# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: netwiredrc, netwire, wirenet

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NetWire-EK/detailed-analysis.aspx

mommyreal.ddns.net

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NetWire-CC/detailed-analysis.aspx

wwfvpsv9.serveftp.com

# Reference: https://www.cyren.com/blog/articles/bad-things-come-in-pairs-3004

dinesaad.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1044616045560967168

cboss33.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1044365272675573760

natigr.ddns.net
projectadmin.camdvr.org

# Reference: https://twitter.com/James_inthe_box/status/1044231367347732480

ddns.catamosky.biz

# Reference: https://twitter.com/Racco42/status/1042056130577489928

lagos042.ddns.net
manuel3.publicvm.com

# Reference: https://twitter.com/VK_Intel/status/983940199603474432

snoopdmoney2018.sytes.net
snoopdmoneybkup.sytes.net

# Reference: https://www.virustotal.com/#/file/a095a7acda9c73fc89bfbc170bbec75a4572c75114e1687a7c212e9228915945/detection
# Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3966&sid=a2bb410851e96a6bb24b90b65966112f&start=300#p32187

ola100.hopto.org

# Reference: https://twitter.com/malwrhunterteam/status/1106264932230852608

62.210.10.245:4000

# Reference: https://twitter.com/malwrhunterteam/status/1105163365209554951

amazonsprime.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1107630659957329921

leew.linkpc.net

# Reference: https://twitter.com/James_inthe_box/status/1022228835616473088

onetimeade.linkpc.net

# Reference: https://twitter.com/malwrhunterteam/status/1096760442133856256

jackas.gotdns.ch

# Reference: https://maskop9.tech/index.php/2019/01/30/analysis-of-netwiredrc-trojan/
# Reference: https://app.any.run/tasks/e1d7034b-c866-4cef-8d55-04405cd2a81d

109.230.199.103:3360

# Reference: https://twitter.com/James_inthe_box/status/1118217392851566593

havemercy.mooo.com

# Reference: https://twitter.com/malwrhunterteam/status/1122081049809432576

netzirecolq.gleeze.com

# Reference: https://twitter.com/MalwareConfig/status/748754926319181824

socratecafu.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/748754880869707776

monarch01.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/748625532993019904
# Reference: https://malwareconfig.com/config/d5ce94e9264321d398767c1e3d1a5835/

46.244.10.196:3480

# Reference: https://twitter.com/MalwareConfig/status/748625240486477825

jack.redirectme.net

# Reference: https://twitter.com/Jouliok/status/1123141238197248001
# Reference: https://app.any.run/tasks/9de6804d-2e31-4f55-a225-d99191196803

duc1234.duckdns.org
91.192.100.57:32144

# Reference: https://twitter.com/ps66uk/status/1104050986031767552
# Reference: https://app.any.run/tasks/4b6c4b34-7bc3-41ca-8a35-78399db8e591
# Reference: https://twitter.com/wwp96/status/1165981094958784513
# Reference: https://app.any.run/tasks/6158df64-fbd4-4ca1-a447-c2464ba3a063/
# Reference: https://twitter.com/killamjr/status/1192062400960315397
# Reference: https://app.any.run/tasks/48f13dd2-c3e2-4940-a1ac-dbb9a482cd10/

akconsult.linkpc.net
105.112.51.164:2014
185.84.181.94:2018
197.211.58.186:2014

# Reference: https://twitter.com/luc4m/status/1092365190497255424

checker00.gotdns.ch

# Reference: https://twitter.com/luc4m/status/1072888268528779264

pd1n.ddns.net

# Reference: https://twitter.com/Racco42/status/1062633238802378752

wealthyadmin.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1059464666672332800

favor.duckdns.org

# Reference: https://twitter.com/Racco42/status/1057317617260736513

godalmighty.ddns.net

# Reference: https://twitter.com/ps66uk/status/1050043711135068161

185.101.93.198:8681

# Reference: https://twitter.com/James_inthe_box/status/1115624726695514113

masterhugo231.servecounterstrike.com

# Reference: https://twitter.com/James_inthe_box/status/1065330244746268672

185.84.181.80:3360

# Reference: https://twitter.com/avman1995/status/1060818874789179392

ddns.unknajiamu.xyz

# Reference: https://twitter.com/pollo290987/status/907273472786812928

199.16.199.2:36133

# Reference: https://twitter.com/JAMESWT_MHT/status/906146267763486720

egonbute.duckdns.org

# Reference: https://twitter.com/Antelox/status/894901722497208321

192.223.25.72:1777

# Reference: https://twitter.com/JayTHL/status/751123206468046848

businessdb3.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/714819056218406914

marchborn.no-ip.biz

# Reference: https://twitter.com/James_inthe_box/status/1123236500311724032

bazwire.sytes.net

# Reference: https://twitter.com/fe7ch/status/1126132771800395777

usb.mine.nu
message-whatsapp.com
zr.webhop.org
enz.webhop.org

# Reference: https://twitter.com/Racco42/status/1132935875430670337
# Reference: https://twitter.com/Racco42/status/1136593634650927105

96.47.239.229:3999

# Reference: https://twitter.com/James_inthe_box/status/1133344506814668800

160.116.15.155:3360

# Reference: https://twitter.com/raby_mr/status/1136889525060325376
# Reference: https://app.any.run/tasks/03268b84-b31c-4a32-a87b-95e7aa4cf8a9/

102.165.38.139:33
heritage.nflfan.org

# Reference: https://www.fireeye.com/blog/threat-research/2014/04/crimeware-or-apt-malwares-fifty-shades-of-grey.html

c0der.zapto.org
rglink77.no-ip.biz

# Reference: https://twitter.com/James_inthe_box/status/1138454939045453825

enginekeys.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1140571341344538625

duc1234.duckdns.org

# Reference: https://twitter.com/daphiel/status/1141625032801693696 (# CVE-2019-11707)
# Reference: https://twitter.com/cybsecbot/status/1141610397931323393
# Reference: https://www.virustotal.com/gui/file/07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4/detection (# OSX Netwire/Wirenet)

185.49.69.210:80 
89.34.111.113:443
a678157.oicp.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1142038342583894017

packgeddhl.myddns.me

# Reference: https://twitter.com/HerbieZimmerman/status/1142085603368079361
# Reference: https://app.any.run/tasks/f61c3c81-52aa-4e11-b746-c7c27bc3b7f4/

gojust.publicvm.com

# Reference: https://twitter.com/killamjr/status/1145110513371820033
# Reference: https://twitter.com/killamjr/status/1145114752890413057

185.247.228.73:9510

# Reference: https://pastebin.com/S4ggik78

maxmini.duckdns.org

# Reference: https://twitter.com/killamjr/status/1146521318503964678
# Reference: https://app.any.run/tasks/1c48f325-f211-4442-8cd4-03ed4cd9e538/

88.208.246.122:4110
longman001.chickenkiller.com

# Reference: https://twitter.com/James_inthe_box/status/1146468739493199873

chance2019.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1148316218199334912

69.30.232.86:2030
docusmart.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1148966237684133888

mickeyjones.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1149004873653899264

haroldberry1.mooo.com

# Reference: https://twitter.com/JayTHL/status/1149014369642172418

fada101.servehttp.com

# Reference: https://twitter.com/dvk01uk/status/1149610977219846149
# Reference: https://app.any.run/tasks/7e3d8fe0-fc60-4525-9351-4240177616d4/

160.202.163.246:6969
microsoft.btc-crypto-rewards.cash

# Reference: https://twitter.com/Racco42/status/1158729618389643264
# Reference: https://app.any.run/tasks/3e1c3fc4-166c-4164-afc5-f34bb3a066c7/

213.227.155.190:5868
halwachi50.mymediapc.net

# Reference: https://twitter.com/James_inthe_box/status/1164299477127028736

23.105.131.221:6050

# Reference: https://twitter.com/James_inthe_box/status/1164964895764299776

204.152.219.82:9008

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

beltalus.ns1.name
maxmini.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1169168426750894081
# Reference: https://app.any.run/tasks/abb12ce8-d6c6-4cf9-a9d6-8ad22d6cd2e1/

79.134.225.61:5552
info1.nowddns.com

# Reference: https://twitter.com/P3pperP0tts/status/1169905372359839745
# Reference: https://app.any.run/tasks/751de56d-4df8-478f-92da-931edaf643bb/
# Reference: https://app.any.run/tasks/3f018342-f6f0-4908-b0c8-f54e1d250463/

79.134.225.103:39560
wealthyblessed.warzonedns.com

# Reference: https://twitter.com/P3pperP0tts/status/1169905372359839745
# Reference: https://app.any.run/tasks/98de7c91-253e-4a55-aa90-51720e2bef92/

79.134.225.61:5552
info1.nowddns.com

# Reference: https://twitter.com/P3pperP0tts/status/1169905372359839745
# Reference: https://app.any.run/tasks/6f2eca0b-e39d-48f8-a132-e4ad2d597c2b/
# Reference: https://app.any.run/tasks/6ee3328e-fd0b-4fa1-9292-c5d0fae7fd1f/

103.200.6.79:39760
melvintravel.ddns.net

# Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569

netwire.daniel2you.com

# Reference: https://twitter.com/0xFrost/status/1174391265707941889
# Reference: https://app.any.run/tasks/96dd442a-86e8-4c2b-9a33-401a04d58c5d/

103.200.5.128:39460

# Reference: https://www.fortinet.com/blog/threat-research/new-netwire-rat-variant-spread-by-phishing.html
# Reference: https://app.any.run/tasks/fc32d970-325d-4a77-bc84-7870a5b40fd7/

185.165.153.219:3366
gbam0001.duckdns.org

# Reference: https://twitter.com/wwp96/status/1178693615440277504
# Reference: https://app.any.run/tasks/883bcaa9-150d-4e66-b107-6c6676f222e3/

185.217.1.148:5868
halwachi50.mymediapc.net

# Reference: https://twitter.com/0xFrost/status/1179128508817260545

trippleboss.warzonedns.com

# Reference: https://twitter.com/wwp96/status/1181651448439791616

rownip.mooo.com
rownip.dyndnss.net
rowanyne.ooo
rownip.eastus.cloudapp.azure.com
rownip.eastus2.cloudapp.azure.com 
rownip.tk
rownip.webredirect.org

# Reference: https://twitter.com/w3ndige/status/1171159313865465856
# Reference: https://app.any.run/tasks/5d43972b-352b-4e1d-b856-90c7176205b4/

109.202.103.170:8733
109.202.107.10:8733
213.152.161.229:8733

# Reference: https://twitter.com/wwp96/status/1186998362626822149
# Reference: https://app.any.run/tasks/1fe1be54-9c9d-4ad0-91b6-f4433e6d1144/

185.19.85.153:3393

# Reference: https://twitter.com/wwp96/status/1187023690636152832
# Reference: https://app.any.run/tasks/238a2b41-2fb5-495d-a686-2be8fa316bc5/

79.134.225.103:52999
wealthismine.ddns.net

# Reference: https://www.virustotal.com/gui/file/2dfab97454ee74f18367a763aadc5453aebc3382911b055ff27a1c3eed0040bd/detection

213.208.152.217:3363

# Reference: https://twitter.com/killamjr/status/1189717599040528386
# Reference: https://app.any.run/tasks/1818f7a8-166f-4d05-9dd2-d97ff5a86989/

185.217.1.189:39766
officeraymed09eu.ddns.net

# Reference: https://twitter.com/JayTHL/status/1189924963794460672

79.134.225.11:1199

# Reference: https://twitter.com/smica83/status/1190181597468856320

79.134.225.80:3360

# Reference: https://twitter.com/smica83/status/1190183906693267456

79.134.225.122:3360

# Reference: https://twitter.com/Paladin3161/status/1190247869145477120

25092019.is-a-geek.com

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://www.virustotal.com/gui/ip-address/185.165.153.221/relations

185.165.153.221:8973
185.165.153.221:9101
aspens.publicvm.com

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://www.virustotal.com/gui/file/ff0fb3dbc9170b42ca07bcbcca2c90dbe7e28eed7a6f8861cc91fcef691726d7/detection

79.134.225.78:1195
79.134.225.78:3941
79.134.225.78:5149
79.134.225.78:5541
79.134.225.78:9263
cowboyz.climatechangeawareness.uk
guccimoney.duckdns.org
teryts1802.sytes.net

# Reference: https://pastebin.com/29uSdMAk

fartgul.duckdns.org

# Reference: https://twitter.com/smica83/status/1192788522631081985

185.165.153.113:32141

# Reference: https://twitter.com/James_inthe_box/status/1194265061163859968

noapology.duckdns.org

# Reference: https://www.virustotal.com/gui/file/29fa90b1dfc3fdca476596c276eeb9f1ca26d9833e5e671280add24cb69c4b07/detection

185.165.153.55:2001
185.248.13.185:2001
blatter.ddns.net

# Reference: https://www.virustotal.com/gui/file/fdffe9dc3b52438d2cfc8c753f564e087958e27a944e59a3ebbaf8e501c60ef5/detection

185.165.153.55:594

# Reference: https://www.virustotal.com/gui/file/b3d31835f0570ccea5b165a661ae7b37eaf38d1a00d6cec4c609fd862b508e71/detection

185.165.153.55:4050
mymy1.ddns.net

# Reference: https://www.virustotal.com/gui/file/17c22ddbdcc06cb9710afcf54e1c0a0cdcb3e383650feaf4ffe9b2ad5455a9c4/detection

noapology.climatechangeawareness.uk

# Reference: https://www.virustotal.com/gui/file/ea8778e98950acaa214b5205b293e471a2d949b92d3ce8ffcd2fccf31e691839/detection

185.217.1.190:6898

# Reference: https://cyberweek.ae/materials/D4%20TRACK%202%20-%20APT%20Attacks%20On%20Crypto%20Exchange%20Employees%20-%20Heungsoo%20Kang.pdf
# Reference: https://www.bleepingcomputer.com/news/security/firefox-0-day-used-in-targeted-attacks-against-cryptocurrency-firms/
# Reference: https://otx.alienvault.com/pulse/5dd2b6edd9073ebdde5eba8a
# Reference: https://www.virustotal.com/gui/ip-address/185.162.131.96/relations

analyticsfit.com
athlon4free2updates1.com
http://185.162.131.96

# Reference: https://twitter.com/James_inthe_box/status/1196509130841710592

almeenamarine.ddns.net

# Reference: https://www.virustotal.com/gui/file/0240071a908a44d286964af67a947625c7df2a6994880a79c938d26822279b3d/detection

185.217.1.186:3366

# Reference: https://www.virustotal.com/gui/file/24cc43513c2e79676fdf20fab727ec9a3c98612b7ff00a6242076cbc90be6291/detection

185.217.1.186:3365

# Reference: https://twitter.com/wwp96/status/1196873873343561728
# Reference: https://app.any.run/tasks/05bf7c8e-8660-408e-af44-ee17bcc358e5/

185.19.85.153:3393

# Reference: https://www.virustotal.com/gui/file/761e8b24bfbd4c31cfbabe2747daaa5d589e49204f3d2acd8a5493ca1f8293ec/detection

79.134.225.105:49012
electroking444.ddns.net

# Reference: https://www.virustotal.com/gui/file/195f140234ec7779a7f769ed3770425d262c6f9e94d126b195b2804261c9f32d/detection

79.134.225.105:2803
onelove03.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c7bdb6a769b95c976c80bd0ea3c77d48ae8f99f8f0b3d714637630c43259209b/detection

79.134.225.89:32141
zlantan1234.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c4b5f36856320d553b73da3deb7b5a39ef0ba8026ae8278ec6496cb6bdd68486/detection

popintertradeer.ddns.net

# Reference: https://www.virustotal.com/gui/file/dd33019c84b905443de022d1ff40146e7d1a2b5b472a3e1589b0ecb36ee64555/detection

41.151.8.187:3360

# Reference: https://www.virustotal.com/gui/file/0fe9614c6c18c6d7276d23902d8e056589861969f6d6d5fdf239ddb6c7128424/detection

119.9.94.62:3360

# Reference: https://twitter.com/neonprimetime/status/1199711850931400706

79.134.225.90:7734
netupdate1.sytes.net

# Reference: https://www.virustotal.com/gui/file/2dcde2c6679b4dbf7c7c6ba3bf6f078493f50117c7285654dc6d089d7d9c9f25/detection

79.134.225.90:62098
ashmwin.ddns.net

# Reference: https://www.virustotal.com/gui/file/92698baf6b49c99930e0f43857b6d14b1de6cb44af749af015332be9d2f6bdad/detection

79.134.225.90:3923
105.112.105.226:3923
netupdate1.sytes.net

# Reference: https://www.virustotal.com/gui/file/c103d6b1a8fd4dce11bcdcb55e18dabb58de76d5b196ff42095df7664e313b4e/detection

139.60.162.173:3535

# Reference: https://www.virustotal.com/gui/file/cd35a539d995fc9bd7fc844e4d1f6efb6187892298d1d1afce4b2c8e5b641c33/detection

212.83.170.126:111

# Reference: https://www.virustotal.com/gui/file/adf5565528a5c596d84b47b5433698b547b2183c2b86187cba3a9b892cd533d7/detection

79.134.225.59:4771

# Reference: https://twitter.com/ActorExpose/status/1200834171545030662
# Reference: https://app.any.run/tasks/1d10bdf0-38d2-49cc-a2cd-267e7c56daae/

79.134.225.90:32141
zlantan1234.duckdns.org

# Reference: https://www.virustotal.com/gui/file/370a5c3410e458a615cd1b1581b90273bac8df37c602c83f9d2e4c85deeb6278/detection

185.165.153.113:32141

# Reference: https://www.virustotal.com/gui/file/46222e44edf6d4f9caf9ee55824ce5e20dfcf274a167bcbdca8b5e9eab4f346e/detection

79.134.225.89:32141

# Reference: https://www.virustotal.com/gui/file/d240a2899287ffa85ae3f2041bde1c6cf60a094fa3716182fa5111a0e814b7a8/detection

192.69.169.25:2555
wellcomehome.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a9833ef2f0ff93c2d46eb4ca7783be91d0d065f5db97a521b1428a9022e0bbb6/detection

192.69.169.25:10155

# Reference: https://twitter.com/JayTHL/status/1200887119545327618

185.165.153.190:3360
cash001.duckdns.org

# Reference: https://any.run/malware-trends/netwire (Note: as seen on 2019-12-04)

sandra.myddns.me
888rats.duckdns.org
slimyuyo.duckdns.org
vemvemserver.duckdns.org
special2019world.mymediapc.net
3forall2019.servesarcasm.com
jiddeshot.duckdns.org
saintjames.publicvm.com
joeiyke22.duckdns.org
youforbiden.duckdns.org
12345dick.duckdns.org
win360s.ddns.net
mozillamaintenanceservice.duckdns.org
2020dcr2ewert-24ee-4edb-80bf-82dab6f9b9d.duckdns.org
akconsult.linkpc.net
duckdns4.duckdns.org
salesxpert.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Malware.NetWire-7428720-1)

cobroserfinansa.com

# Reference: https://www.virustotal.com/gui/file/457b80e5bf2bc7901917523960cc9db4c3f80089026408f564633dbee283fbce/detection

79.134.225.121:3410

# Reference: https://www.virustotal.com/gui/file/d922e9068964beed6b4b9d6dce99a06f915b1c772363f847eaaa6a82931cc15b/detection

nasoo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f7f3b8083532e5468fc0eb50ab0df6006eae1a69d39c6241aba2f45e178df6e6/detection

79.134.225.121:7075

# Reference: https://www.virustotal.com/gui/file/2c35359dda093b3635434d8c03cc2703af6ff54f5f775f50098ca837fef39a44/detection

truckbase.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bfa46975f1df64a6e0a8c4cd4fd6dd11f94f0f1e943bdc53a3dbdd9701e6ea5d/detection

raaqtwo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/958384b533e9c4818026a6cca852eafc0c0a046294cc65ec030d9b70396b24db/detection

185.165.153.22:5555

# Reference: https://www.virustotal.com/gui/file/e0b0e3fab013dc09b6bdf69205fc5307f2b3651076719221ac5877b5ec8586a2/detection

185.244.31.42:2803

# Reference: https://www.virustotal.com/gui/file/4671508d92b3e347306677e573de08e434d08b6a45ba2aa2a0bdf413aebed3c5/detection

212.7.192.243:2803

# Reference: https://www.virustotal.com/gui/file/456f728d0b77f1b7a7cf80eac04eefed51bac192d0e8b7d0a966036ffbc50c30/detection

91.193.75.153:3382

# Reference: https://www.virustotal.com/gui/file/5ce56dd34b245ccabdb0ca49291443547b3b78dbd1d22f971319082222d2df14/detection

91.193.75.153:2803

# Reference: https://www.virustotal.com/gui/file/cece77471974acf2571a11c9df849ecc5c0caec716a5133eca57088500671338/detection

192.169.69.25:3382

# Reference: https://www.virustotal.com/gui/file/c805a88f47d67b56d9ba5613dbeb69953162abd6134a920e378092e99e0bfb51/detection

79.134.225.71:3360

# Reference: https://www.virustotal.com/gui/file/21ad213538f2236ce466d5dd0a2ec0a0b97afa99e223e065131b608f49da8635/detection

79.134.225.119:3999

# Reference: https://www.virustotal.com/gui/file/fdbf4c73db81705a8a27703447d665f3806345bd046cd721b8e78dd4786d61c8/detection

79.134.225.60:1
fineware.ddns.net

# Reference: https://www.virustotal.com/gui/file/03afbf2ae0de830ca39d35b5574dc38cdb66210b11f64d6d3cb0fab2168261a6/detection

193.160.10.83:1
cocaboss2017.hopto.org

# Reference: https://www.virustotal.com/gui/file/cf1ca867f165ab67d102e6b918040e2e17fc1b5d1883d8f642019a17c8e6b8b2/detection

185.101.92.3:5553
qatar1.ddns.net

# Reference: https://www.virustotal.com/gui/file/60d0357a80a01b899f289d690076a35cde6f89e1f72128ff6aca8d7595a2ef74/detection
# Reference: https://www.virustotal.com/gui/file/47007057990f2e09ddedaf580bf5705fc0f7c9fed153bc7b1fe3b0d61001967a/detection

104.18.34.86:8888
104.18.35.86:8888
104.244.75.220:8888
nozomi.sakananoko.io

# Reference: https://www.virustotal.com/gui/file/e0f8c12ff13dc56a9ba268873c9747c4ab40e462f7e842b24a018bab7e0a05aa/detection

168.235.111.253:5553

# Reference: https://www.virustotal.com/gui/file/ded798f496c5af0c00ce63c829f69c783c9f45ccf4f0e850f18740d85f201c13/detection
# Reference: https://www.virustotal.com/gui/domain/spyzdns.pro/relations

104.152.208.211:5577
spyzdns.pro

# Reference: https://www.virustotal.com/gui/file/ce1960525f5588b19f0c6de2026e02000518e2d3f8c5d23ea60e45849a04ee14/detection

104.152.208.211:1112

# Reference: https://www.virustotal.com/gui/file/bed345a08313800a40dc5c68f9084bf6063a4a430c88e410f0fe463eb5388b51/detection

154.16.201.10:1302

# Reference: https://www.virustotal.com/gui/file/aae2fc7d7b828a8d65382a2b5ccd4c490bc16bcdac1375d4e20cffa83aecdfe7/detection

82.118.21.3:1112

# Reference: https://www.virustotal.com/gui/file/46aefe90a8ea70f53e77cbc9942409479b95c0f264ac6082b1e1f502e30b13f7/detection

79.134.225.19:1112

# Reference: https://www.virustotal.com/gui/file/6e9d20cbacd0fd5a8f6b6a9971ef0a3587a50415993755069e17420d09d84c70/detection

23.254.203.242:1112

# Reference: https://www.virustotal.com/gui/file/f87b6d4cb39625b3c64c36e763a2098543d570208b9fd4d0f1940f0c34fa4073/detection

51.77.254.186:1112

# Reference: https://www.virustotal.com/gui/file/90a80ce3af5ec668660b8e993a4296b320422d40f8389d7e79f0482187ab36b5/detection

5.206.225.37:1112

# Reference: https://www.virustotal.com/gui/file/1b2cd3209d033f14cf9666e46cb989289f6a5e7c79d4c17ea30a619945fdbbf0/detection

91.193.75.130:1112

# Reference: https://www.virustotal.com/gui/file/3d9a9127438c6f2fc36d5b7b2a1841bc8316bef29fe7bd097c057c83a4eaa8f4/detection

79.134.225.112:4062

# Reference: https://www.virustotal.com/gui/file/1bbe5e5f6161da584298bc9e2ac3cb853d129d9050bc621fc6a84da55df7788d/detection

wealthme.ddns.net

# Reference: https://www.virustotal.com/gui/file/c7920d72eebb28b953909d9056c9b79eadefe0465b5d4ce1ca3d4ab5b15e5c59/detection
# Reference: https://app.any.run/tasks/5e4f7cc9-9b9e-4c37-aed5-cfe6344f5f01/

79.134.225.103:39561
79.134.225.112:39561

# Reference: https://www.virustotal.com/gui/file/01fe7838d971a668e602e176bde1de4bbb74146d00c515a6f9e1bd5e5206a70c/detection

79.134.225.97:6973
bcvfg.ru
jhndfghjk5gf56.ru

# Reference: https://www.virustotal.com/gui/file/6653b1a67dd2db3a54e6745b60a0288d8225046238792a631e40c97826cbd496/detection

bmvmnfgfgfg.ru

# Reference: https://www.virustotal.com/gui/file/45f44c19d5117803f5efad9208e31872c55296393eb0cf83665cf8299fbe28fb/detection

79.134.225.97:6974

# Reference: https://www.virustotal.com/gui/file/d64a2ac89a24a756d612afaa001a64fc32f35e870e4ffdfe8e0ed9252a31496f/detection

185.140.53.59:6974
dfgjhkg45fgd34231.ru

# Reference: https://www.virustotal.com/gui/file/f003d02ca28dbecfbffed0c7ae263ac2262d6a822e9f048351e8f5df9a84b2df/detection

79.134.225.97:4000
netnet.mynumber.org

# Reference: https://www.virustotal.com/gui/file/a70f7737b7a9d18db161e843c7f65f1dbff81fdb1fc021d284cac1d5a3e5a722/detection

185.140.53.95:39560
wealthyblessed.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/8ee1bb2ba20aea3d8aab5b3c075e0ad722b4f97e82105c41e671d7cabee46759/detection

185.244.129.107:3360

# Reference: https://www.virustotal.com/gui/file/ae62bc857e4d76badd722db97bbc62ae9f5b0d2f747182a0796eaf9582b98e24/detection

185.244.129.107:3361

# Reference: https://www.virustotal.com/gui/file/1bc2f5f12f36dbea6e40900c02c398273e2dc3de6d7a266f9dc9b3a582fb6912/detection

185.244.129.107:3363

# Reference: https://www.virustotal.com/gui/file/92edc5544cf9ac3b59927bb09d8e3a2247f90a34176a088522a10671a6c5f1e1/detection

185.244.129.107:1994

# Reference: https://www.virustotal.com/gui/file/d848def04aaee6e3dfd8928d7ba4342decad19b70f144c7991cb60bc05153c8c/detection

185.244.129.107:1875

# Reference: https://www.virustotal.com/gui/file/7c7fa82411896ca49680ace75afd36bf05bb241c53370a429d9e04751809bebb/detection

185.244.129.107:9999

# Reference: https://www.virustotal.com/gui/file/957375fb8a42d48c20f8d62910e69baafe698386b58d9ffd9da4db1f3d1ff360/detection

185.244.129.107:8888

# Reference: https://www.virustotal.com/gui/file/0dbe96acd7d8270e0b7f76ea14050de8e00aad2ea7da029ab16a2421112ff499/detection

185.244.129.107:1150

# Reference: https://www.virustotal.com/gui/file/8ca42be777002ed230c4874808e062274757bc89d46b9804f13c158e0a46c202/detection

185.244.129.107:6568

# Reference: https://www.virustotal.com/gui/file/3f84ee9d7f2976ce059f626bf8dedfbed5888195b2ec00346d6e1b4b0be47d47/detection

185.244.129.107:1959

# Reference: https://www.virustotal.com/gui/file/983ed3663de89038c3ce1afa88960e6b1a3108c76d7f473752d9aac98a6c123f/detection

185.244.129.107:4000

# Reference: https://www.virustotal.com/gui/file/0213918d41e2723ef382fad30b757ce9c6ee9f8e36ea659b1cf9f0e1253d2809/detection

autos.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bbf315665776da8bbb6ee1e5c9bb651c29584fc2d6a0ed1fd9d9796ad5b58355/detection

79.134.225.118:5389

# Reference: https://www.virustotal.com/gui/file/2ad98734186b1f32bc4adcb1749d8fe35510bd24c661372431f786169616f841/detection

79.134.225.118:4000

# Reference: https://www.virustotal.com/gui/file/5c72d24d98219b4e3bda91e2714db3ce7066a3d6aed90052d357ad95b31f2b77/detection

91.193.75.66:2803

# Reference: https://www.virustotal.com/gui/file/908d291a14413c4f558ee3f8f5899b3068233e7c91b57838f5aec4704659256f/detection

91.189.180.199:3362

# Reference: https://www.virustotal.com/gui/file/86d169d2c9bb56c9114aa071246c6e6b59ae549096d4853cde68c3aa725f7a2b/detection

91.189.180.199:4050

# Reference: https://www.virustotal.com/gui/file/4e94d2474092220738319eece43e0c959a34339ab0871ccbd620f0366b4faf5c/detection

185.244.31.108:3340

# Reference: https://www.virustotal.com/gui/file/529275af456f0784e3d94186cd8293be54466fb14f8bf4b79d7465fb190cd83a/detection

91.189.180.199:2555
red.speedfastmaking.com

# Reference: https://www.virustotal.com/gui/file/de3a58e51d2f1bccf64ad16c33065acf9943dc918d74fca52fc2ec874abe63ed/detection

45.89.175.161:3501

# Reference: https://app.any.run/tasks/cd62d754-9c3b-481d-a70f-34212efa4ca9/

79.134.225.97:2556

# Reference: https://www.virustotal.com/gui/file/49593d50b98d8ab429704387e7a1663c5aa53aed6c007c17e960a7a3d435e72a/detection

79.134.225.73:1968

# Reference: https://www.virustotal.com/gui/file/3cebeb277998398307bc20b7f7461c996be6f4f899a95151563a0279715de2b4/detection

79.134.225.73:1969

# Reference: https://www.virustotal.com/gui/file/6a6826cbe38a06a2b381c208519c4891ccb95c49958c2173cd2eef3db62329eb/detection

103.200.6.79:5119

# Reference: https://www.virustotal.com/gui/file/67349f5ab9898c358616f3e9640430a093fb7e705d08bb4641f53202dc9e3bdc/detection

185.165.153.6:5119

# Reference: https://www.virustotal.com/gui/file/3eaed7ad25fc65b5593e21ade9fc28afd13d6655c9aa5574c124f89cb8bb2c76/detection

185.145.45.14:3535

# Reference: https://www.virustotal.com/gui/file/6cb7ff1dd549faef0e30bc2f9f5df36e99711a63587c83628fd948ffa8cda5de/detection

154.66.20.48:3535

# Reference: https://www.virustotal.com/gui/file/fed40b4cf9225ca3a8489371aa92ac7fc4ea6b51daaf5f47a5b3f3720d6db0bf/detection

160.152.47.124:3535

# Reference: https://www.virustotal.com/gui/file/7424c56def4e99420a78ccbc85233c5c78e2d2d737fe694be7709d2942b96f63/detection

184.75.209.164:3535

# Reference: https://www.virustotal.com/gui/file/0e475d21f42bef2896cd73dc0342b7ca8b65bd12da903a336df0378111be4506/detection

184.75.209.179:3535

# Reference: https://www.virustotal.com/gui/file/53cd0c05fa8b4d6fa119f040e239c4fb7e0698a8f3f90d18049b0055a8efa984/detection

185.244.30.4:3535

# Reference: https://twitter.com/wwp96/status/1214207875272368130
# Reference: https://app.any.run/tasks/1c9cbe8d-32fb-4b1b-966f-cfc818c61a3d/

197.210.227.25:39874
hostnameddns.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e462e54bd7654bae356cab61bd82078a7a2acec32d49764fe70f5bd8e570dfc/detection

41.100.118.46:3360
41.100.27.46:3360

# Reference: https://www.virustotal.com/gui/file/a0c0926a0e658ab70618683faa119a239a79dbacbe31e26e847c850e6b108372/detection

128.90.105.67:3360

# Reference: https://app.any.run/tasks/0492ec43-72c7-4ce5-b149-bdf57ed43325/

hostnameddns.ddns.net
178.124.140.135:39874

# Reference: https://twitter.com/Racco42/status/1214549597072371712
# Reference: https://app.any.run/tasks/8b2089b9-7dcf-42a0-a693-ce1e695c6fd4/

154.16.93.172:3363

# Reference: https://app.any.run/tasks/65e8f4f5-590e-4333-99fb-f88b9550edfc/

personnels.bdm-sa.fr
213.227.140.15:3360

# Reference: https://twitter.com/ps66uk/status/1215035648899452929

185.103.96.151:3393

# Reference: https://twitter.com/Jouliok/status/1215152539672416256
# Reference: https://app.any.run/tasks/08b6f560-69ef-4691-8539-7610f185a24d/

185.244.30.244:32002
glo1234.duckdns.org

# Reference: https://app.any.run/tasks/9d77d904-0131-4176-bb78-c88c717f5923/
# Reference: https://app.any.run/tasks/0dea0f85-7de4-47b2-8b0b-05864253ee78/

siri1234.duckdns.org
185.244.30.244:32141

# Reference: https://app.any.run/tasks/8875db16-9f78-4856-8525-03ea1ba8cd0d/

mardjdf.ug
kjsdtrfuyhgxcv.ru
185.244.30.74:6974

# Reference: https://www.virustotal.com/gui/file/e834928ef654d59252d621b946d4850bebcba0f0593d23b7a70bd41bb2e3b222/detection

154.120.86.70:39561
185.87.187.198:39561
79.134.225.103:39561
79.134.225.74:39561
79.134.225.91:39561
wealthyme.insidedns.com

# Reference: https://twitter.com/ffforward/status/1219168656749481984
# Reference: https://app.any.run/tasks/25ac1017-8d38-461d-b4f4-2ece96e35d31/

185.244.30.131:3382
teller92.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1221899988910796800
# Reference: https://app.any.run/tasks/32f81bdf-2456-475b-9ae2-b625dbf5c75c/

79.134.225.96:6556

# Reference: https://www.virustotal.com/gui/file/f761e3a2cc1998a331c3ea070dd1ec484e5c93c7a056917b0413d45d5dfb875c/detection

mbvd.rapiddns.ru
mbvd.zapto.org

# Reference: https://www.virustotal.com/gui/file/157df988e3da058cf4860eadb94eb72fb990e72d278b4986c0872c2f8837dd42/detection

mouqgsud.duckdns.org

# Reference: https://www.virustotal.com/gui/file/45784693e41a8853280c88f93a4bd97da0d443082a01fa8f4fde5e211f2ee5ee/detection

equipepro1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/356cd8a721836f208eba7b90bfc44595cb5e96a9b67de8fdcb2b3092460b4351/detection

192.169.69.22:9003
mailinfossl.duckdns.org

# Reference: https://www.virustotal.com/gui/file/42aa0152a5d6a16e07a78faa47fedfdee514778a3740c7607ce598a2d7178998/detection

192.169.69.22:9002

# Reference: https://www.virustotal.com/gui/file/6c8eadfcecafdebccc737420d83c1f8493d12fcbecf13198aff88c10017316fc/detection

192.169.69.22:9004

# Reference: https://www.virustotal.com/gui/file/c9ef83e830ea1418ba1cfc039987ef162bd8bee44a7d48f9b4a69cc5a83c4a85/detection

192.169.69.22:5745

# Reference: https://www.virustotal.com/gui/file/5f1fc267382c469b754fab1d26cdef72a04706bddc2e8126c5c4babd285c5abb/detection

178.124.140.147:3367

# Reference: https://www.virustotal.com/gui/file/0bb15195ec2c765d380f8a0a6e71dcb295b5a1a58181d17d4c94e4055298f492/detection

152.245.159.184:3360

# Reference: https://www.virustotal.com/gui/file/12e54fdb184adc6e70bda21efab2e8f6a20097fd306d50bde5365aaecc7fbd13/detection

204.152.219.73:3399
204.152.219.87:3399

# Reference: https://www.virustotal.com/gui/file/ded9d5c163a8b6819d2b343b551475278cde4856371a4d8f14f05f81f90d69c9/detection

173.254.223.98:3399

# Reference: https://www.virustotal.com/gui/file/e858c68ae066955058037cf5176da901e5a086fcb75be7f6566707d4ab0587f1/detection

66.70.220.99:3399

# Reference: https://twitter.com/James_inthe_box/status/1223267976972914689
# Reference: https://www.virustotal.com/gui/file/3f876c4fc193747c83813c2cde296f3a952cdd4fe497af88e684e1b7f0526019/detection

79.134.225.71:6798

# Reference: https://twitter.com/wwp96/status/1223285981589188612
# Reference: https://app.any.run/tasks/53d801d3-5a44-4e1c-b571-62bb661d6ead/

172.81.129.222:5642
sacjllw.duckdns.org

# Reference: https://twitter.com/wwp96/status/1223277154399588352
# Reference: https://app.any.run/tasks/9cf8b1dc-353a-4173-b53f-5de22a75b808/

185.244.30.177:8967

# Reference: https://www.virustotal.com/gui/file/675a46d870db0f3f7ac72db4349b2d1501392cf80ea399d9a3120a50a515dcd8/detection

superserver100.hopto.org

# Reference: https://www.virustotal.com/gui/file/cdf19a655f34fe03dec263807bc3dac28978ba997853d1ab3758318aaf65d19e/detection

goodgod2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/b9074d0cd7ac7ce88dfcf67a6bd012215bdc2c7a84b9d0b62431d14fe86acbfc/detection

185.244.30.177:8973

# Reference: https://twitter.com/wwp96/status/1223286932068847618
# Reference: https://app.any.run/tasks/5d331327-7a86-485b-a09f-7c0c14ce5688/

185.19.85.181:9801
office30b.dynu.net

# Reference: https://www.virustotal.com/gui/file/1831eb0d40d218809a97b457ecd5b76414cde86a09c6c641ba0115936954fe6f/detection

185.244.30.4:11012
checker.rneiko-elec.com

# Reference: https://www.virustotal.com/gui/file/87d0cc61e4d4c8f5ae9d99cadf60c546a7f9efd53c7fa95f42f8725c7a758761/detection

45.125.239.50:11012

# Reference: https://twitter.com/wwp96/status/1225528888224354304
# Reference: https://app.any.run/tasks/5b5956b8-0e02-4cc6-9143-b3fad0e5707b/

185.140.53.47:8461

# Reference: https://app.any.run/tasks/29f61d99-bdea-4285-8476-154ecc0a0041/

pluplu.duckdns.org
185.244.30.160:32123

# Reference: https://twitter.com/P3pperP0tts/status/1228687569858256897

144.217.50.221:33400
extreme33.dns1.us

# Reference: https://twitter.com/wwp96/status/1229445450094301191
# Reference: https://app.any.run/tasks/9963d8fa-24cb-420d-865e-7ebc557b5439/

185.244.30.102:8054

# Reference: https://app.any.run/tasks/b1411f6f-895e-4044-800a-f78adfc32ccb/

185.244.30.131:3382
automan.duckdns.org

# Reference: https://twitter.com/wwp96/status/1229838934563225600
# Reference: https://app.any.run/tasks/4e12a96e-3a18-45a8-8965-8ee6bd3fbb77/

79.134.225.103:39561

# Reference: https://twitter.com/JAMESWT_MHT/status/1230175307874918410
# Reference: https://app.any.run/tasks/1029f8af-17c3-4a58-8a22-3154ec7d09b5/

192.169.69.25:33094
holyshit1234.duckdns.org

# Reference: https://twitter.com/ActorExpose/status/1230165599227129856
# Reference: https://app.any.run/tasks/1c1eb30e-97c1-45d0-a3e3-9d8d8a0a3c86/

192.169.69.25:32002

# Reference: https://www.virustotal.com/gui/file/46f8a8ae02b3426dce0001671ac4d2f718909cd5f5a243d4adb56e1ddf69dc41/detection

184.75.209.178:1604
xcashanthony.linkpc.net

# Reference: https://www.virustotal.com/gui/file/01ff797809443e1746dc01d336873f89d9ac2e93753ffdcddf678d21388cc974/detection

164.132.90.226:5566

# Reference: https://www.virustotal.com/gui/file/a06f55012488dada4982e457a732453621230a160e7325e10710e7dae907e182/detection

191.101.22.200:4066

# Reference: https://www.virustotal.com/gui/file/f53dbff628c266f2436aa47fd45f7629e2c93ed38ddafb88d98fda2b6333d6a2/detection

164.132.90.226:4065

# Reference: https://www.virustotal.com/gui/file/a2c48e42262edd104750ef58c99bec0a352ba6a7dd4b46247507185af3ea30b8/detection

164.132.90.226:4066

# Reference: https://app.any.run/tasks/911a177e-716e-4d02-8b12-bb7edc181d0b/

oluwaboi.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3ca158c648167f703a19404195206c9a8abeda8ce34ffc65cffb18172a1e816a/detection

168.235.111.253:9029
185.101.92.3:9029

# Reference: https://www.virustotal.com/gui/file/62d19b8078f443b8e41a653d8800802cc5666ecc9d786f4c52f4b9326eadc2b0/detection

149.56.13.252:9029
hikari.sakananoko.io

# Reference: http://benkow.cc/export_rat.php  (Note: as seen on 2020-02-26 - filtered)

betterlifecommerce.ddns.net
blessedbob231.ddns.net
bobfinger.hopto.org
bobomoney.ddns.net
bobrahls231.ddns.net
ddns.catamosky.biz
edsm0100.mooo.com
edsm010.mooo.com
iheuche009.hopto.org
newmone.ddns.net
rmaos.ddns.net
slyovic84.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=8b4619872687d62f4e88201b47e674f4

endyblast2015.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=a5d08b1266017e6e97b523eb7ea0eaa7

javaupdate.redirectme.net

# Reference: https://www.threatcrowd.org/malware.php?md5=010573704030c067732b04c19dc8483c

devb0t.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=192875986d926250e1e7a152101926b2

puffyabeg.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3b8fb59c1302dc91c37e0b754b3817de

kekaima16.gotdns.ch

# Reference: https://www.threatcrowd.org/malware.php?md5=5da194dab33f959b30df43a2ce822d89

puffyabeg.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=672eac9c8fbee763f027367e83459943

shugar01.linkpc.net

# Reference: https://www.threatcrowd.org/malware.php?md5=8b4619872687d62f4e88201b47e674f4

endyblast2015.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=a5d08b1266017e6e97b523eb7ea0eaa7

javaupdate.redirectme.net

# Reference: https://www.threatcrowd.org/malware.php?md5=90c4eb3103ebf264a21ad3a65667f52c

newossy.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=73a1aca81d7b468b1bac13314657fb32

paravar.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=192875986d926250e1e7a152101926b2

puffyabeg.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=0b68bbd6bf35497b4bf1acb7bfd14e25

vnc.vncdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3690db9a2d82a8d6fc6d6112629c35f7

chima.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=5da194dab33f959b30df43a2ce822d89

puffyabeg.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=9b322e18a1c54f6c4146a8eff8810ab5

cialis.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=992fede1d36456885e09d76ed07a9536

raja51.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=b5df5af225c1153e2f0cc3aaf4ceb636

onyeoma5050s.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=022af7fa0bae01d99d6fc635ad829f27

crownsoftwares.linkpc.net

# Reference: https://www.threatcrowd.org/malware.php?md5=12326af35870127f061716944c97f163

slyopez.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=40f8d159c5903953a3485ae0b9e90cbb

waaz2017.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=12326af35870127f061716944c97f163

slyopez.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=1f1e31fa4e7dae9c4095f1e3e22f6139

pefeez.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=224c73f8172123e5ddca2302425664a6

bitcoins.dd-dns.de

# Reference: https://www.threatcrowd.org/malware.php?md5=3586c5048e2a7dbf318b3d22fac70bee

616.dyndns-pics.com

# Reference: https://www.threatcrowd.org/malware.php?md5=d9873129c240bbc54fc9e67a2e67ae71

frostix.zapto.org

# Reference: https://www.virustotal.com/gui/file/ab4cbd7cf0fba3617cfb18ce352ea5ed1bd4d4814b0d0e428c04ffbdce718a45/detection

216.38.2.200:3742
tizardns.3utilities.com

# Reference: https://www.virustotal.com/gui/file/590b05be2f7e4a127554f8ff58f48460064fdb06fa9e2a69a03bbb34b069dc77/detection

93.76.225.225:3742

# Reference: https://www.virustotal.com/gui/file/20af0e22f31e87bae5057ee93ff809945043ec3ad74281f995911dfaa59db2d5/detection

bishop123.ddns.net

# Reference: https://www.virustotal.com/gui/file/1675517b14368c9fa446d44a99b3cc50f7b1810211e4c4bf2437d6f04358e78d/detection

192.69.169.25:10011

# Reference: https://www.virustotal.com/gui/file/275bb8c7c9b219d43fe9966702d325f817a11e8cf71e5dd456898c785fe737d2/detection

uzo123.serveftp.com

# Reference: https://www.virustotal.com/gui/file/4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920/detection

james7.serveftp.com

# Reference: https://app.any.run/tasks/b37f66f6-d7bf-42c1-a4cc-5a0c303728b3/

malu1234.duckdns.org

# Reference: https://www.virustotal.com/gui/file/64c0a875d5b4fbe111ccae5608e7a6021238c179971a8508cb4187ade0ec5af8/detection

myonlinehost.ddns.ne

# Reference: https://www.virustotal.com/gui/file/412bb528f1b51cf344453fd8486bb86e1d0215df8d37819e2ece3fdfd994b323/detection

41.249.230.128:3365

# Reference: https://www.virustotal.com/gui/file/1ffe90db3c24adc604b2d82f4be3ab9c7d86adf9ab1ec33bf26bc98c7398dab1/detection

105.158.130.44:3373

# Reference: https://www.virustotal.com/gui/file/3ffc60a7d92086e73ef200e9e82151463edf22a41294bf7abf6f896c29e067d2/detection

105.155.226.200:42030

# Reference: https://www.virustotal.com/gui/file/9d03b6287d04b6152596fc198b0ccbfb7ff415339086ce9526cba7b72ee67162/detection

160.177.253.154:3367
41.249.220.151:3367
160.178.239.190:3367
160.177.249.170:3367

# Reference: https://www.virustotal.com/gui/file/9050608a2e20ae618a50f65408da66c4278d2a66d6431dcc6e31ec223e245d75/detection

160.177.249.170:3369
160.177.250.59:3369
160.178.77.39:3369
41.249.220.151:3369

# Reference: https://www.virustotal.com/gui/file/2651533477a79487386d22c1aac91a305272e804c11ab39052059fbf31804b8e/detection

160.178.73.206:3365
196.89.41.151:3365
41.249.221.205:3365

# Reference: https://www.virustotal.com/gui/file/c73f3a38da60a7d09704d3baf7c9cb342243c6f8e8f0e18f827db7765d65bd1a/detection

160.178.76.201:3364
196.89.45.156:3364
uploadp3p.publicvm.com

# Reference: https://www.virustotal.com/gui/file/a8dcd4602e681bcaa2b3a6ee431323814e658e9b7a51003e0da9e90ad784ff00/detection

196.89.45.156:4007

# Reference: https://www.virustotal.com/gui/file/01fce75ef532a5ad0e276cbd6e33978e210d2203d4a0f972d4fd9d05b43aeecc/detection

160.178.76.201:3362
196.65.67.45:3362

# Reference: https://www.virustotal.com/gui/file/462af4f75dbbf4ca0571bdba7a4319146a41821e32ffb0aacc308ef2375bd196/detection

196.65.66.150:3361
196.65.70.132:3361

# Reference: https://www.virustotal.com/gui/file/a098cd5c4441b3758f28f279fa9c50ac581c28e55f078c9e06149af163d96bec/detection

160.178.79.11:3366
196.65.66.150:3366
196.65.66.170:3366
196.65.70.132:3366

# Reference: https://www.virustotal.com/gui/file/8c076a6b418b9ab4de80f4a4c30d9b5170f879e9cbfa93788e65ed2d43f46e4c/detection

196.65.71.242:3373

# Reference: https://www.virustotal.com/gui/file/803767eb1316662493b4be12e1ef9d37bccbbcc9e471bf759fe9cab29e264865/detection

105.155.226.200:4460
196.89.45.156:4460
41.249.223.7:4460

# Reference: https://www.virustotal.com/gui/file/90c80eec250a308da6b63ba6dd2e5b53e893b82c56b33ad6fbf50276cf52abf1/detection

105.155.226.200:3364
196.89.45.156:3364

# Reference: https://www.virustotal.com/gui/file/1726d0d7ac972fc3aa1223eee06b159a2e0c03846b6ec92229ca381d979d5954/detection

160.178.73.206:3364
196.217.82.138:3364
41.249.221.62:3364

# Reference: https://www.virustotal.com/gui/file/c8e150f95259c60c4e6dcb405b3173cc6f06c57205fc2c5ece3d29795e6f0be0/detection

196.217.82.138:3365
196.89.43.2:3365
41.249.223.148:3365

# Reference: https://www.virustotal.com/gui/file/e3b24282fee41284f39fcb1164c6be199c398e062303e7afa5e1c5b0d4cac440/detection

196.217.82.138:4005
196.65.70.132:4005
196.89.43.2:4005

# Reference: https://www.virustotal.com/gui/file/568565ffa20702db488d154d4260e59cdf41a903f5e75f980b705cd366626b70/detection

105.155.226.200:3373
196.65.64.239:3373
196.217.82.138:3373

# Reference: https://www.virustotal.com/gui/file/2e4a248e3f279a42e2bea37409ab0de8770a3cd4a3b5fcccd701a535c2436d52/detection

196.217.80.122:3373
41.249.221.62:3373

# Reference: https://www.virustotal.com/gui/file/19b02f23f833879da08701fa3a22a94408c873f085a83870c72bc63a92e470d1/detection

105.158.131.152:9003

# Reference: https://www.virustotal.com/gui/file/a7d7fd09d9547a885997207de563eba1de4059fbcdaaefd16aa79db0c7302836/detection

105.155.228.129:3373
105.158.130.44:3373
196.217.82.138:3373
196.217.80.122:3373
196.64.141.63:3373
160.177.249.170:3373

# Reference: https://www.virustotal.com/gui/file/18b1aa8517ffc1f47d4026576c2ed3f9eaa1a2ee650f05d74288f77fde4eaee5/detection

105.155.229.254:3373
196.217.82.138:3373
196.89.41.154:3373
41.249.220.151:3373
41.249.223.197:3373
41.249.221.205:3373

# Reference: https://www.virustotal.com/gui/file/219057815c7aa05e6a84d36642c15d0c0e84310377fe4e3c077c86558ccc38ac/detection

160.177.251.71:3373
196.65.68.101:3373

# Reference: https://www.virustotal.com/gui/file/64eb5a8ab546a459798bf6b1680bcdffc4220a03af9a8622591a47ac4930916d/detection

105.155.229.147:3373
196.217.80.252:3373

# Reference: https://www.virustotal.com/gui/file/6a394a2610bb48aca3085bf4f9dc3b9076429762b4de6bdc7d01235110e5ea7a/detection

105.155.229.254:3365
105.158.131.152:3365
105.158.131.58:3365
160.177.249.170:3365
160.178.239.190:3365
196.217.80.37:3365
196.217.82.138:3365
196.217.84.2:3365
41.249.230.167:3365
41.249.231.227:3365

# Reference: https://www.virustotal.com/gui/file/bced0fc7a6a0ce55e3ef15f3de669e792bba21756bf57aa447305be1d62370d8/detection

160.177.249.184:3373
196.217.80.37:3373
41.249.230.167:3373

# Reference: https://www.virustotal.com/gui/file/8640a02382aaf163190e96fdc9620bef3b31417ff1d1bb1ebdef511a184d1cc2/detection

105.158.130.44:3371
105.158.131.58:3371
160.177.249.170:3371
196.217.80.122:3371
196.64.141.63:3371
196.65.66.170:3371
196.65.71.242:3371
41.249.223.186:3371
41.249.230.167:3371
41.249.231.227:3371

# Reference: https://www.virustotal.com/gui/file/e1ceb3cf6bc1ba457f9428409d3a7b44cbe0a2f514537db01815eb9bb29b2d42/detection

105.155.229.147:3373
105.155.230.165:3373
160.177.251.71:3373
160.178.235.223:3373
196.217.80.37:3373
41.249.230.167:3373

# Reference: https://www.virustotal.com/gui/file/dc7902a7f5e91daa189b2a3e3bbb52935af37e204c8adfb7bf7e1fa4fb150d14/detection

105.155.229.147:3362
160.178.237.193:3362
196.217.80.37:3362
41.249.230.167:3362

# Reference: https://www.virustotal.com/gui/file/2799a04369421b6360d83fdc99474038d1a55327ece7566dacf7ac5b73e57baa/detection

105.155.228.129:4007
105.155.229.254:4007
160.177.249.184:4007
160.178.234.66:4007
160.178.74.96:4007
196.64.141.63:4007
196.65.68.101:4007
196.89.47.12:4007

# Reference: https://www.virustotal.com/gui/file/0f8afb575bc85366c2f33657f105afcc794406f014af3ca982954d5e5894553c/detection

160.177.250.59:3366
160.177.251.71:3366
160.178.76.232:3366
41.249.218.183:3366

# Reference: https://www.virustotal.com/gui/file/a121b1c39a0716661acee1c8371894fbc3ee138daed0120351e930f7186e1ebd/detection

160.177.254.197:3361
196.64.141.94:3361
196.65.66.170:3361
41.249.223.158:3361

# Reference: https://www.virustotal.com/gui/file/d731a3e4fd7682102dc6d055188f680e29e2cfc27c2cb7ef79c7120902b98ab7/detection

160.177.254.197:3372
41.249.223.158:3372

# Reference: https://www.virustotal.com/gui/file/ef9d138f1c67318cc892074f793b7e2cd4b4fdaacca91db3368293229be57ca3/detection

105.155.230.225:4003
160.177.251.137:4003
160.177.254.197:4003
41.249.219.159:4003
41.249.219.67:4003

# Reference: https://www.virustotal.com/gui/file/c6a0e9c525a1d462d6b3b79b4c9585477fef24e5ab0e446dcf0beb1ee1abdf05/detection

160.177.254.197:3373
160.178.235.55:3373
196.89.46.165:3373
41.249.225.223:3373

# Reference: https://www.virustotal.com/gui/file/523478168a0339f706b7a9f33776ddb5c9e7a33b90405fd2063a216ad7d2b496/detection

160.177.251.137:3364
160.177.254.197:3364
160.177.254.9:3364
41.249.219.159:3364
41.249.219.67:3364
41.249.223.158:3364

# Reference: https://www.virustotal.com/gui/file/d8d6db4d001f61f404867bee69b3b7de2f73f012552599bf4d5b97945afd76f5/detection

160.177.251.137:4460
196.65.71.111:4460
41.249.217.195:4460

# Reference: https://www.virustotal.com/gui/file/95f15d289221eaf0e58e166beeee8334b8f1d8b1daafe926720c834f3abf7e60/detection

160.177.251.9:4003
160.177.252.233:4003
160.177.254.197:4003
160.178.235.55:4003

# Reference: https://www.virustotal.com/gui/file/7e5f398417f6ea250467c5d1fd22f653ffb8e06de25d7f1c33fb253ee45f0672/detection

160.177.251.137:4004
160.178.79.178:4004
196.65.71.111:4004
41.249.219.67:4004
41.249.230.96:4004

# Reference: https://www.virustotal.com/gui/file/fe6ce34cf2252e2a78d80da05d8356d51c5e60b7ec9bd6cfd95f28857cfd5017/detection

160.177.251.137:3372
160.177.254.197:3372
196.217.80.252:3372
196.65.71.111:3372
196.89.41.249:3372
41.249.219.159:3372
41.249.219.67:3372
41.249.225.223:3372

# Reference: https://www.virustotal.com/gui/file/15afdcfb8ed57e164da56cccec4ab70a8181e9b0ea93da887245e4a0b1eaf759/detection

160.177.251.137:3373
196.65.71.111:3373
41.249.217.195:3373

# Reference: https://www.virustotal.com/gui/file/668aaf0cba4aca7fd31a4782797d6a5cd2e26a0b9d0c0b51d8f009e867daf660/detection

196.65.65.154:3373
196.65.71.111:3373
41.249.217.195:3373
41.249.230.153:3373

# Reference: https://www.virustotal.com/gui/file/08a85c2751f0366b0e63f8b24dfeeca68c051997d793c3bc74a2033d520402e3/detection

41.249.230.96:4460

# Reference: https://www.virustotal.com/gui/file/b1efb65d1113be64c0ceaa746f30090dea7ef52b251290daaed48fcea63a8bc8/detection

160.178.77.160:4004
196.65.71.111:4004
41.249.217.195:4004
41.249.219.67:4004
41.249.230.96:4004

# Reference: https://www.virustotal.com/gui/file/36d3072ae760f1033aac4f721b7438eb7adde86eaf69125cb565d397708ff5d7/detection

160.177.254.197:4003
196.89.40.246:4003
196.89.43.40:4003
196.89.46.65:4003
196.89.50.55:4003
196.89.55.177:4003
41.249.219.159:4003
41.249.219.67:4003
41.249.221.175:4003
41.249.223.158:4003

# Reference: https://www.virustotal.com/gui/file/11679bd5352b75b52ddd80bf6495686594284381c3149636b13b8e3930bf697b/detection

196.217.81.13:4002
196.89.43.40:4002
196.89.44.162:4002
41.249.221.175:4002
41.249.226.124:4002

# Reference: https://www.virustotal.com/gui/file/cb8adfac9e06f9aa3109fde4c53f806d60edae784143ced07c9841daba9c0fc1/detection

196.89.50.55:4002
196.89.55.177:4002
196.89.43.40:4002
196.89.46.65:4002

# Reference: https://www.virustotal.com/gui/file/66832314fbd0aecef8c16574c9567fec5620293d49790b7055de02d2e15204d9/detection

196.89.43.40:4000
196.89.50.55:4000
196.89.55.177:4000
41.249.221.175:4000
41.249.226.124:4000

# Reference: https://www.virustotal.com/gui/file/bb5ae93988a0199478a7e2c769b875d7678f78081215c9c079c863815352c640/detection

196.89.40.246:4002

# Reference: https://www.virustotal.com/gui/file/44db508d7c674b0b96fa7a4796bc01e4da32fdc11267f09eb2b8e1dbb324c6cc/detection

196.217.81.13:4001
myonlinehost.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc2ace5bb2a20cf26a126c242bb9006b48c95bec77fd3f874643445a64865eda/detection

160.178.234.154:4001

# Reference: https://www.virustotal.com/gui/file/fb4436405d4bf8b0052e6095f2ff02a63af9632711060e39cee78b26b8cf5601/detection

160.177.252.233:4460
160.177.254.197:4460
160.178.235.55:4460
196.65.65.154:4460
196.65.71.111:4460
196.89.50.55:4460
41.249.221.175:4460
41.249.226.124:4460
41.249.230.153:4460
41.249.230.96:4460

# Reference: https://www.virustotal.com/gui/file/50cb0e371c71d509443f75d3f5fee467f1a2131bb98246a0e3417d7510de531f/detection

160.178.234.154:4001
196.89.40.246:4001
196.89.50.55:4001
196.89.55.177:4001
41.249.221.175:4001
41.249.226.124:4001

# Reference: https://www.virustotal.com/gui/file/4b189cbdd14cd5f1115a56b5f4763c0c48e34e4ec4a74b86c51bb08fae479287/detection

160.178.232.91:4002
196.89.41.208:4002
196.65.70.140:4002
196.89.51.189:4002
196.89.41.25:4002
196.65.64.3:4002

# Reference: https://www.virustotal.com/gui/file/f525a2745b4e6c872c1af17538ad0473c09879a9c01f7369f793cd9d17f7d2b8/detection

105.66.134.131:3373
160.178.77.89:3373
196.64.141.227:3373
196.65.66.75:3373
196.65.67.97:3373
196.89.43.99:3373
95.213.195.71:3373
uploadp2p.publicvm.com

# Reference: https://www.virustotal.com/gui/file/02931700b5df0e8b5a903f05973d2339376536d6962b91916740e6b0e2846875/detection

105.155.224.13:3373
105.155.230.108:3373
105.155.231.127:3373
160.178.77.89:3373
196.65.64.3:3373
196.89.41.25:3373
196.89.55.120:3373
41.249.226.231:3373

# Reference: https://www.virustotal.com/gui/file/6808ee4cb7bd55918041655208565058301c35aade169e7909934d81409aac3f/detection

160.177.249.119:4000
160.177.249.129:4000
160.178.232.91:4000
196.89.40.246:4000
196.89.41.25:4000
196.89.51.189:4000

# Reference: https://www.virustotal.com/gui/file/be898794eecb54b42cbc7cf4d869a56924d90e1b55291892d8c1785466753b26/detection

196.65.64.3:4000
196.65.70.140:4000
196.89.41.208:4000
196.89.41.25:4000
196.89.45.159:4000
196.89.51.189:4000
41.249.231.72:4000

# Reference: https://www.virustotal.com/gui/file/9ef42a59e2a5d58d00496c5a3bb59c6de7133c7b6bc33d26a5ef324699685625/detection

105.155.230.108:4460
105.66.134.131:4460
160.178.77.89:4460
196.65.64.3:4460
196.65.67.97:4460
196.89.55.120:4460
41.249.226.231:4460
95.213.195.71:4460

# Reference: https://www.virustotal.com/gui/file/de2b0fa4ebb5d1ca8f69c55abe09fe238cfef6d308ff89047710faa1545cf40e/detection

160.177.249.119:4000
160.178.232.91:4000
196.65.64.3:4000
196.89.41.25:4000
196.89.51.189:4000

# Reference: https://www.virustotal.com/gui/file/248eaeaf4ad9224ea7518a7b411e8ec53c70fa27289b784af21c3f55f0fbefa6/detection

160.177.249.129:4002
160.177.249.119:4002
196.89.51.189:4002
196.89.41.25:4002
196.65.64.3:4002

# Reference: https://www.virustotal.com/gui/file/40c057a96c863f12249fb5ef3650d6cd7473850a36ad6a4bd15c3bcf272e17f3/detection

105.155.231.127:4000
105.155.230.108:4000
105.155.230.86:4000
105.158.131.238:4000
105.66.134.131:4000
196.65.66.75:4000
196.64.141.227:4000

# Reference: https://www.virustotal.com/gui/file/99bd3a9da47bbf1aac0538c2fa83168ef5889c1bfdfe4eac9051f59c4ddee7dd/detection

105.155.229.136:4000
105.155.230.108:4000
105.155.230.86:4000
105.155.231.127:4000
105.66.134.131:4000
160.178.77.89:4000
196.64.141.227:4000
196.64.142.200:4000
196.65.66.75:4000
41.249.226.231:4000
41.249.228.223:4000
41.249.228.50:4000

# Reference: https://www.virustotal.com/gui/file/e7c29cc951938fa93a489af0b5df2b631b4c3757d6fc59794d3cf0a3dbb3b26c/detection

105.155.227.135:3372
105.155.230.108:3372
105.155.230.86:3372
105.66.134.131:3372
160.178.77.89:3372
196.217.86.98:3372
196.64.141.227:3372
196.64.142.200:3372
196.65.67.97:3372
196.70.241.73:3372
41.249.226.231:3372
41.249.228.223:3372
41.249.228.50:3372
95.213.195.71:3372

# Reference: https://www.virustotal.com/gui/file/1381ed889f1f7ced731bf98c6506ee7c8745a2bd91b18e219810d6ef245693a3/detection

160.177.249.129:3372
160.177.251.137:3372
160.177.254.197:3372
160.178.232.91:3372
196.65.64.3:3372
196.65.70.140:3372
196.65.71.111:3372
196.89.40.246:3372
196.89.41.25:3372
196.89.43.40:3372
196.89.46.65:3372
196.89.50.55:3372
196.89.51.189:3372
196.89.55.120:3372
196.89.55.177:3372
41.249.219.67:3372
41.249.221.175:3372
41.249.223.158:3372
41.249.226.124:3372

# Reference: https://www.virustotal.com/gui/file/3c7d55e5482a13e7b2c21d6b35af5c574f222ec34729d7715ffee0be9a51e511/detection

105.155.227.135:3372
105.155.229.136:3372
105.155.230.108:3372
105.155.230.86:3372
105.66.134.131:3372
160.178.77.89:3372
196.64.141.227:3372
196.64.142.200:3372
196.65.67.97:3372
196.70.241.73:3372
41.249.226.231:3372
41.249.228.223:3372
41.249.228.50:3372
95.213.195.71:3372

# Reference: https://www.virustotal.com/gui/file/11fd40aa222d61eafe021018fdb2c05125cfcfb78f837de9a51524d9378695b5/detection

105.155.224.13:4007
160.177.254.155:4007
196.217.80.35:4007
196.217.81.158:4007
196.65.64.3:4007
196.89.41.25:4007
196.89.55.120:4007
41.249.217.55:4007
41.249.228.208:4007
95.213.195.71:4007

# Reference: https://www.virustotal.com/gui/file/05039bf9e7d4a7bcc785e33e0021de332a4d9c5c58839b9bf26caa8a436c85e1/detection
# Reference: https://www.virustotal.com/gui/file/9d2895281a3a5d4e0958489fac99a8ee051abd844f9fe7c3141f73aabce10337/detection

105.155.224.13:4002
105.155.226.17:4002
105.155.230.108:4002
105.155.230.86:4002
160.178.77.89:4002
196.65.66.119:4002
41.249.228.223:4002
95.213.195.71:4002

# Reference: https://www.virustotal.com/gui/file/2ccb6ef611069c54d871511bd1e33cca46728a7db50219a4f85aa7be8b4fe7eb/detection

105.155.226.17:3371
160.178.234.66:3371
196.65.69.35:3371
196.70.241.73:3371
41.249.230.79:3371

# Reference: https://www.virustotal.com/gui/file/b570c097654a62c817d68e98ab31aa746f658f78ebfb76730d6c37984875da9f/detection

105.155.226.17:4002
105.155.229.136:4002
105.155.230.108:4002
105.155.230.86:4002
160.177.249.129:4002
160.178.232.91:4002
160.178.234.66:4002
196.65.64.3:4002
196.65.70.140:4002
196.70.241.73:4002
196.89.41.25:4002
196.89.51.189:4002
196.89.55.120:4002
41.249.227.142:4002
41.249.228.223:4002

# Reference: https://www.virustotal.com/gui/file/afccfcac4f5dae3ca78175a89f6547aadb7a68545869ce4a360c92b413134b47/detection

105.155.226.17:3371
105.155.226.77:3371
105.155.229.136:3371
105.155.230.108:3371
105.155.230.86:3371
160.178.77.89:3371
160.178.79.121:3371
196.64.142.200:3371
196.65.66.119:3371
41.249.217.195:3371
41.249.227.142:3371
41.249.228.223:3371

# Reference: https://www.virustotal.com/gui/file/54793888d8b74abd70c1295ae47c12fdce40a3b2ef18765d65d2d0c6f9622536/detection

105.155.230.189:4002
105.158.129.159:4002
196.65.69.35:4002
196.70.241.73:4002
41.249.230.79:4002

# Reference: https://www.virustotal.com/gui/file/717b7c78fb6ebd1aac06980f67a9bf94b96d7d6bf14b5328731fef52a0fe14ef/detection

105.155.226.17:3372
105.155.226.77:3372
105.155.229.136:3372
105.155.230.108:3372
105.155.230.86:3372
160.178.77.89:3372
196.64.142.200:3372
41.249.227.142:3372
41.249.228.223:3372

# Reference: https://www.virustotal.com/gui/file/35ecdc494305837f38b678956b160ba3de4cfb260553e47c17755af5416ab87a/detection

105.155.226.77:4002
196.64.142.200:4002

# Reference: https://www.virustotal.com/gui/file/81f55826f4541c2d1e623a4fcb9a55a70d4cc057428756c737513c2b2f086291/detection

105.155.226.77:4000

# Reference: https://www.virustotal.com/gui/file/e6647d037b51fe5e26055ee1496df40d854dc64fa897b46e105df62a2a34eaf6/detection

105.155.226.77:4001
160.177.249.129:4001
160.178.232.91:4001
196.65.70.140:4001
196.89.40.246:4001
196.89.43.40:4001
196.89.46.65:4001
196.89.50.55:4001
196.89.51.189:4001
196.89.55.177:4001
41.249.221.175:4001
41.249.226.124:4001

# Reference: https://www.virustotal.com/gui/file/c9a58b137fcbda78525495823cc1b1d0f7f9f88c11a27eec66a16cc62811ff8e/detection

105.158.129.159:4460
160.178.234.66:4460
196.65.69.35:4460
196.70.241.73:4460

# Reference: https://www.virustotal.com/gui/file/9930576949a7472362fce43cc3f996633042bd20b508d52a41c917577b3a4b3c/detection

196.65.70.67:4002

# Reference: https://www.virustotal.com/gui/file/da5fdb2ca2be404745c7eec68301eaaeaf3c4f98b553f56b31f118cb46a4f2c5/detection

41.249.229.6:4002

# Reference: https://www.virustotal.com/gui/file/54194670dec3ccfb8668eadb27d4da7b0607a4996c3068e9d09460e6947f9a5f/detection

160.177.251.137:4460
160.177.254.197:4460
196.65.71.111:4460
41.249.217.195:4460
41.249.219.67:4460
41.249.223.158:4460

# Reference: https://www.virustotal.com/gui/file/3dd449de9c928fff3f9ba549e277a948e9ac9f78365d51194b76b5df8154f979/detection

160.177.250.49:3371
160.178.235.186:3371

# Reference: https://www.virustotal.com/gui/file/6cb6da21a82c683ba6dae3c0dc2555c84f4e2ae58abc44ec78ecc33cf5c11fb1/detection

105.155.226.17:3372
105.155.226.77:3372
105.155.229.136:3372
105.155.230.108:3372
105.155.230.86:3372
160.178.77.89:3372
196.64.142.200:3372
41.249.227.142:3372
41.249.228.223:3372

# Reference: https://www.virustotal.com/gui/file/6708d4e3d2fe4de6563040773f3215ef3a80df1fd749175d4654bd56cd27f22e/detection

79.134.225.74:8483
cj2019.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fc34c068c8d2d9a777ac1f03263da941024bf10b4df420e82654ab209106d8fe/detection

79.134.225.74:3852
kw9d02.duckdns.org

# Reference: https://www.virustotal.com/gui/file/20745f56ca058402d74712f2adac44d6ec878bd494d4742463a87e60c5e31f16/detection

79.134.225.74:8290
bobkenol.myftp.biz

# Reference: https://www.virustotal.com/gui/file/d86788a980d159dae9b79a7dd0d0e4295b2a89634389d3e037c64c57d3df37db/detection

79.134.225.74:7543

# Reference: https://www.virustotal.com/gui/file/51adedc190439ffc2a2129e2515a1d607b1155d9faea327647d2526098ba8c85/detection

79.134.225.74:7688

# Reference: https://www.virustotal.com/gui/file/9ff9061609762232ffad6afa7f19c4f30ed3aedfff1cf6b87559f486cceedb08/detection

79.134.225.87:3360
back12ntw.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fa6bd1fbca51132f332fa3f6e1350366e3de9a7a26511b7577ae3bb5f95c23f4/detection

79.134.225.87:38992

# Reference: https://www.virustotal.com/gui/file/27bc75fb4e7548a70537c396ef1776a11cae7e7bccb6549fc3d5b777aa67c44b/detection

79.134.225.113:3636
dnss.surrati.me

# Reference: https://www.virustotal.com/gui/file/d3c4f33e2c537c50e64d7f03110ee67ac4b75996e0945e227a774fecb9c40dc5/detection

79.134.225.113:2556

# Reference: https://www.virustotal.com/gui/file/01fe7838d971a668e602e176bde1de4bbb74146d00c515a6f9e1bd5e5206a70c/detection

79.134.225.97:6973

# Reference: https://www.virustotal.com/gui/file/f003d02ca28dbecfbffed0c7ae263ac2262d6a822e9f048351e8f5df9a84b2df/detection

79.134.225.97:4000

# Reference: https://www.virustotal.com/gui/file/da040ef248d01dfa7d50e1c78e1fd0c6963fe218cde0d3021ad9b4aabc58a637/detection

netnet2.dumb1.com

# Reference: https://www.virustotal.com/gui/file/f24560ef711ca1645ac09e7a3fba09651c0fb78630ebea7d08ade9fff6dbe774/detection

178.124.140.145:3467
kydeliss.ddns.net

# Reference: https://www.virustotal.com/gui/file/7fa8c318e285715091a907eb6a8f667e178f056779b303876ffc3c852e9a6805/detection

178.124.140.145:1000
info2.myq-see.com

# Reference: https://www.virustotal.com/gui/file/6836f63b647319ea9122c7cb7170deced0ea5be098849eb11676e3c49e50f11b/detection

adventchurch.myq-see.com

# Reference: https://www.virustotal.com/gui/file/b8b1fbfde964019284757905236f43990e15d8e6f59040776ce239956ad0424c/detection

178.124.140.145:8200

# Reference: https://www.virustotal.com/gui/file/53d3b10eda0ef72377fb30f6f3eaf5e2892d8c1af65f56658f36e689569d3d08/detection

178.124.140.138:18018
178.124.140.145:18018

# Reference: https://www.virustotal.com/gui/file/02dbaafb6b7cc8b3f7b599be3350bac741f749caf3dd6db242277effb5d50b27/detection

129.56.77.84:18018

# Reference: https://www.virustotal.com/gui/file/964cb20d6286e5b20ae413cc356815345245748e5e623bac9281ea634e964595/detection

178.124.140.145:9955

# Reference: https://twitter.com/MBThreatIntel/status/1240353328271200257
# Reference: https://www.virustotal.com/gui/file/c9fa7ba9ae9c20373f723ae4cdfacb18053c42d38fa31dc1fb52cfffa2e9297a/detection

91.193.75.137:5770
ihracat.myq-see.com

# Reference: https://www.virustotal.com/gui/file/1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb/detection

172.93.128.50:5770

# Reference: https://www.virustotal.com/gui/file/b3a3fc0f34e9a1740c9970b717fcb20565dce3f04051d22f61f5c4bd567c13e6/detection

185.244.30.125:6655
virg.ddns.net
virg.dynu.net
virg16.dynu.net

# Reference: https://www.virustotal.com/gui/file/c2a5091f17f0fcbf23bf5a8867cce1bba1c67cefdc62e48a9fd9fa39b31e0063/detection

dmjones.myddns.rocks
dmjones2012.ddns.net

# Reference: https://twitter.com/killamjr/status/1241820168965120000
# Reference: https://app.any.run/tasks/39c21f68-da79-4888-9050-a4f86659d86c/
# Reference: https://www.virustotal.com/gui/file/d25047642597b3ac59ee77cd32974e2fb1711eab09bf73a9a81b199357a450ce/detection

91.193.75.139:2882
ahmado.duckdns.org

# Reference: https://www.virustotal.com/gui/file/42af576a4a239a13a05007bdd1eea86bcbf7b13dc7c9b0cf07d74d8710be15ec/detection

185.17.1.213:1975

# Reference: https://www.virustotal.com/gui/file/52b10560310453dc91237e135b8c4809830cc577214d6b570623a45ebc00e618/detection

178.124.140.144:2010

# Reference: https://www.virustotal.com/gui/file/8fc4c90a5fca87bd9e349016aa8ed041211553060348c25719490461281c2b26/detection

185.19.85.158:2010

# Reference: https://app.any.run/tasks/c1f64942-635a-4bb5-8fa1-f1a9520178fa/

bvdgfsdwsdfxc.ug

# Reference: https://www.virustotal.com/gui/file/c09ed67f8657fdd590a493d5d8ebdfaaa1437ddbaf3b23e4ef38b363482bf66a/detection

178.124.140.144:3465
kyelines.ddns.net

# Reference: https://www.virustotal.com/gui/file/e7049202bc47a73f45b6afa00dfc24a1a73e4dce65a581a5a0012ac4b40eee09/detection

204.16.247.187:3465

# Reference: https://www.virustotal.com/gui/file/5ad96bd3b15f6c2714376922833641f0f4627d341362a11077869872964edb29/detection

84.38.134.118:3465

# Reference: https://www.virustotal.com/gui/file/423912db90614b34b7205595d44ed735837d451c451d3bc96ddaca14f6e5275b/detection

216.170.114.99:42221
79.134.225.88:54361

# Reference: https://twitter.com/malware_traffic/status/1242966785462349824
# Reference: https://www.malware-traffic-analysis.net/2020/03/25/index.html
# Reference: https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/

185.163.47.168:2020
185.163.47.168:2121
185.163.47.213:2020
185.163.47.213:2121

# Reference: https://www.virustotal.com/gui/file/f12113dfd58eebfc534a60d5b4d095f9bd6e1c4631fc2e15fa74e6b769dda6c0/detection

185.165.153.90:4007
chance2021.ddns.net

# Reference: https://www.virustotal.com/gui/file/75d8c92a1aa8055162e0842c5bb23bb882c0cfda9849f07c097a4c6aee1a0f51/detection

193.26.21.80:4007

# Reference: https://www.virustotal.com/gui/file/66c3a9ef561d6dc15f738cbb8b177ed717d7d5d127c127c5f661204ad66ed12c/detection

ja3bassa.hopto.org

# Reference: https://www.virustotal.com/gui/file/dcb381598b3088eaa450b017801f89096f0c53604ade50dfdf097a367a35e70f/detection

79.134.225.122:4990

# Reference: https://www.virustotal.com/gui/file/cf6205ee7ac59a90e9de24bcd97bfbd11c6f7a99962b54db3816eebaf5bc7cdd/detection

79.134.225.122:4223

# Reference: https://www.virustotal.com/gui/file/f68f7df55b143fdb2e9e761e33ff3c64513404e867e8c06daa8cd5ca14461c14/detection

79.134.225.122:6770

# Reference: https://www.virustotal.com/gui/file/946b903a580767016f5a8b3366576ac6da9b82ed41008ff7464cd42565b342b5/detection

109.202.107.20:36758
xtreecy.dvrdns.org

# Reference: https://www.virustotal.com/gui/file/78399954e139758a3dbfb522cdbe3c63fd0236c4e187c10393c424c3d661690b/detection

213.152.162.74:36758

# Reference: https://www.virustotal.com/gui/file/0669fcac48fade8c583b8943e710069b6e97a9368fdcb2ee01673455bced7231/detection

194.187.251.91:36758

# Reference: https://www.virustotal.com/gui/file/f741f1179954183efe0950798f676cf5e42b4e7a8505d54a3d9d90327318ea71/detection

192.169.69.25:3369
79.134.225.101:3369

# Reference: https://www.virustotal.com/gui/file/d9ee98a167288a3d20ad9a5931b0a206a35b77e9f3c76585bad1fb70366cdc56/detection

79.134.225.114:3369

# Reference: https://www.virustotal.com/gui/file/484bfe3c861a7fcaa292b2071b68ccc45d883fd2c8cbb190e487aa8c809b01aa/detection

79.134.225.110:3369

# Reference: https://www.virustotal.com/gui/file/e28491eef2673968c622581204fb288c1140639e3f9eea535a9c916118db409f/detection

79.124.8.7:1986

# Reference: https://www.virustotal.com/gui/file/0ef62c8154df9f5e67c42372c4743650e5e68901b34ce48cab427e13051e0a36/detection

79.134.225.13:2058
ttnetsly.ddns.net

# Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Dropper.NetWire-7662196-0)

melissa23101.ddns.net

# Reference: https://twitter.com/EmirErdogan1864/status/1255612487984205825
# Reference: https://app.any.run/tasks/f1d891d3-00eb-4605-b313-21086e588006/

185.140.53.48:3369
office-services-labs.com

# Reference: https://www.virustotal.com/gui/file/8b14213dae41efa679b4be65355dcf7835ad4394a284c55cf34a04e328d2b298/detection

78.159.131.80:3340
winupdaters.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/f9c1a667cb0745c4d568523a9a686d5d8932e8a223a90410927a886867f115ed/detection

winenferno.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/f9abf61d90c33ec8fa8e4a037ddd9e4400596173c54aad0fa19a48cf26e861d6/detection

perfectionatyma.hopto.org

# Reference: https://www.virustotal.com/gui/file/23f7167b46b272a1d4c067fe7a6f8c0657ad59f09a5a24b936d69228563afa49/detection

79.134.225.72:1999

# Reference: https://www.virustotal.com/gui/file/65645aee251d74a6a6487d6b7ca4284544697b9fe30969f00514da269efa7353/detection

103.136.43.131:2323

# Reference: https://www.virustotal.com/gui/file/75c99193fdee6ad293d1c1250100e251a699f16d22f1cb9af6491ad078d4d8b7/detection

ethelmassingale.hopto.org

# Reference: https://www.virustotal.com/gui/domain/nawaoooo.bounceme.net/relations
# Reference: https://www.virustotal.com/gui/file/3f860a8472db39208cde25ccc3b43bd10022dd2a152d7f6bf2861f9f7c7b52c4/detection

169.159.107.143:2016
169.159.111.91:2016
91.236.116.144:2016
169.159.107.143:5556
169.159.111.91:5556
91.236.116.144:5556
nawaoooo.bounceme.net
olodumare.zapto.org

# Reference: https://www.virustotal.com/gui/file/34a8fd73694ad6439775e7cc8e8414d72d24daa307ff1ec4ada1695990f879ca/detection

185.140.53.43:3122

# Reference: https://app.any.run/tasks/aaf44d43-302f-46fb-abf8-c4df0071def7/

213.22.208.67:4444
steamguard1337.myddns.me

# Reference: https://www.virustotal.com/gui/file/a0a4b054c0c1da1e1fb2394c7bc8a059d9dd78c136783ca0dba8f2b77c6b16de/detection

gathering.ddns.net

# Reference: https://twitter.com/reecdeep/status/1262339682135937026
# Reference: https://app.any.run/tasks/1082d639-d467-4de4-9364-dc78fe50d2e5/

185.140.53.48:8808
cloudservices-archive.best

# Reference: https://twitter.com/JAMESWT_MHT/status/1263395490491744256
# Reference: https://app.any.run/tasks/8b70075b-1dfc-4265-b9d6-6455dada3d21/

185.140.53.48:7797
malwrhunterteam.duckdns.org
mhteam-lame.best
moonshine-mht.best

# Reference: https://twitter.com/JayTHL/status/1263845769125265413

172.111.213.60:3361

# Reference: https://app.any.run/tasks/422df50c-7da3-4709-9b5e-0c4277806a42/

185.19.85.165:1432

# Reference: https://yoroi.company/research/new-cyber-operation-targets-italy-digging-into-the-netwire-attack-chain/
# Reference: https://otx.alienvault.com/pulse/5ede47c29bcc77132bbfdf98

cloudservices-archive.best

# Reference: https://twitter.com/reecdeep/status/1271357083338883075
# Reference: https://app.any.run/tasks/08983831-f175-4d6f-b207-bcb8baf52497/

94.23.29.132:5566
sanchezemergycorp.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1271441948084240384
# Reference: https://app.any.run/tasks/31cf4a6e-1cdf-4631-be8f-a358ecb08e58/

179.43.166.61:6262
webalibba21.net

# Reference: https://www.virustotal.com/gui/file/50500fac024094acc9af319d262fc47f421e45a02b0b1daaa177896c16405e8b/detection

185.140.53.247:8180

# Reference: https://www.virustotal.com/gui/file/433573407b15181a9ce1d5ad98f1c684e6ed9d2deb2c7ff89319e4806d11bdcf/detection

185.140.53.247:8280

# Reference: https://twitter.com/reecdeep/status/1272464515544776704
# Reference: https://app.any.run/tasks/9517e2fd-2508-4d06-a21a-a83c4dfcf8ab/
# Reference: https://app.any.run/tasks/10dead0b-7316-4ec4-98be-b7f7e9cf8276/

79.134.225.21:3369
brutecleaner.com

# Reference: https://www.amnesty.org/en/latest/research/2020/06/india-human-rights-defenders-targeted-by-a-coordinated-spyware-operation/
# Reference: https://otx.alienvault.com/pulse/5ee7b877b8ca9dfee4d2b6b9

duniaenewsportal.ddns.net
researchplanet.zapto.org
socialstatistics.zapto.org

# Reference: https://www.virustotal.com/gui/file/84fdf30c592687b045307f140d572bb8ccafbd09badeb1519d4bfb4f9ce461b3/detection

otunba0099.ddns.net

# Reference: https://www.virustotal.com/gui/file/0d96525e8bb2a94dcb9c45293fc973d91495baa4063c7400d7f613addb6557f7/detection

jamesanderson68986.ddns.net

# Reference: https://twitter.com/reecdeep/status/1276078753081417730
# Reference: https://app.any.run/tasks/0c95e1d5-ea49-4357-ba68-9fd1de935ee3/

79.134.225.43:3396
crimea-kremlin.duckdns.org
