# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.virustotal.com/gui/file/cd4dfd21e1cc5bcf4ff50fc6ba3b93a4a6ccdddd33cda022b37a86f39eb14099/detection

15.7.182.198:1042
209.214.48.209:1042

# Reference: https://www.virustotal.com/gui/file/841cd2ac2626ebea87f9bba697803b3dfaa6016b6da7601156056f9c9c553c68/detection

15.174.35.158:1042
15.80.153.104:1042
155.118.61.78:1042

# Reference: https://www.virustotal.com/gui/file/eb207b452e5ccc877139cd2bfbacb0ff012438cad3c9f795c9a478c998688f13/detection

138.35.112.170:1042
159.215.17.148:1042
65.64.215.210:1042

# Reference: https://otx.alienvault.com/pulse/5fcb776fc7f62221706f8ca2

irc.lcirc.net

# Reference: https://otx.alienvault.com/pulse/5fedbe76b90ee3ef5b8bce60
# Reference: https://otx.alienvault.com/pulse/5ff1b2f2d58871b061a2d2c9
# Reference: https://otx.alienvault.com/pulse/603e29f40d9af167c676e7cb
# Reference: https://www.virustotal.com/gui/file/5c3cf75f4a43b2de75cb25e569ca7d9e445b6725b3932c5e3ee45b739edba853/detection

aaawpshran.com
aaesrmawah.com
aanmwhhqns.com
aanparshnh.com
aaqnspqewh.com
aeaqmpsaqa.com
aeaqnwmhes.com
aehmpnsqah.com
aewrhprres.com
aewrsemqas.com
aharwhphnh.com
ahshwmrrar.com
ahsppnhrmh.com
ahwswwrmnr.com
anennwrhes.com
anprnmnsen.com
apnshqeeqa.com
appsqremen.com
apqhwmnqrh.com
aqmmsmewaa.com
aqmrnawpan.com
aqsnaasemh.com
armahmrsaa.com
asnrrsamsa.com
asqnhqhmhh.com
asrepwhhws.com
awhhsqness.com
bigelowandholmes.com
courtesan.com
cravindogs.com
digicool.com
earpmaqren.ws
eemeemhnwa.ws
ehanhphmqa.ws
ehesahpwha.ws
ehrawpsrms.ws
ehwaqnhmnn.ws
empewsqsqa.ws
ennahsqsps.ws
ennmqsmqna.ws
epaessrsqh.ws
eqeqpaeews.ws
eqnhphnqms.ws
eqprsrnprs.ws
erawnwhwss.ws
esahwenqpa.ws
esqarphmhh.ws
esqmamwshs.ws
esseehhnsn.ws
ewnmpaeqaa.ws
ewnnampwar.ws
haaahpspqs.net
haearrsqhn.net
harshrmwrn.net
haswmnsqah.net
hemnahqpnr.net
heqnrhnres.net
hheswnpsqs.net
hhwqenehhn.net
hmamsmwhar.net
hmemaarqsn.net
hmparqsaqa.net
hmqrapnpsh.net
hnehqqwwrs.net
hnhsehnhpa.net
hnnaprrsmh.net
hpasensqah.net
hpeqherars.net
hperrwwqqa.net
hpnhsaaaes.net
hpnrppswsh.net
hqehwwephs.net
hqepnmqewn.net
hqpeehhmpn.net
hrqqqqanra.net
hshnmqqmhh.net
hsqeqemses.net
hwessnprqn.net
hwhhampwrs.net
hwhnrpesma.net
hwnppemeea.net
hwpawmanss.net
mahwmwnrmn.in
mannheraph.in
manqnwpeaa.in
megginson.com
mehmprssrn.in
mehsnsamha.in
meqhpampsh.in
merphhqehn.in
mhrqwpmaen.in
mmqmmersma.in
mnaahmqpqs.in
mnawaeswnr.in
mnehpmqhwh.in
mnhhpsqwqs.in
mnnaqhwesh.in
mnnhnhahmh.in
mnrepmepar.in
mnwsnarssr.in
mpehqsqwmn.in
mphrhpnahh.in
mqennmqams.in
mqpmwqpamn.in
mqpppnhaes.in
mqsnrenerh.in
mqssqenhea.in
mrqnshmwar.in
mrsanwsrnr.in
mrwppewras.in
msarphnewh.in
msnaepmpan.in
mspapsrpsn.in
msqepwamwn.in
mswapwrnan.in
mwaaemmnhn.in
mwhnpqrmrn.in
naseaewqnh.us
naspqmsmeh.us
neqanhanwn.us
neshnhhwss.us
nhapnanqqh.us
nharennena.us
nhhesqwsen.us
nhnsqanmah.us
nhraqnqwhs.us
nhwwheearh.us
nmhpnqaprn.us
nneaqapeah.us
nnhhneqnrh.us
nnnrpsanwh.us
npehrswemn.us
npermqahea.us
nphwhmeenn.us
nppasapenh.us
nprhssnrmn.us
nqenrpwpeh.us
nqephqpaar.us
nqmhqphhws.us
nqwmsnsehn.us
nraqaqshes.us
nrmapsrepn.us
nrnqsnqnmh.us
nrphhqmmes.us
nrqmenmess.us
nshnheneqh.us
nspseanhrs.us
nsqwamprsa.us
nsrhqqemws.us
nswpempqwa.us
nwassmraaa.us
nwrrpeshhn.us
panewshwns.in
pawwhaeqsa.in
phawqpwsqa.in
pmmpmshmsr.in
pmmshhmpsh.in
pmnrrneaah.in
pnaqheqnsa.in
pnaqwqpsqn.in
pnmhmmpnrh.in
pnnmsnanmh.in
ppeseaqmms.in
ppwqramhma.in
pqaheasemn.in
pqaqhwnpar.in
pqarnhhhhn.in
pqnqqqrpmh.in
pqshhpemrn.in
prwnwmhwma.in
psepwmrrrn.in
psmqwemhqn.in
psswwrmraa.in
pweenawwra.in
pwpqmqwrnn.in
pwqpewwahh.in
pwramqmsms.in
pwrsqnesna.in
qaenrqpphs.info
qamwrqrpea.info
qeaasneeeh.info
qehemqawma.info
qemhqmswss.info
qempraqqrn.info
qewamsspwn.info
qhqswnmhnh.info
qmhqeesawh.info
qmqspqnhwa.info
qmrmswrran.info
qmsaspnsna.info
qnamsqwapa.info
qnanweqhah.info
qnrnwnwaas.info
qpnphqawmh.info
qppamspwhs.info
qppqsasahn.info
qqpqwehwah.info
qqqnphresn.info
qqwarwrphh.info
qrprprqmrs.info
qseahwrsps.info
qseerensns.info
qsnmanewnr.info
qsqpspspqn.info
qsrpqawwqh.info
qssneepmrs.info
qssperrrws.info
qssrwhahsa.info
qwrswhnhah.info
rahhhqwqqa.org
rahrqqsewa.org
reaaheeara.org
reeqmsrhes.org
reeqsnwwra.org
remrpqpseh.org
resrnrrmnn.org
rhhenpmean.org
rhmnqaemrh.org
rhmqhweasa.org
rhrrpemnsa.org
rhrrwqrshs.org
rhwaeearph.org
rhwnqwwnah.org
rhwwarnpan.org
rmmamheshh.org
rnaeppreea.org
rnrmmnpnpn.org
rpmnhqemwn.org
rpnaenqmah.org
rpnqnahenn.org
rpqanrmeqa.org
rpwesmwnhs.org
rqeaqeewas.org
rrhaerswna.org
rrpnmeawrs.org
rsaseqqash.org
rsprmwnwmh.org
rsqsepmwas.org
rsrsemnren.org
saanqmaqpn.biz
sahnpreeen.biz
saqprhpanr.biz
sarerppaqh.biz
serawnnmms.biz
sermsqqqna.biz
sewassmasa.biz
shprahaqrh.biz
shqnsmaphh.biz
shrrphrqrn.biz
shsrwwqwsa.biz
smmmwrsqhs.biz
smmrrheear.biz
smprehnwhs.biz
smrnnmaqra.biz
spawwehsrs.biz
spewqmspma.biz
sphqhqwnen.biz
sprhswwqrn.biz
sprqahpewh.biz
sqepwsanpn.biz
sqmapesraa.biz
sqmswpnqws.biz
sqprahmmpa.biz
srsersmhsa.biz
srsnrpaews.biz
ssehwphnqs.biz
ssmrwhqwss.biz
ssnsphrnws.biz
ssphnpqeah.biz
sssepempnr.biz
swehmmrneh.biz
swneemmrma.biz
swraawnhha.biz
swrapsanna.biz
weaenmqwpn.in
weaeprawra.in
weeqshswms.in
weppsphmqa.in
wharrewhpn.in
whmrraawha.in
whraarmrrn.in
whrrsmrpsn.in
whwsqnemsn.in
wmamewnnea.in
wmapnshpeh.in
wmphrwrpar.in
wmpnqewara.in
wmsaaeqera.in
wnaampsmna.in
wnhrrnhran.in
wnshehamhh.in
wpnphaehsh.in
wpqqhhspps.in
wpsaahewsa.in
wqahhaqenh.in
wqeasppnas.in
wqemwrqaha.in
wqpaamhwrs.in
wqrhmesaaa.in
wqsrephqms.in
wqwrmqpeph.in
wrnwernreh.in
wsprwwqaan.in
wwnmhhenpa.in
aaa.zzz.org
cdata.tvnet.hu

# Reference: https://www.virustotal.com/gui/file/fa2ccc63afdc0dca85f3ee8949396aee532d1ced44354d90900cd9e5cceca6f0/detection

145.218.35.51:1042

# Reference: https://www.virustotal.com/gui/file/c0b55f804d2dc74f3d33528078f4767c4eafc4c757b18c41f8dcf2122d7e1fb0/detection

24.29.14.239:1042

# Reference: https://www.virustotal.com/gui/file/4b96168fa6b3aac324a80101e745280155d207f0b6b8b45d5971d05e213e21e7/detection

131.110.124.31:1042
152.19.24.197:1042
159.215.30.157:1042
16.100.193.154:1042
16.119.147.41:1042
172.199.128.27:1042
216.130.226.138:1042
mx0a-00191d01.pphosted.com
mxa-0050f201.gslb.pphosted.com

# Generic

/krewa/nqxa.php
