# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/ViriBack/status/1258898032336293888 # Reference: https://app.any.run/tasks/13a26710-a4b4-4ac6-8a32-e7f21792bfc3/ radiomeff.mk/panel/unlock.php # Reference: https://twitter.com/James_inthe_box/status/1260168976321015808 duluran.com/site/images/screen/ # Reference: https://twitter.com/Nocturnus/status/1268181441504071680 http://185.234.217.224 # Reference: https://twitter.com/reecdeep/status/1269894295596797953 # Reference: https://app.any.run/tasks/b341055e-52b5-4340-abcf-e6e6f0f196d6/ bestemys.com # Reference: https://twitter.com/JAMESWT_MHT/status/1270043287181762561 dextrotrading.com # Reference: https://twitter.com/James_inthe_box/status/1270354029319581697 ltrzgogrzsit.com # Reference: https://twitter.com/JAMESWT_MHT/status/1270980660732329985 # Reference: https://app.any.run/tasks/4ee91fbc-a285-4f15-b386-c2f23b2141b8/ triptihon.gr/panel/upload.php # Reference: https://twitter.com/reecdeep/status/1273935123910713346 # Reference: https://twitter.com/JAMESWT_MHT/status/1273950325960032256 # Reference: https://app.any.run/tasks/700a47f0-9a83-4a67-9e4c-3ff506841319/ 91.196.124.59:21 91.196.124.59:61181 geohydroconsult.com # Reference: https://twitter.com/reecdeep/status/1275030034265374726 # Reference: https://www.virustotal.com/gui/file/dba663c050e16ffaff9a51cab91ae670b3589727a140dbc0f3daa5971c915971/detection klisa.com.tr/south.vbs opticaoptigral.cl/voice.jpg # Reference: https://app.any.run/tasks/5fc1e550-5a42-4a9b-9641-06cb81998fb7/ emybests.com # Reference: https://www.virustotal.com/gui/file/0a24c768a70455ca66d7d5bb0659bba492a48d472dedf668f89d8c4eab021fa1/detection teamsheep.cc # Reference: https://urlhaus.abuse.ch/url/412466/ # Reference: https://app.any.run/tasks/fb7f6f46-4a4c-4bf2-89c0-09bac41481b4/ sadiqgill.com # Reference: https://twitter.com/ViriBack/status/1290010733699162113 # Reference: https://app.any.run/tasks/df5a7b21-a361-4764-b3ce-dfa6d46e7abd/ visionmoneymantra.com/os/panel/ # Reference: https://twitter.com/reecdeep/status/1290241659335323648 # Reference: https://app.any.run/tasks/087ab601-8a4e-4618-a089-b2b0eecccc15/ 67.215.233.8:21 67.215.233.8:58633 ftp.becommodal.com # Reference: https://www.virustotal.com/gui/file/abee98b273f8b2c4530af48e1022c15af3932f99ad4fd011b7c5e529c5ae6434/detection # Reference: https://www.virustotal.com/gui/file/7b3c1c1eb45a92f26141793b60671f5165caa7f1b10e24945574e0f185f2fde0/detection # Reference: https://twitter.com/anyrun_app/status/1295684768911302658 # Reference: https://app.any.run/tasks/774c4490-101b-4463-a31f-10f483ade258/ # Reference: https://app.any.run/tasks/20b00081-79f4-48c0-94c1-d9e82ccc1310/ # Reference: https://app.any.run/tasks/3f9050f3-2e2b-4eca-9732-07e185738595/ 94.127.7.174:21 94.127.7.174:30720 94.127.7.174:32074 94.127.7.174:33173 94.127.7.174:34902 94.127.7.174:38813 94.127.7.174:45931 94.127.7.174:46840 milebgd.mycpanel.rs paninoteka.si # Reference: https://twitter.com/luc4m/status/1291415487545372673 omantel.ml # Reference: https://twitter.com/ganeshnathan28/status/1297545739350966272 # Reference: https://www.virustotal.com/gui/file/a14e02811526f05fa3cb63d56b1b804a86812b9482216ef0133c618ad068e8e6/detection etatronds.xyz tiko.etatronds.xyz # Reference: https://twitter.com/ganeshnathan28/status/1297794454665953280 # Reference: https://www.virustotal.com/gui/domain/industrialspares.to/relations industrialspares.to # Reference: https://twitter.com/VirITeXplorer/status/1303608075434233856 ayudasaudiovisuales.co # Reference: https://twitter.com/JAMESWT_MHT/status/1303617803317129221 94.126.169.122:21 # Reference: https://twitter.com/reecdeep/status/1302909382452228096 # Reference: https://app.any.run/tasks/3cade84b-59eb-43af-9119-9ec5768e9ee2/ nankasa.com.ar solarproject.gr/A11.jpg # Reference: https://twitter.com/James_inthe_box/status/1305509852362338304 # Reference: https://app.any.run/tasks/010a8af5-97bd-4e27-961d-8d202a9d6f29/ # Reference: https://www.virustotal.com/gui/file/0d9409ad57ae998654661993b12a6434067419873eabc6ead3920ba0426290a8/detection ecigroup-tw.com # Reference: https://twitter.com/JAMESWT_MHT/status/1306472806947975168 servicesdesk.to # Reference: https://twitter.com/reecdeep/status/1311202749514756096 suite.kpechios.gr # Reference: https://twitter.com/JAMESWT_MHT/status/1311655217004457994 akinitaviotias.gr kbolias.gr kpechios.gr # Reference: https://twitter.com/reecdeep/status/1313029358903349248 studiosound.gr/F9.jpg # Reference: https://twitter.com/reecdeep/status/1313402231333572614 # Reference: https://app.any.run/tasks/b0be7542-f762-47a4-86d5-6e1767bb47c3/ modestinos2.com # Reference: https://twitter.com/reecdeep/status/1314150484257763328 jetfleet24.com/T5.jpg # Reference: https://twitter.com/reecdeep/status/1317021485848985600 hotelaretes.gr/V8.jpg # Reference: https://twitter.com/reecdeep/status/1318436698116816917 optovision.gr/4B.jpg # Reference: https://twitter.com/smica83/status/1323198014803054592 # Reference: https://app.any.run/tasks/039e7818-61ab-4638-8274-59f1f82ddbdc/ zoofashion.gr/J9.jpg # Reference: https://twitter.com/wwp96/status/1327453053788811265 # Reference: https://app.any.run/tasks/3e8c0034-f5a9-4df3-9a34-91881449f458/ pluscert.ro/7P.jpg # Reference: https://twitter.com/58_158_177_102/status/1328142336971272192 # Reference: https://app.any.run/tasks/05ca1254-66d3-42b5-a1f1-9ee9fa2da249/ sunlightgrace.eu/tsc/ # Reference: https://twitter.com/wwp96/status/1328332718971695104 # Reference: https://app.any.run/tasks/c8eb16a2-d690-46d4-8775-a8a457e02891/ risu.fi/D9.jpg 144.91.112.76:21 144.91.112.76:60154 # Reference: https://twitter.com/wwp96/status/1328341391613759488 # Reference: https://app.any.run/tasks/7f043ee2-f1f8-4ce1-8a0d-ca6690caf492/ bouinteriorismo.com/R9.jpg # Reference: https://twitter.com/wwp96/status/1331414353028014085 # Reference: https://app.any.run/tasks/2b95739f-9c1d-4792-b5e9-5fded54fa220/ blairllpuk.com/D1.jpg 162.221.185.10:21 162.221.185.10:43222 # Reference: https://twitter.com/wwp96/status/1336175823389421569 92.53.90.70:21 92.53.90.70:10399 # Reference: https://www.virustotal.com/gui/file/adb942876dd53f99ff21a0af91a0275eb7257901b56a115ce414d59eaabc703e/detection lmf-at.com # Reference: https://www.virustotal.com/gui/file/a569e5793e69419f3aaca83468fd9982fadf264833c32502b54fd4e0e15c6058/detection # Reference: https://www.virustotal.com/gui/file/b095032316de2f43af0557c35dd58ab254928f24a3b8e7cf4cf5c4dbac73ac56/detection server295.web-hosting.com # Reference: https://twitter.com/reecdeep/status/1348586685748170758 # Reference: https://app.any.run/tasks/7c515735-a525-4a28-8310-0a92b38b66f4/ # Reference: https://app.any.run/tasks/0e5cec43-36cb-4b8c-9f99-3eceb8773d4c/ 144.91.112.76:52170 sinetcol.co/D7.jpg # Reference: https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html # Reference: https://otx.alienvault.com/pulse/602d3c9c7078054d4492c9a2/ becasmedikal.com.tr/A5.jpg bouinteriorismo.com/R9.jpg hotelaretes.gr/V8.jpg jetfleet24.com/T5.jpg optovision.gr/4B.jpg risu.fi/D9.jpg sinetcol.co/A7.jpg sinetcol.co/D7.jpg topometria.com.cy/A12.jpg med-star.gr/panel/ # Reference: https://otx.alienvault.com/pulse/6035392eab4d19d868aff18b/ bradbo.life # Reference: https://twitter.com/JAMESWT_MHT/status/1367717868582957056 radiomeff.mk/panel/upload.php # Reference: https://www.virustotal.com/gui/file/3f14bb5f4408a63c818a760bba60b073b8c7446c9fda728ce8feaae46b55086b/detection 188.121.43.27:21 188.121.43.27:50134 # Reference: https://www.virustotal.com/gui/file/c21678f25f1b95169fb60b0c0676684e7bc5f75c9ffbf7b2c1dc36b17add37c6/detection a0706689.xsph.ru # Reference: https://twitter.com/reecdeep/status/1583109746688929792 /masslogg.deploy # Reference: https://www.virustotal.com/gui/file/040d22df3b3d64e28aad02f5b6ae5d84b355192d5bdf26a0cd0b448058f5d1ee/behavior harolds.ooguy.com # Reference: https://twitter.com/James_inthe_box/status/1686105825012768769 # Reference: https://app.any.run/tasks/53ea78b6-375f-4a31-b117-1d2dffb44c92/ 203.170.129.7:21 206.188.192.213:11650 206.188.192.213:21 51.68.11.192:17925 51.68.11.192:21 85.187.128.28:21 ftp.cluster003.ovh.net # Reference: https://www.virustotal.com/gui/file/07e7fb32c7f00921f3b80fcfc7d8d8ec70b7fbe9a4ed061ad43f69254b5cac1e/detection 185.106.92.64:4679 195.85.115.195:21 195.85.115.195:55137 # Reference: https://www.virustotal.com/gui/file/7f7e7ecc5777ca78874fa63b322b4f13558a702b110e8b52d564b8839dee96c6/detection 149.248.76.158:21 149.248.76.158:49442 149.248.76.158:50678 149.248.76.158:53430 149.248.76.158:55441 149.248.76.158:55948 149.248.76.158:57135 149.248.76.158:58920 149.248.76.158:60874 149.248.76.158:63475 # Reference: https://app.any.run/tasks/9a5f77ef-dbbe-439b-a0e2-82bf2ddc5677/ 185.31.121.136:21 185.31.121.136:56578 # Reference: https://www.virustotal.com/gui/file/be307a525707fca7481ddc34bc53ced48d072d4f033b6b33a4e80a050364053e/detection 141.136.34.78:21 183.81.164.154:21 202.172.25.11:21 46.246.4.5:3128 47.106.186.21:39746 47.115.6.72:3128 # Reference: https://x.com/smica83/status/1930595660056739933 # Reference: https://tria.ge/250605-ny6v2sbq2t/behavioral1 miniorangeman.com mail.miniorangeman.com # Reference: https://www.virustotal.com/gui/file/14687345d089a2694207f7d8bda6b5d6da585d7ead8d2bdb65493e1ee5228298/detection 94.154.172.199:587 maknpcg.asia # Reference: https://www.netresec.com/?page=Blog&month=2026-02&post=njRAT-runs-MassLogger # Reference: https://www.virustotal.com/gui/file/ea32ac24bd8dbac770beec79fa78d790a6156ceb5ff28d2bdba9b1f28a8b4628/detection mcnzxz.com cphost14.qhoster.net # Generic /mass/?/upload /panel/?/login