# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: kegtap

# Reference: https://pastebin.com/raw/BmPzBqUs
# Reference: https://app.any.run/tasks/975fb69c-b5eb-49c7-8d8f-332d34b6f46b/
# Reference: https://app.any.run/tasks/d0b1de23-ac5a-4274-afa0-4066fcb51844/
# Reference: https://app.any.run/tasks/b21c7dbe-7a74-48d3-9762-874c3c80c9e0/

164.132.76.76:443
164.68.107.165:443
195.123.241.194:443
212.22.70.4:443
54.37.237.253:443
82.146.37.128:443
calacatta.com
rayanat.com
unitedyfl.com

# Reference: https://twitter.com/James_inthe_box/status/1310987704021073926

http://51.89.177.16
51.89.177.16:443

# Reference: https://twitter.com/James_inthe_box/status/1311386833041809408
# Reference: https://twitter.com/James_inthe_box/status/1311388126284185600
# Reference: https://app.any.run/tasks/6829a6b6-7444-400a-8888-b95ff3875ef6/
# Reference: https://www.virustotal.com/gui/ip-address/64.44.131.106/relations
# Reference: https://www.virustotal.com/gui/ip-address/96.9.225.147/relations

bubl6g.com
check1ster.com
control1domain.com
gate56dc.com

# Reference: https://www.virustotal.com/gui/file/23ac461f9b5128841cafabb4282432252ea7b57874595cf6fe8457fc1ac65007/detection
# Reference: https://www.virustotal.com/gui/file/fa70444f840f593557d5d062dcb7d57d5869a8c1a998939881e7762044660272/detection
# Reference: https://twitter.com/malware_traffic/status/1313261006634848256

3.137.182.114:443
54.146.200.146:443
cstr1.com
cstr3.com

# Reference: https://twitter.com/James_inthe_box/status/1313512886640074753

z57gc.com

# Reference: https://twitter.com/IntezerLabs/status/1314236451119411200
# Reference: https://www.virustotal.com/gui/file/0654bd997b078513c0607683315b9499ec1edc970af5e75d71948ea605781867/detection

ds45x1.com
ds46x1.com
ds47x1.com
x55gc.com
x57gc.com

# Reference: https://twitter.com/James_inthe_box/status/1314612116574203906
# Reference: https://otx.alienvault.com/pulse/5f80a8e422f0579f87cdf4d0

allrulk.com
breezdesign.com
cuprinc.com
grumhit.com
onevdg.com

# Reference: https://twitter.com/James_inthe_box/status/1316009750086123523

3.137.180.197:443
34.221.202.231:443

# Reference: https://twitter.com/James_inthe_box/status/1316779729299542017
# Reference: https://twitter.com/pancak3lullz/status/1316790427958292515

244.222.244.154:443
freedubcs.com
labelcs.com
shophoof.com
titlecs.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1319347664207679488

mixcinc.com
nicknames.com

# Reference: https://twitter.com/James_inthe_box/status/1319298609255383040

hunopk.xyz
sersd.xyz

# Reference: https://twitter.com/Scoobs_McGee/status/1321545184891539466

hmiu.xyz
refvs.xyz
zaxswder.xyz

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662

bigjamg.xyz
dasvdbfgne.xyz
lmnab.xyz
z55gc.com

# Reference: https://twitter.com/James_inthe_box/status/1323373950022250497

citycafeonline.com
ikjumnh.xyz
woodallmcneill.com

# Reference: https://twitter.com/James_inthe_box/status/1323711792686587905
# Reference: https://app.any.run/tasks/e133041c-9c4c-48e9-8b9b-8912fb7fc835/

nemtos.com
lukeschicago.com
ukmedm.com

# Reference: https://www.virustotal.com/gui/file/2a7964c5d7268f4b320e91ad133654d75edca3c15f9e5c76dee7bf68634b933f/detection

burngs.com

# Reference: https://www.virustotal.com/gui/file/f54cec2b04daafb0a1d612ef84913a1d03ef61d7de8b4c144414378c4415ac09/detection

35.164.230.208:443
aegijmaliijo.bazar
afehjlamghjn.bazar
afeiilamgiin.bazar
bdegjkbkggjm.bazar
bdfgilbkhgin.bazar
ceggjkcligjm.bazar
dcegjldjggjn.bazar
ddegkmdkggko.bazar
ddehimdkghio.bazar
dfegkkdmggkm.bazar

# Reference: https://www.virustotal.com/gui/file/15305978d7c42e26d908feca9aed4efa3df89ae6524ecce10752a2ee3cdf813f/detection
# Reference: https://www.virustotal.com/gui/file/20f46f645a8eee243166fe55e1473e908f194438bed47d8d0caf164fbbd45655/detection

81.17.28.105:443

# Reference: https://twitter.com/ffforward/status/1337091508391047168

cleancarwashlla.org
envirodedge.com
thecarwash-zone.com

# Reference: https://twitter.com/ffforward/status/1337094696460496903

chukysdetall.com.com
ecosmartdetaillng.com
masterpiece-auto.com

# Reference: https://www.virustotal.com/gui/file/ac696ef5a12039b72e408b6b14e08823c407ee652a6a36b7c33d01cd8d373497/detection

cleaningcompany-online.com

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1340455647763189761
# Reference: https://www.virustotal.com/gui/file/288d28f4d53d8e44d599a4d2f70b53d5b13f0827ad2b7a953a7a3cbd6e67bf25/detection
# Reference: https://www.virustotal.com/gui/file/a32ed4b36d44c489341721920d27294cab78ad7bd970c8ac6baa3edc4337a600/detection

homeclean-heroes.com

# Reference: https://twitter.com/_pr4gma/status/1340026234621857793
# Reference: https://www.virustotal.com/gui/file/56c5bee33c17a453c900725f88efb0466fd928072c420955fa599b518b9dfcd2/detection
# Reference: https://www.virustotal.com/gui/file/68ed893ae6ab2d7f00c3aacf46bc0c92966b647bcfe7e940a5d3ee55af01105a/detection

akbuilding-services.com
johnnyclean-carwash.com

# Reference: https://twitter.com/_pr4gma/status/1341115000652525569
# Reference: https://www.virustotal.com/gui/ip-address/192.236.155.212/relations
# Reference: https://www.virustotal.com/gui/file/436301cb89dadecb6c6cefc043b8a4d8f47de2054b1e84e1612cf061cd14dc15/detection

birch-psychology.com
busybjjj.com
flux-psychology.com
kpn-diensten.com

# Reference: https://www.virustotal.com/gui/file/102dca8d268dbbba33770459009d4d67e0d714b44523c28fce57ee83fe186a31/detection

bitaonyw.bazar
etymsoem.bazar
iqtielca.bazar
izaztoew.bazar
lilaelac.bazar
uclaibyw.bazar
vuazelqe.bazar

# Reference: https://twitter.com/_pr4gma/status/1341513863364272128
# Reference: https://www.virustotal.com/gui/file/392c73ffa3b1513cd8de9435d7e76320eff7f98db884eb6bc776c3b2bea7c77e/detection

elevateyoga-denver.com
flourish-psychology.net
impactpsychcoloradoo.com
livingyoga-denver.com

# Reference: https://twitter.com/James_inthe_box/status/1339660764303388673

sosefinawinnifredsullivan8-5ce0e.gr8.com

# Reference: https://www.virustotal.com/gui/file/ba32f63679760a34efd78fb148785a5b9074a406a0a0bf5881e7ccdc15a5d70f/detection

http://13.57.15.8/vegetable/cut/bananas
http://54.193.186.118/map/spell/16
http://54.193.186.118/vegetable/cut/bananas
dcegjldcggjn.bazar

# Reference: https://www.virustotal.com/gui/file/ba31f57d30e59c14c77c44fc90b8220933771220fba0ec1b27acd665c2a145ad/detection

18.188.18.65:443
3.15.209.89:443
juiceandfilm.com
aegijmaliijo.bazar
bdegjkbkggjm.bazar
bdfgilbkhgin.bazar
dcegjldjggjn.bazar
ddegkmdkggko.bazar
ddehimdkghio.bazar

# Reference: https://www.virustotal.com/gui/file/d362c83e5a6701f9ae70c16063d743ea9fe6983d0c2b9aa2c2accf2d8ba5cb38/detection

34.209.40.84:443
54.184.178.68:443

# Reference: https://www.virustotal.com/gui/file/571c32689719ba00f0d60918ae70a8edc185435ce3201413c75da1dbd269f88c/detection

http://34.209.40.84
http://54.184.178.68

# Reference: https://twitter.com/_pr4gma/status/1348468157028196352
# Reference: https://www.virustotal.com/gui/file/712613ccdbc874e5467e58f6132687d39ece03669a4f0ea085e2c11e2158a7ed/behavior

http://34.216.201.114/biker/bearded1
http://52.37.6.188/biker/bearded1
http://52.37.6.188/manufacturer/ningbo
a-c-s.com/omgas/orexda.php

# Reference: https://twitter.com/jfslowik/status/1352075291137437696
# Reference: https://twitter.com/jfslowik/status/1352078589773037568
# Reference: https://twitter.com/jfslowik/status/1352078590746103809

1800carwashdcc.com
carwashcafe-usa.com
carwashers.app
carwashnearme.online
championsgatecarwashh.com
cleanasawhistlecarwashh.com
coastalbrezecarwash.com
englewoodcarwashh.us
flagshiipcarwash.com
flagship-carwash.com
insideoutexprescarwash.com
liberty-carwashh.com
lruless.org
maidcompletee.com
maycarwash.co
miraclecarwashanddetall.com
mysplash-carwash.com
myvaleycarwash.com
nemosexpresscarwashh.com
riptidecarwashfll.com
shellgasand-carwash.com
steam-cleaning.us
timetshinecarwash.com
topshine-carwash.com
usedcarwash.com
usedcarwashequipment.com
waldenlakeecarwash.com
washcity-carwash.com

# Reference: https://twitter.com/ffforward/status/1353695031287291905
# Reference: https://app.any.run/tasks/71430bf0-d4c1-4647-8e76-1ec367eac0db/

aceiikbdgiin.bazar
acfgikbdhgin.bazar
acghilbdihio.bazar
adehjkbeghjn.bazar
adggklbeigko.bazar
afegkmbgggkp.bazar
bchgjlcdjgjo.bazar
bffhklcghhko.bazar
nnotifytgame.bazar
thegame.bazar

# Reference: https://twitter.com/ffforward/status/1356571665648537601
# Reference: https://urlhaus.abuse.ch/browse/tag/BazarCall/

compact-ssd.us
compactstorage.us
compssd.us
intimylingerie.us
toptipsoffice.us
toptoffice.us
tt-office.us
ttoffice.us
ttoffices.us

# Reference: https://twitter.com/ffforward/status/1358863187748282368
# Reference: https://app.any.run/tasks/c3e540e5-8fc5-4bd0-8477-5f497c6ef22c/

34.210.71.206:443
34.213.138.61:443
54.241.149.90:443
acegikbcggin.bazar
acegilbcggio.bazar
acegimbcggip.bazar
acegjkbcggjn.bazar
acegjlbcggjo.bazar
acegjmbcggjp.bazar
acegkkbcggkn.bazar
acegklbcggko.bazar
acegkmbcggkp.bazar
acehikbcghin.bazar
acehilbcghio.bazar
acehimbcghip.bazar
acehjkbcghjn.bazar
acehjlbcghjo.bazar
acehjmbcghjp.bazar
acehkkbcghkn.bazar
acehklbcghko.bazar
acehkmbcghkp.bazar
aceiikbcgiin.bazar
aceiilbcgiio.bazar
aceiimbcgiip.bazar
aceijkbcgijn.bazar
aceijlbcgijo.bazar
aceijmbcgijp.bazar
aceikkbcgikn.bazar
aceiklbcgiko.bazar
aceikmbcgikp.bazar
acfgikbchgin.bazar
acfgilbchgio.bazar
acfgimbchgip.bazar
acfgjkbchgjn.bazar
aeghkkbeihkn.bazar
bcfijmcchijp.bazar
cfhgjldfjgjo.bazar
efehilffghio.bazar
obpharmacy.us
snutrition.us

# Reference: https://www.proofpoint.com/us/blog/threat-insight/baza-valentines-day
# Reference: https://otx.alienvault.com/pulse/602ecfb40524de16ef1b6fa3/

http://18.188.232.155/investigate/discharge/partially2
http://18.188.232.155/leading/crisis26/snow11
http://18.236.86.87/organization/round_table
http://34.210.71.206/artists/id/13131
http://34.210.71.206/home/static
http://34.210.71.206/news/article/12422
http://34.212.73.169/organization/round_table
http://34.220.167.220/organization/round_table
http://34.220.204.73/exceed/requested7/ppd15
http://52.12.160.92/blog/entry/361446
http://52.12.160.92/exceed/requested7/ppd15
http://52.12.160.92/goods/itemid/124324
http://54.190.50.234/organization/round_table
cacla2006.org/achlom/hamin.php
cutedigitalphotography.com/vitrum/caretas.php
homeprojectplanning.com/germes/sanertl.php
horsehospital.com/assebles/hamnab.php
morrislibraryconsulting.com/favicam/gertnm.php

# Reference: https://twitter.com/jfslowik/status/1362453716230492166

basketandgoal.us
chasingflavour.us
cookingvillage.us
crazytrends.us
dacklera.us
famouscuisine.us
freekick.us
funshowbiz.us
iconiccook.us
infototal.us
midcourtgoal.us
penaltyshot.us
totalshowbiz.us

# Generic

/23c55b2cb0637e6dfa0f80a62ca03dc3/
/bont/past
/bont/vnt
/pgta/a12
/pgta/a14
