# Copyright (c) 2014-2022 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: reflectiveloader

# Reference: https://twitter.com/James_inthe_box/status/1524424944196542464
# Reference: https://app.any.run/tasks/078648ad-a1b6-4ba7-8e4c-32821fb88c39/
# Reference: https://www.virustotal.com/gui/file/b1cff62e22a6d067fa505cce0b41c7ca5735691c4e5bfbb20525c247fba529d7/detection
# Reference: https://www.virustotal.com/gui/file/eb51b0bb0990652c9459a9c3b356748a2f340f3e016b5670b9b4cb0b354df1e3/detection
# Reference: https://www.virustotal.com/gui/file/e7f2c2ec0c5d656e2521c8121aaa63cbd9940bfec07af15b62ff5efabb3193b0/detection
# Reference: https://www.virustotal.com/gui/file/534186cc340b2fc9ca120b8a0575643e84b36a4af898f5c47ceb1e477bf205a7/detection

195.22.149.164:33248
195.22.149.187:33248
45.10.41.20:33248
kikipi.art

# Reference: https://twitter.com/ankit_anubhav/status/1529664691357659136
# Reference: https://www.virustotal.com/gui/file/235720bec0797367013cbdc1fe9bbdde1c5d325235920a1a3e9499485fb72dba/detection
# Reference: https://www.virustotal.com/gui/file/e697f4ace3369fa8b7acfbba68cd8543d401ee09595ad977221b14dc8b50b00e/detection

galmerts.art

# Reference: https://twitter.com/fr0s7_/status/1534865025160060929
# Reference: https://www.virustotal.com/gui/ip-address/5.188.90.154/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.142.79.204/relations
# Reference: https://www.virustotal.com/gui/file/268741ec1735e10573dee9e1d0488faeaee1f2c6f30b0be02b5695ce0684b1a7/detection
# Reference: https://www.virustotal.com/gui/file/a5b73c1e01eb529fefb973bc58ca137bbaa6448facfa5280b0efa73e8eef3404/detection
# Reference: https://www.virustotal.com/gui/file/16851d915aaddf29fa2069b79d50fe3a81ecaafd28cde5b77cb531fe5a4e6742/detection

kokoroklo.su
marinesss.su
natirmurtos.art

# Reference: https://twitter.com/reecdeep/status/1537716420385071104
# Reference: https://www.virustotal.com/gui/ip-address/45.10.244.37/relations
# Reference: https://app.any.run/tasks/c2f1d8ff-333f-4f22-9654-e82d80bf0e6e/

marmorono.guru

# Reference: https://twitter.com/k3dg3/status/1541460971843190786

protonosko.host

# Reference: https://twitter.com/JAMESWT_MHT/status/1548944921335316482
# Reference: https://twitter.com/guelfoweb/status/1548952267449040902
# Reference: https://www.virustotal.com/gui/ip-address/176.124.204.144/relations
# Reference: https://bazaar.abuse.ch/sample/2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4/

biofarma.buzz
biotech.cyou
biotech.ink
biznessoil.click
biznessoil.quest
/xl/ruiohmc/uhgvrkr
/xl/ruiohmc/
/ruiohmc/
/ruiohmc/uhgvrkr
/uhgvrkr

# Reference: https://twitter.com/pr0xylife/status/1549816621362995200

luluairtransfer.one
/xl/ruiohmc/truheru
/ruiohmc/truheru
/truheru

# Reference: https://twitter.com/rcwht_/status/1554247597841387520
# Reference: https://www.virustotal.com/gui/ip-address/45.91.8.204/relations

biznestransport.beauty
biznestransport.quest
origonbizz.cyou
sportech.click

# Generic

/xd/metrics.php?zs=
/xl/gate
/xl/gate/check
/xl/gate/task
/DE8dTPMvW1_oSwAuyl6sWTbkxj7zUB0TbQ~~/XXIuljLT2yw6c132eukG9J3jqz470HZ8jw~~/
/fztm7OGa6nPSCgdqaqph3jwNuSCn1EBYcg~~/dQdfLIPpGtBrHUl7d7kIm6TtdRll7mh-Ag~~/
/Ph7xdjyfvOgoA4iubKp3S55GUxhsfT1KtQ~~/dlRd4B1H3hMnfwY3n_5y6lGw3D4_xy9uig~~/
/DE8dTPMvW1_oSwAuyl6sWTbkxj7zUB0TbQ~~/
/dlRd4B1H3hMnfwY3n_5y6lGw3D4_xy9uig~~/
/fztm7OGa6nPSCgdqaqph3jwNuSCn1EBYcg~~/
/Ph7xdjyfvOgoA4iubKp3S55GUxhsfT1KtQ~~/
/XXIuljLT2yw6c132eukG9J3jqz470HZ8jw~~/
/DE8dTPMvW1_oSwAuyl6sWTbkxj7zUB0TbQ
/dlRd4B1H3hMnfwY3n_5y6lGw3D4_xy9uig
/fztm7OGa6nPSCgdqaqph3jwNuSCn1EBYcg
/Ph7xdjyfvOgoA4iubKp3S55GUxhsfT1KtQ
/XXIuljLT2yw6c132eukG9J3jqz470HZ8jw
