ea62cfc7844f511ede25e081/detection

149.28.148.219:8445

# Reference: https://twitter.com/ScumBots/status/1502341161393999872
# Reference: https://www.virustotal.com/gui/file/0012303bbcfa1d83fc655c54c28ffe2cd041504f1ab8ae704dc0614f2b2a07ba/detection

85.214.237.196:443

# Reference: https://www.virustotal.com/gui/file/449888a9bd8efbfe0f9c15965882d3ea50fec4a124bc7fd603ac16956289a16c/detection

154.16.167.72:1006

# Reference: https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/

107.181.187.184:4242

# Reference: https://www.virustotal.com/gui/file/938300c70c7ee66a45b6e747f068a1d08e6191a6fbd17d73d6ea2ee673da9f0f/detection

124.222.220.31:4444

# Reference: https://twitter.com/drb_ra/status/1504978479309332480

18.135.28.6:443

# Reference: https://twitter.com/drb_ra/status/1507194659285745665

tunnistautuminen.quest

# Reference: https://twitter.com/drb_ra/status/1507152832264298496

red-ops.team
/qqzddddd/2018/load.php

# Reference: https://twitter.com/drb_ra/status/1507877703017508868

18.116.32.198:443

# Reference: https://twitter.com/drb_ra/status/1507917437899055106

149.167.94.36:443

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
# Reference: https://www.virustotal.com/gui/file/77e0d3366f7516cb2661a48c252fee7a1bc0abfe598feae40cf4e1c918fe97ee/detection
# Reference: https://www.virustotal.com/gui/file/9d4640bde3daf44cc4258eb5f294ca478306aa5268c7d314fc5019cf783041f0/detection
# Reference: https://www.virustotal.com/gui/file/c7dd490adb297b7f529950778b5a426e8068ea2df58be5d8fd49fe55b5331e28/detection

swordoke.com

# Reference: https://twitter.com/drb_ra/status/1509195039095803918

193.36.15.251:443

# Reference: https://www.virustotal.com/gui/file/51973e690c8790f7270b2e1e99383a81bac1f01bc5f46dab9341834513721ef6/detection

3.141.142.211:12356

# Reference: https://twitter.com/drb_ra/status/1510064550632169479

androidenews.com

# Reference: https://twitter.com/drb_ra/status/1510609246534180873

http://142.93.233.148

# Reference: https://www.virustotal.com/gui/file/2b15cb9ae88ee3aa9a9fe8a27479a570062c8c31e0b28f264f0223412221fb93/detection

95.216.221.82:4444

# Reference: https://twitter.com/drb_ra/status/1511371495271976965

nettitude.gzpt.org

# Reference: https://twitter.com/drb_ra/status/1511501477793222665

daq09367inkax.cloudfront.net

# Reference: https://twitter.com/ScumBots/status/1512096689422839815
# Reference: https://www.virustotal.com/gui/file/472e4f80a21736d734de6735d6686d4526d76ff68c3ffc5880d0e44580b1b0ba/detection

46.4.114.111:9999

# Reference: https://twitter.com/drb_ra/status/1512998349426896897

143.198.71.104:443

# Reference: https://twitter.com/drb_ra/status/1512999086638735365

appsteams.com

# Reference: https://twitter.com/drb_ra/status/1513690881408348166

office.thebrain.net

# Reference: https://twitter.com/drb_ra/status/1514041527814823947

45.56.113.131:443

# Reference: https://twitter.com/drb_ra/status/1514449947650924546

ye-cert.com

# Reference: https://www.virustotal.com/gui/file/0008e122dff45c48ab93361085280cca8c0f8f0f35f742ea73a772f03dde1f41/detection

seryanjek.com

# Reference: https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
# Reference: https://otx.alienvault.com/pulse/6135d2c0c031eac2759657d6

135.181.10.218:443

# Reference: https://twitter.com/drb_ra/status/1516937383090044930

34.235.5.141:443

# Reference: https://twitter.com/drb_ra/status/1516940210776547328

54.37.225.27:443

# Reference: https://twitter.com/drb_ra/status/1516940512422506496

classcharts.uk

# Reference: https://twitter.com/drb_ra/status/1518577537651200000

109.228.40.199:443

# Reference: https://twitter.com/osipov_ar/status/1518654392777510916

http://138.124.184.220

# Reference: https://twitter.com/drb_ra/status/1519839795471659008

52.185.188.46:443

# Reference: https://twitter.com/drb_ra/status/1520199027547062274

18.208.248.51:443

# Reference: https://twitter.com/drb_ra/status/1520226667624648706

pankki.store

# Reference: https://twitter.com/ScumBots/status/1520700888112930817
# Reference: https://www.virustotal.com/gui/file/5b386d361997ea2108141a8c22ae8f6bb3835a8e23ef25dd72b9438674dc595c/detection

106.10.106.0:4444

# Reference: https://twitter.com/ScumBots/status/1521869837185781762
# Reference: https://www.virustotal.com/gui/file/5e0ff6e0762fefc8f7a7d214b9717c64abb8000283014965b74225fed08eeb89/detection

206.189.119.181:443

# Reference: https://twitter.com/drb_ra/status/1522757920068411399

147.182.134.175:443
174.138.110.120:443

# Reference: https://twitter.com/drb_ra/status/1522920341500219394

52.246.168.227:443

# Reference: https://twitter.com/drb_ra/status/1525299882256375808

159.65.136.204:5050

# Reference: https://twitter.com/drb_ra/status/1524547711781027841

23.163.0.59:443

# Reference: https://twitter.com/drb_ra/status/1524910249731293207

34.238.250.112:443

# Referecne: https://twitter.com/drb_ra/status/1525482106171887623

159.203.28.9:443

# Reference: https://twitter.com/drb_ra/status/1525488694215458823

195.123.220.222:443

# Reference: https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/

collaboration-bw.de
kleinm.de

# Reference: https://twitter.com/ScumBots/status/1526215976748036102
# Reference: https://www.virustotal.com/gui/file/cb3ddfba160b1a928fc99c80e8b3f82ed620998d082793022461aef6ba2f3e0c/detection

3.126.224.214:16050

# Reference: https://twitter.com/drb_ra/status/1526926521583259649

150.136.140.174:443

# Reference: https://twitter.com/drb_ra/status/1527094517156962304

95.213.145.101:443

# Reference: https://twitter.com/drb_ra/status/1528185222709362689

docs.jcbbrokers.com

# Reference: https://twitter.com/drb_ra/status/1528375525798035458

206.189.4.169:443

# Reference: https://www.virustotal.com/gui/file/0022045c76a9880ed0dbef3db814c92529c9e5fdbc5e1b1dc0fdcc26140fb45a/detection

digitalcomparendo.com.co

# Reference: https://www.virustotal.com/gui/file/a6bca64361aaaf870b90525ffc35e2b17d2ba17b94a7bde793f0aafa02f11c54/detection

sellinruss2.com

# Reference: https://www.virustotal.com/gui/file/50538c1210a31fe8608676a6c7b061bc4b8472db053de6fa80daae7d86372e28/detection

http://54.159.59.99

# Reference: https://twitter.com/drb_ra/status/1529991314326147086

159.223.194.182:443

# Reference: https://www.virustotal.com/gui/file/cdfc5ba406b1099a15ec57cd52c916238a8a89a3e6505f47a692cba92739f455/detection

king-ccards.online

# Reference: https://twitter.com/malwrhunterteam/status/1531709311746985984
# Reference: https://www.virustotal.com/gui/file/e8f0a2f79a91587f1d961d6668792e74985624d652c7b47cc87367cb1b451adf/detection
# Reference: https://www.virustotal.com/gui/file/bf10a54348c2d448afa5d0ba5add70aaccd99506dfcf9d6cf185c0b77c14ace5/detection
# Reference: https://www.virustotal.com/gui/file/1f245b9d3247d686937f26f7c0ae36d3c853bda97abd8b95dc0dfd4568ee470b/detection

109.248.59.74:1337

# Reference: https://twitter.com/ScumBots/status/1531994048269000706
# Reference: https://www.virustotal.com/gui/file/254d9104946b1fa73c5447dcf57c6a8172401feec7d9c518eba23df90b57ca4f/detection

54.190.24.216:8080

# Reference: https://twitter.com/ScumBots/status/1532355178447388673
# Reference: https://www.virustotal.com/gui/file/6f761d9149c1ab9e1a19c77821419e3b11b60d8649ed4406c269c2b96690d0c0/detection

3.22.53.161:10221

# Reference: https://twitter.com/malwrhunterteam/status/1532443932453388288
# Reference: https://www.virustotal.com/gui/file/8d7117bc2c97e7e1a2c6417c37edc1031fb9441cbedc40ed38276d441d018d9b/detection

8866ddd7771251526d5e5e.cloudflareworkers.com
f45c1250baeb931e982109940f2b94a5b572bebe422c81ccadbad6397f5523561floral-sky-60a2.kingsnakeapp.workers.dev

# Reference: https://twitter.com/ScumBots/status/1532933990927286272
# Reference: https://www.virustotal.com/gui/file/dd5d4da062f7b6363d3f165e76392b84ff455def8eeca2980b92f9295c364171/detection

3.6.115.182:16512

# Reference: https://www.virustotal.com/gui/file/3eb41d7351608e5ec7ae17da7bd889a6edadb3fd26080546d5093bd7fbd108bd/detection

adfj4356sjkl23jf367ld234k6fh6k86s234.jquerydb.com
resource.jquerydb.com

# Reference: https://twitter.com/drb_ra/status/1532701358586994688

13.59.166.155:443

# Reference: https://twitter.com/drb_ra/status/1532710008470884355

109.234.36.5:443

# Reference: https://twitter.com/drb_ra/status/1532882609541455873

bcxstaging.co.za
dev.bcxstaging.co.za

# Reference: https://twitter.com/drb_ra/status/1532882928316858370

daq09367inkax.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/b536ba7328c4913798d2146ddceec2bf7891abef728f2c57db71b153f59a5ef3/detection

http://101.43.242.147

# Reference: https://twitter.com/drb_ra/status/1533973002232246272

54.215.206.234:443
imadeyou.click
c2.imadeyou.click

# Reference: https://twitter.com/drb_ra/status/1533983732381646848

150.136.140.174:443

# Reference: https://www.virustotal.com/gui/file/b9b479158d5dea67310c4c0c732e852de11830f3416d5eb2faf01b777fdac20f/detection

dianli.ru

# Reference: https://twitter.com/drb_ra/status/1535428913190555649

109.234.36.5:443

# Reference: https://unit42.paloaltonetworks.com/cve-2022-26134-atlassian-code-execution-vulnerability/
# Reference: https://otx.alienvault.com/pulse/62a08073756f4059e6464d77

http://167.99.57.116
http://172.104.31.117
http://18.216.140.250
http://18.221.234.103
http://191.37.248.120
http://192.99.152.200
http://193.106.191.71
http://2.56.11.65
http://27.1.1.34
http://31.13.191.157
http://54.88.149.100
http://84.17.48.94
http://87.249.135.167
http://89.187.170.129

# Reference: https://twitter.com/pmelson/status/1536819641846272008
# Reference: https://www.virustotal.com/gui/file/1b9c291c4dca0f4af299a0ece26a7c3b3f87a0a7eb9f5b57aa7c894774c40407/detection

104.16.243.78:8080
104.16.244.78:8080
162.255.119.65:8080
n00bzunit3d.xyz
challs.n00bzunit3d.xyz
ctf.n00bzunit3d.xyz
test.n00bzunit3d.xyz
wiki.n00bzunit3d.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1537022403347460096
# Reference: https://www.virustotal.com/gui/file/a8ce2181ce6e56c147412c600a430fdb7baf68550b6f822b98a1759f52adb72f/detection

gmgeneraltrading.com

# Reference: https://twitter.com/malwrhunterteam/status/1537412988558245888
# Reference: https://www.virustotal.com/gui/file/de495346ac81d29707c92181382989cbcc9ecab3feeb7c38eb6fe4364c89cde8/detection

transacor.ma

# Reference: https://twitter.com/malwrhunterteam/status/1537424206434119680
# Reference: https://www.virustotal.com/gui/file/68462163987c2f96488ff08d44d88b6f08d5da7ecbb478bd38d4a156bb61e2b7/detection

facturamx.club

# Reference: https://twitter.com/Dkavalanche/status/1537483210409803777

http://20.240.40.118

# Reference: https://twitter.com/malwrhunterteam/status/1537521767262015488

smarthav.com

# Reference: https://twitter.com/malwrhunterteam/status/1538094207478517764
# Reference: https://www.virustotal.com/gui/file/ddbd0b917d017d5709bd4fb2e0acd4d877d829fb9bc32865550fb556eadb6739/detection

pidipurev.com

# Reference: https://www.virustotal.com/gui/file/03269a24a60591752df46b0303e61c51798333dafd9ed59513bfa620866c2358/detection

gr3.ddns.net

# Reference: https://twitter.com/drb_ra/status/1537231657119338498

20.78.19.235:443

# Reference: https://twitter.com/malwrhunterteam/status/1539333876895854592
# Reference: https://www.virustotal.com/gui/file/2c861d284d35b5d9bd79c697430c32a41759ff713269ca54aabd165505d4ede4/detection
# Reference: https://www.virustotal.com/gui/file/b38109e065c8fe5fdaf88f182597b6bff73c6578f02a757afdba7031db054913/detection
# Reference: https://www.virustotal.com/gui/file/fd3cfce2a371634763db5d184ee7b8115e48baa16177d27376a61c75092e1a32/detection
# Reference: https://www.virustotal.com/gui/file/a2514e2e9c9eb522c07ddad50c66a0c99d9ac64a7445722f94bd5fb358e45220/detection
# Reference: https://www.virustotal.com/gui/file/6e2be3ffea3e74f39145d89bd69a91162c4a436a51da3c1e1b9131c8f8764861/detection

206.84.168.139:4444
206.84.168.191:4444
206.84.168.30:4444
206.84.169.110:4444
strongvpn.ga

# Reference: https://twitter.com/drb_ra/status/1539425978438516737

192.18.141.199:443

# Reference: https://twitter.com/malwrhunterteam/status/1539621033908621314
# Reference: https://www.virustotal.com/gui/file/5270cb73da9b7ca550e1ae3ccd2e0875c7a5e49782daf2ca169d6a29d479f628/detection

http://95.217.244.204
infinite-stars.net

# Reference: https://www.virustotal.com/gui/file/c557d03fa307f13a3086053c022a8e146b1e5725995e2bf0fd2ef2d66d0ba9ea/detection

nikitarovonovich.pserver.ru

# Reference: https://twitter.com/malwrhunterteam/status/1540614846600908800

http://46.21.153.250

# Reference: https://twitter.com/ScumBots/status/1540390624788185089
# Reference: https://www.virustotal.com/gui/file/a3465a008ffa2a0946e1ebe4124f6569623940d0494a264c6329c818fdecb279/detection

3.142.129.56:1869

# Reference: https://twitter.com/ScumBots/status/1541462190745686016
# Reference: https://www.virustotal.com/gui/file/3e79efb3d76cd8ff9734ddab1e0cc2a08cf1903a6e1b6382acb7ea86a5d19660/detection

79.110.52.135:8080

# Reference: https://twitter.com/ScumBots/status/1542158527388680194
# Reference: https://www.virustotal.com/gui/file/9c4b568c60f30008f19e76a1cc16f37dbf2826c22a580f39b4f009a40f7530e7/detection

170.187.232.147:87

# Reference: https://twitter.com/malwareforme/status/1542261607035588608
# Reference: https://www.virustotal.com/gui/file/98d94759958e3b79de90e9da6a2a5d904cd3efc7c0f45773d2ac5dc4b63f1d56/detection

http://176.100.42.180

# Reference: https://www.virustotal.com/gui/file/21286ed0b3e56f49c287617ee5bf4ef687c627e342d72297008e3fce73a5ae20/detection

http://120.48.85.228

# Reference: https://twitter.com/drb_ra/status/1542850540421488640

45.14.224.96:443

# Reference: https://twitter.com/malwrhunterteam/status/1544045677482762241
# Reference: https://www.virustotal.com/gui/file/902d69ecac8da439d9e80b08b034c3bc94dca3b150bf2564752169682954ad43/detection

0c020.com

# Reference: https://twitter.com/drb_ra/status/1544122690818162689

83.229.83.41:443

# Reference: https://twitter.com/malwrhunterteam/status/1544688445154594819
# Reference: https://www.virustotal.com/gui/file/b9d958bdc2ce406d4fae5e73d19e9b3f5222a61e3fe3655ed36bb6ab83e145e7/detection

gojourneys.com/service.hta

# Reference: https://twitter.com/ScumBots/status/1545123058616307713
# Reference: https://www.virustotal.com/gui/file/924276827de0e5d6a1ffc01cb025f206159e974b71796c7b850794258daa1878/detection

payrewardapp.com
api.payrewardapp.com
imv.payrewardapp.com

# Reference: https://www.virustotal.com/gui/file/6da3fbd52970e23b106401bb82298e353f9d1db09fab7a6ad16b6a2ad0188060/detection

161.35.90.195:4444
c2server.duckdns.org

# Referecne: https://twitter.com/malwrhunterteam/status/1547580496460206080
# Reference: https://twitter.com/StopMalvertisin/status/1547851359948804096

http://185.228.83.60
/alksdldoosal
/wxbTRXIuGyNqdPhzfYlJeDOUWKFC

# Reference: https://www.virustotal.com/gui/file/afa2a4fbfb46e5c2f687a741e7b8337c14a52c7bfcbe28cc27933a41dcdb8a6a/detection

Nerviusss25-51690.portmap.host

# Reference: https://twitter.com/drb_ra/status/1548662939716034562

a-banking.com
fly.a-banking.com

# Reference: https://www.virustotal.com/gui/file/c36f0d9d77e5fb8fbe251b57a6a02f7da6222bf270960a79c00422a56c8ca859/detection

45.32.160.133:9191

# Reference: https://www.virustotal.com/gui/file/f18667d39c13df2cc1cd68af0246667e9d7e614ba572120befe16e38f306b035/detection

212.192.242.16:1000

# Reference: https://www.virustotal.com/gui/file/4b445a21fa7863a844b90beebfb5bed18e2acea8f5747b32453fc31d9112963f/detection

downloadyarbot.shopyfi.ir

# Reference: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/growling-bears-make-thunderous-noise.html

46.229.215.108:4433
78.40.219.13:8888

# Reference: https://www.virustotal.com/gui/file/eca5efb923224e2d8fddfcba53d30b44c8c68fc6cb73bca72dc4ec424096a7ef/detection

95.111.250.149:8000

# Reference: https://www.virustotal.com/gui/file/8948fb84fbefb2c969888ab77d438cb8ac00694551dbac317b236fda66e4a739/detection

20.226.41.232:9001

# Reference: https://www.virustotal.com/gui/file/30ce8e40b79621b0555bb818b71d769d3edf6210944007c17d1f31e918fadc45/detection

106.52.42.139:6789
106.52.42.139:801

# Reference: https://twitter.com/drb_ra/status/1550280325506469890

http://45.14.224.110
/vfe01s/1/vsopts.js/

# Reference: https://www.virustotal.com/gui/file/0da30282299c1f351510bfd83463d4ba820687c027e854b1b03fd6124547d77f/detection

213.170.135.6:25561
insmp.net
uk.insmp.net

# Reference: https://www.virustotal.com/gui/file/68a4fd2b4fe913f6ec71196731f0fa3bbed17589ee18d6ec2878a8a20001f905/detection
# Reference: https://www.virustotal.com/gui/file/4d72c7d6ded3cae715ce6f362d3ec79de5f484a264bf52532df316a496ecad04/detection
# Reference: https://www.virustotal.com/gui/file/3694875ffe41f247ef6b5d6eb2d5d3f9ee4939e94735f4aec96e1fa7e3e64d78/detection

aasporo.com

# Reference: https://www.virustotal.com/gui/file/56b823c64968f9eb87a57b688e569eb7040501f291be4606cb226ff281eaffb4/detection
# Reference: https://www.virustotal.com/gui/file/68a2c4cce8c8e8cdf819d8b4f8ab88c0c851fb4ca0dcc07d562a6befc4172380/detection

95.213.145.101:443

# Reference: https://www.virustotal.com/gui/file/04eabcc001b383709ce35e3b116812382dbe1ee77ad8bd2f0da7d39d14ce3b6d/detection
# Reference: https://www.virustotal.com/gui/file/20cf0e39859e911a23db28f8890ad018ff55a3ec6e2b3b849151ce21b08f47de/detection

209.141.58.154:6363
cvc.7766.org

# Reference: https://www.virustotal.com/gui/file/1373d61f65df4004490791ade8a04490db396c2e7a248f680896c524e0f5ffd5/detection

18.158.249.75:12778

# Reference: https://www.virustotal.com/gui/file/2c91462fb50fb7d0a394317401f9044db58e652435cd3beb05ae6e0a0184d63a/detection

http://66.70.238.65

# Reference: https://twitter.com/drb_ra/status/1552819839382835202

167.71.88.90:443
/utag/lbg/main/prod/utag.15.js

# Reference: https://twitter.com/drb_ra/status/1553373644386189312

192.9.244.42:443
/trader-update/history&pd=/

# Reference: https://www.virustotal.com/gui/file/0411b1c23bfb671d36136760706cf85a11af5cfd16f8de47a330a8ca915f1eef/detection

64.52.80.168:7778

# Reference: https://twitter.com/StopMalvertisin/status/1554677296472399872

78.85.17.88:8443

# Reference: https://twitter.com/StopMalvertisin/status/1554738107001765888

78.85.17.88:9991

# Reference: https://www.virustotal.com/gui/file/9c69b39140e43602c4040ab7e9fadf3d74fdc4f9f92cddd2586e6a24fe8c70e4/detection

sky-titans.net

# Reference: https://www.virustotal.com/gui/file/f506dc1b194dfd25df0dfc2490e53138400e0fd5147e79878e878168b57d8531/detection

http://185.156.43.249
185.156.43.249:5544

# Reference: https://www.virustotal.com/gui/file/e451243cc7e2ff3b82a99501ae6e0d3461d7c30e3ff23d71a70b9e5afe6400cf/detection

185.156.43.249:443

# Reference: https://www.virustotal.com/gui/file/ab19c9ee6c97509b12adae6bc4c3e2f3aeb295d6bb6dc39bfc4caab9d5c02c8e/detection

185.156.43.249:8088

# Reference: https://www.virustotal.com/gui/file/463e0ad8bd88738a3ad56095fd6c1df32db01b9194fe0c240e484c4ec877814e/detection

185.156.43.249:4433

# Reference: https://www.virustotal.com/gui/file/5887040b238982d1ec370dec2dfc2f20a3b358e1f03aa30e1c82f9ed46d0ef9a/detection
# Reference: https://www.virustotal.com/gui/file/7ddc9bbf5a0cb96e1a3eabd57c7a3c9529c99d47828c52782cc41f9479110894/detection

hjit.ru

# Reference: https://twitter.com/StopMalvertisin/status/1555461886711590913
# Reference: https://www.virustotal.com/gui/file/50cd4fbf0ebfe65fc135523fda1525a32dc50764748f863193da22d4616c8666/detection

54.91.111.47:4455
autodontreplyservices.com
ec2-54-91-111-47.compute-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1556069100820086785

96.31.77.61:8888

# Reference: https://www.virustotal.com/gui/file/2932baac30e642651f27b4b7c6f77b9122742f49866da5160e9db776b1e832e9/detection

185.100.65.237:4447

# Reference: https://www.virustotal.com/gui/file/bc556718de6fc8d375c7a4121e7d68632caf1fd5439cfd4d9c48d21e092476e6/detection

bfparty.org

# Reference: https://twitter.com/malwrhunterteam/status/1559881926688784385
# Reference: https://www.virustotal.com/gui/file/16b4a6fec76b452f77a6832871ff2e906d673e557a0e6c2673fc952181d1319b/detection

buckotx.s3.amazonaws.com

# Reference: https://twitter.com/malwrhunterteam/status/1559902576757424130
# Reference: https://www.virustotal.com/gui/file/6634cd044332d28d153519298fd0f68590d966d1c970a80d5a6462fd5a9734ec/detection

azistcool.linkpc.net

# Reference: https://www.virustotal.com/gui/file/eca7dc19194ed6de874c9591106be959f0b4f6ec250f3617634b61aa13639a10/detection

finxiio.com

# Reference: https://twitter.com/pollo290987/status/1560155917341130752
# Reference: https://www.virustotal.com/gui/file/737d0d04046e490f3e69e8ab944487d9bd78d77d6be943811949f00f6b89bdd7/detection

sodkvsodkv.facturas.stuff-4-sale.us

# Reference: https://twitter.com/malwrhunterteam/status/1560584179955314688
# Reference: https://www.virustotal.com/gui/file/e6433b54eeeca4efa18f93bd3d90339114edd040a16083e6d5be17f7f0f655e3/detection

shipminttracking.net

# Reference: https://www.virustotal.com/gui/file/b6173bfaf49c806340d65cd48b9f368a5153c3116c2f724e69cf91ea324563d3/detection

137.184.88.94:9001

# Reference: https://twitter.com/malwrhunterteam/status/1560635393971589122
# Reference: https://www.virustotal.com/gui/ip-address/34.80.234.86/relations
# Reference: https://www.virustotal.com/gui/ip-address/83.69.236.3/relations
# Reference: https://www.virustotal.com/gui/file/de55f77361210aeacf9a5989479c0ad790d31633d6899100fa42828156fc79ed/detection
# Reference: https://www.virustotal.com/gui/file/7596564139a66bb4e164cfcae16940e3c4c7909cbbaae1c60aa4a91061a1e54d/detection

iisn.at
iiso.in
ilsvt.co
looi.io
lslb.in
sisidra.ws
tls-i.in
tls-n.in
tornado.ws

# Reference: https://twitter.com/drb_ra/status/1558253131968008192

65.20.81.201:443

# Reference: https://twitter.com/drb_ra/status/1558431403385257985

anmal.ddns.net

# Reference: https://twitter.com/drb_ra/status/1560810734673661952

164.132.138.128:443
91.194.3.36:443

# Reference: https://www.virustotal.com/gui/file/4cc1b6c78cb2a820743f20316044eec68bfeb25dee7615954de27847cde26229/detection

18.219.180.158:8080
phisher.nastydomain.com

# Reference: https://www.virustotal.com/gui/file/f2e4736e8c1776a983021311ff48404d78f02de5677b187828e7b40544e33cb7/detection

http://35.158.114.105

# Reference: https://twitter.com/malwrhunterteam/status/1562081732983128064
# Reference: https://www.virustotal.com/gui/file/5867549d009fbecef49d924ff55fe7e809583b7d72decf6bd49ef453e1366680/detection

220.135.222.186:8080
37.103.169.218:8080
58.177.98.79:8080
a0.pm
/BNBH26SDSNM6upvcKpKobq9h6LM8S/

# Reference: https://www.virustotal.com/gui/file/7ce2a0f058befe3034a1bf27d5aa8c7cdcd79e1a0064bb4e83cb179097fb3b8d/detection

webshare01.onlinesecure365.com

# Reference: https://twitter.com/drb_ra/status/1563141828396056578

d2gzdrbvjbbq9z.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1563142062798938112

13.234.39.14:443

# Reference: https://www.virustotal.com/gui/file/16007ea6ae7ce797451baec2132e30564a29ee0bf8a8f05828ad2289b3690f55/detection

http://45.89.125.189

# Reference: https://www.virustotal.com/gui/file/454add1bfdc98b944ed97984f1771ec09c9a4c869e3fb6936573d0db8a83ac30/detection

82.2.66.222:21

# Reference: https://www.virustotal.com/gui/file/1da0ce0810952354a5e288a3dd6690338228933c5ff726d317c4748a4322e6dd/detection

82.2.66.222:4444

# Reference: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
# Reference: https://otx.alienvault.com/pulse/630f67c49a28f85f26b91f5a

apiregis.com
updatesagent.com
xmlschemeformat.com

# Reference: https://twitter.com/drb_ra/status/1564765008503967749

3.121.201.91:8080

# Reference: https://www.virustotal.com/gui/file/74a75862bd3fb1df2110cfa2f4de6a56c6370c4aba30df4c6b98ea3346d6366a/detection
# Reference: https://www.virustotal.com/gui/file/0439db34ebaca953064a84b4976b5d0533076594f4d92b6b0d7829988845dbca/detection

pc2.heapack.com

# Reference: https://twitter.com/drb_ra/status/1566577843886227459

54.39.238.131:1335

# Reference: https://www.virustotal.com/gui/file/8e698623199611102ffb0e72e86d76c9a2178e4efb3e7346bcfb37269074e6bc/detection
# Reference: https://www.virustotal.com/gui/file/c8117e93fa43454f1bfd6ecd0324dd08f55beae4258e63d484f72b6aafbdf40d/detection

huntsman-dfir.tech
malware-analysis.huntsman-dfir.tech

# Reference: https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/
# Reference: https://www.virustotal.com/gui/file/c23e61db0e74e6d48ba27f17461abc88c700e0a386ffdbd4c1a1571ebf630d4f/detection

i-development.one

# Reference: https://twitter.com/malwrhunterteam/status/1567135765569671168
# Reference: https://www.virustotal.com/gui/file/518a0d736b7d9e015548c7bf2eb3b9692817caf67acc20869f68adc5af5b7200/detection

scorpio-cdn.com

# Reference: https://twitter.com/malwrhunterteam/status/1567146303674585090
# Reference: https://www.virustotal.com/gui/file/78cc518559f2348e4c959848d0c2671e96d16c166db0aaa7633dd67ab6bc58ef/detection
# Reference: https://www.virustotal.com/gui/file/bcb1fed53879768a3fa7b6d7f77695e9f2971a20e2cbb5df0b2a0a83c3088946/detection

http://168.119.107.156

# Reference: https://www.welivesecurity.com/2022/09/06/worok-big-picture/
# Reference: https://otx.alienvault.com/pulse/63174ac2e0c9d93ffa7e32f5

suhypercloud.org
travel-commercials.agency
airplane.travel-commercials.agency
bus.travel-commercials.agency
fly.travel-commercials.agency
train.travel-commercials.agency
central.suhypercloud.org
customer.suhypercloud.org
srv.suhypercloud.org

# Reference: https://twitter.com/drb_ra/status/1566942796153511936

185.64.247.240:4443

# Reference: https://www.virustotal.com/gui/file/be746568cc611f15da95184f3080f2d976f9c45e09b77e10d5916e99b2ab5555/detection

85.209.179.63:4444

# Reference: https://www.virustotal.com/gui/file/93f73b12dae2cc2629bd301941a995e4833c10e27a988c929f21257edbef14c3/detection

137.224.106.4:73

# Reference: https://www.virustotal.com/gui/file/e3416839a6b0aad2e470b8ab7c2b27c8a8919686ffbdbf5f1496a3edebb22f8f/detection

82.167.230.163:7331

# Reference: https://www.virustotal.com/gui/file/d7a5fbc4865a624221fc15de663c4abe9628865ffda7fdf77a350ac67e57f82e/detection

20.224.161.53:1000

# Reference: https://www.virustotal.com/gui/file/a8e002532b37acf502145cff1f6485877c524a6075bbcae537c758ee22bb3900/detection

162.241.224.143:9001

# Reference: https://www.virustotal.com/gui/file/31b9785480154d9def6cefb099b5dd32716634a9cfa4baf471c2164ef6f58028/detection

209.25.141.181:20960

# Reference: https://www.virustotal.com/gui/file/9fad60dd882e26b555f5127ffc7b70326f57ab84271185bbbf469e5eb1ed5e4b/detection

5.183.95.123:443

# Reference: https://twitter.com/malwrhunterteam/status/1567887497090285569
# Reference: https://www.virustotal.com/gui/file/2e551962c5d2641f8ff5e35156e7b2f1a02f6c0c29c4066692a7e14541f5ac93/detection

185.43.7.204:443

# Reference: https://twitter.com/malwrhunterteam/status/1568190202266386434
# Reference: https://www.virustotal.com/gui/file/bc6202d58b5ed72e9b23b617f5a3d2888169f471af884b573d67e8a58fe5d4c5/detection

bashamed.org
zeytoonict.com

# Reference: https://twitter.com/malwrhunterteam/status/1568198491226226688
# Reference: https://www.virustotal.com/gui/file/8ae18fc31866c3a35ede249b97457598e78cb6a0988df1dd58b9ddb1f3e88c05/detection

woo097878780.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/49ac5872f91182bac543788dfd168eb4e103c11f42b1585879d6999ede367500/detection

http://128.199.113.162

# Reference: https://twitter.com/drb_ra/status/1568421255627550720

173.82.212.78:443

# Reference: https://twitter.com/StopMalvertisin/status/1568529585893175296
# Reference: https://twitter.com/StopMalvertisin/status/1568529591991693313

http://185.45.192.208
http://185.82.202.121

# Reference: https://www.virustotal.com/gui/file/2062108b6af5401e11ecc1666906745f499449e3e80bd3e439b6a0132afec3cb/detection
# Reference: https://www.virustotal.com/gui/file/bb5afa2cc56710ed33c78dbf56120628cc9b3f120d7847a92efd86a19a14e573/detection

spoilgrey.com

# Reference: https://twitter.com/malwrhunterteam/status/1570430443983441921
# Reference: https://www.virustotal.com/gui/file/917c20c5de91f02122a2cfe9d97c70294b1a38d1c1aead5dd6765a39621086f4/detection

d23grfsvusxgzv.cloudfront.net

# Reference: https://www.virustotal.com/gui/file/2d7613b00471b735332dd5ba14bfa05da3d04c79e34304a4419244ff60ee3017/detection

irc.us.org

# Reference: https://twitter.com/malwrhunterteam/status/1570008286417813506
# Reference: https://www.virustotal.com/gui/file/aabe271f846165939b72213794ac12099bac575b250c71cce1f80919c76c0ba9/detection

test.dfir.com.au

# Reference: https://twitter.com/malwrhunterteam/status/1571064193956319235
# Reference: https://www.virustotal.com/gui/file/2de7c6cbb107b72c67711008a704284f24a0e7294316109b87bb6ff1b06fe397/detection

host1849145.hostland.pro

# Reference: https://twitter.com/StopMalvertisin/status/1571136090760966144
# Reference: https://www.virustotal.com/gui/file/797e74d61badfcd0b2fc15b467cc5aee5eeec93b1ac41ccf08749740f10ae475/detection
# Reference: https://www.virustotal.com/gui/file/33b77459b3b88949e2110f81c77c5024f2701a5bfa580f275da9b8f2316c2c73/detection

142.93.204.150:4433

# Reference: https://twitter.com/abuse_ch/status/1572833978184499201
# Reference: https://tria.ge/220921-g1gwdabadl

149.57.171.69:8080

# Reference: https://www.virustotal.com/gui/file/59d451917630e02e1c38ce6485e187f403279abc0f1afc744f82dd3b9c4a4ccb/detection

6-express.ch

# Reference: https://www.virustotal.com/gui/file/8c785cfe27ba43be28feb28ea9f056a65cebe62abd652f11b82196d819853d37/detection

workplaceanddiversity.com
updatepkg8.workplaceanddiversity.com

# Reference: https://twitter.com/malwrhunterteam/status/157361918168947507
# Reference: https://www.virustotal.com/gui/file/b2de5e474c1a933468603795e736d7d7dfdc8e13b5f14e6fba7e9849298cc8bb/detection

105.108.117.187:21000
105.108.198.242:21000
105.109.159.46:21000
154.246.109.149:21000
154.246.113.83:21000
154.246.146.88:20000
154.246.234.136:21000
154.247.9.173:21000
197.207.8.74:21000
webjava.mywire.org

# Reference: https://www.virustotal.com/gui/file/8fa32222a5317a6734271299d86c84b0041c0d41959f2b9a76b00af92818cda8/detection

104.248.32.159:443

# Reference: https://twitter.com/MichalKoczwara/status/1574103025693622277

/PoshC2.bat

# Reference: https://twitter.com/malwrhunterteam/status/1574440704838963201
# Reference: https://twitter.com/StopMalvertisin/status/1574442449983836160
# Reference: https://www.shodan.io/host/176.124.219.223
# Reference: https://www.virustotal.com/gui/file/59d86574bc99b593abdcf563628af93581eb109748951cac649b3076c70f215d/detection
# Reference: https://www.virustotal.com/gui/file/1cb4c0402251b5ed56c0a7f6e4d3c4ede4d5a34ece829077a0e2dd3d2523fce0/detection

176.124.219.223:135
176.124.219.223:49664
176.124.219.223:49665
176.124.219.223:49666
176.124.219.223:49667
176.124.219.223:49668
176.124.219.223:49670
176.124.219.223:49682

# Reference: https://www.virustotal.com/gui/file/8cdf57dda39f0a10b6f176bc623faba45ed0540d520876b4b67828846f9d7cdb/detection

172.93.181.204:8000

# Reference: https://twitter.com/malwrhunterteam/status/1575453078987366400
# Reference: https://www.virustotal.com/gui/file/558334aa04310114c9433cbd33f44bb35b05f6bd0a29be944adc086215f3b65b/detection

bypass.today

# Reference: https://twitter.com/drb_ra/status/1577506068212719618

213.226.123.157:9197

# Reference: https://twitter.com/drb_ra/status/1570773343258697729

http://188.166.116.129

# Reference: https://twitter.com/drb_ra/status/1573681067541798912

188.166.116.129:6969

# Reference: https://twitter.com/drb_ra/status/1576372562958991361

45.14.224.190:443

# Reference: https://twitter.com/RedPacketSec/status/1577046901194690585

103.27.203.197:444

# Reference: https://twitter.com/RedPacketSec/status/1577046902310375428

18.132.247.80:443

# Reference: https://www.virustotal.com/gui/ip-address/216.240.130.72/relations
# Reference: https://www.virustotal.com/gui/file/8b9c05a1e4a3b701bf8d2229a70bc83cc25b975ab16dbc2a2d0f98d319eeae0a/detection

gamesnetb.com
443.gamesnetb.com
443.onedriveup.today
disk.camdvr.org
disk.casacam.net
netdisk.780wow.com
netdisk.ddnsgeek.com
pan20220109.onedriveup.today
rack.780wow.com
rockdisk.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/fc47b1c0aeb5f6b19af07329a889e39640c626b89ef2e58fe1ec2f0742b0810b/detection

37.0.14.202:3030

# Reference: https://twitter.com/drb_ra/status/1582887247170351105

185.64.247.59:4443

# Reference: https://twitter.com/malwrhunterteam/status/1583197120105877504
# Reference: https://www.virustotal.com/gui/file/5d2f1d7a4f8cda18fd9103e686c811f8e60afc40d3b97b4e05e1394b1c01182c/detection

s5grdzk4uv23llh6ahlx2n2d2s4elzrdrok5rkf7qnhgytud2cqiy6yd.onion.ws
/whatnoplease

# Reference: https://twitter.com/drb_ra/status/1584160635729809410

c2.nathancoats.com

# Reference: https://twitter.com/drb_ra/status/1584355435984785408

192.9.169.86:443

# Reference: https://twitter.com/drb_ra/status/1584886337282375680

adpworkforce.app

# Reference: https://twitter.com/drb_ra/status/1585613063952138240

45.137.117.200:443

# Reference: https://twitter.com/h2jazi/status/1586128535004987392
# Reference: https://www.virustotal.com/gui/file/f7c3ca865baa3553ab44e1cd8f6cf0421a2e4bc12d228abda1296069a07d86b4/detection

d1codu14p1gdvw.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1586705416779612165

116.203.51.117:443

# Reference: https://www.virustotal.com/gui/file/1b82739880e1851d032b09de787033bd19135c8496124cd505b32afe4212b7b0/detection

http://89.22.233.149

# Reference: https://twitter.com/malwrhunterteam/status/1587571283159547906
# Reference: https://www.virustotal.com/gui/file/ab2f0ffb3a1f762f0de9bc5bd8b529232729f1f790eb07c55097ad3eb204d061/detection

192.46.211.76:443
192.46.211.76:8000
lelouch.tk
a.lelouch.tk

# Reference: https://twitter.com/malwrhunterteam/status/1588580672121470977
# Reference: https://www.virustotal.com/gui/file/ae6c02ba554be6dcda3610e8048d0649418f96ed0a8e2cda0a9d27ed4a46ddcc/detection

45.141.215.215:8080
sisal-policy-italy.duckdns.org
sisal-updater.duckdns.org

# Reference: https://twitter.com/drb_ra/status/1588154272402870272

74.208.135.130:443

# Reference: https://twitter.com/sysk1ll3r/status/1589615455396040706
# Reference: https://www.virustotal.com/gui/file/aaa97571b8c811109ab623de66ca34027193e0e78835abd187f6c5750fc1c6d2/detection
# Reference: https://www.virustotal.com/gui/file/0976d94f317fc0050d2e6250b327044b49320fd9ab283d6d9b3d192ef2ff328f/detection

http://195.133.40.130
http://20.106.255.48

# Reference: https://twitter.com/drb_ra/status/1589958958869090304

/babel-polyfill/6.3.14/polyfill.min.js
/babel-polyfill/6.3.14/polyfill.min.js=/

# Reference: https://twitter.com/r3dbU7z/status/1590276341106356229

http://45.154.98.151
45.154.98.151:443
45.154.98.151:777
niva.linkpc.net

# Reference: https://twitter.com/ScumBots/status/1591185331474374675
# Reference: https://www.virustotal.com/gui/file/8f1e1aa4ffded36e953eaf3b679fca21bffc5ca1c837c03fe97ba9ecf93b39fa/detection

193.161.193.99:23235

# Reference: https://twitter.com/ScumBots/status/1590743667064586241
# Reference: https://www.virustotal.com/gui/file/6de48c8c9301b869034fab854c3d518810c2bcc0957093b4739ef0e16912fc3c/detection

jeffersonfilho-23235.portmap.host

# Reference: https://twitter.com/drb_ra/status/1591227919493373952

http://45.93.31.122
/adServingData/PROD/TMClient/6/8736/

# Reference: https://www.virustotal.com/gui/file/d2432ae81241cd0041c23c81b7ddb874ac29b8cc77025a44b41c249a41f3a094/detection

193.33.195.152:3000

# Reference: https://twitter.com/malwrhunterteam/status/1592231757461741569
# Reference: https://www.virustotal.com/gui/file/af3b595215fe40422c0d4a10bbfc2d0e609edf315fbcb372951eea626f58f41f/detection

3mtbusa.com

# Reference: https://twitter.com/drb_ra/status/1593418944332894209

microsoftonedrive.online

# Reference: https://twitter.com/drb_ra/status/1593779349982879744

emergency-coms.com
cc.emergency-coms.com

# Reference: https://twitter.com/luc4m/status/1595105175492087810
# Reference: https://www.virustotal.com/gui/file/49d1d6bfc32f81df0fa87f715be219c26de59067ff1c6e17a2564598900a2a3c/detection

http://146.70.87.186

# Reference: https://twitter.com/malwrhunterteam/status/1594818792084971523
# Reference: https://www.virustotal.com/gui/file/0fa2e2f524101e9c5e911e193e7fb145463c0c2a72a5fb14f8f11a8ae3a18593/detection

201.121.29.197:81
201.121.68.116:81

# Reference: https://twitter.com/drb_ra/status/1595767943841058817

159.65.92.230:443

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_Posh.txt

http://146.59.201.131
109.234.36.5:443
109.248.6.221:443
132.145.106.12:8443
146.190.86.212:4443
159.223.20.20:443
165.22.119.30:443
184.72.153.18:443
185.193.126.28:443
192.18.141.199:443
193.36.15.251:443
20.218.128.59:443
3.65.198.167:443
34.235.5.141:443
44.192.81.16:443
45.137.117.200:8443
62.182.159.147:443
94.130.106.165:443
95.213.145.101:443

# Reference: https://github.com/conexioninversa/MalwareIntel/blob/main/C2_PowerSploit.txt

http://190.157.37.153
http://82.157.181.130
http://88.91.32.192
18.209.76.109:8080

# Reference: https://twitter.com/malwrhunterteam/status/1596217071742128128
# Reference: https://www.virustotal.com/gui/file/74712e4b42600980566b6dc10df3fb2f63a7daefc3e28abc591d222e3fe0ece0/detection

161.49.96.244:13373
gsismo.com

# Reference: https://www.virustotal.com/gui/file/71459112f7bd7cda5d383db74555399740c532064537aa876c45657438381ccf/detection

http://62.204.41.222

# Reference: https://twitter.com/ScumBots/status/1598210368408543233
# Reference: https://www.virustotal.com/gui/file/eee29a4a94a23810cab689c09e4a83362278a344f3364ee371defcdd96c8e195/detection

154.12.244.1:46969

# Reference: https://twitter.com/ScumBots/status/1596161656874221568
# Reference: https://www.virustotal.com/gui/file/8198e99eec93b479880e3a05a3148fb6f849bd1a678d9d1589582e9255553bdc/detection

194.163.157.141:4444
furfag.xyz

# Reference: https://twitter.com/drb_ra/status/1598305446137589760

159.223.20.20:443

# Reference: https://twitter.com/drb_ra/status/1598474873675866114
# Reference: https://www.virustotal.com/gui/file/44cbf54f2bf9d02e326f24bc3d0bbf5d6e070d17407afd404acdca2366da643c/detection

http://34.235.5.141
evilredteamthings.com

# Reference: https://twitter.com/xorJosh/status/1598646907802451969

193.201.9.101:11196

# Reference: https://twitter.com/malwrhunterteam/status/1599836594844098560
# Reference: https://www.virustotal.com/gui/file/5002bad1d29e3bb13f1c52be33796963564e639852ecf347503eb1fc2c8c4a89/detection

merry-froyo-94e086.netlify.app

# Reference: https://twitter.com/ScumBots/status/1600165757303783425
# Reference: https://www.virustotal.com/gui/file/68493c8e28d56058cc5fb345c037f37ba97a738f15e78e3fe8e94749cb809d40/detection

95.90.54.183:8080

# Reference: https://twitter.com/ScumBots/status/1600168337576808452
# Reference: https://www.virustotal.com/gui/file/e69cc36ecb2e75c8f9b969eb6f3cf37a371e33375f1b466b47e0e261340a9367/detection

95.90.54.183:8

# Reference: https://twitter.com/ScumBots/status/1600228665178132518
# Reference: https://twitter.com/ScumBots/status/1600228737768951838
# Reference: https://www.virustotal.com/gui/file/341f194d9ccc811fcc3995eee085f66e299a17aa2272b8a91b3093de281bfac9/detection
# Reference: https://www.virustotal.com/gui/file/d1644309bcecc22c100bd188d2b8ae6072d89113378c90e131672de97c8e49cc/detection

209.165.201.17:4444

# Reference: https://www.virustotal.com/gui/file/e56cbac2134c6bcb67cf25428f8d7db959d341a26d81e4eb4f9f77e7186e5906/detection

http://155.133.23.244

# Reference: https://twitter.com/malwrhunterteam/status/1601189140305186817
# Reference: https://www.virustotal.com/gui/file/d1a4a68b2dc8689752a51b596e383f380c974593f4478fee79f0cac6627f2ae8/detection

20.172.137.101:8080

# Reference: https://www.virustotal.com/gui/file/b1b86bdefc10d4f3fb18fd2d6fcc4cf9e8ed73c108c772e0870f3545731cb3f5/detection
# Reference: https://www.virustotal.com/gui/file/4a614fbe0450a785de13f100465b8212d03e8f358676d2d8e54022bf991e1142/detection
# Reference: https://www.virustotal.com/gui/file/3fbb76f59491281628c762e16b1f07724f1dccf207b13aff3b6ec405143fb7b5/detection

jobbfinderrr.xyz
xvfghtyua.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/46ed79dc34684fe4e0eb948bb4c8804fa9422a2b5774ee122fc7a24ef67d09d1/detection

3.142.141.21:8080

# Reference: https://www.virustotal.com/gui/file/593c91faf0605f937b676f0f6aea7324fd0800fcf630ca0c591aa18fa2c97238/detection
# Reference: https://www.virustotal.com/gui/file/427d31a39e30e238772ec5c7a7e5f21456455ca2c14ed33c3b637ddaafdf8d36/detection

3.142.141.21:30303

# Reference: https://www.virustotal.com/gui/ip-address/3.142.141.21/relations

ms-security-desk.cf

# Reference: https://www.virustotal.com/gui/ip-address/18.222.107.105/relations
# Reference: https://www.virustotal.com/gui/file/474a83ab9e606773f64bce7d639dae8a56f262af53ef0e7ee0d5be2bc6695d88/detection

18.222.107.105:1335

# Reference: https://twitter.com/ScumBots/status/1602702148290154496
# Reference: https://www.virustotal.com/gui/file/907610dddd18d371a814dafb80bf5fae3743cf2867b2f31590263f7c9c9114dc/detection

212.86.109.121:443

# Reference: https://twitter.com/ScumBots/status/1602858497409966080
# Reference: https://www.virustotal.com/gui/file/7a35b26ca56a9c4d04af40eded45352c5d1b8e1d8118a1dc26e5a5a80a1114e2/detection

18.229.146.63:16497

# Reference: https://twitter.com/ScumBots/status/1603359300478533632
# Reference: https://www.virustotal.com/gui/file/47a14e36512627b8f66d448935f547a8cd117a6761385fb178303795084cbf11/detection

54.37.161.92:22

# Reference: https://twitter.com/ScumBots/status/1603361811658596352
# Reference: https://www.virustotal.com/gui/file/ac0ac1aa9a3ca544a1218c836e42e858ec0e10444c72c09b2f1f9191ebfad636/detection

34.126.164.120:22

# Reference: https://twitter.com/ScumBots/status/1604028706950889474
# Reference: https://www.virustotal.com/gui/file/d0a7bd25b378287585c36b96d279de61374155a26916ea18509754644ad7cd03/detection

34.126.109.143:22

# Reference: https://www.virustotal.com/gui/file/d74ba5885f7659e58ae5a3d739ad7cc2be61917c13fd4ab4637a14a9f40851ae/detection

mamonci.ga
jacksonmuhammad990.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9e9ed31263978322e1dcfb1e30e9e0958d7ba1e4e32b0e2d6286861ecd1c9c58/detection

http://185.29.10.41

# Reference: https://twitter.com/ScumBots/status/1604436389726142464

172.245.92.207:443

# Reference: https://twitter.com/ScumBots/status/1604884348305539075
# Reference: https://www.virustotal.com/gui/file/b485020628c5eb8f6964f79e89a9a3f522197210e300e820fc796763108a8ddf/detection

35.240.198.92:22

# Reference: https://twitter.com/ScumBots/status/1604891894366015488
# Reference: https://www.virustotal.com/gui/file/c071dcff79e062d648272664093f9886070e2df9b91ccfcf4332d296341fd05e/detection

20.226.72.14:22

# Reference: https://twitter.com/r3dbU7z/status/1604992480830967808

http://104.238.149.39

# Reference: https://twitter.com/malwrhunterteam/status/1604964169023115264
# Reference: https://www.virustotal.com/gui/file/b3cb1b5e3d828e25d9802cc536dd89e347bb70528285e1bf1e1acf123fb4659e/detection

letshackit.shohos.com

# Reference: https://www.virustotal.com/gui/file/e019717ced89e11e199b1480a5f3d85cda81181141f906093f39e0d2a13d9c5c/detection

3.129.187.220:11830
3.131.147.49:11830
3.133.207.110:11830
3.136.65.236:11830
3.138.180.119:11830
3.22.15.135:11830

# Reference: https://www.virustotal.com/gui/file/e724b87d50e009d1f60874451295724dff48d10231a9e5cc9c124acf962bf97d/detection

11.23.33.44:10225

# Reference: https://www.virustotal.com/gui/file/cd3dfff05a8b3134ebddd96e081465ed1f2fa847511976bc2eebed34eb114ae5/detection

3.22.53.161:13575

# Reference: https://twitter.com/VirITeXplorer/status/1605592225559089152
# Reference: https://twitter.com/VirITeXplorer/status/1605592378110119936

34.116.134.195:49751

# Reference: https://twitter.com/MichalKoczwara/status/1605658798437199872

62.182.159.147:8000

# Reference: https://twitter.com/ScumBots/status/1606044491546337280

195.58.39.167:8080

# Reference: https://unit42.paloaltonetworks.com/threat-brief-OWASSRF/

140.82.52.35:443
192.248.176.138:443
216.128.146.38:443
217.69.10.255:22
45.32.144.71:443
45.76.246.112:22

# Reference: https://twitter.com/malwrhunterteam/status/1608154920011825155
# Reference: https://www.virustotal.com/gui/file/6d4bc2f881d3b7c9df405e5550268db7382dd06e3451e0815cf365a6ef25ff90/detection

http://193.149.187.234

# Reference: https://twitter.com/pmelson/status/1609602465015414786
# Reference: https://www.virustotal.com/gui/file/4f3a7247427aa4cd1995b6ef6b41031c0e7c53e7fbf015c5bcc8a8195bc62b3c/detection
# Reference: https://www.virustotal.com/gui/file/2573edb9592715b7e0048056279d6d707c959fe815148f733e60b4eb0fca3aea/detection

ahoravideo-blog.com
ahoravideo-blog.xyz
ahoravideo-cdn.com
ahoravideo-cdn.xyz
ahoravideo-chat.com
ahoravideo-chat.xyz
ahoravideo-endpoint.com
ahoravideo-endpoint.xyz
ahoravideo-schnellvpn.com
ahoravideo-schnellvpn.xyz
bideo-blog.com
bideo-blog.xyz
bideo-cdn.com
bideo-cdn.xyz
bideo-chat.com
bideo-chat.xyz
bideo-endpoint.com
bideo-endpoint.xyz
bideo-schnellvpn.com
bideo-schnellvpn.xyz
cesareurope.com
fairu-blog.com
fairu-blog.xyz
fairu-cdn.com
fairu-cdn.xyz
fairu-chat.com
fairu-chat.xyz
fairu-endpoint.com
fairu-endpoint.xyz
fairu-schnellvpn.com
fairu-schnellvpn.xyz
k6027.eu
privatproxy-blog.com
privatproxy-blog.xyz
privatproxy-cdn.com
privatproxy-cdn.xyz
privatproxy-chat.com
privatproxy-chat.xyz
privatproxy-endpoint.com
privatproxy-endpoint.xyz
privatproxy-schnellvpn.com
privatproxy-schnellvpn.xyz
wmail-blog.xyz
wmail-cdn.com
wmail-cdn.xyz
wmail-chat.com
wmail-chat.xyz
wmail-endpoint.com
wmail-endpoint.xyz
wmail-schnellvpn.com
wmail-schnellvpn.xyz

# Reference: https://twitter.com/ScumBots/status/1610836059171987458
# Reference: https://www.virustotal.com/gui/file/56ad36ce1198a3da04f1caaad5dce450dface16309df8757a61dfe87548bebc4/detection

35.247.134.103:22

# Reference: https://www.virustotal.com/gui/file/c47a352bbb2d61a67a96b07695d5b31568ae1f9e9cfd649637570289bffbb19f/detection

poisonhosting.live

# Reference: https://twitter.com/ScumBots/status/1614464983122706435
# Reference: https://www.virustotal.com/gui/file/7bc9afd562babf7e328c1264dd95ff88d62cef6e41d0b5b1a4265cd2ba3d12fd/detection

34.87.169.136:22

# Reference: https://twitter.com/ScumBots/status/1614548033575817218
# Reference: https://www.virustotal.com/gui/file/b90b8990514c7a059fc25d4f2d49e95c2b99ab63354af58fee859c1502d2bfca/detection

165.22.76.250:22

# Reference: https://www.virustotal.com/gui/file/f854ee6b89136167029b67a2b53c55d438df3099530b352d3e7766daaba9369d/detection

http://194.180.48.211

# Reference: https://twitter.com/malwrhunterteam/status/1615066293652029440
# Reference: https://www.virustotal.com/gui/file/97eb0366f9f0fe5d8e0b53a92c5b6b315e867634dc15a5f0155fc8fb2919c3a1/detection

enhanced-google.com

# Reference: https://twitter.com/drb_ra/status/1614775265619578880

185.111.207.102:8080

# Reference: https://twitter.com/drb_ra/status/1615358787128545280

185.193.126.28:443

# Reference: https://twitter.com/malwrhunterteam/status/1615409256219480086
# Reference: https://www.virustotal.com/gui/file/68454ddcd864cd72fd03d0682f6a6e1e2cc0a2220ac1f3645dce6b4ffc801fb4/detection

lattescremato.xyz
miraistealer.xyz

# Reference: https://www.virustotal.com/gui/file/0dac98b37e63036bcd0ff0d8c1764337884b764895a9890b6fd3f6d449ef03c6/detection

russianmen75.top

# Reference: https://twitter.com/malwrhunterteam/status/1615801267913379841
# Reference: https://www.virustotal.com/gui/file/65d00e6ea3afb5ddc4c0a4e3939d08749c13ba1ccf7ebf00cd9426e3f2f0cf34/detection

164.92.162.96:1980
thelegendo.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1615815578886733829
# Reference: https://www.virustotal.com/gui/file/76dbc25ab7e6a68da4e09d7d5be440a81b12cbc756167fc1541a2d476b1d4c50/detection

188.132.130.60:8848

# Reference: https://www.virustotal.com/gui/file/ac3afc5b7972d04750df994044c154cfe1a8b14f66e1785d2d07683cf3ce515a/detection

healthnewsallover.com
hjordans.com

# Reference: https://www.virustotal.com/gui/file/04b3b20749f0368b84326c117709e00a7abdc2e1e2827a19765d07fb27192626/detection

bllsl1.shop

# Reference: https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/

111.68.7.122:8080
111.68.7.122:8081
149.28.193.216:8080
149.28.193.216:8081
172.93.193.64:8080
172.93.193.64:8081

# Reference: https://twitter.com/drb_ra/status/1617150178691006464

141.145.213.10:443

# Reference: https://twitter.com/1ZRR4H/status/1617295296014471169
# Reference: https://www.virustotal.com/gui/file/3e09a109f1b6b8a7c4fff965aeceb874557835d2b25b6b38e2a1ee33f3896a29/detection

frun.digital
otun1.xyz

# Refence: https://twitter.com/nosecurething/status/1617598720048263168
# Reference: https://www.virustotal.com/gui/file/6795bc29e730807523a7896f7666a2b5d9bf9b3ec5175956aadb42370c26316f/detection
# Reference: https://www.virustotal.com/gui/file/30fde5ac8a0d9ae8892726c44cec9ae1b5461b5693674c51e0639b73c9840b25/detection
# Reference: https://www.virustotal.com/gui/file/2803be04664a8cbc029fa8ef12658468f9977cb7371e06649f2afa571640add0/detection

172.245.45.213:3235

# Reference: https://twitter.com/x0rPE/status/1617472916807102465
# Reference: https://tria.ge/230123-me8pvsee6y/behavioral2

http://194.110.247.26
http://45.86.86.13
194.110.247.26:443
45.86.86.13:443

# Reference: https://twitter.com/xorJosh/status/1617553360000897024

http://149.28.193.216
149.28.193.216:443

# Reference: https://www.virustotal.com/gui/file/385ce140ecdd905c02d2fed664260d4271fa59d5b3e8998730ec9ca9926d8857/detection

ads-check.com

# Reference: https://twitter.com/ScumBots/status/1618298988188340262
# Reference: https://www.virustotal.com/gui/file/90f7f2a6acaa52850e60eac82c37276cea12426a24f10cca944eaa6746cfeb65/detection

193.161.193.99:22049

# Reference: https://businessinsights.bitdefender.com/technical-advisory-proxyhell-exploit-chains-in-the-wild

http://172.86.123.228
http://64.44.168.92

# Reference: https://twitter.com/drb_ra/status/1618432623189151745

135.181.253.65:443

# Reference: https://twitter.com/r3dbU7z/status/1618940230756872200
# Reference: https://www.virustotal.com/gui/file/8bd2ae95df444e91d6f69cd4b8555928e8f456afd7cab4cbdf04949835296ff3/detection

letsdo19877.strangled.net

# Reference: https://www.virustotal.com/gui/file/0b0d87744aa21b7ed3a5cf738bd655f3aa4f9608f7a28a8ea55dee3ac5c3c838/detection

http://163.123.142.210

# Reference: https://www.virustotal.com/gui/file/b8f0ad8c5dcbf0dea665d7836fe8ec139d7156752971a41e314cd2ef67405195/detection

http://179.43.175.187

# Reference: https://twitter.com/Merlax_/status/1619375830240731137
# Reference: https://www.virustotal.com/gui/file/f50786ae8ef79be5751bb4a3ded7be56fc66eff90794594f6d13d6959a669d15/detection

http://193.47.61.200
193.47.61.200:3387

# Reference: https://www.virustotal.com/gui/file/7766d6f7cb261c2678fa6fb08096ec1a5c7169480cb6f01b583d41f926289ded/detection

156.251.172.22:5555

# Reference: https://www.virustotal.com/gui/file/9e33046dff56d64ce5df6ff69d79fc83392241cf89f34856516c0c3d3b71f51b/detection

156.251.172.22:7855

# Reference: https://www.virustotal.com/gui/file/b9124056b73e4974b94770aef72cd653a7f9f33db407b734930fc18d8b17862d/detection

156.251.172.22:8862

# Reference: https://www.virustotal.com/gui/file/87099fe915a8795c491d0617ce20d7d9617747d8dc03a90e0082ca680b147157/detection

192.241.142.215:8282

# Reference: https://twitter.com/ScumBots/status/1619915893072433154
# Reference: https://www.virustotal.com/gui/file/1d35d110df09bc6081201bdc0e22c40646ee5104959c7021f28603841f66c080/detection

92.47.181.173:25

# Reference: https://twitter.com/malwrhunterteam/status/1620130758328455168
# Reference: https://www.virustotal.com/gui/ip-address/185.200.191.77/relations
# Reference: https://www.virustotal.com/gui/file/db2455440bb46036cbb5b7652786e005a837f5e2784540faca0a5c198d8952e6/detection

docus.space
docustorein.com

# Reference: https://www.virustotal.com/gui/file/8dcb011381a43cc9501bb3209d7d2863b8efc8d4bcebbdef341653cbc19a5095/detection

drivestoragecloud.com

# Reference: https://www.virustotal.com/gui/file/4abd213238c149ad4bfce9c2ac0de09e2714f8515901640996063a768ba1ff16/detection

103.46.128.44:53158

# Reference: https://twitter.com/malwrhunterteam/status/1623396323893411840
# Reference: https://www.virustotal.com/gui/file/10dc75c51b92cfd98093ee6bb94a5cb5ec1ceab872cb026a9bb21696e966bd5b/detection

3.85.231.45:443
/n0/v1/buckets/default/ext-5dkJ19tFufpMZjVJbsWCiqDcclDw
/n0/v3/links/ping-beat/check

# Reference: https://twitter.com/malwrhunterteam/status/1623621074037489664
# Reference: https://www.virustotal.com/gui/file/b3efeaa272619d54a7224bc10257229c7b075c79e3a5eacc206cbd0e3a604409/detection
# Reference: https://www.virustotal.com/gui/file/78099c7fd0ed38c41b18d43ff81ab91ed9154d97f158aac938d2c110edc86548/detection
# Reference: https://www.virustotal.com/gui/file/47a8503a4ef87b577fc38ee67d21c150ac58d72e0dd36e3987d7d0b9dbddba5e/detection
# Reference: https://www.virustotal.com/gui/file/77928be787e85103d49a1c56d0ca07a479daabb532154022b05a9002fd4f213a/detection

43.135.172.12:1900

# Reference: https://twitter.com/drb_ra/status/1626755809282609152

cspecim.store
blog.cspecim.store

# Reference: https://twitter.com/r3dbU7z/status/1625651123414523905
# Reference: https://www.virustotal.com/gui/file/0e49e77c0c8642ed8859a99c14fec1680e5a2ac689f15134074a4629b8642283/detection
# Reference: https://www.virustotal.com/gui/file/1adc5f86acd494f70a9a7001ca94644b21118c5f87c5fbd3835572cadcdfcc9a/detection

172.245.142.98:3389
172.245.142.98:4545
172.245.142.98:60
172.245.142.99:3389
192.3.113.194:3389
htxbdz.com
mail4.htxbdz.com
mail5.htxbdz.com
mail6.htxbdz.com

# Reference: https://www.virustotal.com/gui/file/b300f2c9534c3c9012d1108b15cb8057a24196ff29d982455de48555902081b6/detection

154.247.92.203:55

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-02-13%20Unknown%20Malware%20IOCs

http://46.161.40.72
/r/klf/5B876CA5C3AA0A7D

# Reference: https://www.virustotal.com/gui/file/18e254b9280a517c2cf84e73aaa23cdcf4d1e27b76deb37655d06c0a7ca5be8f/detection

3.141.210.37:17182

# Reference: https://www.virustotal.com/gui/file/794a7f6bb6bf9c1a2e0f47f36d0eb1b609f0d1de62dc50e859a6c62b77ded96c/detection

111.90.143.228:24

# Reference: https://twitter.com/ScumBots/status/1626214893740494851
# Reference: https://www.virustotal.com/gui/file/7bc2ba99e3289ac9d4939a56abfc90cb45c912aa0bed71f3084ad3cfa5898008/detection

31.210.55.103:41507

# Reference: https://twitter.com/ScumBots/status/1628016779451633664
# Reference: https://www.virustotal.com/gui/file/6c142b7ba9967a16d0a3a44ffd73713ca7cfd430eb79aa81f319e8165685528e/detection

134.122.51.63:22

# Reference: https://www.virustotal.com/gui/file/fd7d7fc9b18a81d921cd3bfa3b613f3558fcf4a31807146aa89a32776ff72954/detection

178.175.142.195:21288

# Reference: https://www.virustotal.com/gui/file/de9f00e68026508c42c1daf5fb77d78238ef01090b74d95e154aed8b8e0d5a0a/detection

178.175.142.195:57805

# Reference: https://twitter.com/malwrhunterteam/status/1628813529787555841
# Reference: https://www.virustotal.com/gui/file/d446a8aad146468b406229699b7614bfac715e1de2c8d0a6cdd626c677ee42c8/detection

wheufcvbheuywbfyhuwebfhuwef.africa
targetplay.wheufcvbheuywbfyhuwebfhuwef.africa

# Reference: https://twitter.com/ScumBots/status/1629738118159933445
# Reference: https://www.virustotal.com/gui/file/f3ac93766c4eab18906fcf0815eb01ad4409374e4736a855282237949a8ffafb/detection

34.126.190.114:22

# Reference: https://twitter.com/drb_ra/status/1629854149289422848

164.92.110.36:443

# Reference: https://www.virustotal.com/gui/file/9c1c570d490d67fde5689068726807b936d5fbe9a299a0760aa9d75e916e2305/detection

tequilamisorpresa.com/execution.php?tag=

# Reference: https://twitter.com/ScumBots/status/1630236404641824768
# Reference: https://www.virustotal.com/gui/file/000ebda7b9dbd9631ece03e1f6cddb887fe1f5913bbd04a241bc76ddf7618671/detection

34.87.98.110:22

# Reference: https://twitter.com/ScumBots/status/1630545929735401472
# Reference: https://www.virustotal.com/gui/file/b05e15ee98671f388cb1155a797e48cae944c01dd11179e5e295cdb45be3099c/detection

134.122.51.63:9001
