# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/nullcookies/status/1061739625658617857

onedrive.one

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1121107266982301696
# Reference: https://app.any.run/tasks/c7496f6f-ac83-4b05-ad64-c1ed0f1fd98e

gohaiendo.com

# Reference: https://twitter.com/anyrun_app/status/1122812186680856577
# Reference: https://app.any.run/tasks/b389fddc-d90a-427c-a164-ff73dc2c185b
# Reference: https://www.virustotal.com/gui/ip-address/163.172.84.54/relations

http://163.172.84.54

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

rayshash.com

# Reference: https://twitter.com/Timele9527/status/1128577411321348096
# Reference: https://otx.alienvault.com/pulse/5cdc4df1cb5caaccf42c7e33

charley-online.com
fighiting1013.org
naver-download.com
tgbabcrfv.1apps.com
alabamaok0515.1apps.com

# Reference: https://twitter.com/adrian__luca/status/1148186673739685888
# Reference: https://app.any.run/tasks/adc3b9ac-9888-4902-8e58-754dc2a100e9/

http://46.166.129.157

# Reference: https://twitter.com/Paladin3161/status/1156147679929327617

luckyshark.cash

# Reference: https://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kits

amnsns.com
dsntu.top
elienne.net

# Reference: https://twitter.com/VK_Intel/status/1158620228261208064

cj42138.tmweb.ru

# Reference: https://twitter.com/Paladin3161/status/1160180765889445888

laph.icu

# Reference: https://twitter.com/P3pperP0tts/status/1160528128588099584

luckymonkey.net.in

# Reference: https://twitter.com/Paladin3161/status/1160640124985548800
# Reference: https://pastebin.com/bhufJSbL

eharmony.live
nepunchik.club
pardubic.club

# Reference: https://twitter.com/tkanalyst/status/1163084043832872961
# Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/

clickies.site

# Reference: https://twitter.com/tkanalyst/status/1170213006577291265

bolsaooma.com
fosentora.com
mzokrekaa.com

# Reference: https://twitter.com/tkanalyst/status/1177952093287530496
# Reference: https://app.any.run/tasks/1216eae6-4088-4d51-8e47-2094a451754d/

jombala.icu
winterfresh.icu
youhohoo.club

# Reference: https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/

ledehaptal.ru
nofawacat.com
yosemitemanagement.com/fonts/page5

# Reference: https://twitter.com/raby_mr/status/1184395177135230977
# Reference: https://app.any.run/tasks/c36bfb5d-77de-478f-be8f-99057be21c6e/

http://31.184.196.226

# Reference: https://twitter.com/tkanalyst/status/1184655705103634435
# Reference: https://app.any.run/tasks/20218f80-9838-41f4-b6d6-7dbbcd60107a/

go-refund.com

# Reference: https://twitter.com/adrian__luca/status/1148186673739685888
# Reference: https://any.run/report/2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b/b69b53a3-1003-47c4-b836-20fe21cb5640

http://46.166.129.157

# Reference: https://app.any.run/tasks/5c1df594-6f00-44e7-998d-d98c220babfc/

bobryangood.ga

# Reference: http://tracker.viriback.com/ (# 2019-11-04)

http://162.222.215.45
http://163.172.151.205
http://193.32.161.69
http://217.8.117.51
http://31.184.196.226
http://31.184.197.229
http://46.166.129.157
http://51.15.226.0
6pak.xyz
acceso.live
ahorros.space
ashleywalkerfuns.com
bobryangood1.ga
bolsaooma.com
cooperativa.casa
ct-ov.com
di-1.icu
highparrot12.uz
v-chek.in
vi-1.icu
vt-ne.com
zi-1.icu

# Reference: https://twitter.com/James_inthe_box/status/1197917197324058624

http://217.8.117.46

# Reference: https://twitter.com/tkanalyst/status/1211078881735663618
# Reference: https://app.any.run/tasks/1b30a1b8-0c09-4d71-86e6-1ada4bb92b25/

dasterhorora.com
nutrukomolol.com
xoxoxnutricia.com

# Reference: https://pastebin.com/8sNr32UC

snowman720.com

# Reference: https://app.any.run/tasks/4714154d-1ea6-41b1-ba7c-b877cf8d7c77/

drgh3.in

# Reference: https://app.any.run/tasks/96ce5eb3-0058-452f-8924-4946c769cae2/

http://217.8.117.51

# Reference: https://app.any.run/tasks/de8dc698-6f59-43ca-a465-3baee439b34d/

http://193.111.152.61

# Reference: https://www.virustotal.com/gui/ip-address/51.38.140.6/relations

http://51.38.140.6

# Reference: https://twitter.com/ViriBack/status/1120311322917388288

dsuda2.com

# Reference: https://twitter.com/FaLconIntel/status/1241391431802994689

adsapomg.space

# Reference: https://app.any.run/tasks/81350afa-ba1f-43ce-ba61-67ce1c6fae1e/

servicestatus.one

# Reference: https://twitter.com/FaLconIntel/status/1248984602581979138
# Reference: https://app.any.run/tasks/3ebea34f-7c85-41e5-983e-810ac1f43ab1/

http://217.8.117.79

# Reference: https://www.virustotal.com/gui/file/c9b24ffb06efd7fd7e397501be3a5b6d5bec8d300c26792e7a7e1c391e094d60/detection
# Reference: https://app.any.run/tasks/6264a84e-f3b1-4ad3-95e4-260872759fc9/

http://217.8.117.17

# Reference: https://www.virustotal.com/gui/file/d62a40010c67fd83e79a6307c7be774a26ddf38f05c71785936227f3b6882584/detection

http://217.8.117.89

# Reference: https://twitter.com/p5yb34m/status/1280986879911817216
# Reference: https://app.any.run/tasks/1861f25a-5532-4329-9944-450cde9b90b5/

http://185.70.184.2
/smjw6q7/antarktida.php

# Reference: https://www.virustotal.com/gui/file/72a908033a308ec5da4e384c2c6efb33405afc50688033849783267e6fb1bddc/detection

http://217.8.117.52

# Reference: https://app.any.run/tasks/4a87ce41-fa18-4026-9c60-b719a15bd5ec/

gucciai.net

# Reference: https://www.virustotal.com/gui/file/349cd9f2581bc4dd25c6637f1f31c716b5ac1875048b21594ca87fbd5776bc10/detection

ahorros.space
cooperativa.casa
transaccion.ga

# Reference: https://www.virustotal.com/gui/file/d07a8c2c966fa5f5aa5bcc19dd6251e14c7b9f2562e523e93c1b0bb558b4f81a/detection

techterms.online
trafficsystem.site

# Reference: https://www.virustotal.com/gui/file/5281375d1a80f8219ec41db361f92c8f6bf15cdce338467b8125c72ecda7d2f5/detection

bandwidthmeter.online
checker.monster
reverselookup.icu

# Reference: https://twitter.com/wwp96/status/1331057827440455680
# Reference: https://app.any.run/tasks/2a5a506b-c00c-45cb-b434-2fdd3c2ecdac/

http://217.8.117.177

# Reference: https://app.any.run/tasks/405b73c6-a586-40be-a6d6-a49c574acb6a/

http://217.8.117.76/tools/ports/

# Reference: https://app.any.run/tasks/97428820-1055-4d30-8c9c-13d8736ce785/

searchtool.space
tradingsignals.club
cpaglobal.cloud
http://69.51.24.27/uploadss/
/oOjgox/

# Reference: https://twitter.com/JAMESWT_MHT/status/1340954874272428034
# Reference: https://app.any.run/tasks/49cef4c4-37d9-4202-9ce2-582b0aaf909e/

http://176.123.2.251

# Reference: https://www.virustotal.com/gui/file/12c3d8e0578446ff28416d87da0da7fffa73dce7c511762aca993e5327e1a851/detection
# Reference: https://www.virustotal.com/gui/file/45ac6328e135999706d027f8ab9d30eae5c4af655ff67dffa874399b70af18ea/detection

http://157.90.24.103
foflikenoiujiiik.cn
joikilloiujjtyaaa.xyz

# Reference: https://www.virustotal.com/gui/file/279524f17f8dd8753f57c2e3e91d21ad84db10316dfbf925cc19556cef55b99d/detection

mynexa.io

# Reference: https://www.virustotal.com/gui/file/f1dc32d9d1065e929bea07b26b09210056271a74dcf0e6b4e2d9705590b3753e/detection

http://217.8.117.98
downloadcenter.xyz

# Reference: https://www.virustotal.com/gui/file/c0e1d62205f83706500559e74a4f8d151cade697ada9147339e1b558c1256152/detection

moneypotlol.com

# Reference: https://tria.ge/210217-xbsbsbsyks/behavioral1

http://185.215.113.17

# Reference: https://otx.alienvault.com/pulse/603b86f795ef0ee41748f555

gunbot.top

# Reference: https://twitter.com/wwp96/status/1366428779904704516
# Reference: https://app.any.run/tasks/79bd2829-202d-4b8d-ac71-16d9e43e8a6e/

comejoin.in

# Reference: https://twitter.com/wwp96/status/1367135406240780293
# Reference: https://app.any.run/tasks/85098506-e904-455b-8020-2a835341c796/

http://185.215.113.207

# Reference: https://twitter.com/ffforward/status/1369040946684432387
# Reference: https://app.any.run/tasks/486fda51-1538-4fd0-aa9f-7e94fc03b06e/

http://176.111.174.67

# Reference: https://www.virustotal.com/gui/file/f6352437eda89bc239bd7594f3103cafc397c1790f01a333fc72d2e8b11b7fa4/detection

http://176.111.174.66

# Reference: https://urlscan.io/result/8e5f3913-f293-4b2f-95bc-347bed252017/

spacemonkey.top

# Reference: https://www.virustotal.com/gui/ip-address/34.89.87.88/relations
# Reference: https://www.virustotal.com/gui/file/23aad54285f19773a0283f94cadc1cc0675ea4ed85c17aee25b74f67fd84f1f3/detection
# Reference: https://www.virustotal.com/gui/file/b3023d81d673dfb596e167fcbe9b086534e5ff6085319bcf675c0302425fbcc0/detection

toolhelper.net
toolhelper.xyz

# Reference: https://twitter.com/petrovic082/status/1387323416097722372
# Reference: https://www.virustotal.com/gui/file/2b0cfb46b5c4981f267b7208192bf443a082920f2625ba09a7e929e743aa655a/detection

http://185.215.113.74

# Reference: https://www.facebook.com/drok3r.RedBird/photos/botnet-amadey-panel-de-login-httpsifttt2eurlwg-httpservicestatusoneb2ccsagloginp/2234082036852111/

accounts-logmein.com

# Reference: https://twitter.com/petrovic082/status/1390277815166279682

http://45.155.205.172

# Reference: https://www.virustotal.com/gui/file/ce16a6e3cacd39fad5839344dac95d9c77ade3336843fb2384507af8419f93ee/detection

huxere.xyz

# Reference: https://www.virustotal.com/gui/file/5fa5259f186ea249622f17fa179e8b3c9a9cc5928914a8f1cea5a6665af62460/detection

http://185.215.113.57

# Reference: https://www.virustotal.com/gui/file/f1dab0a883c83e437427e390b87a0e26ef7cc207e4e55357d658243ef3b0087a/detection

http://185.215.113.49

# Reference: https://www.virustotal.com/gui/file/a78ff3b4a0ed4de5a4e38a4fcb38319756ae0f1c487d270ad80ce383331efd23/detection

csgoprofind.net

# Reference: https://twitter.com/wwp96/status/1411205910056288256
# Reference: https://app.any.run/tasks/8471520c-ff28-483e-9768-bb2e09bd959b/

http://185.215.113.79

# Reference: https://twitter.com/wwp96/status/1411402086466588678
# Reference: https://app.any.run/tasks/00f3ca2a-06c8-4d00-9d11-ff232c48a811/

http://185.215.113.55

# Generic trails

/1dEr2nYffd/index.php
/1dEr2nYffd/login.php
/1dEr2nYffd/cred.dll
/1dEr2nYffd/scr.dll
/1dEr2nYffd/plugins/cred.dll
/1dEr2nYffd/plugins/scr.dll
/2hYbb4x/cred.dll
/2hYbb4x/scr.dll
/2hYbb4x/plugins/cred.dll
/2hYbb4x/plugins/scr.dll
/2hYbb4x/index.php
/2hYbb4x/login.php
/4dcYcWsw3/index.php
/4dcYcWsw3/login.php
/4dcYcWsw3/cred.dll
/4dcYcWsw3/scr.dll
/4dcYcWsw3/plugins/cred.dll
/4dcYcWsw3/plugins/scr.dll
/5vFgnRd4hdDbgS3H/cred.dll
/5vFgnRd4hdDbgS3H/scr.dll
/5vFgnRd4hdDbgS3H/plugins/cred.dll
/5vFgnRd4hdDbgS3H/plugins/scr.dll
/5vFgnRd4hdDbgS3H/index.php
/5vFgnRd4hdDbgS3H/login.php
/7Ndd3SnW/cred.dll
/7Ndd3SnW/scr.dll
/7Ndd3SnW/plugins/cred.dll
/7Ndd3SnW/plugins/scr.dll
/7Ndd3SnW/index.php
/7Ndd3SnW/login.php
/8f74ede3-010d-4d83-834c-7f06e8d51100/cred.dll
/8f74ede3-010d-4d83-834c-7f06e8d51100/scr.dll
/8f74ede3-010d-4d83-834c-7f06e8d51100/index.php
/8f74ede3-010d-4d83-834c-7f06e8d51100/login.php
/9bQlG42s/cred.dll
/9bQlG42s/scr.dll
/9bQlG42s/plugins/cred.dll
/9bQlG42s/plugins/scr.dll
/9bQlG42s/index.php
/9bQlG42s/login.php
/Amadey/cred.dll
/Amadey/scr.dll
/Amadey/index.php
/Amadey/login.php
/aW8bVds1/cred.dll
/aW8bVds1/scr.dll
/aW8bVds1/index.php
/aW8bVds1/login.php
/b2ccsaG/cred.dll
/b2ccsaG/scr.dll
/b2ccsaG/plugins/cred.dll
/b2ccsaG/plugins/scr.dll
/b2ccsaG/index.php
/b2ccsaG/login.php
/b2xPhbdW/cred.dll
/b2xPhbdW/scr.dll
/b2xPhbdW/index.php
/b2xPhbdW/login.php
/bHn4Df/cred.dll
/bHn4Df/scr.dll
/bHn4Df/index.php
/bHn4Df/login.php
/bNyg4dSX/cred.dll
/bNyg4dSX/scr.dll
/bNyg4dSX/index.php
/bNyg4dSX/login.php
/boomsun/cred.dll
/boomsun/scr.dll
/boomsun/index.php
/boomsun/login.php
/d83LwEis/cred.dll
/d83LwEis/scr.dll
/d83LwEis/plugins/cred.dll
/d83LwEis/plugins/scr.dll
/d83LwEis/index.php
/d83LwEis/login.php
/EASiAZpF/cred.dll
/EASiAZpF/scr.dll
/EASiAZpF/index.php
/EASiAZpF/login.php
/ekqb2Sa/cred.dll
/ekqb2Sa/scr.dll
/ekqb2Sa/index.php
/ekqb2Sa/login.php
/f25bn5Gf/cred.dll
/f25bn5Gf/scr.dll
/f25bn5Gf/index.php
/f25bn5Gf/login.php
/f5lkB/cred.dll
/f5lkB/scr.dll
/f5lkB/index.php
/f5lkB/login.php
/fT5G42s/cred.dll
/fT5G42s/scr.dll
/fT5G42s/plugins/cred.dll
/fT5G42s/plugins/scr.dll
/fT5G42s/index.php
/fT5G42s/login.php
/g3cpNes5s/cred.dll
/g3cpNes5s/scr.dll
/g3cpNes5s/index.php
/g3cpNes5s/login.php
/g3cpNes5s/plugins/cred.dll
/g3cpNes5s/plugins/scr.dll
/g5FcvUgw/index.php
/g5FcvUgw/login.php
/g5FcvUgw/cred.dll
/g5FcvUgw/scr.dll
/g5FcvUgw/plugins/cred.dll
/g5FcvUgw/plugins/scr.dll
/gb2pnjsjcs/cred.dll
/gb2pnjsjcs/scr.dll
/gb2pnjsjcs/plugins/cred.dll
/gb2pnjsjcs/plugins/scr.dll
/gb2pnjsjcs/index.php
/gb2pnjsjcs/login.php
/gBvsce2/cred.dll
/gBvsce2/scr.dll
/gBvsce2/index.php
/gBvsce2/login.php
/gBvqLn4Dc/cred.dll
/gBvqLn4Dc/scr.dll
/gBvqLn4Dc/index.php
/gWmR5f2W/cred.dll
/gWmR5f2W/scr.dll
/gWmR5f2W/plugins/cred.dll
/gWmR5f2W/plugins/scr.dll
/gWmR5f2W/index.php
/gWmR5f2W/login.php
/hbke93dkdsS/plugins/cred.dll
/hbke93dkdsS/plugins/scr.dll
/hbke93dkdsS/cred.dll
/hbke93dkdsS/scr.dll
/hbke93dkdsS/index.php
/hbke93dkdsS/login.php
/hfv23svj2/plugins/cred.dll
/hfv23svj2/plugins/scr.dll
/hfv23svj2/cred.dll
/hfv23svj2/scr.dll
/hfv23svj2/index.php
/hfv23svj2/login.php
/hx33jnDw/cred.dll
/hx33jnDw/scr.dll
/hx33jnDw/plugins/cred.dll
/hx33jnDw/plugins/scr.dll
/hx33jnDw/login.php
/hx33jnDw/index.php
/hBfd4cX/cred.dll
/hBfd4cX/scr.dll
/hBfd4cX/index.php
/hBfd4cX/login.php
/Hfunr3U/cred.dll
/Hfunr3U/scr.dll
/Hfunr3U/index.php
/Hfunr3U/login.php
/Hq13Vdsv2W/cred.dll
/Hq13Vdsv2W/scr.dll
/Hq13Vdsv2W/plugins/cred.dll
/Hq13Vdsv2W/plugins/scr.dll
/Hq13Vdsv2W/index.php
/Hq13Vdsv2W/login.php
/j88hNjkMn/cred.dll
/j88hNjkMn/scr.dll
/j88hNjkMn/index.php
/j88hNjkMn/login.php
/jG3cs2rP/cred.dll
/jG3cs2rP/scr.dll
/jG3cs2rP/index.php
/jG3cs2rP/login.php
/jG3cs2rP/plugins/cred.dll
/jG3cs2rP/plugins/scr.dll
/iKns2W/cred.dll
/iKns2W/scr.dll
/iKns2W/index.php
/iKns2W/login.php
/g3VbWkG4/cred.dll
/g3VbWkG4/scr.dll
/g3VbWkG4/index.php
/g3VbWkG4/login.php
/g5tUY/cred.dll
/g5tUY/scr.dll
/g5tUY/index.php
/g5tUY/login.php
/g81hYYq/cred.dll
/g81hYYq/scr.dll
/g81hYYq/index.php
/g81hYYq/login.php
/gkkjs/cred.dll
/gkkjs/scr.dll
/gkkjs/index.php
/gkkjs/login.php
/madapam/cred.dll
/madapam/scr.dll
/madapam/index.php
/madapam/login.php
/mB5gDsv/index.php
/mB5gDsv/login.php
/mB5gDsv/cred.dll
/mB5gDsv/scr.dll
/mB5gDsv/plugins/cred.dll
/mB5gDsv/plugins/scr.dll
/mBSqq12/cred.dll
/mBSqq12/scr.dll
/mBSqq12/index.php
/mBSqq12/login.php
/mBvqpgE3/cred.dll
/mBvqpgE3/scr.dll
/mBvqpgE3/index.php
/mBvqpgE3/login.php
/mdc1io87ds/cred.dll
/mdc1io87ds/scr.dll
/mdc1io87ds/index.php
/mdc1io87ds/login.php
/newCC/cred.dll
/newCC/scr.dll
/newCC/index.php
/newCC/login.php
/plugins/cred.dll
/plugins/scr.dll
/S0soiAI/cred.dll
/S0soiAI/scr.dll
/S0soiAI/index.php
/S0soiAI/login.php
/t1QccbN2/cred.dll
/t1QccbN2/scr.dll
/t1QccbN2/index.php
/t1QccbN2/login.php
/t5BnOoke2/index.php
/t5BnOoke2/login.php
/t5BnOoke2/cred.dll
/t5BnOoke2/scr.dll
/t5BnOoke2/plugins/cred.dll
/t5BnOoke2/plugins/scr.dll
/t7BnLkqwitOp52/cred.dll
/t7BnLkqwitOp52/scr.dll
/t7BnLkqwitOp52/index.php
/t7BnLkqwitOp52/login.php
/v4fDskvjsE/cred.dll
/v4fDskvjsE/scr.dll
/v4fDskvjsE/index.php
/v4fDskvjsE/login.php
/vCsxpG/cred.dll
/vCsxpG/scr.dll
/vCsxpG/index.php
/vCsxpG/login.php
/theCC/cred.dll
/theCC/scr.dll
/theCC/index.php
/theCC/login.php
/theCCnew/cred.dll
/theCCnew/scr.dll
/theCCnew/index.php
/theCCnew/login.php
