# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: pony stealer, pony loader

# Reference: https://www.f-secure.com/weblog/archives/00002793.html

angryflo.ru
reggpower.su

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Fareit-CAD/detailed-analysis.aspx

dhfgfgshds.top

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Fareit-AAJ/detailed-analysis.aspx

sandrethe.ru

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0914-0921.html (Win.Dropper.Fareit-6688124-0)

aerolitigate.com
anotherlscreation.com
businessintuitive.expert
instrovate.com
maisonlecallennec.com
meesebyte.com
mufflerbrothersbellbrook.net
mxauny.men
weltho.com
ybnonline.com
weltho.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1050332889844465664

spimports.com.br/age/panel/gate.php

# Reference: https://www.cyren.com/blog/articles/iceland-police-phishing-attack-targets-bank-credentials
# Reference: https://www.virustotal.com/#/file/53cf32ce0c34df94422c43e295e928c69c7b1b2090cf6943000470f7e0128d67/relations

iam.shadesoul.online
heis.shadesoul.online
the.shadesoul.online

# Reference: https://blog.talosintelligence.com/2019/05/threat-roundup-0426-to-0503.html (# Win.Malware.Fareit-6958493-0)

snooper112.ddns.net
harryng.ddns.net
icabodgroup.hopto.org
popen.ru
hfgdhgjkgf.ru
rtyrtygjgf.ru

# Reference: https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html (# Win.Trojan.Fareit-7090291-0)

digitalimagellc.us
dkaul.su
ffuex.su
kglso.ru

# Reference: https://app.any.run/tasks/64044834-369b-4be0-92e6-0c1cf7ae6f28/

katerobinson.icu

# Reference: https://app.any.run/tasks/7cd3d776-4db0-4382-9609-05d71b48e15e/

/g_38472341.php

# Reference: https://app.any.run/tasks/323e1e84-a200-4547-91d7-e46e8724b6de

sariincofood.co.id/nev/panelnew/gate.php

# Reference: https://www.virustotal.com/gui/file/c1544759a8f64f854d13e72a72d8db811d77a3e47e8d828bd34d546c4b57e842/behavior/VirusTotal%20Jujubox

xperiencerem.duckdns.org
79.134.225.52:9106

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Ponystealer-6680912-0)

3zci3b.info
841bifa.com
aditsachde.com
ayursanskar.biz
benthanh-toyota.com
bigmovephilly.com
casineuros.com
chfnik.com
chinaxzl.com
crstudents.net
custombusinessapps.net
cyn.ink
dk-drugs.com
donghairc.com
fattoupdates.date
femalesdress.com
fiveroot.com
float2fit.com
funnysworld.com
giftedaroundtheworld.com
globaltimbereurope.com
goedutravel.com
happyslider.com
ketones.info
luxuryconversion.com
mizukusahonpomeibi.com
mjkrol.com
oane4.win
planeggerstrasse.info
puptowngirl.net
qfs.ink
rabe-networks.com
redkoe-porno.info
reducetarian.biz
reviewhqs.com
revivemyappliance.com
rsstatic.com
scgcgg.com
schmidtatlanguage.com
selviproperty.com
sjckt888.com
studio51.style
suatusta.com
telegraphresidences.com
theadvancedcoach.com
theniftyfiftiesband.com
thienduonghoaviet.com
vdemg.info
verzuimverzekering.info
webbyen.com
xctljc.com
xn--fjqu42jgii.com
xn--vuqu93jrjhqkc.net
zjjdmd.com

# Reference: https://twitter.com/James_inthe_box/status/1044957343568388097
# Reference: https://pastebin.com/st49wnwB

onthethatsed.ru/d2/about.php
onthethatsed.ru/mlu/forum.php
tontheckcatan.ru/d2/about.php
tontheckcatan.ru/mlu/forum.php

# Reference: https://pastebin.com/bPV4gVVL

perranrowsin.com/d2/about.php
perranrowsin.com/mlu/forum.php
heundthetrec.ru/d2/about.php
heundthetrec.ru/mlu/forum.php
utteronhim.ru/d2/about.php
utteronhim.ru/mlu/forum.php

# Reference: https://app.cymon.io/report/AVy8uj-LEb4shFlhGDGG/68c37e5f81188f8f478b60b1b4a56fc366ee8aa15763104d49159e41ebe899c2

/po/asdfkuj.php

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-1012-1019.html (Win.Malware.Tspy-6721070-0)
# Reference: https://www.virustotal.com/#/file/22ef53123754caa2ac3871eb01221c99482e4318b59a30c8f07b9525afae52bd/detection

myp0nysite.ru

# Reference: https://twitter.com/dvk01uk/status/1088793739223539713

/aloze/gate.php

# Reference: https://twitter.com/dvk01uk/status/1088391460892880896

/erweryui/gate.php

# Reference: https://twitter.com/Racco42/status/1029986121286074369

/reforte/gate.php

# Reference: https://twitter.com/dvk01uk/status/1115576796848762880

smartcoonect.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1119334013246873600

blurbgood.live
loadedrones.tk
ownday.live

# Reference: https://twitter.com/pancak3lullz/status/1092804207252525065

/lopty/gate.php

# Reference: https://twitter.com/James_inthe_box/status/1123236500311724032

brugsreator.site

# Reference: https://twitter.com/dvk01uk/status/1123851987152510977
# Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220

/ba6/gate.php

# Reference: https://twitter.com/Racco42/status/1124293167476609025
# Reference: https://app.any.run/tasks/d1e32293-d755-4472-aaa2-5cfc3e612485

/ba8/gate.php

# Reference: https://twitter.com/jorgemieres/status/1131624801272049664

masezda.top
toperdoano.top
piggera.top
pinescop.top

# Reference: https://twitter.com/P3pperP0tts/status/1134513995510145026

shop-ukranya.tk

# Reference: http://tracker.viriback.com/ (# Pony)

lojalstil.mk
officeman.tk
vman23.com

# Reference: http://tracker.viriback.com/ (# Pony)

belllflight.com
ketof.000webhostapp.com
shokeydservers.tk
skylite.com.sa

# Reference: https://twitter.com/Lvanoel/status/1136505326302388224
# Reference: https://app.any.run/tasks/4d2f70a2-9546-4891-8ce6-fc7051f4281d/

lookatme-v65.gq

# Reference: https://twitter.com/HerbieZimmerman/status/1136681091258036225

mojavkicks.com

# Reference: https://twitter.com/Racco42/status/1141966760016523264

marvin-watches.com

# Reference: https://twitter.com/dvk01uk/status/1147799231090085888
# Reference: https://app.any.run/tasks/5575bf61-458a-47b4-94d2-5c93daeb67e2/
# Reference: https://www.virustotal.com/gui/file/e0d96be81946b579cd5c22d7d34e2ec97996c285f86b7c620ab031d8f46ef5fe/detection

pigeonwings.in/jss/ck/host/server/gate.php

# Reference: https://www.virustotal.com/gui/domain/service.tellepizza.com/relations

service.tellepizza.com

# Reference: https://twitter.com/Racco42/status/1152176917078073344

global-technology.in/wp-admin/bb/panelnew/gate.php

# Reference: https://twitter.com/coderippers/status/1153267389632602114

okworlds.space/wp-includes/css/panel/gate.php

# Reference: https://twitter.com/Racco42/status/1153606677385662465

fouadalemadi.com/admin/xuisp/gate.php

# Reference: https://twitter.com/wwp96/status/1166365912775254016

philliptipton.com

# Reference: https://twitter.com/P3pperP0tts/status/1176118315892314112

phoenixcnc.in

# Reference: https://app.any.run/tasks/c13231e7-a13e-418d-9b55-049a646a0cde/

sendergrid.club

# Reference: https://pastebin.com/HLnQT4qy

cornbeijnvoxin.com
digplaliatinte.ru
dvdflowerrook.ru

# Reference: https://twitter.com/Paladin3161/status/1184609691504037888

bioenecco.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1184754696571015168

onlygoodn.com

# Reference: https://twitter.com/P3pperP0tts/status/1184774736494186496

coguiworld.com

# Reference: https://app.any.run/tasks/88ed0a76-7c1c-4e31-96e3-cc9b8d2ae047/

chirayugroup.in

# Reference: https://twitter.com/Paladin3161/status/1187160285884211200

manerck.com

# Reference: https://twitter.com/pancak3lullz/status/734808391835492352
# Reference: https://www.virustotal.com/gui/domain/zurekconstruction.com/relations

8gaming.tk
zurekconstruction.com

# Reference: https://twitter.com/P3pperP0tts/status/1189106674503766017

joindauto.com/onli/admin.php

# Reference: https://twitter.com/ScumBots/status/1189648684503519232

vman21.com

# Reference: https://twitter.com/Paladin3161/status/1186779578380873731

oackhond.com

# Reference: https://pastebin.com/29uSdMAk

jicago-jp.com

# Reference: http://tracker.viriback.com/ (# 2019-11-04, Pony)

http://185.79.156.18
http://194.36.173.109
http://94.102.53.52
2lcfo.com
aamran.com
acousticallysound.com.au
aec.co.ir
alharshagroup.com
amiriepl-aus.com
antonioguteres.com
avchennai.edu.in
belllflight.com
bioenecco.com
camautensili.com
captaincolemanphilip.com
carereport.life
chinalarnpbase.com
chisom.j.pl
coguiworld.com
f2wa.com
fatimasalman.com
forexdispatch.info
fouadalemadi.com
fuckxy22.com
goldenfashiondeeds.com
jajar.ru
jicago-jp.com
keissy.ml
ketof.000webhostapp.com
learn.cloudience.com
lifemix123.com
lojalstil.mk
lookatme-v65.gq
maganlagame.com
manerck.com
mgimpax.com
mrhenterprises.in
oackhond.com
officeman.tk
onlygoodam.com
onlygoodn.com
osa-co.com
owentr.ru
perspexfabricationsofbrisbane.com.au
pigeonwings.in
remabad.com
saliyumakan.club
samskuad.work
setauketpitahouse.com
shokeydservers.tk
shop-ukranya.tk
skylite.com.sa
spueriniromnangratinfo.tk
thedoorshop.com.au
tioq.ga
tourscentralasian.com
ttkplc.com
tumpengsemarang.com
vman20.com
vman21.com
vman22.com
vman23.com
wroft-fd.club

# Reference: https://app.any.run/tasks/ba3fa1fe-ea61-4579-918b-3d782b1c603d/

owenewturk.ru
myp0nysite.ru

# Reference: https://pastebin.com/7Ak2nP2T

yehovahbuilders.com

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html (# Win.Dropper.Fareit-7431743-0)

loqapeek.pw
xistoons.pw

# Reference: https://twitter.com/ScumBots/status/1210097313798086657

sbrbuilding.com

# Reference: https://app.any.run/tasks/f398fe3c-a494-486d-8d12-a08025f62091/

5.34.177.9:80

# Reference: https://twitter.com/James_inthe_box/status/1217781646717419520

1800propainter.com/sepp/panelnew/gate.php

# Reference: https://twitter.com/James_inthe_box/status/1217814277597220864

79.134.225.45:44556

# Reference: https://app.any.run/tasks/41969422-f520-4e24-bf11-fda6d7d91a50/

http://195.123.222.104/viewtopic.php
http://195.123.222.104/p/g_38472341.php

# Reference: https://twitter.com/James_inthe_box/status/1219670820500336640

ozteary.ru

# Reference: https://app.any.run/tasks/a329bb27-d552-4d45-8317-7c6eb7336584/

http://85.217.171.218/p/g_38472341.php

# Reference: https://twitter.com/neonprimetime/status/1220464928785674240

uphosting.info/pro/nanny/admin.php

# Reference: https://www.virustotal.com/gui/file/01224912907f1455f128aa33ff81bddef67c23a3be538c3aecdc7f95f6ef2f6c/detection

frteary.ru

# Reference: https://app.any.run/tasks/c2520065-cc72-4acf-addd-ddf61f9c0488/

http://195.123.240.67

# Reference: https://app.any.run/tasks/18bd5b34-e5c0-40aa-9eaa-ed86cca12a5f/

http://45.90.57.16

# Reference: https://twitter.com/wwp96/status/1226893051685199872

castmart.ga

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0207-0214.html (# Win.Packed.Ponystealer-7581286-0)

streetcode3.com

# Reference: https://app.any.run/tasks/0643b085-4919-444c-b674-949bd7967d53/

financeunitedgroup.com

# Reference: https://www.virustotal.com/gui/file/504e294991f1676fb7ecb712b19a110359ce25b89dcaf056b6c8b8aca13817f1/detection

cp71017.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/4a2fdeaf23b28536703058b0eda67ad6c5267d7fd2bfbc9214cb83eed1e6edd0/detection

cm05540.tmweb.ru

# Reference: https://twitter.com/ps66uk/status/1229853090662227973
# Reference: https://app.any.run/tasks/22607a2d-bbae-4a24-9525-d99b6636ee3b/

suspend-puncture.dvrlists.com

# Reference: https://app.any.run/tasks/3daa715d-efe6-4dd8-bc3f-ec9f9188bac8/

http://195.123.225.9

# Reference: https://app.any.run/tasks/7830938e-021d-4f6d-8b27-c791dfa4f530/

http://185.234.72.142

# Reference: https://www.virustotal.com/gui/domain/papergang.ru/relations

papergang.ru

# Reference: https://www.virustotal.com/gui/domain/opixib.bid/relations

opixib.bid

# Reference: https://www.virustotal.com/gui/domain/bags.mn/relations

bags.mn

# Reference: https://www.virustotal.com/gui/domain/dualserverz.info/relations

dualserverz.info

# Reference: https://www.virustotal.com/gui/domain/frankweb.club/relations

frankweb.club

# Reference: https://www.virustotal.com/gui/domain/aloucakbileti.com/relations

aloucakbileti.com

# Reference: https://www.virustotal.com/gui/ip-address/108.166.65.182/relations

108.166.65.182:80
108.166.65.182:8080

# Reference: https://twitter.com/SevenLayerJedi/status/979030953275293702

bundletops.ml
carikapapa.ml
centranets.ml
cuogargaming.com
dazzlelogs.ml
dunysaki.ru
efficienci.ml
erintoba.info
gokubid.review
grandmoney.ml
hostelunke.ml
hypercosine.ml
irishgrind.ml
pharma–partners.com
preutainer.ml
rolexkings.ml
stauniverseqp.com
suruperet.ml
taineruder.ml
theonlygoodman.com
thousandan.ml
totalguage.ml
uy-akwaibom.ru
viettrust-vn.net
vinglosine.ml

# Reference: https://exchange.xforce.ibmcloud.com/url/pony.lovekhao.com/panel/gate.php

pony.lovekhao.com

# Reference: https://twitter.com/avman1995/status/1054260755183353858

medipedics.com

# Reference: https://www.virustotal.com/gui/domain/ark.treassurebank.org/relations

ark.treassurebank.org

# Reference: https://www.virustotal.com/gui/domain/fishhd.cn/relations

fishhd.cn

# Reference: https://twitter.com/pancak3lullz/status/1054800229654945792
# Reference: https://twitter.com/Racco42/status/1051847768657014784
# Reference: https://www.virustotal.com/gui/domain/farmaboti.es/relations

farmaboti.es

# Reference: https://www.virustotal.com/gui/domain/perfectnobody.xyz/relations

perfectnobody.xyz

# Reference: https://exchange.xforce.ibmcloud.com/url/domsrv.host/panel/gate.php

domsrv.host

# Reference: https://www.virustotal.com/gui/domain/simbatekhomes.com/relations

simbatekhomes.com

# Reference: https://www.virustotal.com/gui/domain/masariqroup.com/relations

masariqroup.com
sensimatino.us
slimpityio3.us
slowidyter.us

# Reference: https://www.virustotal.com/gui/domain/sstorm1k.000webhostapp.com/relations

sstorm1k.000webhostapp.com

# Reference: https://twitter.com/0bfusCat/status/1054363637274603520

ali55551.co.kr

# Reference: https://twitter.com/James_inthe_box/status/1069928327861854208

cm-lagoa.pt/panel/

# Reference: https://twitter.com/_lockhum/status/1236426156511027201

treshbux.ru

# Reference: https://app.any.run/tasks/8f567536-cd55-4dfd-992b-92057b5fcb4b/

rohs.amd.my.id

# Reference: https://www.virustotal.com/gui/file/9df797811c3ad9f45f17ae71eb76f51345b1b9c858f85027f88ce6d1992a87ec/detection

hpsupport.site

# Reference: https://www.virustotal.com/gui/domain/animal-planet.site/relations

animal-planet.site

# Reference: https://www.virustotal.com/gui/domain/ubixs.xyz/relations

ubixs.xyz

# Reference: http://cybercrime-tracker.net/index.php?search=shotgumscy.com

shotgumscy.com

# Reference: https://twitter.com/James_inthe_box/status/1245023450239889409

kanavagronomy.in/star

# Reference: https://twitter.com/_lockhum/status/1246080178037686278

ks-marine.com

# Reference: https://www.virustotal.com/gui/domain/regul.club/relations

regul.club

# Reference: https://www.virustotal.com/gui/domain/chomik.pro/relations

chomik.pro

# Reference: https://twitter.com/Jouliok/status/1247039700013060101

kanavagronomy.in/star/panel/

# Reference: https://twitter.com/pancak3lullz/status/1249696308182626304

schelliing.com

# Reference: https://pastebin.com/0MH0gsyv

ardstiobek.com
ationsopors.com
hoagoomde.com

# Reference: https://pastebin.com/dtR7uD4k

jaling.aba.vg

# Reference: https://www.virustotal.com/gui/file/f3ee2c7189752aa65a0803d879a3be59384eab730d31edddff4c61e2fdd2d738/detection

clogwars.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.22.87/relations

fitollday.site
gdboot.site
figjfigjeordhjdofijhdifh.xyz
huysto02.xyz
lsdldllatoooyrs.site
mantiak.site
perlof.site
uiotpe22.xyz
votonline1.site
wotonline.site

# Reference: https://twitter.com/James_inthe_box/status/1266005512958603264

http://185.177.59.58/viewtopic.php

# Reference: https://www.virustotal.com/gui/file/95ef821c5a53d006083999f9b3fde8ad97e750de5fb409e0e55f81fa0bc77cc3/detection

mmxgfzadrian.xyz

# Reference: https://www.virustotal.com/gui/file/1146b539c57e8e02a6ec06478e527e2c2e6a3ff2a5519ba4a2ecc848dc092692/detection
# Reference: https://www.virustotal.com/gui/file/cfad38ea55054337012e0e3c4794973fee9e3c8df85523d23ac6ca6cba939b82/detection

45.125.66.95:3067
chainonline.info
elizvanroos.info

# Reference: https://app.any.run/tasks/68e6eb87-8e50-4f65-b8a9-198835c38327/

sikatech.id/ek/panelnew/gate.php

# Reference: https://www.virustotal.com/gui/file/4db990e83b4c9c954f1b67860a332d7beb60c90ea1f7506367c5e7a475ec0773/detection

http://142.202.188.249

# Reference: https://www.virustotal.com/gui/file/c41afec81d70066b62ddbfae7e4ec8aca49d0cc3618241aa2605d35d3250bd98/detection

http://167.172.200.71

# Reference: https://www.virustotal.com/gui/file/a65ae2280a477d1f4028357bb6c6bf4a37b4c2a3fcf0c889f318461197abc665/detection

a6281279.yolox.net

# Reference: https://www.virustotal.com/gui/file/53557a2a8de9c5e63522a07a7a22de4d17f24aa6cadec6253847f850e7a174f2/detection

pownedfag.pw

# Reference: https://www.virustotal.com/gui/file/aabd0002fb1cb950183dcc708e577c453352269615bd0aceda66d6304d4e67bd/detection

gracetime.tech

# Reference: https://www.virustotal.com/gui/file/ce8b0159ff9a487ca5ab2bfd4c48ed46c5c6a7940d8aab1989ea7955f65aac01/detection

auctlon-uk.com

# Reference: https://www.virustotal.com/gui/file/1299e0cd6b02c747a4287b79df4c226087d24bd7c214712b06b45638c29b0553/detection

185.125.205.87:61956
93.87.38.14:40401
u17094677.hopto.org
ugo123.hopto.org

# Reference: https://www.virustotal.com/gui/file/22c76ac2f5c68294833d9a3ff775d1338a4b5c4981f963ba997c021054b58c3c/detection

handrass.co.rs/admin/yaga/gate.php

# Reference: https://www.virustotal.com/gui/file/759ddb574a13f2cc2e8a1881dd902a87fd384bd4a14175bfe130f79c32453f02/detection

zibind.tk

# Reference: https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html (# Win.Dropper.LokiBot-9243098-0)

boquils.ga
ragasgki.tk
sigawd.gq
ymams.cf
fav121.hopto.org

# Reference: https://www.virustotal.com/gui/domain/macniica.com/detection

macniica.com

# Reference: https://www.virustotal.com/gui/file/76d06dadece18708fc903740be8ddd66d7ae0bfc8ea3c6650cea004074f39c93/detection

global-dahuatech.com

# Reference: https://twitter.com/ganeshnathan28/status/1296327928649842689

logix.co.za/wp-admin/xox/
zsqwwxcgtyu.cf

# Reference: https://www.virustotal.com/gui/file/f1c22af163d2617e9aeab926c94a73f8a57f0c8387daa684d29c8b7799207819/detection

miladko.com

# Reference: https://www.virustotal.com/gui/file/18906ac67ea07ae57c5694c5a557f67b587c2ffd9a60c0b3f073074d7f2c9fee/detection

dodontrami.com

# Reference: https://blog.talosintelligence.com/2020/09/threat-roundup-0828-0904.html (# Win.Malware.Ponystealer-9635182-1)
# Reference: https://www.virustotal.com/gui/file/046dc3a0c3a02063fdc3b3cd62e8c1020b9171d9d885833a21c21cb0a9da9387/detection

datetimes.cc
mqvbi-jloa.in
xbgmttu-zlymbjs.in

# Reference: https://www.virustotal.com/gui/file/2a683655a9c956bc837825e76fc2e2cc364753de4688adb644d089f6d3f58565/detection

http://63.249.148.70

# Reference: http://cybercrime-tracker.net/index.php?search=topwebappdevelopmentcompanies.com
# Reference: https://www.virustotal.com/gui/file/2932fc5a8f05d1a863283c5329d139e447c556a2117c471af92c0232a12275f2/behavior/VirusTotal%20Cuckoofork
# Reference: https://www.virustotal.com/gui/file/0a0255e4b991bb04a058f7eadb0bb4d783a8a25476e033e30e97e3c96f89d330/behavior/Dr.Web%20vxCube
# Reference: https://www.virustotal.com/gui/file/84798070d875865211b591ff6744da73540c080e1a5ed2223a46bf57328d03eb/behavior/Dr.Web%20vxCube
# Reference: https://app.any.run/tasks/35f15646-5c2e-471e-9a9c-9fc19486499d/

topwebappdevelopmentcompanies.com/server/
iosappdevelopmentindia.com

# Reference: https://app.any.run/tasks/78eb68e4-d04b-499f-acdd-ec1a1a5f0912/

reninparwil.com

# Reference: https://www.virustotal.com/gui/file/46cae03bdff36a9800bbfb8f3329bb998b07851aae6448822a6d796f4005e874/detection

bountymarine.net

# Reference: https://www.virustotal.com/gui/file/bd9acaa56cd66e1c471bdb087a53d70b830ff9ea0f35532d9dd75ee8455cc4bc/detection

wonforhall.com

# Reference: https://blog.talosintelligence.com/2020/10/threat-roundup-1016-1023.html (# Win.Malware.Ponystealer-9778326-0)
# Reference: https://www.virustotal.com/gui/domain/autocuga-mx.com/detection

autocuga-mx.com

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/3757d0cdf86233d9ca139d414dd7b1cb19ae824514490f747fcc931cf9ed750d/detection

afyseinc.xyz

# Reference: https://www.virustotal.com/gui/file/799e6ac8523388365121f3b2210fe66967e9733ca4a0fd328f340a1042fe3d99/detection

create-customer.site

# Reference: https://www.virustotal.com/gui/file/176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5/detection

mindtimeshare.bs/wp-content/themes/twentytwelve/wel.exe
antonolsve.com/wp-content/plugins/wp-db-backup-made/joke.exe
supersolar.jo/wp-content/themes/finesse/dir.php
dcore.co.th/wp-content/themes/yoo_sync_wp/plugin.php
elearning.everpharma.com/wp-content/plugins/wp-survey-and-quiz-tool/lib/Wpsqt/Page/Main/Questiondelete/web.php
firearmengraving.com/wp-content/plugins/wp-db-backup-made/start.exe

# Reference: https://www.virustotal.com/gui/file/33a543506372a82c12e5663afb727654cd1dae640450f9338210fe82e04f94aa/detection

11189334.xyz

# Reference: https://www.virustotal.com/gui/ip-address/46.105.135.208/relations
# Reference: https://www.virustotal.com/gui/file/508dd4664cd2c958eb3d650be092b5573c53a777b87342a860a0365486bedad1/detection

46.105.135.208:21

# Reference: https://www.virustotal.com/gui/file/e566eb85809a8f3d4c1220f1af5e1332298cebdf6d1df0ea415f2be917edca6d/detection

acodeert.ru

# Reference: https://www.virustotal.com/gui/file/f58693db0d2e4adbc13cd9b9340823b73bb3a1089b04cdea38d69130de5b4db3/detection

dr-sea.by
dreamsmile.24host.lt
skopych.kiev.ua
somad.md

# Reference: https://www.virustotal.com/gui/file/683725e1b84b8fe030660acaac5639d6be296a2e727dc446c270c043818170c0/detection

anixtier.com

# Reference: https://www.virustotal.com/gui/file/164ab5637997a1099741c68c7b433ebe4a3690032a68b36be66e6478374d65e6/detection

213.227.154.174:2222
googleforshares.publicvm.com

# Reference: https://www.virustotal.com/gui/file/67a2f9ba5232305e902120428f5fc71c0f8c746a4d94ee40be59431599602440/detection

45.61.136.214:1337

# Reference: https://www.virustotal.com/gui/file/61ae8a011922642c279bd1fef2dab6a3690d12fab4f7ea326f6565a8a7a2cda7/detection

45.61.136.214:4782

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Fareit-DHP/detailed-analysis.aspx
# Reference: https://www.virustotal.com/gui/file/93e1f798b7a4b6816358d43676cc8835f21690772a3993f2cdc68826f2df931e/detection

alilancles.eu

# Reference: https://www.virustotal.com/gui/file/1c5a230b8a3f8d939b2b1b4ebd1e674ff1ee321f3808b8598bcb0bf1018bc162/detection

365daysfreiqht.com

# Reference: https://www.virustotal.com/gui/file/86aaeb3480ccaa4421857ef6ee31a1e5dc25b4d0c8ba94ad6b77e8dd18c41767/detection

cs6hgg.pw

# Reference: https://www.virustotal.com/gui/file/b014f35c52ad7c44884969263dd9ff8246a7b069f3f18b4bff2759c180f27107/detection

34324325kgkgfkgf.com
dsffdsk323721372131.com
fdshjfsh324332432.com
jdsiwiqweiqwyreqwi.com
/dffgbDFGvf465/
/dffgbDFGvf465/YYf.php

# Reference: https://www.virustotal.com/gui/file/b8a4f7ea245095dc674bd609437766941eb5d4c594055cc9780edf15442bbc04/detection

0lmue.com

# Reference: https://www.virustotal.com/gui/file/942411f2fa054ec621023c6b9b4ad3b92372697da43eb38d2b661f80e19e6deb/detection

dota2id.org

# Reference: https://www.virustotal.com/gui/file/0173459f625e82c08282f2b312bdcdda9756c0ceaa593cfd7fb1a461c647eaee/detection

popdown.me

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Pony)

0uk.net
365daysfreiqht.com
777rhims.dhcp.biz
aagigantic.su
ads-ti.com
advwebs.com
afo-pikin.favcc1.com
agreleen.com
alabaisse.com
alabaka.net
albani.yzi.me
albany.yzi.me
alexprivate.tinhost.ru
alhaidenelc.com
alibooostr.us
allverdantgroup.tk
amaobi.besaba.com
amerillia.net
anet.fb7928fh.bget.ru
asharf.com
avscanner.in
babax.esy.es
bestali.in
bobypony.olympe.in
botsworkingnets.net
bubusender.com
chaseonlinepc.com
cnboariufeng.com
coco-bomgo.ru
collectcoins.net
cottontail.co.in
d-mmoney.favcc1.com
dazdraperma.co.uk
dc-oc-01.org.ru
devicewindow.comule.com
dewnfoods.com
diceroll.in
die-smartfahrer.de
dsffdsk323721372131.com
e11bay.com
ecoed.com.ua
edwkapou.esy.es
em826392.ru
eminem1234.serveftp.com
epvpcash.net16.net
erogluboya.net
etonow.comule.com
eurotsl.com
exportusa.in
fasunshi.com
foxgroups.in
fredpappy.com
freefinder.me
frostite.biz
ftp.amibyte.com
garmonika.com.ua
getdealss.co.in
goodyz.yzi.me
greatworks-inc.in
gtatoronto.com
guiness.qubelab.org
guisoft.pw
h65276.srv0.test-hf.ru
hfcindia.org
hillsboraviation.pw
holytrinitybless.in
igwe.3eeweb.com
indo.3eeweb.com
ing.postb24.in.ua
interconsort.net
jahexportandinport.in
jinglyy.in
johnbrown.hol.es
jokehkingshf.tk
kimclo.com
kizzy.favcc1.com
landmarkprod.com
lanzaplayeras.mx
lllpo.zz.mu
loft2126.dedicatedpanel.com
lovingthe.crabdance.com
m21lz2fzd.mdutmdu.in
marmedladkos.com
maruti0s.com
masssucess.favcc1.com
master.yzi.me
mecublisxlux.us
medgames.uphero.com
megaspmimzx.favcc1.com
meziamussucemaqueue.su
microsoft.blg.lt
microsoftntdll.com
mideastshippinq.co.uk
mindzalloted.favcc1.com
mix.hostreo.com
mm1lz2fzd.mdutmdu.in
mo.favcc1.com
multidantrading.in
mw1lz2fzd.mdutmdu.in
my.digitalfilth.info
n21lz2fzd.mdutmdu.in
nettlerok.net
neways-cn.com
ng1lz2fzd.mdutmdu.in
nodulling.in
nozeuropan.esy.es
nvvkcabizsllcgroup.net
nw1lz2fzd.mdutmdu.in
oboyouk.comoj.com
oscanpro.favcc1.com
ow1lz2fzd.mdutmdu.in
pantamati.com
peakedcar.info
perfectmoney.info
photographytoday.webatu.com
pont.dyndns.dk
ponystealer.hol.es
propcons.in
puppyclothesshop1.net
rasakltd.biz
rays-auto-parts.net
reloadspamzx.fav.cc
rockalex.0xhost.net
rugate.pw
ruinforums.com
ruyalwayaco.biz
samebizon.in
santeol.su
saraconnor4you.com
savenetquest.com
saxychiomzy.info
securenetsystem.net
securityguard.co.in
settlemee.com
shreakspamx.favcc1.com
smoothpanelz.allalla.com
softupdateconnected.eu
soulflower.com.mx
spimixspmzy.favcc1.com
srnsaexpress.com
strejdaido.cz
sunbulahqroup.com
swatnet.comoj.com
tambira.in
teanalitica.com.br
terra-araucania.cl
timago.biz
timetojoy.in
toolsinc.info
tripplem2.com
tuttyfrutty.hol.es
urna4utvarcbis.net16.net
vivaciouz.biz
w-optimierung.net
warlordsltd.in
whiaz.ru
wienu.com
xlm0bile.us
yegor.fr
zenderr.net
zluka.name

# Reference: https://www.virustotal.com/gui/file/1ea560ea6d7b723313419c77f1c46fb727d371c78157a71459b6a3f04ffb2902/detection

avastsupport.net
rop.so

# Reference: https://www.virustotal.com/gui/file/3590b486fedb97947e44183ac55e23ece55b72bc3a144604bb0f39d1e00f95ff/detection

arya-foundation.de
familiapaixao.coconet-us.com
jaycees.co.uk
maschinen.be
oliviagurun.com
onecable.ca
onlyidea.com
originalpizzaplus.ca

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60 (# Madness)
# Reference: https://www.virustotal.com/gui/file/ba8c11ce14def85cbc2e8a7fdb9caae477bcf736e28fc616fd239eb33f0e925e/detection
# Reference: https://www.virustotal.com/gui/file/427a03f9a009f9953710b88c51748aceaf974b51105597c8a1b046dffc1e700d/detection

cpnal.ru
opror.ru

# Reference: https://www.virustotal.com/gui/file/f6f4a51766efda3e303eba71fea8d6bc4c844a73df6f5dae217642f6435a8c49/detection

comp247.biz
gnom247.biz
nadman.ru

# Reference: https://www.virustotal.com/gui/file/5afdea95896046a89ddc35149bce14ace5b9b7629d7c16e682cc58d5383ddc30/detection

freepronxx.biz

# Reference: https://open.appscan.io/article-235.html

1x1exit.su
acasiaenterprisellc.ru
acpaeqypt.com
adobecss.su
agulino.com
alexhillipark.ru
alexshippingworld.ru
almerlmarpuerto.com
apaksahasp.com
arabcontractingsnetwork.click
archerchern.com
arlights.net
arnistorner.xyz
ava-company.us
besic-cn.com
blasternoon.ru
borployfoodlndustry.com
bringthemfresh.ru
brsbrokerz.com
bunnertop.ru
chakratae.com
charkolweb.com
chubygroup.ru
chucks10.ru
civicbrokers.org
cnsmlco.com
coco-cola.org
deliber.ru
di-san-tr.com
drielini.top
eeceeg.com
eglsm.com
elihanss.ru
enesmarketing.ru
exipogreen.ru
forwardever.ru
frank74148tmweb.ru
frexhprince.ru
fyzeeconnect.ru
galladentals.com
gamneit.com
garvrelslinkz.ru
geodurgg.com
ghdm.site
giblink.xyz
goldshoppingclub.ru
grcfvspd.ru
gtrtooloo.com
htmltrainer.su
iiltd.ru
ik.agulino.ru
injprivateserver.ru
inquitity.com
inuosbug.xyz
jonnychangginc.ru
jsadas.site
kaylastwan.com.weeklypayla.com
kimki.ru
kingskillz.ru
kogicyberboi.ru
kolno.pw
kpic.co
krovne.win
kudisman.ru
leadskit.ru
lekkihunterz2.xyz
loveclara.su
megaagro-my.com
metalgearexploit.ru
microintegratedservice.com
microsoft-security.co.uk
milanosss.ru
mnbvcxz.biz
montenig.com
mqbearing.club
mylicense.ml
nitrolasty.gdn
nuturekit.ru
oceanshipforafrica.gdn
olujan.ru
onwajan.su
opemdiprojat.com
opixib.bid
osmn-no.com
oxylala.gdn
ozo.microintegratedservice.com
papergang.ru
planetpharma.ru
pmscmarineinc.biz
poongshim.ru
powerbal.ru
qliuspecialsteel.com
qu.agulino.ru
refaccionariavertiz.club
ru.agulino.ru
saygeebusiness.com
secureaccount.ru
servkillfeel.info
shimedzu.eu
slyopez.ru
stayclams.com
street-esteem.ru
street-men.ru
street-mens.ru
street-takeover.ru
street-upp.ru
street-up.ru
street-ups.ru
sugesfares.com
swissled.club
syntechfibers.com
tee-gr.com
theonlygoodman.com
tianythread.com
tierastyle.co.uk
ttmaiil.com
usacouriers.ru
vshiips.com
waba.gdn
whytepolo.ru
wonforhall.com
xaba.gdn

# Reference: https://www.virustotal.com/gui/file/91def39bc00beb241d07226f1b9d1eebf46ecf7b3622f1ccb30de82e464925ce/detection

testdomain123.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/685dd0a2d39c3db14cf3ee7abc804dbfa084060f99555db7e1ed915f99d6aab6/detection
# Reference: https://www.virustotal.com/gui/file/74e82708e5ac9eea253f3701bc625cef1ffc6385ee96954ddc586e198bc8dd41/detection

mymoney.000a.de

# Reference: https://www.virustotal.com/gui/file/13f7feca03cc4658ae36f4c59ac0234ffbbb6f98c94c5473f4cd0c1affdcde5e/detection
# Reference: https://www.virustotal.com/gui/file/f89b4386af8382bc0b8d2ed71a3bd929176ea00b22bfdeb5b284364f5ad1598f/detection
# Reference: https://www.virustotal.com/gui/file/94378919a54c15a4600c728d4833ae00888b91cf15460789a475220875d7b804/detection

cyprolicker.org
giimaforni.com
potpourigroup.com
tmlbd.com

# Reference: https://www.virustotal.com/gui/file/8fbc1d234402e61bd58afb8d5124fed94c6abdc5d2cd560a1aec462c7c3b0c22/detection

energost.pw

# Reference: https://www.virustotal.com/gui/file/fb286261e05ecc59129b190cdfacb18bad5d95be8f62115820128af050969df8/detection

a0158977.xsph.ru

# Reference: https://www.virustotal.com/gui/file/3b68a7e2820d6848717d3d22d1f6d7f347a3e096e13d8aa1000fd22a068139f2/detection

a0158290.xsph.ru

# Reference: https://www.virustotal.com/gui/file/922ac28ee8ee1930f12578a25ed96ad79c00d439b77734ff722ba82c34087510/detection

a0157140.xsph.ru

# Reference: https://www.virustotal.com/gui/file/991b538d3123c239543cf6332fb9623b7d328ffcdd5e967696b60bd7c6dcbbc4/detection

a0159320.xsph.ru

# Reference: https://www.virustotal.com/gui/file/bd9a1053022aa38cd309ab6e38fb746689aa69c06a93c1a68aeb3fd01199debc/detection

xeroxvvv.website

# Reference: https://www.virustotal.com/gui/file/c560d5a0ce4b3498d9bb47ce3c58b2445ec51b6200f9afa3de329aa2e65206cf/detection

http://45.15.143.189

# Reference: https://www.virustotal.com/gui/file/526549f533edee2e4f4ed7ce51ebbae320f3190db918820390cef0d298bc7536/detection
# Reference: https://www.virustotal.com/gui/file/33c117b46e358136803cb654483926a8eaaacd923b994c76b420d038550e6ba0/detection
# Reference: https://www.virustotal.com/gui/file/67789544d47cf8caaeb828baf0a5c8c1876ec6b8d2e04ae240760d131317f1a2/detection

derrick0987.hopto.org
flylinks.damnitjim.xyz
i-waveco.info
oasispmp.us

# Reference: https://www.virustotal.com/gui/file/e428cd3f032a62fac30bf1b4ee4f7e4f625d8fc8c201a6bf646b26fb23fe4e93/detection

dettar.xyz
ezpz1.xyz

# Reference: https://www.virustotal.com/gui/file/6e9132df04a65617f41d4a35fafbcf29b99d9d3e2296e933cedac884d89e18c4/detection

fojasoftwareaudio.ignorelist.com

# Reference: https://app.any.run/tasks/9d800c6a-aac7-4cc0-8978-de39b14698ad/

rowleftette.com

# Reference: https://www.virustotal.com/gui/file/5bb23670b1fd229c3ba9ab0b25839e715a90af8f01654f4b92134f7692e117fb/detection

http://176.111.174.247

# Reference: https://app.any.run/tasks/e3e3bc92-b1d0-423c-a25a-56830034c337/

loomisnet.info

# Reference: https://www.virustotal.com/gui/file/dbe3698b1bf2cbaec7eb37173913f94c83556e2767b6721b7d4ef1a444de4794/detection

http://185.212.47.95/api.php

# Reference: https://www.virustotal.com/gui/file/933784c037d301842a260f238f52dd54c4d2028155577cd239ce6d949802adaa/detection

stikerivk.ddns.net

# Reference: https://twitter.com/wwp96/status/1370801379531440130

http://78.198.121.158

# Reference: https://twitter.com/wwp96/status/1372012538699862017
# Reference: https://app.any.run/tasks/4187356f-eeec-40e9-8127-0d242ae6fb5f/

http://62.76.179.74

# Reference: https://twitter.com/wwp96/status/1372553096438628356
# Reference: https://app.any.run/tasks/32c1d17c-6eb6-4720-99b5-5d92305f3ecc/

/b99c0a8e1a09e668a18f59825/gate.php

# Reference: https://www.virustotal.com/gui/file/0dd3c483fb5ce9e2690ebab5c31d2356591166039f8df45a82bd24314add242d/detection

joeing.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/76b1894c0d9461eabab5edfc25e3fc7964e87f33725a4c2304c45b0d0c4e1e8f/detection

a0482000.xsph.ru

# Reference: https://www.virustotal.com/gui/file/2396718872bb6f8a4828eb6590eae58adc2f2826678e08d6bb6030870c2aa960/detection

http://203.159.80.141

# Reference: https://www.virustotal.com/gui/file/dfa7badf7435335ac99b94bde2d70810fc36d5055cf0acf8b96120162bef34cb/detection

http://45.144.225.196

# Reference: https://www.virustotal.com/gui/file/3769c64f13b9f72951967ee639b7ecf589145f1e016650d6974fcd3cbbc90511/detection

http://150.136.155.177

# Reference: https://www.virustotal.com/gui/file/33e21a62ea0c6a0a228de14bc82c2a7c18aec47b648e616e5059c261ae4726ae/detection

105.112.36.26:19841
181.41.214.6:19841
185.166.236.103:19841
46.36.37.167:19841
59.125.171.210:19841
kasmac-tw.com
salvation.noip.me
slyopez.bounceme.net

# Reference: https://www.virustotal.com/gui/file/18fb2937c40f595a4e6453e2a3574e09cbe188b1da1deb80cf83bb475ef5cd5a/detection

23.105.131.188:1718
qusar.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f91da4e87e76115d71aaf4a69fecb79539bd1c142a85c97ec03fb27437ae2403/detection

faridatiannery.com

# Reference: https://www.virustotal.com/gui/domain/nobletech1.tecktalk.org/relations
# Reference: https://www.virustotal.com/gui/file/834dbe56e650626ed503c7255ff4aff1ec9588f24bf36c950e7c20777d6ecb1b/detection
# Reference: https://www.virustotal.com/gui/file/8d114fefa019925f29db2acdb0ef80702d1c1f8d95f75f90b468a3322abe861b/detection

nobletech1.tecktalk.org

# Reference: https://www.virustotal.com/gui/file/b13e5d7b8bda9a4278fd1961b7b1ac31c9c25155ce96dffc17e17dce8b742f05/detection
# Reference: https://app.any.run/tasks/79717dde-799f-4a7d-91bd-3987bd926cce/
# Reference: https://app.any.run/tasks/dc829ccd-4333-4f57-9546-3c590c03d697/

egamcorps.ga
impexsounds.xyz
meshfabricspad.com
/%7Ezadmin/
/%7Efifaregi/
/%7Ekudi/

# Reference: https://www.virustotal.com/gui/file/a82a33c17a1e531adff6d061370ba9afc05e1bb1a1097197c4121c80461cd535/detection

ofm-it.com

# Reference: https://www.virustotal.com/gui/file/e8c043918b44ff6bfcf1fb41825ae590054f399a1973c643eaa0e2ff393249fc/detection

secured-login.tk

# Reference: https://www.virustotal.com/gui/file/f2c9ce73d96c24cdd9375eb2c3a4e5ae8477351c616fa845f14317dc85037375/detection

solaceday.xyz

# Reference: https://www.virustotal.com/gui/file/bb431d3b2815d141ddd57eaf0e9f4333af6580c6c8d2ec8f5670c8bea9a892af/detection

koisking.xyz

# Reference: https://www.virustotal.com/gui/file/935b5a54daf00b91242448e8ca8a44bd7c39d925b2f72f99f9135d1b3faefb3b/detection

zuluworld.ddnsnet.ga
zuluworld.ddns.net

# Reference: https://www.virustotal.com/gui/file/2a03e35e53b9f75e1f5bce28bdc9ea546ff84cfcaefda84325d939e62fe5264c/detection

checkz.tk

# Reference: https://www.virustotal.com/gui/file/54903304bf644cddf60994fcc7b5e7ca6e5b74f79d574b1d1ec727606e05c16e/detection

pepto.ga

# Reference: https://www.virustotal.com/gui/file/698b288d7a617787d5a1ff571a027a8fc307dd499f590650697d06e0d34deaa0/detection

pepto.cf

# Reference: https://www.virustotal.com/gui/file/978ecd3c93586ae5214bb7381e756d5e810f9b7e0bda17bd89a1cbbe8ffb52fd/detection

pony1.microsoftups.com

# Reference: https://www.virustotal.com/gui/file/a6f175e435ec43d35521cf9d1c4118c07623e44cac5127e56aec2210c272f0c1/detection

pony2.microsoftups.com

# Reference: https://www.virustotal.com/gui/file/f7879a8722b8e1a6cb9ec42748242cdddc6eaa35df690f04bb4835aefb991230/detection

pony3.microsoftups.com

# Reference: https://www.virustotal.com/gui/file/ae164e6fe6d8eb7d3b09061208d44095c3c2f0eadb0ef6fb04361a381c615e65/detection

pony4.microsoftups.com

# Reference: https://www.virustotal.com/gui/file/9a7d9a63965899ac048b9e4dfff2ab8029f6f79f853ea76d545835609fa62b79/detection

himam.club

# Reference: https://www.virustotal.com/gui/file/3172705f036d6da3c2cd2efc641f7acd4f78e432c484a584a33856daa4a6df02/detection

bolyton.com

# Reference: https://www.virustotal.com/gui/file/d9afb91b266642909b2f207b203b2bad021f3a7e7870bbe5a00ea5b81c939009/detection

persio.gq

# Reference: https://www.virustotal.com/gui/file/3f3a8c2270dfdd5fa571549ed477566a069cc8ea227eb0e928bc431f0bbfc441/detection

ce96459.tmweb.ru
cn56515.tmweb.ru
cq69676.tmweb.ru
cq80409.tmweb.ru
ct90806.tmweb.ru
cy36186.tmweb.ru
cy65488.tmweb.ru

# Reference: https://www.virustotal.com/gui/file/7125944ea9af9bf9bb41e4c09354b74da92f53a6a7c87ade45663cefac5626a6/detection

central.pk

# Reference: https://www.virustotal.com/gui/file/4bea241faedf7f07c8a529009c0f670727848224412589dc6ad55bfaf44a9bf2/detection

vsama.com

# Reference: https://www.virustotal.com/gui/file/5d06644da235c19854e399bfcf67f6ed6f5751759ac990d7e7fc79c9a0e76543/detection

argeesportswear.cf

# Reference: https://www.virustotal.com/gui/file/1e255c34a95039f7d97a945a7da11a16d5a75e1233f91b20f22805fc86518bf9/detection

z92074ju.beget.tech

# Reference: https://www.virustotal.com/gui/file/0dfe8de9acd280a618796367d37eb19d87238a5f9c4b1c81f25e2ec85def4bde/detection

chunkgrind.com

# Reference: https://www.virustotal.com/gui/file/d06dddaa311faa9ceba12a7345f43cdc2a9985ca2dfbf8bc96079fae22616ee1/detection

scb-hk.com

# Reference: https://www.virustotal.com/gui/file/c1dfde40b14cec8a49dbe6b6d6470fa9de15348e8d7939c5b92c9522d9e41230/detection

secondgate.pw

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt
# Reference: https://www.virustotal.com/gui/file/d9f75af2f8193b6ba326987d3fe983d06bc5ca1285095a51914117c30f4d7f3e/detection

filebee.pw
nicekoks.pw

# Reference: https://www.virustotal.com/gui/file/5a0be6d19d37d25adf511f7b16f09acae9cd5712d0a4870d1e2a8e875f2c9bb5/detection

tonyguo1234.serveftp.com

# Reference: https://www.virustotal.com/gui/file/3936c7803d8d75fdde372bbaad85fe9b197789b7eaa9901a835cb2f3adf18c0f/detection

ponyhorny.xyz

# Reference: https://www.virustotal.com/gui/file/26ec3c1d781c78260806f821c3037592bb650c5939b89cd91fbaa4ccf1ea3619/detection

geckion.gdn

# Reference: https://www.virustotal.com/gui/domain/spinaert.com/relations

spinaert.com

# Reference: https://www.virustotal.com/gui/file/7c9a77d2596ca41eeff2bb4e5ff0c7699d47f7d270bd90635438bf36bbcce776/detection

synclogs.com

# Reference: https://www.virustotal.com/gui/domain/kaydante.biz/detection

kaydante.biz

# Reference: https://www.virustotal.com/gui/domain/lamdamartime.com/detection

lamdamartime.com

# Reference: https://www.virustotal.com/gui/file/167308e909225a767e9ac239076c9d33e22143a1975ca45d7eddf6b6cc948c40/detection

lmiseamasters.com

# Reference: https://www.virustotal.com/gui/file/1a2a1c0dc64627a7af7589c1eef22301b7470de9c397069c11e2442537d3fbfe/detection

atlass-eg.com

# Reference: https://www.virustotal.com/gui/file/18f3aaaeb7d86c3e93942597cee21fb9f1705d1dac9827819dcd34aef919abef/detection

mypony.nl

# Reference: https://www.virustotal.com/gui/domain/myponyhost.hol.es/relations

myponyhost.hol.es

# Reference: https://www.virustotal.com/gui/file/75c398c26f0cf9ae54e1abe2225032cf343b225b9028c3dc4beac951c7c59795/detection

tai-chucks.ru

# Reference: https://www.virustotal.com/gui/domain/tiptop1.info/relations

tiptop1.info

# Reference: https://www.virustotal.com/gui/file/fc61feb2486002c03deb8284376e3693da84dc94a95cc4ea4c636386a6a2d772/detection

ewfplkgb.cf

# Reference: https://www.virustotal.com/gui/file/bc67b90e2a5c0631ce748b2d6781cfc7e1b945b7db71c4d31bbb7282c139cc47/detection

http://104.233.105.159

# Reference: https://github.com/hardenedlinux/hardenedlinux-zeek-script/blob/master/scripts/frameworks/intel/OSINT/CYBERCRiME-03-03-19.txt

ctssint.com

# Reference: https://www.virustotal.com/gui/file/5f2fe8dff49820aac1cc8b8a6961fac8645baba35fcdd2c57216ea35498e52f8/detection

mathargaehan.com

# Reference: https://www.virustotal.com/gui/file/9e1a2c9d96432c50595155d6b3f4f505be90d4fc957a647e31a804c534fa2e3e/detection

al-hadin.com
michmetals.info

# Reference: https://www.virustotal.com/gui/file/7d399fc4c0333a8d2c01543a0ab1045c7d1f895cb65f69f812be35fd65e30047/detection

sroomd.ddns.net
sroomdd.ddns.net

# Reference: https://www.virustotal.com/gui/file/6663c56849a20cee6564936674af41ad2cffacdad78f759366bd0468ad8eb0b7/detection

http://96.8.121.170
/api/resultado/?format=

# Reference: https://www.virustotal.com/gui/file/960824c28cba202b8945e17494b07ac221c205c4edc3af4e1d8986cda5beff9c/detection

jack-wilson.cf

# Reference: https://www.virustotal.com/gui/file/2f3a2fe6190f57532a8f5b7a10aa776fb03e049e2bf532a8869d2043eac39728/detection

3123456789.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/721e101bf6b20af8ed42cef7ddb157063aa34f63d3d29c003909312f85b65480/detection

adssss.no-ip.biz

# Generic trails (heur)

/d2/about.php
/css/gate.php
/krow/gate.php
/mlu/forum.php
/host/server/gate.php
/fgdds/admin.php
/fgdds/gate.php
/flake/gate.php
/gag/gate.php
/hafsf/admin.php
/hafsf/gate.php
/HASDK/gate.php
/LKJHGDS/gate.php
/p/g_38472341.php
/p/z05857687.php
/phdpaswiw/gate.php
/ponney/admin.php
/ponney/callback.php
/ponney/gate.php
/ponney/index.php
/ponney/login.php
/ponnie/admin.php
/ponnie/callback.php
/ponnie/gate.php
/ponnie/index.php
/ponnie/login.php
/pny/gate.php
/ponychin/gate.php
/pony/admin.php
/pony/gate.php
/pony/panel/
/ponygrace/Panel/
/ponypanel/admin.php
/ponypanel/auth.php
/ponypanel/gate.php
/ponypanel/index.php
/ponypanel/login.php
/PonyStealer/admin.php
/PonyStealer/auth.php
/PonyStealer/callback.php
/PonyStealer/gate.php
/PonyStealer/index.php
/PonyStealer/login.php
/ponyz/admin.php
/ponyz/api.php
/ponyz/auth.php
/ponyz/callback.php
/ponyz/gate.php
/ponyz/index.php
/ponyz/login.php
/ponyz/page.php
/pony11/admin.php
/pony11/api.php
/pony11/auth.php
/pony11/callback.php
/pony11/gate.php
/pony11/index.php
/pony11/login.php
/pony11/page.php
/pony22/admin.php
/pony22/api.php
/pony22/auth.php
/pony22/callback.php
/pony22/gate.php
/pony22/index.php
/pony22/login.php
/pony22/page.php
/pony33/admin.php
/pony33/api.php
/pony33/auth.php
/pony33/callback.php
/pony33/gate.php
/pony33/index.php
/pony33/login.php
/pony33/page.php
/pony44/admin.php
/pony44/api.php
/pony44/auth.php
/pony44/callback.php
/pony44/gate.php
/pony44/index.php
/pony44/login.php
/pony44/page.php
/pony55/admin.php
/pony55/api.php
/pony55/auth.php
/pony55/callback.php
/pony55/gate.php
/pony55/index.php
/pony55/login.php
/pony55/page.php
/pony66/admin.php
/pony66/api.php
/pony66/auth.php
/pony66/callback.php
/pony66/gate.php
/pony66/index.php
/pony66/login.php
/pony66/page.php
/pony77/admin.php
/pony77/api.php
/pony77/auth.php
/pony77/callback.php
/pony77/gate.php
/pony77/index.php
/pony77/login.php
/pony77/page.php
/pony88/admin.php
/pony88/api.php
/pony88/auth.php
/pony88/callback.php
/pony88/gate.php
/pony88/index.php
/pony88/login.php
/pony88/page.php
/pony99/admin.php
/pony99/api.php
/pony99/auth.php
/pony99/callback.php
/pony99/gate.php
/pony99/index.php
/pony99/login.php
/pony99/page.php
/skysteal/
/skysteal/admin.php
/secure/gate.php
/server/gate.php
/steal1/gate.php
/steal2/gate.php
/steal1/POST.php?online
/steal2/POST.php?online
/v1/gate.php
/v2/gate.php
/v3/gate.php
/v4/gate.php
/v5/gate.php
/v6/gate.php
/v7/gate.php
/v8/gate.php
/v9/gate.php
/v10/gate.php
/vault/gate.php
/vic/gate.php
/wordpress/1/gate.php
/panelnew/gate.php
/udeogo/Panel/gate.php
/zapoy/gate.php
/4096/gate.php
/ppp/ta.php
/blob/gate.php
/pny/admin.php
/pny/0/panel/admin.php
/pny/1/panel/admin.php
/pny/2/panel/admin.php
/pny/3/panel/admin.php
/pny/4/panel/admin.php
/pny/5/panel/admin.php
/pny/6/panel/admin.php
/pny/7/panel/admin.php
/pny/8/panel/admin.php
/pny/9/panel/admin.php
/emailzloggz/gate.php
/emailzloggz/
