-
-
Save BBcan177/bf29d47ea04391cb3eb0 to your computer and use it in GitHub Desktop.
185.14.31.9 # ROVNIX loader | |
61.67.114.73 # Regin | |
202.71.144.113 # Regin | |
203.199.89.80 # Regin | |
194.183.237.145 # Regin | |
94.23.58.217 # SoakSo | |
5.9.188.148 # Dridex - http://securityblog.s21sec.com/2014/11/dridex-learns-new-trick-p2p-over-http.html | |
46.4.232.200 # Dridex | |
37.1.208.21 # Dridex | |
108.61.198.191 # Dridex | |
188.40.240.20 # Dridex | |
37.1.215.144 # Dridex | |
188.116.40.35 # Dridex | |
80.79.114.72 # Dridex | |
78.140.164.160 # Dridex | |
54.84.136.229 # Dridex | |
130.209.101.62 # Dridex | |
209.54.58.186 # Cridex - http://stopmalvertising.com/malware-reports/analysis-of-dridex-cridex-feodo-bugat.html | |
91.121.162.48 # Cridex | |
89.31.144.214 # Cridex | |
89.188.121.106 # Cridex | |
72.249.190.70 # Cridex | |
50.56.200.226 # Cridex | |
212.111.1.212.226 # Cridex | |
194.28.132.33 # Cridex | |
173.203.208.139 # Cridex | |
5.135.28.118 # Cridex | |
37.187.156.123 # Cridex | |
62.76.44.174 # Cridex | |
46.165.241.0/24 # Cridex | |
80.94.160.129 # Dridex - http://stopmalvertising.com/spam-scams/fake-bh-live-e-tickets-for-peter-pan-lead-to-dridex.html | |
92.222.46.165 # Dridex | |
108.166.70.44 # Dridex | |
130.153.198.148 # Dridex | |
184.106.64.151 # Dridex | |
188.226.255.127 # Dridex | |
87.248.244.72 # Dridex | |
195.225.168.72 # Dridex | |
217.21.42.239 # Dridex | |
74.53.91.100 # Dridex | |
80.240.137.88 # Dridex | |
82.194.167.2 # Dridex | |
203.131.222.102 # US_CERT TA14-353A: Targeted Destructive Malware | |
217.96.33.164 # US_CERT TA14-353A | |
88.53.215.64 # US_CERT TA14-353A | |
200.87.126.116 # US_CERT TA14-353A | |
58.185.154.99 # US_CERT TA14-353A | |
212.31.102.100 # US_CERT TA14-353A | |
208.105.226.235 # US_CERT TA14-353A | |
198.252.73.124 # Zeus - http://blog.phishlabs.com/one-man-operation-leverages-phishing-and-browser-alerts-to-distribute-new-variant-of-zeus-banking-trojan | |
95.211.20.182 # Zeus | |
5.196.41.3 # http://www.cyphort.com/isc-org-infected/ | |
95.211.226.158 | |
93.179.68.167 | |
149.12.71.2 # http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/ | |
190.242.96.212 | |
190.60.202.4 | |
195.128.235.227 | |
195.128.235.231 | |
195.128.235.233 | |
195.128.235.235 | |
195.81.34.67 | |
202.95.84.33 | |
203.150.231.49 | |
203.150.231.73 | |
210.81.52.120 | |
212.61.54.239 | |
41.222.35.70 | |
62.216.152.67 | |
64.76.82.52 | |
80.77.4.3 | |
81.31.34.175 | |
81.31.36.174 | |
81.31.38.163 | |
81.31.38.166 | |
84.233.205.99 | |
85.112.1.83 | |
87.255.38.2 | |
89.18.177.3 | |
103.41.124.0/24 # https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html | |
103.25.9.228 | |
103.25.9.229 | |
179.111.212.221 # http://vulnerabledisclosures.blogspot.ca/2015/03/large-botnet-exposed.html | |
81.149.12.77 | |
89.156.44.210 | |
38.108.61.227 | |
37.110.214.124 | |
86.126.135.242 | |
80.82.64.201 | |
112.211.182.241 | |
125.62.97.218 | |
95.31.88.21 | |
37.139.6.7 # http://vulnerabledisclosures.blogspot.ca/2015/02/theory-utilizing-porn-sites-to-infect.html | |
80.82.65.0/24 # http://blog.trendmicro.com/trendlabs-security-intelligence/newposthings-has-new-pos-things/ | |
80.82.65.112 # Blocking full /24 for good measure | |
91.121.87.188 | |
62.68.96.173 | |
192.10.10.1 | |
5.39.88.204 | |
80.82.65.23 | |
85.143.217.196 # http://blog.fox-it.com/2015/04/07/liveblog-malvertising-from-google-advertisements-via-possibly-compromised-reseller/ | |
62.76.44.174 | |
174.36.217.82 | |
85.143.217.196 | |
87.236.215.246 # http://www.securityweek.com/russia-linked-hackers-used-two-zero-days-recent-targeted-attack-fireeye | |
62.76.177.179 # https://blog.sucuri.net/ (Magento ShopLift in the Wild) | |
185.22.232.218 | |
217.71.50.57 # https://www.recordedfuture.com/lizard-squad-analysis/ | |
5.39.90.132 | |
198.100.144.122 | |
194.54.81.162 # http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf | |
194.54.81.163 | |
194.54.81.164 | |
194.54.81.165 | |
194.54.81.166 | |
184.106.208.157 | |
50.28.24.79 | |
67.221.183.105 | |
195.242.70.4 | |
151.236.11.167 # http://blogs.cisco.com/security/talos/poseidon | |
185.13.32.132 | |
185.13.32.48 | |
31.184.192.196 | |
91.220.131.116 | |
91.220.131.87 | |
185.82.216.86 # http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html | |
217.12.202.93 | |
37.139.50.45 | |
85.17.142.21 # http://community.websense.com/blogs/securitylabs/archive/2015/06/10/large-malvertizing-campaign-leads-to-angler-ek-amp-bunitu-malware.aspx | |
95.211.58.100 | |
95.211.233.121 | |
46.183.216.247 | |
110.201.214.114 | |
110.201.5.111 | |
31.173.52.225 | |
85.17.142.21 | |
80.242.123.211 # http://documents.trendmicro.com/assets/GamaPOS_Technical_Brief.pdf | |
80.242.123.144 | |
185.61.138.148 | |
76.73.47.90 # http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/ | |
223.25.233.248 # http://www.volexity.com/blog/?p=158 | |
66.172.11.207 # http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-leveraged-by-tsar-team/ | |
97.75.120.45 # https://www.f-secure.com/weblog/archives/00002822.html | |
58.80.109.59 | |
198.200.45.112 # http://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/ | |
142.91.76.134 | |
192.199.254.126 | |
46.166.160.41 # https://www.trustwave.com/Resources/SpiderLabs-Blog/RIG-Reloaded---Examining-the-Architecture-of-RIG-Exploit-Kit-3-0/ | |
49.143.192.221 # http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/ | |
49.143.205.30 | |
66.63.178.142 | |
67.215.232.179 | |
67.215.232.181 | |
67.215.232.182 | |
72.11.141.133 | |
72.11.148.220 | |
74.63.195.236 | |
74.63.195.237 | |
74.63.195.238 | |
96.44.177.195 | |
96.44.182.243 | |
96.44.182.245 | |
96.44.182.246 | |
103.24.0.142 | |
103.24.1.54 | |
106.187.45.162 | |
192.151.236.138 | |
192.161.61.19 | |
192.161.61.20 | |
192.161.61.22 | |
208.115.242.36 | |
208.115.242.37 | |
208.115.242.38 | |
46.30.41.159 # https://blog.team-cymru.org/2015/06/poseidon-and-the-backoff-pos-link/ | |
46.166.168.106 | |
89.144.2.148 | |
89.144.2.149 | |
89.144.2.150 | |
93.171.202.168 | |
146.120.110.104 | |
162.244.32.164 | |
178.62.208.238 | |
193.230.220.53 | |
216.246.98.85 | |
46.30.41.159 | |
46.161.40.106 | |
89.144.2.151 | |
91.220.131.182 | |
128.199.73.152 | |
210.209.89.162 # http://research.zscaler.com/2015/08/chinese-cyber-espionage-apt-group.html | |
115.144.107.55 # https://heimdalsecurity.com/blog/security-alert-millions-exposed-internet-explorer-vulnerability/ | |
182.253.220.29 # https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/?utm_content=15857818&utm_medium=social&utm_source=twitter | |
186.226.56.103 | |
93.171.205.64 # http://research.zscaler.com/2015/08/neutrino-campaign-leveraging-wordpress.html | |
185.44.105.7 | |
197.251.168.227 # http://www.threatgeek.com/2015/08/good-malware-never-dies-alienspy-reborn-as-jsocket-1.html | |
198.91.81.2 | |
98.126.67.114 # http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/ | |
68.68.105.174 | |
98.126.121.202 | |
173.254.223.24 | |
192.52.166.115 # https://securelist.com/blog/research/72283/gaza-cybergang-wheres-your-ir-team/ | |
131.72.136.28 | |
109.200.23.207 | |
131.72.136.124 | |
66.155.23.36 | |
172.227.95.162 | |
162.220.246.117 | |
162.220.246.117 | |
192.253.246.169 | |
192.99.111.228 | |
192.52.167.125 | |
185.33.168.150 | |
198.105.117.37 | |
185.45.193.4 | |
198.105.122.96 | |
131.72.136.11 | |
131.72.136.171 | |
84.200.17.147 | |
166.62.28.107 # http://www.scmagazineuk.com/googles-adwords-have-been-hijacked-by-crooks/article/441894/ | |
192.126.126.64 # http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html | |
107.160.40.9 | |
210.92.18.118 # http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-hunting-mr-black-ids-via.html | |
222.186.34.220 | |
24.33.131.116 # https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-Fulfillment-Warehousing-Industry | |
24.148.217.188 | |
27.109.20.53 | |
37.57.144.177 | |
42.47.213.123 | |
45.64.159.18 | |
46.174.237.115 | |
63.248.156.246 | |
65.33.236.173 | |
67.207.229.215 | |
67.221.146.67 | |
67.221.146.107 | |
67.221.147.66 | |
67.221.147.103 | |
67.221.156.105 | |
67.221.156.165 | |
67.221.156.216 | |
67.221.195.6 | |
67.222.201.61 | |
67.222.201.222 | |
68.70.242.203 | |
69.9.204.114 | |
69.27.57.164 | |
69.144.171.44 | |
72.175.10.116 | |
72.230.82.80 | |
73.38.228.117 | |
77.48.30.156 | |
78.8.9.55 | |
78.8.174.25 | |
78.72.233.105 | |
78.108.101.67 | |
82.100.4.60 | |
82.115.76.211 | |
82.160.64.45 | |
83.241.176.230 | |
84.54.191.170 | |
85.135.104.170 | |
87.249.142.189 | |
89.140.63.207 | |
89.161.51.115 | |
89.174.116.76 | |
89.239.120.43 | |
91.232.45.40 | |
91.232.45.149 | |
91.238.241.26 | |
91.239.244.187 | |
91.246.105.164 | |
94.40.82.66 | |
94.141.130.9 | |
103.230.220.8 | |
109.86.226.85 | |
109.87.63.98 | |
109.199.11.51 | |
112.133.203.43 | |
114.30.73.130 | |
115.119.250.245 | |
142.47.213.123 | |
150.129.48.147 | |
150.129.49.11 | |
150.129.49.139 | |
150.129.49.162 | |
173.185.166.94 | |
173.216.247.74 | |
173.248.31.6 | |
173.252.48.79 | |
173.252.50.124 | |
176.101.135.103 | |
176.120.201.9 | |
180.233.123.210 | |
181.112.153.202 | |
181.174.91.90 | |
184.190.64.35 | |
185.74.84.55 | |
185.89.64.160 | |
186.46.142.66 | |
186.68.94.38 | |
188.120.194.101 | |
188.125.38.100 | |
188.255.154.180 | |
193.189.77.76 | |
194.28.191.245 | |
195.117.104.102 | |
195.154.105.117 | |
195.154.106.76 | |
195.191.34.245 | |
197.149.90.166 | |
197.210.199.21 | |
203.115.103.27 | |
203.129.197.50 | |
206.116.171.216 | |
206.123.58.42 | |
206.123.60.93 | |
206.222.25.58 | |
208.117.68.78 | |
208.123.135.106 | |
209.27.49.117 | |
212.109.179.197 | |
212.182.101.2 | |
213.92.138.154 | |
213.92.204.37 | |
216.57.165.182 | |
217.12.202.99 | |
188.40.106.84 # http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf | |
188.40.75.132 | |
188.40.81.136 | |
192.254.132.26 | |
54.255.143.112 | |
182.62.211.45 # Foxit Ponmcup - A giant hiding in the shadows v1.1 November, 30, 2015 | |
185.17.184.249 | |
214.66.10.71 | |
217.23.3.243 | |
217.23.3.244 | |
217.23.3.249 | |
232.187.207.67 | |
26.252.164.23 | |
28.16.103.211 | |
62.212.68.230 | |
78.109.28.248 | |
78.109.28.249 | |
78.109.28.250 | |
85.17.133.193 | |
85.17.133.194 | |
89.172.227.240 | |
93.115.88.220 | |
95.211.240.193 | |
95.211.240.194 | |
45.63.13.175 # https://blog.malwarebytes.org/malvertising-2/2015/12/spike-in-malvertising-attacks-via-nuclear-ek-pushes-ransomware/ | |
104.131.212.117 | |
31.184.192.206 # http://www.threatgeek.com/2015/12/the-many-paths-to-angler.html | |
31.184.192.197 | |
31.184.192.216 | |
31.184.192.202 | |
85.143.220.153 | |
85.143.217.31 | |
85.143.219.167 | |
85.143.220.95 | |
85.143.216.253 | |
85.143.220.44 | |
85.143.220.18 | |
85.143.219.200 | |
85.143.220.109 | |
85.143.217.50 | |
85.143.219.77 | |
85.143.219.65 | |
85.143.219.232 | |
85.143.219.163 | |
178.33.200.161 | |
188.227.74.75 | |
188.227.19.86 | |
85.143.217.191 | |
212.116.121.51 | |
46.161.2.73 | |
185.104.8.50 | |
5.9.212.53 # http://researchcenter.paloaltonetworks.com/2015/12/proxyback-malware-turns-user-systems-into-proxies-without-consent/ | |
5.79.85.212 | |
46.38.51.49 | |
46.165.193.67 | |
46.165.222.212 | |
46.165.223.193 | |
62.75.255.52 | |
69.64.32.110 | |
85.17.30.89 | |
91.121.193.50 | |
91.185.215.137 | |
93.189.40.164 | |
93.189.42.9 | |
93.189.42.43 | |
104.238.173.238 | |
108.59.9.15 | |
185.72.244.171 | |
185.72.246.23 | |
194.247.12.11 | |
194.247.12.49 | |
213.229.102.157 | |
217.172.179.88 | |
14.4.0.0/15 # http://www.spamhaus.org/news/article/726/verizon-routing-millions-of-ips-for-cybercrime-gangs | |
14.6.0.0/15 | |
42.128.0.0/12 | |
42.160.0.0/13 | |
42.168.0.0/13 | |
43.250.64.0/22 | |
103.41.180.0/22 | |
116.129.0.0/16 | |
116.132.0.0/15 | |
116.136.0.0/15 | |
116.138.0.0/15 | |
116.140.0.0/15 | |
116.142.0.0/15 | |
116.148.0.0/15 | |
116.150.0.0/16 | |
116.152.0.0/15 | |
116.156.0.0/14 | |
116.160.0.0/14 | |
116.164.0.0/14 | |
116.168.0.0/15 | |
116.179.0.0/16 | |
116.184.0.0/13 | |
120.46.0.0/15 | |
120.48.0.0/15 | |
155.40.0.0/16 | |
192.185.21.183 # https://heimdalsecurity.com/blog/security-alert-exploit-kits-activity-spike-packs-improved-payloads-new-servers-predilection-flash-player/ | |
78.24.220.229 # https://heimdalsecurity.com/blog/security-alert-fileless-kovter-teams-modular-corebot-malware-irs-spam-campaign/ | |
213.136.92.111 # http://research.zscaler.com/2016/01/yet-another-signed-malware-spymel.html | |
188.138.68.30 # https://blog.malwarebytes.org/malvertising-2/2016/01/malvertising-campaign-via-pop-under-ads-sends-cryptowall-4/ | |
93.190.143.110 # http://www.talosintel.com/angler-exposed/ | |
93.190.138.162 | |
95.211.162.166 | |
# http://www.talosintel.com/files/additional_resources/angler_exposed/sept_ips_final.txt | |
104.207.130.65 | |
104.238.185.98 | |
104.238.191.3 | |
104.45.9.15 | |
108.61.177.149 | |
109.234.38.86 | |
144.76.143.121 | |
144.76.172.201 | |
148.251.98.68 | |
151.80.201.165 | |
185.117.72.109 | |
185.117.72.111 | |
185.117.72.112 | |
185.117.72.113 | |
185.117.72.114 | |
185.49.68.102 | |
185.49.68.136 | |
185.77.129.140 | |
185.77.129.142 | |
185.77.129.180 | |
185.77.129.183 | |
185.77.129.192 | |
185.77.129.216 | |
185.77.129.224 | |
185.77.129.244 | |
185.82.200.117 | |
185.82.200.225 | |
188.120.226.224 | |
188.120.226.226 | |
188.120.236.206 | |
188.120.236.212 | |
188.120.236.228 | |
188.120.242.147 | |
188.120.243.138 | |
188.120.247.192 | |
188.138.105.124 | |
188.138.57.179 | |
188.138.57.73 | |
188.138.70.112 | |
188.227.16.107 | |
188.227.19.72 | |
198.204.226.244 | |
198.204.226.245 | |
198.204.226.246 | |
207.182.129.154 | |
207.182.129.158 | |
207.182.130.187 | |
207.182.130.188 | |
207.182.130.189 | |
212.109.219.39 | |
212.116.121.142 | |
212.116.121.168 | |
212.116.121.69 | |
212.116.121.88 | |
31.148.220.164 | |
31.148.220.168 | |
31.148.220.169 | |
31.148.220.175 | |
31.148.220.181 | |
31.148.220.182 | |
31.148.220.185 | |
31.148.220.191 | |
31.148.220.234 | |
37.220.14.235 | |
45.32.237.204 | |
45.40.133.180 | |
46.165.199.230 | |
46.165.223.160 | |
46.165.247.178 | |
46.165.247.179 | |
46.28.55.116 | |
5.63.150.138 | |
51.254.116.93 | |
52.11.202.209 | |
62.109.13.72 | |
62.109.14.87 | |
62.109.28.111 | |
62.109.5.12 | |
62.109.8.231 | |
62.75.203.106 | |
64.79.70.202 | |
64.79.70.203 | |
64.79.70.204 | |
64.79.70.205 | |
64.79.70.206 | |
64.79.87.170 | |
64.79.87.171 | |
64.79.87.174 | |
66.199.240.244 | |
74.63.253.82 | |
74.63.253.83 | |
74.63.253.84 | |
82.146.34.94 | |
82.146.43.174 | |
85.17.15.33 | |
85.17.214.61 | |
85.25.102.3 | |
85.25.104.142 | |
85.25.104.153 | |
85.25.43.230 | |
85.25.79.185 | |
85.25.79.186 | |
85.25.79.187 | |
85.25.79.188 | |
86.105.235.18 | |
86.105.235.44 | |
86.105.235.56 | |
86.105.235.60 | |
86.105.235.81 | |
86.105.235.96 | |
87.117.226.14 | |
92.63.101.211 | |
93.115.240.158 | |
95.211.104.193 | |
# http://www.talosintel.com/files/additional_resources/angler_exposed/july_ips.txt | |
5.1.82.186 | |
5.79.85.235 | |
5.79.85.241 | |
5.79.85.242 | |
5.135.16.205 | |
5.196.183.76 | |
5.196.183.77 | |
45.34.75.102 | |
45.64.105.43 | |
46.4.213.132 | |
46.4.213.133 | |
62.109.13.130 | |
62.109.14.244 | |
62.109.15.242 | |
62.109.24.231 | |
62.109.30.119 | |
62.109.30.123 | |
62.109.30.124 | |
63.143.53.46 | |
64.79.70.148 | |
69.162.64.154 | |
69.162.64.155 | |
69.162.64.156 | |
69.162.64.158 | |
69.162.66.70 | |
69.162.73.90 | |
69.162.73.91 | |
69.162.73.92 | |
69.162.73.93 | |
69.162.73.94 | |
69.162.76.35 | |
69.162.76.36 | |
69.162.76.38 | |
69.162.86.34 | |
69.162.86.36 | |
69.162.86.37 | |
69.162.86.38 | |
69.162.89.27 | |
69.162.89.28 | |
69.162.89.29 | |
69.162.89.30 | |
69.162.90.107 | |
69.162.90.108 | |
69.162.112.181 | |
69.162.112.182 | |
69.162.116.123 | |
69.162.116.124 | |
69.162.116.125 | |
69.162.116.126 | |
69.162.116.253 | |
69.162.116.254 | |
74.63.217.218 | |
74.63.217.219 | |
74.63.217.220 | |
74.63.217.221 | |
74.63.217.222 | |
74.63.237.178 | |
74.63.237.179 | |
74.63.237.180 | |
74.63.237.181 | |
74.63.237.182 | |
78.46.252.108 | |
78.46.252.109 | |
78.46.252.110 | |
82.146.39.182 | |
82.195.144.49 | |
85.17.72.3 | |
85.17.72.4 | |
85.17.72.5 | |
88.198.54.212 | |
92.63.103.178 | |
92.63.103.179 | |
94.131.14.33 | |
94.131.14.34 | |
94.131.14.35 | |
94.131.14.36 | |
94.131.14.37 | |
94.250.248.138 | |
104.238.189.68 | |
104.238.189.212 | |
128.199.188.214 | |
136.243.96.94 | |
136.243.210.198 | |
136.243.211.78 | |
148.251.49.239 | |
148.251.133.230 | |
148.251.167.52 | |
148.251.167.57 | |
148.251.167.60 | |
148.251.167.62 | |
148.251.167.97 | |
148.251.167.98 | |
148.251.167.99 | |
148.251.167.100 | |
148.251.167.102 | |
148.251.167.104 | |
148.251.167.105 | |
148.251.167.106 | |
148.251.167.107 | |
173.0.51.81 | |
173.244.164.54 | |
176.9.35.148 | |
176.9.245.138 | |
176.9.245.139 | |
176.9.245.140 | |
176.9.245.141 | |
176.9.245.142 | |
178.63.173.165 | |
178.63.173.166 | |
185.43.220.56 | |
185.43.223.162 | |
185.43.223.163 | |
185.43.223.164 | |
185.43.223.165 | |
185.48.56.76 | |
185.48.57.64 | |
185.48.57.105 | |
185.48.58.51 | |
185.48.58.52 | |
185.48.59.76 | |
188.120.232.41 | |
188.120.232.46 | |
188.120.233.175 | |
188.120.236.58 | |
188.120.236.59 | |
188.120.247.21 | |
188.120.247.117 | |
188.120.247.161 | |
206.190.134.188 | |
206.190.134.189 | |
206.190.134.190 | |
207.182.159.219 | |
209.190.51.210 | |
209.190.51.212 | |
209.190.51.213 | |
209.190.51.214 | |
213.136.76.36 | |
216.144.244.147 | |
216.144.244.148 | |
216.245.209.2 | |
216.245.209.4 | |
216.245.209.5 | |
216.245.209.6 | |
216.245.213.138 | |
216.245.213.139 | |
216.245.213.141 | |
216.245.213.142 | |
216.245.218.27 | |
216.245.218.28 | |
216.245.218.29 | |
216.245.218.30 | |
# https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf | |
103.25.58.218 | |
199.255.138.38 | |
199.255.138.43 | |
204.152.219.120 | |
204.152.219.70 | |
204.45.207.49 | |
204.45.207.53 | |
212.7.208.71 | |
212.7.208.86 | |
212.7.208.88 | |
212.7.218.136 | |
213.184.126.142 | |
213.208.129.204 | |
213.208.129.211 | |
213.208.129.218 | |
213.208.129.220 | |
213.208.152.218 | |
216.107.152.237 | |
216.185.114.219 | |
216.38.2.192 | |
216.38.2.216 | |
216.38.8.189 | |
23.105.128.147 | |
23.105.128.148 | |
23.105.131.155 | |
23.105.131.188 | |
23.105.131.209 | |
23.227.196.198 | |
23.227.196.207 | |
23.227.199.118 | |
23.227.199.121 | |
23.227.199.72 | |
23.231.23.182 | |
31.171.155.72 | |
46.151.208.242 | |
46.20.33.104 | |
46.20.33.76 | |
5.187.34.231 | |
5.254.106.208 | |
5.254.106.251 | |
5.254.112.21 | |
5.254.112.24 | |
5.254.112.36 | |
5.254.112.56 | |
5.254.112.60 | |
5.79.79.67 | |
5.79.79.70 | |
50.7.199.164 | |
51.254.21.25 | |
67.215.4.74 | |
67.215.4.75 | |
67.215.9.231 | |
67.215.9.232 | |
67.215.9.235 | |
69.65.7.141 | |
79.172.242.87 | |
79.172.242.97 | |
91.236.116.105 | |
91.236.116.136 | |
94.156.219.237 | |
95.140.125.35 | |
95.140.125.37 | |
95.140.125.46 | |
95.140.125.62 | |
95.140.125.76 | |
95.140.125.85 | |
# https://www.anomali.com/blog/three-month-frameworkpos-malware-campaign-nabs-43000-credits-cards-from-poi | |
45.63.71.150 | |
# http://www.deependresearch.org/2016/02/jan-feb-2016-domains-associated-with.html | |
162.247.12.207 | |
# https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html | |
91.232.29.83 | |
179.43.160.34 | |
# http://www.welivesecurity.com/2016/03/30/meet-remaiten-a-linux-bot-on-steroids-targeting-routers-and-potentially-other-iot-devices/ | |
185.130.104.131 | |
185.130.5.201 | |
185.130.5.202 | |
# https://www.fireeye.com/blog/threat-research/2016/03/surge_in_spam_campai.html | |
188.138.88.184 | |
31.41.47.37 | |
5.34.183.136 | |
91.121.97.170 | |
# http://blog.talosintel.com/2016/04/nuclear-tor.html | |
188.166.27.134 | |
# https://blog.sucuri.net/2011/03/brenz-pl-is-back-with-malicious-iframes.html | |
91.188.59.197 | |
# Qbot https://resources.baesystems.com/pages/view.php?ref=39115&k=46713a20f9 | |
162.144.12.241 | |
181.224.138.240 | |
188.227.16.59 | |
188.227.18.185 | |
193.111.140.236 | |
46.30.43.188 | |
46.30.43.213 | |
50.87.150.203 | |
69.195.124.60 | |
85.25.210.196 | |
# https://www.fireeye.com/blog/threat-research/2016/04/ghosts_in_the_endpoi.html | |
220.128.223.75 | |
31.168.144.18 | |
84.11.146.62 | |
94.70.155.253 | |
# https://www.fireeye.com/blog/threat-research/2016/04/new_downloader_forl.html | |
185.130.7.22 | |
# http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-spreads-flash-windows-kernel-exploits/ | |
202.102.110.204 | |
# https://blogs.forcepoint.com/security-labs/jaku | |
101.99.68.5 | |
43.252.36.195 | |
103.13.229.20 | |
27.254.44.207 | |
202.142.223.144 | |
27.254.96.222 | |
27.254.55.23 | |
27.254.96.223 | |
202.150.220.93 | |
91.44.233.77 # SAPHARUS-PC | |
# http://threatglass.com/malicious_urls/popbest-net | |
# https://malwr.com/analysis/ZTgzZjViMzI5OGQzNDc1ZDkwN2JjMjFlNjAyNTY5YTM/ | |
85.93.0.0/18 | |
# http://malware-traffic-analysis.net/2016/05/09/index.html | |
185.118.66.154 | |
82.141.230.141 | |
104.193.252.241 | |
162.244.34.11 | |
188.138.105.185 | |
# http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/ | |
31.184.197.69 | |
31.44.191.251 | |
79.117.151.236 | |
46.161.40.11 | |
191.101.31.126 | |
87.249.215.196 | |
# https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-Vu | |
207.244.95.42 | |
83.149.99.43 | |
212.200.96.25 | |
212.227.162.50 | |
50.31.146.101 | |
# https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool | |
217.23.13.153 | |
# https://www.microsoft.com/en-us/download/details.aspx?id=51956 | |
200.61.248.8 | |
209.45.65.163 | |
190.96.47.9 | |
192.192.114.1 | |
61.31.203.98 | |
# https://twitter.com/Techhelplistcom | |
212.7.208.81 | |
211.75.82.207 | |
128.199.246.105 | |
210.65.11.155 | |
86.130.166.5 | |
105.184.215.209 | |
92.27.245.158 | |
86.135.163.38 | |
81.136.142.29 | |
86.139.81.45 | |
200.74.241.151 | |
14.97.18.93 | |
14.99.8.219 | |
165.255.60.173 | |
203.45.13.29 | |
5.2.145.23 | |
68.200.154.229 | |
70.164.35.105 | |
72.27.189.56 | |
78.146.221.200 | |
86.175.137.132 | |
89.230.226.187 | |
174.34.164.106 | |
8.254.200.222 | |
185.82.216.45 | |
107.6.184.117 | |
5.101.152.96 | |
192.185.222.20 | |
212.227.33.186 | |
193.9.28.13 | |
62.212.95.69 | |
14.97.199.78 | |
14.99.144.160 | |
24.37.152.62 | |
66.116.1.87 | |
67.197.181.63 | |
68.235.139.37 | |
72.27.40.48 | |
75.106.84.242 | |
75.154.173.79 | |
75.164.106.249 | |
76.164.64.111 | |
86.135.141.72 | |
86.147.208.204 | |
88.122.10.129 | |
89.230.226.192 | |
96.58.197.43 | |
99.236.206.72 | |
122.62.188.136 | |
206.188.254.60 | |
216.18.198.229 | |
216.45.83.67 | |
109.123.114.197 | |
109.123.114.198 | |
185.38.184.0/24 | |
109.168.95.40 | |
88.86.117.154 | |
213.205.40.169 | |
107.181.187.12 | |
178.63.238.188 | |
69.195.129.70 | |
176.99.4.16 | |
176.57.209.57 | |
176.57.209.25 | |
193.218.145.32 | |
212.109.219.162 | |
85.17.82.122 | |
185.66.9.184 | |
185.36.102.39 | |
104.171.113.104 | |
46.16.188.17 | |
104.145.234.84 | |
195.254.135.18 | |
178.170.189.57 # 744922229217992705 | |
91.217.90.125 | |
195.42.183.110 | |
91.186.0.4 # 745324269354131456 | |
77.221.130.6 # 747493850638213121 | |
81.177.140.141 | |
82.140.32.172 | |
192.186.246.134 | |
195.208.0.136 | |
195.208.1.146 | |
198.54.115.218 | |
207.210.108.162 | |
210.171.0.30 | |
216.218.93.172 | |
217.172.226.2 | |
210.171.0.30 # 747436111430057984 | |
217.73.226.220 | |
107.6.169.61 | |
86.106.30.71 | |
107.180.24.238 | |
217.73.226.220 | |
67.227.166.55 # 746043420918046720 | |
144.76.19.241 | |
217.28.218.223 # 746012349316816896 | |
194.67.201.123 # 747850693294198784 | |
178.57.216.22 | |
92.53.126.72 | |
178.57.216.22 | |
91.203.5.144 | |
91.230.211.84 | |
92.53.126.72 | |
176.114.1.205 | |
185.31.162.63 | |
37.1.202.5 # 948295014634917889 | |
217.23.13.20 | |
91.209.70.107 # 976587805848756224 | |
104.168.177.9 # 996976272357183489 | |
162.219.250.21 # 998778509408522241 | |
# https://twitter.com/_operations6_ | |
185.141.25.108 | |
178.63.238.185 | |
51.254.181.120 | |
212.109.219.31 | |
204.11.58.39 | |
14.156.32.77 | |
118.179.198.66 | |
80.68.177.153 | |
178.254.62.11 | |
93.170.253.80 | |
168.227.171.254 | |
112.140.176.15 | |
77.232.66.157 | |
46.30.46.218 | |
149.255.62.53 | |
194.58.121.186 | |
196.41.123.34 # 742995019984994304 | |
149.255.58.2 # 743399246112657408 | |
104.255.35.102 # 743484787357278211 | |
185.66.175.253 # 744823026135425024 | |
85.93.0.0/24 # 744843960456257536 | |
85.93.1.0/24 | |
54.93.102.86 | |
193.203.99.115 # 745622463132753920 | |
91.219.29.41 | |
195.114.0.86 | |
81.169.145.159 | |
195.114.0.86 | |
184.168.143.94 # 745706140244258817 | |
69.49.101.51 | |
109.237.208.29 | |
213.254.13.74 | |
23.229.171.33 # 746330714765934592 | |
80.109.240.71 | |
93.170.123.219 # 748068104232665088 | |
149.154.159.112 | |
151.236.15.226 | |
151.236.17.45 | |
151.236.17.47 | |
194.31.59.147 | |
93.170.123.219 # 748134761999273985 | |
149.154.159.125 | |
151.236.17.45 | |
# https://twitter.com/pancak3lullz | |
213.186.33.17 | |
5.254.106.219 | |
198.57.247.233 | |
188.138.70.183 | |
222.186.21.170 | |
208.123.67.243 | |
192.185.16.132 | |
81.201.141.119 | |
94.102.63.7 | |
104.28.1.104 | |
217.12.199.94 | |
185.92.247.46 | |
184.164.156.210 | |
188.138.33.0/24 | |
62.75.207.0/24 | |
85.93.93.0/24 | |
219.234.6.206 | |
31.41.44.246 | |
87.236.19.13 | |
146.185.155.126 | |
139.59.166.196 | |
176.114.3.173 | |
107.170.20.33 | |
46.20.33.98 | |
31.184.194.100 | |
104.160.176.116 | |
31.184.195.114 | |
198.58.116.24 | |
110.136.244.128 | |
54.149.248.132 | |
5.189.150.246 | |
91.234.33.215 | |
119.17.253.225 | |
213.229.118.3 | |
72.29.175.234 | |
66.96.133.9 | |
196.12.12.88 | |
91.199.120.147 | |
50.87.114.63 | |
91.206.31.136 | |
5.196.199.235 | |
5.101.174.170 | |
185.58.227.227 | |
212.47.208.0/24 | |
84.245.33.104 | |
108.175.157.102 | |
158.85.253.245 | |
193.200.80.26 | |
220.130.183.13 | |
220.130.196.145 | |
185.118.164.42 | |
85.25.160.124 | |
209.126.120.8 | |
104.193.252.236 | |
93.190.141.27 | |
207.182.148.92 | |
85.25.79.211 | |
95.211.205.228 | |
192.169.190.97 | |
5.199.141.203 | |
192.169.189.167 | |
95.211.205.218 | |
85.171.195.89 | |
54.186.122.88 | |
194.149.138.49 | |
168.235.72.204 | |
82.13.46.90 | |
33.38.160.238 | |
59.116.23.197 | |
70.58.60.21 | |
21.221.249.200 | |
21.26.242.199 | |
184.11.83.2 | |
90.253.197.36 | |
108.222.64.168 | |
102.247.192.26 | |
5.154.240.145 | |
98.45.51.8 | |
165.203.213.15 | |
9.166.23.197 | |
203.124.118.1 | |
23.94.97.5 | |
217.219.107.150 | |
46.165.228.119 | |
92.243.29.148 | |
24.71.248.218 | |
198.143.180.166 | |
67.102.190.171 | |
93.190.69.10 | |
109.237.111.168 | |
192.121.16.196 | |
185.82.216.213 | |
46.108.39.224 | |
31.184.197.126 | |
78.47.110.82 | |
91.226.93.113 | |
91.219.29.64 | |
89.32.40.0/24 | |
81.177.141.229 | |
54.68.74.174 | |
185.108.128.5 | |
92.222.5.193 | |
193.132.119.122 | |
188.165.157.176 | |
83.217.8.155 | |
95.154.199.55 | |
103.255.60.221 | |
179.43.133.37 | |
208.67.1.9 | |
208.67.1.62 | |
208.67.1.182 | |
217.29.58.163 | |
185.29.11.188 | |
69.30.204.13 | |
91.134.169.86 | |
213.171.218.186 | |
185.117.75.131 | |
200.144.182.130 | |
178.79.190.156 | |
192.185.14.130 | |
209.239.114.139 | |
185.117.75.170 | |
148.81.111.121 | |
193.166.255.171 | |
178.32.208.148 | |
192.185.21.133 | |
195.20.44.109 | |
83.69.233.121 | |
185.27.134.216 | |
89.45.67.200 | |
181.215.236.213 | |
212.92.57.70 | |
176.9.174.220 | |
178.32.208.147 | |
158.69.9.184 | |
65.117.69.231 | |
63.77.93.12 | |
181.60.142.27 | |
200.76.89.52 | |
175.110.116.248 | |
201.6.125.231 | |
189.203.180.24 | |
187.223.245.220 | |
175.106.14.186 | |
5.42.240.18 | |
213.233.85.50 | |
179.43.160.68 | |
23.229.153.132 | |
78.129.205.2 | |
72.167.252.88 | |
67.222.1.10 | |
207.154.33.12 | |
31.184.233.109 | |
94.177.249.150 | |
95.213.192.70 | |
195.211.153.40 | |
85.93.5.0/24 | |
192.42.116.41 | |
54.200.80.127 | |
68.169.62.24 | |
82.196.6.143 | |
91.233.244.103 | |
112.78.2.141 | |
195.16.127.157 | |
23.21.187.40 | |
82.25.194.116 | |
74.208.133.234 | |
146.0.42.68 | |
104.193.252.245 | |
103.56.157.90 | |
200.0.24.42 | |
222.124.202.178 | |
46.180.7.231 | |
195.16.127.102 | |
112.175.184.65 | |
50.116.32.177 | |
104.168.188.170 | |
213.186.33.82 | |
43.250.226.174 | |
42.60.60.157 | |
160.176.170.32 | |
52.28.240.134 | |
160.153.51.64 | |
111.74.238.109 | |
43.248.9.100 | |
88.198.69.43 | |
58.221.36.235 | |
45.34.191.159 | |
58.221.44.4 | |
88.198.69.43 | |
117.21.224.222 | |
58.221.44.37 | |
216.121.96.21 | |
125.88.186.67 | |
118.99.23.184 | |
31.11.33.35 | |
58.215.79.72 | |
52.51.20.225 | |
183.60.202.97 | |
82.195.224.108 | |
210.253.108.243 | |
141.8.224.221 | |
92.53.96.57 | |
185.154.12.134 | |
124.158.10.82 | |
31.177.94.109 | |
188.42.242.67 | |
188.42.242.91 | |
188.42.244.218 | |
112.78.2.43 | |
110.164.126.64 | |
112.175.184.65 | |
82.165.25.210 | |
195.22.28.197 | |
144.76.106.114 | |
142.0.138.222 | |
128.31.0.39 | |
91.216.107.195 | |
220.165.9.89 | |
23.229.221.104 | |
128.31.0.39 | |
162.144.156.241 | |
185.93.108.132 | |
91.220.131.68 | |
144.76.249.26 | |
92.53.121.171 | |
93.171.202.176 | |
96.90.244.189 | |
213.157.215.229 | |
178.79.190.156 # 737325985327022080 | |
50.116.32.177 | |
173.230.158.166 | |
183.61.165.228 # 743123575146586112 | |
94.126.171.211 # 743116839689953280 | |
185.27.134.171 # 744942079055376384 | |
93.171.202.176 # 744928763012653058 | |
185.20.186.51 # 745270229580800000 | |
95.128.201.170 | |
46.4.105.20 | |
91.216.163.91 # 745266950486495232 | |
217.146.69.1 # 745263747015540737 | |
162.253.41.144 # 745619915336409088 | |
204.16.169.2 | |
162.253.41.87 | |
141.6.226.14 | |
216.244.80.92 # 745613248838270980 | |
200.219.245.117 | |
74.91.236.57 # 745685949259014147 | |
213.226.246.120 # 745674128456192002 | |
69.194.235.100 # 746821965801914368 | |
89.42.39.67 # 746337709774430208 | |
188.40.80.188 # 746402316316606464 | |
160.153.35.5 | |
64.31.54.150 # 746040971675131906 | |
64.31.54.149 | |
144.76.145.166 | |
115.47.18.252 # 748153504615694338 | |
88.86.120.181 # 748137296889675776 | |
95.170.90.21 | |
217.119.54.167 | |
# https://www.proofpoint.com/us/threat-insight/post/abaddonpos-now-targeting-specific-pos-software | |
50.7.124.178 | |
85.93.5.136 | |
143.107.42.227 | |
85.15.231.195 | |
31.170.164.228 | |
115.239.229.196 | |
222.163.80.69 | |
111.74.238.109 | |
# https://malwr.com/analysis/YTAxZWUwOTcyZjhhNGJkMzg4OWJlZDczMWViMzE3NDQ/ | |
37.58.127.155 | |
206.188.192.96 | |
162.249.6.22 | |
162.210.102.89 | |
176.114.0.200 | |
103.6.198.228 | |
# http://malware-traffic-analysis.net/2016/05/12/index.html | |
69.162.126.171 | |
144.76.82.19 | |
# https://twitter.com/benkow_ | |
46.22.145.57 # 743054179418185728 | |
67.205.10.59 # 743817815971536896 | |
112.251.5.107 # 744815941624594432 | |
95.46.98.221 # 747450303172206593 | |
192.232.216.115 # 745988568112316416 | |
193.232.55.194 # 747813034006020096 | |
# https://blog.sucuri.net/2016/05/test0test5-com-redirect-hack-new-wave.html | |
199.48.227.25 | |
# https://myonlinesecurity.co.uk/spam-malware-attached-picture-from-scanner-copier-at-your-own-email-address/ | |
81.88.48.79 | |
# https://labs.opendns.com/2016/05/16/black-hat-2016-fast-flux-ssl-unique-popular-bulletproof-hosting-option-cyber-criminals/ | |
109.86.110.190 | |
# https://twitter.com/MalwareKiwi | |
185.56.82.82 | |
# https://twitter.com/ConradLongmore | |
37.130.229.96/28 | |
209.190.96.232/29 | |
138.201.162.164 | |
85.93.0.0/24 | |
80.82.64.0/24 | |
188.165.157.176/30 | |
45.63.25.106 # 743818662730170368 | |
83.217.27.178 # 744840846822932480 | |
217.12.223.88 # 747408709349941248 | |
195.123.209.227 | |
185.82.216.61 | |
91.219.29.41 # 745915370402385921 | |
217.12.223.88 | |
195.123.209.227 | |
193.203.99.111 | |
195.208.0.136 | |
212.46.196.141 | |
93.170.123.219 # 748134670466949120 | |
149.154.159.125 | |
151.236.17.45 | |
151.236.17.47 | |
194.31.59.147 | |
# https://www.virustotal.com/en/file/e6d3c977810949624807c50cdd732e4a08c0561ee3b3c857421933dcc2db7119/analysis/1463485866/ | |
125.212.220.11 | |
# https://www.virustotal.com/en/file/5962c039820c882e22dac13f9ea74c1763f8c7a95cf3be69902379506385e7f2/analysis/ | |
103.230.189.210 | |
46.249.199.87 | |
50.63.60.96 | |
68.169.148.133 | |
74.92.81.105 | |
86.139.85.163 | |
86.149.0.206 | |
# https://www.virustotal.com/en/file/070b7bd6fc066201724e854b79303c4963dd9d177b12b91d737b35d39b4efbcd/analysis/ | |
217.12.199.151 | |
107.181.174.15 | |
93.170.169.52 | |
# https://www.virustotal.com/en/file/bd5c2b7f75f629436ac8458c7d994d5246f5537571c865dd3dde9cb1a9401193/analysis/1463417415/ | |
217.76.130.137 | |
# https://www.virustotal.com/en/file/068c5a04584e0687bb57de1a3165f87dd9d9f4ef318eef6ef99eaa523dd7edce/analysis/ | |
79.96.153.93 | |
176.53.21.105 | |
# https://www.virustotal.com/en/file/b42121af9bab7b66bab495a97128170a7536d10707ed47896865dcfc60a568f5/analysis/1463505756/ | |
54.212.162.6 | |
138.186.148.162 | |
190.242.70.182 | |
# https://www.virustotal.com/en/file/88bba2b3075c67a40a5b3f57e31ff52fbf82299e1983320998c686dd43e37838/analysis/1463514873/ | |
24.199.222.250 | |
12.109.210.123 | |
12.227.176.187 | |
14.96.182.161 | |
14.97.53.204 | |
165.255.100.201 | |
197.96.139.253 | |
216.106.253.76 | |
5.2.130.10 | |
67.22.207.161 | |
72.27.187.107 | |
74.207.137.87 | |
76.171.201.163 | |
82.109.41.179 | |
89.116.116.118 | |
43.225.53.214 | |
37.59.128.65 | |
# http://www.nyxbone.com/malware/SkidLocker.html | |
23.227.199.83 | |
23.227.199.175 | |
# https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered | |
93.170.168.60 | |
# http://phishme.com/bolek-leaked-carberp-kbot-source-code-complicit-new-phishing-campaigns/ | |
141.105.69.251 | |
160.202.168.105 | |
191.101.239.161 | |
217.28.218.217 | |
45.30.53.96 | |
46.32.254.136 | |
50.125.238.102 | |
52.74.127.205 | |
64.235.33.221 | |
93.111.155.134 | |
# https://myonlinesecurity.co.uk/spam-malware-you-got-a-voice-message-whatsapp-delivers-locky/ | |
92.63.87.48 | |
89.108.84.155 | |
# https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081 | |
85.93.0.0/24 | |
104.238.185.187 | |
185.117.75.219 | |
95.183.52.215 | |
# https://virustotal.com/en/file/6133cc2d093c640753c2788cdea905963083d3861de7770fe332ad50eb4f7172/analysis/1463720462/ | |
162.250.191.61 | |
# https://www.virustotal.com/en/domain/wifi-spreader.ilovecollege.info/information/ | |
109.18.250.24 | |
# https://www.virustotal.com/en/file/c669e4b9da815fce109355c0052514513f9a27f8919eb1c61f080b421f0d6918/analysis/ | |
101.187.28.8 | |
12.109.210.112 | |
135.26.29.213 | |
14.97.225.11 | |
14.99.13.19 | |
206.223.199.159 | |
222.255.121.202 | |
24.8.213.200 | |
64.203.222.43 | |
72.35.204.239 | |
75.67.214.42 | |
82.140.160.54 | |
82.152.47.41 | |
86.147.175.243 | |
96.93.247.161 | |
206.217.196.88 | |
91.184.55.145 | |
# https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows?utm_content=buffera79ce&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer | |
185.66.10.57 | |
# https://twitter.com/JAMESWT_MHT | |
198.105.221.6 | |
166.62.10.226 | |
199.175.48.94 | |
200.98.146.115 | |
90.156.241.111 | |
37.1.192.81 | |
62.75.196.125 | |
185.68.16.81 | |
93.174.90.117 | |
113.10.243.78 | |
23.229.128.32 | |
212.92.97.33 | |
69.172.201.217 | |
37.140.192.169 | |
94.140.120.170 | |
91.180.105.209 | |
86.106.93.230 | |
92.169.82.86 | |
105.112.42.98 | |
46.165.208.108 | |
86.106.93.230 | |
185.141.25.74 | |
92.53.122.16 | |
46.188.81.206 | |
87.117.201.6 | |
192.185.214.24 | |
5.9.253.171 | |
37.140.192.110 | |
143.95.93.32 | |
80.85.84.72 | |
46.165.221.166 | |
76.26.203.243 | |
194.109.206.212 | |
78.46.55.227 | |
176.58.106.242 | |
178.16.208.60 | |
89.46.104.46 | |
89.45.10.191 | |
167.114.17.37 | |
92.53.125.158 | |
69.65.17.35 | |
131.72.137.174 | |
186.202.127.132 | |
192.185.183.82 | |
70.39.250.162 | |
200.118.252.93 | |
181.52.252.32 | |
93.104.215.155 | |
216.113.194.65 | |
200.63.101.103 | |
103.13.97.199 # 743059628867657728 | |
178.236.74.50 # 743023672122822656 | |
103.241.147.124 # 743057509037019136 | |
62.149.128.157 # 743471054065123328 | |
91.134.150.148 | |
104.28.27.94 | |
97.74.4.191 # 743444054097170432 | |
72.167.131.76 # 743455443045990400 | |
104.168.189.222 # 743376640693133312 | |
107.180.26.72 # 743752583819341824 | |
192.185.0.218 # 744813673328185346 | |
195.230.101.113 # 744837104820232192 | |
192.185.88.86 # 744799560434778112 | |
62.149.128.151 # 744810775861047296 | |
178.170.123.35 # 745173844235673600 | |
62.138.152.170 # 747377681092644864 | |
45.34.81.11 # 747367438954684416 | |
192.254.189.64 # 747363951143432192 | |
217.223.170.163 # 747361785716563968 | |
192.185.216.145 # 747347456736792576 | |
173.247.248.50 # 747342227643346944 | |
104.152.110.255 | |
173.247.251.159 | |
173.247.244.73 | |
205.134.255.7 | |
173.247.252.221 | |
202.191.62.205 # 747336632722849792 | |
27.121.64.87 # 747336389323173889 | |
202.191.62.219 # 747332868121100289 | |
52.28.101.64 # 747326372792537088 | |
50.63.25.127 | |
38.113.1.157 # 746368509517631488 | |
205.144.171.114 | |
67.23.253.165 # 746349615721680896 | |
50.63.25.127 # 746294157329731584 | |
192.185.216.13 # 746276773227270144 | |
200.129.163.16 # 746263640718839808 | |
205.144.171.139 | |
195.208.4.197 # 746252791681802240 | |
188.225.76.139 # 746246198034599936 | |
81.177.23.38 # 745895538780934144 | |
138.201.154.135 | |
104.255.35.102 # 745885202568847360 | |
46.242.145.99 # 748142844582436865 | |
# https://twitter.com/x0rz | |
200.98.174.16 | |
200.74.240.117 | |
2.50.41.54 | |
14.96.64.6 | |
41.189.45.58 | |
67.7.100.241 | |
67.197.110.60 | |
68.235.137.123 | |
92.222.204.59 | |
121.245.156.167 | |
138.201.44.19 | |
140.186.100.71 | |
107.180.41.45 | |
198.58.93.56 | |
203.124.114.1 | |
198.57.136.155 | |
83.145.194.172 | |
198.57.236.4 | |
192.185.162.175 | |
114.215.155.227 | |
209.202.252.50 | |
192.185.216.39 | |
198.252.101.221 | |
46.252.149.140 # 743099521933168643 | |
116.0.20.77 # 743095694274244608 | |
103.53.199.99 | |
92.53.96.66 # 742997894450565121 | |
192.169.82.86 # 743056956303216640 | |
67.231.20.80 # 743785701314072581 | |
74.201.86.28 # 745599444637331456 | |
198.50.156.106 # 745579173511585792 | |
107.180.44.223 # 747422851658092544 | |
46.166.164.252 # 747352399027789825 | |
123.30.132.171 # 746357129431375872 | |
69.89.31.178 # 746279975066603520 | |
162.254.207.74 # 746256330181255168 | |
79.170.40.36 # 747805953156866049 (pdns) | |
79.170.44.77 | |
79.170.44.78 | |
79.170.44.90 | |
79.170.44.97 | |
79.170.44.117 | |
176.32.230.6 | |
217.199.187.193 | |
217.199.187.197 | |
104.31.78.178 # 748159303257890817 | |
104.27.144.175 | |
# https://twitter.com/PhysicalDrive0 | |
174.127.112.103 | |
# https://twitter.com/malware_traffic | |
91.134.206.131 | |
98.158.184.27 | |
188.227.17.83 | |
45.32.181.201 | |
172.98.199.100 | |
108.167.188.125 # 743472000455188480 | |
104.223.114.15 | |
146.185.181.235 # 746697153838387201 | |
136.243.126.122 # 746531397267918848 | |
184.154.146.157 | |
212.231.129.64 # 746119373010534400 | |
108.163.224.94 | |
# http://www.cyphort.com/teepr-com-yet-another-top-alexa-site-spreading-ransomware/?utm_content=buffer7b017&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer | |
217.23.6.40 | |
# https://twitter.com/JaromirHorejsi | |
185.141.25.175 | |
67.23.226.12 | |
80.13.113.62 | |
198.23.67.100 | |
88.150.220.116 # 745249631609683968 | |
208.97.176.242 # 745246981644255232 | |
192.185.16.209 # 745987162768838656 | |
185.45.193.36 # 745892893777334273 | |
23.227.135.34 # 745885382307364864 | |
74.208.147.184 # 747992449478332417 | |
# http://blog.dynamoo.com/2016/05/phish-tnt-consignment-notification-via.html | |
87.106.178.108 | |
# http://blog.dynamoo.com/2016/05/malware-spam-account-compromised.html | |
210.245.92.63 | |
162.251.84.219 | |
80.88.89.222 | |
213.192.1.171 | |
# http://blog.dynamoo.com/2016/05/malware-spam-please-find-attached-file.html | |
188.166.168.250 | |
31.41.44.45 | |
92.63.87.53 | |
176.31.47.100 | |
# http://blog.dynamoo.com/2016/05/malware-spam-i-have-attached-revised.html | |
188.127.231.124 | |
31.184.197.72 | |
92.222.71.26 | |
149.202.109.202 | |
# http://blog.dynamoo.com/2016/05/malware-spam-emailing-photo-05-11-2016.html | |
185.82.202.170 | |
# http://blog.dynamoo.com/2016/05/malware-spam-as-promised-document-you.html | |
5.34.183.40 | |
185.14.28.51 | |
88.214.236.11 | |
# https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/ | |
180.150.227.135 | |
74.208.4.200 | |
74.208.4.201 | |
115.144.69.54 | |
115.144.107.9 | |
103.61.136.120 | |
118.193.12.252 | |
59.188.13.204 | |
180.128.10.28 | |
# http://phishme.com/paypal-customers-targeted-stealthy-html-attachment-phish/ | |
123.56.206.251 | |
203.195.235.135 | |
58.10.74.221 | |
82.78.169.138 | |
122.155.197.70 | |
103.63.135.225 | |
140.121.102.112 | |
123.59.80.208 | |
181.49.142.143 | |
94.102.49.33 | |
81.95.13.41 | |
188.68.235.69 | |
# http://blog.dynamoo.com/2016/05/malware-spam-weekly-report-please-find.html | |
138.201.93.46 | |
91.200.14.139 | |
164.132.40.47 | |
# https://twitter.com/criznash | |
46.166.162.225 | |
46.30.43.54 | |
# http://blog.dynamoo.com/2016/05/malware-spam-urgent-delivery-jobin.html | |
104.131.182.103 | |
# https://twitter.com/sudosev | |
122.10.90.110 | |
# http://malware-traffic-analysis.net/2016/05/26/index.html | |
178.62.235.45 | |
50.21.187.40 | |
# https://twitter.com/malwrhunterteam | |
50.115.165.110 | |
148.251.249.99 | |
208.91.198.0/23 | |
198.54.114.220 | |
92.53.96.16 | |
185.119.173.25 | |
123.1.153.150 | |
138.201.22.85 | |
103.55.24.7 | |
85.204.49.128 | |
45.32.21.193 | |
62.102.148.181 # 743840080373092352 | |
213.152.162.99 | |
109.163.226.153 | |
95.211.229.148 | |
31.171.155.48 | |
176.107.177.210 | |
89.207.130.43 # 744821552496050176 | |
192.185.0.218 # 744816701322076160 | |
192.64.78.11 | |
216.170.122.130 | |
81.138.132.221 | |
46.119.127.129 | |
185.31.19.193 | |
54.230.46.166 | |
63.245.213.44 | |
31.170.164.118 | |
54.231.17.57 | |
107.180.3.136 | |
203.189.232.57 | |
131.72.137.174 | |
192.185.183.82 | |
185.46.120.234 | |
5.55.114.2 | |
188.0.236.7 | |
185.116.215.205 | |
166.62.10.144 # 743158107757477888 | |
143.95.76.213 # 743772250344726528 | |
89.207.130.43 # 744828919459643396 | |
93.125.99.45 # 744870385523499008 | |
89.111.176.132 | |
50.63.202.55 # 747345842575577088 | |
50.63.202.52 | |
107.180.27.234 | |
50.63.202.34 | |
166.62.26.27 # 747351832964435971 | |
# https://twitter.com/dvk01uk | |
69.90.193.5 | |
198.58.93.28 # 745312768060882945 | |
104.244.124.101 # 747338551868547072 | |
82.223.243.43 # 746030709706416128 | |
5.2.228.65 # 746014861927161856 | |
192.186.209.5 # 745654656479666176 | |
177.12.163.97 # 745486375206588416 | |
162.251.81.210 # 747505923309056001 | |
190.14.38.161 # 748185277114396672 | |
158.69.193.61 # 748226759628316672 | |
# https://blog.mxlab.eu/2016/05/26/new-javascript-malware-re-copy/ | |
188.93.229.73 | |
# https://twitter.com/thedefensedude | |
5.152.199.70 | |
37.140.192.214 | |
46.102.232.140 | |
69.16.243.28 | |
79.98.24.9 | |
81.19.186.131 | |
85.9.56.193 | |
85.17.87.153 | |
89.146.221.106 | |
94.73.146.179 | |
101.0.77.74 | |
103.7.8.45 | |
104.131.101.154 | |
108.179.252.59 | |
125.212.248.6 | |
149.202.49.120 | |
166.62.27.59 | |
166.62.28.104 | |
166.62.28.112 | |
176.223.121.193 | |
177.70.27.149 | |
177.185.192.136 | |
188.116.19.98 | |
188.166.41.182 | |
188.241.117.134 | |
191.101.152.144 | |
192.163.252.46 | |
192.254.189.252 | |
195.208.1.161 | |
202.52.146.56 | |
210.48.153.240 | |
217.160.230.183 | |
217.198.115.56 | |
91.218.89.74 | |
188.165.157.176 | |
208.73.210.214 | |
184.168.221.1 | |
89.31.72.177 | |
64.69.219.91 | |
185.14.56.96 | |
149.115.19.219 | |
64.124.16.204 | |
27.254.33.31 | |
50.87.144.196 | |
142.4.60.226 | |
103.6.198.219 | |
94.73.146.80 | |
23.229.189.110 | |
144.76.82.6 | |
204.232.192.84 | |
94.73.151.190 | |
160.153.77.2 | |
123.242.226.30 | |
46.226.47.21 | |
91.239.232.79 | |
187.17.111.104 | |
109.248.33.212 | |
216.55.149.9 | |
# https://twitter.com/securityemploy | |
169.159.98.88 | |
95.211.141.215 | |
# http://malware-traffic-analysis.net/2016/05/27/index.html | |
109.95.159.1 | |
# https://twitter.com/hasherezade | |
109.234.109.142 | |
109.234.109.199 | |
109.234.109.138 | |
23.254.167.231 | |
87.72.73.231 | |
92.222.9.70 | |
128.31.0.39 | |
163.172.149.122 | |
171.25.193.9 | |
178.254.26.244 | |
188.40.128.246 | |
192.80.146.170 | |
193.23.244.244 | |
194.109.206.212 | |
208.83.223.34 | |
212.47.253.41 | |
5.9.253.168 | |
# https://twitter.com/Tears0fSky | |
90.7.200.200 | |
92.142.115.63 | |
# https://www.virustotal.com/en/file/40ea07c850897db3198c23eb2b2e056088f2325f2566b6dfb56678a093d5031b/analysis/1464372145/ | |
5.39.70.7 | |
23.229.130.200 | |
23.229.210.128 | |
24.131.207.220 | |
45.33.123.139 | |
45.56.70.171 | |
46.38.190.12 | |
46.101.146.228 | |
46.237.127.3 | |
49.50.76.239 | |
50.62.82.12 | |
50.62.218.1 | |
50.63.49.1 | |
50.63.181.19 | |
50.87.32.83 | |
54.79.59.85 | |
54.232.82.35 | |
69.89.31.162 | |
69.89.31.189 | |
69.195.82.219 | |
70.40.199.215 | |
74.208.9.32 | |
78.129.161.19 | |
78.153.216.155 | |
81.169.137.204 | |
85.159.67.205 | |
90.156.201.83 | |
94.73.146.30 | |
95.85.58.75 | |
99.198.116.211 | |
103.7.40.140 | |
103.15.49.21 | |
103.53.168.220 | |
104.131.76.239 | |
104.151.72.116 | |
104.238.74.65 | |
107.180.4.152 | |
107.180.41.126 | |
107.180.50.237 | |
108.163.206.185 | |
108.163.240.17 | |
109.74.8.64 | |
112.213.89.97 | |
128.65.195.64 | |
134.0.10.46 | |
134.0.15.116 | |
144.76.95.27 | |
158.69.180.179 | |
160.153.43.193 | |
160.153.45.1 | |
162.13.176.213 | |
162.144.120.200 | |
162.210.102.200 | |
162.243.69.163 | |
166.62.10.35 | |
166.62.28.96 | |
166.62.28.109 | |
166.62.28.111 | |
166.62.28.116 | |
166.62.28.132 | |
166.78.76.248 | |
173.82.21.210 | |
173.254.41.32 | |
178.159.7.57 | |
184.106.55.69 | |
184.107.174.122 | |
186.202.153.26 | |
186.202.161.96 | |
187.45.195.177 | |
188.65.117.70 | |
188.213.20.188 | |
192.111.157.127 | |
193.46.83.106 | |
193.200.255.37 | |
198.1.102.252 | |
198.57.169.13 | |
198.58.82.148 | |
198.58.93.8 | |
198.143.153.132 | |
203.162.96.80 | |
203.185.28.41 | |
205.147.98.130 | |
205.251.133.203 | |
# https://www.virustotal.com/en/file/1f68fce7f92364a22ef3bc3d21e12924d2b5cc69106ef21fdf21bd9a4cb65d15/analysis/ | |
38.65.39.158 | |
45.29.139.155 | |
46.231.112.74 | |
50.63.157.171 | |
50.112.249.10 | |
51.255.102.41 | |
52.11.38.122 | |
52.62.149.4 | |
54.232.178.167 | |
81.169.152.253 | |
93.89.232.14 | |
94.73.151.210 | |
101.100.204.46 | |
103.11.191.170 | |
103.13.242.34 | |
103.255.238.155 | |
104.131.51.187 | |
108.179.196.18 | |
109.228.51.230 | |
122.15.60.189 | |
128.199.147.115 | |
138.201.48.106 | |
141.8.192.56 | |
142.4.22.48 | |
162.144.86.172 | |
162.144.121.16 | |
162.243.62.70 | |
166.62.10.36 | |
166.62.28.117 | |
166.62.28.118 | |
173.201.38.2 | |
177.12.164.84 | |
177.12.174.101 | |
177.70.106.248 | |
185.87.51.115 | |
185.119.173.236 | |
186.202.141.67 | |
186.202.153.171 | |
187.17.111.96 | |
198.54.114.193 | |
198.58.82.132 | |
200.98.190.41 | |
209.126.107.209 | |
216.170.203.69 | |
217.160.95.235 | |
217.160.166.40 | |
217.174.248.139 | |
# https://heimdalsecurity.com/blog/torrentlocker-spoofs-telia-ransomware-attack/ | |
54.218.66.17 | |
54.192.46.49 | |
# https://twitter.com/peterkruse | |
103.208.86.7 | |
185.44.105.210 | |
5.34.183.158 # 745624354814304257 | |
51.254.24.48 # 745916790761488384 | |
217.12.223.88 | |
116.0.23.213 # 745526664889663488 | |
107.180.40.0/24 # 768031024672538624 | |
93.190.139.196 # 949686336335831041 | |
# http://malware-traffic-analysis.net/2016/06/01/index2.html | |
173.201.92.1 | |
173.201.243.128 | |
192.230.81.211 | |
208.109.52.233 | |
192.185.225.245 | |
142.54.230.137 | |
# https://twitter.com/GossiTheDog | |
61.67.218.137 | |
83.166.243.206 # 1042810441897000961 | |
103.253.25.201 | |
145.249.104.238 | |
5.188.87.10 # 1053312410046611459 | |
# http://malware-traffic-analysis.net/2016/06/01/index.html | |
23.96.52.53 | |
27.76.200.236 | |
46.30.46.6 | |
68.171.129.152 | |
78.96.223.247 | |
86.101.172.244 | |
88.247.23.60 | |
94.111.35.133 | |
103.62.255.92 | |
104.40.211.35 | |
112.201.214.21 | |
115.73.16.161 | |
120.63.221.199 | |
122.160.166.241 | |
122.163.24.91 | |
122.163.193.181 | |
123.28.166.92 | |
176.113.145.235 | |
180.183.195.29 | |
184.173.167.98 | |
202.91.73.186 | |
111.121.193.242 | |
# https://twitter.com/bartblaze | |
103.208.86.18 | |
69.30.210.254 # 748132592550092801 | |
92.222.66.214 | |
149.202.242.80 | |
208.67.1.15 | |
# https://twitter.com/demonslay335 | |
158.69.241.183 # Mixed | |
172.99.89.199 | |
185.53.179.8 # 743106570217623552 | |
# https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100 | |
85.25.194.116 | |
# https://www.proofpoint.com/us/threat-insight/post/malicious-macros-add-to-sandbox-evasion-techniques-to-distribute-new-dridex?utm_content=buffere7dd2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer | |
173.254.28.35 | |
23.239.206.87 | |
192.186.204.105 | |
93.170.141.22 | |
45.32.246.100 | |
45.32.149.66 | |
142.126.57.60 | |
154.58.222.139 | |
206.114.64.228 | |
70.212.173.116 | |
96.3.53.77 | |
14.99.114.250 | |
14.97.218.67 | |
82.120.94.63 | |
68.238.144.42 | |
# http://malware-traffic-analysis.net/2016/06/02/index.html | |
98.126.83.188 | |
98.126.83.189 | |
114.207.113.229 | |
220.95.232.236 | |
212.231.130.9 | |
162.252.83.62 | |
162.252.83.76 | |
# https://www.virustotal.com/en/file/d378d1a2aae028e8aaa7640c79e7e3deda105f0f4f241f776617beb43ae1373f/analysis/ | |
85.25.214.50 | |
103.198.0.2 | |
# https://twitter.com/christianpanton | |
85.93.5.139 | |
# https://twitter.com/_jsoo_ | |
# https://www.virustotal.com/en/ip-address/206.72.199.201/information/ | |
206.72.199.201 | |
# https://github.com/Daxda/malware-analysis/tree/master/malware_samples/LinuxNet_perlbot | |
173.208.245.170 | |
146.0.36.68 | |
217.172.189.70 | |
5.9.152.208 | |
75.127.10.40 | |
78.46.59.13 | |
# https://otx.alienvault.com/pulse/575579d7b1b78e0134101728 | |
93.190.137.240 | |
# https://otx.alienvault.com/pulse/575526aeb1b78e01341016c6 | |
103.195.185.94 | |
8.100.156.107 | |
5.100.156.107 | |
148.251.8.173 | |
# http://malware-traffic-analysis.net/2016/06/06/index.html | |
45.32.183.118 | |
67.215.187.94 | |
5.200.55.117 | |
104.238.171.123 | |
# https://blog.fox-it.com/2016/06/07/linkedin-information-used-to-spread-banking-malware-in-the-netherlands/ | |
107.171.187.182 | |
# https://twitter.com/malekal_morte | |
5.135.111.139 # 742279720927121408 | |
193.169.194.168 # mixed | |
104.20.68.21 | |
52.84.27.148 | |
198.134.112.232 | |
173.192.117.206 | |
174.137.155.139 | |
62.210.192.114 | |
5.200.55.51 | |
46.30.46.27 | |
5.9.5.184 | |
69.172.201.153 # 743071753379938304 | |
91.134.161.58 | |
# https://sonar.labs.rapid7.com/ | |
71.6.216.32/27 | |
# https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool?utm_content=bufferce8cf&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer | |
217.23.13.153 | |
# https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear?utm_content=buffer19521&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer | |
192.185.48.154 | |
198.57.151.22 | |
187.45.195.17 | |
81.88.48.78 | |
94.73.151.90 | |
# https://twitter.com/malm0u53 | |
185.53.179.6 # 742321153163825152 | |
139.129.174.148 # 741998595210129408 | |
195.208.1.104 | |
46.30.212.49 | |
92.53.118.117 | |
185.127.27.215 # 740455432263729152 | |
62.213.79.112 | |
155.94.243.59 | |
95.213.135.226 # 739038055466733568 | |
167.114.182.29 | |
5.8.63.31 | |
185.96.94.210 # mixed | |
37.140.192.237 | |
133.48.156.209 | |
121.193.89.201 | |
183.234.242.168 | |
76.185.173.111 | |
209.174.233.25 | |
53.1.70.40 | |
93.72.171.255 | |
157.165.6.183 | |
23.155.252.153 | |
72.167.53.101 | |
95.46.99.8 | |
46.8.255.106 | |
185.109.144.122 | |
155.94.243.59 | |
37.140.192.199 | |
80.93.54.37 | |
92.53.112.201 | |
# https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141 | |
45.32.183.118 | |
# https://otx.alienvault.com/pulse/575782996eb8c60135a9e3c6 | |
213.136.85.203 | |
5.189.151.14 | |
82.192.81.129 | |
91.109.22.107 | |
91.134.177.136 | |
87.236.215.113 | |
# https://twitter.com/da_667 | |
91.134.177.136 | |
43.240.13.59 | |
192.64.81.136 | |
# https://blogs.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript/ | |
# https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/26000/PD26383/en_US/McAfee_Labs_Threat_Advisory-Ransomware-Locky.pdf | |
195.22.28.196 | |
195.22.28.198 | |
# https://riskanalytics.com/Dark_Cloud_Network_Facilitates_Crimeware.pdf | |
109.229.27.208 | |
109.229.11.81 | |
178.214.176.42 | |
91.196.54.239 | |
159.224.34.90 | |
213.231.28.222 | |
37.229.107.205 | |
80.242.97.69 | |
212.87.182.133 | |
# BBcan177 Mail Spam IOCs | |
37.187.67.27 | |
52.38.192.140 | |
69.94.151.29 | |
77.104.129.120 | |
93.127.228.2 | |
98.129.229.73 | |
103.233.250.250 | |
104.18.40.33 | |
104.18.46.84 | |
104.18.53.41 | |
104.24.97.244 | |
104.24.120.241 | |
104.27.135.233 | |
104.27.146.91 | |
104.27.150.4 | |
104.28.2.168 | |
104.28.9.91 | |
104.28.24.55 | |
104.28.28.239 | |
104.31.64.190 | |
104.31.71.22 | |
104.31.80.136 | |
104.31.87.43 | |
104.31.89.219 | |
104.31.93.62 | |
107.150.166.243 | |
119.9.30.112 | |
158.69.219.115 | |
163.172.248.108 | |
173.240.168.87 | |
174.36.59.160 | |
184.173.76.108 | |
190.183.222.150 | |
192.254.189.17 | |
195.43.150.212 | |
198.12.145.135 | |
198.55.28.172 | |
216.55.168.220 | |
216.87.168.211 | |
64.95.100.84 | |
92.40.249.134 | |
188.29.164.0/24 | |
198.46.131.0/24 | |
# https://www.virustotal.com/en/file/0c357e3d47167b7370ce5578bb25c4f1c8b1cd87dbd398ecc07bccdac5087aa1/analysis/ | |
13.84.157.153 | |
23.229.147.2 | |
23.229.160.9 | |
23.229.226.35 | |
23.229.231.39 | |
37.200.66.30 | |
38.229.70.4 | |
40.76.58.209 | |
46.16.62.124 | |
46.249.204.170 | |
62.149.128.151 | |
62.149.142.131 | |
63.143.47.112 | |
64.71.33.177 | |
65.181.113.254 | |
68.164.182.11 | |
69.58.188.40 | |
69.175.33.26 | |
74.50.28.190 | |
74.201.86.21 | |
77.245.68.162 | |
78.26.131.2 | |
78.46.89.154 | |
82.223.210.154 | |
84.116.32.65 | |
85.128.151.195 | |
86.65.123.70 | |
86.109.170.226 | |
87.106.240.27 | |
87.242.73.72 | |
89.106.12.61 | |
91.142.215.77 | |
93.89.224.190 | |
94.73.148.164 | |
94.102.7.42 | |
95.110.231.63 | |
95.211.144.68 | |
104.16.55.3 | |
104.20.31.3 | |
104.27.182.85 | |
107.180.51.237 | |
109.248.32.195 | |
128.31.0.39 | |
134.0.14.194 | |
142.217.193.140 | |
149.3.144.205 | |
159.253.45.219 | |
162.210.102.62 | |
162.222.225.77 | |
166.62.89.69 | |
177.185.192.141 | |
178.218.164.132 | |
187.33.0.252 | |
191.252.2.146 | |
191.252.2.148 | |
192.35.177.64 | |
192.64.117.188 | |
192.186.225.35 | |
194.27.72.146 | |
195.228.39.223 | |
198.144.36.150 | |
200.98.116.70 | |
200.155.86.74 | |
202.170.69.9 | |
205.144.171.55 | |
205.186.187.83 | |
208.109.47.170 | |
208.123.212.37 | |
210.55.230.195 | |
216.47.227.188 | |
216.70.228.110 | |
217.149.7.213 | |
217.160.231.143 | |
217.197.83.197 | |
# https://twitter.com/InfoSec_DD | |
193.200.241.142 | |
149.62.98.3 # 742855018793963520 | |
# https://otx.alienvault.com/pulse/5758c4e8377bbb01340e895d | |
93.174.90.126 | |
# https://www.zscaler.com/blogs/research/malicious-documents-leveraging-new-anti-vm-anti-sandbox-techniques | |
204.93.177.102 | |
# https://isc.sans.edu/forums/diary/Searching+for+malspam/21145 | |
46.173.92.4 | |
62.149.132.43 | |
62.149.140.183 | |
65.181.113.29 | |
65.181.113.187 | |
95.215.46.153 | |
185.61.149.93 | |
188.165.157.176 | |
188.190.33.93 | |
198.105.244.228 | |
217.160.6.96 | |
# https://reaqta.com/2016/06/nemucod-meets-php/ | |
37.140.192.209 | |
89.31.108.3 | |
92.53.121.36 | |
185.26.122.180 | |
# https://otx.alienvault.com/pulse/5759741f78e335013763cea0 | |
8.5.1.35 | |
58.158.177.102 | |
# https://www.hybrid-analysis.com/sample/e6f8bd93246e534ba73cdce9e6596f2913b9f32cc08c4d14c685f59441e42e1a?environmentId=100 | |
185.26.122.180 | |
# https://www.arbornetworks.com/blog/asert/communications-bolek-trojan/ | |
91.215.154.155 | |
# https://twitter.com/mesa_matt | |
93.174.94.135 | |
37.112.59.79 # 745698957314113536 | |
166.78.145.90 | |
173.237.190.72 | |
185.139.0.217 | |
91.220.131.220 | |
# https://blog.malwarebytes.org/cybercrime/exploits/2016/06/neutrino-exploit-kit-fills-in-for-angler-ek-in-recent-malvertising-campaigns/ | |
# https://www.virustotal.com/en/domain/watch.pnwpga.com/information/ | |
69.30.229.132 | |
# https://blogs.mcafee.com/mcafee-labs/thrones-jon-snow-appears-to-employ-neutrino-exploit-kit/ | |
# http://viewdns.info/reversewhois/?q=yaplakal.r%40gmail.com | |
# https://www.virustotal.com/en/domain/23iujasdhaskj.top/information/ | |
# https://www.virustotal.com/en/domain/injec-software-me.com/information/ | |
# https://www.virustotal.com/en/domain/gugendolik.com/information/ | |
# https://www.virustotal.com/en/domain/newserver-newscompnay.com/information/ | |
# https://www.virustotal.com/en/domain/diahatvietnam.com/information/ | |
188.93.211.27 | |
188.93.211.67 | |
194.58.121.54 | |
74.57.205.136 | |
184.168.221.39 | |
69.197.18.183 | |
104.28.20.75 | |
104.28.21.75 | |
# http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html | |
66.150.114.20 | |
103.194.112.36 | |
138.201.162.161 | |
184.73.178.140 | |
85.143.209.61 | |
104.238.173.205 | |
185.117.73.124 | |
139.59.188.227 | |
45.32.182.43 | |
# https://twitter.com/JanneFI | |
31.170.163.90 | |
# https://www.arbornetworks.com/blog/asert/communications-bolek-trojan/ | |
91.215.154.155 | |
# https://twitter.com/F_kZ_ | |
107.181.175.15 | |
88.127.231.124 | |
58.206.126.28 | |
162.144.156.241 # 744838342337007616 | |
1.35.32.95 # 742370496046583808 | |
2.226.228.33 | |
3.177.177.160 | |
4.4.137.168 | |
4.88.158.184 | |
7.87.41.16 | |
8.134.27.251 | |
14.221.219.225 | |
15.22.130.149 | |
16.167.234.192 | |
17.160.190.25 | |
18.176.47.78 | |
19.34.61.18 | |
20.89.101.250 | |
20.123.164.86 | |
22.224.76.149 | |
26.204.147.126 | |
28.32.221.17 | |
29.207.100.120 | |
30.232.78.239 | |
31.140.207.13 | |
32.120.71.1 | |
34.90.91.110 | |
35.47.222.13 | |
36.27.192.47 | |
38.97.170.78 | |
38.114.57.173 | |
38.234.124.213 | |
47.98.26.246 | |
49.139.190.13 | |
51.181.119.128 | |
53.2.186.19 | |
57.17.67.112 | |
57.66.143.78 | |
60.103.72.217 | |
61.125.246.31 | |
64.25.212.40 | |
67.226.101.210 | |
68.96.164.94 | |
69.11.90.163 | |
70.215.19.187 | |
71.250.234.148 | |
73.115.66.24 | |
73.134.157.228 | |
73.238.111.174 | |
74.51.90.52 | |
74.133.61.231 | |
82.187.81.4 | |
83.133.52.236 | |
88.151.101.129 | |
88.204.156.90 | |
89.99.54.140 | |
89.205.122.234 | |
90.130.74.91 | |
91.32.196.167 | |
92.243.219.229 | |
95.94.180.114 | |
98.44.76.218 | |
102.144.251.22 | |
107.5.150.38 | |
107.82.36.164 | |
107.107.116.161 | |
112.232.40.194 | |
113.22.225.129 | |
115.199.234.253 | |
116.243.53.245 | |
117.158.35.35 | |
119.132.244.145 | |
123.230.219.179 | |
125.99.186.180 | |
134.75.158.226 | |
134.77.10.29 | |
134.169.176.194 | |
137.69.222.215 | |
138.124.12.228 | |
139.60.79.248 | |
143.50.110.138 | |
143.92.58.174 | |
145.242.121.115 | |
145.254.247.7 | |
146.164.65.135 | |
148.22.255.219 | |
150.15.97.232 | |
150.130.130.31 | |
151.75.178.198 | |
151.220.234.186 | |
153.114.118.250 | |
155.94.67.23 | |
155.220.210.239 | |
163.20.178.10 | |
166.164.58.107 | |
166.176.46.71 | |
168.5.2.25 | |
169.0.158.243 | |
169.164.117.136 | |
172.188.162.144 | |
176.168.136.171 | |
177.16.14.56 | |
179.188.3.63 | |
183.177.176.53 | |
183.182.89.222 | |
185.66.95.10 | |
187.178.176.10 | |
190.85.72.92 | |
191.32.105.11 | |
192.70.226.155 | |
193.60.170.10 | |
193.100.138.58 | |
194.170.179.45 | |
195.1.71.220 | |
196.201.156.226 | |
198.36.81.78 | |
198.42.82.132 | |
200.140.196.192 | |
202.45.91.27 | |
204.95.85.50 | |
206.5.53.128 | |
206.48.132.155 | |
210.4.135.1 | |
210.205.88.28 | |
211.99.83.223 | |
212.237.238.105 | |
213.157.44.176 | |
216.73.211.178 | |
216.132.93.156 | |
217.42.9.62 | |
220.15.121.157 | |
225.24.137.64 | |
226.194.205.42 | |
228.18.238.173 | |
228.160.131.206 | |
229.90.213.181 | |
233.244.139.112 | |
235.148.76.158 | |
236.74.71.200 | |
239.230.119.73 | |
240.116.193.19 | |
241.225.220.134 | |
244.88.36.226 | |
244.184.154.158 | |
245.250.2.209 | |
246.137.215.198 | |
249.56.97.85 | |
249.63.207.73 | |
250.122.14.85 | |
254.55.46.193 | |
179.43.133.38 | |
51.255.19.179 # 747408054627377152 | |
# http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html | |
5.133.179.79 | |
74.201.85.74 | |
45.32.183.83 | |
104.238.173.205 | |
# https://twitter.com/DrolSecurity | |
78.170.189.17 | |
# https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ | |
185.100.84.134 | |
58.49.58.58 | |
218.1.98.203 | |
187.33.33.8 | |
185.86.148.227 | |
45.32.129.185 | |
23.227.196.217 | |
# https://twitter.com/CyberScimitar | |
178.170.189.17 | |
92.53.121.171 | |
185.93.108.132 | |
93.171.202.176 | |
188.127.230.5 | |
195.54.162.33 | |
37.139.29.105 | |
81.177.23.247 # 743470119838486528 | |
94.142.139.214 | |
178.170.189.17 | |
93.171.202.176 | |
46.254.21.69 | |
88.214.236.194 | |
# https://twitter.com/in_threat | |
204.152.203.99 | |
192.52.167.118 | |
84.200.68.163 | |
# https://twitter.com/chmod1777 | |
104.168.180.192 | |
# https://twitter.com/Antelox | |
59.180.231.54 # 743109421400752129 | |
94.102.50.50 # 743504417090113536 | |
77.222.56.251 # 744202025286639616 | |
31.220.17.11 | |
198.211.115.134 | |
93.89.224.8 | |
212.129.55.87 | |
46.30.212.111 # 744187915824152577 | |
88.208.252.204 | |
206.222.19.250 | |
188.40.248.65 # 744125834596876288 | |
81.177.165.93 # 744113839785009152 | |
120.26.59.61 # 744899390024880129 | |
212.129.55.87 | |
84.45.72.224 # 744930566538207236 | |
195.208.1.157 | |
5.101.152.55 | |
104.207.244.16 # 745302311241719808 | |
91.216.107.154 | |
46.41.144.46 # 745531040286932992 | |
87.236.19.41 | |
5.101.153.64 | |
5.101.153.43 | |
5.101.152.120 | |
121.41.90.205 # 746596735649255424 | |
103.224.22.12 | |
74.124.24.164 | |
5.101.152.71 | |
173.247.249.189 | |
5.101.153.0/24 # 746279030069002245 | |
5.101.152.67 | |
87.236.19.17 # 745930202530852864 | |
91.106.207.19 | |
87.236.19.60 | |
87.236.19.26 | |
# https://twitter.com/GossiTheDog | |
50.87.44.134 # 682164539689938944 | |
# https://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/ | |
103.229.124.1 | |
103.39.78.131 | |
107.191.61.105 | |
112.213.117.52 | |
116.251.210.77 | |
116.251.216.165 | |
116.251.216.227 | |
116.251.216.72 | |
116.251.219.142 | |
117.17.10.10 | |
151.236.14.53 | |
176.31.220.160 | |
178.209.51.164 | |
178.209.52.72 | |
192.157.229.164 | |
198.98.103.7 | |
210.245.85.83 | |
23.89.200.128 | |
23.89.201.173 | |
38.109.190.55 | |
49.213.18.15 | |
50.117.47.66 | |
50.117.47.67 | |
61.250.92.79 | |
# https://twitter.com/Simpo13 | |
46.254.21.84 # 743086368205705216 | |
4.198.232.114 | |
# https://twitter.com/jeromesegura | |
45.63.26.202 # 743165744054046720 | |
# http://malware-traffic-analysis.net/2016/05/16/index.html | |
188.93.211.67 | |
# https://otx.alienvault.com/pulse/57616f7b5804b00134147bda | |
5.56.133.145 | |
# https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22960/en_US/McAfee-Labs-ThreatAdvisory-Pinkslipbot_RevA.pdf | |
216.227.214.95 | |
72.29.86.119 | |
66.219.30.219 | |
110.4.45.64 | |
74.220.215.107 | |
162.144.12.241 | |
# https://www.virustotal.com/en/file/5a878ac22eb059159c2976d11840bdae09111ba8e17933794dbfb23435d89bdd/analysis/1466045706/ | |
85.170.19.102 | |
# https://twitter.com/James_inthe_box | |
69.36.165.48 # 743502699069464576 | |
107.180.14.68 # 743515050980188162 | |
66.175.222.234 # 743532746446766080 | |
# https://blog.malwarebytes.com/cybercrime/exploits/2016/06/a-look-at-the-angler-less-exploit-kit-scene/ | |
46.30.47.110 | |
# https://twitter.com/BroadAnalysis | |
46.30.47.116 # 743835993644597249 | |
185.133.72.122 # 743433394533576704 | |
5.200.55.156 # 742370461133180928 | |
93.114.65.96 | |
115.74.159.3 | |
84.232.212.135 | |
49.48.216.228 | |
85.93.0.43 # 742067919157366784 | |
45.63.41.234 | |
85.93.0.72 # 740920663876198400 | |
74.208.110.67 # 739465362157277185 | |
109.248.32.173 # 738360899015180288 | |
185.106.122.81 # 738047398417694720 | |
198.105.254.228 | |
66.240.194.139 | |
67.215.187.94 # 737452923551133696 | |
5.200.55.71 | |
46.30.46.190 | |
185.141.27.2 # 736199577175461888 | |
185.141.27.170 # 735503054301200386 | |
158.69.183.24 | |
81.2.240.180 # 734923510489944064 | |
80.87.205.115 | |
5.8.63.0/24 | |
85.93.0.81 # 734893549641175041 | |
185.141.27.143 | |
93.170.169.160 | |
95.213.139.116 | |
5.101.152.83 # 728793786738982912 | |
192.185.215.103 | |
5.144.130.40 | |
46.28.68.46 | |
51.254.93.2 | |
75.126.171.192 | |
178.210.171.15 | |
75.126.217.39 | |
87.98.183.207 | |
65.110.76.229 | |
217.160.230.9 | |
193.124.185.87 | |
185.86.78.3 | |
5.8.63.54 # 734411289011838977 | |
85.93.0.33 # 732655882039885825 | |
108.61.221.86 | |
204.155.30.124 | |
89.145.89.1 # 732297976887037956 | |
185.93.0.33 # 732250080317739008 | |
85.117.75.136 | |
185.117.75.136 | |
176.8.211.57 | |
85.25.95.39 # 744555497987186688 | |
185.119.173.35 | |
146.185.173.25 # 745335484461780992 | |
212.67.205.58 | |
74.208.77.101 | |
74.208.166.84 | |
74.208.161.216 | |
185.49.68.215 | |
58.64.142.89 # 745641395092865025 | |
46.30.47.137 # 746733497918853120 | |
45.35.86.57 | |
115.28.36.224 | |
46.30.46.170 # 746180434199986177 | |
185.127.25.247 | |
95.163.127.184 | |
108.163.224.94 # 746058357874761728 | |
# https://otx.alienvault.com/pulse/576453a7f15dc60134d27471 | |
151.80.9.92 | |
136.243.126.105 | |
5.196.241.192 | |
79.174.73.100 | |
178.33.188.146 | |
176.126.71.5 | |
# https://twitter.com/ochsenmeier | |
5.56.133.100 # 742448375312863233 | |
# https://www.fireeye.com/blog/threat-research/2016/06/resurrection-of-the-evil-miner.html | |
198.204.254.82 | |
88.214.200.145 | |
# https://twitter.com/LowsonWebmin | |
67.227.182.157 # 744932198709661696 | |
# https://twitter.com/_odisseus | |
78.31.66.161 # 744962399548096512 | |
# https://twitter.com/jedisct1 | |
51.254.240.48 # 745315081852837888 | |
185.82.216.55 | |
217.12.223.83 | |
93.170.104.107 # 745339163550023681 | |
91.219.29.41 # 745624598809546753 | |
93.170.169.188 | |
217.12.223.88 # 746348458852950016 | |
195.123.209.227 | |
185.82.216.61 | |
217.12.223.89 | |
5.61.37.139 # 745994532009943040 | |
195.123.209.227 # 745743267170488321 | |
185.82.216.60 | |
217.12.223.88 | |
# https://blogs.forcepoint.com/security-labs/highly-popular-anime-site-jkanime-compromised-redirecting-users-neutrino-ek#st_refDomain=t.co&st_refQuery=/xjOrgjTNtC | |
104.25.159.13 | |
146.185.173.25 | |
# https://twitter.com/mikko | |
113.10.158.114 # 745182672549359616 | |
203.189.232.1 | |
118.193.246.157 | |
182.16.4.2 | |
103.242.3.47 | |
182.16.4.6 | |
# https://blog.malwarebytes.com/threat-analysis/2016/03/scammers-impersonate-isps-in-new-tech-support-campaign/ | |
190.97.163.85 | |
130.211.186.109 | |
74.220.199.6 | |
# https://twitter.com/0xtadavie | |
91.219.29.41 # 745581758217883648 | |
# https://labs.opendns.com/2016/06/20/bitcoin-wallet-phishes-reveal-rogue-hosts/ | |
89.248.171.0/24 | |
91.218.247.0/24 | |
104.28.30.195 | |
93.174.91.42 | |
# 23.236.62.147 | |
162.213.255.53 | |
50.116.61.95 | |
# https://otx.alienvault.com/pulse/576a6ba4f15dc60d70d2777a | |
129.121.5.191 | |
213.205.38.24 | |
46.30.213.77 | |
93.190.41.97 | |
160.153.73.4 | |
203.124.43.226 | |
45.40.143.233 | |
192.186.200.134 | |
162.213.157.131 | |
217.160.177.243 | |
89.107.186.4 | |
123.30.145.20 | |
213.205.38.28 | |
195.14.0.150 | |
213.205.38.25 | |
103.6.198.138 | |
109.71.40.52 | |
192.186.209.5 | |
23.229.133.197 | |
112.78.2.153 | |
# https://otx.alienvault.com/pulse/576ad190f9467301352cdbfb | |
176.126.71.5 | |
# https://twitter.com/malcatmewmew | |
85.128.210.66 | |
193.203.99.113 | |
# https://twitter.com/0xtadavie | |
185.82.216.61 # 747360136843399168 | |
217.12.223.89 | |
195.123.209.227 # 745955826423177216 | |
# https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users | |
82.165.37.26 | |
# https://twitter.com/ReaQta | |
103.6.198.185 # 745917278181523456 | |
104.152.168.29 | |
107.180.24.238 | |
107.6.169.61 | |
109.234.160.30 | |
112.140.178.249 | |
143.95.250.67 | |
146.120.112.197 | |
160.153.73.196 | |
162.210.102.232 | |
166.63.125.135 | |
175.45.184.160 | |
176.62.167.160 | |
185.149.90.4 | |
188.40.0.214 | |
192.185.146.153 | |
192.185.225.43 | |
192.185.65.228 | |
192.186.246.98 | |
192.254.188.98 | |
193.203.99.111 | |
193.203.99.113 | |
195.208.0.136 | |
199.204.248.105 | |
199.241.184.10 | |
202.124.241.203 | |
203.132.10.3 | |
216.120.252.191 | |
217.73.226.220 | |
217.76.156.98 | |
23.229.131.128 | |
46.226.62.141 | |
46.226.62.145 | |
65.39.184.151 | |
66.33.222.26 | |
69.156.240.29 | |
75.119.198.150 | |
79.174.64.15 | |
80.78.166.19 | |
83.96.159.64 | |
85.118.237.109 | |
85.25.235.209 | |
89.36.135.166 | |
92.53.126.193 | |
94.247.170.75 | |
95.38.60.148 | |
98.131.20.17 # 745909797707464704 | |
195.234.4.64 | |
173.225.21.34 | |
94.46.167.10 | |
213.189.197.201 | |
67.231.20.224 | |
108.160.148.6 | |
149.255.34.144 | |
87.239.18.13 | |
23.229.135.101 | |
212.227.33.91 | |
88.208.252.194 | |
81.177.140.141 | |
90.156.201.56 | |
77.221.130.6 | |
195.208.1.146 # 748174104633679872 | |
14.31.59.147 | |
62.42.230.17 | |
85.9.56.201 | |
88.86.120.126 | |
93.170.123.219 | |
95.170.90.21 | |
149.154.159.125 | |
151.236.17.45 | |
151.236.17.47 | |
188.116.19.59 | |
207.204.30.14 | |
212.23.8.80 | |
213.158.72.90 | |
216.239.136.136 | |
216.239.136.223 | |
217.31.51.180 | |
217.119.54.167 | |
208.71.106.37 # 748113712880435200 | |
46.19.218.30 | |
205.236.147.16 | |
# https://twitter.com/tmmalanalyst | |
62.76.188.61 # 746896087164719104 | |
40.30.47.137 # 746743875998343168 | |
# http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/ | |
5.9.94.34 | |
5.79.71.225 | |
46.101.115.221 | |
69.195.129.72 | |
83.125.22.161 | |
85.17.31.82 | |
85.17.31.122 | |
138.201.0.134 | |
138.201.47.150 | |
138.201.47.153 | |
138.201.47.158 | |
144.76.250.205 | |
178.162.217.107 | |
178.162.203.202 | |
178.162.203.211 | |
178.162.203.226 | |
# https://twitter.com/h3x2b | |
89.111.177.133 # 747738867877421056 | |
193.203.99.112 | |
86.106.30.71 | |
62.14.3.195 | |
62.37.237.59 | |
64.50.161.218 | |
66.147.244.210 | |
69.27.174.10 | |
78.24.186.235 | |
80.74.144.35 | |
81.24.1.16 | |
81.196.20.133 | |
83.235.64.44 | |
85.193.69.29 | |
89.42.39.160 | |
91.223.216.66 | |
112.140.42.29 | |
166.62.10.52 | |
178.254.62.52 | |
188.40.77.144 | |
192.185.36.128 | |
192.186.251.225 | |
195.3.96.72 | |
198.1.71.135 | |
198.169.132.17 | |
208.71.106.219 | |
# https://twitter.com/Simpo13 | |
51.236.15.226 # 747844999467892740 | |
194.9.94.117 | |
# https://twitter.com/dez_ | |
139.59.191.79 # 747807234684379137 | |
78.46.167.130 | |
# https://twitter.com/JaiGuill | |
95.59.26.88 # 748081704171151364 | |
107.181.255.246 | |
# https://twitter.com/IgnotumAliquis | |
82.221.139.0/24 # 785990081043496960 | |
# https://www.reddit.com/r/Malware/comments/4tfrja/malware_served_from_reddit_ad_xpost_from_rads/ | |
104.243.35.138 | |
# https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight | |
5.187.5.206 | |
50.7.124.160 | |
50.7.124.184 | |
50.7.124.215 | |
50.7.143.14 | |
50.7.143.70 | |
95.154.199.67 | |
95.154.199.79 | |
95.154.199.135 | |
95.154.199.181 | |
95.154.199.182 | |
95.154.199.183 | |
162.247.14.213 | |
179.43.147.195 | |
179.43.147.242 | |
192.240.97.164 | |
193.109.69.212 | |
46.183.219.105 | |
46.183.220.156 | |
46.183.221.146 | |
91.219.239.113 | |
184.171.243.62 | |
184.171.243.63 | |
185.29.11.167 | |
191.101.250.49 | |
191.101.251.1 | |
191.101.251.12 | |
192.169.7.226 | |
# http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/ | |
222.239.91.30 | |
210.209.118.30 | |
43.225.56.138 | |
# http://researchcenter.paloaltonetworks.com/2016/08/unit42-vb-dropper-and-shellcode-for-hancitor-reveal-new-techniques-behind-uptick/ | |
62.141.54.153 | |
213.239.192.240 | |
# http://www.kahusecurity.com/2016/javascript-leads-to-browser-hijacking/ | |
95.153.31.22 | |
# https://www.us-cert.gov/hiddencobra | |
104.192.193.149 | |
111.207.78.204 | |
117.232.100.154 | |
119.10.74.66 | |
122.114.89.131 | |
122.114.94.26 | |
125.160.213.239 | |
125.212.132.222 | |
139.217.27.203 | |
173.0.129.65 | |
173.0.129.83 | |
175.100.189.174 | |
181.119.19.118 | |
181.119.19.141 | |
181.119.19.196 | |
181.119.19.5 | |
181.119.19.50 | |
181.119.19.54 | |
181.119.19.56 | |
181.119.19.58 | |
181.119.19.74 | |
190.105.225.232 | |
190.82.74.66 | |
190.82.86.164 | |
191.233.33.177 | |
191.234.40.112 | |
195.74.38.115 | |
196.25.89.30 | |
197.211.212.14 | |
199.167.100.46 | |
200.57.90.108 | |
203.160.191.116 | |
208.180.64.10 | |
208.78.33.70 | |
208.78.33.82 | |
209.183.21.222 | |
210.202.40.35 | |
216.163.20.178 | |
221.208.194.72 | |
221.235.53.229 | |
27.123.221.66 | |
36.71.90.4 | |
41.92.208.194 | |
41.92.208.196 | |
41.92.208.197 | |
5.79.99.169 | |
50.62.168.157 | |
59.90.93.138 | |
62.243.45.227 | |
64.29.144.201 | |
66.175.41.191 | |
66.232.121.65 | |
66.242.128.11 | |
66.242.128.12 | |
66.242.128.13 | |
66.242.128.134 | |
66.242.128.140 | |
66.242.128.158 | |
66.242.128.162 | |
66.242.128.163 | |
66.242.128.164 | |
66.242.128.170 | |
66.242.128.173 | |
66.242.128.179 | |
66.242.128.181 | |
66.242.128.185 | |
66.242.128.186 | |
66.242.128.223 | |
71.125.1.130 | |
71.125.1.132 | |
71.125.1.133 | |
71.125.1.138 | |
72.167.53.183 | |
75.103.110.134 | |
77.78.100.101 | |
81.0.213.173 | |
82.223.213.115 | |
82.223.73.81 | |
91.116.139.195 | |
96.65.90.58 | |
98.101.211.140 | |
98.101.211.162 | |
98.101.211.170 | |
98.101.211.251 | |
98.113.84.130 | |
98.159.16.132 | |
# https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/ | |
14.139.200.107 | |
175.100.189.174 | |
197.211.212.31 | |
199.180.148.134 | |
110.45.145.103 | |
217.117.4.110 | |
61.106.2.96 | |
181.119.19.100 | |
124.248.228.30 | |
119.29.11.203 | |
139.96.55.146 | |
114.215.130.173 | |
# https://twitter.com/CraneHassold | |
178.159.36.241 # 937389328648560647 | |
# https://twitter.com/Techhelplistcom | |
202.181.24.235 # 940805468271804416 | |
91.234.99.151 # 965345305578409984 | |
80.211.245.223 # 992044061216460800 | |
217.61.108.26 # 992252017065189380 | |
# https://twitter.com/JayTHL | |
176.74.30.18 # 1118021886808612865 | |
# https://twitter.com/switchingtoguns | |
185.110.132.218 # 946413033349369857 | |
# https://twitter.com/bad_packets | |
181.214.87.0/24 # 976644371364773888 | |
185.8.51.39 # 982106706292367360 | |
5.188.9.135 | |
198.211.99.33 # 1064325625123500032 | |
111.90.158.225 | |
# https://twitter.com/bry_campbell | |
111.90.138.178 # 983649159508054017 | |
# https://twitter.com/aa419 | |
64.20.39.27 # 991440987162460160 | |
# https://blog.talosintelligence.com/2018/05/VPNFilter.html | |
91.121.109.209 | |
# 217.12.202.40 (TOR Node) | |
94.242.222.68 | |
# 82.118.242.124 (TOR Node) | |
46.151.209.33 | |
217.79.179.14 | |
91.214.203.144 | |
95.211.198.231 | |
195.154.180.60 | |
5.149.250.54 | |
91.200.13.76 | |
94.185.80.82 | |
62.210.180.229 | |
# https://twitter.com/BBcan177 | |
5.45.79.15 # 1003344397176537088 | |
92.40.248.0/24 # Spammer | |
92.40.249.0/24 # Spammer | |
# https://twitter.com/bad_packets | |
166.63.127.154 # 1031286141654204416 | |
185.82.200.87 # 1068567506070102017 | |
# https://twitter.com/alphasoc | |
206.189.40.55 # 1039355203609223170 | |
213.174.157.150 # 1056792558284619776 | |
# https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html | |
95.216.59.92 | |
# https://twitter.com/JayTHL | |
101.99.90.67 # 1165861042859253760 | |
103.254.208.44 | |
104.194.11.41 | |
104.243.245.155 | |
104.244.74.119 | |
107.173.125.119 | |
107.174.14.10 | |
142.11.211.58 | |
162.144.78.83 | |
173.82.206.243 | |
176.53.12.17 | |
178.159.36.167 | |
178.159.36.236 | |
181.41.215.48 |
Dear Sir/ Madam,
On 09/09/2019, when I tried to sign up for APILITY.IO services, a pop-up message appeared on my screen indicating that my IP address been blacklisted by your Organisation. Totally disappointed about this and very confused. As a Cyber Security Engineer, I would like to know who has blacklisted my IP address and would like to receive some helpful information regards this matter, please.
Blacklists are an effective way to mitigate malicious hosts but to be effective, a blacklist has to represent the reality.
A OVH mutualized server whose ip is 213.186.33.17 has been blacklisted here May 12, 2016.
While I don't contest that a malicious content has been hosted on this server, as for today, one of the many website I manage is hosted on this server. And as a consequence, this website is blacklisted because something happened 3 years ago.
This website doesn't aim at a large public, so the business impact is limited.
However, now, cyber rating companies are scanning ALL the assets of companies and put a rating on this.
It decides wather your cyber insurance premium increases or not, and explains to your management if your job is done or not.
And because this IP is blacklisted here, it has an impact on my security score.
So this blacklist get on top of my todo list.
Internet is living and hosts are being activated and deactivated every day.
So, if there is something to fix, I'd like to know.
But most probably, the issue has been fixed years ago by the provider.
And I don't see a way to be unlisted, except added a comment to this gist.
So can someone explain what I have to do to get delisted or just delist this ip because the event happened 3 years ago?
Thanks in advance
Lines 3015 and 3020 are missing a #
Hi,
you are blocking the main IP address of my email domain in your list: 23.236.62.147
Please remove it