From sandbox: A fix length of 16, tlds: [onion.to, onion.link, onion.cab, onion.nu]

[suqitian]

• MD5: 65e009cae27d879380bdba98725d9d1d
• Domains: gmpsfqrlquaokfl5.onion.nu qcuifb2klqqkwc5q.onion.to
• Looks like DGA

[suqitian]

• Not a DGA
• Hardcoded domains 6ppk2oii4hsweqb7.onion.cab 6ppk2oii4hsweqb7.onion.link 6ppk2oii4hsweqb7.onion.nu 6ppk2oii4hsweqb7.onion.to gmpsfqrlquaokfl5.onion.cab gmpsfqrlquaokfl5.onion.link gmpsfqrlquaokfl5.onion.nu gmpsfqrlquaokfl5.onion.to igxhhnue75hvk5yc.onion.cab igxhhnue75hvk5yc.onion.link igxhhnue75hvk5yc.onion.nu igxhhnue75hvk5yc.onion.to lmco62zvt7fnezd5.onion.cab lmco62zvt7fnezd5.onion.link lmco62zvt7fnezd5.onion.nu lmco62zvt7fnezd5.onion.to qcuifb2klqqkwc5q.onion.cab qcuifb2klqqkwc5q.onion.link qcuifb2klqqkwc5q.onion.nu qcuifb2klqqkwc5q.onion.to tqz3y4w3eq4wi2ay.onion.cab tqz3y4w3eq4wi2ay.onion.link tqz3y4w3eq4wi2ay.onion.nu tqz3y4w3eq4wi2ay.onion.to w4gfzjunvynjhpj6.onion.cab w4gfzjunvynjhpj6.onion.link w4gfzjunvynjhpj6.onion.nu w4gfzjunvynjhpj6.onion.to xphkxaiz233pjoto.onion.cab xphkxaiz233pjoto.onion.link xphkxaiz233pjoto.onion.nu xphkxaiz233pjoto.onion.to zhtwwpqt6ci62n5o.onion.cab zhtwwpqt6ci62n5o.onion.link zhtwwpqt6ci62n5o.onion.nu zhtwwpqt6ci62n5o.onion.to zlha65umg7qmprg6.onion.cab zlha65umg7qmprg6.onion.link zlha65umg7qmprg6.onion.nu zlha65umg7qmprg6.onion.to