Skip to content

Instantly share code, notes, and snippets.

@BBcan177
Last active December 11, 2021 16:37
Show Gist options
  • Save BBcan177/bf29d47ea04391cb3eb0 to your computer and use it in GitHub Desktop.
Save BBcan177/bf29d47ea04391cb3eb0 to your computer and use it in GitHub Desktop.
pfBlockerNG Malicious Threats
185.14.31.9 # ROVNIX loader
61.67.114.73 # Regin
202.71.144.113 # Regin
203.199.89.80 # Regin
194.183.237.145 # Regin
94.23.58.217 # SoakSo
5.9.188.148 # Dridex - http://securityblog.s21sec.com/2014/11/dridex-learns-new-trick-p2p-over-http.html
46.4.232.200 # Dridex
37.1.208.21 # Dridex
108.61.198.191 # Dridex
188.40.240.20 # Dridex
37.1.215.144 # Dridex
188.116.40.35 # Dridex
80.79.114.72 # Dridex
78.140.164.160 # Dridex
54.84.136.229 # Dridex
130.209.101.62 # Dridex
209.54.58.186 # Cridex - http://stopmalvertising.com/malware-reports/analysis-of-dridex-cridex-feodo-bugat.html
91.121.162.48 # Cridex
89.31.144.214 # Cridex
89.188.121.106 # Cridex
72.249.190.70 # Cridex
50.56.200.226 # Cridex
212.111.1.212.226 # Cridex
194.28.132.33 # Cridex
173.203.208.139 # Cridex
5.135.28.118 # Cridex
37.187.156.123 # Cridex
62.76.44.174 # Cridex
46.165.241.0/24 # Cridex
80.94.160.129 # Dridex - http://stopmalvertising.com/spam-scams/fake-bh-live-e-tickets-for-peter-pan-lead-to-dridex.html
92.222.46.165 # Dridex
108.166.70.44 # Dridex
130.153.198.148 # Dridex
184.106.64.151 # Dridex
188.226.255.127 # Dridex
87.248.244.72 # Dridex
195.225.168.72 # Dridex
217.21.42.239 # Dridex
74.53.91.100 # Dridex
80.240.137.88 # Dridex
82.194.167.2 # Dridex
203.131.222.102 # US_CERT TA14-353A: Targeted Destructive Malware
217.96.33.164 # US_CERT TA14-353A
88.53.215.64 # US_CERT TA14-353A
200.87.126.116 # US_CERT TA14-353A
58.185.154.99 # US_CERT TA14-353A
212.31.102.100 # US_CERT TA14-353A
208.105.226.235 # US_CERT TA14-353A
198.252.73.124 # Zeus - http://blog.phishlabs.com/one-man-operation-leverages-phishing-and-browser-alerts-to-distribute-new-variant-of-zeus-banking-trojan
95.211.20.182 # Zeus
5.196.41.3 # http://www.cyphort.com/isc-org-infected/
95.211.226.158
93.179.68.167
149.12.71.2 # http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
190.242.96.212
190.60.202.4
195.128.235.227
195.128.235.231
195.128.235.233
195.128.235.235
195.81.34.67
202.95.84.33
203.150.231.49
203.150.231.73
210.81.52.120
212.61.54.239
41.222.35.70
62.216.152.67
64.76.82.52
80.77.4.3
81.31.34.175
81.31.36.174
81.31.38.163
81.31.38.166
84.233.205.99
85.112.1.83
87.255.38.2
89.18.177.3
103.41.124.0/24 # https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html
103.25.9.228
103.25.9.229
179.111.212.221 # http://vulnerabledisclosures.blogspot.ca/2015/03/large-botnet-exposed.html
81.149.12.77
89.156.44.210
38.108.61.227
37.110.214.124
86.126.135.242
80.82.64.201
112.211.182.241
125.62.97.218
95.31.88.21
37.139.6.7 # http://vulnerabledisclosures.blogspot.ca/2015/02/theory-utilizing-porn-sites-to-infect.html
80.82.65.0/24 # http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/
80.82.65.112 # Blocking full /24 for good measure
91.121.87.188
62.68.96.173
192.10.10.1
5.39.88.204
80.82.65.23
85.143.217.196 # http://blog.fox-it.com/2015/04/07/liveblog-malvertising-from-google-advertisements-via-possibly-compromised-reseller/
62.76.44.174
174.36.217.82
85.143.217.196
87.236.215.246 # http://www.securityweek.com/russia-linked-hackers-used-two-zero-days-recent-targeted-attack-fireeye
62.76.177.179 # https://blog.sucuri.net/ (Magento ShopLift in the Wild)
185.22.232.218
217.71.50.57 # https://www.recordedfuture.com/lizard-squad-analysis/
5.39.90.132
198.100.144.122
194.54.81.162 # http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
194.54.81.163
194.54.81.164
194.54.81.165
194.54.81.166
184.106.208.157
50.28.24.79
67.221.183.105
195.242.70.4
151.236.11.167 # http://blogs.cisco.com/security/talos/poseidon
185.13.32.132
185.13.32.48
31.184.192.196
91.220.131.116
91.220.131.87
185.82.216.86 # http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html
217.12.202.93
37.139.50.45
85.17.142.21 # http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malvertizing-campaign-leads-to-angler-ek-amp-bunitu-malware.aspx
95.211.58.100
95.211.233.121
46.183.216.247
110.201.214.114
110.201.5.111
31.173.52.225
85.17.142.21
80.242.123.211 # http://documents.trendmicro.com/assets/GamaPOS_Technical_Brief.pdf
80.242.123.144
185.61.138.148
76.73.47.90 # http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/
223.25.233.248 # http://www.volexity.com/blog/?p=158
66.172.11.207 # http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-leveraged-by-tsar-team/
97.75.120.45 # https://www.f-secure.com/weblog/archives/00002822.html
58.80.109.59
198.200.45.112 # http://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/
142.91.76.134
192.199.254.126
46.166.160.41 # https://www.trustwave.com/Resources/SpiderLabs-Blog/RIG-Reloaded---Examining-the-Architecture-of-RIG-Exploit-Kit-3-0/
49.143.192.221 # http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/
49.143.205.30
66.63.178.142
67.215.232.179
67.215.232.181
67.215.232.182
72.11.141.133
72.11.148.220
74.63.195.236
74.63.195.237
74.63.195.238
96.44.177.195
96.44.182.243
96.44.182.245
96.44.182.246
103.24.0.142
103.24.1.54
106.187.45.162
192.151.236.138
192.161.61.19
192.161.61.20
192.161.61.22
208.115.242.36
208.115.242.37
208.115.242.38
46.30.41.159 # https://blog.team-cymru.org/2015/06/poseidon-and-the-backoff-pos-link/
46.166.168.106
89.144.2.148
89.144.2.149
89.144.2.150
93.171.202.168
146.120.110.104
162.244.32.164
178.62.208.238
193.230.220.53
216.246.98.85
46.30.41.159
46.161.40.106
89.144.2.151
91.220.131.182
128.199.73.152
210.209.89.162 # http://research.zscaler.com/2015/08/chinese-cyber-espionage-apt-group.html
115.144.107.55 # https://heimdalsecurity.com/blog/security-alert-millions-exposed-internet-explorer-vulnerability/
182.253.220.29 # https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/?utm_content=15857818&utm_medium=social&utm_source=twitter
186.226.56.103
93.171.205.64 # http://research.zscaler.com/2015/08/neutrino-campaign-leveraging-wordpress.html
185.44.105.7
197.251.168.227 # http://www.threatgeek.com/2015/08/good-malware-never-dies-alienspy-reborn-as-jsocket-1.html
198.91.81.2
98.126.67.114 # http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/
68.68.105.174
98.126.121.202
173.254.223.24
192.52.166.115 # https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/
131.72.136.28
109.200.23.207
131.72.136.124
66.155.23.36
172.227.95.162
162.220.246.117
162.220.246.117
192.253.246.169
192.99.111.228
192.52.167.125
185.33.168.150
198.105.117.37
185.45.193.4
198.105.122.96
131.72.136.11
131.72.136.171
84.200.17.147
166.62.28.107 # http://www.scmagazineuk.com/googles-adwords-have-been-hijacked-by-crooks/article/441894/
192.126.126.64 # http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html
107.160.40.9
210.92.18.118 # http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-hunting-mr-black-ids-via.html
222.186.34.220
24.33.131.116 # https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-Fulfillment-Warehousing-Industry
24.148.217.188
27.109.20.53
37.57.144.177
42.47.213.123
45.64.159.18
46.174.237.115
63.248.156.246
65.33.236.173
67.207.229.215
67.221.146.67
67.221.146.107
67.221.147.66
67.221.147.103
67.221.156.105
67.221.156.165
67.221.156.216
67.221.195.6
67.222.201.61
67.222.201.222
68.70.242.203
69.9.204.114
69.27.57.164
69.144.171.44
72.175.10.116
72.230.82.80
73.38.228.117
77.48.30.156
78.8.9.55
78.8.174.25
78.72.233.105
78.108.101.67
82.100.4.60
82.115.76.211
82.160.64.45
83.241.176.230
84.54.191.170
85.135.104.170
87.249.142.189
89.140.63.207
89.161.51.115
89.174.116.76
89.239.120.43
91.232.45.40
91.232.45.149
91.238.241.26
91.239.244.187
91.246.105.164
94.40.82.66
94.141.130.9
103.230.220.8
109.86.226.85
109.87.63.98
109.199.11.51
112.133.203.43
114.30.73.130
115.119.250.245
142.47.213.123
150.129.48.147
150.129.49.11
150.129.49.139
150.129.49.162
173.185.166.94
173.216.247.74
173.248.31.6
173.252.48.79
173.252.50.124
176.101.135.103
176.120.201.9
180.233.123.210
181.112.153.202
181.174.91.90
184.190.64.35
185.74.84.55
185.89.64.160
186.46.142.66
186.68.94.38
188.120.194.101
188.125.38.100
188.255.154.180
193.189.77.76
194.28.191.245
195.117.104.102
195.154.105.117
195.154.106.76
195.191.34.245
197.149.90.166
197.210.199.21
203.115.103.27
203.129.197.50
206.116.171.216
206.123.58.42
206.123.60.93
206.222.25.58
208.117.68.78
208.123.135.106
209.27.49.117
212.109.179.197
212.182.101.2
213.92.138.154
213.92.204.37
216.57.165.182
217.12.202.99
188.40.106.84 # http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf
188.40.75.132
188.40.81.136
192.254.132.26
54.255.143.112
182.62.211.45 # Foxit Ponmcup - A giant hiding in the shadows v1.1 November, 30, 2015
185.17.184.249
214.66.10.71
217.23.3.243
217.23.3.244
217.23.3.249
232.187.207.67
26.252.164.23
28.16.103.211
62.212.68.230
78.109.28.248
78.109.28.249
78.109.28.250
85.17.133.193
85.17.133.194
89.172.227.240
93.115.88.220
95.211.240.193
95.211.240.194
45.63.13.175 # https://blog.malwarebytes.org/malvertising-2/2015/12/spike-in-malvertising-attacks-via-nuclear-ek-pushes-ransomware/
104.131.212.117
31.184.192.206 # http://www.threatgeek.com/2015/12/the-many-paths-to-angler.html
31.184.192.197
31.184.192.216
31.184.192.202
85.143.220.153
85.143.217.31
85.143.219.167
85.143.220.95
85.143.216.253
85.143.220.44
85.143.220.18
85.143.219.200
85.143.220.109
85.143.217.50
85.143.219.77
85.143.219.65
85.143.219.232
85.143.219.163
178.33.200.161
188.227.74.75
188.227.19.86
85.143.217.191
212.116.121.51
46.161.2.73
185.104.8.50
5.9.212.53 # http://researchcenter.paloaltonetworks.com/2015/12/proxyback-malware-turns-user-systems-into-proxies-without-consent/
5.79.85.212
46.38.51.49
46.165.193.67
46.165.222.212
46.165.223.193
62.75.255.52
69.64.32.110
85.17.30.89
91.121.193.50
91.185.215.137
93.189.40.164
93.189.42.9
93.189.42.43
104.238.173.238
108.59.9.15
185.72.244.171
185.72.246.23
194.247.12.11
194.247.12.49
213.229.102.157
217.172.179.88
14.4.0.0/15 # http://www.spamhaus.org/news/article/726/verizon-routing-millions-of-ips-for-cybercrime-gangs
14.6.0.0/15
42.128.0.0/12
42.160.0.0/13
42.168.0.0/13
43.250.64.0/22
103.41.180.0/22
116.129.0.0/16
116.132.0.0/15
116.136.0.0/15
116.138.0.0/15
116.140.0.0/15
116.142.0.0/15
116.148.0.0/15
116.150.0.0/16
116.152.0.0/15
116.156.0.0/14
116.160.0.0/14
116.164.0.0/14
116.168.0.0/15
116.179.0.0/16
116.184.0.0/13
120.46.0.0/15
120.48.0.0/15
155.40.0.0/16
192.185.21.183 # https://heimdalsecurity.com/blog/security-alert-exploit-kits-activity-spike-packs-improved-payloads-new-servers-predilection-flash-player/
78.24.220.229 # https://heimdalsecurity.com/blog/security-alert-fileless-kovter-teams-modular-corebot-malware-irs-spam-campaign/
213.136.92.111 # http://research.zscaler.com/2016/01/yet-another-signed-malware-spymel.html
188.138.68.30 # https://blog.malwarebytes.org/malvertising-2/2016/01/malvertising-campaign-via-pop-under-ads-sends-cryptowall-4/
93.190.143.110 # http://www.talosintel.com/angler-exposed/
93.190.138.162
95.211.162.166
# http://www.talosintel.com/files/additional_resources/angler_exposed/sept_ips_final.txt
104.207.130.65
104.238.185.98
104.238.191.3
104.45.9.15
108.61.177.149
109.234.38.86
144.76.143.121
144.76.172.201
148.251.98.68
151.80.201.165
185.117.72.109
185.117.72.111
185.117.72.112
185.117.72.113
185.117.72.114
185.49.68.102
185.49.68.136
185.77.129.140
185.77.129.142
185.77.129.180
185.77.129.183
185.77.129.192
185.77.129.216
185.77.129.224
185.77.129.244
185.82.200.117
185.82.200.225
188.120.226.224
188.120.226.226
188.120.236.206
188.120.236.212
188.120.236.228
188.120.242.147
188.120.243.138
188.120.247.192
188.138.105.124
188.138.57.179
188.138.57.73
188.138.70.112
188.227.16.107
188.227.19.72
198.204.226.244
198.204.226.245
198.204.226.246
207.182.129.154
207.182.129.158
207.182.130.187
207.182.130.188
207.182.130.189
212.109.219.39
212.116.121.142
212.116.121.168
212.116.121.69
212.116.121.88
31.148.220.164
31.148.220.168
31.148.220.169
31.148.220.175
31.148.220.181
31.148.220.182
31.148.220.185
31.148.220.191
31.148.220.234
37.220.14.235
45.32.237.204
45.40.133.180
46.165.199.230
46.165.223.160
46.165.247.178
46.165.247.179
46.28.55.116
5.63.150.138
51.254.116.93
52.11.202.209
62.109.13.72
62.109.14.87
62.109.28.111
62.109.5.12
62.109.8.231
62.75.203.106
64.79.70.202
64.79.70.203
64.79.70.204
64.79.70.205
64.79.70.206
64.79.87.170
64.79.87.171
64.79.87.174
66.199.240.244
74.63.253.82
74.63.253.83
74.63.253.84
82.146.34.94
82.146.43.174
85.17.15.33
85.17.214.61
85.25.102.3
85.25.104.142
85.25.104.153
85.25.43.230
85.25.79.185
85.25.79.186
85.25.79.187
85.25.79.188
86.105.235.18
86.105.235.44
86.105.235.56
86.105.235.60
86.105.235.81
86.105.235.96
87.117.226.14
92.63.101.211
93.115.240.158
95.211.104.193
# http://www.talosintel.com/files/additional_resources/angler_exposed/july_ips.txt
5.1.82.186
5.79.85.235
5.79.85.241
5.79.85.242
5.135.16.205
5.196.183.76
5.196.183.77
45.34.75.102
45.64.105.43
46.4.213.132
46.4.213.133
62.109.13.130
62.109.14.244
62.109.15.242
62.109.24.231
62.109.30.119
62.109.30.123
62.109.30.124
63.143.53.46
64.79.70.148
69.162.64.154
69.162.64.155
69.162.64.156
69.162.64.158
69.162.66.70
69.162.73.90
69.162.73.91
69.162.73.92
69.162.73.93
69.162.73.94
69.162.76.35
69.162.76.36
69.162.76.38
69.162.86.34
69.162.86.36
69.162.86.37
69.162.86.38
69.162.89.27
69.162.89.28
69.162.89.29
69.162.89.30
69.162.90.107
69.162.90.108
69.162.112.181
69.162.112.182
69.162.116.123
69.162.116.124
69.162.116.125
69.162.116.126
69.162.116.253
69.162.116.254
74.63.217.218
74.63.217.219
74.63.217.220
74.63.217.221
74.63.217.222
74.63.237.178
74.63.237.179
74.63.237.180
74.63.237.181
74.63.237.182
78.46.252.108
78.46.252.109
78.46.252.110
82.146.39.182
82.195.144.49
85.17.72.3
85.17.72.4
85.17.72.5
88.198.54.212
92.63.103.178
92.63.103.179
94.131.14.33
94.131.14.34
94.131.14.35
94.131.14.36
94.131.14.37
94.250.248.138
104.238.189.68
104.238.189.212
128.199.188.214
136.243.96.94
136.243.210.198
136.243.211.78
148.251.49.239
148.251.133.230
148.251.167.52
148.251.167.57
148.251.167.60
148.251.167.62
148.251.167.97
148.251.167.98
148.251.167.99
148.251.167.100
148.251.167.102
148.251.167.104
148.251.167.105
148.251.167.106
148.251.167.107
173.0.51.81
173.244.164.54
176.9.35.148
176.9.245.138
176.9.245.139
176.9.245.140
176.9.245.141
176.9.245.142
178.63.173.165
178.63.173.166
185.43.220.56
185.43.223.162
185.43.223.163
185.43.223.164
185.43.223.165
185.48.56.76
185.48.57.64
185.48.57.105
185.48.58.51
185.48.58.52
185.48.59.76
188.120.232.41
188.120.232.46
188.120.233.175
188.120.236.58
188.120.236.59
188.120.247.21
188.120.247.117
188.120.247.161
206.190.134.188
206.190.134.189
206.190.134.190
207.182.159.219
209.190.51.210
209.190.51.212
209.190.51.213
209.190.51.214
213.136.76.36
216.144.244.147
216.144.244.148
216.245.209.2
216.245.209.4
216.245.209.5
216.245.209.6
216.245.213.138
216.245.213.139
216.245.213.141
216.245.213.142
216.245.218.27
216.245.218.28
216.245.218.29
216.245.218.30
# https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf
103.25.58.218
199.255.138.38
199.255.138.43
204.152.219.120
204.152.219.70
204.45.207.49
204.45.207.53
212.7.208.71
212.7.208.86
212.7.208.88
212.7.218.136
213.184.126.142
213.208.129.204
213.208.129.211
213.208.129.218
213.208.129.220
213.208.152.218
216.107.152.237
216.185.114.219
216.38.2.192
216.38.2.216
216.38.8.189
23.105.128.147
23.105.128.148
23.105.131.155
23.105.131.188
23.105.131.209
23.227.196.198
23.227.196.207
23.227.199.118
23.227.199.121
23.227.199.72
23.231.23.182
31.171.155.72
46.151.208.242
46.20.33.104
46.20.33.76
5.187.34.231
5.254.106.208
5.254.106.251
5.254.112.21
5.254.112.24
5.254.112.36
5.254.112.56
5.254.112.60
5.79.79.67
5.79.79.70
50.7.199.164
51.254.21.25
67.215.4.74
67.215.4.75
67.215.9.231
67.215.9.232
67.215.9.235
69.65.7.141
79.172.242.87
79.172.242.97
91.236.116.105
91.236.116.136
94.156.219.237
95.140.125.35
95.140.125.37
95.140.125.46
95.140.125.62
95.140.125.76
95.140.125.85
# https://www.anomali.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi
45.63.71.150
# http://www.deependresearch.org/2016/02/jan-feb-2016-domains-associated-with.html
162.247.12.207
# https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
91.232.29.83
179.43.160.34
# http://www.welivesecurity.com/2016/03/30/meet-remaiten-a-linux-bot-on-steroids-targeting-routers-and-potentially-other-iot-devices/
185.130.104.131
185.130.5.201
185.130.5.202
# https://www.fireeye.com/blog/threat-research/2016/03/surge_in_spam_campai.html
188.138.88.184
31.41.47.37
5.34.183.136
91.121.97.170
# http://blog.talosintel.com/2016/04/nuclear-tor.html
188.166.27.134
# https://blog.sucuri.net/2011/03/brenz-pl-is-back-with-malicious-iframes.html
91.188.59.197
# Qbot https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9
162.144.12.241
181.224.138.240
188.227.16.59
188.227.18.185
193.111.140.236
46.30.43.188
46.30.43.213
50.87.150.203
69.195.124.60
85.25.210.196
# https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.html
220.128.223.75
31.168.144.18
84.11.146.62
94.70.155.253
# https://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html
185.130.7.22
# http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-spreads-flash-windows-kernel-exploits/
202.102.110.204
# https://blogs.forcepoint.com/security-labs/jaku
101.99.68.5
43.252.36.195
103.13.229.20
27.254.44.207
202.142.223.144
27.254.96.222
27.254.55.23
27.254.96.223
202.150.220.93
91.44.233.77 # SAPHARUS-PC
# http://threatglass.com/malicious_urls/popbest-net
# https://malwr.com/analysis/ZTgzZjViMzI5OGQzNDc1ZDkwN2JjMjFlNjAyNTY5YTM/
85.93.0.0/18
# http://malware-traffic-analysis.net/2016/05/09/index.html
185.118.66.154
82.141.230.141
104.193.252.241
162.244.34.11
188.138.105.185
# http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/
31.184.197.69
31.44.191.251
79.117.151.236
46.161.40.11
191.101.31.126
87.249.215.196
# https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-Vu
207.244.95.42
83.149.99.43
212.200.96.25
212.227.162.50
50.31.146.101
# https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
217.23.13.153
# https://www.microsoft.com/en-us/download/details.aspx?id=51956
200.61.248.8
209.45.65.163
190.96.47.9
192.192.114.1
61.31.203.98
# https://twitter.com/Techhelplistcom
212.7.208.81
211.75.82.207
128.199.246.105
210.65.11.155
86.130.166.5
105.184.215.209
92.27.245.158
86.135.163.38
81.136.142.29
86.139.81.45
200.74.241.151
14.97.18.93
14.99.8.219
165.255.60.173
203.45.13.29
5.2.145.23
68.200.154.229
70.164.35.105
72.27.189.56
78.146.221.200
86.175.137.132
89.230.226.187
174.34.164.106
8.254.200.222
185.82.216.45
107.6.184.117
5.101.152.96
192.185.222.20
212.227.33.186
193.9.28.13
62.212.95.69
14.97.199.78
14.99.144.160
24.37.152.62
66.116.1.87
67.197.181.63
68.235.139.37
72.27.40.48
75.106.84.242
75.154.173.79
75.164.106.249
76.164.64.111
86.135.141.72
86.147.208.204
88.122.10.129
89.230.226.192
96.58.197.43
99.236.206.72
122.62.188.136
206.188.254.60
216.18.198.229
216.45.83.67
109.123.114.197
109.123.114.198
185.38.184.0/24
109.168.95.40
88.86.117.154
213.205.40.169
107.181.187.12
178.63.238.188
69.195.129.70
176.99.4.16
176.57.209.57
176.57.209.25
193.218.145.32
212.109.219.162
85.17.82.122
185.66.9.184
185.36.102.39
104.171.113.104
46.16.188.17
104.145.234.84
195.254.135.18
178.170.189.57 # 744922229217992705
91.217.90.125
195.42.183.110
91.186.0.4 # 745324269354131456
77.221.130.6 # 747493850638213121
81.177.140.141
82.140.32.172
192.186.246.134
195.208.0.136
195.208.1.146
198.54.115.218
207.210.108.162
210.171.0.30
216.218.93.172
217.172.226.2
210.171.0.30 # 747436111430057984
217.73.226.220
107.6.169.61
86.106.30.71
107.180.24.238
217.73.226.220
67.227.166.55 # 746043420918046720
144.76.19.241
217.28.218.223 # 746012349316816896
194.67.201.123 # 747850693294198784
178.57.216.22
92.53.126.72
178.57.216.22
91.203.5.144
91.230.211.84
92.53.126.72
176.114.1.205
185.31.162.63
37.1.202.5 # 948295014634917889
217.23.13.20
91.209.70.107 # 976587805848756224
104.168.177.9 # 996976272357183489
162.219.250.21 # 998778509408522241
# https://twitter.com/_operations6_
185.141.25.108
178.63.238.185
51.254.181.120
212.109.219.31
204.11.58.39
14.156.32.77
118.179.198.66
80.68.177.153
178.254.62.11
93.170.253.80
168.227.171.254
112.140.176.15
77.232.66.157
46.30.46.218
149.255.62.53
194.58.121.186
196.41.123.34 # 742995019984994304
149.255.58.2 # 743399246112657408
104.255.35.102 # 743484787357278211
185.66.175.253 # 744823026135425024
85.93.0.0/24 # 744843960456257536
85.93.1.0/24
54.93.102.86
193.203.99.115 # 745622463132753920
91.219.29.41
195.114.0.86
81.169.145.159
195.114.0.86
184.168.143.94 # 745706140244258817
69.49.101.51
109.237.208.29
213.254.13.74
23.229.171.33 # 746330714765934592
80.109.240.71
93.170.123.219 # 748068104232665088
149.154.159.112
151.236.15.226
151.236.17.45
151.236.17.47
194.31.59.147
93.170.123.219 # 748134761999273985
149.154.159.125
151.236.17.45
# https://twitter.com/pancak3lullz
213.186.33.17
5.254.106.219
198.57.247.233
188.138.70.183
222.186.21.170
208.123.67.243
192.185.16.132
81.201.141.119
94.102.63.7
104.28.1.104
217.12.199.94
185.92.247.46
184.164.156.210
188.138.33.0/24
62.75.207.0/24
85.93.93.0/24
219.234.6.206
31.41.44.246
87.236.19.13
146.185.155.126
139.59.166.196
176.114.3.173
107.170.20.33
46.20.33.98
31.184.194.100
104.160.176.116
31.184.195.114
198.58.116.24
110.136.244.128
54.149.248.132
5.189.150.246
91.234.33.215
119.17.253.225
213.229.118.3
72.29.175.234
66.96.133.9
196.12.12.88
91.199.120.147
50.87.114.63
91.206.31.136
5.196.199.235
5.101.174.170
185.58.227.227
212.47.208.0/24
84.245.33.104
108.175.157.102
158.85.253.245
193.200.80.26
220.130.183.13
220.130.196.145
185.118.164.42
85.25.160.124
209.126.120.8
104.193.252.236
93.190.141.27
207.182.148.92
85.25.79.211
95.211.205.228
192.169.190.97
5.199.141.203
192.169.189.167
95.211.205.218
85.171.195.89
54.186.122.88
194.149.138.49
168.235.72.204
82.13.46.90
33.38.160.238
59.116.23.197
70.58.60.21
21.221.249.200
21.26.242.199
184.11.83.2
90.253.197.36
108.222.64.168
102.247.192.26
5.154.240.145
98.45.51.8
165.203.213.15
9.166.23.197
203.124.118.1
23.94.97.5
217.219.107.150
46.165.228.119
92.243.29.148
24.71.248.218
198.143.180.166
67.102.190.171
93.190.69.10
109.237.111.168
192.121.16.196
185.82.216.213
46.108.39.224
31.184.197.126
78.47.110.82
91.226.93.113
91.219.29.64
89.32.40.0/24
81.177.141.229
54.68.74.174
185.108.128.5
92.222.5.193
193.132.119.122
188.165.157.176
83.217.8.155
95.154.199.55
103.255.60.221
179.43.133.37
208.67.1.9
208.67.1.62
208.67.1.182
217.29.58.163
185.29.11.188
69.30.204.13
91.134.169.86
213.171.218.186
185.117.75.131
200.144.182.130
178.79.190.156
192.185.14.130
209.239.114.139
185.117.75.170
148.81.111.121
193.166.255.171
178.32.208.148
192.185.21.133
195.20.44.109
83.69.233.121
185.27.134.216
89.45.67.200
181.215.236.213
212.92.57.70
176.9.174.220
178.32.208.147
158.69.9.184
65.117.69.231
63.77.93.12
181.60.142.27
200.76.89.52
175.110.116.248
201.6.125.231
189.203.180.24
187.223.245.220
175.106.14.186
5.42.240.18
213.233.85.50
179.43.160.68
23.229.153.132
78.129.205.2
72.167.252.88
67.222.1.10
207.154.33.12
31.184.233.109
94.177.249.150
95.213.192.70
195.211.153.40
85.93.5.0/24
192.42.116.41
54.200.80.127
68.169.62.24
82.196.6.143
91.233.244.103
112.78.2.141
195.16.127.157
23.21.187.40
82.25.194.116
74.208.133.234
146.0.42.68
104.193.252.245
103.56.157.90
200.0.24.42
222.124.202.178
46.180.7.231
195.16.127.102
112.175.184.65
50.116.32.177
104.168.188.170
213.186.33.82
43.250.226.174
42.60.60.157
160.176.170.32
52.28.240.134
160.153.51.64
111.74.238.109
43.248.9.100
88.198.69.43
58.221.36.235
45.34.191.159
58.221.44.4
88.198.69.43
117.21.224.222
58.221.44.37
216.121.96.21
125.88.186.67
118.99.23.184
31.11.33.35
58.215.79.72
52.51.20.225
183.60.202.97
82.195.224.108
210.253.108.243
141.8.224.221
92.53.96.57
185.154.12.134
124.158.10.82
31.177.94.109
188.42.242.67
188.42.242.91
188.42.244.218
112.78.2.43
110.164.126.64
112.175.184.65
82.165.25.210
195.22.28.197
144.76.106.114
142.0.138.222
128.31.0.39
91.216.107.195
220.165.9.89
23.229.221.104
128.31.0.39
162.144.156.241
185.93.108.132
91.220.131.68
144.76.249.26
92.53.121.171
93.171.202.176
96.90.244.189
213.157.215.229
178.79.190.156 # 737325985327022080
50.116.32.177
173.230.158.166
183.61.165.228 # 743123575146586112
94.126.171.211 # 743116839689953280
185.27.134.171 # 744942079055376384
93.171.202.176 # 744928763012653058
185.20.186.51 # 745270229580800000
95.128.201.170
46.4.105.20
91.216.163.91 # 745266950486495232
217.146.69.1 # 745263747015540737
162.253.41.144 # 745619915336409088
204.16.169.2
162.253.41.87
141.6.226.14
216.244.80.92 # 745613248838270980
200.219.245.117
74.91.236.57 # 745685949259014147
213.226.246.120 # 745674128456192002
69.194.235.100 # 746821965801914368
89.42.39.67 # 746337709774430208
188.40.80.188 # 746402316316606464
160.153.35.5
64.31.54.150 # 746040971675131906
64.31.54.149
144.76.145.166
115.47.18.252 # 748153504615694338
88.86.120.181 # 748137296889675776
95.170.90.21
217.119.54.167
# https://www.proofpoint.com/us/threat-insight/post/abaddonpos-now-targeting-specific-pos-software
50.7.124.178
85.93.5.136
143.107.42.227
85.15.231.195
31.170.164.228
115.239.229.196
222.163.80.69
111.74.238.109
# https://malwr.com/analysis/YTAxZWUwOTcyZjhhNGJkMzg4OWJlZDczMWViMzE3NDQ/
37.58.127.155
206.188.192.96
162.249.6.22
162.210.102.89
176.114.0.200
103.6.198.228
# http://malware-traffic-analysis.net/2016/05/12/index.html
69.162.126.171
144.76.82.19
# https://twitter.com/benkow_
46.22.145.57 # 743054179418185728
67.205.10.59 # 743817815971536896
112.251.5.107 # 744815941624594432
95.46.98.221 # 747450303172206593
192.232.216.115 # 745988568112316416
193.232.55.194 # 747813034006020096
# https://blog.sucuri.net/2016/05/test0test5-com-redirect-hack-new-wave.html
199.48.227.25
# https://myonlinesecurity.co.uk/spam-malware-attached-picture-from-scanner-copier-at-your-own-email-address/
81.88.48.79
# https://labs.opendns.com/2016/05/16/black-hat-2016-fast-flux-ssl-unique-popular-bulletproof-hosting-option-cyber-criminals/
109.86.110.190
# https://twitter.com/MalwareKiwi
185.56.82.82
# https://twitter.com/ConradLongmore
37.130.229.96/28
209.190.96.232/29
138.201.162.164
85.93.0.0/24
80.82.64.0/24
188.165.157.176/30
45.63.25.106 # 743818662730170368
83.217.27.178 # 744840846822932480
217.12.223.88 # 747408709349941248
195.123.209.227
185.82.216.61
91.219.29.41 # 745915370402385921
217.12.223.88
195.123.209.227
193.203.99.111
195.208.0.136
212.46.196.141
93.170.123.219 # 748134670466949120
149.154.159.125
151.236.17.45
151.236.17.47
194.31.59.147
# https://www.virustotal.com/en/file/e6d3c977810949624807c50cdd732e4a08c0561ee3b3c857421933dcc2db7119/analysis/1463485866/
125.212.220.11
# https://www.virustotal.com/en/file/5962c039820c882e22dac13f9ea74c1763f8c7a95cf3be69902379506385e7f2/analysis/
103.230.189.210
46.249.199.87
50.63.60.96
68.169.148.133
74.92.81.105
86.139.85.163
86.149.0.206
# https://www.virustotal.com/en/file/070b7bd6fc066201724e854b79303c4963dd9d177b12b91d737b35d39b4efbcd/analysis/
217.12.199.151
107.181.174.15
93.170.169.52
# https://www.virustotal.com/en/file/bd5c2b7f75f629436ac8458c7d994d5246f5537571c865dd3dde9cb1a9401193/analysis/1463417415/
217.76.130.137
# https://www.virustotal.com/en/file/068c5a04584e0687bb57de1a3165f87dd9d9f4ef318eef6ef99eaa523dd7edce/analysis/
79.96.153.93
176.53.21.105
# https://www.virustotal.com/en/file/b42121af9bab7b66bab495a97128170a7536d10707ed47896865dcfc60a568f5/analysis/1463505756/
54.212.162.6
138.186.148.162
190.242.70.182
# https://www.virustotal.com/en/file/88bba2b3075c67a40a5b3f57e31ff52fbf82299e1983320998c686dd43e37838/analysis/1463514873/
24.199.222.250
12.109.210.123
12.227.176.187
14.96.182.161
14.97.53.204
165.255.100.201
197.96.139.253
216.106.253.76
5.2.130.10
67.22.207.161
72.27.187.107
74.207.137.87
76.171.201.163
82.109.41.179
89.116.116.118
43.225.53.214
37.59.128.65
# http://www.nyxbone.com/malware/SkidLocker.html
23.227.199.83
23.227.199.175
# https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered
93.170.168.60
# http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-campaigns/
141.105.69.251
160.202.168.105
191.101.239.161
217.28.218.217
45.30.53.96
46.32.254.136
50.125.238.102
52.74.127.205
64.235.33.221
93.111.155.134
# https://myonlinesecurity.co.uk/spam-malware-you-got-a-voice-message-whatsapp-delivers-locky/
92.63.87.48
89.108.84.155
# https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081
85.93.0.0/24
104.238.185.187
185.117.75.219
95.183.52.215
# https://virustotal.com/en/file/6133cc2d093c640753c2788cdea905963083d3861de7770fe332ad50eb4f7172/analysis/1463720462/
162.250.191.61
# https://www.virustotal.com/en/domain/wifi-spreader.ilovecollege.info/information/
109.18.250.24
# https://www.virustotal.com/en/file/c669e4b9da815fce109355c0052514513f9a27f8919eb1c61f080b421f0d6918/analysis/
101.187.28.8
12.109.210.112
135.26.29.213
14.97.225.11
14.99.13.19
206.223.199.159
222.255.121.202
24.8.213.200
64.203.222.43
72.35.204.239
75.67.214.42
82.140.160.54
82.152.47.41
86.147.175.243
96.93.247.161
206.217.196.88
91.184.55.145
# https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows?utm_content=buffera79ce&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
185.66.10.57
# https://twitter.com/JAMESWT_MHT
198.105.221.6
166.62.10.226
199.175.48.94
200.98.146.115
90.156.241.111
37.1.192.81
62.75.196.125
185.68.16.81
93.174.90.117
113.10.243.78
23.229.128.32
212.92.97.33
69.172.201.217
37.140.192.169
94.140.120.170
91.180.105.209
86.106.93.230
92.169.82.86
105.112.42.98
46.165.208.108
86.106.93.230
185.141.25.74
92.53.122.16
46.188.81.206
87.117.201.6
192.185.214.24
5.9.253.171
37.140.192.110
143.95.93.32
80.85.84.72
46.165.221.166
76.26.203.243
194.109.206.212
78.46.55.227
176.58.106.242
178.16.208.60
89.46.104.46
89.45.10.191
167.114.17.37
92.53.125.158
69.65.17.35
131.72.137.174
186.202.127.132
192.185.183.82
70.39.250.162
200.118.252.93
181.52.252.32
93.104.215.155
216.113.194.65
200.63.101.103
103.13.97.199 # 743059628867657728
178.236.74.50 # 743023672122822656
103.241.147.124 # 743057509037019136
62.149.128.157 # 743471054065123328
91.134.150.148
104.28.27.94
97.74.4.191 # 743444054097170432
72.167.131.76 # 743455443045990400
104.168.189.222 # 743376640693133312
107.180.26.72 # 743752583819341824
192.185.0.218 # 744813673328185346
195.230.101.113 # 744837104820232192
192.185.88.86 # 744799560434778112
62.149.128.151 # 744810775861047296
178.170.123.35 # 745173844235673600
62.138.152.170 # 747377681092644864
45.34.81.11 # 747367438954684416
192.254.189.64 # 747363951143432192
217.223.170.163 # 747361785716563968
192.185.216.145 # 747347456736792576
173.247.248.50 # 747342227643346944
104.152.110.255
173.247.251.159
173.247.244.73
205.134.255.7
173.247.252.221
202.191.62.205 # 747336632722849792
27.121.64.87 # 747336389323173889
202.191.62.219 # 747332868121100289
52.28.101.64 # 747326372792537088
50.63.25.127
38.113.1.157 # 746368509517631488
205.144.171.114
67.23.253.165 # 746349615721680896
50.63.25.127 # 746294157329731584
192.185.216.13 # 746276773227270144
200.129.163.16 # 746263640718839808
205.144.171.139
195.208.4.197 # 746252791681802240
188.225.76.139 # 746246198034599936
81.177.23.38 # 745895538780934144
138.201.154.135
104.255.35.102 # 745885202568847360
46.242.145.99 # 748142844582436865
# https://twitter.com/x0rz
200.98.174.16
200.74.240.117
2.50.41.54
14.96.64.6
41.189.45.58
67.7.100.241
67.197.110.60
68.235.137.123
92.222.204.59
121.245.156.167
138.201.44.19
140.186.100.71
107.180.41.45
198.58.93.56
203.124.114.1
198.57.136.155
83.145.194.172
198.57.236.4
192.185.162.175
114.215.155.227
209.202.252.50
192.185.216.39
198.252.101.221
46.252.149.140 # 743099521933168643
116.0.20.77 # 743095694274244608
103.53.199.99
92.53.96.66 # 742997894450565121
192.169.82.86 # 743056956303216640
67.231.20.80 # 743785701314072581
74.201.86.28 # 745599444637331456
198.50.156.106 # 745579173511585792
107.180.44.223 # 747422851658092544
46.166.164.252 # 747352399027789825
123.30.132.171 # 746357129431375872
69.89.31.178 # 746279975066603520
162.254.207.74 # 746256330181255168
79.170.40.36 # 747805953156866049 (pdns)
79.170.44.77
79.170.44.78
79.170.44.90
79.170.44.97
79.170.44.117
176.32.230.6
217.199.187.193
217.199.187.197
104.31.78.178 # 748159303257890817
104.27.144.175
# https://twitter.com/PhysicalDrive0
174.127.112.103
# https://twitter.com/malware_traffic
91.134.206.131
98.158.184.27
188.227.17.83
45.32.181.201
172.98.199.100
108.167.188.125 # 743472000455188480
104.223.114.15
146.185.181.235 # 746697153838387201
136.243.126.122 # 746531397267918848
184.154.146.157
212.231.129.64 # 746119373010534400
108.163.224.94
# http://www.cyphort.com/teepr-com-yet-another-top-alexa-site-spreading-ransomware/?utm_content=buffer7b017&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
217.23.6.40
# https://twitter.com/JaromirHorejsi
185.141.25.175
67.23.226.12
80.13.113.62
198.23.67.100
88.150.220.116 # 745249631609683968
208.97.176.242 # 745246981644255232
192.185.16.209 # 745987162768838656
185.45.193.36 # 745892893777334273
23.227.135.34 # 745885382307364864
74.208.147.184 # 747992449478332417
# http://blog.dynamoo.com/2016/05/phish-tnt-consignment-notification-via.html
87.106.178.108
# http://blog.dynamoo.com/2016/05/malware-spam-account-compromised.html
210.245.92.63
162.251.84.219
80.88.89.222
213.192.1.171
# http://blog.dynamoo.com/2016/05/malware-spam-please-find-attached-file.html
188.166.168.250
31.41.44.45
92.63.87.53
176.31.47.100
# http://blog.dynamoo.com/2016/05/malware-spam-i-have-attached-revised.html
188.127.231.124
31.184.197.72
92.222.71.26
149.202.109.202
# http://blog.dynamoo.com/2016/05/malware-spam-emailing-photo-05-11-2016.html
185.82.202.170
# http://blog.dynamoo.com/2016/05/malware-spam-as-promised-document-you.html
5.34.183.40
185.14.28.51
88.214.236.11
# https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
180.150.227.135
74.208.4.200
74.208.4.201
115.144.69.54
115.144.107.9
103.61.136.120
118.193.12.252
59.188.13.204
180.128.10.28
# http://phishme.com/paypal-customers-targeted-stealthy-html-attachment-phish/
123.56.206.251
203.195.235.135
58.10.74.221
82.78.169.138
122.155.197.70
103.63.135.225
140.121.102.112
123.59.80.208
181.49.142.143
94.102.49.33
81.95.13.41
188.68.235.69
# http://blog.dynamoo.com/2016/05/malware-spam-weekly-report-please-find.html
138.201.93.46
91.200.14.139
164.132.40.47
# https://twitter.com/criznash
46.166.162.225
46.30.43.54
# http://blog.dynamoo.com/2016/05/malware-spam-urgent-delivery-jobin.html
104.131.182.103
# https://twitter.com/sudosev
122.10.90.110
# http://malware-traffic-analysis.net/2016/05/26/index.html
178.62.235.45
50.21.187.40
# https://twitter.com/malwrhunterteam
50.115.165.110
148.251.249.99
208.91.198.0/23
198.54.114.220
92.53.96.16
185.119.173.25
123.1.153.150
138.201.22.85
103.55.24.7
85.204.49.128
45.32.21.193
62.102.148.181 # 743840080373092352
213.152.162.99
109.163.226.153
95.211.229.148
31.171.155.48
176.107.177.210
89.207.130.43 # 744821552496050176
192.185.0.218 # 744816701322076160
192.64.78.11
216.170.122.130
81.138.132.221
46.119.127.129
185.31.19.193
54.230.46.166
63.245.213.44
31.170.164.118
54.231.17.57
107.180.3.136
203.189.232.57
131.72.137.174
192.185.183.82
185.46.120.234
5.55.114.2
188.0.236.7
185.116.215.205
166.62.10.144 # 743158107757477888
143.95.76.213 # 743772250344726528
89.207.130.43 # 744828919459643396
93.125.99.45 # 744870385523499008
89.111.176.132
50.63.202.55 # 747345842575577088
50.63.202.52
107.180.27.234
50.63.202.34
166.62.26.27 # 747351832964435971
# https://twitter.com/dvk01uk
69.90.193.5
198.58.93.28 # 745312768060882945
104.244.124.101 # 747338551868547072
82.223.243.43 # 746030709706416128
5.2.228.65 # 746014861927161856
192.186.209.5 # 745654656479666176
177.12.163.97 # 745486375206588416
162.251.81.210 # 747505923309056001
190.14.38.161 # 748185277114396672
158.69.193.61 # 748226759628316672
# https://blog.mxlab.eu/2016/05/26/new-javascript-malware-re-copy/
188.93.229.73
# https://twitter.com/thedefensedude
5.152.199.70
37.140.192.214
46.102.232.140
69.16.243.28
79.98.24.9
81.19.186.131
85.9.56.193
85.17.87.153
89.146.221.106
94.73.146.179
101.0.77.74
103.7.8.45
104.131.101.154
108.179.252.59
125.212.248.6
149.202.49.120
166.62.27.59
166.62.28.104
166.62.28.112
176.223.121.193
177.70.27.149
177.185.192.136
188.116.19.98
188.166.41.182
188.241.117.134
191.101.152.144
192.163.252.46
192.254.189.252
195.208.1.161
202.52.146.56
210.48.153.240
217.160.230.183
217.198.115.56
91.218.89.74
188.165.157.176
208.73.210.214
184.168.221.1
89.31.72.177
64.69.219.91
185.14.56.96
149.115.19.219
64.124.16.204
27.254.33.31
50.87.144.196
142.4.60.226
103.6.198.219
94.73.146.80
23.229.189.110
144.76.82.6
204.232.192.84
94.73.151.190
160.153.77.2
123.242.226.30
46.226.47.21
91.239.232.79
187.17.111.104
109.248.33.212
216.55.149.9
# https://twitter.com/securityemploy
169.159.98.88
95.211.141.215
# http://malware-traffic-analysis.net/2016/05/27/index.html
109.95.159.1
# https://twitter.com/hasherezade
109.234.109.142
109.234.109.199
109.234.109.138
23.254.167.231
87.72.73.231
92.222.9.70
128.31.0.39
163.172.149.122
171.25.193.9
178.254.26.244
188.40.128.246
192.80.146.170
193.23.244.244
194.109.206.212
208.83.223.34
212.47.253.41
5.9.253.168
# https://twitter.com/Tears0fSky
90.7.200.200
92.142.115.63
# https://www.virustotal.com/en/file/40ea07c850897db3198c23eb2b2e056088f2325f2566b6dfb56678a093d5031b/analysis/1464372145/
5.39.70.7
23.229.130.200
23.229.210.128
24.131.207.220
45.33.123.139
45.56.70.171
46.38.190.12
46.101.146.228
46.237.127.3
49.50.76.239
50.62.82.12
50.62.218.1
50.63.49.1
50.63.181.19
50.87.32.83
54.79.59.85
54.232.82.35
69.89.31.162
69.89.31.189
69.195.82.219
70.40.199.215
74.208.9.32
78.129.161.19
78.153.216.155
81.169.137.204
85.159.67.205
90.156.201.83
94.73.146.30
95.85.58.75
99.198.116.211
103.7.40.140
103.15.49.21
103.53.168.220
104.131.76.239
104.151.72.116
104.238.74.65
107.180.4.152
107.180.41.126
107.180.50.237
108.163.206.185
108.163.240.17
109.74.8.64
112.213.89.97
128.65.195.64
134.0.10.46
134.0.15.116
144.76.95.27
158.69.180.179
160.153.43.193
160.153.45.1
162.13.176.213
162.144.120.200
162.210.102.200
162.243.69.163
166.62.10.35
166.62.28.96
166.62.28.109
166.62.28.111
166.62.28.116
166.62.28.132
166.78.76.248
173.82.21.210
173.254.41.32
178.159.7.57
184.106.55.69
184.107.174.122
186.202.153.26
186.202.161.96
187.45.195.177
188.65.117.70
188.213.20.188
192.111.157.127
193.46.83.106
193.200.255.37
198.1.102.252
198.57.169.13
198.58.82.148
198.58.93.8
198.143.153.132
203.162.96.80
203.185.28.41
205.147.98.130
205.251.133.203
# https://www.virustotal.com/en/file/1f68fce7f92364a22ef3bc3d21e12924d2b5cc69106ef21fdf21bd9a4cb65d15/analysis/
38.65.39.158
45.29.139.155
46.231.112.74
50.63.157.171
50.112.249.10
51.255.102.41
52.11.38.122
52.62.149.4
54.232.178.167
81.169.152.253
93.89.232.14
94.73.151.210
101.100.204.46
103.11.191.170
103.13.242.34
103.255.238.155
104.131.51.187
108.179.196.18
109.228.51.230
122.15.60.189
128.199.147.115
138.201.48.106
141.8.192.56
142.4.22.48
162.144.86.172
162.144.121.16
162.243.62.70
166.62.10.36
166.62.28.117
166.62.28.118
173.201.38.2
177.12.164.84
177.12.174.101
177.70.106.248
185.87.51.115
185.119.173.236
186.202.141.67
186.202.153.171
187.17.111.96
198.54.114.193
198.58.82.132
200.98.190.41
209.126.107.209
216.170.203.69
217.160.95.235
217.160.166.40
217.174.248.139
# https://heimdalsecurity.com/blog/torrentlocker-spoofs-telia-ransomware-attack/
54.218.66.17
54.192.46.49
# https://twitter.com/peterkruse
103.208.86.7
185.44.105.210
5.34.183.158 # 745624354814304257
51.254.24.48 # 745916790761488384
217.12.223.88
116.0.23.213 # 745526664889663488
107.180.40.0/24 # 768031024672538624
93.190.139.196 # 949686336335831041
# http://malware-traffic-analysis.net/2016/06/01/index2.html
173.201.92.1
173.201.243.128
192.230.81.211
208.109.52.233
192.185.225.245
142.54.230.137
# https://twitter.com/GossiTheDog
61.67.218.137
83.166.243.206 # 1042810441897000961
103.253.25.201
145.249.104.238
5.188.87.10 # 1053312410046611459
# http://malware-traffic-analysis.net/2016/06/01/index.html
23.96.52.53
27.76.200.236
46.30.46.6
68.171.129.152
78.96.223.247
86.101.172.244
88.247.23.60
94.111.35.133
103.62.255.92
104.40.211.35
112.201.214.21
115.73.16.161
120.63.221.199
122.160.166.241
122.163.24.91
122.163.193.181
123.28.166.92
176.113.145.235
180.183.195.29
184.173.167.98
202.91.73.186
111.121.193.242
# https://twitter.com/bartblaze
103.208.86.18
69.30.210.254 # 748132592550092801
92.222.66.214
149.202.242.80
208.67.1.15
# https://twitter.com/demonslay335
158.69.241.183 # Mixed
172.99.89.199
185.53.179.8 # 743106570217623552
# https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100
85.25.194.116
# https://www.proofpoint.com/us/threat-insight/post/malicious-macros-add-to-sandbox-evasion-techniques-to-distribute-new-dridex?utm_content=buffere7dd2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
173.254.28.35
23.239.206.87
192.186.204.105
93.170.141.22
45.32.246.100
45.32.149.66
142.126.57.60
154.58.222.139
206.114.64.228
70.212.173.116
96.3.53.77
14.99.114.250
14.97.218.67
82.120.94.63
68.238.144.42
# http://malware-traffic-analysis.net/2016/06/02/index.html
98.126.83.188
98.126.83.189
114.207.113.229
220.95.232.236
212.231.130.9
162.252.83.62
162.252.83.76
# https://www.virustotal.com/en/file/d378d1a2aae028e8aaa7640c79e7e3deda105f0f4f241f776617beb43ae1373f/analysis/
85.25.214.50
103.198.0.2
# https://twitter.com/christianpanton
85.93.5.139
# https://twitter.com/_jsoo_
# https://www.virustotal.com/en/ip-address/206.72.199.201/information/
206.72.199.201
# https://github.com/Daxda/malware-analysis/tree/master/malware_samples/LinuxNet_perlbot
173.208.245.170
146.0.36.68
217.172.189.70
5.9.152.208
75.127.10.40
78.46.59.13
# https://otx.alienvault.com/pulse/575579d7b1b78e0134101728
93.190.137.240
# https://otx.alienvault.com/pulse/575526aeb1b78e01341016c6
103.195.185.94
8.100.156.107
5.100.156.107
148.251.8.173
# http://malware-traffic-analysis.net/2016/06/06/index.html
45.32.183.118
67.215.187.94
5.200.55.117
104.238.171.123
# https://blog.fox-it.com/2016/06/07/linkedin-information-used-to-spread-banking-malware-in-the-netherlands/
107.171.187.182
# https://twitter.com/malekal_morte
5.135.111.139 # 742279720927121408
193.169.194.168 # mixed
104.20.68.21
52.84.27.148
198.134.112.232
173.192.117.206
174.137.155.139
62.210.192.114
5.200.55.51
46.30.46.27
5.9.5.184
69.172.201.153 # 743071753379938304
91.134.161.58
# https://sonar.labs.rapid7.com/
71.6.216.32/27
# https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool?utm_content=bufferce8cf&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
217.23.13.153
# https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear?utm_content=buffer19521&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
192.185.48.154
198.57.151.22
187.45.195.17
81.88.48.78
94.73.151.90
# https://twitter.com/malm0u53
185.53.179.6 # 742321153163825152
139.129.174.148 # 741998595210129408
195.208.1.104
46.30.212.49
92.53.118.117
185.127.27.215 # 740455432263729152
62.213.79.112
155.94.243.59
95.213.135.226 # 739038055466733568
167.114.182.29
5.8.63.31
185.96.94.210 # mixed
37.140.192.237
133.48.156.209
121.193.89.201
183.234.242.168
76.185.173.111
209.174.233.25
53.1.70.40
93.72.171.255
157.165.6.183
23.155.252.153
72.167.53.101
95.46.99.8
46.8.255.106
185.109.144.122
155.94.243.59
37.140.192.199
80.93.54.37
92.53.112.201
# https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141
45.32.183.118
# https://otx.alienvault.com/pulse/575782996eb8c60135a9e3c6
213.136.85.203
5.189.151.14
82.192.81.129
91.109.22.107
91.134.177.136
87.236.215.113
# https://twitter.com/da_667
91.134.177.136
43.240.13.59
192.64.81.136
# https://blogs.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript/
# https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26383/en_US/McAfee_Labs_Threat_Advisory-Ransomware-Locky.pdf
195.22.28.196
195.22.28.198
# https://riskanalytics.com/Dark_Cloud_Network_Facilitates_Crimeware.pdf
109.229.27.208
109.229.11.81
178.214.176.42
91.196.54.239
159.224.34.90
213.231.28.222
37.229.107.205
80.242.97.69
212.87.182.133
# BBcan177 Mail Spam IOCs
37.187.67.27
52.38.192.140
69.94.151.29
77.104.129.120
93.127.228.2
98.129.229.73
103.233.250.250
104.18.40.33
104.18.46.84
104.18.53.41
104.24.97.244
104.24.120.241
104.27.135.233
104.27.146.91
104.27.150.4
104.28.2.168
104.28.9.91
104.28.24.55
104.28.28.239
104.31.64.190
104.31.71.22
104.31.80.136
104.31.87.43
104.31.89.219
104.31.93.62
107.150.166.243
119.9.30.112
158.69.219.115
163.172.248.108
173.240.168.87
174.36.59.160
184.173.76.108
190.183.222.150
192.254.189.17
195.43.150.212
198.12.145.135
198.55.28.172
216.55.168.220
216.87.168.211
64.95.100.84
92.40.249.134
188.29.164.0/24
198.46.131.0/24
# https://www.virustotal.com/en/file/0c357e3d47167b7370ce5578bb25c4f1c8b1cd87dbd398ecc07bccdac5087aa1/analysis/
13.84.157.153
23.229.147.2
23.229.160.9
23.229.226.35
23.229.231.39
37.200.66.30
38.229.70.4
40.76.58.209
46.16.62.124
46.249.204.170
62.149.128.151
62.149.142.131
63.143.47.112
64.71.33.177
65.181.113.254
68.164.182.11
69.58.188.40
69.175.33.26
74.50.28.190
74.201.86.21
77.245.68.162
78.26.131.2
78.46.89.154
82.223.210.154
84.116.32.65
85.128.151.195
86.65.123.70
86.109.170.226
87.106.240.27
87.242.73.72
89.106.12.61
91.142.215.77
93.89.224.190
94.73.148.164
94.102.7.42
95.110.231.63
95.211.144.68
104.16.55.3
104.20.31.3
104.27.182.85
107.180.51.237
109.248.32.195
128.31.0.39
134.0.14.194
142.217.193.140
149.3.144.205
159.253.45.219
162.210.102.62
162.222.225.77
166.62.89.69
177.185.192.141
178.218.164.132
187.33.0.252
191.252.2.146
191.252.2.148
192.35.177.64
192.64.117.188
192.186.225.35
194.27.72.146
195.228.39.223
198.144.36.150
200.98.116.70
200.155.86.74
202.170.69.9
205.144.171.55
205.186.187.83
208.109.47.170
208.123.212.37
210.55.230.195
216.47.227.188
216.70.228.110
217.149.7.213
217.160.231.143
217.197.83.197
# https://twitter.com/InfoSec_DD
193.200.241.142
149.62.98.3 # 742855018793963520
# https://otx.alienvault.com/pulse/5758c4e8377bbb01340e895d
93.174.90.126
# https://www.zscaler.com/blogs/research/malicious-documents-leveraging-new-anti-vm-anti-sandbox-techniques
204.93.177.102
# https://isc.sans.edu/forums/diary/Searching+for+malspam/21145
46.173.92.4
62.149.132.43
62.149.140.183
65.181.113.29
65.181.113.187
95.215.46.153
185.61.149.93
188.165.157.176
188.190.33.93
198.105.244.228
217.160.6.96
# https://reaqta.com/2016/06/nemucod-meets-php/
37.140.192.209
89.31.108.3
92.53.121.36
185.26.122.180
# https://otx.alienvault.com/pulse/5759741f78e335013763cea0
8.5.1.35
58.158.177.102
# https://www.hybrid-analysis.com/sample/e6f8bd93246e534ba73cdce9e6596f2913b9f32cc08c4d14c685f59441e42e1a?environmentId=100
185.26.122.180
# https://www.arbornetworks.com/blog/asert/communications-bolek-trojan/
91.215.154.155
# https://twitter.com/mesa_matt
93.174.94.135
37.112.59.79 # 745698957314113536
166.78.145.90
173.237.190.72
185.139.0.217
91.220.131.220
# https://blog.malwarebytes.org/cybercrime/exploits/2016/06/neutrino-exploit-kit-fills-in-for-angler-ek-in-recent-malvertising-campaigns/
# https://www.virustotal.com/en/domain/watch.pnwpga.com/information/
69.30.229.132
# https://blogs.mcafee.com/mcafee-labs/thrones-jon-snow-appears-to-employ-neutrino-exploit-kit/
# http://viewdns.info/reversewhois/?q=yaplakal.r%40gmail.com
# https://www.virustotal.com/en/domain/23iujasdhaskj.top/information/
# https://www.virustotal.com/en/domain/injec-software-me.com/information/
# https://www.virustotal.com/en/domain/gugendolik.com/information/
# https://www.virustotal.com/en/domain/newserver-newscompnay.com/information/
# https://www.virustotal.com/en/domain/diahatvietnam.com/information/
188.93.211.27
188.93.211.67
194.58.121.54
74.57.205.136
184.168.221.39
69.197.18.183
104.28.20.75
104.28.21.75
# http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html
66.150.114.20
103.194.112.36
138.201.162.161
184.73.178.140
85.143.209.61
104.238.173.205
185.117.73.124
139.59.188.227
45.32.182.43
# https://twitter.com/JanneFI
31.170.163.90
# https://www.arbornetworks.com/blog/asert/communications-bolek-trojan/
91.215.154.155
# https://twitter.com/F_kZ_
107.181.175.15
88.127.231.124
58.206.126.28
162.144.156.241 # 744838342337007616
1.35.32.95 # 742370496046583808
2.226.228.33
3.177.177.160
4.4.137.168
4.88.158.184
7.87.41.16
8.134.27.251
14.221.219.225
15.22.130.149
16.167.234.192
17.160.190.25
18.176.47.78
19.34.61.18
20.89.101.250
20.123.164.86
22.224.76.149
26.204.147.126
28.32.221.17
29.207.100.120
30.232.78.239
31.140.207.13
32.120.71.1
34.90.91.110
35.47.222.13
36.27.192.47
38.97.170.78
38.114.57.173
38.234.124.213
47.98.26.246
49.139.190.13
51.181.119.128
53.2.186.19
57.17.67.112
57.66.143.78
60.103.72.217
61.125.246.31
64.25.212.40
67.226.101.210
68.96.164.94
69.11.90.163
70.215.19.187
71.250.234.148
73.115.66.24
73.134.157.228
73.238.111.174
74.51.90.52
74.133.61.231
82.187.81.4
83.133.52.236
88.151.101.129
88.204.156.90
89.99.54.140
89.205.122.234
90.130.74.91
91.32.196.167
92.243.219.229
95.94.180.114
98.44.76.218
102.144.251.22
107.5.150.38
107.82.36.164
107.107.116.161
112.232.40.194
113.22.225.129
115.199.234.253
116.243.53.245
117.158.35.35
119.132.244.145
123.230.219.179
125.99.186.180
134.75.158.226
134.77.10.29
134.169.176.194
137.69.222.215
138.124.12.228
139.60.79.248
143.50.110.138
143.92.58.174
145.242.121.115
145.254.247.7
146.164.65.135
148.22.255.219
150.15.97.232
150.130.130.31
151.75.178.198
151.220.234.186
153.114.118.250
155.94.67.23
155.220.210.239
163.20.178.10
166.164.58.107
166.176.46.71
168.5.2.25
169.0.158.243
169.164.117.136
172.188.162.144
176.168.136.171
177.16.14.56
179.188.3.63
183.177.176.53
183.182.89.222
185.66.95.10
187.178.176.10
190.85.72.92
191.32.105.11
192.70.226.155
193.60.170.10
193.100.138.58
194.170.179.45
195.1.71.220
196.201.156.226
198.36.81.78
198.42.82.132
200.140.196.192
202.45.91.27
204.95.85.50
206.5.53.128
206.48.132.155
210.4.135.1
210.205.88.28
211.99.83.223
212.237.238.105
213.157.44.176
216.73.211.178
216.132.93.156
217.42.9.62
220.15.121.157
225.24.137.64
226.194.205.42
228.18.238.173
228.160.131.206
229.90.213.181
233.244.139.112
235.148.76.158
236.74.71.200
239.230.119.73
240.116.193.19
241.225.220.134
244.88.36.226
244.184.154.158
245.250.2.209
246.137.215.198
249.56.97.85
249.63.207.73
250.122.14.85
254.55.46.193
179.43.133.38
51.255.19.179 # 747408054627377152
# http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html
5.133.179.79
74.201.85.74
45.32.183.83
104.238.173.205
# https://twitter.com/DrolSecurity
78.170.189.17
# https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
185.100.84.134
58.49.58.58
218.1.98.203
187.33.33.8
185.86.148.227
45.32.129.185
23.227.196.217
# https://twitter.com/CyberScimitar
178.170.189.17
92.53.121.171
185.93.108.132
93.171.202.176
188.127.230.5
195.54.162.33
37.139.29.105
81.177.23.247 # 743470119838486528
94.142.139.214
178.170.189.17
93.171.202.176
46.254.21.69
88.214.236.194
# https://twitter.com/in_threat
204.152.203.99
192.52.167.118
84.200.68.163
# https://twitter.com/chmod1777
104.168.180.192
# https://twitter.com/Antelox
59.180.231.54 # 743109421400752129
94.102.50.50 # 743504417090113536
77.222.56.251 # 744202025286639616
31.220.17.11
198.211.115.134
93.89.224.8
212.129.55.87
46.30.212.111 # 744187915824152577
88.208.252.204
206.222.19.250
188.40.248.65 # 744125834596876288
81.177.165.93 # 744113839785009152
120.26.59.61 # 744899390024880129
212.129.55.87
84.45.72.224 # 744930566538207236
195.208.1.157
5.101.152.55
104.207.244.16 # 745302311241719808
91.216.107.154
46.41.144.46 # 745531040286932992
87.236.19.41
5.101.153.64
5.101.153.43
5.101.152.120
121.41.90.205 # 746596735649255424
103.224.22.12
74.124.24.164
5.101.152.71
173.247.249.189
5.101.153.0/24 # 746279030069002245
5.101.152.67
87.236.19.17 # 745930202530852864
91.106.207.19
87.236.19.60
87.236.19.26
# https://twitter.com/GossiTheDog
50.87.44.134 # 682164539689938944
# https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/
103.229.124.1
103.39.78.131
107.191.61.105
112.213.117.52
116.251.210.77
116.251.216.165
116.251.216.227
116.251.216.72
116.251.219.142
117.17.10.10
151.236.14.53
176.31.220.160
178.209.51.164
178.209.52.72
192.157.229.164
198.98.103.7
210.245.85.83
23.89.200.128
23.89.201.173
38.109.190.55
49.213.18.15
50.117.47.66
50.117.47.67
61.250.92.79
# https://twitter.com/Simpo13
46.254.21.84 # 743086368205705216
4.198.232.114
# https://twitter.com/jeromesegura
45.63.26.202 # 743165744054046720
# http://malware-traffic-analysis.net/2016/05/16/index.html
188.93.211.67
# https://otx.alienvault.com/pulse/57616f7b5804b00134147bda
5.56.133.145
# https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22960/en_US/McAfee-Labs-ThreatAdvisory-Pinkslipbot_RevA.pdf
216.227.214.95
72.29.86.119
66.219.30.219
110.4.45.64
74.220.215.107
162.144.12.241
# https://www.virustotal.com/en/file/5a878ac22eb059159c2976d11840bdae09111ba8e17933794dbfb23435d89bdd/analysis/1466045706/
85.170.19.102
# https://twitter.com/James_inthe_box
69.36.165.48 # 743502699069464576
107.180.14.68 # 743515050980188162
66.175.222.234 # 743532746446766080
# https://blog.malwarebytes.com/cybercrime/exploits/2016/06/a-look-at-the-angler-less-exploit-kit-scene/
46.30.47.110
# https://twitter.com/BroadAnalysis
46.30.47.116 # 743835993644597249
185.133.72.122 # 743433394533576704
5.200.55.156 # 742370461133180928
93.114.65.96
115.74.159.3
84.232.212.135
49.48.216.228
85.93.0.43 # 742067919157366784
45.63.41.234
85.93.0.72 # 740920663876198400
74.208.110.67 # 739465362157277185
109.248.32.173 # 738360899015180288
185.106.122.81 # 738047398417694720
198.105.254.228
66.240.194.139
67.215.187.94 # 737452923551133696
5.200.55.71
46.30.46.190
185.141.27.2 # 736199577175461888
185.141.27.170 # 735503054301200386
158.69.183.24
81.2.240.180 # 734923510489944064
80.87.205.115
5.8.63.0/24
85.93.0.81 # 734893549641175041
185.141.27.143
93.170.169.160
95.213.139.116
5.101.152.83 # 728793786738982912
192.185.215.103
5.144.130.40
46.28.68.46
51.254.93.2
75.126.171.192
178.210.171.15
75.126.217.39
87.98.183.207
65.110.76.229
217.160.230.9
193.124.185.87
185.86.78.3
5.8.63.54 # 734411289011838977
85.93.0.33 # 732655882039885825
108.61.221.86
204.155.30.124
89.145.89.1 # 732297976887037956
185.93.0.33 # 732250080317739008
85.117.75.136
185.117.75.136
176.8.211.57
85.25.95.39 # 744555497987186688
185.119.173.35
146.185.173.25 # 745335484461780992
212.67.205.58
74.208.77.101
74.208.166.84
74.208.161.216
185.49.68.215
58.64.142.89 # 745641395092865025
46.30.47.137 # 746733497918853120
45.35.86.57
115.28.36.224
46.30.46.170 # 746180434199986177
185.127.25.247
95.163.127.184
108.163.224.94 # 746058357874761728
# https://otx.alienvault.com/pulse/576453a7f15dc60134d27471
151.80.9.92
136.243.126.105
5.196.241.192
79.174.73.100
178.33.188.146
176.126.71.5
# https://twitter.com/ochsenmeier
5.56.133.100 # 742448375312863233
# https://www.fireeye.com/blog/threat-research/2016/06/resurrection-of-the-evil-miner.html
198.204.254.82
88.214.200.145
# https://twitter.com/LowsonWebmin
67.227.182.157 # 744932198709661696
# https://twitter.com/_odisseus
78.31.66.161 # 744962399548096512
# https://twitter.com/jedisct1
51.254.240.48 # 745315081852837888
185.82.216.55
217.12.223.83
93.170.104.107 # 745339163550023681
91.219.29.41 # 745624598809546753
93.170.169.188
217.12.223.88 # 746348458852950016
195.123.209.227
185.82.216.61
217.12.223.89
5.61.37.139 # 745994532009943040
195.123.209.227 # 745743267170488321
185.82.216.60
217.12.223.88
# https://blogs.forcepoint.com/security-labs/highly-popular-anime-site-jkanime-compromised-redirecting-users-neutrino-ek#st_refDomain=t.co&st_refQuery=/xjOrgjTNtC
104.25.159.13
146.185.173.25
# https://twitter.com/mikko
113.10.158.114 # 745182672549359616
203.189.232.1
118.193.246.157
182.16.4.2
103.242.3.47
182.16.4.6
# https://blog.malwarebytes.com/threat-analysis/2016/03/scammers-impersonate-isps-in-new-tech-support-campaign/
190.97.163.85
130.211.186.109
74.220.199.6
# https://twitter.com/0xtadavie
91.219.29.41 # 745581758217883648
# https://labs.opendns.com/2016/06/20/bitcoin-wallet-phishes-reveal-rogue-hosts/
89.248.171.0/24
91.218.247.0/24
104.28.30.195
93.174.91.42
# 23.236.62.147
162.213.255.53
50.116.61.95
# https://otx.alienvault.com/pulse/576a6ba4f15dc60d70d2777a
129.121.5.191
213.205.38.24
46.30.213.77
93.190.41.97
160.153.73.4
203.124.43.226
45.40.143.233
192.186.200.134
162.213.157.131
217.160.177.243
89.107.186.4
123.30.145.20
213.205.38.28
195.14.0.150
213.205.38.25
103.6.198.138
109.71.40.52
192.186.209.5
23.229.133.197
112.78.2.153
# https://otx.alienvault.com/pulse/576ad190f9467301352cdbfb
176.126.71.5
# https://twitter.com/malcatmewmew
85.128.210.66
193.203.99.113
# https://twitter.com/0xtadavie
185.82.216.61 # 747360136843399168
217.12.223.89
195.123.209.227 # 745955826423177216
# https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users
82.165.37.26
# https://twitter.com/ReaQta
103.6.198.185 # 745917278181523456
104.152.168.29
107.180.24.238
107.6.169.61
109.234.160.30
112.140.178.249
143.95.250.67
146.120.112.197
160.153.73.196
162.210.102.232
166.63.125.135
175.45.184.160
176.62.167.160
185.149.90.4
188.40.0.214
192.185.146.153
192.185.225.43
192.185.65.228
192.186.246.98
192.254.188.98
193.203.99.111
193.203.99.113
195.208.0.136
199.204.248.105
199.241.184.10
202.124.241.203
203.132.10.3
216.120.252.191
217.73.226.220
217.76.156.98
23.229.131.128
46.226.62.141
46.226.62.145
65.39.184.151
66.33.222.26
69.156.240.29
75.119.198.150
79.174.64.15
80.78.166.19
83.96.159.64
85.118.237.109
85.25.235.209
89.36.135.166
92.53.126.193
94.247.170.75
95.38.60.148
98.131.20.17 # 745909797707464704
195.234.4.64
173.225.21.34
94.46.167.10
213.189.197.201
67.231.20.224
108.160.148.6
149.255.34.144
87.239.18.13
23.229.135.101
212.227.33.91
88.208.252.194
81.177.140.141
90.156.201.56
77.221.130.6
195.208.1.146 # 748174104633679872
14.31.59.147
62.42.230.17
85.9.56.201
88.86.120.126
93.170.123.219
95.170.90.21
149.154.159.125
151.236.17.45
151.236.17.47
188.116.19.59
207.204.30.14
212.23.8.80
213.158.72.90
216.239.136.136
216.239.136.223
217.31.51.180
217.119.54.167
208.71.106.37 # 748113712880435200
46.19.218.30
205.236.147.16
# https://twitter.com/tmmalanalyst
62.76.188.61 # 746896087164719104
40.30.47.137 # 746743875998343168
# http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/
5.9.94.34
5.79.71.225
46.101.115.221
69.195.129.72
83.125.22.161
85.17.31.82
85.17.31.122
138.201.0.134
138.201.47.150
138.201.47.153
138.201.47.158
144.76.250.205
178.162.217.107
178.162.203.202
178.162.203.211
178.162.203.226
# https://twitter.com/h3x2b
89.111.177.133 # 747738867877421056
193.203.99.112
86.106.30.71
62.14.3.195
62.37.237.59
64.50.161.218
66.147.244.210
69.27.174.10
78.24.186.235
80.74.144.35
81.24.1.16
81.196.20.133
83.235.64.44
85.193.69.29
89.42.39.160
91.223.216.66
112.140.42.29
166.62.10.52
178.254.62.52
188.40.77.144
192.185.36.128
192.186.251.225
195.3.96.72
198.1.71.135
198.169.132.17
208.71.106.219
# https://twitter.com/Simpo13
51.236.15.226 # 747844999467892740
194.9.94.117
# https://twitter.com/dez_
139.59.191.79 # 747807234684379137
78.46.167.130
# https://twitter.com/JaiGuill
95.59.26.88 # 748081704171151364
107.181.255.246
# https://twitter.com/IgnotumAliquis
82.221.139.0/24 # 785990081043496960
# https://www.reddit.com/r/Malware/comments/4tfrja/malware_served_from_reddit_ad_xpost_from_rads/
104.243.35.138
# https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight
5.187.5.206
50.7.124.160
50.7.124.184
50.7.124.215
50.7.143.14
50.7.143.70
95.154.199.67
95.154.199.79
95.154.199.135
95.154.199.181
95.154.199.182
95.154.199.183
162.247.14.213
179.43.147.195
179.43.147.242
192.240.97.164
193.109.69.212
46.183.219.105
46.183.220.156
46.183.221.146
91.219.239.113
184.171.243.62
184.171.243.63
185.29.11.167
191.101.250.49
191.101.251.1
191.101.251.12
192.169.7.226
# http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/
222.239.91.30
210.209.118.30
43.225.56.138
# http://researchcenter.paloaltonetworks.com/2016/08/unit42-vb-dropper-and-shellcode-for-hancitor-reveal-new-techniques-behind-uptick/
62.141.54.153
213.239.192.240
# http://www.kahusecurity.com/2016/javascript-leads-to-browser-hijacking/
95.153.31.22
# https://www.us-cert.gov/hiddencobra
104.192.193.149
111.207.78.204
117.232.100.154
119.10.74.66
122.114.89.131
122.114.94.26
125.160.213.239
125.212.132.222
139.217.27.203
173.0.129.65
173.0.129.83
175.100.189.174
181.119.19.118
181.119.19.141
181.119.19.196
181.119.19.5
181.119.19.50
181.119.19.54
181.119.19.56
181.119.19.58
181.119.19.74
190.105.225.232
190.82.74.66
190.82.86.164
191.233.33.177
191.234.40.112
195.74.38.115
196.25.89.30
197.211.212.14
199.167.100.46
200.57.90.108
203.160.191.116
208.180.64.10
208.78.33.70
208.78.33.82
209.183.21.222
210.202.40.35
216.163.20.178
221.208.194.72
221.235.53.229
27.123.221.66
36.71.90.4
41.92.208.194
41.92.208.196
41.92.208.197
5.79.99.169
50.62.168.157
59.90.93.138
62.243.45.227
64.29.144.201
66.175.41.191
66.232.121.65
66.242.128.11
66.242.128.12
66.242.128.13
66.242.128.134
66.242.128.140
66.242.128.158
66.242.128.162
66.242.128.163
66.242.128.164
66.242.128.170
66.242.128.173
66.242.128.179
66.242.128.181
66.242.128.185
66.242.128.186
66.242.128.223
71.125.1.130
71.125.1.132
71.125.1.133
71.125.1.138
72.167.53.183
75.103.110.134
77.78.100.101
81.0.213.173
82.223.213.115
82.223.73.81
91.116.139.195
96.65.90.58
98.101.211.140
98.101.211.162
98.101.211.170
98.101.211.251
98.113.84.130
98.159.16.132
# https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/
14.139.200.107
175.100.189.174
197.211.212.31
199.180.148.134
110.45.145.103
217.117.4.110
61.106.2.96
181.119.19.100
124.248.228.30
119.29.11.203
139.96.55.146
114.215.130.173
# https://twitter.com/CraneHassold
178.159.36.241 # 937389328648560647
# https://twitter.com/Techhelplistcom
202.181.24.235 # 940805468271804416
91.234.99.151 # 965345305578409984
80.211.245.223 # 992044061216460800
217.61.108.26 # 992252017065189380
# https://twitter.com/JayTHL
176.74.30.18 # 1118021886808612865
# https://twitter.com/switchingtoguns
185.110.132.218 # 946413033349369857
# https://twitter.com/bad_packets
181.214.87.0/24 # 976644371364773888
185.8.51.39 # 982106706292367360
5.188.9.135
198.211.99.33 # 1064325625123500032
111.90.158.225
# https://twitter.com/bry_campbell
111.90.138.178 # 983649159508054017
# https://twitter.com/aa419
64.20.39.27 # 991440987162460160
# https://blog.talosintelligence.com/2018/05/VPNFilter.html
91.121.109.209
# 217.12.202.40 (TOR Node)
94.242.222.68
# 82.118.242.124 (TOR Node)
46.151.209.33
217.79.179.14
91.214.203.144
95.211.198.231
195.154.180.60
5.149.250.54
91.200.13.76
94.185.80.82
62.210.180.229
# https://twitter.com/BBcan177
5.45.79.15 # 1003344397176537088
92.40.248.0/24 # Spammer
92.40.249.0/24 # Spammer
# https://twitter.com/bad_packets
166.63.127.154 # 1031286141654204416
185.82.200.87 # 1068567506070102017
# https://twitter.com/alphasoc
206.189.40.55 # 1039355203609223170
213.174.157.150 # 1056792558284619776
# https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html
95.216.59.92
# https://twitter.com/JayTHL
101.99.90.67 # 1165861042859253760
103.254.208.44
104.194.11.41
104.243.245.155
104.244.74.119
107.173.125.119
107.174.14.10
142.11.211.58
162.144.78.83
173.82.206.243
176.53.12.17
178.159.36.167
178.159.36.236
181.41.215.48
@ktsaou
Copy link

ktsaou commented May 2, 2016

Added to firehol IP lists analytics: http://iplists.firehol.org/?ipset=bbcan177_ms1

@p1r473
Copy link

p1r473 commented Jun 4, 2017

Hi, you are blocking a videogame website (smitegame.com) in your list with: 205.185.216.42

@ecripse4g63t
Copy link

First, Great thanks for your amazing work on all the projects and contributions. 👍 💯

I believe I found a minor issue,
on line 1348, I believe needs a "#" Otherwise blocking virus total? 3 Jun 18 Version.

Thanks for your time. :)

@adirn15
Copy link

adirn15 commented Apr 23, 2019

Hi,
you are blocking the main IP address of my email domain in your list: 23.236.62.147
Please remove it

@Ghamghami
Copy link

Dear Sir/ Madam,
On 09/09/2019, when I tried to sign up for APILITY.IO services, a pop-up message appeared on my screen indicating that my IP address been blacklisted by your Organisation. Totally disappointed about this and very confused. As a Cyber Security Engineer, I would like to know who has blacklisted my IP address and would like to receive some helpful information regards this matter, please.
Proof1

@vletoux
Copy link

vletoux commented Oct 21, 2019

Blacklists are an effective way to mitigate malicious hosts but to be effective, a blacklist has to represent the reality.

A OVH mutualized server whose ip is 213.186.33.17 has been blacklisted here May 12, 2016.
While I don't contest that a malicious content has been hosted on this server, as for today, one of the many website I manage is hosted on this server. And as a consequence, this website is blacklisted because something happened 3 years ago.
This website doesn't aim at a large public, so the business impact is limited.
However, now, cyber rating companies are scanning ALL the assets of companies and put a rating on this.
It decides wather your cyber insurance premium increases or not, and explains to your management if your job is done or not.
And because this IP is blacklisted here, it has an impact on my security score.
So this blacklist get on top of my todo list.

Internet is living and hosts are being activated and deactivated every day.
So, if there is something to fix, I'd like to know.
But most probably, the issue has been fixed years ago by the provider.
And I don't see a way to be unlisted, except added a comment to this gist.

So can someone explain what I have to do to get delisted or just delist this ip because the event happened 3 years ago?

Thanks in advance

@cryptocryptocryptocrypto

Lines 3015 and 3020 are missing a #

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment