# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Ponystealer-6680912-0)

3zci3b.info
841bifa.com
aditsachde.com
ayursanskar.biz
benthanh-toyota.com
bigmovephilly.com
casineuros.com
chfnik.com
chinaxzl.com
crstudents.net
custombusinessapps.net
cyn.ink
dk-drugs.com
donghairc.com
fattoupdates.date
femalesdress.com
fiveroot.com
float2fit.com
funnysworld.com
giftedaroundtheworld.com
globaltimbereurope.com
goedutravel.com
happyslider.com
ketones.info
luxuryconversion.com
mizukusahonpomeibi.com
mjkrol.com
oane4.win
planeggerstrasse.info
puptowngirl.net
qfs.ink
rabe-networks.com
redkoe-porno.info
reducetarian.biz
reviewhqs.com
revivemyappliance.com
rsstatic.com
scgcgg.com
schmidtatlanguage.com
selviproperty.com
sjckt888.com
studio51.style
suatusta.com
telegraphresidences.com
theadvancedcoach.com
theniftyfiftiesband.com
thienduonghoaviet.com
vdemg.info
verzuimverzekering.info
webbyen.com
xctljc.com
xn--fjqu42jgii.com
xn--vuqu93jrjhqkc.net
zjjdmd.com

# Reference: https://twitter.com/James_inthe_box/status/1044957343568388097
# Reference: https://pastebin.com/st49wnwB

onthethatsed.ru/d2/about.php
onthethatsed.ru/mlu/forum.php
tontheckcatan.ru/d2/about.php
tontheckcatan.ru/mlu/forum.php

# Reference: https://pastebin.com/bPV4gVVL

perranrowsin.com/d2/about.php
perranrowsin.com/mlu/forum.php
heundthetrec.ru/d2/about.php
heundthetrec.ru/mlu/forum.php
utteronhim.ru/d2/about.php
utteronhim.ru/mlu/forum.php

# Reference: https://app.cymon.io/report/AVy8uj-LEb4shFlhGDGG/68c37e5f81188f8f478b60b1b4a56fc366ee8aa15763104d49159e41ebe899c2

/po/asdfkuj.php

# Reference: https://blog.talosintelligence.com/2018/10/threat-roundup-1012-1019.html (Win.Malware.Tspy-6721070-0)
# Reference: https://www.virustotal.com/#/file/22ef53123754caa2ac3871eb01221c99482e4318b59a30c8f07b9525afae52bd/detection

myp0nysite.ru

# Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Win.Malware.Bypassuac-6876875-0)
# Reference: https://www.virustotal.com/#/file/019df18c50002faa5704c94a01896f745677cdc643adc48ae9257031c539f7a6/detection

aieov.com
5isohu.com

# Reference: https://twitter.com/dvk01uk/status/1088793739223539713

/aloze/gate.php

# Reference: https://twitter.com/dvk01uk/status/1088391460892880896

/erweryui/gate.php

# Reference: https://twitter.com/Racco42/status/1029986121286074369

/reforte/gate.php

# Reference: https://twitter.com/dvk01uk/status/1115576796848762880

smartcoonect.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1119334013246873600

blurbgood.live
loadedrones.tk
ownday.live

# Reference: https://twitter.com/pancak3lullz/status/1092804207252525065

/lopty/gate.php

# Reference: https://twitter.com/James_inthe_box/status/1123236500311724032

brugsreator.site

# Reference: https://twitter.com/dvk01uk/status/1123851987152510977
# Reference: https://app.any.run/tasks/29a96490-8160-4cf6-b458-38023c0a8220

/ba6/gate.php

# Reference: https://twitter.com/Racco42/status/1124293167476609025
# Reference: https://app.any.run/tasks/d1e32293-d755-4472-aaa2-5cfc3e612485

/ba8/gate.php

# Reference: https://twitter.com/jorgemieres/status/1131624801272049664

masezda.top
toperdoano.top
piggera.top
pinescop.top

# Reference: https://twitter.com/P3pperP0tts/status/1134513995510145026

shop-ukranya.tk

# Reference: http://tracker.viriback.com/ (# Pony)

lojalstil.mk
officeman.tk
vman23.com

# Reference: http://tracker.viriback.com/ (# Pony)

belllflight.com
ketof.000webhostapp.com
shokeydservers.tk
skylite.com.sa

# Reference: https://twitter.com/Lvanoel/status/1136505326302388224
# Reference: https://app.any.run/tasks/4d2f70a2-9546-4891-8ce6-fc7051f4281d/

lookatme-v65.gq

# Reference: https://twitter.com/HerbieZimmerman/status/1136681091258036225

mojavkicks.com

# Reference: https://twitter.com/Racco42/status/1141966760016523264

marvin-watches.com

# Reference: https://twitter.com/dvk01uk/status/1147799231090085888
# Reference: https://app.any.run/tasks/5575bf61-458a-47b4-94d2-5c93daeb67e2/
# Reference: https://www.virustotal.com/gui/file/e0d96be81946b579cd5c22d7d34e2ec97996c285f86b7c620ab031d8f46ef5fe/detection

pigeonwings.in/jss/ck/host/server/gate.php

# Reference: https://www.virustotal.com/gui/domain/service.tellepizza.com/relations

service.tellepizza.com

# Generic trails (heur)

/d2/about.php
/mlu/forum.php
