# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1040718336173137920

host2.azaronline.com

# Reference: https://twitter.com/avman1995/status/1039929322612641792

mail.efx.net.nz

# Reference: https://twitter.com/James_inthe_box/status/1039878859007569920
# Reference: https://www.virustotal.com/#/ip-address/37.59.117.243

http://37.59.117.243

# Reference: https://twitter.com/avman1995/status/1040493935234371584

ftp://ftp.fasttradeco.com

# Reference: https://twitter.com/MalwareHunterBR/status/1016486687059402752

herosoup.org

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

bobby.ziraat-helpdesk.com/login.php
chibu.ziraat-helpdesk.com/login.php
chisom.ziraat-helpdesk.com/login.php
dashi-dashi.ziraat-helpdesk.com/login.php
eizzy.haoldd.com/login.php
elb.haoldd.com/login.php
emy.agrillcs.com/login.php
ezeoma.agrillcs.com/login.php
figure.agrillcs.com/login.php
files.ziraat-helpdesk.com/login.php
free.agrillcs.com/login.php
jboy.agrillcs.com/login.php
jizzy.ziraat-helpdesk.com/login.php
joe.ziraat-helpdesk.com/login.php
haoldd.com/okilo/login.php
ike.agrillcs.com/login.php
isa.haoldd.com/login.php
kc.ziraat-helpdesk.com/login.php
kelvin.agrillcs.com/login.php
marchforward.usa.cc/WebPanel/login.php
marchforward.usa.cc/youngnascent/WebPanel/login.php
mi.haoldd.com/login.php
okey.haoldd.com/login.php
small-kelly.agrillcs.com/login.php
tonishl.ga/alifriend/WebPanel/login.php
tonishl.ga/jide/WebPanel/login.php
tonishl.ga/shanker/WebPanel/login.php
tonishl.ml/kc/WebPanel/login.php
tonishl.ml/nonso/WebPanel/login.php
tonishl.ml/sammy/WebPanel/login.php
yg.haoldd.com/login.php

# Reference: https://twitter.com/James_inthe_box/status/1046070749138735110

shahrproject.ir/wp--admin/

# Reference: https://twitter.com/James_inthe_box/status/1044198938847244289

moranhq.duckdns.org

# Reference: https://twitter.com/Jan0fficial/status/1047023512383311873

venividivici.host

# Reference: https://twitter.com/Jan0fficial/status/1047051546851254272

etvidanueva.com/photos/images/WebPanel/login.php
etvidanueva.com/photos/images/fulls/WebPanel/login.php

# Reference: https://twitter.com/Jan0fficial/status/1047053960689987584

allpeople.cc/WebPanel/

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

hp-compoundlng.com/zuniga/zuniga.php

# Reference: https://twitter.com/avman1995/status/1046620646137102336

repoyochar2u.ddns.net
repoyochar2u.hopto.org

# Generic callback path

/zuniga.php

# Reference: https://twitter.com/Racco42/status/1055370151984537602

ftp.dolphins-gb.com

# Reference: https://twitter.com/casual_malware/status/1107441450415992832

rat8882018.bounceme.net

# Reference: https://twitter.com/ItsReallyNick/status/925754844706689024

regiusersme63.com
twendekazi.co.ke

# Reference: https://twitter.com/JAMESWT_MHT/status/1111231704847581185

server15.thcservers.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1117787548787597313
# Reference: https://app.any.run/tasks/a7f299b3-0b84-4403-a75f-7fb45700e14e

severeweatheralerts02.severeweatheralerts.net

# Reference: https://otx.alienvault.com/pulse/5cb636d8706621055e694e0a
# Reference: https://twitter.com/_cpresearch_/status/1118201474809462784

checkoutspace.com
