# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: shadowhammer, shadowpad, apt41, apt-c-41, double dragon, earth baku, earth baxia, lowkey, AXIOMATICASYMPTOTE, RedEcho, xianggang, eagerbee, toughprogress, ta415, voldemort # Reference: https://securelist.com/operation-shadowhammer/89992/ asushotfix.com # Reference: https://twitter.com/ydklijnsma/status/1110220766778286080 # Reference: https://twitter.com/ydklijnsma/status/1110189880313692160 homeabcd.com simplexoj.com # Reference: https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/ 103.19.3.17:443 103.19.3.43:443 103.19.3.44:443 103.19.3.44:1194 117.16.142.9:443 23.236.77.175:443 23.236.77.177:443 infestexe.com # Reference: https://content.fireeye.com/apt-41/rpt-apt41 # Reference: https://otx.alienvault.com/pulse/5d4ae9f31ae8a479422a17ab agegamepay.com ageofwuxia.com ageofwuxia.info ageofwuxia.net ageofwuxia.org bugcheck.xigncodeservice.com byeserver.com dnsgogle.com gamewushu.com gxxservice.com ibmupdate.com infestexe.com kasparsky.net linux-update.net macfee.ga micros0ff.com micros0tf.com notped.com operatingbox.com paniesx.com serverbye.com sexyjapan.ddns.info symanteclabs.com techniciantext.com win7update.net # Reference: https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html # Reference: https://www.virustotal.com/gui/ip-address/67.229.97.229/relations http://67.229.97.229 67.229.97.229:5985 67.229.97.229:9999 # Reference: https://www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html # Reference: https://www.welivesecurity.com/2019/10/14/connecting-dots-exposing-arsenal-methods-winnti/ # Reference: https://otx.alienvault.com/pulse/5da5eaab4516e8056a6d59fb checkin.travelsanignacio.com # Reference: https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html # Reference: https://otx.alienvault.com/pulse/5e7b4a11d552fbcfce6c314d # Reference: https://twitter.com/sysgoblin/status/1237054973579583489 (# CVE-2020-10189) http://66.42.98.220 http://91.208.184.78 66.42.98.220:12345 74.82.201.8:12345 91.208.184.78:443 accounts.longmusic.com dylerays.tk exchange.dumb1.com # Reference: https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/ # Reference: https://otx.alienvault.com/pulse/5e95c0d3d12068d29f538338 # Reference: https://www.virustotal.com/gui/ip-address/66.42.98.220/relations http://66.42.98.220 66.42.98.220:12345 119.28.139.20:443 alibaba.zzux.com exchange.longmusic.com # Reference: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/shadowpad-novaya-aktivnost-gruppirovki-winnti/ (Russian, # ShadowPad IOC) ertufg.com filename.onedumb.com info.kavlabonline.com ncdle.net trendupdate.dns05.com ttareyice.jkub.com unaecry.zzux.com yandex2unitedstated.dns04.com # Reference: https://www.trendmicro.com/en_us/research/20/i/u-s--justice-department-charges-apt41-hackers-over-global-cyberattacks.html # Reference: https://otx.alienvault.com/pulse/5f650a34fabdf2c7bf7a7616 http://104.233.224.227 # Reference: https://vblocalhost.com/uploads/VB2020-Lunghi-Horejsi.pdf (# Cluster 2) ashcrack.freetcp.com heatidc.com infrast.ygto.com notify.serveuser.com platform.freetcp.com reply.ygto.com tripmerry.com # Reference: https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf arestc.net icefirebest.com mongolv.com pneword.net # Reference: https://blog.macnica.net/blog/2020/11/dtrack.html # Reference: https://otx.alienvault.com/pulse/5fc12f0ec26699f8ccd97838 mail.gietriangle.org/public/src3.png tastygoodness.net ussainc.org # Reference: https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf # Reference: https://otx.alienvault.com/pulse/603d0dcc0a0f44e375d16c62/ escanavupdate.club indrails.com ixrails.com ntpc-co.com pandorarve.com ptciocl.com ubuntumax.com websencl.com indianrailway.hopto.org indrra.ddns.net inraja.ddns.net modibest.sytes.net railway.sytes.net railways.hopto.org astudycarsceu.net indiasunsung.com shipcardonlinehelp.com smartdevoe.com # Reference: https://blog.group-ib.com/colunmtk_apt41 # Reference: https://otx.alienvault.com/pulse/60c34510bd6707ce53355efc colunm.tk cs.colunm.tk ns1.colunm.tk ns2.colunm.tk service.dns22.ml server04.dns04.com service04.dns04.com # Reference: https://content.fireeye.com/apt41-jp/rpt-apt41-jp # Reference: https://otx.alienvault.com/pulse/610cf675620c3a10851e62d0 backdoor.apt.photo # Reference: https://github.com/ti-research-io/ti/blob/main/ioc_extender/BB_APT41.json isbigfish.xyz # Reference: https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ dbhubspi.com glbaitech.com kinopoisksu.com necemarket.com dev.kinopoisksu.com holdmem.dbhubspi.com m.necemarket.com mb.glbaitech.com ns.glbaitech.com st.kinopoisksu.com # Reference: https://www.mandiant.com/resources/apt41-us-state-governments milli-seconds.com queryip.cf time12.cf viewdns.ml winsproxy.com work.viewdns.ml workers.viewdns.ml work.queryip.cf cdn.ns.time12.cf east.winsproxy.com afdentry.workstation.eu.org ns1.entrydns.eu.org subnet.milli-seconds.com # Reference: https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41 # Reference: https://otx.alienvault.com/pulse/615da9a8e2c277e1749757c3 assistcustody.xyz chaindefend.bid defendchain.xyz isbigfish.xyz mircosoftdoc.com zalofilescdn.com microsoftbooks.dns-dns.com ns.mircosoftdoc.com # Reference: https://www.mandiant.com/resources/apt41-us-state-governments down-flash.com microsoftfile.com libxqagv.ns.dns3.cf # Reference: https://www.mandiant.com/resources/mobileiron-log4shell-exploitation # Reference: https://otx.alienvault.com/pulse/6244606893ddbc9a6a5bbdeb # Reference: https://www.virustotal.com/gui/file/fb091547c42fcd5917283b3a79ee86e7388d57789327289d6d357e71ae28ddff/detection 103.224.80.44:8080 103.242.133.48:44322 103.242.133.48:8085 198.13.40.130:2222 note.down-flash.com 111111.note.down-flash.com 2f2640fb.dns.1433.eu.org 335b5282.dns.1433.eu.org d5922235.dns.1433.eu.org # Reference: https://twitter.com/0xrb/status/1509396448387153920 # Reference: https://www.virustotal.com/gui/file/536def339fefa0c259cf34f809393322cdece06fc4f2b37f06136375b073dff3/detection 43.129.188.223:10333 longlifetrump.com # Reference: https://otx.alienvault.com/pulse/624ff0af271429d152b5a27e greatsong.soundcast.me supermarket.ownip.net supership.dynv6.net # Reference: https://documents.trendmicro.com/assets/white_papers/wp-earth-baku-an-apt-group-targeting-indo-pacific-countries.pdf # Reference: https://otx.alienvault.com/pulse/613b110f3e005c40fe57317d dns224.com mssetting.com twitterproxy.com microsofthelp.dns1.us ns.cloud01.tk ns.cloud20.tk ns1.extrsports.ru # Reference: https://twitter.com/AltShiftPrtScn/status/1519840040637157378 # Reference: https://www.virustotal.com/gui/file/d2d927e7cdb804c416e70e41290453a7902420894b5cb17fdb688e9ee7943b13/detection 138.68.61.82:444 # Reference: https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ # Reference: https://otx.alienvault.com/pulse/6270f28cc2cfb0f83fe7b211 farisrezky.com freewula.strangled.net gfsg.chickenkiller.com greenhugeman.dns04.com pic.farisrezky.com szuunet.strangled.net final.staticd.dynamic-dns.net # Reference: https://blog.group-ib.com/apt41-world-tour-2021 # Reference: https://otx.alienvault.com/pulse/630615f326d4b91e473170fe delaylink.tk socialpt2021.club cs16.dns04.com newimages.socialpt2021.tk # Reference: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments # Reference: https://otx.alienvault.com/pulse/632082a05037fdffef98dcb4 # Reference: https://www.virustotal.com/gui/file/c48e1ff27b6386dadd7a8b696c00b0b96d27dffc8ee5df393765ba538c272c11/detection 27.124.17.222:443 # Reference: https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html # Reference: https://github.com/carbonblack/active_c2_ioc_public/blob/main/shadowpad/shadowpad_202210.tsv http://149.127.176.12 http://149.127.176.14 http://164.155.51.9 http://38.54.4.48 http://45.79.122.225 http://65.21.57.12 103.120.82.243:443 103.133.139.23:443 103.133.139.29:443 103.138.82.202:443 103.138.82.215:443 103.143.73.116:443 103.151.229.130:443 103.151.229.139:443 103.151.229.35:443 103.151.229.74:443 103.209.233.172:443 103.231.14.171:443 103.254.75.140:443 103.27.108.20:443 103.27.109.182:443 103.56.19.113:443 103.56.19.157:443 103.56.19.42:443 103.93.76.135:443 107.155.50.198:443 116.204.134.123:443 120.79.8.23:443 134.122.134.140:443 134.122.188.187:443 137.220.185.203:443 137.220.53.224:443 137.220.55.36:443 139.180.188.58:443 139.180.193.182:443 14.18.191.150:443 149.127.176.12:443 149.127.176.14:443 149.127.176.22:443 149.28.151.244:53 152.32.133.68:443 152.32.139.128:443 154.201.144.60:443 154.215.96.211:443 154.38.118.107:443 156.240.104.115:443 156.240.104.149:443 156.240.107.248:443 158.247.202.188:443 163.197.32.39:443 163.197.34.109:443 167.179.78.160:443 167.179.78.160:53 167.71.236.226:443 172.105.36.249:443 173.254.227.204:443 185.207.155.146:443 188.116.48.62:443 193.239.191.95:443 211.239.213.13:443 213.59.118.124:443 38.54.4.48:443 38.55.223.221:443 43.129.188.223:443 45.134.1.74:443 45.137.10.3:443 45.32.102.50:443 45.32.121.100:443 45.32.248.92:443 45.76.152.71:443 45.76.152.71:53 45.77.169.228:443 45.77.250.209:443 45.77.252.157:443 5.181.4.59:443 61.97.248.72:443 65.21.57.12:443 66.42.60.66:443 8.136.179.117:443 8.208.94.94:443 85.9.26.104:53 92.38.135.71:443 95.85.67.48:443 # Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi/IOCs-hack-the-real-box-apt41-new-subgroup-earth-longzhi.txt # Reference: https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html # Reference: https://otx.alienvault.com/pulse/636d814b3faea55b00ea98b8 # Reference: https://www.virustotal.com/gui/file/f8fa90be3e6295c275a4d23429e8738228b70693806ed9b2f482581487cb8e08/detection # Reference: https://www.virustotal.com/gui/file/76998c3cef50132d7eb091555b034b03a351bd8639c1c5dc05cf1ea6c19331d9/detection # Reference: https://www.virustotal.com/gui/file/4bc4d2ad9b608c8564eb5da5d764644cbb088c2f1cb61427d11f7b2ce4733add/detection http://139.180.138.226 http://47.108.173.88 139.180.138.226:8000 47.108.173.88:8098 47.108.173.88:8099 # Reference: https://community.emergingthreats.net/t/daily-ruleset-update-summary-2022-11-11/149 ymvh8w5.xyz c.ymvh8w5.xyz # Reference: https://github.com/blackorbird/APT_REPORT/blob/master/APT-hunting/hunting-cobaltstrike-beacons-in-the-dark.pdf # Reference: https://www.virustotal.com/gui/ip-address/185.14.29.72/relations schememicrosoft.com aliyun.com.co microport.com.cn microsoftbooks.dynamic-dns.net microsoftdocs.dns05.com microsoftonlineupdate.dynamic-dns.net ns.microsoftdocs.dns05.com # Reference: https://twitter.com/r3dbU7z/status/1605356770330828802 # Reference: https://twitter.com/jaydinbas/status/1605532948480000002 # Reference: https://www.virustotal.com/gui/file/867e8902612f9e9a390fc667ffd53343e324c8c677c12dcbca4e1b9f14b0e461/detection 43.229.155.42:8000 43.229.155.38:8443 google-au.ga cdn.google-au.ga # Reference: https://go.recordedfuture.com/hubfs/reports/cta-2023-0330.pdf adobe-cdn.org akamaixed.net dl-flash.tk linuxupdate.info microsoftcontents.com portomnail.com tcplog.com xxe.pw a.linuxupdate.info aejava.ddns.net aejva.ddns.net aone.ddns.net back.rooter.tk box.xxe.pw chrome.down-flash.com cloudat.ddns.net cloudcat.ddns.net dash.tcplog.com dns.xxe.pw down.xxe.pw down1.linuxupdate.info down2.linuxupdate.info exchange.openmd5.com exchange.portomnail.com fonts.google-au.ga gknbm.ddns.net help.down-flash.com help.tcplog.com js.down-flash.com jsj1.linuxupdate.info lemonupdate.ddns.net linux.down-flash.com linuxupdate.ddns.net ltupdate.ddns.net mail.xxe.pw mirros.microsoftcontents.com mirros3.linuxupdate.info mm.portomnail.com n2.xxe.pw ns1.xxe.pw ns2.xxe.pw officecdn-microsoft-com.akamaixed.net proxy.xxe.pw q.xxe.pw q2.xxe.pw q4.xxe.pw qq.xxe.pw static.adobe-cdn.org static.tcplog.com transcom.ddns.net twnoc.ddns.net updatenew.servehttp.com vbnmob.ddns.net volleyball.ddns.net vpnmobupdate.ddns.net x.xxe.pw xxe.linuxupdate.info yunchat.ddns.net # Reference: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41 # Reference: https://www.virustotal.com/gui/file/38e18d79b83e7c0afbe1ac246a7a5fe6b2783adc085e9aeb2ec610e76f5ccaad/detection 116.205.4.18:33889 121.42.149.52:8002 andropwn.xyz win10micros0ft.com alxc.tbtianyan.com dns.win10micros0ft.com huaxin-bantian.duckdns.org smiss.imwork.net # Reference: https://twitter.com/tiresearch1/status/1688843159265325056 ap.philancourts.com atomiclampco.com closeby.coupons ftp.gulliverwear.com gulliverwear.com news.revecontopsy.com securityhealthservice.com test.dagnelie.fr test.securityhealthservice.com # Reference: https://twitter.com/tiresearch1/status/1689173376487849984 bulkyservice.info mexicobulk.info kdalpqwx312dwjbb.leopard2.com mta0.bulkyservice.info mta0.mexicobulk.info ns1.bulkyservice.info ns2.bulkyservice.info ns2.mexicobulk.info server.mexicobulk.info # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ 120.25.0.139:8443 193.36.117.21:443 219.141.161.65:443 47.94.196.131:444 # Reference: https://stairwell.com/resources/security-alert-enrichment-shadowpad-variants/ # Reference: https://www.virustotal.com/gui/file/48ac2ca316e636109524e72c771afc7e4592f0a6c1de827985aa090f17b98879/detection rtxwen.com # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-10-13) http://103.113.8.225 http://103.113.8.232 http://104.233.160.81 http://104.233.161.173 http://107.150.124.43 http://107.173.63.250 http://112.213.109.121 http://112.213.109.131 http://112.213.109.141 http://114.29.254.126 http://114.29.254.17 http://114.29.254.201 http://114.29.254.94 http://143.92.52.130 http://143.92.52.133 http://143.92.52.137 http://149.28.25.119 http://154.26.153.129 http://154.84.23.116 http://156.234.169.19 http://158.247.239.102 http://16.162.44.42 http://182.16.60.150 http://185.161.209.2 http://194.37.97.132 http://198.135.48.10 http://20.214.1.160 http://207.148.97.160 http://3.112.45.157 http://38.47.116.103 http://38.47.123.94 http://38.54.50.224 http://43.135.1.200 http://43.242.34.23 http://43.255.28.190 http://45.63.65.123 http://45.77.157.245 http://5.255.88.185 http://54.249.142.61 http://61.238.103.165 http://63.141.237.100 http://63.141.237.208 http://64.44.184.105 http://72.18.215.38 http://8.218.191.58 http://8.218.234.216 http://96.9.211.159 101.99.94.142:443 103.106.202.158:8443 103.106.202.163:8443 103.113.8.225:443 103.113.8.225:53 103.113.8.225:8080 103.113.8.232:443 103.113.8.232:8080 103.146.231.2:443 103.68.193.225:8443 103.94.76.115:81 103.94.76.163:443 104.208.73.38:53 104.233.161.173:53 104.233.161.173:8080 104.37.175.64:443 107.150.124.43:53 107.173.63.250:21 112.213.109.121:443 112.213.109.121:53 112.213.109.131:443 112.213.109.131:53 112.213.109.141:443 112.213.109.141:53 122.254.94.69:8000 124.220.78.199:8443 13.208.47.9:443 139.84.163.79:443 139.84.163.79:8080 139.84.163.79:8443 143.92.52.130:12345 143.92.52.130:21 143.92.52.130:443 143.92.52.130:53 143.92.52.130:8000 143.92.52.133:21 143.92.52.133:443 143.92.52.133:8000 143.92.52.137:21 143.92.52.137:443 143.92.52.137:53 143.92.52.137:8000 143.92.56.71:10000 149.28.145.25:443 154.19.70.222:8000 154.19.70.222:8080 154.19.70.94:65000 154.84.23.116:12345 154.84.23.116:21 154.84.23.116:443 154.84.23.116:8000 156.234.169.19:443 156.234.169.19:8080 156.234.211.149:8080 158.247.222.2:21 158.247.222.2:53 158.247.222.2:8443 158.247.239.102:443 165.84.180.74:443 180.178.42.34:65000 180.178.42.35:65000 180.178.42.38:65000 182.16.60.150:443 182.16.60.150:53 182.16.60.150:8080 185.161.209.2:443 192.236.195.253:443 193.37.59.246:443 194.37.97.132:443 198.135.48.10:443 20.210.134.241:443 202.182.115.238:443 208.72.153.162:8080 208.85.21.210:443 216.83.41.111:443 216.83.41.112:443 216.83.41.113:443 38.45.120.138:12345 38.45.120.139:12345 38.45.120.140:12345 38.45.120.141:12345 38.45.120.142:12345 38.47.116.103:443 38.47.123.94:443 38.47.220.183:65000 38.47.221.162:12345 38.47.221.86:443 38.54.50.224:443 38.54.50.224:53 38.54.50.224:8080 38.60.217.198:443 43.135.1.200:443 43.135.1.200:8080 43.154.29.157:12345 43.242.34.23:443 45.63.65.123:443 45.74.41.38:21 45.74.6.174:443 45.76.110.175:443 45.76.110.175:8080 45.76.213.19:443 45.76.213.19:8080 45.77.157.245:443 5.253.36.199:443 54.249.142.61:8080 64.44.184.105:21 78.141.208.113:443 8.218.234.216:443 8.218.234.216:8080 96.9.211.159:21 96.9.211.159:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-10-26) http://103.158.190.167 http://103.255.118.149 http://103.255.118.150 http://103.51.110.5 http://104.194.129.178 http://104.233.167.99 http://118.193.56.234 http://124.126.116.7 http://139.180.193.182 http://149.202.45.103 http://149.28.157.235 http://149.88.75.49 http://156.236.114.202 http://158.247.202.188 http://158.247.203.58 http://158.247.213.14 http://165.154.227.192 http://167.179.108.149 http://173.199.123.205 http://198.13.42.128 http://216.128.177.23 http://38.60.217.40 http://45.76.189.91 http://45.77.244.237 http://46.17.103.152 http://5.252.178.38 http://64.176.47.148 http://95.174.24.213 http://95.85.91.50 101.99.88.70:4443 103.146.231.40:44444 103.146.231.40:55555 103.22.255.14:8002 103.43.19.239:443 103.51.110.5:443 104.194.129.178:443 104.194.129.178:44444 104.194.129.178:53 111.203.154.198:8002 111.203.154.199:8002 112.94.221.4:8002 112.95.159.90:443 113.98.238.83:443 114.255.80.175:8002 120.236.186.153:8002 121.201.64.100:38002 121.32.27.111:8002 124.126.116.6:8002 124.126.116.7:8002 124.133.230.153:8002 128.14.105.245:443 134.122.189.25:443 134.122.189.25:53 134.122.189.32:443 139.180.193.182:8080 139.180.217.229:443 139.59.29.27:443 141.164.62.87:8443 144.202.27.95:8443 146.185.219.33:443 146.185.219.33:8443 146.70.157.115:8080 146.70.157.115:8081 146.70.157.115:8443 148.66.50.42:4443 148.66.50.43:4443 149.202.45.103:443 149.202.45.103:8080 149.202.45.103:88 149.88.75.49:443 149.88.75.49:53 152.32.133.68:8088 154.7.64.133:44444 154.7.64.169:44444 156.236.114.202:443 156.236.114.202:53 158.247.202.188:53 158.247.202.188:995 158.247.241.217:18443 158.247.241.217:443 158.247.241.217:8443 16.163.146.134:8443 165.154.227.192:443 165.154.227.192:8080 173.199.123.205:443 18.193.11.42:8083 183.162.222.8:8002 183.236.220.4:8002 192.71.26.55:443 194.165.59.120:443 207.148.120.140:993 216.128.177.23:443 217.12.206.194:443 218.3.254.252:44444 220.248.252.114:8002 220.248.252.114:8012 3.19.1.60:8083 3.219.38.25:8083 3.84.66.152:8083 36.255.221.118:44444 36.255.221.118:58443 38.54.20.187:443 39.96.58.23:8084 39.96.58.23:8883 45.76.217.11:443 45.77.244.237:443 45.77.244.237:8080 46.17.103.152:443 46.17.103.152:8080 46.17.103.152:8081 46.17.103.152:88 46.246.98.47:443 47.242.188.74:4443 5.252.178.38:443 5.252.178.38:8080 5.252.178.38:8081 5.78.83.190:443 64.176.37.149:443 64.176.37.149:8080 64.176.58.84:443 77.72.85.16:443 77.72.85.16:8080 77.72.85.16:8081 77.72.85.16:88 8.218.212.77:8080 8.219.186.164:443 88.119.169.116:443 88.218.192.21:443 95.179.217.17:443 95.85.91.50:443 95.85.91.50:53 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-20) http://103.97.176.121 http://109.123.230.56 http://16.163.142.128 http://167.179.98.155 http://175.27.191.226 http://203.69.170.86 http://207.148.120.140 http://38.54.84.31 http://45.67.230.185 http://45.86.162.190 103.56.19.158:993 103.97.176.121:443 103.97.176.121:8080 112.121.187.179:12345 13.115.129.191:8080 13.208.47.9:53 154.204.24.244:65000 154.7.64.210:44444 158.247.202.188:993 158.247.253.206:443 165.154.233.32:1024 175.27.191.226:21 175.27.191.226:443 185.189.241.155:53 185.189.241.155:8080 185.189.241.159:443 185.189.241.159:53 185.189.241.186:443 185.189.241.186:53 185.189.241.208:53 185.189.241.208:8080 203.69.170.86:21 203.69.170.86:443 207.148.120.140:443 207.148.120.140:995 209.58.190.167:32443 34.92.77.165:443 43.230.161.205:12345 45.67.230.185:443 45.74.6.148:8443 45.74.6.188:21 95.174.24.213:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-23) http://37.120.247.29 101.132.147.163:8002 106.52.128.236:12340 106.52.128.236:8443 106.52.243.150:12340 118.126.107.95:12340 119.29.143.243:12340 119.29.143.243:8443 119.29.165.74:12340 119.29.165.74:8443 119.29.249.227:12340 119.29.249.227:8443 119.29.73.94:12340 119.29.73.94:8443 119.29.8.235:12340 119.29.8.235:8443 119.29.84.169:12340 120.233.114.145:22000 120.233.114.145:22001 120.233.114.145:22002 120.233.114.145:22003 120.233.114.145:22004 120.233.114.145:22005 120.233.114.145:22006 120.233.114.145:22007 120.233.114.212:22000 120.233.114.212:22001 120.233.114.212:22002 120.233.114.212:22003 120.233.114.212:22004 120.233.114.212:22005 120.233.114.212:22006 120.233.114.212:22007 122.114.18.100:12340 122.114.18.103:12340 122.114.18.103:22350 122.114.18.104:12340 122.114.18.106:12340 122.114.18.106:22350 122.114.18.107:12340 122.114.18.107:22350 122.114.18.108:12340 122.114.18.108:22350 122.114.18.109:12340 122.114.18.109:22350 122.114.18.111:12340 122.114.18.111:22350 122.114.18.112:12340 122.114.18.112:22350 122.114.18.113:12340 122.114.18.113:22350 122.114.18.114:12340 122.114.18.115:12340 122.114.18.115:22350 122.114.18.116:12340 122.114.18.116:22350 122.114.18.119:12340 122.114.18.119:22350 122.114.18.120:12340 122.114.18.120:22350 122.114.18.123:12340 122.114.18.123:22350 122.114.18.124:12340 122.114.18.124:22350 122.114.18.19:12340 122.114.18.19:22350 122.114.18.22:12340 122.114.18.22:22350 122.114.18.25:12340 122.114.18.25:22350 122.114.18.26:12340 122.114.18.26:22350 122.114.18.27:12340 122.114.18.27:22350 122.114.18.30:12340 122.114.18.30:22350 122.114.18.31:12340 122.114.18.31:22350 122.114.18.32:12340 122.114.18.32:22350 122.114.18.35:12340 122.114.18.35:22350 122.114.18.38:12340 122.114.18.38:22350 122.114.18.39:12340 122.114.18.39:22350 122.114.18.42:22350 122.114.18.43:12340 122.114.18.43:22350 122.114.18.44:12340 122.114.18.44:22350 122.114.18.46:12340 122.114.18.46:22350 122.114.18.47:12340 122.114.18.47:22350 122.114.18.49:12340 122.114.18.49:22350 122.114.18.50:12340 122.114.18.50:22350 122.114.18.52:12340 122.114.18.52:22350 122.114.18.53:12340 122.114.18.53:22350 122.114.18.54:12340 122.114.18.54:22350 122.114.18.55:12340 122.114.18.55:22350 122.114.18.57:12340 122.114.18.57:22350 122.114.18.58:12340 122.114.18.58:22350 122.114.18.59:12340 122.114.18.59:22350 122.114.18.62:12340 122.114.18.62:22350 122.114.18.64:12340 122.114.18.64:22350 122.114.18.65:12340 122.114.18.65:22350 122.114.18.66:12340 122.114.18.66:22350 122.114.18.68:12340 122.114.18.68:22350 122.114.18.74:12340 122.114.18.74:22350 122.114.18.75:12340 122.114.18.75:22350 122.114.18.76:12340 122.114.18.76:22350 122.114.18.77:12340 122.114.18.77:22350 122.114.18.78:12340 122.114.18.78:22350 122.114.18.79:12340 122.114.18.79:22350 122.114.18.7:12340 122.114.18.7:22350 122.114.18.83:12340 122.114.18.83:22350 122.114.18.85:12340 122.114.18.85:22350 122.114.18.87:12340 122.114.18.87:22350 122.114.18.88:12340 122.114.18.88:22350 122.114.18.89:12340 122.114.18.89:22350 122.114.18.90:12340 122.114.18.90:22350 122.114.18.91:12340 122.114.18.91:22350 122.114.18.94:12340 122.114.18.94:22350 122.114.18.96:12340 122.114.18.96:22350 122.114.18.97:12340 122.114.18.97:22350 122.114.18.98:12340 122.114.18.98:22350 122.9.125.150:8000 122.9.125.150:8001 122.9.125.150:8002 122.9.125.150:8003 122.9.125.150:8004 122.9.125.150:8005 122.9.125.150:8006 122.9.125.150:8007 123.207.16.103:12340 129.204.202.169:12340 139.199.155.188:1235 139.199.166.208:12340 139.199.166.208:8443 139.199.72.163:12340 139.199.72.163:8443 139.199.83.96:12340 192.109.119.100:443 193.200.16.184:443 37.120.247.29:443 37.120.247.29:8080 43.153.63.174:12340 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-11-25) http://103.146.230.153 103.146.230.153:443 106.14.196.21:8000 106.14.196.21:8001 106.14.196.21:8002 106.14.196.21:8003 111.230.31.215:1235 114.116.237.206:8000 114.116.237.206:8001 114.116.237.206:8002 114.116.237.206:8003 114.116.237.206:8004 114.116.237.206:8005 114.116.237.206:8006 114.116.237.206:8007 117.78.9.251:8000 117.78.9.251:8001 117.78.9.251:8002 117.78.9.251:8003 117.78.9.251:8004 117.78.9.251:8005 117.78.9.251:8006 117.78.9.251:8007 118.89.62.61:12340 119.29.170.82:1235 119.3.157.2:8000 119.3.157.2:8001 119.3.157.2:8002 119.3.157.2:8003 119.3.157.2:8004 119.3.157.2:8005 119.3.157.2:8006 119.3.157.2:8007 119.3.164.101:8000 119.3.164.101:8001 119.3.164.101:8002 119.3.164.101:8003 119.3.164.101:8004 119.3.164.101:8005 119.3.164.101:8006 119.3.164.101:8007 120.233.114.141:22000 120.233.114.141:22002 120.233.114.141:22003 120.233.114.141:22004 120.233.114.141:22005 120.233.114.141:22006 120.233.114.141:22007 120.233.114.144:22000 120.233.114.144:22001 120.233.114.144:22002 120.233.114.144:22003 120.233.114.144:22004 120.233.114.144:22006 120.233.114.144:22007 120.233.114.146:22000 120.233.114.146:22001 120.233.114.146:22002 120.233.114.146:22003 120.233.114.146:22004 120.233.114.146:22005 120.233.114.146:22007 120.233.114.156:22000 120.233.114.156:22001 120.233.114.156:22002 120.233.114.156:22003 120.233.114.156:22004 120.233.114.156:22005 120.233.114.156:22006 120.233.114.156:22007 120.233.114.161:22000 120.233.114.161:22001 120.233.114.161:22002 120.233.114.161:22003 120.233.114.161:22004 120.233.114.161:22006 120.233.114.161:22007 120.233.114.167:22000 120.233.114.167:22001 120.233.114.167:22002 120.233.114.167:22003 120.233.114.167:22004 120.233.114.167:22005 120.233.114.167:22006 120.233.114.167:22007 120.233.114.169:22000 120.233.114.169:22001 120.233.114.169:22002 120.233.114.169:22003 120.233.114.169:22004 120.233.114.169:22005 120.233.114.169:22007 120.233.114.171:22000 120.233.114.171:22001 120.233.114.171:22002 120.233.114.171:22003 120.233.114.171:22004 120.233.114.171:22005 120.233.114.171:22006 120.233.114.171:22007 120.233.114.177:22000 120.233.114.177:22001 120.233.114.177:22002 120.233.114.177:22003 120.233.114.177:22004 120.233.114.177:22005 120.233.114.177:22006 120.233.114.177:22007 120.233.114.182:22001 120.233.114.182:22002 120.233.114.182:22004 120.233.114.182:22005 120.233.114.182:22006 120.233.114.182:22007 120.233.114.187:22001 120.233.114.187:22002 120.233.114.187:22003 120.233.114.187:22004 120.233.114.187:22005 120.233.114.187:22006 120.233.114.187:22007 120.233.114.190:22000 120.233.114.190:22001 120.233.114.190:22002 120.233.114.190:22003 120.233.114.190:22004 120.233.114.190:22005 120.233.114.190:22006 120.233.114.190:22007 120.233.114.204:22000 120.233.114.204:22001 120.233.114.204:22003 120.233.114.204:22004 120.233.114.204:22005 120.233.114.204:22007 120.233.114.210:22000 120.233.114.210:22001 120.233.114.210:22002 120.233.114.210:22003 120.233.114.210:22004 120.233.114.210:22005 120.233.114.210:22006 120.233.114.210:22007 120.233.114.214:22000 120.233.114.214:22001 120.233.114.214:22002 120.233.114.214:22003 120.233.114.214:22004 120.233.114.214:22005 120.233.114.214:22006 120.233.114.214:22007 120.233.114.215:22000 120.233.114.215:22001 120.233.114.215:22002 120.233.114.215:22003 120.233.114.215:22004 120.233.114.215:22005 120.233.114.215:22007 120.233.114.218:22001 120.233.114.218:22002 120.233.114.218:22003 120.233.114.218:22004 120.233.114.218:22005 120.233.114.218:22006 120.233.114.218:22007 120.233.114.225:22000 120.233.114.225:22001 120.233.114.225:22002 120.233.114.225:22003 120.233.114.225:22004 120.233.114.225:22005 120.233.114.225:22006 120.233.114.225:22007 120.233.114.226:22000 120.233.114.226:22001 120.233.114.226:22002 120.233.114.226:22004 120.233.114.226:22005 120.233.114.226:22006 120.233.114.226:22007 120.233.114.235:22000 120.233.114.235:22001 120.233.114.235:22002 120.233.114.235:22003 120.233.114.235:22004 120.233.114.235:22005 120.233.114.235:22006 120.233.114.235:22007 120.233.114.237:22001 120.233.114.237:22003 120.233.114.237:22004 120.233.114.237:22006 120.233.114.237:22007 120.233.114.242:22000 120.233.114.242:22001 120.233.114.242:22003 120.233.114.242:22004 120.233.114.242:22005 120.233.114.242:22006 120.233.114.242:22007 120.233.114.243:22000 120.233.114.243:22001 120.233.114.243:22003 120.233.114.243:22004 120.233.114.243:22005 120.233.114.243:22006 120.233.114.243:22007 120.233.114.244:22000 120.233.114.244:22002 120.233.114.244:22003 120.233.114.244:22004 120.233.114.244:22005 120.233.114.244:22006 120.233.114.244:22007 120.46.141.88:8000 120.46.141.88:8001 120.46.141.88:8002 120.46.141.88:8003 120.46.141.88:8004 120.46.141.88:8005 120.46.141.88:8006 120.46.141.88:8007 120.46.152.197:8000 120.46.152.197:8001 120.46.152.197:8002 120.46.152.197:8003 120.46.152.197:8004 120.46.152.197:8005 120.46.152.197:8006 120.46.152.197:8007 120.46.157.112:8000 120.46.157.112:8001 120.46.157.112:8002 120.46.157.112:8003 120.46.157.112:8004 120.46.157.112:8005 120.46.157.112:8006 120.46.157.112:8007 121.36.200.164:8000 121.36.200.164:8001 121.36.200.164:8002 121.36.200.164:8003 121.36.200.164:8004 121.36.200.164:8005 121.36.200.164:8006 121.36.200.164:8007 121.36.203.169:8000 121.36.203.169:8001 121.36.203.169:8002 121.36.203.169:8003 121.36.203.169:8004 121.36.203.169:8005 121.36.203.169:8006 121.36.203.169:8007 121.36.205.81:8000 121.36.205.81:8001 121.36.205.81:8002 121.36.205.81:8003 121.36.205.81:8004 121.36.205.81:8005 121.36.205.81:8006 121.36.205.81:8007 121.36.21.47:8000 121.36.21.47:8001 121.36.21.47:8002 121.36.21.47:8003 121.36.21.47:8004 121.36.21.47:8005 121.36.21.47:8006 121.36.21.47:8007 121.36.212.187:8000 121.36.212.187:8001 121.36.212.187:8002 121.36.212.187:8003 121.36.212.187:8004 121.36.212.187:8005 121.36.212.187:8006 121.36.212.187:8007 121.36.22.58:8000 121.36.22.58:8001 121.36.22.58:8002 121.36.22.58:8003 121.36.22.58:8004 121.36.22.58:8005 121.36.22.58:8006 121.36.22.58:8007 121.36.223.91:8000 121.36.223.91:8001 121.36.223.91:8002 121.36.223.91:8003 121.36.223.91:8004 121.36.223.91:8005 121.36.223.91:8006 121.36.223.91:8007 121.36.241.218:8000 121.36.241.218:8001 121.36.241.218:8002 121.36.241.218:8003 121.36.241.218:8004 121.36.241.218:8005 121.36.241.218:8006 121.36.241.218:8007 121.36.43.95:8000 121.36.43.95:8001 121.36.43.95:8002 121.36.43.95:8003 121.36.43.95:8004 121.36.43.95:8005 121.36.43.95:8006 121.36.43.95:8007 121.36.64.43:8000 121.36.64.43:8001 121.36.64.43:8002 121.36.64.43:8003 121.36.64.43:8004 121.36.64.43:8005 121.36.64.43:8006 121.36.64.43:8007 121.37.136.145:8000 121.37.136.145:8001 121.37.136.145:8002 121.37.136.145:8003 121.37.136.145:8004 121.37.136.145:8005 121.37.136.145:8006 121.37.136.145:8007 121.37.161.136:8000 121.37.161.136:8001 121.37.161.136:8002 121.37.161.136:8003 121.37.161.136:8004 121.37.161.136:8005 121.37.161.136:8006 121.37.161.136:8007 121.37.179.2:8000 121.37.179.2:8001 121.37.179.2:8002 121.37.179.2:8003 121.37.179.2:8004 121.37.179.2:8005 121.37.179.2:8006 121.37.179.2:8007 121.37.184.68:8000 121.37.184.68:8001 121.37.184.68:8002 121.37.184.68:8003 121.37.184.68:8004 121.37.184.68:8005 121.37.184.68:8006 121.37.184.68:8007 122.114.18.13:12340 122.114.18.13:22350 122.114.18.86:22350 122.114.18.92:12340 122.114.18.92:22350 122.9.111.24:8000 122.9.111.24:8001 122.9.111.24:8002 122.9.111.24:8003 122.9.111.24:8004 122.9.111.24:8005 122.9.111.24:8006 122.9.111.24:8007 122.9.112.171:8000 122.9.112.171:8001 122.9.112.171:8002 122.9.112.171:8003 122.9.112.171:8004 122.9.112.171:8005 122.9.112.171:8006 122.9.112.171:8007 122.9.121.124:8000 122.9.121.124:8001 122.9.121.124:8002 122.9.121.124:8003 122.9.121.124:8004 122.9.121.124:8005 122.9.121.124:8006 122.9.121.124:8007 122.9.122.105:8000 122.9.122.105:8001 122.9.122.105:8002 122.9.122.105:8003 122.9.122.105:8004 122.9.122.105:8005 122.9.122.105:8006 122.9.122.105:8007 122.9.122.166:8000 122.9.122.166:8001 122.9.122.166:8002 122.9.122.166:8003 122.9.122.166:8004 122.9.122.166:8005 122.9.122.166:8006 122.9.122.166:8007 122.9.123.90:8000 122.9.123.90:8001 122.9.123.90:8002 122.9.123.90:8003 122.9.123.90:8004 122.9.123.90:8005 122.9.123.90:8006 122.9.123.90:8007 122.9.124.131:8000 122.9.124.131:8001 122.9.124.131:8002 122.9.124.131:8003 122.9.124.131:8004 122.9.124.131:8005 122.9.124.131:8006 122.9.124.131:8007 122.9.124.96:8000 122.9.124.96:8001 122.9.124.96:8002 122.9.124.96:8003 122.9.124.96:8004 122.9.124.96:8005 122.9.124.96:8006 122.9.124.96:8007 122.9.125.139:8000 122.9.125.139:8001 122.9.125.139:8002 122.9.125.139:8003 122.9.125.139:8004 122.9.125.139:8005 122.9.125.139:8006 122.9.125.139:8007 122.9.125.184:8000 122.9.125.184:8001 122.9.125.184:8002 122.9.125.184:8003 122.9.125.184:8004 122.9.125.184:8005 122.9.125.184:8006 122.9.125.184:8007 122.9.125.26:8000 122.9.125.26:8001 122.9.125.26:8002 122.9.125.26:8003 122.9.125.26:8004 122.9.125.26:8005 122.9.125.26:8006 122.9.125.26:8007 122.9.126.138:8000 122.9.126.138:8001 122.9.126.138:8002 122.9.126.138:8003 122.9.126.138:8004 122.9.126.138:8005 122.9.126.138:8006 122.9.126.138:8007 122.9.126.21:8000 122.9.126.21:8001 122.9.126.21:8002 122.9.126.21:8003 122.9.126.21:8004 122.9.126.21:8005 122.9.126.21:8006 122.9.126.21:8007 122.9.126.235:8000 122.9.126.235:8001 122.9.126.235:8002 122.9.126.235:8003 122.9.126.235:8004 122.9.126.235:8005 122.9.126.235:8006 122.9.126.235:8007 122.9.126.59:8000 122.9.126.59:8001 122.9.126.59:8002 122.9.126.59:8003 122.9.126.59:8004 122.9.126.59:8005 122.9.126.59:8006 122.9.126.59:8007 122.9.126.74:8000 122.9.126.74:8001 122.9.126.74:8002 122.9.126.74:8003 122.9.126.74:8004 122.9.126.74:8005 122.9.126.74:8006 122.9.126.74:8007 122.9.96.62:8000 122.9.96.62:8001 122.9.96.62:8002 122.9.96.62:8003 122.9.96.62:8004 122.9.96.62:8005 122.9.96.62:8006 122.9.96.62:8007 122.9.98.121:8000 122.9.98.121:8001 122.9.98.121:8002 122.9.98.121:8003 122.9.98.121:8004 122.9.98.121:8005 122.9.98.121:8006 122.9.98.121:8007 123.207.12.142:1235 123.207.16.103:8443 123.207.18.157:12340 123.207.18.157:8443 123.60.12.32:8000 123.60.12.32:8001 123.60.12.32:8002 123.60.12.32:8003 123.60.12.32:8004 123.60.12.32:8005 123.60.12.32:8006 123.60.12.32:8007 123.60.218.46:8000 123.60.218.46:8001 123.60.218.46:8002 123.60.218.46:8003 123.60.218.46:8004 123.60.218.46:8005 123.60.218.46:8006 123.60.218.46:8007 123.60.221.78:8000 123.60.221.78:8001 123.60.221.78:8002 123.60.221.78:8003 123.60.221.78:8004 123.60.221.78:8005 123.60.221.78:8006 123.60.221.78:8007 123.60.31.114:8000 123.60.31.114:8001 123.60.31.114:8002 123.60.31.114:8003 123.60.31.114:8004 123.60.31.114:8005 123.60.31.114:8006 123.60.31.114:8007 123.60.31.166:8000 123.60.31.166:8001 123.60.31.166:8002 123.60.31.166:8003 123.60.31.166:8004 123.60.31.166:8005 123.60.31.166:8006 123.60.31.166:8007 123.60.92.210:8000 123.60.92.210:8001 123.60.92.210:8002 123.60.92.210:8003 123.60.92.210:8004 123.60.92.210:8005 123.60.92.210:8006 123.60.92.210:8007 123.60.94.121:8000 123.60.94.121:8001 123.60.94.121:8002 123.60.94.121:8003 123.60.94.121:8004 123.60.94.121:8005 123.60.94.121:8006 123.60.94.121:8007 124.70.128.38:8000 124.70.128.38:8001 124.70.128.38:8002 124.70.128.38:8003 124.70.128.38:8004 124.70.128.38:8005 124.70.128.38:8006 124.70.128.38:8007 124.70.186.208:8000 124.70.186.208:8001 124.70.186.208:8002 124.70.186.208:8003 124.70.186.208:8004 124.70.186.208:8005 124.70.186.208:8006 124.70.186.208:8007 124.70.204.39:8000 124.70.204.39:8001 124.70.204.39:8002 124.70.204.39:8003 124.70.204.39:8004 124.70.204.39:8005 124.70.204.39:8006 124.70.204.39:8007 124.70.21.77:8000 124.70.21.77:8001 124.70.21.77:8002 124.70.21.77:8003 124.70.21.77:8004 124.70.21.77:8005 124.70.21.77:8006 124.70.21.77:8007 124.70.29.43:8000 124.70.29.43:8001 124.70.29.43:8002 124.70.29.43:8003 124.70.29.43:8004 124.70.29.43:8005 124.70.29.43:8006 124.70.29.43:8007 124.70.87.2:8000 124.70.87.2:8001 124.70.87.2:8002 124.70.87.2:8003 124.70.87.2:8004 124.70.87.2:8005 124.70.87.2:8006 124.70.87.2:8007 124.71.10.22:8000 124.71.10.22:8001 124.71.10.22:8002 124.71.10.22:8003 124.71.10.22:8004 124.71.10.22:8005 124.71.10.22:8006 124.71.10.22:8007 124.71.14.157:8000 124.71.14.157:8001 124.71.14.157:8002 124.71.14.157:8003 124.71.14.157:8004 124.71.14.157:8005 124.71.14.157:8006 124.71.14.157:8007 124.71.186.151:8000 124.71.186.151:8001 124.71.186.151:8002 124.71.186.151:8003 124.71.186.151:8004 124.71.186.151:8005 124.71.186.151:8006 124.71.186.151:8007 124.71.192.182:8000 124.71.192.182:8001 124.71.192.182:8002 124.71.192.182:8003 124.71.192.182:8004 124.71.192.182:8005 124.71.192.182:8006 124.71.192.182:8007 124.71.193.201:8000 124.71.193.201:8001 124.71.193.201:8002 124.71.193.201:8003 124.71.193.201:8004 124.71.193.201:8005 124.71.193.201:8006 124.71.193.201:8007 124.71.205.70:8000 124.71.205.70:8001 124.71.205.70:8002 124.71.205.70:8003 124.71.205.70:8004 124.71.205.70:8005 124.71.205.70:8006 124.71.205.70:8007 124.71.228.182:8000 124.71.228.182:8001 124.71.228.182:8002 124.71.228.182:8003 124.71.228.182:8004 124.71.228.182:8005 124.71.228.182:8006 124.71.228.182:8007 124.71.63.158:8000 124.71.63.158:8001 124.71.63.158:8002 124.71.63.158:8003 124.71.63.158:8004 124.71.63.158:8005 124.71.63.158:8006 124.71.63.158:8007 124.71.99.215:8000 124.71.99.215:8001 124.71.99.215:8002 124.71.99.215:8003 124.71.99.215:8004 124.71.99.215:8005 124.71.99.215:8006 124.71.99.215:8007 139.159.152.195:8000 139.159.152.195:8001 139.159.152.195:8002 139.159.152.195:8003 139.159.152.195:8004 139.159.152.195:8005 139.159.152.195:8006 139.159.152.195:8007 139.9.119.173:8000 139.9.119.173:8001 139.9.119.173:8002 139.9.119.173:8003 139.9.119.173:8004 139.9.119.173:8005 139.9.119.173:8006 139.9.119.173:8007 139.9.135.156:8000 139.9.135.156:8001 139.9.135.156:8002 139.9.135.156:8003 139.9.135.156:8004 139.9.135.156:8005 139.9.135.156:8006 139.9.135.156:8007 139.9.138.15:8000 139.9.138.15:8001 139.9.138.15:8002 139.9.138.15:8003 139.9.138.15:8004 139.9.138.15:8005 139.9.138.15:8006 139.9.138.15:8007 139.9.221.228:8000 139.9.221.228:8001 139.9.221.228:8002 139.9.221.228:8003 139.9.221.228:8004 139.9.221.228:8005 139.9.221.228:8006 139.9.221.228:8007 139.9.36.241:8000 139.9.36.241:8001 139.9.36.241:8002 139.9.36.241:8003 139.9.36.241:8004 139.9.36.241:8005 139.9.36.241:8006 139.9.36.241:8007 139.9.37.126:8000 139.9.37.126:8001 139.9.37.126:8002 139.9.37.126:8003 139.9.37.126:8004 139.9.37.126:8005 139.9.37.126:8006 139.9.37.126:8007 139.9.80.84:8000 139.9.80.84:8001 139.9.80.84:8002 139.9.80.84:8003 139.9.80.84:8004 139.9.80.84:8005 139.9.80.84:8006 139.9.80.84:8007 139.9.86.92:8000 139.9.86.92:8001 139.9.86.92:8002 139.9.86.92:8003 139.9.86.92:8004 139.9.86.92:8005 139.9.86.92:8006 139.9.86.92:8007 141.164.54.104:443 185.126.237.57:443 193.112.241.118:12340 218.64.122.107:8081 37.120.247.29:8443 38.54.32.114:443 38.54.84.31:443 45.77.174.203:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-12-03) http://103.56.55.153 http://141.164.54.104 http://154.84.23.110 http://165.154.64.215 http://40.74.70.136 http://45.74.6.169 http://45.74.6.251 http://45.77.174.203 http://5.183.95.202 http://54.219.223.239 http://96.9.210.77 101.132.147.163:8000 101.132.147.163:8001 101.132.147.163:8003 101.200.77.210:6051 116.72.78.89:8443 118.249.189.96:13702 118.69.225.164:1433 118.89.52.171:8000 118.89.52.171:8001 118.89.52.171:8002 118.89.52.171:8003 119.3.188.193:8000 119.3.188.193:8001 119.3.188.193:8002 119.3.188.193:8003 119.3.188.193:8004 119.3.188.193:8005 119.3.188.193:8006 119.3.188.193:8007 119.3.227.189:8000 119.3.227.189:8001 119.3.227.189:8002 119.3.227.189:8003 119.3.227.189:8004 119.3.227.189:8005 119.3.227.189:8006 119.3.227.189:8007 120.233.114.141:22001 120.233.114.144:22005 120.233.114.146:22006 120.233.114.161:22005 120.233.114.169:22006 120.233.114.182:22000 120.233.114.182:22003 120.233.114.184:22000 120.233.114.184:22001 120.233.114.184:22002 120.233.114.184:22003 120.233.114.184:22004 120.233.114.184:22005 120.233.114.184:22006 120.233.114.184:22007 120.233.114.186:22000 120.233.114.186:22001 120.233.114.186:22002 120.233.114.186:22003 120.233.114.186:22004 120.233.114.186:22005 120.233.114.186:22006 120.233.114.186:22007 120.233.114.187:22000 120.233.114.204:22002 120.233.114.204:22006 120.233.114.215:22006 120.233.114.218:22000 120.233.114.226:22003 120.233.114.229:22000 120.233.114.229:22001 120.233.114.229:22002 120.233.114.229:22003 120.233.114.229:22004 120.233.114.229:22005 120.233.114.229:22006 120.233.114.229:22007 120.233.114.237:22000 120.233.114.237:22002 120.233.114.237:22005 120.233.114.242:22002 120.233.114.243:22002 120.233.114.244:22001 120.233.50.14:22000 120.233.50.14:22001 120.233.50.14:22002 120.233.50.14:22003 120.233.50.14:22004 120.233.50.14:22005 120.233.50.14:22006 120.233.50.14:22007 120.46.142.56:8000 120.46.142.56:8001 120.46.142.56:8002 120.46.142.56:8003 120.46.142.56:8004 120.46.142.56:8005 120.46.142.56:8006 120.46.142.56:8007 121.36.106.89:8000 121.36.106.89:8001 121.36.106.89:8002 121.36.106.89:8003 121.36.106.89:8004 121.36.106.89:8005 121.36.106.89:8006 121.36.106.89:8007 121.36.83.144:8000 121.36.83.144:8001 121.36.83.144:8002 121.36.83.144:8003 121.36.83.144:8004 121.36.83.144:8005 121.36.83.144:8006 121.36.83.144:8007 122.114.18.100:22350 122.114.18.42:12340 122.254.94.69:443 123.60.55.205:8000 123.60.55.205:8001 123.60.55.205:8002 123.60.55.205:8003 123.60.55.205:8004 123.60.55.205:8005 123.60.55.205:8006 123.60.55.205:8007 124.223.102.72:8443 124.70.200.238:8000 124.70.200.238:8001 124.70.200.238:8002 124.70.200.238:8003 124.70.200.238:8004 124.70.200.238:8005 124.70.200.238:8006 124.70.200.238:8007 124.70.202.122:8000 124.70.202.122:8001 124.70.202.122:8002 124.70.202.122:8003 124.70.202.122:8004 124.70.202.122:8005 124.70.202.122:8006 124.70.202.122:8007 124.70.38.91:8000 124.70.38.91:8001 124.70.38.91:8002 124.70.38.91:8003 124.70.38.91:8004 124.70.38.91:8005 124.70.38.91:8006 124.70.38.91:8007 124.70.56.41:8000 124.70.56.41:8001 124.70.56.41:8002 124.70.56.41:8003 124.70.56.41:8004 124.70.56.41:8005 124.70.56.41:8006 124.70.56.41:8007 124.70.63.174:8000 124.70.63.174:8001 124.70.63.174:8002 124.70.63.174:8003 124.70.63.174:8004 124.70.63.174:8005 124.70.63.174:8006 124.70.63.174:8007 13.115.194.155:53 14.225.192.198:443 148.66.22.106:443 148.66.22.106:8443 148.66.22.107:443 148.66.22.107:8443 148.66.22.108:443 148.66.22.108:8443 148.66.22.109:443 148.66.22.109:8443 148.66.22.110:443 148.66.22.110:8443 149.202.45.103:8081 149.28.23.65:12345 154.84.23.116:53 156.59.39.106:443 165.154.64.215:443 208.76.222.168:443 211.75.116.27:443 216.83.40.84:443 3.91.231.34:8083 35.77.99.82:53 38.180.54.6:443 38.181.24.48:8000 38.181.24.48:8080 38.60.221.150:443 43.128.40.28:8080 43.229.112.203:65000 45.195.76.26:443 45.74.6.77:8443 45.76.110.175:53 45.77.183.245:8080 45.86.162.190:443 52.128.229.100:443 52.128.229.98:443 52.128.229.99:443 54.219.223.239:53 64.176.59.90:443 96.9.210.77:21 96.9.210.77:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2023-12-24) http://192.109.119.100 http://45.32.106.247 http://46.246.98.47 1.12.224.214:12340 192.109.119.100:8080 45.129.199.38:443 45.129.199.38:8080 45.76.83.253:443 89.38.131.70:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-03) http://107.148.73.109 http://110.173.53.162 http://141.98.212.38 http://143.92.60.54 http://155.138.142.176 http://185.189.241.209 http://194.246.114.4 http://34.96.231.241 http://45.117.102.174 http://45.67.34.151 http://45.74.6.14 http://45.74.6.175 http://8.130.26.42 http://8.212.157.140 1.94.125.189:8000 1.94.125.189:8001 103.86.45.200:2096 103.86.45.200:53 107.148.45.172:443 107.148.73.109:443 110.173.53.162:443 121.37.164.60:8000 121.37.164.60:8001 121.37.164.60:8002 121.37.164.60:8003 121.37.164.60:8004 121.37.164.60:8005 121.37.164.60:8007 122.114.18.86:12340 122.254.94.69:8080 123.60.174.4:8000 123.60.174.4:8001 124.71.188.124:8000 124.71.188.124:8001 124.71.188.124:8002 124.71.188.124:8004 124.71.188.124:8005 124.71.188.124:8007 141.98.212.38:8080 149.28.136.218:443 151.236.18.179:443 156.255.3.7:443 156.59.168.116:1688 156.59.168.116:443 175.27.191.226:53 185.130.214.116:443 185.189.241.209:443 185.189.241.254:443 185.189.241.254:53 192.71.26.172:443 194.116.191.150:443 194.116.191.150:8081 194.116.191.150:88 194.246.114.4:21 194.246.114.4:443 20.6.82.79:443 23.225.71.115:12345 23.225.71.115:8888 34.81.45.231:443 34.96.231.241:53 37.1.193.156:443 43.132.173.7:12345 43.135.1.200:53 45.32.106.247:443 45.67.34.151:443 45.67.34.151:8080 45.74.6.175:21 52.128.229.100:12345 52.128.229.101:443 52.128.229.102:12345 52.128.229.102:443 52.128.229.98:12345 52.128.229.99:12345 58.20.44.195:13702 60.204.211.54:8000 60.204.211.54:8001 8.130.26.42:12345 8.130.26.42:443 8.212.157.140:443 94.131.119.167:8080 sdfsj3h1s54-yh.foy9dong.com stationarycell.xyz # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-16) http://155.138.154.203 1.92.75.200:8000 1.92.75.200:8001 1.92.75.200:8002 1.92.75.200:8003 1.92.75.200:8004 1.92.75.200:8005 1.92.75.200:8006 1.92.75.200:8007 1.92.91.219:8000 1.92.91.219:8001 1.92.91.219:8002 1.92.91.219:8003 1.92.91.219:8004 1.92.91.219:8005 1.92.91.219:8006 1.92.91.219:8007 1.94.125.189:8002 1.94.125.189:8003 1.94.125.189:8004 1.94.125.189:8005 1.94.125.189:8006 1.94.125.189:8007 103.91.64.204:443 103.91.64.204:80 120.46.66.113:8000 120.46.66.113:8001 120.46.66.113:8002 120.46.66.113:8003 120.46.66.113:8004 120.46.66.113:8005 120.46.66.113:8006 120.46.66.113:8007 121.37.164.60:8006 123.60.174.4:8002 123.60.174.4:8003 123.60.174.4:8004 123.60.174.4:8005 123.60.174.4:8006 123.60.174.4:8007 124.70.0.94:8000 124.70.0.94:8001 124.70.0.94:8002 124.70.0.94:8003 124.70.0.94:8004 124.70.0.94:8005 124.70.0.94:8006 124.70.0.94:8007 124.70.98.249:8000 124.70.98.249:8001 124.70.98.249:8002 124.70.98.249:8003 124.70.98.249:8004 124.70.98.249:8005 124.70.98.249:8006 124.70.98.249:8007 124.71.188.124:8003 124.71.188.124:8006 124.71.218.160:8000 124.71.218.160:8001 124.71.218.160:8002 124.71.218.160:8003 124.71.218.160:8004 124.71.218.160:8005 124.71.218.160:8006 124.71.218.160:8007 124.71.222.120:8000 124.71.222.120:8001 124.71.222.120:8002 124.71.222.120:8003 124.71.222.120:8004 124.71.222.120:8005 124.71.222.120:8006 124.71.222.120:8007 139.159.146.137:8000 139.159.146.137:8001 139.159.146.137:8002 139.159.146.137:8003 139.159.146.137:8004 139.159.146.137:8005 139.159.146.137:8006 139.159.146.137:8007 139.9.180.3:8000 139.9.180.3:8001 139.9.180.3:8002 139.9.180.3:8003 139.9.180.3:8004 139.9.180.3:8005 139.9.180.3:8006 139.9.180.3:8007 139.9.41.174:8000 139.9.41.174:8001 139.9.41.174:8002 139.9.41.174:8003 139.9.41.174:8004 139.9.41.174:8005 139.9.41.174:8006 139.9.41.174:8007 194.116.191.150:8080 45.77.183.245:443 5.252.178.189:443 5.252.178.189:8080 60.204.211.54:8002 60.204.211.54:8003 60.204.211.54:8004 60.204.211.54:8005 60.204.211.54:8006 60.204.211.54:8007 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-01-23) http://103.91.64.204 http://38.55.204.19 http://5.252.178.189 155.138.154.203:443 195.123.217.139:443 20.2.219.165:3389 27.44.204.144:22000 27.44.204.144:22002 27.44.204.144:22003 27.44.204.144:22004 27.44.204.144:22005 27.44.204.144:22007 27.44.204.161:22000 27.44.204.161:22001 27.44.204.161:22002 27.44.204.161:22003 27.44.204.161:22004 27.44.204.161:22005 27.44.204.161:22006 27.44.204.161:22007 27.44.204.219:22000 27.44.204.219:22001 27.44.204.219:22003 27.44.204.219:22004 27.44.204.219:22007 27.44.204.229:22000 27.44.204.233:22001 27.44.204.233:22002 45.32.106.247:8080 5.252.178.189:8443 # Reference: https://twitter.com/nahamike01/status/1755183472677924879 supermirco.us micro.supermirco.us mircoo.supermirco.us ns.supermirco.us # Reference: https://twitter.com/luc4m/status/1778110699870310840 165.154.227.192:6005 165.154.227.192:7000 # Reference: https://twitter.com/Cyberteam008/status/1779763262722355512 173.199.71.210:443 185.174.172.41:443 194.156.99.115:443 194.156.99.115:8443 195.85.250.254:443 45.77.65.219:443 65.20.98.31:443 # Reference: https://twitter.com/ValidinLLC/status/1779916377039495523 80.92.204.66:3306 80.92.204.66:443 # Reference: https://twitter.com/1ZRR4H/status/1783528366194196585 # Reference: https://app.validin.com/detail?type=raw&find=AndroidControl+v1.0.4#tab=host_pairs http://120.78.223.152 http://47.241.218.217 http://8.219.55.216 120.78.223.152:443 47.241.218.217:443 8.219.55.216:443 vmess.xhhzs.cn # Reference: https://x.com/SBousseaden/status/1794484811064586632 # Reference: https://www.virustotal.com/gui/file/deecc7fa56d74dcf87ddf728261a1fe9a4f7a0e0d187111ab60e5b8051e59ae3/detection prod.microsoftdirect.com # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-06-09) 103.158.190.167:443 128.14.105.154:443 139.180.208.107:443 146.70.157.115:443 164.215.103.248:443 173.199.71.24:443 185.167.61.21:443 185.81.114.45:443 193.56.255.142:443 207.148.95.161:443 38.55.204.19:80 38.60.193.62:443 45.116.78.250:443 45.159.250.235:443 45.32.115.37:443 47.242.52.22:443 47.243.60.4:443 64.176.8.105:443 8.210.134.47:443 8.210.167.64:443 8.210.168.192:443 8.210.174.168:443 8.210.221.119:443 8.210.4.242:443 8.210.74.92:443 8.217.0.193:443 8.217.107.25:443 8.217.122.135:443 8.217.84.192:443 8.217.96.167:443 8.218.128.35:443 8.218.163.77:443 8.218.17.11:443 8.218.193.197:443 8.218.213.245:443 8.218.217.76:443 8.218.244.117:443 8.218.248.158:443 8.218.56.204:443 94.131.110.28:443 # Reference: https://x.com/nahamike01/status/1799730688725508290 http://158.247.199.185 158.247.199.185:3389 158.247.199.185:443 158.247.199.185:53 # Reference: https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust # Reference: https://www.virustotal.com/gui/ip-address/95.164.16.231/relations http://152.89.244.185 akacur.tk eloples.com ns1.akacur.tk ns2.akacur.tk orange-breeze-66bb.tezsfsoikdvd.workers.dev # Reference: https://x.com/Cyberteam008/status/1818119578204934582 # Reference: https://pastebin.com/AYzCKMsf amazonlivenews.com gmail.verifypay.shop google.pythonpplus.org googleaccount.org microsoftbackups.com microsoftremotehelps.com micsoftonedrive.com pishgaman.pw pythonpplus.org verifypay.shop youtubedownloading.com qw05.liaoqazqq.com s.pishgaman.pw voiptelsolutions.splynx.app # Reference: https://x.com/Huntio/status/1824654200955080733 # Reference: https://x.com/_langly/status/1824768675548672100 bingsearches.com buildhosting.club cargobussi.org googlelivenews.com mail-pk.xyz microsoftcode.com microsoftdaily.com microsoftdesktop.com pk-information.com solarwindsaf.com # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-08-18) http://167.179.103.75 http://207.246.119.197 http://46.29.163.195 http://64.176.179.67 http://64.176.44.238 http://95.179.235.165 http://96.30.196.210 108.61.208.146:443 149.28.146.215:443 152.32.201.190:443 167.179.106.174:443 173.199.122.23:53 185.76.78.78:443 198.13.51.5:443 199.247.10.114:443 199.247.23.228:443 202.182.118.85:443 207.246.106.76:443 207.246.119.197:443 207.246.119.197:8080 38.54.79.213:443 38.60.134.143:443 45.77.170.31:443 45.77.36.13:443 89.38.128.94:443 95.179.163.123:443 95.179.242.107:443 95.179.249.161:443 96.30.196.210:443 app.kaspersky-scan.com auth.microsoftsservice.com bold-hamilton.207-246-119-197.plesk.page cloud.kaspersky-scan.com cloud.microsoftsservice.com db.microsoftsservice.com gov.jmjejij.otzo.com hb.kaspersky-scan.com id2.microsoftsservice.com img.shaduruanjian8.com it.jmjejij.otzo.com jmjejij.otzo.com kaspersky-scan.com micro.gay microsoftsservice.com randzalo.com shaduruanjian8.com stdhgd.com tc.microsoftsservice.com top.microsoftsservice.com update.micro.gay weblink.microsoftsservice.com # Reference: https://www.trendmicro.com/en_sg/research/24/h/earth-baku-latest-campaign.html # Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/h/earth-baku/ioc-a-dive-into-earth-baku-latest-campaign.txt # Reference: https://www.virustotal.com/gui/file/7f24bc080281d250ec88493e5803e488721a17c9382cd54ba8dfbcb785f23a88/detection cdn7854.workers.dev icy-bar-c375.microsoft-updates.workers.dev microsoft-updates.workers.dev mircoupdate.https443.net realgodad.workers.dev shrill-tooth-b557.vgfjuic.workers.dev track.cdn78544.ru vgfjuic.workers.dev update-chrome.realgodad.workers.dev # Reference: https://x.com/Cyberteam008/status/1826126334919082085 # Reference: https://www.virustotal.com/gui/ip-address/154.90.58.189/relations # Reference: https://www.virustotal.com/gui/ip-address/38.54.50.46/relations # Reference: https://www.virustotal.com/gui/file/b2d2380ec8001acfacbba10305c5dd4fe8bd153bfb00377bb6c6a0f94b29e804/detection # Reference: https://www.virustotal.com/gui/file/f16faa26f8871692c49c5bc4a047b33aad0dcffdba5c6d8f08ad636b94859cf7/detection http://38.60.198.164 91newai.com new-openai.com ngo.91newai.com tw.new-openai.com # Reference: https://x.com/Cyberteam008/status/1826433189012730325 # Reference: https://www.virustotal.com/gui/ip-address/89.38.128.94/relations # Reference: https://www.virustotal.com/gui/ip-address/94.231.205.25/relations netbill.pk admin.netbill.pk mail.netbill.pk random.netbill.pk # Reference: https://x.com/Cyberteam008/status/1828624431117181112 # Reference: https://en.fofa.info/result?qbase64=Y2VydD0iMTgyMDk2NTM3Njc1ODE0NDk5NDEi 152.32.139.23:443 45.112.53.130:8080 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-08) http://103.27.111.247 http://103.87.10.214 112.120.226.125:5006 121.229.58.86:3306 123.56.0.80:10000 139.180.223.116:443 141.164.50.114:443 144.202.1.189:21 144.202.1.189:443 154.205.145.210:443 156.244.2.26:443 159.69.83.16:443 165.22.117.169:443 167.179.112.116:443 192.71.213.155:443 194.5.212.218:443 194.5.212.218:53 199.247.2.134:443 199.247.23.86:443 207.148.120.98:443 207.148.66.49:443 208.85.16.252:443 219.78.165.215:5006 31.192.107.196:443 35.181.55.11:443 38.60.217.161:443 38.60.250.74:443 45.32.151.219:443 45.32.32.252:443 45.76.189.33:443 45.77.133.154:443 45.77.9.96:443 66.42.37.139:443 80.240.16.246:443 82.67.49.76:63601 95.179.145.120:443 95.179.220.191:443 95.179.221.218:443 95.179.240.31:443 # Reference: https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/ 185.132.125.72:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-09) 158.247.243.186:443 206.189.224.6:443 5.42.74.254:2083 # Reference: https://x.com/malwrhunterteam/status/1815256468431528370 # Reference: https://x.com/nao_sec/status/1826977609328325111 # Reference: https://jp.security.ntt/tech_blog/appdomainmanager-injection # Reference: https://www.virustotal.com/gui/file/1d40ac126547b1523a3fb7d584deec907315c5ef7f44ffa96ef4bd18702101f6/detection krislab.site msn-microsoft.org s3-microsoft.com s3bucket-azure.online trendmicrotech.com visualstudio-microsoft.com xtools.lol static.krislab.site # Reference: https://x.com/StrikeReadyLabs/status/1819460764517683658 # Reference: https://x.com/dez_/status/1825896855466565963 # Reference: https://www.virustotal.com/gui/file/4edc77c3586ccc255460f047bd337b2d09e2339e3b0b0c92d68cddedf2ac1e54/detection s3cloud-azure.com status.s3cloud-azure.com 360photo.oss-cn-hongkong.aliyuncs.com s3-r-w.me-south-1.amazonaws.com wordpresss-data.s3.me-south-1.amazonaws.com # Reference: https://x.com/suyog41/status/1835557924443509029 # Reference: https://www.virustotal.com/gui/file/7d8894520e26755e0f191078df140898882837c90d338174487c1e2d17a72756/detection http://103.214.173.55 103.214.173.55:443 xiang1234.oss-cn-hongkong.aliyuncs.com # Reference: https://x.com/StrikeReadyLabs/status/1826969590494064789 # Reference: https://www.virustotal.com/gui/file/0ba468400dd88b6dbe96407cb104f28876adb62805689d97de5d2650770ff39c/detection proradead.s3.sa-east-1.amazonaws.com # Reference: https://x.com/Cyberteam008/status/1836967191893176652 # Reference: https://www.virustotal.com/gui/ip-address/139.84.133.219/relations # Reference: https://www.virustotal.com/gui/ip-address/45.76.165.217/relations microsoftdnshelp.com techsupport-microsoft.co.in ns1.microsoftdnshelp.com ns2.microsoftdnshelp.com # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-22) http://47.242.52.22 http://8.210.174.168 http://8.217.122.135 109.207.171.191:443 121.162.13.25:21 121.162.13.25:8022 139.84.236.159:443 141.164.35.65:443 149.28.186.14:443 149.28.28.9:443 151.236.23.49:443 155.138.195.85:443 167.179.70.58:443 217.69.6.191:443 38.60.199.119:443 45.80.215.133:443 47.242.52.22:53 64.176.229.94:443 8.217.107.25:44444 8.217.107.25:53 8.217.122.135:53 8.218.163.77:53 8.218.193.197:44444 8.218.193.197:53 95.179.134.240:53 95.179.176.94:8443 # Reference: https://x.com/r0ny_123/status/1837896240865923072 # Reference: https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html # Reference: https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/i/earth-baxia-uses-spear-phishing-and-geoserver-exploit-to-target-apac/IOCs%20-%20Earth%20Baxia%20Uses%20Spear-Phishing%20and%20GeoServer%20Exploit%20to%20Target%20APAC.txt http://152.42.243.170 http://167.172.84.142 http://167.172.89.142 http://188.166.252.85 152.42.243.170:22 152.42.243.170:443 167.172.84.142:443 167.172.89.142:443 188.166.252.85:443 browser-events-data-microsoft.com hinet.ink hinet.lat islot.ink oca.pics s3-azure.com bobs8.oss-cn-hongkong.aliyuncs.com cooltours.s3.sa-east-1.amazonaws.com doare-assets.s3.sa-east-1.amazonaws.com ecgglass-arq.s3.sa-east-1.amazonaws.com homologacao-sisp.s3.sa-east-1.amazonaws.com kcalmoments.s3.me-south-1.amazonaws.com ms1.hinet.lat msa.hinet.ink recordar-simmco.s3.sa-east-1.amazonaws.com rocean.oca.pics s3-contemp.s3.sa-east-1.amazonaws.com souzacambos.s3.sa-east-1.amazonaws.com static.trendmicrotech.com us2.s3bucket-azure.online xiiltrionsoledadprod.s3.sa-east-1.amazonaws.com # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2024-09-29) http://8.210.134.47 http://8.210.167.64 http://8.210.221.119 http://8.210.74.92 http://8.218.17.11 http://8.218.56.204 136.244.119.156:443 198.13.39.189:443 202.162.108.45:443 38.60.196.212:443 45.76.191.59:443 46.246.98.47:8080 # Reference: https://x.com/pancak3lullz/status/1853452698919555575 # Reference: https://www.virustotal.com/gui/ip-address/136.244.116.245/relations # Reference: https://www.virustotal.com/gui/ip-address/64.176.69.95/relations kasperskyupdate.com paloaltonetworkhelp.com # Reference: https://x.com/DmitriyMelikov/status/1856721308802793496 # Reference: https://blogs.blackberry.com/en/2024/11/lightspy-apt41-deploys-advanced-deepdata-framework-in-targeted-southern-asia-espionage-campaign 103.255.176.176:28992 119.147.213.48:28992 202.43.239.13:28992 # Reference: https://x.com/Cyberteam008/status/1858703453981450712 # Reference: https://www.virustotal.com/gui/file/79c2c656eac34f628406855c9fafe36161ac423c071d9b20b64f4f511c9ec241/detection http://37.120.222.37 37.120.222.37:443 # Reference: https://x.com/Cyberteam008/status/1861596387625890122 103.96.130.107:443 139.180.129.136:443 139.84.168.41:443 158.247.214.28:443 165.154.201.115:443 188.208.141.207:443 45.125.67.58:443 # Reference: https://securelist.com/eagerbee-backdoor/115175/ # Reference: https://www.virustotal.com/gui/ip-address/151.236.16.167/relations # Reference: https://www.virustotal.com/gui/ip-address/194.71.107.215/relations # Reference: https://www.virustotal.com/gui/ip-address/62.233.57.94/relations # Reference: https://www.virustotal.com/gui/ip-address/82.118.21.230/relations http://195.123.242.120 http://5.34.176.46 195.123.242.120:443 5.34.176.46:443 carruthersfredericklawyers.com carruthersfredericklegals.com ellisonpeterslaws.com ellisonpeterslawyer.com feedfoodconcerning.info feedfoodconcerning.org gnel.feedfoodconcerning.org goldmanrichardlegal.com goldmanrichardlegals.com oldfriendsnetwork.com rambiler.com socialentertainments.store # Reference: https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set # Reference: https://www.virustotal.com/gui/file/e9cb02690d987de8d392d0e24b3ccbb294c751dff73962135913c7ec0d8a8064/detection 185.195.237.123:443 185.82.217.164:443 195.123.245.79:443 45.90.58.103:443 # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2025-01-05) http://104.167.16.95 http://185.117.89.125 http://185.22.153.161 http://185.22.154.64 http://45.140.168.49 http://46.17.41.15 http://46.17.41.154 http://47.242.0.122 http://47.242.16.105 http://5.252.178.185 http://8.210.30.189 http://8.210.6.230 http://8.217.0.193 http://8.217.84.192 http://8.218.163.77 http://8.218.193.197 http://8.218.213.245 http://8.218.217.76 http://8.218.244.117 http://8.218.25.58 103.215.216.72:443 103.27.109.72:443 103.87.8.199:443 104.167.16.95:443 107.191.62.206:443 117.50.213.101:443 118.194.249.212:8080 136.244.116.245:443 136.244.80.115:443 139.84.214.241:443 139.84.214.241:53 141.164.49.53:8443 149.28.128.65:443 149.28.159.61:443 158.247.252.152:443 166.1.22.41:443 176.126.83.225:443 185.186.76.151:443 185.213.20.117:443 185.81.115.126:443 199.247.22.187:443 212.192.215.143:443 217.69.15.243:443 27.124.53.33:443 38.60.211.116:443 43.246.208.207:443 43.246.210.196:443 45.32.121.197:8080 45.32.51.228:8080 45.76.209.205:443 45.77.16.161:443 45.77.170.188:443 47.242.0.122:443 47.242.16.105:443 47.242.16.105:53 5.189.221.41:443 5.252.178.185:443 64.176.59.232:443 64.176.65.49:443 64.176.69.95:443 65.20.76.134:443 65.20.78.130:443 8.210.30.189:443 8.210.6.230:443 8.218.25.58:443 8.218.25.58:53 91.149.240.153:443 91.149.241.103:443 95.179.179.83:443 95.179.244.134:443 64-176-59-232.ipv4.staticdns3.io 64.176.65.49.sslip.io app.microsoftstaticapi.com asdasw21.icu cdn.withrental.com hopeful-jang.207-246-119-197.plesk.page micheeasodh.top microsoftstaticapi.com node5.cnaidun.net sapress.help silly-swirles.207-246-119-197.plesk.page # Reference: https://app.validin.com/detail?type=hash&find=e760bb9ce1e83e274def380574509c7b9e9088ff#tab=host_pairs (# 2025-02-27) 139.180.205.23:443 45.32.115.128:443 64.176.226.182:443 95.179.156.122:443 gomyhalf.com microsoftasps.com symence.org # Reference: https://www.scrible.com/view/source/R2IO1C0L20LQG2MG3443K8O48P4CM20E:1424161239/ 139.84.137.63:443 192.142.18.42:443 193.56.255.214:443 37.120.239.33:443 boopainc.com chtq.net dsqurey.com emazemedia.com oossafe.com superdasqe.me api.emazemedia.com caba.superdasqe.me czs.superdasqe.me dscriy.chtq.net home.boopainc.com network.oossafe.com notes.oossafe.com updata.dsqurey.com # Reference: https://x.com/Cyberteam008/status/1899314534999019567 101.99.93.140:443 139.84.137.60:443 89.38.225.202:443 89.38.225.208:443 91.245.253.79:443 # Reference: https://x.com/smica83/status/1904134295087718450 # Reference: https://www.welivesecurity.com/en/eset-research/operation-fishmedley/ 162.33.178.23:443 168.100.10.136:443 192.46.223.211:443 78.141.202.70:443 googleauthenticatoronline.com api.googleauthenticatoronline.com # Reference: https://x.com/Cyberteam008/status/1909432343976091981 # Reference: https://www.virustotal.com/gui/file/7ad3331be038b43c1a19066f1e4edbe85dfb08596d70774a5e15480394626d39/detection 45.77.33.174:443 updatemic.com update.updatemic.com # Reference: https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad developers-cloudfare.us gjbopwmail.kozow.com gssllxqxqzyo.giize.com opwmail.kozow.com static.developers-cloudfare.us zngb.kozow.com # Reference: https://x.com/Cyberteam008/status/1910171025137934629 139.84.168.246:443 158.247.253.66:443 172.235.10.225:443 172.235.10.252:443 206.71.149.117:443 23.227.199.38:443 38.132.122.152:443 38.180.82.106:443 43.255.158.158:443 43.255.158.97:443 45.32.172.203:443 64.190.113.165:443 64.227.185.216:443 65.20.66.77:443 # Reference: https://x.com/Jane_0sint/status/1910650292342862257 # Reference: https://app.any.run/tasks/2c3b303a-b412-449e-b380-f1e7de76d452 154.31.217.200:443 # Reference: https://hunt.io/blog/keyplug-infrastructure-tls-certificates-ghostwolf-activity 103.146.230.130:443 103.146.230.165:443 103.146.230.183:443 103.226.155.96:443 103.226.155.98:443 103.234.96.167:443 103.244.148.80:443 108.61.159.145:443 111.180.200.74:443 114.55.6.216:443 13.124.47.148:443 13.209.204.54:443 13.214.160.122:443 13.214.172.25:443 13.214.203.53:443 13.228.200.171:443 13.250.182.175:443 139.180.145.193:443 139.180.153.109:443 139.180.188.174:443 139.180.189.81:443 139.180.211.30:443 139.180.213.58:443 139.84.175.197:443 149.28.130.130:443 149.28.131.126:443 15.168.60.114:443 154.12.87.168:443 154.92.16.198:443 158.247.203.247:443 158.247.234.25:443 158.247.245.229:443 158.247.251.91:443 158.247.253.114:443 173.209.62.187:443 173.209.62.189:443 173.209.62.190:443 18.142.113.169:443 18.142.162.202:443 18.143.183.217:443 18.163.6.115:443 202.182.121.16:443 202.79.173.211:443 202.79.173.220:443 202.79.173.228:443 205.185.121.28:443 207.148.71.45:443 209.141.36.195:443 3.0.139.139:443 3.1.206.135:443 3.38.151.172:443 36.255.220.179:443 38.55.24.53:443 39.106.32.186:443 43.130.61.252:443 43.201.51.16:443 43.249.36.84:443 45.137.10.166:443 45.137.10.37:443 45.148.244.220:443 45.32.101.56:443 45.32.125.90:443 45.76.150.120:443 45.77.34.88:443 47.245.60.81:443 47.245.99.137:443 47.92.204.81:443 5.188.34.87:443 51.79.177.23:443 54.151.200.128:443 64.176.50.30:443 64.176.51.12:443 64.176.83.46:443 65.20.69.6:443 65.20.70.52:443 65.20.78.204:443 65.20.78.223:443 65.20.79.14:443 65.20.79.156:443 65.20.84.44:443 66.42.49.65:443 67.43.228.18:443 67.43.228.19:443 67.43.228.20:443 67.43.228.21:443 67.43.228.22:443 67.43.234.149:443 67.43.234.150:443 8.209.255.168:443 8.213.131.120:443 8.218.156.56:443 8.219.191.81:443 8.222.220.3:443 8.222.243.185:443 88.218.192.22:443 # Reference: https://x.com/Tac_Mangusta/status/1828077441925157172 # Reference: https://www.virustotal.com/gui/file/3e8f51ec601e6e9c3aaafd3d156721fc85911544417d43f6b6c0b029a009c584/detection # Reference: https://www.virustotal.com/gui/file/9ed37a790ed5d90511d5b88140e531d789357e6fd745efba6a1ec0d42f20aeec/detection resource.infinityfreeapp.com # Reference: https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort # Reference: https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics cloud.msapp.workers.dev invasion-prisoners-inns-aging.trycloudflare.com pants-graphs-optics-worse.trycloudflare.com pubs.infinityfreeapp.com recall-addressed-who-collector.trycloudflare.com term-restore-satisfied-hence.trycloudflare.com ways-sms-pmc-shareholders.trycloudflare.com word.msapp.workers.dev # Reference: https://asec.ahnlab.com/en/91166/ 163.61.102.245:443 # Reference: https://hunt.io/blog/tracking-shadowpad-infrastructure-via-non-standard-certificates # Reference: https://www.virustotal.com/gui/file/e9bb6609ffe43c5c9a1617818097568a7e873aa1499d9f5e05c2c6c5ac8cb962/detection http://5.34.176.152 139.84.168.128:443 146.70.92.137:443 afsder.com alpha-els.com api.sourcedata.kuwannba.com az.performed12.com dsqueryonline.com fadfar.com foligni.it google.org.im img.shaduruanjian8.com imiul.com imjzo.com installation77.com kazakhtelecom.zzux.com kkdiscover.com kuwannba.com kzb.performed12.com m.shadurauanjian8.com mails.foligni.it micro.gay microsoft.kiwi.nz microsoft.performed12.com mirco.supermirco.us mircoo.supermirco.us ns.supermirco.us performed12.com power.installation77.com shaduranjian8.com shadurauanjian8.com shaduruanjian8.com sourcedata.kuwannba.com supermirco.us time.afsder.com time.kkdiscover.com turkeylahainasunset.com updata.dsqueryonline.com updata.installation77.com update.alpha-els.com update.imiul.com update.imjzo.com update.kkdiscover.com update.micro.gay update.performed12.com # Reference: https://blog.talosintelligence.com/knife-cutting-the-edge/ # Reference: https://github.com/Cisco-Talos/IOCs/blob/main/2026/02/knife-cutting-the-edge.txt ad.scgawj.com # Reference: https://x.com/nahamike01/status/2020407834119487677 # BANNER_0_HASH-HOST=10ee48a49205990adfa53d95d5e0fb09 # BANNER_0_HASH-HOST=b75392bd391b31c247d903d9612ba280 # BANNER_0_HASH-HOST=ea4257da522d5f2ba53e59c39b380d5e # BODY_SHA1-HOST=e760bb9ce1e83e274def380574509c7b9e9088ff # BODY_SHA1-HOST=eff78801ee5c100ae6d785b1e18767dbbce9a7f3 139.84.139.117:443 149.104.104.76:443 149.28.145.214:443 154.205.133.142:443 154.205.145.180:443 217.69.1.147:443 38.54.42.48:443 38.54.50.10:443 45.32.242.67:443 45.63.52.128:443 45.76.157.118:443 45.77.176.85:443 45.77.255.25:443 64.176.50.187:443 64.176.65.222:443 65.20.75.136:443 95.179.254.241:443 64.176.35.214.sslip.io cyberkaspersky.com dasdasgoogle.com dnssupportpc.com easymicrosoft.com getgooglecard.com gmailnews.net goldenclear.top googleminigames.com gxh191.top helpwebmicrosoft.com kasperskyprotect.com kasperskysecure.com mcafeeupdates.com mezigom.com microfastforbenden.com microsoftonedrive.help midtntoday.com networkpach.com quickmicrosoft.com rtku.lat sdbnasbnf.top topmicrosoft.com topmicrosoftmarketing.com ufsllcdxb-ae.com umbet.art zitanlodge.com bssllxqxqzyo.giize.com en.earthen.io ns1.dnssupportpc.com ns2.dnssupportpc.com smsvc.mooo.com update.networkpach.com vip.googleminigames.com 6ed123bf7c014f8597b97c1e88c9d7e1.ddns.gcloud.gg intanschools.py628fxjlk-gok67gvk2652.p.temp-site.link # Reference: https://app.validin.com/detail?find=https%3A%2F%2Fkaspersky.com%2Fads.txt&type=raw&ref_id=a73a038fe6c#tab=host_pairs (# 2025-02-09) kasperskyguard.co kasperskyguard.com kasperskyshield.co mesto-backtend-mp.nomoredomains.sbs mesto-frontend-mp.nomoredomains.sbs # Reference: https://threatfox.abuse.ch/browse/malware/win.shadowpad/ (# 2026-02-09) http://103.85.252.170 http://104.238.135.232 http://139.84.210.208 http://155.138.162.190 http://155.138.194.141 http://185.22.152.183 http://185.238.189.41 http://193.200.16.184 http://207.148.37.85 http://45.129.3.220 http://45.77.153.108 http://46.17.41.246 http://46.29.163.163 http://70.34.203.0 1.92.101.250:8000 1.92.101.250:8001 1.92.101.250:8002 1.92.101.250:8003 1.92.101.250:8004 1.92.101.250:8005 1.92.101.250:8006 1.92.101.250:8007 1.92.107.96:8000 1.92.107.96:8001 1.92.107.96:8002 1.92.107.96:8003 1.92.107.96:8004 1.92.107.96:8005 1.92.107.96:8006 1.92.107.96:8007 1.92.148.235:8000 1.92.148.235:8001 1.92.148.235:8002 1.92.148.235:8003 1.92.148.235:8004 1.92.148.235:8005 1.92.148.235:8006 1.92.148.235:8007 1.92.72.199:8000 1.92.72.199:8001 1.92.72.199:8002 1.92.72.199:8003 1.92.72.199:8004 1.92.72.199:8005 1.92.72.199:8006 1.92.72.199:8007 1.92.98.22:8000 1.92.98.22:8001 1.92.98.22:8002 1.92.98.22:8003 1.92.98.22:8004 1.92.98.22:8005 1.92.98.22:8006 1.92.98.22:8007 1.94.101.136:8000 1.94.101.136:8002 1.94.101.136:8003 1.94.101.136:8004 1.94.101.136:8005 1.94.101.136:8006 1.94.101.136:8007 1.94.125.147:8000 1.94.125.147:8001 1.94.125.147:8002 1.94.125.147:8003 1.94.125.147:8004 1.94.125.147:8005 1.94.125.147:8006 1.94.125.147:8007 1.94.137.47:8000 1.94.137.47:8001 1.94.137.47:8002 1.94.137.47:8003 1.94.137.47:8004 1.94.137.47:8005 1.94.137.47:8006 1.94.137.47:8007 1.94.2.18:8000 1.94.2.18:8001 1.94.2.18:8002 1.94.2.18:8003 1.94.2.18:8004 1.94.2.18:8005 1.94.2.18:8006 1.94.2.18:8007 1.94.30.121:8000 1.94.30.121:8001 1.94.30.121:8002 1.94.30.121:8003 1.94.30.121:8004 1.94.30.121:8005 1.94.30.121:8006 1.94.30.121:8007 1.94.96.137:8000 1.94.96.137:8001 1.94.96.137:8002 1.94.96.137:8003 1.94.96.137:8004 1.94.96.137:8005 1.94.96.137:8007 103.27.111.247:443 103.82.143.13:56891 103.85.252.170:443 104.167.16.95:8080 108.181.121.150:8083 110.41.14.216:8000 110.41.14.216:8001 110.41.14.216:8002 110.41.14.216:8003 110.41.14.216:8004 110.41.14.216:8005 110.41.14.216:8006 110.41.14.216:8007 110.41.169.151:8000 110.41.169.151:8001 110.41.169.151:8002 110.41.169.151:8003 110.41.169.151:8004 110.41.169.151:8005 110.41.169.151:8006 110.41.169.151:8007 110.41.22.9:8000 110.41.22.9:8001 110.41.22.9:8002 110.41.22.9:8003 110.41.22.9:8004 110.41.22.9:8005 110.41.22.9:8006 110.41.22.9:8007 110.41.56.186:8000 110.41.56.186:8001 110.41.56.186:8002 110.41.56.186:8003 110.41.56.186:8004 110.41.56.186:8005 110.41.56.186:8006 110.41.56.186:8007 110.41.63.167:8000 110.41.63.167:8001 110.41.63.167:8002 110.41.63.167:8003 110.41.63.167:8004 110.41.63.167:8005 110.41.63.167:8006 110.41.63.167:8007 112.26.72.6:8002 112.27.239.72:8002 112.27.239.72:8012 112.27.239.72:8032 112.30.118.6:8002 117.133.132.134:8002 117.133.132.135:8002 117.48.148.58:6951 119.3.251.25:8000 119.3.251.25:8001 119.3.251.25:8002 119.3.251.25:8003 119.3.251.25:8004 119.3.251.25:8005 119.3.251.25:8006 119.3.251.25:8007 120.46.221.103:8000 120.46.221.103:8001 120.46.221.103:8002 120.46.221.103:8003 120.46.221.103:8004 120.46.221.103:8005 120.46.221.103:8006 120.46.221.103:8007 120.46.76.213:8000 120.46.76.213:8001 120.46.76.213:8002 120.46.76.213:8003 120.46.76.213:8004 120.46.76.213:8005 120.46.76.213:8006 120.46.76.213:8007 120.46.93.223:8000 120.46.93.223:8001 120.46.93.223:8002 120.46.93.223:8003 120.46.93.223:8004 120.46.93.223:8005 120.46.93.223:8006 120.46.93.223:8007 121.36.196.101:8000 121.36.196.101:8001 121.36.196.101:8002 121.36.196.101:8003 121.36.196.101:8005 121.36.196.101:8006 121.36.196.101:8007 121.37.172.191:8000 121.37.172.191:8001 121.37.172.191:8002 121.37.172.191:8003 121.37.172.191:8004 121.37.172.191:8005 121.37.172.191:8006 121.37.172.191:8007 121.37.184.225:8000 121.37.184.225:8001 121.37.184.225:8002 121.37.184.225:8003 121.37.184.225:8004 121.37.184.225:8005 121.37.184.225:8006 121.37.184.225:8007 121.37.241.33:8000 121.37.241.33:8001 121.37.241.33:8002 121.37.241.33:8003 121.37.241.33:8004 121.37.241.33:8005 121.37.241.33:8006 121.37.241.33:8007 121.37.42.92:8000 121.37.42.92:8001 121.37.42.92:8002 121.37.42.92:8003 121.37.42.92:8004 121.37.42.92:8005 121.37.42.92:8006 121.37.42.92:8007 121.9.235.74:38002 123.249.11.137:8000 123.249.11.137:8001 123.249.11.137:8002 123.249.11.137:8003 123.249.11.137:8004 123.249.11.137:8005 123.249.11.137:8006 123.249.11.137:8007 123.249.83.110:8000 123.249.83.110:8001 123.249.83.110:8002 123.249.83.110:8003 123.249.83.110:8004 123.249.83.110:8005 123.249.83.110:8006 123.249.83.110:8007 123.60.109.41:8000 123.60.109.41:8001 123.60.109.41:8002 123.60.109.41:8003 123.60.109.41:8004 123.60.109.41:8005 123.60.109.41:8006 123.60.109.41:8007 123.60.12.240:8000 123.60.12.240:8001 123.60.12.240:8002 123.60.12.240:8003 123.60.12.240:8004 123.60.12.240:8005 123.60.12.240:8006 123.60.12.240:8007 123.60.12.89:8000 123.60.12.89:8002 123.60.57.205:8000 123.60.57.205:8001 123.60.57.205:8002 123.60.57.205:8003 123.60.57.205:8004 123.60.57.205:8005 123.60.57.205:8006 123.60.57.205:8007 123.60.87.106:8000 123.60.87.106:8001 123.60.87.106:8002 123.60.87.106:8004 123.60.87.106:8005 123.60.87.106:8006 123.60.87.106:8007 124.70.144.172:8000 124.70.144.172:8001 124.70.144.172:8002 124.70.144.172:8003 124.70.144.172:8004 124.70.144.172:8005 124.70.144.172:8006 124.70.144.172:8007 124.70.159.31:8000 124.70.159.31:8001 124.70.159.31:8002 124.70.159.31:8003 124.70.159.31:8004 124.70.159.31:8005 124.70.159.31:8006 124.70.159.31:8007 124.70.183.141:8000 124.70.183.141:8001 124.70.183.141:8002 124.70.183.141:8004 124.70.183.141:8005 124.70.183.141:8006 124.70.183.141:8007 124.70.211.119:8000 124.70.211.119:8001 124.70.211.119:8002 124.70.211.119:8003 124.70.211.119:8004 124.70.211.119:8005 124.70.211.119:8006 124.70.211.119:8007 124.70.24.54:8000 124.70.24.54:8001 124.70.24.54:8002 124.70.24.54:8003 124.70.24.54:8004 124.70.24.54:8005 124.70.24.54:8006 124.70.24.54:8007 124.70.25.220:8000 124.70.25.220:8001 124.70.25.220:8002 124.70.25.220:8003 124.70.25.220:8004 124.70.25.220:8005 124.70.25.220:8006 124.70.25.220:8007 124.70.6.168:8000 124.70.6.168:8001 124.70.6.168:8002 124.70.6.168:8003 124.70.6.168:8004 124.70.6.168:8005 124.70.6.168:8006 124.70.6.168:8007 124.71.106.171:8000 124.71.106.171:8001 124.71.106.171:8002 124.71.106.171:8003 124.71.106.171:8004 124.71.106.171:8005 124.71.106.171:8006 124.71.106.171:8007 124.71.110.242:8000 124.71.110.242:8001 124.71.110.242:8002 124.71.110.242:8003 124.71.110.242:8004 124.71.110.242:8005 124.71.110.242:8006 124.71.110.242:8007 124.71.183.120:8000 124.71.183.120:8001 124.71.183.120:8002 124.71.183.120:8003 124.71.183.120:8004 124.71.183.120:8005 124.71.183.120:8006 124.71.183.120:8007 124.71.219.161:8000 124.71.219.161:8001 124.71.219.161:8002 124.71.219.161:8003 124.71.219.161:8004 124.71.219.161:8005 124.71.219.161:8006 124.71.219.161:8007 124.71.40.146:8000 124.71.40.146:8001 124.71.40.146:8002 124.71.40.146:8003 124.71.40.146:8004 124.71.40.146:8005 124.71.40.146:8006 124.71.40.146:8007 124.71.46.172:8000 124.71.46.172:8001 124.71.46.172:8002 124.71.46.172:8003 124.71.46.172:8004 124.71.46.172:8005 124.71.46.172:8006 124.71.46.172:8007 124.71.59.199:8000 124.71.59.199:8001 124.71.59.199:8002 124.71.59.199:8003 124.71.59.199:8004 124.71.59.199:8005 124.71.59.199:8006 124.71.59.199:8007 124.71.68.111:8000 124.71.68.111:8001 124.71.68.111:8002 124.71.68.111:8003 124.71.68.111:8004 124.71.68.111:8005 124.71.68.111:8006 124.71.68.111:8007 124.71.82.204:8000 124.71.82.204:8001 124.71.82.204:8002 124.71.82.204:8003 124.71.82.204:8004 124.71.82.204:8005 124.71.82.204:8006 124.71.82.204:8007 13.115.238.220:443 134.185.92.226:8083 136.244.113.131:443 139.159.134.211:8000 139.159.134.211:8001 139.159.134.211:8002 139.159.134.211:8003 139.159.134.211:8004 139.159.134.211:8005 139.159.134.211:8006 139.159.134.211:8007 139.159.144.152:8000 139.159.144.152:8001 139.159.144.152:8002 139.159.144.152:8003 139.159.144.152:8004 139.159.144.152:8005 139.159.144.152:8006 139.159.144.152:8007 139.159.236.31:8000 139.159.236.31:8001 139.159.236.31:8002 139.159.236.31:8003 139.159.236.31:8004 139.159.236.31:8005 139.159.236.31:8006 139.159.236.31:8007 139.84.142.99:443 139.84.164.174:443 139.84.164.242:443 139.84.210.208:443 139.84.210.208:53 139.9.104.90:8000 139.9.104.90:8001 139.9.104.90:8002 139.9.104.90:8003 139.9.104.90:8004 139.9.104.90:8005 139.9.104.90:8006 139.9.104.90:8007 139.9.112.179:8000 139.9.112.179:8001 139.9.112.179:8002 139.9.112.179:8003 139.9.112.179:8004 139.9.112.179:8005 139.9.112.179:8006 139.9.112.179:8007 139.9.178.8:8000 139.9.178.8:8001 139.9.178.8:8002 139.9.178.8:8003 139.9.178.8:8004 139.9.178.8:8005 139.9.178.8:8006 139.9.178.8:8007 139.9.202.119:8000 139.9.202.119:8001 139.9.202.119:8002 139.9.202.119:8003 139.9.202.119:8004 139.9.202.119:8005 139.9.202.119:8006 139.9.202.119:8007 139.9.54.20:8000 139.9.54.20:8001 139.9.54.20:8002 139.9.54.20:8003 139.9.54.20:8004 139.9.54.20:8005 139.9.54.20:8006 139.9.54.20:8007 14.17.95.174:22000 141.164.42.5:443 149.28.78.189:42306 152.67.14.88:8083 154.205.139.12:443 154.90.63.250:443 155.138.162.190:8080 155.138.194.141:8080 155.248.216.246:8083 158.247.192.122:443 16.163.161.107:443 16.163.161.107:53 18.189.135.166:8083 192.121.162.90:443 192.124.176.43:443 194.15.112.204:443 195.133.5.224:443 20.42.105.243:8083 207.148.37.85:443 207.148.37.86:443 207.148.37.87:443 207.148.97.65:443 220.248.242.6:8002 220.248.253.6:8002 27.44.125.99:22000 27.44.204.122:22000 27.44.204.122:22001 27.44.204.122:22002 27.44.204.122:22003 27.44.204.122:22005 27.44.204.122:22007 27.44.204.126:22000 27.44.204.126:22001 27.44.204.126:22002 27.44.204.126:22003 27.44.204.126:22005 27.44.204.126:22007 27.44.204.13:22001 27.44.204.141:22000 27.44.204.141:22001 27.44.204.141:22002 27.44.204.141:22003 27.44.204.141:22005 27.44.204.141:22007 27.44.204.144:22001 27.44.204.147:22000 27.44.204.147:22001 27.44.204.147:22002 27.44.204.147:22003 27.44.204.147:22005 27.44.204.147:22007 27.44.204.159:22000 27.44.204.159:22001 27.44.204.159:22002 27.44.204.159:22003 27.44.204.159:22005 27.44.204.159:22007 27.44.204.160:22000 27.44.204.160:22001 27.44.204.160:22002 27.44.204.160:22003 27.44.204.160:22005 27.44.204.160:22007 27.44.204.167:22000 27.44.204.167:22001 27.44.204.167:22002 27.44.204.167:22005 27.44.204.167:22007 27.44.204.173:22000 27.44.204.173:22001 27.44.204.173:22002 27.44.204.173:22003 27.44.204.173:22005 27.44.204.173:22007 27.44.204.174:22000 27.44.204.174:22001 27.44.204.174:22002 27.44.204.174:22003 27.44.204.174:22005 27.44.204.174:22007 27.44.204.185:22000 27.44.204.185:22001 27.44.204.185:22002 27.44.204.185:22003 27.44.204.185:22005 27.44.204.185:22007 27.44.204.188:22000 27.44.204.188:22001 27.44.204.188:22002 27.44.204.188:22003 27.44.204.188:22005 27.44.204.188:22007 27.44.204.194:22000 27.44.204.194:22001 27.44.204.194:22002 27.44.204.194:22003 27.44.204.194:22005 27.44.204.194:22007 27.44.204.216:22000 27.44.204.216:22001 27.44.204.216:22002 27.44.204.216:22003 27.44.204.216:22005 27.44.204.216:22007 27.44.204.219:22002 27.44.204.219:22005 27.44.204.229:22001 27.44.204.229:22003 27.44.204.233:22000 27.44.204.233:22003 27.44.204.233:22005 27.44.204.233:22007 27.44.204.238:22000 27.44.204.238:22001 27.44.204.238:22002 27.44.204.238:22005 27.44.204.239:22000 27.44.204.239:22001 27.44.204.239:22002 27.44.204.239:22003 27.44.204.239:22005 27.44.204.239:22007 27.44.204.254:22000 27.44.204.254:22001 27.44.204.254:22002 27.44.204.254:22003 27.44.204.254:22005 27.44.204.254:22007 27.44.204.28:22000 27.44.204.28:22001 27.44.204.28:22002 27.44.204.28:22003 27.44.204.28:22004 27.44.204.28:22005 27.44.204.28:22007 27.44.204.52:22000 27.44.204.52:22001 27.44.204.52:22002 27.44.204.52:22003 27.44.204.52:22005 27.44.204.52:22007 27.44.204.55:22000 27.44.204.55:22001 27.44.204.55:22002 27.44.204.55:22003 27.44.204.55:22005 27.44.204.55:22007 27.44.204.61:22000 27.44.204.61:22001 27.44.204.61:22002 27.44.204.61:22003 27.44.204.61:22005 27.44.204.61:22007 27.44.204.68:22000 27.44.204.68:22001 27.44.204.68:22002 27.44.204.68:22003 27.44.204.68:22005 27.44.204.68:22007 27.44.204.76:22000 27.44.204.76:22001 27.44.204.76:22002 27.44.204.76:22003 27.44.204.76:22005 27.44.204.76:22007 27.44.204.85:22000 27.44.204.85:22001 27.44.204.85:22002 27.44.204.85:22003 27.44.204.85:22005 27.44.204.85:22007 27.44.204.86:22000 27.44.204.86:22001 27.44.204.86:22002 27.44.204.96:22000 27.44.204.96:22001 38.54.17.232:443 38.54.17.232:53 38.54.29.25:443 38.54.42.48:15000 38.54.79.170:443 38.54.79.249:443 38.60.199.60:443 38.60.208.184:443 38.60.250.74:8443 43.138.154.208:4430 43.246.208.207:8080 45.61.136.97:443 45.77.153.108:443 45.77.170.149:443 45.77.33.202:443 45.77.47.239:443 47.242.0.122:53 5.188.190.252:443 5.252.178.185:8080 51.195.209.197:8083 51.68.204.240:8083 52.194.253.134:443 54.160.16.115:8083 60.204.158.219:8000 60.204.158.219:8001 60.204.158.219:8002 60.204.158.219:8003 60.204.158.219:8004 60.204.158.219:8005 60.204.158.219:8006 60.204.158.219:8007 60.204.227.172:8000 60.204.227.172:8001 60.204.227.172:8002 60.204.227.172:8003 60.204.227.172:8004 60.204.227.172:8005 60.204.227.172:8006 60.204.227.172:8007 60.204.240.204:8000 60.204.240.204:8001 60.204.240.204:8002 60.204.240.204:8003 60.204.240.204:8004 60.204.240.204:8005 60.204.240.204:8006 60.204.240.204:8007 60.204.250.241:8000 60.204.250.241:8001 60.204.250.241:8002 60.204.250.241:8003 60.204.250.241:8004 60.204.250.241:8005 60.204.250.241:8006 60.204.250.241:8007 60.204.251.134:8000 60.204.251.134:8001 60.204.251.134:8002 60.204.251.134:8003 60.204.251.134:8004 60.204.251.134:8005 60.204.251.134:8006 60.204.251.134:8007 64.176.229.94:8443 64.176.35.214:443 64.176.50.187:8443 64.176.96.141:443 78.141.221.31:443 8.218.244.117:53 80.225.209.211:8083 89.106.207.114:443 app30.hema129.com app40.hema129.com bganmcza.top channels.openvista.ma cnt9.stayout.life commandidate.directory ec2-16-163-161-107.ap-east-1.compute.amazonaws.com fervent-curran.45-77-153-108.plesk.page gallant-pike.45-77-153-108.plesk.page grxcmoyh.top infallible-tereshkova.199-247-22-187.plesk.page ip-89-38-128-94-106854.vps.hosted-by-mvps.net jqvmwznu.top laodocument.com maxdesigns.top mgm4adminsi.com mhgxpcgd.top patch.updatesapi.com riwmztda.top smivsugd.top sv3.xxyybb.xyz wait.imiul.com xeaefryx.top xvaxzoac.top xxyybb.xyz