# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kegtap

# Reference: https://pastebin.com/raw/BmPzBqUs
# Reference: https://app.any.run/tasks/975fb69c-b5eb-49c7-8d8f-332d34b6f46b/
# Reference: https://app.any.run/tasks/d0b1de23-ac5a-4274-afa0-4066fcb51844/
# Reference: https://app.any.run/tasks/b21c7dbe-7a74-48d3-9762-874c3c80c9e0/

164.132.76.76:443
164.68.107.165:443
195.123.241.194:443
212.22.70.4:443
54.37.237.253:443
82.146.37.128:443
calacatta.com
rayanat.com
unitedyfl.com

# Reference: https://twitter.com/James_inthe_box/status/1310987704021073926

http://51.89.177.16
51.89.177.16:443

# Reference: https://twitter.com/James_inthe_box/status/1311386833041809408
# Reference: https://twitter.com/James_inthe_box/status/1311388126284185600
# Reference: https://app.any.run/tasks/6829a6b6-7444-400a-8888-b95ff3875ef6/
# Reference: https://www.virustotal.com/gui/ip-address/64.44.131.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/96.9.225.147/relations

bubl6g.com
check1ster.com
control1domain.com
gate56dc.com

# Reference: https://www.virustotal.com/gui/file/23ac461f9b5128841cafabb4282432252ea7b57874595cf6fe8457fc1ac65007/detection
# Reference: https://www.virustotal.com/gui/file/fa70444f840f593557d5d062dcb7d57d5869a8c1a998939881e7762044660272/detection
# Reference: https://twitter.com/malware_traffic/status/1313261006634848256

3.137.182.114:443
54.146.200.146:443
cstr1.com
cstr3.com

# Reference: https://twitter.com/James_inthe_box/status/1313512886640074753

z57gc.com

# Reference: https://twitter.com/IntezerLabs/status/1314236451119411200
# Reference: https://www.virustotal.com/gui/file/0654bd997b078513c0607683315b9499ec1edc970af5e75d71948ea605781867/detection

ds45x1.com
ds46x1.com
ds47x1.com
x55gc.com
x57gc.com

# Reference: https://twitter.com/James_inthe_box/status/1314612116574203906
# Reference: https://otx.alienvault.com/pulse/5f80a8e422f0579f87cdf4d0

allrulk.com
breezdesign.com
cuprinc.com
grumhit.com
onevdg.com

# Reference: https://twitter.com/James_inthe_box/status/1316009750086123523

3.137.180.197:443
34.221.202.231:443

# Reference: https://twitter.com/James_inthe_box/status/1316779729299542017
# Reference: https://twitter.com/pancak3lullz/status/1316790427958292515

244.222.244.154:443
freedubcs.com
labelcs.com
shophoof.com
titlecs.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1319347664207679488

mixcinc.com
nicknames.com

# Reference: https://twitter.com/James_inthe_box/status/1319298609255383040

hunopk.xyz
sersd.xyz

# Reference: https://twitter.com/Scoobs_McGee/status/1321545184891539466

hmiu.xyz
refvs.xyz
zaxswder.xyz

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662

bigjamg.xyz
dasvdbfgne.xyz
lmnab.xyz
z55gc.com

# Reference: https://twitter.com/James_inthe_box/status/1323373950022250497

citycafeonline.com
ikjumnh.xyz
woodallmcneill.com

# Reference: https://twitter.com/James_inthe_box/status/1323711792686587905
# Reference: https://app.any.run/tasks/e133041c-9c4c-48e9-8b9b-8912fb7fc835/

nemtos.com
lukeschicago.com
ukmedm.com

# Reference: https://www.virustotal.com/gui/file/2a7964c5d7268f4b320e91ad133654d75edca3c15f9e5c76dee7bf68634b933f/detection

burngs.com

# Reference: https://www.virustotal.com/gui/file/f54cec2b04daafb0a1d612ef84913a1d03ef61d7de8b4c144414378c4415ac09/detection

35.164.230.208:443
aegijmaliijo.bazar
afehjlamghjn.bazar
afeiilamgiin.bazar
bdegjkbkggjm.bazar
bdfgilbkhgin.bazar
ceggjkcligjm.bazar
dcegjldjggjn.bazar
ddegkmdkggko.bazar
ddehimdkghio.bazar
dfegkkdmggkm.bazar

# Reference: https://www.virustotal.com/gui/file/15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f/detection
# Reference: https://www.virustotal.com/gui/file/20f46f645a8eee243166fe55e1473e908f194438bed47d8d0caf164fbbd45655/detection

81.17.28.105:443

# Reference: https://twitter.com/ffforward/status/1337091508391047168

cleancarwashlla.org
envirodedge.com
thecarwash-zone.com

# Reference: https://twitter.com/ffforward/status/1337094696460496903

chukysdetall.com.com
ecosmartdetaillng.com
masterpiece-auto.com

# Reference: https://www.virustotal.com/gui/file/ac696ef5a12039b72e408b6b14e08823c407ee652a6a36b7c33d01cd8d373497/detection

cleaningcompany-online.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1340455647763189761
# Reference: https://www.virustotal.com/gui/file/288d28f4d53d8e44d599a4d2f70b53d5b13f0827ad2b7a953a7a3cbd6e67bf25/detection
# Reference: https://www.virustotal.com/gui/file/a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600/detection

homeclean-heroes.com

# Reference: https://twitter.com/_pr4gma/status/1340026234621857793
# Reference: https://www.virustotal.com/gui/file/56c5bee33c17a453c900725f88efb0466fd928072c420955fa599b518b9dfcd2/detection
# Reference: https://www.virustotal.com/gui/file/68ed893ae6ab2d7f00c3aacf46bc0c92966b647bcfe7e940a5d3ee55af01105a/detection

akbuilding-services.com
johnnyclean-carwash.com

# Reference: https://twitter.com/_pr4gma/status/1341115000652525569
# Reference: https://www.virustotal.com/gui/ip-address/192.236.155.212/relations
# Reference: https://www.virustotal.com/gui/file/436301cb89dadecb6c6cefc043b8a4d8f47de2054b1e84e1612cf061cd14dc15/detection

birch-psychology.com
busybjjj.com
flux-psychology.com
kpn-diensten.com

# Reference: https://www.virustotal.com/gui/file/102dca8d268dbbba33770459009d4d67e0d714b44523c28fce57ee83fe186a31/detection

bitaonyw.bazar
etymsoem.bazar
iqtielca.bazar
izaztoew.bazar
lilaelac.bazar
uclaibyw.bazar
vuazelqe.bazar

# Reference: https://twitter.com/_pr4gma/status/1341513863364272128
# Reference: https://www.virustotal.com/gui/file/392c73ffa3b1513cd8de9435d7e76320eff7f98db884eb6bc776c3b2bea7c77e/detection

elevateyoga-denver.com
flourish-psychology.net
impactpsychcoloradoo.com
livingyoga-denver.com

# Reference: https://twitter.com/James_inthe_box/status/1339660764303388673

sosefinawinnifredsullivan8-5ce0e.gr8.com

# Reference: https://www.virustotal.com/gui/file/ba32f63679760a34efd78fb148785a5b9074a406a0a0bf5881e7ccdc15a5d70f/detection

http://13.57.15.8/vegetable/cut/bananas
http://54.193.186.118/map/spell/16
http://54.193.186.118/vegetable/cut/bananas
dcegjldcggjn.bazar

# Generic

/23c55b2cb0637e6dfa0f80a62ca03dc3/
/bont/past
/bont/vnt
/pgta/a12
/pgta/a14
