# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/ViriBack/status/1258898032336293888
# Reference: https://app.any.run/tasks/13a26710-a4b4-4ac6-8a32-e7f21792bfc3/

radiomeff.mk/panel/unlock.php

# Reference: https://twitter.com/James_inthe_box/status/1260168976321015808

duluran.com/site/images/screen/

# Reference: https://twitter.com/Nocturnus/status/1268181441504071680

http://185.234.217.224

# Reference: https://twitter.com/reecdeep/status/1269894295596797953
# Reference: https://app.any.run/tasks/b341055e-52b5-4340-abcf-e6e6f0f196d6/

bestemys.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1270043287181762561

dextrotrading.com

# Reference: https://twitter.com/James_inthe_box/status/1270354029319581697

ltrzgogrzsit.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1270980660732329985
# Reference: https://app.any.run/tasks/4ee91fbc-a285-4f15-b386-c2f23b2141b8/

triptihon.gr/panel/upload.php

# Reference: https://twitter.com/reecdeep/status/1273935123910713346
# Reference: https://twitter.com/JAMESWT_MHT/status/1273950325960032256
# Reference: https://app.any.run/tasks/700a47f0-9a83-4a67-9e4c-3ff506841319/

91.196.124.59:21
91.196.124.59:61181
geohydroconsult.com

# Reference: https://twitter.com/reecdeep/status/1275030034265374726
# Reference: https://www.virustotal.com/gui/file/dba663c050e16ffaff9a51cab91ae670b3589727a140dbc0f3daa5971c915971/detection

klisa.com.tr/south.vbs
opticaoptigral.cl/voice.jpg

# Reference: https://app.any.run/tasks/5fc1e550-5a42-4a9b-9641-06cb81998fb7/

emybests.com

# Reference: https://www.virustotal.com/gui/file/0a24c768a70455ca66d7d5bb0659bba492a48d472dedf668f89d8c4eab021fa1/detection

teamsheep.cc

# Reference: https://urlhaus.abuse.ch/url/412466/
# Reference: https://app.any.run/tasks/fb7f6f46-4a4c-4bf2-89c0-09bac41481b4/

sadiqgill.com

# Reference: https://twitter.com/ViriBack/status/1290010733699162113
# Reference: https://app.any.run/tasks/df5a7b21-a361-4764-b3ce-dfa6d46e7abd/

visionmoneymantra.com/os/panel/

# Reference: https://twitter.com/reecdeep/status/1290241659335323648
# Reference: https://app.any.run/tasks/087ab601-8a4e-4618-a089-b2b0eecccc15/

67.215.233.8:21
67.215.233.8:58633
ftp.becommodal.com

# Reference: https://www.virustotal.com/gui/file/abee98b273f8b2c4530af48e1022c15af3932f99ad4fd011b7c5e529c5ae6434/detection
# Reference: https://www.virustotal.com/gui/file/7b3c1c1eb45a92f26141793b60671f5165caa7f1b10e24945574e0f185f2fde0/detection
# Reference: https://twitter.com/anyrun_app/status/1295684768911302658
# Reference: https://app.any.run/tasks/774c4490-101b-4463-a31f-10f483ade258/
# Reference: https://app.any.run/tasks/20b00081-79f4-48c0-94c1-d9e82ccc1310/
# Reference: https://app.any.run/tasks/3f9050f3-2e2b-4eca-9732-07e185738595/

94.127.7.174:21
94.127.7.174:30720
94.127.7.174:32074
94.127.7.174:33173
94.127.7.174:34902
94.127.7.174:38813
94.127.7.174:45931
94.127.7.174:46840
milebgd.mycpanel.rs
paninoteka.si

# Reference: https://twitter.com/luc4m/status/1291415487545372673

omantel.ml

# Reference: https://twitter.com/ganeshnathan28/status/1297545739350966272
# Reference: https://www.virustotal.com/gui/file/a14e02811526f05fa3cb63d56b1b804a86812b9482216ef0133c618ad068e8e6/detection

etatronds.xyz
tiko.etatronds.xyz

# Reference: https://twitter.com/ganeshnathan28/status/1297794454665953280
# Reference: https://www.virustotal.com/gui/domain/industrialspares.to/relations

industrialspares.to

# Reference: https://twitter.com/VirITeXplorer/status/1303608075434233856

ayudasaudiovisuales.co

# Reference: https://twitter.com/JAMESWT_MHT/status/1303617803317129221

94.126.169.122:21

# Reference: https://twitter.com/reecdeep/status/1302909382452228096
# Reference: https://app.any.run/tasks/3cade84b-59eb-43af-9119-9ec5768e9ee2/

nankasa.com.ar
solarproject.gr/A11.jpg

# Reference: https://twitter.com/James_inthe_box/status/1305509852362338304
# Reference: https://app.any.run/tasks/010a8af5-97bd-4e27-961d-8d202a9d6f29/
# Reference: https://www.virustotal.com/gui/file/0d9409ad57ae998654661993b12a6434067419873eabc6ead3920ba0426290a8/detection

ecigroup-tw.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1306472806947975168

servicesdesk.to

# Reference: https://twitter.com/reecdeep/status/1311202749514756096

suite.kpechios.gr

# Reference: https://twitter.com/JAMESWT_MHT/status/1311655217004457994

akinitaviotias.gr
kbolias.gr
kpechios.gr

# Reference: https://twitter.com/reecdeep/status/1313029358903349248

studiosound.gr/F9.jpg

# Reference: https://twitter.com/reecdeep/status/1313402231333572614
# Reference: https://app.any.run/tasks/b0be7542-f762-47a4-86d5-6e1767bb47c3/

modestinos2.com

# Reference: https://twitter.com/reecdeep/status/1314150484257763328

jetfleet24.com/T5.jpg

# Reference: https://twitter.com/reecdeep/status/1317021485848985600

hotelaretes.gr/V8.jpg

# Reference: https://twitter.com/reecdeep/status/1318436698116816917

optovision.gr/4B.jpg

# Reference: https://twitter.com/smica83/status/1323198014803054592
# Reference: https://app.any.run/tasks/039e7818-61ab-4638-8274-59f1f82ddbdc/

zoofashion.gr/J9.jpg

# Reference: https://twitter.com/wwp96/status/1327453053788811265
# Reference: https://app.any.run/tasks/3e8c0034-f5a9-4df3-9a34-91881449f458/

pluscert.ro/7P.jpg

# Reference: https://twitter.com/58_158_177_102/status/1328142336971272192
# Reference: https://app.any.run/tasks/05ca1254-66d3-42b5-a1f1-9ee9fa2da249/

sunlightgrace.eu/tsc/

# Reference: https://twitter.com/wwp96/status/1328332718971695104
# Reference: https://app.any.run/tasks/c8eb16a2-d690-46d4-8775-a8a457e02891/

risu.fi/D9.jpg
144.91.112.76:21
144.91.112.76:60154

# Reference: https://twitter.com/wwp96/status/1328341391613759488
# Reference: https://app.any.run/tasks/7f043ee2-f1f8-4ce1-8a0d-ca6690caf492/

bouinteriorismo.com/R9.jpg

# Reference: https://twitter.com/wwp96/status/1331414353028014085
# Reference: https://app.any.run/tasks/2b95739f-9c1d-4792-b5e9-5fded54fa220/

blairllpuk.com/D1.jpg
162.221.185.10:21
162.221.185.10:43222

# Reference: https://twitter.com/wwp96/status/1336175823389421569

92.53.90.70:21
92.53.90.70:10399

# Reference: https://www.virustotal.com/gui/file/adb942876dd53f99ff21a0af91a0275eb7257901b56a115ce414d59eaabc703e/detection

lmf-at.com

# Reference: https://www.virustotal.com/gui/file/a569e5793e69419f3aaca83468fd9982fadf264833c32502b54fd4e0e15c6058/detection
# Reference: https://www.virustotal.com/gui/file/b095032316de2f43af0557c35dd58ab254928f24a3b8e7cf4cf5c4dbac73ac56/detection

server295.web-hosting.com

# Reference: https://twitter.com/reecdeep/status/1348586685748170758
# Reference: https://app.any.run/tasks/7c515735-a525-4a28-8310-0a92b38b66f4/
# Reference: https://app.any.run/tasks/0e5cec43-36cb-4b8c-9f99-3eceb8773d4c/

144.91.112.76:52170
sinetcol.co/D7.jpg

# Reference: https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
# Reference: https://otx.alienvault.com/pulse/602d3c9c7078054d4492c9a2/

becasmedikal.com.tr/A5.jpg
bouinteriorismo.com/R9.jpg
hotelaretes.gr/V8.jpg
jetfleet24.com/T5.jpg
optovision.gr/4B.jpg
risu.fi/D9.jpg
sinetcol.co/A7.jpg
sinetcol.co/D7.jpg
topometria.com.cy/A12.jpg
med-star.gr/panel/

# Reference: https://otx.alienvault.com/pulse/6035392eab4d19d868aff18b/

bradbo.life

# Reference: https://twitter.com/JAMESWT_MHT/status/1367717868582957056

radiomeff.mk/panel/upload.php

# Reference: https://www.virustotal.com/gui/file/3f14bb5f4408a63c818a760bba60b073b8c7446c9fda728ce8feaae46b55086b/detection

188.121.43.27:21
188.121.43.27:50134

# Reference: https://www.virustotal.com/gui/file/c21678f25f1b95169fb60b0c0676684e7bc5f75c9ffbf7b2c1dc36b17add37c6/detection

a0706689.xsph.ru

# Reference: https://twitter.com/reecdeep/status/1583109746688929792

/masslogg.deploy

# Reference: https://www.virustotal.com/gui/file/040d22df3b3d64e28aad02f5b6ae5d84b355192d5bdf26a0cd0b448058f5d1ee/behavior

harolds.ooguy.com

# Reference: https://twitter.com/James_inthe_box/status/1686105825012768769
# Reference: https://app.any.run/tasks/53ea78b6-375f-4a31-b117-1d2dffb44c92/

203.170.129.7:21
206.188.192.213:11650
206.188.192.213:21
51.68.11.192:17925
51.68.11.192:21
85.187.128.28:21
ftp.cluster003.ovh.net

# Reference: https://www.virustotal.com/gui/file/07e7fb32c7f00921f3b80fcfc7d8d8ec70b7fbe9a4ed061ad43f69254b5cac1e/detection

185.106.92.64:4679
195.85.115.195:21
195.85.115.195:55137

# Reference: https://www.virustotal.com/gui/file/7f7e7ecc5777ca78874fa63b322b4f13558a702b110e8b52d564b8839dee96c6/detection

149.248.76.158:21
149.248.76.158:49442
149.248.76.158:50678
149.248.76.158:53430
149.248.76.158:55441
149.248.76.158:55948
149.248.76.158:57135
149.248.76.158:58920
149.248.76.158:60874
149.248.76.158:63475

# Reference: https://app.any.run/tasks/9a5f77ef-dbbe-439b-a0e2-82bf2ddc5677/

185.31.121.136:21
185.31.121.136:56578

# Reference: https://www.virustotal.com/gui/file/be307a525707fca7481ddc34bc53ced48d072d4f033b6b33a4e80a050364053e/detection

141.136.34.78:21
183.81.164.154:21
202.172.25.11:21
46.246.4.5:3128
47.106.186.21:39746
47.115.6.72:3128

# Reference: https://x.com/smica83/status/1930595660056739933
# Reference: https://tria.ge/250605-ny6v2sbq2t/behavioral1

miniorangeman.com
mail.miniorangeman.com

# Reference: https://www.virustotal.com/gui/file/14687345d089a2694207f7d8bda6b5d6da585d7ead8d2bdb65493e1ee5228298/detection

94.154.172.199:587
maknpcg.asia

# Generic

/mass/?/upload
/panel/?/login
