# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://securelist.com/a-predatory-tale/89779/

15charliescene15.myjino.ru
axixaxaxu1337.us
j946104.myjino.ru
kristihack46.myjino.ru
madoko.jhfree.net
predatortop.xyz

# Reference: https://twitter.com/malwrhunterteam/status/1111232628429078528

saflot.com

# Reference: https://twitter.com/ViriBack/status/1127406253888688128

yaebalnah.tk

# Reference: http://tracker.viriback.com/

maugli8990.jhfree.net

# Reference: https://twitter.com/nullcookies/status/1142152106675249152

phonebookbase.com

# Reference: https://twitter.com/nullcookies/status/1143665142896312320

sslsecure.host

# Reference: https://twitter.com/P3pperP0tts/status/1144512219192930304

exobit.info

# Reference: https://twitter.com/x42x5a/status/1148705602136420352

j902757.myjino.ru

# Reference: https://twitter.com/nao_sec/status/1148921796697051137
# Reference: https://app.any.run/tasks/e5542610-5e5f-44c2-b3a9-6fcce651265a/

http://209.97.168.79

# Reference: https://twitter.com/P3pperP0tts/status/1150366481563160576

hostss.mcdir.ru
hostss2.mcdir.ru

# Reference: https://twitter.com/malware_traffic/status/1154153340143636481

http://92.63.192.142

# Reference: https://twitter.com/P3pperP0tts/status/1160527641839112192

bartsimpson.cash

# Reference: https://twitter.com/benkow_/status/1160903620189184001

http://109.94.110.157
http://139.180.223.36
http://165.22.186.154
http://178.157.82.106
http://178.62.188.204
http://178.62.189.114
http://178.62.191.13
http://18.22.227.101
http://18.222.210.14
http://18.225.10.183
http://185.146.156.38
http://185.206.144.170
http://185.206.147.170
http://185.254.11.126
http://185.254.121.141
http://185.4.186.39
http://185.60.133.242
http://192.81.220.183
http://193.124.117.116
http://193.37.212.107
http://2.56.214.102
http://213.159.209.1
http://31.184.197.158
http://37.139.2.42
http://37.19.193.213
http://45.10.219.17
http://46.101.160.184
http://46.249.62.207
http://5.196.214.131
http://51.15.228.96
http://77.83.173.97
http://79.124.8.105
http://81.177.180.205
http://82.196.1.19
http://82.196.9.220
http://82.202.163.189
http://83.220.174.244
http://92.63.192.144

# Reference: https://twitter.com/malware_traffic/status/1166838031556517888
# Reference: https://www.virustotal.com/gui/file/ab9d492b71cb61129034b94296ae0e1bec9d2d12477c236e51ba6be372c33c15/detection
# Reference: https://app.any.run/tasks/2141fadd-0379-404f-b8e1-917035910c4b/

http://176.121.14.128

# Reference: https://twitter.com/nao_sec/status/1171443035055390722

amasingrow.space

# Reference: https://twitter.com/david_jursa/status/1174357514223333380
# Reference: https://app.any.run/tasks/e7bbf211-2ec7-411c-8a75-85ba41be28bc/
# Reference: https://www.virustotal.com/gui/domain/digalitol.fun/relations
# Reference: https://www.virustotal.com/gui/file/45ae50074dd5098b3e0fa4f71dc5dd02818d66c8f160f0749ce14d831593a825/detection

digalitol.fun

# Reference: https://twitter.com/CyberSecIntel1/status/1174774514011578369
# Reference: https://app.any.run/tasks/a4205337-1835-4883-9fa8-c8697abb0271/

bigdatacorp5.info
pori89g5jqo3v8.com

# Reference: https://twitter.com/pancak3lullz/status/1175075421177688064

allpaysru.top
hgkhjguruytruyts2543.info
informdatagroup.info

# Reference: https://twitter.com/pancak3lullz/status/1175080757007663112

hgdhgfd253.space
rasavagulle.site

# Reference: https://twitter.com/P3pperP0tts/status/1177147328630861824

jokertor.com

# Reference: https://twitter.com/James_inthe_box/status/1180124151320698880
# Reference: https://app.any.run/tasks/3ab547c6-d615-46f4-8a96-94ba4458d48f/

forrf0410.info

# Reference: https://twitter.com/P3pperP0tts/status/1182624311431122946

1loveyous.com

# Reference: https://twitter.com/P3pperP0tts/status/1182624739778617346

http://178.157.91.128

# Reference: https://twitter.com/iocsvault/status/1176142679887044608

http://178.62.187.173
http://198.211.123.63
http://31.184.196.206
http://31.184.197.158
http://31.184.197.226
http://45.12.212.118
http://51.15.232.242
http://51.15.238.82
http://95.215.205.56
bkwriting.com
chsiqp1337.siteme.org
f0325989.xsph.ru
f0328788.xsph.ru
f0334493.xsph.ru
f0335294.xsph.ru
ihorluhor.site
jokertor.com
manillarout.com
mygamerun.info
newsjonhforyou.info
testingservice1337.ru
u4642627gu.ha003.t.justns.ru
u50801ck.beget.tech
w68426zc.bget.ru
gey.co.nu

# Reference: https://app.any.run/tasks/2c1d5942-b788-4316-952b-320f61494fd2/

dadvexmail19mn.world

# Reference: https://app.any.run/tasks/52656d24-b866-416c-b703-ee0fae0e3f78/

fsdstat14tp.world

# Reference: https://twitter.com/Paladin3161/status/1184444960684179458

fmailserv19fd.world
fsdstat14tp.world

# Reference: https://twitter.com/tkanalyst/status/1184655705103634435
# Reference: https://app.any.run/tasks/20218f80-9838-41f4-b6d6-7dbbcd60107a/

134.0.119.53:8080

# Reference: https://app.any.run/tasks/498a43e4-05fe-4413-afc2-842aa4d6764d/

csdstat14tp.club

# Reference: https://app.any.run/tasks/80750e99-21d6-4fd4-b245-0312fa3908ab/

45.12.32.252:8080

# Reference: https://twitter.com/P3pperP0tts/status/1185948204183048193

http://51.254.175.185

# Reference: https://twitter.com/P3pperP0tts/status/1188573760309399552

http://213.252.246.227

# Reference: https://app.any.run/tasks/08b002ed-3098-483f-b1d3-5169bd84bae1/

donkixota.com
jokertor.com

# Reference: https://twitter.com/P3pperP0tts/status/1190723628452712451

http://45.147.229.129

# Generic trails

f03[0-9]{5}\.xsph\.ru

/api/check.get
/api/Clipper.get
/api/Clipper.post
/api/Download.get
/api/gate.get
/api/info.get
