# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: vidar stealer, mars stealer, lumma

# Reference: https://twitter.com/malware_traffic/status/1112776731331620865

hospitaleco.com

# Reference: https://twitter.com/malware_traffic/status/1103717653590482944

gettorrent.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

capitalinvest.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

tepingost.ug

# Reference: https://twitter.com/K_N1kolenko/status/1116263090562183168
# Reference: https://pastebin.com/jFhkBu32

bokolavrstos.com
newagenias.com
binacoirel.com
malansio.com
jamaliensor.com
kolobkoproms.ug
bastionprofi.ug
tepingost.ug
startolete-vn.ug
bestchope.ug
fashionhub.ug
mytradecrypto.ug
applezone.ug
travelups.co.ug
travelforyou.ac.ug
einvestment.ac.ug
newphone.ac.ug
newstoday.ug
globalcoin.ac.ug
yourseo.ac.ug
cryptoshop.ac.ug
capitalinvest.ac.ug
onlineinvestment.ac.ug
allcashbacks.ac.ug
getpayment.ac.ug
gettorrent.ac.ug
proshop.ac.ug
yandex.ac.ug
yandex.ug
google.ac.ug
search.ac.ug
hospitaleco.com
oldspicebest.com
refenansoro.com

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

santaluisa.top

# Reference: https://twitter.com/VK_Intel/status/1125549719885893633

golenirose.com

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/
# Reference: https://twitter.com/raby_mr/status/1136498987890925569

crypto-widget.live
penthausebrones.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1166604400489639936

eroomia.com

# Reference: https://twitter.com/malware_traffic/status/1169727825823354880

xhth516682.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048
# Reference: https://app.any.run/tasks/6d880837-3ba9-439c-b67b-ee6d2837b645/

aaenyhostel.org

# Reference: https://github.com/silence-is-best/c2db#vidar-stealer

weimachel.net

# Reference: https://twitter.com/0xFrost/status/1182973846208598017
# Reference: https://app.any.run/tasks/d498ebc5-51cd-446f-9d98-7e43628b56b5/

garbage-barabage.top

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

klegrandlichgrum.com

# Reference: https://twitter.com/James_inthe_box/status/1191695072032460800

qubert.org

# Reference: https://pastebin.com/xwT2gAgE

acrelop.com
martinlloyd.net
pineloseesrae.com
qubert.org

# Reference: https://app.any.run/tasks/42a9a425-d8f8-4504-8bbf-63c0c10c4bda/

gebrauchlichtal.com

# Reference: https://twitter.com/Paladin3161/status/1162320397368381441

villadubois.org

# Reference: https://twitter.com/P3pperP0tts/status/1178820466917675008

lanokhasd.com

# Reference: https://twitter.com/P3pperP0tts/status/1196440836852125698

steerdemens.com

# Reference: https://twitter.com/P3pperP0tts/status/1197178756068257795
# Reference: https://www.virustotal.com/gui/ip-address/209.141.33.126/relations

http://209.141.33.126
steerdemens.com
starlikespace.org
longvoyages.com
xd.botnet.services

# Reference: https://twitter.com/P3pperP0tts/status/1198935640664133644

crarepo.com

# Reference: https://twitter.com/P3pperP0tts/status/1198984250420269057
# Reference: https://app.any.run/tasks/60002c6f-65b1-4597-a011-1b2de844e56f/
# Reference: https://app.any.run/tasks/16784961-e95f-403d-8726-ad04d37c7b8a/
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

agent1.icu
agent2.icu
amdsetup4.icu
amdsetup5.icu
juhubeachn.com
legion17.icu
toplegions1.icu
updateinfo3.top
updateinfo4.top

# Reference: https://pastebin.com/iDrBJG8j

fastupdate1.top
fastupdate2.top
fastupdate3.top
fastupdate4.top
foxupdate1.me
foxupdate2.me
homeporno228.com
legion17.com
thepleasurelive.com

# Reference: https://pastebin.com/x2qLz9FJ

voyagephoshop.org

# Reference: https://twitter.com/ViriBack/status/1202413165482409984

http://195.133.1.170
ahmatokomaro.pw
bestdead.pw
petordementyev.pw

# Reference: https://pastebin.com/HBSmJ4wb

789456123.monster
legion17.net
lowupdate3.top
lowupdate4.top
softupdate1.me
softupdate2.me
xylolle.com
ybookfli.net

# Reference: https://app.any.run/tasks/45b54b0e-6de2-4975-b640-779026655f7c/

grelkafestivales.com

# Reference: https://twitter.com/MBThreatIntel/status/1225917125493018624

naumokukea.com
porosnter55.xyz

# Reference: https://www.virustotal.com/gui/file/48c34dd8345ab24ac203e3efc7f46643c4817a42b12fcd7c8a62211b4f4fc02d/detection

gyeonggidoo.com

# Reference: https://twitter.com/P3pperP0tts/status/1228775071260594176

greenlandsurround.com

# Reference: https://app.any.run/tasks/2e1aa0da-69b6-4f5f-847b-243cfaaabd4a/

gewe.tech

# Reference: https://www.virustotal.com/gui/file/2ca7597f7b6a1227c6bace9b1441f2b439935f02a35ffa2a2562f5ccc6cff8e4/detection

maineacadia.com

# Reference: https://www.virustotal.com/gui/domain/paparazzis.pw/relations

paparazzis.pw

# Reference: https://twitter.com/malwrhunterteam/status/1242355604477423617

whoer-vpn.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

verifiedomg.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1246056096055406592
# Reference: https://app.any.run/tasks/d75d4f69-8381-46c7-9f0e-ce5ba2eb1ac1/

etips.fun

# Reference: https://app.any.run/tasks/fe00595d-b20e-4f2e-9c47-9f1cb79a63b3/

wrangellse.com

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

yrhealth.life

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/mastercard.ru.com/relations

mastercard.ru.com

# Reference: https://twitter.com/petrovic082/status/1257619785707393034
# Reference: https://app.any.run/tasks/a3380ace-5f86-4240-a986-f244231c05cc/

archessee.com

# Reference: https://app.any.run/tasks/93596f59-77f9-4b55-af25-3939594ed913/

repitoperano.pw

# Reference: https://www.virustotal.com/gui/domain/waterpocketfold.com/relations
# Reference: https://app.any.run/tasks/b7d1ca5f-e49f-4d50-b4b0-690e6b8b7783/

waterpocketfold.com

# Reference: https://app.any.run/tasks/d6a32934-daf9-4b83-9a2a-9f5a5feb4b64/

barddistocor.com

# Reference: https://app.any.run/tasks/32e30b47-f656-4505-af07-7e3f7c0c3b93/

http://213.226.114.54

# Reference: https://twitter.com/malwrhunterteam/status/1264259160918671363
# Reference: https://www.virustotal.com/gui/domain/sumliomicna.com/relations

sumliomicna.com

# Reference: https://www.virustotal.com/gui/file/ffc9319863cf7efe7575c36357ecd7102f99c99758ed94e97d31d78c7e1966a3/detection

headborro.com

# Reference: https://twitter.com/vigilantbeluga/status/1257891038582067200
# Reference: https://www.virustotal.com/gui/domain/chumashpeople.com/relations

chumashpeople.com

# Reference: https://www.virustotal.com/gui/file/13f8e88a6f37b999c12513887752d7a03637e32106ef4109e11a9a8f260ccfab/detection

piedmontteem.com

# Reference: https://www.virustotal.com/gui/file/aecddb3a9656759f5681708172573f435c3db0539d6a7a0230ec93b4e3f131a1/detection
# Reference: https://www.virustotal.com/gui/file/e0830aec7a5737f0558860a3ff192c6270bf57b2bc1c01ad514c012f7d039bae/detection
# Reference: https://www.virustotal.com/gui/file/87dac3be0edd3b599b3d50eec0edbe751e6d2951b22182a85b017acf26d485f7/detection

backgrounds.pk
jamshed.pk
karimgousa.ug
karimgouss.ug
levitt.ug
levitts.ug
marcakass.ug
tribunal.ug
zaragoza.co.ug

# Reference: https://www.virustotal.com/gui/file/f1d7ea9dcf7abe22f07f3d14fb21636e47bb0def2f766632a547d20f7d258aa5/detection

http://37.252.5.111

# Reference: https://www.virustotal.com/gui/file/f2a0fdf6caf5be2b84dcc0efb0c59082fa67350d49a1f2951b451df6f1d2bb21/detection

tomasisa.ug

# Reference: https://www.virustotal.com/gui/file/51b82ddc8786bdd8a0805baebaa243df7910711d422aad9f5fa867f46c7fcc71/detection
# Reference: https://www.virustotal.com/gui/file/cd8751bd47174dbae36c414383ca789d6d23062d528a34eaa81924cb3c0bfaf5/detection
# Reference: https://www.virustotal.com/gui/file/30ff25b4a60bd0e1f46e544dc44138aa3cf59ef87a84f1eafae990c61f1e5266/detection
# Reference: https://www.virustotal.com/gui/file/1969bcde226f3b3bcfb67912b5ff6efd8038383dc2655980a6f51730e8361d09/detection
# Reference: https://www.virustotal.com/gui/file/c81ae80ffb2e2a3af8c2b5ae405f848ed094e3f4112a501c4bb773d5f494239d/detection

lkjhgfdsa4.ru
zver.tech

# Reference: https://www.virustotal.com/gui/file/5282290d0d6e2b1add3d298052c4f607afa58e12559ddcf99da3a242d8329cf8/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/bc275cd76478e4d3387740dd955d9b9b5b36f064656ecb1e1cea9b8649eec57d/detection

smarteyecare.in

# Reference: https://www.virustotal.com/gui/file/eb496b85f98f8b3f2b4f4150295b490c04b6b710818b9ebf592272b5dd3005c0/detection

precambrianera.com

# Reference: https://app.any.run/tasks/4b8bd5e5-b60d-45ee-9fa1-e631e591987b/

likeanimals.net

# Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection

nextgentoolkit.com

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.77/relations
# Reference: https://app.any.run/tasks/3b0bd018-731d-493c-a4d3-9a58a97e03ff/
# Reference: https://www.virustotal.com/gui/file/aba9f9d6904d1474f7a0693e80d182eff9cb8a1c185f0090876cf8eb83914cbb/detection
# Reference: https://www.virustotal.com/gui/file/c08958f222a52901aade88ebe2c3636a8bca3bf9fb6874ffbae93261ebfec86f/detection

agentt.ac.ug
agenttt.ac.ug
andreas.ac.ug
andres.ac.ug
courtneyhones.ac.ug
courtneyjjones.ac.ug
courtneyjones.ac.ug
courtneysdv.ac.ug
ferreira.ac.ug
ferreiranadii.ac.ug
foundsomebo.ac.ug
iloveyoubabu.ac.ug
iloveyoubaby.ac.ug
jamesrlongacre.ac.ug
jonescourtney.ac.ug
letitburnsf.ac.ug
malarcvgs.ac.ug
morasergio.ac.ug
morasergiov.ac.ug
nadia.ac.ug

# Reference: https://twitter.com/JAMESWT_MHT/status/1328290554912903169
# Reference: https://app.any.run/tasks/34c3a80a-83a1-476e-80ce-2ce62e40e0b7/
# Reference: https://www.virustotal.com/gui/file/0ea95746928602fad4896c1085ee0125dbeb29145dea813ad3444f648c9db2c8/detection
# Reference: https://www.virustotal.com/gui/file/95268ee22cb09ca871b56ede8eca4a1655490ef02ad14bbd2c02b60eea19481c/detection
# Reference: https://www.virustotal.com/gui/file/9dd08cf2672502db217f9772affb88657f8559d8f4d946af25c4b22428ea336a/detection
# Reference: https://www.virustotal.com/gui/file/a6dbfda2fe88b1f7e1184f3ab5fd3e206aece25707fb55d25b1fda513bf93007/detection

buydating.co.ug
gomisacar.com
rineialav.com
swiloodex.com

# Reference: https://www.virustotal.com/gui/file/9a5e8b3e5929b50b2ac4c44587fb01153ad9377681c3ca5c2dfee11830a2caec/detection

sbershit.com

# Reference: https://www.virustotal.com/gui/file/76ce130d2447f71bea8ed902959fd7e0aeac86b55f9e44a327c1f1c1bd73ba3f/detection

molothunsen.com

# Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection

whoicehkestes.com

# Reference: https://www.virustotal.com/gui/file/628a9c97a55155f60d3b5ae29bc64f1dca5a6baf2b4f6a1a1de5e836cd4fb73f/detection

desperate.website

# Reference: https://www.virustotal.com/gui/file/95bf761c12eba2be84e29c60e31017bc60007ed0f38fcdf261d5fef34e8e4f2f/detection

badlandsparks.com

# Reference: https://www.virustotal.com/gui/file/0af341a92c789bd37e8d7d029f0c225f66f5137f678ea8082426bb565261e740/detection

paunsaugunt.com

# Reference: https://www.virustotal.com/gui/file/7b5a9d6119e910f5c0441ae27293b0367718a4257062f29ec8ef27342a0b8de8/detection

biscayneinn.com

# Reference: https://app.any.run/tasks/4ec40ce2-3250-47c5-96d8-07bcb4c4d1b9/

realmengame.com

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

marianne.ac.ug

# Reference: https://www.virustotal.com/gui/file/2953c2448667bc21d451fce8747513bfaaf0df312df1e0a47604ea49a2bbbda4/detection

prosecuredata.top

# Reference: https://www.virustotal.com/gui/file/b25e4f3d4cfb1ade5d4d68469d6f9b365dddc0296f4a66b2e60f29d476889db9/detection

altmessager.com

# Reference: https://www.virustotal.com/gui/file/3d4b459e2a4a78a2c693876b548b248acf9bb3278fb87ec66b5e4cf204a42cf9/detection
# Reference: https://www.virustotal.com/gui/file/b2ca76052b184c69881e79f3f7549ae884f38a57f50f5801fa40aa953f20b11b/detection

kenutduk.duckdns.org

# Reference: https://app.any.run/tasks/030e7573-8696-417e-8741-b8f80e43caa6/

goodssogood.com

# Reference: https://app.any.run/tasks/5a354632-e77c-42ab-8ff0-87bcad5c78fc/

/a/a/www/

# Reference: https://www.virustotal.com/gui/file/240a264d7565a846f6b1a1d83fbec957351de24e6096cf325e6fb24f229e81a1/detection

paperone.co.ug

# Reference: https://www.virustotal.com/gui/file/54976d4745f4fe0b1492cdecdfdb465a81b8acfe305e210d3e2a39b945889082/detection

hydrakupi.co.ug

# Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection

fastkisel.co.ug

# Reference: https://www.virustotal.com/gui/file/477c7d30787de3f979707583bdfae90fb84bd070003c2ccfd260cba2aed08234/detection

didntreadlol.com

# Reference: https://www.virustotal.com/gui/file/7a48e7fad9485df2316249060c7820a56ddb1b0c2841718744e31fe9b5b18786/detection

duckclack.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281
# Reference: https://www.virustotal.com/gui/file/d466ef9698569363af4f08b64235817c7838c726c1faee300582aab3d90f5683/detection

/lancer/getm.php?pid=

# Reference: https://www.virustotal.com/gui/file/0a98dfea9758a2d86facdd37086aae816688386cb897957d72ce95fe2c12093f/detection

zockzock.top

# Reference: https://www.virustotal.com/gui/file/802f2e368248bf75bb83af798f562f9fb2bf07227500b0986abc16a0b42d3ebb/detection
# Reference: https://www.virustotal.com/gui/file/6039cff3d4e528c47b3cd505d14ba6645b4056aa139a06150a0ace56c9cd402f/detection

test.adegokecollege.com

# Reference: https://www.virustotal.com/gui/file/2f4dc31023ec39356b3aa220863cba0ac8b25770641423bccf79ee2b10d77278/detection

nmorbertomo.ac.ug

# Reference: https://www.virustotal.com/gui/file/2e99c313e0c650e1550099cda6493a1896741c8ca294b201d2f2edd5238cdb7a/detection

http://45.147.198.62

# Reference: https://app.any.run/tasks/377e6816-2765-4384-bf2a-4818f84b2b8d/

cache.krishgarden.com

# Reference: https://www.virustotal.com/gui/file/764574a80f1738d589a165cb5fecc7840220c7e72ffe795be772ccf58a0f7ceb/detection

static.parafia-strumiany.pl

# Reference: https://www.virustotal.com/gui/file/0e55e17532909ad5ad34eb4e35d791b27c6951dd15a8baba34c29ae572c884d0/detection

ciaociaoline.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1380870829932744707
# Reference: https://app.any.run/tasks/edc50f68-7088-439e-8993-b6bf2fbb4cde/

data.parafia-strumiany.pl

# Reference: https://app.any.run/tasks/0273000c-ebf5-4a51-a89e-3d0159ff5bb3/

http://45.85.90.86

# Reference: https://twitter.com/fr0s7_/status/1384855677659660288
# Reference: https://app.any.run/tasks/210dcd67-5096-4f79-9cb7-21502ca24854/

stealer.xxxy.biz

# Reference: https://twitter.com/reecdeep/status/1387777010097852426

http://203.159.80.206

# Reference: https://www.virustotal.com/gui/file/e5686e76056d1a4ac0a3120e1de3e3ab9aca585fb151881e76885d36a6621092/detection

lotomoto.info

# Reference: https://twitter.com/James_inthe_box/status/1389233811251073033
# Reference: https://app.any.run/tasks/4a9b349d-ade4-4723-ac41-40415532e8bc/
# Reference: https://app.any.run/tasks/3e24fd12-9eed-4e6a-9b49-dfd3d8341a87/

http://31.210.21.181

# Reference: https://www.virustotal.com/gui/file/bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050/detection

vtqt.xyz

# Reference: https://www.virustotal.com/gui/file/3be583104ac2df031993b4f1bcbca40c01cefc5282050bc70b74e6e428291aba/detection

http://31.210.20.228

# Reference: https://www.virustotal.com/gui/file/55f1a2084fd1c1d5477519f06b02aa4fa4d917aaceffd116fc45820dc49a7795/detection

osiq.xyz

# Reference: https://www.virustotal.com/gui/file/7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0/detection

http://45.144.225.173

# Reference: https://www.virustotal.com/gui/file/fa1b210bdfaa9d9ed60eeee1196af0a697ed9bb1b6fbcc7108ebf43b55a313a5/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/ip-address/188.34.193.205/relations
# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/8209fcebdc81bc471b8abd57c07a18a7f222803f625028e26e343fde63183fda/detection

http://78.142.29.63

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

worstyear2020.com

# Reference: https://www.virustotal.com/gui/file/dfe963eae24c412b410f879df4f8fdec5b1a4fa8e20f44ab4eea4af4f811cf19/detection

dollartikuda.xyz
ys-gay.net

# Reference: https://www.virustotal.com/gui/file/c41aa6d6eeac57851b0a00a619609ed764072881b85b7dad25ac30f2856eda43/detection

support121.ddns.net

# Reference: https://www.virustotal.com/gui/file/f7a75dfb71ae46a4d6732100359c7d1b6fb5bb65338d6d1b702871ca492d3d54/detection

sefagusten.top

# Reference: https://www.virustotal.com/gui/file/cdeda69bc5ed54e292430a0e7017a66472ef4a1a25e3ebc125785fa2f9dc2bd9/detection

siwirnes.top

# Reference: https://www.virustotal.com/gui/file/573ac5d6b60b2965407c8fbf5c9d0f82067a19c27db420c4f5e9067798bcf6f9/detection

http://162.55.189.102

# Reference: https://www.virustotal.com/gui/file/835c8f02b83dd9bf4b3bf34f7e786b9b37c22924977eab54c6be9f69f1fefc69/detection

http://168.119.226.10

# Reference: https://www.virustotal.com/gui/file/326bebb9e00419c94b901a4597b8d8b1b56ac6ca9cbb96fc8f40df4d85d588cb/detection

http://176.123.4.140

# Reference: https://www.virustotal.com/gui/file/f4a1b439d5d5dcda842507571335e05665dfddc1cec1690d2fa66480c84d3e50/detection

http://185.99.133.218

# Reference: https://www.virustotal.com/gui/file/addabc3e06c8044f4eb4dfc9b63c0d40c4c3e628761ac097a8647d105376051c/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/dc466832b1cfeb541df94d49aea4de357c034f78bf70480c27fe265e440010bf/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/file/49b3c1cea44676e46f5dd2d99db7810d3e09d256318be8429d1faa25a53d80b6/detection

http://195.201.94.135

# Reference: https://www.virustotal.com/gui/file/8d2dbbfd60c93fa6faf7f7b3bcfe4ac73dc6c2870911fe8f2c1c4e14bff90499/detection

http://49.12.77.13

# Reference: https://www.virustotal.com/gui/file/d17da61df61aace32659d4c00fd886a6115c893ce48b84c1a819ed6cb7fc1a61/detection

http://198.98.55.103

# Reference: https://www.virustotal.com/gui/file/00bebbc8e8adec6a7133ea0b83663d072b50cdab673d6b4d42b41d0a3fd61bc7/detection

djalil.top

# Reference: https://www.virustotal.com/gui/file/cc981c93093a992a27a48072beda1ebeefd2c23d1e961fd427995d389960890b/detection

lookluck.net

# Reference: https://www.virustotal.com/gui/file/3436be047261b75482542deb4e22e89927e89f60b6061fa32d72043ef8e4afad/detection

http://205.185.127.90

# Reference: https://www.virustotal.com/gui/file/6d68a55fc9958ed4e1e38eb44159f7ef87c434f91c78ae5c8bc58a979526f0da/detection

http://116.203.140.224
http://78.47.81.226

# Reference: https://www.virustotal.com/gui/file/dccba229de62bcbd976968e97f5c2febecf9408e339c553371563e43e8f7be48/detection

http://78.47.87.144

# Reference: https://www.virustotal.com/gui/file/bf9be8425f9523539e9fadbd7b96ced4fc65eaabb1006996a6974c6da8041a7e/detection

http://88.198.106.10

# Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection

http://94.130.58.199

# Reference: https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed
# Reference: https://otx.alienvault.com/pulse/60b10fc3cf96ed70dad3bc07

bittracker.co.ug
blockbock.com
bockbock.top
bocksmoke.com
brainstormer.co.ug
cache.krishgarden.com
centos8lts.com
centoswiki.co.ug
choohchooh.com
ciaociaoline.com
ciaociaoline.top
customkitchaid.com
data.parafia-strumiany.pl
didntreadlol.com
djalil.top
dockclock.pro
duckclack.com
fastkisel.co.ug
flinstonehouse.co.ug
ftp.dwysokinski.me
fuckspha.com
gate.akadns9.net
goodssogood.com
guilmettemoron.com
hydrakupi.co.ug
juhjuh.com
kenutduk.duckdns.org
kiselev.co.ug
lookluck.net
mail.kiselev.co.ug
paperone.co.ug
promo.parafia-strumiany.pl
protestbonjer.ml
shirleyhorn.com
smtp.omplcement.com
static.accelerator-introlab.ml
static.helpmybusiness.ga
static.parafia-strumiany.pl
upload.krishgarden.com
yourpro.top
zockzock.top

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.114/relations
# Reference: https://www.virustotal.com/gui/file/4b17367ca1fa965f3e4c89a58c7f0325157c224eb80d3344490c7f368f12a833/detection

bilederina.top
binoders.top
cerolipak.top
manusorg.top
mutaleson.top
tenorimp.top
veribuman.top
cleardatass.com
datastatscl.com
statsdatacl.com

# Reference: https://www.virustotal.com/gui/file/c54b414ff7ca8ec5843b3944a53b63fd1a904be8423be677a738060fb1546ff2/detection

http://103.155.81.167

# Reference: https://tria.ge/210710-kzbnpe2rbx

sergeevih43.tumblr.com

# Reference: https://www.virustotal.com/gui/file/ec763b65e400b9caaf560db4f26600251bd0971c7202a799dc7c3ce732a3717b/detection

http://162.55.223.232

# Reference: https://www.virustotal.com/gui/file/b32eb85e201ed5cb4bdef0f43882da7c32807d9be2dc9412aae0db3162d46fb2/detection

http://5.34.178.48

# Reference: https://twitter.com/pollo290987/status/1415925808766623744

sslamlssa1.tumblr.com

# Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection
# Reference: https://www.virustotal.com/gui/file/f83d5140698073bdaa2e907ee6cbe025256b5796ce18f0d2cbc8efff4e9962cb/detection

http://116.202.183.50
xeronxikxxx.tumblr.com

# Reference: https://tria.ge/210726-6jdmkdfwcs

shpak125.tumblr.com

# Reference: https://twitter.com/reecdeep/status/1422191780833988616
# Reference: https://www.virustotal.com/gui/file/6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55/detection

himarkh.xyz

# Reference: https://twitter.com/Racco42/status/1422961309012930564
# Reference: https://app.any.run/tasks/b295d801-8643-4b42-a848-55c8fa5c22a1/

irkark.xyz

# Reference: https://www.virustotal.com/gui/file/7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70/detection
# Reference: https://www.virustotal.com/gui/file/aa1dc867430200195ec34624c58bce2dec6bcda1f837529c564b7cfab0ee978f/detection
# Reference: https://www.joesandbox.com/analysis/454005?idtype=analysisid

anqwcvaaq.xyz
/8GzIpNiHlc.php
/Fl26aoXOqL.php

# Reference: https://www.virustotal.com/gui/ip-address/188.130.139.107/relations

indiacas.xyz
indiamed.xyz
indianot.xyz
kazced.site
kazfds.xyz
kazkef.site
kazksc.xyz
kaznas.site
kazopz.xyz
kazxzs.xyz

# Reference: https://twitter.com/benkow_/status/1443189560024969226
# Reference: https://tria.ge/210929-pd2k9sfacl/behavioral1

http://79.124.78.139

# Reference: https://twitter.com/benkow_/status/1447835812050112516
# Reference: https://tria.ge/211012-jzgv4abhb7/behavioral1

gurums.online

# Reference: https://twitter.com/InQuest/status/1450099115258486784

http://136.144.41.229
searcer.x24hr.com
/gJCbU1V9y2.php

# Reference: https://twitter.com/benkow_/status/1457786964191571977
# Reference: https://tria.ge/211108-xpsfqschd6/behavioral1

http://65.108.80.190

# Reference: https://tria.ge/211117-lb4q3aehak/behavioral1

http://159.69.92.223

# Reference: https://twitter.com/Jane_0stin/status/1463981701596598272
# Reference: https://app.any.run/tasks/762741f6-b2d4-4fde-bf1c-111caf124379/

die-grausamste-herrin.at

# Reference: https://www.virustotal.com/gui/file/1ac64c5db03f0fc9729de68be00e2eff7a59f8e10d2ec50c5d348029de745ba4/detection

http://185.215.113.22
/E2vacMBpWA.php

# Reference: https://twitter.com/ViriBack/status/1476718496218324993
# Reference: https://tria.ge/211231-a19g3aehhj/behavioral1

main2.flashysoft.me

# Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection

http://188.34.200.103

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/TF_vidar.json

derxblog.de
milktr.uk

# Reference: https://www.virustotal.com/gui/file/c3e725df442abe93e1d1d5ca01fc8105521c82e8e5f86d07171d8f95562c59a5/detection

http://49.12.198.69

# Reference: https://twitter.com/crep1x/status/1478361605394116612

http://116.202.186.120

# Reference: https://twitter.com/crep1x/status/1475535929985187846
# Reference: https://tria.ge/211227-sfrevsbcfq/behavioral1
# Reference: https://www.virustotal.com/gui/file/12f67b777aa65271b2e5773b042cbf8bc1c0bf8cabaf356aa05b583a1e581b94/detection

http://116.202.188.27

# Reference: https://www.virustotal.com/gui/file/42e77b0c32a2e1d98bb7e45198c83f92cad7f33b1369bc61c38ceab0ec2cd4f3/detection

http://167.86.127.231

# Reference: https://twitter.com/crep1x/status/1480574856265711618

http://78.46.160.87

# Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection

http://65.108.180.72

# Reference: https://www.virustotal.com/gui/file/15bd912b0e66bf88fc6dbae28754cb085bfa199b7f7e0d4989ab39a747053be6/detection

hjggvbc.ru

# Reference: https://www.virustotal.com/gui/file/00706aeb7422cf62dbcf72342b913d32e85a68d025629d9ea464162ece67bcc2/detection

http://116.203.165.54

# Reference: https://www.virustotal.com/gui/file/005d0cbf83fcceb2657b56711cc56a4144d9c58a8393d3d1ae052db880b60269/detection

boombangers00666999.sc
/gate2233.php

# Reference: https://twitter.com/ViriBack/status/1487421178557964292
# Reference: https://app.any.run/tasks/49b5dee3-f179-4d8d-8000-0a7cde350c1e/
# Reference: https://www.virustotal.com/gui/file/2c35ee480e2ea480624011857326defe537063bb383824013a8f8a0b9182e3b1/detection

anydesk.computer
panel.computer

# Reference: https://www.virustotal.com/gui/file/27afc8d7727c80c934d73e4aa021ab138b99149023dbc1625c8d4ba867981652/detection

banlobora2.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/2d299fcdf7562306634b74f187b445ad17ca07495d2a36ffca86c7425a7982db/detection

opmos.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687/detection

cookreceipts.fun

# Reference: https://www.virustotal.com/gui/file/3c81b46f9c2fd6871f6844585c9d835eea672e1e0c8e26e667ce8049579e3245/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/1e0608ba01db4c6a953d5a2bf144a944d5939790fd9e0acd7c06a37563470add/detection

f0457102.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6e5bef09238ff67eb3c4765eed4a0d647a3b0d9be6e7604a3e9a0d509623c6fd/detection

admin.foa.ae

# Reference: https://www.virustotal.com/gui/file/c145a437ca06f644c48e37c597d6efc46f4a0e4d8b1bfb265a1d28ced7e8009b/detection

bergamot.nu

# Reference: https://www.virustotal.com/gui/file/4e842aade6a22d8efbcae4bd9cde73de26398f7f70a06fc09042ed72bb61465a/detection

cmd3490ghbdtn3.ru

# Reference: https://www.virustotal.com/gui/file/c48534128c907c63db7b3f995cbb17eb67a973a8abc7e567cac4229889df1535/detection

databasecontrol.xyz

# Reference: https://www.virustotal.com/gui/file/253a4539177c2e6617a98571a87211a364d1a9d6dee454589548a6413db23be5/detection

datamon.cc

# Reference: https://www.virustotal.com/gui/file/03830b7509fe6e46ea89d7fe60f732120cca1501473c5fc477e2d96b01f7f050/detection

gfxapanbnqd4jhf.pw

# Reference: https://www.virustotal.com/gui/file/64d7ba13bf3e525fc99988f742b751c9df4431af7b26a7d6cdb3191218648517/detection

ggtyyu.pw

# Reference: https://www.virustotal.com/gui/file/47019ee43e1682cdcdabda06ba450642be49b241416da1331917726cf6e565b8/detection

hostisgerhg.tk

# Reference: https://www.virustotal.com/gui/file/e677eb033d3676db1d9beae7fa1d392fef40cf0950f862108609ff25b25a4642/detection

kepler071.site

# Reference: https://www.virustotal.com/gui/file/c79a3bd6b7a37c9bf58d12a6c493e00df8413d6b68892f8c402fb34a8341aa5b/detection

lilldshar.space

# Reference: https://www.virustotal.com/gui/file/b2af96a978461c384d5efdb367b6d80028cee69d86b3cb3691b43e8a62721788/detection

masadproject.life

# Reference: https://www.virustotal.com/gui/file/02fc294d8a722633df5411062307978762ce56ed1b285cf1b388a5ca2df809f2/detection

onlinemseof.site

# Reference: https://www.virustotal.com/gui/file/0425eaee15de5550bb64838d9c3fb74071d83575362388c22d45e2385e996bbc/detection

pablopanuroere.pw

# Reference: https://www.virustotal.com/gui/file/0b3cf8e37e13a3100885a6a538da9244c72b0223501dc4f6b23929204c8d3361/detection

poiuytrewq2.site

# Reference: https://www.virustotal.com/gui/file/d1cf6edc0a27e9eadabbaacd1ec9650d6484f91556c5e81ed3b43923c4dfc1d0/detection

shlyapa.website

# Reference: https://www.virustotal.com/gui/file/9801abe4b5e3a68d376694c548d992fd1372df88299d3618b5d8c2b36c9530a4/detection

tgp.opcache.xyz

# Reference: https://www.virustotal.com/gui/file/e48514ff1736378e93832535b9c903655de96e48c5ae3ab2382ff3c8c016725c/detection

topteamover9000.fun

# Reference: https://www.virustotal.com/gui/file/d66df2e485a93c02470b99c6d4821f2f5a3bc7cde19d3ccec70d1f0dd874a66b/detection

travelgidblog.top

# Reference: https://www.virustotal.com/gui/file/fd991646249ed10695d429cac8df890dda694ba66df071469e047547df602a68/detection

watchmovie.life

# Reference: https://www.virustotal.com/gui/file/74465e9ad0ef9a1cce5f2e7485c20cb2f7d15cee1f224ac8629f68656febb39e/detection

xenicoln.gb.net

# Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection

yrhealth.life

# Reference: https://github.com/cyberark/malware-research/blob/master/OskiStealer/IoCs.pdf

http://162.0.224.159
http://173.232.146.69
http://176.113.81.170
http://178.32.145.141
http://188.227.57.121
http://194.87.147.13
http://194.87.234.156
http://194.87.236.221
http://194.87.95.5
http://195.133.147.113
http://195.133.197.21
http://45.141.84.143
http://45.143.92.129
http://45.143.93.152
http://45.151.144.128
http://45.8.228.100
http://46.17.96.25
http://5.187.7.144
http://52.246.250.237
http://80.89.228.202
http://80.89.238.87
http://85.209.91.120
http://89.223.123.36
http://91.245.227.131
http://92.53.124.88

# Reference: https://app.any.run/tasks/1ba24008-9819-4fda-9098-d2e769715470/

http://65.108.155.192

# Reference: https://twitter.com/phishgalore/status/1490794416239489028
# Reference: https://twitter.com/JCyberSec_/status/1491008346505515015
# Reference: https://www.virustotal.com/gui/file/95573cc24f3901c938e84f9628359a9dcc816dd451809f5313a99fe8da2756b9/detection

bank-statement.xyz
freddomdomain.xyz
order-magento-admin.com
statement-scotiabank.com

# Reference: https://tria.ge/220202-w4cs6abagj/behavioral1

http://95.216.183.78

# Reference: https://tria.ge/220202-w4s55sbagl/behavioral1

uploaditem.xyz

# Reference: https://twitter.com/ViriBack/status/1492589247697719304
# Reference: https://www.virustotal.com/gui/domain/flashysoft.me/relations
# Reference: https://www.virustotal.com/gui/file/241d7ec7d8a462c1a9c4570be1ddcb744f38b9322635ed860219505054c7db25/detection

flashysoft.me
main.flashysoft.me

# Reference: https://app.any.run/tasks/75915cfb-9864-46c5-b673-20e0a8ec9409/

http://95.216.147.143

# Reference: https://www.virustotal.com/gui/ip-address/13.78.210.162/relations
# Reference: https://www.virustotal.com/gui/file/b9c74bca334747feac392bc96d57d870f1907ec6ec3062bd405c1df3ccc16b74/detection

bankkia.gq
dashgaa.tk
wellsfago.ga

# Reference: https://app.any.run/tasks/45ddee1d-5fc4-4c0a-859c-42b4fbc333d0/

http://94.130.174.62

# Reference: https://www.virustotal.com/gui/file/148c9a3fc02110a684dedd1af853b508bdab5eed766f9fadd15e910ae46b2b1f/detection

bestpolandhotels.com

# Reference: https://isc.sans.edu/diary/28468

bor4omkin.ru
dersed.com
sughicent.com

# Reference: https://www.virustotal.com/gui/file/0239bcbfae35cdefd367a9dc269287c92b666743018e45f6265495b43fbbb27c/detection

maurizio.ug

# Reference: https://www.virustotal.com/gui/file/034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418/detection

hubvera.ac.ug
prepepe.ac.ug

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.77/relations

agentt.ac.ug
agenttt.ac.ug
ailsom.ac.ug
andres.ac.ug
andres.ug
backgrounds.pk
bilbosaquet.ug
brice.ac.ug
colonna.ac.ug
colonna.ug
conthruian.ug
courtneyjones.ac.ug
cracksmsa.ug
cvae.ac.ug
dancedance.ac.ug
danielmax.ac.ug
danielmi.ac.ug
darkangel.ac.ug
ddlakava.ac.ug
erolasa.ac.ug
erolbasa.ac.ug
gordonas.ac.ug
gordonhk.ac.ug
gordons.ac.ug
hanxlas.ac.ug
hsagoi.ac.ug
imobiles.pk
jamshed.pk
jonescourtney.ac.ug
kode.ac.ug
kodekode.ac.ug
kullasa.ac.ug
lastimaners.ug
lizzard.ac.ug
lizzzqua.ac.ug
lucab.ug
macakslcaq.ug
malcacnba.ac.ug
mantata.ac.ug
marcapinyo.ru
marcyovcx.ru
marianne.ac.ug
marketprice.pk
mastitisa.ac.ug
matisaas.ac.ug
matiti.ug
maurizio.ac.ug
mazooyaar.ac.ug
mazoyer.ac.ug
milsom.ac.ug
milsom.ug
moreirawag.ac.ug
myfidlerpro.ug
myhostiger.ug
myproskxa.ac.ug
nicolas.ug
nikahuve.ac.ug
nmorbertomo.ac.ug
nothinglike.ac.ug
omomom.ug
pakxkvad.ac.ug
pdshcjvnv.ug
playwell.ug
pretorian.ac.ug
pretorian.ug
puritaaxa.ac.ug
qwerty12346.ru
regay.ac.ug
saba.ac.ug
scarsa.ac.ug
scarsxa.ug
scouragae.ac.ug
sergui.ac.ug
taurus.ug
triathlethe.ug
underdohag.ac.ug
veronika.ac.ug
veronikaa.ac.ug
veronikac.ac.ug
viniscav.ac.ug
wellplayed.ug
zxvbcrt.ug

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vidar-malware-launcher-concealed-in-help-file/
# Reference: https://otx.alienvault.com/pulse/623c985eb2d2a96857e9985b

http://95.216.181.231

# Reference: https://twitter.com/Cyber_O51NT/status/1508819570588459017
# Reference: https://blog.morphisec.com/threat-research-mars-stealer
# Reference: https://www.virustotal.com/gui/file/6670b60de348f134151d4911e9714ee1cb3a51dd9d0f008b0fa2d42c796d2cfb/detection
# Reference: https://www.virustotal.com/gui/file/6b18a223ce8f1f42880a54809880cd5c3a6890955d2469b10ea771dab333871e/detection
# Reference: https://www.virustotal.com/gui/file/ab7e7d8594befb5a7137ec323db87a4aacfa64260327d61eee30626a760c3d5b/detection
# Reference: https://www.virustotal.com/gui/file/77148020b07fa69f4c68596f3132186975d7e289cff617ae9f4dab6806709807/detection
# Reference: https://www.virustotal.com/gui/file/0f2edca4bfbbde781da5438b0dec6f91e701588b854d66561be0f2d9d5074a78/detection
# Reference: https://www.virustotal.com/gui/file/8f925aa659cdab2466d2860dfc06d14d1c384c7a449683813db8d9219ed333c9/detection

http://185.212.130.47
http://193.56.146.66
http://5.45.84.214
http://66.29.142.232
http://82.146.63.54
http://91.92.128.35
telemeetrydata.cn
tommytshop.com
tonyshop312.com
/SCmygye1LE/FTOauwvCfJ/
/FTOauwvCfJ/
/SCmygye1LE/
/2BxXIkoySb.php
/8cPynL7Va1.php
/eglkAa6HG1.php
/gfattee933.php
/KNOuG8qeID.php
/tytfu656i7kuydgsjdsdu.php
/umO0HLhYp5.php

# Reference: https://www.virustotal.com/gui/file/8537e3492ed1da3a8c301853548e4ffb1e79906063e20ba237db9038121ae4a2/detection

http://45.9.20.31
/LD3F8IPgas.php

# Reference: https://www.virustotal.com/gui/file/56cf528c7b47eec296feb89c8314db85d81eaca55b96387360e0ec3e7b6caa1b/detection

f0649032.xsph.ru
f0649033.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7e7b97d4785f8f237e996ba65d7369261071db6e66b796ad87a195d6caded887/detection

http://176.57.189.191

# Reference: https://www.virustotal.com/gui/file/1fc99227ff5f8d7548959ebabda2fdd4c9c51c3ee924e5494e70af307d8aafc5/detection

http://154.16.112.151

# Reference: https://twitter.com/0xrb/status/1511564992805761024
# Reference: https://www.virustotal.com/gui/file/4bcff4386ce8fadce358ef0dbe90f8d5aa7b4c7aec93fca2e605ca2cbc52218b/detection

http://194.87.218.39
/RyC66VfSGP.php

# Reference: https://twitter.com/0xrb/status/1511939521877000194
# Reference: https://www.virustotal.com/gui/file/813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84/detection
# Reference: https://www.virustotal.com/gui/file/ff676d4c5f83c81b77d21b605866d45acde3e04f4cf9f2cf9180f154144a48b9/detection

250329.prohoster.biz

# Reference: https://www.virustotal.com/gui/file/f668f1ba25939689fb35e11e3c77f2824ede2373ebb48ec711bb99d11de3027b/detection

a0634004.xsph.ru

# Reference: https://twitter.com/fr0s7_/status/1512457923947114499
# Reference: https://www.virustotal.com/gui/file/ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768/detection

http://95.217.244.41

# Reference: https://twitter.com/0xrb/status/1513739710765895681
# Reference: https://www.virustotal.com/gui/file/473c8b608a69a546da4510f610501bcac001e726699e75d8a15afd50ff66f460/detection

http://62.204.41.128
/81uBpsioYb.php

# Reference: https://twitter.com/0xrb/status/1513762639218118656
# Reference: https://www.virustotal.com/gui/file/309122794db2c8fd2ffd82c9770988297860a56116ce184be08da75b64d361f8/detection
# Reference: https://www.virustotal.com/gui/file/0f63b4b4659449eee766610af817b786e9cd7622743851cf7b71430613d7521b/detection

http://62.204.41.69
62.204.41.166:27688
/p8jG9WvgbE.php

# Reference: https://twitter.com/0xrb/status/1513747076714491905
# Reference: https://www.virustotal.com/gui/ip-address/2.57.186.176/relations
# Reference: https://www.virustotal.com/gui/file/455118a3a6c915e50ec4ff1133b51f24b1e080e3e591f42e41e144af0bdc7890/detection

cheapa.link
cheapb.link
cheapc.link
cheapd.link
cheape.link
cheapf.link
cheapg.link
cheaph.link
cheapi.link
cheapj.link
cheapk.link
cheapl.link
cheapm.link
cheapn.link
cheapo.link
cheapp.link
cheapq.link
cheapr.link
cheaps.link
cheapt.link
cheapu.link
cheapv.link
cheapw.link
cheapx.link
cheapy.link
cheapz.link

# Reference: https://twitter.com/Glacius_/status/1513861040605442052

http://195.242.111.168
/2s06lj04kybnr4ze.php

# Reference: https://twitter.com/0xrb/status/1515918645800882181
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.89/relations
# Reference: https://www.virustotal.com/gui/file/fd48ebb9c6da16d3f371ee0e1bd94c7027ffacb7b99d27e59c81c8504477fd60/detection

asdasgs.ug
beachwood.ug
courtneyjones.ac.ug
danwisha.ac.ug
hubvera.ac.ug
kodekode.ac.ug
ludivineemery.ac.ug
malayska.ug
marksidfgs.ug
marnersstyler.ug
mistitis.ug
rockphil.ac.ug
rockrock.ug
triathlethe.ug
underdohg.ac.ug
underdohg.ug

# Reference: https://twitter.com/0xrb/status/1516280842586566656
# Reference: https://twitter.com/0xrb/status/1517034682164334592
# Reference: https://www.virustotal.com/gui/ip-address/2.56.240.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/2.57.187.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.8.124.64/relations
# Reference: https://www.virustotal.com/gui/file/03989d0af03476f5611d18e2e8f6706be0d542707336c2b426035c78335f1328/detection
# Reference: https://www.virustotal.com/gui/file/c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb/detection
# Reference: https://www.virustotal.com/gui/file/6e304b4616eb9daa7da76d3c1894d5e62af10fe6dc3d6b2356518dbb1121d6b9/detection

jsdkca.link
jsdkcb.link
jsdkcc.link
jsdkcd.link
jsdkce.link
jsdkcf.link
jsdkcg.link
jsdkch.link
jsdkci.link
jsdkcj.link
jsdkck.link
jsdkcl.link
jsdkcm.link
jsdkcn.link
jsdkco.link
jsdkcp.link
jsdkcq.link
jsdkcr.link
jsdkcs.link
jsdkct.link
jsdkcu.link
jsdkcv.link
jsdkcw.link
jsdkcx.link
jsdkcy.link
jsdkcz.link

# Reference: https://twitter.com/0xrb/status/1516640874306088960
# Reference: https://www.virustotal.com/gui/file/18c7c5e7d5146bef12ead85598bf5d2c48ee5e6634d4769221d3e7712809f1ad/detection

xiskasment.com

# Reference: https://twitter.com/James_inthe_box/status/1517238542434414592
# Reference: https://app.any.run/tasks/f82a6efe-c21c-4949-8523-d3f2ad8be39c/

http://5.252.178.50

# Reference: https://twitter.com/James_inthe_box/status/1517262007795281920
# Reference: https://app.any.run/tasks/e6362786-dbeb-44ad-b62e-ddf6a6fe7c1c/

http://116.202.1.195

# Reference: https://www.virustotal.com/gui/file/9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10/detection

http://139.177.176.177

# Reference: https://app.any.run/tasks/2bf3a7e1-f6a9-44dc-9d15-d9fa4f803e65/

http://195.201.250.209

# Reference: https://twitter.com/0xrb/status/1521717264311275520

http://185.104.114.24

# Reference: https://twitter.com/0xrb/status/1522455058520358912
# Reference: https://www.virustotal.com/gui/file/1fb1244bbc75553e090acf7f1dfc01f4283b428ac966364fad0d95bd1b967e61/detection

http://162.33.179.235
/gatero0m.php

# Reference: https://twitter.com/0xrb/status/1522450567473549313

micrwa.link
micrwb.link
micrwc.link
micrwd.link
micrwe.link
micrwf.link
micrwg.link
micrwh.link
micrwi.link
micrwj.link
micrwk.link
micrwl.link
micrwm.link
micrwn.link
micrwo.link
micrwp.link
micrwq.link
micrwr.link
micrws.link
micrwt.link
micrwu.link
micrwv.link
micrww.link
micrwx.link
micrwy.link
micrwz.link
/8sdd875.php

# Reference: https://www.virustotal.com/gui/file/0ed195ec728ae0cf1d028dfc6682e64f4355b3e33ce4de258f854701dce4ee61/detection
# Reference: https://tria.ge/220610-s2xtrshbb2/behavioral1

http://93.115.21.45
/gtaddress

# Reference: https://www.virustotal.com/gui/file/62a53b52eb3408052d19cace306452e9d3075618b4198e3e8c0beb7200da5886/detection

http://78.47.227.68

# Reference: https://twitter.com/c_APT_ure/status/1526268613367300096
# Reference: https://www.virustotal.com/gui/file/6852472f4d85443563b226cc8dd1adfc7b005d094071eb460681af0830d10a16/detection
# Reference: https://www.virustotal.com/gui/file/b9106d6ef93fa8f25f43b1fb0b4fe6e29b1afb44844159a22bd5fa23ddaebe1f/detection
# Reference: https://www.virustotal.com/gui/file/e106f33cb1f8c26b6211611bd22fcaced5d1c88700670c8b477827f9e00a8b3f/detection

http://23.95.52.191

# Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection

http://95.217.244.73

# Reference: https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
# Reference: https://otx.alienvault.com/pulse/62876ce0115d3177c23d5d74

ms-teams-app.net
ms-win11.com
win11-serv.com
win11-serv4.com
win11install.com
ms-win11.midlandscancer.com

# Reference: https://www.virustotal.com/gui/file/00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746/detection

http://162.55.213.180

# Reference: https://www.virustotal.com/gui/file/0290fd4f9c7240911d9051f76167a75dd78834e6a03faf6b09aeae21ff3094db/detection

backgrounds.pk
gadem.ug
lcjvkdfas.ug
zaragoza.co.ug
zaragozsa.ug

# Reference: https://www.virustotal.com/gui/file/f6a58d46a92e7739388cd9e1c0df2800af70169a6df2a19b8c1b96defeed902e/detection

2tril.com

# Reference: https://app.any.run/tasks/67322566-fff2-4a64-a5b8-405599618c7d/

http://107.189.13.22

# Reference: http://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030670.html
# Reference: https://www.virustotal.com/gui/file/7093aba8ae03275caab7372a7d56172df1716120d477dc276ee9f0b08816bd0c/detection

aztkiryhetxx.ru
ckrddvcveumq.ru
cugdwpnykghx.ru
dvizhdom.ru
dwrfqitgvmqn.ru
rhjebiuujydv.ru
rwwmefkauiaa.ru
sanlygeljek.ru
sinelnikovd.ru
wzqyuwtdxyee.ru
zpuxmwmwdxxk.ru
zyzkikpfewuf.ru

# Reference: https://www.virustotal.com/gui/file/8bf5a6be286efa5c7871d287a80120fc48a3744bd2a6a3764834082b95e68674/detection

cenlar.cc

# Reference: https://tria.ge/220602-rf2p6acaaj/behavioral1

http://107.189.11.124

# Reference: https://twitter.com/BlackLotusLabs/status/1532795523329052672
# Reference: https://www.virustotal.com/gui/file/78456112caae4c00fa66e6f9c7474331a2befe795a75a7313d4e0770196a0b35/detection

http://116.202.187.69

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://185.9.41.83
http://212.110.132.195
http://77.232.41.206

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://2.57.122.82

# Reference: https://tria.ge/220609-ztaslagec8/behavioral1

http://194.156.98.151

# Reference: https://www.virustotal.com/gui/file/12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3/detection

http://194.180.174.180

# Reference: https://www.virustotal.com/gui/file/ead121e4d007085adb42edd61c3328aa728fa2c1d7c78e77ceb64f999f7323e3/detection

ratinonanuere.pw

# Reference: https://www.virustotal.com/gui/file/037b340417857e618b37cfc3c6b4e6d01717ca0cedfaf57c4d98f368f432f10d/detection

recmaster.ru

# Reference: https://www.virustotal.com/gui/file/03d90fc0c0da8275035336d823f053a84ef50ab82aa0d2bba0722bb9e32a5627/detection

martinlloyd.net

# Reference: https://tracker.viriback.com/dump.php (2022-07-11)

http://13.58.70.215
http://185.4.65.70
http://188.212.124.14
http://193.203.238.120
http://194.233.168.238
http://194.87.218.26
http://195.242.110.71
http://45.130.104.128
http://45.138.157.227
http://62.204.41.103
http://62.204.41.179
http://62.204.41.223
http://80.79.114.182
http://91.243.44.99
http://94.142.141.235
a0626884.xsph.ru
anderd2w.beget.tech
blitzhost.ga
dashgaa.ml
ericfatima.beget.tech
f0623459.xsph.ru
ida-ayu.com
img.futanari-toons.com
mars.cryptominingpioneer.com
mars22.cryptominingpioneer.com
nationalspaceforceusaaainc.com
pashiudsa.com
share.softwareshare.me
tracey991.beget.tech
truehempbiz.com
zl3fh9x1.beget.tech
/5Ou97MmeyI/
/5Ou97MmeyI/login.php
/SCmtgye1LE/
/SCmtgye1LE/login.php
/c0XEaQ58yT/
/c0XEaQ58yT/login.php
/deAGgwt1R7/
/deAGgwt1R7/login.php
/yugYFTr5u6uytJgfj/
/yugYFTr5u6uytJgfj/login.php

# Reference: https://tria.ge/220531-s91kmafcgl/behavioral1

http://78.47.74.118

# Reference: https://tria.ge/220715-rnvltacbhl/behavioral2

http://45.144.29.243

# Reference: https://twitter.com/ViriBack/status/1549905970905612290

http://185.104.114.24
http://146.190.235.63
http://185.4.65.203
http://193.124.22.9
http://87.120.37.42
http://94.102.57.150
http://94.124.78.161
chicvvdon.lol
goldrushaw.ug
moneyd.link
renox.lol
superfilmes.cf
topababa.us
data.topababa.us

# Reference: https://twitter.com/idclickthat/status/1551249542783328257
# Reference: https://tria.ge/220724-ttq7paafbm/behavioral1

http://185.53.46.199
zidclouzby2.xyz

# Reference: https://app.any.run/tasks/da232c24-a63c-4378-ae30-f3305fd0334e/

http://95.217.244.216

# Reference: https://twitter.com/ViriBack/status/1554137490872799233
# Reference: https://tria.ge/220801-str9baahe3

atomic-wallet.net
/marsword/gate.php

# Reference: https://www.virustotal.com/gui/file/c1f6d80c29bdb4c6939dcd898e17d868859def5a9ed463044115728e193168d9/detection

lamol.ddns.net

# Reference: https://twitter.com/ViriBack/status/1555348941834698758

moneya.link
moneyb.link
moneyc.link
moneyd.link
moneye.link
moneyf.link
moneyg.link
moneyh.link
moneyi.link
moneyj.link
moneyk.link
moneyl.link
moneym.link
moneyn.link
moneyo.link
moneyp.link
moneyq.link
moneyr.link
moneys.link
moneyt.link
moneyu.link
moneyv.link
moneyw.link
moneyx.link
moneyy.link
moneyz.link
/8sd87v7.php

# Reference: https://www.virustotal.com/gui/file/75e886f21527f32fb230ba37cfef2271279a41c6b72e57a63223eb10367be928/detection

116.202.183.213:1080
95.217.246.200:1080

# Reference: https://twitter.com/0xrb/status/1557289524006293504
# Reference: https://www.virustotal.com/gui/file/246b27e609ebd8a1ec31b9667addf3b262d6487602209baa9b32c54539a28031/detection

http://193.106.191.146
194.5.98.107:6968
beachwood.top
beachwood.ug
charisma.ac.ug
goldrushaw.ug
kalskala.ac.ug
malayska.ug
mariah.pk
nikahuve.ac.ug
parthaha.ac.ug
safetygear.pk
safetygear.top
scientific.pk
tuekisaa.ac.ug
vsongs.pk
wiwirdo.ac.ug
/kanorgate.php

# Reference: https://twitter.com/fumik0_/status/1559474920152875008
# Reference: https://twitter.com/ViriBack/status/1559523902082224128
# Reference: https://www.virustotal.com/gui/file/9f90081674303197706584dd91a9b37dc9399c499b466ef7a4e5d55a8145f844/detection
# Reference: https://www.virustotal.com/gui/file/7873dddec4a46e7ad104de9b6bd68f590575b7680a1d20b9fe1329d1ad95348f/detection

safe-car.ru

# Reference: https://twitter.com/ViriBack/status/1562797767592136704
# Reference: https://tria.ge/220825-qn96tsdfap/behavioral1
# Reference: https://www.virustotal.com/gui/file/cdbbca5bc9428b5e403f4af071affbfe74b90c1b3244908bb0470d214f080205/detection
# Reference: https://www.virustotal.com/gui/file/a77d1a409ec71c1f9c90d1b632edb29c11a043bcb05ffef05c3ef5688e10cea5/detection

http://176.10.118.235
housewall.xyz
kanban.housewall.xyz
mars.housewall.xyz
n8n.housewall.xyz
traefik.housewall.xyz
trilium.housewall.xyz

# Reference: https://www.virustotal.com/gui/file/09fb6bb883ca633aa0aa3eea9735d8b041b3cdfa03a49fa12a32896968708d96/detection

kmwekek.link

# Reference: https://www.virustotal.com/gui/file/017c70f1af4f0b70d2b4aa5ae0b64c883d29aeb9a995cfe725b52c62a8cf3c0e/detection

werido.ug

# Reference: https://otx.alienvault.com/pulse/630cb63d30d8b469b2a6a1c7
# Reference: https://www.virustotal.com/gui/ip-address/45.143.201.4/relations

boundertime.ru
cointra.ac.ug
ftp.backgrounds.pk
ftp.nicoslag.ru
goldrush.ug
goldrushaw.ac.ug
hopeforhealth.com.ph
mail.charisma.ac.ug
mail.goldrush.ug
mail.goldrushaw.ac.ug
mail.goldrushaw.ug
mail.karimgousa.ug
mail.marnersstyler.ug
mail.mistitis.ug
mail.mofdold.ug
mail.opsdjs.ug
mail.partaususd.ru
mail.safetygear.pk
mail.scientific.pk
mail.wiwirdo.ac.ug
mofdold.ug
momomolastik.ug
movesc.top
nicoslag.ru
ns1.asdsadasrdc.ug
ns1.backgrounds.pk
ns1.goldrush.ug
ns1.karimgousa.ug
ns1.marnersstyler.ug
ns1.mistitis.ug
ns1.mofdold.ug
ns1.partaususd.ru
ns1.safetygear.pk
ns1.scientific.pk
ns1.triathlethe.ug
ns2.asdsadasrdc.ug
ns2.boundertime.ru
ns2.goldrush.ug
ns2.marnersstyler.ug
ns2.mistitis.ug
ns2.qwertzx.ru
ns2.safetygear.pk
ns2.scientific.pk
partadino.ac.ug
partaususd.ru
phila.ac.ug
pjjot.top
pop.backgrounds.pk
pop.cracksmsa.ug
pop.partaususd.ru
qd34gf23ewrfsd1233.ru
qwertasd.ru
raphaellasia.com
rbcxvnb.ug
smtp.backgrounds.pk
smtp.qwertzx.ru
thatstraveling.ac.ug
timebounder.ru
tugusino.ru
wewilltoptheearth.top

# Reference: https://www.virustotal.com/gui/file/f0b1c1bef9f65f6a69d2fa3211fffae43afdbb144bf24fd1d889a26fbcbcfafb/detection

http://116.202.180.202

# Reference: https://www.virustotal.com/gui/file/40ac4d8ee624e824ca4b6fe0cc01df13a36d31ca53036c1e0f963cefa7ed8948/detection

http://107.189.31.171

# Reference: https://www.virustotal.com/gui/file/01d692761b0698f1246ab16aaf09f74e7801a26a271405028c2771366008c363/detection

http://74.119.192.241

# Reference: https://www.virustotal.com/gui/file/0a7682c0607e0fcb3580d28aec0e3439d6eae0cde1ab3359832046f7f33cdb0f/detection

http://94.130.188.151

# Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection
# Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection

brainstormvc.me
niemannbest.me
smkn3depok.com
topniemannpickshop.cc

# Reference: https://www.virustotal.com/gui/file/091ffa54f241270aea68cbb9fa0aea580ad3b800f544200b6908022cc3c28e4a/detection

opzspqwkz.ru

# Reference: https://twitter.com/WhichbufferArda/status/1569412764543713281
# Reference: https://www.virustotal.com/gui/file/bfd72bdd4ab311acd0e05211cb01f8671d358540201eb200f613fd80b62291f0/detection

http://5.161.155.121
evetesttech.net

# Reference: https://twitter.com/idclickthat/status/1569679280761626626
# Reference: https://twitter.com/idclickthat/status/1570399267977859074
# Reference: https://twitter.com/idclickthat/status/1570783889827983362
# Reference: https://twitter.com/1ZRR4H/status/1570626623241846787
# Reference: https://tria.ge/220916-enhk2aefa4/behavioral1

http://5.252.22.196
pdf-edit.online
pdf-editor.online
pdf-editor.top
zoom-us.top

# Reference: https://twitter.com/idclickthat/status/1569350142230204421

zoom-download.fun
zoom-download.host
zoom-download.space
zoomus.host
zoomus.tech
zoomus.website

# Reference: https://tria.ge/220922-vp5pysfgdn

mars.haksanlogistics.com

# Reference: https://tria.ge/220922-vqawzacac6

gemkan.online
gg.gemkan.online

# Reference: https://twitter.com/1ZRR4H/status/1575364121893158916
# Reference: https://www.virustotal.com/gui/file/06d1366df3628a010416384f7c77c493ac35f13ee05e010751708d681ebe5169/detection

http://116.202.2.236
http://5.161.21.185
/trampapanam

# Reference: https://tria.ge/220929-vejpqsbeb6/behavioral1

765mm.xyz

# Reference: https://tria.ge/220916-sgqjysbgdr

dimonbk83.tumblr.com

# Reference: https://www.virustotal.com/gui/file/0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8/detection

ludivin.ac.ug
markinda.top
markinda.xyz
mckawwrsa.ac.ug
muylove.ac.ug
partiad.top
partiad.xyz
tuekisa.ac.ug
wishamag.ac.ug

# Reference: https://twitter.com/ViriBack/status/1575637648911192064

http://142.11.252.64
http://23.137.249.61
http://37.46.135.174
http://74.201.28.165
babycookie.net
linkappa.link
linkappb.link
menfkkf.link
xlsxexcelviewer.cf
banta.xlsxexcelviewer.cf

# Reference: https://twitter.com/Gi7w0rm/status/1575851139425177600
# Reference: https://tria.ge/220930-q699jsefbr/behavioral1

http://5.182.36.79
http://94.131.97.143

# Reference: https://www.virustotal.com/gui/file/371384518223a80ff5381a728ba1e4f846c93713bb39bc80fb2d95cdd8158241/detection
# Reference: https://www.virustotal.com/gui/file/487723e00df8d7f8bfdb57614fa32001f2addc6be9576005b04f1dff53710634/detection

o.oteqprojects.co.in
v.oteqprojects.co.in

# Reference: https://tria.ge/221014-wdxewadhg3/behavioral2

http://77.73.133.31

# Reference: https://www.virustotal.com/gui/file/fcf421952d84ded2ae3c64d60e404be047df6bbf7c126286d673301ea9639296/detection

http://5.161.120.43

# Reference: https://www.virustotal.com/gui/file/cb0fed1d298a0c7762cc0e97262788840d7d82f9f73b83832a1d61b16456bac1/detection

http://94.131.96.16

# Reference: https://www.virustotal.com/gui/file/c834c1de44e284183d5a90eda6835c4d5b4da809ea513b22876422865ae5fa90/detection

http://23.88.115.141

# Reference: https://twitter.com/idclickthat/status/1580635156016410624
# Reference: https://tria.ge/221013-t6pjmadfb3/behavioral2

exoduswallet.app

# Reference: https://twitter.com/idclickthat/status/1579245116296138752
# Reference: https://tria.ge/221009-2l4rtaacer/behavioral3

http://213.252.245.80
desktoptrading.store
tradingviewcheck.com
tredingveiws.com

# Reference: https://www.virustotal.com/gui/file/13c98b46764978f5261ed939fdc46c17f4fbc5eb382ab9ca795cb773c0e5bb55/detection

http://45.15.156.60
http://49.12.196.69
nanoplow.space

# Reference: https://tria.ge/221024-qapb7sgfe8

http://45.159.249.181
http://45.8.145.85
http://77.91.123.173

# Reference: https://twitter.com/idclickthat/status/1584541335415312384
# Reference: https://tria.ge/221024-qktdxaggc3/behavioral1

http://45.15.156.81
allbestcrack.pro

# Reference: https://twitter.com/idclickthat/status/1584584590982664193

garminexpress.art
garminexpress.homes
garminexpress.skin

# Reference: https://twitter.com/JAMESWT_MHT/status/1584595337339338752

logitech-ghub.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1584591876170330113

http://45.89.54.52

# Reference: https://twitter.com/l205306/status/1584569524137127936

allsofts.cloud
allsoftwarefou.com
byxdeoner.me
freesoft.digital
kokoasoft.com
winsofts.cloud

# Reference: https://twitter.com/idclickthat/status/1584586589598285825
# Reference: https://tria.ge/221024-th4zeahegn/behavioral1

http://167.235.62.106
baiaveloz.com
tensoft.org
tm.baiaveloz.com

# Reference: https://twitter.com/l205306/status/1584742172934688769

expertsoft.org
software-plus.space

# Reference: https://www.virustotal.com/gui/file/00221666dec1a50f08ed21af02c42150b8d75203e7b86f2a17080a8df5ea9af4/detection

http://195.201.255.186

# Reference: https://twitter.com/l205306/status/1584827015835680768

eazzysoft.com
newsoftman.com
nigmasoftware.site

# Reference: https://twitter.com/l205306/status/1584858330216173568

anysoft.site
wh1tesoftware.me

# Reference: https://twitter.com/l205306/status/1585064152166699008

byxdeoner.net
soft-pro.site
softwareplanet.website
teensoft.org

# Reference: https://twitter.com/r3dbU7z/status/1584714345153728512

http://135.181.168.27
http://144.24.197.26
http://162.247.152.190
/frBjrtz56Urt/
/tkK30UgdT6/
/17sh9j0q9nrz2iqj.php
/1kk52amkkoyzw9oq.php
/1xphi615sno1jmx9.php
/2xfc11rpcncdfk7z.php
/32xaywoipobq5v5v.php
/41szxukxx0vtv9ee.php
/jgkgugyfdftytf.php
/qtnqpx3zkscm0d8c.php
/uh9mbmc2i054omv6.php

# Reference: https://twitter.com/l205306/status/1585250164922814464
# Reference: https://twitter.com/JAMESWT_MHT/status/1585263428935073793

http://78.47.204.168
allsoftware.cloud
soft-exp.org
softlab.fun
softload.tech

# Reference: https://twitter.com/l205306/status/1585595687441661953

appshigha.com
cracked.guru
placeofreesoft.com
soft-free.space
softcloud.link
softwareorlando.com
unisoft.store
vexonex.com
windsoft.cloud

# Reference: https://twitter.com/SquiblydooBlog/status/1585940710007705602
# Reference: https://tria.ge/221028-l6wc6sfcd5/behavioral12

http://88.119.169.42
soft-portal.site

# Reference: https://www.virustotal.com/gui/file/6855c3be8f4527b0e7da660b812ed882474bb274583850c856121fd5e123b224/detection

http://5.252.178.82

# Reference: https://twitter.com/milannshrestga/status/1581662855203782656
# Reference: https://tria.ge/221016-sbkrhshfbm

decenlral-games.pro

# Reference: https://tria.ge/221030-a87y7sebf5/behavioral1

http://95.216.182.145

# Reference: https://twitter.com/SquiblydooBlog/status/1587122203375575053
# Reference: https://tria.ge/221031-tq57facccr/behavioral2

http://89.185.85.63

# Reference: https://www.virustotal.com/gui/file/03f732ed336f06dc381f0a60bee3a77905a073096eb7fb20fa45a56d37f7638c/detection

http://116.202.5.121

# Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection

http://95.216.181.10

# Reference: https://twitter.com/1ZRR4H/status/1575364101148114944

fortinetq.com

# Reference: https://twitter.com/crep1x/status/1589721461882617857
# Reference: https://threatfox.abuse.ch/browse/tag/Vidar/

http://104.128.190.89
http://104.223.0.115
http://104.223.0.117
http://107.175.40.57
http://116.203.15.149
http://116.203.182.209
http://116.203.7.175
http://138.201.90.120
http://146.19.233.108
http://162.55.221.218
http://167.235.137.244
http://176.126.113.111
http://176.126.113.99
http://185.130.47.169
http://185.142.238.113
http://185.181.165.49
http://185.203.117.83
http://185.213.209.142
http://185.214.10.114
http://185.214.10.153
http://185.214.10.174
http://185.225.19.47
http://185.25.50.127
http://185.25.51.238
http://185.25.51.36
http://188.34.207.6
http://193.38.54.108
http://194.87.31.140
http://195.133.40.163
http://195.201.251.82
http://195.201.252.190
http://195.201.253.169
http://195.201.253.5
http://198.251.89.96
http://213.170.133.117
http://213.170.133.153
http://213.170.133.163
http://213.170.133.36
http://213.252.244.136
http://213.252.244.137
http://213.252.244.247
http://213.252.244.86
http://213.252.245.100
http://213.252.245.66
http://213.252.246.218
http://213.252.246.230
http://213.252.246.243
http://213.252.247.107
http://42.186.202.116
http://45.136.50.120
http://45.142.212.155
http://45.142.213.52
http://45.142.213.7
http://45.150.64.207
http://45.153.230.169
http://45.153.230.241
http://45.8.145.83
http://45.8.146.18
http://45.8.147.23
http://45.8.147.74
http://45.86.229.188
http://45.87.154.35
http://45.89.55.118
http://45.89.55.154
http://45.89.55.158
http://45.89.55.159
http://45.89.55.174
http://45.89.55.176
http://45.89.55.177
http://45.89.55.82
http://45.92.156.110
http://45.92.156.133
http://49.12.72.35
http://5.182.39.134
http://5.182.39.216
http://5.182.39.224
http://5.252.177.45
http://5.252.177.9
http://5.252.21.207
http://5.252.23.34
http://5.253.18.213
http://5.253.18.70
http://5.253.18.96
http://51.195.166.165
http://62.204.41.126
http://64.44.167.153
http://64.44.177.137
http://64.44.61.136
http://65.108.210.122
http://65.21.189.158
http://65.21.63.71
http://69.161.221.169
http://72.18.215.185
http://72.18.215.195
http://72.18.215.223
http://74.119.195.129
http://74.119.195.180
http://77.75.230.160
http://77.91.123.253
http://77.91.73.17
http://77.91.73.44
http://78.47.148.33
http://79.124.78.206
http://79.137.195.130
http://79.137.204.163
http://79.137.204.167
http://80.71.157.152
http://80.71.157.165
http://80.71.157.209
http://80.89.229.62
http://80.92.206.65
http://80.92.206.80
http://82.115.223.60
http://82.180.132.54
http://85.239.62.233
http://88.119.169.102
http://88.119.170.155
http://88.198.175.205
http://88.198.74.87
http://88.198.89.6
http://89.185.85.145
http://89.185.85.63/
http://94.131.100.124
http://94.131.107.124
http://94.131.107.38
http://94.131.109.10
http://94.131.109.112
http://94.131.109.113
http://94.131.109.139
http://94.131.109.217
http://94.131.109.35
http://94.131.109.45
http://94.131.109.46
http://94.131.110.20
http://94.131.110.42
http://94.131.97.111
http://94.131.97.119
http://94.131.97.136
http://94.131.97.153
http://94.131.98.4
http://94.158.244.125
http://94.158.244.79
http://95.216.174.64
http://95.216.180.168
http://95.216.181.211
http://95.216.181.82
http://95.216.182.219
http://95.216.182.38
http://95.217.102.102
http://95.217.214.231
http://95.217.242.151
http://95.217.242.155
http://95.217.244.42
http://95.217.245.107
http://95.217.245.254
http://95.217.246.41
http://95.217.27.155
http://95.217.27.160
http://95.217.29.33
http://95.217.31.129
12ewsdf.one
23ntrolandcon.cfd
4r8uhzs3e.click
5tfgbgf6yjhg.cfd
6ha7e7ws.cfd
6tgghf3ec2ws.cfd
7uhjedf3e.click
7uyh9i1qws4r.click
9d8pc33h.cfd
9ik4rfu85tg.cfd
ada09sch.cfd
arentsconti.cfd
arkableco.cfd
arytotheo.cfd
as45vfrt8.one
aswe45bju.one
azsdef7ujh.click
b7hk59vz.cfd
b86yht6.cfd
bg6buj3q.cfd
bgfd3w7uj.click
bgt5hy7ju87.cfd
bgy6trfdx.click
bitclandng.click
btiku5c6x.cfd
btr65kaq1.one
byrokilandn.xyz
c34f5tybc.one
casaufixco.click
cfr45tfg.cfd
d23c06na.one
ddrtg0oikt.click
de3bgt54.cfd
dea6e67jp.cfd
downloadish.us
dyacosm.cfd
edtoal.cfd
encfavestan.xyz
eri39fg.one
erseyata.cloud
f34g56y.one
fe34rfhg5tf.cfd
fezulandg4.click
fithsthef.cloud
g4rty6b.one
geclandz.click
get4pc.click
get4pcsoft.click
getpccrack.click
getpcsoft.click
gt5juy76u87.cfd
gtb7cd8x6.cfd
h45iuy7.one
hagxoferz.click
hu8jki8.cfd
ichitisthel.cfd
ijmnhxd5t.click
ikr2c8jw.cfd
ilandonserc.xyz
inneroft.cfd
isticdiversi.cfd
j5tg3ed.cfd
j8f7bgmm7.cfd
j9bvc1z.one
k56tyui.cfd
kitonestvo.xyz
kmnh6tg43ed.click
kuygvdt5tg.click
l9eg69oik.cfd
landkemoty.click
laodosmart4.xyz
ledoffamaj.cloud
loi87ygvcx3e.cfd
lsknf45vgh.click
mekaofland.click
mlwsx6ygh.click
monitorcrack.click
mqw60ct.cfd
mylandng00.click
myprob1go.click
mysolandg.click
mzhuto2j.cfd
n6j7ujhg.cfd
nhgfr7yh.click
nhgtr46t.cfd
nlondono.cfd
nthenorth.cfd
ntiquityan.cfd
nug5i3tv.cfd
nyt67dfa.one
oldlands1t.xyz
onwalloniai.cfd
p4pentsh0.click
pa12cqxe.one
pccracking.click
qa5nhg6tygh.cfd
qwvmgj82cvm.cfd
qyqevqvig.cfd
r6hsv2gxd.cfd
redirectwar.org
rerecorded.cfd
rfj87lmj.one
rtheidicona.xyz
s584d3v3s.cfd
sapported.xyz
sb244iuy.one
scribedth.cfd
securedownload7.xyz
securedownloadcheaker.xyz
semalop98w7.cfd
semarewwdw7.cfd
solsw98w7.cfd
sooswa8w7.cfd
ssu810der.one
sujghwdtb.cfd
sw2gt5.cfd
swqtglk8u.click
t1nkabyt.click
t2dwsm3v.cfd
taknoce11.click
tandflick.cfd
ther878ha.cfd
thismataln.click
tikalandof.click
tp4mtmoaj.cfd
tqbnb8c2f.cfd
trikbozm3.click
trolboatvasilyb.xyz
tsorequiva.cfd
ujhg6yhgdc.click
upfcraf.cfd
uralposition.cfd
v5tr6yfr.one
verei67gn.cfd
vfews23pl.click
vffgt67yu.cfd
volpsolkpas7.cfd
w34cf5t.one
weokd09rt.one
withylndng.click
x4rt45tgf5g.cfd
xg4x7yzy.cfd
xr45tyui.cfd
y29se10.one
youcolandrz.click
ysystemw.cfd
zxcv6yhg.cfd

# Reference: https://twitter.com/crep1x/status/1590044609757220864

downloadadri.us
downloadbea.us
downloadcog.us
downloadex.us
fileaza.us
filebia.us
filecheck.us
filecore.us
filecyber.us
fileddev.us
filedigital.us
filedock.us
fileegy.us
fileella.us
fileex.us
fileflash.us
fileloop.us
filemodel.us
filenetwork.us
fileoperator.us
filespire.us
filetetra.us

# Reference: https://twitter.com/AuCyble/status/1590306688447709185

msi-afterburnerr.com

# Reference: https://twitter.com/AuCyble/status/1590304696576901120

meta-trader4.net

# Reference: https://twitter.com/AuCyble/status/1590305538335985667

tradingview10-download.top

# Reference: https://www.virustotal.com/gui/ip-address/193.106.191.169/relations

badhabits.ug
bratiop.ru
gorillaglue.ug
itomail.ug
marcaka.ac.ug
maripos.ac.ug
movescx.top
mylupaslc.ug
wewilltoptheworld.top

# Reference: https://cert.gov.ua/article/2724253 (Ukrainian, UAC-0118, FRwL, Z-Team)

http://185.96.163.102
http://193.43.146.42
advanced-ip-scanner.click
advanced-ip-scanner.site

# Reference: https://twitter.com/idclickthat/status/1593634378898296833
# Reference: https://twitter.com/1ZRR4H/status/1593636426234691590
# Reference: https://www.virustotal.com/gui/ip-address/116.202.5.101/relations

http://116.202.5.101
http://95.216.178.160
citrix-download.online
citrix-download.site
citrix-download.store
citrix-download.tech
citrix-download.website

# Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Avidar

http://116.202.2.1
http://116.202.3.228
http://138.124.180.85
http://141.98.169.146
http://146.70.86.32
http://167.99.129.200
http://176.57.69.149
http://178.159.38.91
http://178.23.190.60
http://185.138.164.149
http://185.138.164.179
http://185.165.188.49
http://185.231.205.200
http://185.231.205.242
http://185.250.148.238
http://188.119.112.11
http://188.119.113.36
http://191.96.53.183
http://191.96.53.184
http://193.57.138.18
http://193.57.138.19
http://195.201.252.143
http://212.192.31.130
http://213.142.146.83
http://45.8.144.232
http://45.8.147.191
http://45.83.122.248
http://45.9.190.250
http://45.9.191.215
http://5.252.22.61
http://51.195.166.198
http://74.119.195.192
http://74.119.195.230
http://77.83.173.96
http://77.91.73.95
http://79.137.205.25
http://79.137.205.26
http://79.137.205.27
http://85.208.136.233
http://85.31.44.207
http://88.119.169.106
http://88.119.169.107
http://88.119.169.119
http://88.119.170.143
http://88.198.207.120
http://88.99.120.225
http://89.185.85.232
http://94.131.110.120
http://94.131.97.179
http://94.131.98.3
http://94.131.98.65
http://94.131.98.66
http://94.131.98.67
http://94.131.98.68
http://94.131.98.77
http://94.131.98.78
http://94.131.98.85
http://94.158.244.15
bebrasoft.com

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

mars1877.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8864cd7cbc654d6a0abd75fe8152562f1a9837122bf829832fb4093be252b2e2/detection

http://88.198.106.9
http://95.217.29.31

# Reference: https://twitter.com/idclickthat/status/1597263364538789889
# Reference: https://tria.ge/221128-txx5eagh38/behavioral1

http://49.12.113.223
http://95.217.29.31
audacitya.org
autodeskst.com
bravebrwsr.com

# Reference: https://twitter.com/crep1x/status/1596960278859481088

http://95.217.31.208
mesoft.tech
selfware.net
tensoft.me
thepcworld.pro

# Reference: https://twitter.com/crep1x/status/1598012204233920513

http://153.92.221.169
http://178.23.190.20
http://213.226.100.34
anydesk.ltd
anykdesk.com
bravebrovvser.com
meegans.com
onytesk.com
teligrum.org

# Reference: https://www.virustotal.com/gui/ip-address/51.91.209.190/relations
# Reference: https://www.virustotal.com/gui/file/845e36305916034b608e82c5c4891112c1facfcd9151346e9abda8e0c1447fac/detection

arbetfroll.pw
arbetfrolli.pw
cheakendinner.xyz

# Reference: https://twitter.com/Gi7w0rm/status/1599702328558247937
# Reference: https://tria.ge/221130-n4s65sha45/behavioral1

http://88.198.77.204

# Reference: https://twitter.com/crep1x/status/1600129411629473792

http://195.201.250.87
http://195.201.255.246

# Reference: https://twitter.com/crep1x/status/1600839833114800129
# Reference: https://twitter.com/abuse_ch/status/1600855987946016768
# Reference: https://tria.ge/221208-p35zzsda5x

http://142.132.236.84
http://95.217.25.31
blendres.us
braveappbrowser.us
mslaftrebunrer.us
nvidiaexpirianse.us
obcproject.us

# Reference: https://twitter.com/l205306/status/1600861214485417985

coronasfree.com
freesoftwarelab.org
tensoft.store
x-soft.re

# Reference: https://twitter.com/idclickthat/status/1602678773236858882
# Reference: https://www.virustotal.com/gui/ip-address/31.31.196.171/relations

rufus-sootf.site
rufussootf.online
rufussootf.site
rufussootf.space

# Reference: https://twitter.com/crep1x/status/1603739742910169088
# Reference: https://twitter.com/crep1x/status/1603739749012738048
# Reference: https://tria.ge/221216-pvfecsef97
# Reference: https://tria.ge/221215-xs7ptsgb2x/behavioral2

http://116.202.6.49
http://168.119.243.28
http://94.131.98.49
http://95.217.24.210
amyldesk.com
anlmlydesk.com
bragwe.com
download-wallet.net
traldingveiw.com
traldlngview.com
zoow.us

# Reference: https://twitter.com/idclickthat/status/1603917198673805314
# Reference: https://www.virustotal.com/gui/file/decede09c564d8816cd6d5c9ef887adfc60e3880a47eca94e68de0179aa544a4/detection
# Reference: https://www.virustotal.com/gui/file/586923ff9e847ca568e3ee7a24897e02c5406c07c3f14ed33325d0a68ec9b5a2/detection

http://95.216.207.27
tradingapp.tech
tradingviewdownloads.com

# Reference: https://www.virustotal.com/gui/file/7006c4b851cbd7e8e97e7d9d94313c80e0be8cf12d7f814854b1a9cf7b3841b6/detection
# Reference: https://www.virustotal.com/gui/file/64cff0c222e7ed1fd41cddd842288c52c0ddd55a72a2276dd84c32d10111ca0d/detection

http://77.73.131.193

# Misc.

metatrader-5.net
metatrader-download.net

# Reference: https://twitter.com/jstrosch/status/1606045107970486272

http://152.89.218.27

# Reference: https://twitter.com/idclickthat/status/1607860641238323201

http://195.201.251.249
intuitquickbooks.space

# Reference: https://twitter.com/malware_traffic/status/1608690081178750976
# Reference: https://www.virustotal.com/gui/file/050ac31eccb687f01aa3ee0c16217d6d103b796bb606ddf4e3d0013af689e08c/detection

http://45.93.201.62
http://77.73.134.36

# Reference: https://twitter.com/Gi7w0rm/status/1609603582319288323
# Reference: https://tria.ge/230101-s3fa4sca97/behavioral2

http://116.202.4.70
http://116.203.3.152
http://157.90.244.205

# Reference: https://twitter.com/crep1x/status/1609638736366632967

http://116.203.121.167
http://116.203.164.147
http://135.181.204.67
http://185.125.206.181

# Reference: https://www.virustotal.com/gui/file/320aba94c97100f0722bd0acf6ab407f46e309a2e73c8d19dd9eea74e35739b1/detection

http://23.88.49.119

# Reference: https://twitter.com/crep1x/status/1612199364805660673
# Reference: https://twitter.com/crep1x/status/1612199370870460416
# Reference: https://tria.ge/230107-vnc9bahd7x/behavioral2

http://94.130.190.48
1123am.org
7-zlp.quest
7-zlp.shop
7-zlp.xyz
aanybesk.xyz
afteerbumers.lol
afteerbumers.shop
afteerbumers.xyz
afterbbumers.pics
afterbbumers.shop
afterburmer.store
afterburmmeer.website
afterrbburnerr.click
afterrbburnerr.shop
afterrburnerr.click
afterrburnerr.shop
aftersburmers.online
aftersburmers.shop
aftersburmers.xyz
aftterbumer.shop
aftterbumer.store
aftterbumer.xyz
aftterbumers.shop
aftterbumers.xyz
aiu-w.com
amyybeck.com
anyaesk.click
anyaesk.fun
anyaesk.online
anyaesk.site
anyaesk.store
anyaesk.website
anybeck.com
anybeck.site
anybeck.xyz
anybeeskk.xyz
anybek.com
anybesk.xyz
anybessk.xyz
blednar.com
bleednar.click
bleednar.site
bleenbeer.click
bleenbeer.fun
bleenbeer.online
bleenbeer.site
bleenbeer.store
bleenbeer.website
bleenbeer.xyz
blenbber.xyz
blenbeer.xyz
blenbeerr.lol
blenbeerr.xyz
blenber.com
blenber.live
blenber.online
blenber.xyz
blenbere.click
blenbere.fun
blenbere.site
blenbere.store
blenberr.store
blenberr.xyz
blennbeer.online
blennbeer.xyz
blennber.lol
blennber.xyz
bllenber.lol
bllenber.site
blnanseup.xyz
bookinfirst.com
caldairou-bessette.com
dasnlane.click
dasnlane.shop
dasnlane.xyz
dasnlanee.shop
ewga-precision.xyz
firslhorlzom.com
florinaprivateschool.com
flrstharlzan.com
flrstharlzon.click
flrstharlzon.xyz
fox8hen.com
gethonestseo.com
m-afterbbumer.lol
m-afterbbumer.shop
m-afterbbumer.xyz
m-afterbbumers.beauty
m-afterbbumers.christmas
m-afterbbumers.lol
m-afterbbumers.shop
m-afterbbumers.xyz
m-afterbumer.click
m-afterbumer.homes
m-afterbumer.shop
m-afterbummeer.shop
m-afterbummer.shop
m-afterbunar.shop
m-afterburmers.shop
m-afterburmers.xyz
m-afterbuumer.lol
m-afterbuumer.shop
m-afterbuumer.xyz
martianwalel.xyz
martlanwalel.beauty
martlanwalel.hair
martlanwalel.live
martlanwalel.shop
megaobjects.com
msi-afteburner.com
msi-afterbarner.com
msl-afteburner.com
msl-afteburner.link
msl-aftebuurner.xyz
msl-afterbumers.shop
msl-afterbumers.xyz
msl-afturbarner.shop
msl-afturbumeerr.one
msl-afturbumeerr.shop
msl-afturbumeerr.xyz
msl-afturbumer.shop
msl-afturbummeer.one
msl-afturbummeer.shop
msl-afturbummeer.xyz
mslafterbumer.shop
mslafterbumers.click
mslafterbumers.lol
mslafterbumers.shop
msslafteburner.link
obsproector.click
obsproector.xyz
obsprojector.live
obsprojector.online
obsprojector.xyz
obsprojectr.click
obsprojectr.xyz
obsprojectrr.lol
obsprojectrr.xyz
pipeliningutah.com
robimhod.com
rufuc.xyz
rufuuc.click
rufuuc.lol
rufuuc.site
rufuuc.store
rufuuc.xyz
rufuucc.lol
rufuucc.xyz
ruufuc.store
samouraivvallel.xyz
sbccu.xyz
sejaitaliano.net
sellmya36.com
sketcn-up.click
sketcn-up.lol
sketcn-up.shop
sketcn-up.xyz
slaks.online
slaks.store
slaks.website
slaskc.website
slaskc.xyz
slaskkc.xyz
slasskc.website
slasskc.xyz
teamwieever.live
teamwieever.online
teamwieever.xyz
telecomandotelevisione.com
traidlngvieew.online
traidlngvieew.shop
traidlngvieew.xyz
traidlngview.shop
traidlngview.xyz
traidlngvieww.shop
traidlngvieww.xyz
traldlngvlew.xyz
unlfufsu.xyz
wasabiwolet.xyz
wasabiwollet.xyz
wideolan.click
wideolan.club
wideolan.shop
zksyn-io.xyz

# Reference: https://twitter.com/DonPasci/status/1612529338015965208
# Reference: https://www.virustotal.com/gui/ip-address/170.130.40.34/relations

acrobatsadobes.icu
anydesk-software.site
anydeskdownload.icu
gimps.icu

# Reference: https://twitter.com/DonPasci/status/1612846842605359106
# Reference: https://www.virustotal.com/gui/ip-address/77.73.131.130/relations

brave-browser-instal.store
brave-browser-softvvare.com
brave-browser-softwares.com
brave-browser-softwere.com
brave-browser.cam
brave-browser.xyz
brave-browsers.live
brave-browsyr.store
brave-browzers.store
brave-browzir.biz
brave-browzir.store
brave-brser.biz
brave-dovvnlaod.store
brave-download-setup.cam
brave-download-setup.live
brave-instai.store
brave-instail.store
brave-installs.biz
brave-installs.store
brave-installs.xyz
bravebrowzer.cam
bravebrowzer.live
bravebrowzer.site
bravebrwser.biz
creative-cloud-info.com
creative-cloud-panel.com
creative-cloud.live
creative-cloud.pro
creative-cloud.xyz
hetflix-2023.cam
hetflix-instal.cam
hetflix-instal.store
hetflix-install2023.store
hetflix-installs.cam
hetflix-pc-install.cam
hetflix-pc-setup.cam
hetflix-pc.cam
notepab.cam
notepad-pl-us-plus.com
notepadinfo.biz
notepadinfo.cam
notepadinfo.pro
notepadownload.cam
notepadpl-us-plus.cam
notepadplus-plus.cam
notepadplusplusihstall.com
notepadplusplusinstal.cam
notepadplusplusinstall.cam
notepadplusplusinstall.pro
notepadplusplusinstall.store
notepadplusplusinstall.xyz
notepadplusplusinstaller.cam
notepadplusplusinstaller.store
notepadplusplusinstalls.cam
notepadplusplusinstals.cam
notepadplusplusinstals.store
notepadplusplusinstals.xyz
notepadsplu-plusinstall.com
obs-prject.store
obs-prjectx.store
obs-projec-soft.store
obs-project-downloading.com
obs-project-soft.store
obs-project-software.store
obs-projectx.biz
obs-projest.store
obs-projict-install.store
obsinstaller.cam
obsinstaller.com
obsinstalls.biz
obsinstalls.com
obsinstalls.store
obsinstallsoft.com
obslaboratory.store
obslabs.cam
obslabs.pro
obsprject.pro
obsprject.store
obsprjects.com
obsprjjject.store
obsprojicts.com
obsrecord.store
obsstream.store
okiawaabots.store
okiawabots.store
okiawabotswork.store
okiawagang.store

# Reference: https://threatfox.abuse.ch/ioc/1068148/
# Reference: https://threatfox.abuse.ch/ioc/1068149/

http://5.75.182.6
http://65.109.190.87

# Reference: https://twitter.com/JAMESWT_MHT/status/1613893102262951937
# Reference: https://twitter.com/yvesago/status/1613851481077161984
# Reference: https://app.any.run/tasks/a1ec516d-6a4b-46e4-9bed-99da40e4ff59/
# Reference: https://www.virustotal.com/gui/file/72cf01d835129bd2b829391f098c17fd444f6b105651736c19c9f937479b591e/detection

http://5.75.203.81
http://78.47.228.65
http://91.107.156.138
aduducity.org
audacityeteam.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven

aanybesk.click
traidlngvieew.site

# Reference: https://twitter.com/1ZRR4H/status/1614689336242348033

http://91.107.158.249
blenderno.org
qiupm.org
tradervwiev.org

# Reference: https://twitter.com/mdmck10/status/1615010474088611842
# Reference: https://www.virustotal.com/gui/ip-address/79.137.197.61/relations

androidcarts.com
best-finance-news.com
brosno.com
cancerpedia.com
com.brosno.com
com.cancerpedia.com
com.consulenzapro.com
com.ctsided.com
com.piensa-engrande.com
com.prifense.com
com.sunceam-news.com
consulenzapro.com
ctsided.com
domifybot.com
hantarjer.com
letstreamin.space
obsproject.com.brosno.com
obsproject.com.cancerpedia.com
obsproject.com.consulenzapro.com
obsproject.com.ctsided.com
obsproject.com.piensa-engrande.com
obsproject.com.prifense.com
obsproject.com.sunceam-news.com
piensa-engrande.com
prifense.com
sunceam-news.com

# Reference: https://twitter.com/mdmck10/status/1615015220077887488
# Reference: https://www.virustotal.com/gui/ip-address/185.149.120.133/relations

audacslty.site
audasite.online
audasite.site
audasite.space
audasite.website
docstore.app
glmps.site
godstreamsview.fun
godstreamsview.online
godstreamsview.site
godstreamsview.space
godstreamsview.website
godstreamsviews.fun
godstreamsviews.online
godstreamsviews.site
godstreamsviews.space
godstreamsviews.website
letstreamin.space
obcproect.site
obcprolect.com
oblproject.com
obmprolect.com
obpproject.com
obrproject.com
obsproect.site
obsspro.online
obsspro.site
obsspro.website
obstremsview.online
obstremswiev.fun
obstremswiev.online
obstremswiev.site
obstremswiev.space
odstraeming.fun
odstraeming.online
odstraeming.site
odstraeming.space
odstraeming.website
odstreamsviews.fun
odstreamsviews.online
odstreamsviews.site
odstreamsviews.space
odstreamsviews.website
ostreeming.fun
ostreeming.online
ostreeming.site
ostreeming.space
ostreeming.website
qobstreamsview.fun
qobstreamsview.online
qobstreamsview.site
qobstreamsview.website
qobstreamsviews.fun
qobstreamsviews.online
qobstreamsviews.site
qobstreamsviews.space
qobstreamsviews.website
sgparroquial.app
techinovation.fun
techinovation.online
techinovation.site
techinovation.space
techinovation.website
tecinnovation.fun
tecinnovation.online
tecinnovation.site
tecinnovation.space
tecinnovation.website
tecinnovations.online
tecinovations.pw
vilc.site

# Reference: https://twitter.com/malwrhunterteam/status/1615129063257001984

blenelder.org
blenderno.org

# Reference: https://twitter.com/malwrhunterteam/status/1615145024299175941
# Reference: https://www.virustotal.com/gui/ip-address/198.54.114.162/relations

capcut-brl.online
capcut-desktop.online
capcut-downloads.online
capcut-edits.online
capcut-pc.online
capcut-pcdownload.online
capcut-pro.online
capcut-windows.online
ccleaner-pc.online
clickminded.online
cyprusroyalestates.com
foxit-pc.online
hidemyass.online
internetdownloadmanager-pc.online
kinemaster.website
kmplayer-pc.online
notepad-pc.online
pipiads.online
softwarefullcrack.online
theslidequest.online
videolan-pc.online
winrar-pc.online
winrar-pro.online

# Reference: # Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection

http://23.137.249.5
/fs89rh4nfg0.php

# Reference: https://twitter.com/malwrhunterteam/status/1615776570307657730
# Reference: https://www.virustotal.com/gui/file/b1af4c462b411699595be17c4373dea4ce739339682874f0f3dc231d8cef744d/detection

http://65.21.119.56
ripple-wells-2022.org

# Reference: https://twitter.com/CSICCybersecur1/status/1615794289719808000
# Reference: https://threatresearch.ext.hp.com/adverts-mimicking-popular-software-leads-to-malware/

audacite.org
blenderon.org

# Reference: https://tria.ge/230118-zksl2shf29/behavioral2

http://65.109.208.140

# Reference: https://twitter.com/crep1x/status/1615840062729605122
# Reference: https://tria.ge/230118-1q7htsfe4y/behavioral2

http://88.198.120.151
brave-browser.edudlplomss.com

# Reference: https://github.com/brad-duncan/IOCs/blob/main/2023-01-19-IOCs-for-Fake-Notepad-plus-plus-page-and-malware.txt

notpad-plus-plus.com

# Reference: https://tria.ge/230120-zn2zwsbf9s/behavioral1

http://45.93.201.114
http://65.109.208.142

# Reference: https://www.virustotal.com/gui/file/55154520c70873a559f4dffa7984201a49dcf8d50a3f2782cb72cc940116168b/detection

http://65.109.200.241

# Reference: https://community.emergingthreats.net/t/vidar-stealer-picks-up-steam/271

http://142.132.169.161
http://78.46.238.118
http://78.47.172.233
http://78.47.225.61
http://78.47.233.145

# Reference: https://otx.alienvault.com/pulse/63cc2e0bdcf82dd7a1016c43
# Reference: https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijacking-search-results/
# Reference: https://www.virustotal.com/gui/file/0c5e7987dd67a8313fed90262b5bf678f19854ee0948e9ceb75f095cba1feecf/detection
# Reference: https://www.virustotal.com/gui/file/1ea1ac062289988a73823ff8e9d3349eeb6e42a2180bee8250d3c4217d6f33e9/detection
# Reference: https://www.virustotal.com/gui/file/8c0bfb0cfb89c367745b8c09e0d1ca790494ce7bf064748f7b47f5a204a5457f/detection

http://74.119.194.167
blender-s.org
blendersa.org
blender3dorg.fras6899.odns.fr

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/

http://116.202.0.132
http://116.202.7.135
http://116.203.211.149
http://135.181.27.186
http://142.132.168.13
http://146.70.131.216
http://146.70.20.236
http://157.230.123.128
http://157.90.145.118
http://161.35.28.183
http://164.92.172.75
http://165.227.167.218
http://167.235.153.37
http://185.130.47.220
http://185.149.120.9
http://185.203.119.148
http://188.119.112.77
http://195.201.237.253
http://195.201.251.109
http://23.106.122.140
http://45.8.145.14
http://45.8.147.151
http://45.8.147.51
http://49.12.113.110
http://5.75.167.38
http://65.109.164.83
http://65.109.201.11
http://65.21.58.6
http://77.73.133.32
http://78.47.31.221
http://94.131.105.147
http://95.217.240.6
2022-12-01znegeulfluxsisilafamille.blog.msi-afteburner.com
2022-12-02znegeulfluxsisilafamille.wp.msl-afteburner.com
42c150df-96bf-4714-9d76-9b9c8f464b9c.msl-afteburner.com
56988011-f30d-45c5-a604-63d3f977f48b.firslhorlzom.com
5f7f20b6-142f-4be4-b2f3-162a57f19e8f.msl-afteburner.com
79161e492f6e.firslhorlzom.com
7b6d99a9-c61e-438f-908d-9c5d71038dd5.msi-afteburner.com
94efb512-1b7e-42dd-8799-bee584ec6305.msi-afteburner.com
989e6127-7d52-4162-a517-79161e492f6e.firslhorlzom.com
a63cf611-acbd-4806-82f5-8d5b3160d1a9.robimhod.com
app.msl-afteburner.com
app.msl-afteburner.link
app.msl-aftebuurner.xyz
b2b.firslhorlzom.com
b2b.gethonestseo.com
b2b.msi-afteburner.com
b2b.msl-afteburner.com
b2b.msl-afteburner.link
b2b.msl-aftebuurner.xyz
b2b.msslafteburner.link
b2b.robimhod.com
blog.firslhorlzom.com
blog.hostmaster.caldairou-bessette.com
blog.megaobjects.com
blog.msi-afteburner.com
blog.msl-afteburner.com
blog.msl-afteburner.link
blog.msl-aftebuurner.xyz
blog.msslafteburner.link
cd8h4oikbfgntfve6p40.msl-afteburner.link
cd9es62kbfgq26rbe220.msl-afteburner.link
crm.msl-aftebuurner.xyz
crm.msslafteburner.link
crm.robimhod.com
d7jr1cj6.sejaitaliano.net
ec1ccef2-ccd2-4ab4-9a6f-fda5f8e6a66d.robimhod.com
enter.bookinfirst.com
enter.firslhorlzom.com
enter.msi-afteburner.com
enter.msl-afteburner.com
f4a38fb8-74af-4a65-8330-7afca66eb7df.firslhorlzom.com
fda5f8e6a66d.robimhod.com
forum.firslhorlzom.com
git.app.msl-afteburner.com
git.app.msl-afteburner.link
git.app.msl-aftebuurner.xyz
git.b2b.firslhorlzom.com
git.b2b.msi-afteburner.com
git.b2b.msl-afteburner.link
git.b2b.msslafteburner.link
git.blog.firslhorlzom.com
git.blog.msl-afteburner.com
git.blog.msl-afteburner.link
git.blog.msl-aftebuurner.xyz
git.blog.msslafteburner.link
git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.crm.msl-aftebuurner.xyz
git.enter.firslhorlzom.com
git.enter.msl-afteburner.com
git.firslhorlzom.com
git.git.app.msl-afteburner.com
git.git.app.msl-aftebuurner.xyz
git.git.b2b.msi-afteburner.com
git.git.blog.firslhorlzom.com
git.git.blog.msl-afteburner.com
git.git.blog.msl-afteburner.link
git.git.blog.msl-aftebuurner.xyz
git.git.blog.msslafteburner.link
git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.app.msl-afteburner.com
git.git.git.app.msl-aftebuurner.xyz
git.git.git.b2b.msi-afteburner.com
git.git.git.blog.firslhorlzom.com
git.git.git.blog.msl-afteburner.com
git.git.git.blog.msl-afteburner.link
git.git.git.blog.msslafteburner.link
git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.firsthorizon.com.gethonestseo.com
git.git.git.git.app.msl-aftebuurner.xyz
git.git.git.git.b2b.msi-afteburner.com
git.git.git.git.blog.firslhorlzom.com
git.git.git.git.blog.msl-afteburner.com
git.git.git.git.blog.msl-afteburner.link
git.git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.git.git.app.msl-aftebuurner.xyz
git.git.git.git.git.blog.firslhorlzom.com
git.git.git.git.git.blog.msl-afteburner.com
git.git.git.git.git.blog.msl-afteburner.link
git.git.git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.git.git.git.blog.firslhorlzom.com
git.git.git.git.git.git.blog.msl-afteburner.link
git.git.git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.git.m.msi-afteburner.com
git.git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.git.git.m.msi-afteburner.com
git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.git.git.gitlab.gitlab.sitemap.sellmya36.com
git.git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.git.gitlab.sitemaps.msl-afteburner.link
git.git.git.git.m.msi-afteburner.com
git.git.git.git.mail.msl-aftebuurner.xyz
git.git.git.git.msi-afteburner.com
git.git.git.git.sitemap.msl-afteburner.link
git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.gitlab.blog.hostmaster.gethonestseo.com
git.git.git.gitlab.blog.msl-aftebuurner.xyz
git.git.git.gitlab.enter.firslhorlzom.com
git.git.git.gitlab.git.sitemaps.robimhod.com
git.git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.git.gitlab.m.msl-afteburner.com
git.git.git.gitlab.msl-afteburner.com
git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.gitlab.sitemap.msl-afteburner.link
git.git.git.gitlab.sitemap.robimhod.com
git.git.git.gitlab.sitemaps.msl-afteburner.link
git.git.git.gitlab.sitemaps.robimhod.com
git.git.git.m.msi-afteburner.com
git.git.git.m.msl-afteburner.com
git.git.git.mail.msl-aftebuurner.xyz
git.git.git.msi-afteburner.com
git.git.git.sitemap.msl-afteburner.link
git.git.git.sitemaps.msi-afteburner.com
git.git.git.speedycrm.robimhod.com
git.git.gitlab.app.msl-afteburner.com
git.git.gitlab.blog.hostmaster.gethonestseo.com
git.git.gitlab.blog.msl-aftebuurner.xyz
git.git.gitlab.enter.firslhorlzom.com
git.git.gitlab.git.blog.hostmaster.gethonestseo.com
git.git.gitlab.git.blog.msslafteburner.link
git.git.gitlab.git.enter.firslhorlzom.com
git.git.gitlab.git.git.app.msl-afteburner.com
git.git.gitlab.git.git.blog.msslafteburner.link
git.git.gitlab.git.git.gitlab.wp.msi-afteburner.com
git.git.gitlab.git.git.wp.msi-afteburner.com
git.git.gitlab.git.gitlab.enter.firslhorlzom.com
git.git.gitlab.git.gitlab.git.wp.msl-afteburner.com
git.git.gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.git.gitlab.sitemap.robimhod.com
git.git.gitlab.git.gitlab.wp.firslhorlzom.com
git.git.gitlab.git.sitemaps.msl-afteburner.link
git.git.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.git.wordpress.msl-afteburner.link
git.git.gitlab.git.wp.msl-afteburner.com
git.git.gitlab.git.wp.sejaitaliano.net
git.git.gitlab.gitlab.git.app.msl-afteburner.com
git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
git.git.gitlab.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.git.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.gitlab.gitlab.gitlab.1.bookinfirst.com
git.git.gitlab.gitlab.gitlab.secure.bookinfirst.com
git.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.m.msl-afteburner.com
git.git.gitlab.msl-afteburner.com
git.git.gitlab.shop.msl-afteburner.link
git.git.gitlab.shop.msslafteburner.link
git.git.gitlab.sitemap.msl-afteburner.link
git.git.gitlab.sitemap.robimhod.com
git.git.gitlab.sitemaps.msl-afteburner.link
git.git.gitlab.sitemaps.robimhod.com
git.git.gitlab.wp.firslhorlzom.com
git.git.gitlab.wp.msi-afteburner.com
git.git.m.msi-afteburner.com
git.git.m.msl-afteburner.com
git.git.m.msl-aftebuurner.xyz
git.git.mail.msl-aftebuurner.xyz
git.git.msi-afteburner.com
git.git.msl-aftebuurner.xyz
git.git.old.msl-afteburner.link
git.git.robimhod.com
git.git.sitemap.msl-afteburner.link
git.git.sitemaps.msi-afteburner.com
git.git.sitemaps.msl-afteburner.link
git.git.speedycrm.robimhod.com
git.git.test.msslafteburner.link
git.git.wp.msi-afteburner.com
git.gitlab.app.msl-afteburner.com
git.gitlab.b2b.msl-afteburner.com
git.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.enter.firslhorlzom.com
git.gitlab.git.app.msl-afteburner.com
git.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.git.blog.msslafteburner.link
git.gitlab.git.enter.firslhorlzom.com
git.gitlab.git.git.app.msl-afteburner.com
git.gitlab.git.git.blog.msl-aftebuurner.xyz
git.gitlab.git.git.blog.msslafteburner.link
git.gitlab.git.git.git.blog.msslafteburner.link
git.gitlab.git.git.git.git.b2b.msi-afteburner.com
git.gitlab.git.git.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.git.git.gitlab.sitemaps.msl-afteburner.link
git.gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.git.gitlab.enter.firslhorlzom.com
git.gitlab.git.git.gitlab.git.sitemaps.robimhod.com
git.gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.git.git.gitlab.shop.msl-afteburner.link
git.gitlab.git.git.gitlab.wp.msi-afteburner.com
git.gitlab.git.git.m.msl-afteburner.com
git.gitlab.git.git.wp.msi-afteburner.com
git.gitlab.git.gitlab.app.msl-afteburner.com
git.gitlab.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.gitlab.enter.firslhorlzom.com
git.gitlab.git.gitlab.git.git.blog.msslafteburner.link
git.gitlab.git.gitlab.git.wp.msl-afteburner.com
git.gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.git.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.git.gitlab.sitemap.robimhod.com
git.gitlab.git.gitlab.wp.firslhorlzom.com
git.gitlab.git.gitlab.wp.msl-afteburner.com
git.gitlab.git.m.msl-afteburner.com
git.gitlab.git.sitemaps.msl-afteburner.link
git.gitlab.git.sitemaps.robimhod.com
git.gitlab.git.wordpress.msl-afteburner.link
git.gitlab.git.wp.msl-afteburner.com
git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.app.msl-afteburner.com
git.gitlab.gitlab.git.b2b.msi-afteburner.com
git.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.firslhorlzom.com
git.gitlab.gitlab.git.git.app.msl-afteburner.com
git.gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.git.git.b2b.msi-afteburner.com
git.gitlab.gitlab.git.git.mail.msl-aftebuurner.xyz
git.gitlab.gitlab.git.gitlab.git.app.msl-afteburner.com
git.gitlab.gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.m.msl-afteburner.com
git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
git.gitlab.gitlab.git.sitemaps.robimhod.com
git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.gitlab.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.enter.msl-afteburner.com
git.gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
git.gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
git.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.gitlab.gitlab.old.firslhorlzom.com
git.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.gitlab.sitemaps.msl-afteburner.link
git.gitlab.gitlab.test.msl-afteburner.link
git.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.m.msl-afteburner.com
git.gitlab.msl-afteburner.com
git.gitlab.old.msl-afteburner.link
git.gitlab.shop.msi-afteburner.com
git.gitlab.shop.msl-afteburner.link
git.gitlab.shop.msslafteburner.link
git.gitlab.sitemap.msl-afteburner.link
git.gitlab.sitemap.robimhod.com
git.gitlab.sitemaps.msl-afteburner.link
git.gitlab.sitemaps.robimhod.com
git.gitlab.test.msl-afteburner.link
git.gitlab.wordpress.msl-afteburner.com
git.gitlab.wp.firslhorlzom.com
git.gitlab.wp.msi-afteburner.com
git.gitlab.wp.msl-afteburner.com
git.lime.msl-aftebuurner.xyz
git.m.msi-afteburner.com
git.m.msl-afteburner.com
git.m.msl-aftebuurner.xyz
git.mail.msl-aftebuurner.xyz
git.msi-afteburner.com
git.msl-aftebuurner.xyz
git.old.firslhorlzom.com
git.old.msl-afteburner.link
git.old.msslafteburner.link
git.robimhod.com
git.sitemap.msl-afteburner.link
git.sitemaps.msi-afteburner.com
git.sitemaps.msl-afteburner.link
git.sitemaps.robimhod.com
git.speedycrm.robimhod.com
git.test.msslafteburner.link
git.wordpress.msi-afteburner.com
git.wordpress.msl-afteburner.com
git.wordpress.msl-afteburner.link
git.wordpress.msslafteburner.link
git.wp.msi-afteburner.com
git.wp.msl-afteburner.com
gitlab.app.msl-afteburner.com
gitlab.b2b.msl-afteburner.com
gitlab.b2b.msl-afteburner.link
gitlab.b2b.msslafteburner.link
gitlab.blog.hostmaster.gethonestseo.com
gitlab.blog.msl-aftebuurner.xyz
gitlab.blog.msslafteburner.link
gitlab.enter.firslhorlzom.com
gitlab.enter.msi-afteburner.com
gitlab.enter.msl-afteburner.com
gitlab.git.app.msl-afteburner.com
gitlab.git.b2b.msi-afteburner.com
gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.blog.msslafteburner.link
gitlab.git.enter.firslhorlzom.com
gitlab.git.firslhorlzom.com
gitlab.git.git.app.msl-afteburner.com
gitlab.git.git.b2b.msi-afteburner.com
gitlab.git.git.blog.caldairou-bessette.com
gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.git.git.blog.msslafteburner.link
gitlab.git.git.git.app.msl-afteburner.com
gitlab.git.git.git.b2b.msi-afteburner.com
gitlab.git.git.git.blog.msslafteburner.link
gitlab.git.git.git.git.b2b.msi-afteburner.com
gitlab.git.git.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.git.git.wp.sejaitaliano.net
gitlab.git.git.git.gitlab.blog.hostmaster.gethonestseo.com
gitlab.git.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.git.git.gitlab.m.msl-afteburner.com
gitlab.git.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.git.gitlab.sitemap.robimhod.com
gitlab.git.git.git.gitlab.sitemaps.msl-afteburner.link
gitlab.git.git.gitlab.app.msl-afteburner.com
gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.git.gitlab.enter.firslhorlzom.com
gitlab.git.git.gitlab.git.enter.firslhorlzom.com
gitlab.git.git.gitlab.git.git.blog.msslafteburner.link
gitlab.git.git.gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.git.gitlab.git.sitemaps.robimhod.com
gitlab.git.git.gitlab.git.wp.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
gitlab.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.gitlab.wp.firslhorlzom.com
gitlab.git.git.gitlab.wp.msi-afteburner.com
gitlab.git.git.m.msl-afteburner.com
gitlab.git.git.mail.msl-aftebuurner.xyz
gitlab.git.git.secure.bookinfirst.com
gitlab.git.git.wp.msi-afteburner.com
gitlab.git.git.x1.bookinfirst.com
gitlab.git.gitlab.app.msl-afteburner.com
gitlab.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.enter.firslhorlzom.com
gitlab.git.gitlab.git.app.msl-afteburner.com
gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.blog.msslafteburner.link
gitlab.git.gitlab.git.git.git.blog.msslafteburner.link
gitlab.git.gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.gitlab.wp.msi-afteburner.com
gitlab.git.gitlab.git.gitlab.app.msl-afteburner.com
gitlab.git.gitlab.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.gitlab.enter.firslhorlzom.com
gitlab.git.gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.git.sitemaps.robimhod.com
gitlab.git.gitlab.git.wordpress.msl-afteburner.link
gitlab.git.gitlab.git.wp.msl-afteburner.com
gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.git.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.blog.sellmya36.com
gitlab.git.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.git.gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.secure.bookinfirst.com
gitlab.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.hostmaster.sellmya36.com
gitlab.git.gitlab.sitemap.robimhod.com
gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.wp.msl-afteburner.com
gitlab.git.m.msl-afteburner.com
gitlab.git.old.msl-afteburner.link
gitlab.git.sitemap.msl-afteburner.link
gitlab.git.sitemaps.msl-afteburner.link
gitlab.git.sitemaps.robimhod.com
gitlab.git.wordpress.msl-afteburner.link
gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.app.msl-afteburner.com
gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.b2b.msl-afteburner.link
gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.enter.firslhorlzom.com
gitlab.gitlab.enter.msl-afteburner.com
gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.enter.firslhorlzom.com
gitlab.gitlab.git.firslhorlzom.com
gitlab.gitlab.git.git.app.msl-afteburner.com
gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.git.git.app.msl-afteburner.com
gitlab.gitlab.git.git.git.b2b.msi-afteburner.com
gitlab.gitlab.git.git.git.blog.msslafteburner.link
gitlab.gitlab.git.git.git.git.b2b.msi-afteburner.com
gitlab.gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.git.git.m.msl-afteburner.com
gitlab.gitlab.git.git.mail.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.app.msl-afteburner.com
gitlab.gitlab.git.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.git.git.blog.msslafteburner.link
gitlab.gitlab.git.gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.git.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.git.gitlab.sitemaps.robimhod.com
gitlab.gitlab.git.gitlab.wp.msl-afteburner.com
gitlab.gitlab.git.m.msl-afteburner.com
gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.enter.msl-afteburner.com
gitlab.gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.git.firslhorlzom.com
gitlab.gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.gitlab.sitemap.pipeliningutah.com
gitlab.gitlab.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.m.msl-afteburner.com
gitlab.gitlab.gitlab.old.firslhorlzom.com
gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.gitlab.gitlab.wp.msl-afteburner.com
gitlab.gitlab.m.msl-afteburner.com
gitlab.gitlab.old.firslhorlzom.com
gitlab.gitlab.old.msl-afteburner.link
gitlab.gitlab.shop.msi-afteburner.com
gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.sitemaps.msl-afteburner.link
gitlab.gitlab.test.msl-afteburner.link
gitlab.gitlab.wordpress.msl-afteburner.com
gitlab.gitlab.wordpress.msslafteburner.link
gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.wp.msi-afteburner.com
gitlab.gitlab.wp.msl-afteburner.com
gitlab.m.msl-afteburner.com
gitlab.msl-afteburner.com
gitlab.old.firslhorlzom.com
gitlab.old.msl-afteburner.link
gitlab.shop.firslhorlzom.com
gitlab.shop.msi-afteburner.com
gitlab.shop.msl-afteburner.link
gitlab.shop.msslafteburner.link
gitlab.sitemap.msl-afteburner.link
gitlab.sitemap.robimhod.com
gitlab.sitemaps.msl-afteburner.link
gitlab.sitemaps.robimhod.com
gitlab.test.msi-afteburner.com
gitlab.test.msl-afteburner.link
gitlab.wordpress.msl-afteburner.com
gitlab.wordpress.msslafteburner.link
gitlab.wp.firslhorlzom.com
gitlab.wp.msi-afteburner.com
gitlab.wp.msl-afteburner.com
hostmaster.bookinfirst.com
hostmaster.gethonestseo.com
hostmaster.megaobjects.com
lime.msl-aftebuurner.xyz
lime.robimhod.com
m.msi-afteburner.com
m.msl-afteburner.com
m.msl-aftebuurner.xyz
mail.megaobjects.com
mail.msl-aftebuurner.xyz
msl-afterbarnur.gethonestseo.com
noteany.com
old.firslhorlzom.com
old.gethonestseo.com
old.msl-afteburner.link
old.msslafteburner.link
ruletka-na-dengi-onlayn.caldairou-bessette.com
shop.bookinfirst.com
shop.firslhorlzom.com
shop.msi-afteburner.com
shop.msl-afteburner.com
shop.msl-afteburner.link
shop.msslafteburner.link
sitemap.firslhorlzom.com
sitemap.msi-afteburner.com
sitemap.msl-afteburner.link
sitemap.msslafteburner.link
sitemap.robimhod.com
sitemaps.msi-afteburner.com
sitemaps.msl-afteburner.link
sitemaps.robimhod.com
speedycrm.msl-aftebuurner.xyz
speedycrm.robimhod.com
test.bookinfirst.com
test.gethonestseo.com
test.msi-afteburner.com
test.msl-afteburner.link
test.msl-aftebuurner.xyz
test.msslafteburner.link
test.robimhod.com
wordpress.firslhorlzom.com
wordpress.msi-afteburner.com
wordpress.msl-afteburner.com
wordpress.msl-afteburner.link
wordpress.msslafteburner.link
wp.bookinfirst.com
wp.firslhorlzom.com
wp.msi-afteburner.com
wp.msl-afteburner.com
wp.msl-afteburner.link
wp.msl-aftebuurner.xyz
wp.msslafteburner.link
wp.robimhod.com
zksyncio.xyz
zoomdowndesktop.store

# Reference: https://twitter.com/ULTRAFRAUD/status/1617185995526443008
# Reference: https://twitter.com/ULTRAFRAUD/status/1617918997156229120
# Reference: https://www.virustotal.com/gui/ip-address/185.163.204.10/relations

http://5.75.149.127
download-davinci.duckdns.org
download-davinci17.duckdns.org
download-obsstudio.duckdns.org
download-sqlite.duckdns.org

# Reference: https://twitter.com/Artilllerie/status/1617490471470903296

malwarebytes-premium.com

# Reference: https://twitter.com/tosscoinwitcher/status/1617588555995574274
# Reference: https://www.virustotal.com/gui/ip-address/191.101.13.129/relations

anydeskcloud.tech

# Reference: https://twitter.com/malwrhunterteam/status/1617618773045018625
# Reference: https://twitter.com/tosscoinwitcher/status/1617623026157383680
# Reference: https://tria.ge/230123-zchf4sfc94/behavioral2

http://65.109.210.114
nvidladrlvers.top
nvldia-graphics.online
safe.nvidladrlvers.top

# Reference: https://twitter.com/malwrhunterteam/status/1617961361593749505
# Reference: https://www.virustotal.com/gui/ip-address/172.67.138.234/relations

nvidia-graphics.top

# Reference: https://twitter.com/Gi7w0rm/status/1618185842899705856
# Reference: https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure

my-odin.com
my-vidar.com
my-vidar.net
new.my-odin.com
old.my-vidar.net
new.my-vidar.net

# Reference: https://twitter.com/Malwar3Ninja/status/1618279742041640960
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.7/relations

audacityu.org
belunder.org
blenderlo.org
downleoad.com
rufuse.org
tradingview-ger.org
tradingview-get.org

# Reference: https://www.virustotal.com/gui/ip-address/172.67.163.176/relations

trebingview.com

# Reference: https://twitter.com/StopMalvertisin/status/1618253036018892801
# Reference: https://www.virustotal.com/gui/ip-address/104.21.24.164/relations

tendencyquicksand.xyz
tradingview-usa.club
traidstok.website

# Reference: https://twitter.com/malwrhunterteam/status/1618362802552573953

geforce-official.online
geforce-official.site
nvidia-drive3.site

# Reference: https://twitter.com/malwrhunterteam/status/1618735590870228995

geforse-drlvers.site

# Reference: https://twitter.com/irfan_eternal/status/1618260845343178754
# Reference: https://app.any.run/tasks/f0414d59-0ea3-4d8a-a6d8-724cdacd8b42/

http://95.217.16.127

# Reference: https://twitter.com/idclickthat/status/1620465213589049345
# Reference: https://tria.ge/230131-tzkbbsha89

http://116.203.6.107
http://135.181.41.147

# Reference: https://twitter.com/x3ph1/status/1623011203005001749
# Reference: https://www.virustotal.com/gui/file/0c2229f5d5bd61fd8ac9cec0cb4da07f733ac3ae007d8b2b7da3376c047102dd/detection

http://49.12.239.21
http://65.109.168.191
http://65.109.7.48
http://95.217.240.157

# Reference: https://threatfox.abuse.ch/browse/tag/vidar (# up-to 10th Feb 2023)

http://116.202.181.160
http://116.203.1.203
http://116.203.9.69
http://135.181.203.71
http://135.181.43.158
http://142.132.228.93
http://157.90.148.112
http://167.235.246.125
http://168.119.236.82
http://195.201.254.227
http://49.12.79.235
http://5.182.37.147
http://65.108.249.43
http://65.109.136.136
http://65.109.168.175
http://78.47.216.96
http://88.198.152.171
http://88.198.95.89
http://94.130.75.1
http://95.217.240.133
http://95.217.246.37
activatorshome.com
anydesktop.tech
bigcracks.com
crack11.com
crackbye.com
cracked1.com
cracked4pc.com
crackedplugs.net
crackfair.com
crackgive.com
crackleft.com
crackmix.com
crackmypc.com
crackport.com
crackpull.com
crackright.com
cracksaw.com
cracksend.com
cracksir.com
freecrackapp.com
fullkeygens.com
getfreecracks.com
getmecrack.com
hitpcsoft.com
hotpcsoft.com
incracks.com
justsofts.com
keygenbro.com
keygenhere.com
keyslog.com
licenseapps.com
licensedaily.com
licensehd.com
licenselive.com
nvldladriver.com
pc-crack.com
pcsoftnew.com
playcrack.com
plug-cracked.com
plug-torrent.com
plug-torrents.com
plugin-torrents.com
pluginstorrents.com
powercrack.com
rrvldladrlwers.top
serialkeygens.com
softsnew.com
starcrack.net
team-viewer.monashenki.com
topcrackpatch.com
up2pc.com
up4crack.com
upcracks.com
vcracks.com
vipcracks.com
vstcrackx.com
win-crack.com
windowcrack.com
windowsbay.com
windowsroom.com

# Reference: https://www.virustotal.com/gui/file/7858bffea20cffd024d5132442c44feb6f6c68b3e0b60fc3622d83ddd2793923/detection

hugersi.com

# Reference: https://twitter.com/TrackerC2Bot/status/1618226763519197184

drampik.com

# Reference: https://www.virustotal.com/gui/file/012498bb79e5b2914abac4b8343510a8cd180a92d11ec087f66dfd87a202f41c/detection

propanla.com

# Reference: https://twitter.com/TrackerC2Bot/status/1615056181587808276

http://45.12.253.56
http://45.12.253.72
http://45.12.253.75
http://45.12.253.98

# Reference: https://www.virustotal.com/gui/file/001997f3e75c1e0e3857f79186bfc2af22a043a2e3bd9b640a22b9f59dbc9149/detection

http://116.203.245.137
abgtt.com

# Reference: https://www.virustotal.com/gui/file/02214be7a1ec20e21ab4209575618bb2a5090f15b53c4aaaac9490634d6aa48b/detection

http://159.69.203.58

# Reference: https://www.virustotal.com/gui/file/32cf0e4532d6617a76a22f45edfe5d10ecbaf10040cedffdb2cea5126b6ff053/detection

http://116.203.127.162

# Reference: https://twitter.com/TrackerC2Bot/status/1623039112298090496

http://109.230.199.110
http://170.130.165.60
http://176.10.111.164
http://176.10.119.209
http://176.10.119.217
http://176.10.125.84
http://185.158.248.100
http://185.90.162.33
http://194.76.225.88
http://37.10.71.114
http://45.11.183.24
http://79.132.130.73
http://79.132.130.76
http://79.132.133.128
http://79.132.134.158
http://91.242.219.235
http://91.242.219.237

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign#the-phish

http://195.201.44.125
http://23.88.36.149
http://95.216.164.28

# Reference: https://github.com/SEKOIA-IO/Community/blob/main/IOCs/stealc/stealc_iocs_20230220.csv

http://146.70.161.51
http://162.0.238.10
http://167.235.62.105
http://176.124.192.200
http://179.43.162.89
http://179.43.162.94
http://185.130.46.214
http://185.143.223.136
http://185.242.87.149
http://185.247.184.7
http://185.5.248.95
http://194.4.51.160
http://194.87.31.146
http://195.74.86.37
http://23.88.116.117
http://37.120.238.190
http://37.220.87.65
http://45.136.49.247
http://45.136.50.69
http://45.136.51.61
http://45.144.29.176
http://45.87.153.50
http://5.75.138.201
http://65.109.3.34
http://77.246.156.93
http://84.246.85.80
http://85.239.54.29
http://91.215.85.188
http://91.228.225.46
http://94.131.99.185
http://94.142.138.11
http://94.142.138.48
http://95.216.112.83
http://95.217.143.99
666palm.com
777palm.com
aa-cj.com
fff-ttt.com
moneylandry.com
start-not.com

# Reference: https://www.virustotal.com/gui/file/28f8308941a1e87dfe3130238669ac16af3150aa2e284a1ba07eeb10ecbce17e/detection

http://91.215.85.213

# Reference: https://twitter.com/idclickthat/status/1628819842496188417

http://116.202.181.154
http://78.47.226.24
http://89.40.14.155
panelco.su

# Reference: https://tria.ge/230222-yxyhdsfb6z/behavioral2

http://167.235.249.225
bbc-s.news

# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.169/relations

notepadt-plus-pluss.com

# Reference: https://twitter.com/crep1x/status/1630193006446870530

http://157.90.113.100
http://167.235.226.106
http://65.109.9.93

# Generic

/hsdf7w34rhdjsf.php
/smbfhrgc
/smbfupkuhrgc1
