# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/gui/file/06e3abeed1bc98ed56d5587e9732c9d39ea41879c250dff68ce8815953fcf7ad/detection

196.217.98.188:8080
liouas.ddns.net

# Reference: https://www.virustotal.com/gui/file/ed91f9fee04d08dc613e56eedf98b8c56a6e1e6be8ff3f29360550a2ef98c886/detection

91.193.75.132:2343
2343.hopto.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2023-01-10%20XWorm%20IOCs
# Reference: https://www.virustotal.com/gui/file/a86d61c62ad71f43dc2ad27a876ddccffab8d038d1f8b70248f4d4586c64d1ea/detection

su1d.nerdpol.ovh

# Reference: https://twitter.com/c_APT_ure/status/1621579054888501249

147.185.221.223:30420

# Reference: https://www.virustotal.com/gui/file/e6bf87ec571628e096e6505ee87f617f594ed7664782bf4f82810be28028147b/detection
# Reference: https://www.virustotal.com/gui/file/e58026e101ae93162cbf114997a2a2c78a80adfb6e6469823dd0d90572cef140/detection

154.12.234.207:7000
207.244.236.205:7000
mywormtwon.ddns.net
wormxwar.ddns.net

# Reference: https://twitter.com/InQuest/status/1626758679843205120
# Reference: https://twitter.com/Gi7w0rm/status/1626763227643224064
# Reference: https://tria.ge/230218-b9ngmaad96/behavioral2

45.139.105.105:7000
stanthely2023.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2b786b8895d814c5d825f4eac99b009eb6aa16f66f6e5191b023e4ebc99fda66/detection
# Reference: https://www.joesandbox.com/analysis/811606?idtype=analysisid#iocs

209.145.51.44:7000

# Reference: https://twitter.com/suyog41/status/1631191121660444674
# Reference: https://www.virustotal.com/gui/file/098c9ebce4811fd2bb86654911581f21eb473f7afd5d27f7c09db57d5bfc1b62/detection
# Reference: https://www.virustotal.com/gui/file/aca8bf1de89203e445270f3cc76b3eaf9190b57fa35ef0d4425528ee639366cb/detection

209.25.140.180:38979
209.25.141.180:38979
according-psp.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/a7c707d2409f0190693aa7a7223c2576262b5bcd9da42ff5c3b375826c32b222/detection

91.193.75.191:55443
vcmkpl.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1638652084492070912
# Reference: https://app.any.run/tasks/500f883b-fe97-44e1-a87f-67101bd0c30c/

95.214.24.38:5000
updateccdata.duckdns.org
urlcallinghta6.blogspot.com

# Reference: https://twitter.com/ScumBots/status/1639388448967766016
# Reference: https://www.virustotal.com/gui/file/01407e324f0b8090467eded47a97acbdb3ef42d0f12820cd57b0bc5b87ffe510/detection

181.141.1.67:3737
wormsito.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3964d69f2a321257a8a745aa9583eaed3cb53c070f79eba3945f6506dda0a2cb/detection

31.220.76.124:2137

# Reference: https://twitter.com/phage_nz/status/1653173706951397376
# Reference: https://www.virustotal.com/gui/file/5814ab23cf46820a0f911fac078dbe77a521ee36722ae2ac313c54c04e0c5601/detection

141.98.6.220:7001

# Reference: https://www.securonix.com/blog/securonix-threat-labs-security-meme4chan-advisory/
# Reference: https://otx.alienvault.com/pulse/64624bf528c55e0976f2bf71

kbowlingslaw.com

# Reference: https://twitter.com/suyog41/status/1671102046324269059
# Reference: https://www.virustotal.com/gui/file/22af50c2e5d1f1efcf96e317c22af9bbf6f31705c7575454e6314eaf7d131929/detection
# Reference: https://www.virustotal.com/gui/file/6671bd81d7714bbfd2189dd1642ae4c3789c02e06c5afaad1e26c3632974b124/detection

167.94.81.75:63434

# Reference: https://www.virustotal.com/gui/file/128a56ddbecc3d569646730bdccce1c045479122061f4d0feb8ec24670374eb2/detection

213.152.161.240:58538
notaire8081.duckdns.org

# Reference: https://twitter.com/suyog41/status/1678763978925932544
# Reference: https://www.virustotal.com/gui/file/331549b24c0e2eefd56c4dc74806aeaeab706fee5ddb019763330c811b6fb9e0/detection

194.59.31.105:7398
85.208.139.131:222

# Reference: https://threatfox.abuse.ch/ioc/1139291/

173.249.196.39:7092

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/

149.102.231.91:5000
20.125.118.35:7000
3.69.115.178:14042
zoer12.dns.army

# Reference: https://twitter.com/JAMESWT_MHT/status/1683405358272839680

stores-anytime.at.ply.gg

# Reference: https://twitter.com/g0njxa/status/1685615126412414976

51.107.0.117:4954

# Reference: https://twitter.com/ScumBots/status/1685849690221199360
# Reference: https://www.virustotal.com/gui/file/72ab332da034bd819d83d26272974048b24de773a3440d641202872161b3e514/detection
# Reference: https://www.virustotal.com/gui/file/a4ea9aac544248e1346d88e3c93fbc6973419ff7ce5266c7cb00be39518f1f11/detection

173.0.60.172:7000
dapperdesigns.for-better.biz

# Reference: https://www.virustotal.com/gui/file/52634ade55558807042eae35e2777894e405e811102e980a2e2b25d151fde121/detection

167.235.75.225:8895
momentmoney79.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f03e6bd8d447536298483d8b57996e966c2a26baea8caa12fbca52300151edae/detection

108.62.118.133:9734

# Reference: https://twitter.com/AnFam17/status/1687723698273595393
# Reference: https://www.virustotal.com/gui/file/2951cb766b89f9e3e65902fec634ed924168629f2dd3a178ba753e66ce4be73f/detection

http://173.249.39.21
173.249.39.21:5000

# Reference: https://www.fortinet.com/blog/threat-research/malware-distributed-via-freezers-and-syk-crypter

http://95.214.27.17
154.53.51.50:7000
185.174.101.131:7000
185.174.101.90:7000
209.126.87.35:7000
31.220.99.254:7000
45.151.122.57:7000
82.197.65.12:7000
85.239.237.141:7000
89.117.73.168:7000
95.214.27.17:8972
churchxx.ddns.net
freshinxworm.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/179.13.3.110/relations

apploak.duckdns.org
datosinfomativos12.duckdns.org
desdetre.duckdns.org
estrenos12q.duckdns.org
fantasmas145.duckdns.org
misdominios2024.ddnsguru.com
misterios140.duckdns.org
mistersalsa12.duckdns.org
newera2011.duckdns.org
xwormejor12.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3b5fc5f386c9dbbb93c2b1d5b33feaca132e9eb53744a495c75e76a6921c3ebc/detection

103.47.144.14:6644

# Reference: https://www.virustotal.com/gui/file/76e382de0ea4dbd364ac8d9878e0b419d6a8d3536de3b6ca36ee38d335e3446c/detection

209.25.140.212:48414
209.25.141.212:48414
209.25.142.212:48414
is-crawford.at.ply.gg

# Reference: https://twitter.com/Gi7w0rm/status/1694139192379334803
# Reference: https://tria.ge/230822-3m8ylahf9w/behavioral1

209.25.141.180:48892
209.25.141.181:40625
209.25.141.211:49826
209.25.141.223:45283
180.ip.ply.gg
miles-c.at.ply.gg
topics-junior.at.ply.gg

# Reference: https://twitter.com/suyog41/status/1694215167729598470
# Reference: https://www.virustotal.com/gui/file/dcc9780ce890c8caf79e5f3147cacd14b1f4e06c307e3bdfc8903ff2dfd90c19/detection

185.179.218.240:8081

# Reference: https://www.virustotal.com/gui/file/dc6f4ca2f9b7de5f3e7f9bb25dffd1d89043f1db95537908c0d59ae7e025d3d9/detection

83.143.112.45:7000

# Reference: https://twitter.com/petrovic082/status/1695718494451458242
# Reference: https://twitter.com/petrovic082/status/1695719606093054213
# Reference: https://app.any.run/tasks/3a32eeca-6c15-4100-b901-d8d92255f640/

88.229.76.29:8080

# Reference: https://www.virustotal.com/gui/file/0608af5ecb090af15ea0593e71b2f05d6594726915c91d92dd5e0dcebd60e492/detection

172.94.105.98:3000

# Reference: https://any.run/malware-trends/xworm

abom7md.duckdns.org
church-apr.gl.at.ply.gg
d7meyrat.ddns.net
https.myvnc.com
jajaovh.duckdns.org
kaught-53088.portmap.host
liveroman228-26531.portmap.host
please-co.gl.at.ply.gg
show-cottages.at.ply.gg
society-mastercard.at.playit.gg
test-theorem.gl.at.ply.gg
trial-pour.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/6e0df2a748927a28875f76eb917f71fe8ee2a9b2004c9b7d2742a654aae0238e/detection

34.227.114.203:7000
brasil.ddns.com.br

# Reference: https://www.virustotal.com/gui/file/888e076a0949bf1ab6297ebc9b089e8d1f926c7186b115dbbb44611f57b783c8/detection
# Reference: https://www.virustotal.com/gui/file/79750b3e59c64c381067d5dd07a174e746625b64f13cefe07671042676337185/detection

154.53.63.206:7000
185.111.156.133:7000
freshwarsmi.ddns.net

# Reference: https://www.virustotal.com/gui/file/fbb2f988d97221e62771f56ed0d7bb172c5738d1bbde76164d0ca830ed59e8af/detection

207.244.242.177:7000
mikexwormxxxyy.ddns.net

# Reference: https://www.virustotal.com/gui/file/b706aac7ee3800adff6df6bcd2ad3164ae34f71ab47399c1811daa664fdec247/detection
# Reference: https://www.virustotal.com/gui/file/0886ade2d19b2cb43c370190df382d3686c2364b246fc466ccf775b60a62c6a0/detection

154.53.51.233:7000
89.117.72.232:7000
secoundxwormm.ddns.net

# Reference: https://gi7w0rm.medium.com/uncovering-ddgroup-a-long-time-threat-actor-d3b3020625a4

randall010.camdvr.org

# Reference: https://www.virustotal.com/gui/file/67de54a5271a2354b492bbaf5bbead07cc1e24fd5efa94bdac2fc30f0475db1a/detection

41.216.188.29:7000

# Reference: https://www.virustotal.com/gui/file/9198c970d6b61c1f22b6e2e4065fd99e8fd107c3bb8162c8aef56559459e9ff1/detection

217.229.108.168:1

# Reference: https://www.virustotal.com/gui/file/01856345569ffabd2504f9b9d102014c0119184660b25cea2c55db4d67c8c349/detection

147.185.221.16:12379
electric-desert.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/ip-address/2.59.254.205/relations

hotexworm.duckdns.org
newxworm.duckdns.org
xwormfresh.duckdns.org
xwormpeople.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2023-09-15)

http://154.61.71.51
101.99.92.134:9008
103.187.4.59:62400
104.129.24.110:55226
109.195.94.247:7000
13.48.68.245:4449
139.59.42.121:49258
142.132.227.161:7000
142.202.240.88:253
147.185.221.15:10177
147.185.221.16:15294
147.185.221.16:18244
147.185.221.16:39035
147.185.221.180:36603
147.185.221.180:4310
15.204.37.12:5008
152.67.162.194:10001
154.127.53.162:7007
16.16.96.108:4449
162.251.123.54:1337
168.119.98.142:4100
172.111.138.90:2221
176.205.45.103:4782
185.169.1.59:42069
185.17.26.114:7000
185.179.219.117:5002
185.225.73.47:1111
185.225.73.47:2222
185.241.208.173:7000
193.161.193.99:35943
193.161.193.99:43625
193.42.33.22:5555
194.145.138.85:1604
194.145.138.88:1604
194.228.111.236:7000
194.87.151.125:7398
194.87.151.19:7077
199.66.93.150:1337
2.58.56.249:8000
20.0.32.252:7000
20.219.15.124:2239
20.25.157.149:1234
20.25.157.149:4567
20.56.93.201:1604
204.13.33.68:1338
206.189.139.209:20715
207.32.217.73:2048
208.115.223.202:12999
209.145.57.6:8081
209.25.140.223:18381
209.25.141.181:51957
209.25.141.181:52055
209.25.141.2:43784
212.154.51.245:90
23.227.198.214:7777
3.126.37.18:14586
3.7.61.252:2339
3.72.8.200:7000
44.201.221.153:7000
45.130.141.212:7000
45.145.166.131:666
45.61.130.7:1010
45.81.225.208:7000
45.88.67.75:3333
64.235.38.13:2911
66.94.101.239:8081
67.61.188.116:7777
67.61.188.116:8848
67.61.188.118:3232
77.248.111.83:2404
79.110.62.143:7000
81.161.229.202:6601
95.214.26.78:5566
95.214.27.226:7000
aid-poly.at.ply.gg
americanibombardano.ddns.net
amz-worm.ddns.net
an-encoding.at.ply.gg
ana1.con-ip.com
angmmox.con-ip.com
animals-sewing.at.ply.gg
apexcv.ddns.net
average-danish.at.ply.gg
awgaegsrgcs.duckdns.org
behind-him.at.ply.gg
big-stayed.at.ply.gg
box-byte.at.ply.gg
browser-bangladesh.at.ply.gg
bush-gain.at.ply.gg
caloi1920.ddns.net
channel-diane.at.ply.gg
comes-reasoning.at.ply.gg
common-pharmacies.craft.ply.gg
computers-directory.at.ply.gg
computers-ed.at.ply.gg
davizshadow.duckdns.org
default-official.at.ply.gg
dejvicek-52169.portmap.host
dejvicek-62577.portmap.io
deletedapo-46418.portmap.host
design-utilize.craft.ply.gg
display-trade.at.ply.gg
distance-key.at.ply.gg
documents-ultra.at.ply.gg
during-widespread.at.playit.gg
egleooogom.duckdns.org
either-puzzle.at.ply.gg
employees-spa.at.ply.gg
even-house.at.ply.gg
exops-31573.portmap.host
faculty-symbols.at.ply.gg
feel-herbal.at.ply.gg
flowers-ak.at.ply.gg
freed11231.duckdns.org
ftap-29332.portmap.host
german-sip.at.ply.gg
get-dig.at.ply.gg
gunitp.duckdns.org
h0x351.ddnsfree.com
harrypotta-35943.portmap.host
harrywilly.ddns.net
head-transit.at.ply.gg
herbet.ddns.com.br
history-periodically.at.ply.gg
hope-duck.at.ply.gg
house-induced.at.ply.gg
http202suspend-33946.portmap.host
ichbineinvogel2.duckdns.org
instruments-specials.at.ply.gg
jeanjaques.ddns.net
johnnew12.duckdns.org
johnny1234.duckdns.org
jxworm2ndport.duckdns.org
kids-abstract.at.ply.gg
killertype.ddns.net
leakportsnext.duckdns.org
license-donna.at.ply.gg
links-recovered.at.ply.gg
mary-classroom.at.ply.gg
master-flat.at.ply.gg
mean-garbage.at.ply.gg
members-path.at.ply.gg
microsoft2.ddns.net
models-issn.at.ply.gg
moonrdp1.duckdns.org
must-scores.at.ply.gg
mygame.serveftp.com
nabeelrats-21020.portmap.host
name-shadows.at.ply.gg
next-screening.at.ply.gg
no-sofa.at.ply.gg
opportunities-rendered.craft.ply.gg
option-trading.at.ply.gg
partner-enforcement.at.ply.gg
paul-positive.at.ply.gg
pavpaladmin9917.ddns.net
polki.anondns.net
pollofx-35076.portmap.host
port4000mobi.duckdns.org
property-gourmet.at.ply.gg
ready-somalia.at.ply.gg
related-regression.at.ply.gg
releases-connection.at.ply.gg
return-interpreted.at.ply.gg
safety-electronics.at.ply.gg
score-told.craft.ply.gg
sepatico.duckdns.org
share-divorce.at.ply.gg
share-scored.at.ply.gg
size-bills.at.ply.gg
slammer.cf
society-painted.at.ply.gg
spajkr.hopto.org
special-alpine.at.ply.gg
system-headed.at.ply.gg
there-carol.at.ply.gg
tienichxanh.vinaddns.com
title-weapons.at.ply.gg
top-ftp.at.ply.gg
unit-satisfactory.at.ply.gg
venom.giize.com
vfggfhd.servemp3.com
way-puppy.at.ply.gg
willbr77-52985.portmap.io
wniko1-39869.portmap.host
words-cells.at.ply.gg
xworms.ddns.net
xwrm.webredirect.org
y-enhancing.at.ply.gg
zlow11214.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1703779021694419195
# Reference: https://twitter.com/r3dbU7z/status/1703780891724841423
# Reference: https://www.virustotal.com/gui/file/96fa32da812662011588e77b75eb6bee3eb768f533533457c51f4d58ae8ee062/detection

194.180.49.181:443
194.180.49.181:7064
194.180.49.181:888
xm3.publicvm.com
xyoptotway.work.gd

# Reference: https://twitter.com/banthisguy9349/status/1783865107321155816
# Reference: https://www.virustotal.com/gui/file/b8bf4cf9e824badde4cbe7f3544c1102bfa926efd00cff2398a9d4ac17f80225/detection
# Reference: https://www.virustotal.com/gui/file/96fa32da812662011588e77b75eb6bee3eb768f533533457c51f4d58ae8ee062/detection
# Reference: https://www.virustotal.com/gui/file/8e99426fb98ad89057bd6af2bf2764fa080aaff3511fe72d96765e2f2b2f0411/detection
# Reference: https://www.virustotal.com/gui/file/75b4525f550304c38c76fcffc7362b57dccf049d69709b5dbef353bbb11c691b/detection
# Reference: https://www.virustotal.com/gui/file/01139ac5fafb901928078e69c4962a44a596310d96b12ffd68854bf1f94b021e/detection

194.180.49.181:7064
94.156.71.212:7064
91.92.249.198:443
91.92.249.198:7064
91.92.249.198:888
91.92.252.85:7064
94.156.66.40:7064

# Reference: https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/
# Reference: https://www.virustotal.com/gui/file/1073ff4689cb536805d2881988b72853b029040f446af5ced18d1bc08b2266e1/detection

3.66.38.117:13394
52.28.247.255:13394

# Reference: https://app.any.run/tasks/d3858744-f1b2-4a9b-8ef7-deccada2a160/

3.69.115.178:13394

# Reference: https://app.any.run/tasks/5fab7db5-267e-46f6-a374-0f42de1cb328/

147.185.221.16:15179

# Reference: https://twitter.com/Gi7w0rm/status/1706061724099457411
# Reference: https://www.virustotal.com/gui/file/9bd123cf9a41a9a9fd219fd8fcba7ba20543470d4b5c911ba07489b04fd74428/detection

79.110.62.151:1234

# Reference: https://tria.ge/230924-yzgbwsba28/behavioral1

2.59.254.205:7002

# Reference: https://tria.ge/230924-yzvjhsba39/behavioral1

79.110.62.151:7000

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2023-09-25)

141.98.6.196:7020
154.53.51.233:8909
191.101.130.18:8252
23.106.215.7:7007
50.114.203.104:7909
81.67.181.238:9033
88.11.59.100:8888
chikes17.duckdns.org
copy-marco.gl.at.ply.gg
floptuytonroyem.sytes.net
garden-event.at.ply.gg
graxe239-61522.portmap.host
xvskill.duckdns.org
youtubevideos.ddns.net

# Reference: https://twitter.com/Gi7w0rm/status/1706063680171860137

aakata123.duckdns.org
aakatabit1915.duckdns.org
aiminent2.duckdns.org

# Reference: https://twitter.com/doc_guard/status/1707018037428101360
# Reference: https://www.virustotal.com/gui/file/7fa4e361cf073d65ccbc49dc937a622965977ef995a0c199a4b4aa5fddd57d17/detection

138.201.189.141:4444

# Reference: https://twitter.com/r3dbU7z/status/1709147111567004129
# Reference: https://www.virustotal.com/gui/file/bfb5afd83e4c4962336f10655e191e0efc2b9fe968af9f37f7d84c845a27a075/detection
# Reference: https://www.virustotal.com/gui/file/008922a9bcd25e1cbf52234ea926306bba3d646bfcd087d6fc6c6f58ab8ac54a/detection

20.229.184.215:443
20.229.184.215:65350

# Reference: https://twitter.com/suyog41/status/1709524284169978094
# Reference: https://www.virustotal.com/gui/file/5b53d803d2c3d82de79a732a2f1737c7726415b2b056f7f43e74638e1df3fd8b/detection
# Reference: https://www.virustotal.com/gui/file/9d79c20d80eb9ded90a7e7f2ebdcd057bc29409084af3ecdd63c6ed072f103b0/detection

186.6.93.202:4444
telebyt.com
windowsmanagerhost.ddns.net

# Reference: https://twitter.com/naumovax/status/1711777764615802979
# Reference: https://tria.ge/230930-vqpp5aff65/behavioral1

147.185.221.16:54013

# Reference: https://twitter.com/suyog41/status/1712768941536522411
# Reference: https://twitter.com/suyog41/status/1725447282856968625
# Reference: https://www.virustotal.com/gui/file/0083a052767c5e651c36ce419a582c2ba5d81c0776ef1de765626958b4686b45/detection
# Reference: https://www.virustotal.com/gui/file/d18c4cde9bc83592187f8a90e3f138c871a35cda49d4a0078ca9eac04cfc961e/detection

104.243.32.185:7000
45.141.215.230:7000
normanisback.com

# Reference: https://twitter.com/suyog41/status/1715222348423721054
# Reference: https://www.virustotal.com/gui/file/e9148a15c8d96c389aaae6fbb04b5cd1ee587e2ded6193d47532885b84abd984/detection

147.185.221.16:18915

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2023-10-30)

101.99.92.161:7000
103.114.106.183:47074
139.99.153.82:8181
147.185.221.16:45753
147.185.221.16:56343
147.185.221.16:57012
147.185.221.16:57076
157.254.223.19:8000
163.5.215.212:1337
163.5.215.212:8072
193.161.193.99:61360
20.197.231.178:7000
216.230.73.215:6789
51.81.216.78:1111
51.89.158.83:7000
66.94.97.98:7000
95.164.18.46:2608
brightle.ddns.net
frostycheats-30646.portmap.host
graxe239-61522.portmap.host
jameshde18.duckdns.org
mike09-55168.portmap.host
pool-roman.at.ply.gg
registered-dt.at.ply.gg
releases-photos.at.ply.gg
rules-views.at.ply.gg
serverwindor.duckdns.org
testarosa.duckdns.org
xmsh.publicvm.com

# Reference: https://cert.pl/en/posts/2023/10/deworming-the-xworm/
# Reference: https://otx.alienvault.com/pulse/653a78a1b9c42ecf2ba3a591

blackid-48194.portmap.host
single-boulevard.at.ply.gg

# Reference: https://twitter.com/g0njxa/status/1721444417586778207
# Reference: https://app.any.run/tasks/c276c263-7b85-459b-b93c-d278e845e171/

206.189.20.127:6234

# Reference: https://twitter.com/karol_paciorek/status/1723024066112557542
# Reference: https://tria.ge/231110-t3mkvsca78/behavioral1

54.90.216.100:7001

# Reference: https://twitter.com/suyog41/status/1724726595578159178
# Reference: https://www.virustotal.com/gui/file/46ac8d1dba7668319574d2f459a54d8b8eb5606c027e393308ab395b7b5aa746/detection

103.47.147.196:1500

# Reference: https://www.virustotal.com/gui/file/4ca23c140f02ad3f9a8d0df97e57a6282faf8aa85433efd3f7c07a5ba8868da7/detection

15.228.235.93:7000

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2023-11-20)

147.185.221.16:40164
147.185.221.16:49975
15.228.35.69:5000
172.177.19.106:7000
188.148.105.135:2112
35.220.199.19:7000
62.233.57.160:6789
2freshinxworm2.ddns.net
antilol2113-61842.portmap.host
case-defines.gl.at.ply.gg
dizzywizzy-61490.portmap.host
espadadz.ddns.net
f8terat.ddns.net
goheg99417-59409.portmap.host
juandice-60636.portmap.io
kriz-nas.ddnss.de
lead-selections.gl.at.ply.gg
m0ney7.ddns.net
media-specified.gl.at.ply.gg
menu-webcam.gl.at.ply.gg
notfishvr55-32209.portmap.host
okaa0-25007.portmap.host
okaa0-35095.portmap.host
partner-juice.gl.at.ply.gg
q-grounds.gl.at.ply.gg
raven123.ddnsgeek.com
reference-tokyo.at.ply.gg
tarekfr77-41254.portmap.host
tcxerr.duckdns.org

# Reference: https://www.virustotal.com/gui/file/145c1ede38b85b82e5072f2d9c0c65aa8eb479bd2cf90d99d7d375c0c2e7c4ea/detection
# Reference: https://www.virustotal.com/gui/file/4229b3925fbd80f2316493b19c1c7fd23898507284bae4754e76c79a096f2133/detection

194.147.140.215:7463
37.139.129.85:6742
91.192.100.39:6742
kayamer.kozow.com

# Reference: https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/
# Reference: https://www.virustotal.com/gui/file/f58193da4f61b45e375f5aa2978b08908578b5151dc779dc4b566e6a941e802b/detection
# Reference: https://www.virustotal.com/gui/file/58d80cdaac096a9d8ba772a4e857a24db9c797d5b7913e54185c68e21c5526e6/detection

140.228.29.162:7900

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2023-11-21)

104.250.180.178:7061
147.185.221.17:24796
162.212.154.8:41589
185.183.34.34:7000
185.239.237.162:7000
194.15.216.233:4548
207.32.219.52:7771
216.107.136.195:7000
3.121.139.82:18925
3.121.139.82:5240
3.127.59.75:18925
3.127.59.75:5240
34.130.82.241:5010
46.183.221.28:7000
51.89.38.74:33966
52.28.112.211:18925
52.28.112.211:5240
52.91.10.228:7000
54.90.216.100:7000
65.0.80.77:7000
80.66.87.4:7000
87.172.204.140:7000
93.123.85.35:7000
2023navidad.duckdns.org
around-lite.gl.at.ply.gg
conditions-monthly.at.ply.gg
fgfdsnvisdnvijnsdvdssdsd.con-ip.com
frank4893.duckdns.org
house-rooms.gl.at.ply.gg
if-shuttle.gl.at.ply.gg
language-partnership.gl.at.ply.gg
newpossibility.duckdns.org
traffic-statewide.gl.at.ply.gg
viiper1337-29699.portmap.host
windowis11.com

# Reference: https://twitter.com/1ZRR4H/status/1729196411843985530
# Reference: https://www.virustotal.com/gui/file/850e60489a54f8a3307a124c19c80cfc46bc34b2b3b93bc74c2b764b667df09b/detection
# Reference: https://www.virustotal.com/gui/file/df501e6c611c658df919bbe959e54b1080da39511a7de35ab3b5146e32584728/detection

5.182.87.154:7000

# Reference: https://www.virustotal.com/gui/file/f1f72684f5813bd4a3932397edd7e2056c9d61421bf7e5248ae68f6e6d65d33d/detection

46.246.86.23:7000
rootfix.linkpc.net

# Reference: https://www.virustotal.com/gui/file/c861d69c8a9904c99ef947dcdca02995652fb6afbc8a0edb196921ac6f5dc14e/detection

212.237.116.158:7000

# Reference: https://www.virustotal.com/gui/file/33b2c62cad9fa6a203cca01285d1230bf92b38929b8f9ed07ec6187b2fe8fdf1/detection

212.237.116.163:7000

# Reference: https://twitter.com/1ZRR4H/status/1729713083004641491

46.246.80.17:7080
2023navidad.duckdns.org

# Reference: https://gist.github.com/silence-is-best/67adb7549211b3046f554044bcc5c151
# Reference: https://www.virustotal.com/gui/file/832d96e8996c618b21f649812a218c44d7fae08fa2081cdb34631cc2cdcbd6df/detection

194.107.126.61:1111

# Reference: https://www.virustotal.com/gui/file/976780197cc411fbed0105adc79a779e72ac2a802ca7f2a001334c0a37e046da/detection

46.246.84.13:7000

# Reference: https://www.virustotal.com/gui/file/eba007fec4ab29d205cf04ced605ec34b27dfa2733a5cccd50856bdf9ba66e42/detection

91.92.242.98:9
cpabuzus.duckdns.org

# Reference: https://twitter.com/karol_paciorek/status/1736689204279623733
# Reference: https://tria.ge/231218-lw7nfshhcn/
# Reference: https://www.virustotal.com/gui/file/9e5612cd0949cb21b3d12491294ebe173571c1a665014dbbce7f7ebb995d42d0/detection

http://45.88.77.20
45.88.77.20:7000

# Reference: https://twitter.com/SarlackLab/status/1737126329542123767
# Reference: https://www.virustotal.com/gui/file/fd478fb15b4976507f494e31f6cbe2a8d4d173026ae1bbcb4849685630cf9b19/detection
# Reference: https://www.virustotal.com/gui/file/f688fb7b4cf19a4760138e7625915815f4acc23732456a3540f76f39aed90417/detection

45.144.152.86:39001
45.144.152.86:44635
45.144.152.86:58001
78.135.67.111:56001
liveclouds.duckdns.org

# Reference: https://twitter.com/V3n0mStrike/status/1739854351022080487
# Reference: https://www.virustotal.com/gui/file/230a77727f9c8e701594ee34a22d5b2f7d8647295e749d3103d2322d8bce7eea/detection

http://31.172.83.170
31.172.83.170:7000

# Reference: https://www.virustotal.com/gui/file/5e1944524f2ae23724c8a9a593915266e18214a0038896f30ba37e1fd022caa2/detection

89.23.99.86:7000

# Reference: https://twitter.com/banthisguy9349/status/1744384627039518736
# Reference: https://twitter.com/banthisguy9349/status/1754145829076533416
# Reference: https://www.virustotal.com/gui/file/2df04f5f739f5b0daf925fe8553dfe2b58267be0e735d683ce834101f91b5e38/detection

http://91.92.253.171
91.92.253.171:443
91.92.253.171:888

# Reference: https://twitter.com/netresec/status/1744378756641288517

147.185.221.17:36499

# Reference: https://twitter.com/ShilpeshTrivedi/status/1744695359144923604
# Reference: https://www.virustotal.com/gui/file/ca791046eaf207a1bb8631263bf12e41802255a7114c48086dccd4ad1152766e/detection

147.185.221.17:61779

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2024-01-10)
# Reference: https://www.virustotal.com/gui/ip-address/91.92.240.61/relations

91.92.240.61:7000
lyamore-metal.com
taiwantradeglobal.com
open.lyamore-metal.com
open.taiwantradeglobal.com
opendomain.lyamore-metal.com
opendomain.taiwantradeglobal.com
wealthyblessed.duckdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1745582580718543343
# Reference: https://www.virustotal.com/gui/file/1ae50087f5c0b05a9ac41362a2e7ed3d3c82fecda835aa7e5fcc5b5da5f44903/detection

http://139.99.114.151
139.99.114.151:7777

# Reference: https://www.virustotal.com/gui/file/4bb0daf6ad46380eb905da9f586d108f9a9e7bd83c31d7903824ebe3abd65fb0/detection
# Reference: https://www.virustotal.com/gui/file/0893cfe208c34030552ccd250f5e185d42423f4ebb5311a13f68e5bd96a1cad7/detection

147.185.221.16:33203
canadian-perspectives.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/00a965b03bf3654df1c90725b114a8dfc49cdb522bf7a558d24f13e20e204fa9/detection

46.246.82.5:2525

# Reference: https://www.virustotal.com/gui/file/fe8b320087553eaee75439ab0c4c523a67687c5cb70763bcf042bcfabb205f11/detection

191.233.27.50:5552
dzn.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ccb60e63193c1bd24e82fee53094c54fdb1e3481601f1a6451dbf74a375185b/detection
# Reference: https://www.virustotal.com/gui/file/504bc01416f714ce0f77e87bae667573bee922c86708b2cadfaf7e4478673a30/detection

http://90.61.145.105
90.61.145.105:5485

# Reference: https://www.virustotal.com/gui/file/afb0a01f30aa1239f85e2eb465e374c49a274383caa52d3c8dd46c67b17be519/detection

91.92.253.187:7000

# Reference: https://www.virustotal.com/gui/file/7c7b4d01ce572fb5d63536aa53eff94be082e76127906d91c673bbb4e0d7b8e1/detection

94.156.65.113:8400
greatrackspace8400.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4c291ba1cd60a0a9e4649067f2bcb3619bf8874b47f928ab7f2583b31d778678/detection

94.156.65.113:8300
restpeople8300.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ab5a62c5f4e883afff61be9b7020ba1aa9d52565dc310cee06488ad22ca8f68f/detection

91.92.251.144:7001
xwv5group7001.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d86408c32b0b7f7b43930cb33b99e472db2db4c429d4273d3133d7b8ad29712e/detection

23.95.11.218:8100
94.156.65.114:8100

# Reference: https://www.virustotal.com/gui/file/3224658a2fbf2a7a1adece92d8d2fb9e136898efb17b5bbffcf0ac39bce4afbb/detection

188.70.3.112:6666
sys666.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e948e3d83e22df165afac4da052b45297f719a33f86c4c194958f59dad75a28/detection

192.99.190.119:7000

# Reference: https://twitter.com/K_N1kolenko/status/1752932027324637338

154.179.242.6:5552
196.154.211.81:5552
windowshelp.zapto.org

# Reference: https://twitter.com/Cyber0verload/status/1754913588748116080
# Reference: https://www.virustotal.com/gui/file/04095081ef5314ab278d6a89310224f4fb8b6c5579850f8a21446787373380aa/detection
# Reference: https://www.virustotal.com/gui/file/ca3eb918501c15e45c872627555cb04e033e11d43e0f0a31b41c493b9246bd69/detection
# Reference: https://www.virustotal.com/gui/file/949f78a60cbfc76dd8eb75e2d18203d565a14bdab35c2329e0acaccc84dcc57c/detection
# Reference: https://www.virustotal.com/gui/file/03ad54bf6d1c95613a1c05f492161ced8e5592b71105c9bc685b5b85798cb4db/detection

147.185.221.18:6104
a0917004.xsph.ru

# Reference: https://www.virustotal.com/gui/file/02a5c3519f2f01bfa8efc1908e3191c6ec100732481b639260764147862e437a/detection

65.0.50.125:22811

# Reference: https://www.virustotal.com/gui/file/1e83b42f7ffd019c8c56991b8625f25e0ee94f2034c447b701482839400c7cfd/detection

74.222.9.95:7000

# Reference: https://twitter.com/karol_paciorek/status/1755187835110400393
# Reference: https://www.virustotal.com/gui/file/9d2bde48e2ac646c62ca1455cde6d5c2242be0cb67a9904f81e0851743491ba2/detection

45.88.186.197:7008
45.88.186.197:8000
me-work.com

# Reference: https://www.virustotal.com/gui/file/4d64bbdbca232e9efbf8770386ed39562691793c678856d6e0c0fb1dc4af5219/detection

159.89.100.67:7000

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2024-02-12)

194.147.140.138:9090
janxworm9090.duckdns.org

# Reference: https://www.virustotal.com/gui/file/57f4c5126700392a7d6e6fa24d8c8f1c9efcf960e3019a84237ae1b54f9e9c69/detection

worknow.con-ip.com

# Reference: https://twitter.com/malwrhunterteam/status/1758829170384089446
# Reference: https://www.virustotal.com/gui/file/848020d2e8bacd35c71b78e1a81c669c9dc63c78dd3db5a97200fc87aeb44c3c/detection
# Reference: https://www.virustotal.com/gui/file/54f8cd32f62f341e893ddeda8d8ef2a91e7a087e0070fec77d07bd6a15dbe65c/detection

194.49.94.135:8080
45.61.139.51:8080
internal-liveapps.online

# Reference: https://www.virustotal.com/gui/ip-address/46.246.4.4/relations
# Reference: https://www.virustotal.com/gui/file/136a96a2413e45ad1cbfca37d510e22a9d252ad439a9435dcee29a8d053ba45d/detection

178.73.192.20:7000
188.126.90.14:7000
188.126.90.7:7000
46.246.12.24:7000
46.246.14.18:7000
46.246.14.5:7000
46.246.4.4:7000
46.246.4.6:7000
46.246.6.6:7000
46.246.84.12:7000
46.246.86.6:7000
62.201.242.201:7000
daddy.zapto.org
puerto2514.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cbb2fa94f392846a09688fed1779cc8de202df22a1164add9834ea5ad25834d9/detection

178.73.218.9:5581
dfasdfasdgs.duckdns.org

# Reference: https://twitter.com/suyog41/status/1760989736490172735
# Reference: https://www.virustotal.com/gui/file/4f3b18db37af50fa8967dacfa9541e93d6f5a410ea940f2712ce86cfae13dd2b/detection

196.112.44.196:5555
drcamelston.sytes.net

# Reference: https://www.virustotal.com/gui/file/e9a7cae8d9cd49819e5365230f4e42848e3943ace5f160f5df4e48bcda249fea/detection

102.101.187.102:5555

# Reference: https://www.virustotal.com/gui/file/7ef2ec455625ed3cadf84defc1f8c6ad4e50ff570a8bc9399c183f1fb6db64ae/detection

196.112.147.229:5555

# Reference: https://tria.ge/240224-k7w6esfe55/behavioral2

45.128.96.133:7000

# Reference: https://www.virustotal.com/gui/file/0bbc93c764351e6d0179d5bfefba7e8e097df0eae1e6f2fea8869ad5ecb83358/detection

46.246.12.66:7000

# Reference: https://twitter.com/ScumBots/status/1761543361326874669
# Reference: https://www.virustotal.com/gui/file/3313a1b94dc054adbeb337332d60a54dbd9267216dffc2952a39c1cada45671c/detection

191.55.79.182:5553
nodetect.duckdns.org

# Reference: https://www.virustotal.com/gui/file/be01d0557c67f4a8de2b8c991bbb8239a2220f4815426fe8d3bb1b1e4af6dd54/detection
# Reference: https://www.virustotal.com/gui/file/567da51c564af8d8abe7576e19c0d8bd6c453fecf6988f01b6f31b8da208b849/detection

190.28.142.225:7000
xwormsssreload.duckdns.org

# Reference: https://twitter.com/suyog41/status/1763499809099682186
# Reference: https://www.virustotal.com/gui/file/1d515bccf06b6b7304860f705fe43a8f33f24a33a65617934ceb500f1440d207/detection

104.219.238.14:7000

# Reference: https://www.virustotal.com/gui/file/787e491b12bff499e46beb4433b144d9020da9bb26ef3bdd4e4bad21c99b8090/detection
# Reference: https://www.virustotal.com/gui/file/a68f76c530a51ddd6e3c6983f202054ae462530ab40fdd16ea44eff9af02d3c5/detection

http://107.175.3.10
107.175.3.10:443
/shellcodeAny_20240229085449462.bin
/shellcodeAny_20240229163131845.bin

# Reference: https://www.virustotal.com/gui/file/5ce080055262bb21798a99e83d370fab41b809ebd8d59bc083bdac2a49b2427e/detection

147.185.221.18:35608
points-detect.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/444338339260d884070de53554543785acc3c9772e92c5af1dff96e60e67c195/detection
# Reference: https://www.virustotal.com/gui/file/9cbb0cf0e3c4896cd1916dd4330e77e6a66be46f0c631328414f89e0456f064b/detection

37.120.141.139:1111
37.120.141.139:1604
scamkiller.duckdns.org

# Reference: https://twitter.com/1ZRR4H/status/1766223253360574957

91.134.150.150:7000

# Reference: https://www.virustotal.com/gui/ip-address/12.202.180.134/relations

xwonsmolpsnsm.duckdns.org
xwortom.duckdns.org
xwrm966.duckdns.org
xwrmmomment.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f506b4b1d861d9919dd3238d63ea3020fb05f42534e91a4e534bb5c248c291db/detection

102.89.41.40:7000
45.137.22.150:7000
fat221.ddns.net

# Reference: https://www.virustotal.com/gui/file/633a9be5fea8c29f5743e8309af533055ad2b398b69ba25368c82c4eb6c0e790/detection

51.195.192.51:7000

# Reference: https://www.virustotal.com/gui/file/9ec956dc7b5b323efc45b533cdb4b7017efc4bef05c341b18a0f90c0ea7df35f/detection

http://45.141.215.126
45.128.96.122:2449
45.128.96.122:5554

# Reference: https://malwarelab.eu/posts/stego-xworm/
# Reference: https://www.virustotal.com/gui/file/e30fd7cd7ff6ac140dfa8ed25e0a73d59b70564002099bf01570d59b17935b25/detection
# Reference: https://www.virustotal.com/gui/file/c148ccd6f7623a64d985d3bcc8e882879164b190211ba99661d26152c0dbc4dd/detection
# Reference: https://www.virustotal.com/gui/file/4a3ec6f4f6b79baeabd7d0c4a9f4e043693fa72062573e252d53b70ce3d929a4/detection
# Reference: https://www.virustotal.com/gui/file/15c1414b51b35a77c12be6119cde8c473eb4d5dd2a317f24bc1fa4e7a023e56d/detection

34.216.89.67:7000
34.216.89.67:7001
salif2201021.duckdns.org
xwormchina1203.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ef644fcc2d9242631532474fee0d9bd7bf9d6f99fe099c95bdf00a5e117c011f/detection
# Reference: https://www.virustotal.com/gui/file/b56417ee728862c29f994e54f301fa0ac49237a2c3d9b5fbe88c4cfffbae52df/detection
# Reference: https://www.virustotal.com/gui/file/8a06ced3eb15f9e942b8e1359e04b50d2b0d83c4b688bf1d19ac25da0c898557/detection

109.131.125.140:8832
2.9.241.66:5123
85.201.185.117:8832
91.196.220.193:8832
xworm.ddns.net

# Reference: https://www.virustotal.com/gui/file/d452b6cbc3d6319242e1d0a8985e0ac4c1fc255b6a6a1209bd3f95ad393183b2/detection
# Reference: https://www.virustotal.com/gui/file/a6c51f3a262b88e994175a3c667923fa1f5f260aeef1044c34f31175308c5de1/detection

xworm.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2024-03-24)

http://194.147.140.138
107.175.3.10:7536
171.247.47.66:4444
171.247.57.232:4444
91.92.242.57:8989
fvia.id.vn
marxrwo9090.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e6f7963c726231571294a06e1e8b1f03b87684cad8383bb194b957fc685685c2/detection
# Reference: https://www.virustotal.com/gui/file/dde68755fa515158e01e3e8f2b90772dc86e25b7e2684fc5066a5e33ee22b614/detection

157.254.223.19:8081

# Reference: https://www.virustotal.com/gui/file/f11530348170183d1b09956284353c00b1bd7db111fbfc8faead8d17ba4dc626/detection
# Reference: https://www.virustotal.com/gui/file/bc7ff6e9fd8cc3ab6d0da0f02818629237bcd64cc8ed86a924d0325f0445a078/detection
# Reference: https://www.virustotal.com/gui/file/f11530348170183d1b09956284353c00b1bd7db111fbfc8faead8d17ba4dc626/detection

194.147.140.138:3615
persianremote.world
besty2023.sytes.net

# Reference: https://www.virustotal.com/gui/ip-address/194.147.140.138/relations

febxworm39090.duckdns.org
janmidd9300.duckdns.org
marxrwonew9090.duckdns.org

# Reference: https://twitter.com/suyog41/status/1772864180376191428
# Reference: https://www.virustotal.com/gui/file/d23c351c8e05de555878912735b555169864cf1b41c28d0bb065ec0ede32faaf/detection

172.94.125.164:2220
google-updater.duckdns.org

# Reference: https://twitter.com/r3dbU7z/status/1773480693487538583

rentcentral.online

# Reference: https://twitter.com/karol_paciorek/status/1775152923271405876
# Reference: https://tria.ge/240402-p8r1baag33/behavioral2

209.126.87.35:7000
209.126.87.35:8888

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-04-04%20XWorm%20IOCs

91.92.243.33:7000
dcxwq1.duckdns.org
reality-lauderdale-strengthen-condos.trycloudflare.com

# Reference: https://twitter.com/ShanHolo/status/1776550047120789901
# Reference: https://www.virustotal.com/gui/file/e761f2d9049734373c12c97aa557183081403e792b40028c410e4a6c0646c2b8/detection

http://210.246.215.36
210.246.215.36:5814

# Reference: https://twitter.com/ShanHolo/status/1774753351671906527
# Reference: https://www.virustotal.com/gui/file/9e5865fd21de52ffdfed7301c0542693d1a5a066c49dfb197ddce0acab589b7b/detection

http://210.246.215.82
210.246.215.82:7000

# Reference: https://www.virustotal.com/gui/file/a1a8aa4165535f8af330c983f7bc4259bccac718288b59d10d21693f73d049a6/detection
# Reference: https://www.virustotal.com/gui/file/a13c9eeea3360eb429202e74b78c1664e2a14ef9182a9f9ff8399a91983be731/detection
# Reference: https://www.virustotal.com/gui/file/96cdff86a5e3d8aa60574a0a8a4fd01ebdd8d88b4ffc6fb0c34f1f01f2e56095/detection
# Reference: https://www.virustotal.com/gui/file/49c7cacd2736a505c370064f1c1ae2b6c8938385592c6c6da55a4c2354944135/detection

185.36.188.52:8896
28.140.73.191:8896
93.123.39.28:8896
xwormmom53.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8bb96eab6ecce497a8df95bd2ea9b22c3f304f4d46b5c7f9064f1f953170f196/detection

147.185.221.16:41934

# Reference: https://www.virustotal.com/gui/file/8048406056b1a1a91b56725c1c0b89e3b8060bf5a45861484a73728d222ccbc2/detection

192.99.152.153:7001
xwormv5.duckdns.org

# Reference: https://www.virustotal.com/gui/file/574bbc258f00e8ef099184a763b7f03075218c56ebfcd90f0319250cb8cd82ae/detection

209.25.140.181:26193
kids-abstract.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/e80426f5e4fa58d66cb1658b470e5c46bb35524379ff192dda7eb7c87d66a27d/detection

137.184.94.195:7000

# Reference: https://www.virustotal.com/gui/file/3b97b6b5f8b17918239a303a735c9098e47ff49ec04fbb25f62d870e8ebd2183/detection

45.138.16.125:7000

# Reference: https://www.virustotal.com/gui/file/60bb0aae72a9ba2fdb141b497da0e4671c92a6a1bd825c72a8a8c2df4de08fbb/detection

146.190.57.132:7000

# Reference: https://www.virustotal.com/gui/file/bc1b38d36be44ff0b3f853d4cbfadc275bcf0898a9ca41607887b7d1eb2c124d/detection

20.197.229.216:26099
craxsr4t.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8f9ac4eafd35f7b9f8e3fdbe1e9cce3b8ea6e5447b631949920dea27c86def1e/detection
# Reference: https://www.virustotal.com/gui/file/68c23de8564b113bf324bf9ba438a57cf4070a895134cbe28bdf0896efd9a5b1/detection
# Reference: https://www.virustotal.com/gui/file/4dc4cf85bff980888e41079167fe3290b766cdac49f9f93db655b6363315133d/detection

194.147.140.186:4004
myhost1.hopto.org

# Reference: https://www.virustotal.com/gui/file/d76e889cf2575622ca27fcb43a4bfd4df2dba3cfdd3175c28abdef00d541eaa3/detection
# Reference: https://www.virustotal.com/gui/file/84c6c519c17da179b5d9d969a57a67e710168b83323e7afe2a9dcda50979d9db/detection

91.92.253.147:7000
freed12.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6045030af3412c4670b042c08f7fbf0e31b670e679724388b9192fb512a1e705/detection

179.13.0.175:7000
warzones12.duckdns.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2024-04-16%20XWorm%20IOCs
# Reference: https://www.virustotal.com/gui/file/bcfe8808e2702a5700a63b1e003e7c08a1039edcf9d9cd734b5e1937746a1af7/detection

12.221.146.138:8450
45.146.255.167:8500
aprilxrwo8450.duckdns.org
phv18mar8500.duckdns.org
phvnc8500.duckdns.org

# Reference: https://www.virustotal.com/gui/file/02a0598aeaf2d468baa017e649143581ae98be80c87bb0df6c38f44b593c0672/detection

78.137.82.251:7000

# Reference: https://www.virustotal.com/gui/file/a44c1de14da3e559ba63a470f5dfea8e9da7fd990ca33b9c57344d05eb293bd0/detection
# Reference: https://www.virustotal.com/gui/file/2e8bdb5b1d2d3c44e9d057075b629e31b630e704bed2e0f7ce0399b59fd31525/detection

185.249.197.248:9090
45.141.215.40:9090
google-api.webredirect.org

# Reference: https://twitter.com/1ZRR4H/status/1785825977035010503
# Reference: https://www.virustotal.com/gui/file/7657626481f9276d3ecd83ba73795bbb175af0c3738648bbb37613f8d52f0285/detection

45.88.90.74:1600

# Reference: https://twitter.com/karol_paciorek/status/1788556707620159734
# Reference: https://www.virustotal.com/gui/file/29841f038da6a26dac5df28f23b4adcb080f5b0a2312bf996c8073940849eef6/detection
# Reference: https://www.virustotal.com/gui/file/4eedc7ed6ade620eef8eb160d18518afc9c59eb262baf8a9fdbe758fb611b6f0/detection

45.61.150.201:1111
45.61.150.201:7000
45.88.186.125:1111
45.88.186.125:7000

# Reference: https://www.virustotal.com/gui/file/200bba6a058d55a892191225f864289198495df95c6e97dd841fe1d5d1e7673d/detection

141.11.109.151:7000

# Reference: https://www.virustotal.com/gui/file/d7e658f9bea1d189bcd15e7e424b4b9e0c21e3ac61d6c4ac9937bf3d734383ea/detection

147.185.221.19:30502
includes-wilderness.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/bad5a4831a6ad23cefc0d207321fe07f2c74604313383d699fc750315b9dfeff/detection

147.185.221.19:45948
3.125.102.39:19677
marketdedamoroza.webhop.me
points-garcia.gl.at.ply.gg

# Reference: https://x.com/banthisguy9349/status/1795455659539902790

http://94.156.68.22
94.156.68.22:443

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/05/xworm_30-05-2024.json
# Reference: https://www.virustotal.com/gui/file/1a2e2e6fc6083d5f8e031e75d630f8b11812290542d6bea152d8d809680c3585/detection

134.255.233.93:7001
wall5tghf6fdg.api.opensourcesaas.org

# Reference: https://www.virustotal.com/gui/file/74dc2e2a9e6852c12f03dbaecd247fc525103374aa172e5c730abc272c69660b/detection

24.152.38.50:7500
translate99.duckdns.org

# Reference: https://x.com/karol_paciorek/status/1797594552758411301

12.202.180.134:8890
12.202.180.134:8896
57.128.129.21:8080
57.128.129.21:9222
xgmn934.duckdns.org
xvern429.duckdns.org

# Reference: https://x.com/1ZRR4H/status/1799205178194719228
# Reference: https://www.virustotal.com/gui/file/f2807e8e6061fd27347c9e4f94e84ae4db0f67b4afe89f013fb69419e8d56745/detection

hai1723sad-22118.portmap.host

# Reference: https://www.virustotal.com/gui/file/d533b3ac98afdd129d7302dbb9612ddcedecef05a5cf498f37fb18d116794792/detection

193.161.193.99:36059
aveer-36059.portmap.host

# Reference: https://www.virustotal.com/gui/file/365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77/detection

82.102.27.171:43831
yoda2024.sytes.net

# Reference: https://x.com/jcarndt/status/1800157970850078973
# Reference: https://www.virustotal.com/gui/file/528ddad4f68d4a7fc60157dea40eb1e3ad82231171bede0aa1b0e79b1a4c5031/detection

154.127.53.157:7000
89.117.145.5:7000
mayfixworm.ddns.net
stocks-army-malta-false.trycloudflare.com

# Reference: https://x.com/karol_paciorek/status/1802255896355000653
# Reference: https://www.virustotal.com/gui/ip-address/57.128.129.21/relations
# Reference: https://www.virustotal.com/gui/file/ef0c1ad56a105d2c20a1aa2eac9b49d483bfea41c301dcf314ada596969888f6/detection

12.202.180.114:8896
57.128.129.21:7332
ceeaapaint.xyz
josiekkatrstrunk.xyz
wickedasylum.tech
vxsrwrm.duckdns.org

# Reference: https://www.virustotal.com/gui/file/83037ad76ddddabca05efe07e731d65c5d9069ad889e46306b753cbc7561fa59/detection

200.9.155.204:7000

# Reference: https://www.virustotal.com/gui/file/b628182a47f7fd2c29c17862402dd36811524b58538996a2523d59920ffb6de8/detection

157.20.182.172:7000

# Reference: https://www.virustotal.com/gui/ip-address/12.187.175.72/relations
# Reference: https://www.virustotal.com/gui/file/bea7affbaaa5a7eb9616b48216450d1bec20fd5f43f4af3507017b4c5cdfd003/detection
# Reference: https://www.virustotal.com/gui/file/53c9ad3c72873bff784a6a47834f9e988b90366b541424eb19fcafea5cb17ff2/detection
# Reference: https://www.virustotal.com/gui/file/c000765aba0f4e91e28f24235c67f5c55474beeefc2146e77a69d59eb7d7ad6a/detection

12.187.175.72:8292
12.187.175.72:8520
12.187.175.72:9390
jkdvvs.duckdns.org
ncmomenthv.duckdns.org
rvxwrm5.duckdns.org
todfg.duckdns.org
ujhn.duckdns.org
welxwrm.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2024-07-06)
# Reference: https://www.virustotal.com/gui/file/04a275ef1616f3f88d3b9904c7a4c97213fed00d9a11e813e62cd03408b4e4a2/detection

http://89.213.177.81
104.194.9.116:7000
147.185.221.17:14348
178.215.236.251:717
194.110.172.149:7705
194.48.251.9:8895
194.48.251.9:8896
195.2.75.12:7000
41.199.23.195:7000
45.74.8.236:5355
52.12.114.120:38977
57.128.155.22:8895
89.213.177.81:7000
91.92.252.220:7000
aprijs7250.duckdns.org
aprilxrwonew8450.duckdns.org
diditaxi.kro.kr
football-emily.gl.at.ply.gg
hvaprinew850.duckdns.org
june9402xw.duckdns.org
maynewxw9402.duckdns.org
mayxw9402.duckdns.org
proxy17.rt3.io
proxy22.rt3.io
reco8100may.duckdns.org
rem8000jun.duckdns.org
saveclinetsforme68465454711991.publicvm.com
surgical-farming-ca.com
xmay8000.duckdns.org
xwormay8450.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3d5261b4d6b3c10a9a9e12fc65df89a794fdb65bb34699a7b794a114e5196135/detection

47.243.102.139:6667
91.208.240.157:881
al17.tk
guanlix.cn

# Reference: https://x.com/K_N1kolenko/status/1817827071936143534

103.54.153.156:5500
108.165.233.22:7000
147.185.221.18:9954
154.198.49.151:4456
185.254.97.15:1337
193.161.193.99:26586
217.164.105.143:1
45.83.246.140:30120
88.0.172.65:1603
91.92.242.131:7000
94.141.120.222:7000

# Reference: https://x.com/K_N1kolenko/status/1818172197325684795

103.245.237.11:8888
154.84.153.4:28976
188.212.101.97:3434

# Reference: https://x.com/ShanHolo/status/1818541500348707022
# Reference: https://tria.ge/240715-kmwn6axfpr

147.185.221.21:14154
schools-copper.gl.at.ply.gg

# Reference: https://x.com/K_N1kolenko/status/1818884432918450400

192.3.182.92:7006
195.2.78.105:7000
198.44.168.230:7000
51.77.223.168:7000

# Reference: https://x.com/K_N1kolenko/status/1819307047856316456

157.254.223.219:7000
85.209.133.150:6677

# Reference: https://www.virustotal.com/gui/file/2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce/detection

43.142.10.246:7000

# Reference: https://x.com/K_N1kolenko/status/1820417274169241928

154.197.69.148:8812
154.197.69.157:1433
154.197.69.161:5000

# Reference: https://x.com/K_N1kolenko/status/1820726909396754906

141.11.158.226:7000
194.59.30.23:6333

# Reference: https://x.com/karol_paciorek/status/1820759162348781734

51.89.199.99:9070
51.89.199.99:9270
momojojo.store
robshippings.cloud
trackingshipmentt.xyz
trackmyshipeng.site
trackmyshipwng.site
transformation-cage-keyboards-rural.trycloudflare.com

# Reference: https://x.com/K_N1kolenko/status/1821454155724038587

147.185.221.20:18563
185.252.232.158:7812
193.233.255.65:7000
194.59.30.91:4040
72.129.242.185:1177
89.213.177.108:7000
91.188.254.203:4449
92.38.186.26:7000

# Reference: https://x.com/r3dbU7z/status/1822608072822358145
# Reference: https://www.virustotal.com/gui/file/2e8c08abc070d55f30338ad1f69d6f9946fa7d31d069c3b4bc37b97053b569f5/detection
# Reference: https://www.virustotal.com/gui/file/a50376b1375f041a534a74ea0cecd6429b4e26747059a4a4c72ef91bb04d7080/detection

198.244.206.37:7000

# Reference: https://x.com/K_N1kolenko/status/1822947285514228151

136.175.8.54:7000
2.58.56.88:7000
45.138.16.57:1337
45.141.26.156:7000
67.215.224.135:3540
80.76.49.28:1111
95.98.144.201:2404

# Reference: https://www.virustotal.com/gui/file/b26f4df5de6919f4e1a54f1e51d2a743a0db3d3adb0bbf79f367d2f86135b67c/detection

46.246.6.65:7000

# Reference: https://www.virustotal.com/gui/file/f6c46140c960efda590ddd29f58558f51ac8b82b9c5ee07fb4e2d8614533b28d/detection

185.24.62.224:7000

# Reference: https://www.virustotal.com/gui/file/109495bf6873147f8f7dc7db0a2ce86e10306d391c62b7937b176c5094a9a421/detection

178.73.192.70:7000

# Reference: https://x.com/K_N1kolenko/status/1823622598346830071

157.66.26.208:8848
94.156.248.32:6543

# Reference: https://x.com/K_N1kolenko/status/1824332904651989003

37.1.208.55:7000
83.38.30.219:1603
91.92.242.138:7007

# Reference: https://www.virustotal.com/gui/file/d8b11b8b437f83a1ad55c954b4a80081abfaf3c29cbc922d57b76bc20745111a/detection

103.47.147.21:1500

# Reference: https://www.virustotal.com/gui/file/0ecbfa4d7167aaf8639c280e69334a850252f53d900fb389047ca5e9d2f48e01/detection
# Reference: https://www.virustotal.com/gui/file/bdd871d07948cf37690d3febde3c64abfaaacb87190284f793b39f610654850d/detection
# Reference: https://www.virustotal.com/gui/file/fee2f77cc601ffe34c72438c8649916d6ff6985e82bfcc3b6e68458323a1209d/detection

172.111.150.133:1500
197.210.54.182:1500
197.210.78.173:2000
cyberdon1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d36b328b0a8e92ee2413c88c54d4a1ac3cfe53dfbb4e738d23e5e925c04b52a1/detection

83.147.54.51:6677
serverss293x1.servegame.com

# Reference: https://x.com/RacWatchin8872/status/1829090911701111123
# Reference: https://www.virustotal.com/gui/file/95931b4531f538137929756d736735981e7d7bcf4d43a750fb1bb01c76b3219f/detection

191.96.207.180:50000
vecotr.viewdns.net

# Reference: https://www.virustotal.com/gui/file/07147233a30756c587b1ccc49da745fdff43b3682b72ad2c48ab54af442f2f68/detection
# Reference: https://www.virustotal.com/gui/file/eeaca254b1c2d447e14e492a81f0690b0cfcf50d15e2ad2664cff512ef2049a6/detection

103.77.240.73:7000
artemis.community

# Reference: https://any.run/malware-trends/xworm/

22.ip.gl.ply.gg
airlineagancy.casacam.net
c0mer.publicvm.com
exonic-hacks.com
grand-herbal.gl.at.ply.gg
manufacturer-rank.gl.at.ply.gg
microsoft-pro.zapto.org
momekxwrm.duckdns.org
national-models.gl.at.ply.gg
on-weighted.gl.at.ply.gg
version-try.gl.at.ply.gg
wide-bolt.gl.at.ply.gg
xwor3july.duckdns.org
xwram1.duckdns.org
xwrmmone.duckdns.org
xwrmsistem.duckdns.org
yolomesho.work.gd

# Reference: https://x.com/K_N1kolenko/status/1830542757888201204

103.54.153.49:7000
104.128.56.200:7000
143.198.208.124:1234
146.190.29.250:7812
154.197.69.165:7000
154.216.17.147:6677
158.220.102.17:5048
178.215.236.228:7000
193.233.112.215:7000
195.26.240.251:7000
207.32.218.15:537
212.87.213.208:7000
27.147.169.101:7070
45.156.30.9:1604
45.43.11.150:7000
45.59.112.248:7000
80.76.49.176:7000
80.76.49.178:7000
83.38.28.117:1603
92.42.46.224:7250

# Reference: https://x.com/ShanHolo/status/1831331301065891895
# Reference: https://www.virustotal.com/gui/file/0b142a5773fcd9ae5cbb967f748e8da9a89e74aa50a0e1cd52f3aaa313bc749d/detection
# Reference: https://www.virustotal.com/gui/file/4d53c18f9c35747419cc289b1da6998457cb6ff5aeaddc1e5e474586b739b1c7/detection

http://45.141.26.197
45.141.26.197:443
45.141.26.197:7000

# Reference: https://x.com/K_N1kolenko/status/1831975535389622601

156.238.224.69:8080
163.5.160.229:1234
188.212.101.246:8000
69.10.45.181:7000

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2024-09-08)

147.185.221.22:21310
185.196.9.46:2404
185.196.9.46:3333
193.161.193.99:63770
194.156.79.149:7000
2.45.246.38:6666
45.141.26.234:7000
79.110.49.123:80
79.110.49.169:18455
88.168.211.65:6004
89.213.177.100:7000
89.213.177.177:2233
89.213.177.93:7000
89.31.122.114:1488
91.92.241.104:4444
94.141.120.29:443
a-temple.gl.at.ply.gg
accessories-retrieve.gl.at.ply.gg
agency-lottery.gl.at.ply.gg
answers-rehabilitation.gl.at.ply.gg
aozepaokojfksdjfsk.ddns.net
apple-return.gl.at.ply.gg
application-motivation.gl.at.ply.gg
apply-ciao.gl.at.ply.gg
approach-stability.gl.at.ply.gg
article-ram.gl.at.ply.gg
arts-below.gl.at.ply.gg
availability-addition.gl.at.ply.gg
away-andrea.gl.at.ply.gg
baby-contracts.gl.at.ply.gg
been-adopt.gl.at.ply.gg
browse-brokers.gl.at.ply.gg
call-closest.gl.at.ply.gg
cars-controllers.gl.at.ply.gg
cd-characterized.gl.at.ply.gg
church-insight.gl.at.ply.gg
collection-belief.gl.at.ply.gg
comeback.ddnsgeek.com
court-petersburg.gl.at.ply.gg
dvd-ons.gl.at.ply.gg
elaablibeh.ddnsgeek.com
else-treatment.gl.at.ply.gg
field-retain.gl.at.ply.gg
filter-ec.gl.at.ply.gg
first-suffering.gl.at.ply.gg
florida-satisfied.gl.at.ply.gg
form-fly.gl.at.ply.gg
fund-personnel.gl.at.ply.gg
garden-tight.gl.at.ply.gg
george-continental.gl.at.ply.gg
grand-navigator.gl.at.ply.gg
hair-ment.gl.at.ply.gg
he-tower.gl.at.ply.gg
hill-java.gl.at.ply.gg
individual-katrina.gl.at.ply.gg
ireland-mercury.gl.at.ply.gg
italy-exhibitions.gl.at.ply.gg
item-suggesting.gl.at.ply.gg
japanese-longer.gl.at.ply.gg
joined-kenya.gl.at.ply.gg
korkos.now-dns.net
la-michael.gl.at.ply.gg
leading-sexuality.gl.at.ply.gg
locations-ff.gl.at.ply.gg
loss-gb.gl.at.ply.gg
lot-neon.gl.at.ply.gg
meet-ellis.gl.at.ply.gg
mini-jungle.at.ply.gg
mode-clusters.gl.at.ply.gg
model-monitors.gl.at.ply.gg
network-info.gl.at.ply.gg
never-villas.gl.at.ply.gg
numbers-fragrance.gl.at.ply.gg
offers-perspectives.gl.at.ply.gg
onlinesupportforroad.com
or-fail.gl.at.ply.gg
order-detail.gl.at.ply.gg
original-internal.gl.at.ply.gg
outside-sand.gl.at.ply.gg
owlcraft.playit.gg
pack-they.gl.at.ply.gg
paris-disciplinary.gl.at.ply.gg
paris-went.gl.at.ply.gg
proxzymosh.playit.gg
remove-coordination.gl.at.ply.gg
republic-mexican.gl.at.ply.gg
research-variations.gl.at.ply.gg
reviews-row.gl.at.ply.gg
richard-environmental.gl.at.ply.gg
right-learned.gl.at.ply.gg
running-locks.gl.at.ply.gg
sample-sperm.gl.at.ply.gg
score-thin.gl.at.ply.gg
security-sudan.gl.at.ply.gg
session-chief.gl.at.ply.gg
software-tradition.gl.at.ply.gg
spring-inner.gl.at.ply.gg
stage-von.gl.at.ply.gg
status-stack.gl.at.ply.gg
stop-identifying.gl.at.ply.gg
stop-largely.gl.at.ply.gg
summary-athletic.gl.at.ply.gg
super-nearest.gl.at.ply.gg
t-abc.gl.at.ply.gg
taraji111.duckdns.org
they-side.gl.at.ply.gg
third-cheque.gl.at.ply.gg
tr3.localto.net
uk1.localto.net
union-reviews.gl.at.ply.gg
very-aug.gl.at.ply.gg
w-killing.gl.at.ply.gg
watch-contests.gl.at.ply.gg
watch-ship.at.ply.gg
week-media.gl.at.ply.gg
where-dip.gl.at.ply.gg
which-anxiety.gl.at.ply.gg
would-between.gl.at.ply.gg
x5wo9402sep.duckdns.org
zip-connection.gl.at.ply.gg

# Reference: https://x.com/K_N1kolenko/status/1833028273778876876

147.50.240.203:7000
195.2.84.224:7000
202.55.134.194:6868
37.221.93.67:4545
77.232.132.25:4449
77.90.185.49:7000
82.147.88.10:7000

# Reference: https://www.virustotal.com/gui/file/e4b3a8461ef21d6e9e1dab285baa528f2d744eb643ed2b3dbcf870be4b6cc7e6/detection
# Reference: https://www.virustotal.com/gui/file/862e931d6a407871edd4077f6c633056554a9227782fb7c8a993c10d35037728/detection

213.142.151.240:2323

# Reference: https://x.com/karol_paciorek/status/1834532649236349137

216.173.64.63:4646
remember-humidity-floppy-choosing.trycloudflare.com

# Reference: https://x.com/K_N1kolenko/status/1834511338527195226

13.51.47.41:7772
139.99.25.159:6869
185.84.160.182:7000
91.108.240.63:7000

# Reference: https://x.com/K_N1kolenko/status/1838196091075908080

103.253.73.222:400
45.76.68.94:7000

# Reference: https://x.com/malwrhunterteam/status/1838518514644136030
# Reference: https://tria.ge/240924-l3x3lazgnl/behavioral2
# Reference: https://www.virustotal.com/gui/file/416a2a9c374574f8fcb7f90e775069e7d4606c0155f964886096e41f45d16548/detection

2.56.245.123:3501
bulletrdp.ru

# Reference: https://x.com/malwrhunterteam/status/1838877554867912765
# Reference: https://www.virustotal.com/gui/file/3658f44acb4d331fa89ab43d782bee2a97a48b2f425cad29939ee472c74bc62f/detection
# Reference: https://www.virustotal.com/gui/file/002045c91ab51c5715559c2bced3ccd8e699e130c6b3c5e668f29295690b7084/detection

135.224.23.113:5555
52.252.190.167:56001
rdoge.pro

# Reference: https://x.com/K_N1kolenko/status/1839226352571965501

103.182.103.206:24184
103.218.0.61:7000
103.77.246.154:5555
135.125.21.87:7000
154.12.30.42:7000
154.216.17.202:2324
45.137.22.114:7000

# Reference: https://www.virustotal.com/gui/file/b0f67744cfbcd7fdb2faa1e907b1637405ad47b1bea55a67466660d1d8d6ff1b/detection

45.94.31.88:7000

# Reference: https://www.netskope.com/blog/netskope-threat-labs-uncovers-new-xworms-stealthy-techniques
# Reference: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/XWorm/IOCs

89.116.164.56:7000
ziadonfire.work.gd

# Reference: https://www.virustotal.com/gui/file/3b2b055027ab684ff8477eb80090e9c1bbaf7ad07059ecdf73b2d5a0eca8530c/detection

45.156.30.9:1604

# Reference: https://x.com/banthisguy9349/status/1842246259765088421
# Reference: https://www.virustotal.com/gui/file/b24e8948d314d492f4e1ae9fd78e8fcb41ee5c9adfd6e9ab7927fca7c333003c/detection

65.52.240.233:5555

# Reference: https://x.com/karol_paciorek/status/1843271345913925943

91.151.89.158:7000
adsphotoscape.com
pl-photoscape.com

# Reference: https://x.com/ValidinLLC/status/1843418095551164923

aawebot.com
ai-viso.com
createstudios.site
cryptofeedbank.com
flashloans.online
hamrah-tejarat.com
prntscrapp.com
s1-utorrent.com
y-utorrent.com

# Reference: https://x.com/K_N1kolenko/status/1846130209856057371

144.76.147.226:5335
15.235.205.1:7000
154.12.30.42:6514
172.214.220.82:5555
185.84.160.213:7000
194.26.192.177:6080
38.255.55.174:7000
45.141.26.180:7000
45.141.26.214:7000
45.145.41.251:9000
45.200.148.216:7000
94.241.141.124:1717

# Reference: https://www.virustotal.com/gui/file/c9d4a1aeb7471fd602f45ed7988256f06332fda7157955a76b15bcd6ae839d74/detection

144.172.122.67:7000

# Reference: https://x.com/malwrhunterteam/status/1846249160787259587
# Reference: https://www.virustotal.com/gui/file/f55b57ad9a8dd4dbc3e7cfa7d5ef258b32d6b3ebf940867540e10dc03482ae18/detection
# Reference: https://www.virustotal.com/gui/file/a147e48013408252e2883a23d99320e6568b6873fe4a4670c770c4553bab7dfa/detection
# Reference: https://www.virustotal.com/gui/file/77dc1dbb1604b5bccf931191be04126f4cabbfddb143fcacdde8064934da6eab/detection
# Reference: https://www.virustotal.com/gui/file/4dc5598144fa11e49ce5928b7fcbeaaeffbd35a325908036835668ad24f3c868/detection

188.93.233.239:443
excitingclips.online

# Reference: https://x.com/K_N1kolenko/status/1847223576480436628

106.53.60.197:9002

# Reference: https://x.com/malwrhunterteam/status/1848297261597409701
# Reference: https://www.virustotal.com/gui/file/dc70004c8c8423920146a0c3d6d8c792f714c45e05641a5f40d9cf2cf916f2fc/detection

193.34.212.14:443

# Reference: https://x.com/malwrhunterteam/status/1848283689190371692
# Reference: https://www.virustotal.com/gui/file/b41b17ecc842aa796e599d23fd61d48e9dabe12b51ea337e17ba181bed092cc0/detection

91.184.248.229:9000
smape.work.gd

# Reference: https://x.com/malwrhunterteam/status/1849381606026256654
# Reference: https://www.virustotal.com/gui/file/2e5cdb5e57179d31c0b393ff7f3a1defed0b7afe35128cf1ef5738373cab808a/detection

42.96.11.54:25209

# Reference: https://www.virustotal.com/gui/file/1190512fa5c9de81accb4bf1bb0406a7767b5c2f6e73d0cda010193ef7d67057/detection

78.186.196.68:1605

# Reference: https://www.virustotal.com/gui/file/0fe4467aabb9b849c5160efabb52cf0f03d78e3abdb7d647e0a56ea1e9a96c18/detection

23.84.85.170:3389

# Reference: https://cert-agid.gov.it/wp-content/uploads/2024/10/xworm-namirial-25-10-2024.json

michael-scanned-motherboard-reforms.trycloudflare.com
retailer-indicators-resume-key.trycloudflare.com
theme-crack-emissions-perspectives.trycloudflare.com

# Reference: https://x.com/StrikeReadyLabs/status/1850521792521150685
# Reference: https://www.virustotal.com/gui/file/9df5d2239d8ac1102963a463410ed1284afa71fdb386ca748188f06fee0b71d8/detection

147.185.221.23:35501
local-subsequent.gl.at.ply.gg

# Reference: https://x.com/malwrhunterteam/status/1850991679269949584
# Reference: https://www.virustotal.com/gui/file/fd9ae7bc3825e29801afa8cf7e78ed5f056e9bbf675bc86ad54429a272c6b832/detection

javaplugin.org

# Reference: https://x.com/Tac_Mangusta/status/1851949543320957113
# Reference: https://www.virustotal.com/gui/file/f1f6e5c43acf1fc01a408693c539b95ff327ec048a80b7e97418b16858e32a6b/detection

triangle-publications-tennessee-double.trycloudflare.com

# Reference: https://x.com/naumovax/status/1851901996770693416
# Reference: https://app.any.run/tasks/06197036-a73d-4a54-aa08-78cf9fa5115e

51.77.103.216:8292

# Reference: https://x.com/K_N1kolenko/status/1852259660490768787

103.230.121.36:6875
103.230.121.82:6875
159.223.206.14:7000
178.215.224.96:7886
185.84.161.76:7000
4.228.228.120:7000
45.130.145.59:4404
51.20.118.144:69
94.46.207.10:1177
devscripts.online

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2024-11-01)

http://103.252.89.37
http://154.197.69.165
103.216.158.119:7000
103.252.89.37:7000
110.164.203.191:7000
147.185.221.19:35896
147.185.221.21:4140
154.197.69.155:7000
154.197.69.165:443
188.134.71.71:4448
191.101.130.49:7000
193.233.255.34:7777
49.232.20.75:443
5.252.53.134:7000
80.85.152.13:7000
84.46.250.60:7000
94.141.120.3:7000
aarsallc.duckdns.org
basis-cheap.gl.at.ply.gg
boards-particular.gl.at.ply.gg
bush-granted.gl.at.ply.gg
can-h.gl.at.ply.gg
contact-staffing.gl.at.ply.gg
corporate-deemed.gl.at.ply.gg
distribution-between.gl.at.ply.gg
engine-gene.gl.at.ply.gg
europe-perception.gl.at.ply.gg
external-deutschland.gl.at.ply.gg
french-waters.gl.at.ply.gg
gifts-architecture.gl.at.ply.gg
ground-wisconsin.gl.at.ply.gg
leading-flashing.gl.at.ply.gg
maximum-driven.gl.at.ply.gg
mb-jonathan.gl.at.ply.gg
md-shade.gl.at.ply.gg
mind-loaded.gl.at.ply.gg
needs-conservation.gl.at.ply.gg
nichthaze1337.ddns.net
opportunities-against.gl.at.ply.gg
pay-nm.gl.at.ply.gg
pro-christian.gl.at.ply.gg
process-medieval.gl.at.ply.gg
publication-lucas.gl.at.ply.gg
re-fe.gl.at.ply.gg
section-payments.gl.at.ply.gg
stay-daughters.gl.at.ply.gg
than-companies.gl.at.ply.gg
three-updates.gl.at.ply.gg
toskaadmx.duckdns.org
university-organizations.gl.at.ply.gg
various-injury.gl.at.ply.gg
virginia-compute.gl.at.ply.gg
watch-viewer.gl.at.ply.gg
while-searched.gl.at.ply.gg
yourself-likes.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/cbdda2ee7f374e8465e819faf34cd9af4505f9ebe85f01afc9938f3b068db31c/detection

37.60.252.188:7000
onlyforbackupsrd.ddns.net

# Reference: e677b04954d0927678a2352f48263295fbb876c928c033d512d715a8e00bc9a1
# Reference: https://www.virustotal.com/gui/file/e677b04954d0927678a2352f48263295fbb876c928c033d512d715a8e00bc9a1/detection

179.14.10.239:1887
carlossalazar.chickenkiller.com
danielaplayerlora09.chickenkiller.com
danielsanchez2.chickenkiller.com
jesusmachadolora09.chickenkiller.com
joseamayaaa.chickenkiller.com
marceloandresdosantolora09.chickenkiller.com
muguelsanchez.chickenkiller.com
neverasfires.chickenkiller.com

# Reference: https://app.validin.com/detail?find=xclient.exe&type=dom&ref_id=4725c822bff#tab=host_pairs

http://154.197.69.131
http://154.197.69.143
http://154.197.69.157
http://156.225.129.219
http://38.153.61.81
http://52.91.10.228
http://85.203.4.238
http://94.156.6.109

# Reference: https://www.virustotal.com/gui/file/77602b263506d07b53acbc34c40dac746d1431b0e4b8e299d1d9b9df7f9b5d0b/detection
# Reference: https://www.virustotal.com/gui/file/77602b263506d07b53acbc34c40dac746d1431b0e4b8e299d1d9b9df7f9b5d0b/detection
# Reference: https://www.virustotal.com/gui/file/35278b63c31ea949e5a8f031773022075ba0e15d839498a1a24ea483c9a8621e/detection
# Reference: https://www.virustotal.com/gui/file/343661ccc6bbe2653816c76b11e6e4b2fa3e2ff507d3ac426dd7b009d916aee7/detection

38.153.61.81:16384
38.153.61.81:16835
38.153.61.81:16386
38.153.61.81:16387
38.153.61.81:16390
exgaming.click
dentiste.zapto.org
xcu.exgaming.click
xcu5.exgaming.click

# Reference: https://x.com/RacWatchin8872/status/1854579674887729395
# Reference: https://tria.ge/241107-vwkncsypcm/behavioral2

111.90.143.143:7000

# Reference: https://www.virustotal.com/gui/file/12e612895d16dabb26aa5f5412da15f49e1ceb806aafb5b3c4dbe873794cbc3e/detection

ranchoboscardin.com.br

# Reference: https://www.virustotal.com/gui/file/18d6cb03aaa51e60509d37c28b01d36cfb9dc27cbf3824a194096756a779cf7b/detection

185.235.138.103:4030

# Reference: https://www.virustotal.com/gui/file/a6c66414c91dd5eb021ff8989028b12ab20f1be13b823cd785d019301d94cb9d/detection

186.169.92.58:7000
gotemburgoxm.duckdns.org

# Reference: https://x.com/ShanHolo/status/1860409424172495123
# Reference: https://www.virustotal.com/gui/file/9c113da0d913a9fd2a84c5c9a71da4338e3f16a62b8215ecb7a58d10ccab524f/detection

http://45.141.26.170
45.141.26.170:443
45.141.26.170:7000

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2024-11-24)

http://159.223.206.14
http://42.96.10.8
103.207.164.18:7010
104.154.53.10:7000
104.168.87.36:8000
104.234.114.133:1188
107.172.178.68:7000
15.235.130.195:7000
158.247.200.45:7033
159.223.206.14:443
162.230.48.189:8895
170.238.45.133:4781
176.9.162.125:4060
185.117.250.169:7000
185.147.124.40:4404
185.162.75.19:7000
193.70.26.61:5545
45.141.27.248:7777
8.217.170.22:8888
80.76.49.227:9999
85.203.4.149:7000
87.120.112.33:8398
87.120.116.179:1300
89.110.95.189:7000
89.40.31.232:1717
93.123.109.89:7000
93.123.109.97:334
kskskhhw.ddns.info

# Reference: https://x.com/JAMESWT_MHT/status/1861047971271352705
# Reference: https://www.virustotal.com/gui/file/6494baca6b375ea0e325947e94b20c9c3487b03c6ca1fe878c23662d4e547028/detection

89.40.31.232:1717

# Reference: https://x.com/ShanHolo/status/1861491733717979562
# Reference: https://www.virustotal.com/gui/file/0f504cead80baca0c4be82bd9342de07b0757b4c6e88e4554d867fd1249ac2f5/detection
# Reference: https://www.virustotal.com/gui/file/1df69a8a4a75bb701e7e4bd1216bbbcffb2f2d0fa9430687c70c68fe2b68c961/detection

103.230.121.124:7000
58.9.110.23:18063
nine.ddns.net

# Reference: https://x.com/malwrhunterteam/status/1862228732020134132
# Reference: https://www.virustotal.com/gui/file/fcc871140b8ebd0d5701ef62d569440ddd1099723c1c68ded1030d9440786a2a/detection
# Reference: https://www.virustotal.com/gui/file/4b9afa14e1ddcca27211941fd92f2976bf8b02025352ab76da802bf4c1224938/detection

http://87.120.112.47
87.120.116.99:7666
grabador675.duckdns.org
paratreex.duckdns.org
svhosterwindow11.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/12.202.180.114/relations

bdxwrm.duckdns.org
jkswrm3.duckdns.org
jkwrm5.duckdns.org
ksjvenom.duckdns.org
momentvenom.duckdns.org
momenxwrm.duckdns.org
rvenom.duckdns.org
x5387400.duckdns.org
xwrmmoment.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/12.187.175.72/relations

hnxwrm3.duckdns.org
hvncmomentpure.duckdns.org
jkvernm.duckdns.org
mvenommm.duckdns.org
myxwrm.duckdns.org
myxwrm5.duckdns.org
nanarchymomey.duckdns.org
newhvmo.duckdns.org
newxrm5.duckdns.org
nhvncpure.duckdns.org
sdanarchynd.duckdns.org
soasyncb.duckdns.org
yasynck642.duckdns.org
yvbhvnc.duckdns.org

# Reference: https://x.com/ShanHolo/status/1866768979727094008
# Reference: https://www.virustotal.com/gui/file/c89625e4304d4708308a8a4138af28b90d490e8bd29ccdf3bc1f567d9644a7d7/detection

115.69.183.222:37593

# Reference: https://x.com/JAMESWT_MHT/status/1869284991441813827

http://92.255.57.155
92.255.57.155:4411
extraguestreview.com
booking.extraguestreview.com

# Reference: https://x.com/K_N1kolenko/status/1870040754644758593

103.232.55.173:7777
103.82.26.162:7001
185.84.160.131:7000
208.110.72.182:8080
212.87.215.19:7000
38.110.228.43:7000
85.209.11.15:4404

# Reference: https://x.com/ShanHolo/status/1870780804076630377
# Reference: https://www.virustotal.com/gui/file/c2eed9aebbd39f068a21850985b371e6653ee035e3a7fd01669226e77a55a172/detection

45.200.148.216:8000

# Reference: https://x.com/JAMESWT_MHT/status/1873291659527745539
# Reference: https://app.any.run/tasks/257527bb-be33-4182-ac2f-b7f76c137915

http://92.255.57.155
guestquesionrewiews.com
recaptcha.icu
booking.guestquesionrewiews.com

# Reference: https://x.com/JAMESWT_MHT/status/1874365729832870023
# Reference: https://www.virustotal.com/gui/file/84e5e532e64c7d1e5ea2457249d651ccd4554cfb1badab3195a8a44458f3f23c/detection

http://176.113.115.170
176.113.115.170:4412

# Reference: https://x.com/banthisguy9349/status/1875652969154408690
# Reference: https://x.com/banthisguy9349/status/1875655623268053496
# Reference: https://www.virustotal.com/gui/file/3535c8e458b0503657511bdc7dfd059b3cf3eac1b59dc4218955c93d1ffa65dd/detection
# Reference: https://www.virustotal.com/gui/file/fc91e5e4c357d97b7fcba5d6fa69b869528056d2654e58a6d00a61e5cf942899/detection

http://94.156.167.30
91.92.246.60:7000
emptyservices.xyz
stattscheck.com
stattssuttcheck.com

# Reference: https://x.com/marsomx_/status/1875859954206494985
# Reference: https://tria.ge/241212-wpqrgatrbl/behavioral2

193.26.115.21:7007

# Reference: https://x.com/JAMESWT_MHT/status/1879203954573394172

antibot-fix.cfd
chekedpartrewiwes.com
booking.chekedpartrewiwes.com

# Reference: https://x.com/smica83/status/1879532889198723085
# Reference: https://app.any.run/tasks/121ef47f-50d0-4c43-863e-b88376e47646
# Reference: https://www.virustotal.com/gui/file/6133b095486178e20e11f97ab8d3efb1b9a51be55a0128d0280951954b7c897f/detection

102.90.44.27:1500
105.113.10.228:1500
172.111.189.20:1500
172.94.127.5:1500
090125.ngrok-free.app
cyberdon.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ef29d3fa9ebc94767cc7e651f90221e3a0f52cf2041fdc6353ea41bb425b7249/detection

62.122.184.98:4412

# Reference: https://x.com/ViriBack/status/1881327750503665912
# Reference: https://app.any.run/tasks/2d0b8575-f31e-4caf-a8ee-721b6ba29f73

147.185.221.24:40432

# Reference: https://x.com/ShanHolo/status/1882050198773575690
# Reference: https://www.virustotal.com/gui/file/9dc579518e8d00546ce132209aee6f5c8eb78b22ed5828f316cdf0f81c720521/detection
# Reference: https://www.virustotal.com/gui/file/c11a3d0e04e33e083ffb071002c1e7d8d851bf1b05867f1d29ec9cdbb35e5ca4/detection

http://178.173.246.113
178.173.246.113:443
178.173.246.113:4444

# Reference: https://x.com/TIntel2255/status/1882499973327257774
# Reference: https://www.virustotal.com/gui/file/6d217281437ec6542d839a5f130e001c3df8aa9b20d47f48927600e10b4862d7/detection

194.59.31.174:5151

# Reference: https://x.com/JAMESWT_MHT/status/1882723100720308508

re-botcheck.com

# Reference: https://www.virustotal.com/gui/file/50bfc65f3fe6da315552cec46f02127ed91ddae075d6167f3c76606686cd1708/detection

176.113.115.225:4444

# Reference: https://x.com/solostalking/status/1884251494901506467
# Reference: https://www.virustotal.com/gui/file/2b6a50140eb45dec89e7301b8f01e03751aeb7c40fbbc2cde73be7059b865467/detection

http://92.255.85.34
92.255.85.34:4444

# Reference: https://x.com/JAMESWT_MHT/status/1885211956635750899
# Reference: https://www.virustotal.com/gui/file/98857bd6e2c53f8695bba76500c14649ad079b5715ca53658d6afe072ea73057/detection

http://185.7.214.54
185.7.214.54:4411
antibot-v2.com

# Reference: https://www.virustotal.com/gui/file/c73164d91bc07cd812b7897f7660ce5dba9b28dc2452569b8e94389008c7a393/detection

199.247.0.169:7000

# Reference: https://www.virustotal.com/gui/file/98bd8cbd9e794d66dd9bab25206b11d0eda127a343e49ddf25b2ecdbe56d24c1/detection

79.110.49.32:7000

# Reference: https://x.com/JAMESWT_MHT/status/1887403342134911070

barleyjack.com
caymanluxurycars.com
secureverifys.com
booking.secureverifys.com

# Reference: https://x.com/malwrhunterteam/status/1889280809690935475
# Reference: https://x.com/JAMESWT_MHT/status/1889313410187223253
# Reference: https://www.virustotal.com/gui/file/4e196693e5613b4585e4dd4ae694e21a0bf90854d916629e465ad2cfcc1e945a/detection

211.154.30.119:8889
bozatime.com
dageipp.com
inkipp.com
iploveipp.com
ippiboza.com
iptimeip.com
pinkippp.com

# Reference: https://x.com/JAMESWT_MHT/status/1889939320787837184
# Reference: https://www.virustotal.com/gui/file/53a2f686422f9f71b69d3a9699661c96dc1375d490ea188d5141bb1e8ae89029/detection

http://147.45.44.42
extrareviewshelps.com
userveriff02.com

# Reference: https://x.com/JAMESWT_MHT/status/1889982062813434365
# Reference: https://app.any.run/tasks/0820e1df-f515-4b0e-a647-ad58399f1044
# Reference: https://www.virustotal.com/gui/file/d8e3240539b9d124c081506af59cf87d47b89139e423894063ac9389697b49a2/detection

178.215.224.234:2627

# Reference: https://x.com/skocherhan/status/1890358780845592613

http://45.141.26.234

# Reference: https://www.virustotal.com/gui/file/128f3b5bbb0df4d1e5a7811fe67adfa050f57a1fa6ade372909cf3e42d82ce07/detection
# Reference: https://www.virustotal.com/gui/file/2664290d6524ba9f1f028091fb85437277216dc28f2a22f03019bd2cb3fe2213/detection

http://95.169.196.36
185.196.10.132:7004
hithitlwer.zapto.org

# Reference: https://x.com/James_inthe_box/status/1892608373763285320

jks2b.duckdns.org
kxwrmf.duckdns.org

# Reference: https://x.com/abuse_ch/status/1893992910640787846
# Reference: https://www.virustotal.com/gui/file/07253a1e6616775fcf3fa678512f2e18c0b557b043127b14b3446aa352e99d49/detection

185.7.214.108:4411

# Reference: https://x.com/JAMESWT_MHT/status/1893920341463798044
# Reference: https://x.com/JAMESWT_MHT/status/1893920341463798044

einfach-mieten.eu
idewgustarens.com
booking.idewgustarens.com

# Reference: https://x.com/ankit_anubhav/status/1895061182689747333
# Reference: https://www.trellix.com/blogs/research/old-loader-new-threat-exploring-xworm/
# Reference: https://www.virustotal.com/gui/file/97791eba8ac9745155cea4cc1a90e44765a97b840441220ec13c82f719c65f1a/detection
# Reference: https://www.virustotal.com/gui/file/0cb40d6d8632484701ae905790cecd199193e9d67c7dafb26a19537a7988bbc4/detection
# Reference: https://www.virustotal.com/gui/file/00278f7bf28ff1be14d9e60bc6f5c9c5a4f40890125de35281c189cdae90fc0a/detection

94.156.227.37:1888
abodeupdatenew.blogspot.com
adobeacrobateupdate2023.blogspot.com
adobeupdate2023.blogspot.com
updatepower2023.blogspot.com
updatingmsoffice.blogspot.com
urlintimacygoombguch.blogspot.com
zenova.duckdns.org

# Reference: https://x.com/JAMESWT_MHT/status/1895068571211903002
# Reference: https://www.virustotal.com/gui/file/2c83b873dd678cbf90c9344645d902ad31f5fd2d22c17bceda29e933986873af/detection

92.255.57.221:4414
capthumam.com
pagesparthnerinform.com

# Reference: https://www.virustotal.com/gui/file/df07b378a833528cca8012ec0bd65f06372ccf23262b9930c246d8758cef342a/detection

128.90.104.58:6161
128.90.107.225:6161
128.90.170.70:6161
128.90.59.193:6161
178.208.168.121:6161
178.208.168.166:6161
178.208.168.185:6161
178.208.168.188:6161
178.208.168.190:6161
178.208.168.201:6161
178.208.169.63:6161
ohsexoh.freeddns.org

# Reference: https://www.virustotal.com/gui/file/c5699ec6088f12d776edb4be4dec341a3b2653e56cc5c650be8dc231455460e8/detection

178.208.168.230:6161

# Reference: https://www.virustotal.com/gui/file/b2e678427428898f46899140fea44fcad52acf5a614427981d357b23d5f77607/detection

178.208.168.111:6161

# Reference: https://www.virustotal.com/gui/file/1d9a6edc55a547b9e522b3dd7f40aebc3f1c4761070294cc56e328800569fc45/detection

128.90.141.117:6161

# Reference: https://www.virustotal.com/gui/file/1791d00fbe569489f48cf5e56b9a2a9b71d3c17096df4982668f51d512b820c5/detection

178.208.169.139:6161

# Reference: https://www.virustotal.com/gui/file/6d912537a24dbae09f0f21bcdf3bce90b4c18a7e46bfb82740ce32ac9a64726b/detection
# Reference: https://www.virustotal.com/gui/file/3820ba1b904b190f6f81a23a4a03bfcbb3897bc6bcc4544ac909dfb9ee4652cb/detection

178.208.169.87:6161
boobs.ddnsfree.com

# Reference: https://www.virustotal.com/gui/file/0002b41ca7933e03cd6f70e789e0f677a623a84fac7f1e856fdfbfabfb864d4d/detection

179.118.199.252:5555
christcrucifiedinternational.store

# Reference: https://x.com/skocherhan/status/1896075970874130701
# Reference: https://www.virustotal.com/gui/file/1e6c87e492d90fbc4b9d2a16676a58735e33861f780c6c3020869337a0ccfc82/detection

147.185.221.19:47430
politics-fiber.gl.at.ply.gg

# Reference: https://x.com/James_inthe_box/status/1897703110233203123
# Reference: https://app.any.run/tasks/4be36a6c-15e4-4c50-99e7-d95eb48bd88a

147.185.221.25:57007
growth-screening.gl.at.ply.gg

# Reference: https://app.validin.com/detail?find=147.185.221.25&type=ip4#tab=resolutions (# 2025-03-06)

accessories-fame.gl.at.ply.gg
account-explosion.gl.at.ply.gg
across-guest.gl.at.ply.gg
activity-wax.gl.at.ply.gg
activity-weight.gl.at.ply.gg
administration-till.gl.at.ply.gg
after-sent.gl.at.ply.gg
against-generator.gl.at.ply.gg
airport-forums.gl.at.ply.gg
airport-reporter.gl.at.ply.gg
al-three.gl.at.ply.gg
allows-announces.gl.at.ply.gg
also-keeping.gl.at.ply.gg
also-nr.gl.at.ply.gg
america-depending.gl.at.ply.gg
amount-nightlife.gl.at.ply.gg
another-echo.gl.at.ply.gg
apply-sand.gl.at.ply.gg
are-though.gl.at.ply.gg
asked-jd.gl.at.ply.gg
audio-pending.gl.at.ply.gg
author-reflects.gl.at.ply.gg
awards-problem.gl.at.ply.gg
back-spots.gl.at.ply.gg
bad-motor.gl.at.ply.gg
battery-mercedes.gl.at.ply.gg
beautiful-microphone.gl.at.ply.gg
beginning-usually.gl.at.ply.gg
benefits-lift.gl.at.ply.gg
between-email.gl.at.ply.gg
bin-mud.gl.at.ply.gg
blog-competitive.gl.at.ply.gg
blood-pattern.gl.at.ply.gg
board-apartment.gl.at.ply.gg
board-kills.gl.at.ply.gg
board-tigers.gl.at.ply.gg
books-unless.gl.at.ply.gg
built-among.gl.at.ply.gg
bush-ana.gl.at.ply.gg
button-utah.gl.at.ply.gg
calendar-merely.gl.at.ply.gg
card-funny.gl.at.ply.gg
career-paperbacks.gl.at.ply.gg
categories-stockings.gl.at.ply.gg
category-tar.gl.at.ply.gg
certain-advanced.gl.at.ply.gg
change-harvest.gl.at.ply.gg
changes-collection.gl.at.ply.gg
chapter-soon.gl.at.ply.gg
children-timing.gl.at.ply.gg
cities-annex.gl.at.ply.gg
clear-honors.gl.at.ply.gg
cnet-prostores.gl.at.ply.gg
co-ar.gl.at.ply.gg
color-electric.gl.at.ply.gg
come-edmonton.gl.at.ply.gg
comment-barn.gl.at.ply.gg
common-instructional.gl.at.ply.gg
communication-machine.gl.at.ply.gg
compare-qualify.gl.at.ply.gg
conference-std.gl.at.ply.gg
considered-breast.gl.at.ply.gg
content-jaguar.gl.at.ply.gg
contract-released.gl.at.ply.gg
copy-llp.gl.at.ply.gg
corporate-nine.gl.at.ply.gg
cost-hughes.gl.at.ply.gg
council-boc.gl.at.ply.gg
county-organize.gl.at.ply.gg
cover-expanded.gl.at.ply.gg
cross-real.gl.at.ply.gg
cut-directory.gl.at.ply.gg
daily-sexually.gl.at.ply.gg
dance-accident.gl.at.ply.gg
data-save.gl.at.ply.gg
debt-milton.gl.at.ply.gg
degree-islands.gl.at.ply.gg
details-telescope.gl.at.ply.gg
discussion-ix.gl.at.ply.gg
discussion-levy.gl.at.ply.gg
display-outputs.gl.at.ply.gg
distance-shows.gl.at.ply.gg
doing-pupils.gl.at.ply.gg
door-bottom.gl.at.ply.gg
downloads-shown.gl.at.ply.gg
drive-barcelona.gl.at.ply.gg
drive-mens.gl.at.ply.gg
during-restriction.gl.at.ply.gg
dvd-crossword.gl.at.ply.gg
early-doll.gl.at.ply.gg
effect-parcel.gl.at.ply.gg
effect-weeks.gl.at.ply.gg
employees-jamaica.gl.at.ply.gg
enter-flowers.gl.at.ply.gg
entire-brick.gl.at.ply.gg
entire-seeker.gl.at.ply.gg
est-review.gl.at.ply.gg
et-computed.gl.at.ply.gg
europe-strange.gl.at.ply.gg
excellent-showcase.gl.at.ply.gg
exchange-syndicate.gl.at.ply.gg
experience-departmental.gl.at.ply.gg
family-floors.gl.at.ply.gg
fat-couple.gl.at.ply.gg
fax-compliant.gl.at.ply.gg
features-exclude.gl.at.ply.gg
feb-arrested.gl.at.ply.gg
federal-heads.gl.at.ply.gg
feedback-both.gl.at.ply.gg
feedback-dow.gl.at.ply.gg
fees-music.gl.at.ply.gg
find-soup.gl.at.ply.gg
flash-affordable.gl.at.ply.gg
flash-sans.gl.at.ply.gg
florida-guild.gl.at.ply.gg
force-impressed.gl.at.ply.gg
foreign-bit.gl.at.ply.gg
found-believe.gl.at.ply.gg
friday-thai.gl.at.ply.gg
friendly-nest.gl.at.ply.gg
front-trader.gl.at.ply.gg
fully-controversial.gl.at.ply.gg
fund-jacob.gl.at.ply.gg
fund-later.gl.at.ply.gg
furniture-tray.gl.at.ply.gg
game-es.gl.at.ply.gg
game-they.gl.at.ply.gg
general-hebrew.gl.at.ply.gg
general-vermont.gl.at.ply.gg
germany-animal.gl.at.ply.gg
gold-blackberry.gl.at.ply.gg
goods-burner.gl.at.ply.gg
google-su.gl.at.ply.gg
got-query.gl.at.ply.gg
great-printer.gl.at.ply.gg
greater-districts.gl.at.ply.gg
group-rats.gl.at.ply.gg
guide-carb.gl.at.ply.gg
hall-shine.gl.at.ply.gg
have-process.gl.at.ply.gg
have-stamps.gl.at.ply.gg
head-annoying.gl.at.ply.gg
heart-colleges.gl.at.ply.gg
high-suggesting.gl.at.ply.gg
higher-accessory.gl.at.ply.gg
homepage-radios.gl.at.ply.gg
homes-helps.gl.at.ply.gg
homes-lee.gl.at.ply.gg
hospital-donor.gl.at.ply.gg
house-jungle.gl.at.ply.gg
housing-balanced.gl.at.ply.gg
html-savage.gl.at.ply.gg
idea-computing.gl.at.ply.gg
if-eventually.gl.at.ply.gg
ii-aim.gl.at.ply.gg
images-hunting.gl.at.ply.gg
important-focal.gl.at.ply.gg
included-output.gl.at.ply.gg
income-couples.gl.at.ply.gg
inside-colored.gl.at.ply.gg
institute-asset.gl.at.ply.gg
internet-sally.gl.at.ply.gg
ip-nonprofit.gl.at.ply.gg
issues-sarah.gl.at.ply.gg
item-gnu.gl.at.ply.gg
its-definitely.gl.at.ply.gg
its-inch.gl.at.ply.gg
january-truly.gl.at.ply.gg
journal-maui.gl.at.ply.gg
kind-sofa.gl.at.ply.gg
known-php.gl.at.ply.gg
la-accreditation.gl.at.ply.gg
la-judgment.gl.at.ply.gg
lake-gui.gl.at.ply.gg
land-long.gl.at.ply.gg
language-you.gl.at.ply.gg
large-weak.gl.at.ply.gg
last-isa.gl.at.ply.gg
last-would.gl.at.ply.gg
late-outdoors.gl.at.ply.gg
latest-adjusted.gl.at.ply.gg
learning-concerned.gl.at.ply.gg
learning-n.gl.at.ply.gg
left-filled.gl.at.ply.gg
letter-diamonds.gl.at.ply.gg
library-villas.gl.at.ply.gg
linux-submissions.gl.at.ply.gg
live-heather.gl.at.ply.gg
located-java.gl.at.ply.gg
logo-kerry.gl.at.ply.gg
long-cg.gl.at.ply.gg
look-omega.gl.at.ply.gg
loss-justin.gl.at.ply.gg
lot-clothes.gl.at.ply.gg
love-whatever.gl.at.ply.gg
lower-seemed.gl.at.ply.gg
made-differential.gl.at.ply.gg
makes-triangle.gl.at.ply.gg
mar-contest.gl.at.ply.gg
match-os.gl.at.ply.gg
matter-sets.gl.at.ply.gg
meeting-bet.gl.at.ply.gg
memory-lottery.gl.at.ply.gg
methods-rats.gl.at.ply.gg
models-needed.gl.at.ply.gg
modified-begun.gl.at.ply.gg
names-copying.gl.at.ply.gg
need-grants.gl.at.ply.gg
needs-mba.gl.at.ply.gg
net-enable.gl.at.ply.gg
networks-vitamin.gl.at.ply.gg
never-ot.gl.at.ply.gg
new-ordinary.gl.at.ply.gg
news-cultures.gl.at.ply.gg
news-strict.gl.at.ply.gg
nice-otherwise.gl.at.ply.gg
nokia-leading.gl.at.ply.gg
numbers-insights.gl.at.ply.gg
object-gamecube.gl.at.ply.gg
offered-vendors.gl.at.ply.gg
ohio-chris.gl.at.ply.gg
oil-discipline.gl.at.ply.gg
only-desk.gl.at.ply.gg
organizations-acres.gl.at.ply.gg
organizations-swing.gl.at.ply.gg
original-structural.gl.at.ply.gg
other-little.gl.at.ply.gg
our-incidents.gl.at.ply.gg
our-sw.gl.at.ply.gg
overall-invisible.gl.at.ply.gg
package-foods.gl.at.ply.gg
package-mother.gl.at.ply.gg
partner-ferry.gl.at.ply.gg
pass-argue.gl.at.ply.gg
paul-nw.gl.at.ply.gg
paypal-emirates.gl.at.ply.gg
per-cassette.gl.at.ply.gg
per-techno.gl.at.ply.gg
perfect-ringtones.gl.at.ply.gg
person-mustang.gl.at.ply.gg
person-roland.gl.at.ply.gg
phone-trinidad.gl.at.ply.gg
please-circulation.gl.at.ply.gg
plus-improve.gl.at.ply.gg
points-challenges.gl.at.ply.gg
political-antivirus.gl.at.ply.gg
post-ton.gl.at.ply.gg
pre-celebration.gl.at.ply.gg
present-seeds.gl.at.ply.gg
president-update.gl.at.ply.gg
primary-organizing.gl.at.ply.gg
primary-tba.gl.at.ply.gg
printer-foundations.gl.at.ply.gg
prior-ks.gl.at.ply.gg
probably-fields.gl.at.ply.gg
profile-pixels.gl.at.ply.gg
programming-identifying.gl.at.ply.gg
programs-her.gl.at.ply.gg
projects-secretary.gl.at.ply.gg
properties-sight.gl.at.ply.gg
protection-ballot.gl.at.ply.gg
protein-ph.gl.at.ply.gg
provides-looksmart.gl.at.ply.gg
publication-glossary.gl.at.ply.gg
publications-electronic.gl.at.ply.gg
purpose-terror.gl.at.ply.gg
put-welfare.gl.at.ply.gg
questions-rendering.gl.at.ply.gg
quote-symposium.gl.at.ply.gg
range-coleman.gl.at.ply.gg
rated-obituaries.gl.at.ply.gg
rates-sir.gl.at.ply.gg
real-saw.gl.at.ply.gg
received-night.gl.at.ply.gg
recent-keywords.gl.at.ply.gg
records-spank.gl.at.ply.gg
regarding-states.gl.at.ply.gg
region-electron.gl.at.ply.gg
remove-proceedings.gl.at.ply.gg
request-mel.gl.at.ply.gg
required-mold.gl.at.ply.gg
required-willing.gl.at.ply.gg
resource-intensity.gl.at.ply.gg
respect-hits.gl.at.ply.gg
restaurants-stan.gl.at.ply.gg
result-genres.gl.at.ply.gg
richard-stuck.gl.at.ply.gg
rights-regime.gl.at.ply.gg
ring-cj.gl.at.ply.gg
safe-synopsis.gl.at.ply.gg
safe-tamil.gl.at.ply.gg
safety-h.gl.at.ply.gg
say-oops.gl.at.ply.gg
score-records.gl.at.ply.gg
sea-curves.gl.at.ply.gg
search-varies.gl.at.ply.gg
searches-jimmy.gl.at.ply.gg
sellers-spam.gl.at.ply.gg
sep-reseller.gl.at.ply.gg
server-belarus.gl.at.ply.gg
set-reduces.gl.at.ply.gg
shall-arranged.gl.at.ply.gg
should-reductions.gl.at.ply.gg
simply-exotic.gl.at.ply.gg
sites-ascii.gl.at.ply.gg
skin-remember.gl.at.ply.gg
smith-occurring.gl.at.ply.gg
so-pad.gl.at.ply.gg
so-trek.gl.at.ply.gg
social-decorative.gl.at.ply.gg
society-theology.gl.at.ply.gg
songs-excluding.gl.at.ply.gg
sony-duties.gl.at.ply.gg
soon-logical.gl.at.ply.gg
speed-janet.gl.at.ply.gg
sports-lows.gl.at.ply.gg
started-chelsea.gl.at.ply.gg
started-quotations.gl.at.ply.gg
state-franklin.gl.at.ply.gg
still-fwd.gl.at.ply.gg
storage-plugin.gl.at.ply.gg
stories-smtp.gl.at.ply.gg
story-blacks.gl.at.ply.gg
story-earthquake.gl.at.ply.gg
studio-teaching.gl.at.ply.gg
success-evans.gl.at.ply.gg
such-five.gl.at.ply.gg
such-suspect.gl.at.ply.gg
sunday-chronicle.gl.at.ply.gg
sunday-n.gl.at.ply.gg
support-mere.gl.at.ply.gg
surface-toolbox.gl.at.ply.gg
table-goals.gl.at.ply.gg
table-hon.gl.at.ply.gg
take-continually.gl.at.ply.gg
take-reporters.gl.at.ply.gg
talk-weights.gl.at.ply.gg
target-gonna.gl.at.ply.gg
teachers-caught.gl.at.ply.gg
technical-heart.gl.at.ply.gg
television-currently.gl.at.ply.gg
text-eh.gl.at.ply.gg
than-adaptation.gl.at.ply.gg
thanks-viewers.gl.at.ply.gg
theory-taught.gl.at.ply.gg
therefore-faced.gl.at.ply.gg
these-kick.gl.at.ply.gg
think-penn.gl.at.ply.gg
though-genome.gl.at.ply.gg
three-under.gl.at.ply.gg
thu-why.gl.at.ply.gg
thursday-ultram.gl.at.ply.gg
time-patient.gl.at.ply.gg
together-wanted.gl.at.ply.gg
tools-jam.gl.at.ply.gg
total-believed.gl.at.ply.gg
total-travelling.gl.at.ply.gg
trip-thesaurus.gl.at.ply.gg
trust-sri.gl.at.ply.gg
uk-satisfy.gl.at.ply.gg
uk-theory.gl.at.ply.gg
understand-drugs.gl.at.ply.gg
understand-shakira.gl.at.ply.gg
unit-iowa.gl.at.ply.gg
updates-aqua.gl.at.ply.gg
url-murphy.gl.at.ply.gg
usa-brands.gl.at.ply.gg
usb-transaction.gl.at.ply.gg
uses-charged.gl.at.ply.gg
version-katie.gl.at.ply.gg
very-stars.gl.at.ply.gg
video-josh.gl.at.ply.gg
warning-found.gl.at.ply.gg
wednesday-super.gl.at.ply.gg
weight-touched.gl.at.ply.gg
western-bright.gl.at.ply.gg
why-familiar.gl.at.ply.gg
wide-casting.gl.at.ply.gg
window-prize.gl.at.ply.gg
windows-animated.gl.at.ply.gg
wine-attractions.gl.at.ply.gg
without-affecting.gl.at.ply.gg
women-workshops.gl.at.ply.gg
wood-matches.gl.at.ply.gg
words-mandatory.gl.at.ply.gg
work-ian.gl.at.ply.gg
worldwide-serial.gl.at.ply.gg
xml-calculate.gl.at.ply.gg
yes-dec.gl.at.ply.gg
yet-involving.gl.at.ply.gg
you-cigarette.gl.at.ply.gg

# Reference: https://x.com/malwrhunterteam/status/1897994595734004178
# Reference: https://www.virustotal.com/gui/file/4f43e8d90f82a6556d354a707fcbd355528755c0089e254ad249694855f26047/detection
# Reference: https://www.virustotal.com/gui/file/b18ed93dd979c6233b1ce6e195338a57243f2a71e6147311aaf06fccea1d20c7/detection
# Reference: https://www.virustotal.com/gui/file/df2ffecdfecc6eec6cbb8f28d193257c99cf22a9204a95f2a6b7d4ca3504276d/detection
# Reference: https://www.virustotal.com/gui/file/e3f141aeea820a23216db5919e80573b1e5675e98a3c02a67d2e7b576ef269b5/detection

102.211.232.41:8843
193.32.177.63:6000
cf-prod-cap.cfd
meowycatty.ddns.net

# Reference: https://x.com/malwrhunterteam/status/1899461570314305955
# Reference: https://tria.ge/250312-kvh32atrt6/behavioral2
# Reference: https://www.virustotal.com/gui/file/4a95b7a4d61c0742311b8f82170380134663501eb4621c054676f6377b2ead35/detection
# Reference: https://www.virustotal.com/gui/file/1040de898c12d2e892f2cd06de55e293c6782ab5b571e0a5d23fb9b6fdabe141/detection

143.177.123.99:5937
79.110.49.92:5938
rushingnews.com
acehere.duckdns.org
acewashere.duckdns.org

# Reference: https://x.com/malwrhunterteam/status/1899437484087419034
# Reference: https://www.virustotal.com/gui/file/b080fde84370f5a8189e64acf70c9dc7e1a15f46eda1de089720ef660cbbac71/detection

185.111.159.87:7000

# Reference: https://x.com/ShanHolo/status/1899457637185364016
# Reference: https://www.virustotal.com/gui/file/9d1583f8d6ca37ad2111fb88d94c73170b9ef4afdc0c5941246c4f106ee81a41/detection

176.65.144.116:7232

# Reference: https://x.com/JAMESWT_MHT/status/1900198202864771090
# Reference: https://www.virustotal.com/gui/file/0d0da6dc9386f17c30a6d7fcc9ff7458cce2a7b1feef7b2329d49e61ddfda639/detection

http://92.255.85.66
92.255.85.66:7000
booklistingreserv.com
cpte-view.com

# Reference: https://x.com/malwrhunterteam/status/1900818097495269407
# Reference: https://www.virustotal.com/gui/file/88502ddda4ea16f7c1d8929e681902e67895cbee56f31ce2fc77c8420de0a8ac/detection

83.147.240.230:7000

# Reference: https://x.com/malwrhunterteam/status/1900848654631485592
# Reference: https://www.virustotal.com/gui/file/ba4a4b9fd3edf1c5cb615aa5785d1712d76d7a296809743ec96bc266a8c9240e/detection
# Reference: https://www.virustotal.com/gui/file/7ae46a3195e74ce00c80cec4233a4a5639b90524e012f72c66d3a613db39a178/detection

196.251.83.219:6666

# Reference: https://x.com/K_N1kolenko/status/1900495202210517408

146.103.11.190:7000
154.12.89.132:7000
160.191.244.26:7000
164.92.163.239:2382
172.245.191.79:3030
172.81.130.145:7000
18.219.166.140:7000
194.59.31.210:7000
45.125.216.54:7000
45.141.26.113:7000
45.61.133.198:4782
47.242.58.178:7000

# Reference: https://x.com/JAMESWT_MHT/status/1900453924051591352

guests-reservid.com
w19-seasalt.com
booking.guests-reservid.com

# Reference: https://x.com/JAMESWT_MHT/status/1901687319070953934
# Reference: https://www.virustotal.com/gui/file/3e07777e315c483cc11349729bece9710b14b4b46df8819bf51b46c69ef9f6c7/detection

http://92.255.85.2
92.255.85.2:4372
alt-check-v3.com
boxiesreservguste.com

# Reference: https://x.com/skocherhan/status/1902149134028587185
# Reference: https://www.virustotal.com/gui/file/e715bae35871a6de4310b1c3e523809c06178d10839243aee184ba96dafd121f/detection

147.185.221.25:64864

# Reference: https://www.virustotal.com/gui/file/0020d06753473779a42d5e23d08ca3078cb34524c0f2e4863626eee7b17dd8af/detection

147.185.221.26:16713
147.185.221.26:3601
develop-six.gl.at.ply.gg
else-howard.gl.at.ply.gg

# Reference: https://www.virustotal.com/gui/file/005f2d7cc69474526b6e0a0f16b47ec0b10634da37ba9a0d5e38598590a653d8/detection

147.185.221.26:29882

# Reference: https://x.com/Jane_0sint/status/1902110126791631275

147.185.221.26:12171

# Reference: https://www.virustotal.com/gui/file/9ad39d4e8ac02831203198aaa982d01aba9ad6b5af04aa9d2caefdb635f97f83/detection

142.126.223.232:7000

# Reference: https://x.com/malwrhunterteam/status/1904157265424159213
# Reference: https://www.virustotal.com/gui/file/d24cf525214c3b9a331d03c99693d22cfd5e1af5da5b3f310dce9814876d2fbb/detection

83.147.240.230:7001
coprophile.bounceme.net

# Reference: https://x.com/malwrhunterteam/status/1904168577978052874
# Reference: https://app.validin.com/detail?find=45.154.98.138&type=ip4&ref_id=a2e8b275cb9#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/7ee8506c982c0e86ffa495f432304e9c5b61bc4bdb0485bf99ea8bc4ce731966/detection

194.26.192.222:5939
legalcitation.online
onlyfans.fans
onlyfans.gift
onlyfans.ngo
onlyfans.ong
rugcheck.me
tritonaddon.pro
truetriton.online
zoomnews.net

# Reference: https://x.com/salmanvsf/status/1904442042228576653
# Reference: https://www.virustotal.com/gui/file/45c1a1ac2c11aa6159312ac93588c6faa46d58ca3995b3d6ac0d97ef385b9c25/detection

95.216.115.242:33333

# Reference: https://x.com/smica83/status/1905034031734862241
# Reference: https://tria.ge/250326-2yhecawqv2/behavioral1

45.55.35.48:5643

# Reference: https://x.com/skocherhan/status/1906550661681954857
# Reference: https://www.virustotal.com/gui/file/5377d9cb20da2b4ac916656368967b5ac6c37afd705c9fec78f83994c48b6535/detection

147.185.221.16:46358
final-species.gl.at.ply.gg

# Reference: https://x.com/smica83/status/1906413284942578016
# Reference: https://tria.ge/250330-w29ecatxby/behavioral2

147.185.221.21:26461
functions-pressing.gl.at.ply.gg

# Reference: https://x.com/malwrhunterteam/status/1907772488781627824
# Reference: https://www.virustotal.com/gui/file/4b73f071b37da9dc75fc66c196d7aabc2788ecde9041972d0a9599afdd7321c6/detection

http://195.82.147.81
103.167.91.129:7000
app-updater1.app

# Reference: https://www.virustotal.com/gui/file/5a30d16582045c0eebd0bd18f9072e0d96e6446a9f2e15eed812603bb8c81f06/detection

http://166.88.132.192
109.176.30.246:56002

# Reference: https://x.com/ShanHolo/status/1908820465067450612
# Reference: https://www.virustotal.com/gui/file/fe6b8895a77d58f352c158ce9915ef7abd1257acbc62495e8898174712c18c26/detection

54.255.78.234:55400
defender.servehttp.com

# Reference: https://x.com/solostalking/status/1912033455094845657
# Reference: https://www.virustotal.com/gui/file/792ca88d4dc2d4b6070e0cb738f6b9d466308bec6345a8fff23e45d1e229e4f8/detection

195.2.71.183:8081
195.2.71.183:8089
smithpropertysolutions.com
dontseekme.duckdns.org

# Reference: https://x.com/skocherhan/status/1911920748890927570
# Reference: https://www.virustotal.com/gui/file/a1f6e88d88b70aa9a76033732dc159475e06a2cb50af2f4a68de6f8a644cab27/detection

36.50.135.167:5552

# Reference: https://x.com/smica83/status/1913380036389790176
# Reference: https://tria.ge/250418-3vsxcaysey/behavioral1

45.88.186.43:7232

# Reference: https://threatfox.abuse.ch/browse/tag/XWorm/ (# 2025-04-20)

http://156.238.253.131
http://157.230.124.55
http://185.100.157.105
http://185.100.157.52
http://196.251.80.109
http://20.229.103.183
http://38.49.40.130
http://38.49.42.212
http://45.204.217.248
http://87.120.84.32
http://89.213.248.62
101.99.94.250:7000
102.129.168.25:7000
103.68.109.212:5000
103.82.53.199:7000
104.168.56.77:3360
104.238.190.12:6000
104.250.169.3:18970
108.181.162.232:1177
109.231.31.129:2021
109.248.151.106:8078
110.74.212.221:5556
116.251.133.7:37593
134.122.128.37:7000
137.184.74.73:5000
137.184.74.73:7000
139.59.228.234:22693
144.126.151.243:7000
147.124.210.158:7000
147.124.212.231:6262
147.185.221.18:13143
147.185.221.19:11694
147.185.221.21:2226
147.185.221.21:4709
147.185.221.22:46682
147.185.221.24:15372
147.185.221.25:18007
147.185.221.25:19243
147.185.221.25:19298
147.185.221.25:20096
147.185.221.25:23913
147.185.221.25:24376
147.185.221.25:27113
147.185.221.25:40719
147.185.221.25:49242
147.185.221.25:51330
147.185.221.25:53264
147.185.221.25:55804
147.185.221.25:63018
147.185.221.25:7560
147.185.221.26:1316
147.185.221.26:19376
147.185.221.26:27770
147.185.221.26:32463
147.185.221.26:42069
147.185.221.26:46374
147.185.221.26:63713
147.185.221.27:29750
147.185.221.27:40331
147.185.221.27:7416
147.185.221.27:7522
147.45.47.222:3991
154.12.16.122:45682
154.176.157.95:8000
154.203.197.118:58661
154.216.16.200:1212
154.216.16.41:7000
154.29.79.29:7000
157.20.182.169:1515
159.100.20.246:6382
159.203.126.35:22279
166.88.185.67:5353
172.111.137.164:3911
172.111.137.167:3911
172.111.138.100:1336
172.245.135.145:7090
172.94.9.134:19700
173.214.167.139:7000
176.113.115.170:4413
176.221.16.167:7000
176.65.141.214:1111
176.65.144.22:1111
178.250.188.144:22635
18.156.13.209:17223
18.230.108.113:1533
185.12.130.161:7789
185.143.228.176:5876
185.172.175.125:999
185.172.175.147:5555
185.186.26.103:8000
185.196.10.213:7000
185.201.252.121:5555
185.208.156.62:9009
185.224.0.222:7000
185.241.208.215:7000
185.7.214.181:4417
185.84.161.65:7000
190.111.98.121:3000
192.187.127.3:443
193.161.193.99:20903
193.161.193.99:21122
193.161.193.99:21182
193.161.193.99:22770
193.161.193.99:24245
193.161.193.99:25195
193.161.193.99:26832
193.161.193.99:31577
193.161.193.99:31668
193.161.193.99:32310
193.161.193.99:34347
193.161.193.99:35188
193.161.193.99:35830
193.161.193.99:36182
193.161.193.99:36577
193.161.193.99:37631
193.161.193.99:37668
193.161.193.99:38554
193.161.193.99:38853
193.161.193.99:39109
193.161.193.99:41850
193.161.193.99:48477
193.161.193.99:61193
193.161.193.99:62208
193.233.113.143:7777
193.31.28.181:7000
194.26.192.127:5939
195.10.205.186:6699
195.177.95.145:6666
195.211.191.145:3911
196.251.113.81:7000
196.251.69.96:7789
196.251.70.152:5000
196.251.80.109:7722
196.251.89.42:2121
198.12.127.183:2020
198.7.115.133:7772
2.58.56.54:7771
20.229.103.183:443
206.123.152.101:3399
206.123.152.103:3911
206.123.152.36:3977
206.123.152.99:3399
207.174.40.240:7000
208.91.189.69:7000
213.136.90.188:8081
213.142.148.34:3162
23.226.129.25:5353
3.127.181.115:14267
3.147.52.12:7771
38.69.15.119:7000
42.117.80.199:1987
45.138.16.211:7000
45.138.16.245:7122
45.141.215.107:7000
45.141.26.16:7789
45.141.26.234:443
45.141.26.59:7000
45.141.26.59:8088
45.141.27.118:7777
45.145.43.244:1111
45.157.233.162:8345
45.200.149.15:7000
45.32.153.7:7005
45.88.91.108:7000
45.88.91.186:1000
46.153.249.193:443
47.76.212.233:7771
5.141.215.107:7000
5.180.155.29:6666
5.252.153.178:1488
51.89.253.21:1604
66.118.245.221:3333
77.105.164.175:7000
77.91.102.202:4566
77.93.28.66:2323
79.110.49.98:1223
85.17.23.153:3984
85.203.4.227:7000
87.120.114.42:7000
87.120.125.47:7000
87.247.158.212:4444
89.213.248.62:7777
89.23.102.30:1488
91.211.250.177:7000
91.212.166.86:7000
91.212.166.99:4404
91.217.77.77:7000
91.219.236.248:7000
91.92.255.111:1093
93.127.132.136:10003
93.95.119.225:2222
94.124.192.220:4443
94.228.117.59:8000
0xmicrosoft.duckdns.org
123123asd-39109.portmap.host
3skr.uncofig.com
aadcdn.onlineauth2-client4765445b-32c6-49b0-83e6-1d93765276.com
abobustsb-31029.portmap.host
aboltustimoha-43339.portmap.host
abuwire123.ddns.net
abuwire123h.ddns.net
access-expenses.gl.at.ply.gg
accommodation-cambridge.gl.at.ply.gg
accommodation-necessity.gl.at.ply.gg
ad-parallel.gl.at.ply.gg
ad-samoa.gl.at.ply.gg
ad-stayed.gl.at.ply.gg
adilfgilitter-22453.portmap.host
adilfgilitter-43126.portmap.host
administration-kinda.gl.at.ply.gg
adrianmoritoru-34347.portmap.io
again-general.gl.at.ply.gg
ak6-48477.portmap.host
ak8-20226.portmap.host
although-cholesterol.gl.at.ply.gg
argusishere.ddns.net
around-four.gl.at.ply.gg
asia-capabilities.gl.at.ply.gg
assistance-arbitration.gl.at.ply.gg
availability-population.gl.at.ply.gg
awedfwf-31577.portmap.host
awiero-42728.portmap.hosh
awiero-42728.portmap.host
baby.uncofig.com
bensgaming.scr
biwona3847-22770.portmap.host
blhwlxzgy.localto.net
booking.chekagustario.com
bragawhitx.duckdns.org
brkksylunm.duckdns.org
buy-diving.gl.at.ply.gg
cameras-happen.gl.at.ply.gg
cart-care.gl.at.ply.gg
chekagustario.com
choose-lamb.gl.at.ply.gg
ck1234-47763.portmap.host
clarkk-37631.portmap.host
client.fahrerscheinonlineholen.de
contract-releases.gl.at.ply.gg
control-studios.gl.at.ply.gg
coolguy12-30292.portmap.host
dalsksafksdlgskgdkhdfkfhdflhkdkkdrt.rodeo
database-victoria.gl.at.ply.gg
develop-enzyme.gl.at.ply.gg
developed-headline.gl.at.ply.gg
doberman-proper-bengal.ngrok-free.app
documents-johnny.gl.at.ply.gg
done-cashiers.gl.at.ply.gg
dwasf-31668.portmap.host
elfarbta3y.duckdns.org
english-finest.gl.at.ply.gg
eur-agriculture.gl.at.ply.gg
evolution007.hopto.org
expressblessingnow001.duckdns.org
extra-internationally.gl.at.ply.gg
ezlols-61193.portmap.host
faceit.teaminvitings.com
fax-costumes.gl.at.ply.gg
feb-travelers.gl.at.ply.gg
female-hills.gl.at.ply.gg
flame3135-44263.portmap.host
fpaul-nw.gl.at.ply.gg
freeetradingzone.duckdns.org
frenchy-59364.portmap.host
gamwtonxristo.ddns.net
german-kuwait.gl.at.ply.gg
ghostofleet-24245.portmap.host
ghostofleet-41401.portmap.host
ghostofleet-49120.portmap.host
girl-cheats.gl.at.ply.gg
gmt-sherman.gl.at.ply.gg
gotob67920-30070.portmap.host
grand-ad.gl.at.ply.gg
grebolugvtx.duckdns.org
h1nday-41851.portmap.host
hai1723rat.serveminecraft.net
hardware-proceeds.gl.at.ply.gg
herald12x-35830.portmap.host
heya12-35320.portmap.host
hiesa-56152.portmap.host
hink-ruth.gl.at.ply.gg
hodh009-62208.portmap.host
hosting10-38853.portmap.io
however-prairie.gl.at.ply.gg
hrggrevsdc-21182.portmap.io
human-epinions.gl.at.ply.gg
iii-single.gl.at.ply.gg
improve-gis.gl.at.ply.gg
imthat1guyfrfr-32310.portmap.host
imthat1guyfrfr-36577.portmap.host
independent-money.gl.at.ply.gg
indian-alternate.gl.at.ply.gg
interface-owners.gl.at.ply.gg
its-jam.gl.at.ply.gg
january-firm.gl.at.ply.gg
javv-35412.portmap.host
javv-46764.portmap.host
jeggawire.ddns.net
jenoks-52356.portmap.host
jerrytech.duckdns.org
jmvjpwl3o.localto.net
jvurrwti4.localto.net
kerevif648-40446.portmap.host
kiibo-38554.portmap.host
kinggggg123212-33699.portmap.host
language-apnic.gl.at.ply.gg
language-lose.gl.at.ply.gg
lavoslegend-45873.portmap.host
lesetim132-41456.portmap.host
levels-lcd.gl.at.ply.gg
likejunk-40343.portmap.host
local-subsidiary.gl.at.ply.gg
loud-states-matter.loca.lt
lovrsysytem-62393.portmap.host
makes-tonight.gl.at.ply.gg
match-charity.gl.at.ply.gg
maxbusinessworld.duckdns.org
me-teams.gl.at.ply.gg
memesense.xyz
monhostip.ddns.net
mortgage-ctrl.gl.at.ply.gg
mrkoko-25195.portmap.io
multi-referral.gl.at.ply.gg
myskibiditoilet.zapto.org
neevloss-45722.portmap.host
network-shakespeare.gl.at.ply.gg
nipoto-62948.portmap.host
november-cope.gl.at.ply.gg
o-sufficient.gl.at.ply.gg
onlineauth2-client4765445b-32c6-49b0-83e6-1d93765276.com
onlinegames.ddnsfree.com
onlyfans.so
operates-rna.with.playit.plus
park-meetup.gl.at.ply.gg
please-explore.gl.at.ply.gg
plhotacepl-35143.portmap.io
poker-dosage.gl.at.ply.gg
popaylar-28758.portmap.host
portal.onlineauth2-client4765445b-32c6-49b0-83e6-1d93765276.com
pppaa-51102.portmap.host
projects-sunny.gl.at.ply.gg
provides-reduces.gl.at.ply.gg
quotes-honduras.gl.at.ply.gg
redslide-36078.portmap.host
remember-convenient.gl.at.ply.gg
remnew25.duckdns.org
reported-kissing.gl.at.ply.gg
resources-legacy.gl.at.ply.gg
rizzing-64354.portmap.host
rndik-156-193-90-159.a.free.pinggy.link
roke213-25164.portmap.host
round-nonprofit.gl.at.ply.gg
s-turned.gl.at.ply.gg
sackedrai-44446.portmap.host
sazgig.ddns.net
scotwire.ddns.net
scrimoooo-20903.portmap.host
sell-doctor.gl.at.ply.gg
seoudy.duckdns.org
serverlumen.ddns.net
show-commentary.gl.at.ply.gg
shown-narrow.gl.at.ply.gg
showport2025iii-57523.portmap.host
slavisa-36618.portmap.io
slavisa-45970.portmap.host
sleepyyasian-37412.portmap.host
slitt-62494.portmap.host
smegmamuncher.duckdns.org
society-jun.gl.at.ply.gg
someone-manually.gl.at.ply.gg
song-direct.gl.at.ply.gg
south-warriors.gl.at.ply.gg
sponef159-35748.portmap.host
srlyxktyxm.duckdns.org
star-considerable.gl.at.ply.gg
stop-email.gl.at.ply.gg
string-cities.gl.at.ply.gg
synoacoustic-48269.portmap.host
sywaxeha-41850.portmap.host
tageya-49060.portmap.host
taken-ghana.gl.at.ply.gg
tcp.cloudpub.ru
tesifa-38287.portmap.io
test131-50314.portmap.host
them-hobbies.gl.at.ply.gg
things-gap.gl.at.ply.gg
ticket90867-33014.portmap.host
tips-topics.gl.at.ply.gg
together-min.gl.at.ply.gg
transportation-physically.gl.at.ply.gg
transporting-displays.with.playit.plus
tripplebanks.duckdns.org
trumpmelanie.duckdns.org
trusting-smoke-90361.pktriot.net
uokota.online
userxmorma-27072.portmap.host
vanechkin-51361.portmap.host
venom111-58719.portmap.host
via-driving.gl.at.ply.gg
w-bridal.gl.at.ply.gg
w3rtex-42879.portmap.host
washedbrain0002-21456.portmap.io
wednju7d.ddns.net
wfazwqf-36182.portmap.host
winaz5555-21166.portmap.host
winnoniport-26832.portmap.host
wooff-21122.portmap.host
would-perspectives.gl.at.ply.gg
xclient.fahrerscheinonlineholen.de
xml-processor.gl.at.ply.gg
xwormdnslogs.ddns.net
xwormnewlog.duckdns.org
xwormnotcreated.duckdns.org
xwormuncreated.duckdns.org
y3yy5434yg3y4y-35188.portmap.host
yzkp-32965.portmap.host

# Reference: https://x.com/ShanHolo/status/1914267841714434527
# Reference: https://www.virustotal.com/gui/file/09369aa4795fd585bef27c3652d1d5cb7d9062dc0e1cbef01e9cde1ce06deae4/detection
# Reference: https://www.virustotal.com/gui/file/01e9fbf3946a2a7b6098bc9431d9cdf3d997e65baad66b601a54b89e84b6ca25/detection

176.97.210.4:3050
176.97.210.4:505
sex.ksr.lol

# Reference: https://www.virustotal.com/gui/file/bbb255a48003ebf0b39f33c675a4ef164656abb54dd5e84ded6387f92f25b030/detection

45.144.212.172:7032

# Reference: https://x.com/malwrhunterteam/status/1912223772888952977
# Reference: https://www.virustotal.com/gui/file/34203c28e4356ea614820d09d268b67724dd6c21d49c09f9ce3467906ba0dcb5/detection

70.36.118.142:7000

# Reference: https://x.com/malwrhunterteam/status/1915119473176330417
# Reference: https://www.virustotal.com/gui/file/61e4bed8a1643dec5d2b7189ff911550fe6548d749239ad7cce16befc45d80df/detection
# Reference: https://www.virustotal.com/gui/file/8c5fe58495e0a861fadcbeb6c02024af7f33dde5972471e5ebccff34b6818fa0/detection
# Reference: https://www.virustotal.com/gui/file/e6080831030afaa7c809100041868ad1ab6d9f0071c7ff34148d76e2824b44ff/detection
# Reference: https://www.virustotal.com/gui/file/bcdfe141041133fae809c463bf32709876513fb2061677288e32e2c6ee8667e5/detection

193.161.193.99:48899
548963904.vercel.app
autumn-wave-474e.jasonardnet.workers.dev
fancy-hill-6aef.jasonardnet.workers.dev
paperclip4-48899.portmap.io

# Reference: https://x.com/UNP4CK/status/1917297281323200765
# Reference: https://tria.ge/250429-s17btatny8/behavioral1

146.103.25.63:2467
146.103.25.63:3389

# Reference: https://x.com/NullPwner/status/1919113969845108972
# Reference: https://www.virustotal.com/gui/file/fda2f3d8e7905cfcbc8deb708275638e4da02a7185314d70ff6b0851481b1033/detection
# Reference: https://www.virustotal.com/gui/file/94792d6a5b22d8526dadcffb8ab451b291db4c6eaa92d8c7707aba0da4a54b68/detection

45.154.98.252:7001
winservicesconsole.duckdns.org

# Reference: https://www.virustotal.com/gui/file/db381454ebcb1237c4d54d1fdd244de8a35f5e53397371a385c54291f155ad97/detection

118.107.42.246:7000

# Reference: https://www.virustotal.com/gui/file/cd0e2c74e02edaad840e87698b8c123eae1166e2242eee581fa7803827ae92fb/detection

194.26.192.61:7000

# Reference: https://www.virustotal.com/gui/file/b059b6af00a0208032fff8e374fa5d97450b370dec734cb99d2e8cb97598c924/detection

194.26.192.61:7001

# Reference: https://www.virustotal.com/gui/file/952a4182b92ac1d0ef08b0f5037d0ec9806cef3717dab06fdf9ff1a3c9b225e8/detection

45.94.31.70:7000

# Reference: https://www.virustotal.com/gui/file/675f59c91fa75e8a6614b484a6a899466014ad4136180484292eb58f044cf8bb/detection

45.154.98.252:7771

# Reference: https://www.virustotal.com/gui/file/5cc27fd76197757cf83563603941706f41b97ee4f11d545f295506441987848e/detection

193.26.115.115:7000

# Reference: https://x.com/ShanHolo/status/1919355876239970432
# Reference: https://www.virustotal.com/gui/file/224343df909265a37a08bf25e190b099e131db115407629f6a300ba584fc61ef/detection
# Reference: https://www.virustotal.com/gui/file/ff08b999d482457ab56193cc1dd87e4ade2e84b991f540853b98ec0ee02ead6a/detection

91.192.100.40:8485
newlifejob.click
dnsuo.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.xworm/ (# 2025-05-06)

102.41.53.11:5505
103.17.38.43:7000
103.194.106.217:7000
103.217.111.54:7771
103.74.105.210:29525
103.78.0.137:5151
103.82.36.216:7000
104.168.32.88:1001
104.168.32.88:4479
104.194.144.105:7000
104.234.124.126:3360
104.248.232.25:7000
104.248.57.173:7812
104.28.212.228:2137
104.28.212.228:36691
104.28.244.231:63378
107.172.44.175:1889
107.172.44.175:4489
107.175.65.160:7000
108.181.199.16:7000
109.127.174.69:6458
109.61.108.172:8848
109.61.108.85:8848
134.175.85.30:8999
135.148.3.78:7001
140.245.40.189:4162
141.95.59.234:7000
142.147.96.74:7000
142.202.240.81:7232
142.93.39.159:8080
143.244.39.10:1234
144.217.187.1:7000
146.103.38.9:2467
147.185.221.16:11350
147.185.221.16:6258
147.185.221.18:39336
147.185.221.18:5059
147.185.221.18:55683
147.185.221.18:6000
147.185.221.19:13488
147.185.221.19:16347
147.185.221.19:6732
147.185.221.22:21456
147.185.221.22:40278
147.185.221.22:6666
147.185.221.23:26347
147.185.221.23:57797
147.185.221.23:7000
147.185.221.23:9841
147.185.221.24:53983
147.185.221.25:27380
147.185.221.25:30424
147.185.221.25:63795
147.185.221.26:14704
147.185.221.26:16031
147.185.221.26:20448
147.185.221.26:2121
147.185.221.26:23644
147.185.221.26:27759
147.185.221.26:29024
147.185.221.26:3333
147.185.221.26:4444
147.185.221.26:55201
147.185.221.26:57947
147.185.221.26:58041
147.185.221.26:60364
147.185.221.26:60731
147.185.221.26:62091
147.185.221.26:6222
147.185.221.27:10546
147.185.221.27:11106
147.185.221.27:1234
147.185.221.27:14606
147.185.221.27:16198
147.185.221.27:1742
147.185.221.27:17560
147.185.221.27:22489
147.185.221.27:24615
147.185.221.27:27180
147.185.221.27:2926
147.185.221.27:31149
147.185.221.27:37005
147.185.221.27:5300
147.185.221.27:58573
147.185.221.27:60199
147.185.221.27:60338
147.185.221.27:61136
147.185.221.27:63612
147.185.221.27:7252
147.185.221.27:7605
147.185.221.27:8888
147.185.221.27:9283
147.185.221.27:9893
147.185.221.27:9999
147.185.221.28:10537
147.185.221.2:5123
147.30.233.79:7000
147.45.78.193:9000
149.22.84.147:1255
15.235.154.205:1111
154.16.66.239:30121
154.201.68.225:7000
156.146.59.9:12975
156.146.59.9:9002
158.120.16.212:12975
16.ip.eu.ply.gg
167.160.91.250:1177
167.160.91.250:8080
174.89.92.252:5123
174.89.92.252:7000
176.100.37.238:7000
176.65.134.217:7011
176.65.134.56:1111
176.65.141.105:7232
176.65.142.234:1997
176.65.143.140:7232
176.65.144.26:7000
176.96.138.105:7000
176.97.210.4:999
178.173.236.10:7000
178.228.11.184:8090
18.192.14.241:9191
184.190.169.22:1989
185.196.8.50:7000
185.2.185.128:9000
185.208.156.210:7000
185.208.158.139:7000
185.241.208.97:7000
185.243.99.45:5000
185.254.97.125:7000
185.84.160.71:7000
191.101.51.5:7000
192.241.152.251:7000
192.3.101.149:3535
192.3.141.148:2020
192.3.141.148:4040
193.158.181.218:7000
193.161.193.99:14889
193.161.193.99:21764
193.161.193.99:24267
193.161.193.99:29924
193.161.193.99:33014
193.161.193.99:37612
193.161.193.99:49352
193.161.193.99:62551
193.161.193.99:64441
193.26.115.44:7000
194.59.30.200:1684
194.59.31.249:7000
194.59.31.36:7000
194.59.6.104:3334
194.67.193.36:7000
195.177.94.1:7000
195.177.94.22:6666
195.177.94.22:6969
195.177.94.6:7000
195.62.48.222:7000
195.88.218.126:40252
196.251.113.41:7000
196.251.115.101:5892
196.251.70.206:7000
196.251.80.109:6969
196.251.81.30:7000
196.251.84.191:1357
196.251.86.114:5050
196.251.92.5:1111
197.48.206.37:5505
198.23.219.24:5355
2.58.56.237:53
204.10.161.147:7081
206.119.52.249:6888
208.91.189.14:7000
209.38.129.48:7000
212.224.93.247:5605
216.219.83.116:7000
216.250.251.96:49916
217.195.153.81:50002
217.195.153.81:50004
217.195.153.81:50007
23.137.100.54:4281
23.84.85.170:1738
23.84.85.170:2311
23.95.63.196:7000
24.243.20.84:5383
24.243.20.84:59024
24.243.20.84:7000
25.13.127.84:12975
25.13.127.84:60382
25.13.127.84:62273
25.13.127.84:64629
25.13.127.84:64632
25.13.127.84:9002
26.51.16.201:45737
27.34.68.138:7070
3.17.160.56:7000
31.166.229.37:1252
31.57.97.8:3333
31.57.97.8:443
34.13.171.126:7000
37.1.210.16:5552
37.114.39.11:7777
37.235.156.47:1488
37.48.64.102:3960
38.49.42.212:80
38.68.49.121:7777
40.160.10.87:4291
41.250.150.18:9321
44.244.152.122:3989
45.125.216.17:7888
45.125.66.225:5290
45.133.251.174:9000
45.134.39.20:9000
45.137.201.27:2010
45.138.16.120:1298
45.138.16.71:1522
45.139.104.175:3703
45.141.215.33:7232
45.141.215.86:5823
45.141.215.87:7777
45.141.26.221:7000
45.141.27.117:1919
45.154.98.138:5938
45.154.98.79:9000
45.154.98.80:1604
45.201.0.219:1000
45.80.158.80:7000
45.88.91.14:2144
45.88.91.69:6969
46.197.220.52:1000
46.226.167.193:9000
46.8.194.222:4040
5.182.226.142:33991
50.158.201.249:4444
51.161.107.22:7000
51.79.203.148:1234
57.128.70.240:7000
61.69.170.155:1255
64.56.71.34:5000
67.207.161.237:1171
67.207.161.237:1177
67.207.161.237:1321
72.175.36.124:1212
74.12.129.6:7000
77.105.164.112:7000
77.83.242.113:2020
79.110.49.211:2727
80.46.100.166:2277
80.57.135.160:27137
80.57.135.160:4050
80.76.49.143:7546
80.76.49.172:6969
80.76.49.27:8891
80.76.49.30:420
80.76.49.46:1000
80.76.49.73:7542
80.85.154.131:2618
82.21.151.21:7000
82.23.183.50:8080
84.241.201.218:8090
84.67.89.127:7000
85.192.12.211:7000
85.203.4.241:7000
85.203.4.56:4444
86.110.169.38:1604
86.176.87.131:7000
87.121.79.75:7000
87.251.78.226:7000
89.117.49.234:4322
89.190.158.149:6666
89.190.158.16:443
89.23.100.148:4790
89.23.100.91:7174
89.39.121.169:9000
89.39.121.77:1497
90.243.213.4:7000
91.134.25.165:9001
91.202.25.209:5552
91.219.238.207:7000
92.119.178.3:52663
94.111.48.173:443
94.159.113.64:4411
94.26.90.81:6663
94.26.90.81:7771
94.26.90.81:7774
1231dasdsadasd-30978.portmap.io
127.0.0.1while-bishop.gl.at.ply.gg
2448-217-164-80-34.ngrok-free.app
3214r214r12412-50274.portmap.io
398whyfrufheutji-25824.portmap.host
9kbfitvdha-32409.portmap.io
hiraganadev-35044.portmap.host
plhotacepl-35143.portmap.io
a479-2603-8081-6a00-2328-1f9-4b54-9ee9-7461.ngrok-free.app
abaynda-26526.portmap.io
abayudna1-53489.portmap.host
abcdf.zapto.org
able-bt.gl.at.ply.gg
aboba2289091488-27481.portmap.io
activity-fraser.gl.at.ply.gg
activity-majority.gl.at.ply.gg
additional-sunset.gl.at.ply.gg
adsadsadsdasdasd-53010.portmap.io
adult-acquired.gl.at.ply.gg
agreement-uploaded.gl.at.ply.gg
al-attached.gl.at.ply.gg
albomboclat14881337.ddns.net
amazon-vegetarian.gl.at.ply.gg
american-escorts.gl.at.ply.gg
analysis-closure.gl.at.ply.gg
animal-adidas.gl.at.ply.gg
anongroup.duckdns.org
anonymoususer0101-42054.portmap.host
answer-enlargement.gl.at.ply.gg
anyad-60069.portmap.io
anyone-hardly.gl.at.ply.gg
anyone-their.gl.at.ply.gg
approach-af.gl.at.ply.gg
archives-yn.gl.at.ply.gg
areas-instrument.gl.at.ply.gg
as-ou.gl.at.ply.gg
assistance-arrangements.gl.at.ply.gg
associated-assessment.gl.at.ply.gg
australia-thehun.gl.at.ply.gg
authors-fitting.gl.at.ply.gg
availability-caution.gl.at.ply.gg
award-nz.gl.at.ply.gg
away-operates.gl.at.ply.gg
az-weights.gl.at.ply.gg
back-blogs.gl.at.ply.gg
background-estates.gl.at.ply.gg
bad-collector.gl.at.ply.gg
bad-motors.gl.at.ply.gg
bank-material.gl.at.ply.gg
base-see.gl.at.ply.gg
basic-continuity.gl.at.ply.gg
basis-gordon.gl.at.ply.gg
beautiful-exception.gl.at.ply.gg
because-deleted.gl.at.ply.gg
become-winners.gl.at.ply.gg
beginning-convenient.gl.at.ply.gg
better-starts.gl.at.ply.gg
bid-nova.gl.at.ply.gg
bin14.ydns.eu
bit-ring.gl.at.ply.gg
bixaji7275-24008.portmap.host
blog-inter.gl.at.ply.gg
blog-s.gl.at.ply.gg
bo56ab-21516.portmap.host
bo56ab-34628.portmap.host
bo56ab-45126.portmap.host
bobrohost.ddns.net
born-cultural.gl.at.ply.gg
bot2025.zapto.org
brand-freeware.gl.at.ply.gg
british-christine.gl.at.ply.gg
building-waves.gl.at.ply.gg
buinhatduy.duckdns.org
buinhatduy01.ddns.net
bush-jay.gl.at.ply.gg
business-door.gl.at.ply.gg
c-fortune.gl.at.ply.gg
c2.trollers.xyz
cable-inside.gl.at.ply.gg
cartomen-31558.portmap.host
cartomen-43567.portmap.host
centre-health.gl.at.ply.gg
centre-shake.gl.at.ply.gg
century-descriptions.gl.at.ply.gg
chat-poster.gl.at.ply.gg
china-fees.gl.at.ply.gg
china-limit.gl.at.ply.gg
christmas-correlation.gl.at.ply.gg
christmas-wendy.gl.at.ply.gg
church-converted.gl.at.ply.gg
city-impact.gl.at.ply.gg
click-vsnet.gl.at.ply.gg
clothing-contents.gl.at.ply.gg
club-request.gl.at.ply.gg
cmon2347-35906.portmap.io
com-additionally.gl.at.ply.gg
comments-championships.gl.at.ply.gg
common-interviews.gl.at.ply.gg
companies-eight.gl.at.ply.gg
companies-holdings.gl.at.ply.gg
compare-positioning.gl.at.ply.gg
computers-copied.gl.at.ply.gg
computers-opportunities.gl.at.ply.gg
consider-sensors.gl.at.ply.gg
copy-branches.gl.at.ply.gg
copy-love.gl.at.ply.gg
costs-cellular.gl.at.ply.gg
council-wars.gl.at.ply.gg
culture-collect.gl.at.ply.gg
d-flip.gl.at.ply.gg
daddy1621-37132.portmap.host
dane1c-30807.portmap.host
dark-wikipedia.gl.at.ply.gg
days-balance.gl.at.ply.gg
days-locations.gl.at.ply.gg
de-shopzilla.gl.at.ply.gg
deadbird8524-37163.portmap.io
defined-dx.gl.at.ply.gg
delivery-waiver.gl.at.ply.gg
design-shipped.gl.at.ply.gg
develop-oregon.gl.at.ply.gg
digital-powerful.gl.at.ply.gg
direct-accepting.gl.at.ply.gg
discussion-temp.gl.at.ply.gg
disease-tattoo.gl.at.ply.gg
distance-av.gl.at.ply.gg
distribution-rc.gl.at.ply.gg
dnsuo.ddns.net
do-sampling.gl.at.ply.gg
dokuru-32085.portmap.io
downloads-supplements.gl.at.ply.gg
dvd-washington.gl.at.ply.gg
e0c-154-178-139-119.ngrok-free.app
edit-obtaining.gl.at.ply.gg
education-platform.gl.at.ply.gg
effects-nfl.gl.at.ply.gg
electric-birds.gl.at.ply.gg
electronics-junk.gl.at.ply.gg
elias061010-46923.portmap.io
email-stronger.gl.at.ply.gg
employment-safari.gl.at.ply.gg
environment-greetings.gl.at.ply.gg
epicskillforge.com
especially-vegetables.gl.at.ply.gg
est-explore.gl.at.ply.gg
eur-norway.gl.at.ply.gg
even-angel.gl.at.ply.gg
evenkry75-23751.portmap.host
evidence-around.gl.at.ply.gg
exchange-grade.gl.at.ply.gg
expected-sega.gl.at.ply.gg
export1.duckdns.org
external-thanks.gl.at.ply.gg
face-projected.gl.at.ply.gg
fact-standings.gl.at.ply.gg
fanciful-gelato-78b95c.netlify.app
fastshopin-26131.portmap.io
father-deck.gl.at.ply.gg
feb-bit.gl.at.ply.gg
feko-42505.portmap.host
feylins-36255.portmap.host
field-alpha.gl.at.ply.gg
firsthiter-29408.portmap.host
fixed-stretch.gl.at.ply.gg
fixed-uh.gl.at.ply.gg
floor-steam.gl.at.ply.gg
flowers-christina.gl.at.ply.gg
flowers-discussing.gl.at.ply.gg
focus-burn.gl.at.ply.gg
focus-water.gl.at.ply.gg
for-org.gl.at.ply.gg
forum-management.gl.at.ply.gg
friend-paintball.gl.at.ply.gg
front-cad.gl.at.ply.gg
front-recommend.gl.at.ply.gg
fuckall11.zapto.org
fun-solomon.gl.at.ply.gg
function-orlando.gl.at.ply.gg
funds-zoning.gl.at.ply.gg
g574h9hd9.loseyourip.com
gallery-chevy.gl.at.ply.gg
garfield2-33988.portmap.io
garuda09.ddns.net
gas-representative.gl.at.ply.gg
gegesantx7.ddns.net
general-marriott.gl.at.ply.gg
girl-votes.gl.at.ply.gg
girls-res.gl.at.ply.gg
glebus666-49352.portmap.io
gmug.uncofig.com
goods-goods.gl.at.ply.gg
gousa-53644.portmap.io
group-linking.gl.at.ply.gg
hair-realtor.gl.at.ply.gg
half-started.gl.at.ply.gg
hall-pn.gl.at.ply.gg
have-inquiry.gl.at.ply.gg
he-tracks.gl.at.ply.gg
heart-essence.gl.at.ply.gg
hello1211-27655.portmap.host
homes-customized.gl.at.ply.gg
host-most.gl.at.ply.gg
hour-adidas.gl.at.ply.gg
hour-amplifier.gl.at.ply.gg
hours-rwanda.gl.at.ply.gg
however-canada.gl.at.ply.gg
hp-aggressive.gl.at.ply.gg
httpss.myvnc.com
httpss.ooguy.com
iemaiema-49611.portmap.host
il-greenhouse.gl.at.ply.gg
improve-volt.gl.at.ply.gg
inc-subdivision.gl.at.ply.gg
include-nose.gl.at.ply.gg
include-rim.gl.at.ply.gg
included-ram.gl.at.ply.gg
industrial-ll.gl.at.ply.gg
info-power.gl.at.ply.gg
insurance-browse.gl.at.ply.gg
insurance-favors.gl.at.ply.gg
internal-ending.gl.at.ply.gg
introduction-notre.gl.at.ply.gg
iraq-roses.gl.at.ply.gg
item-istanbul.gl.at.ply.gg
jameson1312313-49471.portmap.host
january-silence.gl.at.ply.gg
january-stored.gl.at.ply.gg
jersey-reviewer.gl.at.ply.gg
joined-coverage.gl.at.ply.gg
k-demonstrated.gl.at.ply.gg
kakaschkee-48307.portmap.io
keep-count.gl.at.ply.gg
kingsbkup1.ydns.eu
kirill121212-26976.portmap.host
kiwibobby-55937.portmap.io
klm22.zapto.org
kot4ikvuch-41573.portmap.io
ks-amk.ply.gg
ksadkaspwpqds.3utilities.com
kuknunumlu-25904.portmap.io
laleja4780-32500.portmap.host
larger-admission.gl.at.ply.gg
larger-blacks.gl.at.ply.gg
larger-pose.gl.at.ply.gg
left-exceptional.gl.at.ply.gg
leoleo707-33437.portmap.host
lin.yk99999.top
links-corpus.gl.at.ply.gg
loans-palace.gl.at.ply.gg
login-eye.gl.at.ply.gg
looking-brings.gl.at.ply.gg
looking-page.gl.at.ply.gg
love-illegal.gl.at.ply.gg
lukka-22869.portmap.host
lyrics-honor.gl.at.ply.gg
mac-visit.gl.at.ply.gg
major-europe.gl.at.ply.gg
management-entitled.gl.at.ply.gg
manufacturer-agencies.gl.at.ply.gg
many-bolivia.gl.at.ply.gg
mar9402xrw.duckdns.org
marc9402xrw.duckdns.org
marc9402xrww.duckdns.org
marcc9402xrwo.duckdns.org
march-amounts.gl.at.ply.gg
march9402xrwo.duckdns.org
markl.ddns.net
markmarko1978-25489.portmap.host
marrc9402xrwo.duckdns.org
martin-melbourne.gl.at.ply.gg
mary-manchester.gl.at.ply.gg
master-decor.gl.at.ply.gg
match-amounts.gl.at.ply.gg
mature-pressing.gl.at.ply.gg
maybe-nick.gl.at.ply.gg
me-loud.gl.at.ply.gg
me071949-22956.portmap.io
me98342-50929.portmap.host
media-triangle.gl.at.ply.gg
medicine-sports.gl.at.ply.gg
medo7as.duckdns.org
meet-germany.gl.at.ply.gg
mellowfishy-29478.portmap.host
men-tracking.gl.at.ply.gg
merkurez-64035.portmap.host
metherium-38960.portmap.host
metherium-57921.portmap.host
middle-regards.gl.at.ply.gg
mikey12325-48940.portmap.host
mikeykiller.ddns.net
min-telling.gl.at.ply.gg
minebot999-42830.portmap.host
minecraft.ieciqec.online
mnbjbh.com
mode-jerry.gl.at.ply.gg
month-bloomberg.gl.at.ply.gg
motorsport-pub.with.playit.plus
mounsir24-31804.portmap.host
moving-aims.gl.at.ply.gg
mrbean1-26210.portmap.io
mrn0name-46843.portmap.io
mrn0name-63570.portmap.host
mrxmrxking459-35024.portmap.host
my-yet.gl.at.ply.gg
najatif831-54659.portmap.host
nanai991-32051.portmap.io
nartixsxsxs.ddns.net
natural-steam.gl.at.ply.gg
near-obesity.gl.at.ply.gg
necessary-homepage.gl.at.ply.gg
necessary-sit.gl.at.ply.gg
neprobiesh-64818.portmap.host
neverdiedico.mypets.ws
newsletter-facility.gl.at.ply.gg
nitroxsenys-34948.portmap.host
non-bikes.gl.at.ply.gg
note-horizon.gl.at.ply.gg
nov-assumes.gl.at.ply.gg
numbers-probe.gl.at.ply.gg
nvdiemosole.broke-it.net
offers-discharge.gl.at.ply.gg
old-knight.gl.at.ply.gg
on-donors.gl.at.ply.gg
online-indian.gl.at.ply.gg
opportunities-limits.gl.at.ply.gg
opportunity-commitment.gl.at.ply.gg
or-city.gl.at.ply.gg
or-observed.gl.at.ply.gg
orders-nearby.gl.at.ply.gg
organization-host.gl.at.ply.gg
overview-force.at.ply.gg
owners-encryption.gl.at.ply.gg
paid-egypt.gl.at.ply.gg
panpoppo-25236.portmap.io
paper-again.gl.at.ply.gg
park-by.gl.at.ply.gg
partners-threads.gl.at.ply.gg
past-protected.gl.at.ply.gg
paxii-53773.portmap.host
payment-lunch.gl.at.ply.gg
paypal-korea.gl.at.ply.gg
pdfnmsal.freeddns.org
per-discount.gl.at.ply.gg
per-thanksgiving.gl.at.ply.gg
performance-coming.gl.at.ply.gg
phone-officer.gl.at.ply.gg
photos-translation.gl.at.ply.gg
php-saver.gl.at.ply.gg
picture-horn.gl.at.ply.gg
pictures-dealing.gl.at.ply.gg
pictures-replication.gl.at.ply.gg
pidoras123131-62949.portmap.host
pinis13f-46039.portmap.host
plant-ever.gl.at.ply.gg
players-retirement.gl.at.ply.gg
policy-native.gl.at.ply.gg
port-clone.gl.at.ply.gg
posts-creator.gl.at.ply.gg
potential-cia.gl.at.ply.gg
praisexenq-25483.portmap.host
present-wanna.gl.at.ply.gg
president-fuji.gl.at.ply.gg
prices-rats.gl.at.ply.gg
printer-lucky.gl.at.ply.gg
printer-refrigerator.gl.at.ply.gg
probably-giants.gl.at.ply.gg
products-badge.gl.at.ply.gg
programs-criticism.gl.at.ply.gg
property-send.gl.at.ply.gg
pu9sher-60638.portmap.host
puppyluv3r20091-62866.portmap.host
purchase-meat.gl.at.ply.gg
put-constant.gl.at.ply.gg
questions-when.gl.at.ply.gg
quotes-method.gl.at.ply.gg
r-exploring.gl.at.ply.gg
rated-worn.gl.at.ply.gg
rcraftstipaddrsrv17.duckdns.org
recently-distinguished.gl.at.ply.gg
record-mean.gl.at.ply.gg
red-ps.gl.at.ply.gg
register-resulting.gl.at.ply.gg
registration-ranger.gl.at.ply.gg
remember-gene.gl.at.ply.gg
rent-serial.gl.at.ply.gg
rentals-upgrade.gl.at.ply.gg
renzik-62271.portmap.host
republic-ambien.gl.at.ply.gg
republic-south.gl.at.ply.gg
request-busy.gl.at.ply.gg
required-algeria.gl.at.ply.gg
research-pour.gl.at.ply.gg
resources-sleeve.gl.at.ply.gg
results-denver.gl.at.ply.gg
reviews-respondent.gl.at.ply.gg
rexxontop-21196.portmap.io
right-lecture.gl.at.ply.gg
ring-staffing.gl.at.ply.gg
risk-illness.gl.at.ply.gg
road-suffer.gl.at.ply.gg
round-michael.gl.at.ply.gg
running-boating.gl.at.ply.gg
santifzm-51521.portmap.host
saw-painted.gl.at.ply.gg
say-bidding.gl.at.ply.gg
say-luxembourg.gl.at.ply.gg
say-mechanical.gl.at.ply.gg
schedule-considers.gl.at.ply.gg
search-prediction.gl.at.ply.gg
secure-whilst.gl.at.ply.gg
sekaira.duckdns.org
send-violations.gl.at.ply.gg
senior-bottles.gl.at.ply.gg
september-liverpool.gl.at.ply.gg
september-wireless.gl.at.ply.gg
sets-fatty.gl.at.ply.gg
sets-leather.gl.at.ply.gg
she-signals.gl.at.ply.gg
shopping-noted.gl.at.ply.gg
short-distances.gl.at.ply.gg
significant-washer.gl.at.ply.gg
similar-annotated.gl.at.ply.gg
since-vic.gl.at.ply.gg
site-gather.gl.at.ply.gg
slavisa-29163.portmap.io
smerttb-40118.portmap.host
smfcs1.ydns.eu
smfcs3.ydns.eu
smith-blind.gl.at.ply.gg
sound-kuwait.gl.at.ply.gg
sources-trap.gl.at.ply.gg
sowindresz-32912.portmap.host
spring-ieee.gl.at.ply.gg
ssa-gov-windows.us
startupsdata10.duckdns.org
state-commonwealth.gl.at.ply.gg
statuesque-praline-1be80d.netlify.app
stellar-gumption-ea9fd6.netlify.app
step-yr.gl.at.ply.gg
strategy-flexible.gl.at.ply.gg
street-aaron.gl.at.ply.gg
strong-wars.gl.at.ply.gg
stuff-spectacular.gl.at.ply.gg
sun-exterior.gl.at.ply.gg
super-crisis.gl.at.ply.gg
superaidol-42726.portmap.io
support-available.gl.at.ply.gg
systems-newer.gl.at.ply.gg
t-savings.gl.at.ply.gg
taking-oval.gl.at.ply.gg
team-yacht.gl.at.ply.gg
tech-charitable.gl.at.ply.gg
term-infrastructure.gl.at.ply.gg
test-calgary.gl.at.ply.gg
test-mineral.gl.at.ply.gg
testing-token.gl.at.ply.gg
texas-convention.gl.at.ply.gg
texas-websites.gl.at.ply.gg
thecoolboy123123-35227.portmap.host
think-hungarian.gl.at.ply.gg
third-gained.gl.at.ply.gg
through-necessary.gl.at.ply.gg
ticket90867-23675.portmap.host
tojdorx77bc9-36404.portmap.io
tr3xb1an-44771.portmap.host
trashy123-20554.portmap.host
travel-sellers.gl.at.ply.gg
treatment-judgment.gl.at.ply.gg
tree-tm.gl.at.ply.gg
trollers.xyz
trying-song.gl.at.ply.gg
tuesday-losses.gl.at.ply.gg
two-itunes.gl.at.ply.gg
types-reload.gl.at.ply.gg
typoi-53795.portmap.io
unit-wellness.gl.at.ply.gg
units-dispute.gl.at.ply.gg
unless-agreement.gl.at.ply.gg
unthinkable.ddns.net
unthinkable1.ddns.net
upon-hartford.gl.at.ply.gg
uses-royal.gl.at.ply.gg
vafob72392-38954.portmap.io
values-release.gl.at.ply.gg
vdtihjde7oo-57882.portmap.io
vehicle-numbers.gl.at.ply.gg
very-programming.gl.at.ply.gg
views-enables.gl.at.ply.gg
viniterov1-24267.portmap.host
visoxc-36626.portmap.host
visual-packs.gl.at.ply.gg
voice-pick.gl.at.ply.gg
w-gtk.gl.at.ply.gg
w-translations.gl.at.ply.gg
was-speech.gl.at.ply.gg
washedbrain0002-64745.portmap.io
washington-pix.gl.at.ply.gg
way-strategic.gl.at.ply.gg
werwa3rwe-31123.portmap.io
when-venture.gl.at.ply.gg
while-bishop.gl.at.ply.gg
win423.top
windows-std.gl.at.ply.gg
working-drain.gl.at.ply.gg
would-portland.gl.at.ply.gg
writing-adjustable.gl.at.ply.gg
written-read.gl.at.ply.gg
wrong-observations.gl.at.ply.gg
xakili2300-26390.portmap.host
xmen36917.duckdns.org
xofx.ddns.net
xrwor1111marc.duckdns.org
xv5600.duckdns.org
xxxjew-61335.portmap.io
xyxebet-37690.portmap.host
xyxebet-60479.portmap.host
yaxad-37531.portmap.host
yellow-animation.gl.at.ply.gg
yellow-improved.gl.at.ply.gg
york-beach.gl.at.ply.gg
your-properties.gl.at.ply.gg
yourself-medline.gl.at.ply.gg
zdwdwadzdwa-51598.portmap.io

# Reference: https://x.com/skocherhan/status/1919745596736286994
# Reference: https://www.virustotal.com/gui/file/4be8dc384e1e58a929eb988881a3479174c363f47326485e4e79cf16511b53dd/detection

91.134.25.165:9000
zakkhanhomes.info
dirs.zakkhanhomes.info

# Reference: https://x.com/byrne_emmy12099/status/1920473640216285400
# Reference: https://www.virustotal.com/gui/file/813fb31a1e536d840d02583013fc16e7f81b960560fe9637851ea8b15978aa32/detection
# Reference: https://www.virustotal.com/gui/file/064bff65cd807be6570ecf5fafa486c59048b0f294b82af3e47bd9d3eac274c8/detection

http://31.58.169.110
31.58.169.110:7000

# Reference: https://x.com/skocherhan/status/1920665359490650421
# Reference: https://www.virustotal.com/gui/file/a1f6e88d88b70aa9a76033732dc159475e06a2cb50af2f4a68de6f8a644cab27/detection

36.50.135.167:5552

# Reference: https://x.com/rst_cloud/status/1921735230609661984
# Reference: https://www.morphisec.com/blog/new-noodlophile-stealer-fake-ai-video-generation-platforms/
# Reference: https://www.virustotal.com/gui/file/22c944563f02e9d2f1b035a0caa88d75661e59f9fbbbb2aae7291b196ea7d7cc/detection
# Reference: https://www.virustotal.com/gui/file/e04ada6271080f956f2fd7fe3b7bd8e818f6e997291467759ab08d05ccfb879b/detection
# Reference: https://www.virustotal.com/gui/file/e17c97744edfe90a54f77bd5c99c9652407881508acb4a1438cae0305c0fe30d/detection

103.232.54.13:25902
lumi.viewdns.net

# Reference: https://x.com/skocherhan/status/1923182388290445507
# Reference: https://www.virustotal.com/gui/file/795ca6d3915c335981d3b4b4d95a60c513e8b2f93f346bccd31938bb6cec454b/detection
# Reference: https://www.virustotal.com/gui/file/ef723a98f3c010484e8336c36e581a4ab2f767cc99db0ae26fcd54eb5ca4dd7e/detection

192.121.245.103:61292
192.121.245.8:61292
abdou54.ddns.net

# Reference: https://x.com/skocherhan/status/1924552339542642816
# Reference: https://www.virustotal.com/gui/file/6b3986793b6739ffd81299b50790615c812df04565c7acfa86c0802a4242e3d5/detection

196.251.80.4:4999
my-security-dashboard.com
usaa.my-security-dashboard.com

# Reference: https://x.com/skocherhan/status/1924968460834013547

147.185.221.27:33512
147.185.221.27:58977
dayzcheatcheck.online
allows-accomplish.gl.at.ply.gg
remove-aerospace.gl.at.ply.gg
/nbpxworm.php

# Reference: https://tria.ge/250521-2nva6ael6y/behavioral1

147.185.221.20:56274
pressure-creates.gl.at.ply.gg

# Reference: https://x.com/JAMESWT_WT/status/1928014587770671542
# Reference: https://x.com/JAMESWT_WT/status/1928014590492766422
# Reference: https://x.com/skocherhan/status/1928019472025084209
# Reference: https://x.com/Jane_0sint/status/1927835622217027735
# Reference: https://app.any.run/tasks/eb8770f8-47d1-41ac-8591-6887fcd3081c
# Reference: https://www.virustotal.com/gui/file/16ee20815e1320cc256e9a9fd22108613ddc06f773a0981197c8dbfdb0f064f2/detection

archivep75mbjunhxc6x4j5mwjmomyxb573v42baldlqu56ruil2oiad.onion
javascriptplugin.com
javascriptplugin.lovestoblog.com
rivalohelp.zendesk.com

# Reference: https://x.com/blackorbird/status/1927989991226986916
# Reference: https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites
# Reference: https://www.virustotal.com/gui/file/c6400d90645e9791eef222fc1e6dface5fffd90e7548fbcb5145439a1fda2f19/detection
# Reference: https://www.virustotal.com/gui/file/a9f31f333944279231175313eda11198f43547ea2cbad3e4e580c78febdc6e9b/detection
# Reference: https://www.virustotal.com/gui/file/a0e75bd0b0fa0174566029d0e50875534c2fcc5ba982bd539bdeff506cae32d3/detection
# Reference: https://www.virustotal.com/gui/file/1a037da4103e38ff95cb0008a5e38fd6a8e7df5bc8e2d44e496b7a5909ddebeb/detection

101.99.91.138:25699
101.99.91.33:25699
172.86.82.124:25699
artisanaqua.ddnsking.com

# Reference: https://x.com/K_N1kolenko/status/1928392107787526391

103.82.23.218:7000
107.148.151.140:7000
172.245.21.144:1437
185.177.239.137:7000
192.159.99.123:7000

# Generic

/XWorm%20V3.1/
/XWorm%20V3.1.7z
/XWorm%20V5.4rar
/Xworm-V5.6/
/XClient.exe
