# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: http://www.symantec.com/security_response/writeup.jsp?docid=2009-081806-2906-99&tabid=2

ns1.thepicturehut.net
ns2.thepicturehut.net
ns3.thepicturehut.net
ns4.thepicturehut.net
ns1.player1253.com
ns1.videoall.net
ns1.mediashares.org
ns1.helpchecks.net
ns1.helpupdater.net
ns1.helpupdates.com
ns1.helpupdates.net
ns1.couchness.com
ns1.chopbell.net
ns1.chopbell.com
ns1.helpupdated.net
ns1.helpupdated.org
ns1.helpupdatek.at
ns1.helpupdatek.eu
ns1.helpupdatek.tw
existing.suroot.com
22231.dtdns.net
ns1.helpchecks.com
ns1.timedate1.com
ns1.timedate2.com
ns1.timedate3.com
ns1.timedate1.net
ns1.timedate2.net
ns1.timedate3.net
ns1.timedate1.org
ns1.timedate2.org
ns1.timedate3.org
ns1.datetoday1.com
ns1.datetoday2.com
ns1.datetoday3.com
ns1.datetoday1.net
ns1.datetoday2.net
ns1.datetoday3.net
ns1.datetoday1.org
ns1.datetoday2.org
ns1.datetoday3.org

# Reference: https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html (# Win.Worm.Vobfus-7198158-0)
# Reference: https://www.virustotal.com/gui/domain/player1532.com/relations
# Reference: https://twitter.com/James_inthe_box/status/1187099951764922368

ns1.videoall.org
na1.player1532.com
ns1.player1532.com

# Reference: https://www.virustotal.com/gui/file/064efe3a4a137adda561e7df5f0c75a675076f02b4803808e1e3e48fdc491e92/detection

11211.dtdns.net
/vksVnW/?a
/vksVnW?a

# Reference: https://www.virustotal.com/gui/file/004b3891ea7cc6bfa118bf18e4e9e699a1b2c9733a23583395b1a69e4655e568/detection

32433.dtdns.net
87841.dtdns.net
/hHpfRUO/?b
/hHpfRUO?b
/xMlFWWScoS/a1
/xMlFWWScoS/v1
/xMlFWWScoS/

# Reference: https://www.virustotal.com/gui/file/054a9b1f52e7a847e4a7562e97a8cf84c870d455fc9bb38f33b4785d253f1032/detection

46546.dtdns.net
/dOTIQu/?a
/dOTIQu?a

# Reference: https://www.virustotal.com/gui/file/0243178df79c52001fc6d54f1dc0d14765dbc80deea764122edc7205170f7113/detection

46566.dtdns.net
/nwhSqAwSC/?b
/nwhSqAwSC?b

# Reference: https://www.virustotal.com/gui/file/050c24fceb883caaf8f28f79fe149008c1e48ca5a7d7dbdc10eed0a9a9d88a06/detection

55667.dtdns.net
/xFCvVtoB/mx
/xFCvVtoB/rv
/xFCvVtoB/sk
/xFCvVtoB/v1
/xFCvVtoB/
/yPQxTK/?a
/yPQxTK?a

# Reference: https://www.virustotal.com/gui/file/0170a2a5f6a66619670f60aacc8147cea7968e47372d12cbc4da2ee759759b0c/detection

65512.dtdns.net
ns1.chopsuwey.com
ns1.chopsuwey.net
ns1.chopsuwey.org
/CuRAUM/?a
/CuRAUM?a

# Reference: https://www.virustotal.com/gui/file/022ce8936c69bf79f0505ef40589aae2e727c6eebfac1b24add18f8857736679/detection

65767.dtdns.net
/VjwdReo/?a
/VjwdReo?a

# Reference: https://www.virustotal.com/gui/file/004bd4e3702ba4f13d6694facd457a0d20c38e5f6960e7a8b79264300532a04e/detection

67862.dtdns.net
/XHqynQPyIc/mx
/XHqynQPyIc/rv
/XHqynQPyIc/sk
/XHqynQPyIc/v1
/XHqynQPyIc/z
/XHqynQPyIc/
/xktEvaPTG/?a
/xktEvaPTG?a

# Reference: https://www.virustotal.com/gui/file/02f8af575f1cd4742ea9852fef1ffd063726981a9059c4d10313e61638121b73/detection

78654.dtdns.net
/NIUMKbatA/?a
/NIUMKbatA?a
/nzyVWKJ/rv
/nzyVWKJ/sk
/nzyVWKJ/v1
/nzyVWKJ/z
/nzyVWKJ/

# Reference: https://www.virustotal.com/gui/file/02c28ba53c88a4249ad659e9adececfcc5b3304091063ce9234b80b346d68afa/detection

71112.dtdns.net
/CnkzfEGT/?a
/CnkzfEGT?a

# Reference: https://www.virustotal.com/gui/file/01b89b742e106db7074a5adf634e41732a92347a687753036a027baba85ec4fd/detection

76776.dtdns.net
/tpXuydUASw/mx
/tpXuydUASw/v2
/tpXuydUASw/
/ydwVOor/?b
/ydwVOor?b

# Reference: https://www.virustotal.com/gui/file/0000e8a86003204037ac0aec9b9486728f845e3aa2b4460f77d3e913eee55b0b/detection

finger.dtdns.net
ns1.chopzones.org
ns1.timecheckings.com
ns1.timecheckings.net

# Reference: https://www.virustotal.com/gui/file/018962859dd499a01423de509ad0fe80ddea63269f8488151779c7d4ee9af804/detection

hostnames.suroot.com
/QDGrKGVncXpi/1
/QDGrKGVncXpi/2
/QDGrKGVncXpi/aa2
/QDGrKGVncXpi/aa3
/QDGrKGVncXpi/

# Reference: https://www.virustotal.com/gui/file/6992db594cfb0950f633ad49e2abf688f2ac83264bb7cdcf69e8122525872300/detection

channel.suroot.com
/SZobtEzfwRgZRYJ/1
/SZobtEzfwRgZRYJ/aa1
/SZobtEzfwRgZRYJ/aa2
/SZobtEzfwRgZRYJ/aa3
/SZobtEzfwRgZRYJ/aa4
/SZobtEzfwRgZRYJ/z
/SZobtEzfwRgZRYJ/

# Reference: https://www.virustotal.com/gui/file/7137c0d773b03b572babaed3a436f83a5f5b2ff750e985f2115714c72246e031/detection

/KzDCkKf/1
/KzDCkKf/2
/KzDCkKf/aa2
/KzDCkKf/aa3
/KzDCkKf/

# Reference: https://www.virustotal.com/gui/file/00008ce6bd1e80c1102ddf691431f9419f299c409a5e4b5ec184c9e9d256ba68/detection

199.59.243.223:8003
