# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1039605676404760576

bproduction.zapto.org

# Reference: https://twitter.com/ScumBots/status/1045052146067165184
# Reference: https://www.virustotal.com/gui/file/660633aaa4222a3577a7d2c63983e7b0f88e09e2de77a6d2eaec52fea5ca97c7/detection

80.193.191.142:1604
hyper-servers.ddns.net

# Reference: https://twitter.com/ScumBots/status/1044912611089948672

corralesking.hopto.org

# Reference: https://twitter.com/ScumBots/status/1046354478268592128

abjbwtf.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1045931693167833088

131454.ddns.net

# Reference: https://twitter.com/ScumBots/status/1045776922171576320

kurviood.ddns.net
samostrelqsh.ddns.net

# Reference: https://twitter.com/ScumBots/status/1045746857408892928

staling79.mooo.com

# Reference: https://twitter.com/ScumBots/status/1043738462233485312

pauldenero.ddns.net

# Reference: https://twitter.com/ScumBots/status/1042779678367473665

clientswin.ddns.net

# Reference: https://twitter.com/ScumBots/status/1042704306795888640

haku004.hopto.org

# Reference: https://twitter.com/ScumBots/status/1042515566584586242

win.ddnsking.com

# Reference: https://twitter.com/ScumBots/status/1037861013255860224

scammer0304.ddns.net

# Reference: https://twitter.com/ScumBots/status/1037098491472998405

popopooo3847343dfer.publicvm.com
xcvx2343242sdfsdfsdfsxcv.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1036487098189205504

aylmao1337.tk

# Reference: https://twitter.com/ScumBots/status/1034248460223037441

adeldu122.ddns.net

# Reference: https://twitter.com/ScumBots/status/1041050784081883136

hbk4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1051065520328458240

needpull.ddns.net

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NanoCor-DM/detailed-analysis.aspx

obiank.ddns.net

# Reference: https://twitter.com/ScumBots/status/1052360306788327424

exotic-40931.portmap.io

# Reference: https://twitter.com/ScumBots/status/1052552825228673024

cuberwar.myvnc.com
cyber786.myvnc.com

# Reference: https://twitter.com/Racco42/status/1046873169070645248

chukwd.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1053824958399500288

fgcvhjbk.bounceme.net

# Reference: https://twitter.com/ScumBots/status/1054761124745412608

icheatedonyourcrush.ddns.net

# Reference: https://twitter.com/ScumBots/status/1055210337266491392

myhostsaddddd.hopto.org

# Reference: https://twitter.com/ScumBots/status/1056965649929510914

zenzen15.ddns.net

# Reference: https://twitter.com/ScumBots/status/1058154734417260544

Pirmary.dynu.net

# Reference: https://twitter.com/ScumBots/status/1058241556451254272

mohamedsaeed.ddns.net

# Reference: https://twitter.com/ScumBots/status/1058932359117107201

zentune.sytes.net

# Reference: https://twitter.com/ScumBots/status/1059509916707311617

avo4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061253904103600128

skynipit.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061269005296693248

office365update.duckdns.org
systen32.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061510597278425089

ogkush.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061710662940942338

jake1234.ddns.net

# Reference: https://twitter.com/ScumBots/status/1062224311430365185

onixoino.ddns.net

# Reference: https://twitter.com/ScumBots/status/1063892541253345281

daddyup.ddns.net

# Reference: https://twitter.com/ScumBots/status/1064575794121445376

weekskypp.hopto.org

# Reference: https://twitter.com/ScumBots/status/1065002353307324418

mcnana.theworkpc.com

# Reference: https://twitter.com/ScumBots/status/1067214563651796992

masterzion.ddns.net

# Reference: https://twitter.com/ScumBots/status/1067237079376191488

yeetyeeter.ddns.net

# Reference: https://twitter.com/ScumBots/status/1067829739107352577

sicknessdk.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1068244972011487232

intercambiotestg99.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1069162266279510016

insta.webhop.me

# Reference: https://twitter.com/ScumBots/status/1069502003116679168

wadlalafala2344.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1070743939089612800

y013s.ddns.net

# Reference: https://twitter.com/ScumBots/status/1070868509763215360

moms.myftp.biz

# Reference: updates up to https://twitter.com/ScumBots/status/1079871582284247041

amerkad19.ddns.net
blubjkh.ddns.net
chromeservice.serveirc.com
kurwa.ddns.net
nanithecorelol.ddns.net
ncore.ddns.net
sambosaxzx.ddns.net
svchostest.ddns.net
vpnchjuy.ddns.net

# Reference: https://www.symantec.com/blogs/threat-intelligence/african-financial-attacks

nemesis225.ddns.net

# Reference: https://twitter.com/ScumBots/status/1086998543217426432

madarahost.ddns.net

# Reference: https://twitter.com/ScumBots/status/1088781872510001152

axuas.ddns.net

# Reference: https://twitter.com/ScumBots/status/1088908631930736640

minimalprojectscm.ddns.net

# Reference: https://twitter.com/ScumBots/status/1089191742681817094

nanoocore.ddns.net
Listener.chickenkiller.com
ukurbap.duckdns.org
5.59.91.86:5552

# Reference: https://twitter.com/ScumBots/status/1096141287328280576

karutohack.ddns.net

# Reference: https://twitter.com/ScumBots/status/1099342379386134529

185.56.90.79:1799

# Reference: https://twitter.com/ScumBots/status/1097262422912614401

194.5.99.9:36460

# Reference: https://twitter.com/ScumBots/status/1099474498317889536

109.181.151.155:1263

# Reference: https://twitter.com/ScumBots/status/1101973465895264257

lp0766.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102094396542144513

fucka.ddns.net
fuckyoua.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102422807672246274

windowuser.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102547247231840258

141.255.152.199:54979

# Reference: https://twitter.com/ScumBots/status/1102573669455462400

demisoda2.kro.kr

# Reference: https://twitter.com/ScumBots/status/1102973809316032512

nanotestit.ddns.net

# Reference: https://twitter.com/ScumBots/status/1103321099440398343

csgo45bj.ddns.net

# Reference: https://twitter.com/ScumBots/status/1104808531184812037

31.49.241.6:1604

# Reference: https://twitter.com/ScumBots/status/1105793638041354240

141.255.151.202:5552

# Reference: https://twitter.com/ScumBots/status/1105797415901253633

141.255.158.98:53896

# Reference: https://twitter.com/James_inthe_box/status/1102914959556538368

185.84.181.88:4050

# Reference: https://twitter.com/ScumBots/status/1108326582664527872

10.9.36.186:6969

# Reference: https://twitter.com/ScumBots/status/1108311482247335936

213.89.206.15:1337

# Reference: https://twitter.com/Racco42/status/1102848826556276736

top1.apexgamingjo.waw.pl

# Reference: https://twitter.com/casual_malware/status/1107441450415992832

nanocore2019.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

ninodns.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1093994913249853440
# Reference: https://pastebin.com/rQ0Cnkh0

lightchibuike.ddns.net
pixls.ddns.net

# Reference: https://twitter.com/ViriBack/status/1065597117937434625

bosmanchi.ddns.net

# Reference: https://twitter.com/killamjr/status/1093553362174242816

tntsure.ddns.net

# Reference: https://twitter.com/pollo290987/status/1092796516555808770

megida.hopto.org

# Reference: https://twitter.com/Racco42/status/1059945882274197504

194.5.99.243:2019

# Reference: https://twitter.com/HerbieZimmerman/status/1057692658104262657

194.5.98.182:7020

# Reference: https://twitter.com/luc4m/status/1044855395615997953

datalogsbackups.hopto.org

# Reference: https://twitter.com/matte_lodi/status/1049203238963167233
# Reference: https://app.any.run/tasks/bb524301-c794-4813-8e72-a03ae7d5b8cc

ambition.ddns.net

# Reference: https://twitter.com/Ring0x0/status/1006200464772419585

delawizzy.ddns.net

# Reference: https://twitter.com/Antelox/status/859092998818344961

herackles.moneyhome.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/751375987028484096

businessdb4.duckdns.org
businessdb5.duckdns.org

# Reference: https://twitter.com/JayTHL/status/729724613907783680

212.7.208.81:51010

# Reference: https://twitter.com/JayTHL/status/705429671303774208

greenbacks.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/694596719426826240

admindarkcomet.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/694296245679099904

QuantumDevv.chickenkiller.com

# Reference: https://twitter.com/MalwareConfig/status/651147773257977856

paychuby.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097923196342272

aeht.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097877851746304

freedarren.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097559160156160

purevid.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/650097117315395584

ik4ito.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/650096982590156800

mlgsnip3r.no-ip.biz

# Reference: https://twitter.com/ScumBots/status/1109640234864701441

67.253.236.155:5553

# Reference: https://twitter.com/ScumBots/status/1110266084760920064

gangbanghangchang.myftp.biz

# Reference: https://twitter.com/James_inthe_box/status/1110579161884577792

172.81.132.137:54984

# Reference: https://twitter.com/x42x5a/status/1113414801705844738

kgentle77.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1114521149034123265

185.101.94.172:36460
rmcos.sparcos-es.com

# Reference: https://twitter.com/HerbieZimmerman/status/1115325369371045889

185.165.153.114:2525

# Reference: https://twitter.com/x42x5a/status/1115556640026177537

184.75.209.169:5787

# Reference: https://twitter.com/malwrhunterteam/status/1115942079711129602

ebaystube.hopto.org

# Reference: https://twitter.com/Racco42/status/1116793128319459329

moran101.duckdns.org

# Reference: https://pastebin.com/S3cZw7CA

154.16.63.122:1919
184.75.209.169:5787
185.56.90.91:1989
185.84.181.83:5302
194.5.98.26:1012
194.5.99.229:5050
213.208.152.197:9737
33393.ddns.net
arab1.myq-see.com
frazodee.hopto.org
gefide5.ddns.net
hhhssa.chickenkiller.com
lacoban.ddns.net
office365.duckdns.org
onielnfo.ddns.net
repoyochar2u.ddns.net
repoyochar2u.hopto.org
skynetcdt.dyndns.org
webaccess.hopto.org
wilfred123.ddns.net

# Reference: https://pastebin.com/ZCVB1pww

103.200.6.3:5490
181.214.55.23:9989
181.215.247.55:9780
185.148.241.40:3413
185.208.211.13:1943
185.244.30.106:1985
185.244.30.116:1985
185.244.30.98:8030
194.5.99.176:54984
194.5.99.181:4488
194.5.99.84:1604
194.68.59.45:32101
86.144.241.171:1608
95.140.125.77:52097
95.140.125.79:10203
ADMIN.ndplc.gq
anunankis3.duckdns.org
burdun.dynu.net
cjbo12.ddns.net
ibrak.ddns.net
jacksmithcarter.ddns.net
jasoiuuydealaa.sytes.net
kenzog.no-ip.biz
kroger.ddns.net
lordblessme.duckdns.org
lordblessme.hopto.org
MARKET.ndplc.gq
microsoftware.hopto.org
netframework.serveminecraft.net
okaforchukwuma247.ddns.net
parcel.duckdns.org
rattool0.ddns.net
rogersbvrly0123.ddns.net
shahan1337.ddns.net
shootingstar.ddns.net
talknahealga1974.myq-see.com
vpnserver.ddns.me
xxxnpornlegitnoscam.ddns.net

# Reference: https://ghostbin.com/paste/qyhf6

107.173.58.71:30117
109.247.80.150:20000
154.16.201.167:3114
154.16.220.215:7177
173.46.85.23:1996
178.209.51.235:4156
181.215.247.13:19983
181.215.247.189:4199
181.215.247.194:1002
181.215.247.70:7000
185.121.166.5:1012
185.244.30.121:5129
185.244.30.127:1985
185.244.30.94:8030
185.244.30.98:9645
185.84.181.65:8128
189davidcameron.ddns.net
191.101.22.231:7200
194.5.99.179:4040
194.5.99.197:54984
194.5.99.22:3940
194.5.99.5:2017
194.68.59.31:1756
198.23.210.211:5890
2018bless.duckdns.org
212.7.208.100:17084
212.7.208.155:10001
212.7.208.94:3413
213.184.126.145:2001
31.220.7.204:1626
37.49.225.19:4335
41.231.120.13:9176
45.35.105.149:30198
46.36.39.22:2212
62.109.11.164:54984
78.47.149.66:7331
79.172.242.29:36378
88.208.246.117:7000
89.35.228.239:57356
89.46.222.206:9998
91.192.100.23:7012
91.192.100.4:3535
91.192.100.5:8181
91.92.136.158:1608
95.140.125.52:2018
95.140.125.85:6020
95.213.251.165:2547
a.tomx.xyz
anonymouss21.ddns.net
babazam.xyz
baseman45.pdns.cz
bennicholas.hopto.org
bitcoinonemmusd.hopto.org
bnow.duckdns.org
brytonwilliams.ddns.net
chykn.hopto.org
comboplug.duckdns.org
darkrig1.ddns.net
dayung.duckdns.org
dickson78.duckdns.org
ehispride1.ddns.net
frankfurt1.perfect-privacy.com
frankfurt2.perfect-privacy.com
frankwill12.ddns.net
godsblessing.dotdns.ch
heinrichschroth.hopto.org
ijomsdavis1.ddns.net
irofuuzo.ddns.net
isaacjekwu123.ddns.net
kotsiros.ddns.net
lappenfick.hopto.org
lascoyaya.sytes.net
maxwellclassic.ddns.net
mercadoliinio.duckdns.org
mikkymouse.duckdns.org
mybackups.duckdns.org
nano.xblbyesma.com
nanoip2.ddns.net
newera.serveftp.com
officewkgrace.ddns.net
osynewvps.duckdns.org
paychenco.ddns.net
paymeaji.ddns.net
snooper112.ddns.net
suncraft.duckdns.org
sydneyjames101.ddns.net
timmy44.ddns.net
timmy55.ddns.net
tonymaris.ddns.net
TUIYR.chickenkiller.com
wackysite.duckdns.org
xblbyesma.com
yannythefanny.ddns.net
z.whorecord.xyz

# Reference: https://twitter.com/James_inthe_box/status/1029752092473217025

185.82.220.137:33691

# Reference: https://twitter.com/pancak3lullz/status/1115982919628148736

194.5.99.30:4488

# Reference: https://twitter.com/pancak3lullz/status/1083411311160102912

185.125.205.71:6789
omada20.ddns.net

# Reference: https://twitter.com/pancak3lullz/status/1082284798708723713

185.125.205.68:3190
jasoncarlosscot.hopto.org

# Reference: https://twitter.com/pancak3lullz/status/1080543756456214528

173.46.85.96:2222
chibuike.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

91.192.100.50:7030

# Reference: https://twitter.com/dvk01uk/status/1121633456323088387
# Reference: https://app.any.run/tasks/44328111-a0d3-48b5-bc50-2e7e45118261

adobemoney.linkpc.net
31.220.43.113:7788

# Reference: https://twitter.com/luc4m/status/1121805940632817664

77.48.28.247:5378

# Reference: https://twitter.com/MalwareConfig/status/775345497422831616

nipples.chickenkiller.com

# Reference: https://twitter.com/MalwareConfig/status/772909731287564288
# Reference: https://malwareconfig.com/config/0c0e3b6d38c265acb8a2b57cdf15803e/

109.169.61.7:6565

# Reference: https://twitter.com/Racco42/status/1122972672001019906

185.101.94.172:3018

# Reference: https://twitter.com/r0ny_123/status/1017730367149760518
# Reference: https://app.any.run/tasks/c4fb59da-cded-4fa9-9a1f-9409a52b7ed3

191.96.249.27:3360

# Reference: https://twitter.com/x42x5a/status/1123179932404846593

wazaa.mywire.org

# Reference: https://twitter.com/dvk01uk/status/1123176385252614145
# Reference: https://app.any.run/tasks/bbe15eb1-1bbe-437f-bdda-5b83fc47b8b5

185.247.228.142:3196

# Reference: https://twitter.com/Racco42/status/1124289220653142016
# Reference: https://app.any.run/tasks/385b66d9-8455-4501-9828-ce8e3ff255b7

wiz2019.ddns.net
185.165.153.110:9124

# Reference: https://twitter.com/Racco42/status/1125377644814581760
# Reference: https://app.any.run/tasks/4edc7722-c6a6-480a-a5ce-dc8ec2c6ee14

nonox.duckdns.org
185.247.228.171:2741

# Reference: https://twitter.com/P3pperP0tts/status/1125807083700539392

bio4kobs.geekgalaxy.com

# Reference: https://twitter.com/dvk01uk/status/1126018535094931456

rajahclassic.chickenkiller.com

# Reference: https://twitter.com/dvk01uk/status/1126332447321411584
# Reference: https://app.any.run/tasks/5e801075-d3af-48b2-9c69-2d838b4ba7b9

91.193.75.239:5494

# Reference: https://twitter.com/58_158_177_102/status/1126774468053889031
# Reference: https://app.any.run/tasks/5f4957cb-3478-4184-a6af-ca0d82fc0415
# Reference: https://app.any.run/tasks/84c87a15-34c7-4434-93ae-6f02b524aad6

kartelicemoney.duckdns.org
105.112.112.160:1707

# Reference: https://twitter.com/x42x5a/status/1128982111711584256

frankwill12m.ddns.net

# Reference: https://twitter.com/ScumBots/status/1132417823760896000

24e26s2854.wicp.vip

# Reference: https://twitter.com/James_inthe_box/status/1133059402800386051

wazy1010.ddns.net

# Reference: https://twitter.com/ScumBots/status/1133331342572236801

120.24.231.105:7334

# Reference: https://twitter.com/JAMESWT_MHT/status/1134365902173102080
# Reference: https://app.any.run/tasks/94641e32-9b9d-4da3-8345-f07e8922b7c6/

194.5.98.5:1680

# Reference: https://twitter.com/JAMESWT_MHT/status/1134478806473986049
# Reference: https://app.any.run/tasks/62f68bae-1b8f-40b6-883d-a48178c0e277/

79.134.225.51:3030

# Reference: https://twitter.com/Racco42/status/1136593634650927105

80.85.153.187:30301

# Reference: https://twitter.com/James_inthe_box/status/1136778097615724548

185.217.1.133:50317

# Reference: https://app.any.run/tasks/12b3ea80-4345-4f3b-b628-a10c0195854a/

91.193.75.239:5494

# Reference: https://twitter.com/luc4m/status/1138064069284573184

bukis228.ddns.net

# Reference: https://twitter.com/Zerophage1337/status/1138099090556932097

91.193.75.21:5626
atiku.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

ganif.ddns.net
shedyshedy.ddns.net

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1186

# Reference: https://blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/

185.244.31.50:1540
79.134.225.41:2031

# Reference: https://twitter.com/P3pperP0tts/status/1139942794590601216
# Reference: https://pastebin.com/bpabKNNZ

185.244.31.25:3575
185.244.31.31:8181
91.193.75.239:5494
ambit19.ddns.net
ip2locate.ddns.net
ochaforward.hopto.org
templerun.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1141317977167605765
# Reference: https://app.any.run/tasks/0a32df75-7fa1-4ac4-b093-9422785aa904/

69.65.7.135:8484

# Reference: https://myonlinesecurity.co.uk/nanocore-rat-via-fake-dhl-failed-delivery-in-chinese/
# Reference: https://app.any.run/tasks/bae68d93-a378-436a-b809-362b00fd84d5/

185.244.29.22:6699
microsoft.btc-crypto-rewards.cash

# Reference: https://twitter.com/Racco42/status/1141106627229212673
# Reference: https://twitter.com/HerbieZimmerman/status/1141408019571458049

justgo.linkpc.net
104.206.98.246:30301

# Reference: https://twitter.com/reecdeep/status/1143821025748164608
# Reference: https://app.any.run/tasks/6ad55b12-af6b-419d-b375-b87c25c82056/

79.134.225.12:5000

# Reference: https://twitter.com/ffforward/status/1144531131326504961

feshng.hopto.org
134.3.20.151:7789
185.165.153.171:7789

# Reference: https://twitter.com/luc4m/status/1145603655413981185

southmoney.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1145680737971998720

pay1.duckdns.org

# Reference: https://twitter.com/killamjr/status/1145758143395373056

103.133.109.109:2040

# Reference: https://pastebin.com/S4ggik78

dxbdoc.ddns.net
jodeal.casacam.net
nemesis225.duckdns.org
popsudtsucks.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1146482606185308160

23.249.168.10:1982
ogodoswar.ddns.net

# Reference: https://twitter.com/killamjr/status/1146498532716793856
# Reference: https://app.any.run/tasks/5db94abe-1315-4b95-9d49-704db75df4c0/

5.196.203.64:42093
thefrench.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1146669422448435201
# Reference: https://app.any.run/tasks/70b936c4-e4eb-44f3-a15e-e2663fb19562/

79.134.225.51:3030

# Reference: https://twitter.com/ScumBots/status/1147928776216653825

141.255.145.32:1604

# Reference: https://twitter.com/reecdeep/status/1148901391001407494

79.134.225.12:5000

# Reference: https://twitter.com/James_inthe_box/status/1149026394472472576

185.244.31.81:3487

# Reference: https://twitter.com/D3LabIT/status/1149659498350407680
# Reference: https://app.any.run/tasks/70dfba07-7b8a-4bff-a71e-c520f977f3d2/

185.247.228.191:1540

# Reference: https://twitter.com/P3pperP0tts/status/1150326099416686592

benders.zapto.org
debase45.ddns.net

# Reference: https://www.virustotal.com/gui/file/af0fbb1773a61cc3cd40cb559ecea7fec657769c5179bfcdfae0d63803b48497/behavior/Dr.Web%20vxCube
# Reference: https://app.any.run/tasks/611b13bd-4c3b-48f9-a86f-b1eb99eee413

updated01.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1151385321587838978
# Reference: https://twitter.com/reecdeep/status/1151756075407945729
# Reference: https://app.any.run/tasks/457db32a-37d5-4661-8343-66acae38c8d2/

nacoreloaded12.ddns.net
160.202.163.244:3126

# Reference: https://twitter.com/B1naryG/status/1151424533032816641
# Reference: https://app.any.run/tasks/40a6bc66-e98b-4cd7-a077-bc773d0ed954/

185.247.228.17:47581
etoiilefiiilante.duckdns.org

# Reference: https://twitter.com/coderippers/status/1152188547253846016

moneybag042.warzonedns.com

# Reference: https://twitter.com/reecdeep/status/1145943064961269760

mardinmagic.ddns.net

# Reference: https://twitter.com/coderippers/status/1153267389632602114

185.125.205.75:54984
blackhill.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1153283443133964290

avt.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1153672360265781249

localdesk.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1154367978152124418

onpcsetup.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1154636731074908160

5.188.9.57:7575

# Reference: https://twitter.com/James_inthe_box/status/1154762726494765056

newmicke2019.ddns.net

# Reference: https://twitter.com/Racco42/status/1155776895394439168
# Reference: https://app.any.run/tasks/f1d56790-6fee-481e-b40f-85453d3d52ca/

moneybag042.warzonedns.com
36.255.97.73:2040

# Reference: https://twitter.com/Paladin3161/status/1157070115038478338

79.134.225.96:5556

# Reference: https://twitter.com/Paladin3161/status/1156903664302215169

185.217.1.156:5200
warzoneburky.ddns.net

# Reference: https://twitter.com/wwp96/status/1158427926750212096

eguchinomso.duckdns.org

# Reference: https://twitter.com/wwp96/status/1158390337372655617

primaryjet.duckdns.org
142.44.161.51:5232

# Reference: https://twitter.com/killamjr/status/1159132424544149504
# Reference: https://app.any.run/tasks/a227900f-9fd8-4e82-84b7-7d93357517ea/

160.116.15.132:2382
kalakuta.ddns.net

# Reference: https://twitter.com/ScumBots/status/1162416745317052417

178.117.59.19:25565

# Reference: https://twitter.com/ScumBots/status/1163001849731063810

184.57.168.28:1705

# Reference: https://twitter.com/wwp96/status/1163472330565332992
# Reference: https://app.any.run/tasks/0cbd5edf-c36a-48d8-b9ae-67ad0b83d759/

23.105.131.129:7080
patgini.duckdns.org

# Reference: https://twitter.com/killamjr/status/1164172558700204032

attilabanks.ddns.net

# Reference: https://twitter.com/reecdeep/status/1164422876017115136

79.134.225.52:1991

# Reference: https://twitter.com/reecdeep/status/1164432216010702848
# Reference: https://app.any.run/tasks/2e09254a-c57f-4d6d-8186-de18a9eb75fe/

79.134.225.108:1135
systempc1.ddns.net

# Reference: https://twitter.com/reecdeep/status/1164466004480745472
# Reference: https://app.any.run/tasks/0fa8bc38-52f8-4e4e-af68-65b737625372/

79.134.225.55:7030
pacotdc2020.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1163354232113831936
# Reference: https://app.any.run/tasks/76c3a5e1-5a04-489f-a59b-2408524d14ce/

66.133.76.69:8631
cjchijioke.zapto.org

# Reference: https://twitter.com/killamjr/status/1164514185243430914
# Reference: https://app.any.run/tasks/0da0b775-3f5c-4277-99af-1681833f4a05/

194.5.98.24:4564
recoverypw.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1164792320396365829

194.5.98.137:7895
engineer.hopto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1166030024635498496

91.189.180.211:4740
bsbs.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1166238086084345857
# Reference: https://app.any.run/tasks/ff57ad8c-a66c-47f8-b42b-d6026d94ad5f/

185.19.85.171:59
agahwon.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1166605833343553536
# Reference: https://app.any.run/tasks/28a1f567-1857-4bd1-a4d2-edb1db79c66a/

194.5.98.225:54984
apapurevpn.ddns.net

# Reference: https://twitter.com/Jouliok/status/1166616872474894337
# Reference: https://app.any.run/tasks/2bfd1d45-eec2-443b-bf71-e18df582f076/

185.105.236.176:2179
calitus.hopto.org

# Reference: https://twitter.com/Paladin3161/status/1167027534828978177

ariascopetrading.hopto.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

bnow.duckdns.org
ciao2.hopto.org
dwxi.duckdns.org
dxbdoc.ddns.net
fillup.duckdns.org
hardrickkonsult.duckdns.org
jodeal.casacam.net
kendomoney2.duckdns.org
moneymen2019.ddns.net
mrstan.duckdns.org
nemesis225.duckdns.org
popsudtsucks.duckdns.org
roblox.webredirect.org
wackysite.duckdns.org
winsec.dynu.net

# Reference: https://twitter.com/p5yb34m/status/1167130345965117440

manblues.sytes.net

# Reference: https://twitter.com/wwp96/status/1167837052097970176

sandshoe.duckdns.org
smartcoonect.duckdns.org

# Reference: https://twitter.com/wwp96/status/1167830992587034624

saintjames.publicvm.com

# Reference: https://twitter.com/wwp96/status/1167834053590097921
# Reference: https://app.any.run/tasks/5260bec5-bff2-44f4-983f-9dc2adde3113/

142.44.161.51:5089
nnjhjhjj.duckdns.org

# Reference: https://twitter.com/Racco42/status/1168622419256459266
# Reference: https://app.any.run/tasks/8f34b304-4350-4ca9-87f1-00fd92b88454/

154.68.5.169:49153
chance2019.ddns.net

# Reference: https://twitter.com/reecdeep/status/1168795298715639808
# Reference: https://app.any.run/tasks/c23caa1a-41f5-43d2-8c63-4e8e4d45a98f/

185.105.236.134:9412
fredwil.ddns.net

# Reference: https://twitter.com/ps66uk/status/1169181097604915200

79.134.225.108:5592
98.143.144.232:58566
mstanley.ufcfan.org
worklogin2019.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1169339642115588096

eventuary.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432

105.112.98.206:1144
173.254.223.125:1144
meeti.ddns.net

# Reference: https://twitter.com/wwp96/status/1170310504029536256

blackhill.ddns.net

# Reference: https://twitter.com/wwp96/status/1170336591635783680
# Reference: https://app.any.run/tasks/79afa5de-1f01-4b27-ab24-4239512844ff/

185.105.236.176:5721
weiby.hopto.org

# Reference: https://twitter.com/Paladin3161/status/1170706804864536576

bloc2020.ddns.net

# Reference: https://app.any.run/tasks/38a77fc4-420f-493d-985b-b3a0577ff256/

185.165.153.35:30089

# Reference: https://twitter.com/wwp96/status/1171063529929105412
# Reference: https://app.any.run/tasks/4a93b3f3-2876-45c5-9501-410830ee0d5b/

185.165.153.56:4040
eizzymoney.ddns.net

# Reference: https://twitter.com/wwp96/status/1171065447967580162
# Reference: https://app.any.run/tasks/c3334463-7291-42b6-bcdf-e9b850b8192b/

51.89.142.95:5454
abc.hopto.me

# Reference: https://app.any.run/tasks/c9c03c22-e430-408d-b971-c6e4f9effca9/

moran101.duckdns.org
moran007.duckdns.org

# Reference: https://twitter.com/wwp96/status/1171407790449012736
# Reference: https://app.any.run/tasks/64497ded-42f5-4689-8ea3-c23864707166/
# Reference: https://app.any.run/tasks/9b106ed5-ddbf-405b-986f-dc48525b0d51/

103.200.6.79:2277
103.200.6.79:7722
renaj.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1171762981673172992

1gstemos.duckdns.org
danishcent.duckdns.org
jaden222.kozow.com

# Reference: https://twitter.com/JayTHL/status/1171792541240442880

91.189.180.218:4435
btchtu.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1171952485625262080

officeofgrace14.ddns.net

# Reference: https://twitter.com/reecdeep/status/1172525114036039680
# Reference: https://app.any.run/tasks/237d0b43-2489-4854-bbc2-4c459598e3c8/

185.19.85.159:3000

# Reference: https://twitter.com/dvk01uk/status/1172755193206845444
# Reference: https://app.any.run/tasks/e0c2b41e-0b42-4c96-b0bc-72fd6be85284/

185.165.153.121:76
deburg.duckdns.org

# Reference: https://twitter.com/killamjr/status/1173262255611269120
# Reference: https://app.any.run/tasks/28aa0199-0428-4812-b9fa-687a69c5bd7b/

79.134.225.104:4050

# Reference: https://twitter.com/coderippers/status/1156857536026484736

103.200.6.3:2016

# Reference: https://app.any.run/tasks/bc5b715c-7bfa-4025-9a42-58de61855990/

saintjames.publicvm.com

# Reference: https://www.virustotal.com/gui/file/3f5bce47783e3a859fbb467b72f659ba95ccbcacc5f0906a9615fa44dfbb3bb4/detection

79.134.225.106:9124
shekinahwiz.ddns.net

# Reference: https://twitter.com/killamjr/status/1178663514900238336
# Reference: https://app.any.run/tasks/177c7ec2-fb0a-4302-b871-8bdb359624df/

194.5.98.123:33733


# Reference: http://vxcube.com/recent-threats-ioc/5d3781b3a39bb560702e4a13/detail

nanocore511.ddns.net
avt.duckdns.org
jimmycharles2468.ddns.net
kennethpeters.ddns.net
king8950.duckdns.org
ilepilub.myhostpoint.ch
sammorrisok55.duckdns.org
abundantgrace1.ddns.net
warzoneburky.ddns.net

# Refrence: https://twitter.com/James_inthe_box/status/1179774489514496000

59108.duckdns.org

# Reference: https://app.any.run/tasks/cdef8e3a-c2e1-4363-8f85-219925f5e5ad/

odogwu222.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1180811705280012288

94.107.59.249:54984
connectings.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1181188506980208640

kartelicemoney.duckdns.org

# Reference: https://twitter.com/Racco42/status/1181330436162818054
# Reference: https://app.any.run/tasks/1fc0964a-4d9e-45bd-a982-8bb6e6251b48/

194.5.98.127:5882
ify.duckdns.org

# Reference: https://twitter.com/Racco42/status/1181670662194257936
# Reference: https://app.any.run/tasks/77b8af9e-239e-42c6-8670-69984eb22afa/

79.134.225.42:1985

# Reference: https://twitter.com/ffforward/status/1181853927156920321
# Reference: https://app.any.run/tasks/d78e78a4-824c-44d9-a0f8-a25be2a038af/

79.134.225.46:9020
mulla.hopto.org

# Reference: https://twitter.com/Racco42/status/1182064994516643841

79.134.225.119:55112

# Reference: https://app.any.run/tasks/c14fcbdc-edc1-427b-9f15-bd047abb1e8c/

194.5.98.251:5540

# Reference: https://twitter.com/w3ndige/status/1176905272549400579
# Reference: https://app.any.run/tasks/b4fdda7d-737a-4493-913c-e1cff8987d4a/

185.217.1.173:9834
antihunger.dynu.net

# Reference: https://twitter.com/w3ndige/status/1165906300754104322

103.200.5.128:8776
gregvictor.hopto.org

# Reference: https://twitter.com/P3pperP0tts/status/1186665154513195013

79.134.225.70:3940
danishcent.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1188840789016764416
# Reference: https://app.any.run/tasks/7e37ef77-7127-4213-b8e5-ee24f8658e8d/

185.165.153.239:9834
newone11.mywire.org

# Reference: https://twitter.com/wwp96/status/1188887309091033089
# Reference: https://app.any.run/tasks/95daf9a7-d985-4928-8220-c12bf45b3334/

185.165.153.16:6939
morgan22.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/603d6fc8c41c2a18139857e27a7dc3e050f3c9ddfac7cccc92c4e454408fb896/detection

tijanml.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/98be89b13355f98a1e7faf259312b0054159aeffa9d222101c2227854d5089e8/detection

79.134.225.125:1985

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/97f32d9e89e510d6e9c26d0a91d3e08692932d0d2a2264a7369b5a133fade0b5/detection

79.134.225.125:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/fc6a0c7a5758bf1dd04e30c58680fc842316b2078635df3449f51e12322c176a/detection
# Reference: https://www.virustotal.com/gui/ip-address/37.235.1.174/relations

37.235.1.174:53

# Reference: https://www.virustotal.com/gui/file/4928fdede6439ab72afc175ef367440d665c876d7c3a1bff09ffd6c53752ce56/detection

185.217.1.135:137
37.235.1.177:53
alaincrestel1900.ddns.net
larbivps.freemyip.com

# Reference: https://www.virustotal.com/gui/file/9c70295e9fedc283b112db777ccb3cd35b8177ce258d773f6d1df26692d0fedc/detection

beast999.ddns.net

# Reference: https://www.virustotal.com/gui/file/70fe32a3ed8a6d0faf3ac6d460b3b1c4dcb8819fe7ca86069a7ff6479282562e/detection

SchoolServer405.mooo.com

# Reference: https://www.virustotal.com/gui/file/5068c69231bfd86ed423021ce32a189b3d7f92391917b9b62251a545bb98834b/detection

88.235.181.40:8282
victoryinkings.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc23e79acb4676f260b0c5a29c1315395b0099c11a954d1d85180161225d25e7/detection
# Reference: https://www.virustotal.com/gui/file/c4eab66d81ba8fab271e01d6080978ffad715c77734b43ce8ee0d6906f2c8186/detection

154.118.70.199:6060
41.217.61.245:6060
79.134.225.74:6060
obu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b174b1345931d9f22e75bdfe7ec10241c047c6cc82ca223224d3bdb0ca470234/detection

79.134.225.7:8282
conana666.ddns.net

# Reference: https://www.virustotal.com/gui/file/100b4b69c75870f8134238b0b26e7c666a57c2e0ed46729297cb527ec67d1d5b/detection

xsrt7dtftvf.ddns.net

# Reference: https://www.virustotal.com/gui/file/5d6decfa7304de309e330fcb8483261e4b1b3ad6515cebba33a23ab3db050d4d/detection

79.134.225.116:1604
91.193.75.48:1604
staffordcranegroup1.ddns.net

# Reference: https://www.virustotal.com/gui/file/143fa3aad33c18877ed9e435d140b9be6b92e20e8a767e6098b43caabf7734ac/detection

79.134.225.74:1111
lecamerenhaut.freemyip.com

# Reference: https://www.virustotal.com/gui/file/6ce3f65a76bae40596eebd524b5389e409ddaa0e03d62dcbe314adead20ce2e2/detection

194.5.98.190:9098
norly.ddns.net

# Reference: https://www.virustotal.com/gui/file/891152054d208fd7da085b63d53821e14ce6c6f128e1dda6d569fded36ee04b6/detection

41.203.78.246:8282

# Reference: https://www.virustotal.com/gui/file/773b78f8aef041ebf69887c0bd08d675591f28c5c1334ab078865303e17a6620/detection

185.247.228.15:4040
ellababy123.ddns.net

# Reference: https://www.virustotal.com/gui/file/1c01644bf0467a11d1966af6f334d4c0c0eb1d432e794d3a077429feb2ad9fd7/detection

clanige4.ddns.net

# Reference: https://www.virustotal.com/gui/file/da32aadc61ccfd99fd0617f5f763d06db2d01c2fb604239c775a2ee40a3d8b5b/detection

41.203.78.34:8282

# Reference: https://www.virustotal.com/gui/file/492dbe76f0fc6405cccd22266e7c4a3f138e834d81689250da1e1c676bebeef0/detection

185.19.85.183:8809
odogwuchacha.ddns.net

# Reference: https://www.virustotal.com/gui/file/3853bdd2d2062612f2db5244f330edf0b20dee4531e219b9a2040b21aecaa5c8/detection

thierrydeffo4.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/58270868d40ff869a4d08d3e0f893da3c51e7261ba80b34bbee4510126533b6a/detection

79.134.225.77:8282
smart234.ddns.net

# Reference: https://www.virustotal.com/gui/file/7110a71d6600a756d0aa9fadbcba104dba6ef22114974eee2a6676445298d4aa/detection

79.134.225.8:6453
alphaget.ddns.net
xaoc6y6yy6.bounceme.net

# Reference: https://www.virustotal.com/gui/file/b65848b6c2ae77863acf09d5f29bf6f1e1b2fbd98833a040e6f53bcbbc004cb4/detection

79.114.124.253:1608
homelaptop.ddns.net

# Reference: https://www.virustotal.com/gui/file/8eb3451aa4b96c3dd16c0968f7c4f3261eeb1a550f3648aa21e19a56e46d22c0/detection

79.134.225.75:4040

# Reference: https://www.virustotal.com/gui/file/8af64061540bafe06aaf819eb09db32dcc6b2cceca569a2726375da1d8225f77/detection

185.165.153.11:9090
riotriot.ddns.net

# Reference: https://www.virustotal.com/gui/file/7d9290ee70bef014939f22007f1de6ed33e0762bdc61e96e659bfe77456bfbdf/detection

41.203.78.158:9090

# Reference: https://www.virustotal.com/gui/file/1ff40475eb58edf037a554b8821935b2e6016f00ff18d51a822e98a0cc4cdeb1/detection

0.tcp.ngrok.io
18.188.14.65:19546
3.14.212.173:19546
3.17.202.129:19546
3.19.3.150:19546
3.19.114.185:19546

# Reference: https://www.virustotal.com/gui/file/0a53eae7a195a84a43bc19452b25e05c5a9cf3ba7533d02e742f610fa5e13d40/detection

18.223.41.243:15816
3.17.202.129:15816

# Reference: https://www.virustotal.com/gui/file/3b48e822297e8352840ddd91546caeb951af876c64653f7d8db7ec5d96087684/detection

68.198.117.153:4782
bfe0to1zem2ogior.serveminecraft.net

# Reference: https://www.virustotal.com/gui/file/31b29c53a227bd0008c461d33538899db0673a37dc47e71ae42f0d6b32bfa511/detection

79.134.225.105:4040

# Reference: https://www.virustotal.com/gui/file/22b073c978eeadcfb751d12ceff7cf1b27b802b4329764553b998426bd05855d/detection

68.192.14.107:1605

# Reference: https://www.virustotal.com/gui/file/a40f890fbf60291ee34505f1dac3986cc249127f7edab134803cda5f17039c91/detection

lasius.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a6457cfeab68e8c662c4d9d75b074f000a1103a0966d5819a49dc6b03f78b802/detection
# Reference: https://www.virustotal.com/gui/file/0777ecb019654f0b8fc2961768f35dc4d41f3def47863b055c3118755bb0ad9a/detection

185.217.1.180:1604
197.210.64.86:1604
lucasdesmond31.ddns.net

# Reference: https://www.virustotal.com/gui/file/69dcba1bd1cb70069101ae3e051d57a62eba2f7b9650f561be550e08663c83fd/detection

procompany.ddns.net

# Reference: https://www.virustotal.com/gui/file/f8397b1579dc91688b6c7994805e1efc5325ef22c0743d2009196fcd55d667f2/detection

173.254.223.68:8282
donsea1234.ddns.net

# Reference: https://www.virustotal.com/gui/file/57b779b63c1444bd0e6d34ac75042fabc8aed7d8aa652793dd08bc54f378f566/detection

194.5.98.28:9090

# Reference: https://www.virustotal.com/gui/file/0e9025441bb5f7621694fd57ee55c63eb774464cb4c1b0d777bddb86871bcf68/detection

41.203.73.171:8282

# Reference: https://www.virustotal.com/gui/file/d899928e75e7109c964996cb6c8397b4e35cfb5561735578eb447545e7feb204/detection

41.203.78.159:8282

# Reference: https://www.virustotal.com/gui/file/03b3b1fb23a991b5bba7f886086caacafcef268b9bf5f178cbffc9735769eb5a/detection

knsoverseaslimited.ddns.net

# Reference: https://www.virustotal.com/gui/file/9ba1e7f53284d456d00db2eb8fb6406f5628666403a48456a8d7611c809c44e6/detection

197.210.62.44:8282

# Reference: https://www.virustotal.com/gui/file/7290e8234d47103dc7c3274b3c7e574970b97bdaa44ffbcc0201c69b0acb11cc/detection

197.210.62.32:8282

# Reference: https://www.virustotal.com/gui/file/fc6a0c7a5758bf1dd04e30c58680fc842316b2078635df3449f51e12322c176a/detection

79.134.225.69:8282

# Reference: https://www.virustotal.com/gui/file/290be52d7ca397be27d670ac37398b1ad5693b16dca6983c626db40e37247487/detection

mprentignac.ddns.net

# Reference: https://www.virustotal.com/gui/file/6f7753f614fb2c123a9fa55de0af097a4f92a7a350d88c55cf218ff5eac6a4f9/detection

41.203.78.182:9090

# Reference: https://www.virustotal.com/gui/file/5a79ba7f2bedbc8ccbfa3ea786be54334dbb76fef00f7b2173fe40c336b53372/detection

beast1111.ddns.net

# Reference: https://www.virustotal.com/gui/file/73102b5cd20c48cfd222d9ad0b618f069493a7ec566480c9b4871cbb2723a3ac/detection

kene32145.ddns.net

# Reference: https://www.virustotal.com/gui/file/82847914515e6c8d599e10547d1bdd834628539f4164ae6e07c0c92de3cf711b/detection

105.112.38.6:8282

# Reference: https://www.virustotal.com/gui/file/60778609ebb0625597a6c0b8021ef6c2155e937eb8bd70bd8043b60eada9b382/detection

stevesteves001.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/505094e8b5ad5b7b536b08ef7e49d946bc7c4c66b7c22966dac0eaa98d29f6cf/detection

185.19.85.141:8282

# Reference: https://www.virustotal.com/gui/file/7e39c10423e4ef1e6fb07432a9af1ef7db0c3a85e874ada57d8aacdab8ad0975/detection

194.5.98.7:9098

# Reference: https://www.virustotal.com/gui/file/931f783ffeb0e5cd5b7e23fa484220f7ccd1d4739e72f440c20b63fb6a795736/detection

213.208.152.217:64816

# Reference: https://www.virustotal.com/gui/file/499843b56eab51e230b0234ab7db80ae3adbb80bdf81cfbfe85caf826e56e3a4/detection

213.208.152.217:9984

# Reference: https://any.run/malware-trends/nanocore (Note: as seen on 2019-12-04)

alemaniaelmejor.duckdns.org
anglekeys.duckdns.org
bnow.duckdns.org
codazzixtrem.duckdns.org
dephantomz.duckdns.org
duckdns4.duckdns.org
gemalto.duckdns.org
hicham9risa.duckdns.org
info1.duckdns.org
ipvhosted.duckdns.org
jfcolombia001.duckdns.org
kosovo.duckdns.org
monlait-57586.portmap.host
mrmarkangel.duckdns.org
nickdns19.duckdns.org
nickdns30.duckdns.org
office365update.duckdns.org
salesxpert.duckdns.org
wackysite.duckdns.org
wiskiriskis1982.duckdns.org


# Reference: https://any.run/malware-trends/nanocore (Note: as seen on 2019-12-10)

mv-s2s-dev.ngrok.io
mynameisstaff.warzonedns.com
okenwa.hopto.org
1990.duckdns.org
xipp.duckdns.org
34112r.rapiddns.ru
smartcoonect.duckdns.org
duckdns4.duckdns.org
salesxpert.duckdns.org
ipvhosted.duckdns.org
gemalto.duckdns.org
jfcolombia001.duckdns.org
office365update.duckdns.org
kosovo.duckdns.org
codazzixtrem.duckdns.org
mrmarkangel.duckdns.org
anglekeys.duckdns.org
dephantomz.duckdns.org
wiskiriskis1982.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1189592368879722497

201.76.93.201:53896
ruthless.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/185.217.1.137/relations

185.217.1.137:1604
blaert.jumpingcrab.com
jobconnect.ddns.net
makegoodpls.strangled.net
royal69.ddns.net

# Reference: https://pastebin.com/29uSdMAk

godwin.ddns.net

# Reference: https://twitter.com/ViriBack/status/1187040674455130112

194.5.99.46:9090

# Reference: https://twitter.com/Paladin3161/status/1185424238611582977

197.210.52.28:3873
91.189.180.216:3873
dennisjose2v.zapto.org
Maxiron2v2.hopto.org
snooper113.duckdns.org

# Reference: https://twitter.com/killamjr/status/1164514185243430914
# Reference: https://app.any.run/tasks/0da0b775-3f5c-4277-99af-1681833f4a05/

194.5.98.24:4564
recoverypw.duckdns.org

# Reference: https://twitter.com/coderippers/status/1156844258139299840

starlucky.warzonedns.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1145689873489301508
# Reference: https://app.any.run/tasks/4ee7d035-40d7-433c-9be8-44fd02bc7375/

185.165.153.22:2040
giovan234.ddns.net

# Reference: https://app.any.run/tasks/6eb2bffa-4f11-4aec-8b24-3695f22ae99d/

185.165.153.114:2525
mrlogga19.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1115307260996202496
# Reference: https://www.virustotal.com/gui/file/d3cab59fb39c3312b93cbd10fc1f01bef963abdabe7acc30b8a9d101947e3143/detection
# Reference: https://www.virustotal.com/gui/ip-address/181.52.252.80/details

181.52.252.80:1896
cee.duia.eu
duck87.duckdns.org
duckdns63.duckdns.org
duckdns64.duckdns.org
duckdns65.duckdns.org
ja0269485.duckdns.org
josesarmiento098765.duckdns.org
josezulu898989.duckdns.org
juanjosequitero.duckdns.org
marketing.con-ip.com
nick107.duckdns.org
nick89.duckdns.org
nick91.duckdns.org
nick92.duckdns.org
nickd93.duckdns.org
nickddns103.duckdns.org
nickddns90.duckdns.org
nickdns101.duckdns.org
nickdns102.duckdns.org
nickdns104.duckdns.org
nickdns106.duckdns.org
nickdns107.duckdns.org
nickdns44.duia.eu
nickdns48.duckdns.org
nickdns49.duckdns.org
nickdns51.duckdns.org
nickdns52.duckdns.org
nickdns53.duckdns.org
nickdns54.duckdns.org
nickdns56.duckdns.org
nickdns58.duckdns.org
nickdns59.duckdns.org
nickdns61.duckdns.org
nickdns62.duckdns.org
nickdns66.duckdns.org
nickdns71.duckdns.org
nickdns72.duckdns.org
nickdns75.duckdns.org
nickdns76.duckdns.org
nickdns79.duckdns.org
nickdns80.duckdns.org
nickdns81.duckdns.org
nickdns82.duckdns.org
nickdns84.duckdns.org
nickdns85.duckdns.org
nickdns87.duckdns.org
nickdns94.duckdns.org
nickdns95.duckdns.org
nickdns96.duckdns.org
nickdns97.duckdns.org
nickdns98.duckdns.org
nickdns99.duckdns.org

# Reference: https://app.any.run/tasks/ba903cda-43f6-47af-9721-f64028df4ce1/

http://evogenicpvt.net/expt/payreceipt.exe
sain123.sytes.net
142.44.161.51:5219

# Reference: https://app.any.run/tasks/978d8b3f-f303-4b0f-bec9-9879bd144916/

clintonlog.hopto.org

# Reference: https://app.any.run/tasks/811b9caf-71d9-4cdb-b707-a08f8c6a29b0/

harri2gud.duckdns.org

# Reference: https://app.any.run/tasks/9ce5f594-1c1c-4ad2-822d-f904bc946ccf/
# Reference: https://twitter.com/peric0/status/1192862785711083520
# Reference: https://app.any.run/tasks/4b2c22dc-5abb-4c3d-a25f-97cba3f34902/

79.134.225.76:9900
abokiisback.duckdns.org

# Reference: https://app.any.run/tasks/9ddb7ab3-038e-4c49-b6c9-49523f2fd056/

cbswgc.duckdns.org

# Reference: https://app.any.run/tasks/924d69ef-51fb-4e1a-b7a5-d14b7cbae7ac/

194.5.99.6:6789

# Reference: https://app.any.run/tasks/85f5b765-b054-4fba-a50a-91bc39fe1c74/

papa.redirectme.net

# Reference: https://twitter.com/MalwareConfig/status/1191909772376887296
# Reference: https://malwareconfig.com/config/29fb4a3586cfde6569e47c2bb746ec8f

213.208.152.214:5999
strongods.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/185.165.153.150/relations
# Reference: https://www.virustotal.com/gui/file/a643eb192412836ec1053aac2e8e172c6c61d84df92f9340ef5e453e88cf0be1/detection
# Reference: https://www.virustotal.com/gui/file/de7e6813575993eb770ab6bcfd740f57af36e43abba271a889cd57a82ae92d45/detection

185.165.153.150:4922
185.165.153.150:6703
crpa.noip.me
masked101.duckdns.org
rentals.insidedns.com
ru2-pool-1194.nvpn.so
tradcan.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1192436545632055297
# Reference: https://malwareconfig.com/config/78efefde393dca7373734ce7af734e9d

novlachy.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1192421564580429825
# Reference: https://pastebin.com/66DbarxY

cjay55.duckdns.org
deaphnote.ddns.net
fresh22.duckdns.org
indomie.zapto.org
jeffserver.duckdns.org
mgc001.duckdns.org
wazzy111.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1192523361336877056

79.134.225.71:2222
loveday10.ddns.net

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
# Reference: https://www.virustotal.com/gui/file/91d539af85599fda3fb2fb023866b72d64adc2bb95f6153e655cc844564de02e/detection

194.5.98.85:11903
allodeh2.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1191757187254644736

indomie.zapto.org

# Reference: https://twitter.com/killamjr/status/1191561859901673472

79.134.225.61:83

# Reference: https://app.any.run/tasks/62411b4c-8823-4365-a062-0b9c7d6ba5e3/

194.5.97.10:5626
novlachy.duckdns.org

# Reference: https://twitter.com/coderippers/status/1192746152514469888

185.165.153.79:54984

# Reference: https://any.run/report/11b9f94f97662d112f95e7904ce6655265aedc73159a8add62255c11f4456164/46e7ac03-8641-418d-b993-ee8465161c7d

194.5.98.212:4050

# Reference: https://threatrecon.nshc.net/2019/09/19/sectorh01-continues-abusing-web-services/

haggapaggawagga.duckdns.org
ontothenextone.duckdns.org
yakka.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1192802828592570369
# Reference: https://app.any.run/tasks/758eaaf7-d81f-402c-89c3-a7b50518607a/

192.169.69.25:5626
meca.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a54d5a01f25dbe968b3aa91075bdbf37d9f6f3e708fbb9a25254166553ef94de/detection

104.206.99.52:2019

# Reference: https://www.virustotal.com/gui/ip-address/23.249.163.24/relations

aysnicacid.duckdns.org
ghorara.duckdns.org

# Reference: https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/

137.74.157.90:33338

# Reference: https://twitter.com/JayTHL/status/1193770501132431360

onetap1309.ddns.net

# Reference: https://app.any.run/tasks/196bcf4c-0931-4c28-a75d-290c6cac7f53/

timnoip.ddns.net

# Reference: https://app.any.run/tasks/53b59d13-1b84-4404-b1e0-8d2441b7ec6b/

duruawka.ddns.net

# Reference: https://www.virustotal.com/gui/file/56a09b378be2c501e310eac94fd83c1921427e26836cf05e57f29667e7e43e83/detection

194.5.98.7:34681

# Reference: https://www.virustotal.com/gui/file/b3d596678e30221b6bfeecb8dbb14d5f3d1e59fa91cfbf5e868d3ec3389bd9e5/detection

88.229.215.159:34681

# Reference: https://twitter.com/MalwareConfig/status/1194363557623877632
# Reference: https://malwareconfig.com/config/435f91dc47a760874856972351300215

79.134.225.17:9583
timnoip.ddns.net

# Reference: https://malwareconfig.com/config/033083d77f3c28bdc460b945500f4ae2

fred.no-ip.net

# Reference: https://malwareconfig.com/config/64baf124e1c1aefb7004ffc957a18b52

fred.bounceme.net

# Reference: https://malwareconfig.com/config/9126e8fb2c26f2aa84d357881d02b241

fedosh.no-ip.net

# Reference: https://twitter.com/ScumBots/status/1195186420509532160

187.38.124.229:5552

# Reference: https://www.virustotal.com/gui/file/7a8ce81d5cecf363f5985e87f53230ca550e17a5997a853eff1408a8b3f5dc91/behavior/Dr.Web%20vxCube

okenwa.hopto.org
79.134.225.115:1505

# Reference: http://wp.hybrid-analysis.com/sample/691bfd494ba62c2f00ee89828a7fe8bbc2272a87fa713b3aa44ab52fba482c45/5db29b37217d93849fe70f7b

meca.duckdns.org
173.254.223.67:5626

# Reference: https://www.virustotal.com/gui/file/df991612aee9e34e5d50881a03d04657ab05be61f01bef964f4752f5a40ab0dd/detection
# Reference: https://app.any.run/tasks/5321e32b-75d6-4d66-9ccc-f9ae9de3eca4/
# Reference: https://www.virustotal.com/gui/ip-address/23.249.165.218/relations

213.208.152.210:8181
aspsensewiretransfergoogle.duckdns.org
christinailoveyousomuchyoumyheart.duckdns.org
isoalibabadocumetfilegoodforspreadsystem.duckdns.org
isolatedocumentwordfilegooodsdfsf.duckdns.org
microsfotgooglegmailoutlook365mailallaregoodformailing.warzonedns.com
projectwatchdognowinlinetoofargreat.duckdns.org
promotionzynovawillzerodacontinuegood.duckdns.org
propackgreatexploitexcelwork.duckdns.org
qeeeeewwswsweerwwerwerwrwerwerwerwere.warzonedns.com
serverstresstestgood.duckdns.org
systemgooglegooglegooglegooglegooglegoole.warzonedns.com
windefenderprotectedwindefendergooglegmail.warzonedns.com
workbigfinetonychuckgoodallarefinezynovaexploitgood.warzonedns.com
xyskyewhitedevilexploitgreat.duckdns.org
xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org
zerodayv3startedexploitpcwithexcelgreat.duckdns.org
zerodaywwsxwissdfdsfssecccseersscsdfsdfs.duckdns.org
zerosugaraddonexploit.duckdns.org
zerozerozeronullexploit.duckdns.org
zyncxxcciidiiudfisuifsiufusdfisdisifidfisuifisfisifisu.warzonedns.com
zyrstststzzxccxccddfgdd.duckdns.org

# Reference: https://www.virustotal.com/gui/file/48861372dd50d2c45d1b99b12a09ac83d1bfae565dbdf3069557dcb75ae8966a/detection

213.208.152.210:2065

# Reference: https://twitter.com/ActorExpose/status/1196107065338535936
# Reference: https://app.any.run/tasks/b897bf30-fdac-4b84-9f86-0b1a5e3d9551/

skyyy1337.ddns.net

# Reference: https://twitter.com/ps66uk/status/1196766006674362374
# Reference: https://app.any.run/tasks/192dcefd-ff43-43c7-9655-5d9aab847e37/

46.183.222.66:2580

# Reference: https://app.any.run/tasks/933c1a1e-135e-44b6-b7fe-b93bee77a68f/

549351.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196867856195084288
# Reference: https://app.any.run/tasks/03844b86-68a6-49e8-886b-780ec6e96211/

94.100.18.102:4040

# Reference: https://malwareconfig.com/config/417ef753319e86facbfdfe3ffbbe6277

admin777.noip.me

# Reference: https://twitter.com/JayTHL/status/1197303503481397248

austinaccount.warzonedns.com

# Reference: https://twitter.com/BarryShooshooga/status/1197754462657343489
# Reference: https://app.any.run/tasks/0ec81663-e1d9-41ce-85ab-1f3528172b1f/

79.134.225.76:5680
bluefaceoriginal.ddns.net

# Reference: https://www.virustotal.com/gui/file/609958f13635e159b3864fb80a99c2fb79e21a7cf5231068422076e930c44e4d/detection
# Reference: https://app.any.run/tasks/392a3363-69d1-48e2-96f6-491e46a68d21/

79.134.225.105:9213
yodastyle.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1197948846581649409

wrwr3wrw3wrwszz.ddns.net

# Reference: https://www.virustotal.com/gui/file/b9ca0b463bb8cd7d44c8f7713f8e47352cc9cb9ec5d57b3cb59d1a89a85b3e51/detection

79.134.225.105:1980
ncoresnew.hopto.org

# Reference: https://www.virustotal.com/gui/file/b4e75bf5b5d021e5f8fa81b2b5654c52856f460ef3d713652da84000b737bf71/detection

manblues.sytes.net

# Reference: https://www.virustotal.com/gui/file/63824abe9e2c4e0199f9b93a33841bdd01ca9757922bb14179927d6fe30fd28e/detection
# Reference: https://www.virustotal.com/gui/file/aecf95be47027b85863b24cb566abbf712415b87cd8cd8055430252d3918b6a7/detection

79.134.225.105:11754
80.211.133.107:11754
hetro.ddns.net

# Reference: https://www.virustotal.com/gui/file/31b29c53a227bd0008c461d33538899db0673a37dc47e71ae42f0d6b32bfa511/detection

79.134.225.105:4040
ellababy123.ddns.net

# Reference: https://www.virustotal.com/gui/file/a1298e2a11381470214fc9954ac237b90f940972aafe456d3c5c25e14854a6f6/detection

ogalu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/861f022147d6d5cd24c328275a331e20efdb132603b87bc2e609e2668e06e8ea/detection

79.134.225.105:5654
followmeup.duckdns.org
zxzxzxzxzx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4df6fbb979b2e11c724f51d9dad4a34aab0e6eb54e5b466980645a03c7fe999c/detection

192.169.69.25:1515

# Reference: https://www.virustotal.com/gui/file/ad89ce2bad7b926044a3501446950eb4688dc3b595c93b26c98ff204163b0b2c/detection

185.165.153.235:50710
suchwoni13.ddns.net

# Reference: https://www.virustotal.com/gui/file/0f3b7d439b1954c2596dce936334d7176cfcc86a7188c5904befc7a519bd08e5/detection

79.134.225.108:2551
euroboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/28a95d659e621ea85c126b8a3025db231304227d0d1976dea347924fec4a64d2/detection

129.205.112.169:3999
79.134.225.73:3999
79.134.225.92:3999
palaboraeurope.tk
sugarboy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/77626dbd21e1b960bde8f37759b7f4c294d3e80d253ca5dbacc2350217c8c4ab/detection

194.5.97.34:8090
omocavite.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2a956f2356ab57d0ae9c98813ef3efa85ee323e0f5fcfbb6247170253ee3cb4c/detection
# Reference: https://pastebin.com/vbujQzFf

karmina113.sytes.net
karmina117.sytes.net

# Reference: https://pastebin.com/vbujQzFf (1ed84de406e22e35486a849089b6ee0d087bffc5)

216.38.8.178:1996
snup2019.ddns.net

# Reference: https://pastebin.com/vbujQzFf (839f3f1491dba854710981125c52f9d180f94c92)

193.161.193.99:56539
labserver.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4d8d90c1c3a26adbf1291a5bf835836a347a1b58e37448bcbd62b3636c569d31/detection

76.72.161.76:2525
slipp.ddns.net

# Reference: https://www.virustotal.com/gui/file/1d8dbd65bcf660963cf1ed85be9ee2fcee9aab3f95a666c7460633733f025fb7/detection

92.2.5.191:5353
joshuahdn.ddns.net

# Reference: https://www.virustotal.com/gui/file/57c2264244db26b1ccf9b0a0dfd05a50b98f39cc6cb1544e6e912330d1c021d2/detection

85.237.234.153:54984
milosinka.ddns.net

# Reference: https://www.virustotal.com/gui/file/62a108ce957b0fb58f20bc38c1b8a1315ffa235c1cffe3a4934ec46f183ea47c/detection

89.86.77.125:5554
nanpowered.ddns.net

# Reference: https://www.virustotal.com/gui/file/c2a169d61913f7c05ea0d4377a74ec3de0b51449b5671cab8ecebd971e6159b2/detection

85.86.27.28:5555

# Reference: https://twitter.com/JayTHL/status/1199021518728179712

79.134.225.89:1200

# Reference: https://www.virustotal.com/gui/file/ce4c6cb6111a0f49caa3e0e49717c10b7dab36c550b45a61fdb260f1180167f3/detection

79.134.225.89:4488
sammorrisok55.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e5e55eda4187d87e2aef4a3e036f95a13bed19023b45202784bd55b606ebb4e0/detection

jacky99.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/5da23838b9636509af8b067794bf6fed586a562d0e27d40b6b9cf02a25fde8bd/detection

wt35712830.ovh.net

# Reference: https://www.virustotal.com/gui/file/7ac083e0c31255bcc283d85e4094384d162f3a269f218d8f1c74d445f894435f/detection

banksmedia.hopto.org
serge231.ddns.net

# Reference: https://www.virustotal.com/gui/file/2a20e4a98b11fa6ab98e828e091cd02093bee698ae0e19feedb18ff15b4cd3c3/detection

79.134.225.90:3690

# Reference: https://www.virustotal.com/gui/file/63758e38a282ef2a624147eb587618cb737bb44c9724de44490773af8d329ec1/detection

79.134.225.90:1985

# Reference: https://www.virustotal.com/gui/file/98da3c893dff87c923d3d717e52f4b452feedd6f41d4a17e969968635efcadb8/detection

79.134.225.90:62098
ashmwin.ddns.net

# Reference: https://www.virustotal.com/gui/file/b49065e32765e0d4812b59e0bc76daa84a85d910a1eb2fe9b06d233cb5bd07f7/detection

75.40.27.225:443
dhoskfnkdgmfdgh.ddns.net

# Reference: https://www.virustotal.com/gui/file/07d64c498247d5189af3089c8755a3cf83844eee7853fd36017a901b05bb7ddc/detection
# Reference: https://www.virustotal.com/gui/ip-address/78.63.252.24/relations

78.63.252.24:1085
herakas.ddns.net
heraklis.ddns.net
narkaman.ddns.net
zajibala.ddns.net

# Reference: https://www.virustotal.com/gui/file/251498dfd4c3bb2d166ac08b340d508d501d8f782e9bb2a0cdb7fea2eac42e44/detection

154.16.248.142:54984
rataskidhost.ddns.net

# Reference: https://www.virustotal.com/gui/file/6e02adb0cb3b676e9f5a01f1d9ed842abdf2c2b88e9cdeb920fa6962ee78a149/detection

185.165.153.28:8181
192.169.69.25:8181
indomieboy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6eb787b5e8bab574fc18422fa16ff902ffedaa96db09f75b20d1cdd709bc8ccc/detection

87.202.139.214:1085
malakismeno.ddns.net

# Reference: https://www.virustotal.com/gui/file/05c3d73f8e4e228a98053b9706f99dc7ba3221f6c793b4d4cd5d7fb4f64b44b9/detection

79.134.225.27:8404
swiz8404nvp.duckdns.org

# Reference: https://pastebin.com/R9U6nSrV (# 20d7808b8520ac8941717934704c2dae7fc06fcf)

bosser.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9df25a0680f2501832d131f5190a2fcbefd5acbce1391dfd2be39de382f786a6/detection

waterboi.hopto.org

# Reference: https://www.virustotal.com/gui/file/97874e0c9ee5f0404eff88fd36b84351f6448cf29260d06b450c9f0d58a7b517/detection

185.202.173.27:54914
54914.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fec4948c1766f6ec9e64de37f257be222bfebba5951dd2cb9f2acb0607e5ebc5/detection

salam3amihamid.ddns.net

# Reference: https://www.virustotal.com/gui/file/ec7cfc7d0e33e19222e3228b5e0f15a08b71ca998fc69aea29bd682bba3d4ffd/detection

agent47.vip

# Reference: https://www.virustotal.com/gui/file/d2d87cc451c345eb50cbc2231780e1685aa94f32cdf957922ef8c197d54dadcc/detection

107.170.231.171:5900
sys32admin.ddns.net

# Reference: https://www.virustotal.com/gui/file/aa9053046e8f5981dd0e8767336d443177bff33e088abfa1f54e32f3aecf3b9a/detection

griqy11.ddns.net

# Reference: https://www.virustotal.com/gui/file/1274c8604ef9d2c5b1674e434367d029ec38c0b09da583091953bbc93d9ef9b8/detection

smbrlm.hopto.org

# Reference: https://www.virustotal.com/gui/file/fa78298b68952c09884eaadf3fb79ef22309f11c07595759bb23e859f5afe0b8/detection

66.55.156.251:443
quaserhost.zapto.org

# Reference: https://www.virustotal.com/gui/file/f18738147fad6a8065a3eb11c6e5275cf9a2ec9cd4cfcbf1a6c925f0d308cf7a/detection

181.52.109.69:1881
tjtjtt.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a904623cfecd7383df1e4a825f7918144103fb1268b17540b426b280f884fb4/detection

74.121.190.134:57201
57201.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0254011164ac22194856c7ec4e49825ce49b8d9a49162f03b0807cf9a04a9c5a/detection

79.134.225.6:7005
rimoy788.ddns.net

# Reference: https://www.virustotal.com/gui/file/48f1ca1c0cdcbfbe5623996d806a5d321631f61ea4867aff026f09f833424dea/detection

212.100.79.97:60400
212.100.80.44:60400

# Reference: https://www.virustotal.com/gui/file/09b60e0478b099a43a9f9b7cb1c411817b2bc72b67d4f59e20d0a07cc676d630/detection

121.122.83.251:5476
192.69.169.25:5476
calitoway.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4f2bd7d1c7655bbef4fd0d802326b24c9c0535b949051bc3b76ec44449732d1c/detection

192.69.169.25:1996
nickdns17.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6d7f6350940be633a2bfbe1288f02d30004920f742591807e5162005cef9a121/detection

192.69.169.25:1994
194.5.98.186:1994
beretta.com.de
donald3m.duckdns.org
sandra.myddns.me

# Reference: https://www.virustotal.com/gui/file/0828eef606d3304ee937f3b120e1e1307c8405fd60d88c43877bf969df4bcd68/detection

donald7m.hopto.org

# Reference: https://www.virustotal.com/gui/file/a47d2fc55701f2e88e2607d24033d145d328a6374dcccea2b6e482af9fa987f4/detection

alien34.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1fa5b42f19a46c7ce789a9efb0b1309efad5311ac7314400ce57d7bb443ff7e4/detection

192.69.169.25:500
rat225.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0177d447df7c967a32bb0db374aaceafe7b5746f55df836aa1e61061a19eee84/detection

192.69.169.25:1888

# Reference: https://www.virustotal.com/gui/file/a84047d17c2de9048186e9a003842789b42c8144bf33cff4148d24a782981290/detection

192.69.169.25:10138

# Reference: https://www.virustotal.com/gui/file/8711947da95dc3ee51ec589ceb1b8a59ce816d99ed20e721de7344c9e689536d/detection

192.69.169.25:1896
nickdns18.duckdns.org

# Reference: https://www.virustotal.com/gui/file/722474240a20dad3d351732b856733dcbca7340b43d74961907e526a7602570e/detection

192.69.169.25:5476
calitoway.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5783d35c5cfcab04344f714f8d0d2af11339e1057e436e48e14ef8251fd6c859/detection

192.69.169.25:1909
outofspace.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e9a4f82ac7549f3052a233f6684c3ed2e8bc545349711673ff51809051c6e9c1/detection

192.69.169.25:1759
papacapa.duckdns.org
punditx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/31561a3b9942397289d64dfa474511b2e95ac8447e0796ad7808f8609d949ee3/detection

192.69.169.25:54984
95.70.237.198:54984
ethernet.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/5dd60a52f8b6391dd8d35af79b129d7acc570734f01683bc269e8065fe3bcd09/detection

46.234.76.75:5555
kokuz55.ddns.net

# Reference: https://www.virustotal.com/gui/file/8363a76dd357211c19ac8e5db137bfae558b360c42bb07b968b39a905291ae57/detection

109.60.99.112:5555

# Reference: https://www.virustotal.com/gui/file/816e526a6663db59eea32f7e70cf9dc02b5dcd203e1c2a712e4ec137f24717ad/detection

46.234.79.190:5555

# Reference: https://www.virustotal.com/gui/file/15e70ff6c0dbf4c31310bcae19207f4faf7e511313ffa9bd559e9526ff5e04d0/detection

109.60.96.111:5555

# Reference: https://www.virustotal.com/gui/file/7021c8735e587ceb70cd8669a7347222dc23ac60df168e4bb1cc6eb3f4a26069/detection

46.234.76.75:220

# Reference: https://www.virustotal.com/gui/file/123c0d7a6836f2d4d97c6dd8b037df4d76a28abd6d1658525a912b8aab51329b/detection

109.60.99.210:220

# Reference: https://www.virustotal.com/gui/file/edbfe10569d57d34a49164acb52d0b0339a29360dccbbb2b715a65390a42fa7d/detection

46.234.76.75:4500

# Reference: https://www.virustotal.com/gui/file/2f54439717f7d1885d3cba453523993255fb53e75cab95d0fc96f4fc5cbcd44e/detection

109.60.96.144:220

# Reference: https://www.virustotal.com/gui/file/b9db088360693d4085eab59fbf805d11a63534b986a9e19318aa8e0b49bff3e3/detection

109.60.98.121:220

# Reference: https://www.virustotal.com/gui/file/036cc770e228ac94439d2f794c94a1aa0f6fc3f9949706fd59024295694b2a50/detection

109.60.97.56:220
46.234.77.242:220

# Reference: https://www.virustotal.com/gui/file/c460389a1d330a2a0a8a9ded11d539f898d87b8c649dc01717c9db8e80edb355/detection

109.60.99.83:5555

# Reference: https://www.virustotal.com/gui/file/3cc526c93917097f054fe01bd09843afbf7f961dd41a21aaed27bd63942f7391/detection

109.60.99.112:220

# Reference: https://www.virustotal.com/gui/file/2fad5b2c45ed6af3b4da7afa76e0f5129ef5f4fd2e91fe4f1e54a2cc84c0b265/detection

109.60.99.78:5555

# Reference: https://www.virustotal.com/gui/file/41a490e0f29fa958c7e9c8015db8de79cc34ef0b38f6f49d99f469b7d3db1729/detection

109.60.99.78:220

# Reference: https://www.virustotal.com/gui/file/3deced03ecfd55b8c2c5b64b8f6e71ecde2b1c7900ff798c2d105713c111c9ee/detection

46.234.79.89:220

# Reference: https://www.virustotal.com/gui/file/ba19d91251a9b50e4eb6404dd771e5024b12c90c9e260cded154c092d946429e/detection

46.234.79.89:5555

# Reference: https://www.virustotal.com/gui/file/50bdb55a1f2abc8b17960118383f490f6f27ebcce4fb3c3c7d573aa063e5e978/detection

megafundz.duckdns.org

# Reference: https://pastebin.com/0sWcZD0s

185.140.53.165:2017
87.104.146.247:1337
88.214.57.2:1220
aarmandobronca99.duckdns.org
asshost.duckdns.org
bigchungus6969.ddns.net
chutr5.ddns.net
haddadi23.hopto.org
newlifenow.duckdns.org
racikmordo.ddns.net
sshsdgsfasfasfa.duckdns.org
strkserver077.hopto.org
teamtanic.ddns.net
testesri.ddns.net
upcheck.duckdns.org
updateserv.fishdns.com
wasder123.duckdns.org

# Reference: https://pastebin.com/gN5E4UW4

indomieboy.duckdns.org

# Reference: https://malwareconfig.com/config/a3076d09d7d8f104d4b7403c781f9f7e

79.134.225.28:6071

# Reference: https://malwareconfig.com/config/9ff5de50283209ba286bdba8285074a1

olodofries.ddns.net

# Reference: https://www.virustotal.com/gui/file/a7f308beb88e305c09aa36b10a535f2f7a0bc9f9de96be8ea2cfd44e84f430d0/detection

46.183.222.55:10001
79.134.225.125:10001

# Reference: https://www.virustotal.com/gui/file/3cdb5f9d5ad2a024a3e0b62b253b87df784f901c6969c53dd04dee96abc8bfa5/detection

79.134.225.58:1985

# Reference: https://www.virustotal.com/gui/file/4c5f6119cf732f621e7f60d2b35536a2262eb06fa926ee5cd9570f049a06121b/detection

79.134.225.58:2016
malam.ddns.net

# Reference: https://www.virustotal.com/gui/file/aba1e5f7a42a88d8a82b8e5e329da7395946048577aeac4603e1f312310485a1/detection

79.134.225.58:1222
rghfff.chickenkiller.com

# Reference: https://any.run/malware-trends/nanocore (Note: as seen on 2019-12-04)

jimmycharles2468.ddns.net
randydidier2468.ddns.net
ubananocore.ddns.net
sandra.myddns.me
prayersanswered.hopto.org
gratefulheart.ddns.net
888rats.duckdns.org
grafeulheart.ddns.net
ijomsdavis1.ddns.net
blessingfollowme.myddns.me
volodymyr.gotdns.ch
slimyuyo.duckdns.org
vemvemserver.duckdns.org
special2019world.mymediapc.net
3forall2019.servesarcasm.com
jiddeshot.duckdns.org
saintjames.publicvm.com
joeiyke22.duckdns.org

# Reference: https://malwareconfig.com/config/4ba2538a416bfa6290086867211afcb1

149.202.233.219:54984

# Reference: https://www.virustotal.com/gui/file/ad5c2223166859c196b192af7c5663cb0c38c6c9d1fe5369a131277876d7886e/detection

78.155.201.178:9080
officemicrosoft.net

# Reference: https://www.virustotal.com/gui/file/f4bdc830a0f600e857b21a5727f1c4ace80986b2ccfe9f496173be5aee43e3ff/detection

91.193.75.181:19833

# Reference: https://www.virustotal.com/gui/file/aedb83be078fbbd78e896fb1a76bc031c3c9dbd630310d33b50f8ad3e2d4fbd2/detection

185.140.53.102:1906
91.193.75.181:1906
elumadns.eluma101.com
joey.daniel2you.com
oluwa103.hopto.org

# Reference: https://pastebin.com/7Ak2nP2T

chimurenga.duckdns.org
khurramchalingang.ddns.net

# Reference: https://www.virustotal.com/gui/file/c7166eed554c291bb360237fb9c16585b46e551cf2b2b84b5521dcbf195ff084/detection

leaf360.ddns.net

# Reference: https://www.virustotal.com/gui/file/2a31bb74f367ce969dd3c3633f3071fffcb2e16b962c254622280c96fd5c61cd/detection

79.134.225.123:3734

# Reference: https://www.virustotal.com/gui/file/82263488003298cf0594297805b1f031ad8f9ea0ccf611f199a9c40fdd3e1592/detection

185.92.239.16:3734

# Reference: https://www.virustotal.com/gui/file/c7591966e55642b02297423033873627e514d6be4ea5ee34032a63e98f3b7511/detection

178.239.21.22:9090

# Reference: https://www.virustotal.com/gui/file/cf4ee1a039523a78c3fbbae7df5c0e7c5259d357defc4a118531711036ac609f/detection

79.134.225.77:1218

# Reference: https://www.virustotal.com/gui/file/320881ea124021d0db542c890f69cce660b6b1c670831555dc25cc500da42ee4/detection

79.134.225.101:1994

# Reference: https://www.virustotal.com/gui/file/9c2c69a11771e0cbe4a62c0407243ca8aae4105f6dd863cb2df7fdda55bc00ab/detection

193.161.193.99:41435
rizelol-51335.portmap.host

# Reference: https://twitter.com/James_inthe_box/status/1204111427708964864

216.38.8.179:7568

# Reference: https://www.virustotal.com/gui/file/0a2e00ef38f15a22a0d4d63206f7972735829b12f9ebd83218099686202cb1f7/detection

79.134.225.121:5291
saintjames.publicvm.com

# Reference: https://www.virustotal.com/gui/file/930ec93a4c774ce014afa836249d130864cdd4f264410694fc66ccb3de86d08a/detection

79.134.225.121:1994

# Reference: https://www.virustotal.com/gui/file/465be0961c7e3157f94cc8dfce1f85770469ec0cc21cae667d51a1b411fd80e7/detection

192.169.69.25:3410

# Reference: https://www.virustotal.com/gui/file/87902a913a981c06a12d1acdca222cc1236ad4ae9d1d026c134d245dced0fd38/detection

79.134.225.121:4152

# Reference: https://www.virustotal.com/gui/file/7e2e315cfe1ffe1853acb095db5a9121bed39b5049cb1c6cca685a94c620a00e/detection

jogodo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/77973c42e00481f2545a49bfb609e3f4308b1c568476b92e742c6615fa95980a/detection

79.134.225.121:9879

# Reference: https://www.virustotal.com/gui/file/beb357a8009c9e56d410f7d1ed570f99057fe72b8aeb790d9ff01b9a81319d6a/detection

79.134.225.7:5314

# Reference: https://www.virustotal.com/gui/file/a92d5ee40c9fb483a5ac0f97d3211db8e9ce4f1a0c292dcab001bcc988223eb1/detection

217.20.114.222:8282

# Reference: https://www.virustotal.com/gui/file/66e2e5c5b082dc05180525ee443c2dd8e2717de73c9f5d3eec36a3e19d75ac9e/detection

129.56.125.113:54984
217.20.114.222:54984

# Reference: https://www.virustotal.com/gui/file/0c539d4ad0f070b803ce8602ee06f2bafcf2062bbf13db6d1988780abb6c98e3/detection

79.134.225.71:54984

# Reference: https://www.virustotal.com/gui/file/225192e851bff4bf22d07250041dd92984d6e388a3e87a0d2c1241bd4a10edc2/detection

129.56.30.141:54984

# Reference: https://www.virustotal.com/gui/file/2a0c4bfbb072e3d4b6bd68aac56cca963fa8391103fcad0558afd93697b7397d/detection

91.193.75.78:1961

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/
# Reference: https://www.virustotal.com/gui/file/658cc303e2386e54b7175d09a6230326bbe62779ea87fb581696fa2a47b33ae9/detection

103.53.199.248:3166
185.165.153.148:3166
27.122.14.57:3166
troyfin.hopto.org

# Reference: https://www.virustotal.com/gui/file/45b4460fa4d9d6c917b82d9075bc74e500eebe5c5ce0bea46d3160e2dafbed74/detection

79.134.225.104:4050

# Reference: https://www.virustotal.com/gui/file/c8ada32e94d7d51f2b4f67f8ddc2e810211516f8d3ca6f6f582252ca73db34a9/detection

103.200.6.62:1943
185.165.153.22:1943

# Reference: https://www.virustotal.com/gui/file/039c9de4afd2878fa4b8f7e23e71b66b7ae37ff1f69b60d2b5ccf069fa0bde2a/detection

185.165.153.22:9781

# Reference: https://www.virustotal.com/gui/file/83924c884223347900b272b5715af5e7e13de9e70bfeded995c878503339a00c/detection

185.165.153.22:1993

# Reference: https://www.virustotal.com/gui/file/1937e6fdb1684391d04d94297477a4005607904c4d744858429f41f81d1b853f/detection

185.244.29.20:2040

# Reference: https://www.virustotal.com/gui/file/ddd07fb3a7189389dd72284b268130f14366695c344b24d70fd07057874b009e/detection

sammyxy.ddns.net

# Reference: https://www.virustotal.com/gui/file/5e736d99dfb2e444d1f153b877c6f985efa5aa870458b462e1c9f8d6a2e558e1/detection

cjax.ddns.net

# Reference: https://www.virustotal.com/gui/file/5223df133728f2f2fc2e8beceacb516324bf841d6816fedff87e2e252e0ebc2b/detection

adababy.ddns.net

# Reference: https://www.virustotal.com/gui/file/b772bffaafb31edeefc30c53f7c8ccaaf0c4bf6fc7f0756e18282980ceea7716/detection

185.165.153.22:7080
calebnew.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html (# Win.Packed.Razy-7434602-0)
# Reference: https://www.virustotal.com/gui/file/aff30bb8b3b1c243c716e904e91eb06f9494076fa053a91897d8a277f2caba0c/detection

107.172.83.151:8973
dec8973.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a16217a4bf366e4c1de062cacd825aaaa6dae1b386173072065d72a33c0107a/detection

192.169.69.25:8973

# Reference: https://www.virustotal.com/gui/file/31708a93ff6a5d46899f93e048355fc187ad505ea0723b091bef15ca45f7cdfe/detection

94.73.32.235:3176
pns.no-ip.info

# Reference: https://otx.alienvault.com/pulse/5cc9df384121a7e224ec5fe4

12345dick.duckdns.org
140nick.duckdns.org
24e26s2854.wicp.vip
419millions.chickenkiller.com
54911.duckdns.org
549351.duckdns.org
aaa3.ddns.net
abundantgrace1.ddns.net
adobemoney.linkpc.net
adslservisi.sytes.net
africa147.hopto.org
agosto26.duckdns.org
agxagx.ddns.net
alaazatewi.ddns.net
alaincrestel1900.ddns.net
alexbread.ddns.net
alexthomas.ddns.net
alexurch.ddns.net
aliprince0422.duckdns.org
allensmith.ddns.net
alvb.duckdns.org
anderchuka.duckdns.org
anson1223006.duckdns.org
apple11.ddns.net
arabs.duckdns.org
ariascopetrading.hopto.org
arnoldgood12.hopto.org
asbconstructionltd.chickenkiller.com
aspens.publicvm.com
athack.hopto.org
avt.duckdns.org
awaissoft-60523.portmap.host
azertylol.ddns.net
babafred.ddns.net
backupdata.sytes.net
backupson.duckdns.org
bamerica101.hopto.org
bankofamerikaa.ddns.net
bara.ddns.net
battys.duckdns.org
bdonserver.warzonedns.com
beast1111.ddns.net
beast999.ddns.net
benekopaccc-40921.portmap.host
berekia29.ddns.net
bhuyanplastic.duckdns.org
bigcuck69.ddnsfree.com
bio4kobs.geekgalaxy.com
blackhill.ddns.net
blazemark.hopto.org
bliss123.ddns.net
blowmm.duckdns.org
bobbrother.duckdns.org
bombingday.ddns.net
boxoffice.camdvr.org
bright1.awsmppl.com
brockles.duckdns.org
brockmax2v2.hopto.org
bskd.zapto.org
btchtu.duckdns.org
bubun.duckdns.org
bugnas.duckdns.org
buike.duckdns.org
bukis228.ddns.net
burningtorchinc.gleeze.com
businessjungle.dynu.net
calebnew.duckdns.org
calitus.hopto.org
callistools.ddns.net
cashflow.hopto.org
cbswgc.duckdns.org
cdy.ddns.net
cdy22.duckdns.org
century32.ddns.net
ceo123.duckdns.org
ceo223.ddns.net
chiefphillip.dynu.net
chimurenga.duckdns.org
cj419.ddns.net
cjay55.duckdns.org
claire2019.ddns.net
clerfgee2345.sytes.net
clinton.hopto.org
clintonlog.hopto.org
cnvibe.duckdns.org
connectings.ddns.net
cornerx.duckdns.org
cquestt.duckdns.org
cracked1.ddns.net
cracking123.ddns.net
craftedfollowing.duckdns.org
criscris.hopto.org
crypted.duckdns.org
cumtap.ddns.net
daddyhandsome.ddns.net
darkkerem2003.duckdns.org
daronbk.ddns.net
dataserverr.duckdns.org
dbb.turbo-sy.com
deaphnote.ddns.net
defaultx.duckdns.org
deluxehacks.ddns.net
doc-pdf.ddns.net
docsc.ddns.net
doddyfire.dyndns.org
donchisom.duckdns.org
donp.duckdns.org
dubelucky19.ddns.net
eagles40to.mywire.org
ebubu.duckdns.org
ebukakings101.ddns.net
eizzymoney.ddns.net
elcoblast.ddns.net
elizabeth221.ddns.net
etoiilefiiilante.duckdns.org
euroboss.duckdns.org
eventuary.ddns.net
ez.pusatiklan.net
ezefab.warzonedns.com
ezeugojnr.ddns.net
ezexgm-39781.portmap.io
fabulous.myftp.org
faith.dns-cloud.net
fbpa.duckdns.org
firebot.ddns.net
fortnitehacker.sytes.net
frankwill12m.ddns.net
fredwil.ddns.net
freefortnite.ddns.net
gatm.duckdns.org
geebrastanley101.ddns.net
geminterbiz.hopto.org
geppasser.ddns.net
get-fucked.chickenkiller.com
ghgses.duckdns.org
giovan234.ddns.net
gloire25.ddns.net
glorylinkgroup.duckdns.org
glorylnter.hopto.org
gochii.ddns.net
gojust.publicvm.com
goodluckwar.duckdns.org
goodwork11.duckdns.org
goodworkomo.duckdns.org
google-service.camdvr.org
gotchabitch.ddns.net
graceofgod.myftp.biz
gregvictor.hopto.org
grene231.ddns.net
gulenterprises.ddns.net
hacksfree2019.ddns.net
haddadi23.hopto.org
hadkhadma.freeddns.org
haul.duckdns.org
hellomicrogreen.iptime.org
hernapeksashdc.duckdns.org
hondo.duckdns.org
housk.giize.com
housrk.theworkpc.com
hurryg.chickenkiller.com
ibidado-62758.portmap.io
ibidado1.hopto.org
icraxandhax.ddns.net
ify.duckdns.org
ilovepussynanjuice.ddns.net
intechwraithh.ddns.net
irc12.ddns.net
irofuuzo.ddns.net
itforwarding22.hopto.org
itrysohard.myq-see.com
itslabibmazafaka.ddns.net
iykemann.duckdns.org
jagnwses.duckdns.org
jasoncarlosscot.dynu.net
jasoncarlosscot.hopto.org
jaybaba.ddns.net
jbond.duckdns.org
jeffd.warzonedns.com
jinomoney.publicvm.com
jmodz04.ddns.net
jogodo.duckdns.org
johndickson.ddns.net
johnsylvo.duckdns.org
josezulu898989.duckdns.org
jsuf.duckdns.org
julio26dns.duckdns.org
julioskaod.duckdns.org
justgo.linkpc.net
kabilablaze.duckdns.org
kalakuta.ddns.net
kaykayblessed1.ddns.net
kenw16570.ddns.net
kf123.ddns.net
king8950.duckdns.org
kingdevil.ddns.net
kurumaraji.hopto.org
kuwaitware.duckdns.org
kw9d0.duckdns.org
lachy212.ddnsfree.com
lambertofield.ddns.net
larbivps.freemyip.com
latestlatest.ddns.net
legendklr.duckdns.org
legionopeh.ddns.net
letmethrough.ddns.net
light.pusatiklan.net
lightmusiclove.ddns.net
liuo.duckdns.org
lovemego.ddns.net
lukeharley.duckdns.org
lunovim957.duckdns.org
macoop80.hopto.org
madetosurviveman.ddns.net
maineone.sytes.net
mallorca.myftp.org
mamacapa.duckdns.org
manblues.sytes.net
manofficial.ddns.net
marinjack44.ddns.net
masa1834.duckdns.org
maxcoop.ddns.net
mcmp.duckdns.org
meeti.ddns.net
megida.hopto.org
merchanttgateeway.ooguy.com
messiflow0.hopto.org
mgc001.duckdns.org
microsoftnet1.hopto.org
minecraftbeta.ddns.net
mk14a.ddns.net
moneybag042.warzonedns.com
moneytimmy.duckdns.org
moran101.duckdns.org
motherpure.duckdns.org
mpnano.duckdns.org
mrlogga19.duckdns.org
msgamers.ddns.net
mwlhc.duckdns.org
mypp.ddns.net
myspyvirus.ddns.net
nacoreloaded12.ddns.net
nagoor.ddns.net
nano.freemyip.com
nano.speedfastmaking.com
nanocore-rat.ddns.net
nanocore511.ddns.net
nanoman.ddns.net
nanssss.ddns.net
nawaooh.duckdns.org
neshoitry.ddns.net
newlifenow.duckdns.org
newmicke2019.ddns.net
news.banquealtantique.net
nickdns101.duckdns.org
niiarmah.dynu.com
nikkycharles3.ddns.net
njb.webhop.info
nnjhjhjj.duckdns.org
noface55.hopto.org
noipme.ddns.net
nonox.duckdns.org
nuttara20003.ddns.net
obinna.duckdns.org
octocrypt.duckdns.org
officeofgrace.ddns.net
officeofgrace14.ddns.net
ogbeni.duckdns.org
oge.mywire.org
ojoe.ddns.net
okoyehenry93.duckdns.org
omogost.duckdns.org
onyeka.onmypc.org
onyex.duckdns.org
pacotdc20.duckdns.org
paninindia.ddns.net
papalove.ddns.net
papaya.dynu.net
pay1.duckdns.org
phoneci.sytes.net
playboi.hitlers.best
ploplo29.ddns.net
pointboilling.ddns.net
ponnyhurb.duckdns.org
praize19791.duckdns.org
primaryjet.duckdns.org
privatejet.duckdns.org
projectcocainelol-44211.portmap.io
punditx.duckdns.org
qbasic.duckdns.org
qintoo.duckdns.org
quadki.duckdns.org
queen101.ddns.net
raaqtwo.duckdns.org
randydidier2468.ddns.net
ratterxzy.duckdns.org
rattingkidbyluk1e.ddns.net
rbenjamin9696.ddns.net
recoverypw.duckdns.org
reisshasbigp.ddns.net
remitancegp.duckdns.org
renaj2.ddns.net
restartusa.hopto.org
rhwrhwhnejtervvrh.ddns.net
rmagent.duckdns.org
roadkillz.ddns.net
rownip.3utilities.com
russell.ddnsking.com
sain123.sytes.net
saintjames.publicvm.com
salesth009.ddns.net
salestokyo.hopto.org
sarce.ddns.net
secondnano.duckdns.org
setoff.ddns.net
sgdjncbgbxf.duckdns.org
shedyshedy.ddns.net
shutdownnsa.ddns.net
slimkudi3.ddns.net
smartcoonect.duckdns.org
socrate.hopto.org
spyhostinc.hopto.org
sqlkali.ddns.net
sradanet.bounceme.net
starlucky.dynu.net
starlucky.warzonedns.com
stawa.ddns.net
stilla.hopto.org
stumptowncoffee.publicvm.com
sunnyslock.publicvm.com
talentino.duckdns.org
tecklink.publicvm.com
testwork.kozow.com
thecyberhunter.loginto.me
thefrench.duckdns.org
thompson62.ddns.net
tiggs.ddns.net
timnoip0123.ddns.net
tristanatt.ddns.net
troyfin.hopto.org
trustkemi.duckdns.org
unclepurple.ddns.net
urbancinomm.ddns.net
vanillatest.ddns.net
vimlatedrock957.duckdns.org
weiindoz.ddns.net
whithart.myftp.biz
willsdavo2243.ddns.net
wilsondedavid.ddns.net
windowsssl.theworkpc.com
windowsupdaters.zapto.org
windupet.ddns.net
winnermessi147.ddns.net
wm649.duckdns.org
wood12.hopto.org
workbox038.hopto.org
worldwar.ddns.net
xfelix.hopto.org
xortox.ddns.net
xred.site50.net
ysl4lyfe.hopto.org
zonepay.publicvm.com

# Reference: https://www.virustotal.com/gui/file/4a9c6e59e33faa38977042afef734ffb9dc0a48c4e9b45b1e801073d6b46487b/detection

103.1.184.108:14246
scotindustrles.com

# Reference: https://pastebin.com/DL88qggt

eziokwu.zapto.org

# Reference: https://www.virustotal.com/gui/file/093dc4ab67a1952c26364696ca6a050de10e89f4f5e607e9c990c3db168e16c7/detection

105.112.108.176:3940

# Reference: https://www.virustotal.com/gui/file/a103cf94e1c7a00e335468b3d1e6971a1d73b35a761309d701dca47124169f74/detection

192.169.69.25:3940

# Reference: https://www.virustotal.com/gui/file/b1cf48d0b8119e2199c035d3c30d30a9418a121face57fdf0a24b6f3b9917bba/detection

79.134.225.70:3940

# Reference: https://twitter.com/wwp96/status/1206662163869380608
# Reference: https://app.any.run/tasks/df03d2b9-7980-4d85-a45b-f9ccfabb8f67/

105.112.104.52:1122
meeti.hopto.org

# Reference: https://www.virustotal.com/gui/file/44128f896c81c987a3a1797fbb2189ed137a4e082bd75b54e210303f8309956e/detection

185.244.30.14:1515

# Reference: https://www.virustotal.com/gui/file/4cc11ea57e15249af8410af1e10c0341f23664374586fe49c99ff8ff6a3d7897/detection

185.244.30.92:2017

# Reference: https://www.virustotal.com/gui/file/f8e6208bbc555c355f1e5b53a075986e2fe48b96869eabfe05c4d5b64781853d/detection

216.38.8.178:1996

# Reference: https://www.virustotal.com/gui/file/fb84ec938980c586a0e3e09c2ee1b72470710410897c26fd0cb30e29f3e5c374/detection

105.112.113.16:1996

# Reference: https://www.virustotal.com/gui/file/6f78b7ee6b31f2abb8aae3dd7aa9607b6f06c8df17c413c96c4739220a591848/detection

105.112.114.213:1996

# Reference: https://www.virustotal.com/gui/file/6196d266c62c140ae09c3b34dc024e9ef4480c06a27ef196fa7039199357ef6d/detection

105.112.120.121:1996

# Reference: https://www.virustotal.com/gui/file/d4d2ad470439bd1db2fb5d8678e03e00cacaa6d833ef8fbd15f0741caede176f/detection

105.112.120.121:1012

# Reference: https://www.virustotal.com/gui/file/ba9e99d355b7843cfb2159a144635cce9fa0e8146f67cb87ac9b4bac2a5c5150/detection

79.134.225.7:1012

# Reference: https://twitter.com/cyber__sloth/status/1206888692373217280

departdec.duckdns.org
sherimix.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f2815cb9d788bbfb7477592e6171ca38a3b9b4ec33748ae743cd32acda6bdda5/detection

185.244.30.8:5626

# Reference: https://www.virustotal.com/gui/file/8a7b705238a8098f26508bc366c7038da8e601d73e9b142950c2eabe64b04ab6/detection

185.244.31.18:3190

# Reference: https://www.virustotal.com/gui/file/4ef427c44993ba51d2e053d7db6008fa1c5cff6fc323371c9930eae423a9213a/detection

79.134.225.77:3190

# Reference: https://www.virustotal.com/gui/file/f20088ca692a320e19503848fff4d08f246e613d7f33c14288ca18531d2bf6be/detection

185.244.30.206:4050
kissmeifucan.ddns.net

# Reference: https://www.virustotal.com/gui/file/ed2edc3e28859f2490579093573ec334c6730ba00118009c312c061355996a30/detection

197.211.58.57:4050

# Reference: https://www.virustotal.com/gui/file/98314f51bc3ffe17fc519463e8ae447f7c1af6eeddc6816aced730fee104d1c4/detection

79.134.225.74:2404
alalamai.ddns.net

# Reference: https://www.virustotal.com/gui/file/eecc5a1053bb3fbb0489dc8bf7fc45a49f814d7242033e72d6385608292d2c47/detection

79.134.225.118:2404

# Reference: https://www.virustotal.com/gui/file/2cb5d5f17629c68c2f200a61ecb5c8943025f2eed41a5afeeca5af363f8088e0/detection

192.169.69.25:2404
79.134.225.97:2404

# Reference: https://www.virustotal.com/gui/file/e384ac881a15832f464abb0530e7e208b4762402078049c1f2a2ce5868d941d2/detection

79.134.225.95:2404

# Reference: https://www.virustotal.com/gui/file/fe2ccdb689004cc6ab3f7ba41820e7ca2992de461dc7e1340d24b6ba5e784742/detection

184.22.100.107:1975
184.22.100.107:5556
maxcoop80.hopto.org
maxcoopa.ddns.net

# Reference: https://www.virustotal.com/gui/file/772f34c944c7a9781bbf2b81c6a68c620740354aaecdf6af2dbbf874e00981f3/detection

79.134.225.71:1975
79.134.225.71:5556

# Reference: https://www.virustotal.com/gui/file/e1bdd60b5f91bcb4fe4b4405dc49680d4e2980e5e06ca221b3f6c8705f413923/detection

79.134.225.71:3535

# Reference: https://www.virustotal.com/gui/file/20f9064ff826bf18edf82534e93c3bf9273e480df957b65b8154ee59fb21d2f5/detection

79.134.225.71:1985

# Reference: https://www.virustotal.com/gui/file/48679e8c30ac4a08159ec57844961a2d005bab631fab062c69cf3b1cf6a2c3b0/detection

maxcoop1.ddns.net

# Reference: https://www.virustotal.com/gui/file/f26251b1dbd35a776863c86c7d0983f1d0b2621bd4004480c232904b89caa8a6/detection

79.134.225.100:9091
79.134.225.71:9091
bedlinezone.dynu.net
tourismes2.ddns.net

# Reference: https://www.virustotal.com/gui/file/a741707af0fcfc7694bdcf9e8c8e64a5693a316a49b708415ba14e2ceb2b7801/detection

79.134.225.71:4922

# Reference: https://www.virustotal.com/gui/file/d505fad83bd1cb861766f13000a8465774f8cd21e0bbcd6813c40a686aa2a7c6/detection

79.134.225.71:5314

# Reference: https://www.virustotal.com/gui/file/ec737127b8f837132f1349de3cbba49c5f22fdb8cc7baee72309eb122a9ab5a1/detection

79.134.225.71:1104

# Reference: https://www.virustotal.com/gui/file/fbe93093b3d244858e45f056adccaf045eec5b9dbfba3e7d46945895b38c2acf/detection

amelia869.ddns.net

# Reference: https://www.virustotal.com/gui/file/c04548d4218739cba4b320b75c8cc58f8cc1d18996226344b892e0140e273798/detection

79.134.225.71:9000

# Reference: https://www.virustotal.com/gui/file/38d3d278e68b84fa8f67058c38780710899c75cb185279f7967c1d3b861e1f0d/detection

maxcoopar5.ddns.net

# Reference: https://www.virustotal.com/gui/file/4cd61b4a631171e3ae9c9f1885c47211a8b2010be50af083b76de0b5bcf442ab/detection

79.134.225.92:3200

# Reference: https://www.virustotal.com/gui/file/394a026a1212e1d9c4ba5bf78f22cc1973bbc77937a18910557832fc87837ccb/detection

139.28.218.156:3200

# Reference: https://www.virustotal.com/gui/file/494d8064873d1794d6d571f54d8ce047b57d8ab621893ce9decea75017e7a880/detection

79.134.225.92:3001

# Reference: https://www.virustotal.com/gui/file/1659106dd4afb2d7e00d555274b175433649fbb3e99ab0a01cef6cbc6d64d7ec/detection

81.66.92.104:1188
mouche666.ddns.net

# Reference: https://www.virustotal.com/gui/file/bad6508e55a52052df8225ee3da34768100708e2968ab4ba50dfab1cbf7dfaf7/detection

184.82.58.11:6521
mammozzz.ddns.net

# Reference: https://www.virustotal.com/gui/file/cf9deb6200baf4ef9cefd4168701378c16ba502b6e1886aef9f322c2072e501e/detection

184.82.51.149:6521

# Reference: https://www.virustotal.com/gui/file/2362d63df84c0cc9dc7de087661e8841cea8719c4778ed8de9a3f68b5b8631c0/detection

181.58.155.117:8091
frankproxynue.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b266e96c304e00f0c3f15dda67fe91d4e71d923a18817c948226d2e477bf4e55/detection

18.188.14.65:14221

# Reference: https://www.virustotal.com/gui/file/eb553b15c0c741a471ad9f450c0ac7021c730dd5f2dfcd793c6b4a723749c8ea/detection

3.17.202.129:10290

# Reference: https://www.virustotal.com/gui/file/3c19e707a265ab2547bfbeb768ec993bcec6e8cb759d0ef625e235d91cdbc81b/detection

18.188.14.65:15968
18.223.41.243:15968
3.14.212.173:15968
3.17.202.129:15968
3.19.114.185:15968
3.19.3.150:15968

# Reference: https://www.virustotal.com/gui/file/40092d2d1b277932c662da54abf2485606340c236fae05fe5b0f92af1316c81e/detection

3.17.202.129:13347

# Reference: https://www.virustotal.com/gui/file/4453c7911af6ad9dc7304945a6e2903d2d1e91f4c0c29b579bcfc1158a12c317/detection

3.14.212.173:16669
3.17.202.129:16669
3.19.3.150:16669

# Reference: https://www.virustotal.com/gui/file/b29cbfea850709b62cafe6f85f2be2a5aaa9fba0264106bc53f968cdf36b05ae/detection

18.188.14.65:13085
3.14.212.173:13085
3.17.202.129:13085

# Reference: https://www.virustotal.com/gui/file/6ab5bf4fb0b007c362728696c783327dc86ba738249e0382077f1617f255ce2d/detection

18.188.14.65:17145
18.223.41.243:17145
3.14.212.173:17145
3.17.202.129:17145

# Reference: https://www.virustotal.com/gui/file/62b1fe85a6d2c0a76dd8209096cfb6017ac31c43e22b6a99448f7f694bd33046/detection

18.223.41.243:14768
3.17.202.129:14768

# Reference: https://www.virustotal.com/gui/file/46eb0f1d53416bfe8c0b7ee8ed0466f03633bbfdc4ee0e61c49e2817f7c45b6b/detection

3.14.212.173:16908

# Reference: https://www.virustotal.com/gui/file/38e48eb11029a3086955d6ab492e2206f1af12407cb168b3a89241c935dcb650/detection

18.223.41.243:16908
3.17.202.129:16908

# Reference: https://www.virustotal.com/gui/file/cb1e5ffac2e74da17d37cab6ae0b14e9e0ab522595f836919d5fc5bd33178699/detection

18.223.41.243:11928
3.19.3.150:11928

# Reference: https://www.virustotal.com/gui/file/43924dff1961d5bb62bd22686ffd3e4ddff4cc14a298f4329df2f1390f1e7d3d/detection

3.14.212.173:14915
3.17.202.129:14915
3.19.114.185:14915
3.19.3.150:14915

# Reference: https://www.virustotal.com/gui/file/a59791a43e661617ec6902a9c184ebdfc0717dfeef709910db37ebdfa98ac056/detection

3.14.212.173:15491
3.19.3.150:15491

# Reference: https://www.virustotal.com/gui/file/b914093514750b886e528e9fd140ce06b25bcd3df12df0a3b6dc2dac0a34d2f3/detection

18.188.14.65:17551
18.223.41.243:17551
3.14.212.173:17551
3.17.202.129:17551
3.19.3.150:17551

# Reference: https://www.virustotal.com/gui/file/617fd7610d64ac96a7d28d9defe1d679e82100d7c1596b54d346b8fe0f61515a/detection

18.188.14.65:17074
18.223.41.243:17074
3.14.212.173:17074
3.17.202.129:17074
3.19.114.185:17074
3.19.3.150:17074

# Reference: https://www.virustotal.com/gui/file/457c9854bd2c3411f6c9c6329f668401ca31267ad72551384c06a2f943cb9b28/detection

3.17.202.129:10759
3.19.3.150:10759

# Reference: https://www.virustotal.com/gui/file/8dab74c874a04fe65e10ccfe0b7a828b999af2a3a484083fbe5087aa4904ba28/detection

18.188.14.65:19346
18.223.41.243:19346
3.14.212.173:19346
3.17.202.129:19346

# Reference: https://www.virustotal.com/gui/file/2104dbad25a038809dd43cc4e3605dce20cb16ceef612df983553f60ca2d2be0/detection

18.188.14.65:14826
3.14.212.173:14826

# Reference: https://www.virustotal.com/gui/file/eca7f77ec653c3f94b3b6fa095fc665c2f81501e0bf3b3ac242dd9839747bbdd/detection

3.14.212.173:10361
3.19.3.150:10361

# Reference: https://www.virustotal.com/gui/file/17c826dc00cbc8cf90c5b5838cbbb8ab301b713ff3e3a0045715eaac827b0ed2/detection

3.17.202.129:14224
3.19.3.150:14224

# Reference: https://www.virustotal.com/gui/file/8e8b26b9d52ef35c72fc27770b79281093ed8c26740b257c8bfab66dd80eedf8/detection

18.188.14.65:13588
3.14.212.173:13588
3.17.202.129:13588
3.19.114.185:13588
3.19.3.150:13588

# Reference: https://www.virustotal.com/gui/file/c904d3eefe624fec4ed6506e5fe6ea0e66defdcf073642f687b124052e27e632/detection

18.188.14.65:16499
3.14.212.173:16499
3.19.114.185:16499
3.19.3.150:16499

# Reference: https://www.virustotal.com/gui/file/cdfc486618abedfc3be629585eb7b7cff96f7ae6c153366b6ce199165409a913/detection

3.17.202.129:16499

# Reference: https://www.virustotal.com/gui/file/38d1f625b48edbbd6004cec3fcd58ed83a99076f27dd1870add5d0770d8a6cfc/detection

3.14.212.173:12418
3.17.202.129:18965
3.19.114.185:12418

# Reference: https://www.virustotal.com/gui/file/b01c51c496438a588835a05a3a0406a65e3f21abd4e6f470b32fa2ed47c361b7/detection

193.161.193.99:32238

# Reference: https://www.virustotal.com/gui/file/9ea3870a5d3784c8bfcdea665cb1a084befd43c32d2f599f659b9f973e1309b7/detection

193.161.193.99:31928
ramram65-31928.portmap.host

# Reference: https://www.virustotal.com/gui/file/ed45624508fffaf1a417e1d7b9648733d197303437740e438a6526becdc606ec/detection

mifec-53733.portmap.host

# Reference: https://www.virustotal.com/gui/file/32014861da3653cb533c4e75bc1b80d2aa871cc723263daba2872c6a1126b7e9/detection

mf2199601-27273.portmap.host

# Reference: https://www.virustotal.com/gui/file/0dab3ac345d292876a0b3a8b8c825c3c2b1415e9c0e5d8d0aef2804e28e6b0aa/detection

193.161.193.99:22201

# Reference: https://www.virustotal.com/gui/file/ab70e9b072898b3d24b6c926cb6b6dc3d003b04f40a0812c32b697878b259557/detection

193.161.193.99:25679
79.134.225.112:25679
ghfsquad.duckdns.org

# Reference: https://www.virustotal.com/gui/file/078008691e9f2dadd795d39912b1e95274ddd18000b7242b604a571c338145b1/detection

6234786296875-60237.portmap.host

# Reference: https://www.virustotal.com/gui/file/5e88faead8cd217f6d4ebb9a4358ae8bdf75b1e76539ac8b7cf1baa673652b0c/detection

finera6504-54829.portmap.host

# Reference: https://www.virustotal.com/gui/file/9491e950532e7146031c687c94a29b0124b3fa30aa4b71d001f09874a756f3d3/detection

193.161.193.99:63239

# Reference: https://www.virustotal.com/gui/file/e21ee37c0b0f68c8307f907c3925b73852884d4a50d5a59d35e4c80b2807656e/detection

185.19.85.159:5000

# Reference: https://www.virustotal.com/gui/file/5089ed799eb09f8e2aea7e6dc822fbe77579aef8ee83a7d597566c05d21ef86b/detection

18.188.14.65:14401
18.223.41.243:14401
3.14.212.173:14401
3.19.3.150:14401

# Reference: https://www.virustotal.com/gui/file/b266e96c304e00f0c3f15dda67fe91d4e71d923a18817c948226d2e477bf4e55/detection

18.188.14.65:14221

# Reference: https://www.virustotal.com/gui/file/3c19e707a265ab2547bfbeb768ec993bcec6e8cb759d0ef625e235d91cdbc81b/detection

18.188.14.65:15968
18.223.41.243:15968
3.14.212.173:15968
3.17.202.129:15968
3.19.114.185:15968
3.19.3.150:15968

# Reference: https://www.virustotal.com/gui/file/048f14b39831bdae24b03b5a791921f8005a3ac585fe9fa6a4f02a23f0b18d3e/detection

ghfsquad.duckdns.org

# Reference: https://www.virustotal.com/gui/file/22fff4018f58d7c3200493c6ce6d244384a4566af3eac6604d668c20fe3507d5/detection

ludwigh.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ab70e9b072898b3d24b6c926cb6b6dc3d003b04f40a0812c32b697878b259557/detection

193.161.193.99:25679
79.134.225.112:25679

# Reference: https://www.virustotal.com/gui/file/cc559587825877b40a955baeea22039cbc35813ee00e139fa6a3c90b7355283a/detection

79.134.225.112:8192

# Reference: https://www.virustotal.com/gui/file/c7c4f46fdc24cdac5a4980740ca8a03d60b2c3d8291c61ca96d13941071c630c/detection

18.188.14.65:17619
18.223.41.243:17619
3.17.202.129:17619

# Reference: https://www.virustotal.com/gui/file/43924dff1961d5bb62bd22686ffd3e4ddff4cc14a298f4329df2f1390f1e7d3d/detection

3.14.212.173:14915
3.17.202.129:14915
3.19.114.185:14915
3.19.3.150:14915

# Reference: https://www.virustotal.com/gui/file/a59791a43e661617ec6902a9c184ebdfc0717dfeef709910db37ebdfa98ac056/detection

3.14.212.173:15491
3.19.3.150:15491

# Reference: https://www.virustotal.com/gui/file/b914093514750b886e528e9fd140ce06b25bcd3df12df0a3b6dc2dac0a34d2f3/detection

18.188.14.65:17551
18.223.41.243:17551
3.14.212.173:17551
3.17.202.129:17551
3.19.3.150:17551

# Reference: https://www.virustotal.com/gui/file/617fd7610d64ac96a7d28d9defe1d679e82100d7c1596b54d346b8fe0f61515a/detection

18.188.14.65:17074
18.223.41.243:17074
3.14.212.173:17074
3.17.202.129:17074
3.19.114.185:17074
3.19.3.150:17074

# Reference: https://www.virustotal.com/gui/file/3ebeb1f70b6579b6d6f7bb7a8303e954538980e450f345a7d634347e3d959821/detection

18.188.14.65:14542
18.223.41.243:14542
3.19.3.150:14542

# Reference: https://www.virustotal.com/gui/file/7e7577c914ecdbde12687cccda1eb7f0e6aa92bd8d506ac0e7a31b48a6cb9126/detection

18.223.41.243:4444
3.19.3.150:4444

# Reference: https://www.virustotal.com/gui/file/f41f1d81faeae84c1a9a88e58be89258fc479370f998cdde6f278bb2a8683935/detection

3.19.3.150:15185

# Reference: https://www.virustotal.com/gui/file/ed79b6da2d9aff76f722a1e66198a2747263e70bf13c1dcc13ef3fc0121fbd04/detection

18.223.41.243:13600
3.19.3.150:13600

# Reference: https://www.virustotal.com/gui/file/4ecd3fdbfd578b052b275bf320c638da4dae912693bbdb48f3f4d1c5f96c57b4/detection

18.188.14.65:14585
18.223.41.243:14585
3.19.3.150:14585

# Reference: https://www.virustotal.com/gui/file/8db2ade5d9158959f3fdaed2a556aa2d0a49b80cf6bb92fa3a4efcf4bcf9fa07/detection

178.124.140.136:1809

# Reference: https://www.virustotal.com/gui/file/f656b6cabbabc361a98fc10e70b80b00ba90dc3229ec979446f616f77b10d7bc/detection

178.124.140.136:2404
183.136.216.229:2404
nonnyd007.duckdns.org
nonnyd111.ddns.net
nonnyd111.bounceme.net

# Reference: https://www.virustotal.com/gui/file/9e42f0e6689fe9531a094d09e6b32edcdebdd1505676c08cbd487bfce73c5182/detection

178.124.140.136:5499
brucenanocore.strangled.net

# Reference: https://www.virustotal.com/gui/file/c9e92891eaf68aac8046da31cc2ad1e6c47c30d60bcbf38c1b94ec4e9b5e26fc/detection

2BruceNanocoreme.mywire.org

# Reference: https://www.virustotal.com/gui/file/2fddfa966358c9ef994566abdafa11b9d35bf41bf78378764aa847f8b3936890/detection

178.124.140.136:9321

# Reference: https://www.virustotal.com/gui/file/1ede3ee78c97f7e85d142943402e2a6c7234832cc596597f65f8b30ff77925e1/detection

79.134.225.108:50956
mardinmagicc.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc7d574ae8a394ce71db6cb3330f23b9719fda0ab91e9d33129566f1a582f327/detection

178.124.140.136:50956

# Reference: https://www.virustotal.com/gui/file/dda5d221e9ac6b2a2e779a38022618d8e6a162c4dd751ae8b8dd03c796fabeb1/detection

181.58.154.33:8090
nuevoproxy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/47f399288dd6cf10c822c60c8d5a226bb1b653b96b1efdb5007ae2335ec24e5b/detection

wilsooon.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1f84001e63b3ad164680854ef9fb924272f10aea0309edd955dc20044cb2069d/detection

181.58.154.33:8097
neuvoprxych.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3bef100ec761cf03c6fd1a14056ce6e0115b7c473f141df24e0c0d1280f200a7/detection

elrompeculo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3f418ee8b49c3b843753a191fb30aa33dfa20ef97f826d6d6b0ed25de0820599/detection

185.101.92.3:1543
uniformmm.ddns.net

# Reference: https://www.virustotal.com/gui/file/a9134c332a0d161ee9911d92098ba878f1f8149ee30f868c1f31c513b67e2f23/detection

185.101.92.3:555

# Reference: https://www.virustotal.com/gui/file/214bf6420145504d496c988a2e003a134edc1e6d34d75a3b7fbb11fcdecddffa/detection

185.101.92.3:4567
hostnamehere3221.ddns.net

# Reference: https://www.virustotal.com/gui/file/f6b0302c07863abca103f6351d1be9fe45c45e2264308f5e876dd2fc21438dbb/detection

185.101.92.3:8942

# Reference: https://www.virustotal.com/gui/file/df7ac7026a687e11e8a04843cdfc10826662612609a66b4143ba92f8935b0f8e/detection

154.233.206.57:3606

# Reference: https://www.virustotal.com/gui/file/a34cfef9623b451397ea588c5e147c24feb8632d6b93ab1f897e954b01cc8584/detection

196.183.170.62:50000

# Reference: https://www.virustotal.com/gui/file/5b1ba114696a36cca4877f2a78d3fce9ca508d8309fd79888a86ba4407ccea3a/detection

192.169.69.25:50000

# Reference: https://www.virustotal.com/gui/file/92076a0eaf867a24c275bd8c7ca67367727b17a8a7039dd9969baa9f91d13803/detection

91.193.75.130:5577

# Reference: https://www.virustotal.com/gui/file/f3b9ece03446aaf6812787af22c7aa1c64147afc89c015767320df1150e93df4/detection

91.193.75.95:6767

# Reference: https://www.virustotal.com/gui/file/cb2de7f5a09779a76272efd77c45c21ddb40c86e590bf93d1247fff91074f296/detection

104.244.75.220:5200
herold.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/cb2de7f5a09779a76272efd77c45c21ddb40c86e590bf93d1247fff91074f296/detection

104.244.75.220:7788

# Reference: https://www.virustotal.com/gui/file/9b625089db69dcd9a4bd37ac3e4c3fe01771aa8813792db9950608dc526c56e8/detection

104.244.75.220:9053
yeetustest.hopto.org

# Reference: https://www.virustotal.com/gui/file/6291a9f4ac7dbb741f317c61b7f60bb5d9bc064abeb47e66292ededbfcb38966/detection

104.244.75.220:7172
104.244.75.220:4199

# Reference: https://www.virustotal.com/gui/file/0b05c6f6e71641668dc8ab8cd85c88fe056a9416b4e0ba6ca3e4494f03e73a71/detection

104.244.75.220:38199
awdawdwa.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e6ce3753cb68b162f63e9f7cddbce5f1f565121bc611c43123661f8dd7a18db7/detection

104.244.75.220:9301

# Reference: https://www.virustotal.com/gui/file/721ff56645d9b040ff0704303ea2ff404891b5b90cdb181d4849974993f60357/detection

104.244.75.220:4714

# Reference: https://www.virustotal.com/gui/file/2a868cbaa45f10a390c03eb533cbee459263758cc63e5fc19448ee1ba9b1272e/detection

109.41.194.231:4714

# Reference: https://www.virustotal.com/gui/file/8e7ee641d22f74c79c7836e8676e9820dd61093e59d6933609c418ec1dcb54a2/detection

104.244.75.220:5552
77.30.230.177:5552
anon.dynu.net

# Reference: https://www.virustotal.com/gui/file/f8333b1937cc6a6b63fee46404b65be8d8962d8f387cfb9abdbeaf7160732bb3/detection

104.244.75.220:4492

# Reference: https://www.virustotal.com/gui/file/3d0fbfed00f92b9d215733b5bd042fc9812101e1bfea3690b54c3d6d8f557f4f/detection

79.134.225.112:8512

# Reference: https://www.virustotal.com/gui/file/2d710e99a83080c4ec8e6b4c34d8330ff4459ed211b142a0bb427a92942f22d0/detection

79.134.225.112:2018

# Reference: https://www.virustotal.com/gui/file/d959d357dac740b5eed96bc85b4b0016a8bb5e2fdf76d60e370978314d463f6a/detection

ceo1212.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/dbcf96c272001efbcd4b9064ff07505e22d325a292cd837a6328a146ff61689d/detection

79.134.225.112:1985
emanichikli.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7cdcf238c4f72fb9bcd44aebf2b96eaed767451ffe255486160abaf5fbb25c92/detection

79.134.225.112:10001
blazeblaze.ddns.net

# Reference: https://www.virustotal.com/gui/file/e3d56b5128b727addbd7d43de64174fc2e8a1bda132eb12e63a1f7714329fdfc/detection

91.193.75.49:3400
mansalorris.ddns.net

# Reference: https://www.virustotal.com/gui/file/8585a8c535ccead00c76edeb3d922323565cddd6f1703ab2105365412e8ae3dc/detection

91.193.75.49:2444

# Reference: https://www.virustotal.com/gui/file/ac85f6bd887fda2a0d470e4fde35f2af1432a0dc1707a9a4746cb57c6e58892a/detection

91.193.75.49:3369

# Reference: https://www.virustotal.com/gui/file/4224da4c2ff5b00bf5a3cdb0240b45a41d68ed8e6c32264a4681d33f86ef77d5/detection

ken419.chickenkiller.com
kenosky.ddns.net

# Reference: https://www.virustotal.com/gui/file/f9436595968d10a0b1b146e8e970e3bf1c9faf8f9ebdb2b583e31888c4189623/detection

79.134.225.97:6565

# Reference: https://www.virustotal.com/gui/file/fda4b6acd7c4277dc30ed516c360957a931043c6881de0eab69c77ab217a254e/detection

79.134.225.97:9737

# Reference: https://www.virustotal.com/gui/file/e916e056b9d5efb8a9c866f7819929e2fd40c59f42adba734baba08484c89cea/detection

79.134.225.114:3369

# Reference: https://www.virustotal.com/gui/file/c7b590eb0e8fad463d05ea8386a554dd39d02a9b052d4a658b6eb10d6e02901c/detection

79.134.225.122:3369

# Reference: https://www.virustotal.com/gui/file/3c9d86be0837c561a345c71e41387c04aac3b69f4cb533092926bf7dac1af342/detection

79.134.225.99:3369

# Reference: https://www.virustotal.com/gui/file/90a1ba4011f5df93fa18c72bff8f8c300a74cd50b5571b3946cc4a96e8ea2534/detection

185.140.53.95:2551
sebaseuro.duckdns.org

# Reference: https://www.virustotal.com/gui/file/51b14de8aa45b3015b96ecd599fe43efbec8ab7fe4c1d2b88f6bcb010f8ba564/detection

176.9.122.21:3336
94.130.239.15:3336
185.244.129.107:5200
sifebui.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/6af387a64a8cc32b1045743bb0d484292cb4741d7c4fcbcbdd22d02c7f33474f/detection

185.244.129.107:54984

# Reference: https://www.virustotal.com/gui/file/8ce21f775dd62bbb983e5e38c6b7a0c353d8751e028409a3e6f5fa9bc7205f24/detection

185.244.129.107:1996

# Reference: https://www.virustotal.com/gui/file/2ce1bc3f8566eb8c67134ba50081853c8dd74dcf3b3cf15fde02b2330e3c1df4/detection

185.244.129.107:1111

# Reference: https://www.virustotal.com/gui/file/1626baf23e94a9d97660fc39a83293b306a94ba0bb7a9a12c9b5910f8bf55bb8/detection

185.244.129.107:6969

# Reference: https://www.virustotal.com/gui/file/69edcfc3ccdd3fc311bac8c7d30c1e9598838849ba4b88f2a086b8734771c913/detection

79.134.225.85:54984
79.134.225.118:54984
getlogs.hopto.org
homyme.hopto.org

# Reference: https://www.virustotal.com/gui/file/38e67216901a8f1b035fb53ef5cd0b90e074d35fd364e7500ed6442c723f75b7/detection

79.134.225.73:7149
blissmoney12.ddns.net

# Reference: https://www.virustotal.com/gui/file/53b66b10fbb3d262266ca30a76ef3523cacffc249b624d68e17de932e076c5ea/detection

79.134.225.118:6987
diala11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bcc20cc6fdde32260163db65096cd4c70e197f45d38d1e041807410794cbbc33/detection

79.134.225.118:54985

# Reference: https://www.virustotal.com/gui/file/18b578ba26202a2a2e7083bdcd5bd4dd093661ff0e4e316fbcea59397584f9b0/detection

79.134.225.118:3030

# Reference: https://www.virustotal.com/gui/file/1c1a804c8bc1fe9610fca25c8cbf16045b49766a79da5c9eb9ebea2cb6b7643d/detection

zsdwe.ddns.net

# Reference: https://www.virustotal.com/gui/file/8d9d0a5f190bb82dfe0005203c7f75acef0fd8047b80ce1b779e10fad0ac5931/detection

91.193.75.66:20188
zigf.ddns.net

# Reference: https://www.virustotal.com/gui/file/b29d9d38be189a8b35dd223d2dc7c1f701b23cc7fa48d69edaefca5b1b251307/detection

91.189.180.199:2707
wixed.speedfastmaking.com

# Reference: https://www.virustotal.com/gui/file/ad1339af6c284ed966c739401f4e5e97d55c13d1d1fb62f114780fe6aa97b94f/detection

181.52.103.29:1896
nickdns26.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b6d95e33ce0805589eadf7d6a27070a4154e1bfb6b4b998be0343043f6fea163/detection

192.169.69.25:1896

# Reference: https://www.virustotal.com/gui/file/597b4ca12cda81ad162829ef96071e66abd6a6de21bcb9f09c03a0c34b3d787c/detection

noch419.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/3768cd12daf7eb339a56ed62a35a14f12a696c15731b8fc6704f2f3a46a3e49c/detection

alexnurmela109.ddns.net

# Reference: https://www.virustotal.com/gui/file/1c0f8bb31d034bd8841b61f46e280c8a3f648788d31fa9c1c6ad949bb12e829e/detection

91.233.116.105:5042
eliboy.ddns.net

# Reference: https://www.virustotal.com/gui/file/85e80c6f19458024a810c599e997a8c3e54c1e22316d18c000221884c8dbd4ca/detection

91.233.116.105:10842

# Reference: https://www.virustotal.com/gui/file/580c58deca6b3117e03707c9e27f200a1c64d1a62d4c975c3805732333b686ec/detection

91.233.116.105:9868

# Reference: https://www.virustotal.com/gui/file/f731cb13ea188f26b510684bb74976fdc91b7b4c9eb49432fa1e981757d299a6/detection

42.115.19.255:9868

# Reference: https://www.virustotal.com/gui/file/d5dd0426bfc54c05559af8880d54beb7e4becfeea7a0f3e998957087300df362/detection

79.134.225.6:5712
91.233.116.105:7203
pierreeldaher.ddns.net

# Reference: https://www.virustotal.com/gui/file/82602fe5311fb11e3db7dc4358441f229bd1ddbc7ea22cc5628ee2422ea0f300/detection

91.233.116.105:2008

# Reference: https://www.virustotal.com/gui/file/5394b645dc5e99216de82c4e9e42f5fd880b15463337b2d9b91028e3e9fd1a53/detection

78ifngbu.ddns.net

# Reference: https://www.virustotal.com/gui/file/f9b0c1245e9e11983310629899824e323bf5dc657d97329f3c3e38c6ac5a48c8/detection

91.233.116.105:56982

# Reference: https://www.virustotal.com/gui/file/1bc87a52a0a57278ead8e1104902f58d0c7a5cf10febc758580fb81d4042ccd9/detection

193.161.193.99:40921

# Reference: https://www.virustotal.com/gui/file/d0ba2c003cb44a1b94a3accb7d30a4d05ea235b50aea72c91156286c1f2e8bd0/detection

193.161.193.99:1019

# Reference: https://www.virustotal.com/gui/file/0ef2355f705c31f9c510ed4deee0bc4a5ddcb5d5d26a9a94b35adedd2c9b2505/detection

197.210.55.13:2033

# Reference: https://www.virustotal.com/gui/file/a6a9bcff33099e92b9e8dd9195733983a7034d65d35f5d7b6242fca16436f4cc/detection

79.134.225.72:36380

# Reference: https://www.virustotal.com/gui/file/6e837bcb37f70c86a1d8aac5e42aa36336220e93d63b7ae451ca6c4f9dee096a/detection

79.134.225.72:5454
ewills.ufcfan.org

# Reference: https://www.virustotal.com/gui/file/0db74f2fc1f161cdcccddaca7d825bfc91054ac39bdf3631849ab2df7d343e53/detection

79.172.242.29:36378

# Reference: https://www.virustotal.com/gui/file/14c67c40100dbc7684f4cb440742c58ac5abb73c14745c487c0bfe114432940c/detection

79.134.225.72:8153

# Reference: https://www.virustotal.com/gui/file/b9f211ca817ee3c892fbe38b31d8e9cf4951edd514b9533438cb5fcc433e4598/detection

105.112.52.198:6690
79.134.225.72:6690

# Reference: https://www.virustotal.com/gui/file/d505673bd7bc008592d71a2b7ff6660dc4352f120aabffbb47fdcd0c638d6d7f/detection

79.134.225.72:33933

# Reference: https://www.virustotal.com/gui/file/262e429b5551d414e9bdcb7a179bbdea962119cfd23fb33810e77ba56671d5cf/detection

ambit10.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cd8b31328a688c29ec077b14648fdd55bd5afea4df93f52030ab0aabef79820a/detection

5.62.62.239:1503

# Reference: https://www.virustotal.com/gui/file/5ca2fd3e3b26a7bc590b1332b5976c5b24fdfbdc5747da48287a320679a78683/detection

starlucky1.dynu.net

# Reference: https://www.virustotal.com/gui/file/b88aee0b1e70baa4a740bcec88a741ebb3b61f7f8e3360fd58a0eb38a23899e3/detection

79.134.225.72:3535

# Reference: https://www.virustotal.com/gui/file/168493363a7b5aad9a6ace37d9c6d7ee2e853ab5b2d05baec3e87f40e3ea9659/detection

79.134.225.72:2033

# Reference: https://www.virustotal.com/gui/file/6227a06d987fb90e671dc998ce8dab78cde2b1c8747836bcdce46e9e98184bb5/detection

79.134.225.72:6011
microst324.giize.com

# Reference: https://www.virustotal.com/gui/file/097b934995ccb05663cecefa0291267e72f0a64e10894ca42551c3c5d938eacb/detection

197.210.227.213:2033

# Reference: https://www.virustotal.com/gui/file/f6c435047c27951a7088d71dd6d5f6ab247bc367b2b27a891607a6cd26e97adb/detection

abangwuemmanuel94.ovh.net

# Reference: https://www.virustotal.com/gui/file/8fb6815d18b02a74c22cb16b5c5e6268453c980df8a7f76e97e82e27351f6167/detection

79.134.225.72:1999

# Reference: https://www.virustotal.com/gui/file/2f080673e2590f87e65dcbe9bf480e815cfb98ed625ddf6c881a54aaea8c888a/detection

79.134.225.74:34681
88.229.203.24:34681

# Reference: https://www.virustotal.com/gui/file/f6aa685beb9a092360bb8d8915e7b68a0a8e528f02e84ce82efdc57d32d711ad/detection

79.134.225.72:9110

# Reference: https://www.virustotal.com/gui/file/75812e37521129679dc11280d588f1efbf389f9d8a5cd81fde8a39caaaccd8c2/detection

79.134.225.73:3434
nowahalaewe.ddns.net

# Reference: https://www.virustotal.com/gui/file/126f58bc8b4575c9ebe71f726ac25e1381acb67d7c6411182ec37e7334946792/detection

79.134.225.73:6393

# Reference: https://www.virustotal.com/gui/file/d3e8103bba7d8b2e4f52d575df077f899e0b5ccab8e54f3cd091be0a3a938a83/detection

79.134.225.73:8181

# Reference: https://www.virustotal.com/gui/file/51052fd0cd4e0f85018fbfdb736045d4561203e451a84cb48bc56199c4e9fc4a/detection

42.115.18.212:7656
79.134.225.73:7656
albert109045555.hopto.org

# Reference: https://www.virustotal.com/gui/file/7a9befc421814f35d81aebc3d47341e1b29662131be56f5ac20bd867acf912bd/detection

197.211.58.127:8181

# Reference: https://www.virustotal.com/gui/file/e83ef3374d2d0b943ec6e59fa8da7dfd912c4393154f71d54f8e6e8897be30f7/detection

79.134.225.73:6003

# Reference: https://www.virustotal.com/gui/file/d421e135a7480a6dd92dc2bf22729542da11d2d1cbb7d8ab0675e3b5e62d12fd/detection

197.211.58.95:8181

# Reference: https://www.virustotal.com/gui/file/2c71a924d8c20cea3be22c0b403b577c7bba104a528dfe9736a724c28049a4d8/detection

213.208.152.196:8181

# Reference: https://www.virustotal.com/gui/file/905939ac2724217e860892088d3901bfed2a1d5208b77b7d83f84d73ddffd59c/detection

79.134.225.73:2001
adikaremix.hopto.org

# Reference: https://www.virustotal.com/gui/file/01933cb24077a81c3580c1c066b0c48e9c588d95e31df2979193441e4e7dc62f/detection

82.102.17.122:2001

# Reference: https://www.virustotal.com/gui/file/65d1fb614241f771b59aa8bd4b0a5ab129b944e970b3c2a93503edeaa88e445a/detection

xyzindustry.hopto.org

# Reference: https://www.virustotal.com/gui/file/7973f4689aa8f60918dcf195ac6bcdb1aedfbe0f56574918145810232c3e73de/detection

197.211.58.135:8181

# Reference: https://www.virustotal.com/gui/file/bfdd986c06db7af18170f4958d0bf0f4d9bb92d00413b9ce9b10269a9544ca0b/detection

42.115.49.50:7656

# Reference: https://www.virustotal.com/gui/file/2243db2c7a14d0846222806fbe4f91a55b0f84649f454e9261f074a4756d2a07/detection

79.134.225.73:20118

# Reference: https://www.virustotal.com/gui/file/31caf27f777866cafa5ed619628e4c039ab6872ce4a288e3b1af8029525741f5/detection

79.134.225.73:8282

# Reference: https://www.virustotal.com/gui/file/c1f71d7547ce96052e057cf77c4c6af952973113adc1a25a80da10666e90a750/detection

dalpzy.ddns.net

# Reference: https://www.virustotal.com/gui/file/127b1d549cc114f02db9fc4fa2dc7a5adb77963827a379526fa0c16a39e2ddab/detection

108.211.192.169:1085

# Reference: https://www.virustotal.com/gui/file/c4a2d24a66c76f64124e7b856d46df4211366a8b2b030750a26532dd747f88e5/detection

jrexy.ddns.net

# Reference: https://twitter.com/cocaman/status/1214084915471495170

analyst.spamcannibal.xyz

# Reference: https://www.virustotal.com/gui/file/b48934041e4bb3e55d3d5a30eb8a613695bc7f90a1d1e9b790ef7de91b2efcf3/detection

192.253.240.11:6774

# Reference: https://www.virustotal.com/gui/file/404fd3ac3ac87f9b115a7e22129909154af934057ff83e33eee88afc6944f067/detection

185.244.30.4:11011

# Reference: https://www.virustotal.com/gui/domain/nanocoreratd.ddns.net/details

nanocoreratd.ddns.net

# Reference: https://www.virustotal.com/gui/file/76252d2c26dde0bdf525711b11fbede81a5add73ae06e0e3ff3d316f21077095/detection

194.5.98.28:7203

# Reference: https://www.virustotal.com/gui/file/69a2f5f6f083f476574777392f3702e4c44f99ad9884740dfa020ea5b257194e/detection

154.120.88.80:7203
79.134.225.8:5712

# Reference: https://www.virustotal.com/gui/file/1210e64a487568b581de88c6669e54b28692a14cafd2c9803fbb4a7cbba2716f/detection

185.165.153.15:7203
79.134.225.8:5711

# Reference: https://www.virustotal.com/gui/file/d5dd0426bfc54c05559af8880d54beb7e4becfeea7a0f3e998957087300df362/detection

79.134.225.6:5712
91.233.116.105:7203


# Reference: https://any.run/report/438f92ef7a0650f72954b5636b40ec2112defe32541c0351ea62987a72d6500b/1f7b133e-d6da-4671-bab4-a20d26b80822
# Reference: https://any.run/report/62ac84ba831bce835274bc6e57db62066a93a219c328716891b19a1677667f7e/ef08220c-811a-453b-b8f9-dd20a62a5077

papacy.ddns.net
kkssa.chickenkiller.com
primedelivery.net

# Reference: https://twitter.com/ScumBots/status/1214663352854540288

194.5.97.34:9090
omcavi.duckdns.org

# Reference: https://app.any.run/tasks/20dc289f-ed01-4c63-8a05-12ccd9213ecb/

xeliteme.us
tats2lou.ddns.net

# Reference: https://www.virustotal.com/gui/file/86c8896067480a260f931692b6f2223d603415a0708e8d16cc5ead90f9b22ba3/detection

86.90.27.189:5678
spowpow12.hopto.org

# Reference: https://twitter.com/ps66uk/status/1215035648899452929

185.103.96.151:3012

# Reference: https://twitter.com/James_inthe_box/status/1215290232355966977

185.165.153.129:5421

# Reference: https://twitter.com/w3ndige/status/1215366283404959747
# Reference: https://app.any.run/tasks/4dacd054-e58f-4d81-b9b5-4afe25a037bf/

185.244.30.23:1001
192.169.69.25:1001
abokijob.hopto.org
aboki0419.duckdns.org

# Reference: https://www.virustotal.com/gui/file/76007a8f8bcaea779bbe998e8ce38b154c274fd9cd7b461bdd09b37a13ae460c/detection

185.19.85.139:9900

# Reference: https://www.virustotal.com/gui/file/48f52c87b38b91436943196dec0923f9412007a61ea31ac99ed2c10e3a5b7a23/detection

185.244.30.23:9900
192.169.69.25:9900

# Reference: https://www.virustotal.com/gui/file/d8c2b06570a0c86994d2ddf5b0e98d69365d9541ff262a03f4c1271d2def4cff/detection

jemoederspow.ddns.net

# Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/

185.165.153.165:49153

# Reference: https://app.any.run/tasks/fc78adae-45ff-4832-aa97-ee472f6629b8/

abokijob.hopto.org
185.244.30.23:1001

# Reference: https://www.virustotal.com/gui/file/864ab11cd4f2b167f86c3fa3a295dc5825ab961003afda2d7a827c97becb51f8/detection

66.183.41.207:5353
filip1.ddns.net

# Reference: https://pastebin.com/pwvLeQ9S

75.157.67.9:8402
jacobip123.ddns.net

# Reference: https://www.virustotal.com/gui/file/96c1348e80f4fe4fcd284d4b0b3cbb23098ff621ddf1d28fb740b05bb063da99/detection

185.222.202.61:5567
walkerstand.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a07a557b07f43ba223cda68c073a527f8487f53fb0313650c2405ae09633afa/detection

181.141.45.33:5020
pedaenaf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d694a7c79797c8d59c0b5bc60e935bc9e5478735797ef6bee44a6e1e95d5d33a/detection

129.205.113.201:64346
chuks.hopto.org

# Reference: https://www.virustotal.com/gui/file/95b7f419d6559f5c1f518d67b5600d1d544b8cfbdba6cec51f136dcc98d6c357/detection

105.112.96.122:53247
ratu22.ddns.net

# Reference: https://www.virustotal.com/gui/file/13a8123b240dabbe55cf509c08cfc63ae3e50032edb8f2554ae1172ff5faa0d2/detection

141.255.154.84:25565
blazingpack.ddns.net

# Reference: https://www.virustotal.com/gui/file/7800bd0af0d16183c1ea98c5931a4a4a58d9b590e3b2d7ba73848fcf4e32151e/detection

141.255.155.79:25565

# Reference: https://www.virustotal.com/gui/file/45c030a162184b42f5ca5670b7d78f9bde36b871cf6dadaba6dcecc820d2710b/detection

192.254.79.116:50968
50968.duckdns.org

# Reference: https://www.virustotal.com/gui/file/40f9bd30b660332bd06515a390f0b1eb976996dcdfd02bdb765a8d70f3fd64fd/detection

128.90.108.69:4432

# Reference: https://www.virustotal.com/gui/file/967193d5fbb7164ec4d1ec698c015104c7a890774e3e0350629e1a84b14d8856/detection

192.169.69.25:5190
jans5190cwv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/090ddc16d1f8d192037d8bc070c296623ab950a18c5d864f63da34640b4b221f/detection

79.191.63.233:1604
eevkakopacz.ddns.net

# Reference: https://twitter.com/wwp96/status/1216782313096384514
# Reference: https://app.any.run/tasks/cf1e122a-f304-467f-90a9-8d80b58befe0/

91.189.180.211:56749

# Reference: https://twitter.com/ps66uk/status/1216849774407798785
# Reference: https://app.any.run/tasks/e76a9253-bf92-4af6-b6bb-4436afc5a130/

45.125.239.168:46571

# Reference: https://twitter.com/ps66uk/status/1216849775787741185
# Reference: https://app.any.run/tasks/9b649c1b-6eac-4a2e-8fd3-6544801f5747/

185.165.153.22:1943

# Reference: https://www.virustotal.com/gui/file/4cdc01d5d789c72f59dc40f11f4906da636bab6c5d6968f70f72d4503e93d983/detection

79.134.225.96:1313
nybenlord.duckdns.org

# Reference: https://app.any.run/tasks/ae59fa2c-2619-4444-825a-fed7a40e1d0a/

alcaldia.duckdns.org
181.52.109.69:1881

# Reference: https://app.any.run/tasks/583d71f6-9261-46c8-9ae9-5103050e3a46/

tugatuga.duckdns.org
tugatuga1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ebc05d5a82e9ffab000a94bf6ee04cd0689e8988ecb2a899360e44472a3b4733/detection

177.75.41.182:1888

# Reference: https://app.any.run/tasks/584d898f-a187-4176-a23a-3cad11712034/

innocentbooii.hopto.org
79.134.225.113:55420

# Reference: https://app.any.run/tasks/54e108b5-af27-4310-8cbc-f94696ff6074/

manofficial.ddns.net
79.134.225.75:4473

# Reference: https://www.virustotal.com/gui/file/6c3bf812335763ffd48debe7d75ea51ac56cb8a4cd92ebeae849885e63ffbfad/detection

103.207.38.195:1590
myduck1590.duckdns.org

# Reference: https://twitter.com/wwp96/status/1220367245966299137
# Reference: https://app.any.run/tasks/6f7d1a38-f5bf-49a3-8b38-b73724afd17d/

185.244.30.112:1144
nass1144.ddns.net

# Reference: https://www.virustotal.com/gui/file/b08dd3ea26b827f9052689fad296770adcd7db594fb73c98ce092d9bc485b97f/detection

41.190.12.45:1985

# Reference: https://www.virustotal.com/gui/file/54165ae0cb5971866642a731e4abee053c4752bd68a8178386278558a60f498c/detection

41.190.12.212:1985
41.190.14.58:1985

# Reference: https://www.virustotal.com/gui/file/03b4ef6a09b015a7c2addc82099c23c738117c2b5a9153ea1f70c54803563b29/detection

42.188.37.214:6318

# Reference: https://www.virustotal.com/gui/file/810535c9dad183fffd0a09db189695f80f456dd047095aba94e8c34fcb995020/detection

swez114.ddns.net

# Reference: https://www.virustotal.com/gui/file/d6b256c011e8a0d5f969bcff214dcb697e1cef51ff32e6aaf8753d8eb9c4c8e3/detection

godstar.hopto.org

# Reference: https://www.virustotal.com/gui/file/f2d2480e501b85bb3bd147f6b796d00bbb9b352f15e98cfb6dc0e771cb88a8ed/detection

88.150.227.112:5000

# Reference: https://www.virustotal.com/gui/file/9e2396c6cdff60fb006f0c9e637a520459d96957c220d5fb989eb467bf20b8a3/detection

88.150.227.112:4000

# Reference: https://www.virustotal.com/gui/file/e0355ea608faa4312778e16aaf5b1b09432a730c86cbcc3b9bc7b4220ea7a5a3/detection

88.150.227.112:1422

# Reference: https://www.virustotal.com/gui/file/8611a0492c37189d0066aa55c1d54c3c18915666217814f437b0f4d67b50339f/detection

216.38.7.247:9995
jukax.ddns.net

# Reference: https://app.any.run/tasks/c461873d-3249-41ce-b350-b9a592a7ccf1/

sherimix.duckdns.org
departdec.duckdns.org

# Reference: https://app.any.run/tasks/55da3974-76de-41e0-80fb-2e8437748631/

79.134.225.5:4040

# Reference: https://twitter.com/wwp96/status/1222594326850609153
# Reference: https://app.any.run/tasks/8e0eebfd-55bc-4211-8a78-019088791cf2/

168.235.111.253:54671

# Reference: https://twitter.com/wwp96/status/1222644734675619848
# Reference: https://app.any.run/tasks/1da82563-fa9c-4d2b-8f79-a87f07fcf4fd/

79.134.225.79:204
newratti.3utilities.com

# Reference: https://www.virustotal.com/gui/file/c8b4cd3dc221f265a096413ea20dd2b97fff8efa162f3a69c9b8d722bd2110b6/detection

37.228.132.165:1010
37.228.132.165:1011
smithadmin.changeip.net

# Reference: https://www.virustotal.com/gui/file/a5c52fa8affb071a4af2a02bd281bb8146b14536176c3b07a4be74a56872feb9/detection

205.185.125.42:1010

# Reference: https://www.virustotal.com/gui/file/54d50305787d2811dc15a71cdf996c8927ed4d8ee11a9e7e950c33c71b4df65d/detection

178.209.46.144:1010

# Reference: https://www.virustotal.com/gui/file/167bb83c774a9590876e2336eff22d420bef4880c69f15a1bb4147ede74aec52/detection

194.5.97.58:1010

# Reference: https://app.any.run/tasks/8ae3a07a-23c8-4d67-a577-e647d2b79bad/

193.23.3.36:54984
pimpinjg.ddns.net

# Reference: https://www.virustotal.com/gui/file/74579525e06c50e98205e5e4572569b3e618a304e2cf4c3d79ad37491e29ad70/detection

185.13.38.227:54907
snosy.ddns.net

# Reference: https://www.virustotal.com/gui/file/b1e27b6a375d7f58cdae46e324a80d4bfef5fe505f207994587600b8acc23e79/detection

31.171.152.107:9874

# Reference: https://www.virustotal.com/gui/file/949b142fdff443cedd4e1c303f50b4cd747e3b0ba9b6d48b6263e0e3ebe55d71/detection

197.228.220.133:9874

# Reference: https://www.virustotal.com/gui/file/de6117e4692d1fcd1553b69cc537e63fae2d4d9d043f8dc909854b5df3477837/detection

31.171.152.107:1990

# Reference: https://www.virustotal.com/gui/file/8012fe6af55b01332bd9b83157f0d36c5fe632d9813fea873b7190dcc789ae8c/detection

178.239.21.105:9874

# Reference: https://www.virustotal.com/gui/file/79dcd9b0ab0e94b62db8f410610b31cd3814358862cf9725d8f29cc6abcd7694/detection

95.7.171.7:9874

# Reference: https://app.any.run/tasks/a006f71c-ece2-4c4b-8184-a57a88cb0012/

smithinnocent.ddns.net
79.134.225.21:53590

# Reference: https://pastebin.com/gKS1vLYp
# Reference: https://www.virustotal.com/gui/file/aff3f9466a3b8932f1f1b39b83bcf39277226b28dfa0a7d18f6f58c98fa9f2db/detection

185.140.53.8:3457
miraqueen.publicvm.com

# Reference: https://www.virustotal.com/gui/file/437b346787558fcf1ad38016c5cf8e96954ac19b34a96ed9364b8b1f25b4fbdc/detection

216.38.8.179:7568

# Reference: https://www.virustotal.com/gui/file/fec05533afdbf366e17ba6737add44ca5b376c8b585d042bd677c97738a49d9f/detection

185.244.30.9:7568

# Reference: https://www.virustotal.com/gui/file/f96edda29215441dfe2a73e803c53d21643d45d24de527f10764ffe818f58a1c/detection

moneyman2020.spdns.de
mothermaryblessme.duckdns.org

# Reference: https://www.virustotal.com/gui/file/aaefc8d70929c09a3101aff8748839f2f349d62d2a5b8fe0d624cc4dde1c5583/detection

185.62.188.44:5003
185.62.189.77:5003

# Reference: https://www.virustotal.com/gui/file/a2ffbd0a464843fcaa3908e8b5365fce60c89f757f371bc518524a5416ad5096/detection

185.244.30.251:83

# Reference: https://www.virustotal.com/gui/file/effc2b4841d18a24ac00e9c181845d2618455379bd4f5256d3cd68ccdba7a4dc/detection

105.112.104.168:83

# Reference: https://twitter.com/wwp96/status/1224387875728478208
# Reference: https://app.any.run/tasks/fb820ab8-d843-4409-bb9a-8b9fc9ae90ac/

185.244.30.211:1985

# Reference: https://www.virustotal.com/gui/file/883562a2a36809c07e2368a7d0fd47e8e8fc23a839837f1ebe64b86dcc3209d5/detection

79.134.225.74:2404
79.134.225.89:2404
behco.duckdns.org
paris4real111.ddnsfree.com

# Reference: https://app.any.run/tasks/7d0cfbcf-895b-4f93-85bd-2479689d3fcd/

deresurrection.ddns.net
185.19.85.133:1414

# Reference: https://app.any.run/tasks/a684bd88-3cd0-4286-bbbd-fa745f704e7c/

68.192.153.27:80

# Reference: https://twitter.com/Racco42/status/1225375672023027712
# Reference: https://app.any.run/tasks/303554f6-8b27-4513-b846-a290d4843728/

192.169.69.25:9993
216.45.59.111:9993

# Reference: https://twitter.com/wwp96/status/1225522548152176641
# Reference: https://app.any.run/tasks/747ee072-8840-4acd-92b3-7a228bfa637c/

168.235.111.253:9080

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html (# Win.Dropper.Genkryptik-7572204-0)
# Reference: https://www.virustotal.com/gui/file/0b023aa63679132222f38f83cc5d068b64294f27378657a83d5a1e382a0f5f6a/detection

79.134.225.5:4040
olodofries88.ddns.net

# Reference: https://www.virustotal.com/gui/file/f258a50ca8b8d5509bffd9a3d9ecd9838a29663771db18c0d6aefc3460c34fc4/detection

185.140.53.185:4040
steel500.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d52c3cf4249d0f2c27d6942949badc24a00ecdd63008867c52fe49c2b4f9da08/detection

78.162.76.87:4040

# Reference: https://www.virustotal.com/gui/file/363ddc8232d216392189af61de76aa4bc1f3ae5f621805a83441c5b4ba75466b/detection

84.210.40.80:1604
krypticon95.ddns.net

# Reference: https://www.virustotal.com/gui/file/99c559b39819700d6fe099a07a84038807989b06fb4e794e5918959d11674e95/detection

95.188.71.69:7777
gooodwin.ddns.net

# Reference: https://www.virustotal.com/gui/file/db167cbcae2b2dfa8920f268d3af0e953d5a9e0ecc195f613c317dd6e1e98e45/detection

realfolger1.ddns.net

# Reference: https://www.virustotal.com/gui/domain/sdlzglass.com/relations
# Reference: https://www.virustotal.com/gui/file/95e902dc390bf92e13b9b2c02832972be2f2dd1bde858fc69cf0ef764059e145/behavior/Dr.Web%20vxCube
# Reference: https://app.any.run/tasks/19460de6-5d10-4df4-8711-51262870d284/
# Reference: https://www.virustotal.com/gui/ip-address/23.105.131.153/relations
# Reference: https://www.virustotal.com/gui/file/bc9a61fa02eb88783395ac1d94e6461b049b1ac9d4ddb63504cc610af002d287/community

sdlzglass.com
23.105.131.153:1619
23.105.131.153:1620

# Reference: https://app.any.run/tasks/bf34bcca-5726-48cf-a319-efaff53a4516/

iammrjeff00.duckdns.org
79.134.225.38:1082

# Reference: https://app.any.run/tasks/59170485-7f75-4ce5-afb8-b87e89f1e79b/

alekseynj.ddns.net
46.98.102.202:2891

# Reference: https://www.virustotal.com/gui/file/6cbe83da3d33b4bc7c9768fcb4955b58e982fbd04d3eb21f42760565a7b0f1a2/detection

5.107.37.103:1604
barclaysb.ddns.net

# Reference: https://www.virustotal.com/gui/file/4e01aaa713264a42c9549238aa9ffb2c2e4b84787c7a850701edd63e3b341be1/detection

192.240.96.130:1604

# Reference: https://twitter.com/wwp96/status/1228022054655602688
# Reference: https://app.any.run/tasks/3eaae088-f301-441b-b98f-b5fd78b2419e/

79.134.225.89:7777

# Reference: https://twitter.com/Jouliok/status/1228251835321987073
# Reference: https://app.any.run/tasks/a0998463-1fd2-443c-81b6-08266736bb2f/

185.244.30.239:6789

# Reference: https://www.virustotal.com/gui/file/8ae646774cd6be8900bcfbf9bcf01eb9bc1cccee11722626b66c11f603e4adc2/detection

185.140.53.131:6789

# Reference: https://www.virustotal.com/gui/file/99a6eba25136e6b5a12a1dbb1006bfcde0f662421a6edf21276af224c58a5c42/detection

77.48.28.200:6789

# Reference: https://www.virustotal.com/gui/file/83cd2a789fc89c44d2d368366c7d907ae2f7f815900a931c45dbf6789e8d0da9/detection

194.5.97.14:6789

# Reference: https://twitter.com/wwp96/status/1228372397461471232
# Reference: https://app.any.run/tasks/474ff1cc-a8ec-42a5-9173-6d17a21b6f6d/

164.132.90.226:24110
24110.duckdns.org

# Reference: https://app.any.run/tasks/b17e0db5-2ef0-47ba-8d9c-aa31138e4f01/

79.134.225.5:9334

# Reference: https://twitter.com/wwp96/status/1229443116941369345
# Reference: https://app.any.run/tasks/3389b31a-10bc-47ff-af2a-3fb2d689d743/

79.134.225.103:3939
wealthadmin.ddns.net

# Reference: https://twitter.com/wwp96/status/1229494871611920384
# Reference: https://app.any.run/tasks/980141ee-98f3-4326-9ef5-2a1acd5c8132/

216.38.2.218:7675

# Reference: https://app.any.run/tasks/7051fa40-d545-4b09-806f-abf866a589a3/

185.244.30.36:1754
boss5.hopto.org

# Reference: https://app.any.run/tasks/a3cc6d4f-b8eb-41bb-94ab-409760f59a92/

185.140.53.132:8282
donsea1234.ddns.net

# Reference: https://app.any.run/tasks/87098615-d1b1-445b-b21f-a7a0712c98ed/

79.134.225.69:4543

# Reference: https://app.any.run/tasks/c85f3964-ca15-4399-98fa-2c5155f49a50/

79.134.225.74:54985

# Reference: https://twitter.com/wwp96/status/1229808427595190274
# Reference: https://app.any.run/tasks/fba6b380-5971-4bff-8673-15a96a00a721/

168.235.111.253:9083

# Reference: https://twitter.com/ahmet_han64/status/1230040535416614912
# Reference: https://www.hybrid-analysis.com/sample/cd633e4e0741bcd242aac073dca1e4e124798343a756f8cac8a3778a952ad089/5e4cba5f6475ee0cee5f50d0

192.169.69.25:9301
91.189.180.204:9301

# Reference: https://app.any.run/tasks/220842cc-ac51-40ac-acdf-9516d97c5d63/

79.134.225.73:8282
judge777.ddns.net

# Reference: https://app.any.run/tasks/327d0805-32fa-4b82-b890-7d0f7ca21fab/

79.134.225.11:1245
icemanbad.ddns.net

# Reference: https://twitter.com/reecdeep/status/1230515771417284610
# Reference: https://app.any.run/tasks/f9e49656-e2e3-4b3b-be6a-a70fa43d5241/

79.134.225.91:8766
pacotdc2019.duckdns.org

# Reference: https://twitter.com/wwp96/status/1230579094234030081

79.134.225.35:1985

# Reference: https://www.virustotal.com/gui/file/959c0aacbd5186ff3bd1f27a8e40e83293c7ca41a90d46ad2811f58c6417b904/detection

79.134.225.38:1985

# Reference: https://www.virustotal.com/gui/file/053a007597f6e5b737ffacde94f9712bfd453dd9bb6a3993686b342fbe130532/detection

184.75.209.178:1700
ghostville.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ded81b1c333bbb3c7a5430ab7472d5797adc23e2fc69fc648e7e0b0078b66040/detection

79.134.225.38:1159
iammrjeff00.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3999bb2732a9a80181cd037dddc40e5286b128263dd0061d2ed84edb8888ec97/detection

79.134.225.38:9090
samnow.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9f42f2793e9c55c8c10823bc8a56b8b94326da414b51b31c0cc9cf9e4fd96342/detection

79.134.225.38:8090

# Reference: https://www.virustotal.com/gui/file/706dd8b75029416a175491653fca69711b10e38f91012a19fc68804421d92644/detection

194.5.97.82:8090

# Reference: https://www.virustotal.com/gui/file/b386ab7b5c94d5ce80fcf6adf6953419711fa9273a37dd326a5a609d99841a0b/detection

variakeburne.ddns.net

# Reference: https://www.virustotal.com/gui/file/c937c0cf76c12b8e7cb215c5bdb729ba0d3660acc154f18c639111b660d52f0e/detection

185.140.53.139:19603

# Reference: https://www.virustotal.com/gui/file/91ed38c4e0e79d80d544ed31f111c9e9d361ec80a10b0c6f9000d21cc90ea3d7/detection

168.235.111.253:9098

# Reference: https://www.virustotal.com/gui/file/380d55a6e9767ea2328f7e3bf93b4d68a757d4e45a8eafa8487e1ce616c97db1/detection

168.235.111.253:9086
185.244.30.36:9086

# Reference: https://www.virustotal.com/gui/file/d6f8d0dba973952be8fe56e945576f870577b53b89fd6fb885e1ee61087ec55d/detection

168.235.111.253:2197

# Reference: https://www.virustotal.com/gui/file/c906185769cc28b14696f2643907989d3574dd115d59e20321bdf9e631ed9ef9/detection

168.235.111.253:9030

# Reference: https://app.any.run/tasks/45f08fe9-a493-4f1f-864c-b33b6b075ab2/

185.19.85.157:1985

# Reference: https://www.virustotal.com/gui/file/9cde2dad4fd9632aa2769b10f58e63c013b5ef26bda897cd40154395abbba600/detection

imaima.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8adbc3d50822af6569c8ca12680a24a9e4290c5d1a967b81bce8342515886bad/detection
# Reference: https://www.virustotal.com/gui/file/9702d39680bc0938d860b686e54c14a41ebc2eae76a5fc94d7b244402a23687a/detection

168.235.111.253:5426
vimlatedrock.duckdns.org

# Reference: https://twitter.com/wwp96/status/1232378199201456129
# Reference: https://app.any.run/tasks/b7137a63-3ca3-4594-8586-fa8b49fc03c4/

79.134.225.124:1985

# Reference: https://www.virustotal.com/gui/file/e9b1fb95ae5973df88037568836cb201221e66d4505c178ba65fc07ef7a205ba/detection

168.235.111.253:4514

# Reference: https://www.virustotal.com/gui/file/c1f5c0f5907773eaa369f5365a0b796eaad59e81e6ce08b7085b095f16bf5232/detection

hexmia.hopto.org

# Reference: https://app.any.run/tasks/91dfe27d-be3c-467d-9b98-e4487c92c86d/

nasiru1144.ddns.net

# Reference: https://app.any.run/tasks/3f88ecf4-ae3f-414b-adc3-1cf0a087d071/

anekemoney2.firewall-gateway.com

# Reference: https://www.threatcrowd.org/malware.php?md5=02639282e0f87b6984fb35053c66c201

franklyn2016.no-ip.net

# Reference: https://www.threatcrowd.org/malware.php?md5=0a3ebdd830272773b8a4499704737479

skinner21.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=0b71f5cecef084fbdde18621564832c8

vyrez.noip.me

# Reference: https://www.threatcrowd.org/malware.php?md5=12cdecbcb60e6ba32b4acf379928c9de

danismecherul.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=159e42f07db11824fbdd6824f90aeecb

mrpounds.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=15e8a490ca52d93de6975c9d40e79119

xiprime.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=199ee7655ba308f77dc0666773bce21c

qwertysuxsucc.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=1baa2ab0eaffefac5c123a349ff1ce97

aarondrew313.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=1ecbc809984ec9e4c500351de27792c0

nanocore01.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=21f95400507eeeb6221a893f85739d8b

rootclaiu.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=27c7b5663720100697531ae5f4c46631

essads14.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=29ab6292073e8a1e37b0949cd32d9b01

cd363be7.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=2e7245e5ec4e8d620ec02473234623be

omerenes.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=2e89bc14251558bfa44524e9d109f6d7

jesusman.fishdns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=31b061a12c275eaf34b60c81dc8759c0

cvcv.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=58ba07cee30ad1e5b6ed7e3bc2138c24

chologee23.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=58fbcf64e6cf3cdde6aeee9ed34cdff8

skeet21321.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=5c8c132812d81060ed09627e78ec86c9

bruteforceok.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=5d032c3e6334e4165b9f20dc30b7659c

lauracooper.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=688fd5fe14223141c68b08bbf7bd7f57

fefete.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=68fa2e206073a5f1d4690a5dee96b4ec

devapple.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=6f816ad99c4f36cca6494cef0a326dc6

ix89bwk6as.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=7591d1f387707d30ff8b1e36e3562399

win.updated.dns-dns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=7bc67702c321c69787eb67b67827d1c7

smithbarry855.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=80de0180d9629515e1940f42c0bfca19

shareimages.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=839f04182d2e285af3d38d44aa1ae1fa

thenope.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=85c910a787788fc381194209e152a8a5

calmcserver.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=8814d0c3308aa93982f82db465dadc85

java12.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=8931a69c1c1073d2cbdb50ea4d1fb511

haybay2366.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8d0a659f2366e216d5bef4a9e18c537d

mediaftw.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8df3a77be5063033fd8ccd91a5a02b0e

exceem.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=8fcad26d5424a3f46a3a61c3fcc5fa36

nadeemakram.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=92e9495e113a357c40e6c37eb198bae5

vbnxmret.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=95f2f37cac1d3eb32d5178a7e780830c

qhwl1234.codns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=9c5ed347caa0180db682deaf03f6b7fb

yourmodzv212.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=9f57950558739874b6ff1fdaf88e737c

zibridezibride.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=b050651139ad721ead7aebbd7d82e0f2

nanocoreacc.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=b62b22a42c3c260847d17c58bb73f33a

lugz11m2t.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=c46a16db249dfdd1c181f7f1c6619162

telekom3.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=c5c4d30f5ad98dd1657077feb882d276

jamzv3rm.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=c5fcf12de2d32089b1b263e5ba0bd68c

sheepsurvival.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=ca178716a912e894d28fbb7b1352f597

serverzkaw.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=cf9fdb60ec011a1e6158f637167df7c0

asjkdhas4.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=d2686f1d7f966f371bfc07987eb2867c

amnezia.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=d48b4efa8f06f9b320a9a29e3773334e

granzhost.sytes.net

# Reference: https://www.threatcrowd.org/malware.php?md5=dc80f65013995543a541d2d5f8ac24c9

joseagre1.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=dedccc515a8b4ff8c2e4dda7206a2fc7

zvezdahackingg.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=df0e56236a813d09d5a787f5b8bca4d5

ashleyr.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=df917731572a61435acadb6048255f7f

loolll.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=e8276566f12377498ee39660597e9044

privatedns.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=f9dfadc59165c6a17f448efa84d5f4b4

santancelup.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=fdc6ea5827487edd9ecd0d81151ee15d

vaporr.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=46af54359ef7057ea2675c338e002b5d

godwin101.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=fdc6ea5827487edd9ecd0d81151ee15d

vaporr.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=31011d10e2edfca87ca20bbab77567b6

cnc.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=cf9fdb60ec011a1e6158f637167df7c0

asjkdhas4.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=e738f0c550c4cb3bd9f4a427a56a4475

undetect3d.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=01bed136f79666dffc07b8186ec94117

pop101.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=e08642ad9591361277efe2c1a49712c3

my0.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=2cea5cb1ec5d2c5cb17c1347120ccfe4

blackflash.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=31c27a3f98099c910988aaa228e3ccf4

testingrattest.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=4dcc3cffe3ddc5ddf8930ea60b510c7b

lawlogslumi.ddnsking.com

# Reference: https://www.threatcrowd.org/malware.php?md5=55429af6abdc6a4ac7c84fd8016fcfc7

holly147.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=9a27502e8ea79e83445ee8635526f024

kaymonitinz.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=a339a7bbf0946e12196279cfd65a3b3c

lolz.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=a69b05f40b76fc6913db101e9f31cc79

window001loading.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=bff8812e52d6877e25b8d8483ef213b8

flamzy.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=c8e3af05993ed49e739c3a6bab3be941

lowass.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=d1238588a2d9ac95729da9f22fa125ea

ksaohu.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=128135233d7118586a354301d9a72abf

ikenna.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3d703598b766b4b67a376070a3375c35be84502ba6f6a283653d99e807795290/detection

192.69.169.25:53998
mmoney419.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/e8e8fd3573a4c5de13242542b73fa224416af2dea45abb3d7adb3f11dd7e0844/detection

185.247.228.250:5001
dubaidhllee.ddns.net

# Reference: https://www.virustotal.com/gui/file/d7e5e13b5036cbe32a44a374c0cf24e60a677322a058680b4f589699cd2b6aad/detection

185.140.53.253:5001

# Reference: https://www.virustotal.com/gui/file/b853f6fffad4a9f049eedcb11df57810294e3a112e7285d797400abe30d1f2c7/detection

91.160.15.92:33840

# Reference: https://twitter.com/Paladin3161/status/1234465325426429953
# Reference: https://pastebin.com/MFtzrQj9

188.209.52.49:1333
anekemoney2.firewall-gateway.com

# Reference: https://www.virustotal.com/gui/file/bee6bd91c3bbe94742faab32f942fb6f7939997881c93a9865e3b95d2ad365a5/detection

anekemoney1.duckdns.org

# Reference: https://app.any.run/tasks/f87060ce-3ea5-4e8f-a763-977c04db85ee/

91.189.180.193:2008
anny.bunnikcreations.co

# Reference: https://www.virustotal.com/gui/file/249f6c1224fa45910e63cf6db65bb5c1fab4888465575243139b54b045d26569/detection
# Reference: https://pastebin.com/wtXfZfaU

100.33.151.58:25565

# Reference: https://www.virustotal.com/gui/file/29d60e47d78023119a9f34d915ddc430b87ae2d729a0da3b595d3ddb2f0a7125/detection
# Reference: https://pastebin.com/wtXfZfaU

107.13.9.174:2302
kamisama.ddns.net

# Reference: https://www.virustotal.com/gui/file/780d178e61f836263e1dfb725906fd7625b3292fde06a8615aab0d1ac6f1d466/detection
# Reference: https://pastebin.com/wtXfZfaU

185.244.30.5:1790
192.169.69.25:1790
adikaremix.duckdns.org

# Reference: https://app.any.run/tasks/a982dc56-5d30-467f-a5d1-b97d9a165990/

hdstlindos.duckdns.org

# Reference: https://app.any.run/tasks/3a39d8b0-24ce-481d-9b1f-14e9b7f1de22/

uzonna.ddns.net

# Reference: https://app.any.run/tasks/1e329dbd-0dd1-4971-bd8a-7434568d3f97/

christiantony388.ddns.net

# Reference: https://app.any.run/tasks/141b8425-d632-411c-b761-4d88be7f1c2f/
# Reference: https://urlhaus.abuse.ch/url/321143/

kingsley11223.bounceme.net

# Reference: https://www.virustotal.com/gui/file/15005820e628c7ffeb245bfc4ce91797b1976847017c72fec362b688cc214c0d/detection

aefaegaa.ddns.net

# Reference: https://twitter.com/wwp96/status/1236022174361804801

91.189.180.208:4822
u869048.nvpn.so

# Reference: https://www.virustotal.com/gui/file/0cdc24b5f7cd6c1a7348a83fe9e883442f88511d0f837fc7d8c92e4fcb881fd9/detection

somore-tw.ddns.net
whiteson2017.publicvm.com

# Reference: https://www.virustotal.com/gui/file/6694c0eaed25095caf692ae82bf7262c03042b6b74d9363f6c606ca0cb5eeb15/detection

64.44.42.148:1993

# Reference: https://twitter.com/ScumBots/status/1236630827494227968

78.156.87.166:1234

# Reference: https://www.virustotal.com/gui/file/3e7f484ab204444240455f5538a17ce8629830e0da11d9a59e08412a59e3d0a1/detection

78.156.87.166:54984

# Reference: https://www.virustotal.com/gui/file/7b8359d49ddc798e2fe6b8af13763ab6678ab249ef0a4ebdbd4b8938a1248b32/detection

78.156.87.166:1604

# Reference: https://www.virustotal.com/gui/file/eb6919c14097aadb6bcb8d4e95eecfa0f646f28eed5204d999b5d6318b71699d/detection

shellz.zapto.org

# Reference: https://www.virustotal.com/gui/file/266dae07ba5e60743f7146f6c875c410ec0998cc81407e81a2e26a646d446929/detection

185.140.53.246:3734

# Reference: https://www.virustotal.com/gui/file/9088798b575a0c758ea7c299043faec477b7c17e395bf47f52a739ed33bd8165/detection

astroyax.ddns.net

# Reference: https://www.virustotal.com/gui/file/c62e468c8e3dcb9fc103f7366ac9072c933702bbc5f8ffe28665b17328d5c721/detection

83.179.133.195:1337

# Reference: https://app.any.run/tasks/80663b92-a9b4-4e9c-a0b7-0bf13c53a40e/

185.244.30.137:4242
updtadmin.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1236977119223140353

t6logs.sytes.net

# Reference: https://twitter.com/Jouliok/status/1236904231568846849
# Reference: https://app.any.run/tasks/762d9be8-9407-4e77-b5e6-8511f5e0a565/

185.140.53.202:2556
99grams.hopto.org

# Reference: https://twitter.com/wwp96/status/1237145372197347328
# Reference: https://app.any.run/tasks/5ff407b2-fe2e-4230-bd9e-8ccc9d081a29/

185.140.53.133:7575
oluwa16.ddns.net

# Reference: https://app.any.run/tasks/12abed54-e85e-4020-9d81-ac0141c29811/

185.140.53.132:2323
udochukwu.ddns.net

# Reference: https://app.any.run/tasks/79c672e2-2062-429c-b6e8-fe8f05b2f6f6/

192.169.69.25:8855
galli032020.duckdns.org

# Reference: https://twitter.com/wwp96/status/1237792559499542528
# Reference: https://app.any.run/tasks/6f2ec92a-fe34-453d-b865-21475b8099bd/

172.93.148.195:50578
importantbuild.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1e98947f35cfd7b8963d61a6c6e93a1fcef59007d848c38f1a2983204ecfab35/detection

sarlelhassan.ddns.net

# Reference: https://www.virustotal.com/gui/file/d99910a312e18930dac22d3fe47052bcf6494a997a885e14df5b45b1b0eb010c/detection

79.134.225.74:2177

# Reference: https://www.virustotal.com/gui/file/b95b561812b9edaefbeeef5846a210e0d0987c0dc767e47279793fb3a42d55a8/detection

192.169.69.25:2177

# Reference: https://www.virustotal.com/gui/file/9e1696ce8c587e12dfec366f6d6bf187774d305af4702c77d66f5186fbb4c590/detection

79.134.225.74:54984

# Reference: https://www.virustotal.com/gui/file/f6720adca970fbcd4b79b60999f84af6ec92970247f5a19020dedc0b87399ee1/detection

79.134.225.83:34681
79.134.225.87:34681

# Reference: https://www.virustotal.com/gui/file/f6720adca970fbcd4b79b60999f84af6ec92970247f5a19020dedc0b87399ee1/detection

79.134.225.74:34681

# Reference: https://www.virustotal.com/gui/file/ed3139ed9ef56043c259aa2b2f2cf6b180aba8a73e69f52d7330e9d60dedcb1c/detection

81.171.57.77:2117
yettye.ddns.net

# Reference: https://www.virustotal.com/gui/file/858b3dcf9b1a72b960a4ce54d8802a022702a74b56f225c743f5a393c720913c/detection

79.134.225.74:2117

# Reference: https://www.virustotal.com/gui/file/3c9a56aca9cdcff02c7a5fbbe801263f8054783591adfc7ce61d6ece6d27d1b8/detection

173.213.86.150:2117

# Reference: https://www.virustotal.com/gui/file/786c32b8080bee2501effab2715fd9a4944cb2ed507e3e0130f55ba1272caaf0/detection

79.134.225.74:1985

# Reference: https://www.virustotal.com/gui/file/9aefbd2c01aea439f398ea5f91e9869a5769cd2eaef130fded79b3b32801e8da/detection

79.134.225.74:8282
hustlesss.ddns.net

# Reference: https://www.virustotal.com/gui/file/17f284b1c09d315e1ff3bc40b3d278990af4acd152ebf79a8538b14b8d837313/detection

79.134.225.74:8787

# Reference: https://www.virustotal.com/gui/file/02cbaf9ad111f07db495e03cfffa453365e8394d203da5dfdb9639667e8d2e98/detection

79.134.225.74:37186
wizk4321.serveftp.com

# Reference: https://www.virustotal.com/gui/file/b82081c0920be79295f4598dac1d48be70234d05b6c22528058faa876fab100e/detection

79.134.225.113:37186

# Reference: https://www.virustotal.com/gui/file/258a33e1a09ea556a4aa613e79946c06b768e487a3fae7195ab84352748f099b/detection

79.134.225.74:54984

# Reference: https://www.virustotal.com/gui/file/5dedd71f0cf71bc75cf31b5c2f71449577bf92369c22605e8924bddbd36dd9c8/detection

79.134.225.87:54984
nannnc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5ad93b36f0aae0ef89c8716f5d9e1839555f673940c12e84bcd6c016a63a7ede/detection

192.169.69.25:54985
79.134.225.104:54985
79.134.225.113:54985

# Reference: https://www.virustotal.com/gui/file/d9dcdef4fea2521509bb3eeae3dab75392ac903891f0f3161a3a30ff6f26010f/detection

79.134.225.100:54985

# Reference: https://www.virustotal.com/gui/file/f500d7b3d6874efe5ea3a3ff832d8266991a3a48a563ad446628f3a1ab75405d/detection

79.134.225.113:9497
surrati.ddns.me

# Reference: https://www.virustotal.com/gui/file/728ea826497ff306b002091bebc9cc0a69f3c8b47e2a876cd76ccd4c2836580f/detection

197.242.114.181:55420

# Reference: https://www.virustotal.com/gui/file/0842a9ae0d0676343e7843c118da6b5e450352c45642ea27e386c7065d4c71f9/detection

154.120.78.10:55420

# Reference: https://www.virustotal.com/gui/file/81750b2959b3c1059eb805bbae94312fcaef9b409502f8022358db82a8f3ea0c/detection

185.247.228.41:55420
79.134.225.117:55420
blessedjboi.hopto.org

# Reference: https://www.virustotal.com/gui/file/7618cd1e9e2ca86f97552e1c3584f418ffd17141832c913021b5c3694914106d/detection

79.134.225.97:54985

# Reference: https://www.virustotal.com/gui/file/cbba9358207b9f7e45f448a2116f098f7476b05afde3a766bc757af9cacacb84/detection

79.134.225.113:9005
opussaoapaaulo.serveftp.com

# Reference: https://www.virustotal.com/gui/file/2f096033f86f1724b9eff06654a45bdf8eeb928d38fd83a591c53649878f0829/detection

79.134.225.117:2114
donald081.duckdns.org

# Reference: https://www.virustotal.com/gui/file/02a8e9534c4f59ca716b6b12a747eb8ff395fb1c03ce032901aaca60d1072172/detection

79.134.225.117:54

# Reference: https://www.virustotal.com/gui/file/f9436595968d10a0b1b146e8e970e3bf1c9faf8f9ebdb2b583e31888c4189623/detection

79.134.225.97:6565

# Reference: https://www.virustotal.com/gui/file/fda4b6acd7c4277dc30ed516c360957a931043c6881de0eab69c77ab217a254e/detection

79.134.225.97:9737

# Reference: https://www.virustotal.com/gui/file/367def98e7a3d0b3af07add144180dc09e4e29b1eb9181a51c338a9cf09b8f06/detection

79.134.225.97:4040

# Reference: https://www.virustotal.com/gui/file/3c9d86be0837c561a345c71e41387c04aac3b69f4cb533092926bf7dac1af342/detection

79.134.225.99:3369

# Reference: https://www.virustotal.com/gui/file/14e03864aad7954e2221188f04fb9b48af5ded6e8ab492794ae52e4128682d9c/detection

79.134.225.70:1982

# Reference: https://www.virustotal.com/gui/file/444cc81f219ebc02dbaa89e8e0f17a7c36f0be6f6c98de7a9a108c2c46d91821/detection

185.19.85.155:2019

# Reference: https://twitter.com/malwrhunterteam/status/1240243238574964737
# Reference: https://www.virustotal.com/gui/file/9bb70d76fa98fe7d87bced0cba5b22d661b14f3ea899d3b7d62e1d01932deb5c/detection

79.134.225.83:9030
nnewestttt123.ddns.net

# Reference: https://www.virustotal.com/gui/file/cdc5353ad4befb9a542cb77f3148d70f2ef1979e55b4477d06d6a593269fb8cb/detection

178.124.140.145:52802
185.165.153.39:52802

# Reference: https://www.virustotal.com/gui/file/adb5d13e908d73d1f78d589bcc49b543f3f7cec5c36b276d4d7f5fc40012569f/detection

185.165.153.39:56202
iconboss26.ddns.net

# Reference: https://www.virustotal.com/gui/file/476e0d8ab1f2f97b6b4a68d6db40379ae74507244c474f354f3b11e16ee8fafd/detection

dllicon.ddns.net

# Reference: https://www.virustotal.com/gui/file/cc86feb156ff7bf80725bdb8e7f5b645c3c1c4be0139a7f0df26900a96400eac/detection

wfawiz82.hopto.org

# Reference: https://www.virustotal.com/gui/file/6e665b75bf21f47471fb2233e0d8e1db1e088c5d761bfd769b05cc25fa21e0d2/detection

178.124.140.145:9101

# Reference: https://www.virustotal.com/gui/file/c9a22cf54ed88e4ef702b431dd51ef98ead052b15cc804319cd5b6c34db89bcc/detection

79.134.225.106:4343
xyzeeeee.duckdns.org

# Reference: https://www.virustotal.com/gui/file/92a5e29476cdb43a5d56b2709e98a54e1ef4e4af24d4c136caa8a147014898a6/detection

178.124.140.145:30089
185.165.153.92:3434

# Reference: https://www.virustotal.com/gui/file/c8f9054a37d4ef1a9efb904f5bbda46f4a40c70b4737a24ad19f5425c61c71ad/detection

178.124.140.145:6767

# Reference: https://www.virustotal.com/gui/file/6ae95440cd07d0ae0b9e078a2b6b4862a9b49a4ffba17d8aabf15b2b8e3bae38/detection

178.124.140.145:54984
young4h.duckdns.org

# Reference: https://www.virustotal.com/gui/file/dbd27ea85f0ad5c4a4aac900013a727e9931cbd524be86b29f68937112405e24/detection

91.193.75.137:1604

# Reference: https://app.any.run/tasks/18e82db8-9852-42c0-b37e-85ff0ceeb152/

185.165.153.175:1604

# Reference: https://www.virustotal.com/gui/file/6b75103f3470b07accec228ccea676fbbfe3974cebff4c0df417c126f10d988d/detection

185.165.153.228:5353
kobi1.ddns.net

# Reference: https://www.virustotal.com/gui/file/9d3ec7f8db9d701a1bd73a7363b1aed1dc87ee60c321e50c96d971b37f84ee25/detection

185.244.30.156:2018
51.83.33.56:2018
51.38.37.161:2018
80.94.92.153:2018
malkisod.casacam.net
skodrf.casacam.net

# Reference: https://www.virustotal.com/gui/file/d7073488b97d5c17a6a2721bd65a35d9a129769456de8e618bfe4739cda409c6/detection

185.148.241.37:5216

# Reference: https://www.virustotal.com/gui/file/6d1122689c4aed19e90c120bba0b746b256447fbd2b04d2cf3ebe650b3537a08/detection

129.205.114.15:5216

# Reference: https://www.virustotal.com/gui/file/0f5244c4373ad06600a72b8fa87f1ce3e41e4d93d3c07531dfaef58a107bdf51/detection

185.244.30.96:5216

# Reference: https://www.virustotal.com/gui/file/642a01629037276ca8c29234fc5095d8e7d0b4319d312f3b0fa13ca024b0a503/detection

46.243.189.132:5216

# Reference: https://www.virustotal.com/gui/file/35a2939df07015682909ab0c5a2930e9ab29b9e4d1f48366008a7fe4994b4b96/detection

41.203.73.47:5218
41.203.78.235:5218

# Reference: https://www.virustotal.com/gui/file/c1fa9caa647cec3aa02a9a84dba839f5df990356b76cee1a042be76ec940d461/detection

41.203.72.171:5216

# Reference: https://www.virustotal.com/gui/file/1b3d6fadcd41fddea318c3493bf987824f8aa433e9725bc917fabffe93bfb30d/detection

3.20.98.123:13672

# Reference: https://www.virustotal.com/gui/file/17e17288aa6e590b8218e045ab6577342c815d85d66a9a0f46ac85052c04ba49/detection

3.135.90.78:18896

# Reference: https://www.virustotal.com/gui/file/fb8a9115a77f891b79f8d77bab661a6276292479b15f74412fb9c72241d9291b/detection

3.13.191.225:14407
3.134.196.116:14407
3.135.90.78:14407
3.137.63.131:14407
3.17.117.250:14407
3.20.98.123:14407

# Reference: https://www.virustotal.com/gui/file/c88406a21e864429e15a375c3d008c877dd36ca82dfaa97703f1a86f6e55bfdb/detection

3.13.191.225:16437
3.135.90.78:16437
3.137.63.131:16437
3.17.117.250:16437
3.20.98.123:16437

# Reference: https://www.virustotal.com/gui/file/1b60128c20a12c59a43895d7f9fe844001b3362eda0829f8a808fc1d2c1541a2/detection

3.17.117.250:18433

# Reference: https://www.virustotal.com/gui/file/a58405d1d57121e801d13c7c10d5fb2d7e9eb860e513871106e6e8f0ac4813c2/detection

18.188.14.65:10680
3.134.196.116:10680
3.135.90.78:10680
3.137.63.131:10680
3.17.202.129:10680
3.19.114.185:10680
3.19.3.150:10680
3.20.98.123:10680

# Reference: https://www.virustotal.com/gui/file/1b6735b62f4ceb25945e1ab7aa8dbbb525fe72500fd613acebbfe8c80742561e/detection

3.13.191.225:17430
3.135.90.78:17430
3.137.63.131:17430
3.17.117.250:17430

# Reference: https://www.virustotal.com/gui/file/41ff32ed2537a5e3382df01fadc43f812806c771b18e775c53046a0d650bb000/detection

178.239.21.246:4040

# Reference: https://www.virustotal.com/gui/file/07607b3b0d00852fcf9bef207e768c173823e4f1b105203083e4bac4873357eb/detection

91.193.75.139:4040

# Reference: https://twitter.com/Racco42/status/1242062113985777665
# Reference: https://app.any.run/tasks/b5ebe671-50bd-4b4d-9e8b-0df875e321f2/

185.140.53.183:1607
bossmandj.duckdns.org

# Reference: https://twitter.com/K_N1kolenko/status/1242061809894506496
# Reference: https://twitter.com/K_N1kolenko/status/1242061777627684874

10000euro.duckdns.org
btctopsss.ddnsfree.com
cliffordgothoes.ddns.net
darksoze.ddns.net
dojlohosted.ddns.net
dojlohostedaa.ddns.net
hello8824hi.duckdns.org
houdksps.loseyourip.com
jahlol23.ddns.net
ratyz.hopto.org
sfghj.duckdns.org
sj3hs.ddns.net
usd10000.duckdns.org

# Reference: https://www.virustotal.com/gui/file/643d3883d4412c3e2c0f1c83c26e28f86f04853f95f0891396309a2775a7c4e9/detection

79.134.225.115:5654

# Reference: https://www.virustotal.com/gui/file/5e7746bbd847956193c5b9082f3cef9ed79f89171277abbe25ea84b37d217631/detection

174.139.10.194:2404
79.134.225.114:2404

# Reference: https://www.virustotal.com/gui/file/0b5e4b2e45553015124e4095713f04db8285e46bbb191b0d079754ca5b7e10e9/detection

192.169.69.25:5654

# Reference: https://www.virustotal.com/gui/file/d41e358f82a940f25b7ae5939bce0b13f2c5f80124b26b4016eae457e0873ece/detection

51.38.37.161:2019

# Reference: https://www.virustotal.com/gui/file/bdf6ed015e24984b8023a1801235968d27cf041561f19161c7075de0c1e515d7/detection

91.109.180.4:54984

# Reference: https://www.virustotal.com/gui/file/3305ed40c396196e027ea2d5e84f89c93256b7ffb987b663e43717c0c1936708/detection

91.109.190.2:54984

# Reference: https://www.virustotal.com/gui/file/bce296a9962745d31c90b036f0d04d13d54d09146680d9dd105fc2828760009e/detection

141.105.71.87:1608

# Reference: https://www.virustotal.com/gui/file/3c2596940559732bc88a38c163c70bf9f9a9d49fc065be8aa4bcef7a299418f2/detection

51.178.27.101:1616

# Reference: https://www.virustotal.com/gui/file/aeee68960b2fb89bcfe21d97935f3373ee6cf1e784402dd7f33ab90483621f1a/detection

172.248.73.173:1085

# Reference: https://www.virustotal.com/gui/file/56b79fd5456c0c6e1204929c9ac39d63412a880df0a0df853ffe95e37077700d/detection

85.59.25.5:6666
nexta.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/b0fa398dd6067c7cabe937e098a7db9e7444b839c38b454028487f791b57788f/detection

181.141.45.186:8052

# Reference: https://www.virustotal.com/gui/file/9b7d374557e1d3a21711d4c34d14a04da8c7cd2003c1632143f30a9626246a69/detection

181.141.45.186:7070

# Reference: https://www.virustotal.com/gui/file/ade5157c76d20dc880acfec7481d106f52ca11c156b3b4f75d4919d3a1c6caaa/detection

185.244.30.19:1887

# Reference: https://www.virustotal.com/gui/file/225ea283cdfa2b5d6d5fa5487fcc2040745eed6b034631ca5785a67ba88d145f/detection

121.74.13.197:3389
rattydatty123.ddns.net

# Reference: https://www.virustotal.com/gui/file/cb431cfd0c604d06c64538d24491d9e9d62a3b364655726f01bb24e149254e78/detection

91.193.75.25:2019
91.193.75.7:2019
ser1.vietlime.pw

# Reference: https://www.virustotal.com/gui/file/64f3a65cd26e66101ab2781dd1c4e6d9993c70d61e566e4a9bca18645b41ef29/detection

91.193.75.7:9900

# Reference: https://www.virustotal.com/gui/file/404f7735858e2c93e516336a0d8e3b4f71bc475c225b107266fccfc6b69fe1b5/detection

91.193.75.7:1997

# Reference: https://www.virustotal.com/gui/file/5baccf223ea0ef2f75c9c73d12d1345638ebd9cf37e1eb510db38993c6accbdc/detection

91.193.75.7:1991

# Reference: https://www.virustotal.com/gui/file/bce7f2335162d827020c4b4db3c54cad4e9a680e7abc541f6e6fb1f3126a1386/detection

147.135.100.70:9031

# Reference: https://www.virustotal.com/gui/file/dd9a321bb24ccbf849781e37b1584080ae140a14c73a80ee417eb9d595457efd/detection

unexploited-spans.000webhostapp.com

# Reference: https://twitter.com/Jouliok/status/1242190956033716230
# Reference: https://app.any.run/tasks/9bcff652-b8c9-46db-9704-748575d217d8/

asianway.mn
205.169.57.91:10830
10830.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f75542b5c3ea4d61295e9ea44b89c62a9157c7ae209fe727ec5d703ac0125cf5/detection

141.255.154.34:110

# Reference: https://app.any.run/tasks/a7a090a4-3cf3-44e0-941d-32212f5b6011/

185.244.30.19:2998
jk5151905.sytes.net

# Reference: https://app.any.run/tasks/62817794-baa5-4744-a2c5-27b49ecc50cf/

87.218.53.50:1604
asdfasdf12.ddns.net

# Reference: https://www.virustotal.com/gui/file/5b4b74f5d6a321f07c5d37a1bdc642ed6f13cb1735ac0e9acb6ecca1bc0ee054/detection

216.170.114.99:54984

# Reference: https://twitter.com/ffforward/status/1243098924245815296
# Reference: https://app.any.run/tasks/8a688964-553f-44a8-b03d-604c041f7bef/
# Reference: https://app.any.run/tasks/b504ce3c-9c11-4fef-a72e-baae3ff9b1c7/

185.244.30.158:53488
91.193.75.53:53488
backupnano.onthewifi.com
earthtradeint.sytes.net

# Reference: https://app.any.run/tasks/dd404186-922f-4988-9c50-9bc1ba389b48/

91.193.75.7:2012
mercy222.ddns.net

# Reference: https://www.virustotal.com/gui/file/5a244d09771f686d57d44886bf613f5bf7e744b8b2ba0f2b791ec0e6b18773ad/detection

91.218.65.24:54984

# Reference: https://www.virustotal.com/gui/file/6c6c4d5247b0ea006bdb1f1cfcbc76cacabda39d1df34b767f7c3082b487a49b/detection

91.218.65.24:6666

# Reference: https://twitter.com/ScumBots/status/1243882363093991425
# Reference: https://www.virustotal.com/gui/file/569be57292b0f195a11f31a462a1cd2ec7278c826697762e64c5ea10a3b1dbea/detection

79.115.83.86:101

# Reference: https://twitter.com/JayTHL/status/1244005504038379520
# Reference: https://www.virustotal.com/gui/file/62c6b78da2b5da0b5ea9dc2424634ca7ece3de964f4edd9c617ab62344d13c65/detection

76.189.243.198:64367
hellomeee109.ddns.net

# Reference: https://www.virustotal.com/gui/file/d8e67bc701edd8d568ad869bba5914c60ae015904b719d7da961887ba6f00a8e/detection

76.14.164.20:1085
hostnamelol.ddns.net

# Reference: https://www.virustotal.com/gui/file/e693be42959138be3448bb2b8c0d0a948a5cee7124dc649eae337af6acc56035/detection

185.158.139.32:3636
adelabbasenterprise.ddns.net

# Reference: https://www.virustotal.com/gui/file/3f83c36655f2867d87a4341b96d80b3dd3dc7a490aa7d9da54ca4fa870c8df50/detection

105.112.37.1:3636

# Reference: https://www.virustotal.com/gui/file/080787adf87502eee470d472fee29f21b24e39846b8038723b6a0ec8304309b9/detection

83.193.143.58:54984
gounstyle.ddns.net

# Reference: https://www.virustotal.com/gui/file/8c1a38dfe1b2e53a3151a695701677b817fd049662dbc5055e7fbb437366fb7b/detection

83.193.151.59:54984
90.30.45.248:54984

# Reference: https://www.virustotal.com/gui/file/c36e7e30a79074c6ca13dd75acd7a794867646083b350bfc3ea89e5ad736f60d/detection

141.255.157.12:54984

# Reference: https://www.virustotal.com/gui/file/7ec1cb6e477faea97fb78093c857099e4fdf72f535cab3433cdeb40a282e6359/detection

185.140.53.221:10123
win2020.duckdns.org
win202o.hopto.org

# Reference: https://app.any.run/tasks/057de612-273f-4133-9427-2e697d414ff1/

192.169.69.25:1122
meeti.duckdns.org

# Reference: https://app.any.run/tasks/6afce6d9-3261-457b-9c05-a2175978b244/

154.16.93.169:1338

# Reference: https://app.any.run/tasks/d57b9bd3-aa24-4c4f-95f8-d506c80aacfd/
# Reference: https://app.any.run/tasks/efd02be8-c78b-438e-aa1b-80576b2137c8/
# Reference: https://otx.alienvault.com/pulse/5e821ee9f9dc1acdaaef68b8

91.193.75.250:10004
rmagent.xyz

# Reference: https://malwareconfig.com/config/1d22acaa034a6ee34325c54bb9f950ff

birdview.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bc803ce222401db18f90a9c520f1056c7eb14e297f0330170db6e80e889ae2f0/detection

188.64.170.86:1221
85.140.0.102:1221
85.140.7.56:1221

# Reference: https://app.any.run/tasks/19b69bf8-0552-412f-95aa-0921dafcd0c5/

89.113.72.55:1604
r3v3nge.ddns.net

# Reference: https://www.virustotal.com/gui/file/e792a4627607cb459b2d92e720f7b491cadb7e23b71a75874f31a5d1d4d08f67/detection

185.140.53.117:6735
abdul2u.ddns.net

# Reference: https://www.virustotal.com/gui/file/c8745fd598eb89aae1ecca68851c10d267c67fe64fc5af13270ac63ddf1bc2a7/detection

185.165.153.130:6735

# Reference: https://www.virustotal.com/gui/file/356f90df3b413e5236da741e3c3ba67989ac02ec54ac8df060a490349b5d9a3d/detection

185.165.153.160:6735

# Reference: https://www.virustotal.com/gui/file/dfdde0a586f9dce45e0961aa1976c4a6207bcedfa7ca1c99ff62230b44156c57/detection

79.134.225.110:6735

# Reference: https://www.virustotal.com/gui/file/0605b9ad1429d767c6a8ba761cb107a4db15f6b2e4a4d22bbd8f00bf9d46e64d/detection

105.112.97.26:6735

# Reference: https://www.virustotal.com/gui/file/adaa10d25924b65432401bb432f6555b50cb62c13641952dbdbf402b73352666/detection

79.134.225.122:8778

# Reference: https://www.virustotal.com/gui/file/8a1e1866ea4a99033a46cfb91062cc11311bde4f3fa4e954ed74e12c642e7b19/detection

38.117.105.188:8778

# Reference: https://www.virustotal.com/gui/file/20a5a1527eec1367b73b159437504918bef1f6e080aae0e2a1fcca7515db8ed3/detection

79.134.225.122:34681

# Reference: https://www.virustotal.com/gui/file/eda933d530a73850228761fd32a36b0ac3e4831cfa0aac0c2803ae3b31feb260/detection

79.134.225.122:1128

# Reference: https://www.virustotal.com/gui/file/efea239402f5a6e38f46406a6e3642240d05ec832b311c1696bc4aebfefe9528/detection

193.56.28.49:6745

# Reference: https://www.virustotal.com/gui/file/71f16eb4e218ce31c48714915f935505e3c0142842819132c4b047d205a4fd7f/detection

79.134.225.122:6745

# Reference: https://www.virustotal.com/gui/file/10e26dee16c477631fae592194c800da210f15ffcc0dbe878848fce9b2453aa2/detection

204.95.99.26:1888

# Reference: https://www.virustotal.com/gui/file/6e3665d8c49204372b420eb5886812c9232e4a9b5916ec6118c1c738a88c0c09/detection

turrrki.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/8146df67eee0a3a1301dc50e8b60791dc0582f725bd25152d7906032b4bd9907/detection

98.115.116.236:5353

# Reference: https://www.virustotal.com/gui/file/6ecb083aae745977227be78bc106090cf64fbc680047a55a8050b561478a9ecb/detection

mybbbaaa000123.no-ip.biz

# Reference: https://malwareconfig.com/config/7679fec5f6bf7206635b96efa52d1d07

216.170.114.4:54932
216.170.123.125:54932

# Reference: https://twitter.com/malwrhunterteam/status/1247203279471349763
# Reference: https://www.virustotal.com/gui/file/57174c910f4a37c16ce2c9d84aac1ca48724069355c2713edf4fed77eb6c19f7/detection

137.74.80.220:54822
54822.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ecc83d8e4e5461bd89e4e5f73eeaa9a525572e2c2fab6fc86d7ca20cf3b22cae/detection

194.187.251.91:26758

# Reference: https://www.virustotal.com/gui/file/4083cd0b72787398b39f43278b72ac8c5990857fc667007a359de4b86efe166d/detection

172.94.4.82:3850
service.verrco.com

# Reference: https://malwareconfig.com/config/7e6985efb9f5ef15e81292ad68d4fd94

197.210.85.236:3090
won2020.duckdns.org

# Reference: https://twitter.com/MBThreatIntel/status/1247669823405830144
# Reference: https://www.virustotal.com/gui/file/7b2512d06723cc29f80ae8c8d6df141f27bc9d962ae76b5651b84d7be4379bba/detection

185.19.85.147:8585

# Reference: https://www.virustotal.com/gui/file/98af654d0e29607dfe8fa61468b55e8519e69d33d0fdb882a339762f597d4b3a/detection

185.19.85.147:1960
eske.sytes.net

# Reference: https://www.virustotal.com/gui/file/b6283c5dd3cf377b9bdbadbedeac76deaa482ff0203b75e79cd28a6774a3818f/detection

185.19.85.147:1101

# Reference: https://www.virustotal.com/gui/file/0e3e26e5d1defd9286ee035b8f9f78e1a19919fa7ba693615d4de9160cac6024/detection

79.134.225.114:5001

# Reference: https://www.virustotal.com/gui/file/33db560c1bea3195013b008d6f855b975b4d6f30fab880fb584314b5a73c276d/detection

79.134.225.114:54985
1338099.casacam.net

# Referfence: https://www.virustotal.com/gui/file/b9487ce9b37e55989e22063cb40646c2363b75732d54754e0b3bcc4c1c054797/detection

154.16.201.190:1608
185.125.205.74:1608
79.134.225.114:1608
bossbaby.ddns.net
lelemanu.ddns.net

# Reference: https://www.virustotal.com/gui/file/2345e1f5dffa854bc6caf6c0169c04e2436ba7cdd496bb0e70ca8cc7728b9018/detection

151.80.241.80:55800
154.16.201.190:55800
79.134.225.114:55800

# Reference: https://www.virustotal.com/gui/file/e88a96fda41ad6a62eb432611bfed9a71130740563032f7c0c80b66877175a8d/detection

79.134.225.114:2065
emekaonu.hopto.org

# Reference: https://www.virustotal.com/gui/file/9a902bf7d145ad4f0343820e40c9318ee42d3f6e2218e4767d8244816616bbbd/detection

79.134.225.114:5060
ablegodbless.hopto.org

# Reference: https://www.virustotal.com/gui/file/c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed/detection

79.134.225.114:20909
oluebebchi.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0a71d7b339554366e001adad8691edf98f0ed0f9f1c3b197ac2cfe02a46e8c7c/detection

79.134.225.114:1985

# Reference: https://www.virustotal.com/gui/file/ee4219449fb6bdea07a363d8e00c1cd9bb7dac5470369de5761bb632695419c9/detection

79.134.225.94:2404

# Reference: https://www.virustotal.com/gui/file/3e75fa86d7a14d6e70a3d7bb194f24df460fc1fa285af94f74ebaa62250defa2/detection

79.134.225.91:2404

# Reference: https://www.virustotal.com/gui/file/2a9d6c429718cfd6b72ac6fb23b5cbd94e0d768cdb2834961495023fa13076b5/detection

tool404vip.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e8eb933f69f9f1779ec1d19b01e3977d840ed57f3b7657acbe3d3674da8b401/detection

79.134.225.114:6454

# Reference: https://www.virustotal.com/gui/file/ff575ec9830622265aae23171bc200a33673dec4f4d7d2a7e8770bba01e3f232/detection

79.134.225.114:6610
nanovip.ddns.net

# Reference: https://www.virustotal.com/gui/file/eba6184ce3f28214b75df642a3d683becaed938cec955feba24c8efd6f7c5afa/detection

79.134.225.114:55850
desma.ddns.net

# Reference: https://www.virustotal.com/gui/file/8c8ea5753647ed74492c40a54f38d7e4fafe2d47dea4f9d26c292c0e314ecf37/detection

bossbaby.ddns.net

# Reference: https://www.virustotal.com/gui/file/893c51eaf4ffe28b3246771eb11dfbef662a77c56c33da8b0854511c8d28fb90/detection

192.169.69.25:5654
79.134.225.114:5654

# Reference: https://twitter.com/malware_traffic/status/1248689865799196674

185.140.53.29:4001
185.244.30.247:4001
mbills147.ddns.net

# Reference: https://www.virustotal.com/gui/file/051015f961c60fd8b5a6f6f9db935e73b25303c4bfcfaa24cd09a6ecae8fc016/detection

cactus004.ddns.net

# Reference: https://www.virustotal.com/gui/file/7534b9f48d70953ed739b74ace44c5fdeae45b300c350f970b16969cce9e2c10/detection
# Reference: https://www.virustotal.com/gui/file/968c7728a848b87b8d2130b9087f9bbf3b8a7239615482c89c39f8a41036ea98/detection

91.189.180.201:24980
ufok.duckdns.org

# Reference: https://www.virustotal.com/gui/file/558a541b16edfd7f5a1ce3e83a5df0a8c0b5408fc9c49b1102cd4f0773c94a39/detection

141.255.148.26:53896
byhackerrt.hopto.org

# Reference: https://www.virustotal.com/gui/file/e208a5a1b5c20b1f62fb04fb4033011f8b358a807942c18db9852edb6c5d2af1/detection

140.82.57.249:3614

# Reference: https://www.virustotal.com/gui/file/e6aa23e800e19af4278f0fd9fdf1506b4322057b25e0cb3474a16af4e0435cd3/detection

140.82.57.249:4488
ddns.catamosky.biz

# Reference: https://www.virustotal.com/gui/file/6df716e66724e3b9587c4cf6387097e97d28887d4b03dff34f4b48babaf4ed3f/detection

140.82.57.249:51899

# Reference: https://www.virustotal.com/gui/file/ec7415cda38608944e3c156c3efd027f80c33f905c85b311b62aa471dc26041a/detection

140.82.57.249:27694

# Reference: https://www.virustotal.com/gui/domain/googdns.ml/relations
# Reference: https://www.virustotal.com/gui/file/906790b2d626cd2f2d13329fbe87c90a1c1fa1713e1ba5c5c8b642d872a9e3cf/detection
# Reference: https://www.virustotal.com/gui/file/cc424b8697f3ed55435511670c51c901aadae994ec6f7d0492fa9326fed11e7f/detection

googdns.ml
140.82.57.249:50899
140.82.57.249:50900

# Reference: https://twitter.com/James_inthe_box/status/1249698356651102208

gbedu-blast.duckdns.org

# Reference: https://www.virustotal.com/gui/file/471316c3fe26f9ca1bff5057899e6ca62780b2a941273290c747b2adc2140eaa/detection

68.168.123.78:4396
79.134.225.91:4396

# Reference: https://www.virustotal.com/gui/file/40e25615e5fbf0d0cf46869521e22d32039f41451f38349e0cb6966b890c5dd2/detection

105.112.106.177:3210
79.134.225.13:3210
podzz.ddns.net

# Reference: https://www.virustotal.com/gui/file/aa7be46b03ed635ea3b16d2f91124ced3026c90ae539c51489b12630cb150ede/detection

23.105.131.162:6010

# Reference: https://www.virustotal.com/gui/file/2dcb1213c0c678221ff4eb34caf23a7b8bac13d78ce4cb47b1e32f04492aa716/detection

23.105.131.162:1301

# Reference: https://www.virustotal.com/gui/file/cea30c6b808bb9308d6cbaf2cfecc17fed57c459ee29f597bb6f9e60d4ee0085/detection

23.105.131.162:24246

# Reference: https://www.virustotal.com/gui/file/b0874e7374af2f3c7cf59b30ec64c4b351b0dc9f9d9bd96e49a667eaba36b8eb/detection

23.105.131.162:50002

# Reference: https://twitter.com/James_inthe_box/status/1250904145822801920

11495.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1251964364657213442

3.19.114.185:17791

# Reference: https://twitter.com/ScumBots/status/1251968137530146817

64.225.39.234:1085

# Reference: https://malwareconfig.com/config/6e2a03063823bc45ae960f3995699f09

checkernitro.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1253340577728360450
# Reference: https://app.any.run/tasks/b05bdd69-ab94-458b-b2ed-20ae0f721587/

adikamoto.duckdns.org

# Reference: https://twitter.com/Racco42/status/1253699455032930306
# Reference: https://app.any.run/tasks/1c4692f9-a8f4-4d79-b75f-473a212f6239/

blackhil.ddns.net

# Reference: https://bazaar.abuse.ch/sample/c068b1a7379f95ee883cd4ed9639bb2b28c380934f3bc0e0c7be97ad808c7b8a/

172.111.188.199:8829

# Reference: https://app.any.run/tasks/6e90bc74-2cb5-4cfe-b800-f49eadbc06b4/

185.244.30.139:4050

# Reference: https://twitter.com/abuse_ch/status/1257403567998210049
# Reference: https://bazaar.abuse.ch/sample/92632fa88b730e2593837c7d51884384dcf8c887fd4b8d3cc6741d12ae9cd347/

185.244.30.6:5626
atiku2.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257435718303059968

82.231.104.94:42563
linuxhosts.ddns.net

# Reference: https://www.virustotal.com/gui/file/f88a226250d6a6179189d9639a45af0ef770ad895e1f6587ce92306b4b3bacbd/detection

141.255.153.182:3344

# Reference: https://www.virustotal.com/gui/file/90ad4bfa156e6dc301fd67d9bc96bd2239e8820a7fdc2ea09a39856638722d5a/detection

94.225.175.104:3344

# Reference: https://www.virustotal.com/gui/file/bdf862a437dcb333dddbe573a7d62032830c0b5f75618dd1114fbee235322a5c/detection

141.255.153.49:4433

# Reference: https://www.virustotal.com/gui/file/df06bc1fdb230da628f9d0ea42288c55ada5ab9fca619b6f60a1d75a4534e26b/detection

46.76.230.97:4433

# Reference: https://www.virustotal.com/gui/file/23280781868ba0a182714000130d3479ccb84c21a3b886fe1cd87d73c267d296/detection

83.31.167.150:4433

# Reference: https://www.virustotal.com/gui/file/65ce054709b95367ec2eb4d7b8f56700946dfb57c2f44a7964a9113a136e84c7/detection

141.255.145.239:4433

# Reference: https://www.virustotal.com/gui/file/3cea1a42bb8aff2347763954239fc8db8a8befe37862301ed5d7398282fc283b/detection

141.255.146.147:4433

# Reference: https://www.virustotal.com/gui/file/fecf5b0f519af2092c4d2a460eccaef9fef2815a8bac6d6ba1ff356efbdbbf86/detection

141.255.151.155:3344

# Reference: https://www.virustotal.com/gui/file/fac31e837d16a049d2de382d2faf41aca880ca71934f720efc95f2a28edef7eb/detection

83.31.167.150:3344

# Reference: https://www.virustotal.com/gui/file/c1b5c976eb0b8af45260a73d5297ca925ada4c36d114538439e23614de71a829/detection

188.146.228.210:4433

# Reference: https://www.virustotal.com/gui/file/a980806678b79f14c0d756b11188cf4885a466a850db4c33b0a2a7c4c729249c/detection

141.255.156.244:4433

# Reference: https://www.virustotal.com/gui/file/d8a976b5c4d88d4f39942ad4fe90f48b47069ec6ddf886215d1aa5ff0fc5650a/detection

141.255.158.237:4433

# Reference: https://www.virustotal.com/gui/file/baebdd5088be918b37095ad1083b305502103a81bf63e762c4063898733b8e6a/detection

141.255.152.57:3344

# Reference: https://www.virustotal.com/gui/file/cb7edcff3edf4fd5b246cb248458ba1e3041d1a7205d503d97fcef1c10f2a91a/detection

141.255.158.242:4433

# Reference: https://www.virustotal.com/gui/file/c5ae0dc8c228ad28bdd7069162bd5341376d7f8bfa42fc554ed2f24dce4cb750/detection

141.255.155.111:4433

# Reference: https://www.virustotal.com/gui/file/88c3a993e362dff806e4022ba9005b5dcc4e016b08bde2b418d67caba4e0c2e2/detection

141.255.147.28:4433

# Reference: https://app.any.run/tasks/2c1fb554-0e8d-4de9-9c3c-3bb3dca55a07/

fowok.ddns.net
fowok.duckdns.org
185.140.53.12:5656

# Reference: https://app.any.run/tasks/07de1110-40df-45b4-83aa-74c37040d52b/
# Reference: https://app.any.run/tasks/71ac9101-026b-432f-901b-edb9fb25420f/

pharmzone.hopto.org
79.134.225.72:1010

# Reference: https://www.virustotal.com/gui/file/d3c30dddba67afa24e91c3ed5a9be486460a5283bedad9f79da85d65990c52e9/detection

123.140.35.169:54984

# Reference: https://www.virustotal.com/gui/file/12133591c48eed192baeb1cea56c2fcb7136d001a262106c6f9809a3925b7083/detection

211.32.178.201:54984

# Reference: https://app.any.run/tasks/d032c8f5-4ff4-4708-a4c1-2970d777a4ca/

79.134.225.94:9124

# Reference: https://www.virustotal.com/gui/file/122255fdae0ad10f3f7b41672344573eacf74df3952b79592d2aa49286565dce/detection

185.244.29.158:3119

# Reference: https://www.virustotal.com/gui/file/440dd78f8acce2e6137f158763335b184986be8418ece2ca2a0a19b4610bfd8e/detection

68.235.52.36:4822
nowy4822.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1258106085157810183

204.152.219.103:6616
79.134.225.89:6616
microliberated.duckdns.org
sweetsabbath.duckdns.org

# Reference: https://www.virustotal.com/gui/file/84f8451f6178b4dd8892f5ce15cc3bed5b0e56ca51bd62dcfbbe0c88c50867d5/detection

185.165.153.203:5638
185.244.30.117:5638
comcasted.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c802e3c0b78bc558c09ab355342c06896d420ee08e463368bd0ce750cf48630b/detection

185.140.53.142:5638

# Reference: https://www.virustotal.com/gui/file/e23b43d017e1e09b5175e5fc2c7d3c9e60407b1fa591fc4b56dd5286266f8ed2/detection

79.134.225.121:8050

# Reference: https://www.virustotal.com/gui/file/d8489a4c3ffbf57f2ffc293f0a7cc0e4624bccbd435417cb0da89d33cdffa385/detection

192.169.69.25:5291
79.134.225.121:5291
marshall015.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b9cd813de85602f1261fc97adfd2db1e4ab6ecf9a044e44b008a9061dd175fc2/detection

79.134.225.121:3410

# Reference: https://www.virustotal.com/gui/file/7950278086aef7f7d515a19e3b7d9aace45d01dbd0c9b6753f1669964b56b296/detection

91.192.100.17:8050

# Reference: https://www.virustotal.com/gui/file/c0a67bab0f6a107e62d8bb33bb1912fef316eb247a127020a765a2cafd96316d/detection

91.192.100.17:3410

# Reference: https://www.virustotal.com/gui/file/aa6c092a36a8398c5c1a4c20c9e4a8592b99c04c63a1df5e8efdae2fd2e4cc61/detection

185.140.53.106:2013

# Reference: https://www.virustotal.com/gui/file/6b0bdf0dc67fb9f5840ff8799c584bdd375efcf1fb58f1c85fd6645d7820a55b/detection

ahjksdjayhgjhagsdhjga.fagdns.com

# Reference: https://www.virustotal.com/gui/file/00bf73df95cdae9d856be2547393223c4fc43fa4ca949c2275221a01af4434c1/detection

83.171.151.239:5050
thisismydyndns.ddns.net

# Reference: https://www.virustotal.com/gui/file/c4be699fe1f5708344006cca1e10b4f74da1abfc607c530f4fc6d22ac8fee3fd/detection

185.189.113.83:20377
windowslivesoffice.ddns.net

# Reference: https://www.virustotal.com/gui/file/d5a265e4ed76519f3707d2d5f153f631cb5f57e51f3ef4b9f8f6c43c5226a0d6/detection

193.32.127.152:20377

# Reference: https://www.virustotal.com/gui/file/82b2a563fa0f2b3b4cb0d285b6a7575a2ad674013d81d6680d3e81e80d2ae9f0/detection

185.244.39.45:7177
xcvkljdsfuewor7892475hjesdfswerwsdf.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7ec9021da55b9e0983f463ae2e61bd9b3a9a93469ea8a75424669eb8984913dd/detection

64.42.179.51:45840

# Reference: https://www.virustotal.com/gui/file/71777d4207738a074234876f31a0c1b4925307680a42c5ffeaae4c7d25daae7e/detection

213.152.162.10:45840

# Reference: https://twitter.com/ScumBots/status/1259483914495840256

89.182.90.167:3603
dontreachme.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc0670d923ac5d3007bb1a9f0fafe4a75697209adccabdacfb686973fb34f31f/detection

82.165.121.217:12
xkiller85.ddns.net

# Reference: https://www.virustotal.com/gui/file/a4b881f6c19fe9c7b3523fdb17fdd7be5038b0dfccfb79d3fb7a2243e626f974/detection

94.11.133.178:1738
salumstar.ddns.net

# Reference: https://www.virustotal.com/gui/file/96d8e9457091a18a51c473cb3cc4e17bc68d742db9f27a4fc531e0c105eb5431/detection

185.140.53.43:58124

# Reference: https://www.virustotal.com/gui/file/8996ce9251acde109c1654747f7e8a89e33a208e6ed3756e0861bf878f0d9dde/detection

105.112.99.219:49251
185.140.53.43:49251
194.5.98.57:49251
79.134.225.35:49251
xeliteme.us

# Reference: https://www.virustotal.com/gui/file/8d553909f92849780ab5fecb55b2a65f59537e50aa05ad569de0bac50a7a08da/detection

105.112.97.53:49251
105.112.99.227:49251
105.112.99.249:49251

# Reference: https://www.virustotal.com/gui/file/fb972feeb124e22002df27dad53fa72904ddcd4d254a04ebeb21dafdb420cc03/detection

105.112.99.53:49251

# Reference: https://www.virustotal.com/gui/file/ea144ceeef04011e148dbeb572e63cb95c0151b1bab52ebe071b2dc8150e69d7/detection

79.134.225.102:49251

# Reference: https://www.virustotal.com/gui/file/ac297c5bb6bfb56573b4cff94770a5721a34db94d4d3bb75f1d525ce8c2c8a79/detection

169.159.106.238:19864
185.140.53.43:19864

# Reference: https://www.virustotal.com/gui/file/212b473d2d9f4f222d9c7315d21b6045b3cbf9de120cc21b6d55969966f44f8f/detection

169.159.126.46:19864

# Reference: https://www.virustotal.com/gui/file/52c1daa48f7a7341a1fe5b90241cdbd64b4e2586c0d9f27284449be57247ad76/detection

105.112.98.122:19864

# Reference: https://www.virustotal.com/gui/file/8304d1ce83f26ae9188a16b386c8ab85ad6c685728ae66842bf2012e87456702/detection

105.112.99.112:19864
105.112.99.251:19864
79.134.225.102:19864

# Reference: https://www.virustotal.com/gui/file/1da6f82ce664a631082e84edbfe9fad3212e802f77384b113d9ff3d4dee07e31/detection

185.140.53.43:2013
kenya7.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1a7467227432cdaa29acb2a56b84d514cfb9ea33055a3070ecb861eb51101e69/detection
# Reference: https://www.virustotal.com/gui/file/856f303e6cf127d178eb385e0aa7d914cfb754b520bead5fd0f4b2173df6da11/detection

192.169.69.25:7722
185.140.53.43:7722
kenya8.duckdns.org
ikorodu1.duckdns.org
ikorodu2.duckdns.org
mypepsi22.duckdns.org
mypepsi25.duckdns.org
mypepsi32.duckdns.org
mypepsi34.duckdns.org
mypepsi36.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1260157297168285696

197.211.61.37:4000
rdpdoc.ddns.net

# Reference: https://www.virustotal.com/gui/file/cc630f017225ee40a7d9f96e3a5d6ea2cdfe8da96154d8a481d6e40e2abed97f/detection

pmanz.sytes.net
podzeye.duckdns.org

# Reference: https://www.virustotal.com/gui/file/dc24fc7a20319973f3b65f6a551419d5f42085cf525b0a9de864e56a85918091/detection

216.38.7.239:444
41.217.58.13:444

# Reference: https://www.virustotal.com/gui/file/aead1479ef4d8bf17c59a84b0d319a53d7c0dec8c07c0d137dbe536083ce5c16/detection

154.120.103.91:444

# Reference: https://www.virustotal.com/gui/file/d0a9a57bafde12ccbb91b3a76da54e09ddaa3350bf83401b115b994e17da3253/detection

172.93.189.93:444

# Reference: https://www.zscaler.com/blogs/research/multistage-freedom-loader-used-spread-azorult-and-nanocore-rat

216.170.114.4:54392

# Reference: https://www.virustotal.com/gui/file/bc38b0e796fc5cf0c20835bed85362e18ca27c26b6603ebc914a73d3de66393b/detection

86.136.102.191:54984
nancratchazz.ddns.net

# Reference: https://www.virustotal.com/gui/file/645d6fc2d9933bf8a3e23e8ea66d0670271bfa6bf9f87b40b9db3ad58a1380f9/detection

86.188.93.33:54984
86.188.126.93:54984

# Reference: https://www.virustotal.com/gui/file/1bb3987a5514c74a2dd6addbcd1ab911e010ea09b183dc754730dcf34e6fb916/detection

78.163.1.67:1085
kurbanlar13.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8428daf5412459321bb89cab571f15bffb23a9a77af729283ec8e3190d0338b1/detection

1.234.108.31:54984
osu.p-e.kr

# Reference: https://www.virustotal.com/gui/file/7780a1035345b4c68b849168bc68abab2edc4d16e8afc19fd1088ecb91ded790/detection

59.2.231.251:54984

# Reference: https://www.virustotal.com/gui/file/5da02c8199a8734f1ff6ba03f9cf751d13851844eda167249198c640ec61fd59/detection

105.112.98.193:64853
79.134.225.111:64853

# Reference: https://www.virustotal.com/gui/file/1b5b618360e0f816972541d9aea7993d3e539de29d3da46f1d86612765f337ed/detection

197.210.226.224:64853

# Reference: https://twitter.com/JayTHL/status/1264302125791789057

79.134.225.32:4918

# Reference: https://www.virustotal.com/gui/file/d736ea220ff2ed658cd5e72c587a47ba2cb45d451d5f05dca4ae56b71ab27c90/detection

213.159.212.162:5454
kermanuwu.ddns.net

# Reference: https://www.virustotal.com/gui/file/1dae0985f5cf3bd2c5668e13680f098ddfb1cd4384a14ef5b3a15149d1bda134/detection

194.5.99.143:3333

# Reference: https://www.virustotal.com/gui/file/900a52d261b439322b6037784aad547615769f487817ead93ff2994337bfbade/detection

xkiller2020.ddns.net

# Reference: https://bazaar.abuse.ch/sample/f036e2aa7615446d2cb3ab689b13aac4055bf2cb8b19b0999db08d7052a80bf1/

91.193.75.15:9900
megida123.ddns.net

# Reference: https://malwareconfig.com/config/d3ed1086de7a05a675e84c5700b0dfdb

xayn420.ddns.net

# Reference: https://www.virustotal.com/gui/file/f8770eac2308bbaba2b0cd9436515c0ddc67a4b071df55b22c9a50a46bdfae5a/detection

116.126.222.134:54984
forchip.kro.kr

# Reference: https://bazaar.abuse.ch/sample/f6833bd6cacc270d9bd9f4a5d3c857eaf1fa4bff26dde70645db48279d52f25d/

185.140.53.11:6532

# Reference: https://www.virustotal.com/gui/file/ecedf8ca5d5fffd39a161e6e2897d1498fe838a577f4e533831691393eaea743/detection

185.140.53.15:7654
okayson.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/file/18472c163255e30adfdf41fef292dc864524eeb928234eefd18f29fd5e6799f6/detection

199.19.94.62:44061
forwardto.ddns.net
yrz.ddns.net

# Reference: https://www.virustotal.com/gui/file/38265051016034998053fd5da769103d548b48a8078f7e5e22dee058180b2d49/detection

184.75.223.211:44061

# Reference: https://www.virustotal.com/gui/file/e426a62fc1d393dda7c072fc03f6fceaa6b97ad2e2c18e5a6ecc34f8fa1bfb70/detection

18.156.13.209:11769

# Reference: https://www.virustotal.com/gui/file/4c7affc3a277874d90723474c5b453cd5357f46bbe987b4f3c385aa1dc9ebdde/detection

185.140.53.11:9900
proton1234.ddns.net

# Reference: https://www.virustotal.com/gui/file/d6093e8cbda03c64c41e3184f03df9719ca44b90f5dda5741d60ffe614baa5b9/detection

185.140.53.11:1717
41.190.3.151:1717
dvsmrtn73.ddns.net

# Reference: https://www.virustotal.com/gui/file/70890d23bf831b4b9ea905fb5ade1646a87c33280bc4bb857dba3e6d24de4f6c/detection

185.140.53.11:1985

# Reference: https://www.virustotal.com/gui/file/f758cdcdb557a63bfccd1da9520b296757251b43ebd04647f1d196bd4e8ced74/detection

41.190.31.26:1717

# Reference: https://www.virustotal.com/gui/file/a974a87f44252d69d2240704c2925ff17d81beef261352675c52520a451e08d9/detection

197.210.65.165:1717

# Reference: https://www.virustotal.com/gui/file/071d0777228fa43eedc5c3548b5b07aebabdeb7faaa6674a2dd1132b7dc79b92/detection

badmu.myddns.me

# Reference: https://www.virustotal.com/gui/file/b8799bc747346a8b6df2732e3737e36b0e5d3c8cd26b066c313ef65c88c33b95/detection

185.140.53.11:6700

# Reference: https://www.virustotal.com/gui/file/c25e50ab885dae75cf5682ae41b91cefffc8b3986b224832c1255788e24c2910/detection

216.170.114.252:6700
dontknowwhy.duckdns.org

# Reference: https://bazaar.abuse.ch/sample/f728252169da3a6dc69cd201835230c017ce37c9a9cd06c1e7daa3153ebc6f80/

194.5.98.28:5626
duckmeat.duckdns.org

# Reference: https://www.virustotal.com/gui/file/051030393f578db6d747781d2553873f82ad83874193608759b968a06d71fa0e/detection

82.102.18.14:7005
pomm2pain.ddns.net

# Reference: https://www.virustotal.com/gui/file/d2ffc224d5818be5ced49af7c1c1e2f73d9eca9e9e73ebb3ead1ef5e83d6a9ef/detection

godblessme.hopto.org
graceofgood.hopto.org

# Reference: https://www.virustotal.com/gui/file/d51b32bd560b9fd2af45d8c28604ebc6cbe2097810c11e5f3bccbe1054a4cf15/detection

78.112.230.97:1605
testttttt.ddns.net

# Reference: https://www.virustotal.com/gui/file/17fa709f1a866d573f997f8f1288d537de382cccc5a4f9c1811db9da34c016b2/detection

194.5.99.20:3118
forwork61420.ddns.net

# Reference: https://www.virustotal.com/gui/file/682cb1c003d98478150a40e5a6eed75332e34a611749eed232e88bf6020b2c4b/detection

forwork61420.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b852fe2db52e3c3902f5a712b116a4f1bb77ba915a111f10a10e2f4e3bdbcfa6/detection

95.211.208.55:2937
arkseven004.ddns.net

# Reference: https://www.virustotal.com/gui/file/296e81d76d2b343f4a068ebcd98211852d98bdacd46943e8c866ae0358e24a1b/detection

49.196.30.48:1608
test9933.ddns.net

# Reference: https://bazaar.abuse.ch/sample/17976b00ac98edbfed8a513caeb5d757c334ed3e1f94712212b5b7a4ac1f226e/

194.5.99.9:1985
blessme.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1275831258216411136

mdhkazerni23.ddns.net

# Reference: https://www.virustotal.com/gui/file/80647d0914027adabee2afcccc6035d144dd27fd428addb1733bc83059d81b27/detection

90.47.148.229:1604
saayyy.ddns.net

# Reference: https://twitter.com/ScumBots/status/1276787932402155521

193.161.193.99:52957
