# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: redcurl

# Reference: https://twitter.com/k3yp0d/status/1710230683870785767
# Reference: https://bi-zone.medium.com/hunting-the-hunter-bi-zone-traces-the-footsteps-of-red-wolf-3677783e164d
# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-09-07-v10412/926
# Reference: https://www.virustotal.com/gui/ip-address/23.254.224.79/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.61.138.81/relations
# Reference: https://www.virustotal.com/gui/file/e7b881cd106aefa6100d0e5f361e46e557e8f2372bd36cefe863607d19471a04/detection
# Reference: https://www.virustotal.com/gui/file/3bd054a5095806cd7e8392b749efa283735616ae8a0e707cdcc25654059bfe6b/detection
# Reference: https://www.virustotal.com/gui/file/4188c953d784049dbd5be209e655d6d73f37435d9def71fd1edb4ed74a2f9e17/detection
# Reference: https://www.virustotal.com/gui/file/1ea43ba4192fd793de5aa18d20b60f0821dfe201f531ea4d1739b96a35526e36/detection
# Reference: https://www.virustotal.com/gui/file/8d9aaa5cf9c7b442917a8f8542d020b221e9de595d78ef88b82ee696880491ef/detection

amscloudhost.com
forcloudnetworks.online
msftcloud.click
servicehost.click
app-ins-001.amscloudhost.com
app-ins-002.amscloudhost.com
app-l01.msftcloud.click
app-l03.msftcloud.click
app-l03.servicehost.click
app-l07.servicehost.click
clever.forcloudnetworks.online
cloud-01.servicehost.click
ctrl1.sm.advhost.co.uk
dav.cloud-01.servicehost.click
dav.linkedin-cloud-manager.servicehost.click
hfn-c-001.cc.msftcloud.click
hwsrv-1048332.hostwindsdns.com
ksg-c-001.cc.msftcloud.click
ksg-c-002.cc.msftcloud.click
ktr-cn-001.amscloudhost.com
ktr-cn-002.amscloudhost.com
l-dn-01.msftcloud.click
l-dn-02.msftcloud.click
l3-dn-01.servicehost.click
l4-dn-01.servicehost.click
l7-dn-01.servicehost.click
linkedin-cloud-manager.servicehost.click
m-dn-001.amscloudhost.com
m-dn-002.amscloudhost.com
mtk-cn-001.amscloudhost.com
mtk-cn-002.amscloudhost.com
rl-cn-s-001.amscloudhost.com
ss-cn-001.amscloudhost.com
ss-cn-002.amscloudhost.com
test.amscloudhost.com
trur-c-001.cc.msftcloud.click

# Reference: https://community.emergingthreats.net/t/ruleset-update-summary-2023-09-08-v10413/928

buyhighroad.scienceontheweb.net
eap.byethost10.com
earthmart.c1.biz
tdnmouse.atspace.eu

# Reference: https://twitter.com/k3yp0d/status/1708495262673465713
# Reference: https://www.virustotal.com/gui/file/61ca00df551f138d3f8602c19936c4a70b1da581183b8d1264fbd2bc416361cf/detection

app-l07.servicehost.click

# Reference: https://www.facct.ru/blog/redcurl-2024/

fiona.forcloudnetworks.online

# Generic

/ldn20_seek
/ldn21_amazon
/ldn22_samsung
/ldn23_samsung
/ldn25_cv_au
