# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/nullcookies/status/1061739625658617857

onedrive.one

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1121107266982301696
# Reference: https://app.any.run/tasks/c7496f6f-ac83-4b05-ad64-c1ed0f1fd98e

gohaiendo.com

# Reference: https://twitter.com/anyrun_app/status/1122812186680856577
# Reference: https://app.any.run/tasks/b389fddc-d90a-427c-a164-ff73dc2c185b
# Reference: https://www.virustotal.com/gui/ip-address/163.172.84.54/relations

http://163.172.84.54

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

rayshash.com

# Reference: https://twitter.com/Timele9527/status/1128577411321348096
# Reference: https://otx.alienvault.com/pulse/5cdc4df1cb5caaccf42c7e33

charley-online.com
fighiting1013.org
naver-download.com
tgbabcrfv.1apps.com
alabamaok0515.1apps.com

# Reference: https://twitter.com/adrian__luca/status/1148186673739685888
# Reference: https://app.any.run/tasks/adc3b9ac-9888-4902-8e58-754dc2a100e9/

http://46.166.129.157

# Reference: https://twitter.com/Paladin3161/status/1156147679929327617

luckyshark.cash

# Reference: https://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kits

amnsns.com
dsntu.top
elienne.net

# Reference: https://twitter.com/VK_Intel/status/1158620228261208064

cj42138.tmweb.ru

# Reference: https://twitter.com/Paladin3161/status/1160180765889445888

laph.icu

# Reference: https://twitter.com/P3pperP0tts/status/1160528128588099584

luckymonkey.net.in

# Reference: https://twitter.com/Paladin3161/status/1160640124985548800
# Reference: https://pastebin.com/bhufJSbL

eharmony.live
nepunchik.club
pardubic.club

# Reference: https://twitter.com/tkanalyst/status/1163084043832872961
# Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/

clickies.site

# Reference: https://twitter.com/tkanalyst/status/1170213006577291265

bolsaooma.com
fosentora.com
mzokrekaa.com

# Reference: https://twitter.com/tkanalyst/status/1177952093287530496
# Reference: https://app.any.run/tasks/1216eae6-4088-4d51-8e47-2094a451754d/

jombala.icu
winterfresh.icu
youhohoo.club

# Reference: https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/

ledehaptal.ru
nofawacat.com
yosemitemanagement.com/fonts/page5

# Reference: https://twitter.com/raby_mr/status/1184395177135230977
# Reference: https://app.any.run/tasks/c36bfb5d-77de-478f-be8f-99057be21c6e/

http://31.184.196.226

# Reference: https://twitter.com/tkanalyst/status/1184655705103634435
# Reference: https://app.any.run/tasks/20218f80-9838-41f4-b6d6-7dbbcd60107a/

go-refund.com

# Reference: https://twitter.com/adrian__luca/status/1148186673739685888
# Reference: https://any.run/report/2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b/b69b53a3-1003-47c4-b836-20fe21cb5640

http://46.166.129.157

# Reference: https://app.any.run/tasks/5c1df594-6f00-44e7-998d-d98c220babfc/

bobryangood.ga

# Reference: http://tracker.viriback.com/ (# 2019-11-04)

http://162.222.215.45
http://163.172.151.205
http://193.32.161.69
http://217.8.117.51
http://31.184.196.226
http://31.184.197.229
http://46.166.129.157
http://51.15.226.0
6pak.xyz
acceso.live
ahorros.space
ashleywalkerfuns.com
bobryangood1.ga
bolsaooma.com
cooperativa.casa
ct-ov.com
di-1.icu
highparrot12.uz
v-chek.in
vi-1.icu
vt-ne.com
zi-1.icu

# Reference: https://twitter.com/James_inthe_box/status/1197917197324058624

http://217.8.117.46

# Reference: https://twitter.com/tkanalyst/status/1211078881735663618
# Reference: https://app.any.run/tasks/1b30a1b8-0c09-4d71-86e6-1ada4bb92b25/

dasterhorora.com
nutrukomolol.com
xoxoxnutricia.com

# Reference: https://pastebin.com/8sNr32UC

snowman720.com

# Reference: https://app.any.run/tasks/4714154d-1ea6-41b1-ba7c-b877cf8d7c77/

drgh3.in

# Reference: https://app.any.run/tasks/96ce5eb3-0058-452f-8924-4946c769cae2/

http://217.8.117.51

# Reference: https://app.any.run/tasks/de8dc698-6f59-43ca-a465-3baee439b34d/

http://193.111.152.61

# Reference: https://www.virustotal.com/gui/ip-address/51.38.140.6/relations

http://51.38.140.6

# Reference: https://twitter.com/ViriBack/status/1120311322917388288

dsuda2.com

# Reference: https://twitter.com/FaLconIntel/status/1241391431802994689

adsapomg.space

# Reference: https://app.any.run/tasks/81350afa-ba1f-43ce-ba61-67ce1c6fae1e/

servicestatus.one

# Reference: https://twitter.com/FaLconIntel/status/1248984602581979138
# Reference: https://app.any.run/tasks/3ebea34f-7c85-41e5-983e-810ac1f43ab1/

http://217.8.117.79

# Reference: https://www.virustotal.com/gui/file/c9b24ffb06efd7fd7e397501be3a5b6d5bec8d300c26792e7a7e1c391e094d60/detection
# Reference: https://app.any.run/tasks/6264a84e-f3b1-4ad3-95e4-260872759fc9/

http://217.8.117.17

# Reference: https://www.virustotal.com/gui/file/d62a40010c67fd83e79a6307c7be774a26ddf38f05c71785936227f3b6882584/detection

http://217.8.117.89

# Generic trails

/2hYbb4x/cred.dll
/2hYbb4x/scr.dll
/2hYbb4x/index.php
/2hYbb4x/login.php
/5vFgnRd4hdDbgS3H/cred.dll
/5vFgnRd4hdDbgS3H/scr.dll
/5vFgnRd4hdDbgS3H/index.php
/5vFgnRd4hdDbgS3H/login.php
/8f74ede3-010d-4d83-834c-7f06e8d51100/cred.dll
/8f74ede3-010d-4d83-834c-7f06e8d51100/scr.dll
/8f74ede3-010d-4d83-834c-7f06e8d51100/index.php
/8f74ede3-010d-4d83-834c-7f06e8d51100/login.php
/Amadey/cred.dll
/Amadey/scr.dll
/Amadey/index.php
/Amadey/login.php
/aW8bVds1/cred.dll
/aW8bVds1/scr.dll
/aW8bVds1/index.php
/aW8bVds1/login.php
/b2xPhbdW/cred.dll
/b2xPhbdW/scr.dll
/b2xPhbdW/index.php
/b2xPhbdW/login.php
/bNyg4dSX/cred.dll
/bNyg4dSX/scr.dll
/bNyg4dSX/index.php
/bNyg4dSX/login.php
/boomsun/cred.dll
/boomsun/scr.dll
/boomsun/index.php
/boomsun/login.php
/EASiAZpF/cred.dll
/EASiAZpF/scr.dll
/EASiAZpF/index.php
/EASiAZpF/login.php
/f25bn5Gf/cred.dll
/f25bn5Gf/scr.dll
/f25bn5Gf/index.php
/f25bn5Gf/login.php
/f5lkB/cred.dll
/f5lkB/scr.dll
/f5lkB/index.php
/f5lkB/login.php
/Hfunr3U/cred.dll
/Hfunr3U/scr.dll
/Hfunr3U/index.php
/Hfunr3U/login.php
/j88hNjkMn/cred.dll
/j88hNjkMn/scr.dll
/j88hNjkMn/index.php
/j88hNjkMn/login.php
/g3VbWkG4/cred.dll
/g3VbWkG4/scr.dll
/g3VbWkG4/index.php
/g3VbWkG4/login.php
/g5tUY/cred.dll
/g5tUY/scr.dll
/g5tUY/index.php
/g5tUY/login.php
/g81hYYq/cred.dll
/g81hYYq/scr.dll
/g81hYYq/index.php
/g81hYYq/login.php
/gkkjs/cred.dll
/gkkjs/scr.dll
/gkkjs/index.php
/gkkjs/login.php
/madapam/cred.dll
/madapam/scr.dll
/madapam/index.php
/madapam/login.php
/mBSqq12/cred.dll
/mBSqq12/scr.dll
/mBSqq12/index.php
/mBSqq12/login.php
/mdc1io87ds/cred.dll
/mdc1io87ds/scr.dll
/mdc1io87ds/index.php
/mdc1io87ds/login.php
/newCC/cred.dll
/newCC/scr.dll
/newCC/index.php
/newCC/login.php
/S0soiAI/cred.dll
/S0soiAI/scr.dll
/S0soiAI/index.php
/S0soiAI/login.php
/t1QccbN2/cred.dll
/t1QccbN2/scr.dll
/t1QccbN2/index.php
/t1QccbN2/login.php
/t7BnLkqwitOp52/cred.dll
/t7BnLkqwitOp52/scr.dll
/t7BnLkqwitOp52/index.php
/t7BnLkqwitOp52/login.php
/theCC/cred.dll
/theCC/scr.dll
/theCC/index.php
/theCC/login.php
/theCCnew/cred.dll
/theCCnew/scr.dll
/theCCnew/index.php
/theCCnew/login.php
