Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
171 lines (146 sloc) 3.57 KB
# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission
# Note: jgou.veia@gmail.com (using for WHOIS records)
# Reference: https://rules.emergingthreats.net/open/snort-2.9.0/rules/emerging-trojan.rules
195.22.26.231
195.22.26.232
# 195.22.26.192/26
195.22.26.192
195.22.26.193
195.22.26.194
195.22.26.195
195.22.26.196
195.22.26.197
195.22.26.198
195.22.26.199
195.22.26.200
195.22.26.201
195.22.26.202
195.22.26.203
195.22.26.204
195.22.26.205
195.22.26.206
195.22.26.207
195.22.26.208
195.22.26.209
195.22.26.210
# 195.22.26.211 # relay.net.vodafone.pt
# 195.22.26.212 # relay2.net.vodafone.pt
# 195.22.26.213 # relay3.net.vodafone.pt
# 195.22.26.214 # relay4.net.vodafone.pt
195.22.26.215
195.22.26.216
# 195.22.26.217 # anubisnetworks.com
195.22.26.218
195.22.26.219
195.22.26.220
195.22.26.221
195.22.26.222
195.22.26.223
195.22.26.224
195.22.26.225
195.22.26.226
195.22.26.227
195.22.26.228
195.22.26.230
195.22.26.231
195.22.26.232
195.22.26.233
195.22.26.234
195.22.26.235
195.22.26.236
195.22.26.237
195.22.26.238
195.22.26.239
195.22.26.240
195.22.26.241
195.22.26.242
195.22.26.243
195.22.26.244
195.22.26.245
195.22.26.246
195.22.26.247
# 195.22.26.248 (Reference: https://www.alienvault.com/forums/discussion/10634/multiple-alarms-for-sinkhole-anubis-this-week)
195.22.26.249
195.22.26.250
195.22.26.251
195.22.26.252
195.22.26.253
195.22.26.254
195.22.26.255
# Reference: https://www.virustotal.com/en/ip-address/195.22.26.248/information/
# Reference: https://www.zoomeye.org/search?q=snkz%3D
# Note: all domains get prefix [x]sso.<domain> on reaching sinkhole
# Set-Cookie: snkz=x.y.z.w
anbtr.com
92.54.28.100
195.22.28.194
195.22.28.195
195.22.28.196
195.22.28.197
195.22.28.198
195.22.28.199
195.22.28.200
195.22.28.221
195.22.28.222
195.22.26.248
# To find out the domain itself from redirected URL
sso.anbtr.com/domain/
xsso.anbtr.com/domain/
# Reference: https://www.virustotal.com/en/ip-address/195.157.15.100/information/
195.157.15.100
# Reference: https://www.virustotal.com/en/ip-address/195.38.137.100/information/
195.38.137.100
# Reference: https://www.virustotal.com/en/ip-address/212.61.180.100/information/
212.61.180.100
# Reference: https://www.threatcrowd.org/ip.php?ip=89.185.44.100
89.185.44.100
# Misc. (e.g. Set-Cookie: snkz=)
# Note: https://www.virustotal.com/#/domain/anam0rph.su
195.38.137.100
195.22.4.21
63.251.126.8
63.251.126.7
63.251.126.6
63.251.126.9
63.251.126.14
63.251.126.13
63.251.126.12
63.251.126.10
212.61.180.100
195.22.4.21
195.38.137.100
# Reference: https://community.riskiq.com/search/certificate/sha1/030231a0bf3178cc5f4af80735cb2df1b3f4a437
# Reference: https://community.riskiq.com/search/certificate/sha1/1dc922d707c333a4fd86483868e40a2edeff3217
172.104.43.202
173.231.184.52
173.231.184.54
173.231.184.55
173.231.184.56
173.231.184.58
173.231.184.59
173.231.184.60
173.231.184.61
173.231.184.62
63.251.126.4
63.251.126.5
64.95.103.180
64.95.103.181
64.95.103.182
64.95.103.183
64.95.103.184
64.95.103.185
64.95.103.186
64.95.103.187
64.95.103.188
64.95.103.189
64.95.103.190
# Note: following DNS (sinkhole) servers redirect/reply all DNS requests to known Anubis sinkhole(s) (e.g. 195.22.26.248)
# Reference: https://www.virustotal.com/gui/ip-address/184.73.137.229/relations
# Reference: https://www.virustotal.com/gui/ip-address/34.229.84.179/relations
# Reference: https://www.virustotal.com/gui/ip-address/34.230.76.81/relations
# Reference: https://www.virustotal.com/gui/ip-address/54.227.204.233/relations
184.73.137.229:53
34.229.84.179:53
34.230.76.81:53
54.227.204.233:53
You can’t perform that action at this time.