# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://twitter.com/bad_packets/status/1118612997620895744
# Reference: https://twitter.com/bad_packets/status/1116054197789544448
# Reference: https://www.virustotal.com/gui/file/16d7ca4e46d7f1ed7600f62164bae51e748efb64f7d49670514b58d4c84bddd6/detection

/timo.vm
/timo1.vm
/timo2.vm
/timo3.vm

# Reference: https://otx.alienvault.com/pulse/5cc3284bddf8a06c649d6336
# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-exploits-cve-2019-3396-to-perform-remote-code-execution-ddos-attacks-and-cryptocurrency-mining/

23.224.59.34:48080

# Reference: https://www.symantec.com/security-center/writeup/2015-070812-0012-99

61.160.213.49:48080
183.60.149.199:48080

# Reference: https://twitter.com/P3pperP0tts/status/1148511098724933632
# Reference: https://www.hybrid-analysis.com/sample/c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7/
# Reference: https://www.virustotal.com/gui/file/c9d3ffab53ba686df1de7142f4bdb1f8115e1119b354a7c34434d02ef87751e7/detection

pptvv.3322.org

# Reference: https://www.kernelmode.info/forum/viewtopic.php?t=3483&start=30
# Reference: https://blog.0day.jp/2015/07/linuxaesddosarm.html

a1203.f3322.org
a.lq4444.com
yxs.f3322.org
104984629.f3322.org
1.93.11.200:80
1.93.19.203:6969
1.93.19.203:7878
104.194.25.172:36114
104.194.25.172:48080
104.194.25.180:36114
104.194.25.180:48080
115.231.219.147:48080
116.255.162.80:37943
116.255.162.80:48080
119.147.145.213:8019
119.147.145.215:4134
119.147.145.215:48080
121.41.74.174:8000
123.249.29.244:11024
124.173.118.167:4134
180.97.215.111:8080
183.60.149.208:48080
183.60.202.224:991
210.92.18.118:2342
210.92.18.118:7523
218.244.148.150:37963
222.186.34.123:1285
222.186.34.152:23650
222.186.34.152:48080
222.186.34.152:8998
222.186.34.220:2016
222.211.86.205:38283
222.211.86.205:48080
38.72.114.63:28052
58.221.60.138:50000
59.56.110.233:48080
59.56.110.233:8081
61.139.5.22:63692
61.160.213.58:1302
61.160.213.58:1774
61.160.213.58:1799
61.160.213.58:2120
61.160.213.58:2180
61.160.213.58:2523
61.160.213.58:3388
61.160.213.58:3623
61.160.213.58:4182
61.160.213.58:4889
61.160.213.58:4985
61.160.213.58:9999

# Reference: https://twitter.com/bad_packets/status/1231465511914897408

122.114.57.92:8888

# Reference: https://www.virustotal.com/gui/file/d98be2d50924f341d57a02ebcd2a9742bdf8662190def32742ceefd1c2c00c99/detection

119.10.151.120:48080

# Reference: https://threatfox.abuse.ch/browse/tag/log4j/

49.0.248.230:2017

# Reference: https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/
# Reference: https://otx.alienvault.com/pulse/625e6af73b7b0982c6920d17

http://51.81.133.90
14.1.98.226:8880
/ff.elf
/NWWW.6
/qweasd

# Reference: https://www.virustotal.com/gui/file/e6d98f12ad2177571076e261e2bedce0f1dc9685f3fbb42bbafe386a784c1501/detection
# Reference: https://www.virustotal.com/gui/file/e6f2b4f3dd706a54c02c950a0a5ecc271e9d4f24c077be9b655df1161e10b902/detection

103.126.100.13:10210

# Reference: https://www.virustotal.com/gui/file/36f0142655c009d76d9e5217812c63dd0674613343338f6263d1aece31a1241b/detection

45.195.69.113:48080

# Reference: https://www.virustotal.com/gui/file/73833904cbb2a6f92f906813fe56262fc6f72eef6b0fa091c9f9ad4a86e1379b/detection

45.195.69.113:19666

# Reference: https://www.virustotal.com/gui/file/a9f1ebe6ab744b44540974147f35b32cabbaf195dd51ea36ada22ac50544cc7a/detection

45.195.69.113:10211

# Reference: https://www.virustotal.com/gui/file/a8e66c717b7b0423e1f181c394636bba18a41df758dcd95c5b1d3b1618d8eedc/detection

103.139.0.32:2016
43.139.138.38:2017
aaa.tfddos.net

# Reference: https://www.virustotal.com/gui/file/d76fee247dd64a53ff0dd5cdaceeb37ae98b25b6e428e625288352fa2f6e95e9/detection

43.139.138.38:2023
