# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1039605676404760576

bproduction.zapto.org

# Reference: https://twitter.com/ScumBots/status/1045052146067165184

hyper-servers.ddns.net

# Reference: https://twitter.com/ScumBots/status/1044912611089948672

corralesking.hopto.org

# Reference: https://twitter.com/ScumBots/status/1046354478268592128

abjbwtf.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1045931693167833088

131454.ddns.net

# Reference: https://twitter.com/ScumBots/status/1045776922171576320

kurviood.ddns.net
samostrelqsh.ddns.net

# Reference: https://twitter.com/ScumBots/status/1045746857408892928

staling79.mooo.com

# Reference: https://twitter.com/ScumBots/status/1043738462233485312

pauldenero.ddns.net

# Reference: https://twitter.com/ScumBots/status/1042779678367473665

clientswin.ddns.net

# Reference: https://twitter.com/ScumBots/status/1042704306795888640

haku004.hopto.org

# Reference: https://twitter.com/ScumBots/status/1042515566584586242

win.ddnsking.com

# Reference: https://twitter.com/ScumBots/status/1037861013255860224

scammer0304.ddns.net

# Reference: https://twitter.com/ScumBots/status/1037098491472998405

popopooo3847343dfer.publicvm.com
xcvx2343242sdfsdfsdfsxcv.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1036487098189205504

aylmao1337.tk

# Reference: https://twitter.com/ScumBots/status/1034248460223037441

adeldu122.ddns.net

# Reference: https://twitter.com/ScumBots/status/1041050784081883136

hbk4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1051065520328458240

needpull.ddns.net

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NanoCor-DM/detailed-analysis.aspx

obiank.ddns.net

# Reference: https://twitter.com/ScumBots/status/1052360306788327424

exotic-40931.portmap.io

# Reference: https://twitter.com/ScumBots/status/1052552825228673024

cuberwar.myvnc.com
cyber786.myvnc.com

# Reference: https://twitter.com/Racco42/status/1046873169070645248

chukwd.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1053824958399500288

fgcvhjbk.bounceme.net

# Reference: https://twitter.com/ScumBots/status/1054761124745412608

icheatedonyourcrush.ddns.net

# Reference: https://twitter.com/ScumBots/status/1055210337266491392

myhostsaddddd.hopto.org

# Reference: https://twitter.com/ScumBots/status/1056965649929510914

zenzen15.ddns.net

# Reference: https://twitter.com/ScumBots/status/1058154734417260544

Pirmary.dynu.net

# Reference: https://twitter.com/ScumBots/status/1058241556451254272

mohamedsaeed.ddns.net

# Reference: https://twitter.com/ScumBots/status/1058932359117107201

zentune.sytes.net

# Reference: https://twitter.com/ScumBots/status/1059509916707311617

avo4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061253904103600128

skynipit.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061269005296693248

office365update.duckdns.org
systen32.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061510597278425089

ogkush.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061710662940942338

jake1234.ddns.net

# Reference: https://twitter.com/ScumBots/status/1062224311430365185

onixoino.ddns.net

# Reference: https://twitter.com/ScumBots/status/1063892541253345281

daddyup.ddns.net

# Reference: https://twitter.com/ScumBots/status/1064575794121445376

weekskypp.hopto.org

# Reference: https://twitter.com/ScumBots/status/1065002353307324418

mcnana.theworkpc.com

# Reference: https://twitter.com/ScumBots/status/1067214563651796992

masterzion.ddns.net

# Reference: https://twitter.com/ScumBots/status/1067237079376191488

yeetyeeter.ddns.net

# Reference: https://twitter.com/ScumBots/status/1067829739107352577

sicknessdk.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1068244972011487232

intercambiotestg99.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1069162266279510016

insta.webhop.me

# Reference: https://twitter.com/ScumBots/status/1069502003116679168

wadlalafala2344.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1070743939089612800

y013s.ddns.net

# Reference: https://twitter.com/ScumBots/status/1070868509763215360

moms.myftp.biz

# Reference: updates up to https://twitter.com/ScumBots/status/1079871582284247041

amerkad19.ddns.net
blubjkh.ddns.net
chromeservice.serveirc.com
kurwa.ddns.net
nanithecorelol.ddns.net
ncore.ddns.net
sambosaxzx.ddns.net
svchostest.ddns.net
vpnchjuy.ddns.net

# Reference: https://www.symantec.com/blogs/threat-intelligence/african-financial-attacks

nemesis225.ddns.net

# Reference: https://twitter.com/ScumBots/status/1086998543217426432

madarahost.ddns.net

# Reference: https://twitter.com/ScumBots/status/1088781872510001152

axuas.ddns.net

# Reference: https://twitter.com/ScumBots/status/1088908631930736640

minimalprojectscm.ddns.net

# Reference: https://twitter.com/ScumBots/status/1089191742681817094

nanoocore.ddns.net
Listener.chickenkiller.com
ukurbap.duckdns.org
5.59.91.86:5552

# Reference: https://twitter.com/ScumBots/status/1096141287328280576

karutohack.ddns.net

# Reference: https://twitter.com/ScumBots/status/1099342379386134529

185.56.90.79:1799

# Reference: https://twitter.com/ScumBots/status/1097262422912614401

194.5.99.9:36460

# Reference: https://twitter.com/ScumBots/status/1099474498317889536

109.181.151.155:1263

# Reference: https://twitter.com/ScumBots/status/1101973465895264257

lp0766.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102094396542144513

fucka.ddns.net
fuckyoua.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102422807672246274

windowuser.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102547247231840258

141.255.152.199:54979

# Reference: https://twitter.com/ScumBots/status/1102573669455462400

demisoda2.kro.kr

# Reference: https://twitter.com/ScumBots/status/1102973809316032512

nanotestit.ddns.net

# Reference: https://twitter.com/ScumBots/status/1103321099440398343

csgo45bj.ddns.net

# Reference: https://twitter.com/ScumBots/status/1104808531184812037

31.49.241.6:1604

# Reference: https://twitter.com/ScumBots/status/1105793638041354240

141.255.151.202:5552

# Reference: https://twitter.com/ScumBots/status/1105797415901253633

141.255.158.98:53896

# Reference: https://twitter.com/James_inthe_box/status/1102914959556538368

185.84.181.88:4050

# Reference: https://twitter.com/ScumBots/status/1108326582664527872

10.9.36.186:6969

# Reference: https://twitter.com/ScumBots/status/1108311482247335936

213.89.206.15:1337

# Reference: https://twitter.com/Racco42/status/1102848826556276736

top1.apexgamingjo.waw.pl

# Reference: https://twitter.com/casual_malware/status/1107441450415992832

nanocore2019.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

ninodns.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1093994913249853440
# Reference: https://pastebin.com/rQ0Cnkh0

lightchibuike.ddns.net
pixls.ddns.net

# Reference: https://twitter.com/ViriBack/status/1065597117937434625

bosmanchi.ddns.net

# Reference: https://twitter.com/killamjr/status/1093553362174242816

tntsure.ddns.net

# Reference: https://twitter.com/pollo290987/status/1092796516555808770

megida.hopto.org

# Reference: https://twitter.com/Racco42/status/1059945882274197504

194.5.99.243:2019

# Reference: https://twitter.com/HerbieZimmerman/status/1057692658104262657

194.5.98.182:7020

# Reference: https://twitter.com/luc4m/status/1044855395615997953

datalogsbackups.hopto.org

# Reference: https://twitter.com/matte_lodi/status/1049203238963167233
# Reference: https://app.any.run/tasks/bb524301-c794-4813-8e72-a03ae7d5b8cc

ambition.ddns.net

# Reference: https://twitter.com/Ring0x0/status/1006200464772419585

delawizzy.ddns.net

# Reference: https://twitter.com/Antelox/status/859092998818344961

herackles.moneyhome.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/751375987028484096

businessdb4.duckdns.org
businessdb5.duckdns.org

# Reference: https://twitter.com/JayTHL/status/729724613907783680

212.7.208.81:51010

# Reference: https://twitter.com/JayTHL/status/705429671303774208

greenbacks.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/694596719426826240

admindarkcomet.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/694296245679099904

QuantumDevv.chickenkiller.com

# Reference: https://twitter.com/MalwareConfig/status/651147773257977856

paychuby.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097923196342272

aeht.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097877851746304

freedarren.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097559160156160

purevid.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/650097117315395584

ik4ito.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/650096982590156800

mlgsnip3r.no-ip.biz

# Reference: https://twitter.com/ScumBots/status/1109640234864701441

67.253.236.155:5553

# Reference: https://twitter.com/ScumBots/status/1110266084760920064

gangbanghangchang.myftp.biz

# Reference: https://twitter.com/James_inthe_box/status/1110579161884577792

172.81.132.137:54984

# Reference: https://twitter.com/x42x5a/status/1113414801705844738

kgentle77.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1114521149034123265

185.101.94.172:36460
rmcos.sparcos-es.com

# Reference: https://twitter.com/HerbieZimmerman/status/1115325369371045889

185.165.153.114:2525

# Reference: https://twitter.com/x42x5a/status/1115556640026177537

184.75.209.169:5787

# Reference: https://twitter.com/malwrhunterteam/status/1115942079711129602

ebaystube.hopto.org

# Reference: https://twitter.com/Racco42/status/1116793128319459329

moran101.duckdns.org

# Reference: https://pastebin.com/S3cZw7CA

154.16.63.122:1919
184.75.209.169:5787
185.56.90.91:1989
185.84.181.83:5302
194.5.98.26:1012
194.5.99.229:5050
213.208.152.197:9737
33393.ddns.net
arab1.myq-see.com
frazodee.hopto.org
gefide5.ddns.net
hhhssa.chickenkiller.com
lacoban.ddns.net
office365.duckdns.org
onielnfo.ddns.net
repoyochar2u.ddns.net
repoyochar2u.hopto.org
skynetcdt.dyndns.org
webaccess.hopto.org
wilfred123.ddns.net

# Reference: https://pastebin.com/ZCVB1pww

103.200.6.3:5490
181.214.55.23:9989
181.215.247.55:9780
185.148.241.40:3413
185.208.211.13:1943
185.244.30.106:1985
185.244.30.116:1985
185.244.30.98:8030
194.5.99.176:54984
194.5.99.181:4488
194.5.99.84:1604
194.68.59.45:32101
86.144.241.171:1608
95.140.125.77:52097
95.140.125.79:10203
ADMIN.ndplc.gq
anunankis3.duckdns.org
burdun.dynu.net
cjbo12.ddns.net
ibrak.ddns.net
jacksmithcarter.ddns.net
jasoiuuydealaa.sytes.net
kenzog.no-ip.biz
kroger.ddns.net
lordblessme.duckdns.org
lordblessme.hopto.org
MARKET.ndplc.gq
microsoftware.hopto.org
netframework.serveminecraft.net
okaforchukwuma247.ddns.net
parcel.duckdns.org
rattool0.ddns.net
rogersbvrly0123.ddns.net
shahan1337.ddns.net
shootingstar.ddns.net
talknahealga1974.myq-see.com
vpnserver.ddns.me
xxxnpornlegitnoscam.ddns.net

# Reference: https://ghostbin.com/paste/qyhf6

107.173.58.71:30117
109.247.80.150:20000
154.16.201.167:3114
154.16.220.215:7177
173.46.85.23:1996
178.209.51.235:4156
181.215.247.13:19983
181.215.247.189:4199
181.215.247.194:1002
181.215.247.70:7000
185.121.166.5:1012
185.244.30.121:5129
185.244.30.127:1985
185.244.30.94:8030
185.244.30.98:9645
185.84.181.65:8128
189davidcameron.ddns.net
191.101.22.21:1005
191.101.22.231:7200
194.5.99.179:4040
194.5.99.197:54984
194.5.99.22:3940
194.5.99.5:2017
194.68.59.31:1756
198.23.210.211:5890
2018bless.duckdns.org
212.7.208.100:17084
212.7.208.155:10001
212.7.208.94:3413
213.184.126.145:2001
31.220.7.204:1626
37.49.225.19:4335
41.231.120.13:9176
45.35.105.149:30198
46.36.39.22:2212
62.109.11.164:54984
78.47.149.66:7331
79.172.242.29:36378
88.208.246.117:7000
89.35.228.239:57356
89.46.222.206:9998
91.192.100.23:7012
91.192.100.4:3535
91.192.100.5:8181
91.92.136.158:1608
95.140.125.52:2018
95.140.125.85:6020
95.213.251.165:2547
a.tomx.xyz
anonymouss21.ddns.net
babazam.xyz
baseman45.pdns.cz
bennicholas.hopto.org
bitcoinonemmusd.hopto.org
bnow.duckdns.org
brytonwilliams.ddns.net
chykn.hopto.org
comboplug.duckdns.org
darkrig1.ddns.net
dayung.duckdns.org
dickson78.duckdns.org
ehispride1.ddns.net
frankfurt1.perfect-privacy.com
frankfurt2.perfect-privacy.com
frankwill12.ddns.net
godsblessing.dotdns.ch
heinrichschroth.hopto.org
ijomsdavis1.ddns.net
irofuuzo.ddns.net
isaacjekwu123.ddns.net
kotsiros.ddns.net
lappenfick.hopto.org
lascoyaya.sytes.net
maxwellclassic.ddns.net
mercadoliinio.duckdns.org
mikkymouse.duckdns.org
mybackups.duckdns.org
nano.xblbyesma.com
nanoip2.ddns.net
newera.serveftp.com
officewkgrace.ddns.net
osynewvps.duckdns.org
paychenco.ddns.net
paymeaji.ddns.net
snooper112.ddns.net
suncraft.duckdns.org
sydneyjames101.ddns.net
timmy44.ddns.net
timmy55.ddns.net
tonymaris.ddns.net
TUIYR.chickenkiller.com
wackysite.duckdns.org
xblbyesma.com
yannythefanny.ddns.net
z.whorecord.xyz

# Reference: https://twitter.com/James_inthe_box/status/1029752092473217025

185.82.220.137:33691

# Reference: https://twitter.com/pancak3lullz/status/1115982919628148736

194.5.99.30:4488

# Reference: https://twitter.com/pancak3lullz/status/1083411311160102912

185.125.205.71:6789
omada20.ddns.net

# Reference: https://twitter.com/pancak3lullz/status/1082284798708723713

185.125.205.68:3190
jasoncarlosscot.hopto.org

# Reference: https://twitter.com/pancak3lullz/status/1080543756456214528

173.46.85.96:2222
chibuike.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

91.192.100.50:7030

# Reference: https://twitter.com/dvk01uk/status/1121633456323088387
# Reference: https://app.any.run/tasks/44328111-a0d3-48b5-bc50-2e7e45118261

adobemoney.linkpc.net
31.220.43.113:7788

# Reference: https://twitter.com/luc4m/status/1121805940632817664

77.48.28.247:5378

# Reference: https://twitter.com/MalwareConfig/status/775345497422831616

nipples.chickenkiller.com

# Reference: https://twitter.com/MalwareConfig/status/772909731287564288
# Reference: https://malwareconfig.com/config/0c0e3b6d38c265acb8a2b57cdf15803e/

109.169.61.7:6565

# Reference: https://twitter.com/Racco42/status/1122972672001019906

185.101.94.172:3018

# Reference: https://twitter.com/r0ny_123/status/1017730367149760518
# Reference: https://app.any.run/tasks/c4fb59da-cded-4fa9-9a1f-9409a52b7ed3

191.96.249.27:3360

# Reference: https://twitter.com/x42x5a/status/1123179932404846593

wazaa.mywire.org

# Reference: https://twitter.com/dvk01uk/status/1123176385252614145
# Reference: https://app.any.run/tasks/bbe15eb1-1bbe-437f-bdda-5b83fc47b8b5

185.247.228.142:3196

# Reference: https://twitter.com/Racco42/status/1124289220653142016
# Reference: https://app.any.run/tasks/385b66d9-8455-4501-9828-ce8e3ff255b7

wiz2019.ddns.net
185.165.153.110:9124

# Reference: https://twitter.com/Racco42/status/1125377644814581760
# Reference: https://app.any.run/tasks/4edc7722-c6a6-480a-a5ce-dc8ec2c6ee14

nonox.duckdns.org
185.247.228.171:2741

# Reference: https://twitter.com/P3pperP0tts/status/1125807083700539392

bio4kobs.geekgalaxy.com

# Reference: https://twitter.com/dvk01uk/status/1126018535094931456

rajahclassic.chickenkiller.com

# Reference: https://twitter.com/dvk01uk/status/1126332447321411584
# Reference: https://app.any.run/tasks/5e801075-d3af-48b2-9c69-2d838b4ba7b9

91.193.75.239:5494

# Reference: https://twitter.com/58_158_177_102/status/1126774468053889031
# Reference: https://app.any.run/tasks/5f4957cb-3478-4184-a6af-ca0d82fc0415
# Reference: https://app.any.run/tasks/84c87a15-34c7-4434-93ae-6f02b524aad6

kartelicemoney.duckdns.org
105.112.112.160:1707

# Reference: https://twitter.com/x42x5a/status/1128982111711584256

frankwill12m.ddns.net

# Reference: https://twitter.com/ScumBots/status/1132417823760896000

24e26s2854.wicp.vip

# Reference: https://twitter.com/James_inthe_box/status/1133059402800386051

wazy1010.ddns.net

# Reference: https://twitter.com/ScumBots/status/1133331342572236801

120.24.231.105:7334

# Reference: https://twitter.com/JAMESWT_MHT/status/1134365902173102080
# Reference: https://app.any.run/tasks/94641e32-9b9d-4da3-8345-f07e8922b7c6/

194.5.98.5:1680

# Reference: https://twitter.com/JAMESWT_MHT/status/1134478806473986049
# Reference: https://app.any.run/tasks/62f68bae-1b8f-40b6-883d-a48178c0e277/

79.134.225.51:3030

# Reference: https://twitter.com/Racco42/status/1136593634650927105

80.85.153.187:30301

# Reference: https://twitter.com/James_inthe_box/status/1136778097615724548

185.217.1.133:50317

# Reference: https://app.any.run/tasks/12b3ea80-4345-4f3b-b628-a10c0195854a/

91.193.75.239:5494

# Reference: https://twitter.com/luc4m/status/1138064069284573184

bukis228.ddns.net

# Reference: https://twitter.com/Zerophage1337/status/1138099090556932097

91.193.75.21:5626
atiku.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

ganif.ddns.net
shedyshedy.ddns.net

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1186

# Reference: https://blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/

185.244.31.50:1540
79.134.225.41:2031

# Reference: https://twitter.com/P3pperP0tts/status/1139942794590601216
# Reference: https://pastebin.com/bpabKNNZ

185.244.31.25:3575
185.244.31.31:8181
91.193.75.239:5494
ambit19.ddns.net
ip2locate.ddns.net
ochaforward.hopto.org
templerun.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1141317977167605765
# Reference: https://app.any.run/tasks/0a32df75-7fa1-4ac4-b093-9422785aa904/

69.65.7.135:8484

# Reference: https://myonlinesecurity.co.uk/nanocore-rat-via-fake-dhl-failed-delivery-in-chinese/
# Reference: https://app.any.run/tasks/bae68d93-a378-436a-b809-362b00fd84d5/

185.244.29.22:6699
microsoft.btc-crypto-rewards.cash

# Reference: https://twitter.com/Racco42/status/1141106627229212673
# Reference: https://twitter.com/HerbieZimmerman/status/1141408019571458049

justgo.linkpc.net
104.206.98.246:30301

# Reference: https://twitter.com/reecdeep/status/1143821025748164608
# Reference: https://app.any.run/tasks/6ad55b12-af6b-419d-b375-b87c25c82056/

79.134.225.12:5000

# Reference: https://twitter.com/ffforward/status/1144531131326504961

feshng.hopto.org
134.3.20.151:7789
185.165.153.171:7789

# Reference: https://twitter.com/luc4m/status/1145603655413981185

southmoney.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1145680737971998720

pay1.duckdns.org

# Reference: https://twitter.com/killamjr/status/1145758143395373056

103.133.109.109:2040

# Reference: https://pastebin.com/S4ggik78

dxbdoc.ddns.net
jodeal.casacam.net
nemesis225.duckdns.org
popsudtsucks.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1146482606185308160

23.249.168.10:1982
ogodoswar.ddns.net

# Reference: https://twitter.com/killamjr/status/1146498532716793856
# Reference: https://app.any.run/tasks/5db94abe-1315-4b95-9d49-704db75df4c0/

5.196.203.64:42093
thefrench.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1146669422448435201
# Reference: https://app.any.run/tasks/70b936c4-e4eb-44f3-a15e-e2663fb19562/

79.134.225.51:3030

# Reference: https://twitter.com/ScumBots/status/1147928776216653825

141.255.145.32:1604

# Reference: https://twitter.com/reecdeep/status/1148901391001407494

79.134.225.12:5000

# Reference: https://twitter.com/James_inthe_box/status/1149026394472472576

185.244.31.81:3487

# Reference: https://twitter.com/D3LabIT/status/1149659498350407680
# Reference: https://app.any.run/tasks/70dfba07-7b8a-4bff-a71e-c520f977f3d2/

185.247.228.191:1540

# Reference: https://twitter.com/P3pperP0tts/status/1150326099416686592

benders.zapto.org
debase45.ddns.net

# Reference: https://www.virustotal.com/gui/file/af0fbb1773a61cc3cd40cb559ecea7fec657769c5179bfcdfae0d63803b48497/behavior/Dr.Web%20vxCube
# Reference: https://app.any.run/tasks/611b13bd-4c3b-48f9-a86f-b1eb99eee413

updated01.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1151385321587838978
# Reference: https://twitter.com/reecdeep/status/1151756075407945729
# Reference: https://app.any.run/tasks/457db32a-37d5-4661-8343-66acae38c8d2/

nacoreloaded12.ddns.net
160.202.163.244:3126

# Reference: https://twitter.com/B1naryG/status/1151424533032816641
# Reference: https://app.any.run/tasks/40a6bc66-e98b-4cd7-a077-bc773d0ed954/

185.247.228.17:47581
etoiilefiiilante.duckdns.org

# Reference: https://twitter.com/coderippers/status/1152188547253846016

moneybag042.warzonedns.com

# Reference: https://twitter.com/reecdeep/status/1145943064961269760

mardinmagic.ddns.net

# Reference: https://twitter.com/coderippers/status/1153267389632602114

blackhill.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1153283443133964290

avt.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1153672360265781249

localdesk.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1154367978152124418

onpcsetup.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1154636731074908160

5.188.9.57:7575

# Reference: https://twitter.com/James_inthe_box/status/1154762726494765056

newmicke2019.ddns.net

# Reference: https://twitter.com/Racco42/status/1155776895394439168
# Reference: https://app.any.run/tasks/f1d56790-6fee-481e-b40f-85453d3d52ca/

moneybag042.warzonedns.com
36.255.97.73:2040

# Reference: https://twitter.com/Paladin3161/status/1157070115038478338

79.134.225.96:5556

# Reference: https://twitter.com/Paladin3161/status/1156903664302215169

185.217.1.156:5200
warzoneburky.ddns.net

# Reference: https://twitter.com/wwp96/status/1158427926750212096

eguchinomso.duckdns.org

# Reference: https://twitter.com/wwp96/status/1158390337372655617

primaryjet.duckdns.org
142.44.161.51:5232

# Reference: https://twitter.com/killamjr/status/1159132424544149504
# Reference: https://app.any.run/tasks/a227900f-9fd8-4e82-84b7-7d93357517ea/

160.116.15.132:2382
kalakuta.ddns.net

# Reference: https://twitter.com/ScumBots/status/1162416745317052417

178.117.59.19:25565

# Reference: https://twitter.com/ScumBots/status/1163001849731063810

184.57.168.28:1705

# Reference: https://twitter.com/wwp96/status/1163472330565332992
# Reference: https://app.any.run/tasks/0cbd5edf-c36a-48d8-b9ae-67ad0b83d759/

23.105.131.129:7080
patgini.duckdns.org

# Reference: https://twitter.com/killamjr/status/1164172558700204032

attilabanks.ddns.net

# Reference: https://twitter.com/reecdeep/status/1164422876017115136

79.134.225.52:1991

# Reference: https://twitter.com/reecdeep/status/1164432216010702848
# Reference: https://app.any.run/tasks/2e09254a-c57f-4d6d-8186-de18a9eb75fe/

79.134.225.108:1135
systempc1.ddns.net

# Reference: https://twitter.com/reecdeep/status/1164466004480745472
# Reference: https://app.any.run/tasks/0fa8bc38-52f8-4e4e-af68-65b737625372/

79.134.225.55:7030
pacotdc2020.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1163354232113831936
# Reference: https://app.any.run/tasks/76c3a5e1-5a04-489f-a59b-2408524d14ce/

66.133.76.69:8631
cjchijioke.zapto.org

# Reference: https://twitter.com/killamjr/status/1164514185243430914
# Reference: https://app.any.run/tasks/0da0b775-3f5c-4277-99af-1681833f4a05/

194.5.98.24:4564
recoverypw.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1164792320396365829

194.5.98.137:7895
engineer.hopto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1166030024635498496

91.189.180.211:4740
bsbs.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1166238086084345857
# Reference: https://app.any.run/tasks/ff57ad8c-a66c-47f8-b42b-d6026d94ad5f/

185.19.85.171:59
agahwon.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1166605833343553536
# Reference: https://app.any.run/tasks/28a1f567-1857-4bd1-a4d2-edb1db79c66a/

194.5.98.225:54984
apapurevpn.ddns.net

# Reference: https://twitter.com/Jouliok/status/1166616872474894337
# Reference: https://app.any.run/tasks/2bfd1d45-eec2-443b-bf71-e18df582f076/

185.105.236.176:2179
calitus.hopto.org

# Reference: https://twitter.com/Paladin3161/status/1167027534828978177

ariascopetrading.hopto.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

bnow.duckdns.org
ciao2.hopto.org
dwxi.duckdns.org
dxbdoc.ddns.net
fillup.duckdns.org
hardrickkonsult.duckdns.org
jodeal.casacam.net
kendomoney2.duckdns.org
moneymen2019.ddns.net
mrstan.duckdns.org
nemesis225.duckdns.org
popsudtsucks.duckdns.org
roblox.webredirect.org
wackysite.duckdns.org
winsec.dynu.net

# Reference: https://twitter.com/p5yb34m/status/1167130345965117440

manblues.sytes.net

# Reference: https://twitter.com/wwp96/status/1167837052097970176

sandshoe.duckdns.org
smartcoonect.duckdns.org

# Reference: https://twitter.com/wwp96/status/1167830992587034624

saintjames.publicvm.com

# Reference: https://twitter.com/wwp96/status/1167834053590097921
# Reference: https://app.any.run/tasks/5260bec5-bff2-44f4-983f-9dc2adde3113/

142.44.161.51:5089
nnjhjhjj.duckdns.org

# Reference: https://twitter.com/Racco42/status/1168622419256459266
# Reference: https://app.any.run/tasks/8f34b304-4350-4ca9-87f1-00fd92b88454/

154.68.5.169:49153
chance2019.ddns.net

# Reference: https://twitter.com/reecdeep/status/1168795298715639808
# Reference: https://app.any.run/tasks/c23caa1a-41f5-43d2-8c63-4e8e4d45a98f/

185.105.236.134:9412
fredwil.ddns.net

# Reference: https://twitter.com/ps66uk/status/1169181097604915200

79.134.225.108:5592
98.143.144.232:58566
mstanley.ufcfan.org
worklogin2019.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1169339642115588096

eventuary.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432

105.112.98.206:1144
173.254.223.125:1144
meeti.ddns.net

# Reference: https://twitter.com/wwp96/status/1170310504029536256

blackhill.ddns.net

# Reference: https://twitter.com/wwp96/status/1170336591635783680
# Reference: https://app.any.run/tasks/79afa5de-1f01-4b27-ab24-4239512844ff/

185.105.236.176:5721
weiby.hopto.org

# Reference: https://twitter.com/Paladin3161/status/1170706804864536576

bloc2020.ddns.net

# Reference: https://app.any.run/tasks/38a77fc4-420f-493d-985b-b3a0577ff256/

185.165.153.35:30089

# Reference: https://twitter.com/wwp96/status/1171063529929105412
# Reference: https://app.any.run/tasks/4a93b3f3-2876-45c5-9501-410830ee0d5b/

185.165.153.56:4040
eizzymoney.ddns.net

# Reference: https://twitter.com/wwp96/status/1171065447967580162
# Reference: https://app.any.run/tasks/c3334463-7291-42b6-bcdf-e9b850b8192b/

51.89.142.95:5454
abc.hopto.me

# Reference: https://app.any.run/tasks/c9c03c22-e430-408d-b971-c6e4f9effca9/

moran101.duckdns.org
moran007.duckdns.org

# Reference: https://twitter.com/wwp96/status/1171407790449012736
# Reference: https://app.any.run/tasks/64497ded-42f5-4689-8ea3-c23864707166/
# Reference: https://app.any.run/tasks/9b106ed5-ddbf-405b-986f-dc48525b0d51/

103.200.6.79:2277
103.200.6.79:7722
renaj.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1171762981673172992

1gstemos.duckdns.org
danishcent.duckdns.org
jaden222.kozow.com

# Reference: https://twitter.com/JayTHL/status/1171792541240442880

91.189.180.218:4435
btchtu.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1171952485625262080

officeofgrace14.ddns.net

# Reference: https://twitter.com/reecdeep/status/1172525114036039680
# Reference: https://app.any.run/tasks/237d0b43-2489-4854-bbc2-4c459598e3c8/

185.19.85.159:3000

# Reference: https://twitter.com/dvk01uk/status/1172755193206845444
# Reference: https://app.any.run/tasks/e0c2b41e-0b42-4c96-b0bc-72fd6be85284/

185.165.153.121:76
deburg.duckdns.org

# Reference: https://twitter.com/killamjr/status/1173262255611269120
# Reference: https://app.any.run/tasks/28aa0199-0428-4812-b9fa-687a69c5bd7b/

79.134.225.104:4050

# Reference: https://twitter.com/coderippers/status/1156857536026484736

103.200.6.3:2016

# Reference: https://app.any.run/tasks/bc5b715c-7bfa-4025-9a42-58de61855990/

saintjames.publicvm.com

# Reference: https://www.virustotal.com/gui/file/3f5bce47783e3a859fbb467b72f659ba95ccbcacc5f0906a9615fa44dfbb3bb4/detection

79.134.225.106:9124
shekinahwiz.ddns.net

# Reference: https://twitter.com/killamjr/status/1178663514900238336
# Reference: https://app.any.run/tasks/177c7ec2-fb0a-4302-b871-8bdb359624df/

194.5.98.123:33733


# Reference: http://vxcube.com/recent-threats-ioc/5d3781b3a39bb560702e4a13/detail

nanocore511.ddns.net
avt.duckdns.org
jimmycharles2468.ddns.net
kennethpeters.ddns.net
king8950.duckdns.org
ilepilub.myhostpoint.ch
sammorrisok55.duckdns.org
abundantgrace1.ddns.net
warzoneburky.ddns.net

# Refrence: https://twitter.com/James_inthe_box/status/1179774489514496000

59108.duckdns.org

# Reference: https://app.any.run/tasks/cdef8e3a-c2e1-4363-8f85-219925f5e5ad/

odogwu222.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1180811705280012288

94.107.59.249:54984
connectings.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1181188506980208640

kartelicemoney.duckdns.org

# Reference: https://twitter.com/Racco42/status/1181330436162818054
# Reference: https://app.any.run/tasks/1fc0964a-4d9e-45bd-a982-8bb6e6251b48/

194.5.98.127:5882
ify.duckdns.org

# Reference: https://twitter.com/Racco42/status/1181670662194257936
# Reference: https://app.any.run/tasks/77b8af9e-239e-42c6-8670-69984eb22afa/

79.134.225.42:1985

# Reference: https://twitter.com/ffforward/status/1181853927156920321
# Reference: https://app.any.run/tasks/d78e78a4-824c-44d9-a0f8-a25be2a038af/

79.134.225.46:9020
mulla.hopto.org

# Reference: https://twitter.com/Racco42/status/1182064994516643841

79.134.225.119:55112

# Reference: https://app.any.run/tasks/c14fcbdc-edc1-427b-9f15-bd047abb1e8c/

194.5.98.251:5540

# Reference: https://twitter.com/w3ndige/status/1176905272549400579
# Reference: https://app.any.run/tasks/b4fdda7d-737a-4493-913c-e1cff8987d4a/

185.217.1.173:9834
antihunger.dynu.net

# Reference: https://twitter.com/w3ndige/status/1165906300754104322

103.200.5.128:8776
gregvictor.hopto.org

# Reference: https://twitter.com/P3pperP0tts/status/1186665154513195013

79.134.225.70:3940
danishcent.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1188840789016764416
# Reference: https://app.any.run/tasks/7e37ef77-7127-4213-b8e5-ee24f8658e8d/

185.165.153.239:9834
newone11.mywire.org

# Reference: https://twitter.com/wwp96/status/1188887309091033089
# Reference: https://app.any.run/tasks/95daf9a7-d985-4928-8220-c12bf45b3334/

185.165.153.16:6939
morgan22.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/603d6fc8c41c2a18139857e27a7dc3e050f3c9ddfac7cccc92c4e454408fb896/detection

tijanml.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/98be89b13355f98a1e7faf259312b0054159aeffa9d222101c2227854d5089e8/detection

79.134.225.125:1985

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/97f32d9e89e510d6e9c26d0a91d3e08692932d0d2a2264a7369b5a133fade0b5/detection

79.134.225.125:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/fc6a0c7a5758bf1dd04e30c58680fc842316b2078635df3449f51e12322c176a/detection
# Reference: https://www.virustotal.com/gui/ip-address/37.235.1.174/relations

37.235.1.174:53

# Reference: https://www.virustotal.com/gui/file/4928fdede6439ab72afc175ef367440d665c876d7c3a1bff09ffd6c53752ce56/detection

185.217.1.135:137
37.235.1.177:53
alaincrestel1900.ddns.net
larbivps.freemyip.com

# Reference: https://www.virustotal.com/gui/file/9c70295e9fedc283b112db777ccb3cd35b8177ce258d773f6d1df26692d0fedc/detection

beast999.ddns.net

# Reference: https://www.virustotal.com/gui/file/70fe32a3ed8a6d0faf3ac6d460b3b1c4dcb8819fe7ca86069a7ff6479282562e/detection

SchoolServer405.mooo.com

# Reference: https://www.virustotal.com/gui/file/5068c69231bfd86ed423021ce32a189b3d7f92391917b9b62251a545bb98834b/detection

88.235.181.40:8282
victoryinkings.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc23e79acb4676f260b0c5a29c1315395b0099c11a954d1d85180161225d25e7/detection
# Reference: https://www.virustotal.com/gui/file/c4eab66d81ba8fab271e01d6080978ffad715c77734b43ce8ee0d6906f2c8186/detection

154.118.70.199:6060
41.217.61.245:6060
79.134.225.74:6060
obu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b174b1345931d9f22e75bdfe7ec10241c047c6cc82ca223224d3bdb0ca470234/detection

79.134.225.7:8282
conana666.ddns.net

# Reference: https://www.virustotal.com/gui/file/100b4b69c75870f8134238b0b26e7c666a57c2e0ed46729297cb527ec67d1d5b/detection

xsrt7dtftvf.ddns.net

# Reference: https://www.virustotal.com/gui/file/5d6decfa7304de309e330fcb8483261e4b1b3ad6515cebba33a23ab3db050d4d/detection

79.134.225.116:1604
91.193.75.48:1604
staffordcranegroup1.ddns.net

# Reference: https://www.virustotal.com/gui/file/143fa3aad33c18877ed9e435d140b9be6b92e20e8a767e6098b43caabf7734ac/detection

79.134.225.74:1111
lecamerenhaut.freemyip.com

# Reference: https://www.virustotal.com/gui/file/6ce3f65a76bae40596eebd524b5389e409ddaa0e03d62dcbe314adead20ce2e2/detection

194.5.98.190:9098
norly.ddns.net

# Reference: https://www.virustotal.com/gui/file/891152054d208fd7da085b63d53821e14ce6c6f128e1dda6d569fded36ee04b6/detection

41.203.78.246:8282

# Reference: https://www.virustotal.com/gui/file/773b78f8aef041ebf69887c0bd08d675591f28c5c1334ab078865303e17a6620/detection

185.247.228.15:4040
ellababy123.ddns.net

# Reference: https://www.virustotal.com/gui/file/1c01644bf0467a11d1966af6f334d4c0c0eb1d432e794d3a077429feb2ad9fd7/detection

clanige4.ddns.net

# Reference: https://www.virustotal.com/gui/file/da32aadc61ccfd99fd0617f5f763d06db2d01c2fb604239c775a2ee40a3d8b5b/detection

41.203.78.34:8282

# Reference: https://www.virustotal.com/gui/file/492dbe76f0fc6405cccd22266e7c4a3f138e834d81689250da1e1c676bebeef0/detection

185.19.85.183:8809
odogwuchacha.ddns.net

# Reference: https://www.virustotal.com/gui/file/3853bdd2d2062612f2db5244f330edf0b20dee4531e219b9a2040b21aecaa5c8/detection

thierrydeffo4.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/58270868d40ff869a4d08d3e0f893da3c51e7261ba80b34bbee4510126533b6a/detection

79.134.225.77:8282
smart234.ddns.net

# Reference: https://www.virustotal.com/gui/file/7110a71d6600a756d0aa9fadbcba104dba6ef22114974eee2a6676445298d4aa/detection

79.134.225.8:6453
alphaget.ddns.net
xaoc6y6yy6.bounceme.net

# Reference: https://www.virustotal.com/gui/file/b65848b6c2ae77863acf09d5f29bf6f1e1b2fbd98833a040e6f53bcbbc004cb4/detection

79.114.124.253:1608
homelaptop.ddns.net

# Reference: https://www.virustotal.com/gui/file/8eb3451aa4b96c3dd16c0968f7c4f3261eeb1a550f3648aa21e19a56e46d22c0/detection

79.134.225.75:4040

# Reference: https://www.virustotal.com/gui/file/8af64061540bafe06aaf819eb09db32dcc6b2cceca569a2726375da1d8225f77/detection

185.165.153.11:9090
riotriot.ddns.net

# Reference: https://www.virustotal.com/gui/file/7d9290ee70bef014939f22007f1de6ed33e0762bdc61e96e659bfe77456bfbdf/detection

41.203.78.158:9090

# Reference: https://www.virustotal.com/gui/file/1ff40475eb58edf037a554b8821935b2e6016f00ff18d51a822e98a0cc4cdeb1/detection

0.tcp.ngrok.io
18.188.14.65:19546
3.14.212.173:19546
3.17.202.129:19546
3.19.3.150:19546
3.19.114.185:19546

# Reference: https://www.virustotal.com/gui/file/0a53eae7a195a84a43bc19452b25e05c5a9cf3ba7533d02e742f610fa5e13d40/detection

18.223.41.243:15816
3.17.202.129:15816

# Reference: https://www.virustotal.com/gui/file/3b48e822297e8352840ddd91546caeb951af876c64653f7d8db7ec5d96087684/detection

68.198.117.153:4782
bfe0to1zem2ogior.serveminecraft.net

# Reference: https://www.virustotal.com/gui/file/31b29c53a227bd0008c461d33538899db0673a37dc47e71ae42f0d6b32bfa511/detection

79.134.225.105:4040

# Reference: https://www.virustotal.com/gui/file/22b073c978eeadcfb751d12ceff7cf1b27b802b4329764553b998426bd05855d/detection

68.192.14.107:1605

# Reference: https://www.virustotal.com/gui/file/a40f890fbf60291ee34505f1dac3986cc249127f7edab134803cda5f17039c91/detection

lasius.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a6457cfeab68e8c662c4d9d75b074f000a1103a0966d5819a49dc6b03f78b802/detection
# Reference: https://www.virustotal.com/gui/file/0777ecb019654f0b8fc2961768f35dc4d41f3def47863b055c3118755bb0ad9a/detection

185.217.1.180:1604
197.210.64.86:1604
lucasdesmond31.ddns.net

# Reference: https://www.virustotal.com/gui/file/69dcba1bd1cb70069101ae3e051d57a62eba2f7b9650f561be550e08663c83fd/detection

procompany.ddns.net

# Reference: https://www.virustotal.com/gui/file/f8397b1579dc91688b6c7994805e1efc5325ef22c0743d2009196fcd55d667f2/detection

173.254.223.68:8282
donsea1234.ddns.net

# Reference: https://www.virustotal.com/gui/file/57b779b63c1444bd0e6d34ac75042fabc8aed7d8aa652793dd08bc54f378f566/detection

194.5.98.28:9090

# Reference: https://www.virustotal.com/gui/file/0e9025441bb5f7621694fd57ee55c63eb774464cb4c1b0d777bddb86871bcf68/detection

41.203.73.171:8282

# Reference: https://www.virustotal.com/gui/file/d899928e75e7109c964996cb6c8397b4e35cfb5561735578eb447545e7feb204/detection

41.203.78.159:8282

# Reference: https://www.virustotal.com/gui/file/03b3b1fb23a991b5bba7f886086caacafcef268b9bf5f178cbffc9735769eb5a/detection

knsoverseaslimited.ddns.net

# Reference: https://www.virustotal.com/gui/file/9ba1e7f53284d456d00db2eb8fb6406f5628666403a48456a8d7611c809c44e6/detection

197.210.62.44:8282

# Reference: https://www.virustotal.com/gui/file/7290e8234d47103dc7c3274b3c7e574970b97bdaa44ffbcc0201c69b0acb11cc/detection

197.210.62.32:8282

# Reference: https://www.virustotal.com/gui/file/fc6a0c7a5758bf1dd04e30c58680fc842316b2078635df3449f51e12322c176a/detection

79.134.225.69:8282

# Reference: https://www.virustotal.com/gui/file/290be52d7ca397be27d670ac37398b1ad5693b16dca6983c626db40e37247487/detection

mprentignac.ddns.net

# Reference: https://www.virustotal.com/gui/file/6f7753f614fb2c123a9fa55de0af097a4f92a7a350d88c55cf218ff5eac6a4f9/detection

41.203.78.182:9090

# Reference: https://www.virustotal.com/gui/file/5a79ba7f2bedbc8ccbfa3ea786be54334dbb76fef00f7b2173fe40c336b53372/detection

beast1111.ddns.net

# Reference: https://www.virustotal.com/gui/file/73102b5cd20c48cfd222d9ad0b618f069493a7ec566480c9b4871cbb2723a3ac/detection

kene32145.ddns.net

# Reference: https://www.virustotal.com/gui/file/82847914515e6c8d599e10547d1bdd834628539f4164ae6e07c0c92de3cf711b/detection

105.112.38.6:8282

# Reference: https://www.virustotal.com/gui/file/60778609ebb0625597a6c0b8021ef6c2155e937eb8bd70bd8043b60eada9b382/detection

stevesteves001.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/505094e8b5ad5b7b536b08ef7e49d946bc7c4c66b7c22966dac0eaa98d29f6cf/detection

185.19.85.141:8282

# Reference: https://www.virustotal.com/gui/file/7e39c10423e4ef1e6fb07432a9af1ef7db0c3a85e874ada57d8aacdab8ad0975/detection

194.5.98.7:9098

# Reference: https://www.virustotal.com/gui/file/931f783ffeb0e5cd5b7e23fa484220f7ccd1d4739e72f440c20b63fb6a795736/detection

213.208.152.217:64816

# Reference: https://www.virustotal.com/gui/file/499843b56eab51e230b0234ab7db80ae3adbb80bdf81cfbfe85caf826e56e3a4/detection

213.208.152.217:9984

# Reference: https://any.run/malware-trends/nanocore

alemaniaelmejor.duckdns.org
anglekeys.duckdns.org
bnow.duckdns.org
codazzixtrem.duckdns.org
dephantomz.duckdns.org
duckdns4.duckdns.org
gemalto.duckdns.org
hicham9risa.duckdns.org
info1.duckdns.org
ipvhosted.duckdns.org
jfcolombia001.duckdns.org
kosovo.duckdns.org
monlait-57586.portmap.host
mrmarkangel.duckdns.org
nickdns19.duckdns.org
nickdns30.duckdns.org
office365update.duckdns.org
salesxpert.duckdns.org
wackysite.duckdns.org
wiskiriskis1982.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1189592368879722497

201.76.93.201:53896
ruthless.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/185.217.1.137/relations

185.217.1.137:1604
blaert.jumpingcrab.com
jobconnect.ddns.net
makegoodpls.strangled.net
royal69.ddns.net

# Reference: https://pastebin.com/29uSdMAk

godwin.ddns.net

# Reference: https://twitter.com/ViriBack/status/1187040674455130112

194.5.99.46:9090

# Reference: https://twitter.com/Paladin3161/status/1185424238611582977

197.210.52.28:3873
91.189.180.216:3873
dennisjose2v.zapto.org
Maxiron2v2.hopto.org
snooper113.duckdns.org

# Reference: https://twitter.com/killamjr/status/1164514185243430914
# Reference: https://app.any.run/tasks/0da0b775-3f5c-4277-99af-1681833f4a05/

194.5.98.24:4564
recoverypw.duckdns.org

# Reference: https://twitter.com/coderippers/status/1156844258139299840

starlucky.warzonedns.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1145689873489301508
# Reference: https://app.any.run/tasks/4ee7d035-40d7-433c-9be8-44fd02bc7375/

185.165.153.22:2040
giovan234.ddns.net

# Reference: https://app.any.run/tasks/6eb2bffa-4f11-4aec-8b24-3695f22ae99d/

185.165.153.114:2525
mrlogga19.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1115307260996202496
# Reference: https://www.virustotal.com/gui/file/d3cab59fb39c3312b93cbd10fc1f01bef963abdabe7acc30b8a9d101947e3143/detection
# Reference: https://www.virustotal.com/gui/ip-address/181.52.252.80/details

181.52.252.80:1896
cee.duia.eu
duck87.duckdns.org
duckdns63.duckdns.org
duckdns64.duckdns.org
duckdns65.duckdns.org
ja0269485.duckdns.org
josesarmiento098765.duckdns.org
josezulu898989.duckdns.org
juanjosequitero.duckdns.org
marketing.con-ip.com
nick107.duckdns.org
nick89.duckdns.org
nick91.duckdns.org
nick92.duckdns.org
nickd93.duckdns.org
nickddns103.duckdns.org
nickddns90.duckdns.org
nickdns101.duckdns.org
nickdns102.duckdns.org
nickdns104.duckdns.org
nickdns106.duckdns.org
nickdns107.duckdns.org
nickdns44.duia.eu
nickdns48.duckdns.org
nickdns49.duckdns.org
nickdns51.duckdns.org
nickdns52.duckdns.org
nickdns53.duckdns.org
nickdns54.duckdns.org
nickdns56.duckdns.org
nickdns58.duckdns.org
nickdns59.duckdns.org
nickdns61.duckdns.org
nickdns62.duckdns.org
nickdns66.duckdns.org
nickdns71.duckdns.org
nickdns72.duckdns.org
nickdns75.duckdns.org
nickdns76.duckdns.org
nickdns79.duckdns.org
nickdns80.duckdns.org
nickdns81.duckdns.org
nickdns82.duckdns.org
nickdns84.duckdns.org
nickdns85.duckdns.org
nickdns87.duckdns.org
nickdns94.duckdns.org
nickdns95.duckdns.org
nickdns96.duckdns.org
nickdns97.duckdns.org
nickdns98.duckdns.org
nickdns99.duckdns.org

# Reference: https://app.any.run/tasks/ba903cda-43f6-47af-9721-f64028df4ce1/

http://evogenicpvt.net/expt/payreceipt.exe
sain123.sytes.net
142.44.161.51:5219

# Reference: https://app.any.run/tasks/978d8b3f-f303-4b0f-bec9-9879bd144916/

clintonlog.hopto.org

# Reference: https://app.any.run/tasks/811b9caf-71d9-4cdb-b707-a08f8c6a29b0/

harri2gud.duckdns.org

# Reference: https://app.any.run/tasks/9ce5f594-1c1c-4ad2-822d-f904bc946ccf/

abokiisback.duckdns.org

# Reference: https://app.any.run/tasks/9ddb7ab3-038e-4c49-b6c9-49523f2fd056/

cbswgc.duckdns.org

# Reference: https://app.any.run/tasks/924d69ef-51fb-4e1a-b7a5-d14b7cbae7ac/

194.5.99.6:6789

# Reference: https://app.any.run/tasks/85f5b765-b054-4fba-a50a-91bc39fe1c74/

papa.redirectme.net