# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Note: Continuation of /maltrail/trails/static/malware/cobaltstrike.txt

# Reference: https://www.virustotal.com/gui/file/04c7031cb8d42ffd16700ae86b1c6d917f76c433dc479f4fd34a4446d0b27b0e/detection

185.135.72.100:9887

# Reference: https://twitter.com/drb_ra/status/1513970763115675658

195.201.222.143:8444

# Reference: https://twitter.com/drb_ra/status/1513970770518630412

27.122.56.142:8443

# Reference: https://twitter.com/drb_ra/status/1513970779247063053

46.148.26.88:443

# Reference: https://twitter.com/drb_ra/status/1513970785941180431

24.251.163.5:60443

# Reference: https://twitter.com/malwrhunterteam/status/1514311455163699204
# Reference: https://www.virustotal.com/gui/file/cb66fc60fdd65b40ea456c359066ae7f2a3839ad504070a96259d3aec669dcc6/detection

111.229.93.40:6666

# Reference: https://www.virustotal.com/gui/file/cc0121a17c4f440fdb543e0ce66c5f74704a5963feeebf25f091b2b7fb1f299a/detection
# Reference: https://www.virustotal.com/gui/file/d9a686f2e59d02df5641ba5180283a6695666ce142856d38965d5a11a2484186/detection

service-qbp7jrj6-1305968380.gz.apigw.tencentcs.com

# Reference: https://www.virustotal.com/gui/file/2007ae13be2f554641326304eb92d61468974cf249a4f77d6c0696c74fcf55a5/detection
# Reference: https://www.virustotal.com/gui/file/72fed1907afc465d5d92a7ca6929c924c550d513bb15178211b99e3d2672233f/detection

39.96.15.147:55555

# Reference: https://www.virustotal.com/gui/file/13702ec6f86d673684cf41ccef59b3e0a5aafd4e6dae683f44b04e5d25496e17/detection

39.96.15.147:55557

# Reference: https://twitter.com/malwrhunterteam/status/1514335812749606915
# Reference: https://www.virustotal.com/gui/file/816bbe270caa510cd5c121e0ee17e3ee7efba7a6d47d8711035a4ee62b07c0d5/detection

120.77.72.212:9999

# Reference: https://twitter.com/ian_kenefick/status/1514168956189396994
# Reference: https://twitter.com/drb_ra/status/1514285974494265347

birmingham2022-teamsupdate.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1514013336970698758

149.248.63.211:8989

# Reference: https://twitter.com/drb_ra/status/1514013400015249408

192.227.227.222:9033

# Reference: https://twitter.com/drb_ra/status/1514013515144740865

http://34.228.195.233

# Reference: https://twitter.com/drb_ra/status/1514013553094705156

8.140.37.238:8888

# Reference: https://twitter.com/drb_ra/status/1514013588712734732

http://175.178.162.195

# Reference: https://twitter.com/drb_ra/status/1514013636905381888

81.70.92.177:7777

# Reference: https://twitter.com/drb_ra/status/1514013702441340944

1.13.189.170:8080

# Reference: https://twitter.com/drb_ra/status/1514194948383518720

1.117.181.141:19999

# Reference: https://twitter.com/drb_ra/status/1514253225465204739

arentuk.com

# Reference: https://twitter.com/drb_ra/status/1514285528929255432

154.214.136.42:7878

# Reference: https://twitter.com/drb_ra/status/1514285556926144516

39.96.0.85:8888

# Reference: https://twitter.com/drb_ra/status/1514285560822734857

squarerootdev.com

# Reference: https://twitter.com/drb_ra/status/1514285602312798211
# Reference:https://www.virustotal.com/gui/file/e4171d0374da524efbea2a206a8ce45d51174660aaf7ec1e2245b436e3e25fd5/detection

s.sso.so

# Reference: https://twitter.com/drb_ra/status/1514285652157870085

104.168.13.23:8443

# Reference: https://twitter.com/drb_ra/status/1514285677810450438

154.208.251.18:7878
45.194.246.142:7878

# Reference: https://twitter.com/drb_ra/status/1514285696458141708

192.69.91.119:8088

# Reference: https://twitter.com/drb_ra/status/1514285730297790479

furfen.com

# Reference: https://twitter.com/drb_ra/status/1514285759943032832

154.208.251.18:7878
156.238.126.25:7878

# Reference: https://twitter.com/drb_ra/status/1514285785125728259

154.214.136.54:7878

# Reference: https://twitter.com/drb_ra/status/1514285806751522820

162.221.135.241:8444

# Reference: https://twitter.com/drb_ra/status/1514285828033363975

http://23.225.191.49

# Reference: https://twitter.com/drb_ra/status/1514285864846831617

175.41.21.27:443

# Reference: https://twitter.com/drb_ra/status/1514285906643062784

156.239.84.62:7878

# Reference: https://twitter.com/drb_ra/status/1514285926138228739

175.41.16.99:443

# Reference: https://twitter.com/drb_ra/status/1514285952700661766

1.117.183.85:8888

# Reference: https://twitter.com/drb_ra/status/1514286006308163588

175.41.16.101:443

# Reference: https://twitter.com/drb_ra/status/1514286038503796737

154.214.136.58:7878

# Reference: https://twitter.com/drb_ra/status/1514286068576706563

154.214.143.220:7878

# Reference: https://twitter.com/drb_ra/status/1514286102181462023

156.238.126.10:7878

# Reference: https://twitter.com/drb_ra/status/1514286129268281347

107.172.219.129:8888

# Reference: https://twitter.com/drb_ra/status/1514286175963557893

45.227.252.236:4012

# Reference: https://twitter.com/drb_ra/status/1514286202802909186

212.192.241.24:8088

# Reference: https://twitter.com/drb_ra/status/1514286230988541957

154.80.176.46:7878

# Reference: https://twitter.com/drb_ra/status/1514286251343495172

175.41.21.26:443

# Reference: https://twitter.com/drb_ra/status/1514286283580923912

service-6p78e619-1307066631.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1514286285325807623

http://101.34.214.7

# Reference: https://twitter.com/drb_ra/status/1514286317005385740

173.232.146.86:443

# Reference: https://twitter.com/drb_ra/status/1514286349695823880

101.34.169.46:8443

# Reference: https://twitter.com/drb_ra/status/1514286375943778304

154.214.143.196:7878

# Reference: https://twitter.com/drb_ra/status/1514286405953929219

biubiubiu.click

# Reference: https://twitter.com/drb_ra/status/1514286440028516365

seopowerzone.com
seo.seopowerzone.com

# Reference: https://twitter.com/drb_ra/status/1514286468688232448

http://142.93.134.93
http://161.35.153.125

# Reference: https://twitter.com/drb_ra/status/1514286498077675522

service-h4i1r6bo-1306266622.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1514286536887517184

http://164.90.203.114
http://164.90.206.183

# Reference: https://twitter.com/drb_ra/status/1514286576049790976

67.205.143.19:8989

# Reference: https://twitter.com/drb_ra/status/1514286607435812873

http://79.141.162.139

# Reference: https://twitter.com/drb_ra/status/1514286654646898702

175.41.21.30:443

# Reference: https://twitter.com/drb_ra/status/1514286683142905863

http://43.135.12.91

# Reference: https://twitter.com/drb_ra/status/1514286713966837767

129.114.26.156:2323

# Reference: https://twitter.com/drb_ra/status/1514286740147691528

175.41.21.29:443

# Reference: https://twitter.com/drb_ra/status/1514286767188369415

175.41.16.98:443
175.41.21.28:443

# Reference: https://twitter.com/drb_ra/status/1514286793079898120

45.194.246.132:7878

# Reference: https://twitter.com/drb_ra/status/1514286815347359745

http://47.97.38.151

# Reference: https://twitter.com/drb_ra/status/1514333132123787268

172.105.62.85:4444

# Reference: https://twitter.com/drb_ra/status/1514333135827345426

185.135.72.100:443

# Reference: https://twitter.com/drb_ra/status/1514343696430505989

http://124.223.191.166

# Reference: https://twitter.com/drb_ra/status/1514343798498803732

79.141.162.139:443

# Reference: https://twitter.com/drb_ra/status/1514374911397089283

47.242.86.26:8888

# Reference: https://twitter.com/drb_ra/status/1514374944620257285

http://45.77.88.81
http://95.182.121.247

# Reference: https://twitter.com/drb_ra/status/1514374975528083459

45.136.245.84:4433

# Reference: https://twitter.com/drb_ra/status/1514375032432218116

45.77.88.81:8070

# Reference: https://twitter.com/drb_ra/status/1514375060450070535

156.238.126.16:7878

# Reference: https://twitter.com/drb_ra/status/1514375085003575300

209.141.62.84:8080

# Reference: https://twitter.com/drb_ra/status/1514375118767677441

http://64.225.49.117

# Reference: https://twitter.com/drb_ra/status/1514375152901017600

101.43.223.187:9898

# ReferenceL https://twitter.com/drb_ra/status/1514375188363763721

http://40.112.55.123
http://40.71.21.207

# Reference: https://twitter.com/drb_ra/status/1514375269443944453

http://43.138.33.133

# Reference: https://twitter.com/drb_ra/status/1514557324286963714

23.19.227.58:8443

# Reference: https://twitter.com/drb_ra/status/1514557205789425668

23.19.227.59:8443

# Reference: https://twitter.com/drb_ra/status/1514557249489936390

114.132.226.245:1234

# Reference: https://twitter.com/drb_ra/status/1514557270402932738

121.5.3.143:666

# Reference: https://twitter.com/drb_ra/status/1514557306591141894

173.82.134.187:4445

# Reference: https://twitter.com/drb_ra/status/1514557350929223681

151.236.1.15:8443

# Reference: https://twitter.com/drb_ra/status/1514557472186511361

124.221.231.229:8081

# Reference: https://www.virustotal.com/gui/domain/atps-proximo.pt/relations

cobalt.atps-proximo.pt

# Reference: https://twitter.com/drb_ra/status/1514615525631881220

34.243.248.3:443

# Reference: https://twitter.com/drb_ra/status/1514615675163082761

http://193.169.62.8

# Reference: https://www.virustotal.com/gui/ip-address/23.81.246.179/relations

zolejup.com

# Reference: https://twitter.com/drb_ra/status/1514648784030031873

http://164.90.200.68
http://164.90.206.47

# Reference: https://twitter.com/drb_ra/status/1514648831866064897

159.65.136.204:443

# Reference: https://twitter.com/drb_ra/status/1514648863491207174

185.77.225.254:443

# Reference: https://twitter.com/drb_ra/status/1514648896152166408

d2kuon458rs8df.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1514648929140461572

htttp://91.217.139.63

# Reference: https://twitter.com/drb_ra/status/1514648956822827021

137.175.50.233:8080

# Reference: https://twitter.com/drb_ra/status/1514648983217618954

129.114.26.156:8888

# Reference: https://twitter.com/drb_ra/status/1514649008949628929

31.44.184.187:8080

# Reference: https://twitter.com/drb_ra/status/1514649034539118597

185.156.72.43:5556

# Reference: https://twitter.com/drb_ra/status/1514649100465184773

http://159.223.222.217
http://161.35.83.87

# Reference: https://twitter.com/drb_ra/status/1514649133860241409

121.4.121.54:8080

# Reference: https://twitter.com/drb_ra/status/1514649156513583109

107.182.185.224:2083

# Reference: https://twitter.com/drb_ra/status/1514649196711788548

124.223.52.182:8888

# Reference: https://twitter.com/drb_ra/status/1514649232346693634

124.223.13.165:8080

# Reference: https://twitter.com/drb_ra/status/1514649256950480897

81.70.247.249:443

# Reference: https://twitter.com/drb_ra/status/1514649260565876744

8.129.24.62:8888

# Reference: https://twitter.com/drb_ra/status/1514649264131125249

95.179.229.29:8080

# Reference: https://twitter.com/drb_ra/status/1514649309236637704

45.61.139.74:8443

# Reference: https://twitter.com/drb_ra/status/1514649341495058442

101.32.179.98:8443

# Reference: https://twitter.com/drb_ra/status/1514649371027116036

http://137.184.42.85

# Reference: https://twitter.com/drb_ra/status/1514649402090135552

http://164.92.209.123
http://165.22.196.140

# Reference: https://twitter.com/drb_ra/status/1514649430225559559

23.227.202.58:1080

# Reference: https://twitter.com/drb_ra/status/1514649453742936069

179.60.150.119:443

# Reference: https://twitter.com/drb_ra/status/1514649551654817801

perfectworldltd.com

# Reference: https://twitter.com/drb_ra/status/1514649551654817801

116.204.211.162:443

# Reference: https://twitter.com/drb_ra/status/1514706395593158657

http://116.204.211.162

# Reference: https://twitter.com/drb_ra/status/1514649582315126791

http://212.193.30.36

# Reference: https://twitter.com/drb_ra/status/1514649620667904010

service-jrqcrl2i-1254191709.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1514649648430043142

http://43.135.92.46

# Reference: https://twitter.com/drb_ra/status/1514649684631068679

43.156.242.53:5556

# Reference: https://twitter.com/drb_ra/status/1514649730193797129

http://124.221.66.250

# Reference: https://twitter.com/drb_ra/status/1514649779405471749

103.68.63.12:2083
sjtnmzxck.xyz
application.sjtnmzxck.xyz

# Reference: https://twitter.com/drb_ra/status/1514649804328026113

212.193.30.36:443

# Reference: https://twitter.com/drb_ra/status/1514649852965277714

141.98.80.175:443

# Reference: https://twitter.com/drb_ra/status/1514649919323348995

47.91.242.27:443

# Reference: https://twitter.com/drb_ra/status/1514649963631886342

103.70.227.35:8018
103.70.227.40:8018

# Reference: https://twitter.com/drb_ra/status/1514649986990067713

81.68.160.4:8082

# Reference: https://twitter.com/drb_ra/status/1514650010754891783

http://34.83.201.43

# Reference: https://www.virustotal.com/gui/file/f1ee396a0efc439065cba3b76d781ff4bed0391372d93c5f95167bfd4c5800a1/detection
# Reference: https://www.virustotal.com/gui/file/0218ee1dc67abc13a9cf151835ae790f4a473918da23217f2b3fe27c71ddc615/detection

101.35.206.161:9001

# Reference: https://www.virustotal.com/gui/file/a2c5e2c88ed8ebf38f7488afb49381ba5e0d2a4d0cdf0ca59cc9ed21851a5343/detection
# Reference: https://www.virustotal.com/gui/file/92b84e00fc359cd67abe7872567bce7ac2b92038aca466ac1ecbe6ecf53d4259/detection
# Reference: https://www.virustotal.com/gui/file/7e90f1ffd9572b137578d02f24f96cb7bf8b1081d0da8b6f00acd74c3107c7d0/detection
# Reference: https://www.virustotal.com/gui/file/0376902f2cf9431276198696243fbb6dd909bcc982efa763fa892587493bb195/detection

101.35.206.161:9898

# Reference: https://twitter.com/drb_ra/status/1514706322566098948

http://84.32.188.104

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-04-14-IOCs-for-aa-Qakbot-with-Cobalt-Strike.txt

kuxojemoli.com

# Reference: https://twitter.com/drb_ra/status/1514739030608515079

154.12.42.214:9990

# Reference: https://twitter.com/drb_ra/status/1514739067531018253

http://154.12.228.19

# Reference: https://twitter.com/drb_ra/status/1514739103782342658

8.135.97.155:443

# Reference: https://twitter.com/drb_ra/status/1514739168215281673

81.69.237.65:8888

# Reference: https://twitter.com/drb_ra/status/1514739231461199879

1.15.171.104:10020

# Reference: https://twitter.com/drb_ra/status/1514739308787347464

http://173.82.134.187

# Reference: https://twitter.com/drb_ra/status/1514739423014961153

192.210.231.249:3389

# Reference: https://twitter.com/drb_ra/status/1514739455885815809

1.12.218.59:999

# Reference: https://twitter.com/drb_ra/status/1514887287024369665

sophoserver.com

# Reference: https://twitter.com/drb_ra/status/1514887351511789568

http://46.166.162.96

# Reference: https://twitter.com/drb_ra/status/1514887400316710915

150.158.181.145:5000

# Reference: https://twitter.com/drb_ra/status/1514887412832473092

rdpconnection.com

# Reference: https://twitter.com/malware_traffic/status/1514822676099088384
# Reference: https://www.malware-traffic-analysis.net/2022/04/14/index.html

gmhteuster.com

# Reference: https://twitter.com/drb_ra/status/1514977837215891464

jituham.com

# Reference: https://twitter.com/drb_ra/status/1514978094095941636

service-0drqe737-1307564484.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1515012226196946948

43.138.33.133:8888

# Reference: https://twitter.com/drb_ra/status/1515012284904579080

118.25.22.185:8443

# Reference: https://twitter.com/drb_ra/status/1515012313807564809

116.204.211.148:8443

# Reference: https://twitter.com/drb_ra/status/1515012383525253128

119.91.76.222:40001

# Reference: https://twitter.com/drb_ra/status/1515012441297633288

47.94.90.57:8081

# Reference: https://twitter.com/drb_ra/status/1515012465167417349

http://101.42.223.198

# Reference: https://twitter.com/malwrhunterteam/status/1515048984221519882
# Reference: https://www.virustotal.com/gui/file/a02210273912087a25a29118b0fd02ffcf45616629a92a2aa54f47496fc13199/detection

shadow404.com

# Reference: https://twitter.com/malwrhunterteam/status/1515054653322534917
# Reference: https://www.virustotal.com/gui/file/80743593de5fc34748b2e02fd960e6131758a3f13379d77056a1a82afb6c39c0/detection

124.223.92.75:1121

# Reference: https://www.virustotal.com/gui/file/cf300bd3dde4b485492a333b6bd125bd07deed9b2fd8bfedf8fee111f5675c9b/detection
# Reference: https://www.virustotal.com/gui/file/3e70181aae075f6644bf060db9fa84854b6f0c122ce3c0c1b27654dd5b62a74a/detection

124.223.92.75:1122

# Reference: https://www.virustotal.com/gui/file/487706fde963512baf824cab4de2a3d4cacfd0b2fa7a5e9cce5eb0672d10c289/detection

124.223.92.75:1123

# Reference: https://twitter.com/malwrhunterteam/status/1515052728476741632
# Reference: https://www.virustotal.com/gui/file/801cfd47242ea171a3c3bb87f80e51aa810faf3898339027fa29ef6271fb448a/detection

110.42.178.227:3333

# Reference: https://www.virustotal.com/gui/file/12dbd78bc48bed4e68c1b3b6d0f8f8d1e11916b7ddc0aa1a214846f1e6af06ca/detection

110.42.178.227:3334

# Reference: https://twitter.com/malwrhunterteam/status/1515057040015699973
# Reference: https://www.virustotal.com/gui/file/870f0b6adca0a9c146fe4f6c885f0b294515a857db3e0b5c093ebd5e500b242f/detection

88.208.224.214:81

# Reference: https://twitter.com/malwrhunterteam/status/1515058263469002760
# Reference: https://www.virustotal.com/gui/file/700cd21701f035b271457ef5e96a9d54ceff5d751bc68de36ce01868ba4f916f/detection

139.9.214.134:5566

# Reference: https://www.virustotal.com/gui/file/291f554fd342cb0dab54287ef5d4fb51fb135d732b3029c4a90a071abfaf6e1a/detection

139.9.214.134:6666

# Reference: https://www.virustotal.com/gui/file/11531b1aa7f86043fc8531fe4c0cee8cf67018b2a8b66e6299411b0ac054d3e2/detection

139.9.214.134:6000

# Reference: https://www.virustotal.com/gui/file/f770ff5fc7642e38652c1b1e3be77237c8f732a49a3d0dd37d5c430c5179ecd6/detection

1.117.85.5:30001

# Reference: https://www.virustotal.com/gui/file/70414bf34b7d18101d491605a6b8a7f4870a55ed223343b53a5c12af57a4d8bd/detection

1.117.85.5:54301

# Reference: https://www.virustotal.com/gui/file/d553b3c6397b4f99a44663061d7bcf000f968a2c6229b3444f075f385e7f3422/detection

1.117.85.5:54302

# Reference: https://twitter.com/drb_ra/status/1515058166987427845

82.65.68.158:443

# Referecne: https://twitter.com/drb_ra/status/1515068618731569157

baduxazip.com
lerohurap.com

# Reference: https://twitter.com/drb_ra/status/1515281172577894403

http://106.55.166.56

# Reference: https://twitter.com/drb_ra/status/1515281217607901184

http://3.92.52.180

# Reference: https://twitter.com/drb_ra/status/1515281262709256192

49.232.67.116:12581

# Reference: https://twitter.com/drb_ra/status/1515281333123231747

172.104.28.21:443

# Reference: https://twitter.com/drb_ra/status/1515281370523783170

82.156.29.83:5567

# Reference: https://twitter.com/drb_ra/status/1515281415025442822

167.99.53.28:443

# Reference: https://twitter.com/drb_ra/status/1515281458516082688

120.77.11.174:443

# Reference: https://twitter.com/drb_ra/status/1515281493400199172

http://123.206.47.78

# Reference: https://twitter.com/drb_ra/status/1515281538459615235

101.33.244.132:9997

# Reference: https://twitter.com/drb_ra/status/1515281576975818757

http://81.70.245.223

# Reference: https://twitter.com/drb_ra/status/1515281605530640384

101.33.244.132:9994

# Reference: https://twitter.com/drb_ra/status/1515281634886660102

101.35.131.20:8080

# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/d/thwarting-loaders-from-socgholish-to-blisters-lockbit-payload/iocs-thwarting-loaders-socgholish-blister.txt
# Reference: https://otx.alienvault.com/pulse/62558b29c777552cb77d1347

altreeservicellc.com
bimelectrical.com
bookmark-tag.com
bootsinthebigcity.com
braprest.com
clippershipintl.com
couponbrothers.com
discountshadesdirect.com
geotypico.com
hardwarebajaar.com
imsensors.com
ksplsoft.com
pastor.com
propertyexpoandshowcase.com
setechnowork.com
sikescomposites.com
wasfatsahla.com

# Reference: https://www.virustotal.com/gui/file/51b4fa53b75ed7b0b67c4e5e087f3eff7faa0b86a3253c093e0658cdeb9364ef/detection

124.222.95.210:3389

# Reference: https://www.virustotal.com/gui/file/2018544dee406d2570a6e31cddbcdff474b2eb51ff789626ba8b2f0671e56f12/detection
# Reference: https://www.virustotal.com/gui/file/26dd63c5face104afe5cad94c5b3a171ccf37a7b8dba05b016d2fb33f5478dbd/detection
# Reference: https://www.virustotal.com/gui/file/87d8025f53b777d54ed3f321b39d9370b30e351643a0b0fae4f9ed6d85686779/detection

1.13.252.15:443

# Reference: https://www.virustotal.com/gui/file/48b3da8f7795703542c3366882d3e9f415df4caa86b5bdb20c1b1c1219e9f6cd/detection

162.14.69.43:8989

# Reference: https://www.virustotal.com/gui/file/d36ea79e00b129a19e1c0a40177a1798abdfa3279d004aba4eb18b903d99b962/detection

42.193.116.23:12331

# Reference: https://www.virustotal.com/gui/file/bb836d1aaa7faf355b43ec147dcf07621c5593e4c9248988d84fc91e016f2b87/detection

42.193.116.23:62456

# Reference: https://www.virustotal.com/gui/file/8dfadda335d8b7f570f1b983b1f99b6af133eec0aca3ca6502a682658651d5f4/detection
# Reference: https://www.virustotal.com/gui/file/5f6148c64dabd421e187ca0525b5c193a1dec9a72d231ed6e472443697e9cc9c/detection
# Reference: https://www.virustotal.com/gui/file/2168599e7ce5f46c2372df4f7e53768397db830c27e64e2e9bda6ec05742eb53/detection

42.193.116.23:8888

# Reference: https://twitter.com/malwrhunterteam/status/1515319113618530304
# Reference: https://www.virustotal.com/gui/file/7a2b48dedebc82e8559bd03a534c8b6338da6b820ac75c1f5c900adcb86ddde8/detection

http://119.28.130.192

# Reference: https://www.virustotal.com/gui/file/4c414ab0bf04a0152f2f18e59ce7782c1c13d5647027206f10e550f8d6186d43/detection

119.28.130.192:8081

# Reference: https://twitter.com/drb_ra/status/1515323452823158795

49.232.31.207:58000

# Reference: https://twitter.com/drb_ra/status/1515323509953675265

101.43.217.188:1234

# Reference: https://www.virustotal.com/gui/file/c928990d05559e85ec0c5df77ba6733354ab608cccdd213a64fdac84de6ca147/detection

45.76.144.44:443

# Reference: https://www.virustotal.com/gui/domain/mircrosoftusupdata.com/relations

mircrosoftusupdata.com
llnj.mircrosoftusupdata.com
updata.mircrosoftusupdata.com

# Reference: https://twitter.com/drb_ra/status/1515340539129995273

8.140.37.238:6666

# Reference: https://twitter.com/drb_ra/status/1515341883576397825

http://85.117.234.43

# Reference: https://twitter.com/drb_ra/status/1515341889377083401

http://39.105.208.93

# Reference: https://twitter.com/drb_ra/status/1515341923711606784

http://139.59.7.168

# Reference: https://twitter.com/malwrhunterteam/status/1515353176911892487
# Reference: https://www.virustotal.com/gui/file/b1389456cc09dacae3917620d7d2238931f51e4f5342af89598795c912865a3e/detection

82.157.174.226:9500

# Reference: https://twitter.com/drb_ra/status/1515366355020746754

zoomeye.eu.org

# Reference: https://twitter.com/drb_ra/status/1515366385429491717

http://23.94.99.61

# Reference: https://twitter.com/drb_ra/status/1515366420774797315

101.43.161.148:7788

# Reference: https://twitter.com/drb_ra/status/1515366444355182604

http://185.173.34.6
http://185.236.228.95

# Reference: https://twitter.com/drb_ra/status/1515366478190678025

51.210.243.38:7878

# Reference: https://twitter.com/drb_ra/status/1515366508725161997
# Reference: https://www.virustotal.com/gui/file/2c716d46fe3af27ab4f2ac3a0d56388c02f3dce7bc870c1b952dbc2a396eb318/detection

703a0668e1be.sn.mynetname.net

# Reference: https://twitter.com/drb_ra/status/1515366612035158018

103.232.121.58:8080

# Reference: https://www.virustotal.com/gui/file/cb43453c1d69a2daa3c9d7040e710dd7b63937b8416480dc7b9f62f1a9b459b6/detection
# Reference: https://www.virustotal.com/gui/file/c34dddc26486ec0884da1a80586093bae40a0d24681296507d4f54d8b1413593/detection
# Reference: https://www.virustotal.com/gui/file/b2e2f670867a0c207e4243ea0a15ca797a9e6c23538ddff7dbb32c59eddcfeeb/detection
# Reference: https://www.virustotal.com/gui/file/a7bcb0bfc954afa4fb9478311057951b1932a3218ecfc694e820a2bc1449b18a/detection
# Reference: https://www.virustotal.com/gui/file/8f55255ef610d1a21a495ad4ae8d90ee99f2d50a71e88c3b54039a4185629f59/detection
# Reference: https://www.virustotal.com/gui/file/5f409bfeec0a93d70bf8e6b1c822093fba8329a26af2d620229caafd1a4fc936/detection
# Reference: https://www.virustotal.com/gui/file/071cdc67ccde2d56bc1a6f067016ef8d3d463c6c0624a38902691afc0c795fde/detection

101.35.199.101:98

# Reference: https://www.virustotal.com/gui/file/a9a8119cb907b650dffec17ce636e7503a0defe2ee2bd228480204c4f882381f/detection
# Reference: https://www.virustotal.com/gui/file/95fd08cb346b2a809eb1e7a7f7ed9982715b1912ba53cbc02833c82db02274f5/detection

restcdn.com

# Reference: https://www.virustotal.com/gui/file/a0aec3e9cb3572a71c59144e9088d190b4978056c5c72d07cb458480213f2964/detection

xxx.xxxx.tk

# Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia
# Reference: https://otx.alienvault.com/pulse/616d8cc39644387aa43dfae0

perfect-couple.com

# Reference: https://twitter.com/drb_ra/status/1515373426478927879

43.129.88.120:62055

# Reference: https://twitter.com/drb_ra/status/1515373529373593610

120.53.242.38:8080

# Reference: https://twitter.com/drb_ra/status/1515373551943049219

114.115.164.160:55555

# Reference: https://twitter.com/drb_ra/status/1515373583761129474

http://120.76.116.180

# Reference: https://twitter.com/drb_ra/status/1515373623049134081

123.57.32.77:49501

# Reference: https://twitter.com/drb_ra/status/1515373723590832130

114.118.4.216:7777

# Reference: https://twitter.com/drb_ra/status/1515411438369660937

service-r0nnclyg-1304529387.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1515411475015286786

http://95.216.138.136

# Reference: https://twitter.com/drb_ra/status/1515411510666932226

http://150.158.138.113

# Reference: https://twitter.com/drb_ra/status/1515411588328849408

service-i0mio3wr-1308561699.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1515411595328987137

92.255.85.92:8832

# Reference: https://twitter.com/drb_ra/status/1515411622344507394

149.28.79.122:1234

# Reference: https://twitter.com/drb_ra/status/1515411691319832580

http://168.100.11.218

# Reference: https://twitter.com/drb_ra/status/1515411723091648520

http://39.104.80.78

# Reference: https://twitter.com/drb_ra/status/1515411759250694154

154.12.42.214:9990

# Reference: https://twitter.com/drb_ra/status/1515411773532344329

152.32.167.186:99
xyz.moonmu.isasecret.com

# Reference: https://twitter.com/drb_ra/status/1515420300971843584

185.145.151.243:443

# Reference: https://twitter.com/drb_ra/status/1515430996920918027

84.32.188.245:444

# Reference: https://twitter.com/drb_ra/status/1515431098553098252

39.96.0.85:5454

# Reference: https://twitter.com/drb_ra/status/1515431173522182148

47.94.20.209:8080

# Reference: https://twitter.com/drb_ra/status/1515464146959192070

82.157.238.62:443

# Reference: https://twitter.com/drb_ra/status/1515464198637113344

78.129.165.232:443

# Reference: https://twitter.com/drb_ra/status/1515464231503777798

78.129.165.232:8080

# Reference: https://twitter.com/drb_ra/status/1515464262524751873
# Reference: https://twitter.com/drb_ra/status/1515464263590162434

d12eqwiz49ne6p.cloudfront.net
d1u718w4a9idn1.cloudfront.net
d2gr4b8egk2sl.cloudfront.net
d3fmwabz3e4rcp.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1515464308649607168

182.92.111.143:12345

# Reference: https://twitter.com/drb_ra/status/1515464337728712707

88.85.89.96:81

# Reference: https://twitter.com/drb_ra/status/1515464361560748035

45.43.36.130:443

# Reference: https://twitter.com/drb_ra/status/1515464375762628608

http://91.243.34.145

# Reference: https://twitter.com/drb_ra/status/1515464492204892169

43.138.27.53:8888

# Reference: https://twitter.com/drb_ra/status/1515464630218461189

54.175.140.113:443

# Reference: https://twitter.com/drb_ra/status/1515464666750853120

5.39.221.52:8532

# Reference: https://twitter.com/drb_ra/status/1515464697566404617

216.244.95.165:1443
releasemyapps.com
update.releasemyapps.com

# Reference: https://twitter.com/drb_ra/status/1515464746610438147

service-51xdqlon-1255564764.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1515464776771678213

15.152.54.30:443

# Reference: https://twitter.com/drb_ra/status/1515464829108207616

124.221.247.8:801

# Reference: https://twitter.com/drb_ra/status/1515464858849923072

146.0.74.45:8443
axikok.com

# Reference: https://twitter.com/drb_ra/status/1515464887568420872

ics.support

# Reference: https://twitter.com/drb_ra/status/1515464922850902025

amazing2021.net
1.amazing2021.net
ak.1.amazing2021.net

# Reference: https://twitter.com/drb_ra/status/1515464954282926081

support-microsoft-update.com
updates.support-microsoft-update.com

# Reference: https://twitter.com/drb_ra/status/1515464985228550152

123.57.134.234:44444

# Reference: https://twitter.com/drb_ra/status/1515465041050419200

194.163.43.223:1443

# Reference: https://twitter.com/drb_ra/status/1515465068862918664

39.102.49.118:443

# Reference: https://twitter.com/drb_ra/status/1515465116736794631

http://87.251.75.10

# Reference: https://twitter.com/drb_ra/status/1515465189000368131

195.201.164.176:443

# Reference: https://twitter.com/drb_ra/status/1515465338976186375

xt4ahhp8o9.execute-api.us-east-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1515465340091838470

e6yeun02cb.execute-api.us-east-1.amazonaws.com

# Reference: https://twitter.com/drb_ra/status/1515465405254541316

102.221.129.243:443

# Reference: https://twitter.com/drb_ra/status/1515465488087891980

java-land.com

# Reference: https://twitter.com/drb_ra/status/1515465511928307717

121.37.236.180:82

# Reference: https://twitter.com/drb_ra/status/1515465539073843211

82.157.156.49:8443

# Reference: https://twitter.com/drb_ra/status/1515630705576976388

service-1caoesbn-1300733485.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1515630744831471626

124.223.95.48:10001

# Reference: https://twitter.com/drb_ra/status/1515630852818055171

http://82.156.210.40

# Reference: https://twitter.com/drb_ra/status/1515630933134696450

101.43.149.38:3389

# Reference: https://twitter.com/drb_ra/status/1515631143458123776

60.205.222.26:6512

# Reference: https://twitter.com/drb_ra/status/1515644600958046210

wiki.baike.com.cdn.dnsv1.com.cn

# Reference: https://twitter.com/drb_ra/status/1515644638115336192

42.193.116.23:22222

# Reference: https://twitter.com/drb_ra/status/1515644661104365575

47.93.51.191:2087
tnnd.ml
jt.tnnd.ml

# Reference: https://twitter.com/drb_ra/status/1515645310881734663

152.70.116.67:443

# Reference: https://twitter.com/drb_ra/status/1515649808622665729

globalwiki.workers.dev
check.globalwiki.workers.dev

# Reference: https://www.virustotal.com/gui/file/b00a229f9b18ba20d6a4a8cb16e3d64738cc12ebad041eeeddec76da287272a8/detection

88.202.190.25:443

# Reference: https://www.virustotal.com/gui/file/044497afeaf86718fea82f41edfa5412fde0d934f53f1d59fff02efb556babcd/detection

88.202.190.25:4431

# Reference: https://www.virustotal.com/gui/file/b55e9d65a3130f543360a9c488d35475d4789ee7a32a4e94d02f33c21a172bcb/detection
# Reference: https://www.virustotal.com/gui/file/17396e2081bc907bc0cbda0c4fa360647d3348a4fc6ecc8f25d2c042ce039b97/detection

http://79.133.41.237
79.133.41.237:3030
79.133.41.237:4001

# Reference: https://www.virustotal.com/gui/file/dd40c10edb977915dbda58c61d2607528f2757d0411d9f4afc813ed315a59689/detection
# Reference: https://www.virustotal.com/gui/file/8828848abd439698aed441197e455be2b09f18845cd2ee83ebd6b5a486b8cdd4/detection
# Reference: https://www.virustotal.com/gui/file/12c9f6699f64c757aebf5d9120d95a612826bee0ffe7676812b28bd31e86c9c0/detection

27.102.127.240:3001

# Reference: https://www.virustotal.com/gui/file/b28d8fe4daffbe4d16cc8c7bd5f51d161d58e96d7cf652eb586d958a2cb4e1b3/detection
# Reference: https://www.virustotal.com/gui/file/517f26b044ed5735a3bcab6e77d84f4cc1346d96ec70a2282a2d20629c05ad93/detection

122.165.141.2:6464
122.165.141.2:8888

# Reference: https://twitter.com/drb_ra/status/1515678275317780486
# Reference: https://www.virustotal.com/gui/file/086384dd67278c6d6bb42ab42fc52b76e7f29cc5e447a9ba3fcbe0465c8efecd/detection

res.mall.10010.cn

# Reference: https://twitter.com/drb_ra/status/1515678300194095107

123.57.32.77:49502

# Reference: https://twitter.com/drb_ra/status/1515724300547993615

generalconsolidated.com

# Reference: https://twitter.com/drb_ra/status/1515724341836660746

46.29.160.203:443

# Reference: https://twitter.com/drb_ra/status/1515724380134940680

39.105.56.145:9002

# Reference: https://twitter.com/drb_ra/status/1515724382580224009

43.228.90.9:8088

# Reference: https://twitter.com/drb_ra/status/1515724411281850369

http://1.15.22.131

# Reference: https://twitter.com/drb_ra/status/1515724440297955342

106.13.95.3:8080

# Reference: https://twitter.com/drb_ra/status/1515724466285953030

http://45.77.244.203

# Reference: https://twitter.com/drb_ra/status/1515724500465336323

119.45.116.254:8090

# Reference: https://twitter.com/drb_ra/status/1515724532161597442

81.70.252.193:7777

# Reference: https://twitter.com/drb_ra/status/1515724569809756160

45.77.244.203:4444

# Reference: https://twitter.com/drb_ra/status/1515769155743535106

82.156.29.83:5568

# Reference: https://twitter.com/drb_ra/status/1515769281237168134

abc.flash-com.tk

# Reference: https://twitter.com/drb_ra/status/1515769372173869061

8.140.37.238:8080

# Reference: https://twitter.com/drb_ra/status/1515817227961999383

101.200.202.216:1443

# Reference: https://twitter.com/drb_ra/status/1515817268839596039

http://154.26.198.109

# Reference: https://twitter.com/drb_ra/status/1515817306487726080

service-1fzs22ix-1258472441.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1515817332387495937

101.34.148.38:8008

# Reference: https://twitter.com/drb_ra/status/1515817339299766273

20.198.241.15:443

# Reference: https://twitter.com/drb_ra/status/1515817389857939461

120.132.81.175:8443
bilibi1i.com
cs.bilibi1i.com

# Reference: https://twitter.com/drb_ra/status/1515817443205206021

185.239.87.112:8080

# Reference: https://twitter.com/drb_ra/status/1515817472506671105

82.157.64.227:8081

# Reference: https://twitter.com/drb_ra/status/1515817500637810690

service-nl1htblb-1255679021.sh.apigw.tencentcs.com
/api/lafjgewlqlglqnva
/lafjgewlqlglqnva

# Reference: https://twitter.com/drb_ra/status/1515933440084000769

service-e5ovbwld-1258235968.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1515933517376487426

http://124.221.254.184

# Reference: https://twitter.com/drb_ra/status/1515996133167964163

120.24.210.164:6661

# Reference: https://twitter.com/drb_ra/status/1515999158531932162

http://119.29.93.18

# Reference: https://twitter.com/drb_ra/status/1515999475621412870

119.3.130.178:8888

# Reference: https://twitter.com/drb_ra/status/1516000794713247748

124.223.174.208:81

# Reference: https://www.virustotal.com/gui/file/e29626e9cf755cc084adf9c08b0f6fd5750d86f5cfe580ca971c29c0110f590e/detection

110.42.185.232:8081

# Reference: https://twitter.com/malwrhunterteam/status/1516059329962680321
# Reference: https://www.virustotal.com/gui/file/ddc984a2ab0e92694b58c6ec7d583bb1d5fc0cf83f632e5d2afa67bd34d3538c/detection

150.158.1.2:8888

# Reference: https://twitter.com/malwrhunterteam/status/1516074984883503106
# Reference: https://www.virustotal.com/gui/file/e92d91d83c52fa470b6712c3d9faca584f8e3b2d31a26b6212ee0a3b1804e6fd/detection

106.15.251.167:12221

# Reference: https://cert.gov.ua/article/39708 (Ukrainian)
# Reference: https://www.circl.lu/doc/misp/feed-osint/1b2b6e15-3655-4648-afcb-c93214187736.json
# Reference: https://www.virustotal.com/gui/ip-address/84.32.188.29/relations
# Reference: https://www.virustotal.com/gui/file/ea9dae45f81fe3527c62ad7b84b03d19629014b1a0e346b6aa933e52b0929d8a/detection

http://138.68.229.0
15ns83-fedex.us
15ns84-fedex.us
6e3283-fedex.us
6e3284-fedex.us
8evx83-fedex.us
8evx84-fedex.us
9wor83-fedex.us
9wor84-fedex.us
ba4x83-fedex.us
ba4x84-fedex.us
c1tf83-fedex.us
c1tf84-fedex.us
d2xv83-fedex.us
d2xv84-fedex.us
dbg983-fedex.us
dbg984-fedex.us
e5qo83-fedex.us
e5qo84-fedex.us
enzj83-fedex.us
enzj84-fedex.us
fx7u83-fedex.us
fx7u84-fedex.us
glsc83-fedex.us
glsc84-fedex.us
igik83-fedex.us
igik84-fedex.us
ikbz83-fedex.us
ikbz84-fedex.us
jec983-fedex.us
jec984-fedex.us
jfws83-fedex.us
jfws84-fedex.us
k7hk83-fedex.us
k7hk84-fedex.us
k9yr83-fedex.us
k9yr84-fedex.us
koda83-fedex.us
koda84-fedex.us
mqqo83-fedex.us
mqqo84-fedex.us
nktc83-fedex.us
nktc84-fedex.us
nqe383-fedex.us
nqe384-fedex.us
nzvx83-fedex.us
nzvx84-fedex.us
odht83-fedex.us
odht84-fedex.us
po1f83-fedex.us
po1f84-fedex.us
qtad83-fedex.us
qtad84-fedex.us
r6bx83-fedex.us
r6bx84-fedex.us
rl6s83-fedex.us
rl6s84-fedex.us
sv8n83-fedex.us
sv8n84-fedex.us
u0b183-fedex.us
u0b184-fedex.us
urrb83-fedex.us
urrb84-fedex.us
wdhx83-fedex.us
wdhx84-fedex.us
wlnx83-fedex.us
wlnx84-fedex.us
wubl83-fedex.us
wubl84-fedex.us
xeuo83-fedex.us
xeuo84-fedex.us
xp9v83-fedex.us
xp9v84-fedex.us
xt5i83-fedex.us
xt5i84-fedex.us
ybix83-fedex.us
ybix84-fedex.us
ycr583-fedex.us
ycr584-fedex.us
zqjr83-fedex.us
zqjr84-fedex.us
kitchenbath.mckillican.com

# Reference: https://twitter.com/drb_ra/status/1516008333144203274

106.54.173.74:50048

# Reference: https://twitter.com/drb_ra/status/1516008659138105346

http://49.232.143.161

# Reference: https://twitter.com/drb_ra/status/1516008770198982656

46.20.96.169:6666
82.157.149.243:6666

# Refeence: https://twitter.com/drb_ra/status/1516009619138752515

service-r0elg9vo-1305471045.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1516010283944316933

62.234.116.141:86

# Reference: https://twitter.com/drb_ra/status/1516048904017612804

146.0.74.45:8080

# Reference: https://twitter.com/drb_ra/status/1516049245807202304

216.127.185.26:8081

# Reference: https://twitter.com/drb_ra/status/1516049322420412424

47.94.11.15:8002

# Reference: https://twitter.com/drb_ra/status/1516049373196689409

101.43.134.163:7788

# Reference: https://twitter.com/drb_ra/status/1516049446399889418

42.192.248.107:8099

# Reference: https://twitter.com/drb_ra/status/1516049474505908228

service-e60mr68b-1304173911.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1516049632257839105

service-4btak4si-1304885988.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1516049811472097282

23.224.70.157:3377

# Reference: https://twitter.com/drb_ra/status/1516050009187360770

45.43.36.130:443

# Reference: https://twitter.com/drb_ra/status/1516050021610893313

http://1.14.104.117

# Reference: https://twitter.com/drb_ra/status/1516050225474985984

150.158.137.72:443

# Reference: https://twitter.com/drb_ra/status/1516050322464153601

119.45.167.3:8081

# Reference: https://twitter.com/drb_ra/status/1516111271451582473

82.157.137.174:8899

# Reference: https://twitter.com/drb_ra/status/1516111327969824776

8.142.131.209:443

# Reference: https://twitter.com/drb_ra/status/1516111359846592513

http://2.58.149.183

# Reference: https://twitter.com/drb_ra/status/1516111377986904064

20.110.209.33:81

# Reference: https://twitter.com/drb_ra/status/1516111409939206151

175.178.193.194:443

# Reference: https://twitter.com/drb_ra/status/1516111452448436233

http://51.81.30.185

# Reference: https://twitter.com/drb_ra/status/1516111526935109644

service-edlylxwr-1252395710.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1516111566265012232

84.32.188.104:448

# Reference: https://twitter.com/drb_ra/status/1516111591489642507

5.9.120.149:443

# Reference: https://twitter.com/drb_ra/status/1516111619683766275

79.110.52.171:8043

# Reference: https://twitter.com/drb_ra/status/1516111655834423307

20.110.209.33:83

# Reference: https://twitter.com/drb_ra/status/1516111732531474435

152.67.211.211:443

# Reference: https://twitter.com/drb_ra/status/1516111773706948616

49.7.217.34:8022

# Reference: https://twitter.com/drb_ra/status/1516114511601803268

mylovelylab.com
cv.mylovelylab.com
xc.mylovelylab.com
zx.mylovelylab.com

# Reference: https://twitter.com/drb_ra/status/1516114631705640963

dexatyn.com

# Reference: https://twitter.com/drb_ra/status/1516114751742427139

sharedresourcesltd.com
cv.sharedresourcesltd.com
xc.sharedresourcesltd.com
zx.sharedresourcesltd.com

# Reference: https://twitter.com/drb_ra/status/1516114844147236869

http://84.32.188.189

# Reference: https://twitter.com/drb_ra/status/1516137472278863880

23.227.198.203:1080
lastupdatebd.com
downloads.lastupdatebd.com

# Reference: https://twitter.com/drb_ra/status/1516137568949219340

152.136.116.68:17443

# Reference: https://twitter.com/drb_ra/status/1516137636724891651

152.136.116.68:17443

# Reference: https://twitter.com/drb_ra/status/1516137636724891651

eonhris.com
api.eonhris.com
bo.eonhris.com
cdn-stage-dsr.eonhris.com
cdn-stage.eonhris.com
cdn.eonhris.com
dsr-stage.eonhris.com
portal.eonhris.com
stage-bo.eonhris.com
stage-portal.eonhris.com
stage.eonhris.com
cdn-stage.eonhris.com

# Reference: https://twitter.com/malwrhunterteam/status/1516146379298590731
# Reference: https://www.virustotal.com/gui/file/30c4197ea35f394252d768d2068b325f0ba99bc7c596ad72f66ddf5353d4afac/detection

http://173.230.139.232
itechnote.com
/shorebreak-test-bits

# Reference: https://twitter.com/malwrhunterteam/status/1516148348436234256
# Reference: https://www.virustotal.com/gui/file/8867b38a93bfd2dd582614455cbe88ef1b548d6c5e97be466a38233840445f4d/detection

43.138.28.154:4949

# Reference: https://twitter.com/drb_ra/status/1516164252683452430

usb.jkshahclasses.com

# Reference: https://twitter.com/drb_ra/status/1516165710547980301

101.43.149.38:1433

# Reference: https://twitter.com/malwrhunterteam/status/1516348086934814721
# Reference: https://www.virustotal.com/gui/file/6ab656258eca9937679db3679ea202d1eb48b520aee1a74dc16e9ce0ec74541d/detection

154.23.247.5:8080

# Reference: https://www.virustotal.com/gui/file/c7784f0373b36e09b80ac72e18068821af9c10634fda6a7a1e82213dcd9a9fee/detection

157.27.85.50:8080

# Reference: https://twitter.com/malwrhunterteam/status/1516333327137099784
# Reference: https://www.virustotal.com/gui/file/91beaef6b1341221e213102b21b03a36117b50771fee82e84905ab3e0190429f/detection

103.234.72.119:8899

# Reference: https://twitter.com/drb_ra/status/1516411788740419595

47.243.44.143:2095
wangzha157.xyz

# Reference: https://twitter.com/drb_ra/status/1516200274901323781

182.92.169.174:8443

# Reference: https://twitter.com/drb_ra/status/1516200358556676101

198.148.126.33:8070

# Reference: https://twitter.com/drb_ra/status/1516200431176802306

202.58.105.72:10010

# Reference: https://twitter.com/drb_ra/status/1516200461396848649

121.5.117.32:30005

# Reference: https://twitter.com/drb_ra/status/1516200494888325128

124.223.17.79:81

# Reference: https://twitter.com/drb_ra/status/1516208533733318656
# Reference: https://www.virustotal.com/gui/file/17d34747d65ec8824a4bea56a44c23ec388943fe66757e1b743f206809a418b8/detection
# Reference: https://www.virustotal.com/gui/file/00d9f5dddbfe38b3aa354df70c5b19d8a6bbdc2947e4f846350a0870c453f494/detection

134.209.92.85:443

# Reference: https://twitter.com/drb_ra/status/1516208602813542404

69.49.229.88:443

# Reference: https://twitter.com/drb_ra/status/1516209495495610370

http://69.49.229.88

# Reference: https://twitter.com/drb_ra/status/1516208627719327745

78.128.112.215:443

# Reference: https://twitter.com/drb_ra/status/1516208723919884300

180.76.161.95:4433

# Reference: https://twitter.com/drb_ra/status/1516208777724370949

47.90.202.152:443

# Reference: https://twitter.com/drb_ra/status/1516208864332550145

198.58.114.76:8080

# Reference: https://www.virustotal.com/gui/file/5c20ddafa3bee529a6a4d3801dbb7b6c6d5fc5163de871e756330ff2a0414aa3/detection

http://172.105.28.180

# Reference: https://twitter.com/drb_ra/status/1516209396904345603

d3vzfaxajuyawj.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1516209560167632903

167.99.53.28:443

# Reference: https://twitter.com/drb_ra/status/1516209748949012486

http://159.89.206.190

# Reference: https://twitter.com/drb_ra/status/1516209770973339651

45.117.102.139:443

# Reference: https://twitter.com/drb_ra/status/1516209919250337797

tengxun.ink
ns.tengxun.ink

# Reference: https://twitter.com/drb_ra/status/1516210269583728657

43.129.7.189:8080

# Reference: https://twitter.com/drb_ra/status/1516337239344791556

82.157.64.227:8082

# Reference: https://twitter.com/drb_ra/status/1516338624752721920

60.205.206.146:4444

# Reference: https://twitter.com/drb_ra/status/1516339314573119489

http://103.56.112.187

# Reference: https://twitter.com/drb_ra/status/1516348147861233667

47.94.162.233:8080

# Reference: https://twitter.com/drb_ra/status/1516348182376157189

47.101.45.133:443

# Reference: https://twitter.com/drb_ra/status/1516348233253068800

82.157.156.49:443

# Reference: https://twitter.com/drb_ra/status/1516348267298275331

39.107.105.145:18000

# Reference: https://twitter.com/drb_ra/status/1516348319467032578

103.234.72.62:81

# Reference: https://twitter.com/drb_ra/status/1516348363456880646

39.107.43.1:8088

# Reference: https://twitter.com/drb_ra/status/1516411990868217866

pfsensse.com

# Reference: https://twitter.com/drb_ra/status/1516412058207666186

cabinet-cse.fr

# Reference: https://twitter.com/drb_ra/status/1516412312051228675

46.30.188.66:443

# Reference: https://twitter.com/drb_ra/status/1516412416015405056

115.29.171.175:443

# Reference: https://twitter.com/drb_ra/status/1516412575642267655

101.43.160.130:443

# Reference: https://twitter.com/drb_ra/status/1516412738649694222

23.227.190.216:8080

# Reference: https://twitter.com/drb_ra/status/1516412870094950415

49.233.115.153:6443
sechack.online
combo.sechack.online

# Reference: https://twitter.com/drb_ra/status/1516412951544180748

42.192.43.92:8443
yxdhz.ml

# Reference: https://twitter.com/drb_ra/status/1516415955181740038

39.105.15.102:9999

# Reference: https://twitter.com/drb_ra/status/1516412999975768065

120.76.116.180:443

# Reference: https://twitter.com/drb_ra/status/1516413132251570189

149.56.6.0:81
cloudi.cf
cdn.cloudi.cf

# Reference: https://twitter.com/drb_ra/status/1516413250518364161

8.140.12.158:8443

# Reference: https://twitter.com/drb_ra/status/1516413380600471562

us-central1-vt-9874.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1516413422287699969

loli666.workers.dev
spring-silence-688e.loli666.workers.dev

# Reference: https://twitter.com/drb_ra/status/1516413460397056007

124.71.228.92:443

# Reference: https://twitter.com/drb_ra/status/1516413516474892298

119.84.140.11:443

# Reference: https://twitter.com/drb_ra/status/1516413518031032330

39.101.66.165:443
183.66.105.67:443

# Reference: https://twitter.com/drb_ra/status/1516413519557804043

218.201.40.170:443

# Reference: https://twitter.com/drb_ra/status/1516413521013129216

183.224.33.71:443

# Reference: https://twitter.com/drb_ra/status/1516413522556637184

183.66.105.63:443

# Reference: https://twitter.com/drb_ra/status/1516413524653887492

118.112.27.142:443

# Reference: https://twitter.com/drb_ra/status/1516413829000970243

146.70.87.211:443

# Reference: https://twitter.com/drb_ra/status/1516413928250777612

us-central1-cswg-343019.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1516414067455541248

certificate-infrastructure.com
exch01.certificate-infrastructure.com

# Reference: https://twitter.com/drb_ra/status/1516414232623042570
# Reference: https://twitter.com/drb_ra/status/1516503760335421448

210.16.100.2:8080
210.16.100.2:8443
molekraftness.com
local.molekraftness.com

# Reference: https://twitter.com/drb_ra/status/1516414272745754635

146.70.87.22:5000

# Reference: https://twitter.com/drb_ra/status/1516414584214728707

http://119.45.167.101

# Reference: https://twitter.com/drb_ra/status/1516414737143275524

178.128.58.166:443

# Reference: https://twitter.com/drb_ra/status/1516414838834085892

121.5.170.147:3306
49.7.90.185:3306

# Reference: https://twitter.com/drb_ra/status/1516414901404717057

doc.run

# Reference: https://twitter.com/drb_ra/status/1516414992823762959

8.131.84.239:111

# Reference: https://twitter.com/drb_ra/status/1516415082791587843

45.142.122.242:443

# Reference: https://twitter.com/drb_ra/status/1516415158876262402

176.113.115.165:443

# Reference: https://twitter.com/drb_ra/status/1516415224882114563

http://103.152.133.242

# Reference: https://twitter.com/drb_ra/status/1516415283551997964

1.14.76.65:8889

# Reference: https://twitter.com/drb_ra/status/1516415311536402438

http://54.39.83.137

# Reference: https://twitter.com/drb_ra/status/1516415357849935881

172.98.199.121:8888

# Reference: https://twitter.com/drb_ra/status/1516415389336539148

81.70.243.133:7443

# Reference: https://twitter.com/drb_ra/status/1516415425139154948

http://199.127.63.221

# Reference: https://twitter.com/drb_ra/status/1516415613266239489

213.152.176.185:443

# Reference: https://twitter.com/drb_ra/status/1516415672414351378

37.72.175.27:1080

# Reference: https://twitter.com/drb_ra/status/1516415778194612234

161.35.196.150:443

# Reference: https://twitter.com/drb_ra/status/1516415878597910541

39.105.15.102:9999

# Reference: https://twitter.com/malwrhunterteam/status/1516419562308345867
# Reference: https://www.virustotal.com/gui/file/a29917220d6f86466601c1a9ba33c40414e2b95b7e070f3ad871cc64fb2647a9/detection

47.103.15.237:8081

# Reference: https://twitter.com/drb_ra/status/1516456763637309442

47.243.12.227:10087

# Reference: https://twitter.com/drb_ra/status/1516456802577178625

45.124.112.142:881
cszf.zsqiji.com

# Reference: https://twitter.com/drb_ra/status/1516456832851750920

service-7dlgyp8p-1306943677.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1516456834659459084

101.35.102.12:8081

# Reference: https://twitter.com/drb_ra/status/1516456876011139084

101.35.96.214:8033

# Referecne: https://twitter.com/drb_ra/status/1516456913252364302

http://106.54.186.193

# Reference: https://twitter.com/drb_ra/status/1516456948203405315

http://104.194.232.59

# Reference: https://twitter.com/drb_ra/status/1516456992935755781

42.194.184.127:8001

# Reference: https://twitter.com/drb_ra/status/1516457050154409987

http://45.207.45.40

# Reference: https://twitter.com/drb_ra/status/1516457153476898825

82.156.241.148:2096
telegram.tools

# Reference: https://twitter.com/drb_ra/status/1516457196221079560

joinc2.net.global.prod.fastly.net

# Reference: https://twitter.com/drb_ra/status/1516457279033421831

45.77.135.52:8080

# Reference: https://twitter.com/drb_ra/status/1516457319676186625

23.224.131.145:2080

# Reference: https://twitter.com/drb_ra/status/1516457363942907911

http://43.154.39.165

# Reference: https://twitter.com/drb_ra/status/1516457399451889671

23.224.70.158:3377

# Reference: https://twitter.com/drb_ra/status/1516503688357072914

52.211.198.240:443

# Reference: https://twitter.com/drb_ra/status/1516504643337138186

http://114.115.249.149

# Reference: https://twitter.com/drb_ra/status/1516504753894735875

49.7.90.185:9999

# Reference: https://twitter.com/drb_ra/status/1516504804553592833

45.227.255.187:443

# Reference: https://twitter.com/drb_ra/status/1516505218350997505

23.224.70.229:4433

# Reference: https://twitter.com/malwrhunterteam/status/1516854922586775558
# Reference: https://www.virustotal.com/gui/file/159dd2c338f56a1d61add5e5e14c1ff43babd7503ed09e6741628a993589462b/detection

154.92.15.124:19811
154.92.15.124:8999

# Reference: https://pastebin.com/B9HpTUee
# Reference: https://pastebin.com/zVGcGHuS

auth.limanowa.top
bfer.yxle.cn
woshinibaba.gq
ez.woshinibaba.gq
medicalmail.org
monadore.top
motivationalhindi.in
service-2rawgstq-1306320113.gz.apigw.tencentcs.com
service-3vkjh0i2-1253759078.gz.apigw.tencentcs.com
service-6p78e619-1307066631.sh.apigw.tencentcs.com
service-e5ovbwld-1258235968.sh.apigw.tencentcs.com
service-h4i1r6bo-1306266622.gz.apigw.tencentcs.com
service-jrqcrl2i-1254191709.gz.apigw.tencentcs.com
chaitin.cc
update.chaitin.cc
360sec.tk
akillz.tk
bsbbsb.xyz
gdcgx.com
ncjxcfs.rest

# Reference: https://www.virustotal.com/gui/ip-address/104.207.140.218/relations
# Reference: https://www.virustotal.com/gui/file/0906273884fdd14dfc89eea5c252fd46d5fcd000692e4af7e258048b5588b4d0/detection

us-system3.com

# Reference: https://twitter.com/drb_ra/status/1516539620212846601

service-ibw2lltv-1305582521.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1516550103972167689
# Reference: https://www.virustotal.com/gui/file/1e2764bb26ff7ceb1d8b4a03e6ad8ebd1dca8a0ce1f5e4366de0f17c02a234cf/detection

http://108.62.118.247
108.62.118.247:443
yubicil.com

# Reference: https://twitter.com/drb_ra/status/1516625000257703940

us-central1-fds17159.cloudfunctions.net

# Reference: https://twitter.com/drb_ra/status/1516625011779547140

39.103.181.132:443

# Reference: https://twitter.com/drb_ra/status/1516625197616484357

1.15.152.82:443

# Reference: https://twitter.com/drb_ra/status/1516699813806592004

azsp.xyz

# Reference: https://twitter.com/drb_ra/status/1516701466760826881

vcat.cf
cs.vcat.cf

# Reference: https://twitter.com/drb_ra/status/1516718004364582918

204.48.24.99:8443

# Reference: https://twitter.com/drb_ra/status/1516718064812888069

81.70.252.193:9999

# Reference: https://twitter.com/drb_ra/status/1516718102809133057

vd9bc5.tk
test.vd9bc5.tk

# Reference: https://twitter.com/drb_ra/status/1516718143758082049

43.138.150.21:443

# Reference: https://twitter.com/drb_ra/status/1516761603932364801

flaoxetin.com

# Reference: https://twitter.com/drb_ra/status/1516776070061740038

http://216.127.185.26

# Reference: https://twitter.com/drb_ra/status/1516815747049304064

beautyhealthandlifestyle.com

# Reference: https://twitter.com/drb_ra/status/1516815786115051532

http://23.94.40.221

# Reference: https://twitter.com/drb_ra/status/1516815822882316293

81.70.163.127:7788

# Reference: https://twitter.com/drb_ra/status/1516815855140622337

unionsellerltd.com
cv.unionsellerltd.com
xc.unionsellerltd.com
zx.unionsellerltd.com

# Reference: https://twitter.com/drb_ra/status/1516815915844788231

138.197.133.173:443

# Reference: https://twitter.com/drb_ra/status/1516815947507671055

http://146.196.65.168

# Reference: https://twitter.com/drb_ra/status/1516815981288599568

23.224.181.102:3365

# Reference: https://twitter.com/drb_ra/status/1516816009189019651

5.188.33.209:2096
f1ash.ml
cs.f1ash.ml

# Reference: https://twitter.com/drb_ra/status/1516816051169865737

http://93.95.229.160

# Reference: https://twitter.com/drb_ra/status/1516816096854257672
# Reference: https://twitter.com/drb_ra/status/1516816160238489604

107.173.209.230:8080
107.173.209.230:8443
forsimillarrequests.com
download.forsimillarrequests.com

# Reference: https://twitter.com/drb_ra/status/1516816133852221440

104.194.73.118:9902

# Reference: https://twitter.com/drb_ra/status/1516816210205331460

http://1.15.246.118

# Reference: https://twitter.com/drb_ra/status/1516816240064487425

http://160.124.103.182

# Reference: https://twitter.com/drb_ra/status/1516816275963629575

http://20.239.162.157

# Reference: https://twitter.com/drb_ra/status/1516865845829513216

49.234.143.151:8099

# Reference: https://twitter.com/drb_ra/status/1516866053489496064

47.103.142.250:443

# Reference: https://twitter.com/drb_ra/status/1516947153310134272

49.233.42.178:8088

# Reference: https://twitter.com/drb_ra/status/1516947180329877504

212.193.30.42:443

# Reference: https://twitter.com/drb_ra/status/1516947210545553409

82.156.29.211:4444

# Reference: https://twitter.com/drb_ra/status/1516947213175431169

192.158.232.40:443

# Reference: https://twitter.com/drb_ra/status/1516947250257272833

190.104.10.16:53
64.227.77.39:53

# Reference: https://twitter.com/drb_ra/status/1516947278287851523

199.101.170.164:12560

# Reference: https://twitter.com/drb_ra/status/1516947306863599617

194.37.97.157:1080

# Reference: https://twitter.com/drb_ra/status/1516947387960500226

198.58.114.76:8080

# Reference: https://twitter.com/drb_ra/status/1516987109281873921

8.140.12.158:5443

# Reference: https://twitter.com/drb_ra/status/1517062542375501825

service-mmtrmxwn-1306943677.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1517077148439302144

103.214.146.150:8801

# Reference: https://twitter.com/drb_ra/status/1517077230630981632

198.211.48.211:443
ch1.site
sb.ch1.site

# Reference: https://twitter.com/drb_ra/status/1517077275929423874

120.132.81.153:8900

# Reference: https://twitter.com/drb_ra/status/1517077323211759623

185.70.186.133:446

# Reference: https://gist.github.com/usualsuspect/6b2b3f85c4e7d703bca1481d8df00204
# Reference: https://www.virustotal.com/gui/ip-address/143.198.131.210/relations
# Reference: https://www.virustotal.com/gui/file/91219918db4bf76ade5297d680a81ba5c79990f137afe160b56da4634bc1981c/detection

143.198.131.210:443
costacancordia.com
standwithukraine.space
dns.standwithukraine.space
ns1.standwithukraine.space
dns.costacancordia.com
ns1.costacancordia.com

# Reference: https://twitter.com/drb_ra/status/1517077419047460864

produce.netafim-usa-greenhouse.com

# Reference: https://twitter.com/drb_ra/status/1517077475213426689

139.155.85.121:8090

# Reference: https://twitter.com/drb_ra/status/1517137478502653954

http://185.70.186.133

# Reference: https://twitter.com/drb_ra/status/1517137641669419012

azsp.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1517137672535347205

120.132.81.153:8901

# Reference: https://twitter.com/drb_ra/status/1517137758807937026

syncorporation.com

# Reference: https://twitter.com/drb_ra/status/1517138397013323777

http://204.48.24.99

# Reference: https://twitter.com/drb_ra/status/1517139203439558658
# Reference: https://www.virustotal.com/gui/file/d5d186e16a4d5a87e45397d388ed996c6a1c28023509a436b9f46b83f1915665/detection

googleingine.com
payload.googleingine.com
wlamazcsrv1.googleingine.com

# Reference: https://twitter.com/malwrhunterteam/status/1517221700303261696
# Reference: https://www.virustotal.com/gui/file/093ab7a85293aa4b2736e952bf4f82edc83a3267740045427138b5c04f62f374/detection

http://116.117.158.76
http://140.249.61.225
http://61.184.215.160
http://61.184.215.228

# Reference: https://twitter.com/drb_ra/status/1517184289384845312

45.136.245.84:8080

# Reference: https://twitter.com/drb_ra/status/1517184323337789441

82.157.149.243:4499

# Reference: https://twitter.com/drb_ra/status/1517184348595884039

82.157.149.243:4448

# Reference: https://twitter.com/drb_ra/status/1517184413284675584

91.243.44.9:4444

# Reference: https://twitter.com/drb_ra/status/1517184475016355841

172.247.5.198:880
windows-flash.com
ccc.windows-flash.com

# Reference: https://twitter.com/drb_ra/status/1517184503885799425

182.92.66.221:83

# Reference: https://twitter.com/drb_ra/status/1517184529089409026

16.162.134.205:8090
18.162.213.71:8090

# Reference: https://twitter.com/drb_ra/status/1517184556478124034

34.240.240.195:443

# Reference: https://twitter.com/drb_ra/status/1517184595485155328

http://101.43.139.124

# Reference: https://twitter.com/drb_ra/status/1517184652561326080
# Reference: https://twitter.com/drb_ra/status/1517227981474832385

20.122.179.120:443
20.122.179.120:8080
sixgentraining.eastus2.cloudapp.azure.com

# Reference: https://twitter.com/drb_ra/status/1517184728964730880

47.94.38.147:1235

# Reference: https://twitter.com/drb_ra/status/1517184755887923200

207.246.112.192:4243

# Reference: https://twitter.com/drb_ra/status/1517184863513759744

http://167.71.254.209

# Reference: https://twitter.com/drb_ra/status/1517184931256016897

http://165.232.94.171

# Reference: https://twitter.com/drb_ra/status/1517184973391994880

service-7dlgyp8p-1306943677.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1517185006665408513

120.132.81.146:8888

# Reference: https://twitter.com/drb_ra/status/1517185030673637379

ntpurple.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1517185073300361216

http://47.104.29.109

# Reference: https://twitter.com/drb_ra/status/1517185109597773826

service-65m9dzhk-1259025339.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1517185146348359680

http://45.133.1.48
unix.hldns.ru

# Reference: https://twitter.com/drb_ra/status/1517185222370021380

47.95.215.15:7000

# Reference: https://twitter.com/drb_ra/status/1517185253491752960

82.157.161.187:6789

# Reference: https://twitter.com/drb_ra/status/1517185279299358720

178.157.60.36:83

# Reference: https://twitter.com/drb_ra/status/1517185307933876226

http://165.22.65.40

# Reference: https://twitter.com/drb_ra/status/1517185351630180352

43.228.90.27:8088

# Reference: https://twitter.com/drb_ra/status/1517227907495641088

34.240.240.195:443

# Reference: https://twitter.com/drb_ra/status/1517228134504017921

142.93.38.206:443

# Reference: https://twitter.com/drb_ra/status/1517228285033394176

http://142.93.38.206

# Reference: https://www.virustotal.com/gui/file/471e679fd14922af0fe241eed5a11b6cfac400d347511f2d2b0fc868cdbf9258/detection

124.221.160.203:8876

# Reference: https://www.virustotal.com/gui/file/ff7dd48804137a18f4cb92fb90d258069292c4c129c44ef1bbc70cf2c73451c7/detection

124.221.160.203:8899

# Reference: https://www.virustotal.com/gui/file/f522cd7a6114aa2ee8e718900e5314c152403d76079a1a2deb0611c66d84fe14/detection

eduazure.gq
c2.eduazure.gq

# Reference: https://www.virustotal.com/gui/file/9f68de9538af7dc1ea49da6c0e5a03c3aa274d8a6685ef54eb630d9424ce60be/detection

20.239.75.72:20041

# Reference: https://twitter.com/drb_ra/status/1517269161768017921

49.232.213.51:88

# Reference: https://twitter.com/drb_ra/status/1517349301718077442

49.232.213.51:888

# Reference: https://twitter.com/drb_ra/status/1517269188900962307

42.193.53.74:443

# Reference: https://twitter.com/drb_ra/status/1517269194068353027

1.15.171.104:4340

# Reference: https://twitter.com/drb_ra/status/1517273273402277888

blaze.azureedge.net

# Reference: https://twitter.com/drb_ra/status/1517425648427581440

waf.flreeyes.com

# Reference: https://twitter.com/drb_ra/status/1517426021162795008

service-b2qdzdoq-1300549872.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1517440102645084161

http://114.132.218.62

# Reference: https://twitter.com/drb_ra/status/1517440208106659842

82.156.29.211:7777

# Reference: https://twitter.com/drb_ra/status/1517440247495380996

49.233.58.245:8880

# Reference: https://twitter.com/drb_ra/status/1517440270010363904

116.62.220.178:8009

# Reference: https://twitter.com/drb_ra/status/1517440307062878213

tencentcloudapp.tk
sts.tencentcloudapp.tk

# Reference: https://twitter.com/drb_ra/status/1517440352172617728

64.71.187.37:443

# Reference: https://twitter.com/drb_ra/status/1517440393499000832

81.68.196.206:443

# Reference: https://twitter.com/drb_ra/status/1517499664458821634

service-odolei17-1309297788.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1517499910899314690

http://159.27.233.96

# Reference: https://twitter.com/drb_ra/status/1517500237274832897

161.35.15.81:8759

# Reference: https://twitter.com/drb_ra/status/1517500405495828480

34.243.229.1:443

# Reference: https://twitter.com/drb_ra/status/1517500517240516609

goksearch.com

# Reference: https://twitter.com/drb_ra/status/1517500670932398083

http://146.70.44.155

# Reference: https://twitter.com/drb_ra/status/1517501774533431298

59.63.224.101:8080
peakyblinders.uk
cc.peakyblinders.uk

# Reference: https://twitter.com/drb_ra/status/1517542451464052736

42.193.116.23:4444

# Reference: https://twitter.com/drb_ra/status/1517542494459895810

194.87.68.252:443

# Reference: https://twitter.com/drb_ra/status/1517542594733092865

165.232.94.171:443

# Reference: https://twitter.com/drb_ra/status/1517542638106333191

http://18.163.74.31
http://52.229.185.211

# Reference: https://twitter.com/drb_ra/status/1517542639960301569

http://20.24.64.247

# Reference: https://twitter.com/drb_ra/status/1517542641700900865

http://154.31.23.35

# Reference: https://twitter.com/drb_ra/status/1517542706448412674

172.96.190.136:2087
teadict.tk

# Reference: https://twitter.com/drb_ra/status/1517542795472519169

165.227.38.207:443

# Reference: https://twitter.com/drb_ra/status/1517542834060079105

45.133.1.48:443

# Reference: https://twitter.com/drb_ra/status/1517542938380746753

167.71.254.209:443

# Reference: https://twitter.com/drb_ra/status/1517542969171234820

kipptraining.net
download.software.global.prod.fastly.net

# Reference: https://twitter.com/drb_ra/status/1517543017133088771

http://20.239.152.64

# Reference: https://twitter.com/drb_ra/status/1517543048271511555

173.82.232.19:2053
dmcdn.cf

# Reference: https://twitter.com/drb_ra/status/1517543076616675328

http://101.43.156.246

# Reference: https://twitter.com/drb_ra/status/1517543090113982470

http://165.232.82.181

# Reference: https://twitter.com/drb_ra/status/1517543127120334848

http://101.34.234.66

# Reference: https://twitter.com/drb_ra/status/1517543174729781248

165.22.20.155:5443

# Reference: https://twitter.com/drb_ra/status/1517591011559620611

104.6.92.229:443
/dynatrace_analytics/humana.php

# Reference: https://twitter.com/drb_ra/status/1517591361347805184

fireflyau.com

# Reference: https://twitter.com/drb_ra/status/1517591793898074112

acitopram.com

# Reference: https://twitter.com/malwrhunterteam/status/1517585075650580481
# Reference: https://www.virustotal.com/gui/file/7322c2ef0e43e3763aece122c0b3af20f5c06e907f737eaf0c761f2ac2d9dbe8/detection

5.253.234.40:7777
bsctech.ac.th

# Reference: https://www.virustotal.com/gui/file/53415d792b8bc6ec17562f41d5a3ea51876573227a5e849aeb52707341c76c2a/detection

121.4.186.116:59980

# Reference: https://www.virustotal.com/gui/file/815b37309f860922c9a4f3a5471c4a8d17f61779394cce3c3add2e710a3c846c/detection

139.196.240.205:39112

# Reference: https://www.virustotal.com/gui/file/a6973ca213305f41c75f44271e070172d464494158b07aaa9ede2d98810baa93/detection

139.196.240.205:39113

# Reference: https://www.virustotal.com/gui/file/893060c2b3ca048fafcdbce21234db7cf0c37e4b08049b2ba86387833ad5827c/detection

139.196.240.205:4444

# Reference: https://www.virustotal.com/gui/file/d4869b77e0f590e9e25a2abf4f729db35ba90fd23e0940ce469f1849ff531a4f/detection

120.55.63.96:8888
s1.ax1x.com

# Reference: https://www.virustotal.com/gui/file/f368e9ea51e9ec51a41b7b9b73b6cc33019f833c650a52f832a389f80ef3ed9f/detection
# Reference: https://www.virustotal.com/gui/file/73c22db5bf2b3bdd1a22a6f597f53198a5307964967b2910348158b5b70445de/detection

101.35.95.118:8000

# Reference: https://www.virustotal.com/gui/file/b44c5aa06b181b1d67c7040ffdc8d446dad06a498760772b199cca99678b63a7/detection

101.35.95.118:443

# Reference: https://www.virustotal.com/gui/file/b84a0feb0e12f5e77db1d1cd59e2574a9f0e3c3934d0c6926b976c0cea73bcc6/detection

139.224.36.4:62222

# Reference: https://www.virustotal.com/gui/file/ebc919596b4442acad4d918d345aceee2a0afbefbcc9419f1f22c303ede1336b/detection
# Reference: https://www.virustotal.com/gui/file/cf7c64b476fd2383c55bb0a562aaa8b1a0d0bf6cfb725698177a76cc3de2d2d7/detection
# Reference: https://www.virustotal.com/gui/file/ba767b5fde1e69880394e94b3ede0b344f56446175cc5524d4655bf44269f49a/detection

116.62.162.109:1324

# Reference: https://www.virustotal.com/gui/file/f2e1d61a3e32b05f2efbdc31f1f27fde659f63f0a863f85f34803656afdfb7c3/detection

39.100.26.144:25389

# Reference: https://www.virustotal.com/gui/file/e0fed7382a047b374b9eabc7f6bc1fb580f0e534eb67d906ed0e8092af70ceea/detection

brins.top
dzimc.brins.top

# Reference: https://twitter.com/malwrhunterteam/status/1517865007647703042
# Reference: https://www.virustotal.com/gui/file/6739783d21ef84350fa631d0f9b19d4d21d5990a95a0a952fb2dd8f1194bb4dc/detection

121.36.52.35:1344

# Reference: https://twitter.com/drb_ra/status/1517635633568698370

174.114.207.70:7331
negotiate.ddns.net

# Reference: https://twitter.com/drb_ra/status/1517640174427152387

39.96.0.85:8887
icei2020.pw

# Reference: https://twitter.com/drb_ra/status/1517640252759977986

mysmartstartupusa.com
cv.mysmartstartupusa.com
xc.mysmartstartupusa.com
zx.mysmartstartupusa.com

# Reference: https://twitter.com/drb_ra/status/1517640327498276866

http://115.29.171.175

# Reference: https://twitter.com/drb_ra/status/1517640437129003008

175.24.201.118:8080

# Reference: https://twitter.com/drb_ra/status/1517640492749570049

47.94.153.149:27653

# Reference: https://twitter.com/drb_ra/status/1517712981785722884

antliveplay.alicdn.com

# Reference: https://twitter.com/drb_ra/status/1517794235600314368

124.71.144.177:443

# Reference: https://twitter.com/drb_ra/status/1517794297134862337

81.70.154.135:4444

# Reference: https://twitter.com/drb_ra/status/1517794345503571969

194.40.243.147:8080

# Reference: https://twitter.com/drb_ra/status/1517794404018315264

175.178.16.229:443

# Reference: https://twitter.com/drb_ra/status/1517794462088503297

service-0css1eq3-1255679021.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1517794529071484928

1.14.74.61:12345

# Reference: https://twitter.com/drb_ra/status/1517862667997884417

http://43.138.150.21

# Reference: https://twitter.com/drb_ra/status/1517863481659342848

http://101.34.56.173

# Reference: https://twitter.com/drb_ra/status/1517906045817040901

138.124.180.157:443
lsytemr.icu

# Reference: https://twitter.com/drb_ra/status/1517906077639131136

179.43.156.130:443

# Referecne: https://twitter.com/drb_ra/status/1517906113886310405

http://203.55.176.80

# Reference: https://twitter.com/drb_ra/status/1517906150225809411

179.60.146.40:443

# Reference: https://twitter.com/drb_ra/status/1517906213522055168

165.232.82.181:8080

# Reference: https://twitter.com/drb_ra/status/1517906247550488576

20.110.209.33:88

# Reference: https://twitter.com/drb_ra/status/1517906276965130243

45.153.243.42:443

# Reference: https://twitter.com/drb_ra/status/1517906315514982402
# Reference: https://twitter.com/drb_ra/status/1517954380812668928
# Reference: https://twitter.com/drb_ra/status/1518310807473471491
# Reference: https://www.virustotal.com/gui/file/420a4c6ee34229ac68fc3447ba9deacb0e2602fda71e14a4ef5f6817b1917420/detection

188.114.97.0:2087
47.243.171.124:2053
47.243.171.124:2083
47.243.171.124:2087
ssecom.cn

# Reference: https://twitter.com/drb_ra/status/1517906366756700162

8.142.34.126:4455

# Reference: https://twitter.com/drb_ra/status/1517906392648237057

http://194.68.26.114

# Reference: https://twitter.com/drb_ra/status/1517906429709266944

18.117.180.113:443

# Reference: https://twitter.com/drb_ra/status/1517906459824168962

18.117.180.113:443

# Reference: https://twitter.com/drb_ra/status/1517906459824168962

http://194.5.212.80
ziisearch.com
root.ziisearch.com

# Reference: https://twitter.com/drb_ra/status/1517906489171660800

207.148.125.192:443

# Reference: https://twitter.com/drb_ra/status/1517906513431511040

20.24.220.18:443

# Reference: https://twitter.com/drb_ra/status/1517906536894545922

http://212.193.30.42

# Reference: https://twitter.com/drb_ra/status/1517906560760098816

developersgoogle.workers.dev

# Reference: https://twitter.com/drb_ra/status/1517906585271549953

207.148.108.247:8080

# Reference: https://twitter.com/drb_ra/status/1517906611293011968

http://45.129.8.25

# Reference: https://twitter.com/drb_ra/status/1517906643014635520

45.136.70.91:10000

# Reference: https://twitter.com/drb_ra/status/1517906668767617026

http://18.221.180.76

# Reference: https://twitter.com/drb_ra/status/1517906701587992578

43.128.166.29:805

# Reference: https://twitter.com/drb_ra/status/1517906730830733314

2.58.149.183:50543

# Reference: https://twitter.com/drb_ra/status/1517906749877108736

34.243.229.1:443

# Reference: https://twitter.com/drb_ra/status/1517906821620580352

193.29.13.216:443
svfin.icu

# Reference: https://www.virustotal.com/gui/file/aebc9adb0877e172b3f0a7d1bc7b2fd1b06290627c8c667f73c18ea85c160fb1/detection
# Reference: https://www.virustotal.com/gui/file/56d3ac7f98e896183879587c124af5096a69769e3837357d3c120e00a44440a4/detection
# Reference: https://www.virustotal.com/gui/file/90a64d629105bf03d6c5e7476d46fb5d650a29b41402be9c9fc0090d2cc45829/detection

180.76.166.103:5555

# Reference: https://www.virustotal.com/gui/file/b5e5d8b290014f60af1c775bafb96cc16a955bf54c58dbf7c059b75caf00267f/detection
# Reference: https://www.virustotal.com/gui/file/b28e1d4cac0f7d20453aa85a9a184038676463f25c2b3c976e21d8d9a1db791c/detection
# Reference: https://www.virustotal.com/gui/file/6360207b4f8d9449540dbe4dcdafd66ef282f2792a8eaabf430845efc42ad6fc/detection
# Reference: https://www.virustotal.com/gui/file/6125ef8eaa281d210b47923e4714f44191de258a77cba9e9691c5d56de4c946c/detection

47.101.144.83:2223

# Reference: https://twitter.com/kyleehmke/status/1517521251341897729

dk-msft.net
qs-msft.com

# Reference: https://twitter.com/drb_ra/status/1517953821862940673

193.29.13.216:4444

# Reference: https://twitter.com/drb_ra/status/1517998375236517889

123.253.26.98:5558

# Reference: https://twitter.com/drb_ra/status/1517998406760902657
# Reference: https://twitter.com/drb_ra/status/1517998433046564869

http://143.198.70.105
143.198.70.105:443

# Reference: https://twitter.com/drb_ra/status/1517998450499067910

service-9jyv78rp-1257078281.bj.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1517998501757698050

42.193.55.65:8080

# Reference: https://twitter.com/drb_ra/status/1517998563124563971

vcat.ml
cs.vcat.ml

# Reference: https://twitter.com/drb_ra/status/1517998597492596736

158.101.83.142:12305

# Reference: https://twitter.com/drb_ra/status/1517998631915249666

144.168.62.143:8000

# Reference: https://twitter.com/drb_ra/status/1517998656594587648

63.211.111.143:1234

# Reference: https://twitter.com/drb_ra/status/1517998679839412229

154.92.15.124:4444

# Reference: https://twitter.com/drb_ra/status/1517998723112095745

http://154.23.185.139

# Reference: https://twitter.com/drb_ra/status/1517998755072688128

154.22.124.11:8566
82.157.75.29:8566

# Reference: https://twitter.com/drb_ra/status/1517998780418777088

124.220.172.237:8888

# Reference: https://twitter.com/drb_ra/status/1517998818637361154

20.239.75.72:8443

# Reference: https://twitter.com/drb_ra/status/1517998846969851905

42.193.105.60:4444

# Reference: https://twitter.com/drb_ra/status/1517998873481994241

http://18.221.180.76

# Reference: https://twitter.com/drb_ra/status/1517998904356261895

rbflod.com

# Reference: https://twitter.com/drb_ra/status/1517998944697077760

156.248.76.38:8022

# Reference: https://twitter.com/drb_ra/status/1518073418666622977

158.101.83.142:12306

# Reference: https://twitter.com/drb_ra/status/1518074802745004033

82.156.82.26:6666

# Reference: https://twitter.com/drb_ra/status/1518163796115787777

23.225.191.10:6668

# Reference: https://twitter.com/drb_ra/status/1518164729298141184

8.210.131.173:4443

# Reference: https://twitter.com/drb_ra/status/1518164825796399105

http://82.157.148.92

# Reference: https://twitter.com/drb_ra/status/1518164915592302592

http://47.94.18.202

# Reference: https://twitter.com/drb_ra/status/1518165082714390530

179.60.150.86:443
/aaaaaaaaa

# Reference: https://twitter.com/drb_ra/status/1518165186934456321

185.112.83.0:443

# Reference: https://twitter.com/drb_ra/status/1518165408385310721

18.162.54.66:55553

# Reference: https://twitter.com/drb_ra/status/1518165607182708736

107.173.15.254:666

# Reference: https://twitter.com/drb_ra/status/1518166249808830465

45.144.179.204:4443

# Reference: https://twitter.com/drb_ra/status/1518166326069673984

39.107.93.206:4443

# Reference: https://twitter.com/drb_ra/status/1518166770665799682

139.9.142.162:8443
iplinkedlists.tk
lzcs.iplinkedlists.tk

# Reference: https://twitter.com/drb_ra/status/1518167232488030208

http://144.34.181.126

# Reference: https://twitter.com/drb_ra/status/1518167454307991555

121.36.249.146:443

# Reference: https://twitter.com/drb_ra/status/1518169827436814336

http://81.71.161.163

# Reference: https://twitter.com/drb_ra/status/1518169959557435392

216.127.185.26:8082

# Reference: https://twitter.com/drb_ra/status/1518170061122543616

180.76.166.65:8443
cmbc.me
cs.cmbc.me

# Reference: https://twitter.com/drb_ra/status/1518170132090130432

139.180.135.7:2096
upapache.ml
smtp.upapache.ml

# Reference: https://twitter.com/drb_ra/status/1518170267335512065

http://81.70.63.143

# Reference: https://twitter.com/drb_ra/status/1518170400118693889

construtorapatriota.com
combo.construtorapatriota.com

# Reference: https://twitter.com/drb_ra/status/1518170465256288256

cs4.windows-flash.com
gx.windows-flash.com

# Reference: https://twitter.com/drb_ra/status/1518170515336278022

141.164.37.48:8888

# Reference: https://twitter.com/drb_ra/status/1518170594101149696

124.222.125.194:8443

# Reference: https://twitter.com/drb_ra/status/1518224908341456896

194.135.16.61:443

# Reference: https://www.virustotal.com/gui/file/9382b59bc9cf140d7679be7f0434b81c9bbe2068aae08207430e7b79a0f430e7/detection
# Reference: https://www.virustotal.com/gui/file/76e8d999d75da1dee01f864020fc04ee7c9e920f5fcf595d242d4781dbddbd73/detection

194.135.16.61:8443

# Reference: https://twitter.com/0xrb/status/1509854883910139908

194.233.67.89:8081
194.233.67.89:8082
194.233.67.89:8888
194.233.67.89:9992

# Reference: https://twitter.com/drb_ra/status/1518308853552664578

47.112.168.177:443

# Reference: https://twitter.com/drb_ra/status/1518308988605145088

101.200.150.140:443

# Reference: https://twitter.com/drb_ra/status/1518309094754562050

192.210.200.76:8882

# Reference: https://twitter.com/drb_ra/status/1518309236073283584

103.214.146.5:448

# Reference: https://twitter.com/drb_ra/status/1518309301579886593

365365.ga

# Reference: https://twitter.com/drb_ra/status/1518309343480975369

http://185.183.94.24

# Reference: https://twitter.com/drb_ra/status/1518309384597692416

http://185.52.2.174

# Reference: https://twitter.com/drb_ra/status/1518309519616577536

118.184.186.171:8081

# Reference: https://twitter.com/drb_ra/status/1518309539745079296

http://149.28.239.210

# Reference: https://twitter.com/drb_ra/status/1518309757571973124

14.1.98.226:11236

# Reference: https://twitter.com/drb_ra/status/1518309871074095107

8.12.17.134:443

# Reference: https://twitter.com/drb_ra/status/1518310008265584642

116.204.211.23:8081

# Reference: https://twitter.com/drb_ra/status/1518310042642141184

179.60.146.39:443
drakr.icu

# Reference: https://twitter.com/drb_ra/status/1518310079585521666

137.175.30.28:8443

# Reference: https://twitter.com/drb_ra/status/1518310191992913921

82.157.75.29:8566

# Reference: https://twitter.com/drb_ra/status/1518310243570270208
# Reference: https://twitter.com/drb_ra/status/1518361060146827265

113.30.189.189:8080
dulao7.cc
ali.dulao7.cc
baidu.com.dulao7.cc
googlecom.dulao7.cc
google.com.dulao7.cc

# Reference: https://twitter.com/drb_ra/status/1518310350260772866

http://149.28.81.144

# Reference: https://twitter.com/drb_ra/status/1518310386218455043

svchosts.loseyourip.com

# Reference: https://twitter.com/drb_ra/status/1518310450739527681

104.129.5.65:447

# Reference: https://twitter.com/drb_ra/status/1518310490799230978

194.40.243.149:8080

# Reference: https://twitter.com/drb_ra/status/1518310642037440512

8.143.2.128:8081

# Reference: https://twitter.com/drb_ra/status/1518310703244976128

103.20.235.132:50001

# Reference: https://twitter.com/drb_ra/status/1518310967444180996

http://95.182.122.223

# Reference: https://www.virustotal.com/gui/file/6031eab670deda69ad461e97eecbc93217eb20b542750978f193f6172b8cc252/detection

http://213.135.78.244

# Reference: https://www.virustotal.com/gui/file/d647032b3f7bcc83d46d1a716981b0523dd716a3cd2e5c77632e6b0d6e2b8030/detection
# Reference: https://www.virustotal.com/gui/file/c7a2999a6546c912dc1ce561edba1add81f466c0cd1411afc7b30f5854e141b2/detection

43.138.10.93:43792

# Reference: https://twitter.com/drb_ra/status/1518403571011756035

43.138.10.93:443

# Reference: https://twitter.com/drb_ra/status/1518403590771118080

175.178.78.27:9090

# Reference: https://twitter.com/drb_ra/status/1518403878932340736

service-b4iz0hz9-1311161169.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1518404474506784771

dingjava.vaiwan.com

# Reference: https://twitter.com/drb_ra/status/1518404553741410304

service-09us4qpt-1304746193.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1518404947993407491

59.110.223.20:8843

# Reference: https://twitter.com/drb_ra/status/1518405130042892289

http://43.138.208.39

# Reference: https://twitter.com/drb_ra/status/1518405390924406785

47.105.123.109:8899

# Reference: https://twitter.com/drb_ra/status/1518438590623191041

8.142.69.99:5555

# Reference: https://twitter.com/malwrhunterteam/status/1518644134734704640
# Reference: https://www.virustotal.com/gui/file/fe356a9f365287abcab0671fbb57c36cc1f98f5a04de77342d42608c8203d65d/detection

http://45.227.253.109
45.227.253.109:3353

# Reference: https://www.virustotal.com/gui/file/4afdd51878ea40587a570b774e334d6ca5b39b649d340876be783a2a65049166/detection

45.227.253.109:3363

# Reference: https://www.virustotal.com/gui/file/2712cea1068a4f80973b5c35c924fc62d0dfd406909e488c92fb70ef3c25de05/detection

45.227.253.109:3216

# Reference: https://www.virustotal.com/gui/file/1e2c047a373365a32987e774f069ca010b4eb1b03272d8788d80943a6ba744cc/detection

45.227.253.109:3225

# Reference: https://www.virustotal.com/gui/file/0ecaf81bf82bf4ef29e3d347e08ed1282e0175f89d3b5473605b95c857bbfdeb/detection

45.227.253.109:3238

# Reference: https://twitter.com/malwrhunterteam/status/1517983511285751809
# Reference: https://www.virustotal.com/gui/file/18792f812dccc074825e22feb60989c410f3c45f4959b716b5515f42532cb863/detection

114.84.142.39:7001
whhappy2014.asuscomm.com

# Reference: https://twitter.com/drb_ra/status/1518512623117078528

sysupdate.xyz

# Reference: https://twitter.com/drb_ra/status/1518567965196705794

1.13.171.178:12345

# Reference: https://twitter.com/drb_ra/status/1518568250711453697

120.26.240.21:443

# Reference: https://twitter.com/drb_ra/status/1518568471793221632

162.14.69.43:8989

# Reference: https://twitter.com/drb_ra/status/1518568650894192641

http://13.70.0.62
http://18.163.74.31

# Reference: https://twitter.com/drb_ra/status/1518569170132258816

101.43.194.220:8888

# Reference: https://twitter.com/drb_ra/status/1518569985056067588

116.62.199.16:443

# Reference: https://twitter.com/drb_ra/status/1518589164828172289

43.138.208.39:443

# Reference: https://twitter.com/drb_ra/status/1518590309894086656

http://104.168.19.77

# Reference: https://twitter.com/drb_ra/status/1518668022277361664

132.232.169.101:8080
lovedyy.com

# Reference: https://twitter.com/drb_ra/status/1518668093169537025

http://20.205.106.208

# Reference: https://twitter.com/drb_ra/status/1518668293854355457

45.136.245.84:4432

# Reference: https://twitter.com/drb_ra/status/1518668357838548994

104.168.237.93:443

# Reference: https://twitter.com/drb_ra/status/1518668502525263872

http://129.226.201.214

# Reference: https://twitter.com/drb_ra/status/1518668557915205633

154.64.8.198:13145
lx33575.msns.cn

# Reference: https://twitter.com/drb_ra/status/1518668705122635776

http://27.124.26.67

# Reference: https://twitter.com/drb_ra/status/1518668934572122114

service-e1j2qvvm-1251399017.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1518669048795607044

50.3.132.235:1443

# Reference: https://twitter.com/drb_ra/status/1518669101144678401

d2kw0x2xzci75t.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1518669140931883009

154.12.244.229:801

# Reference: https://twitter.com/drb_ra/status/1518669201493217280

http://193.29.13.216

# Reference: https://twitter.com/drb_ra/status/1518669276978241540

156.242.248.230:2080

# Reference: https://twitter.com/drb_ra/status/1518669354447032326

207.148.76.15:4002

# Reference: https://twitter.com/drb_ra/status/1518669493240750082

8.141.153.32:8099

# Reference: https://twitter.com/drb_ra/status/1518669676728958978

101.43.232.87:8080

# Reference: https://twitter.com/drb_ra/status/1518669819565989889

114.132.246.102:443

# Reference: https://twitter.com/drb_ra/status/1518669861974691842

23.91.97.37:9292

# Reference: https://twitter.com/drb_ra/status/1518670027175743494

20.110.209.33:86

# Reference: https://twitter.com/drb_ra/status/1518670064937062402

8.142.34.126:8443

# Reference: https://twitter.com/drb_ra/status/1518670124479397889

http://46.3.242.17

# Reference: https://twitter.com/drb_ra/status/1518670197485457409

178.236.46.126:8099

# Reference: https://twitter.com/drb_ra/status/1518670261251452929

180.76.166.103:1234

# Reference: https://twitter.com/drb_ra/status/1518670321213128705

101.43.232.87:4444

# Reference: https://twitter.com/drb_ra/status/1518677608350851072

42.192.54.106:2083

# Reference: https://twitter.com/drb_ra/status/1518678168546197506

59.110.223.20:8008

# Reference: https://twitter.com/ian_kenefick/status/1519021155839057921

antivirusecurity.com
flrefoxupdater.com
itsupportsecuruty.com

# Reference: https://twitter.com/malwrhunterteam/status/1519020239182258179
# Reference: https://www.virustotal.com/gui/file/d76cf5d1e7f6cc2096ba51e384a28082d09a270b3f82ab95e207b6c2ada67199/detection
# Reference: https://www.virustotal.com/gui/file/0a7be7fabaaa289d202237819469ca7e30f3c469e72aaf37b92ff7099609222c/detection

101.42.253.4:8082

# Reference: https://twitter.com/malwrhunterteam/status/1519023098200309761
# Reference: https://www.virustotal.com/gui/file/f4af9708e14ff8994151fffc1f77d4a3756f1c4cfdb0741fb946a3fa9fa32537/detection

123.56.130.99:30045

# Reference: https://twitter.com/drb_ra/status/1518723096034922496

amsteo.com

# Reference: https://twitter.com/drb_ra/status/1518767017125457923

120.132.81.157:8802

# Reference: https://twitter.com/drb_ra/status/1518767287200890881

167.71.170.144:4433

# Reference: https://twitter.com/drb_ra/status/1518767401361461248

1.14.108.192:31443
42.193.21.115:31443

# Reference: https://twitter.com/drb_ra/status/1518768157372162054

120.53.242.38:443

# Reference: https://twitter.com/drb_ra/status/1518768231334531072

82.157.64.227:8080

# Reference: https://twitter.com/drb_ra/status/1518768493486821378

http://47.100.207.39

# Reference: https://twitter.com/drb_ra/status/1518768616488976384

http://175.24.235.92

# Reference: https://www.virustotal.com/gui/file/b4fe9938afa1a598c7c24a8086f5efed97da57c166738191d8075cff0eca1edc/detection

175.24.235.92:9911

# Reference: https://www.virustotal.com/gui/file/ae41264633e58190a245fc734304862460d87c224c95704cc757c45eb11c8e05/detection

175.24.235.92:4567

# Reference: https://www.virustotal.com/gui/file/55043b1915d15e96776db687f98a6f6a4d1728a66898413ef25aa4b3c996c6ce/detection

175.24.235.92:11112

# Reference: https://www.virustotal.com/gui/file/3fe9c8c3db7ac0b4d0dd59ca4ae2777101f1ba829e90d0c274e2ed4d28a5ae21/detection

175.24.235.92:6699

# Reference: https://www.virustotal.com/gui/file/08a08b3a45b4add8d68abf67242bcb987189f879c349399491949e9d157b404c/detection

175.24.235.92:18567

# Reference: https://twitter.com/drb_ra/status/1518768671497330688

101.43.8.193:12345

# Reference: https://twitter.com/drb_ra/status/1518768727956856833

101.37.173.172:7777

# Reference: https://twitter.com/drb_ra/status/1518800189150175232

service-2ctd0kna-1257232926.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1518879113834074113

132.232.169.101:5698

# Reference: https://twitter.com/drb_ra/status/1518882314432000001

120.53.232.55:443

# Reference: https://twitter.com/drb_ra/status/1518882504354246656

124.223.81.59:8080
gougou.ml
cdn.gougou.ml

# Reference: https://twitter.com/drb_ra/status/1518927122483535872

106.53.114.57:20000

# Reference: https://twitter.com/drb_ra/status/1518928100146524163

123.57.15.185:4444

# Reference: https://twitter.com/drb_ra/status/1518928155997880320

http://106.55.24.61

# Reference: https://twitter.com/drb_ra/status/1518951657652039681

49.232.213.51:443

# Reference: https://twitter.com/drb_ra/status/1518952112733962243

179.43.142.36:8443

# Reference: https://twitter.com/drb_ra/status/1518977660176814081

23.225.191.60:443

# Reference: https://twitter.com/drb_ra/status/1518977732671062017

5.39.221.52:5938

# Reference: https://twitter.com/drb_ra/status/1518977779366342663

http://23.225.191.60

# Reference: https://www.virustotal.com/gui/file/eb0efc090f9d7f03da61e31df4bdf3db1e85083a58fa98cf4dcad5084c34303d/detection
# Reference: https://www.virustotal.com/gui/file/563716d003479720032995952151774631fcdb55546a4022b769e2ccd6ead38a/detection

124.220.180.5:8899

# Reference: https://twitter.com/drb_ra/status/1519040313821704195

147.78.47.229:443

# Reference: https://twitter.com/drb_ra/status/1519040581279834114

1.14.74.61:8099

# Reference: https://twitter.com/drb_ra/status/1519041153412259842

49.234.56.200:7788

# Reference: https://twitter.com/drb_ra/status/1519041856214032384

40.114.109.128:443

# Reference: https://twitter.com/drb_ra/status/1519042231876870146

http://141.98.80.175

# Reference: https://twitter.com/malwrhunterteam/status/1519060797703475202
# Reference: https://www.virustotal.com/gui/file/e485afadf3b339b799618f5369368bcb54264f7fd604894c30a45a6653fbba69/detection

8.134.105.5:88

# Reference: https://twitter.com/drb_ra/status/1519126066337624064

45.207.52.7:4444

# Reference: https://twitter.com/drb_ra/status/1519126336207527937

194.14.208.40:33443

# Reference: https://twitter.com/drb_ra/status/1519126512573816833

49.233.42.178:8090

# Reference: https://twitter.com/drb_ra/status/1519126588582936581

159.65.136.204:4444

# Reference: https://twitter.com/drb_ra/status/1519126756694929413

182.92.99.52:8886

# Reference: https://twitter.com/drb_ra/status/1519126883354525696

4pdaxer.com

# Reference: https://twitter.com/drb_ra/status/1519126982830825472

d3f56r6myup19q.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1519126986135855105

inthbly.com

# Reference: https://twitter.com/drb_ra/status/1519127126062030852
# Reference: https://twitter.com/drb_ra/status/1519126647638745088

http://46.166.162.50
46.166.162.50:443

# Reference: https://twitter.com/drb_ra/status/1519127173214392326

47.250.44.81:59567

# Reference: https://twitter.com/drb_ra/status/1519127359814877184

service-9cjwm433-1305598996.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1519127417306107905

96.45.166.101:4433

# Reference: https://twitter.com/drb_ra/status/1519127463024074757

service-l2v618yu-1305417806.gz.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1519127602707017728

thehealthcarecloud.co.uk
api.thehealthcarecloud.co.uk
api2.thehealthcarecloud.co.uk
dev.thehealthcarecloud.co.uk
jenkins.thehealthcarecloud.co.uk
prod.thehealthcarecloud.co.uk

# Reference: https://twitter.com/drb_ra/status/1519127714283802625

104.167.247.151:443

# Reference: https://twitter.com/drb_ra/status/1519127830436663296

http://81.70.96.230

# Reference: https://twitter.com/drb_ra/status/1519128092576518144

dl510.microsoft-essentials.com

# Reference: https://twitter.com/drb_ra/status/1519128172696154113

svrz.org
api.svrz.org

# Reference: https://twitter.com/drb_ra/status/1519128256976502788

34.64.39.187:8081

# Reference: https://twitter.com/drb_ra/status/1519162662072037377

159.75.249.102:2053

# Reference: https://twitter.com/drb_ra/status/1519163241808728069

agsdef.com

# Reference: https://twitter.com/kyleehmke/status/1519266937355878400

winfrupdate.com

# Reference: https://www.virustotal.com/gui/file/7e2abf116c1c8566e8de4622d0f5ec0a9a59acb455fbbbe655aa3e7ad321cdfd/detection
# Reference: https://www.virustotal.com/gui/file/71670891352e256395b3a3c13f4f0fc4a9ec431b8012db095ee475fdcbf4e5da/detection
# Reference: https://www.virustotal.com/gui/file/1579d74bfa10fafae6ddfa006143f25e3f8a711cab521f91983d6b91996acedf/detection

112.213.116.80:8002

# Reference: https://twitter.com/KorbenD_Intel/status/1519803946344366082

printerusage.com

# Reference: https://cert.gov.ua/article/39934 (Ukrainian)
# Reference: https://www.virustotal.com/gui/file/865fadf4aadd58cac4909de95fb5f4c1a9b194b9e1f84973b4266c9a464d196b/detection

195.211.99.29:28334

# Reference: https://www.virustotal.com/gui/file/ac8e899ce94396adf1f2b326105835f82fad2cb2f0be739b689bb9fe3c0faad1/detection
# Reference: https://www.virustotal.com/gui/file/6d51392848e813e98f7784bb7b8924aadd01bae8830c305f3236d69fea1a40d7/detection

124.223.16.250:7878

# Reference: https://www.virustotal.com/gui/file/cb7154d46c05fe364ac8e2d199e9667fcc2020dadbc20b4d4a353b9114b84dfa/detection

45.126.181.162:39201

# Reference: https://www.virustotal.com/gui/file/adc24cb1bf66fa6ed9a8048773f89eac2c787806962bc1ed19b3a7ae20e620be/detection

124.222.144.23:65533

# Reference: https://twitter.com/drb_ra/status/1519237259438010368

132.232.169.101:8888

# Reference: https://twitter.com/drb_ra/status/1519291620490981379

139.180.205.101:4444

# Reference: https://twitter.com/drb_ra/status/1519291708189691906

192.74.254.43:8443

# Reference: https://twitter.com/drb_ra/status/1519291748190769153

1.116.51.124:443

# Reference: https://twitter.com/drb_ra/status/1519291880139366400
# Reference: https://twitter.com/drb_ra/status/1519397060696547329
# Reference: https://www.virustotal.com/gui/ip-address/31.220.44.244/relations

31.220.44.244:4443
31.220.44.244:7443
hns2.xyz
komapu.co
totpop.xyz
vexna.xyz
wersh.co

# Reference: https://www.virustotal.com/gui/file/c967e91c2a94b327bbbe6c0e6951e0ad8c447b3cf95409c101e55c43e85a00ca/detection

108.170.60.184:39977

# Reference: https://twitter.com/drb_ra/status/1519292029007769600

114.220.176.200:800

# Reference: https://twitter.com/drb_ra/status/1519292069751185408

http://62.182.156.90

# Reference: https://twitter.com/drb_ra/status/1519292438816477184

service-i11ukhnl-1306053202.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1519292483708071938

39.106.187.129:1443

# Reference: https://twitter.com/drb_ra/status/1519292583092105216

8.136.80.103:8099

# Reference: https://twitter.com/drb_ra/status/1519292612888387589

81.71.7.8:443

# Reference: https://twitter.com/drb_ra/status/1519292993311846400

http://101.43.232.87

# Reference: https://twitter.com/drb_ra/status/1519293219351273477

1.15.22.131:443

# Reference: https://twitter.com/drb_ra/status/1519311659839500288

3.235.170.210:443
vancouvergentlehealthcare.com
api.vancouvergentlehealthcare.com

# Reference: https://twitter.com/drb_ra/status/1519312076723867648

119.3.130.178:2222

# Reference: https://twitter.com/drb_ra/status/1519313818983276544

organiclivingshop.com

# Reference: https://twitter.com/drb_ra/status/1519397019147722757

23.224.42.15:3562

# Reference: https://twitter.com/drb_ra/status/1519397095706447873

194.163.43.223:9443

# Reference: https://twitter.com/drb_ra/status/1519397124881928198

185.244.150.142:443

# Reference: https://twitter.com/drb_ra/status/1519397181907771399

208.72.153.153:2053
diyibazhu.xyz

# Reference: https://twitter.com/drb_ra/status/1519397232679792642

http://85.202.169.250

# Reference: https://twitter.com/drb_ra/status/1519397329555673097

http://43.138.83.48

# Reference: https://twitter.com/drb_ra/status/1519397397083963392

194.195.86.34:5556

# Reference: https://twitter.com/drb_ra/status/1519397436539691008

teofg.com
update.teofg.com

# Reference: https://twitter.com/drb_ra/status/1519397498581831685

http://37.1.210.194

# Reference: https://twitter.com/drb_ra/status/1519397663976062976

40.121.241.79:9999

# Reference: https://twitter.com/drb_ra/status/1519397777696083968

185.106.123.74:443

# Reference: https://twitter.com/drb_ra/status/1519397873552699395

110.42.128.177:8080

# Reference: https://twitter.com/drb_ra/status/1519397901235064835

34.84.69.49:443

# Reference: https://twitter.com/drb_ra/status/1519397939805892613

194.36.188.166:8080

# Reference: https://twitter.com/drb_ra/status/1519397970852126721

http://66.29.155.33

# Reference: https://twitter.com/drb_ra/status/1519398068583636992

159.223.208.215:8448

# Reference: https://twitter.com/drb_ra/status/1519398165035769862

34.64.39.187:8888

# Reference: https://twitter.com/drb_ra/status/1519398248917749761

http://194.5.212.152
innixtech.com
fin.innixtech.com

# Reference: https://twitter.com/drb_ra/status/1519398343306358790

154.31.175.73:8080

# Reference: https://twitter.com/drb_ra/status/1519398678049533956

http://101.34.111.197

# Reference: https://twitter.com/drb_ra/status/1519398724560207872

3.237.99.150:9443

# Reference: https://twitter.com/drb_ra/status/1519398915010875392

http://5.199.162.194

# Reference: https://twitter.com/drb_ra/status/1519398960703717376

20.110.209.33:85

# Reference: https://twitter.com/drb_ra/status/1519398999714938881

34.228.195.233:443

# Reference: https://twitter.com/drb_ra/status/1519402376779780103

http://172.104.28.21

# Reference: https://twitter.com/drb_ra/status/1519404135585652736

http://179.60.150.26

# Reference: https://twitter.com/drb_ra/status/1519447786013483009

1.14.76.111:10043

# Reference: https://twitter.com/drb_ra/status/1519488800166191105

124.223.206.101:443

# Reference: https://twitter.com/drb_ra/status/1519488889953701889

154.39.150.156:8888

# Reference: https://twitter.com/drb_ra/status/1519489272050499585

154.39.150.156:8888

# Reference: https://twitter.com/drb_ra/status/1519489272050499585

111.230.113.89:8080

# Reference: https://twitter.com/drb_ra/status/1519489490145980416

http://124.221.144.169

# Reference: https://twitter.com/drb_ra/status/1519491815069659136

150.158.138.113:443

# Reference: https://twitter.com/drb_ra/status/1519491885068345345

43.129.96.183:50001

# Reference: https://twitter.com/drb_ra/status/1519491915732951040
# Reference: https://twitter.com/drb_ra/status/1519491917846880256
# Reference: https://twitter.com/drb_ra/status/1519491919910424580
# Reference: https://twitter.com/drb_ra/status/1519601123723812864

http://116.196.89.104
http://15.206.243.57
http://3.104.98.6
http://3.97.250.146
116.196.89.104:443
threatbook.live

# Reference: https://twitter.com/drb_ra/status/1519523208667570177

81.70.92.177:8099

# Reference: https://twitter.com/drb_ra/status/1519654615700185091

45.144.178.81:8880
message-cncc.com

# Reference: https://twitter.com/drb_ra/status/1519654822940655616

43.135.92.46:443

# Reference: https://twitter.com/drb_ra/status/1519654866683060224

http://116.62.185.223

# Reference: https://twitter.com/drb_ra/status/1519654909305573377

hunter.qianxin.com
hunter.qianxin.com.dsa.dnsv1.com.cn

# Reference: https://twitter.com/drb_ra/status/1519675869605814273

110.42.128.177:4434

# Reference: https://twitter.com/drb_ra/status/1519760191557881857

47.97.255.72:5555

# Reference: https://twitter.com/drb_ra/status/1519760328107700224

46.30.188.199:443

# Reference: https://twitter.com/drb_ra/status/1519760396445487105

47.97.38.197:5555

# Reference: https://twitter.com/drb_ra/status/1519760446395453440

34.84.69.49:6789

# Reference: https://twitter.com/drb_ra/status/1519760494844088320

http://150.158.183.13

# Reference: https://twitter.com/drb_ra/status/1519760585222766595

45.77.3.94:443

# Reference: https://twitter.com/drb_ra/status/1519760645419319303

113.31.102.172:8008

# Referecne: https://twitter.com/drb_ra/status/1519760841511518208

service-hdgec0p9-1257884775.sh.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1519760957672722435

http://175.178.243.91

# Reference: https://twitter.com/drb_ra/status/1519761076853919744

165.22.252.28:22223

# Reference: https://twitter.com/drb_ra/status/1519761168285511680

http://135.181.123.18

# Reference: https://twitter.com/drb_ra/status/1519761251269844992

188.166.185.54:82

# Reference: https://twitter.com/drb_ra/status/1519761317296586754

104.225.155.181:8081

# Reference: https://twitter.com/drb_ra/status/1519761693097840642

103.70.227.44:8018

# Reference: https://twitter.com/drb_ra/status/1519761721040248835

43.129.222.202:443

# Reference: https://twitter.com/drb_ra/status/1519761802166513671

http://124.222.22.248

# Reference: https://twitter.com/drb_ra/status/1519761843945934848

192.210.200.76:4444

# Reference: https://twitter.com/drb_ra/status/1519761900980121600

193.38.55.36:3389

# Reference: https://twitter.com/drb_ra/status/1519761936761688065

70.34.252.167:4444

# Reference: https://twitter.com/drb_ra/status/1519761955946385410

81.70.245.47:8443

# Reference: https://twitter.com/drb_ra/status/1519762213900328965

http://185.12.45.132

# Reference: https://twitter.com/drb_ra/status/1519762316216131585

45.77.3.94:50001

# Reference: https://twitter.com/drb_ra/status/1519762364891111427

http://43.155.60.163

# Reference: https://twitter.com/drb_ra/status/1519762425695936518

185.12.45.132:443

# Reference: https://twitter.com/drb_ra/status/1519812843088011264

175.178.243.91:443

# Reference: https://twitter.com/drb_ra/status/1519854315321626625

124.221.70.167:4444

# Reference: https://twitter.com/drb_ra/status/1519854381612601344

cloudflare-cdn.xyz
dnsfuck.cloudflare-cdn.xyz

# Reference: https://twitter.com/drb_ra/status/1519854519164805122

2.56.56.129:8080

# Reference: https://twitter.com/drb_ra/status/1519854580535803907

fazlollah.net
list.fazlollah.net

# Reference: https://twitter.com/drb_ra/status/1519854727609171968

http://18.167.12.189

# Reference: https://twitter.com/drb_ra/status/1519854964331450372

http://124.222.157.232

# Reference: https://twitter.com/drb_ra/status/1519855038843215873

124.222.48.126:8088

# Reference: https://twitter.com/drb_ra/status/1519855211656978432

20.121.131.107:443

# Reference: https://twitter.com/drb_ra/status/1519855413839249416

3.6.160.148:9001

# Reference: https://twitter.com/drb_ra/status/1519855646178529280

18.167.12.189:443

# Reference: https://twitter.com/drb_ra/status/1519855687282614274

124.221.36.15:443

# Reference: https://twitter.com/drb_ra/status/1519856003587751936

1.12.245.115:443

# Reference: https://twitter.com/drb_ra/status/1519885682604396544

http://210.215.129.105

# Reference: https://twitter.com/drb_ra/status/1520001796806172677

124.221.151.199:8080

# Reference: https://twitter.com/drb_ra/status/1520036682103463937

arsvmcloud.com
cdn.arsvmcloud.com

# Reference: https://twitter.com/drb_ra/status/1520121668022198273

34.201.105.246:443

# Reference: https://twitter.com/drb_ra/status/1520121703921238017

23.224.42.15:8443

# Reference: https://twitter.com/drb_ra/status/1520121809177354240

http://103.234.72.66

# Reference: https://twitter.com/drb_ra/status/1520121904794947584

softupdatecdnprojectresource.com

# Reference: https://twitter.com/drb_ra/status/1520121938735214592

d3we48qthd38k.cloudfront.net

# Reference: https://twitter.com/drb_ra/status/1520121989935083522

156.240.107.144:9998

# Reference: https://twitter.com/drb_ra/status/1520122122647269376

179.60.146.39:8080

# Reference: https://twitter.com/drb_ra/status/1520122156868374529

173.82.121.42:8443

# Reference: https://twitter.com/drb_ra/status/1520122230327365635
# Reference: https://twitter.com/drb_ra/status/1520123249484521474

http://165.227.180.6
165.227.180.6:443
update04.microsoft-essentials.com

# Reference: https://twitter.com/drb_ra/status/1520122288238178306

noesisdata.com
usa.noesisdata.com

# Reference: https://twitter.com/drb_ra/status/1520122335558307841

179.43.187.208:443

# Reference: https://twitter.com/drb_ra/status/1520122485307592705

116.62.177.151:88

# Reference: https://twitter.com/drb_ra/status/1520122532690595842

152.32.167.186:443

# Reference: https://twitter.com/drb_ra/status/1520122618665390081

39.99.114.4:443

# Reference: https://twitter.com/drb_ra/status/1520122660792975360

179.60.150.125:443

# Reference: https://twitter.com/drb_ra/status/1520122825843130368

104.208.91.163:1431
tokyohot.life
nigger.tokyohot.life

# Reference: https://twitter.com/drb_ra/status/1520122864476770305

http://45.77.117.28

# Reference: https://twitter.com/drb_ra/status/1520122937851920385

http://13.209.168.46

# Reference: https://twitter.com/drb_ra/status/1520123052557750272

http://206.189.109.69

# Reference: https://twitter.com/drb_ra/status/1520123174419116034

123.60.225.57:443

# Reference: https://twitter.com/drb_ra/status/1520123355269062661

23.224.42.15:8880

# Reference: https://twitter.com/drb_ra/status/1520123417227321346

154.31.175.73:443

# Reference: https://twitter.com/drb_ra/status/1520123499888754689

5.253.247.249:443

# Reference: https://twitter.com/drb_ra/status/1520123586719145992

185.10.68.198:443

# Reference: https://twitter.com/drb_ra/status/1520123800658006016

173.82.121.42:13034

# Reference: https://twitter.com/drb_ra/status/1520123856882745344

5.253.247.249:8080

# Referecne: https://twitter.com/drb_ra/status/1520123938189291520

acm-usa.com

# Reference: https://twitter.com/drb_ra/status/1520129282093326338

84.32.188.190:444

# Reference: https://twitter.com/drb_ra/status/1520172324997287938

124.71.215.111:61234

# Reference: https://twitter.com/drb_ra/status/1520177074698440704

tmhnpump.cn

# Reference: https://twitter.com/drb_ra/status/1520215679353470981

http://43.138.135.105

# Reference: https://twitter.com/drb_ra/status/1520216441252892674

139.224.0.201:8082
47.100.131.229:8082

# Reference: https://twitter.com/drb_ra/status/1520216520760217600
# Reference: https://www.virustotal.com/gui/file/f5f01bb32d2a34aabc1dd5667bda885e37ffcf629bb9fc6c040aa75f03708b2a/detection

roxj.37.com

# Reference: https://twitter.com/drb_ra/status/1520216725001756674

114.115.220.78:1389

# Referecne: https://twitter.com/drb_ra/status/1520248240444223493

update.qian-xin.com

# Reference: https://twitter.com/drb_ra/status/1520249362709983232

tonxin.top
antsword.tonxin.top

# Reference: https://twitter.com/drb_ra/status/1520249376039440385

45.77.117.28:443

# Reference: https://twitter.com/drb_ra/status/1520249891703902208

service-1wxpqw90-1259808883.hk.apigw.tencentcs.com

# Reference: https://twitter.com/drb_ra/status/1520250227105615873

http://156.236.66.153

# Reference: https://twitter.com/drb_ra/status/1520328567141371904

1.14.108.192:31443

# Reference: https://twitter.com/drb_ra/status/1520382271664107521

flashinstallers.com
cdn.flashinstallers.com

# Reference: https://twitter.com/drb_ra/status/1520382810653179905

119.3.130.178:4002

# Reference: https://twitter.com/drb_ra/status/1520382886251270144

124.223.207.214:82

# Reference: https://twitter.com/drb_ra/status/1520383096658534402

http://47.98.160.30

# Reference: https://twitter.com/drb_ra/status/1520383199129522176

124.221.107.73:2083
akillz.tk

# Reference: https://twitter.com/drb_ra/status/1520383261712732161

207.148.76.15:4002

# Reference: https://twitter.com/drb_ra/status/1520383326955134976

120.55.63.96:8888

# Reference: https://twitter.com/drb_ra/status/1520383619876933633

119.3.130.178:3333

# Reference: https://twitter.com/drb_ra/status/1520399172087787525

qihu360.workers.dev
green.qihu360.workers.dev

# Reference: https://twitter.com/drb_ra/status/1520400399785734144

54.165.219.165:8443
studyinwork.top
http.studyinwork.top

# Reference: https://twitter.com/drb_ra/status/1520400745644060672

http://43.154.175.99

# Reference: https://www.virustotal.com/gui/file/3743c5604454dd8716288442e0dc102ecc194931a63a1e4ca0ee82eda8857fa6/detection

92.255.85.95:18675

# Reference: https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility/
# Reference: https://otx.alienvault.com/pulse/626bc047f1a3ebc6be0a2856

http://149.28.137.7
149.28.137.7:443

# Reference: https://www.virustotal.com/gui/file/e910bf9f2a88e6fc159ebaabd9cd86ce15edd68a6e36c7dc0ef6e0d5247a13e1/detection
# Reference: https://www.virustotal.com/gui/file/d11b38d4ec9812a69128bd6f5f4a96a2c4dc7565634fc7c06dde3899814f7f69/detection

120.77.153.216:5566

# Reference: https://www.virustotal.com/gui/file/8cdca8d1cc168d8b1d80da13bf4c721332f2e4b73b425e89028d40df22f461b5/detection

bellennium.com
malonblanco.com

# Reference: https://twitter.com/malwrhunterteam/status/1519761973659025408
# Reference: https://www.virustotal.com/gui/file/a72e28370f740e7e595134b1f53c7354665a92743a668a20ebe6cb00535e7552/detection

203.25.208.35:8852

# Reference: https://www.virustotal.com/gui/file/4e705991559570b6546bc523bda19f2f82254641b711a84d2a62e8f873ca55d7/detection

103.214.170.64:800

# Reference: https://www.virustotal.com/gui/file/484be2dcf0e7c348bfa6dc7cf6cb75ffddb127c767cdb45d615d0988bb5b3da7/detection

103.214.170.64:7777

# Reference: https://www.virustotal.com/gui/file/f697bdc5a434a255b088729518c0864d465935537a060b1d59e4296a0e80d63f/detection

39.101.181.62:9999

# Reference: https://www.virustotal.com/gui/file/bb95b34ba6f42cca9370d949e62309609685d2de220936f77b1f9ef1f55c4d7e/detection

39.101.181.62:8888

# Reference: https://www.virustotal.com/gui/file/8cc86d64b9b6a260b09f2ed4b76e072ea44769818dd868887359366d79904da9/detection

dotnetstatus.xyz
exporerstatus.xyz
microsoftstate.xyz
s0s1s2.xyz
tikencode.xyz
api.dotnetstatus.xyz
api.exporerstatus.xyz
api.microsoftstate.xyz
api.s0s1s2.xyz
api.tikencode.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1520120782332047360
# Reference: https://www.virustotal.com/gui/file/b826afb6637d72b99e2ecc6f8fdb8407a8c356dc1dd2112ccfee8241796904d3/detection
# Reference: https://www.virustotal.com/gui/file/7d9027b25f7b7bfe41650a501f9d410e006cf570c6229b12710be3d52fd01689/detection

http://121.196.238.43
121.196.238.43:8088

# Reference: https://www.virustotal.com/gui/file/9af6e7dc852da1bc4ee1436156751ca62aa13de656dc5fff80df23b8dc5367bb/detection
# Reference: https://www.virustotal.com/gui/file/7db924d128b82a8425389406c7a89f89445ad6addd510745ee5d1f01f79df6bf/detection

116.205.134.237:87

# Reference: https://twitter.com/malwrhunterteam/status/1520498365259264003
# Reference: https://www.virustotal.com/gui/file/3dd56096e23107c369a5ad7720ed261f8b15e0d55d2b13dfdcdefb1e328d6beb/detection

http://110.42.159.151
110.42.159.151:8080

# Reference: https://twitter.com/malwrhunterteam/status/1520506324936794112
# Reference: https://www.virustotal.com/gui/file/1bf7f613d052ab5c7329e807902f5aa338f67f84a750dbf8c050b1912733c0ab/detection

102.129.214.34:443

# Reference: https://twitter.com/malwrhunterteam/status/1520516329941393408
# Reference: https://www.virustotal.com/gui/file/8700409b0e22057cc4e34f272ea556de8f70b68b18e8984711f9c3ae157bd9ce/detection
# Reference: https://www.virustotal.com/gui/file/64ee5c01f965164225cb95d0d6dbc933749cfbf97f01a8212036ad9816d93987/detection

141.164.35.122:9909

# Reference: https://twitter.com/malwrhunterteam/status/1520517413967740930
# Reference: https://www.virustotal.com/gui/file/b387631b10f6882b2fa589288920f7a29d01fa58b716dda32b332ab0f42ef532/detection

http://154.12.33.22
118.195.172.110:8080
