# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://hackforums.net/printthread.php?tid=5655422

minergate.com
miningpoolhub.com
minexmr.com
pool.minexmr.com
moneropool.com
crypto-pool.fr
dwarfpool.com
xmrpool.eu
prohash.net
nanopool.org
ethereumpool.co
suprnova.cc
siamining.com

# Reference: https://www.multipool.us/

multipool.us

# Reference: https://mining-help.ru/

mining-help.ru

# Reference: https://xmrminer.cc/

xmrminer.cc

# Reference: https://www.monero.how/tutorial-how-to-mine-monero

supportxmr.com
monero.hashvault.pro
monerohash.com
monero.crypto-pool.fr
xmrpool.net
poolmining.org
pool.xmr.pt
xmr.prohash.net
xmr.poolto.be

# Reference: http://www.gandalph3000.com/

gandalph3000.com

# Reference: https://pangolinminer.com/

pangolinminer.com

# Reference: https://hellominer.com/

hellominer.com

# Reference: https://github.com/keraf/NoCoin/blob/master/src/blacklist.txt

# coinhive.com
# coin-hive.com
# jsecoin.com
# reasedoper.pw
# mataharirama.xyz
# listat.biz
# lmodr.biz
# minecrunch.co
# minemytraffic.com
# crypto-loot.com

# Reference: https://www.virustotal.com/#/file/179c5390ba2023402283104fd85d6394033976bc2f21e45d32e7557cafaa7d41/detection

www.sparechange.io

# Reference: https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html

8282.space
3389.space

# Reference: https://github.com/xmrig/xmrig/blob/master/src/net/strategies/DonateStrategy.cpp

fee.xmrig.com

# Reference: https://www.securityhome.eu/malware/malware.php?mal_id=7994909645aa0b75fc035d0.43847858

donate.xmrig.com

# Reference: https://isc.sans.edu/forums/diary/What+is+going+on+with+port+3333/23215

mine.moneropool.com
pool.cortins.tk
pool.supportxmr.com
xmr.crypto-pool.fr
xmrpool.eu

# Reference: https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/

koto-pool.work

# Reference: https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang

134.209.104.20:51640
minerxmr.ru

# Reference: https://twitter.com/bad_packets/status/1100625553822867456

119.23.222.239:26590

# Reference: https://twitter.com/James_inthe_box/status/1115591879586795521

47.97.119.5:19988

# Reference: https://twitter.com/infosec_dude/status/1117450131417313280
# Reference: https://www.virustotal.com/gui/ip-address/45.43.27.214/relations
# Reference: https://twitter.com/James_inthe_box/status/1117881448151666688

45.43.27.214:17555
r.twotouchauthentication.online