# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: ostap, sload

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

maleass.eu

# Reference: https://twitter.com/VK_Intel/status/1021453551975817217

wjcqsstycdujc.eu

# Reference: https://twitter.com/reecdeep/status/1136581953770205185

casasmocambique.com

# Reference: https://twitter.com/reecdeep/status/1138006570934185987

consciousrevolutionist.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1167351884367237120

/angola/mabutu.php

# Reference: https://twitter.com/reecdeep/status/1172122826251415552

cvrwe.eu
ijve.eu
rdtber.eu
uilomiku.eu

# Reference: https://twitter.com/reecdeep/status/1185090113929388032

bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1186179780468719617

howeconsultingsf.com
nvroe.eu
rtexo.eu

# Reference: https://app.any.run/tasks/b6f6bfe1-c483-46c5-8abc-899c1e08f5d5/
# Reference: https://www.virustotal.com/gui/file/148d74e453e49bc21169b7cca683e5764d0f02941b705aaa147977ffd1501376/detection

dempoloka.com

# Reference: https://twitter.com/reecdeep/status/1192094807470030848

avs.bohuffsite.com
bohuffsite.com

# Reference: https://twitter.com/reecdeep/status/1216640918067056640

clubdeajedrezmatamoros.com

# Reference: https://twitter.com/reecdeep/status/1216659090941915137

hnerert2.eu
nweryh2.eu

# Reference: https://twitter.com/reecdeep/status/1221703060256325633
# Reference: https://twitter.com/reecdeep/status/1221708126824562689
# Reference: https://twitter.com/CertPa/status/1221774114446368774
# Reference: https://www.virustotal.com/gui/ip-address/185.197.74.169/relations

cramelcorp.com
delight-plus.com
hnerert.eu
hnerert1.eu
hnerert3.eu
nweryh.eu
oilkjhg.eu
turthgr.eu
tuyukj.eu
uybwer.eu
uyikjtn2.eu

# Reference: https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy

cflfuppn.cn
ellapod.eu
xityeksmwi.eu

# Reference: https://twitter.com/reecdeep/status/1252531768462319617

nephemp.com/neplod/02581650393.jpg
joplock.eu
zarwrite.eu

# Reference: https://twitter.com/guelfoweb/status/1252552464651468801
# Reference: https://twitter.com/malwrhunterteam/status/1253347810537353217

zoomovers.com/momo/
woodlandislamiccenter.com/disop/

# Reference: https://twitter.com/VirITeXplorer/status/1259752786599829504

ptankers.com
bilkas.eu
tarfros.eu
illionback.eu
zapforyou.eu

# Reference: https://twitter.com/reecdeep/status/1277921837146652673

hnmrtew.eu
nerfvbg.eu

# Reference: https://twitter.com/reecdeep/status/1282637448699416577
# Reference: https://twitter.com/rootella_/status/1282570904539738112

lwyhef.eu
mzgotech.com
ponmer.eu

# Reference: https://www.virustotal.com/gui/file/3e9720f20d45daddeffbdff3a6543d0e12a75f323b5172c30bb2b7b16c277319/detection
# Note: ```/.well-known/pki-validation/w.php``` belongs to ```lokibot.txt``` trail

/.well-known/pki-validation/2c.jpg

# Reference: https://twitter.com/reecdeep/status/1305399383911997441

cvbyti.eu
uykjhfgn.eu

# Reference: https://twitter.com/JAMESWT_MHT/status/1305480728684232704
# Reference: https://www.virustotal.com/gui/file/147e1d26153de7bd5033968d64104bb9df597d1913f237f4f5b172f06414b775/detection

alkwti.com
designologyng.com
devopotamus.com
idrivehrcenter.com
innerearthartistry.com
sapphireloading.com
unequipoganador.com
weavehairstyle.com

# Reference: https://www.virustotal.com/gui/domain/geundik.com/relations
# Reference: https://www.virustotal.com/gui/file/6cc54a52311cd07394327c4e1b4f6aee3797665200f215abfaf4607b71829757/detection

geundik.com

# Reference: https://twitter.com/VirITeXplorer/status/1348551960941776896
# Reference: https://twitter.com/JAMESWT_MHT/status/1348569630449790978
# Reference: https://www.virustotal.com/gui/ip-address/185.156.172.108/relations
# Reference: https://www.virustotal.com/gui/file/cac189a5012b3ca0c2b420d5dcbadd0b20d377514baf4450219e37e19363e2ae/detection
# Reference: https://www.virustotal.com/gui/file/d61754005944686cef24924802bd7c192ee11f3e222f3f2b4a321a2cebc61dc6/detection
# Reference: https://www.virustotal.com/gui/file/f4e443285e418182fe8f11f755957ca096db495c94a1946bca1d69f0e29e8de1/detection
# Reference: https://www.virustotal.com/gui/file/d1e8b81e6f2874db743397c4fe0346a886b8539c4e0bb9a67a1ec4e2866fd678/detection
# Reference: https://www.virustotal.com/gui/file/d5ff868de414488362507dfc8a20f3df47114da6c5518ac0be9bd216bee01e59/detection

antivirucidal.com
belfetproduction.com
cxminute.com
ladiesincode.com
letonguesc.com
univirtek.com
ryunrth1.eu
