# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/MaelSecurity/status/1039752010713718785

endbars.co
readact.co

# Reference: https://twitter.com/K_N1kolenko/status/1109030275395342336
# Reference: https://twitter.com/PhishFindR/status/1184743844962803712

kaosjdoaaf6.pw
kadosjdoafa.pw
kadosjdoaaf6.pw
hostyourhe.xyz
offerswides.xyz
/fk/f2.php
/hc/f2.php

# Reference: https://twitter.com/0x1xday/status/1115541156434202624

deluxemattress.ca

# Reference: https://twitter.com/K_N1kolenko/status/1098500517272137728

hegorevent.online
/googleads

# Reference: https://twitter.com/K_N1kolenko/status/1097488279279226881

businesmol.pw
hegorevent.club

# Reference: https://twitter.com/K_N1kolenko/status/1095997980614770688

unilear.pw
236.16.27.121:443
158.95.73.22:443
185.92.222.238:443
212.11.167.110:443
242.5.247.180:443
64.34.94.27:443
134.90.213.11:443
72.125.213.163:443
237.236.131.48:443
192.71.249.51:443

# Reference: https://twitter.com/malware_traffic/status/1119331956217585664

business4good.eu

# Reference: https://twitter.com/devnullek/status/1097871459752599552

driverssoftware.info
messagesupport.info
softwaresearch.info
traderssoftware.info

# Reference: https://twitter.com/James_inthe_box/status/1122156673299173377

frezyderm-orders.gr/sites/all/notused/not/ponto.php

# Reference: https://twitter.com/devnullek/status/1123208253566005248
# Reference: https://app.any.run/tasks/a86516d1-07c3-4417-b4ad-bd8ce026acee

piosnoksld.info
zaratoons.info
212.73.150.207:443

# Reference: https://twitter.com/0xE9FBFFFFFF/status/1140946344137416704

fiuiert.xyz
lulipcxulci.info
statusnim.info

# Reference: https://otx.alienvault.com/pulse/5d0b9cbf63180da44379580a
# Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/

braksiolsa.top
brekwinarew.site
brukaisloap.club
brukiloapos.xyz
bruksialopws.icu
goskilindad.site
gousikolka.space
guksuoiew.top
gustemiaksa.icu
gustokiloe.xyz
jklfsdkfjhwefjosdf.top
jklfsdkfjhwefjosdf.xyz
kadosjdoaaf6.pw
kadosjdoaf6.pw
kadosjdoafa.pw
kadosjdoiafa.pw
kaosjdoaaf6.pw
kaosutdoaaf.pw
kaosutdoaaf6.pw
kdguwoewpew.pw
kdosjdoiafa.pw
kduwouewpew.pw
kipokahynr.top
kipokahynr.xyz
lidaskiheg.site
lidaskiheg.space
lindakiski.top
lnet4-data.com
mon-sta.com
muabolksae.club
muoklaiow.xyz
nautorern.xyz
net4-data.com
okjauwbueiws.top
okjauwbueiws.xyz
oneuisopeweh.icu
onueilsndsuywe.xyz
sfjskdjfwoiewwegroup.tech
thegiksjoute.online
thenautorern.tech

# Reference: https://twitter.com/Bank_Security/status/1146296727349157888
# Reference: https://pastebin.com/QyYHnKMH

derikaosos.info
sinoposdssf.info
statusnim.info
tefidnsops.info

# Reference: https://twitter.com/w3ndige/status/1164148967413878788
# Reference: https://app.any.run/tasks/5b6c027d-dc71-4d67-9dff-9343e8095969/

http://74.118.138.146
109.202.103.170:8733
213.152.161.229:8733
114.26.195.117:443
146.229.67.12:443
154.94.158.126:443
5.188.86.20:443
66.165.187.11:443
gazgrsrto.xyz

# Reference: https://research.checkpoint.com/danabot-demands-a-ransom-payment/

encrypter.webfoxsecurity.com

braksiolsa.top
brekwinarew.site
brukaisloap.club
brukiloapos.xyz
bruksialopws.icu
goskilindad.site
gousikolka.space
guksuoiew.top
gustemiaksa.icu
gustokiloe.xyz
jklfsdkfjhwefjosdf.top
jklfsdkfjhwefjosdf.xyz
kadosjdoaaf6.pw
kadosjdoaf6.pw
kadosjdoafa.pw
kadosjdoiafa.pw
kaosjdoaaf6.pw
kaosutdoaaf.pw
kaosutdoaaf6.pw
kdguwoewpew.pw
kdosjdoiafa.pw
kduwouewpew.pw
kipokahynr.top
kipokahynr.xyz
lidaskiheg.site
lidaskiheg.space
lindakiski.top
lnet4-data.com
maintrump.org
mon-sta.com
muabolksae.club
muoklaiow.xyz
nautorern.xyz
net4-data.com
okjauwbueiws.top
okjauwbueiws.xyz
oneuisopeweh.icu
onueilsndsuywe.xyz
sfjskdjfwoiewwegroup.tech
thegiksjoute.online
thenautorern.tech

# Reference: https://www.virustotal.com/gui/file/baa1a65fc9c1e7e68cd39efd486275b306c5f25a440bc06f9c0adfbd7ede22b6/detection
# Reference: https://app.any.run/tasks/5a323554-ea21-4a2d-a1d6-adff379b8ef9/
# Reference: https://twitter.com/Artilllerie/status/1168539710769303552

149.154.159.213:443
151.236.14.84:443
168.248.43.207:443
172.237.125.185:443
184.98.44.103:443
195.123.246.209:443
23.47.206.127

# Reference: https://twitter.com/ostinjohn/status/1169603418211737601
# Reference: https://app.any.run/tasks/5d945c76-26aa-45bb-8c6d-07cf2a635bdd/

139.113.48.33:443
149.154.159.213:443
149.53.185.172:443
187.198.70.207:443
195.123.246.209:443
2.255.189.191:443
222.175.52.161:443
58.58.210.181:443
81.63.70.192:443

# Reference: https://twitter.com/JAMESWT_MHT/status/1174239640011845638
# Reference: https://app.any.run/tasks/63239269-d5a9-478c-8314-6d67cae2c786/

fepolomokmmas.xyz
mustve.site
seioooi.xyz

# Reference: https://twitter.com/Mesiagh/status/1184533873545359360

bluewaters.space
djeudnsj.xyz
eroutks.co
euiobol.xyz
gontaseesl.website
gontaseonar.site
gontaseopa.site
gontaseopa.website
heuirnst.space
heuirnst.website
jeudnsjkd.xyz
jeudnsju.xyz
jeuisjr.xyz
joskaejw.club
loperatys.site
loreteo.xyz
loretoi.xyz
ujaioep.site
ujaioep.website

# Reference: https://app.any.run/tasks/9c77ec66-4d42-48be-ae11-2c97a9d2e528/

avgsupport.info
esetsupport.info

# Reference: https://twitter.com/w3ndige/status/1189301539535556614

everythingtogeta.xyz
