# Malware - Multiple RAT Threats - Domains & Hosts
# These domains are extracted from malware sandbox reports using a Machine Learning model trained on a corpus of good and bad domains. 
# Source: https://otx.alienvault.com
# 
# INFO: https://blog.malwarebytes.com/threats/remote-access-trojan-rat/
#
# UPDATED: 15-02-2021
#
# Every link reported should be considered harmefull and could result in an unwanted malware download.
#
# ***** The list is released without any warranty to the end users.*****
#
#
#	****I've collected some of the RAT pulses from OTX AlienVault that had more than 4+ domains and/or hosts in them, and put them in one file. ****
#
#
# *** This list contains domains and hosts ***
# *******************************************************************************************************************************************************************
#------------------------------------------
# Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
# Source: https://otx.alienvault.com/pulse/5fdb7e931ecac1576e15fd04

# Domains
advertrex20.xyz
advertsp74.xyz
asdasd08.com
asdasd08.xyz
decatos30.com
decatos30.xyz
gentexman37.xyz
mexstat128.com
sdadvert197.com
shopweb95.xyz
#------------------------------------------
# Phishing emails with RAT targeting corporate users
# In November 2020 Doctor Web virus analysts detected a phishing attack targeting corporate users. The emails in question contained trojan malware that covertly install and launch Remote Utilities software — a tool for remotely accessing another computer.
# Source: https://otx.alienvault.com/pulse/5fd3e533f31a2aa08d9ac388

# Domains
360mediashare.com
ateliemilano.ru
gedebeywater.com
kiat.by
mystorage-settings.ru
nordtexnika.az
office360.work
office360share.com
road258.website
road349.website
savalan.az
wsus.ga
wsusms.com
#------------------------------------------
# Win32.RATChat - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5de8a7203ef6b1816681a9ab

# Hosts
0.0.0.0	cjsgk200.dns0755.net
0.0.0.0	idoidochoi.ddns.net
0.0.0.0	tjxodnr100.ddns.net
0.0.0.0	cooljin100.ddns.net
#------------------------------------------
# BitRAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5f619f1ce31c11f82b6e7d00

# Hosts
0.0.0.0	auth08-verify.serveuser.com
0.0.0.0	billie.nigga.fail
0.0.0.0	bitor01.duckdns.org
0.0.0.0	boss808.ddns.net
0.0.0.0	engkaa.ddns.net
0.0.0.0	fastnfure.ddns.net
0.0.0.0	greathop.fastestmaking.com
0.0.0.0	h20.cyclingweb.army
0.0.0.0	jadhis.camdvr.org
0.0.0.0	jegebit.duckdns.org
0.0.0.0	kosueo.theworkpc.com
0.0.0.0	nhry9tg.giize.com
0.0.0.0	rproxy.legitfxpro.com
0.0.0.0	softwareservice54.ddns.net
0.0.0.0	svchostexplorer.ddns.net
#------------------------------------------
# Orcus.RAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5cc9b7fb5228e2c16734145e

# Domains
skanderup.xyz

# Hosts
0.0.0.0	eta.ne.virus.ne.trogaj.mena.kstati.putinso.site
0.0.0.0	firstopenvpn9980-21254.portmap.host
0.0.0.0	fraerusernj.duckdns.org
0.0.0.0	hacknj.ddns.net
0.0.0.0	justanix.ddns.net
0.0.0.0	killmenow.ddns.net
0.0.0.0	mycli.ddns.net
0.0.0.0	myvpsvps.ddns.net
0.0.0.0	oneplist.ddns.net
0.0.0.0	orcus.griefergames.site
0.0.0.0	orcushack.duckdns.org
0.0.0.0	pomf.pyonpyon.moe
0.0.0.0	uwuxd.duckdns.org
#------------------------------------------
# AsyncRAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5e756e341388e7514cb518d7

# Domains
advisorgoetia-dns.xyz
dlldns.xyz
reversethis.store

# Hosts
0.0.0.0	aghfhshhg.duckdns.org
0.0.0.0	andy1688.ddns.net
0.0.0.0	asd2020.duckdns.org
0.0.0.0	clayroot2016.linkpc.net
0.0.0.0	cloudclout.duckdns.org
0.0.0.0	coolthingy.duckdns.org
0.0.0.0	darioeodr45.duckdns.org
0.0.0.0	dnsnuev009.duckdns.org
0.0.0.0	f2iu21id1ld1.ddns.net
0.0.0.0	fiesta.kozow.com
0.0.0.0	gjdfhfdka.duckdns.org
0.0.0.0	gthdffds.duckdns.org
0.0.0.0	hdggdj.duckdns.org
0.0.0.0	jetproi.duckdns.org
0.0.0.0	liligharba5.ddns.net
0.0.0.0	maksuda2230-52612.portmap.host
0.0.0.0	mika202.duckdns.org
0.0.0.0	mooonskj.ddns.net
0.0.0.0	notradingpsl.ddns.net
0.0.0.0	nsr0209.kro.kr
0.0.0.0	olunew.freemyip.com
0.0.0.0	s1.putinso.site
0.0.0.0	sdfghjgfds.duckdns.org
0.0.0.0	sdfghju.duckdns.org
0.0.0.0	spy.mywire.org
0.0.0.0	wissam000.ddns.net
0.0.0.0	wissam001.ddns.net
#------------------------------------------
# WSHRAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5d031ea3f673747a4eec7471

# Domains
greenroomstudio.live

# Hosts
0.0.0.0	9deseptiembre1712.chickenkiller.com
0.0.0.0	16dejulio2020.duckdns.org
0.0.0.0	66deagosto2020.duckdns.org
0.0.0.0	2813.noip.me
0.0.0.0	8896wsh.ddns.net
0.0.0.0	allen102.duckdns.org
0.0.0.0	appgwindows.duckdns.org
0.0.0.0	appwindows.duckdns.org
0.0.0.0	btcinfo104.duckdns.org
0.0.0.0	dabadaba225.duckdns.org
0.0.0.0	danielgomesb.duckdns.org
0.0.0.0	deepweb212.duckdns.org
0.0.0.0	eurobank.hopto.me
0.0.0.0	facebookvn.ddns.net
0.0.0.0	fivemmods222.ddns.net
0.0.0.0	freehost222.ddns.net
0.0.0.0	harold.jetos.com
0.0.0.0	hpop.ddns.net
0.0.0.0	javiersalazar87.duckdns.org
0.0.0.0	kasmoremoney.duckdns.org
0.0.0.0	kremlin-home.duckdns.org
0.0.0.0	megamoneyaneke.duckdns.org
0.0.0.0	mercedez.duckdns.org
0.0.0.0	mikelsonallen300.duckdns.org
0.0.0.0	mnx1.duckdns.org
0.0.0.0	mothermaryblessme.duckdns.org
0.0.0.0	my1empire.duckdns.org
0.0.0.0	networker.hagyz.com
0.0.0.0	news.coris-bank.fr
0.0.0.0	nkwosharp.firewall-gateway.com
0.0.0.0	onyeeze.duckdns.org
0.0.0.0	orlandoblunblun2020.duckdns.org
0.0.0.0	pluginsrv1.duckdns.org
0.0.0.0	pluginsrv2.duckdns.org
0.0.0.0	raynerbouyant.serveftp.com
0.0.0.0	reptptyliano.duckdns.org
0.0.0.0	rwsh.duckdns.org
0.0.0.0	sandrayouknowme.onmypc.info
0.0.0.0	slotconstruction.linkpc.net
0.0.0.0	spanx.hopto.org
0.0.0.0	svch.mywire.org
0.0.0.0	tain.duckdns.org
0.0.0.0	taskmgr.linkpc.net
0.0.0.0	unknownsoft.duckdns.org
0.0.0.0	update.mcafee-endpoint.com
0.0.0.0	vitlop.ddns.net
0.0.0.0	wsh.gleeze.com
0.0.0.0	wshrat-2020.duckdns.org
0.0.0.0	wshwin.duckdns.org
0.0.0.0	www.abbassonline.com
0.0.0.0	www.digitangkas.com
0.0.0.0	www.gopluseg.com
0.0.0.0	www.henryatwork.com
0.0.0.0	www.yellowdoorproperties1.com
0.0.0.0	xcosgate.ddns.net
0.0.0.0	z2020-29077.portmap.host
0.0.0.0	zied2020.duckdns.org
#------------------------------------------
# MSIL.Revenge.RAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5ccaa61083998c46514707d4

# Domains
manedina.top
maxon.tk
mondns.pro
sii-cl.com
spacexlinkx.com
tiberton.top

# Hosts
0.0.0.0	1admin12345.ddns.net
0.0.0.0	1337gang.ddns.net
0.0.0.0	40999up.sytes.net
0.0.0.0	a24369093123.ddns.net
0.0.0.0	accer.sytes.net
0.0.0.0	agx1996.ddns.net
0.0.0.0	ali19951995.ddns.net
0.0.0.0	alice2019.myftp.biz
0.0.0.0	alison7stern-56207.portmap.host
0.0.0.0	amazigh15-43861.portmap.host
0.0.0.0	amazigh15-61044.portmap.host
0.0.0.0	amir67hack1.ddns.net
0.0.0.0	anakimm.ddns.net
0.0.0.0	ange003.ddns.net
0.0.0.0	anunankis1.duckdns.org
0.0.0.0	babatubu.myftp.biz
0.0.0.0	besouro212.duckdns.org
0.0.0.0	bhs.linkpc.net
0.0.0.0	bhs.publicvm.com
0.0.0.0	bibilafrite.ddns.net
0.0.0.0	blackhatsecx.ddns.net
0.0.0.0	bo6y3.duckdns.org
0.0.0.0	boosters.giize.com
0.0.0.0	botcsgo.duckdns.org
0.0.0.0	bozok.ddns.net
0.0.0.0	brasilomnibees.duckdns.org
0.0.0.0	bylgay.hopto.org
0.0.0.0	camera-ip.duckdns.org
0.0.0.0	captin.ddns.net
0.0.0.0	checkininternet.duckdns.org
0.0.0.0	chongmei33.myddns.rocks
0.0.0.0	chupaminhpika.hopto.org
0.0.0.0	classten.duckdns.org
0.0.0.0	cloudhostservice.ddns.net
0.0.0.0	comprovante.duckdns.org
0.0.0.0	comshared.publicvm.com
0.0.0.0	connectddns.ddnsgeek.com
0.0.0.0	connector.onthewifi.com
0.0.0.0	d0rian2022.ddns.net
0.0.0.0	daqexploitfree.duckdns.org
0.0.0.0	dconlauch.ddns.net
0.0.0.0	ddnsssaa.ddns.net
0.0.0.0	diskcopy.duckdns.org
0.0.0.0	donzola.ddns.net
0.0.0.0	dragonfire-49462.portmap.host
0.0.0.0	duckapp.duckdns.org
0.0.0.0	duckdnsrevengerat.duckdns.org
0.0.0.0	dylans.ddnsking.com
0.0.0.0	easykill.servebeer.com
0.0.0.0	emiliaad12we12e21.ddns.net
0.0.0.0	essakazim.hopto.org
0.0.0.0	ewqdqw.duckdns.org
0.0.0.0	fa1con-44457.portmap.host
0.0.0.0	fahd2011.ddns.net
0.0.0.0	falcon-56657.portmap.host
0.0.0.0	fatsnake.duckdns.org
0.0.0.0	ferdinolafre.duckdns.org
0.0.0.0	firefoxsystem.sytes.net
0.0.0.0	flames.hernetek.com
0.0.0.0	fouirux-59789.portmap.io
0.0.0.0	frankmana.duckdns.org
0.0.0.0	gamedevv-25510.portmap.host
0.0.0.0	gamerspro.duckdns.org
0.0.0.0	gamerus.publicvm.com
0.0.0.0	gamerusa.duckdns.org
0.0.0.0	giba1.hopto.org
0.0.0.0	github-58677.portmap.io
0.0.0.0	gkqk00.ddns.net
0.0.0.0	groups.us.to
0.0.0.0	hacking1634.ddns.net
0.0.0.0	haggasinger.ddns.net
0.0.0.0	hamza1.hopto.org
0.0.0.0	hayas.hopto.org
0.0.0.0	hellohagga.duckdns.org
0.0.0.0	helpdeskcamfrog.ddns.net
0.0.0.0	heykids.ooguy.com
0.0.0.0	heyklog.duckdns.org
0.0.0.0	hoothoot.giize.com
0.0.0.0	hpdndbnb.duckdns.org
0.0.0.0	hushbob123.hopto.org
0.0.0.0	iexplorer-sistem.duckdns.org
0.0.0.0	imanevpn.ddns.net
0.0.0.0	infra02.hopto.org
0.0.0.0	isshaklebgdu57.hopto.org
0.0.0.0	javascrypt.ddns.net
0.0.0.0	javasn.publicvm.com
0.0.0.0	johnaliraqi.dynu.com
0.0.0.0	jordanchen7362.sytes.net
0.0.0.0	kachiga.ddns.net
0.0.0.0	karonoip.ddns.net
0.0.0.0	kimlergelmiskimler.duckdns.org
0.0.0.0	kinginho9508.codns.com
0.0.0.0	kokokajadu.duckdns.org
0.0.0.0	konzolleee.duckdns.org
0.0.0.0	kronozzz2.duckdns.org
0.0.0.0	krypticon9332.duckdns.org
0.0.0.0	lalacious1.serveftp.com
0.0.0.0	lapoire1.hopto.org
0.0.0.0	limetar.linkpc.net
0.0.0.0	lolikot-43158.portmap.host
0.0.0.0	lolrated69.ddns.net
0.0.0.0	lolyoufucked.myq-see.com
0.0.0.0	loramer1.ddnsking.com
0.0.0.0	love143.duckdns.org
0.0.0.0	lullikhao.ddns.net
0.0.0.0	malena77.ddns.net
0.0.0.0	mallorca.myftp.org
0.0.0.0	manman.ddns.net
0.0.0.0	mastercocacolavb6.hopto.org
0.0.0.0	masterlovecocacola.ddns.com.br
0.0.0.0	mastermana1.serveirc.com
0.0.0.0	meterpreter19.ddns.net
0.0.0.0	microsoft.myiphost.com
0.0.0.0	microsofthost.giize.com
0.0.0.0	mika212.duckdns.org
0.0.0.0	mod1998.ddns.net
0.0.0.0	mondns.myftp.biz
0.0.0.0	mozilaupdata.duckdns.org
0.0.0.0	myclient.kro.kr
0.0.0.0	myjobe.zapto.org
0.0.0.0	mzu.publicvm.com
0.0.0.0	nabz444.ddns.net
0.0.0.0	naderklay.zapto.org
0.0.0.0	nargaroth.ddns.net
0.0.0.0	narhamra.ddns.net
0.0.0.0	nasadigitalgov.ddns.net
0.0.0.0	nehoray11-58002.portmap.host
0.0.0.0	neonstormcheck.warzonedns.com
0.0.0.0	nerv7.ddns.net
0.0.0.0	neudria.ddns.net
0.0.0.0	nhockgame1230.zapto.org
0.0.0.0	nono45.ddns.net
0.0.0.0	nortonsys.sytes.net
0.0.0.0	office365update.duckdns.org
0.0.0.0	oldmandnsch.duckdns.org
0.0.0.0	omnibeesweb01.hopto.org
0.0.0.0	omnibeesweb02.hopto.org
0.0.0.0	optimusz1-43372.portmap.io
0.0.0.0	otunbamana.duckdns.org
0.0.0.0	ournewcompany2.hopto.org
0.0.0.0	player.zapto.org
0.0.0.0	pmoses13-47804.portmap.io
0.0.0.0	pont9245.ddns.net
0.0.0.0	popup.duckdns.org
0.0.0.0	presentationx.sytes.net
0.0.0.0	pullingaporter.duckdns.org
0.0.0.0	queda212.duckdns.org
0.0.0.0	queda2122.ddns.net
0.0.0.0	quedabesouro.ddns.net
0.0.0.0	rat24695.ddns.net
0.0.0.0	rathost.hopto.org
0.0.0.0	rattedlmao.ddns.net
0.0.0.0	rdp.dgsn.fr
0.0.0.0	recel.duckdns.org
0.0.0.0	redeftp.ddns.net
0.0.0.0	revengerx211.sytes.net
0.0.0.0	revprueba1.duckdns.org
0.0.0.0	rgalldmn.duckdns.org
0.0.0.0	rgfnrh6h555.myq-see.com
0.0.0.0	romeozone1190.ddns.net
0.0.0.0	rua7.ddns.net
0.0.0.0	saadme18.ddns.net
0.0.0.0	saitama.publicvm.com
0.0.0.0	sajid2142-54893.portmap.host
0.0.0.0	seila2332.duckdns.org
0.0.0.0	servernet12.ddns.net
0.0.0.0	seskoal7rbe.ddns.net
0.0.0.0	slocik.ddns.net
0.0.0.0	softmy.duckdns.org
0.0.0.0	sosomelaine.ddns.net
0.0.0.0	soumia26.ddns.net
0.0.0.0	stealer.savestealer.online
0.0.0.0	steamguard1337.myddns.me
0.0.0.0	supertop.duckdns.org
0.0.0.0	swanox.duckdns.org
0.0.0.0	syrnow.zapto.org
0.0.0.0	sys32.publicvm.com
0.0.0.0	t0mqs.ddns.net
0.0.0.0	tarr.duckdns.org
0.0.0.0	tfs2012.hopto.org
0.0.0.0	tito30.ddns.net
0.0.0.0	token.loseyourip.com
0.0.0.0	toloro.duckdns.org
0.0.0.0	toloros.duckdns.org
0.0.0.0	ubiquitouslv-46838.portmap.host
0.0.0.0	unknownamehost.ddns.net
0.0.0.0	unknownamehost.sytes.net
0.0.0.0	unmba.duckdns.org
0.0.0.0	updata.sytes.net
0.0.0.0	updatefacebook.ddns.net
0.0.0.0	updatesystem.ddns.net
0.0.0.0	voidd.25u.com
0.0.0.0	we404.ddns.net
0.0.0.0	williams.tjsosda.com
0.0.0.0	windowssystem32.ddns.net
0.0.0.0	woozworld.ddns.net
0.0.0.0	www.linglun.com.ng
0.0.0.0	wwwwwwwwwwwwwwwwwww.hopto.org
0.0.0.0	xd.zapto.org
0.0.0.0	xlightcx.ddns.net
0.0.0.0	yahakhan.duckdns.org
0.0.0.0	yeetustest.hopto.org
0.0.0.0	yousif.hopto.org
0.0.0.0	zeenko.ddns.net
0.0.0.0	zmzmgpgp.codns.com
#------------------------------------------
# Luminosity.Link.RAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5cc53a1d43d80868606497a0

# Domains
it-ha.ru

# Hosts
0.0.0.0	aldi1122.hopto.org
0.0.0.0	backroutesoft.urown.cloud
0.0.0.0	cdn-redirect.ddns.net
0.0.0.0	cerberus1980.hopto.org
0.0.0.0	darksystemz.ddns.net
0.0.0.0	fhsdlk.hopto.org
0.0.0.0	fortheali.hopto.org
0.0.0.0	foxtrap.crabdance.com
0.0.0.0	h140256.s22.test-hf.su
0.0.0.0	minerboy123-61906.portmap.host
0.0.0.0	nwamama.for-better.biz
0.0.0.0	oamentyga.duckdns.org
0.0.0.0	ozone69.duckdns.org
0.0.0.0	sawf55he3.serveblog.net
0.0.0.0	xtreecy.dyndns.tv
#------------------------------------------
# DCRat - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5e97e82135787bcda0b2c753

# Domains
changer-esp.ml
joxner.space
russianndfl.host
wishcommunity.online

# Hosts
0.0.0.0	a0429276.xsph.ru
0.0.0.0	a0456908.xsph.ru
0.0.0.0	cb28626.tmweb.ru
0.0.0.0	cj07450.tmweb.ru
0.0.0.0	cn23428.tmweb.ru
0.0.0.0	dexaje1n.beget.tech
0.0.0.0	f0427929.xsph.ru
0.0.0.0	h149254.s22.test-hf.su
0.0.0.0	litabip7.beget.tech
0.0.0.0	pus9ltut.beget.tech
0.0.0.0	s99998cv.beget.tech
0.0.0.0	sakatos8.beget.tech
0.0.0.0	sanybadr.beget.tech
0.0.0.0	sss.lyuk.fun
0.0.0.0	vessof.had.su
#------------------------------------------
# XpertRAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5cd9dc919e9288c12201b354

# Hosts
0.0.0.0 3113r.rapiddns.ru
0.0.0.0 bikeman.dynu.net
0.0.0.0 diala11.duckdns.org
0.0.0.0 edwardjamie.dynu.net
0.0.0.0 expertworldwithout.gleeze.com
0.0.0.0 korneev.sytes.net
0.0.0.0 londonchap.duckdns.org
0.0.0.0 manuel3.publicvm.com
0.0.0.0 obystar.duckdns.org
0.0.0.0 sandshoe.zapto.org
0.0.0.0 smartgames.duckdns.org
0.0.0.0 zxzxzxzxzx.duckdns.org
0.0.0.0 zytriew.duckdns.org
#------------------------------------------
# Revenge.RAT - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5e502cc73fabdb6ba44a8dd9

# Domains
manedina.top
mikonbiz.xyz
mondns.pro
tiberton.top

# Hosts
0.0.0.0	40999up.sytes.net
0.0.0.0	a24369093123.ddns.net
0.0.0.0	abba123456.ddns.net
0.0.0.0	amazigh15-61044.portmap.host
0.0.0.0	aslsalernoricette.serveirc.com
0.0.0.0	azliazmat.duckdns.org
0.0.0.0	besouro212.duckdns.org
0.0.0.0	bibilafrite.ddns.net
0.0.0.0	bo6y3.duckdns.org
0.0.0.0	botcsgo.duckdns.org
0.0.0.0	brainboxlolopopo.duckdns.org
0.0.0.0	brasilomnibees.duckdns.org
0.0.0.0	camera-ip.duckdns.org
0.0.0.0	checkininternet.duckdns.org
0.0.0.0	coelhinhohacker.ddns.net
0.0.0.0	comprovante.duckdns.org
0.0.0.0	cstrike16.zapto.org
0.0.0.0	d0rian2022.ddns.net
0.0.0.0	danielgomesb.duckdns.org
0.0.0.0	daqexploitfree.duckdns.org
0.0.0.0	denemeiso1.duckdns.org
0.0.0.0	diskcopy.duckdns.org
0.0.0.0	donzola.ddns.net
0.0.0.0	duckdnsrevengerat.duckdns.org
0.0.0.0	dylans.ddnsking.com
0.0.0.0	emiliaad12we12e21.ddns.net
0.0.0.0	exynosbro.freeddns.org
0.0.0.0	fa1con-44457.portmap.host
0.0.0.0	fahd2011.ddns.net
0.0.0.0	falcon-56657.portmap.host
0.0.0.0	ferdinolafre.duckdns.org
0.0.0.0	gamedevv-25510.portmap.host
0.0.0.0	gamerspro.duckdns.org
0.0.0.0	gamerusa.duckdns.org
0.0.0.0	gkqk00.ddns.net
0.0.0.0	hayas.hopto.org
0.0.0.0	helpdeskcamfrog.ddns.net
0.0.0.0	heykids.ooguy.com
0.0.0.0	heyklog.duckdns.org
0.0.0.0	host123-31907.portmap.io
0.0.0.0	hostdo171.ddns.net
0.0.0.0	hotkey.ddns.net
0.0.0.0	hpdndbnb.duckdns.org
0.0.0.0	hwkeyez-29492.portmap.host
0.0.0.0	iexplorer-sistem.duckdns.org
0.0.0.0	imaneblueyesvpn.ddns.net
0.0.0.0	imanevpn.ddns.net
0.0.0.0	isshaklebgdu57.hopto.org
0.0.0.0	itznejccc.ddns.net
0.0.0.0	javasn.publicvm.com
0.0.0.0	kamrankmikmi.ddns.net
0.0.0.0	karalarbaglar.duckdns.org
0.0.0.0	karmina113.sytes.net
0.0.0.0	karonoip.ddns.net
0.0.0.0	kimlergelmiskimler.duckdns.org
0.0.0.0	kral.mywire.org
0.0.0.0	krypticon9332.duckdns.org
0.0.0.0	lapoire2.hopto.org
0.0.0.0	lastar.kro.kr
0.0.0.0	levery.duckdns.org
0.0.0.0	ligasuckedmeoff.ddns.net
0.0.0.0	lloll123.hopto.org
0.0.0.0	lolrated69.ddns.net
0.0.0.0	lolyoufucked.myq-see.com
0.0.0.0	love143.duckdns.org
0.0.0.0	loveuo11222.ddns.net
0.0.0.0	maintop.ddns.net
0.0.0.0	maintop.duckdns.org
0.0.0.0	malena77.ddns.net
0.0.0.0	marzo42020.duckdns.org
0.0.0.0	masterlovecocacola.ddns.com.br
0.0.0.0	mika212.duckdns.org
0.0.0.0	mmnn.ddns.net
0.0.0.0	mod1998.ddns.net
0.0.0.0	mozilaupdata.duckdns.org
0.0.0.0	mzu.publicvm.com
0.0.0.0	nabz444.ddns.net
0.0.0.0	nargaroth.ddns.net
0.0.0.0	nhockgame1230.zapto.org
0.0.0.0	njuser.ddns.net
0.0.0.0	nono45.ddns.net
0.0.0.0	okbro2.zapto.org
0.0.0.0	owo-whats-this.duckdns.org
0.0.0.0	paragetirmebana.duckdns.org
0.0.0.0	paulav1.sytes.net
0.0.0.0	popup.duckdns.org
0.0.0.0	poto.publicvm.com
0.0.0.0	pullingaporter.duckdns.org
0.0.0.0	rathost.hopto.org
0.0.0.0	rattedlmao.ddns.net
0.0.0.0	rdp.dgsn.fr
0.0.0.0	recel.duckdns.org
0.0.0.0	redlocal.duckdns.org
0.0.0.0	rppr.mooo.com
0.0.0.0	seila2332.duckdns.org
0.0.0.0	sensual2020.ddns.net
0.0.0.0	shytangz12.ddns.net
0.0.0.0	simon123ac-50006.portmap.host
0.0.0.0	softmy.duckdns.org
0.0.0.0	softprodaction.duckdns.org
0.0.0.0	sosomelaine.ddns.net
0.0.0.0	steamguard1337.myddns.me
0.0.0.0	supertop.duckdns.org
0.0.0.0	system123.linkpc.net
0.0.0.0	systemroot-60883.portmap.io
0.0.0.0	tempestade167.duckdns.org
0.0.0.0	toloro.duckdns.org
0.0.0.0	toloros.duckdns.org
0.0.0.0	tresor2020.ddns.net
0.0.0.0	ubiquitouslv-34772.portmap.host
0.0.0.0	ubiquitouslv-46838.portmap.host
0.0.0.0	uniformxd.ddns.net
0.0.0.0	updata.sytes.net
0.0.0.0	update-service.linkpc.net
0.0.0.0	updatefacebook.ddns.net
0.0.0.0	updatesystem.ddns.net
0.0.0.0	virutport.servehttp.com
0.0.0.0	we404.ddns.net
0.0.0.0	winlogs.ddns.net
0.0.0.0	winuptade.zapto.org
0.0.0.0	zmzmgpgp.codns.com
#------------------------------------------
# Backdoor.Win32.Spy.Pavica.O.TVRat - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5cc698a9d89dba09930255f7

# Domains
biznes2020.club
biznestop2020.site
coinpot.city
cryptobubble.store
cryptojora.club
cryptomagican.xyz
cryptomagie.xyz
cryptomandarin.xyz
cryptopayeer.fun
dogespeed.org
freebitco.club
go-finish.com
hyipblogs.xyz
ico-information.com
jaster24h.biz
liskcrypto.top
litesfaucet.xyz
osgiokgweodspsdgdsiojgsgd.ru
payeermine.net
payermine.com
tviewer.ga

# Hosts
0.0.0.0	bothf.myjino.ru
0.0.0.0	my.coinpot.city
0.0.0.0	tb.instapoller.info
0.0.0.0	tb.payeermine.com
0.0.0.0	tg.payeermine.com
0.0.0.0	ts.payeermine.com
#------------------------------------------
# PCRat - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5cc1646845091a0e4c6497a0

# Domains
csrss.top
f1a4.org
fdhfhgxrj.xyz
happyeveryday.club
m360ad.info
often-123.cn
qjmusf.cn
siriyun.top
wsdz.xyz
xiaoyuqaz.xyz
xuan0.xyz
z-hacker-y.win

# Hosts
0.0.0.0	0721.f3322.net
0.0.0.0	3s.net579.com
0.0.0.0	6s.net579.com
0.0.0.0	53ca.meibu.net
0.0.0.0	123.asidc.xyz
0.0.0.0	360sdstain.f3322.org
0.0.0.0	666.myddns.me
0.0.0.0	999.myvnc.com
0.0.0.0	1122.haoqing.me
0.0.0.0	2313u080t2.imwork.net
0.0.0.0	2389a8h619.zicp.vip
0.0.0.0	8187.meibu.net
0.0.0.0	359238w5n5.qicp.vip
0.0.0.0	2530059vz4.zicp.vip
0.0.0.0	1578921471.3322.org
0.0.0.0	a736.f3322.org
0.0.0.0	a100890.e2.luyouxia.net
0.0.0.0	a.96b.in
0.0.0.0	a.ycwave.cn
0.0.0.0	abcou.3322.org
0.0.0.0	aqmm.in.3322.org
0.0.0.0	b345.ddns.net
0.0.0.0	bankai.f3322.net
0.0.0.0	beijing.aliyuncdn.tk
0.0.0.0	bmwi8.hopto.org
0.0.0.0	cflingdian.f3322.org
0.0.0.0	ckdsh888.3322.org
0.0.0.0	ctct6.3322.org
0.0.0.0	dageqq1200.in.3322.org
0.0.0.0	ddos.dnsnb8.net
0.0.0.0	djyx001.3322.org
0.0.0.0	dll.monerov10.com
0.0.0.0	dns.fq520000.org
0.0.0.0	dns.monerorx.org
0.0.0.0	dns.monerov8.com
0.0.0.0	dns.monerov10.com
0.0.0.0	dong.azwii.cn
0.0.0.0	dongfang.meibu.net
0.0.0.0	dydtka23223.codns.com
0.0.0.0	edns.duckdns.org
0.0.0.0	fengzi426.meibu.net
0.0.0.0	fuck.chakuzi.cc
0.0.0.0	gkufbossf2.3322.org
0.0.0.0	hackerjie.f3322.net
0.0.0.0	hanyajieca.3322.org
0.0.0.0	haohai.ddns.net
0.0.0.0	haohai.hopto.org
0.0.0.0	hknbr.3322.org
0.0.0.0	ip.yototoo.com
0.0.0.0	lemonsk.f3322.net
0.0.0.0	lfpk.vicp.net
0.0.0.0	likeyu11.3322.org
0.0.0.0	lisn11.f3322.net
0.0.0.0	m.azwii.cn
0.0.0.0	m.kuaishounew.com
0.0.0.0	mangwa55.f3322.net
0.0.0.0	mcbbln.f3322.net
0.0.0.0	opp.linux-logon.com
0.0.0.0	pc.8686dy.com
0.0.0.0	pingseng.f3322.net
0.0.0.0	q2018.linkpc.net
0.0.0.0	q38080945.f3322.net
0.0.0.0	q283492708.f3322.net
0.0.0.0	q1191091260.meibu.net
0.0.0.0	q2514141534.e2.luyouxia.net
0.0.0.0	qid867h.nat.ipyingshe.com
0.0.0.0	qq283492708.f3322.net
0.0.0.0	qq283492708.f3322.org
0.0.0.0	qq461677041.f3322.org
0.0.0.0	qq1160735592.f3322.net
0.0.0.0	qq2424665688.e1.luyouxia.net
0.0.0.0	qqqq374281.f3322.org
0.0.0.0	rainbow66.f3322.net
0.0.0.0	roujijino1.3322.org
0.0.0.0	sbkcbig.f3322.net
0.0.0.0	star.unkown.net
0.0.0.0	swpmyoex.ddns.net
0.0.0.0	teng6.3322.org
0.0.0.0	three.meibu.net
0.0.0.0	v9.monerov8.com
0.0.0.0	wanmidi.f3322.org
0.0.0.0	web6463.koxue.win
0.0.0.0	win.2020dd.net
0.0.0.0	wolf.3389.pw
0.0.0.0	woqunimabi578.f3322.net
0.0.0.0	wqndyd123123.e2.luyouxia.net
0.0.0.0	wrar.f3322.net
0.0.0.0	wto0.in.3322.org
0.0.0.0	wug.openbugbak.com
0.0.0.0	www.aa2973299.xyz
0.0.0.0	www.ak47.fun
0.0.0.0	www.dutewangluo.xyz
0.0.0.0	www.ez-cheats.com
0.0.0.0	www.hack365.win
0.0.0.0	www.ltshonline.cn
0.0.0.0	www.sousouweb.com
0.0.0.0	www.steamsupplort.cn
0.0.0.0	www.system007.xyz
0.0.0.0	www.tcbwftt.cn
0.0.0.0	x498990334.3322.org
0.0.0.0	x.xmr.ac
0.0.0.0	xc6.3322.org
0.0.0.0	xiaohai2013.f3322.org
0.0.0.0	xmr.wulifang.nl
0.0.0.0	xqk0as.f3322.net
0.0.0.0	xuxiaojian.noip.cn
0.0.0.0	yaoyao.f3322.net
0.0.0.0	ybl000000.meibu.net
0.0.0.0	yckz.qmyhl.cn
0.0.0.0	yhhwc520.meibu.net
0.0.0.0	yk.jshl8.com
0.0.0.0	yymc.7766.org
#------------------------------------------
# Hallaj.PRO.Rat - Malware Domain Feed V2
# Source: https://otx.alienvault.com/pulse/5cd9d82def072612a71c3177

# Hosts
0.0.0.0	chroms.linkpc.net
0.0.0.0	connector.onthewifi.com
0.0.0.0	edusoft.duckdns.org
0.0.0.0	fa1con-44457.portmap.host
0.0.0.0	falcon-56657.portmap.host
0.0.0.0	fisola6843-22584.portmap.io
0.0.0.0	microsoft-store.serveirc.com
0.0.0.0	microsofwin.sytes.net
0.0.0.0	sadosaykodz1.ddns.net
0.0.0.0	sanikoka.ddns.net
0.0.0.0	sexyboy30.ddns.net
0.0.0.0	titanicali.zapto.org
0.0.0.0	tvgjhegjhfgveht86.servecounterstrike.com
0.0.0.0	vivivi.myftp.org
#------------------------------------------
# Dynamic Rat Domains
# Source: https://otx.alienvault.com/pulse/5d833ac09cf2311ddbc28cf0

# Domains
1-extreme.biz
35solutions.be
accrowd.com
acousticallysound.com.au
adiscoveringnetwork.eu
adobeflasherup1.com
andpartanthat.com
antonioguteres.com
avcheck.net
ayakkokulari.com
bafalopus.com
bimaltobacco.com
bindown.com
biogger.tk
bluewales.ml
cahitkaraalp.com
camovethet.com
captaincolemanphilip.com
caten2das.com
chatwithnow.asia
climate-dv.ru
cus23ma.cn
cyber-sec.org
dharmaking.org
dm1electronics.com
dsaiuuuuuuu.info
dsfsdsf.com
duloperes.com
etsofevenghen.com
favoriteguild.com
game4all.biz
greenthorn-moi2.ml
gumousethat.com
henletlighny.ru
herkesehayat.com
hq-pharma.org
humanvoice.net
iframebiz.biz
iframeurl.biz
imadiary.com
iosappdevelopmentindia.com
islamictv.asia
keissy.ml
kladovka24.ru
lanky.ru
llogo2y.com
loadedrones.tk
lobaratta.com
loeka.co.uk
lojalstil.mk
lordgone.net
massaggiati.ch
matbin.com
mgimpax.com
minersoc.com
mycookingshow.lt
nardibalkan.com
onlinebankingaccountusmanphp.us
ouaswiqidghqawkers.xyz
pagga.net
pliykies8.net
pontiuspilate.info
pubertilodersx.com
quickbuild.net
readadrsswe.cf
readadrsswe.ga
reprathechim.com
retufator.com
sabt-shariati.com
sentrailmu.id
shahkara.com.tr
shokeydservers.tk
songmail.net
spiko2004.ru
stickmarch.net
store101.tk
svmarketingindia.com
t3rr0r.tk
testerfreedomain.com
tiengo.com.br
tinkedrepaning.com
toolbarbest.biz
toolbarbucks.biz
toolbarmoney.biz
toolbarnew.biz
toolbarsale.biz
toolbarurl.biz
topwebappdevelopmentcompanies.com
traffbucks.biz
traffnew1.biz
traffsale1.biz
twerayva.cf
uniq-soft.com
vman21.com
vman22.com
waybtc.ru
wbporn.com
westmichigancontractors.com
wholesomejoy.com
wifefool.net
wite.biz
xiaodaoj.club

# Hosts
0.0.0.0	1d1e2x4.duckdns.org
0.0.0.0	214356.ddns.net
0.0.0.0	a.nigga.fr
0.0.0.0	abdoaks-41628.portmap.io
0.0.0.0	adilcan.justfree.com
0.0.0.0	agsagasg-51850.portmap.host
0.0.0.0	ahmetkaya55.duckdns.org
0.0.0.0	aimware-43009.portmap.io
0.0.0.0	aliyah.ddns.net
0.0.0.0	andrug2005.ddns.net
0.0.0.0	artem4ikoff.ddns.net
0.0.0.0	asdfasdf96.ddns.net
0.0.0.0	azomoney.ddns.net
0.0.0.0	azula-39486.portmap.io
0.0.0.0	bado.sexyi.am
0.0.0.0	beavis547.ddns.net
0.0.0.0	benim.ddns.net
0.0.0.0	benkov.1x.biz
0.0.0.0	bhakops.duckdns.org
0.0.0.0	bio4kobs.geekgalaxy.com
0.0.0.0	bolinha2012.no-ip.org
0.0.0.0	booom.comeze.com
0.0.0.0	bossbaby.ddns.net
0.0.0.0	boubacs2.com.nu
0.0.0.0	bryarlab.no-ip.biz
0.0.0.0	bulkcoming.hostoi.com
0.0.0.0	citrix.vipreclod.com
0.0.0.0	clientts.ddns.net
0.0.0.0	codforfree.freeiz.com
0.0.0.0	complexdc.duckdns.org
0.0.0.0	console-wifi.ddns.net
0.0.0.0	corsai.duckdns.org
0.0.0.0	cyberpolicesalemi-48331.portmap.host
0.0.0.0	dahicothebest.ddns.net
0.0.0.0	dchost.ddns.net
0.0.0.0	ddns12345.ddns.net
0.0.0.0	degsort.ddns.net
0.0.0.0	dummy.jong.li
0.0.0.0	elumadns.eluma101.com
0.0.0.0	endhiran.justfree.com
0.0.0.0	engine79.ddns.net
0.0.0.0	engrssmovie.comze.com
0.0.0.0	enory.1x.biz
0.0.0.0	falanfilan1.duckdns.org
0.0.0.0	fanasko.duckdns.org
0.0.0.0	flatron192.fl.funpic.org
0.0.0.0	fundgrube.no-ip.org
0.0.0.0	g0dshot.duckdns.org
0.0.0.0	gem0t0gen9.ddns.net
0.0.0.0	ghostinhere.duckdns.org
0.0.0.0	ghostsly.duckdns.org
0.0.0.0	gladiatorx.net78.net
0.0.0.0	goerboelinder.myftp.biz
0.0.0.0	goodluck2019.duckdns.org
0.0.0.0	googlehost.ddns.net
0.0.0.0	h1h2.ddns.net
0.0.0.0	h4x0rs.justfree.com
0.0.0.0	hackedsteamacc.ddns.net
0.0.0.0	hightoping.duckdns.org
0.0.0.0	holaup.co.cc
0.0.0.0	hostin.hopto.org
0.0.0.0	igirigindu.herobo.com
0.0.0.0	imagine.here-for-more.info
0.0.0.0	indianajones.greyhatservices.com
0.0.0.0	informdworld.comeze.com
0.0.0.0	jizzy.net63.net
0.0.0.0	jonaljackson.site11.com
0.0.0.0	junky.comlu.com
0.0.0.0	k4b000.no-ip.org
0.0.0.0	kemorat21.duckdns.org
0.0.0.0	kissll.ddns.net
0.0.0.0	kizaru228.ddns.net
0.0.0.0	kkkzzz.f3322.net
0.0.0.0	kppd.comli.com
0.0.0.0	lahomenia.justfree.com
0.0.0.0	lastresort.justfree.com
0.0.0.0	link23sd.ddns.net
0.0.0.0	ll34567qwe.ddns.net
0.0.0.0	longlivebravestinc.comlu.com
0.0.0.0	luckyhacker.narod2.ru
0.0.0.0	luckyhacker.narod.ru
0.0.0.0	mafiosa.ddns.net
0.0.0.0	magano.justfree.com
0.0.0.0	man2010.no-ip.org
0.0.0.0	markusamca.duckdns.org
0.0.0.0	mighty9862.ddns.net
0.0.0.0	mlz.ddns.net
0.0.0.0	moneybag042.warzonedns.com
0.0.0.0	nax.comoj.com
0.0.0.0	ndloyer.webuda.com
0.0.0.0	newtestdomain.freeiz.com
0.0.0.0	nexonmesos.netai.net
0.0.0.0	nikolay.ddns.net
0.0.0.0	ntwted.duckdns.org
0.0.0.0	nwaigbo.square7.ch
0.0.0.0	obioma.comoj.com
0.0.0.0	oryano.site90.net
0.0.0.0	plasma.comuf.com
0.0.0.0	pluewredw.chickenkiller.com
0.0.0.0	pobarani.ddns.net
0.0.0.0	ragnardns.duckdns.org
0.0.0.0	randomhost.3utilities.com
0.0.0.0	rebeccasun.webatu.com
0.0.0.0	runfattyrun.azok.org
0.0.0.0	sametasikli.duckdns.org
0.0.0.0	sammynos1.duckdns.org
0.0.0.0	seeme.site50.net
0.0.0.0	semen4ik.ddns.net
0.0.0.0	shades.no-ip.org
0.0.0.0	shine.redirectme.net
0.0.0.0	smokie666.chickenkiller.com
0.0.0.0	ssraiki.goodluckwith.us
0.0.0.0	succes.ddns.net
0.0.0.0	superuser3574.ddns.net
0.0.0.0	testdene.duckdns.org
0.0.0.0	thanksenemy.justfree.com
0.0.0.0	theshe.justfree.com
0.0.0.0	tonynokiabot.netii.net
0.0.0.0	toronto.webatu.com
0.0.0.0	vadim2580.comuv.com
0.0.0.0	vghfffgg.ddns.net
0.0.0.0	vh122.timeweb.ru
0.0.0.0	waal085.no-ip.biz
0.0.0.0	wevertonhk.zapto.org
0.0.0.0	ww1.cyber-sec.org
0.0.0.0	www.1x.biz
0.0.0.0	www.boubacs.com.nu
0.0.0.0	www.com.nu
0.0.0.0	www.game4all.biz
0.0.0.0	www.nivniv.square7.ch
0.0.0.0	www.northpoleroute.com
0.0.0.0	www.notificacionessss.1x.net
0.0.0.0	www.okyanuspetshop.com
0.0.0.0	www.period.site11.com
0.0.0.0	www.polarroute.com
0.0.0.0	www.stripe.bg
0.0.0.0	www.supernetforme.com
0.0.0.0	www.superwebbysearch.com
0.0.0.0	www.uad.com.hk
0.0.0.0	www.uniq.com.tr
0.0.0.0	www.waviness.square7.ch
0.0.0.0	www.youssvf.1x.biz
0.0.0.0	yigit263162.duckdns.org
0.0.0.0	zamel.ddns.net
0.0.0.0	zulahack.ddns.net
0.0.0.0	zzak07.duckdns.org