# Copyright (c) 2014-2020 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: netwiredrc, netwire, wirenet # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NetWire-EK/detailed-analysis.aspx mommyreal.ddns.net # Reference: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~NetWire-CC/detailed-analysis.aspx wwfvpsv9.serveftp.com # Reference: https://www.cyren.com/blog/articles/bad-things-come-in-pairs-3004 dinesaad.hopto.org # Reference: https://twitter.com/James_inthe_box/status/1044616045560967168 cboss33.hopto.org # Reference: https://twitter.com/James_inthe_box/status/1044365272675573760 natigr.ddns.net projectadmin.camdvr.org # Reference: https://twitter.com/James_inthe_box/status/1044231367347732480 ddns.catamosky.biz # Reference: https://twitter.com/Racco42/status/1042056130577489928 lagos042.ddns.net manuel3.publicvm.com # Reference: https://twitter.com/VK_Intel/status/983940199603474432 snoopdmoney2018.sytes.net snoopdmoneybkup.sytes.net # Reference: https://www.virustotal.com/#/file/a095a7acda9c73fc89bfbc170bbec75a4572c75114e1687a7c212e9228915945/detection # Reference: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3966&sid=a2bb410851e96a6bb24b90b65966112f&start=300#p32187 ola100.hopto.org # Reference: https://twitter.com/malwrhunterteam/status/1106264932230852608 62.210.10.245:4000 # Reference: https://twitter.com/malwrhunterteam/status/1105163365209554951 amazonsprime.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1107630659957329921 leew.linkpc.net # Reference: https://twitter.com/James_inthe_box/status/1022228835616473088 onetimeade.linkpc.net # Reference: https://twitter.com/malwrhunterteam/status/1096760442133856256 jackas.gotdns.ch # Reference: https://maskop9.tech/index.php/2019/01/30/analysis-of-netwiredrc-trojan/ # Reference: https://app.any.run/tasks/e1d7034b-c866-4cef-8d55-04405cd2a81d 109.230.199.103:3360 # Reference: https://twitter.com/James_inthe_box/status/1118217392851566593 havemercy.mooo.com # Reference: https://twitter.com/malwrhunterteam/status/1122081049809432576 netzirecolq.gleeze.com # Reference: https://twitter.com/MalwareConfig/status/748754926319181824 socratecafu.zapto.org # Reference: https://twitter.com/MalwareConfig/status/748754880869707776 monarch01.no-ip.org # Reference: https://twitter.com/MalwareConfig/status/748625532993019904 # Reference: https://malwareconfig.com/config/d5ce94e9264321d398767c1e3d1a5835/ 46.244.10.196:3480 # Reference: https://twitter.com/MalwareConfig/status/748625240486477825 jack.redirectme.net # Reference: https://twitter.com/Jouliok/status/1123141238197248001 # Reference: https://app.any.run/tasks/9de6804d-2e31-4f55-a225-d99191196803 duc1234.duckdns.org 91.192.100.57:32144 # Reference: https://twitter.com/ps66uk/status/1104050986031767552 # Reference: https://app.any.run/tasks/4b6c4b34-7bc3-41ca-8a35-78399db8e591 # Reference: https://twitter.com/wwp96/status/1165981094958784513 # Reference: https://app.any.run/tasks/6158df64-fbd4-4ca1-a447-c2464ba3a063/ # Reference: https://twitter.com/killamjr/status/1192062400960315397 # Reference: https://app.any.run/tasks/48f13dd2-c3e2-4940-a1ac-dbb9a482cd10/ akconsult.linkpc.net 105.112.51.164:2014 185.84.181.94:2018 197.211.58.186:2014 # Reference: https://twitter.com/luc4m/status/1092365190497255424 checker00.gotdns.ch # Reference: https://twitter.com/luc4m/status/1072888268528779264 pd1n.ddns.net # Reference: https://twitter.com/Racco42/status/1062633238802378752 wealthyadmin.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1059464666672332800 favor.duckdns.org # Reference: https://twitter.com/Racco42/status/1057317617260736513 godalmighty.ddns.net # Reference: https://twitter.com/ps66uk/status/1050043711135068161 185.101.93.198:8681 # Reference: https://twitter.com/James_inthe_box/status/1115624726695514113 masterhugo231.servecounterstrike.com # Reference: https://twitter.com/James_inthe_box/status/1065330244746268672 185.84.181.80:3360 # Reference: https://twitter.com/avman1995/status/1060818874789179392 ddns.unknajiamu.xyz # Reference: https://twitter.com/pollo290987/status/907273472786812928 199.16.199.2:36133 # Reference: https://twitter.com/JAMESWT_MHT/status/906146267763486720 egonbute.duckdns.org # Reference: https://twitter.com/Antelox/status/894901722497208321 192.223.25.72:1777 # Reference: https://twitter.com/JayTHL/status/751123206468046848 businessdb3.duckdns.org # Reference: https://twitter.com/malware_traffic/status/714819056218406914 marchborn.no-ip.biz # Reference: https://twitter.com/James_inthe_box/status/1123236500311724032 bazwire.sytes.net # Reference: https://twitter.com/fe7ch/status/1126132771800395777 usb.mine.nu message-whatsapp.com zr.webhop.org enz.webhop.org # Reference: https://twitter.com/Racco42/status/1132935875430670337 # Reference: https://twitter.com/Racco42/status/1136593634650927105 96.47.239.229:3999 # Reference: https://twitter.com/James_inthe_box/status/1133344506814668800 160.116.15.155:3360 # Reference: https://twitter.com/raby_mr/status/1136889525060325376 # Reference: https://app.any.run/tasks/03268b84-b31c-4a32-a87b-95e7aa4cf8a9/ 102.165.38.139:33 heritage.nflfan.org # Reference: https://www.fireeye.com/blog/threat-research/2014/04/crimeware-or-apt-malwares-fifty-shades-of-grey.html c0der.zapto.org rglink77.no-ip.biz # Reference: https://twitter.com/James_inthe_box/status/1138454939045453825 enginekeys.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1140571341344538625 duc1234.duckdns.org # Reference: https://twitter.com/daphiel/status/1141625032801693696 (# CVE-2019-11707) # Reference: https://twitter.com/cybsecbot/status/1141610397931323393 # Reference: https://www.virustotal.com/gui/file/07a4e04ee8b4c8dc0f7507f56dc24db00537d4637afee43dbb9357d4d54f6ff4/detection (# OSX Netwire/Wirenet) 185.49.69.210:80 89.34.111.113:443 a678157.oicp.net # Reference: https://twitter.com/JAMESWT_MHT/status/1142038342583894017 packgeddhl.myddns.me # Reference: https://twitter.com/HerbieZimmerman/status/1142085603368079361 # Reference: https://app.any.run/tasks/f61c3c81-52aa-4e11-b746-c7c27bc3b7f4/ gojust.publicvm.com # Reference: https://twitter.com/killamjr/status/1145110513371820033 # Reference: https://twitter.com/killamjr/status/1145114752890413057 185.247.228.73:9510 # Reference: https://pastebin.com/S4ggik78 maxmini.duckdns.org # Reference: https://twitter.com/killamjr/status/1146521318503964678 # Reference: https://app.any.run/tasks/1c48f325-f211-4442-8cd4-03ed4cd9e538/ 88.208.246.122:4110 longman001.chickenkiller.com # Reference: https://twitter.com/James_inthe_box/status/1146468739493199873 chance2019.ddns.net # Reference: https://twitter.com/DynamicAnalysis/status/1148316218199334912 69.30.232.86:2030 docusmart.hopto.org # Reference: https://twitter.com/James_inthe_box/status/1148966237684133888 mickeyjones.ddns.net # Reference: https://twitter.com/James_inthe_box/status/1149004873653899264 haroldberry1.mooo.com # Reference: https://twitter.com/JayTHL/status/1149014369642172418 fada101.servehttp.com # Reference: https://twitter.com/dvk01uk/status/1149610977219846149 # Reference: https://app.any.run/tasks/7e3d8fe0-fc60-4525-9351-4240177616d4/ 160.202.163.246:6969 microsoft.btc-crypto-rewards.cash # Reference: https://twitter.com/Racco42/status/1158729618389643264 # Reference: https://app.any.run/tasks/3e1c3fc4-166c-4164-afc5-f34bb3a066c7/ 213.227.155.190:5868 halwachi50.mymediapc.net # Reference: https://twitter.com/James_inthe_box/status/1164299477127028736 23.105.131.221:6050 # Reference: https://twitter.com/James_inthe_box/status/1164964895764299776 204.152.219.82:9008 # Reference: https://twitter.com/de_aviation/status/1097547526763433985 beltalus.ns1.name maxmini.duckdns.org # Reference: https://twitter.com/JAMESWT_MHT/status/1169168426750894081 # Reference: https://app.any.run/tasks/abb12ce8-d6c6-4cf9-a9d6-8ad22d6cd2e1/ 79.134.225.61:5552 info1.nowddns.com # Reference: https://twitter.com/P3pperP0tts/status/1169905372359839745 # Reference: https://app.any.run/tasks/751de56d-4df8-478f-92da-931edaf643bb/ # Reference: https://app.any.run/tasks/3f018342-f6f0-4908-b0c8-f54e1d250463/ 79.134.225.103:39560 wealthyblessed.warzonedns.com # Reference: https://twitter.com/P3pperP0tts/status/1169905372359839745 # Reference: https://app.any.run/tasks/98de7c91-253e-4a55-aa90-51720e2bef92/ 79.134.225.61:5552 info1.nowddns.com # Reference: https://twitter.com/P3pperP0tts/status/1169905372359839745 # Reference: https://app.any.run/tasks/6f2eca0b-e39d-48f8-a132-e4ad2d597c2b/ # Reference: https://app.any.run/tasks/6ee3328e-fd0b-4fa1-9292-c5d0fae7fd1f/ 103.200.6.79:39760 melvintravel.ddns.net # Reference: https://twitter.com/KorbenD_Intel/status/1169996681259245569 netwire.daniel2you.com # Reference: https://twitter.com/0xFrost/status/1174391265707941889 # Reference: https://app.any.run/tasks/96dd442a-86e8-4c2b-9a33-401a04d58c5d/ 103.200.5.128:39460 # Reference: https://www.fortinet.com/blog/threat-research/new-netwire-rat-variant-spread-by-phishing.html # Reference: https://app.any.run/tasks/fc32d970-325d-4a77-bc84-7870a5b40fd7/ 185.165.153.219:3366 gbam0001.duckdns.org # Reference: https://twitter.com/wwp96/status/1178693615440277504 # Reference: https://app.any.run/tasks/883bcaa9-150d-4e66-b107-6c6676f222e3/ 185.217.1.148:5868 halwachi50.mymediapc.net # Reference: https://twitter.com/0xFrost/status/1179128508817260545 trippleboss.warzonedns.com # Reference: https://twitter.com/wwp96/status/1181651448439791616 rownip.mooo.com rownip.dyndnss.net rowanyne.ooo rownip.eastus.cloudapp.azure.com rownip.eastus2.cloudapp.azure.com rownip.tk rownip.webredirect.org # Reference: https://twitter.com/w3ndige/status/1171159313865465856 # Reference: https://app.any.run/tasks/5d43972b-352b-4e1d-b856-90c7176205b4/ 109.202.103.170:8733 109.202.107.10:8733 213.152.161.229:8733 # Reference: https://twitter.com/wwp96/status/1186998362626822149 # Reference: https://app.any.run/tasks/1fe1be54-9c9d-4ad0-91b6-f4433e6d1144/ 185.19.85.153:3393 # Reference: https://twitter.com/wwp96/status/1187023690636152832 # Reference: https://app.any.run/tasks/238a2b41-2fb5-495d-a686-2be8fa316bc5/ 79.134.225.103:52999 wealthismine.ddns.net # Reference: https://www.virustotal.com/gui/file/2dfab97454ee74f18367a763aadc5453aebc3382911b055ff27a1c3eed0040bd/detection 213.208.152.217:3363 # Reference: https://twitter.com/killamjr/status/1189717599040528386 # Reference: https://app.any.run/tasks/1818f7a8-166f-4d05-9dd2-d97ff5a86989/ 185.217.1.189:39766 officeraymed09eu.ddns.net # Reference: https://twitter.com/JayTHL/status/1189924963794460672 79.134.225.11:1199 # Reference: https://twitter.com/smica83/status/1190181597468856320 79.134.225.80:3360 # Reference: https://twitter.com/smica83/status/1190183906693267456 79.134.225.122:3360 # Reference: https://twitter.com/Paladin3161/status/1190247869145477120 25092019.is-a-geek.com # Reference: https://pastebin.com/29uSdMAk # Reference: https://www.virustotal.com/gui/ip-address/185.165.153.221/relations 185.165.153.221:8973 185.165.153.221:9101 aspens.publicvm.com # Reference: https://pastebin.com/29uSdMAk # Reference: https://www.virustotal.com/gui/file/ff0fb3dbc9170b42ca07bcbcca2c90dbe7e28eed7a6f8861cc91fcef691726d7/detection 79.134.225.78:1195 79.134.225.78:3941 79.134.225.78:5149 79.134.225.78:5541 79.134.225.78:9263 cowboyz.climatechangeawareness.uk guccimoney.duckdns.org teryts1802.sytes.net # Reference: https://pastebin.com/29uSdMAk fartgul.duckdns.org # Reference: https://twitter.com/smica83/status/1192788522631081985 185.165.153.113:32141 # Reference: https://twitter.com/James_inthe_box/status/1194265061163859968 noapology.duckdns.org # Reference: https://www.virustotal.com/gui/file/29fa90b1dfc3fdca476596c276eeb9f1ca26d9833e5e671280add24cb69c4b07/detection 185.165.153.55:2001 185.248.13.185:2001 blatter.ddns.net # Reference: https://www.virustotal.com/gui/file/fdffe9dc3b52438d2cfc8c753f564e087958e27a944e59a3ebbaf8e501c60ef5/detection 185.165.153.55:594 # Reference: https://www.virustotal.com/gui/file/b3d31835f0570ccea5b165a661ae7b37eaf38d1a00d6cec4c609fd862b508e71/detection 185.165.153.55:4050 mymy1.ddns.net # Reference: https://www.virustotal.com/gui/file/17c22ddbdcc06cb9710afcf54e1c0a0cdcb3e383650feaf4ffe9b2ad5455a9c4/detection noapology.climatechangeawareness.uk # Reference: https://www.virustotal.com/gui/file/ea8778e98950acaa214b5205b293e471a2d949b92d3ce8ffcd2fccf31e691839/detection 185.217.1.190:6898 # Reference: https://cyberweek.ae/materials/D4%20TRACK%202%20-%20APT%20Attacks%20On%20Crypto%20Exchange%20Employees%20-%20Heungsoo%20Kang.pdf # Reference: https://www.bleepingcomputer.com/news/security/firefox-0-day-used-in-targeted-attacks-against-cryptocurrency-firms/ # Reference: https://otx.alienvault.com/pulse/5dd2b6edd9073ebdde5eba8a # Reference: https://www.virustotal.com/gui/ip-address/185.162.131.96/relations analyticsfit.com athlon4free2updates1.com http://185.162.131.96 # Reference: https://twitter.com/James_inthe_box/status/1196509130841710592 almeenamarine.ddns.net # Reference: https://www.virustotal.com/gui/file/0240071a908a44d286964af67a947625c7df2a6994880a79c938d26822279b3d/detection 185.217.1.186:3366 # Reference: https://www.virustotal.com/gui/file/24cc43513c2e79676fdf20fab727ec9a3c98612b7ff00a6242076cbc90be6291/detection 185.217.1.186:3365 # Reference: https://twitter.com/wwp96/status/1196873873343561728 # Reference: https://app.any.run/tasks/05bf7c8e-8660-408e-af44-ee17bcc358e5/ 185.19.85.153:3393 # Reference: https://www.virustotal.com/gui/file/761e8b24bfbd4c31cfbabe2747daaa5d589e49204f3d2acd8a5493ca1f8293ec/detection 79.134.225.105:49012 electroking444.ddns.net # Reference: https://www.virustotal.com/gui/file/195f140234ec7779a7f769ed3770425d262c6f9e94d126b195b2804261c9f32d/detection 79.134.225.105:2803 onelove03.duckdns.org # Reference: https://www.virustotal.com/gui/file/c7bdb6a769b95c976c80bd0ea3c77d48ae8f99f8f0b3d714637630c43259209b/detection 79.134.225.89:32141 zlantan1234.duckdns.org # Reference: https://www.virustotal.com/gui/file/c4b5f36856320d553b73da3deb7b5a39ef0ba8026ae8278ec6496cb6bdd68486/detection popintertradeer.ddns.net # Reference: https://www.virustotal.com/gui/file/dd33019c84b905443de022d1ff40146e7d1a2b5b472a3e1589b0ecb36ee64555/detection 41.151.8.187:3360 # Reference: https://www.virustotal.com/gui/file/0fe9614c6c18c6d7276d23902d8e056589861969f6d6d5fdf239ddb6c7128424/detection 119.9.94.62:3360 # Reference: https://twitter.com/neonprimetime/status/1199711850931400706 79.134.225.90:7734 netupdate1.sytes.net # Reference: https://www.virustotal.com/gui/file/2dcde2c6679b4dbf7c7c6ba3bf6f078493f50117c7285654dc6d089d7d9c9f25/detection 79.134.225.90:62098 ashmwin.ddns.net # Reference: https://www.virustotal.com/gui/file/92698baf6b49c99930e0f43857b6d14b1de6cb44af749af015332be9d2f6bdad/detection 79.134.225.90:3923 105.112.105.226:3923 netupdate1.sytes.net # Reference: https://www.virustotal.com/gui/file/c103d6b1a8fd4dce11bcdcb55e18dabb58de76d5b196ff42095df7664e313b4e/detection 139.60.162.173:3535 # Reference: https://www.virustotal.com/gui/file/cd35a539d995fc9bd7fc844e4d1f6efb6187892298d1d1afce4b2c8e5b641c33/detection 212.83.170.126:111 # Reference: https://www.virustotal.com/gui/file/adf5565528a5c596d84b47b5433698b547b2183c2b86187cba3a9b892cd533d7/detection 79.134.225.59:4771 # Reference: https://twitter.com/ActorExpose/status/1200834171545030662 # Reference: https://app.any.run/tasks/1d10bdf0-38d2-49cc-a2cd-267e7c56daae/ 79.134.225.90:32141 zlantan1234.duckdns.org # Reference: https://www.virustotal.com/gui/file/370a5c3410e458a615cd1b1581b90273bac8df37c602c83f9d2e4c85deeb6278/detection 185.165.153.113:32141 # Reference: https://www.virustotal.com/gui/file/46222e44edf6d4f9caf9ee55824ce5e20dfcf274a167bcbdca8b5e9eab4f346e/detection 79.134.225.89:32141 # Reference: https://www.virustotal.com/gui/file/d240a2899287ffa85ae3f2041bde1c6cf60a094fa3716182fa5111a0e814b7a8/detection 192.69.169.25:2555 wellcomehome.duckdns.org # Reference: https://www.virustotal.com/gui/file/a9833ef2f0ff93c2d46eb4ca7783be91d0d065f5db97a521b1428a9022e0bbb6/detection 192.69.169.25:10155 # Reference: https://twitter.com/JayTHL/status/1200887119545327618 185.165.153.190:3360 cash001.duckdns.org # Reference: https://any.run/malware-trends/netwire (Note: as seen on 2019-12-04) sandra.myddns.me 888rats.duckdns.org slimyuyo.duckdns.org vemvemserver.duckdns.org special2019world.mymediapc.net 3forall2019.servesarcasm.com jiddeshot.duckdns.org saintjames.publicvm.com joeiyke22.duckdns.org youforbiden.duckdns.org 12345dick.duckdns.org win360s.ddns.net mozillamaintenanceservice.duckdns.org 2020dcr2ewert-24ee-4edb-80bf-82dab6f9b9d.duckdns.org akconsult.linkpc.net duckdns4.duckdns.org salesxpert.duckdns.org # Reference: https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html (# Win.Malware.NetWire-7428720-1) cobroserfinansa.com # Reference: https://www.virustotal.com/gui/file/457b80e5bf2bc7901917523960cc9db4c3f80089026408f564633dbee283fbce/detection 79.134.225.121:3410 # Reference: https://www.virustotal.com/gui/file/d922e9068964beed6b4b9d6dce99a06f915b1c772363f847eaaa6a82931cc15b/detection nasoo.duckdns.org # Reference: https://www.virustotal.com/gui/file/f7f3b8083532e5468fc0eb50ab0df6006eae1a69d39c6241aba2f45e178df6e6/detection 79.134.225.121:7075 # Reference: https://www.virustotal.com/gui/file/2c35359dda093b3635434d8c03cc2703af6ff54f5f775f50098ca837fef39a44/detection truckbase.duckdns.org # Reference: https://www.virustotal.com/gui/file/bfa46975f1df64a6e0a8c4cd4fd6dd11f94f0f1e943bdc53a3dbdd9701e6ea5d/detection raaqtwo.duckdns.org # Reference: https://www.virustotal.com/gui/file/958384b533e9c4818026a6cca852eafc0c0a046294cc65ec030d9b70396b24db/detection 185.165.153.22:5555 # Reference: https://www.virustotal.com/gui/file/e0b0e3fab013dc09b6bdf69205fc5307f2b3651076719221ac5877b5ec8586a2/detection 185.244.31.42:2803 # Reference: https://www.virustotal.com/gui/file/4671508d92b3e347306677e573de08e434d08b6a45ba2aa2a0bdf413aebed3c5/detection 212.7.192.243:2803 # Reference: https://www.virustotal.com/gui/file/456f728d0b77f1b7a7cf80eac04eefed51bac192d0e8b7d0a966036ffbc50c30/detection 91.193.75.153:3382 # Reference: https://www.virustotal.com/gui/file/5ce56dd34b245ccabdb0ca49291443547b3b78dbd1d22f971319082222d2df14/detection 91.193.75.153:2803 # Reference: https://www.virustotal.com/gui/file/cece77471974acf2571a11c9df849ecc5c0caec716a5133eca57088500671338/detection 192.169.69.25:3382 # Reference: https://www.virustotal.com/gui/file/c805a88f47d67b56d9ba5613dbeb69953162abd6134a920e378092e99e0bfb51/detection 79.134.225.71:3360 # Reference: https://www.virustotal.com/gui/file/21ad213538f2236ce466d5dd0a2ec0a0b97afa99e223e065131b608f49da8635/detection 79.134.225.119:3999 # Reference: https://www.virustotal.com/gui/file/fdbf4c73db81705a8a27703447d665f3806345bd046cd721b8e78dd4786d61c8/detection 79.134.225.60:1 fineware.ddns.net # Reference: https://www.virustotal.com/gui/file/03afbf2ae0de830ca39d35b5574dc38cdb66210b11f64d6d3cb0fab2168261a6/detection 193.160.10.83:1 cocaboss2017.hopto.org # Reference: https://www.virustotal.com/gui/file/cf1ca867f165ab67d102e6b918040e2e17fc1b5d1883d8f642019a17c8e6b8b2/detection 185.101.92.3:5553 qatar1.ddns.net # Reference: https://www.virustotal.com/gui/file/60d0357a80a01b899f289d690076a35cde6f89e1f72128ff6aca8d7595a2ef74/detection # Reference: https://www.virustotal.com/gui/file/47007057990f2e09ddedaf580bf5705fc0f7c9fed153bc7b1fe3b0d61001967a/detection 104.18.34.86:8888 104.18.35.86:8888 104.244.75.220:8888 nozomi.sakananoko.io # Reference: https://www.virustotal.com/gui/file/e0f8c12ff13dc56a9ba268873c9747c4ab40e462f7e842b24a018bab7e0a05aa/detection 168.235.111.253:5553 # Reference: https://www.virustotal.com/gui/file/ded798f496c5af0c00ce63c829f69c783c9f45ccf4f0e850f18740d85f201c13/detection # Reference: https://www.virustotal.com/gui/domain/spyzdns.pro/relations 104.152.208.211:5577 spyzdns.pro # Reference: https://www.virustotal.com/gui/file/ce1960525f5588b19f0c6de2026e02000518e2d3f8c5d23ea60e45849a04ee14/detection 104.152.208.211:1112 # Reference: https://www.virustotal.com/gui/file/bed345a08313800a40dc5c68f9084bf6063a4a430c88e410f0fe463eb5388b51/detection 154.16.201.10:1302 # Reference: https://www.virustotal.com/gui/file/aae2fc7d7b828a8d65382a2b5ccd4c490bc16bcdac1375d4e20cffa83aecdfe7/detection 82.118.21.3:1112 # Reference: https://www.virustotal.com/gui/file/46aefe90a8ea70f53e77cbc9942409479b95c0f264ac6082b1e1f502e30b13f7/detection 79.134.225.19:1112 # Reference: https://www.virustotal.com/gui/file/6e9d20cbacd0fd5a8f6b6a9971ef0a3587a50415993755069e17420d09d84c70/detection 23.254.203.242:1112 # Reference: https://www.virustotal.com/gui/file/f87b6d4cb39625b3c64c36e763a2098543d570208b9fd4d0f1940f0c34fa4073/detection 51.77.254.186:1112 # Reference: https://www.virustotal.com/gui/file/90a80ce3af5ec668660b8e993a4296b320422d40f8389d7e79f0482187ab36b5/detection 5.206.225.37:1112 # Reference: https://www.virustotal.com/gui/file/1b2cd3209d033f14cf9666e46cb989289f6a5e7c79d4c17ea30a619945fdbbf0/detection 91.193.75.130:1112 # Reference: https://www.virustotal.com/gui/file/3d9a9127438c6f2fc36d5b7b2a1841bc8316bef29fe7bd097c057c83a4eaa8f4/detection 79.134.225.112:4062 # Reference: https://www.virustotal.com/gui/file/1bbe5e5f6161da584298bc9e2ac3cb853d129d9050bc621fc6a84da55df7788d/detection wealthme.ddns.net # Reference: https://www.virustotal.com/gui/file/c7920d72eebb28b953909d9056c9b79eadefe0465b5d4ce1ca3d4ab5b15e5c59/detection # Reference: https://app.any.run/tasks/5e4f7cc9-9b9e-4c37-aed5-cfe6344f5f01/ 79.134.225.103:39561 79.134.225.112:39561 # Reference: https://www.virustotal.com/gui/file/01fe7838d971a668e602e176bde1de4bbb74146d00c515a6f9e1bd5e5206a70c/detection 79.134.225.97:6973 bcvfg.ru jhndfghjk5gf56.ru # Reference: https://www.virustotal.com/gui/file/6653b1a67dd2db3a54e6745b60a0288d8225046238792a631e40c97826cbd496/detection bmvmnfgfgfg.ru # Reference: https://www.virustotal.com/gui/file/45f44c19d5117803f5efad9208e31872c55296393eb0cf83665cf8299fbe28fb/detection 79.134.225.97:6974 # Reference: https://www.virustotal.com/gui/file/d64a2ac89a24a756d612afaa001a64fc32f35e870e4ffdfe8e0ed9252a31496f/detection 185.140.53.59:6974 dfgjhkg45fgd34231.ru # Reference: https://www.virustotal.com/gui/file/f003d02ca28dbecfbffed0c7ae263ac2262d6a822e9f048351e8f5df9a84b2df/detection 79.134.225.97:4000 netnet.mynumber.org # Reference: https://www.virustotal.com/gui/file/a70f7737b7a9d18db161e843c7f65f1dbff81fdb1fc021d284cac1d5a3e5a722/detection 185.140.53.95:39560 wealthyblessed.warzonedns.com # Reference: https://www.virustotal.com/gui/file/8ee1bb2ba20aea3d8aab5b3c075e0ad722b4f97e82105c41e671d7cabee46759/detection 185.244.129.107:3360 # Reference: https://www.virustotal.com/gui/file/ae62bc857e4d76badd722db97bbc62ae9f5b0d2f747182a0796eaf9582b98e24/detection 185.244.129.107:3361 # Reference: https://www.virustotal.com/gui/file/1bc2f5f12f36dbea6e40900c02c398273e2dc3de6d7a266f9dc9b3a582fb6912/detection 185.244.129.107:3363 # Reference: https://www.virustotal.com/gui/file/92edc5544cf9ac3b59927bb09d8e3a2247f90a34176a088522a10671a6c5f1e1/detection 185.244.129.107:1994 # Reference: https://www.virustotal.com/gui/file/d848def04aaee6e3dfd8928d7ba4342decad19b70f144c7991cb60bc05153c8c/detection 185.244.129.107:1875 # Reference: https://www.virustotal.com/gui/file/7c7fa82411896ca49680ace75afd36bf05bb241c53370a429d9e04751809bebb/detection 185.244.129.107:9999 # Reference: https://www.virustotal.com/gui/file/957375fb8a42d48c20f8d62910e69baafe698386b58d9ffd9da4db1f3d1ff360/detection 185.244.129.107:8888 # Reference: https://www.virustotal.com/gui/file/0dbe96acd7d8270e0b7f76ea14050de8e00aad2ea7da029ab16a2421112ff499/detection 185.244.129.107:1150 # Reference: https://www.virustotal.com/gui/file/8ca42be777002ed230c4874808e062274757bc89d46b9804f13c158e0a46c202/detection 185.244.129.107:6568 # Reference: https://www.virustotal.com/gui/file/3f84ee9d7f2976ce059f626bf8dedfbed5888195b2ec00346d6e1b4b0be47d47/detection 185.244.129.107:1959 # Reference: https://www.virustotal.com/gui/file/983ed3663de89038c3ce1afa88960e6b1a3108c76d7f473752d9aac98a6c123f/detection 185.244.129.107:4000 # Reference: https://www.virustotal.com/gui/file/0213918d41e2723ef382fad30b757ce9c6ee9f8e36ea659b1cf9f0e1253d2809/detection autos.duckdns.org # Reference: https://www.virustotal.com/gui/file/bbf315665776da8bbb6ee1e5c9bb651c29584fc2d6a0ed1fd9d9796ad5b58355/detection 79.134.225.118:5389 # Reference: https://www.virustotal.com/gui/file/2ad98734186b1f32bc4adcb1749d8fe35510bd24c661372431f786169616f841/detection 79.134.225.118:4000 # Reference: https://www.virustotal.com/gui/file/5c72d24d98219b4e3bda91e2714db3ce7066a3d6aed90052d357ad95b31f2b77/detection 91.193.75.66:2803 # Reference: https://www.virustotal.com/gui/file/908d291a14413c4f558ee3f8f5899b3068233e7c91b57838f5aec4704659256f/detection 91.189.180.199:3362 # Reference: https://www.virustotal.com/gui/file/86d169d2c9bb56c9114aa071246c6e6b59ae549096d4853cde68c3aa725f7a2b/detection 91.189.180.199:4050 # Reference: https://www.virustotal.com/gui/file/4e94d2474092220738319eece43e0c959a34339ab0871ccbd620f0366b4faf5c/detection 185.244.31.108:3340 # Reference: https://www.virustotal.com/gui/file/529275af456f0784e3d94186cd8293be54466fb14f8bf4b79d7465fb190cd83a/detection 91.189.180.199:2555 red.speedfastmaking.com # Reference: https://www.virustotal.com/gui/file/de3a58e51d2f1bccf64ad16c33065acf9943dc918d74fca52fc2ec874abe63ed/detection 45.89.175.161:3501 # Reference: https://app.any.run/tasks/cd62d754-9c3b-481d-a70f-34212efa4ca9/ 79.134.225.97:2556 # Reference: https://www.virustotal.com/gui/file/49593d50b98d8ab429704387e7a1663c5aa53aed6c007c17e960a7a3d435e72a/detection 79.134.225.73:1968 # Reference: https://www.virustotal.com/gui/file/3cebeb277998398307bc20b7f7461c996be6f4f899a95151563a0279715de2b4/detection 79.134.225.73:1969 # Reference: https://www.virustotal.com/gui/file/6a6826cbe38a06a2b381c208519c4891ccb95c49958c2173cd2eef3db62329eb/detection 103.200.6.79:5119 # Reference: https://www.virustotal.com/gui/file/67349f5ab9898c358616f3e9640430a093fb7e705d08bb4641f53202dc9e3bdc/detection 185.165.153.6:5119 # Reference: https://www.virustotal.com/gui/file/3eaed7ad25fc65b5593e21ade9fc28afd13d6655c9aa5574c124f89cb8bb2c76/detection 185.145.45.14:3535 # Reference: https://www.virustotal.com/gui/file/6cb7ff1dd549faef0e30bc2f9f5df36e99711a63587c83628fd948ffa8cda5de/detection 154.66.20.48:3535 # Reference: https://www.virustotal.com/gui/file/fed40b4cf9225ca3a8489371aa92ac7fc4ea6b51daaf5f47a5b3f3720d6db0bf/detection 160.152.47.124:3535 # Reference: https://www.virustotal.com/gui/file/7424c56def4e99420a78ccbc85233c5c78e2d2d737fe694be7709d2942b96f63/detection 184.75.209.164:3535 # Reference: https://www.virustotal.com/gui/file/0e475d21f42bef2896cd73dc0342b7ca8b65bd12da903a336df0378111be4506/detection 184.75.209.179:3535 # Reference: https://www.virustotal.com/gui/file/53cd0c05fa8b4d6fa119f040e239c4fb7e0698a8f3f90d18049b0055a8efa984/detection 185.244.30.4:3535 # Reference: https://twitter.com/wwp96/status/1214207875272368130 # Reference: https://app.any.run/tasks/1c9cbe8d-32fb-4b1b-966f-cfc818c61a3d/ 197.210.227.25:39874 hostnameddns.ddns.net # Reference: https://www.virustotal.com/gui/file/0e462e54bd7654bae356cab61bd82078a7a2acec32d49764fe70f5bd8e570dfc/detection 41.100.118.46:3360 41.100.27.46:3360 # Reference: https://www.virustotal.com/gui/file/a0c0926a0e658ab70618683faa119a239a79dbacbe31e26e847c850e6b108372/detection 128.90.105.67:3360 # Reference: https://app.any.run/tasks/0492ec43-72c7-4ce5-b149-bdf57ed43325/ hostnameddns.ddns.net 178.124.140.135:39874 # Reference: https://twitter.com/Racco42/status/1214549597072371712 # Reference: https://app.any.run/tasks/8b2089b9-7dcf-42a0-a693-ce1e695c6fd4/ 154.16.93.172:3363 # Reference: https://app.any.run/tasks/65e8f4f5-590e-4333-99fb-f88b9550edfc/ personnels.bdm-sa.fr 213.227.140.15:3360 # Reference: https://twitter.com/ps66uk/status/1215035648899452929 185.103.96.151:3393 # Reference: https://twitter.com/Jouliok/status/1215152539672416256 # Reference: https://app.any.run/tasks/08b6f560-69ef-4691-8539-7610f185a24d/ 185.244.30.244:32002 glo1234.duckdns.org # Reference: https://app.any.run/tasks/9d77d904-0131-4176-bb78-c88c717f5923/ # Reference: https://app.any.run/tasks/0dea0f85-7de4-47b2-8b0b-05864253ee78/ siri1234.duckdns.org 185.244.30.244:32141 # Reference: https://app.any.run/tasks/8875db16-9f78-4856-8525-03ea1ba8cd0d/ mardjdf.ug kjsdtrfuyhgxcv.ru 185.244.30.74:6974 # Reference: https://www.virustotal.com/gui/file/e834928ef654d59252d621b946d4850bebcba0f0593d23b7a70bd41bb2e3b222/detection 154.120.86.70:39561 185.87.187.198:39561 79.134.225.103:39561 79.134.225.74:39561 79.134.225.91:39561 wealthyme.insidedns.com # Reference: https://twitter.com/ffforward/status/1219168656749481984 # Reference: https://app.any.run/tasks/25ac1017-8d38-461d-b4f4-2ece96e35d31/ 185.244.30.131:3382 teller92.duckdns.org # Reference: https://twitter.com/James_inthe_box/status/1221899988910796800 # Reference: https://app.any.run/tasks/32f81bdf-2456-475b-9ae2-b625dbf5c75c/ 79.134.225.96:6556 # Reference: https://www.virustotal.com/gui/file/f761e3a2cc1998a331c3ea070dd1ec484e5c93c7a056917b0413d45d5dfb875c/detection mbvd.rapiddns.ru mbvd.zapto.org # Reference: https://www.virustotal.com/gui/file/157df988e3da058cf4860eadb94eb72fb990e72d278b4986c0872c2f8837dd42/detection mouqgsud.duckdns.org # Reference: https://www.virustotal.com/gui/file/45784693e41a8853280c88f93a4bd97da0d443082a01fa8f4fde5e211f2ee5ee/detection equipepro1.duckdns.org # Reference: https://www.virustotal.com/gui/file/356cd8a721836f208eba7b90bfc44595cb5e96a9b67de8fdcb2b3092460b4351/detection 192.169.69.22:9003 mailinfossl.duckdns.org # Reference: https://www.virustotal.com/gui/file/42aa0152a5d6a16e07a78faa47fedfdee514778a3740c7607ce598a2d7178998/detection 192.169.69.22:9002 # Reference: https://www.virustotal.com/gui/file/6c8eadfcecafdebccc737420d83c1f8493d12fcbecf13198aff88c10017316fc/detection 192.169.69.22:9004 # Reference: https://www.virustotal.com/gui/file/c9ef83e830ea1418ba1cfc039987ef162bd8bee44a7d48f9b4a69cc5a83c4a85/detection 192.169.69.22:5745 # Reference: https://www.virustotal.com/gui/file/5f1fc267382c469b754fab1d26cdef72a04706bddc2e8126c5c4babd285c5abb/detection 178.124.140.147:3367 # Reference: https://www.virustotal.com/gui/file/0bb15195ec2c765d380f8a0a6e71dcb295b5a1a58181d17d4c94e4055298f492/detection 152.245.159.184:3360 # Reference: https://www.virustotal.com/gui/file/12e54fdb184adc6e70bda21efab2e8f6a20097fd306d50bde5365aaecc7fbd13/detection 204.152.219.73:3399 204.152.219.87:3399 # Reference: https://www.virustotal.com/gui/file/ded9d5c163a8b6819d2b343b551475278cde4856371a4d8f14f05f81f90d69c9/detection 173.254.223.98:3399 # Reference: https://www.virustotal.com/gui/file/e858c68ae066955058037cf5176da901e5a086fcb75be7f6566707d4ab0587f1/detection 66.70.220.99:3399 # Reference: https://twitter.com/James_inthe_box/status/1223267976972914689 # Reference: https://www.virustotal.com/gui/file/3f876c4fc193747c83813c2cde296f3a952cdd4fe497af88e684e1b7f0526019/detection 79.134.225.71:6798 # Reference: https://twitter.com/wwp96/status/1223285981589188612 # Reference: https://app.any.run/tasks/53d801d3-5a44-4e1c-b571-62bb661d6ead/ 172.81.129.222:5642 sacjllw.duckdns.org # Reference: https://twitter.com/wwp96/status/1223277154399588352 # Reference: https://app.any.run/tasks/9cf8b1dc-353a-4173-b53f-5de22a75b808/ 185.244.30.177:8967 # Reference: https://www.virustotal.com/gui/file/675a46d870db0f3f7ac72db4349b2d1501392cf80ea399d9a3120a50a515dcd8/detection superserver100.hopto.org # Reference: https://www.virustotal.com/gui/file/cdf19a655f34fe03dec263807bc3dac28978ba997853d1ab3758318aaf65d19e/detection goodgod2020.ddns.net # Reference: https://www.virustotal.com/gui/file/b9074d0cd7ac7ce88dfcf67a6bd012215bdc2c7a84b9d0b62431d14fe86acbfc/detection 185.244.30.177:8973 # Reference: https://twitter.com/wwp96/status/1223286932068847618 # Reference: https://app.any.run/tasks/5d331327-7a86-485b-a09f-7c0c14ce5688/ 185.19.85.181:9801 office30b.dynu.net # Reference: https://www.virustotal.com/gui/file/1831eb0d40d218809a97b457ecd5b76414cde86a09c6c641ba0115936954fe6f/detection 185.244.30.4:11012 checker.rneiko-elec.com # Reference: https://www.virustotal.com/gui/file/87d0cc61e4d4c8f5ae9d99cadf60c546a7f9efd53c7fa95f42f8725c7a758761/detection 45.125.239.50:11012 # Reference: https://twitter.com/wwp96/status/1225528888224354304 # Reference: https://app.any.run/tasks/5b5956b8-0e02-4cc6-9143-b3fad0e5707b/ 185.140.53.47:8461 # Reference: https://app.any.run/tasks/29f61d99-bdea-4285-8476-154ecc0a0041/ pluplu.duckdns.org 185.244.30.160:32123 # Reference: https://twitter.com/P3pperP0tts/status/1228687569858256897 144.217.50.221:33400 extreme33.dns1.us # Reference: https://twitter.com/wwp96/status/1229445450094301191 # Reference: https://app.any.run/tasks/9963d8fa-24cb-420d-865e-7ebc557b5439/ 185.244.30.102:8054 # Reference: https://app.any.run/tasks/b1411f6f-895e-4044-800a-f78adfc32ccb/ 185.244.30.131:3382 automan.duckdns.org # Reference: https://twitter.com/wwp96/status/1229838934563225600 # Reference: https://app.any.run/tasks/4e12a96e-3a18-45a8-8965-8ee6bd3fbb77/ 79.134.225.103:39561 # Reference: https://twitter.com/JAMESWT_MHT/status/1230175307874918410 # Reference: https://app.any.run/tasks/1029f8af-17c3-4a58-8a22-3154ec7d09b5/ 192.169.69.25:33094 holyshit1234.duckdns.org # Reference: https://twitter.com/ActorExpose/status/1230165599227129856 # Reference: https://app.any.run/tasks/1c1eb30e-97c1-45d0-a3e3-9d8d8a0a3c86/ 192.169.69.25:32002 # Reference: https://www.virustotal.com/gui/file/46f8a8ae02b3426dce0001671ac4d2f718909cd5f5a243d4adb56e1ddf69dc41/detection 184.75.209.178:1604 xcashanthony.linkpc.net # Reference: https://www.virustotal.com/gui/file/01ff797809443e1746dc01d336873f89d9ac2e93753ffdcddf678d21388cc974/detection 164.132.90.226:5566 # Reference: https://www.virustotal.com/gui/file/a06f55012488dada4982e457a732453621230a160e7325e10710e7dae907e182/detection 191.101.22.200:4066 # Reference: https://www.virustotal.com/gui/file/f53dbff628c266f2436aa47fd45f7629e2c93ed38ddafb88d98fda2b6333d6a2/detection 164.132.90.226:4065 # Reference: https://www.virustotal.com/gui/file/a2c48e42262edd104750ef58c99bec0a352ba6a7dd4b46247507185af3ea30b8/detection 164.132.90.226:4066 # Reference: https://app.any.run/tasks/911a177e-716e-4d02-8b12-bb7edc181d0b/ oluwaboi.duckdns.org # Reference: https://www.virustotal.com/gui/file/3ca158c648167f703a19404195206c9a8abeda8ce34ffc65cffb18172a1e816a/detection 168.235.111.253:9029 185.101.92.3:9029 # Reference: https://www.virustotal.com/gui/file/62d19b8078f443b8e41a653d8800802cc5666ecc9d786f4c52f4b9326eadc2b0/detection 149.56.13.252:9029 hikari.sakananoko.io # Reference: http://benkow.cc/export_rat.php (Note: as seen on 2020-02-26 - filtered) betterlifecommerce.ddns.net blessedbob231.ddns.net bobfinger.hopto.org bobomoney.ddns.net bobrahls231.ddns.net ddns.catamosky.biz edsm0100.mooo.com edsm010.mooo.com iheuche009.hopto.org newmone.ddns.net rmaos.ddns.net slyovic84.ddns.net # Reference: https://www.threatcrowd.org/malware.php?md5=8b4619872687d62f4e88201b47e674f4 endyblast2015.ddns.net # Reference: https://www.threatcrowd.org/malware.php?md5=a5d08b1266017e6e97b523eb7ea0eaa7 javaupdate.redirectme.net # Reference: https://www.threatcrowd.org/malware.php?md5=010573704030c067732b04c19dc8483c devb0t.duckdns.org # Reference: https://www.threatcrowd.org/malware.php?md5=192875986d926250e1e7a152101926b2 puffyabeg.zapto.org # Reference: https://www.threatcrowd.org/malware.php?md5=3b8fb59c1302dc91c37e0b754b3817de kekaima16.gotdns.ch # Reference: https://www.threatcrowd.org/malware.php?md5=5da194dab33f959b30df43a2ce822d89 puffyabeg.zapto.org # Reference: https://www.threatcrowd.org/malware.php?md5=672eac9c8fbee763f027367e83459943 shugar01.linkpc.net # Reference: https://www.threatcrowd.org/malware.php?md5=8b4619872687d62f4e88201b47e674f4 endyblast2015.ddns.net # Reference: https://www.threatcrowd.org/malware.php?md5=a5d08b1266017e6e97b523eb7ea0eaa7 javaupdate.redirectme.net # Reference: https://www.threatcrowd.org/malware.php?md5=90c4eb3103ebf264a21ad3a65667f52c newossy.ddns.net # Reference: https://www.threatcrowd.org/malware.php?md5=73a1aca81d7b468b1bac13314657fb32 paravar.duckdns.org # Reference: https://www.threatcrowd.org/malware.php?md5=192875986d926250e1e7a152101926b2 puffyabeg.zapto.org # Reference: https://www.threatcrowd.org/malware.php?md5=0b68bbd6bf35497b4bf1acb7bfd14e25 vnc.vncdns.org # Reference: https://www.threatcrowd.org/malware.php?md5=3690db9a2d82a8d6fc6d6112629c35f7 chima.duckdns.org # Reference: https://www.threatcrowd.org/malware.php?md5=5da194dab33f959b30df43a2ce822d89 puffyabeg.zapto.org # Reference: https://www.threatcrowd.org/malware.php?md5=9b322e18a1c54f6c4146a8eff8810ab5 cialis.hopto.org # Reference: https://www.threatcrowd.org/malware.php?md5=992fede1d36456885e09d76ed07a9536 raja51.no-ip.biz # Reference: https://www.threatcrowd.org/malware.php?md5=b5df5af225c1153e2f0cc3aaf4ceb636 onyeoma5050s.ddns.net # Reference: https://www.threatcrowd.org/malware.php?md5=022af7fa0bae01d99d6fc635ad829f27 crownsoftwares.linkpc.net # Reference: https://www.threatcrowd.org/malware.php?md5=12326af35870127f061716944c97f163 slyopez.no-ip.biz # Reference: https://www.threatcrowd.org/malware.php?md5=40f8d159c5903953a3485ae0b9e90cbb waaz2017.hopto.org # Reference: https://www.threatcrowd.org/malware.php?md5=12326af35870127f061716944c97f163 slyopez.no-ip.biz # Reference: https://www.threatcrowd.org/malware.php?md5=1f1e31fa4e7dae9c4095f1e3e22f6139 pefeez.no-ip.biz # Reference: https://www.threatcrowd.org/malware.php?md5=224c73f8172123e5ddca2302425664a6 bitcoins.dd-dns.de # Reference: https://www.threatcrowd.org/malware.php?md5=3586c5048e2a7dbf318b3d22fac70bee 616.dyndns-pics.com # Reference: https://www.threatcrowd.org/malware.php?md5=d9873129c240bbc54fc9e67a2e67ae71 frostix.zapto.org # Reference: https://www.virustotal.com/gui/file/ab4cbd7cf0fba3617cfb18ce352ea5ed1bd4d4814b0d0e428c04ffbdce718a45/detection 216.38.2.200:3742 tizardns.3utilities.com # Reference: https://www.virustotal.com/gui/file/590b05be2f7e4a127554f8ff58f48460064fdb06fa9e2a69a03bbb34b069dc77/detection 93.76.225.225:3742 # Reference: https://www.virustotal.com/gui/file/20af0e22f31e87bae5057ee93ff809945043ec3ad74281f995911dfaa59db2d5/detection bishop123.ddns.net # Reference: https://www.virustotal.com/gui/file/1675517b14368c9fa446d44a99b3cc50f7b1810211e4c4bf2437d6f04358e78d/detection 192.69.169.25:10011 # Reference: https://www.virustotal.com/gui/file/275bb8c7c9b219d43fe9966702d325f817a11e8cf71e5dd456898c785fe737d2/detection uzo123.serveftp.com # Reference: https://www.virustotal.com/gui/file/4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920/detection james7.serveftp.com # Reference: https://app.any.run/tasks/b37f66f6-d7bf-42c1-a4cc-5a0c303728b3/ malu1234.duckdns.org # Reference: https://www.virustotal.com/gui/file/64c0a875d5b4fbe111ccae5608e7a6021238c179971a8508cb4187ade0ec5af8/detection myonlinehost.ddns.ne # Reference: https://www.virustotal.com/gui/file/412bb528f1b51cf344453fd8486bb86e1d0215df8d37819e2ece3fdfd994b323/detection 41.249.230.128:3365 # Reference: https://www.virustotal.com/gui/file/1ffe90db3c24adc604b2d82f4be3ab9c7d86adf9ab1ec33bf26bc98c7398dab1/detection 105.158.130.44:3373 # Reference: https://www.virustotal.com/gui/file/3ffc60a7d92086e73ef200e9e82151463edf22a41294bf7abf6f896c29e067d2/detection 105.155.226.200:42030 # Reference: https://www.virustotal.com/gui/file/9d03b6287d04b6152596fc198b0ccbfb7ff415339086ce9526cba7b72ee67162/detection 160.177.253.154:3367 41.249.220.151:3367 160.178.239.190:3367 160.177.249.170:3367 # Reference: https://www.virustotal.com/gui/file/9050608a2e20ae618a50f65408da66c4278d2a66d6431dcc6e31ec223e245d75/detection 160.177.249.170:3369 160.177.250.59:3369 160.178.77.39:3369 41.249.220.151:3369 # Reference: https://www.virustotal.com/gui/file/2651533477a79487386d22c1aac91a305272e804c11ab39052059fbf31804b8e/detection 160.178.73.206:3365 196.89.41.151:3365 41.249.221.205:3365 # Reference: https://www.virustotal.com/gui/file/c73f3a38da60a7d09704d3baf7c9cb342243c6f8e8f0e18f827db7765d65bd1a/detection 160.178.76.201:3364 196.89.45.156:3364 uploadp3p.publicvm.com # Reference: https://www.virustotal.com/gui/file/a8dcd4602e681bcaa2b3a6ee431323814e658e9b7a51003e0da9e90ad784ff00/detection 196.89.45.156:4007 # Reference: https://www.virustotal.com/gui/file/01fce75ef532a5ad0e276cbd6e33978e210d2203d4a0f972d4fd9d05b43aeecc/detection 160.178.76.201:3362 196.65.67.45:3362 # Reference: https://www.virustotal.com/gui/file/462af4f75dbbf4ca0571bdba7a4319146a41821e32ffb0aacc308ef2375bd196/detection 196.65.66.150:3361 196.65.70.132:3361 # Reference: https://www.virustotal.com/gui/file/a098cd5c4441b3758f28f279fa9c50ac581c28e55f078c9e06149af163d96bec/detection 160.178.79.11:3366 196.65.66.150:3366 196.65.66.170:3366 196.65.70.132:3366 # Reference: https://www.virustotal.com/gui/file/8c076a6b418b9ab4de80f4a4c30d9b5170f879e9cbfa93788e65ed2d43f46e4c/detection 196.65.71.242:3373 # Reference: https://www.virustotal.com/gui/file/803767eb1316662493b4be12e1ef9d37bccbbcc9e471bf759fe9cab29e264865/detection 105.155.226.200:4460 196.89.45.156:4460 41.249.223.7:4460 # Reference: https://www.virustotal.com/gui/file/90c80eec250a308da6b63ba6dd2e5b53e893b82c56b33ad6fbf50276cf52abf1/detection 105.155.226.200:3364 196.89.45.156:3364 # Reference: https://www.virustotal.com/gui/file/1726d0d7ac972fc3aa1223eee06b159a2e0c03846b6ec92229ca381d979d5954/detection 160.178.73.206:3364 196.217.82.138:3364 41.249.221.62:3364 # Reference: https://www.virustotal.com/gui/file/c8e150f95259c60c4e6dcb405b3173cc6f06c57205fc2c5ece3d29795e6f0be0/detection 196.217.82.138:3365 196.89.43.2:3365 41.249.223.148:3365 # Reference: https://www.virustotal.com/gui/file/e3b24282fee41284f39fcb1164c6be199c398e062303e7afa5e1c5b0d4cac440/detection 196.217.82.138:4005 196.65.70.132:4005 196.89.43.2:4005 # Reference: https://www.virustotal.com/gui/file/568565ffa20702db488d154d4260e59cdf41a903f5e75f980b705cd366626b70/detection 105.155.226.200:3373 196.65.64.239:3373 196.217.82.138:3373 # Reference: https://www.virustotal.com/gui/file/2e4a248e3f279a42e2bea37409ab0de8770a3cd4a3b5fcccd701a535c2436d52/detection 196.217.80.122:3373 41.249.221.62:3373 # Reference: https://www.virustotal.com/gui/file/19b02f23f833879da08701fa3a22a94408c873f085a83870c72bc63a92e470d1/detection 105.158.131.152:9003 # Reference: https://www.virustotal.com/gui/file/a7d7fd09d9547a885997207de563eba1de4059fbcdaaefd16aa79db0c7302836/detection 105.155.228.129:3373 105.158.130.44:3373 196.217.82.138:3373 196.217.80.122:3373 196.64.141.63:3373 160.177.249.170:3373 # Reference: https://www.virustotal.com/gui/file/18b1aa8517ffc1f47d4026576c2ed3f9eaa1a2ee650f05d74288f77fde4eaee5/detection 105.155.229.254:3373 196.217.82.138:3373 196.89.41.154:3373 41.249.220.151:3373 41.249.223.197:3373 41.249.221.205:3373 # Reference: https://www.virustotal.com/gui/file/219057815c7aa05e6a84d36642c15d0c0e84310377fe4e3c077c86558ccc38ac/detection 160.177.251.71:3373 196.65.68.101:3373 # Reference: https://www.virustotal.com/gui/file/64eb5a8ab546a459798bf6b1680bcdffc4220a03af9a8622591a47ac4930916d/detection 105.155.229.147:3373 196.217.80.252:3373 # Reference: https://www.virustotal.com/gui/file/6a394a2610bb48aca3085bf4f9dc3b9076429762b4de6bdc7d01235110e5ea7a/detection 105.155.229.254:3365 105.158.131.152:3365 105.158.131.58:3365 160.177.249.170:3365 160.178.239.190:3365 196.217.80.37:3365 196.217.82.138:3365 196.217.84.2:3365 41.249.230.167:3365 41.249.231.227:3365 # Reference: https://www.virustotal.com/gui/file/bced0fc7a6a0ce55e3ef15f3de669e792bba21756bf57aa447305be1d62370d8/detection 160.177.249.184:3373 196.217.80.37:3373 41.249.230.167:3373 # Reference: https://www.virustotal.com/gui/file/8640a02382aaf163190e96fdc9620bef3b31417ff1d1bb1ebdef511a184d1cc2/detection 105.158.130.44:3371 105.158.131.58:3371 160.177.249.170:3371 196.217.80.122:3371 196.64.141.63:3371 196.65.66.170:3371 196.65.71.242:3371 41.249.223.186:3371 41.249.230.167:3371 41.249.231.227:3371 # Reference: https://www.virustotal.com/gui/file/e1ceb3cf6bc1ba457f9428409d3a7b44cbe0a2f514537db01815eb9bb29b2d42/detection 105.155.229.147:3373 105.155.230.165:3373 160.177.251.71:3373 160.178.235.223:3373 196.217.80.37:3373 41.249.230.167:3373 # Reference: https://www.virustotal.com/gui/file/dc7902a7f5e91daa189b2a3e3bbb52935af37e204c8adfb7bf7e1fa4fb150d14/detection 105.155.229.147:3362 160.178.237.193:3362 196.217.80.37:3362 41.249.230.167:3362 # Reference: https://www.virustotal.com/gui/file/2799a04369421b6360d83fdc99474038d1a55327ece7566dacf7ac5b73e57baa/detection 105.155.228.129:4007 105.155.229.254:4007 160.177.249.184:4007 160.178.234.66:4007 160.178.74.96:4007 196.64.141.63:4007 196.65.68.101:4007 196.89.47.12:4007 # Reference: https://www.virustotal.com/gui/file/0f8afb575bc85366c2f33657f105afcc794406f014af3ca982954d5e5894553c/detection 160.177.250.59:3366 160.177.251.71:3366 160.178.76.232:3366 41.249.218.183:3366 # Reference: https://www.virustotal.com/gui/file/a121b1c39a0716661acee1c8371894fbc3ee138daed0120351e930f7186e1ebd/detection 160.177.254.197:3361 196.64.141.94:3361 196.65.66.170:3361 41.249.223.158:3361 # Reference: https://www.virustotal.com/gui/file/d731a3e4fd7682102dc6d055188f680e29e2cfc27c2cb7ef79c7120902b98ab7/detection 160.177.254.197:3372 41.249.223.158:3372 # Reference: https://www.virustotal.com/gui/file/ef9d138f1c67318cc892074f793b7e2cd4b4fdaacca91db3368293229be57ca3/detection 105.155.230.225:4003 160.177.251.137:4003 160.177.254.197:4003 41.249.219.159:4003 41.249.219.67:4003 # Reference: https://www.virustotal.com/gui/file/c6a0e9c525a1d462d6b3b79b4c9585477fef24e5ab0e446dcf0beb1ee1abdf05/detection 160.177.254.197:3373 160.178.235.55:3373 196.89.46.165:3373 41.249.225.223:3373 # Reference: https://www.virustotal.com/gui/file/523478168a0339f706b7a9f33776ddb5c9e7a33b90405fd2063a216ad7d2b496/detection 160.177.251.137:3364 160.177.254.197:3364 160.177.254.9:3364 41.249.219.159:3364 41.249.219.67:3364 41.249.223.158:3364 # Reference: https://www.virustotal.com/gui/file/d8d6db4d001f61f404867bee69b3b7de2f73f012552599bf4d5b97945afd76f5/detection 160.177.251.137:4460 196.65.71.111:4460 41.249.217.195:4460 # Reference: https://www.virustotal.com/gui/file/95f15d289221eaf0e58e166beeee8334b8f1d8b1daafe926720c834f3abf7e60/detection 160.177.251.9:4003 160.177.252.233:4003 160.177.254.197:4003 160.178.235.55:4003 # Reference: https://www.virustotal.com/gui/file/7e5f398417f6ea250467c5d1fd22f653ffb8e06de25d7f1c33fb253ee45f0672/detection 160.177.251.137:4004 160.178.79.178:4004 196.65.71.111:4004 41.249.219.67:4004 41.249.230.96:4004 # Reference: https://www.virustotal.com/gui/file/fe6ce34cf2252e2a78d80da05d8356d51c5e60b7ec9bd6cfd95f28857cfd5017/detection 160.177.251.137:3372 160.177.254.197:3372 196.217.80.252:3372 196.65.71.111:3372 196.89.41.249:3372 41.249.219.159:3372 41.249.219.67:3372 41.249.225.223:3372 # Reference: https://www.virustotal.com/gui/file/15afdcfb8ed57e164da56cccec4ab70a8181e9b0ea93da887245e4a0b1eaf759/detection 160.177.251.137:3373 196.65.71.111:3373 41.249.217.195:3373 # Reference: https://www.virustotal.com/gui/file/668aaf0cba4aca7fd31a4782797d6a5cd2e26a0b9d0c0b51d8f009e867daf660/detection 196.65.65.154:3373 196.65.71.111:3373 41.249.217.195:3373 41.249.230.153:3373 # Reference: https://www.virustotal.com/gui/file/08a85c2751f0366b0e63f8b24dfeeca68c051997d793c3bc74a2033d520402e3/detection 41.249.230.96:4460 # Reference: https://www.virustotal.com/gui/file/b1efb65d1113be64c0ceaa746f30090dea7ef52b251290daaed48fcea63a8bc8/detection 160.178.77.160:4004 196.65.71.111:4004 41.249.217.195:4004 41.249.219.67:4004 41.249.230.96:4004 # Reference: https://www.virustotal.com/gui/file/36d3072ae760f1033aac4f721b7438eb7adde86eaf69125cb565d397708ff5d7/detection 160.177.254.197:4003 196.89.40.246:4003 196.89.43.40:4003 196.89.46.65:4003 196.89.50.55:4003 196.89.55.177:4003 41.249.219.159:4003 41.249.219.67:4003 41.249.221.175:4003 41.249.223.158:4003 # Reference: https://www.virustotal.com/gui/file/11679bd5352b75b52ddd80bf6495686594284381c3149636b13b8e3930bf697b/detection 196.217.81.13:4002 196.89.43.40:4002 196.89.44.162:4002 41.249.221.175:4002 41.249.226.124:4002 # Reference: https://www.virustotal.com/gui/file/cb8adfac9e06f9aa3109fde4c53f806d60edae784143ced07c9841daba9c0fc1/detection 196.89.50.55:4002 196.89.55.177:4002 196.89.43.40:4002 196.89.46.65:4002 # Reference: https://www.virustotal.com/gui/file/66832314fbd0aecef8c16574c9567fec5620293d49790b7055de02d2e15204d9/detection 196.89.43.40:4000 196.89.50.55:4000 196.89.55.177:4000 41.249.221.175:4000 41.249.226.124:4000 # Reference: https://www.virustotal.com/gui/file/bb5ae93988a0199478a7e2c769b875d7678f78081215c9c079c863815352c640/detection 196.89.40.246:4002 # Reference: https://www.virustotal.com/gui/file/44db508d7c674b0b96fa7a4796bc01e4da32fdc11267f09eb2b8e1dbb324c6cc/detection 196.217.81.13:4001 myonlinehost.ddns.net # Reference: https://www.virustotal.com/gui/file/bc2ace5bb2a20cf26a126c242bb9006b48c95bec77fd3f874643445a64865eda/detection 160.178.234.154:4001 # Reference: https://www.virustotal.com/gui/file/fb4436405d4bf8b0052e6095f2ff02a63af9632711060e39cee78b26b8cf5601/detection 160.177.252.233:4460 160.177.254.197:4460 160.178.235.55:4460 196.65.65.154:4460 196.65.71.111:4460 196.89.50.55:4460 41.249.221.175:4460 41.249.226.124:4460 41.249.230.153:4460 41.249.230.96:4460 # Reference: https://www.virustotal.com/gui/file/50cb0e371c71d509443f75d3f5fee467f1a2131bb98246a0e3417d7510de531f/detection 160.178.234.154:4001 196.89.40.246:4001 196.89.50.55:4001 196.89.55.177:4001 41.249.221.175:4001 41.249.226.124:4001 # Reference: https://www.virustotal.com/gui/file/4b189cbdd14cd5f1115a56b5f4763c0c48e34e4ec4a74b86c51bb08fae479287/detection 160.178.232.91:4002 196.89.41.208:4002 196.65.70.140:4002 196.89.51.189:4002 196.89.41.25:4002 196.65.64.3:4002 # Reference: https://www.virustotal.com/gui/file/f525a2745b4e6c872c1af17538ad0473c09879a9c01f7369f793cd9d17f7d2b8/detection 105.66.134.131:3373 160.178.77.89:3373 196.64.141.227:3373 196.65.66.75:3373 196.65.67.97:3373 196.89.43.99:3373 95.213.195.71:3373 uploadp2p.publicvm.com # Reference: https://www.virustotal.com/gui/file/02931700b5df0e8b5a903f05973d2339376536d6962b91916740e6b0e2846875/detection 105.155.224.13:3373 105.155.230.108:3373 105.155.231.127:3373 160.178.77.89:3373 196.65.64.3:3373 196.89.41.25:3373 196.89.55.120:3373 41.249.226.231:3373 # Reference: https://www.virustotal.com/gui/file/6808ee4cb7bd55918041655208565058301c35aade169e7909934d81409aac3f/detection 160.177.249.119:4000 160.177.249.129:4000 160.178.232.91:4000 196.89.40.246:4000 196.89.41.25:4000 196.89.51.189:4000 # Reference: https://www.virustotal.com/gui/file/be898794eecb54b42cbc7cf4d869a56924d90e1b55291892d8c1785466753b26/detection 196.65.64.3:4000 196.65.70.140:4000 196.89.41.208:4000 196.89.41.25:4000 196.89.45.159:4000 196.89.51.189:4000 41.249.231.72:4000 # Reference: https://www.virustotal.com/gui/file/9ef42a59e2a5d58d00496c5a3bb59c6de7133c7b6bc33d26a5ef324699685625/detection 105.155.230.108:4460 105.66.134.131:4460 160.178.77.89:4460 196.65.64.3:4460 196.65.67.97:4460 196.89.55.120:4460 41.249.226.231:4460 95.213.195.71:4460 # Reference: https://www.virustotal.com/gui/file/de2b0fa4ebb5d1ca8f69c55abe09fe238cfef6d308ff89047710faa1545cf40e/detection 160.177.249.119:4000 160.178.232.91:4000 196.65.64.3:4000 196.89.41.25:4000 196.89.51.189:4000 # Reference: https://www.virustotal.com/gui/file/248eaeaf4ad9224ea7518a7b411e8ec53c70fa27289b784af21c3f55f0fbefa6/detection 160.177.249.129:4002 160.177.249.119:4002 196.89.51.189:4002 196.89.41.25:4002 196.65.64.3:4002 # Reference: https://www.virustotal.com/gui/file/40c057a96c863f12249fb5ef3650d6cd7473850a36ad6a4bd15c3bcf272e17f3/detection 105.155.231.127:4000 105.155.230.108:4000 105.155.230.86:4000 105.158.131.238:4000 105.66.134.131:4000 196.65.66.75:4000 196.64.141.227:4000 # Reference: https://www.virustotal.com/gui/file/99bd3a9da47bbf1aac0538c2fa83168ef5889c1bfdfe4eac9051f59c4ddee7dd/detection 105.155.229.136:4000 105.155.230.108:4000 105.155.230.86:4000 105.155.231.127:4000 105.66.134.131:4000 160.178.77.89:4000 196.64.141.227:4000 196.64.142.200:4000 196.65.66.75:4000 41.249.226.231:4000 41.249.228.223:4000 41.249.228.50:4000 # Reference: https://www.virustotal.com/gui/file/e7c29cc951938fa93a489af0b5df2b631b4c3757d6fc59794d3cf0a3dbb3b26c/detection 105.155.227.135:3372 105.155.230.108:3372 105.155.230.86:3372 105.66.134.131:3372 160.178.77.89:3372 196.217.86.98:3372 196.64.141.227:3372 196.64.142.200:3372 196.65.67.97:3372 196.70.241.73:3372 41.249.226.231:3372 41.249.228.223:3372 41.249.228.50:3372 95.213.195.71:3372 # Reference: https://www.virustotal.com/gui/file/1381ed889f1f7ced731bf98c6506ee7c8745a2bd91b18e219810d6ef245693a3/detection 160.177.249.129:3372 160.177.251.137:3372 160.177.254.197:3372 160.178.232.91:3372 196.65.64.3:3372 196.65.70.140:3372 196.65.71.111:3372 196.89.40.246:3372 196.89.41.25:3372 196.89.43.40:3372 196.89.46.65:3372 196.89.50.55:3372 196.89.51.189:3372 196.89.55.120:3372 196.89.55.177:3372 41.249.219.67:3372 41.249.221.175:3372 41.249.223.158:3372 41.249.226.124:3372 # Reference: https://www.virustotal.com/gui/file/3c7d55e5482a13e7b2c21d6b35af5c574f222ec34729d7715ffee0be9a51e511/detection 105.155.227.135:3372 105.155.229.136:3372 105.155.230.108:3372 105.155.230.86:3372 105.66.134.131:3372 160.178.77.89:3372 196.64.141.227:3372 196.64.142.200:3372 196.65.67.97:3372 196.70.241.73:3372 41.249.226.231:3372 41.249.228.223:3372 41.249.228.50:3372 95.213.195.71:3372 # Reference: https://www.virustotal.com/gui/file/11fd40aa222d61eafe021018fdb2c05125cfcfb78f837de9a51524d9378695b5/detection 105.155.224.13:4007 160.177.254.155:4007 196.217.80.35:4007 196.217.81.158:4007 196.65.64.3:4007 196.89.41.25:4007 196.89.55.120:4007 41.249.217.55:4007 41.249.228.208:4007 95.213.195.71:4007 # Reference: https://www.virustotal.com/gui/file/05039bf9e7d4a7bcc785e33e0021de332a4d9c5c58839b9bf26caa8a436c85e1/detection # Reference: https://www.virustotal.com/gui/file/9d2895281a3a5d4e0958489fac99a8ee051abd844f9fe7c3141f73aabce10337/detection 105.155.224.13:4002 105.155.226.17:4002 105.155.230.108:4002 105.155.230.86:4002 160.178.77.89:4002 196.65.66.119:4002 41.249.228.223:4002 95.213.195.71:4002 # Reference: https://www.virustotal.com/gui/file/2ccb6ef611069c54d871511bd1e33cca46728a7db50219a4f85aa7be8b4fe7eb/detection 105.155.226.17:3371 160.178.234.66:3371 196.65.69.35:3371 196.70.241.73:3371 41.249.230.79:3371 # Reference: https://www.virustotal.com/gui/file/b570c097654a62c817d68e98ab31aa746f658f78ebfb76730d6c37984875da9f/detection 105.155.226.17:4002 105.155.229.136:4002 105.155.230.108:4002 105.155.230.86:4002 160.177.249.129:4002 160.178.232.91:4002 160.178.234.66:4002 196.65.64.3:4002 196.65.70.140:4002 196.70.241.73:4002 196.89.41.25:4002 196.89.51.189:4002 196.89.55.120:4002 41.249.227.142:4002 41.249.228.223:4002 # Reference: https://www.virustotal.com/gui/file/afccfcac4f5dae3ca78175a89f6547aadb7a68545869ce4a360c92b413134b47/detection 105.155.226.17:3371 105.155.226.77:3371 105.155.229.136:3371 105.155.230.108:3371 105.155.230.86:3371 160.178.77.89:3371 160.178.79.121:3371 196.64.142.200:3371 196.65.66.119:3371 41.249.217.195:3371 41.249.227.142:3371 41.249.228.223:3371 # Reference: https://www.virustotal.com/gui/file/54793888d8b74abd70c1295ae47c12fdce40a3b2ef18765d65d2d0c6f9622536/detection 105.155.230.189:4002 105.158.129.159:4002 196.65.69.35:4002 196.70.241.73:4002 41.249.230.79:4002 # Reference: https://www.virustotal.com/gui/file/717b7c78fb6ebd1aac06980f67a9bf94b96d7d6bf14b5328731fef52a0fe14ef/detection 105.155.226.17:3372 105.155.226.77:3372 105.155.229.136:3372 105.155.230.108:3372 105.155.230.86:3372 160.178.77.89:3372 196.64.142.200:3372 41.249.227.142:3372 41.249.228.223:3372 # Reference: https://www.virustotal.com/gui/file/35ecdc494305837f38b678956b160ba3de4cfb260553e47c17755af5416ab87a/detection 105.155.226.77:4002 196.64.142.200:4002 # Reference: https://www.virustotal.com/gui/file/81f55826f4541c2d1e623a4fcb9a55a70d4cc057428756c737513c2b2f086291/detection 105.155.226.77:4000 # Reference: https://www.virustotal.com/gui/file/e6647d037b51fe5e26055ee1496df40d854dc64fa897b46e105df62a2a34eaf6/detection 105.155.226.77:4001 160.177.249.129:4001 160.178.232.91:4001 196.65.70.140:4001 196.89.40.246:4001 196.89.43.40:4001 196.89.46.65:4001 196.89.50.55:4001 196.89.51.189:4001 196.89.55.177:4001 41.249.221.175:4001 41.249.226.124:4001 # Reference: https://www.virustotal.com/gui/file/c9a58b137fcbda78525495823cc1b1d0f7f9f88c11a27eec66a16cc62811ff8e/detection 105.158.129.159:4460 160.178.234.66:4460 196.65.69.35:4460 196.70.241.73:4460 # Reference: https://www.virustotal.com/gui/file/9930576949a7472362fce43cc3f996633042bd20b508d52a41c917577b3a4b3c/detection 196.65.70.67:4002 # Reference: https://www.virustotal.com/gui/file/da5fdb2ca2be404745c7eec68301eaaeaf3c4f98b553f56b31f118cb46a4f2c5/detection 41.249.229.6:4002 # Reference: https://www.virustotal.com/gui/file/54194670dec3ccfb8668eadb27d4da7b0607a4996c3068e9d09460e6947f9a5f/detection 160.177.251.137:4460 160.177.254.197:4460 196.65.71.111:4460 41.249.217.195:4460 41.249.219.67:4460 41.249.223.158:4460 # Reference: https://www.virustotal.com/gui/file/3dd449de9c928fff3f9ba549e277a948e9ac9f78365d51194b76b5df8154f979/detection 160.177.250.49:3371 160.178.235.186:3371 # Reference: https://www.virustotal.com/gui/file/6cb6da21a82c683ba6dae3c0dc2555c84f4e2ae58abc44ec78ecc33cf5c11fb1/detection 105.155.226.17:3372 105.155.226.77:3372 105.155.229.136:3372 105.155.230.108:3372 105.155.230.86:3372 160.178.77.89:3372 196.64.142.200:3372 41.249.227.142:3372 41.249.228.223:3372 # Reference: https://www.virustotal.com/gui/file/6708d4e3d2fe4de6563040773f3215ef3a80df1fd749175d4654bd56cd27f22e/detection 79.134.225.74:8483 cj2019.duckdns.org # Reference: https://www.virustotal.com/gui/file/fc34c068c8d2d9a777ac1f03263da941024bf10b4df420e82654ab209106d8fe/detection 79.134.225.74:3852 kw9d02.duckdns.org # Reference: https://www.virustotal.com/gui/file/20745f56ca058402d74712f2adac44d6ec878bd494d4742463a87e60c5e31f16/detection 79.134.225.74:8290 bobkenol.myftp.biz # Reference: https://www.virustotal.com/gui/file/d86788a980d159dae9b79a7dd0d0e4295b2a89634389d3e037c64c57d3df37db/detection 79.134.225.74:7543 # Reference: https://www.virustotal.com/gui/file/51adedc190439ffc2a2129e2515a1d607b1155d9faea327647d2526098ba8c85/detection 79.134.225.74:7688 # Reference: https://www.virustotal.com/gui/file/9ff9061609762232ffad6afa7f19c4f30ed3aedfff1cf6b87559f486cceedb08/detection 79.134.225.87:3360 back12ntw.duckdns.org # Reference: https://www.virustotal.com/gui/file/fa6bd1fbca51132f332fa3f6e1350366e3de9a7a26511b7577ae3bb5f95c23f4/detection 79.134.225.87:38992 # Reference: https://www.virustotal.com/gui/file/27bc75fb4e7548a70537c396ef1776a11cae7e7bccb6549fc3d5b777aa67c44b/detection 79.134.225.113:3636 dnss.surrati.me # Reference: https://www.virustotal.com/gui/file/d3c4f33e2c537c50e64d7f03110ee67ac4b75996e0945e227a774fecb9c40dc5/detection 79.134.225.113:2556 # Reference: https://www.virustotal.com/gui/file/01fe7838d971a668e602e176bde1de4bbb74146d00c515a6f9e1bd5e5206a70c/detection 79.134.225.97:6973 # Reference: https://www.virustotal.com/gui/file/f003d02ca28dbecfbffed0c7ae263ac2262d6a822e9f048351e8f5df9a84b2df/detection 79.134.225.97:4000 # Reference: https://www.virustotal.com/gui/file/da040ef248d01dfa7d50e1c78e1fd0c6963fe218cde0d3021ad9b4aabc58a637/detection netnet2.dumb1.com # Reference: https://www.virustotal.com/gui/file/f24560ef711ca1645ac09e7a3fba09651c0fb78630ebea7d08ade9fff6dbe774/detection 178.124.140.145:3467 kydeliss.ddns.net # Reference: https://www.virustotal.com/gui/file/7fa8c318e285715091a907eb6a8f667e178f056779b303876ffc3c852e9a6805/detection 178.124.140.145:1000 info2.myq-see.com # Reference: https://www.virustotal.com/gui/file/6836f63b647319ea9122c7cb7170deced0ea5be098849eb11676e3c49e50f11b/detection adventchurch.myq-see.com # Reference: https://www.virustotal.com/gui/file/b8b1fbfde964019284757905236f43990e15d8e6f59040776ce239956ad0424c/detection 178.124.140.145:8200 # Reference: https://www.virustotal.com/gui/file/53d3b10eda0ef72377fb30f6f3eaf5e2892d8c1af65f56658f36e689569d3d08/detection 178.124.140.138:18018 178.124.140.145:18018 # Reference: https://www.virustotal.com/gui/file/02dbaafb6b7cc8b3f7b599be3350bac741f749caf3dd6db242277effb5d50b27/detection 129.56.77.84:18018 # Reference: https://www.virustotal.com/gui/file/964cb20d6286e5b20ae413cc356815345245748e5e623bac9281ea634e964595/detection 178.124.140.145:9955 # Reference: https://twitter.com/MBThreatIntel/status/1240353328271200257 # Reference: https://www.virustotal.com/gui/file/c9fa7ba9ae9c20373f723ae4cdfacb18053c42d38fa31dc1fb52cfffa2e9297a/detection 91.193.75.137:5770 ihracat.myq-see.com # Reference: https://www.virustotal.com/gui/file/1b15ef17ccb1a99c3953f61de01ebceaeef2277b3b5939408050dc7c1010d1bb/detection 172.93.128.50:5770 # Reference: https://www.virustotal.com/gui/file/b3a3fc0f34e9a1740c9970b717fcb20565dce3f04051d22f61f5c4bd567c13e6/detection 185.244.30.125:6655 virg.ddns.net virg.dynu.net virg16.dynu.net # Reference: https://www.virustotal.com/gui/file/c2a5091f17f0fcbf23bf5a8867cce1bba1c67cefdc62e48a9fd9fa39b31e0063/detection dmjones.myddns.rocks dmjones2012.ddns.net # Reference: https://twitter.com/killamjr/status/1241820168965120000 # Reference: https://app.any.run/tasks/39c21f68-da79-4888-9050-a4f86659d86c/ # Reference: https://www.virustotal.com/gui/file/d25047642597b3ac59ee77cd32974e2fb1711eab09bf73a9a81b199357a450ce/detection 91.193.75.139:2882 ahmado.duckdns.org # Reference: https://www.virustotal.com/gui/file/42af576a4a239a13a05007bdd1eea86bcbf7b13dc7c9b0cf07d74d8710be15ec/detection 185.17.1.213:1975 # Reference: https://www.virustotal.com/gui/file/52b10560310453dc91237e135b8c4809830cc577214d6b570623a45ebc00e618/detection 178.124.140.144:2010 # Reference: https://www.virustotal.com/gui/file/8fc4c90a5fca87bd9e349016aa8ed041211553060348c25719490461281c2b26/detection 185.19.85.158:2010 # Reference: https://app.any.run/tasks/c1f64942-635a-4bb5-8fa1-f1a9520178fa/ bvdgfsdwsdfxc.ug # Reference: https://www.virustotal.com/gui/file/c09ed67f8657fdd590a493d5d8ebdfaaa1437ddbaf3b23e4ef38b363482bf66a/detection 178.124.140.144:3465 kyelines.ddns.net # Reference: https://www.virustotal.com/gui/file/e7049202bc47a73f45b6afa00dfc24a1a73e4dce65a581a5a0012ac4b40eee09/detection 204.16.247.187:3465 # Reference: https://www.virustotal.com/gui/file/5ad96bd3b15f6c2714376922833641f0f4627d341362a11077869872964edb29/detection 84.38.134.118:3465 # Reference: https://www.virustotal.com/gui/file/423912db90614b34b7205595d44ed735837d451c451d3bc96ddaca14f6e5275b/detection 216.170.114.99:42221 79.134.225.88:54361 # Reference: https://twitter.com/malware_traffic/status/1242966785462349824 # Reference: https://www.malware-traffic-analysis.net/2020/03/25/index.html # Reference: https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/ 185.163.47.168:2020 185.163.47.168:2121 185.163.47.213:2020 185.163.47.213:2121 # Reference: https://www.virustotal.com/gui/file/f12113dfd58eebfc534a60d5b4d095f9bd6e1c4631fc2e15fa74e6b769dda6c0/detection 185.165.153.90:4007 chance2021.ddns.net # Reference: https://www.virustotal.com/gui/file/75d8c92a1aa8055162e0842c5bb23bb882c0cfda9849f07c097a4c6aee1a0f51/detection 193.26.21.80:4007 # Reference: https://www.virustotal.com/gui/file/66c3a9ef561d6dc15f738cbb8b177ed717d7d5d127c127c5f661204ad66ed12c/detection ja3bassa.hopto.org # Reference: https://www.virustotal.com/gui/file/dcb381598b3088eaa450b017801f89096f0c53604ade50dfdf097a367a35e70f/detection 79.134.225.122:4990 # Reference: https://www.virustotal.com/gui/file/cf6205ee7ac59a90e9de24bcd97bfbd11c6f7a99962b54db3816eebaf5bc7cdd/detection 79.134.225.122:4223 # Reference: https://www.virustotal.com/gui/file/f68f7df55b143fdb2e9e761e33ff3c64513404e867e8c06daa8cd5ca14461c14/detection 79.134.225.122:6770 # Reference: https://www.virustotal.com/gui/file/946b903a580767016f5a8b3366576ac6da9b82ed41008ff7464cd42565b342b5/detection 109.202.107.20:36758 xtreecy.dvrdns.org # Reference: https://www.virustotal.com/gui/file/78399954e139758a3dbfb522cdbe3c63fd0236c4e187c10393c424c3d661690b/detection 213.152.162.74:36758 # Reference: https://www.virustotal.com/gui/file/0669fcac48fade8c583b8943e710069b6e97a9368fdcb2ee01673455bced7231/detection 194.187.251.91:36758 # Reference: https://www.virustotal.com/gui/file/f741f1179954183efe0950798f676cf5e42b4e7a8505d54a3d9d90327318ea71/detection 192.169.69.25:3369 79.134.225.101:3369 # Reference: https://www.virustotal.com/gui/file/d9ee98a167288a3d20ad9a5931b0a206a35b77e9f3c76585bad1fb70366cdc56/detection 79.134.225.114:3369 # Reference: https://www.virustotal.com/gui/file/484bfe3c861a7fcaa292b2071b68ccc45d883fd2c8cbb190e487aa8c809b01aa/detection 79.134.225.110:3369 # Reference: https://www.virustotal.com/gui/file/e28491eef2673968c622581204fb288c1140639e3f9eea535a9c916118db409f/detection 79.124.8.7:1986 # Reference: https://www.virustotal.com/gui/file/0ef62c8154df9f5e67c42372c4743650e5e68901b34ce48cab427e13051e0a36/detection 79.134.225.13:2058 ttnetsly.ddns.net # Reference: https://blog.talosintelligence.com/2020/04/threat-roundup-0410-0417.html (# Win.Dropper.NetWire-7662196-0) melissa23101.ddns.net # Reference: https://twitter.com/EmirErdogan1864/status/1255612487984205825 # Reference: https://app.any.run/tasks/f1d891d3-00eb-4605-b313-21086e588006/ 185.140.53.48:3369 office-services-labs.com # Reference: https://www.virustotal.com/gui/file/8b14213dae41efa679b4be65355dcf7835ad4394a284c55cf34a04e328d2b298/detection 78.159.131.80:3340 winupdaters.no-ip.biz # Reference: https://www.virustotal.com/gui/file/f9c1a667cb0745c4d568523a9a686d5d8932e8a223a90410927a886867f115ed/detection winenferno.no-ip.biz # Reference: https://www.virustotal.com/gui/file/f9abf61d90c33ec8fa8e4a037ddd9e4400596173c54aad0fa19a48cf26e861d6/detection perfectionatyma.hopto.org # Reference: https://www.virustotal.com/gui/file/23f7167b46b272a1d4c067fe7a6f8c0657ad59f09a5a24b936d69228563afa49/detection 79.134.225.72:1999 # Reference: https://www.virustotal.com/gui/file/65645aee251d74a6a6487d6b7ca4284544697b9fe30969f00514da269efa7353/detection 103.136.43.131:2323 # Reference: https://www.virustotal.com/gui/file/75c99193fdee6ad293d1c1250100e251a699f16d22f1cb9af6491ad078d4d8b7/detection ethelmassingale.hopto.org # Reference: https://www.virustotal.com/gui/domain/nawaoooo.bounceme.net/relations # Reference: https://www.virustotal.com/gui/file/3f860a8472db39208cde25ccc3b43bd10022dd2a152d7f6bf2861f9f7c7b52c4/detection 169.159.107.143:2016 169.159.111.91:2016 91.236.116.144:2016 169.159.107.143:5556 169.159.111.91:5556 91.236.116.144:5556 nawaoooo.bounceme.net olodumare.zapto.org # Reference: https://www.virustotal.com/gui/file/34a8fd73694ad6439775e7cc8e8414d72d24daa307ff1ec4ada1695990f879ca/detection 185.140.53.43:3122 # Reference: https://app.any.run/tasks/aaf44d43-302f-46fb-abf8-c4df0071def7/ 213.22.208.67:4444 steamguard1337.myddns.me # Reference: https://www.virustotal.com/gui/file/a0a4b054c0c1da1e1fb2394c7bc8a059d9dd78c136783ca0dba8f2b77c6b16de/detection gathering.ddns.net # Reference: https://twitter.com/reecdeep/status/1262339682135937026 # Reference: https://app.any.run/tasks/1082d639-d467-4de4-9364-dc78fe50d2e5/ 185.140.53.48:8808 cloudservices-archive.best # Reference: https://twitter.com/JAMESWT_MHT/status/1263395490491744256 # Reference: https://app.any.run/tasks/8b70075b-1dfc-4265-b9d6-6455dada3d21/ 185.140.53.48:7797 malwrhunterteam.duckdns.org mhteam-lame.best moonshine-mht.best # Reference: https://twitter.com/JayTHL/status/1263845769125265413 172.111.213.60:3361 # Reference: https://app.any.run/tasks/422df50c-7da3-4709-9b5e-0c4277806a42/ 185.19.85.165:1432 # Reference: https://yoroi.company/research/new-cyber-operation-targets-italy-digging-into-the-netwire-attack-chain/ # Reference: https://otx.alienvault.com/pulse/5ede47c29bcc77132bbfdf98 cloudservices-archive.best # Reference: https://twitter.com/reecdeep/status/1271357083338883075 # Reference: https://app.any.run/tasks/08983831-f175-4d6f-b207-bcb8baf52497/ 94.23.29.132:5566 sanchezemergycorp.com # Reference: https://twitter.com/JAMESWT_MHT/status/1271441948084240384 # Reference: https://app.any.run/tasks/31cf4a6e-1cdf-4631-be8f-a358ecb08e58/ 179.43.166.61:6262 webalibba21.net # Reference: https://www.virustotal.com/gui/file/50500fac024094acc9af319d262fc47f421e45a02b0b1daaa177896c16405e8b/detection 185.140.53.247:8180 # Reference: https://www.virustotal.com/gui/file/433573407b15181a9ce1d5ad98f1c684e6ed9d2deb2c7ff89319e4806d11bdcf/detection 185.140.53.247:8280 # Reference: https://twitter.com/reecdeep/status/1272464515544776704 # Reference: https://app.any.run/tasks/9517e2fd-2508-4d06-a21a-a83c4dfcf8ab/ # Reference: https://app.any.run/tasks/10dead0b-7316-4ec4-98be-b7f7e9cf8276/ 79.134.225.21:3369 brutecleaner.com # Reference: https://www.amnesty.org/en/latest/research/2020/06/india-human-rights-defenders-targeted-by-a-coordinated-spyware-operation/ # Reference: https://otx.alienvault.com/pulse/5ee7b877b8ca9dfee4d2b6b9 duniaenewsportal.ddns.net researchplanet.zapto.org socialstatistics.zapto.org # Reference: https://www.virustotal.com/gui/file/84fdf30c592687b045307f140d572bb8ccafbd09badeb1519d4bfb4f9ce461b3/detection otunba0099.ddns.net # Reference: https://www.virustotal.com/gui/file/0d96525e8bb2a94dcb9c45293fc973d91495baa4063c7400d7f613addb6557f7/detection jamesanderson68986.ddns.net # Reference: https://twitter.com/reecdeep/status/1276078753081417730 # Reference: https://twitter.com/JAMESWT_MHT/status/1282996297470021632 # Reference: https://twitter.com/peterkruse/status/1283000280934735875 # Reference: https://twitter.com/JAMESWT_MHT/status/1283384131188133889 # Reference: https://app.any.run/tasks/0c95e1d5-ea49-4357-ba68-9fd1de935ee3/ # Reference: https://app.any.run/tasks/5da55373-a1b5-47f9-b04b-b72d25c15fa8/ # Reference: https://www.virustotal.com/gui/file/af93c0bf13f17b6e322da9a2464609f5f5d68c12c6e75e21fe83d20dbaef87d2/detection 79.134.225.43:3396 spacemantra.biz bk180320000.duckdns.org borspost1.duckdns.org crimea-kremlin.duckdns.org kremlin-crimea.duckdns.org kremlin-turbo.duckdns.org miamijr.duckdns.org suka-blyat.duckdns.org sukablyat.duckdns.org # Reference: https://app.any.run/tasks/fc0debe2-8d89-44bc-bfcc-e4cf9b0655b3/ thompson.ug vbchjfssdfcxbcver.ru # Reference: https://twitter.com/James_inthe_box/status/1281569740729708544 gold1.dnsupdate.info # Reference: https://blog.talosintelligence.com/2020/07/threat-roundup-0703-0710.html (# Win.Malware.NetWire-8479400-0) love82.duckdns.org # Reference: https://www.virustotal.com/gui/file/036f04fc85c6cc8caca32c566f4a2aee4f4ad4cce00c0a4ebd9112f85368ac85/detection 155.94.198.169:9112 # Reference: https://www.virustotal.com/gui/file/1e6d47ac18e7c16a5f571902cff878c7842bfc73f050e1f980b75f2c12d03852/detection 185.140.53.124:9112 poundsdollars.ddns.net # Reference: https://www.virustotal.com/gui/file/28529681a3da2ecdcfe8e1634564c473e94825dc2c316712da3ac33a8f1ef80b/detection 185.140.53.146:9112 netwire-pounds.hopto.org # Reference: https://www.virustotal.com/gui/file/fb2dcc16a32189ad8cbdd7fcd3cda3113a646269d64d2519fa862f2320702dab/detection netw.no-ip.ca # Reference: https://www.virustotal.com/gui/file/be208d2e5b568c89ee72d6a779c161c1f761eec7b269529c18bcc161400c9cfd/detection 155.94.198.169:1990 pounds-dns.duckdns.org # Reference: https://www.virustotal.com/gui/file/cbba9144dd21eadc46f75de289c4837c623c26ee984cbb9924154b0f52bc646f/detection 172.94.59.115:23850 fx02.ddns.net # Reference: https://app.any.run/tasks/ef7fc518-13da-4918-99f1-8898031d23da/ 79.134.225.27:3360 kskent.dynu.net # Reference: https://www.virustotal.com/gui/file/0bc4ff673aa63c773ab39531147e2883c623d93bb3995a4de436bfa0610605de/detection createluma3.hopto.org eluma102.hopto.org # Reference: https://www.virustotal.com/gui/file/b974608d2f3c10c3c961646fe22f6388bfdd0aabb6bc3e85042667ee3c2a9cc1/detection 95.140.125.119:3357 95.140.125.119:3358 # Reference: https://www.virustotal.com/gui/file/4cf75e03bd6d98e4093b6b439e378a80bfa235f2673962d67ae0a6fc96cca730/detection 77.74.194.214:8858 # Reference: https://www.virustotal.com/gui/file/8f8a67db574a8ff42179d13c6d731f2e65bab18724015f0a7b83b4b34ae5108f/detection 77.74.194.238:8858 # Reference: https://www.virustotal.com/gui/file/986c49f823422890038f562d3f01c34eb2a3d96775df8d92da9d817da96086eb/detection 79.134.225.103:8858 # Reference: https://www.virustotal.com/gui/file/bb32f569dd5cdbdf6ae7feb2c71d3c74c1eda787f904533cc50013793b54d340/detection 91.193.75.69:8858 # Reference: https://www.virustotal.com/gui/file/c8dd8ecca1a50c7254a6e31af65ef7173e16b6d935e39bd1d3982df53f487565/detection 194.5.97.77:8858 # Reference: https://www.virustotal.com/gui/file/1280142355de2e5f113a8977e1367cd3bf646ec1dc791f1342f15df904572f42/detection # Reference: https://www.virustotal.com/gui/file/ae5890586eabcbe3e041b8d02cc0fb8eb38e3eeeecefb44be07d0703ab4cd793/detection 146.112.61.108:4772 185.244.31.215:4772 ml.warzonedns.com # Reference: https://blog.talosintelligence.com/2020/08/tru-0731-0807.html (# Win.Dropper.NetWire-9164792-0) felceconserve.com grupocava-mx.com ithbault.com noch419.myftp.org noch419.zapto.org nonny3000.ddns.net nony3000.ddns.net pornhouse.mobi prensoland.ddns.net sender455.ddns.net # Reference: https://www.virustotal.com/gui/file/f24d61e845e7932ddb9248ccd85c09c3d35b7858746ef465596b2251f43df978/detection 185.244.30.27:3535 # Reference: https://www.virustotal.com/gui/file/ac20dd77536ac78dafc46a8e7161335b88fa0de7cf8737e20e4d0cf6ff4e168b/detection 45.137.22.90:7777 quikview.app # Reference: https://twitter.com/reecdeep/status/1294156786379788291 # Reference: https://app.any.run/tasks/b2a10fd5-fdf3-4f21-a589-bb9dd539df4f/ 161.129.65.142:3990 owo.myftp.biz # Reference: https://www.virustotal.com/gui/file/54b413924822f234e57068aa988d0461fb4d1a7a517421e121f0447ae9d87f1e/detection 185.62.189.133:3074 # Reference: https://twitter.com/JAMESWT_MHT/status/1298966627900424192 # Reference: https://twitter.com/Racco42/status/1301073616667279361 # Reference: https://app.any.run/tasks/a9a19496-1fb3-4636-9f5e-b05f32cfef64/ # Reference: https://www.virustotal.com/gui/file/022d643cebcf1c557aa5c93125fa9696009710bb837c8d23034f87055e392772/detection 192.210.149.46:1777 alkaline.publicvm.com # Reference: https://www.virustotal.com/gui/file/a715a6693137085afaf486b54cac1653b19685bc5f79ed03afbbe818a4df2dc7/detection # Reference: https://otx.alienvault.com/pulse/5f5a1676f5c55d48b15054e7 192.121.82.142:4598 servr.plzbanif1abused.xyz # Reference: https://www.virustotal.com/gui/file/b8986fa75dc759df88306ea85e037d09765da9e383b2f092b6da6d5a5bb6cc87/detection 185.165.153.140:2340 rich4eva.ddns.net # Reference: https://www.virustotal.com/gui/file/34d1451c8ac71d3eb9582092492d4b50a4202b962d8a7cff5cce9c93823aec5d/detection macapslafg.ug perrymason.ac.ug