# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: coldstealer

# Reference: https://asec.ahnlab.com/ko/31703/
# Reference: https://otx.alienvault.com/pulse/621cfe67038f5c89b6471272
# Reference: https://www.virustotal.com/gui/file/000799dea0cea46bda4614657a800408dd3448056800e03c9ff9c5aeb8797ea2/detection

disandillanne.xyz
enter-me.xyz
jordanserver232.com
presstheme.me
real-enter-solutions.xyz
realacademicmediausa.com
realmoneycreate.xyz
rebordnes.xyz
thehomenow.xyz
topexpertshop.com

# Reference: https://www.virustotal.com/gui/file/116b3ea7efaa8a6b484dddba02b8d40a3aeccdbf6ea72466c70c7d6505988bac/detection

fuck-systems.com
karinianise.xyz
littlebreakthroungh.com

# Reference: https://www.virustotal.com/gui/file/001807f9c24cb224cc074f66a2c9ab8b86dde7c752a7a60632bd2b06080fafbd/detection

onenew-cloudapps.com

# Reference: https://www.virustotal.com/gui/file/f0d94f8615313cba490aebc5a332943ff4b15b1a1b4a0533d2b97e875fb4261c/detection

getepassportsolutions.com

# Reference: https://x.com/solostalking/status/1909514728478474664
# Reference: https://app.validin.com/detail?find=Cold%20Stealer&type=raw&ref_id=1a73b17791f#tab=host_responses (# 2025-04-08)

http://20.169.80.196
http://20.220.24.175
20.169.80.196:443
20.220.24.175:443
coldplay.wtf
beta.coldplay.wtf

# Reference: https://x.com/solostalking/status/1945750337018839042
# Reference: https://app.any.run/tasks/a6c67662-4b3b-41d0-b260-eadf838482f3

mythicalrift.com
panel.mythicalrift.com
