# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/nullcookies/status/1061739625658617857

onedrive.one

# Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1121107266982301696
# Reference: https://app.any.run/tasks/c7496f6f-ac83-4b05-ad64-c1ed0f1fd98e

gohaiendo.com

# Reference: https://twitter.com/anyrun_app/status/1122812186680856577
# Reference: https://app.any.run/tasks/b389fddc-d90a-427c-a164-ff73dc2c185b
# Reference: https://www.virustotal.com/gui/ip-address/163.172.84.54/relations

http://163.172.84.54

# Reference: https://twitter.com/abuse_ch/status/1123520051599085570

rayshash.com

# Reference: https://twitter.com/Timele9527/status/1128577411321348096
# Reference: https://otx.alienvault.com/pulse/5cdc4df1cb5caaccf42c7e33

charley-online.com
fighiting1013.org
naver-download.com
tgbabcrfv.1apps.com
alabamaok0515.1apps.com

# Reference: https://twitter.com/adrian__luca/status/1148186673739685888
# Reference: https://app.any.run/tasks/adc3b9ac-9888-4902-8e58-754dc2a100e9/

http://46.166.129.157

# Reference: https://twitter.com/Paladin3161/status/1156147679929327617

luckyshark.cash

# Reference: https://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kits

amnsns.com
dsntu.top
elienne.net

# Reference: https://twitter.com/VK_Intel/status/1158620228261208064

cj42138.tmweb.ru

# Reference: https://twitter.com/Paladin3161/status/1160180765889445888

laph.icu

# Reference: https://twitter.com/P3pperP0tts/status/1160528128588099584

luckymonkey.net.in

# Reference: https://twitter.com/Paladin3161/status/1160640124985548800
# Reference: https://pastebin.com/bhufJSbL

eharmony.live
nepunchik.club
pardubic.club

# Reference: https://twitter.com/tkanalyst/status/1163084043832872961
# Reference: https://app.any.run/tasks/ee0e55e6-84dd-4576-a32c-153629cffcc7/

clickies.site

# Reference: https://twitter.com/tkanalyst/status/1170213006577291265

bolsaooma.com
fosentora.com
mzokrekaa.com

# Reference: https://twitter.com/tkanalyst/status/1177952093287530496
# Reference: https://app.any.run/tasks/1216eae6-4088-4d51-8e47-2094a451754d/

jombala.icu
winterfresh.icu
youhohoo.club

# Reference: https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/

ip.hoster.kz
ledehaptal.ru
nofawacat.com
yosemitemanagement.com/fonts/page5

# Reference: https://twitter.com/raby_mr/status/1184395177135230977
# Reference: https://app.any.run/tasks/c36bfb5d-77de-478f-be8f-99057be21c6e/

http://31.184.196.226

# Reference: https://twitter.com/tkanalyst/status/1184655705103634435
# Reference: https://app.any.run/tasks/20218f80-9838-41f4-b6d6-7dbbcd60107a/

go-refund.com

# Reference: https://twitter.com/adrian__luca/status/1148186673739685888
# Reference: https://any.run/report/2f41879d3656e45471a0a784d61eb339f343f7614a19d2916be28685d1501c0b/b69b53a3-1003-47c4-b836-20fe21cb5640

http://46.166.129.157/index.php

# Reference: https://app.any.run/tasks/5c1df594-6f00-44e7-998d-d98c220babfc/

bobryangood.ga

# Reference: http://tracker.viriback.com/ (# 2019-11-04)

http://162.222.215.45
http://163.172.151.205
http://193.32.161.69
http://217.8.117.51
http://31.184.196.226
http://31.184.197.229
http://46.166.129.157
http://51.15.226.0
6pak.xyz
acceso.live
ahorros.space
ashleywalkerfuns.com
bobryangood1.ga
bolsaooma.com
cooperativa.casa
ct-ov.com
di-1.icu
handous.net
highparrot12.uz
safegross.com
v-chek.in
vi-1.icu
vt-ne.com
zi-1.icu

# Generic trails

/8f74ede3-010d-4d83-834c-7f06e8d51100/index.php
/Amadey/login.php
/f5lkB/index.php
/j88hNjkMn/index.php
/g5tUY/index.php
/g81hYYq/login.php
/gkkjs/login.php
/madapam/index.php
/mBSqq12/index.php
/S0soiAI/index.php
/t1QccbN2/index.php
/t7BnLkqwitOp52/login.php
