# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/crep1x/status/1760068698088296718
# Reference: https://tria.ge/240220-ng26jaga36/behavioral2
# Reference: https://tria.ge/240220-1awrdsfb3v/behavioral2

http://20.127.165.86
stealit.onrender.com

# Reference: https://twitter.com/r3dbU7z/status/1771456213366005937
# Reference: https://twitter.com/r3dbU7z/status/1771456221549138137
# Reference: https://www.joesandbox.com/analysis/1411948/0/html
# Reference: https://www.virustotal.com/gui/file/8b63338eda21fab3d8f6962332c8ffe617bcb21287f623ababc9992e24be64eb/detection
# Reference: https://www.virustotal.com/gui/file/d7eabd0402fa1c6cd5de13a50d96978be63ffee9d8a0094b0d382fe860ed5923/detection
# Reference: https://www.virustotal.com/gui/file/ddad1649d171367b307aa77f14b10826d6a5ae1d1dc1656ef1a7ddbe6ca43af3/detection

canonato.tech
erareborn.shop
nonlyreklamcilik.online
stealit.online
nonly.nonlyreklamcilik.online

# Reference: https://x.com/SomeTestLeper/status/1817295211720261706
# Reference: https://x.com/JAMESWT_MHT/status/1817555134387269960
# Reference: https://app.any.run/tasks/356e47d4-5c5b-4076-a571-71c3efaeb6d8/
# Reference: https://www.virustotal.com/gui/file/45b9784d3d22c0e2b414c36124a909ca605a187a9709eb410cd312d388b12a4e/detection

20.199.16.17:443

# Reference: https://threatfox.abuse.ch/browse/tag/stealit/ (# 2024-08-25)

http://4.233.209.62
20.199.87.174:443
4.233.209.62:443
4.233.218.3:443
40.66.40.211:443
98.66.170.171:443
api.hellokittymeowmeow.xyz
api.ilovecats.life
deadlywarfare.com
hellokittymeowmeow.xyz
ilovecats.life
ip235.ip-192-95-20.net
kittycatmeow.xyz
lxny.xyz
ransomware.kittycatmeow.xyz
xrczy.xyz

# Reference: https://x.com/NDA0E/status/1827715428044714450

http://192.95.20.235
192.95.20.235:3000
192.95.20.235:443
192.95.20.235:8080

# Generic

/api/send/passwords
