# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: lypserat

# Reference: https://twitter.com/MalwareConfig/status/1003675255804751872

commands.control.demo

# Reference: https://twitter.com/MalwareConfig/status/862075209372884993

news.sexxxy.biz

# Reference: https://twitter.com/MalwareConfig/status/817391154698260480

iloveyoustar.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/790195481741852672

aysemis.no-ip.info

# Reference: https://twitter.com/Sebdraven/status/1148930721077182466
# Reference: https://app.any.run/tasks/76022ed7-4c80-4512-b62e-dc65759b60bb/

capture.kozow.com

# Reference: https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology

f1news.vzglagtime.net
news.vzglagtime.net

# Reference: https://lab52.io/blog/icefog-apt-group-abusing-recent-conflict-between-iran-and-eeuu/
# Reference: https://otx.alienvault.com/pulse/5e1885c58e7a91cb6b0164e7

95.179.131.29:443
95.179.131.29:8080

# Reference: https://www.threatcrowd.org/malware.php?md5=f9f93e66125819cb5cafc83bb26bb460

hmm.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=4248dd1a1253e12e9f693d274ce819cf

fastlink455.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=78c5c2462d9275df58afea2107859efb

majed1243.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=8b4f76c7034ccb3d87a5fbe689cf4a07

ls-id.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=fe90b092042b1b4cd116de17f5479230
# Reference: https://www.virustotal.com/gui/file/91916dc03774ef539bb13ef9f6783ff851a42d14e0bb05576fdaf377cd23cb0e/detection

blach.no-ip.info
blach.sytes.net
blach.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=0cd0eea3e9d332d22c28a5544bd1b8ef

h-07.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=22bb0b4febf0c51b52c7b12719075f97

h-07.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=5fdfc3c59e63dcb079d840f7a3ea5568

nirvana.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=457a0282f80c0ce3ebc1f4c8443e1ab6

key.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=0ca9514048d59d1f6d430cee4603e3b5

dmar3.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=1f38570eedfb3ca643dff5b941ebe350

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=495a208cd41b76c255d334b6bf7899b4

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=6ca50a8bae45431cfc09f640dd70625f

too.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=711c8c3d7870548fc7ef72699b5a22c0

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=cd5b7ef50aa737380dfbd51442965930

too.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=ff5eab2b5d136d8cf91c981b5f03d8aa

rajy.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=137909663a8640db7ec8320d7d507581

kingshahrani.sytes.net

# Reference: https://www.threatcrowd.org/malware.php?md5=2744c0ce6e52e162ddab546a6fb09fa9

domain12.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=36e38cb6903062b2315ef36087f061d0

pauvre01.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3deda0f9f50f48806d04915dd0d01b48

miladnj78.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=4e73564e31848349160399e70a46b389

spider-iq.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=526d7d7f7d273afdf2949cde45c47500

qet13579.noip.me

# Reference: https://www.threatcrowd.org/malware.php?md5=8f86782122d9eda394144cd006967810

dave2trip.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=b00ed600a30245cf4e942df535cbcea3

dark6.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=bf5325c2b3806855a2ecc53dba2c6791

atp.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=6e521471b7028a1b84b2be99e7aefd30

blaxx3.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=a591417e9ae4f59ee0f7a21d173c29ad

hacked17.dyndns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=bf263bd2e81fe99b9eea926281a49906

danieldel3.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=f24fbeaf4c557beeddb090fd63526a43

danieldel3.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=fb45f51d7b407c893d5af1cd3467af35

idmser.opendns.be

# Reference: https://www.threatcrowd.org/malware.php?md5=6e521471b7028a1b84b2be99e7aefd30

blaxx3.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=fb45f51d7b407c893d5af1cd3467af35

idmser.opendns.be

# Reference: https://www.threatcrowd.org/malware.php?md5=ae61cfe210ec4ae41da237bd088cd84b

marnet.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=f580eaac62c3b14e3992de9821c55980

bah1.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=075a7f40be9ae6b149355a1022b44638

easyconnect.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=0ed5c089f128748dd890d8c75fe7ff13

http-taz.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=4b7a89c17fccdb13b1927179e4349196

manso-yassine.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=560723bb73a9ea83778e5f871f73cb73

smr100.dyndns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=6a3d7c834ddac614c74b7e05b93c8b5d

checkspeed.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=6ba9d92c56ec4c444de169c16f7d21e3

zayan4.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=78ef837a5495af44546b0c2ab989bf60

jessenotsure.no-ip.com

# Reference: https://www.threatcrowd.org/malware.php?md5=828c2137d3077c7e1aa1b88774200a44

drman.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=94cab99283b9d0e6ac3d3369789bdd71

wqehn4r.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=dd4892b759a7d659fbf01ddbcfa844ae

danzo.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=075a7f40be9ae6b149355a1022b44638

easyconnect.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=0ed5c089f128748dd890d8c75fe7ff13

http-taz.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=276bd2dfa83e7bdf4533c9070d2ab4c7

cem2308.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3514f5c6e5b49a211b6be95e728afbd1

msho.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=a9c726273ae7057e16810f7a220b2514

cxs.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=3514f5c6e5b49a211b6be95e728afbd1

msho.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=a9c726273ae7057e16810f7a220b2514

cxs.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=02d997ec8c50477c728af5575003006f

lovelove5.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=5c599b96be183fe098183bdd62884a7e

impacker.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=80766bdbcc564899fde7993b01469cb2

misvictimas.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=80766bdbcc564899fde7993b01469cb2

misvictimas.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=80766bdbcc564899fde7993b01469cb2

misvictimas.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=d0f56aae2f35e289fef87d06c27efa86

r00thackzor.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=3b8d70a017856e7d4f4beaec9e929098

kaj.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=083e4c63494f417aac671a24cd868de3

zo0o0o0z.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=092aa2c4bef0429e2f651377e3302ddc

qu90.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=139fcd22b2b58c9c8004969faa945e09

bymardinli4747.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=142ff54833bd089aa4764c63d570df6a

hakalutschi.dyndns.org

# Reference: https://www.threatcrowd.org/malware.php?md5=1a3906e423c0747811f506ed50bebcdc

infotime.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=276bd2dfa83e7bdf4533c9070d2ab4c7

cem2308.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=278007720c975a78df870fc4fa5d5a8d

kjhk.zapto.org

# Reference: https://www.threatcrowd.org/malware.php?md5=3cef56cfaa3066f47b4bcf11ba5382cc

sce-kap.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=7ce0c92797db244715a719ed708dfa7d

qu90.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=ca19e6b3eec02e6b16594df23f44cd2b

mybadthing.dyndns.com

# Reference: https://www.threatcrowd.org/malware.php?md5=560de5dcc7cca55ea3c09995fc9f87ea

fucklife.ddns.net

# Reference: https://www.threatcrowd.org/malware.php?md5=e577fdce46b7e338c7caf3c9f64542a7

ilkkan.no-ip.org

# Reference: https://www.threatcrowd.org/malware.php?md5=d7396bb575c36a7b838ccd88b261a7fc

00-xx-00.no-ip.info

# Reference: https://www.threatcrowd.org/malware.php?md5=44891f1f7a9b5b362c5a774dd1e4a636

mnmkmlmn1122.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=7a9ae8b37e1776bbbb09df82d607986e

g79.no-ip.biz

# Reference: https://www.threatcrowd.org/malware.php?md5=9fd54d42830d9e47c0e2a3d0fecef5ba

break-your-neck.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/17aa3691a7f9f48ef05fadc7b6d34d21776e7dc723365648cce88e20782a62c0/detection

myhost18244-31939.portmap.io

# Reference: https://www.virustotal.com/gui/file/335a52db5b4a1a2927394e859dead515dce43b5661f938faa010d19cc12381b1/detection

darknosora.no-ip.org

# Reference: https://www.virustotal.com/gui/file/2f59b4990b38f840230c9bbe7665eff175bf42e7ad36e45601fbbaf2e4be9580/detection

romancy2005.no-ip.biz

# Reference: https://www.virustotal.com/gui/domain/roro326.no-ip.info/relations

roro326.no-ip.info

# Reference: https://www.virustotal.com/gui/domain/masta-flow94.no-ip.biz/detection

masta-flow94.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/8bbb1edf94824fd591f2bf25cb6f6f884da6883b7e51474ec05d4686f7b78522/detection

updatee.servegame.com

# Reference: https://www.virustotal.com/gui/file/b40628907f2d628f5567b3d46770a803edcb2bc0f85f1acbc2f605e86ef97386/detection

monttanarokabores.servehttp.com
ilinariosondakota.zapto.org
shoplahohanoda.zapto.org
lupipasokondera.servehttp.com

# Reference: https://www.virustotal.com/gui/file/337cf21e800948502ba83d42d93213271743c50e23b10630320ad7937ef4afc4/detection

t9876.sytes.net

# Reference: https://www.virustotal.com/gui/file/3b92f9f16f66f2d9d67b5009ab8d03e2b203961495d0ed7d7428e4878cb67ea2/detection

204.95.99.109:8021
220520122153.no-ip.org

# Reference: https://www.virustotal.com/gui/file/252e565611439624ce8a2310cd39e61b94027b17c31c29f368561bac8e958363/detection

cvnxus.mine.nu

# Reference: https://www.virustotal.com/gui/file/9715eae4c60d707d47e7a50ac5b1eb098dad8fd9e7f0dd02608d795e5a80a2df/detection

ewms.6600.org

# Reference: https://www.virustotal.com/gui/file/f9a848be94254a43fbf985387510496887ac985f415307da789155d14f4bfe22/detection

packer.8800.org

# Reference: https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html (# Win.Trojan.Barys-9800808-0)

meibubaker.3322.org
tw.2012yearleft.com

# Reference: https://www.virustotal.com/gui/file/eb16d0e6e8ae5f05f5b0e3de1b69dff1a6cae5396d9cd0ec021fb0bcf2c4edf1/detection
# Reference: https://www.virustotal.com/gui/file/3097e3c46476fd9e0ee7e8fa5f807df53c8c39f5a291bf784fe45bfad2276500/detection

61.147.103.140:8250
825.f3322.net

# Reference: https://www.virustotal.com/gui/file/c1718a89ef1dcb9c71ff48d64c09a8b1eb36c0e6150e2fd9ff1648913c97e8f8/detection
# Reference: https://www.virustotal.com/gui/file/0a662d6362f40f1d33287f25d005cfd884d0528394075aef5fc6ca3896bbeb26/detection
# Reference: https://www.virustotal.com/gui/file/8a1af88dd8e53852617305c29910012056e94a68bcced138e75b628cd5cfc518/detection
# Reference: https://www.virustotal.com/gui/file/805b6eb321ddf5535beeb5b5ad3bfe6ab089afe456c1736650ea080bdde3f7ca/detection

13.66.226.127:99
173.252.100.21:99
176.58.73.208:99
213.6.144.210:99
31.13.64.33:99
31.13.65.17:99
31.13.69.86:99
31.13.72.23:99
31.13.72.34:99
31.13.73.1:99
31.13.81.1:99
37.8.2.255:99
69.171.228.20:99
69.171.235.101:99
69.171.235.16:99
69.171.244.12:99
69.171.244.15:99
69.171.246.9:99
69.63.180.173:99
74.86.226.234:99
75.126.135.131:99
hell1.myftp.biz
hell123.myftp.biz
hellhell.ddns.net

# Reference: https://www.virustotal.com/gui/file/771aee72a875ba904ba6c3f1f9e90604b3beaaf9e475848b82ccfb02e7486a5f/detection

141.105.71.132:99
fellaell.ddns.net
hedl5.myftp.biz

# Reference: https://www.virustotal.com/gui/file/7a4787534759b4848e37c73089face617087cad74aeb3f349c5aca5608651126/detection

aztech111.no-ip.org

# Reference: https://www.virustotal.com/gui/file/ca6e58ad4ec53bf542a4705b50fccb9606305920ef753d54ce4f2ba68b902a67/detection

64.188.18.239:4321
femi57.linkpc.net

# Reference: https://www.virustotal.com/gui/file/fe85f8912ac314e6fe7c67202de4b400bdbdebc43ccb2c118040edb5d4a94576/detection

derfff.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/7ad016157635d2fd1fc0ab431216a6c3c2524841a7f0f522471613f02445ed90/detection

abomusab.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/c53dbf754331a4d1dc3f0160a76d5765fb7c97675892f3eee502fc973608abb5/detection

141.255.167.101:2222
kozlikmozlik.zapto.org

# Reference: https://www.virustotal.com/gui/file/8d6da584dc1619035bbec06196a51f4d03d3e87686d50bacb7ecacd9f3aa59ef/detection

178.33.93.88:2222

# Reference: https://www.virustotal.com/gui/file/35a6488612ba0f433fd1cd8a1eff9bf10154c2605911422537f33f7fda09eb14/detection

172.94.17.18:1515
mainstbcle5721.hopto.org

# Reference: https://www.virustotal.com/gui/file/3ef397ffb0c8707a704b026e0cc2d3f887eff3b4df9b379996b84e4d633e391a/detection

fileshare.serveftp.com
jiussharefiles.ddns.net

# Reference: https://www.virustotal.com/gui/file/7ae81722c1c288540cdc7b02f6b1dabf39cd4aa87c5c5f7c93f358cc31609a8d/detection

185.204.1.236:1604
sisnoises.hopto.org

# Reference: https://www.virustotal.com/gui/file/d472713eec1566282485d4cca8666b827cb7d87bab830b11621c19e826e2ef15/detection

looloolool.no-ip.info
looloolool.no-ip.info.ovh.net

# Reference: https://www.virustotal.com/gui/file/530ed09987e59b829e46b5163c453f2d3b7038c8cdec0ea28f932fc0e8964397/detection

azoz.no-ip.info

# Reference: https://www.virustotal.com/gui/file/83d43bdbf27aab6209eecbf3a2e1f8c9bc7cb5ff705e5d035902cdddb439b9a0/detection

news4arab.no-ip.info

# Reference: https://www.virustotal.com/gui/file/0763339348c822447728a30a7731d5d768e50214bdaea836ec14f9c604905810/detection

hgpvfd.no-ip.info

# Reference: https://www.virustotal.com/gui/file/42b09ff9ad558f8000f7eabf1e272ef3fca9d10b83b86a7a52e604862c9f2c89/detection

silkman.no-ip.info

# Reference: https://www.virustotal.com/gui/file/5204c6eaf4b88e52aadfc43b47091971d74e11ec2fd2c165b8dfee4a4860ac75/detection

204.95.99.130:9999
staticone.hopto.org
statictwo.myftp.org

# Reference: https://www.virustotal.com/gui/file/a4cb88d05ce1af44315b04f8ae671233e3d956edcdeb225c061ec4fa057a87c9/detection

kuwwai.no-ip.org

# Reference: https://www.virustotal.com/gui/file/be00103818a3e2b7e63300e82544e562898eafc63654f62c5ad16b0fb49361c0/detection

94.73.33.36:3460
twita.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/c1a90bb0605a38a7dacec043c57ba404121d14f3725ac0810d7c7086cee398ba/detection

foutik2009.no-ip.biz
teftef.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/b83cce8c14a7213bbf9f35b2ed25785752e837c23943b22c2e98ab9b25039fe7/detection

sosumi.hopto.org
sosumi.no-ip.biz
sosumi.hopto.org.ovh.net
sosumi.no-ip.biz.ovh.net

# Reference: https://www.virustotal.com/gui/file/280838ad02dbefef4413a79dd971a2ab51feb7255b0657ac53c50f086793a0c4/detection

aalok.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/1fd624e220c5ed71dbc003ae1c2007d9d9ba1162d70979b9bbb8c6ef0cb971a7/detection

abadywhsh.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/553be29fdcd60042d774b7490e669d3d632506a226f61ac6c5d2374988729c85/detection

projekt7.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/cd1bf24ec4fd500f787fed6323e1c42393036a6e1d016b4572a933a14dbb39c9/detection
# Reference: https://www.virustotal.com/gui/file/fbf338fa3e1a778d8baa2e350ffd756d7b14334b0ba60bc3b8b25b63fc98480d/detection

hack-kanza.no-ip.biz
kanza47.no-ip.info
qukank47.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/765622e86ac05c184504c13dfff511e35f290fecbe97a8a13e2c9b6bb92606aa/detection

3aqrab.bounceme.net
al3aqrbawi.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/977e771c64eda7a5544d6972a5abd3c1101199ca5d1f2d04acd27312302f503a/detection

alhot.no-ip.biz
alhot.no-ip.biz.ovh.net

# Reference: https://www.virustotal.com/gui/file/cd2eeed622a1c3c2ef2ec8a0a5317006c6b199aca09884c4dd635ddb3108ecc6/detection

al3qrab3.no-ip.biz
al3qrab3.no-ip.biz.ovh.net
albasheer.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/9e8afdf7d9117bff2d86f36278bcbfa036035e8f7b15efc340ccb357e3e1e77a/detection

aldbhane.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/9e1bfeca04627f5261dae52aa9d7b4bd5938ca9f528d24674533f831de7f5eae/detection

ilkay12.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/93b9db48073ecf9856df051ecf8d071469a77115c600487ad02d9aedbe87709f/detection

94.73.33.36:6885
kaiserdudel.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/ad0fac9734495369722c224073b10d0b52d1294113bf71c9c82c54c0542300a1/detection

82.202.167.208:3455

# Reference: https://www.virustotal.com/gui/file/9758064d505b7c45dbd4036199b37d0e85d9b036deb5eda755d27cc2c6735a48/detection

sh1332543.a.had.su

# Reference: https://twitter.com/ankit_anubhav/status/1489588251841085442
# Reference: https://tria.ge/220204-pq7caaabe2/behavioral1

15.235.13.122:3001

# Reference: https://www.virustotal.com/gui/file/fa074c7e004e55cc0c0d009b765edfc85671364ffc28e149773c365e07cba891/detection

hpop.hopto.org

# Reference: https://www.virustotal.com/gui/file/6436192f0a1f97d06ee4864552458d82d075261004cb10cfcc6163f531ad9348/detection

kira4ever.servegame.com

# Reference: https://twitter.com/malwrhunterteam/status/1505119807263461377
# Reference: https://www.virustotal.com/gui/file/f8751641652414e4235df54836c1bc65afb47774a8e7ce34cf56c1608d67ae8a/detection
# Reference: https://www.virustotal.com/gui/file/969340016d67b644b1f17d055b5e932c05a530f7c68927358b7d7cc5bc09f37e/detection

103.140.150.196:10022
202.79.174.108:10022
194.146.84.3:4397
gasdfqwre.cn
skype2022sksk.com

# Reference: https://twitter.com/malwrhunterteam/status/1506931457419321345
# Reference: https://www.virustotal.com/gui/file/7ff186dce5a921d1f3d9c904672c5874d4b9f8462c1d87f74a1f5d178a27cdda/detection

222.187.224.77:3366
jieshao.asselst.com

# Reference: https://www.virustotal.com/gui/file/ea689a87e8b9b2de3089a154c60c1bc85e4a69837463e044d23014934c4c5eff/detection

219.150.218.203:3777
pyy.asselst.com

# Reference: https://www.virustotal.com/gui/file/fe812acc8be2f1427ab8a90bc3a75b5cc557f86bca92f96c7910f3f99abb740c/detection

elyx.is-a-chef.com

# Reference: https://twitter.com/t3ft3lb/status/1576906932581171200
# Reference: https://www.virustotal.com/gui/file/a62d084b20038628de0a95906a8e9fed08ef5d345de795bc438eaeacbd6123af/detection

graduate.kozow.com

# Reference: https://www.virustotal.com/gui/file/0344769953a8fa06b0db53b7e452df1701c3ed4cb9cb67db99f073e9c6795aa4/detection

cleaning.homesecuritypc.com

# Reference: https://www.virustotal.com/gui/file/00fdcb07a09672f7bb22339ffbf4b98f3b38f4f98ebbeacc9526538566f40f79/detection

741.myftp.org

# Reference: https://www.virustotal.com/gui/file/c44c60aa63b8bab4f5c2aea04c8109b4538942f5daac1f4beebf906020db7440/detection

delorenzy.kriptonhosting.store

# Reference: https://www.virustotal.com/gui/file/12e3b76886eb8db2abafe8191dce600950d8803a9559cf93b1814bca810830e7/detection

010.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/30019fc4a75c545de3a95e2a7e9d0a63211f7a6e7882e615c75101e50fa95bb5/detection

141.255.153.26:5552
0771bark777.no-ip.biz

# Reference: https://threatfox.abuse.ch/browse/malware/win.poison_ivy/ (# 2023-11-25)
# Reference: https://twitter.com/nahamike01/status/1728685666949623912

5.153.123.11:3460
94.49.168.110:3460
94.49.178.155:3460
94.49.183.29:3460
94.49.185.150:3460
94.96.132.230:3460
94.98.183.32:3460
94.98.229.240:3460
94.98.244.216:3460

# Reference: https://www.virustotal.com/gui/ip-address/204.95.99.23/relations
# Reference: https://www.virustotal.com/gui/file/a65eb7f1e80ef59ba8387447254ead713ca5186c7bbad52664780add5f6a962b/detection

chinobi.no-ip.biz
hssn.no-ip.biz

# Reference: https://www.virustotal.com/gui/file/ae01ea51f3b27ffa8434a6d1db8dbef774b28889e4b960056723075ade56fe36/detection

204.95.99.23:3460
muradh.no-ip.org

# Reference: https://www.virustotal.com/gui/file/37f051b7ddfe793dc54971f79a7db5186b530d44551ecb8ca66e46d311a50f61/detection
# Reference: https://www.virustotal.com/gui/file/1c6c4d8ec5de82cefd1dc907cfef4b52571250d71960f8fafa9262ea655c697d/detection

104.254.90.187:11992
184.75.221.180:11992
protectplus.servep2p.com

# Reference: https://www.virustotal.com/gui/file/58ddb886d1f1131ad1a9bae3161be5ae3cc04949b63cecea38b676f368c93ff7/detection
# Reference: https://www.virustotal.com/gui/file/58ddb886d1f1131ad1a9bae3161be5ae3cc04949b63cecea38b676f368c93ff7/detection

61.132.227.203:30111
mydll99.com

# Reference: https://blog.malwaremustdie.org/2024/06/mmd-068-2024-english-report-of-fhappi.html

http://61.97.143.15
geocities.jp/lgxpoy6/
geocities.jp/vbiayay1/
/lgxpoy6/
/vbiayay1/
