# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: dinihou, duhini, hworm, h-worm, wshrat # Reference: https://twitter.com/DissectMalware/status/986467663353442305 pm2bitcoin.com # Reference: https://twitter.com/Racco42/status/1047173279553900551 toheeb.publicvm.com # Reference: https://twitter.com/Racco42/status/1044562743519584257 185.141.27.177:4123 # Reference: https://twitter.com/Racco42/status/1040353263579738113 # Reference: https://app.any.run/tasks/f6eca300-7137-4e88-bd28-7f9a507a17d3/ 46.243.189.128:6969 # Reference: https://twitter.com/Racco42/status/1053747018835869696 fud.fudcrypt.com # Reference: https://twitter.com/Racco42/status/1102879193631731713 185.198.26.245:3843 # Reference: https://twitter.com/Racco42/status/1110868159492489216 brothersjoy.nl newmenow.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1016808667692204032 windefendeupdate.duckdns.org # Reference: https://twitter.com/Jan0fficial/status/1009009607988187137 # Reference: https://pastebin.com/MxR1p5wG stanman.linkpc.net # Reference: https://twitter.com/avman1995/status/963273945955864577 ines0049.ddns.net # Reference: https://www.securityartwork.es/2019/01/25/wirte-group-attacking-the-middle-east/ # Reference: https://www.virustotal.com/gui/file/65d61cf1481749565fc8f4186c92c7b4f499b39e4d93295551ece4ec9560cd27/detection 149.28.14.103:535 149.28.14.103:80 mighty-dead.ddns.net mighty-dead.spdns.de mightydead.webredirect.org # Reference: https://twitter.com/pmelson/status/1119756002503606272 updatesystem.linkpc.net # Reference: https://twitter.com/Racco42/status/1120981890947854336 185.101.94.172:3018 # Reference: https://twitter.com/Racco42/status/1121350734350413824 # Reference: https://www.virustotal.com/en/file/5efd79ed3058f656b6df2164a37f86e80978d8ebb5f8d5222be03decb03fc28b/analysis/1556133044/ 194.187.249.104:7777 # Reference: https://twitter.com/chen_erlich/status/1121406324884086787 # Reference: https://www.hybrid-analysis.com/sample/4ff921531d9cb5c21b3ee081a5fd1c52d12690332dd1ea1608230b8de918ac09 105.105.218.193:4433 # Reference: https://twitter.com/chen_erlich/status/1121406324884086787 # Reference: https://www.virustotal.com/gui/file/b2dc457d16afa43c943b31021052b939d58aedfcdf2fad8e25e5b96edc71d180/detection updatefacebook.ddns.net 197.162.66.49:2 # Reference: https://twitter.com/chen_erlich/status/1121406324884086787 # Reference: https://www.virustotal.com/gui/file/61c96cdb88877b3c737a1022bb6355e8489d2cc2019ecbcc15be978186552174/detection 23.227.201.158:3047 # Reference: https://www.hybrid-analysis.com/sample/442fe9bb6820ba79ca48429df8e5a01e991302be2a0d45a35c99c5d006a1d64a office-update.services 104.24.112.139:2082 # Reference: https://twitter.com/JAMESWT_MHT/status/1130449106663616513 savelifes.tech # Reference: https://twitter.com/James_inthe_box/status/1138092566820212737 # Reference: https://app.any.run/tasks/13e72f97-139b-4441-9bc6-9b5e9e08d622/ doughnut-snack.live mynameisstaff.warzonedns.com 20.54.72.33:4444 # Reference: https://twitter.com/luc4m/status/1138430833533104128 unknownsoft.duckdns.org # Reference: https://twitter.com/Racco42/status/1139458016611356672 sirkashmoremoney.duckdns.org # Reference: https://twitter.com/Racco42/status/1139461501113311232 chance2019.ddns.net # Reference: https://twitter.com/HONKONE_K/status/1141181986523844612 bylgay.hopto.org microsoftoutlook.duckdns.org soucdtevoceumcuzao.duckdns.org # Reference: https://twitter.com/Bank_Security/status/1141388470293655552 # Reference: https://pastebin.com/P4h3NHJE tcoolsoul.com # Reference: https://twitter.com/Racco42/status/1143054336563564544 # Reference: https://twitter.com/dvk01uk/status/1143027551151042560 # Reference: https://app.any.run/tasks/b6ac016b-3439-4710-9942-e1645343a261/ microsoft.btc-crypto-rewards.cash 160.202.163.246:9966 185.247.228.14:7755 # Reference: https://twitter.com/coderippers/status/1154003951152484352 9d1.myq-see.com mzu.publicvm.com # Reference: https://twitter.com/Timele9527/status/1159673642332016640 mmksba.dyndns.org 64.188.25.230:4455 # Reference: https://twitter.com/smica83/status/1166275236741955585 dbin240.ddns.net # Reference: https://twitter.com/luc4m/status/1166765980489584640 91.132.139.181:9999 # Reference: https://twitter.com/wwp96/status/1171069954881392641 # Reference: https://app.any.run/tasks/d3b840d6-520a-4529-a561-b2ce8c05b432/ 79.134.225.72:1104 165.22.129.173:7756 ablerightventures.duckdns.org pluginsrv1.duckdns.org # Reference: https://twitter.com/Paladin3161/status/1172178725959397378 plunder.nsupdate.info # Reference: https://twitter.com/malware_traffic/status/1172610957929062410 81.92.202.176:5200 tain0077.warzonesdns.com # Reference: https://twitter.com/KorbenD_Intel/status/1133469852579106816 pleasurekeys.hopto.org suzuki-dc.biz unknownsoft.duckdns.org # Reference: https://www.virustotal.com/gui/domain/dz47.cf/relations dz47.cf # Reference: https://www.threatcrowd.org/listMalware.php?antivirus=Worm.VBS.Dinihou 4ever4.zapto.org 999mostafa999.no-ip.org 999mostafa999.sytes.net aboodzainuddin.ddns.net adda.no-ip.org adolf2013.sytes.net alfhaddd-hakr.no-ip.biz anarqe77.no-ip.biz anassrojola.ddnsking.com androidupdate.myq-see.com avg-antivirus.zapto.org blackr00t5.no-ip.org blkisdz.ddns.net bog5151.zapto.org bogus911.no.ip.biz bogus911.no-ip.biz brigittenetwork.hopto.org chrome00.sytes.com chuckey1.no-ip.org cupidon.zapto.org desermyth.dyndns.org devil.hopto.org diiimaria.zapto.org dmar123.no-ip.biz dodaaa.zapto.org dz-drs.no-ip.biz dz47.myq-see.com elisou19.ddns.net eroor.ddns.net exxilero.ddns.net ffff99fff.no-ip.biz gerssy.zapto.org google-1.linkpc.net google00.ddns.net google7.no-ip.org greekwebtv.viewdns.net h-w0rm.zapto.org hadizz.no-ip.biz haydar93.no-ip.biz helps.zapto.org introworld.no-ip.org introworld.zapto.org iphack.no-ip.info j2w2d.no-ip.biz jaberlovee.ddns.net jhk.no-ip.org khalode4me.no-ip.biz killer---204.no-ip.biz king25.zapto.org kiyoma200.no-ip.biz klonkino.no-ip.org kusaisouf.no-ip.org lastdance.ddns.net lolokamal.zapto.org maxxx12.serveftp.org maxy.no-ip.info mda.no-ip.org memo8.no-ip.org memo9.no-ip.org mesopotemia222.zapto.org microsoftsystem.sytes.net microsoftwindows.sytes.net migalou2012.no-ip.biz mlcrosoft.serveftp.com monas04.no-ip.info mootje01.no-ip.org mrkiller.no-ip.org nouna1985.no-ip.org pilo-raouf.no-ip.biz pscho546.hopto.org qqwe.hopto.org qwqhack.no-ip.biz redex.no-ip.info righi.linkpc.net rndaso.no-ip.info romyo333.sytes.net ronaldo-123.no-ip.biz s-mz.sytes.net saifnjrat55.no-ip.biz sexcam.3utilities.com shawaf.sytes.net sidisalim.myvnc.com smoky29902332.hopto.org swanox.no-ip.org tariqalr.zapto.org terminator9.zapto.org twiti2390.no-ip.biz vpn-hacker.no-ip.biz waforex2011.no-ip.info winup.serveftp.com wkooora.sytes.net wvvw.sytes.net x.dvr-ddns.com yah00.sytes.net ycemufkk6g.bounceme.net youcef142.no-ip.biz ysf.no-ip.biz # Reference: https://www.securityhome.eu/malware/malware.php?mal_id=51549698551bff97f583c51.51712090 abdnjworm.no-ip.biz abocasse.zapto.org ahmedghost.no-ip.info b-trese.no-ip.biz boucraa.no-ip.org dd.no-ip.bz debili1.no-ip.biz fuck-all.no-ip.info hackers1990.no-ip.org heartbraker.no-ip.biz jnyn-99.no-ip.org mda.no-ip.org mmrick.zapto.org mntm.no-ip.biz mootje01.no-ip.org mozaya46415.zapto.org rouge166821.no-ip.biz vanonymous.no-ip.org vichtorio-israeli.zapto.org zkzak.np-ip.biz # Reference: http://ddos-info.weebly.com/blog/h-worm-plus-public-in-depth-analysis adamdam.zapto.org adolf2013.sytes.net ahmad212.no-ip.biz alii007.zapto.org am1.no-ip.info ballgogo.no-ip.biz basss.no-ip.info bg1337.zapto.org bog5151.zapto.org dataday3.no-ip.org docteuur13.no-ip.org doda.redirectme.net dzhacker15.no-ip.org g00gle.sytes.net gerssy.zapto.org googlechrome.servegame.com hackediraq.no-ip.biz hackeralbasrah.no-ip.biz hattouma12.no-ip.biz hmode123.no-ip.biz karimstar.zapto.org kiyoma200.no-ip.biz koko.myftp.org mda.no-ip.org medolife.no-ip.biz microsoftsystem.sytes.net mootje01.no-ip.org msgbox.zapto.org new-hacker.no-ip.org njnj.redirectme.net no99.zapto.org noooot.no-ip.biz pess-123.zapto.org pess-12.zapto.org portipv6.redirectme.net ronaldo-123.no-ip.biz sawdz.no-ip.biz securityfocus.bounceme.net shagagy21.no-ip.biz sidisalim.myvnc.com silent9.zapto.org terminator9.zapto.org vpn-hacker.no-ip.biz xbox720.zapto.org xkiller.no-ip.info yahia17.no-ip.org zeusback.no-ip.biz zoia.no-ip.org # Reference: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Win32/Jenxcus#tab=2 # Reference: http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Worm:VBS/Jenxcus#tab=2 a.servecounterstrike.com eqe.sytes.net jnj.redirectme.net winlogon.servecounterstrike.com 3dmntk.no-ip.biz 999mostafa999.no-ip.biz 9d1.no-ip.org a.servecounterstrike.com abanas19.no-ip.biz abdo1abdo.no-ip.biz adolf2013.sytes.net ahmad909.no-ip.biz ajeeb.zapto.org ali2010.no-ip.biz aljabiry1.no-ip.biz alnazee.no-ip.org alnazee.no-ip.org alsha2e.zapto.org amere-ali.no-ip.biz aore.no-ip.org asmarany.no-ip.biz asmarany.np-ip.biz aymen112233.no-ip.org bifrost-jordan.zapto.org big-hack.no-ip.com blackhawk.myftp.biz cggfhddsscds.no-ip.biz cxxz.no-ip.biz damla.no-ip.org dhuaa.no-ip.org dnsip.servehttp.com doopy99.zapto.org fadliking.sytes.net fons.no-ip.info frostate.no-ip.biz ghoster13.no-ip.biz gmail2013.no-ip.info hackeralbasrah.no-ip.biz haedar.no-ip.biz hanan96.no-ip.bizport iraqi2013.servemp3.com jn.redirectme.net klagord.no-ip.org kurd2013.no-ip.biz localh0st.servehttp.com loll1.no-ip.biz m4b.no-ip.org mda.no-ip.org microsoftsystem.sytes.net milito.no-ip.org mohez.no-ip.org msy.myvnc.com naza.no-ip.biz new-hacker.no-ip.org oscar-bif.zapto.org portipv6.redirectme.net pthacker.no-ip.org ramadan.zapto.org sdgsg.no-ip.biz shawaf.sytes.net shee5iq.no-ip.biz shee5iq.no-p.biz sro7.no-ip.info systemsxp.sytes.net theghostholako.no-ip.org thescorpionking.no-ip.org utilesat.zapto.org uty.myq-see.com wahidhackerdz.no-ip.biz xkiller.no-ip.info xmx.no-ip.info xxsc.no-ip.org xxxxxx.no-ip.biz yahoomail.3utilities.com zilol.no-ip.org # Reference: https://twitter.com/Racco42/status/1174605204353949697 # Reference: https://app.any.run/tasks/27a475ac-c113-49be-b947-f580662600e4/ 91.132.139.181:9999 # Reference: https://twitter.com/Littl3field/status/1174624023709454336 178.124.140.148:3571 # Reference: https://www.menlosecurity.com/hubfs/pdfs/Menlo_Houdini_Report%20WEB_R.pdf dz47.servehttp.com maroco.linkpc.net maroco.myq-see.com maroco.redirectme.net # Reference: https://twitter.com/pmelson/status/1175928909264838660 185.251.38.91:5555 # Reference: https://twitter.com/dvk01uk/status/1176483058058440705 # Reference: https://app.any.run/tasks/62990e45-e920-48b0-a3b3-9ce2e83f99dc/ 192.169.69.25:7757 79.134.225.100:2813 2813.noip.me # Reference: https://twitter.com/Racco42/status/1178932126588297217 45.79.41.137:2344 # Reference: http://blog.morphisec.com/hworm-houdini-aka-njrat chroms.linkpc.net finix5.hopto.org finixalg11.ddns.net salh.linkpc.net # Reference: https://twitter.com/fletchsec/status/1179891198615531521 # Reference: https://www.hybrid-analysis.com/sample/a1da7465c3893cb30408820ee821210c0c1c008dcfde0af167f33e9db61975a2/5d965b610288389582043002 186.85.86.96:1235 nfiefbwihf48h9wun3foisnc98ehfb9uwfu.duckdns.org # Reference: https://twitter.com/Racco42/status/1131130800630579200 admin1960.linkpc.net savelifes.tech # Reference: https://twitter.com/Racco42/status/1111615130272444416 181.52.113.177:8105 socketw3.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1092764605766483969 194.5.99.53:5732 # Reference: https://twitter.com/luc4m/status/1092483141619601408 easyresa.ddns.net shkis.publicvm.com # Reference: https://twitter.com/luc4m/status/1073257560625569792 goz.unknowncrypter.com # Reference: https://twitter.com/Racco42/status/1064880890277494785 185.141.27.177:6544 # Reference: https://twitter.com/DissectMalware/status/1008387935199260672 # Reference: https://www.virustotal.com/gui/domain/suport.ddns.net/relations 141.255.145.240:233 141.255.145.255:233 141.255.145.87:233 141.255.146.205:233 141.255.146.59:233 141.255.148.251:233 141.255.148.91:233 141.255.149.205:233 141.255.151.184:233 141.255.152.112:233 141.255.153.20:233 141.255.153.7:233 141.255.155.127:233 141.255.157.34:233 141.255.158.240:233 141.255.158.49:233 141.255.158.62:233 141.255.159.223:233 179.89.100.165:233 196.70.42.129:233 93.182.168.132:233 93.182.168.14:233 93.182.168.15:233 93.182.168.16:233 93.182.168.29:233 93.182.168.31:233 93.182.168.36:233 93.182.168.6:233 93.182.168.8:233 93.182.169.10:233 93.182.169.29:233 93.182.169.30:233 93.182.169.32:233 93.182.170.11:233 93.182.170.141:233 93.182.170.145:233 93.182.170.33:233 93.182.170.5:233 93.182.171.131:233 93.182.171.146:233 93.182.171.164:233 93.182.171.22:233 93.182.171.25:233 93.182.171.26:233 93.182.171.5:233 93.182.172.21:233 93.182.173.20:233 93.182.173.21:233 93.182.173.37:233 93.182.173.6:233 93.182.174.23:233 141.255.145.240:322 141.255.145.255:322 141.255.145.87:322 141.255.146.205:322 141.255.146.59:322 141.255.148.251:322 141.255.148.91:322 141.255.149.205:322 141.255.151.184:322 141.255.152.112:322 141.255.153.20:322 141.255.153.7:322 141.255.155.127:322 141.255.157.34:322 141.255.158.240:322 141.255.158.49:322 141.255.158.62:322 141.255.159.223:322 179.89.100.165:322 196.70.42.129:322 93.182.168.132:322 93.182.168.14:322 93.182.168.15:322 93.182.168.16:322 93.182.168.29:322 93.182.168.31:322 93.182.168.36:322 93.182.168.6:322 93.182.168.8:322 93.182.169.10:322 93.182.169.29:322 93.182.169.30:322 93.182.169.32:322 93.182.170.11:322 93.182.170.141:322 93.182.170.145:322 93.182.170.33:322 93.182.170.5:322 93.182.171.131:322 93.182.171.146:322 93.182.171.164:322 93.182.171.22:322 93.182.171.25:322 93.182.171.26:322 93.182.171.5:322 93.182.172.21:322 93.182.173.20:322 93.182.173.21:322 93.182.173.37:322 93.182.173.6:322 93.182.174.23:322 141.255.145.240:323 141.255.145.255:323 141.255.145.87:323 141.255.146.205:323 141.255.146.59:323 141.255.148.251:323 141.255.148.91:323 141.255.149.205:323 141.255.151.184:323 141.255.152.112:323 141.255.153.20:323 141.255.153.7:323 141.255.155.127:323 141.255.157.34:323 141.255.158.240:323 141.255.158.49:323 141.255.158.62:323 141.255.159.223:323 179.89.100.165:323 196.70.42.129:323 93.182.168.132:323 93.182.168.14:323 93.182.168.15:323 93.182.168.16:323 93.182.168.29:323 93.182.168.31:323 93.182.168.36:323 93.182.168.6:323 93.182.168.8:323 93.182.169.10:323 93.182.169.29:323 93.182.169.30:323 93.182.169.32:323 93.182.170.11:323 93.182.170.141:323 93.182.170.145:323 93.182.170.33:323 93.182.170.5:323 93.182.171.131:323 93.182.171.146:323 93.182.171.164:323 93.182.171.22:323 93.182.171.25:323 93.182.171.26:323 93.182.171.5:323 93.182.172.21:323 93.182.173.20:323 93.182.173.21:323 93.182.173.37:323 93.182.173.6:323 93.182.174.23:323 141.255.145.240:324 141.255.145.255:324 141.255.145.87:324 141.255.146.205:324 141.255.146.59:324 141.255.148.251:324 141.255.148.91:324 141.255.149.205:324 141.255.151.184:324 141.255.152.112:324 141.255.153.20:324 141.255.153.7:324 141.255.155.127:324 141.255.157.34:324 141.255.158.240:324 141.255.158.49:324 141.255.158.62:324 141.255.159.223:324 179.89.100.165:324 196.70.42.129:324 93.182.168.132:324 93.182.168.14:324 93.182.168.15:324 93.182.168.16:324 93.182.168.29:324 93.182.168.31:324 93.182.168.36:324 93.182.168.6:324 93.182.168.8:324 93.182.169.10:324 93.182.169.29:324 93.182.169.30:324 93.182.169.32:324 93.182.170.11:324 93.182.170.141:324 93.182.170.145:324 93.182.170.33:324 93.182.170.5:324 93.182.171.131:324 93.182.171.146:324 93.182.171.164:324 93.182.171.22:324 93.182.171.25:324 93.182.171.26:324 93.182.171.5:324 93.182.172.21:324 93.182.173.20:324 93.182.173.21:324 93.182.173.37:324 93.182.173.6:324 93.182.174.23:324 suport.ddns.net # Reference: https://twitter.com/DissectMalware/status/986467663353442305 # Reference: https://www.hybrid-analysis.com/sample/f0a1aeaf2a6f3c6098696d3802675097072459b89213177f1e4f1494a67c250a 185.209.85.177:5000 # Reference: https://twitter.com/Racco42/status/1017007079813451778 tune.tym-internationals.com # Reference: https://twitter.com/Racco42/status/995955505221730304 ihsann.casacam.net # Reference: https://app.any.run/tasks/505c6e4c-723b-46b0-8917-c200c65817ea/ 181.215.247.18:3339 185.198.59.114:5000 # Reference: https://twitter.com/Racco42/status/982731639301267459 lordsdoing2017.ddns.net # Reference: https://github.com/silence-is-best/c2db#dunihi 192.186.145.93:8885 # Reference: https://github.com/silence-is-best/c2db#houdini-aka-vjworm-vjw0rm jihanenouhaila.ddns.net # Reference: https://twitter.com/Racco42/status/1183666041706168321 194.5.98.216:10122 # Reference: https://twitter.com/JAMESWT_MHT/status/1185131622263377923 # Reference: https://app.any.run/tasks/b79dcfcd-5b9b-404f-aaf6-a9ea55109284/ 186.147.55.19:5473 186.147.55.19:8371 186.147.55.19:8372 192.169.69.25:8370 mozillamaintenanceservice.duckdns.org papeleradereciclaje.duckdns.org seguridaddewindows.duckdns.org # Reference: https://app.any.run/tasks/1bd816aa-3764-480e-ba70-b57b36551bc7 # Reference: https://www.virustotal.com/gui/ip-address/213.208.152.217/relations nascoman.ddnsgeek.com 213.208.152.217:14337 60.50.181.240:14337 # Reference: https://www.virustotal.com/gui/ip-address/79.134.225.80/relations 79.134.225.80:7776 # Reference: https://pastebin.com/29uSdMAk 185.165.153.172:3642 homi.doomdns.org # Reference: https://twitter.com/wwp96/status/1193987577323360256 # Reference: https://app.any.run/tasks/dc2b37db-6f22-4d4c-b13e-ae863ddc9004/ 185.165.153.45:2014 # Reference: https://www.binarydefense.com/revenge-is-a-dish-best-served-obfuscated/ # Reference: https://otx.alienvault.com/pulse/5dcad67ae098a56db0a277d5 # Reference: https://www.virustotal.com/gui/file/d55d5b0c6f41cc6a86764a07715a1a38f2fddda9b90ec641d902be8946939d14/detection # Reference: https://www.virustotal.com/gui/ip-address/185.84.181.102/relations # Reference: https://www.virustotal.com/gui/ip-address/193.56.28.179/relations 185.165.153.14:4132 185.84.181.102:5478 193.56.28.134:5478 07actnewdocreview.servebeer.com 247accountreview.hopto.org 2d0low.warzonedns.com acountfordocreview.redirectme.net alertnewdoc.3utilities.com aloc21.ddns.net alphazone12.bounceme.net britianica.uk.com cboss33.hopto.org glotin.zapto.org hazaz12.hopto.org info1.nowddns.com kartelicemoney.duckdns.org newdocreviewonline.3utilities.com omada91.ddns.net ubadaddy.ddns.net zamza.hopto.org # Reference: https://twitter.com/Racco42/status/1194915765755031554 185.29.10.15:7777 # Reference: https://mp.weixin.qq.com/s/lUtXwWjPVMHXfR6oLnXYhQ # Reference: https://otx.alienvault.com/pulse/5dd27af757b18947b0544345 # Reference: https://ti.qianxin.com/blog/articles/anatomy-of-moonLight-attack-on-the-middle-east/ 192.119.111.4:4521 192.119.111.4:4587 # Reference: https://twitter.com/cyber__sloth/status/1197120949755219968 microsoftntdll.sytes.net # Reference: https://twitter.com/JayTHL/status/1199347277510270977 188.76.111.76:21125 # Reference: https://www.virustotal.com/gui/file/ca4299f39f28700d8e667451f756fb9637403bb2051d916e90378afe15ff3a57/detection 188.76.111.76:21926 # Reference: https://www.virustotal.com/gui/file/ed7e46b0cf27b8f728cdd71a7c4ae98afde8d2e63f0817eb322c8e77bdd767c5/detection new2019.mine.nu webhoptest.webhop.info # Reference: https://www.virustotal.com/gui/file/141d48379222c0866a009713d0fd18d5ab6ceb5d98a93f63f2c9f1b9aea25f25/detection 192.236.194.169:4422 192.236.194.169:4455 31.13.79.17:4433 31.13.82.23:4433 mmksba.dyndns.org mmksba.simple-url.com # Reference: https://www.virustotal.com/gui/file/b7f8a55906d7246ab2b6222f10f38e33947aaa9d0e2a182688129386b11b0759/detection 176.58.72.195:4424 5.133.24.135:4424 mmksba100.linkpc.net # Reference: https://www.virustotal.com/gui/file/d4055047fcbc3424694d071ab30c96b696aa47353464e2a648627aaae5474493/detection 103.136.43.131:1425 138.68.229.219:7744 159.65.75.168:7744 192.169.69.25:1425 192.169.69.25:7744 # Reference: https://www.virustotal.com/gui/file/929e7fdd01a604fa8070d752365af3651f6ac82fd90e4fd6eb8c7e10b1d0711f/detection 185.92.220.177:3030 sokomoko.duckdns.org xbacks.duckdns.org # Reference: https://www.virustotal.com/gui/file/2ab9443a1d793828f9adfe0736bb7a9b45cc6d968847b5f75fcce678af71424f/detection 192.69.169.25:1000 njhost.hopto.org todoaqui.duckdns.org # Reference: https://www.virustotal.com/gui/file/7aff993ed971c40aa483a334f5cb4c71e07278fb1a78d422c3d378bdb07360cd/detection 79.134.225.71:10001 thankyoulord.sytes.net # Reference: https://twitter.com/wwp96/status/1211677791822983170 # Reference: https://app.any.run/tasks/aa27eb28-6432-4e46-891f-4cc804ff29d3/ 37.120.145.184:9999 wshsoft.company # Reference: https://www.virustotal.com/gui/file/dc99eb7e9bc0d251c19893f5fade268b5bcc7f148a2b549edd555758a1eb080d/detection 193.161.193.99:35778 193.161.193.99:47195 blackid-35778.portmap.io blackid-47195.portmap.io # Reference: https://www.virustotal.com/gui/file/053f4d8ec5c79e12c0214a38475d2adf80eb66dd910b279bd8547996bbc1be02/detection vemvemserver.duckdns.org # Reference: https://www.virustotal.com/gui/file/bedc43be4177fb73172a6ca0a9520e096b567fbfdb0c549b5aa65b2135268d56/detection 216.38.8.175:2356 216.38.8.175:2357 doughnuthoney.com emisintl.com # Reference: https://www.virustotal.com/gui/file/192d31f001c6551081873a98a4d14575bab6003f143e916fb9b7eeef4273bbf8/detection 186.85.86.50:8210 socketw4.duckdns.org # Reference: https://www.virustotal.com/gui/file/a1215d5e03dbfce21bc1000f57e0ea955427bc3314471518b1771e4fbad53f67/detection 181.141.4.105:6363 microsuftplay656.duckdns.org # Reference: https://www.virustotal.com/gui/file/3f3989ddb1dd14df5b937cca78ec5e039e9cccad59e726c2196c758c2c5d0990/detection 185.165.153.14:4132 # Reference: https://www.virustotal.com/gui/file/ad3b52dccec40e7924bb59f320ae536e5eb2903456a284113bf9609ae2e582ab/detection 185.84.181.102:5478 193.56.28.134:5478 # Reference: https://www.virustotal.com/gui/file/64af7d8a5d13fc5523f55eaef17a5ae8bdbe69f47c4d77a6fa2273d3d751ea28/detection 175.140.1.8:14337 175.144.118.127:14337 # Reference: https://www.virustotal.com/gui/file/93201744ed9d58b1cfdffe2404abd8b43571c32aa894d2250226ae9bfa180cd0/detection 216.38.8.175:2359 # Reference: https://www.virustotal.com/gui/file/a82079d073c6aa574c7bdaf6fbb4d92150b589ac7c64cbc879493d347adec691/detection 79.134.225.105:9213 # Reference: https://www.virustotal.com/gui/file/368fbed374ff8ddcfdb713ab32b74e58611f0e399a1fb550294c087bea54dc71/detection 92.38.86.175:1337 # Reference: https://www.virustotal.com/gui/file/20a9591cddd7876dca477f912f4af83e4a7f859bbb6f618dbc64576a8680df1f/detection 69.171.224.40:9094 79.134.225.72:4132 toustruksd.mywire.org # Reference: https://www.virustotal.com/gui/file/3c2596940559732bc88a38c163c70bf9f9a9d49fc065be8aa4bcef7a299418f2/detection plugnsrv2.duckdns.org # Reference: https://www.virustotal.com/gui/file/fea25a627fc28d92aea6a51b74d6b71ef9aae27fb9ca1f4041b262434423ee0a/detection 185.244.30.19:5000 # Reference: https://www.virustotal.com/gui/file/c229c614c9bd2b347fd24ad12e3c157c686eb86bc0a02df1c7080cf40b659e10/detection 194.5.98.46:4132 # Reference: https://www.virustotal.com/gui/url/76ac2d4c2a0552c632071f062bdaa4ea158b98b610305a35f51ffe5151964b5a/details 141.255.155.122:9988 wrk99.ddns.net # Reference: https://app.any.run/tasks/7492c122-a646-468c-9531-50d40a2da425/ updatewinrar.duckdns.org chance2019.ddns.net 185.165.153.165:1036 # Reference: https://app.any.run/tasks/90163f12-f649-4689-8e02-f8f0f036d0bb/ dhanaolaipallets.com 185.244.30.19:5000 # Reference: https://www.virustotal.com/gui/domain/dabadaba225.duckdns.org/relations 192.169.69.25:43300 dabadaba225.duckdns.org # Reference: https://www.virustotal.com/gui/file/14862182488371811658558c0024e78b6d81419b4f2bdb8628e2184ccd9ebfff/detection 213.152.162.154:3903 # Reference: https://www.virustotal.com/gui/ip-address/197.27.69.48/relations 197.27.69.48:3010 # Reference: https://twitter.com/JAMESWT_MHT/status/1220027808791044096 # Reference: https://app.any.run/tasks/52b380ef-b29d-48fe-b63b-8160f4bec416/ 194.5.99.45:44300 deepweb212.duckdns.org # Reference: https://pastebin.com/0ZxSHAWi 192.169.69.25:44300 # Reference: https://www.virustotal.com/gui/file/581d0676872101e1eb9c3dab54da43eaf4bc70141ed1985e8c8018aea0418ed3/detection 192.169.69.22:8884 psnpsnpsn.duckdns.org # Reference: https://www.virustotal.com/gui/file/221c20f334ad19314517b53b997694a8dfacb6974137686079f6c54449fa35dd/detection 192.169.69.22:1922 # Reference: https://www.virustotal.com/gui/file/24f2322b8ee33c26bddbf7aa62a8835cfa1a6c5145ca26ba3441254d7dbd9d35/detection # Reference: https://www.virustotal.com/gui/file/f4f74c829121448d70bef413e6cd9c43f3de9084f03cf90656dcc0f1d5dce980/detection joker500.mywire.org # Reference: https://www.virustotal.com/gui/file/2550cd813fa1375087c78d715f182cb3b480254b741adaf442b1d9bdf479c4c4/detection jbarynhsn.duckdns.org # Reference: https://www.virustotal.com/gui/file/3acbad45d8730e3658b6cf926339f239953dd933190f75cf9bb3db81c299c0c7/detection 79.134.225.24:70 # Reference: https://www.virustotal.com/gui/file/e91e821c14a5fe33982952d83be3917515e720dc8d6e7e91bc91b504a2fe7d95/detection 152.245.176.96:70 152.246.206.5:70 79.134.225.20:70 # Reference: https://www.virustotal.com/gui/file/7c85327300dcf7266b90c49c46a31d36de4689229f3433757cc451ec803aaccb/detection 185.62.189.77:5000 # Reference: https://app.any.run/tasks/06046cbc-8a54-4bfe-8297-372cd60eeb3a/ 185.244.30.92:4587 # Reference: https://www.virustotal.com/gui/file/f0f425ab50a4839e3fcf9a69d944473ae37813e076aed3d6bc3b44ce8ae206b5/detection 95.233.69.34:1188 # Reference: https://www.virustotal.com/gui/file/e52ea99a66bcbed844d7ba2f439b59e45c2566e80dfa486f2392be4a38a0ee13/detection 79.35.43.177:81 # Reference: https://www.virustotal.com/gui/file/933b42479f92cc0682576621d139316a503e7217bb50fe0341405e8d6a60332d/detection 79.30.198.114:81 # Reference: https://www.virustotal.com/gui/file/77ba7bba82eabb82fd6d35ce24bf45150da2461cb0e6f794960b7ca0cb52e08e/detection 87.16.46.48:81 95.247.42.192:81 # Reference: https://www.virustotal.com/gui/file/9a73a75bfea3da19e4b3a9d0f92e611ad3c6fb2e17d92b927b89e4521d935b96/detection 79.33.46.247:81 # Reference: https://www.virustotal.com/gui/file/511c799d7b661092314c00b762f2e6726759d2bc699bcd8d16d2724610f2f290/detection 79.30.213.227:81 # Reference: https://app.any.run/tasks/83f88cce-cdf7-48d1-9915-4da55f6241a1/ sexylegs.ddns.net # Reference: http://benkow.cc/export_rat.php (Note: as seen on 2020-02-26 - filtered) anahowa.duckdns.org bellevie.duckdns.org ghanaandco.sytes.net loginsecure.mywire.org mouqgsud.duckdns.org ozill619.ddns.net shore.kozow.com ssss22.ddns.net sub2.qaysarpizzajo.xyz top2.alqaysarpizza.xyz total-virus.myq-see.com # Reference: https://app.any.run/tasks/e264efca-90d4-4c69-b86d-074e3f213ea5/ 185.244.30.92:3546 # Reference: https://www.virustotal.com/gui/domain/arseisa.no-ip.org/relations arseisa.no-ip.org # Reference: https://www.threatminer.org/sample.php?q=3020b84a6e350dd10ad070aa184209b5 ali2627.ddns.net # Reference: https://www.threatminer.org/sample.php?q=ce434374314444912254af88faa3c204 microsoftaccount.myvnc.com # Reference: https://www.threatminer.org/sample.php?q=d499243df4e1405b18fd411032bcdedb mimi06.zapto.org # Reference: https://www.threatminer.org/sample.php?q=75be7737707a3c6fbb732d6c3fa46c99 tatabatata.hopto.org # Reference: https://www.threatminer.org/sample.php?q=151e1983c54690c9d6972d91cb5f5011 xn8n8.sytes.net # Reference: https://www.threatminer.org/sample.php?q=68217e8092e97336f143489a6cf9804d 23df.myq-see.com # Reference: https://www.threatminer.org/sample.php?q=37d212a09a72bc79781b19311d061767 absiii.ddns.net absikwt.ddns.net absikwt88.ddns.net # Reference: https://www.threatminer.org/sample.php?q=2b664826552bf37b23f185e7675f310c avfucker.com # Reference: https://www.threatminer.org/sample.php?q=3c6b003e50a9c72ed12942afe897718d coobra.zapto.org # Reference: https://www.threatminer.org/sample.php?q=7415faef2d164505e450e181b6d69d0d ecu-sec.hacked.jp # Reference: https://www.threatminer.org/sample.php?q=bac1e4bc667f3a14e83a82a8f029bc9e hllll.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=26a8615022bac8666804fe2f1add8ba6 jrmodas.no-ip.org # Reference: https://www.threatminer.org/sample.php?q=2a2e7d3844f735687c8d8e8ad22112f4 kfr.sytes.net # Reference: https://www.threatminer.org/sample.php?q=c0df9b9539b2b9a36d38340c24bb1f6a ludvanjohnson.zapto.org # Reference: https://www.threatminer.org/sample.php?q=9bbbcfd508fbe11ba52e4f4b1ed40e49 mlkm33.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=1a82cbb7eb48319a6fe56ccaa4c1bba6 mzab47.myq-see.com # Reference: https://www.threatminer.org/sample.php?q=38c6a71f408395993540493a5e2d0067 profess3ional.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=209cc75973f0d896e078350eb404751a raouf-vbs.no-ip.biz # Reference: https://www.threatminer.org/sample.php?q=e6e7cd28c5f8a4fcf557d46d0efe9393 tcp.nightowldvr.com # Reference: https://www.threatminer.org/sample.php?q=cb4ab603c5d31677099bf54805b95d54 tdiod.zapto.org # Reference: https://www.threatminer.org/sample.php?q=9e55e00fd5e2420ad7b14adcf70f7e53 vipx.zapto.org # Reference: https://www.threatminer.org/sample.php?q=bec5d7e5df05bd02d6ba81aeb29407ce whisher.no-ip.org # Reference: https://www.threatminer.org/sample.php?q=171dabfb315dec64e52691e93c432300 winup.publicvm.com # Reference: https://www.threatminer.org/sample.php?q=e7b3ff4591a4c026bfdd9e42af03807c wiredmax.no-ip.org # Reference: https://www.virustotal.com/gui/file/db4fe7e43c19a1d17e4b7738c36b85ebfb5cc5d91db25ac5ac4b94af82a0b68a/detection 213.45.7.218:1188 sensual2020.ddns.net # Reference: https://www.virustotal.com/gui/file/38df912352f1d4e3e871261be13ad8eef44dcf2979e6603f6888c531111d3ede/detection 82.55.251.22:1188 # Reference: https://www.virustotal.com/gui/file/17e58d20dbd15ecbf1ac9a8482b2273581860abbcfd3d093cbbdcbefa0d2a158/detection 82.61.221.212:1188 # Reference: https://www.virustotal.com/gui/file/9097ae5f5d63fa5a74c67384bcc6fee14e046d0c21a18424edc479f16052e8eb/detection 192.121.247.97:1414 # Reference: https://www.virustotal.com/gui/file/7a556ed1083575a556b4bc3b4b7e35c4419367e5bb0bcf7285e7862343022ec8/detection 194.35.115.16:1414 # Reference: https://www.virustotal.com/gui/file/c7f5e679b44ff70d1f0cb302b0727744decd967fd0984e6b5d62bbe904cf6a8f/detection 194.35.115.43:1414 # Reference: https://www.virustotal.com/gui/file/98644e0e9ec41617fb8baea461bd7eec879e8504397a01a2098ffe53d3564b38/detection 102.69.4.170:1414 # Reference: https://www.virustotal.com/gui/file/4f5e28b7c22bfb6d9c5279b5be1d7b62ddca3c94c1350f19b0e7dce309504bb5/detection 102.69.2.129:1414 # Reference: https://www.virustotal.com/gui/file/d8fefc2f17dff156f575c36b7fc2ce84f4f1d55b3bb01d9e29965478ee51a6eb/detection 172.111.196.133:1414 # Reference: https://www.virustotal.com/gui/file/063efa057d9ba0e91f3f9ca461cf73ad96e3ab67718a1c71e8143f477d7460bd/detection 102.69.4.88:1414 # Reference: https://www.virustotal.com/gui/file/5406475d295f7cb80a87dc2858d2af48594714d65a3bec9da048753f4116ada7/detection 46.243.141.97:1414 # Reference: https://twitter.com/Bl4ng3l/status/1236946300463190017 # Reference: https://app.any.run/tasks/62f5c5aa-4a3d-483f-a737-d3a39c20f7fd/ 78.138.105.191:7504 pphndirmm.hopto.org # Reference: https://www.virustotal.com/gui/file/36a8d97504bb0437a0dfdb35fcb161b8169f4b77c3a75184e40c4f129f1a61d7/detection 196.234.188.115:3008 # Reference: https://www.virustotal.com/gui/file/0d9cbd75a3a1f154b2cee4efe4bd6bf1ab00340f45289113ce6ab00fdd69cf27/detection 196.234.207.160:3008 # Reference: https://twitter.com/malwrhunterteam/status/1238790854514532353 # Reference: https://www.virustotal.com/gui/ip-address/181.141.13.108/relations 181.141.13.108:1900 marzo132020.duckdns.org marzo42020.duckdns.org # Reference: https://www.virustotal.com/gui/file/526bc4ebea1c78d540ffb273a477ede65d2e97fb2af35b7cea80d9de0ce13890/detection 149.200.190.218:190 # Reference: https://www.virustotal.com/gui/file/99b0705fb9c26482904efbb35507d9d6eed783414a9f85a03ebe169839fb2800/detection # Reference: https://www.virustotal.com/gui/file/6f78d9ae6a2bed1789868849bd7cef8503973785193c8c3a20173104017b0057/detection 149.200.189.60:190 # Reference: https://www.virustotal.com/gui/file/570b6d49bb0667b868293bc432fe325f46237e1f8249d3756561a062986359df/detection 91.109.176.5:190 # Reference: https://www.virustotal.com/gui/file/cfb3b7886160198eb36879727e9c5a142f733af13acd65e3680e190f0dcdcefa/detection 188.247.73.175:190 # Reference: https://www.virustotal.com/gui/file/05910bef557bb3f0acbc198ae78017011c75349f45bac028f51d329436259279/detection 217.138.215.125:190 # Reference: https://www.virustotal.com/gui/url/609b9405352293863e2f41d5648a1861f4455f388e85e31d71b5ec60ab7989d4/details 185.19.85.155:9045 # Reference: https://www.virustotal.com/gui/file/2da8f420290e7068297d77c15aed0327eed74380cdc68e8990e2add41654bc57/detection igfx.ddns.net # Reference: https://www.virustotal.com/gui/file/27b749b33e052473fdd1045493b0eeca34a4b8a5e2863f2e838e561d60088880/detection 185.165.153.228:2014 kimjoy007.dyndns.org # Reference: https://app.any.run/tasks/4b73163e-c948-43ce-ac2d-a2df4bddbab7/ 192.169.69.25:8000 # Reference: https://www.virustotal.com/gui/file/f12113dfd58eebfc534a60d5b4d095f9bd6e1c4631fc2e15fa74e6b769dda6c0/detection 193.26.21.80:4025 # Reference: https://twitter.com/Racco42/status/1243523523013992448 # Reference: https://app.any.run/tasks/238a152a-5bb6-40a5-937a-e7b472957dee/ 102.141.212.9:2003 2003wsh.ddns.net # Reference: https://www.virustotal.com/gui/file/f26944ff49e0437533df291a1ce454631cbb77eae51e0757e2ca4393aeaed70b/detection 156.223.86.230:4000 # Reference: https://www.virustotal.com/gui/domain/uty2.no-ip.org/relations 204.95.99.86:5510 # Reference: https://twitter.com/0xCARNAGE/status/1246422142427770881 # Reference: https://app.any.run/tasks/a25d886d-bec7-43d4-9015-302f051844de/ 192.169.69.25:8899 # Reference: https://www.virustotal.com/gui/file/51fba0dc5149e23b697d955c63feaec88cad72d77b97a02ec559ac8057edb569/detection 204.95.99.26:22 boss21121.no-ip.org # Reference: https://bazaar.abuse.ch/sample/b8ac5893e69e9e99d02d7498c2a68ae4b44dcb025ec2886e46f0d1703ad93db9 185.62.58.109:2208 musicport.duckdns.org # Reference: https://twitter.com/FaLconIntel/status/1255665102264528898 # Reference: https://app.any.run/tasks/3f461626-f5e7-4a6c-8b5b-f517bb5619e2/ # Reference: https://www.virustotal.com/gui/file/a609076b02f19b4dd1ce2b365cdfacd2bb89042fbede90b698a5a1f9003138b4/detection # Reference: https://www.virustotal.com/gui/file/053721878d63edba7b43ea65c0fe11e6fdbdd969376d34a107d689609b47035f/detection 188.76.111.85:21125 191.101.124.8:21125 217.216.90.29:21125 # Reference: https://twitter.com/James_inthe_box/status/1257624020490436610 79.134.225.80:7060 # Reference: https://twitter.com/ActorExpose/status/1257617349286510593 # Reference: https://www.virustotal.com/gui/domain/dsaety.hopto.org/relations # Reference: https://app.any.run/tasks/061c2039-0a08-48e6-bf99-f6c040586aa1/ 79.134.225.80:807 dsaety.hopto.org # Reference: https://twitter.com/JAMESWT_MHT/status/1263801108444712967 # Reference: https://app.any.run/tasks/78c84285-5569-43bc-916a-8e2fa61010d2/ suka-mht.duckdns.org # Reference: https://www.virustotal.com/gui/file/1e09e5b0f0a2b92dd508bd1b9a3d2094b16076e879e74a8e137ef92b10b0f7fa/detection 37.106.167.17:4343 94.99.52.125:4343 94.97.34.100:4343 # Reference: https://www.virustotal.com/gui/file/7e892538f59ed8025147b3a1c333ef39b9633b71dcccbd939157ed9ba7869032/detection 154.66.19.253:4191 ghostwsh4191.ddns.net # Reference: https://www.virustotal.com/gui/file/20313c395789a155d8bc37d3ec617bd6641724e540246c088061c7ad06b6ec67/detection 31.13.76.16:7800 69.63.181.12:7800 # Reference: https://www.virustotal.com/gui/file/24ecc1a35f077c65e1fcc1a127ff3e6727808c2791fda3a0711a895bb450f9b2/detection 188.52.123.43:7800 # Reference: https://www.virustotal.com/gui/file/c67648c0016e1d66ec344ff329a3ab288ffca75034869e8606c736eb7d07dd8a/detection 188.52.27.9:7800 # Reference: https://www.virustotal.com/gui/file/0d6754f45501de6dd8f63917c09ab884691475a1e7da6f4c7458d578cc940544/detection 69.63.176.59:7800 # Reference: https://app.any.run/tasks/9c5d42c7-c22e-4070-b1cf-5a3bad6ffbc8/ 84.38.134.21:6696 # Reference: https://www.virustotal.com/gui/file/2cc18a9def3d2f33ebfc7d6ec9e49fbf69259014376098842e378ca4376ff6f7/detection 185.22.32.53:1987 life698.ddns.net # Reference: https://www.virustotal.com/gui/file/aa85a5f32b8f57f2714edfd8f18d7c6f8e0031667997dcb3e920515952658a50/detection 185.97.93.0:1987 # Reference: https://www.virustotal.com/gui/file/70c1dde88e26977f33048b549468d847c34e22e592c62d040564d7cf59a69446/detection 195.33.241.242:6464 # Reference: https://www.virustotal.com/gui/file/652d991541bd96a23dfed6e96460222796718b226ab932036ece3777f5035353/detection 194.5.98.191:3021 rwsh.duckdns.org # Reference: https://app.any.run/tasks/024b86d5-6f92-43d4-9b36-1aa7c213c461/ 185.244.30.3:47580 microsoftnetframework4820190418.duckdns.org # Reference: https://www.virustotal.com/gui/file/7ece6173931237b004f4d24c8bd5ff5808a310f35fd6e630d04272f1e1f4c30e/detection 185.244.30.27:4521 # Reference: https://www.virustotal.com/gui/file/e871009c75f8bd31875c40d541d0364ae26ce07840bdec5eb6c21016fa491822/detection 196.68.159.250:85 migatol.myq-see.com # Reference: https://www.virustotal.com/gui/file/a4587f4d355ab9205cdf10d26db5080f4c59b07aeb6af5b79dac2e88eec5f174/detection 105.159.99.251:85 # Reference: https://www.virustotal.com/gui/file/f7bdbe29f5a2dfbc57bb87466b012af8baa98159218280a66bdf0f6c938ecd6d/detection # Reference: https://www.virustotal.com/gui/file/378e0087d858c175bb95b1a08ced7dfa556793fd37ce8cc94ebf2acbca4fa513/detection 160.179.168.197:1981 160.179.168.197:85 # Reference: https://www.virustotal.com/gui/file/fdd949fdb65732453e4b329606f34bdb177f8407c40c96f17a03e6b6f8acff83/detection 105.131.160.44:85 # Reference: https://www.virustotal.com/gui/file/6ba34249975b968ff26779a4b561413d8c044975b8f5f99d8829ae3be2ca5bda/detection 196.75.182.209:85 # Reference: https://www.virustotal.com/gui/file/be113396177388c07f95180ba097eab29d30d44c18914ca969fb78259ddc629d/detection 41.224.113.186:9988 # Misc (incidents) tablet.system-ns.net # Reference: https://twitter.com/Racco42/status/1301120815421968386 # Reference: https://app.any.run/tasks/24992ec2-23f5-4ca4-bd10-4aa588131bde/ 185.244.30.22:8899 # Reference: https://www.virustotal.com/gui/file/ed957c2024e104cecdc42223f57b6be5f55cc42a50b17bcafd6a019f7f1258ab/detection # Reference: https://www.virustotal.com/gui/file/29dd5e402c0749c0b6b3cf5d88908309b124d2d47aec2f7ef9a2b28bbfbd916a/detection # Reference: https://www.virustotal.com/gui/file/83200d64a920af3351f315a0c51b854e287917b94579eb4d455c7c1ab945ab0e/detection 129.174.188.113:11069 129.174.188.155:11069 193.218.118.190:16039 194.9.70.179:16039 31.13.65.17:16039 51.254.56.13:16039 66.220.149.18:16039 niogem1171.3utilities.com niogem1171.bounceme.net niogem1171.ddns.net niogem1171.ddnsking.com niogem1171.freedynamicdns.net niogem1171.freedynamicdns.org niogem1171.gotdns.ch niogem1171.hopto.org niogem1171.myftp.biz niogem1171.myftp.org niogem1171.myvnc.com niogem1171.onthewifi.com niogem1171.redirectme.net niogem1171.servebeer.com niogem1171.serveblog.net niogem1171.servecounterstrike.com niogem1171.serveftp.com niogem1171.servegame.com niogem1171.servehalflife.com niogem1171.servehttp.com niogem1171.serveirc.com niogem1171.serveminecraft.net niogem1171.servemp3.com niogem1171.servepics.com niogem1171.servequake.com niogem1171.sytes.net niogem1171.viewdns.net niogem1171.webhop.me niogem1171.zapto.org rinot972.3utilities.com rinot972.bounceme.net rinot972.ddns.net rinot972.ddnsking.com rinot972.freedynamicdns.net rinot972.freedynamicdns.org rinot972.gotdns.ch # Reference: https://www.virustotal.com/gui/file/331a71820d68e3cf3ada7f655a3ac6996a3e234e77d5f40a628ee998894495fd/detection gitanes82.zapto.org # Reference: https://www.virustotal.com/gui/file/ec953dd723a474294f5e19a05bc9e89fd0bdeb13c7d9c5149a3d65c032b37a08/detection 23.239.31.129:8001 strserver1.duckdns.org # Reference: https://www.virustotal.com/gui/file/b3857d5bfbd6ec70f7a05de0e5b3432b8b0327d7c9da4eeeed25410805d613a5/detection 197.211.61.172:2003 # Reference: https://www.virustotal.com/gui/file/9b61e86cf6899344b6e9564e1dbfacc24c8a99e9e9be8cd8f764dba7d4f7927e/detection 147.135.191.81:5005 147.135.191.81:5040 147.135.191.81:5070 donphilongz.org # Reference: https://www.virustotal.com/gui/file/1f7e9c6aed2b8cb929e3677818bd2b72142254e17f79007f984bb1b8472d99c8/detection 87.98.152.254:1196 jrandjcpa.org # Reference: https://www.virustotal.com/gui/file/7434e1d301e428fef2c5d8d624fc823112cf6a2c093087bc4c2331886dd228b0/detection 104.194.220.63:2003 104.194.220.63:2004 2004para.ddns.net # Reference: https://www.virustotal.com/gui/file/14d0d94d31663eee9e5dfd2755680f67c042ddbad81f076da2aeabb1306cfa15/detection 185.202.173.218:1777 # Reference: https://www.virustotal.com/gui/file/0aa70e7306349ec1f3b27d683bfb3fd717f242e86b508b4051e3691c584fbf8d/detection blackid-43205.portmap.io # Reference: https://twitter.com/Racco42/status/1315764795023515648 # Reference: https://app.any.run/tasks/f76cb393-c9b7-4965-b69e-19c8b9b85c2e/ 3.83.110.207:3410 79.134.225.73:6670 mparrain10.duckdns.org # Reference: https://twitter.com/Racco42/status/1316999916888227841 # Reference: https://app.any.run/tasks/f1421938-0553-4d85-aefe-7ba5dabbfecf/ 185.165.153.140:1608 miracle.hopto.org # Reference: https://www.virustotal.com/gui/file/fb7b9f4f9ea8a4678a154090f1d922cc0b8ae5c049276a529201235767c99d31/detection 2.50.98.178:1155 # Reference: https://twitter.com/abuse_ch/status/1332589889989324800 # Reference: https://bazaar.abuse.ch/sample/75fc8c0d30fd0d486fe39cb39b5ebfc4f2858a65dcdde6c23c6ce70310030958/ 148.72.153.208:1312 # Reference: https://app.any.run/tasks/e27b1f90-3f16-4b60-b2ad-8a97b9dd2294/ 197.15.26.125:1177 elbouma.hopto.org # Reference: https://www.virustotal.com/gui/file/daecfd8bf6f156e830af21deb87484af9cb2baef64fd232b0984aef22672652f/detection 197.204.16.193:99 197.207.32.40:99 204.95.99.154:99 school-pc.sytes.net # Reference: https://www.virustotal.com/gui/file/8ac2c16c1460b87563f189cb37256625e3e595dfb1a2f5ace4e79ed7d31d8388/detection hslh.sytes.net # Reference: https://www.virustotal.com/gui/file/f6e410911e8b66dec8230ddb2a465d96449520967b80325f1d1492a847c6846c/detection # Reference: https://www.virustotal.com/gui/file/d803bb1b53c1c654fb22d95597e6fc3c3a85814569832394befd6e1f374b3c1e/detection # Reference: https://www.virustotal.com/gui/file/00b51a8e8653ea7bee4555f4ecc3ff6525cbf14b75c0ba3a957dc33d74a2905d/detection # Reference: https://www.virustotal.com/gui/file/8d0605918535aaf5b101c68f4751e1922349a764a24a29baa78347a3a95d0b13/detection http://185.141.27.177 173.46.85.14:3360 185.141.27.177:6544 185.244.30.119:1604 192.254.74.210:1604 67.214.175.69:1604 jsbc-rpdr.linkpc.net jsbc-pcs.linkpc.net # Reference: https://app.any.run/tasks/77e30c7a-5bef-4f5e-a33b-0851e83809cc/ 185.19.85.172:7723 mercedez.duckdns.org # Reference: https://twitter.com/luc4m/status/1359557240970043392 # Reference: https://twitter.com/James_inthe_box/status/1359557728209805313 # Reference: https://www.virustotal.com/gui/file/3f73a4cc7c6caf091af3625073e39c6ec824bc2b6e879fc92e285673cbe0266c/detection 185.19.85.172:7723 # Reference: https://www.virustotal.com/gui/file/bb1c34ee1e140f3471e7442a9c4dfbbd716292a07723edcda766bcda7f912d6b/detection 107.151.194.144:1987 41.143.73.175:1987 zawianet.system-ns.net # Reference: https://app.any.run/tasks/7f273b9c-cdee-48e3-980b-ab7c4f0df2b3/ 181.141.8.116:2027 enero13.con-ip.com # Reference: https://www.virustotal.com/gui/file/513d393c4188ecea5e050a259a28f385d6e155772841cfd62698c1b3cf5aeadf/detection 139.28.36.247:7121 # Reference: https://www.virustotal.com/gui/file/9e081e12740f807d5b60f13ecb8c1a5d8ec6c287caf28438291bd75450eed207/detection 157.245.118.233:7121 # Reference: https://www.virustotal.com/gui/file/62a013c310452140c54cbf12bedb7c917bab2b69b7675046849a5fa9493f96b3/detection upgradegoogle.duckdns.org # Reference: https://twitter.com/wwp96/status/1370610041536065538 # Reference: https://app.any.run/tasks/3998a673-d5b1-4324-adef-ac192814c9e1/ 79.134.225.73:35500 subsnet.duckdns.org # Reference: https://www.virustotal.com/gui/file/31345f36e1718d260e5c33ad6c1375ffe6a604fe1776e91bd119ff3f1a8fe384/detection # Reference: https://www.virustotal.com/gui/file/c3af01260766e2639b478d111789c9a2c5e5e4e48ebeaef67f47b5af26c2ca4e/detection # Reference: https://www.virustotal.com/gui/file/87bf216bccf4ff65ecfc6cfdad9cc50db51857247e6d2a527474f2da03817d21/detection 197.36.121.175:1111 197.36.121.175:5552 197.36.121.175:8888 197.36.197.53:5552 197.49.24.4:8888 emo131986.ddns.net # Reference: https://twitter.com/whitehoodie4/status/1374696287820464128 # Reference: https://twitter.com/James_inthe_box/status/1374722893200781316 # Reference: https://app.any.run/tasks/c1b07bf7-4f00-4d16-9211-bb92b71391fd/ 160.152.76.109:4750 5.62.56.255:4750 4750wsh25.ddns.net # Reference: https://www.virustotal.com/gui/file/5fa6a6fab7e38fca35214017927d0c1f437222b496dae7603082dc800699bc68/detection 31.180.202.92:9292 zoomix82.ddns.net # Reference: https://www.group-ib.com/blog/rats_nigeria 79.134.225.43:3397 # Reference: https://www.virustotal.com/gui/file/943b70f97713875e8e7bd5487b5dd1aa6745df26ce2eba37737207ee86092b8b/detection 194.37.97.172:1133 # Reference: https://www.virustotal.com/gui/file/e2f16421eccdbd3630bf62bdae76bcc2996c5ac43ad44d6246486a0562627cbb/detection 104.248.53.108:8898 # Reference: https://www.virustotal.com/gui/domain/viruoos.no-ip.biz/relations 37.106.105.26:81 37.107.99.207:81 94.99.30.85:81 # Reference: https://www.virustotal.com/gui/file/49e109a4d9fa02c06e9473ee72a3754cfc34591366add7936113dcd6258a8051/detection 89.40.206.121:1133 # Reference: https://www.virustotal.com/gui/file/bc847cdc5b4f6874f60bdb369ac2fe411df29a815e3028281bfb34263ddda2d8/detection 89.40.206.121:1166 # Reference: https://www.virustotal.com/gui/file/d57432ac5dbf372762c4ca3f6b039c48c2a69604268a489bf254d620fd171196/detection 41.228.7.192:666 # Reference: https://www.virustotal.com/gui/file/d6d07c27f5bf942aba27af2d56189bcd9679aa66fe37e27f48832bd46e5f2cd2/detection spacerusa13.ddns.net # Reference: https://www.virustotal.com/gui/file/fb8799ce1371689377771fb2368cf307693fca3fec98cd9e1629790055e696d0/detection houdinicasa.mywire.org # Reference: https://twitter.com/d4rksystem/status/1405535148423081997 23.146.242.162:1030 # Reference: https://app.any.run/tasks/94308d99-f70f-4725-88b6-28f1a6794c6c/ 103.73.64.115:449 # Reference: https://www.virustotal.com/gui/file/b71a8efc99a6581edd716c7254db6e795c16b9cf94d1768e34e023eba4d17523/detection 78.159.135.230:9893 unppo.no-ip.info # Reference: https://twitter.com/James_inthe_box/status/1409980230379311105 cjoint.com/doc/21_06/ # Reference: https://ioc.finsin.cl/Output_FINSIN_URL (# /is-ready) 104.161.42.236:6500 134.122.118.122:7121 185.140.53.71:4541 194.5.98.96:5675 abrilwsh2021.duckdns.org doggyumu.duckdns.org guasonmedallo.con-ip.com java12k.duckdns.org trabajovalle2021.duckdns.org trabajovalle2022.duckdns.org # Reference: https://www.virustotal.com/gui/file/2fb7877ad035abe25c17e3609f73638d87341df107f761e82c30b93878b19c58/detection # Reference: https://www.joesandbox.com/analysis/419585/0/html conts1.freedynamicdns.org /ghj672aGIDGIDGIDGID /QIVGCIRIUIJGDIJIKIMGKGLGGIDGID # Reference: https://www.virustotal.com/gui/file/332c20ba171a8f2c29fd88fda1d022f3fd43ef621ed5bafb36e7d925da897b25/detection 93.144.32.235:1188 93.149.222.236:1188 lollipop.no-ip.biz # Reference: https://www.virustotal.com/gui/file/78d66d4ab304270f542435c60f5d1a14a9a2dfcab0f48ac652e3b0eb53a3fd0b/detection al9nass.no-ip.info # Reference: https://www.virustotal.com/gui/file/76304b10072097bdc377d172dad626728c6273879fed80e426013803cee0051b/detection mralaa.no-ip.biz # Reference: https://www.virustotal.com/gui/file/63c8aab5375ab14c863b5deb602677b5ecd7b0b1b50b77ad1a4ec2970ab7743d/detection 176.199.209.53:1604 185.183.96.230:7789 91.192.100.40:1604 goz.unknowncrypter.com scophils.duckdns.org # Reference: https://www.virustotal.com/gui/file/e6865c49e3041b155d902bfad37a0d7df7d913e4a03558c91dea185de9d4a2a5/detection 149.255.200.182:443 alihack1234.no-ip.biz alihack1234567.no-ip.biz skoon1234.no-ip.biz # Reference: https://www.virustotal.com/gui/file/1ca9a795d97f7be26c7b2f84427c4cdf928e9894c8a844d53e70fcfa3abce211/detection 213.244.123.150:31 mo.njrat.info # Reference: https://www.virustotal.com/gui/file/0ebe86f6961ee4e55edf6ae267c9812afec3ef54fb32294f8aeebed12c7dfddb/detection 188.33.154.104:2020 213.244.123.150:2020 217.217.62.154:2020 rootx.ddns.net # Reference: https://www.virustotal.com/gui/file/512c43c1562839f0d33d6d095f98e3fb03f7384125e749c04321342f9d7e0065/detection 79.152.235.2:8000 redlan.linkpc.net # Reference: https://twitter.com/petrovic082/status/1484254808311832577 # Reference: https://app.any.run/tasks/8ea68c78-d367-4c03-bae2-932919ab241e/ # Reference: https://www.virustotal.com/gui/file/3ffe442067ba0a21fc23ab42846e2549b88fb523e4f3efcfd1430499858dc056/detection neverlose2.temp.swtest.ru /command_url.php # Reference: https://www.virustotal.com/gui/file/0d7c5048fff8f4b82e0c1c9ee6a370b26b52783227ecf5b9ec459e57586526e3/detection 41.129.30.195:13 # Reference: https://www.virustotal.com/gui/file/125678ab9692bc4a39747bec0061b2444801447ed8251cbeaca1b35fdb4c9f0c/detection # Reference: https://www.virustotal.com/gui/file/0501ce958de8a700120a09dac2c98a0bc6652c1fc1574622cd2adce199b9a7a6/detection 37.8.72.80:4578 37.8.72.80:99 hp500.linkpc.net # Reference: https://www.virustotal.com/gui/file/f9490f2e724d5ca5edd30a552f09f27b59b608361143e95edcc3ef860958ea5e/detection 54.38.124.52:5555 # Reference: https://www.virustotal.com/gui/file/5aef9424e8ecb40c383f76a54079dd72465922ac6abc38ffe6570403eb3a6fd4/detection 64.188.13.46:5542 # Reference: https://www.virustotal.com/gui/file/14637b58aeecdcfcbf569665ae299fb9ca8c61c7709040868cd2de1ef65cc903/detection vbs.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/3ffa2c5e1872edbe18c8afeee7834255fbc3bdbd93b9728db414e1bb562414b1/detection 46.246.82.15:9897 knig214.ddnsfree.com # Reference: https://www.virustotal.com/gui/file/448ad5730e6c4d43b5aeee7ef74a8c8fafb81ffe6aa01082271771284f84e93e/detection 178.73.192.3:9897 # Reference: https://www.virustotal.com/gui/file/e6fe9d46a578fd284e033764ad8ec59314ae96f088116eb05167d1e7eb2f28d5/detection # Reference: https://www.virustotal.com/gui/file/94835e8b6547547c6a5da69fe529d337e1ae0466c5a721eecf0a3ddac6f636c6/detection # Reference: https://www.virustotal.com/gui/file/8337c393d7dcac64993dc567084edcf5e422fb8b5132261eec4b0482726a8c02/detection 194.31.98.214:7878 hwprocessing.duckdns.org # Reference: https://github.com/executemalware/Malware-IOCs/blob/main/2022-06-20%20Vjw0rm%20and%20Houdini%20IOCs # Reference: https://app.any.run/tasks/7ad2be3c-3d98-4b67-8350-f5af5b8513d6/ 194.5.97.7:1000 # Reference: https://github.com/0xToxin/Malware-IOCs/blob/main/Wshrat/Wshrat-%2027062022 # Reference: https://tria.ge/220627-khceqahhcp/behavioral1 196.77.4.85:1111 # Reference: https://www.virustotal.com/gui/file/f83f97906efd20133a4be1b5020fcc303d916ca71626ed255d1c7bfd0590c694/detection 141.255.146.167:2022 bhs.myq-see.com # Reference: https://tria.ge/220722-sb92eagbbm/behavioral1 192.227.128.163:7070 # Reference: https://twitter.com/StopMalvertisin/status/1552176802571091968 # Reference: https://www.virustotal.com/gui/file/d6356866d600a2be0fc8589b1dd09b2d04c8bd1bf98699be5f1376f9d88ad4cd/detection 13.238.81.219:25993 3.104.112.132:25993 3.105.0.121:25993 3.24.145.55:25993 52.62.254.166:25993 54.153.239.159:25993 54.206.32.23:25993 54.252.142.240:25993 ht-nail.de # Reference: https://www.virustotal.com/gui/file/e70d04eb93d1856bbc264dc2c5ed1a1597cc9f07b14e29e3b9cf9dc40d1cabd4/detection 46.246.80.13:3128 46.246.82.5:3128 files.ddrive.online # Reference: https://www.virustotal.com/gui/file/6f94b74818b516f87c63aceb48b9472caceafdf7e141581b81c4ee1dc879578d/detection 194.5.98.249:2256 fresh01.ddns.net # Reference: https://www.virustotal.com/gui/file/1464ab1a8a6126fee05995f1b503083b5d0fe98dde6a69a46959e346ecb75586/detection 78.10.208.82:7913 afair.ddns.net # Reference: https://tria.ge/220923-jmkq8aded2/behavioral1 37.0.14.211:2888 goods.camdvr.org # Reference: https://twitter.com/peterkruse/status/1573281262126899200 dansa.duckdns.org wizzydd.duckdns.org # Reference: https://twitter.com/pollo290987/status/1576940575432929280 # Reference: https://www.virustotal.com/gui/file/fdf962b11ebd15e592510bee4a3c10a4c8d50756c6961e05e58935d41e5935ea/detection # Reference: https://www.virustotal.com/gui/file/9f6e297dd86de88825487549c0f25f02c10138b57b1b955034995615c58a13d2/detection 185.29.11.51:44147 2.56.56.88:1604 37.0.8.81:1604 41.217.28.47:5465 45.74.38.17:1604 snkcyp.duckdns.org # Reference: https://app.any.run/tasks/9a23b509-4b4f-4fca-8a63-b7d6995e7d0f/ 45.139.105.174:7670 91.193.75.231:5465 # Reference: https://www.virustotal.com/gui/file/198dc5bc1f8eab35af0c0c41ff63b298ef732aee5d3138d3f6ada31bc1104f24/behavior # Reference: https://www.virustotal.com/gui/file/43ada559459fac3709bf00320acb0ffa4190054f494862328c51efa1d9032681/behavior 000bebmaster.ddns.net # Reference: https://www.virustotal.com/gui/file/ae5f01695d046a56eb08b76363f51320921fd6ac021ec057d90785d976832c34/detection 185.246.220.208:5358 # Reference: https://www.virustotal.com/gui/file/963fa0fabd19d6240a00c42a3ed358c3add0b67abab77d580b8a94c49662a386/detection 194.5.98.207:2047 46.246.86.17:2047 ecuadordos.duckdns.org # Reference: https://www.virustotal.com/gui/file/727ff139e233b9616e547ec3f8620104827d7c59f6a120f4b9d5fd56d7c9bcfe/detection 179.233.81.56:4000 # Reference: https://threatfox.abuse.ch/browse/malware/win.houdini/ 107.182.129.16:8001 109.206.240.41:5802 111.90.149.115:5200 137.184.6.37:7121 140.228.29.190:7121 142.202.191.243:8080 142.202.242.176:2023 142.202.242.176:6677 147.182.232.67:7121 154.127.53.102:7121 155.94.209.44:7121 159.89.232.243:7121 172.245.40.82:7121 185.136.159.253:2070 185.140.53.183:2049 185.140.53.207:3030 185.19.85.164:5028 185.252.178.17:5050 191.101.130.186:7121 192.3.53.74:7121 193.233.185.89:7878 193.233.191.96:3030 194.147.140.4:3478 194.5.97.17:4040 194.5.97.26:5005 194.5.98.198:1604 194.5.98.20:3575 194.87.84.43:5200 195.133.40.111:7974 198.37.105.223:7121 198.55.119.109:1289 212.193.30.230:3605 212.193.30.230:7780 213.226.123.91:1702 37.0.14.195:1604 37.0.8.115:8992 45.12.253.77:8889 45.139.105.174:1604 45.139.105.174:2070 45.139.105.174:3670 45.141.237.3:3030 45.90.222.125:7121 62.102.148.154:4044 62.197.136.69:2030 66.154.98.209:4498 79.134.225.5:8443 79.134.225.91:3030 80.76.51.124:1965 80.85.157.37:1616 84.38.130.210:2070 91.193.75.135:2120 91.193.75.192:5028 94.177.123.162:1178 0b3c.duckdns.org 1j1m3r3.kozow.com auto.stevenpartners.com ayom22.hopto.org ben738sj11xz.mywire.org bona.kasowiitz.com cargodelivery.otzo.com chuks.wikaba.com durband.duckdns.org favour123.duckdns.org gar373.ddns.net goodies.dynamic-dns.net grace-fax.home-webserver.de harold.jetos.com huntebez.xyz hurntingr.misecure.com jbd231.duckdns.org kmajewska.duckdns.org labutorutg.duckdns.org menge.duckdns.org newar21.duckdns.org newmoey2022.duckdns.org newmoney2033.duckdns.org ofi.dyn.ydns.io remixdika.ydns.eu stevenpartners.com svchost.ydns.eu takeall.duckdns.org thegoat666.ddns.net thehokage22.ddns.net vipdata2.ddns.net # Reference: https://www.virustotal.com/gui/file/1543bfaa499ff7f817f62a9014d60eba43518ada057c4ec4ba29fb6de35982ec/detection 141.98.6.239:5000 # Reference: https://www.virustotal.com/gui/file/3f3ee13d1a86d8f63c3c730556cfcff2a1f8d22980fdc001b5240ce7315dcd23/detection 139.177.146.165:4848 # Reference: https://www.virustotal.com/gui/file/be8a02ffd80f9367a1a23aac1a4f6b51ad25482783ac42147b18e5b2b36c98d0/detection 109.248.144.235:5400 139.177.146.154:4848 141.98.6.239:5000 172.93.181.188:4848 84.21.172.33:8895 javr.ddnsfree.com teamsy.ddnsfree.com # Reference: https://threatfox.abuse.ch/ioc/1140522/ # Reference: https://www.virustotal.com/gui/file/280842ddb75f84a6ef87ad8255a821fd96554015de7b48f0ce41999c1bfdfa55/detection 194.37.97.161:4078 lee44.kozow.com # Reference: https://threatfox.abuse.ch/browse/malware/win.houdini/ (# 2023-07-27) 109.206.242.32:5353 139.177.146.154:4242 80.85.154.247:5053 habsidut.kozow.com # Reference: https://www.virustotal.com/gui/file/97db1afa2dd79b2f7489c857165ec59b026c259b56a5f6848f766a7fe968e2be/detection 1fullw.3utilities.com # Reference: https://threatfox.abuse.ch/ioc/1149091/ 45.90.222.131:7121 # Reference: https://www.virustotal.com/gui/file/12ac852f038e2134a9c47c740815587f039ecf7787c21309af13b9b69540d203/detection 103.47.144.226:7045 # Reference: https://www.virustotal.com/gui/file/9ee52249f706a7afb20383916fc3e963bafdd734008c268e1f23de001e4664f0/detection 103.47.144.14:7045 # Reference: https://www.virustotal.com/gui/file/426df0578b775cbbf981acc12de59161bc2f19786138a784dc6b8e0b460c1c1a/detection 103.47.144.107:7045 # Reference: https://www.virustotal.com/gui/file/b03c3e78db7276e75dbb30b144d6dba8d417c25a59ea563c5691b5dbdc2b69e9/detection 103.47.144.18:7045 # Reference: https://twitter.com/suyog41/status/1692068700155965877 # Reference: https://www.virustotal.com/gui/file/f956df2eabbcf9ac2c0d5ae9c987da05b657bf06ef9b3aebf9e3a1e76cf948c2/detection 140.150.226.225:1337 rr1337.ddns.net # Reference: https://threatfox.abuse.ch/ioc/1155326/ 2.59.254.111:2420 # Reference: https://www.virustotal.com/gui/file/645074638e8c896237a2340918cb99558103c717bbcb20a483651e6e242c5808/detection 79.110.62.151:1604 homesafe1000.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/2.59.254.205/relations # Reference: https://threatfox.abuse.ch/ioc/1163456/ 2.59.254.205:9071 purehvnc.duckdns.org wishpeople.duckdns.org # Reference: https://www.virustotal.com/gui/file/8addeade4351ffe1663f7c10977054eb460348480ba4fcaea34c20a7d6e7d9e4/detection 2.59.254.205:9072 newjspeople.duckdns.org # Reference: https://www.virustotal.com/gui/file/cc2ca06bf02d0ba8b9ec6874b734bf6a39f84d536f6bb2d7cc5e3d577697e45b/detection 80.76.51.33:2606 # Reference: https://threatfox.abuse.ch/ioc/1167625/ 95.214.27.6:6380 akinbo.ddns.net # Reference: https://www.virustotal.com/gui/file/00163dbf765b7011710330c18bad0a195208846e4aa471f4377eeb9d71b9fd34/detection 41.216.188.103:8000 83.59.236.231:10000 88.8.171.41:8000 # Reference: https://www.virustotal.com/gui/file/8d70f7ef41af19724814ec4908fb28962688c374be9c13b99ba52e8950902edd/detection 181.235.15.176:2065 186.169.53.87:2065 viernes9.duckdns.org # Reference: https://www.virustotal.com/gui/file/ca905686651e423399d864687173d5472e4ecdbc76ea201b46d23012c799b617/detection # Reference: https://www.virustotal.com/gui/file/7b3187751d1b85e101baf35c73d93c77006cf7a6729ba1b57a702884a0a5c17d/detection # Reference: https://www.virustotal.com/gui/file/404dfe7add02b2973a45f43d425005451c7b6ff688e5177dd7c7606a1a7320d6/detection 185.102.170.8:2540 194.147.140.40:2540 194.31.98.31:2540 # Reference: https://www.virustotal.com/gui/file/23ed69e89179460c2e871c0ac4f62249d1a46d6856fc340ead72c1eb91cf9215/detection 141.255.146.213:1717 88.202.177.201:1717 88.202.177.201:1717 mr-hex.ddnsking.com # Reference: https://twitter.com/doc_guard/status/1721977045830283284 # Reference: https://www.virustotal.com/gui/file/8ce8fa264e0867ed736a10bd14f06000e6b1dfabffd5529613edae65ffd63d4e/detection 103.47.144.63:7045 # Reference: https://www.virustotal.com/gui/file/fea9022c6f4fae71c009013bf9c9a39a54f1559a44593764613bbf0cd2da56b0/detection 185.81.157.124:7708 185.81.157.50:9092 79.134.225.77:5000 ccinfo.gleeze.com # Reference: https://www.virustotal.com/gui/file/00a22754ee58521bd36fbbdbaaf50ebaa4f271e15ec45944101f24d5f3925f7f/detection 102.97.119.102:1610 185.247.228.27:5000 79.134.225.77:5000 koitrikgd.ddnsgeek.com # Reference: https://www.virustotal.com/gui/file/32f0cb7b9ce3043a7f44aee8c25bed5636a2b6542ae94fd5d3dbcc8c4708d4bc/detection 185.81.157.50:7717 192.254.74.210:5000 # Reference: https://www.virustotal.com/gui/file/4be22ee36e644b380c35a71965f5adf43dd479803a30403f86785cfc0837172a/detection 185.165.153.14:5000 185.81.157.189:7724 # Reference: https://www.virustotal.com/gui/file/5f167fa9957ff235e8371d0e561b3b4593a2fef9b690f6c135634847710928e9/detection 185.81.157.50:7723 79.134.225.73:5000 # Reference: https://www.virustotal.com/gui/file/706f7735539d7c0ab381b337f1140b1f7435f1e81b190c78343391243c0addb9/detection 185.81.157.122:7718 194.5.98.46:5000 # Reference: https://www.virustotal.com/gui/ip-address/41.107.92.215/relations # Reference: https://www.virustotal.com/gui/file/85c838ede3e64ee6fe777a181f4e8bda7814afee6b0e4743f04ff39abc1a243e/detection 185.81.157.210:5 43r0m4x.linkpc.net 43r0m4x.publicvm.com # Reference: https://www.virustotal.com/gui/file/9a12099b698e7cb09f70259da64bc948f49ea6297e57a2aa34810cf591ece03b/detection 185.81.157.132:934 # Reference: https://www.virustotal.com/gui/file/a0d244d3f54d3eb878daf4d386fd54a7b060015aa20491a52e9b7739768de05a/detection 109.161.193.152:1020 192.99.234.195:1111 84.255.167.187:1020 95.17.206.14:1111 desertfox2038.ddns.net # Reference: https://www.virustotal.com/gui/file/001ac0ebd7af1c507d7e6021a8f264347a20e76ee590add83c991a521a5b180f/detection 38.103.14.204:800 qwwq.servehttp.com # Reference: https://www.virustotal.com/gui/file/fdcab86f963eff5fdca1eaacf41b99f5d640858a7cfc50ff757a7892d9753703/detection # Reference: https://www.virustotal.com/gui/file/6fa1ef6453a7a254a813f1dc1e6741dc112e89f3748e1ac6b7740da45c7c388e/detection # Reference: https://www.virustotal.com/gui/file/4131c93989be768b6dac30094a62412206ce839377b9ab1cdade0d8af200bea3/detection # Reference: https://www.virustotal.com/gui/file/3c86fe9b90f870645b977d85542c32b2476650300ccc8b8942d33cfeaa766a30/detection # Reference: https://www.virustotal.com/gui/file/05b8d7b22c63377231a22e52f442620572c5f5aa7fcff28367fcedc59fd59566/detection 46.246.12.67:2050 46.246.12.74:8090 46.246.12.80:2050 46.246.12.99:2050 anti2020.duckdns.org diciembre24.duckdns.org # Reference: https://www.virustotal.com/gui/file/f0962774a22adb03e29c34fda016085f1fc99598f23562e5165474469f653bd0/detection 5.181.80.127:47471 snk2333.duckdns.org # Reference: https://www.virustotal.com/gui/file/8009c5bd3d8ce78a8fc9c212b5037fda4bb1fd27ecd360182ebf72717f2b65dd/detection 186.82.243.168:1992 bvs2019.duckdns.org # Reference: https://www.virustotal.com/gui/file/4be0968c6d5f8285c3ee16a11c473019eda561d49c39bfc847313301afdf9041/detection 141.255.146.187:2022 141.255.147.63:2022 141.255.148.99:2022 151.254.5.59:2022 bo7.myq-see.com # Reference: https://twitter.com/naumovax/status/1734557711029719133 # Reference: https://www.virustotal.com/gui/file/9739730a204d25c60edbbbbcafbc1f7661b3f9ecac98601498dc843cf8b40e41/detection # Reference: https://www.virustotal.com/gui/file/ebaf7e53a6dc0b054c6cefde7a664af90d2e71e53bdb87c7cedcd662890943c9/detection 85.215.218.19:45968 newupdatechek.servehttp.com # Reference: https://www.virustotal.com/gui/file/e519383064fccbeb9b71f7526c653e90b29b3ded8d12306e39d56f34b00a52ad/detection 46.246.84.13:9988 # Reference: https://www.virustotal.com/gui/file/0381ceea3ebb93f227d0dd168fb8aa4d2733df1f4014dcd4f764aa426a25ef61/detection 118.5.49.6:16029 3.1.85.243:16029 3.1.85.243:18632 3.1.85.243:19532 54.254.238.33:8380 ball0t3l11.3utilities.com ball0t3l11.bounceme.net ball0t3l11.ddns.net ball0t3l11.ddnsking.com ball0t3l11.freedynamicdns.net ball0t3l11.freedynamicdns.org ball0t3l11.gotdns.ch ball0t3l11.hopto.org ball0t3l11.myftp.biz ball0t3l11.myftp.org ball0t3l11.myvnc.com ball0t3l11.onthewifi.com ball0t3l11.redirectme.net ball0t3l11.servebeer.com ball0t3l11.serveblog.net ball0t3l11.servecounterstrike.com ball0t3l11.serveftp.com ball0t3l11.servegame.com ball0t3l11.servehalflife.com ball0t3l11.servehttp.com ball0t3l11.serveirc.com ball0t3l11.serveminecraft.net ball0t3l11.servemp3.com ball0t3l11.servepics.com ball0t3l11.servequake.com ball0t3l11.sytes.net ball0t3l11.viewdns.net ball0t3l11.webhop.me ball0t3l11.zapto.org hilkcam83251.3utilities.com hilkcam83251.bounceme.net hilkcam83251.ddns.net hilkcam83251.ddnsking.com hilkcam83251.freedynamicdns.net hilkcam83251.freedynamicdns.org hilkcam83251.gotdns.ch hilkcam83251.hopto.org hilkcam83251.myftp.biz hilkcam83251.myftp.org hilkcam83251.myvnc.com hilkcam83251.onthewifi.com hilkcam83251.redirectme.net hilkcam83251.servebeer.com hilkcam83251.serveblog.net hilkcam83251.servecounterstrike.com hilkcam83251.serveftp.com hilkcam83251.servegame.com hilkcam83251.servehalflife.com hilkcam83251.servehttp.com hilkcam83251.serveirc.com hilkcam83251.serveminecraft.net hilkcam83251.servemp3.com hilkcam83251.servepics.com hilkcam83251.servequake.com hilkcam83251.sytes.net hilkcam83251.viewdns.net hilkcam83251.webhop.me hilkcam83251.zapto.org mac0s23arch.3utilities.com mac0s23arch.bounceme.net mac0s23arch.ddns.net mac0s23arch.ddnsking.com mac0s23arch.freedynamicdns.net mac0s23arch.freedynamicdns.org mac0s23arch.gotdns.ch mac0s23arch.hopto.org mac0s23arch.myftp.biz mac0s23arch.myftp.org mac0s23arch.myvnc.com mac0s23arch.onthewifi.com mac0s23arch.redirectme.net mac0s23arch.servebeer.com mac0s23arch.serveblog.net mac0s23arch.servecounterstrike.com mac0s23arch.serveftp.com mac0s23arch.servegame.com mac0s23arch.servehalflife.com mac0s23arch.servehttp.com mac0s23arch.serveirc.com mac0s23arch.serveminecraft.net mac0s23arch.servemp3.com mac0s23arch.servepics.com mac0s23arch.servequake.com mac0s23arch.sytes.net mac0s23arch.viewdns.net mac0s23arch.webhop.me mac0s23arch.zapto.org musilkks7421.3utilities.com musilkks7421.bounceme.net musilkks7421.ddns.net musilkks7421.ddnsking.com musilkks7421.freedynamicdns.net musilkks7421.freedynamicdns.org musilkks7421.gotdns.ch musilkks7421.hopto.org musilkks7421.myftp.biz musilkks7421.myftp.org musilkks7421.myvnc.com musilkks7421.onthewifi.com musilkks7421.redirectme.net musilkks7421.servebeer.com musilkks7421.serveblog.net musilkks7421.servecounterstrike.com musilkks7421.serveftp.com musilkks7421.servegame.com musilkks7421.servehalflife.com musilkks7421.servehttp.com musilkks7421.serveirc.com musilkks7421.serveminecraft.net musilkks7421.servemp3.com musilkks7421.servepics.com musilkks7421.servequake.com musilkks7421.sytes.net musilkks7421.viewdns.net musilkks7421.webhop.me musilkks7421.zapto.org nvmholder.mooo.com ukseca8425.3utilities.com ukseca8425.bounceme.net ukseca8425.ddns.net ukseca8425.ddnsking.com ukseca8425.freedynamicdns.net ukseca8425.freedynamicdns.org ukseca8425.gotdns.ch ukseca8425.hopto.org ukseca8425.myftp.biz ukseca8425.myftp.org ukseca8425.myvnc.com ukseca8425.onthewifi.com ukseca8425.redirectme.net ukseca8425.servebeer.com ukseca8425.serveblog.net ukseca8425.servecounterstrike.com ukseca8425.serveftp.com ukseca8425.servegame.com ukseca8425.servehalflife.com ukseca8425.servehttp.com ukseca8425.serveirc.com ukseca8425.serveminecraft.net ukseca8425.servemp3.com ukseca8425.servepics.com ukseca8425.servequake.com ukseca8425.sytes.net ukseca8425.viewdns.net ukseca8425.webhop.me ukseca8425.zapto.org v2pando8k.3utilities.com v2pando8k.bounceme.net v2pando8k.ddns.net v2pando8k.ddnsking.com v2pando8k.freedynamicdns.net v2pando8k.freedynamicdns.org v2pando8k.gotdns.ch v2pando8k.hopto.org v2pando8k.myftp.biz v2pando8k.myftp.org v2pando8k.myvnc.com v2pando8k.onthewifi.com v2pando8k.redirectme.net v2pando8k.servebeer.com v2pando8k.serveblog.net v2pando8k.servecounterstrike.com v2pando8k.serveftp.com v2pando8k.servegame.com v2pando8k.servehalflife.com v2pando8k.servehttp.com v2pando8k.serveirc.com v2pando8k.serveminecraft.net v2pando8k.servemp3.com v2pando8k.servepics.com v2pando8k.servequake.com v2pando8k.sytes.net v2pando8k.viewdns.net v2pando8k.webhop.me v2pando8k.zapto.org # Reference: https://www.virustotal.com/gui/file/06c785e47b6c4862272ea07baa37cc5f3a100af0fcc70677554202b6123bfabd/detection # Reference: https://www.virustotal.com/gui/file/95a91def972dc86f5229aa30f9c21f44af97e3c81523c3b5214891254273f458/detection 192.169.69.25:13818 213.152.161.219:13818 allen102.duckdns.org btcinfo104.duckdns.org # Reference: https://www.virustotal.com/gui/file/279bccfcea443445d39cafad073cc0b24c2d38e3272746865fffa074eb6412d5/detection 212.227.89.147:1287 homenisance.kozow.com # Reference: https://www.virustotal.com/gui/file/ddd11365918e3d935db31888cef4432cbd8c49051f3b719a468f0b6c611eb059/detection # Reference: https://www.virustotal.com/gui/file/99c182e8011f4dfea584e66768fc3b4e8d50f4d21df5aff433bbd2c7d7217f7d/detection 102.89.33.37:1065 102.89.34.243:1065 102.89.34.6:1065 105.112.18.29:1065 194.5.97.66:1065 197.210.45.85:1065 kingshakes.ddns.net # Reference: https://www.virustotal.com/gui/file/d2f8044ded2dab16b5d8718ea125ba999cad2527bd51328ec80b37cc4e882376/detection http://185.141.27.177 185.141.27.177:6544 46.246.86.2:1995 softwarewin.duckdns.org # Reference: https://www.virustotal.com/gui/file/6fe26048dbfe84e43bc96e6e17ee7729fa63ab0d6d405899b58786237bbb02f3/detection franchy.duckdns.org # Reference: https://www.virustotal.com/gui/file/30d4e9c1c1fbd9358232c56827864adb51a770a8c8f5b7713b776a39909df3d6/detection 185.244.30.22:5002 46.246.26.81:1415 setupwinrar.duckdns.org # Reference: https://www.virustotal.com/gui/file/ad5565a1a60691849c79e1960dffd83060bd13fcf37b3c0e0b52803768031c06/detection 188.126.90.13:7072 54.153.56.183:5000 proxs.duckdns.org # Reference: https://www.virustotal.com/gui/file/e8e1efdd9bd52d772342a4d087db227e1a654790c43c9cdab18c233c7e78cec1/detection 91.193.75.10:1998 ratme14.ddns.net # Reference: https://www.virustotal.com/gui/file/df6fa654490a93abf1ea6b457c4cc7362e9dbd53d4abb50e254665ca7b118566/detection 107.174.25.188:1998 212.7.208.105:1998 # Reference: https://www.virustotal.com/gui/file/c44969e8e20e817015e79c4e46740499f9ee5293c98c8b94109cd34a8cf523a3/detection 52.231.51.190:8904 wwsh427.duckdns.org # Generic trails /give-me-chpv /give-me-ffpv /i_am_ready /is-bekle /is-cmd-shell /is-enum-driver /is-enum-faf /is-enum-path /is-enum-process /is-logs /is-processes /is-ready /is-readyrecordid /is-recving /is-rinoy /is-rlsartg /is-sending /is-sxtyuig /im-azerty /send-to-me| /Try-Connect /update-status|