# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: fanta, flexnet, limebot, lipton

# Reference: https://www.group-ib.ru/blog/fanta (Russian)
# Reference: https://www.virustotal.com/gui/ip-address/178.132.1.240/relations

av-tovar.ru
perevod273.ru
perevod901.ru
ru-sdelka.ru
sdelka-ru.ru
sdelka211.ru
sdelka221.ru
shcet382.ru
shcet491.ru
tovar-av.ru
viplata291.ru
vyplata437.ru
(perevod|sdelka|shcet|v[i,y]plata)[0-9]{3}\.ru

# C2-s

# Reference: https://www.virustotal.com/gui/ip-address/217.23.14.27/relations

http://217.23.14.27
onuseseddohap.club
bad-racoon.club
bad-racoon.live
