# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/malwrhunterteam/status/1240215543480750082
# Reference: https://www.virustotal.com/gui/file/f3b0aa7d9664258c9e1783289c4fc56e05b23e3eb9a3557f55733806564deb73/detection

45.142.212.126:6677

# Reference: https://www.virustotal.com/gui/file/d920f89a4d8ae2f2cc597779c57e515c0f9451a66ecdaeef35169f6d0a43a35d/detection

176.57.69.250:6677
goldfrommadagaskar.pw

# Reference: https://www.virustotal.com/gui/file/1bd9e1a6c02737ffdfca1d3c32985361a5c5bdc5da7cc2593291650eb32dd15d/detection

204.95.99.26:6677
zyzoom007.no-ip.org

# Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# RedLine Stealer)

covid-19-gov.com

# Reference: https://twitter.com/jorgemieres/status/1255243161099735046

192.154.229.100:6677

# Reference: https://www.virustotal.com/gui/file/56f4a42801fab4c065a0cf4d34ee6d476419d7ab5570268d811cbfbdfa6f7e5e/detection

45.142.214.84:6677

# Reference: https://twitter.com/yusaerguven/status/1263470947706773504

xalonndoth.xyz

# Reference: https://app.any.run/tasks/2e6b708f-3add-4428-9f4c-f087874050a5/
# Reference: https://www.virustotal.com/gui/file/f6c756d3b2667ac43f733489fffd65d440ea62da586eb792877dcaab2074873d/detection

http://45.66.9.166

# Reference: https://twitter.com/iamwinstonm/status/1275548216470233092

http://45.76.21.56
yy31t.chokun.ru

# Reference: https://twitter.com/James_inthe_box/status/1283383567028908032
# Reference: https://www.virustotal.com/gui/ip-address/198.23.172.50/relations

http://198.23.172.50

# Reference: https://www.virustotal.com/gui/file/ba8d3d5d0d4b0d2178ea3ed1ff72e49ac8f6b608aac2718c6cf9904390dbeb80/detection

http://45.142.214.206

# Reference: https://www.virustotal.com/gui/file/aa30299c8266809acb727ef5ec89a80f0cdbcc848550607743f256438f00e398/detection

http://178.159.43.68

# Reference: https://www.virustotal.com/gui/file/96f235bfbc90b71caa6e4da9a3d73d33a035d944f80f9c53afc4da0ee1a10fce/detection
# Reference: https://www.virustotal.com/gui/ip-address/80.89.238.64/relations

http://80.89.238.64

# Reference: https://www.virustotal.com/gui/file/2d52cbd88d34e2928831164fba18a62dd72ed96927059feca90941c38f45e0d4/detection

80.89.238.64:8080

# Reference: https://www.virustotal.com/gui/file/a14148130d16c614e137f9aa0d4a24c09136db6b21974a594df6770b9b1d922d/detection

80.89.238.64:8087

# Reference: https://www.virustotal.com/gui/file/74110b6941ce18add7a009279ce36b06917c66025734daf729bc8bae7ec49cb1/detection

80.89.238.64:8990

# Reference: https://www.virustotal.com/gui/file/070967deea1294d9f3ae5993cc6d9c8bf5d800640b1477944838c02a5613e23d/detection

fragly.top

# Reference: https://www.virustotal.com/gui/file/54567d476e085f5aa1ba45e0b80e7eec75337d93de996f118da592b93b144c8e/detection

3.127.146.248:6677
a0438890.xsph.ru

# Reference: https://app.any.run/tasks/101376ff-5daa-4b49-a1b9-fb391c852079/

http://95.181.172.34

# Reference: https://www.virustotal.com/gui/file/4f0c8558a81e024b9248403a05a3aa50163da44d9e966822acc77926aeb17abc/detection

http://45.142.213.244
45.142.213.244:88

# Reference: https://www.virustotal.com/gui/file/409d53cfaf4e43f9257c281b2026fe075b5459d1bb19e5eb30d8ff75e882689c/detection

45.142.213.244:27016

# Reference: https://www.virustotal.com/gui/file/9a234c43b87d16370414c22b3b2f37f2f92f86da711fab87e392eb1fbc9c0cde/detection

45.67.228.55:27016

# Reference: https://www.virustotal.com/gui/file/4759a80ce3801139ad2972a42e524a728c2b19d9c6a9d82d7a52ad2742bf9d0f/detection

omilonian.club

# Reference: https://www.virustotal.com/gui/file/cbbffd737dab38f3f637a532e210273f295243fd83a130003d36eb0689df2282/detection

dirtate.club

# Reference: https://www.virustotal.com/gui/file/4b6956cc243efb50c75fb740540bf1ec648ee56433e9868d85751f3677e50bca/detection
# Reference: https://www.virustotal.com/gui/file/3b942a9b290020ae3ff94d7af18dbe23669cbfb1d9e16272048ebcc88117cf8d/detection

http://159.69.40.187
j1093145.myjino.ru

# Reference: https://www.virustotal.com/gui/file/89773ed5a0fd438d9c7d86da129b19d945be5696b736314739a2364839a3a2b4/detection

74.208.166.46:22

# Reference: https://www.virustotal.com/gui/file/9da816bddae582a08537dd5804549c0b2cf594f4ac2f9065d242d61e41d78259/detection

rrkimal.xyz

# Reference: https://www.virustotal.com/gui/file/029ae517a07624221886a5f2e15bbbecff3d2afed842e4b52eafaec1409f87d7/detection

haroldreadlife.info

# Reference: https://www.virustotal.com/gui/file/0687165c7a9b105319ada7d1ea051a4852a5b2f32c81a322e6af98d0db9d9257/detection

http://195.161.41.183
185.153.198.216:35253

# Reference: https://www.virustotal.com/gui/file/276a4b8565a2cf1eb94e998cd025cd1cc961e034464206f15f0bb1d9a6da27bd/detection

4hzp4c.mydepp.ru

# Reference: https://www.virustotal.com/gui/file/e7b4146f9277fee3e790d8d2d83f9f1fd2d1e263b3eaee3dce79f03f1dcf20af/detection

http://81.177.165.192
8hjbhuh.regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/c07df4766d20cd66406250d96e6b4c3e632688c784caec6f780387686117ddf5/detection

recipeskitchen.info

# Reference: https://www.virustotal.com/gui/file/206f7d63fc4fedf05a3880eda3671b2338ba2cebeaf1a58f65d7a7bcdb68a2b8/detection

http://217.107.219.68
217.107.219.68:35253

# Reference: https://www.virustotal.com/gui/file/d86500e2e0bfb50d01b7836ded1cc2e4573152a66819b487e1a188694f7098eb/detection

elerinomi.xyz

# Reference: https://www.virustotal.com/gui/file/93e56b013a5c3b7125ed9dfbce83683cd10c9507fe7c7039bdf498926b7f6776/detection

http://195.123.241.230

# Reference: https://www.virustotal.com/gui/file/487b0a4a808b62ec9c1ea73ff12e5307ba02c0d07339feb8f8aad79f429eb9f8/detection

http://185.153.198.216
http://193.38.54.91
185.153.198.216:35254
193.38.54.91:8080

# Reference: https://www.virustotal.com/gui/file/974b11810776fd4496f5ca9a8b5d0b67e7f713c289477f2b09973a26f2ab82af/detection

http://49.12.11.188
j1093144.myjino.ru

# Reference: https://www.virustotal.com/gui/file/cbec9612f5b1c5379fdc3d746caff4a4b5695b3292c6099700ab63c6bd45bdb0/detection

195.2.70.204:35253

# Reference: https://www.virustotal.com/gui/file/e99ed0cb6113a0b1713147da8ba391315cd7eeecc69e95dfd651bd5966d97eef/detection

http://179.43.170.130

# Reference: https://www.virustotal.com/gui/file/fc62c32a79b9d84ad82c08d5197df46e0699c94282c24f9f4df6887b9b6c62e6/detection

http://195.2.71.122
5v78i24.mydepp.ru

# Reference: https://www.virustotal.com/gui/file/75731505d87f120fc84cd1453a5249de96f6633613b3dcbdc1ad2fdbe9d0a673/detection

http://80.208.231.136

# Reference: https://www.virustotal.com/gui/file/a28cab7a918a6d7b70304aa304f18ab4bee134bd4c1558e7ecf85533158671da/detection

43lox5.mydepp.ru

# Reference: https://www.virustotal.com/gui/file/f13d0d8fba18fe459fb352640410b4e259d78afd37d053e97fcc3bc366be629e/detection

http://195.2.92.164

# Reference: https://www.virustotal.com/gui/file/42e142781db3adc5da9a6072c51c9a2258e42ad2ec9e362503e172443b72062c/detection

http://212.162.148.15
3f6mm0.regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/6afc908999cba554d911d760c5d4dc065fb72d06dcecd7e599035833332d910e/detection

http://93.115.22.96

# Reference: https://www.virustotal.com/gui/file/d5200ca81e04d0d3e23fe9f35cde3f7ceef75e0ac5f5e5df710c30761de46a82/detection

http://45.67.228.55

# Reference: https://www.virustotal.com/gui/file/803829f97e020d3d5f35bd9fc11568f54ca7ab01394053e8ade7e5e299f3263e/detection

http://159.69.249.205
xuriq.makeiralone.ru

# Reference: https://www.virustotal.com/gui/file/9c3d3d932f2cfd6b1278e544ec50fba691fb3372c808ad4ce83c182ac596eb61/detection

j1093151.myjino.ru

# Reference: https://www.virustotal.com/gui/file/bc6cf1a2f555a8c40590edebdf5f62a36ec96c637d192ce3777797c22103a336/detection

http://195.161.41.119

# Reference: https://www.virustotal.com/gui/file/77b6705f4dbf707dc4c28ee59f58c5d7ae3a452c6a05a920cd07034dce05bc78/detection

4xnnbwh.aletitself.ru

# Reference: https://www.virustotal.com/gui/file/4ad6224ad13d804a0e51b000f1d3d8467bf3fd92adae42181505dad425fc3c16/detection

wcmj3.regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/86582d84d6e4b1321431c74645528727169c1af9b23d396abaeeccc9adbbe7ce/detection

http://45.139.236.84
45.139.236.84:35253

# Reference: https://www.virustotal.com/gui/file/6d3d3f597ccdc42b0944f4fcbdc679a7aa431b726717d8ddea75433e0feb0480/detection

26geyw.makeiralone.ru

# Reference: https://www.virustotal.com/gui/file/d1a5e0e77ac5fcc92e382632e7aba769ddc8c579079e9b87752844b9f47afb66/detection

zphy9.mydepp.ru

# Reference: https://www.virustotal.com/gui/file/67582fe3899bf3660787599bfca689a22fb68401ec59e35b147fdaba61f23063/detection

http://49.12.104.203

# Reference: https://www.virustotal.com/gui/file/6225c71091ec37b9e09972c04738a81212a51adeab87ff7a1a3bb7b150268026/detection

tq5d.regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/09d5ddcab205a8a1a7dc89eb59388fc5ac860d8bd907e8652244ff2bcf00929e/detection

643yrw6.regfrodom.ru

# Reference: https://www.virustotal.com/gui/file/5d19f63183cbe6d2fa0c5f583d7eea04d4b772c00856beba98085ccb1cc513c4/detection

k12.regfrodom.ru

# Reference: https://twitter.com/JAMESWT_MHT/status/1297878628450152448

95.181.172.34:35253

# Reference: https://app.any.run/tasks/a407ad1e-5b05-496d-8f95-6dda9d511dc0/

bolarie.xyz

# Reference: https://twitter.com/JAMESWT_MHT/status/1322845872544194562
# Reference: https://bazaar.abuse.ch/sample/b3cfbb058c0ecbd7da7f5bdd740fa729f7b0d9cf61f93b32750ce06745abc24c
# Reference: https://www.virustotal.com/gui/file/b3cfbb058c0ecbd7da7f5bdd740fa729f7b0d9cf61f93b32750ce06745abc24c/detection
# Reference: https://www.virustotal.com/gui/file/446edc0d1f7fff55b43dc47d935ac4c8b4ec345a5edaf90f5ea2122d3137f19b/detection

avscanner.site
marscleaner.site
fatfarts.com
solarpwr.ru

# Reference: https://www.virustotal.com/gui/file/fc98a2d606c58b8d7c318b470a77c342b290d1dea2da32d2f9648cbeddff9143/detection

banesys.xyz

# Reference: https://www.virustotal.com/gui/file/d0056dc81acbc4ea4fa63420e780f58beba75a1d5ad1111e3194689f9d241120/detection

2.56.213.140:35253

# Reference: https://www.virustotal.com/gui/file/f7a125635ef310828bb6268a833c825bf0d8dbc3917524a7d568ec8e0977ac7d/detection

45.141.58.213:35200
loveland957.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1330817468424708097
# Reference: https://www.virustotal.com/gui/file/0d5bfc0c20d8142640a572b53e611015b225c0312faac51006c299e59a061a8a/detection

http://95.179.148.51
95.179.148.51:35200

# Reference: https://www.virustotal.com/gui/file/7ace2e47f0da1dc1e67271229b77429ea7b09853f94cf034fd2ebc838e8f3f42/detection
# Reference: https://app.any.run/tasks/c635f3bf-91ce-4b8f-9656-975785309f22/

45.150.67.5:35200
s58s.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/58ccc1924fab52eea591a2259d3d2d5b9b71b826f73d2ad44c8a978a69274639/detection
# Reference: https://www.virustotal.com/gui/file/505480d98283a5b8eb3b59da40bbd87ccd0c87a3ee17967a01f6bc77f85a7bb0/detection

i1.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/4e47e31a1e3be59e4dad30afc9ebe982d63a4744639173ce1714b483c7d5097e/detection

8lyo1em.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/749779f774ba19e92898e12efe456f817dd2c7a28bd39996a94bb0982c47d228/detection
# Reference: https://www.virustotal.com/gui/file/4c52abff5124e2f083461359f36f0e80cf278124175c513a2219c7e2bbb403ca/detection

4nmb2f.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/a0028ba2c7d5692b05291ab737ae30afe27db4c70221ffde0c987c3ce6f44de4/detection

rzbk.puanp.ru
univialan.xyz

# Reference: https://www.virustotal.com/gui/file/50c123fb7a5375bdefa79954ea6004557ab44a5cc4539a44b4ec0781998ec279/detection

45.142.214.15:35200

# Reference: https://www.virustotal.com/gui/file/c3a9fbfdac63bd430d676fd00b17e0b8594bc6d0e65d4961abc011485bc791a6/detection
# Reference: https://www.virustotal.com/gui/file/b3f6769773249be4fc2099e0c49cbf4f338e871764f98cfbaac393476318efdd/detection

139.180.146.6:1524
http://139.180.146.6
w1azp.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/9850bb21544a0375948ab304014fbad4d3a9bbd7289c5ca42de9447298ff8bce/detection

piterpakrework.info

# Reference: https://www.virustotal.com/gui/file/c5a2167d4f12dc79ff66922a7e831220238e787f98386cc1c813ac05a5de37ad/detection

http://87.251.71.88
7qxlq4x.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/3918fafd28e4bc2e79d4c2c3813c930a29d7d547a601c755c1d92331dea32303/detection

185.144.29.169:4898
ni0.puanp.ru

# Reference: https://www.virustotal.com/gui/file/ecfccb38dafd7a68787fba8bec49fa35cf8ea0a6b05b86acc7d1bc3b1338696f/detection
# Reference: https://www.virustotal.com/gui/file/7f9a8d9625a8cc588517f5d1e460b85db1ba571b3b5e8291dff141b77194de07/detection

138.124.180.175:35200
52p666a.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/4f210f1d93df30ac3aadce50e30505efc0bf2e60ee86048a5cc8ad062dd90dad/detection

htpdi.ru

# Reference: https://www.virustotal.com/gui/file/88cc6bfc643dedc34cb9fccd86f0cea599824b2b2095eb3596562e708fb78f36/detection

45.144.29.87:1195
o23.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/4f47e4807dcac7a4937c7965b35de917b0615e79698d8246806b3d34bf42058f/detection

168.119.121.41:35200
5.252.194.139:35200
j1118490.myjino.ru

# Reference: https://www.virustotal.com/gui/file/294a004c549914c140983de8717d053e0637994bd08c1763820d6d9a21f1fce1/detection

gc.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/9d9bd21d06e78c427c294410a7799ce6a058b4c5230b55669fb7f83af273c6ab/detection

http://93.115.20.250
1ioax6.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/08a123f5a2182eeafb1fd72cfb659e959d78e9222a63c9ef84ed62e2753052ec/detection

8evknfk.puanp.ru

# Reference: https://www.virustotal.com/gui/file/0773af8db04a5c0d400f13a6d0f7d071fc3b82b93d6b099cd4b7c3f3708f056c/detection

3bvmyz.subbir.ru
yoreanan.xyz

# Reference: https://www.virustotal.com/gui/file/59556af8b735f061c760947644536940b0a4c88a5af608bf4cdad28e234c8f83/detection

72ac38q.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/1306b4761ccf503919cdda75b4360f25c5b68f664c404b766740114fc9b7dc85/detection

udp3.puanp.ru

# Reference: https://www.virustotal.com/gui/file/08eb269d6c3bfaf4d3cde53a987e0adc96a171235d3c34e3c6e9422920e793dd/detection

http://185.153.198.13
rgvq.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/50c123fb7a5375bdefa79954ea6004557ab44a5cc4539a44b4ec0781998ec279/detection

4wqk49.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/f7dbd623d406d873ce55897d7ac498d5d4a1d6ea21977b9fa6c5706304b9ed00/detection

4jmxoa.subbir.ru

# Reference: https://www.virustotal.com/gui/file/c03873769ea8145738ec2c73fb8210f4cfe5d24ece2f62184ae18b86d67c057c/detection

135.181.170.172:35200

# Reference: https://www.virustotal.com/gui/file/be63c5b03643c69c93022467c742f41748e42ab93bfc81c41856729ceb71554e/detection

qqu2.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/1275562d0649464260ad7346739d6e006fbf0556fb829d42800e088ad3b64b45/detection

f7.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/07131d1d78e385d8f41ecaf56cc69fdb29bbfa171c7785b00489c9f9c25599e3/detection

2.56.214.31:35200

# Reference: https://www.virustotal.com/gui/file/e7111acd60f1fbe98eac7e7ff9215b34758257a9badf2fe02ce8d39a1d0a3b73/detection

c.subbir.ru
jx.puanp.ru

# Reference: https://www.virustotal.com/gui/file/d9ccd4ee8088ff64bff8589070ca44905754da2707c0afb9de753d9d38fd6f9c/detection

95.181.155.204:35253
a.puanp.ru

# Reference: https://www.virustotal.com/gui/file/01062222fcf001cc384406df80713d0b1b98daf2d22e8e362489a6949210ffd4/detection

8ogmcq6.puanp.ru

# Reference: https://www.virustotal.com/gui/file/f2bd72ba73945d222c4926b283989470496b401e5710a1648f9f56ab7986492e/detection

c.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/804f3fdb4418931a6d012454ec03223ef5d790a23b12178da818ac67518b45bb/detection

94.177.123.237:35200
http://94.177.123.237

# Reference: https://www.virustotal.com/gui/file/2d2a494f761dcc19ea6b436879c11a9cd5ab04278b227136a7400ab0e41be743/detection

168.119.153.70:35200
http://168.119.153.70

# Reference: https://www.virustotal.com/gui/file/3b29fba829ff5dd4302df9677afe95834aed420a3ab55ef3c2af073017baef32/detection

159.69.35.97:35200
94sb341.subbir.ru

# Reference: https://www.virustotal.com/gui/file/28b42afa0f57a32f9570b828c78816904e30c2c9fe375245d7a4697f9fc00976/detection

188.119.112.47:35200
uv5l0.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/21c532b3140b7141251e85c65f4570dd9e4734c539f895638cab18dbf44e81f4/detection

j1118489.myjino.ru

# Reference: https://www.virustotal.com/gui/file/1df8267dd9ce51b8ccf14a1e06ff7b592e5530e711691d472c927034c46e4eca/detection

hf.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/3280540ae8b952dcb6d6ae152296c8f16f7d623490de7d6903dd400c346b1823/detection

http://45.67.228.250
29zghs.subbir.ru

# Reference: https://www.virustotal.com/gui/file/9fd9e221b5df01d174146d0a88f66600370216ac3d88fb6db8a3639d16d09d0d/detection

188.119.112.224:2581

# Reference: https://www.virustotal.com/gui/file/9901d2a24460508bd010bf1944727516ffb308c28a1efea12fe63e72acaf9cd2/detection

http://95.181.155.204
6srudc7.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/a1e3d4da3cc10b983697f02d2184e060998026c55fbf9e4b5afbb77cbc77ba2d/detection
# Reference: https://www.virustotal.com/gui/file/145bae0149a58edee8a8254ff3ac9a6d4b2ccb59b78c1b9cf53dd31fa7c24113/detection

45.150.67.34:35200
http://45.150.67.34
9brv2vd.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/ce7a10844b3230e848410c58ed5e71309b3cb6b35df648cef4dd787436fc0189/detection

kcj.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/2108a24632f3c3c9cf7ec40bfd020dca9affa6d0aca41d2e76a80d167c0923f1/detection

g5.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/9eb28569e5108dc54581385ba4f7dc90ddffc6e53ee1940ef6546b827319b4dc/detection

79cfu0n.puanp.ru

# Reference: https://www.virustotal.com/gui/file/bc83115007b82b120ab3371136658e2bff388ffe6f54471b44d172ce605ba058/detection

188.119.113.20:35200
http://188.119.113.20

# Reference: https://www.virustotal.com/gui/file/f5115ca7397b49441a77cea1dafabd849971d41ed0e0f60f6fe4ccc26d5b4868/detection
# Reference: https://www.virustotal.com/gui/file/c0d04f87398a9af33e156813ce38572a447ec1999440bde836a605510e2c83a1/detection

135.181.111.110:35200
45.144.29.58:1195
http://45.144.29.58

# Reference: https://www.virustotal.com/gui/file/5c399d5ff7178119a6b3fc3fa597cf7af8f0596517470a42434683574bf5d99d/detection

49.12.79.198:35253
http://49.12.79.198
is.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/f5998c484f87463cc04aaa8ced6b548863d52b95b471b73edcddf54b32333d56/detection

185.107.237.53:35253
http://185.107.237.53

# Reference: https://www.virustotal.com/gui/file/100e040d5cff64538d4a787561042383c68438502632dd1a44433196fd4f8496/detection

2.56.214.31:35200

# Reference: https://www.virustotal.com/gui/file/b2031f84e618d24377831cfe2639e9bc979f0de22f7dd8d3a30575e0eb3e7a25/detection

7lls84p.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/9409ca81b94b456d58c5d7221f7e63d56c6138dae8259a605423fdac7c8e111f/detection

tallipere.xyz

# Reference: https://www.virustotal.com/gui/file/e5e31dc2eabf77b13a496b0abab78e285ae11eb94f7afc71224c559ef59e5fd2/detection

zr29n.subbir.ru

# Reference: https://www.virustotal.com/gui/file/f435aa6b2acbabae5380c5a7be7680567e06e2a7617cd557f11f5896b64f66a9/detection

45.139.236.16:35200
wuqrx.stjbg.ru

# Reference: https://www.virustotal.com/gui/file/8825eebf3e19804f89d438aa971ccf8335cb70724e76057c70f0a5cc3257d72c/detection

npe0.ibidazn.ru

# Reference: https://www.virustotal.com/gui/file/41885c175733f5df1372a3f8812c3e66db547bc6efbc91e3e92dc3df4da7e6ba/detection
# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.156/relations

mardarem.xyz
qileilaro.xyz

# Reference: https://www.virustotal.com/gui/file/519d1f80db167258cb18fbf2780c2a063ce08b362fb321b2e43d0e21337f605b/detection

s7cd.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/a0e6eb32d87b13bfadae56c82e41444d03e92dd882d0693edc38f40410d61601/detection

5scblnq.puanp.ru

# Reference: https://www.virustotal.com/gui/file/c8612c9da44cf8f88062150bace1aa6787dcecebc125856fe061b87307284b11/detection

mxq.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/38ff2e34e7b48b137c10cc985556d1be8f566f4252fa73e2a316c9584e55c92e/detection

j1118491.myjino.ru

# Reference: https://www.virustotal.com/gui/file/09eb0f2a3a32f28887a5438ff400c263e2247b6af78f73df809b40e3bdbc62c6/detection

z4xvw.subbir.ru

# Reference: https://www.virustotal.com/gui/file/250fa44d69942d88c917832591ef2d53e5942117dbc78c4bc49ee1032da25cf0/detection

9yvt40h.subbir.ru

# Reference: https://www.virustotal.com/gui/file/9d97472dc6349edf41e235de9e45beda91afc7fe493e0bdb39a2cd619f4937e9/detection

pg0.subbir.ru

# Reference: https://www.virustotal.com/gui/file/d40a3ec4da61672c31927b65f7829386154d5d9d3122367fec90c9a7edb7ee5d/detection
# Reference: https://www.virustotal.com/gui/file/0eb70fd1476d81dcf01cef53f0cc4f6eb2718c86722eb8a08667f929a8254430/detection

149.3.170.231:35253
173.243.112.96:35253
185.153.198.26:35253
23.95.85.239:35253
redline957.duckdns.org

# Reference: https://twitter.com/makflwana/status/1339732100497326080
# Reference: https://www.virustotal.com/gui/file/6dcb770e16f75716f0b123ebd34b68f6dd98aaa0ab7b4ec0a87461ff16fcdfba/detection

45.84.0.210:27018

# Reference: https://www.virustotal.com/gui/file/e205cb41d5af00b327b7fbc6112ccc6bda75b71ea68d6016050c3228e4955ce8/detection

86.106.181.211:35200
sl0a.holditbb.ru

# Reference: https://www.virustotal.com/gui/file/bc7025907debe969af97397a7e8cf7d3032f2a51873e1a550b17361f74b691aa/detection

j4l.nonakadde.ru

# Reference: https://www.virustotal.com/gui/file/b42b33ffa4b45bc81b71f13d89dc1283b155204913aa8362e99e9aa44366bfb2/detection

173.234.155.143:35253
185.238.171.69:35200
03rdk6.kayumina.ru
addstar.site
p4lq.ibidazn.ru
xp5v87.ahanuna.ru

# Reference: https://www.virustotal.com/gui/file/90dd420c2d134eed9cbec83d1754eb2ec7d9f675108c288222214890d5062945/detection

p361.htpdi.ru

# Reference: https://www.virustotal.com/gui/file/c2fd177d37562389c5360914d8674750d0e20986d57e4437073eb7a51b6fa8e1/detection

ncm.holditbb.ru

# Reference: https://app.any.run/tasks/d6bb5728-7992-492c-a3c0-3fd3fc5575bd/

168.119.126.136:35200

# Reference: https://www.virustotal.com/gui/file/90dd420c2d134eed9cbec83d1754eb2ec7d9f675108c288222214890d5062945/detection

p361.htpdi.ru
venepahu.xyz

# Reference: https://www.virustotal.com/gui/file/1f45245431fe82ce18d68f81e3cc6619e9190ae03f869dbd14dbabf5a0df2346/detection

193.38.54.44:6677

# Reference: https://www.virustotal.com/gui/file/3729cc0e9183d4e4e6e7c9b82311538cc4357e35f817c32791131cc62a32ae1a/detection

3.250.34.72:35200

# Reference: https://www.virustotal.com/gui/file/d048781928e542d4e2a1926a38088c53e45282f350bbd3ddec5bb02fa5c4f20d/detection

http://195.88.209.205
195.88.209.205:35200

# Reference: https://www.virustotal.com/gui/file/ed8fcc8188b4cdc148f4c4ba02572f1fa0d96ffda5ab4f6933d1611be190bd20/detection

http://45.67.228.85
185.140.53.37:1900

# Reference: https://www.virustotal.com/gui/file/c86ceb78c8aa8ecb5e96f7d44a8c593ef2c310102189366d4c0d35e80c0115c9/detection

dovakl.xyz

# Reference: https://www.virustotal.com/gui/file/c277d8c504ae1630a12647c17febacdeec9b945e6c0dd3de13d77e1b19e152f8/detection

80.209.229.192:35253

# Reference: https://www.virustotal.com/gui/file/3d38447751fa697d5555d6105dae910095a2d707d3cbafe74e1b5fedc320ea02/detection

http://138.124.180.103
138.124.180.103:6677

# Reference: https://www.virustotal.com/gui/file/6562d614d287aa4a3ae744b8e7b369a83f98186341bad59115362f6547662b87/detection

45.150.67.47:35200
5.252.194.139:35253
5.61.48.187:35200

# Reference: https://www.virustotal.com/gui/file/7cd263c6c0cfc519ded0b5d4a81611c1a705d7306644ac136af244ba49e039e8/detection

http://138.124.180.103
138.124.180.103:6677

# Reference: https://www.virustotal.com/gui/file/a184c16338fac42c9252dd633adc8998d3807c2b0a6ec092f5236d0f672ff6e4/detection

http://147.78.67.95
http://195.88.209.205
147.78.67.95:35200
195.88.209.205:35200

# Reference: https://www.virustotal.com/gui/file/b7a16329d7ca5a5ff38f6d424b426f33a29e1fff8490016530a7433134b391f6/detection

147.78.67.95:35200
185.248.100.191:35200
5.252.194.139:35200

# Reference: https://www.virustotal.com/gui/file/6efa18e06585b385b74ad9805626c5a2111ccf84cfbc671c570aed1063aaee62/detection

http://185.153.198.36
185.248.101.89:35200

# Reference: https://app.any.run/tasks/8071b4b6-d714-451c-974d-7408ede5c189/

95.217.250.25:3074

# Reference: https://app.any.run/tasks/4b0b368a-f358-4319-b2d8-2e73038292f2/

bilirtylo.xyz

# Reference: https://app.any.run/tasks/400b4c57-3456-4fd5-8cca-39c932931679/

gysmetze.xyz

# Reference: https://app.any.run/tasks/17f4822f-1458-402c-8bae-bacf0407351b/

45.147.230.79:35200

# Reference: https://twitter.com/JAMESWT_MHT/status/1357636864157634560
# Reference: https://pastebin.com/huuZNhcH

45.33.89.196:81
45.67.231.50:81
178.20.40.83:81
185.250.149.233:81

# Reference: https://otx.alienvault.com/pulse/601fd7724f7fa4e61de64741
# Reference: https://www.virustotal.com/gui/file/2fef5d56e1f31582e1d6f1693634c29e42f7ba5ff2997f4f7ec6704388559439/detection
# Reference: https://www.virustotal.com/gui/file/999c372086c7675936d59a123a2dfafa6e4be906e62950126bc2bb0234c43413/detection

19cdd.utsukushikaini.ru
orinenia.xyz

# Reference: https://www.virustotal.com/gui/file/21111940eab18ef660752aa518f6eecc95ee454a6af69b8809f0880d921b1f8e/detection

wornegmot.top

# Reference: https://app.any.run/tasks/1815006b-c425-426f-85cd-7049d7ab9906/

86.106.181.38:3214
2ke9e.uxurani.ru

# Reference: https://twitter.com/wato_dn/status/1362322209868505090

94.103.85.106:35200

# Reference: https://www.virustotal.com/gui/file/cc9f19572d3f795d0c8ef6b27637b14ff8045b7e39874b1cab13069d9c71d9ba/detection

http://178.20.44.143
178.20.44.143:3214
t0hb.uxurani.ru

# Reference: https://www.virustotal.com/gui/file/7b104a5471795edee469e975818adbe98e0bd5077269c62eba6720dfc36079aa/detection

45.140.147.121:3214

# Reference: https://www.virustotal.com/gui/file/faec65d1f24b2d1274db5a3039d58b66b2d97b9483ea9fe4a247a286c31f9e7d/detection

http://185.234.247.197
185.234.247.197:3214
v42.sldov.ru

# Reference: https://www.virustotal.com/gui/file/42a729ad71e53fdaf3827364a3ffe8398e78489d62b9bcd5c5f2d25d286b6f58/detection

45.153.186.104:3214
c.sldov.ru

# Reference: https://www.virustotal.com/gui/file/99248a018982e114235573812d225d219a2a14038bb857e963e1d23ae8d7e9cd/detection

45.145.185.127:3214
e.sldov.ru

# Reference: https://www.virustotal.com/gui/file/ce3b3f21f9673c5cf0c3925e6eb9532fe34aad9555c8057eece9e5ea29e1ae20/detection

45.67.231.58:3214
j5.sldov.ru

# Reference: https://www.virustotal.com/gui/file/a14fb42ce0bb182cfbaf6319ae29a96c81ba4ac195cba646ad899f63085e205c/detection

2.56.214.103:3214
vbi.sldov.ru

# Reference: https://www.virustotal.com/gui/file/1276508d3f174cd89e0c35054ab8bf79581b83c821a36c5958b6071d1835872a/detection

80.92.206.118:3214
pp.sldov.ru

# Reference: https://www.virustotal.com/gui/file/e401a949ac7801d662b4f05acb3dc55e604de12632f032c6efecbc607a848ba9/detection

http://80.92.206.118
80.92.206.118:3214
s6g.sldov.ru

# Reference: https://www.virustotal.com/gui/file/c7114a36aa57968aab7329de0ce98f1882a26afd6ee7d99d774f5821f80dc7a8/detection

http://86.105.252.250
86.105.252.250:3214
op.sldov.ru

# Reference: https://www.virustotal.com/gui/file/cbd5572a46685f16c81aa1c1b738ec7f8ace9069d9debe93de76bfad16f4d96e/detection

1m12.sldov.ru

# Reference: https://www.virustotal.com/gui/file/38e9eda271a1bbf27d7486fb5ebf88da22a92711ffb19a43b9519e512c336252/detection

87.251.71.103:3214
0cl.sldov.ru
5ur9mv.asubeshi.ru

# Reference: https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html (# Win.Packed.RedLine-9831330-0)

jelonaki.xyz
kapesteis.xyz
ronamei.club

# Reference: https://www.virustotal.com/gui/file/622355bac67fa35d2367c93ef6491e2baaf4c2ff8a8ed75ab23ca25ceeba4b6b/detection

37.252.5.213:6677
zmjj.doshofater.ru

# Reference: https://www.virustotal.com/gui/file/7c8b8fe872d1c7ea1edd0f808c08b0d61d5c5599461695f486b661730607570a/detection

http://45.67.230.60
45.67.230.60:3214

# Reference: https://www.virustotal.com/gui/file/fd2086abf2e433332ee2cd656d6899c08e0d1555eda59c90f6670f8e2378334a/detection

40.124.50.181:3214
redcompo.hopto.org

# Reference: https://www.virustotal.com/gui/file/9e81297c900c7ea07b188d31e34317fcd8431271e49f17660a11130b60cbd079/detection

hasgtxbb.000webhostapp.com

# Reference: https://app.any.run/tasks/5fdcec5f-c7b8-4660-b39f-3f29defdd310/

94.232.44.45:35200

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1365772605337272321
# Reference: https://app.any.run/tasks/6dbdd571-570d-46ce-afa9-be31243bcfb3/

87.251.71.75:3214

# Reference: https://www.virustotal.com/gui/file/291fb9999009b5cb5e1ce39a6c58472291cdaaaeeea56beb6a4d0b7925574dca/detection

104.21.17.169:8880
voditelaux.icu

# Reference: https://twitter.com/1ZRR4H/status/1367948254944628736
# Reference: https://app.any.run/tasks/c4f3ae95-c384-4f97-abf0-570e70b73310/

80.89.224.252:3214

# Reference: https://app.any.run/tasks/2ce79039-efc9-44b6-8774-2e63aec21979/

95.181.172.238:3214

# Reference: https://twitter.com/pmmkowalczyk/status/1369670369829879810

denverbbq.net
gellyoema.xyz

# Reference: https://twitter.com/pmmkowalczyk/status/1370119344647249920

2xkgoj5b.nakadesh.ru
uhuua.ru

# Reference: https://twitter.com/pmmkowalczyk/status/1370800929558118405
# Reference: https://www.virustotal.com/gui/file/a19778657179c0a74cf22e6cefbd26dee57e6b65e552a50899f5172b0c9a74f4/detection

80.92.206.135:4264

# Reference: https://www.virustotal.com/gui/file/5916b4cb77fa0d3c53675210a85fc7058724c345e75b9c6427d2b8f0dd19394b/detection

185.4.64.199:6677

# Reference: https://www.virustotal.com/gui/file/32bd47f74329daa79e785f109d8351f7596659c3fdade6589ec5ae90b77d29fb/detection

ii.alabamasan.ru

# Reference: https://www.virustotal.com/gui/file/4071fddbbcd1201ca71328e9266fd1d63c80964503da17bc1cc69f9711103cd6/detection

lk.alabamasan.ru

# Reference: https://www.virustotal.com/gui/file/ddea6c32fbea5f2488e4a30cee1da96785e5dc8b1e5a6abe1a934862d556caee/detection

93.115.21.231:6677
f.saithingware.ru
jf.watashinonegai.ru
kt.saithingware.ru

# Reference: https://www.virustotal.com/gui/file/c1a7366f706c6a1800ce81399ffce1f042dddba1c8244fd679c9ce95d08ddde2/detection

195.161.114.43:6677
5ymk2w.amatiftp.ru
j8.watashinonegai.ru

# Reference: https://www.virustotal.com/gui/file/cd4bae9ff7319757829d451ef8f4c5ed56a49e5d32131e2b591c4202993451db/detection

104.18.52.215:6677
104.18.53.215:6677
104.24.124.192:6677
104.24.125.192:6677
194.67.71.52:6677
45.132.106.75:6677
andichust.ru
promo-usa.info

# Reference: https://www.virustotal.com/gui/file/f3b17d8e503d10d4aa35dd1832aab470d7edc629d3c4affad27a6f6ca54e01b0/detection

j1065947.myjino.ru
usa-load.info

# Reference: https://www.virustotal.com/gui/file/74ab7b0f07de3de8583448c6cc24b2ca14f649190dae8cf1b759c6141fd9a902/detection

qci.haudireadyfi.ru

# Reference: https://www.virustotal.com/gui/file/c027c1ae371596fff5baa6fc7da0d25281b031a4ab1e8209578e3c18dc97d2c7/detection

t41iu.justcankillthepain.ru

# Reference: https://www.virustotal.com/gui/file/0ddd7d646dfb1a2220c5b3827c8190f7ab8d7398bbc2c612a34846a0d38fb32b/detection

66.206.18.186:6677

# Reference: https://www.virustotal.com/gui/file/2e99c313e0c650e1550099cda6493a1896741c8ca294b201d2f2edd5238cdb7a/detection

213.166.69.6:7779
45.132.106.75:7779
95mxtw.kseignait.ru

# Reference: https://www.virustotal.com/gui/file/4aebd2918942c4d01076cd9cb47402c5b8c61e14e86a397488d1abc2e444d626/detection

ri4m.justcankillthepain.ru

# Reference: https://www.virustotal.com/gui/file/10cccfc51b88898e64d5df015f8ee2c1d4815d174ad30599aaa7c89090882bcf/detection

h1.iwakalong.ru

# Reference: https://twitter.com/4chr4f2/status/1378196386529865730
# Reference: https://app.any.run/tasks/cb9e66fb-f03b-415e-93ca-c10fdd23f941/

51.195.108.215:40355
85.208.186.172:8080

# Reference: https://twitter.com/ANeilan/status/1381605134115954691
# Reference: https://twitter.com/ffforward/status/1381610525260451846
# Reference: https://www.virustotal.com/gui/file/7a7faa8e5954aa27f3d16454c25cf86af9cf20434f98f4db3479d22132c0f57b/detection

joinclub-house.site

# Reference: https://www.virustotal.com/gui/file/b26a0f386cacda560b3e32d60144e5570fd87c809ed06a237708f72782c8d6cf/detection

git4you.ru

# Reference: https://twitter.com/dubstard/status/1387781798353068039

bincoinbot.com

# Reference: https://tria.ge/210507-5gm7t8k8ds

77.232.41.231:43981

# Reference: https://www.virustotal.com/gui/file/8d730630389f403985ddbff2c9617c9b9ca9fd4ad0c9ee5d9fceeecc44356340/detection

http://157.90.162.135
157.90.162.135:35200

# Reference: https://www.virustotal.com/gui/file/29b9058449c81cf5aaa57316c620d80a48e2161d583c6e9351b8c44899315505/detection
# Reference: https://www.virustotal.com/gui/file/25214117747d585b843f9eb5e135fd31feb88898bfef69b184f9bd4fcbc7d5d3/detection

http://185.234.247.183
185.234.247.183:3214

# Reference: https://www.virustotal.com/gui/file/0e23f525007e9be46b85d1c6dacb16579c8555221867eee619f3f5f0f5ae660e/detection

http://188.119.112.16
188.119.112.16:29931

# Reference: https://www.virustotal.com/gui/file/90a6fcc18a558a9599d8377cbde14d14e4af078e920dd182bf0a46cb88bbba4e/detection

http://188.165.156.214
188.165.156.214:65356

# Reference: https://www.virustotal.com/gui/file/fe28808f8b07b484ff987a1ccc2f187857139e84d58dfbbb8004ce29f21bf1ea/detection

http://195.2.84.82
195.2.84.82:56801

# Reference: https://www.virustotal.com/gui/file/e82f3b7b3794a2db65698a2723511e3f8df217fc4b99de215246f8f77529a602/detection

http://199.195.251.96
199.195.251.96:43073

# Reference: https://www.virustotal.com/gui/file/b5e9f31e9150c4530dba7fa1d830fdc736ab939aecd563332e0856c7041f3de7/detection

http://213.166.71.146
213.166.71.146:30027

# Reference: https://www.virustotal.com/gui/file/b35472ac451e4923a094af8eaa687656c1f6576f7655655c877e98c0fa9c7709/detection

http://3.120.134.248
3.120.134.248:65368

# Reference: https://www.virustotal.com/gui/file/f6a21f38fcaf4a5d6e47bfa62f2293b025eac7179b63a4fde24ea14594a040a5/detection

http://45.140.146.151
45.140.146.151:40355

# Reference: https://www.virustotal.com/gui/file/36fe71c3af87bcc22aee5e1df862f664d68608620affb4a5a8f4ba21342561a5/detection

http://45.67.231.8
45.67.231.8:3403
9mw9.magicnow24.ru

# Reference: https://www.virustotal.com/gui/file/3a82ff19205ac49b150cd26c622c96eaaec0d80cedea5a9d6e2d523cad7f5622/detection

http://87.251.71.153
45.67.228.131:9603
gameshome.xyz
holdingfr0nts.xyz
j1155411.myjino.ru
news-systems.xyz
sthellete.xyz

# Reference: https://www.virustotal.com/gui/ip-address/45.153.184.71/relations

wispdocweb.xyz

# Reference: https://www.virustotal.com/gui/file/015d8ec1d116d36ff3c99b510528b3798e9c82337550b4efa2394dd6c0aae972/detection

http://45.90.46.164
45.90.46.164:54557

# Reference: https://www.virustotal.com/gui/file/25681de7e02857c21c6d3ffed80354333751a7fc7c3a07b8ae7be45c93307ab2/detection

45.138.157.149:21502
49.12.13.16:55953

# Reference: https://www.virustotal.com/gui/file/2702d43f54c385a12f7a24754c0530fe3b18d64a98878fc2ff9c3b13aef03f20/detection

http://5.188.118.35
5.188.118.35:19651

# Reference: https://www.virustotal.com/gui/file/2e40b603ecab881a303288ea4a6a0d7441a3bd897eefe6573e6140f037559f5c/detection

http://52.14.161.64
52.14.161.64:25486

# Reference: https://www.virustotal.com/gui/file/c22f6d1356f9ab62f87e9dab44673bb3fdb7a225f63042f55c3682f46006260e/detection

http://77.232.41.231
77.232.41.231:43981

# Reference: https://www.virustotal.com/gui/file/0a30ff3094e25dcc431dc3b4c7df1a83ac8a35a66c0c38e644ce0b89437b5747/detection

http://80.92.204.95
80.92.204.95:59766
7x8x.purplecafe.ru

# Reference: https://www.virustotal.com/gui/file/e8a22cc13143b1e542e6789290452ed883ad070eb987146f656db78f0b7cbbe0/detection

http://80.92.206.128

# Reference: https://www.virustotal.com/gui/file/841a86c4312c091a4ee4d5ef5a976ffd63d082da363591b60df4bfe2680efa22/detection

http://86.105.252.237
86.105.252.237:17660

# Reference: https://www.virustotal.com/gui/file/c846d8d913f6365c146beae5e70cde269256db120c6f2bf7d550fef7e9844601/detection

http://86.107.197.8
86.107.197.8:38214

# Reference: https://www.virustotal.com/gui/file/7c7cff0a48bcfe565fb02e3a39087ce2ad56d5b1c57b229f2d0142f41b7ab191/detection

http://87.251.71.193
87.251.71.193:20119

# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

93.115.21.41:50755

# Reference: https://www.virustotal.com/gui/file/5691e44d8eb881544b9f440ef473d5b526e55af8f7d299a0aa263711572a5ee9/detection

dylarache.site

# Reference: https://www.virustotal.com/gui/file/ab927ea11fbf644738e3423423850de3100dc0d2b3c120ea71ae9823bf7742e5/detection

qurernenail.xyz

# Reference: https://www.virustotal.com/gui/file/6cae92665b23b4bccccd25fad925b745ad83e700b1775a6cabae079b5741accd/detection

byrunkrntyj.xyz

# Reference: https://www.virustotal.com/gui/file/41d0f4c47ed4745ef6fb196273873f5e8092baf18f05075452efead370ec23a4/detection

9a1o.ogmassive.ru

# Reference: https://www.virustotal.com/gui/file/8a7d98508e448ab8150540c6e0ca4559c308f5bba4a6bb64e2d4d416232ccfc9/detection

nd.git4you.ru

# Reference: https://www.virustotal.com/gui/file/15509eb0045271635c94808f8291b4a0a55e1be0a78296315ec67201ccf2ab01/detection

http://87.251.71.204

# Reference: https://www.virustotal.com/gui/file/d8caecf9a341e1f5cb2ca90a648d0792cfe654afe2d38fa7c4a26d73aff885c6/detection

http://87.251.71.62
y4y.ogmassive.ru

# Reference: https://www.virustotal.com/gui/file/e8c658ac0bb00a2a8c7c6f30da580823e383eaf907cde6dcc0b962d7e653199e/detection

95.181.152.183:15785
s8v.purplecafe.ru

# Reference: https://www.virustotal.com/gui/file/3aca76d7bdd23aa701fffa2994e4b9438439056ad0317b78f6c7251b3fb9f2c5/detection

95.181.152.183:31019

# Reference: https://twitter.com/dark0pcodes/status/1390720778711207938
# Reference: https://pastebin.com/ErqXq4er

21jhss.club
crownnest.cyou
erherst.ml
gooutdayblog.info
ierinapu.xyz
kystearlar.xyz
lazerprojekt.store
nshoreyle.xyz
phelammi.xyz
qusenero.xyz
redline957.duckdns.org
redworksite.info
sthellete.xyz
styonorong.xyz
ureltodwie.xyz
wiseroniee.xyz
ynnnzonie.xyz

# Reference: https://www.virustotal.com/gui/file/521e6ab3da29cda2fc6399ac88289ed9762577ff4e9742a56ec89bf4521be6c1/detection

109.234.38.124:35200

# Reference: https://tria.ge/210510-cdf8nml7an/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/185.82.219.104/relations

astulpiagi.xyz
wnyalvene.xyz
zastaredan.xyz

# Reference: https://www.virustotal.com/gui/file/98d31fa6f8f9b5bc7db0bc77ab6f5b411880d3d1994db29ecba3696f079225d8/detection

fastboomerzoomer.top

# Reference: https://www.virustotal.com/gui/file/6f26456f887bb2cd91337242a58fb3d9d189b578fc0ce59aed9d2d2feae53637/detection

185.215.113.54:62132

# Reference: https://www.virustotal.com/gui/file/dbfc0f6a14532b867334b38aa4789fe1da4267c72955f89e00811392df0bd42a/detection

http://51.254.187.177
51.254.187.177:3705
mm.hellomir.ru
ucf.hyperfast.ru

# Reference: https://www.virustotal.com/gui/file/8d46e1ef94efbf4fd8d36dfb36d68d6ba36c436b3fe480118ef1a2828acc3b2d/detection

135.181.170.169:50845

# Reference: https://www.virustotal.com/gui/file/a9d7457834c3b27e451d027c0242f23cdd61f3c1b9c496d010e0693d0b15f225/detection

profi-max.info

# Reference: https://twitter.com/1ZRR4H/status/1395851977691705352

updatedefender.online

# Reference: https://tria.ge/210525-49cwzpzfaa/behavioral1

innaynelar.xyz

# Reference: https://www.virustotal.com/gui/file/bf9be8425f9523539e9fadbd7b96ced4fc65eaabb1006996a6974c6da8041a7e/detection

jelliousbra1n.xyz
powerins3rts.xyz

# Reference: https://www.virustotal.com/gui/file/96b6705d251bb18c5f6ccbc0f4dc667023fb7100d5e6ff775c6bb4b9c84b66a5/detection

j1155410.myjino.ru

# Reference: https://blog.morphisec.com/google-ppc-ads-deliver-redline-taurus-and-mini-redline-infostealers
# Reference: https://otx.alienvault.com/pulse/60b89765d9d4209af982cf7c

109.234.37.201:15647
anydesk-connect.com
anydesk-en-downloads.com
anydesk-go.com
anydesk-new.com
anydesk-one.com
anydesk-pro.com
anydesk-top.com
anydesk-vip.com
pc-whatisapp.com
telegram-home.com
jasafodidei.xyz

# Reference: https://www.virustotal.com/gui/file/a33fba201470062e7411eb129e52102e9ec7150d0d4d46c877aa241d2fef826c/detection

prinega.xyz

# Reference: https://twitter.com/James_inthe_box/status/1402746771512594439
# Reference: https://app.any.run/tasks/4921d1fe-1a14-4bf2-9d27-c443353362a8/

188.68.202.244:46946

# Reference: https://www.virustotal.com/gui/file/a6a1b66e1d7d31bfa37a6a591b30469b71c25a431096a9fc60bd072d7e9b1889/detection

rdesbarile.xyz

# Reference: https://twitter.com/dark0pcodes/status/1403415277413539849
# Reference: https://tria.ge/210611-wver3park2

acanaceous-tripling-cayuga.cc

# Reference: https://www.virustotal.com/gui/file/bb6275b6358d48ab7aeb1a3f54eb12527163210e78154b5f73cec4d23595d3b3/detection

spaceufx.site

# Reference: https://www.virustotal.com/gui/file/f93db670fa4eaa1689858ee523b67e049a461776a4f5ca5eca2fec1e7df971aa/detection

coronttegal.xyz

# Reference: https://www.virustotal.com/gui/file/437d83e73fa880cd7831e3cebb1507fac360f91bb295450128f6e92f078b183c/detection

bukkva.site

# Reference: https://www.virustotal.com/gui/file/f8aa33b99bb248f640363d937986e465239346a7f25f8e8579b92b5c975f38a9/detection

xalemiaind.xyz
pcfixmy-download-13.xyz
videoconvert-download12.xyz

# Reference: https://otx.alienvault.com/pulse/60cddd73ef248acd19c84367

fabrserian.xyz
hiconvanor.xyz
ierinapu.xyz
ralynillalel.xyz
topnewsdesign.xyz
ugeorunnog.xyz

# Reference: https://www.virustotal.com/gui/file/79bbdb8009278ba629dae626b86f4447a81333ef9535e2a9341d5728571e4ae1/detection
# Reference: https://www.virustotal.com/gui/file/005b75417a1fb297315d7cab57f9753dd0f778354e6867c8bc8decb812a08b27/detection

leselesp.info
iphonemail.xyz
iphonemoney.xyz
mazama.xyz
noveysish.xyz

# Reference: https://www.virustotal.com/gui/file/44faa82f7ab6fe3a40a57480504d2f7caf1d20b66656f02840e5ed83a6ad27b3/detection
# Reference: https://www.virustotal.com/gui/file/d54d492167ffb9664d3db2fb35577ef1b1e830fe32c6d786cc461fcf415bc2b0/detection

http://3.15.24.25
3.15.24.25:1026
95.213.144.186:8080
pumpbot.su

# Reference: https://twitter.com/pollo290987/status/1407226717912113154

185.215.113.17:18597

# Reference: https://www.virustotal.com/gui/file/68aab4d5d6d862bbf77cf836e80ea486a14ae11bc32cec46291a32834dd15045/detection

176.111.174.254:56328

# Reference: https://www.virustotal.com/gui/file/730bb47a033579a7b914829c4f0cde8f8ef4ea8fc884c43a1863736f02882d03/detection

87.251.71.195:19388

# Reference: https://www.virustotal.com/gui/file/44c9fd219866b0264b7d29b0c08a5ffae64a51453d0ec3499a1f1dd37245c7ad/detection

http://87.251.71.195
87.251.71.195:11924

# Reference: https://www.virustotal.com/gui/file/fef705b3666606b7acb2c1ded1b7e48a9b9ea0b50c86d0d2ad055a9186f9a90e/detection

r4.hidekad.ru

# Reference: https://www.virustotal.com/gui/file/a39005b1071d391ba53eb623bf17805b144c25475e37a67b6179e76f947577bc/detection

9htz.hiterima.ru

# Reference: https://www.virustotal.com/gui/file/68aab4d5d6d862bbf77cf836e80ea486a14ae11bc32cec46291a32834dd15045/detection

45.139.236.24:63373
87.251.71.195:82

# Reference: https://tria.ge/210623-v3483mttex

185.215.113.50:43919

# Reference: https://tria.ge/210616-1spssdy8ja

185.215.113.15:61506

# Reference: https://tria.ge/210616-2ex5ctlf1a

pupdatastar.store
pupdatastart.store
pupdatastart.tech
pupdatastart.xyz

# Reference: https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html (# Win.Packed.Redline-9874565-0)

jevanerrin.xyz
kathonaror.xyz
rdanoriran.xyz
whatareyousayblog.info

# Reference: https://otx.alienvault.com/pulse/60e0527b25ed2feb559e6a85

dishontesa.xyz
enatuykebe.xyz
fackerty.info
fikerty.info
flamkravmaga.com
idowload.com
ierinapu.xyz
iphonemail.xyz
kanagannne.xyz
qitoshalan.xyz
rdanoriran.xyz
videoconvert-download38.xyz
zedaumalev.xyz

# Reference: https://twitter.com/malware_traffic/status/1412128664721014785

135.181.220.99:17984

# Reference: https://www.virustotal.com/gui/file/ec763b65e400b9caaf560db4f26600251bd0971c7202a799dc7c3ce732a3717b/detection

netoterizi.xyz

# Reference: https://www.virustotal.com/gui/file/0743f2ccfd94143ac06690b2d6e49ca786a91ce7b2b666ac56ee5e36613fb155/detection

download-serv-457965.xyz

# Reference: https://www.virustotal.com/gui/file/7084f1ae45733b1311a449d2a33202b5ca93363755fc6a746b37ed934b8fa9c9/detection

185.197.74.223:15027

# Reference: https://www.virustotal.com/gui/file/fd7221ed30c1e70660968257265500ffd60aea9ae2c85ee887b2608c1eaf2188/detection

server-downl-8831.xyz

# Reference: https://www.virustotal.com/gui/file/65472f390519ddaf64eec69a64c1e8e7821af6592778471e5e6ab63179196525/detection

193.38.54.101:55440

# Reference: https://twitter.com/MBThreatIntel/status/1412864663243476993

3eehj3wdhdhjww3r3dkjd.online
qwerty.3eehj3wdhdhjww3r3dkjd.online

# Reference: https://otx.alienvault.com/pulse/60f175f43f879d8baf8f1f71

krossred957.duckdns.org
sozigylkal.xyz
vinndozhal.xyz

# Reference: https://www.virustotal.com/gui/file/c1a12791e61b56c414d7c2c92ed8bbfd3937e08baa03c0ea35d0abc9a9cc6315/detection

download-serv-632457.xyz

# Reference: https://www.virustotal.com/gui/ip-address/194.135.112.207/relations

name-usa.info
usa01.info

# Reference: https://twitter.com/pollo290987/status/1415937335351463937
# Reference: https://www.virustotal.com/gui/file/7d36df75a91f498cef1d689286d594f6e1e624f42f62b17519001341b4fd3644/detection

46.8.19.177:59851

# Reference: https://twitter.com/pollo290987/status/1415214208682188804
# Reference: https://www.virustotal.com/gui/file/aec23a4e2c4d1430216f3d116d9953cf26034c780001a8c8f14376bb9c5348c5/detection

zasavaucov.xyz

# Reference: https://twitter.com/pollo290987/status/1415213994525220864
# Reference: https://www.virustotal.com/gui/file/a06ae12495bc08221853828fb24d6747892785fe36bf93518d9aa8b41214d5be/detection

qumaranero.xyz

# Reference: https://twitter.com/pollo290987/status/1415213900975456258
# Reference: https://www.virustotal.com/gui/file/42ac10242c8459024000db273da91c0cc345daef7e8cce0d1a5cfd4cf316622e/detection

45.12.213.248:36372

# Reference: https://twitter.com/pollo290987/status/1414857255179202560
# Reference: https://www.virustotal.com/gui/file/d1e0f6406232cd41da3653897dced70045f5334825925322badf8246a42c9310/detection

5.12.213.248:36372

# Reference: https://twitter.com/pollo290987/status/1414857242717917185
# Reference: https://www.virustotal.com/gui/file/3ae1b69e9e3ecf474718a0cbf5e92f6edcf61274f9c9c05b7c383fbae9a5cd95/detection

152.228.150.198:11188

# Reference: https://twitter.com/pollo290987/status/1413047834350325760
# Reference: https://www.virustotal.com/gui/file/236020bb910e3cfd1e03bff5722204be40c0739fb6d2954b35c8b02185e37ef6/detection

45.81.227.32:22625

# Reference: https://twitter.com/pollo290987/status/1413047920526512129
# Reference: https://www.virustotal.com/gui/file/9c2554e79b717eca531348c6e0430944ab7288bc46a8d56e2e49898c4b0e59a0/detection

185.203.243.131:27365

# Reference: https://twitter.com/pollo290987/status/1412178528804786178
# Reference: https://www.virustotal.com/gui/file/bf7e9c31991471a7c0f39c35e2d56dde85a80c2558f13e6de5ca8376bb0786cf/detection

91.142.77.198:58996

# Reference: https://twitter.com/pollo290987/status/1411593969155387396
# Reference: https://www.virustotal.com/gui/file/119f9287f46d3ed3888403c3c21054974a0e8926ef247fc065164a8d58303c9c/detection

45.139.236.36:33611

# Reference: https://twitter.com/pollo290987/status/1410945063157440519
# Reference: https://www.virustotal.com/gui/file/263beab6e70eb466a94c431f2484957b662e81f134bc52d77c6f169de8c8ad70/detection

176.111.174.254:56328
flestriche.xyz

# Reference: https://twitter.com/pollo290987/status/1410540829698105346
# Reference: https://www.virustotal.com/gui/file/742ad3be42f5023d4fbd854fa6f1eb80054b94d537aaa32e7d7ae1db6dd6683e/detection

185.215.113.17:18597
qitoshalan.xyz

# Reference: https://ioc.finsin.cl/Output_FINSIN_URL

http://45.142.214.163
http://45.142.214.176
http://81.177.6.55
136.244.68.29:6677
51.195.233.65:6677
80.240.17.235:6677
80.240.19.10:6677
95.179.254.130:6677

# Reference: https://otx.alienvault.com/pulse/60fc01f04b02c7f20109fe28

dwarimlari.xyz
ierinapu.xyz
ieynanerin.xyz
ivaloribar.xyz
pc-updatings.su
zertypelil.xyz

# Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection

86.106.181.209:18845

# Reference: https://www.virustotal.com/gui/file/6266bd00d67b3feccd9ed7504ef44708f9594ebc32b83a192a6c719d15fc36dd/detection

135.181.49.56:23519
periatilll.xyz
realminddesign.xyz

# Reference: https://www.virustotal.com/gui/file/68cd8e9066cf01e1cd42f52e82d2820edf692fc8a0c60bda48dccaa2659d631f/detection

kalamaivig.xyz

# Reference: https://www.virustotal.com/gui/file/ae37a5e3c1c495e1ee01ed1682f4abe62cf57abf05be724faf4e5434f44fe8e3/detection

7zip.mobi
7zipd.com
kuskusi.org
weatherwindows.pk

# Reference: https://www.virustotal.com/gui/file/6a5c67e0c4cb743ef58e0b246b34948af254e4ac9c317d38fe285856d83d3479/detection

185.234.247.50:55567

# Reference: https://www.virustotal.com/gui/file/659b32b98b48e30f28ab64f2922d869d26061a6ac8ebbbe33def7c8fc532e27a/detection

http://185.234.247.50

# Reference: https://tria.ge/210726-9lbbrtep2a/behavioral1

185.252.144.65:4545

# Reference: https://www.virustotal.com/gui/file/cae7469e7f5dc88962b9993f4b415a46f60fcaeea494abb53d19b7d05f28525b/detection

185.230.143.16:32115

# Reference: https://www.virustotal.com/gui/file/071231d29a8548be8cb0a8f48a4b23d12e08139fd8dba842781912a11dc7c5f6/detection

liezaphare.xyz
m96942xi.beget.tech
music-sec.xyz

# Reference: https://tria.ge/210731-gcm4f41wwe

185.215.113.114:8887

# Reference: https://www.virustotal.com/gui/file/bf38a6555a9742fc97a6efbb662f2cda03cb5156c22e56417d74c06e4ebecce1/detection

185.234.247.136:47666
193.56.146.22:47861
209.250.252.69:20004
209.250.252.69:7766

# Reference: https://www.virustotal.com/gui/file/f182c0c6dc8944151e340b3cab01c6d0f97740379aff73d6657e8adec651551a/detection

185.65.135.248:58899
nincefcs.xyz
sanctam.net

# Reference: https://twitter.com/Gi7w0rm/status/1422012871219761153

185.241.54.128:47729

# Reference: https://twitter.com/tosscoinwitcher/status/1422262670879727616
# Reference: https://twitter.com/James_inthe_box/status/1422284259344060418
# Reference: https://twitter.com/James_inthe_box/status/1422285451554000903

45.139.236.76:14402
conferencesystems.online
donstop.conferencesystems.online

# Reference: https://otx.alienvault.com/pulse/610930fbde648b4ac9a49179

briaseynan.xyz
vivesemoss.xyz
yonicathal.xyz
oligarph.club

# Reference: https://www.virustotal.com/gui/file/331cc3d388773d341cb6c22a954eb15391b1aea119d8506f3bac8f3205ea21da/detection

http://45.139.236.80
45.139.236.80:44777

# Reference: https://www.virustotal.com/gui/file/61ec948fdf96bc80450b5586384da0cab4090071b3e9467aa8231351d2b63a8a/detection

45.14.12.90:52072

# Reference: https://www.virustotal.com/gui/file/af95ac6f3e41822cea33c8a608bce51ee92cff82f9c95694255f098a057b26fa/detection

http://87.251.71.212
87.251.71.212:13108

# Reference: https://otx.alienvault.com/pulse/610fc871eaacf74c1e72fcff

hiterima.ru
xetadycami.xyz
uwd.hiterima.ru

# Reference: https://www.virustotal.com/gui/file/056fbabfc5c1b05b80bf97999dc4f39d7177c9050a62e3744bfe0841c7c5eeff/detection

185.215.113.81:28578

# Reference: https://www.virustotal.com/gui/file/95129ce014d0264688c32aaddf7707ec591f6be1335f5cd67b44e9983b61da9b/detection

195.2.92.68:81

# Reference: https://www.virustotal.com/gui/file/f70fa1f685a5c1f1bf9f8a52b53efc8de44d197c389aa5604e9fb0af1cfacef8/detection

185.215.113.42:57106

# Reference: https://www.virustotal.com/gui/file/2296c6a8f6c24da6522f3333f14a7082a639fb7aaa7170c584dc22a8fbfc541a/detection

91.142.77.198:58996
n6.rukuday.ru

# Reference: https://www.virustotal.com/gui/file/0a30c9342f1a112408d83c2d9c9ada0e17f387392c17bc799ca2b8dacb5ebf9d/detection

185.215.113.42:81

# Reference: https://www.virustotal.com/gui/file/76739da9af8671f174d1d2af687df094168370c898e17a81b7e275aa2c221f8b/detection

149.28.160.180:2022
korgimakov.myjino.ru

# Reference: https://www.virustotal.com/gui/file/888872e69cdc7c7587ec1234055ae07faa6f2754686f1d4b03d98740e1f43a9c/behavior/VMRay

193.56.146.64:65441

# Reference: https://www.virustotal.com/gui/file/891a3c96ee9866cfd7abdfc03e9e32a5eba1d9aab3bfff0d873bc6efadeb013b/behavior/Microsoft%20Sysinternals

91.243.32.5:3677

# Reference: https://www.virustotal.com/gui/file/c2fdc2f8c1d7bdec5703181aea62329f73bfb1e83c9ff8932b2c1f3f70d1dcea/behavior/Microsoft%20Sysinternals

176.114.9.172:49776

# Reference: https://www.virustotal.com/gui/file/a8f6f145aa078e83be145a4826660471b1f0cc5b17a0a34014e6d7015f7da55a/behavior/C2AE

95.181.152.141:29263
141.94.188.139:43059

# Reference: https://www.virustotal.com/gui/file/c61cee013d70056598c1a4877692e735aca3b9d85345718d9733d29dfa621d11/detection

45.67.231.218:15411

# Reference: https://www.virustotal.com/gui/file/487435d01fc04eba8555aab50d83ef39195f810786da6df4eebb4b88623aba2d/detection

45.67.231.218:7527

# Reference: https://www.virustotal.com/gui/file/eb6e16018bcd8686162d65edc2d687e2a8795ef7124d3a804f395f2c36b0d8f8/detection

komaiasowu.ru
f.komaiasowu.ru

# Reference: https://www.virustotal.com/gui/file/0e7986f9a3dc14736b1bfab4df0fbea6631f3608c677bc38872827c71cd2d310/relations

nariviqusir.xyz

# Reference: https://twitter.com/1ZRR4H/status/1460576019597991946

45.9.20.104:6334

# Reference: https://www.virustotal.com/gui/file/33846db33eecfacdad06479857de23ddf381b74a1ef3fbce2520766dd7c67425/detection
# Reference: https://www.virustotal.com/gui/file/1a8ff742b77b69148608f8a55688c9779c0b9101e7a034a0ff28cae8a51e0569/detection
# Reference: https://www.virustotal.com/gui/file/117beaf800cc3c8b29a5758c56de9902aeabfdb76e05876c2755e40beba8a27c/detection
# Reference: https://www.virustotal.com/gui/file/22eebdd52a5eaac3434f37bf3d70d7472bc7ce609521d4d3d82213664480aa6e/detection

193.203.203.240:35200
193.203.203.240:81
kusaemai.ru
09egc.kusaemai.ru

# Reference: https://www.virustotal.com/gui/ip-address/193.187.175.29/relations
# Reference: https://www.virustotal.com/gui/file/4a136b737d9e08d4d04f661f050447f5a2ef4c2d1834e434f3bcaf2b85526175/detection

farvelaxha.xyz
mabudorya.xyz
rlmushahel.xyz

# Reference: https://www.virustotal.com/gui/file/28ca9988101daf262d4c2b3aa162ee9e96dd50bfc46c0d3f7798ee39cd9d6985/detection

92.119.113.189:21746
ckauni.ru
e.ckauni.ru

# Reference: https://www.virustotal.com/gui/file/6a9441021b4cd4a153b8b77f8cf0af4e0d25365a01ab61bc58791fc4d7513204/detection
# Reference: https://www.virustotal.com/gui/file/f7fa7471d4313557cbfcf6ce0368ba050297931d0f641d19b8fef40d18b15d85/detection

141.94.188.138:46419
ckauni.ru
62sb.ckauni.ru
ke.ckauni.ru

# Reference: https://twitter.com/ShadowChasing1/status/1465886983528468484
# Reference: https://www.virustotal.com/gui/file/e4a67b33e47e405537ffeace849eb2975edf32cb24c5fc10e04cf20131cc28d7

http://188.116.34.197

# Reference: https://www.virustotal.com/gui/file/936c0197e83ba4dc7dfe73c677e537f103b8a91cc9cf05fa77d3fe5e18f7f5c7/detection

2.232.150.231:62099
ddoxeriscoming.ddns.net

# Reference:m https://www.virustotal.com/gui/file/e30526846906e6892eda1a9a774b3f1cb2734d97287d16e7aca2f8b8826e1e52/detection

37.0.11.243:63642
safebild.org

# Reference: https://www.virustotal.com/gui/file/48b83155739f83a508ec4aeb87aa68a59dbd695e61f29d8d57d99eb22816201c/detection

37.0.11.243:7777

# Reference: https://tria.ge/211206-vztqfaefdr/behavioral1

kanerinasto.xyz

# Reference: https://twitter.com/pmmkowalczyk/status/1471508031166763010

103.246.144.29:44301

# Reference: https://www.virustotal.com/gui/file/2d65ee12cf39969fb00c11af633fac42ed0ab982cf6a9894d50591c0d1dffe76/detection

159.69.246.184:13127
65.108.69.168:13293

# Reference: https://www.virustotal.com/gui/file/47e1a583759c9b7fa9b87e07e05cc9c4ae4022ef501a5b19b68a41ff7181ed35/detection

185.215.113.44:23759

# Reference: https://www.virustotal.com/gui/file/92d056ebbe6aa832872b38f207074d91a161a418cb9f569c0d4484bfcc2cadc1/detection

185.215.113.82:31104

# Reference: https://www.virustotal.com/gui/file/c92fea006e70c862e1a5bc1d3e98dda1f67ce475e0308b53dbefbf48eb57772a/detection

195.133.47.114:38127

# Reference: https://www.virustotal.com/gui/file/dd9f9d4f7389dd8c50aad444410f5ea5ef8eaba3e4d03f6edac9753c8a786236/detection

185.215.113.7:5186

# Reference: https://www.virustotal.com/gui/file/61cd48498b43837aecaeb3a82ecc1ce6b0a9a1153eb8f01e2a8526991ef48072/detection

185.215.113.8:56432

# Reference: https://www.virustotal.com/gui/file/6f6e39ab03611a7547580aed21a4ecabd835d2edd435d3a8c1190145ed21237f/detection

185.215.113.9:57250

# Reference: https://www.virustotal.com/gui/file/08c626607560725465491e2556ae19ee5c400a463a50777153d7611fddccf195/detection

http://185.215.113.14
185.215.113.121:15386

# Reference: https://www.virustotal.com/gui/file/698fa11159b3e09764d2c1c6f3420e3a94a63376e5cd5dd6b598a34e965b170c/detection

185.215.113.15:8080

# Reference: https://www.virustotal.com/gui/file/7ce9b6d09635c92f80cc1ddc171bef5e722cfbfbf7c219d7cf68f37df474b97e/detection

185.215.113.17:7700
neofunkyjunky.com

# Reference: https://www.virustotal.com/gui/file/d6fb0ce62b5682a7c7a5699e2048fd05385be1de8a075a94b52aa06cd45ea636/detection

http://185.215.113.21
185.215.113.21:34106

# Reference: https://www.virustotal.com/gui/file/b10fe4931999ea1c6dd6e7293f2a4584b6a593313907a1e23fcbae2f9f662f85/detection

178.63.26.132:29795
91.121.67.60:62102

# Reference: https://www.virustotal.com/gui/file/307a069ecd59369e9825b9e24d84d5a92f6e4273c7d1d463d03cad06497dbe09/detection

135.181.129.119:4805
193.150.103.37:29118

# Reference: https://twitter.com/1ZRR4H/status/1476184470646624262
# Reference: https://github.com/CronUp/Malware-IOCs/blob/main/2021-12-29_Malvertising2RedLine

http://45.129.99.59
103.246.144.29:44301
185.204.109.248:26250
185.215.113.29:34865
193.150.103.37:81
2.56.56.126:38524
23.88.114.184:9295
45.147.196.146:6213
91.243.32.73:7171
94.140.115.160:81
absoluteuniqueloads.com
bestfilesstorage.com
engfilesload.com
fastrarloads.com
getfileasap1.com
getthisfileasap.com
loaduploads.com
rarloads.com
readytoloadforyou.com
secondfilesstorage.com
topfilesstorage.com
uniqueloads.com
uploadloads.com
yfilesstorage1.com
yourfilesstorage.com
zipuniquedownloads.com
zipuploads.com

# Reference: https://twitter.com/1ZRR4H/status/1476329209165496320

45.67.228.169:61696
51.79.188.112:7110
msofficetoolkit.com
myfreefiles.com
premiumsforum.com
profreefiles.com
yarchworkshop.com

# Reference: https://www.virustotal.com/gui/file/cfe1a9cedf12e5c01c4727d0b12de8ccecf696a64bf895daf2b71e4131f1e1de/detection

37.1.213.9:17292
65.21.234.58:8080

# Reference: https://www.virustotal.com/gui/file/7a12bed80d3c7140c4cc64315dcd6b7f994ce47229333a23d6f588d96e906fb6/detection

downshiftingrace.top

# Reference: https://www.virustotal.com/gui/file/9a234d272cd67f77fe49965a63e7d98f8c3c77f92bd4a98006716c9ab7c71703/detection

185.172.129.61:52372
52nv.hiterima.ru

# Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection

188.124.36.242:25802
193.56.146.78:54955
deyrolorme.xyz
h.hiterima.ru

# Reference: https://www.virustotal.com/gui/file/693eae9df1138fd4ae0289651ce7de1e7e4251558cdd525f61bea9395a4c03c1/detection

141.94.188.138:46419
hwg.jelikob.ru

# Reference: https://twitter.com/benkow_/status/1476886648818384902
# Reference: https://dpaste.org/Nx77/raw (# Redline)

blairwitch.top
esydownloader.space
greendayband.top
greenfreedom.top
hypercustom.top
irishrunningclub.com
programfreeyou.com
thisonecantbebanned.top
sliderfriday.top
wowsugarbabe.top
wushupalace.top

# Reference: https://www.virustotal.com/gui/file/bec58d49a22b43245709af3cc96cbe6d821a99a7d0ac8bdde8bf1f337d568f10/detection

185.215.113.62:51929
akedauiver.xyz

# Reference: https://www.virustotal.com/gui/file/29cdec124962aff503937bdb1e62adbcebe715e949ecda469ff8414447cddac0/detection

91.201.67.203:6677
watashinonegai.ru

# Reference: https://twitter.com/1ZRR4H/status/1477687367716769795

109.107.188.167:37171
185.151.240.132:33087

# Reference: https://www.virustotal.com/gui/file/c3e725df442abe93e1d1d5ca01fc8105521c82e8e5f86d07171d8f95562c59a5/

185.177.125.94:57832
193.56.146.78:51487
qwertys.info
remotenetwork.xyz
sornx.xyz
realeurogroup.xyz

# Reference: https://gist.github.com/silence-is-best/e2af8aa61000e4b740934331291c619b
# Reference: https://www.virustotal.com/gui/file/73942b1b5a8146090a40fe50a67c7c86c739329506db9ff5adc638ed7bb1654e/detection

185.112.83.21:21142
185.183.35.89:7777

# Reference: https://www.virustotal.com/gui/file/3c90a04f391078bb8a1556988942166cfb5580660a594ac6628aae50a3b34809/detection

185.215.113.17:18597
185.215.113.46:61707

# Reference: https://www.virustotal.com/gui/file/1022aed4c67e1fd0bc605d815bf9152d040a3288e91391f9637cbb55e54f0a03/detection

185.206.212.165:20000
185.7.214.171:8080
f0616068.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d03c84a13b8e6274f7353fd98e35f73c194938b61690a9a8a83c594a40994dec/detection

http://45.142.212.190
45.142.212.190:35200

# Reference: https://www.virustotal.com/gui/file/982ecd1ae9b5fd898aa7f20cbe84bd1af6af6b1b5feca8f0189fca038f7aeb98/detection

appcurnet.ru
thifink.ru
8fh9.thifink.ru
vfh.appcurnet.ru

# Reference: https://www.virustotal.com/gui/file/9e6ee86b2269db2663bb4cb34328f5c72e33e08fcfae8ec813bb09b28c6b3ca9/detection
# Reference: https://www.virustotal.com/gui/file/028258992edfb3c65258c25c0d9ccd5e928a3ea9859899126bea3added012f13/detection

worwokr.ru
x5w7rx.worwokr.ru
/eDUpjlGWbtLuyk
/EXrXeuqqhFzno

# Reference: https://www.virustotal.com/gui/file/3655e959a10cd3469622c03016704389127c655113a01bb46302498418184a10/detection

4o3dfgf.worwokr.ru

# Reference: https://www.virustotal.com/gui/file/500c34dd090c02c2529fc830cb54565947a51f5a2d3c445070503f7909f980c6/detection

http://45.142.212.191
45.142.212.191:19154
45.142.212.191:49176
rijndad.ru
p9.rijndad.ru

# Reference: https://www.virustotal.com/gui/file/47be27c585317cfbfdcda82c15aa54ec9d1491bb34473522ba118a864b98bf48/detection

uml.appcurnet.ru

# Reference: https://www.virustotal.com/gui/file/a986aa4af8fd99e9dcd9e7abad6c08decbb9a1861b8712c2512e73533ba28477/detection

initsl.ru
7tpu.initsl.ru
/EveKiAJWelmhSn

# Reference: https://www.virustotal.com/gui/file/33086d6963f76828a08462b2bfa71c908f20362322b9ba5af91379d4db684f76/detection

45.142.212.192:6677

# Reference: https://www.virustotal.com/gui/file/cf3a4b777604770bedbe1cb86d11e05602f1cd3db2b54d32c35b6a322bd4e7f1/detection

45.142.212.197:40355

# Reference: https://www.virustotal.com/gui/file/020039166612282d4175b35b7743bfe8bd74c0ec06f72774c523a370cdac3a5a/detection

45.142.212.204:35200

# Reference: https://www.virustotal.com/gui/file/64233896507a084444b93afa928fcfb8e265f660f7ba678dd49d26688f5c4955/detection

http://45.142.212.204
45.142.212.204:81

# Reference: https://www.virustotal.com/gui/file/bc33bbb886501dd9b159bc8ffa6f4d48e8c3abe033a243e72ffabd27600ee375/detection

http://45.142.212.209
45.142.212.209:6677

# Reference: https://www.virustotal.com/gui/file/681a639fbab22f9030769ecd8d8d716ce4f8cfc01b6f1a2f3ef8722a97cacee7/detection

sokindosword.ru
f.sokindosword.ru

# Reference: https://www.virustotal.com/gui/file/c62fa1aec038660384972ab40cbd0a1f2bc6112ff36451457d953d871c729e8a/detection

http://45.142.212.213

# Reference: https://www.virustotal.com/gui/file/1cfa5f2312f4673947f38a62f71ad6e5f97b36be5bb244d45b64cf4d61b61a68/detection

45.142.212.214:35200
87.251.71.52:35200

# Reference: https://www.virustotal.com/gui/file/d5b99910ee8211ee5af5c282736f5543cef11023952d72097f68548c70f990b8/detection

45.142.212.229:35200

# Reference: https://www.virustotal.com/gui/file/fad03a78cb1e273ffdbe691e961b55d9584281db34e3ac3c1847303b4bb74977/detection
# Reference: https://www.virustotal.com/gui/file/9e978576de6c179eeb8497b674d24d279792e056d32d9340c3e4d9e7706ff5e5/detection

45.142.212.230:35200

# Reference: https://www.virustotal.com/gui/file/3bc85a3eb884b50ceb7bf5381da90a9a11f09e391e07b83e0282a82785350b7f/detection
# Reference: https://www.virustotal.com/gui/file/34ca4e801f564dcfb1127a5ae465dcc7d7d373cdc7e37100c35ad16674a55f7e/detection
# Reference: https://www.virustotal.com/gui/file/cba63e60e59908658fecb77568330190dbc1f4da6ae3865706ca3646a25c0acb/detection
# Reference: https://www.virustotal.com/gui/file/5f9b13cd9f440149d79fbb4f052a4cb71c433d246f751e7ab2d95f7f31d1e878/detection

45.142.212.246:6677
doshofater.ru
iwakalong.ru
watashinonegai.ru
0qwl.doshofater.ru
b.watashinonegai.ru
t37b.iwakalong.ru

# Reference: https://www.virustotal.com/gui/file/0ffd47b05c0ecd8825e70f6b238cd34dc7172713da517a6a5d956eacad5c9345/detection

onesine.ru

# Reference: https://www.virustotal.com/gui/file/c09168fee1a053be8b6d1c2a0533b9adf6a84ecf2467bae6ca9beaae7fe3d528/detection

http://45.142.212.171
45.142.212.171:6677

# Reference: https://www.virustotal.com/gui/file/0684df47e885ab1f70b2ee3fcfd5d2fa3e3ae1155f11acd6bcddaea4022d36aa/detection

185.231.70.207:24867

# Reference: https://www.virustotal.com/gui/file/2e60a02d193c35594b4fa5e71448a859ec2597a7ac1efc4c08d695124fd46e3e/detection
# Reference: https://www.virustotal.com/gui/file/fe8cfe3cf7c5b6909b53eab29b5a25fbd913eefa5592b93102ed092adf52e3ad/detection

http://45.142.212.168
hudosntfll.ru
qbfh.hudosntfll.ru

# Reference: https://www.virustotal.com/gui/file/626f8bf47a2450b92bb468cbb3e7d4e3ab9836fe03e149fdbfe243600c0aa59d/detection

45.142.212.160:35200
stjbg.ru
4nmb2f.stjbg.ru
/UVKuWpQAwjuRp

# Reference: https://www.virustotal.com/gui/file/93813356112a0fc80638068a08d4d214abf31aaf4391371c3a0882756426de78/detection
# Reference: https://www.virustotal.com/gui/file/562d1d0a70281ec1f125c77a08ce35dddab3e949ba064dcaaf14a6836683dc91/detection

http://45.142.212.160
ssigu.ru
/nuboqqPzZnWT

# Reference: https://www.virustotal.com/gui/file/6de8d07e8ad5351b516844321e8060321282d88d3158a3e25f7f22b19dff01c2/detection

45.142.212.146:3152

# Reference: https://www.virustotal.com/gui/file/ed5f21e1eab6d1c0422e6d4c641140934f3a90409cb66de2f8f8fae798b3a3fb/detection
# Reference: https://www.virustotal.com/gui/file/efb0bb7cd863e3bb9939207b7ec5f2e068fefe6d4af7eac9183f05c72b67886d/detection
# Reference: https://www.virustotal.com/gui/file/7458f925f71b5e15d6cd06d7d0470cebdb5d346ae2bee66b7ec56a05824ad089/detection

45.142.212.146:59317
hellomir.ru
magicnow24.ru
pycharm3.ru
33vv.magicnow24.ru
u1y.pycharm3.ru

# Reference: https://www.virustotal.com/gui/file/f1474201daa0f804b4f77efd30edb6365905641be126838831e8342887582789/detection

45.142.212.126:6677

# Reference: https://www.virustotal.com/gui/file/05a0f7012de4482c552ffef69727209731444449357282ff49037f36503fbfa9/detection

45.142.212.122:21523

# Reference: https://www.virustotal.com/gui/file/2d5549816f794402b7ba4b65f640ac0a11fe79635404c26d37dad08c74dce13e/detection

naabeteru.ru
kf.naabeteru.ru

# Reference: https://www.virustotal.com/gui/file/0fabd27b65f3ea0d5648cc448634861fc872bb0cf1e27428eefe4d686a6e18d1/detection

45.142.212.88:26678

# Reference: https://www.virustotal.com/gui/file/4d9d7340aa0079196417994696f958bfadb6b6b690c7fb9831d2ef5987097b2f/detection

45.142.212.78:35253

# Reference: https://www.virustotal.com/gui/file/9a863f2648e1af4e0e69a0e1d0338b8fa9b1ebe176322233e67fa8dc31db6d0f/detection

45.142.212.70:38058

# Reference: https://www.virustotal.com/gui/file/741d1010fec98b13a8c283abbaf513192fe7705a74e0a7c1dda5d6c60fe54758/detection

yjn.initsl.ru
/jknFlRzXdXCJQ

# Reference: https://www.virustotal.com/gui/file/27768abc0b22eba2958185102e2a6db1edc5c22660c8e7257df358a0e6a411e5/detection

http://45.142.212.47

# Reference: https://www.virustotal.com/gui/file/094183d49a8440ca1ad83aee654106006853f6f94d7e5e240214d7f858ed3637/detection

45.142.212.38:5656

# Reference: https://www.virustotal.com/gui/file/c76fd6c7ed907e3a6405dbf0ceaf3b43ad9263e3249808ddb3b9236150c60449/detection

45.142.212.35:35200

# Reference: https://www.virustotal.com/gui/file/db9b4a81a1b185a15dbb9fcfc111a79292e660b8bada8f5829f1d6811efebd38/detection

http://45.142.212.33
157.90.94.153:10190

# Reference: https://www.virustotal.com/gui/file/96904a4ad35d096b8e184071966c6ad7775475a81871dd4312ac859c52b32271/detection

45.142.212.31:59655

# Reference: https://www.virustotal.com/gui/file/8cccca6aac59d334d251577a041b28e2ad3ad5f3ca77f29cdeb61d5847a84593/detection

45.142.212.31:32318

# Reference: https://www.virustotal.com/gui/file/b2ed0950b43b8e576eb84cb6c8a246339512b0604f768ccf958cb9af111e4261/detection

45.142.212.31:12782

# Reference: https://www.virustotal.com/gui/file/7b35f8170c285d42d67f864eac02f0a527233660f15814e01b99a3e51e8be2ab/detection

45.142.212.31:39254

# Reference: https://www.virustotal.com/gui/file/c6cf56ed7728391a40d61fc74cb5bd8ae1fb7c5eec19d62204473b7a4e8a9e7a/detection

45.142.212.28:5215

# Reference: https://www.virustotal.com/gui/file/7f6bac004d9c9eed4477081280287e88150d80d0eefc9d507ec0517d4e261f34/detection

45.142.212.28:35253

# Reference: https://www.virustotal.com/gui/file/bda28d8da6584f4a3c47039e0dfe31d6574fad79da47ca57607d7078135912e5/detection

45.142.212.27:81

# Reference: https://www.virustotal.com/gui/file/b86f0db9d6b71eaa2a6c465eaede83668f26eab3e04305d4e99c6b693075365b/detection

utisgavesh.ru
vu4mw.utisgavesh.ru
/GzfHTJrppiaSNu

# Reference: https://www.virustotal.com/gui/file/7a75b39f819c7b082b6a4b526a4562704d91c72e1eaf209000be92db0beb6780/detection

45.142.212.25:35200

# Reference: https://www.virustotal.com/gui/file/032f64031d903e2baa9cac32a4d9c3bab380f46c590d7e32ed7b6da477b17b86/detection

45.142.212.19:8712
o3.initsl.ru

# Reference: https://www.virustotal.com/gui/file/d93a414dcd88c1bbd854258640fc724079e4dd8c533036c8e1451c5081cda660/detection

45.142.212.16:7766

# Reference: https://www.virustotal.com/gui/file/af154727e37c11a0dd30e2360a1d62a684528eb2e45940af4768f26d89f6c76e/detection

45.142.212.16:7756
lk.thifink.ru

# Reference: https://www.virustotal.com/gui/file/374ce59bc19f61a15cb3a72ee6961d3eaa8d849281a1211f6cfd371da73b9da8/detection

45.142.212.10:35200
zsznosns.ru
3a6747eh.zsznosns.ru

# Reference: https://www.virustotal.com/gui/file/d50fc8f9ae212aaad0d217ba2552558b3d9ad952231a92fa544d3120eb6290ae/detection

zombieled.ru
6hb5.zombieled.ru

# Reference: https://www.virustotal.com/gui/file/ad319d24c53b703175ddbde008fc51b7ec64f69f7391cfdd1e9e16ee1522a5b7/detection

185.215.113.107:61144

# Reference: https://www.virustotal.com/gui/file/cc35931a232870013805cb89aea6151a01fd576cd71d25f2313939e104ef9170/detection

185.215.113.107:1433
78.47.57.179:53221

# Reference: https://www.virustotal.com/gui/file/72e1f2d1f788cc41c213777cdd257fa698e179dd1bab996d5061d70acc79c03c/detection

185.215.113.47:8956

# Reference: https://www.virustotal.com/gui/file/a042d9fc5c62f654d749baaa269da33520339f2c6d9346cbd49644618bed5ed8/detection

178.72.83.86:28762
f0609146.xsph.ru

# Reference: https://www.virustotal.com/gui/file/12ed308fd37ab10271953299e7050e2ee2e07fc8eb76153ede11efb7a4bded25/detection

185.230.143.237:2548

# Reference: https://www.virustotal.com/gui/file/5a962e6116bde82aa809719f0b1872fa7b1d6a477cc915528ee5d06cea4c1b75/detection

185.189.167.130:38637
f0603371.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6f2b31c1a391a70bd10f8b2df8671faddbf7552b4d935448190f276f8542dc4c/detection

45.9.20.149:7526

# Reference: https://www.virustotal.com/gui/file/98a293de8d3eb34cee5e3e8edc9f472323d13a997bdbd2806ac1fe483f5efd14/detection

12jwdjjoiwopksdpi.xyz

# Reference: https://www.joesandbox.com/analysis/535268/0/html

185.114.247.92:49748
cf90453.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/2e201b9794bcbd4f644d7a927b1f0c053002a722a7ba1d1ad3850fe4635ac5d2/detection

45.138.72.143:6677

# Reference: https://www.virustotal.com/gui/file/a7ee420fd3a477e690dab56f47b264dd6c8376941101065d6645716bbf4b6333/detection

213.91.128.133:10060
86.107.197.138:38133

# Reference: https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer
# Reference: https://www.virustotal.com/gui/file/15fe4385a2289aaf208f080abb7277332ef8e71edc68902709ab917945a36740/detection

207.32.217.89:14588
207.32.217.89:7766

# Reference: https://www.virustotal.com/gui/file/df2dda1b768681835828e2fd3ccde0e04b4cda541c40d24cd52882da39b235b5/detection

185.70.186.133:8080

# Reference: https://www.virustotal.com/gui/file/ed5a02370568674fdf12bae74a035daf1c6fabba84d1a3a0f7baf257ad3a6259/detection

94.103.9.165:45524

# Reference: https://www.virustotal.com/gui/file/18a630378f7b892e5b1a1fe3c1d92ba702fcaac354fa09a175ed039851cf6dbb/detection

135.181.123.52:12073
185.167.97.37:30904
45.67.231.145:10991
94.103.9.165:45524

# Reference: https://www.virustotal.com/gui/file/d6db191fc2aa0285fe4036d91817fa468e688823d90c9134a59b7e257e956040/detection

jooriz.xyz
wxkeww.xyz

# Reference: https://www.virustotal.com/gui/file/4c34df29e88aec5168c9b97ada7aa80118a639a826703ab19521dfa873c4ab28/detection

88.99.35.59:63020
artmy.top

# Reference: https://www.virustotal.com/gui/file/71a749813ca16ab4bbb87085ba0b1f80ac4ca3a99fa565e53ba4997b96708d66/detection

185.215.113.17:48236

# Reference: https://www.virustotal.com/gui/file/0ce801bc104d2a428be3d24c198e4f57d96496ae90cbd6fef146d283207304e9/detection

185.215.113.15:6043

# Reference: https://www.virustotal.com/gui/file/354544bfe20ea09a2e5579471be24e528b9649bfe1b2512ceb568647dcc63e30/detection

185.206.213.148:43383

# Reference: https://www.virustotal.com/gui/ip-address/185.112.83.49/relations
# Reference: https://www.virustotal.com/gui/file/d4a5d17ea7fd7e5d8ec059ad72b44fb71345a673a68ee0c2a35249db0e208d07/detection

95.143.178.139:9006
c9d0e790b353537889bd47a364f5acff43c11f243.xyz
c9d0e790b353537889bd47a364f5acff43c11f244.xyz
c9d0e790b353537889bd47a364f5acff43c11f245.xyz
c9d0e790b353537889bd47a364f5acff43c11f246.xyz

# Reference: https://www.virustotal.com/gui/file/7bd4fd28376a9ae288f781439a6f5fccc41be454400232155ab9e4936430f1a3/detection

5.206.227.11:63730

# Reference: https://www.virustotal.com/gui/file/bf31d8b83e50a7af3e2dc746c74b85d64ce28d7c33b95c09cd46b9caa4d53cad/detection

178.20.44.131:8842
dogelab.net

# Reference: https://www.virustotal.com/gui/file/fdeadd54dd29fe51b251242795c83c4defcdade23fdb4b589c05939ae42d6900/detection

31.42.191.60:62868

# Reference: https://www.virustotal.com/gui/file/891aba61b8fec4005f25d405ddfec4d445213c77fce1e967ba07f13bcbe0dad5/detection

91.243.32.13:1112
c9d0e790b353537889bd47a364f5acff43c11f24.xyz
c9d0e790b353537889bd47a364f5acff43c11f241.xyz
c9d0e790b353537889bd47a364f5acff43c11f242.xyz

# Reference: https://www.virustotal.com/gui/file/8d7883edc608a3806bc4ca58637e0d06a83f784da4e1804e9c5f24676a532a7e/detection

95.143.177.66:9006

# Reference: https://www.virustotal.com/gui/file/bfdcfeecf5b9596257de7aa327baedeac2ab806435c69eefba75479227588bcc/detection

185.215.113.10:39759

# Reference: https://www.virustotal.com/gui/file/d2c4d81ae9ae45af262bf4fe7028eb87923d6929ceed4481379707760522f5e0/detection

http://212.193.30.45
http://45.144.225.57

# Reference: https://www.virustotal.com/gui/file/3289a71bbe761e28e4d5f0d3074116674fcf4ded39c46928dad24c5e089d4664/detection

92.255.57.115:59426
xyzgamev.com
v.xyzgamev.com

# Reference: https://www.virustotal.com/gui/file/0872b951e61b47db12476ae5bbe013b36e04a333c18b6353c603d3bc46a4f6b0/detection

23.88.118.113:23817
45.9.20.221:15590
65.108.69.168:16278

# Reference: https://www.virustotal.com/gui/file/f6ef3e58813125018e32f84cc5d176716308c74e73472d0afef3e8d9ecd34060/detection

104.149.139.42:8080
185.159.70.47:46031

# Reference: https://www.virustotal.com/gui/file/5f94bf50f679c47630b069a9f2754a34308e83f2cc2e9e4e402a061236de5494/detection

185.137.234.33:8080

# Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection

185.215.113.41:15912

# Reference: https://www.virustotal.com/gui/ip-address/185.193.143.204/relations

dasit.top
datenuli.top
lollyboll.top
marrbeivil.top
sait-sait.top
stelfikinmo.top

# Reference: https://www.virustotal.com/gui/file/00402faf91cfc9a4ee7482a7caf04bfa652c496c34126140a93bb517e0323617/detection

109.105.109.162:60784
185.220.101.137:10137

# Reference: https://www.virustotal.com/gui/file/00656b5dc0ef9045efd39b40c55990c765fb74040ad54959c791fa11a88aff12/detection

dependstar.bar
inhibitionclothing.bar
software-services.bar

# Reference: https://www.virustotal.com/gui/file/f2b68fa107745b515e611eee99231eab7e03e022b4ff8af2bfe3b779ffbf61c4/detection

101.99.93.44:21060

# Reference: https://www.virustotal.com/gui/file/a910ecd858f65399ebfbe1f762131b70ff70971ba2a2e56a9c5210fb2d88e687/detection

101.99.93.44:50611

# Reference: https://www.virustotal.com/gui/file/045de5acd7f3b4b0a4d402c17f8779f68ee957e2323ae61b0d1907dcb1a7472c/detection

185.215.113.29:20819

# Reference: https://www.virustotal.com/gui/file/1385c3d747eed12e6e8712a8e32820f6dce44531423d81e2e5763c16f7eb38ff/detection

xtarweanda.xyz

# Reference: https://twitter.com/fr0s7_/status/1487406897137397763
# Reference: https://twitter.com/felixaime/status/1487878089145294848
# Reference: https://www.virustotal.com/gui/ip-address/45.91.203.198/relations
# Reference: https://www.virustotal.com/gui/file/a0d8b4f0f605eae353b842cb4d173ef8b11534cee77ae1283a28af309e28cbb5/detection

google-app-update.com

# Reference: https://www.virustotal.com/gui/file/0275a7b7aa219043d31f1fe5741b5b02c43144ced65c5141badc4ce38581c6b3/detection

185.215.113.83:60722
49.12.219.50:4846
91.121.67.60:51630
94.140.112.68:81
charirelay.xyz

# Reference: https://www.virustotal.com/gui/file/9cfa73de9849eefa8a82a5001da7cf8ea30b482589f9926e90a0789cae11a74d/detection

qqqwweeqw2.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/7c50d303638bd232921cd7d28e5e48d16fd6fa2394e8f8b449066d56b7619eb6/detection

94.140.113.77:40800
canalarleliv.xyz

# Reference: https://www.virustotal.com/gui/file/559bf0182971d4ea4f3a3cfa91fbbc6cf7ab4e1b66f73e9809362ac5a4e42f95/detection

104.207.152.55:32767

# Reference: https://twitter.com/stoerchl/status/1491375740214218756

discrodappp.com

# Reference: https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/
# Reference: https://www.virustotal.com/gui/file/11d3ee568c8e6c6156bd745a01999e4a15bb0aad7cf84baee4518521419d8bf8/detection

45.146.166.38:2715
windows-upgraded.com

# Reference: https://www.virustotal.com/gui/file/0163e77e8c5cdd0831eade7e1611617325a69b3eb9fb8525afb13c255557325b/detection

185.215.113.39:34737

# Reference: https://www.virustotal.com/gui/file/f514fc38d05bc89fe42fede52437bd40fd1e92c02039c64bbf3d67eef79117ea/detection

45.133.245.64:32710
45.133.245.64:443
manageintel.com

# Reference: https://www.virustotal.com/gui/file/3345aacfaee45bfd1e926f0fc375000347da785fd2b4e9bca70531690d26b2a3/detection

saenedowaiss.xyz

# Reference: https://www.virustotal.com/gui/file/0e748d0654f213eb61a27174cf40a102b38d241185d49cb348cde07350b85c50/detection

23.237.25.226:17677

# Reference: https://www.virustotal.com/gui/file/d9dd99f6e6683449a33ef3ac3b8ea14d2e28612ad2259e87f88c1acaf9f9200b/detection

169.197.141.182:47320

# Reference: https://www.virustotal.com/gui/file/4f7eebabf2f6b0924dbe147d75c0c2109523ef62368d2faf0a11d8e56d00c0c2/detection

92.255.57.154:11841

# Reference: https://www.virustotal.com/gui/file/00745430b1b9a030f2bff0031368a9529226b085a76a1f689e39e6a688a6503f/detection

86.107.197.160:7766

# Reference: https://www.virustotal.com/gui/file/03c20ca5c5cd50b9cf56e52bf197bba32a81a814d9f3389f82546cca3fe1f466/detection

gogamec.com
t.gogamec.com

# Reference: https://app.any.run/tasks/be9b9b2d-fd4a-4d46-a00d-7de43309bdf9/

xyzgamei.com
i.xyzgamei.com
j.xyzgamej.com

# Reference: https://www.virustotal.com/gui/file/02000b5254fc6221b49d3620b910609dd3361f3e23cfa2b88d6f8da7b14ada6a/detection

360devtracking.com
tesslahousse.com
usashit.com

# Reference: https://www.virustotal.com/gui/file/06eef67756efdf21681b66edb0c3bdc7add480a3e33a6923166a5874e5ec0b88/detection

realmoneycreate.xyz

# Reference: https://www.virustotal.com/gui/file/a3eb1e30558a45e8cd56accdf10ed6f551cff6ad427af626f2d9bf0cb3e352be/detection

zakordon.online

# Reference: https://www.virustotal.com/gui/file/99d35c9e785a676ae4a5d01dbe79731d4f189e27c10ca5bd8a8442cfa171670b/detection

45.67.231.194:29525

# Reference: https://twitter.com/pmmkowalczyk/status/1493197986930823171
# Reference: https://www.virustotal.com/gui/file/162b5d4c2ecc52ec10bdbae2ef6b3218419565ffcf369e37a1c4502fc0488c3c/detection

51.79.188.112:7110
82.202.167.202:8303
91.243.59.21:20856

# Reference: https://twitter.com/malwrhunterteam/status/1493659632904114176
# Reference: https://www.virustotal.com/gui/file/0caba418b4b1ec32a00cdd52e3f6f28b7e8de0ffec030cfd8ae661538619b72b/detection

157.90.154.157:56664

# Reference: https://www.virustotal.com/gui/file/ddf039c3d6395139fd7f31b0a796a444f385c582ca978779aae7314b19940812/detection

80.89.229.247:36902

# Reference: https://www.virustotal.com/gui/file/ef3e0845b289f1d3b5b234b0507c554dfdd23a5b77f36d433489129ea722c6bb/detection

185.215.113.205:65531
212.86.102.63:62907

# Reference: https://www.zerofox.com/blog/meet-kraken-a-new-golang-botnet-in-development/
# Reference: https://www.virustotal.com/gui/file/1d772f707ce74473996c377477ad718bba495fe7cd022d5b802aaf32c853f115/detection

95.181.152.184:2021

# Reference: https://www.virustotal.com/gui/file/d742a33692a77f5caef5ea175957c98b56c2dc255144784ad3bade0a0d50d088/detection

http://91.235.129.112
84.38.189.175:12928

# Reference: https://www.virustotal.com/gui/file/3215decffc40b3257ebeb9b6e5c81c45e298a020f33ef90c9418c153c6071b36/detection

95.181.152.184:60000

# Reference: https://www.virustotal.com/gui/file/7c76ca5eb757df4362fabb8cff1deaa92ebc31a17786c89bde55bc53ada43864/detection

185.112.83.22:6663

# Reference: https://www.virustotal.com/gui/file/48c2f53f1eeb669fadb3eec46f7f3d4572e819c7bb2d39f22d22713a30cc1846/detection

185.112.83.22:60606

# Reference: https://www.virustotal.com/gui/file/43f46a66c821e143d77f9311b24314b5c5eeccfedbb3fbf1cd484c9e4f537a5d/detection
# Reference: https://www.virustotal.com/gui/file/8c4294e3154675cd926ab6b772dbbe0e7a49cae16f4a37d908e1ca6748251c43/detection

185.206.212.165:60601

# Reference: https://www.virustotal.com/gui/file/3e4c106e1d7ae13fd98a1b3ebc2a8951c1eabf10bf1dd2047dabc605e3e735be/detection

http://65.21.105.85
65.21.105.85:60000

# Reference: https://www.virustotal.com/gui/file/100205d5f6006017a444d46ada0cb09b792b55c540a0dd6a8186e085ccb4f9ab/detection

213.226.71.125:2021

# Reference: https://twitter.com/malwrhunterteam/status/1497631195605184513
# Reference: https://www.virustotal.com/gui/file/a901704645277224aa21c310fe1fb2d173473abfbf3ad769a604dd514d24497d/detection

46.8.220.88:65531

# Reference: https://www.virustotal.com/gui/file/fe5a3dc2dbb4897be7a9728f11e81edd06242db98b080a05cb9b2fd61f131ff1/detection

178.218.144.95:3000
178.218.144.95:42977

# Reference: https://www.virustotal.com/gui/file/d24d2b6f33fe7df641f5f7f4ebaff22e5e2d036a33269121e6322ccabf946208/detection

135.181.79.37:52491
193.150.103.37:29118
2.57.90.16:15322
212.193.30.113:9295
45.14.49.184:55842
45.9.20.182:52236
51.79.188.112:19842
91.206.14.151:16764

# Reference: https://www.virustotal.com/gui/file/a04effeb80563dbebec0fefb178b265eadc0b7426acf08e36e9d4aacde346f7e/detection

querahinor.xyz

# Reference: https://www.virustotal.com/gui/file/33d5edfef5ffcf3f32ecad4426a11a24069d8e37d3936d528bfb26ff34edbe99/detection

185.7.214.127:32304

# Reference: https://www.virustotal.com/gui/file/128678178e92297dafe7c897802097809eef990a3a8fc7a542355939a3152ac5/detection

hadachannt.xyz
kanagoriyn.xyz

# Reference: https://www.virustotal.com/gui/file/4e0adb8e4da13519b12df1cc2e57e6e3377cf2d10b195bba5973ce8a4d0a1d61/detection

http://185.7.214.8
185.7.214.8:37809

# Reference: https://www.virustotal.com/gui/file/00581e2fa186e5b6f044427945709e2439aad5782b8718c73cd5587d2a65359e/detection

116.203.252.195:22021
92.255.57.115:11841

# Reference: https://twitter.com/jstrosch/status/1503202346456788995

procduo.xyz

# Reference: https://twitter.com/James_inthe_box/status/1504572083023409162
# Reference: https://app.any.run/tasks/a63f4a0a-d552-45e8-8722-a2fe7b02de23/

51.141.54.228:41606

# Reference: https://twitter.com/reecdeep/status/1505812406798270464
# Reference: https://app.any.run/tasks/b795c339-76a7-4ba0-bd8b-f120d0e1980a/

45.133.174.110:32577

# Reference: https://www.virustotal.com/gui/file/dcf13abd1d64739602e0a777a8e076eef4a10b44778c89e62b4f9043ebe3ec98/detection

185.153.198.58:31858
detacher.xyz
kiff.store

# Reference: https://app.any.run/tasks/ebb14c8d-fa90-461e-96fd-ce47eb6b6337/

168.119.164.249:48788
185.215.113.66:26416
185.215.113.7:5186
193.106.191.203:44450
193.106.191.253:4752
193.233.48.58:38989
193.38.235.192:43770
45.9.88.246:43235
62.182.156.185:48571
86.107.197.196:63065
dbazf.club
wailanyrrere.xyz

# Reference: https://www.virustotal.com/gui/file/3c362636f19b4626866ca745bb197ebcc4f2fab1f2bec6b7f208c0748dc39dcd/detection

sokiran.xyz

# Reference: https://www.virustotal.com/gui/file/3c362636f19b4626866ca745bb197ebcc4f2fab1f2bec6b7f208c0748dc39dcd/detection

madgett.xyz

# Reference: https://www.virustotal.com/gui/file/8dcc224c6a9a9ba0fb83eef2c6c23091c906817d4754bd5b315a938f5849d62f/detection

65.108.27.131:45256
ilsvt.co

# Reference: https://www.virustotal.com/gui/file/0c896c8600ddb577903a9c0d19fd9762a9ec28337dc027416bf29fdf3eb899f9/detection

185.215.113.64:25828

# Reference: https://www.virustotal.com/gui/file/03eb59205f453806754b1a677d5d4786431c902f045aef1115ee890b86e7e779/detection

185.215.113.93:7777

# Reference: https://www.virustotal.com/gui/file/033a301cf5c24b5b3e71573becabd22faff68d55c915ca15bf02308252b2fb49/detection

185.215.113.79:41465

# Reference: https://www.virustotal.com/gui/file/016174fc0cab92cf921c65949d9a471b5f2f4e41f14ca27338bc3c7dd4ec7fb6/detection

185.215.113.80:15548

# Reference: https://www.virustotal.com/gui/file/02f584407c459a4c6145d5b16be33264e7d7ec646285c14062e1f2318e0cd318/detection

185.215.113.81:28578
razino.xyz
rdanoriran.xyz

# Reference: https://www.virustotal.com/gui/file/00f0f713967d000891635164e4809410201cdff3c1cd9fe6799398f23d876b46/detection

bitrhost.ru
ergerge.top
ergerr3.top
jo.bitrhost.ru

# Reference: https://www.virustotal.com/gui/file/0b77ce38b10b46b8b682c4a234594b5d86b4eee7f3fe58bdbb56c3f038dd7305/detection

185.215.113.82:31104

# Reference: https://www.virustotal.com/gui/file/002dbfdf524e2eef9c38fa54eb01b911816f8fd5f5c956db638814c849463ff1/detection

185.215.113.83:60722

# Reference: https://www.virustotal.com/gui/file/6b18a223ce8f1f42880a54809880cd5c3a6890955d2469b10ea771dab333871e/detection

135.181.108.219:14534
buildersgate.tech
techtest001.zzz.com.ua
theunderconstruction.site

# Reference: https://www.virustotal.com/gui/file/095ecb0e8424a36dd94fa211103bea37f6e4a36cbc52859c632df60edc00f4be/detection

92.255.85.137:41320
sectigotls.xyz

# Reference: https://www.virustotal.com/gui/file/561b4ba98e1cd37b6223475a9569ff47d2a090dfb7686cdbcf551ae4f8895c9b/detection
# Reference: https://www.virustotal.com/gui/file/efa2f25250c8fcb6d692f34f700cdad01927e31a585cf0bee8bbe29ae72ad13a/detection

151.80.244.179:28710
tlsprotectgo.xyz

# Reference: https://www.virustotal.com/gui/file/cd45debdbac1944c86f804f9095113a6b78403e9bad5ab7dcfd366a206175124/detection

142.202.240.83:21322
62.182.156.185:48571

# Reference: https://www.virustotal.com/gui/file/56cf528c7b47eec296feb89c8314db85d81eaca55b96387360e0ec3e7b6caa1b/detection

2.58.56.230:32022
kengbek3k.mywire.org

# Reference: https://www.virustotal.com/gui/file/1852fb55a2b10a13b1313409e034f32aff0e7fc573cf81ef33a36d4c008215d1/detection

94.124.78.2:32725
cc27890.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/0190c06dcdc98a77cec4771c25fa128ddf7c14a685d7b19a5f34415b4bf18e35/detection

116.202.106.111:9582
185.215.113.20:21921
gumishosaled.xyz
helacanushoc.xyz
igucanitoasi.xyz

# Reference: https://www.virustotal.com/gui/file/8c44a225848bfa48e0c474a64f3545817603efa4e6e7167d6823ecbd0cae58a3/detection

46.246.26.65:1195
daddy.linkpc.net

# Reference: https://www.virustotal.com/gui/file/10c760b38e37d7df4fdb3caa56328e51943ac422018b1261fbd4820cdaa046d3/detection

116.202.24.62:9295
185.215.113.24:15994
193.150.103.37:81
46.8.52.48:9006
65.108.101.231:4974
77.232.40.51:20166
91.243.59.166:5240
91.243.59.167:44301
95.143.177.76:34098
finontitreke.xyz

# Reference: https://www.virustotal.com/gui/file/fc977187beb172eb6a2e93c5721e0768c3c9f1642e168145863f112c36ab27a8/detection
# Reference: https://www.virustotal.com/gui/file/89fe764b09ea5a6c74464ab9302c9e16b9c82356bf992c8da24fa396fa779e64/detection
# Reference: https://www.virustotal.com/gui/file/3e3ab0ba04cd0d6c6c88618439bc9401b4706d39a129cb0ce21717ae29ba9f53/detection

185.215.113.214:5350

# Reference: https://twitter.com/fr0s7_/status/1511652092297023491
# Reference: https://www.virustotal.com/gui/file/749f80e67f2f164450020b9d9c3182c9e935fb5f2535284e754385160e4add2a/detection

31.44.4.97:8027

# Reference: https://www.virustotal.com/gui/file/00b66d6580571a2d656a3592d90e4e27fc0fb639e99938bace317891ca769207/detection

194.104.136.5:46013
212.193.30.113:9295
91.121.67.60:23325
91.206.14.151:16764
91.206.15.183:15322
wensela.xyz

# Reference: https://twitter.com/James_inthe_box/status/1514314395744186378
# Reference: https://app.any.run/tasks/30413f01-a1c0-4e45-afea-00c7288ffe09/

185.158.249.37:39347

# Reference: https://www.virustotal.com/gui/file/028798b77230880eeaf46f0814ac8eee6b35e75cd89383f5cdb36663b04f1a07/detection

193.38.54.110:16360

# Reference: https://www.virustotal.com/gui/file/c1ac4940bdf320423e5473de4ed9b3db61e2e40e19fb7e651afbf66fc7a972bb/detection

193.233.48.87:27941

# Reference: https://cloudsek.com/whitepapers_reports/information-stealer-targets-crypto-wallets-via-fake-windows-11-update/
# Reference: https://otx.alienvault.com/pulse/625fdfc069b64762bb5ea0ec
# Reference: https://lists.emergingthreats.net/pipermail/emerging-sigs/2022-April/030646.html
# Reference: https://app.any.run/tasks/5cc9b70d-ada7-4f12-8d93-01a51e465d5d/
# Reference: https://www.virustotal.com/gui/file/013472eaa2f1f7b3ab4e22750422594df20f5bddb008834fe98b6e7ceb2d2969/detection
# Reference: https://www.virustotal.com/gui/file/ccad45b57622c825930fbc91b4bef69b4213242a6747fbde88fafab209491c1e/detection
# Reference: https://www.virustotal.com/gui/file/23493567b9938ee6b0fe1f75a1761c830d14f7c19628fe57a5823d2378869a2a/detection

http://185.215.113.73
seventyfor.site
siteflortyklamtre.com
windows-11info.com
windows-11info13.com
windows-server031.com
windows11-infoserver.com
windows11-upgrade.com
windows11-upgrade11.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-21%20Redline%20IOCs
# Reference: https://tria.ge/220420-phex3agbcj

140.228.29.199:25415

# Reference: https://www.virustotal.com/gui/file/017118612816b95f23b39dbb5a82ea128aaf3afe315ce0314c020a9848dd6d80/detection

downshiftingrace.top
dwefrfgqwgq.top
ghfjfigsk.top
gjfjhqvsh.top
greendayband.top
ojwqfoqkwfaf.top

# Reference: https://www.virustotal.com/gui/file/0ed195ec728ae0cf1d028dfc6682e64f4355b3e33ce4de258f854701dce4ee61/detection

93.115.21.45:27134

# Reference: https://twitter.com/ankit_anubhav/status/1523552925632528385
# Reference: https://app.any.run/tasks/94404bfa-f3ee-484a-96ff-01f4889b9c63/

84.38.132.100:29934

# Reference: https://tria.ge/220509-sx35zsdff5

193.106.191.190:23196

# Reference: https://tria.ge/220509-phstxsdah3

185.45.192.228:81
honantharis.xyz

# Reference: https://www.virustotal.com/gui/file/be778dfd4e57ceae09576d25c2b8caaed89c9bfe05f36e1e02dc00c0954abd24/detection

194.31.98.238:5519
asheesh.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c04802a977e8d933c30def1dddaee61bbfd0625616960bf05352814b1a002679/detection

212.193.30.202:29580
crossred9188.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ffe7e2b51fc28b4f931af8b4eb8b6907a6e8cb51823267db6f30895b9b98e966/detection

104.224.30.55:34261
hustlegang.duckdns.org

# Reference: https://www.netskope.com/blog/redline-stealer-campaign-using-binance-mystery-box-videos-to-spread-github-hosted-payload

51.89.155.45:22595

# Reference: https://www.virustotal.com/gui/file/93708ec7bc1f9f7581cc2e1310a46000ad38128e19eb1e92db88e59d425b3e15/detection

http://212.192.246.217
5kdfbjghdf5.monster
oneservercubo.xyz

# Reference: https://www.virustotal.com/gui/file/c2f18622d283e30b3512d724e53b40c3cfea9979a1866024ad5c23327972b11b/detection

212.192.246.217:4444
212.192.246.217:7777
doggorandom.xyz

# Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection

109.107.174.10:1702
149.202.88.172:15126
185.215.113.24:15994
193.106.191.197:23196
193.124.22.10:5241
46.8.220.88:65531
65.108.101.231:14648

# Reference: https://www.virustotal.com/gui/file/4c3a593236b925043fa94dc96211707c80714c3486bbf43adbca816f49065473/detection
# Reference: https://www.virustotal.com/gui/file/79039612f9ed648b73de0a2e4a7dd8cec1562790bd84b9e5cc2a3a8163997646/detection

185.106.92.91:28672

# Reference: https://www.virustotal.com/gui/file/8dff4de812afa601f532ee31ece501ab19683d379804c5746d4659f041df1ad3/detection

92.119.113.176:1291

# Reference: https://www.virustotal.com/gui/file/b3c1e24f0bb14830b448d9f7e1663eeeac5da4d7f7dc078fd8d00f910e891f3f/detection

91.243.59.61:17460

# Reference: https://www.virustotal.com/gui/file/7f57705a95aea58f631f0d287cf0e6d380fa5c13bc95021997d1bb1d2940534f/detection

91.243.59.61:17890

# Reference: https://www.virustotal.com/gui/file/f7f8a8e497d4fb74d39100de375fb1b44b975ea9fe0f62a1e0259b106b04ecf5/detection

188.34.180.128:23899

# Reference: https://twitter.com/reecdeep/status/1530182872790880259

140.228.29.125:50298

# Reference: https://twitter.com/malware_traffic/status/1529219133895847939

65.109.11.10:8599

# Reference: https://www.virustotal.com/gui/file/02dce7f57e4933edf84cbe525d8115defd5ecafd5b2b203be6a2ec7aa0099bc7/detection

141.95.211.151:34846

# Reference: https://www.virustotal.com/gui/file/05a584d1ab8ab7cc424fdb8671dd6c4e01984d9784301eecec2b201ed676fd86/detection

185.215.113.45:41009

# Reference: https://www.virustotal.com/gui/file/00041f130d48480c52136a7edc2404b8ee62e626d4e41caddf956e564526aea3/detection

45.138.157.149:59227
88.198.119.112:14961

# Reference: https://twitter.com/unmaskparasites/status/1532822021259743232
# Reference: https://twitter.com/MBThreatIntel/status/1532853281453527040

distcumsrariwantecn.cf

# Reference: https://www.virustotal.com/gui/file/fc1026ae3ccdc9436a3f577815b86b945b24ab6efec660665ed0fe38f47002ce/detection

185.250.148.76:30337

# Reference: https://www.virustotal.com/gui/file/2cf7f62a48646f888c300c8eb7e68f549dcee178e29517fe5eee11f0e2470644/detection

185.250.148.221:51931

# Reference: https://twitter.com/faisalusuf/status/1536952335775195137
# Reference: https://app.any.run/tasks/ab739981-8f3a-4367-be49-17de8dbac4b4/

185.105.1.173:82

# Reference: https://www.virustotal.com/gui/file/14ec3101bdf8be92ce57e7fffb00fbc991f2a3ef7265728b7380c5d989c1324c/detection

kitchenandfardenusa.com

# Reference: https://www.virustotal.com/gui/file/de8a7cd86d3be3f09485751a44282fc3df6493109e0f42a4efa9344b7eca236a/detection
# Reference: https://www.virustotal.com/gui/file/c42bc66cef51f7e57891bd3257aa6e92745cf20a075c3bd5b78ece02b2b3e0f3/detection

84.32.188.178:81
i3mb58.info
m360li.info

# Reference: https://www.virustotal.com/gui/file/fcb37377c92e74da0ad88d41c0604ba487788110a2b72323375da121508ad2d6/detection

185.106.92.110:2819

# Reference: https://twitter.com/Jane_0stin/status/1539646196179841024
# Reference: https://app.any.run/tasks/468748fc-c2b2-45c4-afb5-476c8fe9f026/
# Reference: https://www.virustotal.com/gui/file/925ca1581523ed6f1cb35ceb4eeefba6d610af7cddca63d46dcdce8bdba62591/detection

185.106.92.110:5555

# Reference: https://www.virustotal.com/gui/file/fb2ee4aeabe5975a9ea1043d50e631162111acffb89fb0c654f272c37cea6695/detection

45.142.122.179:36803

# Reference: https://twitter.com/James_inthe_box/status/1539639477676568576
# Reference: https://app.any.run/tasks/28fbdc09-5d28-4ad6-a1ee-100b0da2fd85/
# Reference: https://www.virustotal.com/gui/file/d265ff1a19ce34ed711e0ff15461ef975a1dc61cff3bd2c1a2877a35daa84cf8/detection

45.142.122.179:51568

# Reference: https://www.virustotal.com/gui/file/df8c1cee8ef77367a69b955f4cb32120d48ffcb49273fcb3c7017fd7fb68746c/detection

45.142.122.179:7777

# Reference: https://twitter.com/pmelson/status/1541472278382366720
# Reference: https://www.virustotal.com/gui/file/78d88a6ac29625636a7433e358459a8cdfb837c853f6a149ceea102e707997f3/detection
# Reference: https://www.virustotal.com/gui/file/50e2444e832e4c3ed711fcf27c038967c2c5f5037a4e0ea2cc6d53ef6ac54cfb/detection

34.174.95.150:12345
34.174.95.150:54865
judithabusufaitdyg.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0a1a8cde3ae2b38c15c812eb9a460e21ce7bdb82d0a69586b202898d56e0afa7/detection

46.138.71.75:50191

# Reference: https://www.virustotal.com/gui/file/1ba4f1dc0c8080788f40b27d987e6895e7a8b7611088bc59b6c17da10d86f08d/detection

11.41.11.44:50101
141.95.140.173:33470
179.43.142.162:41149
179.43.142.162:7777

# Reference: https://www.virustotal.com/gui/file/6f83b4fc136656a149a08f60ccf70c31a0334b42d77b1d7d83d4245d3f49819d/detection

37.0.8.130:16913

# Reference: https://www.virustotal.com/gui/file/89e7e724fbfaa0600c5fcd59af18cb46f7328690529dfeb0b2470ec18354668c/detection

3.128.107.74:18441

# Reference: https://www.virustotal.com/gui/file/cc317aed5435bbdf8d5ab5dfe403b2bfc9df36adac0260386ab63e032b45231a/detection

2.56.57.16:25154

# Reference: https://twitter.com/DmitriyMelikov/status/1543699382133981197
# Reference: https://www.virustotal.com/gui/file/e92b433fa1ef414e8b295e624966297aa344ac7d3d1b32d702601a1295f32a5a/detection

78.24.216.5:42717

# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.164/relations
# Reference: https://www.virustotal.com/gui/file/e25adb49b953877a3211065beb07f91b32ae9595e0781402e517efef50d56e07/detection

mybroninn.xyz

# Reference: https://www.virustotal.com/gui/ip-address/94.140.114.164/relations
# Reference: https://www.virustotal.com/gui/file/7d6b27c2a951f600c92baeaae2e43c851061f3ab12c5f3456a7b3693bf2f242d/detection

genanelihel.xyz

# Reference: https://www.virustotal.com/gui/file/cc20869d4515b25337daa2633f2c51efec53b6291b8c388d1caf571b762ae0ca/detection

65.108.54.252:63772

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Redline/Redline%20-%2007072022

37.235.54.26:8362

# Reference: https://www.virustotal.com/gui/file/07bb7dac9b6cb74fae221739a5131628d85318ffa3da7873c3eb17ec5174239c/detection

lironkerasu.xyz

# Reference: https://www.virustotal.com/gui/file/c9751a096ddb32ffef6b59be9eaf8552bc8558e1cd00db926f9699d9e23dd1ed/detection
# Reference: https://www.virustotal.com/gui/ip-address/185.17.0.52/relations

http://185.17.0.52
redlineisblue.ru

# Reference: https://www.virustotal.com/gui/file/0f48887517b27e5252193969a06804bbdf8b73705e71a480ca723773e5e8a9f1/detection

185.215.113.75:81
193.150.103.38:5473
alsyedonline.com
industrialmcsas.com

# Reference: https://www.virustotal.com/gui/file/b29541d209989063ac86d468a9551112a49bd0b7fc6a381651423a24cc9aa33e/detection

193.233.48.58:43014

# Reference: https://www.virustotal.com/gui/file/4794d682adf23fec5f738cc3477c955eba198be11ebcd98560064d7b7d7424af/detection

tsmctracking.pro

# Reference: https://www.virustotal.com/gui/file/3fc8f98bf0d80216bd299d5ab008a54309a4b12bc2d5d8dcda79774242620175/detection

194.87.186.140:46703
wowan.ddns.net

# Reference: https://www.virustotal.com/gui/file/e9d0051a518d260fa503b82b6d4be8535a0bad93f2e69b2b75a6f78e44a7eb82/detection

185.222.58.90:17910

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Redline/Redline%20-%2012072022

65.21.74.139:20775

# Reference: https://www.virustotal.com/gui/file/147a2fc143ea0b966da81e576ff93c5f808f2df60a13b426bb842dfeeb6c4719/detection

193.124.22.7:13417

# Reference: https://tria.ge/220714-v1tf3acgc8/behavioral1

194.87.84.158:41471
dcross12.duckdns.org
lutanedukasi.co.id

# Reference: https://www.virustotal.com/gui/file/9715afae14d9eb665344c4f1fcde2d1d29c10bc195b51a35f06d04a185ec5388/detection
# Reference: https://www.virustotal.com/gui/file/69f61e9377d8c1182d3056de72509126fe3ab4b31b98c984ea8c7798308a5446/detection
# Reference: https://www.virustotal.com/gui/file/5c3140359472cf0196d99e4ad80d5c4f5a2e7c2bd148cea3f8a6942e66fd0b03/detection

179.43.155.184:41669

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/TF_RedLine_Stealer.json

aimsrealtymortgage.com
alumates.com
arkhammush.com
cas-v3.info
cas-v40.space
cas-v53.space
cas-v7.info
cas-v80.space
cas-v84.space
dilevry-center.cf
dogspise.site
favormi.com
fworkscustominc.com
genres-mv.com
govvv.xyz
greentry.site
homereds.site
hormijuego.online
layoutpln.club
loadsrtfl.cfd
mobileinstalleren-app.com
mousehoused.site
multiscaleinvestmentgroup.com
pilotzone.site
praha778.com
rachelbales.com
rpdelio.com
sukiyor.com
topstart.site
u19126222.xyz
yollowstar.site
ae.topstart.site
api.alumates.com
aw.topstart.site
ballablaq957.duckdns.org
bd.yollowstar.site
beefyfinances.com
bg.pilotzone.site
bg.topstart.site
bg.yollowstar.site
black.homereds.site
bo.greentry.site
bord.dogspise.site
by.greentry.site
cd.mousehoused.site
cd.yollowstar.site
center.dogspise.site
cf.mousehoused.site
cf.yollowstar.site
coc88.duckdns.org
cold.homereds.site
cr.greentry.site
cv.topstart.site
dady.dogspise.site
dash.dogspise.site
day.dogspise.site
de.mousehoused.site
deep.dogspise.site
der.dogspise.site
det.mousehoused.site
dg.topstart.site
dn.topstart.site
dos.homereds.site
dq.greentry.site
dr.greentry.site
dr.topstart.site
dt.pilotzone.site
dw.greentry.site
dw.topstart.site
e.pilotzone.site
e.topstart.site
e.yollowstar.site
ep.greentry.site
eq.greentry.site
ew.topstart.site
fe.mousehoused.site
fer.mousehoused.site
fg.yollowstar.site
fill.homereds.site
fire54.duckdns.org
fn.topstart.site
fo.greentry.site
for.dogspise.site
for.homereds.site
fp.yollowstar.site
fr.topstart.site
friends.dogspise.site
ft.mousehoused.site
fv.topstart.site
go.homereds.site
good.homereds.site
gs.greentry.site
gt.greentry.site
hg.topstart.site
hi.pilotzone.site
ho.greentry.site
home.dogspise.site
hop.dogspise.site
impuls.dogspise.site
jgh.pilotzone.site
job.homereds.site
joy.dogspise.site
lo.greentry.site
low.homereds.site
low.pilotzone.site
mn.yollowstar.site
mo.yollowstar.site
moon.homereds.site
mop.greentry.site
nb.yollowstar.site
nfy.pilotzone.site
ng.yollowstar.site
nr.greentry.site
nyamekye778.duckdns.org
of.dogspise.site
oi.greentry.site
onlinebests.life
pilotzone.site
pl.yollowstar.site
po.yollowstar.site
pr.greentry.site
prt.greentry.site
q.greentry.site
q.mousehoused.site
q.pilotzone.site
q.topstart.site
q.yollowstar.site
q2.homereds.site
qe.topstart.site
qw.greentry.site
qw.mousehoused.site
qw.pilotzone.site
qw.topstart.site
r.greentry.site
re.mousehoused.site
red.dogspise.site
red.homereds.site
rew.mousehoused.site
rf.mousehoused.site
rol.dogspise.site
row.homereds.site
rt.yollowstar.site
rum.dogspise.site
run.dogspise.site
s.homereds.site
s.yollowstar.site
sd.greentry.site
silverbox.rpdelio.com
solo.homereds.site
soon.homereds.site
soul.homereds.site
st.topstart.site
start.homereds.site
status.dogspise.site
style.dogspise.site
tf.topstart.site
to.homereds.site
toa.homereds.site
tod.dogspise.site
top.homereds.site
tr.mousehoused.site
travelsfeest.club
trf.pilotzone.site
troz.dogspise.site
two.homereds.site
ty.topstart.site
vbg.pilotzone.site
vc.pilotzone.site
vcf.pilotzone.site
vd.topstart.site
vdf.pilotzone.site
vds.mousehoused.site
vf.greentry.site
vf.yollowstar.site
vg.topstart.site
vs.topstart.site
vsr.mousehoused.site
vy.yollowstar.site
w.greentry.site
w.mousehoused.site
w.pilotzone.site
w.topstart.site
w.yollowstar.site
wa.pilotzone.site
wa.yollowstar.site
wd.pilotzone.site
wd.yollowstar.site
we.greentry.site
we.homereds.site
we.pilotzone.site
wer.pilotzone.site
wg.pilotzone.site
who.homereds.site
wq.yollowstar.site
ws.pilotzone.site
ws.yollowstar.site
xcf.pilotzone.site
xd.mousehoused.site
xf.topstart.site
xtr.pilotzone.site
xv.pilotzone.site
xz.mousehoused.site
yo.yollowstar.site
yollowstar.site
you.dogspise.site
your.dogspise.site
yu.yollowstar.site
yuy.dogspise.site
za.mousehoused.site
zd.mousehoused.site
zha.homereds.site
zq.mousehoused.site
zs.mousehoused.site
zw.mousehoused.site
zwx.mousehoused.site
zx.pilotzone.site

# Reference: https://tria.ge/220726-zlrq5shea6

62.204.41.139:25190

# Reference: https://www.virustotal.com/gui/file/18efaafe7fac35811bd86feb1fc31db7006ef4268bbbeea671b84b13a66acf20/detection

http://45.143.201.7

# Reference: https://www.virustotal.com/gui/file/a7f61df4c6ab265e521671b6e13ed1f190255dc45497b9084f6b2c36efb7e586/detection

185.106.92.22:42387

# Reference: https://www.virustotal.com/gui/file/e0ad9d748337aa0d96bb74e9e94fde6810fcfe09e969462afbc48bc0819a5cb0/detection

45.142.122.45:40669
45.142.122.45:7766

# Reference: https://www.virustotal.com/gui/file/4c9fd3d4dfa17aa4632ae294260fd36044561d012dd59cb4fd772716b373b339/detection
# Reference: https://www.virustotal.com/gui/file/32ce37b5471fed458061606ad412dfeb0f46239de2125f6d585b62891462ae07/detection

193.124.22.27:8362

# Reference: https://www.virustotal.com/gui/file/1d300f792a31b06e6d1825396d1d48350d5276c5bfebd8609191d18c4d8820cd/detection

195.133.40.135:46325

# Reference: https://www.virustotal.com/gui/file/007925384fc2177eaff3d8fb4994b40e77a60e7e5b07e00d2f08447f39864d6b/detection

31.222.238.56:27367

# Reference: https://www.virustotal.com/gui/file/6e3c58250894d76bdcf7ffc6d337789aaab63958bf68e0472558704649ada679/detection

185.225.73.22:42474

# Reference: https://noahclements.com/2022/08/05/RedLine-Stealer-AutoIT-Malware-Analysis.html

ifunteck.com
nice-quiz.com
tw0chinz.com

# Reference: https://www.virustotal.com/gui/file/b37a738ac8e0f9628cf35c3a2ffa2b0ef61f2c88c8dfb599757b82ab12e7ec49/detection

107.182.129.73:21733
connect2me.hopto.org

# Reference: https://www.virustotal.com/gui/ip-address/65.108.142.248/relations
# Reference: https://www.virustotal.com/gui/file/d54366d265ce6ca4f3226df61f4358e362713c932ee76e7fa2ee644c5c37a181/detection

65.108.142.248:25368

# Reference: https://www.virustotal.com/gui/file/21aee56551a8e1252b6f02f5c39836cf75107e1911cc89fc47573b707e3a5026/detection
# Reference: https://www.virustotal.com/gui/file/01f371b54711c72779df012bc7d40e467aed33ef4e70a3c4fa5ebe79979a79ba/detection

65.108.142.248:34305

# Reference: https://www.virustotal.com/gui/file/00b40f3e04c349b29b9a56c894a3935deb0075a6fad497a7daa02a8dbd021dbd/detection

f0698021.xsph.ru

# Reference: https://twitter.com/malwrhunterteam/status/1556699617282105344
# Reference: https://www.virustotal.com/gui/file/b182e34290c7093f1e46b673d764bda6a3eec934bb69d57fc4431a0bc66195ce/detection

212.68.34.14:60396

# Reference: https://securityscorecard.com/research/detailed-analysis-redline-stealer
# Reference: https://www.virustotal.com/gui/file/e3544f1a9707ec1ce083afe0ae64f2ede38a7d53fc6f98aab917ca049bc63e69/detection

18.196.41.122:17044
192.169.69.26:17044
siyatermi.duckdns.org

# Reference: https://twitter.com/StopMalvertisin/status/1559071063572873217
# Reference: https://www.virustotal.com/gui/file/6161c01fd590c98c6dee4e510ba9be4f574c9cc5c89283dbff6bb79cd9383d70/detection

185.222.57.238:27519

# Reference: https://www.virustotal.com/gui/file/ac1906fa0c648d42c3e1b0c7b70b0e7c0c68888d90dc48c81b225f0932cdb258/detection
# Reference: https://www.virustotal.com/gui/file/300618c6e81ee458a3aba4188f0f24937f6297499142865f396380406eec85a9/detection

f0699615.xsph.ru
f0699616.xsph.ru
f0707710.xsph.ru
f0707715.xsph.ru
f0707718.xsph.ru
o0l0j0jo.webredirect.org

# Reference: https://twitter.com/StopMalvertisin/status/1561438279647768577

80.66.87.52:2500

# Reference: https://twitter.com/1ZRR4H/status/1562320142784143361
# Reference: https://www.joesandbox.com/analysis/689150/1/html

93.177.73.98:49805
surbubansecureddocs.com

# Reference: https://www.virustotal.com/gui/file/36d3d23e7f3afe91c185cdef1c31326a7107f40645602a83c56cb1648b2d560a/detection

45.77.72.92:2398

# Reference: https://www.virustotal.com/gui/file/1d65ed0a78f198dd4e8aca6e5ebe5e13754fdf7c86f60c2032aabe9a658806ef/detection

2.232.150.231:62099
tecnotrendgame.ddns.net

# Reference: https://www.virustotal.com/gui/file/17fe5a1ed912fddaeee9479ea61abff4841374abc02c8b12f94d1a5cc189214a/detection

rechonanabra.xyz

# Reference: https://twitter.com/pollo290987/status/1563361616334569475

171.22.30.232:55554

# Reference: https://twitter.com/Iamdeadlyz/status/1562823487932100608

77.73.134.5:30812

# Refereence: https://twitter.com/James_inthe_box/status/1562830189884612610

hjhjhjhj.s3.amazonaws.com
/klfclakhhwlmgaajyisdyaldcmlfffkzimzivo

# Reference: https://www.virustotal.com/gui/file/d70e0cb609ebc30b3e05f0851953d1391c943527200373081a03da7cb33da9b1/detection

185.102.170.31:62099
2.58.149.2:62099
212.192.246.195:62099
workstation2022.ddns.net

# Reference: https://www.virustotal.com/gui/file/6a76848edcb35f6e6e3b31db95c7197cafc9186ec1c44752720634400350619b/detection

213.136.92.216:23613
stanuka12.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1565363113154580481
# Reference: https://www.virustotal.com/gui/file/89b564434cf70afd674eb0ce61c03991619e51ba44d69a0c6435de4464cad3fb/detection

45.147.199.166:14009

# Reference: https://otx.alienvault.com/pulse/63109ff5868333903d12ba29
# Reference: https://www.joesandbox.com/analysis/694280?idtype=analysisid#iocs

3.6.115.182:17440

# Reference: https://otx.alienvault.com/pulse/63109ff5868333903d12ba29
# Reference: https://www.virustotal.com/gui/file/dbb8c3bafbe49e038511e16c2dceecb5d975a43e907fc03e0e5b000aca38b154/detection

193.161.193.99:59532
hddfd-59532.portmap.host

# Reference: https://otx.alienvault.com/pulse/63109ff5868333903d12ba29
# Reference: https://www.joesandbox.com/analysis/694797?idtype=analysisid#iocs

95.216.88.178:3000

# Reference: https://tria.ge/220831-pxw5wsgad2

213.219.247.199:9452

# Reference: https://www.virustotal.com/gui/file/0a7682c0607e0fcb3580d28aec0e3439d6eae0cde1ab3359832046f7f33cdb0f/detection

anpmnmxo.biz
cvgrf.biz
deoci.biz
fwiwk.biz
gytujflc.biz
ifsaia.biz
knjghuig.biz
lpuegx.biz
npukfztj.biz
przvgke.biz
pywolwnvd.biz
qaynky.biz
rippledev.live
saytjshyf.biz
ssbzmoy.biz
tbjrpv.biz
uhxqin.biz
vcddkls.biz
vjaxhpbji.biz
xlfhhhm.biz
zlenh.biz
listfcbt.top

# Reference: https://tria.ge/220904-sb53fsbhh6/behavioral1

3.67.15.169:13616

# Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection

176.113.115.153:9080

# Reference: https://www.virustotal.com/gui/file/00b5c410d204d6a92f6636e23998777d2716e8928f96b56826b093c9177afaae/detection

whealclothing.xyz

# Reference: https://www.virustotal.com/gui/file/8dfe9f05e8e9b4f4f16532b2d10a41cd6bdaf7b7db663440c3a89fc1b19ec266/detection

thddghd.com
/Adetij_Wtbfbftq.bmp

# Reference: https://www.virustotal.com/gui/file/28520250ac9a5fc3eb106075215660125fa6d6bdf7109a16ebf95fb55f5d4152/detection

192.3.223.202:3652

# Reference: https://www.virustotal.com/gui/file/f24799f17a003ab371fd5b6835bee216d331a7560762899fa46fe62772e64dee/detection

fdhjtnthdngnd.click

# Reference: https://twitter.com/r3dbU7z/status/1570324312699334656

http://185.103.253.149
adsmax.ru

# Reference: https://isc.sans.edu/diary/29052

171.22.30.129:54686

# Reference: https://twitter.com/ViriBack/status/1571501091321159681
# Reference: https://tria.ge/220918-qx1czsfcak/behavioral2

94.103.183.121:81
lanalannnal.xyz
tytcrashedpanel.xyz

# Reference: https://www.virustotal.com/gui/file/eb73e1d46ef4f67b19a50b501592eb73cb3082895dd01f65f3a9786c3fe7d360/detection

195.161.41.49:6677
elistakecare.ru

# Reference: https://www.virustotal.com/gui/file/17880dad2c8787222c6a869cff864adbf4700232f43c2801d75b54cccc069a5d/detection

188.119.112.229:6677
haudireadyfi.ru
lonlyfafner.ru
rqn.haudireadyfi.ru
zd4b.lonlyfafner.ru

# Reference: https://twitter.com/idclickthat/status/1572284013188087809
# Reference: https://tria.ge/220920-wdhxgseba4

195.201.44.44:28786
tapucan.xyz

# Reference: https://www.virustotal.com/gui/file/95ee44421503e6857b4757b247fb742f22e183b6caf2a333acb90f68f2e3801e/detection

boardparty.xyz
a0719021.xsph.ru

# Reference: https://www.virustotal.com/gui/file/0847ed742bd602ae12b2e9c1f3234f0a6e011f1639a70ba100887f306eb8c084/detection

secondtry.top

# Reference: https://www.virustotal.com/gui/ip-address/195.201.44.44/relations

kopekler.xyz
victey.top
zaraat.xyz

# Reference: https://tria.ge/220920-xhma5shgem/behavioral1

65.108.66.101:43249

# Reference: https://securelist.com/self-spreading-stealer-attacks-gamers-via-youtube/107407/
# Reference: https://www.virustotal.com/gui/file/001c74a70a06781ca482aa72941d1edd5ec3a55b3cf1c2ed35a5b692aea0c0e5/detection

http://45.150.108.67

# Reference: https://twitter.com/idclickthat/status/1573677934816075776
# Reference: https://tria.ge/220924-q97mtsbch5/behavioral2
# Reference: https://tria.ge/220924-qh5ddscfcp/behavioral2
# Reference: https://www.virustotal.com/gui/file/30429e95b9318816709e23488c77e364a294b6f5f7e3ee414a6a2bef74620ca6/detection

185.106.92.228:24221
telegramsolutions.com
winterknowing.ddns.net

# Reference: https://twitter.com/idclickthat/status/1573678658983600128

tg-download-us.site
balarsumut.kemdikbud.go.id

# Reference: https://twitter.com/idclickthat/status/1573684996446908416

telegram-desktop.online

# Reference: https://github.com/threatlabz/iocs/commit/ec7a0fb82b94631ebadc85e06b5fa6f0defc11e6

adsharedwi897th.cfd
ahthegha.cfd
almofmultiple.cfd
anceovarec.cfd
andelect.cfd
andslideasco.cfd
ani453las.cfd
anwasthere.cfd
aptersandt.cfd
ateofakist.cfd
butvelocities.cfd
byasdebrisfie.cfd
cloud25.xyz
cloud27.xyz
ctswasprimarilyd.cfd
dcommerc.cfd
drake4.xyz
edbythe67ak.cfd
eeorderso.cfd
egiontheh.cfd
emodernst.cfd
entbymo.cfd
ergyfrommo.cfd
file-store2.xyz
file-store4.xyz
fmagnitude.cfd
heirreplacem.cfd
helandsca.cfd
herihed.cfd
hthecrown.cfd
iesandb.cfd
ihgatms.cfd
indush.cfd
ionthatco.cfd
ionvictoriesin.cfd
iruiotish.cfd
istanmove.cfd
itishindia.cfd
itsdebri.cfd
kirov1.xyz
kuyhaa-me.pw
largerinscale.cfd
lditsdebriisar.cfd
low-lyingwh.cfd
mayyadc.cfd
menhichs.cfd
mershadclo.cfd
mprisesth.cfd
nalhajarm.cfd
nkstherefor.cfd
notbeexcluded.cfd
ofth546ebr.cfd
onzeage.cfd
ordsexecutiv.cfd
oughtme.cfd
oundandk.cfd
panyruld.cfd
psestwotothr.cfd
quezachieve.cfd
rategicstrai.cfd
resonherse.cfd
rhighest.cfd
seostar2.xyz
shatheg.cfd
sonarsurveyof.cfd
sputrey567rik.cfd
sup7podthee.cfd
theritishind.cfd
theyt786ku.cfd
ticlewesimulate.cfd
tsofhormuz.cfd
undertheguid.cfd
undimangen.cfd
unixfilesystem2.xyz
upta16theu.cfd
uptomscan.cfd
uslimsofbr.cfd
znavidsde.cfd

# Reference: https://www.virustotal.com/gui/file/bc6c07a16be6ffebe1498ecca6b0c14b20b996700187df497a7370d4e4a3236d/detection

yxzgamen.com
xv.yxzgamen.com

# Reference: https://twitter.com/idclickthat/status/1575229461997318145

crystal-p2e.io
rpg3dmaster.com
shadowages.xyz
shadowagesp2e.com

# Reference: https://tria.ge/220916-sgqjysbgdr

http://185.204.109.42
45.142.215.47:27643

# Reference: https://twitter.com/Iamdeadlyz/status/1576639419943387136
# Reference: https://www.virustotal.com/gui/file/f9d75522d3ce9bcfd435f703b8e9d12fa954c99fdc39d8a5047a7923b3feed42/detection
# Reference: https://www.virustotal.com/gui/file/ac97d3fb040d768ac075f7051db19f026c046b666782d875e272c28c015989d7/detection

85.209.89.201:35381
medenx.space

# Reference: https://github.com/aanubhav-ioc/random/blob/main/redline_WS

38.91.100.57:32750

# Reference: https://twitter.com/david_jursa/status/1579870307904782342
# Reference: https://app.any.run/tasks/8ca8c0f5-b237-4c5f-ad2c-eb908d9b2c11/

13.72.81.58:13413

# Reference: https://blog.cyble.com/2022/10/14/online-file-converter-phishing-page-spreads-redline-stealer/
# Reference: https://www.virustotal.com/gui/file/eb7d31a5a641b057aa250442dc5252d4214ca282632ebd24a79644fe358fbe18/detection

67.43.239.150:31615
convertigoto.net

# Reference: https://tria.ge/221014-wdxewadhg3/behavioral2

45.89.54.21:28692

# Reference: https://www.virustotal.com/gui/file/35ad6f7ca469732908cb3c2f4777589baa74b189b2efa3b891f53765fe52f881/detection

45.8.147.31:15100

# Reference: https://www.virustotal.com/gui/file/ddc9633752b8ca74d47c82eb68da0d6fae1173914e662498dc4080b7ac6de810/detection

crashedff.xyz

# Reference: https://www.virustotal.com/gui/file/5b9bd8f997b5b45ee2d8aaeed6982a300ec5d595ce1ef63aff8a55c0141effb9/detection

45.133.216.192:34323

# Reference: https://twitter.com/idclickthat/status/1581845367049502720
# Reference: https://tria.ge/221009-2newgaacfm/behavioral2

92.119.112.239:28769
desktoptrading.us
tradeview.guru
plik.root.gg

# Reference: https://twitter.com/Iamdeadlyz/status/1581909536515903491
# Reference: https://twitter.com/Iamdeadlyz/status/1581909542446645248
# Reference: https://bazaar.abuse.ch/sample/2485977c38ae2c0eb6bf21bf2170725924aa749e6c397f7230de7d6cf2d83287/

185.106.93.212:5616

# Reference: https://www.joesandbox.com/analysis/700916/0/html

78.153.144.6:2510

# Reference: https://www.virustotal.com/gui/file/05bb07f3dfae2584a5f6382f23ba58bbea9feeea01509c446a1c75e47a9dfa13/detection

103.89.90.61:34589

# Reference: https://www.virustotal.com/gui/file/00aaedb32f5f4131f1728a4dcb5e9f7611c870a62ef456e2d4e3f429245ffae1/detection

78.153.144.6:2510

# Reference: https://www.virustotal.com/gui/file/380e5bb83f85b2ac97e9a5c2cd2a26ed1f2d98259ded1a0235d6c35fcb3895da/detection

37.0.14.201:55123
redline54376876.duckdns.org

# Reference: https://twitter.com/idclickthat/status/1583092393665961985
# Reference: https://tria.ge/221020-qwls7sffan/behavioral2

95.216.170.17:29995
usa-zoom-download.com

# Reference: https://twitter.com/idclickthat/status/1583454847160168449
# Reference: https://tria.ge/221021-qwfl7adffk

188.34.179.139:10561
zoomvirtual.org

# Reference: https://tria.ge/221006-c9k7yagbe9

79.137.192.47:46759

# Reference: https://twitter.com/Iamdeadlyz/status/1583698219787165701

167.235.233.35:16621
xeonuswallet.com

# Reference: https://tria.ge/221022-twc3vaeccn

91.212.166.11:47242

# Reference: https://tria.ge/221022-s9bw9sebcr

79.137.192.57:48771

# Reference: https://www.virustotal.com/gui/file/204b35dec6e522a2844929f2fad137ca8754d65223cb6bd3cdeb1925721cda8f/detection

45.15.156.18:41996
darkverossa.ru

# Reference: https://www.virustotal.com/gui/file/05a984953329e9ec26db0e36bf760ab71c2d0cad54d4762bef2752f39e56be5b/detection

172.81.129.58:45951

# Reference: https://twitter.com/idclickthat/status/1584242486578647040
# Reference: https://tria.ge/221023-wc83aabef6

zoomusadesktop.com

# Reference: https://www.virustotal.com/gui/file/13c98b46764978f5261ed939fdc46c17f4fbc5eb382ab9ca795cb773c0e5bb55/detection

79.137.192.6:8362
79.137.196.121:1488

# Reference: https://www.virustotal.com/gui/file/013295409518e584961e409a8df5a0f99c11c074f3f69c1230663b517b32ef6f/detection

http://77.73.134.24

# Reference: https://twitter.com/JAMESWT_MHT/status/1584521744261738496
# Reference: https://tria.ge/221024-qb9pjaghbm/behavioral1
# Reference: https://www.virustotal.com/gui/file/05c7e34c57592db82d9a0deac75c35f1f5af145c1006d857fcdcdf4e7d45336b/detection

http://185.223.93.133
cghfdyj.b-cdn.net
heufheuwh.b-cdn.net
/eblaoooof/

# Reference: https://tria.ge/221024-qlx4gsggc8/behavioral1

193.106.191.160:8673

# Reference: https://tria.ge/221024-qc6n9sgfg6/behavioral3

79.137.192.7:39946

# Reference: https://twitter.com/l205306/status/1555571582050770944

buyailiv.xyz
free-software.info

# Reference: https://twitter.com/l205306/status/1553729611326181376

freesoftware-plus.com

# Reference: https://twitter.com/l205306/status/1553730397892390912

cracked-software.space
world-of-software.space

# Reference: https://twitter.com/l205306/status/1553728012205830145

free-software.site

# Reference: https://twitter.com/l205306/status/1532301764367482880

pablosofts.com

# Reference: https://twitter.com/l205306/status/1532744433120464897

softlib.pro

# Reference: https://twitter.com/l205306/status/1535915576421662720

dymap.com.ec
wondesoft.com

# Reference: https://twitter.com/l205306/status/1535919899029426176

109.107.185.58:32071
free-soft.site

# Reference: https://twitter.com/l205306/status/1535921460208074752

free-software20-22.com

# Reference: https://twitter.com/l205306/status/1535926294244130816

adobe-products.com

# Reference: https://twitter.com/l205306/status/1535926606249996290

adobecrack.xyz

# Reference: https://twitter.com/l205306/status/1536018262001340416

free4pc.pro

# Reference: https://twitter.com/l205306/status/1536018220205092865

softportal-free.com

# Reference: https://twitter.com/l205306/status/1532736726783135744

allplacesoftware.su
crack-soft.space
crack3d.org
cracked-software.space
cracknation.site
everythingf0rfree.com
free-software.site
free-software2022.com
freesoftware-plus.com
sky-soft.space
softpack.site
trisoft.site
whites0ftware.me
world-of-software.space

# Reference: https://twitter.com/l205306/status/1585250164922814464
# Reference: https://twitter.com/JAMESWT_MHT/status/1585263428935073793

77.73.134.2:24200

# Reference: https://www.virustotal.com/gui/file/97ef0121223f683536fc0a98f8d52208dfa00b17e0c24189d4bee4e3616fd783/detection

45.89.54.50:40363

# Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection

167.235.252.160:10642

# Reference: https://www.virustotal.com/gui/file/05ff054e92f76d5da78a553f4d511055754aae33ba9dac7e006043480cd0ddef/detection

195.2.79.103:29071

# Reference: https://twitter.com/pmelson/status/1588176099053252608
# Reference: https://www.virustotal.com/gui/file/f9247ad46bc3956636fb05ed396ca28a5a71b710aa84ca6cb397294bfa7f4c00/detection

212.192.246.163:1337
d.tocat.co
r.tocat.co

# Reference: https://twitter.com/idclickthat/status/1589610434361200640
# Reference: https://tria.ge/221107-qffl9abdaq/behavioral3
# Reference: https://tria.ge/221107-p85leabacm/behavioral1

31.41.244.232:21611
38.91.107.155:29461
anyanydesk.link
anydelsk.pro
anydeson.link

# Reference: https://twitter.com/1ZRR4H/status/1590514594497581058

65.21.213.208:3000

# Reference: https://www.virustotal.com/gui/file/0416483ff64f2b592acae6fbd5ee529b0e32deb6f6fd1503d82c3f69052967af/detection

167.235.71.14:20469

# Reference: https://www.virustotal.com/gui/file/0118358128946efef9fa03d752c2687347d4a43e5d387110058e9567c8668854/detection

193.106.191.153:23196

# Reference: https://www.virustotal.com/gui/file/01335cd36e389be29918c1a4303a65108df6b20c058a5f26fe2a3bf01e534980/detection

193.106.191.165:39482

# Reference: https://www.virustotal.com/gui/file/048ff2c2d619d58ace213fe63487b76681ce386c0f234a04f1db5b36e96bf323/detection

http://193.106.191.168
193.106.191.168:4244

# Reference: https://www.virustotal.com/gui/file/418c5fa990720936d23f83e5bd72b11d4bbf045b33e60efe09e28aa074eac424/detection

203.159.80.37:4972

# Reference: https://www.virustotal.com/gui/file/07f4da3d691a354c466f08c434286f36a84f10412d7093f320aa795cce221522/detection

3.121.85.109:62340
a0569254.xsph.ru

# Reference: https://www.virustotal.com/gui/file/d8cd60c7146744671ffa478a37dd652d393bfe3383f7ae978e3b8d332d8286f1/detection

193.106.191.18:37572

# Reference: https://www.virustotal.com/gui/file/23941746340e89fb699e4ecec106fbfd40186fc5b483bf72d82d5d5a2706863f/detection

193.106.191.19:47242

# Reference: https://www.virustotal.com/gui/file/05e8abefda6f72401ceaa8feb36810945132255217cc5bdb202e4bd42f648a53/detection

193.106.191.22:47242
194.110.203.100:32796

# Reference: https://www.virustotal.com/gui/file/e4d1f9f3cbbf244e29a73a9a6619723eb3f729e5ec6ee1e7c261ff6dbd90cdfb/detection

193.106.191.130:17322

# Reference: https://www.virustotal.com/gui/file/de7964f776b4a97b2260834e1c24886bbfd715700598414b09212b1782985aa6/detection

193.106.191.24:47242

# Reference: https://www.virustotal.com/gui/file/06c9681d0fcdc083535d3aaa823b0d5a483bb93f237fb7857cd8e72b20f4088c/detection

193.106.191.25:47242
194.110.203.100:32796

# Reference: https://www.virustotal.com/gui/file/0e35b03c599d10a01e930609444dc8fc9c814c69bfaefd8533380e38ae9da86c/detection

79.137.195.171:29444

# Reference: https://www.virustotal.com/gui/file/06c42463c6bdb4700965179d35edc4873d1d64c5e9f004a024c6ed026beb5a31/detection

193.106.191.67:44400

# Reference: https://www.virustotal.com/gui/file/060e0b42aa4b23385738abbaa9f8a99852e7609b7b9d36354e54f9b5edec9d68/detection

193.106.191.68:23196

# Reference: https://www.virustotal.com/gui/file/0064777bacf702622aee29bd3c8c4b3caa61ce8254808111c604399747c48493/detection

193.106.191.77:23196

# Reference: https://www.virustotal.com/gui/file/086e6b40b1a9b01de880ba71b43da260db7c43e1949a23053c4a2543b70fe75f/detection

http://193.106.191.78
185.215.113.201:21921
193.106.191.78:23196
193.150.103.38:40169
89.22.234.87:42519

# Reference: https://www.virustotal.com/gui/file/0190cb9e53fda3197b42b21537e8dcdef1342cc62401c32b8acc058c9f1778e6/detection

176.124.223.132:42925
176.9.148.163:50006
193.106.191.81:23196
193.11.166.194:27015
193.11.166.194:27020
193.11.166.194:27025
193.233.177.117:24856
194.36.177.84:19999
37.218.245.14:38224
45.145.95.6:27015
45.154.252.100:50001
45.154.252.104:50001
45.154.252.109:50002
45.154.252.116:50001
74.67.240.204:50002

# Reference: https://www.virustotal.com/gui/file/186d9a4a8a45ac3b0f589957092fc988431181d0a24612ee21c08e1e8268bc3a/detection

193.106.191.100:5112

# Reference: https://www.virustotal.com/gui/file/005f309a3c794ee68d0e9614d4e4ce15937f9995a1f78b7a1c9bbfb3c6d381ac/detection

193.106.191.106:26883

# Reference: https://www.virustotal.com/gui/file/d2432ae81241cd0041c23c81b7ddb874ac29b8cc77025a44b41c249a41f3a094/detection

89.22.228.150:14888

# Reference: https://twitter.com/idclickthat/status/1591891018739507200
# Reference: https://tria.ge/221113-y2c29ach29
# Reference: https://tria.ge/221113-y3jw7afh9y

62.204.41.243:81
77.73.134.54:19123
afterburner-download.org
afterburners-msi.com
afterburnsoft.store
b-cubedsoftware.net
softwareorlando.com

# Reference: https://www.virustotal.com/gui/ip-address/185.183.35.112/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.101.1.20/relations

adobe-aftereffects.net
adobe-aftereffects.org
afterburner-download.com
afterburner-gpuoverclocking.com
afterburner-gpuoverclocking.net
afterburner-gpuoverclocking.org
afterburner-msidevelopment.com
afterburner-msioverclocking.at
afterburner-msioverclocking.net
afterburner-msioverclocking.org
afterburner-overclock.com
afterburner-overclock.net
afterburner-overclock.org
afterburner-software.com
afterburnermsi-download.com
afterburnermsi-download.net
afterburnermsi-download.org
afterburnermsi-overclocking.com
afterburnermsi-overclocking.net
afterburnermsi-overclocking.org
afterburners-msi.net
afterburners-msi.org
cryptohopper-download.com
cryptohopper-download.net
cryptohopper-download.org
download-afterburner-msi.com
download-afterburner-msi.net
download-afterburner-msi.org
download-afterburner.com
download-afterburner.net
download-afterburner.org
download-afterburnermsi.com
download-afterburnermsi.net
download-cryptohopper.com
download-cryptohopper.net
download-cryptohopper.org
download-etoro.com
download-etoro.net
download-etoro.org
download-msi.com
download-msi.net
download-msi.org
download-tradingview.com
download-tradingview.net
download-tradingview.org
downloads-msi.com
downloads-msi.net
downloads-msi.org
intelijidea.com
intelijidea.net
intelijidea.org
jetbrainsidea.com
kombustor-msi.com
kombustor-msi.net
kombustor-msi.org
msiafterburner-download.com
msiafterburner-download.net
msiafterburner-download.org
msiafterburner-overclocking.com
msiafterburner-overclocking.net
msiafterburner.org
obs-software.net
obs-software.org
obs-sproject.com
obs-sproject.net
obs-sproject.org
obs-studio.org
obsstudio-download.com
obsstudio-download.net
obsstudio-download.org
online-firsthorizon.com
online-firsthorizon.net
online-firsthorizon.org
overclocking-afterburner.com
overclocking-afterburner.net
overclocking-afterburner.org
overclocking-msi.com
overclocking-msi.net
overclocking-msi.org
processlasso-download.com
processlasso-download.net
processlasso-download.org
puncakesoftware.com
quicken-download.net
quicken-download.org
santacapitals.com
santatrading.com
screamingfrog-download.com
screamingfrog-download.net
screamingfrog-download.org
security-eye-download.com
security-eye-software.org
software-afterburner.com
software-afterburner.net
software-afterburner.org
software-google.com
software-msi.com
software-msi.net
software-msi.org
software-obs.com
software-obs.net
software-obs.org
tatum-nft.com

# Reference: https://www.virustotal.com/gui/file/4fc009e56e836126beb36e44b4767591552e0b845189c1e95f393cdbe3b7a04f/detection

45.143.136.208:8080
45.8.145.101:28024
83.138.53.189:18223
88.218.171.68:37325

# Reference: https://www.virustotal.com/gui/file/001d19fcbdf0dafe20cffcc2e10a1bf3d25c1386a280a83d7182c61a03f90753/detection

litrazalilibe.xyz

# Reference: https://www.virustotal.com/gui/file/c04a55d0755bbbf7c03c99fa78b44645d8b276f82391176d6f009d67100bfade/detection

31.41.244.87:5775

# Reference: https://twitter.com/crep1x/status/1592270226997055488
# Reference: https://www.virustotal.com/gui/ip-address/91.229.90.149/relations

alls0ft.cloud
allsoft.cloud
allsofts.org
allsoftware.link
allsoftware.space
bosoft.org
crackedsoft.cloud
cracknation.cloud
cracksoftware.space
keysoft.space
onesoftware.site
resoft.app
softhouse.cloud
supp0ort.gq
windosoft.cloud

# Reference: https://www.virustotal.com/gui/file/2b3511cb156b98e1f38bcacd34f9bb55c802b4c86ae7bfd2d9b3dd7c349501eb/detection

89.22.226.2:10220

# Reference: https://www.virustotal.com/gui/file/0603b28d42d6a6e0ae8227bb5dd895323f632badf836a55e2e22fdfa95535a4c/detection

193.106.191.226:34189

# Reference: https://www.virustotal.com/gui/file/48c0ce42bba171ec573178ed01624a80920903bf248c12aa50daa142473d5167/detection

http://95.179.163.157
klaytjapan.com

# Reference: https://www.virustotal.com/gui/file/9952c202a0aeda20a66415260dd62d7379eb55a9460544a2388892df88bff05d/detection

santaanarealtor.icu

# Reference: https://twitter.com/idclickthat/status/1593622508032479238
# Reference: https://tria.ge/221118-sb92eade6y/behavioral3

45.15.156.111:1300
zoom-online.org

# Reference: https://www.virustotal.com/gui/file/c4b64ee801f4f189c9298086df861e4f49e4788c3b7c5d4bf236cd4f865a7152/detection
# Reference: https://www.virustotal.com/gui/file/24955e972bb26948223d38dea9ab2c5db29836ea86f32dfe575ecd9922969a04/detection
# Reference: https://www.virustotal.com/gui/file/2695a745a104d5f23932c74364dd71120c6afc74b7fdb3e30d85295fa2a985ee/detection

104.27.179.105:2086
104.28.30.51:2086
104.28.31.51:2086
172.64.88.190:2086
172.67.131.55:2086
172.67.162.197:2086
198.54.117.197:2086
198.54.117.198:2086
198.54.117.199:2086
198.54.117.200:2086
45.67.231.203:2086
88.212.232.188:2086
92.53.96.223:2086
anvouch.xyz
hackedby.cf
hackedby.ga

# Reference: https://www.virustotal.com/gui/file/05070a4defa73499b973edd34483c0a9daf1d9ceac9a880bc9d4ee47210ac573/detection

104.31.93.207:2086
minebrow.net

# Reference: https://www.virustotal.com/gui/file/29160159bbb9db6fe1418377df8e2694c77ad77c6b690a34b48dd51a2857ae5f/detection

138.124.180.253:88
gulagili.ru
6263pi.gulagili.ru
6djhmm.gulagili.ru
6klwrz.gulagili.ru
7259ba.gulagili.ru
c.gulagili.ru
d.gulagili.ru
h0.gulagili.ru
j0.gulagili.ru
mcp.gulagili.ru
o43.gulagili.ru
pwp.gulagili.ru
ts1g.gulagili.ru
un0p.gulagili.ru
v9m7.gulagili.ru
wbpw.gulagili.ru
ygmvz.gulagili.ru
zd2f2.gulagili.ru

# Reference: https://www.virustotal.com/gui/file/c7ebc4931f6d5fbd9cdd1d636b8204e475c8751fc76bb511466c053c1e059635/detection

usyd.subdomnet.ru

# Reference: https://www.virustotal.com/gui/file/7a2f08544fd534c4c420124280369f46e3598fb7c709d0babb4186c2fd7dbb81/detection

2qtra.allmyservices.ru

# Reference: https://www.virustotal.com/gui/file/3d2ba915b96c4c965f1e765e391f830a2f0be2d91899cee0d958e9895a9202d3/detection

mg4.subdomnet.ru

# Reference: https://www.virustotal.com/gui/file/ad559c2028b25b50ca82fda8c3453436cdc5c36dc2d92710b6acbc237aba7069/detection

http://45.142.213.8
45.142.213.8:35253

# Reference: https://www.virustotal.com/gui/file/a93921ef8ce4fe1c0daa26ae324c2d7b7db108e9973525d91fd3a4f27de12902/detection

45.67.229.198:35253

# Reference: https://www.virustotal.com/gui/file/7dd4753eaac5b29c1d6190256db0981b802d69ec43e0a7073e9eb8160fd32916/detection

45.67.229.198:35253

# Reference: https://www.virustotal.com/gui/file/15029a9e1a69037bd029ffda17e8985f8fcd3c19358f04c6841798fde13b10e7/detection

94.23.190.57:25565
f0655589.xsph.ru

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

13.127.184.178:60732
203.156.136.113:60732
overthinker1877.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0316d605b2ccabe49332e96e1ebf84bb2bcf48ecdaad4e2c1f289d42b32622c9/detection

37.220.87.2:29444
hdtekniksby.com

# Reference: https://www.virustotal.com/gui/file/fc45095af85b3699290055b3bf12cdeba82dbb6c70187351df253a735695f4bf/detection

37.220.87.2:27924

# Reference: https://www.virustotal.com/gui/file/d9c7f4d3b3845db2153009f86f6bc09a11620eb8b2f7184ad51e3ce084d644c1/detection

62.204.41.141:24758
tininshassama.xyz

# Reference: https://www.virustotal.com/gui/file/0d018bef7dc5e274d5589cd9af8e49419cbf52bdfb9cd7d19e480c63263f9dd6/detection

185.112.83.96:20000

# Reference: https://www.virustotal.com/gui/file/0355249a3d8e8589ba300ae58bf7217bd688d60084256d5c2e5f46e18bd5d3a2/detection

49.12.69.202:40517

# Reference: https://twitter.com/AuCyble/status/1597251121118339073

express-vpns.biz
express-vpns.cloud
express-vpns.fun
express-vpns.online
express-vpns.pro
express-vpns.xyz

# Reference: https://twitter.com/idclickthat/status/1597390794419482627
# Reference: https://twitter.com/JAMESWT_MHT/status/1597557914255835137
# Reference: https://www.joesandbox.com/analysis/1123252#iocs

212.192.31.207:3346
adobe.page.link
getadobedownload.com
gqscblsnwyqqzjbexxy5ks9zp.iyx7z7yniqeqjyp0n

# Reference: https://twitter.com/idclickthat/status/1597614503726047233
# Reference: https://www.virustotal.com/gui/file/0e6f2d58c9c816acc484d8f68e7b9c5e5a650ea92116bd07298e39ee00e5b57e/detection

168.119.237.16:26425
radeon-drivers.com
radeon-drivers.net
radeon-drivers.org
radeon-support.com
radeon-support.net
radeon-support.org
radeons-support.com
radeons-support.net
radeons-support.org

# Reference: https://www.virustotal.com/gui/file/f1762ffff906266063b828d10e377f623def543da51cec47fadd78e52d44af62/detection

185.246.220.213:16729
redxfeli.zapto.org

# Reference: https://twitter.com/l205306/status/1600402043512193028

astoprograms.com
cloudsoft.club
colos-software.com
financetips.pw
icreativecloud.com
selfwar3.net
softfreepc.com
softhubfree.com
trustsoftgames.com

# Reference: https://www.virustotal.com/gui/file/d1cdab058056e0e4cbf2a08851d493d9f46d1d36e65f7b284d2ecc3558e80660/detection

51.89.201.21:7161

# Reference: https://twitter.com/tosscoinwitcher/status/1600982544379363328
# Reference: https://www.joesandbox.com/analysis/1131072#iocs

instantrelation.com

# Reference: https://twitter.com/l205306/status/1601439572835315713

byxdeoner.com
soft-download.online

# Reference: https://www.virustotal.com/gui/file/5e059a9404f31d0caad65b0503846dea856de10e7b22756e37b814d5ec72754d/detection

a0751007.xsph.ru

# Reference: https://twitter.com/l205306/status/1601846791372410886

anygames.online
evilsoftware.org
icreativecloudpro.com
playsguru.com

# Reference: https://twitter.com/l205306/status/1601938100191924225

softpedia.market
softportal.online
softsworks.ga
vipsoftware.pro
whitegames.wepudas.guru

# Reference: https://twitter.com/idclickthat/status/1602351575938355202
# Reference: https://www.virustotal.com/gui/ip-address/37.1.212.21/relations
# Reference: https://www.virustotal.com/gui/file/45c5aadc5463350ebf6ba2b0c8799e77276444678182fba877a979477f9f7bfb/detection

185.215.113.46:8223
exodus-server.life
grammarly-win.life
msi-afterberner.live
msi-afterburener.site
msi-afterburener.website
myglobalwebnews.com
win11-serv.digital
win11-serv.info
win11-serv.live
win11-sv.info
win11server.live
wind11-info.life
windows-11mon.life
windows-down.com
windows-serv4.com
windows-11real.life
windows-11rec.life
windows11-serv.com
windows11-serv.digital
windows11-serv.shop
windows11-server.com
windows11-srv.com
winsert-info.live

# Reference: https://twitter.com/idclickthat/status/1602355251218087936

nvidiaafterburner.com

# Reference: https://twitter.com/idclickthat/status/1602367494433509378
# Reference: https://www.virustotal.com/gui/ip-address/85.192.63.224/relations
# Reference: https://tria.ge/221212-wqcagacb72

89.185.85.137:32779
bnp-online-paribas.info
bnp-online.info
bnp-paribas-online.info
bnpparibas-online.club
bnpparibas-website.info
milenium-online.info
millenium-online.info
nomad-casino.top
pdf-redactor.life
zoom-home.info
zoom-website.info

# Reference: https://twitter.com/l205306/status/1602330569878417408

crackspace.org
urbansoftlab.org
soft-pc.org
sofrport2022.su
ytsoftware.info

# Reference: https://blog.cyble.com/2022/12/13/venom-rat-expands-its-operations-by-adding-a-stealer-module/
# Reference: https://www.virustotal.com/gui/file/87ed8187643b180efb068db7309448828e34ba66409ca68e314cf6b53f33401e/detection

79.137.207.151:4449

# Reference: https://blog.cyble.com/2022/12/13/venom-rat-expands-its-operations-by-adding-a-stealer-module/
# Reference: https://www.virustotal.com/gui/file/f988dcade061ebe1e2aaefde01786dde73160492a773b53110089d97acabf8c9/detection

135.125.27.235:22883

# Reference: https://blog.cyble.com/2022/12/13/venom-rat-expands-its-operations-by-adding-a-stealer-module/
# Reference: https://www.virustotal.com/gui/file/2b27061d029faa995a787e395345c1be65a8864bfb50cbc033672ba71f8f1e12/detection

owar5ebl.4xjw2skbv4hvtrpy9u9w

# Reference: https://blog.cyble.com/2022/12/13/venom-rat-expands-its-operations-by-adding-a-stealer-module/
# Reference: https://www.virustotal.com/gui/file/5786cd75c8fc654348208ab679df50edff5494376238c9c17177da0536466ef9/detection
# Reference: https://www.virustotal.com/gui/file/e0d95df680a655ef69e874babf4e075597d612f0476a4742e6f97a1e57b05233/detection
# Reference: https://www.virustotal.com/gui/file/d90a10f61c344d5770f6360129db890eb41c53d296998de17b25d952ad704afd/detection

77.73.133.38:4449

# Reference: https://blog.cyble.com/2022/12/13/venom-rat-expands-its-operations-by-adding-a-stealer-module/
# Reference: https://www.virustotal.com/gui/file/1baa58e7594184fc52d2d0442973935931ee353af068924717e24c22b963d8f3/detection
# Reference: https://www.virustotal.com/gui/file/9543e4c5dbf164377c97bca3472be97875a4a9e4c4ef3d9c3607e18f31faf401/detection

91.134.187.16:4449

# Reference: https://blog.cyble.com/2022/12/13/venom-rat-expands-its-operations-by-adding-a-stealer-module/
# Reference: https://www.virustotal.com/gui/file/1cca1529cf29ea8c716a674a77af9e2f021ea43228a3b42db0e617ab64c8d226/detection

85.208.136.140:4449

# Reference: https://blog.cyble.com/2022/12/13/venom-rat-expands-its-operations-by-adding-a-stealer-module/
# Reference: https://www.virustotal.com/gui/file/46000c1895c7cdb889d3e155be38600fc1aa4ea4f3f743033fbca49c0b3f1003/detection

190.2.147.39:4449

# Reference: https://twitter.com/idclickthat/status/1603240615206076416

rapid-reprogramming.com

# Reference: https://www.virustotal.com/gui/file/21bacedb5ab9b318e8e9c6712e575edaebc795b73aa7f4f2d0e8b9f6da5a738f/detection

194.180.48.43:34991

# Reference: https://www.virustotal.com/gui/file/62392d9e1ba5030954ff32b7ec25adb8e6b15c741742fd02687c92f512c5edc5/detection
# Reference: https://www.virustotal.com/gui/file/a41986ef7951582f5bd3f0799d5151185f555536fe67fa3212748e4e37a1250d/detection

94.140.115.159:81

# Reference: https://www.virustotal.com/gui/ip-address/94.140.115.209/relations
# Reference: https://www.virustotal.com/gui/file/a56d90f6093d434065157bc3a2de48bcc3cc7dca827d64c3194bf095f4be8a60/detection

eniancam.xyz
riraite.xyz

# Reference: https://www.virustotal.com/gui/ip-address/195.93.173.94/relations
# Reference: https://www.virustotal.com/gui/file/2c73e60bf0458c05d1c4262574a739585890dd6876d91e19c647413d22d7c2f8/detection

ghoazat.xyz
havem.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1603732526270398464
# Reference: https://www.virustotal.com/gui/file/3c3e7bfc845499eef9596e7775c02f19aa6456514d440895f8ff4993d50802ac/detection

218.95.37.219:47984

# Reference: https://twitter.com/l205306/status/1604062881724895233

blacksoftw.com
side-soft.com
softgamestrust.space
wh1tesoft.net

# Reference: https://www.virustotal.com/gui/file/7260966d2c686f00653db013c8236f9846c8a153203fa331bda98de97acc1068/detection
# Reference: https://www.virustotal.com/gui/file/3197aa8111601f48ca769f5364b0b83369b1bf0cd584693ab718e3b748051923/detection

185.106.92.214:27015
31.41.244.198:4083

# Reference: https://www.virustotal.com/gui/file/f09f44a39d6460512cc5e9663d7c6ee54ac9f9eb24dfab50c1652d9dd543739a/detection

89.23.96.2:7253

# Reference: https://www.virustotal.com/gui/file/02074294a16b02d4deb61f85f16c2ef3847f47cf5c53c5c15c011a854486f1ef/detection

163.123.142.141:81
176.113.115.146:9582
79.137.192.41:21511
amikshenale.xyz
denestyenol.xyz
vingerdatol.xyz
yarbiegishola.xyz

# Reference: https://twitter.com/jstrosch/status/1606041946715062272

http://82.146.48.243

# Reference: https://www.virustotal.com/gui/file/011a5b2b4575546c2c2f89d70a4525de916667407f2a0ae895b9795ab8b66839/detection
# Reference: https://www.virustotal.com/gui/file/01ee39dcccaa4c07c5f561e68557c3bf316809c82f156a99d03a5ed55e510e96/detection

37.139.129.113:3333
clientbased.xyz
wowouch.net
connect2me.ddns.net
filez4.ddns.net
filez4.hopto.org

# Reference: https://twitter.com/atomiczsec/status/1606416874970939394
# Reference: https://tria.ge/221223-2bfx1ahc27/behavioral1

baaffanyela.xyz

# Reference: https://www.virustotal.com/gui/file/02bbf035118763cfa7297a8b81bc54eb288cc578f5c71d055795b15885bb1e07/detection

frigals.xyz
leatherbond.top

# Reference: https://twitter.com/InQuest/status/1606630562776719361
# Reference: https://twitter.com/Gi7w0rm/status/1606642835050176513
# Reference: https://tria.ge/221224-p2npbadc3v

45.138.27.123:31889

# Reference: https://twitter.com/l205306/status/1606691021643206658

goldsoftware.pro
icreativeking.com
rcc-software.com
tensoft.best
tensoft.biz
tensoft.in
thebestwesoft.com
urbansoftwarelab.org

# Reference: https://twitter.com/r3dbU7z/status/1607533474205913088
# Reference: https://www.virustotal.com/gui/file/beb54925d6e9de38936daaa4ba571784ecf71101fdafe609e98cba26406da480/detection

http://158.69.114.17
158.69.114.17:47305

# Reference: https://twitter.com/idclickthat/status/1607575607793094659
# Reference: https://tria.ge/221227-dd779shc9z

178.159.39.35:16030
adobecloud.online
creative-cloud.fun

# Reference: https://twitter.com/JAMESWT_MHT/status/1607702343570624512
# Reference: https://app.any.run/tasks/3d2d31a1-16ca-4188-bc4a-6b3586421fd7/

81.19.141.97:6257
jovial-beaver.87-106-124-253.plesk.page

# Reference: https://twitter.com/l205306/status/1607773541277265920

crown-phone.com
evilsoftware.in
getmoresofts.com
neonbats.site
shoflosoftware.com
tensoft.online
wesoftware.net
extrasoft.crown-phone.com

# Reference: https://twitter.com/Malwar3Ninja/status/1608331482241863682
# Reference: https://tria.ge/221229-fq2blafd8z

185.215.113.69:15544
adobereverse.com

# Reference: https://www.virustotal.com/gui/file/cd649946c10944269e28a3ca38de31ff24598fe5177509d41fa5130dfcfd4da4/detection

45.89.255.250:50505
45.89.255.250:8080

# Generic

/IRemotePanel
/NewtonsoftJsonDateParseHandling20201
/NewtonsoftJsonSerializationSerializationCallback68342
/NewtonsoftJsonUtilitiesParserTimeZone85663
/PrivateImplementationDetailsSystemDatanetmoduleStaticArrayInitTypeSize3677
/SystemCodeDomCompilerCompilerErrors
/SystemCodeDomCompilerCodeParser10831
/SystemDataCommonUnsafeNativeMethods82805
/SystemComponentModelLocalizableAttributer
/SystemNetFtpWebRequestRequestStage38750
/SystemServiceModelChannelsApplicationContainerSettings9021
/SystemServiceModelChannelsPeerDoNothingSecurityProtocolFactory70772
/SystemServiceModelComIntegrationMonikerBuilder56960
/aBJXGuRWOOChT
/AwFPxyYrZDZZ
/bBAFKbdpDn
/bfiVAuLpfWqFk
/BGPafgTxUo
/BLqbUofdaQ
/bOWOalKGRnZO
/clPbZdgzZHNSt
/datPLwhdNbHfyf
/DNTRuwkUqoU
/DzkDWttwvoKbbU
/eCWRTDeWaY
/eiHJVeZlZel
/enhxvoOXjm
/eslgJjBiaFSNie
/EZPJPntjaS
/EzudSRBBoyErr
/fjGCWmatSetaRk
/fmEsTfSlOS
/fpBPPYvLzGZg
/FSeSOsewQarRTk
/fVdDrjDBVqOTl
/FzTzVrETDAia
/GHIpuVQdtOjs
/gUqsvtGNvbl
/GSTdsemDLfnLCY
/GVAzNZIWJb
/gVRyWoARuqUFQx
/gwrbuDQXVZ
/hohOqRFfjGTYKT
/hZLaJtFVgqkK
/iifnWYFiwLVOv
/IsTrhNVvNvzbg
/jbBdzcgnxNedWq
/JBiYmOBvruue
/JHNWmfCudW
/JikYAqBrCza
/HhHKSplglZv
/kcSFSDJucG
/kCuZEqRvDTx
/KEwkPdfCYc
/KszXJVpeOaaY
/lIaAPypbOQh
/LJKqqYAKjeYev
/mQTZdKLkCHu
/NewtonsoftJsonSerializationNamingStrategyu
/NewtonsoftJsonUtilitiesThreadSafeStoreJ
/nfKStcgBiB
/nJhdCfcerUrYW
/NnmOVfiRPRYUVO
/nrjUuvwsqu
/NylanLKUyBi
/OHerqvVJkjjot
/OmJhllkytEX
/oXNrGlbrzdosnE
/PuIHhXAOUC
/qgfdoLbtlFQUSL
/QyxObytOCfc
/rRLBdSgitz
/RKzBKDTXdTsw
/SiPZeKLkObaa
/SSiFruVhJW
/sUrocprvLWhsf
/SwktNtqpEKK
/SystemCodeDomCodeDirectionExpressionF
/SystemCodeDomCodeRegionDirectiveH
/SystemDataOleDbOleDbTransactionWrappedTransactionz
/SystemNetAutoWebProxyScriptEngineAutoDetectorH
/SystemNetBufferAsyncResultv
/SystemNetNetworkInformationMibIcmpInfot
/SystemNetWebExceptionStatus22274
/SystemRuntimeInteropServicesComTypesFORMATETC56125
/SystemSecurityCryptographyCAPIBasePROVENUMALGSEXr
/SystemSecurityCryptographyCAPIBaseCERTPOLICIESINFOB
/SystemServiceModelSecurityWSSecurityXXX22902
/SystemUriTemplateTableFastPathInfo24807
/tsjqTRFZqPJn
/TTYeJZsWYoNm
/UHFoSlidyYFoX
/upjzQJjqpU
/UTAeubRxbj
/UVKuWpQAwjuRp
/vbhoCRCLHjTJdC
/VyiDlXEoff
/wEjHKwmDQOSc
/wnTaBpnHzWwvi
/wulgBGSVwHvFD
/XKZwsujmGgrL
/xspZxirSlNuWL
/YatJcrUyyU
/YNXdQGPwfTZ
/YvGqvGmCji
/YXvnDxrXscmv
/zjLDVpxTeL
/ZPAypYNCtN
/ZRVdzdkoBGtcY
/ZTuYirtfLBuyu
/ZxETnyofta
/zZmDkRbdCVdkSA
/Gn4zLVJFa3.php
