-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathblocklists-lumen.txt
379 lines (344 loc) · 11.3 KB
/
blocklists-lumen.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
## hosts-blocklists
## domains-ips-hashes
## blocklists-lumen
## https://blog.lumen.com/author/black-lotus-labs/
## https://github.com/blacklotuslabs/IOCs
# https://blog.lumen.com/the-pumpkin-eclipse/
# https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt
3smh.com
ammhdfgygb.com
axon-stall.riddlecamera.net
checkqazxsw1.com
coreconf.net
cu6s.com
d2h7pt7y3j9pry.cloudfront.net
denglujiechi666.oss-cn-chengdu.aliyuncs.com
dh.id3cqcmgjcb.top
lighten.medyamol.com
m.aiguoba.com
m.isanyin.com
mh.55dmh.com
mmmmm999.oss-cn-chengdu.aliyuncs.com
nihiosuxnmo.com
sainnguatc.com
secu100.com
v5002.cn
xmsecu100.net
xmsecu.io
xmsecu.net
2.59.222.3
2.59.222.35
2.59.222.97
2.59.222.99
2.59.222.102
2.59.222.124
2.59.222.125
2.59.222.126
2.59.222.146
2.59.223.144
2.59.223.213
2.59.223.218
2.59.223.226
2.59.223.253
38.54.27.204
45.116.160.62
45.116.160.100
45.116.160.105
45.116.160.115
45.116.160.154
45.116.160.182
91.211.88.6
91.211.88.225
103.84.84.250
103.84.84.251
103.117.145.106
103.117.145.107
103.117.145.108
103.117.145.109
103.117.145.110
103.117.146.218
103.117.146.219
103.117.146.220
103.117.146.222
103.117.147.66
103.117.147.67
103.140.187.149
103.244.2.170
103.244.2.171
103.244.2.217
103.244.2.218
103.248.22.5
103.248.22.16
104.233.166.129
104.233.166.194
104.233.167.62
104.233.167.63
104.233.167.81
104.233.167.82
104.233.167.103
104.233.210.118
104.233.210.119
107.148.0.182
107.148.88.123
112.121.165.74
112.121.165.75
112.121.165.76
112.121.165.77
112.121.165.78
114.29.255.77
114.29.255.123
116.213.39.2
116.213.39.3
116.213.39.4
116.213.39.5
116.213.39.6
139.5.202.18
139.5.202.19
139.5.202.106
141.193.159.10
141.193.159.11
180.178.46.242
180.178.46.243
180.178.46.244
180.178.46.245
180.178.46.246
185.189.240.13
185.189.240.21
185.189.241.180
185.189.241.246
194.36.190.99
216.118.241.202
216.118.241.203
216.118.241.204
216.118.241.205
216.118.241.206
6c6609264e9e4b365e1bd7df187f4405a1df3f02
21d9ae29551dcbe39de375bdf8ada5a47b0e2372
27dc61dd0bb9a53799ae29c6927f38d98ccdb27b
183fa84e35bb498efb4dfb05d2a4997cd66e2f0f
0c7c6926e854aac4dc4821be07f826157b576d0a217d74d5675d7b32eb78b50e
00550d5c2ed14a445ae13cff8eff32ba7a7dd502d145481bcd18161cf1df540d
2a65fdd8c44a6b7191c09702d9f747471564346c465a42b9abbb4dfa1bc5f7fb
5b7874b18e8365e07624946a33518988aea4c72478a285a36047b4ba554a7576
5b9405418b654c9418e514ae3420c72af58d418adefca43644bf2bf14d89cc5a
5fc8534d490312823a49e2a13afc8a7b6b026280c79db704465fddd8a1fdc376
6be5b4bc461f1ba931bfe773df66bf5f8052626adbdf2b1156a06d0da2d8d3d1
7a81bbb1f7055cd3f30db8bb2a104b969914ccd520cf85c24b25ba5b0c720206
8f4b61975539dbfe903f448636a48168351018801f2581a63d97179c37cad979
9b929bcc182c39540767a9b8237a8436c82997c68d4d2ba710241387c39c27f5
49c04e56dfb17ac16acddfcf9eff7ae82d70294a8ec70b6365ab43a07441badd
117bd27a209d6350b10f5c8f8cf841755c253276460be8c7681f5357e07d2e0c
5621cdb8d07900a333d022a9696c1a6f7e45d6cfc713558c462a3ace7c4b426f
8639bbb3ffe5fa51334c6ab4d45ae1647a29a97f061a9456991333ab166b52fd
59437e986acd685ad3ce48bf010efff22aa866c0fa066b0e64e510ecb026dd1a
619564061e62a6352f0ce1a06d2883d46eb69df16322b30e8a2a9c65e2d32f5f
967289406b0da030a93cefaa2644b109260565f5f767b95ce2a5d96d49c57bf2
a8a2c2f82d542b0e05848d102e2f04239982b48ba7522a83dfc8b1308d7a8c12
b2e2193e49ee1240be30f5040dbb5e2c973cdfb02c3ea88ef4ffeda884de28c2
b5fc0c265eb192b2a2d778e66d6f076e876eeacf57c3927e406b4e1b72152038
bdef8e089ffa00794f40f14ad3cdb8f1629241a4ac313bef8fe3d38e08207e4c
d0643c777b0b24ca747f7dc79d3bdfbc04d3095ded760e6a54fa62bfa6945df3
d6778d5ad096516b881bbf2aca2d790b5217dfb83bb256e3f9d710056c9b512a
d9322af52b941e76bec3d2596a1c1be47dffc4fb161656da2c7c45b3d492cfd8
e5030083c101058f52394820420a372bf93bcac2d802902d4d4c91470c96b608
ed9511c16229f4bb41f461e90fff7964e79f2c2d27e7de2b107e4d003e9e0def
f9db9632ffd7e3bd5b700025fa9278420de0778029fe2eedb6ea7b3d7b999ef6
f5894f0cc7d9da2f188b740bb0596206038d9dba430c7d2a145d7454d9f1b4db
# https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
kkthreas.com
107.189.28.251
198.98.56.93
205.185.122.121
209.141.49.178
07df37d8168e911b189bbe0912b4842fa1fe48d5264e99738ad3247f9c818478
2ed174523bd80a93b7d09940d375f9c0d71e1ce8ecffb2320e02a78f4b601408
2f0911fb892d448910c36a37c9fbdec8c73ccfecc274854b1fa053fb1cc2369b
3d9ee05c0841ad65547c0cc8516d092cff48dad5e7bbf97c99ddd44ee94a24bc
4aa23fbdc27d317c6e54481b6d884b962adf6e691a4731c859ddaf9af09822c6
10a4edbbb852a1b01fc6fbf0aa1407bc8589432bddb2001ae62702f18d919e89
23c2e7ff2602e5f76b3f2c354761ef39966facb3b12ed05551816f482d4d5608
44b769be0c2a807082a9bfd2f33fdc744552c5c7ca88a812ef4bd0393a50f132
73cf20675639c18c04381b5efd7d628736d149734280988f55358e301c1d9bb8
99d5cf32f8198e99c530be4f5e05487e280bacdb8ef26aaf38dc20e301aad75f
1168e97ccf61600536e93e9c371ee7671bae4198d4bf566550328b241ec52e89
6295d5cb21c441066d2da81a76440bcac9bd5a7830fc9faea9668bd0b2015046
94812d391160e4fce821701b944cfd8f5fd9454b3cbb8e8974d1dc259310e500
70693211cd0b14a7463b39b2fa801ce1fdefc85c7f3e003772d1b4deeb78efde
E48c250c47dd071dcee984a8e9f27b170004ff81c3f0da6a50364fdecf800fd3
eb7a7ab952080f66c82fe8350da131ce0d7766f203bd4d97b0798b4f59283a27
# https://blog.lumen.com/the-darkside-of-themoon/
31.43.185.85
45.11.59.209
45.143.201.87
49.13.126.124
65.108.96.201
91.215.158.118
92.63.197.133
104.200.72.120
128.140.115.231
135.181.47.22
159.69.126.211
185.156.73.110
185.165.190.171
185.246.128.181
188.92.72.129
188.92.79.110
188.92.79.115
188.92.79.116
195.3.144.185
195.3.147.73
9e10aadba51daa66b72ea442a97b31b12b4f718866328109d21d1c03b0e76780
29f809f7f128dba027e88df323fb717368086389f46adad44ee3fb0cc174accb
42f5df48a6fc614c871e58bb7dd13852b59eae553cad64f913789b382f2bbf8f
84b45dad03eeb5be10b8313b25de1426b108064b12e2848eaa94cddd58bca297
7724caac245c1e5af1662fc3a1261e02fe097a7a98c129986e6dad41606d0df1
33813ebf161b64e3e0ccdc47eb43d1683d00c23b3abd01a11e0e794aa3e69c16
701531793ecd583e05cdbd853bec8c0ece4c106fc9a6658af2d1b2f6becb70ad
aaf994941e7230bbdf306d6deb2ac40bc4c04ff5a329d67acc6c816c419269fa
ab3d693470e7cf8ff2a21338c0a20302465ca7e18c33fc8fe488b0abb8f201f0
abee3860601d8a8f10fa2d0ef9e058c8c9b0b977a87e8c95fb66d3f630281c23
d4fa6a239895a94f83740db0319601a14896a2b06fff912364f214b0832ee230
f9ac395dbab71d37b0a22cbacba2613540b51a4be501632320e523531716a057
# https://blog.lumen.com/kv-botnet-dont-call-it-a-comeback/
45.32.174.131
45.63.60.39
45.159.209.228
152.32.138.247
# https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/
45.11.92.176
45.32.88.250
45.156.21.172
66.42.124.155
104.156.246.150
108.61.132.157
108.61.203.19
140.82.20.246
144.202.43.124
144.202.49.189
149.28.119.73
155.138.146.162
159.203.72.166
159.203.113.25
174.138.56.21
192.169.6.241
193.36.119.48
207.246.100.151
216.128.179.235
216.128.180.232
0bafedb699488d2a46878b429e8992f50e881eee
067f238d9d5c219d3c359dc398f5416f1a99c70b
08ad4f940d488587697820d13c3d175a05e5fa6c
3a2ef359ee152f2f4b19c418d7b3cbee
4bfffff0405a1156c801444c35b25c241b687c04
6b458e39559fb6cb9f1c23ec15ee7300fcf15da7
6c177b41cc4376afbc955522ee213addb4ca2ef4
7b30dc024e2bbfa9d21aca46783a6cd2656e6a92
8c04be1d054d0a9a5e33723ed91c336cd9e94cce
8ed5a832dc036c452e137199db3e2f021390a9fb
9c13ccb0c31539303b4b9cf0c8b6691afb351d77
48c3bd085b0d078cc6981f717755b694
82de9031e5f6e46f7b7560d7ae45329f711d139f
245e31af35cc6b950fcf08a0348a1b5ad178bf9a
7178ee14a4103f569d0cb4cc84ab016f27caf7dc
9029f0e725e0134b1ca3db329d263d7794623c5f
311722dc71061d9977b8f713f812ed47ff9b8a7a
6528827cdd6fd5b27543669c606577a3fd733e73
a6a4e8aba325b1942c80beaf17dc9887efd2f7a0
a4414dee4899fad39014b269d16daed7065ba123
f7315b4a12fd470a561be7289631a776
fd8981b043381adfaed6ac4c4a625c177d343804
0279435f8727cca99bee575d157187787174d39f6872c2067de23afc681fe586
07118af421f14a7e07601639f44a72f6782757ae74d2afffdb531b8209697e7f
08d0da0c36089f7a1f700b989f2f7825c5ba2549a20735d0bd1e64ca9c4885bc
2cb6df289475457e807fc202a2b4688b2e23a88c94a8431981780caf8b76acf7
3fab16ec4643d8f6b9a99d85427322f7fb40e9ea3cd4de8318c6a52e29869d5a
5a2681ea2e1d0d5e7db2a2499d2e6e27b2689830c638d5ee28c2eef9867ececf
6a8230e66011e0a0012273f7d12110c23b1e33bd7232dc67a836662a3d1075c7
8e35d8643c00d9e2993625b03366a7cd1bd36e6a60bc0c6039a509fccf9df150
9e6a2a01decc2c26f3586a119b6fd3a886c4cf9c76aa452339d164fda40c63e4
19aa5a2235ee2518826a48363cb603060ee73ddccdf7d93bf197f97d7402aa37
36c63d0c2a78497ccf555e84f0233a514943faeff38281d99d00baf5df23f184
86f01d5342ec39c65b1cff716f19c334cec26a82b87492d783d5e8f4ff9cb63a
88fc3816c94f9b0191179f4e933843ee4cfdbcb392968605491a387b1235ec12
2711f1341d2f150a0c3e2d596939805d66ba7c6403346513d1fc826324f63c87
5512cce87ff9dfd3ee9721eb29302d1700199ed7d625e09f9f779772ec06bdb0
5928f67db54220510f6863c0edc0343fdb68f7c7070496a3f49f99b3b545daf9
7043ffd9ce3fe48c9fb948ae958a2e9966d29afe380d6b61d5efb826b70334f5
48299c2c568ce5f0d4f801b4aee0a6109b68613d2948ce4948334bbd7adc49eb
690638c702170dba9e43b0096944c4e7540b827218afbfaebc902143cda4f2a7
b4f2470159ca93f9d585ae2df1da972f6d14a0c418ebc202a324b9be5c877b61
b845ef0f9c5853ad1c226ac0ae7bb91159d5bb132185c1bfd171696b755a9164
b6226c3e0e4ad64bbda3e6a79eb464c7050faa25d1f5332dcac014d2e79dd87f
bf0ed245e897c7d1ada511db2939e8f3a879a96543f2651d5631339d5419bb75
c0871ecfe8b306074c6d376db14d966578a8511e5b5d355a4cf2c4d0b8c9deb9
c71d04e2b6b35fdd058b4be5cf9ea3478697950378d4ee3c7fe0bf87e1e3730f
c524e118b1e263fccac6e94365b3a0b148a53ea96df21c8377ccd8ec3d6a0874
c2299d8581af4ea8048bbf2bffd45c6ddca323c9c718c172355cc0df006ea6ca
d6cd1636569bba4131462bb8f45be1daa9a203aa343b6f2fd48a4847acfc29fa
d90e4a1b3a6bf019474b3be1703bf3211f1ebcca00b21bc252a39af274dc4fb0
dc7b6b4f53581b53edfbbc83d825cfa0450b2039f126cd62e8529189bb156033
e88b03465c0376463f912a5601a518cc697330dc3e5857068f3de0c434b52c9a
f5271fcb895977dc1eead64415e525323cd412e3f2625aee2fafbb5674beea28
# https://blog.lumen.com/taking-the-elevator-down-to-ring-0/
198.211.118.121
15c07b5e83e70bd4e424b77b5ff69bf18362cd34
fe8c0f471041eb4d9d71429fe0c3975a676f9c27
4ad7b6dffc90bddd9beeb5653fad113ad905db81dce0298e376fed15b2246687
41e45ac439a35fbfffece86469cd29406076ccfcc0e35a6a920aebfc8fdc3622
# https://blog.lumen.com/hiatusrat-takes-little-time-off-in-a-return-to-action/
45.63.70.57
46.8.113.227
66.135.22.245
104.250.48.192
107.189.11.105
155.138.213.169
207.246.80.240
3a21599e0a60b4bce8d31757f0b461a217f30d0ea261f5844004b8cc09fcab35
6e21e42cfb93fc2ab77678b040dc673b88af31d78fafe91700c7241337fc5db2
98ec46ac0e3b0b49140f710d0437e03e1f89f9b6fc092be7a5a1fde7d59e312e
766e13d2a085c7c1b5e37fe0be92658932a13cfbcadf5b08977420fc6ac6d3e3
774f2f3a801ddfe5d8a9ab1b90398ee28ee2be3d7ad0fa75eacbdf7ab51f6939
193481c4e2cbd14a29090f500f88455e1394140b9c5857937f86d2b854b54f60
a878b0ca6c99e82127cc9ef5e83b5dac5f1f8b9798580346e33e6d6f16267b73
# https://blog.lumen.com/routers-from-the-underground-exposing-avrecon/
cleandone.cc
utcp.cc
zerophone.cc
50.30.36.27
50.30.36.132
62.138.0.10
62.138.18.50
69.64.55.103
69.64.55.106
85.25.103.5
85.25.214.74
85.25.217.95
87.119.223.21
92.42.106.1
139.59.231.113
148.72.144.19
148.72.155.77
148.72.155.112
148.72.155.174
148.72.155.187
148.72.155.189
155.254.23.254
188.138.41.157
188.138.70.19
209.126.105.43
209.126.105.225
209.126.107.197
3ed1a6d57f00c1643cc85e049c82d1b4
8dcaf0e2a0baf54e65f46689b2a845ef
f81b9fceea2056ba2c3f261b56f577b1
96f5a4e67dc29da93cefab27dd56e20075fea19e
99e3b1616008106c89978d1c5fafdc3da2abc873
e2856999ebac2af79ae812f1b8315754afdaa818
3d43f5b3b2c9142ca0c5cdc4a82f9088e090d077ef61c2297c51b4ccd3085d78
cfd3d123595fba37ec414b90cfa834753ad9ab2149651d48948e04875aecac98
f18ddb10b3f9044fa2f9d1bb5152e388d4f68c2209165b117135fb2490243d2b
# https://blog.lumen.com/qakbot-retool-reinfect-recycle/
62.204.41.187
62.204.41.188
94.103.85.86
188.127.231.177