# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: vidar stealer, mars stealer, lumma, stealerc, fdjskfdsjibdbot, snegmeetbot, sneprivate24, legionloader, ta582

# Reference: https://twitter.com/malware_traffic/status/1112776731331620865

hospitaleco.com

# Reference: https://twitter.com/malware_traffic/status/1103717653590482944

gettorrent.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1101164760647847936

capitalinvest.ac.ug

# Reference: https://twitter.com/malware_traffic/status/1083771485997670400

tepingost.ug

# Reference: https://twitter.com/K_N1kolenko/status/1116263090562183168
# Reference: https://pastebin.com/jFhkBu32

bokolavrstos.com
newagenias.com
binacoirel.com
malansio.com
jamaliensor.com
kolobkoproms.ug
bastionprofi.ug
tepingost.ug
startolete-vn.ug
bestchope.ug
fashionhub.ug
mytradecrypto.ug
applezone.ug
travelups.co.ug
travelforyou.ac.ug
einvestment.ac.ug
newphone.ac.ug
newstoday.ug
globalcoin.ac.ug
yourseo.ac.ug
cryptoshop.ac.ug
capitalinvest.ac.ug
onlineinvestment.ac.ug
allcashbacks.ac.ug
getpayment.ac.ug
gettorrent.ac.ug
proshop.ac.ug
yandex.ac.ug
yandex.ug
google.ac.ug
search.ac.ug
hospitaleco.com
oldspicebest.com
refenansoro.com

# Reference: https://twitter.com/x42x5a/status/1121094286613852162

santaluisa.top

# Reference: https://twitter.com/VK_Intel/status/1125549719885893633

golenirose.com

# Reference: https://app.any.run/tasks/6faf55b6-9675-4c23-acf6-e165e1938e43/
# Reference: https://twitter.com/raby_mr/status/1136498987890925569

crypto-widget.live
penthausebrones.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1166604400489639936

eroomia.com

# Reference: https://twitter.com/malware_traffic/status/1169727825823354880

xhth516682.com

# Reference: https://twitter.com/ActorExpose/status/1176782301222658048
# Reference: https://app.any.run/tasks/6d880837-3ba9-439c-b67b-ee6d2837b645/

aaenyhostel.org

# Reference: https://github.com/silence-is-best/c2db#vidar-stealer

weimachel.net

# Reference: https://twitter.com/0xFrost/status/1182973846208598017
# Reference: https://app.any.run/tasks/d498ebc5-51cd-446f-9d98-7e43628b56b5/

garbage-barabage.top

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

klegrandlichgrum.com

# Reference: https://twitter.com/James_inthe_box/status/1191695072032460800

qubert.org

# Reference: https://pastebin.com/xwT2gAgE

acrelop.com
martinlloyd.net
pineloseesrae.com
qubert.org

# Reference: https://app.any.run/tasks/42a9a425-d8f8-4504-8bbf-63c0c10c4bda/

gebrauchlichtal.com

# Reference: https://twitter.com/Paladin3161/status/1162320397368381441

villadubois.org

# Reference: https://twitter.com/P3pperP0tts/status/1178820466917675008

lanokhasd.com

# Reference: https://twitter.com/P3pperP0tts/status/1196440836852125698

steerdemens.com

# Reference: https://twitter.com/P3pperP0tts/status/1197178756068257795
# Reference: https://www.virustotal.com/gui/ip-address/209.141.33.126/relations

http://209.141.33.126
steerdemens.com
starlikespace.org
longvoyages.com
xd.botnet.services

# Reference: https://twitter.com/P3pperP0tts/status/1198935640664133644

crarepo.com

# Reference: https://twitter.com/P3pperP0tts/status/1198984250420269057
# Reference: https://app.any.run/tasks/60002c6f-65b1-4597-a011-1b2de844e56f/
# Reference: https://app.any.run/tasks/16784961-e95f-403d-8726-ad04d37c7b8a/
# Reference: https://www.virustotal.com/gui/file/1223da902b1525073ad6a4a71214b1c1b062fa61ce23138dcea4e7c7bfe9b8ab/detection

agent1.icu
agent2.icu
amdsetup4.icu
amdsetup5.icu
juhubeachn.com
legion17.icu
toplegions1.icu
updateinfo3.top
updateinfo4.top

# Reference: https://pastebin.com/iDrBJG8j

fastupdate1.top
fastupdate2.top
fastupdate3.top
fastupdate4.top
foxupdate1.me
foxupdate2.me
homeporno228.com
legion17.com
thepleasurelive.com

# Reference: https://pastebin.com/x2qLz9FJ

voyagephoshop.org

# Reference: https://twitter.com/ViriBack/status/1202413165482409984

http://195.133.1.170
ahmatokomaro.pw
bestdead.pw
petordementyev.pw

# Reference: https://pastebin.com/HBSmJ4wb

789456123.monster
legion17.net
lowupdate3.top
lowupdate4.top
softupdate1.me
softupdate2.me
xylolle.com
ybookfli.net

# Reference: https://app.any.run/tasks/45b54b0e-6de2-4975-b640-779026655f7c/

grelkafestivales.com

# Reference: https://twitter.com/MBThreatIntel/status/1225917125493018624

naumokukea.com
porosnter55.xyz

# Reference: https://www.virustotal.com/gui/file/48c34dd8345ab24ac203e3efc7f46643c4817a42b12fcd7c8a62211b4f4fc02d/detection

gyeonggidoo.com

# Reference: https://twitter.com/P3pperP0tts/status/1228775071260594176

greenlandsurround.com

# Reference: https://app.any.run/tasks/2e1aa0da-69b6-4f5f-847b-243cfaaabd4a/

gewe.tech

# Reference: https://www.virustotal.com/gui/file/2ca7597f7b6a1227c6bace9b1441f2b439935f02a35ffa2a2562f5ccc6cff8e4/detection

maineacadia.com

# Reference: https://www.virustotal.com/gui/domain/paparazzis.pw/relations

paparazzis.pw

# Reference: https://twitter.com/malwrhunterteam/status/1242355604477423617

whoer-vpn.net

# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

verifiedomg.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1246056096055406592
# Reference: https://app.any.run/tasks/d75d4f69-8381-46c7-9f0e-ce5ba2eb1ac1/

etips.fun

# Reference: https://app.any.run/tasks/fe00595d-b20e-4f2e-9c47-9f1cb79a63b3/

wrangellse.com

# Reference: https://twitter.com/James_inthe_box/status/1248964446505947136
# Reference: https://app.any.run/tasks/4cc95d8b-f2c7-457d-97d2-991d0115c1b4/

yrhealth.life

# Reference: https://app.any.run/tasks/d8a2ef38-b0a0-4619-ab21-918d7e6eefcf/
# Reference: https://www.virustotal.com/gui/domain/mastercard.ru.com/relations

mastercard.ru.com

# Reference: https://twitter.com/petrovic082/status/1257619785707393034
# Reference: https://app.any.run/tasks/a3380ace-5f86-4240-a986-f244231c05cc/

archessee.com

# Reference: https://app.any.run/tasks/93596f59-77f9-4b55-af25-3939594ed913/

repitoperano.pw

# Reference: https://www.virustotal.com/gui/domain/waterpocketfold.com/relations
# Reference: https://app.any.run/tasks/b7d1ca5f-e49f-4d50-b4b0-690e6b8b7783/

waterpocketfold.com

# Reference: https://app.any.run/tasks/d6a32934-daf9-4b83-9a2a-9f5a5feb4b64/

barddistocor.com

# Reference: https://app.any.run/tasks/32e30b47-f656-4505-af07-7e3f7c0c3b93/

http://213.226.114.54

# Reference: https://twitter.com/malwrhunterteam/status/1264259160918671363
# Reference: https://www.virustotal.com/gui/domain/sumliomicna.com/relations

sumliomicna.com

# Reference: https://www.virustotal.com/gui/file/ffc9319863cf7efe7575c36357ecd7102f99c99758ed94e97d31d78c7e1966a3/detection

headborro.com

# Reference: https://twitter.com/vigilantbeluga/status/1257891038582067200
# Reference: https://www.virustotal.com/gui/domain/chumashpeople.com/relations

chumashpeople.com

# Reference: https://www.virustotal.com/gui/file/13f8e88a6f37b999c12513887752d7a03637e32106ef4109e11a9a8f260ccfab/detection

piedmontteem.com

# Reference: https://www.virustotal.com/gui/file/aecddb3a9656759f5681708172573f435c3db0539d6a7a0230ec93b4e3f131a1/detection
# Reference: https://www.virustotal.com/gui/file/e0830aec7a5737f0558860a3ff192c6270bf57b2bc1c01ad514c012f7d039bae/detection
# Reference: https://www.virustotal.com/gui/file/87dac3be0edd3b599b3d50eec0edbe751e6d2951b22182a85b017acf26d485f7/detection

backgrounds.pk
jamshed.pk
karimgousa.ug
karimgouss.ug
levitt.ug
levitts.ug
marcakass.ug
tribunal.ug
zaragoza.co.ug

# Reference: https://www.virustotal.com/gui/file/f1d7ea9dcf7abe22f07f3d14fb21636e47bb0def2f766632a547d20f7d258aa5/detection

http://37.252.5.111

# Reference: https://www.virustotal.com/gui/file/f2a0fdf6caf5be2b84dcc0efb0c59082fa67350d49a1f2951b451df6f1d2bb21/detection

tomasisa.ug

# Reference: https://www.virustotal.com/gui/file/51b82ddc8786bdd8a0805baebaa243df7910711d422aad9f5fa867f46c7fcc71/detection
# Reference: https://www.virustotal.com/gui/file/cd8751bd47174dbae36c414383ca789d6d23062d528a34eaa81924cb3c0bfaf5/detection
# Reference: https://www.virustotal.com/gui/file/30ff25b4a60bd0e1f46e544dc44138aa3cf59ef87a84f1eafae990c61f1e5266/detection
# Reference: https://www.virustotal.com/gui/file/1969bcde226f3b3bcfb67912b5ff6efd8038383dc2655980a6f51730e8361d09/detection
# Reference: https://www.virustotal.com/gui/file/c81ae80ffb2e2a3af8c2b5ae405f848ed094e3f4112a501c4bb773d5f494239d/detection

lkjhgfdsa4.ru
zver.tech

# Reference: https://www.virustotal.com/gui/file/5282290d0d6e2b1add3d298052c4f607afa58e12559ddcf99da3a242d8329cf8/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/bc275cd76478e4d3387740dd955d9b9b5b36f064656ecb1e1cea9b8649eec57d/detection

smarteyecare.in

# Reference: https://www.virustotal.com/gui/file/eb496b85f98f8b3f2b4f4150295b490c04b6b710818b9ebf592272b5dd3005c0/detection

precambrianera.com

# Reference: https://app.any.run/tasks/4b8bd5e5-b60d-45ee-9fa1-e631e591987b/

likeanimals.net

# Reference: https://www.virustotal.com/gui/file/50d214d5c28d4fe7980d89449aed8714b12285ec9f7e21e3bf21c66d3f2797d0/detection

nextgentoolkit.com

# Reference: https://www.virustotal.com/gui/ip-address/217.8.117.77/relations
# Reference: https://app.any.run/tasks/3b0bd018-731d-493c-a4d3-9a58a97e03ff/
# Reference: https://www.virustotal.com/gui/file/aba9f9d6904d1474f7a0693e80d182eff9cb8a1c185f0090876cf8eb83914cbb/detection
# Reference: https://www.virustotal.com/gui/file/c08958f222a52901aade88ebe2c3636a8bca3bf9fb6874ffbae93261ebfec86f/detection

agentt.ac.ug
agenttt.ac.ug
andreas.ac.ug
andres.ac.ug
courtneyhones.ac.ug
courtneyjjones.ac.ug
courtneyjones.ac.ug
courtneysdv.ac.ug
ferreira.ac.ug
ferreiranadii.ac.ug
foundsomebo.ac.ug
iloveyoubabu.ac.ug
iloveyoubaby.ac.ug
jamesrlongacre.ac.ug
jonescourtney.ac.ug
letitburnsf.ac.ug
malarcvgs.ac.ug
morasergio.ac.ug
morasergiov.ac.ug
nadia.ac.ug

# Reference: https://twitter.com/JAMESWT_MHT/status/1328290554912903169
# Reference: https://app.any.run/tasks/34c3a80a-83a1-476e-80ce-2ce62e40e0b7/
# Reference: https://www.virustotal.com/gui/file/0ea95746928602fad4896c1085ee0125dbeb29145dea813ad3444f648c9db2c8/detection
# Reference: https://www.virustotal.com/gui/file/95268ee22cb09ca871b56ede8eca4a1655490ef02ad14bbd2c02b60eea19481c/detection
# Reference: https://www.virustotal.com/gui/file/9dd08cf2672502db217f9772affb88657f8559d8f4d946af25c4b22428ea336a/detection
# Reference: https://www.virustotal.com/gui/file/a6dbfda2fe88b1f7e1184f3ab5fd3e206aece25707fb55d25b1fda513bf93007/detection

buydating.co.ug
gomisacar.com
rineialav.com
swiloodex.com

# Reference: https://www.virustotal.com/gui/file/9a5e8b3e5929b50b2ac4c44587fb01153ad9377681c3ca5c2dfee11830a2caec/detection

sbershit.com

# Reference: https://www.virustotal.com/gui/file/76ce130d2447f71bea8ed902959fd7e0aeac86b55f9e44a327c1f1c1bd73ba3f/detection

molothunsen.com

# Reference: https://www.virustotal.com/gui/file/9f7708675b4cb733db4405d8c42f54828d7069e990bc8238f74abe8222425037/detection

whoicehkestes.com

# Reference: https://www.virustotal.com/gui/file/628a9c97a55155f60d3b5ae29bc64f1dca5a6baf2b4f6a1a1de5e836cd4fb73f/detection

desperate.website

# Reference: https://www.virustotal.com/gui/file/95bf761c12eba2be84e29c60e31017bc60007ed0f38fcdf261d5fef34e8e4f2f/detection

badlandsparks.com

# Reference: https://www.virustotal.com/gui/file/0af341a92c789bd37e8d7d029f0c225f66f5137f678ea8082426bb565261e740/detection

paunsaugunt.com

# Reference: https://www.virustotal.com/gui/file/7b5a9d6119e910f5c0441ae27293b0367718a4257062f29ec8ef27342a0b8de8/detection

biscayneinn.com

# Reference: https://app.any.run/tasks/4ec40ce2-3250-47c5-96d8-07bcb4c4d1b9/

realmengame.com

# Reference: https://app.any.run/tasks/2c8c2f47-e965-4ca7-ab5f-bf8bcefd74b2/

marianne.ac.ug

# Reference: https://www.virustotal.com/gui/file/2953c2448667bc21d451fce8747513bfaaf0df312df1e0a47604ea49a2bbbda4/detection

prosecuredata.top

# Reference: https://www.virustotal.com/gui/file/b25e4f3d4cfb1ade5d4d68469d6f9b365dddc0296f4a66b2e60f29d476889db9/detection

altmessager.com

# Reference: https://www.virustotal.com/gui/file/3d4b459e2a4a78a2c693876b548b248acf9bb3278fb87ec66b5e4cf204a42cf9/detection
# Reference: https://www.virustotal.com/gui/file/b2ca76052b184c69881e79f3f7549ae884f38a57f50f5801fa40aa953f20b11b/detection

kenutduk.duckdns.org

# Reference: https://app.any.run/tasks/030e7573-8696-417e-8741-b8f80e43caa6/

goodssogood.com

# Reference: https://app.any.run/tasks/5a354632-e77c-42ab-8ff0-87bcad5c78fc/

/a/a/www/

# Reference: https://www.virustotal.com/gui/file/240a264d7565a846f6b1a1d83fbec957351de24e6096cf325e6fb24f229e81a1/detection

paperone.co.ug

# Reference: https://www.virustotal.com/gui/file/54976d4745f4fe0b1492cdecdfdb465a81b8acfe305e210d3e2a39b945889082/detection

hydrakupi.co.ug

# Reference: https://www.virustotal.com/gui/file/899940dfc0c21fb132d23ffb7f8bd4bfbef3bd52b741f1da49834dbcd4ac0578/detection

fastkisel.co.ug

# Reference: https://www.virustotal.com/gui/file/477c7d30787de3f979707583bdfae90fb84bd070003c2ccfd260cba2aed08234/detection

didntreadlol.com

# Reference: https://www.virustotal.com/gui/file/7a48e7fad9485df2316249060c7820a56ddb1b0c2841718744e31fe9b5b18786/detection

duckclack.com

# Reference: https://twitter.com/pmmkowalczyk/status/1369275271011041281
# Reference: https://www.virustotal.com/gui/file/d466ef9698569363af4f08b64235817c7838c726c1faee300582aab3d90f5683/detection

/lancer/getm.php?pid=

# Reference: https://www.virustotal.com/gui/file/0a98dfea9758a2d86facdd37086aae816688386cb897957d72ce95fe2c12093f/detection

zockzock.top

# Reference: https://www.virustotal.com/gui/file/802f2e368248bf75bb83af798f562f9fb2bf07227500b0986abc16a0b42d3ebb/detection
# Reference: https://www.virustotal.com/gui/file/6039cff3d4e528c47b3cd505d14ba6645b4056aa139a06150a0ace56c9cd402f/detection

test.adegokecollege.com

# Reference: https://www.virustotal.com/gui/file/2f4dc31023ec39356b3aa220863cba0ac8b25770641423bccf79ee2b10d77278/detection

nmorbertomo.ac.ug

# Reference: https://www.virustotal.com/gui/file/2e99c313e0c650e1550099cda6493a1896741c8ca294b201d2f2edd5238cdb7a/detection

http://45.147.198.62

# Reference: https://app.any.run/tasks/377e6816-2765-4384-bf2a-4818f84b2b8d/

cache.krishgarden.com

# Reference: https://www.virustotal.com/gui/file/764574a80f1738d589a165cb5fecc7840220c7e72ffe795be772ccf58a0f7ceb/detection

static.parafia-strumiany.pl

# Reference: https://www.virustotal.com/gui/file/0e55e17532909ad5ad34eb4e35d791b27c6951dd15a8baba34c29ae572c884d0/detection

ciaociaoline.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1380870829932744707
# Reference: https://app.any.run/tasks/edc50f68-7088-439e-8993-b6bf2fbb4cde/

data.parafia-strumiany.pl

# Reference: https://app.any.run/tasks/0273000c-ebf5-4a51-a89e-3d0159ff5bb3/

http://45.85.90.86

# Reference: https://twitter.com/fr0s7_/status/1384855677659660288
# Reference: https://app.any.run/tasks/210dcd67-5096-4f79-9cb7-21502ca24854/

stealer.xxxy.biz

# Reference: https://twitter.com/reecdeep/status/1387777010097852426

http://203.159.80.206

# Reference: https://www.virustotal.com/gui/file/e5686e76056d1a4ac0a3120e1de3e3ab9aca585fb151881e76885d36a6621092/detection

lotomoto.info

# Reference: https://twitter.com/James_inthe_box/status/1389233811251073033
# Reference: https://app.any.run/tasks/4a9b349d-ade4-4723-ac41-40415532e8bc/
# Reference: https://app.any.run/tasks/3e24fd12-9eed-4e6a-9b49-dfd3d8341a87/

http://31.210.21.181

# Reference: https://www.virustotal.com/gui/file/bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050/detection

vtqt.xyz

# Reference: https://www.virustotal.com/gui/file/3be583104ac2df031993b4f1bcbca40c01cefc5282050bc70b74e6e428291aba/detection

http://31.210.20.228

# Reference: https://www.virustotal.com/gui/file/55f1a2084fd1c1d5477519f06b02aa4fa4d917aaceffd116fc45820dc49a7795/detection

osiq.xyz

# Reference: https://www.virustotal.com/gui/file/7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0/detection

http://45.144.225.173

# Reference: https://www.virustotal.com/gui/file/fa1b210bdfaa9d9ed60eeee1196af0a697ed9bb1b6fbcc7108ebf43b55a313a5/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/ip-address/188.34.193.205/relations
# Reference: https://www.virustotal.com/gui/file/83422a63a67f69382eb8b0770a89d1841b43aac04beb7ae14429d35ce4b77a3f/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/8209fcebdc81bc471b8abd57c07a18a7f222803f625028e26e343fde63183fda/detection

http://78.142.29.63

# Reference: https://www.virustotal.com/gui/file/1fa6a1833e1fe0875ea6f0ddf0dab47659a5a9cc8db80e6496177215bfbff498/detection

worstyear2020.com

# Reference: https://www.virustotal.com/gui/file/dfe963eae24c412b410f879df4f8fdec5b1a4fa8e20f44ab4eea4af4f811cf19/detection

dollartikuda.xyz
ys-gay.net

# Reference: https://www.virustotal.com/gui/file/c41aa6d6eeac57851b0a00a619609ed764072881b85b7dad25ac30f2856eda43/detection

support121.ddns.net

# Reference: https://www.virustotal.com/gui/file/f7a75dfb71ae46a4d6732100359c7d1b6fb5bb65338d6d1b702871ca492d3d54/detection

sefagusten.top

# Reference: https://www.virustotal.com/gui/file/cdeda69bc5ed54e292430a0e7017a66472ef4a1a25e3ebc125785fa2f9dc2bd9/detection

siwirnes.top

# Reference: https://www.virustotal.com/gui/file/573ac5d6b60b2965407c8fbf5c9d0f82067a19c27db420c4f5e9067798bcf6f9/detection

http://162.55.189.102

# Reference: https://www.virustotal.com/gui/file/835c8f02b83dd9bf4b3bf34f7e786b9b37c22924977eab54c6be9f69f1fefc69/detection

http://168.119.226.10

# Reference: https://www.virustotal.com/gui/file/326bebb9e00419c94b901a4597b8d8b1b56ac6ca9cbb96fc8f40df4d85d588cb/detection

http://176.123.4.140

# Reference: https://www.virustotal.com/gui/file/f4a1b439d5d5dcda842507571335e05665dfddc1cec1690d2fa66480c84d3e50/detection

http://185.99.133.218

# Reference: https://www.virustotal.com/gui/file/addabc3e06c8044f4eb4dfc9b63c0d40c4c3e628761ac097a8647d105376051c/detection

http://188.34.193.205

# Reference: https://www.virustotal.com/gui/file/dc466832b1cfeb541df94d49aea4de357c034f78bf70480c27fe265e440010bf/detection

http://159.69.87.239

# Reference: https://www.virustotal.com/gui/file/49b3c1cea44676e46f5dd2d99db7810d3e09d256318be8429d1faa25a53d80b6/detection

http://195.201.94.135

# Reference: https://www.virustotal.com/gui/file/8d2dbbfd60c93fa6faf7f7b3bcfe4ac73dc6c2870911fe8f2c1c4e14bff90499/detection

http://49.12.77.13

# Reference: https://www.virustotal.com/gui/file/d17da61df61aace32659d4c00fd886a6115c893ce48b84c1a819ed6cb7fc1a61/detection

http://198.98.55.103

# Reference: https://www.virustotal.com/gui/file/00bebbc8e8adec6a7133ea0b83663d072b50cdab673d6b4d42b41d0a3fd61bc7/detection

djalil.top

# Reference: https://www.virustotal.com/gui/file/cc981c93093a992a27a48072beda1ebeefd2c23d1e961fd427995d389960890b/detection

lookluck.net

# Reference: https://www.virustotal.com/gui/file/3436be047261b75482542deb4e22e89927e89f60b6061fa32d72043ef8e4afad/detection

http://205.185.127.90

# Reference: https://www.virustotal.com/gui/file/6d68a55fc9958ed4e1e38eb44159f7ef87c434f91c78ae5c8bc58a979526f0da/detection

http://116.203.140.224
http://78.47.81.226

# Reference: https://www.virustotal.com/gui/file/dccba229de62bcbd976968e97f5c2febecf9408e339c553371563e43e8f7be48/detection

http://78.47.87.144

# Reference: https://www.virustotal.com/gui/file/bf9be8425f9523539e9fadbd7b96ced4fc65eaabb1006996a6974c6da8041a7e/detection

http://88.198.106.10

# Reference: https://www.virustotal.com/gui/file/a439026408378e73e65afe890e517d9fd78ed55739840cd0eec1e0d83056dd33/detection

http://94.130.58.199

# Reference: https://medium.com/s2wlab/deep-analysis-of-vidar-stealer-ebfc3b557aed
# Reference: https://otx.alienvault.com/pulse/60b10fc3cf96ed70dad3bc07

bittracker.co.ug
blockbock.com
bockbock.top
bocksmoke.com
brainstormer.co.ug
cache.krishgarden.com
centos8lts.com
centoswiki.co.ug
choohchooh.com
ciaociaoline.com
ciaociaoline.top
customkitchaid.com
data.parafia-strumiany.pl
didntreadlol.com
djalil.top
dockclock.pro
duckclack.com
fastkisel.co.ug
flinstonehouse.co.ug
ftp.dwysokinski.me
fuckspha.com
gate.akadns9.net
goodssogood.com
guilmettemoron.com
hydrakupi.co.ug
juhjuh.com
kenutduk.duckdns.org
kiselev.co.ug
lookluck.net
mail.kiselev.co.ug
paperone.co.ug
promo.parafia-strumiany.pl
protestbonjer.ml
shirleyhorn.com
smtp.omplcement.com
static.accelerator-introlab.ml
static.helpmybusiness.ga
static.parafia-strumiany.pl
upload.krishgarden.com
yourpro.top
zockzock.top

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.114/relations
# Reference: https://www.virustotal.com/gui/file/4b17367ca1fa965f3e4c89a58c7f0325157c224eb80d3344490c7f368f12a833/detection

bilederina.top
binoders.top
cerolipak.top
manusorg.top
mutaleson.top
tenorimp.top
veribuman.top
cleardatass.com
datastatscl.com
statsdatacl.com

# Reference: https://www.virustotal.com/gui/file/c54b414ff7ca8ec5843b3944a53b63fd1a904be8423be677a738060fb1546ff2/detection

http://103.155.81.167

# Reference: https://tria.ge/210710-kzbnpe2rbx

sergeevih43.tumblr.com

# Reference: https://www.virustotal.com/gui/file/ec763b65e400b9caaf560db4f26600251bd0971c7202a799dc7c3ce732a3717b/detection

http://162.55.223.232

# Reference: https://www.virustotal.com/gui/file/b32eb85e201ed5cb4bdef0f43882da7c32807d9be2dc9412aae0db3162d46fb2/detection

http://5.34.178.48

# Reference: https://twitter.com/pollo290987/status/1415925808766623744

sslamlssa1.tumblr.com

# Reference: https://www.virustotal.com/gui/file/a94a56609fd846b118788f9b003adecbdf47b06380cc9d9af5bd403fc5362941/detection
# Reference: https://www.virustotal.com/gui/file/f83d5140698073bdaa2e907ee6cbe025256b5796ce18f0d2cbc8efff4e9962cb/detection

http://116.202.183.50
xeronxikxxx.tumblr.com

# Reference: https://tria.ge/210726-6jdmkdfwcs

shpak125.tumblr.com

# Reference: https://twitter.com/reecdeep/status/1422191780833988616
# Reference: https://www.virustotal.com/gui/file/6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55/detection

himarkh.xyz

# Reference: https://twitter.com/Racco42/status/1422961309012930564
# Reference: https://app.any.run/tasks/b295d801-8643-4b42-a848-55c8fa5c22a1/

irkark.xyz

# Reference: https://www.virustotal.com/gui/file/7e04a5f055b6ea1d3402465c4bc96f89b660b82c494b860832f5b7540608bb70/detection
# Reference: https://www.virustotal.com/gui/file/aa1dc867430200195ec34624c58bce2dec6bcda1f837529c564b7cfab0ee978f/detection
# Reference: https://www.joesandbox.com/analysis/454005?idtype=analysisid

anqwcvaaq.xyz
/8GzIpNiHlc.php
/Fl26aoXOqL.php

# Reference: https://www.virustotal.com/gui/ip-address/188.130.139.107/relations

indiacas.xyz
indiamed.xyz
indianot.xyz
kazced.site
kazfds.xyz
kazkef.site
kazksc.xyz
kaznas.site
kazopz.xyz
kazxzs.xyz

# Reference: https://twitter.com/benkow_/status/1443189560024969226
# Reference: https://tria.ge/210929-pd2k9sfacl/behavioral1

http://79.124.78.139

# Reference: https://twitter.com/benkow_/status/1447835812050112516
# Reference: https://tria.ge/211012-jzgv4abhb7/behavioral1

gurums.online

# Reference: https://twitter.com/InQuest/status/1450099115258486784

http://136.144.41.229
searcer.x24hr.com
/gJCbU1V9y2.php

# Reference: https://twitter.com/benkow_/status/1457786964191571977
# Reference: https://tria.ge/211108-xpsfqschd6/behavioral1

http://65.108.80.190

# Reference: https://tria.ge/211117-lb4q3aehak/behavioral1

http://159.69.92.223

# Reference: https://twitter.com/Jane_0stin/status/1463981701596598272
# Reference: https://app.any.run/tasks/762741f6-b2d4-4fde-bf1c-111caf124379/

die-grausamste-herrin.at

# Reference: https://www.virustotal.com/gui/file/1ac64c5db03f0fc9729de68be00e2eff7a59f8e10d2ec50c5d348029de745ba4/detection

http://185.215.113.22
/E2vacMBpWA.php

# Reference: https://twitter.com/ViriBack/status/1476718496218324993
# Reference: https://tria.ge/211231-a19g3aehhj/behavioral1

main2.flashysoft.me

# Reference: https://www.virustotal.com/gui/file/baf599abab1d6969e1ba455f83375cbc9643bbe5049189729d3ce60be08e4a58/detection

http://188.34.200.103

# Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/TF_vidar.json

derxblog.de
milktr.uk

# Reference: https://www.virustotal.com/gui/file/c3e725df442abe93e1d1d5ca01fc8105521c82e8e5f86d07171d8f95562c59a5/detection

http://49.12.198.69

# Reference: https://twitter.com/crep1x/status/1478361605394116612

http://116.202.186.120

# Reference: https://twitter.com/crep1x/status/1475535929985187846
# Reference: https://tria.ge/211227-sfrevsbcfq/behavioral1
# Reference: https://www.virustotal.com/gui/file/12f67b777aa65271b2e5773b042cbf8bc1c0bf8cabaf356aa05b583a1e581b94/detection

http://116.202.188.27

# Reference: https://www.virustotal.com/gui/file/42e77b0c32a2e1d98bb7e45198c83f92cad7f33b1369bc61c38ceab0ec2cd4f3/detection

http://167.86.127.231

# Reference: https://twitter.com/crep1x/status/1480574856265711618

http://78.46.160.87

# Reference: https://www.virustotal.com/gui/file/01a46fe5d3f043fe1b45548a36b63edfd841c1841ec5b6878d10ecab36d81d88/detection

http://65.108.180.72

# Reference: https://www.virustotal.com/gui/file/15bd912b0e66bf88fc6dbae28754cb085bfa199b7f7e0d4989ab39a747053be6/detection

hjggvbc.ru

# Reference: https://www.virustotal.com/gui/file/00706aeb7422cf62dbcf72342b913d32e85a68d025629d9ea464162ece67bcc2/detection

http://116.203.165.54

# Reference: https://www.virustotal.com/gui/file/005d0cbf83fcceb2657b56711cc56a4144d9c58a8393d3d1ae052db880b60269/detection

boombangers00666999.sc
/gate2233.php

# Reference: https://twitter.com/ViriBack/status/1487421178557964292
# Reference: https://app.any.run/tasks/49b5dee3-f179-4d8d-8000-0a7cde350c1e/
# Reference: https://www.virustotal.com/gui/file/2c35ee480e2ea480624011857326defe537063bb383824013a8f8a0b9182e3b1/detection

anydesk.computer
panel.computer

# Reference: https://www.virustotal.com/gui/file/27afc8d7727c80c934d73e4aa021ab138b99149023dbc1625c8d4ba867981652/detection

banlobora2.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/2d299fcdf7562306634b74f187b445ad17ca07495d2a36ffca86c7425a7982db/detection

opmos.temp.swtest.ru

# Reference: https://www.virustotal.com/gui/file/7da3029263bfbb0699119a715ce22a3941cf8100428fd43c9e1e46bf436ca687/detection

cookreceipts.fun

# Reference: https://www.virustotal.com/gui/file/3c81b46f9c2fd6871f6844585c9d835eea672e1e0c8e26e667ce8049579e3245/detection

sl9XA73g7u3EO07WT42n7f4vIn5fZH.biz

# Reference: https://www.virustotal.com/gui/file/1e0608ba01db4c6a953d5a2bf144a944d5939790fd9e0acd7c06a37563470add/detection

f0457102.xsph.ru

# Reference: https://www.virustotal.com/gui/file/6e5bef09238ff67eb3c4765eed4a0d647a3b0d9be6e7604a3e9a0d509623c6fd/detection

admin.foa.ae

# Reference: https://www.virustotal.com/gui/file/c145a437ca06f644c48e37c597d6efc46f4a0e4d8b1bfb265a1d28ced7e8009b/detection

bergamot.nu

# Reference: https://www.virustotal.com/gui/file/4e842aade6a22d8efbcae4bd9cde73de26398f7f70a06fc09042ed72bb61465a/detection

cmd3490ghbdtn3.ru

# Reference: https://www.virustotal.com/gui/file/c48534128c907c63db7b3f995cbb17eb67a973a8abc7e567cac4229889df1535/detection

databasecontrol.xyz

# Reference: https://www.virustotal.com/gui/file/253a4539177c2e6617a98571a87211a364d1a9d6dee454589548a6413db23be5/detection

datamon.cc

# Reference: https://www.virustotal.com/gui/file/03830b7509fe6e46ea89d7fe60f732120cca1501473c5fc477e2d96b01f7f050/detection

gfxapanbnqd4jhf.pw

# Reference: https://www.virustotal.com/gui/file/64d7ba13bf3e525fc99988f742b751c9df4431af7b26a7d6cdb3191218648517/detection

ggtyyu.pw

# Reference: https://www.virustotal.com/gui/file/47019ee43e1682cdcdabda06ba450642be49b241416da1331917726cf6e565b8/detection

hostisgerhg.tk

# Reference: https://www.virustotal.com/gui/file/e677eb033d3676db1d9beae7fa1d392fef40cf0950f862108609ff25b25a4642/detection

kepler071.site

# Reference: https://www.virustotal.com/gui/file/c79a3bd6b7a37c9bf58d12a6c493e00df8413d6b68892f8c402fb34a8341aa5b/detection

lilldshar.space

# Reference: https://www.virustotal.com/gui/file/b2af96a978461c384d5efdb367b6d80028cee69d86b3cb3691b43e8a62721788/detection

masadproject.life

# Reference: https://www.virustotal.com/gui/file/02fc294d8a722633df5411062307978762ce56ed1b285cf1b388a5ca2df809f2/detection

onlinemseof.site

# Reference: https://www.virustotal.com/gui/file/0425eaee15de5550bb64838d9c3fb74071d83575362388c22d45e2385e996bbc/detection

pablopanuroere.pw

# Reference: https://www.virustotal.com/gui/file/0b3cf8e37e13a3100885a6a538da9244c72b0223501dc4f6b23929204c8d3361/detection

poiuytrewq2.site

# Reference: https://www.virustotal.com/gui/file/d1cf6edc0a27e9eadabbaacd1ec9650d6484f91556c5e81ed3b43923c4dfc1d0/detection

shlyapa.website

# Reference: https://www.virustotal.com/gui/file/9801abe4b5e3a68d376694c548d992fd1372df88299d3618b5d8c2b36c9530a4/detection

tgp.opcache.xyz

# Reference: https://www.virustotal.com/gui/file/e48514ff1736378e93832535b9c903655de96e48c5ae3ab2382ff3c8c016725c/detection

topteamover9000.fun

# Reference: https://www.virustotal.com/gui/file/d66df2e485a93c02470b99c6d4821f2f5a3bc7cde19d3ccec70d1f0dd874a66b/detection

travelgidblog.top

# Reference: https://www.virustotal.com/gui/file/fd991646249ed10695d429cac8df890dda694ba66df071469e047547df602a68/detection

watchmovie.life

# Reference: https://www.virustotal.com/gui/file/74465e9ad0ef9a1cce5f2e7485c20cb2f7d15cee1f224ac8629f68656febb39e/detection

xenicoln.gb.net

# Reference: https://www.virustotal.com/gui/file/169a4309780969168c4af528075bb4b1e2526f976ab572cdfa6ff3e13a009faa/detection

yrhealth.life

# Reference: https://github.com/cyberark/malware-research/blob/master/OskiStealer/IoCs.pdf

http://162.0.224.159
http://173.232.146.69
http://176.113.81.170
http://178.32.145.141
http://188.227.57.121
http://194.87.147.13
http://194.87.234.156
http://194.87.236.221
http://194.87.95.5
http://195.133.147.113
http://195.133.197.21
http://45.141.84.143
http://45.143.92.129
http://45.143.93.152
http://45.151.144.128
http://45.8.228.100
http://46.17.96.25
http://5.187.7.144
http://52.246.250.237
http://80.89.228.202
http://80.89.238.87
http://85.209.91.120
http://89.223.123.36
http://91.245.227.131
http://92.53.124.88

# Reference: https://app.any.run/tasks/1ba24008-9819-4fda-9098-d2e769715470/

http://65.108.155.192

# Reference: https://twitter.com/phishgalore/status/1490794416239489028
# Reference: https://twitter.com/JCyberSec_/status/1491008346505515015
# Reference: https://www.virustotal.com/gui/file/95573cc24f3901c938e84f9628359a9dcc816dd451809f5313a99fe8da2756b9/detection

bank-statement.xyz
freddomdomain.xyz
order-magento-admin.com
statement-scotiabank.com

# Reference: https://tria.ge/220202-w4cs6abagj/behavioral1

http://95.216.183.78

# Reference: https://tria.ge/220202-w4s55sbagl/behavioral1

uploaditem.xyz

# Reference: https://twitter.com/ViriBack/status/1492589247697719304
# Reference: https://www.virustotal.com/gui/domain/flashysoft.me/relations
# Reference: https://www.virustotal.com/gui/file/241d7ec7d8a462c1a9c4570be1ddcb744f38b9322635ed860219505054c7db25/detection

flashysoft.me
main.flashysoft.me

# Reference: https://app.any.run/tasks/75915cfb-9864-46c5-b673-20e0a8ec9409/

http://95.216.147.143

# Reference: https://www.virustotal.com/gui/ip-address/13.78.210.162/relations
# Reference: https://www.virustotal.com/gui/file/b9c74bca334747feac392bc96d57d870f1907ec6ec3062bd405c1df3ccc16b74/detection

bankkia.gq
dashgaa.tk
wellsfago.ga

# Reference: https://app.any.run/tasks/45ddee1d-5fc4-4c0a-859c-42b4fbc333d0/

http://94.130.174.62

# Reference: https://www.virustotal.com/gui/file/148c9a3fc02110a684dedd1af853b508bdab5eed766f9fadd15e910ae46b2b1f/detection

bestpolandhotels.com

# Reference: https://isc.sans.edu/diary/28468

bor4omkin.ru
dersed.com
sughicent.com

# Reference: https://www.virustotal.com/gui/file/0239bcbfae35cdefd367a9dc269287c92b666743018e45f6265495b43fbbb27c/detection

maurizio.ug

# Reference: https://www.virustotal.com/gui/file/034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418/detection

hubvera.ac.ug
prepepe.ac.ug

# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.77/relations

agentt.ac.ug
agenttt.ac.ug
ailsom.ac.ug
andres.ac.ug
andres.ug
backgrounds.pk
bilbosaquet.ug
brice.ac.ug
colonna.ac.ug
colonna.ug
conthruian.ug
courtneyjones.ac.ug
cracksmsa.ug
cvae.ac.ug
dancedance.ac.ug
danielmax.ac.ug
danielmi.ac.ug
darkangel.ac.ug
ddlakava.ac.ug
erolasa.ac.ug
erolbasa.ac.ug
gordonas.ac.ug
gordonhk.ac.ug
gordons.ac.ug
hanxlas.ac.ug
hsagoi.ac.ug
imobiles.pk
jamshed.pk
jonescourtney.ac.ug
kode.ac.ug
kodekode.ac.ug
kullasa.ac.ug
lastimaners.ug
lizzard.ac.ug
lizzzqua.ac.ug
lucab.ug
macakslcaq.ug
malcacnba.ac.ug
mantata.ac.ug
marcapinyo.ru
marcyovcx.ru
marianne.ac.ug
marketprice.pk
mastitisa.ac.ug
matisaas.ac.ug
matiti.ug
maurizio.ac.ug
mazooyaar.ac.ug
mazoyer.ac.ug
milsom.ac.ug
milsom.ug
moreirawag.ac.ug
myfidlerpro.ug
myhostiger.ug
myproskxa.ac.ug
nicolas.ug
nikahuve.ac.ug
nmorbertomo.ac.ug
nothinglike.ac.ug
omomom.ug
pakxkvad.ac.ug
pdshcjvnv.ug
playwell.ug
pretorian.ac.ug
pretorian.ug
puritaaxa.ac.ug
qwerty12346.ru
regay.ac.ug
saba.ac.ug
scarsa.ac.ug
scarsxa.ug
scouragae.ac.ug
sergui.ac.ug
taurus.ug
triathlethe.ug
underdohag.ac.ug
veronika.ac.ug
veronikaa.ac.ug
veronikac.ac.ug
viniscav.ac.ug
wellplayed.ug
zxvbcrt.ug

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vidar-malware-launcher-concealed-in-help-file/
# Reference: https://otx.alienvault.com/pulse/623c985eb2d2a96857e9985b

http://95.216.181.231

# Reference: https://twitter.com/Cyber_O51NT/status/1508819570588459017
# Reference: https://blog.morphisec.com/threat-research-mars-stealer
# Reference: https://www.virustotal.com/gui/file/6670b60de348f134151d4911e9714ee1cb3a51dd9d0f008b0fa2d42c796d2cfb/detection
# Reference: https://www.virustotal.com/gui/file/6b18a223ce8f1f42880a54809880cd5c3a6890955d2469b10ea771dab333871e/detection
# Reference: https://www.virustotal.com/gui/file/ab7e7d8594befb5a7137ec323db87a4aacfa64260327d61eee30626a760c3d5b/detection
# Reference: https://www.virustotal.com/gui/file/77148020b07fa69f4c68596f3132186975d7e289cff617ae9f4dab6806709807/detection
# Reference: https://www.virustotal.com/gui/file/0f2edca4bfbbde781da5438b0dec6f91e701588b854d66561be0f2d9d5074a78/detection
# Reference: https://www.virustotal.com/gui/file/8f925aa659cdab2466d2860dfc06d14d1c384c7a449683813db8d9219ed333c9/detection

http://185.212.130.47
http://193.56.146.66
http://5.45.84.214
http://66.29.142.232
http://82.146.63.54
http://91.92.128.35
telemeetrydata.cn
tommytshop.com
tonyshop312.com
/SCmygye1LE/FTOauwvCfJ/
/FTOauwvCfJ/
/SCmygye1LE/
/2BxXIkoySb.php
/8cPynL7Va1.php
/eglkAa6HG1.php
/gfattee933.php
/KNOuG8qeID.php
/tytfu656i7kuydgsjdsdu.php
/umO0HLhYp5.php

# Reference: https://www.virustotal.com/gui/file/8537e3492ed1da3a8c301853548e4ffb1e79906063e20ba237db9038121ae4a2/detection

http://45.9.20.31
/LD3F8IPgas.php

# Reference: https://www.virustotal.com/gui/file/56cf528c7b47eec296feb89c8314db85d81eaca55b96387360e0ec3e7b6caa1b/detection

f0649032.xsph.ru
f0649033.xsph.ru

# Reference: https://www.virustotal.com/gui/file/7e7b97d4785f8f237e996ba65d7369261071db6e66b796ad87a195d6caded887/detection

http://176.57.189.191

# Reference: https://www.virustotal.com/gui/file/1fc99227ff5f8d7548959ebabda2fdd4c9c51c3ee924e5494e70af307d8aafc5/detection

http://154.16.112.151

# Reference: https://twitter.com/0xrb/status/1511564992805761024
# Reference: https://www.virustotal.com/gui/file/4bcff4386ce8fadce358ef0dbe90f8d5aa7b4c7aec93fca2e605ca2cbc52218b/detection

http://194.87.218.39
/RyC66VfSGP.php

# Reference: https://twitter.com/0xrb/status/1511939521877000194
# Reference: https://www.virustotal.com/gui/file/813b776096fefc9a314814fc0a79019e50268ab598dd7257fc5f3cc438191d84/detection
# Reference: https://www.virustotal.com/gui/file/ff676d4c5f83c81b77d21b605866d45acde3e04f4cf9f2cf9180f154144a48b9/detection

250329.prohoster.biz

# Reference: https://www.virustotal.com/gui/file/f668f1ba25939689fb35e11e3c77f2824ede2373ebb48ec711bb99d11de3027b/detection

a0634004.xsph.ru

# Reference: https://twitter.com/fr0s7_/status/1512457923947114499
# Reference: https://www.virustotal.com/gui/file/ba981a94852325debf0e4b478266f6efd8e4e9c5b149fd9ad277be0be5045768/detection

http://95.217.244.41

# Reference: https://twitter.com/0xrb/status/1513739710765895681
# Reference: https://www.virustotal.com/gui/file/473c8b608a69a546da4510f610501bcac001e726699e75d8a15afd50ff66f460/detection

http://62.204.41.128
/81uBpsioYb.php

# Reference: https://twitter.com/0xrb/status/1513762639218118656
# Reference: https://www.virustotal.com/gui/file/309122794db2c8fd2ffd82c9770988297860a56116ce184be08da75b64d361f8/detection
# Reference: https://www.virustotal.com/gui/file/0f63b4b4659449eee766610af817b786e9cd7622743851cf7b71430613d7521b/detection

http://62.204.41.69
62.204.41.166:27688
/p8jG9WvgbE.php

# Reference: https://twitter.com/0xrb/status/1513747076714491905
# Reference: https://www.virustotal.com/gui/ip-address/2.57.186.176/relations
# Reference: https://www.virustotal.com/gui/file/455118a3a6c915e50ec4ff1133b51f24b1e080e3e591f42e41e144af0bdc7890/detection

cheapa.link
cheapb.link
cheapc.link
cheapd.link
cheape.link
cheapf.link
cheapg.link
cheaph.link
cheapi.link
cheapj.link
cheapk.link
cheapl.link
cheapm.link
cheapn.link
cheapo.link
cheapp.link
cheapq.link
cheapr.link
cheaps.link
cheapt.link
cheapu.link
cheapv.link
cheapw.link
cheapx.link
cheapy.link
cheapz.link

# Reference: https://twitter.com/Glacius_/status/1513861040605442052

http://195.242.111.168
/2s06lj04kybnr4ze.php

# Reference: https://twitter.com/0xrb/status/1515918645800882181
# Reference: https://www.virustotal.com/gui/ip-address/185.215.113.89/relations
# Reference: https://www.virustotal.com/gui/file/fd48ebb9c6da16d3f371ee0e1bd94c7027ffacb7b99d27e59c81c8504477fd60/detection

asdasgs.ug
beachwood.ug
courtneyjones.ac.ug
danwisha.ac.ug
hubvera.ac.ug
kodekode.ac.ug
ludivineemery.ac.ug
malayska.ug
marksidfgs.ug
marnersstyler.ug
mistitis.ug
rockphil.ac.ug
rockrock.ug
triathlethe.ug
underdohg.ac.ug
underdohg.ug

# Reference: https://twitter.com/0xrb/status/1516280842586566656
# Reference: https://twitter.com/0xrb/status/1517034682164334592
# Reference: https://www.virustotal.com/gui/ip-address/2.56.240.56/relations
# Reference: https://www.virustotal.com/gui/ip-address/2.57.187.224/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.8.124.64/relations
# Reference: https://www.virustotal.com/gui/file/03989d0af03476f5611d18e2e8f6706be0d542707336c2b426035c78335f1328/detection
# Reference: https://www.virustotal.com/gui/file/c24d3ad6c8178c5066eea814986ce73e26d6ec2812fc6f56b0275eb68da0f6bb/detection
# Reference: https://www.virustotal.com/gui/file/6e304b4616eb9daa7da76d3c1894d5e62af10fe6dc3d6b2356518dbb1121d6b9/detection

jsdkca.link
jsdkcb.link
jsdkcc.link
jsdkcd.link
jsdkce.link
jsdkcf.link
jsdkcg.link
jsdkch.link
jsdkci.link
jsdkcj.link
jsdkck.link
jsdkcl.link
jsdkcm.link
jsdkcn.link
jsdkco.link
jsdkcp.link
jsdkcq.link
jsdkcr.link
jsdkcs.link
jsdkct.link
jsdkcu.link
jsdkcv.link
jsdkcw.link
jsdkcx.link
jsdkcy.link
jsdkcz.link

# Reference: https://twitter.com/0xrb/status/1516640874306088960
# Reference: https://www.virustotal.com/gui/file/18c7c5e7d5146bef12ead85598bf5d2c48ee5e6634d4769221d3e7712809f1ad/detection

xiskasment.com

# Reference: https://twitter.com/James_inthe_box/status/1517238542434414592
# Reference: https://app.any.run/tasks/f82a6efe-c21c-4949-8523-d3f2ad8be39c/

http://5.252.178.50

# Reference: https://twitter.com/James_inthe_box/status/1517262007795281920
# Reference: https://app.any.run/tasks/e6362786-dbeb-44ad-b62e-ddf6a6fe7c1c/

http://116.202.1.195

# Reference: https://www.virustotal.com/gui/file/9699bee0ae268555ceb77a02522f568229233284c9eb698209c03b05b1304b10/detection

http://139.177.176.177

# Reference: https://app.any.run/tasks/2bf3a7e1-f6a9-44dc-9d15-d9fa4f803e65/

http://195.201.250.209

# Reference: https://twitter.com/0xrb/status/1521717264311275520

http://185.104.114.24

# Reference: https://twitter.com/0xrb/status/1522455058520358912
# Reference: https://www.virustotal.com/gui/file/1fb1244bbc75553e090acf7f1dfc01f4283b428ac966364fad0d95bd1b967e61/detection

http://162.33.179.235
/gatero0m.php

# Reference: https://twitter.com/0xrb/status/1522450567473549313

micrwa.link
micrwb.link
micrwc.link
micrwd.link
micrwe.link
micrwf.link
micrwg.link
micrwh.link
micrwi.link
micrwj.link
micrwk.link
micrwl.link
micrwm.link
micrwn.link
micrwo.link
micrwp.link
micrwq.link
micrwr.link
micrws.link
micrwt.link
micrwu.link
micrwv.link
micrww.link
micrwx.link
micrwy.link
micrwz.link
/8sdd875.php

# Reference: https://www.virustotal.com/gui/file/0ed195ec728ae0cf1d028dfc6682e64f4355b3e33ce4de258f854701dce4ee61/detection
# Reference: https://tria.ge/220610-s2xtrshbb2/behavioral1

http://93.115.21.45
/gtaddress

# Reference: https://www.virustotal.com/gui/file/62a53b52eb3408052d19cace306452e9d3075618b4198e3e8c0beb7200da5886/detection

http://78.47.227.68

# Reference: https://twitter.com/c_APT_ure/status/1526268613367300096
# Reference: https://www.virustotal.com/gui/file/6852472f4d85443563b226cc8dd1adfc7b005d094071eb460681af0830d10a16/detection
# Reference: https://www.virustotal.com/gui/file/b9106d6ef93fa8f25f43b1fb0b4fe6e29b1afb44844159a22bd5fa23ddaebe1f/detection
# Reference: https://www.virustotal.com/gui/file/e106f33cb1f8c26b6211611bd22fcaced5d1c88700670c8b477827f9e00a8b3f/detection

http://23.95.52.191

# Reference: https://www.virustotal.com/gui/file/05a3028bc4f10ff3387b486c171178f7d5a4864de59f6693d2dcbdae035820d1/detection

http://95.217.244.73

# Reference: https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
# Reference: https://otx.alienvault.com/pulse/62876ce0115d3177c23d5d74

ms-teams-app.net
ms-win11.com
win11-serv.com
win11-serv4.com
win11install.com
ms-win11.midlandscancer.com

# Reference: https://www.virustotal.com/gui/file/00068c42aca308063416f2ab531c218bd8c6b960fe727064f03cfda101f9c746/detection

http://162.55.213.180

# Reference: https://www.virustotal.com/gui/file/0290fd4f9c7240911d9051f76167a75dd78834e6a03faf6b09aeae21ff3094db/detection

backgrounds.pk
gadem.ug
lcjvkdfas.ug
zaragoza.co.ug
zaragozsa.ug

# Reference: https://www.virustotal.com/gui/file/f6a58d46a92e7739388cd9e1c0df2800af70169a6df2a19b8c1b96defeed902e/detection

2tril.com

# Reference: https://app.any.run/tasks/67322566-fff2-4a64-a5b8-405599618c7d/

http://107.189.13.22

# Reference: http://lists.emergingthreats.net/pipermail/emerging-sigs/2022-May/030670.html
# Reference: https://www.virustotal.com/gui/file/7093aba8ae03275caab7372a7d56172df1716120d477dc276ee9f0b08816bd0c/detection

aztkiryhetxx.ru
ckrddvcveumq.ru
cugdwpnykghx.ru
dvizhdom.ru
dwrfqitgvmqn.ru
rhjebiuujydv.ru
rwwmefkauiaa.ru
sanlygeljek.ru
sinelnikovd.ru
wzqyuwtdxyee.ru
zpuxmwmwdxxk.ru
zyzkikpfewuf.ru

# Reference: https://www.virustotal.com/gui/file/8bf5a6be286efa5c7871d287a80120fc48a3744bd2a6a3764834082b95e68674/detection

cenlar.cc

# Reference: https://tria.ge/220602-rf2p6acaaj/behavioral1

http://107.189.11.124

# Reference: https://twitter.com/BlackLotusLabs/status/1532795523329052672
# Reference: https://www.virustotal.com/gui/file/78456112caae4c00fa66e6f9c7474331a2befe795a75a7313d4e0770196a0b35/detection

http://116.202.187.69

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://185.9.41.83
http://212.110.132.195
http://77.232.41.206

# Reference: https://www.virustotal.com/gui/file/005c0f50f1b90558975f0c63b23fc35b0493ea596a9c5e051c2f26dc3ca977e0/detection

http://2.57.122.82

# Reference: https://tria.ge/220609-ztaslagec8/behavioral1

http://194.156.98.151

# Reference: https://www.virustotal.com/gui/file/12e81b998b37955c4e028a9f46378b8b664646e3cc5f177a867321c54af30ca3/detection

http://194.180.174.180

# Reference: https://www.virustotal.com/gui/file/ead121e4d007085adb42edd61c3328aa728fa2c1d7c78e77ceb64f999f7323e3/detection

ratinonanuere.pw

# Reference: https://www.virustotal.com/gui/file/037b340417857e618b37cfc3c6b4e6d01717ca0cedfaf57c4d98f368f432f10d/detection

recmaster.ru

# Reference: https://www.virustotal.com/gui/file/03d90fc0c0da8275035336d823f053a84ef50ab82aa0d2bba0722bb9e32a5627/detection

martinlloyd.net

# Reference: https://tracker.viriback.com/dump.php (2022-07-11)

http://13.58.70.215
http://185.4.65.70
http://188.212.124.14
http://193.203.238.120
http://194.233.168.238
http://194.87.218.26
http://195.242.110.71
http://45.130.104.128
http://45.138.157.227
http://62.204.41.103
http://62.204.41.179
http://62.204.41.223
http://80.79.114.182
http://91.243.44.99
http://94.142.141.235
a0626884.xsph.ru
anderd2w.beget.tech
blitzhost.ga
dashgaa.ml
ericfatima.beget.tech
f0623459.xsph.ru
ida-ayu.com
img.futanari-toons.com
mars.cryptominingpioneer.com
mars22.cryptominingpioneer.com
nationalspaceforceusaaainc.com
pashiudsa.com
share.softwareshare.me
tracey991.beget.tech
truehempbiz.com
zl3fh9x1.beget.tech
/5Ou97MmeyI/
/5Ou97MmeyI/login.php
/SCmtgye1LE/
/SCmtgye1LE/login.php
/c0XEaQ58yT/
/c0XEaQ58yT/login.php
/deAGgwt1R7/
/deAGgwt1R7/login.php
/yugYFTr5u6uytJgfj/
/yugYFTr5u6uytJgfj/login.php

# Reference: https://tria.ge/220531-s91kmafcgl/behavioral1

http://78.47.74.118

# Reference: https://tria.ge/220715-rnvltacbhl/behavioral2

http://45.144.29.243

# Reference: https://twitter.com/ViriBack/status/1549905970905612290

http://185.104.114.24
http://146.190.235.63
http://185.4.65.203
http://193.124.22.9
http://87.120.37.42
http://94.102.57.150
http://94.124.78.161
chicvvdon.lol
goldrushaw.ug
moneyd.link
renox.lol
superfilmes.cf
topababa.us
data.topababa.us

# Reference: https://twitter.com/idclickthat/status/1551249542783328257
# Reference: https://tria.ge/220724-ttq7paafbm/behavioral1

http://185.53.46.199
zidclouzby2.xyz

# Reference: https://app.any.run/tasks/da232c24-a63c-4378-ae30-f3305fd0334e/

http://95.217.244.216

# Reference: https://twitter.com/ViriBack/status/1554137490872799233
# Reference: https://tria.ge/220801-str9baahe3

atomic-wallet.net
/marsword/gate.php

# Reference: https://www.virustotal.com/gui/file/c1f6d80c29bdb4c6939dcd898e17d868859def5a9ed463044115728e193168d9/detection

lamol.ddns.net

# Reference: https://twitter.com/ViriBack/status/1555348941834698758

moneya.link
moneyb.link
moneyc.link
moneyd.link
moneye.link
moneyf.link
moneyg.link
moneyh.link
moneyi.link
moneyj.link
moneyk.link
moneyl.link
moneym.link
moneyn.link
moneyo.link
moneyp.link
moneyq.link
moneyr.link
moneys.link
moneyt.link
moneyu.link
moneyv.link
moneyw.link
moneyx.link
moneyy.link
moneyz.link
/8sd87v7.php

# Reference: https://www.virustotal.com/gui/file/75e886f21527f32fb230ba37cfef2271279a41c6b72e57a63223eb10367be928/detection

116.202.183.213:1080
95.217.246.200:1080

# Reference: https://twitter.com/0xrb/status/1557289524006293504
# Reference: https://www.virustotal.com/gui/file/246b27e609ebd8a1ec31b9667addf3b262d6487602209baa9b32c54539a28031/detection

http://193.106.191.146
194.5.98.107:6968
beachwood.top
beachwood.ug
charisma.ac.ug
goldrushaw.ug
kalskala.ac.ug
malayska.ug
mariah.pk
nikahuve.ac.ug
parthaha.ac.ug
safetygear.pk
safetygear.top
scientific.pk
tuekisaa.ac.ug
vsongs.pk
wiwirdo.ac.ug

# Reference: https://twitter.com/fumik0_/status/1559474920152875008
# Reference: https://twitter.com/ViriBack/status/1559523902082224128
# Reference: https://www.virustotal.com/gui/file/9f90081674303197706584dd91a9b37dc9399c499b466ef7a4e5d55a8145f844/detection
# Reference: https://www.virustotal.com/gui/file/7873dddec4a46e7ad104de9b6bd68f590575b7680a1d20b9fe1329d1ad95348f/detection

safe-car.ru

# Reference: https://twitter.com/ViriBack/status/1562797767592136704
# Reference: https://tria.ge/220825-qn96tsdfap/behavioral1
# Reference: https://www.virustotal.com/gui/file/cdbbca5bc9428b5e403f4af071affbfe74b90c1b3244908bb0470d214f080205/detection
# Reference: https://www.virustotal.com/gui/file/a77d1a409ec71c1f9c90d1b632edb29c11a043bcb05ffef05c3ef5688e10cea5/detection

http://176.10.118.235
housewall.xyz
kanban.housewall.xyz
mars.housewall.xyz
n8n.housewall.xyz
traefik.housewall.xyz
trilium.housewall.xyz

# Reference: https://www.virustotal.com/gui/file/09fb6bb883ca633aa0aa3eea9735d8b041b3cdfa03a49fa12a32896968708d96/detection

kmwekek.link

# Reference: https://www.virustotal.com/gui/file/017c70f1af4f0b70d2b4aa5ae0b64c883d29aeb9a995cfe725b52c62a8cf3c0e/detection

werido.ug

# Reference: https://otx.alienvault.com/pulse/630cb63d30d8b469b2a6a1c7
# Reference: https://www.virustotal.com/gui/ip-address/45.143.201.4/relations

boundertime.ru
cointra.ac.ug
ftp.backgrounds.pk
ftp.nicoslag.ru
goldrush.ug
goldrushaw.ac.ug
hopeforhealth.com.ph
mail.charisma.ac.ug
mail.goldrush.ug
mail.goldrushaw.ac.ug
mail.goldrushaw.ug
mail.karimgousa.ug
mail.marnersstyler.ug
mail.mistitis.ug
mail.mofdold.ug
mail.opsdjs.ug
mail.partaususd.ru
mail.safetygear.pk
mail.scientific.pk
mail.wiwirdo.ac.ug
mofdold.ug
momomolastik.ug
movesc.top
nicoslag.ru
ns1.asdsadasrdc.ug
ns1.backgrounds.pk
ns1.goldrush.ug
ns1.karimgousa.ug
ns1.marnersstyler.ug
ns1.mistitis.ug
ns1.mofdold.ug
ns1.partaususd.ru
ns1.safetygear.pk
ns1.scientific.pk
ns1.triathlethe.ug
ns2.asdsadasrdc.ug
ns2.boundertime.ru
ns2.goldrush.ug
ns2.marnersstyler.ug
ns2.mistitis.ug
ns2.qwertzx.ru
ns2.safetygear.pk
ns2.scientific.pk
partadino.ac.ug
partaususd.ru
phila.ac.ug
pjjot.top
pop.backgrounds.pk
pop.cracksmsa.ug
pop.partaususd.ru
qd34gf23ewrfsd1233.ru
qwertasd.ru
raphaellasia.com
rbcxvnb.ug
smtp.backgrounds.pk
smtp.qwertzx.ru
thatstraveling.ac.ug
timebounder.ru
tugusino.ru
wewilltoptheearth.top

# Reference: https://www.virustotal.com/gui/file/f0b1c1bef9f65f6a69d2fa3211fffae43afdbb144bf24fd1d889a26fbcbcfafb/detection

http://116.202.180.202

# Reference: https://www.virustotal.com/gui/file/40ac4d8ee624e824ca4b6fe0cc01df13a36d31ca53036c1e0f963cefa7ed8948/detection

http://107.189.31.171

# Reference: https://www.virustotal.com/gui/file/01d692761b0698f1246ab16aaf09f74e7801a26a271405028c2771366008c363/detection

http://74.119.192.241

# Reference: https://www.virustotal.com/gui/file/0a7682c0607e0fcb3580d28aec0e3439d6eae0cde1ab3359832046f7f33cdb0f/detection

http://94.130.188.151

# Reference: https://www.virustotal.com/gui/file/616cfd724afe8376aae36c9f065ebdf0a17590c0d1b71c95d6b1d960091807a6/detection
# Reference: https://www.virustotal.com/gui/file/32d081287ed11af4a7cec2a17e44885fd80d8770a4b1ef21da009e68f97bf9b6/detection

brainstormvc.me
niemannbest.me
smkn3depok.com
topniemannpickshop.cc

# Reference: https://www.virustotal.com/gui/file/091ffa54f241270aea68cbb9fa0aea580ad3b800f544200b6908022cc3c28e4a/detection

opzspqwkz.ru

# Reference: https://twitter.com/WhichbufferArda/status/1569412764543713281
# Reference: https://www.virustotal.com/gui/file/bfd72bdd4ab311acd0e05211cb01f8671d358540201eb200f613fd80b62291f0/detection

http://5.161.155.121
evetesttech.net

# Reference: https://twitter.com/idclickthat/status/1569679280761626626
# Reference: https://twitter.com/idclickthat/status/1570399267977859074
# Reference: https://twitter.com/idclickthat/status/1570783889827983362
# Reference: https://twitter.com/1ZRR4H/status/1570626623241846787
# Reference: https://tria.ge/220916-enhk2aefa4/behavioral1

http://5.252.22.196
pdf-edit.online
pdf-editor.online
pdf-editor.top
zoom-us.top

# Reference: https://twitter.com/idclickthat/status/1569350142230204421

zoom-download.fun
zoom-download.host
zoom-download.space
zoomus.host
zoomus.tech
zoomus.website

# Reference: https://tria.ge/220922-vp5pysfgdn

mars.haksanlogistics.com

# Reference: https://tria.ge/220922-vqawzacac6

gemkan.online
gg.gemkan.online

# Reference: https://twitter.com/1ZRR4H/status/1575364121893158916
# Reference: https://www.virustotal.com/gui/file/06d1366df3628a010416384f7c77c493ac35f13ee05e010751708d681ebe5169/detection

http://116.202.2.236
http://5.161.21.185
/trampapanam

# Reference: https://tria.ge/220929-vejpqsbeb6/behavioral1

765mm.xyz

# Reference: https://tria.ge/220916-sgqjysbgdr

dimonbk83.tumblr.com

# Reference: https://www.virustotal.com/gui/file/0b7410c41dd49a7a43487fa0e56f5b336951609e67b873d5cdd70632a954b4a8/detection

ludivin.ac.ug
markinda.top
markinda.xyz
mckawwrsa.ac.ug
muylove.ac.ug
partiad.top
partiad.xyz
tuekisa.ac.ug
wishamag.ac.ug

# Reference: https://twitter.com/ViriBack/status/1575637648911192064

http://142.11.252.64
http://23.137.249.61
http://37.46.135.174
http://74.201.28.165
babycookie.net
linkappa.link
linkappb.link
menfkkf.link
xlsxexcelviewer.cf
banta.xlsxexcelviewer.cf

# Reference: https://twitter.com/Gi7w0rm/status/1575851139425177600
# Reference: https://tria.ge/220930-q699jsefbr/behavioral1

http://5.182.36.79
http://94.131.97.143

# Reference: https://www.virustotal.com/gui/file/371384518223a80ff5381a728ba1e4f846c93713bb39bc80fb2d95cdd8158241/detection
# Reference: https://www.virustotal.com/gui/file/487723e00df8d7f8bfdb57614fa32001f2addc6be9576005b04f1dff53710634/detection

o.oteqprojects.co.in
v.oteqprojects.co.in

# Reference: https://tria.ge/221014-wdxewadhg3/behavioral2

http://77.73.133.31

# Reference: https://www.virustotal.com/gui/file/fcf421952d84ded2ae3c64d60e404be047df6bbf7c126286d673301ea9639296/detection

http://5.161.120.43

# Reference: https://www.virustotal.com/gui/file/cb0fed1d298a0c7762cc0e97262788840d7d82f9f73b83832a1d61b16456bac1/detection

http://94.131.96.16

# Reference: https://www.virustotal.com/gui/file/c834c1de44e284183d5a90eda6835c4d5b4da809ea513b22876422865ae5fa90/detection

http://23.88.115.141

# Reference: https://twitter.com/idclickthat/status/1580635156016410624
# Reference: https://tria.ge/221013-t6pjmadfb3/behavioral2

exoduswallet.app

# Reference: https://twitter.com/idclickthat/status/1579245116296138752
# Reference: https://tria.ge/221009-2l4rtaacer/behavioral3

http://213.252.245.80
desktoptrading.store
tradingviewcheck.com
tredingveiws.com

# Reference: https://www.virustotal.com/gui/file/13c98b46764978f5261ed939fdc46c17f4fbc5eb382ab9ca795cb773c0e5bb55/detection

http://45.15.156.60
http://49.12.196.69
nanoplow.space

# Reference: https://tria.ge/221024-qapb7sgfe8

http://45.159.249.181
http://45.8.145.85
http://77.91.123.173

# Reference: https://twitter.com/idclickthat/status/1584541335415312384
# Reference: https://tria.ge/221024-qktdxaggc3/behavioral1

http://45.15.156.81
allbestcrack.pro

# Reference: https://twitter.com/idclickthat/status/1584584590982664193

garminexpress.art
garminexpress.homes
garminexpress.skin

# Reference: https://twitter.com/JAMESWT_MHT/status/1584595337339338752

logitech-ghub.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1584591876170330113

http://45.89.54.52

# Reference: https://twitter.com/l205306/status/1584569524137127936

allsofts.cloud
allsoftwarefou.com
byxdeoner.me
freesoft.digital
kokoasoft.com
winsofts.cloud

# Reference: https://twitter.com/idclickthat/status/1584586589598285825
# Reference: https://tria.ge/221024-th4zeahegn/behavioral1

http://167.235.62.106
baiaveloz.com
tensoft.org
tm.baiaveloz.com

# Reference: https://twitter.com/l205306/status/1584742172934688769

expertsoft.org
software-plus.space

# Reference: https://www.virustotal.com/gui/file/00221666dec1a50f08ed21af02c42150b8d75203e7b86f2a17080a8df5ea9af4/detection

http://195.201.255.186

# Reference: https://twitter.com/l205306/status/1584827015835680768

eazzysoft.com
newsoftman.com
nigmasoftware.site

# Reference: https://twitter.com/l205306/status/1584858330216173568

anysoft.site
wh1tesoftware.me

# Reference: https://twitter.com/l205306/status/1585064152166699008

byxdeoner.net
soft-pro.site
softwareplanet.website
teensoft.org

# Reference: https://twitter.com/r3dbU7z/status/1584714345153728512

http://135.181.168.27
http://144.24.197.26
http://162.247.152.190
/frBjrtz56Urt/
/tkK30UgdT6/
/17sh9j0q9nrz2iqj.php
/1kk52amkkoyzw9oq.php
/1xphi615sno1jmx9.php
/2xfc11rpcncdfk7z.php
/32xaywoipobq5v5v.php
/41szxukxx0vtv9ee.php
/jgkgugyfdftytf.php
/qtnqpx3zkscm0d8c.php
/uh9mbmc2i054omv6.php

# Reference: https://twitter.com/l205306/status/1585250164922814464
# Reference: https://twitter.com/JAMESWT_MHT/status/1585263428935073793

http://78.47.204.168
allsoftware.cloud
soft-exp.org
softlab.fun
softload.tech

# Reference: https://twitter.com/l205306/status/1585595687441661953

appshigha.com
cracked.guru
placeofreesoft.com
soft-free.space
softcloud.link
softwareorlando.com
unisoft.store
vexonex.com
windsoft.cloud

# Reference: https://twitter.com/SquiblydooBlog/status/1585940710007705602
# Reference: https://tria.ge/221028-l6wc6sfcd5/behavioral12

http://88.119.169.42
soft-portal.site

# Reference: https://www.virustotal.com/gui/file/6855c3be8f4527b0e7da660b812ed882474bb274583850c856121fd5e123b224/detection

http://5.252.178.82

# Reference: https://twitter.com/milannshrestga/status/1581662855203782656
# Reference: https://tria.ge/221016-sbkrhshfbm

decenlral-games.pro

# Reference: https://tria.ge/221030-a87y7sebf5/behavioral1

http://95.216.182.145

# Reference: https://twitter.com/SquiblydooBlog/status/1587122203375575053
# Reference: https://tria.ge/221031-tq57facccr/behavioral2

http://89.185.85.63

# Reference: https://www.virustotal.com/gui/file/03f732ed336f06dc381f0a60bee3a77905a073096eb7fb20fa45a56d37f7638c/detection

http://116.202.5.121

# Reference: https://www.virustotal.com/gui/file/a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1/detection

http://95.216.181.10

# Reference: https://twitter.com/1ZRR4H/status/1575364101148114944

fortinetq.com

# Reference: https://twitter.com/crep1x/status/1589721461882617857
# Reference: https://threatfox.abuse.ch/browse/tag/Vidar/

http://104.128.190.89
http://104.223.0.115
http://104.223.0.117
http://107.175.40.57
http://116.203.15.149
http://116.203.182.209
http://116.203.7.175
http://138.201.90.120
http://146.19.233.108
http://162.55.221.218
http://167.235.137.244
http://176.126.113.111
http://176.126.113.99
http://185.130.47.169
http://185.142.238.113
http://185.181.165.49
http://185.203.117.83
http://185.213.209.142
http://185.214.10.114
http://185.214.10.153
http://185.214.10.174
http://185.225.19.47
http://185.25.50.127
http://185.25.51.238
http://185.25.51.36
http://188.34.207.6
http://193.38.54.108
http://194.87.31.140
http://195.133.40.163
http://195.201.251.82
http://195.201.252.190
http://195.201.253.169
http://195.201.253.5
http://198.251.89.96
http://213.170.133.117
http://213.170.133.153
http://213.170.133.163
http://213.170.133.36
http://213.252.244.136
http://213.252.244.137
http://213.252.244.247
http://213.252.244.86
http://213.252.245.100
http://213.252.245.66
http://213.252.246.218
http://213.252.246.230
http://213.252.246.243
http://213.252.247.107
http://42.186.202.116
http://45.136.50.120
http://45.142.212.155
http://45.142.213.52
http://45.142.213.7
http://45.150.64.207
http://45.153.230.169
http://45.153.230.241
http://45.8.145.83
http://45.8.146.18
http://45.8.147.23
http://45.8.147.74
http://45.86.229.188
http://45.87.154.35
http://45.89.55.118
http://45.89.55.154
http://45.89.55.158
http://45.89.55.159
http://45.89.55.174
http://45.89.55.176
http://45.89.55.177
http://45.89.55.82
http://45.92.156.110
http://45.92.156.133
http://49.12.72.35
http://5.182.39.134
http://5.182.39.216
http://5.182.39.224
http://5.252.177.45
http://5.252.177.9
http://5.252.21.207
http://5.252.23.34
http://5.253.18.213
http://5.253.18.70
http://5.253.18.96
http://51.195.166.165
http://62.204.41.126
http://64.44.167.153
http://64.44.177.137
http://64.44.61.136
http://65.108.210.122
http://65.21.189.158
http://65.21.63.71
http://69.161.221.169
http://72.18.215.185
http://72.18.215.195
http://72.18.215.223
http://74.119.195.129
http://74.119.195.180
http://77.75.230.160
http://77.91.123.253
http://77.91.73.17
http://77.91.73.44
http://78.47.148.33
http://79.124.78.206
http://79.137.195.130
http://79.137.204.163
http://79.137.204.167
http://80.71.157.152
http://80.71.157.165
http://80.71.157.209
http://80.89.229.62
http://80.92.206.65
http://80.92.206.80
http://82.115.223.60
http://82.180.132.54
http://85.239.62.233
http://88.119.169.102
http://88.119.170.155
http://88.198.175.205
http://88.198.74.87
http://88.198.89.6
http://89.185.85.145
http://89.185.85.63/
http://94.131.100.124
http://94.131.107.124
http://94.131.107.38
http://94.131.109.10
http://94.131.109.112
http://94.131.109.113
http://94.131.109.139
http://94.131.109.217
http://94.131.109.35
http://94.131.109.45
http://94.131.109.46
http://94.131.110.20
http://94.131.110.42
http://94.131.97.111
http://94.131.97.119
http://94.131.97.136
http://94.131.97.153
http://94.131.98.4
http://94.158.244.125
http://94.158.244.79
http://95.216.174.64
http://95.216.180.168
http://95.216.181.211
http://95.216.181.82
http://95.216.182.219
http://95.216.182.38
http://95.217.102.102
http://95.217.214.231
http://95.217.242.151
http://95.217.242.155
http://95.217.244.42
http://95.217.245.107
http://95.217.245.254
http://95.217.246.41
http://95.217.27.155
http://95.217.27.160
http://95.217.29.33
http://95.217.31.129
12ewsdf.one
23ntrolandcon.cfd
4r8uhzs3e.click
5tfgbgf6yjhg.cfd
6ha7e7ws.cfd
6tgghf3ec2ws.cfd
7uhjedf3e.click
7uyh9i1qws4r.click
9d8pc33h.cfd
9ik4rfu85tg.cfd
ada09sch.cfd
arentsconti.cfd
arkableco.cfd
arytotheo.cfd
as45vfrt8.one
aswe45bju.one
azsdef7ujh.click
b7hk59vz.cfd
b86yht6.cfd
bg6buj3q.cfd
bgfd3w7uj.click
bgt5hy7ju87.cfd
bgy6trfdx.click
bitclandng.click
btiku5c6x.cfd
btr65kaq1.one
byrokilandn.xyz
c34f5tybc.one
casaufixco.click
cfr45tfg.cfd
d23c06na.one
ddrtg0oikt.click
de3bgt54.cfd
dea6e67jp.cfd
downloadish.us
dyacosm.cfd
edtoal.cfd
encfavestan.xyz
eri39fg.one
erseyata.cloud
f34g56y.one
fe34rfhg5tf.cfd
fezulandg4.click
fithsthef.cloud
g4rty6b.one
geclandz.click
get4pc.click
get4pcsoft.click
getpccrack.click
getpcsoft.click
gt5juy76u87.cfd
gtb7cd8x6.cfd
h45iuy7.one
hagxoferz.click
hu8jki8.cfd
ichitisthel.cfd
ijmnhxd5t.click
ikr2c8jw.cfd
ilandonserc.xyz
inneroft.cfd
isticdiversi.cfd
j5tg3ed.cfd
j8f7bgmm7.cfd
j9bvc1z.one
k56tyui.cfd
kitonestvo.xyz
kmnh6tg43ed.click
kuygvdt5tg.click
l9eg69oik.cfd
landkemoty.click
laodosmart4.xyz
ledoffamaj.cloud
loi87ygvcx3e.cfd
lsknf45vgh.click
mekaofland.click
mlwsx6ygh.click
monitorcrack.click
mqw60ct.cfd
mylandng00.click
myprob1go.click
mysolandg.click
mzhuto2j.cfd
n6j7ujhg.cfd
nhgfr7yh.click
nhgtr46t.cfd
nlondono.cfd
nthenorth.cfd
ntiquityan.cfd
nug5i3tv.cfd
nyt67dfa.one
oldlands1t.xyz
onwalloniai.cfd
p4pentsh0.click
pa12cqxe.one
pccracking.click
qa5nhg6tygh.cfd
qwvmgj82cvm.cfd
qyqevqvig.cfd
r6hsv2gxd.cfd
redirectwar.org
rerecorded.cfd
rfj87lmj.one
rtheidicona.xyz
s584d3v3s.cfd
sapported.xyz
sb244iuy.one
scribedth.cfd
securedownload7.xyz
securedownloadcheaker.xyz
semalop98w7.cfd
semarewwdw7.cfd
solsw98w7.cfd
sooswa8w7.cfd
ssu810der.one
sujghwdtb.cfd
sw2gt5.cfd
swqtglk8u.click
t1nkabyt.click
t2dwsm3v.cfd
taknoce11.click
tandflick.cfd
ther878ha.cfd
thismataln.click
tikalandof.click
tp4mtmoaj.cfd
tqbnb8c2f.cfd
trikbozm3.click
trolboatvasilyb.xyz
tsorequiva.cfd
ujhg6yhgdc.click
upfcraf.cfd
uralposition.cfd
v5tr6yfr.one
verei67gn.cfd
vfews23pl.click
vffgt67yu.cfd
volpsolkpas7.cfd
w34cf5t.one
weokd09rt.one
withylndng.click
x4rt45tgf5g.cfd
xg4x7yzy.cfd
xr45tyui.cfd
y29se10.one
youcolandrz.click
ysystemw.cfd
zxcv6yhg.cfd

# Reference: https://twitter.com/crep1x/status/1590044609757220864

downloadadri.us
downloadbea.us
downloadcog.us
downloadex.us
fileaza.us
filebia.us
filecheck.us
filecore.us
filecyber.us
fileddev.us
filedigital.us
filedock.us
fileegy.us
fileella.us
fileex.us
fileflash.us
fileloop.us
filemodel.us
filenetwork.us
fileoperator.us
filespire.us
filetetra.us

# Reference: https://twitter.com/AuCyble/status/1590306688447709185

msi-afterburnerr.com

# Reference: https://twitter.com/AuCyble/status/1590304696576901120

meta-trader4.net

# Reference: https://twitter.com/AuCyble/status/1590305538335985667

tradingview10-download.top

# Reference: https://www.virustotal.com/gui/ip-address/193.106.191.169/relations

badhabits.ug
bratiop.ru
gorillaglue.ug
itomail.ug
junks.ac.ug
marcaka.ac.ug
maripos.ac.ug
movescx.top
mylupaslc.ug
wewilltoptheworld.top

# Reference: https://cert.gov.ua/article/2724253 (Ukrainian, UAC-0118, FRwL, Z-Team)

http://185.96.163.102
http://193.43.146.42
advanced-ip-scanner.click
advanced-ip-scanner.site

# Reference: https://twitter.com/idclickthat/status/1593634378898296833
# Reference: https://twitter.com/1ZRR4H/status/1593636426234691590
# Reference: https://www.virustotal.com/gui/ip-address/116.202.5.101/relations

http://116.202.5.101
http://95.216.178.160
citrix-download.online
citrix-download.site
citrix-download.store
citrix-download.tech
citrix-download.website

# Reference: https://threatfox.abuse.ch/browse.php?search=malware%3Avidar

http://116.202.2.1
http://116.202.3.228
http://138.124.180.85
http://141.98.169.146
http://146.70.86.32
http://167.99.129.200
http://176.57.69.149
http://178.159.38.91
http://178.23.190.60
http://185.138.164.149
http://185.138.164.179
http://185.165.188.49
http://185.231.205.200
http://185.231.205.242
http://185.250.148.238
http://188.119.112.11
http://188.119.113.36
http://191.96.53.183
http://191.96.53.184
http://193.57.138.18
http://193.57.138.19
http://195.201.252.143
http://212.192.31.130
http://213.142.146.83
http://45.8.144.232
http://45.8.147.191
http://45.83.122.248
http://45.9.190.250
http://45.9.191.215
http://5.252.22.61
http://51.195.166.198
http://74.119.195.192
http://74.119.195.230
http://77.83.173.96
http://77.91.73.95
http://79.137.205.25
http://79.137.205.26
http://79.137.205.27
http://85.208.136.233
http://85.31.44.207
http://88.119.169.106
http://88.119.169.107
http://88.119.169.119
http://88.119.170.143
http://88.198.207.120
http://88.99.120.225
http://89.185.85.232
http://94.131.110.120
http://94.131.97.179
http://94.131.98.3
http://94.131.98.65
http://94.131.98.66
http://94.131.98.67
http://94.131.98.68
http://94.131.98.77
http://94.131.98.78
http://94.131.98.85
http://94.158.244.15
bebrasoft.com

# Reference: https://www.virustotal.com/gui/file/08b2434fa33b35c428fb85e938fed0d6d715b5e46806bbe2d130ebb0ed2df614/detection

mars1877.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8864cd7cbc654d6a0abd75fe8152562f1a9837122bf829832fb4093be252b2e2/detection

http://88.198.106.9
http://95.217.29.31

# Reference: https://twitter.com/idclickthat/status/1597263364538789889
# Reference: https://tria.ge/221128-txx5eagh38/behavioral1

http://49.12.113.223
http://95.217.29.31
audacitya.org
autodeskst.com
bravebrwsr.com

# Reference: https://twitter.com/crep1x/status/1596960278859481088

http://95.217.31.208
mesoft.tech
selfware.net
tensoft.me
thepcworld.pro

# Reference: https://twitter.com/crep1x/status/1598012204233920513

http://153.92.221.169
http://178.23.190.20
http://213.226.100.34
anydesk.ltd
anykdesk.com
bravebrovvser.com
meegans.com
onytesk.com
teligrum.org

# Reference: https://www.virustotal.com/gui/ip-address/51.91.209.190/relations
# Reference: https://www.virustotal.com/gui/file/845e36305916034b608e82c5c4891112c1facfcd9151346e9abda8e0c1447fac/detection

arbetfroll.pw
arbetfrolli.pw
cheakendinner.xyz

# Reference: https://twitter.com/Gi7w0rm/status/1599702328558247937
# Reference: https://tria.ge/221130-n4s65sha45/behavioral1

http://88.198.77.204

# Reference: https://twitter.com/crep1x/status/1600129411629473792

http://195.201.250.87
http://195.201.255.246

# Reference: https://twitter.com/crep1x/status/1600839833114800129
# Reference: https://twitter.com/abuse_ch/status/1600855987946016768
# Reference: https://tria.ge/221208-p35zzsda5x

http://142.132.236.84
http://95.217.25.31
blendres.us
braveappbrowser.us
mslaftrebunrer.us
nvidiaexpirianse.us
obcproject.us

# Reference: https://twitter.com/l205306/status/1600861214485417985

coronasfree.com
freesoftwarelab.org
tensoft.store
x-soft.re

# Reference: https://twitter.com/idclickthat/status/1602678773236858882
# Reference: https://www.virustotal.com/gui/ip-address/31.31.196.171/relations

rufus-sootf.site
rufussootf.online
rufussootf.site
rufussootf.space

# Reference: https://twitter.com/crep1x/status/1603739742910169088
# Reference: https://twitter.com/crep1x/status/1603739749012738048
# Reference: https://tria.ge/221216-pvfecsef97
# Reference: https://tria.ge/221215-xs7ptsgb2x/behavioral2

http://116.202.6.49
http://168.119.243.28
http://94.131.98.49
http://95.217.24.210
amyldesk.com
anlmlydesk.com
bragwe.com
download-wallet.net
traldingveiw.com
traldlngview.com
zoow.us

# Reference: https://twitter.com/idclickthat/status/1603917198673805314
# Reference: https://www.virustotal.com/gui/file/decede09c564d8816cd6d5c9ef887adfc60e3880a47eca94e68de0179aa544a4/detection
# Reference: https://www.virustotal.com/gui/file/586923ff9e847ca568e3ee7a24897e02c5406c07c3f14ed33325d0a68ec9b5a2/detection

http://95.216.207.27
tradingapp.tech
tradingviewdownloads.com

# Reference: https://www.virustotal.com/gui/file/7006c4b851cbd7e8e97e7d9d94313c80e0be8cf12d7f814854b1a9cf7b3841b6/detection
# Reference: https://www.virustotal.com/gui/file/64cff0c222e7ed1fd41cddd842288c52c0ddd55a72a2276dd84c32d10111ca0d/detection

http://77.73.131.193

# Misc.

metatrader-5.net
metatrader-download.net

# Reference: https://twitter.com/jstrosch/status/1606045107970486272

http://152.89.218.27

# Reference: https://twitter.com/idclickthat/status/1607860641238323201

http://195.201.251.249
intuitquickbooks.space

# Reference: https://twitter.com/malware_traffic/status/1608690081178750976
# Reference: https://www.virustotal.com/gui/file/050ac31eccb687f01aa3ee0c16217d6d103b796bb606ddf4e3d0013af689e08c/detection

http://45.93.201.62
http://77.73.134.36

# Reference: https://twitter.com/Gi7w0rm/status/1609603582319288323
# Reference: https://tria.ge/230101-s3fa4sca97/behavioral2

http://116.202.4.70
http://116.203.3.152
http://157.90.244.205

# Reference: https://twitter.com/crep1x/status/1609638736366632967

http://116.203.121.167
http://116.203.164.147
http://135.181.204.67
http://185.125.206.181

# Reference: https://www.virustotal.com/gui/file/320aba94c97100f0722bd0acf6ab407f46e309a2e73c8d19dd9eea74e35739b1/detection

http://23.88.49.119

# Reference: https://twitter.com/crep1x/status/1612199364805660673
# Reference: https://twitter.com/crep1x/status/1612199370870460416
# Reference: https://tria.ge/230107-vnc9bahd7x/behavioral2

http://94.130.190.48
1123am.org
7-zlp.quest
7-zlp.shop
7-zlp.xyz
aanybesk.xyz
afteerbumers.lol
afteerbumers.shop
afteerbumers.xyz
afterbbumers.pics
afterbbumers.shop
afterburmer.store
afterburmmeer.website
afterrbburnerr.click
afterrbburnerr.shop
afterrburnerr.click
afterrburnerr.shop
aftersburmers.online
aftersburmers.shop
aftersburmers.xyz
aftterbumer.shop
aftterbumer.store
aftterbumer.xyz
aftterbumers.shop
aftterbumers.xyz
aiu-w.com
amyybeck.com
anyaesk.click
anyaesk.fun
anyaesk.online
anyaesk.site
anyaesk.store
anyaesk.website
anybeck.com
anybeck.site
anybeck.xyz
anybeeskk.xyz
anybek.com
anybesk.xyz
anybessk.xyz
blednar.com
bleednar.click
bleednar.site
bleenbeer.click
bleenbeer.fun
bleenbeer.online
bleenbeer.site
bleenbeer.store
bleenbeer.website
bleenbeer.xyz
blenbber.xyz
blenbeer.xyz
blenbeerr.lol
blenbeerr.xyz
blenber.com
blenber.live
blenber.online
blenber.xyz
blenbere.click
blenbere.fun
blenbere.site
blenbere.store
blenberr.store
blenberr.xyz
blennbeer.online
blennbeer.xyz
blennber.lol
blennber.xyz
bllenber.lol
bllenber.site
blnanseup.xyz
bookinfirst.com
caldairou-bessette.com
dasnlane.click
dasnlane.shop
dasnlane.xyz
dasnlanee.shop
ewga-precision.xyz
firslhorlzom.com
florinaprivateschool.com
flrstharlzan.com
flrstharlzon.click
flrstharlzon.xyz
fox8hen.com
gethonestseo.com
m-afterbbumer.lol
m-afterbbumer.shop
m-afterbbumer.xyz
m-afterbbumers.beauty
m-afterbbumers.christmas
m-afterbbumers.lol
m-afterbbumers.shop
m-afterbbumers.xyz
m-afterbumer.click
m-afterbumer.homes
m-afterbumer.shop
m-afterbummeer.shop
m-afterbummer.shop
m-afterbunar.shop
m-afterburmers.shop
m-afterburmers.xyz
m-afterbuumer.lol
m-afterbuumer.shop
m-afterbuumer.xyz
martianwalel.xyz
martlanwalel.beauty
martlanwalel.hair
martlanwalel.live
martlanwalel.shop
megaobjects.com
msi-afteburner.com
msi-afterbarner.com
msl-afteburner.com
msl-afteburner.link
msl-aftebuurner.xyz
msl-afterbumers.shop
msl-afterbumers.xyz
msl-afturbarner.shop
msl-afturbumeerr.one
msl-afturbumeerr.shop
msl-afturbumeerr.xyz
msl-afturbumer.shop
msl-afturbummeer.one
msl-afturbummeer.shop
msl-afturbummeer.xyz
mslafterbumer.shop
mslafterbumers.click
mslafterbumers.lol
mslafterbumers.shop
msslafteburner.link
obsproector.click
obsproector.xyz
obsprojector.live
obsprojector.online
obsprojector.xyz
obsprojectr.click
obsprojectr.xyz
obsprojectrr.lol
obsprojectrr.xyz
pipeliningutah.com
robimhod.com
rufuc.xyz
rufuuc.click
rufuuc.lol
rufuuc.site
rufuuc.store
rufuuc.xyz
rufuucc.lol
rufuucc.xyz
ruufuc.store
samouraivvallel.xyz
sbccu.xyz
sejaitaliano.net
sellmya36.com
sketcn-up.click
sketcn-up.lol
sketcn-up.shop
sketcn-up.xyz
slaks.online
slaks.store
slaks.website
slaskc.website
slaskc.xyz
slaskkc.xyz
slasskc.website
slasskc.xyz
teamwieever.live
teamwieever.online
teamwieever.xyz
telecomandotelevisione.com
traidlngvieew.online
traidlngvieew.shop
traidlngvieew.xyz
traidlngview.shop
traidlngview.xyz
traidlngvieww.shop
traidlngvieww.xyz
traldlngvlew.xyz
unlfufsu.xyz
wasabiwolet.xyz
wasabiwollet.xyz
wideolan.click
wideolan.club
wideolan.shop
zksyn-io.xyz

# Reference: https://twitter.com/DonPasci/status/1612529338015965208
# Reference: https://www.virustotal.com/gui/ip-address/170.130.40.34/relations

acrobatsadobes.icu
anydesk-software.site
anydeskdownload.icu
gimps.icu

# Reference: https://twitter.com/DonPasci/status/1612846842605359106
# Reference: https://www.virustotal.com/gui/ip-address/77.73.131.130/relations

brave-browser-instal.store
brave-browser-softvvare.com
brave-browser-softwares.com
brave-browser-softwere.com
brave-browser.cam
brave-browser.xyz
brave-browsers.live
brave-browsyr.store
brave-browzers.store
brave-browzir.biz
brave-browzir.store
brave-brser.biz
brave-dovvnlaod.store
brave-download-setup.cam
brave-download-setup.live
brave-instai.store
brave-instail.store
brave-installs.biz
brave-installs.store
brave-installs.xyz
bravebrowzer.cam
bravebrowzer.live
bravebrowzer.site
bravebrwser.biz
creative-cloud-info.com
creative-cloud-panel.com
creative-cloud.live
creative-cloud.pro
creative-cloud.xyz
hetflix-2023.cam
hetflix-instal.cam
hetflix-instal.store
hetflix-install2023.store
hetflix-installs.cam
hetflix-pc-install.cam
hetflix-pc-setup.cam
hetflix-pc.cam
notepab.cam
notepad-pl-us-plus.com
notepadinfo.biz
notepadinfo.cam
notepadinfo.pro
notepadownload.cam
notepadpl-us-plus.cam
notepadplus-plus.cam
notepadplusplusihstall.com
notepadplusplusinstal.cam
notepadplusplusinstall.cam
notepadplusplusinstall.pro
notepadplusplusinstall.store
notepadplusplusinstall.xyz
notepadplusplusinstaller.cam
notepadplusplusinstaller.store
notepadplusplusinstalls.cam
notepadplusplusinstals.cam
notepadplusplusinstals.store
notepadplusplusinstals.xyz
notepadsplu-plusinstall.com
obs-prject.store
obs-prjectx.store
obs-projec-soft.store
obs-project-downloading.com
obs-project-soft.store
obs-project-software.store
obs-projectx.biz
obs-projest.store
obs-projict-install.store
obsinstaller.cam
obsinstaller.com
obsinstalls.biz
obsinstalls.com
obsinstalls.store
obsinstallsoft.com
obslaboratory.store
obslabs.cam
obslabs.pro
obsprject.pro
obsprject.store
obsprjects.com
obsprjjject.store
obsprojicts.com
obsrecord.store
obsstream.store
okiawaabots.store
okiawabots.store
okiawabotswork.store
okiawagang.store

# Reference: https://threatfox.abuse.ch/ioc/1068148/
# Reference: https://threatfox.abuse.ch/ioc/1068149/

http://5.75.182.6
http://65.109.190.87

# Reference: https://twitter.com/JAMESWT_MHT/status/1613893102262951937
# Reference: https://twitter.com/yvesago/status/1613851481077161984
# Reference: https://app.any.run/tasks/a1ec516d-6a4b-46e4-9bed-99da40e4ff59/
# Reference: https://www.virustotal.com/gui/file/72cf01d835129bd2b829391f098c17fd444f6b105651736c19c9f937479b591e/detection

http://5.75.203.81
http://78.47.228.65
http://91.107.156.138
aduducity.org
audacityeteam.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven

aanybesk.click
traidlngvieew.site

# Reference: https://twitter.com/1ZRR4H/status/1614689336242348033

http://91.107.158.249
blenderno.org
qiupm.org
tradervwiev.org

# Reference: https://twitter.com/mdmck10/status/1615010474088611842
# Reference: https://www.virustotal.com/gui/ip-address/79.137.197.61/relations

androidcarts.com
best-finance-news.com
brosno.com
cancerpedia.com
com.brosno.com
com.cancerpedia.com
com.consulenzapro.com
com.ctsided.com
com.piensa-engrande.com
com.prifense.com
com.sunceam-news.com
consulenzapro.com
ctsided.com
domifybot.com
hantarjer.com
letstreamin.space
obsproject.com.brosno.com
obsproject.com.cancerpedia.com
obsproject.com.consulenzapro.com
obsproject.com.ctsided.com
obsproject.com.piensa-engrande.com
obsproject.com.prifense.com
obsproject.com.sunceam-news.com
piensa-engrande.com
prifense.com
sunceam-news.com

# Reference: https://twitter.com/mdmck10/status/1615015220077887488
# Reference: https://www.virustotal.com/gui/ip-address/185.149.120.133/relations

audacslty.site
audasite.online
audasite.site
audasite.space
audasite.website
docstore.app
glmps.site
godstreamsview.fun
godstreamsview.online
godstreamsview.site
godstreamsview.space
godstreamsview.website
godstreamsviews.fun
godstreamsviews.online
godstreamsviews.site
godstreamsviews.space
godstreamsviews.website
letstreamin.space
obcproect.site
obcprolect.com
oblproject.com
obmprolect.com
obpproject.com
obrproject.com
obsproect.site
obsspro.online
obsspro.site
obsspro.website
obstremsview.online
obstremswiev.fun
obstremswiev.online
obstremswiev.site
obstremswiev.space
odstraeming.fun
odstraeming.online
odstraeming.site
odstraeming.space
odstraeming.website
odstreamsviews.fun
odstreamsviews.online
odstreamsviews.site
odstreamsviews.space
odstreamsviews.website
ostreeming.fun
ostreeming.online
ostreeming.site
ostreeming.space
ostreeming.website
qobstreamsview.fun
qobstreamsview.online
qobstreamsview.site
qobstreamsview.website
qobstreamsviews.fun
qobstreamsviews.online
qobstreamsviews.site
qobstreamsviews.space
qobstreamsviews.website
sgparroquial.app
techinovation.fun
techinovation.online
techinovation.site
techinovation.space
techinovation.website
tecinnovation.fun
tecinnovation.online
tecinnovation.site
tecinnovation.space
tecinnovation.website
tecinnovations.online
tecinovations.pw
vilc.site

# Reference: https://twitter.com/malwrhunterteam/status/1615129063257001984

blenelder.org
blenderno.org

# Reference: https://twitter.com/malwrhunterteam/status/1615145024299175941
# Reference: https://www.virustotal.com/gui/ip-address/198.54.114.162/relations

capcut-brl.online
capcut-desktop.online
capcut-downloads.online
capcut-edits.online
capcut-pc.online
capcut-pcdownload.online
capcut-pro.online
capcut-windows.online
ccleaner-pc.online
clickminded.online
cyprusroyalestates.com
foxit-pc.online
hidemyass.online
internetdownloadmanager-pc.online
kinemaster.website
kmplayer-pc.online
notepad-pc.online
pipiads.online
softwarefullcrack.online
theslidequest.online
videolan-pc.online
winrar-pc.online
winrar-pro.online

# Reference: https://www.virustotal.com/gui/file/4a8ccf53b785ab0ee93db39aaa6d656c19a7705d5a38f298a6bc5fa8250995f3/detection

http://23.137.249.5
/fs89rh4nfg0.php

# Reference: https://twitter.com/malwrhunterteam/status/1615776570307657730
# Reference: https://www.virustotal.com/gui/file/b1af4c462b411699595be17c4373dea4ce739339682874f0f3dc231d8cef744d/detection

http://65.21.119.56
ripple-wells-2022.org

# Reference: https://twitter.com/CSICCybersecur1/status/1615794289719808000
# Reference: https://threatresearch.ext.hp.com/adverts-mimicking-popular-software-leads-to-malware/

audacite.org
blenderon.org

# Reference: https://tria.ge/230118-zksl2shf29/behavioral2

http://65.109.208.140

# Reference: https://twitter.com/crep1x/status/1615840062729605122
# Reference: https://tria.ge/230118-1q7htsfe4y/behavioral2

http://88.198.120.151
brave-browser.edudlplomss.com

# Reference: https://github.com/brad-duncan/IOCs/blob/main/2023-01-19-IOCs-for-Fake-Notepad-plus-plus-page-and-malware.txt

notpad-plus-plus.com

# Reference: https://tria.ge/230120-zn2zwsbf9s/behavioral1

http://45.93.201.114
http://65.109.208.142

# Reference: https://www.virustotal.com/gui/file/55154520c70873a559f4dffa7984201a49dcf8d50a3f2782cb72cc940116168b/detection

http://65.109.200.241

# Reference: https://community.emergingthreats.net/t/vidar-stealer-picks-up-steam/271

http://142.132.169.161
http://78.46.238.118
http://78.47.172.233
http://78.47.225.61
http://78.47.233.145

# Reference: https://otx.alienvault.com/pulse/63cc2e0bdcf82dd7a1016c43
# Reference: https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijacking-search-results/
# Reference: https://www.virustotal.com/gui/file/0c5e7987dd67a8313fed90262b5bf678f19854ee0948e9ceb75f095cba1feecf/detection
# Reference: https://www.virustotal.com/gui/file/1ea1ac062289988a73823ff8e9d3349eeb6e42a2180bee8250d3c4217d6f33e9/detection
# Reference: https://www.virustotal.com/gui/file/8c0bfb0cfb89c367745b8c09e0d1ca790494ce7bf064748f7b47f5a204a5457f/detection

http://74.119.194.167
blender-s.org
blendersa.org
blender3dorg.fras6899.odns.fr

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/

http://116.202.0.132
http://116.202.185.129
http://116.202.185.202
http://116.202.30.165
http://116.202.6.47
http://116.202.7.135
http://116.202.8.130
http://116.203.11.245
http://116.203.11.45
http://116.203.13.130
http://116.203.164.194
http://116.203.165.188
http://116.203.166.139
http://116.203.211.149
http://116.203.220.83
http://116.203.69.150
http://116.203.7.201
http://128.140.13.168
http://135.181.26.183
http://135.181.27.186
http://135.181.87.234
http://138.201.94.79
http://142.132.168.13
http://142.132.228.165
http://146.70.131.216
http://146.70.20.236
http://157.230.123.128
http://157.90.145.118
http://157.90.161.227
http://159.69.223.112
http://159.69.50.190
http://161.35.28.183
http://162.55.40.72
http://164.92.172.75
http://165.227.167.218
http://167.235.153.37
http://168.119.59.211
http://185.130.47.220
http://185.149.120.9
http://185.162.177.26
http://185.203.119.148
http://188.119.112.77
http://195.201.237.253
http://195.201.251.109
http://195.201.253.86
http://195.201.255.32
http://195.201.45.16
http://195.201.45.203
http://195.201.45.53
http://195.201.46.32
http://195.201.47.75
http://217.160.170.6
http://23.106.122.140
http://23.145.40.109
http://37.123.196.7
http://45.159.48.224
http://45.8.145.14
http://45.8.147.151
http://45.8.147.51
http://49.12.112.48
http://49.12.113.110
http://49.12.117.107
http://49.12.118.167
http://49.12.119.56
http://5.75.159.217
http://5.75.167.38
http://65.108.86.196
http://65.109.164.83
http://65.109.201.11
http://65.109.236.2
http://65.21.58.6
http://77.73.133.32
http://78.46.235.109
http://78.46.254.12
http://78.47.168.170
http://78.47.225.60
http://78.47.31.221
http://88.198.108.245
http://88.198.116.74
http://88.99.120.56
http://91.107.199.176
http://91.107.199.224
http://91.107.229.205
http://91.107.229.3
http://91.107.232.62
http://94.130.190.118
http://94.130.190.86
http://94.131.105.147
http://95.216.179.190
http://95.217.152.87
http://95.217.157.160
http://95.217.221.82
http://95.217.233.36
http://95.217.240.249
http://95.217.240.6
http://95.217.29.138
116.202.1.171:1010
49.12.119.193:9100
49.12.34.6:1010
5.75.234.140:8333
88.99.124.27:1010
91.215.85.198:35964
2022-12-01znegeulfluxsisilafamille.blog.msi-afteburner.com
2022-12-02znegeulfluxsisilafamille.wp.msl-afteburner.com
42c150df-96bf-4714-9d76-9b9c8f464b9c.msl-afteburner.com
56988011-f30d-45c5-a604-63d3f977f48b.firslhorlzom.com
5f7f20b6-142f-4be4-b2f3-162a57f19e8f.msl-afteburner.com
79161e492f6e.firslhorlzom.com
7b6d99a9-c61e-438f-908d-9c5d71038dd5.msi-afteburner.com
94efb512-1b7e-42dd-8799-bee584ec6305.msi-afteburner.com
989e6127-7d52-4162-a517-79161e492f6e.firslhorlzom.com
a63cf611-acbd-4806-82f5-8d5b3160d1a9.robimhod.com
app.msl-afteburner.com
app.msl-afteburner.link
app.msl-aftebuurner.xyz
b2b.firslhorlzom.com
b2b.gethonestseo.com
b2b.msi-afteburner.com
b2b.msl-afteburner.com
b2b.msl-afteburner.link
b2b.msl-aftebuurner.xyz
b2b.msslafteburner.link
b2b.robimhod.com
blog.firslhorlzom.com
blog.hostmaster.caldairou-bessette.com
blog.megaobjects.com
blog.msi-afteburner.com
blog.msl-afteburner.com
blog.msl-afteburner.link
blog.msl-aftebuurner.xyz
blog.msslafteburner.link
cd8h4oikbfgntfve6p40.msl-afteburner.link
cd9es62kbfgq26rbe220.msl-afteburner.link
crm.msl-aftebuurner.xyz
crm.msslafteburner.link
crm.robimhod.com
d7jr1cj6.sejaitaliano.net
ec1ccef2-ccd2-4ab4-9a6f-fda5f8e6a66d.robimhod.com
enter.bookinfirst.com
enter.firslhorlzom.com
enter.msi-afteburner.com
enter.msl-afteburner.com
f4a38fb8-74af-4a65-8330-7afca66eb7df.firslhorlzom.com
fda5f8e6a66d.robimhod.com
forum.firslhorlzom.com
git.app.msl-afteburner.com
git.app.msl-afteburner.link
git.app.msl-aftebuurner.xyz
git.b2b.firslhorlzom.com
git.b2b.msi-afteburner.com
git.b2b.msl-afteburner.link
git.b2b.msslafteburner.link
git.blog.firslhorlzom.com
git.blog.msl-afteburner.com
git.blog.msl-afteburner.link
git.blog.msl-aftebuurner.xyz
git.blog.msslafteburner.link
git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.crm.msl-aftebuurner.xyz
git.enter.firslhorlzom.com
git.enter.msl-afteburner.com
git.firslhorlzom.com
git.git.app.msl-afteburner.com
git.git.app.msl-aftebuurner.xyz
git.git.b2b.msi-afteburner.com
git.git.blog.firslhorlzom.com
git.git.blog.msl-afteburner.com
git.git.blog.msl-afteburner.link
git.git.blog.msl-aftebuurner.xyz
git.git.blog.msslafteburner.link
git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.app.msl-afteburner.com
git.git.git.app.msl-aftebuurner.xyz
git.git.git.b2b.msi-afteburner.com
git.git.git.blog.firslhorlzom.com
git.git.git.blog.msl-afteburner.com
git.git.git.blog.msl-afteburner.link
git.git.git.blog.msslafteburner.link
git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.firsthorizon.com.gethonestseo.com
git.git.git.git.app.msl-aftebuurner.xyz
git.git.git.git.b2b.msi-afteburner.com
git.git.git.git.blog.firslhorlzom.com
git.git.git.git.blog.msl-afteburner.com
git.git.git.git.blog.msl-afteburner.link
git.git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.git.git.app.msl-aftebuurner.xyz
git.git.git.git.git.blog.firslhorlzom.com
git.git.git.git.git.blog.msl-afteburner.com
git.git.git.git.git.blog.msl-afteburner.link
git.git.git.git.git.cd9es62kbfgq26rbe220.msl-afteburner.link
git.git.git.git.git.git.blog.firslhorlzom.com
git.git.git.git.git.git.blog.msl-afteburner.link
git.git.git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.git.m.msi-afteburner.com
git.git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.git.git.m.msi-afteburner.com
git.git.git.git.git.msi-afteburner.com
git.git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.git.git.gitlab.gitlab.sitemap.sellmya36.com
git.git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.git.gitlab.sitemaps.msl-afteburner.link
git.git.git.git.m.msi-afteburner.com
git.git.git.git.mail.msl-aftebuurner.xyz
git.git.git.git.msi-afteburner.com
git.git.git.git.sitemap.msl-afteburner.link
git.git.git.git.sitemaps.msi-afteburner.com
git.git.git.gitlab.blog.hostmaster.gethonestseo.com
git.git.git.gitlab.blog.msl-aftebuurner.xyz
git.git.git.gitlab.enter.firslhorlzom.com
git.git.git.gitlab.git.sitemaps.robimhod.com
git.git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.git.gitlab.m.msl-afteburner.com
git.git.git.gitlab.msl-afteburner.com
git.git.git.gitlab.shop.msl-afteburner.link
git.git.git.gitlab.sitemap.msl-afteburner.link
git.git.git.gitlab.sitemap.robimhod.com
git.git.git.gitlab.sitemaps.msl-afteburner.link
git.git.git.gitlab.sitemaps.robimhod.com
git.git.git.m.msi-afteburner.com
git.git.git.m.msl-afteburner.com
git.git.git.mail.msl-aftebuurner.xyz
git.git.git.msi-afteburner.com
git.git.git.sitemap.msl-afteburner.link
git.git.git.sitemaps.msi-afteburner.com
git.git.git.speedycrm.robimhod.com
git.git.gitlab.app.msl-afteburner.com
git.git.gitlab.blog.hostmaster.gethonestseo.com
git.git.gitlab.blog.msl-aftebuurner.xyz
git.git.gitlab.enter.firslhorlzom.com
git.git.gitlab.git.blog.hostmaster.gethonestseo.com
git.git.gitlab.git.blog.msslafteburner.link
git.git.gitlab.git.enter.firslhorlzom.com
git.git.gitlab.git.git.app.msl-afteburner.com
git.git.gitlab.git.git.blog.msslafteburner.link
git.git.gitlab.git.git.gitlab.wp.msi-afteburner.com
git.git.gitlab.git.git.wp.msi-afteburner.com
git.git.gitlab.git.gitlab.enter.firslhorlzom.com
git.git.gitlab.git.gitlab.git.wp.msl-afteburner.com
git.git.gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.git.gitlab.sitemap.robimhod.com
git.git.gitlab.git.gitlab.wp.firslhorlzom.com
git.git.gitlab.git.sitemaps.msl-afteburner.link
git.git.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.git.wordpress.msl-afteburner.link
git.git.gitlab.git.wp.msl-afteburner.com
git.git.gitlab.git.wp.sejaitaliano.net
git.git.gitlab.gitlab.git.app.msl-afteburner.com
git.git.gitlab.gitlab.git.firslhorlzom.com
git.git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
git.git.gitlab.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.git.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
git.git.gitlab.gitlab.gitlab.gitlab.1.bookinfirst.com
git.git.gitlab.gitlab.gitlab.secure.bookinfirst.com
git.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.git.gitlab.gitlab.sitemap.robimhod.com
git.git.gitlab.gitlab.wp.firslhorlzom.com
git.git.gitlab.m.msl-afteburner.com
git.git.gitlab.msl-afteburner.com
git.git.gitlab.shop.msl-afteburner.link
git.git.gitlab.shop.msslafteburner.link
git.git.gitlab.sitemap.msl-afteburner.link
git.git.gitlab.sitemap.robimhod.com
git.git.gitlab.sitemaps.msl-afteburner.link
git.git.gitlab.sitemaps.robimhod.com
git.git.gitlab.wp.firslhorlzom.com
git.git.gitlab.wp.msi-afteburner.com
git.git.m.msi-afteburner.com
git.git.m.msl-afteburner.com
git.git.m.msl-aftebuurner.xyz
git.git.mail.msl-aftebuurner.xyz
git.git.msi-afteburner.com
git.git.msl-aftebuurner.xyz
git.git.old.msl-afteburner.link
git.git.robimhod.com
git.git.sitemap.msl-afteburner.link
git.git.sitemaps.msi-afteburner.com
git.git.sitemaps.msl-afteburner.link
git.git.speedycrm.robimhod.com
git.git.test.msslafteburner.link
git.git.wp.msi-afteburner.com
git.gitlab.app.msl-afteburner.com
git.gitlab.b2b.msl-afteburner.com
git.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.enter.firslhorlzom.com
git.gitlab.git.app.msl-afteburner.com
git.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.git.blog.msslafteburner.link
git.gitlab.git.enter.firslhorlzom.com
git.gitlab.git.git.app.msl-afteburner.com
git.gitlab.git.git.blog.msl-aftebuurner.xyz
git.gitlab.git.git.blog.msslafteburner.link
git.gitlab.git.git.git.blog.msslafteburner.link
git.gitlab.git.git.git.git.b2b.msi-afteburner.com
git.gitlab.git.git.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.git.git.gitlab.sitemaps.msl-afteburner.link
git.gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.git.gitlab.enter.firslhorlzom.com
git.gitlab.git.git.gitlab.git.sitemaps.robimhod.com
git.gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.git.git.gitlab.shop.msl-afteburner.link
git.gitlab.git.git.gitlab.wp.msi-afteburner.com
git.gitlab.git.git.m.msl-afteburner.com
git.gitlab.git.git.wp.msi-afteburner.com
git.gitlab.git.gitlab.app.msl-afteburner.com
git.gitlab.git.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.git.gitlab.enter.firslhorlzom.com
git.gitlab.git.gitlab.git.git.blog.msslafteburner.link
git.gitlab.git.gitlab.git.wp.msl-afteburner.com
git.gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.git.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.git.gitlab.sitemap.robimhod.com
git.gitlab.git.gitlab.wp.firslhorlzom.com
git.gitlab.git.gitlab.wp.msl-afteburner.com
git.gitlab.git.m.msl-afteburner.com
git.gitlab.git.sitemaps.msl-afteburner.link
git.gitlab.git.sitemaps.robimhod.com
git.gitlab.git.wordpress.msl-afteburner.link
git.gitlab.git.wp.msl-afteburner.com
git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.app.msl-afteburner.com
git.gitlab.gitlab.git.b2b.msi-afteburner.com
git.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.firslhorlzom.com
git.gitlab.gitlab.git.git.app.msl-afteburner.com
git.gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.git.git.b2b.msi-afteburner.com
git.gitlab.gitlab.git.git.mail.msl-aftebuurner.xyz
git.gitlab.gitlab.git.gitlab.git.app.msl-afteburner.com
git.gitlab.gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.git.m.msl-afteburner.com
git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
git.gitlab.gitlab.git.sitemaps.robimhod.com
git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.gitlab.gitlab.gitlab.blog.hostmaster.gethonestseo.com
git.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.enter.msl-afteburner.com
git.gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
git.gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
git.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
git.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
git.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.gitlab.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.gitlab.gitlab.shop.msslafteburner.link
git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
git.gitlab.gitlab.old.firslhorlzom.com
git.gitlab.gitlab.sitemap.robimhod.com
git.gitlab.gitlab.sitemaps.msl-afteburner.link
git.gitlab.gitlab.test.msl-afteburner.link
git.gitlab.gitlab.wp.firslhorlzom.com
git.gitlab.m.msl-afteburner.com
git.gitlab.msl-afteburner.com
git.gitlab.old.msl-afteburner.link
git.gitlab.shop.msi-afteburner.com
git.gitlab.shop.msl-afteburner.link
git.gitlab.shop.msslafteburner.link
git.gitlab.sitemap.msl-afteburner.link
git.gitlab.sitemap.robimhod.com
git.gitlab.sitemaps.msl-afteburner.link
git.gitlab.sitemaps.robimhod.com
git.gitlab.test.msl-afteburner.link
git.gitlab.wordpress.msl-afteburner.com
git.gitlab.wp.firslhorlzom.com
git.gitlab.wp.msi-afteburner.com
git.gitlab.wp.msl-afteburner.com
git.lime.msl-aftebuurner.xyz
git.m.msi-afteburner.com
git.m.msl-afteburner.com
git.m.msl-aftebuurner.xyz
git.mail.msl-aftebuurner.xyz
git.msi-afteburner.com
git.msl-aftebuurner.xyz
git.old.firslhorlzom.com
git.old.msl-afteburner.link
git.old.msslafteburner.link
git.robimhod.com
git.sitemap.msl-afteburner.link
git.sitemaps.msi-afteburner.com
git.sitemaps.msl-afteburner.link
git.sitemaps.robimhod.com
git.speedycrm.robimhod.com
git.test.msslafteburner.link
git.wordpress.msi-afteburner.com
git.wordpress.msl-afteburner.com
git.wordpress.msl-afteburner.link
git.wordpress.msslafteburner.link
git.wp.msi-afteburner.com
git.wp.msl-afteburner.com
gitlab.app.msl-afteburner.com
gitlab.b2b.msl-afteburner.com
gitlab.b2b.msl-afteburner.link
gitlab.b2b.msslafteburner.link
gitlab.blog.hostmaster.gethonestseo.com
gitlab.blog.msl-aftebuurner.xyz
gitlab.blog.msslafteburner.link
gitlab.enter.firslhorlzom.com
gitlab.enter.msi-afteburner.com
gitlab.enter.msl-afteburner.com
gitlab.git.app.msl-afteburner.com
gitlab.git.b2b.msi-afteburner.com
gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.blog.msslafteburner.link
gitlab.git.enter.firslhorlzom.com
gitlab.git.firslhorlzom.com
gitlab.git.git.app.msl-afteburner.com
gitlab.git.git.b2b.msi-afteburner.com
gitlab.git.git.blog.caldairou-bessette.com
gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.git.git.blog.msslafteburner.link
gitlab.git.git.git.app.msl-afteburner.com
gitlab.git.git.git.b2b.msi-afteburner.com
gitlab.git.git.git.blog.msslafteburner.link
gitlab.git.git.git.git.b2b.msi-afteburner.com
gitlab.git.git.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.git.git.wp.sejaitaliano.net
gitlab.git.git.git.gitlab.blog.hostmaster.gethonestseo.com
gitlab.git.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.git.git.gitlab.m.msl-afteburner.com
gitlab.git.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.git.gitlab.sitemap.robimhod.com
gitlab.git.git.git.gitlab.sitemaps.msl-afteburner.link
gitlab.git.git.gitlab.app.msl-afteburner.com
gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.git.gitlab.enter.firslhorlzom.com
gitlab.git.git.gitlab.git.enter.firslhorlzom.com
gitlab.git.git.gitlab.git.git.blog.msslafteburner.link
gitlab.git.git.gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.git.gitlab.git.sitemaps.robimhod.com
gitlab.git.git.gitlab.git.wp.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.git.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.git.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.git.git.gitlab.gitlab.gitlab.wp.msl-afteburner.com
gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
gitlab.git.git.gitlab.shop.msl-afteburner.link
gitlab.git.git.gitlab.wp.firslhorlzom.com
gitlab.git.git.gitlab.wp.msi-afteburner.com
gitlab.git.git.m.msl-afteburner.com
gitlab.git.git.mail.msl-aftebuurner.xyz
gitlab.git.git.secure.bookinfirst.com
gitlab.git.git.wp.msi-afteburner.com
gitlab.git.git.x1.bookinfirst.com
gitlab.git.gitlab.app.msl-afteburner.com
gitlab.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.enter.firslhorlzom.com
gitlab.git.gitlab.git.app.msl-afteburner.com
gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.blog.msslafteburner.link
gitlab.git.gitlab.git.git.git.blog.msslafteburner.link
gitlab.git.gitlab.git.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.git.gitlab.wp.msi-afteburner.com
gitlab.git.gitlab.git.gitlab.app.msl-afteburner.com
gitlab.git.gitlab.git.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.git.gitlab.enter.firslhorlzom.com
gitlab.git.gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.git.sitemaps.robimhod.com
gitlab.git.gitlab.git.wordpress.msl-afteburner.link
gitlab.git.gitlab.git.wp.msl-afteburner.com
gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.git.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.blog.sellmya36.com
gitlab.git.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.git.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.git.gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.git.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.git.gitlab.gitlab.gitlab.secure.bookinfirst.com
gitlab.git.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.git.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.git.gitlab.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.hostmaster.sellmya36.com
gitlab.git.gitlab.sitemap.robimhod.com
gitlab.git.gitlab.wp.firslhorlzom.com
gitlab.git.gitlab.wp.msl-afteburner.com
gitlab.git.m.msl-afteburner.com
gitlab.git.old.msl-afteburner.link
gitlab.git.sitemap.msl-afteburner.link
gitlab.git.sitemaps.msl-afteburner.link
gitlab.git.sitemaps.robimhod.com
gitlab.git.wordpress.msl-afteburner.link
gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.app.msl-afteburner.com
gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.b2b.msl-afteburner.link
gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.enter.firslhorlzom.com
gitlab.gitlab.enter.msl-afteburner.com
gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.enter.firslhorlzom.com
gitlab.gitlab.git.firslhorlzom.com
gitlab.gitlab.git.git.app.msl-afteburner.com
gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.git.git.app.msl-afteburner.com
gitlab.gitlab.git.git.git.b2b.msi-afteburner.com
gitlab.gitlab.git.git.git.blog.msslafteburner.link
gitlab.gitlab.git.git.git.git.b2b.msi-afteburner.com
gitlab.gitlab.git.git.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.git.git.m.msl-afteburner.com
gitlab.gitlab.git.git.mail.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.app.msl-afteburner.com
gitlab.gitlab.git.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.git.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.git.git.blog.msslafteburner.link
gitlab.gitlab.git.gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.git.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.git.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.git.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.git.gitlab.sitemaps.robimhod.com
gitlab.gitlab.git.gitlab.wp.msl-afteburner.com
gitlab.gitlab.git.m.msl-afteburner.com
gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.git.wp.msl-afteburner.com
gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.blog.hostmaster.gethonestseo.com
gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.enter.msl-afteburner.com
gitlab.gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.gitlab.git.b2b.msi-afteburner.com
gitlab.gitlab.gitlab.git.blog.hostmaster.gethonestseo.com
gitlab.gitlab.gitlab.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.git.firslhorlzom.com
gitlab.gitlab.gitlab.git.git.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.git.sitemaps.msl-afteburner.link
gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.blog.msl-aftebuurner.xyz
gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.git.app.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.git.sitemaps.robimhod.com
gitlab.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.gitlab.blog.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.gitlab.gitlab.b2b.msl-afteburner.com
gitlab.gitlab.gitlab.gitlab.gitlab.sitemap.pipeliningutah.com
gitlab.gitlab.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.m.msl-afteburner.com
gitlab.gitlab.gitlab.old.firslhorlzom.com
gitlab.gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.gitlab.wp.msi-afteburner.com
gitlab.gitlab.gitlab.wp.msl-afteburner.com
gitlab.gitlab.m.msl-afteburner.com
gitlab.gitlab.old.firslhorlzom.com
gitlab.gitlab.old.msl-afteburner.link
gitlab.gitlab.shop.msi-afteburner.com
gitlab.gitlab.shop.msslafteburner.link
gitlab.gitlab.sitemap.robimhod.com
gitlab.gitlab.sitemaps.msl-afteburner.link
gitlab.gitlab.test.msl-afteburner.link
gitlab.gitlab.wordpress.msl-afteburner.com
gitlab.gitlab.wordpress.msslafteburner.link
gitlab.gitlab.wp.firslhorlzom.com
gitlab.gitlab.wp.msi-afteburner.com
gitlab.gitlab.wp.msl-afteburner.com
gitlab.m.msl-afteburner.com
gitlab.msl-afteburner.com
gitlab.old.firslhorlzom.com
gitlab.old.msl-afteburner.link
gitlab.shop.firslhorlzom.com
gitlab.shop.msi-afteburner.com
gitlab.shop.msl-afteburner.link
gitlab.shop.msslafteburner.link
gitlab.sitemap.msl-afteburner.link
gitlab.sitemap.robimhod.com
gitlab.sitemaps.msl-afteburner.link
gitlab.sitemaps.robimhod.com
gitlab.test.msi-afteburner.com
gitlab.test.msl-afteburner.link
gitlab.wordpress.msl-afteburner.com
gitlab.wordpress.msslafteburner.link
gitlab.wp.firslhorlzom.com
gitlab.wp.msi-afteburner.com
gitlab.wp.msl-afteburner.com
hostmaster.bookinfirst.com
hostmaster.gethonestseo.com
hostmaster.megaobjects.com
lime.msl-aftebuurner.xyz
lime.robimhod.com
m.msi-afteburner.com
m.msl-afteburner.com
m.msl-aftebuurner.xyz
mail.megaobjects.com
mail.msl-aftebuurner.xyz
msl-afterbarnur.gethonestseo.com
noteany.com
old.firslhorlzom.com
old.gethonestseo.com
old.msl-afteburner.link
old.msslafteburner.link
ruletka-na-dengi-onlayn.caldairou-bessette.com
shop.bookinfirst.com
shop.firslhorlzom.com
shop.msi-afteburner.com
shop.msl-afteburner.com
shop.msl-afteburner.link
shop.msslafteburner.link
sitemap.firslhorlzom.com
sitemap.msi-afteburner.com
sitemap.msl-afteburner.link
sitemap.msslafteburner.link
sitemap.robimhod.com
sitemaps.msi-afteburner.com
sitemaps.msl-afteburner.link
sitemaps.robimhod.com
speedycrm.msl-aftebuurner.xyz
speedycrm.robimhod.com
test.bookinfirst.com
test.gethonestseo.com
test.msi-afteburner.com
test.msl-afteburner.link
test.msl-aftebuurner.xyz
test.msslafteburner.link
test.robimhod.com
wordpress.firslhorlzom.com
wordpress.msi-afteburner.com
wordpress.msl-afteburner.com
wordpress.msl-afteburner.link
wordpress.msslafteburner.link
wp.bookinfirst.com
wp.firslhorlzom.com
wp.msi-afteburner.com
wp.msl-afteburner.com
wp.msl-afteburner.link
wp.msl-aftebuurner.xyz
wp.msslafteburner.link
wp.robimhod.com
zksyncio.xyz
zoomdowndesktop.store

# Reference: https://twitter.com/ULTRAFRAUD/status/1617185995526443008
# Reference: https://twitter.com/ULTRAFRAUD/status/1617918997156229120
# Reference: https://www.virustotal.com/gui/ip-address/185.163.204.10/relations

http://5.75.149.127
download-davinci.duckdns.org
download-davinci17.duckdns.org
download-obsstudio.duckdns.org
download-sqlite.duckdns.org

# Reference: https://twitter.com/Artilllerie/status/1617490471470903296

malwarebytes-premium.com

# Reference: https://twitter.com/tosscoinwitcher/status/1617588555995574274
# Reference: https://www.virustotal.com/gui/ip-address/191.101.13.129/relations

anydeskcloud.tech

# Reference: https://twitter.com/malwrhunterteam/status/1617618773045018625
# Reference: https://twitter.com/tosscoinwitcher/status/1617623026157383680
# Reference: https://tria.ge/230123-zchf4sfc94/behavioral2

http://65.109.210.114
nvidladrlvers.top
nvldia-graphics.online
safe.nvidladrlvers.top

# Reference: https://twitter.com/malwrhunterteam/status/1617961361593749505
# Reference: https://www.virustotal.com/gui/ip-address/172.67.138.234/relations

nvidia-graphics.top

# Reference: https://twitter.com/Gi7w0rm/status/1618185842899705856
# Reference: https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure

my-odin.com
my-vidar.com
my-vidar.net
new.my-odin.com
old.my-vidar.net
new.my-vidar.net

# Reference: https://twitter.com/Malwar3Ninja/status/1618279742041640960
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.7/relations

audacityu.org
belunder.org
blenderlo.org
downleoad.com
rufuse.org
tradingview-ger.org
tradingview-get.org

# Reference: https://www.virustotal.com/gui/ip-address/172.67.163.176/relations

trebingview.com

# Reference: https://twitter.com/StopMalvertisin/status/1618253036018892801
# Reference: https://www.virustotal.com/gui/ip-address/104.21.24.164/relations

tendencyquicksand.xyz
tradingview-usa.club
traidstok.website

# Reference: https://twitter.com/malwrhunterteam/status/1618362802552573953

geforce-official.online
geforce-official.site
nvidia-drive3.site

# Reference: https://twitter.com/malwrhunterteam/status/1618735590870228995

geforse-drlvers.site

# Reference: https://twitter.com/irfan_eternal/status/1618260845343178754
# Reference: https://app.any.run/tasks/f0414d59-0ea3-4d8a-a6d8-724cdacd8b42/

http://95.217.16.127

# Reference: https://twitter.com/idclickthat/status/1620465213589049345
# Reference: https://tria.ge/230131-tzkbbsha89

http://116.203.6.107
http://135.181.41.147

# Reference: https://twitter.com/x3ph1/status/1623011203005001749
# Reference: https://www.virustotal.com/gui/file/0c2229f5d5bd61fd8ac9cec0cb4da07f733ac3ae007d8b2b7da3376c047102dd/detection

http://49.12.239.21
http://65.109.168.191
http://65.109.7.48
http://95.217.240.157

# Reference: https://threatfox.abuse.ch/browse/tag/vidar (# up-to 10th Feb 2023)

http://116.202.181.160
http://116.203.1.203
http://116.203.9.69
http://135.181.203.71
http://135.181.43.158
http://142.132.228.93
http://157.90.148.112
http://167.235.246.125
http://168.119.236.82
http://195.201.254.227
http://49.12.79.235
http://5.182.37.147
http://65.108.249.43
http://65.109.136.136
http://65.109.168.175
http://78.47.216.96
http://88.198.152.171
http://88.198.95.89
http://94.130.75.1
http://95.217.240.133
http://95.217.246.37
activatorshome.com
anydesktop.tech
bigcracks.com
crack11.com
crackbye.com
cracked1.com
cracked4pc.com
crackedplugs.net
crackfair.com
crackgive.com
crackleft.com
crackmix.com
crackmypc.com
crackport.com
crackpull.com
crackright.com
cracksaw.com
cracksend.com
cracksir.com
freecrackapp.com
fullkeygens.com
getfreecracks.com
getmecrack.com
hitpcsoft.com
hotpcsoft.com
incracks.com
justsofts.com
keygenbro.com
keygenhere.com
keyslog.com
licenseapps.com
licensedaily.com
licensehd.com
licenselive.com
nvldladriver.com
pc-crack.com
pcsoftnew.com
playcrack.com
plug-cracked.com
plug-torrent.com
plug-torrents.com
plugin-torrents.com
pluginstorrents.com
powercrack.com
rrvldladrlwers.top
serialkeygens.com
softsnew.com
starcrack.net
team-viewer.monashenki.com
topcrackpatch.com
up2pc.com
up4crack.com
upcracks.com
vcracks.com
vipcracks.com
vstcrackx.com
win-crack.com
windowcrack.com
windowsbay.com
windowsroom.com

# Reference: https://www.virustotal.com/gui/file/7858bffea20cffd024d5132442c44feb6f6c68b3e0b60fc3622d83ddd2793923/detection

hugersi.com

# Reference: https://twitter.com/TrackerC2Bot/status/1618226763519197184

drampik.com

# Reference: https://www.virustotal.com/gui/file/012498bb79e5b2914abac4b8343510a8cd180a92d11ec087f66dfd87a202f41c/detection

propanla.com

# Reference: https://twitter.com/TrackerC2Bot/status/1615056181587808276

http://45.12.253.56
http://45.12.253.72
http://45.12.253.75
http://45.12.253.98

# Reference: https://www.virustotal.com/gui/file/001997f3e75c1e0e3857f79186bfc2af22a043a2e3bd9b640a22b9f59dbc9149/detection

http://116.203.245.137
abgtt.com

# Reference: https://www.virustotal.com/gui/file/02214be7a1ec20e21ab4209575618bb2a5090f15b53c4aaaac9490634d6aa48b/detection

http://159.69.203.58

# Reference: https://www.virustotal.com/gui/file/32cf0e4532d6617a76a22f45edfe5d10ecbaf10040cedffdb2cea5126b6ff053/detection

http://116.203.127.162

# Reference: https://twitter.com/TrackerC2Bot/status/1623039112298090496

http://109.230.199.110
http://170.130.165.60
http://176.10.111.164
http://176.10.119.209
http://176.10.119.217
http://176.10.125.84
http://185.158.248.100
http://185.90.162.33
http://194.76.225.88
http://37.10.71.114
http://45.11.183.24
http://79.132.130.73
http://79.132.130.76
http://79.132.133.128
http://79.132.134.158
http://91.242.219.235
http://91.242.219.237

# Reference: https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign#the-phish

http://195.201.44.125
http://23.88.36.149
http://95.216.164.28

# Reference: https://github.com/SEKOIA-IO/Community/blob/main/IOCs/stealc/stealc_iocs_20230220.csv

http://146.70.161.51
http://162.0.238.10
http://167.235.62.105
http://176.124.192.200
http://179.43.162.89
http://179.43.162.94
http://185.130.46.214
http://185.143.223.136
http://185.242.87.149
http://185.247.184.7
http://185.5.248.95
http://194.4.51.160
http://194.87.31.146
http://195.74.86.37
http://23.88.116.117
http://37.120.238.190
http://37.220.87.65
http://45.136.49.247
http://45.136.50.69
http://45.136.51.61
http://45.144.29.176
http://45.87.153.50
http://5.75.138.201
http://65.109.3.34
http://77.246.156.93
http://84.246.85.80
http://85.239.54.29
http://91.215.85.188
http://91.228.225.46
http://94.131.99.185
http://94.142.138.11
http://94.142.138.48
http://95.216.112.83
http://95.217.143.99
666palm.com
777palm.com
aa-cj.com
fff-ttt.com
moneylandry.com
start-not.com

# Reference: https://www.virustotal.com/gui/file/28f8308941a1e87dfe3130238669ac16af3150aa2e284a1ba07eeb10ecbce17e/detection

http://91.215.85.213

# Reference: https://twitter.com/idclickthat/status/1628819842496188417

http://116.202.181.154
http://78.47.226.24
http://89.40.14.155
panelco.su

# Reference: https://tria.ge/230222-yxyhdsfb6z/behavioral2

http://167.235.249.225
bbc-s.news

# Reference: https://www.virustotal.com/gui/ip-address/141.8.192.169/relations

notepadt-plus-pluss.com

# Reference: https://twitter.com/crep1x/status/1630193006446870530

http://157.90.113.100
http://167.235.226.106
http://65.109.9.93

# Reference: https://twitter.com/Artilllerie/status/1630985137319018510

blenderfoundation.site

# Reference: https://twitter.com/crep1x/status/1630992258584518656

systemupdate-microsoft.top

# Reference: https://twitter.com/wwp96/status/1631777007259496449
# Reference: https://app.any.run/tasks/37a143c6-630d-4417-a3d2-f1437aa6346a/

http://81.240.108.170

# Reference: https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7
# Reference: https://otx.alienvault.com/pulse/63ff9979b5c3b385741f5737

http://195.123.226.167
http://45.9.74.78

# Reference: https://twitter.com/ULTRAFRAUD/status/1632479744972267520

download-discord.top

# Reference: https://twitter.com/Artilllerie/status/1633836712584712196
# Reference: https://www.virustotal.com/gui/file/4310c4b30bc9b398ae2259d30b79e784e4e674caafca7a75f962bb0085474e1a/detection

http://65.109.12.165
http://95.216.183.16
ccleanersetup.com

# Reference: https://www.virustotal.com/gui/file/903ff55224c1ec533bc09336407a5ab211e29c93d49eddb2bfa28ae60c02e1e7/detection

http://85.31.45.100

# Reference: https://twitter.com/DonPasci/status/1635991291560435714

putty.sbs

# Reference: https://twitter.com/Artilllerie/status/1638563848792752129

http://82.117.255.80
afterburnermsi.info

# Reference: https://www.virustotal.com/gui/file/a2c9201bae028ac3ec48f5fa2fd5df4d2a387052713e79aa54eedd603d818b99/detection

http://116.202.183.154

# Reference: https://twitter.com/0xToxin/status/1640013648725680128
# Reference: https://tria.ge/230326-sncxfagh98/behavioral2

app4j.org

# Reference: https://www.virustotal.com/gui/file/13a0b3e462a014b605489df82b082618b64d7292140bbfdbb7b58e683cb80b3b/detection

http://159.69.103.216

# Reference: https://twitter.com/crep1x/status/1640464556173705217

http://116.203.10.236
dumepad.com
hurimis.com
kisomer.com
metersik.com
nuktose.com
nviktus.com
onmepdum.com
opriky.com
poomcis.com
vikolin.com
viulinik.com

# Reference: https://twitter.com/GuardYourDomain/status/1643263801301532674

nordvpncloud.com

# Reference: https://www.virustotal.com/gui/file/19446bdf86ecbc053df4e6c222d2bc1ac3b926638895ec1068c0557f2daa4837/detection

http://212.113.116.213
http://179.43.155.207

# Reference: https://twitter.com/ULTRAFRAUD/status/1646259248119140355

trading-view-download.alibuilderusa.com

# Reference: https://twitter.com/powershellcode/status/1646277775031144448
# Reference: https://www.virustotal.com/gui/file/060bb41b14196768ac984a1bb76d80cb59ec7a157fcbd4c0538a37f11047446e/detection

http://195.201.251.197

# Reference: https://twitter.com/robemtnez/status/1620478415244754944

notepadplusplus.site
download-notepad-plus-plus.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1646609191568658458
# Reference: https://www.virustotal.com/gui/file/6fdfb56033dd92edfde1461cab42042d38ce43b8f2cb75872e7435e62ed744ca/detection

http://31.41.244.251

# Reference: https://www.quorumcyber.com/wp-content/uploads/2023/01/Malware-Analysis-Vidar.pdf

msconfig.noip.me

# Reference: https://tria.ge/230404-2l3vhsae34/behavioral2

vooip5884.ddns.net
/YUHI87PJM.php

# Reference: https://www.virustotal.com/gui/file/e89e9d32d5142ccaa36ec5b215c5493786a90af78b29f4ad20ee05d276b26edb/detection

http://45.80.69.193
/glazomer/payload
/manager/payload

# Reference: https://www.virustotal.com/gui/file/0ae89ff0f8f57e30516f60a3a73d7bf3c0199b92031c933a8300f3f5663430f1/detection

http://193.42.32.154

# Reference: https://twitter.com/crep1x/status/1648063048815464480

http://45.159.248.242

# Reference: https://www.virustotal.com/gui/file/02de7dc70bed64b07d9556aed181e3d8ee811f86736684f69f3973e7e8fef104/detection

http://116.202.6.237

# Reference: https://www.virustotal.com/gui/file/5e16d11733b3516e3efc69145980eae528a987ae7d46819dfb8e8328a6d876ec/detection

http://195.201.44.70

# Reference: https://www.virustotal.com/gui/file/54b988703926e5d730271adf35e27d5a51a2a1eabd392dcafc4e85f8accb5e3f/detection

asianspades.com

# Reference: https://www.virustotal.com/gui/file/061170f26cd5572bd80552df4a346244c55de6f5b2afe55476ab343647db57e6/detection

prohomedevs.com

# Reference: https://www.virustotal.com/gui/file/ccb65cdcc68b20e736bc4f09b6b34a6d7ed3330f5bfb56245d2c598fa020317b/detection

http://104.156.149.33
http://46.151.26.234

# Reference: https://twitter.com/crep1x/status/1650555642900361223

http://116.203.15.24
http://116.203.240.51
http://116.203.7.73
http://95.217.246.227
116.203.2.149:11111
116.203.220.83:11111

# Reference: https://twitter.com/ULTRAFRAUD/status/1651684332296106004

http://91.215.85.198
116.203.6.40:131
cyberghostvpn.live

# Reference: https://twitter.com/g0njxa/status/1652034044299714563

http://5.78.106.48

# Reference: https://www.virustotal.com/gui/file/867c574602105903116dca0a8b826e474a555980a193524d1aa7f15aecbc9ae4/detection

http://193.233.134.57

# Reference: https://www.virustotal.com/gui/file/eae4b77ea1c206dc0a5fd6c0f34d2eae940b8fd20558aadf67ae4481099db184/detection

http://65.109.225.236

# Reference: https://twitter.com/g0njxa/status/1652643842342936579

168.119.169.139:131
cheatforall.art

# Reference: https://twitter.com/idclickthat/status/1653394620750102528
# Reference: https://www.virustotal.com/gui/ip-address/212.118.55.237/relations
# Reference: https://www.virustotal.com/gui/ip-address/77.246.97.103/relations
# Reference: https://tria.ge/230502-qmp49sda61/behavioral2

91.215.85.198:22322
bestdogdaycaresoftware.com
bluevaultsoftware.net
colos-software.com
emanagesoftware.com
fortnitegm.online
ldplayer.site
ldplayer.website
omnilinksoftware.com
shoflosoftware.com
softreseller.online
softwarebeginner.com
sublime-text.pw
sublumetext.online

# Reference: https://twitter.com/g0njxa/status/1654129493655846919

freeforall.blog

# Reference: https://twitter.com/g0njxa/status/1656016314694004736
# Reference: https://app.any.run/tasks/c4341419-3e31-433b-978d-4b06b6a12b92/

http://5.75.128.76
buyivermectinforsale.com
utils-world.site

# Reference: https://twitter.com/g0njxa/status/1657750839048413185
# Reference: https://www.virustotal.com/gui/file/0c31938a4ae468dbfe9ee5c2d3d6cd8e79ce2d64e28e9fbe4d5271c0b0bcdbdf/detection

116.202.1.79:9100
softwave.cc

# Reference: https://www.virustotal.com/gui/file/3d2fe825ec28a455c83711a7f1f696500180b8f90e42ba084623ec7fc7ddbc86/detection

http://128.140.94.214
scr3.365tv.ma
scr5.365tv.ma

# Reference: https://www.virustotal.com/gui/file/1e42d63ed11929379e5739414c944bc755fb2e212eb475777de4a7e0ef54c517/detection

167.235.199.208:8333

# Reference: https://twitter.com/g0njxa/status/1662432191249281025

http://185.99.133.229
firstsoftapp.com
smalltalkit.com
stablever.store

# Reference: https://twitter.com/DonPasci/status/1663193292555661313
# Reference: https://tria.ge/230529-rphzeacb85/behavioral1#report
# Reference: https://www.virustotal.com/gui/ip-address/148.163.92.27/relations
# Reference: https://www.virustotal.com/gui/file/83abf60f7eb7656fa3671ad754fced48d6e8f732f44faaf805343e3dbdab5393/detection

avolina.co
download-canva.com
download-capcut.com
download-capcut.online
download-skylum.com
download-videofacebook.online
downloads-anydeks.com
downloadsdesktop.com
notepads-plus.com

# Reference: https://twitter.com/g0njxa/status/1665833355831660547
# Reference: https://www.virustotal.com/gui/file/034b56e83a37e3120a001596342a68aa99747d9a184ade42eb88cd39e2472543/detection

http://65.21.240.228
116.202.4.61:490
boraflow.click

# Reference: https://www.virustotal.com/gui/file/2d2211d9266e7080e6e12d150829935a3f0794e4d499199f9c7480de02b458d7/detection

http://179.43.142.99

# Reference: https://www.virustotal.com/gui/file/29edb23e89b1512a4c044133cbafc863eb2710f8d8d3828ee0583cd1c528da60/detection

5.75.213.157:490

# Reference: https://cert-agid.gov.it/wp-content/uploads/2023/07/vidar_05-07-2023.json

http://116.202.176.70
http://116.203.14.106
195.123.218.236:8080
5.75.208.184:27016

# Reference: https://www.virustotal.com/gui/file/06a279f25d37992d3c85c3c294c9aa9013c11bb6048bdff3206724b87d41f7c0/detection

5.75.208.196:27015

# Reference: https://www.virustotal.com/gui/file/29dd4e665950e1a7dfa9dc73954b2ae77e87f383215db64584d39eaa7601e787/detection

5.75.209.44:13370

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-07-23)

http://116.203.15.76
http://116.203.164.141
http://116.203.165.219
http://116.203.166.104
http://116.203.166.131
http://116.203.166.22
http://116.203.167.3
http://121.127.33.76
http://128.140.10.42
http://128.140.35.86
http://128.140.41.121
http://128.140.88.54
http://135.181.109.100
http://135.181.32.61
http://135.181.46.141
http://142.132.230.215
http://159.69.250.177
http://162.55.169.178
http://162.55.53.95
http://167.235.75.183
http://167.235.75.60
http://168.119.178.159
http://168.119.55.206
http://172.86.77.42
http://179.43.142.251
http://193.106.175.116
http://193.27.90.10
http://193.27.90.10/
http://193.27.90.104
http://194.87.31.199
http://195.201.234.139
http://195.201.251.46
http://195.201.253.168
http://195.201.44.70/
http://195.201.45.110
http://217.196.96.187
http://23.88.46.113
http://37.27.0.69
http://37.27.6.23
http://45.136.49.229
http://45.86.86.144
http://49.13.59.137
http://49.13.9.29
http://5.42.87.152
http://5.75.142.250
http://5.75.152.241
http://5.75.188.254
http://5.75.210.95
http://5.75.213.23
http://5.75.240.14
http://77.91.78.175
http://78.47.195.134
http://79.137.148.125
http://79.137.199.241
http://79.137.248.125
http://79.137.248.55
http://80.85.241.165
http://88.99.87.20
http://91.107.209.224
http://94.130.148.34
http://94.130.56.27
http://94.142.138.228
http://95.216.221.102
116.202.3.149:3306
116.202.5.112:27015
116.202.5.168:11022
116.202.6.52:27016
116.202.7.239:30303
128.140.84.26:3306
128.140.92.122:8081
142.132.183.252:22022
162.55.169.178:11022
167.235.204.174:27016
167.235.207.108:490
168.119.51.197:13370
188.34.154.187:30303
49.12.115.154:8333
49.13.50.61:27015
5.75.188.254:3306
5.75.209.169:11022
5.75.209.76:3306
5.75.211.155:8081
5.75.211.167:8081
5.75.213.102:22022
78.47.123.243:13370
78.47.228.71:22022
78.47.34.59:30303
fever2new.top
log5ny.top
new2bs.top
new2pnev.top
newr2bb.top
newv2up.top
ny2new.top
ny2pnews.top
p2newer.top
pan2.top
pn2nnev.top
sb2pnew.top

# Reference: https://twitter.com/Jane_0sint/status/1684500500430086144
# Reference: https://twitter.com/naumovax/status/1684893815272853504
# Reference: https://app.any.run/tasks/2e1fdb67-78fe-4d1e-a699-22a2c74faa8d/
# Reference: https://app.any.run/tasks/7072c560-bec2-4eb7-bd49-740f344aedfc/

94.142.138.119:45245
194.50.153.158:45243
systemcontrolmanage.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-07-28)

http://116.202.188.78
http://116.203.6.40:131
http://135.148.113.181
http://79.137.206.122
http://83.97.79.248
5.75.211.220:12771
5.75.214.16:12771

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-07-31)

http://152.89.198.34
http://159.69.83.200
http://167.235.136.41
http://172.86.70.117
http://172.86.77.102
http://185.161.248.78
http://185.209.161.53
http://185.244.48.81
http://185.254.37.234
http://194.50.153.181
http://194.50.153.23
http://194.59.31.66
http://194.59.31.67
http://195.2.84.205
http://212.118.43.207
http://23.184.48.114
http://45.12.253.67
http://45.15.157.135
http://45.15.159.188
http://45.150.65.128
http://46.29.234.95
http://5.42.64.28
http://5.75.240.249
http://5.78.104.95
http://62.113.115.22
http://65.21.118.113
http://65.21.150.74
http://65.21.87.125
http://77.105.146.152
http://77.91.123.99
http://79.137.202.62
http://79.137.206.248
http://91.103.252.12
http://91.103.252.143
http://91.103.252.28
http://91.103.252.32
http://91.212.166.50
http://95.214.25.241
http://95.217.102.100
adriaenclaeys.top
blogvpnreserch.com
bubbloityu.xyz
nwstats3.site
pretzelsget.top
reserchvpn.com
rewe-coupouns.com
sertateweliser.store
unlikeget.top
weak-sar.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-07-31)

http://78.47.122.222
49.13.60.242:12771

# Reference: https://www.virustotal.com/gui/ip-address/45.159.248.244/relations

rar-uploads.top
rare-upload.top
rars-upload.top
rarz-upload.top
updownloadrar.top
updownloadware.top
upsoft-rar.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-02)

http://77.73.131.100
http://77.91.97.18
http://94.131.101.77
http://95.217.241.202
http://95.217.242.246
116.203.165.166:27002
78.47.72.178:27002

# Reference: https://threatfox.abuse.ch/ioc/1148963/

http://128.140.122.28

# Reference: https://threatfox.abuse.ch/ioc/1149113/

http://65.21.187.146

# Reference: https://threatfox.abuse.ch/ioc/1149248/

195.201.251.182:27015

# Reference: https://threatfox.abuse.ch/ioc/1149250/

http://91.103.253.50

# Reference: https://threatfox.abuse.ch/ioc/1149482/

116.203.166.240:27015

# Reference: https://threatfox.abuse.ch/ioc/1149697/

159.69.198.239:27015

# Reference: https://threatfox.abuse.ch/ioc/1149864/

http://135.148.76.83

# Reference: https://www.virustotal.com/gui/file/6b2687ee65d8d51dfc255e3c9f7b0874eb5360a42e818417c3e920d25bb1b365/detection

http://45.9.74.92

# Reference: https://threatfox.abuse.ch/ioc/1150149/

94.130.190.4:8080

# Reference: https://threatfox.abuse.ch/ioc/1150409/

http://5.42.65.52

# Reference: https://threatfox.abuse.ch/ioc/1150540/

195.201.47.241:8080

# Reference: https://threatfox.abuse.ch/ioc/1150622/

http://94.228.169.55

# Reference: https://threatfox.abuse.ch/ioc/1150639/

http://81.19.137.220

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-18)

http://116.202.177.109
http://116.203.42.123
http://116.203.7.113
http://116.203.9.153
http://128.140.45.45
http://135.181.39.142
http://146.70.169.174
http://176.31.25.213
http://193.233.133.110
http://195.201.45.115
http://213.142.147.139
http://37.27.11.1
http://37.27.17.95
http://49.12.200.224
http://49.13.27.53
http://5.75.211.155
http://5.75.211.167
http://5.75.211.220
http://65.21.252.46
http://79.137.204.77
http://79.137.248.233
http://95.216.183.42
http://95.217.219.73
http://95.217.246.133
http://95.217.28.234
168.119.174.1:8080
5.75.171.168:27002

# Reference: https://www.esentire.com/blog/stealc-delivered-via-deceptive-google-sheets
# Reference: https://www.virustotal.com/gui/file/c6f9f905201196951ed12e8e09b92328aa31e4b46a01701a15607f48da9d3438/detection

http://89.208.105.162

# Reference: https://threatfox.abuse.ch/ioc/1151414/

reinroot.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-22)

http://95.217.243.179
http://95.217.243.71
116.203.5.218:10099
195.201.249.225:10099

# Reference: https://www.virustotal.com/gui/file/34a0f848bbcf609398fbffbc14a3b070f6e5c15c4987785c29db8de7d46f9bd6/detection

http://91.107.224.80

# Reference: https://www.virustotal.com/gui/ip-address/195.58.51.86/relations
# Reference: https://www.virustotal.com/gui/file/efe76e209a9575bc73aa11a6c35be706087fdc696645821c5959a4f445540e3d/detection
# Reference: https://www.virustotal.com/gui/file/3a0540a3db9219f4f54fe07ce1777f8c1087b5ed126e5a404935a925e367593c/detection

andrewjohnson.top
davidlewis.top

# Reference: https://twitter.com/Cyber0verload/status/1694947702360952852
# Reference: https://twitter.com/Cyber0verload/status/1694948025045540865

anyget.top
arthurmaes.top
bernhardtroost.top
bobstayget.top
carlestrada.top
charlesjones.top
davidharris.top
frankjackson.top
getbehavior.top
getburritos.top
geteatable.top
getfink.top
getgym.top
getindication.top
getnoon.top
getspeak.top
jamesperez.top
jeffmorales.top
jerrysmith.top
joelhammond.top
joscramp.top
kennethpeters.top
larsvanderwal.top
marijnricken.top
metacarpusget.top
michaeljohnson.top
michealjohnson.top
normanhoffman.top
pickledget.top
publisherget.top
ralphkors.top
robertelliott.top
ronaldlitt.top
sjoerdstolen.top
weighget.top
widowget.top
williecampbell.top

# Reference: https://threatfox.abuse.ch/ioc/1152217/

http://91.103.252.212

# Reference: https://threatfox.abuse.ch/ioc/1152264/

128.140.47.150:10099

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-08-30)

http://135.148.113.144
http://135.181.198.32
http://45.138.74.114
http://5.42.76.165
http://79.137.206.192
http://179.43.155.204
http://179.43.162.75
http://195.201.254.123
http://94.228.170.65
http://95.216.183.69
116.203.6.169:6012
195.201.254.123:6012

# Reference: https://www.virustotal.com/gui/file/45611c3bf02c81345c89c858b0e6a97677cd654af0e76742118da4786d63805c/detection

http://45.15.157.6
http://89.23.96.203

# Reference: https://www.virustotal.com/gui/file/e873eddaa1059da8dde9c190061637183f4169876ff9fcb21e1f1a13754f4c20/detection

scapitg.live

# Reference: https://threatfox.abuse.ch/ioc/1152871/

http://45.147.197.114

# Reference: https://threatfox.abuse.ch/ioc/1153450/

http://91.103.252.242

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-04)

http://65.109.229.201
116.203.75.210:6012

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-05)

http://195.201.248.117
http://5.42.76.5
http://5.42.79.33
http://80.85.241.108
5.75.209.196:9000

# Reference: https://threatfox.abuse.ch/ioc/1155383/

http://77.105.146.175

# Reference: https://threatfox.abuse.ch/ioc/1155409/

http://116.203.15.252

# Reference: https://threatfox.abuse.ch/ioc/1155407/

78.47.49.22:9000

# Reference: https://threatfox.abuse.ch/ioc/1155481/

http://5.161.188.133

# Reference: https://threatfox.abuse.ch/ioc/1155778/

http://217.196.96.228

# Reference: https://threatfox.abuse.ch/ioc/1155798/

http://45.147.197.249

# Reference: https://urlhaus.abuse.ch/browse/tag/Stealc/

http://104.245.33.157
http://116.203.125.44
http://128.140.91.217
http://141.98.6.54
http://162.55.212.236
http://162.55.215.42
http://178.20.41.96
http://179.43.155.203
http://179.43.162.125
http://185.119.196.167
http://193.109.85.62
http://193.42.32.206
http://194.120.116.120
http://194.87.45.68
http://212.113.106.72
http://212.86.109.106
http://23.227.202.68
http://23.88.122.134
http://45.61.137.151
http://45.87.154.30
http://45.95.233.60
http://5.255.125.41
http://5.42.66.25
http://5.42.66.3
http://5.75.155.1
http://5.75.232.223
http://5.78.100.243
http://5.78.104.48
http://64.52.80.24
http://65.108.20.233
http://65.109.2.12
http://77.105.146.130
http://77.91.124.231
http://77.91.68.238
http://77.91.78.245
http://77.91.84.172
http://77.91.84.41
http://79.137.203.144
http://80.66.79.48
http://80.85.241.225
http://80.85.241.84
http://80.94.95.137
http://81.19.137.198
http://82.117.255.211
http://85.192.41.196
http://88.119.168.142
http://91.107.196.27
http://91.107.224.54
http://94.131.104.50
http://94.142.138.240
http://94.142.138.41
http://95.217.124.180
http://95.217.232.10
agsnv.com
akkolsizidinliyor.com
amanext.com
davidharris.online
givesc.link
givesd.link
h167991.srv21.test-hf.su
h170420.srv22.test-hf.su
h170578.srv22.test-hf.su
i-mode.xyz
industrias-lopez.com
inst-hh.com
jerrysmith.online
justi.su
matthewdavis.link
ndtech.in
oof00.com
projectbewailed.com
rrawdha.com
salutass.com
stablewin32.app
xn----8sbkbfthkmkkzmo6dvh.xn--p1ai
zellewallet.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1700730417731485794
# Reference: https://tria.ge/230910-erx5wsfb37/behavioral2

168.119.191.88:9000

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-10)

http://195.201.131.165
http://89.208.103.204

# Reference: https://threatfox.abuse.ch/ioc/1162430/

http://185.244.48.191

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-11)

http://195.201.250.198
5.75.211.218:27015

# Reference: https://threatfox.abuse.ch/ioc/1163291/

criminalaffair.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-20)

http://116.203.11.147
http://116.203.7.16
http://195.201.121.147
http://78.47.79.33
128.140.120.34:27015
159.69.100.165:10088
49.13.80.90:10088
5.75.212.216:27015
78.47.74.49:10088

# Reference: https://threatfox.abuse.ch/ioc/1163464/

http://185.244.48.221

# Reference: https://threatfox.abuse.ch/ioc/1163722/

http://171.22.28.221

# Reference: https://threatfox.abuse.ch/ioc/1163833/

http://45.155.250.218

# Reference: https://threatfox.abuse.ch/ioc/1163956/

wordpress-1076759-3767880.cloudwaysapps.com

# Reference: https://threatfox.abuse.ch/ioc/1164315/

http://85.209.11.51

# Reference: https://threatfox.abuse.ch/ioc/1164326/

http://179.43.155.157

# Reference: https://threatfox.abuse.ch/ioc/1164387/

http://45.15.157.211

# Reference: https://threatfox.abuse.ch/ioc/1164581/

http://78.47.166.143

# Reference: https://threatfox.abuse.ch/ioc/1164586/

christopherantonio.top

# Reference: https://threatfox.abuse.ch/ioc/1164796/

bryanzachary.top

# Reference: https://threatfox.abuse.ch/ioc/1165532/

http://91.103.252.146

# Reference: https://threatfox.abuse.ch/ioc/1165828/

http://193.168.141.163

# Reference: https://threatfox.abuse.ch/ioc/1165857/

http://5.42.75.167

# Reference: https://threatfox.abuse.ch/ioc/1165946/

http://176.123.8.152

# Reference: https://threatfox.abuse.ch/ioc/1166214/

http://185.161.251.81

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-25)

http://116.202.182.4
http://168.119.168.251
http://79.137.198.7
http://79.137.198.72
http://91.103.253.18
5.75.215.131:1333

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/stealc/stealc_c2s_2022_to_2023.txt

http://109.206.243.134
http://116.203.9.96
http://138.201.221.118
http://152.89.198.95
http://157.90.162.130
http://172.99.189.221
http://176.113.115.26
http://179.43.142.247
http://185.225.74.249
http://193.233.134.93
http://193.233.233.195
http://193.42.32.99
http://194.180.48.244
http://195.201.2.192
http://206.188.196.196
http://37.220.87.73
http://45.12.239.76
http://45.144.28.84
http://45.147.229.23
http://45.147.231.118
http://45.66.230.37
http://5.42.64.88
http://65.108.209.36
http://65.108.210.97
http://65.108.211.9
http://65.109.159.234
http://77.91.123.112
http://77.91.97.21
http://78.47.73.116
http://79.137.203.155
http://82.115.223.203
http://89.208.103.152
http://89.23.108.122
http://89.32.41.133
http://91.103.253.2
http://94.130.170.32
http://94.142.138.83
http://95.214.27.75
http://95.216.114.207
bakbakbak.info
getgoodsa.link

# Reference: https://twitter.com/JAMESWT_MHT/status/1706932650542309590

http://89.23.98.56
89.23.98.56:445

# Reference: https://threatfox.abuse.ch/ioc/1176006/

jesseaustin.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-09-27)

116.202.2.169:1333
49.12.118.209:1333

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-09-28)

http://193.201.8.110
http://208.91.189.189

# Reference: https://www.virustotal.com/gui/file/014797cac586da92f12bea4cda0d400105e0732e1403b51d794cde02c22beeb9/detection
# Reference: https://tria.ge/210926-r8qtcsfac3/behavioral2

requestimedout.com
/xenocrates/zoroaster

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-10-03)

http://116.203.7.13
http://193.201.8.121
http://195.201.228.145
http://195.201.252.3
http://195.201.252.32
http://45.138.74.85
http://45.140.147.83
http://45.15.157.247
http://5.42.65.39
http://91.103.252.74
http://91.103.253.171
http://95.216.187.218
116.202.4.35:1333
168.119.168.251:10088
188.34.152.120:1333
5.75.216.44:27015
aidandylan.top
dominiczachary.top

# Reference: https://www.virustotal.com/gui/file/fa01ef904d819c0101560b473d5be56b326336a1bb9eb31aaad1a6db24255d24/detection

http://217.196.96.138

# Reference: https://www.virustotal.com/gui/file/3b96c89b7d40fca00018a19588be2ec3f305b2da49fd749cb0366ac5b3127027/detection

http://77.91.97.131
77.91.97.131:445

# Reference: https://twitter.com/JAMESWT_MHT/status/1709873142645113323

116.202.7.149:27015

# Reference: https://threatfox.abuse.ch/ioc/1183521/

49.13.86.44:27015

# Reference: https://twitter.com/JAMESWT_MHT/status/1711072138231189940
# Reference: https://app.any.run/tasks/7ab4c455-c7b3-4fa8-a2ed-00bbad0acb40/

http://94.228.162.50

# Reference: https://www.virustotal.com/gui/file/9e07ece83055dad67aa19c1c1c6cd6e8ad2ee14d787cce6f65daf7f6a4a58c40/detection

http://45.147.197.225
http://85.209.11.133

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-10-10)

http://116.203.167.36
http://116.203.24.34
http://116.203.55.91
http://128.140.102.206
http://142.132.186.212
http://168.119.115.218
http://194.169.175.126
http://217.196.96.16
http://49.12.118.149
http://5.42.6.7
http://77.83.92.234
http://77.91.97.146
http://78.47.20.171
http://89.23.98.151
http://91.212.166.95
http://94.130.186.149
88.99.122.198:8000
94.130.189.55:7070
devinjason.top
elijahdiego.top
henryjackson.icu
howardwood.top
kevinrobinson.top
matthewsamuel.top
williammoore.top
wyattsebastian.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1712065662980391334
# Reference: https://app.any.run/tasks/59b5cf5d-cf5f-4a64-8cbd-38bc9fca7c90/

49.12.118.151:8000

# Reference: https://threatfox.abuse.ch/ioc/1188714/

168.119.243.238:8000

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/stealc/stealc_c2s_2023_10_16.txt

http://109.107.182.248
http://116.202.102.6
http://116.203.73.136
http://185.221.196.69
http://193.201.8.123
http://193.233.255.102
http://194.87.71.138
http://49.12.116.189
http://5.75.212.77
http://78.47.219.84
http://91.103.252.11
http://91.103.253.170
116.203.10.96:3306
128.140.102.206:8000
5.75.188.83:3306
78.47.66.147:3306
bidbur.com
tetromask.site

# Reference: https://twitter.com/fr0s7_/status/1714576609527656637
# Reference: https://www.virustotal.com/gui/file/b7980abb0fbb1e27c9dfd24f2d36891986e3325b2596fff09baa3904830eac0c/detection

116.203.14.160:7070

# Reference: https://threatfox.abuse.ch/ioc/1191453/

128.140.96.230:7070

# Reference: https://threatfox.abuse.ch/ioc/1191487/

http://193.233.232.98

# Reference: https://twitter.com/g0njxa/status/1718343906406854907

asdfsdf32r235sdfsdfsdf.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-10-31)

http://142.132.204.231
http://157.90.152.131
http://195.201.255.168
http://23.88.45.254
http://5.75.208.206
http://5.75.209.4
http://89.38.135.11
http://91.215.85.189
116.202.182.32:2083
195.201.249.33:2083
195.201.34.151:2083
jaimemcgee.top
raymonddixon.icu
robertjohnson.top

# Reference: https://threatfox.abuse.ch/ioc/1197789/

jameskelly.top

# Reference: https://threatfox.abuse.ch/ioc/1197906/

ronaldrichards.icu

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-11-06)

http://116.203.165.60
http://116.203.6.243
http://128.140.84.205
http://195.201.44.59
http://5.75.246.16
http://5.75.246.163
http://78.47.151.182
116.203.165.60:2087
116.203.6.243:2087
195.201.251.173:2087
94.130.188.233:2087

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2023-11-07)
# Reference: https://app.validin.com/axon?find=193.106.175.190&type=ip

http://138.201.196.248
http://149.255.35.132
http://157.90.24.248
http://168.119.173.77
http://176.124.198.17
http://185.17.40.133
http://185.172.128.24
http://185.172.128.53
http://185.172.128.79
http://185.244.48.148
http://185.250.45.18
http://185.78.76.13
http://193.187.174.182
http://193.233.232.54
http://195.201.251.173
http://45.87.153.135
http://5.42.64.41
http://5.42.65.54
http://5.42.66.57
http://5.42.92.215
http://5.75.165.104
http://77.105.132.197
http://77.105.132.216
http://77.105.132.229
http://77.91.124.154
http://77.91.124.229
http://77.91.124.233
http://77.91.68.247
http://91.206.178.118
http://91.242.229.100
http://91.92.243.201
http://94.142.138.179
http://95.216.72.17
amotel.xyz
arnaldomondo.icu
arturogillotti.icu
bernardofata.icu
bubbebottle.xyz
danielhamerling.icu
fabianonetto.icu
finnmanninger.icu
florianhabeler.icu
giuliotoro.icu
gsggaoo.top
janmorath.icu
lazzarotata.icu
michaelcoleman.icu
paulcruz.icu
phoenixexec.icu
raphaelbischoff.icu
richardwalker.icu
severinofragola.icu
severinotursi.icu
vewver.xyz
vittoriogioia.icu

# Reference: https://app.validin.com/axon?find=37.139.129.88&type=ip
# Reference: https://app.validin.com/axon?find=45.11.27.150&type=ip
# Reference: https://www.virustotal.com/gui/file/02a8f44506f086128b18c4efb473c58406026d467f4fdcad07c5d02ffe97df47/detection

chadsullivan.top
danielisaiah.top
jackantonio.top
jamesjordan.top
jasongraves.top
jesuscolin.top
robertcook.top
roberthamilton.top

# Reference: https://www.virustotal.com/gui/ip-address/37.139.129.91/relations

bunaliber.top
musonare.top

# Reference: https://twitter.com/JAMESWT_MHT/status/1722902055524724961
# Reference: https://www.virustotal.com/gui/file/2aa3c6dd94498a7a640f8c4aef123024be8edc16d77da79f84354339aff235b3/detection

116.203.166.75:2087

# Reference: https://www.virustotal.com/gui/file/8c970d1175779ee7eae4d510450b89d5ab9ac799027ff4adb8c5e2835243ad6f/detection

5.42.64.13:3000

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-11-13)

http://193.233.255.11
http://5.42.92.55
116.202.189.41:443
116.203.7.211:443
128.140.72.50:443
157.90.152.131:2083
167.235.143.166:443
168.119.173.77:2087
195.201.255.35:443
49.12.119.148:443
49.13.94.153:1021
49.13.94.153:443
65.108.152.136:443
78.47.61.97:443
95.216.176.210:443
95.217.244.44:443

# Reference: https://app.validin.com/axon?find=103.212.81.157
# Reference: https://www.virustotal.com/gui/file/22224f65c07515b2f61e29f7f1a14005d0de54378aa925d9e017bb2ac26b5395/detection

cimcimcim.ac.ug
fillah.ac.ug
nickshort.ac.ug
nickshort.ug

# Reference: https://threatfox.abuse.ch/browse/malware/win.mars_stealer/

pushpointdelivery.com
twinsources.shop
alpha.twinsources.shop

# Reference: https://twitter.com/g0njxa/status/1728055751170527427
# Reference: https://app.any.run/tasks/1d50db5c-056d-4e20-af05-87515eca0c43/
# Reference: https://www.virustotal.com/gui/file/772a2cf41a5e3dedba24c844d549a9fbcb139a719c5b1602c68ff38f91062607/detection

http://185.198.57.117

# Reference: https://censys.com/tracking-vidar-infrastructure/
# Reference: https://otx.alienvault.com/pulse/6560829a84f4d4c9903e5443

http://116.202.189.41
http://116.203.10.96
http://116.203.7.211
http://131.152.90.157
http://151.34.201.195
http://167.235.143.166
http://173.251.201.195
http://189.116.12.49
http://195.20.16.45
http://195.201.34.151
http://49.12.119.148
http://49.13.94.153
http://65.108.152.136
http://78.47.61.97
http://94.130.188.233
http://95.217.244.44
avisclair.com
naxtm.cfd
join.naxtm.cfd

# Reference: https://app.any.run/tasks/f30a98fb-a904-46db-89e8-988b9bd1cdd5/

http://77.91.76.36

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-12-05)

http://195.201.255.35
http://5.42.66.36
http://5.42.75.166
116.202.183.33:25565
116.202.183.33:443
116.202.184.4:443
116.202.184.4:9000
116.203.15.153:443
116.203.165.60:443
116.203.184.78:443
167.235.143.166:1021
195.201.46.226:25565
195.201.46.226:443
195.201.46.42:10200
37.27.20.125:443
65.108.57.141:9000
78.47.104.201:443
94.130.188.133:443
94.130.188.133:9000
95.217.240.71:443
95.217.243.145:443
95.217.243.145:9000
95.217.30.118:443
95.217.30.118:9000
95.217.31.63:25565
95.217.31.63:443
partner-infoservice.online

# Reference: https://twitter.com/JAMESWT_MHT/status/1732630131804455189
# Reference: https://app.any.run/tasks/8e6fba28-d0bd-43aa-9ed6-1f97a4f208ff/

116.202.183.33:25565

# Reference: https://medium.com/@fofabot/analysis-and-tracing-of-the-observerstealer-f9e803694a2b

77.73.134.51:3000
77.73.134.51:3001
91.103.252.17:8912
91.215.85.38:3000

# Reference: https://www.virustotal.com/gui/file/3e9e65b139afe73c38d31ad771845526b70595725209787ce631539c776c7ee9/detection
# Reference: https://www.virustotal.com/gui/file/2dbca09c6e362d69b9684e538ec92cf46bf809a6f9269e8cf6db96d1638a9974/detection

103.212.81.156:24317
91.215.85.223:12484
91.215.85.223:20015
91.215.85.223:24317
91.215.85.223:46017
91.92.248.48:24317
marcaksa.top
pastrasasca.ug

# Reference: https://www.virustotal.com/gui/file/1644fe7f7969fe8724fa0afe45eb73ae03f815939e2a286cc832e322c19fd61d/detection

paipaisdvzxc.ru

# Reference: https://twitter.com/banthisguy9349/status/1733200132106039734

http://88.209.206.36
akttusa.com

# Reference: https://threatfox.abuse.ch/ioc/1211659/

kelenoproc.cc.ua

# Reference: https://www.virustotal.com/gui/file/7a14bf95b11124f6996e015f7becc6f34922c2a3738864215aad46b8714c71b9/detection
# Reference: https://www.virustotal.com/gui/file/33010904b810979cba2d7b44e338ba49899abd8c390ec641a4d6194cc09746e1/detection

microsoft-word.duckdns.org
/xb2vf0iarce5cvvx/util.php
/xb2vf0iarce5cvvx

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-12-12)

116.203.10.143:993
128.140.111.217:3000
168.119.58.175:993
195.201.255.210:3001
5.75.178.5:443
5.75.208.190:993
5.75.211.54:1993
5.75.211.95:3001
88.198.124.209:1993
88.198.124.209:993

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2023-12-24)

116.202.177.141:3000
116.202.180.148:3001
116.203.123.207:3001
116.203.164.22:3000
116.203.3.205:2024
116.203.3.205:443
116.203.3.40:3000
128.140.5.127:3000
142.132.232.235:443
168.119.58.175:443
23.88.121.200:443
5.75.178.5:1993
5.75.209.154:443
5.75.215.64:3001
65.109.242.109:443
78.46.250.172:443
78.47.104.201:25565
95.216.149.92:443
95.216.178.71:443

# Reference: https://www.virustotal.com/gui/file/06c0877edf7076f1d18b6d6a0dfe5e1a28e909cfbfb5868c36f5e0c7b4ad6082/detection

http://46.246.96.149

# Reference: https://threatfox.abuse.ch/browse/malware/win.mars_stealer/ (# 2023-12-25)

couriercare.in
moscow-post.com
moscow-post.ru
msk-post.com
/blogggg/blogger.php
/xaoniu/server/waungowangued/g.php

# Reference: https://threatfox.abuse.ch/ioc/1223674/

http://5.42.66.58

# Reference: https://www.virustotal.com/gui/file/041be18344ea8da345923dd5d2421ad79ed888bca4a9ceebe0aa1030c75e5602/detection

http://194.87.31.229

# Reference: https://twitter.com/karol_paciorek/status/1742170079406530655
# Reference: https://www.virustotal.com/gui/file/ada3f1fca37b6aa5a1b851c10e9d35fb9fd7d757c6e6bcccba173e933ef30837/detection
# Reference: https://www.virustotal.com/gui/file/25418f9accfaa84b3ea5ef662fc2b24f9782d1e2e00c1303f879f11afc2eec7b/detection

egetfile.top
youraiusa.top
v.egetfile.top
tg.egetfile.top
tg.youraiusa.top
testingversion.my-vidar.net
/uFJrXt/builder?hash=

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-01-06)

http://116.202.187.82
http://116.203.167.169
http://128.140.69.37
http://142.132.232.235
http://195.201.44.3
http://195.201.47.172
http://5.75.215.64
http://5.75.220.180
http://95.216.178.60
http://95.217.241.217
168.119.106.20:443
49.12.114.15:10220
5.75.215.64:443
5.75.220.180:443
65.21.188.123:443
95.216.178.60:443
95.217.25.10:443

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-01-12-IOCs-from-StealC-activity.txt

http://109.107.181.33

# Reference: https://www.virustotal.com/gui/file/4436e908111bd5641201fec0b80656609cda5c3d189a5f5e8c3fde69a50f88dc/detection

http://91.92.255.226

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-01-15)

http://128.140.123.120
116.202.0.196:10220
65.109.240.203:443
65.109.241.139:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-01-23)

http://159.69.102.168
http://49.13.6.118
http://5.75.215.163
http://65.109.240.203
http://65.21.187.53
http://95.216.183.138
http://95.217.240.143
http://95.217.243.230
116.202.4.242:2271
159.69.102.168:443
159.69.102.168:7575
37.27.26.28:443
49.12.118.185:2920
49.13.131.64:7575
49.13.6.118:443
5.75.211.130:2271
5.75.215.163:443
5.75.215.163:7575
65.109.242.152:443
65.109.242.38:443
65.109.243.18:443
65.21.187.53:443
88.198.191.199:2920
95.216.183.138:443
95.217.166.29:443
95.217.240.143:443
95.217.243.230:443

# Reference: https://iamdeadlyz.gitbook.io/malware-research/february-2024/outfoxing-a-malicious-pdf-an-attackers-attempt-to-deliver-a-stealc-infostealer

brazilanimalshelp.com

# Reference: https://twitter.com/banthisguy9349/status/1754899303271661649
# Reference: https://www.virustotal.com/gui/file/4314a53c2c41eb8a57a933a4d1d2e3f29f9b5417074c7a12d081411418928f89/detection
# Reference: https://www.virustotal.com/gui/file/2841d614844219e1c2e937b51d5cd94f816f6b1985bf7372f0ee41c5bcb176b5/detection

http://91.215.85.182
91.215.85.182:443

# Reference: https://www.virustotal.com/gui/file/e271f87be79a5c6af329f942af158bfd4c9bc8252caa4d54da89116f4a04d11f/detection

http://185.172.128.127

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-02-12)

http://116.202.3.242
http://49.12.118.45
http://5.75.209.125
http://5.75.211.127
http://5.75.215.113
http://78.46.251.181
http://78.47.191.114
http://88.198.107.6
http://88.99.38.67
http://95.216.181.87
http://95.217.215.24
http://95.217.243.137
116.202.184.165:9000
116.202.3.242:443
116.203.165.197:9000
116.203.6.77:9000
159.69.101.193:5432
49.12.101.249:9000
49.12.118.45:443
49.13.33.99:443
5.75.209.125:443
5.75.211.127:443
5.75.215.113:443
65.109.242.25:443
78.46.251.181:443
78.47.174.101:9000
78.47.191.114:443
78.47.191.114:9000
78.47.233.159:9000
88.198.107.6:443
88.198.108.242:9000
88.99.38.67:443
95.217.209.180:443
95.217.215.24:443
95.217.243.137:443
95.217.28.5:443

# Reference: https://www.virustotal.com/gui/file/32576ecaeba4abaed4a94f26edddc19447f307f494eb629cfa10db5e579f024d/detection

http://195.2.76.141

# Reference: https://www.virustotal.com/gui/file/6762fa8ca76de2282ca3e6dc73577481e5137516fb78be0fa5d2b380b0d71388/detection

193.233.132.58:3111
sswcnet.org
d.sswcnet.org

# Reference: https://www.virustotal.com/gui/file/13878fa249e211d6fe9a3fe49ad570829217e9a75f50fcdd268dc7a6bd1ab5c7/detection

http://185.172.128.145

# Reference: https://twitter.com/Cyberteam008/status/1770440457979359585

http://147.45.78.181
http://185.172.128.208
http://185.172.128.209
http://185.172.128.210
http://185.209.162.38
http://193.143.1.226
http://217.182.197.48
http://91.92.246.201
http://91.92.248.63
http://94.156.8.100

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-03-24)

http://116.202.2.143
http://116.202.4.168
http://116.202.4.240
http://116.203.13.151
http://116.203.3.120
http://142.132.224.223
http://159.69.103.8
http://167.235.207.130
http://49.12.116.63
http://49.13.32.193
http://49.13.32.37
http://49.13.87.142
http://5.75.208.102
http://5.75.208.156
http://5.75.208.68
http://5.75.209.178
http://5.75.211.82
http://5.75.212.96
http://5.75.213.10
http://5.75.213.121
http://5.75.213.155
http://5.75.214.171
http://5.75.221.28
http://65.109.172.49
http://65.109.240.92
http://65.109.242.25
http://65.109.242.251
http://95.216.180.93
http://95.217.240.158
http://95.217.240.44
http://95.217.29.171
http://95.217.31.198
103.35.188.34:39119
116.202.2.143:443
116.202.3.93:443
116.202.4.168:443
116.202.4.240:443
116.202.5.172:443
116.203.117.12:443
116.203.13.151:443
116.203.13.151:9494
116.203.15.173:443
142.132.224.223:443
142.132.224.223:9001
159.69.103.100:443
159.69.103.8:443
195.201.131.130:443
37.27.36.6:9000
45.144.28.165:49119
49.12.103.42:5432
49.12.113.229:443
49.12.116.63:443
49.13.32.231:443
49.13.32.37:443
49.13.33.8:443
49.13.87.142:443
49.13.89.149:443
49.13.89.149:9000
5.75.208.102:443
5.75.208.156:443
5.75.208.68:443
5.75.209.178:443
5.75.209.178:5432
5.75.210.0:443
5.75.211.82:443
5.75.212.96:443
5.75.213.10:443
5.75.213.121:443
5.75.213.155:443
5.75.214.171:443
5.75.214.7:9000
5.75.215.159:9001
5.75.215.43:443
5.75.216.188:443
5.75.221.51:443
65.108.83.243:8081
65.109.11.145:443
65.109.172.49:443
65.109.240.54:8081
65.109.240.92:443
65.109.241.165:8888
65.109.242.251:443
65.109.242.25:5432
65.109.242.97:9000
78.46.233.36:9000
78.47.136.81:443
78.47.223.253:443
78.47.57.253:443
78.47.78.87:443
88.198.107.0:443
88.198.109.225:443
88.198.112.251:10050
88.198.112.251:443
88.99.127.167:9000
95.216.180.93:443
95.216.180.93:9000
95.216.183.48:443
95.217.234.153:443
95.217.240.145:443
95.217.240.152:8081
95.217.240.158:443
95.217.240.44:443
95.217.25.45:8888
95.217.28.14:5432
95.217.28.198:8081
95.217.28.242:8888

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-27%20FakeUpdates%20IOCs

http://193.233.74.31

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-04-11)

http://116.202.186.227
http://116.202.3.93
http://116.202.5.172
http://116.203.117.12
http://116.203.15.173
http://116.203.15.18
http://128.140.125.116
http://159.69.102.165
http://159.69.103.100
http://168.119.60.168
http://195.201.250.50
http://195.201.47.206
http://49.12.113.229
http://49.13.125.250
http://49.13.33.8
http://5.75.211.135
http://5.75.212.236
http://5.75.215.43
http://5.75.216.188
http://5.75.221.51
http://65.109.241.38
http://65.109.242.131
http://65.109.242.143
http://65.109.243.220
http://78.46.229.36
http://78.47.136.81
http://78.47.141.20
http://78.47.221.177
http://78.47.223.253
http://78.47.57.253
http://78.47.78.87
http://80.66.84.68
http://88.198.109.225
http://88.99.122.130
http://95.216.179.73
http://95.217.212.139
http://95.217.240.145
http://95.217.241.187
http://95.217.242.90
http://95.217.27.87
http://95.217.31.143
116.202.186.227:443
116.203.12.29:9000
116.203.14.35:9000
116.203.14.84:5432
116.203.15.18:443
128.140.125.116:443
135.181.97.113:8888
159.69.102.165:443
168.119.60.168:443
195.201.250.50:443
195.201.47.150:5432
195.201.47.206:443
49.13.125.250:443
49.13.149.204:9000
49.13.149.95:9001
5.75.211.135:443
5.75.212.236:443
65.109.241.38:443
65.109.242.131:443
65.109.242.143:443
65.109.243.191:5432
65.109.243.220:443
78.46.229.36:443
78.47.141.20:443
78.47.221.177:443
80.66.84.68:443
88.99.122.130:443
88.99.122.130:5432
94.130.188.149:9000
95.216.176.246:5432
95.216.179.73:443
95.217.155.87:5432
95.217.212.139:443
95.217.241.187:443
95.217.242.90:443
95.217.27.87:443
95.217.31.143:443
95.217.31.228:5432
alexanderalbie.xyz
alexanderarthur.xyz
cytuns.xyz
disear.xyz
galvins.xyz
hepialid.xyz
mogor.xyz
pvasms.top
sares.xyz
stodia.fun
stviw.xyz
suggst.xyz
widur.xyz
yetties.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-04-11)

http://109.107.182.60
http://116.203.180.34
http://147.45.47.71
http://147.45.47.72
http://185.172.128.26
http://185.216.70.109
http://185.244.48.135
http://192.121.87.173
http://193.143.1.168
http://193.163.7.111
http://193.163.7.129
http://193.163.7.160
http://193.163.7.20
http://193.233.132.241
http://212.52.1.40
http://216.98.13.202
http://216.98.9.109
http://37.27.52.220
http://37.27.52.241
http://37.28.157.3
http://5.75.177.20
http://52.143.157.84
http://62.113.119.199
http://77.105.132.208
http://80.66.85.128
http://80.89.239.178
http://82.115.223.87
http://82.115.223.88
http://89.105.201.132
http://89.105.201.188
http://89.105.201.33
http://89.105.223.142
http://91.108.240.151
http://91.202.233.204
http://91.92.246.192
http://91.92.254.245
http://92.246.138.149
http://93.123.39.11
http://94.156.65.61
http://94.156.79.32
http://94.156.8.97
http://95.164.2.59
147.45.78.181:22
185.172.128.145:22
185.172.128.208:22
185.172.128.209:22
185.172.128.26:22
185.209.162.38:22
185.216.70.109:22
193.143.1.168:22
193.143.1.226:22
212.52.1.40:22
217.182.197.48:22
52.143.157.84:22
62.113.119.199:22
91.202.233.204:22
93.123.39.11:22
94.156.79.32:22
94.156.8.97:22
95.164.2.59:22
abrws.com.br
dskflherlkhopihsf.com
ettoregiardina.icu
farozinda.ru
ffud666.com
giveapp.pro
mariles.top
top-adobe.site
unidasg.top

# Reference: https://twitter.com/naumovax/status/1781333396100116870

death1488.com
heckass.monster
iigggkkl.monster
raur94.com
thecurl.monster

# Reference: https://twitter.com/Artilllerie/status/1782332359959892190

bitdefender-app.com

# Reference: https://twitter.com/g0njxa/status/1782849485732794831

malwarebytes.pro

# Reference: https://twitter.com/banthisguy9349/status/1784929522275483785

old.my-odin.com
setip.my-odin.com
setip.my-vidar.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-05-08)

http://116.202.188.155
http://116.203.15.80
http://116.203.164.39
http://159.69.26.61
http://94.130.189.25
116.202.177.31:5432
116.202.178.41:443
116.202.185.144:443
116.202.185.144:5432
116.202.185.228:443
116.202.188.155:443
116.202.190.202:5432
116.203.0.165:443
116.203.12.249:443
116.203.13.134:5432
116.203.15.80:443
116.203.164.39:443
116.203.167.106:5432
116.203.7.126:443
116.203.7.96:443
128.140.8.170:5432
157.90.25.39:5432
159.69.102.118:9000
159.69.26.61:443
195.201.248.34:443
23.88.46.51:9000
23.88.47.9:443
23.88.47.9:5432
3.88.46.51:9000
37.27.11.177:443
37.27.87.155:443
49.12.115.59:443
49.13.149.95:443
49.13.224.6:5432
49.13.32.146:443
5.75.213.100:9000
65.108.152.56:9000
65.109.140.8:443
65.109.240.63:443
65.109.241.217:443
65.109.242.112:9000
65.109.242.73:443
78.47.14.240:443
78.47.186.226:443
78.47.221.177:80
88.198.124.238:443
94.130.189.25:443
95.216.176.100:443
95.216.176.5:443
95.217.240.166:443
95.217.242.142:443
95.217.242.142:9000
95.217.244.99:443
95.217.244.99:5432
95.217.245.42:443
95.217.245.42:9000
95.217.246.168:443
95.217.28.230:443
95.217.28.230:5342
95.217.28.230:5432
95.217.29.187:443
95.217.29.215:443
95.217.9.149:443
aktayho.top
almatac.top
bimbro.xyz
bogote.xyz
bohot.xyz
davltp.xyz
eralaunch.xyz
graims.xyz
hobobo.xyz
hypaton.xyz
karl3on.xyz
kartogra.top
meday.xyz
ndearn.xyz
neuengi.top
nevers.xyz
oktes.xyz
racess.xyz
redddog.xyz
riptode.xyz
soka101.xyz
tenens.xyz
tstarks.xyz
vances.xyz
vtlintro.xyz
woo2tech.xyz
yestohe.xyz

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-05-10)

http://109.172.112.246
http://139.60.162.84
http://146.70.86.229
http://185.172.128.111
http://185.172.128.150
http://185.172.128.151
http://185.172.128.23
http://185.172.128.62
http://185.172.128.76
http://185.70.186.153
http://193.163.7.82
http://193.163.7.88
http://45.11.92.124
http://49.13.229.86
http://62.133.60.205
http://62.133.60.218
http://65.109.170.29
http://89.105.198.253
http://89.23.103.109
http://89.23.103.129
http://89.23.103.132
http://89.23.103.141
http://89.23.103.159
http://89.23.103.165
http://89.23.103.168
http://89.23.103.89
http://89.23.103.96
http://94.156.79.116
http://94.156.79.164
http://95.181.173.85
146.70.86.229:22
185.172.128.23:22
185.172.128.9:22
49.13.229.86:22
62.133.60.205:22
62.133.60.218:22
65.109.170.29:22
89.23.103.109:22
89.23.103.129:22
89.23.103.132:22
89.23.103.141:22
89.23.103.159:22
89.23.103.165:22
89.23.103.168:22
89.23.103.89:22
89.23.103.96:22
94.156.79.116:22
95.181.173.85:22
okkolus.com
shaffatta.com

# Reference: https://x.com/Cyberteam008/status/1792756439003676864

http://116.202.0.24
http://116.202.178.41
http://116.202.185.228
http://116.202.5.235
http://116.202.6.172
http://116.203.0.165
http://116.203.12.249
http://116.203.7.126
http://168.119.166.86
http://49.12.115.112
http://49.13.49.198
http://5.75.214.74
http://5.75.220.208
http://65.108.55.55
http://65.21.183.11
http://78.46.237.77
http://78.47.123.174
http://78.47.14.240
http://78.47.23.196
http://88.198.122.201
http://88.99.124.6
http://91.107.221.88
http://95.217.240.101
http://95.217.28.63
116.202.0.24:22
116.202.0.24:443
116.202.178.41:22
116.202.185.228:22
116.202.5.235:22
116.202.5.235:443
116.202.6.172:22
116.202.6.172:443
116.203.0.165:22
116.203.12.249:22
116.203.7.126:22
168.119.166.86:22
168.119.166.86:443
49.12.115.112:22
49.12.115.112:443
49.13.49.198:22
49.13.49.198:443
5.75.214.74:22
5.75.214.74:443
5.75.220.208:22
5.75.220.208:443
65.108.55.55:22
65.108.55.55:443
65.21.183.11:22
65.21.183.11:443
78.46.237.77:22
78.46.237.77:443
78.47.123.174:22
78.47.123.174:443
78.47.14.240:22
78.47.23.196:22
78.47.23.196:443
88.198.122.201:22
88.198.122.201:443
88.99.124.6:22
88.99.124.6:443
91.107.221.88:22
91.107.221.88:443
95.217.240.101:22
95.217.240.101:443
95.217.28.63:22
95.217.28.63:443

# Reference: https://x.com/banthisguy9349/status/1801605940409483729
# Reference: https://www.virustotal.com/gui/file/b26b1074a9b97f7f8be564b70f50ee965df6b8773695ba25d72c2638d3c90586/detection

http://65.109.240.138
http://77.238.253.107
195.201.251.58:9000
65.109.240.138:443
65.109.240.138:9000
edusau.com
nubsibote.su
victorisport.shop

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (#2024-06-16)

http://147.45.47.150
http://147.45.78.162
http://193.163.7.39
http://194.26.232.108
http://194.26.232.166
http://194.55.186.11
http://194.55.186.12
http://194.55.186.13
http://212.113.117.130
http://23.88.106.134
http://45.88.79.153
http://5.161.191.146
http://5.161.203.102
http://57.181.170.149
http://62.133.61.244
http://89.105.198.116
http://89.105.198.134
http://89.105.198.59
http://93.123.39.132
http://93.123.39.135
http://93.123.39.138
147.45.78.162:22
194.26.232.108:22
194.26.232.166:22
194.55.186.11:22
194.55.186.12:22
194.55.186.13:22
212.113.117.130:22
23.88.106.134:22
57.181.170.149:22
62.133.61.244:22
93.123.39.132:22
93.123.39.135:22
93.123.39.138:22

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-06-16)

http://116.202.1.60
http://116.202.177.206
http://116.202.5.195
http://116.202.8.208
http://116.203.7.199
http://188.245.35.23
http://49.12.115.57
http://5.75.212.247
http://5.75.213.183
http://5.75.215.51
http://5.75.215.90
http://5.75.232.183
http://78.47.105.28
http://88.198.124.82
http://88.99.127.107
http://95.217.242.38
116.202.1.60:443
116.202.177.206:443
116.202.190.18:443
116.202.190.18:5432
116.202.2.84:443
116.202.5.195:443
116.202.5.235:9000
116.202.8.208:443
116.203.13.51:443
116.203.14.211:9000
116.203.15.103:443
116.203.166.11:443
116.203.167.34:443
116.203.2.129:5432
116.203.4.20:443
128.140.34.253:443
159.69.102.132:443
159.69.102.132:5432
188.245.35.23:443
195.201.248.182:443
195.201.253.107:443
195.201.46.4:443
37.27.34.12:443
49.12.115.57:443
49.13.214.194:443
49.13.227.86:443
49.13.227.86:5432
49.13.235.244:5432
49.13.32.109:443
49.13.49.198:9000
5.42.96.89:443
5.75.208.137:443
5.75.208.137:9000
5.75.212.114:443
5.75.212.247:443
5.75.212.9:443
5.75.213.183:443
5.75.214.104:443
5.75.215.51:443
5.75.232.183:443
50.75.213.183:443
65.108.55.55:9000
65.109.241.185:443
65.109.242.112:443
65.109.242.59:443
65.109.243.78:443
77.221.151.87:443
78.47.105.28:443
88.198.122.201:9000
88.198.124.82:443
88.198.193.148:443
88.99.124.6:9000
88.99.127.107:443
91.107.221.88:9000
94.130.190.88:443
95.217.135.112:443
95.217.240.101:9000
95.217.241.137:443
95.217.242.38:443
95.217.242.38:5432
95.217.28.33:443
95.217.28.63:9000

# Reference: https://x.com/RacWatchin8872/status/1803822001569603945
# Reference: https://www.virustotal.com/gui/file/9cf43d480f6319717934b1a3f97682a4454c1742e2409aa416ba719e606c34ca/detection

http://5.42.65.116
162.55.53.18:9000

# Reference: https://www.esentire.com/blog/fake-it-support-website-leading-to-vidar-infection
# Reference: https://www.virustotal.com/gui/file/66657d9b96b553b432221190becbe66c4ea3bd11073c7cdd06267d16a1bedc87/detection
# Reference: https://www.virustotal.com/gui/file/3868e2bb77f84cece0e9d7dc2d64b6e40ce12347aaf01ce4b18e548d994b5a3f/detection

answermedia.site
pchelperspro.com
pchelprwizardsguide.com
ghufa.answermedia.site
ghufal.answermedia.site
ghufalu.answermedia.site
hufal.answermedia.site

# Reference: https://app.validin.com/detail?find=Gala%20Vlog&type=raw&ref_id=88c370def95#tab=host_pairs_v2

95.216.164.36:443
95.217.31.188:443

# Reference: https://x.com/RacWatchin8872/status/1804969698469007822

http://185.172.128.20

# Reference: https://www.virustotal.com/gui/file/1dd70ad9399b127e9cc2700248002d1100419ae97da7263055f6e25167cae05e/detection

139.162.190.156:8888

# Reference: https://www.virustotal.com/gui/file/d13d3d0db7a7f39a38d276fcd37036b2e86db69643f3dabb0550a3db4c65b13c/detection
# Reference: https://www.virustotal.com/gui/file/6e7f46991aa219191afeacf3be81806705a1ea055dadc2beb7530b595fa2ad3f/detection
# Reference: https://www.virustotal.com/gui/file/85925f6ca57cdc1f20b14e15394cbec01eab82b85bea7d4b4dbbcc4c369d6274/detection

139.162.190.156:8080

# Reference: https://x.com/raghav127001/status/1805495552328732755
# Reference: https://app.validin.com/detail?find=XTotoroPet&type=raw&ref_id=a8af73f79ef#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/43ff60f3ff07496a159a4d98b1907ebf74eaab132f770f82a0a885ab6cc9fe57/detection
# Reference: https://www.virustotal.com/gui/file/dd704f1c16c05260c6c6738c8f2d3d6cd06b17fd38cdb3037db0cc377ddcba40/detection
# Reference: https://www.virustotal.com/gui/file/398814c99fa23c50827b61d0b33340ec1d246ed0320c98dd5ffcfba711913869/detection

http://154.23.185.46
http://154.19.84.90
http://154.19.85.129
http://154.23.181.219
http://154.82.75.80
http://154.91.90.233
http://38.46.15.242
154.82.75.80:10200
154.91.90.233:10200
38.46.15.242:10200
googlechrome-sice.top
googlechromegts.top
wsw.googlechromegts.top
gamew123.com
pplilv.bond
zadan123.com

# Reference: https://www.virustotal.com/gui/file/e8f4e2c8f058da6e964fd24eadc2e3cd09c837fc267f7ddab5a052beea194a84/detection

http://172.99.189.221

# Reference: https://app.validin.com/detail?find=vidar2406.exe&type=dom&ref_id=ecde18d3401#tab=host_pairs_v2

1b6rxhbom0if81.ru
1kqgydtp.ru
2ckmn6gortocdt2wx.v123u0ikbmqe6h.ru
31rwvruesygea86fiua.ufopovqkwpxznuo.ru
3dcvyu86ot6w9.ru
6fpxdofyeau.1kqgydtp.ru
8jgajnghgr7bn.mgaq996t7hh6bn2.ru
9p6eymc3bb8iff.ru
9y2t6yiu.ru
a4dbezwb3na.ru
aiyerslogistics.com
ajauhzzqkgcowusrsv.9p6eymc3bb8iff.ru
alanasophiaromero.com
anjxcoevuhvdie.ru
ankitopticals.com
b9tellfguwqs.anjxcoevuhvdie.ru
bbwizxq4prat.ru
bezkngteaqr.ru
bismillahhalalsupermarket.com
booksdealers.com
bxmyw3byc9074v3oh3.3dcvyu86ot6w9.ru
bxoizvcwk1i18u.mnvfaus.ru
c4musqgiix.zvmdyjjavbo9au.ru
dluqmza6ixunhsk.xapmsjd78clu.ru
dreguy.com
e6kepaoz.zz2tamfcest67la.ru
eopdtzo2fmkin.ru
ewmevxlafkrdnfzvyo.xapmsjd78clu.ru
findhalalrestaurants.com
finishlinedesignz.com
fjwbxvaw6wymio8axp.m4nzy77kn.ru
ftocmcwayyukkdgsc.bbwizxq4prat.ru
gcbn-tv.com
girish-aswani.com
hennastencilsqueen.com
hgrpxnjs.ru
hugedomainssales.com
hvstcyzsdd.ru
jhsa1gggqgdjpe.ru
kaxjcnv.ru
kkqgdmomoedswa7hygu.vhus5q8f.ru
kywings.com
l9jbfdn2ikj84.ru
lijnk8ht6.jhsa1gggqgdjpe.ru
ls4j0vcchfk.a4dbezwb3na.ru
lvvc83e3atjwffje.mgaq996t7hh6bn2.ru
m4nzy77kn.ru
mgaq996t7hh6bn2.ru
mnvfaus.ru
mxrdmpym.wgjghqu6k.ru
neo21st.com
nfno8xcxjero.l9jbfdn2ikj84.ru
ooxiiygl3.eopdtzo2fmkin.ru
orderhalalfoods.com
orderhalalgrocery.com
ore156tewypbn.yesffpxmre5.ru
postit-social.com
ppyqeptelvilg7o.ru
pqwr1nxyn2ohdocjr.scj9vcej.ru
scj9vcej.ru
skinnypigprovisionco.com
sz6ewfcs.9y2t6yiu.ru
tableplacemat.com
tablesplacemats.com
tasteabites.com
tdt7khbuxi.ufopovqkwpxznuo.ru
texascuervoleather.com
topbesthalalrestaurants.com
topbestrestaurants.com
topbestsellingdomains.com
tophalalrestaurants.com
trflaakg7grd6p.1b6rxhbom0if81.ru
tyibw8trwkndni.kaxjcnv.ru
udcwsxr3bknzehmwqej.scj9vcej.ru
ufopovqkwpxznuo.ru
v123u0ikbmqe6h.ru
vg9uaonmlovvvey0ym.bezkngteaqr.ru
vhus5q8f.ru
viztik.com
wgjghqu6k.ru
wmrbgsj33epkwm2.1kqgydtp.ru
worldhalalrestaurants.com
worldofbakhoor.com
wovenembroidery.com
wp9acsvfwtovymxga8au.bezkngteaqr.ru
wyrsm0kepayk.1b6rxhbom0if81.ru
xapmsjd78clu.ru
xsjbvjg53eie5qihucez.hvstcyzsdd.ru
yesffpxmre5.ru
z0h5zwqcnshucs3mbk.ppyqeptelvilg7o.ru
zj1gop8a7taggs.hgrpxnjs.ru
zvmdyjjavbo9au.ru
zz2tamfcest67la.ru

# Reference: https://x.com/karol_paciorek/status/1809161475350552937
# Reference: https://app.validin.com/detail?find=dlmtk.php&type=dom&ref_id=6a3ca7d2f1f#tab=host_pairs_v2

0pqqrno.ru
4yfuf6fbns.ru
5uzomur8jdzkr2.ru
6s8ejmzn.ru
6syftzfcm9ykmn.ru
6u55qnw.ru
6x2rjts.ru
7v71tlq5duzw.ru
afugzhgpjndz.ru
appdevweb.com
arh6kitpiza.ru
fckhkdmzarlxnv.ru
fudyharaj4.ru
fw8qhmjzzcmw5.ru
gqtgrj0azzy6j.ru
hbyhzrwtgey4wmm.ru
hg3entz7it1.ru
huviio3qdxjxwy.ru
issgkigw.ru
iszexeeci.ru
l2rm7wpf1wsx4.ru
liwapoq6hyo.ru
lvew58zfy.ru
m0bkqt0.ru
mvt2bw1dnj9eev.ru
njy1rzjpfo4.ru
o4dhtgfypia2i.ru
prkj2dwtcl1nrt.ru
q5yyqfpt2ftyau.ru
qa88zlak1k.ru
sspxswtgsyg58.ru
u1z8mzv.ru
vqan9spmiieoz.ru
wgnyffwvl6wjwy7.ru
wv8olbxijb8lk7q.ru
xbn3xif4shd.ru
zabr03xsi.ru
zd0q8appahl.ru
zgdsuj9tdao9.ru
zqjfctliy2zgk.ru
afvukwyd.liwapoq6hyo.ru
aqudsbzay.wgnyffwvl6wjwy7.ru
avrzofkfhprwc.xbn3xif4shd.ru
bvaqvtls.issgkigw.ru
bxdzmxioejv.fudyharaj4.ru
cauosfbq.6x2rjts.ru
ccuotook.prkj2dwtcl1nrt.ru
ceulejdaa.mvt2bw1dnj9eev.ru
cfvcatak.iszexeeci.ru
cqkylkdc.u1z8mzv.ru
ctfsyoenje.wv8olbxijb8lk7q.ru
davqjlqzivgic.q5yyqfpt2ftyau.ru
dqqfyxi.u1z8mzv.ru
drsfvnohwtmd.hg3entz7it1.ru
dtxciobrr.lvew58zfy.ru
duoyjlfrx.6s8ejmzn.ru
dwqlphd.vqan9spmiieoz.ru
ecfdeozfshsdoz.sspxswtgsyg58.ru
ehilahwgywev.afugzhgpjndz.ru
fexlxlnduujwh.0pqqrno.ru
fvpfkmxthvoopf.l2rm7wpf1wsx4.ru
gfdmvvyyzxi.xbn3xif4shd.ru
gytcxidje.zgdsuj9tdao9.ru
hdmdpezxakz.6syftzfcm9ykmn.ru
ibdxzvhqnod.iszexeeci.ru
jazgkwzjff.hg3entz7it1.ru
jdekqhqgsdtuhrs.huviio3qdxjxwy.ru
jzcjqmny.issgkigw.ru
kcuoshjza.wv8olbxijb8lk7q.ru
kvjljovivijkh.liwapoq6hyo.ru
lgisqews.zqjfctliy2zgk.ru
llftccfoxndayn.fw8qhmjzzcmw5.ru
lpbeksttoj.arh6kitpiza.ru
mrhwfcrbliw.7v71tlq5duzw.ru
nffdscufhcklote.5uzomur8jdzkr2.ru
nftjlkqemdeg.huviio3qdxjxwy.ru
ngtqaptvyefytvc.4yfuf6fbns.ru
nhbtuwenpxjpsv.fckhkdmzarlxnv.ru
nzbwssqupojpqhr.zd0q8appahl.ru
obnqkbjynhwdr.gqtgrj0azzy6j.ru
ogjxkfewbu.zabr03xsi.ru
oiroguinadyxo.o4dhtgfypia2i.ru
osnnmtohzfs.7v71tlq5duzw.ru
otdaxww.6u55qnw.ru
pabloxfqs.gqtgrj0azzy6j.ru
peliopjyzfeg.6u55qnw.ru
pfoouorz.m0bkqt0.ru
pqcrurzehkb.qa88zlak1k.ru
prbaibhb.wgnyffwvl6wjwy7.ru
ptdzddl.sspxswtgsyg58.ru
qhzfnfqvkmheolx.njy1rzjpfo4.ru
qmdqfarriz.zgdsuj9tdao9.ru
quhlogh.mvt2bw1dnj9eev.ru
rwprfiajldozj.vqan9spmiieoz.ru
rxqtvahnfeb.6s8ejmzn.ru
shvomeapvykarr.prkj2dwtcl1nrt.ru
sizuxburosr.hbyhzrwtgey4wmm.ru
slmvkoxpszpepzl.4yfuf6fbns.ru
slymiuvbcnbpsx.o4dhtgfypia2i.ru
sssgyvorcpydvpc.hbyhzrwtgey4wmm.ru
sxyizrjjtz.0pqqrno.ru
tigepzxxepojaw.fudyharaj4.ru
tpfnnbmagxmv.zabr03xsi.ru
udghzhhuhq.m0bkqt0.ru
uiimuqz.njy1rzjpfo4.ru
ulhgbvw.zqjfctliy2zgk.ru
vxornjrb.l2rm7wpf1wsx4.ru
wakkoapi-mr81c5r29drtnqhe.cfd
wlhupambrce.fckhkdmzarlxnv.ru
wlooolcoxdk.fw8qhmjzzcmw5.ru
wlqyapdzebfruh.qa88zlak1k.ru
xhhfdbllb.lvew58zfy.ru
xtryromolasu.5uzomur8jdzkr2.ru
xuhxrowba.q5yyqfpt2ftyau.ru
yeqrlgwjvj.arh6kitpiza.ru
ykkaebk.afugzhgpjndz.ru
ymuzkdzlepfo.6syftzfcm9ykmn.ru
yvzmzlunb.6x2rjts.ru
zgnadzatg.zd0q8appahl.ru

# Reference: https://x.com/Merlax_/status/1806147569317294141

http://77.221.158.54
168.119.115.138:9000

# Reference: https://www.virustotal.com/gui/file/004c36d5a75d96cd6d275a135222353869f30bf7e12e8f6f7f93e3f6ed572493/detection

http://85.28.47.4

# Reference: https://x.com/ShanHolo/status/1807396638358487370
# Reference: https://www.virustotal.com/gui/file/0f88ea51a56da966d12311a4b20ea3a6c44315e00747a589f19cf535f90ced77/detection

http://77.105.132.27
195.201.251.214:9000

# Reference: https://www.virustotal.com/gui/file/004aba94049326997a5effb611dc3fd88b1669fe2a311630bc61138aa728698d/detection

kotawa.top
tea.arpdabl.org

# Reference: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
# Reference: https://www.virustotal.com/gui/file/81e89754ae2324c684fce71acafc30f8085870be947e7a76971b4fec1b24b5d1/detection

pbdbj.xyz
pbpbj.xyz
pcvcf.xyz
pcvvf.xyz
pddbj.xyz
pdddj.xyz
pdddk.xyz
pqdrf.xyz
ptdrf.xyz

# Reference: https://www.virustotal.com/gui/ip-address/108.177.15.188/relations

googlechroegts.top
hiuyoudml.top
mey-sksexasr.top
nweussallisa.top
shufalwmg.top
shufawtas.top
skype-a.com
skype-c.com
skype-cism.top
skype-cisve.top
telegeram-s.org
telegram-cc.org
telegram-ic.org
telegram-re.org
telegram-rs.org
telegram-yc.org
telegream-a.org
telegream-ai.org
telegream-e.org
telegream-m.org
telegream-st.org
telegream-v.org
telegrma-r.org
wosmnrsa.top
xunmiwl.top
youdafanyi.top
youdaoafs.top
youdaoic.icu
youdaoixa.cc
youdaoixc.shop
youdaojsa.icu
youdaomab.cyou
youdaomax.shop
youdaomk.cc
youdaomsb.icu
youdaomsk.icu
youdaomvix.icu
youdaomwerxze.icu
youdaomz.shop
youdaone.shop
youdaonfw.shop
youdaons.shop
youdaonsa.icu
youdaonw.top
youdaonwha.top
youdaonwyr.top
youdaosaa.top
youdaosasf.shop
youdaosimwr.icu
youdaosma.top
youdaossat.icu
youdaossnw.shop
youdaowb.shop
youdaowbjka.icu
youdaowbn.shop
youdaowbnjhak.top
youdaown.icu
youdaown.shop
youdaownas.top
youdaownj.shop
youdaowsnj.top
pao.paowmtastacvx.top
usw.youdaoixa.cc
usw.youdaomk.cc
vv.shufalwmg.top
vv.shufawtas.top
wpo.wosmnrsa.top
wrew.nweussallisa.top
wssw.xunmiwl.top
wsw.googlechroegts.top
wsw.skype-cism.top
wsw.skype-cisve.top
wsw.youdafanyi.top
wsw.youdaoafs.top
wsw.youdaoic.icu
wsw.youdaoixc.shop
wsw.youdaojsa.icu
wsw.youdaomab.cyou
wsw.youdaomax.shop
wsw.youdaomsb.icu
wsw.youdaomsk.icu
wsw.youdaomvix.icu
wsw.youdaomwerxze.icu
wsw.youdaomz.shop
wsw.youdaone.shop
wsw.youdaonfw.shop
wsw.youdaons.shop
wsw.youdaonsa.icu
wsw.youdaonw.top
wsw.youdaonwyr.top
wsw.youdaosaa.top
wsw.youdaosimwr.icu
wsw.youdaosma.top
wsw.youdaossat.icu
wsw.youdaossnw.shop
wsw.youdaowb.shop
wsw.youdaowbjka.icu
wsw.youdaowbn.shop
wsw.youdaowbnjhak.top
wsw.youdaownas.top
wsw.youdaownj.shop
wsw.youdaowsnj.top
wws.youdaown.shop
wziw.hiuyoudml.top

# Reference: https://app.validin.com/detail?find=27.124.34.149&type=ip4&ref_id=26e76131b02#tab=resolutions

a-skype.com
aisscxzsw.icu
aks.mktaeilwbtas.top
alwaysatyours.icu
ashnjktast.top
asnmwisfas.icu
bhasjktyas.icu
daoyouwrta.top
daoyouwrtxa.top
daoyouwsawrt.top
dingshengzhifuu.com
dnslistsaz.top
engseegdao.top
engsengdao.top
engsengdio.top
fasnkyhlsd.top
fgajkltyas.top
gram-ms.org
gshajktaws.icu
hnwjktnas.icu
hwjskatasa.icu
insxzysfg.top
jhasktaskatas.icu
jsaawr654.xyz
lineowumehsx.top
linsxzyen.top
mengyunl.xyz
miceeunlma.top
mjhwgtas.icu
mktaeilwbtas.top
mnwis.top
mshweart.icu
muwjntb.icu
my.telegram-jc.org
my.telegram-ky.org
my.telegram-yc.org
nccwiliaaf.top
ncuwgit.cc
neixzualiieyh.top
nelowkjke.top
nenghuinlonm.top
newieksaty.top
newlijnm.top
noiwmwps.top
nucccintp.top
nuckcintp.top
nuckiintp.top
nuckkintp.top
nucwwintp.top
nuewssvims.cc
nwexlzdm.top
omwgbr.cc
paoaim.aisscxzsw.icu
paopaome.top
pois.wsowntsedzas.icu
pomil.mjhwgtas.icu
pomil.muwjntb.icu
ppans.mnwis.top
s1651s.xyz
sahjktasfsx.top
sajhkatast.icu
sajketasdf.top
shajktafsxt.top
shjkawtasd.top
shufafsac.top
shufaijioas.top
shufamnksa.top
shurufamxa.top
sjkawtafasx.xyz
skype-cisve.icu
skype0sha.shop
sogomausa.top
sufamawrtsx.top
sufamwasaw.top
sufasnxzs.top
surufasfax.top
syn.yunenius.top
teiagrem.top
tele.gram-ms.org
telegram-cy.org
telegram-jc.org
telegram-ky.org
telegream-c.org
telegream-n.org
telegream-o.org
telegream-s.org
telegream-si.org
telegrma-a.org
telegrma-c.org
telegrma-l.org
telegrma-s.org
ufamxxgw.top
uimlrhtl.top
usw.youdaoixc.cc
vv.shufafsac.top
vv.shufaijioas.top
vv.shufamnksa.top
vv.shurufamxa.top
vv.sogomausa.top
vv.sufamawrtsx.top
vv.sufamwasaw.top
vv.sufasnxzs.top
vv.surufasfax.top
vv.ufamxxgw.top
vv.wofbajkssa.top
vv.womsnjas.top
wafsjkltasa.top
wastyast.top
wbhajktewas.icu
web.gram-a.org
wee.teiagrem.top
weiw.neixzualiieyh.top
wew.nwexlzdm.top
wew.youdaow.top
whaksat.top
whatsapp-ed.com
whaujktsda.icu
whjkatyas.icu
whjksatyss.top
wiw.youdaoiswe.icu
wiw.youdaomw.icu
wiw.youdaomwhra.icu
wiw.youdaomwsa.icu
wiw.youdaomwsw.icu
wiw.youdaonwsa.icu
wiw.youdaonwuer.icu
wiw.youdaooiss.icu
wiw.youdaosaer.icu
wiw.youdaowasd.xyz
wlw.youdaolsw.icu
wlw.youdaowrt.icu
wo.s1651s.xyz
wofbajkssa.top
womsnjas.top
wosmjjrtasfga.icu
wps.alwaysatyours.icu
wraw.miceeunlma.top
wrw.yuimwkyht.top
ws.wosmjjrtasfga.icu
wsew.engseegdao.top
wsew.engsengdao.top
wsew.engsengdio.top
wsew.newieksaty.top
wsew.xunmiloie.top
wsiw.nelowkjke.top
wsiw.nenghuinlonm.top
wsiw.newlijnm.top
wsiw.xunmengli.top
wsiw.xunmrngloi.top
wsiw.yoiudyfcas.top
wsiw.yulongml.top
wsowntsedzas.icu
wssw.dnslistsaz.top
wssw.insxzysfg.top
wssw.nucccintp.top
wssw.nuckcintp.top
wssw.nuckiintp.top
wssw.nuckkintp.top
wssw.nucwwintp.top
wssw.uimlrhtl.top
wssw.youdaocheas.top
wssw.youlkjwstws.top
wsw.ashnjktast.top
wsw.asnmwisfas.icu
wsw.bhasjktyas.icu
wsw.daoyouwrta.top
wsw.daoyouwrtxa.top
wsw.daoyouwsawrt.top
wsw.fasnkyhlsd.top
wsw.fgajkltyas.top
wsw.gshajktaws.icu
wsw.hnwjktnas.icu
wsw.hwjskatasa.icu
wsw.jhasktaskatas.icu
wsw.mshweart.icu
wsw.ncuwgit.cc
wsw.noiwmwps.top
wsw.nuewssvims.cc
wsw.omwgbr.cc
wsw.sahjktasfsx.top
wsw.sajhkatast.icu
wsw.sajketasdf.top
wsw.shajktafsxt.top
wsw.shjkawtasd.top
wsw.sjkawtafasx.xyz
wsw.skype-cisve.icu
wsw.skype0sha.shop
wsw.wafsjkltasa.top
wsw.wastyast.top
wsw.wbhajktewas.icu
wsw.whaksat.top
wsw.whaujktsda.icu
wsw.whjkatyas.icu
wsw.whjksatyss.top
wsw.xunmmet.top
wsw.youadaw.top
wsw.youdaoas.cyou
wsw.youdaoasf.cyou
wsw.youdaoaswrxz.top
wsw.youdaoaxa.icu
wsw.youdaobdeawes.icu
wsw.youdaobhe.shop
wsw.youdaobhxz.icu
wsw.youdaobnh.cyou
wsw.youdaodawr.top
wsw.youdaois.icu
wsw.youdaoisnw.icu
wsw.youdaoiun.icu
wsw.youdaoiuw.icu
wsw.youdaoix.icu
wsw.youdaoiz.icu
wsw.youdaoka.cc
wsw.youdaokwer.icu
wsw.youdaombwt.icu
wsw.youdaomiuyw.icu
wsw.youdaomjwr.icu
wsw.youdaomkfas.icu
wsw.youdaomnes.icu
wsw.youdaomnwer.icu
wsw.youdaomnwer.vip
wsw.youdaoms.icu
wsw.youdaomsa.icu
wsw.youdaomsawmzx.icu
wsw.youdaomsesav.icu
wsw.youdaomshw.icu
wsw.youdaomsw.icu
wsw.youdaomswwr.icu
wsw.youdaomvbns.icu
wsw.youdaomvcse.icu
wsw.youdaomvcswxamzx.icu
wsw.youdaomves.icu
wsw.youdaomvmezx.icu
wsw.youdaomvsel.icu
wsw.youdaomvwb.icu
wsw.youdaomwa.icu
wsw.youdaomwa.xyz
wsw.youdaomwg.icu
wsw.youdaomwhr.icu
wsw.youdaomwht.icu
wsw.youdaomwn.icu
wsw.youdaomwuer.icu
wsw.youdaonashnj.icu
wsw.youdaonax.shop
wsw.youdaonera.icu
wsw.youdaonjw.icu
wsw.youdaonsbw.shop
wsw.youdaonsh.sbs
wsw.youdaonsj.shop
wsw.youdaonvessa.icu
wsw.youdaonvexzc.icu
wsw.youdaonvuwen.icu
wsw.youdaonvwesa.icu
wsw.youdaonw.cyou
wsw.youdaonw.xyz
wsw.youdaonwa.xyz
wsw.youdaonwais.icu
wsw.youdaonwgra.icu
wsw.youdaonwhas.top
wsw.youdaonwi.icu
wsw.youdaonwma.icu
wsw.youdaonwsa.xyz
wsw.youdaonwy.icu
wsw.youdaonxam.top
wsw.youdaosa.icu
wsw.youdaosa.shop
wsw.youdaosaas.sbs
wsw.youdaosajh.xyz
wsw.youdaosat.icu
wsw.youdaoshw.shop
wsw.youdaosjw.shop
wsw.youdaosnh.top
wsw.youdaosnjh.icu
wsw.youdaosnjwa.shop
wsw.youdaosnwjka.icu
wsw.youdaossda.shop
wsw.youdaotaliask.icu
wsw.youdaouie.icu
wsw.youdaoumies.icu
wsw.youdaouw.icu
wsw.youdaovwrt.icu
wsw.youdaowas.icu
wsw.youdaowasz.icu
wsw.youdaowbas.top
wsw.youdaowbh.shop
wsw.youdaowha.cyou
wsw.youdaowmjwr.icu
wsw.youdaown.top
wsw.youdaownj.top
wsw.youdaowntakx.top
wsw.youdaowntj.top
wsw.youdaowrtsa.icu
wsw.youdaowsd.top
wsw.youdaowssa.top
wsw.youdaowtsa.icu
wsw.youdaowtyxa.top
wsw.youdaoxaz.icu
wsw.youdaozis.icu
wsw.youdawas.shop
wsw.youduowsa.cc
wsw.youmebhv.cc
wsw.youmjsnw.cc
wsw.youodaomlwr.icu
wsw.yuodaomela.icu
wvw.youdaoxis.icu
wws.youdaowmn.top
wzw.mengyunl.xyz
xunmengli.top
xunmiloie.top
xunmmet.top
xunmrngloi.top
yoiudyfcas.top
youadaw.top
youdaoas.cyou
youdaoasf.cyou
youdaoaswrxz.top
youdaoaxa.icu
youdaobdeawes.icu
youdaobhe.shop
youdaobhxz.icu
youdaobnh.cyou
youdaocheas.top
youdaodawr.top
youdaois.icu
youdaoisnw.icu
youdaoiswe.icu
youdaoiun.icu
youdaoiuw.icu
youdaoix.icu
youdaoixc.cc
youdaoiz.icu
youdaoka.cc
youdaokwer.icu
youdaolsw.icu
youdaombwt.icu
youdaomiuyw.icu
youdaomjwr.icu
youdaomkfas.icu
youdaomnes.icu
youdaomnwer.icu
youdaomnwer.vip
youdaoms.icu
youdaomsa.icu
youdaomsawmzx.icu
youdaomsesav.icu
youdaomshw.icu
youdaomsw.icu
youdaomswwr.icu
youdaomvbns.icu
youdaomvcse.icu
youdaomvcswxamzx.icu
youdaomves.icu
youdaomvmezx.icu
youdaomvsel.icu
youdaomvwb.icu
youdaomw.icu
youdaomwa.icu
youdaomwa.xyz
youdaomwg.icu
youdaomwhr.icu
youdaomwhra.icu
youdaomwht.icu
youdaomwn.icu
youdaomwsa.icu
youdaomwsw.icu
youdaomwuer.icu
youdaonashnj.icu
youdaonax.shop
youdaonera.icu
youdaonjw.icu
youdaonsbw.shop
youdaonsh.sbs
youdaonsj.shop
youdaonvessa.icu
youdaonvexzc.icu
youdaonvuwen.icu
youdaonvwesa.icu
youdaonw.cyou
youdaonw.xyz
youdaonwa.xyz
youdaonwais.icu
youdaonwgra.icu
youdaonwhas.top
youdaonwi.icu
youdaonwma.icu
youdaonwsa.icu
youdaonwsa.xyz
youdaonwuer.icu
youdaonwy.icu
youdaonxam.top
youdaooiss.icu
youdaosa.icu
youdaosa.shop
youdaosaas.sbs
youdaosaer.icu
youdaosajh.xyz
youdaosat.icu
youdaoshw.shop
youdaosjw.shop
youdaosnh.top
youdaosnjh.icu
youdaosnjwa.shop
youdaosnwjka.icu
youdaossda.shop
youdaotaliask.icu
youdaouie.icu
youdaoumies.icu
youdaouw.icu
youdaovwrt.icu
youdaow.top
youdaowas.icu
youdaowasd.xyz
youdaowasz.icu
youdaowbas.top
youdaowbh.shop
youdaowha.cyou
youdaowmjwr.icu
youdaowmn.top
youdaown.top
youdaownj.top
youdaowntakx.top
youdaowntj.top
youdaowrt.icu
youdaowrtsa.icu
youdaowsd.top
youdaowssa.top
youdaowtsa.icu
youdaowtyxa.top
youdaoxaz.icu
youdaoxis.icu
youdaozis.icu
youdawas.shop
youduowsa.cc
youlkjwstws.top
youmebhv.cc
youmjsnw.cc
youodaomlwr.icu
yuimwkyht.top
yulongml.top
yunenius.top
yuodaomela.icu

# Reference: https://x.com/banthisguy9349/status/1809159704343408700
# Reference: https://www.virustotal.com/gui/file/076bdbac46ca40ee9712d5c74ebe561186e9b25d4b00df6ca8b2fdf62567677d/detection

5.75.221.27:5432

# Reference: https://x.com/banthisguy9349/status/1809159704343408700
# Reference: https://www.virustotal.com/gui/file/016c5ce0baba78eebe76316b4189d3a51603fee61c00425d214e6835cffab284/detection

116.202.180.70:5432

# Reference: https://x.com/banthisguy9349/status/1809159704343408700
# Reference: https://www.virustotal.com/gui/file/0d26ce4c21d6333dc7c10a7d52045531e7dc1e86647f74f9a3ad2393a9757b68/detection
# Reference: https://www.virustotal.com/gui/file/0bd204224a7e1ae7d6d71b9f759ff2edcf102f820b169714af34c221c7aae8ec/detection
# Reference: https://www.virustotal.com/gui/file/1acd7c16aae986435d7384c9532fba5820995228cfaea55eabd0e09a9e30c1ee/detection

http://116.202.186.70
http://116.203.13.231
http://116.203.13.42
http://116.203.3.167
http://128.140.53.5
http://168.119.118.92
http://195.201.47.189
http://37.27.31.150
http://49.13.227.249
http://65.109.243.69
http://95.217.240.75
http://95.217.27.75
116.202.186.70:443
116.203.13.231:443
116.203.13.42:443
116.203.3.167:443
128.140.53.5:443
168.119.118.92:443
195.201.47.189:443
37.27.31.150:443
49.13.159.121:9000
49.13.227.249:443
65.109.243.69:443
95.217.240.75:443
95.217.240.75:5432
95.217.241.48:443
95.217.27.75:443

# Reference: https://x.com/RacWatchin8872/status/1811871305031123120
# Reference: https://www.virustotal.com/gui/file/013fcdcecfed10f8e5f88ae679e3d7d9a700ba211fa90f139e735fae86a8fa6e/detection

http://85.28.47.30
http://85.28.47.31
/stealc/random.exe

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-07-13)

http://116.203.13.254
http://5.42.72.36
http://65.109.233.123
http://88.198.89.4
http://95.217.240.177
http://95.217.241.23
http://95.217.30.242
116.203.13.254:443
116.203.14.27:443
116.203.14.27:9000
128.140.53.5:9000
162.55.53.18:443
168.119.118.92:9000
195.201.251.214:443
195.201.89.97:443
195.201.89.97:5432
37.27.186.135:443
37.27.31.150:9000
49.12.115.229:443
49.13.159.121:443
49.13.33.235:9000
5.75.215.90:443
65.109.233.123:443
65.109.241.221:443
65.109.241.229:443
65.109.241.229:9000
65.109.242.170:443
65.109.243.105:443
78.46.201.42:443
78.47.205.62:443
78.47.205.62:9000
88.198.239.243:443
88.198.89.4:443
95.216.142.162:443
95.216.142.162:9000
95.216.182.224:443
95.216.182.224:9000
95.217.240.177:443
95.217.241.23:443
95.217.27.167:443
95.217.30.242:443
aibek.xyz
aliszon.xyz
anexchange.xyz
antiochus.xyz
aramazd.xyz
bugday.site
callias.xyz
corysy.xyz
feeldog.xyz
guillerme.xyz
kaylen.xyz
paulu.xyz
plagmat.store
poocoin.online
sosimo.xyz
soterios.xyz
theemir.xyz
ymuren.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-07-13)

http://139.99.67.238
http://146.70.86.139
http://146.70.86.49
http://176.123.5.92
http://185.216.70.126
http://185.216.70.128
http://188.130.207.35
http://188.245.82.177
http://193.176.153.226
http://194.116.214.29
http://194.55.186.27
http://35.74.81.43
http://40.86.87.10
http://45.152.114.233
http://46.8.238.240
http://5.230.253.197
http://5.42.104.211
http://68.183.108.129
http://82.147.84.78
http://89.110.69.218
http://89.110.74.220
http://89.169.54.23
http://91.214.78.137
http://91.92.240.120
http://94.156.68.153
http://94.156.79.31
146.70.86.139:22
146.70.86.49:22
176.123.5.92:22
185.216.70.126:22
185.216.70.128:22
188.245.82.177:22
193.176.153.226:22
194.116.214.29:22
194.55.186.27:22
35.74.81.43:22
40.86.87.10:22
45.152.114.233:22
5.230.253.197:22
89.110.74.220:22
89.169.54.23:22
91.214.78.137:22
94.156.79.31:22
9507c272a51ce8cefc8761591b2c50e6.fit
bigdogfoundation.com

# Reference: https://x.com/g0njxa/status/1812843562456785116
# Reference: https://search.censys.io/hosts/65.21.246.249
# Reference: https://app.any.run/tasks/64eda020-f17a-4dfa-bd82-b796010c5dc4/

http://65.21.246.249
65.21.246.249:22
65.21.246.249:443

# Reference: https://x.com/malwrhunterteam/status/1813438113680691252
# Reference: https://www.virustotal.com/gui/file/fe8bed09a836755e33c1ad4cae1ea15db42f7f5b5ac669d9a359d8c4fc1df9a1/detection
# Reference: https://www.virustotal.com/gui/file/06e03f5dfb61345a2c095fb98c154d436f9d3be634d5421836ad9322469295a5/detection

http://95.216.182.106
95.216.182.106:443
mamallan.life
arpdabl.zapto.org
/memve4erin

# Reference: https://x.com/ViriBack/status/1814702278030332091
# Reference: https://tria.ge/240720-txe9latdqd/behavioral1
# Reference: https://www.virustotal.com/gui/file/c2a095bf5b04c0ce7af29aebab583b31d76475b3e15762ba5db956b0a3f717d5/detection

antymalwarecheckgood.top
/RFGUOHKFLWEHLFWKL3324243jkfEWLrtgrtr/lica/
/RFGUOHKFLWEHLFWKL3324243jkfEWLrtgrtr/

# Reference: https://www.virustotal.com/gui/file/0a18067c173a7c4bdc24b8d3a847814b30733cecfdcc305c431a3d1fcc322536/detection

http://185.216.214.218
185.216.214.218:1720

# Reference: https://x.com/Cyberteam008/status/1815594345770181093

http://85.28.47.101
http://85.28.47.109
http://85.28.47.152
http://85.28.47.60
http://85.28.47.70
85.28.47.101:22
85.28.47.109:22
85.28.47.152:22
85.28.47.30:22
85.28.47.31:22
85.28.47.4:22
85.28.47.60:22
85.28.47.70:22

# Reference: https://x.com/karol_paciorek/status/1815756273855443427
# Reference: https://tria.ge/240723-rflnyaxalf/behavioral1

http://5.75.253.161
5.75.253.161:443

# Reference: https://www.virustotal.com/gui/file/f9794a9781cb6017ed5e77aa65457a755bc923b77595bf6e2f65d703db43ee32/detection

http://116.203.8.165
http://77.91.77.145

# Reference: https://app.any.run/tasks/eef1b828-5496-4be4-a439-d01480dce840/

http://45.152.112.131

# Reference: https://x.com/JAMESWT_MHT/status/1820808584059388092
# Reference: https://www.virustotal.com/gui/ip-address/206.188.196.37/relations
# Reference: https://app.any.run/tasks/987a32f1-279b-4f17-a1af-fc1fe83151e8/
# Reference: https://www.virustotal.com/gui/file/02d072b70efe0c6c7840e65eba05e580604ae7958cea1d39082ba120d4c4ac93/detection
# Reference: https://www.virustotal.com/gui/file/178099be63a86ae65c574438d19d96a6a2896d1744d61a511f0f6f7445432fbf/detection
# Reference: https://www.virustotal.com/gui/file/c21a1c7ab1321315be200ee49b5b9007d7288ff2af959aa3a556cf034599f481/detection

abgnmlahkdfnfhn.top
ahfnaidhcfenibl.top
aihaknlhdbgmcnb.top
anfndfhijhdalkk.top
bckccicemnkhikb.top
bkldalmefllgfcd.top
cemdlnjdnjmgchf.top
dfcgbllaafenfkh.top
dhdhlceabcgmnil.top
dncgnaiaiefnccj.top
fagjclklkakhffm.top
fcikmcdklkmgncb.top
fihkaagldmlgcln.top
hdmnbafhngdacgd.top
hfaalfmhacgmkdh.top
hlnnncchgefnnlf.top
igdcbdaebmlgagj.top
imdcdadeiakhdai.top
jaedmfldjkmgkml.top
jhfdkihdcinfhdn.top
kbigcdnblgdaaba.top
kdkhmigamdfnhmd.top
kjjgafjaeeenlgb.top
meajbfilanlglbf.top
mgbkllbkajnfemj.top
mmbkniflhlmgihh.top
ncyyefpodi.top
/1eu79g5b4phtr.php
/80bpf4zw39htr.php
/ftcu78mi52htr.php
/u58bkteo2yhtr.php
/n9abodv3lthtr.php

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-08-10)

http://109.107.187.5
http://147.45.47.59
http://185.106.93.99
http://185.215.113.24
http://188.130.207.115
http://193.187.173.86
http://194.116.217.148
http://217.138.215.82
http://45.152.112.103
http://45.152.114.50
http://45.156.25.217
http://45.158.12.58
http://89.169.55.83
http://91.92.244.238
185.106.93.99:22
217.138.215.82:22

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-08-10)

http://104.131.166.122
http://159.89.26.154
168.119.176.241:443
5.75.212.60:443
65.21.5.236:443

# Reference: https://www.vmray.com/analyses/_mb/f1ecf2469a83/report/network.html

http://185.172.128.203

# Reference: https://www.virustotal.com/gui/file/1562435949a43d05963e88e6dca52df0b7510a08b28a25feff91f810e29a3cfb/detection

iolo0.b-cdn.net

# Reference: https://x.com/malwrhunterteam/status/1822913620231004550
# Reference: https://www.virustotal.com/gui/file/0bd1beb985425d06ff14735a00162f7fb7934cd796bc58abae830ac61a390237/detection

http://37.1.213.84

# Reference: https://www.virustotal.com/gui/file/da1cd4fe028b80d781a27b9d467301697790794393c17948b77dd47a29f9789a/detection

http://78.46.239.218
78.46.239.218:443

# Reference: https://www.esentire.com/blog/exploring-the-d3f-ck-malware-as-a-service-loader
# Reference: https://github.com/esThreatIntelligence/iocs/blob/main/D3F%40ck_Loader/iocs_7-23-2024.txt

http://116.202.0.236
116.202.0.236:443

# Reference: https://www.virustotal.com/gui/file/33c553e2789dc0ec2c092586db6dea65d0d6a7a8c844ab4790774d88e8de7aa6/detection

http://185.196.9.135

# Reference: https://www.joesandbox.com/analysis/1393952#iocs

1blob.monster
2j.tel
aprel88.com
complete-s.monster
good2-led.com
post-there.com

# Reference: https://tria.ge/240617-vg68tazhkm/behavioral2

gachi-lane.com
gay-domain.com
replica-souls.com
run-df.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 3034-08-18)

http://185.215.113.103
http://193.176.190.41
http://194.116.216.149
http://194.59.247.199
http://213.109.147.66

# Reference: https://x.com/karol_paciorek/status/1825508740310647047

http://95.164.47.211

# Reference: https://x.com/raghav127001/status/1826349843230720081
# Reference: https://app.any.run/tasks/a5096f84-0613-4c56-9fa0-e8fd689597c0

http://147.45.47.68
http://65.109.67.190
chronosworlds.world

# Reference: https://x.com/g0njxa/status/1827271656315793554
# Reference: https://app.any.run/tasks/14b06515-315a-4fef-b551-35e90d6b085e

http://147.45.44.104
http://147.45.68.138
http://46.8.231.109

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-08-25)

116.202.190.124:443
116.203.5.69:443
5.75.214.144:443
78.46.255.249:443
95.216.180.48:443
95.217.243.180:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-08-25)

http://176.98.40.202
http://185.196.9.140
http://185.217.197.202
http://193.176.153.234
http://194.116.214.153
http://194.116.217.112
http://213.232.235.99
http://37.221.64.72
http://45.152.115.116
http://45.152.115.5
http://45.156.23.211
http://94.156.68.106
http://94.156.68.133
http://94.232.249.208

# Reference: https://www.virustotal.com/gui/file/7e74f3e8d070de8a3d3488dc7e68281d2450f28f79ee84edf3e0ea7c62bd7f91/detection

http://195.201.118.191
195.201.118.191:443

# Reference: https://tria.ge/240828-l984favalh/behavioral2

http://5.223.42.55

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/09/vidar_pec_03-09-2024.json
# Reference: https://app.validin.com/detail?find=168.100.10.21&type=ip4&ref_id=0f39ea8cd92#tab=resolutions
# Reference: https://app.validin.com/detail?find=206.188.196.37&type=ip4&ref_id=650fcce685d#tab=resolutions

cemdlnjdnjmgchf.top
fcikmcdklkmgncb.top
hfaalfmhacgmkdh.top
kdkhmigamdfnhmd.top
rprizu4u6.top
wbnotezbest.top
/v6edbr7xwchtr.php

# Reference: https://x.com/Gi7w0rm/status/1831359580561100965
# Reference: https://tria.ge/240904-skjktasgkk/behavioral2

http://147.45.41.134

# Reference: https://www.virustotal.com/gui/file/8c9ff3afa2b90dcca1609dd10564d1212e0be6d70e1ca1cb81f1357432a996d4/detection

bordo.pw
torpic.xyz

# Reference: https://www.virustotal.com/gui/file/07d182382ff1423e65b309bbc78e93855c0953af02ab0179c8114b5cf848bd5e/detection

cuyahogav.com

# Reference: https://www.virustotal.com/gui/file/5ef282479f0c6f082f15d3f878f8c4b418259ebc6d7941a472e0f28cdcc43c88/detection

http://5.75.214.132
5.75.214.132:443
gacan.zapto.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-09-08)

http://116.202.5.245
http://159.69.178.243
http://168.119.243.238
http://49.12.8.228
116.202.179.237:443
65.108.57.141:443
95.217.237.91:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/ (# 2024-09-08)

http://147.45.242.66
http://147.45.47.137
http://147.45.47.253
http://154.216.17.97
http://178.22.31.96
http://185.215.113.37
http://213.21.237.110
http://45.14.245.11
http://46.105.140.131
http://84.247.165.244
http://89.187.73.42
http://91.202.233.158
http://91.202.5.28

# Reference: https://x.com/kddx0178318/status/1834200990565773334
# Reference: https://www.virustotal.com/gui/file/48e74d11c58e4942e394f3f16ffe7446c73884b0a5df0fc89c7f2b94a43f4152/detection

http://194.59.183.235

# Reference: https://x.com/kddx0178318/status/1834642748101554452

deadlockplaytest.com
steamcommunityj.com

# Reference: https://x.com/banthisguy9349/status/1835753819797410142
# Reference: https://www.virustotal.com/gui/file/1eb09563597c5aa12344072b431f844825c2a6b62f77f9b339c838456e826d97/detection

http://46.29.235.52
hijdrop.xyz
api-panel.holesh.ir
g-m1.hijdrop.xyz

# Reference: https://x.com/malwrhunterteam/status/1836037400071413818
# Reference: https://www.virustotal.com/gui/file/871f5ba64ebc090b1d468c8424f643334ad422004a681516a942a684f093140c/detection

http://159.69.100.83
159.69.100.83:443

# Reference: https://www.virustotal.com/gui/file/5d083fcf25b89acc7a51e596299601ea80f8539b694737e97105d3ab68d8be38/detection

http://45.156.27.45

# Reference: https://www.virustotal.com/gui/file/15985feddf54f5d8f3377bca5504fd30d20659993581a4ed12ca925dacb474a9/detection

http://45.156.27.196

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-09-22)

http://147.45.126.10
http://46.226.160.169
http://5.161.221.13
http://92.246.138.65
116.202.0.195:443
116.202.183.159:443
116.203.10.69:443
116.203.12.50:443
116.203.15.34:443
116.203.165.127:443
116.203.6.46:443
135.181.31.18:443
188.245.87.202:443
49.12.116.191:443
49.13.33.252:443
5.75.220.8:443
78.47.152.105:443
78.47.227.64:443
91.107.146.245:443
91.107.179.108:443
94.130.188.148:443
95.216.177.246:443

# Reference: https://twitter.com/wwp96/status/1628273497708326912
# Reference: https://x.com/ShanHolo/status/1818541500348707022
# Reference: https://tria.ge/240715-kmwn6axfpr
# Reference: https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/
# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-01-12-IOCs-from-StealC-activity.txt
# Reference: https://threatfox.abuse.ch/browse/malware/win.stealc/
# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/stealc/stealc_c2s_2022_to_2023.txt
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-27%20FakeUpdates%20IOCs
# Reference: https://www.virustotal.com/gui/file/041be18344ea8da345923dd5d2421ad79ed888bca4a9ceebe0aa1030c75e5602/detection

/00b977b5ca6bb253.php
/0156a772a135ba9f.php
/021322b478b21e87.php
/0243ec92ae2268d1.php
/031d77089be01fd8.php
/0548d97bdd5aa992.php
/05b89c2203fb7bde.php
/05d19c5c67d93a8b.php
/06e5995a0969a62f.php
/072aacac8f68fd5f.php
/08f7c1a754119dda.php
/08fb4813938f473f.php
/09c9de54c6be1727.php
/09e4d23b10828340.php
/0a616124ff2f2b69.php
/0b92e7ab19e861f9.php
/0cf6bfa19d78b1fb.php
/0d8af8f06ba4b880.php
/0e14acf91a669df4.php
/0e22f8f47f5fa441.php
/0e4968fc55367a12.php
/0f9663decadd4508.php
/0fad59ad7536045a.php
/1088863268ab0b62.php
/108e010e8f91c38c.php
/10bfb33db816f4b6.php
/116b775395f6d155.php
/11acf293b39e9ca9.php
/11da1c02f1899731.php
/129edec4272dc2c8.php
/13cecbdad86667b0.php
/14514d160075033b.php
/14b1d33c61a04c9e.php
/14baef17b6d04c23.php
/155736047db03637.php
/1569b69c95a21d02.php
/1655d0b0e8ecab2d.php
/16b371d42fb67a99.php
/16f0dab394a3d6f7.php
/17303af8450cc290.php
/18acad70e505d8be.php
/18d098f4b1370ff7.php
/18e7847188a1b7bd.php
/192e1934359966f8.php
/19347ab5734978bc.php
/1a6bc231b835769a.php
/1afb7d7c2e47bc96.php
/1b17ccc0c3d00b18.php
/1b4fd708576565f9.php
/1ba5bb0d68094a78.php
/1c80d1b40e06f613.php
/1cf3aa1810feeb67.php
/1d7bef10a75b8ff3.php
/1d9e38415ea54afa.php
/1da263bff25c8346.php
/1e9258f73c297510.php
/1eee64e8b97cf4c0.php
/1f029001eafb6364.php
/1f1ba0e25ee80277.php
/1fa9cf51b66b1f7e.php
/201a735ed890db75.php
/21b9c0db1dfb4718.php
/2358d131c82bf789.php
/244cbe83570df263.php
/25d4fc7fb0cb6b78.php
/26b01a4cb07d7322.php
/273d9c8034a95cb4.php
/27e2c065315ea17e.php
/281e4696f6bc0de6.php
/29087f1d398f0eec.php
/29b7525be881c8ea.php
/29dca981ee82db8c.php
/2aced82320799c96.php
/2b1fd477f413315b.php
/2c843dccbeb16860.php
/2cc418c5virusdie.php
/2e12d77e23b78d01.php
/2f571d994666c8cb.php
/2fa883eebd632382.php
/2fb6c2cc8dce150a.php
/2fca4d4264af2833.php
/300e6d86f44da037.php
/30257e4c371b49a4.php
/316ea06a752c4625.php
/317f94f0db7b7e68.php
/31b57f88e9b186cd.php
/31dd08d447d463d4.php
/31f2a38ac74a9d54.php
/32995c13678be6b6.php
/329b7da7ac4c3538.php
/33fecaaa07623b61.php
/35a0cc935e7ac588.php
/367d40b2d35bfd9b.php
/383ccd496f3c5eee.php
/385785d59336a866.php
/3886d2276f6914c4.php
/3887d9245e395091.php
/3aa13fff14e398a1.php
/3abba6c092087efb.php
/3b4f49719257c673.php
/3b7d27a7af0da219.php
/3c829f930578d648.php
/3cd2b41cbde8fc9c.php
/3cd43889ddd6a80f.php
/3d980df4aa7e4a91.php
/3deaa9ad0a7dbabc.php
/40d570f44e84a454.php
/40dbbf2fac0226a6.php
/410b5129171f10ea.php
/413a030d85acf448.php
/41d2cff0d1206cba.php
/43851895e447afd7.php
/43e18f2a3b646c54.php
/456e447e968afe0e.php
/46212e2326deb951.php
/46ea3ef0390e13b4.php
/482ca91956745c96.php
/48a8a6cd726abeec.php
/49621a18efb46765.php
/4a571b1c1b72fe98.php
/4a7a990a47cd52ad.php
/4b91eb784a77478c.php
/4d4d3a49ccbc77eb.php
/4e6508e4090e861a.php
/4e815d9f1ec482dd.php
/4ea69013b92ecb73.php
/4f230c0dd4efa481.php
/5065bfaf5315fdfb.php
/507d5f6a261ae9ed.php
/518893e599328c52.php
/5196ba262b6d60e7.php
/522d6f9280951d7f.php
/5441a82c9941418d.php
/5499d72b3a3e55be.php
/56f47e918c5386bf.php
/570d5d5e8678366c.php
/582e11ffc8500b8f.php
/584d87b5bdba3c10.php
/585a069844ca672e.php
/587ec30955d49a9c.php
/59b232f2b6dc5770.php
/5ae84a6abb1a9a5b.php
/5b470b53a9d137ee.php
/5c06c05b7b34e8e6.php
/5d4f090c730016b1.php
/5dce321003e6a6b5.php
/5edef101caff1aeb.php
/603aeb43718ab133.php
/60ed11b9deeca694.php
/61075d6e14fcb071.php
/6259fdc16222e061.php
/626e62981e663996.php
/628ddfb216f373ea.php
/6333ebeebfa39cd2.php
/63383610eec59ec3.php
/6338efb1723e277d.php
/649938577e826117.php
/6666ef0c49c7b2d1.php
/6747f50ff0a064fd.php
/6842f013779f3d08.php
/68517e86206d47d9.php
/693386d591752f22.php
/69b3ae67feef2db7.php
/6a9f8e2503d99c04.php
/6b989c9d91160b88.php
/6c4adf523b719729.php
/6d39c24c1b988e61.php
/6d4bfba2e7643990.php
/6d687e53250c2111.php
/6e26382b1807d1b9.php
/6ecdc9436941ebbd.php
/6ef96e7190cc7acd.php
/6f9307efa625dd18.php
/70434c9d1b55ce63.php
/7043a0c6a68d9c65.php
/70664a52ad417ca5.php
/722c81812703a73d.php
/7276296f1d284397.php
/72cd883ebd748330.php
/72e62e029dc81ebf.php
/7322cd0544d1389a.php
/73354587f0a8b50c.php
/73de3362ad1122cd.php
/7423ba5a9f9844e7.php
/744f169d372be841.php
/7525b57b5f844240.php
/752e382b4dcf5e3f.php
/75c330d4b64e47af.php
/75e7ead3c17835de.php
/7657579d80988a06.php
/77aed9f7a55e1443.php
/77e2e60e0ac03638.php
/7872f92a21099be4.php
/79a4685f16037964.php
/7a03fb9d4773da33.php
/7a30931b86e576c1.php
/7a8cfa6ac1363434.php
/7a957ef6cc168ff6.php
/7b50f8c270624cf1.php
/7b7c07c1b3625773.php
/7baff47bec0ff5db.php
/7c94d1cc56751853.php
/7cbe0291fb78f157.php
/7d2562ceb045ed06.php
/7db38bfff9324bbe.php
/7ea86bf53b29dae5.php
/7fccc9d3fd3c8699.php
/80345778030edaf1.php
/812472d22955f523.php
/82caa6106703113e.php
/82de66e9459cdb5f.php
/838d8918a5621059.php
/84b1033fc5807299.php
/84b7b6f977dd1c65.php
/853aaed2e28950b2.php
/8569064d5363f710.php
/85db914bf164fb6c.php
/8621de5ba9a36454.php
/8681490a59ad0e34.php
/86d110a6ca1786a5.php
/875489374a8fad8f.php
/8882f656e94df309.php
/889842668f48cc70.php
/88f3e0ab5b24337d.php
/89a010d49355fde0.php
/8aa296a5a560dea2.php
/8b4c5bd1ddc1cb18.php
/8c3498a763cc5e26.php
/8c77d85de581124b.php
/8c790830ecbaab3b.php
/8d7eb205be988bbb.php
/8ee113b3ad183813.php
/8ee66a3c8f19e4b5.php
/8f2f4cb4b10b6e96.php
/902e53a07830e030.php
/903a68ec1f70ed10.php
/9046019a53d66236.php
/909443e03ce77329.php
/91541f2f0ca4ecd4.php
/920475a59bac849d.php
/9272627cc026cb9e.php
/94903f819d758732.php
/94ed4bf54583a4fa.php
/95836b531332fb80.php
/95889e9cbe70f401.php
/96b9586253acec96.php
/976a2eda99155f48.php
/9787806e0e289839.php
/9827126d94c3e848.php
/982c183d8a9835c6.php
/984dd96064cb23d7.php
/990ecb7630625681.php
/99210de056092a58.php
/9a54e32a8b27f71c.php
/9af57c9106bf2c01.php
/9b1668f28bd265e2.php
/9b53fb902ecbf12d.php
/9c931ca230f4f22a.php
/9cb3d6163ee69f03.php
/9ccb7e7554a07e52.php
/9dad0173e0811cc6.php
/9fd9dde806b954c2.php
/a066a53ea1064ac7.php
/a17861b9cb6f1a53.php
/a1ea3a79a94605ef.php
/a238cad009777d38.php
/a27b47225f6019fa.php
/a2f524d70db7d1a7.php
/a431f538ac55c20c.php
/a433f91cf367fa47.php
/a578e917dc4ab702.php
/a68326a8bd26a679.php
/a69d09b357e06b52.php
/a6d914969291bf07.php
/a737400ffa5db996.php
/a7b9969886761113.php
/a7f3bfe3b25537ef.php
/a8ae018f1ad770f9.php
/a8afc9c02b60d440.php
/a8ed39255f1c5109.php
/a8f961c72f0d877c.php
/abdf030235da153b.php
/ae2e04e22dac63e2.php
/aebba6766a94d98b.php
/af1048e6cc914eaf.php
/b029e4e66ef421e6.php
/b231626d9e77b712.php
/b2ecfe73736f99f5.php
/b36760e16933b668.php
/b5186114a247f330.php
/b55459c10e99c506.php
/b5c26998bb7c2272.php
/b5c586aec2e1004c.php
/b5e0972e09e482c4.php
/b784fad18fe94212.php
/ba5174e41df731d8.php
/ba7ec45efcfa89a3.php
/ba91ff2f6a996325.php
/baab78e0088a8664.php
/bc00174e4ec6d418.php
/bca98681abf8e1ab.php
/bcbdd35a8286b150.php
/bd852d02e12e1520.php
/bded386f853bed13.php
/be7c600e19a47f1c.php
/bed95ea4798a5204.php
/bef7fb05c9ef6540.php
/bf7893cc2d43c936.php
/bfecb730b712bc29.php
/c09b893e57f1e9ec.php
/c1377b94d43eacea.php
/c36258786fdc16da.php
/c3f845711fab35f8.php
/c41508a3857f34c3.php
/c44a765f550f6a2f.php
/c4754d4f680ead72.php
/c4becf79229cb002.php
/c512076c2057872e.php
/c52446cd272c84b7.php
/c57d4dee0da36d49.php
/c5e1a8198b40de47.php
/c698e1bc8a2f5e6d.php
/c85cabe680e08506.php
/c8ad9b0ca19c816d.php
/c8d1769211d0cfb0.php
/c92a19ea55c5076e.php
/c9cac53e5e9ec7ba.php
/caae677175cf27ed.php
/cadb6378d4b16104.php
/caf30a92b9c4fec2.php
/cba9635725258480.php
/cc18c73c655f48b7.php
/cdc8cb4ba5f9dfaa.php
/ce4b71a59f4ee761.php
/ced268c0bcc9de5f.php
/cf2bf91a3641f615.php
/cf5cbdf706840b3f.php
/claroverificacao.php
/d04727a8ed5e33a1.php
/d130c39575999622.php
/d27b1d581e3729a6.php
/d3593c5aaea066ab.php
/d4e186a7092be5c7.php
/d522566a552de05d.php
/d6f30af05ffe50bf.php
/d88e594c8a5bc165.php
/d8ab11e9f7bc9c13.php
/d9355d18f49536e4.php
/d9e6a8dee399ba79.php
/da4d23fa59600f9c.php
/daecd5ae9c3a5474.php
/db7555ee1aa3ef39.php
/dc0de592dc0f725c.php
/dd38f9377d068411.php
/de4846fc29f26952.php
/dfa6021ea4b3871c.php
/e2b1563c6670f193.php
/e2d7d29621e1052a.php
/e2f2e5114a761f4b.php
/e47233787df7c9a6.php
/e4ebc4b8c00b7089.php
/e50a8a413d120466.php
/e50ac16f7b113954.php
/e5f9db40aa1d5c5c.php
/e64f36763e423a50.php
/e6e1bcda8702fc37.php
/e80131c8e877ed2e.php
/e8cb7c74cdbebdf9.php
/e9131e1df8a3fa06.php
/e96ea2db21fa9a1b.php
/e9c345fc99a4e67e.php
/ea31e67ac48ef2ad.php
/ea8dfdd2bc4f7e09.php
/eb132e03b76d10bd.php
/eb488f9cb9d466ca.php
/eb6f29c6a60b3865.php
/eba140b7c5f2f228.php
/ecd46953920f5bde.php
/ed477c8cc2206093.php
/ed9891f07f96bfb8.php
/edd20096ecef326d.php
/eddb6f7ac3df755b.php
/edf04ce5e57d0f66.php
/edf5daf277031dc3.php
/ee4bbae3ded73edf.php
/ef05b005854373ec.php
/ef0b5c6106fc176f.php
/errormessagepage.php
/f0b7b22cedd39d91.php
/f0b7e3704c0051f9.php
/f0cfeac32620a8d1.php
/f0e4e4e04df8be83.php
/f12a1b41d18876b0.php
/f242026083c87346.php
/f2cb651e3e755a0f.php
/f3ee98d7eec07fb9.php
/f6a046f8befb95a1.php
/f6c05fe452e5af24.php
/f71b3857ccea70c5.php
/f77668b5044c6124.php
/f88d87a7e087e100.php
/f95721327cee196f.php
/f993692117a3fda2.php
/f9f76ae4bb7811d9.php
/fc5e522d327a1e13.php
/fd07ec3137071f71.php
/fdca69ae739b4897.php
/fefb4a458e1dc58b.php

# Reference: https://www.virustotal.com/gui/ip-address/45.132.206.251/relations
# Reference: https://www.virustotal.com/gui/file/f7d5e31a90a7a436fb88277e0920c9675b69fa37eee1b97120a27f792ea8ca1d/detection

http://147.45.45.69
http://185.125.102.133
http://45.132.206.251
cowod.hopto.org
meyot.bounceme.net
wawigol.hopto.org
wayav.bounceme.net

# Reference: https://x.com/banthisguy9349/status/1838597449910251943
# Reference: https://www.virustotal.com/gui/file/6081b51cb35b877e585e65440539df92d4e8516d7ae087cb18b7a7ce87707185/detection
# Reference: https://www.virustotal.com/gui/file/5864b9c1714f615fa1fa40f60b9e14cfb534ec217e9e4a013fa5959217adabe8/detection
# Reference: https://www.virustotal.com/gui/file/49b342bc51fce077b6079d1473f88d69c6351ad2fdcee09abc47daee8f8fb368/detection
# Reference: https://www.virustotal.com/gui/file/1f8acba1d796a9ebaed193ece097f9e82c09f596ab79bd66362c5cda736df3d1/detection

yalubluseks.eu

# Reference: https://x.com/vxremalware/status/1838798677269262829

http://62.204.41.159

# Reference: https://x.com/karol_paciorek/status/1838878695269728455
# Reference: https://x.com/crep1x/status/1838887615107309852
# Reference: https://x.com/crep1x/status/1838884440543465937
# Reference: https://www.virustotal.com/gui/file/33d0af046a659cfa452a516d4e01d8bcf2528fb6a9cdc613f39862ad29352b4b/detection
# Reference: https://www.virustotal.com/gui/file/2260a3c1382cb6af852ec6135418ece6ceb004b9e214c2efa4ad4d8fbcbaf974/detection

http://95.182.97.58
77.221.157.170:3004
cdm-join.us
com-join.us
googie.com-join.us
googiedrivers.com
google.us-join.com
meet.googie.com-join.us
meet.google.us-join.com
us-join.com
us10web-zoom.us
us18web-zoom.us
us30web-zoom.us
us45web-zoom.us
us60web-zoom.us
us70web-zoom.us
us77web-zoom.us
us80web-zoom.us
us85web-zoom.us
us95web-zoom.us

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/09/vidar_pec_26-09-2024.json

116.202.1.77:443
5.75.211.162:443
bha736beb9vnaj46ubv09j1l382oejyefmosr9rthohnt.skyblueten.com
ewiojfohvuysu.top
jhfdkihdcinfhdn.top
opzovbjzueg.top
/t8y1zm36kbhtr.php

# Reference: https://x.com/ViriBack/status/1839831425714966845
# Reference: https://x.com/JAMESWT_MHT/status/1839919053541880185

baruopas.com
mazurax.com
sumonare.com

# Reference: https://x.com/JAMESWT_MHT/status/1841069772844220640
# Reference: https://www.virustotal.com/gui/ip-address/168.100.9.155/relations
# Reference: https://www.virustotal.com/gui/file/29f9b490b0dd1e5b8ce8d2117385904e30255dcd2c1ffd3dd9bca0ec3dea0de0/detection

aihaknlhdbgmcnb.top
gizpvovur.top
pbuxzueuj4zz.top
/jp7gwb1yq2htr.php
/pmo0nd1z6hhtr.php

# Reference: https://x.com/g0njxa/status/1841354134198378870
# Reference: https://app.any.run/tasks/ecf18c58-804a-4a7e-8e34-8445dd6eaa66

http://147.45.47.86
flauidriver.com

# Reference: https://www.virustotal.com/gui/file/6427b28b5735de15e796c60b0ae019328e948b62ed1448dc3ef71768e95e3cfd/detection

http://116.203.15.73

# Reference: https://x.com/chamindu_x/status/1842182475985907972
# Reference: https://www.virustotal.com/gui/file/1339ababa6729cd94d603404eab9bbc97fa9b19003fd4828c21787a417d82492/detection

check-key.com
hit-check.com

# Reference: https://x.com/banthisguy9349/status/1842291909693235282
# Reference: https://urlscan.io/search/#filename%3A%22test_gate0117.php%22

burger1488.com
hit-1488.com

# Reference: https://x.com/AzakaSekai_/status/1842441626989511062
# Reference: https://www.virustotal.com/gui/file/e569fac35f99fc61e42ca247768a08a3132a7555d80142c74ec6c80891f0fdce/detection

http://45.200.148.115

# Reference: https://x.com/RussianPanda9xx/status/1843484387754815725

hit-kick.com
key-needs.com
last-blink.com

# Reference: https://x.com/cyberfeeddigest/status/1844715663438328170

coincapy.com

# Reference: https://www.virustotal.com/gui/file/b9438db5715a2bbb1442102a8410677f64ea777e611ae1149db64e94af8ec2b7/detection

stadiagoodsoft.com
/y3x4kerwh8g7.php

# Reference: https://x.com/kddx0178318/status/1845787959271842279
# Reference: https://www.virustotal.com/gui/file/2d42e49addb09860700c9862f7416ee6da56a06d5a8580bede68ae7dac28993a/detection

http://45.66.248.237
/9e6547173a597645.php

# Reference: https://x.com/cyberfeeddigest/status/1845909490207773117
# Reference: https://x.com/lontze7/status/1846052305444987376

http://94.103.125.119
unlikerwu.sbs

# Reference: https://cert.gov.ua/article/6281009

avoufshire.icu
/cee6b323faaaf788.php

# Reference: https://urlquery.net/search?q=%22Malware+-+Possible+Infostealer+Payload%22&view=list

http://116.203.0.85
http://116.203.15.34
http://135.181.31.18
http://154.216.17.107
http://176.113.115.37
http://178.159.43.166
http://178.63.148.7
http://178.63.215.77
http://185.196.10.147
http://185.216.71.126
http://185.219.81.41
http://185.235.128.225
http://185.244.219.195
http://185.244.219.199
http://185.250.207.143
http://185.250.207.28
http://193.233.112.44
http://193.233.113.184
http://194.246.83.76
http://194.26.232.100
http://194.87.29.53
http://212.34.148.47
http://45.143.167.51
http://45.145.4.234
http://45.152.113.10
http://45.200.148.113
http://45.200.149.43
http://45.200.149.51
http://45.66.10.126
http://45.66.248.237
http://45.66.248.84
http://45.66.249.162
http://45.91.201.40
http://49.12.106.214
http://49.12.197.9
http://5.188.86.71
http://5.188.87.43
http://5.75.211.100
http://5.75.211.162
http://62.122.184.144
http://62.204.41.150
http://65.109.241.236
http://77.105.164.86
http://77.83.175.72
http://78.47.207.136
http://91.211.248.13
http://91.211.249.223
http://91.214.78.145
http://94.130.188.148
http://95.182.96.50
http://95.216.179.187
http://95.217.125.57
http://95.217.30.53
http://95.217.92.42

# Reference: https://www.embeeresearch.io/practical-examples-of-url-hunting-queries-part-1/
# Reference: https://urlscan.io/search/#page.url%3A%2Fhttps%3F%3A%5C%2F%5C%2F%5B0-9%5C.%5D%2B%5C%2F%5Ba-z0-9%5D%7B16%7D%5C.php%2F

http://103.109.37.19
http://103.194.24.14
http://104.248.116.84
http://109.107.167.209
http://116.203.178.118
http://144.217.185.173
http://159.203.23.115
http://159.203.26.132
http://161.35.32.38
http://167.235.49.73
http://173.231.213.89
http://176.104.53.78
http://176.107.133.100
http://185.169.253.162
http://185.196.11.206
http://185.246.66.62
http://185.70.107.230
http://192.241.178.28
http://193.109.85.63
http://193.233.48.86
http://194.36.170.210
http://195.211.124.201
http://199.247.90.93
http://209.81.92.185
http://212.118.53.103
http://31.41.244.65
http://34.89.200.88
http://45.132.105.156
http://45.152.112.233
http://45.200.148.114
http://45.200.149.45
http://45.200.149.47
http://45.200.149.53
http://45.61.139.35
http://45.88.105.102
http://45.91.202.84
http://46.248.190.217
http://46.8.229.44
http://5.35.36.211
http://64.190.113.223
http://65.108.232.93
http://65.21.252.189
http://67.227.174.171
http://77.91.86.232
http://88.119.174.222
http://89.110.108.94
http://91.211.248.209
http://91.213.50.18
http://91.214.78.178
http://94.130.26.96
http://94.130.56.204
http://94.142.138.170
http://94.142.138.251
http://95.217.211.148
http://95.217.96.249

# Reference: https://x.com/malwrhunterteam/status/1847361376030687486
# Reference: https://app.validin.com/detail?find=147.45.44.103&type=ip4&ref_id=01fed4ead55#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/92d393a4dfac16b28eaab68575e0884066afc977ae629cdbf158ceb2472fee43/detection
# Reference: https://www.virustotal.com/gui/file/8864b1f86fe9f6808a33265b21adbf6ba5c42540e1cfc162c25b91ab3f417722/detection
# Reference: https://www.virustotal.com/gui/file/7d346de923d42b26423082bf0bf2f605c3e17b1e2fefe3efd0b505f17dbd9291/detection
# Reference: https://www.virustotal.com/gui/file/6300660398334e0af41f952836621916142a31a89a0e6c6fa79638a126eca5bf/detection
# Reference: https://www.virustotal.com/gui/file/5dab975c2c7cb301061d5aa6752cb29cbc19c1f97bc14e8613b0f748e2c26c4b/detection

chattgpt.shop
crypgpt.com
gptcrypto.info
kmcpicoen.com
kmspicohub.com
softwhereapp.com
topdogtrading.company
tradingview.systems

# Reference: https://x.com/RussianPanda9xx/status/1849302359899246758

bitwelly.design

# Reference: https://x.com/ViriBack/status/1850622022730109251
# Reference: https://www.virustotal.com/gui/ip-address/186.2.166.20/relations
# Reference: https://app.validin.com/detail?type=ip&find=95.164.62.127#tab=resolutions

getfile.top
my-odin.top
truedom.icu
truedom.top
vdomain.top
vidar.city
vidar.news
vidar.red
tg.getfile.top
v.getfile.top

# Reference: https://x.com/ViriBack/status/1850628383148810675

http://62.204.41.177
/5efa3539c5c64cf2/auth.php

# Reference: https://x.com/banthisguy9349/status/1850570712743846213
# Reference: https://urlhaus.abuse.ch/host/5.188.87.42
# Reference: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.ssh.server_host_key.fingerprint_sha256%3A+f95812cbb46f0a664a8f2200592369b105d17dfe8255054963aac4e2df53df51
# Reference: https://www.virustotal.com/gui/file/a6287c25b82383fd89cd30eb759b2806badab5806fa8d03c5bfed831d87d9afd/detection
# Reference: https://www.virustotal.com/gui/file/a7ca400f035e392dcafbde169fcd3cdb6b1e47001d433437f034afbd85134e70/detection

http://5.188.87.42
/aa6217b8854aa121.php

# Reference: https://x.com/banthisguy9349/status/1852398714943406525

http://154.216.18.128
http://209.141.35.175
http://213.159.76.248
http://45.143.166.34
http://45.86.230.234
http://5.178.1.19
http://5.188.87.38
http://5.252.155.30
http://62.122.184.111
http://62.122.184.145
http://95.215.207.176

# Reference: https://x.com/StrikeReadyLabs/status/1852685572147408998
# Reference: https://www.virustotal.com/gui/file/1ed77857300416e4e4ea9177637598e7000bf53ba8c4194aec4ccc61ea29106f/detection
# Reference: https://www.virustotal.com/gui/file/9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b/detection

http://116.202.182.67
http://95.217.28.72
116.202.182.67:443
95.217.28.72:443
adp-welcome.com
welcome-adp.com
tavukdun.website
updatelink.site

# Reference: https://www.virustotal.com/gui/file/4fc7a5ef8cadf53201bb797b48b42f16dac02bdec55c732bed6760ceb695641a/detection

http://185.215.113.36

# Reference: https://cert-agid.gov.it/news/vidar-torna-a-colpire-in-italia-attraverso-pec-compromesse/
# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/11/vidar_04-11-2024.json
# Reference: https://app.validin.com/detail?find=206.188.196.25&type=ip4&ref_id=5e874dc0178#tab=resolutions
# Reference: https://app.validin.com/detail?find=206.188.196.37&type=ip4&ref_id=b50a7d4d668#tab=resolutions

gibuzuy37v2v.top
bdmgeiiifihjckk.top
clmejcgdginfnnh.top
fjjlkfakeinfkid.top
hmaajijghahmhij.top
jcgijjkddehkfli.top
kklhjldafbgmedf.top
mjjagccfegadkej.top
q6cdmo8n7h2qp446fdbimy40fgyiuy59p.marchatti.com
/o96tdp7x8shtr.php
/u94six0k2phtr.php

# Reference: https://x.com/9823f_/status/1853494226585080008
# Reference: https://en.fofa.info/result?qbase64=b3JnPSJCTE5XWCIgJiYgaGVhZGVyPSJMb2NhdGlvbjogaHR0cDovL3d3dy5nb29nbGUuY29tIiAmJiBoZWFkZXI9IlNlcnZlcjogbmdpbngvMS4xOC4wIChVYnVudHUpIiAmJiBkb21haW4hPSIi

abhbdiiaehdejgh.top
asfogvizieu4ib.top
asfovjhiuzue.top
asuhvziuez.top
bozuzxyeyvbb.top
bzyvyws4ub83z.top
ckebfjgimhmjgmb.top
cmcebigeiajbfcb.top
cmcuauec.top
dsghsbserytx.top
ehnediemcaffbij.top
ejlhaidjmhcmami.top
fobuxirhb4.top
fovuzue3ub.top
fpvuzhe73uz.top
gdihcicdghmcldd.top
hizpbbizer.top
iadkainhkafngnk.top
imfiejalbhhgijl.top
kcoys.com
kjalcimbfaaddff.top
ksduhvuzu4.top
kwzri.com
melmejkjaakiakn.top
mgjabikgjhhambm.top
oafivzueiakk4.top
orifviert.top
pcizieuvize.top
pdasivizie.top
psdiofbjzi4.top
pzovuzxyruz.top
sdaifviziubxe4.top
siuvusuehg.top
umbhv.com
vipvozmeuv.top
vxsyf.com
zknya.com

# Reference: https://x.com/banthisguy9349/status/1854075615881630037

http://31.58.137.238
http://62.204.41.163
http://62.204.41.164
http://83.222.191.225

# Reference: https://x.com/RussianPanda9xx/status/1854399865503056261
# Reference: https://x.com/banthisguy9349/status/1854416473558552641

hit-bone.com

# Reference: https://www.virustotal.com/gui/file/1b1aff92e45b47bb1fbb520600b38615ab19593d93740a337dc20ac19e14b44e/detection

http://103.20.102.62
http://104.168.7.52
http://107.173.4.23
http://107.175.130.36
http://185.196.11.151
http://188.81.134.196
http://191.96.224.174
http://198.46.178.151
http://210.56.13.114
http://23.95.60.88
http://39.99.131.244
http://87.120.113.217
http://87.120.84.38
103.125.189.155:8848
183.102.83.247:7070
aarzoomarine.com
ankaraspotesya.com.tr
armanayegh.com
dataxx.netlify.app
electjimhenderson.com
gig.energymaxgrp.eu
pub-9c95ff56c7ba44c98ae7daad95f5689d.r2.dev
pus.rollerswpush.eu
realark.net
sbelegi.com.br
secure.cloudtechnologiesusa.com
winyardbuilding.nz

# Reference: https://x.com/banthisguy9349/status/1855559458786570439
# Reference: https://urlscan.io/search/#filename:%22chrome_131.exe%22

gest.llevadonas.es
gosp.clinicavertigen.com
gosp.davidmolins.com
gosp.xaman.es
osteo9.esalnuvol.com
perseverclinic.com

# Reference: https://x.com/banthisguy9349/status/1855571110500172265

adp-auth.com

# Reference: https://x.com/banthisguy9349/status/1855545553796346020

http://147.45.44.190
http://5.181.2.121
http://5.188.86.231

# Reference: https://x.com/banthisguy9349/status/1855580354591015200
# Reference: https://app.validin.com/detail?type=dom&find=xlayerlabs.com#tab=host_pairs

apikokoapi.com
xlayerlabs.com

# Reference: https://x.com/banthisguy9349/status/1855579391708852460
# Reference: https://www.virustotal.com/gui/file/cb974d42183c1b779dd9b15f5014893e4ccd7bcb1c56c62416f028de759ce607/detection

http://147.45.47.61

# Reference: https://threatfox.abuse.ch/browse/malware/win.vidar/ (# 2024-11-10)

http://107.191.36.218
http://116.202.0.195
http://116.202.1.77
http://116.202.179.237
http://116.202.181.51
http://116.202.190.124
http://116.203.12.50
http://116.203.153.40
http://116.203.165.127
http://116.203.9.188
http://128.140.110.241
http://168.119.104.177
http://168.119.176.241
http://168.119.58.175
http://195.201.238.207
http://195.201.89.97
http://37.27.186.135
http://37.27.26.28
http://49.12.115.229
http://49.12.116.191
http://49.13.159.121
http://49.13.33.252
http://49.13.89.149
http://5.75.208.137
http://5.75.212.60
http://5.75.213.128
http://5.75.214.144
http://65.108.57.141
http://65.109.140.8
http://65.109.241.221
http://65.109.241.94
http://65.109.243.105
http://65.109.243.177
http://65.21.5.236
http://78.46.201.42
http://78.46.255.249
http://88.198.239.243
http://91.107.146.245
http://95.216.176.3
http://95.217.220.103
http://95.217.237.91
http://95.217.241.48
http://95.217.243.180
http://95.217.27.167
116.202.10.20:443
116.202.181.51:443
116.203.0.85:443
116.203.153.40:443
116.203.9.188:443
128.140.110.241:443
168.119.197.36:443
168.119.197.39:443
168.119.197.49:443
168.119.197.51:443
185.225.16.54:443
188.245.203.37:443
195.20.19.15:443
195.201.238.207:443
195.201.251.31:443
49.12.106.214:443
49.12.197.9:443
5.75.211.100:443
5.75.213.128:443
65.109.142.154:443
65.109.241.236:443
65.109.241.94:443
65.109.243.177:443
95.164.62.127:443
95.216.176.3:443
95.217.220.103:443
95.217.28.72:442
adp-login.com
beta.my-odin.com
gospirt.top
inidgo.site
kasm.zubairgul.com
lade.petperfectcare.com
myodin.red
nobalance.top
pasred.top
proxy.inidgo.site
proxy.johnmccrea.com
pullride.com
samtes.top
sixburda.sbs
tougn.website
um0re.xyz
urusvisa.com
v.pasred.top
votae.top

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/11/vidar_11-11-2024.json
# Reference: https://app.validin.com/detail?find=193.149.129.134&type=ip4&ref_id=925a09a23aa#tab=resolutions

bizu3uvgz3z.top
gidcldeaccadneh.top
lucretiayeh.com
luxuryboatsrentalmiami.com
magiaaldia.com
tibhzuygfuyz.top
14601kq8n2bt4agr6ujiamar248inr62.luxuryboatsrentalmiami.com
37pbidkeil10wiu2wo37xzey0enln98m7mwo.lucretiayeh.com
jdq33phhue7lvf3177sbr6c1xl58awijz.magiaaldia.com
/p18ndj2ovrhtr.php

# Reference: https://x.com/SquiblydooBlog/status/1856415307658670246
# Reference: https://tria.ge/241112-v59c3sxfnl/behavioral1

http://45.61.158.86
http://5.75.214.111
5.75.214.111:443

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/11/vidar_pec_18-11-2024.json

danknlmmaahlimg.top
pbizntettbvs.top
rigzuvzi3bnz3.top
006s8yhantcp2amn27iqyiklvwv2hi96adpkq5.loanofficerlicenses.com
012npjtsks1qfflvz17wb64nbawr6tgpq3p3r03t.liliana-and-charlie.com
01prxcbmnovvzs77vybv91bt9q8iwf7mv7m7.mallorymordaunt.com
021bkqizwghur5j5snzvvuyi9ic1910mi.mahmut-arslan.com
024e80jgbq0ywml68n3pw55hjamjcc76t.luonations.com
025rg5f5wxfq0yrxcig00c4p8oc8fb.liliana-and-charlie.com
03k9z8uf0pfzfsnsjc8rspshy3ubxyjlmzib.louisecielecki.com
04b1pewnxzoivxvra0uf8iownej6gvp402qr.littlepaperwitch.com
04xh5qy8bgr70kv9ybbpgy4afynmy4l.littlebitoflifephoto.com
05kay8nadsur598g6d2m6b5hnagf6h.lousywithjobs.com
065lask7qehmncqpqwfggrzyqjxbccdqe58ji.logos-freight-broker.com
06aalhjz5zkgggk4zt9drxs4jm1grfo.lolalarougestore.com
087xci9qgapca8847ybf8hhodzbt2y0qhetbk.liemlightpod.com
089svp3i8keygqry2i0z2d3ne3rybs.makethegamebetter.com
096irl55uvaxko8n2ek1n4i1l7da3z0xzzzxll3s.locksmithexpressaz.com
09i0bnr3zqx5m176b278mt9yt4mnf2.likemyteeshirt.com
09m41j7dnmaf80fotbo6klv3d4soaty8eykwtuk.lightspeed-tracking.com
0aja8030xrr09j47nlboidwldvoe6b7v3p.locksmithexpressaz.com
0b42qvl3n7ybghh91knodiym37utrx.lynsgraphicdesign.com
0bdo15wjx3n2b7oqx6dsgz4fx80ykszgqs1.makeurvisa.com
0bjtgrpmzbmpxg5nxcari90ni7zff7e9rsv8mbd.lightsportwear.com
0bnligygzyt6dq2prkpmp4j5ix2mbx2.leylaandlevi.com
0bwox2qhoa61ewwe8tvtq83xvdwvustnzrh9.liporase.com
0ce0kqdo2uowdp57f5wdoqpdd77ubv3bondav4l.losangelescovid.com
0cvx9gl8yq4zzoksrui2vypcfaw99y7k1.loanofficerlicenses.com
0d3e8qa3znsebwnav3nur9wc0x9nipwj8.majesticheightsfarm.com
0d3ilqzguhgkjemqkealq4k9lbq5dn2ncj.lmartlicensing.com
0doqk5fyfm00sirr6oloa6sh805no8xbqolj432.ligaskere.com
0e4zs8nej9966ibiyx0zyvxnteo789lzagl2t.lindaforjupiter.com
0f2zg2ejpn7bjsoahhn2h8zangion04eghvo7ln.lyfedepot.com
0fqrabz1k516qc3vvd3kgdpp415ag4r.m3powerhouse.com
0hesr2srn8904ev2xr6sxids98b1z9zld0fh.magicicalhypnotherapy.com
0hxmyuo00e44t3qfjp1uwr4b0jz79bsbk.livecasinotipuk.com
0konwm01qarcc35f1grn71ep1gp200odogre2ihh.lumisenergy.com
0kowg2wrtbvnwitrhjugu85m5txjqfzk32vs8h.lumatika.com
0kz3icem137lpsih5lnjtxoax6u36n7zcp.lmartlicensing.com
0lryk3t6hi1jbduqkfxyq0y0qjbv4irjlep.makeurvisa.com
0lzfry5ulmaqkie6v8qp4d1cd1fjk7.madaarik.com
0mm2vvr59wpn8pbc2ra9u3jd2ily9ji8.look4hosts.com
0n62k5cv98gkl7uv29vtp7qwzay0qe.livecasinotipuk.com
0nrimo22au4keqp0hjysmh12x8gt5mhy8ckm9b.look4hosts.com
0nw1rkxqnu7j7zrzpsxnhy6coo48ztkxujeml.liftofftalent.com
0o79ea7gcj78f80g9n18o74ktybfi987l6.locksmithsupport.com
0oa4tsrdbpkj1v649juc1zinfw35v8m6.liliana-and-charlie.com
0oc10k3l0nyx5uwcdvv0b8jk50pdr62.liftoffcareers.com
0ojmer7g8w76f8wsgqgdzgxuk585omeo.mackfort.com
0onlp1kn0fjw06ju25vak2jlg0jupqu0.lightspeed-tracking.com
0p1j61193li5t9lk9k4uzajiaqqd96b9.lucaschip.com
0r4i4ajk7p30el2ewwgy0ym5gq8lo0db08n2gc0.madaarik.com
0rycjpxlpd9e5ufi7sg9cnuhbub75hq5k.lynsgraphicdesign.com
0rzcwqjtg3ejopcw6omchjj3pohryhuz5i8kx4.machinerygurus.com
0s7dc7ot0vt4mun3b0nyt5n8a8h7i8.liporase.com
0schyld6e18mh14nhhu3fziwwpueob74.maidensingapore.com
0sigqhf07wh8dyfghiwvqgeqvu17mzax6n8.link24pro.com
0t7iajzd9v7a5kbinrqrtc1370a5ubnacyx13ciq.livecallinsurancequotes.com
0t9ubo21tm5dxc0ansyw20uetx02y550i2s1.mag-stash.com
0tbjzsyo1r6vc1w47ut483d4wri3xx319gifby.louisiana-events.com
0u7s53u32qfpwmccmbg5rhoccuvei1gbru5toc.liftwithlilit.com
0um219q1u58upcj31i8jzuymf254gmbgc11.makemoneycoder.com
0usza49sk2il92pxg49i1aytmwtiptpp331yte3.leylaandlevi.com
0vaz6ytlcu5y2hluhct5zpmi0pk92zt9.lynsgraphicdesign.com
0wg9oex7s87myx6ih30k2ty837xjn2u5o.limawhiskeyclub.com
0wzv1ou07kyoia09l1dchcgo2p1a86tnra6.mafutacredo.com
0x6zofl50b1fbr3bpw6ot7e3vutdr6td5vuu6.machinerygurus.com
0xh9nzdjd3gipg03p4fnt7vxbyah6ohjat.mafutacredo.com
0yl4yg9etkppw654dufvjirmgqjidswrl0x.londontraininguk.com
0ymzpv878u3prhwos6gsvr5xvj0tif.luganopearl.com
0z3fz9cst87h3d0fhfwsuen5d4js9248lmcah85s.linamcaceres.com
0zgoywkp556d2my1ntzskcas10yiqt31p1.littlebitoflifephoto.com
105ex7j40bxl72r4h8ac2hvxrvic9zcfz.livingbankless.com
10hhn2dwy00dqaegfpsdoe6mqnw24uyo.luckytuskco.com
10w0la811cxcekyc2t4cql927rchfjca.lumizara.com
137ugsaptfa1pekvyh5jai65b9rn5cuqmu45eu1.m2kastoun.com
13i3y267d0wti1p09fi3s1l6h1sg8px878xg.magicunicorn420.com
13kszqht2kxirxjztktci8r6hbab32x9bq5.linhunshops.com
13xqlnipl90sdpw57mwwd1sq2pyc962ix9w8ul.malasvip.com
15d7l0tm01tt6ihl2s45zajoc2ooris.locksmithsupport.com
15e5zqj0zngr9n104uu7crz0ojgv11xzobjmq.logisticsdream.com
15h3xr8jma91zcl0hc6lbkcz0otp023t.localinct.com
15vgpig8yx6tdq0b8os2swd55h7hlxyp.lovemynesttravel.com
163u9mb6mf5r0glaqggq4e1tggip5mb.leylaandlevi.com
16in9el35q4z7bbxe3kdpnu5umxlionv1.lyfttow.com
170l36ykfrfw7gwusewd3slf82jnbqme.loveamazingdeals.com
171n9cbz0xuec2xot8pfr6k8n7jocze.live168today.com
17iz043mcame6knmfpv16tk4919sp4u08ilcbsr.loan-payday.com
17ql2gea01yvetyarzala6ks2x38xw2133oby2.look4hosts.com
1863cfxlse7cuxxiy1q8gc5b0eaipqvvqbab6.liemlightpod.com
191cw2q50k3de6jyp0gh95qcv81sjw.lexicarsonbeautypro.com
193kl3ic3xxu5cq7m7xuq02lvwqixgyy.lovemynesttravel.com
19ssdbknkrreukniimd2s9uwp75g79244l6o7ua8.lyfttow.com
1acp3kuikduuzx9oe91wle3yx23mk16w44.locksmithexpressaz.com
1ai1f5bk1udn5gjau6g3lydni4o1ysyxg1uzcn.loan-payday.com
1as5ett3nxruqphg0n5e3o2xace98keusn9gee.lovestore18.com
1blxyx6edx86fhpvlyhbx4tdynudwegbg4xl6fpp.loboshuerta.com
1byuu9l3nk6ufy1a0fcj8jb8itcgufusbcm1bw.loanofficerlicenses.com
1bz1iq1ib5sqa2qw4mnlhq17vsojy7.lidaralekbira.com
1c3r2j8mubmf0v5q5i1kipz9o5fbiz.luckytuskco.com
1c898c7w1l2ephzaexr525p7ygdf9i0.makeurvisa.com
1cg7qs14m80e0d39bm8qx54us0h3n6hay42.mamlaktdecor.com
1cpoc3ofi096ogwmhqri50l80ygj9sx82vul.lynsgraphicdesign.com
1d2md8r61ity09c0w30ed0z5mcbd3gs70.lukescotthall.com
1d3htcwfb71kth0bqbw71y8jlq1up4c088.mabuustore.com
1d62dtzhw56dda4qmtncwc30xfql4h1v19c5628r.lyfedepot.com
1dl7i48oe0g8pgyjxvxspdzmiti6exevfg.mailtobi.com
1dtg3pp2csof0nmv9p0i322vg1vxwbzylb1ap0wd.littlepaperwitch.com
1dx8w4zp5k49j0fglcrvunnqsp1esnalk8ko.makemoney-onfiverr.com
1e47ov6fdon9awq3rhe39nhf73sbp4.leylaandlevi.com
1e71s6iu9nb3b6pgyq67wkzxyzamlwdamnz.maidensingapore.com
1eq127sqbzwo6q5ozg63c4zvx6pu42bjj0w9bn.livingbankless.com
1f7k1zmh9tlavqz2ntt1evmyw35uw32ifevwyf5.m2kastoun.com
1fpdmfryagcffat140xnil7pgi6eh9.lowcostoptics.com
1gfcig6br6argkvzjrk11xvpep95p8dq.livingbankless.com
1gn917hwc9hwpma4mihoi6mn6a41p0.linhunshops.com
1h6c5549jmw85dqbjcxs04djprcfoa743.littlethisandthat.com
1hjqv57lh4887mffnmb9y55a9iyvnhfcij2d3.lumisenergy.com
1inkbrhuucutd99f2ywm0d7j1xyq0hw5adkkbt.loanofficerlicenses.com
1k975uemrufr2jcoz3o3jor7upyi5rneruva4w.lexingtonfitbodybootcamp.com
1kgwlhgff63tx0lg6digh812943vo4v1ufz2qrn.littleflowermedia.com
1khy0u83xefolukfei0drxlya0aaj4ezox.lynsgraphicdesign.com
1lup4bu9gymr3dirhucd7nc5vz9hd840d8e.logos-freight-broker.com
1m17lm7k9fwrtgb4zo36bcva774ch2n.lexarcane.com
1nrp180o0yt2fui7udag7wloeakja5l1mx7vqe.livecasinotipuk.com
1p2fqwh0350nwjrtqtfrmmejntg0th26xax.lightsportwear.com
1peadh8xdj79hx8wbdm25y0nvhwvicn.maderafurnitureng.com
1pnp43a883d066iy3fyiucbc41tmilo6w7h.madaarik.com
1pt4b9vgl9nfy4bsw94k93t2i3ovzz2kqy1.mainehandyworks.com
1pztn5a2idqpz9wb26y8zomdoxfuy2ruww7i8.machinerygurus.com
1q6tgyg8dt4zwx0n77703novghn2dh581lume.lianickel.com
1qttjkzpw3oxhuxw0focfxxqoi4zio74vrrooo.loveamazingdeals.com
1r341h9if65n3nzlvpzrznq3ro1h210.lycheemango.com
1rrsh6eytgsbumdsa3obtkkxvntxpi.malasvip.com
1s6yckfxkb3oyo7gt1c8a9uipkgrjg1xf4.likemyteeshirt.com
1so6akj9mzsqawhe50z0rx0fr1ud8ym.londoncabtransfers.com
1t7qhyepx7da3lgszs0bqtqt306m4rbs80i8z68m.malwarebomb.com
1tc3dgihlxvxdvx7krabykz1ryx6e2c.lowcostoptics.com
1v9mmmnarvmdvx7feh2hkuebyauuwzoh60hes6.livingbankless.com
1vci7e0lx2nyyqyrzhpiw5ig87c538e4xctb45j.machinerygurus.com
1vtgyl59rmu42phhj1sczzyaqggf22zp5o.luganopearl.com
1w3etj40p9gota412k6ukx6egrfix7ufil868wu.logos-freight-broker.com
1wezdc0akncdrd29znqwa3nwbfz65yibmfx.lovestore18.com
1wk2e3by6hhwidin4bahf2muxvoiggonoew9xv.littlebitoflifephoto.com
1wu5eo85m1lpvk67o1ceb992wmaapdcvkgs.ligaskere.com
1ww7ymtvvmyzokc6olk75tw1jqgpr62im7qid.lovesthaifood.com
1wxo7rhxabylx1nlmib3b15ketqy3mbre.liliana-and-charlie.com
1xonoljmlva1w58hzy5umovu3eoixead29c.louierugs.com
1y0m41ubknmph0y0z2bfiyself7y2bdt.luonations.com
1zn5dvypbpr01cwgmbqk3mpgg4s5ilmifhj.liemlightpod.com
207d03ntjj4h6o3ejze0guvc90qby3v66o.loveishair.com
207zz0jqybg7snvxl3vfz2djh0d8v7ngx8.likemyteeshirt.com
215dqxkgwfwuwp7w7hs6n2qypr1418otp3c.linxlimo.com
21k92iwdq282biqo6aquge3ynlbn479qhngb.lovestore18.com
21vpnjcblacz8g7awilaekp41j8m7ze4h.lucaschip.com
21y869763d4it8u0snb73dhlviqplbwyghz.mailtobi.com
228582e8tkdsdamb7ch27mepx3xgb11okx9i.mafutacredo.com
248jtirkhqr7t2s9d205em8otdnu0bzfw.li-foon.com
24dgjvrk5met9uadp7cmobcn8nhud91ui1.mafutacredo.com
25w570kcgup7iejict7gc8cgz94gx2.mahmut-arslan.com
2631ji9w633jd49e0ygpdtjxq4bt4z.magicicalhypnotherapy.com
26ougrb2ysbh5py0rs7sw1vntdfzgsb4jehw33m.majesticheightsfarm.com
26q8euoerdw365c30bt696zkfvasmn9u7x.lycheemango.com
28c75ycq6tlvqd26zprgwirpsjzb16cu2.loan-payday.com
28cpbri1eabp7hosyulah1bkxskm0nuceb.makingmoneywithebayandtheinternet.com
28f5supm3mfv4jum04muxscu6oc796b89hc.linamcaceres.com
28xdlmhpaaszzl3smg9kwblaray8czf5jw.mainehandyworks.com
294kqf5dr6cjanwao0w9fbpwi5i4r90j9kxzgk6.littlethisandthat.com
2a8m40vhlnia2tujmm9g8wqcjcsz8gxm.luxurydelsol.com
2auckrgw9dcndralarrd5oeabt8rah5qm.lovesthaifood.com
2av3zas6a8vedgswqhkfaobgsy9hi90j49jtlca0.livepuertomorelos.com
2czshj8c329jj9932achyehq3wzoq3132wppih.loanofficerlicenses.com
2dn4egmk5dqd67ujipm0v7cz69gdr9.louisvillekneeinstitute.com
2ek91x9xm5n0d8dbuige5cep1u6qto336p79wyd2.littlepaperwitch.com
2ekmk6gz2ad2s5du6marhzgwlpd2upu3qczsop.londoncabtransfers.com
2gft82qn1uorfqje2ncwf259q7ztm9jv8tw6.mafutacredo.com
2gxrpw92lqkwe5snsggos92od6i89cfs7w5ttak.magicunicorn420.com
2h6lthaxpc7uftd4fsmi0682psndfg.lightsportwear.com
2hmslm2ngey952scofn5v7xdz01fyv9udoipfwe.malivaktv.com
2i1at0abxfs7xj1n9ai4vt17ghz118qsr7i9sbnj.malivaktv.com
2iz98lpea81hnf8p7w2d1ent40iwzafs02j1v.logos-freight-broker.com
2k1di3d89qjrj2r1uuwgj0r6336ue450i59.lingen-art.com
2k60qpu5jnd0uv9hkgduphhcegd7y7w76.madaarik.com
2kadajjj89von7pkbpmxr3ikn8ogspzr.luxuryboatsmiami.com
2kaj74ysc47roic3v07e7tpnpvab4thtl04xmr6.lingen-art.com
2kcyb5fh0wbk7q1jg8a9u38mpp84wmf.londontraininguk.com
2kdkkrpgkuousabbc11fau5opw6ookj9c7k48o7.malwarebomb.com
2kp92tztmwh6ayud4y70mfvz9hwkub3lxbht.lightfeelingtravelagency.com
2l1ngddd4fvaydhtizpmucgzub2avthkmpju.liliana-and-charlie.com
2l48039skerc76lhc6oe2p63si02zivdtf.lindsycarter.com
2l4dkk96ic5r8gi9v0vgbkynv5vpd801.litusonline.com
2l712lz4rn32rr708khoww7c7q9mhaoa.localinct.com
2l8dsvj70i73vp5j4urh0uta9suc3ursqxb403t4.localbusinessangel.com
2llqujwuze5mqs8479ltl4yo3cyymcfvga10i1p.londoncabtransfers.com
2lo0qstsexvne1yes8tynwgjd3ctfww26nr33p.lycheemango.com
2mi4ngw1pf1z67f83l09ury7hal5z7972yudv.lumizara.com
2ngup2hv8wmxd6hf3daln6zwg17bkqcb.linamcaceres.com
2o38llmeqt7v0hk8ica6r0b1bfroqdd5u7dod9.mainehandyworks.com
2o3qpwgk6vfwaove4f5oieqvmkay1kcyrg.loboshuerta.com
2ocybi7l79sa6ltlxzfo5j128vydu4.loggerhedz.com
2opbgj6ttic49xi29tarlskw1dv91kyg8aedn62.lilitdex.com
2pahmaky3jz1acey7103yrupudqjchxq.leylaandlevi.com
2pdf04f023xj015t8bywcj3xl2d7jg5fd6z6.linhunshops.com
2ph3xp12y0v7y9t3jew414ebsesc7znvm6uxvy.lilitdex.com
2pspkdnod1gmo0npx0uvv891ob1j09udx4zp4rb.losangelescovid.com
2qahp2e4um1u0h7g7ph2a87q94835t.littleflowermedia.com
2r8u8p1zev6lp5rd994x0kb638uguudty.logos-freight-broker.com
2rfipnere21nj7uz5jtaazabg6bv6be.luxseni.com
2rhas43bigdl2sysohzaoo2aloh3q83y8q.lyfttow.com
2rojerez6ybl5zqwbq0ghgwgwreufkby8xy4c.londontraininguk.com
2spoo9skgeekmw1zadewu0jsaqjcsdn79uq2ub66.m3powerhouse.com
2t3qwb8wa949k2zo0xws7t822fvbmh4q.loveishair.com
2u5j04ix9wbm1sqbe3cbitlgxs15l5mdrbp6p.lovemynesttravel.com
2udq2wbnt51vyw1pspdiwhhvco51b04per0p.littlebitoflifephoto.com
2ukx7qmqn1gda0c7fashfu9rp3bg0hnt.m2kastoun.com
2vecwvhd0jpo8fkrn8qb1e3agcj4aj.loveamazingdeals.com
2vg1rbru38urzvio3sz9h1snsymcjw.madinet-masr-eg.com
2vjbpiozq0f06bx0jy5uyeq24uq68texjz.livecasinotipuk.com
2vv3oql0kb227aftne7fck6iqlnot04kwqi.lycheemango.com
2wuxw1rx4uigkdih7w5smfkgsrkqsiarcrkujl2.lokislist.com
2xg9gbpsv2u5kpp3f9wwrnn7nw91xepdw.lucianmarketplace.com
2xmhzboa0xzc6qyv4o13cvoqacc7wkj.lovestore18.com
2xwy82brjfdahzgyci4p1uk7qnb8x7k94tk7u.luonations.com
2ykzc66ixdbu79z1nb4saxl1e992qq.lyfttow.com
2ynb6wj6xkn9k6cccofmohgyati8q5y54rrfc3.makeurvisa.com
2yz0lp6b3miozil9p3dxjmcke1h3m82ly97lp.livecallinsurancequotes.com
2z431d93wqd0bwq47ihdtv4hvummz92c4k6cr8.mamlaktdecor.com
2zrt6ucbbl04gzhxw4fbzcawflhoysc8rq9i.live168today.com
3030lcm04uqf155ip050239tu9xoelrsc5gw5ncs.lorsay.com
3080sb5cg4cw4qysvu7tb88wn6je5osrfolr7.magicicalhypnotherapy.com
31na7jyzhle4omx8aplczvimf45r6va6n7i.louierugs.com
32k3171g7hb0tkbhxaregn7ibae80z.londoncabtransfers.com
3309ttb4ncvn0jmgzzjjxyf4xgpnhy.locksmithwizards.com
330hr106nhcieqzoyp62o0cwt2yzxetlaylu.lovemynesttravel.com
33a3mx3btf4gjmhfy10ht2ds40k5z2c.linxlimo.com
33c424i0ujxy01oj5la42n8u8iwlcaz5a.liftwithlilit.com
34odhnjgx4dki7qew8epbke46l88sfzwb.luckytuskco.com
34ro074sntf5lo5xr2lkjk714pjzb2d.luxurysafarigame.com
352bkxnqjauaki33d6wsvmb4b26e4clw3i7eui1.limawhiskeyclub.com
35j0r8roug844l1tgbksz6f4quhtcg2rk.littlepaperwitch.com
35r0k2g4w3hm8ejcsd4mprxawospc1k37j.livetraces.com
362v96fe0ih5rcdxqjndfd966urehjlw.luxuryboatsmiami.com
36qz0tg1h6taqbsog1z1vhuj6g0inm940.lumizara.com
37gdzx6qmtj2d6zuvn4xr05dvi7rkrdpjmcyib9t.maidensingapore.com
37hy2104w5h3hmufl2k78pvkdw4i1il.lexicarsonbeautypro.com
37msx1zhlopc4qsge98fptmz6b83yhe9ojzyu5x.louisecielecki.com
37smce2ggbajtv15t99hossk7z89w3jy8669k.makemoney-onfiverr.com
385c8dshzhqdw6u1nje0h3qj27mj6oesw9y.malasvip.com
3996qk5bjy4w8fmih20hnj9utl626ttnpl.locksmithwizards.com
3aagkw5o894uk4avxx2nmpiajct7a3.look4hosts.com
3aewh4mpwevnuwb3xdxkc9e85cmlfdcnb06.livingmontenapoleone.com
3atwrcyeovejmuum0a3mi6vdvzh1toh4mdvc8.lynsgraphicdesign.com
3auxf33n0yyllcn8pk2bqrzjw4gtxo.lindaforjupiter.com
3ax35xukkb2cdrurd3s7sni3p14pac2kr.loboshuerta.com
3b3xk9ixrhfwnza442b19no54dtsij5tb.makingmoneywithebayandtheinternet.com
3badwoq3hd48edbak819uxyn8lo498n.loan-payday.com
3bnvdf8v9syfomi5gcf1c8hwz7z8ro937bq91.mainehandyworks.com
3bpuy1m6jc0gf7tm06qmewaj4ve7bybzkk.locksmithexpressaz.com
3bw33qh5wlu5fxd2eto47asihjcl8ylsym.lmartlicensing.com
3dj9wcq1lmioc3khfk6qh9e1mlanfmgkdrw3u.livingmontenapoleone.com
3dkr8ehc39d7ca2y7ncjtnfeb67mmkt3w.loanofficerlicenses.com
3edfob8v3mwh9odhzy47ddp3kkcsxdlgd.malasvip.com
3er2qq14pqkof0d5jyiamystmjhx0faatvzx65r.mamacitascasita.com
3fgl4cg40z7bn37wehfs3c71433tig.lightfeelingtravelagency.com
3fpdv1y0kk2eqbdd7fnwpsl0ts7cod.livecallinsurancequotes.com
3fzo2cl1qepkj2bwlhtbpuhyhlhso13zx1aaq00.linxlimo.com
3gjzmkvwxj5a39r3artyg75frmo4a4h6gzt.makingmoneywithebayandtheinternet.com
3gt7d4o76n1wwn4gz975tnqyeb6z58yqiz.lianickel.com
3h7ifs249zt8tldzw7d7qpnv1x1jflrmp.londondeccasociety.com
3hg3x6ktv5dqt5ml1l5qzmvebgssgyt.lyfttow.com
3hu8ul5xnmvcovqhu238mqb8yr59oc9i7myunv7.lianickel.com
3j638awui68btd1zzwvx518c5f4hxmjswt23.loan-payday.com
3jlxpc4jqsrn8ufvn8m9koyauz6aij6te.lowcostoptics.com
3jye2dyj3cjrdka5nyu7kbfy9en8g531f2e0.mabuustore.com
3jzi3zxj693jdijpvl5dl680z6uxib5.linhunshops.com
3jzmq4c04u0nl3oe66tc6dfzql6sqe689271.londondeccasociety.com
3kd9xeturxnohjz74ynzmgsi2ucu40w148d.lukescotthall.com
3lh98afn87e2helc0icc68oinecmw7mlmdbz.lumatika.com
3m17yd12viiq3itv13n632kcdcdkr29.longarmsuppliesaustralia.com
3m94vc75cv6r3ugg7pvzhgw0hfubhzffoljml.luxseni.com
3naij854uj9zj37bva265f6rtncoyovk.luxulystore.com
3nksbzcytuw9egil9we5nvynnsw8aw23d8v5.liftofftalent.com
3no6yu01wj7qpvlsn5q2otvz1esje4h3.littlethisandthat.com
3ns6sxrretfqrm1zh46iixqslfhawjaffxv67y.livecallinsurancequotes.com
3onnwqz4gm6uuumb2uzz4o0gf4e0bhf4ziekn3eh.m2kastoun.com
3owqdcv779acp72qbgd2vvrlp4ujh64p661e.localinct.com
3plpahcm3soxanduefn8j52xq229lbrgn.londontraininguk.com
3q3lsttpkzcjfllrsq6ov975sa6897jv206w.liveedgelancaster.com
3qxa10s8jqdh26bkhdnhtblxh6lsrh.link24pro.com
3qzt3erh1kzpdp3jjg16m90fu36cpev.lowcostoptics.com
3r68b9ae2h4yrsfrmrlfd19kx0prqalcq44ttkt.livepuertomorelos.com
3r77yhlp1q7duxg4ejel6lxjuj9ruhm.londontraininguk.com
3rrto4odwttl2x3isi25mqvnh19j5macqd21u4.littlepaperwitch.com
3rw7q8altx9v5w4vxz1q43vk94jtkw21aksohff.look4hosts.com
3sakk7yuprtil28e0e41jhzoyf7ckptm.lowcostoptics.com
3sox5u426hhqv437rngjbb2f8kxmb5zq1zi.mahmut-arslan.com
3tssntsa5jsd2r4h4gbxgmecdkk05dzhl8cmh.lightfeelingtravelagency.com
3ucnsae2pwivhwiffginpf7m4tjtwm.malasvip.com
3uis0amzms4c5a02dexzsz18o2b25fq6lnd15l.m2kastoun.com
3umg5kbjj3kd1p3gawo7gzm8cw1uajju8.lycheemango.com
3wq1ip0beng98iskv5xbrm2jbiu2c3l.livingbankless.com
3x56eznozc9qhv83fpdzy4l75c4rx9.linamcaceres.com
3yj9abzuuazmkrpsgn1hsstt5qeh9us99on8q5i1.lyfedepot.com
3zgaj2g9hdrvxt1eb2qhp6iehjri05mmegnf.mamlaktdecor.com
3ztlndcwwpiopg90hnd7g9uekeut9kaa.litusonline.com
40alylae2m1qzz2xzci9sj0zjvfguiy26mzksx2m.loggerhedz.com
40cubz4be0nvuxudqy8vxwmi0kxryre2pjg01.lumisenergy.com
40vz69ovwdtx1nakan45ienasbbjx2r2a7e.livingbankless.com
41h2cfk1aff8i96ytl4ijmqclbe6jkphlgymctrn.lopmoderndesign.com
42c7u335lj7h7i6dd4s798n9ij1vy1j.lubalkalam.com
42l8ldzrq2mgc3plxrai2454k6acdfab.mamaki-mana.com
440zk48svna1nwkiqg1bpxtuqcu4hbt.mamaki-mana.com
446h7nqqy6szdf5g6q676zadzy58nmv1llh.localinct.com
44n9ah8ccka5e7f8zadosczx2n76lkpa.lifehack2099.com
46tn1ee0lywi3hua2zfd1malhkftmt79p3ob.makemoney-onfiverr.com
46u1dwfshikou62it5pgadmmp4wxkaq.madinet-masr-eg.com
47c64rng219zampxomb33fpo1ycjzaddpldvg.livecallinsurancequotes.com
47lx7fxg53c0807f54iittj5uugo4whn.lidaralekbira.com
4894jqvi6l27q5zz9pu7od1n2h7fptu8cd.lokislist.com
49b9n1vjl6ao3pqd2zfdgsmsj54v3g1as6.loboshuerta.com
49c4i4tlcoqvxyk6iflpb6e6xihri1rkr.longarmsuppliesaustralia.com
49o70sh5iy3inrvcpxv52d1p7vj3ul.locksmithexpressaz.com
4ao6an6ygb4jj2xgp4ajf2gufylyuig7uik2.louisvillekneeinstitute.com
4b9uqbazwdmy4z8u3ttyekwtxykc1za.makingmodelkits.com
4bg3egn8de78lfj4xl24r691mo2cgan2.makingmoneywithebayandtheinternet.com
4cen8jtxrbmog9orfeap3cc8uj3f8gx36.lovemynesttravel.com
4cwgo16ua22qoihzei4foodr1hfr79.liveedgelancaster.com
4dgutzwd8pa6ne7rne616dlw33vd3tm59cur.liftofftalent.com
4dn5tm6mh5j236m2f05sh73ghca4ufan1.loan-payday.com
4dxi9ddr1ip13eapno02414zu0c6gezowh8uu.locksmithsupport.com
4em21hg3mdov489vwm1xb5mmvd4cnmeenir1p.makeurvisa.com
4f006gewgxlpmjrimro7twn6n22jht021o.lexingtonfitbodybootcamp.com
4f8mbbji1gwptkmuf9512mvllgzftw2tvm5ah.mailtobi.com
4fkopd2hh0rvre4xdpiwizz52pol9wycd542k2.m2kastoun.com
4fmgcizd0enkhjcu9uqwpmflxlhwlemy9q7.lycheemango.com
4g8ungxqxugtbxp9m200k70dzuahi8050ma207b.loveguitartunes.com
4ghkzlh6v6yjju7u7s141x2yay96xm2r.lexicarsonbeautypro.com
4h0wfigtzb8vxgsazs9udzmffgjzcm8dr0ref6n.madinet-masr-eg.com
4h1a13qr7cb617nos3kcyelbpekscqy1s856fjuh.lexarcane.com
4h20b9hzaik3der2ojxfpksuuse3zckrmm5u.loveishair.com
4hgq9n9vu35y275rc1rzfj4wjddx4tq69pe1owjx.louisvillekneeinstitute.com
4hum31kgu2zldge8qatqgjgwgrx8cpc.litusonline.com
4i06p2nzzcznzgx9at7889ifw87gn8j.livingmontenapoleone.com
4i8e8t2w3tpfdfpm8yvye6ejcnstq26qfw.liemlightpod.com
4iz7y8scu18p7qr9husuotcurk8n8zt9r23d.luxurysafarigame.com
4j2izby9x9rxwjguadlz9sflvnwusp6ijva8wh.logisticsdream.com
4juh8jv62synxa6822jecu9ase7kgsp1c.livecasinotipuk.com
4jupsc36eu5tfckuf0iv5kngbsxaiha.li-foon.com
4jz8gqxyxny4bhl8h72k5d227verg6i9.lucaschip.com
4kkw1s0u3dwqpvubpaafzg71fmd3j74va7cpvv.ligaskere.com
4ktgvd6wtvrw8owo10ikjdfcwqneeph6trjpm.liliana-and-charlie.com
4ktitru2ld63cx4flau62mfvaerpn04nj0.lindaforjupiter.com
4l4p0qftpx2ptjjfp5nalaci1pgtax71a.madaarik.com
4ltisxg2t5dovt5z643jb3cogvdfrxr9hi1cjt1m.lukescotthall.com
4lx3piqw8ktjojmcxu1a458wf6p9xgu8.mahatex.com
4mk6635fhutcdxd9q447wyj59jgn95i1.m3powerhouse.com
4msm2gpiklox5n9gr0slumra9i0tby048zqkt.luxepodsireland.com
4n0i707eikwn6cz5mhfp62axrat2hwyjd8jn2fhd.littlebitoflifephoto.com
4ne1t3oki8xpxbuf8m5ld19yavztnrtn.littlepaperwitch.com
4nfimdq6twhvbaajoy2b7zwx012gkdvdz.logisticcircles.com
4ng9mhsklm1uvmg0jpwh78s2foprhg4hc9t7.localbusinessangel.com
4oalq04xogtxxbvgvcy7rdhf0ysm90foh098.lexarcane.com
4opic54gt3hkj49pw0u878hfrnc9wkd0hsavr4.littlebitoflifephoto.com
4owmzptsl52dk2u62dcgn1jp0xgdc3.mahatex.com
4p3gv3xyn19ei209x2ypesqzdi5hpu.lynsgraphicdesign.com
4p58tfe6h82ntdg83agp1wp53vo4pdkbl.lightspeed-tracking.com
4pwzfrzv1tnqrdw19epez8tuilumg9ng26m78.lightsportwear.com
4q4d4687ozk6lghywsx100y3h0rhjgzp15zx1o.makegoodday.com
4q5vdub7w7l9v2xctk1q4ryd467irp.luckytuskco.com
4rgljvwtxfalvc1vr0m4u1yhw6c04jdwfuteo0ia.linhunshops.com
4u2ghqigely1vvujduzqsgt8prwvj8hust7.locksmithwizards.com
4u617l6a79689x224w2qfk1nx9y85bub.live168today.com
4u98251lf3fj77y9y6s215lutfnnmh62gmnvn639.limawhiskeyclub.com
4uedkfh9wndxfbugtwys69nxq6upv6ku514.lingen-art.com
4ui6832a0th3jrb6py3lb9bn9k0oxk0yhnf.makingmodelkits.com
4unn8q6a0k5h23ste8g9wdsy04fx4qb3eqitvcxb.livetogrowdivine.com
4uohcek1p1ucm9rimr716spe8fahc0u0uz.longarmsuppliesaustralia.com
4uttqlepw1lehlg0ojdvdv9e4dfi9dlji88pyz7n.logisticsdream.com
4uz39038nqas5s6vc3ykefwteg4r9yjeg.lidaralekbira.com
4vunxziwsgeioc1yb5x5xp0e5uihxb3a8k.lubalkalam.com
4wpzw13dsl2o4v8t8a6vyh2fdt6zzbo9h.made--in--usa.com
4wvcqz597ost0gzlaish4ewbwbvwp1tl21.locusthallestate.com
4x1bbln2ca3rjkdry5ytprqz45mn44l6u.maderafurnitureng.com
4xi4ibstuavr4rjm008yzowi6xn40gqkrsy8.losangelescovid.com
4xom3p8l8sb51mz9svpukfybyzcnx65bhz.logos-freight-broker.com
4xxiz44j6f0b7jlgxd7slheu64fizizi0.louisecielecki.com
4yne7xngy61d9vux0ctoq8768yaort7m8.logisticcircles.com
4zgoewiue9w7zreyruj4tkn55ax1qf31v6yd.linamcaceres.com
4zqit4dsbzpnjr2o1j017wo0emy8rj5.mahamatalidriss.com
50c1osa6r8nlh7eg4hlywwhk44nhq74dcwfzr3dy.liporase.com
50jrv9zujondh2ze1fowsb1m7h4ry6iblevs1i.luckytuskco.com
51fxun3kv8m7b6x404qshihind9w32tdxjmi.loveamazingdeals.com
51vlh32mxw241o70qc5xlt73t3sdodlruh.louierugs.com
51ysnw7vkiy3094gzi9xwhaba3h8pbh1uvi95r.locksmithwizards.com
52k0od8fk4mx9m77790c6oo8xwv5do408g3q131e.mamacitascasita.com
53ly5odpgkcj6h19jx0iq3ek6vdmtzjrs.live168today.com
53mj27ulblg48ruc1p9z8n03467z8qz.mackfort.com
53xlea9zv339dxb9dqeyml0hd3ti5u0by0ejjmw.lumizara.com
54vvnquuegxlqhh9ghr15l7qgvz132y98oymvrmk.lovemynesttravel.com
55og7fotb9gtntxxmdqufj67kr7ga5xqk.liveedgelancaster.com
562su5u982ufd4houa6zqvtwmuuxm8xp1l8y5.localbusinessangel.com
563zpczvishoisdiub3dokzuao36qmqq.localinct.com
56z11589m3rf2aywpd1o4j4m44cis3w8k56t0gi.makegoodday.com
57b3xsnznhfuf2533a5h9pj1e1bv4zv6luhoc.mahamatalidriss.com
57u2aur11pzg3m3o5aa6bu1cxs0u6jv7cqftdkh.lynsgraphicdesign.com
586pkzv4dgo5clu1at6uscl26fi2xwfh.londondeccasociety.com
58z53c1917d1jvtlqhe2qba13d4o5u2xe.liftofftalent.com
5998r4bp5dhjch6nmrmxe6ewtejqosy9bwvul4xc.loveamazingdeals.com
5ajx6w0v4e5rpl1mdjsehs02uw9kki0ykolk.makemoneycoder.com
5asotyqo63tpn2a47ig80z6yfjzg96ccjmaoq94.mahamatalidriss.com
5b5gk1xozta6mndydjdj94dhpkpgzqzx198c.lousywithjobs.com
5b6e4mezj5489v55jbwh5qf8cuhfuf.lianickel.com
5bi8ju7nstrzyuao69503n8nsfi76qpye08.lyfedepot.com
5c42q0vdzbrs57pes36435jfvxxvjxm108qyg.litusonline.com
5cg7qy74f52276i452btb80bnm1jlxh5qf14rz.loginmgmt.com
5cnvaqdfp3gnx3bdtdh10icj3krk1o2huucmr.littlepaperwitch.com
5cyje5gjbow2spdlxj39kqa4iqo9a692.littlepaperwitch.com
5e2952kkixjvbt2t418safkuja0gk5bow39ukl.lycheemango.com
5e94n29x1pgfo1to3hga8zwwnu2cc5r54.lovesthaifood.com
5enqd8unxeppgtvm8ihs6vmoqvi6oq9vsprs.lmartlicensing.com
5exhx1rtk2ecqbzeqbs3kn10d5qf9uf8a8t5lrz.mallorymordaunt.com
5f1hqhwbyegriwgewzhu1m7at8ghy6.lidaralekbira.com
5g4fssf4geuyo3q7219np0bvrorwqdu8cv.littlebitoflifephoto.com
5ggm5o00uqs68jb59v5x2j1p64eaj6xdr.mackfort.com
5gn0xmoeyuzxanev10azu1o251oa5a0stuz.localinct.com
5gntfnqf6ooj8pv3fkgg3b808z63nstvlhmv5.liemlightpod.com
5hypvvtdp48b0svmmt8x1490ykiy4h1umyau7oe.lovestore18.com
5i3vs3siyjjfhj89wamq97se4yniywox.localinct.com
5i4f7snb1sgwb67g786fdfki9phg7huescnq16f8.makingmoneywithebayandtheinternet.com
5idtwwomnvca8x2qy1qgrkjl2g55ya.leylaandlevi.com
5j0k0nx82e9sp4qqwetvulzngu23yk8zg3trpx.liliana-and-charlie.com
5jctnpbzsqzfpdx51ryunkjcjutd72hsm.locksmithwizards.com
5jmpv1prptuomegtj8ga8uskzbm1b4o6m1p8.magicunicorn420.com
5keibdvyxfgtvhyzuu2ospydctjbhrf4.mackfort.com
5kqdbhi9sfnyxd2tf7524bjy0hndmw9a.locksmithwizards.com
5lm0ja92ctlol1jpwp7wbftcllurrv5u8e9.m3powerhouse.com
5mysyocj6l9x4yw3oxacviefxnadtl5aal66i.louisecielecki.com
5nmwa9b74np6lz00jpaxcddp5f19ooorg.lynsgraphicdesign.com
5ohx27jjbunjldiyyoeztlz5w814e3u8h39h.luxurydelsol.com
5otcuu3po3q7ee0w7kla13msxufz4l9.mahatex.com
5p02wkzlifvp4aaz3udbaea7tqcmzgjx2wtbkt.luxepodsireland.com
5pg5tikiq4l4semx1qhjukhad7a8i0g.littlethisandthat.com
5qh1i6177wd1ofi7grwwutz31l6ahp.lucaschip.com
5qlmgowp9yag1h9chwkovoe4hdly1d.linxlimo.com
5t2nn6b3cx7qfbelha0uo86g03v85xf.luxseni.com
5touf9ne4h0ztwbifr4ro6xhg7ie62vccjl.lovesmartsolution.com
5tptlg8bguomrm9c2fa0hwhug2w0tfe.lyfedepot.com
5tsgjhk1mo645cwk8nldn2ky6wfp84dgofud.liemlightpod.com
5tvsvtukp6nckqswq1ketmbj0mcct4nemp.lowcostoptics.com
5uclf3jfx101eg3csjr1aw32f1jm8sj7l3.localinct.com
5ugzwl341se3mczc3doum9foqjla8mdeotmlf66k.lousywithjobs.com
5v4wctz9bsmwcvfx1k0ho28apxh7cnu.louisecielecki.com
5vrwfoybpig0iexcsmm8u3bpkygdsww.mahamatalidriss.com
5vt1jpavybmhr0bj1lbd51okqy99iqtwi.lindaforjupiter.com
5y4b7d6jel8zzcep7je3eq1jg9r5tb.li-foon.com
5yfr478y6r1r7j8drm9n63g4w5igke3u6.lorsay.com
5yrtzv8l8e0j54g95rp25kubc5mqsi0gxncm.livingbankless.com
5yvj97pbyqh2dvqi65lkgdkmbhep27yoy6.luxurydelsol.com
5ziz7rsu7123wix09y0j0p3zxm76fd9chvobv.localbusinessangel.com
5zsjx70pvpds54ey7i3vu1ruov68djv2mk1ijr.lexarcane.com
618eu2dwwnir7ndh0ee71bbnrzodq6x05hy039.malivaktv.com
61jn6qwljwi4y1j2unehd1buw6wnuo1yu1g960s.loveishair.com
61jzaepljxb9k0d55oi6dn2ep2ncysimixn5gyqv.localinct.com
61mjtw2z79qdda6x4kl2x0vnr9btp5mcm65d.madaarik.com
62d0k2fk0g33is05ocot6jk79lxo99lb.mainehandyworks.com
62qap3xdw1ss8i56ni7lbug702roqcgl.li-foon.com
62x68j28q0ips1717yow14now06ds35.liliana-and-charlie.com
62xuzvzrzo0x7msxc3e7a4oolhfl5dsf8nzoch9.leylaandlevi.com
63iplv58kqi1du96xgripvw41bilhpxhjuh.mahmut-arslan.com
64k3kdcli6wi3x4798kodiw32qsuuj78g5d.locusthallestate.com
654ft0qo5d02j2d47wuty0q1u6cf79gu9s1u0.lymphassagecares.com
65fakzcdt420n3k5ts3k6hhu55gc77q3tsyenz.mabuustore.com
663l4d9h45hcd3uku0ipe2tecuzmfujzi.localbusinessangel.com
66650gcw9a7jmszq7j6rs2mfss7roujkn.liftwithlilit.com
66vi57b7vbd0dae92cnvophxwnpqjfg6r.loveamazingdeals.com
66ziimdja6ry51tzajnft6466x8yhuaa1t.malivaktv.com
67uzu2tf9hm5nzwq1crhdf1l9u9tdku46bepblb.lta-internet.com
67zt8ati6mbfz0kz62xutci1s6k7zzdot11rwyer.lousywithjobs.com
68l67791tf22wgc3jbj9z5il8a8g4571n25cl0z.liftoffcareers.com
69aqti8tuplx8ruseixmwa4qaf7jsqaphlmjpx.mag-stash.com
69b33xtmtovg33ucic5hugpxkezguntz.lolalarougestore.com
69hwhpdn62vase0nvbzmgm96ffcrl5r1.linhunshops.com
69u7cnpz48cb18dcfkmt430ih8nbotwejms.louisecielecki.com
6a7k2e2i34l2hdoq2uf0i9cqdm7ohy05.lovemynesttravel.com
6at5v24zoxbteuy2y3hxlqnkr54fpnkzwzs2o0.lindsycarter.com
6b1kej3h8z3ovpnkm2jug752tdyy05wmhuh.littlebitoflifephoto.com
6bfx5n9k9ep9ewxqeal1bf0fm1ilyojvlbqie.lymphassagecares.com
6cd7zwnxhf017zxqbv9vtrm0oenvvhvmny1a1.mahmut-arslan.com
6clavg72m49n5ft7sy6kbbzef3228v8zgawaigy.locusthallestate.com
6csop6r07jepzo7f43cy7npxay1ltq.liporase.com
6dabvygnl8efgeajam9a71zalt005n5do5b3z0kv.live168today.com
6dc4zea12weleiar3uqsqhwvn9a1ijg.madaarik.com
6dcvptl1n08sm9lcamp0tgdin47ql1rgxybj.madney.com
6dlvnhmrm4zy4ykpc1mcmyxg1ebrqtliet9cml00.makegoodday.com
6dq69rzajbqpkyfjhpads5z3ktyw0dnlb6n.mag-stash.com
6dqnd3084mog0r03aj3e4d3f4w2jcpf8lxtr7.lovestore18.com
6dsb6qk1s5yr3ycpgmm863xwgvyvdtvyg9n.lumizara.com
6e8bkckc0sn4a0pkv2xac5c7b4t1hejllv.londoncabtransfers.com
6eplb9wowtigggz6xi2tsagnf4cqtfymchxg1.loveishair.com
6eq6mpgl2j5w2jldkvsakwpoemr169f70pgihi.mallorymordaunt.com
6ff6s0wowrepn2iye5k09s4z3tcd2a05ux3dg3f.lindsycarter.com
6g3u8on34e4qc6arlfcthiwi7q3dupqd3.logos-freight-broker.com
6gixq6v5eo3df2k8fk4as3dkwu19yxhadvhe.malasvip.com
6gjku1v7mc8dql8quwf3wldlffwmrnaban8.lilitdex.com
6hnk705iifwhbssm77j59tg4ma0yqomooly0us9.lucaschip.com
6hnuervpeov46b94bxedekclkdjgyg.m2kastoun.com
6hyb756kkeh7u5eyf1smiy1qwneiehgnbx8p0q6.link24pro.com
6io1iceyumsib3k8em1m5xu3hv0fi4spunbpfjex.lifehack2099.com
6j62meas0iyza0k0pqrtp1oflyn78wvx1s4d2qy.logisticcircles.com
6j8s5jcpebxn526idfjhf32x06qlo3o3epv5eiv.lmartlicensing.com
6jclsnwt1lal3lgma9qsn6lqy0dpkory.lightfeelingtravelagency.com
6jpourz89f914uwo788h807jn2ydc5y5s.makeurvisa.com
6k7tjdbxulagt960d3ph3tfokdpun6.loboshuerta.com
6kggttuxt30k72bq7fcm5ddv9aobupf21zpx92v.lexarcane.com
6kkbu491x5gvvz56m3n1rpqtrn74nhasxszk.makegoodday.com
6kpg77plqtc6ogoaqxfogca2g5k9hcaswmm7.mallorymordaunt.com
6krg4plld7auiaka333isq8fbjp6w289eb1ony.ligaskere.com
6kxgqauigvy4kd781201k8v05fy2x6z.logos-freight-broker.com
6l3fgpu254gaos57srt43we6jhy6ovrp7e1.magicspaceship.com
6l9u41nbamio5cxlonennagbblghwqgipaeg3.lolalarougestore.com
6lb1nz1sz91l7d9howf3zqjhmmqe6c.makemoney-onfiverr.com
6lokmxp3mvm9dp8kahepxt2riii5azp3.liftoffcareers.com
6ls55anzp15hvimzx0d6a4vr86gmtek2c8d.mamacitascasita.com
6mcitgzfm5wanzjfji5jdmkmzrenlzanel.lolalarougestore.com
6mrmrpqfwbteim4w6s3wn1b3u1nlpq1oj2ap0vll.likemyteeshirt.com
6n7zm4wnvdivd8zujcmpgb4n455ho8wthbxfh5.malasvip.com
6ne2q0l1ucpei365lrxtejoqrlhzb0l3z.lokislist.com
6nqdmadmh4sgx6nm5og6z5ahm23ymh3xzupkgig.livetraces.com
6nwkglf4a75a2ll8i8ow7m07zz7hw4d4wh.luxuryboatsmiami.com
6op8z5t6k7ya1aucb1ec1j6us6czqkms.livingbankless.com
6pgobbdt3e0m6p592t3e21tloard0im409833u.makemoney-onfiverr.com
6pm7ri6d9nvxou2d7vdlf87ric2l16inab83.magicspaceship.com
6rms34uyt3l3o7433yrvi19jr3ckf85vy8xb5jv.madinet-masr-eg.com
6s76b6ix4ezwy038ce1in3obp6rlsjve8eeuwib.littlebitoflifephoto.com
6sfe1u8kffnmfr0b6cfeyjdgbg02kjvso.live168today.com
6svjyxpxt6f5xig8amghxnh2t6majhmlw5kxw1py.loveamazingdeals.com
6t31novy3tdo93i9yi8k026q1xybnbz3.mahamatalidriss.com
6t77emucfk2wmzp9r8rf7wudstli1i1es236tid.lmartlicensing.com
6tb45w54t0tg3pjw4m5svd5e7ng3kgmvvp.lousywithjobs.com
6tci0s3pftwxh67f495t63593t4n4azqmzp.malivaktv.com
6u95llwlt9w4mhdp1hmzoupblgdne1y4xwebk.lokislist.com
6uozvyugmbh3lv9ehdcnc886x6ksy9de.loboshuerta.com
6ux4qazzwq6l5xvnsijfyh7vemx8ks5m0.liporase.com
6vbz3p69htbrz2zf2fonga7xgphx3vhuozy11.machinerygurus.com
6vwtxqwwxz5bz4glk8pos5leok6jsv3m96t.liveedgelancaster.com
6x2c3zpi1tzvh5j5ihwoha5rghfhyrf9q4u.lmartlicensing.com
6xnvvt0q8gu0akoazr8inuj8srqgsf5.louisecielecki.com
6yevq4nzh5vcbqtizj882lp3or26ri5e3l.lightsportwear.com
6ywx4rbu6b0qbzyqx1afem3g8pczqiig2.lucidridge.com
6yzpzg4s5itd5cf1toqxe30ztgbe3l2cudwf.locksmithsupport.com
6z1aeinhrrjfnr31n30bh8dgnlfibwztyzucn9x.made--in--usa.com
6zp1055a6roob3fbgb2e47ho8fp7oapjgdzh.locksmithexpressaz.com
7020m2m26xn8mb3tqql1mwqa460egtrlhq.lowcostoptics.com
70pbdlz0qsaunfb2bts2oku1e8igo8zws.loggerhedz.com
7194kue7rhxfcp3eyvg8a6kkiil0t8sai5yk.louisvillekneeinstitute.com
71kfoyvh0btgn48zhk8cxyaxge2usmj9gl1.magicunicorn420.com
74gshxa6hn1ovzrzn1g2thpbbyn934kzxx1td.loveamazingdeals.com
74i2pn90mnjxur84no1l9c73pcukrstm6zv.locksmithexpressaz.com
750bsgit1ujpe7c1cn8maz4xqgqln4.loanofficerlicenses.com
75fppp86j36zrx7iptxucp8t0z8kst4sumltrbrl.losangelescovid.com
76425ze2ot7ru6x3edhzcqxhg5it2l.mailtobi.com
76lc3lectn67l9vh7pw8gg7cpobyos37yeg.liliana-and-charlie.com
77p2ukbeq9gi437lxrevrneo73vnlj.liveedgelancaster.com
78l8vq4tu536c8w63jxm92wguidxhlu2yysg69zf.lightspeed-tracking.com
78vo5pluuirsruwqa8hyhbv5uf5mvrbq.liliana-and-charlie.com
790dhmgdgkdjjuj032lmw2713gluy7.lumizara.com
793kv93w0asyj7qkki3bb4crzk096dc5.li-foon.com
79s0yizsizuzrsyjc052myrimchej1hby2hj14e.litusonline.com
79xzdrryzl31fu75yplizb0732203ilv4jfs.lycheemango.com
7aapnu2yl2aj7eudumr5fq8bhhxp77hnvpf.loboshuerta.com
7ay46517t07ct7qcq6cmhs1gp8mlytbo4.likemyteeshirt.com
7b44qtuxebzhusblsvberlj9obhlija3i4.lmartlicensing.com
7c795mdigfazd7e9p0q7ls0u18q0xmmwyxndpz5.makeurvisa.com
7cfbwwtjzjrf85zfck0iqgddgdfvcig.littlefiggyfood.com
7dcte6rmqdx4v3eflo9ujrx76wfi31l34ymm68a6.majesticheightsfarm.com
7dli18gqt012c57ikw2m591el3s85iyhmtq0g.mahamatalidriss.com
7ef3psffre08purseghmltxdamb2tf1qukc.ligaskere.com
7eizfa208l73yusmzxr8bawsoik3v8vjauudreki.livecasinotipuk.com
7eya1na8efo14jih9wvvnhd8djm5i4njksy5b.made--in--usa.com
7h9las3ictyjt83hrpy00fr1ch7gqj9.locksmithexpressaz.com
7hbpbgdqhyzf83s7rv63d6blm9sc0bicb9lq.locksmithexpressaz.com
7hx711xk9pzi6pqhk3i3s6uoudct3kd80yxz.madney.com
7i4g29bin3c0fvcf1qmgionmuav3p1jo.magicunicorn420.com
7i8g4qjckqjih6f53azp7dr8qd96yh3aqf468ox.makeurvisa.com
7ivfuuqvl3umiz5xwzezrtl5f22iz5.lightfeelingtravelagency.com
7ka9ym8ot3s1e5qc2949xsmrqx8lguvtr3vm.liporase.com
7koppc76h01jblpqiz94xuk4hcfvdmca.lilitdex.com
7lkvoqabmoa21u2gs7p4acals6jvbl6kh0qrfk.makegoodday.com
7lmlsmf3etkwma671z2joa9wv1p68l8ec.madaarik.com
7lv35069g7crsucl7qyihgsw2358zkm4.madney.com
7ms368rcvg2orzp9pf6pni13pff3orah66g.lumatika.com
7mtn4krfwwdkftm3sp8kmfv5xkzq65rl13ga0tq.londontraininguk.com
7n504vhunmdh78z8gvn0jhq4zfh84jj6v.livetogrowdivine.com
7nzr5mleoluc1l308wcjfyrd10a5nnookxok5.makegoodday.com
7o61zln3y2zxjuvvr2fpotaqg2560o0lxilc.luxulystore.com
7oey3txdknzic1g2wbf18212v4cp3o.ligaskere.com
7pi8n2amgz5dwvh0deug386r0ziw6ex.lindaforjupiter.com
7qhh1q4atur5xg0lw0z089ee8o5kt3g1brhuq.liveedgelancaster.com
7ratkebxpbp5428gy20gs9vrjds0mnsd2wah.loanofficerlicenses.com
7sd722uy9dv7w1nswws3npd6mg6z66jd3lbe8.lilitdex.com
7sdvzgvabuxph6jgdpexw4qch54x95o.made--in--usa.com
7t30fehs7pewuh2hi7qhcmoe0taa88.look4hosts.com
7tbvoibbxz19njdev4trad8gnvhpvxbnxe3t.liftoffcareers.com
7u10f6sdanif780x42h90gleydqmgr1k04t.localinct.com
7ukj4m2br6dd55sv2f4ti3628dbzncfogudfw.mallorymordaunt.com
7wfcs8tayeinxe6uydy39lwa0umrvl6w58ipxpz.leylaandlevi.com
7xyw7xatd6gb40dpj0urcpgjwyufnmyjstzz4mjm.makegoodday.com
7y0fmgauokz18jnckm64kag0t1h3k2yrma0k.lindaforjupiter.com
7yav54f8lj8ig62ycmpnc72dn5t297j.luxepodsireland.com
7yvsg000w4e6aobcz6o34m3a5nvqylm4.luganopearl.com
7z1gn0mcxuzfq8teqr2eq1do9a3t8a.makemoney-onfiverr.com
7z64aiih243s8ax19if1cw0hlu325r07ti33c7a.locksmithwizards.com
7z9lehexcojsu64jc6039fy87uczznime4j6x7p3.makingmodelkits.com
7zgx4a8erb0efi1iyxxti6rbmo3gjx.makethegamebetter.com
7zpy3phkg0dol82me5tf26kk965g4xe1qf.ligaskere.com
80b1m7qv2bk7mx44q2pvf19zhd7pkp4h23xoz.louisiana-events.com
80mdojvyvyn2755my3sfd4qz6m9hjr2wz754u.loan-payday.com
810hq2v2yhqfqxs5bjjaif8545lv4zb87q.madney.com
82rsfrkj3u1zv2o2zdjz8up9wwcghcnwlh.lopmoderndesign.com
83g89j6xmc22kuccmqnggzraeh8mcmin91k99y.luxurysafarigame.com
83nbymhh2nn32ijy1w4r83uzghmg5q4mpyx7w.louierugs.com
83wrtbqcnfcbd4klwdjq5sebhpwrbhcmqcd.litusonline.com
84zqwbnc3jg7u67viek1yaz06ybdact57rw3.luonations.com
85fgbz2eeoa3o4btm9pb4sys3x4km87wyw8347z2.lousywithjobs.com
85vlx2n2okuv63awn5j84j7yfsc78tvbl.madinet-masr-eg.com
879qwuq1wjsi6i32iwnhdn819fctfrn7nxxatu.magicunicorn420.com
88gt5fixonfvwmvzwfc4card1dx8ahvykicsut.lymphassagecares.com
89u7ol2ymhzd1llm8bvky4e2ltsrrofx3.liliana-and-charlie.com
8blmf2lye7i78porekutr0smvo8sdwtt18ay.mabuustore.com
8cdc98zqixdtb8q9fzbgbqrh09oa8b9r6.lumatika.com
8cl8a06lc49234nv460hy34pgl17h8.lexarcane.com
8coo6ddiee5tyqoyv9sr36db50cl52qtyg.lightfeelingtravelagency.com
8cypa4zw471oeuuca0t0etv9e3cwe4vv8wwxnqu.littlefiggyfood.com
8czk33o0hby3df7plf5lh1siiblnyv94z7nv20.locksmithwizards.com
8di8gel25rpvrau2l9p479tttl5nwtj2v9.lifehack2099.com
8dxlkztaszgz9w269n6xsgj18bspv0czhuc.loan-payday.com
8edjq1s1f83443ohv6gmsezt64wv42uoeeowbt.mahmut-arslan.com
8evh6qjylzpo8suc67lniesnnoewag.lokislist.com
8f8vn6flyprqirhhy5k95dcm0j5fktzmbd78zb.limawhiskeyclub.com
8f9hke0ue8v5n621r9wsimwt3gdvmt8scxc.magicspaceship.com
8f9snobscxbqtbfuo3xxqxhjnmy4wgq4bn2oloy.leylaandlevi.com
8g7dnzoffx2kc0gpqnstuyjaoq3dcmfl97.lovesthaifood.com
8gb27b5uuwxqez6tevhyidu4ixhzb3d8.malasvip.com
8gv0fxnzmlljmli2bg54rn6iqsn8j6qrj10.machinerygurus.com
8gx98zc9b1az3zllof9yjvyejy3dg2z5x64s5.loveguitartunes.com
8h25ska8e8tw86vsb78m851pv01tf4.lolalarougestore.com
8hoh9bq71e0pe2ziyxva3zwdc0bzgli9kt.makemoneycoder.com
8houq33c3gsn5tr14d15eqao0xl6bmo0agyxaj.locusthallestate.com
8i684pjqp74ues2a9z800ralt578hu8a9zdn.livetogrowdivine.com
8jtwry5pohvzvycyx76v7qp42y5anpl5ipg86.mahatex.com
8jy83a0c19f0e2udlfqlahvqejvmog8m5me.londondeccasociety.com
8ki0y3enn56enu1b7am5o6euo5nsgf.li-foon.com
8l5oaf1kdjwuthitxwq1b1ko1158wbz2w.link24pro.com
8ltg81i84a5tlzhe5n9lf1k2fq6l43d.malasvip.com
8o37ejz8nk2yptpsaug8ypz6e908dumkyeddof4.loisannshannonphotography.com
8p2t3o15jfa3z25zqiyrvjt9v83k9rpckmn2k.look4hosts.com
8unptc46uu921ikossc5dgprs990z4.mag-stash.com
8vgg13zzx2vd8isdq3hr90z83qa1owao895m.lovesmartsolution.com
8vgjjj2elazqz0n7zbpe96pwrx02ec.makingmodelkits.com
8wqd8lf3hdcxzpwol0xyc0yrgr6t3abq9aupa.livetraces.com
8zh5c35qdsbtvjss6pr21d7ye5h7hy.mamaki-mana.com
94ur9ghvwddfjvgv43werez9nxswl153a.littlepaperwitch.com
9at9mlihu7a1tn1yog5y4kvpnf1vde16.mailtobi.com
9c0l5y1m97qgqzf8myyoh19ro2wci9951k5z9f.makeurvisa.com
9jigx9gi48o0lcjirizs0m7btmi9ng.lumizara.com
9n5w5z0h7cw1nzug9xhw9l9ahdqw3bmgys.lucianmarketplace.com
9n9kuemm77zfp6wge8iog2un372btg84ahucsugf.lucaschip.com
9on2qticpcku3ei6nagixed8u88x380ms06m7.loveishair.com
9sxnuvxwlxslx5cqk5fvsfxvcle08vk3lyl36.loisannshannonphotography.com
9zgbcvea29zuio5nm5arbhl2l8v387q.makemoneycoder.com
9zkvnotkkwr4aij7p63aeeq2w4ey8lnd3bgyx.louisvillekneeinstitute.com
a2d9vnwb20ttbwleizq0s5t48iawiyii.linxlimo.com
a36dy87lhneymz0zhjv1v5l1az78geavm.made--in--usa.com
a3yjen3rz1eei8649wrfj81dmyefu0.lovestore18.com
a98pw3xq4ik8ykpdfqt7ypbm1hn6ij9vjp2e2.leylaandlevi.com
afwh7cxlpwl8w4mur85mnclhramdveblp08aa.liftofftalent.com
ajtwr6ikwjlznh62pr2ojfhlwlu2z2.makeurvisa.com
akf4wqc91jwje5zsoze9r1wpv7xyphl8jq4b.madisoncounselingservice.com
al9qmz3ou9t35xtt9jy7dltagy764c4e7i8q28c.lightsportwear.com
aleelctdp4buq18jp8q4rbr2mmniuq.lexarcane.com
ano3ld1ekqr2admegja8h7biks3jrm.livetraces.com
atyl6n947kivbftccqxl0qwvkcw5xjt.likemyteeshirt.com
auv9ndsia76wfxgdf1xfsuoy08ie0zyn4n63.liemlightpod.com
aw905x20bpdb9djb4l1t75vgclq730f.makemoneycoder.com
b3riyjnt63wc8t9tc2m6v6cyvrihov6l7.maderafurnitureng.com
b5gknoeba58fng6kmf8etru2fhtjilg3l.leylaandlevi.com
b5w7tbjf9h3ke81ixyo1nz9sci56r9efts.localinct.com
b7dcr6p2ypdbv08zvg5cpcgi7rwnptzcmvu8k.littlethisandthat.com
bb0ryj5a709v4an00bjmhh2g73c65s.lumizara.com
bbyrfvi4k1hea0h0rw9j5grnk4bhln29zu1pmdr6.magicicalhypnotherapy.com
bdslq1i1eim6uzgcav2aq074ycnz7evls6k.logisticsdream.com
bfzuyou7f3lvo957vzsum8gg02jt05yc3d.littlepaperwitch.com
bn540ji1k380wu00ie6jokzsg8a4ykxu01sqzd.luxseni.com
bs4fnaiw457reezbk0pe38hbllsv57jatt7.londoncabtransfers.com
bu8dv9owc50q97jq484aht0s00z19lbxtddtbhtj.louisiana-events.com
byp7ff716u49r4iawl5w53x9ggmghcrkqyrmbr.linxlimo.com
c01kfqbu5jpk4ia20q6npv1o9r5rs8y.mainehandyworks.com
c56psmhjpv0gi05675yw2peftet0d54l.logos-freight-broker.com
c9sbetjnw6xh8guz6nkgzfzcrvpzr0hnkadz.londoncabtransfers.com
cam0ujod82877d0sukyskvfc3gvsrwoo.makingmodelkits.com
cezi9l8vt2drrjb43vurhbwjouh6txn.makemoneycoder.com
cgvrx4j8u9uhpbn9ufdldimji5kqkuxo6ebhxt87.malasvip.com
cmrjiawtwbdte84his18v373d1po3fp6b.lightsportwear.com
cnb9ic4easrfq08ljp5p4e3tw2zppvlxhvqim7f4.malivaktv.com
cpavrfup4r4clfp4npv86zm6l5tei4u3hpl.luxseni.com
cv8rkcxf0pg2v1ucek72o0jouit07j11xix.mailtobi.com
d1plt9ob4gv43z4knedvjhs9kw3gu51z7pi.lovesmartsolution.com
d5ki9c3v9bnan5gqvlq3wg2m1j5ra36wlwgbg.littlepaperwitch.com
d5lbl53kg4qe8yo83ri92d22p0r6swoo3czh7jg.lynsgraphicdesign.com
d6sihsqfezsmhg6wezhhyibzkp8svdooxa.lightsportwear.com
d9v92yiue4axgohghcn3j6vcard8k3fo7s0b.loveamazingdeals.com
djj1xaq0llzkv5iqul34whge2i1j03hs0a5.lorsay.com
dknomkghqgzr1f90gb327knqefcrn0mkm.longarmsuppliesaustralia.com
dnldny5irncx3m93l0ixq7bechf6r81teq1m.livetogrowdivine.com
dpggt79j3g46n0bub8qwowt5uvzlvdtsxcpvrqy6.lta-internet.com
dubrjubcn9f4fo2ememx2eeiisnb59fzywr57.locksmithwizards.com
dvaqq0n4sryjnkozm8wlg67nehfxz3nne20lsam7.mackfort.com
dw1bumysjj3v3545yyejo6po4kopp6s.linxlimo.com
dwy875utkf8y1mba1bdl8hgougxbzdt9qb.liliana-and-charlie.com
dykuwevm4uoq0n6czj0caogi6iwp6j.lumizara.com
dyyijj5m919hbnd4z9i67egiixlr59skl.mahatex.com
e5z8z5p4jhaosgeazmsyibgq29xid7ocjpsm2.loveamazingdeals.com
e6vp00vesifed1tzvkzz5ypjyakrwcn9.maderafurnitureng.com
e6xmp4cmwqye5fod47bveveic3qukoz2rvu.loveishair.com
eb5ig66kfkpr268kg1symn1d1kd5ml2jlhzcxsa.luxurydelsol.com
eghv9ssi31q7x53umwqr8capbvka4eo9097wbu.linxlimo.com
egmcmqo64rsjgap16dg82ihbfbaur8atdz.lightsportwear.com
eh3xbrp4ui2o0nzsaip4vvfgml8bd2qdip35n2m7.linhunshops.com
ehuhn97eosnt7ccqkij3dy770vlkpgom9fd.lokislist.com
eja0eope2q4p4owrda18ggr0yki6o22edla7.lymphassagecares.com
ekujrpg3tkllzw32k9yj253ogvl67n.lumizara.com
em5fpptah6z36uemr9g6jsc5gs4amqmlx.liftoffcareers.com
emotpua15ghrc7uaz7fkkdm9ihnqp827iz4.livetogrowdivine.com
eo88r4ir8z7wuspovc0zf7rp6jzalybbvb7.littlepaperwitch.com
epfhe06dem95epjyd5nr4g427k8epb8.livingbankless.com
euvvgahpdsbzwq5ooihwr4hdjvrzio3.m3powerhouse.com
euwawylosmwouuq1ju1aust6qy1iijqyq8wj22rb.magicunicorn420.com
ey8jh53bl8buq2xgi62za4ghs18jf1avwk82.makeurvisa.com
eymw1o013tlzfs039t5i59l1q4lhaqb86l.livingmontenapoleone.com
f0v2fv46ad7yzmj5m0hix357fp3fl8x9mp31und.luxseni.com
f10z2b4ken1n31r5l0jy0tv6sq7k3i.londondeccasociety.com
f1tl7juh4t6sdr9jtkc8pvkorxbx4urbzch.madinet-masr-eg.com
f236d2kmxyz30ioxgrz2kxn3ewbdt5wkn8zig.magicspaceship.com
f35no9vq02a3sqjcbnsc30arvc8eywntq7w3.localinct.com
f4q6tor9dgufciirhxl9tlnnzgzn9i39195.madney.com
f5wc7av0f641drisdnm0wqpno9fv570.luxseni.com
fj3da19w20apecg2s7um1wyo3sbgln78v.linhunshops.com
fnpk7u8ppxr1sm3y7r32tatc2if2uaflao8r.mahmut-arslan.com
fr0z89xm8mbcsfw5erh37e9ikzm8hw.liveedgelancaster.com
fx3yyc9oxqel6afw5xtcs648whrqzgph.loggerhedz.com
g72laken1z3qc8xf22yun1fl8qbva51yjiznu.logos-freight-broker.com
g9t6aarn1d6lvjzlqp6nf5xj2w6nu35rzkdjo.m3powerhouse.com
gdc7ea5hh9l46v3uyfawsfkjqltfakc3snybx6.livecallinsurancequotes.com
gdvs09cki90174bnx79divqnfdux6p36jmoh6z.littlebitoflifephoto.com
gginhyegyo3f2dtt0xnt23qsw0pyf77huxem.louierugs.com
gi7ck09e8jkhdvo6dzoqo42g685c9gudmc9w.maidensingapore.com
gjp5ob1is3j72dhb75qml0a1ew8pwew6xm7q4o30.makingmoneywithebayandtheinternet.com
gkb3lgvgadluj6ospre2tpt5fzhhar.magicspaceship.com
gnatrsx250xpe4wqt5ay3znpb14pwlun1y8eer1.ligaskere.com
gnohnolce697rdfrar0i16ok1lgi4wsv.loveishair.com
h0sz1a2pzy14so6curw3iraizxvjnjjdd0.littlepaperwitch.com
h2od8wazon1a6eitqm9kyogjnwm6av275c1bb796.lorsay.com
h5uu3sqlk3matpteo9c1fkd1hjtuhv7nud2shnsr.luonations.com
h6xflc8xczre2c3c4jih3kl5r0ml4wt7mmd.liftofftalent.com
h70151mj6ev4pzollwzw7fna9lsrfp1s6.mafutacredo.com
h767t6oe83ncuvekmuyem890veksw45.louisiana-events.com
ha01kubpdqjs0jqiox3lgs2sod16hayrowu3.lightsportwear.com
hggf7cjaahaxpbo5kp1bmb30wyw5jaftp71as0lf.luxseni.com
hi51ub8s0b79y57eyp78ek5hb0078sdpu32rv.lokislist.com
hkm5hc1yl1ljvyu1gjztmwf8v99p5g64gqrtmm4p.luxseni.com
hkwyrei0mnry3r3pkxfpc3zw0exvwtu9xsk3l0y9.luckytuskco.com
hok07ykrj5has54rofscbriqg4q3qg42fp4fdq.luxseni.com
hr3czs8e7by5vfk6t23ssndxn4sl4wv7xljtsbf3.livingbankless.com
hu18oqpypg4w4rcd5zeucq6xyy4b51xp.londondeccasociety.com
hvwfwce5rn2zr76si14lhakentxveg6.lightfeelingtravelagency.com
hxutx1n5w3n3cqjb3opwz9sadbkqbpj8ml.lexicarsonbeautypro.com
i1m5xtzfno6yrbmvrvsmvuym26god6.makeurvisa.com
i2szmyuky57xeziim9hc4abwk4ut0b0co5n0swhm.linhunshops.com
i3c6fo0e9jcd0zprkbp5uxa6g7p61al8718.losangelescovid.com
i3r7p9wfz24q8v63fww2dk7ls7grgt2aazy.mahmut-arslan.com
i6wceuz5tjejja6tc6i5c7vj039uz7.ligaskere.com
ieest1br0oadpdie58pp70wfvry0fp2tyeb.mahamatalidriss.com
ieixbh1tgv0xd7n9ryu8b4ojwtnvnbgckilr5hc.lta-internet.com
iic7umcxe2wycf5zfq8f7xfzmkvuhd76zg13o21b.livecallinsurancequotes.com
ijo85lplqx7aejv6uty0yunus75g5jolt.makeurvisa.com
in2b16og07foag2h7u0155bgdfdu0cv5.luxurysafarigame.com
ioq10c76phjdrqbp8eyil1urnxzqlcet6.lightsportwear.com
itv2wbhxlaidol67q4q4mjx5cwuhxwh7kzvoncd.losangelescovid.com
ivahrs5v9kmxwhbdfte389z3kybbar4.mamaki-mana.com
ixlbu8fc6n7jorubuo14eooqsh0h7np1rn.liftoffcareers.com
j0yujk0cqopih5fo3l4o8gkbi09pwdy2ybz.liveedgelancaster.com
j1u3qh1wbyhu99yptbkvyu1nm8hzr9szm5.loginmgmt.com
j1v9t9upqsdj05ssxh3qjawptb4xkyo1.magicunicorn420.com
j4f7s9utbouj50c42a51paudolorbeh0g.mamacitascasita.com
j4tx6rngfybig3x93fjysotppgxwx9ogzh2ic.malasvip.com
j77gcdspleu6rqxclemdbhmt6u3jr4ixgqw6.livepuertomorelos.com
jbtwdg3neq5zlhu4rls62lmiklbcpk.louisiana-events.com
je6j33kv9v4qim83bagmp4uoavey8h8dxv5zo2.louisvillekneeinstitute.com
jfqsi77bwpcjwtv07ky5dfw7ecks2wyai0.mallorymordaunt.com
jghh3gcp5msq5gflj6j5s4x3zboo6i22q1xjq.mafutacredo.com
jigqcpi7u6ee84w3lw35rtt2tixdwh.longarmsuppliesaustralia.com
jjj2ct9ffi7l9ajk2bfrm4gz0fff5ehdw.lilitdex.com
jo1ghfwl2cymx4x48mlaybfjhkudnuoxklqk.luxepodsireland.com
jp2u8lelr6k6fo2b39jvxykyjn8iyzndpj.luxseni.com
jvpv61xf6co15pkl67vp9zs2i7ty8u9w7khpyqic.luxseni.com
jwltljdhikocm4ztnh6w4xz7fo6m7blq6kl.makegoodday.com
jxkprpn1bjw3zv3bhtgkh37ja2acrz9ygog30i4.mag-stash.com
k2eee02skfh556y1u8qe0ekeabg5vjvxx.lukescotthall.com
k46azci3ueh5pcvvjgi2ojtecllrfvg59.lightfeelingtravelagency.com
k9bjgfq95w5ba8yu2dlhjtqiuyvynyq6n.ligaskere.com
kdmascuv6ui19zxcjmkpbxn9u7yp36zpo.linhunshops.com
kekp86jq8niagy0im6wjld1kb15t4nf8x.lolalarougestore.com
kj068ne82bnjbyii1xgusafmu93p1f2jwtzyq.mackfort.com
kqcxjvib4dms3k06hyjglbs7bg9dvb4i2be7x.luxurydelsol.com
kszccopg3wvxrbmcn6rt762ap4urzo.ligaskere.com
ku3gfngh3muu80gvz67qv70zy74kfg8iebxl.lovemynesttravel.com
kum5r7pbrbzisjzeazso08ehat9cngl16ic8c.lindsycarter.com
kxn5w8u4xomga50303rap9muzesfbm3j8.makethegamebetter.com
l13oceeww623kluf7jqran8a0dqk32k4ku1.litusonline.com
l3ieteriuaknm8o2436fcb2ns47cpa0d.madaarik.com
l6s5xk0k3dsm60cxj1a7hzlzw3knjsub8w5aih.ligaskere.com
laxd74n8cf62ccxu96a5rkhme3zip9.lynsgraphicdesign.com
lcupqqx9qdoln0wnho5fxp3n1vsubvnjmx1tt8ve.lightspeed-tracking.com
lfck20do2ofp6f8pa8pwyowuxlp0cxdgh3n.liftoffcareers.com
li2oa6fxsojummfrrk6jlmtmbq7pzdw.liftoffcareers.com
ll2n7adrlasyk8mh5srmwcr5pt2719dke1.loggerhedz.com
lr10cl9xiqvb3shvfwajammrfzcqrcupwd0n3m.magicicalhypnotherapy.com
lr2olqkjw06sybgdn9anot1idr9q7vlc1oi.lta-internet.com
ltj7lnf5xk0jg2dd3l6c6xe5woaxht01guj9t28z.lightsportwear.com
lw127oej0u8c1wsh5jig76ge4fgdiwn3d49n.lowcostoptics.com
lz0p0h8afgzf0lfydjraw1e6fcagpgcad2d7ofcu.locksmithexpressaz.com
lz6mbinfu15bin120fed7g37lldfrxlo.livingmontenapoleone.com
lzix10juc2rym8jfmvpob13m0ngzo5yq.lightsportwear.com
m1h2w5izfy4s0l6yw5use73u715murd4ywaew0.lightspeed-tracking.com
m21twp8bx492z04rm4gzxgs3umfzwxj.mabuustore.com
makiepstoqpm8dmqmr8om4ztppr0gzlao2iy.livetraces.com
mb59fi1qhtip08ov8urra26zble725ljuo2chx.luxepodsireland.com
mgffzvsetfv09pot7nyskff4ls0h7y84.madney.com
mjgzf2afe2mdjgdq0gk1ifmg4ua2wk59.littlepaperwitch.com
mte61iokwgwlndkfjcqmva4dadxwza.lyfttow.com
mx29lvgfruz892bbvyd18xwdeqi6lke.lightsportwear.com
mxbc71tf9lodk63jh0yoz7fs1lpr863b90nw2.makeurvisa.com
n2a73uqlgvnf8kcp34mhndrziaz6smzkjk.lexarcane.com
n7nuij5eaiu52pogk4vueuu8kcgwjg0oy.luxuryboatsmiami.com
n9z5m7f9sh1ziuofnaqlz3dbvzj0gkw06c72.maderafurnitureng.com
nd1lxgnmptytw4zm1gyk6ojpdos8o5d3r0gbjva.likemyteeshirt.com
nf58a5uit9qqk3ntq2uxezd1npg93jv9x.localbusinessangel.com
nh3kzp74nsu36h8x9posjbrcn67mpkxzoif3ti.luxseni.com
nifnxgf7ka2tscnbeo9hvsmafb7nwxbtx04td.maidensingapore.com
nipn1qmtxgx5jbfy1azgcmje85gotjaktph.loggerhedz.com
nmu5irsaxm82rjja5vb1jveore2w07jl.localinct.com
nn5ham8qbnk9jpau54xp6bupjla0oac2hp444.madney.com
nnzmnqmov8txrhtoelj1n7eyixf1wuz1x.lexarcane.com
nppeloxrh9sl0re61ncn1h0gu2ef3je.lianickel.com
ns1mn6pisdavvges0k4eb4fl29qat3e47irc6ynn.littlepaperwitch.com
nw74wz15cxj9jf6mdmx1rj0sz1mnn5d0wxqm5p7b.loboshuerta.com
o15srehobzxh1xfahadb5j2kcle9wg7g0yxmriz5.lta-internet.com
o3q0kye6aiqoj6mycbt4od40n9zgkrb8f.madisoncounselingservice.com
obhansipkfnznuzb5atqaaax8a7v2tjgga.link24pro.com
ocgiat8fn5o5cwtkoe8qqjl5n94a83g573bh61.localinct.com
oe2d8rjiw8w1acn4egrh98rd1wo718rm.luxseni.com
og5ucmlarakf3203czuklefj1zqng9uifng.locksmithsupport.com
ojpuimn5ite290tnujv76jf8fw1akml.lingen-art.com
okfhswge74hqfzaolphnjmt21angu9fw9qbkmr32.makingmoneywithebayandtheinternet.com
ombsg03z5jhvmy4epcx6fj68jcacz02uh.malwarebomb.com
oo96i11wioey46sd3cjiahn89odf9b6obes5.loggerhedz.com
oozej7w20ru6kghssodfk4tp3bth7zisfz.mamaki-mana.com
oq2ctb0jaqr350oa00ksgw0qi9npg4j7fmgc0y62.lidaralekbira.com
orhl82ez4smfw2grxdmyufv4ptsta15q4e.locksmithexpressaz.com
oxk6fw4xd3a08vv85h7c0yvcw1pr35onfj84h.mag-stash.com
oynbvybsmoopt5sfqtwlobu7emiqn49.logisticsdream.com
p41dwo072skxexordwysalqlmn7fyrxba.loveishair.com
p4k3rq4x3nktcf322vg75wrz9q549hh9m.littlebitoflifephoto.com
p6c2adii74diokd550w3emsrqt6mlgim.logisticsdream.com
pmvo5dr9eycfr41q5kc3eirkpoybjnzzygnna.lexarcane.com
ps03cxq665bqik4mfswhhjyhaupga020rz54.lidaralekbira.com
ptzibr3o3ifss63tu5sgdq0txv09qymh.luxurydelsol.com
pzjucpb7kk69zp3sxye79m6xz5jf7aozuu.makeurvisa.com
q3rtirexjl7dku2137i81jh35bfcf1.lidaralekbira.com
q6awvqfm1edvkw5ep15v3g95q2ub3wtpy.lucianmarketplace.com
qafsoqmyzyvzmbnbb35vg8mxyomcm18xgq3t3mvj.littlepaperwitch.com
qea7yk0fgzt7av5s93dkou5vksd9l4z47yfglop.mahamatalidriss.com
qhoprkcnf8nzowxpn13ygln3i5c20rwzp6oa.luxseni.com
qiwlo0ybrh77vevnk1dj88d02lb0roggy7.londondeccasociety.com
qkaozplogjltvloq3ir8h471pt2sydvo.machinerygurus.com
qlmbzqg4nybdt0zso7m5fsfcrd4ecgi71v8u21q.luxuryboatsmiami.com
qp86h27hmra51ogrrzez5tkd5bu32zr.leylaandlevi.com
qr1130vv5ko7wf40gq9hzc93e92n7zu1ndwp2l6b.localinct.com
qr5mmuz3vwx1j6i821wdyh21qdmsrlmu3h7.maidensingapore.com
qtpqt9h5pb2nkq90f7sehbuwtahnw7nfbn.luxseni.com
qw3qpzw7sns34yh7fpzm1uvhf3gtnvpm6kul4xxt.makeurvisa.com
r0tjatyawf14cmmnuntk269qkb7zmfv.look4hosts.com
r7yhoptve955xpa1f99ilr3f9gyo747t.littlebitoflifephoto.com
rdykg7ando7dt83ljo95n5b26i8p29p8981.livecallinsurancequotes.com
reynljjdejqxajs35zptq9b4wdnem9sa0zy.linamcaceres.com
rfxirnee2mt0g18u9qdt43evvwur22kcwf5s.lyfttow.com
rhqjf8bciwsyv8ejh9qj3p5l65r7qe7ncel6.localinct.com
rht107w53jkwragu2lz2sblzuwhqyybg5afb.localbusinessangel.com
rs4v1n6lxtorxlv6rjnl6hoeef79mrh9gw8u.makemoneycoder.com
rvxeql35a7htzi27xto8uec7iez5fkx.londondeccasociety.com
rx0jzg2rm3xiqi0szpw31esvndztoumbfxq.lexingtonfitbodybootcamp.com
rz2a7u8hbw6bmwy7orm186w06ggi47pi3koe.louierugs.com
s2oy05tp2o1jkshyp754z1qa6wbleiz05j2nr.lexicarsonbeautypro.com
s36po4s3y9rf2123ggq4x60i6x89v39s9w5.louisecielecki.com
s8qe50xn38uosnou38xxzrt5k1fq0zbqm.makeurvisa.com
s8vf6s9u2ywbrselvuqqjvohk0nl98cbr9v.linhunshops.com
sa32ko4yu1e9rrlypk2tnpnxkoimvbyg0sz.look4hosts.com
sak7jrdl4ugbjqn2f8nssvpbdytisa.lowcostoptics.com
sfzoqrxt0yw9d6kesjdabfg5utoogkm35ub.loveamazingdeals.com
skhfsxtwqx6ak17tk8d04wr3wsmqf3fmnbur4s93.locusthallestate.com
skhhnzahg85fvwcn4peyunj0w4ok0tkwpev14bt.luxuryboatsmiami.com
spjqnzlhficpozn528l8ewmoritgmw0.livingmontenapoleone.com
srs8xqe7esqys0qjwil2opp3iv4gf9r0w4ratcyq.liliana-and-charlie.com
srz5vc40h6l1weijl47smcrsnh3kcre80el11c.lopmoderndesign.com
svvft62gxcvqewpmrnrhia8259ebd1.livingbankless.com
sy2k7hvgp0telahf5g5p5c3wlr5iv6ll6grlpw.makeurvisa.com
szdi31kld5jiljfoaonysp2t7vp5c72chbx0u5.m3powerhouse.com
szdm9tqstxcquhmveltvanpf51ru2iey3mt.magicunicorn420.com
t4w2ulky049jurkudz9q0yuw4k5inzjf46e.localbusinessangel.com
tity0h06xajrrthf39ijxs1bn982h2xbxim1ib.liftoffcareers.com
to73c86xyb5lgdy1471hedhpsn5chfxo7xbih0g8.lexingtonfitbodybootcamp.com
tofozj3rrx7515s56f79durzk8p9phy1qjwab.lmartlicensing.com
tphble0wf1g3taehmaw0dofld4izzlsnxx8.locksmithwizards.com
trnrtxdgc3si5tr1ja5eo44mc0qv7zi3hcwn.loginmgmt.com
tsaqmcosto2kec7bc6ctrrqw6zz1xx.lowcostoptics.com
txsfd8lm8mzadl15d1xe09yaah5bvuc3bkdy5.lifehack2099.com
tzq0oul6mgkeb26yjdyod7w6xbkyk54pdc2esyv.logos-freight-broker.com
u4gc5j085nhax7dkg3dg23w5tmf6u8zosrdj56qv.luxseni.com
uan4741g3dyh2fu8lcab61z968ikc7nin2yaj.lovesthaifood.com
udjo232yv5l6fzksjvzfz87q6tb2mcwkq8cr.live168today.com
ue6ndhjqng7spfpofyx0q1lsomlg2cudkygp.makeurvisa.com
ugyxl3n8agfzavcft5c7yk6qz84eeo3xfvrzl.lta-internet.com
uh312vncipfrpxw2uy7a20wd5q2xeoj4c.louisiana-events.com
uk5dlevru8rhdrnkob9akn53smf9q9cf30ylchbt.lightsportwear.com
ukhjclc5kll51x3f0g9a0xc2yh366hxuqszunzlo.logisticcircles.com
uoyaq0mc10b66w66aomvxv11k0x27zzg.louisecielecki.com
uplyljzbkngp6c96nvggduri82cpkm9yjaa66ef.makingmodelkits.com
use0jdmvcminn9v4wsvfx59uyp6uhec.liveedgelancaster.com
v00n4wmr5x5jipnlsrci5x05jy0kushq9lun7.makeurvisa.com
vab9q4ifte923nepf510zmkzhoxo5ap78xqbb3e.liporase.com
vclqsudufbf1ucu4xktlbvxeq2ygkhdu3nbx.loveishair.com
vd5cnpmwq92qqi2t7jm9w94j54j6kvu54fcpg6.logos-freight-broker.com
vearl64rkalpzzu05g6n3l2w1h9o249.lovesthaifood.com
vhc2ctdnj4k7mvf3ncrdiwrh9t3uaimj.lilitdex.com
vozu7hz7xl2uw1twrycrr08rdtxt98.livetogrowdivine.com
vwl6zljx9wdw3r2bvx6vld9p4wv0c0f5yuo.liporase.com
w5qmcgsppuc84w2bjuko99jl5k60hc9uoedadl.makeurvisa.com
wa3piltoe84e5p67pl87xcxcsmjnjf1u6xq5.lokislist.com
wbfsba2sss607ksbykg6082bntkhsb.lyfedepot.com
wd8c19a45xz3pzhe0bud1qm7xx4tuv5rctr1icik.luxepodsireland.com
wf6gng2fcpdvn8io2wx0924guh89k2u4gb2sit.logos-freight-broker.com
wffkzb2ydu56pcalnpsxvfndisyvcep5bnrqxo.littlethisandthat.com
wiqhh0yh1xubt7kb02dwo9zuqvt73mphft90jocc.makemoneycoder.com
wl3go4ib3vkyo287th7eugrjgrm23ycgd7l.littlefiggyfood.com
wmddm2hph3rmfw2hxqgvg51x6c56j1pgafihtob.mamacitascasita.com
wqr4d8tbbghuf3vmz5ljng65vn81urih.lightsportwear.com
wtelq2qh0cykakxb9df6780ylarcewkagj4.localinct.com
wx9wvzqi0l7upa47jrsfgn4tdrpma0g08.makeurvisa.com
wzpkmj32ac0ai8p150pt5779z779vqggi.magicspaceship.com
x0jdps68pkqjw24030le8e08pzkbh5fq2e6lb2.logos-freight-broker.com
x56hnd5t291p5odmixfzwogbwesd9mtvy82f.maidensingapore.com
xaw3gbo2esdv2615clwubw7hga7r0ni7.loveishair.com
xf2hd9ecil9fihjsdgfqyzwfhjsr2zgin.lynsgraphicdesign.com
xo8vjv32jtbm3d1br4fjhpo1h3uquc.lightfeelingtravelagency.com
xs0wzskmg9ewvza739o1mxf2oi1ud4ve.loggerhedz.com
xsm3cdfji8qlprmpquynfmb07uemcaz.loveamazingdeals.com
xvasl8epcb6qaxsot9ngwadrxdkkdy2iwb.magicicalhypnotherapy.com
xy8s6pvsyy0xzjgmhx145hxxenpzndaj7nttgknh.lilitdex.com
y0biryr08ya4kaz2r3q6q8rxidcu13xav8.livingbankless.com
y9de2nir9hzdch0tv57xfjdc1kz58e32frqg85jq.makeurvisa.com
yg8tianr5s3qzkllx7wzyiftk6si40kq2wpl7.madinet-masr-eg.com
yhbqg17ljofm44m0pm4kdxh0ywi6x3hg0fa.luxurydelsol.com
yiav1o8zcv97qbnsgclfr3k3xx622f7p.makeurvisa.com
yjqqngk8j3ahhshj69e24xpdcszno3z4bt9tkp.lexicarsonbeautypro.com
yk26xlia7btzhoe28b7pndvm2ctgj9f7i.mamaki-mana.com
ym1vc5bhlrgsx9nzisz5u7dut2381xqu9i0t89.luonations.com
yo7mc2cyejbfe2q2kfmilg91rcua696mz.littleflowermedia.com
yosm5t9b8vbnrr29boar0j1q8t0iqe.magicunicorn420.com
yr7dq9v2h5u7e1tpw4jx4nyzeeeqmtfy8p.lexarcane.com
ysxiwsbiw5hlp7q0dx8l0kqc1jysdj0sbmh.losangelescovid.com
yw6ulqytclsvz4kponyzmsntarct9t.leylaandlevi.com
z3ut6pdtrydxdm3stg6vae5lgr2ixx9slk.londondeccasociety.com
z8kaqf0wx31kx0wcpg4on96e9foctkh.lucianmarketplace.com
zappxats77motps2ba0ad8b1qr6gqif2mm3thd.londoncabtransfers.com
zhrt7fz12yznvaqszr6aqes3cp1sd34zz.makeurvisa.com
zia47as43esb4gnm8gzv3ckaaet1phcg.lidaralekbira.com
zihj9qsglb9iumc7si4y49fucj3int70.mahamatalidriss.com
zm29bb21d8h3tg1rsk63qslfl96730c3s4.lightsportwear.com
zvq6kyhzqt3ntsioxf1iu4lgmfjynebb80am.livecallinsurancequotes.com
zvxidk35bj8lf15ys5pl3es77c99q2.lubalkalam.com
zx7tqofv5tmya552g0daf06dmwi9l3kn0ysdt0.losangelescovid.com
zxqlj0024q7vhfz01pu82ushd3rodcu1tu9e66hw.mahmut-arslan.com
zy54i1z0ll2inr2geozytrpz5k1kb45kt0u3b8n.litusonline.com
/rq2sz3m0gehtr.php

# Reference: https://www.virustotal.com/gui/collection/60eaccde7d13ee5f19b7ec1cb1ec58e69b825c4755ddc4505458df65a6eb5a04/iocs
# Reference: https://www.virustotal.com/gui/file/9dc3495a6ba058977a72a45732277524e5fe8975f3180a89b672234536224f34/detection
# Reference: https://www.virustotal.com/gui/file/ccdf82b45b2ee9173c27981c51958e44dee43131edfbce983b6a5c146479ac33/detection
# Reference: https://www.virustotal.com/gui/file/c1db76929e4723c2824b66bb062fe608c84e00e4df02ea70aff76661c312f710/detection
# Reference: https://www.virustotal.com/gui/file/5bf852829ddc1655796ec778f04adb92f685800dbda0380814d39ce022d44443/detection
# Reference: https://www.virustotal.com/gui/file/1e2f3f3be9eda8c98dbe2fbf903fa9185b9b1612553be334a87985223cd07b02/detection

527newagain.top
bajcgicdiinbegb.top
cfverclsid.top
cignjjgmdnbchhc.top
faybzuy3byz2v.top
eebchjechginddk.top
mcajijknegnbbga.top
robnzuwubz.top
/4xwkjhmf0thtr.php
/7l382vdthuhtr.php
/72lbnz85t4htr.php
/8juvid7zmwhtr.php
/c5fejq38wxhtr.php
/iduqkxn7s3htr.php
/jnpdcoxuv8htr.php
/z39hrcfekvhtr.php

# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.216/relations

anjmhjidinfmlci.top
gbkffjcglabkmne.top
ikhgijabfnkajem.top
khcjgjmfjgdleag.top

# Reference: https://x.com/malwrhunterteam/status/1860249343137100160
# Reference: https://www.virustotal.com/gui/ip-address/154.216.16.204/relations
# Reference: https://www.virustotal.com/gui/ip-address/82.115.223.207/relations
# Reference: https://www.virustotal.com/gui/file/eec8d8dbdc517184ddfa7353ed89e4ac4d2e6c2fefef2a8c4e2c81bb4b6a9047/detection

robusto.asia
api.robusto.asia
post.robusto.asia

# Reference: https://x.com/0xmh1/status/1859781932634210371
# Reference: https://www.virustotal.com/gui/ip-address/206.188.197.237/relations
# Reference: https://www.virustotal.com/gui/file/97b988b7e9239aa02759e0a2b861b530a1dc4eb8932eb11a5ef98fc17f2576ef/detection

bnzyewtreugbhbw.top
dsivhbuz383hbv.top

# Reference: https://trac-labs.com/hearts-stolen-wallets-emptied-insights-into-cryptolove-traffers-team-3f65e84ccebe

http://77.105.166.229

# Reference: https://x.com/smica83/status/1868383554838949965
# Reference: https://www.virustotal.com/gui/file/a133fae8e316fd9d9df8cf5f8984457d2525459ad4e39eafe58e026147550fb2/detection
# Reference: https://www.virustotal.com/gui/file/d0e9ada0e6cfa93e889709ff7d21e96b5c093c93b9d8c76ebd73f3333fe6fc6e/detection

cineft.online
sedone.online

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/12/vidar_17-12-2024.json

leylinehex.com
lfittrend.com
libertyvillehvac.com
liceascarpetcleaning.com
licensedplumbersinchicago.com
lifebuilderinstitute.com
lifefitnessjourney.com
lifetimeacairfilters.com
lightningeyemedia.com
lightskyranch.com
lightsportgear.com
lightsportshirts.com
lillianbehrpublishing.com
lilllyaxxx.com
limitedstockavailable.com
limitlessbookkeepingllc.com
limousinesfortlaudedale.com
linamassageparlour.com
linamensaplliancerepair.com
lindamcdermott.com
lindseygarrity.com
linkaclean.com
linkalternatifjurutogel.com
linknomad.com
links2leapgames.com
liomaperformance.com
lion-lamb-bookkeeping.com
lionsbridgenetwork.com
lionshareproperty.com
liquidbloomcanna.com
liquorcompliance.com
lisamartinezinsurance.com
list2quiz.com
littlebitofyoga.com
littlefallsmechanic.com
live4kfestivals.com
liveconstructon.com
livelifenlearnlove.com
liverpool-redarmy.com
liveslowandsourdough.com
livestronglife.com
liviaharper.com
livin-forgiven.com
livinglahavanalocal.com
livingleafy.com
livingthelegacyprogram.com
livingwellbeing.com
livingwithsexualityinawaythat.com
llatsermodels.com
lljmobilelabs.com
lngresosapromgtmalaspa.com
loaguides.com
local-deliveryservices.com
localsmartcoupons.com
locfireandsafety.com
lodocleaners.com
logicmastersacademy.com
logisticdispatchcoord.com
logoedsocks.com
lokjagruti.com
londontangents.com
longislandwaterfiremold.com
looklikethepros.com
looneyhealth.com
loraobrienbusiness.com
lorcanryan.com
lordsorganic.com
lorizimmermanrn.com
lornasage.com
losangelestobostonmovers.com
loseweightwithhypothyroidism.com
losfogatoio.com
losnumero.com
losspreventionlaw.com
lostsoulseekers.com
louisvilleroofingexperts.com
louisvilletotaljointinstitute.com
louvreuae.com
lovemyplantlife.com
lovenquote.com
loversnyc.com
lsevenconsulting.com
luanphuongusashop.com
lubnanajjar.com
lucasclassicbatteriesnorthamerica.com
lucasclassicbatteriesusa.com
lucidbisystems.com
luckparts.com
luigithebot.com
lukaeaston.com
luminacelest.com
luminavitality.com
lushpoolcare.com
lusso-apparel.com
luxhomefurnishing.com
luxureglass.com
luxuryfilmsandtint.com
lyricsbyrequest.com
maanstuff.com
mac1global.com
maccathanhnhan.com
madebycarefulhumans.com
madeiraadventure.com
maderawestestates.com
madmooselab.com
madteachit.com
mafutatech.com
magalieswines.com
magic8ballband.com
magicardonline.com
magicbeanstalkgames.com
magiccelebrant.com
magnetarfinancial.com
mahameeni.com
maidinohio.com
maidsuatl.com
mailtg789.com
mailupsecurity.com
mainelocallyowned.com
maintainahouse.com
majesticswitzerland.com
majostudios.com
makemoneywoodworking.com
makin-it.com
malaybazar.com
maldimedia.com
malibuparadise.com
malik2021.com
mallopen24.com
maloryorozco.com
maltaeventsgroup.com
mama-culinar.com
mamamiaecuador.com
mbuzy3yvzw3r.top
uth7nwpx9fdfm1b8ifd6ui8z6hnncg857k.luxureglass.com

# Reference: https://www.virustotal.com/gui/ip-address/192.153.57.125/relations
# Reference: https://www.virustotal.com/gui/file/59015eae646b3c2ff97d775eb40641ad6f3992ec7dfb2f12121047a7852ccc3c/detection
# Reference: https://www.virustotal.com/gui/file/557d6fc2139ca5ad6e0cf5de5f61659c3247c62d68be39c653c7e420f13ddd96/detection

bnaye4ybvgzueb.top
cmacnnkfbhlcncm.top
gsosnub8zg3.top
hkmlchlbjibdafd.top
jlijkijkkklbkjn.top
ngub8zb38ib.top
pbbizibizi3v.top
phsujibusy4ubad.top
shd9inbjz4.top
soeubit.com
/6kw81vnr3shtr.php
/fa5y7jvmghhtr.php

# Reference: https://app.validin.com/detail?find=d19f9a166178a3865b959cc108068990&type=hash&ref_id=2c26c089669#tab=host_pairs (# 2024-12-17)

azurearc-cdn.top
bginkhdndigadkj.top
bkkeiekjfcdaaen.top
bnayvhgb8.top
bnbuzu49ibz4.top
cljhkcjfimibhci.top
fdsgujhnby.top
fpziviec.top
futnbuzj3nh.top
gajaechkfhfghal.top
get-iwrreq.top
ghybu8as.top
gkn33hxueub.top
gnmdjjckbgddaie.top
gonjyeybhz3e3.top
gpoxcbiuevbz.top
gsbnzi39gjnz33.top
gubyzywey6b.top
hkinuxb3bz.top
iiuthbuzev.top
ikjfjkkagafbdke.top
jhubzgv3.top
kffgkjmjangegkg.top
ksdgbx9oenj.top
lgbibzuehbz.top
miutubzxe.top
mnatyvgzy3r.top
mnvuz3gvy3.top
mycommsupdate.top
nbcjihgecijhmnl.top
nubxz4ubhxz9i.top
oeiurybuzgeus.top
ohunhebzhbu3.top
poeiughybzu222.top
poubnxu3jubz.top
rifiziec.top
rihgi3ibn3ube.top
ruhybh74ub.top
saighbuzu32uvv.top
sdubvlbbuz3vzzz.top
segibuzh3hbz.top
shunhxuehbu3.top
web3-authframe.top

# Reference: https://app.validin.com/detail?find=d19f9a166178a3865b959cc108068990&type=hash&ref_id=2c26c089669#tab=host_pairs (# 2024-12-17)

aeoky.com
aerxb.com
akrmz.com
akvmm.com
atfvz.com
atkoj.com
aunuq.com
awihc.com
ayufx.com
bhmiu.com
bjqci.com
bpwid.com
brbqj.com
brtne.com
bswgr.com
bsyap.com
caztp.com
cckhy.com
cdifh.com
cfuia.com
cjzyo.com
coyww.com
cuvmo.com
cxdoa.com
czugy.com
dbhym.com
dgaxx.com
dtgtp.com
duayb.com
dubxd.com
dyhvx.com
efpan.com
egedk.com
egtto.com
ejlch.com
eknjt.com
epfvf.com
etqss.com
etrhj.com
ewxkb.com
fcnqd.com
fgdfd.com
fhilb.com
fksbr.com
fquhu.com
frqmc.com
fsmwr.com
fxutb.com
gcgxk.com
gfdne.com
gfzns.com
gghsh.com
ggizu.com
gheoa.com
gnlad.com
gnzac.com
gpynx.com
grlnl.com
gtckl.com
gwrul.com
gwsxw.com
hgqdl.com
hlaxj.com
hlnaz.com
hmdbu.com
htkbr.com
hvdim.com
hymqv.com
ibdoo.com
idsgq.com
ifvkr.com
igfwe.com
igpjp.com
ioubr.com
iozsd.com
ipbsm.com
ipkju.com
iwgzt.com
ixhsy.com
izbxg.com
izhwn.com
jctvi.com
jfgim.com
jglde.com
jlatf.com
jokju.com
jqngd.com
jtcqn.com
jueaf.com
jufdv.com
juijr.com
jvmzo.com
jzkuo.com
kbcvm.com
kcqar.com
kkefn.com
knvzl.com
kpiwo.com
lbtkw.com
lgacp.com
lnvie.com
lrqgq.com
lvosg.com
lzpbo.com
mgnxf.com
mjkyz.com
mpkvx.com
mpxuj.com
mtbxt.com
mzxhy.com
mzyfk.com
nhhgt.com
nlvxn.com
nqpjz.com
nvloh.com
nwdmf.com
obcjy.com
oegzj.com
ohhaq.com
oiikr.com
okwtl.com
orelj.com
ormwn.com
orrfm.com
pbjbp.com
pdwdq.com
pjjvr.com
pmfcs.com
pniqq.com
pnpsu.com
ptnzv.com
pwwes.com
pzkey.com
qbgvz.com
qbmgd.com
qhsfe.com
qlfoe.com
qzmlg.com
qzowg.com
qzynp.com
ravxk.com
rdbrt.com
rdeff.com
reqyk.com
rfvtb.com
rfvui.com
ribgk.com
rikxy.com
rollshark.com
rrckh.com
ruioy.com
rvuwm.com
rwmfz.com
rwsbu.com
rxaty.com
rxnwf.com
ryyna.com
sawwb.com
sbfde.com
snbjs.com
sngca.com
snyxt.com
sycnu.com
syfmi.com
thfor.com
tplbw.com
ttkaf.com
txmfb.com
tyiep.com
ucfjw.com
udakm.com
udumf.com
uepcv.com
ugkgi.com
uhmds.com
ulubn.com
urcjl.com
utasv.com
uvxrg.com
uwsrl.com
vbnsz.com
vdoxl.com
vidyf.com
vkfym.com
vtrys.com
vxcwa.com
wddql.com
wdsqq.com
wmhds.com
wugig.com
wvhtv.com
xhocu.com
xhqjw.com
xjmcj.com
xjsjd.com
xnedr.com
xsfqa.com
xvufu.com
xvzsg.com
xyqvc.com
yhilf.com
yxxnk.com
zfcbi.com
zfelu.com
zifmf.com
zjdov.com
zjvys.com
zmfgy.com
zoflb.com
zrltu.com
zupfd.com
zvaeu.com
zvtqs.com
zyfjg.com

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2024-12-18-v10810/2278

hulkpara.xyz

# Reference: https://x.com/tosscoinwitcher/status/1871263561819074678
# Reference: https://www.virustotal.com/gui/ip-address/188.245.216.205/relations
# Reference: https://www.virustotal.com/gui/file/a26dae1a0da4d8849489b49e037bfc66d1efe72182a35ecb99d5d8e41fbf4b17/detection

bijutr.shop

# Reference: https://www.virustotal.com/gui/file/1658f0e2c9dfe87a46080d606c06ebbfd93f4d85b92a00c0da651f756cf2d04d/detection

ooihu.shop

# Reference: https://www.virustotal.com/gui/file/00065f4241fca681deceeddc9b1cbf5546401182d35ba7dfcbacdde14ccd2407/detection

zonedw.sbs

# Reference: https://www.virustotal.com/gui/file/139db2f46589fc379b3ed871f4366ad261f2bb57db84493130483b89266c6f3d/detection

grahm.xyz

# Reference: https://app.validin.com/detail?find=86b21b3efff54b600a12c0994bddcf8c&type=hash&ref_id=09485de7b9a#tab=host_pairs (# 2024-12-23)
# Reference: https://www.virustotal.com/gui/file/235b8517a395f8ef53aff0ccb133e5cf926262dd24bdae99bf40857a0376c300/detection

http://37.27.43.98
37.27.43.98:443
binoto.site
cxlugg.sbs

# Reference: https://www.virustotal.com/gui/file/187431ab5b75e331a4b2e288f6bc72a19b0d547292a6cd3c08eac3764ad7242d/detection

qrmenus.xyz

# Reference: https://www.virustotal.com/gui/file/1768b0e1782666fce019d12045f6ba5b9055bab29541b278b93dcfeda281d753/detection

gladim.sbs

# Reference: https://www.virustotal.com/gui/file/3d18582def5d3845f2fc7e8f145e91747c1b973e379f5436ba6c2743196a77a8/detection

cyberyoda.icu
melkie.cyou

# Reference: https://www.virustotal.com/gui/file/2fa665c3cd5ad274a548b224169a809e54c9a1f4126b177f0cc27ed199fa8ede/detection

ikores.sbs

# Reference: https://www.virustotal.com/gui/file/ec331da7d6348a435e27ce3ea69b737f13b354363600ee093000dc1006698396/detection

dreasd.xyz

# Reference: https://www.virustotal.com/gui/file/f4a9901055421bff6c8dd1ed704a254acbf94df688f2b417743e624ce56ddb0c/detection

mycomp.cyou

# Reference: https://www.virustotal.com/gui/file/5f1c8c5275ff9649676f6acf717732631cfaacd3883a42fbb5e9c825cc8352f4/detection

gostrm.shop

# Reference: https://www.virustotal.com/gui/file/0bc8237a22dee7558f390bae9cb39923ab6207ba8a6e450474e3390682db30b0/detection

http://185.156.73.23

# Reference: https://trac-labs.com/advancing-through-the-cyberfront-legionloader-commander-6af38ebe39d4
# Reference: https://gist.github.com/RussianPanda95/d70523278256429ae95c6c92cfb82f78

bob-black.com
go-bastard.com
gotry-gotry.com
hit-bonk.com
hit-hg.com
hit-stun.com
karkarkar.com
l-back.com
twowayroads.com

# Generic

/dlmtk.php
/hsdf7w34rhdjsf.php
/smbfhrgc
/smbfupkuhrgc1
/lilipopdamnnn.zip
/nnnzbsjalqjx.zip
/peppppzxc.zip
/prentaloksxjf.zip
/someoneadasylf.zip
/test_gate0117.php
/vidar2406.exe
/vidar2606.exe
/vidar2806.exe
/inc/stealc_default2.exe
/stealc_default2.exe
