# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.malware-traffic-analysis.net/2018/07/05/index.html

desjardinscourriel818654.pw

# Reference: https://app.any.run/tasks/9de1c3d6-745d-4b89-b653-f8f4414a40f1

desjardinsmail6as6545g.pw

# Reference: https://twitter.com/James_inthe_box/status/1099365566928760834
# Reference: https://pastebin.com/C5XYY221
# Reference: https://www.virustotal.com/gui/ip-address/77.83.174.70/relations

http://77.83.174.70
77.83.174.70:2077
thedokatrade.com
highnoon2.com
copylanco.com
glekrg.com

# Reference: https://twitter.com/James_inthe_box/status/1079757827030142976
# Reference: https://www.virustotal.com/gui/ip-address/5.45.73.63/relations

http://5.45.73.63
5.45.73.63:2131
donbwh.com

# Reference: https://twitter.com/BroadAnalysis/status/967357851520897024

http://94.242.198.167
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/JAMESWT_MHT/status/927523630778650627

bmwfastcar1337.com

# Reference: https://twitter.com/anyrun_app/status/912276794648272897
# Reference: https://app.any.run/tasks/f1a72d72-2e96-4d8b-9ad7-1f74e162d585

overwbuff.com
http://195.123.211.9
195.123.211.9:13378

# Reference: https://twitter.com/JAMESWT_MHT/status/906086386377379845

pudgenormpers.com

# Reference: https://twitter.com/VK_Intel/status/1135507293573931008
# Reference: https://www.virustotal.com/gui/file/11918aadc1e4942a1e458afab5c10971fb87d84b693b2c31f5497aa289fa20da/detection

176.119.30.142:8765

# Reference: https://twitter.com/VK_Intel/status/1143606935373172736

31.7.62.214:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1166106371403763714

179.43.146.90:443

# Reference: https://twitter.com/James_inthe_box/status/1178692652700590085

http://179.43.159.246

# Reference: https://www.fireeye.com/blog/threat-research/2019/10/head-fake-tackling-disruptive-ransomware-attacks.html
# Reference: https://otx.alienvault.com/pulse/5d9378b8f36a91c436c5f93c

track.amishbrand.com
gnf6.ruscacademy.in
backup.awarfaregaming.com
link.easycounter210.com

# Reference: https://habr.com/ru/company/pt/blog/471960/ (Russian)

185.225.17.66:443

# Reference: https://twitter.com/P3pperP0tts/status/1188946654768091136

http://179.43.146.90

# Reference: https://pastebin.com/iqcg0Ys7

http://185.225.19.35

# Reference: http://broadanalysis4.rssing.com/chan-65366183/latest.php

http://91.243.80.120
http://94.242.198.167
179.43.191.122:2259
31.31.196.204:1488
94.242.198.167:1488
ebalodauna1488.com
printscreens.info

# Reference: https://twitter.com/tkanalyst/status/1196033182694379527

http://103.16.228.173

# Reference: https://twitter.com/VK_Intel/status/1196136022658207750
# Reference: https://www.virustotal.com/gui/ip-address/94.158.245.91/relations

94.158.245.91:1488
ololoev.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1199078758298206208

5.181.156.36:1321

# Reference: https://twitter.com/VK_Intel/status/1224647173872193538

gjuauyfhjha.cn
sasggegzui.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1222152295724593152

103.16.228.173:1488

# Reference: https://app.any.run/tasks/32eeb667-b66b-4dea-b343-ae43941f7b20/

micrdata.com
safuuf7774.pw
wobada.com

# Reference: https://unit42.paloaltonetworks.com/cortex-xdr-detects-netsupport-manager-rat-campaign/
# Reference: https://github.com/pan-unit42/iocs/blob/master/NetSupportManager

http://185.163.45.88
http://94.158.245.182
94.158.245.182:443
unclebillswv.com/verisign.php
firstteamcareer.com/user.php
busyserviceinc.com/webdoc.php
edisonlee.net/maildir.phpq
newtontool.ca/wp-contents.php
brotherselectricco.com/host.php
innovativemasonry.net/hostgator-welcome.php
greenheartmed.org/captcha.php
ultraeventgroup.com/wp-element.php
jnachb.com/wp-comment.php
adroitpmps.com/wp-list.php
ledampenergy.net/wp-comment.php
hostfleek.com/backup.msi
alpinehandlingsystems.com/backup.msi
jintsung.cn
4ourkidsky.com

# Reference: https://twitter.com/killamjr/status/1234547286807584773

http://185.163.45.118

# Reference: https://twitter.com/malwrhunterteam/status/1236215722885464064
# Reference: https://www.virustotal.com/gui/file/870972fabfb6c59f1c3959cea9201d3c4d48756585970de869d063ec69983ab8/detection

http://23.227.207.138
23.227.207.138:12233
browserinstallup.com

# Reference: https://twitter.com/jcarndt/status/1241090163008307206
# Reference: https://app.any.run/tasks/b46069d5-ec22-481e-af2b-c14474978f79/

tardigradeventures.com

# Reference: https://www.virustotal.com/gui/file/1a08a65d4199f08d60644f2aee1182d87f29b36d38257239e5c80965ed65e0d1/detection
# Reference: https://twitter.com/olihough86/status/1243561290439839745
# Reference: https://app.any.run/tasks/aa3e41ee-b1c0-4333-939e-e4199c1daa56/

http://5.181.156.14
5.181.156.14:443
covidpreventandcure.com
komnop.com

# Reference: https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ (# NetSupportManagerRAT)

covidpreventandcure.com
covidwhereandhow.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1255849588788953088

62.173.145.56:2721
avheaven.icu
bssupport.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1260492238758588419
# Reference: https://app.any.run/tasks/0b4ce298-496a-4b15-9e94-0fbbb616422e/

62.173.154.94:2145
avheaven.space
brassaffid.com

# Reference: https://twitter.com/jcarndt/status/1275108512046211074
# Reference: https://app.any.run/tasks/c9e195d3-227c-480a-8515-1cdadcf29485/

membersonlytraining.com

# Reference: https://app.any.run/tasks/cc3ac8a1-394f-4488-89e1-6107017b2360/

http://45.133.245.57

# Reference: https://twitter.com/JAMESWT_MHT/status/1285170628656615424
# Reference: https://bazaar.abuse.ch/sample/8ab3b9367304dccac78095808260417a46c0f37720051592b9a32ba3b030743d
# Reference: https://www.virustotal.com/gui/file/68313d4b45cc908f541dd581d7b9d1e8ccadcbf205714c12c36b58083ada7345/detection

http://62.173.138.41
62.173.138.41:2071
numienimfe2.com
ysanhumeg1.com

# Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection

http://5.45.74.219

# Reference: https://www.virustotal.com/gui/file/86fc3e58537ac903356866de03df56baaba69b2641f90da283560a08fc60786b/detection

http://45.133.245.192

# Reference: https://twitter.com/malware_traffic/status/1321482374044069888

http://46.17.106.230
46.17.106.230:3543

# Reference: https://www.virustotal.com/gui/file/8781b76845a95237e38d007e1ce0c5743e3eb95717e13b85a6b2a963cf4c0d2d/detection
# Reference: https://www.virustotal.com/gui/file/5f7f2f6e7ed3cc8243fad060f0b64267ceb629456eab62215847419eb7f4494e/detection

192.169.6.95:3294
http://192.169.6.95
http://45.138.172.158

# Reference: https://twitter.com/cyb3rops/status/1372941834104807426
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SunBurst/SilverFish_Solarwinds.pdf

mgdsoufjgh4hgba.xyz
nefvnvudygct4.xyz
huntaget.cn
moreeu.cn
moreofit.cn
torpoa.cn

# Reference: https://www.virustotal.com/gui/file/2add4e3f9acd88b53c97989b309bccdf35456c444d7b4436bd0b9b04f1d16cf4/detection

http://88.119.171.110
88.119.171.110:443

# Reference: https://www.virustotal.com/gui/file/672eebccfb00a9a4cc11fec4232eff3c87f7870d1cef4c647d364801cab814ca/detection

http://37.61.213.242
37.61.213.242:2549

# Reference: https://www.virustotal.com/gui/file/45ff625f17a1e9ad65dd94c376034148d6d8eee8a41b1209f566a907f5d6d6c7/detection

http://46.161.40.59
46.161.40.59:3085

# Reference: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection

http://62.173.140.217
62.173.140.217:1337
coinduck.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c5962e29f3f752f3fe8ae5cef5022fb819eb8dfad91ba81c9e1ccd44ac8d5fd5/detection

185.156.172.130:2549
fiseddaniret1.com
fiseddaniret2.com

# Reference: https://www.virustotal.com/gui/file/131586137654c8774dc2ba571834e7d20881c53e2e91421fe832159004954ab8/detection

http://1.254.1.1
http://192.64.119.126
visualmultiplicationsinc.club
worktwork3.xyz

# Reference: https://www.virustotal.com/gui/file/013928987cd0092ef2f5de55f2ae076ff67297ccd75bc6a2959eff4301591ddf/detection

findmemolite.com
dvqyswmvahrqd.cloudfront.net

# Reference: https://github.com/pr0xylife/NetSupportRAT/commit/8ce0fa44a9a9c899031dc3340f23aa601e3ffeaa

http://5.252.178.213
contentcdns.net

# Reference: https://medium.com/walmartglobaltech/socgholish-campaigns-and-initial-access-kit-4c4283fea8ee
# Reference: https://www.virustotal.com/gui/file/552f65f0ae7b001df20dc2875b136f55669daa09ba02d10d9b688a3511cbb4ca/detection
# Reference: https://www.virustotal.com/gui/file/ccc0204486cbf8b6db43711ddf8d847cfc15d5f713c60b53c461c4e4eeeb1a4f/detection
# Reference: https://www.virustotal.com/gui/file/617c331b65e0d26e1e64a04f06555891e719b578fd2bdc41065458176821f0c1/detection

http://149.28.68.114
http://194.180.158.173
http://45.76.172.113
http://45.77.87.77
http://5.252.178.213
http://87.120.8.141
aasdig8g7b448ugudf.cn
asaasdivu73774vbaa33.cn
businessaudit.tax
hlmequipment.com
mixerspring.cn
nsncasicuasyca831cs3vvz.cn
sjvuvja.com

# Reference: https://twitter.com/idclickthat/status/1550876054440509445
# Reference: https://www.virustotal.com/gui/file/4a6e542f77e622f7084e5b5bddab43ae4e80a07ade56e3063e3959fd03040dd0/detection

http://95.217.35.62
95.217.35.62:1337
pokemongo-nft.io

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Riskware/Riskware%20-%2008082022
# Reference: https://www.virustotal.com/gui/file/080fa496d57ca79f09b2717b384a3a34080bbfcef8a1198bbea1901e4b571991/detection

http://108.61.207.16
108.61.207.16:49760
telemetry-cdn-ny.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-16%20NetSupport%20RAT%20IOCs

http://23.88.96.2
asdbgbwi8ww.icu

# Reference: https://twitter.com/pollo290987/status/1561042448683618304

http://151.236.14.69
7nt.at

# Reference: https://twitter.com/0xToxin/status/1558007700180582400

duvje6egvuas.com
sdhbuh474jhguakfi3jgh3.cn

# Reference: https://github.com/executemalware/Malware-IOCs/commit/5db274edcb157e7d003c1201211674b6bc140fc2

http://78.47.32.144
asdjdoo3vsd.icu

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-08-22%20NetSupport%20RAT%20IOCs

http://167.235.67.199
ghev.top
tojh5roh4.top

# Reference: https://twitter.com/mojoesec/status/1561805273651617793

52226asdiobioboioie.com
jjdfu.fun

# Reference: https://twitter.com/phage_nz/status/1562229369669828608

aisdyhvuekmfa33.cn
dfuy.fun
iurb.top
sdfijiusgydygbugjsadifr.com

# Reference: https://twitter.com/pollo290987/status/1562535463251898369

asdbjhsdf63.cn
rijd.fun
sadvi8ejvas.icu
sdsdfnjdsfhis6g4fr.com

# Reference: https://tria.ge/220829-t7q4vacahl/behavioral2

adhkjdlkasd.icu
riut.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-09-08%20NetSupport%20RAT%20IOCs

ghvab.xyz

# Reference: https://twitter.com/pollo290987/status/1568312124799176704

http://103.153.183.74

# Reference: https://twitter.com/pollo290987/status/1570114932041043972

http://94.130.179.90
fbueg.top

# Reference: https://twitter.com/pollo290987/status/1572284261721591808

http://78.47.255.163
eruge.xyz

# Reference: https://twitter.com/pollo290987/status/1573375977178234881

http://88.198.178.95
fygba.fun

# Reference: https://twitter.com/pollo290987/status/1574770057460211712

http://78.47.81.171
gunbj.top

# Reference: https://twitter.com/nosecurething/status/1574939506566135809

fhb7dhb8z84ehg.xyz
rgkiboinas.men
sdgjoujhbsiuhdisd.com

# Reference: https://twitter.com/pollo290987/status/1576941098483998722

http://75.102.34.39

# Reference: https://twitter.com/pollo290987/status/1578047035793711110

http://23.88.52.251
db8ew.top

# Reference: https://twitter.com/pollo290987/status/1580579019543568385
# Reference: https://twitter.com/phage_nz/status/1592273345185468416
# Reference: https://tria.ge/221114-1cg11sab4z/behavioral1
# Reference: https://www.virustotal.com/gui/file/2a968ae38c10430c37a108f6919d0d5eb4e8e10415f927437a051e1fbd3ae7d4/detection
# Reference: https://www.virustotal.com/gui/file/157b4754d3cc372bb4b236c37036eb0729cff6bba01220f3d0cc1c9f340d68ea/detection

176.113.115.91:2145
31.41.244.112:2145
89.185.85.44:2145
89.208.103.208:2145
8ltd8.com
npinmclaugh11.com
npinmclaugh14.com

# Reference: https://www.virustotal.com/gui/file/05bb07f3dfae2584a5f6382f23ba58bbea9feeea01509c446a1c75e47a9dfa13/detection

http://140.82.15.232
140.82.15.232:2970

# Reference: https://www.virustotal.com/gui/file/498d6c9301e100f9b7752a6ee34b6873747efa876a9767f51c8eb8dd6a2ff63a/detection

http://116.202.22.58
sdfuubw.icu

# Reference: https://isc.sans.edu/diary/rss/29170
# Reference: https://otx.alienvault.com/pulse/6352a4f01abba547918c8a4d

http://176.124.216.159
176.124.216.159:5511

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-10-26%20NetSupport%20RAT%20IOCs

she32rn1.com

# Reference: https://www.virustotal.com/gui/file/bfa0f0a9d939eb766c9fd81be03e3b2cd4ed43b977832a21e73156a7201ff1ed/detection

http://193.106.191.152
185.158.251.35:4421
193.106.191.152:4421
dcejartints16.com
dcejartints17.com

# Reference: https://github.com/pan-unit42/tweets/blob/master/2022-12-28-IOCs-for-NetSupport-RAT-infection.txt

http://89.185.85.44

# Reference: https://www.virustotal.com/gui/file/058118f80fc1a977d07f012560d2ca6109709d20ba6a81e017f294f6e37f2f28/detection

151.236.14.69:2940
pinustamilbe10.com

# Reference: https://twitter.com/x3ph1/status/1612583145257275392
# Reference: https://twitter.com/x3ph1/status/1612636188212338690

gkdkr.icu
gubje.top
noinmsyvhruhjbi4hs.cn
sdvubjser.top

# Reference: https://www.virustotal.com/gui/file/e0f1dc2d0d42622578b3d4e609a5f428edcc41273c60640711f092570cda132c/detection

http://142.132.188.48
fasfybue.icu
rgkiboinas.men

# Reference: https://twitter.com/BroadAnalysis/status/1613255257789693953

http://94.158.244.38
52226asdiobioboioie.com

# Reference: https://www.virustotal.com/gui/file/12d2c229d192506c13f8dfbb5e9edb5b9b369a6e0b5ddc7cb2647d02d7fcdae5/detection

http://194.180.174.152
194.180.174.152:1203
pro1vin7ce.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-27%20GoogleAds_NetSupport%20RAT%20IOCs

http://185.161.210.23

# Reference: https://twitter.com/dlevyny7/status/1619081793344512000
# Reference: https://www.virustotal.com/gui/ip-address/185.161.210.23/relations
# Reference: https://www.virustotal.com/gui/file/8301d30f35705f82c85b56c51fc9f79f9071c3cb3e984b9c55aefe98b830cfc6/detection

anydeks-access.com
mindamiedolis19.com

# Reference: https://twitter.com/1ZRR4H/status/1620141013686968320

http://176.124.216.31

# Reference: https://twitter.com/crep1x/status/1620542075082260480
# Reference: https://tria.ge/230131-z4s2xscd3t/behavioral2

any-desk-app.life
audacity-app-official.site
canva-app-official.site
handbrake-app-official.site
ledger-app-official.site
libreoffice-app-official.site
teamviewer-app-official.site
tronlink-official.site
dkimqwertyasd.com
harddrystamp.com

# Reference: https://twitter.com/Iamdeadlyz/status/1626286424713736194
# Reference: https://www.virustotal.com/gui/file/2bee969bf4dd2fc0e5b6de9f835a037b486fe6f599ec20485231710b06033837/detection
# Reference: https://www.virustotal.com/gui/file/84520291f6556c00cb44314d2994037e0b098bc97c73826c6b6d3e03564b243d/detection

http://89.107.10.44
89.107.10.44:9999
arponet.duckdns.org

# Reference: https://twitter.com/Iamdeadlyz/status/1626286411879190528

http://195.133.197.185

# Reference: https://twitter.com/AnFam17/status/1628995393143832576

94.158.244.118:1203

# Reference: https://twitter.com/nosecurething/status/1631005059302522900

dssdgihbiuieyygvkdsiy4.cn
gunhdr.top

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-03-09-v10262/351

gybvhxu.top
itugbjhb.xyz

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-03-23%20NetSupport%20RAT%20IOCs

http://116.203.241.111
dirjbrb.fun
dvjurtt.top
sdfojbeufibibsuu8u.cn

# Reference: https://twitter.com/JAMESWT_MHT/status/1641700979434217475

glorrytertyds1.com
glorrytertyds15.com
howcankfhns.com
ktalarisa18.com
ktalarisa19.com
plshaquntarav31.com
plshaquntarav32.com
uzurtela1.com
uzurtela42.com
xjmko311.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1641714810696998916

http://51.195.53.204
dcanalirder12.com
dcanalirder15.com
jalalymola11.com
jalalymola17.com
mindamiedolis20.com
whatulookingat.duckdns.org

# Reference: https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html
# Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising/ioc-new-opcJacker-malware-distributed-via-fake-vpn-malvertising.txt
# Reference: https://otx.alienvault.com/pulse/6424417d4f7e34fdcc85af29

alle13net1.com
alle13net2.com
comes1.com
comes2.com
gattri1.com
gattri2.com
installer-xvpn-g.site
installer-xvpn-h.site
installer-xvpn-k.site
installer-xvpn-n.site
irbxvpn.site
irexvpn.site
irfxvpn.site
irhxvpn.site
irixvpn.site
irkxvpn.site
irqxvpn.site
irtxvpn.site
iruxvpn.site
irwxvpn.site
manigiajabae32.com
manigiajabae35.com
neskrab1.com
neskrab2.com
nesupcli.com
uhcoxvpn.site

# Reference: https://twitter.com/1ZRR4H/status/1643512391940952064
# Reference: https://www.virustotal.com/gui/ip-address/162.33.178.129/relations

http://91.107.198.110
gsdgtruhu45.cn
irejhg.fun
retbr.fun
tumnt.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

rtern.top

# Reference: https://www.virustotal.com/gui/file/12e68953eac99f92a4bad4dc8263fd21837a119ec3830569c3f6205b2bc4726c/detection

dfrgb.fun

# Reference: https://twitter.com/abuse_ch/status/1646397352469577728
# Reference: https://www.virustotal.com/gui/file/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/detection

http://79.137.207.54
79.137.207.54:5222
balbalz1.com

# Reference: https://twitter.com/StopMalvertisin/status/1648223628067237890
# Reference: https://twitter.com/souiten/status/1648250631600373760
# Reference: https://www.virustotal.com/gui/file/e927e79de25207d548965e90ec87c26021b9549b5108ac0de99cc9c85556841b/detection

http://87.251.67.111
87.251.67.111:1935
glazgo141.com
glazgo142.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-04-17%20NetSupport%20RAT%20IOCs

http://23.88.125.55
erbieiv.top
rubjbz.fun
ssgdubuerx4.cn

# Reference: https://twitter.com/pollo290987/status/1653139934956363777
# Reference: https://twitter.com/pollo290987/status/1653486646774362112
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-01%20NetSupport%20RAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/e3d142307cbbf3d0d8eac76364993e52833d1ba7318a9ca93dc7f950c49e8ec5/detection

http://195.201.237.50
eduvu.top
erigb.top
sdjbizirebz.cn

# Reference: https://twitter.com/pollo290987/status/1653796442723475458

asdyg.fun
dsauvsiv.top

# Reference: https://twitter.com/pollo290987/status/1654206717251530753
# Reference: https://www.virustotal.com/gui/file/026d17e445821b1d208cb399f451f688f2ba1882a0596661c5d728213aa70e18/detection

http://193.233.232.218
http://89.22.237.94
89.22.237.94:5222
blahadfurtik.com
blahadfurtik2.com

# Reference: https://www.virustotal.com/gui/file/2ba36fbdb1ade985521f651d2fef8667b788658b87423297fddb88f70fbbd411/detection

http://79.137.203.68
79.137.203.68:5222
hdwarframebot.com

# Reference: https://twitter.com/pollo290987/status/1654357341314117633

dsauvsiv.top
erivhx.fun

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-04%20NetSupport%20RAT%20IOCs

dubhd.top

# Reference: https://twitter.com/pollo290987/status/1654540593756872706

http://45.138.74.89

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-08%20NetSupport%20IOCs
# Reference: https://www.virustotal.com/gui/file/9488e05b2be4ef6494ed61a15246de5a1b9e2e7a1673c660a35a162a4e29f339/detection

http://94.130.187.192
pruvb.fun

# Reference: https://twitter.com/pollo290987/status/1658540867840270337
# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-15%20NetSupport%20RAT%20IOCs

http://128.140.14.43
sdfhr.top
tryxe.fun
sasfyvuaseyzzs.cn

# Reference: https://gist.github.com/kirk-sayre-work/1a7ec92ab9018ffac71ee5826de9aba8

http://193.233.233.92
http://91.193.43.96

# Reference: https://twitter.com/JAMESWT_MHT/status/1658779419043942402
# Reference: https://www.virustotal.com/gui/file/d885b84d8d8059451a119b32d164280284d428350d2bfcfaf7b84f1b2223a42a/detection

176.124.198.7:5222
alnama.net/realty/license.php
itsupportadminguy.info/itsurjia/homeps.php
/itsurjia/homeps.php

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-18%20NetSupport%20RAT%20IOCs

rszee.top

# Reference: https://threatfox.abuse.ch/ioc/1119451/

77.105.146.153:5222

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-05-23%20NetSupport%20RAT%20IOCs

http://5.75.145.41
ergtu.top
reubhh.fun
sertte56gzxes.cn
/rt.php?i=NOT-A-RESEARCHER

# Reference: https://tria.ge/230526-gyq19sea99/behavioral11

91.215.85.180:5222

# Reference: https://twitter.com/JAMESWT_MHT/status/1662371119532318720
# Reference: https://tria.ge/230527-hj77nsba65/behavioral2
# Reference: https://www.virustotal.com/gui/file/faf9b23508c4445bf9017cacb3b4f08f39d0cd0cd48cc17156320abb6083d9c7/detection

http://188.227.59.169
http://80.66.88.143
80.66.88.143:1935
golden-scalen.com
xoomep1.com
xoomep2.com

# Reference: https://twitter.com/doc_guard/status/1668890440324579329
# Reference: https://www.virustotal.com/gui/file/7e9362b520bf227bfa1c152710b76b7ff83f41f4a7cae42bbb3cfa1473bb0edc/detection

http://91.107.213.253
sizie.fun

# Reference: https://www.virustotal.com/gui/file/0ab1ccca6453218c59fbff6aa2af85ec62a790bcf18426a86f12ba5fe9ed96b3/detection

asuxtp.fun

# Reference: https://www.virustotal.com/gui/file/2817e17cbaa3588d1f1d8fb8a371489693bbdea53a05a34fac71b41bf91e7081/detection

fyzyxe.top

# Reference: https://twitter.com/FirstWatchCyber/status/1678473223678074882
# Reference: https://www.virustotal.com/gui/ip-address/143.244.162.145/relations
# Reference: https://www.virustotal.com/gui/ip-address/157.90.249.226/relations

asfgze.fun
digibi.fun
regibd.fun
sdguzx.fun
ahmgbgjhdlmmlnf.top
cmbefalcljjblia.top
deediinlfifelek.top
ejhbmdagngcglaf.top
jenililhdcaegeg.top
kiknaijcgclkdnl.top
knifdjhlkchdaic.top
nbjhllilknbjldk.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-13%20AsyncRAT%20IOCs

prigze.top
zegfze.top

# Reference: https://gist.github.com/kirk-sayre-work/f9748c3cae156b56a0751679085b3f8e

bisiv.top
dubpv.top
eovze.fun
igsufb.top
izrvb.top
lvuse.top
lvvmze.top
sdifiv.top
tvfzie.top
vizhez.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-07-24%20AsyncRAT%20IOCs

rigjz.fun

# Reference: https://twitter.com/abuse_ch/status/1685911335719100416
# Reference: https://www.virustotal.com/gui/ip-address/176.111.174.101/relations
# Reference: https://twitter.com/JAMESWT_MHT/status/1685921789539389440
# Reference: https://twitter.com/JAMESWT_MHT/status/1685923203141582848
# Reference: https://www.virustotal.com/gui/file/37cb07ef75c90beb2af9df3faf02283c71ef48cbffce24bcd46049b38939d26b/detection
# Reference: https://www.virustotal.com/gui/file/5e6c05f47399616a63798cb40df75b90912f3dffa84b310ee26db960fc62522f/detection
# Reference: https://www.virustotal.com/gui/file/b75b778b3ca3698225351e0e36376be5da90ec890f4dcf5db970a1f08d8ed37c/detection

http://95.179.150.54
http://95.179.189.207
95.179.189.207:1313
95.179.150.54:1315
95.179.150.54:1414
archivde.xyz
luckyday0728.org
sambireact1.com
sambireact2.com
unclesrug31.com
unclesrug32.com
yeah07.online

# Reference: https://www.virustotal.com/gui/file/c395a71bfd66e923a94cbdc32e5257e51e43b3262bdbd2c75afb36fefed9f3b8/detection

http://94.158.247.27
94.158.247.27:5051
conluase62.com

# Reference: https://twitter.com/x3ph1/status/1686554084294152192

94.158.247.23:5050
magydostravel.com

# Reference: https://www.virustotal.com/gui/file/6318e4335b1098781e35d7464d20b7f92015e86f21c5aad3147e18d6bf9bba7d/detection

http://94.158.244.41

# Reference: https://www.virustotal.com/gui/file/18f2356888cd0909399b77211c732a3f808b06b4fd740e32c5e8105193296706/detection

http://91.215.85.176
91.215.85.176:5222
norominis1.com
norominis2.com

# Reference: https://bazaar.abuse.ch/sample/f5f167423d31cdd7e742d6ae85d6170f26203ec7496d4e098f9e16f40e864c0a/
# Reference: https://www.virustotal.com/gui/file/f5f167423d31cdd7e742d6ae85d6170f26203ec7496d4e098f9e16f40e864c0a/detection
# Reference: https://www.virustotal.com/gui/file/845087bb407b34d8003174a3b63b6c50c7ab4b13ef81636b8344740bb7a8559c/detection

http://185.225.75.33
185.225.75.33:443

# Reference: https://bazaar.abuse.ch/sample/933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6/
# Reference: https://www.virustotal.com/gui/file/5ffb5e9942492f15460e58660dd121b31d4065a133a6f8461554ea8af5c407aa/detection

http://45.15.158.212
45.15.158.212:1412
jokosampbulid1.com
jokosampbulid2.com

# Reference: https://twitter.com/malware_traffic/status/1691546307683352576
# Reference: https://www.virustotal.com/gui/file/de3d0a11dec2e3b4afce991a690024e96dca389f8a0a3c6a65b559c9f1c12d59/detection

http://94.156.6.111
94.156.6.111:443
xcelcareers.com

# Reference: https://twitter.com/1ZRR4H/status/1692484935947563405
# Reference: https://www.virustotal.com/gui/ip-address/64.52.80.202/relations

eyftze.top

# Reference: https://www.virustotal.com/gui/file/38669dd5ccced3c29f3eb6bad7a04fbdc2cc81ea6f7c76b03cf1c4fee6c5f3f0/detection

http://185.163.45.36
185.163.45.36:5051

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-22%20AsyncRAT%20IOCs

rigujze.fun

# Reference: https://www.virustotal.com/gui/file/00c9a25198c62d243549a458be44f24a71bc999bdb279fc6336ddedeccf637a1/detection
# Reference: https://threatfox.abuse.ch/ioc/1152573/

http://79.137.205.69
79.137.205.69:3725
falafelgoo1.com

# Reference: https://www.virustotal.com/gui/file/cf4b26813e325da0c821da65e1417bea0045f8349204518b58381609b6662803/detection
# Reference: https://www.virustotal.com/gui/file/8d0f88f0a641392f67dcba2a15d18dc3023bc3de35d6ed6e4664948ed928d36e/detection

http://94.158.244.56

# Reference: https://www.virustotal.com/gui/file/9f5feccfcce9d5a6af03e983c7fce6a38cf40fd0cfc518a612c696c572ba2fd5/detection

http://139.60.163.37
139.60.163.37:2940
pinustamilbe12.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-29%20AsyncRAT%20IOCs

easdiv.top

# Reference: https://twitter.com/0xToxin/status/1697254384932184572
# Reference: https://app.any.run/tasks/fc8794c8-ef16-4102-9be4-70b5745c08ab/

zpeifujz.top

# Reference: https://gist.github.com/kirk-sayre-work/f3ff9633cea04c7eed5f00962a6a666d

docusec.top
eividsy.top
euuvua3.top
fahzza.fun
fiauta.top
fuzuci.top
prizba.top
rubize.top
saifozi.fun
sdfuzien.top
secdoct.top
sevyr.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-08-31%20NetSupport%20RAT%20IOCs
# Reference: https://www.virustotal.com/gui/file/d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8/detection

http://5.252.177.126
http://5.252.178.51
5.252.177.126:443
5.252.178.51:443

# Reference: https://www.virustotal.com/gui/file/9101403bb729cabebd79206aad130293890154cd7a6fba3417471a645ea3ef25/detection
# Reference: https://www.virustotal.com/gui/file/1b74c1fcbe83096cd703bfe9343163894f3a0a83c3708edf97fac42c43ebee83/detection

http://5.42.82.229
http://79.137.205.69
5.42.82.229:3725
79.137.205.69:3725

# Reference: https://www.virustotal.com/gui/file/343d63ff67300da163c035fd16eeaf73ca0d8b472725be1cf501addbc205c487/detection

79.137.202.177:3725

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-05%20AsyncRAT%20IOCs

sdfuvy.top

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-09-07%20AsyncRAT%20IOCs

ehxevg.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-09-10)
# Reference: https://www.virustotal.com/gui/file/cc625f2839019ee79af16b580a5248ea119e1a69411cd7498e68d0fb93257f32/detection

http://5.39.110.142
http://5.79.72.218
http://91.92.242.229
5.39.110.142:1770
5.79.72.218:1770
91.92.242.229:443
pkvithtosh11.com
pkvithtosh17.com

# Reference: https://www.virustotal.com/gui/file/6a507c4b04ecd8052a518e77c2cadaf32b89018ae7bc7857b0b799c82c8fe23b/detection

http://185.163.46.93

# Reference: https://www.virustotal.com/gui/file/4a9f42167f399abfbb42a5ee4d52922eb3f7f1ce88d23824f01d13e50609b8b9/detection

http://94.158.245.150

# Reference: https://www.virustotal.com/gui/file/c38c08aa33317d483b8c3f2572189deffd054a8805d463ef2437d4e7aa458436/detection

http://95.216.186.137
95.216.186.137:2701
dmforinenam17.com
dmforinenam18.com

# Reference: https://www.virustotal.com/gui/file/1a011068e00ff24aaef338efc5d21f51abbf47cf1f1006b1b79c78bc84b1d3c6/detection

http://5.252.178.48
5.252.178.48:443

# Reference: https://threatfox.abuse.ch/ioc/1183943/

http://5.252.177.214
5.252.177.214:443

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-10-12)

http://5.252.177.111
5.252.177.111:443
sdjfnvnbbz.pw

# Reference: https://twitter.com/reecdeep/status/1715053326859895210
# Reference: https://www.virustotal.com/gui/file/c418c883f8d85ed6de3ca033f925c29bf5f5ef4926d62e04d61b6c015dbeb841/detection
# Reference: https://www.virustotal.com/gui/file/d4085ca36709f3b3a2d5a38cba70fbcd439dbc3be024c29829bfa10d8ef44f53/detection

orivzije.top

# Reference: https://twitter.com/x3ph1/status/1719115004530581756
# Reference: https://www.virustotal.com/gui/file/18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d/detection
# Reference: https://www.virustotal.com/gui/file/2725bdb19861c6bd2d4156040473da04abe32c8701e6a7d0cbeeca8425127c10/detection

http://185.163.47.243
185.163.47.243:443

# Reference: https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
# Reference: https://www.virustotal.com/gui/file/b910500a9fce47fa4db13b2ad2aea72f20df4743a66b6099fb4b9a4d71912e50/detection

http://79.137.206.37
79.137.206.37:133
wsus-isv-internal.tech
wsus-isv-local.tech

# Reference: https://twitter.com/JAMESWT_MHT/status/1719446999420846529
# Reference: https://www.virustotal.com/gui/file/2a2d79f2b08ecfc76c536c2c9f17922f8272ada7ee318e359529a38d769973ac/detection
# Reference: https://www.virustotal.com/gui/file/f21aea9606f94eba27674cfb40a4aeccd5c73577a3997e4687accc63eaa2efa7/detection

sduyvzep.top
/m0t3hg0h8uyx
/wsjdfghd

# Reference: https://twitter.com/reecdeep/status/1720122106854166900
# Reference: https://app.any.run/tasks/5139943d-a620-4a3b-a062-264460825126/

lzlzy4e.top

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2023-11-07)

http://185.163.47.137
http://5.181.156.60
http://91.92.242.5
185.163.47.137:443
5.181.156.235:443
5.181.156.60:443
91.92.242.5:443
91.92.244.196:443
91.92.247.248:443

# Reference: https://www.virustotal.com/gui/file/48ff224a396a4583990cb16a88a555817bff10ffbd85597ad941c6d2f5e78dda/detection

speedsupport.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1727335614805078515
# Reference: https://www.virustotal.com/gui/file/3407337dea12501ed2d524ed049d69a8e188bcd585f1a4055b60d4369cfc348b/detection

http://185.225.17.47
185.225.17.47:136
glaciecrw.cfd
huggertlow.top

# Reference: https://twitter.com/1ZRR4H/status/1731019006318985352
# Reference: https://www.virustotal.com/gui/file/0fdc3d43677d406fb68b434d25a5757f5981ecc19ec616f8ddcd9126ba548014/detection

46.149.74.125:1061
andater393.net
svanaten1.com
svanaten2.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-12-22%20AsyncRAT%20IOCs
# Reference: https://app.validin.com/axon?source=DNS&zone_filter=top&limit=100&type=ip&find=206.166.251.17

prozvegz.top
sossoshn.top
ruzivre.top

# Reference: https://www.virustotal.com/gui/file/01caca23428e0f6d56feda4b411d989f4b0c8ad4dd28664f5f2b7de428b76004/detection

http://194.38.21.53
194.38.21.53:1203

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-01-24)

136.244.108.223:1411
152.89.218.212:443
185.163.46.93:443
185.26.239.180:443
45.61.147.162:3301
45.67.230.205:443
5.181.156.45:443
91.92.245.80:443
94.158.244.56:443
94.158.245.150:443

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-01-23%20NetSupport%20RAT%20IOCs

hsdiagnostico.com

# Reference: https://twitter.com/1ZRR4H/status/1750170408463008120
# Reference: https://www.virustotal.com/gui/file/a04f3d2be0b51c4c302bc4b881ee6c6b507bc432272fc37d7c531060607e7932/detection

blawx.com/letter.php
defigmi.com/1/GetData.php
core-click.net
helasirasi.com
helasiras1i13.com

# Reference: https://www.virustotal.com/gui/file/09c64c1e380b08904417424f0335f960ae10bebb57dda489028084db71fb6a17/detection

http://95.142.47.11
95.142.47.11:1203

# Reference: https://twitter.com/doc_guard/status/1764652970682048592/history
# Reference: https://www.virustotal.com/gui/file/56fe0d3edd415c0ca1b7fc7bf960300e085465cd2a6d0ec3600191aac25a66e4/detection
# Reference: https://www.virustotal.com/gui/file/7144b8408b3ad9ae2d035cf122f9311673a38e9f26177c3c12d390c68ecb54b4/detection

http://79.132.130.233
79.132.130.233:443
compactgrill.hu

# Reference: https://twitter.com/seguridadyredes/status/1767900519094235335
# Reference: https://twitter.com/1ZRR4H/status/1767915425097044097
# Reference: https://www.virustotal.com/gui/file/387b55861b370471596725c10e55a33e82834f711aa24b01cd23a9ac9f27a721/detection

http://192.236.192.48
rahnoturkey.com
nes.cosmopeople.in
/nyhjkszpcccggjukfgnattexybnfgziizyh.txt

# Reference: https://twitter.com/k3yp0d/status/1767934844061794764
# Reference: https://www.virustotal.com/gui/file/f72cb853fcec9002c9c5fb978bc5ebcd0e6d4b86cc4a778d5fd4c2c7dc619095/detection

custompcadvisor.com

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-03-21%20FakeUpdates_IOCs

http://5.181.156.5
5.181.156.5:443

# Reference: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-03-27-IOCs-for-Google-ad-leading-to-Netsupport-RAT.txt
# Reference: https://www.virustotal.com/gui/file/9656977251436512b44027a7ae0e10b1481db5232c5588ffc36d7f8297345e33/detection

http://45.155.249.55
45.155.249.55:443
techcoredigital.com
tomuttaro.com

# Reference: https://www.virustotal.com/gui/file/f455dbcd58ae3f4ba10bfcb0357b9828774c29f3f5bc48005efd6123f46cebfb/detection

http://45.11.180.127
45.11.180.127:3120
dcnlaleanae8.com
dcnlaleanae9.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1784900827930349915
# Reference: https://twitter.com/ValidinLLC/status/1784948155051610425

arts.ghazalamini.ir
arts.spotylife.ir
cdn.ghazalamini.ir
cnwsj.2060y.workers.dev
finacial.patrickring.net
financial.patrickring.net
fl.7s9r.ir
fl.aghanima.ir
fl.aronafsharmeds.ir
fl.daryayebikaran.ir
fl.derakhtedaneshi.ir
fl.libraryriazi.ir
fl.musicbarani.ir
fl.nimartltd.ir
fl.samsungshopify.ir
flcdn.7s9r.ir
flcdn.aronafsharmeds.ir
flcdn.asbeabijoon.ir
flcdn.daryayebikaran.ir
flcdn.myoldgames.ir
flcdn.samsungshopify.ir
flcdn.youroldgames.ir
ghazalamini.ir
herkolvg.amir27386.win
hero.morphling.ir
home.morphling.ir
irc10.spotylife.ir
irc11.spotylife.ir
irc13.spotylife.ir
irc2.spotylife.ir
irc5.spotylife.ir
irc6.spotylife.ir
irc7.spotylife.ir
mrfl.morphling.ir
nimartltd.ir
smtl.spotylife.ir
srv2.spotylife.ir
sub.nimartltd.ir
testsite2023.store
wls.lbcc.workers.dev
wsj.pm
wsj.webserve.workers.dev

# Reference: https://twitter.com/JAMESWT_MHT/status/1784942910057648537
# Reference: https://www.virustotal.com/gui/ip-address/38.180.62.49/relations

babolk1.com
greekpool.com
rewilivak13.com

# Reference: https://twitter.com/crep1x/status/1786150754983575656

http://103.106.2.16
http://103.159.132.236
http://103.159.133.234
http://104.194.156.214
http://104.234.118.78
http://104.237.234.27
http://104.41.179.80
http://107.6.74.93
http://110.141.253.13
http://139.162.120.150
http://139.28.220.180
http://142.132.190.124
http://142.132.238.181
http://142.202.205.89
http://149.248.8.148
http://150.14.52.17
http://157.90.248.115
http://157.98.255.23
http://159.69.186.8
http://162.33.179.238
http://162.55.56.201
http://165.127.124.33
http://166.1.160.205
http://167.235.159.22
http://167.235.207.169
http://167.235.49.247
http://167.235.75.93
http://168.100.11.196
http://176.107.184.61
http://176.124.217.215
http://179.43.159.76
http://184.106.79.117
http://185.163.45.124
http://185.163.45.186
http://185.163.45.43
http://185.163.47.150
http://185.181.229.215
http://185.209.22.198
http://185.212.44.49
http://185.225.17.250
http://185.225.19.176
http://185.243.112.80
http://185.31.160.130
http://185.34.234.106
http://185.4.65.191
http://185.87.49.233
http://185.91.107.158
http://187.86.226.73
http://188.127.224.196
http://193.106.191.132
http://193.16.147.35
http://193.25.182.217
http://193.65.70.211
http://194.180.191.107
http://194.230.77.110
http://194.38.20.14
http://194.38.21.18
http://194.40.243.233
http://194.74.71.172
http://198.144.189.68
http://198.239.91.160
http://199.102.91.7
http://199.127.38.75
http://199.16.199.2
http://199.188.205.15
http://199.255.38.118
http://199.34.228.77
http://2.58.15.67
http://20.40.140.199
http://201.192.253.111
http://204.90.181.2
http://208.35.209.64
http://212.140.133.235
http://213.252.244.126
http://217.126.98.85
http://220.233.64.142
http://23.108.57.114
http://23.88.100.249
http://23.99.231.137
http://3.94.229.245
http://31.7.62.214
http://37.1.205.73
http://37.1.220.113
http://40.115.136.93
http://45.11.180.120
http://45.133.245.38
http://45.139.236.20
http://45.140.146.49
http://45.15.157.194
http://45.159.248.241
http://45.61.136.72
http://45.67.228.248
http://46.149.74.125
http://47.48.212.100
http://5.181.156.11
http://5.181.156.110
http://5.181.156.144
http://5.181.156.168
http://5.181.156.177
http://5.181.156.235
http://5.181.156.45
http://5.195.23.13
http://5.224.19.90
http://5.45.74.233
http://5.61.44.162
http://5.75.193.206
http://5.75.224.41
http://5.8.54.81
http://5.8.63.140
http://50.116.17.41
http://52.1.65.139
http://59.145.88.11
http://62.173.125.171
http://62.173.145.56
http://62.173.154.94
http://62.22.15.151
http://65.109.164.238
http://65.52.150.29
http://66.42.103.163
http://67.36.85.34
http://77.246.104.53
http://77.52.201.106
http://77.91.101.205
http://77.91.101.44
http://78.141.198.19
http://78.47.174.223
http://78.47.198.6
http://79.132.132.129
http://80.154.112.190
http://81.223.83.70
http://81.45.131.56
http://81.91.178.23
http://83.206.126.185
http://85.23.132.21
http://85.94.194.169
http://87.121.52.81
http://89.144.47.4
http://89.187.117.133
http://89.208.103.208
http://91.215.85.171
http://91.215.85.180
http://91.217.80.31
http://91.228.10.140
http://94.158.244.26
http://94.158.244.47
http://94.158.245.166
http://94.158.245.186
http://94.158.247.101
http://94.158.247.26
http://94.158.247.61
http://94.158.247.80
http://94.158.247.87
http://95.164.37.152
http://95.179.253.195
http://96.57.25.203
http://94.158.245.182
103.106.2.16:443
1win-a.com
claimguardgp.com
fileexchange.thyssenkrupp.com
healthcatchers.com
helpdesk.pattisonsign.com
laserexposer.de
mybmswarehouse.com
rrcs-24-227-166-90.sw.biz.rr.com
rrcs-97-79-156-184.sw.biz.rr.com
sftp.tredence.com
shares.tr.mufg.jp
vlive.vodacom.co.za

# Reference: https://x.com/suyog41/status/1793926087082389599
# Reference: https://www.virustotal.com/gui/ip-address/51.89.111.5/relations
# Reference: https://www.virustotal.com/gui/file/3ff315a489945596e594a58be67541c3a9fbbe98febfd985423d57f3bbea665e/detection
# Reference: https://www.virustotal.com/gui/file/5974347c962c2cf11a05c151440fb0741d27ae79b73d3801389be78edf373779/detection

http://51.89.111.5
51.89.111.5:1771
pbkvithtosh07.com
pbkvithtosh08.com
beliefreport.online

# Reference: https://x.com/Threat_Down/status/1800919313798537505
# Reference: https://www.virustotal.com/gui/ip-address/74.119.194.232/relations
# Reference: https://www.virustotal.com/gui/file/473dcdb2f3a7dc1695db6c8c7b0521f9509007298669125bf97a829f85eb3d4b/detection
# Reference: https://www.virustotal.com/gui/file/ea5ec5bd69cfa7597edb4572762471ebd7408a26295ea95c4e67b6e1dbba9f38/detection

http://94.158.245.103
94.158.245.103:443
goyardblue.online
psk777.casa
r6pedihosi.website

# Reference: https://x.com/JAMESWT_MHT/status/1802973030160990460
# Reference: https://app.any.run/tasks/d224ed9c-af50-4877-8776-5970dc96e017/

http://173.44.141.66
173.44.141.66:3121
dcnvahedforil31.com
dcnvahedforil38.com

# Reference: https://x.com/JAMESWT_MHT/status/1805500877081293197
# Reference: https://app.any.run/tasks/ac26a2f9-c3fe-47c9-b93c-3a198d6e7965/

http://91.202.5.209
91.202.5.209:443
nld360.com
nld360180.com

# Reference: https://x.com/malwrhunterteam/status/1806319685295546755
# Reference: https://www.virustotal.com/gui/file/63da1609061ef7c4a77d4f76e8fa2f8775f8a08320e7d83221e470f916edad1d/detection
# Reference: https://www.virustotal.com/gui/file/3828c533000b04734fe9772c4651deb619cfbf84fb1464f1d2122a53dfb56d83/detection
# Reference: https://www.virustotal.com/gui/file/048efbaf310a62e02f180b26cb8cb2f8c8c2286f6dad126a78467c81e5173899/detection

http://77.238.233.175
77.238.233.175:443

# Reference: https://x.com/JAMESWT_MHT/status/1810573140751176178
# Reference: https://app.any.run/tasks/35f89c70-db1a-4771-8a57-e1cea88c35f5/

45.11.59.217:443

# Reference: https://x.com/silentpush/status/1811079662518382739
# Reference: https://www.silentpush.com/blog/fin7/

166.88.159.37:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv

http://210.249.114.153
http://210.249.114.154
101.108.13.204:7443
101.108.135.200:7443
103.159.133.234:25661
107.22.165.49:443
109.195.102.70:443
109.195.124.16:3321
110.13.35.37:443
120.25.239.36:443
168.119.132.233:443
178.124.152.84:8443
178.188.188.211:5500
178.188.188.212:5500
178.188.188.213:5500
179.159.167.251:3085
179.49.112.238:3085
179.95.122.211:9990
181.116.72.52:5609
181.167.199.179:5603
181.4.0.8:9000
183.96.100.53:443
185.11.51.242:4433
185.23.192.33:444
185.243.112.80:12521
185.83.148.30:3085
186.0.139.220:443
186.0.139.220:444
186.225.10.251:3085
186.236.112.114:3085
189.115.194.186:9990
189.203.156.164:3085
190.210.247.1:5909
191.242.219.204:9990
193.19.242.55:1443
195.16.128.11:3085
195.245.189.240:443
196.117.5.252:443
196.127.164.213:443
198.244.197.118:9443
2.136.235.200:3085
2.139.253.110:3085
2.58.15.67:25661
20.105.139.205:443
200.116.185.173:3085
200.152.101.176:9090
200.180.67.154:9444
200.243.0.50:443
203.157.208.2:3085
206.210.123.104:8888
210.249.114.153:443
210.249.114.154:443
212.170.14.98:443
212.231.195.19:3085
212.55.27.214:3085
213.149.181.121:469
23.24.178.33:3085
23.24.178.35:3085
40.85.218.196:59595
41.142.248.254:443
5.236.37.121:443
61.96.204.117:443
62.119.81.101:58573
62.156.170.137:1111
62.157.233.146:5555
82.71.120.166:443
83.48.66.207:3085
84.28.36.114:443
86.53.241.21:447
88.17.122.156:443
88.17.27.121:443
91.196.170.88:5555
92.186.214.11:3085
92.187.191.119:3085
93.188.122.139:4433
93.198.179.203:81
93.198.180.127:81
93.232.107.227:81
93.232.107.227:82
93.232.108.46:81
95.189.100.119:443

# Reference: https://www.virustotal.com/gui/file/b73f5ec0edd2b9aa57244e524b327db0f27f89d15433f9a0fca45f33ea3a6a18/detection

http://194.180.191.69
194.180.191.69:443

# Reference: https://x.com/malwrhunterteam/status/1817959103282692598
# Reference: https://www.virustotal.com/gui/file/5b2c19c32d0a4725f4d5057bab96ebc00a60774926c04daa451f628677762603/detection

http://5.181.156.26
5.181.156.26:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-03)

178.188.188.210:5500
189.168.203.234:443
196.117.164.141:443
206.210.123.104:8889
79.239.99.165:65385
84.154.179.217:81

# Reference: https://x.com/CyberRaiju/status/1821486680290861521
# Reference: https://x.com/CyberRaiju/status/1821486689186922844
# Reference: https://www.virustotal.com/gui/file/4be1f385cb4c1bc4d055568807a8d632c0e550184817fcdb602d1a75134336f9/detection

http://194.180.191.32
194.180.191.32:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-18)

http://104.250.238.120
122.99.131.253:443
130.164.171.194:443
167.86.160.188:443
178.188.188.214:5500
190.231.88.140:5609
191.242.219.160:9990
37.74.45.12:443
79.241.107.168:82
88.211.117.186:3085
89.130.137.6:3085
90.173.96.4:3085
93.232.97.216:82

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-08-18)

157.173.210.213:443
173.46.80.233:443
194.180.191.183:443
45.11.59.216:443
45.82.84.13:443
5.181.159.28:443
91.222.175.247:443
94.232.42.28:443

# Reference: https://x.com/pollo290987/status/1825769268354417144
# Reference: https://www.virustotal.com/gui/file/347c7a6cf37657f08e2c4cf3606edb4b183ccf256830917159f665489091ff26/detection
# Reference: https://www.virustotal.com/gui/file/5108c65ba3d5e5e529a342f5b105a7b11a66d1a097bd191169eaf46acee8358d/detection
# Reference: https://www.virustotal.com/gui/file/72ae89edb920e6a7dbf5c9b02dd60028318273c10d8ebe62b2bc0e3fbe462c98/detection
# Reference: https://www.virustotal.com/gui/file/9866d79a4565b247956540e85a639715b8b6de0485bc412444b4c119ef1c7a5c/detection

fossilbay.net
khertz.net
mujerymadre.org
staradeal.com
vissalia.me
/4ftdjoe9sj4jswmtcrjo77mbnwm2pyzq/avatar.webp
/cutonw43pexve2jpbuzjijyoib2buumd/avatar.webp
/g28j2itwo6y0joruhzfcq8i3snymtpu4/avatar.webp
/om9qkcoqbwd25kzgyc5fmh3gfv4955gg/avatar.webp
/viq2a62nt3u1ox5i5d0nkn8c4plqjb92/avatar.webp
/4ftdjoe9sj4jswmtcrjo77mbnwm2pyzq/
/cutonw43pexve2jpbuzjijyoib2buumd/
/g28j2itwo6y0joruhzfcq8i3snymtpu4/
/om9qkcoqbwd25kzgyc5fmh3gfv4955gg/
/viq2a62nt3u1ox5i5d0nkn8c4plqjb92/

# Reference: https://x.com/r3dbU7z/status/1827345358181052509
# Reference: https://www.virustotal.com/gui/file/82956b9e19565685a9c1fdaeea5e77643f2486df5ecd5f7c79bb4f772fd19ac3/detection

mysecureserveronlinefolder.com
hulolawyo199jestie01.duckdns.org
hulolawyo199jestie02.duckdns.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-08-24)

101.108.9.24:7443
189.133.140.188:443
62.119.81.149:58573
62.119.81.74:58573
93.198.189.5:81

# Reference: https://x.com/silentpush_labs/status/1831716500597809506
# Reference: https://www.virustotal.com/gui/file/0dc3a40e9f726f18e3ebac92ee5944d9c12b2ee71252f2b711434c3628877ca1/detection

http://194.180.191.183
194.180.191.183:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-08)

130.164.171.81:443
179.95.173.13:9990

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2024-09-08)

166.88.159.187:443
172.208.117.89:443
5.181.159.137:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-14)

101.108.253.7:7443
179.95.202.160:9990
187.173.200.31:443

# Reference: https://x.com/smica83/status/1835971412588208440
# Reference: https://x.com/JAMESWT_MHT/status/1835980550613459316
# Reference: https://www.virustotal.com/gui/file/3d0838ea4a847f62ef9ef3f14289d119e06837538152e787ba1a1c57e4e7bf2b/detection
# Reference: https://www.virustotal.com/gui/file/a3cdd57cf75f0e1eeaf4f0d46acb509799629dfa05be139707baf164260c4be2/detection

juchesoviet48.com
taurihostmetrics.com
trustgiron.com
trustgiron3332.com
wiresapplication.com

# Reference: https://www.virustotal.com/gui/file/ad5c03186f34fe73b386fe0c08f34620953753f6575ddf111556cdf2dc9b6f2c/detection

http://95.164.115.224
95.164.115.224:2080
barsukenotikejik.com
enotikkrolikzayac.com
update-ledger.net

# Reference: https://app.validin.com/detail?type=ip&find=91.208.127.61#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/1629e330badb4eac4694f7bd7418544737d6aa434c2e941584fb80ce4137a522/detection

http://91.208.127.61
91.208.127.61:2080
ghub-application.top
obs-studio.ltd
tablebusiness.us

# Reference: https://www.virustotal.com/gui/file/03f48716ab05974447b0eac981b623388c365059b76b2efc64278a15248814a2/detection

http://162.33.178.156
162.33.178.156:3122
amnahuseta19.com

# Reference: https://www.virustotal.com/gui/file/850f464e8c0fc382d8c597c1c6f3d4ccc74498176e2302b94c850f8235c658b3/detection

http://37.1.209.225
37.1.209.225:443
armayalitim.com
mlm-cdn.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-09-22)

189.115.194.189:9990
196.127.51.182:443

# Reference: https://www.proofpoint.com/au/blog/threat-insight/clipboard-compromise-powershell-self-pwn

cdn3535.shop

# Reference: https://x.com/JAMESWT_MHT/status/1842217911680741377
# Reference: https://app.any.run/tasks/c58bddb9-7664-41da-9886-55cb3f60c440
# Reference: https://www.virustotal.com/gui/file/1b63f83f06dbd9125a6983a36e0dbd64026bb4f535e97c5df67c1563d91eff89/detection

http://166.88.159.37
166.88.159.37:443

# Reference: https://www.virustotal.com/gui/ip-address/37.10.71.155/relations

bretvenyzer17.com
dcaiergewas10.com
dcorismeng19.com
dfaiernewa21.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-10-13)

101.109.165.137:7443
167.86.135.144:443
179.95.125.28:9990
179.95.163.195:9990
79.241.100.193:81
83.49.208.110:443
84.154.176.61:81
93.232.100.4:81

# Reference: https://x.com/JAMESWT_MHT/status/1851560595830546448
# Reference: https://www.virustotal.com/gui/file/164442f00f7c9fa2e5b279d8d16fc3b29bf6dcda098d25f530573f4a3ff30169/detection

http://91.149.232.112
91.149.232.112:443

# Reference: https://x.com/joe4security/status/1851914797350019510
# Reference: https://www.joesandbox.com/analysis/1545769/0/html#deviceScreen
# Reference: https://www.virustotal.com/gui/file/9431c7d585f31d959ca97d5955a9ec2c83f51b379de0b89c3d74f64c1e288f46/detection

http://92.255.85.135
92.255.85.135:443

# Reference: https://x.com/JAMESWT_MHT/status/1852321885817585873

anyhowdo.com
payiki.com

# Reference: https://x.com/JAMESWT_MHT/status/1852400677198127494

mylandez.com
ponycon2015.com

# Reference: https://x.com/crep1x/status/1853503474278842601
# Reference: https://tria.ge/241104-wgv18atmaz/behavioral2

147.45.198.18:9999
aholicist.duckdns.org

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-30day.csv (# 2024-11-10)

101.108.0.93:7443
101.108.98.173:7443
102.96.170.169:443
102.96.189.23:443
13.208.181.93:7001
130.164.181.123:443
167.86.142.20:443
18.218.60.255:14265
190.231.88.140:5604
203.157.208.4:3085
34.221.83.22:50580
43.201.247.139:28015
52.53.231.243:51500
79.241.103.139:82
83.49.214.212:443
84.154.190.205:81
88.17.123.100:443

# Reference: https://x.com/banthisguy9349/status/1847199289413378463
# Reference: https://x.com/SquiblydooBlog/status/1856415307658670246
# Reference: https://x.com/JAMESWT_MHT/status/1856427660034859486
# Reference: https://tria.ge/241112-v59c3sxfnl/behavioral1
# Reference: https://www.virustotal.com/gui/file/52728ffbb20c4e3125756e22a0032e7441c8ddf71aafb0aa2f7bec63aa64382a/detection

fusion-avto.com
fusion2-avto3.com
gailsacademy.com
gatugo.com

# Reference: https://x.com/JAMESWT_MHT/status/1859987588494590175
# Reference: https://www.virustotal.com/gui/file/6334dcc67ba20c70ee65184dcb7f4fb19d38cf27e8e08904a8d51daf85f4c038/detection

http://194.180.191.64
194.180.191.64:443

# Reference: https://x.com/JAMESWT_MHT/status/1861353397108023341
# Reference: https://www.virustotal.com/gui/ip-address/176.126.113.166/relations
# Reference: https://www.virustotal.com/gui/file/484c7f54d1b5a6fbbb5cbcf0a01a3b7b9ddb77a7bfbd859cf68bb29b686db80c/detection
# Reference: https://www.virustotal.com/gui/file/49f4e7cdd3716a8e33a6659daa709606a4d74ae84525fa395efd8687f7e9d2ae/detection

185.170.144.66:1773
okolinabeauty.com
etsy.okolinabeauty.com
megaeth1337.duckdns.org

# Reference: https://x.com/JAMESWT_MHT/status/1861366216268435620
# Reference: https://www.virustotal.com/gui/file/25d923a04b40403fdf337be6a6fe6dbd6f84bf4e1897ba09573661f73827a800/detection

http://94.232.43.219
94.232.43.219:443
kokachi.com
kokachi334.com

# Reference: https://x.com/g0njxa/status/1861756602803433643
# Reference: https://app.any.run/tasks/9d7e8ad2-1d9f-4066-9fab-2bf431206699

http://65.108.223.245
65.108.223.245:443
marocohra.com
marocohra332211.com

# Reference: https://x.com/malwrhunterteam/status/1862240848768811306
# Reference: https://www.virustotal.com/gui/file/e71581382e5f6148f535c92380999fc2ab91786c32ba6c1debb13f2a68accb3c/detection

patbunn.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2024-12-15)

101.108.7.62:7443
102.96.170.201:443
125.24.11.192:7443
13.125.222.217:35554
13.201.73.114:55922
13.212.17.251:8159
13.246.43.102:5360
13.56.182.170:50580
13.56.182.170:8130
13.60.91.16:3390
13.60.91.16:9090
143.92.185.180:443
15.168.9.197:4444
167.86.160.57:443
179.95.120.66:9990
179.95.198.146:9990
18.134.13.141:7170
18.140.198.129:33343
18.140.234.254:30005
18.140.234.254:51005
18.183.47.77:46862
18.224.108.120:3585
181.116.72.52:5802
3.123.27.44:12594
3.34.182.155:11112
3.38.213.230:49152
3.38.213.230:5902
3.99.184.10:18333
35.166.46.121:2380
44.202.65.39:49319
54.144.68.137:40780
54.199.213.149:623
54.236.228.148:2077
72.11.148.132:443
84.154.185.157:81
88.17.25.237:443
93.232.107.170:81
93.232.96.63:81

# Reference: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
# Reference: https://otx.alienvault.com/pulse/63fcc40dc61f21260d830fdb

neashell1.com
neashell2.com
she32rn2.com
shetrn1.com
shetrn2.com

# Reference: https://x.com/JAMESWT_MHT/status/1866398847595151363
# Reference: https://www.virustotal.com/gui/file/20d55ad0b67bc671cc9e4507f0d1cf24c59dbc1e9877d2c03ba3e66aa44bcd41/detection
# Reference: https://www.virustotal.com/gui/file/6ba3976f8956dceb2903dc89b9b66c3d81ceb93566b6244b58c4929a454815c0/detection

45.140.17.15:3785
91.201.112.10:3785
cycleconf.com
ganeres1.com
ganeres2.com

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-02)

102.96.189.112:443
125.24.166.105:7443
13.115.118.250:9042
13.125.57.105:2762
13.231.139.33:9301
13.231.253.174:59179
13.244.61.79:50001
13.245.117.198:10328
13.246.11.167:4730
13.37.247.161:18084
13.38.19.250:443
13.38.49.150:32995
13.38.65.151:8088
13.40.105.76:888
13.48.84.127:51381
130.164.138.166:443
15.168.144.229:8008
15.236.123.155:3128
15.237.132.145:2095
16.16.26.11:3389
18.130.15.97:1521
18.159.141.158:37036
18.193.3.69:2281
18.193.3.69:5222
18.201.102.245:55410
18.228.30.250:3390
3.106.183.189:5938
3.11.80.137:20256
3.123.228.130:9042
3.145.146.142:41146
3.15.238.173:16339
3.26.31.73:18245
3.26.42.181:47929
3.27.91.209:6719
3.38.211.194:2077
3.78.220.221:2086
35.178.190.68:5222
35.179.177.158:7001
35.181.5.63:28080
35.183.18.22:6846
35.183.246.10:53765
35.77.221.213:389
35.78.206.123:35857
35.85.152.199:623
35.85.152.199:8773
35.91.252.200:135
35.95.118.9:49502
43.202.32.43:5000
43.207.32.128:119
44.192.128.61:47877
47.129.103.18:24961
51.17.112.90:9142
52.10.174.127:49127
52.16.157.89:2086
52.208.190.176:49833
52.87.173.188:23894
54.170.214.24:5984
54.178.62.54:6713
54.186.30.8:623
54.206.65.193:83
54.233.192.91:1911
54.244.190.244:2086
54.252.216.128:8389
54.69.63.53:2404
54.71.6.246:22011
54.75.221.101:1098
54.78.191.125:2096
54.94.110.132:33634
54.94.110.132:53134
84.154.178.61:81
84.154.178.61:82
93.232.105.202:81

# Reference: https://x.com/skocherhan/status/1876396484142174274

35.91.57.41:5172

# Reference: https://x.com/skocherhan/status/1879217959157273085

http://185.157.213.71
http://45.155.249.215

# Reference: https://x.com/JAMESWT_MHT/status/1879881417334858172
# Reference: https://app.validin.com/detail?find=185.33.87.199&type=ip4&ref_id=2223fde8ecd#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/0138ecffbf3d9c954bc9f14b75f7533ea6be3dca621bfe1fee165b00adfb557b/detection

http://194.180.191.24
194.180.191.24:443
luoli8.life
pablogutierrez.life
possi8le.life

# Reference: https://x.com/ffforward/status/1879889672392040846
# Reference: https://www.virustotal.com/gui/file/8125ef032eadfc547bcdd2e311a1d4e2cb33e0383c3ac2d8eb40c43bc6d11634/detection

http://176.10.125.96
176.10.125.96:443
adpanels.net

# Reference: https://x.com/neonprimetime/status/1879929436671504628
# Reference: https://neonprimetime.blogspot.com/2025/01/cloudlfare-captcha-netsupport-rat.html

eiesoft.com
hardcorelegends.com
guidemytax.com

# Reference: https://x.com/JAMESWT_MHT/status/1881335595655729349
# Reference: https://app.any.run/tasks/96408e3d-2cd2-4aef-a924-fcab83e43936
# Reference: https://www.virustotal.com/gui/file/03805934b45114b1744a179b66f96288a50a2364b42533ac5f1ef08fb36a0449/detection

http://147.45.44.200
147.45.44.255:443

# Reference: https://raw.githubusercontent.com/drb-ra/C2IntelFeeds/refs/heads/master/feeds/unverified/IPPortC2s-90day.csv (# 2025-01-20)

102.100.55.41:443
102.96.170.178:443
102.96.171.124:443
102.96.215.117:443
13.203.156.41:18084
13.208.209.19:3000
13.208.209.19:40600
13.208.209.19:5900
13.208.43.151:503
13.214.178.210:554
13.245.198.21:2443
13.247.213.233:1098
13.36.240.203:9142
13.38.28.128:4567
130.164.189.158:443
143.92.166.75:443
15.152.31.8:2003
15.156.194.143:2096
15.168.237.174:6451
15.188.76.53:40922
15.223.121.79:6720
15.236.55.38:1616
15.237.27.113:179
16.171.234.49:2077
167.86.165.174:443
179.95.199.110:9990
18.118.18.234:21
18.132.213.43:6881
18.144.53.225:104
18.175.181.75:13610
18.182.48.253:17778
18.183.54.182:4242
18.191.204.120:995
18.193.7.241:2080
18.200.191.216:1433
18.202.197.17:5903
192.52.167.140:443
204.236.180.179:26141
210.249.114.153:80
210.249.114.154:80
3.106.250.133:135
3.107.10.187:54254
3.111.34.33:19556
3.111.34.33:20256
3.128.76.125:10258
3.26.9.179:3260
3.27.150.236:31199
3.35.229.88:28015
3.39.223.58:831
3.69.19.106:1244
3.69.19.106:18244
3.70.183.47:2
3.88.194.54:4443
3.88.195.76:788
3.99.192.92:50260
34.215.168.199:6513
34.245.83.74:1962
34.245.83.74:41812
35.159.235.132:694
35.180.125.212:26009
35.183.121.254:18245
35.183.128.122:2000
35.183.128.122:58000
35.183.128.122:5900
35.76.114.8:56549
35.78.190.249:6443
35.87.123.60:50949
43.201.0.57:3000
43.203.202.155:17778
43.204.216.189:18082
43.206.116.52:44818
43.207.219.203:58603
47.129.118.237:37558
52.38.129.113:27637
52.67.181.124:2
54.161.69.90:35199
54.199.8.237:1311
54.202.8.211:17777
54.202.8.211:55177
54.203.151.9:7134
54.206.84.49:2455
54.206.84.49:51005
54.207.116.209:10258
54.207.116.209:8008
54.238.225.137:8000
65.0.71.79:8088
79.241.96.94:82
79.241.99.57:82
84.154.181.109:81
84.154.190.18:82
99.79.51.92:45954

# Reference: https://x.com/James_inthe_box/status/1882191777689752015

http://95.179.158.213
95.179.158.213:443

# Reference: https://x.com/skocherhan/status/1882598887199789305

http://5.10.250.240
http://5.181.159.111
http://88.218.62.153
5.10.250.240:443
5.181.159.111:443
5.181.159.13:443
67.36.85.34:443
88.218.62.153:443
95.179.150.54:443
95.179.189.207:443

# Reference: https://x.com/miltinh0c/status/1881780237043966111
# Reference: https://www.virustotal.com/gui/file/3d0d2e0348fd6330be4a3300f415064b39dff2c60ed94d948d85738fe027d0e3/detection
# Reference: https://www.virustotal.com/gui/file/6e645cccd9b23a01622a7bed9aaa5c3c78a5840066d246af8ee15fe20c846e78/detection

185.149.146.153:9999
gemini-desktop.com
lordxg.net

# Reference: https://x.com/skocherhan/status/1883335978510925908
# Reference: https://www.virustotal.com/gui/file/fa270fba735e978736082287a7b3bf504d4424886a2c820aff0a90c7a905103a/detection
# Reference: https://www.virustotal.com/gui/file/ea210e18ae549d36e5f8386affe84061cc5f4f9518479feee4868c3533559866/detection
# Reference: https://www.virustotal.com/gui/file/c274d849d3bf25f38f966e07fb1dca7e421040902c38eb594e196a2b69320789/detection
# Reference: https://www.virustotal.com/gui/file/490ca0c3f440c86afecfebcfdbdc368d5667bf8adaf99e46227d90b9085d07cc/detection

http://45.92.179.245
http://46.8.233.62
45.92.179.245:1644
5.10.250.240:1644
semorahisnd32.com
semorahisnd34.com

# Reference: https://x.com/JAMESWT_MHT/status/1884169796784382238
# Reference: https://www.virustotal.com/gui/file/cf604ce7940c1250b5910b03a73bedd7eca263245848e7cbbcea86b956362362/detection
# Reference: https://www.virustotal.com/gui/file/dc6a52ad6d637eb407cc060e98dfeedcca1167e7f62688fb1c18580dd1d05747/detection
# Reference: https://www.virustotal.com/gui/file/18f8f49577a8a0aca2c719acac0e5fc2d3265da0aa34e165811f4e9e03bcf945/detection

http://101.99.91.153
http://111.90.148.177
111.90.148.177:443

# Reference: https://www.virustotal.com/gui/file/3ad08b08d5e23538fd188a442471944f09f6599a795dafa98619e0a96f9d4cdd/detection

http://101.99.75.232
http://5.181.158.24
5.181.158.24:443

# Reference: https://x.com/JAMESWT_MHT/status/1887135842478489685
# Reference: https://www.virustotal.com/gui/file/78e1e350aa5525669f85e6972150b679d489a3787b6522f278ab40ea978dd65d/detection

http://91.222.173.67
91.222.173.67:443
monagpt.com
mtsalesfunnel.com

# Reference: https://www.team-cymru.com/post/tracing-the-path-from-smartapesg-to-netsupport-rat

194.31.109.74:2552
194.31.109.74:443
194.31.189.74:2552
194.31.189.74:443
45.140.146.49:447
45.67.35.101:443
45.8.145.132:447
5.181.157.69:1500
5.181.157.69:3389
5.181.157.69:443
5.181.157.69:5985
5.181.158.15:1500
5.181.158.15:3389
5.181.158.15:443
5.181.158.15:5985
5.181.159.113:443
77.91.101.205:447
77.91.101.44:447
91.228.10.140:443
95.164.37.152:443
23mtkro.cn
allenew1.com
asdgelvasd.icu
asdsrjhegrhj.xyz
comparegjs.com
dgdsrzzw45tg.cn
dsfygfnb3.icu
dvtrstrhdbcvbxr.xyz
e3ubj753ifg.xyz
fdoshbjdo.icu
fufvnasie.icu
gfu6nfmgnm86gm.xyz
isaydiuaysoidalkspw.com
jkhmzxvidfyidu.xyz
mgsubneu4hgba.xyz
mixuvvvjsurub.cn
msguguudfh4.xyz
nfdsnvuusds7d64jg.cn
recsfgsfxvdgr.xyz
ruhvsvya.icu
safvyhgdrsdfhd.xyz
sasygzsu4zusaty.cn
scheduleyaraupd2.cn
sdgn446yhd.cn
sevndgkhkidgr.xyz
sidfbuz8egozs.cn
ssdghgrehndx.cn
tripdsbeacgsa43wes.xyz
u4snvsrtvlrui.xyz
u55fbwiubyuere.xyz
usjnvovoo4.net
zjdhduv.com
zytjbgev.icu

# Reference: https://www.esentire.com/security-advisories/netsupport-rat-clickfix-distribution

fbinter.com
incomputersolutions.com
mellittler.com

# Reference: https://x.com/JAMESWT_MHT/status/1892413493636157777

http://194.180.191.229
194.180.191.229:443
poormet.com

# Reference: https://x.com/skocherhan/status/1899655047698370920

http://185.149.146.151
http://193.233.113.70
193.233.113.70:1488
gmglobal-links.info
ilovedogandcatsandallanimals.top

# Reference: https://x.com/JAMESWT_MHT/status/1902987618469495001
# Reference: https://www.virustotal.com/gui/file/76f0b30a1d93469ab744ac81a2f9f96f180e5df964189d3f9b71aef2673dff46/detection

http://45.76.36.132
45.76.36.132:5555
hoormantop.com

# Reference: https://x.com/malwrhunterteam/status/1903007034670207385
# Reference: https://www.virustotal.com/gui/file/5afc9b30c522545344b315c66f210f789bd0b54ad01617a6291feef466e89a7c/detection

http://162.19.130.138
162.19.130.138:9164

# Reference: https://x.com/JAMESWT_MHT/status/1902698334285906171
# Reference: https://app.any.run/tasks/a649a405-bb3a-47c6-89fe-21f1d42053a2
# Reference: https://www.virustotal.com/gui/file/4f0799fcfa27ca1c4aea0d1bd15e7c240176715746cea9d3f7ba856f05dbf6d8/detection

meet-join.us
google.meet-join.us

# Reference: https://www.virustotal.com/gui/file/56b8dd3d3f315fdc2535ab39cce142a56244fc67b2e9559f2422865f5daa6009/detection
# Reference: https://www.virustotal.com/gui/file/9453b16376d96ca318624bde0e9bda5a75cacecdc58380e67d714c64bfcb14a6/detection
# Reference: https://www.virustotal.com/gui/file/f236c96da2f63c74c3ed16a5d9691856f0b9b51eee8990baa146bb15c021598a/detection

http://82.115.223.231
82.115.223.231:9999
z1n1tsu.duckdns.org

# Reference: https://x.com/malware_traffic/status/1904987561686188255
# Reference: https://x.com/JAMESWT_MHT/status/1905269383984746790
# Reference: https://www.virustotal.com/gui/file/3d725d512aec4e8708884334c7f180b7d071da8560ba49c2836fc6acb726afa6/detection
# Reference: https://www.virustotal.com/gui/file/4c048169e303dc3438e53e5abdec31b45b5184f05dc6d1bc39e18caa0e4a3f3e/detection
# Reference: https://www.virustotal.com/gui/file/43f97072c151dab7cbfb366c1832d475e959577cf71d583d2733d74d8bf6c90d/detection

http://194.180.191.168
194.180.191.168:443
alcmz.top
directoryframework.top
layardrama21.top

# Reference: https://x.com/malwrhunterteam/status/1908088318010507521
# Reference: https://www.virustotal.com/gui/file/ee19619f5334370fdcf2d6655d13ef6fedddbb6e358588974bdfea4f33abd7e4/detection

http://194.180.191.51
194.180.191.51:443
covaticonstructioncorp.shop

# Reference: https://x.com/malwrhunterteam/status/1909704612489093507
# Reference: https://www.virustotal.com/gui/file/76df8e9e0398bc3cac82bf59a15f73957c4c09d8256e6e8450ab0049ed52c961/detection

http://216.245.184.37
216.245.184.37:443

# Reference: https://x.com/DaveLikesMalwre/status/1911786619201335599
# Reference: https://x.com/JAMESWT_WT/status/1911831278866792671
# Reference: https://app.validin.com/detail?type=dom&find=tribunrtp.com#tab=host_pairs (# 2025-04-14)
# Reference: https://www.virustotal.com/gui/file/5342fa80b4f8f983322e8932819ef6037f837b93719a77f06f48d4a6eb7b17f8/detection
# Reference: https://www.virustotal.com/gui/file/b9419fedcfe948ceb92114a47a1acabe3096827cc88e871081da757f430acd32/detection

http://176.10.125.37
176.10.125.37:443
esmarket.net
garudartp.xyz
infopilot-rtp.xyz
mail.rtpgamepilot.xyz
mail.trikmainpilot.xyz
pastipilot77.xyz
pilot77-rtp.com
polapatenpilot.xyz
remote.xrtv.net
rj.tradingvie.sbs
rtpgamepilot.xyz
rtpserbaguna.xyz
tradiingview-zh.com
tradingvie.cfd
tradingvie.sbs
tradingview-token-calims.pages.dev
tradingview-zh-cn.com
tradingviewdownloads.mcmeda.com
tradingviewzh-cn.com
tradlngview-desktop.biz
tradlngvlewdesktop.icu
trding-view-zh.us
tribunrtp.com
trikmainpilot.xyz
xrtv.net

# Reference: https://x.com/JAMESWT_WT/status/1911848010692108367
# Reference: https://www.virustotal.com/gui/file/5b29530a97c26171c60844fac181ffeea81e457e8de12dbc6234498324598fa4/detection
# Reference: https://www.virustotal.com/gui/file/e31dd4211373485ded55acd393d24f1e5ac0fd6118e52d6608c303665bee7164/detection

http://176.10.111.106
http://65.109.65.153
176.10.111.106:443
65.109.65.153:443
edbeat.net
fans-web.net
glona.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.netsupportmanager_rat/ (# 2025-04-27)

http://147.45.44.255
http://192.52.167.140
http://94.158.244.118
100.27.205.78:21301
100.27.33.179:18946
101.108.107.97:7443
101.108.135.165:7443
101.108.149.199:7443
101.108.71.54:7443
101.109.237.106:7443
101.99.94.199:3156
102.100.54.130:443
102.100.55.52:443
102.100.55.72:443
102.100.73.159:443
102.100.73.234:443
102.96.148.166:443
102.96.170.59:443
102.96.189.137:443
102.96.215.23:443
111.229.194.121:9088
112.132.215.186:9088
118.122.8.154:10042
118.122.8.154:35100
118.122.8.154:8139
118.122.8.155:12571
118.122.8.221:1833
118.174.155.155:7443
119.206.8.161:6001
121.141.37.193:6000
121.141.37.193:6001
121.89.205.206:60129
125.24.175.85:7443
125.24.5.72:7443
125.25.107.91:7443
125.25.109.91:7443
13.125.181.205:4841
13.125.230.160:9300
13.125.238.218:587
13.125.52.28:4730
13.125.59.142:46342
13.125.69.10:3306
13.125.69.10:4506
13.125.80.32:4730
13.126.245.58:101
13.126.245.58:2701
13.126.245.58:9301
13.201.194.125:50000
13.203.159.2:47130
13.203.159.2:4730
13.203.210.189:2082
13.203.232.69:2052
13.208.113.115:103
13.208.125.136:44158
13.208.127.239:14265
13.208.134.191:593
13.208.161.251:2181
13.208.164.192:8010
13.208.165.189:4746
13.208.166.13:101
13.208.169.228:10260
13.208.172.53:2570
13.208.172.53:70
13.208.181.173:46174
13.208.241.42:18082
13.208.243.209:41849
13.208.245.242:46201
13.208.252.170:1961
13.208.71.18:49331
13.210.188.96:22556
13.211.233.30:2154
13.212.169.131:29745
13.214.134.78:8159
13.214.141.247:5432
13.214.145.72:9090
13.214.172.236:12000
13.214.182.18:5984
13.214.187.174:6002
13.214.188.109:44158
13.214.201.99:1098
13.231.249.197:22305
13.232.126.176:636
13.232.216.139:13919
13.232.216.28:37420
13.232.63.191:4321
13.233.80.253:3796
13.244.157.101:60000
13.244.66.40:81
13.244.67.163:4242
13.244.87.214:6006
13.244.98.6:11112
13.244.98.71:513
13.245.117.46:19999
13.245.230.214:9201
13.245.230.73:6462
13.246.194.171:6443
13.246.3.184:2403
13.246.38.200:32773
13.246.39.244:6005
13.246.40.30:1961
13.247.183.109:2086
13.247.185.225:465
13.247.185.57:11
13.247.224.115:28103
13.247.238.154:9936
13.247.88.111:1599
13.247.98.57:53073
13.247.98.57:623
13.251.129.97:443
13.251.129.9:2079
13.251.44.61:6667
13.37.229.171:14147
13.37.236.177:52959
13.37.237.41:3260
13.37.238.216:5985
13.37.251.2:12000
13.38.106.188:10261
13.38.11.108:88
13.38.11.108:8888
13.38.112.168:82
13.38.122.42:51235
13.38.39.242:7001
13.38.4.197:18245
13.38.67.75:6667
13.40.103.201:2456
13.40.105.17:8089
13.40.111.214:8008
13.40.156.106:113
13.40.161.1:8081
13.40.37.82:21
13.48.106.14:831
13.48.190.228:5938
13.48.190.228:888
13.48.26.102:4369
13.51.167.241:9142
13.51.6.197:42217
13.51.6.197:6667
13.53.125.0:42690
13.53.216.242:2376
13.53.216.242:9876
13.54.174.201:4336
13.56.159.44:5858
13.56.182.60:8037
13.56.252.22:5060
13.56.254.234:8013
13.57.217.123:32107
13.58.63.224:902
13.60.200.38:50805
13.60.212.91:56358
13.60.238.152:17778
13.60.93.51:9876
13.61.151.92:37
13.61.16.132:44818
130.164.148.61:443
130.164.163.76:443
130.164.164.111:443
130.164.172.59:443
130.164.188.187:443
136.144.163.253:9312
137.117.193.178:6000
138.201.174.58:12444
139.64.51.82:443
139.64.59.135:443
14.38.220.251:6001
140.143.185.160:8771
142.161.78.123:2379
147.142.181.240:6000
147.45.44.200:443
15.152.30.143:1224
15.152.34.157:221
15.152.42.175:15443
15.152.42.175:49943
15.152.42.175:6443
15.156.204.223:1521
15.156.207.217:20546
15.157.60.72:44818
15.157.62.240:33332
15.164.245.43:6008
15.168.15.67:35203
15.168.15.67:35753
15.168.164.74:11102
15.168.164.74:2
15.168.239.40:4444
15.188.185.232:7001
15.188.232.5:51200
15.188.76.86:101
15.206.128.233:9317
15.206.170.157:2454
15.206.89.42:40374
15.207.247.17:58603
15.222.13.226:9201
15.222.7.86:14125
15.223.175.114:1414
15.228.201.119:54284
15.228.201.119:5984
15.228.222.15:21785
15.228.237.18:88
15.236.202.202:1024
15.236.210.224:9201
15.236.90.232:771
15.237.109.110:19
15.237.149.167:21997
15.237.41.135:5902
15.237.45.6:17778
15.237.57.60:8080
15.237.57.60:830
154.42.164.142:6000
154.42.164.142:6001
16.16.201.2:28337
16.170.162.146:83
16.171.47.201:11103
167.86.160.250:443
167.86.161.92:443
167.86.172.29:443
167.86.174.240:443
167.86.190.189:443
174.77.180.50:8540
174.77.180.50:8574
174.77.180.50:8590
174.77.180.50:8591
176.82.138.228:6000
176.82.171.71:6001
176.82.192.80:6000
176.82.209.133:6000
176.82.214.16:6000
176.82.217.48:6001
179.95.123.112:9990
179.95.123.126:9990
179.95.170.82:9990
179.95.173.137:9990
179.95.195.165:9990
179.95.197.65:9990
179.95.205.120:9990
18.116.20.64:4839
18.116.31.108:3260
18.117.140.15:2455
18.117.81.88:2628
18.118.185.207:14000
18.118.185.207:7000
18.118.47.63:4840
18.119.101.156:11000
18.130.223.107:7171
18.132.193.183:20547
18.133.140.136:15
18.133.141.67:12603
18.133.141.67:52603
18.133.141.67:58603
18.133.185.32:35000
18.134.10.192:2082
18.138.230.180:41964
18.144.12.35:10252
18.144.20.237:54443
18.144.58.41:2404
18.153.12.108:15443
18.156.77.132:2000
18.156.77.132:51200
18.157.182.192:21280
18.157.182.192:50580
18.157.182.192:8080
18.157.182.192:8880
18.170.115.178:20548
18.171.214.155:501
18.171.227.60:40000
18.171.227.60:9200
18.175.244.54:888
18.175.244.54:8888
18.175.51.61:4841
18.175.51.61:591
18.175.56.117:17450
18.175.56.117:250
18.175.56.117:60000
18.179.43.144:8085
18.182.2.140:5873
18.183.153.54:20546
18.185.239.0:2086
18.185.239.0:27236
18.185.33.50:4841
18.192.183.122:102
18.193.6.217:4433
18.195.207.4:8000
18.196.250.35:52200
18.196.250.35:60000
18.196.250.35:8000
18.197.226.57:8081
18.199.99.219:42969
18.201.201.45:5986
18.201.220.7:57563
18.212.27.17:593
18.212.34.158:8008
18.212.89.240:15
18.215.167.6:104
18.215.167.6:2454
18.216.239.233:2567
18.217.134.80:26667
18.217.59.108:19790
18.218.35.184:7001
18.219.218.39:19
18.220.190.184:6362
18.222.12.121:103
18.222.12.121:2003
18.222.12.121:34203
18.222.225.114:35000
18.222.225.114:50000
18.222.225.114:8649
18.224.153.152:9999
18.224.6.225:2152
18.228.154.220:16073
18.228.197.55:666
18.228.26.120:10813
18.228.40.121:4242
18.228.43.251:1912
18.228.43.251:1962
18.228.6.17:3299
18.229.134.62:11112
18.230.148.208:2003
18.230.25.70:11341
18.230.25.70:4841
18.231.183.14:4839
18.231.255.164:32114
18.231.9.22:43
18.237.2.54:21025
18.237.71.237:2053
18.237.71.237:2403
181.167.82.139:5603
181.64.27.115:8406
184.169.215.70:4949
184.73.77.124:14000
184.73.77.124:7000
185.208.158.237:443
185.231.69.80:2080
190.10.11.37:6000
190.10.11.37:6001
190.10.11.44:6000
190.10.11.44:6001
190.10.11.55:6000
190.10.11.55:6001
193.218.118.187:53422
194.180.191.149:443
194.180.191.171:443
194.180.191.17:443
194.180.191.189:443
194.180.191.67:443
196.120.15.148:443
196.120.15.225:443
197.44.133.250:6000
197.44.133.250:6001
2.140.190.104:6001
2.143.95.145:6001
200.107.126.227:3085
203.144.184.186:8594
203.144.184.187:8594
211.104.21.158:6000
211.192.69.59:6000
211.196.53.251:6000
211.197.164.131:6000
211.197.164.253:6001
212.115.109.161:6000
212.115.109.161:6001
213.0.57.229:6000
220.76.133.13:6001
220.76.180.78:6000
220.93.101.10:6000
222.89.70.13:9088
23.24.178.33:5454
24.112.49.153:5051
24.112.49.153:5150
27.254.69.17:8700
3.0.49.58:2455
3.10.174.114:20000
3.10.174.114:7000
3.10.174.114:8000
3.10.176.75:13858
3.101.57.14:18246
3.101.78.160:8996
3.101.89.252:6002
3.106.243.140:4839
3.106.248.182:16992
3.107.14.27:17
3.107.166.83:55174
3.107.3.146:1201
3.108.53.155:5938
3.109.153.34:83
3.109.213.193:8554
3.123.4.89:1025
3.123.4.89:21025
3.127.145.44:1201
3.128.25.18:8081
3.131.98.69:1911
3.131.98.69:20611
3.131.99.8:35798
3.138.201.5:13
3.141.15.5:2053
3.142.51.239:20573
3.144.157.115:243
3.144.188.154:2067
3.145.145.226:25852
3.145.146.232:2079
3.15.13.254:2403
3.22.221.240:49502
3.22.221.240:502
3.238.57.178:2281
3.248.199.29:2762
3.249.103.77:873
3.249.47.173:1244
3.249.94.10:10647
3.25.140.14:264
3.25.188.83:30228
3.25.233.150:2052
3.252.60.52:4840
3.255.251.193:102
3.255.251.193:10252
3.255.251.193:2752
3.255.251.193:6002
3.26.144.235:31242
3.26.144.235:9142
3.26.222.89:4321
3.26.24.29:14082
3.26.96.127:4444
3.27.109.240:20001
3.27.109.240:49501
3.27.109.240:50001
3.27.109.240:501
3.27.11.157:10686
3.27.239.131:1599
3.27.6.230:25760
3.35.47.178:44728
3.36.116.178:5009
3.68.102.213:1201
3.68.97.150:8000
3.68.97.150:9600
3.69.197.94:44818
3.69.54.234:5985
3.70.11.235:7723
3.71.15.207:4242
3.71.30.199:3306
3.76.199.53:2405
3.77.145.228:9600
3.77.42.26:195
3.79.45.173:38690
3.8.15.5:18031
3.8.23.180:5905
3.8.96.179:5986
3.80.129.156:4433
3.80.129.156:833
3.81.69.245:5672
3.83.242.231:21290
3.85.103.12:7000
3.86.107.117:24247
3.91.49.221:15
3.93.24.229:17
3.93.24.229:6667
3.94.10.63:18244
3.94.10.63:39994
3.94.10.63:4444
3.96.151.21:788
3.96.165.66:11112
3.96.165.93:2455
3.96.191.215:2761
3.96.214.65:30003
3.96.218.163:20546
3.99.139.81:16992
34.200.228.33:27552
34.201.34.158:9142
34.205.48.230:11453
34.207.181.116:17369
34.213.162.168:2403
34.214.104.113:50673
34.216.6.87:9306
34.217.16.27:16992
34.217.214.70:102
34.217.214.70:14352
34.217.214.70:23652
34.217.214.70:46702
34.217.65.213:5902
34.219.107.81:6633
34.219.188.83:33604
34.219.232.134:993
34.221.141.190:5991
34.222.21.132:54240
34.222.23.99:902
34.223.2.188:21
34.226.138.182:29667
34.239.124.16:4839
34.239.124.16:49089
34.240.169.56:19573
34.243.214.249:1961
34.244.21.227:1604
34.245.206.244:1912
34.245.41.38:7634
34.248.255.15:6653
34.249.158.108:12101
34.252.142.16:58657
34.254.233.198:8883
35.153.198.6:1433
35.154.251.234:4839
35.155.232.238:5938
35.158.106.145:26333
35.174.115.57:2087
35.178.244.216:873
35.179.100.140:10261
35.179.164.167:30709
35.180.13.14:5984
35.180.133.55:4839
35.180.159.147:18244
35.180.159.147:22844
35.180.211.187:5984
35.180.228.21:591
35.180.232.55:101
35.180.232.55:7001
35.180.71.126:7000
35.180.71.126:9300
35.181.58.125:28491
35.181.61.21:20095
35.182.151.200:10001
35.182.151.200:501
35.182.151.200:8001
35.182.188.168:10013
35.182.50.99:4321
35.183.112.54:12271
35.183.136.246:179
35.183.20.90:2082
35.183.43.83:43766
35.183.62.69:2628
35.183.69.182:2181
35.183.81.251:37913
35.183.99.53:8174
35.78.171.69:1963
35.78.180.139:5432
35.78.186.43:6957
35.78.206.139:8080
35.78.77.46:17
35.86.80.194:8081
35.86.98.1:27017
35.88.121.146:40902
35.89.166.10:3128
35.89.241.123:9084
35.91.169.160:43
35.91.169.160:8443
35.93.138.89:102
35.93.156.51:902
35.93.209.149:4840
35.93.230.174:33389
37.12.3.194:6001
37.12.35.141:6001
37.12.43.108:6001
37.12.58.104:6001
37.13.39.51:6001
37.97.101.75:5001
43.200.254.212:13384
43.201.248.30:16942
43.204.109.231:18246
43.204.218.74:16166
43.206.123.192:82
43.206.154.248:2079
43.207.217.215:993
44.201.149.221:9200
44.203.193.124:179
44.203.45.132:20256
44.204.188.88:4150
44.204.211.51:26223
44.243.105.226:4063
44.243.82.28:15999
44.244.111.179:16189
44.244.120.160:873
44.246.125.235:54848
44.246.194.239:18245
45.61.141.226:443
46.137.55.13:4444
47.128.236.221:39618
47.129.114.201:9333
47.129.124.98:1629
47.129.128.232:175
47.129.131.178:135
47.129.131.178:13835
47.129.164.22:8089
47.129.169.193:2000
47.129.169.193:51200
47.129.169.193:9200
47.129.179.230:175
47.129.179.230:21025
47.129.179.230:5938
47.129.179.230:8575
47.129.212.21:33146
47.129.226.81:2096
47.129.248.32:44158
47.129.254.41:4321
49.4.9.38:2000
5.181.157.160:443
5.181.159.60:443
5.181.159.62:443
5.205.127.254:6001
5.205.191.98:6001
5.205.216.100:6001
5.227.65.129:7777
50.233.74.170:6000
50.233.74.170:6001
51.159.55.59:53722
51.17.159.232:52662
51.17.79.84:443
51.198.130.30:6001
51.20.250.8:55554
51.20.60.170:9042
51.20.69.43:2052
51.20.94.18:9600
51.21.2.102:465
51.44.8.103:15000
51.52.92.243:7007
51.84.110.214:47223
51.84.68.245:179
52.10.229.69:11112
52.11.223.41:27974
52.142.146.146:6000
52.15.133.37:4104
52.193.58.5:1521
52.195.178.254:18246
52.199.248.182:11
52.201.232.45:554
52.209.223.124:40000
52.23.156.175:14900
52.23.156.175:35100
52.23.156.175:50100
52.23.156.175:55200
52.33.90.47:52244
52.37.189.73:5172
52.47.171.145:16993
52.47.171.145:443
52.50.39.44:8008
52.50.88.125:19000
52.50.88.125:5900
52.53.183.22:6667
52.53.199.238:389
52.53.221.221:6362
52.53.228.88:2078
52.53.243.107:8090
52.56.213.66:9796
52.65.232.189:103
52.65.232.189:503
52.66.11.210:27995
52.67.16.135:2082
52.67.16.135:42032
52.67.231.24:11211
52.67.231.24:20111
52.67.231.24:34411
52.67.69.128:6443
52.78.63.138:26319
52.78.73.214:1723
52.89.199.16:2004
52.91.218.1:101
54.151.13.167:19080
54.151.39.99:2628
54.152.83.70:4150
54.153.145.247:21100
54.165.112.96:85
54.165.221.106:10859
54.166.193.172:9161
54.167.126.234:17
54.167.31.58:13210
54.167.31.58:5060
54.168.200.156:37215
54.170.28.226:12209
54.176.233.249:17
54.176.77.195:50000
54.177.88.161:9333
54.177.89.187:12162
54.178.49.171:8728
54.180.138.77:7634
54.180.235.236:2000
54.180.250.167:10001
54.180.250.167:27651
54.183.190.151:5671
54.183.76.134:8636
54.184.25.65:52200
54.184.25.65:5900
54.184.8.206:593
54.184.8.206:993
54.185.163.25:1963
54.186.96.95:8159
54.188.72.230:995
54.189.181.127:16098
54.189.72.119:37213
54.191.132.60:2181
54.191.132.60:81
54.191.185.125:5240
54.191.194.56:4444
54.193.120.169:15927
54.193.120.169:59877
54.193.163.62:503
54.193.51.242:7634
54.196.216.193:21542
54.203.9.92:1961
54.206.46.15:7001
54.206.46.15:9601
54.210.76.140:9067
54.212.119.154:51610
54.212.58.238:32298
54.212.66.96:7547
54.213.218.45:6004
54.213.235.215:10256
54.215.212.2:57465
54.215.56.171:2701
54.218.252.88:9999
54.219.14.165:2628
54.219.24.138:18080
54.224.46.54:195
54.225.8.237:13205
54.227.76.173:8081
54.227.77.76:40760
54.232.43.57:10002
54.232.61.174:29618
54.232.61.174:44818
54.233.69.25:16992
54.233.69.35:25565
54.248.204.127:7634
54.67.80.225:15664
54.70.120.69:38035
54.74.249.239:60000
54.75.174.55:10260
54.75.204.104:3260
54.75.204.104:36310
54.82.229.132:1098
54.87.180.125:8137
54.95.202.23:5986
56.124.106.90:3306
56.124.106.90:4506
56.124.106.90:9306
56.124.52.240:44818
56.155.3.36:7006
56.155.36.56:43832
56.228.3.202:4282
57.180.245.137:119
59.13.16.228:6001
59.56.110.231:9088
61.76.179.183:6000
61.76.179.79:6001
61.83.135.87:6001
63.176.170.74:48382
63.32.99.39:32764
63.33.57.73:113
64.190.113.159:1488
64.72.205.68:12521
65.0.11.173:28015
65.0.73.139:35549
65.1.110.138:9418
65.1.112.156:47703
65.1.112.156:5903
65.116.183.70:443
65.2.74.7:1098
65.2.82.33:32764
65.39.69.46:5001
72.5.43.162:444
79.140.230.226:4949
79.241.100.145:81
79.241.105.156:82
79.241.109.16:82
80.229.15.254:6000
81.45.67.197:5432
82.116.44.82:65
82.68.2.174:31022
82.71.120.166:44443
83.49.208.95:443
83.49.90.149:443
84.154.180.143:82
84.154.182.153:81
84.154.183.164:82
84.154.190.128:82
84.154.190.183:81
87.92.132.67:6001
88.112.168.157:6000
88.17.113.40:443
88.17.119.80:443
88.31.16.17:6001
88.31.45.5:6001
88.31.54.12:6001
91.202.5.18:443
91.211.250.95:80
91.225.217.174:50001
91.228.113.199:9026
91.228.113.199:9028
91.228.113.199:9031
91.228.113.199:9032
91.228.113.199:9037
91.241.5.44:5446
93.198.178.131:81
93.198.178.208:82
93.198.184.30:82
93.198.191.146:82
93.198.191.182:82
93.198.191.241:82
93.232.102.78:81
93.232.107.71:82
93.232.108.168:81
93.232.97.253:82
93.232.98.162:81
93.232.99.200:81
93.232.99.23:81
94.130.132.103:5555
94.158.245.66:443
94.158.245.81:443
94.232.244.62:444
94.24.109.185:32766
95.111.205.82:19569
95.125.152.200:6000
95.38.89.121:6000
98.82.13.245:11112
allstatetransports.com
amnahuseta20.com
apouttv28.com
clustersf.com
daligrakahrr44.com
devmodebeta.dev
erectilehelp.top
fuckhdmov.top
goaccredited.biz
gotintouch.shop
haidao10.top
heavyraintoday.com
heavyraintoday.net
heavysnowday.com
heavysnowday.net
highway-loads.com
itradepay.com
kokosinka1.com
kokosinka2.com
logitehc.online
lordfox11.net
mobilemstt.tpb.vn
readytostartsomething.com
realty-bundles.com
safetydatasheets-t.phillips66.com
smart-american.com
stocktemplates.net
todocarritos.top
tomfilfb.duckdns.org
traversecityspringbreak.com
ukuhost.net
yogupay.net

# Reference: https://x.com/malwrhunterteam/status/1918783701032255623
# Reference: https://www.virustotal.com/gui/file/edd1d2773f6e4dc652603238f46fa8a1e1251938c59d0d12fee123f2cc5e1537/detection

http://111.90.143.217
http://185.149.146.73
111.90.143.217:1488

# Reference: https://x.com/JAMESWT_WT/status/1920817831454642362
# Reference: https://app.any.run/tasks/99230bee-1554-4da4-b75e-9f863fb58221

http://77.83.207.89
http://80.64.18.178
77.83.207.89:443
80.64.18.178:443
blessyoumother.world
godblessyou.world

# Reference: https://x.com/skocherhan/status/1922135739334078652
# Reference: https://www.virustotal.com/gui/file/f3edb3a34c965954d03c32151380f6321d621f95a16b0b1bc9c73e3289ba9a77/detection

http://185.237.165.232
185.237.165.232:443
freshersnet.com

# Reference: https://x.com/JAMESWT_WT/status/1922239124104163425
# Reference: https://www.virustotal.com/gui/file/5b591827cf487b3f049bbf7b6f73e995eb12c5ed34b62f020dd597a21d155c07/detection
# Reference: https://www.virustotal.com/gui/file/09511c842d4be2a7396d6c1ace9f005737b1f1951026bb6531ea51fe029ce565/detection
# Reference: https://www.virustotal.com/gui/file/2bab4ad93fff8e90d2240f3b2bf1d57be383988d82fe95db9a6bfd8d68c723e5/detection
# Reference: https://www.virustotal.com/gui/file/49cd802835891b273d2a0ba1e35c8a082ae1c78bf54c074440a1794e745419cb/detection
# Reference: https://www.virustotal.com/gui/file/27b54935c0096101f3c47ca90a59527212fc26d7d6cf45f48fbe43b1dd3911aa/detection
# Reference: https://www.virustotal.com/gui/file/4a31219fccf3a43a6e9d95f354d9c77c200ba973e4fd3e61fc66bb77000a253c/detection
# Reference: https://www.virustotal.com/gui/file/18bb6537671a88628eafaf8e638e38a63a20a5b114ccf5460a7be4df7ea5df05/detection

http://162.252.173.251
http://176.10.119.250
http://94.158.245.115
http://94.158.245.56
162.252.173.251:443
176.10.119.250:443
94.158.245.115:443
94.158.245.56:443
bylistening.com
clientforbigbug.cloud
ejays.com
hwaccess.net
relambia.net
wheremylifestreet.cloud

# Reference: https://x.com/JAMESWT_WT/status/1922540668599037980
# Reference: https://www.virustotal.com/gui/file/c29b8221b7f08ba923d3ad7bfdec0f456bec48f4e015e726c920aa9b5f1bcc91/detection

101.99.91.21:1488

# Reference: https://x.com/malwrhunterteam/status/1922645334188073466
# Reference: https://www.virustotal.com/gui/file/7918ebbbbfe168a09991b9608b1b288da83e336c956dab97912e14057eac0076/detection

hgame33.com
sti-salyk.com

# Reference: https://github.com/prodaft/malware-ioc/blob/master/SavageLadybug/NetSupportRAT.md

http://166.88.159.98
http://166.88.228.24
http://176.32.39.71
http://188.124.59.18
http://188.132.183.172
http://193.23.118.165
http://195.133.67.165
http://2.58.95.73
http://216.74.123.141
http://46.29.160.235
http://5.252.176.143
http://89.187.25.108
http://91.184.250.215
166.88.159.98:443
166.88.228.24:443
176.32.39.71:443
188.124.59.18:443
188.132.183.172:443
193.23.118.165:443
195.133.67.165:443
2.58.95.73:443
216.74.123.141:443
46.29.160.235:443
5.252.176.143:443
89.187.25.108:443
91.184.250.215:443
kelvialp.com

# Reference: https://www.virustotal.com/gui/file/c2a2641ed571c1e025561ef1f6d3ffa2a9362c68bebb2a0884f638a8a06d37b9/detection

http://94.158.245.132
94.158.245.132:443

# Reference: https://x.com/JAMESWT_WT/status/1928074932426088537
# Reference: https://www.virustotal.com/gui/file/6d0857a9c77f9c5f2a5e6921e1cb9f7e1a5d6b947ad63b364d291157d3f840fb/detection
# Reference: https://www.virustotal.com/gui/file/21f5a8d450faa152a84f61f77975f2ee3ff83e777f2a60cf1f99ad5641c1260f/detection
# Reference: https://www.virustotal.com/gui/file/33ab76140a0453a36d7feeeef2eb6e6147bb2b2096d4a08df7a81a2bfb882f82/detection
# Reference: https://www.virustotal.com/gui/file/18c313e678ce64866aa8b765b4ab857d09a46aa06473d6097d9d36760107462b/detection
# Reference: https://www.virustotal.com/gui/file/d6f64b624f36cc924b3a7829cdb59ebee3057dc2293ed571738f6635f6713743/detection

http://185.231.154.75
http://5.252.178.123
http://94.158.245.131
http://91.184.245.3
185.231.154.75:443
5.252.178.123:443
94.158.245.131:443
94.158.245.137:443
91.184.245.3:443
30salads.com
fixitjo.com

# Reference: https://x.com/skocherhan/status/1928462801648951407
# Reference: https://x.com/skocherhan/status/1928462801648951407
# Reference: https://www.virustotal.com/gui/file/6ed0e5411c6836ee5caa3e4b6c25c381a648a434bd9948cd135b7c6b5762d76b/detection

http://83.222.190.174
83.222.190.174:443
beerbadlove.com
thanksbadbeer.com
sunriseopen.com

# Reference: https://x.com/skocherhan/status/1928443768190931349
# Reference: https://x.com/JAMESWT_WT/status/1928467860025750009

cloudverifsecure.com
troubleinternetverif.com

# Generic trails

/iplog/newg.php
/JSX/testpost.php
/fakeurl.htm
