# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/
# Reference: https://otx.alienvault.com/pulse/5dd3cdf234fc603cc25eba8a

http://18.219.25.133
http://3.19.223.147
http://51.75.95.179
promoscupom.cf

# Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/mispadu-banking-trojan-resurfaces
# Reference: https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/
# Reference: https://twitter.com/sirpedrotavares/status/1305076741107519488/
# Reference: https://otx.alienvault.com/pulse/5f6b9eba7dbd6eb5c9a5bfa9

01fckgwxqweod01.ddns.net
01odinxqwefck01.ddns.net
02fckgwxqweod02.ddnsking.com
02odinxqwefck02.ddnsking.com
03fckgwxqweod03.3utilities.com
03odinxqwefck03.3utilities.com
04fckgwxqweod04.bounceme.net
04odinxqwefck04.bounceme.net
05fckgwxqweod05.freedynamicdns.net
05odinxqwefck05.freedynamicdns.net
06fckgwxqweod06.freedynamicdns.org
06odinxqwefck06.freedynamicdns.org
07fckgwxqweod07.gotdns.ch
07odinxqwefck07.gotdns.ch
08fckgwxqweod08.hopto.org
08odinxqwefck08.hopto.org
09fckgwxqweod09.myddns.me
09odinxqwefck09.myddns.me
10fckgwxqweod10.myftp.biz
10odinxqwefck10.myftp.biz
11fckgwxqweod11.myftp.org
11odinxqwefck11.myftp.org
12fckgwxqweod12.ddns.net
12odinxqwefck12.ddns.net
13fckgwxqweod13.ddnsking.com
13odinxqwefck13.ddnsking.com
14fckgwxqweod14.3utilities.com
14odinxqwefck14.3utilities.com
15fckgwxqweod15.bounceme.net
15odinxqwefck15.bounceme.net
16fckgwxqweod16.freedynamicdns.net
16odinxqwefck16.freedynamicdns.net
17fckgwxqweod17.freedynamicdns.org
17odinxqwefck17.freedynamicdns.org
18fckgwxqweod18.gotdns.ch
18odinxqwefck18.gotdns.ch
19fckgwxqweod19.hopto.org
19odinxqwefck19.hopto.org
20fckgwxqweod20.myddns.me
20odinxqwefck20.myddns.me
21fckgwxqweod21.myftp.biz
21odinxqwefck21.myftp.biz
22fckgwxqweod22.myftp.org
22odinxqwefck22.myftp.org
23fckgwxqweod23.ddns.net
23odinxqwefck23.ddns.net
24fckgwxqweod24.ddnsking.com
24odinxqwefck24.ddnsking.com
25fckgwxqweod25.3utilities.com
25odinxqwefck25.3utilities.com
26fckgwxqweod26.bounceme.net
26odinxqwefck26.bounceme.net
27fckgwxqweod27.freedynamicdns.net
27odinxqwefck27.freedynamicdns.net
28fckgwxqweod28.freedynamicdns.org
28odinxqwefck28.freedynamicdns.org
29fckgwxqweod29.gotdns.ch
29odinxqwefck29.gotdns.ch
30fckgwxqweod30.hopto.org
30odinxqwefck30.hopto.org
31fckgwxqweod31.myddns.me
31odinxqwefck31.myddns.me

# Reference: https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/

http://24.199.98.128
24.199.98.128:445
moscovatech.com
plinqok.com
trilivok.com
xalticainvest.com

# Reference: https://gist.github.com/kirk-sayre-work/a4a8c83481bbf0197375e3fd21914fc1

102.57.205.92.host.secureserver.net
148.241.109.208.host.secureserver.net
179.150.167.72.host.secureserver.net
198.148.167.72.host.secureserver.net
43.244.109.208.host.secureserver.net
homesdfarts.shop
rekemchiwdnas.com
mtxp1.2waky.com
mut4.toh.info
trahomesd.homesdfarts.shop

# Reference: https://x.com/pollo290987/status/1831575245792182642
# Reference: https://www.virustotal.com/gui/file/9317af65c8b296e993c28b85c017fca713e143daa367797ec1749b82cbc89a72/detection

20.188.109.208.host.secureserver.net
94.33.167.72.host.secureserver.net
/pskf2a.php

# Reference: https://x.com/Dkavalanche/status/1838336655645614125

203.21.205.92.host.secureserver.net

# Reference: https://x.com/1ZRR4H/status/1843621676526792900

135.53.167.72.host.secureserver.net

# Reference: https://x.com/Merlax_/status/1882390321713316274

http://64.95.10.181
104.234.70.158:6996
15.235.41.28:7001
170.238.45.201:7885
172.86.84.227:6974
172.96.161.188:5559
172.96.161.248:5558
209.250.231.141:7513
217.182.105.61:8007
34.46.212.86:8001
35.246.228.83:5555
51.91.209.34:8001
54.36.116.0:8577
54.36.118.231:6499
57.129.58.72:7000
87.121.86.212:6555
azsxdcedws42rfs.servepics.com
azsxdcfvgbhn.serveirc.com
cas7hco.is-a-conservative.com
cub9clesaver.is-a-cubicle-slave.com
deignrich.is-a-designer.com
dscxfvsgstsdxs.viewdns.net
eanwealth.is-a-doctor.com
fiancialgold.is-a-financialadvisor.com
gafsrwewsfwrs.servegame.com
geemaster.is-a-geek.net
go9gold.is-a-chef.org
go9nknight.is-a-knight.org
gol69mining.is-a-chef.com
gol6xhunter.is-a-celticsfan.org
gol9enllama.is-a-llama.com
gold7rush.is-a-candidate.org
golhunterx.is-a-hunter.com
golx9routex.is-a-chef.net
grnincome.is-a-green.com
gsfdrewte8n.ddns.net
gur9fgold.is-a-guru.com
hardash.is-a-hard-worker.com
ikmjnhbgvfcs.servebeer.com
ikujyhtgrfed.myvnc.com
iwuwter43fsfd.servehalflife.com
jmhngbfvdcsxsx.servequake.com
jmnhgbyutfvdcesx.servepics.com
jsgdfdreteed.hopto.org
kajdhdfxfcdseew.ddnsking.com
kishhsfdrwew.bounceme.net
kmjnhbgvfdcxs.servecounterstrike.com
kmjnhuygbdds.servemp3.com
kmjshdgdteresw2.zapto.org
ksiuetrtr7363.freedynamicdns.net
ksjhdfewre4e.viewdns.net
ksjhdgteyrid.myftp.org
ksjshfdfretr63.redirectme.net
ksjsmndvcxdstd6.serveftp.com
ksksjhdgffxcsd4.ddns.net
ksmnvcfdgfteri.serveminecraft.net
lan9old.is-a-landscaper.com
lawy77rgold.is-a-lawyer.com
libetwealth.is-a-libertarian.com
libr7alrich.is-a-liberal.com
lin9uigold.is-a-linux-user.org
loauusgdtdss.3utilities.com
loikjnhbgvfdce.webhop.me
loikmjnhuytgbvfr.sytes.net
loisujsgdfcxvd.zapto.org
lokiujyhtgsx.servegame.com
loopijnu7677hs.servemp3.com
losiuwyetegsfs.gotdns.ch
lospieyterswsa.hopto.org
loueyerrsedwcs.myddns.me
lskhdfferessd.serveblog.net
lskjsgdferete.myvnc.com
lsksjhdgferes.servebeer.com
lsksjhdgfvxcdeu.serveirc.com
lsooskdjdmcnbgd.myftp.biz
lsosojdjdgbccxx.freedynamicdns.net
mjhngbfvdce.serveftp.com
mjhsfdretryuwe.myftp.biz
mjnhbgvfdcsx.serveblog.net
mjshgdfer3s.gotdns.ch
mnbvcfde34r.sytes.net
moe9ymagnet.is-a-democrat.com
mondro01up.servemp3.com
mondro02up.ddnsking.com
mondro03up.servemp3.com
mondro04up.ddnsking.com
mondro05up.servemp3.com
mondro06up.ddnsking.com
mondro07up.servemp3.com
mondro08up.ddnsking.com
mondro09up.servemp3.com
mondro10up.ddnsking.com
mondro11up.servemp3.com
mondro12up.ddnsking.com
mondro13up.servemp3.com
mondro14up.ddnsking.com
mondro15up.servemp3.com
mondro16up.ddnsking.com
mondro17up.servemp3.com
mondro18up.ddnsking.com
mondro19up.servemp3.com
mondro20up.ddnsking.com
mondro21up.servemp3.com
mondro22up.ddnsking.com
mondro23up.servemp3.com
mondro24up.ddnsking.com
mondro25up.servemp3.com
mondro26up.ddnsking.com
mondro27up.servemp3.com
mondro28up.ddnsking.com
mondro29up.servemp3.com
mondro30up.ddnsking.com
mondro31up.servemp3.com
mone9ywizard.is-a-caterer.com
moygeek.is-a-geek.org
msjdiwuw92.ddnsking.com
msjshdfdre3s.onthewifi.com
msjshdgferweusi.myddns.me
msnbdccxfddsre.servehttp.com
msngdfdre5.freedynamicdns.org
mus9igold.is-a-musician.com
mxgv2w01up.servemp3.com
mxgv2w02up.ddnsking.com
mxgv2w03up.servemp3.com
mxgv2w04up.ddnsking.com
mxgv2w05up.servemp3.com
mxgv2w06up.ddnsking.com
mxgv2w07up.servemp3.com
mxgv2w08up.ddnsking.com
mxgv2w09up.servemp3.com
mxgv2w1.servepics.com
mxgv2w10up.ddnsking.com
mxgv2w11up.servemp3.com
mxgv2w12up.ddnsking.com
mxgv2w13up.servemp3.com
mxgv2w14up.ddnsking.com
mxgv2w15up.servemp3.com
mxgv2w16up.ddnsking.com
mxgv2w17up.servemp3.com
mxgv2w18up.ddnsking.com
mxgv2w19up.servemp3.com
mxgv2w20up.ddnsking.com
mxgv2w21up.servemp3.com
mxgv2w22up.ddnsking.com
mxgv2w23up.servemp3.com
mxgv2w24up.ddnsking.com
mxgv2w25up.servemp3.com
mxgv2w26up.ddnsking.com
mxgv2w27up.servemp3.com
mxgv2w28up.ddnsking.com
mxgv2w29up.servemp3.com
mxgv2w30up.ddnsking.com
mxgv2w31up.servemp3.com
mxjhndbgsfree.serveminecraft.net
nas9cacash.is-a-nascarfan.com
nhgbjmkmnbx.servehalflife.com
nshsfdvccxsswe.webhop.me
nur9swealth.is-a-nurse.com
olikujyhtgrf.onthewifi.com
olkiuj76tgfr.servequake.com
owiwuete63543.bounceme.net
pain9trgold.is-a-painter.com
pateta01up.servemp3.com
pateta02up.ddnsking.com
pateta03up.servemp3.com
pateta04up.ddnsking.com
pateta05up.servemp3.com
pateta06up.ddnsking.com
pateta07up.servemp3.com
pateta08up.ddnsking.com
pateta09up.servemp3.com
pateta10up.ddnsking.com
pateta11up.servemp3.com
pateta12up.ddnsking.com
pateta13up.servemp3.com
pateta14up.ddnsking.com
pateta15up.servemp3.com
pateta16up.ddnsking.com
pateta17up.servemp3.com
pateta18up.ddnsking.com
pateta19up.servemp3.com
pateta20up.ddnsking.com
pateta21up.servemp3.com
pateta22up.ddnsking.com
pateta23up.servemp3.com
pateta24up.ddnsking.com
pateta25up.servemp3.com
pateta26up.ddnsking.com
pateta27up.servemp3.com
pateta28up.ddnsking.com
pateta29up.servemp3.com
pateta30up.ddnsking.com
pateta31up.servemp3.com
patetahw1.webhop.me
patkx1.gotdns.ch
patkx101up.servemp3.com
patkx102up.ddnsking.com
patkx103up.servemp3.com
patkx104up.ddnsking.com
patkx105up.servemp3.com
patkx106up.ddnsking.com
patkx107up.servemp3.com
patkx108up.ddnsking.com
patkx109up.servemp3.com
patkx110up.ddnsking.com
patkx111up.servemp3.com
patkx112up.ddnsking.com
patkx113up.servemp3.com
patkx114up.ddnsking.com
patkx115up.servemp3.com
patkx116up.ddnsking.com
patkx117up.servemp3.com
patkx118up.ddnsking.com
patkx119up.servemp3.com
patkx120up.ddnsking.com
patkx121up.servemp3.com
patkx122up.ddnsking.com
patkx123up.servemp3.com
patkx124up.ddnsking.com
patkx125up.servemp3.com
patkx126up.ddnsking.com
patkx127up.servemp3.com
patkx128up.ddnsking.com
patkx129up.servemp3.com
patkx130up.ddnsking.com
patkx131up.servemp3.com
ppwow992735ssx.sytes.net
pqoqiwue62es.freedynamicdns.org
qazxswedcvfrtgb.myftp.org
r3xg01up.servequake.com
r3xg02up.viewdns.net
r3xg03up.servequake.com
r3xg04up.viewdns.net
r3xg05up.servequake.com
r3xg06up.viewdns.net
r3xg07up.servequake.com
r3xg08up.viewdns.net
r3xg09up.servequake.com
r3xg10up.viewdns.net
r3xg11up.servequake.com
r3xg12up.viewdns.net
r3xg13up.servequake.com
r3xg14up.viewdns.net
r3xg15up.servequake.com
r3xg16up.viewdns.net
r3xg17up.servequake.com
r3xg18up.viewdns.net
r3xg19up.servequake.com
r3xg20up.viewdns.net
r3xg21up.servequake.com
r3xg22up.viewdns.net
r3xg23up.servequake.com
r3xg24up.viewdns.net
r3xg25up.servequake.com
r3xg26up.viewdns.net
r3xg27up.servequake.com
r3xg28up.viewdns.net
r3xg29up.servequake.com
r3xg30up.viewdns.net
r3xg31up.servequake.com
sderfdcxsddffs3.servecounterstrike.com
snshhdhdytetre5.sytes.net
tecgeek.is-a-geek.com
ujmnhytgbvfd.servehttp.com
vfcdxszabgnhmj.redirectme.net
wea9thpro.is-a-cpa.com
xsdsewre435a.3utilities.com

# Reference: https://x.com/Merlax_/status/1892387093193609514

http://160.153.172.106
http://160.153.172.33
http://160.153.173.113
http://160.153.173.160
http://160.153.173.179
http://160.153.173.227
http://160.153.173.69
http://160.153.173.84
http://160.153.174.24
http://160.153.174.3
http://160.153.174.38
http://160.153.175.99
http://208.109.37.95
http://208.109.39.114
http://37.148.201.105
http://72.167.134.73
http://72.167.143.231
57.129.23.16:6061
198.243.109.208.host.secureserver.net
243.200.148.37.host.secureserver.net
253.176.169.192.host.secureserver.net
42.173.153.160.host.secureserver.net
76.21.168.184.host.secureserver.net
93.143.167.72.host.secureserver.net
97.49.167.72.host.secureserver.net
01mxarjuntoq01.ddns.net
01mxarjuntow01.ddns.net
02mxarjuntoq02.ddnsking.com
02mxarjuntow02.ddnsking.com
03mxarjuntoq03.3utilities.com
03mxarjuntow03.3utilities.com
04mxarjuntoq04.bounceme.net
04mxarjuntow04.bounceme.net
05mxarjuntoq05.freedynamicdns.net
05mxarjuntow05.freedynamicdns.net
06mxarjuntoq06.freedynamicdns.org
06mxarjuntow06.freedynamicdns.org
07mxarjuntoq07.gotdns.ch
07mxarjuntow07.gotdns.ch
08mxarjuntoq08.hopto.org
08mxarjuntow08.hopto.org
09mxarjuntoq09.myddns.me
09mxarjuntow09.myddns.me
10mxarjuntoq10.myftp.biz
10mxarjuntow10.myftp.biz
11mxarjuntoq11.myftp.org
11mxarjuntow11.myftp.org
12mxarjuntoq12.ddns.net
12mxarjuntow12.ddns.net
13mxarjuntoq13.ddnsking.com
13mxarjuntow13.ddnsking.com
14mxarjuntoq14.3utilities.com
14mxarjuntow14.3utilities.com
15mxarjuntoq15.bounceme.net
15mxarjuntow15.bounceme.net
16mxarjuntoq16.freedynamicdns.net
16mxarjuntow16.freedynamicdns.net
17mxarjuntoq17.freedynamicdns.org
17mxarjuntow17.freedynamicdns.org
18mxarjuntoq18.gotdns.ch
18mxarjuntow18.gotdns.ch
19mxarjuntoq19.hopto.org
19mxarjuntow19.hopto.org
20mxarjuntoq20.myddns.me
20mxarjuntow20.myddns.me
21mxarjuntoq21.myftp.biz
21mxarjuntow21.myftp.biz
22mxarjuntoq22.myftp.org
22mxarjuntow22.myftp.org
23mxarjuntoq23.ddns.net
23mxarjuntow23.ddns.net
24mxarjuntoq24.ddnsking.com
24mxarjuntow24.ddnsking.com
25mxarjuntoq25.3utilities.com
25mxarjuntow25.3utilities.com
26mxarjuntoq26.bounceme.net
26mxarjuntow26.bounceme.net
27mxarjuntoq27.freedynamicdns.net
27mxarjuntow27.freedynamicdns.net
28mxarjuntoq28.freedynamicdns.org
28mxarjuntow28.freedynamicdns.org
29mxarjuntoq29.gotdns.ch
29mxarjuntow29.gotdns.ch
30mxarjuntoq30.hopto.org
30mxarjuntow30.hopto.org
31mxarjuntoq31.myddns.me
31mxarjuntow31.myddns.me

# Reference: https://x.com/1ZRR4H/status/1892619437804573180

wrsh.blob.core.windows.net
/wusgdh/index.html

# Reference: https://x.com/Merlax_/status/1901807022909378874

http://132.148.72.23
http://132.148.79.238
http://160.153.172.116
http://160.153.172.183
http://160.153.172.22
http://160.153.172.63
http://160.153.172.89
http://160.153.173.214
http://160.153.173.232
http://160.153.173.49
http://160.153.174.132
http://160.153.174.159
http://160.153.174.220
http://160.153.174.233
http://160.153.174.40
http://160.153.174.66
http://160.153.174.76
http://160.153.175.131
http://160.153.175.181
http://160.153.175.194
http://160.153.175.233
http://160.153.175.36
http://160.153.175.88
http://192.169.176.148
http://192.169.177.12
http://208.109.228.124
http://208.109.37.178
http://37.148.201.43
http://64.202.185.127
http://64.202.186.158
http://64.202.186.172
http://64.202.188.206
http://64.202.188.207
http://64.202.189.100
http://64.202.189.48
http://64.202.189.59
http://64.202.191.129
http://72.167.133.167
http://92.205.129.134
http://92.205.164.90
http://92.205.228.109
http://92.205.57.180
160.153.175.213:443
172.96.161.189:5587
172.96.161.85:5588
196.251.115.150:6555
45.137.214.73:8511
64.202.185.182:443
64.202.188.26:443
64.202.189.168:443
168.40.167.72.host.secureserver.net
178.37.109.208.host.secureserver.net
03trpavurnaer.servehxxp.com
21trpadeovnara.servehxxp.com
42trprodnada.servehxxp.com
84.173.153.160.host.secureserver.net
msnbdccxfddsre.servehxxp.com
pmuplasoloc.servehxxp.com
ujmnhytgbvfd.servehxxp.com

# Reference: https://x.com/Merlax_/status/1910876560749437061

172.96.140.97:6836
172.96.142.77:0591
172.96.161.235:6234
188.245.227.53:9985
194.238.24.68:6669
34.59.32.85:8001
38.210.209.243:6675
51.77.148.222:1259
247wtlxcr5B.myvnc.com
crarow1.zzux.com
mgl01up.servemp3.com
mgl02up.ddnsking.com
mgl03up.servemp3.com
mgl04up.ddnsking.com
mgl05up.servemp3.com
mgl06up.ddnsking.com
mgl07up.servemp3.com
mgl08up.ddnsking.com
mgl09up.servemp3.com
mgl10up.ddnsking.com
mgl11up.servemp3.com
mgl12up.ddnsking.com
mgl13up.servemp3.com
mgl14up.ddnsking.com
mgl15up.servemp3.com
mgl16up.ddnsking.com
mgl17up.servemp3.com
mgl18up.ddnsking.com
mgl19up.servemp3.com
mgl20up.ddnsking.com
mgl21up.servemp3.com
mgl22up.ddnsking.com
mgl23up.servemp3.com
mgl24up.ddnsking.com
mgl25up.servemp3.com
mgl26up.ddnsking.com
mgl27up.servemp3.com
mgl28up.ddnsking.com
mgl30up.ddnsking.com
mgl31up.servemp3.com
plorext1247wtlxcr5B.bounceme.net
ucrarow01.freedynamicdns.org
ucrarow02.gotdns.ch
ucrarow03.hopto.org
ucrarow04.myddns.me
ucrarow05.myftp.biz
ucrarow06.myftp.org
ucrarow07.ddns.net
ucrarow08.ddnsking.com
ucrarow09.3utilities.com
ucrarow10.bounceme.net
ucrarow11.freedynamicdns.net
ucrarow12.freedynamicdns.org
ucrarow13.gotdns.ch
ucrarow14.hopto.org
ucrarow15.myddns.me
ucrarow16.ddns.net
ucrarow17.ddnsking.com
ucrarow18.3utilities.com
ucrarow19.bounceme.net
ucrarow20.freedynamicdns.net
ucrarow21.freedynamicdns.org
ucrarow22.gotdns.ch
ucrarow23.hopto.org
ucrarow24.myddns.me
ucrarow25.myftp.biz
ucrarow26.myftp.org
ucrarow27.ddns.net
ucrarow28.ddnsking.com
ucrarow29.3utilities.com
ucrarow30.bounceme.net
ucrarow31.freedynamicdns.net
