# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Reference: https://www.secureworks.com/blog/spam-campaign-distributes-adwind-rat

euforiafryz.pl
pepepepe.myvnc.com
millzjsocsingwi80gm.duckdns.org
milzwiregma.no-ip.biz
edebiyazarlar.com
kulturatesesi.com

# Reference: https://malwr.com/analysis/MjAwMGIwMmU0Y2Q4NDkzOGExOTRhNDQ5YWY1ODkxZGI/

uploadp2p.publicvm.com

# Reference: https://otx.alienvault.com/indicator/file/72ccbfa43b24d291ff34941ef3a61c61016650189125221ef769a910b02878e3

repair.sytes.net
cvpimddvt.sytes.net

# Reference: https://abuse.ch/downloads/blog/adwind_domains_20170828.txt

1323.dvrcam.info
1329.mypsx.net
1330.ddnsking.com
1331.ddnsking.com
1332.bounceme.net
1333.hopto.org
1990.nflfan.org
1suser.ddns.net
2016today.duckdns.org
2112.bounceme.net
achyne.publicvm.com
alienware.ddns.net
alienware-pc.loginto.me
amarachi.hopto.org
amazongifts.ddns.net
artwell8.hopto.org
asderman.no-ip.org
asiatravelagency.ddns.net
asorock.mooo.com
benx234.ddns.net
blackhills.ddns.net
blast.ddns.net
bombing212.ddns.net
bomira.ddns.net
carlos88.ddns.net
carlosluize88.zapto.org
cartolarepresentacoes.com.br
charlesdukem.chickenkiller.com
chikazz.ddns.net
chriswork999.ddns.net
chuksthedon.duckdns.org
cjpufffy.hopto.org
code203.ddns.net
coneptor.qarallax.com
controlx.ddns.net
controlxx.ddns.net
dam5i6.linkpc.net
davvid3948.ddns.net
dehaizegroup35.hopto.org
dev.null.vg
dnso.ddns.net
doingtracks.duckdns.org
donaldroberts2014.duckdns.org
dongabby.hopto.org
donmark22.myddns.rocks
donsea.hopto.org
dubaiexchange.dynu.net
ekehken.myddns.rocks
ellatrujillo.com
eni-procurement.info
essztednsbk.ddns.net
exporttaipei.publicvm.com
express4.dynns.com
faridaminmohamm.hopto.org
fetch.duckdns.org
ghostmoney1.hopto.org
ghostmoney2.ddns.net
ghostmoney3.dnsdojo.com
goodjob88.ignorelist.com
googlemapsup.ddns.net
guvencingiller.com
gw1001099.chickenkiller.com
gw1001099.duckdns.org
gypsypy.duckdns.org
hajimusa.ddns.net
importloggm.duckdns.org
indominestuff33.hopto.org
infocolornido.publicvm.com
infotradelinks.ddns.net
isaijra52elizgewigm.duckdns.org
itumobig.ddns.net
jackboy7204.zapto.org
jaybrizzy.gotdns.ch
jbpreshandes5gm1906.duckdns.org
jeffe231.ddns.net
jeremizo888.ddns.net
jhomeland.ddns.net
johnevan227.ddns.net
jra52prealiyoundogm.duckdns.org
jry1234.ddns.net
jsoktin.sytes.net
justyjohnxplodes.ddns.net
kaycee7.ddns.net
kenxx.ddns.net
kingdon.dynu.net
kurtangle083.publicvm.com
lagos042.ddns.net
lashy.ddns.net
lastbornk1.ddns.net
lawpush.ddns.net
lcannex.ddns.net
macdanielo.hopto.org
manzorro.duckdns.org
mariopuzo.ddns.net
markowen.duckdns.org
markscot.ddns.net
mbolo2017.hopto.org
mickyjakey.blogsyte.com
moneyghost.ddns.net
moorexx.hopto.org
morggy11.ddns.net
mrcapable01.publicvm.com
mropera12.no-ip.biz
ms15hinet.publicvm.com
ninja-445.ddns.net
nono198011.ddns.net
nonomee2017.ddns.net
obi234.ddns.net
obi333.ddns.net
obilosgini.ddns.net
officebrighty.ddns.net
online1.mywire.org
onlything4now.ddns.net
ourjra52fullexchgm.duckdns.org
owen6000.hopto.org
palletbush.hopto.org
panini101.chickenkiller.com
pharhmonk1.hopto.org
phererol12.ddns.net
phone2347.ddns.net
pjizzy.hopto.org
pool0852.hopto.org
presjra52opdoxgm.duckdns.org
prince.hackermind.info
r00tshit.ddns.net
r00tziby.ddns.net
reversebaglanti.com
robbieadanfo.ddns.net
robinjmcca.ddns.net
ronytazz2121.ddns.net
scar231.zapto.org
securitypoint.ddns.net
selfmademan2.ddns.net
selfmademan.ddns.net
shadoweye1.ddns.net
shittu09.hopto.org
sidney212.ddns.net
sill.no-ip.biz
sinslave.damnitjim.xyz
softcode2017.hopto.org
songs.linkpc.net
steve654321.ddns.net
svchost.publicvm.com
talentino.ddns.net
teamoluwa.ddns.net
tonychucks96.hopto.org
tonystark001.publicvm.com
trustkemi.duckdns.org
unblocker.bounceme.net
unknowjbireestagm.duckdns.org
unknunon878.chickenkiller.com
vyperps.no-ip.biz
wallstsxer.hopto.org
wongchin11.ddns.net
workstation-spartan.ddns.net
www.creativeforwardings.cf
www.jrocketmassive.cf
www.malaika-jp.com
www.roofmantf.cf
xsubin3310.sytes.net
yadangz.ddns.net

# Reference: https://www.hybrid-analysis.com/sample/4f65cd98a90fc9ec7d8a5bb1087758f6c89251d365479c0c2429d023b6a732c2?environmentId=100

masterentity.cf

# Reference: https://www.threatminer.org/report.php?q=KL_AdwindPublicReport_2016.pdf&y=2016

11111111.noip.me
24rinces.no-ip.biz
abdav21.ddns.net
abudon1990.no-ip.org
abudon22.no-ip.info
abusite11.ddns.net
abyugos.no-ip.info
abyugos0.no-ip.info
achuprn.ddns.net
admin50.no-ip.org
admin8090.no-ip.org
admin90.no-ip.info
adolfo196938.ddns.net
agary917.ddns.net
aisulu.ddns.net
aisulu.ddns.net
ajeolokun.ddns.net
akwotie.ddns.net
albertfrankie.no-ip.org
alicejav777.ddns.net
alicejav777.duckdns.org
alien10socket.ddns.net
alien12socket.ddns.net
alien15socket.ddns.net
alien17socket.ddns.net
alien19socket.ddns.net
alien1socket.ddnsking.com
alien4socket.gotdns.ch
alien6socket.ddns.net
alien9socket.ddns.net
alwadwte.ddns.net
anglekeys.ddns.net
anthonywilkinson10.ddns.net
aptsite.ddns.net
audreysaradin.no-ip.org
avprojets.no-ip.biz
ayomide1.ddns.net
ayomide123.ddns.net
backconnect123.ddns.net
badmanthing.ddns.net
banban66.ddns.net
baronbreeze.ddns.net
barratty.ddns.net
basketmain1.duckdns.org
basketxrtz.ddns.net
ben770.ddns.net
benabangwu.linkpc.net
biafra147.ddns.net
biggestchurch.ddns.net
biggiechurch.ddns.net
biggymoney01.no-ip.biz
biggymoney03.no-ip.biz
biggymoney03.no-ip.biz
biggymoney2.no-ip.biz
blessingonblessings.dnsfor.me
blessingonblessings.ufcfan.org
bms123.twilightparadox.com
bongotedllc.no-ip.org
brownvictor.ddns.net
bsmarket.ddns.net
budapest.ddns.net
budapest89.hopto.me
bugattiboss.servehttp.com
bullgard.ddns.net
calito888.ddns.net
carlos1388.ddns.net
ceo.gotdns.ch
ceoceocompany.gotdns.ch
chadin.serveftp.com
chewc47.ddns.net
chiefonodugo.ddns.net
chima147.linkpc.net
chklagos.no-ip.biz
chris101.ddns.net
chriswoolmer00.no-ip.info
chriswork99.ddns.net
cjfitness.ddns.net
clemens.dynns.com
coralgroups.no-ip.biz
correctip.noip.me
crest01.serveftp.com
crest02.serveftp.com
crested01.serveftp.com
crested01.serveftp.com
damuk1.ddns.net
dave1033.ddns.net
dellboy11.ditchyourip.com
dellboy13.dnsiskinky.com
dellboy15.couchpotatofries.org
dellboy16.eating-organic.net
dellboy17.quicksytes.com
dellboy17.quicksytes.com
dellboy18.securitytactics.com
deprueba1.no-ip.org
deprueba1.no-ip.org
destinynnam.ddns.net
dish-darkcomet2.linkpc.net
divinee.no-ip.biz
divinemove.ddns.net
doingtracks.ddns.net
donhamza.no-ip.org
donorder.ddns.net
dsfgc.ddns.net
dydx69.ddns.net
egbowanted2js.ddns.net
egbowantedjs.ddns.net
egbowantedjs.fishdns.com
egede.no-ip.biz
egombute.duckdns.org
egombute.no-ip.biz
emekau2002.ddns.net
emenike.no-ip.info
escobar.serveftp.com
evanovik.ddns.net
ewillsin.ddns.net
father60.bounceme.net
felbankgmailjs.no-ip.info
felixres015js.zapto.org
felixresult.no-ip.org
filezilla.no-ip.biz
fingers.noip.me
flexyou.chickenkiller.com
floffman.linkpc.net
floffman11.no-ip.org
focusloa.ddns.net
francemaes15.duckdns.org
franklin49.ddns.net
frankwoodsales.ddns.net
froidthefucker.ddns.net
fulga01.ddns.net
gabito234.serveftp.com
galaxymoni.ddns.net
geogelewis90.ddns.net
georgea.serveftp.com
gist.no-ip.info
gmoneydns.duckdns.org
godwin231.zapto.org
godwin4real.ddns.net
goodloves.ddns.net
goods11.ddns.net
goooodymegma.no-ip.org
gta2.ddns.net
harry150.ddns.net
harryaleandro.ddns.net
hdllsy11.no-ip.org
hedie1979.no-ip.org
henrry747.serveminecraft.net
henrygalaxy.publicvm.com
herura.ddns.net
hisandu.ddns.net
holymoney.crabdance.com
hustler.no-ip.org
hydrabad-ur.ddns.net
ifeanyi147.ddns.net
igbankwuruns.no-ip.info
ike-jsocket.publicvm.com
importantloggmal.no-ip.biz
importloggm.duckdns.org
indologisticsltd.no-ip.biz
integralhcs.no-ip.biz
intergralhcs.no-ip.biz
iykeben00.no-ip.info
jacobjsockresyah.no-ip.info
jacobremittance.duckdns.org
jadoltd.ddns.net
jagas21.ddns.net
jamescage112.no-ip.biz
javgretest015.chickenkiller.com
jayson2j.no-ip.org
jcures.serveftp.com
jegs.ddns.net
jesus11.ddns.net
jgabi.serveftp.com
jidespa0024yahjs.no-ip.org
jiokekachi.ddns.net
jjsmits7.serveftp.com
joeban.chickenkiller.com
jonnybary.no-ip.biz
jry123.ddns.net
jsocserveronline.read-books.org
jsucket.hackermind.info
judalien.ddns.net
jupita10.ddns.net
just2015.ddns.net
justice.linkpc.net
justicebro.linkpc.net
justics.no-ip.org
justicsbro.no-ip.org
justmealone.ddns.net
justnd2001.no-ip.biz
justyjohnxplodes.ddns.net
jvaoluwade.ddns.net
kane2244.ddns.net
keithoffman25.ddns.net
kifego.servehalflife.com
kingsman.no-ip.org
kipapos.gotdns.ch
kissfromarose.ddns.net
klasik101.ddns.net
klydest.ddns.net
kokoman.no-ip.biz
kuom.ddns.net
lagostj.servebeer.com
lashsecurities.ddns.net
lawrex.publicvm.com
layziebone009.ddns.net
leonardomateus131.ddns.net
leosplint86.ddns.net
link2bros.ddns.net
link2bross.ddns.net
linsom05.noip.me
lisalove.myftp.biz
livesyn03.midexim.com
loandept227.ddns.net
loandept2281.ddns.net
logisticsltd.no-ip.biz
madman1.ddns.net
magabox126.ddns.net
mainlandbridge.ddns.net
manbks123.ddns.net
mariopuzo.ddns.net
mascott.ddns.net
masterchris211.ddns.net
masterchris221.ddns.net
mavado.serveblog.net
max1239.ddns.net
mcvin.corotext.com
mega123b.ddns.net
michael22244.ddns.net
mikey0147.ddns.net
mikkyserial.redirectme.net
millzjsoctrinwi80gm.duckdns.org
money12.from-ny.net
money12.from-ok.com
moneyboss.ddns.net
moneycee.ddns.net
moneymind.ddns.net
moore11.no-ip.info
morval.ddns.net
mrmoney.no-ip.biz
mropera12.no-ip.biz
mukor.ddns.net
munachim.linkpc.net
muratozkan.ddns.net
myifyboy.serveftp.com
mypres001.serveftp.com
myyveon.ddns.net
nbw09o.gotdns.ch
newbj.no-ip.biz
nickre015jsock.duckdns.org
nikresut015js.no-ip.org
nikresut015js.zapto.org
nklove66.no-ip.info
nonnykey.ddns.net
nono147.ddns.net
oba147.ddns.net
obaniko1111.ddns.net
obicharls.redirectme.net
officetartousi.no-ip.biz
ogawilli.collegefan.org
okoro.ddns.net
okpole123.ddns.net
okwychrist2004.gotdns.ch
olavroy4.ddns.net
olavroy44.ddns.net
omaricha.no-ip.org
ome.no-ip.info
onlything4now.ddns.net
onyechina.ddns.net
opendoors.myftp.org
otimmo.ddns.net
ottimo.ddns.net
otunba.ddns.net
panel2.collegefan.org
passmore1.publicvm.com
perfomiracles247.duckdns.org
peter123456.ddns.net
phcity2090.bounceme.net
philsa.ddns.net
plainview.duckdns.org
plainview.myvnc.com
pompin02.serveftp.com
ppppppp12.ddns.net
prince24.ddns.net
prince240.no-ip.biz
professor.myvnc.com
psarda.ddns.net
quaver.publicvm.com
rayman.ddns.net
reversebaglanti.com
rmg-20.ddns.net
roadmaster2013.ddns.net
rx450.ddns.net
salesexport.sytes.net
saleshore201.serveblog.net
sambahs.ddns.net
septt.dvrcam.info
serialcheck55.serveblog.net
settlement.ddns.net
shadowmek.ddns.net
shadowmekz.ddns.net
silverback.noip.me
smart12456.ddns.net
songs.linkpc.net
spa1dingdiljayah.no-ip.biz
star01.ddns.net
starboy.noip.me
starboy.ufcfan.org
stevemartins02.no-ip.biz
stitatn.no-ip.org
swift.ddns.net
tanwilliam.ddns.net
taraba111.gotdns.ch
tcheckk.ddns.net
tchecks.ddns.net
tetetes2222.chickenkiller.com
theman111.ddns.net
thisreason.ddns.net
tiwamade.ddns.net
toba123.ddns.net
tojaxx.ddns.net
tonychucks.chickenkiller.com
toolsoffice.ddns.net
tpalmer1955.ddns.net
trusplus111.gotdns.ch
ucnas2008.ddns.net
uniteknolog.ddns.net
uniteknolog.duckdns.org
upperway60.no-ip.org
upright2.no-ip.org
upright22.no-ip.org
uyu.webhop.me
valchijioke.publicvm.com
vasocserver.read-books.org
vaspakou.ddns.net
versionfive.ddns.net
vivipas.ddnsking.com
vmoney.ddns.net
web2016web.webhop.me
wellspring4life.ddns.net
whichway.ddns.net
willyd01.ddns.net
wlkd.myftp.org
workshopjs.ddns.net
workshopjs.fishdns.com
writtings.ddns.net
xsubin3310.sytes.net
ypfbackup.mylenovoemc.com
zivva007.ddns.net
zoee.noip.me
zubi009.serveftp.com

# Reference: https://twitter.com/Racco42/status/1053747018835869696

wellcomehome.duckdns.org

# Reference: https://twitter.com/Racco42/status/1097498140452810752

flexio.ddns.net

# Reference: https://twitter.com/Racco42/status/1106671338775814149

goldenshoe.ddns.net

# Reference: https://twitter.com/neonprimetime/status/958078465252712448

vvrhhhnaijyj6s2m.onion.top

# Reference: https://twitter.com/neonprimetime/status/993594473375588352

oluwadey231.zapto.org

# Reference: https://twitter.com/ps66uk/status/1097845468816687105

joewhizz.duckdns.org

# Reference: https://twitter.com/pancak3lullz/status/1068534966898839552

godslove.ddns.net

# Reference: https://twitter.com/ViriBack/status/1089338471091712001

q9999.ddns.net

# Reference: https://twitter.com/baberpervez2/status/959518787300216833

home.earthlink.net

# Reference: https://twitter.com/malware_traffic/status/917487556455010304

103.68.223.153:6890

# Reference: https://twitter.com/VK_Intel/status/1079681130771689472

frontier222.duckdns.org

# Reference: https://twitter.com/_SecJesus/status/1016678994366877697

slimy.duckdns.org

# Reference: https://twitter.com/Ring0x0/status/900075907548839936

89.35.228.242:4781

# Reference: https://twitter.com/malware_traffic/status/790346116835385344

boscpakloka.myvnc.com

# Reference: https://twitter.com/MalwareConfig/status/693588665788932096

tobytori18.myftp.org

# Reference: https://twitter.com/MalwareConfig/status/644624264239415296

jvupdate.dynamic-dns.net

# Reference: https://twitter.com/Racco42/status/1116788270007037952
# Reference: https://app.any.run/tasks/c19017e3-75ec-4b45-ba4f-4f56bbf58ca8

185.244.29.102:2556

# Reference: https://twitter.com/MalwareConfig/status/931684471992135680

hard.ddns.net

# Reference: https://twitter.com/MalwareConfig/status/748754895767908352

vantira.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/748754830357700608

yosefmahmud95478.no-ip.biz

# Reference: https://twitter.com/MalwareConfig/status/748754786917289984

erasmuspor.duckdns.org

# Reference: https://twitter.com/JayTHL/status/1141347511694741505

waytoomuchparties1.com
fedex.itemdb.com
uspslabel.itemdb.com

# Reference: https://twitter.com/Bank_Security/status/1145935816650350593
# Reference: https://app.any.run/tasks/79248157-36f0-410f-8102-91614cc06dd2/

185.140.53.14:5050

# Reference: https://pastebin.com/S4ggik78

goodfellas2019.ddns.net
graceofgood.hopto.org
metalin.ddns.net
ogaemma.duckdns.org
richardavis.duckdns.org
