# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: billgates, gates, setag, ganiw

# Reference: https://otx.alienvault.com/pulse/560c150e67db8c47d4ce2b14/

mou521.f3322.org
say.f322.net

# Reference: https://otx.alienvault.com/pulse/55cb66f24637f20b6e54ab88/

liunx.200jh.com

# Reference: https://otx.alienvault.com/pulse/557b7ca6b45ff5450f63f4f5/

wuzu520.com

# Reference: https://twitter.com/michalmalik/status/1143879771878830080

auth.to0ls.com
111.90.140.35:80

# Reference: https://twitter.com/michalmalik/status/1143887109599748097

vpn.to0ls.com
115.231.218.64:8226

# Reference: https://www.virustotal.com/gui/file/4b5f1e8d5e804ca7d52a9d58e5bfc0626e912a3a0c89545cf057a65fdb31b119/behavior

oa.to0ls.com

# Reference: https://www.virustotal.com/gui/domain/to0ls.com/detection

to0ls.com

# Reference: https://otx.alienvault.com/pulse/5d37185951ea5a026c813388

aduidc.xyz

# Reference: https://twitter.com/m00zh33/status/855714481757855744
# Reference: https://www.virustotal.com/gui/file/f2ea3350868cc02969c73777faf7ada5d988528ed4fbd9f72c8a8aa7bd56b705/detection

115.231.218.64:13864

# Reference: https://www.virustotal.com/gui/file/87f56f8ef4379adeff48e059d6ee9dce0891457f6fb21c6baadd426ce617ce32/detection

119.10.151.120:36000

# Reference: https://www.virustotal.com/gui/file/79f58ac03859146971c7299b0b52db54b92428d4303b206433ab3c853b1e27b1/detection

216.58.203.46:2221
216.58.203.46:6001
wysps.cn

# Reference: https://www.virustotal.com/gui/file/912625884c6239cf6a81fb9309b79fbd7f85fb9176797b5548779cb551f9e1c9/detection

103.59.113.150:2021
jkx3.com

# Reference: https://www.virustotal.com/gui/file/54e12d4c510e50fa0a615ca98355fda23a3dc4e3a5fb5bf24a4cf105475f635a/detection

103.45.147.37:8080
103.59.113.150:8899

# Reference: https://www.virustotal.com/gui/file/11c898566e20d41510dded64bcc305b89f765a89ca520c3d3e34c4e2f07b20f8/detection

114.118.98.185:8081

# Reference: https://www.virustotal.com/gui/file/062d1ba24ade9b04bb1acb272950c323b07fc86d7c99b9173ea15e8fd82ea754/detection

91.195.240.82:8080
autumn.f3322.com

# Reference: https://www.virustotal.com/gui/file/414e092e5d9683fb40824db7571f9b1c6fd954fb620c89c5ee44a6b29fb9ef6f/detection

103.45.174.24:4570

# Reference: https://www.virustotal.com/gui/file/08d3ba9d45ef8a5ceac9786498083263809c84005283ed6ec82b51ec8d6478d6/detection

193.218.38.152:2019

# Reference: https://www.virustotal.com/gui/file/df5e62cc034557cdc18bf7588bcc0ff4fc5a2b0e15a8ee8f93b7b0e0a838c347/detection

45.158.21.91:8080

# Reference: https://www.virustotal.com/gui/file/640f5e05ea64ab85f0892cffd212e0b123dbcfc0b2e636cf825caa673528c9da/detection

152.136.255.75:8000
152.136.255.75:8080

# Reference: https://www.virustotal.com/gui/file/ece2e79c764df03afef7dcc0916ce1573d806d2d38074e63d744300506f6da27/detection

103.59.113.150:8000

# Reference: https://www.virustotal.com/gui/file/b63c638840c7182497a5667076a89d2838398e92c7cbf064f4de71e95b246526/detection

62.234.147.170:2020

# Reference: https://www.virustotal.com/gui/file/e83e40c09a86bd40f6abc5dd0c65b001c190c9db4cdd827e98928db10de87e05/detection

103.59.113.150:52

# Reference: https://www.virustotal.com/gui/file/193b05153d594ea6e37d4666e4de85d13a90532ee5bb02e3b650acb9cffc5129/detection

41.216.178.180:6666

# Reference: https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/
# Reference: https://www.virustotal.com/gui/file/7950f0401d3b740f0a03216ecc01cf46a1c92ec0bdae9ab02abb7f1388e7e181/detection
# Reference: https://www.virustotal.com/gui/file/b81363c91b8085e4d4b43fa21821687e557f3a602d35d36b8c156cec23a7212f/detection
# Reference: https://www.virustotal.com/gui/file/8413eeee489f2a1e7f29e2f11769cbd2f1460c5866c5433b7c2e8b361d7d76a0/detection
# Reference: https://www.virustotal.com/gui/file/94c0fae038b4224f6b51f85efe46d6f42fda03543b14774dc1f36a21cb080ab0/detection

http://155.94.154.170
154.82.110.5:1234
154.204.58.11:1314
155.94.178.138:1314
155.94.178.138:25004
300gsyn.it
7cfa.win

# Reference: https://threatfox.abuse.ch/ioc/275380/

154.82.110.5:25009

# Reference: https://www.virustotal.com/gui/file/1356f128ed0c2db167784d148518c59771304b067969703fa23bc223e6b04d6c/detection

shenhaozhe.com

# Reference: https://elfdigest.com/brief/3a987e4972535a9e992253dce168e0499d8b6dfc6e4e19cc8be6153397668967

vnc8.com

# Reference: https://www.virustotal.com/gui/file/958767cb0a166af573d1ecfea5085d682aac96d65ed2bac2e9d470d9e725f8b3/detection

45.195.69.113:9888
a9474796.top

# Reference: https://www.virustotal.com/gui/file/55068fdd7ce83867fa7ff23dc2d16241fbd3832016374fc255e416eb6541e958/detection

156.96.155.233:145

# Reference: https://twitter.com/banthisguy9349/status/1780546149918589090
# Reference: https://www.virustotal.com/gui/ip-address/198.98.56.144/relations
# Reference: https://www.virustotal.com/gui/file/d8d522f2f72de16a235c17b6d32bad930d2a21a8c2664a76880c9b4b53ec1b58/detection
# Reference: https://www.virustotal.com/gui/file/cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4/detection
# Reference: https://www.virustotal.com/gui/file/b43f51ff2d22190de7506715402aa89521a55d2a24f15044103dfe6fb2cb860c/detection
# Reference: https://www.virustotal.com/gui/file/74657f37833f2575615c578fd5a2493a324a74502086da04038620c5fc2006de/detection
# Reference: https://www.virustotal.com/gui/file/036a2f04ab56b5e7098c7d866eb21307011b812f126793159be1c853a6a54796/detection
# Reference: https://www.virustotal.com/gui/file/3182d6f81e0230ddc26cccaf6bfe52286fa06e2e3481c68ab8f9f97853ea812e/detection

http://198.98.56.144
103.144.245.249:520
154.12.83.150:6001
198.98.56.144:10105
198.98.56.144:13142
198.98.56.144:25000
198.98.56.144:6001
02maill.com
xsvi.cc
cve.02maill.com
ddos.xsvi.cc
syn.02maill.com
syn.xsvi.cc
xiaokkk.02maill.com

# Reference: https://twitter.com/banthisguy9349/status/1785929217038815723
# Reference: https://urlhaus.abuse.ch/host/209.141.36.242/
# Reference: https://www.virustotal.com/gui/file/8c3af7feeaf76b8d3af15b19856ea5b73a336572bb6d08d891403d75d29a9eb7/detection

http://209.141.36.242
154.91.82.185:6001
209.141.36.242:25000

# Reference: https://www.virustotal.com/gui/file/8f935a0559e1508daeacc7cd2a19d39b19b7f42281176e691c4f2907d68bedc0/detection

3.10.0.190:6
3.128.69.167:6
44.224.41.160:6

# Reference: https://www.virustotal.com/gui/file/69914230f957e57afaf9c70b57093d5d3abd81d843b2174fce1e6f339076be71/detection

85.209.133.45:16888
91.92.244.204:6001
lbz888.xyz
baid.lbz888.xyz
gl.jum2.com

# Reference: https://x.com/banthisguy9349/status/1791094906296889700
# Reference: https://www.virustotal.com/gui/file/31eb0f29b44c737d9966e16c04df52a8150d7e94a11c5b91d9682a142de00fb3/detection

http://91.92.244.204
91.92.245.44:38241
flowrate.cfd
flowrate.cyou
u.flowrate.cyou

# Reference: https://www.virustotal.com/gui/file/feb71cc1c2bdb01209571d4fa1cd0a01f3b2a4381568ef26462013d5e268b931/detection

94.156.8.53:7582
s.flowrate.cyou

# Reference: https://www.virustotal.com/gui/file/f3aee4355b70317b188e029f2f86b0fc00d9f39515f775a79f153a6aca122e41/detection

103.235.46.40:6001
94.156.8.53:6688

# Reference: https://www.virustotal.com/gui/file/222360d776616a4eca17e00e0c087655d3abfe249070c67c2894d5e236f895be/detection

94.156.8.53:8728

# Generic trails

/ddos2.4
/ddos32-64
/syn25000
/udp25000
