# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/0xToxin/status/1595421236267552770
# Reference: https://www.virustotal.com/gui/file/e65b9ad61006d81f08238af12c9572075432264982cb62eb39415ff5a326964b/detection

http://185.209.160.47
http://45.134.174.158

# Reference: https://twitter.com/0xToxin/status/1595433228562833408
# Reference: https://twitter.com/0xToxin/status/1595437210937225216
# Reference: https://twitter.com/500mk500/status/1595435370560520192
# Reference: https://www.virustotal.com/gui/ip-address/31.42.176.127/relations

http://31.42.176.127
laplas.app
laplasejd3i352krigq45dj4s75colxxj4ll3bsflmr4ir76dg5qb3yd.onion

# Reference: https://twitter.com/0xToxin/status/1595840204635504641
# Reference: https://www.virustotal.com/gui/ip-address/45.159.189.115/relations

http://193.56.146.168
clipper.guru

# Reference: https://twitter.com/suyog41/status/1596118044471795712
# Reference: https://www.virustotal.com/gui/file/955025ec2a4a635f597080fac9287b2692b69536b16f7c736a041a163011cb85/detection

04068790.com

# Reference: https://twitter.com/0xToxin/status/1597674380464562176
# Reference: https://tria.ge/221128-cfkdjsfd36/behavioral1

http://79.137.206.137

# Reference: https://twitter.com/0xToxin/status/1598047072535867393

http://104.193.255.50
http://167.86.100.179
http://185.223.93.251
http://194.87.216.44
http://31.42.176.127/
http://45.159.188.118
http://45.159.188.158
http://45.159.189.115
http://79.137.204.208
http://95.214.55.244
atlantasanad.space
crypto-bloktopia.xyz
xshow.tv

# Reference: https://threatfox.abuse.ch/ioc/1068398/

http://45.159.189.105

# Reference: https://twitter.com/doc_guard/status/1620050799488540674
# Reference: https://www.virustotal.com/gui/file/601404a367761761bf1d5dcb5e3ba4d3d00231a30925e32c0e14381ebbb725ed/detection

http://162.248.224.213

# Reference: https://twitter.com/r3dbU7z/status/1624059501258190853
# Reference: https://www.virustotal.com/gui/file/bd7dfd1a455f14482be1b6838b767d5a10ca0426fd4232dd69a159b94e94a492/detection

http://31.172.79.130
most-wntonlyfunns.ru

# Reference: https://twitter.com/James_inthe_box/status/1626288456795291650
# Reference: https://app.any.run/tasks/19f3070c-7ac7-4049-b1fb-019747514790/
# Reference: https://app.any.run/tasks/bc4008f9-9b92-4c3a-bd7f-d192edbaf320/

http://45.84.121.44
/bot/regex

# Generic

/bot/online?guid=
/bot/regex?key=
/.well-known/dmi1dfg7n.kjylug
/.well-known/ofg7d45fg312.sfhg
/.well-known/rewrerwef.fdf
