# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: DarkComet, DarkKomet # Reference: https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor:Win32/Fynloski.A slimx.comule.com slimmy.noip.me # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Fynlosk-AC/detailed-analysis.aspx malka-reklama.com # Reference: https://www.virustotal.com/en/file/88b322f35736cb13ecaba8539366da9282321945f37deded86aab3a6d3418d95/analysis/ # Reference: https://malwr.com/analysis/ZTFkNTkyOTIyYWY5NGQxNDg3OThhOThmMDY5NGM0OWQ/ # Reference: https://malwr.com/analysis/NTliNzQ4MmUwODVlNGMxNWJiZmExMDViYTJjNzRkNmM/ nobodywithyou.quicksytes.com unfaithfull.mine.nu nobodylikeyou.broke-it.net unfaithfull.golffan.us noremotenj.dnsfor.me # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Darkkomet-6680876-0) val.myftp.org # Reference: https://citizenlab.ca/2016/08/group5-syria/ alienfiend.3utilities.com alirezaz74.no-ip.info amiir.ddns.net ashiyane.ddns.net # Reference: https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation/ a.ddns.me r.ddns.me # Reference: https://twitter.com/Racco42/status/1046878564359000064 elumadns.eluma101.com # Reference: https://twitter.com/ScumBots/status/1048377827765223430 control-pc.ddns.net # Reference: https://twitter.com/fumik0_/status/1050643239273779200 fanddes.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1108304088477900801 malconwire.ddns.net mstanley.ufcfan.org winningstar.ddns.net # Reference: https://twitter.com/JAMESWT_MHT/status/1118088254224515072 # Reference: https://app.any.run/tasks/99fa923c-c2dd-4915-83d5-9ce6c00263ed # Reference: https://www.virustotal.com/gui/file/9a35d2cb233f438f07289232971a82c0b70ada771a4769194686c83414abfed6/detection egusi.duckdns.org 197.210.47.22:1007 # Reference: https://twitter.com/James_inthe_box/status/1029772632638382080 51.254.93.85:22475 # Reference: https://twitter.com/MalwareConfig/status/1110622163579609089 jorqoad.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1109895184962281472 cystau.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1093695806681595904 cometdb.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1070995860169900033 anees123.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1066549338007064581 zedofrus.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/1050203774235619329 findmeifyoucan.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1040695642690076672 # Reference: https://malwareconfig.com/config/b6d5270e6708908ff56aa91b1819be27/ 194.44.227.222:1604 # Reference: https://twitter.com/MalwareConfig/status/1036255817845153792 allachaib54.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1036008342295064576 kurusuntirki.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/1024410533049643008 tifil.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/1024275294688030721 idkh.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/1023488007721181185 kctgame.hopto.org # Reference: https://twitter.com/MalwareConfig/status/1021734919297552385 beratrat.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/1021660959155388418 # Reference: https://malwareconfig.com/config/349a4cbe64bbecf8a43ca004ba48ea41/ 172.116.36.28:1604 # Reference: https://twitter.com/MalwareConfig/status/1021047304143466497 ratlikecomet.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1016305113152008192 alone.sytes.net # Reference: https://twitter.com/MalwareConfig/status/1015594560356003843 # Reference: https://malwareconfig.com/config/706eeefbac3de4d58b27d964173999c3/ 178.32.64.21:81 # Reference: https://twitter.com/MalwareConfig/status/1000913617460580352 # Reference: https://malwareconfig.com/config/c65c3c8c4035481a6833394476c82ff1/ 176.114.132.28:1605 # Reference: https://twitter.com/MalwareConfig/status/993336313163276288 # Reference: https://malwareconfig.com/config/41c60a7201487465e7e06921b20c3ec8/ 5.68.159.105:1337 # Reference: https://twitter.com/MalwareConfig/status/992510560636997639 # Reference: https://malwareconfig.com/config/d953a90802ca685f564ee9a4562f8304/ 81.177.118.99:1604 # Reference: https://twitter.com/MalwareConfig/status/988144017291476993 1kd2sd8hj59et7.ddns.net # Reference: https://twitter.com/MalwareConfig/status/985184013752197120 bitcometer.ddns.net # Reference: https://twitter.com/MalwareConfig/status/982174275128909824 # Reference: https://malwareconfig.com/config/f58e5c0213c3d16c0735d5a53ff2b2ce/ 88.135.201.49:1604 # Reference: https://twitter.com/MalwareConfig/status/980798013642862593 # Reference: https://malwareconfig.com/config/ad20b1d4c948a33f0ffbfdc2aaf5275a/ 46.133.93.140:1604 # Reference: https://twitter.com/MalwareConfig/status/978382269709799425 melsamt2.sytes.net # Reference: https://twitter.com/MalwareConfig/status/967183823904571393 # Reference: https://malwareconfig.com/config/dac38cf99b17d169152e53c1909896ca/ 31.29.110.138:1604 # Reference: https://twitter.com/MalwareConfig/status/964901768357347330 malware_darkcomet.no-ip.com # Reference: https://twitter.com/MalwareConfig/status/958360238100541440 ndudim.hopto.org # Reference: https://twitter.com/MalwareConfig/status/956435746155528192 # Reference: https://malwareconfig.com/config/d0827f339213526025e5d25806eb1bf9/ 84.83.77.156:1605 # Reference: https://twitter.com/MalwareConfig/status/956352184676945920 # Reference: https://malwareconfig.com/config/94a3ba517774ec75c2928879087f64ef/ 54.38.22.64:2808 # Reference: https://twitter.com/MalwareConfig/status/956085348664270848 ykrop.hopto.org # Reference: https://twitter.com/MalwareConfig/status/953463824681717760 anh.zapto.org # Reference: https://twitter.com/MalwareConfig/status/951441936099012611 # Reference: https://malwareconfig.com/config/742a341678f66bc969401a6afccd1a7e/ 37.195.251.26:1604 # Reference: https://twitter.com/MalwareConfig/status/951196978117038080 1xdemre.sytes.net # Reference: https://twitter.com/MalwareConfig/status/950352270692179968 mobie.ddns.net # Reference: https://twitter.com/MalwareConfig/status/946043994164940800 suicrat.ddns.net # Reference: https://twitter.com/MalwareConfig/status/937772819055816704 irat4ever.ddns.net # Reference: https://twitter.com/MalwareConfig/status/932320480694030336 perdrix21.hopto.org # Reference: https://twitter.com/MalwareConfig/status/928402828158267395 itsbrad.ddns.net # Reference: https://twitter.com/MalwareConfig/status/927721815413329920 evgeniy1983.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/925781063170961415 topbasbatu000.ddns.net # Reference: https://twitter.com/MalwareConfig/status/922866417594232832 guanyu2017.hopto.org # Reference: https://twitter.com/MalwareConfig/status/921413570440695808 # Reference: https://malwareconfig.com/config/cf86e1fe687c4c3dd7f1c2fc5c662f2d/ 185.61.149.134:1148 # Reference: https://twitter.com/MalwareConfig/status/919255144545562625 # Reference: https://malwareconfig.com/config/c19af36a86eca599c5a24ef3582255cb/ 109.94.66.144:1604 # Reference: https://twitter.com/MalwareConfig/status/912167055285264384 # Reference: https://malwareconfig.com/config/7257431744eb3247e7bf6f58a8eb2691/ 178.158.128.49:1604 # Reference: https://twitter.com/MalwareConfig/status/910913066316988416 lossehelin.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/910912902118420480 qwerty123456.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/910911784063729664 watsapp.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/906945447423508480 faruk01.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/906276838221205504 convict.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/905548741087809536 hamo55.hopto.org # Reference: https://twitter.com/MalwareConfig/status/904080750647095301 mrwhite8391.ddns.net # Reference: https://twitter.com/MalwareConfig/status/903754437151293440 # Reference: https://malwareconfig.com/config/10a1dbde59ddeb9bc757974c5cffe372/ 85.104.8.203:4554 # Reference: https://twitter.com/MalwareConfig/status/903144131630911488 # Reference: https://malwareconfig.com/config/0401f5024825df5f58fd63cd2568fc2b/ 37.193.25.56:1604 # Reference: https://twitter.com/MalwareConfig/status/900228130908102656 emir695.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/900217070968872961 286128.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/900057371027918848 owelemre2.sytes.net # Reference: https://twitter.com/MalwareConfig/status/899777027351474177 memelek.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/899708530349010945 cevadergn.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/899704791420588033 ambuk.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/898699148358291456 ehenderson1996.zapto.org # Reference: https://twitter.com/MalwareConfig/status/898451580386541568 # Reference: https://malwareconfig.com/config/a61b1388bd22975c6558a3cbe5286f8c/ 61.34.250.106:1604 # Reference: https://twitter.com/MalwareConfig/status/898356313406791680 rodrigonj99.ddns.net # Reference: https://twitter.com/MalwareConfig/status/898316265323864064 kingeyes.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/898312613301497857 mekan077.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/898300001096544256 aliasbond.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/898254456587829248 loafer00.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/898247023060701185 thewalkers.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/897472908498481152 ehenderson32.zapto.org # Reference: https://twitter.com/MalwareConfig/status/894159512730578944 bentester.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/893438443224784897 fannii.ddns.net # Reference: https://twitter.com/MalwareConfig/status/893438328065986560 rmznsinstr.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/893002193254723585 legacylol.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/890017219060649984 ihack.ddns.net # Reference: https://twitter.com/MalwareConfig/status/888531040230309888 refflexx.hopto.org # Reference: https://twitter.com/MalwareConfig/status/882871663934812160 darkcomete.ddns.net # Reference: https://twitter.com/MalwareConfig/status/880781602158194688 chapropaxas.zapto.org # Reference: https://twitter.com/MalwareConfig/status/879114139486101504 ecofriendster.com # Reference: https://twitter.com/MalwareConfig/status/863803239791292416 csgohacker2017.ddns.net # Reference: https://twitter.com/MalwareConfig/status/863327587187249152 zxmn.ddns.net # Reference: https://twitter.com/MalwareConfig/status/861251179367587841 enesmt2-logo.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/861012250810888192 enesmt2.ddns.net # Reference: https://twitter.com/MalwareConfig/status/857675716036526080 billhosts.ddns.net # Reference: https://twitter.com/MalwareConfig/status/857344636381270016 yunuscan.ddns.net # Reference: https://twitter.com/MalwareConfig/status/857101248243396609 dc1604kzl.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/856747439105159168 ahmetbay.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/856232287985438725 vahdi12.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/852138277377388545 # Reference: https://malwareconfig.com/config/9026246afcc01ef5c5c8961dc1c6bc37/ 217.44.145.105:1604 # Reference: https://twitter.com/MalwareConfig/status/848914914274140164 rat12411.ddns.net # Reference: https://twitter.com/MalwareConfig/status/848135538007838720 Hierro1.ddns.net # Reference: https://twitter.com/MalwareConfig/status/846713975190556672 # Reference: https://malwareconfig.com/config/0487fed0aa52334d15911e5384c0d410/ 80.61.35.94:1600 # Reference: https://twitter.com/MalwareConfig/status/846688338153230336 xose01.ddns.net # Reference: https://twitter.com/MalwareConfig/status/843832787610320900 1po4tip.3utilities.com # Reference: https://twitter.com/MalwareConfig/status/842080814074605571 mavileylek.ddns.net # Reference: https://twitter.com/MalwareConfig/status/842080723624439810 # Reference: https://malwareconfig.com/config/8858d5a020fe2ae5a03574a7103702d8/ emircanaktas.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/841597432337203200 batuhan32200269116.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/839149275791704065 siradanpc12.dynu.net # Reference: https://twitter.com/MalwareConfig/status/838150119476310016 kagero-grup.sytes.net # Reference: https://twitter.com/MalwareConfig/status/821970069358084097 cemal334.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/821302409813262336 cw.ddns.net # Reference: https://twitter.com/MalwareConfig/status/818865344886558724 tstdc.3utilities.com # Reference: https://twitter.com/MalwareConfig/status/817421933608370176 sanana.hdd.com # Reference: https://twitter.com/MalwareConfig/status/816026893631844352 ketref38.dynu.net # Reference: https://twitter.com/MalwareConfig/status/812818261347893248 # Reference: https://malwareconfig.com/config/2d9bf3f12890104ecd523f844859489f/ 81.100.129.159:4789 # Reference: https://twitter.com/MalwareConfig/status/806979375040233472 # Reference: https://malwareconfig.com/config/61f07e2d14ece932f5e520bf4c9916c3/ 149.255.62.14:1604 # Reference: https://twitter.com/MalwareConfig/status/804458441976725505 # Reference: https://malwareconfig.com/config/c72a7164844dca1a6386d4d5a3585815/ 82.103.140.48:1604 # Reference: https://twitter.com/MalwareConfig/status/803636805279031296 massarbaba.ddns.net # Reference: https://twitter.com/MalwareConfig/status/803500980214124544 banthisbitxh.zapto.org # Reference: https://twitter.com/MalwareConfig/status/798276892864421888 # Reference: https://malwareconfig.com/config/db1136d52bb1f563253c9dd7b9e33dfb/ 86.128.42.185:100 # Reference: https://twitter.com/MalwareConfig/status/796589840192143360 samuli.ddns.net # Reference: https://twitter.com/MalwareConfig/status/796110751744266245 blessedchuks.ddns.net # Reference: https://twitter.com/MalwareConfig/status/791971477671280640 jimmybob231.ddns.net # Reference: https://twitter.com/MalwareConfig/status/790199387590889472 ahmedsaleh.no-ip.info # Reference: https://twitter.com/MalwareConfig/status/790183969413357572 elopasemq.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/790180399452389378 tacidreaq.no-ip.info # Reference: https://twitter.com/MalwareConfig/status/790178614490779648 hackman83.no-ip.org # Reference: https://twitter.com/MalwareConfig/status/790171154778554370 tatuti.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/790170953212985344 abod12345.no-ip.info # Reference: https://twitter.com/MalwareConfig/status/790167660034220036 ratyou.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/790165889551306752 oxhacker5.no-ip.info # Reference: https://twitter.com/MalwareConfig/status/790161745495097344 anasek.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/790156009704685568 # Reference: https://malwareconfig.com/config/fb6fe9ce3fb60662de59b0d3f2f1a900/ falumir24h.servegame.com # Reference: https://twitter.com/MalwareConfig/status/790155881015087106 onetwone007.zapto.org # Reference: https://twitter.com/MalwareConfig/status/790153534738169856 jjleo.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/790151613247782916 dnnirfan.zapto.org # Reference: https://twitter.com/MalwareConfig/status/790149013370724352 lanremoteadmin.no-ip.org # Reference: https://twitter.com/MalwareConfig/status/790146263614455808 dedilivisoft.ddns.net # Reference: https://twitter.com/MalwareConfig/status/784740796281065472 zirconpvp.ddns.net # Reference: https://twitter.com/MalwareConfig/status/784717845582274560 # Reference: https://malwareconfig.com/config/39360b2ac89e3f789632a498635ea53d/ 88.75.173.240:81 # Reference: https://twitter.com/MalwareConfig/status/783251715151818752 Flythief.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/779638685151166464 duckysiker.ddns.net # Reference: https://twitter.com/MalwareConfig/status/778618987848601600 brokerr1.ddns.net # Reference: https://twitter.com/MalwareConfig/status/776415665246920706 at0x.ddns.net # Reference: https://twitter.com/MalwareConfig/status/774130450746871808 arrivals.ddns.net # Reference: https://twitter.com/MalwareConfig/status/772097961165778945 azarxd.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/769232194959183872 sozluk.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/765431761195134976 pisr.no-ip.biz # Reference: https://twitter.com/MalwareConfig/status/765276865913298945 tytusandronicus.suroot.com # Reference: https://twitter.com/MalwareConfig/status/762934405761527812 # Reference: https://malwareconfig.com/config/bb042ea1efbb153eceb81ead99ca40c8/ 174.61.87.89:1604 # Reference: https://twitter.com/MalwareConfig/status/753691591337017344 # Reference: https://malwareconfig.com/config/e10407f76f1f68cfd15419b9f9fbe8a2/ 100.7.41.35:1604 # Reference: https://twitter.com/MalwareConfig/status/753244223584043009 eprice.ddns.net # Reference: https://twitter.com/MalwareConfig/status/752960699287101441 testpourvoirkimahack.no-ip.org # Reference: https://twitter.com/MalwareConfig/status/751129638970200064 dakdns1.duckdns.org # Reference: https://twitter.com/MalwareConfig/status/750828815656558592 # Reference: https://malwareconfig.com/config/9e516fadabf7246a846af83715c6c961/ 94.183.16.82:1604 # Reference: https://twitter.com/MalwareConfig/status/748820464617807872 # Reference: https://malwareconfig.com/config/afaf914aa49af9ab06cfecf21439a778/ 89.164.152.8:1605 # Reference: https://twitter.com/MalwareConfig/status/748818887526014976 destinyhacked.ddns.net # Reference: https://twitter.com/luc4m/status/1072888268528779264 pd1n.ddns.net # Reference: https://twitter.com/MalwareConfig/status/1127517851852713984 abdoaks-41628.portmap.io 193.161.193.99:41628 # Reference: https://twitter.com/MalwareConfig/status/1128313177253535744 # Reference: https://malwareconfig.com/config/df577ed4df4a7ff3f219b54793fa4249/ nonmo.duckdns.org 95.65.129.254:3323 # Reference: https://www.fireeye.com/blog/threat-research/2014/04/crimeware-or-apt-malwares-fifty-shades-of-grey.html akuna.mcdir.ru privatecode.zapto.org # Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf 5.189.145.248:1453 # Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569 newdarkcomet.daniel2you.com # Reference: https://twitter.com/JayTHL/status/1189283483031670784 176.116.138.8:1604 lz747.ddns.net # Reference: https://twitter.com/JayTHL/status/1189371424441540613 91.247.92.191:1604 # Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html (# Win.Trojan.DarkComet-7365618-1) mrsnickers03.no-ip.biz # Reference: https://malwareconfig.com/config/7336917d4220081386839c0b8ac8c8c9 58.189.48.187:1235 groaqohtw.duckdns.org pluewredw.chickenkiller.com sbyclaudl.ddns.net # Reference: https://www.virustotal.com/gui/file/17664df09aa7b847890126d806ebcaec2cb9eaeeb68f6a32ae5b1ed9de11710f/detection slorb.ddns.net # Reference: https://twitter.com/JayTHL/status/1195043904959197190 92.63.110.250:1604 dd242sww.ddns.net # Reference: https://www.virustotal.com/gui/file/131ec6981504c91fbd735f9c9a2b0f70f9b7797468279768e202229fa65dddd0/detection # Reference: https://www.virustotal.com/gui/ip-address/213.208.152.210/relations 213.208.152.210:7676 maka321.serveftp.com nathan22.ddns.net nathan23.ddns.net nedpmpm.ddns.net # Reference: https://twitter.com/JayTHL/status/1197946059558981637 178.123.30.130:1604 coldwarn.ddns.net # Reference: https://www.virustotal.com/gui/file/f919c1b2662c0a9b33669f200989dc9a4269bfde78775e1f146baec3ebfb3a0c/detection simochka.hopto.org # Reference: https://www.virustotal.com/gui/file/e64a2c5683ed7236f0139a1dec23f60435376dd34b57f576054bdc87034f4be8/detection 79.134.225.89:1906 elumadns.eluma101.com oluwa102.hopto.org # Reference: https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html (# Win.Malware.DarkComet-7395004-1) lolmands.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/7294aef18599ab8be993ed60d9d99b86f37519e3a363a3559b3d6787130e884a/detection graceman.no-ip.biz # Reference: https://www.virustotal.com/gui/file/b5f9f16ebc7f98c4f561ffec1f000d2ae2f94fbff9468bdd54f8197792e5d710/detection 212.83.170.126:650 zebircp.duckdns.org # Reference: https://www.virustotal.com/gui/file/e891ac1ac38f68825ac43899d513dae488064b8f9ae5bba38f1e9ee597418a52/detection 134.0.111.33:1604 # Reference: https://twitter.com/Littl3field/status/1188957733296529411 anonim321.ddns.net # Reference: https://www.virustotal.com/gui/file/89f54d569487466bc6107cc627be0c2e156ea5fad2d58e8bc9575c2b650a79a1/detection 77.121.107.111:1604 77.121.107.111:27015 # Reference: https://www.virustotal.com/gui/file/de2a70a912c77ff2474d39d4329fda59c68c19c2b1cfb681a86b68f3c70e00b6/detection dermindra.mywire.org # Reference: https://www.virustotal.com/gui/file/c38787d9ec611ffc0bf51bba81fa954cfa5c7762294da81fecca4d393721f4e2/detection 95.59.27.194:1604 # Reference: https://www.virustotal.com/gui/file/214018c923bca8493dfefa0401ba7eeb836a6bd7ab7212b85d97fe44385aac51/detection 193.84.64.159:1604 # Reference: https://twitter.com/Paladin3161/status/1183584735563374594 fyzee.top # Reference: https://twitter.com/Paladin3161/status/1158694257370120193 jimmykarcter.ddnsking.com # Reference: https://twitter.com/Paladin3161/status/1157688436536426503 212.100.94.58:4174 amariceo.duckdns.org # Reference: https://www.virustotal.com/gui/file/107f96a8eb7a09cf92578c9962104e68434bf7ecb3b12e91c51154fecfd3ae54/detection 212.100.77.240:4174 # Reference: https://www.virustotal.com/gui/file/377cb36c07f059e3e46752e56a9fcf79aa673d453272edaa30a2fa83ecbf5780/detection 212.100.80.150:4741 # Reference: https://www.virustotal.com/gui/file/377cb36c07f059e3e46752e56a9fcf79aa673d453272edaa30a2fa83ecbf5780/detection 105.112.18.199:4174 # Reference: https://www.virustotal.com/gui/file/f9ac49bde20975ac8a5ea01812df0743f9c4a36c2a17866d621d7d53812040c5/detection 185.244.31.248:4174 # Reference: https://www.virustotal.com/gui/file/dec9db3c5e493cd149bf6235eddca0e97b14176b95f3b04809a96647d6e6cae0/detection 192.69.169.25:1909 outofspace.duckdns.org # Reference: https://www.virustotal.com/gui/file/d78d698387d7206a83d655c82476206dbf4c0ad7e85e69cea127e6a21e0867bf/detection 154.16.220.184:1909 # Reference: https://www.virustotal.com/gui/file/8e88cbc0451706c999bfaa5f3a13e6b30a0b397d4741fc9d6857a0cc6f15200c/detection 185.140.53.102:5001 79.134.225.46:5001 91.193.75.181:5001 # Reference: https://www.virustotal.com/gui/file/418c3d4c20019801ca899f73ab150f4278421e6ed00bc17b81ff2f61412cec52/detection 41.47.195.67:1604 # Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html (# Win.Packed.DarkComet-7433889-1) alaka.no-ip.biz bbdl.ddns.net botofvps.no-ip.biz laloutrecam.no-ip.org server-49.sytes.net simond.zapto.org who-is.ddns.net zcitizen.no-ip.org # Reference: https://www.virustotal.com/gui/file/97bbd6baec79e66608a0f69e85b2deb90d4bcbe458b8361a540a0f013951c88f/detection 83.5.80.149:55565 # Reference: https://www.virustotal.com/gui/file/92bd1ddf0917990306cb2d94f888cd5d4d7e3e2553e7036daf99e601ddaf9dc9/detection 83.5.80.151:55565 # Reference: https://www.virustotal.com/gui/file/ff90842f11b382e6f54c431ac19140da98fbbee1789acd70fb2b9f44bfc34219/detection 83.7.183.229:55565 # Reference: https://www.virustotal.com/gui/file/7df3beeb988e34f6f7220aab8b831607294158dc4c53aff1bd3c7ca903b1fdaa/detection 83.4.242.75:55565 # Reference: https://www.virustotal.com/gui/file/63c511f39c25ab211385aee0046c3c4fee44d29d611eeea0cf2be2ac93809623/detection 83.4.252.111:55565 # Reference: https://www.virustotal.com/gui/file/94b8c6acecd827134c8191b4da66872ef4586aa2f315d3b932b426af85a71d93/detection 83.4.229.8:55565 # Reference: https://www.virustotal.com/gui/file/ca593ab0ffb04a72a0a756fc471ec6d7b9b4f2d579c94692d261da77b54c808d/detection 94.73.36.254:1604 crazyzombie.no-ip.biz # Reference: https://www.virustotal.com/gui/file/1c77569e984944aa6aedd9f0db41d5cbce3b3e3b9c2c200c7333f83a484c020c/detection kingraiderbruh.no-ip.biz # Reference: https://www.virustotal.com/gui/file/ca1e1feeec5138c6be6c6b4b3f7a939e3a4fd01af4b0272fab729ef90323336b/detection ilyaes12.no-ip.biz # Reference: https://www.virustotal.com/gui/file/9aeb47408b5d55bfd1957997ac4ddc88e9ac97f8e9b20a7a95263640b5898c29/detection dingo4tn.no-ip.biz # Reference: https://www.virustotal.com/gui/file/53249502c44b937365c75f7f102d79d29a2ad39859e1c86622de4540409848a9/detection omar37.no-ip.biz # Reference: https://www.virustotal.com/gui/file/17e16829e28a6b3d8e6894bde0159180c0496340b639381bb1d9dd9e01a5e972/detection yu9.no-ip.biz # Reference: https://www.virustotal.com/gui/file/d32aea9c897b1603302369c4ac13a7b6e2f5604c8c3ab869b9aba972f4bb7681/detection 94.73.32.235:1604 ramboxxx.no-ip.info # Reference: https://www.virustotal.com/gui/file/c50bd1e4d69ffef704d8d2e2964bc87916fcc201ef1194b5802b1c3a6509fa97/detection modr.no-ip.info modrshk.no-ip.info # Reference: https://www.virustotal.com/gui/file/c0f68884bf0c8a947a3cfbeb329273f1f43ebd5457fad909855b0b54b98812b6/detection ygo.no-ip.info # Reference: https://www.virustotal.com/gui/file/197f7c8fc7e608f1ba07aba11c991056b15aa03b492d9cf02ed094c169a2a8e6/detection runaway2.no-ip.biz # Reference: https://www.virustotal.com/gui/file/ce785e02f2b24fe95e5915eaeb866db1796791cfda59eef26be68a182d02b900/detection 94.73.33.36:6644 # Reference: https://www.virustotal.com/gui/file/e9f55f4652ef8d8f9a6d373eace19e08d29d1d0a391be0ccc27b2b02e156986a/detection 94.73.33.36:1338 bl4cks0ul.no-ip.info # Reference: https://www.virustotal.com/gui/file/c8cb5754952107507550b8343ec3acf15b0c7195b8f4f93d3152b9e4f6e289b1/detection 31.13.65.17:8080 69.171.228.74:8080 69.171.230.18:8080 94.73.33.36:8080 satan666evil.gotdns.ch satancracker.no-ip.biz # Reference: https://www.virustotal.com/gui/file/de19d8ea2911ff7e337823576e214151ad4426206db8e9ea9880778f2592f935/detection # Reference: https://malwareconfig.com/config/ec692bde91ad1c6e182843bc0a5c7e81 seguridadsocial.ddns.net # Reference: https://www.virustotal.com/gui/file/e3142c50a9c097003c66fc83f31d46798862dccb983728f3a777737e662b02cc/detection 79.134.225.122:1607 # Reference: https://www.virustotal.com/gui/file/c176c510cdc4c587528c7b3fd414ff373f966e669243ade0f76bc674e8053a9f/detection 192.253.246.144:1607 # Reference: https://www.virustotal.com/gui/file/887882af88b520def045ebd160c5fdef397cecd4d38a5f9f671f2da3c6635275/detection 192.253.246.140:1607 # Reference: https://www.virustotal.com/gui/file/92372f11635906b7039356bd6b4bdcd94c24de17e921ca8bd0168088c0e64439/detection 192.253.246.136:1607 # Reference: https://www.virustotal.com/gui/file/a662f3c32b1d51a5312210ba7f19533530dc896497eac762897123d49b8d1719/detection 192.253.246.142:1607 # Reference: https://www.virustotal.com/gui/file/8594136c769d508d553fda7f8b421baab15976eceb0dbe7d8a1f1ced827f5f6e/detection 192.253.246.138:1607 79.134.225.92:1607 # Reference: https://twitter.com/reecdeep/status/1206847852309352448 # Reference: https://app.any.run/tasks/2b31885e-fa6d-4308-a351-3d59cd309481/ 185.140.53.50:1605 jeanpaves.ddns.net # Reference: https://twitter.com/wwp96/status/1210606469592371201 # Reference: https://app.any.run/tasks/d86cabeb-0cc0-4c9b-a2a2-b876ddce564b/ 185.140.53.95:1906 # Reference: https://www.virustotal.com/gui/file/2fd2c7100b89c90a3ef564aeaecfac08e35a06cf7dd1df24e4cf44f2283087f2/detection 185.244.31.13:3522 79.134.225.71:3522 dannydns.eluma101.com # Reference: https://www.virustotal.com/gui/file/2e20af12d0cd8fc445cfa4229a456cf8e230fafa32a8944d89be5439e6779e63/detection 83.32.180.189:8678 ventoclima.hopto.org # Reference: https://www.virustotal.com/gui/file/8994dd9beff98d840c534e1d351bd664076719312a81ecf65722115b4ec58427/detection 3.19.114.185:18163 # Reference: https://www.virustotal.com/gui/file/4217fb08ed238f8b922c41afbb4478e47b9f8c0eb78b5ffcae66ec1b8cd1f548/detection 3.19.114.185:11600 # Reference: https://app.any.run/tasks/fb983792-d62b-41cf-80d1-7b891270fbca/ f0371887.xsph.ru f0378320.xsph.ru cr3lit8-21896.portmap.io 193.161.193.99:21896 # Reference: https://app.any.run/tasks/ea139bc7-47ee-44e3-819d-3d4016885895/ ltfk003.duckdns.org # Reference: https://app.any.run/tasks/3f6a8dd7-560f-4856-9488-3cb1ff9f66e1/ 176.136.148.107:1604 sosomelaine.ddns.net # Reference: https://app.any.run/tasks/375e229e-64ba-4fec-8dcc-811fe67d45dc/ damiannescool.ddns.net 82.73.138.151:1604 # Reference: https://app.any.run/tasks/f03d11aa-a5c1-4eae-b2be-1e97643a2091/ 193.161.193.99:36488 # Reference: https://www.virustotal.com/gui/file/abb234323e3a02f58c2496f7812f8f6bac8fb4e1190499f546694231b1c6a4a4/detection 193.161.193.99:58641 probasar1-58641.portmap.host # Reference: https://www.virustotal.com/gui/file/fe151f75021c407a98d4da3004960bb6f7b719e596fd1e1fee86403e3198d661/detection 193.161.193.99:21896 cr3lit8-21896.portmap.io # Reference: https://www.virustotal.com/gui/file/287aa7d1a0d3975dfb87f9af9f9f859fbcb3945e6a88961890e095e42a443aac/detection 193.161.193.99:32238 # Reference: https://www.virustotal.com/gui/file/0edd517776b8606ab9ddfca9dafcd22f414dac7e228519e5fbaad8bac03634c0/detection labicrave-33863.portmap.host # Reference: https://www.virustotal.com/gui/file/73bf883f18a88c3809a243535821a604c903c08add452ed6774808496d3116bf/detection nobert-51061.portmap.host # Reference: https://www.virustotal.com/gui/file/d53b25a2e9f235eb8754a56c65b6f99427f2630caf093cbb0a072605df2f7a76/detection 193.161.193.99:30056 cyber1337.ddns.net # Reference: https://www.virustotal.com/gui/file/8d463da038e6072c00c34fb9251105f6d532b79def3b2066562420ea576681c6/detection 193.161.193.99:22322 myhtrahdd-22322.portmap.io # Reference: https://www.virustotal.com/gui/file/3c9064a40d32be530a5217e58ca5fe26ecca7e8c3fbaa72186f0d481ecb2d9b5/detection 193.161.193.99:63239 # Reference: https://www.virustotal.com/gui/file/d3053104b45194e9957f7e36e28bedba4dfd6950f0bf26e57f7f6ddde453d62b/detection 3.19.3.150:17660 # Reference: https://www.virustotal.com/gui/file/b29c03497b1e6c5fa31a85e11f5711b7475b7d2b9a1967a6228d1086dba2aab0/detection 178.124.140.136:2033 okechu.ddns.net # Reference: https://www.virustotal.com/gui/file/1bc564fed502e1c1769f39a9e2cdc214f1bde06357102403668428fe624f3faf/detection 142.44.161.51:4338 185.101.92.3:4338 ales2018.myq-see.com # Reference: https://www.virustotal.com/gui/file/8ae917f86da4edb9f1c78a61b2ae37acc378cc4041c88b76d015a15716af3a63/detection 104.244.75.220:3333 199.195.250.222:3333 46.1.231.234:3333 94.237.60.17:3333 minsuport.duckdns.org # Reference: https://www.virustotal.com/gui/file/3e5c8e9bd4f63e3a36d1085479e7c2d74e1eb528b798df978d7b47dee50c2ebc/detection 91.233.116.105:200 nulledserver.no-ip.biz # Reference: https://www.virustotal.com/gui/file/7bed732bd0a009bd6c9ed212043cc84d31798515bc3f63bcff9a2c5372cd0943/detection 91.233.116.105:1700 justfreak2.no-ip.biz # Reference: https://www.virustotal.com/gui/file/22e02ed203179f92c45f3f30523ba841975035a1900dc180e7c7fac5769da8af/detection 193.161.193.99:49259 pancsikarulez-49259.portmap.host # Reference: https://www.virustotal.com/gui/file/cb19eb54cb867ac2cb84648f206eb54ebbc7d256159d183df8e3befce97db876/detection uranus11-45447.portmap.host # Reference: https://www.virustotal.com/gui/file/6ab0a44de9bf9387b1588e8b1e24df0dcc684506c53bd8f279781d7a82babd40/detection 193.161.193.99:45447 # Reference: https://www.virustotal.com/gui/file/5ee7d9accba8ced31e3c2e4115726512eab24d021c7f886cce3b23a04a7f2958/detection agsagasg-51850.portmap.host # Reference: https://www.virustotal.com/gui/file/1d86d830ea75dad210fbe3c052cff73b051cefc3a4191afbdb1a7dfd599a0de7/detection 193.161.193.99:51850 # Reference: https://www.virustotal.com/gui/file/4d30c52eb518f94ecbbd90e20cb7e5029db4f48d7aee71b8102e908a4638ce05/detection 79.134.225.72:1604 # Reference: https://www.virustotal.com/gui/file/2565335e0931b77cde870d36b0961cf65b80ba979b4ee54d3fcd0944887303ba/detection torrentfever.ddns.net # Reference: https://www.virustotal.com/gui/file/da5d2f25777bb1fe4a4f7f917783932261e28d4ac52435abb8fbf039f85ce119/detection tempo666.zapto.org # Reference: https://www.virustotal.com/gui/file/7b3338f0e27dc1b997d0e39e1c49a3c859167b9aeb013e52024a230a9abdc1a4/detection 77.243.191.124:1604 # Reference: https://www.virustotal.com/gui/file/36ce40e8fd23b032db23a12ee56ee6faca058752537c3ed470b3d926d9e6fbd0/detection fabuloustrain.ddns.net # Reference: https://www.virustotal.com/gui/file/f5bd4f2867e13fcd96a1df3468dd0745fa59bde069ab7d8c4e17c4d5a2789539/detection 81.171.107.159:1604 81.171.107.191:1604 # Reference: https://www.virustotal.com/gui/file/c630d27332dddf6e062b2e67876a55e7eff4e0a4f88464342cce10559f367d52/detection 81.171.107.179:1604 81.171.107.192:1604 # Reference: https://www.virustotal.com/gui/file/ea424fab06a7d517d529c7c1dc00abb5ba9ed58a6862d165db4b8782fb62e6a8/detection 176.145.88.84:1604 # Reference: https://www.virustotal.com/gui/file/7e0f5200bd838184cc60658bc47f65e924d24d3cd83dce5e95f7bc61b3ac3551/detection 174.127.99.217:1604 zazagamer.chickenkiller.com # Reference: https://www.virustotal.com/gui/file/9b93d520411eceb42379af9ee7a557cf46baa803d84ed60c31379bcf228cbdeb/detection 174.127.99.217:1064 friendly.ddns.net # Reference: https://www.virustotal.com/gui/file/13ebf455f5fecceec2efe08d9277033f5f4e3232d2588293eb86366812a7d224/detection mstanley099.no-ip.biz # Reference: https://www.virustotal.com/gui/file/251cd8217b252046cfe2431e3eed6b95497c7a35e72d29fafc7b0fee2d663e15/detection 197.35.32.124:1604 197.35.185.224:1604 41.34.132.146:1604 # Reference: https://www.virustotal.com/gui/file/611e605249be80992d7cfd5afb80cd9b9264e9ee100f0941b1caca07b0fc7500/detection 197.35.251.177:1604 # Reference: https://www.virustotal.com/gui/file/46b4778e9c1dcd35f764ff0a4f1b4a113ae77b055741856bad2ea44755027899/detection 197.35.110.197:1604 # Reference: https://www.virustotal.com/gui/file/d365d87cbfb77718d623ded44a4997ca47f6ada4ab7c448c5f3b35f14e5fdc2d/detection 197.35.252.169:1604 # Reference: https://www.virustotal.com/gui/file/72d74b6c30b5e27baa44672dd8d5272331586e884aa1e1ece3ead10c404070be/detection 197.35.118.164:1604 # Reference: https://www.virustotal.com/gui/file/9051e9bdce5dc69e937d84a6a3fb6e50e65c720d702f0907aa653fc5f7da2dbe/detection 41.34.143.115:1604 # Reference: https://www.virustotal.com/gui/file/28135e9890aeff760d5136e018622a6af7897b62b727706d76dd5f3f4889a1c6/detection 197.35.212.4:1604 # Reference: https://www.virustotal.com/gui/file/1fd30c178259ab2eca3eb7b1c4dc72524e532ec9103908d586bd1b9ed25918a4/detection 197.35.40.11:1604 # Reference: https://www.virustotal.com/gui/file/1a3a0a2971869944fbda56931b1bc0f823252e19347f8a24bd5882ab20d55f37/detection 177.40.223.91:4545 187.113.83.200:1604 187.113.83.200:2000 codelux2017.ddns.net # Reference: https://www.virustotal.com/gui/file/28410304b6cfb89e5c406b1714aa3509b677678269cd240866e8737a1506a794/detection 191.32.183.108:1604 191.32.183.108:2000 191.32.183.108:4545 # Reference: https://www.virustotal.com/gui/file/e322fe6a65f56eb0f0e51228dec2a7da0f3a95790ff31d334b22c3c367097ef4/detection 177.17.89.53:1604 177.17.89.53:2000 177.17.89.53:4545 webicon.ddns.net # Reference: https://www.virustotal.com/gui/file/143882721f897265153ec6bb611edb6fe6521ac677236898b792501f34477121/detection 177.133.224.227:1604 177.133.224.227:2000 177.158.55.71:4545 # Reference: https://www.virustotal.com/gui/file/494d944c04c3b75aec65faf447b2ed95f6c684283e44a16e26bfbc09470c9324/detection 177.133.237.192:1604 177.133.237.192:4545 179.162.75.77:4545 179.178.255.149:4545 179.179.22.151:4545 187.113.188.251:4545 # Reference: https://www.virustotal.com/gui/file/9945581c7a358e1abe5059428894e5758d00dd13818325c71f88c27fcadf6f67/detection 179.162.75.77:1604 179.162.75.77:2000 179.162.75.77:4545 179.178.255.149:1604 179.178.255.149:2000 179.178.255.149:4545 179.180.211.161:1604 179.180.211.161:2000 179.180.211.161:4545 186.212.249.160:1604 186.212.249.160:2000 186.212.249.160:4545 187.113.183.158:1604 187.113.183.158:4545 # Reference: https://www.virustotal.com/gui/file/5e64f8013e95bbea0d2bebccdcba96666f7f582e6e7ec72436bf0a599086f161/detection 177.133.236.241:1604 177.133.236.241:2000 177.133.236.241:4545 177.158.45.214:4545 177.205.255.54:1604 177.205.255.54:4545 179.179.22.151:1604 179.179.22.151:2000 179.179.22.151:4545 186.215.4.143:1604 186.215.4.143:4545 # Reference: https://www.virustotal.com/gui/file/94876ecc191d3fd166c051cb3c83c21d0f76d2fef48c37fcd51c66e7603c248d/detection 179.179.29.140:1604 179.179.29.140:4545 office.minhaempresa.tv # Reference: https://www.virustotal.com/gui/file/4db3e6040c571faa3fc1df1f611309331951b2a8e8f50726ada078e5cc07193c/detection 177.40.211.35:1604 177.40.211.35:2000 177.40.211.35:4545 # Reference: https://www.virustotal.com/gui/file/29e4dea67e2fd57042d4f72d3729ccd76bc0dcd5c5d3d9d31543d15e9e51d408/detection 177.133.245.14:1604 177.133.245.14:2000 177.133.245.14:4545 # Reference: https://www.virustotal.com/gui/file/05db79ea77be36a9d0f7cc1867e59d6371e9b020bea2ddd70369699068167514/detection 186.212.248.29:1604 186.212.248.29:2000 186.212.248.29:4545 # Reference: https://www.virustotal.com/gui/file/67a5dd211bcaf9907370532ef34f4f2f612b1c30a783a56bdfff6229cc2e3cf2/detection 177.19.46.99:1604 177.19.46.99:4545 # Reference: https://www.virustotal.com/gui/file/62f359ae3a0c28e064257d1e6e3abe96eb76af76405d0bd3cf8ba9c7ab0d8fa0/detection 179.162.73.233:1604 179.162.73.233:2000 179.162.73.233:4545 # Reference: https://www.virustotal.com/gui/file/ae6e01840d70796325ac784cef99b46de2c2a261a8d0757910af04dea4a6eaf3/detection 5.76.75.20:1604 y9snpbyg48bmprqx.ddns.net