# Copyright (c) 2014-2023 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/James_inthe_box/status/1039605676404760576

bproduction.zapto.org

# Reference: https://twitter.com/ScumBots/status/1045052146067165184
# Reference: https://www.virustotal.com/gui/file/660633aaa4222a3577a7d2c63983e7b0f88e09e2de77a6d2eaec52fea5ca97c7/detection

80.193.191.142:1604
hyper-servers.ddns.net

# Reference: https://twitter.com/ScumBots/status/1044912611089948672

corralesking.hopto.org

# Reference: https://twitter.com/ScumBots/status/1046354478268592128

abjbwtf.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1045931693167833088

131454.ddns.net

# Reference: https://twitter.com/ScumBots/status/1045776922171576320

kurviood.ddns.net
samostrelqsh.ddns.net

# Reference: https://twitter.com/ScumBots/status/1045746857408892928

staling79.mooo.com

# Reference: https://twitter.com/ScumBots/status/1043738462233485312

pauldenero.ddns.net

# Reference: https://twitter.com/ScumBots/status/1042779678367473665

clientswin.ddns.net

# Reference: https://twitter.com/ScumBots/status/1042704306795888640

haku004.hopto.org

# Reference: https://twitter.com/ScumBots/status/1042515566584586242

win.ddnsking.com

# Reference: https://twitter.com/ScumBots/status/1037861013255860224

scammer0304.ddns.net

# Reference: https://twitter.com/ScumBots/status/1037098491472998405

popopooo3847343dfer.publicvm.com
xcvx2343242sdfsdfsdfsxcv.publicvm.com

# Reference: https://twitter.com/ScumBots/status/1036487098189205504

aylmao1337.tk

# Reference: https://twitter.com/ScumBots/status/1034248460223037441

adeldu122.ddns.net

# Reference: https://twitter.com/ScumBots/status/1041050784081883136

hbk4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1051065520328458240

needpull.ddns.net

# Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NanoCor-DM/detailed-analysis.aspx

obiank.ddns.net

# Reference: https://twitter.com/ScumBots/status/1052360306788327424

exotic-40931.portmap.io

# Reference: https://twitter.com/ScumBots/status/1052552825228673024

cuberwar.myvnc.com
cyber786.myvnc.com

# Reference: https://twitter.com/Racco42/status/1046873169070645248

chukwd.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1053824958399500288

fgcvhjbk.bounceme.net

# Reference: https://twitter.com/ScumBots/status/1054761124745412608

icheatedonyourcrush.ddns.net

# Reference: https://twitter.com/ScumBots/status/1055210337266491392

myhostsaddddd.hopto.org

# Reference: https://twitter.com/ScumBots/status/1056965649929510914

zenzen15.ddns.net

# Reference: https://twitter.com/ScumBots/status/1058154734417260544

Pirmary.dynu.net

# Reference: https://twitter.com/ScumBots/status/1058241556451254272

mohamedsaeed.ddns.net

# Reference: https://twitter.com/ScumBots/status/1058932359117107201

zentune.sytes.net

# Reference: https://twitter.com/ScumBots/status/1059509916707311617

avo4.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061253904103600128

skynipit.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061269005296693248

office365update.duckdns.org
systen32.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061510597278425089

ogkush.ddns.net

# Reference: https://twitter.com/ScumBots/status/1061710662940942338

jake1234.ddns.net

# Reference: https://twitter.com/ScumBots/status/1062224311430365185

onixoino.ddns.net

# Reference: https://twitter.com/ScumBots/status/1063892541253345281

daddyup.ddns.net

# Reference: https://twitter.com/ScumBots/status/1064575794121445376

weekskypp.hopto.org

# Reference: https://twitter.com/ScumBots/status/1065002353307324418

mcnana.theworkpc.com

# Reference: https://twitter.com/ScumBots/status/1067214563651796992

masterzion.ddns.net

# Reference: https://twitter.com/ScumBots/status/1067237079376191488

yeetyeeter.ddns.net

# Reference: https://twitter.com/ScumBots/status/1067829739107352577

sicknessdk.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1068244972011487232

intercambiotestg99.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1069162266279510016

insta.webhop.me

# Reference: https://twitter.com/ScumBots/status/1069502003116679168

wadlalafala2344.myftp.biz

# Reference: https://twitter.com/ScumBots/status/1070743939089612800

y013s.ddns.net

# Reference: https://twitter.com/ScumBots/status/1070868509763215360

moms.myftp.biz

# Reference: updates up to https://twitter.com/ScumBots/status/1079871582284247041

amerkad19.ddns.net
blubjkh.ddns.net
chromeservice.serveirc.com
kurwa.ddns.net
nanithecorelol.ddns.net
ncore.ddns.net
sambosaxzx.ddns.net
svchostest.ddns.net
vpnchjuy.ddns.net

# Reference: https://www.symantec.com/blogs/threat-intelligence/african-financial-attacks

nemesis225.ddns.net

# Reference: https://twitter.com/ScumBots/status/1086998543217426432

madarahost.ddns.net

# Reference: https://twitter.com/ScumBots/status/1088781872510001152

axuas.ddns.net

# Reference: https://twitter.com/ScumBots/status/1088908631930736640

minimalprojectscm.ddns.net

# Reference: https://twitter.com/ScumBots/status/1089191742681817094

nanoocore.ddns.net
Listener.chickenkiller.com
ukurbap.duckdns.org
5.59.91.86:5552

# Reference: https://twitter.com/ScumBots/status/1096141287328280576

karutohack.ddns.net

# Reference: https://twitter.com/ScumBots/status/1099342379386134529

185.56.90.79:1799

# Reference: https://twitter.com/ScumBots/status/1097262422912614401

194.5.99.9:36460

# Reference: https://twitter.com/ScumBots/status/1099474498317889536

109.181.151.155:1263

# Reference: https://twitter.com/ScumBots/status/1101973465895264257

lp0766.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102094396542144513

fucka.ddns.net
fuckyoua.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102422807672246274

windowuser.ddns.net

# Reference: https://twitter.com/ScumBots/status/1102547247231840258

141.255.152.199:54979

# Reference: https://twitter.com/ScumBots/status/1102573669455462400

demisoda2.kro.kr

# Reference: https://twitter.com/ScumBots/status/1102973809316032512

nanotestit.ddns.net

# Reference: https://twitter.com/ScumBots/status/1103321099440398343

csgo45bj.ddns.net

# Reference: https://twitter.com/ScumBots/status/1104808531184812037

31.49.241.6:1604

# Reference: https://twitter.com/ScumBots/status/1105793638041354240

141.255.151.202:5552

# Reference: https://twitter.com/ScumBots/status/1105797415901253633

141.255.158.98:53896

# Reference: https://twitter.com/James_inthe_box/status/1102914959556538368

185.84.181.88:4050

# Reference: https://twitter.com/ScumBots/status/1108326582664527872

10.9.36.186:6969

# Reference: https://twitter.com/ScumBots/status/1108311482247335936

213.89.206.15:1337

# Reference: https://twitter.com/Racco42/status/1102848826556276736

top1.apexgamingjo.waw.pl

# Reference: https://twitter.com/casual_malware/status/1107441450415992832

nanocore2019.bounceme.net

# Reference: https://twitter.com/James_inthe_box/status/1100793529595383809

ninodns.duckdns.org

# Reference: https://twitter.com/ViriBack/status/1093994913249853440
# Reference: https://pastebin.com/rQ0Cnkh0

lightchibuike.ddns.net
pixls.ddns.net

# Reference: https://twitter.com/ViriBack/status/1065597117937434625

bosmanchi.ddns.net

# Reference: https://twitter.com/killamjr/status/1093553362174242816

tntsure.ddns.net

# Reference: https://twitter.com/pollo290987/status/1092796516555808770

megida.hopto.org

# Reference: https://twitter.com/Racco42/status/1059945882274197504

194.5.99.243:2019

# Reference: https://twitter.com/HerbieZimmerman/status/1057692658104262657

194.5.98.182:7020

# Reference: https://twitter.com/luc4m/status/1044855395615997953

datalogsbackups.hopto.org

# Reference: https://twitter.com/matte_lodi/status/1049203238963167233
# Reference: https://app.any.run/tasks/bb524301-c794-4813-8e72-a03ae7d5b8cc

ambition.ddns.net

# Reference: https://twitter.com/Ring0x0/status/1006200464772419585

delawizzy.ddns.net

# Reference: https://twitter.com/Antelox/status/859092998818344961

herackles.moneyhome.biz

# Reference: https://twitter.com/JAMESWT_MHT/status/751375987028484096

businessdb4.duckdns.org
businessdb5.duckdns.org

# Reference: https://twitter.com/JayTHL/status/729724613907783680

212.7.208.81:51010

# Reference: https://twitter.com/JayTHL/status/705429671303774208

greenbacks.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/694596719426826240

admindarkcomet.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/694296245679099904

QuantumDevv.chickenkiller.com

# Reference: https://twitter.com/MalwareConfig/status/651147773257977856

paychuby.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097923196342272

aeht.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097877851746304

freedarren.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/650097559160156160

purevid.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/650097117315395584

ik4ito.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/650096982590156800

mlgsnip3r.no-ip.biz

# Reference: https://twitter.com/ScumBots/status/1109640234864701441

67.253.236.155:5553

# Reference: https://twitter.com/ScumBots/status/1110266084760920064

gangbanghangchang.myftp.biz

# Reference: https://twitter.com/James_inthe_box/status/1110579161884577792

172.81.132.137:54984

# Reference: https://twitter.com/x42x5a/status/1113414801705844738

kgentle77.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1114521149034123265

185.101.94.172:36460
rmcos.sparcos-es.com

# Reference: https://twitter.com/HerbieZimmerman/status/1115325369371045889

185.165.153.114:2525

# Reference: https://twitter.com/x42x5a/status/1115556640026177537

184.75.209.169:5787

# Reference: https://twitter.com/malwrhunterteam/status/1115942079711129602

ebaystube.hopto.org

# Reference: https://twitter.com/Racco42/status/1116793128319459329

moran101.duckdns.org

# Reference: https://pastebin.com/S3cZw7CA

154.16.63.122:1919
184.75.209.169:5787
185.56.90.91:1989
185.84.181.83:5302
194.5.98.26:1012
194.5.99.229:5050
213.208.152.197:9737
33393.ddns.net
arab1.myq-see.com
frazodee.hopto.org
gefide5.ddns.net
hhhssa.chickenkiller.com
lacoban.ddns.net
office365.duckdns.org
onielnfo.ddns.net
repoyochar2u.ddns.net
repoyochar2u.hopto.org
skynetcdt.dyndns.org
webaccess.hopto.org
wilfred123.ddns.net

# Reference: https://pastebin.com/ZCVB1pww

103.200.6.3:5490
181.214.55.23:9989
181.215.247.55:9780
185.148.241.40:3413
185.208.211.13:1943
185.244.30.106:1985
185.244.30.116:1985
185.244.30.98:8030
194.5.99.176:54984
194.5.99.181:4488
194.5.99.84:1604
194.68.59.45:32101
86.144.241.171:1608
95.140.125.77:52097
95.140.125.79:10203
ADMIN.ndplc.gq
anunankis3.duckdns.org
burdun.dynu.net
cjbo12.ddns.net
ibrak.ddns.net
jacksmithcarter.ddns.net
jasoiuuydealaa.sytes.net
kenzog.no-ip.biz
kroger.ddns.net
lordblessme.duckdns.org
lordblessme.hopto.org
MARKET.ndplc.gq
microsoftware.hopto.org
netframework.serveminecraft.net
okaforchukwuma247.ddns.net
parcel.duckdns.org
rattool0.ddns.net
rogersbvrly0123.ddns.net
shahan1337.ddns.net
shootingstar.ddns.net
talknahealga1974.myq-see.com
vpnserver.ddns.me
xxxnpornlegitnoscam.ddns.net

# Reference: https://ghostbin.com/paste/qyhf6

107.173.58.71:30117
109.247.80.150:20000
154.16.201.167:3114
154.16.220.215:7177
173.46.85.23:1996
178.209.51.235:4156
181.215.247.13:19983
181.215.247.189:4199
181.215.247.194:1002
181.215.247.70:7000
185.121.166.5:1012
185.244.30.121:5129
185.244.30.127:1985
185.244.30.94:8030
185.244.30.98:9645
185.84.181.65:8128
189davidcameron.ddns.net
191.101.22.231:7200
194.5.99.179:4040
194.5.99.197:54984
194.5.99.22:3940
194.5.99.5:2017
194.68.59.31:1756
198.23.210.211:5890
2018bless.duckdns.org
212.7.208.100:17084
212.7.208.155:10001
212.7.208.94:3413
213.184.126.145:2001
31.220.7.204:1626
37.49.225.19:4335
41.231.120.13:9176
45.35.105.149:30198
46.36.39.22:2212
62.109.11.164:54984
78.47.149.66:7331
79.172.242.29:36378
88.208.246.117:7000
89.35.228.239:57356
89.46.222.206:9998
91.192.100.23:7012
91.192.100.4:3535
91.192.100.5:8181
91.92.136.158:1608
95.140.125.52:2018
95.140.125.85:6020
95.213.251.165:2547
a.tomx.xyz
anonymouss21.ddns.net
babazam.xyz
baseman45.pdns.cz
bennicholas.hopto.org
bitcoinonemmusd.hopto.org
bnow.duckdns.org
brytonwilliams.ddns.net
chykn.hopto.org
comboplug.duckdns.org
darkrig1.ddns.net
dayung.duckdns.org
dickson78.duckdns.org
ehispride1.ddns.net
frankfurt1.perfect-privacy.com
frankfurt2.perfect-privacy.com
frankwill12.ddns.net
godsblessing.dotdns.ch
heinrichschroth.hopto.org
ijomsdavis1.ddns.net
irofuuzo.ddns.net
isaacjekwu123.ddns.net
kotsiros.ddns.net
lappenfick.hopto.org
lascoyaya.sytes.net
maxwellclassic.ddns.net
mercadoliinio.duckdns.org
mikkymouse.duckdns.org
mybackups.duckdns.org
nano.xblbyesma.com
nanoip2.ddns.net
newera.serveftp.com
officewkgrace.ddns.net
osynewvps.duckdns.org
paychenco.ddns.net
paymeaji.ddns.net
snooper112.ddns.net
suncraft.duckdns.org
sydneyjames101.ddns.net
timmy44.ddns.net
timmy55.ddns.net
tonymaris.ddns.net
TUIYR.chickenkiller.com
wackysite.duckdns.org
xblbyesma.com
yannythefanny.ddns.net
z.whorecord.xyz

# Reference: https://twitter.com/James_inthe_box/status/1029752092473217025

185.82.220.137:33691

# Reference: https://twitter.com/pancak3lullz/status/1115982919628148736

194.5.99.30:4488

# Reference: https://twitter.com/pancak3lullz/status/1083411311160102912

185.125.205.71:6789
omada20.ddns.net

# Reference: https://twitter.com/pancak3lullz/status/1082284798708723713

185.125.205.68:3190
jasoncarlosscot.hopto.org

# Reference: https://twitter.com/pancak3lullz/status/1080543756456214528

173.46.85.96:2222
chibuike.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1120752034829856768

91.192.100.50:7030

# Reference: https://twitter.com/dvk01uk/status/1121633456323088387
# Reference: https://app.any.run/tasks/44328111-a0d3-48b5-bc50-2e7e45118261

adobemoney.linkpc.net
31.220.43.113:7788

# Reference: https://twitter.com/luc4m/status/1121805940632817664

77.48.28.247:5378

# Reference: https://twitter.com/MalwareConfig/status/775345497422831616

nipples.chickenkiller.com

# Reference: https://twitter.com/MalwareConfig/status/772909731287564288
# Reference: https://malwareconfig.com/config/0c0e3b6d38c265acb8a2b57cdf15803e/

109.169.61.7:6565

# Reference: https://twitter.com/Racco42/status/1122972672001019906

185.101.94.172:3018

# Reference: https://twitter.com/r0ny_123/status/1017730367149760518
# Reference: https://app.any.run/tasks/c4fb59da-cded-4fa9-9a1f-9409a52b7ed3

191.96.249.27:3360

# Reference: https://twitter.com/x42x5a/status/1123179932404846593

wazaa.mywire.org

# Reference: https://twitter.com/dvk01uk/status/1123176385252614145
# Reference: https://app.any.run/tasks/bbe15eb1-1bbe-437f-bdda-5b83fc47b8b5

185.247.228.142:3196

# Reference: https://twitter.com/Racco42/status/1124289220653142016
# Reference: https://app.any.run/tasks/385b66d9-8455-4501-9828-ce8e3ff255b7

wiz2019.ddns.net
185.165.153.110:9124

# Reference: https://twitter.com/Racco42/status/1125377644814581760
# Reference: https://app.any.run/tasks/4edc7722-c6a6-480a-a5ce-dc8ec2c6ee14

nonox.duckdns.org
185.247.228.171:2741

# Reference: https://twitter.com/P3pperP0tts/status/1125807083700539392

bio4kobs.geekgalaxy.com

# Reference: https://twitter.com/dvk01uk/status/1126018535094931456

rajahclassic.chickenkiller.com

# Reference: https://twitter.com/dvk01uk/status/1126332447321411584
# Reference: https://app.any.run/tasks/5e801075-d3af-48b2-9c69-2d838b4ba7b9

91.193.75.239:5494

# Reference: https://twitter.com/58_158_177_102/status/1126774468053889031
# Reference: https://app.any.run/tasks/5f4957cb-3478-4184-a6af-ca0d82fc0415
# Reference: https://app.any.run/tasks/84c87a15-34c7-4434-93ae-6f02b524aad6

kartelicemoney.duckdns.org
105.112.112.160:1707

# Reference: https://twitter.com/x42x5a/status/1128982111711584256

frankwill12m.ddns.net

# Reference: https://twitter.com/ScumBots/status/1132417823760896000

24e26s2854.wicp.vip

# Reference: https://twitter.com/James_inthe_box/status/1133059402800386051

wazy1010.ddns.net

# Reference: https://twitter.com/ScumBots/status/1133331342572236801

120.24.231.105:7334

# Reference: https://twitter.com/JAMESWT_MHT/status/1134365902173102080
# Reference: https://app.any.run/tasks/94641e32-9b9d-4da3-8345-f07e8922b7c6/

194.5.98.5:1680

# Reference: https://twitter.com/JAMESWT_MHT/status/1134478806473986049
# Reference: https://app.any.run/tasks/62f68bae-1b8f-40b6-883d-a48178c0e277/

79.134.225.51:3030

# Reference: https://twitter.com/Racco42/status/1136593634650927105

80.85.153.187:30301

# Reference: https://twitter.com/James_inthe_box/status/1136778097615724548

185.217.1.133:50317

# Reference: https://app.any.run/tasks/12b3ea80-4345-4f3b-b628-a10c0195854a/

91.193.75.239:5494

# Reference: https://twitter.com/luc4m/status/1138064069284573184

bukis228.ddns.net

# Reference: https://twitter.com/Zerophage1337/status/1138099090556932097

91.193.75.21:5626
atiku.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1138478169755754496

ganif.ddns.net
shedyshedy.ddns.net

# Reference: https://app.any.run/tasks/cb0e97af-6122-4181-87e5-842dedde0d77/

178.239.21.116:1186

# Reference: https://blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/

185.244.31.50:1540
79.134.225.41:2031

# Reference: https://twitter.com/P3pperP0tts/status/1139942794590601216
# Reference: https://pastebin.com/bpabKNNZ

185.244.31.25:3575
185.244.31.31:8181
91.193.75.239:5494
ambit19.ddns.net
ip2locate.ddns.net
ochaforward.hopto.org
templerun.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1141317977167605765
# Reference: https://app.any.run/tasks/0a32df75-7fa1-4ac4-b093-9422785aa904/

69.65.7.135:8484

# Reference: https://myonlinesecurity.co.uk/nanocore-rat-via-fake-dhl-failed-delivery-in-chinese/
# Reference: https://app.any.run/tasks/bae68d93-a378-436a-b809-362b00fd84d5/

185.244.29.22:6699
microsoft.btc-crypto-rewards.cash

# Reference: https://twitter.com/Racco42/status/1141106627229212673
# Reference: https://twitter.com/HerbieZimmerman/status/1141408019571458049

justgo.linkpc.net
104.206.98.246:30301

# Reference: https://twitter.com/reecdeep/status/1143821025748164608
# Reference: https://app.any.run/tasks/6ad55b12-af6b-419d-b375-b87c25c82056/

79.134.225.12:5000

# Reference: https://twitter.com/ffforward/status/1144531131326504961

feshng.hopto.org
134.3.20.151:7789
185.165.153.171:7789

# Reference: https://twitter.com/luc4m/status/1145603655413981185

southmoney.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1145680737971998720

pay1.duckdns.org

# Reference: https://twitter.com/killamjr/status/1145758143395373056

103.133.109.109:2040

# Reference: https://pastebin.com/S4ggik78

dxbdoc.ddns.net
jodeal.casacam.net
nemesis225.duckdns.org
popsudtsucks.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1146482606185308160

23.249.168.10:1982
ogodoswar.ddns.net

# Reference: https://twitter.com/killamjr/status/1146498532716793856
# Reference: https://app.any.run/tasks/5db94abe-1315-4b95-9d49-704db75df4c0/

5.196.203.64:42093
thefrench.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1146669422448435201
# Reference: https://app.any.run/tasks/70b936c4-e4eb-44f3-a15e-e2663fb19562/

79.134.225.51:3030

# Reference: https://twitter.com/ScumBots/status/1147928776216653825

141.255.145.32:1604

# Reference: https://twitter.com/reecdeep/status/1148901391001407494

79.134.225.12:5000

# Reference: https://twitter.com/James_inthe_box/status/1149026394472472576

185.244.31.81:3487

# Reference: https://twitter.com/D3LabIT/status/1149659498350407680
# Reference: https://app.any.run/tasks/70dfba07-7b8a-4bff-a71e-c520f977f3d2/

185.247.228.191:1540

# Reference: https://twitter.com/P3pperP0tts/status/1150326099416686592

benders.zapto.org
debase45.ddns.net

# Reference: https://www.virustotal.com/gui/file/af0fbb1773a61cc3cd40cb559ecea7fec657769c5179bfcdfae0d63803b48497/behavior/Dr.Web%20vxCube
# Reference: https://app.any.run/tasks/611b13bd-4c3b-48f9-a86f-b1eb99eee413

updated01.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1151385321587838978
# Reference: https://twitter.com/reecdeep/status/1151756075407945729
# Reference: https://app.any.run/tasks/457db32a-37d5-4661-8343-66acae38c8d2/

nacoreloaded12.ddns.net
160.202.163.244:3126

# Reference: https://twitter.com/B1naryG/status/1151424533032816641
# Reference: https://app.any.run/tasks/40a6bc66-e98b-4cd7-a077-bc773d0ed954/

185.247.228.17:47581
etoiilefiiilante.duckdns.org

# Reference: https://twitter.com/coderippers/status/1152188547253846016

moneybag042.warzonedns.com

# Reference: https://twitter.com/reecdeep/status/1145943064961269760

mardinmagic.ddns.net

# Reference: https://twitter.com/coderippers/status/1153267389632602114

185.125.205.75:54984
blackhill.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1153283443133964290

avt.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1153672360265781249

localdesk.ddns.net

# Reference: https://twitter.com/dvk01uk/status/1154367978152124418

onpcsetup.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1154636731074908160

5.188.9.57:7575

# Reference: https://twitter.com/James_inthe_box/status/1154762726494765056

newmicke2019.ddns.net

# Reference: https://twitter.com/Racco42/status/1155776895394439168
# Reference: https://app.any.run/tasks/f1d56790-6fee-481e-b40f-85453d3d52ca/

moneybag042.warzonedns.com
36.255.97.73:2040

# Reference: https://twitter.com/Paladin3161/status/1157070115038478338

79.134.225.96:5556

# Reference: https://twitter.com/Paladin3161/status/1156903664302215169

185.217.1.156:5200
warzoneburky.ddns.net

# Reference: https://twitter.com/wwp96/status/1158427926750212096

eguchinomso.duckdns.org

# Reference: https://twitter.com/wwp96/status/1158390337372655617

primaryjet.duckdns.org
142.44.161.51:5232

# Reference: https://twitter.com/killamjr/status/1159132424544149504
# Reference: https://app.any.run/tasks/a227900f-9fd8-4e82-84b7-7d93357517ea/

160.116.15.132:2382
kalakuta.ddns.net

# Reference: https://twitter.com/ScumBots/status/1162416745317052417

178.117.59.19:25565

# Reference: https://twitter.com/ScumBots/status/1163001849731063810

184.57.168.28:1705

# Reference: https://twitter.com/wwp96/status/1163472330565332992
# Reference: https://app.any.run/tasks/0cbd5edf-c36a-48d8-b9ae-67ad0b83d759/

23.105.131.129:7080
patgini.duckdns.org

# Reference: https://twitter.com/killamjr/status/1164172558700204032

attilabanks.ddns.net

# Reference: https://twitter.com/reecdeep/status/1164422876017115136

79.134.225.52:1991

# Reference: https://twitter.com/reecdeep/status/1164432216010702848
# Reference: https://app.any.run/tasks/2e09254a-c57f-4d6d-8186-de18a9eb75fe/

79.134.225.108:1135
systempc1.ddns.net

# Reference: https://twitter.com/reecdeep/status/1164466004480745472
# Reference: https://app.any.run/tasks/0fa8bc38-52f8-4e4e-af68-65b737625372/

79.134.225.55:7030
pacotdc2020.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1163354232113831936
# Reference: https://app.any.run/tasks/76c3a5e1-5a04-489f-a59b-2408524d14ce/

66.133.76.69:8631
cjchijioke.zapto.org

# Reference: https://twitter.com/killamjr/status/1164514185243430914
# Reference: https://app.any.run/tasks/0da0b775-3f5c-4277-99af-1681833f4a05/

194.5.98.24:4564
recoverypw.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1164792320396365829

194.5.98.137:7895
engineer.hopto.org

# Reference: https://twitter.com/DynamicAnalysis/status/1166030024635498496

91.189.180.211:4740
bsbs.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1166238086084345857
# Reference: https://app.any.run/tasks/ff57ad8c-a66c-47f8-b42b-d6026d94ad5f/

185.19.85.171:59
agahwon.duckdns.org

# Reference: https://twitter.com/reecdeep/status/1166605833343553536
# Reference: https://app.any.run/tasks/28a1f567-1857-4bd1-a4d2-edb1db79c66a/

194.5.98.225:54984
apapurevpn.ddns.net

# Reference: https://twitter.com/Jouliok/status/1166616872474894337
# Reference: https://app.any.run/tasks/2bfd1d45-eec2-443b-bf71-e18df582f076/

185.105.236.176:2179
calitus.hopto.org

# Reference: https://twitter.com/Paladin3161/status/1167027534828978177

ariascopetrading.hopto.org

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

bnow.duckdns.org
ciao2.hopto.org
dwxi.duckdns.org
dxbdoc.ddns.net
fillup.duckdns.org
hardrickkonsult.duckdns.org
jodeal.casacam.net
kendomoney2.duckdns.org
moneymen2019.ddns.net
mrstan.duckdns.org
nemesis225.duckdns.org
popsudtsucks.duckdns.org
roblox.webredirect.org
wackysite.duckdns.org
winsec.dynu.net

# Reference: https://twitter.com/p5yb34m/status/1167130345965117440

manblues.sytes.net

# Reference: https://twitter.com/wwp96/status/1167837052097970176

sandshoe.duckdns.org
smartcoonect.duckdns.org

# Reference: https://twitter.com/wwp96/status/1167830992587034624

saintjames.publicvm.com

# Reference: https://twitter.com/wwp96/status/1167834053590097921
# Reference: https://app.any.run/tasks/5260bec5-bff2-44f4-983f-9dc2adde3113/

142.44.161.51:5089
nnjhjhjj.duckdns.org

# Reference: https://twitter.com/Racco42/status/1168622419256459266
# Reference: https://app.any.run/tasks/8f34b304-4350-4ca9-87f1-00fd92b88454/

154.68.5.169:49153
chance2019.ddns.net

# Reference: https://twitter.com/reecdeep/status/1168795298715639808
# Reference: https://app.any.run/tasks/c23caa1a-41f5-43d2-8c63-4e8e4d45a98f/

185.105.236.134:9412
fredwil.ddns.net

# Reference: https://twitter.com/ps66uk/status/1169181097604915200

79.134.225.108:5592
98.143.144.232:58566
mstanley.ufcfan.org
worklogin2019.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1169339642115588096

eventuary.ddns.net

# Reference: https://twitter.com/DynamicAnalysis/status/1169336301818130432

105.112.98.206:1144
173.254.223.125:1144
meeti.ddns.net

# Reference: https://twitter.com/wwp96/status/1170310504029536256

blackhill.ddns.net

# Reference: https://twitter.com/wwp96/status/1170336591635783680
# Reference: https://app.any.run/tasks/79afa5de-1f01-4b27-ab24-4239512844ff/

185.105.236.176:5721
weiby.hopto.org

# Reference: https://twitter.com/Paladin3161/status/1170706804864536576

bloc2020.ddns.net

# Reference: https://app.any.run/tasks/38a77fc4-420f-493d-985b-b3a0577ff256/

185.165.153.35:30089

# Reference: https://twitter.com/wwp96/status/1171063529929105412
# Reference: https://app.any.run/tasks/4a93b3f3-2876-45c5-9501-410830ee0d5b/

185.165.153.56:4040
eizzymoney.ddns.net

# Reference: https://twitter.com/wwp96/status/1171065447967580162
# Reference: https://app.any.run/tasks/c3334463-7291-42b6-bcdf-e9b850b8192b/

51.89.142.95:5454
abc.hopto.me

# Reference: https://app.any.run/tasks/c9c03c22-e430-408d-b971-c6e4f9effca9/

moran101.duckdns.org
moran007.duckdns.org

# Reference: https://twitter.com/wwp96/status/1171407790449012736
# Reference: https://app.any.run/tasks/64497ded-42f5-4689-8ea3-c23864707166/
# Reference: https://app.any.run/tasks/9b106ed5-ddbf-405b-986f-dc48525b0d51/

103.200.6.79:2277
103.200.6.79:7722
renaj.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1171762981673172992

1gstemos.duckdns.org
danishcent.duckdns.org
jaden222.kozow.com

# Reference: https://twitter.com/JayTHL/status/1171792541240442880

91.189.180.218:4435
btchtu.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1171952485625262080

officeofgrace14.ddns.net

# Reference: https://twitter.com/reecdeep/status/1172525114036039680
# Reference: https://app.any.run/tasks/237d0b43-2489-4854-bbc2-4c459598e3c8/

185.19.85.159:3000

# Reference: https://twitter.com/dvk01uk/status/1172755193206845444
# Reference: https://app.any.run/tasks/e0c2b41e-0b42-4c96-b0bc-72fd6be85284/

185.165.153.121:76
deburg.duckdns.org

# Reference: https://twitter.com/killamjr/status/1173262255611269120
# Reference: https://app.any.run/tasks/28aa0199-0428-4812-b9fa-687a69c5bd7b/

79.134.225.104:4050

# Reference: https://twitter.com/coderippers/status/1156857536026484736

103.200.6.3:2016

# Reference: https://app.any.run/tasks/bc5b715c-7bfa-4025-9a42-58de61855990/

saintjames.publicvm.com

# Reference: https://www.virustotal.com/gui/file/3f5bce47783e3a859fbb467b72f659ba95ccbcacc5f0906a9615fa44dfbb3bb4/detection

79.134.225.106:9124
shekinahwiz.ddns.net

# Reference: https://twitter.com/killamjr/status/1178663514900238336
# Reference: https://app.any.run/tasks/177c7ec2-fb0a-4302-b871-8bdb359624df/

194.5.98.123:33733


# Reference: http://vxcube.com/recent-threats-ioc/5d3781b3a39bb560702e4a13/detail

nanocore511.ddns.net
avt.duckdns.org
jimmycharles2468.ddns.net
kennethpeters.ddns.net
king8950.duckdns.org
ilepilub.myhostpoint.ch
sammorrisok55.duckdns.org
abundantgrace1.ddns.net
warzoneburky.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1179774489514496000

59108.duckdns.org

# Reference: https://app.any.run/tasks/cdef8e3a-c2e1-4363-8f85-219925f5e5ad/

odogwu222.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1180811705280012288

94.107.59.249:54984
connectings.ddns.net

# Reference: https://twitter.com/Paladin3161/status/1181188506980208640

kartelicemoney.duckdns.org

# Reference: https://twitter.com/Racco42/status/1181330436162818054
# Reference: https://app.any.run/tasks/1fc0964a-4d9e-45bd-a982-8bb6e6251b48/

194.5.98.127:5882
ify.duckdns.org

# Reference: https://twitter.com/Racco42/status/1181670662194257936
# Reference: https://app.any.run/tasks/77b8af9e-239e-42c6-8670-69984eb22afa/

79.134.225.42:1985

# Reference: https://twitter.com/ffforward/status/1181853927156920321
# Reference: https://app.any.run/tasks/d78e78a4-824c-44d9-a0f8-a25be2a038af/

79.134.225.46:9020
mulla.hopto.org

# Reference: https://twitter.com/Racco42/status/1182064994516643841

79.134.225.119:55112

# Reference: https://app.any.run/tasks/c14fcbdc-edc1-427b-9f15-bd047abb1e8c/

194.5.98.251:5540

# Reference: https://twitter.com/w3ndige/status/1176905272549400579
# Reference: https://app.any.run/tasks/b4fdda7d-737a-4493-913c-e1cff8987d4a/

185.217.1.173:9834
antihunger.dynu.net

# Reference: https://twitter.com/w3ndige/status/1165906300754104322

103.200.5.128:8776
gregvictor.hopto.org

# Reference: https://twitter.com/P3pperP0tts/status/1186665154513195013

79.134.225.70:3940
danishcent.duckdns.org

# Reference: https://twitter.com/w3ndige/status/1188840789016764416
# Reference: https://app.any.run/tasks/7e37ef77-7127-4213-b8e5-ee24f8658e8d/

185.165.153.239:9834
newone11.mywire.org

# Reference: https://twitter.com/wwp96/status/1188887309091033089
# Reference: https://app.any.run/tasks/95daf9a7-d985-4928-8220-c12bf45b3334/

185.165.153.16:6939
morgan22.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/603d6fc8c41c2a18139857e27a7dc3e050f3c9ddfac7cccc92c4e454408fb896/detection

tijanml.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/98be89b13355f98a1e7faf259312b0054159aeffa9d222101c2227854d5089e8/detection

79.134.225.125:1985

# Reference: https://www.virustotal.com/gui/ip-address/79.134.225.125/relations
# Reference: https://www.virustotal.com/gui/file/97f32d9e89e510d6e9c26d0a91d3e08692932d0d2a2264a7369b5a133fade0b5/detection

79.134.225.125:5001
teryts1802.sytes.net

# Reference: https://www.virustotal.com/gui/file/fc6a0c7a5758bf1dd04e30c58680fc842316b2078635df3449f51e12322c176a/detection
# Reference: https://www.virustotal.com/gui/ip-address/37.235.1.174/relations

37.235.1.174:53

# Reference: https://www.virustotal.com/gui/file/4928fdede6439ab72afc175ef367440d665c876d7c3a1bff09ffd6c53752ce56/detection

185.217.1.135:137
37.235.1.177:53
alaincrestel1900.ddns.net
larbivps.freemyip.com

# Reference: https://www.virustotal.com/gui/file/9c70295e9fedc283b112db777ccb3cd35b8177ce258d773f6d1df26692d0fedc/detection

beast999.ddns.net

# Reference: https://www.virustotal.com/gui/file/70fe32a3ed8a6d0faf3ac6d460b3b1c4dcb8819fe7ca86069a7ff6479282562e/detection

SchoolServer405.mooo.com

# Reference: https://www.virustotal.com/gui/file/5068c69231bfd86ed423021ce32a189b3d7f92391917b9b62251a545bb98834b/detection

88.235.181.40:8282
victoryinkings.ddns.net

# Reference: https://www.virustotal.com/gui/file/dc23e79acb4676f260b0c5a29c1315395b0099c11a954d1d85180161225d25e7/detection
# Reference: https://www.virustotal.com/gui/file/c4eab66d81ba8fab271e01d6080978ffad715c77734b43ce8ee0d6906f2c8186/detection

154.118.70.199:6060
41.217.61.245:6060
79.134.225.74:6060
obu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b174b1345931d9f22e75bdfe7ec10241c047c6cc82ca223224d3bdb0ca470234/detection

79.134.225.7:8282
conana666.ddns.net

# Reference: https://www.virustotal.com/gui/file/100b4b69c75870f8134238b0b26e7c666a57c2e0ed46729297cb527ec67d1d5b/detection

xsrt7dtftvf.ddns.net

# Reference: https://www.virustotal.com/gui/file/5d6decfa7304de309e330fcb8483261e4b1b3ad6515cebba33a23ab3db050d4d/detection

79.134.225.116:1604
91.193.75.48:1604
staffordcranegroup1.ddns.net

# Reference: https://www.virustotal.com/gui/file/143fa3aad33c18877ed9e435d140b9be6b92e20e8a767e6098b43caabf7734ac/detection

79.134.225.74:1111
lecamerenhaut.freemyip.com

# Reference: https://www.virustotal.com/gui/file/6ce3f65a76bae40596eebd524b5389e409ddaa0e03d62dcbe314adead20ce2e2/detection

194.5.98.190:9098
norly.ddns.net

# Reference: https://www.virustotal.com/gui/file/891152054d208fd7da085b63d53821e14ce6c6f128e1dda6d569fded36ee04b6/detection

41.203.78.246:8282

# Reference: https://www.virustotal.com/gui/file/773b78f8aef041ebf69887c0bd08d675591f28c5c1334ab078865303e17a6620/detection

185.247.228.15:4040
ellababy123.ddns.net

# Reference: https://www.virustotal.com/gui/file/1c01644bf0467a11d1966af6f334d4c0c0eb1d432e794d3a077429feb2ad9fd7/detection

clanige4.ddns.net

# Reference: https://www.virustotal.com/gui/file/da32aadc61ccfd99fd0617f5f763d06db2d01c2fb604239c775a2ee40a3d8b5b/detection

41.203.78.34:8282

# Reference: https://www.virustotal.com/gui/file/492dbe76f0fc6405cccd22266e7c4a3f138e834d81689250da1e1c676bebeef0/detection

185.19.85.183:8809
odogwuchacha.ddns.net

# Reference: https://www.virustotal.com/gui/file/3853bdd2d2062612f2db5244f330edf0b20dee4531e219b9a2040b21aecaa5c8/detection

thierrydeffo4.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/58270868d40ff869a4d08d3e0f893da3c51e7261ba80b34bbee4510126533b6a/detection

79.134.225.77:8282
smart234.ddns.net

# Reference: https://www.virustotal.com/gui/file/7110a71d6600a756d0aa9fadbcba104dba6ef22114974eee2a6676445298d4aa/detection

79.134.225.8:6453
alphaget.ddns.net
xaoc6y6yy6.bounceme.net

# Reference: https://www.virustotal.com/gui/file/b65848b6c2ae77863acf09d5f29bf6f1e1b2fbd98833a040e6f53bcbbc004cb4/detection

79.114.124.253:1608
homelaptop.ddns.net

# Reference: https://www.virustotal.com/gui/file/8eb3451aa4b96c3dd16c0968f7c4f3261eeb1a550f3648aa21e19a56e46d22c0/detection

79.134.225.75:4040

# Reference: https://www.virustotal.com/gui/file/8af64061540bafe06aaf819eb09db32dcc6b2cceca569a2726375da1d8225f77/detection

185.165.153.11:9090
riotriot.ddns.net

# Reference: https://www.virustotal.com/gui/file/7d9290ee70bef014939f22007f1de6ed33e0762bdc61e96e659bfe77456bfbdf/detection

41.203.78.158:9090

# Reference: https://www.virustotal.com/gui/file/1ff40475eb58edf037a554b8821935b2e6016f00ff18d51a822e98a0cc4cdeb1/detection

0.tcp.ngrok.io
18.188.14.65:19546
3.14.212.173:19546
3.17.202.129:19546
3.19.3.150:19546
3.19.114.185:19546

# Reference: https://www.virustotal.com/gui/file/0a53eae7a195a84a43bc19452b25e05c5a9cf3ba7533d02e742f610fa5e13d40/detection

18.223.41.243:15816
3.17.202.129:15816

# Reference: https://www.virustotal.com/gui/file/3b48e822297e8352840ddd91546caeb951af876c64653f7d8db7ec5d96087684/detection

68.198.117.153:4782
bfe0to1zem2ogior.serveminecraft.net

# Reference: https://www.virustotal.com/gui/file/31b29c53a227bd0008c461d33538899db0673a37dc47e71ae42f0d6b32bfa511/detection

79.134.225.105:4040

# Reference: https://www.virustotal.com/gui/file/22b073c978eeadcfb751d12ceff7cf1b27b802b4329764553b998426bd05855d/detection

68.192.14.107:1605

# Reference: https://www.virustotal.com/gui/file/a40f890fbf60291ee34505f1dac3986cc249127f7edab134803cda5f17039c91/detection

lasius.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a6457cfeab68e8c662c4d9d75b074f000a1103a0966d5819a49dc6b03f78b802/detection
# Reference: https://www.virustotal.com/gui/file/0777ecb019654f0b8fc2961768f35dc4d41f3def47863b055c3118755bb0ad9a/detection

185.217.1.180:1604
197.210.64.86:1604
lucasdesmond31.ddns.net

# Reference: https://www.virustotal.com/gui/file/69dcba1bd1cb70069101ae3e051d57a62eba2f7b9650f561be550e08663c83fd/detection

procompany.ddns.net

# Reference: https://www.virustotal.com/gui/file/f8397b1579dc91688b6c7994805e1efc5325ef22c0743d2009196fcd55d667f2/detection

173.254.223.68:8282
donsea1234.ddns.net

# Reference: https://www.virustotal.com/gui/file/57b779b63c1444bd0e6d34ac75042fabc8aed7d8aa652793dd08bc54f378f566/detection

194.5.98.28:9090

# Reference: https://www.virustotal.com/gui/file/0e9025441bb5f7621694fd57ee55c63eb774464cb4c1b0d777bddb86871bcf68/detection

41.203.73.171:8282

# Reference: https://www.virustotal.com/gui/file/d899928e75e7109c964996cb6c8397b4e35cfb5561735578eb447545e7feb204/detection

41.203.78.159:8282

# Reference: https://www.virustotal.com/gui/file/03b3b1fb23a991b5bba7f886086caacafcef268b9bf5f178cbffc9735769eb5a/detection

knsoverseaslimited.ddns.net

# Reference: https://www.virustotal.com/gui/file/9ba1e7f53284d456d00db2eb8fb6406f5628666403a48456a8d7611c809c44e6/detection

197.210.62.44:8282

# Reference: https://www.virustotal.com/gui/file/7290e8234d47103dc7c3274b3c7e574970b97bdaa44ffbcc0201c69b0acb11cc/detection

197.210.62.32:8282

# Reference: https://www.virustotal.com/gui/file/fc6a0c7a5758bf1dd04e30c58680fc842316b2078635df3449f51e12322c176a/detection

79.134.225.69:8282

# Reference: https://www.virustotal.com/gui/file/290be52d7ca397be27d670ac37398b1ad5693b16dca6983c626db40e37247487/detection

mprentignac.ddns.net

# Reference: https://www.virustotal.com/gui/file/6f7753f614fb2c123a9fa55de0af097a4f92a7a350d88c55cf218ff5eac6a4f9/detection

41.203.78.182:9090

# Reference: https://www.virustotal.com/gui/file/5a79ba7f2bedbc8ccbfa3ea786be54334dbb76fef00f7b2173fe40c336b53372/detection

beast1111.ddns.net

# Reference: https://www.virustotal.com/gui/file/73102b5cd20c48cfd222d9ad0b618f069493a7ec566480c9b4871cbb2723a3ac/detection

kene32145.ddns.net

# Reference: https://www.virustotal.com/gui/file/82847914515e6c8d599e10547d1bdd834628539f4164ae6e07c0c92de3cf711b/detection

105.112.38.6:8282

# Reference: https://www.virustotal.com/gui/file/60778609ebb0625597a6c0b8021ef6c2155e937eb8bd70bd8043b60eada9b382/detection

stevesteves001.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/505094e8b5ad5b7b536b08ef7e49d946bc7c4c66b7c22966dac0eaa98d29f6cf/detection

185.19.85.141:8282

# Reference: https://www.virustotal.com/gui/file/7e39c10423e4ef1e6fb07432a9af1ef7db0c3a85e874ada57d8aacdab8ad0975/detection

194.5.98.7:9098

# Reference: https://www.virustotal.com/gui/file/931f783ffeb0e5cd5b7e23fa484220f7ccd1d4739e72f440c20b63fb6a795736/detection

213.208.152.217:64816

# Reference: https://www.virustotal.com/gui/file/499843b56eab51e230b0234ab7db80ae3adbb80bdf81cfbfe85caf826e56e3a4/detection

213.208.152.217:9984

# Reference: https://any.run/malware-trends/nanocore (Note: as seen on 2019-12-04)

alemaniaelmejor.duckdns.org
anglekeys.duckdns.org
bnow.duckdns.org
codazzixtrem.duckdns.org
dephantomz.duckdns.org
duckdns4.duckdns.org
gemalto.duckdns.org
hicham9risa.duckdns.org
info1.duckdns.org
ipvhosted.duckdns.org
jfcolombia001.duckdns.org
kosovo.duckdns.org
monlait-57586.portmap.host
mrmarkangel.duckdns.org
nickdns19.duckdns.org
nickdns30.duckdns.org
office365update.duckdns.org
salesxpert.duckdns.org
wackysite.duckdns.org
wiskiriskis1982.duckdns.org


# Reference: https://any.run/malware-trends/nanocore (Note: as seen on 2019-12-10)

mv-s2s-dev.ngrok.io
mynameisstaff.warzonedns.com
okenwa.hopto.org
1990.duckdns.org
xipp.duckdns.org
34112r.rapiddns.ru
smartcoonect.duckdns.org
duckdns4.duckdns.org
salesxpert.duckdns.org
ipvhosted.duckdns.org
gemalto.duckdns.org
jfcolombia001.duckdns.org
office365update.duckdns.org
kosovo.duckdns.org
codazzixtrem.duckdns.org
mrmarkangel.duckdns.org
anglekeys.duckdns.org
dephantomz.duckdns.org
wiskiriskis1982.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1189592368879722497

201.76.93.201:53896
ruthless.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/185.217.1.137/relations

185.217.1.137:1604
blaert.jumpingcrab.com
jobconnect.ddns.net
makegoodpls.strangled.net
royal69.ddns.net

# Reference: https://pastebin.com/29uSdMAk

godwin.ddns.net

# Reference: https://twitter.com/ViriBack/status/1187040674455130112

194.5.99.46:9090

# Reference: https://twitter.com/Paladin3161/status/1185424238611582977

197.210.52.28:3873
91.189.180.216:3873
dennisjose2v.zapto.org
Maxiron2v2.hopto.org
snooper113.duckdns.org

# Reference: https://twitter.com/killamjr/status/1164514185243430914
# Reference: https://app.any.run/tasks/0da0b775-3f5c-4277-99af-1681833f4a05/

194.5.98.24:4564
recoverypw.duckdns.org

# Reference: https://twitter.com/coderippers/status/1156844258139299840

starlucky.warzonedns.com

# Reference: https://twitter.com/JAMESWT_MHT/status/1145689873489301508
# Reference: https://app.any.run/tasks/4ee7d035-40d7-433c-9be8-44fd02bc7375/

185.165.153.22:2040
giovan234.ddns.net

# Reference: https://app.any.run/tasks/6eb2bffa-4f11-4aec-8b24-3695f22ae99d/

185.165.153.114:2525
mrlogga19.duckdns.org

# Reference: https://twitter.com/pollo290987/status/1115307260996202496
# Reference: https://www.virustotal.com/gui/file/d3cab59fb39c3312b93cbd10fc1f01bef963abdabe7acc30b8a9d101947e3143/detection
# Reference: https://www.virustotal.com/gui/ip-address/181.52.252.80/details

181.52.252.80:1896
cee.duia.eu
duck87.duckdns.org
duckdns63.duckdns.org
duckdns64.duckdns.org
duckdns65.duckdns.org
ja0269485.duckdns.org
josesarmiento098765.duckdns.org
josezulu898989.duckdns.org
juanjosequitero.duckdns.org
marketing.con-ip.com
nick107.duckdns.org
nick89.duckdns.org
nick91.duckdns.org
nick92.duckdns.org
nickd93.duckdns.org
nickddns103.duckdns.org
nickddns90.duckdns.org
nickdns101.duckdns.org
nickdns102.duckdns.org
nickdns104.duckdns.org
nickdns106.duckdns.org
nickdns107.duckdns.org
nickdns44.duia.eu
nickdns48.duckdns.org
nickdns49.duckdns.org
nickdns51.duckdns.org
nickdns52.duckdns.org
nickdns53.duckdns.org
nickdns54.duckdns.org
nickdns56.duckdns.org
nickdns58.duckdns.org
nickdns59.duckdns.org
nickdns61.duckdns.org
nickdns62.duckdns.org
nickdns66.duckdns.org
nickdns71.duckdns.org
nickdns72.duckdns.org
nickdns75.duckdns.org
nickdns76.duckdns.org
nickdns79.duckdns.org
nickdns80.duckdns.org
nickdns81.duckdns.org
nickdns82.duckdns.org
nickdns84.duckdns.org
nickdns85.duckdns.org
nickdns87.duckdns.org
nickdns94.duckdns.org
nickdns95.duckdns.org
nickdns96.duckdns.org
nickdns97.duckdns.org
nickdns98.duckdns.org
nickdns99.duckdns.org

# Reference: https://app.any.run/tasks/ba903cda-43f6-47af-9721-f64028df4ce1/

http://evogenicpvt.net/expt/payreceipt.exe
sain123.sytes.net
142.44.161.51:5219

# Reference: https://app.any.run/tasks/978d8b3f-f303-4b0f-bec9-9879bd144916/

clintonlog.hopto.org

# Reference: https://app.any.run/tasks/811b9caf-71d9-4cdb-b707-a08f8c6a29b0/

harri2gud.duckdns.org

# Reference: https://app.any.run/tasks/9ce5f594-1c1c-4ad2-822d-f904bc946ccf/
# Reference: https://twitter.com/peric0/status/1192862785711083520
# Reference: https://app.any.run/tasks/4b2c22dc-5abb-4c3d-a25f-97cba3f34902/

79.134.225.76:9900
abokiisback.duckdns.org

# Reference: https://app.any.run/tasks/9ddb7ab3-038e-4c49-b6c9-49523f2fd056/

cbswgc.duckdns.org

# Reference: https://app.any.run/tasks/924d69ef-51fb-4e1a-b7a5-d14b7cbae7ac/

194.5.99.6:6789

# Reference: https://app.any.run/tasks/85f5b765-b054-4fba-a50a-91bc39fe1c74/

papa.redirectme.net

# Reference: https://twitter.com/MalwareConfig/status/1191909772376887296
# Reference: https://malwareconfig.com/config/29fb4a3586cfde6569e47c2bb746ec8f

213.208.152.214:5999
strongods.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/185.165.153.150/relations
# Reference: https://www.virustotal.com/gui/file/a643eb192412836ec1053aac2e8e172c6c61d84df92f9340ef5e453e88cf0be1/detection
# Reference: https://www.virustotal.com/gui/file/de7e6813575993eb770ab6bcfd740f57af36e43abba271a889cd57a82ae92d45/detection

185.165.153.150:4922
185.165.153.150:6703
crpa.noip.me
masked101.duckdns.org
rentals.insidedns.com
ru2-pool-1194.nvpn.so
tradcan.duckdns.org

# Reference: https://twitter.com/MalwareConfig/status/1192436545632055297
# Reference: https://malwareconfig.com/config/78efefde393dca7373734ce7af734e9d

novlachy.duckdns.org

# Reference: https://twitter.com/Paladin3161/status/1192421564580429825
# Reference: https://pastebin.com/66DbarxY

cjay55.duckdns.org
deaphnote.ddns.net
fresh22.duckdns.org
indomie.zapto.org
jeffserver.duckdns.org
mgc001.duckdns.org
wazzy111.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1192523361336877056

79.134.225.71:2222
loveday10.ddns.net

# Reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
# Reference: https://www.virustotal.com/gui/file/91d539af85599fda3fb2fb023866b72d64adc2bb95f6153e655cc844564de02e/detection

194.5.98.85:11903
allodeh2.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1191757187254644736

indomie.zapto.org

# Reference: https://twitter.com/killamjr/status/1191561859901673472

79.134.225.61:83

# Reference: https://app.any.run/tasks/62411b4c-8823-4365-a062-0b9c7d6ba5e3/

194.5.97.10:5626
novlachy.duckdns.org

# Reference: https://twitter.com/coderippers/status/1192746152514469888

185.165.153.79:54984

# Reference: https://any.run/report/11b9f94f97662d112f95e7904ce6655265aedc73159a8add62255c11f4456164/46e7ac03-8641-418d-b993-ee8465161c7d

194.5.98.212:4050

# Reference: https://threatrecon.nshc.net/2019/09/19/sectorh01-continues-abusing-web-services/

haggapaggawagga.duckdns.org
ontothenextone.duckdns.org
yakka.duckdns.org

# Reference: https://twitter.com/JAMESWT_MHT/status/1192802828592570369
# Reference: https://app.any.run/tasks/758eaaf7-d81f-402c-89c3-a7b50518607a/

192.169.69.25:5626
meca.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a54d5a01f25dbe968b3aa91075bdbf37d9f6f3e708fbb9a25254166553ef94de/detection

104.206.99.52:2019

# Reference: https://www.virustotal.com/gui/ip-address/23.249.163.24/relations

aysnicacid.duckdns.org
ghorara.duckdns.org

# Reference: https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/

137.74.157.90:33338

# Reference: https://twitter.com/JayTHL/status/1193770501132431360

onetap1309.ddns.net

# Reference: https://app.any.run/tasks/196bcf4c-0931-4c28-a75d-290c6cac7f53/

timnoip.ddns.net

# Reference: https://app.any.run/tasks/53b59d13-1b84-4404-b1e0-8d2441b7ec6b/

duruawka.ddns.net

# Reference: https://www.virustotal.com/gui/file/56a09b378be2c501e310eac94fd83c1921427e26836cf05e57f29667e7e43e83/detection

194.5.98.7:34681

# Reference: https://www.virustotal.com/gui/file/b3d596678e30221b6bfeecb8dbb14d5f3d1e59fa91cfbf5e868d3ec3389bd9e5/detection

88.229.215.159:34681

# Reference: https://twitter.com/MalwareConfig/status/1194363557623877632
# Reference: https://malwareconfig.com/config/435f91dc47a760874856972351300215

79.134.225.17:9583
timnoip.ddns.net

# Reference: https://malwareconfig.com/config/033083d77f3c28bdc460b945500f4ae2

fred.no-ip.net

# Reference: https://malwareconfig.com/config/64baf124e1c1aefb7004ffc957a18b52

fred.bounceme.net

# Reference: https://malwareconfig.com/config/9126e8fb2c26f2aa84d357881d02b241

fedosh.no-ip.net

# Reference: https://twitter.com/ScumBots/status/1195186420509532160

187.38.124.229:5552

# Reference: https://www.virustotal.com/gui/file/7a8ce81d5cecf363f5985e87f53230ca550e17a5997a853eff1408a8b3f5dc91/behavior/Dr.Web%20vxCube

okenwa.hopto.org
79.134.225.115:1505

# Reference: http://wp.hybrid-analysis.com/sample/691bfd494ba62c2f00ee89828a7fe8bbc2272a87fa713b3aa44ab52fba482c45/5db29b37217d93849fe70f7b

meca.duckdns.org
173.254.223.67:5626

# Reference: https://www.virustotal.com/gui/file/df991612aee9e34e5d50881a03d04657ab05be61f01bef964f4752f5a40ab0dd/detection
# Reference: https://app.any.run/tasks/5321e32b-75d6-4d66-9ccc-f9ae9de3eca4/
# Reference: https://www.virustotal.com/gui/ip-address/23.249.165.218/relations

213.208.152.210:8181
aspsensewiretransfergoogle.duckdns.org
christinailoveyousomuchyoumyheart.duckdns.org
isoalibabadocumetfilegoodforspreadsystem.duckdns.org
isolatedocumentwordfilegooodsdfsf.duckdns.org
microsfotgooglegmailoutlook365mailallaregoodformailing.warzonedns.com
projectwatchdognowinlinetoofargreat.duckdns.org
promotionzynovawillzerodacontinuegood.duckdns.org
propackgreatexploitexcelwork.duckdns.org
qeeeeewwswsweerwwerwerwrwerwerwerwere.warzonedns.com
serverstresstestgood.duckdns.org
systemgooglegooglegooglegooglegooglegoole.warzonedns.com
windefenderprotectedwindefendergooglegmail.warzonedns.com
workbigfinetonychuckgoodallarefinezynovaexploitgood.warzonedns.com
xyskyewhitedevilexploitgreat.duckdns.org
xyxyxyxyxyxyxywkworkforworldwifewide.duckdns.org
zerodayv3startedexploitpcwithexcelgreat.duckdns.org
zerodaywwsxwissdfdsfssecccseersscsdfsdfs.duckdns.org
zerosugaraddonexploit.duckdns.org
zerozerozeronullexploit.duckdns.org
zyncxxcciidiiudfisuifsiufusdfisdisifidfisuifisfisifisu.warzonedns.com
zyrstststzzxccxccddfgdd.duckdns.org

# Reference: https://www.virustotal.com/gui/file/48861372dd50d2c45d1b99b12a09ac83d1bfae565dbdf3069557dcb75ae8966a/detection

213.208.152.210:2065

# Reference: https://twitter.com/ActorExpose/status/1196107065338535936
# Reference: https://app.any.run/tasks/b897bf30-fdac-4b84-9f86-0b1a5e3d9551/

skyyy1337.ddns.net

# Reference: https://twitter.com/ps66uk/status/1196766006674362374
# Reference: https://app.any.run/tasks/192dcefd-ff43-43c7-9655-5d9aab847e37/

46.183.222.66:2580

# Reference: https://app.any.run/tasks/933c1a1e-135e-44b6-b7fe-b93bee77a68f/

549351.duckdns.org

# Reference: https://twitter.com/wwp96/status/1196867856195084288
# Reference: https://app.any.run/tasks/03844b86-68a6-49e8-886b-780ec6e96211/

94.100.18.102:4040

# Reference: https://malwareconfig.com/config/417ef753319e86facbfdfe3ffbbe6277

admin777.noip.me

# Reference: https://twitter.com/JayTHL/status/1197303503481397248

austinaccount.warzonedns.com

# Reference: https://twitter.com/BarryShooshooga/status/1197754462657343489
# Reference: https://app.any.run/tasks/0ec81663-e1d9-41ce-85ab-1f3528172b1f/

79.134.225.76:5680
bluefaceoriginal.ddns.net

# Reference: https://www.virustotal.com/gui/file/609958f13635e159b3864fb80a99c2fb79e21a7cf5231068422076e930c44e4d/detection
# Reference: https://app.any.run/tasks/392a3363-69d1-48e2-96f6-491e46a68d21/

79.134.225.105:9213
yodastyle.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1197948846581649409

wrwr3wrw3wrwszz.ddns.net

# Reference: https://www.virustotal.com/gui/file/b9ca0b463bb8cd7d44c8f7713f8e47352cc9cb9ec5d57b3cb59d1a89a85b3e51/detection

79.134.225.105:1980
ncoresnew.hopto.org

# Reference: https://www.virustotal.com/gui/file/b4e75bf5b5d021e5f8fa81b2b5654c52856f460ef3d713652da84000b737bf71/detection

manblues.sytes.net

# Reference: https://www.virustotal.com/gui/file/63824abe9e2c4e0199f9b93a33841bdd01ca9757922bb14179927d6fe30fd28e/detection
# Reference: https://www.virustotal.com/gui/file/aecf95be47027b85863b24cb566abbf712415b87cd8cd8055430252d3918b6a7/detection

79.134.225.105:11754
80.211.133.107:11754
hetro.ddns.net

# Reference: https://www.virustotal.com/gui/file/31b29c53a227bd0008c461d33538899db0673a37dc47e71ae42f0d6b32bfa511/detection

79.134.225.105:4040
ellababy123.ddns.net

# Reference: https://www.virustotal.com/gui/file/a1298e2a11381470214fc9954ac237b90f940972aafe456d3c5c25e14854a6f6/detection

ogalu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/861f022147d6d5cd24c328275a331e20efdb132603b87bc2e609e2668e06e8ea/detection

79.134.225.105:5654
followmeup.duckdns.org
zxzxzxzxzx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4df6fbb979b2e11c724f51d9dad4a34aab0e6eb54e5b466980645a03c7fe999c/detection

192.169.69.25:1515

# Reference: https://www.virustotal.com/gui/file/ad89ce2bad7b926044a3501446950eb4688dc3b595c93b26c98ff204163b0b2c/detection

185.165.153.235:50710
suchwoni13.ddns.net

# Reference: https://www.virustotal.com/gui/file/0f3b7d439b1954c2596dce936334d7176cfcc86a7188c5904befc7a519bd08e5/detection

79.134.225.108:2551
euroboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/28a95d659e621ea85c126b8a3025db231304227d0d1976dea347924fec4a64d2/detection

129.205.112.169:3999
79.134.225.73:3999
79.134.225.92:3999
palaboraeurope.tk
sugarboy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/77626dbd21e1b960bde8f37759b7f4c294d3e80d253ca5dbacc2350217c8c4ab/detection

194.5.97.34:8090
omocavite.duckdns.org

# Reference: https://www.virustotal.com/gui/file/2a956f2356ab57d0ae9c98813ef3efa85ee323e0f5fcfbb6247170253ee3cb4c/detection
# Reference: https://pastebin.com/vbujQzFf

karmina113.sytes.net
karmina117.sytes.net

# Reference: https://pastebin.com/vbujQzFf (1ed84de406e22e35486a849089b6ee0d087bffc5)

216.38.8.178:1996
snup2019.ddns.net

# Reference: https://pastebin.com/vbujQzFf (839f3f1491dba854710981125c52f9d180f94c92)

193.161.193.99:56539
labserver.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4d8d90c1c3a26adbf1291a5bf835836a347a1b58e37448bcbd62b3636c569d31/detection

76.72.161.76:2525
slipp.ddns.net

# Reference: https://www.virustotal.com/gui/file/1d8dbd65bcf660963cf1ed85be9ee2fcee9aab3f95a666c7460633733f025fb7/detection

92.2.5.191:5353
joshuahdn.ddns.net

# Reference: https://www.virustotal.com/gui/file/57c2264244db26b1ccf9b0a0dfd05a50b98f39cc6cb1544e6e912330d1c021d2/detection

85.237.234.153:54984
milosinka.ddns.net

# Reference: https://www.virustotal.com/gui/file/62a108ce957b0fb58f20bc38c1b8a1315ffa235c1cffe3a4934ec46f183ea47c/detection

89.86.77.125:5554
nanpowered.ddns.net

# Reference: https://www.virustotal.com/gui/file/c2a169d61913f7c05ea0d4377a74ec3de0b51449b5671cab8ecebd971e6159b2/detection

85.86.27.28:5555

# Reference: https://twitter.com/JayTHL/status/1199021518728179712

79.134.225.89:1200

# Reference: https://www.virustotal.com/gui/file/ce4c6cb6111a0f49caa3e0e49717c10b7dab36c550b45a61fdb260f1180167f3/detection

79.134.225.89:4488
sammorrisok55.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e5e55eda4187d87e2aef4a3e036f95a13bed19023b45202784bd55b606ebb4e0/detection

jacky99.dynamic-dns.net

# Reference: https://www.virustotal.com/gui/file/5da23838b9636509af8b067794bf6fed586a562d0e27d40b6b9cf02a25fde8bd/detection

wt35712830.ovh.net

# Reference: https://www.virustotal.com/gui/file/7ac083e0c31255bcc283d85e4094384d162f3a269f218d8f1c74d445f894435f/detection

banksmedia.hopto.org
serge231.ddns.net

# Reference: https://www.virustotal.com/gui/file/2a20e4a98b11fa6ab98e828e091cd02093bee698ae0e19feedb18ff15b4cd3c3/detection

79.134.225.90:3690

# Reference: https://www.virustotal.com/gui/file/63758e38a282ef2a624147eb587618cb737bb44c9724de44490773af8d329ec1/detection

79.134.225.90:1985

# Reference: https://www.virustotal.com/gui/file/98da3c893dff87c923d3d717e52f4b452feedd6f41d4a17e969968635efcadb8/detection

79.134.225.90:62098
ashmwin.ddns.net

# Reference: https://www.virustotal.com/gui/file/b49065e32765e0d4812b59e0bc76daa84a85d910a1eb2fe9b06d233cb5bd07f7/detection

75.40.27.225:443
dhoskfnkdgmfdgh.ddns.net

# Reference: https://www.virustotal.com/gui/file/07d64c498247d5189af3089c8755a3cf83844eee7853fd36017a901b05bb7ddc/detection
# Reference: https://www.virustotal.com/gui/ip-address/78.63.252.24/relations

78.63.252.24:1085
herakas.ddns.net
heraklis.ddns.net
narkaman.ddns.net
zajibala.ddns.net

# Reference: https://www.virustotal.com/gui/file/251498dfd4c3bb2d166ac08b340d508d501d8f782e9bb2a0cdb7fea2eac42e44/detection

154.16.248.142:54984
rataskidhost.ddns.net

# Reference: https://www.virustotal.com/gui/file/6e02adb0cb3b676e9f5a01f1d9ed842abdf2c2b88e9cdeb920fa6962ee78a149/detection

185.165.153.28:8181
192.169.69.25:8181
indomieboy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6eb787b5e8bab574fc18422fa16ff902ffedaa96db09f75b20d1cdd709bc8ccc/detection

87.202.139.214:1085
malakismeno.ddns.net

# Reference: https://www.virustotal.com/gui/file/05c3d73f8e4e228a98053b9706f99dc7ba3221f6c793b4d4cd5d7fb4f64b44b9/detection

79.134.225.27:8404
swiz8404nvp.duckdns.org

# Reference: https://pastebin.com/R9U6nSrV (# 20d7808b8520ac8941717934704c2dae7fc06fcf)

bosser.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9df25a0680f2501832d131f5190a2fcbefd5acbce1391dfd2be39de382f786a6/detection

waterboi.hopto.org

# Reference: https://www.virustotal.com/gui/file/97874e0c9ee5f0404eff88fd36b84351f6448cf29260d06b450c9f0d58a7b517/detection

185.202.173.27:54914
54914.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fec4948c1766f6ec9e64de37f257be222bfebba5951dd2cb9f2acb0607e5ebc5/detection

salam3amihamid.ddns.net

# Reference: https://www.virustotal.com/gui/file/ec7cfc7d0e33e19222e3228b5e0f15a08b71ca998fc69aea29bd682bba3d4ffd/detection

agent47.vip

# Reference: https://www.virustotal.com/gui/file/d2d87cc451c345eb50cbc2231780e1685aa94f32cdf957922ef8c197d54dadcc/detection

107.170.231.171:5900
sys32admin.ddns.net

# Reference: https://www.virustotal.com/gui/file/aa9053046e8f5981dd0e8767336d443177bff33e088abfa1f54e32f3aecf3b9a/detection

griqy11.ddns.net

# Reference: https://www.virustotal.com/gui/file/1274c8604ef9d2c5b1674e434367d029ec38c0b09da583091953bbc93d9ef9b8/detection

smbrlm.hopto.org

# Reference: https://www.virustotal.com/gui/file/fa78298b68952c09884eaadf3fb79ef22309f11c07595759bb23e859f5afe0b8/detection

66.55.156.251:443
quaserhost.zapto.org

# Reference: https://www.virustotal.com/gui/file/f18738147fad6a8065a3eb11c6e5275cf9a2ec9cd4cfcbf1a6c925f0d308cf7a/detection

181.52.109.69:1881
tjtjtt.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a904623cfecd7383df1e4a825f7918144103fb1268b17540b426b280f884fb4/detection

74.121.190.134:57201
57201.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0254011164ac22194856c7ec4e49825ce49b8d9a49162f03b0807cf9a04a9c5a/detection

79.134.225.6:7005
rimoy788.ddns.net

# Reference: https://www.virustotal.com/gui/file/48f1ca1c0cdcbfbe5623996d806a5d321631f61ea4867aff026f09f833424dea/detection

212.100.79.97:60400
212.100.80.44:60400

# Reference: https://www.virustotal.com/gui/file/09b60e0478b099a43a9f9b7cb1c411817b2bc72b67d4f59e20d0a07cc676d630/detection

121.122.83.251:5476
192.69.169.25:5476
calitoway.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4f2bd7d1c7655bbef4fd0d802326b24c9c0535b949051bc3b76ec44449732d1c/detection

192.69.169.25:1996
nickdns17.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6d7f6350940be633a2bfbe1288f02d30004920f742591807e5162005cef9a121/detection

192.69.169.25:1994
194.5.98.186:1994
beretta.com.de
donald3m.duckdns.org
sandra.myddns.me

# Reference: https://www.virustotal.com/gui/file/0828eef606d3304ee937f3b120e1e1307c8405fd60d88c43877bf969df4bcd68/detection

donald7m.hopto.org

# Reference: https://www.virustotal.com/gui/file/a47d2fc55701f2e88e2607d24033d145d328a6374dcccea2b6e482af9fa987f4/detection

alien34.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1fa5b42f19a46c7ce789a9efb0b1309efad5311ac7314400ce57d7bb443ff7e4/detection

192.69.169.25:500
rat225.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0177d447df7c967a32bb0db374aaceafe7b5746f55df836aa1e61061a19eee84/detection

192.69.169.25:1888

# Reference: https://www.virustotal.com/gui/file/a84047d17c2de9048186e9a003842789b42c8144bf33cff4148d24a782981290/detection

192.69.169.25:10138

# Reference: https://www.virustotal.com/gui/file/8711947da95dc3ee51ec589ceb1b8a59ce816d99ed20e721de7344c9e689536d/detection

192.69.169.25:1896
nickdns18.duckdns.org

# Reference: https://www.virustotal.com/gui/file/722474240a20dad3d351732b856733dcbca7340b43d74961907e526a7602570e/detection

192.69.169.25:5476
calitoway.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5783d35c5cfcab04344f714f8d0d2af11339e1057e436e48e14ef8251fd6c859/detection

192.69.169.25:1909
outofspace.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e9a4f82ac7549f3052a233f6684c3ed2e8bc545349711673ff51809051c6e9c1/detection

192.69.169.25:1759
papacapa.duckdns.org
punditx.duckdns.org

# Reference: https://www.virustotal.com/gui/file/31561a3b9942397289d64dfa474511b2e95ac8447e0796ad7808f8609d949ee3/detection

192.69.169.25:54984
95.70.237.198:54984
ethernet.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/5dd60a52f8b6391dd8d35af79b129d7acc570734f01683bc269e8065fe3bcd09/detection

46.234.76.75:5555
kokuz55.ddns.net

# Reference: https://www.virustotal.com/gui/file/8363a76dd357211c19ac8e5db137bfae558b360c42bb07b968b39a905291ae57/detection

109.60.99.112:5555

# Reference: https://www.virustotal.com/gui/file/816e526a6663db59eea32f7e70cf9dc02b5dcd203e1c2a712e4ec137f24717ad/detection

46.234.79.190:5555

# Reference: https://www.virustotal.com/gui/file/15e70ff6c0dbf4c31310bcae19207f4faf7e511313ffa9bd559e9526ff5e04d0/detection

109.60.96.111:5555

# Reference: https://www.virustotal.com/gui/file/7021c8735e587ceb70cd8669a7347222dc23ac60df168e4bb1cc6eb3f4a26069/detection

46.234.76.75:220

# Reference: https://www.virustotal.com/gui/file/123c0d7a6836f2d4d97c6dd8b037df4d76a28abd6d1658525a912b8aab51329b/detection

109.60.99.210:220

# Reference: https://www.virustotal.com/gui/file/edbfe10569d57d34a49164acb52d0b0339a29360dccbbb2b715a65390a42fa7d/detection

46.234.76.75:4500

# Reference: https://www.virustotal.com/gui/file/2f54439717f7d1885d3cba453523993255fb53e75cab95d0fc96f4fc5cbcd44e/detection

109.60.96.144:220

# Reference: https://www.virustotal.com/gui/file/b9db088360693d4085eab59fbf805d11a63534b986a9e19318aa8e0b49bff3e3/detection

109.60.98.121:220

# Reference: https://www.virustotal.com/gui/file/036cc770e228ac94439d2f794c94a1aa0f6fc3f9949706fd59024295694b2a50/detection

109.60.97.56:220
46.234.77.242:220

# Reference: https://www.virustotal.com/gui/file/c460389a1d330a2a0a8a9ded11d539f898d87b8c649dc01717c9db8e80edb355/detection

109.60.99.83:5555

# Reference: https://www.virustotal.com/gui/file/3cc526c93917097f054fe01bd09843afbf7f961dd41a21aaed27bd63942f7391/detection

109.60.99.112:220

# Reference: https://www.virustotal.com/gui/file/2fad5b2c45ed6af3b4da7afa76e0f5129ef5f4fd2e91fe4f1e54a2cc84c0b265/detection

109.60.99.78:5555

# Reference: https://www.virustotal.com/gui/file/41a490e0f29fa958c7e9c8015db8de79cc34ef0b38f6f49d99f469b7d3db1729/detection

109.60.99.78:220

# Reference: https://www.virustotal.com/gui/file/3deced03ecfd55b8c2c5b64b8f6e71ecde2b1c7900ff798c2d105713c111c9ee/detection

46.234.79.89:220

# Reference: https://www.virustotal.com/gui/file/ba19d91251a9b50e4eb6404dd771e5024b12c90c9e260cded154c092d946429e/detection

46.234.79.89:5555

# Reference: https://www.virustotal.com/gui/file/50bdb55a1f2abc8b17960118383f490f6f27ebcce4fb3c3c7d573aa063e5e978/detection

megafundz.duckdns.org

# Reference: https://pastebin.com/0sWcZD0s

185.140.53.165:2017
87.104.146.247:1337
88.214.57.2:1220
aarmandobronca99.duckdns.org
asshost.duckdns.org
bigchungus6969.ddns.net
chutr5.ddns.net
haddadi23.hopto.org
newlifenow.duckdns.org
racikmordo.ddns.net
sshsdgsfasfasfa.duckdns.org
strkserver077.hopto.org
teamtanic.ddns.net
testesri.ddns.net
upcheck.duckdns.org
updateserv.fishdns.com
wasder123.duckdns.org

# Reference: https://pastebin.com/gN5E4UW4

indomieboy.duckdns.org

# Reference: https://malwareconfig.com/config/a3076d09d7d8f104d4b7403c781f9f7e

79.134.225.28:6071

# Reference: https://malwareconfig.com/config/9ff5de50283209ba286bdba8285074a1

olodofries.ddns.net

# Reference: https://www.virustotal.com/gui/file/a7f308beb88e305c09aa36b10a535f2f7a0bc9f9de96be8ea2cfd44e84f430d0/detection

46.183.222.55:10001
79.134.225.125:10001

# Reference: https://www.virustotal.com/gui/file/3cdb5f9d5ad2a024a3e0b62b253b87df784f901c6969c53dd04dee96abc8bfa5/detection

79.134.225.58:1985

# Reference: https://www.virustotal.com/gui/file/4c5f6119cf732f621e7f60d2b35536a2262eb06fa926ee5cd9570f049a06121b/detection

79.134.225.58:2016
malam.ddns.net

# Reference: https://www.virustotal.com/gui/file/aba1e5f7a42a88d8a82b8e5e329da7395946048577aeac4603e1f312310485a1/detection

79.134.225.58:1222
rghfff.chickenkiller.com

# Reference: https://any.run/malware-trends/nanocore (Note: as seen on 2019-12-04)

jimmycharles2468.ddns.net
randydidier2468.ddns.net
ubananocore.ddns.net
sandra.myddns.me
prayersanswered.hopto.org
gratefulheart.ddns.net
888rats.duckdns.org
grafeulheart.ddns.net
ijomsdavis1.ddns.net
blessingfollowme.myddns.me
volodymyr.gotdns.ch
slimyuyo.duckdns.org
vemvemserver.duckdns.org
special2019world.mymediapc.net
3forall2019.servesarcasm.com
jiddeshot.duckdns.org
saintjames.publicvm.com
joeiyke22.duckdns.org

# Reference: https://malwareconfig.com/config/4ba2538a416bfa6290086867211afcb1

149.202.233.219:54984

# Reference: https://www.virustotal.com/gui/file/ad5c2223166859c196b192af7c5663cb0c38c6c9d1fe5369a131277876d7886e/detection

78.155.201.178:9080
officemicrosoft.net

# Reference: https://www.virustotal.com/gui/file/f4bdc830a0f600e857b21a5727f1c4ace80986b2ccfe9f496173be5aee43e3ff/detection

91.193.75.181:19833

# Reference: https://www.virustotal.com/gui/file/aedb83be078fbbd78e896fb1a76bc031c3c9dbd630310d33b50f8ad3e2d4fbd2/detection

185.140.53.102:1906
91.193.75.181:1906
elumadns.eluma101.com
joey.daniel2you.com
oluwa103.hopto.org

# Reference: https://pastebin.com/7Ak2nP2T

chimurenga.duckdns.org
khurramchalingang.ddns.net

# Reference: https://www.virustotal.com/gui/file/c7166eed554c291bb360237fb9c16585b46e551cf2b2b84b5521dcbf195ff084/detection

leaf360.ddns.net

# Reference: https://www.virustotal.com/gui/file/2a31bb74f367ce969dd3c3633f3071fffcb2e16b962c254622280c96fd5c61cd/detection

79.134.225.123:3734

# Reference: https://www.virustotal.com/gui/file/82263488003298cf0594297805b1f031ad8f9ea0ccf611f199a9c40fdd3e1592/detection

185.92.239.16:3734

# Reference: https://www.virustotal.com/gui/file/c7591966e55642b02297423033873627e514d6be4ea5ee34032a63e98f3b7511/detection

178.239.21.22:9090

# Reference: https://www.virustotal.com/gui/file/cf4ee1a039523a78c3fbbae7df5c0e7c5259d357defc4a118531711036ac609f/detection

79.134.225.77:1218

# Reference: https://www.virustotal.com/gui/file/320881ea124021d0db542c890f69cce660b6b1c670831555dc25cc500da42ee4/detection

79.134.225.101:1994

# Reference: https://www.virustotal.com/gui/file/9c2c69a11771e0cbe4a62c0407243ca8aae4105f6dd863cb2df7fdda55bc00ab/detection

193.161.193.99:41435
rizelol-51335.portmap.host

# Reference: https://twitter.com/James_inthe_box/status/1204111427708964864

216.38.8.179:7568

# Reference: https://www.virustotal.com/gui/file/0a2e00ef38f15a22a0d4d63206f7972735829b12f9ebd83218099686202cb1f7/detection

79.134.225.121:5291
saintjames.publicvm.com

# Reference: https://www.virustotal.com/gui/file/930ec93a4c774ce014afa836249d130864cdd4f264410694fc66ccb3de86d08a/detection

79.134.225.121:1994

# Reference: https://www.virustotal.com/gui/file/465be0961c7e3157f94cc8dfce1f85770469ec0cc21cae667d51a1b411fd80e7/detection

192.169.69.25:3410

# Reference: https://www.virustotal.com/gui/file/87902a913a981c06a12d1acdca222cc1236ad4ae9d1d026c134d245dced0fd38/detection

79.134.225.121:4152

# Reference: https://www.virustotal.com/gui/file/7e2e315cfe1ffe1853acb095db5a9121bed39b5049cb1c6cca685a94c620a00e/detection

jogodo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/77973c42e00481f2545a49bfb609e3f4308b1c568476b92e742c6615fa95980a/detection

79.134.225.121:9879

# Reference: https://www.virustotal.com/gui/file/beb357a8009c9e56d410f7d1ed570f99057fe72b8aeb790d9ff01b9a81319d6a/detection

79.134.225.7:5314

# Reference: https://www.virustotal.com/gui/file/a92d5ee40c9fb483a5ac0f97d3211db8e9ce4f1a0c292dcab001bcc988223eb1/detection

217.20.114.222:8282

# Reference: https://www.virustotal.com/gui/file/66e2e5c5b082dc05180525ee443c2dd8e2717de73c9f5d3eec36a3e19d75ac9e/detection

129.56.125.113:54984
217.20.114.222:54984

# Reference: https://www.virustotal.com/gui/file/0c539d4ad0f070b803ce8602ee06f2bafcf2062bbf13db6d1988780abb6c98e3/detection

79.134.225.71:54984

# Reference: https://www.virustotal.com/gui/file/225192e851bff4bf22d07250041dd92984d6e388a3e87a0d2c1241bd4a10edc2/detection

129.56.30.141:54984

# Reference: https://www.virustotal.com/gui/file/2a0c4bfbb072e3d4b6bd68aac56cca963fa8391103fcad0558afd93697b7397d/detection

91.193.75.78:1961

# Reference: https://research.checkpoint.com/2019/decypherit-all-eggs-in-one-basket/
# Reference: https://www.virustotal.com/gui/file/658cc303e2386e54b7175d09a6230326bbe62779ea87fb581696fa2a47b33ae9/detection

103.53.199.248:3166
185.165.153.148:3166
27.122.14.57:3166
troyfin.hopto.org

# Reference: https://www.virustotal.com/gui/file/45b4460fa4d9d6c917b82d9075bc74e500eebe5c5ce0bea46d3160e2dafbed74/detection

79.134.225.104:4050

# Reference: https://www.virustotal.com/gui/file/c8ada32e94d7d51f2b4f67f8ddc2e810211516f8d3ca6f6f582252ca73db34a9/detection

103.200.6.62:1943
185.165.153.22:1943

# Reference: https://www.virustotal.com/gui/file/039c9de4afd2878fa4b8f7e23e71b66b7ae37ff1f69b60d2b5ccf069fa0bde2a/detection

185.165.153.22:9781

# Reference: https://www.virustotal.com/gui/file/83924c884223347900b272b5715af5e7e13de9e70bfeded995c878503339a00c/detection

185.165.153.22:1993

# Reference: https://www.virustotal.com/gui/file/1937e6fdb1684391d04d94297477a4005607904c4d744858429f41f81d1b853f/detection

185.244.29.20:2040

# Reference: https://www.virustotal.com/gui/file/ddd07fb3a7189389dd72284b268130f14366695c344b24d70fd07057874b009e/detection

sammyxy.ddns.net

# Reference: https://www.virustotal.com/gui/file/5e736d99dfb2e444d1f153b877c6f985efa5aa870458b462e1c9f8d6a2e558e1/detection

cjax.ddns.net

# Reference: https://www.virustotal.com/gui/file/5223df133728f2f2fc2e8beceacb516324bf841d6816fedff87e2e252e0ebc2b/detection

adababy.ddns.net

# Reference: https://www.virustotal.com/gui/file/b772bffaafb31edeefc30c53f7c8ccaaf0c4bf6fc7f0756e18282980ceea7716/detection

185.165.153.22:7080
calebnew.duckdns.org

# Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html (# Win.Packed.Razy-7434602-0)
# Reference: https://www.virustotal.com/gui/file/aff30bb8b3b1c243c716e904e91eb06f9494076fa053a91897d8a277f2caba0c/detection

107.172.83.151:8973
dec8973.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6a16217a4bf366e4c1de062cacd825aaaa6dae1b386173072065d72a33c0107a/detection

192.169.69.25:8973

# Reference: https://www.virustotal.com/gui/file/31708a93ff6a5d46899f93e048355fc187ad505ea0723b091bef15ca45f7cdfe/detection

94.73.32.235:3176
pns.no-ip.info

# Reference: https://otx.alienvault.com/pulse/5cc9df384121a7e224ec5fe4

12345dick.duckdns.org
140nick.duckdns.org
24e26s2854.wicp.vip
419millions.chickenkiller.com
54911.duckdns.org
549351.duckdns.org
aaa3.ddns.net
abundantgrace1.ddns.net
adobemoney.linkpc.net
adslservisi.sytes.net
africa147.hopto.org
agosto26.duckdns.org
agxagx.ddns.net
alaazatewi.ddns.net
alaincrestel1900.ddns.net
alexbread.ddns.net
alexthomas.ddns.net
alexurch.ddns.net
aliprince0422.duckdns.org
allensmith.ddns.net
alvb.duckdns.org
anderchuka.duckdns.org
anson1223006.duckdns.org
apple11.ddns.net
arabs.duckdns.org
ariascopetrading.hopto.org
arnoldgood12.hopto.org
asbconstructionltd.chickenkiller.com
aspens.publicvm.com
athack.hopto.org
avt.duckdns.org
awaissoft-60523.portmap.host
azertylol.ddns.net
babafred.ddns.net
backupdata.sytes.net
backupson.duckdns.org
bamerica101.hopto.org
bankofamerikaa.ddns.net
bara.ddns.net
battys.duckdns.org
bdonserver.warzonedns.com
beast1111.ddns.net
beast999.ddns.net
benekopaccc-40921.portmap.host
berekia29.ddns.net
bhuyanplastic.duckdns.org
bigcuck69.ddnsfree.com
bio4kobs.geekgalaxy.com
blackhill.ddns.net
blazemark.hopto.org
bliss123.ddns.net
blowmm.duckdns.org
bobbrother.duckdns.org
bombingday.ddns.net
boxoffice.camdvr.org
bright1.awsmppl.com
brockles.duckdns.org
brockmax2v2.hopto.org
bskd.zapto.org
btchtu.duckdns.org
bubun.duckdns.org
bugnas.duckdns.org
buike.duckdns.org
bukis228.ddns.net
burningtorchinc.gleeze.com
businessjungle.dynu.net
calebnew.duckdns.org
calitus.hopto.org
callistools.ddns.net
cashflow.hopto.org
cbswgc.duckdns.org
cdy.ddns.net
cdy22.duckdns.org
century32.ddns.net
ceo123.duckdns.org
ceo223.ddns.net
chiefphillip.dynu.net
chimurenga.duckdns.org
cj419.ddns.net
cjay55.duckdns.org
claire2019.ddns.net
clerfgee2345.sytes.net
clinton.hopto.org
clintonlog.hopto.org
cnvibe.duckdns.org
connectings.ddns.net
cornerx.duckdns.org
cquestt.duckdns.org
cracked1.ddns.net
cracking123.ddns.net
craftedfollowing.duckdns.org
criscris.hopto.org
crypted.duckdns.org
cumtap.ddns.net
daddyhandsome.ddns.net
darkkerem2003.duckdns.org
daronbk.ddns.net
dataserverr.duckdns.org
dbb.turbo-sy.com
deaphnote.ddns.net
defaultx.duckdns.org
deluxehacks.ddns.net
doc-pdf.ddns.net
docsc.ddns.net
doddyfire.dyndns.org
donchisom.duckdns.org
donp.duckdns.org
dubelucky19.ddns.net
eagles40to.mywire.org
ebubu.duckdns.org
ebukakings101.ddns.net
eizzymoney.ddns.net
elcoblast.ddns.net
elizabeth221.ddns.net
etoiilefiiilante.duckdns.org
euroboss.duckdns.org
eventuary.ddns.net
ez.pusatiklan.net
ezefab.warzonedns.com
ezeugojnr.ddns.net
ezexgm-39781.portmap.io
fabulous.myftp.org
faith.dns-cloud.net
fbpa.duckdns.org
firebot.ddns.net
fortnitehacker.sytes.net
frankwill12m.ddns.net
fredwil.ddns.net
freefortnite.ddns.net
gatm.duckdns.org
geebrastanley101.ddns.net
geminterbiz.hopto.org
geppasser.ddns.net
get-fucked.chickenkiller.com
ghgses.duckdns.org
giovan234.ddns.net
gloire25.ddns.net
glorylinkgroup.duckdns.org
glorylnter.hopto.org
gochii.ddns.net
gojust.publicvm.com
goodluckwar.duckdns.org
goodwork11.duckdns.org
goodworkomo.duckdns.org
google-service.camdvr.org
gotchabitch.ddns.net
graceofgod.myftp.biz
gregvictor.hopto.org
grene231.ddns.net
gulenterprises.ddns.net
hacksfree2019.ddns.net
haddadi23.hopto.org
hadkhadma.freeddns.org
haul.duckdns.org
hellomicrogreen.iptime.org
hernapeksashdc.duckdns.org
hondo.duckdns.org
housk.giize.com
housrk.theworkpc.com
hurryg.chickenkiller.com
ibidado-62758.portmap.io
ibidado1.hopto.org
icraxandhax.ddns.net
ify.duckdns.org
ilovepussynanjuice.ddns.net
intechwraithh.ddns.net
irc12.ddns.net
irofuuzo.ddns.net
itforwarding22.hopto.org
itrysohard.myq-see.com
itslabibmazafaka.ddns.net
iykemann.duckdns.org
jagnwses.duckdns.org
jasoncarlosscot.dynu.net
jasoncarlosscot.hopto.org
jaybaba.ddns.net
jbond.duckdns.org
jeffd.warzonedns.com
jinomoney.publicvm.com
jmodz04.ddns.net
jogodo.duckdns.org
johndickson.ddns.net
johnsylvo.duckdns.org
josezulu898989.duckdns.org
jsuf.duckdns.org
julio26dns.duckdns.org
julioskaod.duckdns.org
justgo.linkpc.net
kabilablaze.duckdns.org
kalakuta.ddns.net
kaykayblessed1.ddns.net
kenw16570.ddns.net
kf123.ddns.net
king8950.duckdns.org
kingdevil.ddns.net
kurumaraji.hopto.org
kuwaitware.duckdns.org
kw9d0.duckdns.org
lachy212.ddnsfree.com
lambertofield.ddns.net
larbivps.freemyip.com
latestlatest.ddns.net
legendklr.duckdns.org
legionopeh.ddns.net
letmethrough.ddns.net
light.pusatiklan.net
lightmusiclove.ddns.net
liuo.duckdns.org
lovemego.ddns.net
lukeharley.duckdns.org
lunovim957.duckdns.org
macoop80.hopto.org
madetosurviveman.ddns.net
maineone.sytes.net
mallorca.myftp.org
mamacapa.duckdns.org
manblues.sytes.net
manofficial.ddns.net
marinjack44.ddns.net
masa1834.duckdns.org
maxcoop.ddns.net
mcmp.duckdns.org
meeti.ddns.net
megida.hopto.org
merchanttgateeway.ooguy.com
messiflow0.hopto.org
mgc001.duckdns.org
microsoftnet1.hopto.org
minecraftbeta.ddns.net
mk14a.ddns.net
moneybag042.warzonedns.com
moneytimmy.duckdns.org
moran101.duckdns.org
motherpure.duckdns.org
mpnano.duckdns.org
mrlogga19.duckdns.org
msgamers.ddns.net
mwlhc.duckdns.org
mypp.ddns.net
myspyvirus.ddns.net
nacoreloaded12.ddns.net
nagoor.ddns.net
nano.freemyip.com
nano.speedfastmaking.com
nanocore-rat.ddns.net
nanocore511.ddns.net
nanoman.ddns.net
nanssss.ddns.net
nawaooh.duckdns.org
neshoitry.ddns.net
newlifenow.duckdns.org
newmicke2019.ddns.net
news.banquealtantique.net
nickdns101.duckdns.org
niiarmah.dynu.com
nikkycharles3.ddns.net
njb.webhop.info
nnjhjhjj.duckdns.org
noface55.hopto.org
noipme.ddns.net
nonox.duckdns.org
nuttara20003.ddns.net
obinna.duckdns.org
octocrypt.duckdns.org
officeofgrace.ddns.net
officeofgrace14.ddns.net
ogbeni.duckdns.org
oge.mywire.org
ojoe.ddns.net
okoyehenry93.duckdns.org
omogost.duckdns.org
onyeka.onmypc.org
onyex.duckdns.org
pacotdc20.duckdns.org
paninindia.ddns.net
papalove.ddns.net
papaya.dynu.net
pay1.duckdns.org
phoneci.sytes.net
playboi.hitlers.best
ploplo29.ddns.net
pointboilling.ddns.net
ponnyhurb.duckdns.org
praize19791.duckdns.org
primaryjet.duckdns.org
privatejet.duckdns.org
projectcocainelol-44211.portmap.io
punditx.duckdns.org
qbasic.duckdns.org
qintoo.duckdns.org
quadki.duckdns.org
queen101.ddns.net
raaqtwo.duckdns.org
randydidier2468.ddns.net
ratterxzy.duckdns.org
rattingkidbyluk1e.ddns.net
rbenjamin9696.ddns.net
recoverypw.duckdns.org
reisshasbigp.ddns.net
remitancegp.duckdns.org
renaj2.ddns.net
restartusa.hopto.org
rhwrhwhnejtervvrh.ddns.net
rmagent.duckdns.org
roadkillz.ddns.net
rownip.3utilities.com
russell.ddnsking.com
sain123.sytes.net
saintjames.publicvm.com
salesth009.ddns.net
salestokyo.hopto.org
sarce.ddns.net
secondnano.duckdns.org
setoff.ddns.net
sgdjncbgbxf.duckdns.org
shedyshedy.ddns.net
shutdownnsa.ddns.net
slimkudi3.ddns.net
smartcoonect.duckdns.org
socrate.hopto.org
spyhostinc.hopto.org
sqlkali.ddns.net
sradanet.bounceme.net
starlucky.dynu.net
starlucky.warzonedns.com
stawa.ddns.net
stilla.hopto.org
stumptowncoffee.publicvm.com
sunnyslock.publicvm.com
talentino.duckdns.org
tecklink.publicvm.com
testwork.kozow.com
thecyberhunter.loginto.me
thefrench.duckdns.org
thompson62.ddns.net
tiggs.ddns.net
timnoip0123.ddns.net
tristanatt.ddns.net
troyfin.hopto.org
trustkemi.duckdns.org
unclepurple.ddns.net
urbancinomm.ddns.net
vanillatest.ddns.net
vimlatedrock957.duckdns.org
weiindoz.ddns.net
whithart.myftp.biz
willsdavo2243.ddns.net
wilsondedavid.ddns.net
windowsssl.theworkpc.com
windowsupdaters.zapto.org
windupet.ddns.net
winnermessi147.ddns.net
wm649.duckdns.org
wood12.hopto.org
workbox038.hopto.org
worldwar.ddns.net
xfelix.hopto.org
xortox.ddns.net
xred.site50.net
ysl4lyfe.hopto.org
zonepay.publicvm.com

# Reference: https://www.virustotal.com/gui/file/4a9c6e59e33faa38977042afef734ffb9dc0a48c4e9b45b1e801073d6b46487b/detection

103.1.184.108:14246
scotindustrles.com

# Reference: https://pastebin.com/DL88qggt

eziokwu.zapto.org

# Reference: https://www.virustotal.com/gui/file/093dc4ab67a1952c26364696ca6a050de10e89f4f5e607e9c990c3db168e16c7/detection

105.112.108.176:3940

# Reference: https://www.virustotal.com/gui/file/a103cf94e1c7a00e335468b3d1e6971a1d73b35a761309d701dca47124169f74/detection

192.169.69.25:3940

# Reference: https://www.virustotal.com/gui/file/b1cf48d0b8119e2199c035d3c30d30a9418a121face57fdf0a24b6f3b9917bba/detection

79.134.225.70:3940

# Reference: https://twitter.com/wwp96/status/1206662163869380608
# Reference: https://app.any.run/tasks/df03d2b9-7980-4d85-a45b-f9ccfabb8f67/

105.112.104.52:1122
meeti.hopto.org

# Reference: https://www.virustotal.com/gui/file/44128f896c81c987a3a1797fbb2189ed137a4e082bd75b54e210303f8309956e/detection

185.244.30.14:1515

# Reference: https://www.virustotal.com/gui/file/4cc11ea57e15249af8410af1e10c0341f23664374586fe49c99ff8ff6a3d7897/detection

185.244.30.92:2017

# Reference: https://www.virustotal.com/gui/file/f8e6208bbc555c355f1e5b53a075986e2fe48b96869eabfe05c4d5b64781853d/detection

216.38.8.178:1996

# Reference: https://www.virustotal.com/gui/file/fb84ec938980c586a0e3e09c2ee1b72470710410897c26fd0cb30e29f3e5c374/detection

105.112.113.16:1996

# Reference: https://www.virustotal.com/gui/file/6f78b7ee6b31f2abb8aae3dd7aa9607b6f06c8df17c413c96c4739220a591848/detection

105.112.114.213:1996

# Reference: https://www.virustotal.com/gui/file/6196d266c62c140ae09c3b34dc024e9ef4480c06a27ef196fa7039199357ef6d/detection

105.112.120.121:1996

# Reference: https://www.virustotal.com/gui/file/d4d2ad470439bd1db2fb5d8678e03e00cacaa6d833ef8fbd15f0741caede176f/detection

105.112.120.121:1012

# Reference: https://www.virustotal.com/gui/file/ba9e99d355b7843cfb2159a144635cce9fa0e8146f67cb87ac9b4bac2a5c5150/detection

79.134.225.7:1012

# Reference: https://twitter.com/cyber__sloth/status/1206888692373217280

departdec.duckdns.org
sherimix.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f2815cb9d788bbfb7477592e6171ca38a3b9b4ec33748ae743cd32acda6bdda5/detection

185.244.30.8:5626

# Reference: https://www.virustotal.com/gui/file/8a7b705238a8098f26508bc366c7038da8e601d73e9b142950c2eabe64b04ab6/detection

185.244.31.18:3190

# Reference: https://www.virustotal.com/gui/file/4ef427c44993ba51d2e053d7db6008fa1c5cff6fc323371c9930eae423a9213a/detection

79.134.225.77:3190

# Reference: https://www.virustotal.com/gui/file/f20088ca692a320e19503848fff4d08f246e613d7f33c14288ca18531d2bf6be/detection

185.244.30.206:4050
kissmeifucan.ddns.net

# Reference: https://www.virustotal.com/gui/file/ed2edc3e28859f2490579093573ec334c6730ba00118009c312c061355996a30/detection

197.211.58.57:4050

# Reference: https://www.virustotal.com/gui/file/98314f51bc3ffe17fc519463e8ae447f7c1af6eeddc6816aced730fee104d1c4/detection

79.134.225.74:2404
alalamai.ddns.net

# Reference: https://www.virustotal.com/gui/file/eecc5a1053bb3fbb0489dc8bf7fc45a49f814d7242033e72d6385608292d2c47/detection

79.134.225.118:2404

# Reference: https://www.virustotal.com/gui/file/2cb5d5f17629c68c2f200a61ecb5c8943025f2eed41a5afeeca5af363f8088e0/detection

192.169.69.25:2404
79.134.225.97:2404

# Reference: https://www.virustotal.com/gui/file/e384ac881a15832f464abb0530e7e208b4762402078049c1f2a2ce5868d941d2/detection

79.134.225.95:2404

# Reference: https://www.virustotal.com/gui/file/fe2ccdb689004cc6ab3f7ba41820e7ca2992de461dc7e1340d24b6ba5e784742/detection

184.22.100.107:1975
184.22.100.107:5556
maxcoop80.hopto.org
maxcoopa.ddns.net

# Reference: https://www.virustotal.com/gui/file/772f34c944c7a9781bbf2b81c6a68c620740354aaecdf6af2dbbf874e00981f3/detection

79.134.225.71:1975
79.134.225.71:5556

# Reference: https://www.virustotal.com/gui/file/e1bdd60b5f91bcb4fe4b4405dc49680d4e2980e5e06ca221b3f6c8705f413923/detection

79.134.225.71:3535

# Reference: https://www.virustotal.com/gui/file/20f9064ff826bf18edf82534e93c3bf9273e480df957b65b8154ee59fb21d2f5/detection

79.134.225.71:1985

# Reference: https://www.virustotal.com/gui/file/48679e8c30ac4a08159ec57844961a2d005bab631fab062c69cf3b1cf6a2c3b0/detection

maxcoop1.ddns.net

# Reference: https://www.virustotal.com/gui/file/f26251b1dbd35a776863c86c7d0983f1d0b2621bd4004480c232904b89caa8a6/detection

79.134.225.100:9091
79.134.225.71:9091
bedlinezone.dynu.net
tourismes2.ddns.net

# Reference: https://www.virustotal.com/gui/file/a741707af0fcfc7694bdcf9e8c8e64a5693a316a49b708415ba14e2ceb2b7801/detection

79.134.225.71:4922

# Reference: https://www.virustotal.com/gui/file/d505fad83bd1cb861766f13000a8465774f8cd21e0bbcd6813c40a686aa2a7c6/detection

79.134.225.71:5314

# Reference: https://www.virustotal.com/gui/file/ec737127b8f837132f1349de3cbba49c5f22fdb8cc7baee72309eb122a9ab5a1/detection

79.134.225.71:1104

# Reference: https://www.virustotal.com/gui/file/fbe93093b3d244858e45f056adccaf045eec5b9dbfba3e7d46945895b38c2acf/detection

amelia869.ddns.net

# Reference: https://www.virustotal.com/gui/file/c04548d4218739cba4b320b75c8cc58f8cc1d18996226344b892e0140e273798/detection

79.134.225.71:9000

# Reference: https://www.virustotal.com/gui/file/38d3d278e68b84fa8f67058c38780710899c75cb185279f7967c1d3b861e1f0d/detection

maxcoopar5.ddns.net

# Reference: https://www.virustotal.com/gui/file/4cd61b4a631171e3ae9c9f1885c47211a8b2010be50af083b76de0b5bcf442ab/detection

79.134.225.92:3200

# Reference: https://www.virustotal.com/gui/file/394a026a1212e1d9c4ba5bf78f22cc1973bbc77937a18910557832fc87837ccb/detection

139.28.218.156:3200

# Reference: https://www.virustotal.com/gui/file/494d8064873d1794d6d571f54d8ce047b57d8ab621893ce9decea75017e7a880/detection

79.134.225.92:3001

# Reference: https://www.virustotal.com/gui/file/1659106dd4afb2d7e00d555274b175433649fbb3e99ab0a01cef6cbc6d64d7ec/detection

81.66.92.104:1188
mouche666.ddns.net

# Reference: https://www.virustotal.com/gui/file/bad6508e55a52052df8225ee3da34768100708e2968ab4ba50dfab1cbf7dfaf7/detection

184.82.58.11:6521
mammozzz.ddns.net

# Reference: https://www.virustotal.com/gui/file/cf9deb6200baf4ef9cefd4168701378c16ba502b6e1886aef9f322c2072e501e/detection

184.82.51.149:6521

# Reference: https://www.virustotal.com/gui/file/2362d63df84c0cc9dc7de087661e8841cea8719c4778ed8de9a3f68b5b8631c0/detection

181.58.155.117:8091
frankproxynue.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b266e96c304e00f0c3f15dda67fe91d4e71d923a18817c948226d2e477bf4e55/detection

18.188.14.65:14221

# Reference: https://www.virustotal.com/gui/file/eb553b15c0c741a471ad9f450c0ac7021c730dd5f2dfcd793c6b4a723749c8ea/detection

3.17.202.129:10290

# Reference: https://www.virustotal.com/gui/file/3c19e707a265ab2547bfbeb768ec993bcec6e8cb759d0ef625e235d91cdbc81b/detection

18.188.14.65:15968
18.223.41.243:15968
3.14.212.173:15968
3.17.202.129:15968
3.19.114.185:15968
3.19.3.150:15968

# Reference: https://www.virustotal.com/gui/file/40092d2d1b277932c662da54abf2485606340c236fae05fe5b0f92af1316c81e/detection

3.17.202.129:13347

# Reference: https://www.virustotal.com/gui/file/4453c7911af6ad9dc7304945a6e2903d2d1e91f4c0c29b579bcfc1158a12c317/detection

3.14.212.173:16669
3.17.202.129:16669
3.19.3.150:16669

# Reference: https://www.virustotal.com/gui/file/b29cbfea850709b62cafe6f85f2be2a5aaa9fba0264106bc53f968cdf36b05ae/detection

18.188.14.65:13085
3.14.212.173:13085
3.17.202.129:13085

# Reference: https://www.virustotal.com/gui/file/6ab5bf4fb0b007c362728696c783327dc86ba738249e0382077f1617f255ce2d/detection

18.188.14.65:17145
18.223.41.243:17145
3.14.212.173:17145
3.17.202.129:17145

# Reference: https://www.virustotal.com/gui/file/62b1fe85a6d2c0a76dd8209096cfb6017ac31c43e22b6a99448f7f694bd33046/detection

18.223.41.243:14768
3.17.202.129:14768

# Reference: https://www.virustotal.com/gui/file/46eb0f1d53416bfe8c0b7ee8ed0466f03633bbfdc4ee0e61c49e2817f7c45b6b/detection

3.14.212.173:16908

# Reference: https://www.virustotal.com/gui/file/38e48eb11029a3086955d6ab492e2206f1af12407cb168b3a89241c935dcb650/detection

18.223.41.243:16908
3.17.202.129:16908

# Reference: https://www.virustotal.com/gui/file/cb1e5ffac2e74da17d37cab6ae0b14e9e0ab522595f836919d5fc5bd33178699/detection

18.223.41.243:11928
3.19.3.150:11928

# Reference: https://www.virustotal.com/gui/file/43924dff1961d5bb62bd22686ffd3e4ddff4cc14a298f4329df2f1390f1e7d3d/detection

3.14.212.173:14915
3.17.202.129:14915
3.19.114.185:14915
3.19.3.150:14915

# Reference: https://www.virustotal.com/gui/file/a59791a43e661617ec6902a9c184ebdfc0717dfeef709910db37ebdfa98ac056/detection

3.14.212.173:15491
3.19.3.150:15491

# Reference: https://www.virustotal.com/gui/file/b914093514750b886e528e9fd140ce06b25bcd3df12df0a3b6dc2dac0a34d2f3/detection

18.188.14.65:17551
18.223.41.243:17551
3.14.212.173:17551
3.17.202.129:17551
3.19.3.150:17551

# Reference: https://www.virustotal.com/gui/file/617fd7610d64ac96a7d28d9defe1d679e82100d7c1596b54d346b8fe0f61515a/detection

18.188.14.65:17074
18.223.41.243:17074
3.14.212.173:17074
3.17.202.129:17074
3.19.114.185:17074
3.19.3.150:17074

# Reference: https://www.virustotal.com/gui/file/457c9854bd2c3411f6c9c6329f668401ca31267ad72551384c06a2f943cb9b28/detection

3.17.202.129:10759
3.19.3.150:10759

# Reference: https://www.virustotal.com/gui/file/8dab74c874a04fe65e10ccfe0b7a828b999af2a3a484083fbe5087aa4904ba28/detection

18.188.14.65:19346
18.223.41.243:19346
3.14.212.173:19346
3.17.202.129:19346

# Reference: https://www.virustotal.com/gui/file/2104dbad25a038809dd43cc4e3605dce20cb16ceef612df983553f60ca2d2be0/detection

18.188.14.65:14826
3.14.212.173:14826

# Reference: https://www.virustotal.com/gui/file/eca7f77ec653c3f94b3b6fa095fc665c2f81501e0bf3b3ac242dd9839747bbdd/detection

3.14.212.173:10361
3.19.3.150:10361

# Reference: https://www.virustotal.com/gui/file/17c826dc00cbc8cf90c5b5838cbbb8ab301b713ff3e3a0045715eaac827b0ed2/detection

3.17.202.129:14224
3.19.3.150:14224

# Reference: https://www.virustotal.com/gui/file/8e8b26b9d52ef35c72fc27770b79281093ed8c26740b257c8bfab66dd80eedf8/detection

18.188.14.65:13588
3.14.212.173:13588
3.17.202.129:13588
3.19.114.185:13588
3.19.3.150:13588

# Reference: https://www.virustotal.com/gui/file/c904d3eefe624fec4ed6506e5fe6ea0e66defdcf073642f687b124052e27e632/detection

18.188.14.65:16499
3.14.212.173:16499
3.19.114.185:16499
3.19.3.150:16499

# Reference: https://www.virustotal.com/gui/file/cdfc486618abedfc3be629585eb7b7cff96f7ae6c153366b6ce199165409a913/detection

3.17.202.129:16499

# Reference: https://www.virustotal.com/gui/file/38d1f625b48edbbd6004cec3fcd58ed83a99076f27dd1870add5d0770d8a6cfc/detection

3.14.212.173:12418
3.17.202.129:18965
3.19.114.185:12418

# Reference: https://www.virustotal.com/gui/file/b01c51c496438a588835a05a3a0406a65e3f21abd4e6f470b32fa2ed47c361b7/detection

193.161.193.99:32238

# Reference: https://www.virustotal.com/gui/file/9ea3870a5d3784c8bfcdea665cb1a084befd43c32d2f599f659b9f973e1309b7/detection

193.161.193.99:31928
ramram65-31928.portmap.host

# Reference: https://www.virustotal.com/gui/file/ed45624508fffaf1a417e1d7b9648733d197303437740e438a6526becdc606ec/detection

mifec-53733.portmap.host

# Reference: https://www.virustotal.com/gui/file/32014861da3653cb533c4e75bc1b80d2aa871cc723263daba2872c6a1126b7e9/detection

mf2199601-27273.portmap.host

# Reference: https://www.virustotal.com/gui/file/0dab3ac345d292876a0b3a8b8c825c3c2b1415e9c0e5d8d0aef2804e28e6b0aa/detection

193.161.193.99:22201

# Reference: https://www.virustotal.com/gui/file/ab70e9b072898b3d24b6c926cb6b6dc3d003b04f40a0812c32b697878b259557/detection

193.161.193.99:25679
79.134.225.112:25679
ghfsquad.duckdns.org

# Reference: https://www.virustotal.com/gui/file/078008691e9f2dadd795d39912b1e95274ddd18000b7242b604a571c338145b1/detection

6234786296875-60237.portmap.host

# Reference: https://www.virustotal.com/gui/file/5e88faead8cd217f6d4ebb9a4358ae8bdf75b1e76539ac8b7cf1baa673652b0c/detection

finera6504-54829.portmap.host

# Reference: https://www.virustotal.com/gui/file/9491e950532e7146031c687c94a29b0124b3fa30aa4b71d001f09874a756f3d3/detection

193.161.193.99:63239

# Reference: https://www.virustotal.com/gui/file/e21ee37c0b0f68c8307f907c3925b73852884d4a50d5a59d35e4c80b2807656e/detection

185.19.85.159:5000

# Reference: https://www.virustotal.com/gui/file/5089ed799eb09f8e2aea7e6dc822fbe77579aef8ee83a7d597566c05d21ef86b/detection

18.188.14.65:14401
18.223.41.243:14401
3.14.212.173:14401
3.19.3.150:14401

# Reference: https://www.virustotal.com/gui/file/b266e96c304e00f0c3f15dda67fe91d4e71d923a18817c948226d2e477bf4e55/detection

18.188.14.65:14221

# Reference: https://www.virustotal.com/gui/file/3c19e707a265ab2547bfbeb768ec993bcec6e8cb759d0ef625e235d91cdbc81b/detection

18.188.14.65:15968
18.223.41.243:15968
3.14.212.173:15968
3.17.202.129:15968
3.19.114.185:15968
3.19.3.150:15968

# Reference: https://www.virustotal.com/gui/file/048f14b39831bdae24b03b5a791921f8005a3ac585fe9fa6a4f02a23f0b18d3e/detection

ghfsquad.duckdns.org

# Reference: https://www.virustotal.com/gui/file/22fff4018f58d7c3200493c6ce6d244384a4566af3eac6604d668c20fe3507d5/detection

ludwigh.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ab70e9b072898b3d24b6c926cb6b6dc3d003b04f40a0812c32b697878b259557/detection

193.161.193.99:25679
79.134.225.112:25679

# Reference: https://www.virustotal.com/gui/file/cc559587825877b40a955baeea22039cbc35813ee00e139fa6a3c90b7355283a/detection

79.134.225.112:8192

# Reference: https://www.virustotal.com/gui/file/c7c4f46fdc24cdac5a4980740ca8a03d60b2c3d8291c61ca96d13941071c630c/detection

18.188.14.65:17619
18.223.41.243:17619
3.17.202.129:17619

# Reference: https://www.virustotal.com/gui/file/43924dff1961d5bb62bd22686ffd3e4ddff4cc14a298f4329df2f1390f1e7d3d/detection

3.14.212.173:14915
3.17.202.129:14915
3.19.114.185:14915
3.19.3.150:14915

# Reference: https://www.virustotal.com/gui/file/a59791a43e661617ec6902a9c184ebdfc0717dfeef709910db37ebdfa98ac056/detection

3.14.212.173:15491
3.19.3.150:15491

# Reference: https://www.virustotal.com/gui/file/b914093514750b886e528e9fd140ce06b25bcd3df12df0a3b6dc2dac0a34d2f3/detection

18.188.14.65:17551
18.223.41.243:17551
3.14.212.173:17551
3.17.202.129:17551
3.19.3.150:17551

# Reference: https://www.virustotal.com/gui/file/617fd7610d64ac96a7d28d9defe1d679e82100d7c1596b54d346b8fe0f61515a/detection

18.188.14.65:17074
18.223.41.243:17074
3.14.212.173:17074
3.17.202.129:17074
3.19.114.185:17074
3.19.3.150:17074

# Reference: https://www.virustotal.com/gui/file/3ebeb1f70b6579b6d6f7bb7a8303e954538980e450f345a7d634347e3d959821/detection

18.188.14.65:14542
18.223.41.243:14542
3.19.3.150:14542

# Reference: https://www.virustotal.com/gui/file/7e7577c914ecdbde12687cccda1eb7f0e6aa92bd8d506ac0e7a31b48a6cb9126/detection

18.223.41.243:4444
3.19.3.150:4444

# Reference: https://www.virustotal.com/gui/file/f41f1d81faeae84c1a9a88e58be89258fc479370f998cdde6f278bb2a8683935/detection

3.19.3.150:15185

# Reference: https://www.virustotal.com/gui/file/ed79b6da2d9aff76f722a1e66198a2747263e70bf13c1dcc13ef3fc0121fbd04/detection

18.223.41.243:13600
3.19.3.150:13600

# Reference: https://www.virustotal.com/gui/file/4ecd3fdbfd578b052b275bf320c638da4dae912693bbdb48f3f4d1c5f96c57b4/detection

18.188.14.65:14585
18.223.41.243:14585
3.19.3.150:14585

# Reference: https://www.virustotal.com/gui/file/8db2ade5d9158959f3fdaed2a556aa2d0a49b80cf6bb92fa3a4efcf4bcf9fa07/detection

178.124.140.136:1809

# Reference: https://www.virustotal.com/gui/file/f656b6cabbabc361a98fc10e70b80b00ba90dc3229ec979446f616f77b10d7bc/detection

178.124.140.136:2404
183.136.216.229:2404
nonnyd007.duckdns.org
nonnyd111.ddns.net
nonnyd111.bounceme.net

# Reference: https://www.virustotal.com/gui/file/9e42f0e6689fe9531a094d09e6b32edcdebdd1505676c08cbd487bfce73c5182/detection

178.124.140.136:5499
brucenanocore.strangled.net

# Reference: https://www.virustotal.com/gui/file/c9e92891eaf68aac8046da31cc2ad1e6c47c30d60bcbf38c1b94ec4e9b5e26fc/detection

2BruceNanocoreme.mywire.org

# Reference: https://www.virustotal.com/gui/file/2fddfa966358c9ef994566abdafa11b9d35bf41bf78378764aa847f8b3936890/detection

178.124.140.136:9321

# Reference: https://www.virustotal.com/gui/file/1ede3ee78c97f7e85d142943402e2a6c7234832cc596597f65f8b30ff77925e1/detection

79.134.225.108:50956
mardinmagicc.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc7d574ae8a394ce71db6cb3330f23b9719fda0ab91e9d33129566f1a582f327/detection

178.124.140.136:50956

# Reference: https://www.virustotal.com/gui/file/dda5d221e9ac6b2a2e779a38022618d8e6a162c4dd751ae8b8dd03c796fabeb1/detection

181.58.154.33:8090
nuevoproxy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/47f399288dd6cf10c822c60c8d5a226bb1b653b96b1efdb5007ae2335ec24e5b/detection

wilsooon.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1f84001e63b3ad164680854ef9fb924272f10aea0309edd955dc20044cb2069d/detection

181.58.154.33:8097
neuvoprxych.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3bef100ec761cf03c6fd1a14056ce6e0115b7c473f141df24e0c0d1280f200a7/detection

elrompeculo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3f418ee8b49c3b843753a191fb30aa33dfa20ef97f826d6d6b0ed25de0820599/detection

185.101.92.3:1543
uniformmm.ddns.net

# Reference: https://www.virustotal.com/gui/file/a9134c332a0d161ee9911d92098ba878f1f8149ee30f868c1f31c513b67e2f23/detection

185.101.92.3:555

# Reference: https://www.virustotal.com/gui/file/214bf6420145504d496c988a2e003a134edc1e6d34d75a3b7fbb11fcdecddffa/detection

185.101.92.3:4567
hostnamehere3221.ddns.net

# Reference: https://www.virustotal.com/gui/file/f6b0302c07863abca103f6351d1be9fe45c45e2264308f5e876dd2fc21438dbb/detection

185.101.92.3:8942

# Reference: https://www.virustotal.com/gui/file/df7ac7026a687e11e8a04843cdfc10826662612609a66b4143ba92f8935b0f8e/detection

154.233.206.57:3606

# Reference: https://www.virustotal.com/gui/file/a34cfef9623b451397ea588c5e147c24feb8632d6b93ab1f897e954b01cc8584/detection

196.183.170.62:50000

# Reference: https://www.virustotal.com/gui/file/5b1ba114696a36cca4877f2a78d3fce9ca508d8309fd79888a86ba4407ccea3a/detection

192.169.69.25:50000

# Reference: https://www.virustotal.com/gui/file/92076a0eaf867a24c275bd8c7ca67367727b17a8a7039dd9969baa9f91d13803/detection

91.193.75.130:5577

# Reference: https://www.virustotal.com/gui/file/f3b9ece03446aaf6812787af22c7aa1c64147afc89c015767320df1150e93df4/detection

91.193.75.95:6767

# Reference: https://www.virustotal.com/gui/file/cb2de7f5a09779a76272efd77c45c21ddb40c86e590bf93d1247fff91074f296/detection

104.244.75.220:5200
herold.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/cb2de7f5a09779a76272efd77c45c21ddb40c86e590bf93d1247fff91074f296/detection

104.244.75.220:7788

# Reference: https://www.virustotal.com/gui/file/9b625089db69dcd9a4bd37ac3e4c3fe01771aa8813792db9950608dc526c56e8/detection

104.244.75.220:9053
yeetustest.hopto.org

# Reference: https://www.virustotal.com/gui/file/6291a9f4ac7dbb741f317c61b7f60bb5d9bc064abeb47e66292ededbfcb38966/detection

104.244.75.220:7172
104.244.75.220:4199

# Reference: https://www.virustotal.com/gui/file/0b05c6f6e71641668dc8ab8cd85c88fe056a9416b4e0ba6ca3e4494f03e73a71/detection

104.244.75.220:38199
awdawdwa.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e6ce3753cb68b162f63e9f7cddbce5f1f565121bc611c43123661f8dd7a18db7/detection

104.244.75.220:9301

# Reference: https://www.virustotal.com/gui/file/721ff56645d9b040ff0704303ea2ff404891b5b90cdb181d4849974993f60357/detection

104.244.75.220:4714

# Reference: https://www.virustotal.com/gui/file/2a868cbaa45f10a390c03eb533cbee459263758cc63e5fc19448ee1ba9b1272e/detection

109.41.194.231:4714

# Reference: https://www.virustotal.com/gui/file/8e7ee641d22f74c79c7836e8676e9820dd61093e59d6933609c418ec1dcb54a2/detection

104.244.75.220:5552
77.30.230.177:5552
anon.dynu.net

# Reference: https://www.virustotal.com/gui/file/f8333b1937cc6a6b63fee46404b65be8d8962d8f387cfb9abdbeaf7160732bb3/detection

104.244.75.220:4492

# Reference: https://www.virustotal.com/gui/file/3d0fbfed00f92b9d215733b5bd042fc9812101e1bfea3690b54c3d6d8f557f4f/detection

79.134.225.112:8512

# Reference: https://www.virustotal.com/gui/file/2d710e99a83080c4ec8e6b4c34d8330ff4459ed211b142a0bb427a92942f22d0/detection

79.134.225.112:2018

# Reference: https://www.virustotal.com/gui/file/d959d357dac740b5eed96bc85b4b0016a8bb5e2fdf76d60e370978314d463f6a/detection

ceo1212.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/dbcf96c272001efbcd4b9064ff07505e22d325a292cd837a6328a146ff61689d/detection

79.134.225.112:1985
emanichikli.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7cdcf238c4f72fb9bcd44aebf2b96eaed767451ffe255486160abaf5fbb25c92/detection

79.134.225.112:10001
blazeblaze.ddns.net

# Reference: https://www.virustotal.com/gui/file/e3d56b5128b727addbd7d43de64174fc2e8a1bda132eb12e63a1f7714329fdfc/detection

91.193.75.49:3400
mansalorris.ddns.net

# Reference: https://www.virustotal.com/gui/file/8585a8c535ccead00c76edeb3d922323565cddd6f1703ab2105365412e8ae3dc/detection

91.193.75.49:2444

# Reference: https://www.virustotal.com/gui/file/ac85f6bd887fda2a0d470e4fde35f2af1432a0dc1707a9a4746cb57c6e58892a/detection

91.193.75.49:3369

# Reference: https://www.virustotal.com/gui/file/4224da4c2ff5b00bf5a3cdb0240b45a41d68ed8e6c32264a4681d33f86ef77d5/detection

ken419.chickenkiller.com
kenosky.ddns.net

# Reference: https://www.virustotal.com/gui/file/f9436595968d10a0b1b146e8e970e3bf1c9faf8f9ebdb2b583e31888c4189623/detection

79.134.225.97:6565

# Reference: https://www.virustotal.com/gui/file/fda4b6acd7c4277dc30ed516c360957a931043c6881de0eab69c77ab217a254e/detection

79.134.225.97:9737

# Reference: https://www.virustotal.com/gui/file/e916e056b9d5efb8a9c866f7819929e2fd40c59f42adba734baba08484c89cea/detection

79.134.225.114:3369

# Reference: https://www.virustotal.com/gui/file/c7b590eb0e8fad463d05ea8386a554dd39d02a9b052d4a658b6eb10d6e02901c/detection

79.134.225.122:3369

# Reference: https://www.virustotal.com/gui/file/3c9d86be0837c561a345c71e41387c04aac3b69f4cb533092926bf7dac1af342/detection

79.134.225.99:3369

# Reference: https://www.virustotal.com/gui/file/90a1ba4011f5df93fa18c72bff8f8c300a74cd50b5571b3946cc4a96e8ea2534/detection

185.140.53.95:2551
sebaseuro.duckdns.org

# Reference: https://www.virustotal.com/gui/file/51b14de8aa45b3015b96ecd599fe43efbec8ab7fe4c1d2b88f6bcb010f8ba564/detection

176.9.122.21:3336
94.130.239.15:3336
185.244.129.107:5200
sifebui.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/6af387a64a8cc32b1045743bb0d484292cb4741d7c4fcbcbdd22d02c7f33474f/detection

185.244.129.107:54984

# Reference: https://www.virustotal.com/gui/file/8ce21f775dd62bbb983e5e38c6b7a0c353d8751e028409a3e6f5fa9bc7205f24/detection

185.244.129.107:1996

# Reference: https://www.virustotal.com/gui/file/2ce1bc3f8566eb8c67134ba50081853c8dd74dcf3b3cf15fde02b2330e3c1df4/detection

185.244.129.107:1111

# Reference: https://www.virustotal.com/gui/file/1626baf23e94a9d97660fc39a83293b306a94ba0bb7a9a12c9b5910f8bf55bb8/detection

185.244.129.107:6969

# Reference: https://www.virustotal.com/gui/file/69edcfc3ccdd3fc311bac8c7d30c1e9598838849ba4b88f2a086b8734771c913/detection

79.134.225.85:54984
79.134.225.118:54984
getlogs.hopto.org
homyme.hopto.org

# Reference: https://www.virustotal.com/gui/file/38e67216901a8f1b035fb53ef5cd0b90e074d35fd364e7500ed6442c723f75b7/detection

79.134.225.73:7149
blissmoney12.ddns.net

# Reference: https://www.virustotal.com/gui/file/53b66b10fbb3d262266ca30a76ef3523cacffc249b624d68e17de932e076c5ea/detection

79.134.225.118:6987
diala11.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bcc20cc6fdde32260163db65096cd4c70e197f45d38d1e041807410794cbbc33/detection

79.134.225.118:54985

# Reference: https://www.virustotal.com/gui/file/18b578ba26202a2a2e7083bdcd5bd4dd093661ff0e4e316fbcea59397584f9b0/detection

79.134.225.118:3030

# Reference: https://www.virustotal.com/gui/file/1c1a804c8bc1fe9610fca25c8cbf16045b49766a79da5c9eb9ebea2cb6b7643d/detection

zsdwe.ddns.net

# Reference: https://www.virustotal.com/gui/file/8d9d0a5f190bb82dfe0005203c7f75acef0fd8047b80ce1b779e10fad0ac5931/detection

91.193.75.66:20188
zigf.ddns.net

# Reference: https://www.virustotal.com/gui/file/b29d9d38be189a8b35dd223d2dc7c1f701b23cc7fa48d69edaefca5b1b251307/detection

91.189.180.199:2707
wixed.speedfastmaking.com

# Reference: https://www.virustotal.com/gui/file/ad1339af6c284ed966c739401f4e5e97d55c13d1d1fb62f114780fe6aa97b94f/detection

181.52.103.29:1896
nickdns26.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b6d95e33ce0805589eadf7d6a27070a4154e1bfb6b4b998be0343043f6fea163/detection

192.169.69.25:1896

# Reference: https://www.virustotal.com/gui/file/597b4ca12cda81ad162829ef96071e66abd6a6de21bcb9f09c03a0c34b3d787c/detection

noch419.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/3768cd12daf7eb339a56ed62a35a14f12a696c15731b8fc6704f2f3a46a3e49c/detection

alexnurmela109.ddns.net

# Reference: https://www.virustotal.com/gui/file/1c0f8bb31d034bd8841b61f46e280c8a3f648788d31fa9c1c6ad949bb12e829e/detection

91.233.116.105:5042
eliboy.ddns.net

# Reference: https://www.virustotal.com/gui/file/85e80c6f19458024a810c599e997a8c3e54c1e22316d18c000221884c8dbd4ca/detection

91.233.116.105:10842

# Reference: https://www.virustotal.com/gui/file/580c58deca6b3117e03707c9e27f200a1c64d1a62d4c975c3805732333b686ec/detection

91.233.116.105:9868

# Reference: https://www.virustotal.com/gui/file/f731cb13ea188f26b510684bb74976fdc91b7b4c9eb49432fa1e981757d299a6/detection

42.115.19.255:9868

# Reference: https://www.virustotal.com/gui/file/d5dd0426bfc54c05559af8880d54beb7e4becfeea7a0f3e998957087300df362/detection

79.134.225.6:5712
91.233.116.105:7203
pierreeldaher.ddns.net

# Reference: https://www.virustotal.com/gui/file/82602fe5311fb11e3db7dc4358441f229bd1ddbc7ea22cc5628ee2422ea0f300/detection

91.233.116.105:2008

# Reference: https://www.virustotal.com/gui/file/5394b645dc5e99216de82c4e9e42f5fd880b15463337b2d9b91028e3e9fd1a53/detection

78ifngbu.ddns.net

# Reference: https://www.virustotal.com/gui/file/f9b0c1245e9e11983310629899824e323bf5dc657d97329f3c3e38c6ac5a48c8/detection

91.233.116.105:56982

# Reference: https://www.virustotal.com/gui/file/1bc87a52a0a57278ead8e1104902f58d0c7a5cf10febc758580fb81d4042ccd9/detection

193.161.193.99:40921

# Reference: https://www.virustotal.com/gui/file/d0ba2c003cb44a1b94a3accb7d30a4d05ea235b50aea72c91156286c1f2e8bd0/detection

193.161.193.99:1019

# Reference: https://www.virustotal.com/gui/file/0ef2355f705c31f9c510ed4deee0bc4a5ddcb5d5d26a9a94b35adedd2c9b2505/detection

197.210.55.13:2033

# Reference: https://www.virustotal.com/gui/file/a6a9bcff33099e92b9e8dd9195733983a7034d65d35f5d7b6242fca16436f4cc/detection

79.134.225.72:36380

# Reference: https://www.virustotal.com/gui/file/6e837bcb37f70c86a1d8aac5e42aa36336220e93d63b7ae451ca6c4f9dee096a/detection

79.134.225.72:5454
ewills.ufcfan.org

# Reference: https://www.virustotal.com/gui/file/0db74f2fc1f161cdcccddaca7d825bfc91054ac39bdf3631849ab2df7d343e53/detection

79.172.242.29:36378

# Reference: https://www.virustotal.com/gui/file/14c67c40100dbc7684f4cb440742c58ac5abb73c14745c487c0bfe114432940c/detection

79.134.225.72:8153

# Reference: https://www.virustotal.com/gui/file/b9f211ca817ee3c892fbe38b31d8e9cf4951edd514b9533438cb5fcc433e4598/detection

105.112.52.198:6690
79.134.225.72:6690

# Reference: https://www.virustotal.com/gui/file/d505673bd7bc008592d71a2b7ff6660dc4352f120aabffbb47fdcd0c638d6d7f/detection

79.134.225.72:33933

# Reference: https://www.virustotal.com/gui/file/262e429b5551d414e9bdcb7a179bbdea962119cfd23fb33810e77ba56671d5cf/detection

ambit10.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cd8b31328a688c29ec077b14648fdd55bd5afea4df93f52030ab0aabef79820a/detection

5.62.62.239:1503

# Reference: https://www.virustotal.com/gui/file/5ca2fd3e3b26a7bc590b1332b5976c5b24fdfbdc5747da48287a320679a78683/detection

starlucky1.dynu.net

# Reference: https://www.virustotal.com/gui/file/b88aee0b1e70baa4a740bcec88a741ebb3b61f7f8e3360fd58a0eb38a23899e3/detection

79.134.225.72:3535

# Reference: https://www.virustotal.com/gui/file/168493363a7b5aad9a6ace37d9c6d7ee2e853ab5b2d05baec3e87f40e3ea9659/detection

79.134.225.72:2033

# Reference: https://www.virustotal.com/gui/file/6227a06d987fb90e671dc998ce8dab78cde2b1c8747836bcdce46e9e98184bb5/detection

79.134.225.72:6011
microst324.giize.com

# Reference: https://www.virustotal.com/gui/file/097b934995ccb05663cecefa0291267e72f0a64e10894ca42551c3c5d938eacb/detection

197.210.227.213:2033

# Reference: https://www.virustotal.com/gui/file/f6c435047c27951a7088d71dd6d5f6ab247bc367b2b27a891607a6cd26e97adb/detection

abangwuemmanuel94.ovh.net

# Reference: https://www.virustotal.com/gui/file/8fb6815d18b02a74c22cb16b5c5e6268453c980df8a7f76e97e82e27351f6167/detection

79.134.225.72:1999

# Reference: https://www.virustotal.com/gui/file/2f080673e2590f87e65dcbe9bf480e815cfb98ed625ddf6c881a54aaea8c888a/detection

79.134.225.74:34681
88.229.203.24:34681

# Reference: https://www.virustotal.com/gui/file/f6aa685beb9a092360bb8d8915e7b68a0a8e528f02e84ce82efdc57d32d711ad/detection

79.134.225.72:9110

# Reference: https://www.virustotal.com/gui/file/75812e37521129679dc11280d588f1efbf389f9d8a5cd81fde8a39caaaccd8c2/detection

79.134.225.73:3434
nowahalaewe.ddns.net

# Reference: https://www.virustotal.com/gui/file/126f58bc8b4575c9ebe71f726ac25e1381acb67d7c6411182ec37e7334946792/detection

79.134.225.73:6393

# Reference: https://www.virustotal.com/gui/file/d3e8103bba7d8b2e4f52d575df077f899e0b5ccab8e54f3cd091be0a3a938a83/detection

79.134.225.73:8181

# Reference: https://www.virustotal.com/gui/file/51052fd0cd4e0f85018fbfdb736045d4561203e451a84cb48bc56199c4e9fc4a/detection

42.115.18.212:7656
79.134.225.73:7656
albert109045555.hopto.org

# Reference: https://www.virustotal.com/gui/file/7a9befc421814f35d81aebc3d47341e1b29662131be56f5ac20bd867acf912bd/detection

197.211.58.127:8181

# Reference: https://www.virustotal.com/gui/file/e83ef3374d2d0b943ec6e59fa8da7dfd912c4393154f71d54f8e6e8897be30f7/detection

79.134.225.73:6003

# Reference: https://www.virustotal.com/gui/file/d421e135a7480a6dd92dc2bf22729542da11d2d1cbb7d8ab0675e3b5e62d12fd/detection

197.211.58.95:8181

# Reference: https://www.virustotal.com/gui/file/2c71a924d8c20cea3be22c0b403b577c7bba104a528dfe9736a724c28049a4d8/detection

213.208.152.196:8181

# Reference: https://www.virustotal.com/gui/file/905939ac2724217e860892088d3901bfed2a1d5208b77b7d83f84d73ddffd59c/detection

79.134.225.73:2001
adikaremix.hopto.org

# Reference: https://www.virustotal.com/gui/file/01933cb24077a81c3580c1c066b0c48e9c588d95e31df2979193441e4e7dc62f/detection

82.102.17.122:2001

# Reference: https://www.virustotal.com/gui/file/65d1fb614241f771b59aa8bd4b0a5ab129b944e970b3c2a93503edeaa88e445a/detection

xyzindustry.hopto.org

# Reference: https://www.virustotal.com/gui/file/7973f4689aa8f60918dcf195ac6bcdb1aedfbe0f56574918145810232c3e73de/detection

197.211.58.135:8181

# Reference: https://www.virustotal.com/gui/file/bfdd986c06db7af18170f4958d0bf0f4d9bb92d00413b9ce9b10269a9544ca0b/detection

42.115.49.50:7656

# Reference: https://www.virustotal.com/gui/file/2243db2c7a14d0846222806fbe4f91a55b0f84649f454e9261f074a4756d2a07/detection

79.134.225.73:20118

# Reference: https://www.virustotal.com/gui/file/31caf27f777866cafa5ed619628e4c039ab6872ce4a288e3b1af8029525741f5/detection

79.134.225.73:8282

# Reference: https://www.virustotal.com/gui/file/c1f71d7547ce96052e057cf77c4c6af952973113adc1a25a80da10666e90a750/detection

dalpzy.ddns.net

# Reference: https://www.virustotal.com/gui/file/127b1d549cc114f02db9fc4fa2dc7a5adb77963827a379526fa0c16a39e2ddab/detection

108.211.192.169:1085

# Reference: https://www.virustotal.com/gui/file/c4a2d24a66c76f64124e7b856d46df4211366a8b2b030750a26532dd747f88e5/detection

jrexy.ddns.net

# Reference: https://twitter.com/cocaman/status/1214084915471495170

analyst.spamcannibal.xyz

# Reference: https://www.virustotal.com/gui/file/b48934041e4bb3e55d3d5a30eb8a613695bc7f90a1d1e9b790ef7de91b2efcf3/detection

192.253.240.11:6774

# Reference: https://www.virustotal.com/gui/file/404fd3ac3ac87f9b115a7e22129909154af934057ff83e33eee88afc6944f067/detection

185.244.30.4:11011

# Reference: https://www.virustotal.com/gui/domain/nanocoreratd.ddns.net/details

nanocoreratd.ddns.net

# Reference: https://www.virustotal.com/gui/file/76252d2c26dde0bdf525711b11fbede81a5add73ae06e0e3ff3d316f21077095/detection

194.5.98.28:7203

# Reference: https://www.virustotal.com/gui/file/69a2f5f6f083f476574777392f3702e4c44f99ad9884740dfa020ea5b257194e/detection

154.120.88.80:7203
79.134.225.8:5712

# Reference: https://www.virustotal.com/gui/file/1210e64a487568b581de88c6669e54b28692a14cafd2c9803fbb4a7cbba2716f/detection

185.165.153.15:7203
79.134.225.8:5711

# Reference: https://www.virustotal.com/gui/file/d5dd0426bfc54c05559af8880d54beb7e4becfeea7a0f3e998957087300df362/detection

79.134.225.6:5712
91.233.116.105:7203


# Reference: https://any.run/report/438f92ef7a0650f72954b5636b40ec2112defe32541c0351ea62987a72d6500b/1f7b133e-d6da-4671-bab4-a20d26b80822
# Reference: https://any.run/report/62ac84ba831bce835274bc6e57db62066a93a219c328716891b19a1677667f7e/ef08220c-811a-453b-b8f9-dd20a62a5077

papacy.ddns.net
kkssa.chickenkiller.com
primedelivery.net

# Reference: https://twitter.com/ScumBots/status/1214663352854540288

194.5.97.34:9090
omcavi.duckdns.org

# Reference: https://app.any.run/tasks/20dc289f-ed01-4c63-8a05-12ccd9213ecb/

xeliteme.us
tats2lou.ddns.net

# Reference: https://www.virustotal.com/gui/file/86c8896067480a260f931692b6f2223d603415a0708e8d16cc5ead90f9b22ba3/detection

86.90.27.189:5678
spowpow12.hopto.org

# Reference: https://twitter.com/ps66uk/status/1215035648899452929

185.103.96.151:3012

# Reference: https://twitter.com/James_inthe_box/status/1215290232355966977

185.165.153.129:5421

# Reference: https://twitter.com/w3ndige/status/1215366283404959747
# Reference: https://app.any.run/tasks/4dacd054-e58f-4d81-b9b5-4afe25a037bf/

185.244.30.23:1001
192.169.69.25:1001
abokijob.hopto.org
aboki0419.duckdns.org

# Reference: https://www.virustotal.com/gui/file/76007a8f8bcaea779bbe998e8ce38b154c274fd9cd7b461bdd09b37a13ae460c/detection

185.19.85.139:9900

# Reference: https://www.virustotal.com/gui/file/48f52c87b38b91436943196dec0923f9412007a61ea31ac99ed2c10e3a5b7a23/detection

185.244.30.23:9900
192.169.69.25:9900

# Reference: https://www.virustotal.com/gui/file/d8c2b06570a0c86994d2ddf5b0e98d69365d9541ff262a03f4c1271d2def4cff/detection

jemoederspow.ddns.net

# Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/

185.165.153.165:49153

# Reference: https://app.any.run/tasks/fc78adae-45ff-4832-aa97-ee472f6629b8/

abokijob.hopto.org
185.244.30.23:1001

# Reference: https://www.virustotal.com/gui/file/864ab11cd4f2b167f86c3fa3a295dc5825ab961003afda2d7a827c97becb51f8/detection

66.183.41.207:5353
filip1.ddns.net

# Reference: https://pastebin.com/pwvLeQ9S

75.157.67.9:8402
jacobip123.ddns.net

# Reference: https://www.virustotal.com/gui/file/96c1348e80f4fe4fcd284d4b0b3cbb23098ff621ddf1d28fb740b05bb063da99/detection

185.222.202.61:5567
walkerstand.ddns.net

# Reference: https://www.virustotal.com/gui/file/8a07a557b07f43ba223cda68c073a527f8487f53fb0313650c2405ae09633afa/detection

181.141.45.33:5020
pedaenaf.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d694a7c79797c8d59c0b5bc60e935bc9e5478735797ef6bee44a6e1e95d5d33a/detection

129.205.113.201:64346
chuks.hopto.org

# Reference: https://www.virustotal.com/gui/file/95b7f419d6559f5c1f518d67b5600d1d544b8cfbdba6cec51f136dcc98d6c357/detection

105.112.96.122:53247
ratu22.ddns.net

# Reference: https://www.virustotal.com/gui/file/13a8123b240dabbe55cf509c08cfc63ae3e50032edb8f2554ae1172ff5faa0d2/detection

141.255.154.84:25565
blazingpack.ddns.net

# Reference: https://www.virustotal.com/gui/file/7800bd0af0d16183c1ea98c5931a4a4a58d9b590e3b2d7ba73848fcf4e32151e/detection

141.255.155.79:25565

# Reference: https://www.virustotal.com/gui/file/45c030a162184b42f5ca5670b7d78f9bde36b871cf6dadaba6dcecc820d2710b/detection

192.254.79.116:50968
50968.duckdns.org

# Reference: https://www.virustotal.com/gui/file/40f9bd30b660332bd06515a390f0b1eb976996dcdfd02bdb765a8d70f3fd64fd/detection

128.90.108.69:4432

# Reference: https://www.virustotal.com/gui/file/967193d5fbb7164ec4d1ec698c015104c7a890774e3e0350629e1a84b14d8856/detection

192.169.69.25:5190
jans5190cwv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/090ddc16d1f8d192037d8bc070c296623ab950a18c5d864f63da34640b4b221f/detection

79.191.63.233:1604
eevkakopacz.ddns.net

# Reference: https://twitter.com/wwp96/status/1216782313096384514
# Reference: https://app.any.run/tasks/cf1e122a-f304-467f-90a9-8d80b58befe0/

91.189.180.211:56749

# Reference: https://twitter.com/ps66uk/status/1216849774407798785
# Reference: https://app.any.run/tasks/e76a9253-bf92-4af6-b6bb-4436afc5a130/

45.125.239.168:46571

# Reference: https://twitter.com/ps66uk/status/1216849775787741185
# Reference: https://app.any.run/tasks/9b649c1b-6eac-4a2e-8fd3-6544801f5747/

185.165.153.22:1943

# Reference: https://www.virustotal.com/gui/file/4cdc01d5d789c72f59dc40f11f4906da636bab6c5d6968f70f72d4503e93d983/detection

79.134.225.96:1313
nybenlord.duckdns.org

# Reference: https://app.any.run/tasks/ae59fa2c-2619-4444-825a-fed7a40e1d0a/

alcaldia.duckdns.org
181.52.109.69:1881

# Reference: https://app.any.run/tasks/583d71f6-9261-46c8-9ae9-5103050e3a46/

tugatuga.duckdns.org
tugatuga1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ebc05d5a82e9ffab000a94bf6ee04cd0689e8988ecb2a899360e44472a3b4733/detection

177.75.41.182:1888

# Reference: https://app.any.run/tasks/584d898f-a187-4176-a23a-3cad11712034/

innocentbooii.hopto.org
79.134.225.113:55420

# Reference: https://app.any.run/tasks/54e108b5-af27-4310-8cbc-f94696ff6074/

manofficial.ddns.net
79.134.225.75:4473

# Reference: https://www.virustotal.com/gui/file/6c3bf812335763ffd48debe7d75ea51ac56cb8a4cd92ebeae849885e63ffbfad/detection

103.207.38.195:1590
myduck1590.duckdns.org

# Reference: https://twitter.com/wwp96/status/1220367245966299137
# Reference: https://app.any.run/tasks/6f7d1a38-f5bf-49a3-8b38-b73724afd17d/

185.244.30.112:1144
nass1144.ddns.net

# Reference: https://www.virustotal.com/gui/file/b08dd3ea26b827f9052689fad296770adcd7db594fb73c98ce092d9bc485b97f/detection

41.190.12.45:1985

# Reference: https://www.virustotal.com/gui/file/54165ae0cb5971866642a731e4abee053c4752bd68a8178386278558a60f498c/detection

41.190.12.212:1985
41.190.14.58:1985

# Reference: https://www.virustotal.com/gui/file/03b4ef6a09b015a7c2addc82099c23c738117c2b5a9153ea1f70c54803563b29/detection

42.188.37.214:6318

# Reference: https://www.virustotal.com/gui/file/810535c9dad183fffd0a09db189695f80f456dd047095aba94e8c34fcb995020/detection

swez114.ddns.net

# Reference: https://www.virustotal.com/gui/file/d6b256c011e8a0d5f969bcff214dcb697e1cef51ff32e6aaf8753d8eb9c4c8e3/detection

godstar.hopto.org

# Reference: https://www.virustotal.com/gui/file/f2d2480e501b85bb3bd147f6b796d00bbb9b352f15e98cfb6dc0e771cb88a8ed/detection

88.150.227.112:5000

# Reference: https://www.virustotal.com/gui/file/9e2396c6cdff60fb006f0c9e637a520459d96957c220d5fb989eb467bf20b8a3/detection

88.150.227.112:4000

# Reference: https://www.virustotal.com/gui/file/e0355ea608faa4312778e16aaf5b1b09432a730c86cbcc3b9bc7b4220ea7a5a3/detection

88.150.227.112:1422

# Reference: https://www.virustotal.com/gui/file/8611a0492c37189d0066aa55c1d54c3c18915666217814f437b0f4d67b50339f/detection

216.38.7.247:9995
jukax.ddns.net

# Reference: https://app.any.run/tasks/c461873d-3249-41ce-b350-b9a592a7ccf1/

sherimix.duckdns.org
departdec.duckdns.org

# Reference: https://app.any.run/tasks/55da3974-76de-41e0-80fb-2e8437748631/

79.134.225.5:4040

# Reference: https://twitter.com/wwp96/status/1222594326850609153
# Reference: https://app.any.run/tasks/8e0eebfd-55bc-4211-8a78-019088791cf2/

168.235.111.253:54671

# Reference: https://twitter.com/wwp96/status/1222644734675619848
# Reference: https://app.any.run/tasks/1da82563-fa9c-4d2b-8f79-a87f07fcf4fd/

79.134.225.79:204
newratti.3utilities.com

# Reference: https://www.virustotal.com/gui/file/c8b4cd3dc221f265a096413ea20dd2b97fff8efa162f3a69c9b8d722bd2110b6/detection

37.228.132.165:1010
37.228.132.165:1011
smithadmin.changeip.net

# Reference: https://www.virustotal.com/gui/file/a5c52fa8affb071a4af2a02bd281bb8146b14536176c3b07a4be74a56872feb9/detection

205.185.125.42:1010

# Reference: https://www.virustotal.com/gui/file/54d50305787d2811dc15a71cdf996c8927ed4d8ee11a9e7e950c33c71b4df65d/detection

178.209.46.144:1010

# Reference: https://www.virustotal.com/gui/file/167bb83c774a9590876e2336eff22d420bef4880c69f15a1bb4147ede74aec52/detection

194.5.97.58:1010

# Reference: https://app.any.run/tasks/8ae3a07a-23c8-4d67-a577-e647d2b79bad/

193.23.3.36:54984
pimpinjg.ddns.net

# Reference: https://www.virustotal.com/gui/file/74579525e06c50e98205e5e4572569b3e618a304e2cf4c3d79ad37491e29ad70/detection

185.13.38.227:54907
snosy.ddns.net

# Reference: https://www.virustotal.com/gui/file/b1e27b6a375d7f58cdae46e324a80d4bfef5fe505f207994587600b8acc23e79/detection

31.171.152.107:9874

# Reference: https://www.virustotal.com/gui/file/949b142fdff443cedd4e1c303f50b4cd747e3b0ba9b6d48b6263e0e3ebe55d71/detection

197.228.220.133:9874

# Reference: https://www.virustotal.com/gui/file/de6117e4692d1fcd1553b69cc537e63fae2d4d9d043f8dc909854b5df3477837/detection

31.171.152.107:1990

# Reference: https://www.virustotal.com/gui/file/8012fe6af55b01332bd9b83157f0d36c5fe632d9813fea873b7190dcc789ae8c/detection

178.239.21.105:9874

# Reference: https://www.virustotal.com/gui/file/79dcd9b0ab0e94b62db8f410610b31cd3814358862cf9725d8f29cc6abcd7694/detection

95.7.171.7:9874

# Reference: https://app.any.run/tasks/a006f71c-ece2-4c4b-8184-a57a88cb0012/

smithinnocent.ddns.net
79.134.225.21:53590

# Reference: https://pastebin.com/gKS1vLYp
# Reference: https://www.virustotal.com/gui/file/aff3f9466a3b8932f1f1b39b83bcf39277226b28dfa0a7d18f6f58c98fa9f2db/detection

185.140.53.8:3457
miraqueen.publicvm.com

# Reference: https://www.virustotal.com/gui/file/437b346787558fcf1ad38016c5cf8e96954ac19b34a96ed9364b8b1f25b4fbdc/detection

216.38.8.179:7568

# Reference: https://www.virustotal.com/gui/file/fec05533afdbf366e17ba6737add44ca5b376c8b585d042bd677c97738a49d9f/detection

185.244.30.9:7568

# Reference: https://www.virustotal.com/gui/file/f96edda29215441dfe2a73e803c53d21643d45d24de527f10764ffe818f58a1c/detection

moneyman2020.spdns.de
mothermaryblessme.duckdns.org

# Reference: https://www.virustotal.com/gui/file/aaefc8d70929c09a3101aff8748839f2f349d62d2a5b8fe0d624cc4dde1c5583/detection

185.62.188.44:5003
185.62.189.77:5003

# Reference: https://www.virustotal.com/gui/file/a2ffbd0a464843fcaa3908e8b5365fce60c89f757f371bc518524a5416ad5096/detection

185.244.30.251:83

# Reference: https://www.virustotal.com/gui/file/effc2b4841d18a24ac00e9c181845d2618455379bd4f5256d3cd68ccdba7a4dc/detection

105.112.104.168:83

# Reference: https://twitter.com/wwp96/status/1224387875728478208
# Reference: https://app.any.run/tasks/fb820ab8-d843-4409-bb9a-8b9fc9ae90ac/

185.244.30.211:1985

# Reference: https://www.virustotal.com/gui/file/883562a2a36809c07e2368a7d0fd47e8e8fc23a839837f1ebe64b86dcc3209d5/detection

79.134.225.74:2404
79.134.225.89:2404
behco.duckdns.org
paris4real111.ddnsfree.com

# Reference: https://app.any.run/tasks/7d0cfbcf-895b-4f93-85bd-2479689d3fcd/

deresurrection.ddns.net
185.19.85.133:1414

# Reference: https://app.any.run/tasks/a684bd88-3cd0-4286-bbbd-fa745f704e7c/

68.192.153.27:80

# Reference: https://twitter.com/Racco42/status/1225375672023027712
# Reference: https://app.any.run/tasks/303554f6-8b27-4513-b846-a290d4843728/

192.169.69.25:9993
216.45.59.111:9993

# Reference: https://twitter.com/wwp96/status/1225522548152176641
# Reference: https://app.any.run/tasks/747ee072-8840-4acd-92b3-7a228bfa637c/

168.235.111.253:9080

# Reference: https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html (# Win.Dropper.Genkryptik-7572204-0)
# Reference: https://www.virustotal.com/gui/file/0b023aa63679132222f38f83cc5d068b64294f27378657a83d5a1e382a0f5f6a/detection

79.134.225.5:4040
olodofries88.ddns.net

# Reference: https://www.virustotal.com/gui/file/f258a50ca8b8d5509bffd9a3d9ecd9838a29663771db18c0d6aefc3460c34fc4/detection

185.140.53.185:4040
steel500.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d52c3cf4249d0f2c27d6942949badc24a00ecdd63008867c52fe49c2b4f9da08/detection

78.162.76.87:4040

# Reference: https://www.virustotal.com/gui/file/363ddc8232d216392189af61de76aa4bc1f3ae5f621805a83441c5b4ba75466b/detection

84.210.40.80:1604
krypticon95.ddns.net

# Reference: https://www.virustotal.com/gui/file/99c559b39819700d6fe099a07a84038807989b06fb4e794e5918959d11674e95/detection

95.188.71.69:7777
gooodwin.ddns.net

# Reference: https://www.virustotal.com/gui/file/db167cbcae2b2dfa8920f268d3af0e953d5a9e0ecc195f613c317dd6e1e98e45/detection

realfolger1.ddns.net

# Reference: https://www.virustotal.com/gui/domain/sdlzglass.com/relations
# Reference: https://www.virustotal.com/gui/file/95e902dc390bf92e13b9b2c02832972be2f2dd1bde858fc69cf0ef764059e145/behavior/Dr.Web%20vxCube
# Reference: https://app.any.run/tasks/19460de6-5d10-4df4-8711-51262870d284/
# Reference: https://www.virustotal.com/gui/ip-address/23.105.131.153/relations
# Reference: https://www.virustotal.com/gui/file/bc9a61fa02eb88783395ac1d94e6461b049b1ac9d4ddb63504cc610af002d287/community

sdlzglass.com
23.105.131.153:1619
23.105.131.153:1620

# Reference: https://app.any.run/tasks/bf34bcca-5726-48cf-a319-efaff53a4516/

iammrjeff00.duckdns.org
79.134.225.38:1082

# Reference: https://app.any.run/tasks/59170485-7f75-4ce5-afb8-b87e89f1e79b/

alekseynj.ddns.net
46.98.102.202:2891

# Reference: https://www.virustotal.com/gui/file/6cbe83da3d33b4bc7c9768fcb4955b58e982fbd04d3eb21f42760565a7b0f1a2/detection

5.107.37.103:1604
barclaysb.ddns.net

# Reference: https://www.virustotal.com/gui/file/4e01aaa713264a42c9549238aa9ffb2c2e4b84787c7a850701edd63e3b341be1/detection

192.240.96.130:1604

# Reference: https://twitter.com/wwp96/status/1228022054655602688
# Reference: https://app.any.run/tasks/3eaae088-f301-441b-b98f-b5fd78b2419e/

79.134.225.89:7777

# Reference: https://twitter.com/Jouliok/status/1228251835321987073
# Reference: https://app.any.run/tasks/a0998463-1fd2-443c-81b6-08266736bb2f/

185.244.30.239:6789

# Reference: https://www.virustotal.com/gui/file/8ae646774cd6be8900bcfbf9bcf01eb9bc1cccee11722626b66c11f603e4adc2/detection

185.140.53.131:6789

# Reference: https://www.virustotal.com/gui/file/99a6eba25136e6b5a12a1dbb1006bfcde0f662421a6edf21276af224c58a5c42/detection

77.48.28.200:6789

# Reference: https://www.virustotal.com/gui/file/83cd2a789fc89c44d2d368366c7d907ae2f7f815900a931c45dbf6789e8d0da9/detection

194.5.97.14:6789

# Reference: https://twitter.com/wwp96/status/1228372397461471232
# Reference: https://app.any.run/tasks/474ff1cc-a8ec-42a5-9173-6d17a21b6f6d/

164.132.90.226:24110
24110.duckdns.org

# Reference: https://app.any.run/tasks/b17e0db5-2ef0-47ba-8d9c-aa31138e4f01/

79.134.225.5:9334

# Reference: https://twitter.com/wwp96/status/1229443116941369345
# Reference: https://app.any.run/tasks/3389b31a-10bc-47ff-af2a-3fb2d689d743/

79.134.225.103:3939
wealthadmin.ddns.net

# Reference: https://twitter.com/wwp96/status/1229494871611920384
# Reference: https://app.any.run/tasks/980141ee-98f3-4326-9ef5-2a1acd5c8132/

216.38.2.218:7675

# Reference: https://app.any.run/tasks/7051fa40-d545-4b09-806f-abf866a589a3/

185.244.30.36:1754
boss5.hopto.org

# Reference: https://app.any.run/tasks/a3cc6d4f-b8eb-41bb-94ab-409760f59a92/

185.140.53.132:8282
donsea1234.ddns.net

# Reference: https://app.any.run/tasks/87098615-d1b1-445b-b21f-a7a0712c98ed/

79.134.225.69:4543

# Reference: https://app.any.run/tasks/c85f3964-ca15-4399-98fa-2c5155f49a50/

79.134.225.74:54985

# Reference: https://twitter.com/wwp96/status/1229808427595190274
# Reference: https://app.any.run/tasks/fba6b380-5971-4bff-8673-15a96a00a721/

168.235.111.253:9083

# Reference: https://twitter.com/ahmet_han64/status/1230040535416614912
# Reference: https://www.hybrid-analysis.com/sample/cd633e4e0741bcd242aac073dca1e4e124798343a756f8cac8a3778a952ad089/5e4cba5f6475ee0cee5f50d0

192.169.69.25:9301
91.189.180.204:9301

# Reference: https://app.any.run/tasks/220842cc-ac51-40ac-acdf-9516d97c5d63/

79.134.225.73:8282
judge777.ddns.net

# Reference: https://app.any.run/tasks/327d0805-32fa-4b82-b890-7d0f7ca21fab/

79.134.225.11:1245
icemanbad.ddns.net

# Reference: https://twitter.com/reecdeep/status/1230515771417284610
# Reference: https://app.any.run/tasks/f9e49656-e2e3-4b3b-be6a-a70fa43d5241/

79.134.225.91:8766
pacotdc2019.duckdns.org

# Reference: https://twitter.com/wwp96/status/1230579094234030081

79.134.225.35:1985

# Reference: https://www.virustotal.com/gui/file/959c0aacbd5186ff3bd1f27a8e40e83293c7ca41a90d46ad2811f58c6417b904/detection

79.134.225.38:1985

# Reference: https://www.virustotal.com/gui/file/053a007597f6e5b737ffacde94f9712bfd453dd9bb6a3993686b342fbe130532/detection

184.75.209.178:1700
ghostville.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ded81b1c333bbb3c7a5430ab7472d5797adc23e2fc69fc648e7e0b0078b66040/detection

79.134.225.38:1159
iammrjeff00.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3999bb2732a9a80181cd037dddc40e5286b128263dd0061d2ed84edb8888ec97/detection

79.134.225.38:9090
samnow.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9f42f2793e9c55c8c10823bc8a56b8b94326da414b51b31c0cc9cf9e4fd96342/detection

79.134.225.38:8090

# Reference: https://www.virustotal.com/gui/file/706dd8b75029416a175491653fca69711b10e38f91012a19fc68804421d92644/detection

194.5.97.82:8090

# Reference: https://www.virustotal.com/gui/file/b386ab7b5c94d5ce80fcf6adf6953419711fa9273a37dd326a5a609d99841a0b/detection

variakeburne.ddns.net

# Reference: https://www.virustotal.com/gui/file/c937c0cf76c12b8e7cb215c5bdb729ba0d3660acc154f18c639111b660d52f0e/detection

185.140.53.139:19603

# Reference: https://www.virustotal.com/gui/file/91ed38c4e0e79d80d544ed31f111c9e9d361ec80a10b0c6f9000d21cc90ea3d7/detection

168.235.111.253:9098

# Reference: https://www.virustotal.com/gui/file/380d55a6e9767ea2328f7e3bf93b4d68a757d4e45a8eafa8487e1ce616c97db1/detection

168.235.111.253:9086
185.244.30.36:9086

# Reference: https://www.virustotal.com/gui/file/d6f8d0dba973952be8fe56e945576f870577b53b89fd6fb885e1ee61087ec55d/detection

168.235.111.253:2197

# Reference: https://www.virustotal.com/gui/file/c906185769cc28b14696f2643907989d3574dd115d59e20321bdf9e631ed9ef9/detection

168.235.111.253:9030

# Reference: https://app.any.run/tasks/45f08fe9-a493-4f1f-864c-b33b6b075ab2/

185.19.85.157:1985

# Reference: https://www.virustotal.com/gui/file/9cde2dad4fd9632aa2769b10f58e63c013b5ef26bda897cd40154395abbba600/detection

imaima.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8adbc3d50822af6569c8ca12680a24a9e4290c5d1a967b81bce8342515886bad/detection
# Reference: https://www.virustotal.com/gui/file/9702d39680bc0938d860b686e54c14a41ebc2eae76a5fc94d7b244402a23687a/detection

168.235.111.253:5426
vimlatedrock.duckdns.org

# Reference: https://twitter.com/wwp96/status/1232378199201456129
# Reference: https://app.any.run/tasks/b7137a63-3ca3-4594-8586-fa8b49fc03c4/

79.134.225.124:1985

# Reference: https://www.virustotal.com/gui/file/e9b1fb95ae5973df88037568836cb201221e66d4505c178ba65fc07ef7a205ba/detection

168.235.111.253:4514

# Reference: https://www.virustotal.com/gui/file/c1f5c0f5907773eaa369f5365a0b796eaad59e81e6ce08b7085b095f16bf5232/detection

hexmia.hopto.org

# Reference: https://app.any.run/tasks/91dfe27d-be3c-467d-9b98-e4487c92c86d/

nasiru1144.ddns.net

# Reference: https://app.any.run/tasks/3f88ecf4-ae3f-414b-adc3-1cf0a087d071/

anekemoney2.firewall-gateway.com

# Reference: https://www.threatcrowd.org/malware.php?md5=02639282e0f87b6984fb35053c66c201

franklyn2016.no-ip.net

# Reference: https://www.threatcrowd.org/malware.php?md5=0a3ebdd830272773b8a4499704737479

skinner21.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=0b71f5cecef084fbdde18621564832c8

vyrez.noip.me

# Reference: https://www.threatcrowd.org/malware.php?md5=12cdecbcb60e6ba32b4acf379928c9de

danismecherul.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=159e42f07db11824fbdd6824f90aeecb

mrpounds.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=15e8a490ca52d93de6975c9d40e79119

xiprime.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=199ee7655ba308f77dc0666773bce21c

qwertysuxsucc.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=1baa2ab0eaffefac5c123a349ff1ce97

aarondrew313.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=1ecbc809984ec9e4c500351de27792c0

nanocore01.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=21f95400507eeeb6221a893f85739d8b

rootclaiu.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=27c7b5663720100697531ae5f4c46631

essads14.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=29ab6292073e8a1e37b0949cd32d9b01

cd363be7.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=2e7245e5ec4e8d620ec02473234623be

omerenes.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=2e89bc14251558bfa44524e9d109f6d7

jesusman.fishdns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=31b061a12c275eaf34b60c81dc8759c0

cvcv.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=58ba07cee30ad1e5b6ed7e3bc2138c24

chologee23.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=58fbcf64e6cf3cdde6aeee9ed34cdff8

skeet21321.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=5c8c132812d81060ed09627e78ec86c9

bruteforceok.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=5d032c3e6334e4165b9f20dc30b7659c

lauracooper.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=688fd5fe14223141c68b08bbf7bd7f57

fefete.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=68fa2e206073a5f1d4690a5dee96b4ec

devapple.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=6f816ad99c4f36cca6494cef0a326dc6

ix89bwk6as.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=7591d1f387707d30ff8b1e36e3562399

win.updated.dns-dns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=7bc67702c321c69787eb67b67827d1c7

smithbarry855.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=80de0180d9629515e1940f42c0bfca19

shareimages.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=839f04182d2e285af3d38d44aa1ae1fa

thenope.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=85c910a787788fc381194209e152a8a5

calmcserver.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=8814d0c3308aa93982f82db465dadc85

java12.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=8931a69c1c1073d2cbdb50ea4d1fb511

haybay2366.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8d0a659f2366e216d5bef4a9e18c537d

mediaftw.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8df3a77be5063033fd8ccd91a5a02b0e

exceem.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=8fcad26d5424a3f46a3a61c3fcc5fa36

nadeemakram.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=92e9495e113a357c40e6c37eb198bae5

vbnxmret.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=95f2f37cac1d3eb32d5178a7e780830c

qhwl1234.codns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=9c5ed347caa0180db682deaf03f6b7fb

yourmodzv212.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=9f57950558739874b6ff1fdaf88e737c

zibridezibride.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=b050651139ad721ead7aebbd7d82e0f2

nanocoreacc.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=b62b22a42c3c260847d17c58bb73f33a

lugz11m2t.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=c46a16db249dfdd1c181f7f1c6619162

telekom3.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=c5c4d30f5ad98dd1657077feb882d276

jamzv3rm.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=c5fcf12de2d32089b1b263e5ba0bd68c

sheepsurvival.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=ca178716a912e894d28fbb7b1352f597

serverzkaw.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=cf9fdb60ec011a1e6158f637167df7c0

asjkdhas4.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=d2686f1d7f966f371bfc07987eb2867c

amnezia.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=d48b4efa8f06f9b320a9a29e3773334e

granzhost.sytes.net

# Reference: https://www.threatcrowd.org/malware.php?md5=dc80f65013995543a541d2d5f8ac24c9

joseagre1.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=dedccc515a8b4ff8c2e4dda7206a2fc7

zvezdahackingg.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=df0e56236a813d09d5a787f5b8bca4d5

ashleyr.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=df917731572a61435acadb6048255f7f

loolll.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=e8276566f12377498ee39660597e9044

privatedns.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=f9dfadc59165c6a17f448efa84d5f4b4

santancelup.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=fdc6ea5827487edd9ecd0d81151ee15d

vaporr.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=46af54359ef7057ea2675c338e002b5d

godwin101.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=fdc6ea5827487edd9ecd0d81151ee15d

vaporr.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=31011d10e2edfca87ca20bbab77567b6

cnc.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=cf9fdb60ec011a1e6158f637167df7c0

asjkdhas4.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=e738f0c550c4cb3bd9f4a427a56a4475

undetect3d.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=01bed136f79666dffc07b8186ec94117

pop101.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=e08642ad9591361277efe2c1a49712c3

my0.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=2cea5cb1ec5d2c5cb17c1347120ccfe4

blackflash.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=31c27a3f98099c910988aaa228e3ccf4

testingrattest.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=4dcc3cffe3ddc5ddf8930ea60b510c7b

lawlogslumi.ddnsking.com

# Reference: https://www.threatcrowd.org/malware.php?md5=55429af6abdc6a4ac7c84fd8016fcfc7

holly147.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=9a27502e8ea79e83445ee8635526f024

kaymonitinz.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=a339a7bbf0946e12196279cfd65a3b3c

lolz.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=a69b05f40b76fc6913db101e9f31cc79

window001loading.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=bff8812e52d6877e25b8d8483ef213b8

flamzy.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=c8e3af05993ed49e739c3a6bab3be941

lowass.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=d1238588a2d9ac95729da9f22fa125ea

ksaohu.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=128135233d7118586a354301d9a72abf

ikenna.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3d703598b766b4b67a376070a3375c35be84502ba6f6a283653d99e807795290/detection

192.69.169.25:53998
mmoney419.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/e8e8fd3573a4c5de13242542b73fa224416af2dea45abb3d7adb3f11dd7e0844/detection

185.247.228.250:5001
dubaidhllee.ddns.net

# Reference: https://www.virustotal.com/gui/file/d7e5e13b5036cbe32a44a374c0cf24e60a677322a058680b4f589699cd2b6aad/detection

185.140.53.253:5001

# Reference: https://www.virustotal.com/gui/file/b853f6fffad4a9f049eedcb11df57810294e3a112e7285d797400abe30d1f2c7/detection

91.160.15.92:33840

# Reference: https://twitter.com/Paladin3161/status/1234465325426429953
# Reference: https://pastebin.com/MFtzrQj9

188.209.52.49:1333
anekemoney2.firewall-gateway.com

# Reference: https://www.virustotal.com/gui/file/bee6bd91c3bbe94742faab32f942fb6f7939997881c93a9865e3b95d2ad365a5/detection

anekemoney1.duckdns.org

# Reference: https://app.any.run/tasks/f87060ce-3ea5-4e8f-a763-977c04db85ee/

91.189.180.193:2008
anny.bunnikcreations.co

# Reference: https://www.virustotal.com/gui/file/249f6c1224fa45910e63cf6db65bb5c1fab4888465575243139b54b045d26569/detection
# Reference: https://pastebin.com/wtXfZfaU

100.33.151.58:25565

# Reference: https://www.virustotal.com/gui/file/29d60e47d78023119a9f34d915ddc430b87ae2d729a0da3b595d3ddb2f0a7125/detection
# Reference: https://pastebin.com/wtXfZfaU

107.13.9.174:2302
kamisama.ddns.net

# Reference: https://www.virustotal.com/gui/file/780d178e61f836263e1dfb725906fd7625b3292fde06a8615aab0d1ac6f1d466/detection
# Reference: https://pastebin.com/wtXfZfaU

185.244.30.5:1790
192.169.69.25:1790
adikaremix.duckdns.org

# Reference: https://app.any.run/tasks/a982dc56-5d30-467f-a5d1-b97d9a165990/

hdstlindos.duckdns.org

# Reference: https://app.any.run/tasks/3a39d8b0-24ce-481d-9b1f-14e9b7f1de22/

uzonna.ddns.net

# Reference: https://app.any.run/tasks/1e329dbd-0dd1-4971-bd8a-7434568d3f97/

christiantony388.ddns.net

# Reference: https://app.any.run/tasks/141b8425-d632-411c-b761-4d88be7f1c2f/
# Reference: https://urlhaus.abuse.ch/url/321143/

kingsley11223.bounceme.net

# Reference: https://www.virustotal.com/gui/file/15005820e628c7ffeb245bfc4ce91797b1976847017c72fec362b688cc214c0d/detection

aefaegaa.ddns.net

# Reference: https://twitter.com/wwp96/status/1236022174361804801

91.189.180.208:4822
u869048.nvpn.so

# Reference: https://www.virustotal.com/gui/file/0cdc24b5f7cd6c1a7348a83fe9e883442f88511d0f837fc7d8c92e4fcb881fd9/detection

somore-tw.ddns.net
whiteson2017.publicvm.com

# Reference: https://www.virustotal.com/gui/file/6694c0eaed25095caf692ae82bf7262c03042b6b74d9363f6c606ca0cb5eeb15/detection

64.44.42.148:1993

# Reference: https://twitter.com/ScumBots/status/1236630827494227968

78.156.87.166:1234

# Reference: https://www.virustotal.com/gui/file/3e7f484ab204444240455f5538a17ce8629830e0da11d9a59e08412a59e3d0a1/detection

78.156.87.166:54984

# Reference: https://www.virustotal.com/gui/file/7b8359d49ddc798e2fe6b8af13763ab6678ab249ef0a4ebdbd4b8938a1248b32/detection

78.156.87.166:1604

# Reference: https://www.virustotal.com/gui/file/eb6919c14097aadb6bcb8d4e95eecfa0f646f28eed5204d999b5d6318b71699d/detection

shellz.zapto.org

# Reference: https://www.virustotal.com/gui/file/266dae07ba5e60743f7146f6c875c410ec0998cc81407e81a2e26a646d446929/detection

185.140.53.246:3734

# Reference: https://www.virustotal.com/gui/file/9088798b575a0c758ea7c299043faec477b7c17e395bf47f52a739ed33bd8165/detection

astroyax.ddns.net

# Reference: https://www.virustotal.com/gui/file/c62e468c8e3dcb9fc103f7366ac9072c933702bbc5f8ffe28665b17328d5c721/detection

83.179.133.195:1337

# Reference: https://app.any.run/tasks/80663b92-a9b4-4e9c-a0b7-0bf13c53a40e/

185.244.30.137:4242
updtadmin.hopto.org

# Reference: https://twitter.com/James_inthe_box/status/1236977119223140353

t6logs.sytes.net

# Reference: https://twitter.com/Jouliok/status/1236904231568846849
# Reference: https://app.any.run/tasks/762d9be8-9407-4e77-b5e6-8511f5e0a565/

185.140.53.202:2556
99grams.hopto.org

# Reference: https://twitter.com/wwp96/status/1237145372197347328
# Reference: https://app.any.run/tasks/5ff407b2-fe2e-4230-bd9e-8ccc9d081a29/

185.140.53.133:7575
oluwa16.ddns.net

# Reference: https://www.virustotal.com/gui/domain/chukwu.ddns.net/detection
# Reference: https://app.any.run/tasks/12abed54-e85e-4020-9d81-ac0141c29811/

185.140.53.132:2323
chukwu.ddns.net
udochukwu.ddns.net

# Reference: https://app.any.run/tasks/79c672e2-2062-429c-b6e8-fe8f05b2f6f6/

192.169.69.25:8855
galli032020.duckdns.org

# Reference: https://twitter.com/wwp96/status/1237792559499542528
# Reference: https://app.any.run/tasks/6f2ec92a-fe34-453d-b865-21475b8099bd/

172.93.148.195:50578
importantbuild.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1e98947f35cfd7b8963d61a6c6e93a1fcef59007d848c38f1a2983204ecfab35/detection

sarlelhassan.ddns.net

# Reference: https://www.virustotal.com/gui/file/d99910a312e18930dac22d3fe47052bcf6494a997a885e14df5b45b1b0eb010c/detection

79.134.225.74:2177

# Reference: https://www.virustotal.com/gui/file/b95b561812b9edaefbeeef5846a210e0d0987c0dc767e47279793fb3a42d55a8/detection

192.169.69.25:2177

# Reference: https://www.virustotal.com/gui/file/9e1696ce8c587e12dfec366f6d6bf187774d305af4702c77d66f5186fbb4c590/detection

79.134.225.74:54984

# Reference: https://www.virustotal.com/gui/file/f6720adca970fbcd4b79b60999f84af6ec92970247f5a19020dedc0b87399ee1/detection

79.134.225.83:34681
79.134.225.87:34681

# Reference: https://www.virustotal.com/gui/file/f6720adca970fbcd4b79b60999f84af6ec92970247f5a19020dedc0b87399ee1/detection

79.134.225.74:34681

# Reference: https://www.virustotal.com/gui/file/ed3139ed9ef56043c259aa2b2f2cf6b180aba8a73e69f52d7330e9d60dedcb1c/detection

81.171.57.77:2117
yettye.ddns.net

# Reference: https://www.virustotal.com/gui/file/858b3dcf9b1a72b960a4ce54d8802a022702a74b56f225c743f5a393c720913c/detection

79.134.225.74:2117

# Reference: https://www.virustotal.com/gui/file/3c9a56aca9cdcff02c7a5fbbe801263f8054783591adfc7ce61d6ece6d27d1b8/detection

173.213.86.150:2117

# Reference: https://www.virustotal.com/gui/file/786c32b8080bee2501effab2715fd9a4944cb2ed507e3e0130f55ba1272caaf0/detection

79.134.225.74:1985

# Reference: https://www.virustotal.com/gui/file/9aefbd2c01aea439f398ea5f91e9869a5769cd2eaef130fded79b3b32801e8da/detection

79.134.225.74:8282
hustlesss.ddns.net

# Reference: https://www.virustotal.com/gui/file/17f284b1c09d315e1ff3bc40b3d278990af4acd152ebf79a8538b14b8d837313/detection

79.134.225.74:8787

# Reference: https://www.virustotal.com/gui/file/02cbaf9ad111f07db495e03cfffa453365e8394d203da5dfdb9639667e8d2e98/detection

79.134.225.74:37186
wizk4321.serveftp.com

# Reference: https://www.virustotal.com/gui/file/b82081c0920be79295f4598dac1d48be70234d05b6c22528058faa876fab100e/detection

79.134.225.113:37186

# Reference: https://www.virustotal.com/gui/file/258a33e1a09ea556a4aa613e79946c06b768e487a3fae7195ab84352748f099b/detection

79.134.225.74:54984

# Reference: https://www.virustotal.com/gui/file/5dedd71f0cf71bc75cf31b5c2f71449577bf92369c22605e8924bddbd36dd9c8/detection

79.134.225.87:54984
nannnc1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5ad93b36f0aae0ef89c8716f5d9e1839555f673940c12e84bcd6c016a63a7ede/detection

192.169.69.25:54985
79.134.225.104:54985
79.134.225.113:54985

# Reference: https://www.virustotal.com/gui/file/d9dcdef4fea2521509bb3eeae3dab75392ac903891f0f3161a3a30ff6f26010f/detection

79.134.225.100:54985

# Reference: https://www.virustotal.com/gui/file/f500d7b3d6874efe5ea3a3ff832d8266991a3a48a563ad446628f3a1ab75405d/detection

79.134.225.113:9497
surrati.ddns.me

# Reference: https://www.virustotal.com/gui/file/728ea826497ff306b002091bebc9cc0a69f3c8b47e2a876cd76ccd4c2836580f/detection

197.242.114.181:55420

# Reference: https://www.virustotal.com/gui/file/0842a9ae0d0676343e7843c118da6b5e450352c45642ea27e386c7065d4c71f9/detection

154.120.78.10:55420

# Reference: https://www.virustotal.com/gui/file/81750b2959b3c1059eb805bbae94312fcaef9b409502f8022358db82a8f3ea0c/detection

185.247.228.41:55420
79.134.225.117:55420
blessedjboi.hopto.org

# Reference: https://www.virustotal.com/gui/file/7618cd1e9e2ca86f97552e1c3584f418ffd17141832c913021b5c3694914106d/detection

79.134.225.97:54985

# Reference: https://www.virustotal.com/gui/file/cbba9358207b9f7e45f448a2116f098f7476b05afde3a766bc757af9cacacb84/detection

79.134.225.113:9005
opussaoapaaulo.serveftp.com

# Reference: https://www.virustotal.com/gui/file/2f096033f86f1724b9eff06654a45bdf8eeb928d38fd83a591c53649878f0829/detection

79.134.225.117:2114
donald081.duckdns.org

# Reference: https://www.virustotal.com/gui/file/02a8e9534c4f59ca716b6b12a747eb8ff395fb1c03ce032901aaca60d1072172/detection

79.134.225.117:54

# Reference: https://www.virustotal.com/gui/file/f9436595968d10a0b1b146e8e970e3bf1c9faf8f9ebdb2b583e31888c4189623/detection

79.134.225.97:6565

# Reference: https://www.virustotal.com/gui/file/fda4b6acd7c4277dc30ed516c360957a931043c6881de0eab69c77ab217a254e/detection

79.134.225.97:9737

# Reference: https://www.virustotal.com/gui/file/367def98e7a3d0b3af07add144180dc09e4e29b1eb9181a51c338a9cf09b8f06/detection

79.134.225.97:4040

# Reference: https://www.virustotal.com/gui/file/3c9d86be0837c561a345c71e41387c04aac3b69f4cb533092926bf7dac1af342/detection

79.134.225.99:3369

# Reference: https://www.virustotal.com/gui/file/14e03864aad7954e2221188f04fb9b48af5ded6e8ab492794ae52e4128682d9c/detection

79.134.225.70:1982

# Reference: https://www.virustotal.com/gui/file/444cc81f219ebc02dbaa89e8e0f17a7c36f0be6f6c98de7a9a108c2c46d91821/detection

185.19.85.155:2019

# Reference: https://twitter.com/malwrhunterteam/status/1240243238574964737
# Reference: https://www.virustotal.com/gui/file/9bb70d76fa98fe7d87bced0cba5b22d661b14f3ea899d3b7d62e1d01932deb5c/detection

79.134.225.83:9030
nnewestttt123.ddns.net

# Reference: https://www.virustotal.com/gui/file/cdc5353ad4befb9a542cb77f3148d70f2ef1979e55b4477d06d6a593269fb8cb/detection

178.124.140.145:52802
185.165.153.39:52802

# Reference: https://www.virustotal.com/gui/file/adb5d13e908d73d1f78d589bcc49b543f3f7cec5c36b276d4d7f5fc40012569f/detection

185.165.153.39:56202
iconboss26.ddns.net

# Reference: https://www.virustotal.com/gui/file/476e0d8ab1f2f97b6b4a68d6db40379ae74507244c474f354f3b11e16ee8fafd/detection

dllicon.ddns.net

# Reference: https://www.virustotal.com/gui/file/cc86feb156ff7bf80725bdb8e7f5b645c3c1c4be0139a7f0df26900a96400eac/detection

wfawiz82.hopto.org

# Reference: https://www.virustotal.com/gui/file/6e665b75bf21f47471fb2233e0d8e1db1e088c5d761bfd769b05cc25fa21e0d2/detection

178.124.140.145:9101

# Reference: https://www.virustotal.com/gui/file/c9a22cf54ed88e4ef702b431dd51ef98ead052b15cc804319cd5b6c34db89bcc/detection

79.134.225.106:4343
xyzeeeee.duckdns.org

# Reference: https://www.virustotal.com/gui/file/92a5e29476cdb43a5d56b2709e98a54e1ef4e4af24d4c136caa8a147014898a6/detection

178.124.140.145:30089
185.165.153.92:3434

# Reference: https://www.virustotal.com/gui/file/c8f9054a37d4ef1a9efb904f5bbda46f4a40c70b4737a24ad19f5425c61c71ad/detection

178.124.140.145:6767

# Reference: https://www.virustotal.com/gui/file/6ae95440cd07d0ae0b9e078a2b6b4862a9b49a4ffba17d8aabf15b2b8e3bae38/detection

178.124.140.145:54984
young4h.duckdns.org

# Reference: https://www.virustotal.com/gui/file/dbd27ea85f0ad5c4a4aac900013a727e9931cbd524be86b29f68937112405e24/detection

91.193.75.137:1604

# Reference: https://app.any.run/tasks/18e82db8-9852-42c0-b37e-85ff0ceeb152/

185.165.153.175:1604

# Reference: https://www.virustotal.com/gui/file/6b75103f3470b07accec228ccea676fbbfe3974cebff4c0df417c126f10d988d/detection

185.165.153.228:5353
kobi1.ddns.net

# Reference: https://www.virustotal.com/gui/file/9d3ec7f8db9d701a1bd73a7363b1aed1dc87ee60c321e50c96d971b37f84ee25/detection

185.244.30.156:2018
51.83.33.56:2018
51.38.37.161:2018
80.94.92.153:2018
malkisod.casacam.net
skodrf.casacam.net

# Reference: https://www.virustotal.com/gui/file/d7073488b97d5c17a6a2721bd65a35d9a129769456de8e618bfe4739cda409c6/detection

185.148.241.37:5216

# Reference: https://www.virustotal.com/gui/file/6d1122689c4aed19e90c120bba0b746b256447fbd2b04d2cf3ebe650b3537a08/detection

129.205.114.15:5216

# Reference: https://www.virustotal.com/gui/file/0f5244c4373ad06600a72b8fa87f1ce3e41e4d93d3c07531dfaef58a107bdf51/detection

185.244.30.96:5216

# Reference: https://www.virustotal.com/gui/file/642a01629037276ca8c29234fc5095d8e7d0b4319d312f3b0fa13ca024b0a503/detection

46.243.189.132:5216

# Reference: https://www.virustotal.com/gui/file/35a2939df07015682909ab0c5a2930e9ab29b9e4d1f48366008a7fe4994b4b96/detection

41.203.73.47:5218
41.203.78.235:5218

# Reference: https://www.virustotal.com/gui/file/c1fa9caa647cec3aa02a9a84dba839f5df990356b76cee1a042be76ec940d461/detection

41.203.72.171:5216

# Reference: https://www.virustotal.com/gui/file/1b3d6fadcd41fddea318c3493bf987824f8aa433e9725bc917fabffe93bfb30d/detection

3.20.98.123:13672

# Reference: https://www.virustotal.com/gui/file/17e17288aa6e590b8218e045ab6577342c815d85d66a9a0f46ac85052c04ba49/detection

3.135.90.78:18896

# Reference: https://www.virustotal.com/gui/file/fb8a9115a77f891b79f8d77bab661a6276292479b15f74412fb9c72241d9291b/detection

3.13.191.225:14407
3.134.196.116:14407
3.135.90.78:14407
3.137.63.131:14407
3.17.117.250:14407
3.20.98.123:14407

# Reference: https://www.virustotal.com/gui/file/c88406a21e864429e15a375c3d008c877dd36ca82dfaa97703f1a86f6e55bfdb/detection

3.13.191.225:16437
3.135.90.78:16437
3.137.63.131:16437
3.17.117.250:16437
3.20.98.123:16437

# Reference: https://www.virustotal.com/gui/file/1b60128c20a12c59a43895d7f9fe844001b3362eda0829f8a808fc1d2c1541a2/detection

3.17.117.250:18433

# Reference: https://www.virustotal.com/gui/file/a58405d1d57121e801d13c7c10d5fb2d7e9eb860e513871106e6e8f0ac4813c2/detection

18.188.14.65:10680
3.134.196.116:10680
3.135.90.78:10680
3.137.63.131:10680
3.17.202.129:10680
3.19.114.185:10680
3.19.3.150:10680
3.20.98.123:10680

# Reference: https://www.virustotal.com/gui/file/1b6735b62f4ceb25945e1ab7aa8dbbb525fe72500fd613acebbfe8c80742561e/detection

3.13.191.225:17430
3.135.90.78:17430
3.137.63.131:17430
3.17.117.250:17430

# Reference: https://www.virustotal.com/gui/file/41ff32ed2537a5e3382df01fadc43f812806c771b18e775c53046a0d650bb000/detection

178.239.21.246:4040

# Reference: https://www.virustotal.com/gui/file/07607b3b0d00852fcf9bef207e768c173823e4f1b105203083e4bac4873357eb/detection

91.193.75.139:4040

# Reference: https://twitter.com/Racco42/status/1242062113985777665
# Reference: https://app.any.run/tasks/b5ebe671-50bd-4b4d-9e8b-0df875e321f2/

185.140.53.183:1607
bossmandj.duckdns.org

# Reference: https://twitter.com/K_N1kolenko/status/1242061809894506496
# Reference: https://twitter.com/K_N1kolenko/status/1242061777627684874

10000euro.duckdns.org
btctopsss.ddnsfree.com
cliffordgothoes.ddns.net
darksoze.ddns.net
dojlohosted.ddns.net
dojlohostedaa.ddns.net
hello8824hi.duckdns.org
houdksps.loseyourip.com
jahlol23.ddns.net
ratyz.hopto.org
sfghj.duckdns.org
sj3hs.ddns.net
usd10000.duckdns.org

# Reference: https://www.virustotal.com/gui/file/643d3883d4412c3e2c0f1c83c26e28f86f04853f95f0891396309a2775a7c4e9/detection

79.134.225.115:5654

# Reference: https://www.virustotal.com/gui/file/5e7746bbd847956193c5b9082f3cef9ed79f89171277abbe25ea84b37d217631/detection

174.139.10.194:2404
79.134.225.114:2404

# Reference: https://www.virustotal.com/gui/file/0b5e4b2e45553015124e4095713f04db8285e46bbb191b0d079754ca5b7e10e9/detection

192.169.69.25:5654

# Reference: https://www.virustotal.com/gui/file/d41e358f82a940f25b7ae5939bce0b13f2c5f80124b26b4016eae457e0873ece/detection

51.38.37.161:2019

# Reference: https://www.virustotal.com/gui/file/bdf6ed015e24984b8023a1801235968d27cf041561f19161c7075de0c1e515d7/detection

91.109.180.4:54984

# Reference: https://www.virustotal.com/gui/file/3305ed40c396196e027ea2d5e84f89c93256b7ffb987b663e43717c0c1936708/detection

91.109.190.2:54984

# Reference: https://www.virustotal.com/gui/file/bce296a9962745d31c90b036f0d04d13d54d09146680d9dd105fc2828760009e/detection

141.105.71.87:1608

# Reference: https://www.virustotal.com/gui/file/3c2596940559732bc88a38c163c70bf9f9a9d49fc065be8aa4bcef7a299418f2/detection

51.178.27.101:1616

# Reference: https://www.virustotal.com/gui/file/aeee68960b2fb89bcfe21d97935f3373ee6cf1e784402dd7f33ab90483621f1a/detection

172.248.73.173:1085

# Reference: https://www.virustotal.com/gui/file/56b79fd5456c0c6e1204929c9ac39d63412a880df0a0df853ffe95e37077700d/detection

85.59.25.5:6666
nexta.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/b0fa398dd6067c7cabe937e098a7db9e7444b839c38b454028487f791b57788f/detection

181.141.45.186:8052

# Reference: https://www.virustotal.com/gui/file/9b7d374557e1d3a21711d4c34d14a04da8c7cd2003c1632143f30a9626246a69/detection

181.141.45.186:7070

# Reference: https://www.virustotal.com/gui/file/ade5157c76d20dc880acfec7481d106f52ca11c156b3b4f75d4919d3a1c6caaa/detection

185.244.30.19:1887

# Reference: https://www.virustotal.com/gui/file/225ea283cdfa2b5d6d5fa5487fcc2040745eed6b034631ca5785a67ba88d145f/detection

121.74.13.197:3389
rattydatty123.ddns.net

# Reference: https://www.virustotal.com/gui/file/cb431cfd0c604d06c64538d24491d9e9d62a3b364655726f01bb24e149254e78/detection

91.193.75.25:2019
91.193.75.7:2019
ser1.vietlime.pw

# Reference: https://www.virustotal.com/gui/file/64f3a65cd26e66101ab2781dd1c4e6d9993c70d61e566e4a9bca18645b41ef29/detection

91.193.75.7:9900

# Reference: https://www.virustotal.com/gui/file/404f7735858e2c93e516336a0d8e3b4f71bc475c225b107266fccfc6b69fe1b5/detection

91.193.75.7:1997

# Reference: https://www.virustotal.com/gui/file/5baccf223ea0ef2f75c9c73d12d1345638ebd9cf37e1eb510db38993c6accbdc/detection

91.193.75.7:1991

# Reference: https://www.virustotal.com/gui/file/bce7f2335162d827020c4b4db3c54cad4e9a680e7abc541f6e6fb1f3126a1386/detection

147.135.100.70:9031

# Reference: https://www.virustotal.com/gui/file/dd9a321bb24ccbf849781e37b1584080ae140a14c73a80ee417eb9d595457efd/detection

unexploited-spans.000webhostapp.com

# Reference: https://twitter.com/Jouliok/status/1242190956033716230
# Reference: https://app.any.run/tasks/9bcff652-b8c9-46db-9704-748575d217d8/

asianway.mn
205.169.57.91:10830
10830.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f75542b5c3ea4d61295e9ea44b89c62a9157c7ae209fe727ec5d703ac0125cf5/detection

141.255.154.34:110

# Reference: https://app.any.run/tasks/a7a090a4-3cf3-44e0-941d-32212f5b6011/

185.244.30.19:2998
jk5151905.sytes.net

# Reference: https://app.any.run/tasks/62817794-baa5-4744-a2c5-27b49ecc50cf/

87.218.53.50:1604
asdfasdf12.ddns.net

# Reference: https://www.virustotal.com/gui/file/5b4b74f5d6a321f07c5d37a1bdc642ed6f13cb1735ac0e9acb6ecca1bc0ee054/detection

216.170.114.99:54984

# Reference: https://twitter.com/ffforward/status/1243098924245815296
# Reference: https://app.any.run/tasks/8a688964-553f-44a8-b03d-604c041f7bef/
# Reference: https://app.any.run/tasks/b504ce3c-9c11-4fef-a72e-baae3ff9b1c7/

185.244.30.158:53488
91.193.75.53:53488
backupnano.onthewifi.com
earthtradeint.sytes.net

# Reference: https://app.any.run/tasks/dd404186-922f-4988-9c50-9bc1ba389b48/

91.193.75.7:2012
mercy222.ddns.net

# Reference: https://www.virustotal.com/gui/file/5a244d09771f686d57d44886bf613f5bf7e744b8b2ba0f2b791ec0e6b18773ad/detection

91.218.65.24:54984

# Reference: https://www.virustotal.com/gui/file/6c6c4d5247b0ea006bdb1f1cfcbc76cacabda39d1df34b767f7c3082b487a49b/detection

91.218.65.24:6666

# Reference: https://twitter.com/ScumBots/status/1243882363093991425
# Reference: https://www.virustotal.com/gui/file/569be57292b0f195a11f31a462a1cd2ec7278c826697762e64c5ea10a3b1dbea/detection

79.115.83.86:101

# Reference: https://twitter.com/JayTHL/status/1244005504038379520
# Reference: https://www.virustotal.com/gui/file/62c6b78da2b5da0b5ea9dc2424634ca7ece3de964f4edd9c617ab62344d13c65/detection

76.189.243.198:64367
hellomeee109.ddns.net

# Reference: https://www.virustotal.com/gui/file/d8e67bc701edd8d568ad869bba5914c60ae015904b719d7da961887ba6f00a8e/detection

76.14.164.20:1085
hostnamelol.ddns.net

# Reference: https://www.virustotal.com/gui/file/e693be42959138be3448bb2b8c0d0a948a5cee7124dc649eae337af6acc56035/detection

185.158.139.32:3636
adelabbasenterprise.ddns.net

# Reference: https://www.virustotal.com/gui/file/3f83c36655f2867d87a4341b96d80b3dd3dc7a490aa7d9da54ca4fa870c8df50/detection

105.112.37.1:3636

# Reference: https://www.virustotal.com/gui/file/080787adf87502eee470d472fee29f21b24e39846b8038723b6a0ec8304309b9/detection

83.193.143.58:54984
gounstyle.ddns.net

# Reference: https://www.virustotal.com/gui/file/8c1a38dfe1b2e53a3151a695701677b817fd049662dbc5055e7fbb437366fb7b/detection

83.193.151.59:54984
90.30.45.248:54984

# Reference: https://www.virustotal.com/gui/file/c36e7e30a79074c6ca13dd75acd7a794867646083b350bfc3ea89e5ad736f60d/detection

141.255.157.12:54984

# Reference: https://www.virustotal.com/gui/file/7ec1cb6e477faea97fb78093c857099e4fdf72f535cab3433cdeb40a282e6359/detection

185.140.53.221:10123
win2020.duckdns.org
win202o.hopto.org

# Reference: https://app.any.run/tasks/057de612-273f-4133-9427-2e697d414ff1/

192.169.69.25:1122
meeti.duckdns.org

# Reference: https://app.any.run/tasks/6afce6d9-3261-457b-9c05-a2175978b244/

154.16.93.169:1338

# Reference: https://app.any.run/tasks/d57b9bd3-aa24-4c4f-95f8-d506c80aacfd/
# Reference: https://app.any.run/tasks/efd02be8-c78b-438e-aa1b-80576b2137c8/
# Reference: https://otx.alienvault.com/pulse/5e821ee9f9dc1acdaaef68b8

91.193.75.250:10004
rmagent.xyz

# Reference: https://malwareconfig.com/config/1d22acaa034a6ee34325c54bb9f950ff

birdview.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bc803ce222401db18f90a9c520f1056c7eb14e297f0330170db6e80e889ae2f0/detection

188.64.170.86:1221
85.140.0.102:1221
85.140.7.56:1221

# Reference: https://app.any.run/tasks/19b69bf8-0552-412f-95aa-0921dafcd0c5/

89.113.72.55:1604
r3v3nge.ddns.net

# Reference: https://www.virustotal.com/gui/file/e792a4627607cb459b2d92e720f7b491cadb7e23b71a75874f31a5d1d4d08f67/detection

185.140.53.117:6735
abdul2u.ddns.net

# Reference: https://www.virustotal.com/gui/file/c8745fd598eb89aae1ecca68851c10d267c67fe64fc5af13270ac63ddf1bc2a7/detection

185.165.153.130:6735

# Reference: https://www.virustotal.com/gui/file/356f90df3b413e5236da741e3c3ba67989ac02ec54ac8df060a490349b5d9a3d/detection

185.165.153.160:6735

# Reference: https://www.virustotal.com/gui/file/dfdde0a586f9dce45e0961aa1976c4a6207bcedfa7ca1c99ff62230b44156c57/detection

79.134.225.110:6735

# Reference: https://www.virustotal.com/gui/file/0605b9ad1429d767c6a8ba761cb107a4db15f6b2e4a4d22bbd8f00bf9d46e64d/detection

105.112.97.26:6735

# Reference: https://www.virustotal.com/gui/file/adaa10d25924b65432401bb432f6555b50cb62c13641952dbdbf402b73352666/detection

79.134.225.122:8778

# Reference: https://www.virustotal.com/gui/file/8a1e1866ea4a99033a46cfb91062cc11311bde4f3fa4e954ed74e12c642e7b19/detection

38.117.105.188:8778

# Reference: https://www.virustotal.com/gui/file/20a5a1527eec1367b73b159437504918bef1f6e080aae0e2a1fcca7515db8ed3/detection

79.134.225.122:34681

# Reference: https://www.virustotal.com/gui/file/eda933d530a73850228761fd32a36b0ac3e4831cfa0aac0c2803ae3b31feb260/detection

79.134.225.122:1128

# Reference: https://www.virustotal.com/gui/file/efea239402f5a6e38f46406a6e3642240d05ec832b311c1696bc4aebfefe9528/detection

193.56.28.49:6745

# Reference: https://www.virustotal.com/gui/file/71f16eb4e218ce31c48714915f935505e3c0142842819132c4b047d205a4fd7f/detection

79.134.225.122:6745

# Reference: https://www.virustotal.com/gui/file/10e26dee16c477631fae592194c800da210f15ffcc0dbe878848fce9b2453aa2/detection

204.95.99.26:1888

# Reference: https://www.virustotal.com/gui/file/6e3665d8c49204372b420eb5886812c9232e4a9b5916ec6118c1c738a88c0c09/detection

turrrki.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/8146df67eee0a3a1301dc50e8b60791dc0582f725bd25152d7906032b4bd9907/detection

98.115.116.236:5353

# Reference: https://www.virustotal.com/gui/file/6ecb083aae745977227be78bc106090cf64fbc680047a55a8050b561478a9ecb/detection

mybbbaaa000123.no-ip.biz

# Reference: https://malwareconfig.com/config/7679fec5f6bf7206635b96efa52d1d07

216.170.114.4:54932
216.170.123.125:54932

# Reference: https://twitter.com/malwrhunterteam/status/1247203279471349763
# Reference: https://www.virustotal.com/gui/file/57174c910f4a37c16ce2c9d84aac1ca48724069355c2713edf4fed77eb6c19f7/detection

137.74.80.220:54822
54822.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ecc83d8e4e5461bd89e4e5f73eeaa9a525572e2c2fab6fc86d7ca20cf3b22cae/detection

194.187.251.91:26758

# Reference: https://www.virustotal.com/gui/file/4083cd0b72787398b39f43278b72ac8c5990857fc667007a359de4b86efe166d/detection

172.94.4.82:3850
service.verrco.com

# Reference: https://malwareconfig.com/config/7e6985efb9f5ef15e81292ad68d4fd94

197.210.85.236:3090
won2020.duckdns.org

# Reference: https://twitter.com/MBThreatIntel/status/1247669823405830144
# Reference: https://www.virustotal.com/gui/file/7b2512d06723cc29f80ae8c8d6df141f27bc9d962ae76b5651b84d7be4379bba/detection

185.19.85.147:8585

# Reference: https://www.virustotal.com/gui/file/98af654d0e29607dfe8fa61468b55e8519e69d33d0fdb882a339762f597d4b3a/detection

185.19.85.147:1960
eske.sytes.net

# Reference: https://www.virustotal.com/gui/file/b6283c5dd3cf377b9bdbadbedeac76deaa482ff0203b75e79cd28a6774a3818f/detection

185.19.85.147:1101

# Reference: https://www.virustotal.com/gui/file/0e3e26e5d1defd9286ee035b8f9f78e1a19919fa7ba693615d4de9160cac6024/detection

79.134.225.114:5001

# Reference: https://www.virustotal.com/gui/file/33db560c1bea3195013b008d6f855b975b4d6f30fab880fb584314b5a73c276d/detection

79.134.225.114:54985
1338099.casacam.net

# Reference: https://www.virustotal.com/gui/file/b9487ce9b37e55989e22063cb40646c2363b75732d54754e0b3bcc4c1c054797/detection

154.16.201.190:1608
185.125.205.74:1608
79.134.225.114:1608
bossbaby.ddns.net
lelemanu.ddns.net

# Reference: https://www.virustotal.com/gui/file/2345e1f5dffa854bc6caf6c0169c04e2436ba7cdd496bb0e70ca8cc7728b9018/detection

151.80.241.80:55800
154.16.201.190:55800
79.134.225.114:55800

# Reference: https://www.virustotal.com/gui/file/e88a96fda41ad6a62eb432611bfed9a71130740563032f7c0c80b66877175a8d/detection

79.134.225.114:2065
emekaonu.hopto.org

# Reference: https://www.virustotal.com/gui/file/9a902bf7d145ad4f0343820e40c9318ee42d3f6e2218e4767d8244816616bbbd/detection

79.134.225.114:5060
ablegodbless.hopto.org

# Reference: https://www.virustotal.com/gui/file/c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed/detection

79.134.225.114:20909
oluebebchi.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0a71d7b339554366e001adad8691edf98f0ed0f9f1c3b197ac2cfe02a46e8c7c/detection

79.134.225.114:1985

# Reference: https://www.virustotal.com/gui/file/ee4219449fb6bdea07a363d8e00c1cd9bb7dac5470369de5761bb632695419c9/detection

79.134.225.94:2404

# Reference: https://www.virustotal.com/gui/file/3e75fa86d7a14d6e70a3d7bb194f24df460fc1fa285af94f74ebaa62250defa2/detection

79.134.225.91:2404

# Reference: https://www.virustotal.com/gui/file/2a9d6c429718cfd6b72ac6fb23b5cbd94e0d768cdb2834961495023fa13076b5/detection

tool404vip.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e8eb933f69f9f1779ec1d19b01e3977d840ed57f3b7657acbe3d3674da8b401/detection

79.134.225.114:6454

# Reference: https://www.virustotal.com/gui/file/ff575ec9830622265aae23171bc200a33673dec4f4d7d2a7e8770bba01e3f232/detection

79.134.225.114:6610
nanovip.ddns.net

# Reference: https://www.virustotal.com/gui/file/eba6184ce3f28214b75df642a3d683becaed938cec955feba24c8efd6f7c5afa/detection

79.134.225.114:55850
desma.ddns.net

# Reference: https://www.virustotal.com/gui/file/8c8ea5753647ed74492c40a54f38d7e4fafe2d47dea4f9d26c292c0e314ecf37/detection

bossbaby.ddns.net

# Reference: https://www.virustotal.com/gui/file/893c51eaf4ffe28b3246771eb11dfbef662a77c56c33da8b0854511c8d28fb90/detection

192.169.69.25:5654
79.134.225.114:5654

# Reference: https://twitter.com/malware_traffic/status/1248689865799196674

185.140.53.29:4001
185.244.30.247:4001
mbills147.ddns.net

# Reference: https://www.virustotal.com/gui/file/051015f961c60fd8b5a6f6f9db935e73b25303c4bfcfaa24cd09a6ecae8fc016/detection

cactus004.ddns.net

# Reference: https://www.virustotal.com/gui/file/7534b9f48d70953ed739b74ace44c5fdeae45b300c350f970b16969cce9e2c10/detection
# Reference: https://www.virustotal.com/gui/file/968c7728a848b87b8d2130b9087f9bbf3b8a7239615482c89c39f8a41036ea98/detection

91.189.180.201:24980
ufok.duckdns.org

# Reference: https://www.virustotal.com/gui/file/558a541b16edfd7f5a1ce3e83a5df0a8c0b5408fc9c49b1102cd4f0773c94a39/detection

141.255.148.26:53896
byhackerrt.hopto.org

# Reference: https://www.virustotal.com/gui/file/e208a5a1b5c20b1f62fb04fb4033011f8b358a807942c18db9852edb6c5d2af1/detection

140.82.57.249:3614

# Reference: https://www.virustotal.com/gui/file/e6aa23e800e19af4278f0fd9fdf1506b4322057b25e0cb3474a16af4e0435cd3/detection

140.82.57.249:4488
ddns.catamosky.biz

# Reference: https://www.virustotal.com/gui/file/6df716e66724e3b9587c4cf6387097e97d28887d4b03dff34f4b48babaf4ed3f/detection

140.82.57.249:51899

# Reference: https://www.virustotal.com/gui/file/ec7415cda38608944e3c156c3efd027f80c33f905c85b311b62aa471dc26041a/detection

140.82.57.249:27694

# Reference: https://www.virustotal.com/gui/domain/googdns.ml/relations
# Reference: https://www.virustotal.com/gui/file/906790b2d626cd2f2d13329fbe87c90a1c1fa1713e1ba5c5c8b642d872a9e3cf/detection
# Reference: https://www.virustotal.com/gui/file/cc424b8697f3ed55435511670c51c901aadae994ec6f7d0492fa9326fed11e7f/detection

googdns.ml
140.82.57.249:50899
140.82.57.249:50900

# Reference: https://twitter.com/James_inthe_box/status/1249698356651102208

gbedu-blast.duckdns.org

# Reference: https://www.virustotal.com/gui/file/471316c3fe26f9ca1bff5057899e6ca62780b2a941273290c747b2adc2140eaa/detection

68.168.123.78:4396
79.134.225.91:4396

# Reference: https://www.virustotal.com/gui/file/40e25615e5fbf0d0cf46869521e22d32039f41451f38349e0cb6966b890c5dd2/detection

105.112.106.177:3210
79.134.225.13:3210
podzz.ddns.net

# Reference: https://www.virustotal.com/gui/file/aa7be46b03ed635ea3b16d2f91124ced3026c90ae539c51489b12630cb150ede/detection

23.105.131.162:6010

# Reference: https://www.virustotal.com/gui/file/2dcb1213c0c678221ff4eb34caf23a7b8bac13d78ce4cb47b1e32f04492aa716/detection

23.105.131.162:1301

# Reference: https://www.virustotal.com/gui/file/cea30c6b808bb9308d6cbaf2cfecc17fed57c459ee29f597bb6f9e60d4ee0085/detection

23.105.131.162:24246

# Reference: https://www.virustotal.com/gui/file/b0874e7374af2f3c7cf59b30ec64c4b351b0dc9f9d9bd96e49a667eaba36b8eb/detection

23.105.131.162:50002

# Reference: https://twitter.com/James_inthe_box/status/1250904145822801920

11495.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1251964364657213442

3.19.114.185:17791

# Reference: https://twitter.com/ScumBots/status/1251968137530146817

64.225.39.234:1085

# Reference: https://malwareconfig.com/config/6e2a03063823bc45ae960f3995699f09

checkernitro.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1253340577728360450
# Reference: https://app.any.run/tasks/b05bdd69-ab94-458b-b2ed-20ae0f721587/

adikamoto.duckdns.org

# Reference: https://twitter.com/Racco42/status/1253699455032930306
# Reference: https://app.any.run/tasks/1c4692f9-a8f4-4d79-b75f-473a212f6239/

blackhil.ddns.net

# Reference: https://bazaar.abuse.ch/sample/c068b1a7379f95ee883cd4ed9639bb2b28c380934f3bc0e0c7be97ad808c7b8a/

172.111.188.199:8829

# Reference: https://app.any.run/tasks/6e90bc74-2cb5-4cfe-b800-f49eadbc06b4/

185.244.30.139:4050

# Reference: https://twitter.com/abuse_ch/status/1257403567998210049
# Reference: https://bazaar.abuse.ch/sample/92632fa88b730e2593837c7d51884384dcf8c887fd4b8d3cc6741d12ae9cd347/

185.244.30.6:5626
atiku2.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1257435718303059968

82.231.104.94:42563
linuxhosts.ddns.net

# Reference: https://www.virustotal.com/gui/file/f88a226250d6a6179189d9639a45af0ef770ad895e1f6587ce92306b4b3bacbd/detection

141.255.153.182:3344

# Reference: https://www.virustotal.com/gui/file/90ad4bfa156e6dc301fd67d9bc96bd2239e8820a7fdc2ea09a39856638722d5a/detection

94.225.175.104:3344

# Reference: https://www.virustotal.com/gui/file/bdf862a437dcb333dddbe573a7d62032830c0b5f75618dd1114fbee235322a5c/detection

141.255.153.49:4433

# Reference: https://www.virustotal.com/gui/file/df06bc1fdb230da628f9d0ea42288c55ada5ab9fca619b6f60a1d75a4534e26b/detection

46.76.230.97:4433

# Reference: https://www.virustotal.com/gui/file/23280781868ba0a182714000130d3479ccb84c21a3b886fe1cd87d73c267d296/detection

83.31.167.150:4433

# Reference: https://www.virustotal.com/gui/file/65ce054709b95367ec2eb4d7b8f56700946dfb57c2f44a7964a9113a136e84c7/detection

141.255.145.239:4433

# Reference: https://www.virustotal.com/gui/file/3cea1a42bb8aff2347763954239fc8db8a8befe37862301ed5d7398282fc283b/detection

141.255.146.147:4433

# Reference: https://www.virustotal.com/gui/file/fecf5b0f519af2092c4d2a460eccaef9fef2815a8bac6d6ba1ff356efbdbbf86/detection

141.255.151.155:3344

# Reference: https://www.virustotal.com/gui/file/fac31e837d16a049d2de382d2faf41aca880ca71934f720efc95f2a28edef7eb/detection

83.31.167.150:3344

# Reference: https://www.virustotal.com/gui/file/c1b5c976eb0b8af45260a73d5297ca925ada4c36d114538439e23614de71a829/detection

188.146.228.210:4433

# Reference: https://www.virustotal.com/gui/file/a980806678b79f14c0d756b11188cf4885a466a850db4c33b0a2a7c4c729249c/detection

141.255.156.244:4433

# Reference: https://www.virustotal.com/gui/file/d8a976b5c4d88d4f39942ad4fe90f48b47069ec6ddf886215d1aa5ff0fc5650a/detection

141.255.158.237:4433

# Reference: https://www.virustotal.com/gui/file/baebdd5088be918b37095ad1083b305502103a81bf63e762c4063898733b8e6a/detection

141.255.152.57:3344

# Reference: https://www.virustotal.com/gui/file/cb7edcff3edf4fd5b246cb248458ba1e3041d1a7205d503d97fcef1c10f2a91a/detection

141.255.158.242:4433

# Reference: https://www.virustotal.com/gui/file/c5ae0dc8c228ad28bdd7069162bd5341376d7f8bfa42fc554ed2f24dce4cb750/detection

141.255.155.111:4433

# Reference: https://www.virustotal.com/gui/file/88c3a993e362dff806e4022ba9005b5dcc4e016b08bde2b418d67caba4e0c2e2/detection

141.255.147.28:4433

# Reference: https://app.any.run/tasks/2c1fb554-0e8d-4de9-9c3c-3bb3dca55a07/

fowok.ddns.net
fowok.duckdns.org
185.140.53.12:5656

# Reference: https://app.any.run/tasks/07de1110-40df-45b4-83aa-74c37040d52b/
# Reference: https://app.any.run/tasks/71ac9101-026b-432f-901b-edb9fb25420f/

pharmzone.hopto.org
79.134.225.72:1010

# Reference: https://www.virustotal.com/gui/file/d3c30dddba67afa24e91c3ed5a9be486460a5283bedad9f79da85d65990c52e9/detection

123.140.35.169:54984

# Reference: https://www.virustotal.com/gui/file/12133591c48eed192baeb1cea56c2fcb7136d001a262106c6f9809a3925b7083/detection

211.32.178.201:54984

# Reference: https://app.any.run/tasks/d032c8f5-4ff4-4708-a4c1-2970d777a4ca/

79.134.225.94:9124

# Reference: https://www.virustotal.com/gui/file/122255fdae0ad10f3f7b41672344573eacf74df3952b79592d2aa49286565dce/detection

185.244.29.158:3119

# Reference: https://www.virustotal.com/gui/file/440dd78f8acce2e6137f158763335b184986be8418ece2ca2a0a19b4610bfd8e/detection

68.235.52.36:4822
nowy4822.duckdns.org

# Reference: https://twitter.com/ScumBots/status/1258106085157810183

204.152.219.103:6616
79.134.225.89:6616
microliberated.duckdns.org
sweetsabbath.duckdns.org

# Reference: https://www.virustotal.com/gui/file/84f8451f6178b4dd8892f5ce15cc3bed5b0e56ca51bd62dcfbbe0c88c50867d5/detection

185.165.153.203:5638
185.244.30.117:5638
comcasted.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c802e3c0b78bc558c09ab355342c06896d420ee08e463368bd0ce750cf48630b/detection

185.140.53.142:5638

# Reference: https://www.virustotal.com/gui/file/e23b43d017e1e09b5175e5fc2c7d3c9e60407b1fa591fc4b56dd5286266f8ed2/detection

79.134.225.121:8050

# Reference: https://www.virustotal.com/gui/file/d8489a4c3ffbf57f2ffc293f0a7cc0e4624bccbd435417cb0da89d33cdffa385/detection

192.169.69.25:5291
79.134.225.121:5291
marshall015.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b9cd813de85602f1261fc97adfd2db1e4ab6ecf9a044e44b008a9061dd175fc2/detection

79.134.225.121:3410

# Reference: https://www.virustotal.com/gui/file/7950278086aef7f7d515a19e3b7d9aace45d01dbd0c9b6753f1669964b56b296/detection

91.192.100.17:8050

# Reference: https://www.virustotal.com/gui/file/c0a67bab0f6a107e62d8bb33bb1912fef316eb247a127020a765a2cafd96316d/detection

91.192.100.17:3410

# Reference: https://www.virustotal.com/gui/file/aa6c092a36a8398c5c1a4c20c9e4a8592b99c04c63a1df5e8efdae2fd2e4cc61/detection

185.140.53.106:2013

# Reference: https://www.virustotal.com/gui/file/6b0bdf0dc67fb9f5840ff8799c584bdd375efcf1fb58f1c85fd6645d7820a55b/detection

ahjksdjayhgjhagsdhjga.fagdns.com

# Reference: https://www.virustotal.com/gui/file/00bf73df95cdae9d856be2547393223c4fc43fa4ca949c2275221a01af4434c1/detection

83.171.151.239:5050
thisismydyndns.ddns.net

# Reference: https://www.virustotal.com/gui/file/c4be699fe1f5708344006cca1e10b4f74da1abfc607c530f4fc6d22ac8fee3fd/detection

185.189.113.83:20377
windowslivesoffice.ddns.net

# Reference: https://www.virustotal.com/gui/file/d5a265e4ed76519f3707d2d5f153f631cb5f57e51f3ef4b9f8f6c43c5226a0d6/detection

193.32.127.152:20377

# Reference: https://www.virustotal.com/gui/file/82b2a563fa0f2b3b4cb0d285b6a7575a2ad674013d81d6680d3e81e80d2ae9f0/detection

185.244.39.45:7177
xcvkljdsfuewor7892475hjesdfswerwsdf.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7ec9021da55b9e0983f463ae2e61bd9b3a9a93469ea8a75424669eb8984913dd/detection

64.42.179.51:45840

# Reference: https://www.virustotal.com/gui/file/71777d4207738a074234876f31a0c1b4925307680a42c5ffeaae4c7d25daae7e/detection

213.152.162.10:45840

# Reference: https://twitter.com/ScumBots/status/1259483914495840256

89.182.90.167:3603
dontreachme.ddns.net

# Reference: https://www.virustotal.com/gui/file/bc0670d923ac5d3007bb1a9f0fafe4a75697209adccabdacfb686973fb34f31f/detection

82.165.121.217:12
xkiller85.ddns.net

# Reference: https://www.virustotal.com/gui/file/a4b881f6c19fe9c7b3523fdb17fdd7be5038b0dfccfb79d3fb7a2243e626f974/detection

94.11.133.178:1738
salumstar.ddns.net

# Reference: https://www.virustotal.com/gui/file/96d8e9457091a18a51c473cb3cc4e17bc68d742db9f27a4fc531e0c105eb5431/detection

185.140.53.43:58124

# Reference: https://www.virustotal.com/gui/file/8996ce9251acde109c1654747f7e8a89e33a208e6ed3756e0861bf878f0d9dde/detection

105.112.99.219:49251
185.140.53.43:49251
194.5.98.57:49251
79.134.225.35:49251
xeliteme.us

# Reference: https://www.virustotal.com/gui/file/8d553909f92849780ab5fecb55b2a65f59537e50aa05ad569de0bac50a7a08da/detection

105.112.97.53:49251
105.112.99.227:49251
105.112.99.249:49251

# Reference: https://www.virustotal.com/gui/file/fb972feeb124e22002df27dad53fa72904ddcd4d254a04ebeb21dafdb420cc03/detection

105.112.99.53:49251

# Reference: https://www.virustotal.com/gui/file/ea144ceeef04011e148dbeb572e63cb95c0151b1bab52ebe071b2dc8150e69d7/detection

79.134.225.102:49251

# Reference: https://www.virustotal.com/gui/file/ac297c5bb6bfb56573b4cff94770a5721a34db94d4d3bb75f1d525ce8c2c8a79/detection

169.159.106.238:19864
185.140.53.43:19864

# Reference: https://www.virustotal.com/gui/file/212b473d2d9f4f222d9c7315d21b6045b3cbf9de120cc21b6d55969966f44f8f/detection

169.159.126.46:19864

# Reference: https://www.virustotal.com/gui/file/52c1daa48f7a7341a1fe5b90241cdbd64b4e2586c0d9f27284449be57247ad76/detection

105.112.98.122:19864

# Reference: https://www.virustotal.com/gui/file/8304d1ce83f26ae9188a16b386c8ab85ad6c685728ae66842bf2012e87456702/detection

105.112.99.112:19864
105.112.99.251:19864
79.134.225.102:19864

# Reference: https://www.virustotal.com/gui/file/1da6f82ce664a631082e84edbfe9fad3212e802f77384b113d9ff3d4dee07e31/detection

185.140.53.43:2013
kenya7.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1a7467227432cdaa29acb2a56b84d514cfb9ea33055a3070ecb861eb51101e69/detection
# Reference: https://www.virustotal.com/gui/file/856f303e6cf127d178eb385e0aa7d914cfb754b520bead5fd0f4b2173df6da11/detection

192.169.69.25:7722
185.140.53.43:7722
kenya8.duckdns.org
ikorodu1.duckdns.org
ikorodu2.duckdns.org
mypepsi22.duckdns.org
mypepsi25.duckdns.org
mypepsi32.duckdns.org
mypepsi34.duckdns.org
mypepsi36.duckdns.org

# Reference: https://twitter.com/James_inthe_box/status/1260157297168285696

197.211.61.37:4000
rdpdoc.ddns.net

# Reference: https://www.virustotal.com/gui/file/cc630f017225ee40a7d9f96e3a5d6ea2cdfe8da96154d8a481d6e40e2abed97f/detection

pmanz.sytes.net
podzeye.duckdns.org

# Reference: https://www.virustotal.com/gui/file/dc24fc7a20319973f3b65f6a551419d5f42085cf525b0a9de864e56a85918091/detection

216.38.7.239:444
41.217.58.13:444

# Reference: https://www.virustotal.com/gui/file/aead1479ef4d8bf17c59a84b0d319a53d7c0dec8c07c0d137dbe536083ce5c16/detection

154.120.103.91:444

# Reference: https://www.virustotal.com/gui/file/d0a9a57bafde12ccbb91b3a76da54e09ddaa3350bf83401b115b994e17da3253/detection

172.93.189.93:444

# Reference: https://www.zscaler.com/blogs/research/multistage-freedom-loader-used-spread-azorult-and-nanocore-rat

216.170.114.4:54392

# Reference: https://www.virustotal.com/gui/file/bc38b0e796fc5cf0c20835bed85362e18ca27c26b6603ebc914a73d3de66393b/detection

86.136.102.191:54984
nancratchazz.ddns.net

# Reference: https://www.virustotal.com/gui/file/645d6fc2d9933bf8a3e23e8ea66d0670271bfa6bf9f87b40b9db3ad58a1380f9/detection

86.188.93.33:54984
86.188.126.93:54984

# Reference: https://www.virustotal.com/gui/file/1bb3987a5514c74a2dd6addbcd1ab911e010ea09b183dc754730dcf34e6fb916/detection

78.163.1.67:1085
kurbanlar13.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8428daf5412459321bb89cab571f15bffb23a9a77af729283ec8e3190d0338b1/detection

1.234.108.31:54984
osu.p-e.kr

# Reference: https://www.virustotal.com/gui/file/7780a1035345b4c68b849168bc68abab2edc4d16e8afc19fd1088ecb91ded790/detection

59.2.231.251:54984

# Reference: https://www.virustotal.com/gui/file/5da02c8199a8734f1ff6ba03f9cf751d13851844eda167249198c640ec61fd59/detection

105.112.98.193:64853
79.134.225.111:64853

# Reference: https://www.virustotal.com/gui/file/1b5b618360e0f816972541d9aea7993d3e539de29d3da46f1d86612765f337ed/detection

197.210.226.224:64853

# Reference: https://twitter.com/JayTHL/status/1264302125791789057

79.134.225.32:4918

# Reference: https://www.virustotal.com/gui/file/d736ea220ff2ed658cd5e72c587a47ba2cb45d451d5f05dca4ae56b71ab27c90/detection

213.159.212.162:5454
kermanuwu.ddns.net

# Reference: https://www.virustotal.com/gui/file/1dae0985f5cf3bd2c5668e13680f098ddfb1cd4384a14ef5b3a15149d1bda134/detection

194.5.99.143:3333

# Reference: https://www.virustotal.com/gui/file/900a52d261b439322b6037784aad547615769f487817ead93ff2994337bfbade/detection

xkiller2020.ddns.net

# Reference: https://bazaar.abuse.ch/sample/f036e2aa7615446d2cb3ab689b13aac4055bf2cb8b19b0999db08d7052a80bf1/

91.193.75.15:9900
megida123.ddns.net

# Reference: https://malwareconfig.com/config/d3ed1086de7a05a675e84c5700b0dfdb

xayn420.ddns.net

# Reference: https://www.virustotal.com/gui/file/f8770eac2308bbaba2b0cd9436515c0ddc67a4b071df55b22c9a50a46bdfae5a/detection

116.126.222.134:54984
forchip.kro.kr

# Reference: https://bazaar.abuse.ch/sample/f6833bd6cacc270d9bd9f4a5d3c857eaf1fa4bff26dde70645db48279d52f25d/

185.140.53.11:6532

# Reference: https://www.virustotal.com/gui/file/ecedf8ca5d5fffd39a161e6e2897d1498fe838a577f4e533831691393eaea743/detection

185.140.53.15:7654
okayson.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/file/18472c163255e30adfdf41fef292dc864524eeb928234eefd18f29fd5e6799f6/detection

199.19.94.62:44061
forwardto.ddns.net
yrz.ddns.net

# Reference: https://www.virustotal.com/gui/file/38265051016034998053fd5da769103d548b48a8078f7e5e22dee058180b2d49/detection

184.75.223.211:44061

# Reference: https://www.virustotal.com/gui/file/e426a62fc1d393dda7c072fc03f6fceaa6b97ad2e2c18e5a6ecc34f8fa1bfb70/detection

18.156.13.209:11769

# Reference: https://www.virustotal.com/gui/file/4c7affc3a277874d90723474c5b453cd5357f46bbe987b4f3c385aa1dc9ebdde/detection

185.140.53.11:9900
proton1234.ddns.net

# Reference: https://www.virustotal.com/gui/file/d6093e8cbda03c64c41e3184f03df9719ca44b90f5dda5741d60ffe614baa5b9/detection

185.140.53.11:1717
41.190.3.151:1717
dvsmrtn73.ddns.net

# Reference: https://www.virustotal.com/gui/file/70890d23bf831b4b9ea905fb5ade1646a87c33280bc4bb857dba3e6d24de4f6c/detection

185.140.53.11:1985

# Reference: https://www.virustotal.com/gui/file/f758cdcdb557a63bfccd1da9520b296757251b43ebd04647f1d196bd4e8ced74/detection

41.190.31.26:1717

# Reference: https://www.virustotal.com/gui/file/a974a87f44252d69d2240704c2925ff17d81beef261352675c52520a451e08d9/detection

197.210.65.165:1717

# Reference: https://www.virustotal.com/gui/file/071d0777228fa43eedc5c3548b5b07aebabdeb7faaa6674a2dd1132b7dc79b92/detection

badmu.myddns.me

# Reference: https://www.virustotal.com/gui/file/b8799bc747346a8b6df2732e3737e36b0e5d3c8cd26b066c313ef65c88c33b95/detection

185.140.53.11:6700

# Reference: https://www.virustotal.com/gui/file/c25e50ab885dae75cf5682ae41b91cefffc8b3986b224832c1255788e24c2910/detection

216.170.114.252:6700
dontknowwhy.duckdns.org

# Reference: https://bazaar.abuse.ch/sample/f728252169da3a6dc69cd201835230c017ce37c9a9cd06c1e7daa3153ebc6f80/

194.5.98.28:5626
duckmeat.duckdns.org

# Reference: https://www.virustotal.com/gui/file/051030393f578db6d747781d2553873f82ad83874193608759b968a06d71fa0e/detection

82.102.18.14:7005
pomm2pain.ddns.net

# Reference: https://www.virustotal.com/gui/file/d2ffc224d5818be5ced49af7c1c1e2f73d9eca9e9e73ebb3ead1ef5e83d6a9ef/detection

godblessme.hopto.org
graceofgood.hopto.org

# Reference: https://www.virustotal.com/gui/file/d51b32bd560b9fd2af45d8c28604ebc6cbe2097810c11e5f3bccbe1054a4cf15/detection

78.112.230.97:1605
testttttt.ddns.net

# Reference: https://www.virustotal.com/gui/file/17fa709f1a866d573f997f8f1288d537de382cccc5a4f9c1811db9da34c016b2/detection

194.5.99.20:3118
forwork61420.ddns.net

# Reference: https://www.virustotal.com/gui/file/682cb1c003d98478150a40e5a6eed75332e34a611749eed232e88bf6020b2c4b/detection

forwork61420.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b852fe2db52e3c3902f5a712b116a4f1bb77ba915a111f10a10e2f4e3bdbcfa6/detection

95.211.208.55:2937
arkseven004.ddns.net

# Reference: https://www.virustotal.com/gui/file/296e81d76d2b343f4a068ebcd98211852d98bdacd46943e8c866ae0358e24a1b/detection

49.196.30.48:1608
test9933.ddns.net

# Reference: https://bazaar.abuse.ch/sample/17976b00ac98edbfed8a513caeb5d757c334ed3e1f94712212b5b7a4ac1f226e/

194.5.99.9:1985
blessme.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1275831258216411136

mdhkazerni23.ddns.net

# Reference: https://www.virustotal.com/gui/file/80647d0914027adabee2afcccc6035d144dd27fd428addb1733bc83059d81b27/detection

90.47.148.229:1604
saayyy.ddns.net

# Reference: https://twitter.com/ScumBots/status/1276787932402155521

193.161.193.99:52957

# Reference: https://app.any.run/tasks/e750ae39-3a5e-4f69-8287-5c1fbae25f49/

ChrisLad-61434.portmap.host

# Reference: https://app.any.run/tasks/5bcfab20-3200-4a70-a604-e5ba6d8bfe6b/

mogs20.hopto.org

# Reference: https://app.any.run/tasks/1a62e1a7-c684-44f9-9a40-ee10689cfebc/

185.244.30.251:1085
mogs20.hopto.org

# Reference: https://twitter.com/luc4m/status/1277885198613590017

socket-controller.ddns.net

# Reference: https://www.virustotal.com/gui/file/10e95970b66143465720378dfd0c0565bffc3fbdbeb4052ee25b3ccce559a8a7/detection

78.250.201.211:1604
amazigh.ddns.net

# Reference: https://www.virustotal.com/gui/file/4f3cc70223b6741b19398dee2e3c073d99466a1890634923c1f582edf6689def/detection

194.5.98.111:3524

# Reference: https://www.virustotal.com/gui/file/e0c6187268fae22239659d88982ab88ed5fc4c39f756811e43e9c87c3bb51024/detection

105.112.99.116:3524

# Reference: https://www.virustotal.com/gui/file/6f4c44c25f3fbad058326da08ba53bfd3e57268405e07eb8d38ec3bf3e9cae15/detection

192.169.69.25:5118

# Reference: https://www.virustotal.com/gui/file/5108c55168d2df826e5621020a048c2eee01f999fbb025698876c19e81bafe1b/detection

79.134.225.111:7070

# Reference: https://www.virustotal.com/gui/file/82682adcd6c64959f94ac619732637c6cb8f8a3e30e6c630bc7b7e0a3c1a182c/detection

49.175.99.121:5552

# Reference: https://www.virustotal.com/gui/file/5e2c21896dd984e7c76e88dcd070d1939a6fd27e728823dd3bf846f9db1203c8/detection

13.90.73.128:1813
docencrypt.ddns.net

# Reference: https://www.virustotal.com/gui/file/b2b5fa437d2b5dd11abb6ca40bec2a31d07f789e5c754b5cb7ace2e24528d243/detection

173.212.225.18:6565
whois.myddns.me

# Reference: https://www.virustotal.com/gui/file/306ac086dd1217f6d3e5c3ac64378fb2104e9bb900c67a41e9b266aec97db0df/detection

95.181.157.6:8888
nano.payeermine.com

# Reference: https://app.any.run/tasks/07bb1d81-3b47-4daf-aa92-2ea6c619faba/

95.217.100.164:1608
windapts.ddns.net

# Reference: https://www.virustotal.com/gui/file/214d2cb552aaa99564f24c3cbf794f3839db76aef5673b1f58b65ea957bfece7/detection

109.186.175.132:1111
test20041.ddns.net

# Reference: https://www.virustotal.com/gui/file/7824efe18fb422bf6ddc22ced42e3d095e04a0fff127a835104b9f2f8c49ac10/detection

81.240.172.133:1605

# Reference: https://www.virustotal.com/gui/file/3d1c59b30ee62f7fd8606e4b666f98f1b678954b59d6ed2a6b3a6e219b14477f/detection

87.104.123.253:54984
bruh.ddns.net

# Reference: https://twitter.com/VirITeXplorer/status/1290917136358088704
# Reference: https://www.virustotal.com/gui/file/41a16c2fac901e39b8d73bd18aee3a42b510c0e5a7984bb139584299b7356d16/detection

185.165.153.32:6493
aligod.duckdns.org

# Reference: https://twitter.com/58_158_177_102/status/1290801098282823680
# Reference: https://app.any.run/tasks/dc2fcd38-2f38-4871-8036-944871699780/
# Reference: https://www.virustotal.com/gui/file/505314282263ad6e0a5b6908907b73d87e822a3788c1e72d50e1e4876ba4a0fd/detection

105.112.101.125:7712
185.244.30.14:7712
godisgood1.hopto.org

# Reference: https://www.virustotal.com/gui/file/dbaec2a20ffccfd25b181a02c9e6b949347cdb1753e771fdea2ac1eca054179e/detection

185.244.30.16:8282
judge2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/4832047d5bf8f4dc4c218adeb20a4283e995d8ea641c7129ffdf0c272a9a80b6/detection 

185.244.30.8:8282

# Reference: https://www.virustotal.com/gui/file/fa818a328b84e82f3473add98d8b60fe4ee6a7951465552078729d02deebdd3f/detection

41.217.68.36:8282

# Reference: https://www.virustotal.com/gui/file/c3089400b28a47eb86717230ea291b238a6500da2947b8c700cf3807fa9f5416/detection

194.5.97.18:8282

# Reference: https://www.virustotal.com/gui/file/9eabc0b8905528da9db92ac356f4955fc234cf0e9894f6855d4f88956624a62c/detection

129.205.124.22:8282

# Reference: https://www.virustotal.com/gui/file/25acfe6e0557ab678181432342ed0f909d3f22438fe20ff920579316f5c4edbb/detection

129.205.124.58:8282

# Reference: https://www.virustotal.com/gui/file/41cc013fbf2fac4d19eff0dc17d0c3dac9cf85de372fb37f1731169ef2f6f6aa/detection

129.205.124.180:8282

# Reference: https://www.virustotal.com/gui/file/6839dfb2bf232ccc68bdb4e275ffc1a2e8eb4c672071b706cd3e7a77c85cd4e3/detection

185.165.153.18:8282

# Reference: https://www.virustotal.com/gui/file/06bce1b1cba5b35d7b91140121f7450852f8297cfa280b6dbb9f72d496636a3c/detection

154.120.100.179:8282

# Reference: https://www.virustotal.com/gui/file/1060cfbd653c67aaf319e11458740e4642c9e5d86fbfa03b5f34140d1e6fce89/detection

154.118.31.181:8282

# Reference: https://www.virustotal.com/gui/file/5b5014329912875a48d3c47a61f559e2ede4a0b338270c3d92ba9bc6f16dbf06/detection

2.218.227.109:5353
awdu89021j3io123.hopto.org

# Reference: https://www.virustotal.com/gui/file/933fe91d07412c99011a46b4841b02f6bb8b28e08e900c7646e1c6a9ca12e87e/detection

95.140.125.23:5000

# Reference: https://www.virustotal.com/gui/file/7727d3c7d5e0bbaa09b85aa3962082f274ffd748a30ad896945fa13f2173c246/detection

tuanvosatb.hopto.org

# Reference: https://www.virustotal.com/gui/file/c660d1d93adc735a9a5c59d18eecf6c4124b4e32b3a704bb754e490a2bf5eb35/detection
# Reference: https://www.virustotal.com/gui/file/7926f37cb45c730b9fa347b9e605d1b8e6a055b97f335bf8f1ea99e953fc94da/detection

185.165.153.26:9036
194.5.97.10:9036
salespaul.ddns.net
salespaul.hopto.org

# Reference: https://www.virustotal.com/gui/file/629850087c61458e602d37b2e08f882ddce49ac214789b6bd301899465413743/detection
# Reference: https://www.virustotal.com/gui/file/7e8378f852f1d65e9bc64f12fa30545292b133c0aaaabe19834fa768784b9406/detection
# Reference: https://www.virustotal.com/gui/file/234c57c7f3d4143d532755cc4ab496dc38f7452bf2f4440fbd363ee7fa351e90/detection
# Reference: https://www.virustotal.com/gui/file/34177404f98f44a3135ed16c9f3c514725d59594de6843feff184fb2a20f58db/detection
# Reference: https://www.virustotal.com/gui/file/a4ba594c58e4ccab849590d84b02a0b92e038bc3ca578753ae82a03433e60c2d/detection
# Reference: https://www.virustotal.com/gui/file/3416950352359d3ef392a276e31f2eb898c03cea18e1e66ac6d89e46ea266c68/detection
# Reference: https://www.virustotal.com/gui/file/43f61c32e4bddb05307dae6dd05df8f514e8dd259e11107d984960d7f3f20b01/detection
# Reference: https://www.virustotal.com/gui/file/362dbb0295ee76f7a5669bdb000c81210bf96e3a42ceab8a867af9bf95f2a85d/detection
# Reference: https://www.virustotal.com/gui/file/d07d2d0ebb94ca46ad8c7d3c19dab9880c94104982b5cee71c294315e9728149/detection

184.170.29.18:90
184.170.63.178:90
63.143.101.157:90
63.143.103.252:90
69.160.108.104:90
69.160.108.158:90
69.160.117.18:90
69.160.125.151:48
69.160.98.114:90
jamaicanmodder.hopto.org

# Reference: https://www.virustotal.com/gui/file/9d704430f434f57f0b3e411e8ad6d932c1e2c4f86418c4b57b470443619c2a5e/detection
# Reference: https://www.virustotal.com/gui/file/fc3f3dd9aaec6fc7bf3eff2381e1069dcac4722d7815aa5f1eb7d3bb80affe01/detection

187.44.73.234:4444
187.44.73.234:5568
nois01.hopto.org

# Reference: https://www.virustotal.com/gui/file/68dd11ec4ef88c75394b3a4c18b0d84ee564b39a4b102092049b41a107aff11a/detection
# Reference: https://www.virustotal.com/gui/file/1974a31670d6580f2b4834c229d6123e1ee13c4bbccb9aad7a2b5e6cb3da8b93/detection

149.3.143.104:58581
calmhustler.hopto.org
nanoc.myftp.biz

# Reference: https://www.virustotal.com/gui/file/7691b9903a6e2b2e5352899104bbfbb124d5066412e4eac6e8a5ddb1980a651f/detection

195.123.237.248:58580

# Reference: https://www.virustotal.com/gui/file/4f40d5b8e14c3f4d34a427e50be3f770cee76536b484e883b260a8c84cddc241/detection

194.67.209.128:58580

# Reference: https://www.virustotal.com/gui/file/442a0425a657db9666e95ca0f3f147b2631f85471fcd85b0b92de43fd610df16/detection

45.249.90.48:58580

# Reference: https://www.virustotal.com/gui/file/984c10b376c5919a47852d14482971bdfdda5b1002a89a733c8355f83703d35a/detection

khyberlogistics.com.pk

# Reference: https://www.virustotal.com/gui/file/db4163046ee4cbffb71d888535fa219cf6e10d4e1491872a31403a18f2a2057f/detection
# Reference: https://www.virustotal.com/gui/file/cbc0bf0dc18724e2aa9081616c7c9f13ee72c3a351a87528f05950e64f38f2db/detection

105.112.32.112:1972
105.112.34.68:1972
glennfloyd.hopto.org

# Reference: https://www.virustotal.com/gui/file/984f6b2e7be7aa024346337efda4f0adb42c9dff876df67523586b0f3ba2f6a6/detection

185.61.149.52:6374

# Reference: https://www.virustotal.com/gui/file/e7e4408d52bece69de7318c57a52d7b854c4bac801d8f4492cb42b54d297b22d/detection

197.211.60.59:6374

# Reference: https://www.virustotal.com/gui/file/d930e2fb95334f9102c177a5d0a24572b963ba0aebdb149c6d6a47d6ed73d7ce/detection

197.211.60.87:6374 
197.211.60.92:6374

# Reference: https://www.virustotal.com/gui/file/ce1ab814b21da6747275c5f83c1d9f6ce53bb51a454021a9a8221daa962402b1/detection
# Reference: https://www.virustotal.com/gui/file/de35eb160473867bbee888e774d3785c692cb2c0492700f0121bf0303a16a776/detection
# Reference: https://www.virustotal.com/gui/file/b437e8454c62108371971f0f92fa41d16ea48e235205ca17ff8f5fb95ef9d0a2/detection
# Reference: https://www.virustotal.com/gui/file/dc92da85366c210c4668f1d42abeed2119e1f95273323628dba880b31ce7a057/detection
# Reference: https://www.virustotal.com/gui/file/b4ee34b0a7b13e9e7a2f9d2ec3dd68244ff64897fb1deb372975f6324e1c3cb0/detection
# Reference: https://www.virustotal.com/gui/file/7a19118fd684b5b21d6288ac80dfb187e13fec715924de69a62589caf0535239/detection
# Reference: https://www.virustotal.com/gui/file/e7690b6c6c60062e2a0e2e097ca8d5e12e906d72004498351c40c71f3eeafe5b/detection

105.112.100.119:1996
105.112.100.27:1996
105.112.101.242:1996
105.112.102.33:1996
105.112.106.189:1996
194.5.97.22:1996
41.190.30.180:1996
41.190.31.38:1996
snup2020.hopto.org

# Reference: https://www.virustotal.com/gui/file/853b1a4722b712768939a57e9cf16cd9335f5bc5731969d81d6a732f1759ec88/detection

88.64.63.43:1604

# Reference: https://www.virustotal.com/gui/file/a7fe56c4ac333c5d1dfbd4f576660ec405a714b65238a4558bd1e5b9e2243c5d/detection

185.247.228.5:42151
gregory66.dynu.net

# Reference: https://www.virustotal.com/gui/file/77cb032892c4b001b54871403e09aaae085be1549f0c3c7b1d9d89a88592a358/detection

193.161.193.99:43861

# Reference: https://www.virustotal.com/gui/file/9cbc8beff4c865dc45fc7fd063eb848d42f83511f8d53bc80a0b605061e4dd6e/detection
# Reference: https://www.virustotal.com/gui/file/82206dd1084056f0193f16d9bd8f92f37c207ace3000de994d07c6ad6262dfc1/detection

212.251.116.161:3702
62.1.59.224:3702
dinokosgr.ddns.net

# Reference: https://www.virustotal.com/gui/file/c2a9ededcf9b580aa3892b8283a8e395399a1342e1a01936f49c11f9e88e0907/detection

113.160.165.75:53896

# Reference: https://www.virustotal.com/gui/file/2ce35ec71844c53c8c4267ea004f860512a006b185828b57a65693ae5fc2873a/detection

129.205.124.238:5353
exceldoc1011.ddns.net

# Reference: https://www.virustotal.com/gui/file/93318d1043b7b19f3e1e5b70b8e7c268640d062ffd0125c687bcf190667b57fc/detection
# Reference: https://www.virustotal.com/gui/file/13d88188719da3ef262fd7cebdf5fb68a5978308c4a3b175b261e138ac4c8dd5/detection

41.102.12.246:57415
41.102.126.80:57415
nanaorec.dnsfor.me
nanomilan.ddns.me

# Reference: https://www.virustotal.com/gui/file/d73c6b35d8118432a8070a9ea8fa565b9f6317e63735aa8973ce726d54c99e8a/detection
# Reference: https://www.virustotal.com/gui/file/966956b7e1b7758c55794455ccfba84365ec2dee3e6fbeb7f5951a5da04c20f5/detection

103.200.5.128:6681
144.168.239.34:6681
systemone.bounceme.net

# Reference: https://www.virustotal.com/gui/file/2963104ca069f66b802d0a4268b390f0f11c77666a150cdd65921e6839b0c600/detection

194.5.97.11:54985
jibrelcloe.bounceme.net
jibrelcloe.freeddns.org

# Reference: https://www.virustotal.com/gui/file/5864be3d3e74643d67704e0b6e77177080f9518d43f8827e9b088ef31d9196a6/detection

66.66.166.74:54984
marshg3.ddns.net

# Reference: https://app.any.run/tasks/11795cb8-527c-407b-913a-dda7c5fc75e1/
# Reference: https://www.virustotal.com/gui/file/3f2c17bfa5c453a9fe4a8ab56c9d9ce24020e7489204f506d92668986b965826/behavior/Tencent%20HABO

176.233.19.216:1453
193.183.217.159:2222
208.100.26.250:2222
85.101.227.3:1453
kral.kingx.info
akilay.kingx.info
troyka4100.dynu.net
kingspy.linkpc.net

# Reference: https://www.virustotal.com/gui/file/14e2d59cda2a0f77883110003e580750ff27b2c13cf1998c24ecb15c8f6735e2/detection

176.42.37.54:1453
212.154.4.67:1453

# Reference: https://www.virustotal.com/gui/file/af661050972ec1986cea4f1b6184978014d065b942e2e0d170f89b9dacf811a0/detection

78.172.144.102:1453

# Reference: https://www.virustotal.com/gui/file/bb1a717c2ad799b9b026173f95fcc4b6fc16e233c5b24895744075418359526c/detection

193.183.217.214:1453

# Reference: https://www.virustotal.com/gui/file/01f513ae8de5bb41180a25f095a1bb432f122a808950cd317bbc3b9c6b6cb48e/detection

fff.kingspy.ml

# Reference: https://www.virustotal.com/gui/file/ca5f9b9d08b7245ce538fc5d37b397a628c42af94dae23141fd6cff4aa174bc4/detection

88.203.162.198:5552
noportmeh123.ddns.net

# Reference: https://www.virustotal.com/gui/file/5139795f05610c8e575815985d0ca35e296aadbcfba920b2a3ccdd2dbea3de82/detection

netman2323.ddns.net

# Reference: https://www.virustotal.com/gui/file/67f2aee7a918bfeef9db728b20a71610bb8df72f4388e3b900ec63d3db99793b/detection

109.247.81.119:28828

# Reference: https://malwareconfig.com/config/ffed2f1e6ca4269b6f71cdd1c89d9d76

194.5.99.121:3845

# Reference: https://www.virustotal.com/gui/file/ef7b45841574477b1b5ed2ae34b73245f7584c95b2a6f779c8ef7832ff2b24a1/detection

94.194.4.192:60588
craiglolol.ddns.net

# Reference: https://www.virustotal.com/gui/file/d824db4c74fa5d2370357807a8e111a006d53b2a86356d77f89d76ae66f4b8b8/detection

193.161.193.99:49990
fb38099g.bget.ru
joke-cmd-49990.portmap.io

# Reference: https://www.virustotal.com/gui/file/6a36e120933b856f01d2cddcbc3b58eb7089d81b774d32a47363f0b0ce2c8b30/detection

193.161.193.99:55663
bogdyboss493-56967.portmap.host

# Reference: https://www.virustotal.com/gui/file/8f5e9e6a7d2410e7ab6def79f857ba3f4a50312a26712bbdecc7732fc8277a39/detection

191.217.138.24:444
trjtopfullccs.ddns.net

# Reference: https://www.virustotal.com/gui/file/4ece9db006dc825df446558e92c03269acdfb2651964b7064197ee1b5eb89810/detection

193.161.193.99:29897
riteshjayte-29897.portmap.host

# Reference: https://www.virustotal.com/gui/file/8c8159ac91ee5d5fdf8afa698f73b5ae52bc0617b2f45c5cbfa4b89f712f1897/detection

185.140.53.3:7654

# Reference: https://www.virustotal.com/gui/file/21d0520acdc926195c24d853e8e252126055370182deb683efd6228193af6c5b/detection

185.140.53.3:7590

# Reference: https://www.virustotal.com/gui/file/1a310d38b246012578cd21b406e771cc96b572aba58155c6dc4e621a9b51f50b/detection
# Reference: https://www.virustotal.com/gui/file/38bff0accbd41e7ecd8316dfb40830502ae9010aa9959f58c0487eeb3cd83357/detection
# Reference: https://www.virustotal.com/gui/file/7231955b58f7a6b19ea2719be8762b7922f1732b9f3fa1d1ddcaedb71d2b8fce/detection
# Reference: https://www.virustotal.com/gui/file/93169a8299ef405c622a074d2f4ecb94b541f2775c64edeb2b602764bedce43e/detection
# Reference: https://www.virustotal.com/gui/file/4b45ff6d132f42bcd2a728aa2a1cac99c55642a3831a10845e26a8a56a5a7f29/detection
# Reference: https://www.virustotal.com/gui/file/0378676e03df18269307fcdcdab7bfb34869464dd687c0d24963271b6d3e4906/detection
# Reference: https://www.virustotal.com/gui/file/6e427ca7123643fb1f02e376e84afb6aa8660e24af18d593df21f512acb0fbd0/detection
# Reference: https://www.virustotal.com/gui/file/0029d617ece4567b862bfae7316dd70296f249207b94df615398d6b2164c8c1c/detection
# Reference: https://www.virustotal.com/gui/file/b0563ffd558cf927321f243a56b3ad73dd6ef56d204187839fe647d8c448f151/detection
# Reference: https://www.virustotal.com/gui/file/6cae9d6549da977253232be80dd4e1c7e6be6ac7ee68dd512a6863bdc7b15330/detection

105.112.122.238:4141
185.140.53.15:4141
185.244.30.18:4141
185.244.30.21:4141
194.5.97.13:4141
197.210.52.10:4141
197.210.52.101:4141
197.210.52.172:4141
197.210.52.34:4141
197.210.53.133:4141
197.210.53.15:4141
swizz666.ddns.net

# Reference: https://www.virustotal.com/gui/file/cd8a8adc707737ad5f3cbe0eac8356b105320b9756e1c0d446a018b225c58227/detection

107.172.221.181:54984
192.169.69.25:54984
information.servecounterstrike.com

# Reference: https://www.virustotal.com/gui/file/dc3c9584d79e24f6be9ddc3290b1477fbe1b08f525454a376753b2a4e278de8e/detection

78.125.163.33:54984

# Reference: https://www.virustotal.com/gui/file/4f60f2ec080e0f7107a55221e0fbefb919ef2f6422ba2896a0ed5baa9eb8ac53/detection

84.6.7.23:5498
84.6.7.23:54984

# Reference: https://www.virustotal.com/gui/file/986bf75ffe5d7e61cb3f6d4af2c6c07e034db5d8b15f6a21c473869faa64226f/detection

88.139.174.79:54984

# Reference: https://www.virustotal.com/gui/file/a259ab9f2ce1c874205cd31ac2f4ff924955caf2a81396b400dceb2438ff8921/detection
# Reference: https://www.virustotal.com/gui/file/5cfb9a2c724f578bbe78e041a9a4cc5e19760f88b871ce5e9eb396485256c650/detection

184.75.209.190:2404
185.140.53.135:54985
alquilosabc.loseyourip.com
alquilos123.ddns.net

# Reference: https://www.virustotal.com/gui/file/da847c613a97f6c3fd62a2ab9592fbabbab6d4b3238474ae8139e5df24893429/detection

197.47.166.89:4000
197.47.61.149:4000

# Reference: https://www.virustotal.com/gui/file/97b8a45c8e2f99924898a7d230cab9ba005ad0dc692b33974a5e709406afb971/detection
# Reference: https://www.virustotal.com/gui/file/70d2fad27195ab7162a6a090c8830d4e24fdf7d9d9e88fed256d3a15bb46aa07/detection
# Reference: https://www.virustotal.com/gui/file/7e8378f852f1d65e9bc64f12fa30545292b133c0aaaabe19834fa768784b9406/detection
# Reference: https://www.virustotal.com/gui/file/ed999dbf0261a97d14a344df647dd42ce96293f9a166f13e07b394b8cf1b698b/detection
# Reference: https://www.virustotal.com/gui/file/34177404f98f44a3135ed16c9f3c514725d59594de6843feff184fb2a20f58db/detection
# Reference: https://www.virustotal.com/gui/file/a4ba594c58e4ccab849590d84b02a0b92e038bc3ca578753ae82a03433e60c2d/detection
# Reference: https://www.virustotal.com/gui/file/3416950352359d3ef392a276e31f2eb898c03cea18e1e66ac6d89e46ea266c68/detection
# Reference: https://www.virustotal.com/gui/file/43f61c32e4bddb05307dae6dd05df8f514e8dd259e11107d984960d7f3f20b01/detection
# Reference: https://www.virustotal.com/gui/file/362dbb0295ee76f7a5669bdb000c81210bf96e3a42ceab8a867af9bf95f2a85d/detection
# Reference: https://www.virustotal.com/gui/file/d07d2d0ebb94ca46ad8c7d3c19dab9880c94104982b5cee71c294315e9728149/detection

184.170.29.18:90
184.170.63.178:90
63.143.101.157:90
63.143.102.237:90
63.143.103.252:90
69.160.108.104:90
69.160.108.158:90
69.160.117.18:90
69.160.125.151:48
69.160.98.114:90
jamaicanmodder.hopto.org

# Reference: https://www.virustotal.com/gui/file/e42c98b7c1c0635b90c402cd827f4de7a7740d5acff7b843714d2885e904985f/detection

194.5.98.26:4040

# Reference: https://www.virustotal.com/gui/file/bbd7b2322733fc3b8992d84db06a13bc3c9297ed02671c1915dde93b5bb1b7c3/detection

update-account.ddns.net

# Reference: https://www.virustotal.com/gui/file/500efad5274833d7c04d4e40f9aa56ba5b7c9b53a719cfb6f3494a1d0d02886e/detection

109.57.60.221:59193
fliptheswitch.ddns.net

# Reference: https://www.virustotal.com/gui/file/2938e770effc5cb1e51af3bbaacc78316bbc7357ef3a8d366d7e88bd5a545c9c/detection

185.19.85.136:31821
sketch321.serveftp.com
tomati456.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1297877430582087680

cmb234.myq-see.com

# Reference: https://www.virustotal.com/gui/file/662f115f07c983b7c060eb8a98b4dfa8951df8f3149e71523d2de7ee97d9139e/detection

79.134.225.71:1990

# Reference: https://twitter.com/VirITeXplorer/status/1298963306309353472

185.84.181.67:9124

# Reference: https://www.virustotal.com/gui/file/dc60cbd5aea9991eae966cb8499ff91647ca4c2f4a9005c17e7b804fce1bafb6/detection

5.196.102.89:4545

# Reference: https://www.proofpoint.com/us/blog/threat-insight/threat-actor-profile-ta2719-uses-colorful-lures-deliver-rats-local-languages
# Reference: https://otx.alienvault.com/pulse/5f47c261f5b6aba82c4b8de6

megaida123.ddns.net

# Reference: https://www.virustotal.com/gui/file/adb24fe11631219f74041fd1e304f84db1edda125ec3ed926254f511d2d7678e/detection

voucomereucuu.ddns.net

# Reference: https://www.virustotal.com/gui/file/fb5bae3dabbf6aec4c7812eb286414b8665173fa2daabf794c571d61ae3eaa36/detection
# Reference: https://www.virustotal.com/gui/file/a2d6f81373b31670a8500a714aad457d705f07966dbadf260ec963a954061d00/detection
# Reference: https://www.virustotal.com/gui/file/0fb26042a8a31d0db10d1302875a6f44d5aa5dd369b309795172dc957eef5c4a/detection

157.52.255.145:83
185.244.30.251:83
5.152.203.118:83
covidglobalupdate.myftp.biz

# Reference: https://www.virustotal.com/gui/file/5090e31c81766447e354789fb37bf089e53122f21ff1d38a644b12754205bc40/detection

193.161.193.99:37458
kutas54645-53485.portmap.host

# Reference: https://www.virustotal.com/gui/file/f5ee309bcf361ac82d2e7e81c0a523cccc9591cc97bd78212e5d783d3e7863a3/detection

193.161.193.99:61731
jaymaximus-61731.portmap.host

# Reference: https://www.virustotal.com/gui/file/ecc84cd6a8246c10f598ecd8929c9a58e7a111e36ba746fddae0d4499bf84bf9/detection

193.161.193.99:34883
vikings46-34883.portmap.host

# Reference: https://www.virustotal.com/gui/file/b0bff54fc6f5cc1986f42ddb1e5042c927eeae62f55d0693a257b1531f84f0e8/detection

193.161.193.99:52697
vnaidu-52697.portmap.host

# Reference: https://www.virustotal.com/gui/file/c2f214ddd1e6374e00d442ea723973a62d526c3c59d0031933738719a2e95abb/detection

193.161.193.99:40438
nanocookie-40438.portmap.host

# Reference: https://twitter.com/ScumBots/status/1300445067010863105
# Reference: https://www.virustotal.com/gui/file/4a6c3951153aca92168a984d6ce11bacf23a673ef7a93c65c22a89a05ca54c61/detection

41.251.15.86:3434
ysnirix.ddns.net
xware.ddns.net

# Reference: https://www.virustotal.com/gui/file/525bcc6df27258134feae6a936e82f9ac91381a0733eab0aa54c8fd2ea166b48/detection
# Reference: https://www.virustotal.com/gui/file/2b5cff67f46340e42477b147b2de84771ced5907770d391d20ac8c0c18c264db/detection

216.38.7.241:2033
216.38.8.165:2033
jlf716galpha.ddns.net

# Reference: https://www.virustotal.com/gui/file/10a177abdd2c1f92a98017d996610eb5ba1144bde635b1f36a10fd75782be080/detection

194.5.97.98:3615
getmoney3004.duckdns.org

# Reference: https://www.virustotal.com/gui/file/687971965232a89322860120a4fdf884b246947e1639c8a9454066598a4c5d28/detection

193.161.193.99:20734
rat2000.duckdns.org

# Reference: https://www.virustotal.com/gui/file/30c275d5f4ff57d0069ea318b6704a949ce95c8a3e3687bb03a87a5ff0edac3c/detection
# Reference: https://www.virustotal.com/gui/file/47fa323ddd9d4df6736fc15272986bc9699680f79fe7bc2c43301475669633fa/detection
# Reference: https://www.virustotal.com/gui/file/3590627c2e44ef094b89d96187a71068391ed31670aecef26846ba663fd0c238/detection

197.210.47.136:7755
79.134.225.76:7755
91.193.75.7:9829
doc-file.ddns.net

# Reference: https://www.virustotal.com/gui/file/ad4ad26d707f89d25d4c3a68b3a80216e49703b15f16549026ead5642c163e5b/detection

xzit007.ddns.net

# Reference: https://www.virustotal.com/gui/file/0ceaca1d7d62a73acfa4d06a7e9aa2df5fe583c7d7cc568d8985880c00bb1e94/detection

192.46.168.101:8443

# Reference: https://www.virustotal.com/gui/file/fad6c79568501dd02f8592b98c46559f293d55574c60abc8205f723c59d36b95/detection
# Reference: https://www.virustotal.com/gui/file/08e6b2f75f4c9f9d0850eded556409ff41d8ea510f2a7f5072307130f688fa25/detection

185.140.53.13:7654
185.244.30.7:7654
185.244.30.9:7654
194.5.97.26:7654
order777.ddns.net

# Reference: https://www.virustotal.com/gui/file/4d394ed696ee7fb3d53a7b064c53f2157b28d9f192de912fe311dd284845e4c9/detection

198.46.168.101:9090

# Reference: https://app.any.run/tasks/b467375b-ea84-4455-9b40-6f98a854ba94/

193.161.193.99:42607
spartanrulz-32158.portmap.io

# Reference: https://www.virustotal.com/gui/file/40aae024ca198bbac5bd47b1d852cd742287baec8fd674af2607365ad8394e7b/detection

194.5.97.98:3615
crpasky.sytes.net

# Reference: https://www.virustotal.com/gui/file/1a25dfe77d53a45af68ca9bb5bfe81e30fe2f9e5e720096f5e2b447d182495a5/detection

185.244.30.3:3606
deaphnote.ddns.net

# Reference: https://www.virustotal.com/gui/file/4b44e68bb62bf786ab22a5e62568c682a0b3a58e7b730fa4ef53fddd4f5e4824/detection
# Reference: https://www.virustotal.com/gui/file/76cc0138ec3c0b33845e1dceb6cb251f66a714f434048d043399369cdd600449/detection

192.169.69.25:5268
91.193.75.182:5268
204030nano.ddns.net
204080nano.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a8c8753cead3906503055af736df20a6f4e5a5a371bebbd04b64434f3e501f2c/detection

1111nanocorerat.ddns.net

# Reference: https://www.virustotal.com/gui/file/a835ed00bee1dccde56358f359238f8da78c5233a3c44d78fc2c061ed6764f71/detection

35.193.68.228:4674
affu007.ddns.net

# Reference: https://www.virustotal.com/gui/file/d438dd09e9249c6ffc54851f110cf512d226d1d2bd4ad10ace66038494a4f295/detection

79.134.225.74:3421
blackmambah.hopto.org

# Reference: https://otx.alienvault.com/pulse/5f8051fc29df6226cc54143f

kenkundesu.ddns.net
mattrevwizard-43846.portmap.host
sapho.ddns.net
windowslivesoffice.ddns.net

# Reference: https://www.virustotal.com/gui/file/dab93537f58cd24b5d4343ae58fb550195754d6ae1cc2c8739b75cfd3d59e168/detection

82.9.17.105:7080
10299192.kozow.com

# Reference: https://www.virustotal.com/gui/file/b713419450af62ccb585f2636216809e83b16b8046159ddc5a86ca080226c67e/detection

79.134.225.82:54251

# Reference: https://www.virustotal.com/gui/file/5cd831c034ea6c14f3b2f0de15a26258d96cd0f423c0e5e61bb0892f925303ec/detection

dcosta1.myq-see.com

Reference: https://www.virustotal.com/gui/file/a4a7030cafc76c77d0ec6118c3cd4d57b5450ae0b24f177ea048b23889540daf/detection

154.66.22.174:1987
169.159.114.217:1987

# Reference: https://www.virustotal.com/gui/file/113d6741bf6720a3558e132c706b9aec9a42816a83b2b9b0814fa384ad636853/detection

185.165.153.232:1987
akuadi.ddns.net

# Reference: https://www.virustotal.com/gui/file/2671c5a85a50aa6370dcc77a9bdf58ca419a41719602848a3ee7cc6a2e10aca7/detection

91.193.75.119:1987

# Reference: https://www.virustotal.com/gui/file/391d005a8875fd671acace6d9393b89bb79dde03651460e67e622604a8b5dc15/detection

91.193.75.80:1987

# Reference: https://www.virustotal.com/gui/file/54deeaeed632cdef34ba67c7b879e8c88ad5d19675cd69e613f663e9bcb3c51f/detection

185.140.53.68:1604
185.231.113.86:1604
mavennezeliora123.ddns.net

# Reference: https://twitter.com/Racco42/status/1317104950233673728
# Reference: https://app.any.run/tasks/4c59ed1a-3ec7-48f1-b9e3-8c6d188c3979/

79.134.225.30:6666
kozatkr.myq-see.com

# Reference: https://www.virustotal.com/gui/file/0b026f254ae29721a1bbbce408d49848ecb3295385b1f1512f0b29038c024f0b/detection

185.20.99.191:1194
cribkel.ddns.net

# Reference: https://www.virustotal.com/gui/file/a1dd4b5e1e8794eba42514f5ed129d40426d6e7ebdfc2ef41b9a8fffb8ffe9e5/detection

ubanano20.ddns.net

# Reference: https://www.virustotal.com/gui/file/c0a7dfca7eda9d3f170e318428984c17b9737d4e53c291a227f97863ea30827e/detection

185.217.1.151:9030
dailyupdates.theworkpc.com
dailyupdates.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/9038b8076c63da42013a7c815029253ea17d544aac3cad7843fbe5410836c25e/detection

141.255.147.127:1177
1ff6889819.ddns.net

# Reference: https://www.virustotal.com/gui/file/7b0128a2fb624977656a965420fbb8fa3e1b030318ba962e5c41a06295505e2f/detection

83.228.185.176:54984
fsfprogamer.ddns.net

# Reference: https://app.any.run/tasks/2f5c0822-2f69-419d-a9ad-a311f1a08d14/

2.135.86.178:7777
suka228.ddns.net

# Reference: https://otx.alienvault.com/pulse/5f917584d568ac96634d58f9

ratcentho.ddns.net

# Reference: https://www.virustotal.com/gui/file/9e42e9cd50555cf36e4958efb9a710f034a914f7f8e282fec5228604369c345b/detection

110.54.225.227:54984
al3nr.ddns.net

# Reference: https://app.any.run/tasks/43a2e87a-660d-46b0-9775-19da736131aa/

87.60.159.43:1747
heuzzbozz.ddns.net

# Reference: https://otx.alienvault.com/pulse/5f92c6faf65388e853cde680

msbuild.ddns.net

# Reference: https://www.virustotal.com/gui/file/3e86f9a176966b583fd23ca2375927638aded9d36e87d75bb9a56a41b5b83db0/detection

197.210.227.208:49155

# Reference: https://www.virustotal.com/gui/file/9bbceeb0c9f25dd755570e87aa2bfbb7c3e31e4bee00ca1d1570c0ad497a9057/detection

197.210.227.208:53896

# Reference: https://www.virustotal.com/gui/file/41fa2fb70f2da3f3f9d65b8b6b518337e8ae9ac85d1c248556959a34a5db0911/detection

197.210.85.232:53896

# Reference: https://www.virustotal.com/gui/file/8ec0be83cead99cea7344e83cdb7b9a582f3a59082c30fa0cf45a0c220e07459/detection

197.210.84.141:53896

# Reference: https://www.virustotal.com/gui/file/a23ddeed90dbe2bbd46390061d26ff80e195560f1c29aa6b4f73c816374924c4/detection

ak47a.kro.kr

# Reference: https://app.any.run/tasks/95e766c5-90d6-4444-9db6-ddf5add3ac41/

185.244.30.14:4250

# Reference: https://twitter.com/smica83/status/1321716870584672261
# Reference: https://app.any.run/tasks/373041aa-59a8-4166-97c5-dc57a1b6c40b/

84.38.134.114:8000

# Reference: https://www.virustotal.com/gui/file/1ddce9c11a9b35eb6d55006504b47ab27bcef3edc7747c49d4573712a5a3b275/detection

194.5.97.32:1604

# Reference: https://www.virustotal.com/gui/file/e924821860bcee2dd1acc0239f6413cd6a677213b640942d271ea12446fc65aa/detection

23.105.131.134:5353
hotwireboxes4.ddns.net

# Reference: https://www.virustotal.com/gui/file/70ea3c2f613a92eb24bc6a40cce601feee36041d96ad7a5724ea104e218aa7ff/detection

23.105.131.134:1604

# Reference: https://www.virustotal.com/gui/ip-address/23.105.131.134/relations

2gmoney-records.no-ip.biz
officialtbass.ddns.net
rayxyxx.ddns.net
rs7flow.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b14b33459a39a2a6e58cb8901158e5a0baa1f879cc3a5afc6778315249f544ff/detection
# Reference: https://www.virustotal.com/gui/file/3c18438a9fc9aec1ce0e6d2be9f6f676424b4f8ffd844ac2d1a90b32a5bf0098/detection

212.7.218.65:1122
akika321.ddns.net

# Reference: https://www.virustotal.com/gui/file/b1d821294065f7fe053eb3fc53e43824de1c13eddf0b6e6bd29ac9bf41843c7d/detection

79.112.244.182:7005
saphi.ddns.net

# Reference: https://www.virustotal.com/gui/file/dec8d68ca8abff4d804d8af4aa9357103694f7e9544626dcfca30e434ed83a5d/detection

95.234.164.252:54984

# Reference: https://www.virustotal.com/gui/file/1312ca68e2194990db332849ee49443bd4ff0b1af91b26081319ded864579de1/detection

73.112.163.66:500
easyvirustrojan123.ddns.net

# Reference: https://www.virustotal.com/gui/file/b14f8d8881ffbb14201d42215adc34f7903e1f9693b76e49a1f600202de62208/detection

104.221.111.13:777
rez007.ddns.net

# Reference: https://app.any.run/tasks/734e8396-929b-4a37-be12-8611a08c18a9/

103.207.39.131:1942
buffercc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c1dd3e913417e736fe1251f0d1b890756dfbc7ce89efa4f5ceee6e895d2ec79a/detection

185.140.53.29:1369
eldragon.ooguy.com

# Reference: https://www.virustotal.com/gui/file/da67c2bce19290c08c0f89b79c5c84fcded816addf5177b530dadc77d254fe21/detection

192.253.246.143:2017
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu

# Reference: https://www.virustotal.com/gui/file/60170c685f91ad2e2f26844d3a5620f1ca631166b1697cd726efec4a31d610c6/detection

leivslacker77.shacknet.us
loukousteven.redirectme.net

# Reference: https://tria.ge/201101-qbrch43nvj

23.105.131.174:2008
atacoinc8897.hopto.org

# Reference: https://www.virustotal.com/gui/file/56876f26eb6da9534205b2b4fbc355bf24735fdb27d049c81f92753633b83586/detection

185.140.53.231:7771
shit888.duckdns.org

# Reference: https://www.virustotal.com/gui/file/940d3d31220a420ada65b6653bf1e4586efa8783ab28a267878ea2c1e3a7e3ef/detection

185.140.53.231:7005
wealth4me.ddns.net

# Reference: https://www.virustotal.com/gui/file/c13d7d1dca1d22b26403a1a30d2dea359869a60605e1a1f092796fcea77d8069/detection

wealths.ddns.net
wealthyman.ddns.net

# Reference: https://www.virustotal.com/gui/file/5f97853aa6a5a0fb5b7c55f501878ed5c9cb8e14b226954e73b6564790ac61da/detection

wealthymachine.ddns.net

# Reference: https://www.virustotal.com/gui/file/0a5ca4acd97ba657c0b203a9dc8d69f9e48f121554142ecb86df494a01274d58/detection

185.140.53.231:8888

# Reference: https://www.virustotal.com/gui/file/e7106b8e5cd6ea51ea2f061cd9c4e19bc174076746883f21b00b9ff7743bbf77/detection
# Reference: https://www.virustotal.com/gui/file/b4fabb97f197ef4f0990d0e2bfb5ad572c7a6d044d361f2ca997ab0bbe5b36e5/detection
# Reference: https://www.virustotal.com/gui/file/aab8ae3987ff1bf84081b5a12f9004eed0091d865bf5bd32428e5ef2c0de694e/detection
# Reference: https://www.virustotal.com/gui/file/478b0a90b12b8bd204e4c8a970fccc26498bc85b980d0ade55bc4c8abd9bccbd/detection
# Reference: https://www.virustotal.com/gui/file/37831817f23e12a1c66ef2cb4ae8ebb4a74ec6492308f5544f77364fc9898aa5/detection

185.165.153.110:54777
185.165.153.147:4775
185.165.153.147:54777
185.244.30.57:54777
91.193.75.43:54777
dora21.duckdns.org
elley.awsmppl.com

# Reference: https://www.virustotal.com/gui/file/d50a35f05df59b5b35e07dd204e5312629b3670b09da6801c56f89c5aef8ff6b/detection

79.134.225.77:3606
poseidon99.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e34a85f8ebaead2badaf0a11042ac9b4e23cc3f2c615c831291157e5bc27dcbf/detection
# Reference: https://www.virustotal.com/gui/file/404ddd5047d4b506f4014f5630ed7678f8f978bbc82a75fa5f5b0bd166dfd959/detection

1.234.37.232:49960
ghgha8191.codns.com

# Reference: https://www.virustotal.com/gui/file/5341199abc0af4235f23e194bc4861f61e9d8701e3413bd87bebe17764f3925f/detection

14.48.223.211:1104
hmm9823.codns.com

# Reference: https://www.virustotal.com/gui/file/cfd5d9112f89a182a955591cbdba26032fce5bf9f3a516077127dad6c3110270/detection

111.118.117.164:5880
oleeolee200.codns.com

# Reference: https://www.virustotal.com/gui/domain/nanocoreratpc.ddns.net/relations

nanocoreratpc.ddns.net

# Reference: https://www.virustotal.com/gui/file/a567714c0e73009ba7b5994361999a8cee225b0a142c0f81b7f547c09403786f/detection

212.143.127.120:4444
core11111.ddns.net

# Reference: https://app.any.run/tasks/a06c0853-795b-4425-b9ba-84e68f9bdcde/

185.140.53.175:1169
myseason.myq-see.com

# Reference: https://app.any.run/tasks/9ad69023-d3ee-4550-8cb5-21e64bed36d7/

88.113.185.17:30120
apexi.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1334505689671225346
# Reference: https://app.any.run/tasks/d791c332-ccf7-4f3a-8741-a1a94c9fe40a/

129.205.113.249:5550
centurygift.myq-see.com

# Reference: https://www.virustotal.com/gui/file/5704d95e4e320e6cba7e88ad763d37f1d80c4507497edf346f269efadf15223a/detection

81.49.3.81:7005
nanocore2815.ddns.net

# Reference: https://www.virustotal.com/gui/file/4985f8d5f70c84b22bf220a00d4790248b498a7aeb7cea2012064095bbb0aba0/detection

148.59.94.121:1604
glox.ddns.net

# Reference: https://www.virustotal.com/gui/file/6696b561c346c756e1c5b98be267d71c3a8a23b2d9e77ce23c641c6f5188fae1/detection
# Reference: https://www.virustotal.com/gui/file/992cf8ed168eed107c9cc982aa393c9505f0ff09f47020aa10491953fcfc10a8/detection
# Reference: https://www.virustotal.com/gui/file/787f1f7a4d97ff46925b817174c6e487bd2da2745bb13fd4e3e7b9dd4996aa6a/detection

188.213.143.47:49300
93.118.32.11:2600
elcartel.ddns.net
lapatate.ddns.net

# Reference: https://www.virustotal.com/gui/file/b026faff787c88313278af87cbf64a7ccbd8c920e5f6f274f1656934f092e29f/detection

diaboliko.ddns.net

# Reference: https://www.virustotal.com/gui/file/6443477cf39069cffb98144387e2427435934afa46c4f83d90aa1375b10ab113/detection

178.149.189.107:1604
krembananice.ddns.net

# Reference: https://app.any.run/tasks/8627d0f9-a68e-4580-a02c-fb8dfd06ff69/

185.140.53.211:4488

# Reference: https://app.any.run/tasks/b88e47d1-1969-4709-906c-a9a0e3873b87/

103.125.190.88:2020

# Reference: https://twitter.com/wwp96/status/1339309952083644416
# Reference: https://app.any.run/tasks/2288848c-2cd1-4246-809f-fa6ecd86fee5/

154.66.36.101:32126
corsi111.myq-see.com

# Reference: https://app.any.run/tasks/12ecc6f3-9597-4845-afb5-88f144f5b62b/

46.217.133.68:500
windowssystem32.ddns.net

# Reference: https://www.virustotal.com/gui/file/0b10d7ceed1e27d31637301cc373eaf6ef62bba9cc578dffac4bf01fde2f5468/detection

85.86.181.192:5555

# Reference: https://malwareconfig.com/config/f9b6410f7acdead8b82c03663a89bf03
# Reference: https://www.virustotal.com/gui/file/10c010d565deabffed3f424c0211305578bf72488197f502dcd9cd4ae2e016b0/detection

90.187.111.149:15099

# Reference: https://www.virustotal.com/gui/file/5dc579325eeff2dcceae533504f7ac89845cab1d80ebaf2a16b134e49daa9f24/detection

79.201.182.217:1337

# Reference: https://app.any.run/tasks/fdc42ec6-4eb7-4322-bebd-4b26176c4a37/

193.109.78.38:6653
ammagedom.ddns.net

# Reference: https://www.virustotal.com/gui/file/3529e8c9cfbed0901b0339802943464fd2c1e3d40570d225a9a5e56bda2c23c0/detection

51.11.240.55:10000
51.11.247.87:9033
pcinf.myddns.rocks
salksio.mywire.org

# Reference: https://otx.alienvault.com/pulse/5fe483f15a3dd00f3a7a5e3d

amechi.duckdns.org
billionaire.ddns.net
gsyagvxnzmkoplbhduisbagtevcnxmzlopljdgye.ydns.eu
hacker1233441.ddns.net
ongod2020.ddns.net
sonspices.ddns.net
tornosubito.ddns.net
windo.hopto.org

# Reference: https://www.virustotal.com/gui/file/8fc5df65c492d89e2fb95d91f87bb0625bf85160e19e41820cbdc46277bde5d6/detection

donrajah.hopto.org

# Reference: https://www.virustotal.com/gui/file/d0f919903633feac9f4cc52fe54a6c8306fd8544d0d11a5bdf042cda0b4cbc3f/detection

kingbadoo1.ddns.net

# Reference: https://www.virustotal.com/gui/file/bb47641db3fc4ddaa959198ea26f40845c3da087fc7b1600c2e36cc82fabecdf/detection

79.19.165.252:54984

# Reference: https://www.virustotal.com/gui/file/bb9a1578f59d63b185023ada6c485e8b5cf9336e4b6bd3cad139d234b4f03c6d/detection

79.134.225.28:4449

# Reference: https://app.any.run/tasks/efa5419f-0e92-44b1-8a32-f33437a2aada/

valorantstuffspoof.ddns.net

# Reference: https://app.any.run/tasks/d19d25d7-6426-4b7a-9b98-2fdf610c3e06/

185.157.160.233:54984

# Reference: https://app.any.run/tasks/a7b6c05d-94e3-4c5c-863c-49601c20c6e3/

95.251.22.73:54984

# Reference: https://app.any.run/tasks/bdd93ea2-9526-4075-a6c6-9a9a4abc2e05/

79.134.225.72:1880
deedee111.ddns.net

# Reference: https://app.any.run/tasks/41773a3c-70ac-48d5-8fc4-fc58ccdfbba1/

82.235.86.215:1604
alakaba.ddns.net

# Reference: https://app.any.run/tasks/79677331-eeec-4269-a975-83ce782b5058/

194.33.45.107:5050
ms47.mywire.org

# Reference: https://app.any.run/tasks/eb490a90-e72c-4fae-8aea-ccebf0662dfc/

193.26.21.227:3306

# Reference: https://app.any.run/tasks/6991e1f0-f5bd-44a6-955c-2fcbce4fd33c/

67.234.188.106:18651
sdfcse.ddns.net

# Reference: https://app.any.run/tasks/3104f1e3-c382-4fca-87a7-3ed9a92edd00/

46.128.94.36:1604
hacking1634.ddns.net

# Reference: https://www.virustotal.com/gui/file/1969dc5c7798cb2b198e6821ab08a9a6ddd063fbd7badad8515f88d31a9f656e/detection

80.199.147.150:1604
cocksucker.ddns.net

# Reference: https://www.virustotal.com/gui/file/074381d905e3aaec0e4c4bb9c2e7bd23da6986d1cbbe895c91857a6d35c4a3c8/detection

105.112.113.90:54984
annapro.linkpc.net

# Reference: https://www.virustotal.com/gui/file/8a1531470b71afbae59477a8ba23f4f0c72895700676fd3b5371a2e7f9637b86/detection

105.112.100.246:9034 
105.112.109.37:9034 
79.134.225.22:9034
e12345.ddns.net

# Reference: https://www.virustotal.com/gui/file/9bc650ba9819e8eb7ad716636f7d104883e1c69259cbe4bfb625fe2d8032d479/detection

79.134.225.76:9922
new8855.duckdns.org

# Reference: https://www.virustotal.com/gui/file/632e01fe815ff58fdb252bcbb0f21645918e535390c2e7d053c4970c34066acf/detection

103.99.2.232:1010

# Reference: https://www.virustotal.com/gui/file/62b3f46f9c43d5d5cb7c9a7007a43cd17d6f6cccead58eaed7cb75427cd9faa9/detection

ptricesoft.dyndns-work.com

# Reference: https://app.any.run/tasks/5143eaab-90bd-460e-8910-00e1a7cdbd7b/

79.134.225.38:8787
msteel.ddns.net

# Reference: https://app.any.run/tasks/bacabb31-8a56-430c-beaa-4ae1857fcd48/

151.31.54.96:54984

# Reference: https://www.virustotal.com/gui/file/17a8de8399e7ba96a151dbc72edb30ebe631106578cfe53cecd0f87758321b1d/detection

asril4646.hopto.org

# Reference: https://www.virustotal.com/gui/file/d2b9bc14a54b9495b36fca159fb34aab8369b70c2cb0bf48dcf9838db20ddabc/detection

abelslayer.hopto.org

# Reference: https://www.virustotal.com/gui/domain/hdgbcnuy73wjnho9jusrnhfhejfuy78wyi7jfknv.ydns.eu/relations
# Reference: https://urlhaus.abuse.ch/host/hdgbcnuy73wjnho9jusrnhfhejfuy78wyi7jfknv.ydns.eu/
# Reference: https://precisionsec.com/threat-intelligence-feeds/nanocore/

hdgbcnuy73wjnho9jusrnhfhejfuy78wyi7jfknv.ydns.eu

# Reference: https://app.any.run/tasks/75ed73c2-c4e9-4bd2-9765-3e773250b6bd/

45.138.49.96:9999

# Reference: https://app.any.run/tasks/e0e61c63-b5bd-4221-9065-a0c22d3aa7a8/

199.66.93.2:42000
winkeysysmon.sytes.net

# Reference: https://otx.alienvault.com/pulse/5ffc3ef510d5457cf6973d12

chromie1.ddns.net
sysdefender.servehalflife.com
theravada.ddns.net

# Reference: https://www.virustotal.com/gui/file/28f9157194103062e12869aa1b8c868d4799ba3ec3e5062d30f6eb8f425a2aae/detection

CrzyRutter21.chickenkiller.com

# Reference: https://www.virustotal.com/gui/file/9ebc20c25224860dd069b5ea7e21b9d66f47b12b46cb206606dd9e95a15c7cf7/detection

riskjo.ddns.net

# Reference: https://app.any.run/tasks/72732fdb-0c42-473f-bc01-efa9bf2cf095/

185.140.53.138:2021
new2021.myq-see.com

# Reference: https://www.virustotal.com/gui/file/687bbaf89208397c476e41ca35b5e174cb8ebcd833f067a4b756c2426ed9da75/detection

62.76.105.46:1515
gordon6.hopto.org

# Reference: https://app.any.run/tasks/248c377e-7d29-4035-96ad-7a024b9623b3/

62.205.251.241:1604

# Reference: https://www.virustotal.com/gui/file/6f212246be3ab7db2cede2e87d8d465261ca8f44a86c7ca90cb8238bafed887f/detection

103.89.89.210:24007
ms60tzel1.ddns.net
ms60tzel1.hopto.org

# Reference: https://www.virustotal.com/gui/file/5d4f6ca9fc352752bbcba922bf9cebcf48689d16920eeb91ba95311b5d8c8d44/detection

91.193.75.251:1985

# Reference: https://www.virustotal.com/gui/file/fa4e412d4f56852bfe79235eaab315c64aa4c1aa9dd0898d133ccab7a6c86ee5/detection

91.193.75.251:4378
jesus.myddns.me

# Reference: https://app.any.run/tasks/308bff87-92b6-4a3f-8567-029a71e37871/

95.136.36.121:8869
fivemhostconnect.ddns.net

# Reference: https://app.any.run/tasks/9a1c9077-66b5-4723-8edf-bc3853c8cf08/

78.58.104.12:53896
cfxre.ddns.net

# Reference: https://app.any.run/tasks/51d0e05a-53a1-4866-938a-edc9d737531e/

94.131.200.162:7777
nekoanime.ddns.net

# Reference: https://app.any.run/tasks/f7f5238a-de19-4040-83b5-77db5faa045f/

193.161.193.99:62629
APEXI-62629.portmap.host

# Reference: https://app.any.run/tasks/9fb4cc87-323e-42d3-82c9-230574fe3e4f/

79.134.225.52:5090
mimi1234.duckdns.org

# Reference: https://app.any.run/tasks/9c70a70b-3ccb-49ad-8348-fafa3493f0fb/
# Reference: https://app.any.run/tasks/6bd60f11-5404-4b8d-ac4f-2635da3bbda7/

37.46.150.65:4948
fgtrert.duckdns.org

# Reference: https://www.virustotal.com/gui/file/155f07fcbb697eff2449437b3b0238bdc7362395b1f86a37c4dc3a4c11fe06c6/detection

bob.0pe.kr

# Reference: https://www.virustotal.com/gui/file/724b6b9f50c7390a70d9b592885aeeddd073643215fbed633b98063e9fb0f9e9/detection

46.98.39.89:2891
alekseynj.ddns.net

# Reference: https://www.virustotal.com/gui/file/914b288f13d450de38f775341d01ed13394773c8679cefd0124c32f89476d99c/detection
# Reference: https://www.virustotal.com/gui/file/c87726a3821a33019e9ceb54f3e5b87f6bca8d245577c7edfcc97551c3029c51/detection
# Reference: https://www.virustotal.com/gui/file/1c11ae71070f0d464e20f92b83a0e029dde16271703c329314c78423bcbe8b70/detection
# Reference: https://www.virustotal.com/gui/file/2f9a41b230e25e27518dfbc53c9ca85320c179e1e6ea2911d3885e143e7e0db8/detection

104.243.245.151:6932
104.243.245.168:6932
104.243.245.173:6932
172.111.169.63:6932
klakjadkkjbjkjhiji.gotdns.ch

# Reference: https://app.any.run/tasks/ffdbe300-ab41-4b58-b0e9-eee85514ef95/

193.161.193.99:55948
ScammerBlaster124-55948.portmap.host

# Reference: https://app.any.run/tasks/04d467c6-4e3a-47c8-9927-87b48fecbc3a/

swiszo360.ddns.net

# Reference: https://www.virustotal.com/gui/file/54358d9008d5b3cb0bf3748a17084c7b15ea4a6289b8cf3693936ef5eaf4d5c9/detection

103.213.248.32:55976
zer0-day.system-ns.net

# Reference: https://www.virustotal.com/gui/file/3639bafffda8e9e3103160f63a01e58d8bddea0140a74c644bdaed8aa79440e4/detection

macval.duckdns.org
macval19.system-ns.net

# Reference: https://www.virustotal.com/gui/file/ea33505f0c925d33f863da0eac0a9c9c9d9395087b9834b09749cb366a4ce8c3/detection

aminxd.system-ns.net

# Reference: https://www.virustotal.com/gui/file/986cf3dc3e3a126806c040d55ed3e64be2a227a06f72ea72b6a33248346b847f/detection

188.51.180.222:444
microsoft-update.system-ns.pro
windows.system-ns.org

# Reference: https://www.virustotal.com/gui/file/c99c086f59774f396ee8d6a86f96b0a518e1748815db2ab40cbd80b765558c11/detection

affihf0e93.manfromnantucket.xyz
affihf0e93.thatmoney.xyz

# Reference: https://www.virustotal.com/gui/file/9a3267c627a7e1585aae85fa0ed9857c667046399425eae14233e26ccd157aea/detection

104.129.18.213:7070 
199.59.148.209:7070
c9p5gsnnvgewubz9rbsg.loseyourip.com
c9p5gsnnvgewubz9rbsg.strangled.net

# Reference: https://www.virustotal.com/gui/file/c05c70203cac9c52f9c1f2b0a87c68f80cc562781f63d1c3a5d5263a867e9246/detection

209.99.40.220:1337
88.95.90.9:1337
ryuu.system-ns.org

# Reference: https://www.virustotal.com/gui/file/79f039b77ccbe1e9c3534facaa281d6e19f1f6fce2bc5acf5486b538c322a795/detection

191.101.158.161:6666
legitdns.freeddns.org

# Reference: https://www.virustotal.com/gui/file/b3ea6e9a460cc853fb54dd6b66bd049b5a5ceb0fd6baa13a913ee0bc48cfdfd7/detection

191.101.158.161:26985

# Reference: https://app.any.run/tasks/79f281be-18b7-477a-b0dc-114518051ffe/

193.161.193.99:38071
Reverse32-38071.portmap.io

# Reference: https://app.any.run/tasks/a337a7ca-79a5-4794-968a-dad4bf56927c/

216.238.4.151:3306
nano91.ddns.net

# Reference: https://twitter.com/peterkruse/status/1362313410868822016

cloudhost.myfirewall.org
cool.gotdns.ch
harold.2waky.com
shahzad73.ddns.net
sixteen.ddns.net
sylviaoslh01.ddns.net

# Reference: https://malwareconfig.com/config/55eff2deb19e554c3b9f8bae159df33f

poseidon99.ddns.net

# Reference: https://app.any.run/tasks/650b427d-763c-4991-a366-a189573d0099/

193.161.193.99:50463
CuzImGleb-50463.portmap.io

# Reference: https://app.any.run/tasks/36d10bcd-b40e-4b11-808b-ba1cdf0e60f2/

51.77.244.242:123
sndz2020.hopto.org

# Reference: https://www.virustotal.com/gui/file/2a605f7a63a9154b135fe649eab18771f7e228368a8a3f7ab92916f5c1f2a676/detection

103.114.106.35:20987

# Reference: https://twitter.com/maldatabase/status/1363822138101288960

ilarioza.ddns.net
niggaware.ddns.net

# Reference: https://app.any.run/tasks/ac3c062f-ac12-4abc-9346-42957dcc14f9/

3.22.53.161:12325

# Reference: https://www.virustotal.com/gui/file/76c3e08728b443a483df3cdf1afa547cc83469e6f4a751fc6ced8d8bf400ffbe/detection

89.35.228.199:3365

# Reference: https://www.virustotal.com/gui/file/aa07f9532100dda5a7a9940d62d132131760735799b5ae4193ddb8babee6345d/detection

192.121.82.142:4229
192.71.172.18:4229
192.71.172.83:4229
ddns.whsthings.xyz
okaka.duckdns.org
reserverem.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0034de75a2710d38310cdbffd65e7c328e3c78f755182e5c88d7bc600ee50939/detection

146.200.116.227:12311
31.220.4.216:12311
poggerslol.ddns.net

# Reference: https://www.virustotal.com/gui/file/2ba5e13cb13a927fb8875743750d5a3e229021b83e78c76d075943f635e365fd/detection

31.220.4.216:1188
8cf4d54da9.ddns.net

# Reference: https://www.virustotal.com/gui/file/2378f23db3a8449722eb7d83a747228e3f57aad14e8dca61b6861a05835149ff/detection

31.220.4.216:6815

# Reference: https://www.virustotal.com/gui/file/206ee51323cc5227162eecb50fa2913ab6df884ed31d644eb3c7f00afe2b778c/detection

193.183.217.159:4782 
88.233.41.154:4782
kraldeli.dynu.net

# Reference: https://otx.alienvault.com/pulse/604a077bbfe7ceeb90e0efec

coolkid865.ddns.net
francja.ddns.net
janomo.duckdns.org
shahzad73.casacam.net

# Reference: https://www.virustotal.com/gui/file/9653d7bbee740884067ab7deb5a6bfa87a39efd126a1e906d88c06569afa9d69/detection

194.37.96.45:59044
uyeco.pw

# Reference: https://www.virustotal.com/gui/file/86be0d8f4133909e34b32917107c3659ffb84e41e85ccc894d5b7bfbdad550bd/detection

104.243.245.150:6932

# Reference: https://www.virustotal.com/gui/file/fd09b41c4482260e6153d52f504e43647eb8b23dcd4f9ab2dadd2c9e0917a6f9/detection

104.250.185.70:6932

# Reference: https://www.virustotal.com/gui/file/9f1e955ea1b79a432ef743eb2298a9a09d862cc61b861ea93cf9980071814687/detection

171.111.169.32:6932

# Reference: https://www.virustotal.com/gui/file/175a445972c86cda4f1b391bce0c9a5f6c6ece3464bd078efa031f6d92ddb1fa/detection

46.243.223.71:6932

# Reference: https://www.virustotal.com/gui/file/29127712372662e18978bd0d3ae5f85e63b286afcda397f6756f173e5ae7d707/detection

164.68.122.235:2003

# Reference: https://www.virustotal.com/gui/file/2aadab87a1b29125f1b9f4ec560d448c892c6dca409961a0c7aecaa56cfb175c/detection

91.167.240.240:36434
inso6666.ddns.net

# Reference: https://www.virustotal.com/gui/file/5b8d26e103e38cf590ca69fef9c92457658cc4105d9f24d42d7ccb37a9520bfa/detection

67.253.188.195:30814
forhacking.ddns.net

# Reference: https://www.virustotal.com/gui/file/990df8e02a4bb9340ab3303a87f2939847653652d9b78819a253c8dde0ed056c/detection

104.250.163.196:5906
uiwsxnumhterwxcbnmowqacvyjngteaxctyhnbtyb.ydns.eu

# Reference: https://www.virustotal.com/gui/file/7ee5880aa0541cc277eb7e5dce2346bac4b5a8e2f0093ce563fc65f7506b60d5/detection

kalutex45.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/521458b18eaa79a4fbeae6b419adfdbbb385b1dcfce6044e51ddce2de578fa2d/detection

frendyenemies.warzonedns.com

# Reference: https://www.virustotal.com/gui/file/546e62ed1e337f0bbfa97a637fc74e51242772e19785899d07728ec848523daf/detection

frontline.warzonedns.com
/floranzino/fre2

# Reference: https://www.virustotal.com/gui/file/98ff46d3e4e597b5e13ad608b3d375688e3c2be42b5c69337023726701c964a3/detection
# Reference: https://www.virustotal.com/gui/file/f5a940d7887d1001fedfd4358bf4f5708a07b6fc4d9017a1d377033f43684f4d/detection

24.225.113.157:7535
kaswa.ddns.net
kaswa2.ddns.net

# Reference: https://www.virustotal.com/gui/file/42c93f1c3a0862225942b239a45ef3786a47ccfd65cac1d10dfc409d303bf3fb/detection

77.183.225.233:5000
admin221.ddns.net

# Reference: https://www.virustotal.com/gui/file/30e9bbaf7e31d3aae9d1d3ce1cecf1337cd45cb9ee783b7123ce7af93d7bd185/detection

173.212.254.192:31337
185.220.101.49:20049

# Reference: https://app.any.run/tasks/0b8c63b1-6779-4a26-917e-9f6b72ca492d/

185.19.85.139:1483
odogwo.ddns.net

# Reference: https://app.any.run/tasks/a93e2011-e1e7-4ae4-92fb-848fbde17216/

185.140.53.9:1116
79.134.225.74:1116
coded1116.myq-see.com

# Reference: https://app.any.run/tasks/5e64db61-87fe-4d9d-b61c-d41fd7028dbe/

144.91.105.51:54984

# Reference: https://app.any.run/tasks/e45ebc36-6056-4f75-8339-0616ea96f624/

87.252.182.132:1604
zcxaz.ddns.net

# Reference: https://app.any.run/tasks/1ea89212-41ed-4374-a0c4-2e792b7d0710/

185.140.53.137:8152

# Reference: https://app.any.run/tasks/a35df30b-e0f0-4e1c-84ff-a8897a617425/

73.36.140.197:54984
wavezz.ddns.net

# Reference: https://app.any.run/tasks/a6179ef8-4057-4b4e-a90d-8d65ac07eb35/

193.70.77.93:54984

# Reference: https://app.any.run/tasks/494494cb-e56f-413e-a531-d2dab1f4022d/

192.169.69.25:8192
79.134.225.112:8192

# Reference: https://app.any.run/tasks/4f998bd4-529f-4a08-9d08-601e0ef84a0e/

18.192.31.165:25565
3.125.102.39:25565

# Reference: https://app.any.run/tasks/98a12e28-41d7-4207-9f48-aa5faa02d805/

216.180.137.197:54984
name223.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e566993f0a7c24582ac0cd61f488f51782ee5ff52a4d65cc41561717681c1d6/detection

185.140.53.7:1818
donko.publicvm.com

# Reference: https://www.virustotal.com/gui/file/db3c663f17f8616e4780861cd51636010e5531c4b97135c8adb01e5efd2f99bc/detection

rxen-56181.portmap.host
rexten-23467.portmap.host

# Reference: https://www.virustotal.com/gui/file/8d8c6bce0171d049ae28f3804a29402f2283e0a26818e68eb396efbcd04a4712/detection

193.161.193.99:7119
matrix89145-43067.portmap.host
matrix89145-46670.portmap.host

# Reference: https://tria.ge/210330-rw3gyjnbxs
# Reference: https://www.virustotal.com/gui/file/f66215f8969f39a42b3227f185e601ab5a866cd23481012353c50693f1ef0b00/detection

185.191.231.252:38884
holyboys.ddns.net

# Reference: https://www.virustotal.com/gui/file/baf5098a21b4d571d2c23727229db27ee1c81216aeddbe59ee391f94154ca33d/detection

192.169.69.25:5600
meeti12.hopto.org

# Reference: https://www.virustotal.com/gui/file/311f2c8194cb056d4a4a739d6b9295cab2f34550a8d49795f32f5d3b224af8a9/detection
# Reference: https://www.virustotal.com/gui/file/311f2c8194cb056d4a4a739d6b9295cab2f34550a8d49795f32f5d3b224af8a9/detection

129.205.124.119:55533
197.211.58.11:55533
ijebu.hopto.org

# Reference: https://www.virustotal.com/gui/file/be43020993caf8c3375688abb6d2f8632cda093a454486b0bbf4c8706030beaa/detection

liptoh.hopto.org

# Reference: https://www.virustotal.com/gui/file/9781fcecf1e263ebb7f8f5df5fe43462f8e8bb5ee19248c7d3aa24c751e21510/detection
# Reference: https://www.virustotal.com/gui/file/617ada66285df5e56729f0fff7261ad6c92402788edf24eddea590abf49b76ba/detection

23.105.131.137:6512
88.241.166.6:6512
positivemikey1000.hopto.org

# Reference: https://www.group-ib.com/blog/rats_nigeria
# Reference: https://www.virustotal.com/gui/file/70fcd3a08e569a97ba7a421985ea0ba96840f9c7cc864bdc54790e1b0e24f322/detection

screw-malwrhunterteams.com

# Reference: https://twitter.com/pmmkowalczyk/status/1379753326305292289

178.245.41.254:6060
185.19.85.138:6060
79.134.225.7:6060
james12.ddns.net

# Reference: https://twitter.com/maldatabase/status/1380491983437844480
# Reference: https://otx.alienvault.com/pulse/607042f768554ce0c38a23e6

alphanoip2.hopto.org
backu4734.duckdns.org
chaya.ddns.net
kalipsoahow.ddns.net
manateerat.ddns.net

# Reference: https://www.virustotal.com/gui/file/f542bc0175168daa808ce1448a019f88b058df6d0702c6daa4a0f83a481f2a5e/detection

79.134.225.30:1144
nassiru1155.ddns.net

# Reference: https://www.virustotal.com/gui/file/d76290ab24f346401672de34139b32d4f880b7d840ba7734204fefef2d6f1ef8/detection

kaktus087.hopto.org

# Reference: https://www.virustotal.com/gui/file/6b97140e12e6a6a524e089033e37ebee320f324032dd0d43e5b6cbaa71906c27/detection

esetceotest.publicvm.com

# Reference: https://www.virustotal.com/gui/file/7ff8b71234cf614f5db606aad945a01e492c719e8f8531471eb66e22e03941e3/detection

femi234.publicvm.com

# Reference: https://www.virustotal.com/gui/file/d36fd8c47b86a34310fd320d5ebdb336d8bb7482ce756e6202bdd756c5d7a8e7/detection

85.86.181.192:5555

# Reference: https://blog.talosintelligence.com/2021/04/a-year-of-fajan-evolution-and-bloomberg.html (# Nanocore)

79.134.225.33:83

# Reference: https://otx.alienvault.com/pulse/6082b7f03b1fe3e6006f034a

mmwrlridbhmibnr.ml
edouard.ddns.net
innocentbooii.hopto.org
newjan.duckdns.org
randompersonal.ddns.net

# Reference: https://twitter.com/anyrun_app/status/1385554241322995712
# Reference: https://app.any.run/tasks/3c50a835-6ecb-463e-9ff0-30944ae2abfa/

105.112.36.184:58931
hansonindustrycoltd.hopto.org

# Reference: https://www.virustotal.com/gui/file/0ec6bb11d6954747645ec272ae7ce2c95e0c44b886836826a613ee8c7fe19eef/detection

67.215.4.123:1190
manku.no-ip.org

# Reference: https://www.virustotal.com/gui/domain/ped.nan1.tecktalk.org/detection

ped.nan1.tecktalk.org

# Reference: https://www.virustotal.com/gui/file/0e25a468f5856605c937edeb122d5bef98492a2e0aa1d5146d6ab67572956d62/detection

ewnano.tecktalk.org

# Reference: https://www.virustotal.com/gui/file/13c16e80c9db66f6a123f4d81b8032aede73b568af1c18ca3e070eb57751fdf8/detection

nanotech.tecktalk.org

# Reference: https://twitter.com/reecdeep/status/1386630028604084225
# Reference: https://app.any.run/tasks/afeee8de-2913-43d1-889f-df26b01181c5/

185.244.30.24:9560
rickkkkygirl.ddns.net

# Reference: https://www.virustotal.com/gui/file/5827cd94556342737cc0564dfae45efa0d1d05368e4f9d8fb35c6c8ebdfd8b88/detection

46.166.182.67:54984
n0one.ddns.net

# Reference: https://www.virustotal.com/gui/file/dfd9a3aaedc52a3ed464c5e7b79eba9d11d2caa21a88d1600e094bb16ad6ddfb/detection

91.109.178.5:54984
natasha1996.ddns.net

# Reference: https://www.virustotal.com/gui/file/09efb455bb0ce60c3e25c3d2179b7494a69efdee0507cc96a46e1bc838d60041/detection

18.234.205.251:9911
newhost1.publicvm.com

# Reference: https://www.virustotal.com/gui/file/9359e82c758da5f2bee17b926c9e999f6649e084f9e91d2840945179f63a60fb/detection

45.126.211.217:2017
floyd124.publicvm.com

# Reference: https://www.virustotal.com/gui/file/931ff1be1ec60def17154c1315d4b28042359256af8b01fead9f2468437bd2a8/detection

103.158.223.228:2033
indigobaba.publicvm.com

# Reference: https://www.virustotal.com/gui/file/e48629bdaa203994ac62bb4e4eec52e7b83afb30be4e512575a53994f169d627/detection

194.5.98.122:1144

# Reference: https://www.virustotal.com/gui/file/9359e82c758da5f2bee17b926c9e999f6649e084f9e91d2840945179f63a60fb/detection

45.126.211.217:2017
floyd124.publicvm.com

# Reference: https://www.virustotal.com/gui/file/d48045ef0fbd1eb80b6bd1b7bb6aa02b3fde5a0ec4e8d1b6f1230379c780b89c/detection

188.119.112.240:1339
premiumtest.hopto.org

# Reference: https://www.virustotal.com/gui/file/5f65d13a9d7e12d03265c24770dc70ca0389952537485f7d659b1d87ba32d6b8/detection

mail-account-update.publicvm.com

# Reference: https://www.virustotal.com/gui/file/d241c9a0ef5885c3f6c96c43435acd850d5caec10f4dbefe76739089dc5e2acd/detection

irokko.ddns.net

# Reference: https://www.virustotal.com/gui/file/d19ec41523494ad5ef0a5a49fcd0734849440c9dd7cb5d5fb0f1362ee642df67/detection

sroomf.ddns.net
sroom0.ddns.net
sroom1.ddns.net

# Reference: https://www.virustotal.com/gui/file/141d493f8a41c2a23017df33e219ee6926f3cac924697aa121823a7f76f0f132/detection

18.192.31.165:16836
3.124.142.205:16836
3.125.102.39:16836
62.24.151.225:16836
sarahrat.ddns.net

# Reference: https://www.virustotal.com/gui/file/51172a67414c93fe9c80a8531714b69db2db6eef16de723a15da3bc335a4ee46/detection

197.210.70.75:4242
jamesgrego115.ddns.net

# Reference: https://www.virustotal.com/gui/file/f0014bb03e44ccb27732506bcac04dbeefd8f8b6aab98276cb444fb25bc6d11e/detection

78.59.207.109:5556

# Reference: https://www.virustotal.com/gui/file/b91a6f8a42ea201c5e81ce6e35f303350de76310f988c54c989cb87b7c52445c/detection

197.210.84.69:6565
newgrace11.ddns.net

# Reference: https://www.virustotal.com/gui/file/e984b71b0a0e59c5bd1e9d0434e23e4c60d8b10c505f280a68b2292d9af0cc6f/detection

82.65.40.112:5552
lemien.hopto.org

# Reference: https://www.virustotal.com/gui/file/2ec21b4548b88633396a3bc85eed7f1ae41014707d909d33f13f9cbc126fe9bb/detection

100.15.49.234:5555
microsoftsupport10.ddns.net

# Reference: https://www.virustotal.com/gui/file/53a6bbad8efe25cf7e970cec35b9a45a2256464c7886877dd697b08755d09e2d/detection

45.15.143.178:60159
sweaux090.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5e802786eaaf082dfe8037e72fa914a00c6bae012166d7d20633595e8bb391bd/detection

45.137.22.50:4801

# Reference: https://www.virustotal.com/gui/file/91f6fc2ae99e090dad56e53c7bf258dd4f43df79ac02a11f2620c31f045fc87f/detection

45.137.22.50:4557

# Reference: https://www.virustotal.com/gui/file/08ecce1fb89755fa576a2c1c855bbb0f701ef20c791f56dc0c675fb2a8163691/detection

185.140.53.138:20221
wealth2021.ddns.net

# Reference: https://www.virustotal.com/gui/file/0559b801a2f46ef7c8566900b2b8c3e1b01a162069e543aff364f4904db8926b/detection

129.205.124.120:7899
haash.duckdns.org

# Reference: https://www.virustotal.com/gui/file/28e575260cc878a8215800ebdaa02684d6997954a381c748e1e0fde409fadbd9/detection

45.154.4.187:8080
alexwill.ddns.net

# Reference: https://www.virustotal.com/gui/file/4f68908e0d99a2a4ff8d27b66baa038d24749b632df22b2a088a147f56824e01/detection

185.140.53.250:1604

# Reference: https://www.virustotal.com/gui/file/5d8da4f6c6c82b30357e74ffca2c3ca8b52832dea9f1ccf7c99df73eb2812c14/detection

147.124.218.73:8080

# Reference: https://www.virustotal.com/gui/file/a4bc47e9fe2cec44dda13a192a574c7389611e39667c49269c23f51d3fbb1c9c/detection

23.105.131.161:4040

# Reference: https://www.virustotal.com/gui/file/d09c4c2e8827461c13cdfcec9c8d4f335953b0b2db14274b372ff677721e7469/detection

79.134.225.26:1133
nassiru1166main.ddns.net

# Reference: https://www.virustotal.com/gui/file/52471b8f2614c966827dec1410a056365c1db0306c660269872e8953fc9b777f/detection

196.75.65.216:54984
yup432.ddns.net

# Reference: https://www.virustotal.com/gui/file/9e1a2c9d96432c50595155d6b3f4f505be90d4fc957a647e31a804c534fa2e3e/detection

185.202.172.211:2889
185.244.30.118:2889

# Reference: https://www.virustotal.com/gui/file/fdfbd5c73747a0cb6a8a7c92066a4f6a0a921673e7fc32225ed62d62d4a65146/detection
# Reference: https://www.virustotal.com/gui/file/0c648ca6454846293087345e4b9d5eb0524e906c6d45d01aae256719d628e3d2/detection

newdays101.ddns.net

# Reference: https://www.virustotal.com/gui/file/6c665a57019eae3314f1b7f32d69b1f49b34c78826b639cc33ea461e4ed65296/detection

caplockhost.ddns.net
jhostspy.hopto.org

# Reference: https://www.virustotal.com/gui/file/3242d931b1c8d3bbceb329e2f00a912c36a2bb6e37da8e883d845612ae13700d/detection
# Reference: https://www.virustotal.com/gui/file/480ac0561951704d75a37f55375b83c6060844e0a23ef4d60ced6278250e5ecc/detection

109.69.0.217:38969
213.152.161.149:38969
server20212021.ddns.net

# Reference: https://www.virustotal.com/gui/file/ad439797439e09b5ea5987dd0120cf107947224b479a9e9a31c835afb18c1dd5/detection
# Reference: https://www.virustotal.com/gui/file/381787483dbc0b248fa7b6e44cba83e6ad136a1ce5b241170ff0d13c1e24b96e/detection

98.3.16.121:3612
98.3.16.121:49287
manateerat.ddns.net

# Reference: https://www.virustotal.com/gui/file/31b8170d18fc28a400ad5a2a40ab331bf9558daa538167648f20537ce0783bfa/detection

185.140.53.130:1604
185.140.53.138:1604
timmy04.ddns.net
timmy66.ddns.net

# Reference: https://www.virustotal.com/gui/file/a039ef0d2500b92c1c87d5394d9dc4398f639cf9772c0c70f7812fc17e2c2506/detection

197.210.76.128:6565

# Reference: https://www.virustotal.com/gui/file/aa7a1daaf13cd6273836d5ceb8ad8d8c881e82a78026c67dc7c63575d36b3131/detection

79.134.225.71:8787
nanobela.myq-see.com

# Reference: https://www.virustotal.com/gui/file/6dbe7c1ad6aa3de3c750f31f4a51b024ff833a45438557681df67c12385df062/detection

197.210.28.16:1119
light1119.myq-see.com

# Reference: https://www.virustotal.com/gui/file/42395fe0a9834f127984ce1ed171f4b07ed9321b6c066ec3843bbfe180c74e72/detection

3.95.194.143:9911
newzebi.myq-see.com

# Reference: https://www.virustotal.com/gui/file/7a1efd39685750fe01bbfbcf5cdc0c4216bff56d59aefd4b5e439099dc05cb1d/detection

79.134.225.9:2224
europe1.myq-see.com

# Reference: https://twitter.com/James_inthe_box/status/1392481554249572364

myhostisstillgood11.zapto.org

# Reference: https://www.virustotal.com/gui/file/4332838bd4c0d7af8e5e615a53ede0bdc61aae8c23fc189e77ca533d599c0ee1/detection

83.253.102.78:4567
fsdfsdfdfgsdfa.myftp.biz

# Reference: https://www.virustotal.com/gui/file/925df2248f658c7751ae5d58d7fbcd7c93be62cb07206ee5c7f21cdff422f56a/detection

46.101.249.24:50236
absorbing-reaction.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/440f6e4656440a2f2bf892260f70f0dde1262b6163ecf95f7e233e7adfa34cf5/detection

134.122.66.170:58840
wasteful-dad.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/9ae43b7a8e5876372919c190ef26e0468092f2463cb15dd5738b420b715afe41/detection

female-run.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/dd08434fa554f0e76ebe28749547a7088f0b6e51f71d438822c634f134c58d06/detection

spicy-vessel.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/b8c16ed7c643cbe05b1020f71238225938cc046c4d260ef56f62473c01dc5a63/detection

utter-stranger.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/b97e012fc73402ccb9a6315da19f20a03eabb803de8c2d0e2a70278a488a447d/detection

134.209.194.210:53441
subsequent-drawer.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/ec2bb15b059b727a19eebaa827a8a6ee750e8d6580941c16fb6a2502be23017f/detection

134.122.66.170:51631
ill-informed-property.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/00dbdb30bb96bc955320894322a70629181ee0900a040f8bd8ddc2ed38dce065/detection
# Reference: https://www.virustotal.com/gui/file/3d6e3a99fb947e004ecd938681080f81a8342acd93298146f04979317d754eca/detection

151.115.36.90:49606
46.101.140.16:49606
warm-voyage.auto.playit.gg

# Reference: https://www.virustotal.com/gui/file/32b2c3219bbc524be5471cdaf766430a52a8d6101be304adb859bd805a3baabd/detection

176.136.47.220:8080

# Reference: https://www.virustotal.com/gui/file/facc8eb6ff18584bb64cca1c843741178759509ee7aadab80a4ef81b54b7a432/detection

servicepoint.duckdns.org
techpack.duckdns.org

# Reference: https://www.virustotal.com/gui/file/64246eafb3187a5d814a9c1b55b61beda376eb2f3e8ec2c42988a1fafe0d5e6f/detection

103.151.125.220:2009
fucksecurity.duckdns.org

# Reference: https://twitter.com/petrovic082/status/1394987545444892677
# Reference: https://app.any.run/tasks/87568d22-4e6d-4677-9ef4-db728f37ecde/
# Reference: https://www.virustotal.com/gui/file/12bb55a3dd474b56890032a15d13d1753804254a089437569bcf22efb79bfc86/detection

103.89.90.73:1604
hshjiopklmsacnzbcjuewahfdsnvmlazbcuewqjh.ydns.eu
tzitziklishop.ddns.net

# Reference: https://www.virustotal.com/gui/file/f2dcc47e9e2ce6adea5980a23f58df8645eaa092327275aa51418d4dce9045bb/detection
# Reference: https://www.virustotal.com/gui/file/faf317619083a12e06e058d6bb65922f9efbff573f0ccee013841fcc2b013243/detection

185.140.53.132:7600
194.5.98.23:7600
joetrump2022.ddns.net

# Reference: https://app.any.run/tasks/0b9111d4-1a16-4d41-826b-d1d7a2b78a13/

45.137.22.50:28054

# Reference: https://www.virustotal.com/gui/file/6be2ea033449b97fe6b1022cad28f2c41a5609f48371ac29d49448e222330d51/detection

188.244.63.241:8080

# Reference: https://www.virustotal.com/gui/file/fdc20b9480ed26e18d71a9af65c95fc6780ce98f91b9ce074605ca8386810488/detection

5.187.75.205:9999

# Reference: https://www.virustotal.com/gui/file/220ca39356e88231e3d1a3a6092b4bc2af025803a7e692304b4ca77a39855fbd/detection

5.14.107.239:1608
darkware.ddns.net

# Reference: https://twitter.com/pmmkowalczyk/status/1397855245238247424
# Reference: https://www.virustotal.com/gui/file/041ed09a65a93d5ec37055b16a7f70b5c0c130d9018e06d14ec0cc94d95940e6/detection

194.5.98.11:1990
197.210.226.215:1990
197.210.85.187:1990
197.210.85.215:1990

# Reference: https://www.virustotal.com/gui/file/695a2763c088dcd65deffc625b283fa65520ae970ec69b34cc49065089ef5253/detection
# Reference: https://www.virustotal.com/gui/file/374cada6ec7e4cec71763e59b2934ca154c470fe6c2fb822af38b32c1881c1c4/detection
# Reference: https://www.virustotal.com/gui/file/bd0f134d79df0d8a8fa72b958af1de70e2ddf834620ab583b4d18908b9b89d62/detection

185.244.30.3:1809
185.140.53.134:1809
197.210.227.21:1809
bangitin.ddns.net

# Reference: https://www.virustotal.com/gui/file/48ef390d67cd53a1abfb2e159451982d23ad45efe27ccb3a50b55c3ee8f5f6e8/detection
# Reference: https://www.virustotal.com/gui/file/81fb9949bef82c4379e80cbaec0af3c6300a19242dd341213976fdb5c0ea1109/detection

194.5.97.21:7895
197.210.85.217:7895
scottgerald242.gotdns.ch

# Reference: https://www.virustotal.com/gui/file/2f56dbd14afea9803f7b5e2f311ccc3ea0d341c84134df52809028d3dcd6d081/detection
# Reference: https://www.virustotal.com/gui/file/0951f969b4003c8c9bdf6a8d9fbd8fe4823779e94d6d739491ec29fe6376582b/detection
# Reference: https://www.virustotal.com/gui/file/b62d02f897d3fdfc7982b6bcf324070f5c61b148cba98854538c5bb75e9384f5/detection
# Reference: https://www.virustotal.com/gui/file/2eced6c67c639f97833ae7c176ac9c85e00dd88a2e48f94ef7215084f5f70312/detection

185.140.53.241:2600
185.165.153.85:2600
185.244.29.123:2600
miklo2600.chickenkiller.com
miklo2600.ddns.net

# Reference: https://www.virustotal.com/gui/file/bcae6a00e659868f70d17e721fa214159a762c6fd9bc84b6e6038e3c539c2ade/detection

stephmiklo2019.ddns.net

# Reference: https://www.virustotal.com/gui/file/298035a176b06143763374bba0e5532f5bcf3c00e03534fee4548c731545446e/detection

79.134.225.113:12345

# Reference: https://www.virustotal.com/gui/file/c3b962e92ba42d70b841f3e59fa848775fcb0e3d3669575b40bc23a6d74fc0db/detection

179.43.149.23:52802
alord.duckdns.org

# Reference: https://otx.alienvault.com/pulse/60b0dc70f61002a12cefc38e
# Reference: https://www.virustotal.com/gui/file/116079e9e6d1bdaeedefbbb3433900bc09e0b17455bb1b709aee49faf449b3c3/detection

82.202.167.58:2201
k-storage.com
cdn.krnl.ca
dbep.duckdns.org
dns-domain.duckdns.org
hellooow.duckdns.org
woader.ddns.net

# Reference: https://www.virustotal.com/gui/file/fc7516b7717704c9634ee9f3a4828dd84dbdafeb1b5fe1abb6a612e5e0c84f0d/detection

151.106.56.110:2404

# Reference: https://www.virustotal.com/gui/file/4b96cfa36daf5ab256e44413b30909d435f6dd73f1ae937bae93cb185a9c5bcb/detection

182.188.141.108:5555
john0071.no-ip.info

# Reference: https://tria.ge/210601-xnp7fbh2lj

ifybest85fff.ddns.net

# Reference: https://www.virustotal.com/gui/file/7a84aa92f81ee3e9e694a8105b94a825147abf2504572a8fb3fb333d574bd33f/detection

199.195.253.181:54666
rnnfibi.hopto.org

# Reference: https://www.virustotal.com/gui/file/ebf41b12fc72e96db992d5ec5c2b7f541e38224968dec54d4f8cd905e8be210c/detection

bowlee.ddns.net

# Reference: https://www.virustotal.com/gui/file/cf32bf794461f1286ddf604e1aa6022cd4eef1b05020c01efd2c682db865106e/detection

194.5.97.197:54402

# Reference: https://www.virustotal.com/gui/file/49c28c9ab46c71450929ffc850dc411cf24f125659cc253f0ee5fb16a59e3f7f/detection

23.105.131.142:2092
startedhere.ddns.net

# Reference: https://www.virustotal.com/gui/file/b9d0e673a7c2087a49745714f2635e88a20f268f1bf02c29fb217680f88b8b3b/detection

40.115.28.131:54984
niggapoopsockpiss.ddns.net

# Reference: https://www.virustotal.com/gui/file/0b6e863dcf477baf45541e6395caf58aee42a32ea46fb8503763cc3c791fa2c6/detection
# Reference: https://www.virustotal.com/gui/file/033d346d91b47bc1edfef01631508bb6fce56bf0349c1478c810679751ae00f0/detection

93.109.26.101:49286
thouppos.ddns.net

# Reference: https://www.virustotal.com/gui/file/2d5c01b39b122aef32c90300ae5790903186e526a6752e1478cb1001db68b530/detection
# Reference: https://www.virustotal.com/gui/file/a331107f9704db617f106c66b7fd9a49b7b3672dd4904b8c33aac540e55286a9/detection
# Reference: https://www.virustotal.com/gui/file/63b9f1d7daf36466738c2bbb8ad1709e228bff39aae1781973a4992f2bf8e673/detection

37.120.152.155:3039
95.140.125.48:3360
1616.duckdns.org
161616.mooo.com
babaq.ga

# Reference: https://www.virustotal.com/gui/file/698d9527fa2855cd955b8e7f23fe89ab7227019fc4d57cda69f623058c432e41/detection

daviscoleman899.ddns.net

# Reference: https://www.virustotal.com/gui/file/34220e03c07940a980e9feaabf171d49eaea6f0813dd62537a07ebfd140cee3b/detection
# Reference: https://www.virustotal.com/gui/file/d8e990ff4fd260e3bafef9357a0ee589613eaf934f6bb93cb6b72113d5893bd7/detection
# Reference: https://www.virustotal.com/gui/file/0427a66fb12d689d85dd61873f7dcdb5523078f9f1a0195884f0d745581b12dc/detection

212.251.119.197:9003
46.246.138.95:9003
46.246.139.52:9003
147.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/7c50958807309bb9eccad560ae5cb3e6e811d600326f1ff4989b9e77de7e216d/detection

45.164.102.50:54984
googleservice64.ddns.net

# Reference: https://www.virustotal.com/gui/file/9f6d8dd5717baf891e1d1bdde5c9e56bf4e82f656ee503d59c8a550990356322/detection

79.134.225.119:94

# Reference: https://www.virustotal.com/gui/file/b499b1f9e07f93300064b94e74da97439a754747799a6af597828a7511804d42/detection

79.134.225.119:95

# Reference: https://otx.alienvault.com/pulse/60d474f56cd3b9018daa15cc

dubby2021.duckdns.org
tristurd.ddns.net

# Reference: https://www.virustotal.com/gui/file/4151ba31163b08fe7571dbfe3a4e8b398dde414fe0506667188664ae088220c6/detection

191.177.183.137:1177
backupnew.duckdns.org

# Reference: https://www.virustotal.com/gui/file/43087ea9490bfbbc1216d8e9aeece07cf0125fd8bfbcaf8ff726c93adc7bd4eb/detection

212.192.241.89:7225
newlife957.duckdns.org

# Reference: https://www.virustotal.com/gui/file/730b52a76ef9038d8267ed22c09d5cca646d18c967b9807c10f2d75a0e1e320c/detection

24.101.234.141:8087
fgdgfdgfdgdfgs.ddns.net
mcserversetup.serveminecraft.net

# Reference: https://www.virustotal.com/gui/file/70ca9789dedb1407277252272aa9dc9711cc65fde19542ec693d8d1b6c8718ec/detection

3.22.53.161:10422
googleapis2.duckdns.org
googleapis2m.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1150f4623748138803965ed8aabdf348a457921ca30670c0e53b95292bf056d8/detection

104.227.146.200:7170
mynano.ddns.net

# Reference: https://www.virustotal.com/gui/file/4fd01964e4170ea620b139127ebfb3a2e153f0d601380fe6fcf5ac2ce8853bd8/detection

109.25.253.218:1430
zayna1304.ddns.net

# Reference: https://www.virustotal.com/gui/file/cdbe67339a29bfe3066a18b4e68e9b19e28e449ab21ce23a85ed15e04c5255df/detection

203.159.80.186:6703
203.159.80.186:8234
hhjhtggfr.duckdns.org
hutyrtit.ydns.eu
sdafsdffssffs.ydns.eu

# Reference: https://www.virustotal.com/gui/file/d0e513513bad819249e623d2898f2df26a087e321b8bde841caf8dd2f2a40f95/detection

37.0.11.232:8234
46.183.223.113:8234
asweee.jumpingcrab.com
tryweaswweee.ydns.eu

# Reference: https://www.virustotal.com/gui/file/94c04d6b5f82d551838ed5ea1cebc1d312991640a368ac10df709704b327a880/detection

hirtoruew.duckdns.org
zzeroirt.duckdns.org

# Reference: https://www.virustotal.com/gui/file/bc16c48ef4435300121e3e14fd1b06c27447935e7fb14166f1cd7d16e0fc1fa3/detection

185.140.53.253:1604
84.38.133.182:1604
dedicatedlambo9.ddns.net

# Reference: https://www.virustotal.com/gui/file/5acdcb8735f961014ceee591dabbe6807f7c01c9643c3f54ce70cd4994f3aace/detection

116.203.140.78:9845

# Reference: https://www.virustotal.com/gui/file/ab915bb1e45aba4cbbb762e4bac31510539b4a418d8466839bf6e4c1b40b87a2/detection

103.147.184.73:5719

# Reference: https://www.virustotal.com/gui/file/f3d7b3821f7b0613358f580a1f94bc28d483322e83c931569126d3531a323538/detection

103.147.184.73:6710

# Reference: https://www.virustotal.com/gui/file/75e5d00f80fe125c02c86961b3c68cbe099afb199e905b0f182452f6d7d94a79/detection

femolampa.tk
tojah77.duckdns.org

# Reference: https://www.virustotal.com/gui/file/88403cdefa359b226d308a078d8e43657a8ae54c198bd2bf777b4e46c287a39b/detection

onlinejones.linkpc.net

# Reference: https://www.virustotal.com/gui/file/199f9134deefca5e21d1d07f695a966cdf55313d08af1c7a0a05ac50d1e73a6d/detection

95.179.210.180:4042
mey.myddns.rocks

# Reference: https://otx.alienvault.com/pulse/610fc875c0a576ada4e34a2c

alexalex123-41909.portmap.host
soso06200.ddns.net

# Reference: https://www.virustotal.com/gui/file/1ce353e990a32078c455c1d9e2bdc69267965f8bd93e00988b93241333bb3224/detection

185.244.30.84:2345

# Reference: https://www.virustotal.com/gui/file/287597fcffd11298b757ac806606000d8dd4c3c2641891c1932a1e76348d9922/detection

185.231.113.190:1990

# Reference: https://twitter.com/pr0xylife/status/1450235904107372545
# Reference: https://www.virustotal.com/gui/file/a0512e7537eac6c6d9bc33483261c2403c9ac0d49f6a10748b2ad81d591ec892/detection

194.5.98.48:8338
ezeani.duckdns.org

# Reference: https://www.virustotal.com/gui/file/341dc012d18050040d8708d4b8b4d6191ae865469276d0a0556af12fee7d8cb8/detection
# Reference: https://www.virustotal.com/gui/file/ecf7b1a8d8cb81c5440743ffe7d5d0116073ff65f393e31c1e105ff1aeb5de46/detection

102.185.101.81:4444
102.185.17.105:4444
102.185.174.164:4444
102.185.233.244:4444
rere12.hopto.org

# Reference: https://www.virustotal.com/gui/file/49847ebb75cfdb5a1fffc310eda6c6660f6242e70b23aac8a1a1a1d1abce994a/behavior/C2AE

192.169.69.25:3883
asorock0011.ddns.net
wcbradley.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e0e970941858a273c596475e80326684f7a8d2cac7a538c4c2912615c449bc92/behavior/C2AE

181.52.252.80:1896
nickdns104.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cd24b42c63793dfce4fff72bc96a8466efa54df6dc56d32331842834782caf72/behavior/C2AE

107.172.73.191:4984
sicoslanderfamilydog.gleeze.com

# Reference: https://www.virustotal.com/gui/file/f6d3db86fa85378727353a5f021f9cb1336d822798d8b957f51975b707361ad7/behavior/C2AE

185.140.53.13:1790
192.254.74.210:1790
adikaremix.linkpc.net

# Reference: https://www.virustotal.com/gui/file/5e3b9ca572bc41495ab4fa5e2e009fe92a919f202c4e538548b6b0a5e3599978/behavior/C2AE

185.244.30.139:4050

# Reference: https://www.virustotal.com/gui/file/2c82c8be149401e712850653c97b6810e037ce9c306300bf4bea1ea75006b74f/behavior/C2AE
# Reference: https://www.virustotal.com/gui/file/6c6958e97ee9fec98d9af9b3496c6e0d289f5f6c29f5b580e4fd5f4d314b960b/behavior/C2AE

megida.hopto.org

# Reference: https://www.virustotal.com/gui/file/266c0f3b1cf78040080fce2037544112b77d23b25753c714d6390c2f705a3c34/behavior/C2AE

185.244.30.251:1133
vreme.ddns.net

# Reference: https://www.virustotal.com/gui/file/9158b2603107bcf476eb1e8bf225a5f0e184830afc99bdd00101420c53f46b82/behavior/C2AE

5.163.149.205:5353
anthywsp.ddns.net

# Reference: https://www.virustotal.com/gui/file/1aba5fdeaebc9e872d8420528ab9062a2e5738a8f3befe2497f29db78d001b9f/behavior/C2AE

172.99.21.157:53896

# Reference: https://www.virustotal.com/gui/file/29d59cff833693b1df33808ed34e64911fbdc2ba6e750c65018e559cecac19f6/behavior/C2AE

185.163.45.203:8002

# Reference: https://www.virustotal.com/gui/file/71cb674c07340bf223aa8238cb5a5a58edad0342a6b5a3fe7d2d80800881c599/detection

194.29.101.219:1760
microsoftstotre.ddns.net

# Reference: https://www.virustotal.com/gui/file/576b690cf4a7ff7650546a0cdcba5b24f8b90907003293cf1f592bf37c9028f1/detection

92.57.66.153:55826
ourpcinfected.ddns.net
unknownwy.ddns.net

# Reference: https://www.virustotal.com/gui/file/2e3c405dadb0117a360746b3502880fbfb65e065459c3ebc1f5ac0e4009a75f4/detection
# Reference: https://www.virustotal.com/gui/file/bb264eeac45ef6b82373d905a1b0a343f71618c9891e020190f2349d9547a4cf/detection
# Reference: https://www.virustotal.com/gui/file/a55ea4919a0cd9f0181578759c4958784f1d0d7ab16dbace31676d56930e2576/detection

136.244.108.136:49617
194.29.101.219:49617
31.220.4.216:49617
favor.testfood.ml

# Reference: https://www.virustotal.com/gui/file/d738fb0439cfeae7bb7cfd6dbaa0e61ee09fee6c92dd0472065ec8d09039fddb/detection

omega.testfood.ml

# Reference: https://www.virustotal.com/gui/file/a00eaebbcca9d15732f7a85590bdcaef7b96c8ce6dc76a400af674cf34ac7274/detection

104.156.238.13:49474
best.testfood.ml

# Reference: https://www.virustotal.com/gui/file/2e48409abf1e4729d11a13bff4bb0559a4cd4439121ab936be4a4895d582444d/detection

94.237.68.129:49474
94.237.68.129:49557
alpha.dujanadecfoods.ga

# Reference: https://www.virustotal.com/gui/file/26d2efd05144c426861c5522224290785467007dcb2990d49c2f16a681fc06cf/detection

gud.testfood.ml

# Reference: https://www.virustotal.com/gui/file/e64dcd60a67383f2f7c9aded00160f4bc37b2a533d9f950af404571526b82d80/detection

gold.testfood.ml

# Reference: https://www.virustotal.com/gui/file/bd83f6ac624e81d2eec47c2afed0353dcee2d9299112341e7434dadc3ce4dfb2/detection

94.249.111.70:53896
jordanianggs.hopto.org

# Reference: https://www.virustotal.com/gui/file/8ba02d0c6683288779bac1b96ad8ec0a3696a19c949ad86650f78e5cc23547eb/detection

51.77.249.195:1085
tantoe.ddns.net

# Reference: https://www.virustotal.com/gui/file/d2b923e8bdabe1720ae6c089d9c81ead282ad6145adb25e63f687e8c650ffdce/detection

194.5.98.48:7705
grace7705.ddns.net

# Reference: https://www.virustotal.com/gui/file/a6027fd64a3f8d5c908282601687bc635705cd45dcdeeff8f0a2f01df02d6e6e/detection
# Reference: https://www.virustotal.com/gui/file/c74e89861947deac982d38264f0c451e54b7f70da4aab9789c8b0692b948763d/detection

176.168.187.199:6606
176.168.187.199:7707
176.168.187.199:8808
91.109.176.3:6606
91.109.176.3:7707
91.109.176.3:8808
zaphir123.ddns.net

# Reference: https://www.virustotal.com/gui/file/6267777762614004a43b9939a53ef97023534ce168af8c49e75286d32652895a/detection

124.123.185.247:54956
thedog12.ddns.net

# Reference: https://www.virustotal.com/gui/file/7f6242d204a6ff95a909a280956be1af736db1be87994da0726126dfb00e5f9a/detection

91.109.190.4:54984
licmgr.duckdns.org
wdupdate.duckdns.org

# Reference: https://www.virustotal.com/gui/file/eb019a7eee47d1eebf28c8c25784674b0900665a7080afc6c27c115bdc097b92/detection

h45hdecrep7.dynu.net

# Reference: https://www.virustotal.com/gui/file/4501ffa7cb8b5d7b056db7c77e24a6767fb94ce3d709772e5c3113d7a6d59c8c/detection

185.140.53.131:1211
1211.hopto.org

# Reference: https://www.virustotal.com/gui/file/c644673cf009fad34a79441f44b5eec4faaf81459147692f9af1e1c9c36f6543/detection

195.133.18.211:1187
dera31.ddns.net

# Reference: https://www.virustotal.com/gui/file/1354c79ec14833dd6f56fd4958f7c8e8159f994e6d83067da0598edb6f156263/behavior/C2AE

91.193.75.148:8822
newme122.3utilities.com
newme1122.3utilities.com

# Reference: https://www.virustotal.com/gui/file/f505d3a98e47352ffc4569ecacf479707e199948f723778c4242e3250c651b81/behavior/C2AE

bobby123.ddns.net
194.5.98.12:2411

# Reference: https://www.virustotal.com/gui/file/d73a9f48883eda1aa327e5c0995a8dc50be8352ca5d90575963f5f45a074ac52/behavior/Microsoft%20Sysinternals

79.134.225.69:6060
xylem11.ddns.net

# Reference: https://www.virustotal.com/gui/file/8865f7c169dce0e8e9e0df1cadab4dd9db21b1f1f876c0f00245f544fa405b89/behavior/C2AE

178.33.13.161:1608
windapts.ddns.net

# Reference: https://www.virustotal.com/gui/file/f32f6c5b0a380a97ee115bf7939fe31cfe000cc5e48461cb03eb6982109dd0dc/behavior/C2AE

192.169.69.25:3883
wcbradley.duckdns.org
asorock0011.ddns.net

# Reference: https://www.virustotal.com/gui/file/1e4fae4322aa44f845b1ea1156380dea2f21cfa360d21a238470acddd3e773c5/behavior/QiAnXin%20RedDrip

dollar22.ddns.net

# Reference: https://www.virustotal.com/gui/file/26a978a3dcd7a9bebab3aca43b72e4a203e8a02d48ffb40fe19599f1ac82fe14/behavior/VirusTotal%20Jujubox

90.62.63.8:4647
namiswan.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f1b327db06cbcf6040da7e25b71c53b9d7dc3c63e76051ad51205f70bd0cdb8/behavior/C2AE

86.194.210.97:1234
crypt.ddns.net

# Reference: https://www.virustotal.com/gui/file/5cf45071d478d05dd8d10d71c03d2b03831df532c956f5d03c34df0520b65365/behavior/C2AE

94.198.42.167:59754
94.198.42.167:55841
94.198.42.167:54822
94.198.42.167:55520
qwdnoqwomdqw.tk

# Reference: https://www.virustotal.com/gui/file/6562d6cf7d1ab02f15b0c2576ae862faf818ca54d2e45ca9e6eb27edb54ca72c/behavior/C2AE

194.5.97.207:3259
mec.sytes.net

# Reference: https://www.virustotal.com/gui/file/d2e897665e02d48a99beaa5a6ab7ff7a299e631564603b4306ca5fcbbd299602/detection

172.94.92.54:59023
shtf.pw

# Reference: https://www.virustotal.com/gui/file/a3e730374220a884a0f490f7085d26890628dea6da844ea58cde64a9b03b815a/detection

amilolo.ddns.net

# Reference: https://www.virustotal.com/gui/file/4e81d6eddb21fdb73b517fe5cc6f3143e90f46806c65187123942b4c2009c771/detection

90.51.247.217:54984
hack3.ddns.net

# Reference: https://www.virustotal.com/gui/file/443c27b78b0fa24ae1131834d0307fa6da57f1463695fc6480d0d3874d5dcf64/detection

185.140.53.160:6640
john23432.ddns.net

# Reference: https://otx.alienvault.com/pulse/619f7bf2b948aa29ee973b88

ratsertification.hopto.org
sdadfffasfasffas.ddns.net

# Reference: https://www.virustotal.com/gui/file/6bf0463c0e0e87c59766f3708bdc1716e0fc62a9604bafac21c54b2a6fcb4f0c/detection
# Reference: https://www.virustotal.com/gui/file/ff8bdac925d5df24e77711c66d2ec0998fd7b92ef5024333f185a885ca7ee63c/detection

176.239.192.170:215
176.239.83.242:213
hjkm12.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0698ef3ab517d07ad1d1093fbbe0ebaa2b9492d8dc133d32e24998e0550fac51/detection
# Reference: https://www.virustotal.com/gui/file/4872db70c243f4bcee4d2b8546972b4fafe357f158a8b82074b892f41de32294/detection

141.196.205.87:113
176.239.175.53:113
ahmedt.duckdns.org

# Reference: https://www.joesandbox.com/analysis/526200/0/iochtml

lizaelock.ddns.net

# Reference: https://www.joesandbox.com/analysis/894071#iocs

9292.freemyip.com

# Reference: https://www.joesandbox.com/analysis/526564/0/iochtml

neoncorex.duckdns.org

# Reference: https://www.joesandbox.com/analysis/894433#iocs

billie4.ddns.net

# Reference: https://www.joesandbox.com/analysis/894637#iocs

wealthgod1234.ddns.net

# Reference: https://www.joesandbox.com/analysis/895717#iocs

6262.hopto.org

# Reference: https://www.joesandbox.com/analysis/895914#iocs

rickjohssn.ddns.net

# Reference: https://www.virustotal.com/gui/file/f8eb104af228653af478508b5bf75d92f501fb3248fc02125dfaddd7c1c5e967/detection

68.119.12.79:5555

# Reference: https://www.virustotal.com/gui/file/e1a8ab723d106bd46a651d4d37ced7ef10df596c95385966f43ed963f6b87482/detection
# Reference: https://www.virustotal.com/gui/file/5d81a166213bd05958b9e1f557a5bb137179879427fb3c72e40b337558061e84/detection

23.237.25.146:54984
91.151.137.15:54984
dogcat420.ddns.net

# Reference: https://www.virustotal.com/gui/file/a29713a10c25c10be0fd0108ca6e5e4cd31358367d13b15a5c87464413a80989/detection

zolim.ddns.net

# Reference: https://www.virustotal.com/gui/file/35f4f225c5b0e3ba8bdb85ff14646a5adf47a17058b248b22394ec2f9236a4b6/detection

37.0.11.230:2407
accessgranted.ydns.eu

# Reference: https://www.virustotal.com/gui/file/d0e513513bad819249e623d2898f2df26a087e321b8bde841caf8dd2f2a40f95/detection

37.0.8.214:8234
37.0.11.232:8234
asweee.jumpingcrab.com
tryweaswweee.ydns.eu

# Reference: https://www.virustotal.com/gui/file/662fbe23c87844a881ca233876ff75ee05ddf2ac0a1b5546fb5bc7603474860a/detection

37.0.8.164:34566
dfdgdsasedw.ydns.eu
freebeeskatobi.ydns.eu

# Reference: https://www.virustotal.com/gui/file/d26e5453281bd521ba914d6dbbcfa8d1ef37cad2e2f91ed19284b0000ad67b8d/detection

195.133.40.193:4948
keshodiwa.com
slot0.keshodiwa.com

# Reference: https://www.virustotal.com/gui/file/1577241f1a134f418aad884997681b9c7d1cbb2b78970d1dd5a558b2d50b2657/detection

1116.hopto.org

# Reference: https://www.virustotal.com/gui/file/494373c6309267c3358bd49724afcb026c0b89980c75fe3c0cfefca34b973cbd/detection

194.5.98.120:19864
mansengco778.ddns.net
newcracker.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b297f74819a9afd1281241f46226e0546399be42bb7357e7395509fdcfddcc36/detection

86.211.116.251:7706

# Reference: https://www.virustotal.com/gui/file/b2a307b5f372f7656760523371af71190b6412ba6ba242bc57095b999e61c807/detection

antish.no-ip.biz
duckmuckcock.ddns.net

# Reference: https://www.virustotal.com/gui/file/65fd73d8fe8bedbd49e4875d1abbc632c77e0cd6b7427bde238b85b69ae6dfda/detection

141.255.144.234:1604
ddoz.ddns.net

# Reference: https://www.virustotal.com/gui/file/eb5857e5b569f90487f77377c56103816b4c4286bdb65d7e599aabd31b7f846f/detection

108.61.210.74:1337
185.141.62.35:1337
208.101.60.87:1337
66.220.147.44:1337
93.115.28.195:1337

# Reference: https://www.virustotal.com/gui/file/59565c9d35837c928e79f4300959447019cd9732ef9182e3fd5e3fa78dcaa666/detection

elementary-legend.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/4907908891a4ad8d3e289d0edca763cd80e7ae891d6bf505f7b70a1f55d97fd3/detection
# Reference: https://www.virustotal.com/gui/file/222ebc98454400a71468a2835603d625e5e4fc7e599283145a6561fe94dddc0a/detection
# Reference: https://www.virustotal.com/gui/file/113550041ffe36f04838584d21680a5c21e33723e0eee88a81223216901dc627/detection

79.66.73.81:6942
92.15.9.84:6942
92.22.218.89:6942

# Reference: https://otx.alienvault.com/pulse/61d82c79ad795ce22bb34645

connectionservices.sytes.net
joshirwin123.ddns.net
primoney.duckdns.org
ratman72.ddns.net
windowsmcvs.ddns.net

# Reference: https://www.virustotal.com/gui/file/1469e5c14eb824758e84376a1a3b32baa6662861b2022ad180e7297d9b49e551/detection

79.134.225.79:2887
3acomposits.com

# Reference: https://www.virustotal.com/gui/file/4c75bfd023f7ddaadf6f21b3e41e54f4b3312b9ca3c2800c89f53edb4edcf6e1/detection

79.134.225.79:1881
adarella.myq-see.com

# Reference: https://www.virustotal.com/gui/file/e1e1374ceca8326241b65fb4dc1b63599d4354a029fb48d3d6f61dfe9776df76/detection

79.134.225.8:8181
believe2021.ddns.net

# Reference: https://www.virustotal.com/gui/file/ab80e15a7af8b3b261136ee6902cb38e729d0f68fe2b2d7779fd5607f636c014/detection

192.169.69.25:4001
benders45.duckdns.org
debase45.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ac6a0a296852964efc48b1bbb20ef1e6130f109ce0ac73f7a2a34c4c7b9c5a31/detection

107.173.137.204:54984
cudaegua.ddns.net

# Reference: https://www.virustotal.com/gui/file/e9753c1281876ab5c8c88d848dbe77d73e74d335770a407981cc0f002f76847d/detection

groundsuppliers.ddns.net

# Reference: https://www.virustotal.com/gui/file/9ae34424d0a15202d8d1469103af68a65d89b055f1e19877bce9048624d36c7d/detection

jadedman.ddns.net
jadedman.linkpc.net

# Reference: https://www.virustotal.com/gui/file/d3081989a1a7523371c040d854a7a33a75d358b0842fbbaaa1edebd5638f8065/detection

79.134.225.79:1122
ruffella1122.myddns.me

# Reference: https://www.virustotal.com/gui/file/39624b2756f8c0af566345772bda9465f6c32a144125eaea52aba79504eb0997/detection

79.134.225.79:3550
shakur.ddns.net
shakur2021.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b307468be35bc5c65a5f14377fdd97491164a41416076ef8d6edfd2739b5efee/detection

thanks.duckdns.org
williams1988.ddns.net

# Reference: https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html (# Win.Trojan.Nanocore-9912485-1)

devilmaycryforever.ddns.net
russiankgb.ddns.net

# Reference: https://www.virustotal.com/gui/file/988c1b9c99f74739edaf4e80ecaba04407e0ca7284f3dbd13c87a506bf0e97b7/detection

23.102.1.5:6129
nanoboss.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b9bd4e56b3b8381bee246af545b1169490ac4d2972a64810379cbf81580c125f/detection

68.112.235.198:3000
toclick77.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3184ad91199a5619041f0db960edacf6c27867cf01ec4729e35699b98a3bfc63/detection

93.30.176.91:54984
youaretrolling.ddns.net

# Reference: https://www.virustotal.com/gui/file/37e18679eccdda36e114eb2103ad552ed91aba435ef2b4e7043ea4efc76c8dbb/detection

samora007.hopto.org
volcano111.hopto.org

# Reference: https://www.virustotal.com/gui/file/cbff27ecc0784bab44610aee553b84c756115650db543e7d737074bf3d09db64/detection

103.151.123.194:65534
mback5338.duckdns.org
takjamahs.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c0ad912a20bacc91c793313cdf9ef0c48d8422315f97d34cb12f143dd055df53/detection

103.151.123.194:8903

# Reference: https://www.virustotal.com/gui/file/4b61697d61a8835a503f2ea6c202b338bde721644dc3ec3e41131d910c657545/detection

103.151.123.194:7632

# Reference: https://www.virustotal.com/gui/file/4c45d08201b6aa7b734e2a320947656119120f911f77ee07f827cf38ba6ae1bd/detection

20.194.35.6:8903

# Reference: https://www.virustotal.com/gui/file/daef31514909f0fa8407f53e8bc9b8fb5c42d9583e6f88a91a51c2c606b19d72/detection

103.147.185.192:8903
104.37.1.32:7632
13.77.222.211:7827
20.194.35.6:7904
bitmoney332.duckdns.org
gerousd8.duckdns.org
justinalwhitedd554.duckdns.org

# Reference: https://otx.alienvault.com/pulse/61e409f42d3c638722eedc3e

arpadnseset.theworkpc.com
obeyice4rm392.bounceme.net
wazzy13131.ddns.net
windowssvchost.ddns.net

# Reference: https://www.virustotal.com/gui/file/1b8775fa633e04edf24411129b02074e4a9b8a79c28896908ff57dafe7cde968/detection

swmen.com
testalienscy9090.duckdns.org

# Reference: https://otx.alienvault.com/pulse/61ebf3062f462d5c5a5ad8fc

andreithekoala.sytes.net
xoo.ddns.net

# Reference: https://www.virustotal.com/gui/file/f515a9d2910da428d7803afc2244476a5b185f30361482cc1dd49670513281a5/detection

103.153.78.234:3132
vijayikohli1.bounceme.net

# Reference: https://www.virustotal.com/gui/file/6994bba2690de5c3d89027901a600ebc90ed5570aee5a9b198522e0b453e5a24/detection

5.39.217.241:4016
researchcentre.ddns.net

# Reference: https://www.virustotal.com/gui/file/d0626c459953f19e59fd3ef6c91ddd19cee19f4b12ba669c099a11d9f8e3b861/detection

serviceop091.ddns.net

# Reference: https://www.virustotal.com/gui/file/1411be36d7858249f25711858874b626557155277d94f099bebcc5a584d1ad69/detection

45.153.203.230:4016
svchostexplorer.ddns.net

# Reference: https://www.virustotal.com/gui/file/c1156ca1b902f464adca08a699978fbb48c747e07a8680d15c4a9f721ff59385/detection

194.5.97.73:8181
morelogs2020.myq-see.com

# Reference: https://www.virustotal.com/gui/file/164ba76af931f4378edd9fac284a9d5fbb82f7fa6aba3610a93acad54cf01606/detection

2.56.59.13:5490
desireblex.ddns.net

# Reference: https://www.virustotal.com/gui/file/5f2342af7a3defeb5e86f406ce472f06f2960f1e698948058f5e1dae4a409f76/detection

79.184.237.13:53896
cbtbdsm.viewdns.net
rikccwossmg.ddns.net

# Reference: https://www.virustotal.com/gui/file/1a0718d57c68091c6b21303ad4fd752155f1377b04c970f999d406a61aa1a164/detection

141.98.101.133:13317
196.47.133.40:13317
forshared.ddns.net
lordranseier.from-de.com
lordranseierpilot.from-ms.com
neverdiev2.viewdns.net
neverdiev2.webhop.me
rankstars.webhop.info

# Reference: https://www.virustotal.com/gui/file/ebdf7ef4fcdd20cc782a6cdb0a67859712e1be655e577a089ef3106a42c1b71f/detection

69.232.46.139:1738
anonymouscrypto.hopto.org

# Reference: https://www.virustotal.com/gui/file/4e5e702bd5d2069ea65bd5d6fd3562442abd38f766dd5eaa2c38d616fd3a6c26/detection

163.172.27.6:9372
educlassic1.hopto.org
educlassic3.hopto.org

# Reference: https://www.virustotal.com/gui/file/1767d1b070fd29e0e3eabc2c42c196b5f1750d5a13d0ba75b1a2daf33ac4d8bd/detection

5.34.183.64:54984
educlassic2.hopto.org

# Reference: https://www.virustotal.com/gui/file/21e75775adaace531fe28d279b884ebb1c3f8f5a8813c747e74f73ccc5611839/detection

198.12.105.44:48249
sb247.duckdns.org
wh0re.duckdns.org

# Reference: https://www.virustotal.com/gui/file/98e33ebe79b9c93602af7b79bb4f3f63c2f3c1417b1c41be6e814a9930e43b3e/detection

brooklyatyin1124.hopto.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-12%20Remcos%20IOCs

45.133.174.131:2030
eter202.ddns.net

# Reference: https://twitter.com/petrovic082/status/1493575097852080129
# Reference: https://app.any.run/tasks/779f7c15-adca-49db-9faa-4bb0fd2fce92/
# Reference: https://www.virustotal.com/gui/file/c851b26e5580c9815d4d1d945c6c302c13a907b056f3cec5d4f279627c411ccd/detection

199.195.253.181:54984
tolatilbu.hopto.org
tolatilbuuu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/02a85930a0d74ac5f3d0fdf64ddc7140f1827aee268bb43b8ceb88c5a5f5d388/detection

185.140.53.131:5876
5876.hopto.org

# Reference: https://www.virustotal.com/gui/file/ccdad991beefa366171be40697c037d9bf2e1ac6b54efacd5ff3f1d77b823402/detection
# Reference: https://www.virustotal.com/gui/file/b73b95f8d78489c8b2167e84c9d8346cc3a9423bedae7b33bfde4885949e27b0/detection
# Reference: https://www.virustotal.com/gui/file/0efb4c1ae29ce9a5df2ebc871318e8dc28af1ab49db4fbe3abd9b7c0e5945056/detection

109.205.178.244:3110
109.205.178.244:717
144.126.145.38:666
79.134.225.37:717
rex1010.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0eb1b83d6dc59fdc4cae05a812b2465a57ab9ffc47e2571ff3c4b827031b9f51/detection

185.19.85.137:2331
favorali.duckdns.org

# Reference: https://www.virustotal.com/gui/file/5270551b885685ed3ff896397fd7d6bd507e7eb5fce93294946141282dbd6942/detection

hackoo.ddns.net

# Reference: https://www.virustotal.com/gui/file/10824edd633a2f7ff32716e35aabbfa360b5acca86351de9c599348449a4797e/detection

93.182.170.11:3736
v3d.ddns.net

# Reference: https://www.virustotal.com/gui/file/430aa173982e7acd27606d2e6dd615d78263cbd313998cd1eb6b142be061cb12/detection

185.161.210.180:1855
dangh.ddns.net

# Reference: https://www.virustotal.com/gui/file/d3dc60ade96b79cb7df42eb129e2858dcce6085d9009cc14e2ae0f9763d74107/detection

194.5.98.140:8787
norly419.ddns.net

# Reference: https://www.virustotal.com/gui/file/16455e07687f6c6dd7c209dd7c3d96c738d9c4c438238811b978dc3716230508/detection

79.134.225.71:1818
milkway12.ddns.net

# Reference: https://github.com/pr0xylife/Nanocore/blob/main/Nanocore_24.02.2022.txt

31.210.20.215:1015
jamesskeithj.bounceme.net

# Reference: https://www.virustotal.com/gui/file/f89d4b79a8b7546a3683af3a3851e3703e9334f800241957952f43fb606519e3/detection

93.179.125.92:5678

# Reference: https://www.virustotal.com/gui/file/45f0c25dadf07cb595f64a1b6f78456604dfd2751c8a68939c2e3999162cb830/detection
# Reference: https://www.virustotal.com/gui/file/08e4f5d63a07de9b68ef3bd265897550596cdf33bcf172415d9934b7054413fa/detection

92.137.178.76:54984
mugiwarace.ddns.net

# Reference: https://www.virustotal.com/gui/file/feb34f5cc5c725c8c1edd32f3ac4c2912c7646e4199c9aacd535ac7aa4bceb11/detection

185.140.53.6:31832
ella666.duckdns.org
second54321.ddns.net

# Reference: https://twitter.com/phage_nz/status/1500682848176525316
# Reference: https://app.any.run/tasks/ddcc4e54-40de-4bd9-83f7-16c61c1ea1d2/

23.105.131.196:9070

# Reference: https://www.virustotal.com/gui/file/30d7a6fe1718c3ed6ab93ae2b2e227190a2f0ca3a4746a862418d3531dcd0af2/detection

113.168.169.191:9999
muabanlucngan.ddns.net

# Reference: https://www.joesandbox.com/analysis/585133/0/html

212.192.246.6:6932
kingsley2022.bounceme.net

# Reference: https://www.virustotal.com/gui/file/18ed1796db2b16e45d4b82dbd9b8219de6b93942113a1f0bf9622972f5064fa9/detection

160.154.81.135:3306
windowdsdefender.ddns.net

# Reference: https://www.virustotal.com/gui/file/0c0f0f9de148d87b93732d338a440cfff220ea2b9d1dfbd0b3236bd6e05f7451/detection

192.30.89.51:36786
stellacy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/6b6dc8d06eee2cc72d2b0f82c69097dc98d9962bdc4465739c623100056829c6/detection

102.91.5.33:8242
member.ddnsgeek.com

# Reference: https://www.virustotal.com/gui/file/7ba57ac7614a888efdc4554506305d9398b89b4f7c5770f0d8f596b1ecda2db2/detection

194.5.98.28:2021
brownhost22.ddns.net

# Reference: https://www.virustotal.com/gui/file/ba4bc2bf4534fc921e4c6c34e420e46ffd44c4dad35a4424fe95436c5bb6c2ff/detection

185.19.85.155:50263
adminhostbase.hopto.org

# Reference: https://otx.alienvault.com/pulse/62371873f39cbbdcded67c5e
# Reference: https://www.virustotal.com/gui/file/9344ec043904f22f9cc4b18b6e7281e03b87274f70268b1fcd3f8061da7a6c53/detection
# Reference: https://www.virustotal.com/gui/file/828b218429b00e462f569fdf3733bca14336dc27086e83a2fe68039955509e0f/detection
# Reference: https://www.virustotal.com/gui/file/e94c70d3dc3ab2496465e73bffc7c5f1bc3963f3ae309a88d5e16d5e54a540ce/detection
# Reference: https://www.virustotal.com/gui/file/dc6acfc36f44d7654605566739889ee89bc7040b7be9a46969d29fe3203bee27/detection
# Reference: https://www.virustotal.com/gui/file/92feb82b41f89b611b8b56e33c7e553665cb49aefb7267181af1318160f7c1a2/detection
# Reference: https://www.virustotal.com/gui/file/7e169c12694127cf4dacdbe6c380bc31838ee32217e731f202ff645a88a39c00/detection
# Reference: https://www.virustotal.com/gui/file/06176687692d9e48e9c0057d3b9b64b09a2d79d45f08d80c79856df3bc392a67/detection
# Reference: https://www.virustotal.com/gui/file/e8ef70d3ee8a2d0db7113163f51cff2750cf8b8f6fc46339f5f121eaae4b88c4/detection

149.109.84.49:1337
2.103.213.31:5000
2.103.213.31:6881
78.54.109.147:1337
89.247.169.215:6969
89.247.169.251:1337
91.109.188.5:1337
91.109.180.8:6969
hydrathebot.ddns.net
likedoingthis.ddns.net
thezone1.duckdns.org

# Reference: https://www.virustotal.com/gui/file/b2912e9ae8c58704e961ea448e1537beb63e8d26db0213ed702ab88723d43fd3/detection

98.39.167.247:4784
notviruscom.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/file/ce3c8e1e62466029747d8664707fb8bf43240ea88fed1dcf18923b90a7e7726f/detection

eaidali.ddns.net

# Reference: https://www.virustotal.com/gui/file/07eba1792464c5da1f6b0b7d9900c454ad1c845caa660482ed8fecd86c5b064d/detection

185.19.85.175:50421
lowspeed.ddns.net

# Reference: https://www.virustotal.com/gui/file/2810361825e72d6fec8ebf270c9ec0a2198227c4fa158e3e46b15cf43a60cbec/detection

103.145.253.56:1665
btmebd.ddns.net

# Reference: https://www.virustotal.com/gui/file/f848dbbb374e0ee15b1f95425270c6f9dbfe5232a2cf08ed44695a07cc52aed2/detection

194.5.98.48:6122
nomansland.ddns.net

# Reference: https://www.virustotal.com/gui/file/dee03714f1675e36fd1e7aff9905c114458a0910bfb391d83047f5921b0ff8cf/detection

194.31.98.223:1187
deranano1.ddns.net

# Reference: https://www.virustotal.com/gui/file/d900c100ca4cdec50c72b681421a5d727ed17513739c673c84020608b134ff8b/detection

194.31.98.223:5121
ericdonovan07.ddns.net

# Reference: https://twitter.com/sS55752750/status/1506653027066957825

ncre.duckdns.org

# Reference: https://www.virustotal.com/gui/file/df0a26e8c6e64012479655b09782123cfdaf042c0806fc0482465be2f413d537/detection

5.43.142.100:1604
mikeyka.ddns.net

# Reference: https://www.virustotal.com/gui/file/b96ae4aab134c7612bd21311ee76a7b0b0dc14af7b2e10713564e50fc739967e/detection

185.140.53.6:31829
mikeljack321.ddns.net

# Reference: https://www.virustotal.com/gui/file/0886c4c9fd515ee3ad0be57257d6c10678786aa4b172f9727e593cc235f8262b/detection

cypherzin.ddns.net

# Reference: https://www.virustotal.com/gui/file/0caa510a679249f146543c8b4fbb8a50f94c661da98c4636c9bebe33a32cb9c3/detection

197.211.63.28:2525
lovemebygift.ddns.net

# Reference: https://www.virustotal.com/gui/file/117416223d635c6de8eba0265a911b594006e01a454d5ef05a5d48569f4b811a/detection

91.109.184.2:54984
wyldotexe.ddns.net

# Reference: https://www.virustotal.com/gui/file/efcd244049a2b06f9a99cd6bf7f5298876989112d4024e6b6c3844d67134e72c/detection
# Reference: https://www.virustotal.com/gui/file/879ff8af101103d2387bbef6143dc2b4e233c7436d19e116c5fd78e132cfd05d/detection

185.140.53.50:2828
23.105.131.186:2828
henzy.ddns.net

# Reference: https://www.virustotal.com/gui/file/02758e090418ab4b29bf68f0d447daa0499e47006406e2539ce24ae3725578e3/detection

23.237.25.144:7070
googleupdatter.duckdns.org
microsoftfixer.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fa90c8e6857c483ca133f508033b76a67f709934842a452ec7b4c2762adfc85f/detection

52.14.18.129:12874

# Reference: https://www.virustotal.com/gui/file/9371423637fc954fc87a722642ad9c54345b22f0744abc85e5c32b5b9560913a/detection

52.14.18.129:13914

# Reference: https://www.virustotal.com/gui/file/4617aa97b1b815d8a6f1ce8e7ff775bac357910e012878afd1aa03b276a55552/detection

91.192.100.6:6907

# Reference: https://www.virustotal.com/gui/file/17bfeb7d3ce99be98b31104b4e05c406becc5c3c0d1995fd8cdece16e7d8531f/detection
# Reference: https://www.virustotal.com/gui/file/dba2b4f8a17650e49dfa817fa19e2277b3c214f66b3c87530f94e6716e9d485f/detection

194.5.98.45:4040
lt.ruppersalimentos.com.br

# Reference: https://www.virustotal.com/gui/file/4c47097394a6a6d82b21fb7778ec9b8e5e6cbb50ef0a3e4d2de7e5be0e95e0e8/detection

194.5.98.45:3226

# Reference: https://www.virustotal.com/gui/file/c122cc4b742359454f3607ef3755c789e458280bc878887cc1d4c452b8a2cfe5/detection

194.5.98.45:3886

# Reference: https://www.virustotal.com/gui/file/50de26b1f0f97457ac8623dae7f26ba274af10e86499fdef4d477377b7388d59/detection

197.210.65.88:5552
iphy2.linkpc.net

# Reference: https://www.virustotal.com/gui/file/9ad646458bf31f5963c6e8ac5ada96e9b5fc6451e06a0661dd92cc406c5a2987/detection

141.255.144.255:51583
networki.linkpc.net

# Reference: https://www.virustotal.com/gui/file/96b5ac5ad40731121a08282cf409cad564d3824a2c703070036476f3864eefe6/detection

35.136.112.19:8041
donco.linkpc.net

# Reference: https://www.virustotal.com/gui/file/1bc8d97f5be4fd72080fbec129ecb6ab776fd894993a7ffb7ab84ceaf26e2099/detection

45.137.22.179:3218
mbahannanocore.ddns.net

# Reference: https://www.virustotal.com/gui/file/de671fc6dea26e14aeb72a18416b6b5909ed0b1cd7897d630a603829c7705efc/detection

171.99.160.242:54984
maxpower.ddns.net

# Reference: https://www.virustotal.com/gui/file/16e610b79ed8ff739435caf7cea1088491b4ae0a858d3e0b3b6a1faf0d29fb37/detection

91.109.178.8:54984
windows78884.ddns.net

# Reference: https://www.virustotal.com/gui/file/1648ca294cea1728b8bc39c41afeb423511a2bb0340ae71589948668d9a23753/detection

116.44.155.200:1453
ssoo1451.ddns.net

# Reference: https://www.virustotal.com/gui/file/c55ca52ebb82e388001e3d8b61323083cef4e717a0da70818e2011c23198d10f/detection

91.193.75.132:38331
hulabalu411.ddns.net

# Reference: https://www.virustotal.com/gui/file/d4228833f29af5fc0cebe084ae93518f48c4f1829d7d3e35e1cc70df87d4b3c7/detection

79.134.225.126:5052

# Reference: https://www.virustotal.com/gui/file/c5ec4af21d1161f5ea21ced700f8601a6bc437e01bfe84e44b08ea875ae05c1e/detection

185.140.53.139:4557

# Reference: https://www.virustotal.com/gui/file/abd2b749f85a7710a6f7fa7ffcdd77cd79125c62239967927a115eac14d2593e/detection

185.140.53.139:4559

# Reference: https://www.virustotal.com/gui/file/a4755b349a5718b9aad5bb7431c43bd7ad190fe553c2b5a186bc9ae01db5116e/detection
# Reference: https://www.virustotal.com/gui/file/7c4646e4b1013d4f1954b8be33abd4202a7d418b86bfa4c2115679180e383fea/detection

197.210.227.111:5057
197.210.54.231:5057
91.193.75.132:5057

# Reference: https://www.virustotal.com/gui/file/a3202b464c5b8fdb02f8c841affb82b5657b98025fc40be027f766b17a9fa24f/detection

105.112.156.57:6755

# Reference: https://www.virustotal.com/gui/file/990ff1867047795085fc0fb08fe186b066b9229ac258a4d7f8cc906371bf002f/detection

185.140.53.139:6755

# Reference: https://www.virustotal.com/gui/file/873831d6e0c0f4fb49083dff25565a28b3ef7307ff55743a1c74c43e7cb3bce9/detection

197.210.55.126:5052

# Reference: https://www.virustotal.com/gui/file/771ce47babb0312293e03f20e5db25dbdfce55e6ddae4601bf0c7067b790ed90/detection

185.140.53.139:4557
sisoretartian.000webhostapp.com

# Reference: https://www.virustotal.com/gui/file/770ce29036a44d72ff33ae394de5d19fe8399a900e1fa45150231df954cc55e5/detection

79.134.225.113:5052
79.134.225.73:5053

# Reference: https://www.virustotal.com/gui/file/6de2494fb7cbdf76e1ae485bc075aee8a10922af8394b7e477cc78cd02ba888d/detection

79.134.225.126:5052

# Reference: https://www.virustotal.com/gui/file/6d168a86468e09f9246fe57e7a8047d5dca72ecddb5b270c512d9cfd0c2cda8b/detection

105.112.46.44:4559

# Reference: https://www.virustotal.com/gui/file/467fd7e0ef54df2db4028facd694f4ba4791e78ce9a0183dfa97aad9bf7d86a5/detection

197.210.227.177:4559

# Reference: https://www.virustotal.com/gui/file/39e472447dc68135b88bc68e69224e0fad479f65606e281030bb0b54706638b3/detection

105.112.153.67:4557

# Reference: https://www.virustotal.com/gui/file/2d70bf9dcedd45398b78d29b4d4bab1bb53558b8bc71bdf5c8afe4824cc64d24/detection

91.193.75.132:5054

# Reference: https://www.virustotal.com/gui/file/26223685082801f26a1f38900436c3a807e18be733aeeace86da064e7116f19e/detection

91.193.75.135:9773

# Reference: https://www.virustotal.com/gui/file/173010920ed174833b6fd01f5bef447b92e5b01cc93431bd9aaafa2ed0bab7b8/detection

105.112.153.67:6755

# Reference: https://www.virustotal.com/gui/file/5dc02173548cf7eb1b364b5336bbc9cbcebf0632ce49173ceda9b4bc5b2a6704/detection
# Reference: https://www.virustotal.com/gui/file/435d0e10242410c1f8513df632eac9966534480a2a211fdc2914ad9181b87007/detection

197.210.55.100:5051
79.134.225.113:5051
azizurfattahtradings.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cc9f194ea52edf0413ac086a44712fe216f4e092a21896016dbafda3d0a98392/detection
# Reference: https://www.virustotal.com/gui/file/cc9f194ea52edf0413ac086a44712fe216f4e092a21896016dbafda3d0a98392/detection
# Reference: https://www.virustotal.com/gui/file/bd8d56914effffb8fe5f0a8c45fafd907cfd827e5b3cc6a6d422f7bc2fd9cdb8/detection
# Reference: https://www.virustotal.com/gui/file/9b3e5586b8cd6ba3cac38694fd26a090c30c9b91a2a120f0e242da7eb7f5d239/detection
# Reference: https://www.virustotal.com/gui/file/6a7f00749c44596d2c3c1e66210ed0027b7b8c5130ef2dedb15b1c228da8e77a/detection

129.56.71.72:3434
79.134.225.76:2882
91.193.75.132:3434
rchickenkillerr.ddns.net

# Reference: https://www.virustotal.com/gui/file/0e6a5fea169e41bb0a7d7f28118900a81a74e8144343532fe96608340f6143eb/detection

185.140.53.134:5552
iphanyi.webredirect.org

# Reference: https://www.virustotal.com/gui/file/66e89d06fdf5fb974392555aa88a42df0fd8b9cc584f40dad7f996992df64eed/detection

91.193.75.132:6567
chimez.3utilities.com

# Reference: http://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html (# Win.Dropper.Nanocore-9942608-0)

akudon.chickenkiller.com
talk2kins.ddns.net

# Reference: https://www.virustotal.com/gui/file/a0aa261b6eca399214785a831f60f317f7fb5795d33fe2a07e330b7aabfc0318/detection
# Reference: https://www.virustotal.com/gui/file/48a622b582744db13c9de162ec064bbb4dc3324a96987aca175420bcdd9ce56e/detection

185.140.53.133:2030
23.105.131.140:2030
godismyhelperalways.ddns.net

# Reference: https://twitter.com/MBThreatIntel/status/1519004262176477184
# Reference: https://www.virustotal.com/gui/file/bc49d502de62f3fce11bf902ef9986cdf6f9b58f5a83df8a1e0e24cc07a75d64/detection

194.5.98.208:58211
kfinance86.duckdns.org

# Reference: https://www.virustotal.com/gui/file/4b617174f06378b312b48e8335ce1693ff8a4b13db58a99b8bd2970bca3c3916/detection

185.140.53.174:2404

# Reference: https://www.virustotal.com/gui/file/e51f39f1042b7be2dff0f3f1248296e6b700cd5a88c12b681bd604d86703f7a6/detection

78.199.137.88:1604
bvhg.ddns.net

# Reference: https://www.virustotal.com/gui/file/e389b00f89677103881823567bc4db7e214e1c9b66fcff0a7a8aab99ead8dd1f/detection

37.0.11.76:6991
newnano03.ddns.net

# Reference: https://www.virustotal.com/gui/file/777a3d165788e66987e59ad74ee2592e520197eb87c13e8027f78b5275f3e2ca/detection
# Reference: https://www.virustotal.com/gui/file/68626ffe91c8d25c76d1a108d370b012c1ea664a6bc1e05d97b5eed67ea3b127/detection 

197.210.44.192:55150
95.140.125.67:55150
igirige.ddns.net

# Reference: https://www.virustotal.com/gui/file/fb226c343034be7751e35cce8b6f5370636c81c1bb0584f5d697991f65d47dc8/detection

91.193.75.135:7654
netwomo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e88ad4cddec1e6ebc93054f6dafccc95b64e7bd243ae763ac060797ce8ee3e64/detection
# Reference: https://www.virustotal.com/gui/file/9f5cb52348f3ed11c3550d09ab459ca77f7251dea597c97b8dfde8fffaeb8db1/detection

194.5.99.51:6700
91.193.75.135:6700
omotogo.duckdns.org

# Reference: https://www.virustotal.com/gui/file/9ec423e735b0f0297f7df86637673cfa8a58bb31767d7fdf0c877434a553bdb5/detection

194.5.98.193:1602
workstation.dyndns.org

# Reference: https://www.virustotal.com/gui/file/113324abf63824e24aee440e0c75c718ce4bd22abbaafb9aa008a3a137b23c14/detection

185.19.85.163:4532

# Reference: https://www.virustotal.com/gui/file/c837280f88c94c57bc0378d783e465f47043ff97db1cacbcac28819176f5e9fd/detection

194.5.98.120:1604
joseedward5001.ddns.net

# Reference: https://www.virustotal.com/gui/file/64fa90910d58c03bc0861de5b105a19f13e87018f49bbf1382df74ca511a7e51/detection

69.171.234.48:3600
tesoreria34.myftp.biz

# Reference: https://www.virustotal.com/gui/file/c8775526cc16aab8abb1420eddefbe36d5617548a35f9efaff6d7234ddda5075/detection

74.57.44.107:54984
babycat.ddns.net

# Reference: https://www.virustotal.com/gui/file/80342d083b4c3bdcdd413e26db65f36cd7fd3457a007fdeb561f7288fc58f26f/detection

2.56.57.83:3867
shinomoo.casacam.net

# Reference: https://www.virustotal.com/gui/file/e9194085c64cdc4a943af04c4d44bad1a5dc408989c277f3650b112b00f19ae1/detection

91.192.100.51:3759
don2000.casacam.net

# Reference: https://www.joesandbox.com/analysis/1014975#iocs
# Reference: https://www.virustotal.com/gui/file/e41027522646237e878d402de2161155182f10e75d944f7a82f2233b07699577/detection
# Reference: https://www.virustotal.com/gui/file/dcf9a1f1b289c0d0fe3ce1407c71c37508dc6973db5273f0e6723bd90dbfce25/detection
# Reference: https://www.virustotal.com/gui/file/d7d85668f0e2f17b65cf1e3a393e1d19dec65329b8282fc1996af23df4cbc872/detection
# Reference: https://www.virustotal.com/gui/file/9b23523d7b582f9ede78a0efe4b8f1a57c700e271975f037292e33690c89808a/detection
# Reference: https://www.virustotal.com/gui/file/46684ab7193cdfff1bf0b38de0b79b6982e7895f3c2f67ff79ad0b6ebb60c490/detection

185.244.26.203:7384
194.5.97.97:7384
197.210.45.83:7384
197.210.54.95:7384
79.134.225.10:7384
79.134.225.37:7384
79.134.225.48:7384
new20121.ddns.net

# Reference: https://www.virustotal.com/gui/file/2f0d53c60cb7822931ac3f7656afa63081e1bb90b1e2ff07d9bb0d6b8ba02e50/detection

62.197.136.162:6932

# Reference: https://www.virustotal.com/gui/file/2a52d3a84b0c4748f5344aa6f6b1bf6c92e1f13aa82f2c4d42edc5c9c30ff0e5/detection

194.87.84.118:1187
derananocore.ddns.net

# Reference: https://gist.github.com/silence-is-best/7b71542e9713d9e8c2546090a1358789
# Reference: https://www.virustotal.com/gui/file/3ae412cee2025ba2d4dc1db206b2b6cef5b08b1942beb94dfb9c8db19e954580/detection

37.0.14.206:4040

# Reference: https://gist.github.com/silence-is-best/7b71542e9713d9e8c2546090a1358789
# Reference: https://www.virustotal.com/gui/file/d2ae9d4c8c7ce7943f76a70d1c49b9b5cb462ec185446656d2409ca5b8cd12ff/detection

185.140.53.138:4433

# Reference: https://www.virustotal.com/gui/file/d53598487480c88a31a4bcca6dad8eda546e726cf8e0b6dbd1f3d4bc715ee015/detection

91.192.100.17:1947
mtty.linkpc.net

# Reference: https://www.virustotal.com/gui/file/aad86d9d1d568e00d00fef5c2856455d183086b0a806131d44dc32399ac95edb/detection

37.0.14.195:1993
boobymoore.ddns.net

# Reference: https://www.virustotal.com/gui/file/2fb9bff26d02c5df574754d42659ed3a5c6693928a190a089cb795d79b097644/detection

194.147.140.9:9036
anglemanagement.ddns.net
anglemanagement039.freeddns.org

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Nanocore/Nanocore%20-%2004072022
# Reference: https://tria.ge/220704-mjktlagecr/behavioral1

188.127.231.93:3425
config.linkpc.net

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Nanocore/Nanocore%20-%2005072022

136.144.41.240:5899

# Reference: https://www.virustotal.com/gui/file/4686f6994d18e775d9703ac023057dfa26347ddcb7e1da495b7f3e98ebea801f/behavior/VMRay

91.193.75.9:8976
muchlove.ddns.net
oneluv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/314a86d79d7e1fde63dc40c4020e57c0b67e5d6e7b913c0ca6716897b1721ea4/detection

79.134.225.75:1716
wazzy.ddns.net

# Reference: https://www.virustotal.com/gui/file/25053d897a2d3dfe3af26874043cba7bb53287bc6543296ff37ac5f4b6eeccfa/detection

185.92.25.78:1983
hachiko2.webredirect.org

# Reference: https://www.virustotal.com/gui/file/3e96a5fb0b4847f9131670159b861e1862339a933ea3699342890ab95d7f15b7/detection

37.120.208.37:49678
37.120.208.37:52085
austinwilli123.duckdns.org
austinwilliams.dynu.net

# Reference: https://www.virustotal.com/gui/file/156c27383bb6311228f08d6f9320750914b4a803b6c28a6e4560825c02e11f49/detection

91.193.75.131:1691
work2020.ddns.net

# Reference: https://www.virustotal.com/gui/file/39c0ae113258a2a9646a715c5cc2eeae809fe24e7b67d8e2e1f1e98b3e8f3bfb/detection

185.140.53.138:39399
timmy01.ddns.net
timmy005.ddns.net

# Reference: https://www.virustotal.com/gui/file/64912c5140f7b2ea0fac998a2ee9c22419a55dce1ed3acd14796ad64ab91caf5/detection

185.140.53.130:55098
55098hustlenow.hopto.org

# Reference: https://www.virustotal.com/gui/file/4623d71cf790864b9701789115beb00fbbece32a62de7c5ea2841a36b6677247/detection

185.140.53.130:1945
nanam.freemyip.com

# Reference: https://www.virustotal.com/gui/file/d401cecef9371db314f39d5c4bf3457340d7be6f0aac6c61b3cd25310a9dfadf/detection

185.140.53.130:7689
7689.ddns.net

# Reference: https://www.virustotal.com/gui/file/7b4ef65f0ded4570752d1fc312c3501e64b093e4b8356b12160c2e1b5c46a181/detection

194.147.140.25:1991
godblessking.ddns.net

# Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Nanocore/Nanocore%20-%2008072022

91.193.75.132:7668
gyongglobaltradeltd.hopto.org

# Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-07-19%20Nanocore%20IOCs
# Reference: https://app.any.run/tasks/cfbdf896-7fd5-4f2d-8062-91165e6f0eca/

208.67.104.253:5899
brewsterchristophe.ddns.net

# Reference: https://www.virustotal.com/gui/file/7cf15de309cff41c52952b30f824c6246126558327f4b9137796792371d77176/detection

45.162.228.171:30637
shinshongv2.airdns.org

# Reference: https://blog.talosintelligence.com/2022/07/threat-roundup-0715-0722.html (# Win.Packed.Nanocore-9957022-0)

wirelock.000webhostapp.com

# Reference: https://tria.ge/220722-1hccqaaaa2/behavioral2

bitm064.duckdns.org

# Reference: https://www.virustotal.com/gui/file/df1b86d97b10bc40521490672192f91a11bf8e42e79d8d99ea6b25fca2930400/detection

141.255.159.207:1177
omanlol.ddns.net

# Reference: https://www.virustotal.com/gui/file/43d53290862d4e2ce15720c8d2f9629a72ef6ab76f9da1b1632633ce9fca7263/detection

177.54.206.75:2022
papagaga.duckdns.org

# Reference: https://www.virustotal.com/gui/file/99cc8bd3a613d99686656aec57b1a4e622265f13b3df894617a8e80e649eb755/detection

djrascas.ddns.net
lle.ddns.net

# Reference: https://www.virustotal.com/gui/file/37c5623db5c2f98849681ae54240f31220dc7a2ed0a340c38efb9c5d1901c12e/detection

118.184.176.34:11831

# Reference: https://twitter.com/AttackTrends/status/1556536241956478978

192.169.69.26:11940
194.5.98.84:11940
ziggynas10.ddns.net
ziggynas10.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e7c137d7e34cdab921d4a1abd8fc0d47a8698056431b695f0fd1ec1b3af04280/detection

172.111.164.137:6102
olufembackup.ddns.net

# Reference: https://www.virustotal.com/gui/file/3188d69333cb32beed148d05948633677a16a19bfb443cbde808117c421f6354/detection

172.111.164.137:6104

# Reference: https://www.virustotal.com/gui/file/8726c4eee534d070252a218c3a14b5fa2bebd64505d37d4821a94e8f1ed1cd04/detection

175.139.96.108:6122

# Reference: https://www.virustotal.com/gui/file/3e43caef96177ebd4cd590e1500ca01a31d7ebc9f319d9f216b49bceec1de988/detection

172.111.164.137:6116

# Reference: https://otx.alienvault.com/pulse/62f0fbff6cc2f382facb6662
# Reference: https://www.virustotal.com/gui/file/fce7c8ea623a1c6f75098c7041176ba7cbea3c2a391d9af07597d61df2d960bd/detection
# Reference: https://www.virustotal.com/gui/file/24892545a0acf732d2954624a4a0c81832457fa2e7e3306438df7cc9415078d6/detection
# Reference: https://www.virustotal.com/gui/file/63fe3504383db7fb72f3b82b8920e08eeec7da634c8e4d59be903c418c9b9145/detection

176.221.125.191:4444
20.195.195.150:54984
91.192.100.54:54984
kolek2.ddns.net
nanothatha.duckdns.org
resultpopupinc.duckdns.org

# Reference: https://www.virustotal.com/gui/file/aac0d666a9b1fdf2c4f5bc4418d57bc89754f2aaa007dd9932eba6a88dffe221/detection

51.103.173.125:9090
azazws6606.linkpc.net

# Reference: https://www.virustotal.com/gui/file/f6d0e4e1ef5e6772bd3671abed6b8c238766b4faae39a5a6cbde2e0ad48a7011/detection

91.192.100.53:2431
tuk.linkpc.net

# Reference: https://www.virustotal.com/gui/file/00f7f9df0f6355c2ddc905e6144114ea5194bbe933859708d024ca4ec36bf38c/detection

194.67.209.128:58887
kgentle77.duckdns.org
kgentle777.hopto.org

# Reference: https://www.virustotal.com/gui/file/7d23c8916cd92a55a9ead17e4375b61acb709565baefac9e1904cfb20e575d3f/detection

niggaugotratted.awsmppl.com

# Reference: https://twitter.com/pollo290987/status/1560046557474471936
# Reference: https://www.virustotal.com/gui/file/ba536f2cbdcd10526c5aa0d28b74337b83440d4296b326419c57bfea9756c506/detection

141.98.6.128:1010
kjjuigfdullygigyftkuyluylygilyfidyyuljhd.ydns.eu

# Reference: https://twitter.com/James_inthe_box/status/1565362522806292481
# Reference: https://www.virustotal.com/gui/file/9b144809ef27214ff63ef708350546d6aa01929f4bb8cfb12f3efc462b0b0cd1/detection

104.144.69.130:705
katiebrady616.ddns.net

# Reference: https://medium.com/@the_abjuri5t/nanocore-rat-hunting-guide-cb185473c1e0
# Reference: https://raw.githubusercontent.com/Abjuri5t/Hunting-NanoCore/master/domain-list.txt

103.151.123.194:8909
americanmedicalassociation.online
236philipjohnson.freedynamicdns.org
2meonline.ddnsgeek.com
411speed.duckdns.org
7567.ddns.net
9386.ddns.net
99gramss.ddns.net
RealTopG-40301.portmap.io
aleksanderbodhan.hopto.org
aleksanderbodhan159.hopto.org
alex419.duckdns.org
alizuhohostnation.duckdns.org
alliedtrade54321.ddns.net
amegroupofschoos32.sytes.net
amoguscum.ddns.net
amuokuku.duckdns.org
antitor.duckdns.org
antivirus-helper.publicvm.com
arieshost.ddns.net
arkseven702.ddns.net
asynclevel.ddns.net
ayranger.ddns.net
ayranger7.ddns.net
ayranger8.ddns.net
aztemglobaltradltd.ddns.net
azuite1.ddns.net
babacapa.duckdns.org
beilard.duckdns.org
beilard1.ignorelist.com
blackb.duckdns.org
blackbladeinc09.bounceme.net
blackbladeinc52.ddns.net
blessed147.ddns.net
bmn.lpmpbanten.id
bnbnnjhjkii.ddns.net
boboz.ddns.net
bohem11.ddns.net
boyhome5100.duckdns.org
brewsterchristophe.hopto.org
brightnano1.ddns.net
brightnano2.ddns.net
brightrawfile2.ddns.net
budahhsegnemich88.home-webserver.de
cashlink.ddns.net
chase22.ddns.net
chery.hopto.org
childhome4100.duckdns.org
chochoinc07.bounceme.net
cloudupdates.ddns.net
coconuthead.ddns.net
concideritdone.duckdns.org
coow.ddns.net
cosrem.ddnsgeek.com
craigjonson912.bounceme.net
craigjonson99.zapto.org
cuckoldfarmer.ddns.net
cum.x24hr.com
cutixglobal.ddns.net
dbgroup1.publicvm.com
deranano.hopto.org
deranano2.ddns.net
deranano5.ddns.net
derarawfile10.ddns.net
dinolachy.duckdns.org
donaldossoinc.hopto.org
doubleup.ddns.net
drostdyhoffpvt.duckdns.org
drrkingsleym001.ddns.net
e-businessloader.mywire.org
ebuka19.ddns.net
eezzyy.duckdns.org
emba.espielweinstein.pw
erickeith62.ddns.net
eset-antivirus.ydns.eu
estrenos1a.duckdns.org
express104.ddns.net
fastspeed.ddnsfree.com
flammable.duckdns.org
forsondu92.ddns.net
france-barely.at.playit.gg
franexserve.duckdns.org
franexserver.webhop.me
freeip666.ddns.net
fridayom.duckdns.org
gameserver.duia.us
george-pressing.at.playit.gg
girlhomejan6100.duckdns.org
gluer.ddns.net
goldresulthsot.duckdns.org
goodmanp.ddns.net
grace147.duckdns.org
greatman.hopto.org
grosjeangerard.hopto.org
harold.accesscam.org
hellomyfriend.ddns.net
helpout.duckdns.org
hemplife.ddns.net
home-comp-8390.dyn.home-webserver.de
horizon112.3utilities.com
hostlogsnation.duckdns.org
idkwhattodo.hopto.org
igxchange.ddns.net
interest-border.at.playit.gg
iumobiliebackup.ddns.net
iyhto.ddns.net
jamcav.duckdns.org
jasonbourne.bounceme.net
jcfab.ddns.net
joja.ddns.net
joyyce.ddns.net
justinalwhitedd5544.duckdns.org
juuked.hopto.org
kamuchehddhgfgf.ddns.net
kasawulli845.ddns.net
kasawulli845nano.ddns.net
kaywestro.duckdns.org
kenimaf.duckdns.org
kevin.ydns.eu
khalil3131.ddns.net
kris119.duckdns.org
loamy221.sytes.net
loamy242.myddns.me
logsresu59.duckdns.org
louinc928.gotdns.ch
lowaspeed.ddnsfree.com
lucky001.duckdns.org
makeke.ddns.net
mallow.3utilities.com
malubulule.ddns.net
mamarita10005.ddns.net
manaheart.ddns.net
maxlogs.webhop.me
mback53388.duckdns.org
meetwithnicholson.ddns.net
megalogs2022.duckdns.org
mek123.ddns.net
meki24.ddns.net
mercydylan55.hopto.org
michspencer.ddnsfree.com
microsoft1337.ddns.net
mondayomo.duckdns.org
moonje19870506.bounceme.net
mpdeal.duckdns.org
mphanks.ddns.com
mphlabs.ddns.net
mup830634.duckdns.org
myhostplas12312.ddns.net
mynewvirom.duckdns.org
naki.airdns.org
nan21.duckdns.org
naninano123.ddns.net
nanjuly.duckdns.org
nanltd.duckdns.org
nano8000.duckdns.org
nano8100.duckdns.org
newhost1144.ddns.net
newme12.3utilities.com
newmeforever.3utilities.com
nonny55.3utilities.com
norly519.ddns.net
nosee.publicvm.com
novacomm.duckdns.org
nsayers4rm382.bounceme.net
nybenspyhost.duckdns.org
oba.hopto.org
odi419.duckdns.org
officewk.duckdns.org
oluchiiiiiii.ddns.net
oluwaboysharp.ddns.net
omaprilcode.duckdns.org
omosep6500.duckdns.org
parolespotnet.ddns.net
pfgeep.ddns.net
polulerat.polulesky.xyz
portmapuser9999-40587.portmap.io
praise.webhop.me
profrtgroupnaniio.duckdns.org
realtek31.ddns.net
redvelvet.ddns.net
remote1026.ddns.net
renareport.duckdns.org
richardmills770.ddns.net
rowdea.ddns.net
sannation.duckdns.org
saturdayom.duckdns.org
seatosea.duckdns.org
shopexport20.ddns.net
silverstargarage.webredirect.org
sirohmsgm.duckdns.org
slava3257.hopto.org
smookish.hopto.org
softtrim.hopto.org
something4you.gotdns.ch
sssyh.ydns.eu
strongest.ddns.net
suit1-fax.myhome-server.de
surya.ddns.net
sussyamous34.ddns.net
susyamog458dhref34.ddns.net
sys2021.linkpc.net
thanig.ddns.net
timmy06.ddns.net
timmy13.ddns.net
trustedvpnconnection.anondns.net
updatedhostlogs.duckdns.org
urregular.ddnsgeek.com
vpnozo.hopto.org
vrchat.hopto.org
watermalon1.sytes.net
williamrippa.hopto.org
xp230522.ddns.net
yefgfghh.ddns.net
yomo.hopto.org
youngnonte.hopto.org
zaezsefsdfqfds.ddns.net
zenmacro.ddns.net

# Reference: https://www.virustotal.com/gui/file/342778b335198430501489e780bfd6d59f8b2179bf0e8f83eddaf1eea93c30b8/detection

microsoft-window.servehttp.com

# Reference: https://twitter.com/malware_traffic/status/1570404210730061831
# Reference: https://app.any.run/tasks/fd551487-34b3-48eb-ba25-f6e9acc017a1/
# Reference: https://tria.ge/220915-qbvwdaghcm/behavioral3

185.216.71.194:1010
dera5nano.ddns.net

# Reference: https://twitter.com/pollo290987/status/1571890606775095297
# Reference: https://www.virustotal.com/gui/file/8798dff01c8a9db2b19034f12c920e594b1187043938fe4345f4c6011e7be0e2/detection

137.63.71.51:3959

# Reference: https://otx.alienvault.com/pulse/6332e6f1ae4649524ac4d697

cable-corporation.at.playit.gg

# Reference: https://www.virustotal.com/gui/file/298e3860779d4c5ccb788fe78d91781446caef1b165d44610acbe5577314113a/detection

82.217.124.24:1604
nanocoretj.ddns.net

# Reference: https://tria.ge/221010-qxfnksbhh5/behavioral1

79.134.225.5:6513
encoder147.duckdns.org

# Reference: https://twitter.com/malware_traffic/status/1579507488529223682
# Reference: https://app.any.run/tasks/3a3bd485-3310-4086-bef4-af44b80fcbf8/

80.76.51.109:1010

# Reference: https://tria.ge/220915-n9qyzagfhj/behavioral1

212.193.30.230:14981
hamzzagolozar.loseyourip.com

# Reference: https://www.virustotal.com/gui/file/11d7551a7ada4972ba554c4e5f683bce5a458d8dc0930053abc929a5ff02a575/detection

216.38.2.204:4545
realone.giize.com

# Reference: https://www.virustotal.com/gui/file/3794803e550275d65f0c27338bfdf610396fc65a07fe500fb3fe59e8a96ea964/detection

79.113.124.42:56785
xgrept1.hopto.org

# Reference: https://www.virustotal.com/gui/file/ed2f52dc367bcbc656beca4f2bf46f7620b381870f90845632037783f093ae95/detection

173.46.85.20:4714
preciousyrn.ddns.net

# Reference: https://www.virustotal.com/gui/file/1187df949b93ff8d0d52f59a74deebd6686a723a2e95aa85a80f03321123eb6f/detection

paul456.ddns.net

# Reference: https://www.virustotal.com/gui/file/a8356973d51bff101451770fc7e464e2fa17572b5ee8ba5931cfc3b0d57e8343/detection

79.134.225.76:1919
grace532.publicvm.com

# Reference: https://www.virustotal.com/gui/file/a162c6d70a0b45fcf581336b9b442ee17600c2e78d2c7778c9343b1cf8727714/detection

87.237.165.17:8282
iykoo11.ddns.net

# Reference: https://www.virustotal.com/gui/file/41c7ccc6c482b078e1c6ae5a6c229b424afaa22edb7334a4abad5793feecebb4/detection

85.202.169.14:9829
docfile.ddns.net
docfilepdf.ddns.net

# Reference: https://www.virustotal.com/gui/file/e3486cc29831e367af1656f56d42d31b88f2b3960d755345ed9b9c09dc8d3cdd/detection

194.5.98.23:8181
futurist40.duckdns.org

# Reference: https://tria.ge/221024-xzvnvaabh7

37.139.128.94:8000
rze6.sytes.net

# Reference: https://www.virustotal.com/gui/file/ea4bd6fd20e2dd1ee4e6ddffcae0657e809ab262d0db5b394e42cff6d98004b9/detection

aashkanani22.casacam.net
aashkanani22.ddns.net

# Reference: https://blog.talosintelligence.com/threat-roundup-1028-1104/ (# Win.Dropper.Nanocore-9976516-0)

nexaustin.ddns.net

# Reference: https://www.virustotal.com/gui/file/26d62fb1ca77910b4ae35e3868c4c1e45fc58b9261a14de8a39fb0ba3144d943/detection

104.24.124.152:60611

# Reference: https://www.virustotal.com/gui/file/7d794aa4eea0a8136b0d447f81d0445572bf28ec9d351e2b63f0b1ee55b861fe/detection

103.224.182.252:440

# Reference: https://www.virustotal.com/gui/file/b9cb1c7c428f91440c27d5e121934cce55d778c3131fcf0eed0a4e5be37af54e/detection
# Reference: https://www.virustotal.com/gui/file/463d034ddcb02b886e5fb9e7dc002757fcd3beea143bd3e512ef98f0ab793db4/detection
# Reference: https://www.virustotal.com/gui/file/388d204f125290642ba82eaa1352937a2ba62a30f61498a465810c19591ffc19/detection

178.73.192.3:54984
46.246.12.69:2404
46.246.84.4:5555
backup.senegalsante.org
redirection-anti-spam.duckdns.org

# Reference: https://twitter.com/kienbigmummy/status/1590193685446414336
# Reference: https://www.virustotal.com/gui/file/9649d40fac02e4209bce389a120672921994f083862684306cb2c863aac38b38/detection

137.63.71.51:3968

# Reference: https://www.virustotal.com/gui/file/ee5a72ebdd5bafdf47777db69c63c352725776757c2c58fc0316a498fa1434fc/detection

95.136.36.121:1011
0001002230.ddns.net

# Reference: https://twitter.com/ScumBots/status/1602189593511608322
# Reference: https://www.virustotal.com/gui/file/51cd2ba92fa54c33411ba7e082c1a2a042dd3bc3bbde931d508258dea2967598/detection

209.25.140.180:14931
209.25.141.180:14931
pro-ethiopia.at.ply.gg

# Reference: https://twitter.com/TeamDreier/status/1602254294949953536
# Reference: https://tria.ge/221212-mns1rsbb35/behavioral1

194.180.48.210:5634
svetanakravenova248.ddns.net

# Reference: https://www.virustotal.com/gui/file/3c87080123203da609afd0a8c6c73a2b82c7fb1ce524b950142dd8f623fb1136/detection
# Reference: https://www.virustotal.com/gui/file/8d9ac1f7b2a16e8b3a2b3615db6ad686e046dc566f304f9f02184af92e7fd53d/detection

78.87.218.147:23341
78.87.218.147:44713
0101010101.duckdns.org

# Reference: https://www.virustotal.com/gui/file/042016e79024e0d7569d34b557ce91660116356e3da1bb82465d35694277f2df/detection

91.109.186.4:1605
12kx.sytes.net

# Reference: https://www.virustotal.com/gui/file/42ada343e760c0720184703e6e49739a27d9ce3a2a64b307799d2bb82078d159/detection

2.223.67.90:5353
123ajkwid.hopto.org

# Reference: https://www.virustotal.com/gui/file/994320f1a18a051da9daa8284d18e2ba5befb5d770c52db911cf0e54b1ccb2f1/detection
# Reference: https://www.virustotal.com/gui/file/95819cb6a11ff9abc442a4bd33851259fee9e4034b79e34b0edb18bd6084f493/detection

185.82.217.154:5454
123ght123.hopto.org

# Reference: https://www.virustotal.com/gui/file/cde7e767d7c581252d84fffc579492cf5df5eec30588f41bcacbc613ef29b40c/detection

185.140.53.9:2022
2022.hopto.org

# Reference: https://www.virustotal.com/gui/file/6538d82770f38764b59f2fdf6ad83c6760aa96bcf771e1c00b30259b52ba8a65/detection

194.147.140.181:9090
2022ofgreatness.hopto.org

# Reference: https://www.virustotal.com/gui/file/40e577ca71fd8988f110b0ed2246f5925ceec3a9e74b016e4a75c535bd3b6bb8/detection

2630.hopto.org

# Reference: https://www.virustotal.com/gui/file/afc5de157cad8aa5da9e6aeef5d791b2de8b2e9dd8732a3e9ce5a1384bc00b0d/detection

86.90.27.189:5678
04229512.ddns.net

# Reference: https://threatfox.abuse.ch/browse/malware/win.nanocore/

101.43.166.109:5846
103.114.107.108:54984
103.133.111.25:1007
103.141.138.125:24980
103.151.123.194:8763
103.151.123.77:1996
103.153.77.119:7632
103.153.78.76:7707
103.176.111.90:8550
103.46.140.43:54984
103.46.141.73:14109
104.144.69.130:707
104.144.69.135:7600
104.144.69.139:3990
104.144.69.141:54955
104.144.69.144:707
104.144.69.159:54984
104.144.69.160:7600
104.168.65.245:5498
105.112.100.199:57689
107.150.23.184:38952
107.172.75.158:21038
107.182.129.128:1818
107.182.129.16:8687
107.182.129.248:1010
107.182.129.248:6860
107.182.129.51:1996
107.182.129.59:2000
107.182.129.61:1665
107.182.129.71:2010
107.213.220.165:53
109.206.241.128:5211
109.206.241.195:5899
109.206.243.174:6696
109.248.150.171:83
128.116.201.163:1234
13.58.157.220:10104
13.59.15.185:17425
13.59.15.185:17662
13.59.15.185:17912
13.59.15.185:18445
13.59.15.185:19948
134.19.179.147:63576
134.19.179.179:6755
135.148.12.148:1608
136.144.41.76:2222
136.243.111.71:54984
137.184.34.130:8273
137.63.71.51:3994
138.128.245.10:2023
141.95.116.226:2782
141.98.102.187:6755
141.98.6.123:21038
141.98.6.128:1187
141.98.6.20:6754
141.98.6.231:6318
141.98.6.70:54984
144.168.243.161:705
144.202.69.96:22102
146.70.35.143:1012
152.89.218.40:54984
155.138.222.252:53896
156.96.44.202:1333
156.96.62.59:6051
163.123.142.161:141
163.123.142.254:6700
163.123.143.143:1665
163.123.143.235:666
165.22.47.100:54984
165.22.47.100:6141
167.71.56.116:22053
167.71.56.116:22378
171.22.30.167:1007
171.22.30.170:1989
171.22.30.239:6932
171.22.30.56:1996
171.22.30.90:3693
171.22.30.97:1989
172.107.169.46:3421
172.111.199.139:14109
172.111.208.177:9036
172.111.251.195:9036
172.245.163.134:9036
172.245.163.161:2049
172.245.163.161:9003
172.94.42.77:54983
172.98.92.42:58491
177.75.89.26:5000
18.156.13.209:13809
18.156.13.209:16050
18.156.13.209:16368
18.157.68.73:13809
18.157.68.73:16050
18.157.68.73:16368
18.158.58.205:13731
18.189.106.45:10715
18.189.106.45:12356
18.189.106.45:14111
18.189.106.45:14324
18.189.106.45:16463
18.189.106.45:17337
18.192.93.86:13809
18.192.93.86:16050
18.192.93.86:16368
18.197.239.5:13809
18.197.239.5:16050
18.197.239.5:16368
18.198.77.177:11915
18.198.77.177:19408
184.105.192.5:2333
184.105.237.195:10001
184.105.237.195:10010
184.105.237.195:2929
184.75.223.235:2755
184.75.223.235:3782
184.75.223.235:3810
184.75.223.235:3811
184.75.223.235:3847
185.102.170.106:2010
185.140.53.12:8100
185.140.53.132:6122
185.140.53.134:6262
185.140.53.138:7755
185.140.53.147:1604
185.140.53.158:7688
185.140.53.174:1604
185.140.53.183:8844
185.140.53.243:4573
185.140.53.25:7688
185.140.53.3:31789
185.140.53.69:30507
185.140.53.6:1212
185.157.161.6:2022
185.157.162.187:1604
185.157.162.75:1608
185.165.153.209:45635
185.165.153.209:7654
185.165.153.26:44321
185.173.34.190:5557
185.174.40.75:7688
185.19.85.141:2502
185.19.85.141:2702
185.19.85.144:4040
185.19.85.160:54761
185.19.85.181:9034
185.213.155.161:2264
185.216.71.149:5899
185.216.71.189:5899
185.216.71.196:5899
185.220.69.56:6662
185.222.58.111:5355
185.225.73.164:7712
185.244.29.156:24980
185.244.29.89:2021
185.244.31.162:7688
185.254.37.72:2025
185.29.9.48:32114
185.65.134.179:2264
185.65.134.180:2264
185.81.157.236:5080
188.127.237.221:2431
188.215.229.145:3546
192.158.232.67:1447
192.158.233.204:54984
192.169.69.25:1501
192.169.69.25:1996
192.169.69.25:2000
192.169.69.25:2002
192.169.69.25:22027
192.169.69.25:2278
192.169.69.25:24980
192.169.69.25:40000
192.169.69.25:40001
192.169.69.25:40005
192.169.69.25:4040
192.169.69.25:4842
192.169.69.25:4937
192.169.69.25:5001
192.169.69.25:54980
192.169.69.25:5555
192.169.69.25:5873
192.169.69.25:58887
192.169.69.25:6969
192.169.69.25:7654
192.169.69.25:7791
192.169.69.25:8050
192.169.69.25:9087
192.169.69.26:15607
192.169.69.26:1994
192.169.69.26:2027
192.169.69.26:3535
192.169.69.26:40111
192.169.69.26:4842
192.169.69.26:48562
192.169.69.26:54980
192.169.69.26:54984
192.169.69.26:5550
192.169.69.26:6262
192.169.69.26:7776
192.169.69.26:8234
192.169.69.26:8888
192.3.193.136:1344
192.30.89.67:2449
193.111.125.123:511
193.169.253.188:9750
193.233.185.110:1187
193.233.187.19:555
193.31.30.138:1365
193.47.61.170:1989
193.47.61.249:53965
194.147.140.103:1122
194.147.140.230:10101
194.147.140.55:8779
194.147.5.75:5899
194.15.108.51:54991
194.180.224.105:40001
194.180.224.105:40005
194.26.213.230:5525
194.31.98.116:2022
194.31.98.178:1187
194.31.98.18:1187
194.5.97.123:11059
194.5.97.169:4573
194.5.97.17:5023
194.5.97.192:9050
194.5.97.21:6060
194.5.97.21:8282
194.5.97.231:6030
194.5.97.247:2525
194.5.97.26:1098
194.5.97.98:2180
194.5.98.102:3100
194.5.98.126:8605
194.5.98.12:3531
194.5.98.12:8779
194.5.98.138:6090
194.5.98.141:2180
194.5.98.148:5050
194.5.98.148:6776
194.5.98.156:12094
194.5.98.15:8282
194.5.98.160:12042
194.5.98.160:4090
194.5.98.160:5090
194.5.98.160:7090
194.5.98.165:19864
194.5.98.167:19864
194.5.98.173:5842
194.5.98.176:60451
194.5.98.17:1177
194.5.98.183:52005
194.5.98.198:54999
194.5.98.208:50720
194.5.98.20:6060
194.5.98.219:40111
194.5.98.219:48562
194.5.98.222:4190
194.5.98.227:19864
194.5.98.24:4693
194.5.98.24:6060
194.5.98.29:8282
194.5.98.33:53409
194.5.98.38:7410
194.5.98.46:6920
194.5.98.46:8181
194.5.98.54:9034
194.5.98.5:4918
194.5.98.7:52943
194.5.98.84:54984
194.5.98.93:4444
194.5.98.9:52943
194.55.186.150:7600
194.87.84.135:1187
194.87.84.21:1995
194.87.84.21:7687
194.9.172.60:54984
195.133.40.119:2500
195.178.120.227:4032
195.242.110.163:1001
195.242.110.7:54984
198.12.252.160:443
198.20.177.159:705
198.50.231.134:5498
2.3.155.124:54984
2.56.56.126:1818
2.56.56.74:10449
2.56.56.96:111
2.56.57.130:5899
2.56.59.101:1828
2.56.59.113:1818
2.58.149.232:4573
2.58.149.236:6932
202.182.100.23:40001
208.67.105.101:2025
208.67.105.178:1492
209.127.186.205:2102
209.182.100.23:40001
209.25.140.180:27725
209.25.141.180:25384
209.25.141.180:56956
209.25.141.180:57584
209.25.141.211:80
209.25.141.229:38741
209.25.141.229:42124
212.192.241.164:1187
212.192.246.176:2486
212.192.246.194:1990
212.193.30.148:53904
212.193.30.204:1187
212.193.30.230:14977
212.193.30.230:40111
212.193.30.230:60451
212.193.30.230:60705
212.193.30.23:2122
212.193.30.80:5454
212.87.204.153:6100
213.152.161.211:28146
213.152.161.229:6324
213.152.161.69:52049
213.152.161.85:6755
213.152.187.210:6755
213.184.126.143:1993
216.218.135.117:3603
216.218.135.118:3603
216.218.135.118:9497
216.244.221.110:4005
216.250.250.94:54955
216.250.251.191:24980
23.105.131.166:3531
23.105.131.186:1620
23.105.131.196:7788
23.105.131.206:67
23.105.131.228:7788
23.105.131.237:9091
23.105.131.249:1620
23.105.171.87:44800
23.229.34.114:705
23.237.25.128:54984
24.135.175.197:24069
27.254.163.12:8080
3.121.139.82:11915
3.121.139.82:16163
3.124.67.191:14664
3.124.67.191:17240
3.125.188.168:14664
3.125.188.168:17240
3.126.224.214:14664
3.126.224.214:18009
3.126.37.18:13809
3.126.37.18:16050
3.126.37.18:16368
3.127.138.57:13809
3.127.138.57:16050
3.127.253.86:16163
3.127.253.86:19408
3.127.59.75:11915
3.127.59.75:16841
3.128.107.74:17425
3.128.107.74:17662
3.128.107.74:17912
3.128.107.74:18445
3.128.107.74:19948
3.129.187.220:14880
3.129.187.220:19235
3.13.191.225:12323
3.13.191.225:14605
3.13.191.225:17628
3.13.191.225:17742
3.131.147.49:12362
3.131.147.49:14880
3.131.147.49:19235
3.131.207.170:17425
3.131.207.170:17662
3.131.207.170:17912
3.131.207.170:18445
3.131.207.170:19948
3.132.159.158:10715
3.132.159.158:12356
3.132.159.158:14111
3.132.159.158:14324
3.132.159.158:16463
3.133.207.110:14880
3.133.207.110:16559
3.133.207.110:19235
3.134.125.175:12323
3.134.125.175:14605
3.134.125.175:17146
3.134.125.175:17628
3.134.125.175:17742
3.134.39.220:11828
3.134.39.220:12323
3.134.39.220:14605
3.136.65.236:14880
3.136.65.236:16559
3.136.65.236:19235
3.138.180.119:12362
3.138.180.119:14880
3.138.180.119:19235
3.138.45.170:17425
3.138.45.170:17912
3.138.45.170:18445
3.138.45.170:19948
3.14.182.203:11970
3.14.182.203:12323
3.14.182.203:14605
3.14.182.203:17146
3.14.182.203:17628
3.14.182.203:17742
3.140.223.7:10715
3.140.223.7:14111
3.140.223.7:14324
3.140.223.7:16463
3.140.223.7:17337
3.141.142.211:10715
3.141.142.211:14111
3.141.142.211:14324
3.141.142.211:16463
3.141.142.211:17337
3.141.177.1:10715
3.141.177.1:12356
3.141.177.1:14111
3.141.177.1:14324
3.141.177.1:17337
3.141.210.37:10715
3.141.210.37:12356
3.141.210.37:14111
3.141.210.37:14324
3.141.210.37:16463
3.141.210.37:17337
3.142.129.56:10104
3.142.167.4:10104
3.142.167.54:10104
3.142.81.166:10104
3.145.201.105:3637
3.17.7.232:11828
3.17.7.232:12323
3.17.7.232:14605
3.17.7.232:17628
3.17.7.232:17742
3.19.130.43:10104
3.22.15.135:14880
3.22.15.135:16559
3.22.15.135:19235
3.22.30.40:12323
3.22.30.40:14605
3.22.30.40:17146
3.22.30.40:17628
3.22.30.40:17742
3.22.53.161:17425
3.22.53.161:17912
3.22.53.161:18445
3.22.53.161:19948
3.67.112.102:13731
3.67.15.169:14664
3.67.15.169:17240
3.67.15.169:18009
3.67.62.142:13731
3.68.56.232:14664
3.68.56.232:18009
31.210.20.129:8686
31.210.20.18:2486
34.221.57.122:83
35.158.159.254:11915
35.158.159.254:19408
35.198.98.125:80
37.0.11.164:7600
37.0.11.252:1993
37.0.11.6:1515
37.0.14.195:2023
37.0.14.195:4489
37.0.14.195:6122
37.0.14.196:1759
37.0.14.196:28289
37.0.14.198:9090
37.0.14.203:57601
37.0.14.210:6060
37.0.14.216:2828
37.0.8.115:1605
37.0.8.138:1990
37.0.8.234:6932
37.0.8.61:1492
37.0.8.61:7650
37.0.8.98:2010
37.120.141.153:7782
37.120.141.168:20442
37.120.210.219:3397
37.120.210.219:8430
37.139.128.94:6000
37.139.129.71:7712
37.139.129.91:9921
41.216.183.170:1665
41.216.183.49:1447
43.154.234.84:28100
45.11.231.129:2030
45.12.253.26:1665
45.132.106.37:6060
45.132.106.37:6445
45.133.1.119:6991
45.133.1.126:2010
45.137.20.4:4984
45.137.20.4:56648
45.137.22.152:8472
45.137.22.35:54984
45.137.65.132:6269
45.137.65.229:5050
45.139.105.174:8282
45.14.165.113:5709
45.141.239.47:2010
45.154.98.222:54984
45.195.25.163:4000
45.35.105.148:6700
45.59.127.4:4783
45.74.38.17:9036
46.183.220.115:31740
46.243.140.88:5569
46.246.84.5:9124
5.134.196.78:43235
5.181.234.149:54678
51.89.157.228:54984
52.14.18.129:17425
52.14.18.129:17662
52.14.18.129:17912
52.14.18.129:18445
52.14.18.129:19948
52.28.112.211:11915
52.28.112.211:16841
52.28.112.211:19408
54.188.68.225:1008
62.197.136.144:2486
62.197.136.237:55688
62.197.136.29:6932
62.197.136.51:6262
63.141.237.50:44621
65.92.124.154:1929
66.94.106.77:1337
67.182.249.169:8273
68.196.160.138:4567
68.235.43.100:59335
68.235.44.57:59335
73.229.114.85:54984
74.201.28.111:141
76.8.53.140:62520
77.92.253.196:3377
78.172.239.55:1604
78.173.184.33:54984
79.110.62.150:4032
79.110.62.158:4089
79.110.62.187:4032
79.134.225.108:1985
79.134.225.115:7688
79.134.225.119:3384
79.134.225.11:8085
79.134.225.121:54984
79.134.225.13:5673
79.134.225.18:1414
79.134.225.18:9034
79.134.225.20:1997
79.134.225.22:54761
79.134.225.26:2943
79.134.225.28:2580
79.134.225.30:1717
79.134.225.38:15110
79.134.225.49:10101
79.134.225.53:7171
79.134.225.69:1620
79.134.225.6:1620
79.134.225.6:43147
79.134.225.6:60110
79.134.225.71:7480
79.134.225.73:3531
79.134.225.74:1515
79.134.225.75:7691
79.134.225.76:1515
79.134.225.76:5252
79.134.225.77:7988
79.134.225.7:40405
80.76.51.88:408
80.76.51.88:409
81.161.229.140:1447
83.213.245.105:5555
84.38.129.53:31789
84.38.130.214:1604
84.38.133.204:3535
84.51.52.166:54984
85.202.169.165:2025
85.208.136.69:6932
85.31.46.156:54984
85.31.46.207:22
85.86.25.62:1515
85.86.25.62:5555
85.97.69.68:6122
86.219.97.216:53896
87.251.79.109:48405
91.109.176.11:443
91.109.182.3:65535
91.109.186.5:1991
91.109.190.5:1194
91.192.100.11:15049
91.192.100.14:53081
91.192.100.16:48562
91.192.100.4:3531
91.192.100.5:2702
91.192.100.8:1333
91.192.100.8:33400
91.192.100.8:5842
91.192.100.8:9036
91.192.100.9:2404
91.193.75.131:1990
91.193.75.131:5455
91.193.75.132:5422
91.193.75.132:6884
91.193.75.132:7189
91.193.75.132:7354
91.193.75.132:7664
91.193.75.133:1110
91.193.75.133:22233
91.193.75.133:2323
91.193.75.133:2630
91.193.75.133:2938
91.193.75.133:6884
91.193.75.134:6561
91.193.75.134:8282
91.193.75.135:16554
91.193.75.135:60110
91.193.75.136:5252
91.193.75.141:15359
91.193.75.144:7688
91.193.75.147:2456
91.193.75.154:1604
91.193.75.169:10449
91.193.75.177:37186
91.193.75.211:15410
91.193.75.218:54999
91.193.75.221:4040
91.193.75.221:5055
91.193.75.223:33456
91.193.75.226:1983
91.193.75.234:3259
91.193.75.248:15440
91.193.75.252:26000
91.92.120.123:705
91.92.120.183:705
92.240.245.3:1122
93.114.128.20:5678
94.23.103.59:54984
95.214.24.80:2021
95.214.27.236:7007
95.70.139.81:54984
98.221.242.137:4782
2022success.ddns.net
battlewow.us.to
blessed1234.duckdns.org
cardeliver.ca
cherpa.eu
claude111.duckdns.org
crotac.duckdns.org
danteyy.ddns.net
december2n.duckdns.org
fotosintesisballs69.ddns.net
gervenneoil.buzz
justkowir.duckdns.org
muna001.duckdns.org
pp.specterlogisitics.com
realtopg-40301.portmap.io
slave01.duckdns.org
smithcity123.ddns.net
something5you.gotdns.ch
stevewells.hopto.org
tradeguru.com.pk
wealth555.ddns.net
williamscomputer101.ddns.net

# Reference: https://www.virustotal.com/gui/file/bd37993bd00521207013e610f522bc61cd9b5a50e24811bd7b8405230e96b358/detection

23.227.203.221:4904
brillis.duckdns.org

# Reference: https://www.virustotal.com/gui/file/fb456ac776b521f1673988bccc5de5c74843f6d9e447929d4456b1689273a97a/detection
# Reference: https://www.virustotal.com/gui/file/e6b74e0198d2489952bd31a985fa7cadb3a493f440159bf78ee203e52c518fba/detection

185.33.234.172:1515
nonstop1881.duckdns.org
nonstop2020.duckdns.org

# Reference: https://www.virustotal.com/gui/file/58556c4d5976e8d36fcf36742877454ed2c9fc6e90afebcaab3a7a1b86d350a2/detection
# Reference: https://www.virustotal.com/gui/file/28facaeb8bf5891b98e09ae33d135c27bf57eb843705eaf972668cc963ce1412/detection

197.210.85.120:53535
37.0.14.209:53535
lucasjules.ddns.net

# Reference: https://www.virustotal.com/gui/file/441882d2fa3135295a1a9912d2bbbcb09dbcf18ce24b9d1af13741c64573e378/detection

beniecenvet.sytes.net

# Reference: https://www.virustotal.com/gui/file/cfd85cb6f869eb09c97ee58a17eea5f972e3846b466f97d53276ba20b98d7b2a/detection

185.213.155.165:4577
gregern.ddns.net

# Reference: https://www.virustotal.com/gui/file/855fd72221ab535c7955a874e53e443f25f585e372e55d53b4bf1e6d05032f79/detection

141.98.255.149:30108
141.98.255.154:30108

# Reference: https://twitter.com/SarlackLab/status/1628824910679138307

192.169.69.26:4156

# Reference: https://twitter.com/malmoeb/status/1630820398257299456
# Reference: https://www.virustotal.com/gui/file/2cfa6e2290e53959d5f6d2f9d8a4e714941735b750a710223df1db7a0758cf22/detection

45.137.65.132:6369
mobort.duckdns.org

# Reference: https://www.virustotal.com/gui/file/47eb8dc93f94ba337810352ba67e1f0a60666d3ba6f13d3888924d419d8b3fce/detection

cooempresasltda104.duckdns.org

# Reference: https://www.virustotal.com/gui/file/ff860847be3898e4c6df45ddce5e100c3729a5506d5be12188923205970027d9/detection

92.99.238.135:1604
fortest123.hopto.org

# Reference: https://www.virustotal.com/gui/file/d2e347f7ecbcb94a4fe2e0ea86f92d0f60321be94441265b97f0e0b212c0efbc/detection

46.246.12.15:2020
46.246.86.15:2020
patria.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0cf89e8630810da61825cf3b04989edd2ef05c7a9219070ba0dfe3c9b63358bb/detection

allonsy.hopto.org

# Reference: https://www.virustotal.com/gui/file/3513481979f9846a21de74830c896ffe4080c8bf1a57c4578544600be47cc158/detection

196.77.23.238:54984
41.143.49.111:54984
rasdrasd.publicvm.com

# Reference: https://blog.talosintelligence.com/threat-roundup-0331-0407-2/ (# Win.Dropper.Nanocore-9995112-1)
# Reference: https://www.virustotal.com/gui/file/0d36017cc6ac2ccd7b332ef4efc2c3a7c039c594caab75eff13999fbb27b5980/detection

obelltd.ddns.net

# Reference: https://www.virustotal.com/gui/file/aec3e3652da5df8a17e09647efbfec7771e5ec1c2263d0d6218ba1d4bdb086a9/detection

185.65.134.165:62427
secureserver123.duckdns.org

# Reference: https://www.virustotal.com/gui/file/dc28cbcc9ef6bdfc3a3ccf58b13023e24b007b8ee4cd03f8bd5dc5f62b921e1a/detection
# Reference: https://www.virustotal.com/gui/file/c3eef118cd5d331e6792f16d59afdf8c58fdfdd5d3797657902a86f11837fbfc/detection

185.65.134.164:62709
185.65.134.165:62709
185.65.134.167:62709
185.65.134.181:62709
185.65.134.182:62709
ttvtw.freemyip.com

# Reference: https://www.virustotal.com/gui/file/0dbe3c1b57287888e4eeea2a486e5adda95bb9fce97e2bdffad47802e4d9d92f/detection

alertt.duckdns.org

# Reference: https://www.virustotal.com/gui/file/57e5641d6352c5a2c9fee6b2bf6bc91ace13360e30493903c14db3850b1b8f64/detection

bankuntu.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0a5bc24c57e9483aed14ac2c9d30d56d7515f0b003e453406a6b6d5884493744/detection

bouricrat.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8d3b0b73f7f381bafb21e0518a4f70eb9c1872c28da7faafa54e668315e9ad33/detection
# Reference: https://www.virustotal.com/gui/file/628829ae292146d2e3b84e09295ff623e9a158a2791c277c009b5d4055a502e5/detection
# Reference: https://www.virustotal.com/gui/file/8eb2f7ab9bab3a18b8e697ade5fa57a70f7200bb442179bb8761b9f2d876345f/detection

45.132.106.37:4766
45.132.106.37:6269
macador.duckdns.org
macrim.duckdns.org

# Reference: https://www.virustotal.com/gui/file/f3281de38ce156662c0691317174b3792e18b15ac9ebfdf82c10e1b2f5f6e3e7/detection
# Reference: https://www.virustotal.com/gui/file/3a15ee54a292dbe70ab7e4e684bf3954897ab97374cb96cd9639c067f0c290e4/detection
# Reference: https://www.virustotal.com/gui/file/0facd089f92fda41f49e30f186ec2767b612cd96e46491451523fc50260d77fb/detection

stepin.duckdns.org

# Reference: https://www.virustotal.com/gui/file/cb5a3edef941f770e70d5938bb2c5bad7f82892884b73b0512f76a0be0e8b692/detection
# Reference: https://www.virustotal.com/gui/file/6092c6114d7aaf7442af519890d2ac3136806b31bda6a411a12b61d1ccfa118c/detection
# Reference: https://www.virustotal.com/gui/file/3d36a06552f24dc4a5ac3a4d9594e30dee088c95c1139b6e2d1374130d9065d9/detection

valentine23.duckdns.org

# Reference: https://www.virustotal.com/gui/file/d2fc202f8c3d4adf3e5f43bcb79913fdbba8c98c1bf6f81e80309d283aa15059/detection

45.141.27.208:54984

# Reference: https://www.virustotal.com/gui/file/f87fb8666397746bf471e8bec498f83d11e53c204d515abccb2154c44c3763a3/detection
# Reference: https://www.virustotal.com/gui/file/70f45664499746bac72bb3aabc25b79f8623479ebaf80d03ca56479fe4e516a2/detection

192.169.69.25:2929
79.134.225.40:2929
benedictus.duckdns.org

# Reference: https://www.virustotal.com/gui/file/08ad4fdc0668b7696b3041e0c791f2a9b1b8c6c0814c0904e711779ece205f6f/detection

23.105.131.129:7185
harold.ns01.info
haroldy.accesscam.org

# Reference: https://www.virustotal.com/gui/file/25cf559d1de914a23563ad710eb291840283e5e9963b3941e51799220cc09ea5/detection

23.146.242.147:3606
31.210.20.226:3606

# Reference: https://www.virustotal.com/gui/file/9b5f44aa8226ef02d998f3b6e60eb14ddf3301c38694e5c55ea040545e83886b/detection

134.19.179.147:38046
dominion46.ddns.net

# Reference: https://twitter.com/kienbigmummy/status/1658813288464125952
# Reference: https://www.virustotal.com/gui/file/a31358e9f59219cfa5f1acbc680eab9f56aa3fd9975fc73537768d9f43fb6abc/detection

141.98.6.167:4032
jasonbourneblack.ddns.net
rolandlandson149.bounceme.net

# Reference: https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/SmokeLoader/smoke_out_14_05_2023_NL.txt
# Reference: https://www.virustotal.com/gui/file/03c8ae088d9b5ed64de0ac1782f3b2a9ee31ebd3597d03f285a0c31b9e6ef25f/detection

http://213.170.135.147
213.170.135.147:4449
max.con-ip.com

# Reference: https://www.virustotal.com/gui/file/a3d233a87114b7ff5648e4ee135c6fc69245c2a2b9c37dd7e340f3de5864f946/detection

194.147.140.137:4811
197.210.29.97:4811

# Reference: https://www.virustotal.com/gui/file/847a1d56185a69c2e30b44368c404bc91107463274fa66b260277b1c0616b66b/detection

213.152.187.210:4367
demouser.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/039bb173b6ffb1047323d9b5f31bf063f7c5bdd74bcb5c3736d529234e2932e1/detection

160.120.17.236:3240
160.120.22.55:3240
160.120.25.124:3240
160.120.25.88:3240
173.252.103.64:3240
66.220.147.11:3240
69.171.244.15:3240
69.171.247.71:3240
imagine.here-for-more.info
ivoirienpoe.ddns.net

# Reference: https://www.virustotal.com/gui/file/17c08dfb80f2cbc34023cb196c27380eaf7ea99df4e20082e3b5cff7f84db48d/detection

213.152.161.40:33045
mozess.is-a-cpa.com

# Reference: https://threatfox.abuse.ch/browse/malware/win.nanocore/ (# 2023-07-28)

103.212.81.151:58876
103.212.81.152:4654
103.212.81.155:23591
103.212.81.155:3190
103.212.81.157:23591
107.182.128.9:6636
107.182.128.9:7727
109.206.242.17:4141
12.202.180.134:8550
13.229.3.203:14920
13.58.157.220:18184
13.59.15.185:13025
141.255.152.96:1991
141.255.156.145:1991
159.223.171.199:22282
159.223.171.199:22550
159.223.171.199:3404
165.227.31.192:22429
168.119.0.173:5665
176.9.158.133:3456
177.67.82.66:5000
18.136.148.247:14920
18.139.9.214:14920
18.141.129.246:14920
18.158.249.75:29052
185.252.179.198:8282
192.121.102.38:57788
192.169.69.25:2097
192.169.69.25:6790
192.169.69.26:414
192.169.69.26:54914
192.169.69.26:60451
192.169.69.26:60705
192.169.69.26:61715
192.253.241.112:55420
193.56.29.145:8550
194.147.140.133:1092
194.147.140.133:50720
194.5.98.137:50720
194.87.151.236:4334
209.25.141.212:45203
209.25.141.224:12008
212.193.30.230:4984
212.193.30.230:6060
212.193.30.230:61715
212.193.30.230:9387
213.152.161.138:3648
213.152.161.138:3658
213.152.161.138:3672
213.152.161.138:3692
213.152.161.40:21942
213.152.162.181:9387
216.218.135.117:3344
24.199.85.225:4137
24.199.85.225:6349
24.199.85.225:8273
3.125.102.39:29052
3.126.37.18:18809
3.128.107.74:13025
3.129.187.220:10918
3.129.187.220:17403
3.13.191.225:14795
3.131.147.49:10918
3.131.147.49:17403
3.131.207.170:13025
3.133.207.110:10918
3.133.207.110:17403
3.134.125.175:14795
3.134.39.220:14795
3.136.65.236:10918
3.138.180.119:10918
3.138.180.119:17403
3.138.45.170:13025
3.14.182.203:14795
3.142.129.56:18184
3.142.167.4:18184
3.142.167.54:18184
3.142.81.166:18184
3.145.201.105:3436
3.17.7.232:14795
3.19.130.43:18184
3.22.15.135:10918
3.22.15.135:17403
3.22.30.40:14795
3.22.53.161:13025
3.6.115.64:16968
3.6.30.85:16968
3.6.98.232:16968
31.210.55.103:41480
31.210.55.103:43673
37.0.14.197:58876
45.12.253.242:5899
45.137.22.133:5899
45.35.64.214:5665
45.88.67.63:6060
45.88.67.63:63882
46.246.86.210:54984
5.252.165.230:28289
52.14.18.129:13025
52.220.121.212:14920
67.164.193.74:8273
77.153.188.104:54984
82.130.171.45:5555
82.66.202.142:53896
91.109.178.4:1991
91.109.184.9:1991
91.109.190.2:1991
91.166.222.211:16383
91.192.100.6:8844
91.192.100.7:1620
91.192.100.7:54984
91.193.75.131:1116
91.193.75.178:62335
91.193.75.249:23591
91.207.57.115:13838
95.214.27.236:7008
and-tim.at.ply.gg
arkseven7002.ddns.net
arkseven7003.ddns.net
ayranger10.ddns.net
december2nd.ddns.net
ezemnia3.ddns.net
hadleyshope.3utilities.com
hkmtdr.ddns.net
insurance-agencies.at.ply.gg
jix37.duckdns.org
kala007.duckdns.org
microsoftservicev55.hopto.org
nonoise.duckdns.org
patyneduchez3212.duckdns.org
percolysrl2.ddns.net
secur3.duckdns.org
sneakerpop.bounceme.net
staywicked99.ddns.net
timmy08.ddns.net
uilove.ddns.net
wqqkgzmrdwxl8j.duckdns.org

# Reference: https://threatfox.abuse.ch/browse/malware/win.nanocore/ (# 2023-07-31)

167.235.75.225:7594
194.147.140.139:1620
mbkmoney604.duckdns.org
