# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1040718336173137920

host2.azaronline.com

# Reference: https://twitter.com/avman1995/status/1039929322612641792

mail.efx.net.nz

# Reference: https://twitter.com/James_inthe_box/status/1039878859007569920
# Reference: https://www.virustotal.com/#/ip-address/37.59.117.243

http://37.59.117.243

# Reference: https://twitter.com/avman1995/status/1040493935234371584

ftp://ftp.fasttradeco.com

# Reference: https://twitter.com/MalwareHunterBR/status/1016486687059402752

herosoup.org

# Reference: https://twitter.com/ViriBack/status/983011333506588672
# Reference: https://pastebin.com/nwWHHFe0

bobby.ziraat-helpdesk.com/login.php
chibu.ziraat-helpdesk.com/login.php
chisom.ziraat-helpdesk.com/login.php
dashi-dashi.ziraat-helpdesk.com/login.php
eizzy.haoldd.com/login.php
elb.haoldd.com/login.php
emy.agrillcs.com/login.php
ezeoma.agrillcs.com/login.php
figure.agrillcs.com/login.php
files.ziraat-helpdesk.com/login.php
free.agrillcs.com/login.php
jboy.agrillcs.com/login.php
jizzy.ziraat-helpdesk.com/login.php
joe.ziraat-helpdesk.com/login.php
haoldd.com/okilo/login.php
ike.agrillcs.com/login.php
isa.haoldd.com/login.php
kc.ziraat-helpdesk.com/login.php
kelvin.agrillcs.com/login.php
marchforward.usa.cc/WebPanel/login.php
marchforward.usa.cc/youngnascent/WebPanel/login.php
mi.haoldd.com/login.php
okey.haoldd.com/login.php
small-kelly.agrillcs.com/login.php
tonishl.ga/alifriend/WebPanel/login.php
tonishl.ga/jide/WebPanel/login.php
tonishl.ga/shanker/WebPanel/login.php
tonishl.ml/kc/WebPanel/login.php
tonishl.ml/nonso/WebPanel/login.php
tonishl.ml/sammy/WebPanel/login.php
yg.haoldd.com/login.php

# Reference: https://twitter.com/James_inthe_box/status/1046070749138735110

shahrproject.ir/wp--admin/

# Reference: https://twitter.com/James_inthe_box/status/1044198938847244289

moranhq.duckdns.org

# Reference: https://twitter.com/Jan0fficial/status/1047023512383311873

venividivici.host

# Reference: https://twitter.com/Jan0fficial/status/1047051546851254272

etvidanueva.com/photos/images/WebPanel/login.php
etvidanueva.com/photos/images/fulls/WebPanel/login.php

# Reference: https://twitter.com/Jan0fficial/status/1047053960689987584

allpeople.cc/WebPanel/

# Reference: https://twitter.com/James_inthe_box/status/1047495498867728384

hp-compoundlng.com/zuniga/zuniga.php

# Reference: https://twitter.com/avman1995/status/1046620646137102336

repoyochar2u.ddns.net
repoyochar2u.hopto.org

# Generic callback path

/zuniga.php

# Reference: https://twitter.com/Racco42/status/1055370151984537602

ftp.dolphins-gb.com

# Reference: https://twitter.com/casual_malware/status/1107441450415992832

rat8882018.bounceme.net

# Reference: https://twitter.com/ItsReallyNick/status/925754844706689024

regiusersme63.com
twendekazi.co.ke

# Reference: https://twitter.com/JAMESWT_MHT/status/1111231704847581185

server15.thcservers.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1117787548787597313
# Reference: https://app.any.run/tasks/a7f299b3-0b84-4403-a75f-7fb45700e14e

severeweatheralerts02.severeweatheralerts.net

# Reference: https://otx.alienvault.com/pulse/5cb636d8706621055e694e0a
# Reference: https://twitter.com/_cpresearch_/status/1118201474809462784

checkoutspace.com

# Reference: https://twitter.com/dvk01uk/status/1137669359273435138
# Reference: https://app.any.run/tasks/318a9aa9-8c2e-4d21-9a4c-aa023de19d74/

mail.trezaexim.com

# Reference: https://twitter.com/Lvanoel/status/1140500849904537600
# Reference: https://app.any.run/tasks/b4361590-d24e-4a4d-a273-5776ee377b08/

mail.jyotistrips.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1142020465063538689
# Reference: https://app.any.run/tasks/1f643b34-6d92-4bb6-88e1-2aa21e524d20/

mail.crypy.top

# Reference: https://twitter.com/killamjr/status/1143288308300013568

vr9519.club

# Reference: https://twitter.com/B1naryG/status/1143818690040860673
# Reference: https://app.any.run/tasks/3b4e7470-3144-47e3-8caf-ad069c4a5419/

algadeed-com.ga
mail.sweeddehacklord.us

# Reference: https://github.com/pan-unit42/iocs/edit/master/agenttesla/agenttesla_panels.txt

123.makologg.website
13020.vhost.myvirtualserver.de
13140.vhost.myvirtualserver.de
a-work.info
addmehosts.com
admin.downloadtip.club
agenttesla.com
agentteslapanel.site
airnicoltd.biz
appleconnect.online
blasternoon.ru
blockchian.us
bossbadoo123.000webhostapp.com
brunam90.me
cellularwizard.biz
china-smi.biz
classicfllters.com
cloud9files.net
coleweinman1.000webhostapp.com
combinaparts.com
comebackto.info
compassiwater.com
cp.gonerallying.com
csgoshuffle.trade
cyberfreakz.cf
daalkha.com
darkmat3r-v3nom.lawcost.com
davcandle.life
defaomfg.com
diplomaticcourier.net
dongabito.com
douglascellings.com
dovemessengers.com
dropped.cf
e-paymentonline.online
egoigwe.date
elihanss.ru
emailaccountsupdate.com
emybeks.diplomaticsecurityservicelondon.com
essentialsupdate.com
exam2quiz.com.ng
eyeover.it
fash2v.com
fbillion.essentialtechsolutions.com
frank.diplomaticsecurityservicelondon.com
franklinpanel.xyz
frankpanel.xyz
friendfinances.com
fundz1st.fav.al
futurarice.com
graficafolha.com.br
halifacxz.com
helofitsol.com
hiflowwing.com
hopewordnlos.info
hoplikes.com
hp.gonerallying.com
hugoslyltd.com
hummerenergyinc.com
hustle.paneltesla.net
ibouz.co.business
icoud.online
iiltd.xyz
januoey.com
jerelpacks.com
jpoffice2017.xyz
karmakintra.com
kf3nqetgl3p3qlvnl4ze.ru
kidertalerz.com
killatenderz.com
kolapharma.com
koloongroupinc.ru
lakhakaidea.com
libazo.com
magosnegt.net
maxibrainz.net
mctagents.ml
mgelectroncs.com
miloill.com
mitch.sudimex.ml
mnbvcxzus.com
mogosan.com
mqbearing.club
mrabengo.com
nckportugal.com
nellsonn.com
newseuro2015.org
nexuscoltd.com
notifuls.com
onlinesypoi.com
optifinecapes.us
panel.profitstakers.com
panelci.xyz
panelone.xyz
panelp.xyz
paneltesla.net
pansha.regworldmail.com
pegeng-ch.com
petush32.beget.tech
picasuminion.com
plasdic.com
pron.wonkarima.ru
robphish.xyz
rootjoy20.net
roperspump.com
saintahotel.com
secpolicy.info
senator1st.fav.al
sender.agenttesla.com
shalla.eyeofbangladesh.com
shingrela.com
signaturehealthcarltd.com
smartmanber.com
someshitejob.ru
sosignshome.com
steamstatus.pw
stlmre.xyz
suabepga.net
suchsuggestions.com
sweed-office.comie.ru
syncav.ms-sync.com
t1st.fav.al
t2st.fav.al
t3st.fav.al
t4st.fav.al
t5st.fav.al
tecomou1d.com
tesla.dailyawamitime.com
tesla.lawcost.com
teslalogs.club
toke.paneltesla.net
tokimecltd.ru
tomfill.xyz
trade-accounts.com
transfoffer.com
transstates.us
u-nyx.ru
ugo.diplomaticsecurityservicelondon.com
upgr-serv.com
vacanzaimmobiliare.it
vimeostream.com
viprecycleresourcesltd.com
vivaasindustry.com
weviio.com
wlttraco.com
womensmuseumca.org
wonkarima.ru
xbool.ru
xboolean.com
xz2dtd11bm97h36.host
yeubiope.com
you.paneltesla.net
yyyxyyxxyxxx.xyz
zjxhqd.com

# Reference: https://twitter.com/killamjr/status/1145131854984556545

spellsove.duckdns.org
