# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket, jRat

# Reference: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-rat

euforiafryz.pl
pepepepe.myvnc.com
millzjsocsingwi80gm.duckdns.org
milzwiregma.no-ip.biz
edebiyazarlar.com
kulturatesesi.com

# Reference: https://malwr.com/analysis/MjAwMGIwMmU0Y2Q4NDkzOGExOTRhNDQ5YWY1ODkxZGI/

uploadp2p.publicvm.com

# Reference: https://otx.alienvault.com/indicator/file/72ccbfa43b24d291ff34941ef3a61c61016650189125221ef769a910b02878e3

repair.sytes.net
cvpimddvt.sytes.net

# Reference: https://abuse.ch/downloads/blog/adwind_domains_20170828.txt

1323.dvrcam.info
1329.mypsx.net
1330.ddnsking.com
1331.ddnsking.com
1332.bounceme.net
1333.hopto.org
1990.nflfan.org
1suser.ddns.net
2016today.duckdns.org
2112.bounceme.net
achyne.publicvm.com
alienware.ddns.net
alienware-pc.loginto.me
amarachi.hopto.org
amazongifts.ddns.net
artwell8.hopto.org
asderman.no-ip.org
asiatravelagency.ddns.net
asorock.mooo.com
benx234.ddns.net
blackhills.ddns.net
blast.ddns.net
bombing212.ddns.net
bomira.ddns.net
carlos88.ddns.net
carlosluize88.zapto.org
cartolarepresentacoes.com.br
charlesdukem.chickenkiller.com
chikazz.ddns.net
chriswork999.ddns.net
chuksthedon.duckdns.org
cjpufffy.hopto.org
code203.ddns.net
coneptor.qarallax.com
controlx.ddns.net
controlxx.ddns.net
dam5i6.linkpc.net
davvid3948.ddns.net
dehaizegroup35.hopto.org
dev.null.vg
dnso.ddns.net
doingtracks.duckdns.org
donaldroberts2014.duckdns.org
dongabby.hopto.org
donmark22.myddns.rocks
donsea.hopto.org
dubaiexchange.dynu.net
ekehken.myddns.rocks
ellatrujillo.com
eni-procurement.info
essztednsbk.ddns.net
exporttaipei.publicvm.com
express4.dynns.com
faridaminmohamm.hopto.org
fetch.duckdns.org
ghostmoney1.hopto.org
ghostmoney2.ddns.net
ghostmoney3.dnsdojo.com
goodjob88.ignorelist.com
googlemapsup.ddns.net
guvencingiller.com
gw1001099.chickenkiller.com
gw1001099.duckdns.org
gypsypy.duckdns.org
hajimusa.ddns.net
importloggm.duckdns.org
indominestuff33.hopto.org
infocolornido.publicvm.com
infotradelinks.ddns.net
isaijra52elizgewigm.duckdns.org
itumobig.ddns.net
jackboy7204.zapto.org
jaybrizzy.gotdns.ch
jbpreshandes5gm1906.duckdns.org
jeffe231.ddns.net
jeremizo888.ddns.net
jhomeland.ddns.net
johnevan227.ddns.net
jra52prealiyoundogm.duckdns.org
jry1234.ddns.net
jsoktin.sytes.net
justyjohnxplodes.ddns.net
kaycee7.ddns.net
kenxx.ddns.net
kingdon.dynu.net
kurtangle083.publicvm.com
lagos042.ddns.net
lashy.ddns.net
lastbornk1.ddns.net
lawpush.ddns.net
lcannex.ddns.net
macdanielo.hopto.org
manzorro.duckdns.org
mariopuzo.ddns.net
markowen.duckdns.org
markscot.ddns.net
mbolo2017.hopto.org
mickyjakey.blogsyte.com
moneyghost.ddns.net
moorexx.hopto.org
morggy11.ddns.net
mrcapable01.publicvm.com
mropera12.no-ip.biz
ms15hinet.publicvm.com
ninja-445.ddns.net
nono198011.ddns.net
nonomee2017.ddns.net
obi234.ddns.net
obi333.ddns.net
obilosgini.ddns.net
officebrighty.ddns.net
online1.mywire.org
onlything4now.ddns.net
ourjra52fullexchgm.duckdns.org
owen6000.hopto.org
palletbush.hopto.org
panini101.chickenkiller.com
pharhmonk1.hopto.org
phererol12.ddns.net
phone2347.ddns.net
pjizzy.hopto.org
pool0852.hopto.org
presjra52opdoxgm.duckdns.org
prince.hackermind.info
r00tshit.ddns.net
r00tziby.ddns.net
reversebaglanti.com
robbieadanfo.ddns.net
robinjmcca.ddns.net
ronytazz2121.ddns.net
scar231.zapto.org
securitypoint.ddns.net
selfmademan2.ddns.net
selfmademan.ddns.net
shadoweye1.ddns.net
shittu09.hopto.org
sidney212.ddns.net
sill.no-ip.biz
sinslave.damnitjim.xyz
softcode2017.hopto.org
songs.linkpc.net
steve654321.ddns.net
svchost.publicvm.com
talentino.ddns.net
teamoluwa.ddns.net
tonychucks96.hopto.org
tonystark001.publicvm.com
trustkemi.duckdns.org
unblocker.bounceme.net
unknowjbireestagm.duckdns.org
unknunon878.chickenkiller.com
vyperps.no-ip.biz
wallstsxer.hopto.org
wongchin11.ddns.net
workstation-spartan.ddns.net
www.creativeforwardings.cf
www.jrocketmassive.cf
www.malaika-jp.com
www.roofmantf.cf
xsubin3310.sytes.net
yadangz.ddns.net

# Reference: https://www.hybrid-analysis.com/sample/4f65cd98a90fc9ec7d8a5bb1087758f6c89251d365479c0c2429d023b6a732c2?environmentId=100

masterentity.cf

# Reference: https://www.threatminer.org/report.php?q=KL_AdwindPublicReport_2016.pdf&y=2016

11111111.noip.me
24rinces.no-ip.biz
abdav21.ddns.net
abudon1990.no-ip.org
abudon22.no-ip.info
abusite11.ddns.net
abyugos.no-ip.info
abyugos0.no-ip.info
achuprn.ddns.net
admin50.no-ip.org
admin8090.no-ip.org
admin90.no-ip.info
adolfo196938.ddns.net
agary917.ddns.net
aisulu.ddns.net
aisulu.ddns.net
ajeolokun.ddns.net
akwotie.ddns.net
albertfrankie.no-ip.org
alicejav777.ddns.net
alicejav777.duckdns.org
alien10socket.ddns.net
alien12socket.ddns.net
alien15socket.ddns.net
alien17socket.ddns.net
alien19socket.ddns.net
alien1socket.ddnsking.com
alien4socket.gotdns.ch
alien6socket.ddns.net
alien9socket.ddns.net
alwadwte.ddns.net
anglekeys.ddns.net
anthonywilkinson10.ddns.net
aptsite.ddns.net
audreysaradin.no-ip.org
avprojets.no-ip.biz
ayomide1.ddns.net
ayomide123.ddns.net
backconnect123.ddns.net
badmanthing.ddns.net
banban66.ddns.net
baronbreeze.ddns.net
barratty.ddns.net
basketmain1.duckdns.org
basketxrtz.ddns.net
ben770.ddns.net
benabangwu.linkpc.net
biafra147.ddns.net
biggestchurch.ddns.net
biggiechurch.ddns.net
biggymoney01.no-ip.biz
biggymoney03.no-ip.biz
biggymoney03.no-ip.biz
biggymoney2.no-ip.biz
blessingonblessings.dnsfor.me
blessingonblessings.ufcfan.org
bms123.twilightparadox.com
bongotedllc.no-ip.org
brownvictor.ddns.net
bsmarket.ddns.net
budapest.ddns.net
budapest89.hopto.me
bugattiboss.servehttp.com
bullgard.ddns.net
calito888.ddns.net
carlos1388.ddns.net
ceo.gotdns.ch
ceoceocompany.gotdns.ch
chadin.serveftp.com
chewc47.ddns.net
chiefonodugo.ddns.net
chima147.linkpc.net
chklagos.no-ip.biz
chris101.ddns.net
chriswoolmer00.no-ip.info
chriswork99.ddns.net
cjfitness.ddns.net
clemens.dynns.com
coralgroups.no-ip.biz
correctip.noip.me
crest01.serveftp.com
crest02.serveftp.com
crested01.serveftp.com
crested01.serveftp.com
damuk1.ddns.net
dave1033.ddns.net
dellboy11.ditchyourip.com
dellboy13.dnsiskinky.com
dellboy15.couchpotatofries.org
dellboy16.eating-organic.net
dellboy17.quicksytes.com
dellboy17.quicksytes.com
dellboy18.securitytactics.com
deprueba1.no-ip.org
deprueba1.no-ip.org
destinynnam.ddns.net
dish-darkcomet2.linkpc.net
divinee.no-ip.biz
divinemove.ddns.net
doingtracks.ddns.net
donhamza.no-ip.org
donorder.ddns.net
dsfgc.ddns.net
dydx69.ddns.net
egbowanted2js.ddns.net
egbowantedjs.ddns.net
egbowantedjs.fishdns.com
egede.no-ip.biz
egombute.duckdns.org
egombute.no-ip.biz
emekau2002.ddns.net
emenike.no-ip.info
escobar.serveftp.com
evanovik.ddns.net
ewillsin.ddns.net
father60.bounceme.net
felbankgmailjs.no-ip.info
felixres015js.zapto.org
felixresult.no-ip.org
filezilla.no-ip.biz
fingers.noip.me
flexyou.chickenkiller.com
floffman.linkpc.net
floffman11.no-ip.org
focusloa.ddns.net
francemaes15.duckdns.org
franklin49.ddns.net
frankwoodsales.ddns.net
froidthefucker.ddns.net
fulga01.ddns.net
gabito234.serveftp.com
galaxymoni.ddns.net
geogelewis90.ddns.net
georgea.serveftp.com
gist.no-ip.info
gmoneydns.duckdns.org
godwin231.zapto.org
godwin4real.ddns.net
goodloves.ddns.net
goods11.ddns.net
goooodymegma.no-ip.org
gta2.ddns.net
harry150.ddns.net
harryaleandro.ddns.net
hdllsy11.no-ip.org
hedie1979.no-ip.org
henrry747.serveminecraft.net
henrygalaxy.publicvm.com
herura.ddns.net
hisandu.ddns.net
holymoney.crabdance.com
hustler.no-ip.org
hydrabad-ur.ddns.net
ifeanyi147.ddns.net
igbankwuruns.no-ip.info
ike-jsocket.publicvm.com
importantloggmal.no-ip.biz
importloggm.duckdns.org
indologisticsltd.no-ip.biz
integralhcs.no-ip.biz
intergralhcs.no-ip.biz
iykeben00.no-ip.info
jacobjsockresyah.no-ip.info
jacobremittance.duckdns.org
jadoltd.ddns.net
jagas21.ddns.net
jamescage112.no-ip.biz
javgretest015.chickenkiller.com
jayson2j.no-ip.org
jcures.serveftp.com
jegs.ddns.net
jesus11.ddns.net
jgabi.serveftp.com
jidespa0024yahjs.no-ip.org
jiokekachi.ddns.net
jjsmits7.serveftp.com
joeban.chickenkiller.com
jonnybary.no-ip.biz
jry123.ddns.net
jsocserveronline.read-books.org
jsucket.hackermind.info
judalien.ddns.net
jupita10.ddns.net
just2015.ddns.net
justice.linkpc.net
justicebro.linkpc.net
justics.no-ip.org
justicsbro.no-ip.org
justmealone.ddns.net
justnd2001.no-ip.biz
justyjohnxplodes.ddns.net
jvaoluwade.ddns.net
kane2244.ddns.net
keithoffman25.ddns.net
kifego.servehalflife.com
kingsman.no-ip.org
kipapos.gotdns.ch
kissfromarose.ddns.net
klasik101.ddns.net
klydest.ddns.net
kokoman.no-ip.biz
kuom.ddns.net
lagostj.servebeer.com
lashsecurities.ddns.net
lawrex.publicvm.com
layziebone009.ddns.net
leonardomateus131.ddns.net
leosplint86.ddns.net
link2bros.ddns.net
link2bross.ddns.net
linsom05.noip.me
lisalove.myftp.biz
livesyn03.midexim.com
loandept227.ddns.net
loandept2281.ddns.net
logisticsltd.no-ip.biz
madman1.ddns.net
magabox126.ddns.net
mainlandbridge.ddns.net
manbks123.ddns.net
mariopuzo.ddns.net
mascott.ddns.net
masterchris211.ddns.net
masterchris221.ddns.net
mavado.serveblog.net
max1239.ddns.net
mcvin.corotext.com
mega123b.ddns.net
michael22244.ddns.net
mikey0147.ddns.net
mikkyserial.redirectme.net
millzjsoctrinwi80gm.duckdns.org
money12.from-ny.net
money12.from-ok.com
moneyboss.ddns.net
moneycee.ddns.net
moneymind.ddns.net
moore11.no-ip.info
morval.ddns.net
mrmoney.no-ip.biz
mropera12.no-ip.biz
mukor.ddns.net
munachim.linkpc.net
muratozkan.ddns.net
myifyboy.serveftp.com
mypres001.serveftp.com
myyveon.ddns.net
nbw09o.gotdns.ch
newbj.no-ip.biz
nickre015jsock.duckdns.org
nikresut015js.no-ip.org
nikresut015js.zapto.org
nklove66.no-ip.info
nonnykey.ddns.net
nono147.ddns.net
oba147.ddns.net
obaniko1111.ddns.net
obicharls.redirectme.net
officetartousi.no-ip.biz
ogawilli.collegefan.org
okoro.ddns.net
okpole123.ddns.net
okwychrist2004.gotdns.ch
olavroy4.ddns.net
olavroy44.ddns.net
omaricha.no-ip.org
ome.no-ip.info
onlything4now.ddns.net
onyechina.ddns.net
opendoors.myftp.org
otimmo.ddns.net
ottimo.ddns.net
otunba.ddns.net
panel2.collegefan.org
passmore1.publicvm.com
perfomiracles247.duckdns.org
peter123456.ddns.net
phcity2090.bounceme.net
philsa.ddns.net
plainview.duckdns.org
plainview.myvnc.com
pompin02.serveftp.com
ppppppp12.ddns.net
prince24.ddns.net
prince240.no-ip.biz
professor.myvnc.com
psarda.ddns.net
quaver.publicvm.com
rayman.ddns.net
reversebaglanti.com
rmg-20.ddns.net
roadmaster2013.ddns.net
rx450.ddns.net
salesexport.sytes.net
saleshore201.serveblog.net
sambahs.ddns.net
septt.dvrcam.info
serialcheck55.serveblog.net
settlement.ddns.net
shadowmek.ddns.net
shadowmekz.ddns.net
silverback.noip.me
smart12456.ddns.net
songs.linkpc.net
spa1dingdiljayah.no-ip.biz
star01.ddns.net
starboy.noip.me
starboy.ufcfan.org
stevemartins02.no-ip.biz
stitatn.no-ip.org
swift.ddns.net
tanwilliam.ddns.net
taraba111.gotdns.ch
tcheckk.ddns.net
tchecks.ddns.net
tetetes2222.chickenkiller.com
theman111.ddns.net
thisreason.ddns.net
tiwamade.ddns.net
toba123.ddns.net
tojaxx.ddns.net
tonychucks.chickenkiller.com
toolsoffice.ddns.net
tpalmer1955.ddns.net
trusplus111.gotdns.ch
ucnas2008.ddns.net
uniteknolog.ddns.net
uniteknolog.duckdns.org
upperway60.no-ip.org
upright2.no-ip.org
upright22.no-ip.org
uyu.webhop.me
valchijioke.publicvm.com
vasocserver.read-books.org
vaspakou.ddns.net
versionfive.ddns.net
vivipas.ddnsking.com
vmoney.ddns.net
web2016web.webhop.me
wellspring4life.ddns.net
whichway.ddns.net
willyd01.ddns.net
wlkd.myftp.org
workshopjs.ddns.net
workshopjs.fishdns.com
writtings.ddns.net
xsubin3310.sytes.net
ypfbackup.mylenovoemc.com
zivva007.ddns.net
zoee.noip.me
zubi009.serveftp.com

# Reference: https://twitter.com/Racco42/status/1053747018835869696

wellcomehome.duckdns.org

# Reference: https://twitter.com/Racco42/status/1097498140452810752

flexio.ddns.net

# Reference: https://twitter.com/Racco42/status/1106671338775814149

goldenshoe.ddns.net

# Reference: https://twitter.com/neonprimetime/status/958078465252712448

vvrhhhnaijyj6s2m.onion.top

# Reference: https://twitter.com/neonprimetime/status/993594473375588352

oluwadey231.zapto.org

# Reference: https://twitter.com/ps66uk/status/1097845468816687105

joewhizz.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1068534966898839552

godslove.ddns.net

# Reference: https://twitter.com/ViriBack/status/1089338471091712001

q9999.ddns.net

# Reference: https://twitter.com/malware_traffic/status/917487556455010304

103.68.223.153:6890

# Reference: https://twitter.com/VK_Intel/status/1079681130771689472

frontier222.duckdns.org

# Reference: https://twitter.com/_SecJesus/status/1016678994366877697

slimy.duckdns.org

# Reference: https://twitter.com/Ring0x0/status/900075907548839936

89.35.228.242:4781

# Reference: https://twitter.com/malware_traffic/status/790346116835385344

boscpakloka.myvnc.com

# Reference: https://twitter.com/MalwareConfig/status/693588665788932096

tobytori18.myftp.org

# Reference: https://twitter.com/MalwareConfig/status/644624264239415296

jvupdate.dynamic-dns.net

# Reference: https://twitter.com/Racco42/status/1116788270007037952
# Reference: https://app.any.run/tasks/c19017e3-75ec-4b45-ba4f-4f56bbf58ca8

185.244.29.102:2556

# Reference: https://twitter.com/MalwareConfig/status/931684471992135680

hard.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748754895767908352

vantira.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/748754830357700608

yosefmahmud95478.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/748754786917289984

erasmuspor.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1141347511694741505

waytoomuchparties1.com
fedex.itemdb.com
uspslabel.itemdb.com

# Reference: https://twitter.com/Bank_Security/status/1145935816650350593
# Reference: https://app.any.run/tasks/79248157-36f0-410f-8102-91614cc06dd2/

185.140.53.14:5050

# Reference: https://pastebin.com/S4ggik78

goodfellas2019.ddns.net
graceofgood.hopto.org
metalin.ddns.net
ogaemma.duckdns.org
richardavis.duckdns.org

# Reference: https://twitter.com/coderippers/status/1154036702152761345

saka1.ddns.net

# Reference: https://twitter.com/James_inthe_box/status/1160942568487567360
# Reference: https://app.any.run/tasks/127d99d5-3ee4-41cb-a26e-b9ae031a4112/

pluginsrv.duckdns.org
37.48.92.195:1350
67.207.93.17:7744

# Reference: https://twitter.com/de_aviation/status/1097547526763433985

checkogauzor.duckdns.org
dxyasser0.linkpc.net
flexio.ddns.net
goodattack.ddns.net
goodfellas2019.ddns.net
graceofgood.hopto.org
metalin.ddns.net
morelogs2019.duckdns.org
ogaemma.duckdns.org
richardavis.duckdns.org
slimmy1.duckdns.org
snopsd.duckdns.org
sukepatel101.ddns.net
unknownsoft.hopto.org

# Reference: https://twitter.com/reecdeep/status/1170984733511045121
# Reference: https://app.any.run/tasks/774e7417-ce26-4471-835a-6524b986dfcf/

79.134.225.83:7075
165.22.129.173:7756
galakhov.duckdns.org
pluginsrv1.duckdns.org

# Reference: https://twitter.com/wwp96/status/1171090871535755264
# Reference: https://app.any.run/tasks/2152b87a-0c8d-4f1e-a195-69d7544ef572/

185.203.116.78:1010

# Reference: https://unit42.paloaltonetworks.com/the-legend-of-adwind-a-commodity-rat-saga-in-eight-parts/
# Reference: https://www.kaspersky.com/blog/adwind-rat/11252

adwind.com.mx
unrecom.net         # UnReCoM RAT
alienspy.net        # AlienSpy
jsocket.org         # JSocket
unknowsoft.com
jconnectpro.info    # jConnectPro
unknowncrypter.co   # UnknownCrypter
jbifrost.com        # JBifrost

# Reference: https://twitter.com/Racco42/status/983634634151026688

newisajrat.duckdns.org

# Reference: https://any.run/report/a4bb70fb8fbb09d86e3529329b651de1677d1f8bec9b9fe324d22b797c1e2493/fb061418-d173-4a35-97eb-1f55e39e4f74

103.125.191.152:7777
103.125.191.152:4040

# Reference: https://app.any.run/tasks/600106b9-844f-4321-8c2b-3726853ff132/

hustle4eva2.3utilities.com
194.5.98.19:8881

# Reference: https://app.any.run/tasks/57d385a6-d464-4ae2-b764-9dcabe301d47/
# Reference: https://app.any.run/tasks/7b6da450-57c0-43f5-85fc-28942ddaf4a0/

rootsec.publicvm.com
172.111.141.34:33

# Reference: https://app.any.run/tasks/2adfe124-4d95-4be5-8d73-0e52c1c73b6f/
# Reference: https://app.any.run/tasks/41ed1be7-3a73-4e97-a46d-d491e2d4b3be/

103.125.191.152:7777

# Reference: https://app.any.run/tasks/0764b917-12f4-484d-8ff5-cde26bc42355/

joeiyke22.duckdns.org
79.134.225.121:7442

# Reference: https://app.any.run/tasks/3e41a622-1010-4f42-8fe1-2838cd95c292/

respainc.duckdns.org
79.134.225.99:4379

# Reference: https://app.any.run/tasks/c6fc3d14-00a0-461e-89c4-9212d5f2cb87/

chance2019.ddns.net
194.5.98.37:20131

# Reference: https://twitter.com/wwp96/status/1186369055642607616

tradcan.duckdns.org
185.165.153.150:4145

# Reference: https://pastebin.com/29uSdMAk
# Reference: https://app.any.run/tasks/6272b39e-7fea-4134-819e-6d3b6b5a0d2b
# Reference: https://www.virustotal.com/gui/file/7a01202131c133a5f78134f264383e827a68164a05e5927da485527da00f8b32/detection

0000rrrvvv.duckdns.org
addahost.ddns.net
lexd.duckdns.org
respainc.duckdns.org

# Reference: https://twitter.com/wwp96/status/1192098993158918145
# Reference: https://app.any.run/tasks/4c70e0e0-ce08-4bd8-ae00-77791545807f/

95.213.195.71:3999
mamased.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1194068036396945409
# Reference: https://www.virustotal.com/gui/ip-address/185.140.53.90/relations

185.140.53.90:8585
dbanks.duckdns.org

# Reference: https://app.any.run/tasks/ee9dd5cd-a707-42a1-b300-6c9cc10cfcda/

powerpower19.duckdns.org

# Reference: https://twitter.com/wwp96/status/1199055385073737728
# Reference: https://app.any.run/tasks/14341c9a-57ab-4cca-ae4f-25bc5576c918/

198.50.217.185:1988

# Reference: https://twitter.com/wwp96/status/1199412810545090560
# Reference: https://app.any.run/tasks/bd69d3e3-4981-4843-91ed-3c4032c3e348/

79.134.225.101:1994
gudluck19.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1199367622896357380

216.38.2.206:5252
mirabk.duckdns.org

# Reference: https://any.run/malware-trends/adwind

1gstemos.duckdns.org
avt.duckdns.org
bytelop4902.ddns.net
cash001.duckdns.org
ceodon1.ddns.net
fishecthinker.ddns.net
info1.duckdns.org
ipvhosted.duckdns.org
labelinfo.dubya.us
mansa19ke.ddns.net
money1234.duckdns.org
moran101.duckdns.org
mrmarkangel.duckdns.org
onelove03.duckdns.org
slimyuyo.duckdns.org
tecklink.publicvm.com
thompson62.ddns.net
wasjar.dynu.net

# Reference: https://any.run/malware-trends/adwind
# Reference: https://www.virustotal.com/gui/file/298adda417fab32b1cb54c2ea841659c5f9ff24881a03383c49276516e587cc8/detection

verified.duckdns.org

# Reference: https://any.run/malware-trends/adwind
# Reference: https://www.virustotal.com/gui/file/4556c57ecdf0e6cca993a84702e9fd25b5775a38d920bb4a93a21367c3eed825/detection

79.134.225.92:4040

# Reference: https://www.virustotal.com/gui/file/8931addad269815939959d2edfd3fb94df5af596bc84ba8280b14ad79291a6fe/detection

79.134.225.92:7890

# Reference: https://any.run/malware-trends/adwind
# Reference: https://www.virustotal.com/gui/file/feea58a8648cc911ae870ba1b3cde32682f165eb867a9c8aee8571fe010d679a/detection

204.152.219.76:1177
79.134.225.92:1177
starboy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/7beac47a408dec7b7ce999180ca781a7b531b77e530be76188b857a0947a555a/detection

79.134.225.92:4050
menaxe212.warzonedns.com

# Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2015-041523-0201-99&tabid=2

moneybank92.no-ip.biz

# Reference: https://citizenlab.ca/2015/12/packrat-report/

daynews.sytes.net
deyrep24.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/1034193815505199107

money12.from-ok.com

# Reference: https://twitter.com/MalwareConfig/status/976617168728150016

osbka.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/804767558343725056

imporlogbomyah.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/781777898424373248

kuslarinhayati.com

# Reference: https://twitter.com/MalwareConfig/status/778991643710066688

sara2011.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/753247025546878976

linsom05.noip.me

# Reference: https://twitter.com/MalwareConfig/status/753246708075786240

opendoors.myftp.org

# Reference: https://twitter.com/MalwareConfig/status/753245062289584129

jry123.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/753243777674907648

dave1033.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748764868694593536

anglekeys.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748762322001244165

valien1.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/748757699723079680

stitatn.no-ip.org

# Reference: https://twitter.com/MalwareConfig/status/748756558545166336

jacobjsockresyah.no-ip.info

# Reference: https://twitter.com/MalwareConfig/status/748756520741908480

felixres015js.zapto.org

# Reference: https://twitter.com/MalwareConfig/status/748756450181197824

alicejav777.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748756425472503808

raydonovan2015.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748756369205964800

mukor.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748756331763339264

oba147.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748756282450915328

alien6socket.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748756247667544064

salesexport.sytes.net

# Reference: https://twitter.com/MalwareConfig/status/748756177744343041

trusplus111.gotdns.ch

# Reference: https://twitter.com/MalwareConfig/status/748754751060209664

opjis123.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748754718189449216

getegoowo.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/748754687596195840

uaelab.mypsx.net

# Reference: https://twitter.com/MalwareConfig/status/748625656041340929

okpole123.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748625186820333568

blessuslord2014.no-ip.biz

# Reference: http://securitywarrior.ca/index.php/2015/11/03/ratcheting-down-on-jsocket-a-pc-and-android-threat/

d370.cc
saleshore201.serveblog.net
floffman11.no-ip.org
akwotie.ddns.net
hydrabad-ur.ddns.net
bright207.ddns.net
stevemartins02.no-ip.biz
ipcorrect.ddns.net
linsom05.noip.me
chriswoolmer00.no-ip.info
justicsbro.linkpc.net
felbankgmailjs.no-ip.info
justicebro.linkpc.net
frookze.ddns.net
moukenji.ddns.net
felixres015js.zapto.org
budapest89.hopto.me
toolsoffice.ddns.net
alien12socket.ddns.net
evanovik.ddns.net
princelarry.ddns.net
nemere.no-ip.org
alicejav777.ddns.net
lawkimsun.ddns.net
arseisa.no-ip.org
blessingonblessings.hopto.me
nikresut015js.zapto.org
dotpago.ddns.net
williasom.ddns.net
jshkoi.ddns.net
egbowantedjs.ddns.net
mrmoney.no-ip.biz
olavroy4.ddns.net
whichway.ddns.net
chriswork.ddns.net
dave1033.ddns.net
filezilla.no-ip.biz
johnsonsammy.ddns.net
abdav21.ddns.net
tpalmer1955.ddns.net
adolfo196938.ddns.net
ome.no-ip.info
lazarus.ufcfan.org
tomluke12.publicvm.com
vyperps.no-ip.biz
logisticsltd.no-ip.biz
ben770.ddns.net
leonardomateus131.ddns.net
opendoors.myftp.org
jjsmits7.serveftp.com
mega123b.ddns.net
tools4chima.ddns.net
paulcoe.no-ip.org
iykeben00.no-ip.info
agentwhite.ddns.net
panel.myactivedirectory.com
philsa.ddns.net
mtrealm.ddns.net
peter123456.ddns.net
quaver.publicvm.com
livesyn03.midexim.com
dellboy13.dnsiskinky.com
emenike.no-ip.info
raydonovan2015.ddns.net
sync.ebaeuropa.eu
prinve24.ddns.net
wlkd.myftp.org
dydx69.ddns.net
mikkyserial.redirectme.net
11111111.noip.me
jamestommyyy.ddns.net
myyveon.ddns.net
khaleeel.no-ip.biz
jsocket2-giftedhands.linkpc.net
bbullgard.ddns.net
dish-darkcomet2.linkpc.net
okpole123.ddns.net
hackmakers.ddns.net
okshallowstonex.no-ip.info
prince24.ddns.net
mrsrizap.myftp.info
mukor.ddns.net
fredkill.chickenkiller.com
herura.ddns.net
froidthefucker.ddns.net
albertfrankie.no-ip.org
correctip.noip.me
donhamza.no-ip.org
amina.pointto.us
basketxrtz.ddns.net
indologisticsltd.no-ip.biz
goods11.ddns.net
jsocserveronline.read-books.org
henrygalaxy.publicvm.com
svchost.myvnc.com
versionfive.ddns.net
tchecks.ddns.net
badmanthing.ddns.net
klydest.ddns.net
t3rr0r.ddns.net
officetartousi.no-ip.biz
intergralhcs.no-ip.biz
jidespa0024yahjs.no-ip.org
elviscarson.ddns.net
zivva007.ddns.net
floffman.linkpc.net
madman1.ddns.net
trusplus111.gotdns.ch
ewillsin.ddns.net
harry150.ddns.net
damuk1.ddns.net
workshopjs.ddns.net
hach.duckdns.org
jonnybary.no-ip.biz
infowinboth.ddns.net
judalien.ddns.net
integralhcs.no-ip.biz

# Reference: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07195002/KL_AdwindPublicReport_2016.pdf

103.25.58.218:3353
104.152.185.187:7777
104.202.126.19:7777
107.161.114.56:1234
108.61.224.179:3000
108.61.224.179:8080
108.61.224.179:9090
109.73.76.106:1000
134.19.176.153:7777
149.202.153.121:7777
149.71.103.182:1920
151.236.19.63:7777
162.13.83.237:2022
163.47.20.20:1978
167.88.14.106:1270
167.88.14.106:1280
167.88.2.174:7777
173.209.43.46:2010
173.209.43.46:2019
173.254.223.111:1777
173.254.223.116:8668
173.254.223.66:2223
173.254.223.86:2070
173.254.223.86:2637
174.127.99.129:1030
174.127.99.129:1050
174.127.99.129:1950
174.127.99.130:2888
174.127.99.134:2888
174.127.99.135:3371
174.127.99.135:4420
174.127.99.150:8484
174.127.99.150:8585
174.127.99.152:5035
174.127.99.154:2828
174.127.99.159:1819
174.127.99.161:9050
174.127.99.167 :1234
174.127.99.183:1313
174.127.99.188:2065
174.127.99.188:2080
174.127.99.195:100
174.127.99.220:8282
174.127.99.234:1033
178.175.138.166:1604
178.175.138.168:1707
178.175.138.168:1970
178.175.138.207:1960
178.175.138.238:1505
178.175.138.238:1506
184.17.1.67:2556
184.75.210.205:2525
185.10.56.24:7777
185.17.1.160:1777
185.17.1.162:1030
185.17.1.166:2556
185.17.1.182:1900
185.17.1.190:8729
185.17.1.194:4040
185.17.1.198:2556
185.17.1.198:2888
185.17.1.205:2808
185.17.1.206:1502
185.17.1.223:7777
185.17.1.226:9033
185.17.1.227:9874
185.17.1.229:1010
185.17.1.235:1819
185.17.1.235:2546
185.17.1.242:2556
185.17.1.250:2000
185.17.1.48:2556
185.17.1.60:2888
185.17.1.68:9762
185.17.1.70:2556
185.17.1.70:4142
185.17.1.71:1089
185.17.1.72:2556
185.17.1.72:2558
185.17.1.80:1988
185.17.1.80:2509
185.17.1.80:5564
185.19.85.151:1505
185.24.234.50:7780
185.29.9.16:9729
185.32.221.5:3368
185.5.175.222:2556
185.5.175.222:7777
185.75.59.145:1246
185.75.59.145:2556
185.75.59.145:4444
185.84.181.73:2345
185.84.181.79:8167
185.84.181.80:5467
185.84.181.80:7982
185.84.181.81:7854
185.84.181.82:5173
185.84.181.85:5463
185.84.181.92:7654
185.84.181.92:8767
185.84.181.94:4020
185.84.181.94:5020
185.84.181.96:2999
188.95.54.106:1234
191.101.151.13:1920
192.64.11.253:2011
193.105.134.78:1910
198.101.10.208:1234
198.27.105.165:7778
198.27.126.224:1234
198.50.222.252:1240
198.50.248.30:8888
199.16.31.184:1235
199.16.31.184:1240
199.16.31.184:1290
199.16.31.184:5555
199.16.31.186:1114
199.255.138.17:7777
199.255.138.19:1234
199.255.138.38:7790
199.255.138.38:7795
199.255.138.43:7777
204.152.219.120:1033
204.152.219.70:5900
204.45.207.49:7777
204.45.207.53:1209
204.45.207.53:1616
204.45.207.53:2221
212.7.208.71:9575
212.7.208.86:101
212.7.208.88:2556
212.7.218.136:1030
213.184.126.142:1202
213.208.129.204:1030
213.208.129.211:1030
213.208.129.218:1030
213.208.129.220:1030
213.208.152.218:1030
216.107.152.237:8006
216.185.114.219:1909
216.185.114.219:1974
216.185.114.219:1990
216.38.2.192:7777
216.38.2.216 :3345
216.38.2.216:3345
216.38.8.189:1234
23.105.128.147:3370
23.105.128.148:1234
23.105.131.155 :3000
23.105.131.155:3000
23.105.131.188:7777
23.105.131.209:1112
23.227.196.198:2023
23.227.196.207:2040
23.227.199.118:2014
23.227.199.121:2015
23.227.199.72:2040
23.227.199.72:2828
23.231.23.182:1010
31.171.155.72:774
46.151.208.242:62622
46.151.208.242:8787
46.151.208.242:9034
46.151.208.242:9797
46.20.33.104:1381
46.20.33.76:2070
5.187.34.231:2015
5.254.106.208:2804
5.254.106.251:4020
5.254.112.21:4020
5.254.112.21:4050
5.254.112.24:4020
5.254.112.36:1920
5.254.112.56:4711
5.254.112.60:1900
5.254.112.60:1990
5.254.112.60:1991
5.79.79.67:4040
5.79.79.70:9090
50.7.199.164:2015
51.254.21.25:7070
67.215.4.74:4505
67.215.4.75:1974
67.215.9.231:1910
67.215.9.232:5050
67.215.9.232:5054
67.215.9.232:50555
67.215.9.235:1257
69.65.7.141:1880
79.172.242.87:2040
79.172.242.97:1720
80.82.209.178:1960
82.221.111.133:1044
85.195.203.29:1501
85.195.203.29:8181
85.195.203.29:9988
85.195.203.33:1508
85.195.203.9:1960
89.163.154.145:2010
91.109.22.100:7777
91.236.116.105:1930
91.236.116.136:1050
94.156.219.237:1040
95.140.125.35:1090
95.140.125.37:1901
95.140.125.46:1099
95.140.125.62:200
95.140.125.76:200
95.140.125.85:1920
11111111.noip.me
24rinces.no-ip.biz
abdav21.ddns.net
abudon1990.no-ip.org
abudon22.no-ip.info
abusite11.ddns.net
abyugos.no-ip.info
abyugos0.no-ip.info
achuprn.ddns.net
admin50.no-ip.org
admin8090.no-ip.org
admin90.no-ip.info
adolfo196938.ddns.net
agary917.ddns.net
aisulu.ddns.net
ajeolokun.ddns.net
akwotie.ddns.net
albertfrankie.no-ip.org
alicejav777.ddns.net
alicejav777.duckdns.org
alien10socket.ddns.net
alien12socket.ddns.net
alien15socket.ddns.net
alien17socket.ddns.net
alien19socket.ddns.net
alien1socket.ddnsking.com
alien4socket.gotdns.ch
alien6socket.ddns.net
alien9socket.ddns.net
alwadwte.ddns.net
anglekeys.ddns.net
anthonywilkinson10.ddns.net
aptsite.ddns.net
audreysaradin.no-ip.org
avprojets.no-ip.biz
ayomide1.ddns.net
ayomide123.ddns.net
backconnect123.ddns.net
badmanthing.ddns.net
banban66.ddns.net
baronbreeze.ddns.net
barratty.ddns.net
basketmain1.duckdns.org
basketxrtz.ddns.net
ben770.ddns.net
benabangwu.linkpc.net
biafra147.ddns.net
biggestchurch.ddns.net
biggiechurch.ddns.net
biggymoney01.no-ip.biz
biggymoney03.no-ip.biz
biggymoney2.no-ip.biz
blessingonblessings.dnsfor.me
blessingonblessings.ufcfan.org
bms123.twilightparadox.com
bongotedllc.no-ip.org
brownvictor.ddns.net
bsmarket.ddns.net
budapest.ddns.net
budapest89.hopto.me
bugattiboss.servehttp.com
bullgard.ddns.net
calito888.ddns.net
carlos1388.ddns.net
ceo.gotdns.ch
ceoceocompany.gotdns.ch
chadin.serveftp.com
chewc47.ddns.net
chiefonodugo.ddns.net
chima147.linkpc.net
chklagos.no-ip.biz
chris101.ddns.net
chriswoolmer00.no-ip.info
chriswork99.ddns.net
cjfitness.ddns.net
clemens.dynns.com
coralgroups.no-ip.biz
correctip.noip.me
crest01.serveftp.com
crest02.serveftp.com
crested01.serveftp.com
damuk1.ddns.net
dave1033.ddns.net
dellboy11.ditchyourip.com
dellboy13.dnsiskinky.com
dellboy15.couchpotatofries.org
dellboy16.eating-organic.net
dellboy17.quicksytes.com
dellboy18.securitytactics.com
deprueba1.no-ip.org
destinynnam.ddns.net
dish-darkcomet2.linkpc.net
divinee.no-ip.biz
divinemove.ddns.net
doingtracks.ddns.net
donhamza.no-ip.org
donorder.ddns.net
dsfgc.ddns.net
dydx69.ddns.net
dydx96.ddns.net
egbowanted2js.ddns.net
egbowantedjs.ddns.net
egbowantedjs.fishdns.com
egede.no-ip.biz
egombute.duckdns.org
egombute.no-ip.biz
emekau2002.ddns.net
emenike.no-ip.info
escobar.serveftp.com
evanovik.ddns.net
ewillsin.ddns.net
father60.bounceme.net
felbankgmailjs.no-ip.info
felixres015js.zapto.org
felixresult.no-ip.org
filezilla.no-ip.biz
fingers.noip.me
flexyou.chickenkiller.com
floffman.linkpc.net
floffman11.no-ip.org
focusloa.ddns.net
francemaes15.duckdns.org
franklin49.ddns.net
frankwoodsales.ddns.net
froidthefucker.ddns.net
fulga01.ddns.net
gabito234.serveftp.com
galaxymoni.ddns.net
geogelewis90.ddns.net
georgea.serveftp.com
gist.no-ip.info
gmoneydns.duckdns.org
godwin231.zapto.org
godwin4real.ddns.net
goodloves.ddns.net
goods11.ddns.net
goooodymegma.no-ip.org
gta2.ddns.net
harry150.ddns.net
harryaleandro.ddns.net
hdllsy11.no-ip.org
hedie1979.no-ip.org
henrry747.serveminecraft.net
henrygalaxy.publicvm.com
herura.ddns.net
hisandu.ddns.net
holymoney.crabdance.com
hustler.no-ip.org
hydrabad-ur.ddns.net
ifeanyi147.ddns.net
igbankwuruns.no-ip.info
ike-jsocket.publicvm.com
importantloggmal.no-ip.biz
importloggm.duckdns.org
indologisticsltd.no-ip.biz
integralhcs.no-ip.biz
intergralhcs.no-ip.biz
iykeben00.no-ip.info
jacobjsockresyah.no-ip.info
jacobremittance.duckdns.org
jadoltd.ddns.net
jagas21.ddns.net
jamescage112.no-ip.biz
javgretest015.chickenkiller.com
jayson2j.no-ip.org
jcures.serveftp.com
jegs.ddns.net
jesus11.ddns.net
jgabi.serveftp.com
jidespa0024yahjs.no-ip.org
jiokekachi.ddns.net
jjsmits7.serveftp.com
joeban.chickenkiller.com
jonnybary.no-ip.biz
jonnybary.no.ip.biz
jry123.ddns.net
jsocserveronline.read-books.org
jsucket.hackermind.info
judalien.ddns.net
jupita10.ddns.net
just2015.ddns.net
justice.linkpc.net
justicebro.linkpc.net
justics.no-ip.org
justicsbro.linkpc.net
justicsbro.no-ip.org
justmealone.ddns.net
justnd2001.no-ip.biz
justyjohnxplodes.ddns.net
jvaoluwade.ddns.net
kane2244.ddns.net
keithoffman25.ddns.net
kifego.servehalflife.com
kingsman.no-ip.org
kipapos.gotdns.ch
kissfromarose.ddns.net
klasik101.ddns.net
klydest.ddns.net
kokoman.no-ip.biz
kuom.ddns.net
lagostj.servebeer.com
lashsecurities.ddns.net
lawrex.publicvm.com
layziebone009.ddns.net
leonardomateus131.ddns.net
leosplint86.ddns.net
link2bros.ddns.net
link2bross.ddns.net
linsom05.noip.me
lisalove.myftp.biz
livesyn03.midexim.com
loandept227.ddns.net
loandept2281.ddns.net
logisticsltd.no-ip.biz
madman1.ddns.net
magabox126.ddns.net
mainlandbridge.ddns.net
manbks123.ddns.net
mariopuzo.ddns.net
mascott.ddns.net
masterchris211.ddns.net
masterchris221.ddns.net
mavado.serveblog.net
max1239.ddns.net
mcvin.corotext.com
mega123b.ddns.net
michael22244.ddns.net
mikey0147.ddns.net
mikkyserial.redirectme.net
millzjsoctrinwi80gm.duckdns.org
money12.from-ny.net
money12.from-ok.com
moneyboss.ddns.net
moneycee.ddns.net
moneymind.ddns.net
moore11.no-ip.info
morval.ddns.net
mrmoney.no-ip.biz
mropera12.no-ip.biz
mukor.ddns.net
munachim.linkpc.net
muratozkan.ddns.net
myifyboy.serveftp.com
mypres001.serveftp.com
myyveon.ddns.net
nbw09o.gotdns.ch
newbj.no-ip.biz
nickre015jsock.duckdns.org
nikresut015js.no-ip.org
nikresut015js.zapto.org
nklove66.no-ip.info
nonnykey.ddns.net
nono147.ddns.net
oba147.ddns.net
obaniko1111.ddns.net
obicharls.redirectme.net
officetartousi.no-ip.biz
ogawilli.collegefan.org
okoro.ddns.net
okpole123.ddns.net
okwychrist2004.gotdns.ch
olavroy4.ddns.net
olavroy44.ddns.net
omaricha.no-ip.org
ome.no-ip.info
onlything4now.ddns.net
onyechina.ddns.net
opendoors.myftp.org
otimmo.ddns.net
ottimo.ddns.net
otunba.ddns.net
panel2.collegefan.org
passmore1.publicvm.com
perfomiracles247.duckdns.org
peter123456.ddns.net
phcity2090.bounceme.net
philsa.ddns.net
plainview.duckdns.org
plainview.myvnc.com
pompin02.serveftp.com
ppppppp12.ddns.net
prince24.ddns.net
prince240.no-ip.biz
professor.myvnc.com
psarda.ddns.net
quaver.publicvm.com
rayman.ddns.net
reversebaglanti.com
rmg-20.ddns.net
roadmaster2013.ddns.net
rx450.ddns.net
salesexport.sytes.net
saleshore201.serveblog.net
sambahs.ddns.net
septt.dvrcam.info
serialcheck55.serveblog.net
settlement.ddns.net
shadowmek.ddns.net
shadowmekz.ddns.net
silverback.noip.me
smart12456.ddns.net
songs.linkpc.net
spa1dingdiljayah.no-ip.biz
star01.ddns.net
starboy.noip.me
starboy.ufcfan.org
stevemartins02.no-ip.biz
stitatn.no-ip.org
swift.ddns.net
tanwilliam.ddns.net
taraba111.gotdns.ch
tcheckk.ddns.net
tchecks.ddns.net
tetetes2222.chickenkiller.com
theman111.ddns.net
thisreason.ddns.net
tiwamade.ddns.net
toba123.ddns.net
tojaxx.ddns.net
tonychucks.chickenkiller.com
toolsoffice.ddns.net
tpalmer1955.ddns.net
trusplus111.gotdns.ch
ucnas2008.ddns.net
uniteknolog.ddns.net
uniteknolog.duckdns.org
upperway60.no-ip.org
upright2.no-ip.org
upright22.no-ip.org
uyu.webhop.me
valchijioke.publicvm.com
vasocserver.read-books.org
vaspakou.ddns.net
versionfive.ddns.net
vivipas.ddnsking.com
vmoney.ddns.net
web2016web.webhop.me
wellspring4life.ddns.net
whichway.ddns.net
willyd01.ddns.net
wlkd.myftp.org
workshopjs.ddns.net
workshopjs.fishdns.com
writtings.ddns.net
xsubin3310.sytes.net
ypfbackup.mylenovoemc.com
zivva007.ddns.net
zoee.noip.me
zubi009.serveftp.com

# Reference: https://www.virustotal.com/gui/file/c3939fa97d68cd3d0f4e2cd60639d85a193c45ac5f2521c5323e990283bcabf4/detection

3.17.202.129:14376

# Reference: https://www.virustotal.com/gui/file/cf563cd799e928394992ddd48155288dabf9066cc99cbaa8071537ad021283eb/detection

178.124.140.136:1819

# Reference: https://www.virustotal.com/gui/file/d5f6a3da788d841a7e274cfe96c51de1ff93c52665d8907074a432e088812cd9/detection

181.58.154.33:1990
octubre132.duckdns.org

# Reference: https://www.virustotal.com/gui/file/218c3f051a1bc1a97df08bba2b2c4f94bcdadd2e96bf5edc8ef5a344f761e80f/detection

prueba111.duckdns.org

# Reference: https://www.virustotal.com/gui/file/1aa680dad128402bed8655d4537f72f872120a825cd279052f3c83f6edf72aea/detection

valeriaaaa.duckdns.org

# Reference: https://www.virustotal.com/gui/file/0ded916662ff3a40b98b7a8e2ae85e466797dc508baf2a6ccf97b1b5a8d425fd/detection

contoda.duckdns.org

# Reference: https://www.virustotal.com/gui/file/367def98e7a3d0b3af07add144180dc09e4e29b1eb9181a51c338a9cf09b8f06/detection

79.134.225.97:4040

# Reference: https://www.virustotal.com/gui/file/90424d7871460fc8bed6d97ee6e04f239aa94881577bc7c73a8d948ad301396a/detection

79.134.225.97:2265
catoma.ddns.mobi

# Reference: https://www.virustotal.com/gui/file/2c62f7a1c4181be5c5f51b5f24e47560621c11a05d4378627221bcd9ec3ef33f/detection

194.5.97.192:3883
79.134.225.118:3883
asorock0011.ddns.net
wcbradley.duckdns.org

# Reference: https://www.virustotal.com/gui/file/3ce95411c9c15376383825de3c8e76de13771dcff174f407e40e77449c6d4ee2/detection

79.134.225.118:3838

# Reference: https://www.virustotal.com/gui/file/d266db16312bb5928539e4c6e755d426b632a1dbd889335aad6f53c9b08d2208/detection

79.134.225.72:1960

# Reference: https://www.virustotal.com/gui/file/37a10b36393dbfdea470b479a3c360d402c0f40158aa85f276b7686a728a50e5/detection

23.239.31.129:7758
pluginsrv2.duckdns.org

# Reference: https://app.any.run/tasks/b6a3ff74-0425-441d-8cbb-fa3b855562cf/

20bigblessings.mydissent.net
79.134.225.50:8882

# Reference: https://www.virustotal.com/gui/file/cead736f873fae8439376046c523aedcd22255ffb6e234e8a8d976ed0b696c40/detection

187.58.54.82:2013
191.32.226.191:2013

# Reference: https://www.virustotal.com/gui/file/9974f24c3f7b6580ee8fe870c9c2397a847c82a960430b0314a653b0c1bd75e9/detection

191.32.178.215:2013
191.32.178.215:3131

# Reference: https://www.virustotal.com/gui/file/b9ba82d60dfd07cd3c2cf1e5a1d5049deae50feb64829ecde09de88a9f248cd3/detection

179.162.213.108:2323

# Reference: https://www.virustotal.com/gui/file/bdb9c8539ea244ec09071e6a1de0cef521cd8b275c0a0b1fb1e99d77b71b9ec3/detection

179.181.230.151:2323

# Reference: https://www.virustotal.com/gui/file/5e86b9db438a55e4e5ff295b83ac8d85c58d9a2a81e992f72aaa7f13729f4e56/detection

186.212.120.244:2013

# Reference: https://www.virustotal.com/gui/file/7456d8c042bb6ce20fc0675fcda36def6a2e913f9aba6895bd846b13e2cfc688/detection

41.190.3.139:2011
41.190.30.38:2011
41.190.31.111:2011
91.192.100.13:2011

# Reference: https://www.virustotal.com/gui/file/706d442630e1505c69f1ccd33e74ae87a5a228cea5dd3de1337f38157e1915c3/detection

41.190.3.228:2011

# Reference: https://www.virustotal.com/gui/file/037ea24fae24dbea5b016a5fbae69ad4866426665e673c43b6b9def1f5c2b287/detection

41.190.31.78:2011

# Reference: https://www.virustotal.com/gui/file/ce56803cae1069908fc47087d6d8fbd1278ae72bc36966694e35da564822446e/detection

91.192.100.4:2011

# Reference: https://www.virustotal.com/gui/file/5fb861fc7742dfb97b04558d23ab4c260eaf2c1178d811a429c86e18f38edb28/detection

91.192.100.4:9222

# Reference: https://www.virustotal.com/gui/file/395a63b07a1275522ed8867d6402abba3b81bfcafedfdd4cc42d9d7b12b03868/detection

41.203.78.170:2011

# Reference: https://www.virustotal.com/gui/file/f2d38c3ec356af1e8841756673967128d0cbe51a491b68ced4ae1dd6a9db4166/detection

41.190.31.123:2011

# Reference: https://www.virustotal.com/gui/file/ab4e72ae86ecc5ec5fd7fe5e727ebc069c4803fd34e975c6054fa85cf4a73f8a/detection

41.203.78.32:2011

# Reference: https://www.virustotal.com/gui/file/3dde4252454cac3c661872c21e33422701d2ca7cb13355960201a8dfe7ee2f51/detection

41.203.78.138:2011

# Reference: https://www.hybrid-analysis.com/sample/d5dd3ecdd85e2c9e45c0b1e4985b28b33bc2ff187a7ae3d971fe6a216755c85e?environmentId=100
# Reference: https://www.virustotal.com/gui/file/d5dd3ecdd85e2c9e45c0b1e4985b28b33bc2ff187a7ae3d971fe6a216755c85e/detection

baykusgiller.com
vcvk7exvko3z2bds.onion.to

# Reference: https://twitter.com/wwp96/status/1222645211240726530
# Reference: https://app.any.run/tasks/39f45632-4342-42e0-ada0-56dff7c84970/

178.124.140.147:1789
helstonswanadoo.ddns.net

# Reference: https://app.any.run/tasks/817c99d5-5ef1-4ca3-a693-7539d094a166/

216.38.8.164:4001
20bigblessings2.couchpotatofries.org

# Reference: https://www.virustotal.com/gui/file/ed5949c09e6857ed50b3c291a0650b461804b2bbe73d4cbabd8018aea0fb8981/detection

141.255.150.182:1010
zueirayoutube3.ddns.net

# Reference: https://research.checkpoint.com/2020/the-turkish-rat-distributes-evolved-adwind-in-a-massive-ongoing-phishing-campaign/

103.75.18.143:1505
104.168.172.6:1505
142.11.193.240:1505
142.11.217.142:1505
192.236.199.190:1505
192.64.119.165:1505
192.64.119.206:1505
23.254.230.161:1505
50.118.227.137:1505
12724.xyz
15438.xyz
21736.xyz

# Reference: https://twitter.com/pancak3lullz/status/1230549131367788544
# Reference: https://app.any.run/tasks/31b6c79e-2e31-4968-975c-2af7bea669ac/

194.5.99.230:1119
anyi.duckdns.org

# Reference: https://www.virustotal.com/gui/file/db878d867305c1d582c7fd4dd24ad7a5551fe21fbc9c8df3937b771697d9c6a9/detection

137.101.45.115:7778
starhost323.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=08f111153f02f4b9fdac7a90bbbf598b

googlemail.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=60b449cc43809e98ebf9396022728827

prietochris18.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=19dd4dbb5bf05fc9b4149bd109eaff98

nokia3310.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=049b159904ba88686c5237a447e93c7a

rolltrain.noip.us

# Reference: https://www.threatcrowd.org/malware.php?md5=48da549826c2395fc84d1f6f9487aca1

richardvitalis.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=4ec5ee22e0e37a77414921c67b4cd869

felixduck.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=4ec5ee22e0e37a77414921c67b4cd869

felixduck.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=008b081a545a04bdc543763b9058dd7f

miikeymouse1978.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=1ec7139605fce1f9f74cfca213d3bba7

lionelmor.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=47ec9de5272c4e5bda7aa6608a296894

karenmontari.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=b21909930198ff5b2a6bd5496310f8fc

trackman.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=b34ce1853b0fdddae09bec7879ce0178

workshopnonso12.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=3726b2045c3963595eb8514d4ec6489e

dlee01.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=015139b1eee53a37ad5fffd56abb4b88

lucky2wise.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=0a5608d197c8e5a8c69ae4732a097847

msrtcse.noip.me

# Reference: https://www.threatcrowd.org/malware.php?md5=15aca7a095165c10ec7ebcb3e1e4250a

doncjpd.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=1600004daf446b8fb77c0334e1c74d93

code202.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=352dd07c7b5c43582c564ec39e93b768

abdullahjbi.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=554fc5f47852fc2944c8d84233d51ce7

kareer.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=9adde43f51fa6cfabe98f006435c39fb

jra5johre70gm.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=a12604f45faf2cd81752042bd31f1470

lucho9977.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=c106c2d5ce7b9fa2d29f0e4fc1ea24df

saleshack.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=e8d1071a1b92f5a69cf28b85eccb9c55

poweleric.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=f272ad54c27bd1a3c669c98e00b71dab

newbomb2016.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=f5dc493adda7d2da828150139059b19f

cjempire.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=b095aa4f9bb4de5aaa2b16b8c308171f

maxxisng.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=1b419e93c31499a974550e5f48bdd521

bbuser.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=27295b1d7b2f3b62abb2d1289cd1334d

iremit2017.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=27d2dd80ce043b5cba504d2e8f45a237

justasking.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=2a9a3cb74dc59df9a0dcc8d70c5fbf55

catchmeifucan.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=3019bd742a0df8e2b7ea5d241df693c8

freshstatz.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=46e207ad21ee8c935590470e416d141e

chintonlntecc.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=5d1803a306a0cbfc0c4bb695e06f73a9

kukere.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=61ae6691dbf4ab6c0aa9ba598fcc31da

chintonlntecc.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=7331a1e782f6bba4c6c68c495bbe527f

frankman703.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=79fd6d1b5aea5747e5523918b7bc0bc5

mrichard00721.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=7bd499b2c26661f097699fca1c86b74b

maryfrasch0984.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=a03f9e760f2acb05797e0114e9cee802

simcogroups.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=a99041586a202ab4ec000401f31ce2b2

darlington.hopto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=dd233fc76a9dd8fece2fc9caad93de16

mrfresh.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=e7ce709d176060de6f8d80a051c67597

snackebay.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=ee2692da8fb00bb189c2268c255c65c7

r00tlife.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=89e5e2337ee7a24d3ad242cc44a630f2

kristinadodge.sytes.net

# Reference: https://www.threatcrowd.org/malware.php?md5=648662d41155ec99a8b527eef83edaf2

ipy.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=615f6f5691b9bb649e0be624e71ab110

jamesdilon.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=e09ac3cff56f465cffef95b880c21b5a

frankola.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=0f762d23fb96ef3f255c624b4afc8b12

shadowincz.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=14778a33bcd47cc4a29fe49028ce5e41

amosmarcus87.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=2769eb1e8ee85895d658b08a89be2cd9

ciaamerica.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=41441ce70f4da20519c255966544d371

hackmakersme.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=a15d1360270e11664a103284be7dbae8

gedy.linkpc.net

# Reference: https://www.threatcrowd.org/malware.php?md5=d7d5a45d7fdcd283e82f34de17472b14

jbiimpologm.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=34780a2ef04a3747e1f0e7be18755613

unknows.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=c375f322573614e22c555cfcc2badb1b

pop2231.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8c102d0c291da868adf7ad3be17efa74

jbiimpologm.duckdns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=1d9be66932ac114d34ad4492b084e855

henry101.linkpc.net

# Reference: https://www.threatcrowd.org/malware.php?md5=1bdb80883d3d9c225ce06295bdacab12

configservi2013.sytes.net

# Reference: https://www.threatcrowd.org/malware.php?md5=66306de38869d8c513a18d0669efb514

desgarrada.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=859aee85c906edc27d302db3acf41e36

jefffernando.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8e2882ef522ed2e92e9a4486ce156f63

desperado.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=9d0a2a943af15d84dd8068888d000db9

selkrom.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=2c73ab73d3171be073746f51e43b4a57

ikemello.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/976df4e2e00197cb77ee00b3240cd34ad4fe56692be59bbd6991803b77f79b8f/detection
# Reference: https://www.virustotal.com/gui/file/dc5cb8bef2fbbe0d393b6126bd4ce188eb94179123aced7bdb6e10d515016f35/detection

212.114.52.84:2803
79.134.225.72:5098
egd147.duckdns.org

# Reference: https://www.virustotal.com/gui/file/c14b152207f83bfa7e3098aa504cbdef2c5aec9fadf80d37f9f83dfaf1d1e4d3/detection

79.134.225.97:2016
godbless.camdvr.org

# Reference: https://twitter.com/Racco42/status/1246027148168749057
# Reference: https://app.any.run/tasks/8918883c-f6cf-4307-9326-d8c0a88873d4/

103.99.1.76:9087

# Reference: https://www.virustotal.com/gui/file/d13b7029d5d26cf40400b796447f8889962b352073217885606a5c8b11463069/detection

79.134.225.114:5040
samesame.publicvm.com

# Reference: https://www.zscaler.com/blogs/research/compromised-wordpress-sites-used-distribute-adwind-rat
# Reference: https://otx.alienvault.com/pulse/5eaacfb46ed903dfb0b097dd
# Reference: https://www.virustotal.com/gui/file/ec654df6004e6806372c1a46260335925fca79ad53ee6f1e659679a2a70e08f3/detection
# Reference: https://www.virustotal.com/gui/file/86f977659524bde3ab16750590eb503a5b900dc1b317508ef439f16eb3dd97a0/detection
# Reference: https://www.virustotal.com/gui/file/74f8ea60c4fee2432b1001978264e2e37a51142de29ff2f580d69e6cfd3cbf45/detection
# Reference: https://www.virustotal.com/gui/file/c055353eb7e266784cb5e3e0008ee663611a88be7202b6aa9e075d13c065a91f/detection
# Reference: https://www.virustotal.com/gui/file/5a0c8206316607e62ab69bbd94218be0566acc772aa9a3321c8f66f34e7d61f2/detection

212.114.52.236:9932
23.105.131.223:1010
37.48.92.195:6025
45.153.240.114:5252
45.153.240.114:5858
79.134.225.111:1010
79.134.225.45:1010
dlee889.mywire.org
gwiza1988.hopto.org
lay.dubya.us
praisesalways.ddns.net
wawa.cleansite.us

# Reference: https://www.virustotal.com/gui/file/268b0ce9a1447c0ae385ecf69c3a1a171f9de836a36f27b792a34831060379e3/detection

79.134.225.72:2990
hurricane.rapiddns.ru

# Reference: https://app.any.run/tasks/afa3e293-a1d0-436d-8773-8b0cd3656aba/

185.140.53.161:20982

# Reference: https://app.any.run/tasks/b4d3c6ab-d3d3-4020-b595-6fee469d31ea/

213.208.129.198:5564

# Reference: https://twitter.com/Bank_Security/status/1263021792727306240
# Reference: https://www.seqrite.com/blog/java-rat-campaign-targets-co-operative-banks-in-india/

151.106.30.114:9045
jasmon6.3utilities.com

# Reference: https://www.virustotal.com/gui/file/2fed1e0576e9e953e25b3c9d9672d8316f697527db3725d5d7bce9617b039d04/detection

axibaindofour.sytes.net

# Reference: https://app.any.run/tasks/94ec3065-3b39-447a-ae65-b70a58946dd0/

167.86.118.236:7777

# Reference: https://app.any.run/tasks/e45777f7-9155-47ef-a624-117ba4a15695/

185.165.153.116:7896
xvetcons085.linkpc.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1298562581137956864
# Reference: https://app.any.run/tasks/c942cf10-80c1-4100-bd51-a4bb407a1588/

193.26.21.227:7215
network2020.ddns.net

# Reference: https://twitter.com/JAMESWT_MHT/status/1298569831919353858
# Reference: https://app.any.run/tasks/958a6366-340f-4503-add3-0a3fc7e20e6f/

185.140.53.132:6868
abc77.linkpc.net

# Reference: https://twitter.com/Racco42/status/1301120815421968386
# Reference: https://app.any.run/tasks/24992ec2-23f5-4ca4-bd10-4aa588131bde/

154.233.66.26:10587
armsvc.duckdns.org

# Reference: https://twitter.com/SiberTurkce/status/1313377160124682240
# Reference: https://app.any.run/tasks/fb4719ef-cae2-4f73-9497-0c9d12249741/
# Reference: https://app.any.run/tasks/b3a95dd8-0a07-4b0d-8370-07d2b931f53f/

185.136.168.164:4090
azbbhooo.3utilities.com

# Reference: https://cert-agid.gov.it/news/jrat-strade-alternative-per-una-rapida-analisi/
# Reference: https://app.any.run/tasks/dd9bf9e0-861b-41e5-b58f-c17befd75278/

ramos01.hopto.org

# Reference: https://www.virustotal.com/gui/file/1ab093181a323979ae2f347e515c96be3c129e37fb2a3f6410826d1d8263d195/detection

boardxe.ddns.net

# Reference: https://gist.github.com/silence-is-best/0aa844b003c62c6ce491e91e168ac662
# Reference: https://www.virustotal.com/gui/file/38b51c4953d002e0d7f4b261aebf8cb58905619ab1a8220ffb99b24d3fed812f/detection

185.19.85.164:7435

# Reference: https://app.any.run/tasks/15a27dc2-7f6c-4b12-960b-d02cad791ad9/

148.72.153.208:5408
host-windows10.publicvm.com
limitededitionphotos.nl/wp-includes/ID3/jre.zip

# Reference: https://blog.malwarebytes.com/cybercrime/2017/01/from-a-fake-wallet-to-a-java-rat/

104.239.166.119:8080
jamoos88.ddns.net

# Reference: https://www.virustotal.com/gui/file/b999586a2660a5df73e36bd7f40b7bc40386165672a8a18048d2b5ec638004fb/detection

84.195.75.31:3175
firestormy.duckdns.org

# Reference: https://www.virustotal.com/gui/file/dfa4ffb05bc1416ff28302312f1929d7d394755f59ae36a4fc0b8797650256e7/detection
# Reference: https://www.virustotal.com/gui/file/c5be24f2b7855a0caad13979c9e1192f36cd121108b488a134d6db67c37c2c6d/detection

ntums330.hopto.org

# Reference: https://twitter.com/reecdeep/status/1355126694928068610

103.114.107.184:7180

# Reference: https://www.hybrid-analysis.com/sample/598b45c25244fd8bfbf4fe23aa068fd05c24e05e36855aa55a6838e9ca173aed

91.236.116.180:6969
91.236.116.180:7676

# Reference: https://app.any.run/tasks/c26517b3-2873-456c-867e-41921424ffbd/

193.218.118.85:2580
n3wt0nmax1.duckdns.org

# Reference: https://app.any.run/tasks/bb0d0f56-8693-4e95-93df-5d562303bf7c/

140.238.243.50:2021

# Reference: https://app.any.run/tasks/54fcf03d-ee51-4b6f-a403-97eb3d2edd42/

154.44.177.60:7215
bmuvictoire.ddns.net

# Reference: https://app.any.run/tasks/4c190041-3f57-4414-9bbc-d67a0742078a/

178.175.138.167:6022
vvrhhhnaijyj6s2m.onion.casa
