# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://github.com/advanced-threat-research/IOCs/blob/master/2014/2014-08-02-sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing.csv

waddb.sr

# Reference: https://www.symantec.com/security_response/writeup.jsp?docid=2014-110720-2146-99&tabid=2

adamat.ddns.net
supervisor.ntdll.net
antony989.ddns.net

# Reference: https://www.virustotal.com/gui/file/103315ba910445f657e3545e3b798d73ee89fe60674288d1909458d46187fee4/detection

3.17.202.129:15822

# Reference: https://www.virustotal.com/gui/file/9737c40636aa34ed6e166924c19b4e2223ea6f6b03823911274c437f8fea8fcf/detection

Wirusw-44803.portmap.host

# Reference: https://www.virustotal.com/gui/file/eccdb9b04cf79e386f19c112d14dd99d100af826557483788ceabd9fb2b7cc95/detection

193.161.193.99:29926

# Reference: https://www.virustotal.com/gui/file/adc705d49406b238e55202bfa3755421be7af82a8ac935a486d23e913c9a1a7c/detection

193.161.193.99:28020

# Reference: https://www.virustotal.com/gui/file/08c50a03b33577ff3381748e6c3c557b28eb80b65a166611eabd6fb7d4553d8f/detection

3.19.3.150:10331

# Reference: https://www.virustotal.com/gui/file/bb00dcbb7e68f9e3e7b63fef88c384cb981fd41c602935a66c50a0dcd7828f86/detection

clientsslfrdon.duckdns.org

# curl https://amtrckr.info/json/name/sandrorat | jq '.[]' | jq '.url' | tr -d '"' | cut -d ':' -f 1 | sort | uniq | grep -vE '^[0-9.]*$' | grep -vE '^[^.]*\.[^.]*$'

07726657423zaion.no-ip.biz
100009755836320.no-ip.biz
123456789123456789.myftp.biz
1337ace.ddns.net
1349874791.gnway.cc
1488.sytes.net
14lcolombo.ddns.net
159asd.duckdns.org
1fon1.ddns.net
1m4962f897.iok.la
22134520.ddns.net
2715729.vicp.net
45df36.dyndns.info
5107b712.all123.net
5701c196.123nat.com
6gh.noip.me
79649759.ddns.net
7daysky.in.3322.org
96750513.ddns.net
9949291099.hopto.org
a1b2c3.hopto.org
a302a85a.ngrok.io
aaaaaaaaaabbbbb.hopto.org
aasxzxdsc12324.no-ip.biz
abarouter.ddns.net
abbaass3132.hopto.org
abbaass313.hopto.org
abcccabccab.ddns.net
abderrahmane16.hopto.org
abdo099.ddns.net
abdobacha05.ddns.net
abdou16.hopto.org
abdouoahmed.ddns.net
abduls0821.myddns.me
abedjaradat1177.no-ip.org
abosaoys881.duia.us
abusako.no-ip.biz
achrafzouina.zapto.org
ad15.hopto.org
adlin.duckdns.org
adobflash.hopto.org
ahmdiand-wj3.ddns.net
ahmed12345.hoptp.org
ahmed2012.dynu.com
ahmed90011912.ddns.net
ahmedmidoegypt.hopto.org
ahomdalhomd42.hopto.org
ala6a.no-ip.biz
alaa-1982.no-ip.biz
alaajb.zapto.org
alaauy.ddns.net
alabama192837.no-ip.org
alanbkey.no-ip.org
alarr2012ab.myftp.biz
albash2222.ddns.net
aldnkoich11111111.no-ip.org
alfazaai99.ddns.net
ali2627.ddns.net
ali7070.ddns.net
aliboxboxbox.hopto.org
aliyusef6.no-ip.biz
alkingahmed555.ddns.net
allforfree.game-host.org
alzintani.ddns.net
amarok58.no-ip.biz
amelwafaw.ddns.net
aminamadani16.hopto.org
aminbatna31.ddns.net
aminrahimzadeh.no-ip.org
amiraliam.ddns.net
ammaar938.ddns.net
ampala.ddns.net
amran-pc.no-ip.biz
amrozamrozamroz.hopto.org
amrsamy222.ddns.net
amsdj.hopto.org
amujeeb1990.ddns.net
anawebs.ddns.net
andr01d.zapto.org
andrew999.ipnodns.ru
andriod91.ddns.net
androduck.duckdns.org
android1.ddns.net
androidalbums.ddns.net
androidan.ddns.net
androidfdl.ddns.net
androidplay.ddns.net
androidrat21.ddns.net
androidsafe.ddns.net
an.droidsuper.su
androidtest0.ddns.net
androidtool.ddns.net
androjak.myftp.org
andro.no-ip.biz
androoid.ddns.net
androrat22.ddns.net
andver18.no-ip.biz
anito.ddns.net
anon008.ddns.net
anondz97.ddns.net
anonfox.no-ip.org
anonymo9s.ddns.net
anonymous666.zapto.org
anonymousip.no-ip.org
apkhamza.ddns.net
applecenikosmos.hldns.ru
appmarket.servehttp.com
appsystem.ddns.net
aqwkdo1.no-ip.biz
ariaaalikazm.ddns.net
arondograu.ddns.net
asasasas22.ddns.net
asdbh11.ddns.net
asdqqq.bounceme.net
askinder.hopto.org
astro3.hopto.org
a.tomx.xyz
auc.dlinkddns.com
audreysaradin.no-ip.org
authd.ddns.net
awir-fb.sytes.net
axxz2017.ddns.net
ayadd19.no-ip.org
ayadd99.ddns.net
ayham11.hopto.org
azerboys.hopto.org
azert123.ddns.net
azerty.hopto.org
aziza.sytes.net
baby.webhop.me
badguy.myq-see.com
bahar2017.no-ip.org
bambi.no-ip.biz
banis.hopto.org
bannding.ddns.net
bapforall.ddns.net
barbari.ddns.net
bassamzeyad.ddns.net
batterysaver.3utilities.com
beijg.3322.org
bitoandroid.no-ip.info
bl4ckh0t.ddns.net
bl4ckhatjoker.ddns.net
black1990.ddns.net
blackghostorg.ddns.net
blind1234.ddns.net
bopress.ddns.net
bostanoo.ddns.net
boubou271.ddns.net
box100.ddns.net
brasilteamop.ddns.net
brave-hacker.no-ip.org
brousse16.ddns.net
bwaleez.hopto.org
camper92.ddns.net
carapuce-2015.no-ip.biz
cardangi.no-ip.org
cccamd.myftp.biz
cerdofile.ddns.net
chabar.ddns.net
chacal00.hopto.org
changyu231.ddns.net
chanks.no-ip.biz
chrisfo.no-ip.org
city55.hopto.org
cjbks0u0.no-ip.org
clashdroid.no-ip.biz
clayhost.hopto.org
cnw.redirectme.net
comsurogate.noip.me
coxiamigo.myq-see.com
craxyvirux.ddns.net
cyberbit.ddns.net
cyberbwarrior.ddns.net
cybercrysis.ddns.net
dadadadadaprivet.ddns.net
dalibob12.ddns.net
damndamn.ddns.net
danielrats.ddns.net
dantehack.zapto.org
daroedkak.no-ip.biz
darweshfis.no-ip.org
datadownloader.ddns.net
dddeee.ddns.net
deep1234.ddns.net
dellearm.ddns.net
dendroid.hopto.org
denishul.hldns.ru
dexonic.duckdns.org
diceedicee.ddns.net
didi03.duckdns.org
diener123.ddns.net
dionis.ddns.net
dj123.no-ip.org
djack1.zapto.org
dj.shop.tm
dkms.ddns.net
dodee97dodee.ddns.net
dodotototata.publicvm.com
domira.ddns.net
draagon.ddns.net
dragonhkr1.myftp.biz
drhack.hopto.org
driodrac.ddns.net
droidcraftismelmao.ddns.net
droid.deutsche-db-bank.ru
droid.fagdns.com
droid.freedynamicdns.org
droidge.ddns.net
droidhost.zapto.org
droidjaack.zapto.org
droidjack121.ddns.net
droidjack1.sytes.net
droidjack2137.hopto.org
droidjack2333.ddns.net
droidjack258.bounceme.net
droidjack33.no-ip.biz
droidjackdns.duckdns.org
droidjack.hopto.org
droidjackiam.ddnsking.com
droidjackisgodly.ddns.net
droidjackkk.sytes.net
droidjackv5.ddns.net
droidjock.myftp.biz
droidmosa.ddns.net
droidnigga.zapto.org
droidrat.hopto.org
droid.servehttp.com
droid.serverhttp.com
droidspy.zapto.org
droidss.noip.me
dro.soxx.us
droy.zapto.org
dsf.no-ip.org
duckem.duckdns.org
ducmanhhoangtran.ddns.net
duke5010.duckdns.org
dzhacker16.ddns.net
e777kx47.ddns.net
egytiger.myftp.org
eldiablo.no-ip.biz
elisou19.ddns.net
emme.no-ip.biz
engnngns.duckdns.org
engrid.no-ip.biz
equisde.ddns.net
eslam87.hopto.org
essalhi2047.hopto.org
euquerotchu.ddns.net
evilcasper.ddns.net
explosif.zapto.org
facbookserver.ddns.net
facebooh.zapto.org
facebook2ww290.ddns.net
facrbook.redirectme.net
fadisesubaih.ddns.net
fairylow.no-ip.biz
fakaelite.no-ip.org
farzan.ddns.net
fateh2017.ddns.net
fati43030.no-ip.biz
fazoro66.ddns.net
ferzo1881.duckdns.org
fifi147fifi.no-ip.biz
firsthost.ddns.net
flashplayerxx.no-ip.org
foxfeline.no-ip.org
free1.neiwangtong.com
freeann.sytes.net
freeeeeeeeee.no-ip.info
freefuck.duckdns.org
freepalestine.ddns.net
fruby.zapto.org
fsocfsoc.ddns.net
fucks.ddns.net
fuckyou.duckdns.org
fukeyou12.myftp.biz
futurasky.no-ip.biz
gaabar.hopto.org
galau.ddns.net
gcafegood2.noip.me
gcafegood.noip.me
ggwasgeht.ddns.net
ghghghghetrezw.no-ip.org
gmailss11.hopto.org
goggle.sytes.net
gold5000.ddns.net
goldeneagle1112.ddns.net
gooboom.no-ip.biz
good.myddns.me
googlead.publicvm.com
googles.servemp3.com
googleweb.ddns.net
gooogleplay.ddns.net
gorr.hopto.org
grandeamore.ddns.net
greatkeyboard.hopto.org
gta5hacking12.duckdns.org
guru123.ddns.net
gusui1.ddns.net
haa7aah.no-ip.biz
hac123k.hopto.org
hack1111.noip.me
hack155.vicp.net
hackcam.zapto.org
hackdeam.no-ip.info
hacked2001.hopto.org
hackedona.ddns.net
hacker2.hopto.org
hacker421.hopto.org
hacker-81.no-ip.biz
hackermoqtada.no-ip.biz
hackertn123.no-ip.biz
hackhack2016.no-ip.info
hackhamer.zapto.org
hackinroll.ddns.net
hack-iraq.no-ip.info
hacksd20.ddns.net
hacksyria2.myftp.biz
hadsurvey.ddns.net
hahalol.ddns.net
hahalol.no-ip.biz
hajeeeee.hopto.org
hakedpc0000.myftp.biz
hakeerali2.ddns.net
haker10.ddns.net
haker-2119.ddns.net
haker33sadekgafer.no-ip.biz
hakosiken.duckdns.org
hakunamatata007.ddns.net
hala222.hopto.org
halo12.duckdns.org
hamadagentel.ddns.net
hamidoranis.no-ip.biz
hamidos1342.ddns.net
hamo55.hopto.org
hamza19991.hopto.org
hamzaelcb.ddns.net
hananox.ddns.net
hardik.no-ip.info
hardstyleraver.no-ip.org
haroune12.myddns.me
hasha.hopto.org
hasn9999.ddns.net
hassan100.ddns.net
hassanabd1233.ddns.net
havij.ddns.net
hax.no-ip.info
haxor.hopto.org
haxorjib.no-ip.org
hazem123.no-ip.biz
hazhar77.no-ip.biz
hdkhanh123.no-ip.org
hedr78.ddns.net
heemoana.hopto.org
hegazy5753.ddns.net
hehe.duckdns.org
heikechenmo.3322.org
heilbronn.duckdns.org
hell2066.zapto.org
hero400.ddns.net
heroeschargehacked.ddns.net
hhamokcha.ddns.net
hhhhhfhf.ddns.net
hmt1985.ddns.net
hobi.3utilities.com
hoho121292.ddns.net
hoho39.ddnc.net
hohoangpmy.ddns.net
hooman8219.servecounterstrike.com
horcheni123.ddns.net
hoseenoori2277kh.ddns.net
hossar.ddns.net
hosteng123.hopto.org
hosthack25.ddns.net
houaribey4.ddns.net
houaribey4.no-ip.org
housam.linkpc.net
houssmes.zapto.org
howie96.jios.org
hpwdza47o8huc1xj.myfritz.net
hqn.ddns.net
htmp.sytes.net
httpdssh.ddns.net
huhuhuya.ddns.net
huntergold.no-ip.biz
hussein1889.no-ip.biz
husseinali5698.ddns.net
husshacka.hopto.org
i1993.ddns.net
imad2001bo.hopto.org
indusv00.duckdns.org
info.bounceme.net
injectman.no-ip.info
inteljet.ddns.net
intelresol.ddns.net
ipv445.hopto.org
iqram85spy.ddns.net
iraqn6777.ddns.net
islam2020libya.no-ip.biz
islamway.no-ip.info
ivon9393.no-ip.org
jackdroid1337.ddns.net
jackdroid.systes.net
jalal123.hopto.org
jalldomain.ddns.net
jas7ser.hopto.org
jassair.hopto.org
jastn.ddns.net
jirawat01.ddns.net
jkgytgasjg12.serveftp.com
jockerhackerxnxx.ddns.net
jojomo.ddns.net
jokerbabel.no-ip.biz
jomo.zapto.org
josewaldo.ddns.net
juliocoelhodesa.hopto.org
jun.dynu.com
k0k0wawa.hopto.org
kaddress.ddns.net
kaedalsh.ddns.net
kaizen00.ddns.net
kakashi.ddns.net
kalinus.ddns.net
kamlabhai123.no-ip.biz
kararkarar0780.ddns.net
karasqlee9.no-ip.org
karrarhuseein82.ddns.net
kaskw.myftp.biz
kasper.ddns.net
keskes02122002.ddns.net
kevte26.zapto.org
khaleel0.zapto.org
khalid-2016.noip.me
khantac.ddns.net
kheridla.hopto.org
kilasx.ddns.net
kingdom.no-ip.biz
kinggg.ddns.net
kjgjgkhffh.sytes.net
kka163.ddns.net
kkarox90.no-ip.org
kmessi.myddns.me
komplevit-rat.ddns.net
korelev.no-ip.org
korg600.no-ip.biz
krem111.ddns.net
krlol.ddns.net
ksbozo.ddns.net
kskdt.ddns.net
kurd-kar.ddns.net
lahyarhmo.hopto.org
lamorash.ddns.net
laze22.hopto.org
learnxea.duckdns.org
led5526.ddns.net
likerrdd.myftp.biz
liquidixen.ddns.net
lizdlezozifpo.ddns.net
local1232.ddns.net
lolman.ddns.net
lordxxx.myq-see.com
love2014.ddns.net
lputyr.myq-see.com
luxuriaecu.ddns.net
madblack0.sytes.net
madov-matrix25.no-ip.org
magemankoktelam.ddns.net
mahamadmahmod.ddns.net
mahasiswa.no-ip.biz
mahdi1379.ddns.net
mahdi3141.ddns.net
mahdibaba123.ddns.net
majed111111.myq-see.com
majod98m.ddns.net
makarand.no-ip.org
malakatef09.ddns.net
mamal9921.ddns.net
mami5255.duckdns.org
mar020one.hopto.org
mariorossi2013.homepc.it
marknetz.hopto.org
marocmaroc.hopto.org
maskaralama.ddns.net
masterat.myftp.org
matrix-teste.ddns.net
mazenttr2.hopto.org
me512.zapto.org
medo7911.ddns.net
medoahmed3.ddns.net
medx321.ddns.net
mee2008.zapto.org
megalol.chickenkiller.com
mehost.ddns.net
memeaimen10.hopto.org
memexmama.ddns.net
mezoo32.no-ip.biz
mhoammedtty.hopto.org
mht3.ddns.net
micro-soft.no-ip.biz
microsoft-office.ddns.net
mido28.hopto.org
migo2018.zapto.org
miioolinase.ddns.net
minou555.hopto.org
misterx94.ddns.net
mixtape2016.ddns.net
mobdro.hopto.org
mobiles0ft.no-ip.org
moep004.no-ip.org
mogahed.ddns.net
mohamed46565656.no-ip.biz
mohamed4dz.ddns.net
mohamedamine.ddns.net
mohamedhg.no-ip.org
mohamednjrat111.no-ip.biz
mohammed22468.no-ip.biz
mohammed93mahdi.ddns.net
mohfort.ddns.net
mohmad.myftp.biz
mohmdnor.ddns.net
mohsanali79355.ddns.net
moji1936.ddns.net
mokhter222029.ddns.net
moktarpicaasrinabil.zapto.org
momen-swesi.no-ip.biz
momo2015.duckdns.org
mon009.no-ip.biz
monitoring007.zapto.org
moonmar10.no-ip.biz
moslim.ddns.net
mostafaafroto0.ddns.net
motoshi.zapto.org
moussa-hak.no-ip.biz
mphp.hopto.org
mpt1969.ddns.net
mrgnet.ddns.net
mrreda98.ddns.net
msn-web.ddnsking.com
mstar.ddns.net
mstfa10.ddns.net
muxamilu.hopto.org
myaw.no-ip.biz
myfreerat.ddns.net
myfrenid2x.zapto.org
myillusion02.hopto.org
mypy23.ddns.net
mzgerges.no-ip.biz
nademhack.no-ip.org
nadineemma.servegame.com
namandroidk63.zapto.org
napaixonado.ddns.net
nassahsliman.ddns.net
nemesis2017.zapto.org
netflix-ip.hopto.org
new777.ddns.net
newword.serveblog.net
ninabounita.ddns.net
ninjabird29.myvnc.com
nirajpawar1997.ddns.net
njesra.ddns.net
nododg.ddns.net
nohacker.ddns.net
noiphackk.ddns.net
noipjajaja.ddns.net
noussa.no-ip.biz
nowgirlas.ddns.net
noxrr.ddns.net
oday1995.zapto.org
oko.gotdns.ch
omar.no-ip.biz
oneriakosa.ddns.net
orihacker.ddns.net
osamarizk.ddns.net
osammer0asmam3a.ddns.net
osmsalem.ddns.net
ospr.publicvm.com
oussama1997.ddns.net
oussamadj1997.ddns.net
ovirus.ddns.net
owsen.ddns.net
paaradowx.hopto.org
papasystem.no-ip.org
parrot01.hopto.org
pars.ddns.net
petermohsenvi2.hopto.org
pfijsp.noip.me
phantom94.ddns.net
photofix.hopto.org
pianotiles2.ddns.net
pimpdaddy.myq-see.com
pippo86.no-ip.biz
playstore.ddns.net
portmeim.ddns.net
premium007.zapto.org
priyakumari.ddns.net
profmilf.zapto.org
prohacker.freedynamicdns.org
projectp.ddns.net
proview.ddns.net
puplicdsl.ddns.net
qq376552030.ddns.net
r90.no-ip.biz
radouan123.hopto.org
raliphesus.ddns.net
rameezmaster.ddns.net
randsnaira.dnsdynamic.com
rat.capsulelab.us
RATForAndroid.ddns.net
rds11.ddns.net
reddemon.ddns.net
refsa.duckdns.org
reich666.ddns.net
reich777.ddns.net
remoteip999.ddns.net
rinalditeam.ddns.net
rmk133.hopto.org
rmx2121.ddns.net
rockrock.ddns.net
rok13198666.no-ip.biz
ron1372.ddns.net
royalhacker.zapto.org
rpshowpick.ddns.net
rpswlrkgkarp.p-e.kr
rzra51126.ddns.net
sadaq.ddns.net
saighinissou.ddns.net
sajjad1994.ddns.net
sajjadnassar3.no-ip.biz
salah067.hopto.org
salemaziz.hopto.org
samdzbba.ddns.net
samira.no-ip.biz
sammuiyer.ddns.net
samoomalik.no-ip.biz
samsung.apps.linkpc.net
samuseucu.ddns.net
sandhusim001.ddns.net
sara17911.no-ip.org
sara19918.ddns.net
sarahwygan.no-ip.biz
saraia.ddns.net
sarasisi.no-ip.org
sasi546454.hopto.org
satahezub.no-ip.info
sava33.ddns.net
sazan765.ddns.net
scropion20078.no-ip.biz
secureline2244.ddns.net
securitytests.ddns.net
sersaisa.ddns.net
server4update.serveftp.com
service.zosys.net
servr.hopto.org
seven1.ddns.net
seyf2017.linkpc.net
shabbushah.duckdns.org
shahidsajan.no-ip.biz
shanks.no-ip.biz
sharawy74.hopto.org
sharmayash.no-ip.biz
sheamusking34.no-ip.biz
shoo2018.no-ip.org
shop10.ddns.net
showj.f3322.net
silenthunter3021.no-ip.org
skinchanger.hopto.org
skituljko.mooo.com
skylex123.hopto.org
slayslay.duckdns.org
s.leas.im
smiix2012.ddns.net
smk22.jkt.net
snaider.hopto.org
sniper-f.ddns.net
sniperviruse3.hopto.org
sniperyakub.ddns.net
snopi.no-ip.biz
socialplus.ddns.net
sofemm.no-ip.biz
somenormalguy.duckdns.org
sondres1.ddns.net
sonkar412.duckdns.org
sorry.duckdns.org
sosg77.ddns.net
soso.noip.us
spicymemes.duckdns.org
spiel007.ddns.org
spofy.ddns.net
spynote-web.dynu.com
ssjf.myftp.biz
ssxdswe.no-ip.org
standby1537.duckdns.org
storing.hopto.org
strateg.ddns.net
stux0net.no-ip.org
superlegitratvirus.ddns.net
sweetman2020.no-ip.biz
taha100iq.hopto.org
taherhacker.hopto.org
tak.no-ip.info
taras1928.ddns.net
targi01.hopto.org
tatacall.servebeer.com
tataline.hopto.org
teda11.zapto.org
tedy1993.ddns.net
teolandia.no-ip.biz
test145.ddns.net
test29.ddns.net
testandro.ddns.net
testapkk.hopto.org
testkps.ddns.net
test.no-ip.org
test.pagez.kr
testsr.ddns.net
testsss.ddns.net
testtwo2.ddns.net
testxy.ddns.net
th3expert.3utilities.com
thaer.no-ip.biz
theblack16.ddns.net
thedroidjack.ddns.net
thegangsterrap.noip.me
thegod2.ddns.net
themayhen23.no-ip.org
tnaxin.msns.cn
tobytori18.myftp.org
tomyyk.ddns.net
tonyjony.ddns.net
topmax.myq-see.com
toyman6699.no-ip.info
trythelast.no-ip.org
ttn10.no-ip.org
tunisvista.3utilities.com
udown.ddns.net
ufologlyly.ddns.net
umar14344.ddns.net
unknownuser.no-ip.biz
updater.myftp.org
updatesystem.dynu.com
usa2222.ddns.net
usa.myftp.biz
userframer.sytes.net
usernamegopro1.ddns.net
usmh.myq-see.com
vajausing.dynu.com
vb.blogsyte.com
vego.ddns.net
vetalamator1.ddns.net
viagra.jumpingcrab.com
victim.no-ip.org
vigo.hopto.org
villevalo.chickenkiller.com
voda.no-ip.org
vwelxv.ddns.net
w0rm32.ddns.net
warl10ck.ddns.net
warrirrs.no-ip.org
wasawalid.hopto.org
wassam100.ddns.net
wasxmrtdub.ddns.net
watzeb.ddns.net
wcvwcv.picp.net
webhack2017.ddns.net
weedforlifehacker.ddns.net
welcomeheretomept.ddns.net
wildu.ddns.net
win32.ddns.net
windows12345.ddns.net
windows7trojan.ddns.net
winlogen.duckdns.org
winserver.dlinkddns.com
woaisue.3322.org
wogusnb.no-ip.info
wombocombo.mooo.com
wtfwtf.duckdns.org
www.177mu.cn
www.darkteam.xyz
wxf2009817.f3322.net
x300x300xx.no-ip.org
x64-windows.ddns.net
xa1newold.hopto.org
xatar12.ddns.net
xilto.duckdns.org
xingyuekeji.f3322.net
xmohcine.ddns.net
xnxx123.publicvm.com
xomro.no-ip.biz
xos1982.ddns.net
xtiger007.ddns.net
xzoro2016.no-ip.info
yamsohe.ddns.net
yangweb.f3322.net
yassinescaleo.ddns.net
yelp01.f3322.org
yorkiepet.ddns.net
yossf2014.no-ip.biz
younix.ddns.net
yousefehab11.ddns.net
youseffathii.ddns.net
youssef-1234.hopto.org
yuosaf1993.ddns.net
yurimacedo1.ddns.net
za3blawy.ddns.net
zaboza2020.ddns.net
zaheerkhan786.ddns.net
zakifr.no-ip.biz
zakoo1.zapto.org
zaliminxx.duckdns.org
zecovpnhasan1123.ddns.net
zennone.ddns.net
zero228.ddns.net
zoheirdroidjack.zapto.org
zokor-zokor.ddns.net
zouhr9.hopto.org
zxczxczxc.ddns.net

# Reference: https://www.virustotal.com/gui/file/95e7b09d830e8c1aecac2c8a259c1abea7453ef8a1a0d6d2ba9c8804015ed0da/detection

85.140.0.174:1603

# Reference: https://www.virustotal.com/gui/file/b89766cad7a7e511c208f30e0fa3c742522d8b07a583eff6421ad420eb68e0bb/detection

88.226.132.54:1337
hackdery1.ddns.net

# Reference: https://www.virustotal.com/gui/file/333a463c3814e2c4fbae6a28a29bb3082e6d0baba61f50476d68e92d610b4248/detection

141.255.151.138:5525
141.255.151.68:5525
taldonelso.freedynamicdns.org

# Reference: https://twitter.com/ReBensk/status/1275308008436895744

3.128.118.197:5555

# Reference: https://www.virustotal.com/gui/file/f3fe3e9c05adf8c5e0e5cdf131cfcab7970ba235c3320c8573f4906a089b4f10/detection

156.222.129.163:1337
aaaaaaa7.myftp.biz

# Reference: https://www.virustotal.com/gui/file/0d161132eb515ce526fb1b5a88dc5025ecf623d788ce37ecc939472c6ca2a1a3/detection

ahmed8877.no-ip.org

# Reference: https://www.virustotal.com/gui/file/b05570ed941da5ceeb87bcef18240090540b2c50f461f5792249f90ba99c4085/detection

141.255.147.11:1962
41.105.12.27:1962

# Reference: https://www.virustotal.com/gui/file/8d442b52d30987dd8582827ad3cdad097fa41ac9d80e1325ba941afc2294d298/detection

191.242.7.95:1177
systemdownload.duckdns.org

# Reference: https://www.virustotal.com/gui/file/a066e119305ae49ba55272c40a0a6c5898558b4ca354e89509835f0a6cbb5fb3/detection
# Reference: https://www.virustotal.com/gui/file/240e74ad9f01ac7978120aecba149f973ce1c12ce835261432cda6fdd9bb81f8/detection

18.223.118.231:1337

# Reference: https://www.virustotal.com/gui/file/83091aeadf6f224014601c72b3f8b4ab7140ee0155db9d30486d5843513d7e61/detection

deadaliens.us

# Reference: https://www.virustotal.com/gui/file/35b906a9614c5f53664cfa1439d77219514aeaa749a8f63ced15a95c57470319/detection

58.225.118.141:1337
linux.0pe.kr

# Reference: https://www.virustotal.com/gui/file/66dc9f201d49595e39bc9f8b6045df20026139305f9a046fec23cf7aecb99da4/detection

222.186.170.37:31786

# Reference: https://www.virustotal.com/gui/file/21a93e17e3cdb41eae03421198a691ac6a352779ff8bf639de61808f7cc3899b/detection

222.186.170.37:27127

# Reference: https://www.virustotal.com/gui/file/eb878014f0478d16acf99a4dc62da06b87c47c3e23fbcced24ab626839045933/detection

lahe66.u1.luyouxia.net

# Reference: https://www.virustotal.com/gui/file/55a13c87fbc2c810c74ed1f18032f3788b0e938d52a9944dac7f6d28e8540e58/detection

34.199.8.144:5000
thelegend300.ddns.net

# Reference: https://www.virustotal.com/gui/file/972aa5077dc900fbc4e18838d5219604c02c5375b6a16e462a7bd6dfe08a0391/detection

helloking143.ddns.net

# Reference: https://www.virustotal.com/gui/file/b6bcd497840f03fd78744a21b264c334e28263f357c9595032a7321fd5578d40/detection

34.199.8.144:1337
davidvxc.ddns.net

# Reference: https://www.virustotal.com/gui/file/933d11b8e1f4516129cc48bfbcaddc3da3b0a361c0db085acca7b81597e0fc56/detection

91.195.240.87:8088
zzz555.tl-ip.com

# Reference: https://www.virustotal.com/gui/file/94c2f38a04f75ce4a853f6b4948b825db7bf70ce9837603a45e56d1215c4236c/detection
# Reference: https://www.virustotal.com/gui/file/ebf483aa8725c0e8e564bf6b6cff35471b5483a6930d94ebccbb5f1d946dea74/detection

102.185.44.254:1337
uranuim.ddns.net
uuranuim.freedynamicdns.org

# Reference: https://www.virustotal.com/gui/file/a38fc9662a6478c04a20f41681d27945a92a65fe17c8ea5b1114764198b34e0f/detection

107.151.148.174:12345

# Reference: https://www.virustotal.com/gui/file/800a7b34e873260d804bd9914ef9e140a7703138b2db6ace7e08e9c373d17a0d/detection
# Reference: https://www.virustotal.com/gui/file/d33f210df432ff3b6bd78d41ea779863c17576eb0af27051149c1c905686e137/detection

wininit.myq-see.com

# Reference: https://www.virustotal.com/gui/file/31cd68dcb959d5fbd5b870318cff7e01992a80b7203f8d90f4a1a81e78d836b4/detection

41.208.110.46:666
svu.myq-see.com

# Reference: https://www.virustotal.com/gui/file/504934b07df8af5b0b7d715ee8c5bdc7ea55a5e3353da19d2d10978a15500e87/detection

41.96.96.109:1337
kiyoma.myq-see.com

# Reference: https://www.virustotal.com/gui/file/6cf00b39fc5ea76da3f1b0e807c12b72d1863ce7fbfcb7b74aa70ce7a9d9574d/detection

37.237.193.6:1337
44332211223344.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/a27f8d6d8aac78c13865220697ab55b02ba15b6f0358aa44a857aa26103c3741/detection

197.50.120.104:1177
winfix.ddns.net

# Reference: https://www.virustotal.com/gui/file/aed1041670a065cd6dfd08bcf3bb6cc2f22ace22c511b10038da6c4ca239d2ed/detection

102.164.96.57:4444

# Reference: https://www.virustotal.com/gui/file/2a4cb706cc89df6022e7232c9e8663f87368fc3d193a3cb4356b2627d427ab1a/detection
# Reference: https://www.virustotal.com/gui/file/65133372681cff5ef48b413d51124d9ea88ab97b6ec73a116c358e75bec5bd8c/detection

felof59.ddns.net

# Reference: https://www.virustotal.com/gui/file/1b05cb601517122fc3849aefe11e310e67c6184e51287b6b3d11c73265a4b227/detection

hackbriton.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/4bd0c0b8e45fab56055faa2cfbd7399b72780ccd6638a8d378003717bbc00fc3/detection

ehabgm.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/42e551141d30a7c8a276d0428dcd26d99c470a7a4af119d969ea963303908564/detection

azizjelloun.no-ip.biz

# Reference: https://twitter.com/0xrb/status/1491665998382247938
# Reference: https://www.virustotal.com/gui/file/d5484ddde1ea4aefcbf40f9845f911b059818ec0bb57d0d48922ed25d161e0ea/detection

78.138.107.166:12862

# Reference: https://www.virustotal.com/gui/file/459b8b7aa5d2e46b1eab687fe7190d2a82a0d5dc1d13444dcecec069be63b4fb/detection

141.255.144.158:1177
bondedo17122k.duckdns.org

# Reference: https://www.virustotal.com/gui/file/e943ef27c9e09f2c8bbd932cde9ccdd8073c4f7afbb84c717232ab5ab2caf85e/detection
# Reference: https://www.virustotal.com/gui/file/c41ba7d5489ac16aabd02382a5f29e6f5543975e05d5ba65bce4a1240aae6efc/detection
# Reference: https://www.virustotal.com/gui/file/c13ba77d144b3bb3288a829aa764dc465962c7b8babb12ed8c9e8b7877592e7a/detection

00001111.ddns.net

# Reference: https://www.virustotal.com/gui/file/1297d2b83fc63d2bd16e99bca0e2a122fe9c231d01ba1c5a2f3c7675fc18e800/detection

8.23.224.107:4444

# Reference: https://www.virustotal.com/gui/file/05e1919fecada3bef0eacf690ba6365666a792470c8769a7d05d00629b905d40/detection
# Reference: https://www.virustotal.com/gui/file/1ab9bc957a4ced0db28fcff17629fc588244c22d46c310bfd5853d3e63cb7b89/detection

141.255.144.128:4444
marktwin.ddns.net

# Reference: https://www.virustotal.com/gui/file/969175165f12c292c3fe3ee212c9c71bcdd0928cad5867d6d2a797fe033379b5/detection

141.255.144.79:1334
141.255.144.79:5553
5.8.244.188:5553
5.8.244.188:5553
hassanabdulla.ddnsking.com

# Reference: https://www.virustotal.com/gui/file/ac42efbdddc0d6f3fce56efae53928fac8a112b957ebc5232710532a3a268e8d/detection

51.68.152.226:1723
