# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/Racco42/status/1216993503118577665
# Reference: https://www.virustotal.com/gui/file/4d7b06f10359312ac6b13883831e725c649665936acedc506be40e954d4b1208/detection

185.140.53.134:7776

# Reference: https://www.virustotal.com/gui/file/4c9b503d9fece2134e97eb34c3bb3847b9deca9ba05df999b59a5fb5e63c26ca/detection

185.140.53.134:9095
185.140.53.134:9096
wealthybillza.insidedns.com

# Reference: https://twitter.com/wwp96/status/1224779467215855619
# Reference: https://app.any.run/tasks/75ddb147-59d7-49a1-a3a0-1c6b7de58f37/

45.147.229.52:7071

# Reference: https://twitter.com/James_inthe_box/status/1227213715860144128
# Reference: https://pastebin.com/Re5jj5j2

79.134.225.111:8141
vahlallha.duckdns.org

# Reference: https://twitter.com/VK_Intel/status/1237447871764496388
# Reference: https://www.virustotal.com/gui/file/0a689281e5c807412fd9fca5f4a2d02f90e149da1ecc16179a09d88fa88eed74/detection
# Reference: https://www.virustotal.com/gui/file/cd41b2a08b3b38cd8ce7a2420a635bd1d1780bce12218f93ee6f2366a19e2aeb/detection

185.244.30.237:4181
192.169.69.25:4181
roboticsnetwork.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1247190083825848321
# Reference: https://twitter.com/James_inthe_box/status/1247191401403564033

hope.doomdns.org

# Reference: https://www.virustotal.com/gui/file/f899a317b88fe6fc9dedcda1620b37c907082223244804df60ca664fc04ff265/detection

105.112.176.133:1759

# Reference: https://www.virustotal.com/gui/file/2a6cfd85bcb241ce4c4c1dcd325d9d85da8ae49a8f721632d319806085818408/detection

216.38.7.237:7310

# Reference: https://twitter.com/James_inthe_box/status/1247280998359789575

franco20.dvrdns.org

# Reference: https://twitter.com/malwrhunterteam/status/1250743756925677569

5.253.114.116:7073

# Reference: https://www.virustotal.com/gui/file/8c7262c3e94a7c143b0c8b76b051f7eef7b8a7e903dee5b1868b0230c19cc725/detection

5.253.114.116:7072

# Reference: https://www.virustotal.com/gui/file/1dfc66968527fbd4c0df2ea34c577a7ce7a2ba9b54ba00be62120cc88035fa65/detection

23.105.131.162:2019

# Reference: https://twitter.com/malwrhunterteam/status/1253290466717687808
# Reference: https://www.virustotal.com/gui/file/2f370ffe4e15fde26e43812a3809fbaa3a8974c0a7cb6c5677985dbe8e46f782/detection

kiht.felehton.ga

# Reference: https://twitter.com/malwrhunterteam/status/1253345383163613184
# Reference: https://www.virustotal.com/gui/file/00185cc085f284ece264e3263c7771073a65783c250c5fd9afc7a85ed94acc77/detection

185.19.85.182:7310

# Reference: https://twitter.com/abuse_ch/status/1255135289766363138
# Reference: https://bazaar.abuse.ch/sample/4723ab5ed01fb642eb602ff59309d4d698e6011145ca1b757bb223b5a67fe159

79.134.225.51:5147
bhg.canadacentralregistrar.ca

# Reference: https://twitter.com/malwrhunterteam/status/1260616207427928071
# Reference: https://app.any.run/tasks/9b3c82f6-a2cc-465b-8958-be625d344f46/

194.5.98.83:7310

# Reference: https://twitter.com/James_inthe_box/status/1260634288044691456
# Reference: https://www.virustotal.com/gui/file/6cf91b93dd7a3a6aca9878a5cf252af90000628486161243a086d6477d5d1f04/detection
# Reference: https://www.virustotal.com/gui/file/d71ea69b5e2fa547ef05778e28b35398077e08f5a65aa2c38b46f1eddc78b373/detection

54.39.221.47:3990
pollianoammr22ja1.com
secrfastexamplerepco998.info

# Reference: https://twitter.com/James_inthe_box/status/1283740986087112705

mikonsrebtlolli.info

# Reference: https://www.virustotal.com/gui/file/828d51c52964a466fe6fc0fa5a1486c29493406b56e33314a6256487ea9d58c3/detection

69.12.94.8:2233

# Reference: https://www.virustotal.com/gui/file/7d82b25772cf7ffcdd2ba1db1f628ce7d931c0bb2861909f359f4b6c55a331c4/detection

69.12.94.12:2233

# Reference: https://www.virustotal.com/gui/file/6cf3ca79d3b6a05beb86f2641a03e9cb5cb8aa9cb085087830b5c27cf26a4fd1/detection
# Reference: https://www.virustotal.com/gui/file/e3d9fba192a6ac072a26d8fe01bd46e588b8ac1a1884a9631bf065eda1030c4e/detection

69.12.94.12:2555
restreamnewsp1ot5s8.net

# Reference: https://www.virustotal.com/gui/file/5ef891964f967642e02934a933984b6af3ba5043cac2bdc769d3296550a0f264/detection

blupaycryptoexchange.com

# Reference: https://www.virustotal.com/gui/file/f83198c03626e0cd56156ebe79ac221f9a875aa32a3a1aa783aba69f1df1e604/detection

5.2.68.87:2111
airgorobblelulu.tw

# Reference: https://www.virustotal.com/gui/file/02343d32f41876a3ceaad992777865be673c9b331c018555ed135726f8ec0244/detection

5.2.68.87:2555

# Reference: https://www.virustotal.com/gui/file/95ecd030bb00219d1a549839f5b24d02b5fd3df7e967f8a38fceecb05cee5b1e/detection

69.12.94.12:5550
riposterpostnewapp.ml

# Reference: https://www.virustotal.com/gui/file/c62e5304821abc306872ea97c88a8d7dc800f7b63380b2cf89153c639de4704c/detection
# Reference: https://bazaar.abuse.ch/sample/c62e5304821abc306872ea97c88a8d7dc800f7b63380b2cf89153c639de4704c/

69.12.94.12:9003
rimi98wutsals.me

# Reference: https://twitter.com/malwrhunterteam/status/1322141882516938753
# Reference: https://www.virustotal.com/gui/file/d0dc216e6253b34bee652e5610a678235b5ff6f78b61a46455aa6d6d1969168e/detection
# Reference: https://www.virustotal.com/gui/file/812ffdf59994608aafb5feabac1aa96c81a9af8de5f197d57c06b8f28b83aadc/detection
# Reference: https://www.virustotal.com/gui/file/932265196175f2b8a3ac274ee1679119cf2bb7a5ee19fd359b7dc8bd258ae6a7/detection

5.2.68.77:5550
dudafersam1ina5ch8ilu.org
hbreaspoksjdhzax8a1s5a.me

# Reference: https://www.virustotal.com/gui/file/c2382986d2bacaacd5399abca6ba33ee39fec2e9f331b8493a7511bc23578adc/detection

154.16.168.6:8910
risptinshoppedtales193.ga

# Reference: https://twitter.com/malwrhunterteam/status/1318505047102267394
# Reference: https://www.virustotal.com/gui/file/ceb7af06283244c5fe9cba4e1c71013289d253229e15d68d6110fe9d19f3fa0d/detection

5.2.68.77:2555
jhpalettad158era.com

# Reference: https://tria.ge/201127-133jlvst66/behavioral2

179.43.166.58:2555

# Reference: https://twitter.com/JAMESWT_MHT/status/1340590881804529670
# Reference: https://app.any.run/tasks/bea35519-8b19-4c03-b62a-cb39afc96d66/

51.195.57.228:2340
cascapplxmain.ga

# Reference: https://twitter.com/malwrhunterteam/status/1341713730623725568
# Reference: https://www.virustotal.com/gui/file/8f9d53981687f9cb6b3e49f03565cdda8e4ca9ccce56122f435f8851d7425f2b/detection

aprteb221ack.ga
