# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: kegtap # Reference: https://pastebin.com/raw/BmPzBqUs # Reference: https://app.any.run/tasks/975fb69c-b5eb-49c7-8d8f-332d34b6f46b/ # Reference: https://app.any.run/tasks/d0b1de23-ac5a-4274-afa0-4066fcb51844/ # Reference: https://app.any.run/tasks/b21c7dbe-7a74-48d3-9762-874c3c80c9e0/ 164.132.76.76:443 164.68.107.165:443 195.123.241.194:443 212.22.70.4:443 54.37.237.253:443 82.146.37.128:443 calacatta.com rayanat.com unitedyfl.com # Reference: https://twitter.com/James_inthe_box/status/1310987704021073926 http://51.89.177.16 51.89.177.16:443 # Reference: https://twitter.com/James_inthe_box/status/1311386833041809408 # Reference: https://twitter.com/James_inthe_box/status/1311388126284185600 # Reference: https://app.any.run/tasks/6829a6b6-7444-400a-8888-b95ff3875ef6/ # Reference: https://www.virustotal.com/gui/ip-address/64.44.131.106/relations # Reference: https://www.virustotal.com/gui/ip-address/96.9.225.147/relations bubl6g.com check1ster.com control1domain.com gate56dc.com # Reference: https://www.virustotal.com/gui/file/23ac461f9b5128841cafabb4282432252ea7b57874595cf6fe8457fc1ac65007/detection # Reference: https://www.virustotal.com/gui/file/fa70444f840f593557d5d062dcb7d57d5869a8c1a998939881e7762044660272/detection # Reference: https://twitter.com/malware_traffic/status/1313261006634848256 3.137.182.114:443 54.146.200.146:443 cstr1.com cstr3.com # Reference: https://twitter.com/James_inthe_box/status/1313512886640074753 z57gc.com # Reference: https://twitter.com/IntezerLabs/status/1314236451119411200 # Reference: https://www.virustotal.com/gui/file/0654bd997b078513c0607683315b9499ec1edc970af5e75d71948ea605781867/detection ds45x1.com ds46x1.com ds47x1.com x55gc.com x57gc.com # Reference: https://twitter.com/James_inthe_box/status/1314612116574203906 # Reference: https://otx.alienvault.com/pulse/5f80a8e422f0579f87cdf4d0 allrulk.com breezdesign.com cuprinc.com grumhit.com onevdg.com # Reference: https://twitter.com/James_inthe_box/status/1316009750086123523 3.137.180.197:443 34.221.202.231:443 # Reference: https://twitter.com/James_inthe_box/status/1316779729299542017 # Reference: https://twitter.com/pancak3lullz/status/1316790427958292515 244.222.244.154:443 freedubcs.com labelcs.com shophoof.com titlecs.com # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1319347664207679488 mixcinc.com nicknames.com # Reference: https://twitter.com/James_inthe_box/status/1319298609255383040 hunopk.xyz sersd.xyz # Reference: https://twitter.com/Scoobs_McGee/status/1321545184891539466 hmiu.xyz refvs.xyz zaxswder.xyz # Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662 bigjamg.xyz dasvdbfgne.xyz lmnab.xyz z55gc.com # Reference: https://twitter.com/James_inthe_box/status/1323373950022250497 citycafeonline.com ikjumnh.xyz woodallmcneill.com # Reference: https://twitter.com/James_inthe_box/status/1323711792686587905 # Reference: https://app.any.run/tasks/e133041c-9c4c-48e9-8b9b-8912fb7fc835/ nemtos.com lukeschicago.com ukmedm.com # Reference: https://www.virustotal.com/gui/file/2a7964c5d7268f4b320e91ad133654d75edca3c15f9e5c76dee7bf68634b933f/detection burngs.com # Reference: https://www.virustotal.com/gui/file/f54cec2b04daafb0a1d612ef84913a1d03ef61d7de8b4c144414378c4415ac09/detection 35.164.230.208:443 aegijmaliijo.bazar afehjlamghjn.bazar afeiilamgiin.bazar bdegjkbkggjm.bazar bdfgilbkhgin.bazar ceggjkcligjm.bazar dcegjldjggjn.bazar ddegkmdkggko.bazar ddehimdkghio.bazar dfegkkdmggkm.bazar # Reference: https://www.virustotal.com/gui/file/15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f/detection # Reference: https://www.virustotal.com/gui/file/20f46f645a8eee243166fe55e1473e908f194438bed47d8d0caf164fbbd45655/detection 81.17.28.105:443 # Reference: https://twitter.com/ffforward/status/1337091508391047168 cleancarwashlla.org envirodedge.com thecarwash-zone.com # Reference: https://twitter.com/ffforward/status/1337094696460496903 chukysdetall.com.com ecosmartdetaillng.com masterpiece-auto.com # Reference: https://www.virustotal.com/gui/file/ac696ef5a12039b72e408b6b14e08823c407ee652a6a36b7c33d01cd8d373497/detection cleaningcompany-online.com # Reference: https://twitter.com/c3rb3ru5d3d53c/status/1340455647763189761 # Reference: https://www.virustotal.com/gui/file/288d28f4d53d8e44d599a4d2f70b53d5b13f0827ad2b7a953a7a3cbd6e67bf25/detection # Reference: https://www.virustotal.com/gui/file/a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600/detection homeclean-heroes.com # Reference: https://twitter.com/_pr4gma/status/1340026234621857793 # Reference: https://www.virustotal.com/gui/file/56c5bee33c17a453c900725f88efb0466fd928072c420955fa599b518b9dfcd2/detection # Reference: https://www.virustotal.com/gui/file/68ed893ae6ab2d7f00c3aacf46bc0c92966b647bcfe7e940a5d3ee55af01105a/detection akbuilding-services.com johnnyclean-carwash.com # Reference: https://twitter.com/_pr4gma/status/1341115000652525569 # Reference: https://www.virustotal.com/gui/ip-address/192.236.155.212/relations # Reference: https://www.virustotal.com/gui/file/436301cb89dadecb6c6cefc043b8a4d8f47de2054b1e84e1612cf061cd14dc15/detection birch-psychology.com busybjjj.com flux-psychology.com kpn-diensten.com # Reference: https://www.virustotal.com/gui/file/102dca8d268dbbba33770459009d4d67e0d714b44523c28fce57ee83fe186a31/detection bitaonyw.bazar etymsoem.bazar iqtielca.bazar izaztoew.bazar lilaelac.bazar uclaibyw.bazar vuazelqe.bazar # Reference: https://twitter.com/_pr4gma/status/1341513863364272128 # Reference: https://www.virustotal.com/gui/file/392c73ffa3b1513cd8de9435d7e76320eff7f98db884eb6bc776c3b2bea7c77e/detection elevateyoga-denver.com flourish-psychology.net impactpsychcoloradoo.com livingyoga-denver.com # Reference: https://twitter.com/James_inthe_box/status/1339660764303388673 sosefinawinnifredsullivan8-5ce0e.gr8.com # Reference: https://www.virustotal.com/gui/file/ba32f63679760a34efd78fb148785a5b9074a406a0a0bf5881e7ccdc15a5d70f/detection http://13.57.15.8/vegetable/cut/bananas http://54.193.186.118/map/spell/16 http://54.193.186.118/vegetable/cut/bananas dcegjldcggjn.bazar # Reference: https://www.virustotal.com/gui/file/ba31f57d30e59c14c77c44fc90b8220933771220fba0ec1b27acd665c2a145ad/detection 18.188.18.65:443 3.15.209.89:443 juiceandfilm.com aegijmaliijo.bazar bdegjkbkggjm.bazar bdfgilbkhgin.bazar dcegjldjggjn.bazar ddegkmdkggko.bazar ddehimdkghio.bazar # Reference: https://www.virustotal.com/gui/file/d362c83e5a6701f9ae70c16063d743ea9fe6983d0c2b9aa2c2accf2d8ba5cb38/detection 34.209.40.84:443 54.184.178.68:443 # Reference: https://www.virustotal.com/gui/file/571c32689719ba00f0d60918ae70a8edc185435ce3201413c75da1dbd269f88c/detection http://34.209.40.84 http://54.184.178.68 # Reference: https://twitter.com/_pr4gma/status/1348468157028196352 # Reference: https://www.virustotal.com/gui/file/712613ccdbc874e5467e58f6132687d39ece03669a4f0ea085e2c11e2158a7ed/behavior http://34.216.201.114/biker/bearded1 http://52.37.6.188/biker/bearded1 http://52.37.6.188/manufacturer/ningbo a-c-s.com/omgas/orexda.php # Generic /23c55b2cb0637e6dfa0f80a62ca03dc3/ /bont/past /bont/vnt /pgta/a12 /pgta/a14