# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.secureworks.com/cyber-threat-intelligence/threats/cryptowall-ransomware/
# Reference: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25480/en_US/McAfee_Labs_Threat_Advisory-Ransom_Cryptowall.pdf

yoyosasa.com
youtubeallin.com
serbiabboy.com
hairyhustler.com
uprnsme.com
dealwithhell.com
wawamediana.com
qoweiuwea.com
dominikanabestplace.com
nofbiatdominicana.com
dominicanajoker.com
likeyoudominicana.com
khalisimilisi.com
posramosra.com
maskaradshowdominicana.com
newsbrontima.com
yaroshwelcome.com
granatebit.com
rearbeab.com
droterdrotit.com
kukisasda8121.com
tyuweirwsdf18741.com
machetesraka.com
markizasamvel.com
wachapikchaid91.com
hilaryclintonbest81.com
niggaattack23.com
norevengenosuck.com
stopobamastopusa.com
jiromepic.com
clocksoffers.com
gretableta.com
kaikialexus.com
babyslutsnil.com
wartbartmart.com
la4eversuck.com
obsesickshit.com
mamapapafam.com
usawithgitler.com
kickasssisters.com
bdsmwithyou.com
iampeterbaby.com
teromasla.com
torichipinis.com
gitlerluvua.com
covermontislol.com
usaalwayswar.com
bolizarsospos.com
titaniumpaladium.com
adolfforua.com
vivatsaultppc.com
milimalipali.com
poroshenkogitler.com
waltabaldasd.com
dancewithmeseniorita.com
indeedlinkme.com
crunkthatme.com
hungarymethis.com
terrymerry.com
lvoobptv6w5zanxu.onion
hyzcrtwh6ispjwj4.onion
2yd2bu2k5ilgxv6u.onion
kpai7ycr7jxqkilp.onion

# Reference: https://otx.alienvault.com/pulse/56253a7d67db8c47d3ce1a99/

speralreaopio.com
londonparig.tk
wswellproducts.com
comprarbbom.com.br
saryact.com

# Reference: http://www.malware-traffic-analysis.net/2015/10/20/index.html

dramaldental.com
konrad.szalapak.eu
quali-man.com

# Reference: https://otx.alienvault.com/pulse/5649468167db8c7a156b251d/

19bee88.com
abelindia.co
adcconsulting.net
adrive62.com
ainahanaudoula.com
alltimefacts.com
champagneframeofmind.com
cjforudesigns.com
csscott.com
fitbalancechallenge.com
flexiblepestsolutions.com
frc-conf.com
frc-pr.com
gerberinsreferral.com
hajsy.pro-linuxpl.com
httthanglong.com
imagescameraclub.com
kingalter.com
ks0407.com
lexscheep.com
localburialinsuranceinfo.com
mabawamathare.org
manisidhu.in
mofiaweb.com
mycampusjuice.com
novolani.com
parsimaj.com
pastimefoods.com
posrednik-china.com
purposenowacademy.com
royalsboostersgbball.com
salamasisters.org
shrisaisales.in
smfinternational.com
stwholesaleinc.com
successafter60.com
SuperCravings.com
texmart.in
thegingod.com
theGinGod.com
tuvestir.com
yahoosupportaustralia.com

# Reference: http://www.pccaretips.com/blog/how-to-remove-paytordmbdekmizq-tor4pay-com-virus.html

paytordmbdekmizq.onion
paytordmbdekmizq.pay4tor.com
paytordmbdekmizq.tor4pay.com
paytordmbdekmizq.torsona.com

# Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom%3AWin32%2FIsda

euiloveyou.com
hungariagogo.com
muhojir.tj
structretech.com
valueseu.com

# Reference: https://www.virustotal.com/en/domain/taxonprofits.com/information/

taxonprofits.com

# Reference: https://cymon.io/154.43.166.88

barabakadog.com

# Reference: https://www.zscaler.com/blogs/research/cryptowall-30-campaign-still-kicking

dorttlokolrt.com
indsertgamert.org
davis1.ru
downs1.ru
ellison1.ru
manning1.ru

# Reference: http://malwarefor.me/paying-days-cryptowall-3-0-campaign-via-magnitude-ek/

judora-ng.com
tryea.com
aseanian.com

# Reference: https://www.cryptowalltracker.org/cryptowall-4.html#networktraffic

/4bnu_k.php
/SCNnAd.php
/e25yBh.php
/5FY7P8.php

# Reference: https://www.cryptowalltracker.org/cryptowall-3.html#networktraffic

/P_tfk9.php
/H0zbxa.php

# Reference: https://www.cryptowalltracker.org/cryptowall-2.html#networktraffic

/w5bt74v22rlpfhx
/3640m0hzrz4i
/4z824ft4kum

# Reference: https://www.cryptowalltracker.org/cryptowall-1.html#networktraffic

/ogw4jyd918b
/w8c20n1424sw
/mp2fylzguhia

# Reference: https://www.cryptowalltracker.org/cryptodefense.html#networktraffic

/2a628t577por5c
/psfxwfddej1roh
/68qmqzyt1326xx8
/zfan5jzphfdsrlr
/fjd7m0199e5
/6ifemkkgkn19n
/hs9qwveivl
/1od6f4q72ppa

# Reference: https://www.cryptowalltracker.org/cryptolocker-clone.html#networktraffic

/36b1pxn56o6gnnf
/5at6xmynaj13ts4
/5h4tsjw18159zg

# Reference: https://app.any.run/tasks/987fb584-39b6-4c71-806a-f01410995d98/

goijsert5liuasdf7.l5news9ndbe3f.com
djdkduep62kz4nzx.tor2web.blutmagie.de
vmnpoius5e8s.awsfdmn342ned.com
djdkduep62kz4nzx.tor2web.org

# Reference: https://www.malware-traffic-analysis.net/2015/08/13/index.html
# Reference: https://www.virustotal.com/gui/file/dee03c76e9b59ee3cbdb0110dde39a8d481f9b97cbbae4d1ad238e5f61773c30/behavior/Tencent%20HABO

aplikacii.com/openx/www/delivery/ccc.php
biz-brokerage.com/wp-content/plugins/wp-antibot-standart/rrr.php
bryanfross.com/wp-content/themes/twentyeleven/ccccc.php
cafejapan.com/wp-content/plugins/bwp-recent-comments/ccc.php
canyonmidwifery.com/wp-content/plugins/ultimate-branding/c.php
chadwondermagic.com/wp-content/plugins/wp-quick-contact-us/cc.php
charityfross.com/wp-content/themes/twentyfourteen/cccc.php
charlescrosson.com/wp-content/plugins/woodojo/ccccc.php
clever-x.com/wp-content/plugins/sitepress-multilingual-cms/ccccc.php
communityneuroclinic.com/wp-content/themes/twentytwelve/cccc.php
comoaprenderamaquillarse.com/wp-content/themes/twentyten/c.php
connectao.com/wp-content/themes/twentyeleven/cc.php
conopizzabrasil.com/wp-content/plugins/revision-control/ccc.php
conopizzachile.com/wp-content/plugins/gravityforms/ccc.php
conopizzacolombia.com/wp-content/plugins/pods/cc.php
conopizzauruguay.com/wp-content/wp-content/themes/twentythirteen/cccc.php
conopizzavenezuela.com/wp-content/plugins/stickyfooter/ccccc.php
content-into-cash.com/wp-content/plugins/pretty-link/cc.php
couponsonakeychain.com/wp-content/plugins/wp-smushit/ccc.php
cprnash.com/wp-content/themes/twentytwelve/c.php
eduvantage.com/wp-content/uploads/rrrr.php
eiflthai.net/wp-content/themes/twentytwelve/rr.php
elanahmias.com/wp-content/uploads/r.php
fashionpeople.com.br/wp-content/themes/mazine/rrrrr.php
ferijalnirs.com/wp-content/plugins/revslider/temp/c.php
fortecegypt.com/blog/wp-content/themes/twentyfourteen/rrr.php
futurecomtechnologies.com/wp-content/plugins/jetpack/ccccc.php
gayphonesexboys.com/wp-content/uploads/rrrr.php
gei-th.com/ckfinder/cc.php
glamazona.com/plugins/system/plg_system_rewrite/rr.php
grizzlysts.com/wp-content/uploads/rrr.php
grpgroup.co.il/wp-content/plugins/revslider/temp/cccc.php
gsaarkansas.com/wp-content/plugins/wp-antibot-standart/rrrr.php
hiring-drivers.com/wp-content/plugins/revslider/temp/cc.php
hkmsm.com/wp-content/themes/xinji/rrrr.php
homestyle1974.com/wp-content/uploads/rrr.php
idea-lab.kz/wp-content/uploads/rrr.php
immbau24.de/templates/atomic/rr.php
infrontofmycamera.com/albums/ccc.php
isikbahcebakim.com/wp-content/uploads/rrrr.php
jadeamazonia.com/wp-content/uploads/r.php
kesbuk.cz/wp-content/uploads/rrrr.php
kwiatpaproci.mazury.pl/images/ccccc.php
majorleaguehomerepair.com/wp-content/uploads/rrrr.php
miiart-jewelry.com/wp-content/uploads/rr.php
misssupranationalthailand.com/wp-content/cccc.php
mohandeep.com/wp-content/uploads/rrr.php
morphcoffee.com/wp-content/uploads/cc.php
motored.pl/wp-content/uploads/rrrrr.php
oscotec.com/board/cccc.php
paperplane.co.id/site/ccccc.php
shipedtoyou.com/download/cc.php

# Reference: https://github.com/stamparm/maltrail/commit/733a4d2029755ad71c84caf07fc8dfb0e8332e60

captainblowdri.com
domainithere.com

# Reference: https://app.any.run/tasks/f4392eab-7719-4bf9-a2f6-121c66e88c6d/

kpai7ycr7jxqkilp.torexplorer.com