# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: poseidon stealer, rod stealer, rodmacer stealer

# Reference: https://twitter.com/phd_phuc/status/1651001139750420480
# Reference: https://twitter.com/phd_phuc/status/1651002681798926337
# Reference: https://www.virustotal.com/gui/file/2175cc3bc1e3bf4cc27a9524b34d47c14b9aa094061600c0c4bfee9447bd54b4/detection

37.220.87.16:5000
amos-malware.ru

# Reference: https://twitter.com/malwrhunterteam/status/1651496976486154240
# Reference: https://www.virustotal.com/gui/file/2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097/detection

3fa-all.life
any-viewer.com
app-torrent.org
app-trade.net
apps-torrent.com
apps-torrent.net
apps-torrent.org
apps-trade.org
apps-web.digital
atom-apps.net
auth-apps.club
auth-apps.org
auth-secure.org
axx-play.com
brav-down.com
brav-down.org
bravs-down.com
cosmos-network.io
ens-apps.com
evmchainlist.app
files-box.org
forexx-meta.com
gram-apps.com
gramm-download.net
gua-wallet.com
gua-wallet.org
itrezor.net
itrezor.org
keplrwallet.app
layerzero-foundations.net
memo-apps.net
memo-apps.org
meta-forexx.com
meta-forexx.net
meta-forexx.org
notion-apps.net
otp-apps.net
otp-apps.org
pass-save.com
ph-wallet.org
phan-apps.com
phantom-wallet.at
phantom-wallet.net
phantomm-wallet.us
play-axi.net
q-torrent.com
q-torrent.net
q-torrent.org
rabby-wallet.net
rabby.at
remote-apps.net
remote-apps.org
saver-pass.life
scroll-drop.net
scrollfoundation.net
scrollnetworks.net
secure-apps.org
security-apps.net
security-apps.org
skii-weaver.com
skii-weaver.net
team-apps.club
torent-u.com
tortent-u.com
tortent-u.org
twill-down.com
twillo2.club
u-torrent.org
unisat-wallet.net
unisat.at
uploads-test.org
uth-app.life
vl-play.club
w3fa-all.life
wallet-atom.com
wauth-secure.org
web-wallet.org
wu-torrent.org

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
# Reference: https://otx.alienvault.com/pulse/64fa053f6f16dd0914077358

app-downloads.org
trabingviews.com
u0131ews.com
xn--gsvews-r9a.com
xn--tradgsvews-0ubd3y.com

# Reference: https://twitter.com/1ZRR4H/status/1700206318718509292

cleanmac-app.top

# Reference: https://threatfox.abuse.ch/ioc/1164482/

http://185.106.93.154
maybe.host
api.maybe.host

# Reference: https://twitter.com/MalGamy12/status/1705151026976760309
# Reference: https://www.virustotal.com/gui/file/19023cd72c8de1423e8082232099c6e38db3e78ceca179af104a3b1ad579d8a5/detection

http://45.144.29.39

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://185.215.113.116

# Reference: https://twitter.com/g0njxa/status/1710678871799152913

dafu-xiaoniangao.monster
/askdaskdIB/22987ggg
/22987ggg
/askdaskdIB

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/

http://104.21.17.179
http://171.22.28.248
http://172.67.177.191
http://185.172.128.163
http://185.172.128.31
http://185.215.113.71
http://194.169.175.117
http://194.49.94.93
http://5.182.86.8
http://5.42.65.107
http://5.42.65.55
http://79.137.198.170
http://89.208.105.191

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
# Reference: https://otx.alienvault.com/pulse/655deaade608a53b8d4ada31

chalomannoakhali.com
jaminzaidad.com
royaltrustrbc.com

# Reference: https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
# Reference: https://www.virustotal.com/gui/ip-address/62.204.41.98/relations
# Reference: https://www.virustotal.com/gui/file/0956ab422b6bcc44fed1504b524c8bb8c4491da42552c3b179d6bbcb3dc24c85/detection

http://5.42.65.108
trialap.com
slack.trialap.com

# Reference: https://twitter.com/r3dbU7z/status/1748103869375128024
# Reference: https://www.virustotal.com/gui/ip-address/23.227.199.33/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.92.244.104/relations
# Reference: https://www.virustotal.com/gui/file/0316b4d2186dbfbaef8929cb18fed6d6a5ba7a923fd005c94b458b7dd3ada6a8/detection

daddyvjxsa.online
daddyvjxsa.site
parailels.online
parallells.online

# Reference: https://twitter.com/r3dbU7z/status/1755063296145736023
# Reference: https://twitter.com/r3dbU7z/status/1771867585673392149

aianubhav.com
accoun10.com
guruveera.com

# Reference: https://twitter.com/moonlock_lab/status/1772323469947978002
# Reference: https://www.virustotal.com/gui/file/511a01dcb0fe86c9f2f432400a28487d53e83cdb03af7701f28511f260eb1a83/detection
# Reference: https://www.virustotal.com/gui/file/07a4618b5d9e057de25977ec2bd698e3070280be162aaed16b45cdef3ccad862/detection

79.137.192.4:443

# Reference: https://twitter.com/r3dbU7z/status/1786009485846204504
# Reference: https://www.virustotal.com/gui/file/26576c710b3025a4e1b46f78a0e1a9a276e2107291771ae1a9792ebffa2ef930/detection

notion.ph

# Reference: https://twitter.com/birchb0y/status/1790746238758817821
# Reference: https://x.com/malwrhunterteam/status/1900612483900981277
# Reference: https://x.com/malwrhunterteam/status/1902272327980642718
# Reference: https://alden.io/posts/infostealers-a-brewin/
# Reference: https://app.any.run/tasks/834cae35-e7c8-4e63-a66b-814f676e6af2/
# Reference: https://app.validin.com/detail?type=raw&find=Homebrew+%E2%80%94+The+Missing+Package+Manager+for+macOS+%28or+Linux%29 (# 2025-03-14)
# Reference: https://www.virustotal.com/gui/file/513bb09807c9c343fccf7df30f687ea490125745e5ae02177c92efeb514e4b30/detection
# Reference: https://www.virustotal.com/gui/file/9a2e0aadd42144abf97232bff0d3dcec123004b07e1e771c82e0d04f7ae0971a/detection
# Reference: https://www.virustotal.com/gui/file/0a21b30f2e725b73160c542561bf68a2c8f53949557240db34d890583d02e30b/detection

http://109.120.178.3
http://158.255.213.85
http://162.252.175.220
http://167.234.213.68
http://185.199.108.153
http://185.199.109.153
http://185.199.110.153
http://185.199.111.153
http://185.246.130.141
http://188.127.225.100
http://5.255.107.149
http://5.42.100.86
http://77.221.151.41
http://79.137.192.4
http://82.115.223.176
http://85.217.222.185
79.137.192.4:443
applemacios.com
aroqui.com
axcrid.com
bodega-fyi.pages.dev
brew-download.com
brew.lat
brews.icu
brewsh.cc
brewshh.org
candao.top
coinpepe.xyz
drcohenmd.com
homebrew-storage.com
homebrew.cx
homebrew.page
homebrewl.pro
hornebrew.mom
mpsime.com
nnvious.com
rectanglemac.pro
trello.bio
willowsushi.com
brew.pages.dev
docs.homebrew.cx
raw.brewsh.cc

# Reference: https://x.com/Threat_Down/status/1791912008746430748

http://5.182.86.95

# Reference: https://x.com/moonlock_lab/status/1793702034782433441
# Reference: https://www.virustotal.com/gui/file/60ad28afc1b3bd1cfd671c8f5fad7398e1cb7bd811498ef8a371007c4c32e75e/detection
# Reference: https://www.virustotal.com/gui/file/30b89622c779dd06faa909e7e0b8e88f3b75ca78fad00c4cf0ef7db320e3b218/detection
# Reference: https://www.virustotal.com/gui/file/2e3dcbccd9c774a43ec8565378c4ae9f4f6048b5f4c984d99e4f000858b688e3/detection

forked-project.com

# Reference: https://x.com/birchb0y/status/1793735550744375338
# Reference: https://app.validin.com/detail?find=185.172.128.72&type=ip4&ref_id=9fd035b569f#tab=resolutions

altllayer.com
earlymodenetwork.com
leaderwallets.org
lfgjupiter.com
mantanetwork.dev
newparadigm.dev
pixelcommunity.xyz
rodrigos.io

# Reference: https://x.com/Threat_Down/status/1794033775980032497
# Reference: https://www.virustotal.com/gui/file/27ed8f5684e32217a073200ac80d822825f4e9954797f6682c7a6c8d0951fb88/detection

http://65.108.232.23
calenserty.com

# Reference: https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/
# Reference: https://otx.alienvault.com/pulse/65b915078b79508127f170a9

arcbrowser.pro
cleanmymac.pro
parallelsdesktop.pro
pixelmator.pics

# Reference: https://x.com/arch1ehic0x/status/1803095125779791980
# Reference: https://x.com/karol_paciorek/status/1803357816746360903
# Reference: https://x.com/karol_paciorek/status/1803362692566028490
# Reference: https://app.validin.com/detail?find=ROD%20STEALER&type=raw&ref_id=2874a9d4ee7#tab=host_pairs_v2
# Reference: https://www.virustotal.com/gui/file/b68fbd104d13e025928f29bb90a25ab5b552ba1275ccd11869cf626fca85fb46/detection

http://185.172.128.110
onipars.pw
truck-ord.site

# Reference: https://x.com/arch1ehic0x/status/1806678546607227054
# Reference: https://www.virustotal.com/gui/ip-address/186.2.171.60/relations
# Reference: https://www.virustotal.com/gui/file/474ee78c6636ee478ea7f4521559679fbc468bb326357737bfc465e63ed153fa/detection

agov-access.com
agov-access.net
agov-ch.com
agov-ch.net
register-agov.com
register-agov.net

# Reference: https://x.com/NDA0E/status/1806818805961912577
# Reference: https://x.com/bruce_k3tta/status/1887881634286108734
# Reference: https://x.com/g0njxa/status/1915698276206104905
# Reference: https://search.censys.io/hosts/185.147.124.212
# Reference: https://www.virustotal.com/gui/file/61b0b147bf9bec52818af09d10ca7b81bb94c07d964684f10360abfe426014ba/detection
# Reference: https://www.virustotal.com/gui/file/382b0c1923db5369787f84f839004c171e7d400482055725b091f5eede80a7a4/detection

http://185.147.124.212
http://88.214.50.3
185.147.124.212:22
185.147.124.212:3389
lascolinasresortdalas.com
login-auth-office.com
osheafarm.com
poseidon.cool
robsheraldry.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/ (# 2024-07-01)

http://186.2.171.60
http://37.27.82.196
http://68.66.226.80
186.2.171.60:443
37.27.82.196:443
agovaccess-ch.com
b2cidp-mobilier.com
bitp.alamri-ip.com
bitp.alan.my
bitp.alkareemimport.com
bitp.avansisgroup.com
bitp.blueroselb.com
bitp.clementinasketchbook.com
bitp.dicoar.com
bitp.ebibote.com
bitp.fromagetambourin.fr
bitp.grantindonesia.com
bitp.hapa5387.odns.fr
bitp.heavenconstruction.pk
bitp.heavenmarketing.pk
bitp.htechs.com
bitp.idealindustryltd.com
bitp.kkenterprises.pk
bitp.navihost.in
bitp.nwg.com.pk
bitp.olivrodapatria.online
bitp.ontech.co.zm
bitp.phrapitta.com
bitp.pisuka.com
bitp.pouradhwani.com
bitp.quasar.sa
bitp.quick-eg.com
bitp.raagifts.com
bitp.siupk.net
bitp.smslogin.xyz
bitp.sviat21.com
bitp.tami8849.odns.fr
bitp.tiedyeromania.ro
bitp.tilakhighfiji.com
bitp.weltpropiedades.cl
bitpa.ananyajain.com
bitpa.artemilenario.fr
bitpa.athleticshub.co.uk
bitpa.babajani.com
bitpa.bariel.co.id
bitpa.beautifulbooze.com
bitpa.bghbd.com
bitpa.bicoman.net
bitpa.casamagdalenapublicidad.com.co
bitpa.combienemetmonargent.info
bitpa.dctcbd.com
bitpa.desipolska.pl
bitpa.dogfestival.gr
bitpa.drcaraccessories.com
bitpa.eamarseba.com
bitpa.elshamel.online
bitpa.guptavedika.com
bitpa.hostpinas.com
bitpa.innovatalks.com
bitpa.jcaisse-dev.org
bitpa.mathinmaps.net
bitpa.mejoresconsejosvida.online
bitpa.miogatto.gr
bitpa.miogatto.greffectual
bitpa.moralesalducin.com
bitpa.mydreamsltd.com
bitpa.nationaltemps.co.uk
bitpa.neebs.edu.np
bitpa.newestrealty.com
bitpa.owanbefood.com.ng
bitpa.palms77hotel.com
bitpa.planethair.gr
bitpa.professoranagida.online
bitpa.pta-greece.gr
bitpa.remoteprints.com
bitpa.sarshipping.net
bitpa.smsfi.com
bitpa.socialobserver.in
bitpa.soltita.com
bitpa.tatlibuketi.com
bitpa.tigercampcorbett.com
bitpa.toel4298.odns.fr
bitpa.vendotuttonline.com
bitpa.vissnatech.ir
bp.4dpayme.com
bp.absolutairarcondicionado.com.br
bp.afrokulchagroup.com
bp.americansports.com
bp.aminadabelago.com.br
bp.appoemn.org
bp.bernard-bourcy.net
bp.blogcanadiense.com
bp.brankenattorneys.co.tz
bp.cairnhillwatches.com
bp.car.co.tz
bp.celebratebloomfield.org
bp.celloxwatches.com
bp.ctvidamelhor.com.br
bp.davidliving.com
bp.dieterforjudge.com
bp.dumbeg.com
bp.easthartfordinterfaith.org
bp.edgenetworks.rs
bp.emporioecuador.com
bp.fatp.co.tz
bp.flyingdonvstg.franciaim.net
bp.fortclean.net
bp.fursforus.net
bp.hotelultimafrontiera.com
bp.innovatalks.com
bp.isap-union.gr
bp.jpxhelmet.com
bp.kgcdiary.com
bp.kidsightusa.org
bp.killerworkdev.com
bp.linenessentials.com
bp.littleleafstudio.co.uk
bp.lyctechnologies.com
bp.marthareingold.com
bp.mgcsw.gov.ss
bp.mibenditoadolescente.com
bp.moimoveis.com.br
bp.movie.co.tz
bp.myindiamall.in
bp.natenrjs.com
bp.nationalbeatpoetryfoundation.org
bp.news.co.tz
bp.niceguyrebrands.xyz
bp.paltouchsystems.net
bp.petersparre.com
bp.rafikidodomahotel.com
bp.richardobenton.com
bp.riscasvicosas.pt
bp.saleseconomic.com
bp.sc1jtfu9765.universe.wf
bp.segurobligatorio.pro
bp.seo7sry.com
bp.shivaagorealty.com
bp.stasy-union.gr
bp.sygenpharma.com
bp.tdsorsta.ro
bp.trueearthchanges.com
bp.video.co.tz
bp.watertownctlions.org
bp.wegolions.org
bp.wheelsofwilliamsport.com
bp.wheelsofwilliamsport.net
bp.wocrimestoppers.org
bp.worldcup.co.tz
dibbadu.absoluteitbd.com
dibbadu.arkaconstructores.com
dibbadu.caelectrons.com.br
dibbadu.carboneralabanda.com.co
dibbadu.ciptransfer.com
dibbadu.dolphinmanagement.ro
dibbadu.evergraphics.com
dibbadu.geofieldp.com
dibbadu.institutointei.com
dibbadu.millennialstourandtravel.co.ke
dibbadu.myportfolio.com.co
dibbadu.nextsol.com.br
dibbadu.planamoveis.com.br
dibbadu.proexcon.com
dibbadu.promoveazaonline.com
dibbadu.smartfuture.co.za
dibbadu.sscmcc.cl
dibbadu.sulmov.com.br
dibbadu.trujilloserrano.com
eportal-be.com
eportal-bs.com
extraiptv.giize.com
finanzportal-vermogenzsentrum.com
finanzportal-vermogenzsentrum.net
getgrammerly.com
hd.hdweb2.pw
ip.tvguzel.com
loginzug.com
newcp.abagenciamarketingdigital.com
newcp.adrenalinanet.com.br
newcp.afrikwebacademy.com
newcp.americansports.com
newcp.amtech.sd
newcp.andersonconstantino.com.br
newcp.ankaracilingirci.com
newcp.ankaradatemizliksirketi.com
newcp.ankarasevkattesisat.com
newcp.arteimparables.online
newcp.atlasfizyoterapi.com.tr
newcp.aurcleaning.com
newcp.aurejewelry.ca
newcp.avalanche-store.com
newcp.balcovacicekciler.com
newcp.bayraklicicekciler.com
newcp.bazis-t.uz
newcp.beyondxgroup.online
newcp.bitezeventwedding.com
newcp.bizaccord.com.pk
newcp.bnkilaclama.com
newcp.bonggayon.com
newcp.bornovacicekciler.com
newcp.boscosoft.ae
newcp.botchats.in
newcp.brntemizlik.com
newcp.clay.net.in
newcp.colegioburiti.com.br
newcp.coliturcusco.com.pe
newcp.departamentosenpueblolibre.com
newcp.dihucar.com
newcp.dominantlegaltrans.com
newcp.essasattire.com
newcp.essentemizlik.com
newcp.fahadengineerings.com
newcp.franciaim.net
newcp.frederic-monereau.com
newcp.freud.radi0.im
newcp.fxtransportation.com
newcp.gaziemircicekciler.com
newcp.generation-green.ma
newcp.geofieldp.com
newcp.ghdemo.com.tr
newcp.grid-edge.com.au
newcp.gridedgenews.com
newcp.gssgroup.co.ke
newcp.h-bsofwares.com
newcp.harasselection.com.br
newcp.hiraotomatikkapi.com
newcp.hypercctv.org
newcp.icredes.com
newcp.iluminate.com.mx
newcp.induslab.net
newcp.inkopau-rentcar.com
newcp.ithalatcimiz.com
newcp.japeto.ro
newcp.jcgama.com
newcp.johnballis.com
newcp.karyacorp.com
newcp.libuinsi.my.id
newcp.liderford.com
newcp.lindaballis.com
newcp.lojaflordocerrado.com.br
newcp.lourencoviajante.pt
newcp.maeslanden.nl
newcp.maskinsoftware.com
newcp.maxxcontrol.com.tr
newcp.medyapm.com
newcp.meiya.co.ke
newcp.metse.co.bw
newcp.mexicodemaria.mx
newcp.multipolarsolution.com
newcp.naseemtravels.com
newcp.neutown.com
newcp.ngopicoding.com
newcp.niceguyrebrands.xyz
newcp.nirmalexpertsolutions.com
newcp.oiltanker.com.ng
newcp.olivrodapatria.online
newcp.perapeyzaj.com
newcp.piolinspa.cl
newcp.plastikiniai-langai.eu
newcp.pnmls.cd
newcp.posdata-si.com
newcp.qadricaterers.com
newcp.ram-service.cl
newcp.recubplast.com.co
newcp.royalcontingencia.com
newcp.rsquad.co.ke
newcp.safipompe.ma
newcp.sagarsprings.com
newcp.sbaqala.pk
newcp.sc3bhgr7781.universe.wf
newcp.seo7sry.com
newcp.skinorra.com
newcp.smartlabor.it
newcp.solarib.com
newcp.sosgestion.com.co
newcp.spiegelenergy.com
newcp.spiegelenergy.com.au
newcp.stargazemining.co.za
newcp.superanimalpet.com
newcp.tamilankadai.com
newcp.tamminguyen.co.uk
newcp.tammisnaps.com
newcp.techcube.in
newcp.termomecconsultoria.com.br
newcp.thebestbodrumtemizlik.com
newcp.thebestbodrumtemizlik.comlounge
newcp.thisisafricas.com
newcp.tuintiadmin.com
newcp.ultisol.co.za
newcp.universal-kikaku.com
newcp.uns-kikaku.com
newcp.urunstand.com
newcp.visualmakers.com.pk
newcp.vozminera.mx
newcp.wine-ar.com
newcp.youknowpeople.com
newcpp.1ihost.com.br
newcpp.3dsurf.ir
newcpp.4182-0006ac95072f.wptiger.fr
newcpp.abarclinic.com
newcpp.abrakadabra.com.pe
newcpp.aceleraventas.com
newcpp.activelifemd.com
newcpp.addisbasketball.com
newcpp.adrenalinanet.com.br
newcpp.afrokulcha.co.za
newcpp.afrokulchagroup.com
newcpp.afrokulchatravel.co.za
newcpp.almoajel.sa
newcpp.altaymediaalbania.org
newcpp.aminadabelago.com.br
newcpp.apa.ba
newcpp.aurejewelry.ca
newcpp.aurespa.ca
newcpp.averynigeria.com
newcpp.balebuku.my.id
newcpp.bandamuveegroov.com.br
newcpp.banjarkode.com
newcpp.better-gpt.org
newcpp.billionairesestate.com
newcpp.bocadosdeamor.com
newcpp.build-2-suit.com
newcpp.casadefriossaobenedito.com.br
newcpp.casamagdalenapublicidad.com.co
newcpp.cncmorelos.org
newcpp.confidable.com
newcpp.conquermark.com
newcpp.constructoraharr.clapostolic
newcpp.credencewatches.com
newcpp.damaskin.ro
newcpp.danmartin.ro
newcpp.dilagosburguer.com.br
newcpp.ditsaambiental.com
newcpp.dktravel.com.ec
newcpp.doncellafem.com
newcpp.dsts-immigration.com
newcpp.dungnguyenarchi.com
newcpp.durumdelight.com
newcpp.easthartfordinterfaith.org
newcpp.education21kulimpku.com
newcpp.embassydevelopments.com
newcpp.espace-food.com
newcpp.espinhoserosas.com.br
newcpp.exactcolor.co.ke
newcpp.faforlife.com.ng
newcpp.faforon.com
newcpp.faforon.com.ng
newcpp.falahatishop.com
newcpp.fatp.co.tz
newcpp.faybd.com
newcpp.fitnessupbeat.com
newcpp.fridaybd.com
newcpp.fundacionequiterra.org
newcpp.gemsinnovation.com
newcpp.gridedge.com.au
newcpp.gridedgenews.com
newcpp.h-bsofwares.com
newcpp.harmonyvillage.gr
newcpp.hotel.co.tz
newcpp.huncanlit.com
newcpp.husamekhrawesh.com
newcpp.ibis-inspection.com
newcpp.ilutex.com.br
newcpp.imcbgten4.org
newcpp.institutoiba.org.br
newcpp.inversionesllort.com
newcpp.isabelaayrosa.adv.br
newcpp.johnballis.com
newcpp.kgcdiary.com
newcpp.khabarworld.com
newcpp.killerworkdev.com
newcpp.kotok.net
newcpp.ktktech.my.id
newcpp.kystibbi.com.tr
newcpp.lacitavilla.com
newcpp.lakcards.lk
newcpp.lenterdit.com.ar
newcpp.levinesolutions.net
newcpp.lindaballis.com
newcpp.logdist.ma
newcpp.ludotenis.com
newcpp.luicreativestudio.com
newcpp.magyarkoltok.com
newcpp.mahtokitchencare.com
newcpp.meadvilleorthodontics.com
newcpp.medicalmedia.com.mx
newcpp.meiya.co.ke
newcpp.moimoveis.com.br
newcpp.moralesalducin.com
newcpp.movie.co.tz
newcpp.musamwaky.co.tz
newcpp.nationaltemps.co.uk
newcpp.natroglobal.com
newcpp.news.co.tz
newcpp.nonisec.com
newcpp.nonisec.com.ar
newcpp.ontrace.id
newcpp.park-systems.net
newcpp.payall.com.ng
newcpp.pkmkaranganyar.com
newcpp.pmkt.ao
newcpp.polomilano.com
newcpp.polyvin.com.br
newcpp.powerunits.com.ng
newcpp.powerunits.com.ngwittily
newcpp.powerunits.ng
newcpp.princekushwaha.com.np
newcpp.protrans.com.ph
newcpp.quantum-ev.co
newcpp.quasar.sa
newcpp.quasarful.com
newcpp.recettecuisinegastronomie.fr
newcpp.revenueacademy.it
newcpp.saamtrek.co.za
newcpp.sagarsprings.com
newcpp.sandrasperling.com
newcpp.sbtabriz.com
newcpp.sc1jtfu9765.universe.wf
newcpp.scotiaperu.pe
newcpp.seguroautoagora.com.br
newcpp.seis.co.ke
newcpp.sketchersdesign.co.ke
newcpp.smartzone.sa
newcpp.spiegelenergy.com
newcpp.sscmcc.cl
newcpp.stayeasyplus.com
newcpp.stratwood-gs.ro
newcpp.streakk.com.ng
newcpp.tabledemassagepliante.fr
newcpp.tdsorsta.ro
newcpp.techtrust.pt
newcpp.tecsoluciones.com.pe
newcpp.testabeko.mamaquette.fr
newcpp.thehumanitarianfund.org
newcpp.themavvel.co.ke
newcpp.tracymasonmedia.com
newcpp.uns-kikaku.com
newcpp.uptourismguide.com
newcpp.upvs.com.ng
newcpp.urushomestay.com
newcpp.vanguardaamazonense.com.br
newcpp.wecarefamilydentistry.com
newcpp.wpsuperlink.online
newcpp.wychelmconnect.com.ng
newcpp.xyfinity.co.za
newscp.aaptiroots.in
newscp.academicindia.in
newscp.aeni-script.my.id
newscp.agenciazurc.com.br
newscp.ainirentcar.com
newscp.akia.com.mx
newscp.alauddinsweetmeat.com.bd
newscp.allkemie.com
newscp.almastudio.pe
newscp.antaema.com
newscp.arabic.du.ac.bd
newscp.area14st.com
newscp.aromatherapyacademy.com
newscp.atiliomarola.com.ar
newscp.aunurrafiqofficial.com
newscp.bangfirmanofficial.com
newscp.bariel.co.id
newscp.blueheadfilms.com
newscp.botchats.in
newscp.carboneralabanda.com.co
newscp.carvalhocruz.com.br
newscp.cgsbim.cl
newscp.chaucatotoursperu.com
newscp.clay.net.in
newscp.cncmorelos.org
newscp.colbachabierto.com
newscp.colbiomor.org
newscp.computertechsperts.com
newscp.contechprojects.com
newscp.danmartin.ro
newscp.darfurfm.sd
newscp.debambu.es
newscp.debellis.com.br
newscp.digitalmaster.ro
newscp.dolphinmanagement.ro
newscp.dominioarquitectura.com
newscp.ebitan.com.bd
newscp.entreprisesdavenir.fr
newscp.exideinverterbattery.in
newscp.fatp.co.tz
newscp.gclenterprises.in
newscp.geber.com.mx
newscp.geliankft.hu
newscp.grupoempresarialvasram.com
newscp.grupomv.com.py
newscp.hchemical.sd
newscp.heefhotel.com
newscp.hospitaldesanluis.com.co
newscp.hotelultimafrontiera.com
newscp.hydrosolutions.pe
newscp.ibis-inspection.com
newscp.inncomex.com.mx
newscp.internetareal.net.br
newscp.janeladedramaturgia.com
newscp.junoindia.com
newscp.kashier365.com
newscp.khulumameals.co.za
newscp.laboratoriomacruzfarma.com
newscp.lf21.my.id
newscp.machaquila.com
newscp.mappingcanvasser.com
newscp.maridadymotors.co.ke
newscp.mexicodemaria.mx
newscp.mgglobalinvest.com
newscp.myindiamall.in
newscp.myportodigital.site
newscp.ndwc.com.py
newscp.nextsol.com.br
newscp.nppp.pk
newscp.nsaservices.com.br
newscp.oanachivu.ro
newscp.officialrtv.com
newscp.oiltanker.com.ng
newscp.ontrace.id
newscp.posdata-si.com
newscp.psiqo.com.pe
newscp.rafaelhsouza.com.br
newscp.ranasariagroup.com
newscp.roborave.mx
newscp.romalogistics.com.pe
newscp.sacs.ec
newscp.sagarsprings.com
newscp.savannah.sd
newscp.sc1dsnb7288.universe.wf
newscp.sc1tmtd4794.universe.wf
newscp.sc3bhgr7781.universe.wf
newscp.seotoronto.company
newscp.siarabd.com
newscp.slagveld.co.za
newscp.soltani-shopping.com
newscp.srprof.com
newscp.superanimalpet.com
newscp.swammovers.com
newscp.thirtyline.com.my
newscp.top2stay.com
newscp.tora-ks.com
newscp.tracymasonmedia.com
newscp.trimitrateknikmandiri.com
newscp.universalauto2000.it
newscp.usgonline.mx
newscp.valledelinka.com.pe
newscp.webhostingneo.co.id
newscp.xmartechpro.com
newscp.xpresscard.info
newscp.youthtuko.org
panda.arcaem.com
panda.ckinam.com
panda.creativeeventsbd.com
panda.dilagosburguer.com.br
panda.ffde.com.br
panda.fxtransportation.com
panda.grupoqueiroz.pt
panda.japanbangladeshhospital.com
panda.laofix.com.tr
panda.levinesolutions.net
panda.lojaniq.com
panda.sixfibras.com.br
panda.superdreadi.com
panda.tafca.cl
panda.vifurni.com
panda.viralhab.com
panda.vuacanvas.com
pipp.agauto.co.ke
pipp.debellis.com.br
pipp.diasecampos.com.br
pipp.dilagosburguer.com.br
pipp.dipankardey.com
pipp.eshaqlaw.com
pipp.japanbangladeshhospital.com
pipp.laofix.com.tr
pipp.nsaservices.com.br
pipp.pantallita.com
pipp.retromad1.ro
pipp.seo7sry.com
pipp.showroomilgiornodopo.it
pipp.sixfibras.com.br
portals-swisslife.com
sso-geneveid.com
tv.surebettr.com
tv.yayins.com
zestyahhdog.com
zug-login.com

# Reference: https://www.virustotal.com/gui/ip-address/193.143.1.59/relations

bitp.funhaus.com.br
bitp.lesamisduvelo.fr
bitpa.adm-informatique.fr
bitpa.alkoukhonline.com
bitpa.amberconsult.com.ng
bitpa.ananyaholidays.com
bitpa.ananyaresorts.com
bitpa.ananyaventures.com
bitpa.arthamari.com
bitpa.beautygirlmag.com
bitpa.bocadosdeamor.com
bitpa.dealiatrade.pl
bitpa.dsborneo.com
bitpa.ektajain.com
bitpa.hippocampusinfotech.com
bitpa.lousamel.pt
bitpa.ludotenis.com
bitpa.matrixintertrade.co.th
bitpa.metodologiavirtual.com
bitpa.onpo.com.tr
bitpa.papoetoys.com
bitpa.racq2120.odns.fr
bitpa.registrocolegiados.cl
bitpa.ronafortuna.com
bitpa.ronakglobal.com
bitpa.sarkerrentacar.com
bitpa.telecos.com.pe
bitpa.tradingchilespa.cl
bp.3kmystore.com
bp.4dceria.com
bp.adlibmanagement.com
bp.affixsolution.com.br
bp.afrokulcha.co.za
bp.ainirentcar.com
bp.apotekavesta.rs
bp.appservice.com.mx
bp.aromatherapyacademy.com
bp.artemilenario.fr
bp.artnathacha.com
bp.be-tronics.com
bp.bizaccord.com.pk
bp.bloomfieldcthistory.org
bp.blueheadfilms.com
bp.branditmediahouse.co.za
bp.campovalepet.com.br
bp.checkedgar.com
bp.chuckoakes.net
bp.computertechsperts.com
bp.credencewatches.com
bp.ctgerizim.com.br
bp.diasecampos.com.br
bp.digitalforall.com.ng
bp.dilagosburguer.com.br
bp.dreamakerbd.com
bp.dremilio.com.br
bp.dungnguyenarchi.com
bp.e-drimer.pe
bp.ecce-groups.com
bp.ecomingrupo.com
bp.edu365pro.com
bp.emohoytsega.com
bp.erkutbarel.com.tr
bp.espace-food.com
bp.ets-kadydier.com
bp.excellentagro.biz
bp.faybd.com
bp.feedingspeedy.com
bp.gavasilva.adv.br
bp.gmseafood.cl
bp.grupoempresarialvasram.com
bp.haseed.com
bp.hex29.io
bp.holaquetal.tur.br
bp.homecityseremban.com.my
bp.hotel.co.tz
bp.hypercctv.org
bp.ibis-inspection.com
bp.induplastico.com.br
bp.instalarmacros.info
bp.itiss-cloud.com
bp.jerrylabriola.com
bp.jerrytalks.com
bp.josuesantana.com.br
bp.jprhelmet.com
bp.julianafabrizzi.com.br
bp.katariorganics.com
bp.kwickboxconsultant.com
bp.legitinteriordesign.com
bp.lexis.ma
bp.liazo.com
bp.lilianmeneghel-imoveis.com.br
bp.lionsdistrict23c.org
bp.lionslowvisionctr.org
bp.livingstonedameh.com
bp.lmmotors.com.pe
bp.mail.co.tz
bp.metodologiavirtual.com
bp.metse.co.bw
bp.mibusbolivia.com
bp.mirantedosgolfinhos.com.br
bp.montrexwatches.com
bp.moodle3.cfjulioresende.org
bp.mrsocial.io
bp.niemandsland.net.bo
bp.nynews.live
bp.payall.com.ng
bp.petercianciolo.com
bp.pilaresdealejandria.com.ar
bp.pncoaching.com
bp.pnmls.cd
bp.pousadavilladosgolfinhos.com.br
bp.powerunits.com.ng
bp.powerunits.ng
bp.quantum-ev.co
bp.radiopionerosfm.com
bp.ragdespace.com
bp.rarespeak.com
bp.ravinegloryhospital.co.ke
bp.realpromotora.com.br
bp.regig.org
bp.rowsolution.com
bp.sandrasperling.com
bp.sanymakmur-tc.com
bp.schulmanlaw.net
bp.sistem.eng.br
bp.sixfibras.com.br
bp.spotlesscrystal.com
bp.stwatertechnic.com
bp.t201.eliti.com.br
bp.taalisip.com
bp.techcube.in
bp.techdataminds.in
bp.tezas.in
bp.tracymasonmedia.com
bp.upvs.com.ng
bp.urushomestay.com
bp.venturarodrigues.pt
bp.westernhealthcareservices.com
bp.wissenfamily.org
bp.xyfinity.co.za
ddbyav.xiangjige.com
dibbadu.2kconstructores.com
dibbadu.4vipdjs.com
dibbadu.andresdeveloper.com
dibbadu.autobase.gr
dibbadu.byestrategica.com
dibbadu.centi.co.ke
dibbadu.fabconline.net
dibbadu.gaal0548.odns.fr
dibbadu.graphichub.in
dibbadu.hotelangasmayo.com
dibbadu.iiocouncil.com
dibbadu.inelco.com.mx
dibbadu.junoindia.com
dibbadu.kntgroup.co
dibbadu.logopidea.com
dibbadu.makeopportunity.org
dibbadu.onchange-group.com
dibbadu.pacegallary.com
dibbadu.rumahtua.net
dibbadu.saleseconomic.com
dibbadu.samaelcasanova.com
dibbadu.sc1ozko2782.universe.wf
dibbadu.sc4jtfu9765.universe.wf
dibbadu.showrender.com
dibbadu.techmarketim.com
dibbadu.tezas.in
dibbadu.trackingcookie.info
dibbadu.tuintiadmin.com
dibbadu.viproc.cl
flipdna.com
horoscopo-2022.org
horoszkop2022.com
newcp.agenciadss.com.py
newcp.amaya.cl
newcp.amshesp.com
newcp.appservice.com.mx
newcp.azharconstruction.com
newcp.carvalhocruz.com.br
newcp.celis-massage.fr
newcp.ciaosa.com
newcp.continentlpe.info
newcp.credillants.pe
newcp.diasecampos.com.br
newcp.drajna.ro
newcp.gridedge.com.au
newcp.ibis-inspection.com
newcp.izmircicekciler.com
newcp.marembal-group.com
newcp.simaltrading.nl
newcp.supraseg.com.br
newcp.thirtyline.com.my
newcp.uje.com.co
newcpp.75d7-4bcef4b19275.wptiger.fr
newcpp.adlibmanagement.com
newcpp.affixsolution.com.br
newcpp.agauto.co.ke
newcpp.akilimingi.com
newcpp.antaema.com
newcpp.arcaem.com
newcpp.asainformaticarj.com.br
newcpp.bbwayplastic.com
newcpp.blogcanadiense.com
newcpp.borchtechnology.com
newcpp.car.co.tz
newcpp.cbrsanpedrodelapaz.cl
newcpp.celloxwatches.com
newcpp.collecteau.fr
newcpp.cuentasstreaming.com
newcpp.desiexpats.com
newcpp.ecomingrupo.com
newcpp.educar.com.vc
newcpp.educarinformatica.com.br
newcpp.erkutbarel.com.tr
newcpp.exwebian.com
newcpp.fabconline.net
newcpp.farlujotna.sn
newcpp.fortclean.net
newcpp.foundingfarmerssnacks.com
newcpp.iiocouncil.com
newcpp.impulsedesenvolvimento.com.br
newcpp.informatikaunwaha.com
newcpp.iradio.co.in
newcpp.itiss-cloud.com
newcpp.jcgama.com
newcpp.kanderia.com
newcpp.kento.ec
newcpp.lycominggop.org
newcpp.manaliindiancuisine.es
newcpp.marthareingold.com
newcpp.math.shorbanggo.com
newcpp.mensmadness.com
newcpp.montrexwatches.com
newcpp.mopedic.gm.so
newcpp.moralesiluminacion.com.mx
newcpp.mysterebeauteproducts.com
newcpp.natural-ubiquinol.com
newcpp.nazathai.net
newcpp.nevestech.com.br
newcpp.nyaligalumni.com
newcpp.olivrodapatria.online
newcpp.pakrevolutions.com
newcpp.pantallita.com
newcpp.rayonclothings.com
newcpp.razhmana.com
newcpp.rplogistic.com
newcpp.sara-baby.dz
newcpp.sarmayenegar.ir
newcpp.sc2jtfu9765.universe.wf
newcpp.scandent3d.cl
newcpp.seo7sry.com
newcpp.skiener.ch
newcpp.socialstrategy.pk
newcpp.soteriabiblecollege.com
newcpp.spotred.co.ke
newcpp.supraseg.com.br
newcpp.tagudinmarket.net
newcpp.timezoneservice.com
newcpp.view-mind.com
newcpp.viralhab.com
newcpp.vows-plus.com
newcpp.wheelsofwilliamsport.com
newcpp.ximaluster.com
newcpp.youknowpeople.com
newscp.afrodigitaltd.com
newscp.balebuku.my.id
newscp.capitalrobotia.com.mx
newscp.clinicamaranatha.com.br
newscp.clinicdental.in
newscp.drmahadihasan.com
newscp.erdilmen.com
newscp.eschaton2012.ca
newscp.feedingspeedy.com
newscp.flashcenter.com.br
newscp.gssgroup.co.ke
newscp.hex29.io
newscp.induslab.net
newscp.irisspamysore.in
newscp.jarkonrel.com
newscp.kalnemi.org.mx
newscp.maeslanden.nl
newscp.marembal-group.com
newscp.mariomatic.com.br
newscp.marketeate.com
newscp.masterbusiness.adm.br
newscp.moodle3.cfjulioresende.org
newscp.musaston.com
newscp.nasseradv.com
newscp.nextnovatech.com
newscp.omicc.ca
newscp.printshopper.in
newscp.promoveazaonline.com
newscp.rplogistic.com
newscp.seo7sry.com
newscp.skainetwork.com
newscp.sosgestion.com.co
newscp.sunrialimited.com
newscp.sunrialimited.com.ng
newscp.superbicideermita.com.mx
newscp.titikakamining.pe
newscp.verdelima.com.br
newscp.victorgonzalez.ca
panda.ainaofficial.com
panda.aminadabelago.com.br
panda.appservice.com.mx
panda.beesboertm.co.za
panda.businessgroup.pk
panda.corazza.co.za
panda.iga.co.rw
panda.mopedic.gm.so
panda.mrf-uganda.org
panda.nsaservices.com.br
panda.nyaligalumni.com
panda.ordonezsrl.com.ar
panda.prvapomoc.org
panda.virtualeventscenter.net
panda.wookapp5.com
pipp.espace-food.com
pipp.phrapitta.com
pipp.rggrandhotel.com
pipp.skmuhibbahraya.net
pipp.tredamschools.com.ng
pipp.zero4communication.net
sharehippo.com
wilkersontech.com
yinghuaxia.com
yiyuanzhou.com
yuruifu.com
zhaoriyue.com
zhaosf.nl
zhenhuanyu.com

# Reference: https://www.validin.com/blog/pivoting-to-expand-threat-intelligence/

tl-group.org
tlgroupe.com

# Reference: https://x.com/4n6Bexaminer/status/1820718431257428297

http://193.124.185.23

# Reference: https://x.com/Huntio/status/1820797152085582112
# Reference: https://moonlock.com/loom-macos-stealer

http://147.45.199.1
http://85.28.0.47
dinoverse.app
dinoverse.co
landofdreams.io
smokecoffeeshop.com
tnelloproject.com

# Reference: https://x.com/4n6Bexaminer/status/1822281363946381501
# Reference: https://tria.ge/240810-q2exvawdjb/behavioral1
# Reference: https://www.virustotal.com/gui/file/5ddc1391142c64074354adc87c62f0a048704a490ee785412a64896b0271da39/detection
# Reference: https://www.virustotal.com/gui/file/90f20a29ecc7dfe78341f418105f96604ef412722b0e59e4f1b59a552b02da29/detection
# Reference: https://www.virustotal.com/gui/file/a30ddee89d8fdbb64e84643833ddd8e8fade1e9d98e695956a76a79e8fd7e1ee/detection
# Reference: https://www.virustotal.com/gui/file/e16130704c03cbff99d5990da4e40933347e26b711bfdc579eb99d82725d71f7/detection

http://109.120.176.156
megantic.online

# Reference: https://x.com/4n6Bexaminer/status/1822284540527640735
# Reference: https://www.virustotal.com/gui/file/8becf02ba162c3885ade87fb4634c5d119f411f11c2524284107c5555cbd9b87/detection
# Reference: https://www.virustotal.com/gui/file/305868a8be14bd82f86e6aaa4afd639ad10923741faffe921340dcfa2cdaf9e4/detection

http://185.7.214.148
cleanmylaptopmac.com
eurosocceradventure.com

# Reference: https://twitter.com/malwrhunterteam/status/1704395617399652572
# Reference: https://www.virustotal.com/gui/ip-address/159.203.89.132/relations
# Reference: https://www.virustotal.com/gui/file/ab00aaf35d2db919c71b65c7d8bcb5d3879dbf00b9ff136104caded2a70fc856/detection
# Reference: https://www.virustotal.com/gui/file/34ff1240fcaaae2a37665325f587affcf786cf2c875ea09b7b602a62599bca78/detection
# Reference: https://www.virustotal.com/gui/file/6d47c0554abb8187d4dfc36ad9a242da453f7942b5e60bb0ee170b54caac0cac/detection

cellasllc.com
apps.cellasllc.com

# Reference: https://x.com/malwrhunterteam/status/1794256341508468761
# Reference: https://www.virustotal.com/gui/file/89f991ea9ce2c5b59cc07b703d4052231603601aae1b35cc34b258089b5253d2/detection
# Reference: https://www.virustotal.com/gui/file/5879bcbc293a6278d57fcb61b40bc7f3b351be4307cf888769d726d603033a1b/detection

account.worldhealthresearch.org

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidon/
# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/

http://185.172.128.110
http://185.172.128.123

# Reference: https://x.com/MalGamy12/status/1826621858319663565
# Reference: https://www.virustotal.com/gui/file/6f429ae81ef2b99cd357ae51da315723ab10f3ee54780b82374000cbee430687/detection

http://45.93.20.174
activecitrux.com
aimodel.itez-kz.com
akool.cleartrip.voyage
akool.travel-watch.org
akordiyonegitimi.com
albert.flora-kz.store
andrewsheppard.com
apkportion.com
b.nenkinseido.com
basgitaregitimi.com
clear-trip-ae.com
cleartrip.voyage
flora-kz.store
flow-kz.store
haiper.cleartrip.voyage
haiper.itez-kz.com
haiper.travel-watch.org
havoc.travel-watch.org
highschools2009.com
imageunic.com
itez-kz.com
load.activecitrux.com
load.managerthreads.com
locktgold.travel-watch.org
managerthreads.com
millikanrams.com
newcastlelimos.com
ns1.millikanrams.com
ns2.millikanrams.com
openaai.clear-trip-ae.com
panel.x00x.online
sorablack.cleartrip.voyage
sunumofisi.com
sweethome.travel-watch.org
synthesia.cleartrip.voyage
synthesia.flow-kz.store
synthesia.travel-watch.org
travel-watch.org
uizard.cleartrip.voyage
uizard.flow-kz.store
uizard.travel-watch.org
weface.cleartrip.voyage
weface.travel-watch.org

# Reference: https://x.com/NDA0E/status/1826640848949575938

apple-kz.store
bendiregitimi.com
l.apple-kz.store

# Reference: https://x.com/maulikl/status/1826727004458422674

agattiairport.com
alcokz.net
basgitardersi.com
bignoxplay.com
freecad-build.com
journeyart.org
ldeogramm.com
leboncoin-fr.eu
leonardo-ai.me
softimageai.org
waltkz.com
sweetbonanzadeserts.com
adwq.leonardo-ai.me
asd.leboncoin-fr.eu
load.freecad-build.com
load.journeyart.org
load.ldeogramm.com
load.softimageai.org
loader.waltkz.com
ns.basgitardersi.com
test.alcokz.net
testtwo.alcokz.net
up.bignoxplay.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash&ref_id=f3f25cf2cce#tab=host_pairs_v2

akordiyondersi.com
albanianvibes.com
ambisecperu.com

# Reference: https://x.com/NDA0E/status/1827318701063860299

techdom.click
aimodel.techdom.click
face.techdom.click
facetwo.techdom.click
haiper.techdom.click
luminarblack.techdom.click
synthesia.techdom.click

# Reference: https://threatfox.abuse.ch/browse/malware/osx.amos/ (# 2024-08-25)

http://147.45.43.136
http://193.233.132.40
http://45.134.26.7
http://5.42.96.124
http://5.42.96.184
http://77.221.151.45
http://77.221.151.54
http://77.91.77.178
http://77.91.77.38
http://77.91.77.40
http://77.91.77.87
http://77.91.77.88
http://85.209.11.155
http://94.232.249.65
http://95.216.96.104

# Reference: https://app.validin.com/detail?find=413e3a6ee9a4cfe0763c01425a5c9ed0&type=hash#tab=host_pairs_v2

damobile.net
woltde.com
mulkrsvtolooy8s.woltde.com

# Reference: https://threatfox.abuse.ch/browse/malware/osx.poseidonstealer/ (# 2024-09-02)

http://147.45.47.170
http://185.235.128.217
http://185.28.119.85
http://194.59.183.241
185-235-128-217.netherlands-2.vps.ac
amika.pro

# Reference: https://www.virustotal.com/gui/domain/onlyfor.pro/detection

onlyfor.pro

# Reference: https://www.virustotal.com/gui/ip-address/193.233.132.137/relations
# Reference: https://www.virustotal.com/gui/file/0e520908d451c0366b600b08990e9f1958414fcdf67c9401c1319303e95847d9/detection

http://193.233.132.137

# Reference: https://x.com/privacyis1st/status/1840786883959251429

http://209.126.1.139

# Reference: https://x.com/osint_barbie/status/1840865672449995261
# Reference: https://tria.ge/240930-a1fjzsycmr/behavioral1
# Reference: https://www.virustotal.com/gui/ip-address/94.232.249.131/relations

alienmanfc6.com
apunanwu.com
cphoops.com
iloanshop.com
kansaskollection.com
ledger-cloud.com
makenleane.com
mdalies.com
modoodeul.com
pakoyayinlari.com
patrickcateman.com
phperl.com
stonance.com
utv4fun.com
/458f4bda41bc00314/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/6c7ec58378d6f18ab/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php?call=
/load.98cbab0be2fae96a53fd860e.php
/kusaka.php?call=
/kusaka.php

# Reference: https://x.com/ryanchenkie/status/1880730173634699393
# Reference: https://x.com/banthisguy9349/status/1881071388381032933
# Reference: https://urlscan.io/search/#81.19.135.228
# Reference: https://app.validin.com/detail?type=ip&find=81.19.135.228#tab=host_pairs (# 2025-01-19)

http://81.19.135.228
99smoothfm.com
altreklama.com
apcmidland.com
bellwethersurveys.com
benvixa.com
biztus.com
blogorious.com
brucall.com
caniberich.com
cdn-telegram.cyou
cpofficial.com
credovsnra.com
dazhongyao.com
devpe.com
dgsinfo.com
djhyzhicai.com
dunkdeal.com
ecolumy.com
escapeesrvclub.com
gokujoutabi.com
hhynetwork.com
hinckleywebandprint.com
hwebprint.com
jaffarkhan.com
jesumaraz.com
jpavuluri.com
koollyrics.com
kypeti.com
louisianaquickfind.com
loumvideo.com
lovlypets.com
macossoft.com
mascotaenadopcion.com
messiku.com
mx9x.com
netextendersupport.com
newtabwallpaperstheme.com
norikosumiya.com
omerve.com
oouatsup.com
picsler.com
pilzmacher.com
pimmes.com
playchees.com
qdhaoge.com
quevalencia.com
realbenies.com
rgueapp.com
roonvar.com
sarahwillemart.com
schytcdagl.com
shahrsaz.com
soccerimg.com
spalumiere.com
spbsky.com
studioq202.com
tao025.com
tao221.com
tao816.com
tao886.com
tao977.com
taytrin.com
teganlily.com
tiaoshibao.com
tjsemicoke.com
tssale.com
update-appstore.com
vladistudio.com
whsdns.com
wikishared.com
xiangtanjk.com
yaocanting.com
zhongdaauto.com
zoamaster.com
zontricks.com

# Reference: https://app.validin.com/detail?find=47516a2e04e9ef13d67927464651ba6c&type=hash#tab=host_pairs_v2

http://82.197.67.174
http://82.221.139.121
aiaggregator.com
archerwescott.com
bateriegitim.com
baumanufaktur-muenster.com
bjj-gameplan.com
leboncoin.legal
scrip.leboncoin.legal
script.techdom.shop
techdom.shop

# Reference: https://x.com/Malwarebytes/status/1843401297246269675
# Reference: https://www.malwarebytes.com/blog/news/2024/10/large-scale-google-ads-campaign-targets-utility-software

aerodrame.finance
creativekt.com
designexplorerapp.net
foreducationapp.com
studioplatformapp.net
turnrevenue.com
workmeetingsapp.com
clockify.turnrevenue.com
notion.foreducationapp.com
odoo.studioplatformapp.net
slack.aerodrame.finance
slack.designexplorerapp.net
slack.workmeetingsapp.com

# Reference: https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/

bowerchalke.com
carolinejuskus.com
cautrucanhtuan.com
dekhke.com
lirelasuisse.com
mensadvancega.com
mishapagerealty.com
pabloarruda.com

# Reference: https://x.com/suyog41/status/1851507299073864016
# Reference: https://www.virustotal.com/gui/file/a33705df80d2a7c2deeb192c3de9e7f06c7bfd14b84f782cf86099c52a8b0178/detection

http://194.169.175.117

# Reference: https://x.com/malwrhunterteam/status/1857726856675430531
# Reference: https://www.virustotal.com/gui/file/4fb1fa11f4077e8406ac11e55476d4f6852cc75087063b385060d81c9c166a7f/detection

http://70.34.213.27

# Reference: https://x.com/malwrhunterteam/status/1858482586583998838
# Reference: https://www.virustotal.com/gui/file/ca0f682a5f492c20181ddae738212c8490e4b8e0c1b4fa4b8f5bc48de4592fb7/detection

http://141.98.9.20

# Reference: https://x.com/banthisguy9349/status/1873402882424455582
# Reference: https://x.com/malwrhunterteam/status/1889723588195782906
# Reference: https://www.virustotal.com/gui/file/8d947518564bdbefc9af3811a44f856f8ceea0864cbc0a17f06c04f4f3a4a7d0/detection

http://141.98.9.201
http://141.98.9.202
http://141.98.9.203
http://147.22.1.1
http://147.45.43.49
http://185.174.136.197
http://192.233.132.188
http://193.124.185.50
http://193.124.185.53
http://193.124.185.54
http://193.233.132.126
http://193.233.132.131
http://193.233.132.132
http://193.233.132.138
http://193.233.132.155
http://193.233.132.168
http://193.233.132.188
http://194.120.116.186
http://5.44.41.73
http://85.192.63.234
77.221.134.79:5000
fantafab.com
/81bD01OkzH1z

# Reference: https://x.com/suyog41/status/1877182323340488974
# Reference: https://www.virustotal.com/gui/file/ee015087be69203435175c256ee689a00f9ec693e146536c8c132e3311975ec2/detection

http://81.19.135.54

# Reference: https://x.com/gregclermont/status/1877294378663784912
# Reference: https://www.virustotal.com/gui/file/fa1ffa024184f8ade3ef294b5a7a485a48f52361fbf53d37635c2079c57ebcbb/detection
# Reference: https://www.virustotal.com/gui/file/9a0065d15c985dc95189a5c9e808d0209b6d473dd6f44d328bd3c1d42aaabe4d/detection

brewmacos.com

# Reference: https://x.com/suyog41/status/1878707544576974922
# Reference: https://www.virustotal.com/gui/file/80f492d98f2f409de8d9bd4c35b4f4b616ea1e4e855ed3bdc46bf9a7a956f274/detection
# Reference: https://www.virustotal.com/gui/file/8d2bb3be043442dac22f480f02b449525d5ba99b25f95330b674b8face07bcea/detection
# Reference: https://www.virustotal.com/gui/file/b365ac9a8b2dac885d0dfbd765f4b7b08681e4429f0394781e7d0ccbc50d6044/detection
# Reference: https://www.virustotal.com/gui/file/e064ac38282b8abbca176fcee2e2c792e885c49254d986589d974186aecd940a/detection

http://217.69.2.169

# Reference: https://x.com/motuariki_/status/1851386452590158205
# Reference: https://binhex.ninja/malware-analysis-blogs/amos-stealer-atomic-stealer-malware.html
# Reference: https://www.virustotal.com/gui/file/2f1d906d4ddcdba0425062d3814c89a93a514491a92154be74a4643b5c8c4d14/detection

http://141.98.9.20

# Reference: https://x.com/suyog41/status/1881230577199902765
# Reference: https://www.virustotal.com/gui/file/b73216b8c63faf542814a99389fb63de5fddf3800305dbecfe7aa3b9c0d9ab2a/detection

b2eb-115-135-31-192.ngrok-free.app

# Reference: https://x.com/banthisguy9349/status/1881091525427503602

/H0qlUfGV5EU2zrp3wYKr0

# Reference: https://x.com/i/bookmarks?post_id=1881563556736545256
# Reference: https://www.virustotal.com/gui/file/08caa600a0a35bfbbc2f6465877aa28d94ab499c7ffda8b921fb26d3aa59fd15/detection

demeijer.cfd
praanic.cfd

# Reference: https://x.com/suyog41/status/1881944554993267176
# Reference: https://app.validin.com/detail?find=91.202.233.202&type=ip4&ref_id=1df54403cc8#tab=host_pairs

5rd5tgh.cfd
bfgnet.cfd
bfgnet.icu
bmwqq.icu
explosem.cfd
hdking.cfd
ssrtool.icu
twoc.life
yogeshlond.cfd

# Reference: https://x.com/suyog41/status/1882294278086656352
# Reference: https://www.virustotal.com/gui/file/bc933b5ecca8b3864741c92fe0682f41a36bf809862ec9a61b09c83ad7b3d6ce/detection

sbdar.com

# Reference: https://x.com/suyog41/status/1882665545948069933
# Reference: https://www.virustotal.com/gui/file/f8ee5a52ce151c8120f0824593a9d8e153fc925380afcdb1fcdba0fa16147174/detection

luumu.cfd

# Reference: https://x.com/suyog41/status/1883765480827338881
# Reference: https://www.virustotal.com/gui/file/545b52fa91376883bee84c1c3220b1f16d079c1d85718f6bfc1119d685675385/detection

rickardmetal.com
wiramulia.com

# Reference: https://x.com/suyog41/status/1884123851195572527
# Reference: https://www.virustotal.com/gui/file/a6b35fce9e362a29b298090279b87c206d74b1bc00db0b86781f0a68e560c8b4/detection

http://82.115.223.9

# Reference: https://x.com/malwrhunterteam/status/1887415640597647406
# Reference: https://www.virustotal.com/gui/file/ad4e08c042b0cb618c181be11d72bc049b3799dbb946d58502a6df84f64d2741/detection

http://65.20.101.215

# Reference: https://x.com/suyog41/status/1889669330822111694
# Reference: https://www.virustotal.com/gui/file/809c93b69787a489bc92720dae1d69d03e76251b0c93c6e5e0b7db1a8197af19/detection

gominnanoom.com

# Reference: https://x.com/suyog41/status/1889650750462308762
# Reference: https://www.virustotal.com/gui/file/0cf240e85b629990dcac1035207c0cb60af068a1e11b372af98ecf1767eae97d/detection

karinnapadilla.com

# Reference: https://app.validin.com/detail?find=193.143.1.177&type=ip4&ref_id=efdf26799e6#tab=resolutions

betabux.com
tattoobg.com
vocheng.com
4jslg.tattoobg.com

# Reference: https://x.com/suyog41/status/1891379925342679319
# Reference: https://www.virustotal.com/gui/file/2ce574b3c03b2562b4f2303b5e7a4f262868913d01957689f2fdf40a3ab352f1/detection

ttknives.com
zblong.com

# Reference: https://x.com/suyog41/status/1892460976441872634
# Reference: https://www.virustotal.com/gui/file/24b589981850a0b5646ffcbef4b660637153412d3c1b02e5e526a59ef8595be4/detection

http://45.9.117.152

# Reference: https://www.esentire.com/blog/fake-deepseek-site-infects-mac-users-with-poseidon-stealer
# Reference: https://github.com/eSentire/iocs/blob/main/PoseidonStealer/PoseidonStealer-2-12-2025.txt

manyanshe.com

# Reference: https://x.com/malwrhunterteam/status/1893253918450221381
# Reference: https://app.validin.com/detail?find=4da341eee54094c5f73798447dc4da93&type=hash&ref_id=9d7e2f80322#tab=host_pairs (# 2025-02-22)

http://45.93.20.152
45.93.20.152:22
chromiumdriver.io
chromiumdriverbackend.com
echonex.ai
nevex.app
nowsync.app
nowsyncbackend.com
signdocsback.com
us85web.us
zoombackend.xyz

# Reference: https://x.com/malwrhunterteam/status/1894017454113706430
# Reference: https://x.com/malwrhunterteam/status/1894017461927760345
# Reference: https://x.com/malwrhunterteam/status/1894024411780374748
# Reference: https://x.com/ValidinLLC/status/1895120872421437511
# Reference: https://app.validin.com/detail?find=GrassCall&type=raw&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)
# Reference: https://app.validin.com/detail?find=f28820f49d98f8f7cafca5c256f1b807&type=hash&ref_id=006bf001770#tab=host_pairs (# 2025-02-24)

alphawearmn.com
faceboock-page-support-manage.com
gatherum.net
grasscall.app
grasscall.net
grasscall.org
justworkpannel.icu
onda-zm.net
vibecall.app
wavecall.app
wavecall.ca
wavecall.cc
wavecall.co
wavecall.live
wavecall.org

# Reference: https://x.com/moonlock_lab/status/1894447597240140027
# Reference: https://www.virustotal.com/gui/file/fde8c0db46419585b0718c4df7e444d2aeee28b1fad771d39910389b529a8fad/detection
# Reference: https://www.virustotal.com/gui/file/2581a2b05bb39f16562b652311d8f5381a132cc31873c38312684c7a33520706/detection

asa-content-network.s3.us-west-2.amazonaws.com

# Reference: https://x.com/victorkubashok/status/1894737054841335964

miliste.com

# Reference: https://www.seqrite.com/blog/unmasking-grasscall-campaign-the-apt-behind-job-recruitment-cyber-scams/
# Reference: https://www.virustotal.com/gui/file/b63367bd7da5aad9afef5e7531cac4561c8a671fd2270ade14640cf03849bf52/detection

http://147.45.60.20
147.45.60.20:5000
147.45.60.20:8080

# Reference: https://x.com/suyog41/status/1897979588665655589
# Reference: https://www.virustotal.com/gui/file/c9e1af28664983105a2323974e41c7583b89ba175851195da31a662b6b7bfd54/detection

tarhnegasht.com

# Reference: https://x.com/malwrhunterteam/status/1898292008281575545
# Reference: https://www.virustotal.com/gui/file/d90b53c9aa6709339f989b23291def00f68d640e65505c76f6e8682a63c6e935/detection

http://95.164.53.3

# Reference: https://x.com/malwrhunterteam/status/1902667337297170664
# Reference: https://app.validin.com/detail?find=561a327cb399f779a2266e742be2cd33&type=hash&ref_id=9ca321c580e#tab=host_pairs (# 2025-03-30)

playrocketgalaxy.net
playrocketgalaxy.world
rocketgalaxy.io
rocketgalaxy.world
rocketgalaxyworld.com
wayoutstars.com

# Reference: https://x.com/malwrhunterteam/status/1903189675793146333

celusion.us

# Reference: https://x.com/malwrhunterteam/status/1904124859216490610
# Reference: https://www.virustotal.com/gui/file/eeb2e5f06ef8da29a56d1779c1590d82c76b031e7718d0f6c46d1cb57c036d8e/detection

http://85.209.128.59

# Reference: https://x.com/malwrhunterteam/status/1904124773057105923
# Reference: https://www.virustotal.com/gui/file/a13dfdfccc71c26464da61de63f5ff296b3ec90adbb648d42b9861c8c3e422cb/detection

http://45.140.13.244

# Reference: https://x.com/malwrhunterteam/status/1904220955880177895
# Reference: https://app.validin.com/detail?find=213.21.237.149&type=ip4&ref_id=79c3e6f6820#tab=resolutions (# 2025-03-24)

buzztalk.io
gatori.space
monstersdiscovery.com

# Reference: https://x.com/malwrhunterteam/status/1904256374550462605
# Reference: https://www.virustotal.com/gui/file/be3e3c77cf578c6458d515c5a49cfab653df3ba10ccb86e9d13d2376e24483fb/detection

http://45.131.215.191

# Reference: https://x.com/malwrhunterteam/status/1904592976745034180

rocketrumble.xyz

# Reference: https://x.com/malwrhunterteam/status/1905579706222526890
# Reference: https://app.validin.com/detail?find=6b3a5edfe0448f2e93c091abffba96ba&type=hash&ref_id=e2c75a4c57d#tab=host_pairs (# 2025-03-28)

http://77.221.152.24
stone-hunt.com
stone-hunt.io

# Reference: https://x.com/malwrhunterteam/status/1905686280916402299
# Reference: https://app.validin.com/detail?find=8947c73a5933e1d12d23d74fb5dd7864&type=hash&ref_id=8d8694f68ac#tab=host_pairs (# 2025-03-29)
# Reference: https://app.validin.com/detail?find=d530c7a5c822ae0f952338b43ecd8849&type=hash&ref_id=ebeafce65ac#tab=host_pairs (# 2025-03-29)
# Reference: https://www.virustotal.com/gui/file/743a528f1e4f509baa1a6236d9b55464aa0bb465dbe9016249b01f47e3ba4438/detection

my-design.pro
prepaid-au.com
ultrawiew-account.top
wwwpersec.org

# Reference: https://x.com/malwrhunterteam/status/1905528981698281825
# Reference: https://www.virustotal.com/gui/file/1cf676d1e21e8c26eeb0f5375ca7473344cc1510828725587e71b36a7dd1c32f/detection
# Reference: https://app.validin.com/detail?find=Notion%20Desktop%20App%20for%20Mac%20%26amp%3B%20Windows%20%7C%20Notion&type=raw&ref_id=bde04d0cd30#tab=host_pairs (# 2025-03-29)

notiondesktop.com
notiron.org

# Reference: https://x.com/malwrhunterteam/status/1908258300904288529
# Reference: https://x.com/k3yp0d/status/1908801323933339889
# Reference: https://www.virustotal.com/gui/file/0e87f86ec05ceac7f6476b2b9729e5eda1a28fae10198f8af38d88182de94b5a/detection

captcha-cdn.com
captcha-verify-2q7y.com
captcha-verify-6r4x.com
captcha-verify-9h5v.com
jdiazmemory.com

# Reference: https://x.com/malwrhunterteam/status/1909171425778229705
# Reference: https://app.validin.com/detail?find=chattix&type=raw&ref_id=1ccca210e4c#tab=host_pairs (# 2025-04-07)

beepx.app
chattix.us
miycrellatio.com

# Reference: https://x.com/malwrhunterteam/status/1910055525791814128

mktgweb3.com

# Reference: https://x.com/RussianPanda9xx/status/1910777989840749047

http://85.192.37.66

# Reference: https://x.com/malwrhunterteam/status/1911667841113194722
# Reference: https://www.virustotal.com/gui/file/292df3cc6e89f9dd3b7b29680a6d72b29e6579956dfc25163b2c99840c6035e0/detection

koreablockchainweek.app
o-sn.com
adservice.o-sn.com
appleid.o-sn.com
bin.o-sn.com
blog.o-sn.com
docs.o-sn.com
facebook.o-sn.com
geolocation.o-sn.com
support.o-sn.com

# Reference: https://www.virustotal.com/gui/file/a177e43bcdcbf4a824f2d37ebd62d10e2245c1513d05aea292779e593a7b9176/detection

http://192.124.178.88

# Reference: https://x.com/malwrhunterteam/status/1912815854535823504
# Reference: https://www.virustotal.com/gui/file/1ba47b1d35c38d5c39f187f7e729eb28ce26359f5e9bddd7192679c51d4cda83/detection

http://85.192.49.118

# Reference: https://x.com/suyog41/status/1913141025549476141
# Reference: https://www.virustotal.com/gui/file/e539b6b53cf7009e86d0ddb279dec9b84a099aa8c8b2ecd18d65ee17538d772a/detection

gq8ruzk1h3a8.cfd

# Reference: https://x.com/motuariki_/status/1914649222164718077
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/22-04-2025-Amos-C2-IPs

http://138.124.50.93
http://45.94.47.102

# Reference: https://x.com/malwrhunterteam/status/1914948114705764785
# Reference: https://www.virustotal.com/gui/file/adb30f7ba534207834d9ab8d2c197bf78382be23d28bb17db7c52a3b956c0bb5/detection

esramon.com
security-2k7q-check.com
security-check-l2j4.com
security-check-u8a6.com

# Reference: https://x.com/malwrhunterteam/status/1917491170562687184
# Reference: https://app.validin.com/detail?find=bb319c1ddca7fb76e92556a03f854cac&type=hash&ref_id=077f3a32259#tab=host_pairs (# 2025-04-30)
# Reference: https://www.virustotal.com/gui/file/0f0b26beee869a2882e89efb1151cd4bc885b9b7a0884412d19f87176674afa3/detection

dakarsecurity.com
dancinspirit.com
hbgsecurity.com
lammysecurity.com
security-2u6g-log.com
security-3a7q-run.com
security-6u0g-log.com
security-7f2c-run.com
security-9y5v-scan.com

# Reference: https://x.com/malwrhunterteam/status/1914932549790388269
# Reference: https://www.virustotal.com/gui/file/cc2fa0495b0ef3a6e310bfb7b81a302f6f1b245a7d3d12d77d4e0094e8845809/detection

skytribes.io

# Reference: https://x.com/suyog41/status/1915312489509917167
# Reference: https://x.com/malwrhunterteam/status/1915708059235614881
# Reference: https://app.validin.com/detail?find=eff38f1dda00ae10d3fbf51d8ea42242&type=hash&ref_id=c5baa3c43dd#tab=host_pairs (# 2025-04-25)
# Reference: https://www.virustotal.com/gui/file/4b277c6293ce6d6ff45b89c948e0f9b632c2048d2c3adad5f9179efe34a67981/detection
# Reference: https://www.virustotal.com/gui/file/fdb82e2ad560677d241bd7139995e56295001bc3ef72c67173ae91d5db85cc46/detection

aimplyhired.com
gknkargo.com
mapersan.com
morholding.com
sfmontage.com
form.gknkargo.com
ns1.morholding.com
tt.mapersan.com
tt.morholding.com

# Reference: https://x.com/malwrhunterteam/status/1915818585248645399
# Reference: https://www.virustotal.com/gui/file/1bf39bfbe6617e698a653a95606464cbbaf23bf648978fca646e778f4ffacdaf/detection

otter.live

# Reference: https://x.com/malwrhunterteam/status/1916744699835990021
# Reference: https://www.virustotal.com/gui/file/4924ff91e9be84960f9241130e080bb5f3cbf19f17f62e1fc15e48fb6852cd89/detection

http://199.247.9.173

# Reference: https://x.com/malwrhunterteam/status/1916745410581860669
# Reference: https://www.virustotal.com/gui/file/a8775aa6f0c3f3e877ab193586c0e89f083c519c682ba04981ef9e597be76cd0/detection

fetuchini.store

# Reference: https://x.com/malwrhunterteam/status/1917463094608998753
# Reference: https://www.virustotal.com/gui/file/b2b1ca4da78e91954934bc136ce01f8e5a52bb2d05db300ef743c69b1aa8b27f/detection

http://45.94.47.103

# Reference: https://x.com/NullPwner/status/1917702021618229610

http://5.199.166.102

# Reference: https://x.com/suyog41/status/1919259009942712396
# Reference: https://www.virustotal.com/gui/file/f16e85daa5288386169d8355082f02d26dd432cabb9e3b08f9fdf0430c2de883/detection

http://45.94.47.120

# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/07-05-2025-Amos-C2-IPs-Domains

http://193.143.1.177
http://62.60.249.105

# Reference: https://x.com/malwrhunterteam/status/1920161661014466729
# Reference: https://www.virustotal.com/gui/file/1e73b673bce06f26aa4c32f1af76698e2aa59706a61b60ba75c3c4ed7991172a/detection

app-storage-one.xyz

# Reference: https://x.com/NullPwner/status/1921157529188368830

http://83.222.190.214
odyssey-st.com

# Reference: https://x.com/malwrhunterteam/status/1922409101381742890
# Reference: https://www.virustotal.com/gui/file/a4e36aaebbf904ad8b7639e86b4642a5d5d5407b23c7433daa89c20e1b5d6364/detection

http://45.94.47.145

# Reference: https://x.com/skocherhan/status/1922462317838516405
# Reference: https://app.validin.com/detail?find=ffe32014afcaa1d3f9b404e50d7e157a&type=hash&ref_id=86fe6b7b889#tab=host_pairs (# 2025-05-014)
# Reference: https://www.virustotal.com/gui/file/4c9a8ed229ddfab40582cfb3492a7ff8d5ef2186f43045516272426b6629871e/detection

ads.lantwrk.com
airportsock.xyz
casinojackpotmst.com
com.airportsock.xyz
conuous-tahations.com
darthtieflyer.com
endise-everning.com
etf-alerts.com
go.performance-checkout.com
go.shape-capsules.shop
hargin-bothmerge.icu
lantwrk.com
mingdomrelloon.com
minsitorconsing.com
performance-checkout.com
rinput-vionably.com
samates-seachades.com
secure.etf-alerts.com
shape-capsules.shop
soft2trak.com
sushementgoisermal.com
tpm.prplflowpath.com
track.darthtieflyer.com

# Reference: https://x.com/malwrhunterteam/status/1922700020702142829
# Reference: https://app.validin.com/detail?find=CleanShot%20X%20for%20Mac&type=raw&ref_id=b184cd5f93a#tab=host_pairs (# 2025-05-30)

cleanshotx.cfd
download-cleanshot.cfd

# Reference: https://x.com/motuariki_/status/1924330564880159165
# Reference: https://github.com/motuariki/IOCs/blob/main/MacOS%20Stealer%20Malware/19-05-2025-Amos-C2-IPs-Hashes
# Reference: https://www.virustotal.com/gui/file/3bbda6c3695399c068d67c3bc69d92d015d5330ee1176df40c2a521f0416b20f/detection
# Reference: https://www.virustotal.com/gui/file/df5052263fd16e5c34935b58b6d9d76465df0a3c3a1ebfb700e511e936e25dec/detection
# Reference: https://www.virustotal.com/gui/file/aada5d93f099887d6e73e1744ff1e8db9ac18c721266eb4c4c7ba840985c6ce9/detection
# Reference: https://www.virustotal.com/gui/file/36742ba59a06e80703730676f72295f3b06730883d7979eeb93df730d754504a/detection

http://45.94.47.146
http://45.94.47.147
http://85.192.56.11

# Reference: https://x.com/malwrhunterteam/status/1924723878355484874
# Reference: https://www.virustotal.com/gui/file/f573c91f615401caef2c99f93548a54f0bbcfc018e22550cb552b45c03d60312/detection

hubservices.vip

# Reference: https://x.com/malwrhunterteam/status/1924721481725923662
# Reference: https://www.virustotal.com/gui/file/75505c08bbfa79e562a0c7dc9d90ea7cce2364a2a20f459232457921a5653373/detection

odyssey1.to

# Reference: https://x.com/malwrhunterteam/status/1925495994885509270
# Reference: https://www.virustotal.com/gui/file/c51786875f1cb268118924aec263514df8069d68cf85f7fed1c2bf6bf6095c4b/detection

entrepreneurshipvillage.com/wp-content/uploads/2021/02/grecaptcha

# Reference: https://x.com/malwrhunterteam/status/1925635508102664267
# Reference: https://app.validin.com/detail?find=2d6f9183dede2e79c7de9b1c04d953fe&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=d3e241db244235d7e36764353b787de0&type=hash&ref_id=d19b8984db4#tab=host_pairs (# 2025-05-23)
# Reference: https://app.validin.com/detail?find=92b908ef253b41d6f4d6f2dc22d9f62c&type=hash&ref_id=fd767f2fc87#tab=host_pairs (# 2025-05-26)
# Reference: https://www.virustotal.com/gui/file/29b039685d5d3893ff13f0478fe8024cdba74120423b8908aa7777008fd8ba3e/detection

applevpns.com
isnimitz.com
macostutorial.com
meu-inssgovbr.online
specter-storage.com
webull-storage.com

# Reference: https://x.com/malwrhunterteam/status/1926204525435588835
# Reference: https://www.virustotal.com/gui/file/c7516e75f2ffa0626b854c685bde01cfd4a80f015ed6b2ea1833237a5387139f/detection

hostmac.cloud

# Reference: https://x.com/NullPwner/status/1926570453004382511

http://194.26.29.217

# Reference: https://x.com/RussianPanda9xx/status/1908595970352218609
# Reference: https://x.com/banthisguy9349/status/1926982451722682697
# Reference: https://trac-labs.com/the-wagmi-manual-copy-paste-and-profit-2803a15bf540

afhousing.com
arisheema.com
asoonworld.com
azaanamjad.com
bedavavideoizle.com
bexarmg.com
bikeabq.com
bitcowe.com
chantalrae.com
downloadmacos.com
escapeesrvelub.com
etechnix.com
fioregarden.com
followerstik.com
gadesive.com
gardenierbi.com
hesingue.com
kbcokc.com
kosmosgrid.com
lenoreinc.com
lildevi.com
m-e-a-s.com
mrkenallen.com
novalur.com
nullitax.com
peperinty.com
pixoos.com
planetajanta.com
posesinpanni.com
realtorrohe.com
sabbih.com
simchatime.com
sqairs.com
stickynuggzinc.com
stivaliserna.com
superbaccessories.com
thotlog.com
tjporktrace.com
trazeall.com
ugspy.com
vbeltdrives.com
vuwzer.com
xiaoll.com
yvngvualr.com
/macshare.php
/macshare.php?call=

# Reference: https://x.com/suyog41/status/1926979425079373901
# Reference: https://www.virustotal.com/gui/file/4d3db335f35c4f966e34536895ec6ec11b57c98dcd5b0f3f0c6d143bdce9154b/detection
# Reference: https://www.virustotal.com/gui/file/8b603859ead00473086003dcaa470c1498742328c12face7d878a0d324e4763c/detection
# Reference: https://www.virustotal.com/gui/file/dd0b4a7bbd1940b64eede8346cb7f2f79884e030eb8d44d4a8d1e85919edbfe0/detection

http://45.94.47.136
http://45.94.47.157

# Reference: https://x.com/skocherhan/status/1927086251716354558

applejoins.com
bybapeaches.com
granniesblog.com
maruniryutsu.com
netdepnoithat.com
viicandle.com

# Reference: https://moonlock.com/anti-ledger-malware

http://138.68.93.230
lagkill.cc

# Generic

/Arc12645413.dmg
/AGOV-Access.dmg
/otherassets/botnet
