# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: VizaviBot, L3mon # Reference: https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/ radiobalouch.com /Debugging/process/process/resolving/system/ReadAllTracks.php # Reference: https://twitter.com/LukasStefanko/status/1244584890361839616 193.161.193.99:27229 # Reference: https://twitter.com/malwrhunterteam/status/1262415009419874305 tryanotherhorse.com # Reference: https://www.virustotal.com/gui/file/675f5f887a66d21ea0d314e359f97ba9caa5d04436ef904deeaeaa4c83f06018/detection 95.8.94.174:4000 bhblack.duckdns.org # Reference: https://twitter.com/malwrhunterteam/status/1263081748482723840 95.8.94.174:4444 # Reference: https://twitter.com/malwrhunterteam/status/1265733202674581507 turktelekom-bilgilendirme.com # Reference: https://blacklist.cyberthreatcoalition.org/vetted/url.txt ahmyth.ddnsking.com # Reference: https://twitter.com/malwrhunterteam/status/1297073202024325120 zebraking.ddnsking.com # Reference: https://www.virustotal.com/gui/file/b039f0ab2a62a5e1f42c5c0f1d34fc247cb6c0fa65ce33629fccbd28b1d0d064/detection 193.161.193.99:38442 c0cf28ed20-51369.portmap.host # Reference: https://twitter.com/malwrhunterteam/status/1305940469927550977 maladiescoronavirus.com # Reference: https://twitter.com/LukasStefanko/status/1306143556281737217 176.31.193.59:22222 tweensangoma.servebbs.com # Reference: https://www.virustotal.com/gui/file/82b49c84601b36ae1dc7d3056b33bb58716551e85c006354e030d0dc8f6059a2/detection 193.161.193.99:49487 # Reference: https://twitter.com/malwaretracekr/status/1304189932055834624 # Reference: https://www.virustotal.com/gui/file/6a1bb59bd1faa3dbca7df51eb6b265b0fd2b5220d99a5befb2a0aabdb9a946da/detection /nhsave.apk /pentapp.apk # Reference: https://twitter.com/malwrhunterteam/status/1309567899649138689 /GBWhatsapp.apk # Reference: https://twitter.com/malwrhunterteam/status/1317395859726807040 # Reference: https://twitter.com/bl4ckh0l3z/status/1318126608226582529 # Reference: https://www.virustotal.com/gui/file/00ee72e69290217f5e6977750a873887e8a9ab91d7f91a3004c9d04148ec28b5/detection # Reference: https://www.virustotal.com/gui/ip-address/85.10.199.40/relations 213.230.90.191:3232 85.10.199.40:80 # Reference: https://twitter.com/malwrhunterteam/status/1328391739523141640 # Reference: https://twitter.com/bl4ckh0l3z/status/1329082787723317250 http://118.167.70.214 http://123.253.110.27 123.253.110.27:8662 123.253.110.27:8889 /kbcapital.apk # Reference: https://twitter.com/malwrhunterteam/status/1329353263498596352 http://114.43.113.63 http://123.253.109.211 /woori.apk # Reference: https://www.virustotal.com/gui/file/deb4098d86440e52832eb6f17b38cb2c82e50e9f6de21819e61b0ada5189bbe9/detection # Reference: https://twitter.com/bl4ckh0l3z/status/1329437919162081282 122.10.114.159:1234 /Aarogya%20Setu_v1.4.1-ok_sign.apk # Reference: https://twitter.com/malwrhunterteam/status/1332421014886752262 # Reference: https://www.virustotal.com/gui/file/9550de103b11a99e2ff9551a99e61001ab33d86b86baf76a3265e1a30c2d8493/detection http://45.143.93.59 /HDLiveWallpaper.apk # Reference: https://twitter.com/malwrhunterteam/status/1333506610245885960 # Reference: https://twitter.com/bl4ckh0l3z/status/1333742182466023425 # Reference: https://www.virustotal.com/gui/file/8b9ba90a1c7758714e68333c9541cf9fd99b368d0e3df62e91b003af60311047/detection 123.253.110.74:7272 123.253.110.74:8889 http://61.228.224.127 # Reference: https://twitter.com/malwrhunterteam/status/1334126697462030337 # Reference: https://twitter.com/malwrhunterteam/status/1351868441402118147 # Reference: https://twitter.com/malwrhunterteam/status/1356668707062353924 # Reference: https://twitter.com/bl4ckh0l3z/status/1334164150763851781 # Reference: https://twitter.com/bl4ckh0l3z/status/1352927204372586496 # Reference: https://twitter.com/bl4ckh0l3z/status/1352927832754843652 # Reference: https://www.virustotal.com/gui/file/f155131f21cb1fbabc5e1d4e29858caea240bc30a38826ce0671c27eb231cb0b/detection # Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection # Reference: https://www.virustotal.com/gui/file/cd361f4f5cfd28c11a9e305f841cc173a04911fbf37ef8cad798a37a4ebe2a69/detection # Reference: https://www.virustotal.com/gui/file/b1cf84700e37ff608ea0ebd179dc6909ad48f0a68031ac88d276ad334d7c0f39/detection http://178.132.3.230 178.132.3.230:5987 iwillsecureyou.com myabcxyz.ddns.net obs1.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1344989314409754625 # Reference: https://twitter.com/bl4ckh0l3z/status/1345446556003143681 # Reference: https://www.virustotal.com/gui/file/6d1a8a655b62220ba415b06e34a7a7970fe745074d83608fadc57fc0c22fe3a7/detection 93.115.28.37:42474 pigeonmessenger.app # Reference: https://twitter.com/malwrhunterteam/status/1349329349380550656 # Reference: https://www.virustotal.com/gui/domain/umengs.sanxikou.cc/relations # Reference: https://www.virustotal.com/gui/file/d0f36b9a19cee045c79af58d58b24dcab3850dfd21d1079920ac6f1e8554666e/detection 47.240.50.196:42474 47.91.170.222:42474 umengs.sanxikou.cc # Reference: https://www.virustotal.com/gui/file/209998484f18f69fe608d658b9f5c8afdb4530308ddcf06b20703a764d89e7d1/detection http://103.93.79.32 103.93.79.32:9000 # Reference: https://twitter.com/sysk1ll3r/status/1371567150704525316 # Reference: https://github.com/CYB3RMX/MalwareAnalysis101/blob/master/Android/Kbank/ReportKbank.txt 103.159.80.61:8700 # Reference: https://www.virustotal.com/gui/domain/crayzzik.ddns.net/relations # Reference: https://www.virustotal.com/gui/file/99949dfcbcf839e50ed3aa42ebdbf2d3aa1b26847eef8bff7cdbd5f7bcb30614/detection crayzzik.ddns.net # Reference: https://www.virustotal.com/gui/file/f941fae5480184428b3724bef1bd2fafd4d8c959ba831563d6877f09e6426b36/detection 193.161.193.99:51805 # Reference: https://www.virustotal.com/gui/file/3a998217822cc5db7d6540f6d1cc907400a97c55d397438e05a14539a299f8c9/detection 176.9.70.180:22222 dihavnewapp.xyz # Reference: https://www.virustotal.com/gui/file/8c99919e6837d693f7cbd1cb8f6fe4d354dd28d1a9864cd898934cb6dccb1d59/detection 193.161.193.99:37614 cheeta-37614.portmap.host # Reference: https://www.virustotal.com/gui/file/f90ac69c7817cd7164c03f3b78f03045bb6a3ebb6d2c4f01b36387cb3e5ca37b/detection 108.61.210.74:1166 185.141.62.35:1166 208.101.60.87:1166 213.244.123.150:1166 66.220.147.44:1166 93.115.28.195:1166 scr.selfip.net # Reference: https://www.virustotal.com/gui/file/4a7eea45ace28678e0fabb77196d9845eeb80e675006ca4b58a5fe6e360c3e7d/detection 3.130.209.29:21572 # Reference: https://twitter.com/malwrhunterteam/status/1481236472061743104 # Reference: https://twitter.com/LukasStefanko/status/1481960668186226695 # Reference: https://www.virustotal.com/gui/file/3db0d587001285f306fbdd73d29ad62ee826a0c27585ebaaf1d993504fdacc5f/detection chitchat.ngrok.io wetalk.ngrok.io # Reference: https://twitter.com/malwrhunterteam/status/1484835454985850882 # Reference: https://www.virustotal.com/gui/file/c351bf2fa876cefe5fb8d6e6f5764364456f3fa89eef83d3743bd1702fffefd9/detection 195.58.38.192:22222 # Reference: https://www.virustotal.com/gui/file/d4ab7d2f4ba6875f149f4168646aa73f6fbd33479d32b34e5a31c72da73b382d/detection 206.189.80.59:22964 # Reference: https://twitter.com/malwrhunterteam/status/1496800388321722370 # Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection robertapollysexy.com # Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection androidrapido.com # Reference: https://www.virustotal.com/gui/file/2d7d3de64cd33f74e337c50855353506c3a45971e003f98fc137d5df62d9369b/detection 3.141.142.211:12098 # Reference: https://www.virustotal.com/gui/file/ddc9d251af6e67bce5f95065a1d49dd85bde2b2cc177c12cf36abdbfa1907d87/detection 193.161.193.99:48147 yourboss-48147.portmap.io # Reference: https://www.virustotal.com/gui/file/be3341e32f700d6eb86540c1b4bf864b9a0da006bb56a97aa891d5be081d9046/detection o731193.ingest.sentry.io # Reference: https://twitter.com/malwrhunterteam/status/1574465208340418575 # Reference: https://www.virustotal.com/gui/ip-address/185.136.162.238/relations # Reference: https://www.virustotal.com/gui/file/49c8539b26c8c7134e2ee14688eb14410690d748e4a3c105d8722f3a8983013c/detection 185.136.162.238:9108 appreviewhelper.com chatindian.xyz beautynaturali.ddns.net server-chat1.chatindian.xyz # Reference: https://twitter.com/malwrhunterteam/status/1581003205516722176 # Reference: https://www.virustotal.com/gui/file/fb40823417fabe77dda51d836c8b69699e14c528468b50aef6c917810ae02098/detection 172.104.187.113:8092 miya3jh1z.xyz c9dz99.miya3jh1z.xyz # Reference: https://twitter.com/malwrhunterteam/status/1590070110240538627 # Reference: https://www.virustotal.com/gui/file/06a253cddba6ac9686939527075e2235b7741ea6903349d86a1a33543af7fcfa/detection letchitchat.info # Reference: https://twitter.com/ReBensk/status/1622580063664472064 # Reference: https://www.virustotal.com/gui/file/1c6fa481ca4c332228be0e183e700e97febc1af6c90d07609514184434d2d70a/detection 43.204.187.172:500 hiddenpirates.com forward.hiddenpirates.com # Reference: https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ # Reference: https://www.virustotal.com/gui/file/dcec293ce8daf454170b6bbb95d4ac6c70c943b40673ef4f225b96abc003093e/detection # Reference: https://www.virustotal.com/gui/file/aa06b4f63fb8037e1f57a063f6a6b5fbe4615247458433c578644628e54a4216/detection # Reference: https://www.virustotal.com/gui/file/0e88140c921493b587adcba8a586f289bedca8517c069cc8c7fbce21206453d8/detection # Reference: https://www.virustotal.com/gui/file/0e88140c921493b587adcba8a586f289bedca8517c069cc8c7fbce21206453d8/detection 13.215.7.130:22222 13.228.247.118:22222 149.28.142.29:8085 80876dd5.shop order.80876dd5.shop video-maker.ddns.net # Reference: https://twitter.com/malwrhunterteam/status/1678864160635904000 # Reference: https://www.virustotal.com/gui/file/fe8658e2f2481671b689f53d341f45b06351bd2104afa7ed58a147923d36bf5a/detection aichats.shop # Reference: https://twitter.com/malwrhunterteam/status/1688651241922920449 # Reference: https://www.virustotal.com/gui/file/25adacf654c3c0fb99ae8dcdb50abbac335163a61d4708c05eab787a9791914b/detection # Reference: https://www.virustotal.com/gui/file/70479e67efb9dc2f630410d87e8b8c62be879f16cb5623db3967a6b49b4f6ed3/detection 185.136.162.238:56798 exclusivestore.in server.chatindian.xyz # Reference: https://twitter.com/RustyNoob619/status/1694022693014712377 # Note: censys.io request: (services.http.response.html_title="L3MON Manager") and services.port=`22533` 103.146.202.41:22533 123.60.143.74:22533 124.70.52.134:22533 13.232.81.83:22533 13.234.245.217:22533 138.3.244.157:22533 138.68.144.100:22533 139.59.7.66:22533 141.144.230.252:22533 144.91.106.189:22533 156.67.208.71:22533 157.230.203.142:22533 161.35.56.10:22533 161.97.152.170:22533 164.92.112.142:22533 167.71.18.99:22533 172.104.236.174:22533 172.104.238.185:22533 172.105.246.70:22533 178.250.246.46:22533 18.139.227.135:22533 18.236.82.135:22533 185.17.144.140:22533 185.208.172.225:22533 188.166.160.193:22533 195.123.212.30:22533 195.211.101.219:22533 206.81.7.25:22533 207.246.114.52:22533 209.58.169.94:22533 3.0.97.175:22533 3.142.246.136:22533 3.211.28.243:22533 3.91.220.81:22533 34.251.151.96:22533 43.156.240.185:22533 43.204.149.24:22533 43.240.224.206:22533 45.149.187.61:22533 47.108.249.177:22533 47.254.244.11:22533 47.63.166.22:22533 54.169.201.111:22533 54.237.80.247:22533 54.37.139.152:22533 65.0.18.71:22533 65.1.3.80:22533 65.108.61.91:22533 68.183.131.1:22533 82.146.49.131:22533 88.198.152.124:22533 91.191.147.97:22533 # Reference: https://threatfox.abuse.ch/browse/tag/L3MON/ http://144.24.156.3 http://161.97.102.40 http://34.251.151.96 http://54.200.196.104 110.50.87.237:85 122.165.225.42:22555 128.140.80.159:22533 128.199.111.140:22333 139.162.30.197:22533 157.245.23.86:22533 157.245.23.86:22535 158.101.25.78:443 158.101.25.78:9000 159.203.16.141:22533 161.97.102.40:22533 167.71.139.50:22533 170.187.226.247:22533 172.233.82.22:22533 173.254.240.26:22533 173.254.240.26:443 178.128.31.16:3001 184.169.216.66:443 184.75.254.203:22533 188.166.160.193:22535 189.169.129.114:22533 20.102.192.219:22533 20.117.108.93:22533 20.122.16.244:22533 200.54.37.90:22533 207.246.114.52:443 209.250.254.13:22533 213.136.73.171:22533 3.22.132.176:22533 45.79.237.45:21533 51.77.159.52:22533 54.255.204.248:22533 82.176.77.143:22733 db.nya.lat host.md-faisal.com l3mon.emilemilchen.de md-faisal.com moodle1.feja111.de nontonlah.site nya.lat srv001e.feja111.de zoonux.nontonlah.site # Reference: https://www.virustotal.com/gui/file/23d4cd610194c825dc926fe5e84e6d5c999d25b6bbd766d19b543ee18160245c/detection # Reference: https://www.virustotal.com/gui/file/d058774436ddef427174561ff235be10207f7804d9e185a484849d0cb2267985/detection 00x19.hopto.org # Reference: https://twitter.com/ShilpeshTrivedi/status/1726114982570651870 # Reference: https://www.virustotal.com/gui/file/601637fa23a28872bf48a9e441e35be2acc5f99a6a4d64ea9eaa6fe89aa115d5/detection # Reference: https://www.virustotal.com/gui/file/c8772f743faa1c33fbe1ecc966cc52669115470734fdd54874dde774b35c1979/detection # Reference: https://www.virustotal.com/gui/file/83a9f69242ef8bc5484c3724dee9399a185fee69b3a8538d3d05e1ab74202e96/detection # Reference: https://www.virustotal.com/gui/file/601637fa23a28872bf48a9e441e35be2acc5f99a6a4d64ea9eaa6fe89aa115d5/detection 142.4.102.7:8092 k7hu3a.top c91phchat.k7hu3a.top # Reference: https://twitter.com/karol_paciorek/status/1729070903936565401 # Reference: https://tria.ge/231127-k9kkeafe96/static1 122.144.6.226:4782 # Reference: https://www.virustotal.com/gui/file/88736218aa4249a8f2964ff8d55105eb69bb0549eddc849c70c6b10e4951ae60/detection 197.0.122.231:1122 updatt.publicvm.com # Reference: https://twitter.com/karol_paciorek/status/1750481398626947286 91.245.44.46:4446 91.245.44.46:81 # Reference: https://www.virustotal.com/gui/file/20ed03b4ef00bd5ea698568e1a5968825dbba032169027b4a13ad4a783eb316f/detection 46.246.98.161:6000 # Reference: https://twitter.com/banthisguy9349/status/1756398753081143615 # Reference: https://www.virustotal.com/gui/file/76fa625d0ce6ad454d44541fad76438f5fdc9311b7327b85b742454e2b1dd3d9/detection http://45.86.163.142 212.83.61.197:22222 45.86.163.142:22533 # Reference: https://twitter.com/malwrhunterteam/status/1775570507976306713 # Reference: https://www.virustotal.com/gui/file/8509cd3cada43f74b8b9a65719bd4f7c24efb605ae35369508ea35ea0fe53689/detection 18.220.222.33:28213 3.130.209.29:28213 phpdownload.ngrok.io # Reference: https://www.virustotal.com/gui/file/e91632459ff0d51d26b252abff714ddfead9640db3b1f27f68691098aa405adc/detection 191.96.225.117:22222 # Reference: https://www.virustotal.com/gui/file/a531c100e710cf93ec06a5f6cabbab9ec16781ec13e817e7e7e993bd731b3dfe/detection 3.23.182.29:28213 # Reference: https://www.virustotal.com/gui/file/a292336facd58d89b4054b146b7b0f026265cf5c703effaa08f4658ede8710b0/detection # Reference: https://www.virustotal.com/gui/file/f888f5d58f151f1c0ad3f55bf85f4b772a57ed85e9d2d6342245a3d0ac3531e5/detection 18.220.222.33:28213 3.130.209.29:28213 3.131.123.134:28213 3.23.182.29:28213 # Reference: https://twitter.com/banthisguy9349/status/1786315751189627088 # Reference: https://www.virustotal.com/gui/file/c3292950fef6f98574e95b4a1909d04b6c9599368ec3ae8bfa5c9f68c8c1d104/detection http://20.15.225.122 http://43.204.230.44 144.91.106.189:5693 212.227.241.124:22533 # Reference: https://x.com/malwrhunterteam/status/1796248266176348241 # Reference: https://www.virustotal.com/gui/file/e587e03e0cd461c0bb39242cafe11ea8a326457363f87b56a0b926ffdfced5d8/detection 3.6.115.64:18928 3.6.122.107:18928 3.6.30.85:18928 # Reference: https://www.virustotal.com/gui/file/e80a759719c397bbcce7408ab9d26a8089c35c873ecbba2922ac54329ce8defd/detection 89.47.160.244:23 # Reference: https://threatfox.abuse.ch/browse/tag/L3MON/ (# 2024-08-10) http://64.227.190.73 193.47.46.10:4433 207.180.223.109:22522 78.141.216.219:22533 lemon.haryadi.my.id mail.mirpurpac.com # Reference: https://threatfox.abuse.ch/browse/tag/L3MON/ (# 2024-08-18) http://188.227.74.5 136.243.243.33:22222 14.170.216.223:22533 51.20.2.165:3000 # Reference: https://www.virustotal.com/gui/file/2b62153c7b521049da195360f2b1669aa05d3a3f0ab1223de5ca539476e77d1d/detection 216.83.41.170:8092 cnasa.nasa6.com # Reference: https://x.com/malwrhunterteam/status/1861168455115841875 # Reference: https://x.com/midnight_comms/status/1863061794711024066 # Reference: https://www.virustotal.com/gui/file/ae1090dd954a6167e6fad3071c2b7fafb5afa7ab5d2c2c2c0966647523aa9bbc/detection http://173.208.142.79 173.208.142.79:5128 173.208.142.79:9108 myfiles.homes # Reference: https://x.com/banthisguy9349/status/1865050260994773073 # Reference: https://urlhaus.abuse.ch/browse/tag/L3mon/ (# 2024-12-07) http://139.59.55.116 http://207.246.114.52 http://64.227.131.111 103.230.121.243:22533 198.199.74.62:22533 3.106.41.21:22533 # Reference: https://www.virustotal.com/gui/file/25736ce23b6b6c1844fdc4896627ce67c7d81455c438fa8284f619b0e09ff69d/detection # Reference: https://www.virustotal.com/gui/file/dc2998d4fd1f5efcd910d7d11ae1ed73e158d6dec801fb968a34dca75d205562/detection # Reference: https://www.virustotal.com/gui/file/708ad22228e9690b127201b1ec7e7ffc942b92b83d3f3c2391bb20906ce343a5/detection 23.158.232.33:5715 b1upxpt.localto.net # Reference: https://www.virustotal.com/gui/file/f2d7bbf408702addd766ae6ebbe94fa1f3b5a4a25a52c726e36f35c40f5e8b27/detection 37.27.220.239:7543 mskqizcno.localto.net # Reference: https://www.virustotal.com/gui/file/f2d7bbf408702addd766ae6ebbe94fa1f3b5a4a25a52c726e36f35c40f5e8b27/detection 94.136.188.113:3596 o24kjcv.localto.net # Reference: https://www.virustotal.com/gui/file/d4debf4e8e415e57c7122e8ade40aafe4fb2353036122baba24d0859d6ac611e/detection 37.27.220.239:8275 sm1yobedu.localto.net # Reference: https://www.virustotal.com/gui/file/d145f6ff2debd6c97e7e144f1de339fb563b6c58c5881405693664725c996e21/detection 94.136.188.113:3477 in3.localto.net # Reference: https://www.virustotal.com/gui/file/ac32d11ba327cbf8cd3dabf6420a259b79a11266cfeca98c1ba97700d0592fb1/detection 194.233.93.236:6581 sg5.localto.net # Reference: https://www.virustotal.com/gui/file/a7fb6855c2a8954851fbf60b38fde214d3e06d5c3977ec065e5eb79423ef0506/detection 94.136.188.113:3809 # Reference: https://www.virustotal.com/gui/file/a729f91a1bc0315cda44708a6981d895a3d375df157efefd59e499055a722f8f/detection 129.159.229.61:2029 in1.localto.net # Reference: https://www.virustotal.com/gui/file/a3191d20dc2b18d5f04f9c4278eb20de7be666dea7325893296568d6f2f65f88/detection 144.24.139.70:4424 l4hdhrd.localto.net # Reference: https://www.virustotal.com/gui/file/a2435be4f18cc290b853f6cbeb84143d22b4ead1ebd34f94d287900935a2d25f/detection 209.126.80.197:8438 us4.localto.net # Reference: https://www.virustotal.com/gui/file/97c7e314dd7a7ba86175ba071dad2e8a1d4f6d23a3f53c26e5222691095c9dd7/detection 94.136.188.113:1398 # Reference: https://www.virustotal.com/gui/file/9210fd61ad5f29c67547a70b885edffb46b106d64e0257cf436d8b0c033f7cca/detection 209.126.80.197:4705 us4.localto.net # Reference: https://www.virustotal.com/gui/file/8b1688903520fe225ec1027f7ae9e26e4aab245ceb62c3d59e66f59264f5e61b/detection 80.190.85.84:5080 uk1.localto.net # Reference: https://www.virustotal.com/gui/file/88660ac88815cb492b6d5729a150d8920e2695c83046ae64fce15c9c739c9afe/detection 185.141.35.22:6890 tr3.localto.net # Reference: https://www.virustotal.com/gui/file/773f247cfa3c99f60d858de72070cb7b1d64c0550a779e2e0654c06998f6761a/detection 129.151.142.36:8940 6n2esjp.localto.net # Reference: https://www.virustotal.com/gui/file/69c297a8afd11011807ab3c2a4b9c1c8ccfef34be083386b35f1e202c5d5dfda/detection 37.27.220.239:6168 sm1yobedu.localto.net # Reference: https://www.virustotal.com/gui/file/3f6215a313e3ef7b3b16a2dc32cdadf44f8d97c6709a0c72caeae8a21f3d9459/detection # Reference: https://www.virustotal.com/gui/file/58b2c1563319d953e26a95b7d1f7857e2d1f545dd896e394f88a2f3c62aedaec/detection 80.190.85.84:5793 # Reference: https://www.virustotal.com/gui/file/41de077029fcbf2eac886f41dadab3706adb326f08baca0abba22f3b1dd17425/detection 194.233.93.236:7219 # Reference: https://www.virustotal.com/gui/file/3b32d440d9327450776b18f0305ae674bd6cdca34c34b5523345f94b22636023/detection 194.233.93.236:3965 # Reference: https://www.virustotal.com/gui/file/051f88c2bf6f0097b3b1b0964a8f09673982646fc569e3b1d4689787575cd23b/detection 194.233.93.236:6666 # Reference: https://x.com/skocherhan/status/1893291986519572789 # Reference: https://app.validin.com/detail?find=L3MON%20Manager&type=raw&ref_id=240cc7bba4c#tab=host_pairs (# 2025-02-22) http://103.61.224.224 http://105.96.237.247 http://146.56.51.149 http://165.154.213.90 http://167.99.133.236 http://195.230.22.20 http://195.35.36.215 http://68.183.82.193 http://80.225.221.151 http://90.188.90.39 195.230.22.20:90 dailycheapdeals.com l3mon.dailycheapdeals.com ecwowk4g0co4kwo4s8k4gw4k.195.35.36.215.sslip.io nxts.eu.org rnv.nxts.eu.org # Generic /pgb9umnsh_m1pgb9umn.html # APK /AF_News.apk /AVATRADE_APP.apk /build.s.apk /ChatinIncognito.apk /ROCKFORT_APP.apk /Pigeon_Messenger.apk /whatsapplite.apk