# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-08-02-sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing.csv waddb.sr # Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2014-110720-2146-99&tabid=2 adamat.ddns.net supervisor.ntdll.net antony989.ddns.net # Reference: https://www.virustotal.com/gui/file/103315ba910445f657e3545e3b798d73ee89fe60674288d1909458d46187fee4/detection 3.17.202.129:15822 # Reference: https://www.virustotal.com/gui/file/9737c40636aa34ed6e166924c19b4e2223ea6f6b03823911274c437f8fea8fcf/detection Wirusw-44803.portmap.host # Reference: https://www.virustotal.com/gui/file/eccdb9b04cf79e386f19c112d14dd99d100af826557483788ceabd9fb2b7cc95/detection 193.161.193.99:29926 # Reference: https://www.virustotal.com/gui/file/adc705d49406b238e55202bfa3755421be7af82a8ac935a486d23e913c9a1a7c/detection 193.161.193.99:28020 # Reference: https://www.virustotal.com/gui/file/08c50a03b33577ff3381748e6c3c557b28eb80b65a166611eabd6fb7d4553d8f/detection 3.19.3.150:10331 # Reference: https://www.virustotal.com/gui/file/bb00dcbb7e68f9e3e7b63fef88c384cb981fd41c602935a66c50a0dcd7828f86/detection clientsslfrdon.duckdns.org # curl https://amtrckr.info/json/name/sandrorat | jq '.[]' | jq '.url' | tr -d '"' | cut -d ':' -f 1 | sort | uniq | grep -vE '^[0-9.]*$' | grep -vE '^[^.]*\.[^.]*$' 07726657423zaion.no-ip.biz 100009755836320.no-ip.biz 123456789123456789.myftp.biz 1337ace.ddns.net 1349874791.gnway.cc 1488.sytes.net 14lcolombo.ddns.net 159asd.duckdns.org 1fon1.ddns.net 1m4962f897.iok.la 22134520.ddns.net 2715729.vicp.net 45df36.dyndns.info 5107b712.all123.net 5701c196.123nat.com 6gh.noip.me 79649759.ddns.net 7daysky.in.3322.org 96750513.ddns.net 9949291099.hopto.org a1b2c3.hopto.org a302a85a.ngrok.io aaaaaaaaaabbbbb.hopto.org aasxzxdsc12324.no-ip.biz abarouter.ddns.net abbaass3132.hopto.org abbaass313.hopto.org abcccabccab.ddns.net abderrahmane16.hopto.org abdo099.ddns.net abdobacha05.ddns.net abdou16.hopto.org abdouoahmed.ddns.net abduls0821.myddns.me abedjaradat1177.no-ip.org abosaoys881.duia.us abusako.no-ip.biz achrafzouina.zapto.org ad15.hopto.org adlin.duckdns.org adobflash.hopto.org ahmdiand-wj3.ddns.net ahmed12345.hoptp.org ahmed2012.dynu.com ahmed90011912.ddns.net ahmedmidoegypt.hopto.org ahomdalhomd42.hopto.org ala6a.no-ip.biz alaa-1982.no-ip.biz alaajb.zapto.org alaauy.ddns.net alabama192837.no-ip.org alanbkey.no-ip.org alarr2012ab.myftp.biz albash2222.ddns.net aldnkoich11111111.no-ip.org alfazaai99.ddns.net ali2627.ddns.net ali7070.ddns.net aliboxboxbox.hopto.org aliyusef6.no-ip.biz alkingahmed555.ddns.net allforfree.game-host.org alzintani.ddns.net amarok58.no-ip.biz amelwafaw.ddns.net aminamadani16.hopto.org aminbatna31.ddns.net aminrahimzadeh.no-ip.org amiraliam.ddns.net ammaar938.ddns.net ampala.ddns.net amran-pc.no-ip.biz amrozamrozamroz.hopto.org amrsamy222.ddns.net amsdj.hopto.org amujeeb1990.ddns.net anawebs.ddns.net andr01d.zapto.org andrew999.ipnodns.ru andriod91.ddns.net androduck.duckdns.org android1.ddns.net androidalbums.ddns.net androidan.ddns.net androidfdl.ddns.net androidplay.ddns.net androidrat21.ddns.net androidsafe.ddns.net an.droidsuper.su androidtest0.ddns.net androidtool.ddns.net androjak.myftp.org andro.no-ip.biz androoid.ddns.net androrat22.ddns.net andver18.no-ip.biz anito.ddns.net anon008.ddns.net anondz97.ddns.net anonfox.no-ip.org anonymo9s.ddns.net anonymous666.zapto.org anonymousip.no-ip.org apkhamza.ddns.net applecenikosmos.hldns.ru appmarket.servehttp.com appsystem.ddns.net aqwkdo1.no-ip.biz ariaaalikazm.ddns.net arondograu.ddns.net asasasas22.ddns.net asdbh11.ddns.net asdqqq.bounceme.net askinder.hopto.org astro3.hopto.org a.tomx.xyz auc.dlinkddns.com audreysaradin.no-ip.org authd.ddns.net awir-fb.sytes.net axxz2017.ddns.net ayadd19.no-ip.org ayadd99.ddns.net ayham11.hopto.org azerboys.hopto.org azert123.ddns.net azerty.hopto.org aziza.sytes.net baby.webhop.me badguy.myq-see.com bahar2017.no-ip.org bambi.no-ip.biz banis.hopto.org bannding.ddns.net bapforall.ddns.net barbari.ddns.net bassamzeyad.ddns.net batterysaver.3utilities.com beijg.3322.org bitoandroid.no-ip.info bl4ckh0t.ddns.net bl4ckhatjoker.ddns.net black1990.ddns.net blackghostorg.ddns.net blind1234.ddns.net bopress.ddns.net bostanoo.ddns.net boubou271.ddns.net box100.ddns.net brasilteamop.ddns.net brave-hacker.no-ip.org brousse16.ddns.net bwaleez.hopto.org camper92.ddns.net carapuce-2015.no-ip.biz cardangi.no-ip.org cccamd.myftp.biz cerdofile.ddns.net chabar.ddns.net chacal00.hopto.org changyu231.ddns.net chanks.no-ip.biz chrisfo.no-ip.org city55.hopto.org cjbks0u0.no-ip.org clashdroid.no-ip.biz clayhost.hopto.org cnw.redirectme.net comsurogate.noip.me coxiamigo.myq-see.com craxyvirux.ddns.net cyberbit.ddns.net cyberbwarrior.ddns.net cybercrysis.ddns.net dadadadadaprivet.ddns.net dalibob12.ddns.net damndamn.ddns.net danielrats.ddns.net dantehack.zapto.org daroedkak.no-ip.biz darweshfis.no-ip.org datadownloader.ddns.net dddeee.ddns.net deep1234.ddns.net dellearm.ddns.net dendroid.hopto.org denishul.hldns.ru dexonic.duckdns.org diceedicee.ddns.net didi03.duckdns.org diener123.ddns.net dionis.ddns.net dj123.no-ip.org djack1.zapto.org dj.shop.tm dkms.ddns.net dodee97dodee.ddns.net dodotototata.publicvm.com domira.ddns.net draagon.ddns.net dragonhkr1.myftp.biz drhack.hopto.org driodrac.ddns.net droidcraftismelmao.ddns.net droid.deutsche-db-bank.ru droid.fagdns.com droid.freedynamicdns.org droidge.ddns.net droidhost.zapto.org droidjaack.zapto.org droidjack121.ddns.net droidjack1.sytes.net droidjack2137.hopto.org droidjack2333.ddns.net droidjack258.bounceme.net droidjack33.no-ip.biz droidjackdns.duckdns.org droidjack.hopto.org droidjackiam.ddnsking.com droidjackisgodly.ddns.net droidjackkk.sytes.net droidjackv5.ddns.net droidjock.myftp.biz droidmosa.ddns.net droidnigga.zapto.org droidrat.hopto.org droid.servehttp.com droid.serverhttp.com droidspy.zapto.org droidss.noip.me dro.soxx.us droy.zapto.org dsf.no-ip.org duckem.duckdns.org ducmanhhoangtran.ddns.net duke5010.duckdns.org dzhacker16.ddns.net e777kx47.ddns.net egytiger.myftp.org eldiablo.no-ip.biz elisou19.ddns.net emme.no-ip.biz engnngns.duckdns.org engrid.no-ip.biz equisde.ddns.net eslam87.hopto.org essalhi2047.hopto.org euquerotchu.ddns.net evilcasper.ddns.net explosif.zapto.org facbookserver.ddns.net facebooh.zapto.org facebook2ww290.ddns.net facrbook.redirectme.net fadisesubaih.ddns.net fairylow.no-ip.biz fakaelite.no-ip.org farzan.ddns.net fateh2017.ddns.net fati43030.no-ip.biz fazoro66.ddns.net ferzo1881.duckdns.org fifi147fifi.no-ip.biz firsthost.ddns.net flashplayerxx.no-ip.org foxfeline.no-ip.org free1.neiwangtong.com freeann.sytes.net freeeeeeeeee.no-ip.info freefuck.duckdns.org freepalestine.ddns.net fruby.zapto.org fsocfsoc.ddns.net fucks.ddns.net fuckyou.duckdns.org fukeyou12.myftp.biz futurasky.no-ip.biz gaabar.hopto.org galau.ddns.net gcafegood2.noip.me gcafegood.noip.me ggwasgeht.ddns.net ghghghghetrezw.no-ip.org gmailss11.hopto.org goggle.sytes.net gold5000.ddns.net goldeneagle1112.ddns.net gooboom.no-ip.biz good.myddns.me googlead.publicvm.com googles.servemp3.com googleweb.ddns.net gooogleplay.ddns.net gorr.hopto.org grandeamore.ddns.net greatkeyboard.hopto.org gta5hacking12.duckdns.org guru123.ddns.net gusui1.ddns.net haa7aah.no-ip.biz hac123k.hopto.org hack1111.noip.me hack155.vicp.net hackcam.zapto.org hackdeam.no-ip.info hacked2001.hopto.org hackedona.ddns.net hacker2.hopto.org hacker421.hopto.org hacker-81.no-ip.biz hackermoqtada.no-ip.biz hackertn123.no-ip.biz hackhack2016.no-ip.info hackhamer.zapto.org hackinroll.ddns.net hack-iraq.no-ip.info hacksd20.ddns.net hacksyria2.myftp.biz hadsurvey.ddns.net hahalol.ddns.net hahalol.no-ip.biz hajeeeee.hopto.org hakedpc0000.myftp.biz hakeerali2.ddns.net haker10.ddns.net haker-2119.ddns.net haker33sadekgafer.no-ip.biz hakosiken.duckdns.org hakunamatata007.ddns.net hala222.hopto.org halo12.duckdns.org hamadagentel.ddns.net hamidoranis.no-ip.biz hamidos1342.ddns.net hamo55.hopto.org hamza19991.hopto.org hamzaelcb.ddns.net hananox.ddns.net hardik.no-ip.info hardstyleraver.no-ip.org haroune12.myddns.me hasha.hopto.org hasn9999.ddns.net hassan100.ddns.net hassanabd1233.ddns.net havij.ddns.net hax.no-ip.info haxor.hopto.org haxorjib.no-ip.org hazem123.no-ip.biz hazhar77.no-ip.biz hdkhanh123.no-ip.org hedr78.ddns.net heemoana.hopto.org hegazy5753.ddns.net hehe.duckdns.org heikechenmo.3322.org heilbronn.duckdns.org hell2066.zapto.org hero400.ddns.net heroeschargehacked.ddns.net hhamokcha.ddns.net hhhhhfhf.ddns.net hmt1985.ddns.net hobi.3utilities.com hoho121292.ddns.net hoho39.ddnc.net hohoangpmy.ddns.net hooman8219.servecounterstrike.com horcheni123.ddns.net hoseenoori2277kh.ddns.net hossar.ddns.net hosteng123.hopto.org hosthack25.ddns.net houaribey4.ddns.net houaribey4.no-ip.org housam.linkpc.net houssmes.zapto.org howie96.jios.org hpwdza47o8huc1xj.myfritz.net hqn.ddns.net htmp.sytes.net httpdssh.ddns.net huhuhuya.ddns.net huntergold.no-ip.biz hussein1889.no-ip.biz husseinali5698.ddns.net husshacka.hopto.org i1993.ddns.net imad2001bo.hopto.org indusv00.duckdns.org info.bounceme.net injectman.no-ip.info inteljet.ddns.net intelresol.ddns.net ipv445.hopto.org iqram85spy.ddns.net iraqn6777.ddns.net islam2020libya.no-ip.biz islamway.no-ip.info ivon9393.no-ip.org jackdroid1337.ddns.net jackdroid.systes.net jalal123.hopto.org jalldomain.ddns.net jas7ser.hopto.org jassair.hopto.org jastn.ddns.net jirawat01.ddns.net jkgytgasjg12.serveftp.com jockerhackerxnxx.ddns.net jojomo.ddns.net jokerbabel.no-ip.biz jomo.zapto.org josewaldo.ddns.net juliocoelhodesa.hopto.org jun.dynu.com k0k0wawa.hopto.org kaddress.ddns.net kaedalsh.ddns.net kaizen00.ddns.net kakashi.ddns.net kalinus.ddns.net kamlabhai123.no-ip.biz kararkarar0780.ddns.net karasqlee9.no-ip.org karrarhuseein82.ddns.net kaskw.myftp.biz kasper.ddns.net keskes02122002.ddns.net kevte26.zapto.org khaleel0.zapto.org khalid-2016.noip.me khantac.ddns.net kheridla.hopto.org kilasx.ddns.net kingdom.no-ip.biz kinggg.ddns.net kjgjgkhffh.sytes.net kka163.ddns.net kkarox90.no-ip.org kmessi.myddns.me komplevit-rat.ddns.net korelev.no-ip.org korg600.no-ip.biz krem111.ddns.net krlol.ddns.net ksbozo.ddns.net kskdt.ddns.net kurd-kar.ddns.net lahyarhmo.hopto.org lamorash.ddns.net laze22.hopto.org learnxea.duckdns.org led5526.ddns.net likerrdd.myftp.biz liquidixen.ddns.net lizdlezozifpo.ddns.net local1232.ddns.net lolman.ddns.net lordxxx.myq-see.com love2014.ddns.net lputyr.myq-see.com luxuriaecu.ddns.net madblack0.sytes.net madov-matrix25.no-ip.org magemankoktelam.ddns.net mahamadmahmod.ddns.net mahasiswa.no-ip.biz mahdi1379.ddns.net mahdi3141.ddns.net mahdibaba123.ddns.net majed111111.myq-see.com majod98m.ddns.net makarand.no-ip.org malakatef09.ddns.net mamal9921.ddns.net mami5255.duckdns.org mar020one.hopto.org mariorossi2013.homepc.it marknetz.hopto.org marocmaroc.hopto.org maskaralama.ddns.net masterat.myftp.org matrix-teste.ddns.net mazenttr2.hopto.org me512.zapto.org medo7911.ddns.net medoahmed3.ddns.net medx321.ddns.net mee2008.zapto.org megalol.chickenkiller.com mehost.ddns.net memeaimen10.hopto.org memexmama.ddns.net mezoo32.no-ip.biz mhoammedtty.hopto.org mht3.ddns.net micro-soft.no-ip.biz microsoft-office.ddns.net mido28.hopto.org migo2018.zapto.org miioolinase.ddns.net minou555.hopto.org misterx94.ddns.net mixtape2016.ddns.net mobdro.hopto.org mobiles0ft.no-ip.org moep004.no-ip.org mogahed.ddns.net mohamed46565656.no-ip.biz mohamed4dz.ddns.net mohamedamine.ddns.net mohamedhg.no-ip.org mohamednjrat111.no-ip.biz mohammed22468.no-ip.biz mohammed93mahdi.ddns.net mohfort.ddns.net mohmad.myftp.biz mohmdnor.ddns.net mohsanali79355.ddns.net moji1936.ddns.net mokhter222029.ddns.net moktarpicaasrinabil.zapto.org momen-swesi.no-ip.biz momo2015.duckdns.org mon009.no-ip.biz monitoring007.zapto.org moonmar10.no-ip.biz moslim.ddns.net mostafaafroto0.ddns.net motoshi.zapto.org moussa-hak.no-ip.biz mphp.hopto.org mpt1969.ddns.net mrgnet.ddns.net mrreda98.ddns.net msn-web.ddnsking.com mstar.ddns.net mstfa10.ddns.net muxamilu.hopto.org myaw.no-ip.biz myfreerat.ddns.net myfrenid2x.zapto.org myillusion02.hopto.org mypy23.ddns.net mzgerges.no-ip.biz nademhack.no-ip.org nadineemma.servegame.com namandroidk63.zapto.org napaixonado.ddns.net nassahsliman.ddns.net nemesis2017.zapto.org netflix-ip.hopto.org new777.ddns.net newword.serveblog.net ninabounita.ddns.net ninjabird29.myvnc.com nirajpawar1997.ddns.net njesra.ddns.net nododg.ddns.net nohacker.ddns.net noiphackk.ddns.net noipjajaja.ddns.net noussa.no-ip.biz nowgirlas.ddns.net noxrr.ddns.net oday1995.zapto.org oko.gotdns.ch omar.no-ip.biz oneriakosa.ddns.net orihacker.ddns.net osamarizk.ddns.net osammer0asmam3a.ddns.net osmsalem.ddns.net ospr.publicvm.com oussama1997.ddns.net oussamadj1997.ddns.net ovirus.ddns.net owsen.ddns.net paaradowx.hopto.org papasystem.no-ip.org parrot01.hopto.org pars.ddns.net petermohsenvi2.hopto.org pfijsp.noip.me phantom94.ddns.net photofix.hopto.org pianotiles2.ddns.net pimpdaddy.myq-see.com pippo86.no-ip.biz playstore.ddns.net portmeim.ddns.net premium007.zapto.org priyakumari.ddns.net profmilf.zapto.org prohacker.freedynamicdns.org projectp.ddns.net proview.ddns.net puplicdsl.ddns.net qq376552030.ddns.net r90.no-ip.biz radouan123.hopto.org raliphesus.ddns.net rameezmaster.ddns.net randsnaira.dnsdynamic.com rat.capsulelab.us RATForAndroid.ddns.net rds11.ddns.net reddemon.ddns.net refsa.duckdns.org reich666.ddns.net reich777.ddns.net remoteip999.ddns.net rinalditeam.ddns.net rmk133.hopto.org rmx2121.ddns.net rockrock.ddns.net rok13198666.no-ip.biz ron1372.ddns.net royalhacker.zapto.org rpshowpick.ddns.net rpswlrkgkarp.p-e.kr rzra51126.ddns.net sadaq.ddns.net saighinissou.ddns.net sajjad1994.ddns.net sajjadnassar3.no-ip.biz salah067.hopto.org salemaziz.hopto.org samdzbba.ddns.net samira.no-ip.biz sammuiyer.ddns.net samoomalik.no-ip.biz samsung.apps.linkpc.net samuseucu.ddns.net sandhusim001.ddns.net sara17911.no-ip.org sara19918.ddns.net sarahwygan.no-ip.biz saraia.ddns.net sarasisi.no-ip.org sasi546454.hopto.org satahezub.no-ip.info sava33.ddns.net sazan765.ddns.net scropion20078.no-ip.biz secureline2244.ddns.net securitytests.ddns.net sersaisa.ddns.net server4update.serveftp.com service.zosys.net servr.hopto.org seven1.ddns.net seyf2017.linkpc.net shabbushah.duckdns.org shahidsajan.no-ip.biz shanks.no-ip.biz sharawy74.hopto.org sharmayash.no-ip.biz sheamusking34.no-ip.biz shoo2018.no-ip.org shop10.ddns.net showj.f3322.net silenthunter3021.no-ip.org skinchanger.hopto.org skituljko.mooo.com skylex123.hopto.org slayslay.duckdns.org s.leas.im smiix2012.ddns.net smk22.jkt.net snaider.hopto.org sniper-f.ddns.net sniperviruse3.hopto.org sniperyakub.ddns.net snopi.no-ip.biz socialplus.ddns.net sofemm.no-ip.biz somenormalguy.duckdns.org sondres1.ddns.net sonkar412.duckdns.org sorry.duckdns.org sosg77.ddns.net soso.noip.us spicymemes.duckdns.org spiel007.ddns.org spofy.ddns.net spynote-web.dynu.com ssjf.myftp.biz ssxdswe.no-ip.org standby1537.duckdns.org storing.hopto.org strateg.ddns.net stux0net.no-ip.org superlegitratvirus.ddns.net sweetman2020.no-ip.biz taha100iq.hopto.org taherhacker.hopto.org tak.no-ip.info taras1928.ddns.net targi01.hopto.org tatacall.servebeer.com tataline.hopto.org teda11.zapto.org tedy1993.ddns.net teolandia.no-ip.biz test145.ddns.net test29.ddns.net testandro.ddns.net testapkk.hopto.org testkps.ddns.net test.no-ip.org test.pagez.kr testsr.ddns.net testsss.ddns.net testtwo2.ddns.net testxy.ddns.net th3expert.3utilities.com thaer.no-ip.biz theblack16.ddns.net thedroidjack.ddns.net thegangsterrap.noip.me thegod2.ddns.net themayhen23.no-ip.org tnaxin.msns.cn tobytori18.myftp.org tomyyk.ddns.net tonyjony.ddns.net topmax.myq-see.com toyman6699.no-ip.info trythelast.no-ip.org ttn10.no-ip.org tunisvista.3utilities.com udown.ddns.net ufologlyly.ddns.net umar14344.ddns.net unknownuser.no-ip.biz updater.myftp.org updatesystem.dynu.com usa2222.ddns.net usa.myftp.biz userframer.sytes.net usernamegopro1.ddns.net usmh.myq-see.com vajausing.dynu.com vb.blogsyte.com vego.ddns.net vetalamator1.ddns.net viagra.jumpingcrab.com victim.no-ip.org vigo.hopto.org villevalo.chickenkiller.com voda.no-ip.org vwelxv.ddns.net w0rm32.ddns.net warl10ck.ddns.net warrirrs.no-ip.org wasawalid.hopto.org wassam100.ddns.net wasxmrtdub.ddns.net watzeb.ddns.net wcvwcv.picp.net webhack2017.ddns.net weedforlifehacker.ddns.net welcomeheretomept.ddns.net wildu.ddns.net win32.ddns.net windows12345.ddns.net windows7trojan.ddns.net winlogen.duckdns.org winserver.dlinkddns.com woaisue.3322.org wogusnb.no-ip.info wombocombo.mooo.com wtfwtf.duckdns.org www.177mu.cn www.darkteam.xyz wxf2009817.f3322.net x300x300xx.no-ip.org x64-windows.ddns.net xa1newold.hopto.org xatar12.ddns.net xilto.duckdns.org xingyuekeji.f3322.net xmohcine.ddns.net xnxx123.publicvm.com xomro.no-ip.biz xos1982.ddns.net xtiger007.ddns.net xzoro2016.no-ip.info yamsohe.ddns.net yangweb.f3322.net yassinescaleo.ddns.net yelp01.f3322.org yorkiepet.ddns.net yossf2014.no-ip.biz younix.ddns.net yousefehab11.ddns.net youseffathii.ddns.net youssef-1234.hopto.org yuosaf1993.ddns.net yurimacedo1.ddns.net za3blawy.ddns.net zaboza2020.ddns.net zaheerkhan786.ddns.net zakifr.no-ip.biz zakoo1.zapto.org zaliminxx.duckdns.org zecovpnhasan1123.ddns.net zennone.ddns.net zero228.ddns.net zoheirdroidjack.zapto.org zokor-zokor.ddns.net zouhr9.hopto.org zxczxczxc.ddns.net # Reference: https://www.virustotal.com/gui/file/95e7b09d830e8c1aecac2c8a259c1abea7453ef8a1a0d6d2ba9c8804015ed0da/detection 85.140.0.174:1603 # Reference: https://www.virustotal.com/gui/file/b89766cad7a7e511c208f30e0fa3c742522d8b07a583eff6421ad420eb68e0bb/detection 88.226.132.54:1337 hackdery1.ddns.net # Reference: https://www.virustotal.com/gui/file/333a463c3814e2c4fbae6a28a29bb3082e6d0baba61f50476d68e92d610b4248/detection 141.255.151.138:5525 141.255.151.68:5525 taldonelso.freedynamicdns.org # Reference: https://twitter.com/ReBensk/status/1275308008436895744 3.128.118.197:5555 # Reference: https://www.virustotal.com/gui/file/f3fe3e9c05adf8c5e0e5cdf131cfcab7970ba235c3320c8573f4906a089b4f10/detection 156.222.129.163:1337 aaaaaaa7.myftp.biz # Reference: https://www.virustotal.com/gui/file/0d161132eb515ce526fb1b5a88dc5025ecf623d788ce37ecc939472c6ca2a1a3/detection ahmed8877.no-ip.org # Reference: https://www.virustotal.com/gui/file/b05570ed941da5ceeb87bcef18240090540b2c50f461f5792249f90ba99c4085/detection 141.255.147.11:1962 41.105.12.27:1962 # Reference: https://www.virustotal.com/gui/file/8d442b52d30987dd8582827ad3cdad097fa41ac9d80e1325ba941afc2294d298/detection 191.242.7.95:1177 systemdownload.duckdns.org # Reference: https://www.virustotal.com/gui/file/a066e119305ae49ba55272c40a0a6c5898558b4ca354e89509835f0a6cbb5fb3/detection # Reference: https://www.virustotal.com/gui/file/240e74ad9f01ac7978120aecba149f973ce1c12ce835261432cda6fdd9bb81f8/detection 18.223.118.231:1337 # Reference: https://twitter.com/malwrhunterteam/status/1341463230091292672 # Reference: https://twitter.com/bl4ckh0l3z/status/1343270412319416327 # Reference: https://www.virustotal.com/gui/file/e262591852031e710b6842ecce3a097029016b2356747ce0ce668c0defb6f65b/detection 193.169.253.555:2344 # Reference: https://www.virustotal.com/gui/file/83091aeadf6f224014601c72b3f8b4ab7140ee0155db9d30486d5843513d7e61/detection deadaliens.us # Reference: https://www.virustotal.com/gui/file/35b906a9614c5f53664cfa1439d77219514aeaa749a8f63ced15a95c57470319/detection 58.225.118.141:1337 linux.0pe.kr # Reference: https://www.virustotal.com/gui/file/66dc9f201d49595e39bc9f8b6045df20026139305f9a046fec23cf7aecb99da4/detection 222.186.170.37:31786 # Reference: https://www.virustotal.com/gui/file/21a93e17e3cdb41eae03421198a691ac6a352779ff8bf639de61808f7cc3899b/detection 222.186.170.37:27127 # Reference: https://www.virustotal.com/gui/file/eb878014f0478d16acf99a4dc62da06b87c47c3e23fbcced24ab626839045933/detection lahe66.u1.luyouxia.net # Reference: https://www.virustotal.com/gui/file/55a13c87fbc2c810c74ed1f18032f3788b0e938d52a9944dac7f6d28e8540e58/detection 34.199.8.144:5000 thelegend300.ddns.net # Reference: https://www.virustotal.com/gui/file/972aa5077dc900fbc4e18838d5219604c02c5375b6a16e462a7bd6dfe08a0391/detection helloking143.ddns.net # Reference: https://www.virustotal.com/gui/file/b6bcd497840f03fd78744a21b264c334e28263f357c9595032a7321fd5578d40/detection 34.199.8.144:1337 davidvxc.ddns.net # Reference: https://www.virustotal.com/gui/file/933d11b8e1f4516129cc48bfbcaddc3da3b0a361c0db085acca7b81597e0fc56/detection 91.195.240.87:8088 zzz555.tl-ip.com # Reference: https://www.virustotal.com/gui/file/94c2f38a04f75ce4a853f6b4948b825db7bf70ce9837603a45e56d1215c4236c/detection # Reference: https://www.virustotal.com/gui/file/ebf483aa8725c0e8e564bf6b6cff35471b5483a6930d94ebccbb5f1d946dea74/detection 102.185.44.254:1337 uranuim.ddns.net uuranuim.freedynamicdns.org # Reference: https://www.virustotal.com/gui/file/a38fc9662a6478c04a20f41681d27945a92a65fe17c8ea5b1114764198b34e0f/detection 107.151.148.174:12345 # Reference: https://www.virustotal.com/gui/file/800a7b34e873260d804bd9914ef9e140a7703138b2db6ace7e08e9c373d17a0d/detection # Reference: https://www.virustotal.com/gui/file/d33f210df432ff3b6bd78d41ea779863c17576eb0af27051149c1c905686e137/detection wininit.myq-see.com # Reference: https://www.virustotal.com/gui/file/31cd68dcb959d5fbd5b870318cff7e01992a80b7203f8d90f4a1a81e78d836b4/detection 41.208.110.46:666 svu.myq-see.com # Reference: https://www.virustotal.com/gui/file/504934b07df8af5b0b7d715ee8c5bdc7ea55a5e3353da19d2d10978a15500e87/detection 41.96.96.109:1337 kiyoma.myq-see.com # Reference: https://www.virustotal.com/gui/file/6cf00b39fc5ea76da3f1b0e807c12b72d1863ce7fbfcb7b74aa70ce7a9d9574d/detection 37.237.193.6:1337 44332211223344.no-ip.biz # Reference: https://www.virustotal.com/gui/file/a27f8d6d8aac78c13865220697ab55b02ba15b6f0358aa44a857aa26103c3741/detection 197.50.120.104:1177 winfix.ddns.net # Reference: https://www.virustotal.com/gui/file/aed1041670a065cd6dfd08bcf3bb6cc2f22ace22c511b10038da6c4ca239d2ed/detection 102.164.96.57:4444 # Reference: https://www.virustotal.com/gui/file/2a4cb706cc89df6022e7232c9e8663f87368fc3d193a3cb4356b2627d427ab1a/detection # Reference: https://www.virustotal.com/gui/file/65133372681cff5ef48b413d51124d9ea88ab97b6ec73a116c358e75bec5bd8c/detection felof59.ddns.net # Reference: https://www.virustotal.com/gui/file/1b05cb601517122fc3849aefe11e310e67c6184e51287b6b3d11c73265a4b227/detection hackbriton.no-ip.biz # Reference: https://www.virustotal.com/gui/file/4bd0c0b8e45fab56055faa2cfbd7399b72780ccd6638a8d378003717bbc00fc3/detection ehabgm.no-ip.biz # Reference: https://www.virustotal.com/gui/file/42e551141d30a7c8a276d0428dcd26d99c470a7a4af119d969ea963303908564/detection azizjelloun.no-ip.biz # Reference: https://twitter.com/0xrb/status/1491665998382247938 # Reference: https://www.virustotal.com/gui/file/d5484ddde1ea4aefcbf40f9845f911b059818ec0bb57d0d48922ed25d161e0ea/detection 78.138.107.166:12862 # Reference: https://www.virustotal.com/gui/file/459b8b7aa5d2e46b1eab687fe7190d2a82a0d5dc1d13444dcecec069be63b4fb/detection 141.255.144.158:1177 bondedo17122k.duckdns.org # Reference: https://www.virustotal.com/gui/file/e943ef27c9e09f2c8bbd932cde9ccdd8073c4f7afbb84c717232ab5ab2caf85e/detection # Reference: https://www.virustotal.com/gui/file/c41ba7d5489ac16aabd02382a5f29e6f5543975e05d5ba65bce4a1240aae6efc/detection # Reference: https://www.virustotal.com/gui/file/c13ba77d144b3bb3288a829aa764dc465962c7b8babb12ed8c9e8b7877592e7a/detection 00001111.ddns.net # Reference: https://www.virustotal.com/gui/file/1297d2b83fc63d2bd16e99bca0e2a122fe9c231d01ba1c5a2f3c7675fc18e800/detection 8.23.224.107:4444 # Reference: https://www.virustotal.com/gui/file/05e1919fecada3bef0eacf690ba6365666a792470c8769a7d05d00629b905d40/detection # Reference: https://www.virustotal.com/gui/file/1ab9bc957a4ced0db28fcff17629fc588244c22d46c310bfd5853d3e63cb7b89/detection 141.255.144.128:4444 marktwin.ddns.net # Reference: https://www.virustotal.com/gui/file/969175165f12c292c3fe3ee212c9c71bcdd0928cad5867d6d2a797fe033379b5/detection 141.255.144.79:1334 141.255.144.79:5553 5.8.244.188:5553 5.8.244.188:5553 hassanabdulla.ddnsking.com # Reference: https://www.virustotal.com/gui/file/ac42efbdddc0d6f3fce56efae53928fac8a112b957ebc5232710532a3a268e8d/detection 51.68.152.226:1723