# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: NT_HVNC

# Reference: https://twitter.com/James_inthe_box/status/1144626442304552960

23.81.246.175:443

# Reference: https://twitter.com/PRODAFT/status/1139419259816124416

http://13.232.142.19

# Reference: https://twitter.com/PRODAFT/status/1104782941547192320

23.82.19.60:8070

# Reference: https://twitter.com/James_inthe_box/status/1088774712233058306

78.24.220.215:443

# Reference: https://twitter.com/James_inthe_box/status/1039936854345150464

74.118.139.159:77

# Reference: https://twitter.com/James_inthe_box/status/1148652274727575558

sertacio12.com

# Reference: https://twitter.com/James_inthe_box/status/1159861664960749569

23.83.133.215:443

# Reference: https://twitter.com/VK_Intel/status/1161493315134603265

217.182.208.91:81

# Reference: https://twitter.com/DynamicAnalysis/status/1223303076100169730

leaben.pw

# Reference: https://twitter.com/James_inthe_box/status/1223307741877297157

buhjike.host

# Reference: https://twitter.com/VK_Intel/status/1224327255104446464
# Reference: https://www.virustotal.com/gui/file/df2bea2c7d1f9f2a27a62e291cff41e1b3ec677014c98048e82301cd10d36493/detection

94.103.81.79:5010

# Reference: https://twitter.com/DynamicAnalysis/status/1224787828351098880

brewaz.club
zulutwit.site

# Reference: https://twitter.com/JasonMilletary/status/1225820677732737024
# Reference: https://www.virustotal.com/gui/ip-address/49.51.172.149/relations

avnjila.website
axelerode.club
basorkiq.host
brewaz.club
buhjike.host
leaben.pw
loubanas.xyz
nuhjir.site
rubense.xyz
verobani.website
zulutwit.site

# Reference: https://twitter.com/VK_Intel/status/1230220315445383176

45.138.172.177:95

# Reference: https://twitter.com/ViriBack/status/1080826513266749451

jurasik.serveminecraft.net

# Reference: https://app.any.run/tasks/2b11413b-1bff-44b8-adc1-f43ceeb81e98/

23.106.160.147:443

# Reference: https://app.any.run/tasks/c6711e73-4541-451b-b968-77231e7f46fc/

45.147.230.231:443

# Reference: https://app.any.run/tasks/35820425-8f3c-4e20-a5ae-ad9f0c1cb875/

45.147.228.40:443

# Reference: https://app.any.run/tasks/2a384131-f172-4933-9f92-0296d1d42a2f/

45.147.230.186:443

# Reference: https://app.any.run/tasks/06bc97c7-9be1-4a26-93d5-af11cede68ea/

172.81.132.241:95

# Reference: https://twitter.com/James_inthe_box/status/1242798335641059328

wgyvjbse.pw

# Reference: https://www.virustotal.com/gui/ip-address/161.117.177.248/relations

aquolepp.pw
barbeyo.xyz
bhajkqmd.xyz
bwambztl.xyz
dhteijwrb.host
rizoqur.pw
siloban.pw
soficatan.site

# Reference: https://twitter.com/JAMESWT_MHT/status/1287761442289135617
# Reference: https://app.any.run/tasks/b18e788b-3f54-4288-a7fe-eb039b3b5cd9/
# Reference: https://app.any.run/tasks/36a0a516-b912-4d37-8bdc-29ba7a65deb5/

172.241.29.106:443

# Reference: https://app.any.run/tasks/26b7265a-7a8d-489e-b6b5-56ff9bac0f97/

64.44.141.42:80

# Reference: https://twitter.com/N3utralZ0ne/status/1349796440881545216
# Reference: https://twitter.com/James_inthe_box/status/1349815934656016384
# Reference: https://bazaar.abuse.ch/sample/4bdabf667555e37d4bf5afdcb3b4331c68571ca798340cbf6f3b2c206b840975/

172.93.201.155:443

# Reference: https://twitter.com/ViriBack/status/1396086752255913984
# Reference: https://twitter.com/StopMalvertisin/status/1396119095699939331
# Reference: https://www.virustotal.com/gui/file/2ffe1cc7a03b55ebc8f3fb94b29cd23af5ec531ecfab006acf2b1afa28131300/detection

http://178.63.120.107
178.63.120.107:777

# Generic

/error_faust.php
/milagrecf.php
